|
Re: Signature Byte Isn't Valid Warning On Gossip After Addition of a New Org
#hyperledger-fabric
#configtxgen
#raft
Yacov
Ignore it, it's a transient warning.
It happens if you get a state info message signed from a node which you did not yet receive its certificate. You will eventually receive the certificate and be able to validate the signature. From: "Faisal" <mfaisaltariq@...> To: fabric@... Date: 03/24/2020 03:16 PM Subject: [EXTERNAL] [Hyperledger Fabric] Signature Byte Isn't Valid Warning On Gossip After Addition of a New Org #hyperledger-fabric #configtxgen #raft Sent by: fabric@... Environment HLF (1.4.2) # Copyright IBM Corp. All Rights Reserved.
# Copyright IBM Corp. All Rights Reserved.
cryptogen generate --config=./crypto-config.yaml
configtxgen -printOrg SFDAMSP > ./SFDA.json
```
peer channel signconfigtx -f update-block-env.pb
peer channel update -f update-block-env.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
|
|||||||||||||||
|
|
|||||||||||||||
|
Signature Byte Isn't Valid Warning On Gossip After Addition of a New Org
#hyperledger-fabric
#configtxgen
#raft
Faisal
EnvironmentHLF (1.4.2) # Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
- &SFDA
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: SFDAMSP
# ID to load the MSP definition as
ID: SFDAMSP
MSPDir: crypto-config/peerOrganizations/sfda.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('SFDAMSP.admin', 'SFDAMSP.peer', 'SFDAMSP.client')"
Writers:
Type: Signature
Rule: "OR('SFDAMSP.admin', 'SFDAMSP.client')"
Admins:
Type: Signature
Rule: "OR('SFDAMSP.admin')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.sfda.example.com
Port: 7051
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org3
# ---------------------------------------------------------------------------
- Name: SFDA
Domain: sfda.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
cryptogen generate --config=./crypto-config.yaml
configtxgen -printOrg SFDAMSP > ./SFDA.json
```
peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config >config.json
```
Append the configuration of the new org in **SFDA.json** file into the **config.json** file. Change the file name and MSP in the below command accordingly.
```
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"SFDAMSP":.[1]}}}}}' config.json ./SFDA.json > modified_config.json
```
Verify that the file has been updated
```
diff config.json modified_config.json
```
Package updated configuration into a block and then create a block that is delta of the old and new configuration
```
# Pack config again, create a delta of new and old config
configtxlator proto_encode --input config.json --type common.Config >original_config.pb
configtxlator proto_encode --input modified_config.json --type common.Config >modified_config.pb
configtxlator compute_update --channel_id $CHANNEL_NAME --original original_config.pb --updated modified_config.pb >config_update.pb
```
Convert the Delta Block **config_update.pb** block to JSON again, append the header to it and create a package again. Modify the channel name in the second command accordingly
```
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >update-block-env.pb
```
peer channel signconfigtx -f update-block-env.pb
peer channel update -f update-block-env.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
|
|||||||||||||||
|
|
|||||||||||||||
|
Unable to revoke a certificate
#fabric
#hyperledger-fabric
#fabric-sdk-node
p.kamesh.cse@...
We could revoke an user successfully. But, unable to update the channel with crl details. We are getting below error
Unexpected error error applying config update to existing channel 'trusttrace': initializing channelconfig failed: could not create channel Application sub-group config: setting up the MSP manager failed: admin 0 is invalid: could not validate identity against certification chain: The certificate has been revoked We have followed below standard steps to revoke an user certificate by using node.js fabric library, 1) revoke an user by serial, AKI for a given certificate
caClient.generateCRL({}, adminUser)3) fetching the channelconfig and updating the config with crl 4) computing delta w.r.t modified changes and signing the same with org admin / registrar and updating the channel |
|||||||||||||||
|
|
|||||||||||||||
|
Re: Does Hyperledger Fabric support RSA key?
#hyperledger-fabric
#fabric-ca
Fabric supports ECDSA for signature currently. There're several non-official work to let it support other crypto standards. For chaincode/client encryption, you can choose whatever type. On Mon, Mar 23, 2020 at 12:23 PM Matthew Sykes <matthew.sykes@...> wrote:
--
Best wishes! Baohua Yang |
|||||||||||||||
|
|
|||||||||||||||
|
Re: Does Hyperledger Fabric support RSA key?
#hyperledger-fabric
#fabric-ca
Matthew Sykes
> I then wonder why latest fabric-ca user guide mentions about supporting RSA?
Because fabric-ca supports the management of certificates using RSA; you just can't use them with Fabric. |
|||||||||||||||
|
|
|||||||||||||||
|
Re: [EXTERNAL] Re: [Hyperledger Fabric] Doubt in representation of Relational Data on Blockchain
Hi Ameya, You might have to read about No-SQL databases. And to answer your question, Yes, there can be multiple assets created and they can be differentiated in a no-sql database using a "DocType" field. Each asset can have their own unique identifiers and using that ID, they can be linked between multiple assets. It will be your job as a developer to fetch linked assets though. Eg: You can have something like: Coffee_Pack { DocType: "Coffee" ID: CP_001 Weight: 1 Kg ... .. } Transport_Package { DocType: "Transportation" ID: T_001 CoffeePacks: [CP_001, CP_002, CP_003 ....] Status: "In-Transit" ... } When you want to query a list of all coffee packets present in a transport package, you can: 1. Get Transport package with ID T_001 2. Loop through CofeePacks field and get the Coffee_Packs using ID. 3. Return. With couch db, you can also perform rich queries, using that you can also get Coffee_Packs or Transport_Packages using fields other than ID. For example, If you want a list of all Transport_Packages, you can query using "DocType" field. Since all Transport_Packages will have same DocType, you get what you want, and that's how DocType separates multiple assets in a no-sql database. You can also consider DocType similar to Table Name in relational databses, and every new object created for an asset can be considered as a new row being added to the table with tablename as mentioned in DocType field. - Prasanth On Mon, 23 Mar 2020, 8:18 pm Ameya Sinha via Lists.Hyperledger.Org, <t-amsi=microsoft.com@...> wrote:
|
|||||||||||||||
|
|
|||||||||||||||
|
Re: Doubt in representation of Relational Data on Blockchain
Brett T Logan <brett.t.logan@...>
Generally you implement some other standard. In particular the global supply chain standard is GS1. Items have what is called a GTIN identifying their category specific to your company and serial numbers. GS1 likewise has an event called transformation. Your transformation event removes the bean from the chain and converts it to a packet. Just as converting a packet into case and a case into a pallet is an aggregation event. And then you have an aggregation event that does the reverse, converts the pallet back into cases.
The GS1 data standard also has a field for recording what items are part of these aggregations. So you can see that a pallet contains these cases with SN and GTIN's. Then when someone breaks the pallet down, and scans the cases, you have systems for recording this in the blockchain and then you can verify whether all of the cases that went into the pallet still existed when the pallet was broken down, and then packets in the case.
All of this data, its transformations, aggregations, and parent-child relationships are represented in simple standards like JSON and XML in GS1.
----- Original message ----- |
|||||||||||||||
|
|
|||||||||||||||
|
Re: [EXTERNAL] Re: [Hyperledger Fabric] Doubt in representation of Relational Data on Blockchain
Ameya Sinha <t-amsi@...>
Hi David,
Thanks for the reply, it helped clear one aspect of my doubt. I have one more thing to ask now though.
So I’ve been reading about how Blockchain solutions are implemented in Supply Chain, and I was thinking that they would represent the data in a relational way. As a lot of the solutions I’ve read use Hyperledger Fabric do these solutions represent data in key-value pair?
How do they deal with combination of items then? As in suppose, there’s a coffee tracking system which tracks the coffee beans, when the beans combine to form a packet how does that representation play in our database?
Thanks for your help, Ameya Sinha.
From: David Enyeart <enyeart@...>
The current Fabric transaction manager supports key/value data only. If you want semi-structured data, you can utilize JSON as the value and leverage CouchDB state database for JSON queries.
|
|||||||||||||||
|
|
|||||||||||||||
|
Re: Error while Approving chaincode for ORG.
Adhav Pavan
Hi Nikhil,
I confirmed one more time, I am sure, I am using the correct MSP ID for each organization. Thank you for your reply.
Please excuse my brevity. On Mon, Mar 23, 2020 at 6:38 PM Nikhil E Gupta <negupta@...> wrote: Maybe check the MSP ID? you could be using the wrong environment variables for the ORG? |
|||||||||||||||
|
|
|||||||||||||||
|
Re: Doubt in representation of Relational Data on Blockchain
David Enyeart
The current Fabric transaction manager supports key/value data only. If you want semi-structured data, you can utilize JSON as the value and leverage CouchDB state database for JSON queries. Hi All, I was wondering how would be represent data that is intrinsically relational in nature on a Blockchain like Hyperledger Fabric. Do we normalize the data and the represent each part of it as an asset on Hyperledger? How would joins and queries work in that case? Thanks, Ameya Sinha.
