Timezone aware datetimes + remove hack from #209 #300
Conversation
|
@marcoag @clalancette is it possible to launch a round of CI for this PR please 🙏 |
|
sros2/test/sros2/commands/security/verbs/test_create_enclave.py
Outdated
Show resolved
Hide resolved
|
@ruffsl interested in having your feedback on this. (all info in the description of the PR) |
|
CI on WIndows is failing because CI is using a lower version of Python than the one defined in REP-2000. |
I commented over there, but in short, we are not going to be able to update Python. So we'll have to figure out another solution. |
mikaelarguedas
force-pushed
the
timezone-aware-datetimes
branch
from
5006e37
to
1752d32
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## rolling #300 +/- ##
===========================================
+ Coverage 77.35% 77.38% +0.03%
===========================================
Files 25 25
Lines 627 628 +1
Branches 66 66
===========================================
+ Hits 485 486 +1
Misses 121 121
Partials 21 21
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
|
|
Signed-off-by: Mikael Arguedas <[email protected]>
Python 3.8 compatible because windows Signed-off-by: Mikael Arguedas <[email protected]>
Signed-off-by: Mikael Arguedas <[email protected]>
mikaelarguedas
force-pushed
the
timezone-aware-datetimes
branch
from
fefd058
to
03a1e3e
Compare
| <xsl:param name="not_valid_before" select="'2020-05-01T00:00:00'"/> | ||
| <xsl:param name="not_valid_after" select="'2030-05-01T00:00:00'"/> | ||
| <xsl:param name="not_valid_before" select="'2020-05-01T00:00:00+00:00'"/> | ||
| <xsl:param name="not_valid_after" select="'2030-05-01T00:00:00+00:00'"/> |
There was a problem hiding this comment.
Do we want to use +00:00 or Z here?
From the OP ticket:
The time zone may be specified as Z (UTC) or (+|-)hh:mm.
Not sure if this (formatting choice) was the original point of issue here.
There was a problem hiding this comment.
Yeah I initially tried this 2754240 but one of the issues is that Python has pretty limited support for it.
The ability to parse a string in that format appeared in Python 3.11.
And even in Python 3.12, the printing in isoformat is not configurable and outputs the +HH:MM.
I guess we can revisit if the testing of this with connext show the issue still exists with version 6.0.1.
| @@ -75,8 +76,15 @@ def create_permission_file(path: pathlib.Path, domain_id, policy_element) -> Non | |||
|
|
|||
| cert_path = path.parent.joinpath('cert.pem') | |||
| cert_content = _utilities.load_cert(cert_path) | |||
| kwargs['not_valid_before'] = etree.XSLT.strparam(cert_content.not_valid_before.isoformat()) | |||
| kwargs['not_valid_after'] = etree.XSLT.strparam(cert_content.not_valid_after.isoformat()) | |||
| # TODO replace "not_valid_before"/"not_valid_after" functions by | |||
There was a problem hiding this comment.
Sad to read about that window holding back and blocking the python REP updates, given the Qt release changes. I hope the latest minor release of cryptography is still secure and up-to-date for all platforms. :<
| # when extracting it from the permissions file and thinking it's in the future | ||
| # https://github.com/ros2/ci/pull/436#issuecomment-624874296 | ||
| utcnow - datetime.timedelta(days=1) | ||
| utcnow |
There was a problem hiding this comment.
I'm kind of the opinion if it still broken for a DDS vendor by now, then that's more concerning. I've no longer have an active licence, but I could go ask for a renewal to verify this if you'd like.
There was a problem hiding this comment.
yeah so its a bit tricky,
the version shipped with the Jazzy binaries fails to run the launcher:
/opt/rti.com/rti_connext_dds-6.0.1/bin/rtilauncher
Gtk-Message: 09:06:35.729: Failed to load module "canberra-gtk-module"
No RTI workspace was created.
Please contact RTI Support (https://support.rti.com)
The only one I saw available on their website is 7.3.0.
And 7.3.0 is not API compatible with 6.0.1 so I cannot launch nodes
I could try to install the rtipkg from commandline but not sure where to download them if not from the rti website or launcher..
Maybe someone at Open Robotics could give this PR a try ? (as osrf has both license and installer backed up)
@clalancette do you know anyone we could reach out for that could test this ?
So there is a larger issue here, how do people install connext with security plugins for any active ROS 2 distro ?
There was a problem hiding this comment.
@ahcorde Hey there 👋
The PR I dont have the ability to test myself we were chatting about offline today
|
@marcoag mind giving this a try with connect? 🧇 |
This PR (basically a redo of #210) does:
I dont have a connext setup (license plugins etc right now) and the ROS 2 CI machines seem to be UTC so maybe they wont reflect the issue. If a reviewer that is behind UTC and has the right setup can give it a try that'd be awesome