From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id wEepHE8FRmHmwgAAgWs5BA (envelope-from ) for ; Sat, 18 Sep 2021 17:27:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id WJJrGE8FRmFCJgAA1q6Kng (envelope-from ) for ; Sat, 18 Sep 2021 15:27:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A3D7990F1 for ; Sat, 18 Sep 2021 17:27:10 +0200 (CEST) Received: from localhost ([::1]:54884 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mRcFB-0006fk-Q9 for larch@yhetil.org; Sat, 18 Sep 2021 11:27:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59666) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mRcF4-0006fb-8L for guix-patches@gnu.org; Sat, 18 Sep 2021 11:27:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:53153) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mRcF4-0005zL-1X for guix-patches@gnu.org; Sat, 18 Sep 2021 11:27:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mRcF3-00034B-Ql for guix-patches@gnu.org; Sat, 18 Sep 2021 11:27:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#49898] [PATCH v4] gnu: Add spectre-meltdown-checker. References: In-Reply-To: Resent-From: phodina Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 18 Sep 2021 15:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49898 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Prikler Cc: 49898@debbugs.gnu.org Received: via spool by 49898-submit@debbugs.gnu.org id=B49898.163197876711721 (code B ref 49898); Sat, 18 Sep 2021 15:27:01 +0000 Received: (at 49898) by debbugs.gnu.org; 18 Sep 2021 15:26:07 +0000 Received: from localhost ([127.0.0.1]:36466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mRcEA-00032z-GT for submit@debbugs.gnu.org; Sat, 18 Sep 2021 11:26:07 -0400 Received: from mail-4323.protonmail.ch ([185.70.43.23]:25748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mRcE0-00032M-Dd for 49898@debbugs.gnu.org; Sat, 18 Sep 2021 11:26:05 -0400 Date: Sat, 18 Sep 2021 15:25:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1631978749; bh=0Zh/NoeyOj+U0fqkWg0YeIwtu4VKCG4lmfs89P24Nfo=; h=Date:To:From:Cc:Reply-To:Subject:From; b=MaIa3Na/FI1bN8h22HqsIMgQEl4ZRdgcuRkaSqtySBVjqtE2dS/cSRUowuD3GFIEO bor//uB1kDxhHn3JoPwQBBZRFVhed2yO6oBd3+VioEEh9iB6TIybKh+c5ZgY5Q3ZT3 sRJ+9LfR9nVa+XlDnGr9BM7xQ75qjZg3NMJj7pqg= Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: phodina X-ACL-Warn: , phodina via Guix-patches From: phodina via Guix-patches via X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1631978830; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=0Zh/NoeyOj+U0fqkWg0YeIwtu4VKCG4lmfs89P24Nfo=; b=YiT5w6IL1qGODuiWQvxFo9ll6uzTjYpgHtKIPFTjDU0AeF01b8Lxzn5CM8iKr4SBqYgKld vyB2GzUW6igEKuQJHxmU04djBGx8rAvsz46s3vXGAf8699Pj0HSOv5gQKD4NzRabytOiXT LPr2rBXv971S/3vchomjhMSwyt9y7svv9vkcgtyXkbMB4LOYldeh5ZIDjOKH3hLsOw3/gI 8MctKTFogR2wcOVVfy875SpdSd1Rf5JWHKyiUeJmWKeOh/pfJigGEJxncqnlXetGcfCZGw JERnua5xlYPAzJ3VDOIhUdWaIISK8e4kxcIfeW9bhYaYE/U2TZrfnKkPQkX6nQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1631978830; a=rsa-sha256; cv=none; b=gX0F9Nt3R81hsSRrgJ9kRQzBtupxGiRMHcIW7U5WiFvjA1jBILXEB/2AUTTk+vfS8Oxdja 2sPekT0bDjEc9lbFOqJKUJ3FV2hBeTu0T82Wm+NoDbmngN2ACYny3JZogser8FkcMOsfNp Iq+bZxZNh7gnsd1vKu2U7ozW3ZD2oVaYKVplouN3pRKCIlKEtjgzjpzJIwjdB8F5oLfrGz I9GhPD2wXSVoCXgOLs0h3lQM4zkz2KKLLrgjaUpFGaVZyy2U+YacpSxHGIa9c/bv39j64M aZ7o6TagkvvK+5ilSaTqM8KssPIJK8wB5Nj31N3S9SZFX4cqcigFRiHXWGR8Og== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail header.b="MaIa3Na/"; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -1.39 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=protonmail.com header.s=protonmail header.b="MaIa3Na/"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: A3D7990F1 X-Spam-Score: -1.39 X-Migadu-Scanner: scn0.migadu.com X-TUID: 9ZCxFlL1qjtP Hi Leo, I've substituted most of the commands. The only commands at the moment are = echo and printf. I haven't found regexp that would work as they are text is= also used for variables. Otherwise the rest of the commands should be covered. --8<---------------cut here---------------start------------->8-- * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 46c9f817a8..905048a5be 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -53,6 +53,7 @@ ;;; Copyright =C2=A9 2020 