Date   

Channel Creation Policy #fabric

soumya nayak <soumyarjnnayak@...>
 

Hi Team,

I have 3 orgs in a consortium and I want only one organization to be able to create new channel, how do I restrict other 2 orgs not to be able to do that?
or if i want to change the policy that specifc two orgs can only create the channel ?

in Configtx.yaml where do we specify about the channel creation policy and how to do that , if explained with any example or link reference would be great.

Thanks,
Soumya


Re: #fabric-questions #fabric Local server & AWS Cloud Multihsoting issue #fabric #fabric-questions

Kamlesh Nagware
 

Yes Anil, then only create channel, join channel, chaincode installation and instantiated successfully.


Thanks & Regards,

Kamlesh Nagware,

Blockchain Consultant

Email-kamlesh.nagware@...

Mobile:- +91 9511 2213 01

Linkedin-https://www.linkedin.com/in/kamlesh-nagware-1456094b

Twitter -@KNagware


On Fri, Sep 13, 2019, 10:10 PM Anil Singh <anil.singh@...> wrote:
are you using docker swarm ? hope you have verified that all the nodes are part of same network using :
docker node ls
?

Thanks,
Anil Singh
On September 13, 2019 7:15 PM Kamlesh Nagware <kamlesh.nagware@...> wrote:


Hi, 

My network has 5 nodes, 2 in local Ubuntu server & 3 nodes running on aws ubuntu instance. Node sdk, Raft orderer and go chaincode and every step from creating a channel to instantiate chaincode ran fine but when I do invoke, it shows chain code mycc not installed on particular.Actually my chaincode container and all other containers running fine.

Thanks
Kamlesh


Re: #fabric-questions #fabric Local server & AWS Cloud Multihsoting issue #fabric #fabric-questions

Anil Singh <anil.singh@...>
 

are you using docker swarm ? hope you have verified that all the nodes are part of same network using :
docker node ls
?

Thanks,
Anil Singh

On September 13, 2019 7:15 PM Kamlesh Nagware <kamlesh.nagware@...> wrote:


Hi, 

My network has 5 nodes, 2 in local Ubuntu server & 3 nodes running on aws ubuntu instance. Node sdk, Raft orderer and go chaincode and every step from creating a channel to instantiate chaincode ran fine but when I do invoke, it shows chain code mycc not installed on particular.Actually my chaincode container and all other containers running fine.

Thanks
Kamlesh


Re: Invoke Chaincode Maximum call stack size exceeded

Kimheng SOK
 

Problem Solve: By using "Promise" Library
But it produces another Problem: err validation of endorsement policy for chaincode... signature set did not satisfy policy.

Don't know if it is good idea to use chaincode to call a python program and return the result back to the chaincode.
Or
Build separate python component and only use smart contract to query its output.

On Fri, Sep 13, 2019 at 7:36 PM Kimheng SOK <sok.kimheng@...> wrote:
Dear all,

I just write a nodejs chaincode, which use python-shell to call a python program.
The log file show that the python program execute correctly and return the result to peer.
The problem is we received (Maximum call stack size exceeded), any solution for that should we increase the stack size or there is another alternative solution.

Bests,


Re: What difference does it make whether I choose to get endorsement from one or more than one peers?

David Enyeart
 

The current ordering service is not byzantine fault tolerant, therefore it must be secured and run by trusted organizations. Even if the ordering service is compromised the transaction data itself cannot be tampered since all peers validate each transaction (see details in prior threads such as https://lists.hyperledger.org/g/fabric/message/5295). That being said, a malicious ordering service could censor transactions and therefore some deployments will desire a byzantine fault tolerant ordering service run by multiple organizations, and that is in fact being worked on.


Dave Enyeart

"Siddharth Jain" ---09/12/2019 04:43:58 PM---inline: On Tue, Aug 27, 2019 at 12:41 AM, Alessandro Sorniotti wrote:

From: "Siddharth Jain" <siddjain@...>
To: fabric@...
Date: 09/12/2019 04:43 PM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] What difference does it make whether I choose to get endorsement from one or more than one peers?
Sent by: fabric@...





inline:
On Tue, Aug 27, 2019 at 12:41 AM, Alessandro Sorniotti wrote:
      You must consider adversarial behaviour: if an adversary may compromise a peer, and that peer is sufficient to produce a valid endorsement for a chaincode, then the adversary can bypass the chaincode logic and modify that chaincode's namespace in an arbitrary way. If more than one peer (possibly from different organisations) is required to endorse, then the likelihood of an attack becomes smaller because the adversary must compromise all peers.
or they could just compromise Kafka? since all peers get blocks from Kafka, compromising Kafka would compromise all the peers?

