summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorHilton Chain <hako@ultrarare.space>2023-07-27 14:42:59 +0800
committerHilton Chain <hako@ultrarare.space>2023-10-03 20:21:42 +0800
commit99a46ecb2647148f64da3c7e4bd6bfee3b89cdd4 (patch)
treef58a4040740125e11c21715cdd9b1a8411c92049 /gnu
parent5f81d31aa46a64fc0fb7c1074a5b37ca735245d5 (diff)
downloadguix-99a46ecb2647148f64da3c7e4bd6bfee3b89cdd4.tar.gz
gnu: spectre-meltdown-checker: Update to 0.46.
* gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
patch.
* gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
[#:phases]<fixpath>: Correct name for bunzip2.
Substitute lzop and mktemp as well.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/linux.scm13
-rw-r--r--gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch109
-rw-r--r--gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch26
4 files changed, 96 insertions, 53 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 07feef909e..512d147ef3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1984,7 +1984,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/softhsm-fix-openssl3-tests.patch		\
   %D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
   %D%/packages/patches/spdlog-fix-tests.patch			\
-  %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
   %D%/packages/patches/sphinxbase-fix-doxygen.patch		\
   %D%/packages/patches/sssd-system-directories.patch		\
   %D%/packages/patches/steghide-fixes.patch			\
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index a3f74cd253..b08eb102fe 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10349,7 +10349,7 @@ error detection and correction (EDAC).")
 (define-public spectre-meltdown-checker
   (package
     (name "spectre-meltdown-checker")
-    (version "0.45")
+    (version "0.46")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -10358,15 +10358,14 @@ error detection and correction (EDAC).")
               (file-name (git-file-name name version))
               (patches
                (search-patches
-                "spectre-meltdown-checker-externalize-fwdb.patch"
-                "spectre-meltdown-checker-find-kernel.patch"))
+                "spectre-meltdown-checker-externalize-fwdb.patch"))
               ;; Remove builtin firmware database.
               (modules '((guix build utils)))
               (snippet '(substitute* "spectre-meltdown-checker.sh"
                           (("^# [AI],.*") "")))
               (sha256
                (base32
-                "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+                "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k"))))
     (build-system copy-build-system)
     (arguments
      (list
@@ -10385,11 +10384,11 @@ error detection and correction (EDAC).")
                  (find-command inputs cmd))
 
                 ;; Commands safe to substitute directly.
-                (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd)
+                (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd)
                  (find-command inputs cmd))
-                (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd)
+                (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd)
                  (find-command inputs cmd))
-                (("\\<(unxz|unzstd|uuencode)\\>" all cmd)
+                (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd)
                  (find-command inputs cmd))
 
                 ;; Commands which should only be substituted based on their
diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
index cce70b880f..35673ceb91 100644
--- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
+++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
@@ -1,27 +1,28 @@
-From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001
+From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001
 From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 12 Nov 2022 22:45:24 +0800
+Date: Thu, 27 Jul 2023 14:45:14 +0800
 Subject: [PATCH] Replace fwdb downloader with a local file option.
 
 Also warn about non-free software.
 ---
- spectre-meltdown-checker.sh | 180 +++---------------------------------
- 1 file changed, 15 insertions(+), 165 deletions(-)
+ spectre-meltdown-checker.sh | 253 +++---------------------------------
+ 1 file changed, 17 insertions(+), 236 deletions(-)
 
 diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 30f760c..ce46970 100755
+index e7b6b33..33bdf71 100755
 --- a/spectre-meltdown-checker.sh
 +++ b/spectre-meltdown-checker.sh
-@@ -22,8 +22,6 @@ exit_cleanup()
+@@ -23,9 +23,6 @@ exit_cleanup()
  	[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
  	[ -n "${kerneltmp:-}"     ] && [ -f "$kerneltmp"     ] && rm -f "$kerneltmp"
  	[ -n "${kerneltmp2:-}"    ] && [ -f "$kerneltmp2"    ] && rm -f "$kerneltmp2"
 -	[ -n "${mcedb_tmp:-}"     ] && [ -f "$mcedb_tmp"     ] && rm -f "$mcedb_tmp"
 -	[ -n "${intel_tmp:-}"     ] && [ -d "$intel_tmp"     ] && rm -rf "$intel_tmp"
+-	[ -n "${linuxfw_tmp:-}"   ] && [ -f "$linuxfw_tmp"   ] && rm -f "$linuxfw_tmp"
  	[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
  	[ "${mounted_procfs:-}"  = 1 ] && umount "$procfs" 2>/dev/null
  	[ "${insmod_cpuid:-}"    = 1 ] && rmmod cpuid 2>/dev/null
-@@ -93,9 +91,9 @@ show_usage()
+@@ -97,9 +94,9 @@ show_usage()
  		--vmm [auto,yes,no]	override the detection of the presence of a hypervisor, default: auto
  		--allow-msr-write	allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
  		--cpu [#,all]		interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
@@ -34,10 +35,33 @@ index 30f760c..ce46970 100755
  		--dump-mock-data	used to mimick a CPU on an other system, mainly used to help debugging this script
  
  	Return codes:
-@@ -837,147 +833,6 @@ show_header()
+@@ -858,217 +855,6 @@ show_header()
  	_info
  }
  
+-# Family-Model-Stepping to CPUID
+-# prints CPUID in base-10 to stdout
+-fms2cpuid()
+-{
+-	_family="$1"
+-	_model="$2"
+-	_stepping="$3"
+-
+-	if [ "$(( _family ))" -le 15 ]; then
+-		_extfamily=0
+-		_lowfamily=$(( _family ))
+-	else
+-		# when we have a family > 0xF, then lowfamily is stuck at 0xF
+-		# and extfamily is ADDED to it (as in "+"), to ensure old software
+-		# never sees a lowfamily < 0xF for newer families
+-		_lowfamily=15
+-		_extfamily=$(( (_family) - 15 ))
+-	fi
+-	_extmodel=$((  (_model  & 0xF0 ) >> 4 ))
+-	_lowmodel=$((  (_model  & 0x0F ) >> 0 ))
+-	echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
+-}
+-
 -[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
 -mcedb_cache="$HOME/.mcedb"
 -update_fwdb()
@@ -97,13 +121,15 @@ index 30f760c..ce46970 100755
 -		echo ERROR "please install the \`sqlite3\` program"
 -		return 1
 -	fi
--	mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
+-	mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"")
 -	if [ -z "$mcedb_revision" ]; then
 -		echo ERROR "downloaded file seems invalid"
 -		return 1
 -	fi
--	sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
--	sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
+-	sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
+-	sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT"
+-	sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
+-	sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'"
 -
 -	echo OK "MCExtractor database revision $mcedb_revision"
 -
@@ -141,7 +167,7 @@ index 30f760c..ce46970 100755
 -		_version=$(echo "$_line" | awk '{print $8}')
 -		_version=$(( _version ))
 -		_version=$(printf "0x%08X" "$_version")
--		_sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+-		_sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
 -		sqlite3 "$mcedb_tmp" "$_sqlstm"
 -	done
 -	_intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
@@ -150,10 +176,52 @@ index 30f760c..ce46970 100755
 -		_intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
 -	else
 -		echo "Falling back to the latest microcode date"
--		_intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
+-		_intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;")
 -	fi
 -	echo DONE "(version $_intel_latest_date)"
 -
+-	# now parse the most recent linux-firmware amd-ucode README file
+-	_info_nol "Fetching latest amd-ucode README from linux-firmware project... "
+-	linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+-	linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
+-	if command -v wget >/dev/null 2>&1; then
+-		wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
+-	elif command -v curl >/dev/null 2>&1; then
+-		curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+-	elif command -v fetch >/dev/null 2>&1; then
+-		fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+-	else
+-		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
+-		return 1
+-	fi
+-	if [ "$ret" != 0 ]; then
+-		echo ERROR "error $ret while downloading linux-firmware README"
+-		return $ret
+-	fi
+-	echo DONE
+-
+-	_info_nol "Parsing the README... "
+-	nbfound=0
+-	for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do
+-		_debug "Parsing line $line"
+-		_family=$(  echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+'   | cut -d= -f2)
+-		_model=$(   echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+'    | cut -d= -f2)
+-		_stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2)
+-		_version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+'    | cut -d= -f2)
+-		_version=$(printf "0x%08X" "$(( _version ))")
+-		_cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping")
+-		_cpuid=$(printf "0x%08X" "$_cpuid")
+-		_date="20000101"
+-		_sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+-		_debug "family $_family model $_model stepping $_stepping cpuid $_cpuid"
+-		_debug "$_sqlstm"
+-		sqlite3 "$mcedb_tmp" "$_sqlstm"
+-		nbfound=$((nbfound + 1))
+-		unset _family _model _stepping _version _cpuid _date _sqlstm
+-	done
+-	echo "found $nbfound microcodes"
+-	unset nbfound
+-
 -	dbversion="$mcedb_revision+i$_intel_latest_date"
 -
 -	if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
@@ -165,8 +233,11 @@ index 30f760c..ce46970 100755
 -	{
 -		echo "# Spectre & Meltdown Checker";
 -		echo "# %%% MCEDB v$dbversion";
--		sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
--		sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD   AS t1 LEFT OUTER JOIN AMD   AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
+-		# ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw
+-		sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);"
+-		# we'll use the more recent fw for Intel and AMD
+-		sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
+-		sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
 -	} > "$mcedb_cache"
 -	echo DONE "(version $dbversion)"
 -
@@ -182,7 +253,7 @@ index 30f760c..ce46970 100755
  parse_opt_file()
  {
  	# parse_opt_file option_name option_value
-@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do
+@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do
  		# deprecated, kept for compatibility
  		opt_explain=0
  		shift
@@ -204,7 +275,7 @@ index 30f760c..ce46970 100755
  	elif [ "$1" = "--dump-mock-data" ]; then
  		opt_mock=1
  		shift
-@@ -2033,21 +1891,11 @@ is_xen_domU()
+@@ -2192,21 +1981,11 @@ is_xen_domU()
  	fi
  }
  
@@ -228,7 +299,7 @@ index 30f760c..ce46970 100755
  fi
  read_mcedb()
  {
-@@ -2063,7 +1911,9 @@ is_latest_known_ucode()
+@@ -2222,7 +2001,9 @@ is_latest_known_ucode()
  		return 2
  	fi
  	ucode_latest="latest microcode version for your CPU model is unknown"
@@ -240,5 +311,5 @@ index 30f760c..ce46970 100755
  	elif is_amd; then
  		cpu_brand_prefix=A
 -- 
-2.38.1
+2.41.0
 
diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
deleted file mode 100644
index c0e24d8eed..0000000000
--- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001
-From: Hilton Chain <hako@ultrarare.space>
-Date: Sat, 5 Nov 2022 23:22:31 +0800
-Subject: [PATCH] Locate the kernel bzimage used by Guix System
-
----
- spectre-meltdown-checker.sh | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 248a444..855a090 100755
---- a/spectre-meltdown-checker.sh
-+++ b/spectre-meltdown-checker.sh
-@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
- 		[ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
- 		# NixOS:
- 		[ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel"
-+		# Guix System:
-+		[ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage"
- 		# systemd kernel-install:
- 		[ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux"
- 		# Clear Linux:
-
-base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
---
-2.38.0