From patchwork Fri Jul  1 21:57:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: phodina <phodina@protonmail.com>
X-Patchwork-Id: 40460
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id B0EEC27BBEA; Fri,  1 Jul 2022 22:58:17 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 04ECD27BBE9
	for <patchwork@mira.cbaines.net>; Fri,  1 Jul 2022 22:58:17 +0100 (BST)
Received: from localhost ([::1]:58742 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>)
	id 1o7OeW-0004Gl-69
	for patchwork@mira.cbaines.net; Fri, 01 Jul 2022 17:58:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55076)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1o7OeI-0004GH-7h
 for guix-patches@gnu.org; Fri, 01 Jul 2022 17:58:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:45384)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1o7OeH-0002uH-Vd
 for guix-patches@gnu.org; Fri, 01 Jul 2022 17:58:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1o7OeH-0008MA-Ud
 for guix-patches@gnu.org; Fri, 01 Jul 2022 17:58:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#49898] [PATCH v6] gnu: Add spectre-meltdown-checker.
Resent-From: phodina <phodina@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 01 Jul 2022 21:58:01 +0000
Resent-Message-ID: <handler.49898.B49898.165671265532086@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 49898
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Liliana Marie Prikler <liliana.prikler@gmail.com>
Cc: 49898@debbugs.gnu.org
Received: via spool by 49898-submit@debbugs.gnu.org id=B49898.165671265532086
 (code B ref 49898); Fri, 01 Jul 2022 21:58:01 +0000
Received: (at 49898) by debbugs.gnu.org; 1 Jul 2022 21:57:35 +0000
Received: from localhost ([127.0.0.1]:39281 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1o7Odq-0008LR-EI
 for submit@debbugs.gnu.org; Fri, 01 Jul 2022 17:57:34 -0400
Received: from mail-40134.protonmail.ch ([185.70.40.134]:44253)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <phodina@protonmail.com>) id 1o7Odn-0008LA-RC
 for 49898@debbugs.gnu.org; Fri, 01 Jul 2022 17:57:33 -0400
Date: Fri, 01 Jul 2022 21:57:18 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1656712644; x=1656971844;
 bh=9paj4+6A5FEvabbMPc4AwDtvacSpiC6P/wMSe9QxYsk=;
 h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To:
 References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To:
 Feedback-ID:Message-ID;
 b=Ekq99Iz/QM6/wTqM3gjEeSJds8wHvc/MzEU/wqWBS5GZ0TBlwTHqA3Xoi+h/G/sBr
 S2fJs+STdtJnfwxvLUJ5sqcLQzVC4O5RaIkA4zjN+4c8PvQUjYjGbLQY7jtpML0EG4
 zp/85tc3Rg4u1G/v2E5tSTO3iuoGfiaIrfX7xG4kmoAGhgqE0YltABrRu1LAUbM2JY
 Mj4RxPnOKeZRV1RG4Kr2bqmo/+troYlr+Ph0xTcWDvN9tNaiTvnNx0i4GmKoKL1nSi
 J5X+wMZCNji3opXJS7L4noKHFHQv/8H5es4llbRNw4A/KqX+q6Q9Sh053AEiQRqLfh
 mqUTY0WG9fOmw==
Message-ID: 
 <1BotgVcf3T0nBoSMz6SX1q7rpoKPp5bWkKSJcPItI46rjJV4dH0mmSkw_VVmE2MSpj10jMiscrcQLejbOo7192u2AsScBrWklgnP09m_dg4=@protonmail.com>
In-Reply-To: 
 <MDXych3ebMv3NuAgJgpGtQ68v2qK_c7YCVZnGR0rVKkymTzHzqZ6um7eS_MVxV3Y862FQ2UVc7D5cQrsCxNkq4eu7tf9iYzcvxnxPPFqNbY=@protonmail.com>
References: 
 <ro6LEVb1lZX66TIhJRou2oJNVqkve4lPilQvbcIvlQSie3YYQHyNr4TGnW0etRRqv53uKAwAh2IbYG0FQFiH_exvAeqFq2I3zRBTqEYthMA=@protonmail.com>
 <0611f164235f06ffdfaa3eb4fa5a7915210df134.camel@gmail.com>
 <D2gPGa0WXCIsO76lbxLvD3cuk1oncyGtWwqd_v8_62noAYBvKmfbJdMv-TWoDeZak8S2pVhq1hHoG6hM6-JpwqLoIYK939aGeF7muZ0J3tw=@protonmail.com>
 <9fb60e57ba5ed684c5ad113c3b9861e7d2e922e0.camel@gmail.com>
 <MDXych3ebMv3NuAgJgpGtQ68v2qK_c7YCVZnGR0rVKkymTzHzqZ6um7eS_MVxV3Y862FQ2UVc7D5cQrsCxNkq4eu7tf9iYzcvxnxPPFqNbY=@protonmail.com>
Feedback-ID: 14143818:user:proton
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
Reply-to: phodina <phodina@protonmail.com>
X-ACL-Warn: ,  phodina via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: phodina via Guix-patches via <guix-patches@gnu.org>
From: phodina <phodina@protonmail.com>
X-getmail-retrieved-from-mailbox: Patches

