From: phodina via Guix-patches via <guix-patches@gnu.org>
To: Liliana Marie Prikler <liliana.prikler@gmail.com>
Cc: 49898@debbugs.gnu.org
Subject: [bug#49898] [PATCH v6] gnu: Add spectre-meltdown-checker.
Date: Fri, 01 Jul 2022 21:57:18 +0000 [thread overview]
Message-ID: <1BotgVcf3T0nBoSMz6SX1q7rpoKPp5bWkKSJcPItI46rjJV4dH0mmSkw_VVmE2MSpj10jMiscrcQLejbOo7192u2AsScBrWklgnP09m_dg4=@protonmail.com> (raw)
In-Reply-To: <MDXych3ebMv3NuAgJgpGtQ68v2qK_c7YCVZnGR0rVKkymTzHzqZ6um7eS_MVxV3Y862FQ2UVc7D5cQrsCxNkq4eu7tf9iYzcvxnxPPFqNbY=@protonmail.com>
[-- Attachment #1: Type: text/plain, Size: 453 bytes --]
Hi!
here's updated patch set:
- The version has been updated.
- It uses gexps.
- There are now 3 packages (intelfw and mcextractor are new).
There is the issue with Intel license. Not sure if it can be included.
The intelfw and mcextractor are used in the shell function update_fwdb. It might be better to create a patch, remove the download functionality and point it to /gnu/store for the package inputs. What do you think?
----
Petr
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: v6-0001-gnu-Add-intelfw.patch --]
[-- Type: text/x-patch; name=v6-0001-gnu-Add-intelfw.patch, Size: 1534 bytes --]
From fbee544b00de49e7c26e125ec2f1061524cc19ab Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Fri, 1 Jul 2022 23:18:13 +0200
Subject: [PATCH v6 1/3] gnu: Add intelfw.
* gnu/packages/linux.scm (intelfw): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 58d33140bd..98333c5be2 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -7983,6 +7983,29 @@ (define-public psm
(supported-systems '("i686-linux" "x86_64-linux"))
(license (list license:bsd-2 license:gpl2)))) ;dual
+(define-public intelfw
+ (package
+ (name "intelfw")
+ (version "20220510")
+ (home-page "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files")
+ (source
+ (origin
+ (method url-fetch)
+ (uri
+ (string-append home-page
+ "/archive/refs/tags/microcode-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0akd526rrkskz7l0kihbymmjzcmf56pv7kh0nbdviywqnmqxqk95"))))
+ (build-system copy-build-system)
+ (synopsis "Intel Processor Microcode")
+ (description "This package provides Intel Processor Microcode provides
+a mechanism to release updates for security advisories and functional issues,
+including errata.")
+ ;; TODO: Intel nonfree license
+ (license #f)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.36.1
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: v6-0002-gnu-Add-mcextractor.patch --]
[-- Type: text/x-patch; name=v6-0002-gnu-Add-mcextractor.patch, Size: 1785 bytes --]
From cca59fd7281ce832daa46f201ad7d68058e6c2da Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Fri, 1 Jul 2022 23:18:23 +0200
Subject: [PATCH v6 2/3] gnu: Add mcextractor.
* gnu/packages/linux.scm (mcextractor): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 98333c5be2..5f634824bf 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -8006,6 +8006,38 @@ (define-public intelfw
;; TODO: Intel nonfree license
(license #f)))
+(define-public mcextractor
+ (package
+ (name "mcextractor")
+ (version "1.74.1")
+ (home-page "https://github.com/platomav/MCExtractor")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url home-page)
+ (commit (string-append "v" version "-r232"))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "09pxa23kdsy8apnxay7v1wmds5879rj6hx779rrqmspllwgg79hj"))))
+ (build-system python-build-system)
+ (arguments
+ (list #:use-setuptools? #f
+ #:tests? #f
+ #:phases
+ #~(modify-phases %standard-phases
+ (delete 'build)
+ (replace 'install
+ (lambda* _
+ (install-file "MCE.py" (string-append #$output "/bin"))
+ (install-file "MCE.db" (string-append #$output
+ "/share/")))))))
+ (synopsis "Intel, AMD, VIA & Freescale Microcode Extraction Tool")
+ (description "This package provides a tool MC Extractor which parses Intel,
+AMD, VIA and Freescale processor microcode binaries")
+ (license license:bsd-2)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.36.1
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #4: v6-0003-gnu-Add-spectre-meltdown-checker.patch --]
[-- Type: text/x-patch; name=v6-0003-gnu-Add-spectre-meltdown-checker.patch, Size: 4984 bytes --]
From 4ec64ebd0dbaed7de220a6d0bb6a1845060b7a51 Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Thu, 5 Aug 2021 18:23:47 +0200
Subject: [PATCH v6 3/3] gnu: Add spectre-meltdown-checker.
