You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I want to connect two domains, one of which is secured with sros2. I created a simple demo that should connect secured demo_nodes_cpp/talker through domain_bridge/domain_bridge on domain ID=0 to unsecured demo_nodes_cpp/listener on domain ID=1.
First, generate keys and certificates as in the sros2 tutorial. We will use /talker_listener/talker enclave for bridge, as by default it doesn't apply any access control and will work with any nodes and topics.
Bridge receives secured messages and publishes them as unsecured.
Actual result
Bridge crashes with following logs:
[INFO] [1686655410.275770214] [rcl]: Found security directory: /home/ros/sros2_demo/demo_keystore/enclaves/talker_listener/talker
[INFO] [1686655410.276668597] [rcl]: Found security directory: /home/ros/sros2_demo/demo_keystore/enclaves
>>> [rcutils|error_handling.c:108] rcutils_set_error_state()
This error state is being overwritten:
'couldn't find all security files!, at ./src/participant.cpp:274, at ./src/rcl/node.c:263'
with this new error message:
'rcl node's rmw handle is invalid, at ./src/rcl/node.c:415'
rcutils_reset_error() should be called after error handling to avoid this.
<<<
[ERROR] [1686655410.277115123] [rcl]: Failed to fini publisher for node: 1
terminate called after throwing an instance of 'rclcpp::exceptions::RCLError'
what(): failed to initialize rcl node: rcl node's rmw handle is invalid, at ./src/rcl/node.c:415
[ros2run]: Aborted
Running any other node in Terminal 3 (e.g. ros2 run demo_nodes_cpp listener --ros-args --enclave /talker_listener/talker) works fine.
Is this error in my setup, or is the security not working with the domain_bridge yet? The "Security" section in the design doc only has "TODO" and last mention was on #1 over two years ago with no follow ups.
If I understand correctly, it should not work out of the box, as generated keystore depends on the domain ID, so even if it could somehow connect secure to insecure domain, it could be much less obvious how to connect two separately secured domains (we set keystore location through env variable).
The text was updated successfully, but these errors were encountered:
Hi,
I want to connect two domains, one of which is secured with sros2. I created a simple demo that should connect secured
demo_nodes_cpp/talkerthroughdomain_bridge/domain_bridgeon domain ID=0 to unsecureddemo_nodes_cpp/listeneron domain ID=1.First, generate keys and certificates as in the sros2 tutorial. We will use
/talker_listener/talkerenclave for bridge, as by default it doesn't apply any access control and will work with any nodes and topics.Terminal 1:
Terminal 2:
Terminal 3:
bridge.yaml:
Expected result
Bridge receives secured messages and publishes them as unsecured.
Actual result
Bridge crashes with following logs:
Running any other node in Terminal 3 (e.g.
ros2 run demo_nodes_cpp listener --ros-args --enclave /talker_listener/talker) works fine.Is this error in my setup, or is the security not working with the
domain_bridgeyet? The "Security" section in the design doc only has "TODO" and last mention was on #1 over two years ago with no follow ups.If I understand correctly, it should not work out of the box, as generated keystore depends on the domain ID, so even if it could somehow connect secure to insecure domain, it could be much less obvious how to connect two separately secured domains (we set keystore location through env variable).
The text was updated successfully, but these errors were encountered: