meta-ros icon indicating copy to clipboard operation
meta-ros copied to clipboard
verified publisher icon ros

Enable Security for ROS

Open Jpgig opened this issue 1 year ago • 4 comments

Can you also guide me how to enable security portion of the ROS? As per ROS humble documentation need to enable DSECURITY=ON while building the ROS. https://docs.ros.org/en/humble/Tutorials/Advanced/Security/Introducing-ros2-security.html

Jpgig avatar Mar 08 '24 20:03 Jpgig

Thanks @Jpgig, I think this is a really good feature to enable.

Based on the documentation, it looks like the CMake macro needs to be enabled for the DDS provider:

Fast DDS requires an additional CMake flag to build the security plugins, so the colcon invocation needs to be modified to pass:

colcon build --symlink-install --cmake-args -DSECURITY=ON

This seems to be specific to FastDDS ( https://fast-dds.docs.eprosima.com/en/v2.13.3/fastdds/security/security.html )

Is that the DDS provider you wish to use? Do you know if the security feature can be enabled on other DDS providers or on Zenoh? I am curious because the default DDS provider changed to Cyclone DDS at one point, DDS middleware from RTI is also popular, and now Zenoh is being pushed as an alternative.

robwoolley avatar Mar 09 '24 14:03 robwoolley

Thanks for quick response Rob. As per below ROS humble documentation, The default DDS vendor is eProsima’s Fast DDS. https://docs.ros.org/en/humble/Installation/DDS-Implementations.html Is that the DDS provider you wish to use? As FastDDS is default DDS provider, I'm using that. Do you know if the security feature can be enabled on other DDS providers or on Zenoh? I have not looked into other DDS provider.

Jpgig avatar Mar 10 '24 16:03 Jpgig

Based on the documentation, it sounds like you would need to do one of 2 options:

Modify the recipe for Fast DDS that needs -DSECURITY=ON and append it to the cmake invocation by adding:

       EXTRA_OECMAKE:append = " -DSECURITY=ON"

The other option would be to make a quick and dirty change to conf/local.conf:

      EXTRA_OECMAKE:pn-<PACKAGE NAME> += " -DSECURITY=ON"

Let me know what results you get. You mentioned using Wind River Linux LTS earlier, I will try kicking off a test build with Mickledore and Humble this week as well.

rcwoolley avatar Mar 18 '24 14:03 rcwoolley

I tried this option. Seems no compilation error but can't test without examples able to added to run it. Its related to another issue I logged as below: Error for adding demo_nodes_py or demo_nodes_cpp to IMAGE_INSTALL #1105 Are you able to get that added?

Jpgig avatar Mar 20 '24 21:03 Jpgig