From: phodina via Guix-patches via <guix-patches@gnu.org>
To: Liliana Marie Prikler <liliana.prikler@gmail.com>
Cc: 49898@debbugs.gnu.org
Subject: [bug#49898] [PATCH v5] gnu: Add spectre-meltdown-checker.
Date: Tue, 07 Dec 2021 22:04:31 +0000 [thread overview]
Message-ID: <D2gPGa0WXCIsO76lbxLvD3cuk1oncyGtWwqd_v8_62noAYBvKmfbJdMv-TWoDeZak8S2pVhq1hHoG6hM6-JpwqLoIYK939aGeF7muZ0J3tw=@protonmail.com> (raw)
In-Reply-To: <0611f164235f06ffdfaa3eb4fa5a7915210df134.camel@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 6759 bytes --]
Hi Liliana,
> Hi Petr,
>
> Am Samstag, den 18.09.2021, 15:25 +0000 schrieb phodina:
>
> > [...]
>
> > - (add-after 'unpack 'fix-relative-locations
> >
> >
> > - (lambda* (#:key outputs #:allow-other-keys)
> >
> >
> > - (let ((icoreutils (assoc-ref %build-inputs
> >
> >
> >
> > "coreutils"))
> >
> > - (igrep (assoc-ref %build-inputs "grep"))
> >
> >
> > - (iutil-linux (assoc-ref %build-inputs "util-
> >
> >
> >
> > linux"))
> >
> > - (iutil-linux-with-udev
> >
> >
> > - (assoc-ref %build-inputs "util-linux-with-
> >
> >
> >
> > udev"))
> >
> > - (igawk (assoc-ref %build-inputs "gawk"))
> >
> >
> > - (igzip (assoc-ref %build-inputs "gzip"))
> >
> >
> > - (iunzip (assoc-ref %build-inputs "unzip"))
> >
> >
> > - (ilzop (assoc-ref %build-inputs "lzop"))
> >
> >
> > - (iperl (assoc-ref %build-inputs "perl"))
> >
> >
> > - (iprocps (assoc-ref %build-inputs "procps"))
> >
> >
> > - (isqlite (assoc-ref %build-inputs "sqlite"))
> >
> >
> > - (iwget (assoc-ref %build-inputs "wget"))
> >
> >
> > - (iwhich (assoc-ref %build-inputs "which"))
> >
> >
> > - (ixz (assoc-ref %build-inputs "xz"))
> >
> >
> > - (izstd (assoc-ref %build-inputs "zstd")))
> >
> >
>
> I don't think Hungarian notation is very helpful here.
>
> > - (substitute* "spectre-meltdown-checker.sh"
> >
> >
> > - ; TODO: Find regexp what will work
> >
> >
> > - ;(("echo") (string-append icoreutils "/bin/echo"))
> >
> >
> > - ;(("printf") (string-append icoreutils
> >
> >
> >
> > "/bin/printf"))
>
> There are multiple ways of handling this, but I thing the best one
>
> would be to substitute both `command -v printf' and` which echo' with
>
> the path to false, then match the line
>
> [ -z "$echo_cmd" ] && echo_cmd='echo'
>
> and instead put there
>
> echo_cmd_type='printf'
>
> echo_cmd=(path-to "/bin/printf")
>
> > - (("dirname") (string-append icoreutils
> >
> >
> >
> > "/bin/dirname"))
> >
> > - (("cat") (string-append icoreutils "/bin/cat"))
> >
> >
> > - (("grep[ ]+") (string-append igrep "/bin/grep "))
> >
> >
> > - (("cut") (string-append icoreutils "/bin/cut"))
> >
> >
> > - (("mktemp") (string-append icoreutils
> >
> >
> >
> > "/bin/mktemp"))
> >
> > - (("stat[ ]+") (string-append icoreutils "/bin/stat
> >
> >
> >
> > " ))
> >
> > - (("tail[ ]+") (string-append icoreutils "/bin/tail
> >
> >
> >
> > " ))
> >
> > - (("head[ ]+") (string-append icoreutils "/bin/head
> >
> >
> >
> > " ))
> >
> > - (("mount[ ]+") "/run/setuid-programs/mount ")
> >
> >
> > - (("modprobe") (string-append iutil-linux
> >
> >
> >
> > "/bin/modprobe"))
> >
> > - (("dd") (string-append icoreutils "/bin/dd"))
