Date   

Forks and World State

Trevor Lee Oakley <trevor@...>
 

I saw that if the OS is malicious then a fork may happen by sending different peers different blocks. Is that detectable?
 
If a client made a query to the world state would that be subject to any checks with other peers?
 
If one subset had a different blockchain and that the client just query a node in that group, the client would get the wrong answer? 
 
I am assuming that is possible and basically a malicious OS will result in an undetected fork.
 
Also which part of the policy states the peer to be queried and could we rotate that to detect the fork after a series of queries made to the network to test it?
 
Trevor
 
 


Orderers and malicious nodes

Trevor Lee Oakley <trevor@...>
 

I was just researching what happens when some orderers were taken over by an attacker. If say I have 5 ordering nodes, and 3 are taken over, is there a way to detect which 3 are malicious. I was unsure where the orderer ledgers were stored. I assumed at a node level but then I was unsure how we could detect some nodes were malicious.
 
Is there some kind of voting within the ordering service to detect that some nodes are rogue?
 
 
Trevor
 
 


Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 03/13/2020 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Hyperledger Fabric Documentation Workgroup call - Western hemisphere

When:
Friday, 13 March 2020
4:00pm to 5:00pm
(GMT+00:00) Europe/London

Where:
https://zoom.us/j/6223336701

Organizer:
a_o-dowd@... +441962816761

Description:
Documentation workgroup call.
Agenda, minutes and recordings :https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


Re: One Org - Multiple MSPs & Channels

Yacov
 

Well, if you don't define bootstrap peers and you have no anchor peers then the conditions to establish membership between peers are not met, thus peers will not disseminate blocks to each other.

This means that all gossip data stores will be empty, and the memory overhead of thousands of channels can be made negligible.



From:        "Trevor Lee Oakley" <trevor@...>
To:        "Yacov Manevich" <YACOVM@...>
Cc:        <fabric@...>
Date:        03/13/2020 04:58 PM
Subject:        [EXTERNAL] RE: [Hyperledger Fabric] One Org - Multiple MSPs & Channels




I thought gossip was always used? What is the alternative?
 
Trevor
 
 
 


From: "Yacov Manevich" <YACOVM@...>
Sent
: 13 March 2020 10:49
To
: trevor@...
Cc
: fabric@...
Subject
: RE: [Hyperledger Fabric] One Org - Multiple MSPs & Channels

 
An org? Sure.

A peer? Well maybe, if you don't use any bootstrap peers or anchor peers so gossip isn't used.




From:        
"Trevor Lee Oakley" <trevor@...>
To:        
"Yacov Manevich" <YACOVM@...>
Cc:        
<fabric@...>
Date:        
03/13/2020 04:41 PM
Subject:        
[EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        
fabric@...



I just  saw a few research papers - seems they can be constructed.

But can an org handle thousands of channels?




 

From
: "Yacov Manevich" <YACOVM@...>
Sent
: 13 March 2020 10:38
To
: trevor@...
Cc
: fabric@...
Subject
: RE: [Hyperledger Fabric] One Org - Multiple MSPs & Channels


They do not exist, but who knows? maybe in the future they will.




From:        
"Trevor Lee Oakley" <trevor@...>
To:        
"Yacov" <yacovm@...>
Cc:        
<fabric@...>
Date:        
03/13/2020 04:34 PM
Subject:        
[EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels



local collections would be nice to use but the business level need to is to completely hide the txn data (ie even that it exists to other members). I did not know anonymous endorsements were viable. Have you a link? Are they completely anonymous?



 

From
: "Yacov" <yacovm@...>
Sent
: 13 March 2020 10:30
To
: trevor@...
Cc
: fabric@...
Subject
: Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels


Sounds like what you need is local collections with anonymous endorsements.




From:        
"Trevor Lee Oakley" <trevor@...>
To:        
<fabric@...>
Date:        
03/13/2020 03:53 PM
Subject:        
[EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        
fabric@...



I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs.

Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.

