Enable Security for ROS

[Jpgig]

Can you also guide me how to enable security portion of the ROS? As per ROS humble documentation need to enable DSECURITY=ON while building the ROS. https://docs.ros.org/en/humble/Tutorials/Advanced/Security/Introducing-ros2-security.html

[robwoolley]

Thanks @Jpgig, I think this is a really good feature to enable.

Based on the documentation, it looks like the CMake macro needs to be enabled for the DDS provider:

Fast DDS requires an additional CMake flag to build the security plugins, so the colcon invocation needs to be modified to pass:

colcon build --symlink-install --cmake-args -DSECURITY=ON

This seems to be specific to FastDDS ( https://fast-dds.docs.eprosima.com/en/v2.13.3/fastdds/security/security.html )

Is that the DDS provider you wish to use? Do you know if the security feature can be enabled on other DDS providers or on Zenoh? I am curious because the default DDS provider changed to Cyclone DDS at one point, DDS middleware from RTI is also popular, and now Zenoh is being pushed as an alternative.

[Jpgig]

Thanks for quick response Rob. As per below ROS humble documentation, The default DDS vendor is eProsima’s Fast DDS. https://docs.ros.org/en/humble/Installation/DDS-Implementations.html Is that the DDS provider you wish to use? As FastDDS is default DDS provider, I'm using that. Do you know if the security feature can be enabled on other DDS providers or on Zenoh? I have not looked into other DDS provider.

[rcwoolley]

Based on the documentation, it sounds like you would need to do one of 2 options:

Modify the recipe for Fast DDS that needs -DSECURITY=ON and append it to the cmake invocation by adding:

       EXTRA_OECMAKE:append = " -DSECURITY=ON"

The other option would be to make a quick and dirty change to conf/local.conf:

      EXTRA_OECMAKE:pn- += " -DSECURITY=ON"

Let me know what results you get. You mentioned using Wind River Linux LTS earlier, I will try kicking off a test build with Mickledore and Humble this week as well.

[Jpgig]

I tried this option. Seems no compilation error but can't test without examples able to added to run it. Its related to another issue I logged as below: Error for adding demo_nodes_py or demo_nodes_cpp to IMAGE_INSTALL #1105 Are you able to get that added?