From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-1025629-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 67CD21382C5 for <garchives@archives.gentoo.org>; Wed, 23 May 2018 18:24:51 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 25DFCE08E2; Wed, 23 May 2018 18:24:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DAF55E08E2 for <gentoo-commits@lists.gentoo.org>; Wed, 23 May 2018 18:24:49 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 31E81335C43 for <gentoo-commits@lists.gentoo.org>; Wed, 23 May 2018 18:24:48 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 5E43A257 for <gentoo-commits@lists.gentoo.org>; Wed, 23 May 2018 18:24:46 +0000 (UTC) From: "Thomas Deutschmann" <whissi@gentoo.org> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org> Message-ID: <1527099876.eb9036f6f998c91c6bc021f73bc10ca1b5240ae7.whissi@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-firmware/intel-microcode/Manifest sys-firmware/intel-microcode/intel-microcode-20180426.ebuild sys-firmware/intel-microcode/metadata.xml X-VCS-Directories: sys-firmware/intel-microcode/ X-VCS-Committer: whissi X-VCS-Committer-Name: Thomas Deutschmann X-VCS-Revision: eb9036f6f998c91c6bc021f73bc10ca1b5240ae7 X-VCS-Branch: master Date: Wed, 23 May 2018 18:24:46 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 349699e9-d9ff-499f-8e0a-6a23107708fe X-Archives-Hash: 3682db0880a84a4a9a358d90ce170fd3 commit: eb9036f6f998c91c6bc021f73bc10ca1b5240ae7 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Wed May 23 18:02:28 2018 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Wed May 23 18:24:36 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb9036f6 sys-firmware/intel-microcode: Bump Ebuild changes: =============== - Based on Intel's microcode tarball from 2018-04-25. - Added 210+ additional microcode updates (for production, no beta release!), which are signed by Intel and publicly available but are not distributed via Intel's microcode tarball for marketing/product phase out reasons. You can prevent the usage of these microcode updates and stick with content from Intel's official release tarball via new "vanilla" USE flag. - Blacklisted microcode 0x000604f1 aka 06-4f-01 aka CPUID 406F1 which requires a newer microcode loader in kernel which is only available in kernel >=4.14.34. It is blacklisted because loading via older loader could crash the system. A news item with instructions will follow. Closes: https://github.com/gentoo/gentoo/pull/8532 Bug: https://bugs.gentoo.org/654638 Package-Manager: Portage-2.3.38, Repoman-2.3.9 sys-firmware/intel-microcode/Manifest | 2 + .../intel-microcode-20180426.ebuild | 129 +++++++++++++++++++++ sys-firmware/intel-microcode/metadata.xml | 1 + 3 files changed, 132 insertions(+) diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest index c6a73a98102..0a0431030f7 100644 --- a/sys-firmware/intel-microcode/Manifest +++ b/sys-firmware/intel-microcode/Manifest @@ -1,3 +1,4 @@ +DIST intel-microcode-collection-20180426.tar.xz 4155132 BLAKE2B 222c48ba0123887b4ae299e0acc4696512dc1c7528f1b735dd79b2d2f0bf6d988d061e773fb3949b2ab9ddcb69e4224ddb431ccda1c4b329ca37e9409ca60380 SHA512 038d43cd698183baa14b14f1b05e76c93386568494b2621e49338cf3c02fd0e663284ca864a50b3df4188bde5669bf4794cdcf7f4a287dcd42efbb8717809990 DIST microcode-20140430.tgz 785594 BLAKE2B e51a187ca99ad496804f117871b50693b03b50759c9dd23002149ff7fa4b74888c83e8e1fcf078a973dea82e6a9439de8415c56c902ed0163e55ceaaff0eaf23 SHA512 12954522629ce15c4b95c158b6288b3877a3d1f87bea838f8138e53987ef1b6c0edc7a8cbb802a981ccca178b70b4323907aafa7479c0c2fed4497f6fb7bbc1c DIST microcode-20140624.tgz 787237 BLAKE2B 1c2d8f39bf142570283e80f370f41c502ef04d24b4348ca4b44c881e3b1e54df72a88e09350d45a33d47d9955d84a80ae8a11e44561b1a8944a59f9326d4d81a SHA512 c774006aae639e7fae90bc1f5d8308b407e7cd3b7d0da6e35577560bf6201c2b15f7d7b6b0cd727c50be1e9d508b484b067856631fa2598498982109bff0e44c DIST microcode-20140913.tgz 830537 BLAKE2B 665c72fc3a3e1e13d9e58eba0ed202b30856532eee590006c02112df926b879985a97ba9a96b58a6aad0285bff95a3fbb27b22d533f958fe170887f0ab37eef1 SHA512 e179fe0001b1157cc95aee39185f51fd182d53c1bdb30bfc95bc3a70795c32012050f3a4adf06735a77d8ef9c703a330c6a2610b73b70f09f5760e31d39cb89c @@ -13,3 +14,4 @@ DIST microcode-20171117_p20171215-r1.tgz 1477015 BLAKE2B 3911aed3bbbd350be69a99b DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293 DIST microcode-20180108.tgz 3676678 BLAKE2B 197e0188e516a3071be9e2e7a6261d78208613db8b746c7df533ce37884197dbd06a4e6ab027cbddba38903f590130f2d974e46da8fbab0613561523653460ab SHA512 f4010d83353948df27beeb804ef11e4f019f63397a4936f9d139e2842f7944d1ae864b9376987eaffc7db5b97201d5de2f4c1d7cc6b0f545ae15ec53a61fce2b DIST microcode-20180312.tgz 3789662 BLAKE2B e948d74833fe75b9bbdff1e4676f5d49a13bdd06aa6525c39be3448b822203947a5f55515484401ee0c96e8ade19ea580718949bed65883d983509661a16e637 SHA512 cc2cabf6d12c83b65eeb30fca7eb0b503e037dbee3d7ce9cb307b02ed8ac9426b2bafc2c1f1281dddff0945f8308f0d3cd320edea4596551354188d64760b854 +DIST microcode-20180425.tgz 1565473 BLAKE2B 70e0a56f0f5f720e00ab18d6553bc221147589e83df34fdc0c130c6f74a239e48355bfe1845b1de919ed1bce9ade7b7db298883eb3de1d53732a694b15d76f62 SHA512 6cea53cc0f486891fb9ddffc1e03e8e0a6d1d91df6bfda81250b2c60714e7b4111caa9df5afa7f13d8144e591550ef7eb4fd1e153fc67fc904afb83ccc2e3bb0 diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild new file mode 100644 index 00000000000..648f16f204a --- /dev/null +++ b/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild @@ -0,0 +1,129 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit linux-info toolchain-funcs mount-boot + +# Find updates by searching and clicking the first link (hopefully it's the one): +# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File + +COLLECTION_SNAPSHOT="20180426" +INTEL_SNAPSHOT="20180425" +NUM="27776" +DESCRIPTION="Intel IA32/IA64 microcode update data" +HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}" +SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz + https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz" + +LICENSE="intel-ucode" +SLOT="0" +KEYWORDS="" +IUSE="initramfs +split-ucode vanilla" +REQUIRED_USE="|| ( initramfs split-ucode )" + +DEPEND="sys-apps/iucode_tool" +RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586 + +S=${WORKDIR} + +# Blacklist bad microcode here. +# 0x000604f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader +DEFAULT_MICROCODE_SIGNATURES="-s !0x000604f1" + +# Advanced users only: +# merge with: +# only current CPU: MICROCODE_SIGNATURES="-S" +# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" +# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" +MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}" + +pkg_pretend() { + if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then + ewarn "The user has opted in for advanced use:" + ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${DEFAULT_MICROCODE_SIGNATURES}\"!" + fi + use initramfs && mount-boot_pkg_pretend +} + +src_prepare() { + default + + # Prevent "invalid file format" errors from iucode_tool + rm -f "${S}"/intel-ucod*/list || die +} + +src_install() { + # This will take ALL of the upstream microcode sources: + # - microcode.dat + # - intel-ucode/ + # In some cases, they have not contained the same content (eg the directory has newer stuff). + MICROCODE_SRC=( + "${S}"/intel-ucode/ + "${S}"/intel-ucode-with-caveats/ + ) + + # Allow users who are scared about microcode updates not included in Intel's official + # microcode tarball to opt-out and comply with Intel marketing + if ! use vanilla; then + MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} ) + fi + + opts=( + ${MICROCODE_SIGNATURES} + # be strict about what we are doing + --overwrite + --strict-checks + --no-ignore-broken + # we want to install latest version + --no-downgrade + # show everything we find + --list-all + # show what we selected + --list + ) + + # The earlyfw cpio needs to be in /boot because it must be loaded before + # rootfs is mounted. + use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img ) + # split location: + use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode ) + + iucode_tool \ + "${opts[@]}" \ + "${MICROCODE_SRC[@]}" \ + || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}" + + dodoc releasenote +} + +pkg_preinst() { + use initramfs && mount-boot_pkg_preinst +} + +pkg_prerm() { + use initramfs && mount-boot_pkg_prerm +} + +pkg_postrm() { + use initramfs && mount-boot_pkg_postrm +} + +pkg_postinst() { + use initramfs && mount-boot_pkg_postinst + + if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then + if kernel_is -lt 4 14 34; then + ewarn "${P} contains microcode updates which require" + ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." + ewarn "Loading such a microcode through kernel interface from an unpatched kernel" + ewarn "can crash your system!" + ewarn "" + ewarn "Those microcodes are blacklisted per default. However, you have altered" + ewarn "MICROCODE_SIGNATURES and maybe unintentionally re-enabled those microcodes." + ewarn "" + ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update" + ewarn "requires additional kernel patches or not." + fi + fi +} diff --git a/sys-firmware/intel-microcode/metadata.xml b/sys-firmware/intel-microcode/metadata.xml index f8bcf6658dd..2d96b231657 100644 --- a/sys-firmware/intel-microcode/metadata.xml +++ b/sys-firmware/intel-microcode/metadata.xml @@ -9,5 +9,6 @@ <flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag> <flag name="monolithic">install the large text microcode.dat (used by older kernels via microcode_ctl)</flag> <flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag> + <flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag> </use> </pkgmetadata>