[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#59053] [PATCH] gnu: Add spectre-meltdown-checker.
From: |
Liliana Marie Prikler |
Subject: |
[bug#59053] [PATCH] gnu: Add spectre-meltdown-checker. |
Date: |
Sat, 05 Nov 2022 17:45:41 +0100 |
User-agent: |
Evolution 3.46.0 |
merge 59053 49898
thanks
Hi Hilton,
thanks for the renewed interest in spectre-meltdown-checker. See the
other thread for a general discussion, but I'll repeat the most
important points.
Am Samstag, dem 05.11.2022 um 23:57 +0800 schrieb Hilton Chain:
> * gnu/packages/patches/spectre-meltdown-checker-support-guix-system-
> kernel.patch: New file.
> * gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
> * gnu/local.mk (dist_patch_DATA): Add it.
Note that "Add it" lost its context because the new variable is between
it and the file added.
> ---
> gnu/local.mk | 1 +
> gnu/packages/linux.scm | 41
> +++++++++++++++++++
> ...n-checker-support-guix-system-kernel.patch | 26 ++++++++++++
> 3 files changed, 68 insertions(+)
> create mode 100644 gnu/packages/patches/spectre-meltdown-checker-
> support-guix-system-kernel.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index eb6ac3df58..88c1fa6278 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -1848,6 +1848,7 @@ dist_patch_DATA
> = \
> %D%/packages/patches/syslinux-strip-gnu-property.patch \
> %D%/packages/patches/snappy-add-O2-flag-in-
> CmakeLists.txt.patch \
> %D%/packages/patches/snappy-add-inline-for-GCC.patch \
> + %D%/packages/patches/spectre-meltdown-checker-support-guix-system-
> kernel.patch \
> %D%/packages/patches/sphinxbase-fix-doxygen.patch \
> %D%/packages/patches/spice-vdagent-glib-2.68.patch \
> %D%/packages/patches/sssd-optional-systemd.patch \
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index cf11a7fc1b..db199869a7 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -9512,3 +9512,44 @@ (define-public tp-smapi-module
> @acronym{SMAPI, System Management Application Program Interface} and
> direct
> access to the embedded controller.")
> (license license:gpl2+)))
> +
> +(define-public spectre-meltdown-checker
> + (package
> + (name "spectre-meltdown-checker")
> + (version "0.45")
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url
> "https://github.com/speed47/spectre-meltdown-checker")
> + (commit (string-append "v" version))))
> + (file-name (git-file-name name version))
> + (patches
> + (search-patches
> + ;;
> https://github.com/speed47/spectre-meltdown-checker/pull/441
> + "spectre-meltdown-checker-support-guix-system-
> kernel.patch"))
> + (sha256
> + (base32
> +
> "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
> + (build-system copy-build-system)
> + (arguments
> + (list #:install-plan
> + #~'(("spectre-meltdown-checker.sh" "bin/spectre-meltdown-
> checker"))
> + #:phases
> + #~(modify-phases %standard-phases
> + (add-after 'unpack 'fixpath
> + (lambda* (#:key inputs #:allow-other-keys)
> + (substitute* "spectre-meltdown-checker.sh"
> + (("\\$\\{opt_arch_prefix\\}readelf")
> + (search-input-file inputs "/bin/readelf"))
> + (("perl")
> + (search-input-file inputs "/bin/perl"))))))))
I'm pretty sure readelf and perl are not the only commands invoked.
> + (inputs (list binutils perl))
> + (home-page
> "https://github.com/speed47/spectre-meltdown-checker")
> + (synopsis
> + "Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad
> vulnerability /
> +mitigation checker for Linux & BSD")
"for Linux & BSD" is gratuitous information imho.
As for the vulnerabilities listed in the synopsis surely there must be
a way of shortening that.
> + (description
> + "A shell script to assess your system's resilience against the
> several
> +transient execution CVEs that were published since early 2018, and
> give you
> +guidance as to how to mitigate them.")
Not a full sentence.
> + (license license:gpl3)))
> diff --git a/gnu/packages/patches/spectre-meltdown-checker-support-
> guix-system-kernel.patch b/gnu/packages/patches/spectre-meltdown-
> checker-support-guix-system-kernel.patch
> new file mode 100644
> index 0000000000..afec52b418
> --- /dev/null
> +++ b/gnu/packages/patches/spectre-meltdown-checker-support-guix-
> system-kernel.patch
> @@ -0,0 +1,26 @@
> +From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00
> 2001
> +From: Hilton Chain <hako@ultrarare.space>
> +Date: Sat, 5 Nov 2022 23:22:31 +0800
> +Subject: [PATCH] Add support for Guix System kernel.
> +
> +---
> + spectre-meltdown-checker.sh | 2 ++
> + 1 file changed, 2 insertions(+)
> +
> +diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-
> checker.sh
> +index 248a444..855a090 100755
> +--- a/spectre-meltdown-checker.sh
> ++++ b/spectre-meltdown-checker.sh
> +@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
> + [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
> ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
> + # NixOS:
> + [ -e "/run/booted-system/kernel" ] &&
> opt_kernel="/run/booted-system/kernel"
> ++ # Guix System:
> ++ [ -e "/run/booted-system/kernel/bzImage" ] &&
> opt_kernel="/run/booted-system/kernel/bzImage"
> + # systemd kernel-install:
> + [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat
> /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat
> /etc/machine-id)/$(uname -r)/linux"
> + # Clear Linux:
> +
> +base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
> +--
> +2.38.0
>
> base-commit: 2211f50ec1ebcf5f880454b4133ac40e41abac21
This patch LGTM.
Note that as discussed in the other thread, we'd also want the checker
to not download proprietary firmware. Could you adjust the package
accordingly?
Cheers
- [bug#59053] [PATCH] gnu: Add spectre-meltdown-checker., Hilton Chain, 2022/11/05
- [bug#59053] [PATCH] gnu: Add spectre-meltdown-checker.,
Liliana Marie Prikler <=
- [bug#59053] [PATCH v2] gnu: Add spectre-meltdown-checker., Hilton Chain, 2022/11/11
- [bug#59053] [PATCH v2] gnu: Add spectre-meltdown-checker., Liliana Marie Prikler, 2022/11/11
- [bug#59053] [PATCH v3] gnu: Add spectre-meltdown-checker., Hilton Chain, 2022/11/12
- [bug#59053] [PATCH v3] gnu: Add spectre-meltdown-checker., Liliana Marie Prikler, 2022/11/12
- [bug#59053] [PATCH v3] gnu: Add spectre-meltdown-checker., Hilton Chain, 2022/11/12
- [bug#59053] [PATCH v3] gnu: Add spectre-meltdown-checker., Liliana Marie Prikler, 2022/11/12
- [bug#59053] [PATCH v4] gnu: Add spectre-meltdown-checker., Hilton Chain, 2022/11/12
- [bug#59053] [PATCH v4] gnu: Add spectre-meltdown-checker., Liliana Marie Prikler, 2022/11/12
- [bug#59053] [PATCH v5] gnu: Add spectre-meltdown-checker., Hilton Chain, 2022/11/13
- bug#59053: [PATCH v5] gnu: Add spectre-meltdown-checker., Liliana Marie Prikler, 2022/11/13