Date   

Re: Chaincode commit not going through 2.0.0

Nicholas Leonardi
 

Hey Brett,

Yup, I JUST noticed that and it worked. 
But it shouldn't be like this because if there's 15 orgs in the network, majority is 8, I'd need to get all their TLS ca.crt for that?
Def a scalability problem. 
The endorsement should be automatically sent to the other peer through the orderers and handled there. 
I understand it's a permissioned network and the participants are known but it shouldn't have to have to deal
with another tls cert 

Also, invoking the chaincode creates the container but it times out every time.

Em segunda-feira, 7 de setembro de 2020 14:36:06 BRT, Brett T Logan <brett.t.logan@...> escreveu:


As Dave noted in the post you linked, your majority requirement means the 'commit' must be performed by both orgs, you are only sending the commit transactions to a single org

Nicholas Leonardi via lists.hyperledger.org --- [EXTERNAL] Re: [Hyperledger Fabric] Chaincode commit not going through 2.0.0 ---

From:"Nicholas Leonardi via lists.hyperledger.org" <nlzanutim=yahoo.com@...>
To:"Chris Gabriel" <alaskadd@...>, "Fabric" <fabric@...>
Date:Mon, Sep 7, 2020 13:14
Subject:[EXTERNAL] Re: [Hyperledger Fabric] Chaincode commit not going through 2.0.0


Hey Chris, thanks for the insight.

I understood and followed the process you told me but here's what's happening.

1. I have org1 deployed running on machine 1 with chaincode installed version 1.0 and sequence 1.
Chaincode invoke and query are working perfectly.

2. I deploy org2 and add orderer and peer to the channel (successfully).

3. I package the chaincode on org1 and send it to org2
peer lifecycle chaincode package chaincode.tar.gz --path /etc/hyperledger/chaincode --lang node --label ccv1

4. I installed the newly packaged chaincode on both peers (org1.peer and org2.peer) there's only 1 peer per org
Successfully installs and shows up when I queryinstalled 

5. I approved on both organizations with version 1.0(didn't change) but changed the sequence to 2
--name chaincode --version 1.0 --sequence 2

6. I checked the commit readiness 

peer lifecycle chaincode checkcommitreadiness --channelID channel --name chaincode --version 1.0 --sequence 2

Version: 1.0, Sequence: 2, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true, Org2MSP: true]

7. When I tried to commit sequence 2, I get the endorsement policy failure

peer lifecycle chaincode commit -o orderer1.org1.org:7050 --channelID channel --name chaincode --version 1.0 --sequence 2 

I looked over the documentation but couldn't find anything wrong.
I also tried approving org2 with version 1.0 and sequence 1. It approves but when I try to commit it gives the error that it needs to be sequence 2.
I double checked the block config and all seems well.

The peer spits out this error:

1 sub-policies were satisfied, but this policy requires 2 of the 'Endorsement' sub-policies to be satisfied

The endorsement subpolicy is set to MAJORITY Admins and both admins do approve.
I have attached the block config json. 

I don't know what to do anymore 

Any futher help would be greatly appreciated. 


Hi Nick,
You appeared to have committed prior to approving for both orgs. I have made this same mistake.
Do in this order (also documented in the tutorial):
1) Package chaincode
2) Install chaincode on all peers
3) Query installed to get packageID
4) Approve for org1
5) Approve for org2
6) Check commit readiness
7) Commit chaincode (You can commmit chaincode for both orgs at the same time if commit readiness check show true for both org1 and org2 by using the —peerAddresses flag)
Hope this helps,
Chris 



On Sep 6, 2020, at 8:59 AM, Nicholas Leonardi via lists.hyperledger.org <nlzanutim=yahoo.com@...> wrote:


Hey guys,

I have two organizations on two different machines, each org has 1 peer. I'm able to add both peers to the channel, bring in a fourth orderer for org 2. Everything works except when I try to commit the chaincode for the org2. I generate the package from org 1 (chaincode installed and committed) and send it to org2. I can install it on peer2 and approve for org with a new sequence. I also approve for org1 with the new sequence but when I try to commit, I get an endorsement failure policy.

Version 2.0.0 

I found this but to no avail the chaincode gets committed by either orgs. 

The commit readiness is true for both when I check that.

Anyone have any other ideas besides from that topic?

Thanks in advance.
Nick




Re: Chaincode commit not going through 2.0.0

Brett T Logan <brett.t.logan@...>
 

As Dave noted in the post you linked, your majority requirement means the 'commit' must be performed by both orgs, you are only sending the commit transactions to a single org

Nicholas Leonardi via lists.hyperledger.org --- [EXTERNAL] Re: [Hyperledger Fabric] Chaincode commit not going through 2.0.0 ---

From:"Nicholas Leonardi via lists.hyperledger.org" <nlzanutim=yahoo.com@...>
To:"Chris Gabriel" <alaskadd@...>, "Fabric" <fabric@...>
Date:Mon, Sep 7, 2020 13:14
Subject:[EXTERNAL] Re: [Hyperledger Fabric] Chaincode commit not going through 2.0.0


Hey Chris, thanks for the insight.

I understood and followed the process you told me but here's what's happening.

1. I have org1 deployed running on machine 1 with chaincode installed version 1.0 and sequence 1.
Chaincode invoke and query are working perfectly.

2. I deploy org2 and add orderer and peer to the channel (successfully).

3. I package the chaincode on org1 and send it to org2
peer lifecycle chaincode package chaincode.tar.gz --path /etc/hyperledger/chaincode --lang node --label ccv1

4. I installed the newly packaged chaincode on both peers (org1.peer and org2.peer) there's only 1 peer per org
Successfully installs and shows up when I queryinstalled 

5. I approved on both organizations with version 1.0(didn't change) but changed the sequence to 2
--name chaincode --version 1.0 --sequence 2

6. I checked the commit readiness 

peer lifecycle chaincode checkcommitreadiness --channelID channel --name chaincode --version 1.0 --sequence 2

Version: 1.0, Sequence: 2, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true, Org2MSP: true]

7. When I tried to commit sequence 2, I get the endorsement policy failure

peer lifecycle chaincode commit -o orderer1.org1.org:7050 --channelID channel --name chaincode --version 1.0 --sequence 2 

I looked over the documentation but couldn't find anything wrong.
I also tried approving org2 with version 1.0 and sequence 1. It approves but when I try to commit it gives the error that it needs to be sequence 2.
I double checked the block config and all seems well.

The peer spits out this error:

1 sub-policies were satisfied, but this policy requires 2 of the 'Endorsement' sub-policies to be satisfied

The endorsement subpolicy is set to MAJORITY Admins and both admins do approve.
I have attached the block config json. 

I don't know what to do anymore 

Any futher help would be greatly appreciated. 


Hi Nick,
You appeared to have committed prior to approving for both orgs. I have made this same mistake.
Do in this order (also documented in the tutorial):
1) Package chaincode
2) Install chaincode on all peers
3) Query installed to get packageID
4) Approve for org1
5) Approve for org2
6) Check commit readiness
7) Commit chaincode (You can commmit chaincode for both orgs at the same time if commit readiness check show true for both org1 and org2 by using the —peerAddresses flag)
Hope this helps,
Chris 



On Sep 6, 2020, at 8:59 AM, Nicholas Leonardi via lists.hyperledger.org <nlzanutim=yahoo.com@...> wrote:


Hey guys,

I have two organizations on two different machines, each org has 1 peer. I'm able to add both peers to the channel, bring in a fourth orderer for org 2. Everything works except when I try to commit the chaincode for the org2. I generate the package from org 1 (chaincode installed and committed) and send it to org2. I can install it on peer2 and approve for org with a new sequence. I also approve for org1 with the new sequence but when I try to commit, I get an endorsement failure policy.

Version 2.0.0 

I found this but to no avail the chaincode gets committed by either orgs. 

The commit readiness is true for both when I check that.

Anyone have any other ideas besides from that topic?

Thanks in advance.
Nick




Re: Chaincode commit not going through 2.0.0

Nicholas Leonardi
 

Hey Chris, thanks for the insight.

I understood and followed the process you told me but here's what's happening.

1. I have org1 deployed running on machine 1 with chaincode installed version 1.0 and sequence 1.
Chaincode invoke and query are working perfectly.

2. I deploy org2 and add orderer and peer to the channel (successfully).

3. I package the chaincode on org1 and send it to org2
peer lifecycle chaincode package chaincode.tar.gz --path /etc/hyperledger/chaincode --lang node --label ccv1

4. I installed the newly packaged chaincode on both peers (org1.peer and org2.peer) there's only 1 peer per org
Successfully installs and shows up when I queryinstalled 

5. I approved on both organizations with version 1.0(didn't change) but changed the sequence to 2
--name chaincode --version 1.0 --sequence 2

6. I checked the commit readiness 

peer lifecycle chaincode checkcommitreadiness --channelID channel --name chaincode --version 1.0 --sequence 2

Version: 1.0, Sequence: 2, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true, Org2MSP: true]

7. When I tried to commit sequence 2, I get the endorsement policy failure

peer lifecycle chaincode commit -o orderer1.org1.org:7050 --channelID channel --name chaincode --version 1.0 --sequence 2 

I looked over the documentation but couldn't find anything wrong.
I also tried approving org2 with version 1.0 and sequence 1. It approves but when I try to commit it gives the error that it needs to be sequence 2.
I double checked the block config and all seems well.