Trevor


 

 

 






Upcoming Event: Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 03/13/2020 4:00pm-5:00pm #cal-reminder

fabric@lists.hyperledger.org Calendar <fabric@...>
 

Reminder: Hyperledger Fabric Documentation Workgroup call - Western hemisphere

When: Friday, 13 March 2020, 4:00pm to 5:00pm, (GMT+00:00) Europe/London

Where:https://zoom.us/j/6223336701

View Event

Organizer: Anthony O'Dowd a_o-dowd@... +441962816761

Description: Documentation workgroup call.
Agenda, minutes and recordings :https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


Re: One Org - Multiple MSPs & Channels

Trevor Lee Oakley <trevor@...>
 

I thought gossip was always used? What is the alternative?
 
Trevor
 
 
 

From: "Yacov Manevich" <YACOVM@...>
Sent: 13 March 2020 10:49
To: trevor@...
Cc: fabric@...
Subject: RE: [Hyperledger Fabric] One Org - Multiple MSPs & Channels
 
An org? Sure.

A peer? Well maybe, if you don't use any bootstrap peers or anchor peers so gossip isn't used.



From:        "Trevor Lee Oakley" <trevor@...>
To:        "Yacov Manevich" <YACOVM@...>
Cc:        <fabric@...>
Date:        03/13/2020 04:41 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        fabric@...



I just  saw a few research papers - seems they can be constructed.
 
But can an org handle thousands of channels?
 
 
 
 
 

From: "Yacov Manevich" <YACOVM@...>
Sent: 13 March 2020 10:38
To: trevor@...
Cc: fabric@...
Subject: RE: [Hyperledger Fabric] One Org - Multiple MSPs & Channels

 
They do not exist, but who knows? maybe in the future they will.



From:        "Trevor Lee Oakley" <trevor@...>
To:        "Yacov" <yacovm@...>
Cc:        <fabric@...>
Date:        03/13/2020 04:34 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels



local collections would be nice to use but the business level need to is to completely hide the txn data (ie even that it exists to other members). I did not know anonymous endorsements were viable. Have you a link? Are they completely anonymous?


 

From: "Yacov" <yacovm@...>
Sent: 13 March 2020 10:30
To: trevor@...
Cc: fabric@...
Subject: Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels


Sounds like what you need is local collections with anonymous endorsements.



From:        "Trevor Lee Oakley" <trevor@...>
To:        <fabric@...>
Date:        03/13/2020 03:53 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        fabric@...



I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs.

Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.

Trevor


 

 

 




 


Re: One Org - Multiple MSPs & Channels

Yacov
 

An org? Sure.

A peer? Well maybe, if you don't use any bootstrap peers or anchor peers so gossip isn't used.



From:        "Trevor Lee Oakley" <trevor@...>
To:        "Yacov Manevich" <YACOVM@...>
Cc:        <fabric@...>
Date:        03/13/2020 04:41 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        fabric@...




I just  saw a few research papers - seems they can be constructed.
 
But can an org handle thousands of channels?
 
 
 
 
 


From: "Yacov Manevich" <YACOVM@...>
Sent
: 13 March 2020 10:38
To
: trevor@...
Cc
: fabric@...
Subject
: RE: [Hyperledger Fabric] One Org - Multiple MSPs & Channels

 
They do not exist, but who knows? maybe in the future they will.



From:        
"Trevor Lee Oakley" <trevor@...>
To:        
"Yacov" <yacovm@...>
Cc:        
<fabric@...>
Date:        
03/13/2020 04:34 PM
Subject:        
[EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels



local collections would be nice to use but the business level need to is to completely hide the txn data (ie even that it exists to other members). I did not know anonymous endorsements were viable. Have you a link? Are they completely anonymous?


 

From
: "Yacov" <yacovm@...>
Sent
: 13 March 2020 10:30
To
: trevor@...
Cc
: fabric@...
Subject
: Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels


Sounds like what you need is local collections with anonymous endorsements.




From:        
"Trevor Lee Oakley" <trevor@...>
To:        
<fabric@...>
Date:        
03/13/2020 03:53 PM
Subject:        
[EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        
fabric@...



