The Profile section of configtx.yaml must now be at the end of the file,
so the building of this file dynamically must be updated.
I also updated the version of the fabric CA in bootstrap.sh to 1.2.0.
Change-Id: Ifabccebc901f74569cfa1fe1d824fbcd26c4ffd1
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
Signed-off-by: Christopher Ferris <chrisfer@us.ibm.com>
(cherry picked from commit 75e293183b)
fixed [FAB-8245], and fabric samples have to be changed accordingly.
currently, added support for both output formats.
Change-Id: I0cac063af44556d6a37f17b25abf20134032540f
Signed-off-by: nirro <nirro@il.ibm.com>
The jq script which performs the config update in
scripts/run-fabric.sh fails if the orderer name contains
a hyphen. It requires modifying the way in which jq
interpolates shell variables.
Change-Id: Ie4de9459cb17693465613d6efd78b3d98575bbb2
Signed-off-by: rennman <eabailey@us.ibm.com>
Fix USE_INTERMEDIATE_CA variable to allow
exclusive use of RootCA for sample tests.
Change-Id: If10f9a768ba17943f03b416f5a68edb9eb65a27a
Signed-off-by: rennman <eabailey@us.ibm.com>
The returned error message was changed to "access denied" when
a certificate has been revoked. This simply changes the sample
to look for the correct error message.
Change-Id: Id107d4e1813099e2f21ba9eaffa0bd0b9912a97b
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
Added a script for fabric-ca sample that downloads
all the required docker images.
Vendored dependencies for the fabric-ca sample chaincode.
It can now be run without having a local fabric repository.
Change-Id: I7e0f3d7950201e42fdf82bbef2fc855d33c78676
Signed-off-by: Saad Karim <skarim@us.ibm.com>
As pointed out in [FAB-8496], updating the orgs for the fabric-ca
sample does not have an effect currently.
This RC added the affiliation settings in env.sh script into the
default config file.
Change-Id: I3eaa601fc572f6880b15dec48a4be8a69d01eb4e
Signed-off-by: Min Luo <luomin_tokyotech@hotmail.com>
Add --gencrl flag to revoke command to illustrate
the ability to generate a CRL while performing
a revocation.
Change-Id: I7521cfee54f8704675236d7afb2876b87eb339bf
Signed-off-by: Saad Karim <skarim@us.ibm.com>
Fabric CA sample fails with TLS error when
running against latest 1.1 code because orderer
was expecting client certificate but was not receiving
on during TLS handshake. This change set fixes the
problem by specifying --clientauth, --keyfile and
--certfile command line arguments to the peer commands
that need to communicate with orderer, like 'peer channel
create'.
Change-Id: I34ad39c919c0121916116c3711c7429009db7fc8
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
The fabric-samples/fabric-ca/scripts/setup-fabric.sh script needs
two small changes so that orderers and peers are registered with
the correct type. They are currently defaulting to type 'client'.
Change-Id: Ibd813cd68ae1669bc39423826ca1d39ac57d16c1
Signed-off-by: luomin <luomin_tokyotech@hotmail.com>
Currently client authentication is not enabled on
any peers and orderer in the fabric-ca sample. This
change set will enable client authentication on all
the peers and orderer.
Change-Id: If3c6a5dc6d1dc3a38096608617971945bde359c0
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
Recently, Fabric CA was changed to restrict custom attributes
from starting with "hf." prefix. But fabric-ca sample was
using hf.admin custom attribute. Hence it was failing. This
change set changes custom attribute "hf.admin" to "admin".
Change-Id: I6c9324e62717c26aab3c2d308d9fb098ecd2fb65
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
The admin identity needs hf.Registrar.Roles attribute so
it can register other identities. This attribute was
introduced recently in fabric-ca v1.1.0-alpha.
Change-Id: Ie2a0ef705f07a35580c6bc8a85a34b9b9d937623
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
Steps include: revoking a user, generating a CRL,
updating the CRL in the configuration block of the
channel, and finally querying the chaincode using
the revoked user credentials. The query will fail as
it is invoked by a revoked user.
Change-Id: I3b0f26d9b5a78475b6f42543b0e17458e9ce2a73
Signed-off-by: Anil Ambati <aambati@us.ibm.com>
When a CA starts, it creates its signing cert and then
starts listening on its listening port. The fix is to
wait for the server to start listening on the port rather
than waiting for the signing cert file to be created.
See the waitPort function in env.sh, and places where this
is called. I also had to increase the max time we wait before
failing.
WARNING: This change set is dependent upon the following
fabric-ca change set and should not be merged until it
has been merged:
https://gerrit.hyperledger.org/r/#/c/15089/
Change-Id: I781e3653bf6846e22f401fe64855fa155ffeb7cb
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
This sample uses fabric-ca to run an end-to-end test similar
to the BYFN sample. However, instead of using cryptogen, it
uses fabric-ca. All private keys are generated dynamically in
the container in which they are used.
This sample also demonstrates how to use abac
(Attribute-Based Access Control) to make access decisions.
See chaincode/abac/abac.go.
Change-Id: I5eddc9e35908e409ac07266c3183ce89a5a6cd82
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
