Package: guix-patches;
Reported by: phodina <phodina <at> protonmail.com>
Date: Thu, 5 Aug 2021 17:02:01 UTC
Severity: normal
Tags: moreinfo, patch
Merged with 59053
Done: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 49898 in the body.
You can then email your comments to 49898 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Thu, 05 Aug 2021 17:02:01 GMT) Full text and rfc822 format available.phodina <phodina <at> protonmail.com>:guix-patches <at> gnu.org.
(Thu, 05 Aug 2021 17:02:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: phodina <phodina <at> protonmail.com> To: "guix-patches <at> gnu.org" <guix-patches <at> gnu.org> Subject: [PATCH] gnu: Add spectre-meltdown-checker. Date: Thu, 05 Aug 2021 17:00:59 +0000
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4ca2a386e1..f89f6f259e 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -53,6 +53,7 @@
;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
+;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -148,6 +149,7 @@
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -7191,6 +7193,44 @@ interfaces in parallel environments.")
(supported-systems '("i686-linux" "x86_64-linux"))
(license (list license:bsd-2 license:gpl2)))) ;dual
+(define-public spectre-meltdown-checker
+(package
+ (name "spectre-meltdown-checker")
+ (version "v0.44")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"))))
+ (build-system copy-build-system)
+ (inputs `(("util-linux" ,util-linux)
+ ("binutils" ,binutils)))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.
+@enumerate
+@item Bounds Check Bypass
+@item Branch Target Injection
+@item Rogue Data Cache Load
+@item Rogue System Register Read
+@item Speculative Store Bypass
+@item L1 Terminal Fault (SGX, OS, VMM)
+@item Microarchitectural Store Buffer Data Sampling
+@item Microarchitectural Fill Buffer Data Sampling
+@item Microarchitectural Load Port Data Sampling
+@item Microarchitectural Data Sampling Uncacheable Memory
+@item TSX asynchronous abort
+@item Machine Mheck Exception on Page Size Changes
+@item Special Register Buffer Data Sampling
+@end enumerate")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker")
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.32.0
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Fri, 06 Aug 2021 13:59:02 GMT) Full text and rfc822 format available.Message #8 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: Leo Prikler <leo.prikler <at> student.tugraz.at> To: phodina <phodina <at> protonmail.com>, 49898 <at> debbugs.gnu.org Subject: Re: [PATCH] gnu: Add spectre-meltdown-checker. Date: Fri, 06 Aug 2021 15:58:26 +0200
Hi,
Am Donnerstag, den 05.08.2021, 17:00 +0000 schrieb phodina:
> * gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
>
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 4ca2a386e1..f89f6f259e 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -53,6 +53,7 @@
> ;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
> ;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
> ;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
> +;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -148,6 +149,7 @@
> #:use-module (guix build-system cmake)
> #:use-module (guix build-system gnu)
> #:use-module (guix build-system go)
> + #:use-module (guix build-system copy)
> #:use-module (guix build-system meson)
> #:use-module (guix build-system python)
> #:use-module (guix build-system trivial)
> @@ -7191,6 +7193,44 @@ interfaces in parallel environments.")
> (supported-systems '("i686-linux" "x86_64-linux"))
> (license (list license:bsd-2 license:gpl2)))) ;dual
>
> +(define-public spectre-meltdown-checker
> +(package
> + (name "spectre-meltdown-checker")
> + (version "v0.44")
Version should be "0.44".
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "
> https://github.com/speed47/spectre-meltdown-checker")
> + (commit version)))
Use (string-append "v" version).
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"
> ))))
> + (build-system copy-build-system)
copy-build-system needs an install plan to be meaningful.
> + (inputs `(("util-linux" ,util-linux)
> + ("binutils" ,binutils)))
> + (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> checker")
> + (description "A shell script to assess your system's resilience
> against
> +the several transient execution CVEs that were published since early
> 2018,
"the several CVEs" is quite an obscure formulation if correct English.
Just "several CVEs" should mean about the same while being more
understandable.
> +and give you guidance as to how to mitigate them.
> +@enumerate
> +@item Bounds Check Bypass
> +@item Branch Target Injection
> +@item Rogue Data Cache Load
> +@item Rogue System Register Read
> +@item Speculative Store Bypass
> +@item L1 Terminal Fault (SGX, OS, VMM)
> +@item Microarchitectural Store Buffer Data Sampling
> +@item Microarchitectural Fill Buffer Data Sampling
> +@item Microarchitectural Load Port Data Sampling
> +@item Microarchitectural Data Sampling Uncacheable Memory
> +@item TSX asynchronous abort
> +@item Machine Mheck Exception on Page Size Changes
> +@item Special Register Buffer Data Sampling
> +@end enumerate")
Not sure if we want to maintain this enumeration tbh.