I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs.

Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.

Trevor



 






Re: #fabric-questions #fabric #fabric-questions #fabric

David Enyeart
 

It is true that you'll see higher throughput if you load balance endorsement requests across multiple peers. You likely want multiple peers per org anyways for HA purpose.

I suspect that error message is from your application and not Fabric so I can't help with that per se, but I will say that most of the issues around private data end up being related to gossip misconfiguration.

Make sure your peer.gossip.bootstrap is correct (used for finding other internal peers for internal org communication).
Make sure your peer.gossip.externalEndpoint and anchor peer setup is correct (used for cross org communication).

Enabling gossip.privdata debug will make it clear if private data dissemination is working correctly, e.g.:
FABRIC_LOGGING_SPEC=info:gossip.privdata=debug

Also look for the gossip.channel "Membership view" info messages that tell you which other peers are known. If you don't see all the peers in the known list, then you've got a gossip configuration issue.


Dave Enyeart

neha.ghogale---03/13/2020 09:35:29 AM---Hi, We are developing blockchain application on hyperledger fabric which consist of multiple organiz

From: neha.ghogale@...
To: fabric@...
Date: 03/13/2020 09:35 AM
Subject: [EXTERNAL] [Hyperledger Fabric] #fabric-questions #fabric
Sent by: fabric@...





Hi,

We are developing blockchain application on hyperledger fabric which consist of multiple organizations involved in the transaction and also one authorised organization which will monitor that transaction.

In the above application, A transaction is made up of two blockchain transactions. Any two organizations can involve in one transaction.That transaction has a private data(this data shouldn't be part of distributed ledger as it should get purged) which can only be accessed by organizations involved in that transaction and authorised organization. When one organization make one blockchain transaction all the other organization receives it using event and concerned organization will act on it.

After finishing development of the project. We started focusing on performance improvements. We used below things successfully to increase performance of the network.
1. Multiple workers for DLT client.
2. Reduced size of read-write set.
3. Block size tuning as per requirements
4. Optimization of code.
5. Validation pool size changes by GOMAXPROC.

To increase the performance further, we wanted to establish 2nd peer for every organization But we are not able to do it as we are getting an error "Block not received". We tried below things to remove the error
1. Making changes in MAXPEERCOUNT and REQUIREDPEERCOUNT.
2. Divide peer responsibility by making only one peer endorser and another just a committer from which we will get our events. This fixed our issue but this decreased network throughput.
We believe that adding one more peer will increase throughput of our network.

Kindly guide us.





Re: One Org - Multiple MSPs & Channels

Trevor Lee Oakley <trevor@...>
 

I just  saw a few research papers - seems they can be constructed.
 
But can an org handle thousands of channels?
 
 
 
 
 

From: "Yacov Manevich" <YACOVM@...>
Sent: 13 March 2020 10:38
To: trevor@...
Cc: fabric@...
Subject: RE: [Hyperledger Fabric] One Org - Multiple MSPs & Channels
 
They do not exist, but who knows? maybe in the future they will.



From:        "Trevor Lee Oakley" <trevor@...>
To:        "Yacov" <yacovm@...>
Cc:        <fabric@...>
Date:        03/13/2020 04:34 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels



local collections would be nice to use but the business level need to is to completely hide the txn data (ie even that it exists to other members). I did not know anonymous endorsements were viable. Have you a link? Are they completely anonymous?
 
 
 

From: "Yacov" <yacovm@...>
Sent: 13 March 2020 10:30
To: trevor@...
Cc: fabric@...
Subject: Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels

 
Sounds like what you need is local collections with anonymous endorsements.



From:        "Trevor Lee Oakley" <trevor@...>
To:        <fabric@...>
Date:        03/13/2020 03:53 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        fabric@...



I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs.

Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.

Trevor



 

 


 


Re: One Org - Multiple MSPs & Channels

Yacov
 

They do not exist, but who knows? maybe in the future they will.