pukkamustard ;;; Copyright =C2=A9 2021 B. Wilson ;;; Copyright =C2=A9 2021 Ivan Gankevich +;;; Copyright =C2=A9 2021 Petr Hodina ;;; ;;; This file is part of GNU Guix. ;;; @@ -138,6 +139,7 @@ #:use-module (gnu packages video) #:use-module (gnu packages vulkan) #:use-module (gnu packages web) + #:use-module (gnu packages wget) #:use-module (gnu packages xiph) #:use-module (gnu packages xml) #:use-module (gnu packages xdisorg) @@ -149,6 +151,7 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system go) + #:use-module (guix build-system copy) #:use-module (guix build-system meson) #:use-module (guix build-system python) #:use-module (guix build-system trivial) @@ -7372,6 +7375,93 @@ interfaces in parallel environments.") (supported-systems '("i686-linux" "x86_64-linux")) (license (list license:bsd-2 license:gpl2)))) ;dual +(define-public spectre-meltdown-checker + (package + (name "spectre-meltdown-checker") + (version "0.44") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-chec= ker") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam")))) + (build-system copy-build-system) + (arguments + `(#:install-plan '(("spectre-meltdown-checker.sh" + "bin/spectre-meltdown-checker.sh")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-relative-locations + (lambda* (#:key outputs #:allow-other-keys) + (let ((icoreutils (assoc-ref %build-inputs "coreutils")) + (igrep (assoc-ref %build-inputs "grep")) + (iutil-linux (assoc-ref %build-inputs "util-linux")) + (iutil-linux-with-udev + (assoc-ref %build-inputs "util-linux-with-udev")) + (igawk (assoc-ref %build-inputs "gawk")) + (igzip (assoc-ref %build-inputs "gzip")) + (iunzip (assoc-ref %build-inputs "unzip")) + (ilzop (assoc-ref %build-inputs "lzop")) + (iperl (assoc-ref %build-inputs "perl")) + (iprocps (assoc-ref %build-inputs "procps")) + (isqlite (assoc-ref %build-inputs "sqlite")) + (iwget (assoc-ref %build-inputs "wget")) + (iwhich (assoc-ref %build-inputs "which")) + (ixz (assoc-ref %build-inputs "xz")) + (izstd (assoc-ref %build-inputs "zstd"))) + (substitute* "spectre-meltdown-checker.sh" + ; TODO: Find regexp what will work + ;(("echo") (string-append icoreutils "/bin/echo")) + ;(("printf") (string-append icoreutils "/bin/printf")) + (("dirname") (string-append icoreutils "/bin/dirname")) + (("cat") (string-append icoreutils "/bin/cat")) + (("grep[ ]+") (string-append igrep "/bin/grep ")) + (("cut") (string-append icoreutils "/bin/cut")) + (("mktemp") (string-append icoreutils "/bin/mktemp")) + (("stat[ ]+") (string-append icoreutils "/bin/stat " )) + (("tail[ ]+") (string-append icoreutils "/bin/tail " )) + (("head[ ]+") (string-append icoreutils "/bin/head " )) + (("mount[ ]+") "/run/setuid-programs/mount ") + (("modprobe") (string-append iutil-linux "/bin/modprobe")= ) + (("dd") (string-append icoreutils "/bin/dd")) + (("dmesg[ ]+") (string-append iutil-linux-with-udev "/bin= /dmesg ")) + (("awk") (string-append igawk "/bin/awk")) + (("gzip") (string-append igzip "/bin/gzip")) + (("unzip") (string-append iunzip "/bin/unzip")) + (("lzop") (string-append ilzop "/bin/lzop")) + (("perl") (string-append iperl "/bin/perl")) + (("ps[ ]+") (string-append iprocps "/bin/ps ")) + (("sqlite3") (string-append isqlite "/bin/sqlite3")) + (("wget") (string-append iwget "/bin/wget")) + (("which") (string-append iwhich "/bin/which")) + (("xz") (string-append ixz "/bin/xz")) + (("zstd") (string-append izstd "/bin/zstd"))))))))) + (inputs `(("binutils" ,binutils) + ("coreutils",coreutils) + ("gawk" ,gawk) + ("grep" ,grep) + ("gzip" ,gzip) + ("unzip" ,unzip) + ("lzop" ,lzop) + ("perl" ,perl) + ("procps" ,procps) + ("sqlite" ,sqlite) + ("util-linux" ,util-linux) + ("util-linux-with-udev" ,util-linux+udev) + ("wget" ,wget) + ("which" ,which) + ("xz" ,xz) + ("zstd" ,zstd))) + (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker") + (description "A shell script to assess your system's resilience agains= t +the several transient execution CVEs that were published since early 2018, +and give you guidance as to how to mitigate them.") + (home-page "https://github.com/speed47/spectre-meltdown-checker") + (license license:gpl3))) + (define-public snapscreenshot (package (name "snapscreenshot") -- 2.32.0