From 8af9f34d88699de3003d54e1e0739c64a30b231f Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Mon, 10 Jun 2024 17:51:52 +0000 Subject: [PATCH 1/3] [StepSecurity] ci: Harden GitHub Actions Signed-off-by: StepSecurity Bot --- .github/workflows/build-ROS2-package-CI.yaml | 4 +-- .github/workflows/buildsCI.yaml | 32 ++++++++++---------- .github/workflows/static_analysis.yaml | 6 ++-- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build-ROS2-package-CI.yaml b/.github/workflows/build-ROS2-package-CI.yaml index 10967c8081..3cf92da027 100644 --- a/.github/workflows/build-ROS2-package-CI.yaml +++ b/.github/workflows/build-ROS2-package-CI.yaml @@ -38,12 +38,12 @@ jobs: steps: - name: setup ROS environment - uses: ros-tooling/setup-ros@v0.7 + uses: ros-tooling/setup-ros@44e00e21351330f8dbc9f298bc179cd0c7910477 # v0.7 with: required-ros-distributions: ${{ matrix.ros_distribution }} - name: build librealsense ROS 2 - uses: ros-tooling/action-ros-ci@v0.3 + uses: ros-tooling/action-ros-ci@0c87ffc035492b66c9afb9159ca9664fb0b513e1 # v0.3 with: target-ros2-distro: ${{ matrix.ros_distribution }} skip-tests: true diff --git a/.github/workflows/buildsCI.yaml b/.github/workflows/buildsCI.yaml index 62c95f8cf2..e27dee3123 100644 --- a/.github/workflows/buildsCI.yaml +++ b/.github/workflows/buildsCI.yaml @@ -27,7 +27,7 @@ jobs: runs-on: windows-2019 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Enable Long Paths shell: powershell @@ -69,7 +69,7 @@ jobs: runs-on: windows-2019 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Enable Long Paths shell: powershell @@ -111,8 +111,8 @@ jobs: runs-on: windows-2019 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3.1.4 with: python-version: '3.8.1' @@ -171,8 +171,8 @@ jobs: runs-on: windows-2019 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3.1.4 with: python-version: '3.8.1' @@ -222,8 +222,8 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/setup-python@3542bca2639a428e1796aaa6a2ffef0c0f575566 # v3.1.4 with: python-version: '3.8.1' @@ -264,7 +264,7 @@ jobs: runs-on: ubuntu-22.04 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Prebuild shell: bash @@ -297,7 +297,7 @@ jobs: ./live-test -d yes -i [software-device] - name: Upload RS log artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: Log file - U22_ST_Py_EX_CfU_LiveTest path: build/*.log @@ -318,7 +318,7 @@ jobs: runs-on: ubuntu-20.04 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Prebuild shell: bash @@ -361,7 +361,7 @@ jobs: runs-on: ubuntu-20.04 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Prebuild shell: bash @@ -419,7 +419,7 @@ jobs: env: LRS_BUILD_NODEJS: true steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Check_API shell: bash @@ -459,7 +459,7 @@ jobs: ./live-test -d yes -i [software-device] - name: Upload RS log artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: Log file - U22_SH_RSUSB_LiveTest path: build/*.log @@ -481,7 +481,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Check_API shell: bash @@ -515,7 +515,7 @@ jobs: runs-on: ubuntu-20.04 timeout-minutes: 60 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Check_API shell: bash diff --git a/.github/workflows/static_analysis.yaml b/.github/workflows/static_analysis.yaml index fb299cd34a..95930b7a3c 100644 --- a/.github/workflows/static_analysis.yaml +++ b/.github/workflows/static_analysis.yaml @@ -14,7 +14,7 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Install shell: bash @@ -64,7 +64,7 @@ jobs: && echo "No diffs found in cppcheck_run.parsed.log" - name: Upload logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: cppcheck_log path: | @@ -105,7 +105,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: "Install Dependencies" run: | From 07e57c254332a4959478692ad08bcc6352c1b465 Mon Sep 17 00:00:00 2001 From: Nir Azkiel Date: Sun, 9 Jun 2024 19:16:40 +0300 Subject: [PATCH 2/3] update NVIDIA docs (cherry picked from commit 583288d9ce6138cf5d9dc85d6ccb0c11db4c4f3c) --- doc/installation_jetson.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/installation_jetson.md b/doc/installation_jetson.md index 3ac47dfad3..458c2ecd6e 100644 --- a/doc/installation_jetson.md +++ b/doc/installation_jetson.md @@ -1,4 +1,4 @@ -# Nvidia Jetson Devices +# NVIDIA® Jetson™ Devices **NOTE**: See [support-matrix.md](./support-matrix.md) to learn more about Jetson support for RealSense devices. @@ -8,14 +8,14 @@ ### 1. Prerequisites -* Nvidia® **Jetson Nano™**, **Jetson TX2™**, **Jetson AGX Xavier™** or **Jetson Orin™** board (may also work on other Jetson devices) +* NVIDIA® **Jetson Nano™**, **Jetson TX2™**, **Jetson AGX Xavier™** or **Jetson Orin™** board (may also work on other Jetson devices) * A supported RealSense Camera device ### 2. Establish Developer's Environment -Follow [official instructions](https://developer.nvidia.com/embedded/learn/getting-started-jetson) to get your board ready. This guide will assume you are using **Nvidia® L4T Ubuntu 16.04/18.04/20.04/22.04** image with kernels 4.9/5.10/5.15. Note that in most cases it is necessary to install a toll named "SDK Manager" to flash and install **Jetson** boards with both the L4T (Linux for Tegra) and Nvidia-specific software packages (CUDA, Tensor Flow, AI, etc.) +Follow [official instructions](https://developer.nvidia.com/embedded/learn/getting-started-jetson) to get your board ready. This guide will assume you are using **NVIDIA® L4T Ubuntu 18.04/20.04/22.04** image with kernels 4.9/5.10/5.15. Note that in most cases it is necessary to install a toll named "SDK Manager" to flash and install **Jetson** boards with both the L4T (Linux for Tegra) and NVIDIA-specific software packages (CUDA, Tensor Flow, AI, etc.) -For **Jetson Orin™** with JetPack 6.0 you will need to follow build for MIPI driver as Nvidia released Kernel 5.15 default configuration with disabled HID: [Intel® RealSense™ camera driver for GMSL* interface](https://github.com/IntelRealSense/realsense_mipi_platform_driver) +For **Jetson Orin™** with JetPack 6.0 you will need to follow build for MIPI driver as NVIDIA released Kernel 5.15 default configuration with disabled HID: [Intel® RealSense™ camera driver for GMSL* interface](https://github.com/IntelRealSense/realsense_mipi_platform_driver) For **Jetson Nano™** we strongly recommend enabling the Barrel Jack connector for extra power (See [jetsonhacks.com/jetson-nano-use-more-power/](https://www.jetsonhacks.com/2019/04/10/jetson-nano-use-more-power/) to learn how) @@ -39,10 +39,10 @@ If that's the case, what is the dilemma? In order to enable the full capabilities of RealSense devices certain modifications in the kernel (driver) modules shall be applied, such as support of Depth-related streaming formats and access to per-frame metadata attributes. There is a small set of generic kernel changes that are mostly retrofitted with more advanced kernel versions aimed at improving the overall drivers stability. -Nvidia's L4T delivers an Ubuntu-based distribution with a customized kernel based on version 4.9/5.10. The way the kernel is configured and deployed is different from a desktop Ubuntu image with two notable differences being the list of kernel modules included in default configuration and the way a new image is flashed. +NVIDIA's L4T delivers an Ubuntu-based distribution with a customized kernel based on version 4.9/5.10. The way the kernel is configured and deployed is different from a desktop Ubuntu image with two notable differences being the list of kernel modules included in default configuration and the way a new image is flashed. And while it is possible to rebuild and flash a new kernel image the procedure can be perceived as challenging and shall be performed with extra caution. -This guide comes with a script that allows to modify the kernel modules with Librealsense2-related patches without replacing the kernel image. The script has been verified with **Jetson AGX Xavier™** board using L4T versions 4.2.3, 4.3, 4.4 (Sept 2020) and 5.0.2. Scroll to the end of the guide for details. +This guide comes with a script that allows to modify the kernel modules with Librealsense2-related patches without replacing the kernel image. The script has been verified with **Jetson AGX Xavier™** board using L4T versions 4.6.1 (Sept 2020) and 5.0.2. Scroll to the end of the guide for details. ### 4. Install with Debian Packages The minimum JetPack SDK required to run the precompiled Debians is [JetPack version 4.4.1](https://developer.nvidia.com/jetpack-sdk-441-archive) ( L4T 32.4.4 , CUDA version 10.2). @@ -93,7 +93,7 @@ You can also double-TAB after typing `rs-` to see the full list of SDK examples. ⮕ Use the V4L Native backend by applying the kernel patching -The method was verified with **Jetson AGX** boards with JetPack **4.2.3**[L4T 32.2.1,32.2.3], **4.3**[L4T 32.3.1], **4.4**[L4T 32.4.3], **4.5.1**[L4T 32.5.1] and **5.0.2**[L4T 35.1.0]. +The method was verified with **Jetson AGX** boards with JetPack **4.4**[L4T 32.4.3], **4.6.1**[L4T 32.7.1] and **5.0.2**[L4T 35.1.0]. The method has not yet been verified on the **Jetson Nano** board. @@ -138,7 +138,7 @@ This method is incompatible for board **Jetson Orin™** with JetPack 6.0, check cmake .. -DBUILD_EXAMPLES=true -DCMAKE_BUILD_TYPE=release -DFORCE_RSUSB_BACKEND=false -DBUILD_WITH_CUDA=true && make -j$(($(nproc)-1)) && sudo make install ``` - The CMAKE `-DBUILD_WITH_CUDA=true` flag assumes CUDA modules are installed. If not, please reconnect the board to the Ubuntu Host PC and use Nvidia `SDK Manager` tool to install the missing components. + The CMAKE `-DBUILD_WITH_CUDA=true` flag assumes CUDA modules are installed. If not, please reconnect the board to the Ubuntu Host PC and use NVIDIA `SDK Manager` tool to install the missing components. * **Connect Realsense Device, run `realsense-viewer` and inspect the results** From 436572061765fd5b2d110b3b184cb993f5dbbb5c Mon Sep 17 00:00:00 2001 From: Joanne Nguyen Date: Fri, 18 Oct 2024 11:09:35 -0500 Subject: [PATCH 3/3] added Exported or NotExported flags to receivers for Android 12+ --- .../realsense/librealsense/Enumerator.java | 24 ++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/wrappers/android/librealsense/src/main/java/com/intel/realsense/librealsense/Enumerator.java b/wrappers/android/librealsense/src/main/java/com/intel/realsense/librealsense/Enumerator.java index 35193d3250..5036b430b8 100644 --- a/wrappers/android/librealsense/src/main/java/com/intel/realsense/librealsense/Enumerator.java +++ b/wrappers/android/librealsense/src/main/java/com/intel/realsense/librealsense/Enumerator.java @@ -5,6 +5,7 @@ import android.content.Intent; import android.content.IntentFilter; import android.hardware.usb.UsbManager; +import android.os.Build; import android.os.Handler; import android.os.HandlerThread; import android.os.Looper; @@ -64,9 +65,26 @@ public Enumerator(Context context, DeviceListener listener){ mListener = listener; mContext = context; - context.registerReceiver(mBroadcastReceiver, new IntentFilter(UsbUtilities.ACTION_USB_PERMISSION)); - context.registerReceiver(mBroadcastReceiver, new IntentFilter(UsbManager.ACTION_USB_DEVICE_ATTACHED)); - context.registerReceiver(mBroadcastReceiver, new IntentFilter(UsbManager.ACTION_USB_DEVICE_DETACHED)); + // Extra flag to counteract the extra requirements to pass an exported or not-exported value + // when broadcasting for Android 12 and up. + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) { + context.registerReceiver(mBroadcastReceiver, + new IntentFilter(UsbUtilities.ACTION_USB_PERMISSION), + Context.RECEIVER_EXPORTED); + + context.registerReceiver(mBroadcastReceiver, + new IntentFilter(UsbManager.ACTION_USB_DEVICE_ATTACHED), + Context.RECEIVER_EXPORTED); + + context.registerReceiver(mBroadcastReceiver, + new IntentFilter(UsbManager.ACTION_USB_DEVICE_DETACHED), + Context.RECEIVER_EXPORTED); + } else { + // For pre-Android 12 versions, use the standard registerReceiver without the export flag + context.registerReceiver(mBroadcastReceiver, new IntentFilter(UsbUtilities.ACTION_USB_PERMISSION)); + context.registerReceiver(mBroadcastReceiver, new IntentFilter(UsbManager.ACTION_USB_DEVICE_ATTACHED)); + context.registerReceiver(mBroadcastReceiver, new IntentFilter(UsbManager.ACTION_USB_DEVICE_DETACHED)); + } onDeviceAttach(context); }