Date   

Re: How to write a custom validation plugin

Hui Kang
 

My another concern is that most of the validation actually is implemented in the builtin/v13. Therefore I may end up copying a lot of code from the v13 validation code, e.g., extractValidationArtifacts seems very useful. Please correct me if I am wrong. Thanks.

- Hui

On Oct 18, 2018, at 10:25 AM, Hui Kang <hkang.sunysb@...> wrote:



On Oct 18, 2018, at 10:12 AM, Alessandro Sorniotti <ale.linux@...> wrote:

My another question is that in the default_validation.go, who is the
caller to func (v *DefaultValidation)
Init(dependencies ...validation.Dependency) error that passes the
dependencies to initialize the builtin? I am asking because I may write
a new dependency for the custom validation plugin. Thanks.
the caller is fabric proper, if you want to change that you'll have to rebuild fabric I'm afraid. If you can share what you are trying to accomplish, we may be able to advise simpler approaches if there are any.
Basically I want to achieve the following: I have a Chaincode that creates the ledger data
{k1, V1},
{k2, V2},


I need a custom validation builtin to validate that every V satisfies certain requirement, e.g., V > 100. However, the default validation does not change the value. That’ why I need to add this check to the default validation. As you mentioned earlier, I have to copy the source from default validation to my own custom one.

I though I could add some additional code in this function

func (v *CustomValidation) Validate(block *common.Block, namespace string, txPosition int, actionPosition int, contextData ...validation.ContextDatum) error {

custom_validation(block, namespace, txPosition, actionPosition, serializedPolicy.Bytes())

}

Do you have any other idea? Thanks.

- Hui


Cheers,
Ale



Re: How to write a custom validation plugin

Hui Kang
 

On Oct 18, 2018, at 10:12 AM, Alessandro Sorniotti <ale.linux@...> wrote:

My another question is that in the default_validation.go, who is the
caller to func (v *DefaultValidation)
Init(dependencies ...validation.Dependency) error that passes the
dependencies to initialize the builtin? I am asking because I may write
a new dependency for the custom validation plugin. Thanks.
the caller is fabric proper, if you want to change that you'll have to rebuild fabric I'm afraid. If you can share what you are trying to accomplish, we may be able to advise simpler approaches if there are any.
Basically I want to achieve the following: I have a Chaincode that creates the ledger data
{k1, V1},
{k2, V2},


I need a custom validation builtin to validate that every V satisfies certain requirement, e.g., V > 100. However, the default validation does not change the value. That’ why I need to add this check to the default validation. As you mentioned earlier, I have to copy the source from default validation to my own custom one.

I though I could add some additional code in this function

func (v *CustomValidation) Validate(block *common.Block, namespace string, txPosition int, actionPosition int, contextData ...validation.ContextDatum) error {

custom_validation(block, namespace, txPosition, actionPosition, serializedPolicy.Bytes())

}

Do you have any other idea? Thanks.

- Hui


Cheers,
Ale


Re: How to write a custom validation plugin

Alessandro Sorniotti
 

My another question is that in the default_validation.go, who is the
caller to func (v *DefaultValidation)
Init(dependencies ...validation.Dependency) error that passes the
dependencies to initialize the builtin? I am asking because I may write
a new dependency for the custom validation plugin. Thanks.
the caller is fabric proper, if you want to change that you'll have to rebuild fabric I'm afraid. If you can share what you are trying to accomplish, we may be able to advise simpler approaches if there are any.

Cheers,
Ale


Re: How to write a custom validation plugin

Hui Kang
 

Hi, Alessandro,
Thanks for your reply and suggestions. I care more about the development work, so I guess I have to copy the source of default validation to a new builtin under core/handler/validation/builtin/custom_validation.go.

My another question is that in the default_validation.go, who is the caller to func (v *DefaultValidation) Init(dependencies ...validation.Dependency) error that passes the dependencies to initialize the builtin? I am asking because I may write a new dependency for the custom validation plugin. Thanks.