      Hope it helps. Cheers,
      Ale

      On Mon, 26 Aug 2019, at 6:32 PM, Siddharth Jain wrote:
          Hello Fabric Users - Given the fact that all copies of the ledger are
          the same, what difference does it make whether the endorsement policy
          defines one or more than one peers? If all peers will have the same
          copy then isn't getting endorsement from more than one peer redundant?
          Isn't it a given that all peers will give same response to a request?
          If not, why not? An example would be appreciated.

re:




#fabric-questions #fabric Local server & AWS Cloud Multihsoting issue #fabric #fabric-questions

Kamlesh Nagware
 

Hi, 

My network has 5 nodes, 2 in local Ubuntu server & 3 nodes running on aws ubuntu instance. Node sdk, Raft orderer and go chaincode and every step from creating a channel to instantiate chaincode ran fine but when I do invoke, it shows chain code mycc not installed on particular.Actually my chaincode container and all other containers running fine.

Thanks
Kamlesh


Invoke Chaincode Maximum call stack size exceeded

Kimheng SOK
 

Dear all,

I just write a nodejs chaincode, which use python-shell to call a python program.
The log file show that the python program execute correctly and return the result to peer.
The problem is we received (Maximum call stack size exceeded), any solution for that should we increase the stack size or there is another alternative solution.

Bests,


Unable to upgrade chaincode

Abhijeet Bhowmik <abhijeet@...>
 

Hello Everyone,

I am trying to upgrade a chaincode but getting very wierd error. PFA the screenshot. Basically chaincode name is getting replaced by channel name. Any help would be appreciated. I am grateful for your help.

Thanks and Regards
Abhijeet Bhowmik


Re: What difference does it make whether I choose to get endorsement from one or more than one peers?

Siddharth Jain
 

inline:

On Tue, Aug 27, 2019 at 12:41 AM, Alessandro Sorniotti wrote:
You must consider adversarial behaviour: if an adversary may compromise a peer, and that peer is sufficient to produce a valid endorsement for a chaincode, then the adversary can bypass the chaincode logic and modify that chaincode's namespace in an arbitrary way. If more than one peer (possibly from different organisations) is required to endorse, then the likelihood of an attack becomes smaller because the adversary must compromise all peers.
or they could just compromise Kafka? since all peers get blocks from Kafka, compromising Kafka would compromise all the peers? 

Hope it helps. Cheers,
Ale

On Mon, 26 Aug 2019, at 6:32 PM, Siddharth Jain wrote:
Hello Fabric Users - Given the fact that all copies of the ledger are
the same, what difference does it make whether the endorsement policy
defines one or more than one peers? If all peers will have the same
copy then isn't getting endorsement from more than one peer redundant?
Isn't it a given that all peers will give same response to a request?
If not, why not? An example would be appreciated.

 re:


Documentation Workgroup: Agenda for Friday, 13 September

Anthony O'Dowd <a_o-dowd@...>
 

Hello All,

We continue the documentation workgroup after our successful restart last week! We had excellent Eastern and Western hemisphere calls, and as always, there's a full agenda for this week's meetings. As usual, we run the meeting twice during the day to make it easier for both Eastern and Western hemispheres. Check the bottom of this note for meeting details.

Our attention continues to be on Fabric version v2.0. The full agenda is available for you to read here : https://drive.google.com/open?id=16HxpB_4UJhGuloTj6vyX2Ralnq7G4qWw

We'd like to draw attention to the Eastern hemisphere call where users can ask any question on how Fabric works or how to use it. Recently, we've new joiners on this call Thailand, India and China -- you're both very welcome and thanks for contributing to the success of this call for users who are just getting started with Fabric.

On the Western hemisphere call, a highlight is sure to be Chris Gabriel sharing a Fabric application demonstration. Chris' demos are always excellent, so try to join if you can, and we'll record it for those who cannot make the call.  Thanks as always to Chris for his knowledge and expertize.

If you'd like to contribute, please join either call -- there are now lots of people who are keen to help you get up and running, and contributing to the documentation.

Feel free to post comments to the mailing list, so that we can include at the meeting. Or you can just come along, listen and discuss - you're always welcome!

Best regards,

Anthony, Pam, Joe, Nik

Meeting Details
-------------
Please use the following link to attend the meeting:  https://zoom.us/j/6223336701

Zoom should work in the browser.  I will open the call 5 minutes early so that folks can test it out. I'll also monitor the RocketChat at https://chat.hyperledger.org/channel/fabric-release so that if anyone has issues, ping me there!

