Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/
Date: Mon, 24 Jun 2019 21:57:58
Message-Id: 1561413462.10029729826cd75a0351e9ec65f2ed2644d777fb.whissi@gentoo
1 commit: 10029729826cd75a0351e9ec65f2ed2644d777fb
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Mon Jun 24 21:35:32 2019 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Mon Jun 24 21:57:42 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10029729
7
8 sys-firmware/intel-microcode: bump
9
10 - Updated microcodes:
11
12 sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d -> 2019-05-21, rev 0x061f
13 sig 0x000206d7, pf_mask 0x6d, 2019-05-07, rev 0x0717 -> 2019-05-21, rev 0x0718
14 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae -> 2019-05-17, rev 0x00be
15 sig 0x000906ed, pf_mask 0x22, 2019-05-13, rev 0x00bc -> 2019-05-17, rev 0x00be
16
17 Package-Manager: Portage-2.3.67, Repoman-2.3.14
18 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
19
20 sys-firmware/intel-microcode/Manifest | 2 +
21 .../intel-microcode-20190618_p20190623.ebuild | 248 +++++++++++++++++++++
22 2 files changed, 250 insertions(+)
23
24 diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
25 index 936c1376590..c7bcfe5fdc7 100644
26 --- a/sys-firmware/intel-microcode/Manifest
27 +++ b/sys-firmware/intel-microcode/Manifest
28 @@ -1,2 +1,4 @@
29 DIST intel-microcode-collection-20190608.tar.xz 5084728 BLAKE2B e6e011c8b2867a04edc75cba2229f5b2759905bd380bede55a8c3f2d28fd81035c401ea8fbdf2363fc1f953fbe233ea41a9a83403a24ce8c6131c29ec3e9a984 SHA512 cc884282c36fa6239b766de8fcf1e3137a6621076b270b6fceb880ecb2eca9c14d306e744d6110facbbeb08b14973dfc4742ab9d36ca7a11abc6772ea0b5793f
30 +DIST intel-microcode-collection-20190623.tar.xz 5085652 BLAKE2B 717e60682060db9e9eb602b2bfb2ed9e1e192c8388a9defcff48b086b0040cb17723f6eeeede55da8a7776f270acbc1a2c0ea6c89f094404689174fc46fb830d SHA512 bac96d527255594861eafa82d01d065ea02190677ef9d9a74a37914175df455a8d9b722d49ec537d5cec2edf73925210f44f57bac8bf64ae19c04ff09a9173fc
31 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017
32 +DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17
33
34 diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild
35 new file mode 100644
36 index 00000000000..c3838387251
37 --- /dev/null
38 +++ b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild
39 @@ -0,0 +1,248 @@
40 +# Copyright 1999-2019 Gentoo Authors
41 +# Distributed under the terms of the GNU General Public License v2
42 +
43 +EAPI="6"
44 +
45 +inherit linux-info toolchain-funcs mount-boot
46 +
47 +# Find updates by searching and clicking the first link (hopefully it's the one):
48 +# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
49 +
50 +COLLECTION_SNAPSHOT="${PV##*_p}"
51 +INTEL_SNAPSHOT="${PV/_p*}"
52 +#NUM="28087"
53 +#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
54 +#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
55 +DESCRIPTION="Intel IA32/IA64 microcode update data"
56 +HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
57 +SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
58 + https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
59 +
60 +LICENSE="intel-ucode"
61 +SLOT="0"
62 +KEYWORDS="-* amd64 x86"
63 +IUSE="hostonly initramfs +split-ucode vanilla"
64 +REQUIRED_USE="|| ( initramfs split-ucode )"
65 +
66 +DEPEND="sys-apps/iucode_tool"
67 +
68 +# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
69 +RDEPEND="hostonly? ( sys-apps/iucode_tool )"
70 +
71 +RESTRICT="binchecks bindist mirror strip"
72 +
73 +S=${WORKDIR}
74 +
75 +# Blacklist bad microcode here.
76 +# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
77 +MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
78 +
79 +# In case we want to set some defaults ...
80 +MICROCODE_SIGNATURES_DEFAULT=""
81 +
82 +# Advanced users only!
83 +# Set MIRCOCODE_SIGNATURES to merge with:
84 +# only current CPU: MICROCODE_SIGNATURES="-S"
85 +# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
86 +# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
87 +
88 +pkg_pretend() {
89 + use initramfs && mount-boot_pkg_pretend
90 +}
91 +
92 +src_prepare() {
93 + default
94 +
95 + if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
96 + # new tarball format from GitHub
97 + mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
98 + cd .. || die
99 + rm -r Intel-Linux-Processor-Microcode-Data* || die
100 + fi
101 +
102 + # Prevent "invalid file format" errors from iucode_tool
103 + rm -f "${S}"/intel-ucod*/list || die
104 +}
105 +
106 +src_install() {
107 + # This will take ALL of the upstream microcode sources:
108 + # - microcode.dat
109 + # - intel-ucode/
110 + # In some cases, they have not contained the same content (eg the directory has newer stuff).
111 + MICROCODE_SRC=(
112 + "${S}"/intel-ucode/
113 + "${S}"/intel-ucode-with-caveats/
114 + )
115 +
116 + # Allow users who are scared about microcode updates not included in Intel's official
117 + # microcode tarball to opt-out and comply with Intel marketing
118 + if ! use vanilla; then
119 + MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
120 + fi
121 +
122 + # These will carry into pkg_preinst via env saving.
