From patchwork Sat Sep 18 15:25:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: phodina X-Patchwork-Id: 33124 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C5BC727BBE3; Sat, 18 Sep 2021 16:27:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 35E3C27BBE1 for ; Sat, 18 Sep 2021 16:27:10 +0100 (BST) Received: from localhost ([::1]:54884 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mRcFB-0006fk-6H for patchwork@mira.cbaines.net; Sat, 18 Sep 2021 11:27:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59666) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mRcF4-0006fb-8L for guix-patches@gnu.org; Sat, 18 Sep 2021 11:27:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:53153) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mRcF4-0005zL-1X for guix-patches@gnu.org; Sat, 18 Sep 2021 11:27:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mRcF3-00034B-Ql for guix-patches@gnu.org; Sat, 18 Sep 2021 11:27:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#49898] [PATCH v4] gnu: Add spectre-meltdown-checker. References: In-Reply-To: Resent-From: phodina Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 18 Sep 2021 15:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49898 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Prikler Cc: 49898@debbugs.gnu.org Received: via spool by 49898-submit@debbugs.gnu.org id=B49898.163197876711721 (code B ref 49898); Sat, 18 Sep 2021 15:27:01 +0000 Received: (at 49898) by debbugs.gnu.org; 18 Sep 2021 15:26:07 +0000 Received: from localhost ([127.0.0.1]:36466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mRcEA-00032z-GT for submit@debbugs.gnu.org; Sat, 18 Sep 2021 11:26:07 -0400 Received: from mail-4323.protonmail.ch ([185.70.43.23]:25748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mRcE0-00032M-Dd for 49898@debbugs.gnu.org; Sat, 18 Sep 2021 11:26:05 -0400 Date: Sat, 18 Sep 2021 15:25:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1631978749; bh=0Zh/NoeyOj+U0fqkWg0YeIwtu4VKCG4lmfs89P24Nfo=; h=Date:To:From:Cc:Reply-To:Subject:From; b=MaIa3Na/FI1bN8h22HqsIMgQEl4ZRdgcuRkaSqtySBVjqtE2dS/cSRUowuD3GFIEO bor//uB1kDxhHn3JoPwQBBZRFVhed2yO6oBd3+VioEEh9iB6TIybKh+c5ZgY5Q3ZT3 sRJ+9LfR9nVa+XlDnGr9BM7xQ75qjZg3NMJj7pqg= Message-ID: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" Reply-to: phodina X-ACL-Warn: , phodina via Guix-patches X-Patchwork-Original-From: phodina via Guix-patches via From: phodina X-getmail-retrieved-from-mailbox: Patches Hi Leo, I've substituted most of the commands. The only commands at the moment are echo and printf. I haven't found regexp that would work as they are text is also used for variables. Otherwise the rest of the commands should be covered. --8<---------------cut here---------------start------------->8-- * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. --- 2.32.0 diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 46c9f817a8..905048a5be 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -53,6 +53,7 @@ ;;; Copyright © 2020 pukkamustard ;;; Copyright © 2021 B. Wilson ;;; Copyright © 2021 Ivan Gankevich +;;; Copyright © 2021 Petr Hodina ;;; ;;; This file is part of GNU Guix. ;;; @@ -138,6 +139,7 @@ #:use-module (gnu packages video) #:use-module (gnu packages vulkan) #:use-module (gnu packages web) + #:use-module (gnu packages wget) #:use-module (gnu packages xiph) #:use-module (gnu packages xml) #:use-module (gnu packages xdisorg) @@ -149,6 +151,7 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system go) + #:use-module (guix build-system copy) #:use-module (guix build-system meson) #:use-module (guix build-system python) #:use-module (guix build-system trivial) @@ -7372,6 +7375,93 @@ interfaces in parallel environments.") (supported-systems '("i686-linux" "x86_64-linux")) (license (list license:bsd-2 license:gpl2)))) ;dual +(define-public spectre-meltdown-checker + (package + (name "spectre-meltdown-checker") + (version "0.44") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-checker") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam")))) + (build-system copy-build-system) + (arguments + `(#:install-plan '(("spectre-meltdown-checker.sh" + "bin/spectre-meltdown-checker.sh")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-relative-locations + (lambda* (#:key outputs #:allow-other-keys) + (let ((icoreutils (assoc-ref %build-inputs "coreutils")) + (igrep (assoc-ref %build-inputs "grep")) + (iutil-linux (assoc-ref %build-inputs "util-linux")) + (iutil-linux-with-udev + (assoc-ref %build-inputs "util-linux-with-udev")) + (igawk (assoc-ref %build-inputs "gawk")) + (igzip (assoc-ref %build-inputs "gzip")) + (iunzip (assoc-ref %build-inputs "unzip")) + (ilzop (assoc-ref %build-inputs "lzop")) + (iperl (assoc-ref %build-inputs "perl")) + (iprocps (assoc-ref %build-inputs "procps")) + (isqlite (assoc-ref %build-inputs "sqlite")) + (iwget (assoc-ref %build-inputs "wget")) + (iwhich (assoc-ref %build-inputs "which")) + (ixz (assoc-ref %build-inputs "xz")) + (izstd (assoc-ref %build-inputs "zstd"))) + (substitute* "spectre-meltdown-checker.sh" + ; TODO: Find regexp what will work + ;(("echo") (string-append icoreutils "/bin/echo")) + ;(("printf") (string-append icoreutils "/bin/printf")) + (("dirname") (string-append icoreutils "/bin/dirname")) + (("cat") (string-append icoreutils "/bin/cat")) + (("grep[ ]+") (string-append igrep "/bin/grep ")) + (("cut") (string-append icoreutils "/bin/cut")) + (("mktemp") (string-append icoreutils "/bin/mktemp")) + (("stat[ ]+") (string-append icoreutils "/bin/stat " )) + (("tail[ ]+") (string-append icoreutils "/bin/tail " )) + (("head[ ]+") (string-append icoreutils "/bin/head " )) + (("mount[ ]+") "/run/setuid-programs/mount ") + (("modprobe") (string-append iutil-linux "/bin/modprobe")) + (("dd") (string-append icoreutils "/bin/dd")) + (("dmesg[ ]+") (string-append iutil-linux-with-udev "/bin/dmesg ")) + (("awk") (string-append igawk "/bin/awk")) + (("gzip") (string-append igzip "/bin/gzip")) + (("unzip") (string-append iunzip "/bin/unzip")) + (("lzop") (string-append ilzop "/bin/lzop")) + (("perl") (string-append iperl "/bin/perl")) + (("ps[ ]+") (string-append iprocps "/bin/ps ")) + (("sqlite3") (string-append isqlite "/bin/sqlite3")) + (("wget") (string-append iwget "/bin/wget")) + (("which") (string-append iwhich "/bin/which")) + (("xz") (string-append ixz "/bin/xz")) + (("zstd") (string-append izstd "/bin/zstd"))))))))) + (inputs `(("binutils" ,binutils) + ("coreutils",coreutils) + ("gawk" ,gawk) + ("grep" ,grep) + ("gzip" ,gzip) + ("unzip" ,unzip) + ("lzop" ,lzop) + ("perl" ,perl) + ("procps" ,procps) + ("sqlite" ,sqlite) + ("util-linux" ,util-linux) + ("util-linux-with-udev" ,util-linux+udev) + ("wget" ,wget) + ("which" ,which) + ("xz" ,xz) + ("zstd" ,zstd))) + (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker") + (description "A shell script to assess your system's resilience against +the several transient execution CVEs that were published since early 2018, +and give you guidance as to how to mitigate them.") + (home-page "https://github.com/speed47/spectre-meltdown-checker") + (license license:gpl3))) + (define-public snapscreenshot (package (name "snapscreenshot")