Date   

Re: Move to Github and Azure Pipelines - Chaincodes/SDKs

Baohua Yang
 

+1, and the Python SDK plans to migrate, too.

Thanks!

On Mon, Oct 21, 2019 at 8:54 AM Matthew White <whitemat@...> wrote:
Hello;
 
In recent weeks there have been discussions on the contributors' calls, and also in RocketChat, about the location of the Fabric repos, and the build pipelines. 
 
The fabric-samples repository has moved over to use the combination of Github for code, and Azure pipelines for CI.
 
fabric-chaincode-node, fabric-chaincode-java are planning to start the move within the next few days. The expectation is that Node will go first.  A prototype of the go contract programming model is already in GitHub.
 
The SDKs will also be moving very soon.
 
Please reach out via this list or on the RocketChat channels with any concerns/questions. 
 
 
Regards, Matthew.
Matthew B White  IBM Blockchain Solutions Architect
 
Email me at WHITEMAT@...
Find me on StackOverflow, and generally at  calanais.me.uk
 
Note: restricted availability for meetings 14:30 to 17:00 UK Tuesday 
IBM United Kingdom Limited, Hursley Park, Winchester, Hampshire, SO21 2JN

"The wrong answers are the ones you go looking for when the right answers stare you in the face"
 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU



--
Best wishes!

Baohua Yang


Move to Github and Azure Pipelines - Chaincodes/SDKs

Matthew White
 

Hello;
 
In recent weeks there have been discussions on the contributors' calls, and also in RocketChat, about the location of the Fabric repos, and the build pipelines. 
 
The fabric-samples repository has moved over to use the combination of Github for code, and Azure pipelines for CI.
 
fabric-chaincode-node, fabric-chaincode-java are planning to start the move within the next few days. The expectation is that Node will go first.  A prototype of the go contract programming model is already in GitHub.
 
The SDKs will also be moving very soon.
 
Please reach out via this list or on the RocketChat channels with any concerns/questions. 
 
 
Regards, Matthew.
Matthew B White  IBM Blockchain Solutions Architect
 
Email me at WHITEMAT@...
Find me on StackOverflow, and generally at  calanais.me.uk
 
Note: restricted availability for meetings 14:30 to 17:00 UK Tuesday 
IBM United Kingdom Limited, Hursley Park, Winchester, Hampshire, SO21 2JN

"The wrong answers are the ones you go looking for when the right answers stare you in the face"
 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

David Enyeart
 

Thanks for replying Yacov and Senthil. You're right that since the introduction of private data, Fabric recommends that private data be salted to avoid dictionary attacks. As this thread makes clear not everybody knows about the private data solution design considerations. I've opened Jira issue https://jira.hyperledger.org/browse/FAB-16885 to enhance the documentation with these considerations.


Dave Enyeart

"Senthil Nathan" ---10/21/2019 09:58:56 AM---Hi Ivan, Thank you for bringing this. We have discussed about including salt in

From: "Senthil Nathan" <cendhu@...>
To: Ivan Ch <acizlan@...>
Cc: fabric@...
Date: 10/21/2019 09:58 AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by: fabric@...





Hi Ivan,

    Thank you for bringing this. We have discussed about including salt in the private data design document --
https://docs.google.com/document/d/1ShrgrYPWLznZSZrl5cnvmFq9LtLJ3tYUxjv9GN6rxuI/edit?usp=sharing
(please refer to section 2.6 Additional Consideration -- Salt Consideration).
We do have a JIRA for the same as well -- https://jira.hyperledger.org/browse/FAB-5101 but didn't implement
it as we have decided to leave it to the user for now (also for simplicity & flexibility).

    The salt to the data can always be added by the client which submits the transaction proposal. For example,
in the following JSON content, there can be an additional field called salt and the user can add any random data
to avoid a dictionary attack.
{"menu": {
 "id": "file",
 "value": "File",
 "popup": {
   "menuitem": [
     {"value": "New", "onclick": "CreateNewDoc()"},
     {"value": "Open", "onclick": "OpenDoc()"},
     {"value": "Close", "onclick": "CloseDoc()"}
   ]
 }

 "salt": 88d4266fd4e6338d13b845fcf289579d209c897823b9217da3e161936f031589

}}


The same can be done for the keys too, not just values. As far as I know, many developers who use private data
follow this approach. I agree that a few might be unaware of this. As Yacov mentioned, we should add this approach
to our doc.

Regards,
Senthil

On Mon, Oct 21, 2019 at 6:51 PM Ivan Ch <acizlan@...> wrote:
    PrivateData is marketed as a data privacy solution in Hyperledger Fabric. Unfortunately, this is just another serious security hole somehow went under the radar, and all projects using this function are at risk.  

    It amazes me that nobody had mentioned this before so I guess I better point this out now before more damages are being done.  

    The logic behind Privated data is simple, it put data in a local embedded data store and put a hash of that data on blockchain.  

    The issue is that cryptographic hash is not an encryption mechanism, same data hashed by anyone using the same hashing algorithm will always get you the same hash! This is exactly what hash functions are designed for, and that’s why we use hash in digital signature to allow anyone to validate signed data.   However, this also means that anyone can “decrypt” the data behind the hash by launching dictionary attack.  

    Hashing is cheap, the cost of each hash on a normal laptop cpu core is about 3 microseconds, basically I can create 1 billion candidate result hashes within one hour on a single laptop cpu, and check if they match to the hashes on hyperledger fabric DLT.   And I am just talking about using a single cpu on my laptop, not even 50% of its processing power  

    Why is it dangerous? Because if an attacker is connected to a blockchain system, the attacker likely know the range of the data being hashed (for example, hashed data could be trade ID, item name, bank name, address, cell phone number), so you can easily create dictionary attack to get the true data behind the hash.  

    How about adding salt to each data to be hashed? Well, that’s one thing Hyperledger Fabric didn’t do.   To their defense, hyperledger didn’t implement salt because it is difficult to pass salts to counter parties. You can’t use DLT to pass salt value to counter parties because attackers would see it, so you have to create another p2p connection with counter party and send it over.

    If you already have p2p connection with all the counter parties, what’s the point of using blockchain in the first place? just send your data over! It’s just scary that so many people are using this security hole and put their data in de facto clear text.  

    Sure, if the hashed data is so big then it would harder to perform dictionary attack, but you better be very careful before using this feature because any mis-use will result in data leak, it is sad so many people actually believe this is a problem solver






Re: Instantiating the chaincode

Srinivasan Muralidharan
 

On blowing it up we see its a fabric-samples/fabcar screen shot showing "golang" and what appears to be an error during chaincode build process. Also interesting that this appears to run in virtualbox. Peer logs should give more information but likely a environment setup issue of some sort.

Murali


On Mon, Oct 21, 2019 at 4:00 AM Matthew White <whitemat@...> wrote:
Hi - Can't really see the details in the screen shot... is this Java chaincode?  If so check the rocketchat channel fabric-chaincode-java for discussion on what could be the issue
 
 
Regards, Matthew.
Matthew B White  IBM Blockchain Solutions Architect
 
Email me at WHITEMAT@...
Find me on StackOverflow, and generally at  calanais.me.uk
 
Note: restricted availability for meetings 14:30 to 17:00 UK Tuesday 
IBM United Kingdom Limited, Hursley Park, Winchester, Hampshire, SO21 2JN

"The wrong answers are the ones you go looking for when the right answers stare you in the face"
 
 
 
----- Original message -----
From: "Marina Wanis" <marinamaged1996@...>
Sent by: fabric@...
To: "hyperledger-fabric@..." <hyperledger-fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Instantiating the chaincode
Date: Sun, Oct 20, 2019 6:24 PM
 

Hi,

 

I was running the command ./startFabric.sh  but I was getting the following error. I’m not able to Instantiate the chaincode..... any help?