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5f634824bf..f9c7a0c93a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -154,6 +154,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages video)
#:use-module (gnu packages vulkan)
#:use-module (gnu packages web)
+ #:use-module (gnu packages wget)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xdisorg)
@@ -167,6 +168,7 @@ (define-module (gnu packages linux)
#:use-module (guix build-system copy)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -8038,6 +8040,84 @@ (define-public mcextractor
AMD, VIA and Freescale processor microcode binaries")
(license license:bsd-2)))
+(define-public spectre-meltdown-checker
+ (package
+ (name "spectre-meltdown-checker")
+ (version "0.45")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+ (build-system copy-build-system)
+ (arguments
+ (list #:install-plan #~`(("spectre-meltdown-checker.sh"
+ "bin/spectre-meltdown-checker.sh"))
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'replace-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "spectre-meltdown-checker.sh"
+ (("mcedb_cache=") (string-append "mcedb_cache="
+ #$mcextractor "/share/MCE.db"))
+ (("intel_tmp=") (string-append "intel_tmp="
+ #$intelfw)))))
+ (add-after 'install 'patch-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((paths (map (lambda (input)
+ (string-append (assoc-ref
+ inputs input)
+ "/bin"))
+ '("coreutils" "grep"
+ "util-linux"
+ "iucode-tool"
+ "util-linux-with-udev"
+ "gawk"
+ "gzip"
+ "lzop"
+ "lzop"
+ "perl"
+ "procps"
+ "sqlite"
+ "wget"
+ "which"
+ "xz"
+ "zstd"))))
+ (wrap-program (string-append #$output
+ "/bin/spectre-meltdown-checker.sh")
+ `("PATH" prefix
+ ,paths))))))))
+ (inputs (list bash-minimal
+ binutils
+ coreutils
+ gawk
+ grep
+ gzip
+ iucode-tool
+ intelfw
+ lzop
+ mcextractor
+ perl
+ procps
+ sqlite
+ unzip
+ util-linux
+ util-linux+udev
+ wget
+ which
+ xz
+ zstd))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description
+ "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker")
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.36.1
next prev parent reply other threads:[~2022-07-01 21:58 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-05 17:00 [bug#49898] [PATCH] gnu: Add spectre-meltdown-checker phodina via Guix-patches via
2021-08-06 13:58 ` Leo Prikler
2021-08-07 9:04 ` [bug#49898] [PATCH v2] " phodina via Guix-patches via
2021-08-07 9:50 ` Leo Prikler
2021-08-08 11:05 ` [bug#49898] [PATCH v3] " phodina via Guix-patches via
2021-08-08 21:42 ` Leo Prikler
2021-09-18 15:25 ` [bug#49898] [PATCH v4] " phodina via Guix-patches via
2021-09-18 17:03 ` Liliana Marie Prikler
2021-12-07 22:04 ` [bug#49898] [PATCH v5] " phodina via Guix-patches via
2022-06-26 10:23 ` Liliana Marie Prikler
2022-06-26 11:07 ` phodina via Guix-patches via
2022-07-01 21:57 ` phodina via Guix-patches via [this message]
2022-07-01 23:02 ` [bug#49898] [PATCH v6] " Liliana Marie Prikler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='1BotgVcf3T0nBoSMz6SX1q7rpoKPp5bWkKSJcPItI46rjJV4dH0mmSkw_VVmE2MSpj10jMiscrcQLejbOo7192u2AsScBrWklgnP09m_dg4=@protonmail.com' \
--to=guix-patches@gnu.org \
--cc=49898@debbugs.gnu.org \
--cc=liliana.prikler@gmail.com \
--cc=phodina@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.