Package: guix-patches;
Reported by: Hilton Chain <hako <at> ultrarare.space>
Date: Thu, 27 Jul 2023 07:14:02 UTC
Severity: normal
Tags: patch
Done: Hilton Chain <hako <at> ultrarare.space>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 64889 in the body.
You can then email your comments to 64889 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
leo <at> famulari.name, me <at> tobias.gr, guix-patches <at> gnu.org:bug#64889; Package guix-patches.
(Thu, 27 Jul 2023 07:14:02 GMT) Full text and rfc822 format available.Hilton Chain <hako <at> ultrarare.space>:leo <at> famulari.name, me <at> tobias.gr, guix-patches <at> gnu.org.
(Thu, 27 Jul 2023 07:14:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: guix-patches <at> gnu.org Cc: Hilton Chain <hako <at> ultrarare.space> Subject: [PATCH] gnu: spectre-meltdown-checker: Update to 0.46. Date: Thu, 27 Jul 2023 15:12:48 +0800
* gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
patch.
* gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
[arguments]<#:phases>: Correct bunzip2, substitute lzop and mktemp.
---
gnu/local.mk | 1 -
gnu/packages/linux.scm | 13 +--
...re-meltdown-checker-externalize-fwdb.patch | 109 +++++++++++++++---
...spectre-meltdown-checker-find-kernel.patch | 26 -----
4 files changed, 96 insertions(+), 53 deletions(-)
delete mode 100644 gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index ae2f3dd49f..85522d8b58 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1951,7 +1951,6 @@ dist_patch_DATA = \
%D%/packages/patches/source-highlight-gcc-compat.patch \
%D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
- %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
%D%/packages/patches/sssd-system-directories.patch \
%D%/packages/patches/steghide-fixes.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 250e26cf09..379b8e6b63 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10314,7 +10314,7 @@ (define-public edac-utils
(define-public spectre-meltdown-checker
(package
(name "spectre-meltdown-checker")
- (version "0.45")
+ (version "0.46")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -10323,15 +10323,14 @@ (define-public spectre-meltdown-checker
(file-name (git-file-name name version))
(patches
(search-patches
- "spectre-meltdown-checker-externalize-fwdb.patch"
- "spectre-meltdown-checker-find-kernel.patch"))
+ "spectre-meltdown-checker-externalize-fwdb.patch"))
;; Remove builtin firmware database.
(modules '((guix build utils)))
(snippet '(substitute* "spectre-meltdown-checker.sh"
(("^# [AI],.*") "")))
(sha256
(base32
- "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+ "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k"))))
(build-system copy-build-system)
(arguments
(list
@@ -10350,11 +10349,11 @@ (define-public spectre-meltdown-checker
(find-command inputs cmd))
;; Commands safe to substitute directly.
- (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd)
+ (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd)
+ (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(unxz|unzstd|uuencode)\\>" all cmd)
+ (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd)
(find-command inputs cmd))
;; Commands which should only be substituted based on their
diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
index cce70b880f..35673ceb91 100644
--- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
+++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
@@ -1,27 +1,28 @@
-From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001
+From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001
From: Hilton Chain <hako <at> ultrarare.space>
-Date: Sat, 12 Nov 2022 22:45:24 +0800
+Date: Thu, 27 Jul 2023 14:45:14 +0800
Subject: [PATCH] Replace fwdb downloader with a local file option.
Also warn about non-free software.
---
- spectre-meltdown-checker.sh | 180 +++---------------------------------
- 1 file changed, 15 insertions(+), 165 deletions(-)
+ spectre-meltdown-checker.sh | 253 +++---------------------------------
+ 1 file changed, 17 insertions(+), 236 deletions(-)
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 30f760c..ce46970 100755
+index e7b6b33..33bdf71 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
-@@ -22,8 +22,6 @@ exit_cleanup()
+@@ -23,9 +23,6 @@ exit_cleanup()
[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
[ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
[ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
- [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
- [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp"
+- [ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp"
[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
[ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null
[ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null
-@@ -93,9 +91,9 @@ show_usage()
+@@ -97,9 +94,9 @@ show_usage()
--vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto
--allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
--cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
@@ -34,10 +35,33 @@ index 30f760c..ce46970 100755
--dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script
Return codes:
-@@ -837,147 +833,6 @@ show_header()
+@@ -858,217 +855,6 @@ show_header()
_info
}
+-# Family-Model-Stepping to CPUID
+-# prints CPUID in base-10 to stdout
+-fms2cpuid()
+-{
+- _family="$1"
+- _model="$2"
+- _stepping="$3"
+-
+- if [ "$(( _family ))" -le 15 ]; then
+- _extfamily=0
+- _lowfamily=$(( _family ))
+- else
+- # when we have a family > 0xF, then lowfamily is stuck at 0xF
+- # and extfamily is ADDED to it (as in "+"), to ensure old software
+- # never sees a lowfamily < 0xF for newer families
+- _lowfamily=15
+- _extfamily=$(( (_family) - 15 ))
+- fi
+- _extmodel=$(( (_model & 0xF0 ) >> 4 ))
+- _lowmodel=$(( (_model & 0x0F ) >> 0 ))
+- echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
+-}
+-
-[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
-mcedb_cache="$HOME/.mcedb"
-update_fwdb()
@@ -97,13 +121,15 @@ index 30f760c..ce46970 100755
- echo ERROR "please install the \`sqlite3\` program"
- return 1
- fi
-- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
+- mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"")
- if [ -z "$mcedb_revision" ]; then
- echo ERROR "downloaded file seems invalid"
- return 1
- fi
-- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
-- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
+- sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'"
-
- echo OK "MCExtractor database revision $mcedb_revision"
-
@@ -141,7 +167,7 @@ index 30f760c..ce46970 100755
- _version=$(echo "$_line" | awk '{print $8}')
- _version=$(( _version ))
- _version=$(printf "0x%08X" "$_version")
-- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
- sqlite3 "$mcedb_tmp" "$_sqlstm"
- done
- _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
@@ -150,10 +176,52 @@ index 30f760c..ce46970 100755
- _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
- else
- echo "Falling back to the latest microcode date"
-- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
+- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;")
- fi
- echo DONE "(version $_intel_latest_date)"
-
+- # now parse the most recent linux-firmware amd-ucode README file
+- _info_nol "Fetching latest amd-ucode README from linux-firmware project... "
+- linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+- linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
+- if command -v wget >/dev/null 2>&1; then
+- wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
+- elif command -v curl >/dev/null 2>&1; then
+- curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- elif command -v fetch >/dev/null 2>&1; then
+- fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- else
+- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
+- return 1
+- fi
+- if [ "$ret" != 0 ]; then
+- echo ERROR "error $ret while downloading linux-firmware README"
+- return $ret
+- fi
+- echo DONE
+-
+- _info_nol "Parsing the README... "
+- nbfound=0
+- for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do
+- _debug "Parsing line $line"
+- _family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2)
+- _model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2)
+- _stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$(printf "0x%08X" "$(( _version ))")
+- _cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping")
+- _cpuid=$(printf "0x%08X" "$_cpuid")
+- _date="20000101"
+- _sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _debug "family $_family model $_model stepping $_stepping cpuid $_cpuid"
+- _debug "$_sqlstm"
+- sqlite3 "$mcedb_tmp" "$_sqlstm"
+- nbfound=$((nbfound + 1))
+- unset _family _model _stepping _version _cpuid _date _sqlstm
+- done
+- echo "found $nbfound microcodes"
+- unset nbfound
+-
- dbversion="$mcedb_revision+i$_intel_latest_date"
-
- if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
@@ -165,8 +233,11 @@ index 30f760c..ce46970 100755
- {
- echo "# Spectre & Meltdown Checker";
- echo "# %%% MCEDB v$dbversion";
-- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
-- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
+- # ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw
+- sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);"
+- # we'll use the more recent fw for Intel and AMD
+- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
+- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
- } > "$mcedb_cache"
- echo DONE "(version $dbversion)"
-
@@ -182,7 +253,7 @@ index 30f760c..ce46970 100755
parse_opt_file()
{
# parse_opt_file option_name option_value
-@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do
+@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do
# deprecated, kept for compatibility
opt_explain=0
shift
@@ -204,7 +275,7 @@ index 30f760c..ce46970 100755
elif [ "$1" = "--dump-mock-data" ]; then
opt_mock=1
shift
-@@ -2033,21 +1891,11 @@ is_xen_domU()
+@@ -2192,21 +1981,11 @@ is_xen_domU()
fi
}
@@ -228,7 +299,7 @@ index 30f760c..ce46970 100755
fi
read_mcedb()
{
-@@ -2063,7 +1911,9 @@ is_latest_known_ucode()
+@@ -2222,7 +2001,9 @@ is_latest_known_ucode()
return 2
fi
ucode_latest="latest microcode version for your CPU model is unknown"
@@ -240,5 +311,5 @@ index 30f760c..ce46970 100755
elif is_amd; then
cpu_brand_prefix=A
--
-2.38.1
+2.41.0
diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
deleted file mode 100644
index c0e24d8eed..0000000000
--- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001
-From: Hilton Chain <hako <at> ultrarare.space>
-Date: Sat, 5 Nov 2022 23:22:31 +0800
-Subject: [PATCH] Locate the kernel bzimage used by Guix System
-
----
- spectre-meltdown-checker.sh | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 248a444..855a090 100755
---- a/spectre-meltdown-checker.sh
-+++ b/spectre-meltdown-checker.sh
-@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
- [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
- # NixOS:
- [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel"
-+ # Guix System:
-+ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage"
- # systemd kernel-install:
- [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux"
- # Clear Linux:
-
-base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
---
-2.38.0
base-commit: c7e45139faa27b60f2c7d0a4bc140f9793d97d47
--
2.41.0
hako <at> ultrarare.space, leo <at> famulari.name, me <at> tobias.gr, guix-patches <at> gnu.org:bug#64889; Package guix-patches.
(Sat, 30 Sep 2023 05:30:02 GMT) Full text and rfc822 format available.Message #8 received at 64889 <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: 64889 <at> debbugs.gnu.org Cc: Hilton Chain <hako <at> ultrarare.space> Subject: [PATCH v2] gnu: spectre-meltdown-checker: Update to 0.46. Date: Sat, 30 Sep 2023 13:28:13 +0800
* gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update
patch.
* gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46.
[#:phases]<fixpath>: Correct name for bunzip2.
Substitute lzop and mktemp as well.
---
V1 -> V2: Rebase.
gnu/local.mk | 1 -
gnu/packages/linux.scm | 13 +--
...re-meltdown-checker-externalize-fwdb.patch | 109 +++++++++++++++---
...spectre-meltdown-checker-find-kernel.patch | 26 -----
4 files changed, 96 insertions(+), 53 deletions(-)
delete mode 100644 gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 7c208b9c0d..00cd446a9e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1985,7 +1985,6 @@ dist_patch_DATA = \
%D%/packages/patches/softhsm-fix-openssl3-tests.patch \
%D%/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch \
%D%/packages/patches/spdlog-fix-tests.patch \
- %D%/packages/patches/spectre-meltdown-checker-find-kernel.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \
%D%/packages/patches/sssd-system-directories.patch \
%D%/packages/patches/steghide-fixes.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index c6fceaf81c..abfe780b7b 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10316,7 +10316,7 @@ (define-public edac-utils
(define-public spectre-meltdown-checker
(package
(name "spectre-meltdown-checker")
- (version "0.45")
+ (version "0.46")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -10325,15 +10325,14 @@ (define-public spectre-meltdown-checker
(file-name (git-file-name name version))
(patches
(search-patches
- "spectre-meltdown-checker-externalize-fwdb.patch"
- "spectre-meltdown-checker-find-kernel.patch"))
+ "spectre-meltdown-checker-externalize-fwdb.patch"))
;; Remove builtin firmware database.
(modules '((guix build utils)))
(snippet '(substitute* "spectre-meltdown-checker.sh"
(("^# [AI],.*") "")))
(sha256
(base32
- "1xx8h5791lhc2xw0dcbzjkklzvlxwxkjzh8di4g8divfy24fqsn8"))))
+ "0j42p6dayb7k87kf8sqimxlaswis3qh0569a15zccyknv9vf129k"))))
(build-system copy-build-system)
(arguments
(list
@@ -10352,11 +10351,11 @@ (define-public spectre-meltdown-checker
(find-command inputs cmd))
;; Commands safe to substitute directly.
- (("\\<(awk|(base|dir)name|bunzip|g(un)?zip|lz4)\\>" all cmd)
+ (("\\<(awk|(base|dir)name|bunzip2|g(un)?zip|lz4)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(modprobe|pgrep|rmmod|umount|unlzma)\\>" all cmd)
+ (("\\<(lzop|mktemp|modprobe|pgrep|rmmod|umount)\\>" all cmd)
(find-command inputs cmd))
- (("\\<(unxz|unzstd|uuencode)\\>" all cmd)
+ (("\\<(unlzma|unxz|unzstd|uuencode)\\>" all cmd)
(find-command inputs cmd))
;; Commands which should only be substituted based on their
diff --git a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
index cce70b880f..35673ceb91 100644
--- a/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
+++ b/gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch
@@ -1,27 +1,28 @@
-From 340b08737e552c3c186863d76d123808d853a159 Mon Sep 17 00:00:00 2001
+From 8caeb440a176cb7f8908403da51106c74e2b5cb8 Mon Sep 17 00:00:00 2001
From: Hilton Chain <hako <at> ultrarare.space>
-Date: Sat, 12 Nov 2022 22:45:24 +0800
+Date: Thu, 27 Jul 2023 14:45:14 +0800
Subject: [PATCH] Replace fwdb downloader with a local file option.
Also warn about non-free software.
---
- spectre-meltdown-checker.sh | 180 +++---------------------------------
- 1 file changed, 15 insertions(+), 165 deletions(-)
+ spectre-meltdown-checker.sh | 253 +++---------------------------------
+ 1 file changed, 17 insertions(+), 236 deletions(-)
diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 30f760c..ce46970 100755
+index e7b6b33..33bdf71 100755
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
-@@ -22,8 +22,6 @@ exit_cleanup()
+@@ -23,9 +23,6 @@ exit_cleanup()
[ -n "${dumped_config:-}" ] && [ -f "$dumped_config" ] && rm -f "$dumped_config"
[ -n "${kerneltmp:-}" ] && [ -f "$kerneltmp" ] && rm -f "$kerneltmp"
[ -n "${kerneltmp2:-}" ] && [ -f "$kerneltmp2" ] && rm -f "$kerneltmp2"
- [ -n "${mcedb_tmp:-}" ] && [ -f "$mcedb_tmp" ] && rm -f "$mcedb_tmp"
- [ -n "${intel_tmp:-}" ] && [ -d "$intel_tmp" ] && rm -rf "$intel_tmp"
+- [ -n "${linuxfw_tmp:-}" ] && [ -f "$linuxfw_tmp" ] && rm -f "$linuxfw_tmp"
[ "${mounted_debugfs:-}" = 1 ] && umount /sys/kernel/debug 2>/dev/null
[ "${mounted_procfs:-}" = 1 ] && umount "$procfs" 2>/dev/null
[ "${insmod_cpuid:-}" = 1 ] && rmmod cpuid 2>/dev/null
-@@ -93,9 +91,9 @@ show_usage()
+@@ -97,9 +94,9 @@ show_usage()
--vmm [auto,yes,no] override the detection of the presence of a hypervisor, default: auto
--allow-msr-write allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
--cpu [#,all] interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
@@ -34,10 +35,33 @@ index 30f760c..ce46970 100755
--dump-mock-data used to mimick a CPU on an other system, mainly used to help debugging this script
Return codes:
-@@ -837,147 +833,6 @@ show_header()
+@@ -858,217 +855,6 @@ show_header()
_info
}
+-# Family-Model-Stepping to CPUID
+-# prints CPUID in base-10 to stdout
+-fms2cpuid()
+-{
+- _family="$1"
+- _model="$2"
+- _stepping="$3"
+-
+- if [ "$(( _family ))" -le 15 ]; then
+- _extfamily=0
+- _lowfamily=$(( _family ))
+- else
+- # when we have a family > 0xF, then lowfamily is stuck at 0xF
+- # and extfamily is ADDED to it (as in "+"), to ensure old software
+- # never sees a lowfamily < 0xF for newer families
+- _lowfamily=15
+- _extfamily=$(( (_family) - 15 ))
+- fi
+- _extmodel=$(( (_model & 0xF0 ) >> 4 ))
+- _lowmodel=$(( (_model & 0x0F ) >> 0 ))
+- echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
+-}
+-
-[ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
-mcedb_cache="$HOME/.mcedb"
-update_fwdb()
@@ -97,13 +121,15 @@ index 30f760c..ce46970 100755
- echo ERROR "please install the \`sqlite3\` program"
- return 1
- fi
-- mcedb_revision=$(sqlite3 "$mcedb_tmp" "select revision from MCE")
+- mcedb_revision=$(sqlite3 "$mcedb_tmp" "SELECT \"revision\" from \"MCE\"")
- if [ -z "$mcedb_revision" ]; then
- echo ERROR "downloaded file seems invalid"
- return 1
- fi
-- sqlite3 "$mcedb_tmp" "alter table Intel add column origin text"
-- sqlite3 "$mcedb_tmp" "update Intel set origin='mce'"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"Intel\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "ALTER TABLE \"AMD\" ADD COLUMN \"origin\" TEXT"
+- sqlite3 "$mcedb_tmp" "UPDATE \"Intel\" SET \"origin\"='mce'"
+- sqlite3 "$mcedb_tmp" "UPDATE \"AMD\" SET \"origin\"='mce'"
-
- echo OK "MCExtractor database revision $mcedb_revision"
-
@@ -141,7 +167,7 @@ index 30f760c..ce46970 100755
- _version=$(echo "$_line" | awk '{print $8}')
- _version=$(( _version ))
- _version=$(printf "0x%08X" "$_version")
-- _sqlstm="$(printf "INSERT INTO Intel (origin,cpuid,version,yyyymmdd) VALUES (\"%s\",\"%s\",\"%s\",\"%s\");" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _sqlstm="$(printf "INSERT INTO \"Intel\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "intel" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
- sqlite3 "$mcedb_tmp" "$_sqlstm"
- done
- _intel_timestamp=$(stat -c %Y "$intel_tmp/Intel-Linux-Processor-Microcode-Data-Files-main/license" 2>/dev/null)
@@ -150,10 +176,52 @@ index 30f760c..ce46970 100755
- _intel_latest_date=$(date +%Y%m%d -d @"$_intel_timestamp")
- else
- echo "Falling back to the latest microcode date"
-- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT yyyymmdd from Intel WHERE origin = 'intel' ORDER BY yyyymmdd DESC LIMIT 1;")
+- _intel_latest_date=$(sqlite3 "$mcedb_tmp" "SELECT \"yyyymmdd\" FROM \"Intel\" WHERE \"origin\"='intel' ORDER BY \"yyyymmdd\" DESC LIMIT 1;")
- fi
- echo DONE "(version $_intel_latest_date)"
-
+- # now parse the most recent linux-firmware amd-ucode README file
+- _info_nol "Fetching latest amd-ucode README from linux-firmware project... "
+- linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+- linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
+- if command -v wget >/dev/null 2>&1; then
+- wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
+- elif command -v curl >/dev/null 2>&1; then
+- curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- elif command -v fetch >/dev/null 2>&1; then
+- fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
+- else
+- echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
+- return 1
+- fi
+- if [ "$ret" != 0 ]; then
+- echo ERROR "error $ret while downloading linux-firmware README"
+- return $ret
+- fi
+- echo DONE
+-
+- _info_nol "Parsing the README... "
+- nbfound=0
+- for line in $(grep -E 'Family=0x[0-9a-f]+ Model=0x[0-9a-f]+ Stepping=0x[0-9a-f]+: Patch=0x[0-9a-f]+' "$linuxfw_tmp" | tr " " ","); do
+- _debug "Parsing line $line"
+- _family=$( echo "$line" | grep -Eoi 'Family=0x[0-9a-f]+' | cut -d= -f2)
+- _model=$( echo "$line" | grep -Eoi 'Model=0x[0-9a-f]+' | cut -d= -f2)