- Hui

On Oct 18, 2018, at 3:01 AM, Alessandro Sorniotti <ale.linux@...> wrote:

Hui

My understanding is that if I want to write a validation plugin, I have
to implement all the existing features (e.g., policy check, r/w set
check...) as in the default_validation in this new plugin, which may
cause a lot of redundant work.
If you're talking about CPU work, there is no redundancy as the custom plugin replaces the default one, and so whatever validation is required will only be done one time. If you're talking about development work, you can simply copy the sources of the default validation into your plugin, and call them (in addition to whatever custom logic you need).

Watch out for these 2 points:
1) When you build your plugin, please pay attention to

https://hyperledger-fabric.readthedocs.io/en/release-1.3/pluggable_endorsement_and_validation.html#important-notes

2) Keep in mind that any custom code you include in the plugin must be deterministic.

Cheers,
Ale



EU Blockchain and Observatory report on Blockchain and GDPR

Arnaud Le Hors
 

Several people have asked about GDPR in the past and I have mentioned having participated in an initiative in Europe that focused on this topic. A report has now been published that I think is worth a read. Of course it's not going to tell you how to use Fabric and be GDPR compliant but it's useful background.
See https://www.eublockchainforum.eu/reports

Or to directly get the document:
https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf
--
Arnaud  Le Hors - Senior Technical Staff Member, Web & Blockchain Open Technologies - IBM


Hyperledger Fabric Node SDK and CA #fabric #fabricca

Thanakrit Lee <thanakrit.lee.2014@...>
 

Hello,

I'm creating a Express.js REST server that can invoke and query chaincodes (similar to the JavaScript fabcar example). I'm wondering how would I register, enroll, and use a network user that is based on a username and password, so that I could allow the user to login using their username and password and can invoke chaincodes with their network user.

Please tell me if I'm going about this the wrong way, or if there are configs to achieve this.

Kind regards, Thanakrit Lee.


How to remove a peer from the fabrc network?

HeavenNash <zhangshenbin@...>
 

Hi, all,

 

 

I have built a fabric network which contains 2 organizations, each organization has 2 peers. If I want to remove a peer from the current fabric network, how to implement it?

I think maybe I can revoke the certificate of the peer, then the peer can be removed. Is that right?

 

 

Ivan Zhang

Fujitsu R&D development center

 


Re: How to write a custom validation plugin

Alessandro Sorniotti
 

Hui

My understanding is that if I want to write a validation plugin, I have
to implement all the existing features (e.g., policy check, r/w set
check...) as in the default_validation in this new plugin, which may
cause a lot of redundant work.
If you're talking about CPU work, there is no redundancy as the custom plugin replaces the default one, and so whatever validation is required will only be done one time. If you're talking about development work, you can simply copy the sources of the default validation into your plugin, and call them (in addition to whatever custom logic you need).

Watch out for these 2 points:
1) When you build your plugin, please pay attention to

https://hyperledger-fabric.readthedocs.io/en/release-1.3/pluggable_endorsement_and_validation.html#important-notes

2) Keep in mind that any custom code you include in the plugin must be deterministic.

Cheers,
Ale


How to write a custom validation plugin

Hui Kang
 

Hi
I have a question about writing my own validation plugin.

I have a chain code that requires some custom validation in addition to the default one.
My understanding is that if I want to write a validation plugin, I have to implement all the existing features (e.g., policy check, r/w set check...) as in the default_validation in this new plugin, which may cause a lot of redundant work.

Is my understanding correct? And what is the appropriate way to write a custom validation plugin? Thanks.

- Hui


Re: need help in hyperledger

Alessandro Sorniotti
 

What security model do you have in mind? A peer admin tampering with its own copy of the ledger? That's possible in almost every blockchain platform, and it hardly ever achieves a useful objective in any of them.

In fabric, if endorsement policies are properly set, the malicious peer will never be able to contribute to a successful endorsement. Its clients on the other hand will be misled if they query the peer's ledger, but by assumption, clients have to trust the peer they query. If they don't trust a single one, they can query a qualified quorum.

