CorDapp packaging

In the Corda 5 Developer Preview, CorDapps are distributed as Corda package files (.cpk files), and Corda package bundles (.cpb files).

Corda package files

Corda package files (.cpk files) are the standard way to distribute CorDapps for the Corda 5 Developer Preview. A Corda package file is a .zip file with a .cpk extension. It is a “jar-of-jars” single distributable for the CorDapp. It contains META-INF files for publisher content signing, and that define versioning and dependencies. The dependency information in the .cpk file defines dependencies based upon version, hash, and publisher key.

The .cpk file also contains the main CorDapp .jar file and its dependencies, except for Corda’s own .jar files and .jar files that are provided by Corda (such as Kotlin and Quasar).

The main .jar file contains enough OSGi metadata to be a valid OSGi bundle.

Corda package files are created using the CorDapp CPK gradle plugin .

Corda package bundles

A Corda package bundle (.cpb file) contain .cpk files, plus a MANIFEST.MF and other Corda-related information.

They can be created with the CorDapp Builder CLI tool or with the CorDapp CPB gradle plugin .

The point of the .cpb file is to contain all of the .cpk files that are expected to be deployed together as a single application. So in a typical example, you would apply net.corda.plugins.cordapp-cpk for the contract CPK project, and net.corda.plugins.cordapp-cpb in the workflows CPB project. The .cpb file would then contain both your contracts and your workflows' .cpks.

Inspecting Corda package files

You can use the package command in the Corda CLI command-line utility to inspect the contents of Corda package files. For more information, see CPK inspection tool .

Corda Security Manager

The Corda Security Manager prevents CorDapp packages from performing certain dangerous operations, such as a sandboxed package installing bundles outside the sandbox. The Corda Security Manager starts automatically on node startup; no user interaction is required.

The Corda Security Manager leverages the OSGi security layer to deny the following permissions to all .cpbs:

  • AdminPermission.LIFECYCLE - required to install, update, or uninstall bundles.
  • AdminPermission.EXECUTE - required to start, stop, or modify the start level of bundles.
  • AdminPermission.EXTENSIONLIFECYCLE - as above, but for extension bundles.
  • AdminPermission.RESOLVE - required to resolve or refresh bundles.

Any attempt by CPK code to perform one of the operations above will cause an AccessControlException to be thrown.

Installing Corda package files

To install a Corda package file, see the corda-cli install command .

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.