-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security directory lookup improvements #332
Conversation
Note about the lint tests - they failed mainly because multiple issues in the imported |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As from the discourse thread, I commented on my personal aversion to more involved resource location resolution, in part by how the added complexity may result in unintened consquenses, but didn't give an example. For a longest matching prefix approach, I'll formulate such a vulnerability below:
A user is migrating a ROS2 system to use security and have a nested set of structure namespaces to organize and segment the computation graph. The use has two nodes with the FQN:
/foo/bar
and/foo/bar/baz
, each with their own security set of permissions necessary for the capabilities each requires. The permission for/foo/bar/baz
is made restrictive and is a subset of the grater permissions granted to/foo/bar
.However, upon deployment, the secure_node_root directory
/foo/bar/baz
is somehow deleted or omitted from disk, and so upon runtime the longest matching prefix approach would silently resolve the secure_node_root directory, and fallback to/foo/bar
, thus unintentionally (or maliciously if the case may be) escalating the permissions of the/foo/bar/baz
node.
I release this might be a contrived case, but given the FQN hierarchy or ROS applications, and a shared security root path, I think this case of silent upgrading/downgrading/alternate of permissions/credentials from resolving the wrong or unintended directory would be possible or common.
Arguably, you might suggest using something like linux security modules to restrict file system access for separate nodes; but this would complicate the use of tinydir to traverse the secure root directory. Alternately you could restrict FQN expansion to the node name, not the namespace prefix, yet /foo/bar
and /foo/bar_baz
would fall prey to this as well.
I think being explicit in setting the FQN of the node or explicitly setting the secure_node_root directory, rather than having any interpreter operate on uncontrolled data input, would be safer. Better still would be to refactor or extend the fetching/referencing of security artifacts as a plugable system, as I commented down in this review.
@@ -46,6 +46,7 @@ set(${PROJECT_NAME}_sources | |||
src/rcl/timer.c | |||
src/rcl/validate_topic_name.c | |||
src/rcl/wait.c | |||
src/rcl/security_directory.c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for breaking out security related functions, and organizing them under their own source file.
} | ||
// Check node_secure_root is not NULL before checking directory | ||
if (NULL == node_secure_root) { | ||
allocator->deallocate(node_secure_root, allocator->state); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch, line 174 was a bug.
Hey, I was wondering whether you had any thoughts about my latest replies. It would be great to get this in to Crystal. I can improve the logging to include the actual resolved location but I'm waiting to hear back about the other comments. |
One thing I guess I'm not seeing is when would be the case where the development CLI tools in the same shell environment require different credentials and permissions? If I was developing, I'd at least want all my CLI tools to have developer level privileges so I could introspect the entire ROS system, and so they would have equivalent credentials, thus I might as well set the secure node environment to control what they use exactly, regardless of what CLI tool I trust to use it. And if I did need to use two tools at the same time with different credentials, wouldn't one use multiple shells? I added some quoted citations to give a better background to my other comment above. I'll list the title below.
Given I already let a null error slip my previous review in line 174, I don't think I'm the best to ask in auditing all of tinydir. Perhaps another contributor provide more thorough feedback.
I'd still like to see this logging make it into crystal, great for debugging and given new users better hints. |
You'd want the CLI tools to have elevated permissions (or, developer level privileges), but you wouldn't want other nodes to have those. That's relevant both for a development environment and a production system. For a development environment, you'd be launching nodes "manually" from a shell, and you'd also be using CLI tools, either via the same shell you launched a node or in a different one - both workflows are possible. The thing is, if developers are limited to using environment variables, one of two things would happen:
|
We really have to close on this, as I see it we have three options, from best to worst:
|
I don't think I have merge permissions for repo (just voltering my spare time during grad school for reviewing), so I'm probably not the one you'd have to ultimately convince here. That said, you've swayed me and I do think this is a worthwhile feature, and I'd approve such a PR provided it incorporate the following:
|
Sounds good to me. I'll have an updated version later today. |
Updated. Introduced
With
With
|
I couldn't really view the PR file change at first (93 files changed), as the PR commit history seemed jumbled. So I rebased the PR branch wrt to the current master branch. Please check I didn't botch anything. I tried testing this locally:
but encountered a snag:
Check if you can reproduce my test temporarily in a single environment session: export ROS_SECURITY_ROOT_DIRECTORY=~/sros2_demo/demo_keys
export ROS_SECURITY_ENABLE=true
export ROS_SECURITY_STRATEGY=Enforce
# test talker
ros2 run demo_nodes_cpp talker[INFO] [rcl]: Found security directory: /home/ubuntu/sros2_demo/demo_keys/talker
[INFO] [talker]: Publishing: 'Hello World: 1'
[INFO] [talker]: Publishing: 'Hello World: 2'
...
# works fine, and stop it
^C
# move node folder and set use prefix matching
mv $ROS_SECURITY_ROOT_DIRECTORY/talker $ROS_SECURITY_ROOT_DIRECTORY/talk
export ROS_SECURITY_LOOKUP_TYPE=MATCH_PREFIX
# test talker again
ros2 run demo_nodes_cpp talker
...
^C[INFO] [rclcpp]: signal_handler(signal_value=2)
^C[INFO] [rclcpp]: signal_handler(signal_value=2)
# talker will hang with no stdout, force kill it
killall -9 talker
# now switch to using override
export ROS_SECURITY_NODE_DIRECTORY=$ROS_SECURITY_ROOT_DIRECTORY/talk
# test talker for the third time
ros2 run demo_nodes_cpp talker[INFO] [rcl]: Found security directory: /home/ubuntu/sros2_demo/demo_keys/talker
[INFO] [talker]: Publishing: 'Hello World: 1'
[INFO] [talker]: Publishing: 'Hello World: 2'
...
# works fine, and stop it
^C |
Good catch! I suspect there was a bug where, if the file is not a directory ( |
Awsome! Just tested locally again as well, and the prefix is now working for the case above. Perhaps you may also want to add some tests for these new features just to better asure coverage for any other corner cases we might have missed manualy running it. Some of the other security tests are located here: Ask any of the OSRF folks to trigger a jinkines CI build to test this PR against the rest of the release. |
Cool, thank you! will add system tests as well. If there are no outstanding comments here, would you be able to mark your review as approved? @tfoote could you please help trigger a build against Crystal? Thanks! |
I don't know of any security documentation other than the current READMEs on the sros2 repo.
I think porting the old readmes I mentioned above from the sros2 repo into an security section section on the official docs repo would be fine idea. |
I ran a build up to rcl and testing rcl is there specific packages that should be tested in the ci? Also this looks to be in conflict now so I'm not sure how out of date the content is for a rebase/merge. https://gist.github.com/tfoote/5bf239ac5bd653a9aaba5f2ee3111898 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few minor comments.
Also, there some linter issues (not just in tinydir.h).
Regarding the tinydir dependency, I think copying it here is fine and we could add a linter exception for it.
Alternatively, it could be copied to a separate vendor package for better isolation/reuse (e.g. tinyxml_vendor). But I'm interested to hear what others think.
rcl/test/CMakeLists.txt
Outdated
) | ||
|
||
# Install test resources | ||
INSTALL(DIRECTORY ${test_resources_dir_name} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why should we install the test resources?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We copy those to the same directory as the test binaries as they're required for running the tests (it's not strictly necessary, I suppose I could've propagated ${test_resources_dir_name}
to the test code, but I find it better to separate source from binaries / run-time resources).
