hyperledger · tock-ibm · May 13, 2026 · May 12, 2026 · May 13, 2026 · tock-ibm
diff --git a/common/channelconfig/channel.go b/common/channelconfig/channel.go
@@ -182,13 +182,6 @@ func (cc *ChannelConfig) Validate(channelCapabilities ChannelCapabilities) error
 		}
 	}
 
-	// We check global orderer addresses only if we are below ChannelV1_4_2
-	if !channelCapabilities.OrgSpecificOrdererEndpoints() {
-		if err := cc.validateOrdererAddresses(); err != nil {
-			return err
-		}
-	}
-
 	// We validate no global endpoints at V3_0 or above
 	if channelCapabilities.ConsensusTypeBFT() {
 		return cc.validateNoOrdererAddresses()

diff --git a/common/channelconfig/orderer.go b/common/channelconfig/orderer.go
@@ -90,12 +90,6 @@ func NewOrdererOrgConfig(orgName string, orgGroup *cb.ConfigGroup, mspConfigHand
 		return nil, fmt.Errorf("OrdererOrg config does not allow sub-groups")
 	}
 
-	if !channelCapabilities.OrgSpecificOrdererEndpoints() {
-		if _, ok := orgGroup.Values[EndpointsKey]; ok {
-			return nil, errors.Errorf("Orderer Org %s cannot contain endpoints value until V1_4_2+ capabilities have been enabled", orgName)
-		}
-	}
-
 	protos := &OrdererOrgProtos{}
 	orgProtos := &OrganizationProtos{}
 
@@ -146,7 +140,7 @@ func NewOrdererConfig(ordererGroup *cb.ConfigGroup, mspConfig *MSPConfigHandler,
 		}
 	}
 
-	if channelCapabilities.ConsensusTypeBFT() {
+	if oc.ConsensusType() == "arma" || oc.ConsensusType() == "BFT" {
 		if err := oc.validateAllOrgsHaveEndpoints(); err != nil {
 			return nil, err
 		}

diff --git a/common/channelconfig/realconfig_test.go b/common/channelconfig/realconfig_test.go
@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 package channelconfig_test
 
 import (
+	"path/filepath"
 	"testing"
 
 	"github.com/hyperledger/fabric-lib-go/bccsp/sw"
@@ -34,8 +35,11 @@ func TestWithRealConfigTX(t *testing.T) {
 }
 
 func TestOrgSpecificOrdererEndpoints(t *testing.T) {
-	t.Run("could not create channel orderer config with empty organization endpoints", func(t *testing.T) {
-		conf := configtxgen.Load(configtxgen.SampleDevModeSoloProfile, configtest.GetDevConfigDir())
+	t.Parallel()
+	t.Run("could not create arma orderer config with empty organization endpoints", func(t *testing.T) {
+		t.Parallel()
+		conf := configtxgen.Load(configtxgen.SampleFabricX, configtest.GetDevConfigDir())
+		conf.Orderer.Arma.Path = filepath.Join(configtest.GetDevConfigDir(), "arma_shared_config.pbbin")
 
 		cg, err := configtxgen.NewChannelGroup(conf)
 		require.NoError(t, err)
@@ -49,6 +53,7 @@ func TestOrgSpecificOrdererEndpoints(t *testing.T) {
 	})
 
 	t.Run("could not create channelgroup with empty organization endpoints", func(t *testing.T) {
+		t.Parallel()
 		conf := configtxgen.Load(configtxgen.SampleDevModeSoloProfile, configtest.GetDevConfigDir())
 		conf.Capabilities = map[string]bool{"V3_0": true}
 		conf.Orderer.Organizations[0].OrdererEndpoints = nil
@@ -69,6 +74,7 @@ func TestOrgSpecificOrdererEndpoints(t *testing.T) {
 	})
 
 	t.Run("With V2_0 Capability", func(t *testing.T) {
+		t.Parallel()
 		conf := configtxgen.Load(configtxgen.SampleDevModeSoloProfile, configtest.GetDevConfigDir())
 		conf.Capabilities = map[string]bool{"V2_0": true}
 		require.NotEmpty(t, conf.Orderer.Organizations[0].OrdererEndpoints)
@@ -88,6 +94,7 @@ func TestOrgSpecificOrdererEndpoints(t *testing.T) {
 	})
 
