How can I ensure that all organizations have signed the chaincode to install?












3















In Hyperledger Fabric 1.3,
how can I ensure that all organizations have signed the chaincode to install ?



I could sign the code, but it seems that no component verifies the signature.



Details are as below:



Preconditions




  • Fabric 1.3

  • I have two orgs, org1 and org2.

  • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

  • I know that we can install chaincode without signatures by peer chaincode install.


Expected Behaviour



In the below Commands, I expected that:




  • Option A must succeed, because the chaincode includes signatures from both orgs.

  • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


Actual Behaviour




  • Not only Option A but B also succeeds with no errors, which is against the expectation.


Commands



org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 

          -i "AND('Org1MSP.admin')" cc.out





Option A:

   org2> peer chaincode signpackage cc.out signedcc.out

   org1> peer chaincode install -n mycc -v 0 signedcc.out

   org2> peer chaincode install -n mycc -v 0 signedcc.out



Option B:

   org1> peer chaincode install -n mycc -v 0 cc.out

   org2> peer chaincode install -n mycc -v 0 cc.out





org1> peer chaincode instantiate -o orderer:7050 -C mychannel 

          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"





# Then Org2 makes a query.


The flow



The flow






hyperledger-fabric hyperledger blockchain







share|improve this question





























    3















    In Hyperledger Fabric 1.3,
    how can I ensure that all organizations have signed the chaincode to install ?



    I could sign the code, but it seems that no component verifies the signature.



    Details are as below:



    Preconditions




    • Fabric 1.3

    • I have two orgs, org1 and org2.

    • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

    • I know that we can install chaincode without signatures by peer chaincode install.


    Expected Behaviour



    In the below Commands, I expected that:




    • Option A must succeed, because the chaincode includes signatures from both orgs.

    • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


    Actual Behaviour




    • Not only Option A but B also succeeds with no errors, which is against the expectation.


    Commands



    org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 
    
          -i "AND('Org1MSP.admin')" cc.out
    

    

    
Option A:
    
   org2> peer chaincode signpackage cc.out signedcc.out
    
   org1> peer chaincode install -n mycc -v 0 signedcc.out
    
   org2> peer chaincode install -n mycc -v 0 signedcc.out
    

    
Option B:
    
   org1> peer chaincode install -n mycc -v 0 cc.out
    
   org2> peer chaincode install -n mycc -v 0 cc.out
    

    

    
org1> peer chaincode instantiate -o orderer:7050 -C mychannel 
    
          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
    

    

    
# Then Org2 makes a query.


    The flow



    The flow






    hyperledger-fabric hyperledger blockchain







    share|improve this question



























      3












      3








      3


      3






      In Hyperledger Fabric 1.3,
      how can I ensure that all organizations have signed the chaincode to install ?



      I could sign the code, but it seems that no component verifies the signature.



      Details are as below:



      Preconditions




      • Fabric 1.3

      • I have two orgs, org1 and org2.

      • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

      • I know that we can install chaincode without signatures by peer chaincode install.


      Expected Behaviour



      In the below Commands, I expected that:




      • Option A must succeed, because the chaincode includes signatures from both orgs.

      • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


      Actual Behaviour




      • Not only Option A but B also succeeds with no errors, which is against the expectation.


      Commands



      org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 
      
          -i "AND('Org1MSP.admin')" cc.out
      

      

      
Option A:
      
   org2> peer chaincode signpackage cc.out signedcc.out
      
   org1> peer chaincode install -n mycc -v 0 signedcc.out
      
   org2> peer chaincode install -n mycc -v 0 signedcc.out
      

      
Option B:
      
   org1> peer chaincode install -n mycc -v 0 cc.out
      
   org2> peer chaincode install -n mycc -v 0 cc.out
      

      

      
org1> peer chaincode instantiate -o orderer:7050 -C mychannel 
      
          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
      

      

      
# Then Org2 makes a query.


      The flow



      The flow






      hyperledger-fabric hyperledger blockchain







      share|improve this question
















      In Hyperledger Fabric 1.3,
      how can I ensure that all organizations have signed the chaincode to install ?



