[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Doug Goldstein]

commit:     be80f0b97c58400faf2fe0631bd7542dc38f2105
Author:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
AuthorDate: Fri Jun 24 20:10:20 2016 +0000
Commit:     Doug Goldstein <cardoe <AT> gentoo <DOT> org>
CommitDate: Fri Jun 24 20:12:01 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be80f0b9

sys-firmware/intel-microcode: version bump

Package-Manager: portage-2.2.28
Signed-off-by: Doug Goldstein <cardoe <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20160607.ebuild                | 49 ++++++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index c1074e6..f107770 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -3,3 +3,4 @@ DIST microcode-20140624.tgz 787237 SHA256 b4662ac780438a7b2d87e6d26a7066feb807f3
 DIST microcode-20140913.tgz 830537 SHA256 ea6c0ee21d1fbf261f093176a78089c21411e5fe0e2c35b258cedf2b39987e15 SHA512 e179fe0001b1157cc95aee39185f51fd182d53c1bdb30bfc95bc3a70795c32012050f3a4adf06735a77d8ef9c703a330c6a2610b73b70f09f5760e31d39cb89c WHIRLPOOL de56d52d184dd2f21e0ca41dca0bb5b539758de614f4e0eb8e7c8281e97ea6dfcc33c50a3fec7262112dc11e8a78b458b3d7ef8c8b5579d500d358393911565d
 DIST microcode-20150121.tgz 850761 SHA256 23353b93bb421971496cea5e9f9d390ce0ed22580a8cc45ae7b3b322dcd8f6b3 SHA512 f62edd1b666cf381605613766d7e123f0c6debee4448c0ff0882d33c144ad2174656d2501a449f24eb3e4708259e7ec0ff42810739b7d1f34a6a1d9950d17bc4 WHIRLPOOL 573368845333aee9ca23a98cc6711cc22da5b5893a3c29df292df281a024ad9b50ab4893cc0a44b65e86f388fc55e2c53cd0f99a619c3315dd4db5e090b91319
 DIST microcode-20151106.tgz 892805 SHA256 096e39489eef67666be652e81fa372a06b74f39ea3d565dc0287242c668717e7 SHA512 606ce97f0fe76f6a34a857923d3432d8e2368e8a5c504ffa0313f9f016d61b0a5dea26e67662ce1283c1f772ace7318e96a34ebeeeff50b25deb3005ccc6978e WHIRLPOOL 0c73429977e31b8f6230b21889480eda79ecc3feb64a8e6e5a1cebc124a98300f887789650e480611a183237461517aba51b3b31a8450bc5a2e01c5955e7b534
+DIST microcode-20160607.tgz 1236385 SHA256 db821eb47af2caa39613caee0eb89a9584b2ebc4a9ab1b9624fe778f9a41fa7d SHA512 17f62ebf3e9f262d21ffa00546da4d711a9a810ad0a9bf4b2805c33090d75e9a07df1f3449baf6009ec5ef1f9af470fd32285b6100f0819e0b9989f5c55dc5bd WHIRLPOOL 08ccd42872998144abd02897dd4738142f7b2d4e2a6d5a84a8baa37a629867f2d829385dffa7aefba9b1d3bdcf2ae0f4b4dca9104d76a81b87d359540d7c261f

diff --git a/sys-firmware/intel-microcode/intel-microcode-20160607.ebuild b/sys-firmware/intel-microcode/intel-microcode-20160607.ebuild
new file mode 100644
index 0000000..3ab4d5d
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20160607.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="26083"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs monolithic +split-ucode"
+REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_unpack() {
+	default
+	cp "${FILESDIR}"/intel-microcode2ucode.c ./ || die
+}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio microcode.dat || die
+	fi
+
+	if use split-ucode ; then
+		tc-env_build emake intel-microcode2ucode
+		./intel-microcode2ucode microcode.dat || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use monolithic && doins microcode.dat
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Tony Vroon]

commit:     218a4133229c6971f89841cde63a0b9589f6ec25
Author:     Tony Vroon <chainsaw <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 13:44:00 2016 +0000
Commit:     Tony Vroon <chainsaw <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 13:44:00 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=218a4133

sys-firmware/intel-microcode: Version bump to 20160714, ebuild changes & testing by Shark in bug #592212.

Package-Manager: portage-2.3.1

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20160714.ebuild                | 49 ++++++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index f107770..3f7515a 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -4,3 +4,4 @@ DIST microcode-20140913.tgz 830537 SHA256 ea6c0ee21d1fbf261f093176a78089c21411e5
 DIST microcode-20150121.tgz 850761 SHA256 23353b93bb421971496cea5e9f9d390ce0ed22580a8cc45ae7b3b322dcd8f6b3 SHA512 f62edd1b666cf381605613766d7e123f0c6debee4448c0ff0882d33c144ad2174656d2501a449f24eb3e4708259e7ec0ff42810739b7d1f34a6a1d9950d17bc4 WHIRLPOOL 573368845333aee9ca23a98cc6711cc22da5b5893a3c29df292df281a024ad9b50ab4893cc0a44b65e86f388fc55e2c53cd0f99a619c3315dd4db5e090b91319
 DIST microcode-20151106.tgz 892805 SHA256 096e39489eef67666be652e81fa372a06b74f39ea3d565dc0287242c668717e7 SHA512 606ce97f0fe76f6a34a857923d3432d8e2368e8a5c504ffa0313f9f016d61b0a5dea26e67662ce1283c1f772ace7318e96a34ebeeeff50b25deb3005ccc6978e WHIRLPOOL 0c73429977e31b8f6230b21889480eda79ecc3feb64a8e6e5a1cebc124a98300f887789650e480611a183237461517aba51b3b31a8450bc5a2e01c5955e7b534
 DIST microcode-20160607.tgz 1236385 SHA256 db821eb47af2caa39613caee0eb89a9584b2ebc4a9ab1b9624fe778f9a41fa7d SHA512 17f62ebf3e9f262d21ffa00546da4d711a9a810ad0a9bf4b2805c33090d75e9a07df1f3449baf6009ec5ef1f9af470fd32285b6100f0819e0b9989f5c55dc5bd WHIRLPOOL 08ccd42872998144abd02897dd4738142f7b2d4e2a6d5a84a8baa37a629867f2d829385dffa7aefba9b1d3bdcf2ae0f4b4dca9104d76a81b87d359540d7c261f
+DIST microcode-20160714.tgz 1239344 SHA256 f3a9c6fc93275bf1febc26f7c397ac93ed5f109e47fb52932f6dbd5cfdbc840e SHA512 f9e09b6669a86aafcc77642d6e33acf9326109c3a2bc3e0d62b45a062b9ecbde6605b5a0ae31d4a3ad2b0ed3c6d3aadbd18088431fb72216bfc31fc452b0e342 WHIRLPOOL d62bbce555adc1973465d81463d9ef51cc64f5f0937b555a0b616458afc47823b2512a60eb498d4658e96244430e47bde5f36b2e49d202d41e61914bee6a3a9c

diff --git a/sys-firmware/intel-microcode/intel-microcode-20160714.ebuild b/sys-firmware/intel-microcode/intel-microcode-20160714.ebuild
new file mode 100644
index 00000000..66c320c
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20160714.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="26156"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs monolithic +split-ucode"
+REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_unpack() {
+	default
+	cp "${FILESDIR}"/intel-microcode2ucode.c ./ || die
+}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio microcode.dat || die
+	fi
+
+	if use split-ucode ; then
+		tc-env_build emake intel-microcode2ucode
+		./intel-microcode2ucode microcode.dat || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use monolithic && doins microcode.dat
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Markos Chandras]

commit:     2c773a50ae2cbceddda9dd8da05e175328693911
Author:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 24 20:16:29 2016 +0000
Commit:     Markos Chandras <hwoarang <AT> gentoo <DOT> org>
CommitDate: Thu Nov 24 20:16:29 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c773a50

sys-firmware/intel-microcode: Version bump to 20161104

Ebuild by Alexander Turenko <totktonada.ru <AT> gmail.com>

Gentoo-Bug: 599748

Package-Manager: portage-2.2.27

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20161104.ebuild                | 49 ++++++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 3f7515a..c4e5554 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -5,3 +5,4 @@ DIST microcode-20150121.tgz 850761 SHA256 23353b93bb421971496cea5e9f9d390ce0ed22
 DIST microcode-20151106.tgz 892805 SHA256 096e39489eef67666be652e81fa372a06b74f39ea3d565dc0287242c668717e7 SHA512 606ce97f0fe76f6a34a857923d3432d8e2368e8a5c504ffa0313f9f016d61b0a5dea26e67662ce1283c1f772ace7318e96a34ebeeeff50b25deb3005ccc6978e WHIRLPOOL 0c73429977e31b8f6230b21889480eda79ecc3feb64a8e6e5a1cebc124a98300f887789650e480611a183237461517aba51b3b31a8450bc5a2e01c5955e7b534
 DIST microcode-20160607.tgz 1236385 SHA256 db821eb47af2caa39613caee0eb89a9584b2ebc4a9ab1b9624fe778f9a41fa7d SHA512 17f62ebf3e9f262d21ffa00546da4d711a9a810ad0a9bf4b2805c33090d75e9a07df1f3449baf6009ec5ef1f9af470fd32285b6100f0819e0b9989f5c55dc5bd WHIRLPOOL 08ccd42872998144abd02897dd4738142f7b2d4e2a6d5a84a8baa37a629867f2d829385dffa7aefba9b1d3bdcf2ae0f4b4dca9104d76a81b87d359540d7c261f
 DIST microcode-20160714.tgz 1239344 SHA256 f3a9c6fc93275bf1febc26f7c397ac93ed5f109e47fb52932f6dbd5cfdbc840e SHA512 f9e09b6669a86aafcc77642d6e33acf9326109c3a2bc3e0d62b45a062b9ecbde6605b5a0ae31d4a3ad2b0ed3c6d3aadbd18088431fb72216bfc31fc452b0e342 WHIRLPOOL d62bbce555adc1973465d81463d9ef51cc64f5f0937b555a0b616458afc47823b2512a60eb498d4658e96244430e47bde5f36b2e49d202d41e61914bee6a3a9c
+DIST microcode-20161104.tgz 1290125 SHA256 70154ca62ff9b3da6291dfdecc90daaeb399d7290c0d308d719df16dff5ee3d1 SHA512 73a7310c1da5bec7ce82bce5cf7c2aafa3d0189e7524bdebd20e1ea3568cf8242be39d9041fa055fe06e759f98703c5d0a631e57ff185aae3ba3c91dbe83cf7a WHIRLPOOL e811315facf6b7dc80c4a99555d909e1c26aa7904d1f2608de633f7e49f691f5bf6c47973381cd72e4cb8c3b4355651a4c64564c79539ddfa41a007b8f05b5ca

diff --git a/sys-firmware/intel-microcode/intel-microcode-20161104.ebuild b/sys-firmware/intel-microcode/intel-microcode-20161104.ebuild
new file mode 100644
index 00000000..a90795c
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20161104.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="26400"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs monolithic +split-ucode"
+REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_unpack() {
+	default
+	cp "${FILESDIR}"/intel-microcode2ucode.c ./ || die
+}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio microcode.dat || die
+	fi
+
+	if use split-ucode ; then
+		tc-env_build emake intel-microcode2ucode
+		./intel-microcode2ucode microcode.dat || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use monolithic && doins microcode.dat
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Tobias Klausmann]

commit:     00705c859bb0bd8563b71baeeba032903fcf2bad
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 20 12:47:43 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Tue Dec 20 12:47:43 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00705c85

sys-firmware/intel-microcode-20151106-r0: stable on amd64

Gentoo-Bug: 587584

 sys-firmware/intel-microcode/intel-microcode-20151106.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild b/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild
index f224706..b639726 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild
@@ -16,7 +16,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 ~x86"
 IUSE="initramfs monolithic +split-ucode"
 REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e2ce217e5f9f884b5bd30bb10d68c1a4b5f14d99
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 21 10:42:07 2016 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Dec 21 11:23:26 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2ce217e

sys-firmware/intel-microcode: x86 stable (bug #587584)

Package-Manager: Portage-2.3.2, Repoman-2.3.1

 sys-firmware/intel-microcode/intel-microcode-20151106.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild b/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild
index b639726..bdbb73a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20151106.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -16,7 +16,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs monolithic +split-ucode"
 REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Robin H. Johnson]

commit:     158430648dea228df7ff265c5847a617ee4a7893
Author:     Ulrich Réale <ulrich.reale <AT> mailoo <DOT> org>
AuthorDate: Sun May 21 04:15:07 2017 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Jun  5 21:23:06 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15843064

sys-firmware/intel-microcode: version bump to 20170511

Package-Manager: Portage-2.3.5, Repoman-2.3.1
(cherry picked from commit 2e34ff5858ef7c7b09949d3878ffafee65cab9db)
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Fixes: https://github.com/gentoo/gentoo/pull/4697

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20170511.ebuild                | 48 ++++++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index c4e555481bd..4ce2cad6897 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -6,3 +6,4 @@ DIST microcode-20151106.tgz 892805 SHA256 096e39489eef67666be652e81fa372a06b74f3
 DIST microcode-20160607.tgz 1236385 SHA256 db821eb47af2caa39613caee0eb89a9584b2ebc4a9ab1b9624fe778f9a41fa7d SHA512 17f62ebf3e9f262d21ffa00546da4d711a9a810ad0a9bf4b2805c33090d75e9a07df1f3449baf6009ec5ef1f9af470fd32285b6100f0819e0b9989f5c55dc5bd WHIRLPOOL 08ccd42872998144abd02897dd4738142f7b2d4e2a6d5a84a8baa37a629867f2d829385dffa7aefba9b1d3bdcf2ae0f4b4dca9104d76a81b87d359540d7c261f
 DIST microcode-20160714.tgz 1239344 SHA256 f3a9c6fc93275bf1febc26f7c397ac93ed5f109e47fb52932f6dbd5cfdbc840e SHA512 f9e09b6669a86aafcc77642d6e33acf9326109c3a2bc3e0d62b45a062b9ecbde6605b5a0ae31d4a3ad2b0ed3c6d3aadbd18088431fb72216bfc31fc452b0e342 WHIRLPOOL d62bbce555adc1973465d81463d9ef51cc64f5f0937b555a0b616458afc47823b2512a60eb498d4658e96244430e47bde5f36b2e49d202d41e61914bee6a3a9c
 DIST microcode-20161104.tgz 1290125 SHA256 70154ca62ff9b3da6291dfdecc90daaeb399d7290c0d308d719df16dff5ee3d1 SHA512 73a7310c1da5bec7ce82bce5cf7c2aafa3d0189e7524bdebd20e1ea3568cf8242be39d9041fa055fe06e759f98703c5d0a631e57ff185aae3ba3c91dbe83cf7a WHIRLPOOL e811315facf6b7dc80c4a99555d909e1c26aa7904d1f2608de633f7e49f691f5bf6c47973381cd72e4cb8c3b4355651a4c64564c79539ddfa41a007b8f05b5ca
+DIST microcode-20170511.tgz 2143617 SHA256 2f77fd2d87403b754d01a66c78a36a8b8ffc16dc3c50fb7aa2c4cd4da7f681a3 SHA512 4e2066096d56430c2df73631f15cf16f2317c1d8ff745d7b7cdd784ebccc2b797565eb52703cce9b4238774dbfdcaecacd892d729b7869fdfd7644008ce74a60 WHIRLPOOL 492e5e5962696636bfb2e181964893ba59798873b71cb9f5d11b1dcb9a1b32acb9e11634b71d880e05f9b71eb4f45dbc72e7a48e1ac4f38dfec816dbecf79b0d

diff --git a/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild b/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
new file mode 100644
index 00000000000..ebee9960a3c
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="26798"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs monolithic +split-ucode"
+REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_unpack() {
+	default
+	cp "${FILESDIR}"/intel-microcode2ucode.c ./ || die
+}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio microcode.dat || die
+	fi
+
+	if use split-ucode ; then
+		tc-env_build emake intel-microcode2ucode
+		./intel-microcode2ucode microcode.dat || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use monolithic && doins microcode.dat
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Agostino Sarubbo]

commit:     3215274ab9893be672cd88b313ce2a16290ad286
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jul  4 10:17:26 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jul  4 10:17:26 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3215274a

sys-firmware/intel-microcode: amd64 stable wrt bug #622906

Package-Manager: Portage-2.3.6, Repoman-2.3.1
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20170511.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild b/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
index ebee9960a3c..9244e38194a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
@@ -15,7 +15,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 ~x86"
 IUSE="initramfs monolithic +split-ucode"
 REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Agostino Sarubbo]

commit:     98469cba5e9a637ac5ea27502fae29ec446a01d5
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Tue Jul  4 15:48:50 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Tue Jul  4 15:48:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98469cba

sys-firmware/intel-microcode: x86 stable wrt bug #622906

Package-Manager: Portage-2.3.6, Repoman-2.3.1
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20170511.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild b/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
index 9244e38194a..20126a02fad 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20170511.ebuild
@@ -15,7 +15,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs monolithic +split-ucode"
 REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Matt Turner]

commit:     f8cfff8eff935a057bc948003d5157762b6b03ff
Author:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 14 07:12:27 2017 +0000
Commit:     Matt Turner <mattst88 <AT> gentoo <DOT> org>
CommitDate: Fri Jul 14 07:12:46 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8cfff8e

