-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update sros2_cmake to use security contexts
Signed-off-by: Ivan Santiago Paunovic <ivanpauno@ekumenlabs.com>
- Loading branch information
Showing
4 changed files
with
23 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,21 @@ | ||
# Security Helper | ||
Add node authentication, cryptography, and access control security keys using a cmake macro. | ||
The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys in the secure root directory. | ||
Add authentication, cryptography, and access control security keys using a cmake macro. | ||
The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys. | ||
|
||
In package.xml add: | ||
`<depend>sros2_cmake</depend>` | ||
In CMakeLists add: | ||
`find_package(sros2_cmake REQUIRED)` | ||
`ros2_secure_node(NODES <node_name>)` | ||
`sros2_generate_artifacts(SECURITY_CONTEXTS <context_name>)` | ||
|
||
Macro definition: | ||
``` | ||
# ros2_secure_node(NODES <node_1> <node_2>...<node_n>) | ||
# sros2_generate_artifacts(SECURITY_CONTEXTS <context_1> <context_2>...<context_n>) | ||
# NODES (macro multi-arg) takes the node names for which keys will be generated | ||
# SECURITY_CONTEXTS (macro multi-arg) takes the security contexts names for which keys will be generated | ||
# Executables can use a different or the same security contexts. | ||
# All nodes in the same process use the same security context. | ||
# SECURITY (cmake arg) if not define or OFF, will not generate key/keystores | ||
# ROS_SECURITY_ROOT_DIRECTORY (env variable) the location of the keystore | ||
# POLICY_FILE (cmake arg) if defined, will compile policies by node name into the access private certificates (e.g POLICY_FILE=/etc/policies/<policy.xml>, Generate: <node_name> /etc/policies/<policy.xml>) **if defined, all nodes must have a policy defined for them** | ||
# POLICY_FILE (cmake arg) if defined, will generate security artifacts for each context defined in the policy file. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters