From patchwork Tue Dec 7 22:04:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: phodina X-Patchwork-Id: 35010 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8F2DC27BBEA; Tue, 7 Dec 2021 22:05:31 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id AB24A27BBE9 for ; Tue, 7 Dec 2021 22:05:30 +0000 (GMT) Received: from localhost ([::1]:54864 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1muiaX-0001Dz-Ny for patchwork@mira.cbaines.net; Tue, 07 Dec 2021 17:05:29 -0500 Received: from eggs.gnu.org ([209.51.188.92]:59304) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1muia7-0001DW-Gu for guix-patches@gnu.org; Tue, 07 Dec 2021 17:05:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:55582) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1muia5-0000v3-QS for guix-patches@gnu.org; Tue, 07 Dec 2021 17:05:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1muia5-0000or-LW for guix-patches@gnu.org; Tue, 07 Dec 2021 17:05:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#49898] [PATCH v5] gnu: Add spectre-meltdown-checker. Resent-From: phodina Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 07 Dec 2021 22:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49898 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: 49898@debbugs.gnu.org Received: via spool by 49898-submit@debbugs.gnu.org id=B49898.16389146863116 (code B ref 49898); Tue, 07 Dec 2021 22:05:01 +0000 Received: (at 49898) by debbugs.gnu.org; 7 Dec 2021 22:04:46 +0000 Received: from localhost ([127.0.0.1]:38893 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1muiZp-0000oB-9P for submit@debbugs.gnu.org; Tue, 07 Dec 2021 17:04:45 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]:23103) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1muiZm-0000nt-Rj for 49898@debbugs.gnu.org; Tue, 07 Dec 2021 17:04:44 -0500 Date: Tue, 07 Dec 2021 22:04:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail2; t=1638914675; bh=ZESTbqhiemllbwUkafnrNDnbF6nBFu62WLpOWBeybX8=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:From:To:Cc; b=rD+uRNn5CBEt0nQXP0W/Re7H21OI9hHHdR5AVCP8BeYp2jldhX8lXNSElru1uQYsp lWxCJxrNJxSd7ID1I7E9N4IaJJGGALPZcyBqHAkTvJTsfNhfV6PAv8LYoE3G31RL2m QcIb4ogw5iADBbNcSj7XbzqaswD/o2YcI5Z+wTsQVW6/o+um9Bw/4H9H9+tsUdUE1E U5Jm9mdlC0UbGnaKFx4g4q9I9alTODMAWmCbjw7S2P5D0ZGT9RGBmHKvTPlp0jgtaB jmoGyCo7oBGEJtRTjz6tWCaACT9A72mSGLAnRY+EmhyRGWwsRdKU7SEp4Rt+WDmzPz YYaC2/22gEe9A== Message-ID: In-Reply-To: <0611f164235f06ffdfaa3eb4fa5a7915210df134.camel@gmail.com> References: <0611f164235f06ffdfaa3eb4fa5a7915210df134.camel@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" Reply-to: phodina X-ACL-Warn: , phodina via Guix-patches X-Patchwork-Original-From: phodina via Guix-patches via From: phodina X-getmail-retrieved-from-mailbox: Patches Hi Liliana, > Hi Petr, > > Am Samstag, den 18.09.2021, 15:25 +0000 schrieb phodina: > > > [...] > > > - (add-after 'unpack 'fix-relative-locations > > > > > > - (lambda* (#:key outputs #:allow-other-keys) > > > > > > - (let ((icoreutils (assoc-ref %build-inputs > > > > > > > > "coreutils")) > > > > - (igrep (assoc-ref %build-inputs "grep")) > > > > > > - (iutil-linux (assoc-ref %build-inputs "util- > > > > > > > > linux")) > > > > - (iutil-linux-with-udev > > > > > > - (assoc-ref %build-inputs "util-linux-with- > > > > > > > > udev")) > > > > - (igawk (assoc-ref %build-inputs "gawk")) > > > > > > - (igzip (assoc-ref %build-inputs "gzip")) > > > > > > - (iunzip (assoc-ref %build-inputs "unzip")) > > > > > > - (ilzop (assoc-ref %build-inputs "lzop")) > > > > > > - (iperl (assoc-ref %build-inputs "perl")) > > > > > > - (iprocps (assoc-ref %build-inputs "procps")) > > > > > > - (isqlite (assoc-ref %build-inputs "sqlite")) > > > > > > - (iwget (assoc-ref %build-inputs "wget")) > > > > > > - (iwhich (assoc-ref %build-inputs "which")) > > > > > > - (ixz (assoc-ref %build-inputs "xz")) > > > > > > - (izstd (assoc-ref %build-inputs "zstd"))) > > > > > > I don't think Hungarian notation is very helpful here. > > > - (substitute* "spectre-meltdown-checker.sh" > > > > > > - ; TODO: Find regexp what will work > > > > > > - ;(("echo") (string-append icoreutils "/bin/echo")) > > > > > > - ;(("printf") (string-append icoreutils > > > > > > > > "/bin/printf")) > > There are multiple ways of handling this, but I thing the best one > > would be to substitute both `command -v printf' and` which echo' with > > the path to false, then match the line > > [ -z "$echo_cmd" ] && echo_cmd='echo' > > and instead put there > > echo_cmd_type='printf' > > echo_cmd=(path-to "/bin/printf") > > > - (("dirname") (string-append icoreutils > > > > > > > > "/bin/dirname")) > > > > - (("cat") (string-append icoreutils "/bin/cat")) > > > > > > - (("grep[ ]+") (string-append igrep "/bin/grep ")) > > > > > > - (("cut") (string-append icoreutils "/bin/cut")) > > > > > > - (("mktemp") (string-append icoreutils > > > > > > > > "/bin/mktemp")) > > > > - (("stat[ ]+") (string-append icoreutils "/bin/stat > > > > > > > > " )) > > > > - (("tail[ ]+") (string-append icoreutils "/bin/tail > > > > > > > > " )) > > > > - (("head[ ]+") (string-append icoreutils "/bin/head > > > > > > > > " )) > > > > - (("mount[ ]+") "/run/setuid-programs/mount ") > > > > > > - (("modprobe") (string-append iutil-linux > > > > > > > > "/bin/modprobe")) > > > > - (("dd") (string-append icoreutils "/bin/dd")) > > > > > > - (("dmesg[ ]+") (string-append iutil-linux-with-udev > > > > > > > > "/bin/dmesg ")) > > > > - (("awk") (string-append igawk "/bin/awk")) > > > > > > - (("gzip") (string-append igzip "/bin/gzip")) > > > > > > - (("unzip") (string-append iunzip "/bin/unzip")) > > > > > > - (("lzop") (string-append ilzop "/bin/lzop")) > > > > > > - (("perl") (string-append iperl "/bin/perl")) > > > > > > - (("ps[ ]+") (string-append iprocps "/bin/ps ")) > > > > > > - (("sqlite3") (string-append isqlite > > > > > > > > "/bin/sqlite3")) > > > > - (("wget") (string-append iwget "/bin/wget")) > > > > > > - (("which") (string-append iwhich "/bin/which")) > > > > > > - (("xz") (string-append ixz "/bin/xz")) > > > > > > - (("zstd") (string-append izstd "/bin/zstd"))))))))) > > > > > > Group those that need spaces and those that don't together, with an > > explanation as to why those two groups exist. > > > - (inputs `(("binutils" ,binutils) > > - ("coreutils",coreutils) > > > > > > - ("gawk" ,gawk) > > > > > > - ("grep" ,grep) > > > > > > - ("gzip" ,gzip) > > > > > > - ("unzip" ,unzip) > > > > > > - ("lzop" ,lzop) > > > > > > - ("perl" ,perl) > > > > > > - ("procps" ,procps) > > > > > > - ("sqlite" ,sqlite) > > > > > > - ("util-linux" ,util-linux) > > > > > > - ("util-linux-with-udev" ,util-linux+udev) > > > > > > Why both? > > > - ("wget" ,wget) > > > > > > - ("which" ,which) > > > > > > - ("xz" ,xz) > > > > > > - ("zstd" ,zstd))) > > > > > > - (synopsis "Spectre, Meltdown ... vulnerability/mitigation > > > > checker") > > - (description "A shell script to assess your system's resilience > > > > against > > > > +the several transient execution CVEs that were published since early > > > > 2018, > > > > +and give you guidance as to how to mitigate them.") > > - (home-page "https://github.com/speed47/spectre-meltdown-checker" > > > > ) > > - (license license:gpl3))) > > > > (define-public snapscreenshot > > > > (package > > > > (name "snapscreenshot") > > ---------------------------------------------------------------- > > > > 2.32.0 I've used the wrap-program as an alternative to the your suggested solution. Going through the program there is a function update_fwdb [1] that downloads and updates database files when the script is executed with the --update-fwdb argument. I've added both files [2][3] in question to the lists of inputs. However, since