Thx,
Ale

On Wed, 17 Oct 2018, at 12:48 PM, sayyam ahmed wrote:
hellow i am new in hyperledger i have a question that what happen if some
put changes or want to temper information from ledger..
like in etherium if someone put changes on a block the whole blockchain
become invalid so it is hard to makes changes..
can you explain me in hyperledger



Re: Hyperledger Fabric Idle Timeout #fabric

Thanakrit Lee <thanakrit.lee.2014@...>
 

I found the solution to the problem.

It was the defualt Kafka close connection timeout, where the Kafka brokers close the connection after the default value of 600000ms which is 5 minutes of idle time. One can configure the Kafka brokers to not close the connection at all with the docker environment:

- KAFKA_CONNECTIONS_MAX_IDLE_MS=-1

Hope this help someone in the future.

Kind regards, Thanakrit Lee


need help in hyperledger

sayyam ahmed <sayyamabbasi802@...>
 

hellow i am new in hyperledger i have a question that what happen if some put changes or want to temper information from ledger..
like in etherium if someone put changes on a block the whole blockchain become invalid so it is hard to makes changes..
can you explain me in hyperledger


Re: Docker version for Fabric

Gari Singh <garis@...>
 

Hey Mark,


Technically, at runtime right now Docker 1.13 or later will work for pure Docker and/or Kubernetes.
The samples and example network rely on later versions of docker-compose which I believe require some features of Docker 17.06 and later (I think in the area of networks and volumes but don't recall explicitly and we definitely use docker exec commands in some of the samples which require 17.06).

With 1.3 and earlier, you should still be able to build with Docker 1.13, but with the current master we've moved to multistage builds which require 17.06 and later to build.

Hope this helps.

FWIW, I was able to use the Docker 1.13 version which ships with Redhat 7.x to build and run Redhat-based Fabric images ( https://github.com/mastersingh24/docker-images/tree/master/1.1.x/rhel7 )

-- G




-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: hyperledger-fabric <hyperledger-fabric@...>
From: "mark wagner"
Sent by: fabric@...
Date: 10/17/2018 10:04AM
Subject: [Hyperledger Fabric] Docker version for Fabric


Hi

In the prereq section of the 1.3 Fabric docs it states :
"MacOSX, *nix, or Windows 10: Docker Docker version 17.06.2-ce or greater is required"

Is there specific functionality required from this version of Docker or is the requirement based more on "latest version" ?


Thanks

-mark


Docker version for Fabric

mark wagner <mwagner@...>
 


Hi

In the prereq section of the 1.3 Fabric docs it states :
"MacOSX, *nix, or Windows 10: Docker Docker version 17.06.2-ce or greater is required"

Is there specific functionality required from this version of Docker or is the requirement based more on "latest version" ?


Thanks

-mark


Questions about adding a new orderer

abc <3201248483@...>
 

Hi,all
My test net is based on Kafka mode which only had one orderer(orderer.example.com) at the beginning.Then I added a new orderer (orderer1.example.com) by updating the channel config.
I find the new orderer works fine and all blocks are synchronized.My question is that where the new orderer fetched the blocks.Is it from another orderer (orderer.example.com)  or from Kafka cluster ? Or both.

Because when I test adding new orderer with bft-smart ,I find the new orderer can’t synchronize the blocks.So I guess it is because of Kafka cluster.


Re: Private: Re: [Hyperledger Fabric] How to define Organization of Orderer and Channel's Application to the same one at configtx.yaml

Ye HE <allenofchina@...>
 

Hi Prashant
Hi Community friends

Sorry for late reply.
I am very happy to help you. also I'd like to share it with everyone.

I met a strange problem of creating channel while building the network from scatch , Lately I spent quite a moment to resolve the problem(I attached the original mail below for convienance). and somehow I did it.

the questions 2 , which is " I've got the error "Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied" in the case. What did the error mean?  would you please tell me any hint or clue to fix it?"

Answer is the affilation.

