From: Leo Prikler <leo.prikler@student.tugraz.at>
To: phodina <phodina@protonmail.com>, 49898@debbugs.gnu.org
Subject: [bug#49898] [PATCH v2] gnu: Add spectre-meltdown-checker.
Date: Sat, 07 Aug 2021 11:50:02 +0200 [thread overview]
Message-ID: <9500dbad2e885d13d06e3301f27261823d6f8698.camel@student.tugraz.at> (raw)
In-Reply-To: <3xoFvRtUq0ydTy_fT8l5k0jlZhvtRTdSW107c9FiBmSCvQtXUapBOqbJkTEYJtGQrlcc9RcmOSdvqayP_lMcYc71m4squo4DReV_zFEt-00=@protonmail.com>
Hi,
Am Samstag, den 07.08.2021, 09:04 +0000 schrieb phodina:
> Thanks Leo for the suggestions!
> -------------------
> * gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
>
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 4ca2a386e1..3529fa02e2 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -53,6 +53,7 @@
> ;;; Copyright © 2020 pukkamustard <pukkamustard@posteo.net>
> ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
> ;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru>
> +;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -148,6 +149,7 @@
> #:use-module (guix build-system cmake)
> #:use-module (guix build-system gnu)
> #:use-module (guix build-system go)
> + #:use-module (guix build-system copy)
> #:use-module (guix build-system meson)
> #:use-module (guix build-system python)
> #:use-module (guix build-system trivial)
> @@ -7191,6 +7193,32 @@ interfaces in parallel environments.")
> (supported-systems '("i686-linux" "x86_64-linux"))
> (license (list license:bsd-2 license:gpl2)))) ;dual
>
> +(define-public spectre-meltdown-checker
> +(package
> + (name "spectre-meltdown-checker")
> + (version "0.44")
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "
> https://github.com/speed47/spectre-meltdown-checker")
> + (commit (string-append "v" version))))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"
> ))))
> + (build-system copy-build-system)
> + (arguments
> + `(#:install-plan '(("spectre-meltdown-checker.sh"
> + "bin/spectre-meltdown-checker.sh"))))
> + (inputs `(("util-linux" ,util-linux)
> + ("binutils" ,binutils)))
We typically sort inputs alphabetically.
> + (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> checker")
> + (description "A shell script to assess your system's resilience
> against
> +the several transient execution CVEs that were published since early
> 2018,
> +and give you guidance as to how to mitigate them.")
> + (home-page "https://github.com/speed47/spectre-meltdown-checker")
> + (license license:gpl3)))
This looks better, but after running the checker in a few
configurations (it doesn't appear to make a difference whether with or
without root, but judging from the papers some attacks would require
sudo) I've noticed that commands are insufficiently hardcoded.
For instance, the check for Spectre Variant 1 requires perl, which is
not available and the line stating so is hidden well among a large wall
of output.
Likewise, I don't think simply including binutils does anything, you'll
have to patch those in as well if you want them.
Regards,
next prev parent reply other threads:[~2021-08-07 9:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-05 17:00 [bug#49898] [PATCH] gnu: Add spectre-meltdown-checker phodina via Guix-patches via
2021-08-06 13:58 ` Leo Prikler
2021-08-07 9:04 ` [bug#49898] [PATCH v2] " phodina via Guix-patches via
2021-08-07 9:50 ` Leo Prikler [this message]
2021-08-08 11:05 ` [bug#49898] [PATCH v3] " phodina via Guix-patches via
2021-08-08 21:42 ` Leo Prikler
2021-09-18 15:25 ` [bug#49898] [PATCH v4] " phodina via Guix-patches via
2021-09-18 17:03 ` Liliana Marie Prikler
2021-12-07 22:04 ` [bug#49898] [PATCH v5] " phodina via Guix-patches via
2022-06-26 10:23 ` Liliana Marie Prikler
2022-06-26 11:07 ` phodina via Guix-patches via
2022-07-01 21:57 ` [bug#49898] [PATCH v6] " phodina via Guix-patches via
2022-07-01 23:02 ` Liliana Marie Prikler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9500dbad2e885d13d06e3301f27261823d6f8698.camel@student.tugraz.at \
--to=leo.prikler@student.tugraz.at \
--cc=49898@debbugs.gnu.org \
--cc=phodina@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.