[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/
Date:	Mon, 24 Jun 2019 21:57:58
Message-Id:	`1561413462.10029729826cd75a0351e9ec65f2ed2644d777fb.whissi@gentoo`

1

commit:     10029729826cd75a0351e9ec65f2ed2644d777fb

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Mon Jun 24 21:35:32 2019 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Mon Jun 24 21:57:42 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10029729

7

8

sys-firmware/intel-microcode: bump

9

10

- Updated microcodes:

11

12

  sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d -> 2019-05-21, rev 0x061f

13

  sig 0x000206d7, pf_mask 0x6d, 2019-05-07, rev 0x0717 -> 2019-05-21, rev 0x0718

14

  sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae -> 2019-05-17, rev 0x00be

15

  sig 0x000906ed, pf_mask 0x22, 2019-05-13, rev 0x00bc -> 2019-05-17, rev 0x00be

16

17

Package-Manager: Portage-2.3.67, Repoman-2.3.14

18

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

19

20

 sys-firmware/intel-microcode/Manifest              |   2 +

21

 .../intel-microcode-20190618_p20190623.ebuild      | 248 +++++++++++++++++++++

22

 2 files changed, 250 insertions(+)

23

24

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest

25

index 936c1376590..c7bcfe5fdc7 100644

26

--- a/sys-firmware/intel-microcode/Manifest

27

+++ b/sys-firmware/intel-microcode/Manifest

28

@@ -1,2 +1,4 @@

29

 DIST intel-microcode-collection-20190608.tar.xz 5084728 BLAKE2B e6e011c8b2867a04edc75cba2229f5b2759905bd380bede55a8c3f2d28fd81035c401ea8fbdf2363fc1f953fbe233ea41a9a83403a24ce8c6131c29ec3e9a984 SHA512 cc884282c36fa6239b766de8fcf1e3137a6621076b270b6fceb880ecb2eca9c14d306e744d6110facbbeb08b14973dfc4742ab9d36ca7a11abc6772ea0b5793f

30

+DIST intel-microcode-collection-20190623.tar.xz 5085652 BLAKE2B 717e60682060db9e9eb602b2bfb2ed9e1e192c8388a9defcff48b086b0040cb17723f6eeeede55da8a7776f270acbc1a2c0ea6c89f094404689174fc46fb830d SHA512 bac96d527255594861eafa82d01d065ea02190677ef9d9a74a37914175df455a8d9b722d49ec537d5cec2edf73925210f44f57bac8bf64ae19c04ff09a9173fc

31

 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017

32

+DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

33

34

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild

35

new file mode 100644

36

index 00000000000..c3838387251

37

--- /dev/null

38

+++ b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild

39

@@ -0,0 +1,248 @@

40

+# Copyright 1999-2019 Gentoo Authors

41

+# Distributed under the terms of the GNU General Public License v2

42

+

43

+EAPI="6"

44

+

45

+inherit linux-info toolchain-funcs mount-boot

46

+

47

+# Find updates by searching and clicking the first link (hopefully it's the one):

48

+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File

49

+

50

+COLLECTION_SNAPSHOT="${PV##*_p}"

51

+INTEL_SNAPSHOT="${PV/_p*}"

52

+#NUM="28087"

53

+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}

54

+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz

55

+DESCRIPTION="Intel IA32/IA64 microcode update data"

56

+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"

57

+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz

58

+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"

59

+

60

+LICENSE="intel-ucode"

61

+SLOT="0"

62

+KEYWORDS="-* amd64 x86"

63

+IUSE="hostonly initramfs +split-ucode vanilla"

64

+REQUIRED_USE="|| ( initramfs split-ucode )"

65

+

66

+DEPEND="sys-apps/iucode_tool"

67

+

68

+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586

69

+RDEPEND="hostonly? ( sys-apps/iucode_tool )"

70

+

71

+RESTRICT="binchecks bindist mirror strip"

72

+

73

+S=${WORKDIR}

74

+

75

+# Blacklist bad microcode here.

76

+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader

77

+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"

78

+

79

+# In case we want to set some defaults ...

80

+MICROCODE_SIGNATURES_DEFAULT=""

81

+

82

+# Advanced users only!