|
|||||||||||||||
|
|
|||||||||||||||
|
Re: The problem of tampered value in blockfile going to other peers
#fabric
David Enyeart
See answers to the same questions in prior thread https://lists.hyperledger.org/g/fabric/message/4896. Hi, anyone can help me solve this problem? Basic info: a channel with 2 organizations A and B, the policy is OR ( A, B). each has only 1 peer. Tamper process: I changed the value from 1,000,000 to 1,500,000 in blockfile_000000 by using vi tool in A organization. Hashcode and data should unmatch of course.  and couch db  Then the tampered value shown in client web app.  That is OK. but the client application of A organization still worked well and proposed and committed 1,500,000 to B organization. In B organization, the value was changed to 1,500,000. After that, when another new transaction created by B organization, peer of A organization came error. But the big problem is , even I recovered the peer of A organization by re-join the channel. The tampered value 1,500,000 was still there in both A and B organization. My question is. 1. Why client app can still proposed and committed transaction even when hash and data unmatches? 2. Any ways to avoid new transaction committed, when the value was tampered? |
|||||||||||||||
|
|
|||||||||||||||
|
Re: Does Hyperledger Fabric support RSA key?
#hyperledger-fabric
#fabric-ca
shrugupt@...
Thank you Matthew for answering the query.
I then wonder why latest fabric-ca user guide mentions about supporting RSA? I also had same understanding that Hyperledger fabric does not support RSA algorithm but got confuse after reading latest fabric-ca user guide. Not sure if it is mentioned with some purpose in latest user guide or it is a discrepancy in documentation?
Thanks,
Shruti Gupta
|
|||||||||||||||
|
|
|||||||||||||||
|
Doubt in representation of Relational Data on Blockchain
Ameya Sinha <t-amsi@...>
Hi All,
I was wondering how would be represent data that is intrinsically relational in nature on a Blockchain like Hyperledger Fabric. Do we normalize the data and the represent each part of it as an asset on Hyperledger? How would joins and queries work in that case?
Thanks, Ameya Sinha. |
|||||||||||||||
|
|
|||||||||||||||
|
The problem of tampered value in blockfile going to other peers
#fabric
Lei Zhao
Hi, anyone can help me solve this problem?
Basic info: a channel with 2 organizations A and B, the policy is OR ( A, B). each has only 1 peer. Tamper process: I changed the value from 1,000,000 to 1,500,000 in blockfile_000000 by using vi tool in A organization. Hashcode and data should unmatch of course.  and couch db  Then the tampered value shown in client web app.  That is OK. but the client application of A organization still worked well and proposed and committed 1,500,000 to B organization. In B organization, the value was changed to 1,500,000. After that, when another new transaction created by B organization, peer of A organization came error. But the big problem is , even I recovered the peer of A organization by re-join the channel. The tampered value 1,500,000 was still there in both A and B organization. My question is. 1. Why client app can still proposed and committed transaction even when hash and data unmatches? 2. Any ways to avoid new transaction committed, when the value was tampered? |
|||||||||||||||
|
|
|||||||||||||||
|
RAFT based orderer crash
#fabric-orderer
#raft
#fabric
mariya.k@...
Hi I successfully deployed orderer and 3 raft node part of network(kubernate based cluster) and dont see any error. But below error after I restart just orderer node (orderer + raft0, raft1,raft2 raft3) I could delete all nodes and deploy again, but if any reason in production orderer node restarted (kubernate deployment) dont see any way to recover without shutdown and restart channel=e2e-orderer-syschan node=1 panic: tocommit(6) is out of range [lastIndex(5)]. Was the raft log corrupted, truncated, or lost? goroutine 130 [running]: Mariya ------------------------------ Version: 2.0.1 Commit SHA: 1cfa5da Go version: go1.13.4 OS/Arch: linux/amd64
Error:
|
|||||||||||||||
|
|
|||||||||||||||
|
Re: Error while Approving chaincode for ORG.
Adhav Pavan
Hello David,
Thank you so much for the quick reply. I have checked the peer signed certificate and it has OU as a peer. Subject: C = US, ST = California, L = San Francisco, OU = peer, CN = peer0.org1.example.com The weird thing is, it worked previously and suddenly started giving the mentioned error. Thank you.
Please excuse my brevity. On Sun, Mar 22, 2020 at 2:12 AM David Enyeart <enyeart@...> wrote:
|
|||||||||||||||
|
|
|||||||||||||||
|
Re: Error while Approving chaincode for ORG.
David Enyeart
Make sure your peer certificate has "OU=peer" in the Subject. Hello Experts, I am creating a network using fabric 2.0. As per the new lifecycle method, I am following as mentioned in the test-network. I have 2 Org having 2 peers in each, not using CLI. Steps: 1) Channel Artifacts Creation (Genesis Block, Channel.tx) 2) Channel Creation 3) Deploying Chaincode
Here is the command
-o localhost:7050 \ --ordererTLSHostnameOverride orderer.example.com \ --tls $CORE_PEER_TLS_ENABLED \ --cafile $ORDERER_CA \ --channelID $CHANNEL_NAME \ --name fabcar \ --version ${VERSION} \ --init-required \ --package-id ${PACKAGE_ID} \ --sequence ${VERSION} Environmental Variables:
CC_RUNTIME_LANGUAGE="golang" VERSION="1" CC_SRC_PATH="./artifacts/src/github.com/fabcar/go/" export CORE_PEER_TLS_ENABLED=true export ORDERER_CA=${PWD}/artifacts/channel/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem export PEER0_ORG1_CA=${PWD}/artifacts/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export FABRIC_CFG_PATH=${PWD}/artifacts/channel/config/ export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/artifacts/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@.../msp export CORE_PEER_ADDRESS=localhost:7051 Getting the following error: Peer log: VSCC error: stateBasedValidator.Validate failed, err validation of endorsement policy for collection _implicit_org_Org1MSP chaincode _lifecycle in tx 5:0 failed: signature set did not satisfy the policy Just above this error, getting following [cauthdsl] func2 -> DEBU 197cf 0xc0037051e0 identity 0 does not satisfy principal: The identity is not a [PEER] under this MSP [Org1MSP]: The identity does not contain OU [PEER], MSP: [Org1MSP]. Default Policy: LifecycleEndorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Endorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Please correct me If I am mistaken somewhere. I am following test-network. Let me know for more network information. Thank you so much for your help.
Please excuse my brevity. |
|||||||||||||||
|
|
|||||||||||||||
|
Error while Approving chaincode for ORG.
Adhav Pavan
Hello Experts,
I am creating a network using fabric 2.0. As per the new lifecycle method, I am following as mentioned in the test-network. I have 2 Org having 2 peers in each, not using CLI. Steps: 1) Channel Artifacts Creation (Genesis Block, Channel.tx) 2) Channel Creation 3) Deploying Chaincode
I am getting an error while approving for my organization. Here is the command peer lifecycle chaincode approveformyorg \ Environmental Variables: CHANNEL_NAME="mychannel" export FABRIC_CFG_PATH=${PWD}/artifacts/channel/config/ export CORE_PEER_MSPCONFIGPATH=${PWD}/artifacts/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@.../msp export CORE_PEER_ADDRESS=localhost:7051 Getting the following error: Peer log: VSCC error: stateBasedValidator.Validate failed, err validation of endorsement policy for collection _implicit_org_Org1MSP chaincode _lifecycle in tx 5:0 failed: signature set did not satisfy the policy Just above this error, getting following [cauthdsl] func2 -> DEBU 197cf 0xc0037051e0 identity 0 does not satisfy principal: The identity is not a [PEER] under this MSP [Org1MSP]: The identity does not contain OU [PEER], MSP: [Org1MSP]. Default Policy: LifecycleEndorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Endorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Please correct me If I am mistaken somewhere. I am following test-network. Let me know for more network information. Thank you so much for your help.
Please excuse my brevity. |
|||||||||||||||
|
|
|||||||||||||||
|
Re: Does Hyperledger Fabric support RSA key?
#hyperledger-fabric
#fabric-ca
Matthew Sykes
Fabric does not support RSA keys.
On Fri, Mar 20, 2020 at 10:56 AM shrugupt via Lists.Hyperledger.Org <shrugupt=microsoft.com@...> wrote: Hi,
--
Matthew Sykes
matthew.sykes@... |
|||||||||||||||
|
|
|||||||||||||||
|
Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 03/20/2020
#cal-notice
fabric@lists.hyperledger.org Calendar <noreply@...>
Hyperledger Fabric Documentation Workgroup call - Western hemisphere When: Where: Organizer: Description: |
|||||||||||||||
|
|
"Adhav Pavan" ---03/21/2020 11:22:11 AM---Hello Experts, I am creating a network using fabric 2.0.
"Ameya Sinha via Lists.Hyperledger.Org" ---03/23/2020 12:58:04 AM---Hi All, I was wondering how would be represent data that is intrinsically relational i
"Lei Zhao" ---03/23/2020 12:01:34 AM---Hi, anyone can help me solve this problem? Basic info: a channel with 2 organizations A and B, the p
"Adhav Pavan" ---03/21/2020 11:22:11 AM---Hello Experts, I am creating a network using fabric 2.0.
"Adhav Pavan" ---03/21/2020 11:22:11 AM---Hello Experts, I am creating a network using fabric 2.0.