More Zoom connection options at the bottom of this note.

The meeting times are as follows:

Meeting 96A: Friday 13 Sep
                   1130 India Standard Time
                   1400 China Standard Time
                   1500 Japan Standard Time
                   1700 Australia Eastern Time
                   1400 Singapore Time
                   1000 Gulf Standard Time
                   1000 Moscow Standard Time
                   0700 Greenwich Mean Time
                   0800 Central European Time
   
Meeting 96B: Friday 13 Sep
              1000 Central Daylight Time
                   1100 Eastern Daylight Time
                   0800 Pacific Daylight Time
                   1200 Brasil Standard Time
                   1600 Greenwich Mean Time
                   1700 Central European Time
                   1800 Moscow Standard Time
 


Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Academic Paper - Technical and Policy Guidelines on Hyperledger Fabric #fabric

kblaade@...
 

Dear All, 

I am currently writing an academic paper on Hyperledger Fabric. My intent is to catalog and possibly present a set of guidelines in the areas of technical vulnerabilities, data privacy and policy. 

For starters, I want to review work that has been done or is ongoing on the following - 
1) Current known technical / security vulnerabilities which have been discovered and addressed in Fabric 1.4 or planned to be addressed in Fabric 2.0. Focus will be on speed, chain-code security and consensus.  
2) Current works on Data Privacy and what has been done especially the intersection with the GDPR i.e. keeping sensitive personal information off - chain to ensure mutability etc.
3) Current / planned works on monetary policy for Fabric to be adopted as a cross-border fiscal mechanism i.e. taxation, state-backing, central bank digital currency, regulation etc. 

I would appreciate help on existing research materials, opinions, comments and works that have been done to date on the three areas listed above. 

Thanks


Re: HA & Missed Events with HyperLedger Fabric Events #fabric #fabric-sdk-node

Robert Broeckelmann
 

Thanks for the response.

That is very helpful...and largely confirmed what I thought I was reading.

RCBJ

On Tue, Sep 10, 2019 at 1:28 AM Gari Singh <garis@...> wrote:
Correct ... channel event hub does not support "durable subscriptions". Consuming applications need to keep track of the most recent block they have received / processed (I'll also note that there are actually full-fledged messaging engines which work this way as well).  There is also no mechanism to treat multiple instances of an application as a single subscriber; all instances will receive all blocks/events.  Generally speaking, I would not try to deduplicate messages but rather would look to implement fault tolerant processes where only a single instance is active / running.  There are multiple ways to accomplish this:  exclusive lock on a shared file, use Kubernetes and require only one instance to be running, etc.



-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: beharrison@...
From: "Robert Broeckelmann"
Sent by: fabric@...
Date: 09/09/2019 10:38PM
Cc: fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] HA & Missed Events with HyperLedger Fabric Events #fabric #fabric-sdk-node

Thanks for the information.

So, it sounds like the application is still responsible for keeeping track of the most recent block that has been processed for chaincode events across application restarts. Is that accurate?

Has any support been added for running multiple instances of an application that is subscribing to chaincode events without the need for a deduping step?

Thanks again!

RCBJ
On Mon, Sep 9, 2019 at 10:44 AM <beharrison@...> wrote:
The ChannelEventHub offers  the ability to be started or restarted with a 'startBlock' and/or 'endBlock'. The ChannelEventHub instance keeps the last block received number. The block number is also included in all event information provided to the callbacks of the application's registered listeners. When using chaincode events, it would be best to receive all events at one from a block of transactions in case the application goes down, this feature was added with fabric-client@1.4.2.   


--
Robert C. Broeckelmann Jr | Managing Director |  IyaSec
Medium.com LinkedIn Twitter Personal Blog
m: +1 314-494-3398 (SMS or WhatsApp) | fax: +1 (866) 484-1634
email: robert@... | site: iyasec.io
mail: 19215 SE 34th St Ste 106-407 Camas WA 98607-8830




--
Robert C. Broeckelmann Jr | Managing Director |  IyaSec
m: +1 314-494-3398 (SMS or WhatsApp) | fax: +1 (866) 484-1634
email: robert@... | site: iyasec.io

mail: 19215 SE 34th St Ste 106-407 Camas WA 98607-8830



Re: Generate TLS certificates using CA and not cryptogen #fabric #fabric-ca #fabricca

Nye Liu <nye@...>
 

Please don't put external links in your emails, many of us have that blocked

Instead just copy/paste the actual text, which is also preferable to screen shots.