Hi!

here's updated patch set:

- The version has been updated.
- It uses gexps.
- There are now 3 packages (intelfw and mcextractor are new).

There is the issue with Intel license. Not sure if it can be included.

The intelfw and mcextractor are used in the shell function update_fwdb. It might be better to create a patch, remove the download functionality and point it to /gnu/store for the package inputs. What do you think?

----
Petr

From 4ec64ebd0dbaed7de220a6d0bb6a1845060b7a51 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Thu, 5 Aug 2021 18:23:47 +0200
Subject: [PATCH v6 3/3] gnu: Add spectre-meltdown-checker.

* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5f634824bf..f9c7a0c93a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -154,6 +154,7 @@ (define-module (gnu packages linux)
   #:use-module (gnu packages video)
   #:use-module (gnu packages vulkan)
   #:use-module (gnu packages web)
+  #:use-module (gnu packages wget)
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xdisorg)
@@ -167,6 +168,7 @@ (define-module (gnu packages linux)
   #:use-module (guix build-system copy)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system go)
+  #:use-module (guix build-system copy)
   #:use-module (guix build-system meson)
   #:use-module (guix build-system python)
   #:use-module (guix build-system trivial)
@@ -8038,6 +8040,84 @@ (define-public mcextractor
 AMD, VIA and Freescale processor microcode binaries")
     (license license:bsd-2)))
 
+(define-public spectre-meltdown-checker
+  (package
+    (name "spectre-meltdown-checker")
+    (version "0.45")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/speed47/spectre-meltdown-checker")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+    (build-system copy-build-system)
+    (arguments
+     (list #:install-plan #~`(("spectre-meltdown-checker.sh"
+                             "bin/spectre-meltdown-checker.sh"))
+           #:phases #~(modify-phases %standard-phases
+                        (add-after 'unpack 'replace-paths
+                          (lambda* (#:key inputs #:allow-other-keys)
+                            (substitute* "spectre-meltdown-checker.sh"
+							(("mcedb_cache=") (string-append "mcedb_cache="
+							#$mcextractor "/share/MCE.db"))
+							(("intel_tmp=") (string-append "intel_tmp="
+                                    #$intelfw)))))
+                        (add-after 'install 'patch-paths
+                          (lambda* (#:key inputs #:allow-other-keys)
+                            (let ((paths (map (lambda (input)
+                                                (string-append (assoc-ref
+                                                                inputs input)
+                                                               "/bin"))
+                                              '("coreutils" "grep"
+                                                "util-linux"
+                                                "iucode-tool"
+                                                "util-linux-with-udev"
+                                                "gawk"
+                                                "gzip"
+                                                "lzop"
+                                                "lzop"
+                                                "perl"
+                                                "procps"
+                                                "sqlite"
+                                                "wget"
+                                                "which"
+                                                "xz"
+                                                "zstd"))))
+                                          (wrap-program (string-append #$output
+										  "/bin/spectre-meltdown-checker.sh")
+                                                        `("PATH" prefix
+                                                          ,paths))))))))
+    (inputs (list bash-minimal
+                  binutils
+                  coreutils
+                  gawk
+                  grep
+                  gzip
+                  iucode-tool
+                  intelfw
+                  lzop
+                  mcextractor
+                  perl
+                  procps
+                  sqlite
+                  unzip
+                  util-linux
+                  util-linux+udev
+                  wget
+                  which
+                  xz
+                  zstd))
+    (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+    (description
+     "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+    (home-page "https://github.com/speed47/spectre-meltdown-checker")
+    (license license:gpl3)))
+
 (define-public snapscreenshot
   (package
     (name "snapscreenshot")
-- 
2.36.1