 

 

 

Thanks,

Marina

 

 

Sent from Mail for Windows 10

 

 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU



--
Thanks,
Murali
"Practice is a means of inviting the perfection desired." - Martha Graham
“We ran and ran. We were exhausted, but we kept running.” - Homare Sawa after winning 2011 Women's Soccer world cup


Channel Update Giving Different Errors Everytime #fabric-questions #fabric

soumya nayak <soumyarjnnayak@...>
 

Hi All,
 
Fabric- v1.4.3 (RAFT Orderer Set UP)
Created a custom policy and added to the application policies , when am trying to do a channel update, every time a different error is coming up like as below --
 
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'legaldescriptionchannel': error authorizing update: error validating DeltaSet: attempt to set key [Policy] /Channel/Application/OrgB/Readers to version 0, but key is at version 0
 
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'legaldescriptionchannel': error authorizing update: error validating DeltaSet: attempt to set key [Value]  /Channel/Application/OrgB/MSP to version 0, but key is at version 0
 
```Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'legaldescriptionchannel': error authorizing update: error validating DeltaSet: attempt to set key [Policy] /Channel/Application/Org1/Admins to version 0, but key is at version 0```

Regards,
Soumya


Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Senthil Nathan
 

Hi Ivan,

    Thank you for bringing this. We have discussed about including salt in the private data design document --
https://docs.google.com/document/d/1ShrgrYPWLznZSZrl5cnvmFq9LtLJ3tYUxjv9GN6rxuI/edit?usp=sharing
(please refer to section 2.6 Additional Consideration -- Salt Consideration).
We do have a JIRA for the same as well -- https://jira.hyperledger.org/browse/FAB-5101 but didn't implement
it as we have decided to leave it to the user for now (also for simplicity & flexibility).

    The salt to the data can always be added by the client which submits the transaction proposal. For example,
in the following JSON content, there can be an additional field called salt and the user can add any random data
to avoid a dictionary attack.
{"menu": {
  "id": "file",
  "value": "File",
  "popup": {
    "menuitem": [
      {"value": "New", "onclick": "CreateNewDoc()"},
      {"value": "Open", "onclick": "OpenDoc()"},
      {"value": "Close", "onclick": "CloseDoc()"}
    ]
  }
"salt": 88d4266fd4e6338d13b845fcf289579d209c897823b9217da3e161936f031589
}}

The same can be done for the keys too, not just values. As far as I know, many developers who use private data
follow this approach. I agree that a few might be unaware of this. As Yacov mentioned, we should add this approach
to our doc.

Regards,
Senthil


On Mon, Oct 21, 2019 at 6:51 PM Ivan Ch <acizlan@...> wrote:

PrivateData is marketed as a data privacy solution in Hyperledger Fabric. Unfortunately, this is just another serious security hole somehow went under the radar, and all projects using this function are at risk.  

It amazes me that nobody had mentioned this before so I guess I better point this out now before more damages are being done.  

The logic behind Privated data is simple, it put data in a local embedded data store and put a hash of that data on blockchain.  

The issue is that cryptographic hash is not an encryption mechanism, same data hashed by anyone using the same hashing algorithm will always get you the same hash! This is exactly what hash functions are designed for, and that’s why we use hash in digital signature to allow anyone to validate signed data.   However, this also means that anyone can “decrypt” the data behind the hash by launching dictionary attack.  

Hashing is cheap, the cost of each hash on a normal laptop cpu core is about 3 microseconds, basically I can create 1 billion candidate result hashes within one hour on a single laptop cpu, and check if they match to the hashes on hyperledger fabric DLT.   And I am just talking about using a single cpu on my laptop, not even 50% of its processing power  

Why is it dangerous? Because if an attacker is connected to a blockchain system, the attacker likely know the range of the data being hashed (for example, hashed data could be trade ID, item name, bank name, address, cell phone number), so you can easily create dictionary attack to get the true data behind the hash.  

How about adding salt to each data to be hashed? Well, that’s one thing Hyperledger Fabric didn’t do.   To their defense, hyperledger didn’t implement salt because it is difficult to pass salts to counter parties. You can’t use DLT to pass salt value to counter parties because attackers would see it, so you have to create another p2p connection with counter party and send it over.