In my case, I registered the admin and users certifications at fabric-ca-server ,tried to create a channel by commandline which is "peer create channel" and failed. I guess you were doing the samething.

keypoint is that affiliation of admin should? be set to "". Only admin's affliation should? be set to blank, and whatever the users' affliation is set to doesn't matter.
detail is: (Note the => )
2. I registered the admin , Admin@...  in fabric-ca
    the identity was below:
       name: Admin@...
       pass: Admin@...
       type: client
       affiliation: "com.yqb.echain"                                                        =>   CHANGE TO  affiliation: ""
       attrs:
          hf.Registrar.Roles: "peer,orderer,client,user"
          hf.Registrar.DelegateRoles: "peer,orderer,client,user"
          hf.Revoker: true
          hf.IntermediateCA: false
          hf.GenCRL: true
          hf.Registrar.Attributes: "*"
          hf.AffiliationMgr: true


WHY the affliation is the key point. I read the source code but did not figure it out.
I guess the MSP was different as affliation changes while generating channel config file (*.tx) by configtxgen tool.
but haven't strong evidence yet.
If you or others know why or better solution, please tell me. thanks in advance.


================Original Problems===================
Hi

Hope everything goes fine.
I am using fabric 1.1
I tried to generate every orderer, peer and admin's msp from fabric-ca not the cryptogen tools.
Everything works fine but I found fabric got error on creating channel when organization of Orderer and Channel's Application are same in configtx.yaml.
would you please give me some advice?
Here's the step
1. I registered the following orderers and peers identity in fabric-ca
 Orderers: orderer0.orderer.echain.yqb.com
                 orderer1.orderer.echain.yqb.com
                 orderer2.orderer.echain.yqb.com
                 orderer3.orderer.echain.yqb.com
Peers:       query0.peer.echain.yqb.com
                 query1.peer.echain.yqb.com
                 endorsor0.peer.echain.yqb.com
                 endorsor1.peer.echain.yqb.com
                 endorsor2.peer.echain.yqb.com
all the orderers and peers belong to affilation as "com.yqb.echain".

2. I registered the admin , Admin@...  in fabric-ca
    the identity was below:
       name: Admin@...
       pass: Admin@...
       type: client
       affiliation: "com.yqb.echain"
       attrs:
          hf.Registrar.Roles: "peer,orderer,client,user"
          hf.Registrar.DelegateRoles: "peer,orderer,client,user"
          hf.Revoker: true
          hf.IntermediateCA: false
          hf.GenCRL: true
          hf.Registrar.Attributes: "*"
          hf.AffiliationMgr: true

3. I enrolled the orderers, peers, Admin@...'s certification from fabric-ca
4. I modified the configtx.yaml to generate genesis.block and channel.tx
Because orderers and peers' msp are issued by same fabric-ca, So I'd like to create only 1 organization to represent the orderers and peers
I defined the configtx.yaml as below:

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

    YQBOrdererGenesis:
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *YQB
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            YQBConsortium:
                Organizations:
                    - *YQB

    YQBChannel:
        Consortium: YQBConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *YQB
            Capabilities:
                <<: *ApplicationCapabilities    

################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &YQB
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: YQBMSP

        # ID to load the MSP definition as
        ID: YQBMSP

        MSPDir: crypto-config/peerOrganizations/peer.echain.yqb.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: endorsor0.peer.echain.yqb.com
              Port: 7051

But there's something strange, while creating channel I got the following error:

