github.com/tenywen/fabric@v1.0.0-beta.0.20170620030522-a5b1ed380643/docs/source/cc-packaging-and-signing.rst (about) 1 Chaincode Packaging and Signing 2 =============================== 3 4 Introduction 5 ------------ 6 7 A chaincode will be placed on the file system of the peer on 8 installation simply as a file with name 9 ``<chaincode name>.<chaincode version``. The contents of that file is 10 called a chaincode package. 11 12 This document describes how a chaincode package can be created and 13 signed from CLI. It also describes how the ``install`` command can 14 be used to install the chaincode package. 15 16 What’s in the package ? 17 ----------------------- 18 19 The package consists of 3 parts \* the chaincode as defined by 20 ``ChaincodeDeploymentSpec``. This defines the code and other meta 21 properties such as name and version \* an instantiation policy which can 22 be syntactically described by the same policy used for endorsement and 23 described in ``endorsement-policies.rst`` \* a set of signatures by the 24 entities that “own” the chaincode. 25 26 The signatures serve the following purposes \* establish an ownership of 27 the chaincode \* allows verification that the signatures are over the 28 same content \* allows detection of package tampering 29 30 The creator of the instantiation of the chaincode on a channel is 31 validated against the instantiation policy of the chaincode. 32 33 Chaincode Packaging 34 ------------------- 35 36 The package is created and signed using the command 37 38 :: 39 40 peer chaincode package -n mycc -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02 -v 0 -s -S -i "AND('OrgA.admin')" ccpack.out 41 42 where ``-s`` specifies creating the package as opposed to generating raw 43 ChaincodeDeploymentSpec ``-S`` specifies instructs to sign the package 44 using the Local MSP (as defined by ``localMspid`` property in 45 ``core.yaml``) 46 47 The ``-S`` option is optional. However if a package is created without a 48 signature, it cannot be signed by any other owner using the 49 ``signpackage`` command in the next section. 50 51 The ``-i`` option is optional. It allows specifying an instantiation policy 52 for the chaincode. The instantiation policy has the same format as an 53 endorsement policy and specifies who can instantiate the chaincode. In the 54 example above, only the admin of OrgA is allowed to instantiate the chaincode. 55 If no policy is provided, the default policy is used, which only allows the 56 admin of the peer's MSP to instantiate chaincode. 57 58 Package signing 59 --------------- 60 61 A package can be handed over to other owners for inspection and signing. 62 The workflow supports out of band signing of package. 63 64 A previously created package can be signed using the command 65 66 :: 67 68 peer chaincode signpackage ccpack.out signedccpack.out 69 70 where ``ccpack.out`` and ``signedccpack.out`` are input and output 71 packages respectively. ``signedccpack.out`` contains an additional 72 signature over the package signed using the Local MSP. 73 74 Installing the package 75 ---------------------- 76 The package can be installed using the ``install`` command as follows 77 78 :: 79 80 peer chaincode install ccpack.out 81 82 where ``ccpack.out`` is a package filecreated using the ``package`` 83 or ``signedpackage`` commands. 84 85 Conclusion 86 ---------- 87 88 The peer will support use of both raw ChaincodeDeploymentSpec and the 89 package structure described in this document. This will allow existing 90 commands and workflows to work which is especially useful in development 91 and test phases. 92 93 .. Licensed under Creative Commons Attribution 4.0 International License 94 https://creativecommons.org/licenses/by/4.0/ 95