If you already have p2p connection with all the counter parties, what’s the point of using blockchain in the first place? just send your data over! It’s just scary that so many people are using this security hole and put their data in de facto clear text.  

Sure, if the hashed data is so big then it would harder to perform dictionary attack, but you better be very careful before using this feature because any mis-use will result in data leak, it is sad so many people actually believe this is a problem solver


Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Yacov
 

Hi Ivan.

If you have a chaincode that requires more than 1 organization to endorse the transaction, you need the execution of both chaincodes to produce the same results, so the hashes of the private data have to have the same salt, which means
their source of randomness most likely has to come from the client / SDK.

The client can pass this entropy via the transient map mechanism, however wasn't implemented (as you noted).

I wouldn't say that this is a "security hole", but you are correct that this needs to be documented so people that aren't educated about security will not shoot themselves in the foot.

Would you like to make a PR to add this to https://github.com/hyperledger/fabric/blob/master/docs/source/private-data/private-data.md?


- Yacov.



From:        "Ivan Ch" <acizlan@...>
To:        fabric@...
Date:        10/21/2019 04:21 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        fabric@...




PrivateData is marketed as a data privacy solution in Hyperledger Fabric. Unfortunately, this is just another serious security hole somehow went under the radar, and all projects using this function are at risk.  

It amazes me that nobody had mentioned this before so I guess I better point this out now before more damages are being done.  

The logic behind Privated data is simple, it put data in a local embedded data store and put a hash of that data on blockchain.  

The issue is that cryptographic hash is not an encryption mechanism, same data hashed by anyone using the same hashing algorithm will always get you the same hash! This is exactly what hash functions are designed for, and that’s why we use hash in digital signature to allow anyone to validate signed data.   However, this also means that anyone can “decrypt” the data behind the hash by launching dictionary attack.  

Hashing is cheap, the cost of each hash on a normal laptop cpu core is about 3 microseconds, basically I can create 1 billion candidate result hashes within one hour on a single laptop cpu, and check if they match to the hashes on hyperledger fabric DLT.   And I am just talking about using a single cpu on my laptop, not even 50% of its processing power  

Why is it dangerous? Because if an attacker is connected to a blockchain system, the attacker likely know the range of the data being hashed (for example, hashed data could be trade ID, item name, bank name, address, cell phone number), so you can easily create dictionary attack to get the true data behind the hash.  

How about adding salt to each data to be hashed? Well, that’s one thing Hyperledger Fabric didn’t do.   To their defense, hyperledger didn’t implement salt because it is difficult to pass salts to counter parties. You can’t use DLT to pass salt value to counter parties because attackers would see it, so you have to create another p2p connection with counter party and send it over.

If you already have p2p connection with all the counter parties, what’s the point of using blockchain in the first place? just send your data over! It’s just scary that so many people are using this security hole and put their data in de facto clear text.  

Sure, if the hashed data is so big then it would harder to perform dictionary attack, but you better be very careful before using this feature because any mis-use will result in data leak, it is sad so many people actually believe this is a problem solver





Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Ivan Ch <acizlan@...>
 

PrivateData is marketed as a data privacy solution in Hyperledger Fabric. Unfortunately, this is just another serious security hole somehow went under the radar, and all projects using this function are at risk.  

It amazes me that nobody had mentioned this before so I guess I better point this out now before more damages are being done.  

The logic behind Privated data is simple, it put data in a local embedded data store and put a hash of that data on blockchain.  

