From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 4JyrGGayF2UY+QAA9RJhRA:P1 (envelope-from ) for ; Sat, 30 Sep 2023 07:30:14 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4789::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 4JyrGGayF2UY+QAA9RJhRA (envelope-from ) for ; Sat, 30 Sep 2023 07:30:14 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 808125A761 for ; Sat, 30 Sep 2023 07:30:13 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ultrarare.space header.s=dkim header.b=37IHb1F7; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1696051814; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=u8DMXTWmKW2iO2lfHazTer3buHfhE8PKmFEuzW+vg/4=; b=uZTWd3foeJKXu4/5392+1Wex0GJR/CGbVTTNHgFMU1mVnES2nVJcSbNP+VYMjOKwUqTWBh XohDaSpVXiagqO8QPX21SMJjaQ+23PzowBs+ap3LTp5OSZe6XjMSFdTyMX8ARtqyjVsLjQ CKglNyxQ4OXYd21KHWhMg0BqWN2E17PLc3GYQNpxiLjQVtzmnSjgzvMv8IKbRn1gtCxSYo Ca0WjP2IPUNpOJ8Ta4ZkdpnEwRhEju0jjTZ8jGbYsbdvT4ys0ewzqHxJvE2yaVXsAKw5EO IC0ktqzLzi00lZEgemeqwaExDmlAVNR+BecjSyRIiGGEI6QVGMnzaPFmxUkGcQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1696051814; a=rsa-sha256; cv=none; b=fBEwLv/F4kWcEIAVHEalT7ymujvyfBTmO7oB2DGZVnEnPcEki0/SLevRd8nQzEbdSjlgZ9 wZOKSRkQnVTsC2L7LjO/wgVrLUpuh5JqXJVukR4bB8c5MKwleZJqmzSPUET0KVEv72KULK ed8NBtD0hGVLtVyNxQX5mvl13ihNfUHaCLMADU7ERUcGbSl2q/CMXY4wjnYcKO/AhIv26U sMrtBIKz5Hrvrp13hLZHdtT9DyI8FRCpu+jQ0yWSTawsIWAzkhx7nKVbBY7GLdnAy4sVQv hHiviTA6YHkSNHqzfgjp9nNcPzR7rXjfRe3TgdQrwM5uFr0vt5wHBlBYppWr9g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=ultrarare.space header.s=dkim header.b=37IHb1F7; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qmSY5-0003tk-GW; Sat, 30 Sep 2023 01:29:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qmSY3-0003hv-Jk for guix-patches@gnu.org; Sat, 30 Sep 2023 01:29:51 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qmSY3-0006cu-BT for guix-patches@gnu.org; Sat, 30 Sep 2023 01:29:51 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qmSYE-0008Fd-TT; Sat, 30 Sep 2023 01:30:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#64889] [PATCH v2] gnu: spectre-meltdown-checker: Update to 0.46. Resent-From: Hilton Chain Original-Sender: "Debbugs-submit" Resent-CC: hako@ultrarare.space, leo@famulari.name, me@tobias.gr, guix-patches@gnu.org Resent-Date: Sat, 30 Sep 2023 05:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 64889 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64889@debbugs.gnu.org Cc: Hilton Chain , Hilton Chain , Leo Famulari , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Hilton Chain , Leo Famulari , Tobias Geerinckx-Rice Received: via spool by 64889-submit@debbugs.gnu.org id=B64889.169605175731622 (code B ref 64889); Sat, 30 Sep 2023 05:30:02 +0000 Received: (at 64889) by debbugs.gnu.org; 30 Sep 2023 05:29:17 +0000 Received: from localhost ([127.0.0.1]:57567 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmSXT-0008Dw-TG for submit@debbugs.gnu.org; Sat, 30 Sep 2023 01:29:16 -0400 Received: from mail.boiledscript.com ([144.168.59.46]:44224) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qmSXQ-0008Dl-Fm for 64889@debbugs.gnu.org; Sat, 30 Sep 2023 01:29:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ultrarare.space; s=dkim; t=1696051629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u8DMXTWmKW2iO2lfHazTer3buHfhE8PKmFEuzW+vg/4=; b=37IHb1F7bpJ0wYI/oGEu9AEp1axoiP+Omc+R9QIhclECR6Abe+5F4Ts1KNB7RkQv+tfro8 e0MaZ+GayeUMoWbms8VW3d5ThyHMQxZXfYFYZhQOKUaQNbbiEPBy9ybV11G5HfYdS6ZoNX YAnv9VP/Mx/TFu3O/vJt0rcsABltS8EKSf3uIJc1vW28RF/Sp83xobuy+JhAYICHroxBgE lYhJf5h38seTVHWORhQuR32HSCDrm4upRLgzg7ANNJ9wHVvon8X1WbprJI7SlsMiBqHEDB ego0KAh3Zok5QJLBXuDhfFEThdwppmNZmXhjVD6eRHzOPI3PEsv3pMoCfwjtuA== Date: Sat, 30 Sep 2023 13:28:13 +0800 Message-ID: <785a2c1ebe3d2cce11a459b93b95b2c5cb5e8072.1696051526.git.hako@ultrarare.space> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spamd-Bar: + X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Hilton Chain X-ACL-Warn: , Hilton Chain via Guix-patches From: Hilton Chain via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -3.26 X-Migadu-Spam-Score: -3.26 X-Migadu-Scanner: mx1.migadu.com X-Migadu-Queue-Id: 808125A761 X-TUID: +/EQ8+FTXtyg * gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update patch. * gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46. [#:phases]: Correct name for bunzip2. Substitute lzop and mktemp as well. --- V1 -> V2: Rebase. gnu/local.mk | 1 - gnu/packages/linux.scm | 13 +-- ...re-meltdown-checker-externalize-fwdb.patch | 109 +++++++++++++++--- ...spectre-meltdown-checker-find-kernel.patch | 26 ----- 4 files changed, 96 insertions(+), 53 deletions(-) delete mode 100644 gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7c208b9c0d..00cd446a9e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1985,7 +1985,6 @@ dist_patch_DATA = \ %D%/packages/patches/softhsm-fix-openssl3-tests.patch \ %D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \ %D%/packages/patches/spdlog-fix-tests.patch \ - %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \ %D%/packages/patches/sphinxbase-fix-doxygen.patch \ %D%/packages/patches/sssd-system-directories.patch \ %D%/packages/patches/steghide-fixes.