guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#49898] [PATCH v2] gnu: Add spectre-meltdown-checker.

From: Leo Prikler
Subject: [bug#49898] [PATCH v2] gnu: Add spectre-meltdown-checker.
Date: Sat, 07 Aug 2021 11:50:02 +0200
User-agent: Evolution 3.34.2 
Hi,

Am Samstag, den 07.08.2021, 09:04 +0000 schrieb phodina:
> Thanks Leo for the suggestions!
> -------------------
> * gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
> 
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 4ca2a386e1..3529fa02e2 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -53,6 +53,7 @@
>  ;;; Copyright © 2020 pukkamustard <pukkamustard@posteo.net>
>  ;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
>  ;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru>
> +;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -148,6 +149,7 @@
>    #:use-module (guix build-system cmake)
>    #:use-module (guix build-system gnu)
>    #:use-module (guix build-system go)
> +  #:use-module (guix build-system copy)
>    #:use-module (guix build-system meson)
>    #:use-module (guix build-system python)
>    #:use-module (guix build-system trivial)
> @@ -7191,6 +7193,32 @@ interfaces in parallel environments.")
>      (supported-systems '("i686-linux" "x86_64-linux"))
>      (license (list license:bsd-2 license:gpl2)))) ;dual
> 
> +(define-public spectre-meltdown-checker
> +(package
> +  (name "spectre-meltdown-checker")
> +  (version "0.44")
> +  (source (origin
> +            (method git-fetch)
> +            (uri (git-reference
> +                  (url "
> https://github.com/speed47/spectre-meltdown-checker";)
> +                  (commit (string-append "v" version))))
> +            (file-name (git-file-name name version))
> +            (sha256
> +             (base32
> +              "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"
> ))))
> +  (build-system copy-build-system)
> +  (arguments
> +   `(#:install-plan '(("spectre-meltdown-checker.sh"
> +                       "bin/spectre-meltdown-checker.sh"))))
> +  (inputs `(("util-linux" ,util-linux)
> +            ("binutils" ,binutils)))
We typically sort inputs alphabetically.
> +  (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> checker")
> +  (description "A shell script to assess your system's resilience
> against
> +the several transient execution CVEs that were published since early
> 2018,
> +and give you guidance as to how to mitigate them.")
> +  (home-page "https://github.com/speed47/spectre-meltdown-checker";)
> +  (license license:gpl3)))
This looks better, but after running the checker in a few
configurations (it doesn't appear to make a difference whether with or
without root, but judging from the papers some attacks would require
sudo) I've noticed that commands are insufficiently hardcoded.  
For instance, the check for Spectre Variant 1 requires perl, which is
not available and the line stating so is hidden well among a large wall
of output.
Likewise, I don't think simply including binutils does anything, you'll
have to patch those in as well if you want them.

Regards,
reply via email to
[Prev in Thread] Current Thread [Next in Thread]