From:        "Trevor Lee Oakley" <trevor@...>
To:        "Yacov" <yacovm@...>
Cc:        <fabric@...>
Date:        03/13/2020 04:34 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels




local collections would be nice to use but the business level need to is to completely hide the txn data (ie even that it exists to other members). I did not know anonymous endorsements were viable. Have you a link? Are they completely anonymous?
 
 
 


From: "Yacov" <yacovm@...>
Sent
: 13 March 2020 10:30
To
: trevor@...
Cc
: fabric@...
Subject
: Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels

 
Sounds like what you need is local collections with anonymous endorsements.



From:        
"Trevor Lee Oakley" <trevor@...>
To:        
<fabric@...>
Date:        
03/13/2020 03:53 PM
Subject:        
[EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        
fabric@...



I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs.

Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.

Trevor



 



Re: One Org - Multiple MSPs & Channels

Trevor Lee Oakley <trevor@...>
 

local collections would be nice to use but the business level need to is to completely hide the txn data (ie even that it exists to other members). I did not know anonymous endorsements were viable. Have you a link? Are they completely anonymous?
 
 
 

From: "Yacov" <yacovm@...>
Sent: 13 March 2020 10:30
To: trevor@...
Cc: fabric@...
Subject: Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels
 
Sounds like what you need is local collections with anonymous endorsements.



From:        "Trevor Lee Oakley" <trevor@...>
To:        <fabric@...>
Date:        03/13/2020 03:53 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        fabric@...



I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs.
 
Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.
 
Trevor


 


Re: One Org - Multiple MSPs & Channels

Trevor Lee Oakley <trevor@...>
 

The network was partly designed already and that criteria of all orgs having their own peers was already incorporated into the design. 
 
I checked into multiple MSPs, OUs, and I was wondering if we can arrange the design so that channels can be shared whilst still preserving privacy - PDCs are not relevant here as even the actual relatinship between orgs is private by design.
 
Trevor
 

From: "Brett T Logan" <brett.t.logan@...>
Sent: 13 March 2020 10:23
To: trevor@...
Cc: fabric@...
Subject: Re: [Hyperledger Fabric] One Org - Multiple MSPs & Channels
 
Do your suppliers really need to operate their own Peers? If so, why? Can not you, and/or independent third parties operate the network and provide API's for your suppliers to submit data? Then you need only expose data they are entitled to via the API
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 

----- Original message -----
From: "Trevor Lee Oakley" <trevor@...>
Sent by: fabric@...
To: <fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Date: Fri, Mar 13, 2020 9:53 AM
 
I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs. 
 
Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.
 
Trevor
 
 


Re: One Org - Multiple MSPs & Channels

Yacov
 

Sounds like what you need is local collections with anonymous endorsements.



From:        "Trevor Lee Oakley" <trevor@...>
To:        <fabric@...>
Date:        03/13/2020 03:53 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Sent by:        fabric@...




I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs.
 
Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.
 
Trevor




Re: One Org - Multiple MSPs & Channels

Brett T Logan <brett.t.logan@...>
 

Do your suppliers really need to operate their own Peers? If so, why? Can not you, and/or independent third parties operate the network and provide API's for your suppliers to submit data? Then you need only expose data they are entitled to via the API
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 

----- Original message -----
From: "Trevor Lee Oakley" <trevor@...>
Sent by: fabric@...
To: <fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] One Org - Multiple MSPs & Channels
Date: Fri, Mar 13, 2020 9:53 AM
 
I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs. 
 
Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.
 
Trevor
 


One Org - Multiple MSPs & Channels

Trevor Lee Oakley <trevor@...>
 

I have a supply chain with one org which has 5,000 suppliers (orgs). We cannot allow txns to be seen at all by competing orgs, ie not even the evidence of a relationship between the orgs. 
 
Is the only solution 5,000 channels from the retailer to the suppliers - 1:5000. That does not sound that good to me.
 
Trevor


#fabric-questions #fabric #fabric-questions #fabric

neha.ghogale@...
 

Hi,

We are developing blockchain application on hyperledger fabric which consist of multiple organizations involved in the transaction and also one authorised organization which will monitor that transaction.