Creating channel...
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peer.echain.yqb.com/peers/endorsor0.peer.echain.yqb.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peer.echain.yqb.com/peers/endorsor0.peer.echain.yqb.com/tls/server.key
CORE_PEER_LOCALMSPID=YQBMSP
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peer.echain.yqb.com/peers/endorsor0.peer.echain.yqb.com/tls/server.crt
CORE_PEER_TLS_ENABLED=false
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peer.echain.yqb.com/users/Admin@.../msp
CORE_PEER_ID=cli
CORE_LOGGING_LEVEL=DEBUG
CORE_PEER_ADDRESS=endorsor0.peer.echain.yqb.com:7051
2018-07-04 11:47:29.834 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-07-04 11:47:29.834 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-07-04 11:47:29.846 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-07-04 11:47:29.849 UTC [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP
2018-07-04 11:47:29.849 UTC [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity
2018-07-04 11:47:29.850 UTC [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP
2018-07-04 11:47:29.850 UTC [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity
2018-07-04 11:47:29.850 UTC [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AB5080A065951424D535012AA082D2D...0F0A0D595142436F6E736F727469756D 
2018-07-04 11:47:29.850 UTC [msp/identity] Sign -> DEBU 009 Sign: digest: FC610E65DB21552EBE0D90AA3266534F5ADF6B0E3AD38596BAA996B858DC88A0 
2018-07-04 11:47:29.862 UTC [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP
2018-07-04 11:47:29.862 UTC [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity
2018-07-04 11:47:29.863 UTC [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP
2018-07-04 11:47:29.863 UTC [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity
2018-07-04 11:47:29.863 UTC [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AED080A1608021A0608D1E7F2D90522...28B1771341E1D09B7362A3780480B59E 
2018-07-04 11:47:29.863 UTC [msp/identity] Sign -> DEBU 00f Sign: digest: 5E2510F693883838BA3FAF947151B0FD59A6A17B5BA76C5E2DDC22172343EE2D 
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
Usage:
  peer channel create [flags]

Flags:
  -c, --channelID string   In case of a newChain command, the channel ID to create.
  -f, --file string        Configuration transaction file generated by a tool such as configtxgen for submitting to orderer
  -t, --timeout int        Channel creation timeout (default 5)

Global Flags:
      --cafile string                       Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
      --certfile string                     Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
      --clientauth                          Use mutual TLS when communicating with the orderer endpoint
      --keyfile string                      Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
      --logging-level string                Default logging level and overrides, see core.yaml for full syntax
  -o, --orderer string                      Ordering service endpoint
      --ordererTLSHostnameOverride string   The hostname override to use when validating the TLS connection to the orderer.
      --tls                                 Use TLS when communicating with the orderer endpoint
  -v, --version                             Display current version of fabric peer server

!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
================== ERROR !!! FAILED to execute End-2-End Scenario ==================


I've checked the private key and certification of peers and orderers , nothing was wrong.
To make sure the Organization definition was the only reason, I modified the configtx.yaml, create a dummy organization as "OrdererOrg" to represent orderers, everything works fine.

the modified configtx.yaml was attached below.
################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

    YQBOrdererGenesis:
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            YQBConsortium:
                Organizations:
                    - *YQB

    YQBChannel:
        Consortium: YQBConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *YQB
            Capabilities:
                <<: *ApplicationCapabilities    

################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererMSP

        # ID to load the MSP definition as
        ID: OrdererMSP

        MSPDir: crypto-config/ordererOrganizations/orderer.echain.yqb.com/msp

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &YQB
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: YQBMSP

        # ID to load the MSP definition as
        ID: YQBMSP

        MSPDir: crypto-config/peerOrganizations/peer.echain.yqb.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: endorsor0.peer.echain.yqb.com
              Port: 7051


My Questions are:
1. Is there a way to define Orders and Channel's Application as only 1 Organization in configtx.yaml? If the answer is  yes, would you please  tell me how to do it in the case?
2. I've got the error "Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied" in the case. What did the error mean?  would you please tell me any hint or clue to fix it? 




Regards
Andrew

--
Andrew, Ye He
Blockchain Architect , Consultant
allenofchina@...
+86-186-2111-8735


At 2018-10-10 22:06:10, "Prashant" <oracle.prashantprakash@...> wrote:
Dear Andrew,

Wondering if you were able to arrive at a fix for the error listed in point 2 above.
I have run into something similar while creating a custom n/w on HLF v1.2

Appreciate your inputs.