+- _stepping=$(echo "$line" | grep -Eoi 'Stepping=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$( echo "$line" | grep -Eoi 'Patch=0x[0-9a-f]+' | cut -d= -f2)
+- _version=$(printf "0x%08X" "$(( _version ))")
+- _cpuid=$(fms2cpuid "$_family" "$_model" "$_stepping")
+- _cpuid=$(printf "0x%08X" "$_cpuid")
+- _date="20000101"
+- _sqlstm="$(printf "INSERT INTO \"AMD\" (\"origin\",\"cpuid\",\"version\",\"yyyymmdd\") VALUES ('%s','%s','%s','%s');" "linux-firmware" "$(printf "%08X" "$_cpuid")" "$(printf "%08X" "$_version")" "$_date")"
+- _debug "family $_family model $_model stepping $_stepping cpuid $_cpuid"
+- _debug "$_sqlstm"
+- sqlite3 "$mcedb_tmp" "$_sqlstm"
+- nbfound=$((nbfound + 1))
+- unset _family _model _stepping _version _cpuid _date _sqlstm
+- done
+- echo "found $nbfound microcodes"
+- unset nbfound
+-
- dbversion="$mcedb_revision+i$_intel_latest_date"
-
- if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
@@ -165,8 +233,11 @@ index 30f760c..ce46970 100755
- {
- echo "# Spectre & Meltdown Checker";
- echo "# %%% MCEDB v$dbversion";
-- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM Intel AS t1 LEFT OUTER JOIN Intel AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
-- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||t1.cpuid||',0x'||MAX(t1.version)||','||t1.yyyymmdd FROM AMD AS t1 LEFT OUTER JOIN AMD AS t2 ON t2.cpuid=t1.cpuid AND t2.yyyymmdd > t1.yyyymmdd WHERE t2.yyyymmdd IS NULL GROUP BY t1.cpuid ORDER BY t1.cpuid ASC;" | grep -v '^# .,0x00000000,';
+- # ensure the official Intel DB always has precedence over mcedb, even if mcedb has seen a more recent fw
+- sqlite3 "$mcedb_tmp" "DELETE FROM \"Intel\" WHERE \"origin\"!='intel' AND \"cpuid\" IN (SELECT \"cpuid\" FROM \"Intel\" WHERE \"origin\"='intel' GROUP BY \"cpuid\" ORDER BY \"cpuid\" ASC);"
+- # we'll use the more recent fw for Intel and AMD
+- sqlite3 "$mcedb_tmp" "SELECT '# I,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"Intel\" AS \"t1\" LEFT OUTER JOIN \"Intel\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
+- sqlite3 "$mcedb_tmp" "SELECT '# A,0x'||\"t1\".\"cpuid\"||',0x'||MAX(\"t1\".\"version\")||','||\"t1\".\"yyyymmdd\" FROM \"AMD\" AS \"t1\" LEFT OUTER JOIN \"AMD\" AS \"t2\" ON \"t2\".\"cpuid\"=\"t1\".\"cpuid\" AND \"t2\".\"yyyymmdd\" > \"t1\".\"yyyymmdd\" WHERE \"t2\".\"yyyymmdd\" IS NULL GROUP BY \"t1\".\"cpuid\" ORDER BY \"t1\".\"cpuid\" ASC;" | grep -v '^# .,0x00000000,';
- } > "$mcedb_cache"
- echo DONE "(version $dbversion)"
-
@@ -182,7 +253,7 @@ index 30f760c..ce46970 100755
parse_opt_file()
{
# parse_opt_file option_name option_value
-@@ -1067,12 +922,15 @@ while [ -n "${1:-}" ]; do
+@@ -1158,12 +944,15 @@ while [ -n "${1:-}" ]; do
# deprecated, kept for compatibility
opt_explain=0
shift
@@ -204,7 +275,7 @@ index 30f760c..ce46970 100755
elif [ "$1" = "--dump-mock-data" ]; then
opt_mock=1
shift
-@@ -2033,21 +1891,11 @@ is_xen_domU()
+@@ -2192,21 +1981,11 @@ is_xen_domU()
fi
}
@@ -228,7 +299,7 @@ index 30f760c..ce46970 100755
fi
read_mcedb()
{
-@@ -2063,7 +1911,9 @@ is_latest_known_ucode()
+@@ -2222,7 +2001,9 @@ is_latest_known_ucode()
return 2
fi
ucode_latest="latest microcode version for your CPU model is unknown"
@@ -240,5 +311,5 @@ index 30f760c..ce46970 100755
elif is_amd; then
cpu_brand_prefix=A
--
-2.38.1
+2.41.0
diff --git a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch b/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
deleted file mode 100644
index c0e24d8eed..0000000000
--- a/gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 5b757d930ec0cf102b03fb9817d17e06c72e74b3 Mon Sep 17 00:00:00 2001
-From: Hilton Chain <hako <at> ultrarare.space>
-Date: Sat, 5 Nov 2022 23:22:31 +0800
-Subject: [PATCH] Locate the kernel bzimage used by Guix System
-
----
- spectre-meltdown-checker.sh | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/spectre-meltdown-checker.sh b/spectre-meltdown-checker.sh
-index 248a444..855a090 100755
---- a/spectre-meltdown-checker.sh
-+++ b/spectre-meltdown-checker.sh
-@@ -2251,6 +2251,8 @@ if [ "$opt_live" = 1 ]; then
- [ -e "/boot/kernel-genkernel-$(uname -m)-$(uname -r)" ] && opt_kernel="/boot/kernel-genkernel-$(uname -m)-$(uname -r)"
- # NixOS:
- [ -e "/run/booted-system/kernel" ] && opt_kernel="/run/booted-system/kernel"
-+ # Guix System:
-+ [ -e "/run/booted-system/kernel/bzImage" ] && opt_kernel="/run/booted-system/kernel/bzImage"
- # systemd kernel-install:
- [ -e "/etc/machine-id" ] && [ -e "/boot/$(cat /etc/machine-id)/$(uname -r)/linux" ] && opt_kernel="/boot/$(cat /etc/machine-id)/$(uname -r)/linux"
- # Clear Linux:
-
-base-commit: a6c943d38f315f339697ec26e7374a09b88f2183
---
-2.38.0
base-commit: b268842ec4808f5030f3bda95f52ff39dd88e3ad
--
2.41.0
guix-patches <at> gnu.org:bug#64889; Package guix-patches.
(Mon, 02 Oct 2023 15:10:01 GMT) Full text and rfc822 format available.Message #11 received at 64889 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Hilton Chain <hako <at> ultrarare.space> Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 64889 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name> Subject: Re: bug#64889: [PATCH] gnu: spectre-meltdown-checker: Update to 0.46. Date: Mon, 02 Oct 2023 17:09:20 +0200
Hi, Hilton Chain <hako <at> ultrarare.space> skribis: > * gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update > patch. > * gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file > * gnu/local.mk (dist_patch_DATA): Remove it. > * gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46. > [#:phases]<fixpath>: Correct name for bunzip2. > Substitute lzop and mktemp as well. LGTM! Ludo’.
Hilton Chain <hako <at> ultrarare.space>:Hilton Chain <hako <at> ultrarare.space>:Message #16 received at 64889-done <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: Ludovic Courtès <ludo <at> gnu.org> Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 64889-done <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name> Subject: Close: bug#64889: [PATCH] gnu: spectre-meltdown-checker: Update to 0.46. Date: Tue, 03 Oct 2023 20:58:02 +0800
Hi Ludo, On Mon, 02 Oct 2023 23:09:20 +0800, Ludovic Courtès wrote: > > Hi, > > Hilton Chain <hako <at> ultrarare.space> skribis: > > > * gnu/packages/patches/spectre-meltdown-checker-externalize-fwdb.patch: Update > > patch. > > * gnu/packages/patches/spectre-meltdown-checker-find-kernel.patch: Delete file > > * gnu/local.mk (dist_patch_DATA): Remove it. > > * gnu/packages/linux.scm (spectre-meltdown-checker): Update to 0.46. > > [#:phases]<fixpath>: Correct name for bunzip2. > > Substitute lzop and mktemp as well. > > LGTM! Thank you! Pushed this as 99a46ecb2647148f64da3c7e4bd6bfee3b89cdd4.
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Wed, 01 Nov 2023 11:24:14 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.