[PATCH] gnu: spectre-meltdown-checker: Update to 0.46.

  • Done
  • quality assurance status badge
Details
2 participants
  • Hilton Chain
  • Ludovic Courtès
Owner
unassigned
Submitted by
Hilton Chain
Severity
normal
H
H
Hilton Chain wrote on 27 Jul 2023 09:12
(address . guix-patches@gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
d95c0f656e1a74e5f4bd811efc7c56cb5b049341.1690441926.git.hako@ultrarare.space
* gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
patch.
* gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
[arguments]<#:phases>: Correct bunzip2, substitute lzop and mktemp.
---
gnu/local.mk | 1 -
gnu/packages/linux.scm | 13 +--
...re-meltdown-checker-externalize-fwdb.patch | 109 +++++++++++++++---
...spectre-meltdown-checker-find-kernel.patch | 26 -----
4 files changed, 96 insertions(+), 53 deletions(-)
delete mode 100644 gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch

Toggle diff (299 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index ae2f3dd49f..85522d8b58 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1951,7 +1951,6 @@ dist_patch_DATA = \
%D%/packages/patches/source-highlight-gcc-compat.patch \
%D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
- %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
%D%/packages/patches/sssd-system-directories.patch \
%D%/packages/patches/steghide-fixes.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 250e26cf09..379b8e6b63 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10314,7 +10314,7 @@ (define-public edac-utils
(define-public spectre-meltdown-checker
(package
(name "spectre-meltdown-checker")
- (version "0.45")
+ (version "0.46")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -10323,15 +10323,14 @@ (define-public spectre-meltdown-checker
(file-name (git-file-name name version))
(patches
(search-patches
- "spectre-meltdown-checker-externalize-fwdb.patch"
- "spectre-meltdown-checker-find-kernel.patch"))
+ "spectre-meltdown-checker-externalize-fwdb.patch"))
;; Remove builtin firmware database.
(modules '((guix build utils)))
(snippet '(substitute* "spectre-meltdown-checker.sh"
(("^# [AI],.*") "")))
(sha256
(base32
- "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+ "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k"))))
(build-system copy-build-system)
(arguments
(list
@@ -10350,11 +10349,11 @@ (define-public spectre-meltdown-checker
(find-command inputs cmd))
;; Commands safe to substitute directly.
- (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd)
+ (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd)
+ (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(unxz|unzstd|uuencode)\\>" all cmd)
+ (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd)
(find-command inputs cmd))
;; Commands which should only be substituted based on their
diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
index cce70b880f..35673ceb91 100644
--- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
+++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
@@ -1,27 +1,28 @@
-From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001
+From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001
From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 12 Nov 2022 22:45:24 +0800
+Date: Thu, 27 Jul 2023 14:45:14 +0800
Subject: [PATCH] Replace fwdb downloader with a local file option.
Also warn about non-free software.
---
- spectre-meltdown-checker.sh | 180 +++---------------------------------
- 1 file changed, 15 insertions(+), 165 deletions(-)
+ spectre-meltdown-checker.sh | 253 +++---------------------------------
+ 1 file changed, 17 insertions(+), 236 deletions(-)
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 30f760c..ce46970 100755
+index e7b6b33..33bdf71 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
-@@ -22,8 +22,6 @@ exit_cleanup()
+@@ -23,9 +23,6 @@ exit_cleanup()
[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
[ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
[ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
- [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
- [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp"
+- [ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp"
[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
[ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null
[ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null
-@@ -93,9 +91,9 @@ show_usage()
+@@ -97,9 +94,9 @@ show_usage()
--vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto
--allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
--cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
@@ -34,10 +35,33 @@ index 30f760c..ce46970 100755
--dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script
Return codes:
-@@ -837,147 +833,6 @@ show_header()
+@@ -858,217 +855,6 @@ show_header()
_info
}
+-# Family-Model-Stepping to CPUID
+-# prints CPUID in base-10 to stdout
+-fms2cpuid()
+-{
+- _family="$1"
+- _model="$2"
+- _stepping="$3"
+-
+- if [ "$(( _family ))" -le 15 ]; then
+- _extfamily=0
+- _lowfamily=$(( _family ))
+- else
+- # when we have a family > 0xF, then lowfamily is stuck at 0xF
+- # and extfamily is ADDED to it (as in "+"), to ensure old software
+- # never sees a lowfamily < 0xF for newer families
+- _lowfamily=15
+- _extfamily=$(( (_family) - 15 ))
+- fi
+- _extmodel=$(( (_model & 0xF0 ) >> 4 ))
+- _lowmodel=$(( (_model & 0x0F ) >> 0 ))
+- echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
