[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#49898] [PATCH v5] gnu: Add spectre-meltdown-checker.
From: |
phodina |
Subject: |
[bug#49898] [PATCH v5] gnu: Add spectre-meltdown-checker. |
Date: |
Tue, 07 Dec 2021 22:04:31 +0000 |
Hi Liliana,
> Hi Petr,
>
> Am Samstag, den 18.09.2021, 15:25 +0000 schrieb phodina:
>
> > [...]
>
> > - (add-after 'unpack 'fix-relative-locations
> >
> >
> > - (lambda* (#:key outputs #:allow-other-keys)
> >
> >
> > - (let ((icoreutils (assoc-ref %build-inputs
> >
> >
> >
> > "coreutils"))
> >
> > - (igrep (assoc-ref %build-inputs "grep"))
> >
> >
> > - (iutil-linux (assoc-ref %build-inputs "util-
> >
> >
> >
> > linux"))
> >
> > - (iutil-linux-with-udev
> >
> >
> > - (assoc-ref %build-inputs "util-linux-with-
> >
> >
> >
> > udev"))
> >
> > - (igawk (assoc-ref %build-inputs "gawk"))
> >
> >
> > - (igzip (assoc-ref %build-inputs "gzip"))
> >
> >
> > - (iunzip (assoc-ref %build-inputs "unzip"))
> >
> >
> > - (ilzop (assoc-ref %build-inputs "lzop"))
> >
> >
> > - (iperl (assoc-ref %build-inputs "perl"))
> >
> >
> > - (iprocps (assoc-ref %build-inputs "procps"))
> >
> >
> > - (isqlite (assoc-ref %build-inputs "sqlite"))
> >
> >
> > - (iwget (assoc-ref %build-inputs "wget"))
> >
> >
> > - (iwhich (assoc-ref %build-inputs "which"))
> >
> >
> > - (ixz (assoc-ref %build-inputs "xz"))
> >
> >
> > - (izstd (assoc-ref %build-inputs "zstd")))
> >
> >
>
> I don't think Hungarian notation is very helpful here.
>
> > - (substitute* "spectre-meltdown-checker.sh"
> >
> >
> > - ; TODO: Find regexp what will work
> >
> >
> > - ;(("echo") (string-append icoreutils "/bin/echo"))
> >
> >
> > - ;(("printf") (string-append icoreutils
> >
> >
> >
> > "/bin/printf"))
>
> There are multiple ways of handling this, but I thing the best one
>
> would be to substitute both `command -v printf' and` which echo' with
>
> the path to false, then match the line
>
> [ -z "$echo_cmd" ] && echo_cmd='echo'
>
> and instead put there
>
> echo_cmd_type='printf'
>
> echo_cmd=(path-to "/bin/printf")
>
> > - (("dirname") (string-append icoreutils
> >
> >
> >
> > "/bin/dirname"))
> >
> > - (("cat") (string-append icoreutils "/bin/cat"))
> >
> >
> > - (("grep[ ]+") (string-append igrep "/bin/grep "))
> >
> >
> > - (("cut") (string-append icoreutils "/bin/cut"))
> >
> >
> > - (("mktemp") (string-append icoreutils
> >
> >
> >
> > "/bin/mktemp"))
> >
> > - (("stat[ ]+") (string-append icoreutils "/bin/stat
> >
> >
> >
> > " ))
> >
> > - (("tail[ ]+") (string-append icoreutils "/bin/tail
> >
> >
> >
> > " ))
> >
> > - (("head[ ]+") (string-append icoreutils "/bin/head
> >
> >
> >
> > " ))
> >
> > - (("mount[ ]+") "/run/setuid-programs/mount ")
> >
> >
> > - (("modprobe") (string-append iutil-linux
> >
> >
> >
> > "/bin/modprobe"))
> >
> > - (("dd") (string-append icoreutils "/bin/dd"))
> >
> >
> > - (("dmesg[ ]+") (string-append iutil-linux-with-udev
> >
> >
> >
> > "/bin/dmesg "))
> >
> > - (("awk") (string-append igawk "/bin/awk"))
> >
> >
> > - (("gzip") (string-append igzip "/bin/gzip"))
> >
> >
> > - (("unzip") (string-append iunzip "/bin/unzip"))
> >
> >
> > - (("lzop") (string-append ilzop "/bin/lzop"))
> >
> >
> > - (("perl") (string-append iperl "/bin/perl"))
> >
> >
> > - (("ps[ ]+") (string-append iprocps "/bin/ps "))
> >
> >
> > - (("sqlite3") (string-append isqlite
> >
> >
> >
> > "/bin/sqlite3"))
> >
> > - (("wget") (string-append iwget "/bin/wget"))
> >
> >
> > - (("which") (string-append iwhich "/bin/which"))
> >
> >
> > - (("xz") (string-append ixz "/bin/xz"))
> >
> >
> > - (("zstd") (string-append izstd "/bin/zstd")))))))))
> >
> >
>
> Group those that need spaces and those that don't together, with an
>
> explanation as to why those two groups exist.
>
> > - (inputs `(("binutils" ,binutils)
> > - ("coreutils",coreutils)
> >
> >
> > - ("gawk" ,gawk)
> >
> >
> > - ("grep" ,grep)
> >
> >
> > - ("gzip" ,gzip)
> >
> >
> > - ("unzip" ,unzip)
> >
> >
> > - ("lzop" ,lzop)
> >
> >
> > - ("perl" ,perl)
> >
> >
> > - ("procps" ,procps)
> >
> >
> > - ("sqlite" ,sqlite)
> >
> >
> > - ("util-linux" ,util-linux)
> >
> >
> > - ("util-linux-with-udev" ,util-linux+udev)
> >
> >
>
> Why both?
>
> > - ("wget" ,wget)
> >
> >
> > - ("which" ,which)
> >
> >
> > - ("xz" ,xz)
> >
> >
> > - ("zstd" ,zstd)))
> >
> >
> > - (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> >
> > checker")
> > - (description "A shell script to assess your system's resilience
> >
> > against
> >
> > +the several transient execution CVEs that were published since early
> >
> > 2018,
> >
> > +and give you guidance as to how to mitigate them.")
> > - (home-page "https://github.com/speed47/spectre-meltdown-checker"
> >
> > )
> > - (license license:gpl3)))
> >
> > (define-public snapscreenshot
> >
> > (package
> >
> > (name "snapscreenshot")
> > ----------------------------------------------------------------
> >
> > 2.32.0
I've used the wrap-program as an alternative to the your suggested solution.
Going through the program there is a function update_fwdb [1] that downloads
and updates database files when the script is executed with the --update-fwdb
argument.
I've added both files [2][3] in question to the lists of inputs.
However, since they are supposed to be updated at runtime (stored in $HOME) I
don't know to represent this in the package definition.
Could you please suggest how to proceed?
----
Petr
[1]
https://github.com/speed47/spectre-meltdown-checker/blob/master/spectre-meltdown-checker.sh#L838
[2] https://github.com/platomav/MCExtractor/raw/master/MCE.db
[3]
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip
v5-0001-gnu-Add-spectre-meltdown-checker.patch
Description: Text Data
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug#49898] [PATCH v5] gnu: Add spectre-meltdown-checker.,
phodina <=