Date   

Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Yacov
 

If you have trouble opening ports between companies, you shouldn't use a Blockchain at all, since Blockchain is a decentralized peer to peer protocol.

All peer to peer communication works through the same port (7051 by default), it's not like you need to open extra ports.



From:        arnes_chuzf@...
To:        fabric@...
Date:        10/31/2019 03:27 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        fabric@...




Hi Dave,  Alexandre,  Yacov, Ivan

I think private data’s p2p connection is a real problem (partially agree with Ivan).

In some commercial scenario, we need to open firewalls for every company connecting to each other, which is a disaster for project deployment.
 
And that is not the end of story. When a new company needs to join the existing fabric network, it needs to connect to each company. Again, we need to open firewalls, not only for the one newly joining, but also for those already joined. Hard to explain to everyone why a new company joining leads to such a tremendous configuration change. You don’t know how terrible it is you get challenged by IT departments of those companies ONE BY ONE, and you have no solution.
 
Do you have solution for such issue?
 
Thank you all




Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

arnes_chuzf@...
 

Hi Dave,  Alexandre,  Yacov, Ivan

I think private data’s p2p connection is a real problem (partially agree with Ivan).

In some commercial scenario, we need to open firewalls for every company connecting to each other, which is a disaster for project deployment.
 
And that is not the end of story. When a new company needs to join the existing fabric network, it needs to connect to each company. Again, we need to open firewalls, not only for the one newly joining, but also for those already joined. Hard to explain to everyone why a new company joining leads to such a tremendous configuration change. You don’t know how terrible it is you get challenged by IT departments of those companies ONE BY ONE, and you have no solution.
 
Do you have solution for such issue? 
 
Thank you all


Docker Image Pulling - ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority #fabric #docker

soumya nayak <soumyarjnnayak@...>
 

Hi Team,

While pulling the orderer image i am getting the below issue . Any idea ?