+-}
+-
-[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
-mcedb_cache="$HOME/.mcedb"
-update_fwdb()
@@ -97,13 +121,15 @@ index 30f760c..ce46970 100755
- echo ERROR "please install the \`sqlite3\` program"
- return 1
- fi
-- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
+- mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"")
- if [ -z "$mcedb_revision" ]; then
- echo ERROR "downloaded file seems invalid"
- return 1
- fi
-- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
-- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
+- sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'"
-
- echo OK "MCExtractor database revision $mcedb_revision"
-
@@ -141,7 +167,7 @@ index 30f760c..ce46970 100755
- _version=$(echo "$_line" | awk '{print $8}')
- _version=$(( _version ))
- _version=$(printf "0x%08X" "$_version")
-- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
- sqlite3 "$mcedb_tmp" "$_sqlstm"
- done
- _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
@@ -150,10 +176,52 @@ index 30f760c..ce46970 100755
- _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
- else
- echo "Falling back to the latest microcode date"
-- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
+- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;")
- fi
- echo DONE "(version $_intel_latest_date)"
-
+- # now parse the most recent linux-firmware amd-ucode README file
+- _info_nol "Fetching latest amd-ucode README from linux-firmware project... "
+- linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+- linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
+- if command -v wget >/dev/null 2>&1; then
+- wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
+- elif command -v curl >/dev/null 2>&1; then
+- curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- elif command -v fetch >/dev/null 2>&1; then
+- fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- else
+- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
+- return 1
+- fi
+- if [ "$ret" != 0 ]; then
+- echo ERROR "error $ret while downloading linux-firmware README"
+- return $ret
+- fi
+- echo DONE
+-
+- _info_nol "Parsing the README... "
+- nbfound=0
+- for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do
+- _debug "Parsing line $line"
+- _family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2)
+- _model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2)
+- _stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$(printf "0x%08X" "$(( _version ))")
+- _cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping")
+- _cpuid=$(printf "0x%08X" "$_cpuid")
+- _date="20000101"
+- _sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _debug "family $_family model $_model stepping $_stepping cpuid $_cpuid"
+- _debug "$_sqlstm"
+- sqlite3 "$mcedb_tmp" "$_sqlstm"
+- nbfound=$((nbfound + 1))
+- unset _family _model _stepping _version _cpuid _date _sqlstm
+- done
+- echo "found $nbfound microcodes"
+- unset nbfound
+-
- dbversion="$mcedb_revision+i$_intel_latest_date"
-
- if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
@@ -165,8 +233,11 @@ index 30f760c..ce46970 100755
- {
- echo "# Spectre & Meltdown Checker";
- echo "# %%% MCEDB v$dbversion";
-- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
-- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
+- # ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw
+- sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);"
+- # we'll use the more recent fw for Intel and AMD
+- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
+- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
- } > "$mcedb_cache"
- echo DONE "(version $dbversion)"
-
@@ -182,7 +253,7 @@ index 30f760c..ce46970 100755
parse_opt_file()
{
# parse_opt_file option_name option_value
-@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do
+@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do
# deprecated, kept for compatibility
opt_explain=0
shift
@@ -204,7 +275,7 @@ index 30f760c..ce46970 100755
elif [ "$1" = "--dump-mock-data" ]; then
opt_mock=1
shift
-@@ -2033,21 +1891,11 @@ is_xen_domU()
+@@ -2192,21 +1981,11 @@ is_xen_domU()
fi
}
@@ -228,7 +299,7 @@ index 30f760c..ce46970 100755
fi
read_mcedb()
{
-@@ -2063,7 +1911,9 @@ is_latest_known_ucode()
+@@ -2222,7 +2001,9 @@ is_latest_known_ucode()
return 2
fi
ucode_latest="latest microcode version for your CPU model is unknown"
@@ -240,5 +311,5 @@ index 30f760c..ce46970 100755
elif is_amd; then
cpu_brand_prefix=A
--
-2.38.1
+2.41.0
diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
deleted file mode 100644
index c0e24d8eed..0000000000
--- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001
-From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 5 Nov 2022 23:22:31 +0800
-Subject: [PATCH] Locate the kernel bzimage used by Guix System
-
----
- spectre-meltdown-checker.sh | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 248a444..855a090 100755
---- a/spectre-meltdown-checker.sh
-+++ b/spectre-meltdown-checker.sh
-@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
- [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
- # NixOS:
- [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel"
-+ # Guix System:
-+ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage"
- # systemd kernel-install:
- [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux"
- # Clear Linux:
-
-base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
---
-2.38.0

base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47
--
2.41.0
H
H
Hilton Chain wrote on 30 Sep 2023 07:28
[PATCH v2] gnu: spectre-meltdown-checker: Update to 0.46.
(address . 64889@debbugs.gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)
785a2c1ebe3d2cce11a459b93b95b2c5cb5e8072.1696051526.git.hako@ultrarare.space
* gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
patch.
* gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
[#:phases]<fixpath>: Correct name for bunzip2.
Substitute lzop and mktemp as well.
---

V1 -> V2: Rebase.

gnu/local.mk | 1 -
gnu/packages/linux.scm | 13 +--
...re-meltdown-checker-externalize-fwdb.patch | 109 +++++++++++++++---
...spectre-meltdown-checker-find-kernel.patch | 26 -----
4 files changed, 96 insertions(+), 53 deletions(-)
delete mode 100644 gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch

Toggle diff (299 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 7c208b9c0d..00cd446a9e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1985,7 +1985,6 @@ dist_patch_DATA = \
%D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
%D%/packages/patches/spdlog-fix-tests.patch \
- %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
%D%/packages/patches/sssd-system-directories.patch \
%D%/packages/patches/steghide-fixes.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index c6fceaf81c..abfe780b7b 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10316,7 +10316,7 @@ (define-public edac-utils
(define-public spectre-meltdown-checker
(package
(name "spectre-meltdown-checker")
- (version "0.45")
+ (version "0.46")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -10325,15 +10325,14 @@ (define-public spectre-meltdown-checker
(file-name (git-file-name name version))
(patches
(search-patches
- "spectre-meltdown-checker-externalize-fwdb.patch"
- "spectre-meltdown-checker-find-kernel.patch"))
+ "spectre-meltdown-checker-externalize-fwdb.patch"))
;; Remove builtin firmware database.
(modules '((guix build utils)))
(snippet '(substitute* "spectre-meltdown-checker.sh"
(("^# [AI],.*") "")))
(sha256
(base32
- "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+ "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k"))))
(build-system copy-build-system)
(arguments
(list
@@ -10352,11 +10351,11 @@ (define-public spectre-meltdown-checker
(find-command inputs cmd))
;; Commands safe to substitute directly.
- (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd)
+ (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd)
+ (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(unxz|unzstd|uuencode)\\>" all cmd)
+ (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd)
(find-command inputs cmd))
;; Commands which should only be substituted based on their
diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
index cce70b880f..35673ceb91 100644
--- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
+++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
@@ -1,27 +1,28 @@
-From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001
+From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001
From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 12 Nov 2022 22:45:24 +0800
+Date: Thu, 27 Jul 2023 14:45:14 +0800
Subject: [PATCH] Replace fwdb downloader with a local file option.
Also warn about non-free software.
---
- spectre-meltdown-checker.sh | 180 +++---------------------------------
- 1 file changed, 15 insertions(+), 165 deletions(-)
+ spectre-meltdown-checker.sh | 253 +++---------------------------------
+ 1 file changed, 17 insertions(+), 236 deletions(-)
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 30f760c..ce46970 100755
+index e7b6b33..33bdf71 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
-@@ -22,8 +22,6 @@ exit_cleanup()
+@@ -23,9 +23,6 @@ exit_cleanup()
[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
[ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
[ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
- [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
- [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp"
+- [ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp"
[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
[ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null
[ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null
-@@ -93,9 +91,9 @@ show_usage()
+@@ -97,9 +94,9 @@ show_usage()
--vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto
--allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
--cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
@@ -34,10 +35,33 @@ index 30f760c..ce46970 100755
--dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script
Return codes:
-@@ -837,147 +833,6 @@ show_header()
+@@ -858,217 +855,6 @@ show_header()
_info
}
+-# Family-Model-Stepping to CPUID
+-# prints CPUID in base-10 to stdout
+-fms2cpuid()
+-{
+- _family="$1"
+- _model="$2"
+- _stepping="$3"
+-
+- if [ "$(( _family ))" -le 15 ]; then
+- _extfamily=0
+- _lowfamily=$(( _family ))
+- else
+- # when we have a family > 0xF, then lowfamily is stuck at 0xF
+- # and extfamily is ADDED to it (as in "+"), to ensure old software
+- # never sees a lowfamily < 0xF for newer families
+- _lowfamily=15
+- _extfamily=$(( (_family) - 15 ))
+- fi
+- _extmodel=$(( (_model & 0xF0 ) >> 4 ))
+- _lowmodel=$(( (_model & 0x0F ) >> 0 ))
+- echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
+-}
+-
-[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
-mcedb_cache="$HOME/.mcedb"
-update_fwdb()
@@ -97,13 +121,15 @@ index 30f760c..ce46970 100755
- echo ERROR "please install the \`sqlite3\` program"
- return 1
- fi
-- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
+- mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"")
- if [ -z "$mcedb_revision" ]; then
- echo ERROR "downloaded file seems invalid"
- return 1
- fi
-- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
-- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
+- sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'"
-
- echo OK "MCExtractor database revision $mcedb_revision"
-
@@ -141,7 +167,7 @@ index 30f760c..ce46970 100755
- _version=$(echo "$_line" | awk '{print $8}')
- _version=$(( _version ))
- _version=$(printf "0x%08X" "$_version")
-- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
- sqlite3 "$mcedb_tmp" "$_sqlstm"
- done
- _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
@@ -150,10 +176,52 @@ index 30f760c..ce46970 100755
- _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
- else
- echo "Falling back to the latest microcode date"
-- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
+- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;")
- fi
- echo DONE "(version $_intel_latest_date)"
-
+- # now parse the most recent linux-firmware amd-ucode README file
+- _info_nol "Fetching latest amd-ucode README from linux-firmware project... "
+- linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+- linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
+- if command -v wget >/dev/null 2>&1; then
+- wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
+- elif command -v curl >/dev/null 2>&1; then
+- curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- elif command -v fetch >/dev/null 2>&1; then
+- fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- else
+- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
+- return 1
+- fi
+- if [ "$ret" != 0 ]; then
+- echo ERROR "error $ret while downloading linux-firmware README"
+- return $ret
+- fi
+- echo DONE
+-
+- _info_nol "Parsing the README... "
+- nbfound=0
+- for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do
+- _debug "Parsing line $line"
+- _family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2)
+- _model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2)
+- _stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$(printf "0x%08X" "$(( _version ))")
+- _cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping")
+- _cpuid=$(printf "0x%08X" "$_cpuid")
+- _date="20000101"
+- _sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _debug "family $_family model $_model stepping $_stepping cpuid $_cpuid"
+- _debug "$_sqlstm"
+- sqlite3 "$mcedb_tmp" "$_sqlstm"
+- nbfound=$((nbfound + 1))
+- unset _family _model _stepping _version _cpuid _date _sqlstm
+- done
+- echo "found $nbfound microcodes"
+- unset nbfound
+-
- dbversion="$mcedb_revision+i$_intel_latest_date"
-
- if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
@@ -165,8 +233,11 @@ index 30f760c..ce46970 100755
- {
- echo "# Spectre & Meltdown Checker";
- echo "# %%% MCEDB v$dbversion";
-- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
-- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
+- # ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw
+- sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);"
+- # we'll use the more recent fw for Intel and AMD
+- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
+- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
- } > "$mcedb_cache"
- echo DONE "(version $dbversion)"
-
@@ -182,7 +253,7 @@ index 30f760c..ce46970 100755
parse_opt_file()
{
# parse_opt_file option_name option_value
-@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do
+@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do
# deprecated, kept for compatibility
opt_explain=0
shift
@@ -204,7 +275,7 @@ index 30f760c..ce46970 100755
elif [ "$1" = "--dump-mock-data" ]; then
opt_mock=1
shift
-@@ -2033,21 +1891,11 @@ is_xen_domU()
+@@ -2192,21 +1981,11 @@ is_xen_domU()
fi
}
@@ -228,7 +299,7 @@ index 30f760c..ce46970 100755
fi
read_mcedb()
{
-@@ -2063,7 +1911,9 @@ is_latest_known_ucode()
+@@ -2222,7 +2001,9 @@ is_latest_known_ucode()
return 2
fi
ucode_latest="latest microcode version for your CPU model is unknown"
@@ -240,5 +311,5 @@ index 30f760c..ce46970 100755
elif is_amd; then
cpu_brand_prefix=A
--
-2.38.1
+2.41.0
diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
deleted file mode 100644
index c0e24d8eed..0000000000
--- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001
-From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 5 Nov 2022 23:22:31 +0800
-Subject: [PATCH] Locate the kernel bzimage used by Guix System
-
----
- spectre-meltdown-checker.sh | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 248a444..855a090 100755
---- a/spectre-meltdown-checker.sh
-+++ b/spectre-meltdown-checker.sh
-@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
- [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
- # NixOS:
- [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel"
-+ # Guix System:
-+ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage"
- # systemd kernel-install:
- [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux"
- # Clear Linux:
-
-base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
---
-2.38.0

base-commit: b268842ec4808f5030f3bda95f52ff39dd88e3ad
--
2.41.0
L
L
Ludovic Courtès wrote on 2 Oct 2023 17:09
Re: bug#64889: [PATCH] gnu: spectre-meltdown-checker: Update to 0.46.
(name . Hilton Chain)(address . hako@ultrarare.space)
87y1glgixr.fsf_-_@gnu.org
Hi,

Hilton Chain <hako@ultrarare.space> skribis:

Toggle quote (8 lines)
> * gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
> patch.
> * gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
> * gnu/local.mk (dist_patch_DATA): Remove it.
> * gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
> [#:phases]<fixpath>: Correct name for bunzip2.
> Substitute lzop and mktemp as well.

LGTM!

Ludo’.
H
H
Hilton Chain wrote on 3 Oct 2023 14:58
Close: bug#64889: [PATCH] gnu: spectre-meltdown-checker: Update to 0.46.
(name . Ludovic Courtès)(address . ludo@gnu.org)
87fs2rhnhh.wl-hako@ultrarare.space
Hi Ludo,

On Mon, 02 Oct 2023 23:09:20 +0800,
Ludovic Courtès wrote:
Toggle quote (16 lines)
>
> Hi,
>
> Hilton Chain <hako@ultrarare.space> skribis:
>
> > * gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
> > patch.
> > * gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
> > * gnu/local.mk (dist_patch_DATA): Remove it.
> > * gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
> > [#:phases]<fixpath>: Correct name for bunzip2.
> > Substitute lzop and mktemp as well.
>
> LGTM!


Thank you! Pushed this as 99a46ecb2647148f64da3c7e4bd6bfee3b89cdd4.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 64889@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 64889
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch