Closed ruffsl closed 3 years ago
@JaimeMartin did you folks change your default config by any chance?
This looks like probably a packaging bug. If I look at https://build.ros2.org/view/Fbin_uF64/job/Fbin_uF64__fastrtps__ubuntu_focal_amd64__binary/9/consoleFull (the fastrtps build back in May), I see this:
cd obj-x86_64-linux-gnu && cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=None
-DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var
-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON
"-GUnix Makefiles" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_AUTOGEN_VERBOSE=ON
-DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu -DCMAKE_INSTALL_PREFIX=/opt/ros/foxy -DINSTALL_EXAMPLES=OFF
-DSECURITY=ON ..
If I look at the latest build at https://build.ros2.org/view/Fbin_uF64/job/Fbin_uF64__fastrtps__ubuntu_focal_amd64__binary/24/consoleFull , I see this:
cd obj-x86_64-linux-gnu && cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=None
-DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var
-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON
"-GUnix Makefiles" -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_AUTOGEN_VERBOSE=ON
-DCMAKE_INSTALL_LIBDIR=lib/x86_64-linux-gnu -DCMAKE_INSTALL_PREFIX=/opt/ros/foxy
-DCMAKE_PREFIX_PATH=/opt/ros/foxy ..
Notice that -DSECURITY=ON
is missing from that latter line. Probably something needs to be fixed in https://github.com/ros2-gbp/fastrtps-release , though I'm not sure what. @jacobperron @nuclearsandwich any thoughts here?
It looks like a bad rebase from the last release: https://github.com/ros2-gbp/fastrtps-release/commit/0ed7d056eca7aa24e955f2e35fbff9acf3c06fad removed the template that had -DSECURITY=ON
, and https://github.com/ros2-gbp/fastrtps-release/commit/1e8b0d3a692a921854063d6b616b235307756503 readded the template without -DSECURITY=ON
. We need a PR to the release repo there to restore the -DSECURITY=ON
line, but I'll wait for instructions from @nuclearsandwich on the best way to do that.
Thanks for the quick triage @clalancette!
It looks like Dashing probably has the same problem (https://build.ros2.org/view/Dbin_uB64/job/Dbin_uB64__fastrtps__ubuntu_bionic_amd64__binary/19/consoleFull), though Rolling is fine.
This issue has been mentioned on ROS Discourse. There might be relevant details there:
https://discourse.ros.org/t/preparing-for-foxy-sync-2021-03-01/19178/1
All right, this has been fixed in the testing repositories for both Foxy and Dashing. A sync is scheduled for Foxy. I'm going to close this issue out, thanks for reporting @ruffsl .
@clalancette , do we know yet how this regression slipped under the radar of existing tests and made it's way into a released public sync? Did the system security tests in CI silently fail? What should we do now to prevent this again?
Debian packages don't get tested that's why the regression was not caught.
We would either need a registered package (with PR and / or dev jobs) depending on and testing fastrtps security that got triggered by a new commit, or have some type of nightly that pulls packages from debs and build + test test_security
on top.
Not sure how the regression actually happened, as far as I recall patches always got reapplied on rebase when making a new release. @nuclearsandwich @clalancette do you know what happened there and how to prevent it from happening in the future ?
As a side note: 49,419 additions and 5,228 deletions.
seems like an incredibly large "patch" for an already out LTS release..
It's a combination of 3 things:
-DSECURITY=ON
is enabled while building the debian packages is through patches to the release repositories. These are somewhat easy to lose for someone who isn't intimately familiar with the process and how the fastrtps package in particular is setup.Improving any of those would help prevent this from happening again. Unfortunately, none of them are easy to do.
This issue has been mentioned on ROS Discourse. There might be relevant details there:
https://discourse.ros.org/t/new-packages-for-foxy-fitzroy-2021-03-01/19224/1
This issue has been mentioned on ROS Discourse. There might be relevant details there:
https://discourse.ros.org/t/preparing-for-dashing-sync-2021-03-04/19233/1
Hi, I recently installed foxy on ubuntu 20.04 from binaries. I still have this problem. How do i get the updated packages for fastrtps?
You may want to check what package version you have installed with apt. This is what is in the repo as of writing: http://packages.ros.org/ros2/ubuntu/dists/focal/main/binary-amd64/Packages
Package: ros-foxy-fastrtps
Version: 2.0.2-2focal.20210423.001712
Architecture: amd64
Maintainer: Steven! Ragnarök <stevenragnarok@osrfoundation.org>
Installed-Size: 10752
Depends: libc6 (>= 2.29), libgcc-s1 (>= 3.0), libssl1.1 (>= 1.1.1), libstdc++6 (>= 9), libtinyxml2-6a (>= 5.0.0), ros-foxy-fastcdr, libssl-dev, libtinyxml2-dev, ros-foxy-foonathan-memory-vendor, ros-foxy-ros-workspace
Priority: optional
Section: misc
Filename: pool/main/r/ros-foxy-fastrtps/ros-foxy-fastrtps_2.0.2-2focal.20210423.001712_amd64.deb
Size: 2483772
SHA256: 6743b30df3ac27746175bcb2464299c2d3e3af1be9a8a02179de613c23b4a431
SHA1: c0863876b0dbf48b782f97ee59b04d635cb58359
MD5sum: da6fc30138d3a8b5b859c476dc686e6c
Description: Implementation of RTPS standard.
Hi, I just checked it again. It's working now, seems the problem is with my security keys. Sorry about that. Thanks for the quick reply.
I also met this issue, the command I use as following: git -c core.fsyncobjectfiles=0 -c gc.autoDetach=false -c core.pager=cat clone -b ros-foxy-fastrtps --bare --mirror https://github.com/ros2-gbp/rmw_fastrtps-release /home/build_sros/downloads/git2/github.com.ros2-gbp.rmw_fastrtps-release I checked the version is 1.2.6-1-r0, how can I slove this problem? which version can work?
Bug report
Not sure if this is the best place to report this, but I think the default rmw for Foxy was re-released without DDS security enabled?
Required Info:
ros-foxy-sros2/focal,now 0.9.4-1focal.20210125.232905 amd64 [installed,automatic]
ros-foxy-fastrtps/focal,now 2.0.2-1focal.20201210.051121 amd64 [installed,automatic]
Steps to reproduce issue
Follow the demo documented here:
https://github.com/ros2/sros2/blob/foxy/SROS2_Linux.md
Expected behavior
Security works and demo nodes connect and exchange messages via Secure DDS.
Actual behavior
Additional information
Discovered while update sros2 demos for latest
ros:foxy
images:https://github.com/ros-swg/turtlebot3_demo/pull/34#issuecomment-783727302