Environment - Azure - Ubuntu VM - 16.04 LTS 

```
Pulling orderer3 (hyperledger/fabric-orderer:1.4.3)... ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority


Channel Registration Failed

White, Spencer (S.)
 

Hello,

I am getting "channel registration failed" when running peer chaincode instantiate, a similar error identified in these two JIRA issues: 
  1. https://jira.hyperledger.org/browse/FAB-14741
  2. https://jira.hyperledger.org/browse/FAB-14638
Any advice? The issues are closed. I am able to deploy a go chaincode in the network, but not a node chaincode.

Node Version: 10.15.3
NPM Version: 6.4.1
Go Version: go1.11 darwin/amd64


Spencer


Invitation to a research oriented blockchain developer conference - Genesis DevCon

Suzana Joel <suzana.joel@...>
 



Hi,

I am Suzana Joel from IBC Media. I'd like to invite you to Genesis DevCon - a blockchain developer conference on the 24th & 25th of November at NSSC, IISc, Bengaluru.

The objective of Genesis DevCon is to educate developers on recent developments in blockchain technology by bringing in some of the brilliant minds from India & across the globe.

There's a special discount for members of the Hyperledger Fabric community.
Coupon Code: GENESIS250
Buy Now
Coupon Code: GENESIS250
Buy Now
I really hope to see you at the conference.

Thanks & regards,
Suzana Joel

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This message and any files or text attached to it are intended only for the recipients named above, contain information that is confidential or privileged. If you are not an intended recipient, you must not read, copy, use or disclose this communication. Please also notify the sender by replying to this message, and then delete all copies of it from your system.


Update: Hyperledger Fabric Node/Java Chaincode/SDK Repository moves

heatherp@...
 

Morning,

Here's an update on moving the node/java chaincode/sdk repositories over to Github for code changes and Azure Pipelines for CI.
 
    Jira
fabric-sdk-java Move complete FABJ-486
fabric-gateway-java Move complete FGJ-48
fabric-sdk-node In progress FABN-1386
fabric-chaincode-java Move complete FAB-16712
fabric-chaincode-node Move complete FAB-16711
 
We are working towards moving fabric-sdk-node across this week, and we'll be in touch with the owners of open CRs in Gerrit to merge these changes, or request them to be re-opened in Githhub as pull requests. We are also in the process of cleaning up any migration issues across the other repositories (e.g. removing Jenkins files, publishing using Azure Pipelines etc) but please let us know if you have issues/spot anything related to the migration via the above jiras, which will be closed when this is complete.

We've also been working through the Jira backlog on all of these repositories to clean up old issues, close duplicates etc - please reach out to me if you need to discuss this further.
 
Thanks,
Heather

Software Engineer, IBM Blockchain
Autism Ambassador
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: Testing nodejs smart contracts without deploying to a network

Ross Tang <tangross@...>
 

Using Jest is very good option, you can easily mocking the context object of contract-api, something like.

const ctx: any = {
stub: {
createCompositeKey: jest.fn(),
deleteState: jest.fn(),
getState: jest.fn(),
putState: jest.fn(),
setEvent: jest.fn(),
getStateByPartialCompositeKey: jest.fn()
}
};
const context = {
stateList: new StateList(ctx, 'entities'),
...ctx
};

ctx.stub.createCompositeKey.mockResolvedValue('entities"en""entId""2019"');
ctx.stub.putState.mockResolvedValue(Buffer.from(''));

And, you can run unit like by directly invoke the transactions, calling the function.

describe('Chaincode Tests', () => {
it('should instantiate', async () =>
cc
.instantiate(context)
.then<any[]>((response: any) => JSON.parse(response))
.then(json =>

That save me great amount of time, in chaincode development. 

Besides, the manual mocking of Jest is very useful, to create mock database. Imagine you are using Commercial Paper example, the stateliest implementation can replaced by mocked database, in json format.

jest.mock('../ledger-api/statelist');

const context: any = {
clientIdentity: {
getMSPID: jest.fn(),
getID: jest.fn(),
getX509Certificate: jest.fn()
},

On 30 Oct 2019, at 5:17 AM, Siddharth Jain <siddjain@...> wrote:

What is the best way to test smart contracts written in nodejs using the fabric-contract-api and without having to deploy to a running network? https://github.com/wearetheledger/fabric-mock-stub seems to be geared towards smart contracts developed using the old fabric-shim API.


Testing nodejs smart contracts without deploying to a network

Siddharth Jain
 

What is the best way to test smart contracts written in nodejs using the fabric-contract-api and without having to deploy to a running network? https://github.com/wearetheledger/fabric-mock-stub seems to be geared towards smart contracts developed using the old fabric-shim API.


Re: CA Keys

Nye Liu <nye@...>
 

Out of band (ssh, scp etc) or via curl/wget http to a non-fabric public CA (e.g. letsencrypt) identified https endpoint.

On 10/29/2019 6:22 AM, Trevor Lee Oakley wrote:
If keys are generated by the CA then what is the best way to distribute these keys?
 
Thanks
Trevor


Attribute 'abac.init' was not found #fabric #fabricca #fabric-ca #fabric-chaincode #fabric-questions

suresh <tedlasuresh@...>
 

Hi all,

While Instantiating the chaincode I am getting following Error

2019-10-29 13:14:40.559 UTC [msp.identity] Sign -> DEBU 04a Sign: plaintext: 0ADE080A6708031A0C08C0F6E0ED0510...30300A000A04657363630A0476736363 
2019-10-29 13:14:40.559 UTC [msp.identity] Sign -> DEBU 04b Sign: digest: 2BEDE393711AA4E8F46F56AB235E79EDC7933B5B8FF8610C9ACFFB3B65390612 
Error: could not assemble transaction, err proposal response was not successful, error code 500, msg transaction returned with failure: Attribute 'abac.init' was not found

But I gave abac.init as true Please find below attachment

Name: admin-org0, Type: admin, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.GenCRL Value:true ECert:false} {Name:admin Value:true ECert:true} {Name:abac.init Value:true ECert:true} {Name:hf.Registrar.Roles Value:client ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.EnrollmentID Value:admin-org0 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value: ECert:true}]


Can anyone help me out regarding this issue

Thanks
Suresh





CA Keys

Trevor Lee Oakley <trevor@...>
 

If keys are generated by the CA then what is the best way to distribute these keys?
 
Thanks
Trevor


Regarding Fabric Raft Ordering Service #raft #tsc-project-update

Akshay Soni
 

I'm able to create the channel. But while joining the channel, I'm getting the error given below:

[2019-10-24 09:34:38.049] [DEBUG] Join-Channel - Join Channel R E S P O N S E : [ [ { "status": 500, "payload": { "type": "Buffer", "data": [] }, "peer": { "url": "grpcs://104.211.89.242:51018", "name": "oodjaeuen108-peer0.swap.com", "options": { "grpc.max_receive_message_length": -1, "grpc.max_send_message_length": -1, "grpc.keepalive_time_ms": 120000, "grpc.http2.min_time_between_pings_ms": 120000, "grpc.keepalive_timeout_ms": 20000, "grpc.http2.max_pings_without_data": 0, "grpc.keepalive_permit_without_calls": 1, "name": "oodjaeuen108-peer0.swap.com", "grpc.ssl_target_name_override": "oodjaeuen108-peer0.swap.com", "grpc.default_authority": "oodjaeuen108-peer0.swap.com" } }, "isProposalResponse": true } ] ] [2019-10-24 09:34:38.050] [ERROR] Join-Channel - Failed to joined peer to the channel swapchannel [2019-10-24 09:34:38.050] [ERROR] Join-Channel - Failed to join all peers to channel. cause:Failed to joined peer to the channel swapchannel


And the peer logs: 


2019-10-24 09:34:38.045 UTC [endorser] callChaincode -> INFO 022 [][b8e9f45a] Entry chaincode: name:"cscc"

2019-10-24 09:34:38.048 UTC [endorser] callChaincode -> INFO 023 [][b8e9f45a] Exit chaincode: name:"cscc"  (2ms)

2019-10-24 09:34:38.048 UTC [endorser] ProcessProposal -> ERRO 024 [][b8e9f45a] simulateProposal() resulted in chaincode name:"cscc"  response status 500 for txid: b8e9f45ab01d86a76e9f6427ec0da4fb2dc940e4f6b060a0c49c294a32efcb73

2019-10-24 09:34:38.048 UTC [comm.grpc.server] 1 -> INFO 025 unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=104.211.89.242:48362 grpc.code=OK grpc.call_duration=4.193058ms


PFA for all the configuration file along with genesis.block and channel.tx 


Re: Persisting world state

Mr.Phuwanai Thummavet
 


On Mon, Oct 28, 2019 at 11:27 PM Abhijeet Bhowmik <abhijeet@...> wrote:
Hello Everyone,

I have some confusions regarding how state ledgers  are persisted across multiple ledgers. I have an intuition that every org's peers have a copy of the ledger from where they generate read set and write set and also validate commitment of transactions to ledger. My big confusion is, who has the master copy. I mean what if one complete non endorsing peer was down for sometime and then it rejoins, from where does it syncs it's ledger since a lot must have happened in the block chain since it's shut down.


Thanks and Regards
Abhijeet Bhomwik



--
Best Regards,
Phuwanai Thummavet
Blockchain Architect and Full-Stack Developer


Re: Persisting world state

Ben Taylor
 


On Mon, Oct 28, 2019 at 9:27 AM Abhijeet Bhowmik <abhijeet@...> wrote:
Hello Everyone,

I have some confusions regarding how state ledgers  are persisted across multiple ledgers. I have an intuition that every org's peers have a copy of the ledger from where they generate read set and write set and also validate commitment of transactions to ledger. My big confusion is, who has the master copy. I mean what if one complete non endorsing peer was down for sometime and then it rejoins, from where does it syncs it's ledger since a lot must have happened in the block chain since it's shut down.


Thanks and Regards
Abhijeet Bhomwik


Persisting world state

Abhijeet Bhowmik <abhijeet@...>
 

Hello Everyone,

I have some confusions regarding how state ledgers  are persisted across multiple ledgers. I have an intuition that every org's peers have a copy of the ledger from where they generate read set and write set and also validate commitment of transactions to ledger. My big confusion is, who has the master copy. I mean what if one complete non endorsing peer was down for sometime and then it rejoins, from where does it syncs it's ledger since a lot must have happened in the block chain since it's shut down.


Thanks and Regards
Abhijeet Bhomwik


Next Hyperledger Fabric Application Developer Community call - Thursday Oct 31st @ 4pm UTC (4pm UK, 11am ET, 8am PT)

Paul O'Mahoney <mahoney@...>
 

dear Fabric Application Developer,


the next  Fabric Application Developer community call is scheduled for this  Thursday Oct 31st @ 4pm UTC (4pm UK, 11am ET, 8am PT) It lasts approx 30-60 mins FYI. Note: it is now begins one hour earlier.

The agenda will be posted here -> https://wiki.hyperledger.org/display/fabric/Meeting+Agendas%3A+Fabric+Application+Developer+Community+Call

This community call is held bi-weekly via Zoom webconference and is aimed at :

- helping the worldwide Hyperledger Fabric Application Developer community grow in their development journey (eg. developing applications, smart contracts, chaincode, developing clients, using the SDK, tutorials/demos etc - eg. whether its NodeJS, Java, Go etc etc) 
- helping app developers understand / hear more about exciting new things in Fabric, eg. features upcoming or work in progress - ie things that appeal to the developer
- to foster more interest, best practices etc in developing applications (eg developing solutions, use cases) with Hyperledger Fabric. 
- opportunity to ask questions of the Fabric team eg. you may have feedback/questions on your experiences developing solutions with Fabric
- to share stuff you've done with the community, eg sample code / sample use cases that others may be interested in

If you wish to share content on a call, just let me know via email direct or DM me on Rocketchat (ID: mahoney1) and I'll put an item on the agenda. Provide the following:
- the topic (state whether its presentation, or demo etc)
- the full name of the presenter, and 
- approx length of your pitch in minutes


The Zoom webconference ID is https://zoom.us/my/hyperledger.community   

More information can be found on the community page -> https://wiki.hyperledger.org/display/fabric/Fabric+Application+Developer+Community+Calls

You can get calendar invites (eg iCal) here

many thanks for your time - feel free to forward this email if you think it is of interest to a colleague.

Paul O'Mahony
Community Lead - Hyperledger Fabric Developer Community
RocketChat:  mahoney1

mahoney@...




Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: Hyperledger Fabric release v2.0 update

Xiang Dong Hu <huxd@...>
 

Hi Dave,
 
One quick question, does the support for " external chaincode " include support to run chaincode as a remote grpc server?
 
Hu Xiang Dong (胡香冬)
IBM Blockchain Platform development
China Systems Lab
Email: huxd@...
 
 

----- Original message -----
From: "David Enyeart" <enyeart@...>
Sent by: fabric@...
To: fabric <fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperledger Fabric release v2.0 update
Date: Fri, Oct 25, 2019 8:14 PM
 

We discussed configuration updates for Fabric peer and orderer in the last contributors meetings. See proposal at https://jira.hyperledger.org/browse/FAB-16753.

The maintainers have been discussing further - we feel it would be more valuable to get release v2.0 out to the community rather than wait for the configuration updates. Therefore we would like to prepare for a code-complete v2.0 beta release in the December timeframe, which would set the stage for a v2.0 release early next year.

The largest user-facing changes in v2.0 that we'd like to get feedback on during the beta are the new decentralized chaincode lifecycle, and support for external chaincode (documentation updates are in the works). Additionally there have been large improvements in the Fabric codebase, test suites, and CI infrastructure, that will help us deliver the next series of v2.x enhancements. The configuration updates would likely be deferred until the next major release (v3.0).

Please join us at the contributor meeting next Wednesday for additional discussion. We also plan to walk through planned updates to the Fabric samples next Wednesday. As always, topics for the contributor's meeting can be proposed on this mailing list or on RocketChat at https://chat.hyperledger.org/channel/fabric-maintainers.
Meeting details can be found at: https://wiki.hyperledger.org/display/fabric/Contributor+Meetings


Thanks,

Dave Enyeart

 


Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Ivan Ch <acizlan@...>
 

Hi jeroiraz
Oct:


:

In the example above, if peers do not have a way to validate your national ID, peers may never claim the provided or stored data is valid. This scenario is not limited to HF or Blockchain but to any procedure
there are actually quite a few ways to validate anything including national ID using ZKP or ZKP like technique (e.g. I can design my crypto to validate if the two text data encrypted by different keys are actually the same text), but you can't do anything with hashes 

Dave, Jay.
The chaincode can require that the transaction submitter include the private data in the transient field when invoking the chaincode. Any party that endorses the chaincode execution will have the private data, and it will also be disseminated to all other collection members. If the transaction submitter does not provide the private data at chaincode invocation time, they will not be able to gather sufficient endorsements, and the transaction will not be validated.
as you said "Any party that endorses the chaincode execution will have the private data". here is the dilemma , you either make the private data known  (whoever can endorse it must know your data), or allow adversaries to take advantage of it and trick others with unverifiable blockchain data.

sure, this is not a fabric problem but a methodology problem, but fabric makes it a feature for people no-so-educated-on-security to use it and use it wrong. 


Re: failed to invoke chaincode name:"lscc" , error: container exited with 254 #fabric-chaincode #fabric-questions

Nicholas Leonardi
 

Hey, 
I've had this problem before. What I did to solve it and seems bizarre is I created a new file and just simply copied and pasted the entire chaincode to the new file and used that.

Em domingo, 27 de outubro de 2019 10:26:04 BRT, praviteja@... <praviteja@...> escreveu:


I am writing  a  chaincode  in Typescript and trying to deploy on to a Custom Network with an orderer, one Peer with Couch DB and a CA. 

When i deploy the chaincode on to the peer , the following message appears.   





When the same chaincode is run in fabcar example   instantiates with no issues .


failed to invoke chaincode name:"lscc" , error: container exited with 254 #fabric-chaincode #fabric-questions

praviteja@...
 

I am writing  a  chaincode  in Typescript and trying to deploy on to a Custom Network with an orderer, one Peer with Couch DB and a CA. 

When i deploy the chaincode on to the peer , the following message appears.   





When the same chaincode is run in fabcar example   instantiates with no issues .

4381 - 4400 of 11437