The peer spits out this error:

1 sub-policies were satisfied, but this policy requires 2 of the 'Endorsement' sub-policies to be satisfied

The endorsement subpolicy is set to MAJORITY Admins and both admins do approve.
I have attached the block config json. 

I don't know what to do anymore 

Any futher help would be greatly appreciated. 


Hi Nick,
You appeared to have committed prior to approving for both orgs. I have made this same mistake.
Do in this order (also documented in the tutorial):
1) Package chaincode
2) Install chaincode on all peers
3) Query installed to get packageID
4) Approve for org1
5) Approve for org2
6) Check commit readiness
7) Commit chaincode (You can commmit chaincode for both orgs at the same time if commit readiness check show true for both org1 and org2 by using the —peerAddresses flag)
Hope this helps,
Chris 



On Sep 6, 2020, at 8:59 AM, Nicholas Leonardi via lists.hyperledger.org <nlzanutim=yahoo.com@...> wrote:


Hey guys,

I have two organizations on two different machines, each org has 1 peer. I'm able to add both peers to the channel, bring in a fourth orderer for org 2. Everything works except when I try to commit the chaincode for the org2. I generate the package from org 1 (chaincode installed and committed) and send it to org2. I can install it on peer2 and approve for org with a new sequence. I also approve for org1 with the new sequence but when I try to commit, I get an endorsement failure policy.

Version 2.0.0 

I found this but to no avail the chaincode gets committed by either orgs. 

The commit readiness is true for both when I check that.

Anyone have any other ideas besides from that topic?

Thanks in advance.
Nick



chaincode instantiation failed #fabric-chaincode

kokolaki@...
 

      Hello Comminity, I have the following error when I  run ./
byfn.sh
      up -l java in first-network folder of fabric-samples when it tries to
Instantiating chaincode on peer0.org2
Error: could not assemble transaction, err proposal response was not successful, error code 500, msg error starting container: error starting container: Failed to generate platform-specific docker build: Error returned from build: 1 "+ INPUT_DIR=/chaincode/input
+ OUTPUT_DIR=/chaincode/output
++ paste -s -d : -
++ find /chaincode/input -name .jar
+ JARS=
++ find /chaincode/input -name '*.jar'
++ wc -l
+ NUM_JARS=0
+ for DIR in '${INPUT_DIR}' '${INPUT_DIR}/src'
+ '[' -f /chaincode/input/build.gradle -o -f /chaincode/input/build.gradle.kts ']'
+ '[' -f /chaincode/input/pom.xml ']'
+ for DIR in '${INPUT_DIR}' '${INPUT_DIR}/src'
+ '[' -f /chaincode/input/src/build.gradle -o -f /chaincode/input/src/build.gradle.kts ']'
+ buildGradle /chaincode/input/src /chaincode/output
+ cd /chaincode/input/src
+ echo 'Gradle build'
+ '[' -f ./gradlew ']'
Gradle build
+ gradle build shadowJar

Welcome to Gradle 5.6.2!

Here are the highlights of this release:
 - Incremental Groovy compilation
 - Groovy compile avoidance
 - Test fixtures for Java projects
 - Manage plugin versions via settings script

For more details see https://docs.gradle.org/5.6.2/release-notes.html

Starting a Gradle Daemon (subsequent builds will be faster)

FAILURE: Build failed with an exception.

* What went wrong:
Method com/github/jengelman/gradle/plugins/shadow/internal/DependencyFileCollection.getBuildDependencies()Lorg/gradle/api/tasks/TaskDependency; is abstract

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 36s

  • I use fabric version 1.4.2
    Any help please?