I think it is acceptable to have I think a better solution would be to extend the existing Finally, I think the best solution (long term solution) would be to remove all of the use of filesystem and environment variable usage related to security from Again, for now I think the tinydir in rcl is acceptable given the linter issues are resolved, but I would see it as additional technical debt. |
+1 for extending the filesystem API in |
Yep, makes sense. We've fixed the linter issues in all but tinydir, as it is an external project it would be easier to upgrade to newer versions and keep track of changes if we keep the original formatting.
The Windows build issue should be fixed now, could you please kick off new builds with the latest? @tfoote ^^ |
@AAlon , it now builds on Windows, but there are still lots of linter issues. |
From what I can see the linter issues are all in tinydir. How can we add a linter exception? |
@@ -0,0 +1,139 @@ | |||
// Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |||
// SPDX-License-Identifier: Apache-2.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For
As for the other linters, I'm not sure exactly. I suspect we may have to update would have to be updated to accept "exclusion" lists. |
From the Windows build: Not sure what's causing it to be marked unstable now |
There's two warnings from the compile step; look here: https://ci.ros2.org/job/ci_windows/6034/warnings43Result/new/ |
@emersonknapp I believe the unstable comes from the warnings here: https://ci.ros2.org/job/ci_windows/6034/warnings43Result/new/NORMAL/package.1954841715/source.-7982181150217390836/#93
|
Ah - thanks for finding that (I am still learning the Jenkins interface)! I will update to use strncpy_s |
Hey all, I have learned strncpy_s is not supported in glbc. Would it be acceptable to add the |
In the interest of moving forward, I've put up a version disabling that warning on windows - let me know if we think this is an issue. Hopefully this greens all the builds. |
Looking through the rest of ROS 2 (and gtest, for that matter), it looks like we generally work around this by using |
…by next lookup Signed-off-by: Emerson Knapp <[email protected]>
👍 will note to use memcpy going forward - updated and removed the windows warning supression |
@chapulina is there anything pending on this PR to get it merged and released as part of next patch? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A couple minor comments and one concern regarding the tests.
Updated to address @jacobperron 's comments |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @emersonknapp 👍
Just two more things and then I'll trigger CI.
unsetenv_wrapper(ROS_SECURITY_LOOKUP_TYPE_VAR_NAME); | ||
} | ||
}; | ||
|
||
TEST(test_rcl_get_secure_root, failureScenarios) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should update the all of the TEST
macros to TEST_F
so they make use of the fixture.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoops! Silly oversight on my part
#endif | ||
} | ||
|
||
class test_rcl_get_secure_root : public ::testing::Test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: Make the class name CamelCase (e.g. TestGetSecureRoot
), similar to our other tests that use fixtures. And update the test macros accordingly
fix security directory exact match comment and unset env vars before tests Signed-off-by: Emerson Knapp <[email protected]>
Ok - updated! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like test failures from timeout in unrelated code... first guess overloaded build servers. Is there a standard way to deal with that? Run again when it's less busy? |
@emersonknapp @AAlon There is also a warning on the windows build https://ci.ros2.org/job/ci_windows/6088/warnings43Result/new/ No idea why the other tests failed. |
Signed-off-by: Emerson Knapp <[email protected]>
Oof - I clobbered one of my previous changes (removing that strncpy) in switching between Ubuntu and Windows workspaces |
Increasing version of package(s) in repository `rcl` to `0.7.0-3`: - upstream repository: https://github.com/ros2/rcl.git - release repository: https://github.com/ros2-gbp/rcl-release.git - file: `dashing/distribution.yaml` - bloom version: `0.8.0` - previous version for package: `0.7.0-2` ## rcl ``` * Added more test cases for graph API + fix bug. (#404 <ros2/rcl#404>) * Fixed missing include. (#413 <ros2/rcl#413>) * Updated to use pedantic. (#412 <ros2/rcl#412>) * Added function to get publisher actual qos settings. (#406 <ros2/rcl#406>) * Refactored graph API docs. (#401 <ros2/rcl#401>) * Updated to use ament_target_dependencies where possible. (#400 <ros2/rcl#400>) * Fixed regression around fully qualified node name. (#402 <ros2/rcl#402>) * Added function rcl_names_and_types_init. (#403 <ros2/rcl#403>) * Fixed uninitialize sequence number of client. (#395 <ros2/rcl#395>) * Added launch along with launch_testing as test dependencies. (#393 <ros2/rcl#393>) * Set symbol visibility to hidden for rcl. (#391 <ros2/rcl#391>) * Updated to split test_token to avoid compiler note. (#392 <ros2/rcl#392>) * Dropped legacy launch API usage. (#387 <ros2/rcl#387>) * Improved security directory lookup. (#332 <ros2/rcl#332>) * Enforce non-null argv values on rcl_init(). (#388 <ros2/rcl#388>) * Removed incorrect argument documentation. (#361 <ros2/rcl#361>) * Changed error to warning for multiple loggers. (#384 <ros2/rcl#384>) * Added rcl_node_get_fully_qualified_name. (#255 <ros2/rcl#255>) * Updated rcl_remap_t to use the PIMPL pattern. (#377 <ros2/rcl#377>) * Fixed documentation typo. (#376 <ros2/rcl#376>) * Removed test circumvention now that a bug is fixed in rmw_opensplice. (#368 <ros2/rcl#368>) * Updated to pass context to wait set, and fini rmw context. (#373 <ros2/rcl#373>) * Updated to publish logs to Rosout. (#350 <ros2/rcl#350>) * Contributors: AAlon, Dirk Thomas, Jacob Perron, M. M, Michael Carroll, Michel Hidalgo, Mikael Arguedas, Nick Burek, RARvolt, Ross Desmond, Sachin Suresh Bhat, Shane Loretz, William Woodall, ivanpauno ``` ## rcl_action ``` * Added Action graph API (#411 <ros2/rcl#411>) * Updated to use ament_target_dependencies where possible. (#400 <ros2/rcl#400>) * Fixed typo in Doxyfile. (#398 <ros2/rcl#398>) * Updated tests to use separated action types. (#340 <ros2/rcl#340>) * Fixed minor documentation issues. (#397 <ros2/rcl#397>) * Set symbol visibility to hidden for rcl. (#391 <ros2/rcl#391>) * Fixed rcl_action documentation. (#380 <ros2/rcl#380>) * Removed now unused test executable . (#382 <ros2/rcl#382>) * Removed unused action server option 'clock_type'. (#382 <ros2/rcl#382>) * Set error message when there is an invalid goal transition. (#382 <ros2/rcl#382>) * Updated to pass context to wait set, and fini rmw context (#373 <ros2/rcl#373>) * Contributors: Dirk Thomas, Jacob Perron, Sachin Suresh Bhat, William Woodall, ivanpauno ``` ## rcl_lifecycle ``` * Updated to use ament_target_dependencies where possible. (#400 <ros2/rcl#400>) * Set symbol visibility to hidden for rcl. (#391 <ros2/rcl#391>) * Contributors: Sachin Suresh Bhat, ivanpauno ``` ## rcl_yaml_param_parser ``` * Corrected bool reading from yaml files. (#415 <ros2/rcl#415>) * Added launch along with launch_testing as test dependencies. (#393 <ros2/rcl#393>) * Set symbol visibility to hidden for rcl. (#391 <ros2/rcl#391>) * Contributors: Michel Hidalgo, Sachin Suresh Bhat, ivanpauno ```