The issue is that cryptographic hash is not an encryption mechanism, same data hashed by anyone using the same hashing algorithm will always get you the same hash! This is exactly what hash functions are designed for, and that’s why we use hash in digital signature to allow anyone to validate signed data.   However, this also means that anyone can “decrypt” the data behind the hash by launching dictionary attack.  

Hashing is cheap, the cost of each hash on a normal laptop cpu core is about 3 microseconds, basically I can create 1 billion candidate result hashes within one hour on a single laptop cpu, and check if they match to the hashes on hyperledger fabric DLT.   And I am just talking about using a single cpu on my laptop, not even 50% of its processing power  

Why is it dangerous? Because if an attacker is connected to a blockchain system, the attacker likely know the range of the data being hashed (for example, hashed data could be trade ID, item name, bank name, address, cell phone number), so you can easily create dictionary attack to get the true data behind the hash.  

How about adding salt to each data to be hashed? Well, that’s one thing Hyperledger Fabric didn’t do.   To their defense, hyperledger didn’t implement salt because it is difficult to pass salts to counter parties. You can’t use DLT to pass salt value to counter parties because attackers would see it, so you have to create another p2p connection with counter party and send it over.

If you already have p2p connection with all the counter parties, what’s the point of using blockchain in the first place? just send your data over! It’s just scary that so many people are using this security hole and put their data in de facto clear text.  

Sure, if the hashed data is so big then it would harder to perform dictionary attack, but you better be very careful before using this feature because any mis-use will result in data leak, it is sad so many people actually believe this is a problem solver


Re: Instantiating the chaincode

Matthew White
 

Hi - Can't really see the details in the screen shot... is this Java chaincode?  If so check the rocketchat channel fabric-chaincode-java for discussion on what could be the issue
 
 
Regards, Matthew.
Matthew B White  IBM Blockchain Solutions Architect
 
Email me at WHITEMAT@...
Find me on StackOverflow, and generally at  calanais.me.uk
 
Note: restricted availability for meetings 14:30 to 17:00 UK Tuesday 
IBM United Kingdom Limited, Hursley Park, Winchester, Hampshire, SO21 2JN

"The wrong answers are the ones you go looking for when the right answers stare you in the face"
 
 
 
----- Original message -----
From: "Marina Wanis" <marinamaged1996@...>
Sent by: fabric@...
To: "hyperledger-fabric@..." <hyperledger-fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Instantiating the chaincode
Date: Sun, Oct 20, 2019 6:24 PM
 

Hi,

 

I was running the command ./startFabric.sh  but I was getting the following error. I’m not able to Instantiate the chaincode..... any help?

 

 

 

Thanks,

Marina

 

 

Sent from Mail for Windows 10

 

 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Instantiating the chaincode

Marina Wanis <marinamaged1996@...>
 

Hi,

 

I was running the command ./startFabric.sh  but I was getting the following error. I’m not able to Instantiate the chaincode..... any help?

 

 

 

Thanks,

Marina

 

 

Sent from Mail for Windows 10

 


Re: OS Server Upgrades Friday Oct18 16:00 EST

Tim Johnson <tijohnson@...>
 

The OS Server Upgrades are complete. Jobs a running on Jenkins Production.

On 10/17/19 10:37 PM, Tim Johnson wrote:

Maintenance description:
 Duration: 2h
 Why: OS updates to Centos 7.7. Jira upgrade to 7.13.8
 What:
     wiki.hyperledger.org
     jira.hyperledger.org
     members.hyperledger.org
     jenkins.hyperledger.org + sandbox
     chat.hyperledger.org
     nexus.hyperledger.org

I will send out message to RocketChat (#fabrci-ci) as we need the time. I will be stopping the Jenkins queue @ 15:00EST. All running jobs will be allowed to complete. Jobs left in the queue will be restarted after Jenkins is brought back on-line.

Tim


NodeJS RegisterUser with TLS

Nicholas Leonardi
 

Hey guys,
I'm trying to register user with a CA that has tls enabled.
I get: 

Error: Calling register endpoint failed with error [Error: unable to verify the first certificate]

with this code:

const walletPath = path.join(process.cwd(), 'wallet');
        const wallet = new FileSystemWallet(walletPath);
        console.log(`Wallet path: ${walletPath}`);

