Merge branch 'main' into add-orderer-backoff

.github/workflows/broken-link-checker.yml

@@ -13,7 +13,7 @@ on:
       - .github/workflows/broken-link-checker.yml
 
 env:
-  GO_VER: 1.20.7
+  GO_VER: 1.21.3
 
 jobs:
   broken-lint-checker:

.github/workflows/release.yml

@@ -12,7 +12,7 @@ on:
       - v3.*
 
 env:
-  GO_VER: 1.20.7
+  GO_VER: 1.21.3
   UBUNTU_VER: 20.04
   FABRIC_VER: ${{ github.ref_name }}
   DOCKER_REGISTRY: ${{ github.repository_owner == 'hyperledger' && 'docker.io' || 'ghcr.io' }}

.github/workflows/verify-build.yml

@@ -13,15 +13,15 @@ on:
 env:
   GOPATH: /opt/go
   PATH: /opt/go/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin
-  GO_VER: 1.20.7
+  GO_VER: 1.21.3
 
 permissions:
   contents: read # to fetch code (actions/checkout)
 
 jobs:
   basic-checks:
     name: Basic Checks
-    runs-on: fabric-ubuntu-20.04
+    runs-on: ${{ github.repository == 'hyperledger/fabric' && 'fabric-ubuntu-20.04' || 'ubuntu-20.04' }}
     steps:
       - uses: actions/setup-go@v3
         name: Install Go
@@ -36,7 +36,7 @@ jobs:
   unit-tests:
     name: Unit Tests
     needs: basic-checks
-    runs-on: fabric-ubuntu-20.04
+    runs-on: ${{ github.repository == 'hyperledger/fabric' && 'fabric-ubuntu-20.04' || 'ubuntu-20.04' }}
     steps:
       - uses: actions/setup-go@v3
         name: Install Go
@@ -55,7 +55,7 @@ jobs:
       fail-fast: false
       matrix:
         INTEGRATION_TEST_SUITE: ["raft","pvtdata","pvtdatapurge","ledger","lifecycle","e2e smartbft","discovery gossip devmode pluggable","gateway idemix pkcs11 configtx configtxlator","sbe nwo msp"]
-    runs-on: fabric-ubuntu-20.04
+    runs-on: ${{ github.repository == 'hyperledger/fabric' && 'fabric-ubuntu-20.04' || 'ubuntu-20.04' }}
     steps:
       - uses: actions/setup-go@v3
         name: Install Go

.github/workflows/vulnerability-scan.yml

@@ -30,6 +30,6 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.20.7
+          go-version: 1.21.3
       - name: Scan
         run: make scan

Makefile

@@ -78,7 +78,7 @@ METADATA_VAR += CommitSHA=$(EXTRA_VERSION)
 METADATA_VAR += BaseDockerLabel=$(BASE_DOCKER_LABEL)
 METADATA_VAR += DockerNamespace=$(DOCKER_NS)
 
-GO_VER = 1.20.7
+GO_VER = 1.21.3
 GO_TAGS ?=
 
 RELEASE_EXES = orderer $(TOOLS_EXES)
@@ -249,7 +249,10 @@ $(BUILD_DIR)/images/%/$(DUMMY):
 		--build-arg TARGETARCH=$(ARCH) \
 		--build-arg TARGETOS=linux \
 		$(BUILD_ARGS) \
-		-t $(DOCKER_NS)/fabric-$* ./$(BUILD_CONTEXT)
+		-t $(DOCKER_NS)/fabric-$* \
+		-t $(DOCKER_NS)/fabric-$*:$(FABRIC_VER) \
+		-t $(DOCKER_NS)/fabric-$*:$(TWO_DIGIT_VERSION) \
+		./$(BUILD_CONTEXT)
 
 # builds release packages for the host platform
 .PHONY: release

README.md

@@ -70,7 +70,7 @@ for the full details.
 
 ## Community
 
-[Hyperledger Community](https://www.hyperledger.org/community)
+[Hyperledger Community](https://www.meetup.com/pro/hyperledger/)
 
 [Hyperledger mailing lists and archives](http://lists.hyperledger.org/)
 

bccsp/pkcs11/pkcs11.go

@@ -664,7 +664,7 @@ func (csp *Provider) verifyP11ECDSA(ski []byte, msg []byte, R, S *big.Int, byteS
 		return false, fmt.Errorf("PKCS11: Verify-initialize [%s]", err)
 	}
 	err = csp.ctx.Verify(session, msg, sig)
-	if err == pkcs11.Error(pkcs11.CKR_SIGNATURE_INVALID) {
+	if errors.Is(err, pkcs11.Error(pkcs11.CKR_SIGNATURE_INVALID)) {
 		return false, nil
 	}
 	if err != nil {

bccsp/sw/fileks.go

@@ -417,7 +417,7 @@ func dirEmpty(path string) (bool, error) {
 	defer f.Close()
 