> >
> >
> > - (("dmesg[ ]+") (string-append iutil-linux-with-udev
> >
> >
> >
> > "/bin/dmesg "))
> >
> > - (("awk") (string-append igawk "/bin/awk"))
> >
> >
> > - (("gzip") (string-append igzip "/bin/gzip"))
> >
> >
> > - (("unzip") (string-append iunzip "/bin/unzip"))
> >
> >
> > - (("lzop") (string-append ilzop "/bin/lzop"))
> >
> >
> > - (("perl") (string-append iperl "/bin/perl"))
> >
> >
> > - (("ps[ ]+") (string-append iprocps "/bin/ps "))
> >
> >
> > - (("sqlite3") (string-append isqlite
> >
> >
> >
> > "/bin/sqlite3"))
> >
> > - (("wget") (string-append iwget "/bin/wget"))
> >
> >
> > - (("which") (string-append iwhich "/bin/which"))
> >
> >
> > - (("xz") (string-append ixz "/bin/xz"))
> >
> >
> > - (("zstd") (string-append izstd "/bin/zstd")))))))))
> >
> >
>
> Group those that need spaces and those that don't together, with an
>
> explanation as to why those two groups exist.
>
> > - (inputs `(("binutils" ,binutils)
> > - ("coreutils",coreutils)
> >
> >
> > - ("gawk" ,gawk)
> >
> >
> > - ("grep" ,grep)
> >
> >
> > - ("gzip" ,gzip)
> >
> >
> > - ("unzip" ,unzip)
> >
> >
> > - ("lzop" ,lzop)
> >
> >
> > - ("perl" ,perl)
> >
> >
> > - ("procps" ,procps)
> >
> >
> > - ("sqlite" ,sqlite)
> >
> >
> > - ("util-linux" ,util-linux)
> >
> >
> > - ("util-linux-with-udev" ,util-linux+udev)
> >
> >
>
> Why both?
>
> > - ("wget" ,wget)
> >
> >
> > - ("which" ,which)
> >
> >
> > - ("xz" ,xz)
> >
> >
> > - ("zstd" ,zstd)))
> >
> >
> > - (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> >
> > checker")
> > - (description "A shell script to assess your system's resilience
> >
> > against
> >
> > +the several transient execution CVEs that were published since early
> >
> > 2018,
> >
> > +and give you guidance as to how to mitigate them.")
> > - (home-page "https://github.com/speed47/spectre-meltdown-checker"
> >
> > )
> > - (license license:gpl3)))
> >
> > (define-public snapscreenshot
> >
> > (package
> >
> > (name "snapscreenshot")
> > ----------------------------------------------------------------
> >
> > 2.32.0
I've used the wrap-program as an alternative to the your suggested solution.
Going through the program there is a function update_fwdb [1] that downloads and updates database files when the script is executed with the --update-fwdb argument.
I've added both files [2][3] in question to the lists of inputs.
However, since they are supposed to be updated at runtime (stored in $HOME) I don't know to represent this in the package definition.
Could you please suggest how to proceed?
----
Petr
[1] https://github.com/speed47/spectre-meltdown-checker/blob/master/spectre-meltdown-checker.sh#L838
[2] https://github.com/platomav/MCExtractor/raw/master/MCE.db
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: v5-0001-gnu-Add-spectre-meltdown-checker.patch --]
[-- Type: text/x-patch; name=v5-0001-gnu-Add-spectre-meltdown-checker.patch, Size: 5008 bytes --]
From 83a93beffb9e4493c361d126fdb7564c662525c7 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Thu, 5 Aug 2021 18:23:47 +0200
Subject: [PATCH v5] gnu: Add spectre-meltdown-checker.