83

+# Set MIRCOCODE_SIGNATURES to merge with:

84

+# only current CPU: MICROCODE_SIGNATURES="-S"

85

+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"

86

+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"

87

+

88

+pkg_pretend() {

89

+	use initramfs && mount-boot_pkg_pretend

90

+}

91

+

92

+src_prepare() {

93

+	default

94

+

95

+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then

96

+		# new tarball format from GitHub

97

+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"

98

+		cd .. || die

99

+		rm -r Intel-Linux-Processor-Microcode-Data* || die

100

+	fi

101

+

102

+	# Prevent "invalid file format" errors from iucode_tool

103

+	rm -f "${S}"/intel-ucod*/list || die

104

+}

105

+

106

+src_install() {

107

+	# This will take ALL of the upstream microcode sources:

108

+	# - microcode.dat

109

+	# - intel-ucode/

110

+	# In some cases, they have not contained the same content (eg the directory has newer stuff).

111

+	MICROCODE_SRC=(

112

+		"${S}"/intel-ucode/

113

+		"${S}"/intel-ucode-with-caveats/

114

+	)

115

+

116

+	# Allow users who are scared about microcode updates not included in Intel's official

117

+	# microcode tarball to opt-out and comply with Intel marketing

118

+	if ! use vanilla; then

119

+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )

120

+	fi

121

+

122

+	# These will carry into pkg_preinst via env saving.

123

+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}

124

+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}

125

+

126

+	opts=(

127

+		${MICROCODE_BLACKLIST}

128

+		${MICROCODE_SIGNATURES}

129

+		# be strict about what we are doing

130

+		--overwrite

131

+		--strict-checks

132

+		--no-ignore-broken

133

+		# we want to install latest version

134

+		--no-downgrade

135

+		# show everything we find

136

+		--list-all

137

+		# show what we selected

138

+		--list

139

+	)

140

+

141

+	# The earlyfw cpio needs to be in /boot because it must be loaded before

142

+	# rootfs is mounted.

143

+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )

144

+

145

+	keepdir /lib/firmware/intel-ucode

146

+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )

147

+

148

+	iucode_tool \

149

+		"${opts[@]}" \

150

+		"${MICROCODE_SRC[@]}" \

151

+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"

152

+

153

+	dodoc releasenote

154

+}

155

+

156

+pkg_preinst() {

157

+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then

158

+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"

159

+	fi

160

+

161

+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then

162

+		ewarn "Package was created using advanced options:"

163

+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"

164

+	fi

165

+

166

+	# Make sure /boot is available if needed.

167

+	use initramfs && mount-boot_pkg_preinst

168

+

169

+	local _initramfs_file="${ED%/}/boot/intel-uc.img"

170

+

171

+	if use hostonly; then

172

+		# While this output looks redundant we do this check to detect

173

+		# rare cases where iucode_tool was unable to detect system's processor(s).

174

+		local _detected_processors=$(iucode_tool --scan-system 2>&1)

175

+		if [[ -z "${_detected_processors}" ]]; then

176

+			ewarn "Looks like iucode_tool was unable to detect any processor!"

177

+		else

178

+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."

179

+		fi

180

+

181

+		opts=(

182

+			--scan-system

183

+			# be strict about what we are doing

184

+			--overwrite

185

+			--strict-checks

186

+			--no-ignore-broken

187

+			# we want to install latest version

188

+			--no-downgrade

189

+			# show everything we find

190

+			--list-all

191

+			# show what we selected

192

+			--list

193

+		)

194

+

195

+		# The earlyfw cpio needs to be in /boot because it must be loaded before

196

+		# rootfs is mounted.

197

+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )

198

+

199

+		if use split-ucode; then

200

+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )

201

+		fi

202

+

203

+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )

204

+

205

+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die

206

+		keepdir /lib/firmware/intel-ucode

207

+

208

+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"

209

+

210

+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die

211

+

212

+	elif ! use split-ucode; then # hostonly disabled

213

+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die

214

+	fi

215

+

216

+	# Because it is possible that this package will install not one single file

217

+	# due to user selection which is still somehow unexpected we add the following

218

+	# check to inform user so that the user has at least a chance to detect

219

+	# a problem/invalid select.

220

+	local _has_installed_something=

221

+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then

222

+		_has_installed_something="yes"

223

+	elif use split-ucode; then

224

+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)

225

+	fi

226

+

227

+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then

228

+		elog "You only installed ucode(s) for all currently available (=online)"

229

+		elog "processor(s). Remember to re-emerge this package whenever you"

230

+		elog "change the system's processor model."

