How can I ensure that all organizations have signed the chaincode to install?












3















In Hyperledger Fabric 1.3,
how can I ensure that all organizations have signed the chaincode to install ?



I could sign the code, but it seems that no component verifies the signature.



Details are as below:



Preconditions




  • Fabric 1.3

  • I have two orgs, org1 and org2.

  • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

  • I know that we can install chaincode without signatures by peer chaincode install.


Expected Behaviour



In the below Commands, I expected that:




  • Option A must succeed, because the chaincode includes signatures from both orgs.

  • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


Actual Behaviour




  • Not only Option A but B also succeeds with no errors, which is against the expectation.


Commands



org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 

          -i "AND('Org1MSP.admin')" cc.out





Option A:

   org2> peer chaincode signpackage cc.out signedcc.out

   org1> peer chaincode install -n mycc -v 0 signedcc.out

   org2> peer chaincode install -n mycc -v 0 signedcc.out



Option B:

   org1> peer chaincode install -n mycc -v 0 cc.out

   org2> peer chaincode install -n mycc -v 0 cc.out





org1> peer chaincode instantiate -o orderer:7050 -C mychannel 

          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"





# Then Org2 makes a query.


The flow



The flow






hyperledger-fabric hyperledger blockchain







share|improve this question





























    3















    In Hyperledger Fabric 1.3,
    how can I ensure that all organizations have signed the chaincode to install ?



    I could sign the code, but it seems that no component verifies the signature.



    Details are as below:



    Preconditions




    • Fabric 1.3

    • I have two orgs, org1 and org2.

    • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

    • I know that we can install chaincode without signatures by peer chaincode install.


    Expected Behaviour



    In the below Commands, I expected that:




    • Option A must succeed, because the chaincode includes signatures from both orgs.

    • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


    Actual Behaviour




    • Not only Option A but B also succeeds with no errors, which is against the expectation.


    Commands



    org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 
    
          -i "AND('Org1MSP.admin')" cc.out
    

    

    
Option A:
    
   org2> peer chaincode signpackage cc.out signedcc.out
    
   org1> peer chaincode install -n mycc -v 0 signedcc.out
    
   org2> peer chaincode install -n mycc -v 0 signedcc.out
    

    
Option B:
    
   org1> peer chaincode install -n mycc -v 0 cc.out
    
   org2> peer chaincode install -n mycc -v 0 cc.out
    

    

    
org1> peer chaincode instantiate -o orderer:7050 -C mychannel 
    
          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
    

    

    
# Then Org2 makes a query.


    The flow



    The flow






    hyperledger-fabric hyperledger blockchain







    share|improve this question



























      3












      3








      3


      3






      In Hyperledger Fabric 1.3,
      how can I ensure that all organizations have signed the chaincode to install ?



      I could sign the code, but it seems that no component verifies the signature.



      Details are as below:



      Preconditions




      • Fabric 1.3

      • I have two orgs, org1 and org2.

      • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

      • I know that we can install chaincode without signatures by peer chaincode install.


      Expected Behaviour



      In the below Commands, I expected that:




      • Option A must succeed, because the chaincode includes signatures from both orgs.

      • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


      Actual Behaviour




      • Not only Option A but B also succeeds with no errors, which is against the expectation.


      Commands



      org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 
      
          -i "AND('Org1MSP.admin')" cc.out
      

      

      
Option A:
      
   org2> peer chaincode signpackage cc.out signedcc.out
      
   org1> peer chaincode install -n mycc -v 0 signedcc.out
      
   org2> peer chaincode install -n mycc -v 0 signedcc.out
      

      
Option B:
      
   org1> peer chaincode install -n mycc -v 0 cc.out
      
   org2> peer chaincode install -n mycc -v 0 cc.out
      

      

      
org1> peer chaincode instantiate -o orderer:7050 -C mychannel 
      
          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
      

      

      
# Then Org2 makes a query.


      The flow



      The flow






      hyperledger-fabric hyperledger blockchain







      share|improve this question
















      In Hyperledger Fabric 1.3,
      how can I ensure that all organizations have signed the chaincode to install ?



      I could sign the code, but it seems that no component verifies the signature.



      Details are as below:



      Preconditions




      • Fabric 1.3

      • I have two orgs, org1 and org2.

      • org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).

      • I know that we can install chaincode without signatures by peer chaincode install.


      Expected Behaviour



      In the below Commands, I expected that:




      • Option A must succeed, because the chaincode includes signatures from both orgs.

      • Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.


      Actual Behaviour




      • Not only Option A but B also succeeds with no errors, which is against the expectation.


      Commands



      org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S 
      
          -i "AND('Org1MSP.admin')" cc.out
      

      

      
Option A:
      
   org2> peer chaincode signpackage cc.out signedcc.out
      
   org1> peer chaincode install -n mycc -v 0 signedcc.out
      
   org2> peer chaincode install -n mycc -v 0 signedcc.out
      

      
Option B:
      
   org1> peer chaincode install -n mycc -v 0 cc.out
      
   org2> peer chaincode install -n mycc -v 0 cc.out
      

      

      
org1> peer chaincode instantiate -o orderer:7050 -C mychannel 
      
          -n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
      

      

      
# Then Org2 makes a query.


      The flow



      The flow






      hyperledger-fabric hyperledger blockchain




      hyperledger-fabric hyperledger blockchain






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 26 '18 at 9:22







      ŌHARA Kazutaka

















      asked Nov 22 '18 at 6:41









      ŌHARA KazutakaŌHARA Kazutaka

      517




      517
























          1 Answer
          1






          active

          oldest

          votes


















          2





          +50









          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer
























          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53425198%2fhow-can-i-ensure-that-all-organizations-have-signed-the-chaincode-to-install%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2





          +50









          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer
























          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08
















          2





          +50









          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer
























          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08














          2





          +50







          2





          +50



          2




          +50





          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.






          share|improve this answer













          There is currently no enforcement of signed chaincode packages within Hyperledger Fabric. In version 2.0 (targeted for late March), there will be a new lifecycle for chaincode which will provide this type of functionality.



          For the current 1.3 and upcoming 1.4 releases, it will be up to the organization installing the chaincode to check that they have the right / enough signatures for the chaincode package prior to installing.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 30 '18 at 15:12









          Gari SinghGari Singh

          4,1902518




          4,1902518













          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08



















          • In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

            – ŌHARA Kazutaka
            Dec 3 '18 at 9:28






          • 1





            Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

            – Gari Singh
            Dec 3 '18 at 11:08

















          In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

          – ŌHARA Kazutaka
          Dec 3 '18 at 9:28





          In the case the org wish to check the signatures, how will they achieve that ? I couldn't find something like ` peer chaincode verify`.

          – ŌHARA Kazutaka
          Dec 3 '18 at 9:28




          1




          1





          Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

          – Gari Singh
          Dec 3 '18 at 11:08





          Unfortunately, we never implemented that so you would need to write the code to do that yourself. If you look at github.com/hyperledger/fabric/blob/release-1.3/core/common/… it shows how the signature is created and github.com/hyperledger/fabric/blob/release-1.3/core/common/… shows how the signed install package (with detached signatures) is created.

          – Gari Singh
          Dec 3 '18 at 11:08


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53425198%2fhow-can-i-ensure-that-all-organizations-have-signed-the-chaincode-to-install%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Costa Masnaga

          Image
          .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m
          Read more

          Fotorealismo

          Image
          Guerrino Boatto, Venice's St. Barnaba Church and canal Il fotorealismo è un genere di pittura basato sull'uso di una o più fotografie dalle quali l'artista prende le informazioni necessarie da utilizzare poi nel processo della creazione dell'opera, in genere ad olio o ad acrilico, al fine di avere un aspetto finale il più simile possibile alla fotografia. Indice 1 Storia 2 Lista dei fotorealisti 3 Note 4 Voci correlate 5 Altri progetti Storia | Il fotorealismo è un movimento che nasce negli Stati Uniti d'America alla fine degli anni sessanta [1] sulla scia della Pop Art [2] [3] [4] , e insieme condividono il carattere reazionario verso la travolgente ascesa dei media, che alla metà del ventesimo secolo si trasforma in un fenomeno di massa talmente imponente da minacciare il valore dell'immagine nell'arte. [5] [6] Ne consegue così che, colto il gesto d'inizio che fu della Pop Art, i fotorealisti aprono ad un
          Read more

          Sidney Franklin

          Image
          Questa voce sull'argomento registi statunitensi è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Sidney Franklin, foto di Carl Van Vechten Oscar alla memoria Irving G. Thalberg 1943 Sidney Franklin , all'anagrafe Sidney Arnold Franklin , (San Francisco, 21 marzo 1893 – Santa Monica, 18 maggio 1972), è stato un regista, produttore cinematografico e attore statunitense. Il 20 giugno 1963, si sposò con l'attrice australiana Enid Bennett. Il matrimonio durò fino alla morte dell'attrice, il 14 maggio 1969 [1] Indice 1 Filmografia 1.1 Regista 1.2 Aiuto regia (parziale) 1.3 Produttore 1.4 Attore (parziale) 2 Note 3 Altri progetti 4 Collegamenti esterni Filmografia | Regista | The Baby , co-regia Chester M. Franklin (1915) The Rivals , co-regia Chester M. Franklin (1915) Little Dick's First Case , co-regia Chester M. Franklin (1915) Her Filmland Hero , co-
          Read more