From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 18 11:26:07 2021 Received: (at 49898) by debbugs.gnu.org; 18 Sep 2021 15:26:07 +0000 Received: from localhost ([127.0.0.1]:36466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mRcEA-00032z-GT for submit@debbugs.gnu.org; Sat, 18 Sep 2021 11:26:07 -0400 Received: from mail-4323.protonmail.ch ([185.70.43.23]:25748) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mRcE0-00032M-Dd for 49898@debbugs.gnu.org; Sat, 18 Sep 2021 11:26:05 -0400 Date: Sat, 18 Sep 2021 15:25:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1631978749; bh=0Zh/NoeyOj+U0fqkWg0YeIwtu4VKCG4lmfs89P24Nfo=; h=Date:To:From:Cc:Reply-To:Subject:From; b=MaIa3Na/FI1bN8h22HqsIMgQEl4ZRdgcuRkaSqtySBVjqtE2dS/cSRUowuD3GFIEO bor//uB1kDxhHn3JoPwQBBZRFVhed2yO6oBd3+VioEEh9iB6TIybKh+c5ZgY5Q3ZT3 sRJ+9LfR9nVa+XlDnGr9BM7xQ75qjZg3NMJj7pqg= To: Leo Prikler From: phodina Subject: [PATCH v4] gnu: Add spectre-meltdown-checker. Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Leo, I've substituted most of the commands. The only commands at the moment are echo and printf. I haven't found regexp that would work as they are text is also used for variables. Otherwise the rest of the commands should be covered. --88-- * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (phodina[at]protonmail.com) 0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.3 SPOOFED_FREEMAIL No description available. X-Debbugs-Envelope-To: 49898 Cc: 49898@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: phodina Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Leo, I've substituted most of the commands. The only commands at the moment are = echo and printf. I haven't found regexp that would work as they are text is= also used for variables. Otherwise the rest of the commands should be covered. --8<---------------cut here---------------start------------->8-- * gnu/packages/linux.scm (spectre-meltdown-checker): New variable. diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 46c9f817a8..905048a5be 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -53,6 +53,7 @@ ;;; Copyright =C2=A9 2020 pukkamustard ;;; Copyright =C2=A9 2021 B. Wilson ;;; Copyright =C2=A9 2021 Ivan Gankevich +;;; Copyright =C2=A9 2021 Petr Hodina ;;; ;;; This file is part of GNU Guix. ;;; @@ -138,6 +139,7 @@ #:use-module (gnu packages video) #:use-module (gnu packages vulkan) #:use-module (gnu packages web) + #:use-module (gnu packages wget) #:use-module (gnu packages xiph) #:use-module (gnu packages xml) #:use-module (gnu packages xdisorg) @@ -149,6 +151,7 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system go) + #:use-module (guix build-system copy) #:use-module (guix build-system meson) #:use-module (guix build-system python) #:use-module (guix build-system trivial) @@ -7372,6 +7375,93 @@ interfaces in parallel environments.") (supported-systems '("i686-linux" "x86_64-linux")) (license (list license:bsd-2 license:gpl2)))) ;dual +(define-public spectre-meltdown-checker + (package + (name "spectre-meltdown-checker") + (version "0.44") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/speed47/spectre-meltdown-chec= ker") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam")))) + (build-system copy-build-system) + (arguments + `(#:install-plan '(("spectre-meltdown-checker.sh" + "bin/spectre-meltdown-checker.sh")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-relative-locations + (lambda* (#:key outputs #:allow-other-keys) + (let ((icoreutils (assoc-ref %build-inputs "coreutils")) + (igrep (assoc-ref %build-inputs "grep")) + (iutil-linux (assoc-ref %build-inputs "util-linux")) + (iutil-linux-with-udev + (assoc-ref %build-inputs "util-linux-with-udev")) + (igawk (assoc-ref %build-inputs "gawk")) + (igzip (assoc-ref %build-inputs "gzip")) + (iunzip (assoc-ref %build-inputs "unzip")) + (ilzop (assoc-ref %build-inputs "lzop")) + (iperl (assoc-ref %build-inputs "perl")) + (iprocps (assoc-ref %build-inputs "procps")) + (isqlite (assoc-ref %build-inputs "sqlite")) + (iwget (assoc-ref %build-inputs "wget")) + (iwhich (assoc-ref %build-inputs "which")) + (ixz (assoc-ref %build-inputs "xz")) + (izstd (assoc-ref %build-inputs "zstd"))) + (substitute* "spectre-meltdown-checker.sh" + ; TODO: Find regexp what will work + ;(("echo") (string-append icoreutils "/bin/echo")) + ;(("printf") (string-append icoreutils "/bin/printf")) + (("dirname") (string-append icoreutils "/bin/dirname")) + (("cat") (string-append icoreutils "/bin/cat")) + (("grep[ ]+") (string-append igrep "/bin/grep ")) + (("cut") (string-append icoreutils "/bin/cut")) + (("mktemp") (string-append icoreutils "/bin/mktemp")) + (("stat[ ]+") (string-append icoreutils "/bin/stat " )) + (("tail[ ]+") (string-append icoreutils "/bin/tail " )) + (("head[ ]+") (string-append icoreutils "/bin/head " )) + (("mount[ ]+") "/run/setuid-programs/mount ") + (("modprobe") (string-append iutil-linux "/bin/modprobe")= ) + (("dd") (string-append icoreutils "/bin/dd")) + (("dmesg[ ]+") (string-append iutil-linux-with-udev "/bin= /dmesg ")) + (("awk") (string-append igawk "/bin/awk")) + (("gzip") (string-append igzip "/bin/gzip")) + (("unzip") (string-append iunzip "/bin/unzip")) + (("lzop") (string-append ilzop "/bin/lzop")) + (("perl") (string-append iperl "/bin/perl")) + (("ps[ ]+") (string-append iprocps "/bin/ps ")) + (("sqlite3") (string-append isqlite "/bin/sqlite3")) + (("wget") (string-append iwget "/bin/wget")) + (("which") (string-append iwhich "/bin/which")) + (("xz") (string-append ixz "/bin/xz")) + (("zstd") (string-append izstd "/bin/zstd"))))))))) + (inputs `(("binutils" ,binutils) + ("coreutils",coreutils) + ("gawk" ,gawk) + ("grep" ,grep) + ("gzip" ,gzip) + ("unzip" ,unzip) + ("lzop" ,lzop) + ("perl" ,perl) + ("procps" ,procps) + ("sqlite" ,sqlite) + ("util-linux" ,util-linux) + ("util-linux-with-udev" ,util-linux+udev) + ("wget" ,wget) + ("which" ,which) + ("xz" ,xz) + ("zstd" ,zstd))) + (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker") + (description "A shell script to assess your system's resilience agains= t +the several transient execution CVEs that were published since early 2018, +and give you guidance as to how to mitigate them.") + (home-page "https://github.com/speed47/spectre-meltdown-checker") + (license license:gpl3))) + (define-public snapscreenshot (package (name "snapscreenshot") -- 2.32.0