sys-firmware/intel-microcode-20170707: amd64 and x86 stable, bug 624556

 sys-firmware/intel-microcode/intel-microcode-20170707.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20170707.ebuild b/sys-firmware/intel-microcode/intel-microcode-20170707.ebuild
index acab7d67475..386a152c3e2 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20170707.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20170707.ebuild
@@ -15,7 +15,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs monolithic +split-ucode"
 REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     6870e19a1266652e0fa6c0af5aa1edb57aaeb755
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 21 20:08:46 2017 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 21 20:08:46 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6870e19a

sys-firmware/intel-microcode: Bump to v20171117

Closes: https://bugs.gentoo.org/638386
Package-Manager: Portage-2.3.13, Repoman-2.3.4

 sys-firmware/intel-microcode/Manifest              |  3 +-
 .../intel-microcode-20171117.ebuild                | 48 ++++++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 197db19058f..f376c055741 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -7,4 +7,5 @@ DIST microcode-20160607.tgz 1236385 SHA256 db821eb47af2caa39613caee0eb89a9584b2e
 DIST microcode-20160714.tgz 1239344 SHA256 f3a9c6fc93275bf1febc26f7c397ac93ed5f109e47fb52932f6dbd5cfdbc840e SHA512 f9e09b6669a86aafcc77642d6e33acf9326109c3a2bc3e0d62b45a062b9ecbde6605b5a0ae31d4a3ad2b0ed3c6d3aadbd18088431fb72216bfc31fc452b0e342 WHIRLPOOL d62bbce555adc1973465d81463d9ef51cc64f5f0937b555a0b616458afc47823b2512a60eb498d4658e96244430e47bde5f36b2e49d202d41e61914bee6a3a9c
 DIST microcode-20161104.tgz 1290125 SHA256 70154ca62ff9b3da6291dfdecc90daaeb399d7290c0d308d719df16dff5ee3d1 SHA512 73a7310c1da5bec7ce82bce5cf7c2aafa3d0189e7524bdebd20e1ea3568cf8242be39d9041fa055fe06e759f98703c5d0a631e57ff185aae3ba3c91dbe83cf7a WHIRLPOOL e811315facf6b7dc80c4a99555d909e1c26aa7904d1f2608de633f7e49f691f5bf6c47973381cd72e4cb8c3b4355651a4c64564c79539ddfa41a007b8f05b5ca
 DIST microcode-20170511.tgz 2143617 SHA256 2f77fd2d87403b754d01a66c78a36a8b8ffc16dc3c50fb7aa2c4cd4da7f681a3 SHA512 4e2066096d56430c2df73631f15cf16f2317c1d8ff745d7b7cdd784ebccc2b797565eb52703cce9b4238774dbfdcaecacd892d729b7869fdfd7644008ce74a60 WHIRLPOOL 492e5e5962696636bfb2e181964893ba59798873b71cb9f5d11b1dcb9a1b32acb9e11634b71d880e05f9b71eb4f45dbc72e7a48e1ac4f38dfec816dbecf79b0d
-DIST microcode-20170707.tgz 2908882 SHA256 4fd44769bf52a7ac11e90651a307aa6e56ca6e1a814e50d750ba8207973bee93 SHA512 2f0643c332318e9c818b9a23a996b59086e86e80e649589e43dbab19f13083d6d9505b8557f67b45ce56de0da043c753a14bb146e597b6669f24fe543656c65f WHIRLPOOL bafae318d350bae1ebb6aeb5611e9ffab7d52d2ca836c7b65cb6b86bae9da7ee2c41945e0252cbe1797de4737507948b5260bbe3996d1d7e3fd2489e32452456
+DIST microcode-20170707.tgz 2908882 BLAKE2B 545d94ee9292d1ba730932f11660d0e0378b4a6f2a5232cdcc26333a8d707ec13b040d41617fb28c17e4b81f1df5bc4180f1979925d2fa5198f2edfb3623967c SHA512 2f0643c332318e9c818b9a23a996b59086e86e80e649589e43dbab19f13083d6d9505b8557f67b45ce56de0da043c753a14bb146e597b6669f24fe543656c65f
+DIST microcode-20171117.tgz 3594762 BLAKE2B 7a02c28ec6b9b22a367f8fd7d59f244d0195fef3b256fa2542bca734026e869fdefc7b368a230e94ac0554473d18d1b80aa00511ad4ab6580279f512a106c17d SHA512 b1f09dd7bb04c00e456e34bf42bf786c780aba6d2ef3231a45769216a093876e9bb15123c82ddb7d8ef5426fe10b946509f363770af3b4eba16ba76043a064b4

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117.ebuild
new file mode 100644
index 00000000000..6e1904bba7f
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27337"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs monolithic +split-ucode"
+REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_unpack() {
+	default
+	cp "${FILESDIR}"/intel-microcode2ucode.c-r1 ./intel-microcode2ucode.c || die
+}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio microcode.dat || die
+	fi
+
+	if use split-ucode ; then
+		tc-env_build emake intel-microcode2ucode
+		./intel-microcode2ucode microcode.dat || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use monolithic && doins microcode.dat
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e6ea9dcb23142a268cef722793a408071677d6b1
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Jan  4 16:24:38 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Jan  4 16:24:55 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e6ea9dcb

sys-firmware/intel-microcode: Rev bump for CVE-2017-5715 mitigation

The CPU microcode for Intel Haswell-X, Skylake-X and Broadwell-X
chipsets was updated to report both branch prediction control via CPUID
flag and ability to control branch prediction via an MSR register.

Required for kernel mitigation against CVE-2017-5715.

Bug: https://bugs.gentoo.org/643430
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20171117_p20171215.ebuild      | 39 ++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e37c29bbc77..22f1ac958e3 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -9,3 +9,4 @@ DIST microcode-20161104.tgz 1290125 BLAKE2B 9274bebe3f9104f0afc6378ae40810b2a634
 DIST microcode-20170511.tgz 2143617 BLAKE2B a2185b44cfca9832d2a80f12a189c49365ed323692b8fd94e99a0f4e8d3f0102a21cfce806ad9e53f172c3ae038f4ffafbafc8421bea6668bfbfdd1262bbd8e9 SHA512 4e2066096d56430c2df73631f15cf16f2317c1d8ff745d7b7cdd784ebccc2b797565eb52703cce9b4238774dbfdcaecacd892d729b7869fdfd7644008ce74a60
 DIST microcode-20170707.tgz 2908882 BLAKE2B 545d94ee9292d1ba730932f11660d0e0378b4a6f2a5232cdcc26333a8d707ec13b040d41617fb28c17e4b81f1df5bc4180f1979925d2fa5198f2edfb3623967c SHA512 2f0643c332318e9c818b9a23a996b59086e86e80e649589e43dbab19f13083d6d9505b8557f67b45ce56de0da043c753a14bb146e597b6669f24fe543656c65f
 DIST microcode-20171117.tgz 3594762 BLAKE2B 7a02c28ec6b9b22a367f8fd7d59f244d0195fef3b256fa2542bca734026e869fdefc7b368a230e94ac0554473d18d1b80aa00511ad4ab6580279f512a106c17d SHA512 b1f09dd7bb04c00e456e34bf42bf786c780aba6d2ef3231a45769216a093876e9bb15123c82ddb7d8ef5426fe10b946509f363770af3b4eba16ba76043a064b4
+DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild
new file mode 100644
index 00000000000..aa9186b43f8
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27337"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+#SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+SRC_URI="mirror://gentoo/microcode-${PV}.tgz
+	https://dev.gentoo.org/~whissi/dist/${PN}/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs +split-ucode"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio intel-ucode/ || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Agostino Sarubbo]

commit:     56e1886773bf809f8e2bbe993d14ad544c39a7b7
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Jan  6 17:53:39 2018 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Jan  6 17:53:39 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56e18867

sys-firmware/intel-microcode: amd64 stable wrt bug #643430

Package-Manager: Portage-2.3.13, Repoman-2.3.3
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild
index 41278f7bcfe..d6f30214012 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild
@@ -17,7 +17,7 @@ SRC_URI="mirror://gentoo/microcode-${PV}.tgz
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs +split-ucode"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     fe65cc7bc14f41f05bb9c41f7318f280a1a31b5e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  7 20:48:05 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jan  7 20:48:23 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe65cc7b

sys-firmware/intel-microcode: Bump to add additional microcode updates

Added:
(06-3c-03): 0x0022 -> 0x0023
(06-3d-04): 0x0025 -> 0x0028
(06-45-01): 0x0020 -> 0x0021
(06-4e-03): 0x00ba -> 0x00c2
(06-5c-09): 0x002c -> 0x002e
(06-8e-09): 0x0062 -> 0x007c
(06-9e-09): 0x005e -> 0x007c

Bug: https://bugs.gentoo.org/643794
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20171117_p20171215-r1.ebuild   | 39 ++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 22f1ac958e3..27d1b399f22 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -9,4 +9,5 @@ DIST microcode-20161104.tgz 1290125 BLAKE2B 9274bebe3f9104f0afc6378ae40810b2a634
 DIST microcode-20170511.tgz 2143617 BLAKE2B a2185b44cfca9832d2a80f12a189c49365ed323692b8fd94e99a0f4e8d3f0102a21cfce806ad9e53f172c3ae038f4ffafbafc8421bea6668bfbfdd1262bbd8e9 SHA512 4e2066096d56430c2df73631f15cf16f2317c1d8ff745d7b7cdd784ebccc2b797565eb52703cce9b4238774dbfdcaecacd892d729b7869fdfd7644008ce74a60
 DIST microcode-20170707.tgz 2908882 BLAKE2B 545d94ee9292d1ba730932f11660d0e0378b4a6f2a5232cdcc26333a8d707ec13b040d41617fb28c17e4b81f1df5bc4180f1979925d2fa5198f2edfb3623967c SHA512 2f0643c332318e9c818b9a23a996b59086e86e80e649589e43dbab19f13083d6d9505b8557f67b45ce56de0da043c753a14bb146e597b6669f24fe543656c65f
 DIST microcode-20171117.tgz 3594762 BLAKE2B 7a02c28ec6b9b22a367f8fd7d59f244d0195fef3b256fa2542bca734026e869fdefc7b368a230e94ac0554473d18d1b80aa00511ad4ab6580279f512a106c17d SHA512 b1f09dd7bb04c00e456e34bf42bf786c780aba6d2ef3231a45769216a093876e9bb15123c82ddb7d8ef5426fe10b946509f363770af3b4eba16ba76043a064b4
+DIST microcode-20171117_p20171215-r1.tgz 1477015 BLAKE2B 3911aed3bbbd350be69a99bc855cdec6e8dc2a77f64c4d3a6c1aa24455d5c97eb1c03917eddb4cac2018f6da20a1751cc819a5f27f866f64fc56c7279b5ca40f SHA512 05466e16f9778a3ab148fa5485cd605bca7990067040aa9133ec4c3c1b007519cb260fe8811b44df1192ca0e84237f00d7afccfa11103f3dd4a99c08c692ecb0
 DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
new file mode 100644
index 00000000000..a72525d1f3f
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27337"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+#SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+SRC_URI="mirror://gentoo/microcode-${PV}-r1.tgz
+	https://dev.gentoo.org/~whissi/dist/${PN}/microcode-${PV}-r1.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs +split-ucode"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio intel-ucode/ || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Agostino Sarubbo]

commit:     8d79ad356e94d77d5e309716f1350abd1fa08afc
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  7 21:41:23 2018 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sun Jan  7 21:41:23 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d79ad35

sys-firmware/intel-microcode: amd64 stable wrt bug #643794

Package-Manager: Portage-2.3.13, Repoman-2.3.3
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 .../intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
index a72525d1f3f..fa5018ade9c 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
@@ -17,7 +17,7 @@ SRC_URI="mirror://gentoo/microcode-${PV}-r1.tgz
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 ~x86"
 IUSE="initramfs +split-ucode"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Agostino Sarubbo]

commit:     7e535f932ab4fc315728706ad091286fa376065b
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sun Jan  7 21:41:50 2018 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sun Jan  7 21:41:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e535f93

sys-firmware/intel-microcode: x86 stable wrt bug #643794

Package-Manager: Portage-2.3.13, Repoman-2.3.3
RepoMan-Options: --include-arches="x86"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 .../intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
index fa5018ade9c..dd7ca58108a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215-r1.ebuild
@@ -17,7 +17,7 @@ SRC_URI="mirror://gentoo/microcode-${PV}-r1.tgz
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs +split-ucode"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     03040571481e27e7176bf21dcc072bde7e24918f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 10 00:45:32 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 10 00:45:32 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03040571

sys-firmware/intel-microcode: Bump to v20180108

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20180108.ebuild                | 48 ++++++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 27d1b399f22..fd559a8df6f 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -11,3 +11,4 @@ DIST microcode-20170707.tgz 2908882 BLAKE2B 545d94ee9292d1ba730932f11660d0e0378b
 DIST microcode-20171117.tgz 3594762 BLAKE2B 7a02c28ec6b9b22a367f8fd7d59f244d0195fef3b256fa2542bca734026e869fdefc7b368a230e94ac0554473d18d1b80aa00511ad4ab6580279f512a106c17d SHA512 b1f09dd7bb04c00e456e34bf42bf786c780aba6d2ef3231a45769216a093876e9bb15123c82ddb7d8ef5426fe10b946509f363770af3b4eba16ba76043a064b4
 DIST microcode-20171117_p20171215-r1.tgz 1477015 BLAKE2B 3911aed3bbbd350be69a99bc855cdec6e8dc2a77f64c4d3a6c1aa24455d5c97eb1c03917eddb4cac2018f6da20a1751cc819a5f27f866f64fc56c7279b5ca40f SHA512 05466e16f9778a3ab148fa5485cd605bca7990067040aa9133ec4c3c1b007519cb260fe8811b44df1192ca0e84237f00d7afccfa11103f3dd4a99c08c692ecb0
 DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293
+DIST microcode-20180108.tgz 3676678 BLAKE2B 197e0188e516a3071be9e2e7a6261d78208613db8b746c7df533ce37884197dbd06a4e6ab027cbddba38903f590130f2d974e46da8fbab0613561523653460ab SHA512 f4010d83353948df27beeb804ef11e4f019f63397a4936f9d139e2842f7944d1ae864b9376987eaffc7db5b97201d5de2f4c1d7cc6b0f545ae15ec53a61fce2b

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180108.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180108.ebuild
new file mode 100644
index 00000000000..968efe5324a
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180108.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27431"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs monolithic +split-ucode"
+REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_unpack() {
+	default
+	cp "${FILESDIR}"/intel-microcode2ucode.c-r1 ./intel-microcode2ucode.c || die
+}
+
+src_compile() {
+	if use initramfs ; then
+		iucode_tool --write-earlyfw=microcode.cpio microcode.dat || die
+	fi
+
+	if use split-ucode ; then
+		tc-env_build emake intel-microcode2ucode
+		./intel-microcode2ucode microcode.dat || die
+	fi
+}
+
+src_install() {
+	insinto /lib/firmware
+	use initramfs && doins microcode.cpio
+	use monolithic && doins microcode.dat
+	use split-ucode && doins -r intel-ucode
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     bf652b623e97c17f90c2abede9a247a64b7857a0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 10 00:46:22 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jan 10 00:46:22 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf652b62

sys-firmware/intel-microcode: amd64/x86 stable

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 sys-firmware/intel-microcode/intel-microcode-20180108.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180108.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180108.ebuild
index 968efe5324a..ac2bcc44f59 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180108.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180108.ebuild
@@ -15,7 +15,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs monolithic +split-ucode"
 REQUIRED_USE="|| ( initramfs monolithic split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Robin H. Johnson]

commit:     de233b906ee278949e0e140d42d44f087f76d395
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 10 21:57:09 2018 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Wed Jan 10 22:13:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de233b90

sys-firmware/intel-microcode: rewrite to use iucode_tool.

- Use the Intel upstream 'iucode_tool' to process all of the input
  microcode, from both the text-format microcode.dat file and other
  inputs, then generate a clean set of split outputs & optionally also
  initramfs output.
- Allows easy inclusion of any future split-ucode releases for single
  CPUs.
- No longer uses intel-microcode2ucode.c from $FILESDIR.
- Expert users can use the new MICROCODE_SIGNATURES variable to install
  only a subset of microcodes on their system, as requested by bug
  643786.
- Avoids accidently bloated split-ucode files per bug #644100.
- USE=monolithic is no longer supported, please see iucode_tool for any
  fallback.
- USE=initramfs now writes to /boot/intel-uc.img (8.3-safe naming).

Fixes: https://bugs.gentoo.org/643786
Fixes: https://bugs.gentoo.org/644100
Package-Manager: Portage-2.3.16, Repoman-2.3.6
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 .../intel-microcode-20180108-r1.ebuild             | 78 ++++++++++++++++++++++
 1 file changed, 78 insertions(+)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
new file mode 100644
index 00000000000..60ae099579f
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
@@ -0,0 +1,78 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27431"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs +split-ucode"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+# TODO: 
+# Blacklist bad microcode here.
+DEFAULT_MICROCODE_SIGNATURES=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then
+		ewarn "MICROCODE_SIGNATURES is set!"
+		ewarn "The user has decided to install only a SUBSET of microcode."
+	fi
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/microcode.dat
+		"${S}"/intel-ucode/
+	)
+	opts=(
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location:
+	use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Gilbert]

commit:     9ca352ad2ecb9d3d1bed481ad6358f3cc4a2c717
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 12 18:22:18 2018 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Jan 12 18:53:28 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ca352ad

sys-firmware/intel-microcode: skip mount-boot phases when initramfs is disabled

Package-Manager: Portage-2.3.19_p11, Repoman-2.3.6_p45

 .../intel-microcode/intel-microcode-20180108-r1.ebuild  | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
index 60ae099579f..c8e8544f588 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
@@ -40,6 +40,7 @@ pkg_pretend() {
 		ewarn "MICROCODE_SIGNATURES is set!"
 		ewarn "The user has decided to install only a SUBSET of microcode."
 	fi
+	use initramfs && mount-boot_pkg_pretend
 }
 
 src_install() {
@@ -76,3 +77,19 @@ src_install() {
 
 	dodoc releasenote
 }
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     1865af882c69a7384f1e71f36187b8a5500beb5e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 12 14:35:55 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jan 12 19:26:10 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1865af88

sys-firmware/intel-microcode: amd64/x86 stable

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
index c8e8544f588..a62d44a6a6f 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs +split-ucode"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     51d07a0f5c5db7a9b8ea9a449e551c7f7408ad80
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  7 03:18:40 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Feb  7 03:24:55 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51d07a0f

sys-firmware/intel-microcode: Rev bump to update ebuild code

Ebuild uses microcodes from 2017-11-17 but ebuild code changes
from recent ebuilds were backported.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 .../intel-microcode-20171117-r1.ebuild             | 95 ++++++++++++++++++++++
 1 file changed, 95 insertions(+)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
new file mode 100644
index 00000000000..f58fcaea14a
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27337"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs +split-ucode"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+# TODO: 
+# Blacklist bad microcode here.
+DEFAULT_MICROCODE_SIGNATURES=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then
+		ewarn "MICROCODE_SIGNATURES is set!"
+		ewarn "The user has decided to install only a SUBSET of microcode."
+	fi
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/microcode.dat
+		"${S}"/intel-ucode/
+	)
+	opts=(
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location:
+	use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     fcd864d2747ca7d8269a059dae2755f071ed1fe6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  7 03:19:20 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Feb  7 03:24:56 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd864d2

sys-firmware/intel-microcode: x86 & amd64 stable

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
index f58fcaea14a..17e267c7816 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
@@ -15,7 +15,7 @@ SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs +split-ucode"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     44463f5687ccb455e18b31161ba87276ae28bffe
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 14 11:02:31 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Mar 14 11:02:46 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44463f56

sys-firmware/intel-microcode: Bump to v20180312

Closes: https://bugs.gentoo.org/650428
Package-Manager: Portage-2.3.24, Repoman-2.3.6

 sys-firmware/intel-microcode/Manifest              |  1 +
 .../intel-microcode-20180312.ebuild                | 95 ++++++++++++++++++++++
 2 files changed, 96 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index fd559a8df6f..c6a73a98102 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -12,3 +12,4 @@ DIST microcode-20171117.tgz 3594762 BLAKE2B 7a02c28ec6b9b22a367f8fd7d59f244d0195
 DIST microcode-20171117_p20171215-r1.tgz 1477015 BLAKE2B 3911aed3bbbd350be69a99bc855cdec6e8dc2a77f64c4d3a6c1aa24455d5c97eb1c03917eddb4cac2018f6da20a1751cc819a5f27f866f64fc56c7279b5ca40f SHA512 05466e16f9778a3ab148fa5485cd605bca7990067040aa9133ec4c3c1b007519cb260fe8811b44df1192ca0e84237f00d7afccfa11103f3dd4a99c08c692ecb0
 DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293
 DIST microcode-20180108.tgz 3676678 BLAKE2B 197e0188e516a3071be9e2e7a6261d78208613db8b746c7df533ce37884197dbd06a4e6ab027cbddba38903f590130f2d974e46da8fbab0613561523653460ab SHA512 f4010d83353948df27beeb804ef11e4f019f63397a4936f9d139e2842f7944d1ae864b9376987eaffc7db5b97201d5de2f4c1d7cc6b0f545ae15ec53a61fce2b
+DIST microcode-20180312.tgz 3789662 BLAKE2B e948d74833fe75b9bbdff1e4676f5d49a13bdd06aa6525c39be3448b822203947a5f55515484401ee0c96e8ade19ea580718949bed65883d983509661a16e637 SHA512 cc2cabf6d12c83b65eeb30fca7eb0b503e037dbee3d7ce9cb307b02ed8ac9426b2bafc2c1f1281dddff0945f8308f0d3cd320edea4596551354188d64760b854

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
new file mode 100644
index 00000000000..a116ed40850
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27591"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs +split-ucode"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+# TODO: 
+# Blacklist bad microcode here.
+DEFAULT_MICROCODE_SIGNATURES=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then
+		ewarn "MICROCODE_SIGNATURES is set!"
+		ewarn "The user has decided to install only a SUBSET of microcode."
+	fi
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/microcode.dat
+		"${S}"/intel-ucode/
+	)
+	opts=(
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location:
+	use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     c2b536582a646cc979e7ac4eb78be60b3cf21341
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 15 14:12:45 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Mar 15 14:13:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2b53658

sys-firmware/intel-microcode: amd64 and x86 stable

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 sys-firmware/intel-microcode/intel-microcode-20180312.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
index a116ed40850..3ecd66eb44d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="initramfs +split-ucode"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Aaron Bauman]

commit:     df1e5e22d87323cba6a56543856364b9f5046979
Author:     Marty E. Plummer <hanetzer <AT> startmail <DOT> com>
AuthorDate: Tue Apr 10 23:54:45 2018 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Fri Apr 13 23:21:22 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df1e5e22

sys-firmware/intel-microcode: remove trailing whitespace

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20180312.ebuild    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
index 17e267c7816..368cbee79e5 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117-r1.ebuild
@@ -24,7 +24,7 @@ RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
 
 S=${WORKDIR}
 
-# TODO: 
+# TODO:
 # Blacklist bad microcode here.
 DEFAULT_MICROCODE_SIGNATURES=""
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
index a62d44a6a6f..1d106fb3d7c 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180108-r1.ebuild
@@ -24,7 +24,7 @@ RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
 
 S=${WORKDIR}
 
-# TODO: 
+# TODO:
 # Blacklist bad microcode here.
 DEFAULT_MICROCODE_SIGNATURES=""
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
index 3ecd66eb44d..a71b4d9fd8b 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180312.ebuild
@@ -24,7 +24,7 @@ RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
 
 S=${WORKDIR}
 
-# TODO: 
+# TODO:
 # Blacklist bad microcode here.
 DEFAULT_MICROCODE_SIGNATURES=""
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     eb9036f6f998c91c6bc021f73bc10ca1b5240ae7
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed May 23 18:02:28 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed May 23 18:24:36 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb9036f6

sys-firmware/intel-microcode: Bump

Ebuild changes:
===============
- Based on Intel's microcode tarball from 2018-04-25.

- Added 210+ additional microcode updates (for production, no beta release!),
  which are signed by Intel and publicly available but are not distributed
  via Intel's microcode tarball for marketing/product phase out reasons.
  You can prevent the usage of these microcode updates and stick with
  content from Intel's official release tarball via new "vanilla"
  USE flag.

- Blacklisted microcode 0x000604f1 aka 06-4f-01 aka CPUID 406F1 which
  requires a newer microcode loader in kernel which is only available
  in kernel >=4.14.34.
  It is blacklisted because loading via older loader could crash the
  system. A news item with instructions will follow.

Closes: https://github.com/gentoo/gentoo/pull/8532
Bug: https://bugs.gentoo.org/654638
Package-Manager: Portage-2.3.38, Repoman-2.3.9

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20180426.ebuild                | 129 +++++++++++++++++++++
 sys-firmware/intel-microcode/metadata.xml          |   1 +
 3 files changed, 132 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index c6a73a98102..0a0431030f7 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,4 @@
+DIST intel-microcode-collection-20180426.tar.xz 4155132 BLAKE2B 222c48ba0123887b4ae299e0acc4696512dc1c7528f1b735dd79b2d2f0bf6d988d061e773fb3949b2ab9ddcb69e4224ddb431ccda1c4b329ca37e9409ca60380 SHA512 038d43cd698183baa14b14f1b05e76c93386568494b2621e49338cf3c02fd0e663284ca864a50b3df4188bde5669bf4794cdcf7f4a287dcd42efbb8717809990
 DIST microcode-20140430.tgz 785594 BLAKE2B e51a187ca99ad496804f117871b50693b03b50759c9dd23002149ff7fa4b74888c83e8e1fcf078a973dea82e6a9439de8415c56c902ed0163e55ceaaff0eaf23 SHA512 12954522629ce15c4b95c158b6288b3877a3d1f87bea838f8138e53987ef1b6c0edc7a8cbb802a981ccca178b70b4323907aafa7479c0c2fed4497f6fb7bbc1c
 DIST microcode-20140624.tgz 787237 BLAKE2B 1c2d8f39bf142570283e80f370f41c502ef04d24b4348ca4b44c881e3b1e54df72a88e09350d45a33d47d9955d84a80ae8a11e44561b1a8944a59f9326d4d81a SHA512 c774006aae639e7fae90bc1f5d8308b407e7cd3b7d0da6e35577560bf6201c2b15f7d7b6b0cd727c50be1e9d508b484b067856631fa2598498982109bff0e44c
 DIST microcode-20140913.tgz 830537 BLAKE2B 665c72fc3a3e1e13d9e58eba0ed202b30856532eee590006c02112df926b879985a97ba9a96b58a6aad0285bff95a3fbb27b22d533f958fe170887f0ab37eef1 SHA512 e179fe0001b1157cc95aee39185f51fd182d53c1bdb30bfc95bc3a70795c32012050f3a4adf06735a77d8ef9c703a330c6a2610b73b70f09f5760e31d39cb89c
@@ -13,3 +14,4 @@ DIST microcode-20171117_p20171215-r1.tgz 1477015 BLAKE2B 3911aed3bbbd350be69a99b
 DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293
 DIST microcode-20180108.tgz 3676678 BLAKE2B 197e0188e516a3071be9e2e7a6261d78208613db8b746c7df533ce37884197dbd06a4e6ab027cbddba38903f590130f2d974e46da8fbab0613561523653460ab SHA512 f4010d83353948df27beeb804ef11e4f019f63397a4936f9d139e2842f7944d1ae864b9376987eaffc7db5b97201d5de2f4c1d7cc6b0f545ae15ec53a61fce2b
 DIST microcode-20180312.tgz 3789662 BLAKE2B e948d74833fe75b9bbdff1e4676f5d49a13bdd06aa6525c39be3448b822203947a5f55515484401ee0c96e8ade19ea580718949bed65883d983509661a16e637 SHA512 cc2cabf6d12c83b65eeb30fca7eb0b503e037dbee3d7ce9cb307b02ed8ac9426b2bafc2c1f1281dddff0945f8308f0d3cd320edea4596551354188d64760b854
+DIST microcode-20180425.tgz 1565473 BLAKE2B 70e0a56f0f5f720e00ab18d6553bc221147589e83df34fdc0c130c6f74a239e48355bfe1845b1de919ed1bce9ade7b7db298883eb3de1d53732a694b15d76f62 SHA512 6cea53cc0f486891fb9ddffc1e03e8e0a6d1d91df6bfda81250b2c60714e7b4111caa9df5afa7f13d8144e591550ef7eb4fd1e153fc67fc904afb83ccc2e3bb0

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild
new file mode 100644
index 00000000000..648f16f204a
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild
@@ -0,0 +1,129 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="20180426"
+INTEL_SNAPSHOT="20180425"
+NUM="27776"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS=""
+IUSE="initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000604f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+DEFAULT_MICROCODE_SIGNATURES="-s !0x000604f1"
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then
+		ewarn "The user has opted in for advanced use:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${DEFAULT_MICROCODE_SIGNATURES}\"!"
+	fi
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location:
+	use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then
+		if kernel_is -lt 4 14 34; then
+			ewarn "${P} contains microcode updates which require"
+			ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+			ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+			ewarn "can crash your system!"
+			ewarn ""
+			ewarn "Those microcodes are blacklisted per default. However, you have altered"
+			ewarn "MICROCODE_SIGNATURES and maybe unintentionally re-enabled those microcodes."
+			ewarn ""
+			ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update"
+			ewarn "requires additional kernel patches or not."
+		fi
+	fi
+}

diff --git a/sys-firmware/intel-microcode/metadata.xml b/sys-firmware/intel-microcode/metadata.xml
index f8bcf6658dd..2d96b231657 100644
--- a/sys-firmware/intel-microcode/metadata.xml
+++ b/sys-firmware/intel-microcode/metadata.xml
@@ -9,5 +9,6 @@
 	<flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag>
 	<flag name="monolithic">install the large text microcode.dat (used by older kernels via microcode_ctl)</flag>
 	<flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag>
+	<flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag>
 </use>
 </pkgmetadata>

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     04384b5c8adb359c5a828ce1c34b4827122e917b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu May 24 12:29:59 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu May 24 12:30:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04384b5c

sys-firmware/intel-microcode: Split env var into MICROCODE_...

...{BLACKLIST,SIGNATURES}

Especially now, since we are shipping a lot of microcodes,
initramfs can become very large and users might want to install
only specific microcode updates for their processor via
MICROCODE_SIGNATURES="-S" option.

However, this would overwrite our default BLACKLIST.

To allow users to use "-S" option without the burden to manually
maintain a BLACKLIST, we introduced a new MICROCODE_BLACKLIST
environment variable to split things.

In addition, there was a typo is previous blacklisted
signature which was corrected to blacklist the correct microcode.

Bug: https://bugs.gentoo.org/654638
Package-Manager: Portage-2.3.38, Repoman-2.3.9

 ...6.ebuild => intel-microcode-20180426-r1.ebuild} | 49 ++++++++++++++--------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
similarity index 64%
rename from sys-firmware/intel-microcode/intel-microcode-20180426.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
index 648f16f204a..29a6958681d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
@@ -28,21 +28,30 @@ RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
 S=${WORKDIR}
 
 # Blacklist bad microcode here.
-# 0x000604f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-DEFAULT_MICROCODE_SIGNATURES="-s !0x000604f1"
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
 
 # Advanced users only:
 # merge with:
 # only current CPU: MICROCODE_SIGNATURES="-S"
 # only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
 
 pkg_pretend() {
-	if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
 		ewarn "The user has opted in for advanced use:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${DEFAULT_MICROCODE_SIGNATURES}\"!"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
 	fi
+
 	use initramfs && mount-boot_pkg_pretend
 }
 
@@ -70,6 +79,7 @@ src_install() {
 	fi
 
 	opts=(
+		${MICROCODE_BLACKLIST}
 		${MICROCODE_SIGNATURES}
 		# be strict about what we are doing
 		--overwrite
@@ -112,18 +122,21 @@ pkg_postrm() {
 pkg_postinst() {
 	use initramfs && mount-boot_pkg_postinst
 
-	if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then
-		if kernel_is -lt 4 14 34; then
-			ewarn "${P} contains microcode updates which require"
-			ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-			ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-			ewarn "can crash your system!"
-			ewarn ""
-			ewarn "Those microcodes are blacklisted per default. However, you have altered"
-			ewarn "MICROCODE_SIGNATURES and maybe unintentionally re-enabled those microcodes."
-			ewarn ""
-			ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update"
-			ewarn "requires additional kernel patches or not."
-		fi
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update"
+		ewarn "requires additional kernel patches or not."
 	fi
 }

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     3eacfe4274c5d0c8a69911df89525324697c6328
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 29 23:14:42 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 29 23:15:11 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3eacfe42

sys-firmware/intel-microcode: Add "minimal" USE flag

Due to previous change (commit eb9036f6f998c91c6bc021f73bc10ca1b5240ae7),
this package can become very large (or the resulting initramfs).

While the already introduced environment variable "MICROCODE_SIGNATURES" is
allowing you to set iucode_tool's "--scan-system" parameter to only
install ucode(s) supported by the currently available (=online) processor(s),
this doesn't work for binary package user(s).

The now added "minimal" USE flag (enabled by default) will set "--scan-system"
parameter for you. This will still allow you to select/blacklist ucode(s)
for all your hosts on your central build host using the "MICROCODE_SIGNATURES"
variable like before while giving each host the opportunity to only install
really supported ucode(s) which will reduces the file size of the resulting
initramfs.

Bug: https://bugs.gentoo.org/654638
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 ...1.ebuild => intel-microcode-20180426-r2.ebuild} | 58 ++++++++++++++++++++--
 sys-firmware/intel-microcode/metadata.xml          |  1 +
 2 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
similarity index 70%
rename from sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
index 29a6958681d..b39f2be9bd8 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
@@ -19,11 +19,14 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 LICENSE="intel-ucode"
 SLOT="0"
 KEYWORDS=""
-IUSE="initramfs +split-ucode vanilla"
+IUSE="initramfs +minimal +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 
 DEPEND="sys-apps/iucode_tool"
-RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	minimal? ( sys-apps/iucode_tool )"
 
 S=${WORKDIR}
 
@@ -96,8 +99,9 @@ src_install() {
 	# The earlyfw cpio needs to be in /boot because it must be loaded before
 	# rootfs is mounted.
 	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location:
-	use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst):
+	dodir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
 
 	iucode_tool \
 		"${opts[@]}" \
@@ -109,6 +113,45 @@ src_install() {
 
 pkg_preinst() {
 	use initramfs && mount-boot_pkg_preinst
+
+	if use minimal; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=minimal ..."
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware/intel-ucode
+			mv "${ED%/}"/tmp/intel-ucode "${ED%/}"/lib/firmware/intel-ucode || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk
+	rm -r "${ED%/}"/tmp || die "Failed to cleanup '"${ED%/}"/tmp'"
 }
 
 pkg_prerm() {
@@ -122,6 +165,13 @@ pkg_postrm() {
 pkg_postinst() {
 	use initramfs && mount-boot_pkg_postinst
 
+	if use minimal; then
+		elog "You only installed ucodes for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	fi
+
 	# We cannot give detailed information if user is affected or not:
 	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
 	# to to force a specific, otherwise blacklisted, microcode. So we

diff --git a/sys-firmware/intel-microcode/metadata.xml b/sys-firmware/intel-microcode/metadata.xml
index 2d96b231657..593b3a92123 100644
--- a/sys-firmware/intel-microcode/metadata.xml
+++ b/sys-firmware/intel-microcode/metadata.xml
@@ -7,6 +7,7 @@
 </maintainer>
 <use>
 	<flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag>
+	<flag name="minimal">only install ucode(s) supported by currently available (=online) processor(s)</flag>
 	<flag name="monolithic">install the large text microcode.dat (used by older kernels via microcode_ctl)</flag>
 	<flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag>
 	<flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag>

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     eceea24ea15577653794e5adff4509297b58f186
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 29 23:18:22 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 29 23:18:22 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eceea24e

sys-firmware/intel-microcode: Fix die message

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
index b39f2be9bd8..decbae0ff43 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
@@ -151,7 +151,7 @@ pkg_preinst() {
 
 	# Cleanup any temporary leftovers so that we don't merge any
 	# unneeded files on disk
-	rm -r "${ED%/}"/tmp || die "Failed to cleanup '"${ED%/}"/tmp'"
+	rm -r "${ED%/}"/tmp || die "Failed to cleanup '${ED%/}/tmp'"
 }
 
 pkg_prerm() {

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     8c9da1ab3f5a74c3724cdfeb383006eb603aa65d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed May 30 12:56:38 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed May 30 12:56:57 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c9da1ab

sys-firmware/intel-microcode: bump

Removed microcodes (due to updates):
- sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
- sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304

Added microcodes:
- sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
- sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
- sig 0x000906ec, pf_mask 0x22, 2018-02-19, rev 0x0084, size 96256

Closes: https://bugs.gentoo.org/654638
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-firmware/intel-microcode/Manifest                                 | 2 +-
 ...l-microcode-20180426-r2.ebuild => intel-microcode-20180527.ebuild} | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 0a0431030f7..974d7bb4c0f 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,4 @@
-DIST intel-microcode-collection-20180426.tar.xz 4155132 BLAKE2B 222c48ba0123887b4ae299e0acc4696512dc1c7528f1b735dd79b2d2f0bf6d988d061e773fb3949b2ab9ddcb69e4224ddb431ccda1c4b329ca37e9409ca60380 SHA512 038d43cd698183baa14b14f1b05e76c93386568494b2621e49338cf3c02fd0e663284ca864a50b3df4188bde5669bf4794cdcf7f4a287dcd42efbb8717809990
+DIST intel-microcode-collection-20180527.tar.xz 4315096 BLAKE2B 2ab4fe3d8469d98bc890e7f1347e4da442d814e945253e2c400a0ba954925f6c622d259711a9ce89a2d013365c65b002e24e182afc5c53ebd4e14828b2f5631e SHA512 45e46905156a0b4d8b272760d84030651a034feaf2afbc564f99fff89303457c0d7d694f174de5abed666d5107f2f7db93c04acd3cc36a77b1cf1a0495584b1c
 DIST microcode-20140430.tgz 785594 BLAKE2B e51a187ca99ad496804f117871b50693b03b50759c9dd23002149ff7fa4b74888c83e8e1fcf078a973dea82e6a9439de8415c56c902ed0163e55ceaaff0eaf23 SHA512 12954522629ce15c4b95c158b6288b3877a3d1f87bea838f8138e53987ef1b6c0edc7a8cbb802a981ccca178b70b4323907aafa7479c0c2fed4497f6fb7bbc1c
 DIST microcode-20140624.tgz 787237 BLAKE2B 1c2d8f39bf142570283e80f370f41c502ef04d24b4348ca4b44c881e3b1e54df72a88e09350d45a33d47d9955d84a80ae8a11e44561b1a8944a59f9326d4d81a SHA512 c774006aae639e7fae90bc1f5d8308b407e7cd3b7d0da6e35577560bf6201c2b15f7d7b6b0cd727c50be1e9d508b484b067856631fa2598498982109bff0e44c
 DIST microcode-20140913.tgz 830537 BLAKE2B 665c72fc3a3e1e13d9e58eba0ed202b30856532eee590006c02112df926b879985a97ba9a96b58a6aad0285bff95a3fbb27b22d533f958fe170887f0ab37eef1 SHA512 e179fe0001b1157cc95aee39185f51fd182d53c1bdb30bfc95bc3a70795c32012050f3a4adf06735a77d8ef9c703a330c6a2610b73b70f09f5760e31d39cb89c

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180527.ebuild
similarity index 99%
rename from sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180527.ebuild
index decbae0ff43..a439501ae4b 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180426-r2.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180527.ebuild
@@ -8,7 +8,7 @@ inherit linux-info toolchain-funcs mount-boot
 # Find updates by searching and clicking the first link (hopefully it's the one):
 # http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
 
-COLLECTION_SNAPSHOT="20180426"
+COLLECTION_SNAPSHOT="20180527"
 INTEL_SNAPSHOT="20180425"
 NUM="27776"
 DESCRIPTION="Intel IA32/IA64 microcode update data"
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS=""
+KEYWORDS="-* ~amd64 ~x86"
 IUSE="initramfs +minimal +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     8edea0b06510066c10fef7270d196b5ec1e6d056
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed May 30 22:18:55 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed May 30 22:41:18 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8edea0b0

sys-firmware/intel-microcode: rev bump to address QA problem

- We now install splitted ucode(s) into the correct directory.

- Fixed an issue when emerge failed when no microcode was selected.

- "minimal" USE flag was renamed to "hostonly" and disabled per
  default to avoid confusion.

- Additional sanity checks were added to show a warning if no
  microcode update was installed (can be the case when user
  set "hostonly" USE flag or uses MICROCODE_SIGNATURES environment
  variable).

Closes: https://bugs.gentoo.org/654638
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 ...7.ebuild => intel-microcode-20180527-r1.ebuild} | 42 ++++++++++++++++------
 sys-firmware/intel-microcode/metadata.xml          |  2 +-
 2 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180527.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
similarity index 79%
rename from sys-firmware/intel-microcode/intel-microcode-20180527.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
index a439501ae4b..f8b64c6ca86 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180527.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
@@ -19,14 +19,14 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 LICENSE="intel-ucode"
 SLOT="0"
 KEYWORDS="-* ~amd64 ~x86"
-IUSE="initramfs +minimal +split-ucode vanilla"
+IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 
 DEPEND="sys-apps/iucode_tool"
 
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
-	minimal? ( sys-apps/iucode_tool )"
+	hostonly? ( sys-apps/iucode_tool )"
 
 S=${WORKDIR}
 
@@ -100,8 +100,9 @@ src_install() {
 	# rootfs is mounted.
 	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
 	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst):
-	dodir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
 
 	iucode_tool \
 		"${opts[@]}" \
@@ -114,8 +115,8 @@ src_install() {
 pkg_preinst() {
 	use initramfs && mount-boot_pkg_preinst
 
-	if use minimal; then
-		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=minimal ..."
+	if use hostonly; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
 		opts=(
 			--scan-system
 			# be strict about what we are doing
@@ -144,14 +145,14 @@ pkg_preinst() {
 	else
 		if use split-ucode; then
 			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware/intel-ucode
-			mv "${ED%/}"/tmp/intel-ucode "${ED%/}"/lib/firmware/intel-ucode || die "Failed to install splitted ucodes!"
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
 		fi
 	fi
 
 	# Cleanup any temporary leftovers so that we don't merge any
 	# unneeded files on disk
-	rm -r "${ED%/}"/tmp || die "Failed to cleanup '${ED%/}/tmp'"
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
 }
 
 pkg_prerm() {
@@ -165,11 +166,30 @@ pkg_postrm() {
 pkg_postinst() {
 	use initramfs && mount-boot_pkg_postinst
 
-	if use minimal; then
-		elog "You only installed ucodes for all currently available (=online)"
+	local _has_installed_something=
+	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
 		elog "processor(s). Remember to re-emerge this package whenever you"
 		elog "change the system's processor model."
 		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		ewarn "No ucode was installed! You can ignore this warning if there"
+		ewarn "aren't any microcode updates available for your processor(s)."
+		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
+		ewarn "if you have an invalid select."
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
 	fi
 
 	# We cannot give detailed information if user is affected or not:

diff --git a/sys-firmware/intel-microcode/metadata.xml b/sys-firmware/intel-microcode/metadata.xml
index 593b3a92123..6708ec7d79d 100644
--- a/sys-firmware/intel-microcode/metadata.xml
+++ b/sys-firmware/intel-microcode/metadata.xml
@@ -7,7 +7,7 @@
 </maintainer>
 <use>
 	<flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag>
-	<flag name="minimal">only install ucode(s) supported by currently available (=online) processor(s)</flag>
+	<flag name="hostonly">only install ucode(s) supported by currently available (=online) processor(s)</flag>
 	<flag name="monolithic">install the large text microcode.dat (used by older kernels via microcode_ctl)</flag>
 	<flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag>
 	<flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag>

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     7814f72ca87761f52b7512e1966fbf1fb9a66198
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  2 10:26:32 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Jun  2 10:26:32 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7814f72c

sys-firmware/intel-microcode: Fix suggested path to release notes

Closes: https://bugs.gentoo.org/657100
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
index f8b64c6ca86..53450c16d44 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
@@ -206,7 +206,7 @@ pkg_postinst() {
 		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
 		ewarn "re-enabled those microcodes...!"
 		ewarn ""
-		ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update"
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
 		ewarn "requires additional kernel patches or not."
 	fi
 }

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     721bf858fc436f9f0139f9410be5eda1e4bc63e6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  7 00:02:16 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Jun  7 00:02:16 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=721bf858

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
index 53450c16d44..27b8f2ad168 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180527-r1.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     68d124161bec139259a9452cf44fdf095710317c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 19 13:45:31 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun 19 13:46:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d12416

sys-firmware/intel-microcode: bump

- New Microcodes:

  sig 0x000806eb, pf_mask 0xc0, 2018-02-11, rev 0x0084

- Updated Microcodes:

  sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024    -> 2018-04-02, rev 0x0025
  sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713    -> 2018-04-25, rev 0x0714
  sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c    -> 2018-04-20, rev 0x003d
  sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011    -> 2018-04-20, rev 0x0012
  sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019    -> 2018-04-02, rev 0x001a
  sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2    -> 2018-04-17, rev 0x00c6
  sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c -> 2018-04-19, rev 0xb00002e
  sig 0x00050654, pf_mask 0xb7, 2018-03-27, rev 0x2000049 -> 2018-05-15, rev 0x200004d
  sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2    -> 2018-04-17, rev 0x00c6
  sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084    -> 2018-05-15, rev 0x0096
  sig 0x000906ea, pf_mask 0x22, 2018-04-26, rev 0x0094    -> 2018-05-02, rev 0x0096
  sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084    -> 2018-03-24, rev 0x008e

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180616.ebuild                | 212 +++++++++++++++++++++
 2 files changed, 213 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 974d7bb4c0f..daaca6ae13f 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,5 @@
 DIST intel-microcode-collection-20180527.tar.xz 4315096 BLAKE2B 2ab4fe3d8469d98bc890e7f1347e4da442d814e945253e2c400a0ba954925f6c622d259711a9ce89a2d013365c65b002e24e182afc5c53ebd4e14828b2f5631e SHA512 45e46905156a0b4d8b272760d84030651a034feaf2afbc564f99fff89303457c0d7d694f174de5abed666d5107f2f7db93c04acd3cc36a77b1cf1a0495584b1c
+DIST intel-microcode-collection-20180616.tar.xz 4413444 BLAKE2B 4ba5371914f64c8a7261720512dff128f83cc25950a4bdf8d41e9eeb724c6d3150212b1a7f2ee966a2b9c835a2622ac885625fada497ec2bc0aa3c435a2968e8 SHA512 5c0cd4e764397f8c2593153256d573db8f57cce1fc062f5e687a108e5a430c7ed506f63d0d324ea2b88cc8bf8762d3fec507252ee9890c55bb9d3b5604151afe
 DIST microcode-20140430.tgz 785594 BLAKE2B e51a187ca99ad496804f117871b50693b03b50759c9dd23002149ff7fa4b74888c83e8e1fcf078a973dea82e6a9439de8415c56c902ed0163e55ceaaff0eaf23 SHA512 12954522629ce15c4b95c158b6288b3877a3d1f87bea838f8138e53987ef1b6c0edc7a8cbb802a981ccca178b70b4323907aafa7479c0c2fed4497f6fb7bbc1c
 DIST microcode-20140624.tgz 787237 BLAKE2B 1c2d8f39bf142570283e80f370f41c502ef04d24b4348ca4b44c881e3b1e54df72a88e09350d45a33d47d9955d84a80ae8a11e44561b1a8944a59f9326d4d81a SHA512 c774006aae639e7fae90bc1f5d8308b407e7cd3b7d0da6e35577560bf6201c2b15f7d7b6b0cd727c50be1e9d508b484b067856631fa2598498982109bff0e44c
 DIST microcode-20140913.tgz 830537 BLAKE2B 665c72fc3a3e1e13d9e58eba0ed202b30856532eee590006c02112df926b879985a97ba9a96b58a6aad0285bff95a3fbb27b22d533f958fe170887f0ab37eef1 SHA512 e179fe0001b1157cc95aee39185f51fd182d53c1bdb30bfc95bc3a70795c32012050f3a4adf06735a77d8ef9c703a330c6a2610b73b70f09f5760e31d39cb89c

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild
new file mode 100644
index 00000000000..4dbc0b6dd95
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild
@@ -0,0 +1,212 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="20180616"
+INTEL_SNAPSHOT="20180425"
+NUM="27776"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		ewarn "The user has opted in for advanced use:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+
+	if use hostonly; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+
+	local _has_installed_something=
+	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		ewarn "No ucode was installed! You can ignore this warning if there"
+		ewarn "aren't any microcode updates available for your processor(s)."
+		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
+		ewarn "if you have an invalid select."
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     4c6587af704029e05e621d63dce94db047bbd244
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 23 11:41:39 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Jun 23 11:46:25 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c6587af

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-firmware/intel-microcode/intel-microcode-20180616.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild
index 4dbc0b6dd95..66dbdc30dc6 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     23e31d7ae7cbf6495c98d585543e2034828878b6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Jul  6 01:03:44 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Jul  6 01:03:48 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23e31d7a

sys-firmware/intel-microcode: bump

First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640

- New Microcodes:

  sig 0x00050655, pf_mask 0xb7, 2018-03-14, rev 0x3000009

- Updated Microcodes:

  sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d    -> 2018-04-10, rev 0x002e
  sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c    -> 2018-05-08, rev 0x061d
  sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713    -> 2018-05-08, rev 0x0714
  sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f    -> 2018-04-10, rev 0x0020
  sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a    -> 2018-03-22, rev 0x002b
  sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c    -> 2018-04-25, rev 0x042d
  sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023    -> 2018-04-02, rev 0x0024
  sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d    -> 2018-04-03, rev 0x001e
  sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009 -> 2018-04-20, rev 0xe00000a
  sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e    -> 2018-05-11, rev 0x0032
  sig 0x00060662, pf_mask 0x80, 2017-09-27, rev 0x001a    -> 2017-11-29, rev 0x0022
  sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022    -> 2018-05-11, rev 0x0026

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20180703.ebuild                | 212 +++++++++++++++++++++
 2 files changed, 214 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 78f1666053d..591546218b2 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,4 @@
 DIST intel-microcode-collection-20180616.tar.xz 4413444 BLAKE2B 4ba5371914f64c8a7261720512dff128f83cc25950a4bdf8d41e9eeb724c6d3150212b1a7f2ee966a2b9c835a2622ac885625fada497ec2bc0aa3c435a2968e8 SHA512 5c0cd4e764397f8c2593153256d573db8f57cce1fc062f5e687a108e5a430c7ed506f63d0d324ea2b88cc8bf8762d3fec507252ee9890c55bb9d3b5604151afe
+DIST intel-microcode-collection-20180630.tar.xz 4456400 BLAKE2B 493229bb8ce65c62b4a894a219bd89e677a5908a774e1104389335f88fe27479de8e117bbd3b1c5bd1d9e70ed0f1c79ddba684357138dbb559141d48d5a3c456 SHA512 66a1217514c43dcc308cc1e9e4737041c48cad85cd846a9adaabd5885197ffffca3fef71c43ccdaaf25d10df747a3c3e837d95ae332d53961579e4bb3c1f0bed
 DIST microcode-20180425.tgz 1565473 BLAKE2B 70e0a56f0f5f720e00ab18d6553bc221147589e83df34fdc0c130c6f74a239e48355bfe1845b1de919ed1bce9ade7b7db298883eb3de1d53732a694b15d76f62 SHA512 6cea53cc0f486891fb9ddffc1e03e8e0a6d1d91df6bfda81250b2c60714e7b4111caa9df5afa7f13d8144e591550ef7eb4fd1e153fc67fc904afb83ccc2e3bb0
+DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild
new file mode 100644
index 00000000000..a9113dcbc00
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild
@@ -0,0 +1,212 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="20180630"
+INTEL_SNAPSHOT="20180703"
+NUM="27945"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		ewarn "The user has opted in for advanced use:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+
+	if use hostonly; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+
+	local _has_installed_something=
+	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		ewarn "No ucode was installed! You can ignore this warning if there"
+		ewarn "aren't any microcode updates available for your processor(s)."
+		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
+		ewarn "if you have an invalid select."
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     8ffa3b173aa5c9e6193764c1aa18003fc16e5a94
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul  8 21:51:50 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul  8 21:51:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ffa3b17

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.41, Repoman-2.3.9

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20180616.ebuild                | 212 ---------------------
 2 files changed, 214 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 591546218b2..a473005982d 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,2 @@
-DIST intel-microcode-collection-20180616.tar.xz 4413444 BLAKE2B 4ba5371914f64c8a7261720512dff128f83cc25950a4bdf8d41e9eeb724c6d3150212b1a7f2ee966a2b9c835a2622ac885625fada497ec2bc0aa3c435a2968e8 SHA512 5c0cd4e764397f8c2593153256d573db8f57cce1fc062f5e687a108e5a430c7ed506f63d0d324ea2b88cc8bf8762d3fec507252ee9890c55bb9d3b5604151afe
 DIST intel-microcode-collection-20180630.tar.xz 4456400 BLAKE2B 493229bb8ce65c62b4a894a219bd89e677a5908a774e1104389335f88fe27479de8e117bbd3b1c5bd1d9e70ed0f1c79ddba684357138dbb559141d48d5a3c456 SHA512 66a1217514c43dcc308cc1e9e4737041c48cad85cd846a9adaabd5885197ffffca3fef71c43ccdaaf25d10df747a3c3e837d95ae332d53961579e4bb3c1f0bed
-DIST microcode-20180425.tgz 1565473 BLAKE2B 70e0a56f0f5f720e00ab18d6553bc221147589e83df34fdc0c130c6f74a239e48355bfe1845b1de919ed1bce9ade7b7db298883eb3de1d53732a694b15d76f62 SHA512 6cea53cc0f486891fb9ddffc1e03e8e0a6d1d91df6bfda81250b2c60714e7b4111caa9df5afa7f13d8144e591550ef7eb4fd1e153fc67fc904afb83ccc2e3bb0
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild
deleted file mode 100644
index 66dbdc30dc6..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180616.ebuild
+++ /dev/null
@@ -1,212 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="20180616"
-INTEL_SNAPSHOT="20180425"
-NUM="27776"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
-	hostonly? ( sys-apps/iucode_tool )"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		ewarn "The user has opted in for advanced use:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	use initramfs && mount-boot_pkg_preinst
-
-	if use hostonly; then
-		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	use initramfs && mount-boot_pkg_postinst
-
-	local _has_installed_something=
-	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		ewarn "No ucode was installed! You can ignore this warning if there"
-		ewarn "aren't any microcode updates available for your processor(s)."
-		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
-		ewarn "if you have an invalid select."
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     7021c4bafae0de2bf3fee8607af0d8bbaf69f325
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul  8 21:51:20 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul  8 21:51:20 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7021c4ba

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.41, Repoman-2.3.9

 sys-firmware/intel-microcode/intel-microcode-20180703.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild
index a9113dcbc00..e960379c77a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     93f6d2fc993ff62de3767a033e11c722d47fa824
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 22 16:23:44 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul 22 16:25:18 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93f6d2fc

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.43, Repoman-2.3.10

 sys-firmware/intel-microcode/intel-microcode-20180721.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild
index c434e235786..8daa2a2a29e 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e2f83e49c3c37879fdade64084bd1e7b09e24906
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 22 16:24:05 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul 22 16:25:20 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2f83e49

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.43, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180703.ebuild                | 212 ---------------------
 2 files changed, 213 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 0e5865d7bb8..499ca8ac55d 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20180630.tar.xz 4456400 BLAKE2B 493229bb8ce65c62b4a894a219bd89e677a5908a774e1104389335f88fe27479de8e117bbd3b1c5bd1d9e70ed0f1c79ddba684357138dbb559141d48d5a3c456 SHA512 66a1217514c43dcc308cc1e9e4737041c48cad85cd846a9adaabd5885197ffffca3fef71c43ccdaaf25d10df747a3c3e837d95ae332d53961579e4bb3c1f0bed
 DIST intel-microcode-collection-20180721.tar.xz 4460612 BLAKE2B a4af173f62d3f603812ed42751fd208bd9d6115b7a1349a978641c8a39824ffaf63e9b65c8bc14793664e68c69a4fcf4ea731b7f8b300bd750a04a4d3c991ec5 SHA512 2baebb2148a9c913723949b7fbde86808a0ad5e49faeb3a79fa2f3eb1f843777e74c049dc45a97b01485c8f091b87d779c626c7f20cc2940a1c422283d29abcf
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild
deleted file mode 100644
index e960379c77a..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild
+++ /dev/null
@@ -1,212 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="20180630"
-INTEL_SNAPSHOT="20180703"
-NUM="27945"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
-	hostonly? ( sys-apps/iucode_tool )"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		ewarn "The user has opted in for advanced use:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	use initramfs && mount-boot_pkg_preinst
-
-	if use hostonly; then
-		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	use initramfs && mount-boot_pkg_postinst
-
-	local _has_installed_something=
-	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		ewarn "No ucode was installed! You can ignore this warning if there"
-		ewarn "aren't any microcode updates available for your processor(s)."
-		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
-		ewarn "if you have an invalid select."
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     5ce32fc8d76bf0b0cc0c569f998d4c1283cc178d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 22 16:22:54 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul 22 16:25:16 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ce32fc8

sys-firmware/intel-microcode: bump

- Downgraded Microcodes:

  sig 0x000706a1, pf_mask 0x01, 2018-05-11, rev 0x0026 -> 2017-12-26, rev 0x0022

  "This MCU has been reverted to a previous version while Intel
  investigates a sighting related to this MCU. This error is currently
  under investigation and no workaround has been identified. Intel
  currently is recommending to stop deployment of version 0x26 and revert
  to the previous production version 0x22. Intel will provide an update on
  progress in 2 weeks." [Link 1]

- Updated Microcodes:

  sig 0x000106a5, pf_mask 0x03, 2018-01-24, rev 0x001c    -> 2018-05-11, rev 0x001d
  sig 0x000206c2, pf_mask 0x03, 2018-01-23, rev 0x001e    -> 2018-05-08, rev 0x001f
  sig 0x000206e6, pf_mask 0x04, 2018-01-18, rev 0x000c    -> 2018-05-15, rev 0x000d
  sig 0x000206f2, pf_mask 0x05, 2018-01-19, rev 0x003a    -> 2018-05-16, rev 0x003b
  sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015    -> 2018-05-25, rev 0x0017
  sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012 -> 2018-04-20, rev 0x7000013
  sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011 -> 2018-04-20, rev 0xf000012
  sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009 -> 2018-04-20, rev 0xe00000a
  sig 0x00060663, pf_mask 0x80, 2018-01-25, rev 0x0016    -> 2018-04-17, rev 0x002a
  sig 0x000806eb, pf_mask 0xc0, 2018-02-11, rev 0x0084    -> 2018-05-30, rev 0x0098
  sig 0x000906ec, pf_mask 0x22, 2018-02-19, rev 0x0084    -> 2018-05-08, rev 0x0096

Link 1: https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf
Package-Manager: Portage-2.3.43, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180721.ebuild                | 212 +++++++++++++++++++++
 2 files changed, 213 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index a473005982d..0e5865d7bb8 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20180630.tar.xz 4456400 BLAKE2B 493229bb8ce65c62b4a894a219bd89e677a5908a774e1104389335f88fe27479de8e117bbd3b1c5bd1d9e70ed0f1c79ddba684357138dbb559141d48d5a3c456 SHA512 66a1217514c43dcc308cc1e9e4737041c48cad85cd846a9adaabd5885197ffffca3fef71c43ccdaaf25d10df747a3c3e837d95ae332d53961579e4bb3c1f0bed
+DIST intel-microcode-collection-20180721.tar.xz 4460612 BLAKE2B a4af173f62d3f603812ed42751fd208bd9d6115b7a1349a978641c8a39824ffaf63e9b65c8bc14793664e68c69a4fcf4ea731b7f8b300bd750a04a4d3c991ec5 SHA512 2baebb2148a9c913723949b7fbde86808a0ad5e49faeb3a79fa2f3eb1f843777e74c049dc45a97b01485c8f091b87d779c626c7f20cc2940a1c422283d29abcf
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild
new file mode 100644
index 00000000000..c434e235786
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild
@@ -0,0 +1,212 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="20180721"
+INTEL_SNAPSHOT="20180703"
+NUM="27945"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		ewarn "The user has opted in for advanced use:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+
+	if use hostonly; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+
+	local _has_installed_something=
+	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		ewarn "No ucode was installed! You can ignore this warning if there"
+		ewarn "aren't any microcode updates available for your processor(s)."
+		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
+		ewarn "if you have an invalid select."
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e04fb4f71bf0f6f53b9c53670aa7ede82e65c077
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 24 12:31:06 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jul 24 12:31:33 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e04fb4f7

sys-firmware/intel-microcode: Add RESTRICT="binchecks strip"

Package-Manager: Portage-2.3.43, Repoman-2.3.10
RepoMan-Options: --force

 ...tel-microcode-20180721.ebuild => intel-microcode-20180721-r1.ebuild} | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180721-r1.ebuild
similarity index 99%
rename from sys-firmware/intel-microcode/intel-microcode-20180721.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180721-r1.ebuild
index 8daa2a2a29e..bf6650c07c5 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180721.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180721-r1.ebuild
@@ -28,6 +28,8 @@ DEPEND="sys-apps/iucode_tool"
 RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
 	hostonly? ( sys-apps/iucode_tool )"
 
+RESTRICT="binchecks strip"
+
 S=${WORKDIR}
 
 # Blacklist bad microcode here.

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     8dc37a2d780e6ebef423c98f5a3c6d9a0924fb79
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 29 22:53:44 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul 29 22:53:44 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8dc37a2d

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/intel-microcode-20180728.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild
index 4ce3382d38e..f629e1b2b14 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     393f654b5b3af763416e275ac2f30c815a9a5ab4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 29 22:52:25 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul 29 22:52:30 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=393f654b

sys-firmware/intel-microcode: bump

- Updated Microcodes:

  sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140 -> 2018-04-20, rev 0x1000144

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180728.ebuild                | 214 +++++++++++++++++++++
 2 files changed, 215 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 499ca8ac55d..6ded7c9fe4a 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20180721.tar.xz 4460612 BLAKE2B a4af173f62d3f603812ed42751fd208bd9d6115b7a1349a978641c8a39824ffaf63e9b65c8bc14793664e68c69a4fcf4ea731b7f8b300bd750a04a4d3c991ec5 SHA512 2baebb2148a9c913723949b7fbde86808a0ad5e49faeb3a79fa2f3eb1f843777e74c049dc45a97b01485c8f091b87d779c626c7f20cc2940a1c422283d29abcf
+DIST intel-microcode-collection-20180728.tar.xz 4463372 BLAKE2B ae0f6fa46944cf159762c4b5eeaf4094c6b05fea3668c90a38587d673ec95dcbcbd15ec3f0834a6bec6f2172d89598562ef89d82960bea5e73602a6ed28d3392 SHA512 457f666ba643746159295711ec5c4d2cde47b7a609df1b3d3f528f0dab4aef54641ecf32977f723bd70090da9485c2583413b2673a65e0d6ab078523c5186e45
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild
new file mode 100644
index 00000000000..4ce3382d38e
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild
@@ -0,0 +1,214 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="20180728"
+INTEL_SNAPSHOT="20180703"
+NUM="27945"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		ewarn "The user has opted in for advanced use:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+
+	if use hostonly; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+
+	local _has_installed_something=
+	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		ewarn "No ucode was installed! You can ignore this warning if there"
+		ewarn "aren't any microcode updates available for your processor(s)."
+		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
+		ewarn "if you have an invalid select."
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     75dd2cb9b1d0a847a1aea8e30460bff9c86bb863
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 29 22:54:06 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jul 29 22:54:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75dd2cb9

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180721-r1.ebuild             | 214 ---------------------
 2 files changed, 215 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 6ded7c9fe4a..17e400a0b73 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20180721.tar.xz 4460612 BLAKE2B a4af173f62d3f603812ed42751fd208bd9d6115b7a1349a978641c8a39824ffaf63e9b65c8bc14793664e68c69a4fcf4ea731b7f8b300bd750a04a4d3c991ec5 SHA512 2baebb2148a9c913723949b7fbde86808a0ad5e49faeb3a79fa2f3eb1f843777e74c049dc45a97b01485c8f091b87d779c626c7f20cc2940a1c422283d29abcf
 DIST intel-microcode-collection-20180728.tar.xz 4463372 BLAKE2B ae0f6fa46944cf159762c4b5eeaf4094c6b05fea3668c90a38587d673ec95dcbcbd15ec3f0834a6bec6f2172d89598562ef89d82960bea5e73602a6ed28d3392 SHA512 457f666ba643746159295711ec5c4d2cde47b7a609df1b3d3f528f0dab4aef54641ecf32977f723bd70090da9485c2583413b2673a65e0d6ab078523c5186e45
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180721-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180721-r1.ebuild
deleted file mode 100644
index bf6650c07c5..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180721-r1.ebuild
+++ /dev/null
@@ -1,214 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="20180721"
-INTEL_SNAPSHOT="20180703"
-NUM="27945"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
-	hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		ewarn "The user has opted in for advanced use:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	use initramfs && mount-boot_pkg_preinst
-
-	if use hostonly; then
-		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	use initramfs && mount-boot_pkg_postinst
-
-	local _has_installed_something=
-	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		ewarn "No ucode was installed! You can ignore this warning if there"
-		ewarn "aren't any microcode updates available for your processor(s)."
-		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
-		ewarn "if you have an invalid select."
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     3dfea4b405c8f96828215c6f0617c0bac469fcdc
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  4 23:02:00 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Aug  4 23:02:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3dfea4b4

sys-firmware/intel-microcode: bump

- Updated Microcodes:

  sig 0x000106e5, pf_mask 0x13, 2018-01-24, rev 0x0009 -> 2018-05-08, rev 0x000a
  sig 0x00020652, pf_mask 0x12, 2018-02-04, rev 0x0010 -> 2018-05-08, rev 0x0011
  sig 0x00020655, pf_mask 0x92, 2018-01-23, rev 0x0006 -> 2018-04-23, rev 0x0007
  sig 0x000506ca, pf_mask 0x03, 2017-11-22, rev 0x0008 -> 2018-05-11, rev 0x000c
  sig 0x000906ec, pf_mask 0x22, 2018-05-08, rev 0x0096 -> 2018-05-31, rev 0x0098

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180804.ebuild                | 214 +++++++++++++++++++++
 2 files changed, 215 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 17e400a0b73..e6a39726edd 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20180728.tar.xz 4463372 BLAKE2B ae0f6fa46944cf159762c4b5eeaf4094c6b05fea3668c90a38587d673ec95dcbcbd15ec3f0834a6bec6f2172d89598562ef89d82960bea5e73602a6ed28d3392 SHA512 457f666ba643746159295711ec5c4d2cde47b7a609df1b3d3f528f0dab4aef54641ecf32977f723bd70090da9485c2583413b2673a65e0d6ab078523c5186e45
+DIST intel-microcode-collection-20180804.tar.xz 4389012 BLAKE2B f77a226107f7529b12b95ed312e79338d20697378769f8cfcd91e7ed63e3d2044371fd9305ba4b7068a9467b7910150d6b288742ca5393c428cb2c167c4dfb62 SHA512 4cd2c5d2237fcf63727d6b2fc111e0b4d798ffb134e13b7e2a4b7373a09ae879237f8406358d09e724ab632bffadf08b528bf76530a25446f0ba60fb4ae490e1
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild
new file mode 100644
index 00000000000..4ab38dc2823
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild
@@ -0,0 +1,214 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="20180804"
+INTEL_SNAPSHOT="20180703"
+NUM="27945"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		ewarn "The user has opted in for advanced use:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+
+	if use hostonly; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+
+	local _has_installed_something=
+	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		ewarn "No ucode was installed! You can ignore this warning if there"
+		ewarn "aren't any microcode updates available for your processor(s)."
+		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
+		ewarn "if you have an invalid select."
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     9fa7e44fdd3bad730f075d350a1b815f26795df1
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  4 23:02:46 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Aug  4 23:02:46 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9fa7e44f

