Date   

Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Nye Liu <nye@...>
 

I had this issue as well with k8s.

k8s is a disaster for p2p protocols, it is a very bad match. Great for monolithic microservice stacks, not much else.

On 10/31/2019 7:20 AM, email4tong@... wrote:

Yacov,
  When get stuff running on k8s and behind load balancer or proxy, you do not get chance to use port 7051. As a matter of fact, on k8s in majority of cases your port wont be 7051, that does not mean other ports are not open. Just saying that we should not assume that it will be always port 7051.

On Thursday, October 31, 2019, 9:33:59 AM EDT, Yacov <yacovm@...> wrote:


If you have trouble opening ports between companies, you shouldn't use a Blockchain at all, since Blockchain is a decentralized peer to peer protocol.

All peer to peer communication works through the same port (7051 by default), it's not like you need to open extra ports.



From:        arnes_chuzf@...
To:        fabric@...
Date:        10/31/2019 03:27 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        fabric@...




Hi Dave,  Alexandre,  Yacov, Ivan

I think private data’s p2p connection is a real problem (partially agree with Ivan).

In some commercial scenario, we need to open firewalls for every company connecting to each other, which is a disaster for project deployment.
 
And that is not the end of story. When a new company needs to join the existing fabric network, it needs to connect to each company. Again, we need to open firewalls, not only for the one newly joining, but also for those already joined. Hard to explain to everyone why a new company joining leads to such a tremendous configuration change. You don’t know how terrible it is you get challenged by IT departments of those companies ONE BY ONE, and you have no solution.
 
Do you have solution for such issue?
 
Thank you all




Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Yacov
 

My point with 7051 was merely to say that there is only a single port that you need to map via a port forwarding rule in a firewall, not several.




From:        "email4tong@..." <email4tong@...>
To:        
Cc:        fabric@...
Date:        10/31/2019 04:21 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        fabric@...




Yacov,
  When get stuff running on k8s and behind load balancer or proxy, you do not get chance to use port 7051. As a matter of fact, on k8s in majority of cases your port wont be 7051, that does not mean other ports are not open. Just saying that we should not assume that it will be always port 7051.

On Thursday, October 31, 2019, 9:33:59 AM EDT, Yacov <yacovm@...> wrote:


If you have trouble opening ports between companies, you shouldn't use a Blockchain at all, since Blockchain is a decentralized peer to peer protocol.

All peer to peer communication works through the same port (7051 by default), it's not like you need to open extra ports.




From:        
arnes_chuzf@...
To:        
fabric@...
Date:        
10/31/2019 03:27 PM
Subject:        
[EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        
fabric@...




Hi Dave,  Alexandre,  Yacov, Ivan


I think private data’s p2p connection is a real problem (partially agree with Ivan).

In some commercial scenario, we need to open firewalls for every company connecting to each other, which is a disaster for project deployment.

And that is not the end of story. When a new company needs to join the existing fabric network, it needs to connect to each company. Again, we need to open firewalls, not only for the one newly joining, but also for those already joined. Hard to explain to everyone why a new company joining leads to such a tremendous configuration change. You don’t know how terrible it is you get challenged by IT departments of those companies ONE BY ONE, and you have no solution.

Do you have solution for such issue?

Thank you all








Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

email4tong@gmail.com
 

Yacov,
  When get stuff running on k8s and behind load balancer or proxy, you do not get chance to use port 7051. As a matter of fact, on k8s in majority of cases your port wont be 7051, that does not mean other ports are not open. Just saying that we should not assume that it will be always port 7051.

On Thursday, October 31, 2019, 9:33:59 AM EDT, Yacov <yacovm@...> wrote:


If you have trouble opening ports between companies, you shouldn't use a Blockchain at all, since Blockchain is a decentralized peer to peer protocol.

All peer to peer communication works through the same port (7051 by default), it's not like you need to open extra ports.



From:        arnes_chuzf@...
To:        fabric@...
Date:        10/31/2019 03:27 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        fabric@...




Hi Dave,  Alexandre,  Yacov, Ivan

I think private data’s p2p connection is a real problem (partially agree with Ivan).

In some commercial scenario, we need to open firewalls for every company connecting to each other, which is a disaster for project deployment.
 
And that is not the end of story. When a new company needs to join the existing fabric network, it needs to connect to each company. Again, we need to open firewalls, not only for the one newly joining, but also for those already joined. Hard to explain to everyone why a new company joining leads to such a tremendous configuration change. You don’t know how terrible it is you get challenged by IT departments of those companies ONE BY ONE, and you have no solution.
 
Do you have solution for such issue?
 
Thank you all




Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Yacov
 

If you have trouble opening ports between companies, you shouldn't use a Blockchain at all, since Blockchain is a decentralized peer to peer protocol.

All peer to peer communication works through the same port (7051 by default), it's not like you need to open extra ports.



From:        arnes_chuzf@...
To:        fabric@...
Date:        10/31/2019 03:27 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        fabric@...




Hi Dave,  Alexandre,  Yacov, Ivan

I think private data’s p2p connection is a real problem (partially agree with Ivan).

In some commercial scenario, we need to open firewalls for every company connecting to each other, which is a disaster for project deployment.
 
And that is not the end of story. When a new company needs to join the existing fabric network, it needs to connect to each company. Again, we need to open firewalls, not only for the one newly joining, but also for those already joined. Hard to explain to everyone why a new company joining leads to such a tremendous configuration change. You don’t know how terrible it is you get challenged by IT departments of those companies ONE BY ONE, and you have no solution.
 
Do you have solution for such issue?
 
Thank you all




Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

arnes_chuzf@...
 

Hi Dave,  Alexandre,  Yacov, Ivan

I think private data’s p2p connection is a real problem (partially agree with Ivan).

In some commercial scenario, we need to open firewalls for every company connecting to each other, which is a disaster for project deployment.
 
And that is not the end of story. When a new company needs to join the existing fabric network, it needs to connect to each company. Again, we need to open firewalls, not only for the one newly joining, but also for those already joined. Hard to explain to everyone why a new company joining leads to such a tremendous configuration change. You don’t know how terrible it is you get challenged by IT departments of those companies ONE BY ONE, and you have no solution.
 
Do you have solution for such issue? 
 
Thank you all


Docker Image Pulling - ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority #fabric #docker

soumya nayak <soumyarjnnayak@...>
 

Hi Team,

While pulling the orderer image i am getting the below issue . Any idea ?