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index c6fceaf81c..abfe780b7b 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -10316,7 +10316,7 @@ (define-public edac-utils (define-public spectre-meltdown-checker (package (name "spectre-meltdown-checker") - (version "0.45") + (version "0.46") (source (origin (method git-fetch) (uri (git-reference @@ -10325,15 +10325,14 @@ (define-public spectre-meltdown-checker (file-name (git-file-name name version)) (patches (search-patches - "spectre-meltdown-checker-externalize-fwdb.patch" - "spectre-meltdown-checker-find-kernel.patch")) + "spectre-meltdown-checker-externalize-fwdb.patch")) ;; Remove builtin firmware database. (modules '((guix build utils))) (snippet '(substitute* "spectre-meltdown-checker.sh" (("^# [AI],.*") ""))) (sha256 (base32 - "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8")))) + "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k")))) (build-system copy-build-system) (arguments (list @@ -10352,11 +10351,11 @@ (define-public spectre-meltdown-checker (find-command inputs cmd)) ;; Commands safe to substitute directly. - (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd) + (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd) (find-command inputs cmd)) - (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd) + (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd) (find-command inputs cmd)) - (("\\<(unxz|unzstd|uuencode)\\>" all cmd) + (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd) (find-command inputs cmd)) ;; Commands which should only be substituted based on their diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch index cce70b880f..35673ceb91 100644 --- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch +++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch @@ -1,27 +1,28 @@ -From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001 +From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001 From: Hilton Chain -Date: Sat, 12 Nov 2022 22:45:24 +0800 +Date: Thu, 27 Jul 2023 14:45:14 +0800 Subject: [PATCH] Replace fwdb downloader with a local file option. Also warn about non-free software. --- - spectre-meltdown-checker.sh | 180 +++--------------------------------- - 1 file changed, 15 insertions(+), 165 deletions(-) + spectre-meltdown-checker.sh | 253 +++--------------------------------- + 1 file changed, 17 insertions(+), 236 deletions(-) diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh -index 30f760c..ce46970 100755 +index e7b6b33..33bdf71 100755 --- a/spectre-meltdown-checker.sh +++ b/spectre-meltdown-checker.sh -@@ -22,8 +22,6 @@ exit_cleanup() +@@ -23,9 +23,6 @@ exit_cleanup() [ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config" [ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp" [ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2" - [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp" - [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp" +- [ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp" [ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null [ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null [ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null -@@ -93,9 +91,9 @@ show_usage() +@@ -97,9 +94,9 @@ show_usage() --vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto --allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system --cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0) @@ -34,10 +35,33 @@ index 30f760c..ce46970 100755 --dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script Return codes: -@@ -837,147 +833,6 @@ show_header() +@@ -858,217 +855,6 @@ show_header() _info } +-# Family-Model-Stepping to CPUID +-# prints CPUID in base-10 to stdout +-fms2cpuid() +-{ +- _family="$1" +- _model="$2" +- _stepping="$3" +- +- if [ "$(( _family ))" -le 15 ]; then +- _extfamily=0 +- _lowfamily=$(( _family )) +- else +- # when we have a family > 0xF, then lowfamily is stuck at 0xF +- # and extfamily is ADDED to it (as in "+"), to ensure old software +- # never sees a lowfamily < 0xF for newer families +- _lowfamily=15 +- _extfamily=$(( (_family) - 15 )) +- fi +- _extmodel=$(( (_model & 0xF0 ) >> 4 )) +- _lowmodel=$(( (_model & 0x0F ) >> 0 )) +- echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) )) +-} +- -[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)" -mcedb_cache="$HOME/.mcedb" -update_fwdb() @@ -97,13 +121,15 @@ index 30f760c..ce46970 100755 - echo ERROR "please install the \`sqlite3\` program" - return 1 - fi -- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE") +- mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"") - if [ -z "$mcedb_revision" ]; then - echo ERROR "downloaded file seems invalid" - return 1 - fi -- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text" -- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'" +- sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT" +- sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT" +- sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'" +- sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'" - - echo OK "MCExtractor database revision $mcedb_revision" - @@ -141,7 +167,7 @@ index 30f760c..ce46970 100755 - _version=$(echo "$_line" | awk '{print $8}') - _version=$(( _version )) - _version=$(printf "0x%08X" "$_version") -- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")" +- _sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")" - sqlite3 "$mcedb_tmp" "$_sqlstm" - done - _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null) @@ -150,10 +176,52 @@ index 30f760c..ce46970 100755 - _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp") - else - echo "Falling back to the latest microcode date" -- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;") +- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;") - fi - echo DONE "(version $_intel_latest_date)" - +- # now parse the most recent linux-firmware amd-ucode README file +- _info_nol "Fetching latest amd-ucode README from linux-firmware project... " +- linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README" +- linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX) +- if command -v wget >/dev/null 2>&1; then +- wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$? +- elif command -v curl >/dev/null 2>&1; then +- curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$? +- elif command -v fetch >/dev/null 2>&1; then +- fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$? +- else +- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs" +- return 1 +- fi +- if [ "$ret" != 0 ]; then +- echo ERROR "error $ret while downloading linux-firmware README" +- return $ret +- fi +- echo DONE +- +- _info_nol "Parsing the README... " +- nbfound=0 +- for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do +- _debug "Parsing line $line" +- _family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2) +- _model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2) +- _stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2) +- _version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2) +- _version=$(printf "0x%08X" "$(( _version ))") +- _cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping") +- _cpuid=$(printf "0x%08X" "$_cpuid") +- _date="20000101" +- _sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")" +- _debug "family $_family model $_model stepping $_stepping cpuid $_cpuid" +- _debug "$_sqlstm" +- sqlite3 "$mcedb_tmp" "$_sqlstm" +- nbfound=$((nbfound + 1)) +- unset _family _model _stepping _version _cpuid _date _sqlstm +- done +- echo "found $nbfound microcodes" +- unset nbfound +- - dbversion="$mcedb_revision+i$_intel_latest_date" - - if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then @@ -165,8 +233,11 @@ index 30f760c..ce46970 100755 - { - echo "# Spectre & Meltdown Checker"; - echo "# %%% MCEDB v$dbversion"; -- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,'; -- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,'; +- # ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw +- sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);" +- # we'll use the more recent fw for Intel and AMD +- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,'; +- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,'; - } > "$mcedb_cache" - echo DONE "(version $dbversion)" - @@ -182,7 +253,7 @@ index 30f760c..ce46970 100755 parse_opt_file() { # parse_opt_file option_name option_value -@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do +@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do # deprecated, kept for compatibility opt_explain=0 shift @@ -204,7 +275,7 @@ index 30f760c..ce46970 100755 elif [ "$1" = "--dump-mock-data" ]; then opt_mock=1 shift -@@ -2033,21 +1891,11 @@ is_xen_domU() +@@ -2192,21 +1981,11 @@ is_xen_domU() fi } @@ -228,7 +299,7 @@ index 30f760c..ce46970 100755 fi read_mcedb() { -@@ -2063,7 +1911,9 @@ is_latest_known_ucode() +@@ -2222,7 +2001,9 @@ is_latest_known_ucode() return 2 fi ucode_latest="latest microcode version for your CPU model is unknown" @@ -240,5 +311,5 @@ index 30f760c..ce46970 100755 elif is_amd; then cpu_brand_prefix=A -- -2.38.1 +2.41.0 diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch deleted file mode 100644 index c0e24d8eed..0000000000 --- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001 -From: Hilton Chain -Date: Sat, 5 Nov 2022 23:22:31 +0800 -Subject: [PATCH] Locate the kernel bzimage used by Guix System - ---- - spectre-meltdown-checker.sh | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh -index 248a444..855a090 100755 ---- a/spectre-meltdown-checker.sh -+++ b/spectre-meltdown-checker.sh -@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then - [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)" - # NixOS: - [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel" -+ # Guix System: -+ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage" - # systemd kernel-install: - [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux" - # Clear Linux: - -base-commit: a6c943d38f315f339697ec26e7374a09b88f2183 --- -2.38.0 base-commit: b268842ec4808f5030f3bda95f52ff39dd88e3ad -- 2.41.0