Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running generate_policy fails with "couldn't find all security files!" #281

Open
nnmm opened this issue Jul 13, 2022 · 1 comment
Open

Running generate_policy fails with "couldn't find all security files!" #281

nnmm opened this issue Jul 13, 2022 · 1 comment

Comments

@nnmm
Copy link

nnmm commented Jul 13, 2022

Bug report

Required Info:

  • Operating System:
    • Ubuntu 22.04
  • Installation type:
    • Compiled from source
  • Version or commit hash:
    • ROS 2 rolling, sros2 version is cfd25e7
  • DDS implementation:
    • The default (FastRTPS)
  • Client library (if applicable):
    • N/A

Steps to reproduce issue

First, follow the steps from https://github.com/ros2/sros2/blob/rolling/SROS2_Linux.md. With the talker and listener still running (locally), run

export ROS_SECURITY_KEYSTORE=~/sros2_demo/demo_keystore
export ROS_SECURITY_ENABLE=true
export ROS_SECURITY_STRATEGY=Enforce
ros2 security generate_policy --no-daemon policy.xml

Expected behavior

policy.xml is generated successfully.

Actual behavior

The ros2 command prints

[INFO] [1657718034.789617476] [rcl]: Found security directory: /home/user/sros2_demo/demo_keystore/enclaves

>>> [rcutils|error_handling.c:108] rcutils_set_error_state()
This error state is being overwritten:

  'couldn't find all security files!, at /home/user/ros2_rolling/src/ros2/rmw_fastrtps/rmw_fastrtps_shared_cpp/src/participant.cpp:274, at /home/user/ros2_rolling/src/ros2/rcl/rcl/src/rcl/node.c:263'

with this new error message:

  'rcl node's rmw handle is invalid, at /home/user/ros2_rolling/src/ros2/rcl/rcl/src/rcl/node.c:415'

rcutils_reset_error() should be called after error handling to avoid this.
<<<
[ERROR] [1657718034.791679678] [rcl]: Failed to fini publisher for node: 1
error creating node: rcl node's rmw handle is invalid, at /home/user/ros2_rolling/src/ros2/rcl/rcl/src/rcl/node.c:415

I'm not sure if this should be required, but if I create a new enclave ros2cli and export ROS_SECURITY_ENCLAVE_OVERRIDE=/ros2cli, I get

[INFO] [1657718177.218017161] [rcl]: Found security directory: /home/nikolai.morin/sros2_demo/demo_keystore/enclaves/ros2cli
No nodes detected in the ROS graph. No policy file was generated.

and the talker and listener print

2022-07-13 15:16:17.239 [RTPS_EDP Error] Security manager returns an error for writer da.f7.10.ce.d9.77.9f.18.65.1e.f3.b1|ff.0.3.c7 -> Function assignRemoteEndpoints
2022-07-13 15:16:17.239 [RTPS_EDP Error] Security manager returns an error for writer da.f7.10.ce.d9.77.9f.18.65.1e.f3.b1|ff.0.4.c7 -> Function assignRemoteEndpoints

implemented and pros and cons of the different solutions -->
@mikaelarguedas
Copy link
Member

Almost 2 years after but #295 provides a use case for providing enclave to ros2cli

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nnmm @mikaelarguedas