231

+		elog ""

232

+	elif [[ -z "${_has_installed_something}" ]]; then

233

+		ewarn "WARNING:"

234

+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then

235

+			ewarn "No ucode was installed! Because you have created this package"

236

+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"

237

+			ewarn "have an invalid select."

238

+			ewarn "It's rare but it is also possible that just no ucode update"

239

+			ewarn "is available for your processor(s). In this case it is safe"

240

+			ewarn "to ignore this warning."

241

+		else

242

+			ewarn "No ucode was installed! It's rare but it is also possible"

243

+			ewarn "that just no ucode update is available for your processor(s)."

244

+			ewarn "In this case it is safe to ignore this warning."

245

+		fi

246

+

247

+		ewarn ""

248

+

249

+		if use hostonly; then

250

+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."

251

+			ewarn ""

252

+		fi

253

+	fi

254

+}

255

+

256

+pkg_prerm() {

257

+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!

258

+	use initramfs && mount-boot_pkg_prerm

259

+}

260

+

261

+pkg_postrm() {

262

+	# Don't forget to umount /boot if it was previously mounted by us.

263

+	use initramfs && mount-boot_pkg_postrm

264

+}

265

+

266

+pkg_postinst() {

267

+	# Don't forget to umount /boot if it was previously mounted by us.

268

+	use initramfs && mount-boot_pkg_postinst

269

+

270

+	# We cannot give detailed information if user is affected or not:

271

+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES

272

+	# to to force a specific, otherwise blacklisted, microcode. So we

273

+	# only show a generic warning based on running kernel version:

274

+	if kernel_is -lt 4 14 34; then

275

+		ewarn "${P} contains microcode updates which require"

276

+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."

277

+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"

278

+		ewarn "can crash your system!"

279

+		ewarn ""

280

+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"

281

+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"

282

+		ewarn "re-enabled those microcodes...!"

283

+		ewarn ""

284

+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"

285

+		ewarn "requires additional kernel patches or not."

286

+	fi

287

+}

1	commit: 10029729826cd75a0351e9ec65f2ed2644d777fb
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Mon Jun 24 21:35:32 2019 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Mon Jun 24 21:57:42 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10029729
7
8	sys-firmware/intel-microcode: bump
9
10	- Updated microcodes:
11
12	sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d -> 2019-05-21, rev 0x061f
13	sig 0x000206d7, pf_mask 0x6d, 2019-05-07, rev 0x0717 -> 2019-05-21, rev 0x0718
14	sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae -> 2019-05-17, rev 0x00be
15	sig 0x000906ed, pf_mask 0x22, 2019-05-13, rev 0x00bc -> 2019-05-17, rev 0x00be
16
17	Package-Manager: Portage-2.3.67, Repoman-2.3.14
18	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
19
20	sys-firmware/intel-microcode/Manifest \| 2 +
21	.../intel-microcode-20190618_p20190623.ebuild \| 248 +++++++++++++++++++++
22	2 files changed, 250 insertions(+)
23
24	diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
25	index 936c1376590..c7bcfe5fdc7 100644
26	--- a/sys-firmware/intel-microcode/Manifest
27	+++ b/sys-firmware/intel-microcode/Manifest
28	@@ -1,2 +1,4 @@
29	DIST intel-microcode-collection-20190608.tar.xz 5084728 BLAKE2B e6e011c8b2867a04edc75cba2229f5b2759905bd380bede55a8c3f2d28fd81035c401ea8fbdf2363fc1f953fbe233ea41a9a83403a24ce8c6131c29ec3e9a984 SHA512 cc884282c36fa6239b766de8fcf1e3137a6621076b270b6fceb880ecb2eca9c14d306e744d6110facbbeb08b14973dfc4742ab9d36ca7a11abc6772ea0b5793f
30	+DIST intel-microcode-collection-20190623.tar.xz 5085652 BLAKE2B 717e60682060db9e9eb602b2bfb2ed9e1e192c8388a9defcff48b086b0040cb17723f6eeeede55da8a7776f270acbc1a2c0ea6c89f094404689174fc46fb830d SHA512 bac96d527255594861eafa82d01d065ea02190677ef9d9a74a37914175df455a8d9b722d49ec537d5cec2edf73925210f44f57bac8bf64ae19c04ff09a9173fc
31	DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017
32	+DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17
33
34	diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild
35	new file mode 100644
36	index 00000000000..c3838387251
37	--- /dev/null
38	+++ b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild
39	@@ -0,0 +1,248 @@
40	+# Copyright 1999-2019 Gentoo Authors
41	+# Distributed under the terms of the GNU General Public License v2
42	+
43	+EAPI="6"
44	+
45	+inherit linux-info toolchain-funcs mount-boot
46	+
47	+# Find updates by searching and clicking the first link (hopefully it's the one):
48	+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
49	+
50	+COLLECTION_SNAPSHOT="${PV##*_p}"
51	+INTEL_SNAPSHOT="${PV/_p*}"
52	+#NUM="28087"
53	+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
54	+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
55	+DESCRIPTION="Intel IA32/IA64 microcode update data"
56	+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
57	+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
58	+ https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
59	+
60	+LICENSE="intel-ucode"
61	+SLOT="0"
62	+KEYWORDS="-* amd64 x86"
63	+IUSE="hostonly initramfs +split-ucode vanilla"
64	+REQUIRED_USE="\|\| ( initramfs split-ucode )"
65	+
66	+DEPEND="sys-apps/iucode_tool"
67	+
68	+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
69	+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
70	+
71	+RESTRICT="binchecks bindist mirror strip"
72	+
73	+S=${WORKDIR}
74	+
75	+# Blacklist bad microcode here.
76	+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
77	+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
78	+
79	+# In case we want to set some defaults ...
80	+MICROCODE_SIGNATURES_DEFAULT=""
81	+
82	+# Advanced users only!
83	+# Set MIRCOCODE_SIGNATURES to merge with:
84	+# only current CPU: MICROCODE_SIGNATURES="-S"
85	+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
86	+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
87	+
88	+pkg_pretend() {
89	+ use initramfs && mount-boot_pkg_pretend
90	+}
91	+
92	+src_prepare() {
93	+ default
94	+
95	+ if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
96	+ # new tarball format from GitHub
97	+ mv * ../ \|\| die "Failed to move Intel-Linux-Processor-Microcode-Data*"
98	+ cd .. \|\| die
99	+ rm -r Intel-Linux-Processor-Microcode-Data* \|\| die
100	+ fi
101	+
102	+ # Prevent "invalid file format" errors from iucode_tool
103	+ rm -f "${S}"/intel-ucod*/list \|\| die
104	+}
105	+
106	+src_install() {
107	+ # This will take ALL of the upstream microcode sources:
108	+ # - microcode.dat
109	+ # - intel-ucode/
110	+ # In some cases, they have not contained the same content (eg the directory has newer stuff).
111	+ MICROCODE_SRC=(
112	+ "${S}"/intel-ucode/
113	+ "${S}"/intel-ucode-with-caveats/
114	+ )
115	+
116	+ # Allow users who are scared about microcode updates not included in Intel's official
117	+ # microcode tarball to opt-out and comply with Intel marketing
118	+ if ! use vanilla; then
119	+ MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
120	+ fi
121	+
122	+ # These will carry into pkg_preinst via env saving.
123	+ : ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
124	+ : ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
125	+
126	+ opts=(
127	+ ${MICROCODE_BLACKLIST}
128	+ ${MICROCODE_SIGNATURES}
129	+ # be strict about what we are doing
130	+ --overwrite
131	+ --strict-checks
132	+ --no-ignore-broken
133	+ # we want to install latest version
134	+ --no-downgrade
135	+ # show everything we find
136	+ --list-all
137	+ # show what we selected
138	+ --list
139	+ )
140	+
141	+ # The earlyfw cpio needs to be in /boot because it must be loaded before
142	+ # rootfs is mounted.
143	+ use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
144	+
145	+ keepdir /lib/firmware/intel-ucode
146	+ opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
147	+
148	+ iucode_tool \
149	+ "${opts[@]}" \
150	+ "${MICROCODE_SRC[@]}" \
151	+ \|\| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
152	+
153	+ dodoc releasenote
154	+}
155	+
156	+pkg_preinst() {
157	+ if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
158	+ ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
159	+ fi
160	+
161	+ if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
162	+ ewarn "Package was created using advanced options:"
163	+ ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
164	+ fi
165	+
166	+ # Make sure /boot is available if needed.
167	+ use initramfs && mount-boot_pkg_preinst
168	+
169	+ local _initramfs_file="${ED%/}/boot/intel-uc.img"
170	+
171	+ if use hostonly; then
172	+ # While this output looks redundant we do this check to detect
173	+ # rare cases where iucode_tool was unable to detect system's processor(s).
174	+ local _detected_processors=$(iucode_tool --scan-system 2>&1)
175	+ if [[ -z "${_detected_processors}" ]]; then
176	+ ewarn "Looks like iucode_tool was unable to detect any processor!"
177	+ else
178	+ einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
179	+ fi
180	+
181	+ opts=(
182	+ --scan-system
183	+ # be strict about what we are doing
184	+ --overwrite
185	+ --strict-checks
186	+ --no-ignore-broken
187	+ # we want to install latest version
188	+ --no-downgrade
189	+ # show everything we find
190	+ --list-all
191	+ # show what we selected
192	+ --list
193	+ )
194	+
195	+ # The earlyfw cpio needs to be in /boot because it must be loaded before
196	+ # rootfs is mounted.
197	+ use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
198	+
199	+ if use split-ucode; then
200	+ opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
201	+ fi
202	+
203	+ opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
204	+
205	+ mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} \|\| die
206	+ keepdir /lib/firmware/intel-ucode
207	+
208	+ iucode_tool "${opts[@]}" \|\| die "iucode_tool ${opts[@]}"
209	+
210	+ rm -r "${ED%/}"/lib/firmware/intel-ucode-temp \|\| die
211	+
212	+ elif ! use split-ucode; then # hostonly disabled
213	+ rm -r "${ED%/}"/lib/firmware/intel-ucode \|\| die
214	+ fi
215	+
216	+ # Because it is possible that this package will install not one single file
217	+ # due to user selection which is still somehow unexpected we add the following
218	+ # check to inform user so that the user has at least a chance to detect
219	+ # a problem/invalid select.
220	+ local _has_installed_something=
221	+ if use initramfs && [[ -s "${_initramfs_file}" ]]; then
222	+ _has_installed_something="yes"
223	+ elif use split-ucode; then
224	+ _has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
225	+ fi
226	+
227	+ if use hostonly && [[ -n "${_has_installed_something}" ]]; then
228	+ elog "You only installed ucode(s) for all currently available (=online)"
229	+ elog "processor(s). Remember to re-emerge this package whenever you"
230	+ elog "change the system's processor model."
231	+ elog ""
232	+ elif [[ -z "${_has_installed_something}" ]]; then
233	+ ewarn "WARNING:"
234	+ if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
235	+ ewarn "No ucode was installed! Because you have created this package"
236	+ ewarn "using MICROCODE_SIGNATURES variable please double check if you"
237	+ ewarn "have an invalid select."
238	+ ewarn "It's rare but it is also possible that just no ucode update"
239	+ ewarn "is available for your processor(s). In this case it is safe"
240	+ ewarn "to ignore this warning."
241	+ else
242	+ ewarn "No ucode was installed! It's rare but it is also possible"
243	+ ewarn "that just no ucode update is available for your processor(s)."
244	+ ewarn "In this case it is safe to ignore this warning."
245	+ fi
246	+
247	+ ewarn ""
248	+
249	+ if use hostonly; then
250	+ ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
251	+ ewarn ""
252	+ fi
253	+ fi
254	+}
255	+
256	+pkg_prerm() {
257	+ # Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
258	+ use initramfs && mount-boot_pkg_prerm
259	+}
260	+
261	+pkg_postrm() {
262	+ # Don't forget to umount /boot if it was previously mounted by us.
263	+ use initramfs && mount-boot_pkg_postrm
264	+}
265	+
266	+pkg_postinst() {
267	+ # Don't forget to umount /boot if it was previously mounted by us.
268	+ use initramfs && mount-boot_pkg_postinst
269	+
270	+ # We cannot give detailed information if user is affected or not:
271	+ # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
272	+ # to to force a specific, otherwise blacklisted, microcode. So we
273	+ # only show a generic warning based on running kernel version:
274	+ if kernel_is -lt 4 14 34; then
275	+ ewarn "${P} contains microcode updates which require"
276	+ ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
277	+ ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
278	+ ewarn "can crash your system!"
279	+ ewarn ""
280	+ ewarn "Those microcodes are blacklisted per default. However, if you have altered"
281	+ ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
282	+ ewarn "re-enabled those microcodes...!"
283	+ ewarn ""
284	+ ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-/releasenot\" if your microcode update"
285	+ ewarn "requires additional kernel patches or not."
286	+ fi
287	+}

Gentoo Archives: gentoo-commits