[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/
Date:	Mon, 29 Oct 2018 14:54:22
Message-Id:	`1540824838.c6563f92d74e1567bef1a1b9990760943978e5c2.whissi@gentoo`

1

commit:     c6563f92d74e1567bef1a1b9990760943978e5c2

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Mon Oct 29 13:24:26 2018 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Mon Oct 29 14:53:58 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6563f92

7

8

sys-firmware/intel-microcode: bump

9

10

- New microcode:

11

12

  sig 0x000506f0, pf_mask 0x01, 2016-06-07, rev 0x0010

13

14

- Updated microcodes:

15

16

  sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e -> 2018-09-05, rev 0xb000031

17

  sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d -> 2018-08-09, rev 0x2000050

18

  sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e    -> 2018-07-16, rev 0x009a

19

  sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096    -> 2018-10-18, rev 0x009e

20

  sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e    -> 2018-07-16, rev 0x009a

21

  sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096    -> 2018-07-16, rev 0x009a

22

  sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e    -> 2018-07-16, rev 0x009a

23

24

Package-Manager: Portage-2.3.51, Repoman-2.3.11

25

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

26

27

 sys-firmware/intel-microcode/Manifest              |   1 +

28

 .../intel-microcode-20180807a_p20181027.ebuild     | 253 +++++++++++++++++++++

29

 2 files changed, 254 insertions(+)

30

31

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest

32

index 9a0815d330a..59fe1a9b4b9 100644

33

--- a/sys-firmware/intel-microcode/Manifest

34

+++ b/sys-firmware/intel-microcode/Manifest

35

@@ -1,2 +1,3 @@

36

 DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646

37

+DIST intel-microcode-collection-20181027.tar.xz 4517880 BLAKE2B 189e23cfc77d89da945dec6e1762ce9ba16c1cbc0a618e80f3c328b3d9766ef3bb8e62c84c3a6f32ef994f426b5f00ff1ec520105ac7734f25a606e7cb036ec6 SHA512 fc96d0bbacea9da7a232a6482a7731a029c7e110c3358f917d99e1906c9a783b90df22dde2ad4043e8029a4e3ca5a86d43927b38f668456dfda4098d9d5f37c5

38

 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

39

40

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild

41

new file mode 100644

42

index 00000000000..42757b59066

43

--- /dev/null

44

+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild

45

@@ -0,0 +1,253 @@

46

+# Copyright 1999-2018 Gentoo Authors

47

+# Distributed under the terms of the GNU General Public License v2

48

+

49

+EAPI="6"

50

+

51

+inherit linux-info toolchain-funcs mount-boot

52

+

53

+# Find updates by searching and clicking the first link (hopefully it's the one):

54

+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File

55

+

56

+COLLECTION_SNAPSHOT="${PV##*_p}"

57

+INTEL_SNAPSHOT="${PV/_p*}"

58

+NUM="28087"

59

+DESCRIPTION="Intel IA32/IA64 microcode update data"

60

+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"

61

+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz

62

+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"

63

+

64

+LICENSE="intel-ucode"

65

+SLOT="0"

66

+KEYWORDS="-* ~amd64 ~x86"

67

+IUSE="hostonly initramfs +split-ucode vanilla"

68

+REQUIRED_USE="|| ( initramfs split-ucode )"

69

+

70

+DEPEND="sys-apps/iucode_tool"

71

+

72

+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586

73

+RDEPEND="hostonly? ( sys-apps/iucode_tool )"

74

+

75

+RESTRICT="binchecks bindist mirror strip"

76

+

77

+S=${WORKDIR}

78

+

79

+# Blacklist bad microcode here.

80

+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader

81

+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"

82

+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"

83

+

84

+# In case we want to set some defaults ...

85

+MICROCODE_SIGNATURES_DEFAULT=""

86

+

87

+# Advanced users only:

88

+# merge with:

89

+# only current CPU: MICROCODE_SIGNATURES="-S"

90

+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"

91

+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"

92

+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"

93

+

94

+pkg_pretend() {

95

+	use initramfs && mount-boot_pkg_pretend

96

+}

97

+

98

+src_prepare() {

99

+	default

100

+

101

+	# Prevent "invalid file format" errors from iucode_tool

102

+	rm -f "${S}"/intel-ucod*/list || die

103

+}

104

+

105

+src_install() {

106

+	# This will take ALL of the upstream microcode sources:

107

+	# - microcode.dat

108

+	# - intel-ucode/

109

+	# In some cases, they have not contained the same content (eg the directory has newer stuff).

110

+	MICROCODE_SRC=(

111

+		"${S}"/intel-ucode/

112

+		"${S}"/intel-ucode-with-caveats/

113

+	)

114

+

115

+	# Allow users who are scared about microcode updates not included in Intel's official

116

+	# microcode tarball to opt-out and comply with Intel marketing

117

+	if ! use vanilla; then

118

+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )

119

+	fi

120

+

121

+	opts=(

122

+		${MICROCODE_BLACKLIST}

123

+		${MICROCODE_SIGNATURES}

124

+		# be strict about what we are doing

125

+		--overwrite

126

+		--strict-checks

127

+		--no-ignore-broken

128

+		# we want to install latest version

129

+		--no-downgrade

130

+		# show everything we find

131

+		--list-all

132

+		# show what we selected

133

+		--list

134

+	)

135

+

136

+	# The earlyfw cpio needs to be in /boot because it must be loaded before

137

+	# rootfs is mounted.

138

+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )

139

+	# split location (we use a temporary location so that we are able

140

+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry

141

+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):

142

+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )

143

+

144

+	iucode_tool \

145

+		"${opts[@]}" \

146

+		"${MICROCODE_SRC[@]}" \

147

+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"

148

+

149

+	dodoc releasenote

150

+

151

+	# Record how package was created so we can show this in build.log

152

+	# even for binary packages.

153

+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then

154

+		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"

155

+	fi

156

+

157

+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then

158

+		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"

159

+	fi

160

+}

161

+

162

+pkg_preinst() {

163

+	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then

164

+		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")

165

+		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"

166

+	fi

167

+

168

+	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then

169

+		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")

170

+		ewarn "Package was created using advanced options:"

171

+		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"

172

+	fi

173

+

174

+	# Make sure /boot is available if needed.

175

+	use initramfs && mount-boot_pkg_preinst

176

+

177

+	local _initramfs_file="${ED%/}/boot/intel-uc.img"

178

+	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"

179

+

180

+	if use hostonly; then

181

+		# While this output looks redundant we do this check to detect

182

+		# rare cases where iucode_tool was unable to detect system's processor(s).

183

+		local _detected_processors=$(iucode_tool --scan-system 2>&1)

184

+		if [[ -z "${_detected_processors}" ]]; then

185

+			ewarn "Looks like iucode_tool was unable to detect any processor!"

186

+		else

187

+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."

188

+		fi

189

+

190

+		opts=(

191

+			--scan-system

192

+			# be strict about what we are doing

193

+			--overwrite

194

+			--strict-checks

195

+			--no-ignore-broken

196

+			# we want to install latest version

197

+			--no-downgrade

198

+			# show everything we find

199

+			--list-all

200

+			# show what we selected

201

+			--list

202

+		)

203

+

204

+		# The earlyfw cpio needs to be in /boot because it must be loaded before

205

+		# rootfs is mounted.

206

+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )

207

+		# split location:

208

+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )

209

+

210

+		iucode_tool \

211

+			"${opts[@]}" \

212

+			"${ED%/}"/tmp/intel-ucode \

213

+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"

214

+

215

+	else

216

+		if use split-ucode; then

217

+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...

218

+			dodir /lib/firmware

219

+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"

220

+		fi

221

+	fi

222

+

223

+	# Because it is possible that this package will install not one single file

224

+	# due to user selection which is still somehow unexpected we add the following

225

+	# check to inform user so that the user has at least a chance to detect

226

+	# a problem/invalid select.

227

+	local _has_installed_something=

228

+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then

229

+		_has_installed_something="yes"

230

+	elif use split-ucode; then

231

+		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)

232

+	fi

233

+

234

+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then

235

+		elog "You only installed ucode(s) for all currently available (=online)"

236

+		elog "processor(s). Remember to re-emerge this package whenever you"

237

+		elog "change the system's processor model."

238

+		elog ""

239

+	elif [[ -z "${_has_installed_something}" ]]; then

240

+		ewarn "WARNING:"

241

+		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then

242

+			ewarn "No ucode was installed! Because you have created this package"

243

+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"

244

+			ewarn "have an invalid select."

245

+			ewarn "It's rare but it is also possible that just no ucode update"

246

+			ewarn "is available for your processor(s). In this case it is safe"

247

+			ewarn "to ignore this warning."

248

+		else

249

+			ewarn "No ucode was installed! It's rare but it is also possible"

250

+			ewarn "that just no ucode update is available for your processor(s)."

251

+			ewarn "In this case it is safe to ignore this warning."

252

+		fi

253

+

254

+		ewarn ""

255

+

256

+		if use hostonly; then

257

+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."

258

+			ewarn ""

259

+		fi

260

+	fi

261

+

262

+	# Cleanup any temporary leftovers so that we don't merge any

263

+	# unneeded files on disk.

264

+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"

265

+}

266

+

267

+pkg_prerm() {

268

+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!

269

+	use initramfs && mount-boot_pkg_prerm

270

+}

271

+

272

+pkg_postrm() {

273

+	# Don't forget to umount /boot if it was previously mounted by us.

274

+	use initramfs && mount-boot_pkg_postrm

275

+}

276

+

277

+pkg_postinst() {

278

+	# Don't forget to umount /boot if it was previously mounted by us.

279

+	use initramfs && mount-boot_pkg_postinst

280

+

281

+	# We cannot give detailed information if user is affected or not:

282

+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES

283

+	# to to force a specific, otherwise blacklisted, microcode. So we

284

+	# only show a generic warning based on running kernel version:

285

+	if kernel_is -lt 4 14 34; then

286

+		ewarn "${P} contains microcode updates which require"

287

+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."

288

+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"

289

+		ewarn "can crash your system!"

290

+		ewarn ""

291

+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"

292

+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"

293

+		ewarn "re-enabled those microcodes...!"

294

+		ewarn ""

295

+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"

296

+		ewarn "requires additional kernel patches or not."

297

+	fi

298

+}

1	commit: c6563f92d74e1567bef1a1b9990760943978e5c2
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Mon Oct 29 13:24:26 2018 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Mon Oct 29 14:53:58 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6563f92
7
8	sys-firmware/intel-microcode: bump
9
10	- New microcode:
11
12	sig 0x000506f0, pf_mask 0x01, 2016-06-07, rev 0x0010
13
14	- Updated microcodes:
15
16	sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e -> 2018-09-05, rev 0xb000031
17	sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d -> 2018-08-09, rev 0x2000050
18	sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e -> 2018-07-16, rev 0x009a
19	sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096 -> 2018-10-18, rev 0x009e
20	sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e -> 2018-07-16, rev 0x009a
21	sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096 -> 2018-07-16, rev 0x009a
22	sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e -> 2018-07-16, rev 0x009a
23
24	Package-Manager: Portage-2.3.51, Repoman-2.3.11
25	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
26
27	sys-firmware/intel-microcode/Manifest \| 1 +
28	.../intel-microcode-20180807a_p20181027.ebuild \| 253 +++++++++++++++++++++
29	2 files changed, 254 insertions(+)
30
31	diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
32	index 9a0815d330a..59fe1a9b4b9 100644
33	--- a/sys-firmware/intel-microcode/Manifest
34	+++ b/sys-firmware/intel-microcode/Manifest
35	@@ -1,2 +1,3 @@
36	DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646
37	+DIST intel-microcode-collection-20181027.tar.xz 4517880 BLAKE2B 189e23cfc77d89da945dec6e1762ce9ba16c1cbc0a618e80f3c328b3d9766ef3bb8e62c84c3a6f32ef994f426b5f00ff1ec520105ac7734f25a606e7cb036ec6 SHA512 fc96d0bbacea9da7a232a6482a7731a029c7e110c3358f917d99e1906c9a783b90df22dde2ad4043e8029a4e3ca5a86d43927b38f668456dfda4098d9d5f37c5
38	DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10
39
40	diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
41	new file mode 100644
42	index 00000000000..42757b59066
43	--- /dev/null
44	+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
45	@@ -0,0 +1,253 @@
46	+# Copyright 1999-2018 Gentoo Authors
47	+# Distributed under the terms of the GNU General Public License v2
48	+
49	+EAPI="6"
50	+
51	+inherit linux-info toolchain-funcs mount-boot
52	+
53	+# Find updates by searching and clicking the first link (hopefully it's the one):
54	+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
55	+
56	+COLLECTION_SNAPSHOT="${PV##*_p}"
57	+INTEL_SNAPSHOT="${PV/_p*}"
58	+NUM="28087"
59	+DESCRIPTION="Intel IA32/IA64 microcode update data"
60	+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
61	+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
62	+ https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
63	+
64	+LICENSE="intel-ucode"
65	+SLOT="0"
66	+KEYWORDS="-* ~amd64 ~x86"
67	+IUSE="hostonly initramfs +split-ucode vanilla"
68	+REQUIRED_USE="\|\| ( initramfs split-ucode )"
69	+
70	+DEPEND="sys-apps/iucode_tool"
71	+
72	+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
73	+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
74	+
75	+RESTRICT="binchecks bindist mirror strip"
76	+
77	+S=${WORKDIR}
78	+
79	+# Blacklist bad microcode here.
80	+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
81	+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
82	+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
83	+
84	+# In case we want to set some defaults ...
85	+MICROCODE_SIGNATURES_DEFAULT=""
86	+
87	+# Advanced users only:
88	+# merge with:
89	+# only current CPU: MICROCODE_SIGNATURES="-S"
90	+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
91	+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
92	+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
93	+
94	+pkg_pretend() {
95	+ use initramfs && mount-boot_pkg_pretend
96	+}
97	+
98	+src_prepare() {
99	+ default
100	+
101	+ # Prevent "invalid file format" errors from iucode_tool
102	+ rm -f "${S}"/intel-ucod*/list \|\| die
103	+}
104	+
105	+src_install() {
106	+ # This will take ALL of the upstream microcode sources:
107	+ # - microcode.dat
108	+ # - intel-ucode/
109	+ # In some cases, they have not contained the same content (eg the directory has newer stuff).
110	+ MICROCODE_SRC=(
111	+ "${S}"/intel-ucode/
112	+ "${S}"/intel-ucode-with-caveats/
113	+ )
114	+
115	+ # Allow users who are scared about microcode updates not included in Intel's official
116	+ # microcode tarball to opt-out and comply with Intel marketing
117	+ if ! use vanilla; then
118	+ MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
119	+ fi
120	+
121	+ opts=(
122	+ ${MICROCODE_BLACKLIST}
123	+ ${MICROCODE_SIGNATURES}
124	+ # be strict about what we are doing
125	+ --overwrite
126	+ --strict-checks
127	+ --no-ignore-broken
128	+ # we want to install latest version
129	+ --no-downgrade
130	+ # show everything we find
131	+ --list-all
132	+ # show what we selected
133	+ --list
134	+ )
135	+
136	+ # The earlyfw cpio needs to be in /boot because it must be loaded before
137	+ # rootfs is mounted.
138	+ use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
139	+ # split location (we use a temporary location so that we are able
140	+ # to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
141	+ # this folder to pkg_preinst to avoid an error even if no microcode was selected):
142	+ keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
143	+
144	+ iucode_tool \
145	+ "${opts[@]}" \
146	+ "${MICROCODE_SRC[@]}" \
147	+ \|\| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
148	+
149	+ dodoc releasenote
150	+
151	+ # Record how package was created so we can show this in build.log
152	+ # even for binary packages.
153	+ if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