Thanks!

On 9/11/2019 4:53 AM, Jean-Gaël Dominé wrote:

After a lot of struggle, I managed to progress without using a multi-root CA. My issue was that neither the Common Name nor the SAN of my certificates matched the name of the component it was associated to.

My workaround was to overwrite the SAN using the --csr.hosts option of the fabric-ca-client command.

I still have an issue though that prevents the orderer and peers to communicate (I get many tls handshake errors). To me, it seems that the problem is coming from the tlsca certificate I get back from the enrollment process.

For instance, when looking at a peer tlsca certificate obtained using cryptogen, here is what it contains:



And when I take a look at the one obtained using the CA client, I see the root CA...



NB: by tlsca certificate, I mean the file located in the tlsca sub-folder of the tls folder



Does somebody have an idea why it does that and how to solve this?

Thank you


Re: Generate TLS certificates using CA and not cryptogen #fabric #fabric-ca #fabricca

Jean-Gaël Dominé <jgdomine@...>
 

After a lot of struggle, I managed to progress without using a multi-root CA. My issue was that neither the Common Name nor the SAN of my certificates matched the name of the component it was associated to.

My workaround was to overwrite the SAN using the --csr.hosts option of the fabric-ca-client command.

I still have an issue though that prevents the orderer and peers to communicate (I get many tls handshake errors). To me, it seems that the problem is coming from the tlsca certificate I get back from the enrollment process.

For instance, when looking at a peer tlsca certificate obtained using cryptogen, here is what it contains:



And when I take a look at the one obtained using the CA client, I see the root CA...



NB: by tlsca certificate, I mean the file located in the tlsca sub-folder of the tls folder



Does somebody have an idea why it does that and how to solve this?

Thank you


Re: remove chaincode instant completely

Kimheng SOK
 

Thank,

Yes, you are rights I need to remove all the chaincode images otherwise it remember the instants of the previous instantiate chaincode, 
even if I install and instantiate new chaincode source code with the same chaincode name, it still link to the previous chaincode and it doesn't show any error message.

It took me two days to figure out why, my new source code doesn't work and always execute the old version source code and I need to keep changing the name of the chaincode.

Finally, I need to do : docker rmi -f $(docker images dev-* -q)


On Wed, Sep 11, 2019 at 10:32 AM 刘 宇翔 <david-khala@...> wrote:
do not try to remove all docker image, but focused on chaincode images which by default starting with 'dev-'


发件人: fabric@... <fabric@...> 代表 Kimheng SOK <sok.kimheng@...>
发送时间: 2019年9月11日 4:32
收件人: Sok.kimheng <sok.kimheng@...>
抄送: Nye Liu <nye@...>; fabric@... <fabric@...>
主题: Re: [Hyperledger Fabric] remove chaincode instant completely
 
Problem solved: When I remove the whole images
docker rmi -f $(docker images -q )
But it takes time to pull the images back when we start the network again

On Wed, Sep 11, 2019 at 3:08 AM Kimheng SOK via Lists.Hyperledger.Org <sok.kimheng=gmail.com@...> wrote:
I remove everything: 
docker rm $(docker ps -aq)
What else do we need to remove?

On Wed, Sep 11, 2019 at 2:55 AM Nye Liu <nye@...> wrote:

You have to remove the docker peer chaincode container, which is created by the peer itself. It shows up in docker ps.

On 9/10/2019 12:51 PM, Kimheng SOK wrote:
Dear all,

I have question about fabric chaincode, I am running the  node language.

After I update my chaincode. Even if I remove all the docker container of the previous launch and start to run the network again. It's seem that the network still remember the previous instant of my chaincode and I can't instantiate chaincode with the same chaincode name again, so i need to change the new chaincode name.

I wonder where does the instant of the chaincode located.
Even if i remove everything from /var/hyperledger/production/chaincode from every peer , it still remember.

So my question is how to remove all the instant of the chaincode completely.

Bests,


回复: [Hyperledger Fabric] remove chaincode instant completely

david liu <david-khala@...>
 

do not try to remove all docker image, but focused on chaincode images which by default starting with 'dev-'


发件人: fabric@... <fabric@...> 代表 Kimheng SOK <sok.kimheng@...>
发送时间: 2019年9月11日 4:32
收件人: Sok.kimheng <sok.kimheng@...>
抄送: Nye Liu <nye@...>; fabric@... <fabric@...>
主题: Re: [Hyperledger Fabric] remove chaincode instant completely
 
Problem solved: When I remove the whole images
docker rmi -f $(docker images -q )
But it takes time to pull the images back when we start the network again

On Wed, Sep 11, 2019 at 3:08 AM Kimheng SOK via Lists.Hyperledger.Org <sok.kimheng=gmail.com@...> wrote:

I remove everything: 
docker rm $(docker ps -aq)
What else do we need to remove?

