From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id uHgUC/XscGMCYQEAbAwnHQ (envelope-from ) for ; Sun, 13 Nov 2022 14:11:17 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id qFj+CvXscGP64AAAauVa8A (envelope-from ) for ; Sun, 13 Nov 2022 14:11:17 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7860E2E6D for ; Sun, 13 Nov 2022 14:11:16 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ouClM-0005En-6D; Sun, 13 Nov 2022 08:11:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ouClK-0005Eb-SO for guix-patches@gnu.org; Sun, 13 Nov 2022 08:11:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ouClK-0001bS-JJ for guix-patches@gnu.org; Sun, 13 Nov 2022 08:11:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ouClK-0003Tg-Eg for guix-patches@gnu.org; Sun, 13 Nov 2022 08:11:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#59053] [PATCH v5] gnu: Add spectre-meltdown-checker. Resent-From: Hilton Chain Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 13 Nov 2022 13:11:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 59053 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: moreinfo patch To: Liliana Marie Prikler Cc: 59053@debbugs.gnu.org Received: via spool by 59053-submit@debbugs.gnu.org id=B59053.166834500413298 (code B ref 59053); Sun, 13 Nov 2022 13:11:02 +0000 Received: (at 59053) by debbugs.gnu.org; 13 Nov 2022 13:10:04 +0000 Received: from localhost ([127.0.0.1]:50203 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ouCkN-0003SP-Lr for submit@debbugs.gnu.org; Sun, 13 Nov 2022 08:10:04 -0500 Received: from mail.boiledscript.com ([144.168.59.46]:34914) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ouCkJ-0003Rl-Mh for 59053@debbugs.gnu.org; Sun, 13 Nov 2022 08:10:02 -0500 Date: Sun, 13 Nov 2022 21:09:15 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space; s=dkim; t=1668344990; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W4j+DRAaYnb65YshWZygk4lDETLC3OAHGOab+sTvaaY=; b=N0RsKvOA/nKM94Kr4/JQbaIfL41u8RmmZ+pN4zvuoo+WbOL1FWpnmRHOghkvXKA1bt45ev a4cDa4JbbxxxhxfSALeJwUTnNX5QpOXWx8S+z7ddBiA6AfSNiMEf3lFAVJgJZpTl5dALwa CIbNbuYFmkR5pARSmr7ABTujlGcBaSENfwG6eBooUgjVVYWvXYEIx1Yp9VoryN4tfSszO1 sG11qpvyTcc205LP9yiazMXf62tQJK5Og2TQlKyzC/aoavE4FDiPEX7usaBy6GmG99HdNg Bs+kNnMHYgvg+L+tpKWD6BLIcpzAjy1sL+9csPF5oPjefeEF3OU1M7HPmChzMQ== Message-ID: In-Reply-To: <3e3c90ad73311a445a3b06c7c8afb42dcf0af1b1.camel@gmail.com> References: <62dbdc4784403cc138909884b50a399485a2451f.camel@gmail.com> <60647514a548fc2589c1816ca8fef94fa20a7b94.camel@gmail.com> <3e3c90ad73311a445a3b06c7c8afb42dcf0af1b1.camel@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit X-Spamd-Bar: / X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Hilton Chain X-ACL-Warn: , Hilton Chain via Guix-patches From: Hilton Chain via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1668345076; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=W4j+DRAaYnb65YshWZygk4lDETLC3OAHGOab+sTvaaY=; b=cvv/yBg0zPp657Jy2Mg+vohbJOW1Ghmc2k46ARTbgnhQH05K9fWf6OPZjDfLZ+2WwY9l6o AAR6heJJg8wQYi/l+8amHMM3zGr3VMab7cuqUsiprpHrzwbL7nBhsrIXndXdf60yZv+4qA h1bn70+rzjUz7grUFHjSKgfdfOvA/d7WpKvR5/06OQybKJADMJCIDf/HZ9KPLOTrLZygly Vr7gRXuLw2LhGiie1x9QeHX/us2md4ddxOqEwxqtMmv1u0cWQrhX+a63ch9H6dcldrlWRP RpcLc7x6TEsX59iia2HemJOd7Iq8C0/dBO/g/vg8r6GWC0CMPsNP040dWG/Syg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1668345076; a=rsa-sha256; cv=none; b=h8U3H+sKQUDdAm/h0kVK1jpEvGbOZXP5OZ2mEybeU1n7bOfVebRyW3bMa2Nw45fYcIAbYj 5HINFjnHDrWcqMlBmeAvRUjI2LJ7H9QQUWpRnMOashBjEl+b65uMfM3cKydGDkTL9fflsr 6LDmD2/h5JdfWErkKmr7Ds3F95RFebXVTkodq2Lybsj13E1fXwQTDty94q5ekiAbvy1nBS bO/nxwr7sltD8/tYjpb0qLg3icqPmEx9Zci1UpesG7SZTOAgTgJdb97LcSggYxXe/69WtV