[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#49898] [PATCH v3] gnu: Add spectre-meltdown-checker.
|
From: |
phodina |
|
Subject: |
[bug#49898] [PATCH v3] gnu: Add spectre-meltdown-checker. |
|
Date: |
Sun, 08 Aug 2021 11:05:49 +0000 |
>
> This looks better, but after running the checker in a few
>
> configurations (it doesn't appear to make a difference whether with or
>
> without root, but judging from the papers some attacks would require
>
> sudo) I've noticed that commands are insufficiently hardcoded.
>
> For instance, the check for Spectre Variant 1 requires perl, which is
>
> not available and the line stating so is hidden well among a large wall
>
> of output.
>
> Likewise, I don't think simply including binutils does anything, you'll
>
> have to patch those in as well if you want them.
>
> Regards,
Yes, it's unfortunately well hidden and there seems to be a mix of tools also
available only for BSD. I wanted to run it in pure environment and with =-e=
but there are many condtitions that exit at once.
So I went throught the whole script and listed the commands.
Not sure regarding the admin priviledges. I'll create issue on the upstream
regarding the requirements. The Dockerfile gives some hints but it's not
exhaustive.
Kind regards,
Petr
-----------------------------------------------------
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4ca2a386e1..24f7d43b33 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -53,6 +53,7 @@
;;; Copyright © 2020 pukkamustard <pukkamustard@posteo.net>
;;; Copyright © 2021 B. Wilson <elaexuotee@wilsonb.com>
;;; Copyright © 2021 Ivan Gankevich <i.gankevich@spbu.ru>
+;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -137,6 +138,7 @@
#:use-module (gnu packages video)
#:use-module (gnu packages vulkan)
#:use-module (gnu packages web)
+ #:use-module (gnu packages wget)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xdisorg)
@@ -148,6 +150,7 @@
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -7191,6 +7194,44 @@ interfaces in parallel environments.")
(supported-systems '("i686-linux" "x86_64-linux"))
(license (list license:bsd-2 license:gpl2)))) ;dual
+(define-public spectre-meltdown-checker
+(package
+ (name "spectre-meltdown-checker")
+ (version "0.44")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker";)
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"))))
+ (build-system copy-build-system)
+ (arguments
+ `(#:install-plan '(("spectre-meltdown-checker.sh"
+ "bin/spectre-meltdown-checker.sh"))))
+ (inputs `(("binutils" ,binutils)
+ ("coreutils",coreutils)
+ ("gawk" ,gawk)
+ ("gzip" ,gzip)
+ ("lzop" ,lzop)
+ ("perl" ,perl)
+ ("procps" ,procps)
+ ("sqlite" ,sqlite)
+ ("util-linux" ,util-linux)
+ ("util-linux-with-udev" ,util-linux+udev)
+ ("wget" ,wget)
+ ("which" ,which)
+ ("xz" ,xz)
+ ("zstd" ,zstd)))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker";)
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.32.0