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/intel-microcode-20180804.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild
index 4ab38dc2823..67dd7794d26 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     c26e7c761fa1b9edb85b21e530e2005a63681a18
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Aug  4 23:03:06 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Aug  4 23:03:06 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c26e7c76

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180728.ebuild                | 214 ---------------------
 2 files changed, 215 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e6a39726edd..dac26828674 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20180728.tar.xz 4463372 BLAKE2B ae0f6fa46944cf159762c4b5eeaf4094c6b05fea3668c90a38587d673ec95dcbcbd15ec3f0834a6bec6f2172d89598562ef89d82960bea5e73602a6ed28d3392 SHA512 457f666ba643746159295711ec5c4d2cde47b7a609df1b3d3f528f0dab4aef54641ecf32977f723bd70090da9485c2583413b2673a65e0d6ab078523c5186e45
 DIST intel-microcode-collection-20180804.tar.xz 4389012 BLAKE2B f77a226107f7529b12b95ed312e79338d20697378769f8cfcd91e7ed63e3d2044371fd9305ba4b7068a9467b7910150d6b288742ca5393c428cb2c167c4dfb62 SHA512 4cd2c5d2237fcf63727d6b2fc111e0b4d798ffb134e13b7e2a4b7373a09ae879237f8406358d09e724ab632bffadf08b528bf76530a25446f0ba60fb4ae490e1
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild
deleted file mode 100644
index f629e1b2b14..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180728.ebuild
+++ /dev/null
@@ -1,214 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="20180728"
-INTEL_SNAPSHOT="20180703"
-NUM="27945"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
-	hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		ewarn "The user has opted in for advanced use:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	use initramfs && mount-boot_pkg_preinst
-
-	if use hostonly; then
-		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	use initramfs && mount-boot_pkg_postinst
-
-	local _has_installed_something=
-	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		ewarn "No ucode was installed! You can ignore this warning if there"
-		ewarn "aren't any microcode updates available for your processor(s)."
-		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
-		ewarn "if you have an invalid select."
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     4d77d5f1e1d6938c0e8c00c37f08f752baffc66c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  8 18:44:45 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug  8 18:59:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d77d5f1

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20180804.ebuild                | 214 ---------------------
 2 files changed, 216 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index a00325b1ddf..727072e8dee 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,2 @@
-DIST intel-microcode-collection-20180804.tar.xz 4389012 BLAKE2B f77a226107f7529b12b95ed312e79338d20697378769f8cfcd91e7ed63e3d2044371fd9305ba4b7068a9467b7910150d6b288742ca5393c428cb2c167c4dfb62 SHA512 4cd2c5d2237fcf63727d6b2fc111e0b4d798ffb134e13b7e2a4b7373a09ae879237f8406358d09e724ab632bffadf08b528bf76530a25446f0ba60fb4ae490e1
 DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c
-DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed
 DIST microcode-20180807.tgz 1629357 BLAKE2B ce60ef5a5ba794cb4a618739a6134e3b0a660d5e2a09c39ff1fcd7312a3d0b5e763674fb8f8cd39899544d1136253b98930a0160db9c937135effbb912823b58 SHA512 a69576afb6c8ec401e9e169ee208be7d57ee3292ec6689c783729d3fa624b1fdaa74803874c2afa09768c8ee955da913c2cbabeb3d7c7a1dc1f7965d950ccdfb

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild
deleted file mode 100644
index 67dd7794d26..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180804.ebuild
+++ /dev/null
@@ -1,214 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="20180804"
-INTEL_SNAPSHOT="20180703"
-NUM="27945"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
-	hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		ewarn "The user has opted in for advanced use:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	use initramfs && mount-boot_pkg_preinst
-
-	if use hostonly; then
-		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	use initramfs && mount-boot_pkg_postinst
-
-	local _has_installed_something=
-	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		ewarn "No ucode was installed! You can ignore this warning if there"
-		ewarn "aren't any microcode updates available for your processor(s)."
-		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
-		ewarn "if you have an invalid select."
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     d6202b64e897ea6c6092b5fa7a0e81ea6f129086
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  8 18:44:28 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug  8 18:59:33 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6202b64

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild
index 9568763bc62..e698c926d1a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     027f0fe01f13d654cb1aebf8b9f45006002851a8
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  8 18:42:00 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug  8 18:59:32 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=027f0fe0

sys-firmware/intel-microcode: bump

- Changed package version schema [Bug 662098#c3]:

  Main version will now be based on latest Intel snapshot date.
  Patch version will now be based on latest collection snapshot date.

- Updated Microcodes:

  sig 0x000506c2, pf_mask 0x01, 2017-06-06, rev 0x000e -> 2018-05-11, rev 0x0014
  sig 0x000506f1, pf_mask 0x01, 2017-11-22, rev 0x0020 -> 2018-05-11, rev 0x0024
  sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022 -> 2018-05-22, rev 0x0028

Bug: https://bugs.gentoo.org/662098
Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20180807_p20180808.ebuild      | 214 +++++++++++++++++++++
 2 files changed, 216 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index dac26828674..a00325b1ddf 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,4 @@
 DIST intel-microcode-collection-20180804.tar.xz 4389012 BLAKE2B f77a226107f7529b12b95ed312e79338d20697378769f8cfcd91e7ed63e3d2044371fd9305ba4b7068a9467b7910150d6b288742ca5393c428cb2c167c4dfb62 SHA512 4cd2c5d2237fcf63727d6b2fc111e0b4d798ffb134e13b7e2a4b7373a09ae879237f8406358d09e724ab632bffadf08b528bf76530a25446f0ba60fb4ae490e1
+DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c
 DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed
+DIST microcode-20180807.tgz 1629357 BLAKE2B ce60ef5a5ba794cb4a618739a6134e3b0a660d5e2a09c39ff1fcd7312a3d0b5e763674fb8f8cd39899544d1136253b98930a0160db9c937135effbb912823b58 SHA512 a69576afb6c8ec401e9e169ee208be7d57ee3292ec6689c783729d3fa624b1fdaa74803874c2afa09768c8ee955da913c2cbabeb3d7c7a1dc1f7965d950ccdfb

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild
new file mode 100644
index 00000000000..9568763bc62
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild
@@ -0,0 +1,214 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28039"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		ewarn "The user has opted in for advanced use:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	use initramfs && mount-boot_pkg_preinst
+
+	if use hostonly; then
+		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	use initramfs && mount-boot_pkg_postinst
+
+	local _has_installed_something=
+	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		ewarn "No ucode was installed! You can ignore this warning if there"
+		ewarn "aren't any microcode updates available for your processor(s)."
+		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
+		ewarn "if you have an invalid select."
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     03bd51396a4f29fb393700ad75dc34422f9dd297
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  8 23:44:17 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Aug  8 23:46:21 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03bd5139

sys-firmware/intel-microcode: sanity check moved to pkg_preinst ...

...and logging improved

Closes: https://bugs.gentoo.org/656992
Package-Manager: Portage-2.3.44, Repoman-2.3.10

 .../intel-microcode-20180807_p20180808-r1.ebuild   | 254 +++++++++++++++++++++
 1 file changed, 254 insertions(+)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r1.ebuild
new file mode 100644
index 00000000000..fce188c4558
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r1.ebuild
@@ -0,0 +1,254 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28039"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+
+	# Record how package was created so we can show this in build.log
+	# even for binary packages.
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
+	fi
+}
+
+pkg_preinst() {
+	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
+		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
+		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk.
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Matt Thode]

commit:     933df6d841020ef50bea24836ea854f6e4474cf7
Author:     Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 23 17:17:14 2018 +0000
Commit:     Matt Thode <prometheanfire <AT> gentoo <DOT> org>
CommitDate: Thu Aug 23 17:17:36 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=933df6d8

sys-firmware/intel-microcode: revbump to update licence

Also restirct mirror and bindist
Closes: https://bugs.gentoo.org/664134
Package-Manager: Portage-2.3.48, Repoman-2.3.10
RepoMan-Options: --force

 ..._p20180808.ebuild => intel-microcode-20180807_p20180808-r2.ebuild} | 4 ++--
 ...0180808-r1.ebuild => intel-microcode-20180807_p20180808-r3.ebuild} | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r2.ebuild
similarity index 99%
rename from sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r2.ebuild
index e698c926d1a..5799e35a7cd 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r2.ebuild
@@ -16,7 +16,7 @@ HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Deta
 SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
 	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
 
-LICENSE="intel-ucode"
+LICENSE="intel-ucode-20180807"
 SLOT="0"
 KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
@@ -28,7 +28,7 @@ DEPEND="sys-apps/iucode_tool"
 RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
 	hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks strip"
+RESTRICT="binchecks bindist mirror strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r3.ebuild
similarity index 99%
rename from sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r1.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r3.ebuild
index fce188c4558..be1b43ad752 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807_p20180808-r3.ebuild
@@ -16,7 +16,7 @@ HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Deta
 SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
 	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
 
-LICENSE="intel-ucode"
+LICENSE="intel-ucode-20180807"
 SLOT="0"
 KEYWORDS="-* ~amd64 ~x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
@@ -28,7 +28,7 @@ DEPEND="sys-apps/iucode_tool"
 RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
 	hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks strip"
+RESTRICT="binchecks bindist mirror strip"
 
 S=${WORKDIR}
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     db0abeb8d0505d7fd48b53bfc8a8e04e816f0142
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 24 19:36:01 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 24 19:38:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db0abeb8

sys-firmware/intel-microcode: re-release with new (old) license

Package-Manager: Portage-2.3.48, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20180808.ebuild     | 254 +++++++++++++++++++++
 2 files changed, 255 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 727072e8dee..026eb2bfe9d 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c
 DIST microcode-20180807.tgz 1629357 BLAKE2B ce60ef5a5ba794cb4a618739a6134e3b0a660d5e2a09c39ff1fcd7312a3d0b5e763674fb8f8cd39899544d1136253b98930a0160db9c937135effbb912823b58 SHA512 a69576afb6c8ec401e9e169ee208be7d57ee3292ec6689c783729d3fa624b1fdaa74803874c2afa09768c8ee955da913c2cbabeb3d7c7a1dc1f7965d950ccdfb
+DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
new file mode 100644
index 00000000000..07477ef7fae
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
@@ -0,0 +1,254 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
+	hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+
+	# Record how package was created so we can show this in build.log
+	# even for binary packages.
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
+	fi
+}
+
+pkg_preinst() {
+	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
+		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
+		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk.
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     2607378de33d92d584c8367608a2816f49c87fee
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 24 19:36:49 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Aug 24 19:39:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2607378d

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.48, Repoman-2.3.10

 sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
index 07477ef7fae..07f74ab977b 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mikle Kolyada]

commit:     e49ab38457834ecb90b2557a51ec5a6a2ad28157
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  9 11:27:22 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Sep  9 11:35:58 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e49ab384

sys-firmware/intel-microcode: remove microcode-ctl dependency (gone)"

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../intel-microcode/intel-microcode-20180807a_p20180808.ebuild         | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
index 07f74ab977b..30301c72475 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
@@ -25,8 +25,7 @@ REQUIRED_USE="|| ( initramfs split-ucode )"
 DEPEND="sys-apps/iucode_tool"
 
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
-	hostonly? ( sys-apps/iucode_tool )"
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
 RESTRICT="binchecks bindist mirror strip"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     3e834077ff58ae6773cbac739b932e200404741f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 16 11:28:13 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 16 11:29:27 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e834077

sys-firmware/intel-microcode: bump

- Updated Microcodes:

  sig 0x00030678, pf_mask 0x0c, 2018-01-10, rev 0x0836 -> 2018-01-25, rev 0x0837
  sig 0x000906ec, pf_mask 0x22, 2018-05-31, rev 0x0098 -> 2018-08-26, rev 0x009e

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20180916.ebuild     | 253 +++++++++++++++++++++
 2 files changed, 254 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 242227288ea..2fdceafc5a0 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c
+DIST intel-microcode-collection-20180916.tar.xz 4414792 BLAKE2B e0dee0ef27e5d5460a4856b73a0a3940e563b649912f648cf45c109404666b7ebffb3bcce900f2eb48502b8ef2f0410cdde39eb478879e79cca4414f326c6947 SHA512 ac1964cbaffdf8a5e42ea80fd6898583f3f97a3163b0b661bcc0a83f6a1e9ba0c0a22bc79b8aadb759e5d02f77d2e2c04bd16c8811a277eb261a9a5e3bae3761
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild
new file mode 100644
index 00000000000..5bab3ca5b6f
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild
@@ -0,0 +1,253 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+
+	# Record how package was created so we can show this in build.log
+	# even for binary packages.
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
+	fi
+}
+
+pkg_preinst() {
+	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
+		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
+		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk.
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     3d4391c830d4e463c2674a4467a7513664ca87ea
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 16 11:29:01 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 16 11:29:30 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d4391c8

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180807a_p20180808.ebuild     | 253 ---------------------
 2 files changed, 254 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 2fdceafc5a0..2730dbac48e 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c
 DIST intel-microcode-collection-20180916.tar.xz 4414792 BLAKE2B e0dee0ef27e5d5460a4856b73a0a3940e563b649912f648cf45c109404666b7ebffb3bcce900f2eb48502b8ef2f0410cdde39eb478879e79cca4414f326c6947 SHA512 ac1964cbaffdf8a5e42ea80fd6898583f3f97a3163b0b661bcc0a83f6a1e9ba0c0a22bc79b8aadb759e5d02f77d2e2c04bd16c8811a277eb261a9a5e3bae3761
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
deleted file mode 100644
index 30301c72475..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
+++ /dev/null
@@ -1,253 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-
-	# Record how package was created so we can show this in build.log
-	# even for binary packages.
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
-	fi
-}
-
-pkg_preinst() {
-	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
-		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
-		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk.
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     6feddbf9a703917112e8408dcd0d5dd309856cc1
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 16 11:28:44 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 16 11:29:29 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6feddbf9

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.49, Repoman-2.3.10

 sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild
index 5bab3ca5b6f..30301c72475 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     18ccb7f1533c05dd92085fb2c176154700afecfa
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 24 14:28:49 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 24 14:28:56 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18ccb7f1

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x000806e9, pf_mask 0x10, 2018-06-26, rev 0x0098

- Updated microcodes:

  sig 0x00050655, pf_mask 0xb7, 2018-03-14, rev 0x3000009 -> 2018-04-27, rev 0x300000b
  sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028    -> 2018-07-25, rev 0x002a

Package-Manager: Portage-2.3.50, Repoman-2.3.11

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20180922.ebuild     | 253 +++++++++++++++++++++
 2 files changed, 254 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 2730dbac48e..b865a5e6ce6 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20180916.tar.xz 4414792 BLAKE2B e0dee0ef27e5d5460a4856b73a0a3940e563b649912f648cf45c109404666b7ebffb3bcce900f2eb48502b8ef2f0410cdde39eb478879e79cca4414f326c6947 SHA512 ac1964cbaffdf8a5e42ea80fd6898583f3f97a3163b0b661bcc0a83f6a1e9ba0c0a22bc79b8aadb759e5d02f77d2e2c04bd16c8811a277eb261a9a5e3bae3761
+DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild
new file mode 100644
index 00000000000..42757b59066
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild
@@ -0,0 +1,253 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+
+	# Record how package was created so we can show this in build.log
+	# even for binary packages.
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
+	fi
+}
+
+pkg_preinst() {
+	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
+		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
+		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk.
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     707f3c720085eff897d2b695a72f1b98bc34e6a5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 24 14:29:34 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 24 14:29:34 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=707f3c72

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.50, Repoman-2.3.11

 sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild
index 42757b59066..cf35c112d2d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e253cd2e717b74dbc740c133e3579f373056cd0b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 24 14:29:52 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Sep 24 14:29:52 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e253cd2e

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.50, Repoman-2.3.11

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180807a_p20180916.ebuild     | 253 ---------------------
 2 files changed, 254 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index b865a5e6ce6..9a0815d330a 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20180916.tar.xz 4414792 BLAKE2B e0dee0ef27e5d5460a4856b73a0a3940e563b649912f648cf45c109404666b7ebffb3bcce900f2eb48502b8ef2f0410cdde39eb478879e79cca4414f326c6947 SHA512 ac1964cbaffdf8a5e42ea80fd6898583f3f97a3163b0b661bcc0a83f6a1e9ba0c0a22bc79b8aadb759e5d02f77d2e2c04bd16c8811a277eb261a9a5e3bae3761
 DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild
deleted file mode 100644
index 30301c72475..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180916.ebuild
+++ /dev/null
@@ -1,253 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-
-	# Record how package was created so we can show this in build.log
-	# even for binary packages.
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
-	fi
-}
-
-pkg_preinst() {
-	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
-		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
-		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk.
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     6bb332684c5544716e42d20de7b4c5b31c0a4a38
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 29 13:28:07 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Oct 29 14:54:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bb33268

sys-firmware/intel-microcode: amd64 & x86 stable

Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
index 42757b59066..cf35c112d2d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
@@ -18,7 +18,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     c6563f92d74e1567bef1a1b9990760943978e5c2
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 29 13:24:26 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Oct 29 14:53:58 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6563f92

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x000506f0, pf_mask 0x01, 2016-06-07, rev 0x0010

