1 |
commit: 18ccb7f1533c05dd92085fb2c176154700afecfa |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Sep 24 14:28:49 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Sep 24 14:28:56 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18ccb7f1 |
7 |
|
8 |
sys-firmware/intel-microcode: bump |
9 |
|
10 |
- New microcode: |
11 |
|
12 |
sig 0x000806e9, pf_mask 0x10, 2018-06-26, rev 0x0098 |
13 |
|
14 |
- Updated microcodes: |
15 |
|
16 |
sig 0x00050655, pf_mask 0xb7, 2018-03-14, rev 0x3000009 -> 2018-04-27, rev 0x300000b |
17 |
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028 -> 2018-07-25, rev 0x002a |
18 |
|
19 |
Package-Manager: Portage-2.3.50, Repoman-2.3.11 |
20 |
|
21 |
sys-firmware/intel-microcode/Manifest | 1 + |
22 |
.../intel-microcode-20180807a_p20180922.ebuild | 253 +++++++++++++++++++++ |
23 |
2 files changed, 254 insertions(+) |
24 |
|
25 |
diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest |
26 |
index 2730dbac48e..b865a5e6ce6 100644 |
27 |
--- a/sys-firmware/intel-microcode/Manifest |
28 |
+++ b/sys-firmware/intel-microcode/Manifest |
29 |
@@ -1,2 +1,3 @@ |
30 |
DIST intel-microcode-collection-20180916.tar.xz 4414792 BLAKE2B e0dee0ef27e5d5460a4856b73a0a3940e563b649912f648cf45c109404666b7ebffb3bcce900f2eb48502b8ef2f0410cdde39eb478879e79cca4414f326c6947 SHA512 ac1964cbaffdf8a5e42ea80fd6898583f3f97a3163b0b661bcc0a83f6a1e9ba0c0a22bc79b8aadb759e5d02f77d2e2c04bd16c8811a277eb261a9a5e3bae3761 |
31 |
+DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646 |
32 |
DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10 |
33 |
|
34 |
diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild |
35 |
new file mode 100644 |
36 |
index 00000000000..42757b59066 |
37 |
--- /dev/null |
38 |
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild |
39 |
@@ -0,0 +1,253 @@ |
40 |
+# Copyright 1999-2018 Gentoo Authors |
41 |
+# Distributed under the terms of the GNU General Public License v2 |
42 |
+ |
43 |
+EAPI="6" |
44 |
+ |
45 |
+inherit linux-info toolchain-funcs mount-boot |
46 |
+ |
47 |
+# Find updates by searching and clicking the first link (hopefully it's the one): |
48 |
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File |
49 |
+ |
50 |
+COLLECTION_SNAPSHOT="${PV##*_p}" |
51 |
+INTEL_SNAPSHOT="${PV/_p*}" |
52 |
+NUM="28087" |
53 |
+DESCRIPTION="Intel IA32/IA64 microcode update data" |
54 |
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}" |
55 |
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz |
56 |
+ https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz" |
57 |
+ |
58 |
+LICENSE="intel-ucode" |
59 |
+SLOT="0" |
60 |
+KEYWORDS="-* ~amd64 ~x86" |
61 |
+IUSE="hostonly initramfs +split-ucode vanilla" |
62 |
+REQUIRED_USE="|| ( initramfs split-ucode )" |
63 |
+ |
64 |
+DEPEND="sys-apps/iucode_tool" |
65 |
+ |
66 |
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586 |
67 |
+RDEPEND="hostonly? ( sys-apps/iucode_tool )" |
68 |
+ |
69 |
+RESTRICT="binchecks bindist mirror strip" |
70 |
+ |
71 |
+S=${WORKDIR} |
72 |
+ |
73 |
+# Blacklist bad microcode here. |
74 |
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader |
75 |
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1" |
76 |
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}" |
77 |
+ |
78 |
+# In case we want to set some defaults ... |
79 |
+MICROCODE_SIGNATURES_DEFAULT="" |
80 |
+ |
81 |
+# Advanced users only: |
82 |
+# merge with: |
83 |
+# only current CPU: MICROCODE_SIGNATURES="-S" |
84 |
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" |
85 |
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" |
86 |
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}" |
87 |
+ |
88 |
+pkg_pretend() { |
89 |
+ use initramfs && mount-boot_pkg_pretend |
90 |
+} |
91 |
+ |
92 |
+src_prepare() { |
93 |
+ default |
94 |
+ |
95 |
+ # Prevent "invalid file format" errors from iucode_tool |
96 |
+ rm -f "${S}"/intel-ucod*/list || die |
97 |
+} |
98 |
+ |
99 |
+src_install() { |
100 |
+ # This will take ALL of the upstream microcode sources: |
101 |
+ # - microcode.dat |
102 |
+ # - intel-ucode/ |
103 |
+ # In some cases, they have not contained the same content (eg the directory has newer stuff). |
104 |
+ MICROCODE_SRC=( |
105 |
+ "${S}"/intel-ucode/ |
106 |
+ "${S}"/intel-ucode-with-caveats/ |
107 |
+ ) |
108 |
+ |
109 |
+ # Allow users who are scared about microcode updates not included in Intel's official |
110 |
+ # microcode tarball to opt-out and comply with Intel marketing |
111 |
+ if ! use vanilla; then |
112 |
+ MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} ) |
113 |
+ fi |
114 |
+ |
115 |
+ opts=( |
116 |
+ ${MICROCODE_BLACKLIST} |
117 |
+ ${MICROCODE_SIGNATURES} |
118 |
+ # be strict about what we are doing |
119 |
+ --overwrite |
120 |
+ --strict-checks |
121 |
+ --no-ignore-broken |
122 |
+ # we want to install latest version |
123 |
+ --no-downgrade |
124 |
+ # show everything we find |
125 |
+ --list-all |
126 |
+ # show what we selected |
127 |
+ --list |
128 |
+ ) |
129 |
+ |
130 |
+ # The earlyfw cpio needs to be in /boot because it must be loaded before |
131 |
+ # rootfs is mounted. |
132 |
+ use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img ) |
133 |
+ # split location (we use a temporary location so that we are able |
134 |
+ # to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry |
135 |
+ # this folder to pkg_preinst to avoid an error even if no microcode was selected): |
136 |
+ keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode ) |
137 |
+ |
138 |
+ iucode_tool \ |
139 |
+ "${opts[@]}" \ |
140 |
+ "${MICROCODE_SRC[@]}" \ |
141 |
+ || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}" |
142 |
+ |
143 |
+ dodoc releasenote |
144 |
+ |
145 |
+ # Record how package was created so we can show this in build.log |
146 |
+ # even for binary packages. |
147 |
+ if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then |
148 |
+ echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used" |
149 |
+ fi |
150 |
+ |
151 |
+ if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then |
152 |
+ echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used" |
153 |
+ fi |
154 |
+} |
155 |
+ |
156 |
+pkg_preinst() { |
157 |
+ if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then |
158 |
+ local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered") |
159 |
+ ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!" |
160 |
+ fi |
161 |
+ |
162 |
+ if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then |
163 |
+ local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered") |
164 |
+ ewarn "Package was created using advanced options:" |
165 |
+ ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!" |
166 |
+ fi |
167 |
+ |
168 |
+ # Make sure /boot is available if needed. |
169 |
+ use initramfs && mount-boot_pkg_preinst |
170 |
+ |
171 |
+ local _initramfs_file="${ED%/}/boot/intel-uc.img" |
172 |
+ local _ucode_dir="${ED%/}/lib/firmware/intel-ucode" |
173 |
+ |
174 |
+ if use hostonly; then |
175 |
+ # While this output looks redundant we do this check to detect |
176 |
+ # rare cases where iucode_tool was unable to detect system's processor(s). |
177 |
+ local _detected_processors=$(iucode_tool --scan-system 2>&1) |
178 |
+ if [[ -z "${_detected_processors}" ]]; then |
179 |
+ ewarn "Looks like iucode_tool was unable to detect any processor!" |
180 |
+ else |
181 |
+ einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..." |
182 |
+ fi |
183 |
+ |
184 |
+ opts=( |
185 |
+ --scan-system |
186 |
+ # be strict about what we are doing |
187 |
+ --overwrite |
188 |
+ --strict-checks |
189 |
+ --no-ignore-broken |
190 |
+ # we want to install latest version |
191 |
+ --no-downgrade |
192 |
+ # show everything we find |
193 |
+ --list-all |
194 |
+ # show what we selected |
195 |
+ --list |
196 |
+ ) |
197 |
+ |
198 |
+ # The earlyfw cpio needs to be in /boot because it must be loaded before |
199 |
+ # rootfs is mounted. |
200 |
+ use initramfs && opts+=( --write-earlyfw=${_initramfs_file} ) |
201 |
+ # split location: |
202 |
+ use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} ) |
203 |
+ |
204 |
+ iucode_tool \ |
205 |
+ "${opts[@]}" \ |
206 |
+ "${ED%/}"/tmp/intel-ucode \ |
207 |
+ || die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode" |
208 |
+ |
209 |
+ else |
210 |
+ if use split-ucode; then |
211 |
+ # Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ... |
212 |
+ dodir /lib/firmware |
213 |
+ mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!" |
214 |
+ fi |
215 |
+ fi |
216 |
+ |
217 |
+ # Because it is possible that this package will install not one single file |
218 |
+ # due to user selection which is still somehow unexpected we add the following |
219 |
+ # check to inform user so that the user has at least a chance to detect |
220 |
+ # a problem/invalid select. |
221 |
+ local _has_installed_something= |
222 |
+ if use initramfs && [[ -s "${_initramfs_file}" ]]; then |
223 |
+ _has_installed_something="yes" |
224 |
+ elif use split-ucode; then |
225 |
+ _has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;) |
226 |
+ fi |
227 |
+ |
228 |
+ if use hostonly && [[ -n "${_has_installed_something}" ]]; then |
229 |
+ elog "You only installed ucode(s) for all currently available (=online)" |
230 |
+ elog "processor(s). Remember to re-emerge this package whenever you" |
231 |
+ elog "change the system's processor model." |
232 |
+ elog "" |
233 |
+ elif [[ -z "${_has_installed_something}" ]]; then |
234 |
+ ewarn "WARNING:" |
235 |
+ if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then |
236 |
+ ewarn "No ucode was installed! Because you have created this package" |
237 |
+ ewarn "using MICROCODE_SIGNATURES variable please double check if you" |
238 |
+ ewarn "have an invalid select." |
239 |
+ ewarn "It's rare but it is also possible that just no ucode update" |
240 |
+ ewarn "is available for your processor(s). In this case it is safe" |
241 |
+ ewarn "to ignore this warning." |
242 |
+ else |
243 |
+ ewarn "No ucode was installed! It's rare but it is also possible" |
244 |
+ ewarn "that just no ucode update is available for your processor(s)." |
245 |
+ ewarn "In this case it is safe to ignore this warning." |
246 |
+ fi |
247 |
+ |
248 |
+ ewarn "" |
249 |
+ |
250 |
+ if use hostonly; then |
251 |
+ ewarn "Unset \"hostonly\" USE flag to install all available ucodes." |
252 |
+ ewarn "" |
253 |
+ fi |
254 |
+ fi |
255 |
+ |
256 |
+ # Cleanup any temporary leftovers so that we don't merge any |
257 |
+ # unneeded files on disk. |
258 |
+ rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'" |
259 |
+} |
260 |
+ |
261 |
+pkg_prerm() { |
262 |
+ # Make sure /boot is mounted so that we can remove /boot/intel-uc.img! |
263 |
+ use initramfs && mount-boot_pkg_prerm |
264 |
+} |
265 |
+ |
266 |
+pkg_postrm() { |
267 |
+ # Don't forget to umount /boot if it was previously mounted by us. |
268 |
+ use initramfs && mount-boot_pkg_postrm |
269 |
+} |
270 |
+ |
271 |
+pkg_postinst() { |
272 |
+ # Don't forget to umount /boot if it was previously mounted by us. |
273 |
+ use initramfs && mount-boot_pkg_postinst |
274 |
+ |
275 |
+ # We cannot give detailed information if user is affected or not: |
276 |
+ # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES |
277 |
+ # to to force a specific, otherwise blacklisted, microcode. So we |
278 |
+ # only show a generic warning based on running kernel version: |
279 |
+ if kernel_is -lt 4 14 34; then |
280 |
+ ewarn "${P} contains microcode updates which require" |
281 |
+ ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." |
282 |
+ ewarn "Loading such a microcode through kernel interface from an unpatched kernel" |
283 |
+ ewarn "can crash your system!" |
284 |
+ ewarn "" |
285 |
+ ewarn "Those microcodes are blacklisted per default. However, if you have altered" |
286 |
+ ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally" |
287 |
+ ewarn "re-enabled those microcodes...!" |
288 |
+ ewarn "" |
289 |
+ ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update" |
290 |
+ ewarn "requires additional kernel patches or not." |
291 |
+ fi |
292 |
+} |