In the above application, A transaction is made up of two blockchain transactions. Any two organizations can involve in one transaction.That transaction has a private data(this data shouldn't be part of distributed ledger as it should get purged) which can only be accessed by organizations involved in that transaction and authorised organization. When one organization make one blockchain transaction all the other organization receives it using event and concerned organization will act on it.

After finishing development of the project. We started focusing on performance improvements. We used below things successfully to increase performance of the network.
1. Multiple workers for DLT client.
2. Reduced size of read-write set.
3. Block size tuning as per requirements
4. Optimization of code.
5. Validation pool size changes by GOMAXPROC.
 
To increase the performance further, we wanted to establish 2nd peer for every organization But we are not able to do it as we are getting an error "Block not received". We tried below things to remove the error 
1. Making changes in MAXPEERCOUNT and REQUIREDPEERCOUNT.
2. Divide peer responsibility by making only one peer endorser and another just a committer from which we will get our events. This fixed our issue but this decreased network throughput. 
We believe that adding one more peer will increase throughput of our network.

Kindly guide us. 
 


Re: Where is the blockchain stored

Brett T Logan <brett.t.logan@...>
 

The block files can be found in /var/hyperledger/production/ledgersData
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 

----- Original message -----
From: "Trevor Lee Oakley" <trevor@...>
Sent by: fabric@...
To: <fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Where is the blockchain stored
Date: Fri, Mar 13, 2020 6:36 AM
 
 
 
I want to check out what data is actually stored on the blockchain. Where is the actual blockchain file stored eg for the test-network. I tried looking for it, I found a genesis block and that was all.
 
Thanks
Trevor
 


Where is the blockchain stored

Trevor Lee Oakley <trevor@...>
 

 
 
I want to check out what data is actually stored on the blockchain. Where is the actual blockchain file stored eg for the test-network. I tried looking for it, I found a genesis block and that was all.
 
Thanks
Trevor


Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere - Fri, 03/13/2020 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere

When:
Friday, 13 March 2020
6:00am to 7:00am
(GMT+00:00) Europe/London

Where:
https://zoom.us/j/6223336701

Organizer:
a_o-dowd@... +441962816761

Description:
Documentation workgroup call.
Agenda, minutes and recordings: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


Re: Endorsement Policy Failure

email4tong@gmail.com
 

Endorsement policy is set to default when you set up your system. All application channels inherit that policy unless you change them. Then you also have chaincode endorsement policy which gets set when you instantiate your chaincode. I think that is what you were try to use. 

The default policy for 2.0 is set to “Majority”, that means if you have 2 org network, both need to endorse, if 3 org, still 2, but for 4 org, you will need 3.

Also you can look at the configtx.yaml file which should be the place where your initial policy get set.

As I suggested , if you use minifabric, how things get set will be very clear, steps can be easily repeated and tested, there is very clear path on how to get things done, vs other tools you will have to poke here and there, the sequence is chaotic , this is the reason why people always said fabric is too complex. I feel we just do not have the right tool. Minifabric is the attempt towards that direction. Once you start using it, you will learn fabric very quickly and won’t spend a lot your time tweak here or there. 

I hope that helps.




On Thursday, March 12, 2020, 3:19 PM, Tomás Peixinho <tom.peixinho@...> wrote:

Thank you, Tong, I will definitely check this out in greater detail! As for my current problem, I really don't know what I'm supposed to see here. Can you point me to the place or file or code where the endorsement policy is being defined? I don't see any configuration files where this could be defined, or even the usual docker-compose.yaml where the peers and orgs are defined... Am I missing something?

My network works correctly and I would say that I have a base understanding of how everything works (even if very superficial). My only problem now is really just getting my endorsement policies to work.