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 03e84a0a79..19999ef8e0 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -53,6 +53,7 @@
;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru>
;;; Copyright © 2021 Olivier Dion <olivier.dion@polymtl.ca>
+;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -139,6 +140,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages video)
#:use-module (gnu packages vulkan)
#:use-module (gnu packages web)
+ #:use-module (gnu packages wget)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xdisorg)
@@ -150,6 +152,7 @@ (define-module (gnu packages linux)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -7325,6 +7328,81 @@ (define-public psm
(supported-systems '("i686-linux" "x86_64-linux"))
(license (list license:bsd-2 license:gpl2)))) ;dual
+(define-public spectre-meltdown-checker
+ (package
+ (name "spectre-meltdown-checker")
+ (version "0.44")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"))))
+ (build-system copy-build-system)
+ (arguments
+ `(#:install-plan '(("spectre-meltdown-checker.sh"
+ "bin/spectre-meltdown-checker.sh"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'unzip-intelfw
+ (lambda* (#:key inputs #:allow-other-keys)
+ (invoke "unzip" (assoc-ref inputs "intelfw"))))
+ (add-after 'install 'patch-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((out (assoc-ref %outputs "out"))
+ (paths (map
+ (lambda (input)
+ (string-append (assoc-ref inputs input) "/bin"))
+ '("coreutils" "grep" "util-linux" "iucode-tool"
+ "util-linux-with-udev" "gawk" "gzip" "lzop"
+ "lzop" "perl" "procps" "sqlite" "wget" "which" "xz" "zstd"))))
+ (for-each
+ (lambda (program)
+ (wrap-program
+ (string-append out "/" program)
+ `("PATH" prefix ,paths)))
+ '("bin/spectre-meltdown-checker.sh"))))))))
+ (inputs `(("binutils" ,binutils)
+ ("coreutils",coreutils)
+ ("gawk" ,gawk)
+ ("grep" ,grep)
+ ("gzip" ,gzip)
+ ("intelfw", (origin
+ (method url-fetch)
+ (uri
+ "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip")
+ (sha256
+ (base32
+ "1zpf1h864f9lqdjf867xg5cw3xpq4l335g7dqpyl2zhb13kk0dhy"))))
+ ("iucode-tool" ,iucode-tool)
+ ("lzop" ,lzop)
+ ("mcedb", (origin
+ (method url-fetch)
+ (uri "https://github.com/platomav/MCExtractor/raw/master/MCE.db")
+ (sha256
+ (base32
+ "1lms4q6g17jz7pqvl8fcbpbsxxz84nax18zhn9b532svldxg7gh2"))))
+ ("perl" ,perl)
+ ("procps" ,procps)
+ ("sqlite" ,sqlite)
+ ("unzip" ,unzip)
+ ("util-linux" ,util-linux)
+ ("util-linux-with-udev" ,util-linux+udev)
+ ("wget" ,wget)
+ ("which" ,which)
+ ("xz" ,xz)
+ ("zstd" ,zstd)))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker")
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.34.0
next prev parent reply other threads:[~2021-12-07 22:05 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-05 17:00 [bug#49898] [PATCH] gnu: Add spectre-meltdown-checker phodina via Guix-patches via
2021-08-06 13:58 ` Leo Prikler
2021-08-07 9:04 ` [bug#49898] [PATCH v2] " phodina via Guix-patches via
2021-08-07 9:50 ` Leo Prikler
2021-08-08 11:05 ` [bug#49898] [PATCH v3] " phodina via Guix-patches via
2021-08-08 21:42 ` Leo Prikler
2021-09-18 15:25 ` [bug#49898] [PATCH v4] " phodina via Guix-patches via
2021-09-18 17:03 ` Liliana Marie Prikler
2021-12-07 22:04 ` phodina via Guix-patches via [this message]
2022-06-26 10:23 ` [bug#49898] [PATCH v5] " Liliana Marie Prikler
2022-06-26 11:07 ` phodina via Guix-patches via
2022-07-01 21:57 ` [bug#49898] [PATCH v6] " phodina via Guix-patches via
2022-07-01 23:02 ` Liliana Marie Prikler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='D2gPGa0WXCIsO76lbxLvD3cuk1oncyGtWwqd_v8_62noAYBvKmfbJdMv-TWoDeZak8S2pVhq1hHoG6hM6-JpwqLoIYK939aGeF7muZ0J3tw=@protonmail.com' \
--to=guix-patches@gnu.org \
--cc=49898@debbugs.gnu.org \
--cc=liliana.prikler@gmail.com \
--cc=phodina@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).