Re: Chaincode commit not going through 2.0.0

Chris Gabriel <alaskadd@...>
 

Hi Nick,
You appeared to have committed prior to approving for both orgs. I have made this same mistake.
Do in this order (also documented in the tutorial):
1) Package chaincode
2) Install chaincode on all peers
3) Query installed to get packageID
4) Approve for org1
5) Approve for org2
6) Check commit readiness
7) Commit chaincode (You can commmit chaincode for both orgs at the same time if commit readiness check show true for both org1 and org2 by using the —peerAddresses flag)
Hope this helps,
Chris 



On Sep 6, 2020, at 8:59 AM, Nicholas Leonardi via lists.hyperledger.org <nlzanutim=yahoo.com@...> wrote:


Hey guys,

I have two organizations on two different machines, each org has 1 peer. I'm able to add both peers to the channel, bring in a fourth orderer for org 2. Everything works except when I try to commit the chaincode for the org2. I generate the package from org 1 (chaincode installed and committed) and send it to org2. I can install it on peer2 and approve for org with a new sequence. I also approve for org1 with the new sequence but when I try to commit, I get an endorsement failure policy.

Version 2.0.0 

I found this but to no avail the chaincode gets committed by either orgs. 

The commit readiness is true for both when I check that.

Anyone have any other ideas besides from that topic?

Thanks in advance.
Nick



Chaincode commit not going through 2.0.0

Nicholas Leonardi
 

Hey guys,

I have two organizations on two different machines, each org has 1 peer. I'm able to add both peers to the channel, bring in a fourth orderer for org 2. Everything works except when I try to commit the chaincode for the org2. I generate the package from org 1 (chaincode installed and committed) and send it to org2. I can install it on peer2 and approve for org with a new sequence. I also approve for org1 with the new sequence but when I try to commit, I get an endorsement failure policy.

Version 2.0.0 

I found this but to no avail the chaincode gets committed by either orgs. 

The commit readiness is true for both when I check that.

Anyone have any other ideas besides from that topic?

Thanks in advance.
Nick



Re: Build fabric on raspberry pi #fabric

kokolaki@...
 

Yes I have that binutils package:

ubuntu@ubuntu:~$ sudo apt-get install binutils
Reading package lists... Done
Building dependency tree
Reading state information... Done
binutils is already the newest version (2.30-21ubuntu1~18.04.4).
binutils set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
ubuntu@ubuntu:~$ ls

My configurations are:
ubuntu@ubuntu:~/fabric/fabric2$ whereis ld
ld: /usr/bin/ld /usr/bin/ld.bfd /usr/bin/ld.gold /usr/share/man/man1/ld.1.gz

my go path variables in .profile bash file are:
export PATH=$PATH:/usr/local/go/bin
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin


Re: Build fabric on raspberry pi #fabric

Brian Behlendorf <bbehlendorf@...>
 

Looks like if gcc can't find ld, there's a common developer package or two you're missing. My guess is you're on Ubuntu or something Debian-ish, do you have the binutils package installed?

Brian

On 9/4/20 6:03 AM, kokolaki@... wrote:
I am trying to install fabric version 2.2.0 in raspperry pi. I cloned fabric repository and checkout to appropriate tag. I use last version of golang go1.15.1 linux/arm64
 when I run "make" to generate, I have the following error:
# github.com/hyperledger/fabric/cmd/peer
/usr/local/go/pkg/tool/linux_arm64/link: running gcc failed: exit status 1
collect2: fatal error: cannot find 'ld'
compilation terminated.

make: *** [Makefile:209: build/bin/peer] Error 2
Removing intermediate container d41a9d6e8573
The command '/bin/sh -c make peer GO_TAGS=${GO_TAGS}' returned a non-zero code: 2
Makefile:224: recipe for target 'build/images/peer/.dummy-arm64-2.2.0-snapshot-5ea85bc54' failed
make: *** [build/images/peer/.dummy-arm64-2.2.0-snapshot-5ea85bc54] Error 2

Any help?
Thnak you.


-- 
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...
Twitter: @brianbehlendorf


Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 09/04/2020 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Hyperledger Fabric Documentation Workgroup call - Western hemisphere

When:
Friday, 4 September 2020
4:00pm to 5:00pm
(GMT+01:00) Europe/London

Where:
https://zoom.us/my/hyperledger.community.backup

Organizer:
a_o-dowd@... +441962816761

Description:
https://zoom.us/my/hyperledger.community.backup
Documentation workgroup call.
Agenda, minutes and recordings :https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 09/04/2020 4:00pm-5:00pm #cal-reminder

fabric@lists.hyperledger.org Calendar <fabric@...>
 

Reminder: Hyperledger Fabric Documentation Workgroup call - Western hemisphere

When: Friday, 4 September 2020, 4:00pm to 5:00pm, (GMT+01:00) Europe/London

Where:https://zoom.us/my/hyperledger.community.backup

View Event

Organizer: Anthony O'Dowd a_o-dowd@... +441962816761

Description: https://zoom.us/my/hyperledger.community.backup
Documentation workgroup call.
Agenda, minutes and recordings :https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


Build fabric on raspberry pi #fabric

kokolaki@...
 