123 + : ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
124 + : ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
125 +
126 + opts=(
127 + ${MICROCODE_BLACKLIST}
128 + ${MICROCODE_SIGNATURES}
129 + # be strict about what we are doing
130 + --overwrite
131 + --strict-checks
132 + --no-ignore-broken
133 + # we want to install latest version
134 + --no-downgrade
135 + # show everything we find
136 + --list-all
137 + # show what we selected
138 + --list
139 + )
140 +
141 + # The earlyfw cpio needs to be in /boot because it must be loaded before
142 + # rootfs is mounted.
143 + use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
144 +
145 + keepdir /lib/firmware/intel-ucode
146 + opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
147 +
148 + iucode_tool \
149 + "${opts[@]}" \
150 + "${MICROCODE_SRC[@]}" \
151 + || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
152 +
153 + dodoc releasenote
154 +}
155 +
156 +pkg_preinst() {
157 + if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
158 + ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
159 + fi
160 +
161 + if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
162 + ewarn "Package was created using advanced options:"
163 + ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
164 + fi
165 +
166 + # Make sure /boot is available if needed.
167 + use initramfs && mount-boot_pkg_preinst
168 +
169 + local _initramfs_file="${ED%/}/boot/intel-uc.img"
170 +
171 + if use hostonly; then
172 + # While this output looks redundant we do this check to detect
173 + # rare cases where iucode_tool was unable to detect system's processor(s).
174 + local _detected_processors=$(iucode_tool --scan-system 2>&1)
175 + if [[ -z "${_detected_processors}" ]]; then
176 + ewarn "Looks like iucode_tool was unable to detect any processor!"
177 + else
178 + einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
179 + fi
180 +
181 + opts=(
182 + --scan-system
183 + # be strict about what we are doing
184 + --overwrite
185 + --strict-checks
186 + --no-ignore-broken
187 + # we want to install latest version
188 + --no-downgrade
189 + # show everything we find
190 + --list-all
191 + # show what we selected
192 + --list
193 + )
194 +
195 + # The earlyfw cpio needs to be in /boot because it must be loaded before
196 + # rootfs is mounted.
197 + use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
198 +
199 + if use split-ucode; then
200 + opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
201 + fi
202 +
203 + opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
204 +
205 + mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
206 + keepdir /lib/firmware/intel-ucode
207 +
208 + iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
209 +
210 + rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
211 +
212 + elif ! use split-ucode; then # hostonly disabled
213 + rm -r "${ED%/}"/lib/firmware/intel-ucode || die
214 + fi
215 +
216 + # Because it is possible that this package will install not one single file
217 + # due to user selection which is still somehow unexpected we add the following
218 + # check to inform user so that the user has at least a chance to detect
219 + # a problem/invalid select.
220 + local _has_installed_something=
221 + if use initramfs && [[ -s "${_initramfs_file}" ]]; then
222 + _has_installed_something="yes"
223 + elif use split-ucode; then
224 + _has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
225 + fi
226 +
227 + if use hostonly && [[ -n "${_has_installed_something}" ]]; then
228 + elog "You only installed ucode(s) for all currently available (=online)"
229 + elog "processor(s). Remember to re-emerge this package whenever you"
230 + elog "change the system's processor model."
231 + elog ""
232 + elif [[ -z "${_has_installed_something}" ]]; then
233 + ewarn "WARNING:"
234 + if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
235 + ewarn "No ucode was installed! Because you have created this package"
236 + ewarn "using MICROCODE_SIGNATURES variable please double check if you"
237 + ewarn "have an invalid select."
238 + ewarn "It's rare but it is also possible that just no ucode update"
239 + ewarn "is available for your processor(s). In this case it is safe"
240 + ewarn "to ignore this warning."
241 + else
242 + ewarn "No ucode was installed! It's rare but it is also possible"
243 + ewarn "that just no ucode update is available for your processor(s)."
244 + ewarn "In this case it is safe to ignore this warning."
245 + fi
246 +
247 + ewarn ""
248 +
249 + if use hostonly; then
250 + ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
251 + ewarn ""
252 + fi
253 + fi
254 +}
255 +
256 +pkg_prerm() {
257 + # Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
258 + use initramfs && mount-boot_pkg_prerm
259 +}
260 +
261 +pkg_postrm() {
262 + # Don't forget to umount /boot if it was previously mounted by us.
263 + use initramfs && mount-boot_pkg_postrm
264 +}
265 +
266 +pkg_postinst() {
267 + # Don't forget to umount /boot if it was previously mounted by us.
268 + use initramfs && mount-boot_pkg_postinst
269 +
270 + # We cannot give detailed information if user is affected or not:
271 + # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
272 + # to to force a specific, otherwise blacklisted, microcode. So we
273 + # only show a generic warning based on running kernel version:
274 + if kernel_is -lt 4 14 34; then
275 + ewarn "${P} contains microcode updates which require"
276 + ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
277 + ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
278 + ewarn "can crash your system!"
279 + ewarn ""
280 + ewarn "Those microcodes are blacklisted per default. However, if you have altered"
281 + ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
282 + ewarn "re-enabled those microcodes...!"
283 + ewarn ""
284 + ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
285 + ewarn "requires additional kernel patches or not."
286 + fi
287 +}