GNU bug report logs - #49898
[PATCH] gnu: Add spectre-meltdown-checker.

Previous Next

Package: guix-patches;

Reported by: phodina <phodina <at> protonmail.com>

Date: Thu, 5 Aug 2021 17:02:01 UTC

Severity: normal

Tags: moreinfo, patch

Merged with 59053

Done: Liliana Marie Prikler <liliana.prikler <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 49898 <at> debbugs.gnu.org (full text, mbox):

From: phodina <phodina <at> protonmail.com>
To: 49898 <at> debbugs.gnu.org
Cc: Leo Prikler <leo.prikler <at> student.tugraz.at>
Subject: [PATCH v3] gnu: Add spectre-meltdown-checker.
Date: Sun, 08 Aug 2021 11:05:49 +0000

>
> This looks better, but after running the checker in a few
>
> configurations (it doesn't appear to make a difference whether with or
>
> without root, but judging from the papers some attacks would require
>
> sudo) I've noticed that commands are insufficiently hardcoded.
>
> For instance, the check for Spectre Variant 1 requires perl, which is
>
> not available and the line stating so is hidden well among a large wall
>
> of output.
>
> Likewise, I don't think simply including binutils does anything, you'll
>
> have to patch those in as well if you want them.
>
> Regards,

Yes, it's unfortunately well hidden and there seems to be a mix of tools also
available only for BSD. I wanted to run it in pure environment and with =-e=
but there are many condtitions that exit at once.

So I went throught the whole script and listed the commands.
Not sure regarding the admin priviledges. I'll create issue on the upstream
regarding the requirements. The Dockerfile gives some hints but it's not exhaustive.

Kind regards,
Petr

-----------------------------------------------------

* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4ca2a386e1..24f7d43b33 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -53,6 +53,7 @@
 ;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
 ;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
 ;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
+;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -137,6 +138,7 @@
   #:use-module (gnu packages video)
   #:use-module (gnu packages vulkan)
   #:use-module (gnu packages web)
+  #:use-module (gnu packages wget)
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xdisorg)
@@ -148,6 +150,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system go)
+  #:use-module (guix build-system copy)
   #:use-module (guix build-system meson)
   #:use-module (guix build-system python)
   #:use-module (guix build-system trivial)
@@ -7191,6 +7194,44 @@ interfaces in parallel environments.")
     (supported-systems '("i686-linux" "x86_64-linux"))
     (license (list license:bsd-2 license:gpl2)))) ;dual

+(define-public spectre-meltdown-checker
+(package
+  (name "spectre-meltdown-checker")
+  (version "0.44")
+  (source (origin
+            (method git-fetch)
+            (uri (git-reference
+                  (url "https://github.com/speed47/spectre-meltdown-checker")
+                  (commit (string-append "v" version))))
+            (file-name (git-file-name name version))
+            (sha256
+             (base32
+              "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"))))
+  (build-system copy-build-system)
+  (arguments
+   `(#:install-plan '(("spectre-meltdown-checker.sh"
+                       "bin/spectre-meltdown-checker.sh"))))
+   (inputs `(("binutils" ,binutils)
+             ("coreutils",coreutils)
+             ("gawk" ,gawk)
+             ("gzip" ,gzip)
+             ("lzop" ,lzop)
+             ("perl" ,perl)
+             ("procps" ,procps)
+             ("sqlite" ,sqlite)
+             ("util-linux" ,util-linux)
+             ("util-linux-with-udev" ,util-linux+udev)
+             ("wget" ,wget)
+             ("which" ,which)
+             ("xz" ,xz)
+             ("zstd" ,zstd)))
+  (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+  (description "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+  (home-page "https://github.com/speed47/spectre-meltdown-checker")
+  (license license:gpl3)))
+
 (define-public snapscreenshot
   (package
     (name "snapscreenshot")
--
2.32.0
This bug report was last modified 2 years and 242 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.