154	+ echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" \|\| die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
155	+ fi
156	+
157	+ if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
158	+ echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" \|\| die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
159	+ fi
160	+}
161	+
162	+pkg_preinst() {
163	+ if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
164	+ local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
165	+ ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
166	+ fi
167	+
168	+ if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
169	+ local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
170	+ ewarn "Package was created using advanced options:"
171	+ ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
172	+ fi
173	+
174	+ # Make sure /boot is available if needed.
175	+ use initramfs && mount-boot_pkg_preinst
176	+
177	+ local _initramfs_file="${ED%/}/boot/intel-uc.img"
178	+ local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
179	+
180	+ if use hostonly; then
181	+ # While this output looks redundant we do this check to detect
182	+ # rare cases where iucode_tool was unable to detect system's processor(s).
183	+ local _detected_processors=$(iucode_tool --scan-system 2>&1)
184	+ if [[ -z "${_detected_processors}" ]]; then
185	+ ewarn "Looks like iucode_tool was unable to detect any processor!"
186	+ else
187	+ einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
188	+ fi
189	+
190	+ opts=(
191	+ --scan-system
192	+ # be strict about what we are doing
193	+ --overwrite
194	+ --strict-checks
195	+ --no-ignore-broken
196	+ # we want to install latest version
197	+ --no-downgrade
198	+ # show everything we find
199	+ --list-all
200	+ # show what we selected
201	+ --list
202	+ )
203	+
204	+ # The earlyfw cpio needs to be in /boot because it must be loaded before
205	+ # rootfs is mounted.
206	+ use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
207	+ # split location:
208	+ use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
209	+
210	+ iucode_tool \
211	+ "${opts[@]}" \
212	+ "${ED%/}"/tmp/intel-ucode \
213	+ \|\| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
214	+
215	+ else
216	+ if use split-ucode; then
217	+ # Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
218	+ dodir /lib/firmware
219	+ mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" \|\| die "Failed to install splitted ucodes!"
220	+ fi
221	+ fi
222	+
223	+ # Because it is possible that this package will install not one single file
224	+ # due to user selection which is still somehow unexpected we add the following
225	+ # check to inform user so that the user has at least a chance to detect
226	+ # a problem/invalid select.
227	+ local _has_installed_something=
228	+ if use initramfs && [[ -s "${_initramfs_file}" ]]; then
229	+ _has_installed_something="yes"
230	+ elif use split-ucode; then
231	+ _has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
232	+ fi
233	+
234	+ if use hostonly && [[ -n "${_has_installed_something}" ]]; then
235	+ elog "You only installed ucode(s) for all currently available (=online)"
236	+ elog "processor(s). Remember to re-emerge this package whenever you"
237	+ elog "change the system's processor model."
238	+ elog ""
239	+ elif [[ -z "${_has_installed_something}" ]]; then
240	+ ewarn "WARNING:"
241	+ if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
242	+ ewarn "No ucode was installed! Because you have created this package"
243	+ ewarn "using MICROCODE_SIGNATURES variable please double check if you"
244	+ ewarn "have an invalid select."
245	+ ewarn "It's rare but it is also possible that just no ucode update"
246	+ ewarn "is available for your processor(s). In this case it is safe"
247	+ ewarn "to ignore this warning."
248	+ else
249	+ ewarn "No ucode was installed! It's rare but it is also possible"
250	+ ewarn "that just no ucode update is available for your processor(s)."
251	+ ewarn "In this case it is safe to ignore this warning."
252	+ fi
253	+
254	+ ewarn ""
255	+
256	+ if use hostonly; then
257	+ ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
258	+ ewarn ""
259	+ fi
260	+ fi
261	+
262	+ # Cleanup any temporary leftovers so that we don't merge any
263	+ # unneeded files on disk.
264	+ rm -r "${ED%/}/tmp" \|\| die "Failed to cleanup '${ED%/}/tmp'"
265	+}
266	+
267	+pkg_prerm() {
268	+ # Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
269	+ use initramfs && mount-boot_pkg_prerm
270	+}
271	+
272	+pkg_postrm() {
273	+ # Don't forget to umount /boot if it was previously mounted by us.
274	+ use initramfs && mount-boot_pkg_postrm
275	+}
276	+
277	+pkg_postinst() {
278	+ # Don't forget to umount /boot if it was previously mounted by us.
279	+ use initramfs && mount-boot_pkg_postinst
280	+
281	+ # We cannot give detailed information if user is affected or not:
282	+ # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
283	+ # to to force a specific, otherwise blacklisted, microcode. So we
284	+ # only show a generic warning based on running kernel version:
285	+ if kernel_is -lt 4 14 34; then
286	+ ewarn "${P} contains microcode updates which require"
287	+ ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
288	+ ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
289	+ ewarn "can crash your system!"
290	+ ewarn ""
291	+ ewarn "Those microcodes are blacklisted per default. However, if you have altered"
292	+ ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
293	+ ewarn "re-enabled those microcodes...!"
294	+ ewarn ""
295	+ ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-/releasenot\" if your microcode update"
296	+ ewarn "requires additional kernel patches or not."
297	+ fi
298	+}

Gentoo Archives: gentoo-commits