> + (home-page "https://github.com/speed47/spectre-meltdown-checker")
> + (license license:gpl3)))
Regards
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sat, 07 Aug 2021 09:05:01 GMT) Full text and rfc822 format available.Message #11 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: phodina <phodina <at> protonmail.com> To: 49898 <at> debbugs.gnu.org Cc: Leo Prikler <leo.prikler <at> student.tugraz.at> Subject: [PATCH v2] gnu: Add spectre-meltdown-checker. Date: Sat, 07 Aug 2021 09:04:23 +0000
Thanks Leo for the suggestions!
-------------------
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4ca2a386e1..3529fa02e2 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -53,6 +53,7 @@
;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
+;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -148,6 +149,7 @@
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -7191,6 +7193,32 @@ interfaces in parallel environments.")
(supported-systems '("i686-linux" "x86_64-linux"))
(license (list license:bsd-2 license:gpl2)))) ;dual
+(define-public spectre-meltdown-checker
+(package
+ (name "spectre-meltdown-checker")
+ (version "0.44")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"))))
+ (build-system copy-build-system)
+ (arguments
+ `(#:install-plan '(("spectre-meltdown-checker.sh"
+ "bin/spectre-meltdown-checker.sh"))))
+ (inputs `(("util-linux" ,util-linux)
+ ("binutils" ,binutils)))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker")
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.32.0
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sat, 07 Aug 2021 09:51:02 GMT) Full text and rfc822 format available.Message #14 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: Leo Prikler <leo.prikler <at> student.tugraz.at> To: phodina <phodina <at> protonmail.com>, 49898 <at> debbugs.gnu.org Subject: Re: [PATCH v2] gnu: Add spectre-meltdown-checker. Date: Sat, 07 Aug 2021 11:50:02 +0200
Hi,
Am Samstag, den 07.08.2021, 09:04 +0000 schrieb phodina:
> Thanks Leo for the suggestions!
> -------------------
> * gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
>
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 4ca2a386e1..3529fa02e2 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -53,6 +53,7 @@
> ;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
> ;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
> ;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
> +;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -148,6 +149,7 @@
> #:use-module (guix build-system cmake)
> #:use-module (guix build-system gnu)
> #:use-module (guix build-system go)
> + #:use-module (guix build-system copy)
> #:use-module (guix build-system meson)
> #:use-module (guix build-system python)
> #:use-module (guix build-system trivial)
> @@ -7191,6 +7193,32 @@ interfaces in parallel environments.")
> (supported-systems '("i686-linux" "x86_64-linux"))
> (license (list license:bsd-2 license:gpl2)))) ;dual
>
> +(define-public spectre-meltdown-checker
> +(package
> + (name "spectre-meltdown-checker")
> + (version "0.44")
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "
> https://github.com/speed47/spectre-meltdown-checker")
> + (commit (string-append "v" version))))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"
> ))))
> + (build-system copy-build-system)
> + (arguments
> + `(#:install-plan '(("spectre-meltdown-checker.sh"
> + "bin/spectre-meltdown-checker.sh"))))
> + (inputs `(("util-linux" ,util-linux)
> + ("binutils" ,binutils)))
We typically sort inputs alphabetically.
> + (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> checker")
> + (description "A shell script to assess your system's resilience
> against
> +the several transient execution CVEs that were published since early
> 2018,
> +and give you guidance as to how to mitigate them.")
> + (home-page "https://github.com/speed47/spectre-meltdown-checker")
> + (license license:gpl3)))
This looks better, but after running the checker in a few
configurations (it doesn't appear to make a difference whether with or
without root, but judging from the papers some attacks would require
sudo) I've noticed that commands are insufficiently hardcoded.
For instance, the check for Spectre Variant 1 requires perl, which is
not available and the line stating so is hidden well among a large wall
of output.
Likewise, I don't think simply including binutils does anything, you'll
have to patch those in as well if you want them.
Regards,
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sun, 08 Aug 2021 11:06:02 GMT) Full text and rfc822 format available.Message #17 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: phodina <phodina <at> protonmail.com> To: 49898 <at> debbugs.gnu.org Cc: Leo Prikler <leo.prikler <at> student.tugraz.at> Subject: [PATCH v3] gnu: Add spectre-meltdown-checker. Date: Sun, 08 Aug 2021 11:05:49 +0000
>
> This looks better, but after running the checker in a few
>
> configurations (it doesn't appear to make a difference whether with or
>
> without root, but judging from the papers some attacks would require
>
> sudo) I've noticed that commands are insufficiently hardcoded.
>
> For instance, the check for Spectre Variant 1 requires perl, which is
>
> not available and the line stating so is hidden well among a large wall
>
> of output.
>
> Likewise, I don't think simply including binutils does anything, you'll
>
> have to patch those in as well if you want them.
>
> Regards,
Yes, it's unfortunately well hidden and there seems to be a mix of tools also
available only for BSD. I wanted to run it in pure environment and with =-e=
but there are many condtitions that exit at once.
So I went throught the whole script and listed the commands.
Not sure regarding the admin priviledges. I'll create issue on the upstream
regarding the requirements. The Dockerfile gives some hints but it's not exhaustive.
Kind regards,
Petr
-----------------------------------------------------
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4ca2a386e1..24f7d43b33 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -53,6 +53,7 @@
;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
+;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -137,6 +138,7 @@
#:use-module (gnu packages video)
#:use-module (gnu packages vulkan)
#:use-module (gnu packages web)
+ #:use-module (gnu packages wget)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xdisorg)
@@ -148,6 +150,7 @@
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -7191,6 +7194,44 @@ interfaces in parallel environments.")
(supported-systems '("i686-linux" "x86_64-linux"))
(license (list license:bsd-2 license:gpl2)))) ;dual
+(define-public spectre-meltdown-checker
+(package
+ (name "spectre-meltdown-checker")
+ (version "0.44")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"))))
+ (build-system copy-build-system)
+ (arguments
+ `(#:install-plan '(("spectre-meltdown-checker.sh"
+ "bin/spectre-meltdown-checker.sh"))))
+ (inputs `(("binutils" ,binutils)
+ ("coreutils",coreutils)
+ ("gawk" ,gawk)
+ ("gzip" ,gzip)
+ ("lzop" ,lzop)
+ ("perl" ,perl)
+ ("procps" ,procps)
+ ("sqlite" ,sqlite)
+ ("util-linux" ,util-linux)
+ ("util-linux-with-udev" ,util-linux+udev)
+ ("wget" ,wget)
+ ("which" ,which)
+ ("xz" ,xz)
+ ("zstd" ,zstd)))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker")
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.32.0
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sun, 08 Aug 2021 21:43:01 GMT) Full text and rfc822 format available.Message #20 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: Leo Prikler <leo.prikler <at> student.tugraz.at> To: phodina <phodina <at> protonmail.com>, 49898 <at> debbugs.gnu.org Subject: Re: [PATCH v3] gnu: Add spectre-meltdown-checker. Date: Sun, 08 Aug 2021 23:42:03 +0200
Hi,
Am Sonntag, den 08.08.2021, 11:05 +0000 schrieb phodina:
> Yes, it's unfortunately well hidden and there seems to be a mix of
> tools also available only for BSD. I wanted to run it in pure
> environment and with =-e= but there are many condtitions that exit at
> once.
I don't think the BSD ones should be too much of an issue, but if we
ever decide to ship a BSD kernel, that might become relevant.
> So I went throught the whole script and listed the commands.
> Not sure regarding the admin priviledges. I'll create issue on the
> upstream regarding the requirements. The Dockerfile gives some hints
> but it's not exhaustive.
As far as I can see, I don't think it claims sudo on your behalf, so
that should be fine.
> -----------------------------------------------------
>
> * gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
>
> diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
> index 4ca2a386e1..24f7d43b33 100644
> --- a/gnu/packages/linux.scm
> +++ b/gnu/packages/linux.scm
> @@ -53,6 +53,7 @@
> ;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
> ;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
> ;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
> +;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -137,6 +138,7 @@
> #:use-module (gnu packages video)
> #:use-module (gnu packages vulkan)
> #:use-module (gnu packages web)
> + #:use-module (gnu packages wget)
> #:use-module (gnu packages xiph)
> #:use-module (gnu packages xml)
> #:use-module (gnu packages xdisorg)
> @@ -148,6 +150,7 @@
> #:use-module (guix build-system cmake)
> #:use-module (guix build-system gnu)
> #:use-module (guix build-system go)
> + #:use-module (guix build-system copy)
> #:use-module (guix build-system meson)
> #:use-module (guix build-system python)
> #:use-module (guix build-system trivial)
> @@ -7191,6 +7194,44 @@ interfaces in parallel environments.")
> (supported-systems '("i686-linux" "x86_64-linux"))
> (license (list license:bsd-2 license:gpl2)))) ;dual
>
> +(define-public spectre-meltdown-checker
> +(package
> + (name "spectre-meltdown-checker")
> + (version "0.44")
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "
> https://github.com/speed47/spectre-meltdown-checker")
> + (commit (string-append "v" version))))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32
> + "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"
> ))))
> + (build-system copy-build-system)
> + (arguments
> + `(#:install-plan '(("spectre-meltdown-checker.sh"
> + "bin/spectre-meltdown-checker.sh"))))
> + (inputs `(("binutils" ,binutils)
> + ("coreutils",coreutils)
> + ("gawk" ,gawk)
> + ("gzip" ,gzip)
> + ("lzop" ,lzop)
> + ("perl" ,perl)
> + ("procps" ,procps)
> + ("sqlite" ,sqlite)
> + ("util-linux" ,util-linux)
> + ("util-linux-with-udev" ,util-linux+udev)
Why both?
> + ("wget" ,wget)
> + ("which" ,which)
> + ("xz" ,xz)
> + ("zstd" ,zstd)))
Are you sure that mere presence of these packages as inputs will do
anything to patch them? Because I'm not so much.
Regards
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sat, 18 Sep 2021 15:27:01 GMT) Full text and rfc822 format available.Message #23 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: phodina <phodina <at> protonmail.com> To: Leo Prikler <leo.prikler <at> student.tugraz.at> Cc: 49898 <at> debbugs.gnu.org Subject: [PATCH v4] gnu: Add spectre-meltdown-checker. Date: Sat, 18 Sep 2021 15:25:47 +0000
Hi Leo,
I've substituted most of the commands. The only commands at the moment are echo and printf. I haven't found regexp that would work as they are text is also used for variables.
Otherwise the rest of the commands should be covered.
--8<---------------cut here---------------start------------->8--
* gnu/packages/linux.scm (spectre-meltdown-checker): New variable.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 46c9f817a8..905048a5be 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -53,6 +53,7 @@
;;; Copyright © 2020 pukkamustard <pukkamustard <at> posteo.net>
;;; Copyright © 2021 B. Wilson <elaexuotee <at> wilsonb.com>
;;; Copyright © 2021 Ivan Gankevich <i.gankevich <at> spbu.ru>
+;;; Copyright © 2021 Petr Hodina <phodina <at> protonmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -138,6 +139,7 @@
#:use-module (gnu packages video)
#:use-module (gnu packages vulkan)
#:use-module (gnu packages web)
+ #:use-module (gnu packages wget)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xdisorg)
@@ -149,6 +151,7 @@
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
+ #:use-module (guix build-system copy)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system trivial)
@@ -7372,6 +7375,93 @@ interfaces in parallel environments.")
(supported-systems '("i686-linux" "x86_64-linux"))
(license (list license:bsd-2 license:gpl2)))) ;dual
+(define-public spectre-meltdown-checker
+ (package
+ (name "spectre-meltdown-checker")
+ (version "0.44")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/speed47/spectre-meltdown-checker")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"))))
+ (build-system copy-build-system)
+ (arguments
+ `(#:install-plan '(("spectre-meltdown-checker.sh"
+ "bin/spectre-meltdown-checker.sh"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-relative-locations
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((icoreutils (assoc-ref %build-inputs "coreutils"))
+ (igrep (assoc-ref %build-inputs "grep"))
+ (iutil-linux (assoc-ref %build-inputs "util-linux"))
+ (iutil-linux-with-udev
+ (assoc-ref %build-inputs "util-linux-with-udev"))
+ (igawk (assoc-ref %build-inputs "gawk"))
+ (igzip (assoc-ref %build-inputs "gzip"))
+ (iunzip (assoc-ref %build-inputs "unzip"))
+ (ilzop (assoc-ref %build-inputs "lzop"))
+ (iperl (assoc-ref %build-inputs "perl"))
+ (iprocps (assoc-ref %build-inputs "procps"))
+ (isqlite (assoc-ref %build-inputs "sqlite"))
+ (iwget (assoc-ref %build-inputs "wget"))
+ (iwhich (assoc-ref %build-inputs "which"))
+ (ixz (assoc-ref %build-inputs "xz"))
+ (izstd (assoc-ref %build-inputs "zstd")))
+ (substitute* "spectre-meltdown-checker.sh"
+ ; TODO: Find regexp what will work
+ ;(("echo") (string-append icoreutils "/bin/echo"))
+ ;(("printf") (string-append icoreutils "/bin/printf"))
+ (("dirname") (string-append icoreutils "/bin/dirname"))
+ (("cat") (string-append icoreutils "/bin/cat"))
+ (("grep[ ]+") (string-append igrep "/bin/grep "))
+ (("cut") (string-append icoreutils "/bin/cut"))
+ (("mktemp") (string-append icoreutils "/bin/mktemp"))
+ (("stat[ ]+") (string-append icoreutils "/bin/stat " ))
+ (("tail[ ]+") (string-append icoreutils "/bin/tail " ))
+ (("head[ ]+") (string-append icoreutils "/bin/head " ))
+ (("mount[ ]+") "/run/setuid-programs/mount ")
+ (("modprobe") (string-append iutil-linux "/bin/modprobe"))
+ (("dd") (string-append icoreutils "/bin/dd"))
+ (("dmesg[ ]+") (string-append iutil-linux-with-udev "/bin/dmesg "))
+ (("awk") (string-append igawk "/bin/awk"))
+ (("gzip") (string-append igzip "/bin/gzip"))
+ (("unzip") (string-append iunzip "/bin/unzip"))
+ (("lzop") (string-append ilzop "/bin/lzop"))
+ (("perl") (string-append iperl "/bin/perl"))
+ (("ps[ ]+") (string-append iprocps "/bin/ps "))
+ (("sqlite3") (string-append isqlite "/bin/sqlite3"))
+ (("wget") (string-append iwget "/bin/wget"))
+ (("which") (string-append iwhich "/bin/which"))
+ (("xz") (string-append ixz "/bin/xz"))
+ (("zstd") (string-append izstd "/bin/zstd")))))))))
+ (inputs `(("binutils" ,binutils)
+ ("coreutils",coreutils)
+ ("gawk" ,gawk)
+ ("grep" ,grep)
+ ("gzip" ,gzip)
+ ("unzip" ,unzip)
+ ("lzop" ,lzop)
+ ("perl" ,perl)
+ ("procps" ,procps)
+ ("sqlite" ,sqlite)
+ ("util-linux" ,util-linux)
+ ("util-linux-with-udev" ,util-linux+udev)
+ ("wget" ,wget)
+ ("which" ,which)
+ ("xz" ,xz)
+ ("zstd" ,zstd)))
+ (synopsis "Spectre, Meltdown ... vulnerability/mitigation checker")
+ (description "A shell script to assess your system's resilience against
+the several transient execution CVEs that were published since early 2018,
+and give you guidance as to how to mitigate them.")