they are supposed to be updated at runtime (stored in $HOME) I don't know to represent this in the package definition. Could you please suggest how to proceed? ---- Petr [1] https://github.com/speed47/spectre-meltdown-checker/blob/master/spectre-meltdown-checker.sh#L838 [2] https://github.com/platomav/MCExtractor/raw/master/MCE.db [3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip From 83a93beffb9e4493c361d126fdb7564c662525c7 Mon Sep 17 00:00:00 2001 From: Petr Hodina Date: Thu, 5 Aug 2021 18:23:47 +0200 Subject: [PATCH v5] gnu: Add spectre-meltdown-checker. * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 03e84a0a79..19999ef8e0 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -53,6 +53,7 @@ ;;; Copyright © 2021 B. Wilson ;;; Copyright © 2021 Ivan Gankevich ;;; Copyright © 2021 Olivier Dion +;;; Copyright © 2021 Petr Hodina ;;; ;;; This file is part of GNU Guix. ;;; @@ -139,6 +140,7 @@ (define-module (gnu packages linux) #:use-module (gnu packages video) #:use-module (gnu packages vulkan) #:use-module (gnu packages web) + #:use-module (gnu packages wget) #:use-module (gnu packages xiph) #:use-module (gnu packages xml) #:use-module (gnu packages xdisorg) @@ -150,6 +152,7 @@ (define-module (gnu packages linux) #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system go) + #:use-module (guix build-system copy) #:use-module (guix build-system meson) #:use-module (guix build-system python) #:use-module (guix build-system trivial) @@ -7325,6 +7328,81 @@ (define-public psm (supported-systems '("i686-linux" "x86_64-linux")) (license (list license:bsd-2 license:gpl2)))) ;dual +(define-public spectre-meltdown-checker + (package + (name "spectre-meltdown-checker") + (version "0.44") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-checker") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam")))) + (build-system copy-build-system) + (arguments + `(#:install-plan '(("spectre-meltdown-checker.sh" + "bin/spectre-meltdown-checker.sh")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'unzip-intelfw + (lambda* (#:key inputs #:allow-other-keys) + (invoke "unzip" (assoc-ref inputs "intelfw")))) + (add-after 'install 'patch-paths + (lambda* (#:key inputs #:allow-other-keys) + (let ((out (assoc-ref %outputs "out")) + (paths (map + (lambda (input) + (string-append (assoc-ref inputs input) "/bin")) + '("coreutils" "grep" "util-linux" "iucode-tool" + "util-linux-with-udev" "gawk" "gzip" "lzop" + "lzop" "perl" "procps" "sqlite" "wget" "which" "xz" "zstd")))) + (for-each + (lambda (program) + (wrap-program + (string-append out "/" program) + `("PATH" prefix ,paths))) + '("bin/spectre-meltdown-checker.sh")))))))) + (inputs `(("binutils" ,binutils) + ("coreutils",coreutils) + ("gawk" ,gawk) + ("grep" ,grep) + ("gzip" ,gzip) + ("intelfw", (origin + (method url-fetch) + (uri + "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip") + (sha256 + (base32 + "1zpf1h864f9lqdjf867xg5cw3xpq4l335g7dqpyl2zhb13kk0dhy")))) + ("iucode-tool" ,iucode-tool) + ("lzop" ,lzop) + ("mcedb", (origin + (method url-fetch) + (uri "https://github.com/platomav/MCExtractor/raw/master/MCE.db") + (sha256 + (base32 + "1lms4q6g17jz7pqvl8fcbpbsxxz84nax18zhn9b532svldxg7gh2")))) + ("perl" ,perl) + ("procps" ,procps) + ("sqlite" ,sqlite) + ("unzip" ,unzip) + ("util-linux" ,util-linux) + ("util-linux-with-udev" ,util-linux+udev) + ("wget" ,wget) + ("which" ,which) + ("xz" ,xz) + ("zstd" ,zstd))) + (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker") + (description "A shell script to assess your system's resilience against +the several transient execution CVEs that were published since early 2018, +and give you guidance as to how to mitigate them.") + (home-page "https://github.com/speed47/spectre-meltdown-checker") + (license license:gpl3))) + (define-public snapscreenshot (package (name "snapscreenshot") -- 2.34.0