 	_, err = f.Readdir(1)
-	if err == io.EOF {
+	if errors.Is(err, io.EOF) {
 		return true, nil
 	}
 	return false, err

ccaas_builder/cmd/detect/main.go

@@ -28,7 +28,6 @@ func main() {
 	}
 
 	logger.Printf("::Type detected as ccaas")
-
 }
 
 type chaincodeMetadata struct {
@@ -42,26 +41,22 @@ func run() error {
 
 	chaincodeMetaData := os.Args[2]
 
+	// Check metadata file's existence
 	metadataFile := filepath.Join(chaincodeMetaData, "metadata.json")
-	_, err := os.Stat(metadataFile)
-	if err != nil {
-		return fmt.Errorf("%s not found ", metadataFile)
-	}
-
 	if _, err := os.Stat(metadataFile); err != nil {
 		return errors.WithMessagef(err, "%s not found ", metadataFile)
 	}
 
-	mdbytes, cause := os.ReadFile(metadataFile)
-	if cause != nil {
-		err := errors.WithMessagef(cause, "%s not readable", metadataFile)
-		return err
+	// Read the metadata file
+	mdbytes, err := os.ReadFile(metadataFile)
+	if err != nil {
+		return errors.WithMessagef(err, "%s not readable", metadataFile)
 	}
 
 	var metadata chaincodeMetadata
-	cause = json.Unmarshal(mdbytes, &metadata)
-	if cause != nil {
-		return errors.WithMessage(cause, "Unable to parse the metadata.json file")
+	err = json.Unmarshal(mdbytes, &metadata)
+	if err != nil {
+		return errors.WithMessage(err, "Unable to parse the metadata.json file")
 	}
 
 	if strings.ToLower(metadata.Type) != "ccaas" {
@@ -70,5 +65,4 @@ func run() error {
 
 	// returning nil indicates to the peer a successful detection
 	return nil
-
 }

cmd/common/cli.go

@@ -65,33 +65,31 @@ func (cli *CLI) Run(args []string) {
 	configureFlags(cli.app)
 
 	command := kingpin.MustParse(cli.app.Parse(args))
-	if command == persist.FullCommand() {
+	switch command {
+	case persist.FullCommand():
 		if *configFile == "" {
 			out("--configFile must be used to specify the configuration file")
 			return
 		}
 		persistConfig(parseFlagsToConfig(), *configFile)
-		return
-	}
-
-	var conf Config
-	if *configFile == "" {
-		conf = parseFlagsToConfig()
-	} else {
-		conf = loadConfig(*configFile)
-	}
+	default:
+		var conf Config
+		if *configFile == "" {
+			conf = parseFlagsToConfig()
+		} else {
+			conf = loadConfig(*configFile)
+		}
 
-	f, exists := cli.dispatchers[command]
-	if !exists {
-		out("Unknown command:", command)
-		terminate(1)
-		return
-	}
-	err := f(conf)
-	if err != nil {
-		out(err)
-		terminate(1)
-		return
+		f, exists := cli.dispatchers[command]
+		if !exists {
+			out("Unknown command:", command)
+			terminate(1)
+			return
+		}
+		if err := f(conf); err != nil {
+			out(err)
+			terminate(1)
+		}
 	}
 }
 

cmd/common/config.go

@@ -42,24 +42,28 @@ func (c Config) ToFile(file string) error {
 	if err := validateConfig(c); err != nil {
 		return errors.Wrap(err, "config isn't valid")
 	}
-	b, _ := yaml.Marshal(c)
+	b, err := yaml.Marshal(c)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal config")
+	}
 	if err := os.WriteFile(file, b, 0o600); err != nil {
 		return errors.Errorf("failed writing file %s: %v", file, err)
 	}
 	return nil
 }
 
 func validateConfig(conf Config) error {
-	nonEmptyStrings := []string{
-		conf.SignerConfig.MSPID,
-		conf.SignerConfig.IdentityPath,
-		conf.SignerConfig.KeyPath,
+	nonEmptyElems := map[string]string{
+		"MSPID":        conf.SignerConfig.MSPID,
+		"IdentityPath": conf.SignerConfig.IdentityPath,
+		"KeyPath":      conf.SignerConfig.KeyPath,
 	}
 
-	for _, s := range nonEmptyStrings {
-		if s == "" {
-			return errors.New("empty string that is mandatory")
+	for key, value := range nonEmptyElems {
+		if value == "" {
+			return errors.Errorf("%s is mandatory and cannot be empty", key)
 		}
 	}
+
 	return nil
 }

cmd/discover/main_test.go

@@ -27,5 +27,5 @@ func TestMissingArguments(t *testing.T) {
 	process, err := Start(cmd, nil, nil)
 	gt.Expect(err).NotTo(HaveOccurred())
 	gt.Eventually(process, 5*time.Second).Should(Exit(1))
-	gt.Expect(process.Err).To(gbytes.Say("empty string that is mandatory"))
+	gt.Expect(process.Err).To(gbytes.Say("IdentityPath|KeyPath is mandatory and cannot be empty"))
 }

common/channelconfig/consortium.go

@@ -54,7 +54,7 @@ func (cc *ConsortiumConfig) Organizations() map[string]Org {
 	return cc.orgs
 }
 
-// CreationPolicy returns the policy structure used to validate
+// ChannelCreationPolicy returns the policy structure used to validate
 // the channel creation
 func (cc *ConsortiumConfig) ChannelCreationPolicy() *cb.Policy {
 	return cc.protos.ChannelCreationPolicy

common/deliver/deliver.go

@@ -328,12 +328,18 @@ func (h *Handler) deliverBlocks(ctx context.Context, srv *Server, envelope *cb.E
 
 		logger.Debugf("[channel: %s] Delivering block [%d] for (%p) for %s", chdr.ChannelId, block.Header.Number, seekInfo, addr)
 
+		// Data blocks carry nil data for block attestations.
+		// Never mutate the block received from the iterator as it is from a cache.
+		block2send := block
 		if seekInfo.ContentType == ab.SeekInfo_HEADER_WITH_SIG && !protoutil.IsConfigBlock(block) {
-			block.Data = nil
+			block2send = &cb.Block{
+				Header:   block.Header,
+				Metadata: block.Metadata,
+			}
 		}
 
 		signedData := &protoutil.SignedData{Data: envelope.Payload, Identity: shdr.Creator, Signature: envelope.Signature}
-		if err := srv.SendBlockResponse(block, chdr.ChannelId, chain, signedData); err != nil {
+		if err := srv.SendBlockResponse(block2send, chdr.ChannelId, chain, signedData); err != nil {
 			logger.Warningf("[channel: %s] Error sending to %s: %s", chdr.ChannelId, addr, err)
 			return cb.Status_INTERNAL_SERVER_ERROR, err
 		}

common/deliver/deliver_test.go

@@ -502,6 +502,7 @@ var _ = Describe("Deliver", func() {
 		})
 
 		Context("when seek info is configured to header with sig content type", func() {
+			var cachedBlocks []*cb.Block
 			BeforeEach(func() {
 				seekInfo = &ab.SeekInfo{
 					Start:       &ab.SeekPosition{},
@@ -516,11 +517,12 @@ var _ = Describe("Deliver", func() {
 						Data:     &cb.BlockData{Data: [][]byte{{1}, {2}}},
 						Metadata: &cb.BlockMetadata{Metadata: [][]byte{{3}, {4}}},
 					}
+					cachedBlocks = append(cachedBlocks, blk)
 					return blk, cb.Status_SUCCESS
 				}
 			})
 
-			It("sends blocks with nil Data", func() {
+			It("sends blocks with nil Data, but does not mutate cached blocks", func() {
 				err := handler.Handle(context.Background(), server)
 				Expect(err).NotTo(HaveOccurred())
 
@@ -538,6 +540,10 @@ var _ = Describe("Deliver", func() {
 						Metadata: &cb.BlockMetadata{Metadata: [][]byte{{3}, {4}}},
 					}))
 				}
+
+				for _, b := range cachedBlocks {
+					Expect(b.Data).ToNot(BeNil())
+				}
 			})
 		})
 

common/fabhttp/server_test.go

@@ -12,6 +12,7 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
 	"syscall"
@@ -169,7 +170,8 @@ var _ = Describe("Server", func() {
 			Expect(err).NotTo(HaveOccurred())
 
 			_, err = unauthClient.Get(fmt.Sprintf("https://%s/healthz", server.Addr()))
-			Expect(err).To(MatchError(ContainSubstring("remote error: tls: bad certificate")))
+			Expect(err).To(BeAssignableToTypeOf(&url.Error{}))
+			Expect(err.(*url.Error).Err.Error()).To(ContainSubstring("remote error: tls: certificate required"))
 		})
 	})
 

common/ledger/blkstorage/blockfile_mgr.go

@@ -374,7 +374,7 @@ func (mgr *blockfileMgr) syncIndex() error {
 	nextIndexableBlock := uint64(0)
 	lastBlockIndexed, err := mgr.index.getLastBlockIndexed()
 	if err != nil {
-		if err != errIndexSavePointKeyNotPresent {
+		if !errors.Is(err, errIndexSavePointKeyNotPresent) {
 			return err
 		}
 	} else {

common/ledger/blockledger/fileledger/factory.go

@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 package fileledger
 
 import (
+	"errors"
 	"os"
 	"path/filepath"
 	"sync"
@@ -59,7 +60,7 @@ func (f *fileLedgerFactory) Remove(channelID string) error {
 	f.mutex.Lock()
 	defer f.mutex.Unlock()
 
-	if err := f.removeFileRepo.Save(channelID, []byte{}); err != nil && err != os.ErrExist {
+	if err := f.removeFileRepo.Save(channelID, []byte{}); err != nil && !errors.Is(err, os.ErrExist) {
 		return err
 	}
 

common/util/net.go

@@ -16,15 +16,14 @@ import (
 )
 
 func ExtractRemoteAddress(ctx context.Context) string {
-	var remoteAddress string
 	p, ok := peer.FromContext(ctx)
 	if !ok {
 		return ""
 	}
 	if address := p.Addr; address != nil {
-		remoteAddress = address.String()
+		return address.String()
 	}
-	return remoteAddress
+	return ""
 }
 
 // ExtractCertificateHashFromContext extracts the hash of the certificate from the given context.