Khala-fabric-formatter NPM

fabric-common

Current version 1.4.8

Prerequisite

docker: 17.06.2-ce +
docker-compose: 1.14.0 +
golang: 1.13.x
fabric-node-sdk:
- nodejs: 10.x
- npm: 6 +
- Python: 2.7

Mono repository division

Milestone

1.2
- privateData
1.4
- Operations metrics
- raft
- 1.4.3 FAB-7559 apply new ordering service endpoints config structure

Notes

connectionProfileA connection profile is normally created by an administrator who understands the network topology.
if random result is included in WriteSet, it corrupts the deterministic process.
instantiate/upgrade could be where data migration is performed, if necessary
keystore For private keys existing in local file system, you should set the permissions to 0400 on *nix based OS’s.
gRpcs host name SHOULD not include upper-case character, otherwise gRpcs ping for discovery_client will not response back with docker network DNS
queryblockHeight(got from queryChain) indexing from 1, blockNumber in blockEvent starting from 0
referenceplayback conference: https://wiki.hyperledger.org/display/fabric/Playbacks
channeltxId is required in peer join channel because: bret HarrisonThere is a transaction proposal to the system chaincode, so a transaction id is required.
channel individual properties may be overridden by setting environment variables, such as CONFIGTX_ORDERER_ORDERERTYPE=kafka.
channel peer could not join system channel [Orderer.js]: sendDeliver - rejecting - status:FORBIDDEN
channelchannel ID length < 250 :initializing configtx manager failed: bad channel ID: channel ID illegal, cannot be longer than 249
proposalResponse instantiate|upgrade action return a response payload with struct ChaincodeData. See in protobuf message description file
disasterbackup recovery: at least 1 anchor peer for each organization should be resumed to recover transaction process
couchdberror symptom of run richQuery on levelDB: GET_QUERY_RESULT failed: transaction ID: 6b53220f87f791047ba44635f32d07cb667b6439c5df95e9a208d74ab12b5ff2: ExecuteQuery not supported for leveldb
raft etcdraft does not support non TLS
- Raft nodes identify each other using TLS pinning, so in order to impersonate a Raft node, an attacker needs to obtain the private key of its TLS certificate. As a result, it is not possible to run a Raft node without a valid TLS configuration.
- [orderer.common.server] initializeClusterClientConfig -> PANI 004 TLS is required for running ordering nodes of type etcdraft.
- ClientTLSCert, ServerTLSCert in configtx.yaml have to be aligned with orderer environment set:
```
        General.Cluster.ClientCertificate = ""
        General.Cluster.ClientPrivateKey = ""
        General.Cluster.RootCAs = []
```
  otherwise it will say:
```
I do not belong to channel testchainid or am forbidden pulling it (not in the channel), skipping chain retrieval
```
raft Each channel has its own RAFT orderer cluster, but system channel should have a super set of all orderer cluster -- Jay Guo
raft migrate from kafka to etcdRaft, see here
solo Deploy a single-node Raft-based ordering service instead of using solo consensus type
Replay Attack txID replay validation is done by orderer, the duplicated txID could not be found at next block marked as "invalid transaction"
fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.

Notes: ChannelEventHub

for application channel
- The first block could be replayed is not the channel genesis block (available from Channel.getGenesisBlock), but the one after, which is block.header.number='1'.

Notes: Private Data

privateDatarequirePeerCount <= peerCount - 1 (1 for peer itself)
privateData"2-of" collectionPolicy is not allowed
privateDataprivate data work only after manually set anchor peers
privateDataNote that collections cannot be deleted, as there may be prior private data hashes on the channel’s blockchain that cannot be removed.
privateDatacall await stub.putPrivateData('any', "key", 'value'); without setup collection Config or in Init step:
Error: collection config not define for namespace node
See also in https://github.com/hyperledger/fabric/commit/8a705b75070b7a7021ec6f897a80898abf6a1e45
privateData collectionConfig.memberOnlyRead
- expected symptom: Error: GET_STATE failed: transaction ID: 35175d5ac4ccaa44ad77257a25caca5999c1a70fdee27174f0b7d9df1c39cfe5: tx creator does not have read access permission on privatedata in chaincodeName:diagnose collectionName: private
privateData private data will automatic sync on new peer(process last for seconds)

Notes: Chaincode

chaincode peer.response in chaincode.Init cannot be recovered from proposal response. stub.GetState is meaningless in Init
chaincode transient map context keep persistent when cross chaincode
chaincode Chaincode invoker creator could belongs to differed organization than target peers
chaincode Chaincode name is not a secret, we can use combination of discovery service and query chaincode installed on peer to get them all
chaincode call await stub.putPrivateData('anyCollection', "key", 'value'); without setup collection Config or in Init step:
Error: collection config not define for namespace See in https://github.com/hyperledger/fabric/commit/8a705b75070b7a7021ec6f897a80898abf6a1e45
chaincodeSystem chaincodes are intended to be invoked by a client rather than by a user chaincode
chaincodechaincode partial update: when not all peers upgrade to latest chaincode, is it possible that old chaincode still work with inappropriate endorsement config; while with appropriate endorsement policy, we get chaincode fingerprint mismatch error
chaincode System chaincodes are designed to be invoked by a client rather than by a user chaincode. Invoking from a user chaincode may cause deadlocks. See here
chaincode
- instantiate policy is not endorsemnet policy, it is used during chaincode packaging/install determining who is able to instantiate/upgrade chaincode, it is partially supported in nodejs with chaincode package binary(byte[]) as input.
- to customize instantiate policy, we reply on peer chaincode package

Notes: Operations

reference

logLevel logspec:{"spec":"chaincode=debug:info"}, the logger is in debug mode and level is info.
healthz In the current version, the only health check that is registered is for Docker.
metrics the TLS enable flag located in Operations section
metrics for peer and orderer, even ...OPERATIONS_TLS_CLIENTAUTHREQUIRED=false, client side key-cert is still
- required on endpoints: /metrics, /logspec
- but not required on endpoints /healthz, /version
  See details in FAB-14323
metrics The /metrics endpoint allows operators to utilize Prometheus to pull operational metrics from peer and orderer nodes.

TODO

npm couchdb-dump in nodejs/couchdbDump.sh
level db navigator(https://github.com/Level/level or https://github.com/syndtr/goleveldb) and richQuery for leveldb;leveldb analyzer
NodeOUs enable and intermediate CA
channelEventHub.disconnect status sync
make use of npm jsrsasign
make use of softHSM in node-sdk
replace some function in query.js with system chaincode
escc, vscc sample

Fabric weakness

fabric RSA key support:
- not supported as peer|orderer keystore
new Feature required: GetPrivateStateByRangeWithPagination: https://jira.hyperledger.org/browse/FAB-11732
async or not: CryptoSuite importKey
1.4 Channel#getChannelConfigFromOrderer could not specify target orderer
client.newTransactionID(); --> new TransactionID(Identity,isAdmin)
create docker env manager to convert a env jsObject to env list(having same key checking)
go mod supportlib/packager/Golang.js could not support project outside of GoPath (as usually in go mod)
- const projDir = path.join(goPath, 'src', chaincodePath);