Regards,
Prashant


 


Hyperledger Fabric Idle Timeout #fabric

Thanakrit Lee <thanakrit.lee.2014@...>
 

Hello,

I've got a Hyperledger Fabric network with multiple hosts each with its own peers, couchdb, orderers. The orderers are in kafka mode, and I've got 4 kafka brokers and 3 zookeepers in the network.

The problem I'm having with the network is that after 5 minutes of idle time, where there are no transaction calls to the network that commit blocks, the network seems to become unresponsive. What I meant by unresponsive in this context is that after the 5 minutes of idle time, I send a transaction that will commit to block, it will take sometime to commit that transaction, which is usually about 10 seconds and in some case 20 seconds and 5 seconds.

What I'm asking here is if anyone else have encounter this before, and whether this is related to a Fabric Network config somehow or a problem with docker?

Kind regards, Thanakrit Lee.


Re: Issue in Fabric SDK Node 1.2.2 - error response status thrown away #fabric-sdk-node #fabric

Gari Singh <garis@...>
 

Just to double check here ... you actually are talking about the behavior when the status is >= 400, correct?


-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: "Matúš Kempa"
Sent by: fabric@...
Date: 10/16/2018 06:18AM
Subject: [Hyperledger Fabric] Issue in Fabric SDK Node 1.2.2 - error response status thrown away #fabric #fabric-sdk-node

Hello,

In Fabric SDK Node 1.2.2, when response with Status less than 400 is returned from chaincode, the resulting response contains only error message and stack trace.

Would it be possible to fix this issue for 1.2 the same way as it is in 1.3?
Please note, that it is necessary for us to work with Fabric docker images 1.2.

The problematic line in: https://github.com/hyperledger/fabric-sdk-node/blob/release-1.2/fabric-client/lib/Peer.js
114: reject(new Error(proposalResponse.response.message));

Proposed changes: as in https://github.com/hyperledger/fabric-sdk-node/blob/release-1.3/fabric-client/lib/Peer.js
on lines 123, 124 and 125

Thank you.


Issue in Fabric SDK Node 1.2.2 - error response status thrown away #fabric-sdk-node #fabric

Matúš Kempa <matus.kempa@...>
 

Hello,

In Fabric SDK Node 1.2.2, when response with Status less than 400 is returned from chaincode, the resulting response contains only error message and stack trace.

Would it be possible to fix this issue for 1.2 the same way as it is in 1.3?
Please note, that it is necessary for us to work with Fabric docker images 1.2.

The problematic line in: https://github.com/hyperledger/fabric-sdk-node/blob/release-1.2/fabric-client/lib/Peer.js
114: reject(new Error(proposalResponse.response.message));

Proposed changes: as in https://github.com/hyperledger/fabric-sdk-node/blob/release-1.3/fabric-client/lib/Peer.js
on lines 123, 124 and 125

Thank you.


Re: "secure" a get operation (read-only operation) in fabric chaincode with endorsement policy and/or any out of the box consensus mechanism

Alessandro Sorniotti
 

Nathan

Chaincode queries don't actually exist, they are simply chaincode invocations that do not modify the world state (i.e. the write set is empty) and that the client decides not to broadcast to the ordering service.

If your asset is on the public ledger, all fabric clients who are channel readers will be able to read it by querying blocks.

If your asset is in a collection, fabric clients will have to go through the chaincode to read it. If the chaincode exposes a function that just returns the value, and the client is able to invoke this function, endorsement policies will not make any difference.

Theoretically, you could split the query in two functions: 1) a function that does not return the value, it simply writes on the ledger a variable stating that your client is cleared to read the information; 2) a second function that returns the value if the ledger contains a variable stating that your client is cleared to read the information.

I see a couple of problems with this approach though: 1) it's unclear how this privilege can be revoked; 2) this approach requires ALL peers to be honest. If you have a single malicious peer who knows the value of your asset and colludes with the client, it can simply bypass all this and just return the value.

Hope it helps. Cheers,
Ale

On Tue, 16 Oct 2018, at 2:41 AM, Nathan Aw wrote:
Hi Yacov,

I wish to build chaincode that will deter data exfiltration through the
use.