On Wed, Sep 11, 2019 at 2:55 AM Nye Liu <nye@...> wrote:

You have to remove the docker peer chaincode container, which is created by the peer itself. It shows up in docker ps.

On 9/10/2019 12:51 PM, Kimheng SOK wrote:
Dear all,

I have question about fabric chaincode, I am running the  node language.

After I update my chaincode. Even if I remove all the docker container of the previous launch and start to run the network again. It's seem that the network still remember the previous instant of my chaincode and I can't instantiate chaincode with the same chaincode name again, so i need to change the new chaincode name.

I wonder where does the instant of the chaincode located.
Even if i remove everything from /var/hyperledger/production/chaincode from every peer , it still remember.

So my question is how to remove all the instant of the chaincode completely.

Bests,


Re: remove chaincode instant completely

Kimheng SOK
 

Problem solved: When I remove the whole images
docker rmi -f $(docker images -q )
But it takes time to pull the images back when we start the network again

On Wed, Sep 11, 2019 at 3:08 AM Kimheng SOK via Lists.Hyperledger.Org <sok.kimheng=gmail.com@...> wrote:
I remove everything: 
docker rm $(docker ps -aq)
What else do we need to remove?

On Wed, Sep 11, 2019 at 2:55 AM Nye Liu <nye@...> wrote:

You have to remove the docker peer chaincode container, which is created by the peer itself. It shows up in docker ps.

On 9/10/2019 12:51 PM, Kimheng SOK wrote:
Dear all,

I have question about fabric chaincode, I am running the  node language.

After I update my chaincode. Even if I remove all the docker container of the previous launch and start to run the network again. It's seem that the network still remember the previous instant of my chaincode and I can't instantiate chaincode with the same chaincode name again, so i need to change the new chaincode name.

I wonder where does the instant of the chaincode located.
Even if i remove everything from /var/hyperledger/production/chaincode from every peer , it still remember.

So my question is how to remove all the instant of the chaincode completely.

Bests,


Re: remove chaincode instant completely

Kimheng SOK
 

I remove everything: 
docker rm $(docker ps -aq)
What else do we need to remove?

On Wed, Sep 11, 2019 at 2:55 AM Nye Liu <nye@...> wrote:

You have to remove the docker peer chaincode container, which is created by the peer itself. It shows up in docker ps.

On 9/10/2019 12:51 PM, Kimheng SOK wrote:
Dear all,

I have question about fabric chaincode, I am running the  node language.

After I update my chaincode. Even if I remove all the docker container of the previous launch and start to run the network again. It's seem that the network still remember the previous instant of my chaincode and I can't instantiate chaincode with the same chaincode name again, so i need to change the new chaincode name.

I wonder where does the instant of the chaincode located.
Even if i remove everything from /var/hyperledger/production/chaincode from every peer , it still remember.

So my question is how to remove all the instant of the chaincode completely.

Bests,


Re: remove chaincode instant completely

Nye Liu <nye@...>
 

You have to remove the docker peer chaincode container, which is created by the peer itself. It shows up in docker ps.

On 9/10/2019 12:51 PM, Kimheng SOK wrote:

Dear all,

I have question about fabric chaincode, I am running the  node language.

After I update my chaincode. Even if I remove all the docker container of the previous launch and start to run the network again. It's seem that the network still remember the previous instant of my chaincode and I can't instantiate chaincode with the same chaincode name again, so i need to change the new chaincode name.

I wonder where does the instant of the chaincode located.
Even if i remove everything from /var/hyperledger/production/chaincode from every peer , it still remember.

So my question is how to remove all the instant of the chaincode completely.

Bests,


remove chaincode instant completely

Kimheng SOK
 

Dear all,

I have question about fabric chaincode, I am running the  node language.

After I update my chaincode. Even if I remove all the docker container of the previous launch and start to run the network again. It's seem that the network still remember the previous instant of my chaincode and I can't instantiate chaincode with the same chaincode name again, so i need to change the new chaincode name.

I wonder where does the instant of the chaincode located.
Even if i remove everything from /var/hyperledger/production/chaincode from every peer , it still remember.

So my question is how to remove all the instant of the chaincode completely.

Bests,

4761 - 4780 of 11527