 	t.Run("no global address With V3_0 Capability", func(t *testing.T) {
+		t.Parallel()
 		conf := configtxgen.Load(configtxgen.SampleDevModeSoloProfile, configtest.GetDevConfigDir())
 		conf.Orderer.Addresses = []string{"globalAddress"}
 		conf.Capabilities = map[string]bool{"V3_0": true}

diff --git a/common/deliverclient/verifier_assembler.go b/common/deliverclient/verifier_assembler.go
@@ -42,15 +42,11 @@ func (bva *BlockVerifierAssembler) VerifierFromConfig(configuration *common.Conf
 		return createErrorFunc(err), err
 	}
 
-	bftEnabled := bundle.ChannelConfig().Capabilities().ConsensusTypeBFT()
+	cfg, ok := bundle.OrdererConfig()
+	bftEnabled := ok && (cfg.ConsensusType() == "BFT" || cfg.ConsensusType() == "arma")
 
 	var consenters []*common.Consenter
 	if bftEnabled {
-		cfg, ok := bundle.OrdererConfig()
-		if !ok {
-			err := errors.New("no orderer section in config block")
-			return createErrorFunc(err), err
-		}
 		consenters = cfg.Consenters()
 	}
 

diff --git a/core/aclmgmt/defaultaclprovider.go b/core/aclmgmt/defaultaclprovider.go
@@ -13,7 +13,6 @@ import (
 	pb "github.com/hyperledger/fabric-protos-go-apiv2/peer"
 
 	"github.com/hyperledger/fabric-x-common/common/policies"
-	"github.com/hyperledger/fabric-x-common/core/aclmgmt/resources"
 	"github.com/hyperledger/fabric-x-common/core/policy"
 	"github.com/hyperledger/fabric-x-common/protoutil"
 )
@@ -47,73 +46,6 @@ func newDefaultACLProvider(policyChecker policy.PolicyChecker) defaultACLProvide
 		cResourcePolicyMap: map[string]string{},
 	}
 