      I could sign the code, but it seems that no component verifies the signature.



      Details are as below:



      Preconditions




      • Fabric 1.3

      • I have two orgs, org1 and org2.

      • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

      • I know that we can install chaincode without signatures by peer chaincode install.


      Expected Behaviour



      In the below Commands, I expected that:




      • Option A must succeed, because the chaincode includes signatures from both orgs.

      • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


      Actual Behaviour




      • Not only Option A but B also succeeds with no errors, which is against the expectation.


      Commands



      org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 
      
          -i "AND('Org1MSP.admin')" cc.out
      

      

      
Option A:
      
   org2> peer chaincode signpackage cc.out signedcc.out
      
   org1> peer chaincode install -n mycc -v 0 signedcc.out
      
   org2> peer chaincode install -n mycc -v 0 signedcc.out
      

      
Option B:
      
   org1> peer chaincode install -n mycc -v 0 cc.out
      
   org2> peer chaincode install -n mycc -v 0 cc.out
      

      

      
org1> peer chaincode instantiate -o orderer:7050 -C mychannel 
      
          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
      

      

      
# Then Org2 makes a query.


      The flow



      The flow






      hyperledger-fabric hyperledger blockchain




      hyperledger-fabric hyperledger blockchain






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 26 '18 at 9:22







      ŌHARA Kazutaka

















      asked Nov 22 '18 at 6:41









      ŌHARA KazutakaŌHARA Kazutaka

      517




      517
























          1 Answer
          1






          active

          oldest

          votes


















          2





          +50









          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer
























          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53425198%2fhow-can-i-ensure-that-all-organizations-have-signed-the-chaincode-to-install%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2





          +50









          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer
























          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08
















          2





          +50









          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer
























          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08














          2





          +50







          2





          +50



          2




          +50





          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer













          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 30 '18 at 15:12









          Gari SinghGari Singh

          4,1902518




          4,1902518













          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08



















          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08

















          In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

          – ŌHARA Kazutaka
          Dec 3 '18 at 9:28





          In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

          – ŌHARA Kazutaka
          Dec 3 '18 at 9:28




          1




          1





          Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

          – Gari Singh
          Dec 3 '18 at 11:08





          Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

          – Gari Singh
          Dec 3 '18 at 11:08


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53425198%2fhow-can-i-ensure-that-all-organizations-have-signed-the-chaincode-to-install%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Create new schema in PostgreSQL using DBeaver

          Image
          0 At the beginning of my current job I had limited access to DB but recently my role is changed to superuser, admin, and owner. My colleague who was the previous DB admin is able to create a schema or change the permissions as there is a permission tab in the properties and he can change permissions by clicking easily. Would you please let me know how I can create schema and change permissions as well? Why his dbeaver looks different from me? He can easily right click on the schema folder on top of all schemas on the left side column and select create new schema while I do not have that, like the following picture I found on the internet. postgresql database-schema dbeaver share | improve this question
          Read more

          Deepest pit of an array with Javascript: test on Codility

          Image
          0 $begingroup$ This is the question from a Codility test, as a task in an interview: DeepestPit - problem description A non-empty zero-indexed array A consisting of N integers is given. A pit in this array is any triplet of integers (P, Q, R) such that: ·         0 ≤ P < Q < R < N; ·         sequence [A[P], A[P+1], ..., A[Q]] is strictly decreasing, i.e. A[P] > A[P+1] > ... > A[Q]; ·         sequence A[Q], A[Q+1], ..., A[R] is strictly increasing, i.e. A[Q] < A[Q+1] < ... < A[R]. The depth of a pit (P, Q, R) is the number min {A[P] − A[Q], A[R] − A[Q]}. For example, consider array A consisting of 10 elements such that: A[0] = 0 A[1] = 1 A[2] = 3 A[3] = -2 A[4] = 0 A[5] = 1 A[6] = 0 A[7] = -3 A[8] = 2 A[9] = 3 Triplet (2, 3, 4) is
          Read more

          Costa Masnaga

          Image
          .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m
          Read more