Cheers

Tom


De: email4tong@... <email4tong@...>
Enviado: quinta-feira, 12 de março de 2020 18:43
Para: Tomás Peixinho <tom.peixinho@...>
Assunto: Re: [Hyperledger Fabric] Endorsement Policy Failure
 
Tomas, since you've had quite a lot of issues, I like to take only few minutes to look at this project, https://github.com/litong01/minifabric, this project is really to help people setting up fabric either on one machine or multiple machines, and also help with learning Fabric by making create channel, join channel, installing chaincode, invoking chaincode,etc extremely simple. You can take a quick look at these two docs to get you started. You do not really need fancy environment, all it takes is an docker environment. Give it a try, it only takes few minutes to see if it works for you or not and it will never pollute your system. 


On Thursday, March 12, 2020, 1:00:18 PM EDT, Tomás Peixinho <tom.peixinho@...> wrote:


Ok, I've switched the policy to use only peers but I still don't know what I'm missing, because I still can't get it to work. Any help at all would be greatly appreciated!

Also, do I have to recreate the crypto material everytime I alter these config files (docker-compose.yml and configtx.yaml)? I'm not sure when it is that I have to do it, but since it's a pain in the ass, I'm asking just to get some guidance.

Thanks again

Tom


De: Yacov Manevich <YACOVM@...>
Enviado: quinta-feira, 12 de março de 2020 07:52
Para: Tomás Peixinho <tom.peixinho@...>
Assunto: RE: [Hyperledger Fabric] Endorsement Policy Failure
 
yes, exactly... only peers.



From:        "Tomás Peixinho" <tom.peixinho@...>
To:        Yacov Manevich <YACOVM@...>
Date:        03/12/2020 01:28 AM
Subject:        [EXTERNAL] RE:  [Hyperledger Fabric] Endorsement Policy Failure




So I should only use "peers" in the endorsement policies? I'm not really sure I understand, but still, that doesn't solve my problem. Even if I take out the "admin" roles I was using and just try the "3-of" out of the 3 peers (one of each org, if my logic is correct), it still doesn't work. I'm clearly missing something...



De: Yacov Manevich <YACOVM@...>
Enviado:
quarta-feira, 11 de março de 2020 22:56
Para:
Tomás Peixinho <tom.peixinho@...>
Assunto:
RE: [Hyperledger Fabric] Endorsement Policy Failure
 
An admin can be used in a policy, but policies can be also used to represent policies which are not endorsement policies.

So, you can't have a peer represent an admin.

Only clients can represent admins.



From:        "Tomás Peixinho" <tom.peixinho@...>
To:        Yacov Manevich <YACOVM@...>
Date:        03/12/2020 12:50 AM
Subject:        [EXTERNAL] RE:  [Hyperledger Fabric] Endorsement Policy Failure




They can't? How so? I should preface this by saying that I really don't know what I'm doing when it comes to this.

On the https://hyperledger-fabric.readthedocs.io/en/release-2.0/policies.htmlit says that there are four MSP Role Types, one of them being "admin". What does this refer to, then? When I'm defining the user context to creat a fabric client for my application and then the channel and whatever else, I define an org admin (one per org). I thought these admins were the same and they were one of the peers of the organization... I'm really confused now, can you please explain it in more detail? I would really like to understand this.

Thanks in advance

Tom





De:
Yacov Manevich <YACOVM@...>
Enviado:
quarta-feira, 11 de março de 2020 22:33
Para:
Tomás Peixinho <tom.peixinho@...>
Cc:
fabric@... <fabric@...>; hyperledger-fabric@... <hyperledger-fabric@...>
Assunto:
Re: [Hyperledger Fabric] Endorsement Policy Failure

why are you using "admin" roles in an endorsement policy? Peers cannot be admins.



From:        "Tomás Peixinho" <tom.peixinho@...>
To:        Yacov Manevich <YACOVM@...>, "hyperledger-fabric@..." <hyperledger-fabric@...>
Date:        03/12/2020 12:06 AM
Subject:        [EXTERNAL] [Hyperledger Fabric] Endorsement Policy Failure
Sent by:        fabric@...




Good evening,

a while back I asked about the endorsement policies, and after I tried to mess with them a bit, I've reached a dead end. My chaincode and application are now complete, so I finally decided to change the endorsement policy (if I don't define it, the default is "Any peer", and this would be very insecure). As a simple starting point, I was trying to have at least one peer from each org to endorse the transactions (my network has 3 orgs), so I defined the policy file as follows:

# A Shotgun policy xx
identities:  # list roles to be used in the policy
  user1: {"role": {"name": "peer", "mspId": "Org1MSP"}} # role member in org with mspid Org1MSP
  user2: {"role": {"name": "peer", "mspId": "Org2MSP"}}
  user3: {"role": {"name": "peer", "mspId": "Org3MSP"}}
  admin1: {"role": {"name": "admin", "mspId": "Org1MSP"}} # admin role.
  admin2: {"role": {"name": "admin", "mspId": "Org2MSP"}}
  admin3: {"role": {"name": "admin", "mspId": "Org3MSP"}}

policy: # the policy  .. could have been flat but show grouping.
  3-of: # signed by one of these groups  can be <n>-of  where <n> is any digit 2-of, 3-of etc..
    - 1-of:
      - signed-by: "user1" # a reference to one of the identities defined above.
      - signed-by: "admin1"
    - 1-of:
      - signed-by: "user2"
      - signed-by: "admin2"
    - 1-of:
      - signed-by: "user3"
      - signed-by: "admin3"

I used the example file that came with the java sdk (chaincodeendorsementpolicy.yaml) and updated it to do what I wanted. However, no matter what I define in this file, the policy check always fails with this message:

2020-03-11 19:22:29.527 UTC [vscc] Validate -> WARN 05a Endorsement policy failure for transaction txid=3d4051db0b3be08ae6205831f326d1e1d42e79ea97e6b89c57bcb163bd80ffaa, err: signature set did not satisfy policy
2020-03-11 19:22:29.527 UTC [committer.txvalidator] validateTx -> ERRO 05b VSCCValidateTx for transaction txId = 3d4051db0b3be08ae6205831f326d1e1d42e79ea97e6b89c57bcb163bd80ffaa returned error: VSCC error: endorsement policy failure, err: signature set did not satisfy policy
2020-03-11 19:22:29.527 UTC [committer.txvalidator] Validate -> INFO 05c [mychannel] Validated block [2] in 4ms
2020-03-11 19:22:29.527 UTC [valimpl] preprocessProtoBlock -> WARN 05d Channel [mychannel]: Block [2] Transaction index [0] TxId [3d4051db0b3be08ae6205831f326d1e1d42e79ea97e6b89c57bcb163bd80ffaa] marked as invalid by committer. Reason code [ENDORSEMENT_POLICY_FAILURE]

I thought I might have been doing something wrong with the syntax of the file, but if I change the "3-of" to "0-of", it works, so I guess that's not it. I also thought it could have been because the peers were unable to find each other, so I manually defined the anchor peers for each organization on the configtx.yaml (the port I defined for all of them was the 7051, which was the default port for the peer0-org1, not sure if this is correct or not), and I also defined the fields CORE_PEER_GOSSIP_BOOTSTRAP and CORE_PEER_GOSSIP_EXTERNALENDPOINT for each peer on the docker-compose.yml (the file which defines the network topology), but I'm also not sure of what I should define them with, so I put the "bootstrap" with the address of the anchor peer of the org, and the "external endpoint" with the same address as the peer on which I'm defining it. This final alteration was because I was getting a warning saying that since the external endpoint wasn't defined, peers were unable to see each other and I thought that might have something to do with it (if they couldn't find peers from different orgs, these weren't able to endorse the transactions and the verification would fail, just a theory).

Not sure if any of this makes sense, but since it's not working, I'm gonna go ahead and assume it doesn't. Or maybe my problem isn't even related to any of this, but in that case, I really don't know what I'm missing or doing wrong. Any help would be greatly appreciated. If I'm going about this all wrong, my purpose here was just to define my own endorsement policy, in order to make the blockchain more secure (as per Yacov's recommendation), so if someone can enlighten me on the subject, I thank you in avance.

Cheers

Tomás







3661 - 3680 of 11525