add --secure option to launch with encryption #180
Conversation
Arnatious
force-pushed
the
secure_launch
branch
from
e1a59eb
to
add25f3
Compare
Arnatious
force-pushed
the
secure_launch
branch
from
add25f3
to
ee23262
Compare
|
@clalancette can we get some help poking those tests? |
Do you need us to rerun the PR tests, run on ci.ros2.org, or something else? |
|
Re-run the PR tests, please. The SROS2 PR on which this PR depended landed, but we can't seem to convince it to run again. We thought force-pushing would do it, but that doesn't seem to be the case. I can kick off the other CI. |
|
@ros-pull-request-builder retest this please |
|
@clalancette we're getting a |
Yeah, that's correct. You'll need to do a new release into Rolling before the PR job will succeed. |
|
|
||
| self.__enclave = self.node_name.replace( | ||
| Node.UNSPECIFIED_NODE_NAME, nodl_node.name | ||
| ).replace(Node.UNSPECIFIED_NODE_NAMESPACE, '') |
There was a problem hiding this comment.
An unspecified namespace does not imply no namespace; it could be set within the node and therefore launch doesn't know the fully-qualified name of the node. Does this have any implication on the name of the enclave chosen?
There was a problem hiding this comment.
The enclave must be the fully qualified node name. Unfortunately there is no way to get this prior to runtime, so we're using a best-guess here that a node won't namespace itself in code to make the secure launch function work at all.
There was a problem hiding this comment.
The enclave doesn't need to be the fully qualified node name, right? It just needs to match up with the keypair that has been generated. Thankfully, here we're doing both-- generating the keypair and then passing the --ros-args necessary to use it by setting the enclave name. There's nothing requiring that enclave name to be anything special.
There was a problem hiding this comment.
Note, however, that the security files IN the enclave must match up to the given participant name, which I think is where this becomes important.
| metavar='keystore', | ||
| nargs='?', | ||
| const='', | ||
| help=('Launch using ROS 2 security features using specified keystore dir.' |
There was a problem hiding this comment.
nitpick:
| help=('Launch using ROS 2 security features using specified keystore dir.' | |
| help=('Launch with ROS 2 security features using the specified keystore directory.' |
Signed-off-by: Ted Kern <ted.kern@canonical.com>
Signed-off-by: Ted Kern <ted.kern@canonical.com>
Signed-off-by: Ted Kern <ted.kern@canonical.com>
Arnatious
force-pushed
the
secure_launch
branch
from
1effef7
to
984f1cf
Compare
| @@ -51,9 +51,13 @@ | |||
| from launch_ros.utilities import normalize_remap_rules | |||
| from launch_ros.utilities import prefix_namespace | |||
|
|
|||
| import nodl | |||
There was a problem hiding this comment.
If I understand the situation correctly (from here), nodl is under a GPLv3 license. Because of that, I don't think we can take this into the launch_ros core. I'm going to double-check on this internally, so I'll get back with a definitive answer, but I just wanted to make you aware that this may be a non-starter.
There was a problem hiding this comment.
Close-- It's LGPL, @clalancette, which should be better for integration. That's standing guidance from our legal department. Let us know if that proves to be an issue; we can have a conversation with them if necessary, so don't let that stand in the way of review.
There was a problem hiding this comment.
We're re-licensing as Apache 2.0 in ubuntu-robotics/nodl#35
|
I've discussed this change briefly with the team, and we think it would make sense to add extensions points to |
No argument here, that may very well make sense, but given that such a thing doesn't exist today, what does that mean for this feature? |
I'm not sure. I'd rather not introduce more dependencies. In particular, introducing Until someone gets around to making @ros2/team Thoughts? |
|
This pull request has been mentioned on ROS Discourse. There might be relevant details there: https://discourse.ros.org/t/eprosima-presents-visual-ros/17632/5 |
|
I agree with @jacobperron, one of:
The second bullet is ideal in my opinion, but it also takes the most work and incurs the most delays. I really would rather not merge this as-is adding the hard dependency on NoDL for now. |
I'd say our only strong feeling is "not this". I believe a soft dependency will lead to confusing documentation, "why doesn't this work" bugs, tests that don't run regularly, and overall feature rot. I think we all agree that making this more extensible is ideal, but that sounds like a fundamental restructuring of the project, which is honestly something we're not qualified to do. If someone wants to propose a design doc we can at least help vet it though, and might be able to help implement it in the future. I wonder if it might fit into @roger-strain's refactor. |
|
I do believe that we've now done this in a different way through #216 . I'm going to close this out, but please feel free to reopen if I'm wrong. |
add implementation of
--secureflag to have ros2launch handle configuring all launched actions to use secure ros functionality. Currently only handles encryption, access control functionality can be built from this.Adds two new optional arguments to
ros2 launch,--secure [keystore_path]Enable security. If a keystore path is provided, create and initialize it if necessary and use it. Otherwise generate an ephemeral keystore for this launch invocation only.
--no-create-keystoreDo not attempt to create/initialize a keystore or create an ephemeral keystore. Require keystore_path to point to an existing keystore.
The launch description is modified with the necessary steps to set environment variables as needed by rcl, and the creation of keys is handled automatically in the
Nodeaction type by making a best guess of the fully qualified node name using NoDL.Adds dependencies on