-	// -------------- _lifecycle --------------
-	d.pResourcePolicyMap[resources.Lifecycle_InstallChaincode] = policy.Admins
-	d.pResourcePolicyMap[resources.Lifecycle_QueryInstalledChaincode] = policy.Admins
-	d.pResourcePolicyMap[resources.Lifecycle_GetInstalledChaincodePackage] = policy.Admins
-	d.pResourcePolicyMap[resources.Lifecycle_QueryInstalledChaincodes] = policy.Admins
-	d.pResourcePolicyMap[resources.Lifecycle_ApproveChaincodeDefinitionForMyOrg] = policy.Admins
-	d.pResourcePolicyMap[resources.Lifecycle_QueryApprovedChaincodeDefinition] = policy.Admins
-	d.pResourcePolicyMap[resources.Lifecycle_QueryApprovedChaincodeDefinitions] = policy.Admins
-
-	d.cResourcePolicyMap[resources.Lifecycle_CommitChaincodeDefinition] = CHANNELWRITERS
-	d.cResourcePolicyMap[resources.Lifecycle_QueryChaincodeDefinition] = CHANNELWRITERS
-	d.cResourcePolicyMap[resources.Lifecycle_QueryChaincodeDefinitions] = CHANNELWRITERS
-	d.cResourcePolicyMap[resources.Lifecycle_CheckCommitReadiness] = CHANNELWRITERS
-
-	// -------------- snapshot ---------------
-	d.pResourcePolicyMap[resources.Snapshot_submitrequest] = policy.Admins
-	d.pResourcePolicyMap[resources.Snapshot_cancelrequest] = policy.Admins
-	d.pResourcePolicyMap[resources.Snapshot_listpending] = policy.Admins
-
-	// -------------- LSCC --------------
-	// p resources (implemented by the chaincode currently)
-	d.pResourcePolicyMap[resources.Lscc_Install] = policy.Admins
-	d.pResourcePolicyMap[resources.Lscc_GetInstalledChaincodes] = policy.Admins
-
-	// c resources
-	d.cResourcePolicyMap[resources.Lscc_Deploy] = ""  // ACL check covered by PROPOSAL
-	d.cResourcePolicyMap[resources.Lscc_Upgrade] = "" // ACL check covered by PROPOSAL
-	d.cResourcePolicyMap[resources.Lscc_ChaincodeExists] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Lscc_GetDeploymentSpec] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Lscc_GetChaincodeData] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Lscc_GetInstantiatedChaincodes] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Lscc_GetCollectionsConfig] = CHANNELREADERS
-
-	// -------------- QSCC --------------
-	// p resources (none)
-
-	// c resources
-	d.cResourcePolicyMap[resources.Qscc_GetChainInfo] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Qscc_GetBlockByNumber] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Qscc_GetBlockByHash] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Qscc_GetTransactionByID] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Qscc_GetBlockByTxID] = CHANNELREADERS
-
-	// --------------- CSCC resources -----------
-	// p resources (implemented by the chaincode currently)
-	d.pResourcePolicyMap[resources.Cscc_JoinChain] = policy.Admins
-	d.pResourcePolicyMap[resources.Cscc_JoinChainBySnapshot] = policy.Admins
-	d.pResourcePolicyMap[resources.Cscc_JoinBySnapshotStatus] = policy.Admins
-	d.pResourcePolicyMap[resources.Cscc_GetChannels] = policy.Members
-
-	// c resources
-	d.cResourcePolicyMap[resources.Cscc_GetConfigBlock] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Cscc_GetChannelConfig] = CHANNELREADERS
-
-	// ---------------- non-scc resources ------------
-	// Peer resources
-	d.cResourcePolicyMap[resources.Peer_Propose] = CHANNELWRITERS
-	d.cResourcePolicyMap[resources.Peer_ChaincodeToChaincode] = CHANNELWRITERS
-
-	// Event resources
-	d.cResourcePolicyMap[resources.Event_Block] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Event_FilteredBlock] = CHANNELREADERS
-
-	// Gateway resources
-	d.cResourcePolicyMap[resources.Gateway_CommitStatus] = CHANNELREADERS
-	d.cResourcePolicyMap[resources.Gateway_ChaincodeEvents] = CHANNELREADERS
-
 	return d
 }
 

diff --git a/core/aclmgmt/resources/resources.go b/core/aclmgmt/resources/resources.go
@@ -5,65 +5,4 @@ SPDX-License-Identifier: Apache-2.0
 */
 
