In Hyperledger Fabric 1.3, how can I ensure that all organizations have signed the chaincode to install ?
I could sign the code, but it seems that no component verifies the signature.
Details are as below:
Preconditions
- Fabric 1.3
- I have two orgs, org1 and org2.
- org1 wants to verify that org2 has signed the code, and vice versa, for non-repudiation (undeniability).
- I know that we can install chaincode without signatures by
peer chaincode install
.
Expected Behaviour
In the below Commands, I expected that:
- Option A must succeed, because the chaincode includes signatures from both orgs.
- Option B must produce some kind of error or warning, because the chaincode lacks a signature from org2.
Actual Behaviour
- Not only Option A but B also succeeds with no errors, which is against the expectation.
Commands
org1> peer chaincode package -n mycc -v 0 example02/cmd -s -S \
-i "AND('Org1MSP.admin')" cc.out
Option A:
org2> peer chaincode signpackage cc.out signedcc.out
org1> peer chaincode install -n mycc -v 0 signedcc.out
org2> peer chaincode install -n mycc -v 0 signedcc.out
Option B:
org1> peer chaincode install -n mycc -v 0 cc.out
org2> peer chaincode install -n mycc -v 0 cc.out
org1> peer chaincode instantiate -o orderer:7050 -C mychannel \
-n mycc -v 0 -c '(snip)' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
# Then Org2 makes a query.
The flow