GNU bug report logs - #49898
[PATCH] gnu: Add spectre-meltdown-checker.

Previous Next

Package: guix-patches;

Reported by: phodina <phodina <at> protonmail.com>

Date: Thu, 5 Aug 2021 17:02:01 UTC

Severity: normal

Tags: moreinfo, patch

Merged with 59053

Done: Liliana Marie Prikler <liliana.prikler <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Prikler <leo.prikler <at> student.tugraz.at>
To: phodina <phodina <at> protonmail.com>, 49898 <at> debbugs.gnu.org
Subject: [bug#49898] [PATCH v2] gnu: Add spectre-meltdown-checker.
Date: Sat, 07 Aug 2021 11:50:02 +0200

Hi,

Am Samstag, den 07.08.2021, 09:04 +0000 schrieb phodina:
> Thanks Leo for the suggestions!
> -------------------
> * gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
> 
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 4ca2a386e1..3529fa02e2 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -53,6 +53,7 @@
>  ;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
>  ;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
>  ;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
> +;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -148,6 +149,7 @@
>    #:use-module (guix build-system cmake)
>    #:use-module (guix build-system gnu)
>    #:use-module (guix build-system go)
> +  #:use-module (guix build-system copy)
>    #:use-module (guix build-system meson)
>    #:use-module (guix build-system python)
>    #:use-module (guix build-system trivial)
> @@ -7191,6 +7193,32 @@ interfaces in parallel environments.")
>      (supported-systems '("i686-linux" "x86_64-linux"))
>      (license (list license:bsd-2 license:gpl2)))) ;dual
> 
> +(define-public spectre-meltdown-checker
> +(package
> +  (name "spectre-meltdown-checker")
> +  (version "0.44")
> +  (source (origin
> +            (method git-fetch)
> +            (uri (git-reference
> +                  (url "
> https://github.com/speed47/spectre-meltdown-checker")
> +                  (commit (string-append "v" version))))
> +            (file-name (git-file-name name version))
> +            (sha256
> +             (base32
> +              "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"
> ))))
> +  (build-system copy-build-system)
> +  (arguments
> +   `(#:install-plan '(("spectre-meltdown-checker.sh"
> +                       "bin/spectre-meltdown-checker.sh"))))
> +  (inputs `(("util-linux" ,util-linux)
> +            ("binutils" ,binutils)))
We typically sort inputs alphabetically.
> +  (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> checker")
> +  (description "A shell script to assess your system's resilience
> against
> +the several transient execution CVEs that were published since early
> 2018,
> +and give you guidance as to how to mitigate them.")
> +  (home-page "https://github.com/speed47/spectre-meltdown-checker")
> +  (license license:gpl3)))
This looks better, but after running the checker in a few
configurations (it doesn't appear to make a difference whether with or
without root, but judging from the papers some attacks would require
sudo) I've noticed that commands are insufficiently hardcoded.  
For instance, the check for Spectre Variant 1 requires perl, which is
not available and the line stating so is hidden well among a large wall
of output.
Likewise, I don't think simply including binutils does anything, you'll
have to patch those in as well if you want them.

Regards,
This bug report was last modified 2 years and 242 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.