 // Package resources contains resource names used in fabric for ACL checks.
-// Note that some of the checks such as Lscc_INSTALL are "peer wide" (current
-// access checks in peer are based on local MSP). These are not currently
-// covered by resource or default ACLProviders
 package resources
-
-const (
-	// _lifecycle resources
-	Lifecycle_InstallChaincode                   = "_lifecycle/InstallChaincode"
-	Lifecycle_QueryInstalledChaincode            = "_lifecycle/QueryInstalledChaincode"
-	Lifecycle_GetInstalledChaincodePackage       = "_lifecycle/GetInstalledChaincodePackage"
-	Lifecycle_QueryInstalledChaincodes           = "_lifecycle/QueryInstalledChaincodes"
-	Lifecycle_ApproveChaincodeDefinitionForMyOrg = "_lifecycle/ApproveChaincodeDefinitionForMyOrg"
-	Lifecycle_QueryApprovedChaincodeDefinition   = "_lifecycle/QueryApprovedChaincodeDefinition"
-	Lifecycle_QueryApprovedChaincodeDefinitions  = "_lifecycle/QueryApprovedChaincodeDefinitions"
-	Lifecycle_CommitChaincodeDefinition          = "_lifecycle/CommitChaincodeDefinition"
-	Lifecycle_QueryChaincodeDefinition           = "_lifecycle/QueryChaincodeDefinition"
-	Lifecycle_QueryChaincodeDefinitions          = "_lifecycle/QueryChaincodeDefinitions"
-	Lifecycle_CheckCommitReadiness               = "_lifecycle/CheckCommitReadiness"
-
-	// snapshot resources
-	Snapshot_submitrequest = "snapshot/submitrequest"
-	Snapshot_cancelrequest = "snapshot/cancelrequest"
-	Snapshot_listpending   = "snapshot/listpending"
-
-	// Lscc resources
-	Lscc_Install                   = "lscc/Install"
-	Lscc_Deploy                    = "lscc/Deploy"
-	Lscc_Upgrade                   = "lscc/Upgrade"
-	Lscc_ChaincodeExists           = "lscc/ChaincodeExists"
-	Lscc_GetDeploymentSpec         = "lscc/GetDeploymentSpec"
-	Lscc_GetChaincodeData          = "lscc/GetChaincodeData"
-	Lscc_GetInstantiatedChaincodes = "lscc/GetInstantiatedChaincodes"
-	Lscc_GetInstalledChaincodes    = "lscc/GetInstalledChaincodes"
-	Lscc_GetCollectionsConfig      = "lscc/GetCollectionsConfig"
-
-	// Qscc resources
-	Qscc_GetChainInfo       = "qscc/GetChainInfo"
-	Qscc_GetBlockByNumber   = "qscc/GetBlockByNumber"
-	Qscc_GetBlockByHash     = "qscc/GetBlockByHash"
-	Qscc_GetTransactionByID = "qscc/GetTransactionByID"
-	Qscc_GetBlockByTxID     = "qscc/GetBlockByTxID"
-
-	// Cscc resources
-	Cscc_JoinChain            = "cscc/JoinChain"
-	Cscc_JoinChainBySnapshot  = "cscc/JoinChainBySnapshot"
-	Cscc_JoinBySnapshotStatus = "cscc/JoinBySnapshotStatus"
-	Cscc_GetConfigBlock       = "cscc/GetConfigBlock"
-	Cscc_GetChannelConfig     = "cscc/GetChannelConfig"
-	Cscc_GetChannels          = "cscc/GetChannels"
-
-	// Peer resources
-	Peer_Propose              = "peer/Propose"
-	Peer_ChaincodeToChaincode = "peer/ChaincodeToChaincode"
-
-	// Events
-	Event_Block         = "event/Block"
-	Event_FilteredBlock = "event/FilteredBlock"
-
-	// Gateway resources
-	Gateway_CommitStatus    = "gateway/CommitStatus"
-	Gateway_ChaincodeEvents = "gateway/ChaincodeEvents"
-)
diff --git a/protoutil/blockutils_test.go b/protoutil/blockutils_test.go
@@ -586,7 +586,7 @@ func TestBlockSignatureVerifierWithRealPolicy(t *testing.T) {
 	}
 }
 
-//nolint:ireturn,revive
+//nolint:ireturn,revive // interface return needed for test
 func makePolicyTestEnv(t *testing.T, size int) (policies.Policy, []*cb.Consenter, []uint32, []msp.SigningIdentity) {
 	t.Helper()
 	endpoints := make([]*types.OrdererEndpoint, size)
@@ -611,8 +611,7 @@ func makePolicyTestEnv(t *testing.T, size int) (policies.Policy, []*cb.Consenter
 	oc, ok := configMaterial.Bundle.OrdererConfig()
 	require.True(t, ok)
 
-	bftEnabled := configMaterial.Bundle.ChannelConfig().Capabilities().ConsensusTypeBFT()
-	require.True(t, bftEnabled)
+	require.Equal(t, "arma", oc.ConsensusType())
 	consenters := oc.Consenters()
 	require.Len(t, consenters, size)
 

diff --git a/sampleconfig/configtx.yaml b/sampleconfig/configtx.yaml
@@ -136,36 +136,15 @@ Organizations:
 Capabilities:
     # Channel capabilities apply to both the orderers and the peers and must be
     # supported by both.
-    # Set the value of the capability to true to require it.
-    Channel: &ChannelCapabilities
-        # V3.0 for Channel is a catchall flag for behavior which has been
-        # determined to be desired for all orderers and peers running at the v3.0.0
-        # level, but which would be incompatible with orderers and peers from
-        # prior releases.
-        # Prior to enabling V3.0 channel capabilities, ensure that all
-        # orderers and peers on a channel are at v3.0.0 or later.
-        V3_0: true
+    Channel: &ChannelCapabilities {}
 
     # Orderer capabilities apply only to the orderers, and may be safely
     # used with prior release peers.
-    # Set the value of the capability to true to require it.
-    Orderer: &OrdererCapabilities
-        # V1.1 for Orderer is a catchall flag for behavior which has been
-        # determined to be desired for all orderers running at the v1.1.x
-        # level, but which would be incompatible with orderers from prior releases.
-        # Prior to enabling V2.0 orderer capabilities, ensure that all
-        # orderers on a channel are at v2.0.0 or later.
-        V2_0: true
+    Orderer: &OrdererCapabilities {}
 
     # Application capabilities apply only to the peer network, and may be safely
     # used with prior release orderers.
-    # Set the value of the capability to true to require it.
-    Application: &ApplicationCapabilities
-        # V2.5 for Application enables the new non-backwards compatible
-        # features of fabric v2.5, namely the ability to purge private data.
-        # Prior to enabling V2.5 application capabilities, ensure that all
-        # peers on a channel are at v2.5.0 or later.
-        V2_5: true
+    Application: &ApplicationCapabilities {}
 
 ################################################################################
 #
@@ -176,85 +155,6 @@ Capabilities:
 #
 ################################################################################
 Application: &ApplicationDefaults
-    ACLs:
-        # This section provides defaults for policies for various resources
-        # in the system. These "resources" could be functions on system chaincodes
-        # (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources
-        # (e.g.,who can receive Block events). This section does NOT specify the resource's
-        # definition or API, but just the ACL policy for it.
-        #
-        # Users can override these defaults with their own policy mapping by defining the
-        # mapping under ACLs in their channel definition
-
-        #---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
-
-        # ACL policy for _lifecycle's "CheckCommitReadiness" function
-        _lifecycle/CheckCommitReadiness: /Channel/Application/Writers
-
-        # ACL policy for _lifecycle's "CommitChaincodeDefinition" function
-        _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
-
-        # ACL policy for _lifecycle's "QueryChaincodeDefinition" function
-        _lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
-
-        # ACL policy for _lifecycle's "QueryChaincodeDefinitions" function
-        _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers
-
-        #---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
-
-        # ACL policy for lscc's "getid" function
-        lscc/ChaincodeExists: /Channel/Application/Readers
-
-        # ACL policy for lscc's "getdepspec" function
-        lscc/GetDeploymentSpec: /Channel/Application/Readers
-
-        # ACL policy for lscc's "getccdata" function
-        lscc/GetChaincodeData: /Channel/Application/Readers
-
-        # ACL Policy for lscc's "getchaincodes" function
-        lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
-
-        #---Query System Chaincode (qscc) function to policy mapping for access control---#
-
-        # ACL policy for qscc's "GetChainInfo" function
-        qscc/GetChainInfo: /Channel/Application/Readers
-
-        # ACL policy for qscc's "GetBlockByNumber" function
-        qscc/GetBlockByNumber: /Channel/Application/Readers
-
-        # ACL policy for qscc's  "GetBlockByHash" function
-        qscc/GetBlockByHash: /Channel/Application/Readers
-
-        # ACL policy for qscc's "GetTransactionByID" function
-        qscc/GetTransactionByID: /Channel/Application/Readers
-
-        # ACL policy for qscc's "GetBlockByTxID" function
-        qscc/GetBlockByTxID: /Channel/Application/Readers
-
-        #---Configuration System Chaincode (cscc) function to policy mapping for access control---#
-
-        # ACL policy for cscc's "GetConfigBlock" function
-        cscc/GetConfigBlock: /Channel/Application/Readers
-
-        # ACL policy for cscc's "GetChannelConfig" function
-        cscc/GetChannelConfig: /Channel/Application/Readers
-
-        #---Miscellaneous peer function to policy mapping for access control---#
-
-        # ACL policy for invoking chaincodes on peer
-        peer/Propose: /Channel/Application/Writers
-
-        # ACL policy for chaincode to chaincode invocation
-        peer/ChaincodeToChaincode: /Channel/Application/Writers
-
-        #---Events resource to policy mapping for access control###---#
-
-        # ACL policy for sending block events
-        event/Block: /Channel/Application/Readers
-
-        # ACL policy for sending filtered block events
-        event/FilteredBlock: /Channel/Application/Readers
-
     # Organizations lists the orgs participating on the application side of the
     # network.
     Organizations: