AICA
Updating custom component packages after ROS signing key expiration #293
Pinned
eeberhard
announced in
General Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
This message is to inform AICA System users about an error surrounding ROS images that may affect users who want to build custom ROS packages with the SDK.
What happened?
ROS is a collection of open-source software packages maintained by the OSRA. The software is distributed through package registries, and signing keys are used to ensure that software clients are downloading the authentic versions of the software.
The current set of signing keys expired on June 01, 2025. This means that software clients that try to access the software with the expired signing keys will fail to download the packages. The OSRA infrastructure team has now updated their keys, which requires all software clients to also update how they access the software.
More information can be found in this thread: https://discourse.ros.org/t/ros-signing-key-migration-guide/43937/25
Who is impacted?
This notice is relevant to you if you are an SDK user utilizing custom ROS packages within the AICA System. Because we use ROS dependencies in our component SDK, rebuilding component packages will fail because of expired signing keys on the ROS repositories.
What is the fix?
We have updated our base docker images to use the new signing keys. To build custom components, you will need to use the latest version of the component template. To update an existing package, upgrade the build image to
v2.0.5-jazzyor newer in theaica-package.tomlfile, as can be seen in this change: https://github.com/aica-technology/component-template/pull/16/filesPlease reply to this announcement if you have any questions or comments!
Beta Was this translation helpful? Give feedback.
All reactions