From 4ec64ebd0dbaed7de220a6d0bb6a1845060b7a51 Mon Sep 17 00:00:00 2001 From: Petr Hodina Date: Thu, 5 Aug 2021 18:23:47 +0200 Subject: [PATCH v6 3/3] gnu: Add spectre-meltdown-checker. * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 5f634824bf..f9c7a0c93a 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -154,6 +154,7 @@ (define-module (gnu packages linux) #:use-module (gnu packages video) #:use-module (gnu packages vulkan) #:use-module (gnu packages web) + #:use-module (gnu packages wget) #:use-module (gnu packages xiph) #:use-module (gnu packages xml) #:use-module (gnu packages xdisorg) @@ -167,6 +168,7 @@ (define-module (gnu packages linux) #:use-module (guix build-system copy) #:use-module (guix build-system gnu) #:use-module (guix build-system go) + #:use-module (guix build-system copy) #:use-module (guix build-system meson) #:use-module (guix build-system python) #:use-module (guix build-system trivial) @@ -8038,6 +8040,84 @@ (define-public mcextractor AMD, VIA and Freescale processor microcode binaries") (license license:bsd-2))) +(define-public spectre-meltdown-checker + (package + (name "spectre-meltdown-checker") + (version "0.45") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-checker") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8")))) + (build-system copy-build-system) + (arguments + (list #:install-plan #~`(("spectre-meltdown-checker.sh" + "bin/spectre-meltdown-checker.sh")) + #:phases #~(modify-phases %standard-phases + (add-after 'unpack 'replace-paths + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "spectre-meltdown-checker.sh" + (("mcedb_cache=") (string-append "mcedb_cache=" + #$mcextractor "/share/MCE.db")) + (("intel_tmp=") (string-append "intel_tmp=" + #$intelfw))))) + (add-after 'install 'patch-paths + (lambda* (#:key inputs #:allow-other-keys) + (let ((paths (map (lambda (input) + (string-append (assoc-ref + inputs input) + "/bin")) + '("coreutils" "grep" + "util-linux" + "iucode-tool" + "util-linux-with-udev" + "gawk" + "gzip" + "lzop" + "lzop" + "perl" + "procps" + "sqlite" + "wget" + "which" + "xz" + "zstd")))) + (wrap-program (string-append #$output + "/bin/spectre-meltdown-checker.sh") + `("PATH" prefix + ,paths)))))))) + (inputs (list bash-minimal + binutils + coreutils + gawk + grep + gzip + iucode-tool + intelfw + lzop + mcextractor + perl + procps + sqlite + unzip + util-linux + util-linux+udev + wget + which + xz + zstd)) + (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker") + (description + "A shell script to assess your system's resilience against +the several transient execution CVEs that were published since early 2018, +and give you guidance as to how to mitigate them.") + (home-page "https://github.com/speed47/spectre-meltdown-checker") + (license license:gpl3))) + (define-public snapscreenshot (package (name "snapscreenshot") -- 2.36.1