Increasing version of package(s) in repository `rcl` to `0.7.0-3`: - upstream repository: https://github.com/ros2/rcl.git - release repository: https://github.com/ros2-gbp/rcl-release.git - file: `dashing/distribution.yaml` - bloom version: `0.8.0` - previous version for package: `0.7.0-2` ## rcl ``` * Added more test cases for graph API + fix bug. (ros#404 <ros2/rcl#404>) * Fixed missing include. (ros#413 <ros2/rcl#413>) * Updated to use pedantic. (ros#412 <ros2/rcl#412>) * Added function to get publisher actual qos settings. (ros#406 <ros2/rcl#406>) * Refactored graph API docs. (ros#401 <ros2/rcl#401>) * Updated to use ament_target_dependencies where possible. (ros#400 <ros2/rcl#400>) * Fixed regression around fully qualified node name. (ros#402 <ros2/rcl#402>) * Added function rcl_names_and_types_init. (ros#403 <ros2/rcl#403>) * Fixed uninitialize sequence number of client. (ros#395 <ros2/rcl#395>) * Added launch along with launch_testing as test dependencies. (ros#393 <ros2/rcl#393>) * Set symbol visibility to hidden for rcl. (ros#391 <ros2/rcl#391>) * Updated to split test_token to avoid compiler note. (ros#392 <ros2/rcl#392>) * Dropped legacy launch API usage. (ros#387 <ros2/rcl#387>) * Improved security directory lookup. (ros#332 <ros2/rcl#332>) * Enforce non-null argv values on rcl_init(). (ros#388 <ros2/rcl#388>) * Removed incorrect argument documentation. (ros#361 <ros2/rcl#361>) * Changed error to warning for multiple loggers. (ros#384 <ros2/rcl#384>) * Added rcl_node_get_fully_qualified_name. (ros#255 <ros2/rcl#255>) * Updated rcl_remap_t to use the PIMPL pattern. (ros#377 <ros2/rcl#377>) * Fixed documentation typo. (ros#376 <ros2/rcl#376>) * Removed test circumvention now that a bug is fixed in rmw_opensplice. (ros#368 <ros2/rcl#368>) * Updated to pass context to wait set, and fini rmw context. (ros#373 <ros2/rcl#373>) * Updated to publish logs to Rosout. (ros#350 <ros2/rcl#350>) * Contributors: AAlon, Dirk Thomas, Jacob Perron, M. M, Michael Carroll, Michel Hidalgo, Mikael Arguedas, Nick Burek, RARvolt, Ross Desmond, Sachin Suresh Bhat, Shane Loretz, William Woodall, ivanpauno ``` ## rcl_action ``` * Added Action graph API (ros#411 <ros2/rcl#411>) * Updated to use ament_target_dependencies where possible. (ros#400 <ros2/rcl#400>) * Fixed typo in Doxyfile. (ros#398 <ros2/rcl#398>) * Updated tests to use separated action types. (ros#340 <ros2/rcl#340>) * Fixed minor documentation issues. (ros#397 <ros2/rcl#397>) * Set symbol visibility to hidden for rcl. (ros#391 <ros2/rcl#391>) * Fixed rcl_action documentation. (ros#380 <ros2/rcl#380>) * Removed now unused test executable . (ros#382 <ros2/rcl#382>) * Removed unused action server option 'clock_type'. (ros#382 <ros2/rcl#382>) * Set error message when there is an invalid goal transition. (ros#382 <ros2/rcl#382>) * Updated to pass context to wait set, and fini rmw context (ros#373 <ros2/rcl#373>) * Contributors: Dirk Thomas, Jacob Perron, Sachin Suresh Bhat, William Woodall, ivanpauno ``` ## rcl_lifecycle ``` * Updated to use ament_target_dependencies where possible. (ros#400 <ros2/rcl#400>) * Set symbol visibility to hidden for rcl. (ros#391 <ros2/rcl#391>) * Contributors: Sachin Suresh Bhat, ivanpauno ``` ## rcl_yaml_param_parser ``` * Corrected bool reading from yaml files. (ros#415 <ros2/rcl#415>) * Added launch along with launch_testing as test dependencies. (ros#393 <ros2/rcl#393>) * Set symbol visibility to hidden for rcl. (ros#391 <ros2/rcl#391>) * Contributors: Michel Hidalgo, Sachin Suresh Bhat, ivanpauno ```
ros-rolling-rcl (5.3.0-1jammy) jammy; urgency=high . * add content-filtered-topic interfaces (#894 <ros2/rcl#894>) * Contributors: Chen Lihui . ros-rolling-rcl (5.2.1-1jammy) jammy; urgency=high . * Add additional null check for timer argument (#973 <ros2/rcl#973>) * Contributors: NoyZuberi . ros-rolling-rcl (5.2.0-1jammy) jammy; urgency=high . * Allow forward slashes within a parameter name rule in argument parsing (#860 <ros2/rcl#860>) * Suppress false positive from clang-tidy (#951 <ros2/rcl#951>) * Fix missing terminating 0 in rcl_context_impl_t.argv (#969 <ros2/rcl#969>) * test_publisher_wait_all_ack depends on rcpputils (#968 <ros2/rcl#968>) * Micro-optimizations in rcl (#965 <ros2/rcl#965>) * If timer canceled, rcl_timer_get_time_until_next_call returns TIMER_CANCELED (#963 <ros2/rcl#963>) * Contributors: Chris Lalancette, Haowei Wen, Ivan Santiago Paunovic, Shane Loretz, William Woodall, mauropasse . ros-rolling-rcl (5.1.0-1jammy) jammy; urgency=high . * Add Events Executor (#839 <ros2/rcl#839>) * Remove fastrtps customization on test_events (#960 <ros2/rcl#960>) * Add client/service QoS getters (#941 <ros2/rcl#941>) * introduce ROS_DISABLE_LOAN_MSG to disable can_loan_messages. (#949 <ros2/rcl#949>) * Install includes it include/${PROJECT_NAME} (#959 <ros2/rcl#959>) * Contributors: Miguel Company, Shane Loretz, Tomoya Fujita, iRobot ROS, mauropasse . ros-rolling-rcl (5.0.1-1jammy) jammy; urgency=high . . . ros-rolling-rcl (5.0.0-1jammy) jammy; urgency=high . * Make rcl_difference_times args const (#955 <ros2/rcl#955>) * Update inject_on_return test skipping logic (#953 <ros2/rcl#953>) * Fix jump callbacks being called when zero time jump thresholds used (#948 <ros2/rcl#948>) * Only change the default logger level if default_logger_level is set (#943 <ros2/rcl#943>) * Add Library for wait_for_entity_helpers to deduplicate compilation (#942 <ros2/rcl#942>) * Increase Windows timeout 15 -> 25 ms (#940 <ros2/rcl#940>) * test should check specified number of entities. (#935 <ros2/rcl#935>) * Contributors: Jafar Abdi, Scott K Logan, Shane Loretz, Tomoya Fujita . ros-rolling-rcl (4.0.0-1jammy) jammy; urgency=high . * Fix up documentation build for rcl when using rosdoc2 (#932 <ros2/rcl#932>) * Include rmw_event_t instead of forward declaring it (#933 <ros2/rcl#933>) * Contributors: Michel Hidalgo . ros-rolling-rcl (3.2.0-1jammy) jammy; urgency=high . * Add rcl_publisher_wait_for_all_acked support. (#913 <ros2/rcl#913>) * Add tracing instrumentation for rcl_take. (#930 <ros2/rcl#930>) * Fix #include in C++ typesupport example in rcl_subscription_init docblock. (#927 <ros2/rcl#927>) * Update includes after rcutils/get_env.h deprecation. (#917 <ros2/rcl#917>) * Use proper rcl_logging return value type and compare to constant. (#916 <ros2/rcl#916>) * Contributors: Barry Xu, Christophe Bedard . ros-rolling-rcl (3.1.2-1jammy) jammy; urgency=high . * Fix up test_network_flow_endpoints. (#912 <ros2/rcl#912>) * Contributors: Chris Lalancette . ros-rolling-rcl (3.1.1-1jammy) jammy; urgency=high . * Make test_two_timers_ready_before_timeout less flaky (#911 <ros2/rcl#911>) * Add publishing instrumentation (#905 <ros2/rcl#905>) * Contributors: Christophe Bedard, Ivan Santiago Paunovic . ros-rolling-rcl (3.1.0-1jammy) jammy; urgency=high . * Unique network flows (#880 <ros2/rcl#880>) * updating quality declaration links (re: ros2/docs.ros2.org#52 <ros2/docs.ros2.org#52>) (#909 <ros2/rcl#909>) * Add functions for waiting for publishers and subscribers (#907 <ros2/rcl#907>) * Revert "Mark cyclonedds test_service test as flakey (#648 <ros2/rcl#648>)" (#904 <ros2/rcl#904>) * Guard against returning NULL or empty node names (#570 <ros2/rcl#570>) * Contributors: Ananya Muddukrishna, Jacob Perron, Michel Hidalgo, shonigmann . ros-rolling-rcl (3.0.1-1jammy) jammy; urgency=high . * Remove exceptions for rmw_connext_cpp tests. (#903 <ros2/rcl#903>) * Contributors: Chris Lalancette . ros-rolling-rcl (3.0.0-1jammy) jammy; urgency=high . . . ros-rolling-rcl (2.6.0-1jammy) jammy; urgency=high . * Add support for rmw_connextdds (#895 <ros2/rcl#895>) * Put an argument list of 'void' where no arguments are expected. (#899 <ros2/rcl#899>) * Cleanup documentation for doxygen. (#896 <ros2/rcl#896>) * Contributors: Andrea Sorbini, Chris Lalancette . ros-rolling-rcl (2.5.2-1jammy) jammy; urgency=high . * Reference test resources directly from source tree (#554 <ros2/rcl#554>) * Contributors: Scott K Logan . ros-rolling-rcl (2.5.1-1jammy) jammy; urgency=high . * Re-add "Improve trigger test for graph guard condition (#811 <ros2/rcl#811>)" (#884 <ros2/rcl#884>) * Revert "Improve trigger test for graph guard condition (#811 <ros2/rcl#811>)" (#883 <ros2/rcl#883>) * Move the guard condition cleanup after removing callback. (#877 <ros2/rcl#877>) * Make test_subscription_nominal_string_sequence more reliable (#881 <ros2/rcl#881>) * Improve trigger test for graph guard condition (#811 <ros2/rcl#811>) * Add NULL check in remap.c (#879 <ros2/rcl#879>) * Contributors: Barry Xu, Chris Lalancette, Ivan Santiago Paunovic, Nikolai Morin . ros-rolling-rcl (2.5.0-1jammy) jammy; urgency=high . * Add const to constant rcl_context functions (#872 <ros2/rcl#872>) * Fix another failing test on CentOS 7 (#863 <ros2/rcl#863>) * Update QDs to QL 1 (#866 <ros2/rcl#866>) * Address clang static analysis issues (#865 <ros2/rcl#865>) * Fix flaky test_info_by_topic (#859 <ros2/rcl#859>) * Update QL (#858 <ros2/rcl#858>) * Refactor for removing unnecessary source code (#857 <ros2/rcl#857>) * Clarify storing of current_time (#850 <ros2/rcl#850>) * Make tests in test_graph.cpp more reliable (#854 <ros2/rcl#854>) * Fix for external log segfault after SIGINT (#844 <ros2/rcl#844>) * Update tracetools QL and add to rcl_lifecycle's QD (#845 <ros2/rcl#845>) * Make test logging rosout more reliable (#846 <ros2/rcl#846>) * Return OK when finalizing zero-initialized contexts (#842 <ros2/rcl#842>) * Zero initialize events an size_of_events members of rcl_wait_set_t (#841 <ros2/rcl#841>) * Update deprecated gtest macros (#818 <ros2/rcl#818>) * Contributors: Alejandro Hernández Cordero, Audrow Nash, Chen Lihui, Chris Lalancette, Christophe Bedard, Ivan Santiago Paunovic, Jacob Perron, Stephen Brawner, Thijs Raymakers, tomoya . ros-rolling-rcl (2.4.0-1jammy) jammy; urgency=high . * Make sure to check the return value of rcl APIs. (#838 <ros2/rcl#838>) * Add convenient node method to get a final topic/service name (#835 <ros2/rcl#835>) * Contributors: Chris Lalancette, Ivan Santiago Paunovic . ros-rolling-rcl (2.3.0-1jammy) jammy; urgency=high . * Remove redundant error formatting (#834 <ros2/rcl#834>) * Fix memory leak in rcl_subscription_init()/rcl_publisher_init() (#794 <ros2/rcl#794>) * Update maintainers (#825 <ros2/rcl#825>) * Add a semicolon to RCUTILS_LOGGING_AUTOINIT. (#816 <ros2/rcl#816>) * Improve error messages in rcl_lifecycle (#742 <ros2/rcl#742>) * Fix memory leak on serialized message in test_publisher/subscription.cpp (#801 <ros2/rcl#801>) * Fix memory leak because of mock test (#800 <ros2/rcl#800>) * Spelling correction (#798 <ros2/rcl#798>) * Fix that not to deallocate event impl in some failure case (#790 <ros2/rcl#790>) * calling fini functions to avoid memory leak (#791 <ros2/rcl#791>) * Contributors: Barry Xu, Chen Lihui, Chris Lalancette, Geoffrey Biggs, Ivan Santiago Paunovic, Jacob Perron, Lei Liu . ros-rolling-rcl (2.2.0-1jammy) jammy; urgency=high . * Bump rcl arguments' API test coverage (#777 <ros2/rcl#777>) * Fix rcl arguments' API memory leaks and bugs (#778 <ros2/rcl#778>) * Add coverage tests wait module (#769 <ros2/rcl#769>) * Fix wait set allocation cleanup (#770 <ros2/rcl#770>) * Improve test coverage in rcl (#764 <ros2/rcl#764>) * Check if rcutils_strdup() outcome immediately (#768 <ros2/rcl#768>) * Cleanup rcl_get_secure_root() implementation (#762 <ros2/rcl#762>) * Add fault injection macros to rcl functions (#727 <ros2/rcl#727>) * Yield rcl_context_fini() error codes (#763 <ros2/rcl#763>) * Do not invalidate context before successful shutdown (#761 <ros2/rcl#761>) * Zero initialize guard condition on failed init (#760 <ros2/rcl#760>) * Adding tests to arguments API (#752 <ros2/rcl#752>) * Extend rcl_expand_topic_name() API test coverage (#758 <ros2/rcl#758>) * Add coverage tests 94% to service API (#756 <ros2/rcl#756>) * Clean up rcl_expand_topic_name() implementation (#757 <ros2/rcl#757>) * Complete rcl enclave validation API coverage (#751 <ros2/rcl#751>) * Cope with base function restrictions in mocks (#753 <ros2/rcl#753>) * Fix allocation when copying arguments (#748 <ros2/rcl#748>) * Complete rcl package's logging API test coverage (#747 <ros2/rcl#747>) * Improve coverage to 95% in domain id, init option, rmw implementation id and log level modules (#744 <ros2/rcl#744>) * Fix rcl package's logging API error code documentation and handling (#746 <ros2/rcl#746>) * Fix bug error handling in get_param_files (#743 <ros2/rcl#743>) * Complete subscription API test coverage (#734 <ros2/rcl#734>) * increase timeouts in test_services fixtures for Connext (#745 <ros2/rcl#745>) * Tweaks to client.c and subscription.c for cleaner init/fini (#728 <ros2/rcl#728>) * Improve error checking and handling in subscription APIs (#739 <ros2/rcl#739>) * Add deallocate calls to free strdup allocated memory (#737 <ros2/rcl#737>) * Add missing calls to rcl_convert_rmw_ret_to_rcl_ret (#738 <ros2/rcl#738>) * Add mock tests, publisher 95% coverage (#732 <ros2/rcl#732>) * Restore env variables set in the test_failing_configuration. (#733 <ros2/rcl#733>) * Expose qos setting for /rosout (#722 <ros2/rcl#722>) * Reformat rmw_impl_id_check to call a testable function (#725 <ros2/rcl#725>) * Add extra check for invalid event implementation (#726 <ros2/rcl#726>) * Consolidate macro duplication (#653 <ros2/rcl#653>) * Contributors: Ada-King, Dan Rose, Dirk Thomas, Jorge Perez, Michel Hidalgo, brawner, tomoya . ros-rolling-rcl (2.1.0-1jammy) jammy; urgency=high . * Add test for subscription message lost event (#705 <ros2/rcl#705>) * Add function rcl_event_is_valid (#720 <ros2/rcl#720>) * Move actual domain id from node to context (#718 <ros2/rcl#718>) * Removed doxygen warnings (#712 <ros2/rcl#712>) * Remove some dead code. * Make sure to call rcl_arguments_fini at the end of the test. * Add remap needed null check (#711 <ros2/rcl#711>) * Make public init/fini rosout publisher (#704 <ros2/rcl#704>) * Move rcl_remap_copy to public header (#709 <ros2/rcl#709>) * Contributors: Alejandro Hernández Cordero, Chris Lalancette, Ivan Santiago Paunovic, Jorge Perez . ros-rolling-rcl (2.0.0-1jammy) jammy; urgency=high . * Implement a generic way to change logging levels (#664 <ros2/rcl#664>) * Remove domain_id and localhost_only from node_options (#708 <ros2/rcl#708>) * Add coverage tests (#703 <ros2/rcl#703>) * Add bad arguments tests for coverage (#698 <ros2/rcl#698>) * Remove unused internal prototypes (#699 <ros2/rcl#699>) * Update quality declaration and coverage (#674 <ros2/rcl#674>) * Add setter and getter for domain_id in rcl_init_options_t (#678 <ros2/rcl#678>) * Remove unused pytest dependency from rcl. (#695 <ros2/rcl#695>) * Fix link to latest API docs (#692 <ros2/rcl#692>) * Keep domain id if ROS_DOMAIN_ID is invalid. (#689 <ros2/rcl#689>) * Remove unused check context.c (#691 <ros2/rcl#691>) * Add check rcl_node_options_copy invalid out (#671 <ros2/rcl#671>) * Update tracetools' QL to 2 in rcl's QD (#690 <ros2/rcl#690>) * Improve subscription coverage (#681 <ros2/rcl#681>) * Improve rcl timer test coverage (#680 <ros2/rcl#680>) * Improve wait sets test coverage (#683 <ros2/rcl#683>) * Contributors: Alejandro Hernández Cordero, Chen Lihui, Chris Lalancette, Christophe Bedard, Ivan Santiago Paunovic, Jorge Perez, Michel Hidalgo, tomoya . ros-rolling-rcl (1.2.0-1jammy) jammy; urgency=high . * Improve rcl init test coverage. (#684 <ros2/rcl#684>) * Improve clock test coverage. (#685 <ros2/rcl#685>) * Add message lost event (#673 <ros2/rcl#673>) * Minor fixes to rcl clock implementation. (#688 <ros2/rcl#688>) * Improve enclave validation test coverage. (#682 <ros2/rcl#682>) * Use RCL_RET_* codes only. (#686 <ros2/rcl#686>) * Fixed doxygen warnings (#677 <ros2/rcl#677>) * Add tests for rcl package (#668 <ros2/rcl#668>) * Remove logging_external_interface.h, provided by rcl_logging_interface package now (#676 <ros2/rcl#676>) * Print RCL_LOCALHOST_ENV_VAR if error happens via rcutils_get_env. (#672 <ros2/rcl#672>) * Contributors: Alejandro Hernández Cordero, Chris Lalancette, Ivan Santiago Paunovic, Jorge Perez, Michel Hidalgo, tomoya . ros-rolling-rcl (1.1.5-1jammy) jammy; urgency=high . * Fix conversions between rmw_localhost_only_t and bool (#670 <ros2/rcl#670>) * Contributors: Jorge Perez . ros-rolling-rcl (1.1.4-1jammy) jammy; urgency=high . * Ensure rcl_publisher_init() fails safely (#667 <ros2/rcl#667>) * Contributors: Michel Hidalgo . ros-rolling-rcl (1.1.3-1jammy) jammy; urgency=high . * Add Security Vulnerability Policy pointing to REP-2006 (#661 <ros2/rcl#661>) * Add tests to publisher and init modules of rcl (#657 <ros2/rcl#657>) * Contributors: Chris Lalancette, Jorge Perez . ros-rolling-rcl (1.1.2-1jammy) jammy; urgency=high . * Improve docblocks (#659 <ros2/rcl#659>) * Contributors: Alejandro Hernández Cordero . ros-rolling-rcl (1.1.1-1jammy) jammy; urgency=high . . . ros-rolling-rcl (1.1.0-1jammy) jammy; urgency=high . * Expose rcl default logging output handler (#660 <ros2/rcl#660>) * Remove deprecated functions (#658 <ros2/rcl#658>) * Warn about unused return value for set_logger_level (#652 <ros2/rcl#652>) * Mark cyclonedds test_service test as flakey (#648 <ros2/rcl#648>) * Convert sleep_for into appropriate logic in tests(#631 <ros2/rcl#631>) * Reduce timeouts in tests(#613 <ros2/rcl#613>) * Add tests for time.c and timer.c (#599 <ros2/rcl#599>) * Update Quality Declaration for 1.0 (#647 <ros2/rcl#647>) * Contributors: Barry Xu, Dirk Thomas, Ivan Santiago Paunovic, Jorge Perez, Tully Foote, brawner . ros-rolling-rcl (1.0.0-1jammy) jammy; urgency=high . * Remove MANUAL_BY_NODE liveliness API (#645 <ros2/rcl#645>) * Make test_two_timers* more reliable (#640 <ros2/rcl#640>) * Contributors: Ivan Santiago Paunovic . ros-rolling-rcl (0.9.1-1jammy) jammy; urgency=high . * Included features (#644 <ros2/rcl#644>) * Current state Quality Declaration (#639 <ros2/rcl#639>) * Initialize service timestamps to 0 and test. (#642 <ros2/rcl#642>) * Contributors: Alejandro Hernández Cordero, Ingo Lütkebohle, Jorge Perez . ros-rolling-rcl (0.9.0-1jammy) jammy; urgency=high . * Fix std::string construction in test (#636 <ros2/rcl#636>) * Add basic functionality tests for validate_enclave_name and subscription (#624 <ros2/rcl#624>) * Save allocator for RCL_CLOCK_UNINITIALIZED clock (#623 <ros2/rcl#623>) * Implement service info structure with timestamps (#627 <ros2/rcl#627>) * Add support for taking a sequence of messages (#614 <ros2/rcl#614>) * Message info with timestamps support in rcl (#619 <ros2/rcl#619>) * Don't call ``rcl_logging_configure/rcl_logging_fini`` in ``rcl_init/rcl_shutdown`` (#579 <ros2/rcl#579>) * Export targets in a addition to include directories / libraries (#629 <ros2/rcl#629>) * Document rcl_pub/etc_fini() must come before rcl_node_fini() (#625 <ros2/rcl#625>) * Update security environment variables (#617 <ros2/rcl#617>) * Add visibility to rcl_timer_get_allocator (#610 <ros2/rcl#610>) * Fix test_publisher memory leaks reported by asan (#567 <ros2/rcl#567>) * security-context -> enclave (#612 <ros2/rcl#612>) * Rename rosidl_generator_c namespace to rosidl_runtime_c (#616 <ros2/rcl#616>) * Rename rosidl_generator_cpp namespace to rosidl_runtime_cpp (#615 <ros2/rcl#615>) * Fix security directory lookup for '/' security contexts (#609 <ros2/rcl#609>) * Changed rosidl_generator_c/cpp to rosidl_runtime_c/cpp (#588 <ros2/rcl#588>) * Remove deprecated CLI rules (#603 <ros2/rcl#603>) * Use keystore root as security root directory, and not contexts folder (#607 <ros2/rcl#607>) * Remove tinydir_vendor dependency (#608 <ros2/rcl#608>) * Add missing allocator check for NULL (#606 <ros2/rcl#606>) * Change naming style for private functions (#597 <ros2/rcl#597>) * Switch to one Participant per Context (#515 <ros2/rcl#515>) * Support for ON_REQUESTED_INCOMPATIBLE_QOS and ON_OFFERED_INCOMPATIBLE_QOS events (#535 <ros2/rcl#535>) * Small typo fix (#604 <ros2/rcl#604>) * Update docstring with new possible return code (#600 <ros2/rcl#600>) * Add missing node destruction (#601 <ros2/rcl#601>) * Test that nodes are returned with correct multiplicity (#598 <ros2/rcl#598>) * Trigger guard condition when timer is reset (#589 <ros2/rcl#589>) * Clock API improvements (#580 <ros2/rcl#580>) * Fix memory leak in rcl_arguments (#564 <ros2/rcl#564>) * Don't check history depth if RMW_QOS_POLICY_HISTORY_KEEP_ALL (#593 <ros2/rcl#593>) * Fix alloc-dealloc-mismatch(new->free) in test_info_by_topic (#469 <ros2/rcl#469>) (#569 <ros2/rcl#569>) * Use 10sec lifespan in rosout publisher qos (#587 <ros2/rcl#587>) * Document clock types (#578 <ros2/rcl#578>) * Make rosout publisher transient local with a depth of 1000 (#582 <ros2/rcl#582>) * Enable TestInfoByTopicFixture unit tests for other rmw_implementations (#583 <ros2/rcl#583>) * Fix memory leak in test_subscription_nominal (#469 <ros2/rcl#469>) (#562 <ros2/rcl#562>) * Update rmw_topic_endpoint_info_array usage (#576 <ros2/rcl#576>) * Add rcl versions of rmw_topic_endpoint_info* types (#558 <ros2/rcl#558>) * Enable test for rcl_get_subscriptions_info_by_topic / rcl_get_publishers_info_by_topic for Cyclone (#572 <ros2/rcl#572>) * Fixed missing initialization and fixed qos checking in test (#571 <ros2/rcl#571>) * Fix test_count_matched memory leaks reported by asan #567 <ros2/rcl#567> (#568 <ros2/rcl#568>) * Code style only: wrap after open parenthesis if not in one line (#565 <ros2/rcl#565>) * Fix return type of rcl_publisher_get_subscription_count() (#559 <ros2/rcl#559>) * Fix doc strings (#557 <ros2/rcl#557>) * Implement functions to get publisher and subcription informations like QoS policies from topic name (#511 <ros2/rcl#511>) * Use absolute topic name for ``rosout`` (#549 <ros2/rcl#549>) * Set allocator before goto fail (#546 <ros2/rcl#546>) * Add public facing API for validating rcl_wait_set_t (#538 <ros2/rcl#538>) * Add flag to enable/disable rosout logging in each node individually. (#532 <ros2/rcl#532>) * Treat __name the same as __node (#494 <ros2/rcl#494>) * Contributors: Alejandro Hernández Cordero, Barry Xu, Chris Lalancette, Dan Rose, Dennis Potman, Dirk Thomas, DongheeYe, Ingo Lütkebohle, Ivan Santiago Paunovic, Jacob Perron, Jaison Titus, Jorge Perez, Miaofei Mei, Michael Carroll, Michel Hidalgo, Mikael Arguedas, P. J. Reed, Ruffin, Shane Loretz, William Woodall, y-okumura-isp . ros-rolling-rcl (0.8.3-1jammy) jammy; urgency=high . * Support CLI parameter overrides using dots instead of slashes. (#530 <ros2/rcl#530>) Signed-off-by: Michel Hidalgo <mailto:[email protected]> * Contributors: Michel Hidalgo . ros-rolling-rcl (0.8.2-1jammy) jammy; urgency=high . * Remove the prototype from rcl_impl_getenv. (#525 <ros2/rcl#525>) * Use return_loaned_message_from (#523 <ros2/rcl#523>) * Avoid ready_fn and self.proc_info (#522 <ros2/rcl#522>) * Add localhost option to node creation (#520 <ros2/rcl#520>) * Add initial instrumentation (#473 <ros2/rcl#473>) * Zero copy api (#506 <ros2/rcl#506>) * Don't create rosout publisher instance unless required. (#514 <ros2/rcl#514>) * Handle zero non-ROS specific args properly in rcl_remove_ros_arguments (#518 <ros2/rcl#518>) * Update rcl_node_init docstring (#517 <ros2/rcl#517>) * Remove vestigial references to rcl_ok() (#516 <ros2/rcl#516>) * Add mechanism to pass rmw impl specific payloads during pub/sub creation (#513 <ros2/rcl#513>) * Contributors: Brian Marchi, Chris Lalancette, Ingo Lütkebohle, Jacob Perron, Karsten Knese, Michel Hidalgo, Peter Baughman, William Woodall, tomoya . ros-rolling-rcl (0.8.1-1jammy) jammy; urgency=high . * Switch the default logging implementation to spdlog. * Contributors: Chris Lalancette . ros-rolling-rcl (0.8.0-1jammy) jammy; urgency=high . * Delete rcl_impl_getenv, replaced by rcutils_get_env (#502 <ros2/rcl#502>) * Parse CLI parameters and YAML files (#508 <ros2/rcl#508>) * Add specific return code for non existent node (#492 <ros2/rcl#492>) * Add node name and namespace validation to graph functions (#499 <ros2/rcl#499>) * Bring back deprecated CLI arguments (#496 <ros2/rcl#496>) * Polish rcl arguments implementation (#497 <ros2/rcl#497>) * Uncoment some test_graph test cases after fix in rmw_fastrtps (ros2/rmw_fastrtps#316 <ros2/rmw_fastrtps#316>) (#498 <ros2/rcl#498>) * Promote special CLI rules to flags (#495 <ros2/rcl#495>) * Fail fast on invalid ROS arguments (#493 <ros2/rcl#493>) * Enforce -r/--remap flags. (#491 <ros2/rcl#491>) * Support parameter overrides and remap rules flags on command line (#483 <ros2/rcl#483>) * Allow get_node_names to return result in any order (#488 <ros2/rcl#488>) * rosout init and fini marked as RCL_PUBLIC (#479 <ros2/rcl#479>) * included header in logging_rosout.c (#478 <ros2/rcl#478>) * Migrate to '--ros-args ... [--]'-based ROS args extraction (#477 <ros2/rcl#477>) * Improve security error messages (#480 <ros2/rcl#480>) * Add function for getting clients by node (#459 <ros2/rcl#459>) * Remove special case check for manual_by_node for rmw_fastrtps (#467 <ros2/rcl#467>) * Fix memory leak of 56 bytes in test_graph * Change tests to try MANUAL_BY_TOPIC liveliness for FastRTPS (#465 <ros2/rcl#465>) * Implement get_actual_qos() for subscriptions (#455 <ros2/rcl#455>) * Log warning when remapping to an invalid node name (#454 <ros2/rcl#454>) * Use size_t printf format for size_t variable (#453 <ros2/rcl#453>) * Contributors: Alberto Soragna, Emerson Knapp, Jacob Perron, M. M, Michel Hidalgo, Mikael Arguedas, Víctor Mayoral Vilches, eboasson, ivanpauno . ros-rolling-rcl (0.7.4-1jammy) jammy; urgency=high . * Fix tests now that FastRTPS correctly reports that liveliness is not supported (#452 <ros2/rcl#452>) * In test_events, wait for discovery to be complete bidirectionally before moving on (#451 <ros2/rcl#451>) * fix leak in test_service (#447 <ros2/rcl#447>) * fix leak in test_guard_condition (#446 <ros2/rcl#446>) * fix leak in test_get_actual_qos (#445 <ros2/rcl#445>) * fix leak in test_expand_topic_name (#444 <ros2/rcl#444>) * Contributors: Abby Xu, Emerson Knapp . ros-rolling-rcl (0.7.3-1jammy) jammy; urgency=high . * Fixed memory leak in ``test_client`` (#443 <ros2/rcl#443>) * Fixed memory leaks in ``test_wait.cpp`` (#439 <ros2/rcl#439>) * Fixed memory leak in ``test_context`` (#441 <ros2/rcl#441>) * Fixed memory leak in ``test_init`` (#440 <ros2/rcl#440>) * Enabled rcl ``test_events`` unit tests on macOS (#433 <ros2/rcl#433>) * Enabled deadline tests for FastRTPS (#438 <ros2/rcl#438>) * Corrected use of ``launch_testing.assert.assertExitCodes`` (#437 <ros2/rcl#437>) * Reverted "Changes the default 3rd party logger from rcl_logging_noop to… (#436 <ros2/rcl#436>) * Fixed memory leaks in ``test_security_directory`` (#420 <ros2/rcl#420>) * Fixed a memory leak in rcl context fini (#434 <ros2/rcl#434>) * Contributors: Abby Xu, Cameron Evans, Chris Lalancette, Dirk Thomas, M. M, ivanpauno . ros-rolling-rcl (0.7.2-1jammy) jammy; urgency=high . * Changes the default 3rd party logger from rcl_logging_noop to rcl_logging_log4cxx (#425 <ros2/rcl#425>) * fix leak in node.c (#424 <ros2/rcl#424>) * Add new RCL_RET_UNSUPPORTED (#432 <ros2/rcl#432>) * New interfaces and their implementations for QoS features (#408 <ros2/rcl#408>) * Add an allocator to the external logging initialization. (#430 <ros2/rcl#430>) * fix buffer overflow in test_security_dir (#423 <ros2/rcl#423>) * Rmw preallocate (#428 <ros2/rcl#428>) * Use new test interface definitions (#427 <ros2/rcl#427>) * Migrate launch tests to new launch_testing features & API (#405 <ros2/rcl#405>) * Fix argument passed to logging macros (#421 <ros2/rcl#421>) * Make sure to initialize the bool field. (#426 <ros2/rcl#426>) * Contributors: Abby Xu, Chris Lalancette, Emerson Knapp, Jacob Perron, M. M, Michael Carroll, Michel Hidalgo, Nick Burek, Thomas Moulard . ros-rolling-rcl (0.7.1-1jammy) jammy; urgency=high . * Replaced reinterperet_cast with static_cast. (#410 <ros2/rcl#410>) * Fixed leak in __wait_set_clean_up. (#418 <ros2/rcl#418>) * Updated initialization of rmw_qos_profile_t struct instances. (#416 <ros2/rcl#416>) * Contributors: Dirk Thomas, M. M, jhdcs . ros-rolling-rcl (0.7.0-1jammy) jammy; urgency=high . * Added more test cases for graph API + fix bug. (#404 <ros2/rcl#404>) * Fixed missing include. (#413 <ros2/rcl#413>) * Updated to use pedantic. (#412 <ros2/rcl#412>) * Added function to get publisher actual qos settings. (#406 <ros2/rcl#406>) * Refactored graph API docs. (#401 <ros2/rcl#401>) * Updated to use ament_target_dependencies where possible. (#400 <ros2/rcl#400>) * Fixed regression around fully qualified node name. (#402 <ros2/rcl#402>) * Added function rcl_names_and_types_init. (#403 <ros2/rcl#403>) * Fixed uninitialize sequence number of client. (#395 <ros2/rcl#395>) * Added launch along with launch_testing as test dependencies. (#393 <ros2/rcl#393>) * Set symbol visibility to hidden for rcl. (#391 <ros2/rcl#391>) * Updated to split test_token to avoid compiler note. (#392 <ros2/rcl#392>) * Dropped legacy launch API usage. (#387 <ros2/rcl#387>) * Improved security directory lookup. (#332 <ros2/rcl#332>) * Enforce non-null argv values on rcl_init(). (#388 <ros2/rcl#388>) * Removed incorrect argument documentation. (#361 <ros2/rcl#361>) * Changed error to warning for multiple loggers. (#384 <ros2/rcl#384>) * Added rcl_node_get_fully_qualified_name. (#255 <ros2/rcl#255>) * Updated rcl_remap_t to use the PIMPL pattern. (#377 <ros2/rcl#377>) * Fixed documentation typo. (#376 <ros2/rcl#376>) * Removed test circumvention now that a bug is fixed in rmw_opensplice. (#368 <ros2/rcl#368>) * Updated to pass context to wait set, and fini rmw context. (#373 <ros2/rcl#373>) * Updated to publish logs to Rosout. (#350 <ros2/rcl#350>) * Contributors: AAlon, Dirk Thomas, Jacob Perron, M. M, Michael Carroll, Michel Hidalgo, Mikael Arguedas, Nick Burek, RARvolt, Ross Desmond, Sachin Suresh Bhat, Shane Loretz, William Woodall, ivanpauno . ros-rolling-rcl (0.6.4-1jammy) jammy; urgency=high . * Added method for accessing rmw_context from rcl_context (#372 <ros2/rcl#372>) * Added guard against bad allocation when calling rcl_arguments_copy() (#367 <ros2/rcl#367>) * Updated to ensure that context instance id storage is aligned correctly (#365 <ros2/rcl#365>) * Fixed error from uncrustify v0.68 (#364 <ros2/rcl#364>) * Contributors: Jacob Perron, William Woodall, sgvandijk . ros-rolling-rcl (0.6.3-1jammy) jammy; urgency=high . * Set rmw_wait timeout using ros timers too (#357 <ros2/rcl#357>) * Contributors: Shane Loretz . ros-rolling-rcl (0.6.2-1jammy) jammy; urgency=high . * Updated docs about possibility of rcl_take not taking (#356 <ros2/rcl#356>) * Bugfix: ensure NULL timeout is passed to rmw_wait() when min_timeout is not set Otherwise, there is a risk of integer overflow (e.g. in rmw_fastrtps) and rmw_wait() will wake immediately. * Contributors: Jacob Perron, William Woodall . ros-rolling-rcl (0.6.1-1jammy) jammy; urgency=high . * Added new cli parameters for configuring the logging. (#327 <ros2/rcl#327>) * Added node graph api to rcl. (#333 <ros2/rcl#333>) * Fixed compiler warning in clang (#345 <ros2/rcl#345>) * Refactored init to not be global (#336 <ros2/rcl#336>) * Methods to retrieve matched counts on pub/sub. (#326 <ros2/rcl#326>) * Updated to output index in container when adding an entity to a wait set. (#335 <ros2/rcl#335>) * Contributors: Jacob Perron, Michael Carroll, Nick Burek, Ross Desmond, William Woodall . ros-rolling-rcl (0.6.0-1jammy) jammy; urgency=high . * Updated to expand node_secure_root using local_namespace (#300 <ros2/rcl#300>) * Moved stdatomic helper to rcutils (#324 <ros2/rcl#324>) * Added subfolder argument to the ROSIDL_GET_SRV_TYPE_SUPPORT macro (#322 <ros2/rcl#322>) * Updated to use new error handling API from rcutils (#314 <ros2/rcl#314>) * Fixed minor documentation issues (#305 <ros2/rcl#305>) * Added macro semicolons (#303 <ros2/rcl#303>) * Added Rcl timer with ros time (#286 <ros2/rcl#286>) * Updated to ensure that timer period is non-negative (#295 <ros2/rcl#295>) * Fixed calculation of next timer call (#291 <ros2/rcl#291>) * Updated to null deallocated jump callbacks (#294 <ros2/rcl#294>) * Included namespaces in get_node_names. (#287 <ros2/rcl#287>) * Fixed documentation issues (#288 <ros2/rcl#288>) * Updated to check if pointers are null before calling memset (#290 <ros2/rcl#290>) * Added multiple time jump callbacks to clock (#284 <ros2/rcl#284>) * Consolidated wait set functions (#285 <ros2/rcl#285>) * Consolidate functions to clear wait set Added rcl_wait_set_clear() Added rcl_wait_set_resize() Removed rcl_wait_set_clear_subscriptions() rcl_wait_set_clear_guard_conditions() rcl_wait_set_clear_clients() rcl_wait_set_clear_services() rcl_wait_set_clear_timers() rcl_wait_set_resize_subscriptions() rcl_wait_set_resize_guard_conditions() rcl_wait_set_resize_timers() rcl_wait_set_resize_clients() rcl_wait_set_resize_services() * ROS clock storage initially set to zero (#283 <ros2/rcl#283>) * Fixed issue with deallocation of parameter_files (#279 <ros2/rcl#279>) * Update to initialize memory before sending a message (#277 <ros2/rcl#277>) * Set error message when clock type is not ROS_TIME (#275 <ros2/rcl#275>) * Copy allocator passed in to clock init (#274 <ros2/rcl#274>) * Update to initialize timer with clock (#272 <ros2/rcl#272>) * Updated to use test_msgs instead of std_msgs in tests (#270 <ros2/rcl#270>) * Added regression test for node:__ns remapping (#263 <ros2/rcl#263>) * Updated to support Uncrustify 0.67 (#266 <ros2/rcl#266>) * Contributors: Chris Lalancette, Chris Ye, Dirk Thomas, Jacob Perron, Michael Carroll, Mikael Arguedas, Ruffin, Shane Loretz, William Woodall, dhood . ros-rolling-rcl (0.5.0-1jammy) jammy; urgency=high . * Updated code to only use ``rcutils_allocator_t`` and not use system memory functions directly. (#261 <ros2/rcl#261>) * Changed code to use ``rcutils_format_string()`` rather than ``malloc`` and ``rcutils_snprintf()`` (#240 <ros2/rcl#240>) * Added functions for dealing with serialized messages. (#170 <ros2/rcl#170>) * Updated to use ``test_msgs`` instead of ``example_interfaces``. (#259 <ros2/rcl#259>) * Added regression test for the Connext specific 'wrong type writer' error. (#257 <ros2/rcl#257>) * Added the ability to set the default logger level from command line. (#256 <ros2/rcl#256>) * Refactored the ``memory_tools`` testing API to ``osrf_testing_tools_cpp`` (#238 <ros2/rcl#238>) * Added support for passing YAML parameter files via the command line arguments. (#253 <ros2/rcl#253>) * Migrated existing uses of ``launch`` to use the same API in it's new API ``launch.legacy``. (#250 <ros2/rcl#250>) * Added a printed warning if non-FQN namespace remapping is passed. (#248 <ros2/rcl#248>) * Made some changes toward MISRA C compliance. (#229 <ros2/rcl#229>) * Changed ``rcl_node_init()`` so that it now copies node options passed into it (#231 <ros2/rcl#231>) * Fixed some memory leaks in ``test_arguments`` (#230 <ros2/rcl#230>) * Extended static remapping feature with support for the url scheme (#227 <ros2/rcl#227>) * Made a change to force ``rcl_arguments_t`` to be zero initialized. (#225 <ros2/rcl#225>) * Updated documentation for ``rmw_get_node_names()`` to mention the potential for null values (#214 <ros2/rcl#214>) * Fix an issue with signed time difference. (#224 <ros2/rcl#224>) * Changed library export order to fix static linking (#216 <ros2/rcl#216>) * Implemented static remapping over command line arguments (#217 <ros2/rcl#217> and #221 <ros2/rcl#221>) * Added a sized validation function for the topic name as ``rcl_validate_topic_name_with_size()`` (#220 <ros2/rcl#220>) * Added a logger name and stored it in the rcl node structure (#212 <ros2/rcl#212>) * Changed ``rcutils_time_point_value_t`` type from ``uint64_t`` to ``int64_t`` (#208 <ros2/rcl#208>) * Fixed a potential bug by resetting the ``RMWCount`` when using the ``DEALLOC`` macro on rmw storage of a wait set (#209 <ros2/rcl#209> and #211 <ros2/rcl#211>) * Signed-off-by: jwang <mailto:[email protected]> * Fixed a potential bug by resetting ``wait_set`` type index in the ``SET_RESIZE`` macro (#207 <ros2/rcl#207>) * Signed-off-by: jwang <mailto:[email protected]> * Removed a slash behind ``SET_CLEAR`` MACRO (#206 <ros2/rcl#206>) * Signed-off-by: jwang <mailto:[email protected]> * Changed rmw result validation string to not ever return nullptr (#193 <ros2/rcl#193>) * Signed-off-by: Ethan Gao <mailto:[email protected]> * Clarified that ``rcl_take_response()`` populates the ``request_header`` (#205 <ros2/rcl#205>) * Removed a now obsolete connext workaround (#203 <ros2/rcl#203>) * Fixed a potential segmentation fault due to a nullptr dereference (#202 <ros2/rcl#202>) * Signed-off-by: Ethan Gao <mailto:[email protected]> * Contributors: Dirk Thomas, Ethan Gao, Karsten Knese, Michael Carroll, Mikael Arguedas, Shane Loretz, William Woodall, dhood, jwang11, serge-nikulin
Summary
This is part of the improvements suggested here mainly intended for CLI tools' (and dynamic node names in general) usability with security (also see ros2/sros2#69).
These changes will make it possible to create a security directory for the nodes launched by the ros2cli tool (including rosbag2), overcoming the issue of unknown node names, and without having to specify a directory override.
Changes overview
ros2cli_node_814918
will be able to load directory namedros2cli_node
(assuming it has the necessary system permissions, of course).rcl_get_secure_root
out ofnode
into a newsecurity_directory
module and add unit tests to cover (hopefully) all cases.deallocate
even if node_secure_root is NULL.Related changes
ros2cli_node
prefix.Refer to
ros2/sros2#69
https://discourse.ros.org/t/ros2-security-cli-tools/6647/