Environment - Azure - Ubuntu VM - 16.04 LTS 

```
Pulling orderer3 (hyperledger/fabric-orderer:1.4.3)... ERROR: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority


Channel Registration Failed

White, Spencer (S.)
 

Hello,

I am getting "channel registration failed" when running peer chaincode instantiate, a similar error identified in these two JIRA issues: 
  1. https://jira.hyperledger.org/browse/FAB-14741
  2. https://jira.hyperledger.org/browse/FAB-14638
Any advice? The issues are closed. I am able to deploy a go chaincode in the network, but not a node chaincode.

Node Version: 10.15.3
NPM Version: 6.4.1
Go Version: go1.11 darwin/amd64


Spencer


Invitation to a research oriented blockchain developer conference - Genesis DevCon

Suzana Joel <suzana.joel@...>
 



Hi,

I am Suzana Joel from IBC Media. I'd like to invite you to Genesis DevCon - a blockchain developer conference on the 24th & 25th of November at NSSC, IISc, Bengaluru.

The objective of Genesis DevCon is to educate developers on recent developments in blockchain technology by bringing in some of the brilliant minds from India & across the globe.

There's a special discount for members of the Hyperledger Fabric community.
Coupon Code: GENESIS250
Buy Now
Coupon Code: GENESIS250
Buy Now
I really hope to see you at the conference.

Thanks & regards,
Suzana Joel

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This message and any files or text attached to it are intended only for the recipients named above, contain information that is confidential or privileged. If you are not an intended recipient, you must not read, copy, use or disclose this communication. Please also notify the sender by replying to this message, and then delete all copies of it from your system.


Update: Hyperledger Fabric Node/Java Chaincode/SDK Repository moves

heatherp@...
 

Morning,

Here's an update on moving the node/java chaincode/sdk repositories over to Github for code changes and Azure Pipelines for CI.
 
    Jira
fabric-sdk-java Move complete FABJ-486
fabric-gateway-java Move complete FGJ-48
fabric-sdk-node In progress FABN-1386
fabric-chaincode-java Move complete FAB-16712
fabric-chaincode-node Move complete FAB-16711
 
We are working towards moving fabric-sdk-node across this week, and we'll be in touch with the owners of open CRs in Gerrit to merge these changes, or request them to be re-opened in Githhub as pull requests. We are also in the process of cleaning up any migration issues across the other repositories (e.g. removing Jenkins files, publishing using Azure Pipelines etc) but please let us know if you have issues/spot anything related to the migration via the above jiras, which will be closed when this is complete.

We've also been working through the Jira backlog on all of these repositories to clean up old issues, close duplicates etc - please reach out to me if you need to discuss this further.
 
Thanks,
Heather

Software Engineer, IBM Blockchain
Autism Ambassador
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: Testing nodejs smart contracts without deploying to a network

Ross Tang <tangross@...>
 

Using Jest is very good option, you can easily mocking the context object of contract-api, something like.

const ctx: any = {
stub: {
createCompositeKey: jest.fn(),
deleteState: jest.fn(),
getState: jest.fn(),
putState: jest.fn(),
setEvent: jest.fn(),
getStateByPartialCompositeKey: jest.fn()
}
};
const context = {
stateList: new StateList(ctx, 'entities'),
...ctx
};

ctx.stub.createCompositeKey.mockResolvedValue('entities"en""entId""2019"');
ctx.stub.putState.mockResolvedValue(Buffer.from(''));

And, you can run unit like by directly invoke the transactions, calling the function.

describe('Chaincode Tests', () => {
it('should instantiate', async () =>
cc
.instantiate(context)
.then<any[]>((response: any) => JSON.parse(response))
.then(json =>

That save me great amount of time, in chaincode development. 

Besides, the manual mocking of Jest is very useful, to create mock database. Imagine you are using Commercial Paper example, the stateliest implementation can replaced by mocked database, in json format.

jest.mock('../ledger-api/statelist');

const context: any = {
clientIdentity: {
getMSPID: jest.fn(),
getID: jest.fn(),
getX509Certificate: jest.fn()
},

On 30 Oct 2019, at 5:17 AM, Siddharth Jain <siddjain@...> wrote:

What is the best way to test smart contracts written in nodejs using the fabric-contract-api and without having to deploy to a running network? https://github.com/wearetheledger/fabric-mock-stub seems to be geared towards smart contracts developed using the old fabric-shim API.


Testing nodejs smart contracts without deploying to a network

Siddharth Jain
 

What is the best way to test smart contracts written in nodejs using the fabric-contract-api and without having to deploy to a running network? https://github.com/wearetheledger/fabric-mock-stub seems to be geared towards smart contracts developed using the old fabric-shim API.


