-
Notifications
You must be signed in to change notification settings - Fork 51
/
Copy pathCMakeLists.txt
346 lines (308 loc) · 14.8 KB
/
CMakeLists.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
cmake_minimum_required(VERSION 3.7)
project(test_security)
# Default to C++17
if(NOT CMAKE_CXX_STANDARD)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
endif()
if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang")
add_compile_options(-Wall -Wextra -Wpedantic)
endif()
if(CMAKE_BUILD_TYPE STREQUAL "Debug" AND MSVC)
# /bigobj is needed to avoid error C1128:
# https://msdn.microsoft.com/en-us/library/8578y171.aspx
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /bigobj")
endif()
find_package(ament_cmake_auto REQUIRED)
ament_auto_find_build_dependencies()
option(SECURITY "Activate security" OFF)
if(BUILD_TESTING)
# No security test on services for now
find_package(ament_cmake REQUIRED)
find_package(test_msgs REQUIRED)
# Test only a couple of message types to avoid taking too much test time
set(message_files "msg/Empty.msg;msg/UnboundedSequences.msg")
find_package(ament_lint_auto REQUIRED)
ament_lint_auto_find_test_dependencies()
find_package(launch_testing_ament_cmake REQUIRED)
find_package(osrf_testing_tools_cpp REQUIRED)
# get the rmw implementations ahead of time
find_package(rmw_implementation_cmake REQUIRED)
get_available_rmw_implementations(rmw_implementations)
foreach(rmw_implementation ${rmw_implementations})
find_package("${rmw_implementation}" REQUIRED)
endforeach()
function(custom_executable target)
add_executable(${target} ${ARGN})
target_link_libraries(${target}
rclcpp::rclcpp
${test_msgs_TARGETS}
)
endfunction()
function(custom_security_test_c target)
ament_add_gtest(
"${target}${target_suffix}" ${ARGN}
TIMEOUT 10
APPEND_LIBRARY_DIRS "${append_library_dirs}"
ENV
RCL_ASSERT_RMW_ID_MATCHES=${rmw_implementation}
RMW_IMPLEMENTATION=${rmw_implementation}
ROS_SECURITY_KEYSTORE=${KEYSTORE_DIRECTORY_NATIVE_PATH}
PATH="${TEST_PATH}"
)
if(TARGET ${target}${target_suffix})
target_link_libraries(${target}${target_suffix}
${_AMENT_EXPORT_ABSOLUTE_LIBRARIES}
${_AMENT_EXPORT_LIBRARY_TARGETS}
rcl::rcl
osrf_testing_tools_cpp::memory_tools
)
set_tests_properties(
${target}${target_suffix}
PROPERTIES REQUIRED_FILES "$<TARGET_FILE:${target}${target_suffix}>"
FIXTURES_REQUIRED "sros_artifacts"
)
endif()
endfunction()
macro(security_tests)
set(suffix "__${rmw_implementation}")
set(PUBLISHER_RMW ${rmw_implementation})
set(SUBSCRIBER_RMW ${rmw_implementation})
# Not testing across client libraries for now
set(TEST_PUBLISHER_RCL "rclcpp")
set(TEST_SUBSCRIBER_RCL "rclcpp")
set(TEST_PUBLISHER_EXECUTABLE "$<TARGET_FILE:test_secure_publisher_cpp>")
set(TEST_SUBSCRIBER_EXECUTABLE "$<TARGET_FILE:test_secure_subscriber_cpp>")
# Test suite for communication without security
set(non_secure_comm_PUBLISHER_ROS_SECURITY_ENABLE_LIST "false;false;false;true;false")
set(non_secure_comm_SUBSCRIBER_ROS_SECURITY_ENABLE_LIST "false;false;false;false;true")
set(non_secure_comm_PUBLISHER_ROS_SECURITY_STRATEGY_LIST "Enforce;garbage;garbage;Permissive;Garbage")
set(non_secure_comm_SUBSCRIBER_ROS_SECURITY_STRATEGY_LIST "Enforce;Permissive;Garbage;Garbage;Permissive")
set(non_secure_comm_PUBLISHER_ROS_SECURITY_KEYSTORE_LIST "garbage;WHATEVER;${KEYSTORE_DIRECTORY_NATIVE_PATH};garbage;garbage")
set(SUBSCRIBER_ROS_SECURITY_KEYSTORE_LIST "${KEYSTORE_DIRECTORY_NATIVE_PATH};WHATEVER;garbage;garbage;garbage")
# Test suite for secured communication
set(secure_comm_PUBLISHER_ROS_SECURITY_ENABLE_LIST "true;true;true;true")
set(secure_comm_SUBSCRIBER_ROS_SECURITY_ENABLE_LIST "true;true;true;true")
set(secure_comm_PUBLISHER_ROS_SECURITY_STRATEGY_LIST "Enforce;Enforce;Permissive;Permissive")
set(secure_comm_SUBSCRIBER_ROS_SECURITY_STRATEGY_LIST "Enforce;Permissive;Enforce;Permissive")
# Test suite for one node with security and the second without
set(not_connecting_PUBLISHER_ROS_SECURITY_ENABLE_LIST "false;true")
set(not_connecting_SUBSCRIBER_ROS_SECURITY_ENABLE_LIST "true;false")
set(not_connecting_PUBLISHER_ROS_SECURITY_STRATEGY_LIST "Permissive;Enforce")
set(not_connecting_SUBSCRIBER_ROS_SECURITY_STRATEGY_LIST "Enforce;Permissive")
list(LENGTH non_secure_comm_PUBLISHER_ROS_SECURITY_ENABLE_LIST n_non_secure_tests)
list(LENGTH secure_comm_PUBLISHER_ROS_SECURITY_ENABLE_LIST n_secure_communication_tests)
list(LENGTH not_connecting_PUBLISHER_ROS_SECURITY_ENABLE_LIST n_not_connecting_tests)
foreach(message_file ${message_files})
get_filename_component(TEST_MESSAGE_TYPE "${message_file}" NAME_WE)
set(index 0)
# configure all non secure communication tests
set(SUBSCRIBER_SHOULD_TIMEOUT "false")
while(index LESS ${n_non_secure_tests})
# here we define all the variables needed for security template expansion
list(GET non_secure_comm_PUBLISHER_ROS_SECURITY_ENABLE_LIST ${index} PUBLISHER_ROS_SECURITY_ENABLE)
list(GET SUBSCRIBER_ROS_SECURITY_ENABLE_LIST ${index} SUBSCRIBER_ROS_SECURITY_ENABLE)
list(GET PUBLISHER_ROS_SECURITY_STRATEGY_LIST ${index} PUBLISHER_ROS_SECURITY_STRATEGY)
list(GET SUBSCRIBER_ROS_SECURITY_STRATEGY_LIST ${index} SUBSCRIBER_ROS_SECURITY_STRATEGY)
list(GET PUBLISHER_ROS_SECURITY_KEYSTORE_LIST ${index} PUBLISHER_ROS_SECURITY_KEYSTORE)
list(GET SUBSCRIBER_ROS_SECURITY_KEYSTORE_LIST ${index} SUBSCRIBER_ROS_SECURITY_KEYSTORE)
set(test_suffix "__${TEST_MESSAGE_TYPE}${suffix}__non_secure_comm_${index}")
configure_file(
test/test_secure_publisher_subscriber.py.in
test_secure_publisher_subscriber${test_suffix}.py.configured
@ONLY
)
file(GENERATE
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}_$<CONFIG>.py"
INPUT "${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}.py.configured"
)
math(EXPR index "${index} + 1")
add_launch_test(
"${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}_$<CONFIG>.py"
TARGET test_secure_publisher_subscriber${test_suffix}
APPEND_LIBRARY_DIRS "${append_library_dirs}"
ENV
PATH="${TEST_PATH}"
TIMEOUT 20
)
if(TEST test_secure_publisher_subscriber${test_suffix})
set_tests_properties(
test_secure_publisher_subscriber${test_suffix}
PROPERTIES DEPENDS "test_secure_publisher_cpp__${rmw_implementation};test_secure_subscriber_cpp__${rmw_implementation}"
FIXTURES_REQUIRED "sros_artifacts"
)
endif()
endwhile()
set(index 0)
set(SUBSCRIBER_SHOULD_TIMEOUT "false")
set(PUBLISHER_ROS_SECURITY_KEYSTORE "${KEYSTORE_DIRECTORY_NATIVE_PATH}")
set(SUBSCRIBER_ROS_SECURITY_KEYSTORE "${KEYSTORE_DIRECTORY_NATIVE_PATH}")
# configure all secure communication tests
while(index LESS ${n_secure_communication_tests})
# here we define all the variables needed for security template expansion
list(GET secure_comm_PUBLISHER_ROS_SECURITY_ENABLE_LIST ${index} PUBLISHER_ROS_SECURITY_ENABLE)
list(GET secure_comm_SUBSCRIBER_ROS_SECURITY_ENABLE_LIST ${index} SUBSCRIBER_ROS_SECURITY_ENABLE)
list(GET secure_comm_PUBLISHER_ROS_SECURITY_STRATEGY_LIST ${index} PUBLISHER_ROS_SECURITY_STRATEGY)
list(GET secure_comm_SUBSCRIBER_ROS_SECURITY_STRATEGY_LIST ${index} SUBSCRIBER_ROS_SECURITY_STRATEGY)
set(test_suffix "__${TEST_MESSAGE_TYPE}${suffix}__secure_comm_${index}")
configure_file(
test/test_secure_publisher_subscriber.py.in
test_secure_publisher_subscriber${test_suffix}.py.configured
@ONLY
)
file(GENERATE
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}_$<CONFIG>.py"
INPUT "${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}.py.configured"
)
math(EXPR index "${index} + 1")
add_launch_test(
"${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}_$<CONFIG>.py"
TARGET test_secure_publisher_subscriber${test_suffix}
APPEND_LIBRARY_DIRS "${append_library_dirs}"
ENV
PATH="${TEST_PATH}"
TIMEOUT 20
)
if(TEST test_secure_publisher_subscriber${test_suffix})
set_tests_properties(
test_secure_publisher_subscriber${test_suffix}
PROPERTIES DEPENDS "test_secure_publisher_cpp__${rmw_implementation};test_secure_subscriber_cpp__${rmw_implementation}"
FIXTURES_REQUIRED "sros_artifacts"
)
endif()
endwhile()
set(index 0)
set(PUBLISHER_ROS_SECURITY_KEYSTORE "${KEYSTORE_DIRECTORY_NATIVE_PATH}")
set(SUBSCRIBER_ROS_SECURITY_KEYSTORE "${KEYSTORE_DIRECTORY_NATIVE_PATH}")
set(SUBSCRIBER_SHOULD_TIMEOUT "true")
# configure all not connecting tests
while(index LESS ${n_not_connecting_tests})
# here we define all the variables needed for security template expansion
list(GET not_connecting_PUBLISHER_ROS_SECURITY_ENABLE_LIST ${index} PUBLISHER_ROS_SECURITY_ENABLE)
list(GET not_connecting_SUBSCRIBER_ROS_SECURITY_ENABLE_LIST ${index} SUBSCRIBER_ROS_SECURITY_ENABLE)
list(GET not_connecting_PUBLISHER_ROS_SECURITY_STRATEGY_LIST ${index} PUBLISHER_ROS_SECURITY_STRATEGY)
list(GET not_connecting_SUBSCRIBER_ROS_SECURITY_STRATEGY_LIST ${index} SUBSCRIBER_ROS_SECURITY_STRATEGY)
set(test_suffix "__${TEST_MESSAGE_TYPE}${suffix}__secure_not_connecting_${index}")
configure_file(
test/test_secure_publisher_subscriber.py.in
test_secure_publisher_subscriber${test_suffix}.py.configured
@ONLY
)
file(GENERATE
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}_$<CONFIG>.py"
INPUT "${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}.py.configured"
)
math(EXPR index "${index} + 1")
add_launch_test(
"${CMAKE_CURRENT_BINARY_DIR}/test_secure_publisher_subscriber${test_suffix}_$<CONFIG>.py"
TARGET test_secure_publisher_subscriber${test_suffix}
APPEND_LIBRARY_DIRS "${append_library_dirs}"
ENV
PATH="${TEST_PATH}"
TIMEOUT 20
)
if(TEST test_secure_publisher_subscriber${test_suffix})
set_tests_properties(
test_secure_publisher_subscriber${test_suffix}
PROPERTIES DEPENDS "test_secure_publisher_cpp__${rmw_implementation};test_secure_subscriber_cpp__${rmw_implementation}"
FIXTURES_REQUIRED "sros_artifacts"
)
endif()
endwhile()
endforeach()
endmacro()
macro(targets)
set(ENV_PATH "$ENV{PATH}")
file(TO_CMAKE_PATH "${ENV_PATH}" ENV_PATH)
set(TEST_PATH "${ENV_PATH}")
if(rmw_implementation MATCHES "rmw_connext(.*)")
# Connext 5.3.1 needs RTI's OpenSSL binaries (based on EOL 1.0.2) to be
# on the PATH at runtime as the system version of OpenSSL is not supported
set(RTI_BIN_PATH "$ENV{RTI_OPENSSL_BIN}")
file(TO_CMAKE_PATH "${RTI_BIN_PATH}" RTI_BIN_PATH)
set(TEST_PATH "${RTI_BIN_PATH};${ENV_PATH}")
endif()
if(NOT WIN32)
string(REPLACE ";" ":" TEST_PATH "${TEST_PATH}")
endif()
# TODO(jacobperron) Disable Connext on Windows until we fix issue with CI
# TODO(asorbini): Remove exceptions once ros2/rmw_connext is deprecated.
if(
(rmw_implementation STREQUAL "rmw_connext_cpp" AND NOT WIN32) OR
(rmw_implementation STREQUAL "rmw_connext_dynamic_cpp" AND NOT WIN32) OR
(rmw_implementation STREQUAL "rmw_connextdds" AND NOT WIN32) OR
rmw_implementation STREQUAL "rmw_fastrtps_cpp" OR
rmw_implementation STREQUAL "rmw_fastrtps_dynamic_cpp" OR
rmw_implementation STREQUAL "rmw_cyclonedds_cpp"
)
custom_security_test_c(test_security_nodes_c
"test/test_invalid_secure_node_creation_c.cpp")
security_tests()
endif()
endmacro()
if(SECURITY)
# executables secure publisher / subscriber
custom_executable(test_secure_publisher_cpp
"test/test_secure_publisher.cpp")
custom_executable(test_secure_subscriber_cpp
"test/test_secure_subscriber.cpp")
set(append_library_dirs "${CMAKE_CURRENT_BINARY_DIR}")
if(WIN32)
set(append_library_dirs "${append_library_dirs}/$<CONFIG>")
string(REPLACE "\\" "\\\\" RTI_OPENSSL_LIBS "$ENV{RTI_OPENSSL_LIBS}")
set(append_library_dirs "${append_library_dirs};${RTI_OPENSSL_LIBS}")
# TODO(mikaelarguedas) uncomment this once Connext supports OpenSSL 1.1.1
# in the meantime use RTI_OPENSSL_LIBS
# elseif(APPLE)
# # connext need the openssl libraries to be on the DYLD_LIBRARY_PATH at runtime
# # as SIP strips these variables on recent MacOS we populate them here
# # see https://github.com/ros2/ros2/issues/409
# execute_process(
# COMMAND "brew" "--prefix" "openssl"
# RESULT_VARIABLE _retcode
# OUTPUT_VARIABLE _out_var
# ERROR_VARIABLE _error_var
# )
# if(NOT _retcode EQUAL 0)
# message(FATAL_ERROR "command 'brew --prefix openssl' failed with error code '${_retcode}' and error message '${_error_var}'")
# endif()
# string(STRIP "${_out_var}" _out_var)
# set(openssl_lib_path "${_out_var}/lib")
# file(TO_NATIVE_PATH "${openssl_lib_path}" openssl_lib_path)
# set(append_library_dirs "${append_library_dirs};${openssl_lib_path}")
else()
set(append_library_dirs "${append_library_dirs}:$ENV{RTI_OPENSSL_LIBS}")
endif()
# finding gtest once in the highest scope
# prevents finding it repeatedly in each local scope
ament_find_gtest()
set(KEYSTORE_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/test/test_security_files")
if(WIN32)
string(REPLACE "/" "\\\\" KEYSTORE_DIRECTORY_NATIVE_PATH "${KEYSTORE_DIRECTORY}")
else()
set(KEYSTORE_DIRECTORY_NATIVE_PATH "${KEYSTORE_DIRECTORY}")
endif()
#
# CTest Fixtures
#
# These fixtures are set up as needed at the beginning of the test run to
# support any selected tests which require them.
#
# * sros_artifacts: This fixture generates SROS2 security artifacts needed
# for the tests in this package.
#
find_program(ROS2_EXECUTABLE ros2)
add_test(NAME sros_artifacts
COMMAND ${CMAKE_COMMAND}
"-DROS2_EXECUTABLE=${ROS2_EXECUTABLE}"
"-DKEYSTORE_DIRECTORY=${KEYSTORE_DIRECTORY}"
"-DKEYSTORE_DIRECTORY_NATIVE_PATH=${KEYSTORE_DIRECTORY_NATIVE_PATH}"
"-P${CMAKE_CURRENT_SOURCE_DIR}/test/sros_artifacts.cmake"
)
set_tests_properties(sros_artifacts PROPERTIES
FIXTURES_SETUP sros_artifacts
)
call_for_each_rmw_implementation(targets)
endif()
endif() # BUILD_TESTING
ament_auto_package()