1 |
commit: c6563f92d74e1567bef1a1b9990760943978e5c2 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Oct 29 13:24:26 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 29 14:53:58 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6563f92 |
7 |
|
8 |
sys-firmware/intel-microcode: bump |
9 |
|
10 |
- New microcode: |
11 |
|
12 |
sig 0x000506f0, pf_mask 0x01, 2016-06-07, rev 0x0010 |
13 |
|
14 |
- Updated microcodes: |
15 |
|
16 |
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e -> 2018-09-05, rev 0xb000031 |
17 |
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d -> 2018-08-09, rev 0x2000050 |
18 |
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e -> 2018-07-16, rev 0x009a |
19 |
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096 -> 2018-10-18, rev 0x009e |
20 |
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e -> 2018-07-16, rev 0x009a |
21 |
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096 -> 2018-07-16, rev 0x009a |
22 |
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e -> 2018-07-16, rev 0x009a |
23 |
|
24 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
25 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
26 |
|
27 |
sys-firmware/intel-microcode/Manifest | 1 + |
28 |
.../intel-microcode-20180807a_p20181027.ebuild | 253 +++++++++++++++++++++ |
29 |
2 files changed, 254 insertions(+) |
30 |
|
31 |
diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest |
32 |
index 9a0815d330a..59fe1a9b4b9 100644 |
33 |
--- a/sys-firmware/intel-microcode/Manifest |
34 |
+++ b/sys-firmware/intel-microcode/Manifest |
35 |
@@ -1,2 +1,3 @@ |
36 |
DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646 |
37 |
+DIST intel-microcode-collection-20181027.tar.xz 4517880 BLAKE2B 189e23cfc77d89da945dec6e1762ce9ba16c1cbc0a618e80f3c328b3d9766ef3bb8e62c84c3a6f32ef994f426b5f00ff1ec520105ac7734f25a606e7cb036ec6 SHA512 fc96d0bbacea9da7a232a6482a7731a029c7e110c3358f917d99e1906c9a783b90df22dde2ad4043e8029a4e3ca5a86d43927b38f668456dfda4098d9d5f37c5 |
38 |
DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10 |
39 |
|
40 |
diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild |
41 |
new file mode 100644 |
42 |
index 00000000000..42757b59066 |
43 |
--- /dev/null |
44 |
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild |
45 |
@@ -0,0 +1,253 @@ |
46 |
+# Copyright 1999-2018 Gentoo Authors |
47 |
+# Distributed under the terms of the GNU General Public License v2 |
48 |
+ |
49 |
+EAPI="6" |
50 |
+ |
51 |
+inherit linux-info toolchain-funcs mount-boot |
52 |
+ |
53 |
+# Find updates by searching and clicking the first link (hopefully it's the one): |
54 |
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File |
55 |
+ |
56 |
+COLLECTION_SNAPSHOT="${PV##*_p}" |
57 |
+INTEL_SNAPSHOT="${PV/_p*}" |
58 |
+NUM="28087" |
59 |
+DESCRIPTION="Intel IA32/IA64 microcode update data" |
60 |
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}" |
61 |
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz |
62 |
+ https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz" |
63 |
+ |
64 |
+LICENSE="intel-ucode" |
65 |
+SLOT="0" |
66 |
+KEYWORDS="-* ~amd64 ~x86" |
67 |
+IUSE="hostonly initramfs +split-ucode vanilla" |
68 |
+REQUIRED_USE="|| ( initramfs split-ucode )" |
69 |
+ |
70 |
+DEPEND="sys-apps/iucode_tool" |
71 |
+ |
72 |
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586 |
73 |
+RDEPEND="hostonly? ( sys-apps/iucode_tool )" |
74 |
+ |
75 |
+RESTRICT="binchecks bindist mirror strip" |
76 |
+ |
77 |
+S=${WORKDIR} |
78 |
+ |
79 |
+# Blacklist bad microcode here. |
80 |
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader |
81 |
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1" |
82 |
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}" |
83 |
+ |
84 |
+# In case we want to set some defaults ... |
85 |
+MICROCODE_SIGNATURES_DEFAULT="" |
86 |
+ |
87 |
+# Advanced users only: |
88 |
+# merge with: |
89 |
+# only current CPU: MICROCODE_SIGNATURES="-S" |
90 |
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" |
91 |
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" |
92 |
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}" |
93 |
+ |
94 |
+pkg_pretend() { |
95 |
