From 521b0cbb0881ecf023834aea66a5ddadd336ec3b Mon Sep 17 00:00:00 2001 From: Ivan Santiago Paunovic Date: Tue, 31 Mar 2020 13:54:36 -0300 Subject: [PATCH] Update sros2_cmake to use security contexts Signed-off-by: Ivan Santiago Paunovic --- sros2_cmake/README.md | 14 ++++++----- ...e.cmake => sros2_generate_artifacts.cmake} | 23 ++++++++++--------- sros2_cmake/package.xml | 2 +- sros2_cmake/sros2_cmake-extras.cmake | 4 ++-- 4 files changed, 23 insertions(+), 20 deletions(-) rename sros2_cmake/cmake/{ros2_secure_node.cmake => sros2_generate_artifacts.cmake} (70%) diff --git a/sros2_cmake/README.md b/sros2_cmake/README.md index 5d037295..47a94e99 100644 --- a/sros2_cmake/README.md +++ b/sros2_cmake/README.md @@ -1,19 +1,21 @@ # Security Helper -Add node authentication, cryptography, and access control security keys using a cmake macro. -The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys in the secure root directory. +Add authentication, cryptography, and access control security keys using a cmake macro. +The macro will generate the secure root directory if it does not exists, then create authentication and cryptography keys. In package.xml add: `sros2_cmake` In CMakeLists add: `find_package(sros2_cmake REQUIRED)` -`ros2_secure_node(NODES )` +`sros2_generate_artifacts(SECURITY_CONTEXTS )` Macro definition: ``` - # ros2_secure_node(NODES ...) + # sros2_generate_artifacts(SECURITY_CONTEXTS ...) - # NODES (macro multi-arg) takes the node names for which keys will be generated + # SECURITY_CONTEXTS (macro multi-arg) takes the security contexts names for which keys will be generated + # Executables can use a different or the same security contexts. + # All nodes in the same process use the same security context. # SECURITY (cmake arg) if not define or OFF, will not generate key/keystores # ROS_SECURITY_ROOT_DIRECTORY (env variable) the location of the keystore - # POLICY_FILE (cmake arg) if defined, will compile policies by node name into the access private certificates (e.g POLICY_FILE=/etc/policies/, Generate: /etc/policies/) **if defined, all nodes must have a policy defined for them** + # POLICY_FILE (cmake arg) if defined, will generate security artifacts for each context defined in the policy file. ``` diff --git a/sros2_cmake/cmake/ros2_secure_node.cmake b/sros2_cmake/cmake/sros2_generate_artifacts.cmake similarity index 70% rename from sros2_cmake/cmake/ros2_secure_node.cmake rename to sros2_cmake/cmake/sros2_generate_artifacts.cmake index 39f73830..31fc7f42 100644 --- a/sros2_cmake/cmake/ros2_secure_node.cmake +++ b/sros2_cmake/cmake/sros2_generate_artifacts.cmake @@ -1,4 +1,4 @@ -# Copyright 2016-2019 Open Source Robotics Foundation, Inc. +# Copyright 2016-2020 Open Source Robotics Foundation, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,12 +12,13 @@ # See the License for the specific language governing permissions and # limitations under the License. -macro(ros2_secure_node) - # ros2_secure_node(NODES ...) +macro(sros2_generate_artifacts) + # sros2_generate_artifacts(SECURITY_CONTEXTS ...) # - # NODES (macro multi-arg) takes the node names for which artifacts will be generated + # SECURITY_CONTEXTS (macro multi-arg) takes the context names for which artifacts will be generated # SECURITY (cmake arg) if not defined or OFF, will not generate keystore/keys/permissions - # POLICY_FILE (cmake arg) if defined, policies defined in the file will used to generate permission files for all the nodes listed in the policy file + # POLICY_FILE (cmake arg) if defined, policies defined in the file will used to generate + # permission files for all the security contexts listed in the policy file. # ROS_SECURITY_ROOT_DIRECTORY (env variable) will be the location of the keystore if(NOT SECURITY) message(STATUS "Not generating security files") @@ -30,13 +31,13 @@ macro(ros2_secure_node) else() set(SECURITY_KEYSTORE ${DEFAULT_KEYSTORE}) endif() - cmake_parse_arguments(ros2_secure_node "" "" "NODES" ${ARGN}) + cmake_parse_arguments(ros2_generate_security_artifacts "" "" "SECURITY_CONTEXTS" ${ARGN}) set(generate_artifacts_command ${PROGRAM} security generate_artifacts -k ${SECURITY_KEYSTORE}) - list(LENGTH ros2_secure_node_NODES nb_nodes) - if(${nb_nodes} GREATER "0") - list(APPEND generate_artifacts_command "-n") - foreach(node ${ros2_secure_node_NODES}) - list(APPEND generate_artifacts_command ${node}) + list(LENGTH ros2_generate_security_artifacts_SECURITY_CONTEXTS nb_security_contexts) + if(${nb_security_contexts} GREATER "0") + list(APPEND generate_artifacts_command "-c") + foreach(security_context ${ros2_generate_security_artifacts_SECURITY_CONTEXTS}) + list(APPEND generate_artifacts_command security_context) endforeach() endif() if(POLICY_FILE) diff --git a/sros2_cmake/package.xml b/sros2_cmake/package.xml index 0df1391a..d44d6d27 100644 --- a/sros2_cmake/package.xml +++ b/sros2_cmake/package.xml @@ -4,7 +4,7 @@ sros2_cmake 0.8.1 - CMake macros to configure security for nodes + CMake macros to configure security ROS Security Working Group Apache 2.0 diff --git a/sros2_cmake/sros2_cmake-extras.cmake b/sros2_cmake/sros2_cmake-extras.cmake index e06709ff..a1bcb9ce 100644 --- a/sros2_cmake/sros2_cmake-extras.cmake +++ b/sros2_cmake/sros2_cmake-extras.cmake @@ -1,4 +1,4 @@ -# Copyright 2019 Open Source Robotics Foundation Inc. +# Copyright 2019-2020 Open Source Robotics Foundation Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,5 +14,5 @@ set(DEFAULT_KEYSTORE "${CMAKE_INSTALL_PREFIX}/ros2_security/keystore") -include("${sros2_cmake_DIR}/ros2_secure_node.cmake") +include("${sros2_cmake_DIR}/sros2_generate_artifacts.cmake")