github.com/blockchain-gm/fabric-ca@v0.0.0-20200423072702-b2c40c7ac69c/README.md (about) 1 ``` 2 fabric-ca v1.4.3 国密改造 3 国密改造参照https://blog.csdn.net/dyj5841619/article/details/90642808 4 在fabric-ca 1.4.3上修改并完成调试; 并修改此项目vendor第三方库,所以请不要替换vendor目录 5 6 1 编译设置 7 设置export GO111MODULE=off 关闭go modele功能 8 9 2 编译fabric-ca-server 10 make fabric-ca-server 11 二进制生层bin/fabric-ca-server 12 13 14 3 编译fabric-ca-client 15 make fabric-ca-client 16 17 至此,二进制fabric编译完成 18 19 20 分支同步: 21 git push --mirror git@github.com:blockchain-gm/fabric-ca.git 22 23 24 ``` 25 26 27 # Fabric CA Developer's Guide 28 29 This is the Developer's Guide for Fabric CA, which is a Certificate Authority for Hyperledger Fabric. 30 31 See [User's Guide for Fabric CA](https://hyperledger-fabric-ca.readthedocs.io) for information on how to use Fabric CA. 32 33 ## Prerequisites 34 35 * Go 1.11.5 installation or later 36 * **GOPATH** environment variable is set correctly 37 * docker version 17.06 or later 38 * docker-compose version 1.14 or later 39 * A Linux Foundation ID (see [create a Linux Foundation ID](https://identity.linuxfoundation.org/)) 40 41 42 ## Contribution guidelines 43 44 You are welcome to contribute to Fabric CA! 45 46 The following are guidelines to follow when contributing: 47 48 1. See the general information about [contributing to fabric](http://hyperledger-fabric.readthedocs.io/en/latest/CONTRIBUTING.html). 49 50 2. To set up your development environment for doing common development tasks, see [bash_profile](https://github.com/hyperledger/fabric-ca/blob/master/scripts/bash_profile). This contains variables and functions which can be copied directly into your `.bash_profile` file. Even if you do not use bash, you should still find the functions instructive. For example: 51 a. **clone** - pulls the latest fabric-ca code from gerrit and places it based on your GOPATH setting 52 b. **cdr** - cd to the fabric-ca repository root, which is equivalent to "cd $GOPATH/src/github.com/hyperledger/fabric-ca" 53 c. **gencov** - generates a test coverage report 54 55 3. To run the unit tests manually: 56 57 ``` 58 # cdr 59 # make unit-tests 60 ``` 61 62 The test coverage for each package must be 75% or greater. If this fails due to insufficient test coverage, then you can run `gencov` to get a coverage report to see what code is not being tested. Once you have added additional test cases, you can run `go test -cover` in the appropriate package to see the current coverage level. 63 64 WARNING: Running the unit-tests may fail due to too many open file descriptors. 65 Depending on where the failure occurs, the error message may not be obvious and may only say something similar to "unable to open database file". 66 Depending on the settings on your host, you may need to increase the maximum number of open file descriptors. 67 For example, the OSX default per-process maximum number of open file descriptors is 256. 68 You may issue the following command to display your current setting: 69 70 ``` 71 # ulimit -n 72 256 73 ``` 74 75 And the following command will increase this setting to 65536: 76 77 ``` 78 # ulimit -n 65536 79 ``` 80 81 Please note that this change is only temporary. To make it permanent, you will need to consult the documentation for your host operating system. 82 83 ## Package overview 84 85 1. **cmd/fabric-ca-server** contains the main for the fabric-ca-server command. 86 2. **cmd/fabric-ca-client** contains the main for the fabric-ca-client command. 87 3. **lib** contains most of the code. 88 a) **server.go** contains the main Server object, which is configured by **serverconfig.go**. 89 b) **client.go** contains the main Client object, which is configured by **clientconfig.go**. 90 4. **util/csp.go** contains the Crypto Service Provider implementation. 91 5. **lib/dbutil** contains database utility functions. 92 6. **lib/ldap** contains LDAP client code. 93 7. **lib/spi** contains Service Provider Interface code for the user registry. 94 8. **lib/tls** contains TLS related code for server and client. 95 9. **util** contains various utility functions. 96 97 ## Additional info 98 99 ## Profiling 100 Fabric CA server can be profiled two ways, namely, using benchmarks and by retrieving profiling data from the server (at /debug/pprof/ endpoint) while running load. 101 102 ### Benchmarks 103 You can profile the benchmarks by running `make bench-cpu` or `make bench-mem` commands. You can profile benchmarks in one package or all the packages using these make targets. For example, to profile benchmarks in the *lib* package, run: `make bench-cpu pkg=github.com/hyperledger/fabric-ca/lib`. This will create **bench-cpu.prof**, **lib.test** and **bench** files in the *lib* folder. The **bench** file will contain benchmark stats: bytes/operation, allocations/operation and nanoseconds/operation. **lib.test** file is the executable and **bench-cpu.prof** contains cpu profile information. To analyze the profile, run: `go tool pprof lib.test bench-cpu.prof`. Similarly, you can run `make bench-mem pkg=github.com/hyperledger/fabric-ca/lib` to perform memory profiling of the benchmarks in the *lib* package. The **bench-mem.prof** file contains memory profile information. 