- Updated microcodes:

  sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e -> 2018-09-05, rev 0xb000031
  sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d -> 2018-08-09, rev 0x2000050
  sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e    -> 2018-07-16, rev 0x009a
  sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096    -> 2018-10-18, rev 0x009e
  sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e    -> 2018-07-16, rev 0x009a
  sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096    -> 2018-07-16, rev 0x009a
  sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e    -> 2018-07-16, rev 0x009a

Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20181027.ebuild     | 253 +++++++++++++++++++++
 2 files changed, 254 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 9a0815d330a..59fe1a9b4b9 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646
+DIST intel-microcode-collection-20181027.tar.xz 4517880 BLAKE2B 189e23cfc77d89da945dec6e1762ce9ba16c1cbc0a618e80f3c328b3d9766ef3bb8e62c84c3a6f32ef994f426b5f00ff1ec520105ac7734f25a606e7cb036ec6 SHA512 fc96d0bbacea9da7a232a6482a7731a029c7e110c3358f917d99e1906c9a783b90df22dde2ad4043e8029a4e3ca5a86d43927b38f668456dfda4098d9d5f37c5
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
new file mode 100644
index 00000000000..42757b59066
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
@@ -0,0 +1,253 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only:
+# merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+	# split location (we use a temporary location so that we are able
+	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
+	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
+	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+
+	# Record how package was created so we can show this in build.log
+	# even for binary packages.
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
+	fi
+}
+
+pkg_preinst() {
+	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
+		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
+		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+		# split location:
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
+
+		iucode_tool \
+			"${opts[@]}" \
+			"${ED%/}"/tmp/intel-ucode \
+			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
+
+	else
+		if use split-ucode; then
+			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
+			dodir /lib/firmware
+			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
+		fi
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+
+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk.
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     873efa6d3f5d6bc5070088f45fff18a92e462776
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 29 13:28:36 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Oct 29 14:54:02 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=873efa6d

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180807a_p20180922.ebuild     | 253 ---------------------
 2 files changed, 254 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 59fe1a9b4b9..20c20a365e3 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20180922.tar.xz 4506768 BLAKE2B c985c20e01ab171637bf8acbab912a802608681a7f62779a63cd4218008435638c06452fef157d26ff6295dbee963827493dd85fb31b6e2b8e447158eb55d9f9 SHA512 08d38e25d02a45cbc2272c440e64255dbaac90efc67dd241f8e329c84eff2baab38236ee97a52e3803ecbc87a751d1d44f08a18288fba52cbbf916390d461646
 DIST intel-microcode-collection-20181027.tar.xz 4517880 BLAKE2B 189e23cfc77d89da945dec6e1762ce9ba16c1cbc0a618e80f3c328b3d9766ef3bb8e62c84c3a6f32ef994f426b5f00ff1ec520105ac7734f25a606e7cb036ec6 SHA512 fc96d0bbacea9da7a232a6482a7731a029c7e110c3358f917d99e1906c9a783b90df22dde2ad4043e8029a4e3ca5a86d43927b38f668456dfda4098d9d5f37c5
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild
deleted file mode 100644
index cf35c112d2d..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180922.ebuild
+++ /dev/null
@@ -1,253 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-
-	# Record how package was created so we can show this in build.log
-	# even for binary packages.
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
-	fi
-}
-
-pkg_preinst() {
-	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
-		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
-		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk.
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     edce8f4f28982e3e46caa728b792150a5e9626cb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 17 23:56:35 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Nov 17 23:56:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edce8f4f

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000806e9, pf_mask 0x10, 2018-06-26, rev 0x0098 -> 2018-10-18, rev 0x009e
  sig 0x000806eb, pf_mask 0xc0, 2018-05-30, rev 0x0098 -> 2018-07-16, rev 0x009a
  sig 0x000906eb, pf_mask 0x02, 2018-07-16, rev 0x009a -> 2018-10-24, rev 0x00a4
  sig 0x000906ec, pf_mask 0x22, 2018-08-26, rev 0x009e -> 2018-09-29, rev 0x00a2

Package-Manager: Portage-2.3.51, Repoman-2.3.12
RepoMan-Options: --force
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest                                   | 2 +-
 ...807a_p20181027.ebuild => intel-microcode-20180807a_p20181117.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 20c20a365e3..c43fc289312 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,2 @@
-DIST intel-microcode-collection-20181027.tar.xz 4517880 BLAKE2B 189e23cfc77d89da945dec6e1762ce9ba16c1cbc0a618e80f3c328b3d9766ef3bb8e62c84c3a6f32ef994f426b5f00ff1ec520105ac7734f25a606e7cb036ec6 SHA512 fc96d0bbacea9da7a232a6482a7731a029c7e110c3358f917d99e1906c9a783b90df22dde2ad4043e8029a4e3ca5a86d43927b38f668456dfda4098d9d5f37c5
+DIST intel-microcode-collection-20181117.tar.xz 4454740 BLAKE2B c9f106a6c6477966d535faef6a6a6a547218b0162ed6405dd9ab47967a87b2c4d9d2d33e8caf716720179bb0035df8c4a38d06c654584396f2af82828fcabd5e SHA512 cdff0e9d88c7848746487710c17cbcdf2adb0940072d71d6f32651a7e2fb66751409856e28d36e7e156e1bae08ad6575098972572bf809db5f07023870b2b9c6
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181117.ebuild
similarity index 100%
rename from sys-firmware/intel-microcode/intel-microcode-20180807a_p20181027.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180807a_p20181117.ebuild

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e6ade8189bb6037cf298ed70889f15cfcd0a0a00
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 16 23:17:46 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Dec 16 23:18:13 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e6ade818

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x00050653, pf_mask 0x97, 2018-04-20, rev 0x1000144 -> 2018-08-24, rev 0x1000146
  sig 0x00050654, pf_mask 0xb7, 2018-08-09, rev 0x2000050 -> 2018-10-08, rev 0x2000055
  sig 0x00050655, pf_mask 0xb7, 2018-04-27, rev 0x300000b -> 2018-06-15, rev 0x300000d

- Ebuild changes:

In addition to the updated microcodes, the package now avoids using
a temp directory for install.

Instead it creates a temp directory in pkg_preinst if necessary. This
should only be needed when the 'hostonly' USE flag is enabled.

Closes: https://github.com/gentoo/gentoo/pull/10461
Closes: https://bugs.gentoo.org/671436
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20181215.ebuild     | 239 +++++++++++++++++++++
 2 files changed, 240 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index c43fc289312..6a6999c7dfd 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20181117.tar.xz 4454740 BLAKE2B c9f106a6c6477966d535faef6a6a6a547218b0162ed6405dd9ab47967a87b2c4d9d2d33e8caf716720179bb0035df8c4a38d06c654584396f2af82828fcabd5e SHA512 cdff0e9d88c7848746487710c17cbcdf2adb0940072d71d6f32651a7e2fb66751409856e28d36e7e156e1bae08ad6575098972572bf809db5f07023870b2b9c6
+DIST intel-microcode-collection-20181215.tar.xz 4455584 BLAKE2B 7535283f38ce82cc7e90f45e3201665e46b3c00becd3f6432843c3d960f0a8f11b8c394bc736e7c02e9e34ea31832bd7335603f8727f114f5d3eafa7fb6ea630 SHA512 ec32ef3c625426c98902b7716abc400001c440b8136f13ba89e0dd707690f82dd5afd8849b61f86507b3a78ef7a96b8750dca24fdf4c42b53275fa87e50ed561
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181215.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181215.ebuild
new file mode 100644
index 00000000000..e284cd8fcf3
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181215.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     200158e49aa112bd65d32c24981ea8219dc3234c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 14 02:37:59 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan 14 02:38:11 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=200158e4

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x00050656, pf_mask 0xbf, 2018-12-03, rev 0x4000013
  sig 0x00050657, pf_mask 0xbf, 2018-12-03, rev 0x5000013
  sig 0x000706e0, pf_mask 0xc0, 2018-05-28, rev 0x002a
  sig 0x000706e1, pf_mask 0x80, 2018-11-19, rev 0x002e
  sig 0x000706e2, pf_mask 0x80, 2018-11-19, rev 0x002e

- Updated microcodes:

  sig 0x00050654, pf_mask 0xb7, 2018-10-08, rev 0x2000055 -> 2018-10-22, rev 0x2000057
  sig 0x00050655, pf_mask 0xb7, 2018-06-15, rev 0x300000d -> 2018-11-16, rev 0x3000010

Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20190112.ebuild     | 239 +++++++++++++++++++++
 2 files changed, 240 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 6a6999c7dfd..c35614983ee 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,4 @@
 DIST intel-microcode-collection-20181117.tar.xz 4454740 BLAKE2B c9f106a6c6477966d535faef6a6a6a547218b0162ed6405dd9ab47967a87b2c4d9d2d33e8caf716720179bb0035df8c4a38d06c654584396f2af82828fcabd5e SHA512 cdff0e9d88c7848746487710c17cbcdf2adb0940072d71d6f32651a7e2fb66751409856e28d36e7e156e1bae08ad6575098972572bf809db5f07023870b2b9c6
 DIST intel-microcode-collection-20181215.tar.xz 4455584 BLAKE2B 7535283f38ce82cc7e90f45e3201665e46b3c00becd3f6432843c3d960f0a8f11b8c394bc736e7c02e9e34ea31832bd7335603f8727f114f5d3eafa7fb6ea630 SHA512 ec32ef3c625426c98902b7716abc400001c440b8136f13ba89e0dd707690f82dd5afd8849b61f86507b3a78ef7a96b8750dca24fdf4c42b53275fa87e50ed561
+DIST intel-microcode-collection-20190112.tar.xz 4748576 BLAKE2B a6db3a1b357bdd1db65885b0de0d8a871573b6ec025eaff6c8991ef03eed6f32f298ecb736b42e09a94ca880ace984b276672245f5651982093d405abd588712 SHA512 6602772bd44aa9fad27275d515f73db041c3e18964fdfbea8d5f7917d456e5a5ca343999b7a9b48245b115290490c525e24cd575532ba8b2169a8229a69b9fa4
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190112.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190112.ebuild
new file mode 100644
index 00000000000..06557d9fb74
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190112.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     4fb4eed6c4eb582c3e07099a8577a1a3ab7a52a7
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 14 02:38:49 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan 14 02:38:49 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fb4eed6

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20180807a_p20181117.ebuild     | 253 ---------------------
 .../intel-microcode-20180807a_p20181215.ebuild     | 239 -------------------
 3 files changed, 494 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index c35614983ee..e6f978da207 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,2 @@
-DIST intel-microcode-collection-20181117.tar.xz 4454740 BLAKE2B c9f106a6c6477966d535faef6a6a6a547218b0162ed6405dd9ab47967a87b2c4d9d2d33e8caf716720179bb0035df8c4a38d06c654584396f2af82828fcabd5e SHA512 cdff0e9d88c7848746487710c17cbcdf2adb0940072d71d6f32651a7e2fb66751409856e28d36e7e156e1bae08ad6575098972572bf809db5f07023870b2b9c6
-DIST intel-microcode-collection-20181215.tar.xz 4455584 BLAKE2B 7535283f38ce82cc7e90f45e3201665e46b3c00becd3f6432843c3d960f0a8f11b8c394bc736e7c02e9e34ea31832bd7335603f8727f114f5d3eafa7fb6ea630 SHA512 ec32ef3c625426c98902b7716abc400001c440b8136f13ba89e0dd707690f82dd5afd8849b61f86507b3a78ef7a96b8750dca24fdf4c42b53275fa87e50ed561
 DIST intel-microcode-collection-20190112.tar.xz 4748576 BLAKE2B a6db3a1b357bdd1db65885b0de0d8a871573b6ec025eaff6c8991ef03eed6f32f298ecb736b42e09a94ca880ace984b276672245f5651982093d405abd588712 SHA512 6602772bd44aa9fad27275d515f73db041c3e18964fdfbea8d5f7917d456e5a5ca343999b7a9b48245b115290490c525e24cd575532ba8b2169a8229a69b9fa4
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181117.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181117.ebuild
deleted file mode 100644
index cf35c112d2d..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181117.ebuild
+++ /dev/null
@@ -1,253 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only:
-# merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-	# split location (we use a temporary location so that we are able
-	# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry
-	# this folder to pkg_preinst to avoid an error even if no microcode was selected):
-	keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-
-	# Record how package was created so we can show this in build.log
-	# even for binary packages.
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
-	fi
-}
-
-pkg_preinst() {
-	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
-		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
-		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
-
-		iucode_tool \
-			"${opts[@]}" \
-			"${ED%/}"/tmp/intel-ucode \
-			|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
-
-	else
-		if use split-ucode; then
-			# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ...
-			dodir /lib/firmware
-			mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
-		fi
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-
-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk.
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181215.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181215.ebuild
deleted file mode 100644
index e284cd8fcf3..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20181215.ebuild
+++ /dev/null
@@ -1,239 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     efb2ecfe3822426a9d9b5b78a2b2d15db3e63789
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Feb  4 10:58:22 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Feb  4 10:58:42 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efb2ecfe

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.59, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180807a_p20190112.ebuild     | 239 ---------------------
 2 files changed, 240 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 4fc126450ce..933ab6b5a10 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20190112.tar.xz 4748576 BLAKE2B a6db3a1b357bdd1db65885b0de0d8a871573b6ec025eaff6c8991ef03eed6f32f298ecb736b42e09a94ca880ace984b276672245f5651982093d405abd588712 SHA512 6602772bd44aa9fad27275d515f73db041c3e18964fdfbea8d5f7917d456e5a5ca343999b7a9b48245b115290490c525e24cd575532ba8b2169a8229a69b9fa4
 DIST intel-microcode-collection-20190204.tar.xz 4917272 BLAKE2B d1934d764984452f45e48699d22599fa6583b5e06ac403c932203354c4043984dc64971a327d7e22a549bfb9aa612322f5c04a7cfdfcd37116570bbac94d3d0f SHA512 02d693deb5e28eecbae5e5d6286418c68aa2d27d65f52bec93e4f0469a50e2476da8a3a2c205cff434ec9d16dbca619b1b7c5372043484be6dc02220e2ba556e
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190112.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190112.ebuild
deleted file mode 100644
index 06557d9fb74..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190112.ebuild
+++ /dev/null
@@ -1,239 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     82665f9dfcac23836338e1c57ab64d0c4595617a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Feb  4 10:57:35 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Feb  4 10:58:41 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82665f9d

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000806ec, pf_mask 0x90, 2018-11-29, rev 0x00aa

- Updated microcodes:

  sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d    -> 2018-11-20, rev 0x0041
  sig 0x000406f1, pf_mask 0xef, 2018-09-05, rev 0xb000031 -> 2018-10-22, rev 0xb000033
  sig 0x00050656, pf_mask 0xbf, 2018-12-03, rev 0x4000013 -> 2018-12-17, rev 0x4000014
  sig 0x00050657, pf_mask 0xbf, 2018-12-03, rev 0x5000013 -> 2018-12-17, rev 0x5000014
  sig 0x000806eb, pf_mask 0xc0, 2018-07-16, rev 0x009a    -> 2018-10-25, rev 0x00a4
  sig 0x000906ea, pf_mask 0x22, 2018-07-16, rev 0x009a    -> 2018-12-12, rev 0x00aa
  sig 0x000906eb, pf_mask 0x02, 2018-10-24, rev 0x00a4    -> 2018-12-12, rev 0x00aa

Package-Manager: Portage-2.3.59, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20190204.ebuild     | 239 +++++++++++++++++++++
 2 files changed, 240 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e6f978da207..4fc126450ce 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190112.tar.xz 4748576 BLAKE2B a6db3a1b357bdd1db65885b0de0d8a871573b6ec025eaff6c8991ef03eed6f32f298ecb736b42e09a94ca880ace984b276672245f5651982093d405abd588712 SHA512 6602772bd44aa9fad27275d515f73db041c3e18964fdfbea8d5f7917d456e5a5ca343999b7a9b48245b115290490c525e24cd575532ba8b2169a8229a69b9fa4
+DIST intel-microcode-collection-20190204.tar.xz 4917272 BLAKE2B d1934d764984452f45e48699d22599fa6583b5e06ac403c932203354c4043984dc64971a327d7e22a549bfb9aa612322f5c04a7cfdfcd37116570bbac94d3d0f SHA512 02d693deb5e28eecbae5e5d6286418c68aa2d27d65f52bec93e4f0469a50e2476da8a3a2c205cff434ec9d16dbca619b1b7c5372043484be6dc02220e2ba556e
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190204.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190204.ebuild
new file mode 100644
index 00000000000..06557d9fb74
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190204.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     fef6f159d43307daf0f98e0a373f1988307978e3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 13 22:38:14 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Mar 13 22:39:02 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fef6f159

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000706e4, pf_mask 0x80, 2019-01-24, rev 0x000c
  sig 0x000906ed, pf_mask 0x22, 2018-11-29, rev 0x00aa

- Updated microcodes:

  sig 0x00050654, pf_mask 0xb7, 2018-10-22, rev 0x2000057 -> 2018-12-20, rev 0x2000059
  sig 0x000706e1, pf_mask 0x80, 2018-11-19, rev 0x002e    -> 2019-01-24, rev 0x003a
  sig 0x000706e2, pf_mask 0x80, 2018-11-19, rev 0x002e    -> 2019-01-24, rev 0x003a
  sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a    -> 2018-08-15, rev 0x009c
  sig 0x000806ec, pf_mask 0x90, 2018-11-29, rev 0x00aa    -> 2019-02-12, rev 0x00b2