+ use initramfs && mount-boot_pkg_pretend |
96 |
+} |
97 |
+ |
98 |
+src_prepare() { |
99 |
+ default |
100 |
+ |
101 |
+ # Prevent "invalid file format" errors from iucode_tool |
102 |
+ rm -f "${S}"/intel-ucod*/list || die |
103 |
+} |
104 |
+ |
105 |
+src_install() { |
106 |
+ # This will take ALL of the upstream microcode sources: |
107 |
+ # - microcode.dat |
108 |
+ # - intel-ucode/ |
109 |
+ # In some cases, they have not contained the same content (eg the directory has newer stuff). |
110 |
+ MICROCODE_SRC=( |
111 |
+ "${S}"/intel-ucode/ |
112 |
+ "${S}"/intel-ucode-with-caveats/ |
113 |
+ ) |
114 |
+ |
115 |
+ # Allow users who are scared about microcode updates not included in Intel's official |
116 |
+ # microcode tarball to opt-out and comply with Intel marketing |
117 |
+ if ! use vanilla; then |
118 |
+ MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} ) |
119 |
+ fi |
120 |
+ |
121 |
+ opts=( |
122 |
+ ${MICROCODE_BLACKLIST} |
123 |
+ ${MICROCODE_SIGNATURES} |
124 |
+ # be strict about what we are doing |
125 |
+ --overwrite |
126 |
+ --strict-checks |
127 |
+ --no-ignore-broken |
128 |
+ # we want to install latest version |
129 |
+ --no-downgrade |
130 |
+ # show everything we find |
131 |
+ --list-all |
132 |
+ # show what we selected |
133 |
+ --list |
134 |
+ ) |
135 |
+ |
136 |
+ # The earlyfw cpio needs to be in /boot because it must be loaded before |
137 |
+ # rootfs is mounted. |
138 |
+ use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img ) |
139 |
+ # split location (we use a temporary location so that we are able |
140 |
+ # to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry |
141 |
+ # this folder to pkg_preinst to avoid an error even if no microcode was selected): |
142 |
+ keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode ) |
143 |
+ |
144 |
+ iucode_tool \ |
145 |
+ "${opts[@]}" \ |
146 |
+ "${MICROCODE_SRC[@]}" \ |
147 |
+ || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}" |
148 |
+ |
149 |
+ dodoc releasenote |
150 |
+ |
151 |
+ # Record how package was created so we can show this in build.log |
152 |
+ # even for binary packages. |
153 |
+ if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then |
154 |
+ echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used" |
155 |
+ fi |
156 |
+ |
157 |
+ if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then |
158 |
+ echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used" |
159 |
+ fi |
160 |
+} |
161 |
+ |
162 |
+pkg_preinst() { |
163 |
+ if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then |
164 |
+ local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered") |
165 |
+ ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!" |
166 |
+ fi |
167 |
+ |
168 |
+ if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then |
169 |
+ local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered") |
170 |
+ ewarn "Package was created using advanced options:" |
171 |
+ ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!" |
172 |
+ fi |
173 |
+ |
174 |
+ # Make sure /boot is available if needed. |
175 |
+ use initramfs && mount-boot_pkg_preinst |
176 |
+ |
177 |
+ local _initramfs_file="${ED%/}/boot/intel-uc.img" |
178 |
+ local _ucode_dir="${ED%/}/lib/firmware/intel-ucode" |
179 |
+ |
180 |
+ if use hostonly; then |
181 |
+ # While this output looks redundant we do this check to detect |
182 |
+ # rare cases where iucode_tool was unable to detect system's processor(s). |
183 |
+ local _detected_processors=$(iucode_tool --scan-system 2>&1) |
184 |
+ if [[ -z "${_detected_processors}" ]]; then |
185 |
+ ewarn "Looks like iucode_tool was unable to detect any processor!" |
186 |
+ else |
187 |
+ einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..." |
188 |
+ fi |
189 |
+ |
190 |
+ opts=( |
191 |
+ --scan-system |
192 |
+ # be strict about what we are doing |
193 |
+ --overwrite |
194 |
+ --strict-checks |
195 |
+ --no-ignore-broken |
196 |
+ # we want to install latest version |
197 |
+ --no-downgrade |
198 |
+ # show everything we find |
199 |
+ --list-all |
200 |
+ # show what we selected |
201 |
+ --list |
202 |
+ ) |
203 |
+ |
204 |
+ # The earlyfw cpio needs to be in /boot because it must be loaded before |
205 |
+ # rootfs is mounted. |
206 |
+ use initramfs && opts+=( --write-earlyfw=${_initramfs_file} ) |
207 |
+ # split location: |
208 |
+ use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} ) |
209 |
+ |
210 |
+ iucode_tool \ |
211 |
+ "${opts[@]}" \ |
212 |
+ "${ED%/}"/tmp/intel-ucode \ |
213 |
+ || die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode" |
214 |
+ |
215 |
+ else |
216 |
+ if use split-ucode; then |
217 |
+ # Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ... |
218 |
+ dodir /lib/firmware |
219 |
+ mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!" |
220 |
+ fi |
221 |
+ fi |
222 |
+ |
223 |
+ # Because it is possible that this package will install not one single file |
224 |
+ # due to user selection which is still somehow unexpected we add the following |
225 |
+ # check to inform user so that the user has at least a chance to detect |
226 |
+ # a problem/invalid select. |
227 |
+ local _has_installed_something= |
228 |
+ if use initramfs && [[ -s "${_initramfs_file}" ]]; then |
229 |
+ _has_installed_something="yes" |
230 |
+ elif use split-ucode; then |
231 |
+ _has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;) |
232 |
+ fi |
233 |
+ |
234 |
+ if use hostonly && [[ -n "${_has_installed_something}" ]]; then |
235 |
+ elog "You only installed ucode(s) for all currently available (=online)" |
236 |
+ elog "processor(s). Remember to re-emerge this package whenever you" |
237 |
+ elog "change the system's processor model." |
238 |
+ elog "" |
239 |
+ elif [[ -z "${_has_installed_something}" ]]; then |
240 |
+ ewarn "WARNING:" |
241 |
+ if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then |
242 |
+ ewarn "No ucode was installed! Because you have created this package" |
243 |
+ ewarn "using MICROCODE_SIGNATURES variable please double check if you" |
244 |
+ ewarn "have an invalid select." |
245 |
+ ewarn "It's rare but it is also possible that just no ucode update" |
246 |
+ ewarn "is available for your processor(s). In this case it is safe" |
247 |
+ ewarn "to ignore this warning." |
248 |
+ else |
249 |
+ ewarn "No ucode was installed! It's rare but it is also possible" |
250 |
+ ewarn "that just no ucode update is available for your processor(s)." |
251 |
+ ewarn "In this case it is safe to ignore this warning." |
252 |
+ fi |
253 |
+ |
254 |
+ ewarn "" |
255 |
+ |
256 |
+ if use hostonly; then |
257 |
+ ewarn "Unset \"hostonly\" USE flag to install all available ucodes." |
258 |
+ ewarn "" |
259 |
+ fi |
260 |
+ fi |
261 |
+ |
262 |
+ # Cleanup any temporary leftovers so that we don't merge any |
263 |
+ # unneeded files on disk. |
264 |
+ rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'" |
265 |
+} |
266 |
+ |
267 |
+pkg_prerm() { |
268 |
+ # Make sure /boot is mounted so that we can remove /boot/intel-uc.img! |
269 |
+ use initramfs && mount-boot_pkg_prerm |
270 |
+} |
271 |
+ |
272 |
+pkg_postrm() { |
273 |
+ # Don't forget to umount /boot if it was previously mounted by us. |
274 |
+ use initramfs && mount-boot_pkg_postrm |
275 |
+} |
276 |
+ |
277 |
+pkg_postinst() { |
278 |
+ # Don't forget to umount /boot if it was previously mounted by us. |
279 |
+ use initramfs && mount-boot_pkg_postinst |
280 |
+ |
281 |
+ # We cannot give detailed information if user is affected or not: |
282 |
+ # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES |
283 |
+ # to to force a specific, otherwise blacklisted, microcode. So we |
284 |
+ # only show a generic warning based on running kernel version: |
285 |
+ if kernel_is -lt 4 14 34; then |
286 |
+ ewarn "${P} contains microcode updates which require" |
287 |
+ ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." |
288 |
+ ewarn "Loading such a microcode through kernel interface from an unpatched kernel" |
289 |
+ ewarn "can crash your system!" |
290 |
+ ewarn "" |
291 |
+ ewarn "Those microcodes are blacklisted per default. However, if you have altered" |
292 |
+ ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally" |
293 |
+ ewarn "re-enabled those microcodes...!" |
294 |
+ ewarn "" |
295 |
+ ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update" |
296 |
+ ewarn "requires additional kernel patches or not." |
297 |
+ fi |
298 |
+} |