iZTrJW5Xu5b4YjfPn4OYUx4p5yVFaMOJFEUehOx2Sr24VCfPLGD4bFuRJGOQng== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ultrarare.space header.s=dkim header.b=N0RsKvOA; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.15 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ultrarare.space header.s=dkim header.b=N0RsKvOA; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 7860E2E6D X-Spam-Score: -3.15 X-Migadu-Scanner: scn0.migadu.com X-TUID: 567hlJKf5PoU * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. * gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch: New file. * gnu/packages/patches/spectre-meltdown-checker-remove-builtin-firmware-database.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patches. --- v4 -> v5: No more an extra patch for substitution. gnu/local.mk | 2 + gnu/packages/linux.scm | 130 ++++++++++ ...ker-remove-builtin-firmware-database.patch | 243 ++++++++++++++++++ ...n-checker-support-guix-system-kernel.patch | 26 ++ 4 files changed, 401 insertions(+) create mode 100644 gnu/packages/patches/spectre-meltdown-checker-remove-builtin-firmware-database.patch create mode 100644 gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch diff --git a/gnu/local.mk b/gnu/local.mk index e3e02314bb..1e85790983 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1857,6 +1857,8 @@ dist_patch_DATA = \ %D%/packages/patches/syslinux-strip-gnu-property.patch \ %D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \ %D%/packages/patches/snappy-add-inline-for-GCC.patch \ + %D%/packages/patches/spectre-meltdown-checker-remove-builtin-firmware-database.patch \ + %D%/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch \ %D%/packages/patches/sphinxbase-fix-doxygen.patch \ %D%/packages/patches/spice-vdagent-glib-2.68.patch \ %D%/packages/patches/sssd-optional-systemd.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index fea33dfa0b..03b7ce46b0 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -9595,3 +9595,133 @@ (define-public edac-utils error detection and correction (EDAC).") (home-page "https://github.com/grondo/edac-utils") (license license:gpl2+))) + +(define-public spectre-meltdown-checker + (package + (name "spectre-meltdown-checker") + (version "0.45") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-checker") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (patches + (search-patches + "spectre-meltdown-checker-remove-builtin-firmware-database.patch" + ;; https://github.com/speed47/spectre-meltdown-checker/pull/441 + "spectre-meltdown-checker-support-guix-system-kernel.patch")) + ;; Remove builtin firmware database. + (modules '((guix build utils))) + (snippet '(substitute* "spectre-meltdown-checker.sh" + (("^# [AI],.*") ""))) + (sha256 + (base32 + "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8")))) + (build-system copy-build-system) + (arguments + (list + #:install-plan + #~'(("spectre-meltdown-checker.sh" "bin/spectre-meltdown-checker")) + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fixpath + (lambda* (#:key inputs #:allow-other-keys) + (define* (find-command inputs cmd #:optional (bin "bin") + #:key (prefix "") (suffix "")) + (string-append + prefix (search-input-file inputs (string-append bin "/" cmd)) + suffix)) + (substitute* "spectre-meltdown-checker.sh" + ;; ${opt_arch_prefix}CMD + (((string-append + "\\$\\{opt_arch_prefix\\}" + "\\<(nm|objdump|readelf|strings)\\>") all cmd) + (find-command inputs cmd)) + + ;; dd + (("(dd)( if=)" all cmd suffix) + (find-command inputs cmd #:suffix suffix)) + + ;; Commands safe to substitute directly. + (((string-append "\\<(" (string-join + (list "awk" + "basename" + "dirname" + "bunzip2" + "gunzip" + "gzip" + "lz4" + "lzop" + "modprobe" + "pgrep" + "rmmod" + "umount" + "unlzma" + "unxz" + "unzstd" + "uuencode") + "|") + ")\\>") all cmd) + (find-command inputs cmd)) + + ;; Search by suffix. + ;; CMD - + ;; CMD ^ + (((string-append "\\<(" (string-join + (list "base64" + "cut" + "grep" + "head" + "id" + "mount" + "mktemp" + "od" + "perl" + "rm" + "uname" + "xargs") + "|") + ")\\>( [-^])") all cmd suffix) + (find-command inputs cmd #:suffix suffix)) + ;; CMD | + (("(dmesg)( \\|)" all cmd suffix) + (find-command inputs cmd #:suffix suffix)) + + ;; Then prefix + ;; | CMD + (("(\\| )\\<(grep|sed|sort|stat|tr)\\>" all prefix cmd) + (find-command inputs cmd #:prefix prefix)) + ;; $(CMD + (("(\\$\\( *)(sysctl)" all prefix cmd) + (find-command inputs cmd "sbin" #:prefix prefix)) + (("(\\$\\()\\<(cat|find|grep|mount|nproc|stat|tr)\\>" all prefix cmd) + (find-command inputs cmd #:prefix prefix)) + ;; if CMD + (("(if )(sysctl)" all prefix cmd) + (find-command inputs cmd "sbin" #:prefix prefix)) + ;; command -v CMD + (("(command -v) \"*\\<(base64|nproc|perl|printf)\\>\"*" all prefix cmd) + (find-command inputs cmd #:prefix prefix)) + + ;; Cats are mysterious... + ;; cat < +Date: Sat, 12 Nov 2022 22:45:24 +0800 +Subject: [PATCH] Remove builtin firmware database. + +1. Remove downloading function. +2. Add option for supplying a local database. +--- + spectre-meltdown-checker.sh | 180 +++--------------------------------- + 1 file changed, 15 insertions(+), 165 deletions(-) + +diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh +index 30f760c..ce46970 100755 +--- a/spectre-meltdown-checker.sh ++++ b/spectre-meltdown-checker.sh +@@ -22,8 +22,6 @@ exit_cleanup() + [ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config" + [ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp" + [ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2" +- [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp" +- [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp" + [ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null + [ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null + [ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null +@@ -93,9 +91,7 @@ show_usage() + --vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto + --allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system + --cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0) +- --update-fwdb update our local copy of the CPU microcodes versions database (using the awesome +- MCExtractor project and the Intel firmwares GitHub repository) +- --update-builtin-fwdb same as --update-fwdb but update builtin DB inside the script itself ++ --with-fwdb FILE supply the CPU microcodes versions database + --dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script + + Return codes: +@@ -837,147 +833,6 @@ show_header() + _info + } + +-[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)" +-mcedb_cache="$HOME/.mcedb" +-update_fwdb() +-{ +- show_header +- +- set -e +- +- if [ -r "$mcedb_cache" ]; then +- previous_dbversion=$(awk '/^# %%% MCEDB / { print $4 }' "$mcedb_cache") +- fi +- +- # first, download the MCE.db from the excellent platomav's MCExtractor project +- mcedb_tmp="$(mktemp -t smc-mcedb-XXXXXX)" +- mcedb_url='https://github.com/platomav/MCExtractor/raw/master/MCE.db' +- _info_nol "Fetching MCE.db from the MCExtractor project... " +- if command -v wget >/dev/null 2>&1; then +- wget -q "$mcedb_url" -O "$mcedb_tmp"; ret=$? +- elif command -v curl >/dev/null 2>&1; then +- curl -sL "$mcedb_url" -o "$mcedb_tmp"; ret=$? +- elif command -v fetch >/dev/null 2>&1; then +- fetch -q "$mcedb_url" -o "$mcedb_tmp"; ret=$? +- else +- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs" +- return 1 +- fi +- if [ "$ret" != 0 ]; then +- echo ERROR "error $ret while downloading MCE.db" +- return $ret +- fi +- echo DONE +- +- # second, get the Intel firmwares from GitHub +- intel_tmp="$(mktemp -d -t smc-intelfw-XXXXXX)" +- intel_url="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip" +- _info_nol "Fetching Intel firmwares... " +- ## https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git +- if command -v wget >/dev/null 2>&1; then +- wget -q "$intel_url" -O "$intel_tmp/fw.zip"; ret=$? +- elif command -v curl >/dev/null 2>&1; then +- curl -sL "$intel_url" -o "$intel_tmp/fw.zip"; ret=$? +- elif command -v fetch >/dev/null 2>&1; then +- fetch -q "$intel_url" -o "$intel_tmp/fw.zip"; ret=$? +- else +- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs" +- return 1 +- fi +- if [ "$ret" != 0 ]; then +- echo ERROR "error $ret while downloading Intel firmwares" +- return $ret +- fi +- echo DONE +- +- # now extract MCEdb contents using sqlite +- _info_nol "Extracting MCEdb data... " +- if ! command -v sqlite3 >/dev/null 2>&1; then +- echo ERROR "please install the \`sqlite3\` program" +- return 1 +- fi +- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE") +- if [ -z "$mcedb_revision" ]; then +- echo ERROR "downloaded file seems invalid" +- return 1 +- fi +- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text" +- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'" +- +- echo OK "MCExtractor database revision $mcedb_revision" +- +- # parse Intel firmwares to get their versions +- _info_nol "Integrating Intel firmwares data to db... " +- if ! command -v unzip >/dev/null 2>&1; then +- echo ERROR "please install the \`unzip\` program" +- return 1 +- fi +- ( cd "$intel_tmp" && unzip fw.zip >/dev/null; ) +- if ! [ -d "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/intel-ucode" ]; then +- echo ERROR "expected the 'intel-ucode' folder in the downloaded zip file" +- return 1 +- fi +- +- if ! command -v iucode_tool >/dev/null 2>&1; then +- if ! command -v iucode-tool >/dev/null 2>&1; then +- echo ERROR "please install the \`iucode-tool\` program" +- return 1 +- else +- iucode_tool="iucode-tool" +- fi +- else +- iucode_tool="iucode_tool" +- fi +- # 079/001: sig 0x000106c2, pf_mask 0x01, 2009-04-10, rev 0x0217, size 5120 +- # 078/004: sig 0x000106ca, pf_mask 0x10, 2009-08-25, rev 0x0107, size 5120 +- $iucode_tool -l "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/intel-ucode" | grep -wF sig | while read -r _line +- do +- _line=$( echo "$_line" | tr -d ',') +- _cpuid=$( echo "$_line" | awk '{print $3}') +- _cpuid=$(( _cpuid )) +- _cpuid=$(printf "0x%08X" "$_cpuid") +- _date=$( echo "$_line" | awk '{print $6}' | tr -d '-') +- _version=$(echo "$_line" | awk '{print $8}') +- _version=$(( _version )) +- _version=$(printf "0x%08X" "$_version") +- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")" +- sqlite3 "$mcedb_tmp" "$_sqlstm" +- done +- _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null) +- if [ -n "$_intel_timestamp" ]; then +- # use this date, it matches the last commit date +- _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp") +- else +- echo "Falling back to the latest microcode date" +- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;") +- fi +- echo DONE "(version $_intel_latest_date)" +- +- dbversion="$mcedb_revision+i$_intel_latest_date" +- +- if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then +- echo "We already have this version locally, no update