[gentoo-commits] repo/gentoo:master commit in: sys-apps/microcode-ctl/

["Mike Frysinger" <vapier@gentoo.org>]

commit:     719cc5ef240b766953ddbe1e7a6593f8091eed12
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 11 06:28:16 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Aug 11 06:34:22 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=719cc5ef

microcode-ctl: stop installing the init script

Updating microcode on the fly is dangerous as it can modify the set of
valid instructions.  An active example of this is Intel's TSX insns --
the latest microcode push disables the insn on newer CPUs and causes
SIGILL when you try to use it.  But if you test for the insn before the
microcode is updated, it will execute fine.  For daemons that launched
before the update, they'll find the flag works, and then crash later on
when the insn no longer exists.

Thus the only safe way to update microcode is at boot time via a builtin
initramfs.  Details on this operation can be found in #528712#41.

 .../microcode-ctl/microcode-ctl-1.28-r1.ebuild     | 43 ++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/sys-apps/microcode-ctl/microcode-ctl-1.28-r1.ebuild b/sys-apps/microcode-ctl/microcode-ctl-1.28-r1.ebuild
new file mode 100644
index 0000000..3aaef2b
--- /dev/null
+++ b/sys-apps/microcode-ctl/microcode-ctl-1.28-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit toolchain-funcs
+
+MY_P=${PN/-/_}-${PV}
+DESCRIPTION="Intel processor microcode update utility"
+HOMEPAGE="https://fedorahosted.org/microcode_ctl/"
+SRC_URI="https://fedorahosted.org/released/${PN/-/_}/${MY_P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="selinux"
+
+DEPEND=""
+RDEPEND=">=sys-apps/microcode-data-20090330
+	selinux? ( sec-policy/selinux-cpucontrol )"
+
+S=${WORKDIR}/${MY_P}
+
+src_compile() {
+	emake \
+		CC="$(tc-getCC)" \
+		CFLAGS="${CFLAGS} ${CPPFLAGS} ${LDFLAGS}"
+}
+
+src_install() {
+	dosbin microcode_ctl
+	doman microcode_ctl.8
+	dodoc Changelog README
+}
+
+pkg_preinst() {
+	if has_version "<${CATEGORY}/${PN}-1.28-r1" ; then
+		elog "The init scripts have been removed as they are unsafe.  If you want to update"
+		elog "the microcode in your system, please use an initramfs.  See bug #528712#41 for"
+		elog "details (and bug #557278 for genkernel users)."
+	fi
+}