Depricate using gossip ignore security

Since there is tool for generating peer crypto material there is no more need to allow bypassing security checks within gossip layer because each peer will have unique identity. Change-Id: Ic4cd40c724823afa7a7d04c68db45247a0c38f9f Signed-off-by: Artem Barger <[email protected]>
hyperledger · Mar 27, 2017 · fe8c021 · fe8c021
1 parent 397f5de
commit fe8c021
Show file tree

Hide file tree

Showing 5 changed files with 1 addition and 48 deletions.
diff --git a/examples/e2e_cli/docker-compose.yaml b/examples/e2e_cli/docker-compose.yaml
@@ -193,7 +193,6 @@ services:
       - CORE_PEER_ENDORSER_ENABLED=true
       # - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer0:7050
       - CORE_PEER_ADDRESS=peer0:7051
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
       - CORE_PEER_LOCALMSPID=Org0MSP
       - CORE_PEER_TLS_ENABLED=true
       - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peer/peer0/localMspConfig/signcerts/peer0Signer.pem

diff --git a/examples/sfhackfest/channel_test.sh b/examples/sfhackfest/channel_test.sh
@@ -27,7 +27,7 @@ EOF
 
 #create
 echo "Creating channel on Orderer"
-CORE_PEER_GOSSIP_IGNORESECURITY=true CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp/sampleconfig CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050 peer channel create -c myc1 -a anchorPeer.txt >>log.txt 2>&1
+CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp/sampleconfig CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050 peer channel create -c myc1 -a anchorPeer.txt >>log.txt 2>&1
 cat log.txt
    grep -q "Exiting" log.txt
    if [ $? -ne 0 ]; then

diff --git a/examples/sfhackfest/docker-compose-gettingstarted.yml b/examples/sfhackfest/docker-compose-gettingstarted.yml
@@ -65,8 +65,6 @@ services:
       - CORE_PEER_PROFILE_ENABLED=true
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
       - CORE_PEER_GOSSIP_ORGLEADER=true
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
-
     working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
 
     command: peer node start --peer-defaultchain=false
@@ -95,7 +93,6 @@ services:
       - CORE_PEER_PROFILE_ENABLED=true
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
       - CORE_PEER_GOSSIP_ORGLEADER=true
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
     working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
     ports:
       - 8055:7051
@@ -123,7 +120,6 @@ services:
       - CORE_PEER_PROFILE_ENABLED=true
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
       - CORE_PEER_GOSSIP_ORGLEADER=true
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
     working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
 
     ports:

diff --git a/gossip/service/gossip_service.go b/gossip/service/gossip_service.go
@@ -137,14 +137,6 @@ func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string
 			endpoint = overrideEndpoint
 		}
 
-		if viper.GetBool("peer.gossip.ignoreSecurity") {
-			logger.Info("This peer ignoring security in gossip")
-			sec := &secImpl{[]byte(endpoint)}
-			mcs = sec
-			secAdv = sec
-			peerIdentity = []byte(endpoint)
-		}
-
 		idMapper := identity.NewIdentityMapper(mcs)
 		idMapper.Put(mcs.GetPKIidOfCert(peerIdentity), peerIdentity)
 
@@ -312,35 +304,3 @@ func orgListFromConfig(config Config) []string {
 	}
 	return orgList
 }
-
-type secImpl struct {
-	identity []byte
-}
-
-func (*secImpl) OrgByPeerIdentity(api.PeerIdentityType) api.OrgIdentityType {
-	return api.OrgIdentityType("DEFAULT")
-}
-
-func (s *secImpl) GetPKIidOfCert(peerIdentity api.PeerIdentityType) gossipCommon.PKIidType {
-	return gossipCommon.PKIidType(peerIdentity)
-}
-
-func (s *secImpl) VerifyBlock(chainID gossipCommon.ChainID, signedBlock []byte) error {
-	return nil
-}
-
-func (s *secImpl) Sign(msg []byte) ([]byte, error) {
-	return msg, nil
-}
-
-func (s *secImpl) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error {
-	return nil
-}
-
-func (s *secImpl) VerifyByChannel(chainID gossipCommon.ChainID, peerIdentity api.PeerIdentityType, signature, message []byte) error {
-	return nil
-}
-
-func (s *secImpl) ValidateIdentity(peerIdentity api.PeerIdentityType) error {
-	return nil
-}
diff --git a/peer/core.yaml b/peer/core.yaml
@@ -112,8 +112,6 @@ peer:
         publishCertPeriod: 10s
         # Should we skip verifying block messages or not
         skipBlockVerification: false
-        # Should we ignore security or not
-        ignoreSecurity: false
         # Dial timeout(unit: second)
         dialTimeout: 3s
         # Connection timeout(unit: second)