needed" +- return 0 +- fi +- +- _info_nol "Building local database... " +- { +- echo "# Spectre & Meltdown Checker"; +- echo "# %%% MCEDB v$dbversion"; +- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,'; +- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,'; +- } > "$mcedb_cache" +- echo DONE "(version $dbversion)" +- +- if [ "$1" = builtin ]; then +- newfile=$(mktemp -t smc-builtin-XXXXXX) +- awk '/^# %%% MCEDB / { exit }; { print }' "$0" > "$newfile" +- awk '{ if (NR>1) { print } }' "$mcedb_cache" >> "$newfile" +- cat "$newfile" > "$0" +- rm -f "$newfile" +- fi +-} +- + parse_opt_file() + { + # parse_opt_file option_name option_value +@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do + # deprecated, kept for compatibility + opt_explain=0 + shift +- elif [ "$1" = "--update-fwdb" ] || [ "$1" = "--update-mcedb" ]; then +- update_fwdb +- exit $? +- elif [ "$1" = "--update-builtin-fwdb" ] || [ "$1" = "--update-builtin-mcedb" ]; then +- update_fwdb builtin +- exit $? ++ elif [ "$1" = "--with-fwdb" ] || [ "$1" = "--with-mcedb" ]; then ++ opt_fwdb=$2 ++ if [ -f "$opt_fwdb" ]; then ++ mcedb_cache=$2 ++ else ++ echo "$0: error: --with-fwdb should be a file, got '$opt_fwdb'" >&2 ++ exit 255 ++ fi ++ shift 2 + elif [ "$1" = "--dump-mock-data" ]; then + opt_mock=1 + shift +@@ -2033,21 +1891,11 @@ is_xen_domU() + fi + } + +-builtin_dbversion=$(awk '/^# %%% MCEDB / { print $4 }' "$0") + if [ -r "$mcedb_cache" ]; then + # we have a local cache file, but it might be older than the builtin version we have + local_dbversion=$( awk '/^# %%% MCEDB / { print $4 }' "$mcedb_cache") +- # sort -V sorts by version number +- older_dbversion=$(printf "%b\n%b" "$local_dbversion" "$builtin_dbversion" | sort -V | head -n1) +- if [ "$older_dbversion" = "$builtin_dbversion" ]; then +- mcedb_source="$mcedb_cache" +- mcedb_info="local firmwares DB $local_dbversion" +- fi +-fi +-# if mcedb_source is not set, either we don't have a local cached db, or it is older than the builtin db +-if [ -z "${mcedb_source:-}" ]; then +- mcedb_source="$0" +- mcedb_info="builtin firmwares DB $builtin_dbversion" ++ mcedb_source="$mcedb_cache" ++ mcedb_info="local firmwares DB $local_dbversion" + fi + read_mcedb() + { +@@ -2063,7 +1911,9 @@ is_latest_known_ucode() + return 2 + fi + ucode_latest="latest microcode version for your CPU model is unknown" +- if is_intel; then ++ if [ -z "$mcedb_source" ]; then ++ return 2 ++ elif is_intel; then + cpu_brand_prefix=I + elif is_amd; then + cpu_brand_prefix=A +-- +2.38.1 + diff --git a/gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch new file mode 100644 index 0000000000..afec52b418 --- /dev/null +++ b/gnu/packages/patches/spectre-meltdown-checker-support-guix-system-kernel.patch @@ -0,0 +1,26 @@ +From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001 +From: Hilton Chain +Date: Sat, 5 Nov 2022 23:22:31 +0800 +Subject: [PATCH] Add support for Guix System kernel. + +--- + spectre-meltdown-checker.sh | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh +index 248a444..855a090 100755 +--- a/spectre-meltdown-checker.sh ++++ b/spectre-meltdown-checker.sh +@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then + [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)" + # NixOS: + [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel" ++ # Guix System: ++ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage" + # systemd kernel-install: + [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux" + # Clear Linux: + +base-commit: a6c943d38f315f339697ec26e7374a09b88f2183 +-- +2.38.0 base-commit: 80d10fa413cf43439f9ab94b6f69fe68811156da -- 2.38.1