+ (home-page "https://github.com/speed47/spectre-meltdown-checker")
+ (license license:gpl3)))
+
(define-public snapscreenshot
(package
(name "snapscreenshot")
--
2.32.0
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sat, 18 Sep 2021 17:04:02 GMT) Full text and rfc822 format available.Message #26 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: Liliana Marie Prikler <liliana.prikler <at> gmail.com> To: phodina <phodina <at> protonmail.com> Cc: 49898 <at> debbugs.gnu.org Subject: Re: [PATCH v4] gnu: Add spectre-meltdown-checker. Date: Sat, 18 Sep 2021 19:03:17 +0200
Hi Petr,
Am Samstag, den 18.09.2021, 15:25 +0000 schrieb phodina:
> [...]
>
>
> + (add-after 'unpack 'fix-relative-locations
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let ((icoreutils (assoc-ref %build-inputs
> "coreutils"))
> + (igrep (assoc-ref %build-inputs "grep"))
> + (iutil-linux (assoc-ref %build-inputs "util-
> linux"))
> + (iutil-linux-with-udev
> + (assoc-ref %build-inputs "util-linux-with-
> udev"))
> + (igawk (assoc-ref %build-inputs "gawk"))
> + (igzip (assoc-ref %build-inputs "gzip"))
> + (iunzip (assoc-ref %build-inputs "unzip"))
> + (ilzop (assoc-ref %build-inputs "lzop"))
> + (iperl (assoc-ref %build-inputs "perl"))
> + (iprocps (assoc-ref %build-inputs "procps"))
> + (isqlite (assoc-ref %build-inputs "sqlite"))
> + (iwget (assoc-ref %build-inputs "wget"))
> + (iwhich (assoc-ref %build-inputs "which"))
> + (ixz (assoc-ref %build-inputs "xz"))
> + (izstd (assoc-ref %build-inputs "zstd")))
I don't think Hungarian notation is very helpful here.
> + (substitute* "spectre-meltdown-checker.sh"
> + ; TODO: Find regexp what will work
> + ;(("echo") (string-append icoreutils "/bin/echo"))
> + ;(("printf") (string-append icoreutils
> "/bin/printf"))
There are multiple ways of handling this, but I thing the best one
would be to substitute both `command -v printf' and `which echo' with
the path to false, then match the line
[ -z "$echo_cmd" ] && echo_cmd='echo'
and instead put there
echo_cmd_type='printf'
echo_cmd=(path-to "/bin/printf")
> + (("dirname") (string-append icoreutils
> "/bin/dirname"))
> + (("cat") (string-append icoreutils "/bin/cat"))
> + (("grep[ ]+") (string-append igrep "/bin/grep "))
> + (("cut") (string-append icoreutils "/bin/cut"))
> + (("mktemp") (string-append icoreutils
> "/bin/mktemp"))
> + (("stat[ ]+") (string-append icoreutils "/bin/stat
> " ))
> + (("tail[ ]+") (string-append icoreutils "/bin/tail
> " ))
> + (("head[ ]+") (string-append icoreutils "/bin/head
> " ))
> + (("mount[ ]+") "/run/setuid-programs/mount ")
> + (("modprobe") (string-append iutil-linux
> "/bin/modprobe"))
> + (("dd") (string-append icoreutils "/bin/dd"))
> + (("dmesg[ ]+") (string-append iutil-linux-with-udev
> "/bin/dmesg "))
> + (("awk") (string-append igawk "/bin/awk"))
> + (("gzip") (string-append igzip "/bin/gzip"))
> + (("unzip") (string-append iunzip "/bin/unzip"))
> + (("lzop") (string-append ilzop "/bin/lzop"))
> + (("perl") (string-append iperl "/bin/perl"))
> + (("ps[ ]+") (string-append iprocps "/bin/ps "))
> + (("sqlite3") (string-append isqlite
> "/bin/sqlite3"))
> + (("wget") (string-append iwget "/bin/wget"))
> + (("which") (string-append iwhich "/bin/which"))
> + (("xz") (string-append ixz "/bin/xz"))
> + (("zstd") (string-append izstd "/bin/zstd")))))))))
Group those that need spaces and those that don't together, with an
explanation as to why those two groups exist.
> + (inputs `(("binutils" ,binutils)
> + ("coreutils",coreutils)
> + ("gawk" ,gawk)
> + ("grep" ,grep)
> + ("gzip" ,gzip)
> + ("unzip" ,unzip)
> + ("lzop" ,lzop)
> + ("perl" ,perl)
> + ("procps" ,procps)
> + ("sqlite" ,sqlite)
> + ("util-linux" ,util-linux)
> + ("util-linux-with-udev" ,util-linux+udev)
Why both?
> + ("wget" ,wget)
> + ("which" ,which)
> + ("xz" ,xz)
> + ("zstd" ,zstd)))
> + (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> checker")
> + (description "A shell script to assess your system's resilience
> against
> +the several transient execution CVEs that were published since early
> 2018,
> +and give you guidance as to how to mitigate them.")
> + (home-page "https://github.com/speed47/spectre-meltdown-checker"
> )
> + (license license:gpl3)))
> +
> (define-public snapscreenshot
> (package
> (name "snapscreenshot")
> --
> 2.32.0
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Tue, 07 Dec 2021 22:05:01 GMT) Full text and rfc822 format available.Message #29 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: phodina <phodina <at> protonmail.com> To: Liliana Marie Prikler <liliana.prikler <at> gmail.com> Cc: 49898 <at> debbugs.gnu.org Subject: [PATCH v5] gnu: Add spectre-meltdown-checker. Date: Tue, 07 Dec 2021 22:04:31 +0000
[Message part 1 (text/plain, inline)]
Hi Liliana,
> Hi Petr,
>
> Am Samstag, den 18.09.2021, 15:25 +0000 schrieb phodina:
>
> > [...]
>
> > - (add-after 'unpack 'fix-relative-locations
> >
> >
> > - (lambda* (#:key outputs #:allow-other-keys)
> >
> >
> > - (let ((icoreutils (assoc-ref %build-inputs
> >
> >
> >
> > "coreutils"))
> >
> > - (igrep (assoc-ref %build-inputs "grep"))
> >
> >
> > - (iutil-linux (assoc-ref %build-inputs "util-
> >
> >
> >
> > linux"))
> >
> > - (iutil-linux-with-udev
> >
> >
> > - (assoc-ref %build-inputs "util-linux-with-
> >
> >
> >
> > udev"))
> >
> > - (igawk (assoc-ref %build-inputs "gawk"))
> >
> >
> > - (igzip (assoc-ref %build-inputs "gzip"))
> >
> >
> > - (iunzip (assoc-ref %build-inputs "unzip"))
> >
> >
> > - (ilzop (assoc-ref %build-inputs "lzop"))
> >
> >
> > - (iperl (assoc-ref %build-inputs "perl"))
> >
> >
> > - (iprocps (assoc-ref %build-inputs "procps"))
> >
> >
> > - (isqlite (assoc-ref %build-inputs "sqlite"))
> >
> >
> > - (iwget (assoc-ref %build-inputs "wget"))
> >
> >
> > - (iwhich (assoc-ref %build-inputs "which"))
> >
> >
> > - (ixz (assoc-ref %build-inputs "xz"))
> >
> >
> > - (izstd (assoc-ref %build-inputs "zstd")))
> >
> >
>
> I don't think Hungarian notation is very helpful here.
>
> > - (substitute* "spectre-meltdown-checker.sh"
> >
> >
> > - ; TODO: Find regexp what will work
> >
> >
> > - ;(("echo") (string-append icoreutils "/bin/echo"))
> >
> >
> > - ;(("printf") (string-append icoreutils
> >
> >
> >
> > "/bin/printf"))
>
> There are multiple ways of handling this, but I thing the best one
>
> would be to substitute both `command -v printf' and` which echo' with
>
> the path to false, then match the line
>
> [ -z "$echo_cmd" ] && echo_cmd='echo'
>
> and instead put there
>
> echo_cmd_type='printf'
>
> echo_cmd=(path-to "/bin/printf")
>
> > - (("dirname") (string-append icoreutils
> >
> >
> >
> > "/bin/dirname"))
> >
> > - (("cat") (string-append icoreutils "/bin/cat"))
> >
> >
> > - (("grep[ ]+") (string-append igrep "/bin/grep "))
> >
> >
> > - (("cut") (string-append icoreutils "/bin/cut"))
> >
> >
> > - (("mktemp") (string-append icoreutils
> >
> >
> >
> > "/bin/mktemp"))
> >
> > - (("stat[ ]+") (string-append icoreutils "/bin/stat
> >
> >
> >
> > " ))
> >
> > - (("tail[ ]+") (string-append icoreutils "/bin/tail
> >
> >
> >
> > " ))
> >
> > - (("head[ ]+") (string-append icoreutils "/bin/head
> >
> >
> >
> > " ))
> >
> > - (("mount[ ]+") "/run/setuid-programs/mount ")
> >
> >
> > - (("modprobe") (string-append iutil-linux
> >
> >
> >
> > "/bin/modprobe"))
> >
> > - (("dd") (string-append icoreutils "/bin/dd"))
> >
> >
> > - (("dmesg[ ]+") (string-append iutil-linux-with-udev
> >
> >
> >
> > "/bin/dmesg "))
> >
> > - (("awk") (string-append igawk "/bin/awk"))
> >
> >
> > - (("gzip") (string-append igzip "/bin/gzip"))
> >
> >
> > - (("unzip") (string-append iunzip "/bin/unzip"))
> >
> >
> > - (("lzop") (string-append ilzop "/bin/lzop"))
> >
> >
> > - (("perl") (string-append iperl "/bin/perl"))
> >
> >
> > - (("ps[ ]+") (string-append iprocps "/bin/ps "))
> >
> >
> > - (("sqlite3") (string-append isqlite
> >
> >
> >
> > "/bin/sqlite3"))
> >
> > - (("wget") (string-append iwget "/bin/wget"))
> >
> >
> > - (("which") (string-append iwhich "/bin/which"))
> >
> >
> > - (("xz") (string-append ixz "/bin/xz"))
> >
> >
> > - (("zstd") (string-append izstd "/bin/zstd")))))))))
> >
> >
>
> Group those that need spaces and those that don't together, with an
>
> explanation as to why those two groups exist.
>
> > - (inputs `(("binutils" ,binutils)
> > - ("coreutils",coreutils)
> >
> >
> > - ("gawk" ,gawk)
> >
> >
> > - ("grep" ,grep)
> >
> >
> > - ("gzip" ,gzip)
> >
> >
> > - ("unzip" ,unzip)
> >
> >
> > - ("lzop" ,lzop)
> >
> >
> > - ("perl" ,perl)
> >
> >
> > - ("procps" ,procps)
> >
> >
> > - ("sqlite" ,sqlite)
> >
> >
> > - ("util-linux" ,util-linux)
> >
> >
> > - ("util-linux-with-udev" ,util-linux+udev)
> >
> >
>
> Why both?
>
> > - ("wget" ,wget)
> >
> >
> > - ("which" ,which)
> >
> >
> > - ("xz" ,xz)
> >
> >
> > - ("zstd" ,zstd)))
> >
> >
> > - (synopsis "Spectre, Meltdown ... vulnerability/mitigation
> >
> > checker")
> > - (description "A shell script to assess your system's resilience
> >
> > against
> >
> > +the several transient execution CVEs that were published since early
> >
> > 2018,
> >
> > +and give you guidance as to how to mitigate them.")
> > - (home-page "https://github.com/speed47/spectre-meltdown-checker"
> >
> > )
> > - (license license:gpl3)))
> >
> > (define-public snapscreenshot
> >
> > (package
> >
> > (name "snapscreenshot")
> > ----------------------------------------------------------------
> >
> > 2.32.0
I've used the wrap-program as an alternative to the your suggested solution.
Going through the program there is a function update_fwdb [1] that downloads and updates database files when the script is executed with the --update-fwdb argument.
I've added both files [2][3] in question to the lists of inputs.
However, since they are supposed to be updated at runtime (stored in $HOME) I don't know to represent this in the package definition.
Could you please suggest how to proceed?
----
Petr
[1] https://github.com/speed47/spectre-meltdown-checker/blob/master/spectre-meltdown-checker.sh#L838
[2] https://github.com/platomav/MCExtractor/raw/master/MCE.db
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip
[v5-0001-gnu-Add-spectre-meltdown-checker.patch (text/x-patch, attachment)]
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sun, 26 Jun 2022 10:24:01 GMT) Full text and rfc822 format available.Message #32 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: Liliana Marie Prikler <liliana.prikler <at> gmail.com> To: phodina <phodina <at> protonmail.com> Cc: 49898 <at> debbugs.gnu.org Subject: Re: [PATCH v5] gnu: Add spectre-meltdown-checker. Date: Sun, 26 Jun 2022 12:23:32 +0200
Hi Petr,
sorry for the very late reply. Are you still interested in adding
spectre-meltdown-checker? If so, there's a new version out. Also...
Am Dienstag, dem 07.12.2021 um 22:04 +0000 schrieb phodina:
> I've used the wrap-program as an alternative to the your suggested
> solution.
That does work, but remains quite inelegant.
> Going through the program there is a function update_fwdb [1] that
> downloads and updates database files when the script is executed with
> the --update-fwdb argument.
>
> I've added both files [2][3] in question to the lists of inputs.
>
> However, since they are supposed to be updated at runtime (stored in
> $HOME) I don't know to represent this in the package definition.
>
> Could you please suggest how to proceed?