Assuming my network has compromised peers and I wish to make data
exfiltration more difficult, i.e., through the of securing query/get
operation through consensus (endorsement policy, perhaps?)

For example, only return the query results if 3/4 of endorsing peers
approve the query transaction from the submitting peer.

Thank you.

Nathan Aw


On Tue, 16 Oct 2018, 02:29 Yacov Manevich, <YACOVM@...> wrote:

can you explain what you mean by securing a read operation? an example,
etc ?



From: Nathan Aw <nathan.mk.aw@...>
To: hyperledger-fabric@...
Date: 15/10/2018 08:04 PM
Subject: Re: [Hyperledger Fabric] "secure" a get operation
(read-only operation) in fabric chaincode with endorsement policy and/or
any out of the box consensus mechanism
Sent by: fabric@...
------------------------------



Hi Fabric experts,

3rd try. Thank you.

Nathan Aw

On Mon, 15 Oct 2018, 18:18 Nathan Aw, <*nathan.mk.aw@...*
<nathan.mk.aw@...>> wrote:
Hi Fabric Experts,

Second try. Thank you.

Is it possible to "secure" a get operation (read-only operation) in fabric
chaincode with endorsement policy and/or any out of the box consensus
mechanism. Any configuration or code enhancements needed?

I wish to build chaincode that will deter data exfiltration.


Nathan Aw


On Sun, 14 Oct 2018, 18:21 Nathan Aw, <*nathan.mk.aw@...*
<nathan.mk.aw@...>> wrote:
Hi Fabric Experts,

Is it possible to "secure" a get operation (read-only operation) in fabric
chaincode with endorsement policy and/or any out of the box consensus
mechanism. Any configuration or code enhancements needed?

I wish to build chaincode that will deter data exfiltration.

Please advise?

funcget(stubshim*.*ChaincodeStubInterface, args[]string) (string, error) {
*if*len(args) *!=* 1{
*return*"", fmt*.*Errorf("Incorrect arguments. Expecting a key"
)
}

value, err:*=* stub*.*GetState(args[0])
*if*err*!=* nil{
*return*"", fmt*.*Errorf("Failed to get health record: %s with
error: %s", args[0], err)
}
*if*value*==* nil{
*return*"", fmt*.*Errorf("Health record not found: %s", args[0
])
}
*return*string(value), nil
}

Regards,

Nathan Aw
*https://sg.linkedin.com/in/awnathan*
<https://sg.linkedin.com/in/awnathan>

*https://www.hyperledger.org/community/technical-ambassador*
<https://www.hyperledger.org/community/technical-ambassador>


*http://www.nasdaq.com/article/guest-post-understanding-the-limits-and-potential-of-blockchain-technology-cm874892*
<http://www.nasdaq.com/article/guest-post-understanding-the-limits-and-potential-of-blockchain-technology-cm874892>


*https://www.hyperledger.org/blog/2017/12/05/developer-showcase-series-nathan-aw-ntt-data*
<https://www.hyperledger.org/blog/2017/12/05/developer-showcase-series-nathan-aw-ntt-data>

*https://bitcoinmagazine.com/authors/nathan-aw/*
<https://bitcoinmagazine.com/authors/nathan-aw/>

*https://twitter.com/Hyperledger/status/938105092644974594*
<https://twitter.com/Hyperledger/status/938105092644974594>


*https://www.hyperledger.org/blog/2018/07/24/hyperledger-sawtooth-seth-and-truffle-101*
<https://www.hyperledger.org/blog/2018/07/24/hyperledger-sawtooth-seth-and-truffle-101>

*https://www.hyperledger.org/persons/nathan-aw*
<https://www.hyperledger.org/persons/nathan-aw>

*https://github.com/nathanawmk* <https://github.com/nathanawmk>

*https://erc725alliance.org/* <https://erc725alliance.org/>

*https://blockchain.ieee.org/newsletter/editorial-board*
<https://blockchain.ieee.org/newsletter/editorial-board>




6561 - 6580 of 11408