While discussing rcl issue 545 (move security file system utilities outside RCL), the ROS 2 security working group considered the broader need to run ROS 2 on devices without a file system. The security WG came up with some possible ways to solve this and we have some interested from the embedded WG to discuss in more detail. Just wanted to poll the community to see if there is a broader interest in exploring this topic?
4 Likes
Sounds like it could be pretty interesting. I can’t think how it would work given the need for various file-searching functions during start up. Could you summarise your ideas?
Ideas are still young, but discussions turned to a possible system-wide build flag to identify an installation without a file system. Individual projects would not be required to use the flag but could opt-in if they’re designed for use on embedded systems.
For the sros2 case, when the flag is set we’d read security configuration info from somewhere other than the file system. Since DDS supports loading security files from memory, that might mean reading an environment variable or even setting them at build time.
Whether or not ROS 2 as a stack can work on a system without a filesystem, I personally think rcl should be kept filesystem (as well as threading, environment variable, etc… and other OS specific things) agnostic.
We haven’t managed to do this very well so far, but ideally rcl would have never had any filesystem stuff used in it, instead having it passed in a dependency injection from rclpy or rclcpp or yet another client library with programming language specific mechanisms.
So I really support the idea of moving env vars and filesystem stuff (especially related to security) out of rcl as described in https://github.com/ros2/rcl/issues/545.
It sounds like that’s the first place to start, then. Once rcl is agnostic and using dependency injection, the choice of file-system-or-not becomes a client library thing.