        // Check to see if we've already enrolled the user.
        const userExists = await wallet.exists('user1');
        if (userExists) {
            console.log('An identity for the user "user1" already exists in the wallet');
            return;
        }
        const adminExists = await wallet.exists('admin');
        if (!adminExists) {
            console.log('An identity for the admin user "admin" does not exist in the wallet');
            console.log('Run the enrollAdmin.js application before retrying');
            return;
        }

        // Create a new gateway for connecting to our peer node.
        const gateway = new Gateway();
        await gateway.connect(ccp, { wallet, identity: 'admin', discovery: { enabled: true } });

        // Get the CA client object from the gateway for interacting with the CA.
        const ca = gateway.getClient().getCertificateAuthority();
        const adminIdentity = gateway.getCurrentIdentity();
        console.log('gateway ', adminIdentity.toString());

        // Register the user, enroll the user, and import the new identity into the wallet.
        const secret = await ca.register({ affiliation: '', enrollmentID: 'user1', role: 'client' }, adminIdentity);
        console.log('5');
        const enrollment = await ca.enroll({ enrollmentID: 'user1', enrollmentSecret: secret });
        console.log('6');
        const userIdentity = X509WalletMixin.createIdentity('N2miMSP', enrollment.certificate, enrollment.key.toBytes());
        wallet.import('user1', userIdentity);
        console.log('Successfully registered and enrolled admin user "user1" and imported it into the wallet');


this is my CA in the connection.json file I'm loading:

    "certificateAuthorities": {
        "rca.n2med.com": {
            "url": "https://localhost:7054",
            "caName": "rca.n2med.com",
            "tls": "tls-cert.pem"
        }
    }

I've looked everywhere and can't seem to load the certificate with the connect.json. The tls-cert.pem file is in the same directory as everything.
I've tried loading it manually like this: 

            const caInfo = ccp.certificateAuthorities['ca.example.com'];
            const caTLSCACerts = caInfo.tlsCACerts.pem;

 and putting that into the Gateway Options but all it does is return the path to the tls-cert.pem. The tls-cert.pem is the CAs TLS pem file


const connectionOptions: GatewayOptions = {
           discovery: { enabled: false, asLocalhost: true },
             identity: identity.user_id+'@n2med.com',
             clientTlsIdentity: caTLSCACerts
             wallet,
         };



OS Server Upgrades Friday Oct18 16:00 EST

Tim Johnson <tijohnson@...>
 

Maintenance description:
 Duration: 2h
 Why: OS updates to Centos 7.7. Jira upgrade to 7.13.8
 What:
     wiki.hyperledger.org
     jira.hyperledger.org
     members.hyperledger.org
     jenkins.hyperledger.org + sandbox
     chat.hyperledger.org
     nexus.hyperledger.org

I will send out message to RocketChat (#fabrci-ci) as we need the time. I will be stopping the Jenkins queue @ 15:00EST. All running jobs will be allowed to complete. Jobs left in the queue will be restarted after Jenkins is brought back on-line.

Tim


Re: Multi-network node deployments #fabric

Tong Li
 

if you have k8s, then it will be very easy to do this and please look into cello ansible agent.

Thanks.

Tong Li
IBM Open Technology

"Nancy Min" ---10/17/2019 04:20:48 PM---Hi All, We're interested in different methods to facilitate multi-network node deployments. One opti

From: "Nancy Min" <Nancym@...>
To: fabric@...
Date: 10/17/2019 04:20 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Multi-network node deployments #fabric
Sent by: fabric@...





Hi All,

We're interested in different methods to facilitate multi-network node deployments. One option we've thought of is to communicate with nodes hosted on different networks by using port forwarding on both ends in order for swarm connections to occur. Are there better ways to do this?

Thanks,
Nancy




Multi-network node deployments #fabric

Nancy Min
 

Hi All,

We're interested in different methods to facilitate multi-network node deployments. One option we've thought of is to communicate with nodes hosted on different networks by using port forwarding on both ends in order for swarm connections to occur. Are there better ways to do this?

Thanks,
Nancy


Documentation Workgroup: Agenda for Friday, 18 October

Anthony O'Dowd <a_o-dowd@...>
 

Hello All,

We hold our regular documentation workgroup call this week, both Eastern and Western hemispheres.

After celebrating our 100th meeting last week, we have decided to move to the Hyperledger Fabric Wiki for better continuity of discussion, search and integration with other Fabric activities! Many thanks to Brian and Chris for their suggestions and support!

You can see the new Wikipage here: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group

This week's agenda is here : https://wiki.hyperledger.org/display/fabric/2019+10+18+DWG+Agenda

Feel free to add agenda items to the wiki or mailing list, and we will include at the meeting. Feel free to come along, listen and discuss - you're always welcome!

Best regards,

Anthony, Pam, Joe, Nik

P.S I will include meeting details below for continuity for the next few weeks.

Meeting Details
-------------
Please use the following link to attend the meeting:  https://zoom.us/j/6223336701

Zoom should work in the browser.  I will open the call 5 minutes early so that folks can test it out. I'll also monitor the RocketChat at https://chat.hyperledger.org/channel/fabric-release so that if anyone has issues, ping me there!

More Zoom connection options at the bottom of this note.

The meeting times are as follows:


Meeting 101A: Friday 18 Oct
                   1130 India Standard Time
                   1400 China Standard Time
                   1500 Japan Standard Time
                   1700 Australia Eastern Time
                   1400 Singapore Time
                   1000 Gulf Standard Time
                   1000 Moscow Standard Time
                   0700 Greenwich Mean Time
                   0800 Central European Time    

Meeting 101B: Friday 18 Oct
              1000 Central Daylight Time
                   1100 Eastern Daylight Time
                   0800 Pacific Daylight Time
                   1200 Brasil Standard Time
                   1600 Greenwich Mean Time
                   1700 Central European Time
                   1800 Moscow Standard Time



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: TLS - NodeJS SDK GateWay.Connect Load Certificate Error

Nicholas Leonardi
 

Hey thanks for replying. The peer section I provided is in my connection profile, the connection.json. Is that what you mean?
If not what do you mean by pem format? Because I've also tried the base64 format of the certificate but got the error that it was
too long.
Also in the examples I've seen they've set the path of the certificate like in this one:

https://github.com/hyperledger/fabric-samples/blob/v1.4.2/first-network/connection-org1.json

    "peers": {
        "peer0.example.com": {
            "url": "grpcs://192.168.0.8:7051",
            "tlsCACerts": "crypto-config/peers/peer0.example/tls/server.cert"
        }
    },


Em quarta-feira, 16 de outubro de 2019 21:38:19 BRT, Nikhil E Gupta <negupta@...> escreveu:



Most of the connection profiles I have seen include the tls cert directly in the connection profile in pem format.


On Oct 16, 2019, at 7:14 PM, Nicholas Leonardi via Lists.Hyperledger.Org <nlzanutim=yahoo.com@...> wrote:


Hey guys,

I've been trying to invoke chaincode using the Gateway class of the fabric-network node module.
The documentation is too vague and I've tried all sorts of things. Of course my peer is rejecting
with TLS handshake fail because I can't seem to load the peers TLS certificate.

Here's my config 

const connectionProfile = safeLoad(fs.readFileSync(__dirname + '/../../connection.json', 'utf8'));

        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;

        const connectionOptions: GatewayOptions = {
            discovery: { enabled: true, asLocalhost: true },
            identity: identity.user_id+'@user.com',
            clientTlsIdentity: peerTLS,
            wallet,
        };

        // Create a new gateway for connecting to our peer node.
        const gateway: Gateway = new Gateway();
        await gateway.connect(connectionProfile, connectionOptions);
        // Get the network (channel) our contract is deployed to.
        const network: Network = await gateway.getNetwork('n2medchannel');

and here's my json config for the peer 

    "peers": {
        "peer0.example.com": {
            "url": "grpcs://192.168.0.8:7051",
            "tlsCACerts": "crypto-config/peers/peer0.example/tls/server.cert"
        }
    },

In the tlsCACerts I've also tried the  crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-com-7054.pem and here's
the output error
 
PEER TLSSSS ../../../crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-n2med-com-7054.pem
TypeError: Cannot read property 'certificate' of null.

It seems the 
        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;
is getting only the path and not loading the certificate.

Thanks in advance



TLS - NodeJS SDK GateWay.Connect Load Certificate Error

Nicholas Leonardi
 

Hey guys,

I've been trying to invoke chaincode using the Gateway class of the fabric-network node module.
The documentation is too vague and I've tried all sorts of things. Of course my peer is rejecting
with TLS handshake fail because I can't seem to load the peers TLS certificate.

Here's my config 

const connectionProfile = safeLoad(fs.readFileSync(__dirname + '/../../connection.json', 'utf8'));

        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;

        const connectionOptions: GatewayOptions = {
            discovery: { enabled: true, asLocalhost: true },
            identity: identity.user_id+'@user.com',
            clientTlsIdentity: peerTLS,
            wallet,
        };

        // Create a new gateway for connecting to our peer node.
        const gateway: Gateway = new Gateway();
        await gateway.connect(connectionProfile, connectionOptions);
        // Get the network (channel) our contract is deployed to.
        const network: Network = await gateway.getNetwork('n2medchannel');

and here's my json config for the peer 

    "peers": {
        "peer0.example.com": {
            "url": "grpcs://192.168.0.8:7051",
            "tlsCACerts": "crypto-config/peers/peer0.example/tls/server.cert"
        }
    },

In the tlsCACerts I've also tried the crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-com-7054.pem and here's
the output error
 
PEER TLSSSS ../../../crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-n2med-com-7054.pem
TypeError: Cannot read property 'certificate' of null.

It seems the 
        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;
is getting only the path and not loading the certificate.

Thanks in advance


Next Hyperledger Fabric Application Developer Community call - Thursday Oct 17th @ 3pm UTC (4pm UK, 11am ET, 8am PT)

Paul O'Mahoney <mahoney@...>
 

dear Fabric Application Developer,


the next  Fabric Application Developer community call is scheduled for this  Thursday Oct 17th @ 3pm UTC (4pm UK, 11am ET, 8am PT) It lasts approx 30-60 mins FYI. Note: it is now begins one hour earlier.

The agenda will be posted here -> https://wiki.hyperledger.org/display/fabric/Meeting+Agendas%3A+Fabric+Application+Developer+Community+Call

This community call is held bi-weekly via Zoom webconference and is aimed at :

- helping the worldwide Hyperledger Fabric Application Developer community grow in their development journey (eg. developing applications, smart contracts, chaincode, developing clients, using the SDK etc - eg. whether its NodeJS, Java, Go etc etc) 
- caters for the developer perspective and the developer community.
- helping app developers understand / hear more about exciting new things in Fabric, eg. features upcoming or work in progress - ie things that appeal to the developer
- to foster more interest, best practices etc in developing applications (eg developing solutions, use cases) with Hyperledger Fabric. 
- opportunity to ask questions of the Fabric team eg. you may have feedback/questions on your experiences developing solutions with Fabric
- to share stuff you've done with the community, eg sample code / sample use cases that others may be interested in

If you wish to share content on a call, just let me know via email direct or DM me on Rocketchat (ID: mahoney1) and I'll put an item on the agenda. Provide the following:
- the topic (state whether its presentation, or demo etc)
- the full name of the presenter, and 
- approx length of your pitch in minutes


The Zoom webconference ID is https://zoom.us/my/hyperledger.community   

More information can be found on the community page -> https://wiki.hyperledger.org/display/fabric/Fabric+Application+Developer+Community+Calls

You can get calendar invites (eg iCal) here

many thanks for your time - feel free to forward this email if you think it is of interest to a colleague.

Paul O'Mahony
Community Lead - Hyperledger Fabric Developer Community
RocketChat:  mahoney1

mahoney@...


Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: Chaincode Container Not Getting Created #fabric #fabric-chaincode

soumya nayak <soumyarjnnayak@...>
 

Thanks Nicholas for the reply. 

One thing i noticed is when i am installing the private chaincode . i checked in both the peer org machines the IDs of the installed chaincode is same but still the container was only created in the machine from where the instantiate command was run.

Regards,
Soumya

4461 - 4480 of 11416