place default keystore to install space #103
Conversation
Signed-off-by: Mikael Arguedas <mikael.arguedas@gmail.com>
mikaelarguedas
added
in progress
|
@ross-desmond @mjcarroll gentle 🛎️ |
|
LGTM, @ross-desmond can you comment on Mikael's questions above? |
|
@mikaelarguedas this does match the expected behaviour. I believe the comarmor xml policy files are more like a source, as they get compiled into DDS policy files and signed, and are therefore not included in the keystore. The keystore should be able to be generated from scratch to ensure deterministic compilation of security settings. What are your thoughts on that? |
Yeah I agree with that. While I would expect most people to provide their policies via a package, they should be able to just put them in the |
|
@mjcarroll I think we're on the same page here and this is ready to go. (thanks @ross-desmond for the comments 🙇♂️ ) |
Signed-off-by: Mikael Arguedas <mikael.arguedas@gmail.com>
This PR implements the keystore location in install space, based on discussion from #101 (comment)
The original implementation aimed at creating the default keystore in the
sros2_cmakeworkspace install space under aros2_securitydirectory.https://github.com/ross-desmond/sros2/blob/51fd900a1665bd6a4d760aa501488401f32946f3/sros2_cmake/sros2_cmakeConfig.cmake.in#L3-L5
In the case of installing from packages, this logic results in creating the keystore at
/opt/ros/crystal/share/sros2_cmake/cmake/../../../ros2_security(which requires root access).Changes from original implementation:
sros2_cmake's workspace (aka results in the same directory whether the underlay was built in isolated install or merged install layout)keysis renamedkeystore@ross-desmond
Does this match the expected behavior?
What files do we expect to be placed in the
ros2_securityfolders other than the keystore? (user policy files maybe?). If none maybe 1 layer of subdirectory would be enough