Message ID | 3xoFvRtUq0ydTy_fT8l5k0jlZhvtRTdSW107c9FiBmSCvQtXUapBOqbJkTEYJtGQrlcc9RcmOSdvqayP_lMcYc71m4squo4DReV_zFEt-00=@protonmail.com |
---|---|
State | New |
Headers | show |
Series | [bug#49898,v2] gnu: Add spectre-meltdown-checker. | expand |
Context | Check | Description |
---|---|---|
cbaines/comparison | success | View comparision |
cbaines/git branch | success | View Git branch |
cbaines/applying patch | success | View Laminar job |
cbaines/issue | success | View issue |
Hi, Am Samstag, den 07.08.2021, 09:04 +0000 schrieb phodina: > Thanks Leo for the suggestions! > ------------------- > * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. > > diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm > index 4ca2a386e1..3529fa02e2 100644 > --- a/gnu/packages/linux.scm > +++ b/gnu/packages/linux.scm > @@ -53,6 +53,7 @@ > ;;; Copyright © 2020 pukkamustard <pukkamustard@posteo.net> > ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com> > ;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru> > +;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com> > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -148,6 +149,7 @@ > #:use-module (guix build-system cmake) > #:use-module (guix build-system gnu) > #:use-module (guix build-system go) > + #:use-module (guix build-system copy) > #:use-module (guix build-system meson) > #:use-module (guix build-system python) > #:use-module (guix build-system trivial) > @@ -7191,6 +7193,32 @@ interfaces in parallel environments.") > (supported-systems '("i686-linux" "x86_64-linux")) > (license (list license:bsd-2 license:gpl2)))) ;dual > > +(define-public spectre-meltdown-checker > +(package > + (name "spectre-meltdown-checker") > + (version "0.44") > + (source (origin > + (method git-fetch) > + (uri (git-reference > + (url " > https://github.com/speed47/spectre-meltdown-checker") > + (commit (string-append "v" version)))) > + (file-name (git-file-name name version)) > + (sha256 > + (base32 > + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam" > )))) > + (build-system copy-build-system) > + (arguments > + `(#:install-plan '(("spectre-meltdown-checker.sh" > + "bin/spectre-meltdown-checker.sh")))) > + (inputs `(("util-linux" ,util-linux) > + ("binutils" ,binutils))) We typically sort inputs alphabetically. > + (synopsis "Spectre, Meltdown ... vulnerability/mitigation > checker") > + (description "A shell script to assess your system's resilience > against > +the several transient execution CVEs that were published since early > 2018, > +and give you guidance as to how to mitigate them.") > + (home-page "https://github.com/speed47/spectre-meltdown-checker") > + (license license:gpl3))) This looks better, but after running the checker in a few configurations (it doesn't appear to make a difference whether with or without root, but judging from the papers some attacks would require sudo) I've noticed that commands are insufficiently hardcoded. For instance, the check for Spectre Variant 1 requires perl, which is not available and the line stating so is hidden well among a large wall of output. Likewise, I don't think simply including binutils does anything, you'll have to patch those in as well if you want them. Regards,
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 4ca2a386e1..3529fa02e2 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -53,6 +53,7 @@ ;;; Copyright © 2020 pukkamustard <pukkamustard@posteo.net> ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com> ;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru> +;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -148,6 +149,7 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system go) + #:use-module (guix build-system copy) #:use-module (guix build-system meson) #:use-module (guix build-system python) #:use-module (guix build-system trivial) @@ -7191,6 +7193,32 @@ interfaces in parallel environments.") (supported-systems '("i686-linux" "x86_64-linux")) (license (list license:bsd-2 license:gpl2)))) ;dual +(define-public spectre-meltdown-checker +(package + (name "spectre-meltdown-checker") + (version "0.44") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-checker") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam")))) + (build-system copy-build-system) + (arguments + `(#:install-plan '(("spectre-meltdown-checker.sh" + "bin/spectre-meltdown-checker.sh")))) + (inputs `(("util-linux" ,util-linux) + ("binutils" ,binutils))) + (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker") + (description "A shell script to assess your system's resilience against +the several transient execution CVEs that were published since early 2018, +and give you guidance as to how to mitigate them.") + (home-page "https://github.com/speed47/spectre-meltdown-checker") + (license license:gpl3))) + (define-public snapscreenshot (package (name "snapscreenshot")