[bug#59053] [PATCH] gnu: Add spectre-meltdown-checker.

[Hilton Chain]

* 
gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch: 
New file.
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                  |  1 +
 gnu/packages/linux.scm                        | 41 +++++++++++++++++++
 ...n-checker-support-guix-system-kernel.patch | 26 ++++++++++++
 3 files changed, 68 insertions(+)
 create mode 100644 
gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index eb6ac3df58..88c1fa6278 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1848,6 +1848,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/syslinux-strip-gnu-property.patch       \
   %D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch      \
   %D%/packages/patches/snappy-add-inline-for-GCC.patch         \
+  
%D%/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch \
   %D%/packages/patches/sphinxbase-fix-doxygen.patch            \
   %D%/packages/patches/spice-vdagent-glib-2.68.patch           \
   %D%/packages/patches/sssd-optional-systemd.patch             \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cf11a7fc1b..db199869a7 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9512,3 +9512,44 @@ (define-public tp-smapi-module
 @acronym{SMAPI, System Management Application Program Interface} and direct
 access to the embedded controller.")
     (license license:gpl2+)))
+
+(define-public spectre-meltdown-checker
+  (package
+    (name "spectre-meltdown-checker")
+    (version "0.45")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/speed47/spectre-meltdown-checker";)
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (patches
+               (search-patches
+                ;; https://github.com/speed47/spectre-meltdown-checker/pull/441
+                "spectre-meltdown-checker-support-guix-system-kernel.patch"))
+              (sha256
+               (base32
+                "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+    (build-system copy-build-system)
+    (arguments
+     (list #:install-plan
+           #~'(("spectre-meltdown-checker.sh" "bin/spectre-meltdown-checker"))
+           #:phases
+           #~(modify-phases %standard-phases
+               (add-after 'unpack 'fixpath
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (substitute* "spectre-meltdown-checker.sh"
+                     (("\\$\\{opt_arch_prefix\\}readelf")
+                      (search-input-file inputs "/bin/readelf"))
+                     (("perl")
+                      (search-input-file inputs "/bin/perl"))))))))
+    (inputs (list binutils perl))
+    (home-page "https://github.com/speed47/spectre-meltdown-checker";)
+    (synopsis
+     "Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability /
+mitigation checker for Linux & BSD")
+    (description
+     "A shell script to assess your system's resilience against the several
+transient execution CVEs that were published since early 2018, and give you
+guidance as to how to mitigate them.")
+    (license license:gpl3)))
diff --git 
a/gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch
 
b/gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch
new file mode 100644
index 0000000000..afec52b418
--- /dev/null
+++ 
b/gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch
@@ -0,0 +1,26 @@
+From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001
+From: Hilton Chain <hako@ultrarare.space>
+Date: Sat, 5 Nov 2022 23:22:31 +0800
+Subject: [PATCH] Add support for Guix System kernel.
+
+---
+ spectre-meltdown-checker.sh | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
+index 248a444..855a090 100755
+--- a/spectre-meltdown-checker.sh
++++ b/spectre-meltdown-checker.sh
+@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
+               [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && 
opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
+               # NixOS:
+               [ -e "/run/booted-system/kernel" ] && 
opt_kernel="/run/booted-system/kernel"
++              # Guix System:
++              [ -e "/run/booted-system/kernel/bzImage" ] && 
opt_kernel="/run/booted-system/kernel/bzImage"
+               # systemd kernel-install:
+               [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat 
/etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat 
/etc/machine-id)/$(uname -r)/linux"
+               # Clear Linux:
+
+base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
+--
+2.38.0

base-commit: 2211f50ec1ebcf5f880454b4133ac40e41abac21
-- 
2.38.0