github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/docs/source/cc-packaging-and-signing.rst

github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/docs/source/cc-packaging-and-signing.rst (about)

     1  Chaincode Packaging and Signing
     2  ===============================
     3  
     4  Introduction
     5  ------------
     6  
     7  A chaincode will be placed on the file system of the peer on
     8  installation simply as a file with name
     9  ``<chaincode name>.<chaincode version``. The contents of that file is
    10  called a chaincode package.
    11  
    12  This document describes how a chaincode package can be created and
    13  signed from CLI. It also describes how the ``install`` command can
    14  be used to install the chaincode package.
    15  
    16  What’s in the package ?
    17  -----------------------
    18  
    19  The package consists of 3 parts \* the chaincode as defined by
    20  ``ChaincodeDeploymentSpec``. This defines the code and other meta
    21  properties such as name and version \* an instantiation policy which can
    22  be syntactically described by the same policy used for endorsement and
    23  described in ``endorsement-policies.rst`` \* a set of signatures by the
    24  entities that “own” the chaincode.
    25  
    26  The signatures serve the following purposes \* establish an ownership of
    27  the chaincode \* allows verification that the signatures are over the
    28  same content \* allows detection of package tampering
    29  
    30  The creator of the instantiation of the chaincode on a channel is
    31  validated against the instantiation policy of the chaincode.
    32  
    33  Chaincode Packaging
    34  -------------------
    35  
    36  The package is created and signed using the command
    37  
    38  ::
    39  
    40      peer chaincode package -n mycc -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02 -v 0 -s -S ccpack.out
    41  
    42  where ``-s`` specifies creating the package as opposed to generating raw
    43  ChaincodeDeploymentSpec ``-S`` specifies instructs to sign the package
    44  using the Local MSP (as defined by ``localMspid`` property in
    45  ``core.yaml``)
    46  
    47  The ``-S`` option is optional. However if a package is created without a
    48  signature, it cannot be signed by any other owner using the
    49  ``signpackage`` command in the next section.
    50  
    51  Package signing
    52  ---------------
    53  
    54  A package can be handed over to other owners for inspection and signing.
    55  The workflow supports out of band signing of package.
    56  
    57  A previously created package can be signed using the command
    58  
    59  ::
    60  
    61      peer chaincode signpackage ccpack.out signedccpack.out
    62  
    63  where ``ccpack.out`` and ``signedccpack.out`` are input and output
    64  packages respectively. ``signedccpack.out`` contains an additional
    65  signature over the package signed using the Local MSP.
    66  
    67  Installing the package
    68  ----------------------
    69  The package can be installed using the ``install`` command as follows
    70  
    71  ::
    72  
    73      peer chaincode install ccpack.out
    74  
    75  where ``ccpack.out`` is a package filecreated using the ``package``
    76  or ``signedpackage`` commands.
    77  
    78  Conclusion
    79  ----------
    80  
    81  The peer will support use of both raw ChaincodeDeploymentSpec and the
    82  package structure described in this document. This will allow existing
    83  commands and workflows to work which is especially useful in development
    84  and test phases.