Gabriel Aguiar Noury
on 27 January 2023
ROS Melodic EOL is around the corner. With more than 1,004 repositories in rosdistro, Melodic is among the top 3 ROS distributions (with Indigo and Kinetic). Together with Ubuntu 18.04 LTS, Melodic was widely used by many pioneering companies who deployed the first ROS devices to market. By the end of April, both distributions will reach EOL.
ROS 2 Foxy is also approaching EOL this year. While the number of devices deployed with Foxy is low, Foxy’s EOL will also impact some of us. In this blog, we will cover the implications for robot makers and the different options you have to keep your machines running smoothly.
Implications of ROS Melodic EOL and ROS 2 Foxy EOL
From April 2023, ROS Melodic EOL and ROS 2 Foxy EOL will stop getting any maintenance. For companies with deployed devices, this could become a major obstacle. For those using ROS Melodic, Ubuntu 18.04 will also reach the end of the standard support.
Most organisations using robots need to comply with cybersecurity requirements. Using the company network for a device with software no longer supported is a breach of these requirements (from a simple laptop to a robot). As such, robotics users will reasonably demand their robotics suppliers to update their devices. The consequences of failing to do so could vary and they cannot be taken lightly.
Take for instance ROS Kinetic EOL, which entered EOL in April 2020. Canonical has released more than 1,400 CVE patches for our ESM customers using ROS Kinetic and Ubuntu 16.04 ESM. Companies that have not updated their fleet of devices are missing patches for critical, high and medium Common Vulnerabilities and Exposures (CVEs). This makes their devices and users a target.
What can you do if you’re impacted by ROS 2 Foxy and ROS Melodic EOL?
Companies with deployed devices in the market should migrate to a supported distribution.
If you have major dependencies that rely on ROS 1, then the most reasonable step is to stay in ROS 1. The latest LTS distribution for ROS 1 is Noetic. But please keep in mind:
- Some of your ROS packages may still need to be supported in newer distributions of ROS.
- Some APIs from your current configuration might depend on specific versions of the applications and libraries of Ubuntu Xenial. For example, Python 2.7 is no longer supported by ROS 1 Noetic or ROS 2 (For more information please read transitioning to Python 3).
You can also move to ROS 2. If you are already using Foxy, you know that ROS 2 provided several benefits over ROS 1. However, migrating is not a straightforward process. ROS 2 comes with a learning curve, a different build environment, more C++ 11, a higher number of built-in functions and support for Python 3 only. Here you can find a complete migration guide for ROS 2 Humble.
Keep in mind that you will also need to address your migration path for Ubuntu. We advise you to have a look at Ubuntu Core. While Ubuntu Desktop and Server can be used for robotics, Ubuntu Core is optimised for these kinds of devices. With out-of-the-box features such as OTA update control, low-touch device recovery, strict confinement, secure boot, and more, Ubuntu Core makes it easier to deploy and manage devices. It also comes with a longer window of standard support: 10 years. That’s ideal for robots that have to be out there in the field for a while.
The migration shouldn’t be painful. Bundling all your dependencies using snaps, you can move from your Desktop or Server system to Core.
- Learn more about ROS deployment with our documentation
Can’t migrate? Get Canonical’s ROS ESM
Sometimes migration is not straightforward. Migrating a vast code base of robots takes time and resources. Dealing with dependency changes can be troublesome. It also implies redoing the whole test phase as well as re-experiment the stability. Besides, simply recalling devices from the field could represent a major task for your organization. Sometimes, robots might operate in mission-critical systems where downtime could create major losses.
While the aim is to migrate eventually, you might need some time. ESM gives you 5 extra years before ROS Melodic EOL and ROS 2 Foxy EOL.
Canonical’s ROS ESM (short for Expanded Security Maintenance) addresses these issues. As part of the Ubuntu Pro subscription, ROS ESM gives you up to 5 more years of security maintenance for ROS 1 Kinetic and Melodic, and ROS 2 Foxy.
ROS ESM covers REP-142 ‘ros_base’ for ROS 1 Kinetic and Melodic and its equivalent ‘ros core’ for ROS 2 Foxy. This includes packages as python-catkin, python-rosdep, ros-${ROS_DISTRO}-ros-core…, ros-${ROS_DISTRO}-genmsg/rosbag…, per supported ROS distribution.
For more information about ROS ESM:
- Visit ROS ESM website
- Read our FAQ blog
Beyond ROS 2 Foxy and ROS Melodic EOL
While ROS 2 Foxy is not a widely adopted ROS distribution, ROS Melodic is. Paired with Ubuntu 18.04, Melodic is built on top of more than 2,300 packages from Ubuntu Main repositories. You find packages such as Python, OpenSSL, OpenVPN, network-manager, sed, curl, systemd, udev, bash, OpenSSH, login, libc… Packages that will stop getting standard support for Ubuntu 18.04.
Beyond Ubuntu Main, companies also leverage packages from Ubuntu Universe. More than 23,000 packages are in this category. For example, Boost, Qt, OpenCV, PCL, python-(argcomplete, opencv, pybind11, png…), cython, eigen, GTK, FFMPEG… Some of these packages will also reach their EOL. For the whole list of what’s included in Main, you can visit the Ubuntu Packages Search tool.
Ubuntu Pro now covers the whole stack; ROS, Main and Universe to provide companies with a definitive solution. All of these are under a single subscription for up to 5 extra years.
ROS ESM is part of Ubuntu Pro
ESM is part of the Ubuntu Pro subscription. Besides getting ESM, customers can also enjoy other services like:
- Ubuntu systems management with Landscape.
- Kernel Livepatch service to avoid reboots.
- Security certification (e.g. FIPS and CIS)
- 24/7, open source software support for the entire stack.
- Access to the real-time kernel.
For more information about the Ubuntu Pro subscription visit the webpage, and the service description.
Consuming ROS ESM updates
You can consume only security-related updates, or both security updates and bug fixes when you purchase Ubuntu Pro. This user introduction document has all you need to get started. In essence, you do not have to make changes to your current ROS application. ROS ESM simply enables a new PPA for you to consume updates. This reduces the downtime or resources needed to migrate to ROS ESM.
For more information read our FAQ blog about ROS ESM.
Moving forward
ROS ESM extends the support window of ROS and Ubuntu an extra 5 years. While ROS ESM allows you to be compliant for the time being, you can also explore your migration path.
For instance, you can use tools like the ROS 1 – ROS 2 bridge. This can help you develop new features on ROS2 while keeping your current ROS1 with the security offered by ESM. It gives you some latitude to plan your next move.
Summary- ROS 2Foxy and ROS Melodic EOL implications
As ROS Melodic, ROS 2 Foxy and Ubuntu 18.04 reach EOL in April of 2023, companies that have deployed devices with this LTS need to take action. Staying on an EOL distribution is a security risk that device manufacturers can’t afford. While migration to a supported LTS is the main recommendation, we understand this is not possible for everyone. If that’s the case for you, you can rely on ESM to get extra time.
Get in touch if you need advice on the best path for your company.