104 105 If you run `make bench-cpu` or `make bench-mem` without *pkg* variable, benchmarks in each package are run with cpu or memory profiling. So, executable, benchmark output, and profile info files are created in each package folder. You need to analyze these profiles separately. 106 107 ### Whole server 108 To enable profiling on the server, set the FABRIC_CA_SERVER_PROFILE_PORT environment 109 variable to a valid, available port number and start the server. The server will start listening for profile requests at the */debug/pprof/* HTTP endpoint and the specified port. Then run `go tool pprof` with server's profiling URL (http://<server host>:<profiling port>/debug/pprof/<profile|heap|block>) as an argument, it will download and examine a live profile. 110 111 You can start the server in the FVT image by running following docker command from the fabric-ca root directory: 112 113 `docker run -p 8888:8888 -p 8054:8054 -v $PWD:/opt/gopath/src/github.com/hyperledger/fabric-ca -e FABRIC_CA_SERVER_PROFILE_PORT=8054 --name loadTest -td hyperledger/fabric-ca-fvt test/fabric-ca-load-tester/launchServer.sh 1` 114 115 Then start the load by running `/test/fabric-ca-load-tester/runLoad.sh -B` 116 117 In other window, you can start profiling by running (assuming load test takes about a minute to complete): 118 119 `curl http://localhost:8054/debug/pprof/profile?seconds=60 > load-cpu.prof` 120 121 then analyze the profile: 122 123 `go tool pprof bin/fabric-ca-server load-cpu.prof` 124 125 OR simply run: 126 127 `go tool pprof -seconds=60 -output=load-cpu.prof http://localhost:8054/debug/pprof/profile` 128 129 You can use commands like *top*, *top -cum*, *list* and *web* to look at the top consumers, list the code to see the hotspots and to view the graph in a browser. You can run `go tool pprof -h` to view all the options supported by the pprof tool 130 131 You can also use [**go-torch**](https://github.com/uber/go-torch) tool to analyze the profile: 132 133 `go-torch bin/fabric-ca-server load-cpu.prof` 134 135 ### Profiling Fabric CA client 136 To enable profiling on the client, set the FABRIC_CA_CLIENT_PROFILE_MODE environment variable to either "heap" or "cpu" to enable heap, cpu profiling respectively. A file containing profiling data is created in the present working directory of the client. Heap profiling data is written to **mem.pprof** and cpu profiling data is written to **cpu.pprof**. You can run `go tool pprof <client executable> <profiling file>` to analyze the profiling data. 137 138 ### Profiling links 139 https://blog.golang.org/profiling-go-programs 140 https://medium.com/@hackintoshrao/daily-code-optimization-using-benchmarks-and-profiling-in-golang-gophercon-india-2016-talk-874c8b4dc3c5 141 https://www.youtube.com/watch?v=2h_NFBFrciI 142 https://software.intel.com/en-us/blogs/2014/05/10/debugging-performance-issues-in-go-programs 143 http://www.soroushjp.com/2015/01/27/beautifully-simple-benchmarking-with-go/ 144 https://vinceyuan.github.io/profiling-memory-usage-of-a-go-app/ 145 https://www.youtube.com/watch?v=N3PWzBeLX2M&feature=youtu.be 146 https://www.youtube.com/watch?v=oorX84tBMqo&feature=youtu.be 147 148 ### FVT 149 150 See [FVT tests](scripts/fvt/README.md) for information on functional verification test cases. 151 152 153 ### Updating the cfssl vendored package 154 Following are the steps to update cfssl package using version 1.0.8 of govendor tool. 155 156 * Remove cfssl from vendor folder 157 * cd $GOPATH/src/github.com/hyperledger/fabric-ca/vendor 158 * govendor remove github.com/cloudflare/cfssl/... 159 * rm -rf github.com/cloudflare/cfssl/ 160 161 * Clone cfssl repo 162 * cd $GOPATH/src/github.com/ 163 * mkdir cloudflare 164 * cd cloudflare 165 * git clone https://github.com/cloudflare/cfssl.git 166 167 * Add cfssl from $GOPATH to the vendor folder 168 * cd $GOPATH/src/github.com/hyperledger/fabric-ca/vendor 169 * govendor add github.com/cloudflare/cfssl/^ 170 * You can optionally specify revision or tag to add a particular revision of code to the vendor folder 171 * govendor add github.com/cloudflare/cfssl/^@abc12032 172 173 * Remove sqlx package from cfssl vendor folder. This is because certsql.NewAccessor (called by fabric-ca) requires sqlx.db object to be passed from the same package. If we were to have sqlx package both in fabric-ca and cfssl vendor folder, go compiler will throw an error 174 * rm -rf github.com/cloudflare/cfssl/vendor/github.com/jmoiron/sqlx 175 176 * Remove the packages that are added to the fabric-ca vendor folder that are not needed by fabric-ca 177 178 179 ## Continuous Integration 180 181 Please have a look at [Continuous Integration Process](docs/source/ca-ci.md) 182 183 ## License <a name="license"></a> 184 185 Hyperledger Project source code files are made available under the Apache License, Version 2.0 (Apache-2.0), located in the [LICENSE](LICENSE) file. Hyperledger Project documentation files are made available under the Creative Commons Attribution 4.0 International License (CC-BY-4.0), available at http://creativecommons.org/licenses/by/4.0/.