Message ID | Ii5fCk64CrGnMUNdnAJUdN1GI8QDpCLu3mLvw-dnS01TTlAg8pGKJgdcHLnrmKwT9QkGEGSv1ez0nFWcy6rflvzxhKhXB7RkuXzKK-8v2LQ=@protonmail.com |
---|---|
State | New |
Headers | show |
Series | [bug#49898] gnu: Add spectre-meltdown-checker. | expand |
Context | Check | Description |
---|---|---|
cbaines/comparison | success | View comparision |
cbaines/git branch | success | View Git branch |
cbaines/applying patch | success | View Laminar job |
cbaines/issue | success | View issue |
Hi, Am Donnerstag, den 05.08.2021, 17:00 +0000 schrieb phodina: > * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. > > diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm > index 4ca2a386e1..f89f6f259e 100644 > --- a/gnu/packages/linux.scm > +++ b/gnu/packages/linux.scm > @@ -53,6 +53,7 @@ > ;;; Copyright © 2020 pukkamustard <pukkamustard@posteo.net> > ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com> > ;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru> > +;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com> > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -148,6 +149,7 @@ > #:use-module (guix build-system cmake) > #:use-module (guix build-system gnu) > #:use-module (guix build-system go) > + #:use-module (guix build-system copy) > #:use-module (guix build-system meson) > #:use-module (guix build-system python) > #:use-module (guix build-system trivial) > @@ -7191,6 +7193,44 @@ interfaces in parallel environments.") > (supported-systems '("i686-linux" "x86_64-linux")) > (license (list license:bsd-2 license:gpl2)))) ;dual > > +(define-public spectre-meltdown-checker > +(package > + (name "spectre-meltdown-checker") > + (version "v0.44") Version should be "0.44". > + (source (origin > + (method git-fetch) > + (uri (git-reference > + (url " > https://github.com/speed47/spectre-meltdown-checker") > + (commit version))) Use (string-append "v" version). > + (file-name (git-file-name name version)) > + (sha256 > + (base32 > + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam" > )))) > + (build-system copy-build-system) copy-build-system needs an install plan to be meaningful. > + (inputs `(("util-linux" ,util-linux) > + ("binutils" ,binutils))) > + (synopsis "Spectre, Meltdown ... vulnerability/mitigation > checker") > + (description "A shell script to assess your system's resilience > against > +the several transient execution CVEs that were published since early > 2018, "the several CVEs" is quite an obscure formulation if correct English. Just "several CVEs" should mean about the same while being more understandable. > +and give you guidance as to how to mitigate them. > +@enumerate > +@item Bounds Check Bypass > +@item Branch Target Injection > +@item Rogue Data Cache Load > +@item Rogue System Register Read > +@item Speculative Store Bypass > +@item L1 Terminal Fault (SGX, OS, VMM) > +@item Microarchitectural Store Buffer Data Sampling > +@item Microarchitectural Fill Buffer Data Sampling > +@item Microarchitectural Load Port Data Sampling > +@item Microarchitectural Data Sampling Uncacheable Memory > +@item TSX asynchronous abort > +@item Machine Mheck Exception on Page Size Changes > +@item Special Register Buffer Data Sampling > +@end enumerate") Not sure if we want to maintain this enumeration tbh. > + (home-page "https://github.com/speed47/spectre-meltdown-checker") > + (license license:gpl3))) Regards
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 4ca2a386e1..f89f6f259e 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -53,6 +53,7 @@ ;;; Copyright © 2020 pukkamustard <pukkamustard@posteo.net> ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com> ;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru> +;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -148,6 +149,7 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system go) + #:use-module (guix build-system copy) #:use-module (guix build-system meson) #:use-module (guix build-system python) #:use-module (guix build-system trivial) @@ -7191,6 +7193,44 @@ interfaces in parallel environments.") (supported-systems '("i686-linux" "x86_64-linux")) (license (list license:bsd-2 license:gpl2)))) ;dual +(define-public spectre-meltdown-checker +(package + (name "spectre-meltdown-checker") + (version "v0.44") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-checker") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam")))) + (build-system copy-build-system) + (inputs `(("util-linux" ,util-linux) + ("binutils" ,binutils))) + (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker") + (description "A shell script to assess your system's resilience against +the several transient execution CVEs that were published since early 2018, +and give you guidance as to how to mitigate them. +@enumerate +@item Bounds Check Bypass +@item Branch Target Injection +@item Rogue Data Cache Load +@item Rogue System Register Read +@item Speculative Store Bypass +@item L1 Terminal Fault (SGX, OS, VMM) +@item Microarchitectural Store Buffer Data Sampling +@item Microarchitectural Fill Buffer Data Sampling +@item Microarchitectural Load Port Data Sampling +@item Microarchitectural Data Sampling Uncacheable Memory +@item TSX asynchronous abort +@item Machine Mheck Exception on Page Size Changes +@item Special Register Buffer Data Sampling +@end enumerate") + (home-page "https://github.com/speed47/spectre-meltdown-checker") + (license license:gpl3))) + (define-public snapscreenshot (package (name "snapscreenshot")