I'd suggest removing that functionality as well as the associated
inputs (i.e. curl etc., not the databases). Even if it's treated as
"just data", users should be able to specify on their own the data to
check against. Perhaps you could suggest to upstream that adding --
fwdb /path/to/fwdb might be useful?
Since this patch is rather old, there are a few style-related changes
that should also be incorporated:
> + (arguments
> + `(...))
Use a list of G-Expressions.
> + (paths (map
> + (lambda (input)
> + (string-append (assoc-ref inputs input)
> "/bin"))
> + '("coreutils" "grep" "util-linux"
> "iucode-tool"
> + "util-linux-with-udev" "gawk" "gzip"
> "lzop"
> + "lzop" "perl" "procps" "sqlite" "wget"
> "which" "xz" "zstd"))))
You can use (search-input-file inputs "/bin/CMD") to search CMD from
inputs.
> + (inputs `(("binutils" ,binutils)
> + ("coreutils",coreutils)
> + [...])
You can drop the input labels, but you'll have to find another way to
pass the firmware databases. Speaking of which, is anything even done
with those? Could we add (a) separate package(s) with those databases
instead?
Cheers
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Sun, 26 Jun 2022 11:08:02 GMT) Full text and rfc822 format available.Message #35 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: phodina <phodina <at> protonmail.com> To: Liliana Marie Prikler <liliana.prikler <at> gmail.com> Cc: 49898 <at> debbugs.gnu.org Subject: Re: [PATCH v5] gnu: Add spectre-meltdown-checker. Date: Sun, 26 Jun 2022 11:07:26 +0000
Hi, Yes I'm still interested in upstreaming this package. True, in the meantime a lot has happened and I'll prepare a patch with simplified inputs and Gexps. Also the databases will be in separate packages and just put into the inputs and linked correctly. And I'll also update the package version. Unfortunately HW issues will remain with us for long and it's useful to have some way to check for them. FIY I'm currently also in process of packaging other stuff so it might take some time. ---- Petr
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Fri, 01 Jul 2022 21:58:01 GMT) Full text and rfc822 format available.Message #38 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: phodina <phodina <at> protonmail.com> To: Liliana Marie Prikler <liliana.prikler <at> gmail.com> Cc: 49898 <at> debbugs.gnu.org Subject: Re: [PATCH v6] gnu: Add spectre-meltdown-checker. Date: Fri, 01 Jul 2022 21:57:18 +0000
[Message part 1 (text/plain, inline)]
Hi! here's updated patch set: - The version has been updated. - It uses gexps. - There are now 3 packages (intelfw and mcextractor are new). There is the issue with Intel license. Not sure if it can be included. The intelfw and mcextractor are used in the shell function update_fwdb. It might be better to create a patch, remove the download functionality and point it to /gnu/store for the package inputs. What do you think? ---- Petr
[v6-0001-gnu-Add-intelfw.patch (text/x-patch, attachment)]
[v6-0002-gnu-Add-mcextractor.patch (text/x-patch, attachment)]
[v6-0003-gnu-Add-spectre-meltdown-checker.patch (text/x-patch, attachment)]
guix-patches <at> gnu.org:bug#49898; Package guix-patches.
(Fri, 01 Jul 2022 23:03:01 GMT) Full text and rfc822 format available.Message #41 received at 49898 <at> debbugs.gnu.org (full text, mbox):
From: Liliana Marie Prikler <liliana.prikler <at> gmail.com> To: phodina <phodina <at> protonmail.com> Cc: 49898 <at> debbugs.gnu.org Subject: Re: [PATCH v6] gnu: Add spectre-meltdown-checker. Date: Sat, 02 Jul 2022 01:02:42 +0200
Am Freitag, dem 01.07.2022 um 21:57 +0000 schrieb phodina: > Hi! > > here's updated patch set: > > - The version has been updated. > - It uses gexps. > - There are now 3 packages (intelfw and mcextractor are new). > > There is the issue with Intel license. Not sure if it can be > included. I don't think it can. In my humble opinion, microcode counts as very functional data and should thus be distributed under a free license. mcextractor OTOH looks good to me, even if its main purpose is to handle these binary blobs. > The intelfw and mcextractor are used in the shell function > update_fwdb. It might be better to create a patch, remove the > download functionality and point it to /gnu/store for the package > inputs. What do you think? As already outlined, I think we should go with a "please provide your firmware via command line option if you think that makes a difference" approach, assuming unpatched firmware if none is passed. Since Guix doesn't actually distribute any of Intel's or AMD's blobs, that is the correct behaviour, both ethically and functionally. Cheers
Liliana Marie Prikler <liliana.prikler <at> gmail.com>
to control <at> debbugs.gnu.org.
(Sat, 05 Nov 2022 16:46:02 GMT) Full text and rfc822 format available.Christopher Baines <mail <at> cbaines.net>
to control <at> debbugs.gnu.org.
(Sun, 06 Nov 2022 14:21:02 GMT) Full text and rfc822 format available.Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Mon, 12 Dec 2022 12:24:12 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.