[bug#49898,v6] gnu: Add spectre-meltdown-checker.
Commit Message
Hi!
here's updated patch set:
- The version has been updated.
- It uses gexps.
- There are now 3 packages (intelfw and mcextractor are new).
There is the issue with Intel license. Not sure if it can be included.
The intelfw and mcextractor are used in the shell function update_fwdb. It might be better to create a patch, remove the download functionality and point it to /gnu/store for the package inputs. What do you think?
----
Petr
Comments
Am Freitag, dem 01.07.2022 um 21:57 +0000 schrieb phodina:
> Hi!
>
> here's updated patch set:
>
> - The version has been updated.
> - It uses gexps.
> - There are now 3 packages (intelfw and mcextractor are new).
>
> There is the issue with Intel license. Not sure if it can be
> included.
I don't think it can. In my humble opinion, microcode counts as very
functional data and should thus be distributed under a free license.
mcextractor OTOH looks good to me, even if its main purpose is to
handle these binary blobs.
> The intelfw and mcextractor are used in the shell function
> update_fwdb. It might be better to create a patch, remove the
> download functionality and point it to /gnu/store for the package
> inputs. What do you think?
As already outlined, I think we should go with a "please provide your
firmware via command line option if you think that makes a difference"
approach, assuming unpatched firmware if none is passed. Since Guix
doesn't actually distribute any of Intel's or AMD's blobs, that is the
correct behaviour, both ethically and functionally.
Cheers
From 4ec64ebd0dbaed7de220a6d0bb6a1845060b7a51 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Thu, 5 Aug 2021 18:23:47 +0200
Subject: [PATCH v6 3/3] gnu: Add spectre-meltdown-checker.
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
@@ -154,6 +154,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages video)
#:use-module (gnu packages vulkan)
#:use-module (gnu packages web)
+ #:use-module (gnu packages wget)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xdisorg)
@@ -167,6 +168,7 @@ (define-module (gnu packages linux)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -8038,6 +8040,84 @@ (define-public mcextractor
AMD, VIA and Freescale processor microcode binaries")
(license license:bsd-2)))
+(define-public spectre-meltdown-checker
+ (package
+ (name "spectre-meltdown-checker")
+ (version "0.45")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+ (build-system copy-build-system)
+ (arguments
+ (list #:install-plan #~`(("spectre-meltdown-checker.sh"
+ "bin/spectre-meltdown-checker.sh"))
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'replace-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "spectre-meltdown-checker.sh"
+ (("mcedb_cache=") (string-append "mcedb_cache="
+ #$mcextractor "/share/MCE.db"))
+ (("intel_tmp=") (string-append "intel_tmp="
+ #$intelfw)))))
+ (add-after 'install 'patch-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((paths (map (lambda (input)
+ (string-append (assoc-ref
+ inputs input)
+ "/bin"))
+ '("coreutils" "grep"
+ "util-linux"
+ "iucode-tool"
+ "util-linux-with-udev"
+ "gawk"
+ "gzip"
+ "lzop"
+ "lzop"
+ "perl"
+ "procps"
+ "sqlite"
+ "wget"
+ "which"
+ "xz"
+ "zstd"))))
+ (wrap-program (string-append #$output
+ "/bin/spectre-meltdown-checker.sh")
+ `("PATH" prefix
+ ,paths))))))))
+ (inputs (list bash-minimal
+ binutils
+ coreutils
+ gawk
+ grep
+ gzip
+ iucode-tool
+ intelfw
+ lzop
+ mcextractor
+ perl
+ procps
+ sqlite
+ unzip
+ util-linux
+ util-linux+udev
+ wget
+ which
+ xz
+ zstd))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description
+ "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker")
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.36.1