Re: CA Keys

Nye Liu <nye@...>
 

Out of band (ssh, scp etc) or via curl/wget http to a non-fabric public CA (e.g. letsencrypt) identified https endpoint.

On 10/29/2019 6:22 AM, Trevor Lee Oakley wrote:

If keys are generated by the CA then what is the best way to distribute these keys?
 
Thanks
Trevor


Attribute 'abac.init' was not found #fabric #fabricca #fabric-ca #fabric-chaincode #fabric-questions

suresh <tedlasuresh@...>
 

Hi all,

While Instantiating the chaincode I am getting following Error

2019-10-29 13:14:40.559 UTC [msp.identity] Sign -> DEBU 04a Sign: plaintext: 0ADE080A6708031A0C08C0F6E0ED0510...30300A000A04657363630A0476736363 
2019-10-29 13:14:40.559 UTC [msp.identity] Sign -> DEBU 04b Sign: digest: 2BEDE393711AA4E8F46F56AB235E79EDC7933B5B8FF8610C9ACFFB3B65390612 
Error: could not assemble transaction, err proposal response was not successful, error code 500, msg transaction returned with failure: Attribute 'abac.init' was not found

But I gave abac.init as true Please find below attachment

Name: admin-org0, Type: admin, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.GenCRL Value:true ECert:false} {Name:admin Value:true ECert:true} {Name:abac.init Value:true ECert:true} {Name:hf.Registrar.Roles Value:client ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.EnrollmentID Value:admin-org0 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value: ECert:true}]


Can anyone help me out regarding this issue

Thanks
Suresh





CA Keys

Trevor Lee Oakley <trevor@...>
 

If keys are generated by the CA then what is the best way to distribute these keys?
 
Thanks
Trevor


Regarding Fabric Raft Ordering Service #raft #tsc-project-update

Akshay Soni
 

I'm able to create the channel. But while joining the channel, I'm getting the error given below:

[2019-10-24 09:34:38.049] [DEBUG] Join-Channel - Join Channel R E S P O N S E : [ [ { "status": 500, "payload": { "type": "Buffer", "data": [] }, "peer": { "url": "grpcs://104.211.89.242:51018", "name": "oodjaeuen108-peer0.swap.com", "options": { "grpc.max_receive_message_length": -1, "grpc.max_send_message_length": -1, "grpc.keepalive_time_ms": 120000, "grpc.http2.min_time_between_pings_ms": 120000, "grpc.keepalive_timeout_ms": 20000, "grpc.http2.max_pings_without_data": 0, "grpc.keepalive_permit_without_calls": 1, "name": "oodjaeuen108-peer0.swap.com", "grpc.ssl_target_name_override": "oodjaeuen108-peer0.swap.com", "grpc.default_authority": "oodjaeuen108-peer0.swap.com" } }, "isProposalResponse": true } ] ] [2019-10-24 09:34:38.050] [ERROR] Join-Channel - Failed to joined peer to the channel swapchannel [2019-10-24 09:34:38.050] [ERROR] Join-Channel - Failed to join all peers to channel. cause:Failed to joined peer to the channel swapchannel


And the peer logs: 


2019-10-24 09:34:38.045 UTC [endorser] callChaincode -> INFO 022 [][b8e9f45a] Entry chaincode: name:"cscc"

2019-10-24 09:34:38.048 UTC [endorser] callChaincode -> INFO 023 [][b8e9f45a] Exit chaincode: name:"cscc"  (2ms)

2019-10-24 09:34:38.048 UTC [endorser] ProcessProposal -> ERRO 024 [][b8e9f45a] simulateProposal() resulted in chaincode name:"cscc"  response status 500 for txid: b8e9f45ab01d86a76e9f6427ec0da4fb2dc940e4f6b060a0c49c294a32efcb73

2019-10-24 09:34:38.048 UTC [comm.grpc.server] 1 -> INFO 025 unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=104.211.89.242:48362 grpc.code=OK grpc.call_duration=4.193058ms


PFA for all the configuration file along with genesis.block and channel.tx 


Re: Persisting world state

Mr.Phuwanai Thummavet
 


On Mon, Oct 28, 2019 at 11:27 PM Abhijeet Bhowmik <abhijeet@...> wrote:
Hello Everyone,

I have some confusions regarding how state ledgers  are persisted across multiple ledgers. I have an intuition that every org's peers have a copy of the ledger from where they generate read set and write set and also validate commitment of transactions to ledger. My big confusion is, who has the master copy. I mean what if one complete non endorsing peer was down for sometime and then it rejoins, from where does it syncs it's ledger since a lot must have happened in the block chain since it's shut down.


Thanks and Regards
Abhijeet Bhomwik



--
Best Regards,
Phuwanai Thummavet
Blockchain Architect and Full-Stack Developer


Re: Persisting world state

Ben Taylor
 


On Mon, Oct 28, 2019 at 9:27 AM Abhijeet Bhowmik <abhijeet@...> wrote:
Hello Everyone,

I have some confusions regarding how state ledgers  are persisted across multiple ledgers. I have an intuition that every org's peers have a copy of the ledger from where they generate read set and write set and also validate commitment of transactions to ledger. My big confusion is, who has the master copy. I mean what if one complete non endorsing peer was down for sometime and then it rejoins, from where does it syncs it's ledger since a lot must have happened in the block chain since it's shut down.


Thanks and Regards
Abhijeet Bhomwik


Persisting world state

Abhijeet Bhowmik <abhijeet@...>
 

Hello Everyone,

I have some confusions regarding how state ledgers  are persisted across multiple ledgers. I have an intuition that every org's peers have a copy of the ledger from where they generate read set and write set and also validate commitment of transactions to ledger. My big confusion is, who has the master copy. I mean what if one complete non endorsing peer was down for sometime and then it rejoins, from where does it syncs it's ledger since a lot must have happened in the block chain since it's shut down.


Thanks and Regards
Abhijeet Bhomwik


Next Hyperledger Fabric Application Developer Community call - Thursday Oct 31st @ 4pm UTC (4pm UK, 11am ET, 8am PT)

Paul O'Mahoney <mahoney@...>
 

dear Fabric Application Developer,


the next  Fabric Application Developer community call is scheduled for this  Thursday Oct 31st @ 4pm UTC (4pm UK, 11am ET, 8am PT) It lasts approx 30-60 mins FYI. Note: it is now begins one hour earlier.

The agenda will be posted here -> https://wiki.hyperledger.org/display/fabric/Meeting+Agendas%3A+Fabric+Application+Developer+Community+Call

This community call is held bi-weekly via Zoom webconference and is aimed at :

- helping the worldwide Hyperledger Fabric Application Developer community grow in their development journey (eg. developing applications, smart contracts, chaincode, developing clients, using the SDK, tutorials/demos etc - eg. whether its NodeJS, Java, Go etc etc) 
- helping app developers understand / hear more about exciting new things in Fabric, eg. features upcoming or work in progress - ie things that appeal to the developer
- to foster more interest, best practices etc in developing applications (eg developing solutions, use cases) with Hyperledger Fabric. 
- opportunity to ask questions of the Fabric team eg. you may have feedback/questions on your experiences developing solutions with Fabric
- to share stuff you've done with the community, eg sample code / sample use cases that others may be interested in

If you wish to share content on a call, just let me know via email direct or DM me on Rocketchat (ID: mahoney1) and I'll put an item on the agenda. Provide the following:
- the topic (state whether its presentation, or demo etc)
- the full name of the presenter, and 
- approx length of your pitch in minutes


The Zoom webconference ID is https://zoom.us/my/hyperledger.community   

More information can be found on the community page -> https://wiki.hyperledger.org/display/fabric/Fabric+Application+Developer+Community+Calls

You can get calendar invites (eg iCal) here

many thanks for your time - feel free to forward this email if you think it is of interest to a colleague.

Paul O'Mahony
Community Lead - Hyperledger Fabric Developer Community
RocketChat:  mahoney1

mahoney@...




Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: Hyperledger Fabric release v2.0 update

Xiang Dong Hu <huxd@...>
 

Hi Dave,
 
One quick question, does the support for " external chaincode " include support to run chaincode as a remote grpc server?
 
Hu Xiang Dong (胡香冬)
IBM Blockchain Platform development
China Systems Lab
Email: huxd@...
 
 

----- Original message -----
From: "David Enyeart" <enyeart@...>
Sent by: fabric@...
To: fabric <fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperledger Fabric release v2.0 update
Date: Fri, Oct 25, 2019 8:14 PM
 

We discussed configuration updates for Fabric peer and orderer in the last contributors meetings. See proposal at https://jira.hyperledger.org/browse/FAB-16753.

The maintainers have been discussing further - we feel it would be more valuable to get release v2.0 out to the community rather than wait for the configuration updates. Therefore we would like to prepare for a code-complete v2.0 beta release in the December timeframe, which would set the stage for a v2.0 release early next year.

The largest user-facing changes in v2.0 that we'd like to get feedback on during the beta are the new decentralized chaincode lifecycle, and support for external chaincode (documentation updates are in the works). Additionally there have been large improvements in the Fabric codebase, test suites, and CI infrastructure, that will help us deliver the next series of v2.x enhancements. The configuration updates would likely be deferred until the next major release (v3.0).

Please join us at the contributor meeting next Wednesday for additional discussion. We also plan to walk through planned updates to the Fabric samples next Wednesday. As always, topics for the contributor's meeting can be proposed on this mailing list or on RocketChat at https://chat.hyperledger.org/channel/fabric-maintainers.
Meeting details can be found at: https://wiki.hyperledger.org/display/fabric/Contributor+Meetings


Thanks,

Dave Enyeart

 

4461 - 4480 of 11520