I am trying to install fabric version 2.2.0 in raspperry pi. I cloned fabric repository and checkout to appropriate tag. I use last version of golang go1.15.1 linux/arm64
 when I run "make" to generate, I have the following error:
# github.com/hyperledger/fabric/cmd/peer
/usr/local/go/pkg/tool/linux_arm64/link: running gcc failed: exit status 1
collect2: fatal error: cannot find 'ld'
compilation terminated.

make: *** [Makefile:209: build/bin/peer] Error 2
Removing intermediate container d41a9d6e8573
The command '/bin/sh -c make peer GO_TAGS=${GO_TAGS}' returned a non-zero code: 2
Makefile:224: recipe for target 'build/images/peer/.dummy-arm64-2.2.0-snapshot-5ea85bc54' failed
make: *** [build/images/peer/.dummy-arm64-2.2.0-snapshot-5ea85bc54] Error 2

Any help?
Thnak you.


Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere - Fri, 09/04/2020 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere

When:
Friday, 4 September 2020
6:00am to 7:00am
(GMT+01:00) Europe/London

Where:
https://zoom.us/my/hyperledger.community.backup

Organizer:
a_o-dowd@... +441962816761

Description:
https://zoom.us/my/hyperledger.community.backup
Documentation workgroup call.
Agenda, minutes and recordings: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


how to create and manage credentials for an app based on fabric?

Si Chen
 

Hello everybody,

Could we get your advice on how to create and manage credentials for an app which interacts with a Hyperledger fabric ledger?

This is all from our last Climate Accounting WG call:

We're planning to have a REST interface interact with the ledger.  Then a user-facing app would connect to the REST interface.

So should we have
1. a REST api which creates credential (security key) from a certificate authority which the app is allowed to interact with
2. the REST api return the security key to the client app
3.  the client app stores the security key for the user
4.  the client app allows the user to call ledger chain code using the stored security key?

Thank you for your advice.

-----
Si Chen
Open Source Strategies, Inc.

Join our Hyperledger Open Source Carbon Accounting & Certification Working Group - Video


Documentation Workgroup: Agenda for Friday, 04 Sep

Anthony O'Dowd <a_o-dowd@...>
 

Hi All,

We will hold the documentation workgroup East hemisphere and Western hemisphere calls as usual this Friday.  Please attend, you are very welcome!

You can read about last week's calls at https://wiki.hyperledger.org/display/fabric/2020+08+28+DWG+Agenda You'll see significant minutes for both the Eastern and Western hemisphere calls, and recordings for both sessions. You can catch up with the full recordings and other sessions: https://wiki.hyperledger.org/display/fabric/Recordings

Our Eastern and Western hemisphere calls are very well attended at the moment -- thanks to all for your contributions and collaboration.

On our Eastern hemisphere call this week we will be reviewing:
  • Malayalam Translation progress
  • Japanese Language progress
  • Contribution Video and Blog - review outline

Our Western hemisphere call will be equally busy:
  • Release progress
  • Sample overview
  • Google Analytics discussion
  • Spanish translation progress
  • Brazilian Portuguese translation progress

See https://wiki.hyperledger.org/display/fabric/2020+09+04+DWG+Agenda for this week's agenda for the eastern and western hemisphere calls.

Please feel free to contribute using the wiki, including helping to build next week's agenda: https://wiki.hyperledger.org/display/fabric/2020+09+11+DWG+Agenda

Thanks!

Pam,  Joe, Anthony

Meeting Details
-------------
Please use the following link to attend the meeting:  https://zoom.us/j/6223336701

The meeting times are as follows: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group

Meeting 144A: Friday 04 Sep
                   1130 India Standard Time
                   1400 China Standard Time
                   1500 Japan Standard Time
                   1700 Australia Eastern Time
                   1400 Singapore Time
                   1100 Gulf Standard Time
                   1000 Moscow Standard Time
                   0700 Greenwich Mean Time
                   0800 Central European Time    

Meeting 144B: Friday 04 Sep
              1100 Central Daylight Time
                   1200 Eastern Daylight Time
                   0900 Pacific Daylight Time
                   1400 Brasil Time (BRT)
                   1600 Greenwich Mean Time
                   1700 Central European Time
                   1800 Moscow Standard Time


Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Updated Event: Fabric SDK Python Meeting #cal-invite

fabric@lists.hyperledger.org Calendar <fabric@...>
 

Fabric SDK Python Meeting

When:
Thursday, 6 August 2020
9:00pm to 10:00pm
(UTC-07:00) America/Los Angeles
Repeats: Every 2 weeks on Thursday

Where:
https://zoom.us/my/hyperledger.community.backup

Organizer: Fabric SDK Python Team

Description:
https://zoom.us/my/hyperledger.community.backup
Project: https://github.com/hyperledger/fabric-sdk-py
Wiki: https://wiki.hyperledger.org/display/fabric/Hyperledger+Fabric+SDK+Py


Updated Event: Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere #cal-invite

fabric@lists.hyperledger.org Calendar <fabric@...>
 

Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere

When:
Friday, 7 August 2020
6:00am to 7:00am
(UTC+01:00) Europe/London
Repeats: Weekly on Friday

Where:
https://zoom.us/my/hyperledger.community.backup

Organizer: Anthony O'Dowd a_o-dowd@... +441962816761

Description:
https://zoom.us/my/hyperledger.community.backup
Documentation workgroup call.
Agenda, minutes and recordings: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


Updated Event: Hyperledger Fabric Documentation Workgroup call - Western hemisphere #cal-invite

fabric@lists.hyperledger.org Calendar <fabric@...>
 

Hyperledger Fabric Documentation Workgroup call - Western hemisphere

When:
Friday, 7 August 2020
4:00pm to 5:00pm
(UTC+01:00) Europe/London
Repeats: Weekly on Friday

Where:
https://zoom.us/my/hyperledger.community.backup

Organizer: Anthony O'Dowd a_o-dowd@... +441962816761

Description:
https://zoom.us/my/hyperledger.community.backup
Documentation workgroup call.
Agenda, minutes and recordings :https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


Re: Adding extended key usages in node enrollment certificates #fabric-questions #fabric

Gari Singh <garis@...>
 

Adding usages does not limit the usages; it increases the potential usages. Of course usages are only relevant for consumers which honor usages.

-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: chintanr97@...
Sent by: fabric@...
Date: 09/03/2020 09:43AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Adding extended key usages in node enrollment certificates #fabric #fabric-questions

My aim of adding additional extended key usages is to limit the usage of certificate/key for any other purposes. I just wanted to identify if it will affect or disturb the functioning of nodes if I add any valid ECC extended key usages.


Re: Adding extended key usages in node enrollment certificates #fabric-questions #fabric

chintanr97@...
 

My aim of adding additional extended key usages is to limit the usage of certificate/key for any other purposes. I just wanted to identify if it will affect or disturb the functioning of nodes if I add any valid ECC extended key usages.


Re: Adding extended key usages in node enrollment certificates #fabric-questions #fabric

Gari Singh <garis@...>
 

Why do you want to add additional (extended) key usages to the enrollment certificates?
They currently contain the minimum set for their intended purpose: digital signatures.
And we intentionally do not add the TLS-related usages as we want to maintain a separate of duties in terms of signing and TLS.

Adding additional usages should not affect anything, but it's advisable not do so.

That being said, you can modify the default profile ( https://github.com/hyperledger/fabric-ca/blob/v1.4.8/cmd/fabric-ca-server/config.go#L303 ) or create a new profile with additional attributes.
You can find the list of usages here: https://github.com/cloudflare/cfssl/blob/v1.4.1/doc/cmd/cfssl.txt#L86-L114

-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: chintanr97@...
Sent by: fabric@...
Date: 09/03/2020 01:09AM
Subject: [EXTERNAL] [Hyperledger Fabric] Adding extended key usages in node enrollment certificates #fabric #fabric-questions

Hi Team, I was trying to identify the extended key usages in X.509 enrollment certificates: https://tools.ietf.org/html/rfc5280#section-4.2.1.12

I need to add some extended key usages in the enrollment certificate - but I want to know what would be the correct set of the extended key usages that we can actually put up in the node enrollment certificates with respect to HLF world? I understand that Server Auth and Client Auth are mainly for TLS/SSL node certificates. The ones other than that: codeSigning, emailProtection, timeStamping, OCSPSigning - what would be correct subset of these to put up in HLF node certificates? Will adding those break the node communication or affect the HLF network in any way?

2301 - 2320 of 11218