This change-set enforces the field TxID of a
proposal/transaction to be computed as the result
of an hash function computed on nonce and creator.
This is to be able to uniquely identity a proposal/transaction.

In addition, the endorsers verify that a TxID is not duplicated
by looking up the ledger as done by the committers.

Before merging this change-set, the client-sdk
needs to be modified to generate the TxID in the
new expected way.

This change-set comes in the context of
https://jira.hyperledger.org/browse/FAB-583



Change-Id: Icc5892976aeec1d4fdca736234355833d04bd4c8
Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>

The recently added platform::ValidateDeploymentSpec did not account
for the possibility that the CodePackage may be optional under
certain scenarios.

This patch fixes this by checking for this condition and handling
gracefully.

Fixes FAB-2341

Change-Id: I83791dbf04c420e42b087805de668f0405b0214a
Signed-off-by: Greg Haskins <gregory.haskins@gmail.com>

This change-set adds revocation support for the default MSP. Revocation is
implemented by supplying zero or more 'complete CRLs' (as described in rfc
5280) in the RevocationList field of the FabricMSPConfig struct. The CRL
can only apply to certificates and not to CAs or intermediate CAs. If a CA
or an intermediate CA is to be revoked, it can just be removed from the
respective fields in the config.

Change-Id: I7a4d290aed264952b329fc981c17f87b94b10899
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>

https://jira.hyperledger.org/browse/FAB-2325



This CR adds automatic encoding of a reader/writer/admin policy for each
MSP created via the MSP templating tool.

In combination with the default reader/writer/admin policies at the
group level from [FAB-2324] the reader/writer/admin policies should be
ready to be consumed by other parts of the system.

Change-Id: I22a70ba33a7aadd99e8c5da7f813e6794c78bede
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2324



This CR adds default reader/writer/admin policies to the dynamically
generated gensis block.  There are currently no consumers of these
policies, but will be added later.

Change-Id: I000220feb9ff1bd806a724b77ea9dcf62f5aa294
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2323



This CR adds support to the policies manager for evaluating the new
ImplicitMetaPolicy policy type.

Unlike the cauthdsl policy provider, the implicit metapolicy needs to
live inside the policy manager to hook into the transactional nature of
the policy manager.

Change-Id: I8f11ea46950da6566833daa65b2e056faa2f63d6
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2255



This CR introduces the proto structure for the implicit meta policy
type.  It does not add a provider for this policy type, but simply
defines the structure.

Change-Id: I4256f3faf9cede3f34ddecc266c98dcbcd1148e6
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2322



With the notion of hierarchical policies, the configuration mod_policy
needs to be able to refer to policies in the current group (relatively)
or policies relative to the channel root configuration (absolute).

This CR modifies the policy lookup to ask the relative policy manager
unless the policy begins with a "/" in which case the policy is
retrieved from the root policy manager.

Change-Id: Id14e327a5c37c4c1848521abd691aa857a12039d
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2319



This CR finally removes the hack of only handling policies stored at the
root channel level and creates a policy manager at each level of the
config.  It also rolls up the policy managers so that policy managers at
a higher level may reference policies at a lower level.

Change-Id: I18f616ecfc3929f03defdbe02f8a253d0c6b2f69
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2312



There used to be a single type for configuration, 'ConfigItem', but that
has bifurcated into 'ConfigValue', 'ConfigGroup', and 'ConfigPolicy'.
In order to handle the 'ConfigValue' and the 'ConfigPolicy' in similar
ways, the 'ConfigValue' handling needs to be pushed out into its own
package just like policy handling is.  This CR accomplishes that.

This is in preparation for treating the PolicyHandler as more of a first
class object and to eliminate the need for hacky importing.

Change-Id: I690a33e09843eb4c29611319f2e3942baae2dfdb
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2262



The configtx manager.go file has gotten large and unweildly.  As
preparation for supporting partial updates, and to facilitate the
development of tests, this CR simply splits the manager.go file into
manager.go, update.go, and config.go.

This CR contains no functional changes.

Change-Id: I21db6dee4ed5cf8819050ee8c04cbe123b76040c
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2253



This CR does two things, it tracks the MSP per organization and checks
for mutation of the MSP ID.  It also exposes access to this MSP ID and
the organization name via the configtxapi interfaces.

Change-Id: Id8eb219199377beed163fb69e077875d7bb8e1f8
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

https://jira.hyperledger.org/browse/FAB-2257



In fixing the orderer docker startup, the orderer.yaml file was modified
to include the LocalMSPDir.  This was required because without the
variable in the yaml, the environment variable would not take effect.
However, this orderer.yaml variable was incorrectly set to ../msp when
it was being set as a default in code to ../msp/sampleconfig.  This CR
fixes that.

Change-Id: I775b70a0d14d5a9b13ed71b71ef196a70748690a
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

1. Remove confusing comment on `NewChainCreationTemplate`.
2. Add comments to exported variables.
3. Extend test so that it checks policy name

Change-Id: Ica061bfcf82662f223ebdaa1dbe62423bc819dbe
Signed-off-by: Kostas Christidis <kostas@christidis.io>

The visibility field in the headers is used to control to what extent the
proposal payload will be visibile in the final tx. The default should be full
visibility.

Change-Id: I61f059c2f3ed58b3dab981b009e17e1ec133776c
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>

Integrate gossip/gossip/algo/pull with peer/core.yaml, so it's wait
time become configurable.

Change-Id: I1661a959b4b771af9c22cb28e1d43c180e98c807
Signed-off-by: Ray Chen <ray@hyperchain.cn>

https://jira.hyperledger.org/browse/FAB-2261



At the organization level, handlers were being instaniated dynamically,
but, the handlers were only being instructed to begin transactions
statically.  This caused a crash when a dynamically created org handler
would be told to process a config item before begin the config
transaction.

This CR reworks the handler instantiation to be done at the beginning of
a transaction.

Change-Id: Ifbd2f9adf5809cb9fca3108573f105db4b0d790a
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

We allow each chaincode platform to define its own deployment
validation logic, and then implement a FAB-2122 oriented
filter for GOLANG.  What this means in practice is we perform
some basic checks against the tarball that was passed in via
the DeploymentSpec.  For instance, there is no reason for
a client to submit binaries (+x set), files in /bin/*, or
source packages outside of the declared package.

As noted, this doesn't provide 100% protection but it does
at least reject some basic things that are clearly garbage.

Change-Id: I6c725d4cb0522a8be5717ab80d4f6205e83bf858
Signed-off-by: Greg Haskins <gregory.haskins@gmail.com>