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20190309.ebuild     | 239 +++++++++++++++++++++
 2 files changed, 240 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 933ab6b5a10..c110e802a0a 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190204.tar.xz 4917272 BLAKE2B d1934d764984452f45e48699d22599fa6583b5e06ac403c932203354c4043984dc64971a327d7e22a549bfb9aa612322f5c04a7cfdfcd37116570bbac94d3d0f SHA512 02d693deb5e28eecbae5e5d6286418c68aa2d27d65f52bec93e4f0469a50e2476da8a3a2c205cff434ec9d16dbca619b1b7c5372043484be6dc02220e2ba556e
+DIST intel-microcode-collection-20190309.tar.xz 5168076 BLAKE2B 6524eede78fd19016a86bfa716f678ab426485b1868f1a254efacce0396d87a1377cfa04b90cd548ac30ecc3b3b5e3692ca3b592a11cac0b98beb65b3add659b SHA512 21bf9da045003aa34b9cb8ccf51cf75a09b89792b2a25c1b2e81bf2a0909864e94b034a4a4ce18776807d2de3498e39eda0f7e82bc35b20b5b30de2631cc5628
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190309.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190309.ebuild
new file mode 100644
index 00000000000..06557d9fb74
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190309.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     b1af8af9b71adada440d6ffaa99187d0164b393e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 13 22:38:46 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Mar 13 22:39:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1af8af9

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180807a_p20190204.ebuild     | 239 ---------------------
 2 files changed, 240 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index c110e802a0a..db8bc208a47 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20190204.tar.xz 4917272 BLAKE2B d1934d764984452f45e48699d22599fa6583b5e06ac403c932203354c4043984dc64971a327d7e22a549bfb9aa612322f5c04a7cfdfcd37116570bbac94d3d0f SHA512 02d693deb5e28eecbae5e5d6286418c68aa2d27d65f52bec93e4f0469a50e2476da8a3a2c205cff434ec9d16dbca619b1b7c5372043484be6dc02220e2ba556e
 DIST intel-microcode-collection-20190309.tar.xz 5168076 BLAKE2B 6524eede78fd19016a86bfa716f678ab426485b1868f1a254efacce0396d87a1377cfa04b90cd548ac30ecc3b3b5e3692ca3b592a11cac0b98beb65b3add659b SHA512 21bf9da045003aa34b9cb8ccf51cf75a09b89792b2a25c1b2e81bf2a0909864e94b034a4a4ce18776807d2de3498e39eda0f7e82bc35b20b5b30de2631cc5628
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190204.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190204.ebuild
deleted file mode 100644
index 06557d9fb74..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190204.ebuild
+++ /dev/null
@@ -1,239 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     0c7e9ccb0010532e9768a698f86061329793a3e0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 22:26:08 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:26:15 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c7e9ccb

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020    -> 2019-02-13, rev 0x0021
  sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d    -> 2019-03-14, rev 0x042e
  sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714    -> 2019-03-14, rev 0x0715
  sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041    -> 2019-03-01, rev 0x0043
  sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012    -> 2019-03-01, rev 0x0014
  sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6    -> 2019-02-03, rev 0x00ca
  sig 0x000406f1, pf_mask 0xef, 2018-10-22, rev 0xb000033 -> 2019-03-02, rev 0xb000036
  sig 0x00050654, pf_mask 0xb7, 2018-12-20, rev 0x2000059 -> 2019-03-07, rev 0x200005d
  sig 0x00050656, pf_mask 0xbf, 2018-12-17, rev 0x4000014 -> 2019-02-27, rev 0x4000021
  sig 0x00050657, pf_mask 0xbf, 2018-12-17, rev 0x5000014 -> 2019-02-27, rev 0x5000021
  sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017    -> 2018-12-06, rev 0x0019
  sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013 -> 2018-12-06, rev 0x7000016
  sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012 -> 2018-11-17, rev 0xf000014
  sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a -> 2018-11-17, rev 0xe00000c
  sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032    -> 2019-01-15, rev 0x0038
  sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c    -> 2019-03-01, rev 0x0016
  sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6    -> 2019-04-01, rev 0x00cc
  sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024    -> 2019-02-11, rev 0x002a
  sig 0x000706a1, pf_mask 0x01, 2018-07-25, rev 0x002a    -> 2019-01-02, rev 0x002e
  sig 0x000706e1, pf_mask 0x80, 2019-01-24, rev 0x003a    -> 2019-02-10, rev 0x003c
  sig 0x000706e2, pf_mask 0x80, 2019-01-24, rev 0x003a    -> 2019-02-10, rev 0x003c
  sig 0x000706e4, pf_mask 0x80, 2019-01-24, rev 0x000c    -> 2019-02-07, rev 0x0010
  sig 0x000806e9, pf_mask 0xc0, 2018-08-15, rev 0x009c    -> 2019-02-14, rev 0x00ae
  sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e    -> 2019-02-17, rev 0x00ae
  sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e    -> 2019-02-14, rev 0x00ae
  sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4    -> 2019-02-14, rev 0x00ae
  sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a    -> 2019-04-01, rev 0x00b4
  sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa    -> 2019-04-01, rev 0x00b4
  sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa    -> 2019-04-01, rev 0x00b4
  sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2    -> 2019-02-14, rev 0x00ae
  sig 0x000906ed, pf_mask 0x22, 2018-11-29, rev 0x00aa    -> 2019-02-04, rev 0x00b0

Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20190420.ebuild     | 239 +++++++++++++++++++++
 2 files changed, 240 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index db8bc208a47..8c551ffeb00 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190309.tar.xz 5168076 BLAKE2B 6524eede78fd19016a86bfa716f678ab426485b1868f1a254efacce0396d87a1377cfa04b90cd548ac30ecc3b3b5e3692ca3b592a11cac0b98beb65b3add659b SHA512 21bf9da045003aa34b9cb8ccf51cf75a09b89792b2a25c1b2e81bf2a0909864e94b034a4a4ce18776807d2de3498e39eda0f7e82bc35b20b5b30de2631cc5628
+DIST intel-microcode-collection-20190420.tar.xz 5119956 BLAKE2B d4d26b046dd607ad637d5fcd1a28c6d0cd865f56832ac0b4971be44c6021257ca826ee19af039a86a144b753d1b9840af7762c9f111ce9821bd76209cf8f1248 SHA512 74d8899924724e6181b9c470d4627ec96022f8dc93e0be935bc314cc981aee4ed37b71149f77e04f84a0674715815df72a5237566069f5b56576e3808d286c52
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190420.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190420.ebuild
new file mode 100644
index 00000000000..06557d9fb74
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190420.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     1f3d963ffc4f46aaf297fb481d69610338f47cee
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 22:27:02 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 22:27:02 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f3d963f

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.64, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180807a_p20190309.ebuild     | 239 ---------------------
 2 files changed, 240 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 8c551ffeb00..371a3ea8de8 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20190309.tar.xz 5168076 BLAKE2B 6524eede78fd19016a86bfa716f678ab426485b1868f1a254efacce0396d87a1377cfa04b90cd548ac30ecc3b3b5e3692ca3b592a11cac0b98beb65b3add659b SHA512 21bf9da045003aa34b9cb8ccf51cf75a09b89792b2a25c1b2e81bf2a0909864e94b034a4a4ce18776807d2de3498e39eda0f7e82bc35b20b5b30de2631cc5628
 DIST intel-microcode-collection-20190420.tar.xz 5119956 BLAKE2B d4d26b046dd607ad637d5fcd1a28c6d0cd865f56832ac0b4971be44c6021257ca826ee19af039a86a144b753d1b9840af7762c9f111ce9821bd76209cf8f1248 SHA512 74d8899924724e6181b9c470d4627ec96022f8dc93e0be935bc314cc981aee4ed37b71149f77e04f84a0674715815df72a5237566069f5b56576e3808d286c52
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190309.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190309.ebuild
deleted file mode 100644
index 06557d9fb74..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190309.ebuild
+++ /dev/null
@@ -1,239 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     5e97bfa6de5a67a9f4b12f912390a5bbd20f5bee
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon May 13 01:56:43 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon May 13 01:57:05 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e97bfa6

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20180807a_p20190420.ebuild     | 239 ---------------------
 2 files changed, 240 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 7442b8a42e2..8af43908373 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20190420.tar.xz 5119956 BLAKE2B d4d26b046dd607ad637d5fcd1a28c6d0cd865f56832ac0b4971be44c6021257ca826ee19af039a86a144b753d1b9840af7762c9f111ce9821bd76209cf8f1248 SHA512 74d8899924724e6181b9c470d4627ec96022f8dc93e0be935bc314cc981aee4ed37b71149f77e04f84a0674715815df72a5237566069f5b56576e3808d286c52
 DIST intel-microcode-collection-20190512.tar.xz 5085812 BLAKE2B 4b873be318ea1c1d5157ccf9646ccdaf34caabfbdda51cae92692acce83eacce713e7989b2c00cce46df16c501f7f9863478106fc9ce8912ccfca8103f85c45d SHA512 d0a0d0d82522d07549343ee9817133cd721f953421b945584434d8ebb10f0bd6acdd2b1df3daf5a925d3e0f9ea695a4ae81935699d8d655f58daf4fff8a4bd20
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190420.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190420.ebuild
deleted file mode 100644
index 06557d9fb74..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190420.ebuild
+++ /dev/null
@@ -1,239 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     1dd45c39441645d1dac202a1543f7a0ee1cd3c45
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon May 13 01:56:07 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon May 13 01:57:04 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dd45c39

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x000706e5, pf_mask 0x80, 2019-04-20, rev 0x001e

- Updated microcodes:

  sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e    -> 2019-02-17, rev 0x002f
  sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025    -> 2019-02-26, rev 0x0027
  sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b    -> 2019-03-07, rev 0x002d
  sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024    -> 2019-02-26, rev 0x0025
  sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a    -> 2019-02-26, rev 0x001b
  sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e    -> 2019-03-07, rev 0x0020
  sig 0x000406e3, pf_mask 0xc0, 2019-02-03, rev 0x00ca    -> 2019-04-01, rev 0x00cc
  sig 0x00050654, pf_mask 0xb7, 2019-03-07, rev 0x200005d -> 2019-04-02, rev 0x200005e
  sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019    -> 2019-03-23, rev 0x001a
  sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016 -> 2019-03-23, rev 0x7000017
  sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014 -> 2019-03-23, rev 0xf000015
  sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c -> 2019-03-23, rev 0xe00000d
  sig 0x000706e1, pf_mask 0x80, 2019-02-10, rev 0x003c    -> 2019-03-27, rev 0x0040
  sig 0x000706e2, pf_mask 0x80, 2019-02-10, rev 0x003c    -> 2019-03-27, rev 0x0040
  sig 0x000706e4, pf_mask 0x80, 2019-02-07, rev 0x0010    -> 2019-04-03, rev 0x001a
  sig 0x000806e9, pf_mask 0xc0, 2019-02-14, rev 0x00ae    -> 2019-04-01, rev 0x00b4
  sig 0x000806e9, pf_mask 0x10, 2019-02-17, rev 0x00ae    -> 2019-04-01, rev 0x00b4
  sig 0x000806ea, pf_mask 0xc0, 2019-02-14, rev 0x00ae    -> 2019-04-01, rev 0x00b4
  sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2    -> 2019-02-28, rev 0x00b4
  sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0    -> 2019-03-17, rev 0x00b8

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20180807a_p20190512.ebuild     | 239 +++++++++++++++++++++
 2 files changed, 240 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 371a3ea8de8..7442b8a42e2 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190420.tar.xz 5119956 BLAKE2B d4d26b046dd607ad637d5fcd1a28c6d0cd865f56832ac0b4971be44c6021257ca826ee19af039a86a144b753d1b9840af7762c9f111ce9821bd76209cf8f1248 SHA512 74d8899924724e6181b9c470d4627ec96022f8dc93e0be935bc314cc981aee4ed37b71149f77e04f84a0674715815df72a5237566069f5b56576e3808d286c52
+DIST intel-microcode-collection-20190512.tar.xz 5085812 BLAKE2B 4b873be318ea1c1d5157ccf9646ccdaf34caabfbdda51cae92692acce83eacce713e7989b2c00cce46df16c501f7f9863478106fc9ce8912ccfca8103f85c45d SHA512 d0a0d0d82522d07549343ee9817133cd721f953421b945584434d8ebb10f0bd6acdd2b1df3daf5a925d3e0f9ea695a4ae81935699d8d655f58daf4fff8a4bd20
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190512.ebuild
new file mode 100644
index 00000000000..06557d9fb74
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190512.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     1cb61881033abad8b9d5202d5d72d09929c19a39
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue May 14 18:22:29 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue May 14 18:24:29 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cb61881

sys-firmware/intel-microcode: bump to v20190514 (INTEL-SA-00233)

- Removed microcode:

  sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140

- New microcodes:

  sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838
  sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838
  sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c
  sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368
  sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411
  sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021
  sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4
  sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8
  sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8
  sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae
  sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8

- Updated microcodes:

  sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e    -> 2019-02-17, rev 0x002f
  sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020    -> 2019-02-13, rev 0x0021
  sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025    -> 2019-02-26, rev 0x0027
  sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b    -> 2019-03-07, rev 0x002d
  sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d    -> 2019-03-14, rev 0x042e
  sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714    -> 2019-03-14, rev 0x0715
  sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d    -> 2019-03-01, rev 0x0043
  sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012    -> 2019-03-01, rev 0x0014
  sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024    -> 2019-02-26, rev 0x0025
  sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a    -> 2019-02-26, rev 0x001b
  sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e    -> 2019-03-07, rev 0x0020
  sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6    -> 2019-04-01, rev 0x00cc
  sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d -> 2019-04-02, rev 0x200005e
  sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017    -> 2019-03-23, rev 0x001a
  sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013 -> 2019-03-23, rev 0x7000017
  sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012 -> 2019-03-23, rev 0xf000015
  sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a -> 2019-03-23, rev 0xe00000d
  sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032    -> 2019-01-15, rev 0x0038
  sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c    -> 2019-03-01, rev 0x0016
  sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6    -> 2019-04-01, rev 0x00cc
  sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024    -> 2019-03-21, rev 0x002e
  sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028    -> 2019-01-02, rev 0x002e
  sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e    -> 2019-04-01, rev 0x00b4
  sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096    -> 2019-04-01, rev 0x00b4
  sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e    -> 2019-04-01, rev 0x00b4
  sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096    -> 2019-04-01, rev 0x00b4
  sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e    -> 2019-04-01, rev 0x00b4

Link: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20190514_p20190512.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 8af43908373..9d6590ae8fa 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190512.tar.xz 5085812 BLAKE2B 4b873be318ea1c1d5157ccf9646ccdaf34caabfbdda51cae92692acce83eacce713e7989b2c00cce46df16c501f7f9863478106fc9ce8912ccfca8103f85c45d SHA512 d0a0d0d82522d07549343ee9817133cd721f953421b945584434d8ebb10f0bd6acdd2b1df3daf5a925d3e0f9ea695a4ae81935699d8d655f58daf4fff8a4bd20
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10
+DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190512.ebuild
new file mode 100644
index 00000000000..c3838387251
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190512.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e6485f82216a4ce948fb4fba52f317dc9f575e3d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun May 26 10:05:44 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun May 26 10:08:20 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e6485f82

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x00050656, pf_mask 0xbf, 2019-02-27, rev 0x4000021 -> 2019-04-07, rev 0x4000024
  sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021 -> 2019-04-07, rev 0x5000024
  sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8    -> 2019-05-13, rev 0x00bc

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20190514_p20190525.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 9d6590ae8fa..227312869e8 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,4 @@
 DIST intel-microcode-collection-20190512.tar.xz 5085812 BLAKE2B 4b873be318ea1c1d5157ccf9646ccdaf34caabfbdda51cae92692acce83eacce713e7989b2c00cce46df16c501f7f9863478106fc9ce8912ccfca8103f85c45d SHA512 d0a0d0d82522d07549343ee9817133cd721f953421b945584434d8ebb10f0bd6acdd2b1df3daf5a925d3e0f9ea695a4ae81935699d8d655f58daf4fff8a4bd20
+DIST intel-microcode-collection-20190525.tar.xz 5079704 BLAKE2B bc46128693eb9c14e9b4cf994c8affc332b236c222bf57df79e4f8aa4398d125734c1b61d9d0559518941642a5cad1345b5f894c6ed729273c3f8b1a54311113 SHA512 5aeb83bd1aaeb1e870447d18f91aa8f155da29dd89c3cec546a8a741c0c9fd21647cc64083dc5ca482562803a8e89c910ed2e18a6f232f3df64ac360002beaf4
 DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10
 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190525.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190525.ebuild
new file mode 100644
index 00000000000..c3838387251
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190525.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     b9d492272cf54efd7a2e3d7127bbe7260c0f40bb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun May 26 10:08:05 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun May 26 10:08:21 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9d49227

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20180807a_p20190512.ebuild     | 239 --------------------
 .../intel-microcode-20190514_p20190512.ebuild      | 248 ---------------------
 3 files changed, 489 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 227312869e8..8919ca8e9d5 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,2 @@
-DIST intel-microcode-collection-20190512.tar.xz 5085812 BLAKE2B 4b873be318ea1c1d5157ccf9646ccdaf34caabfbdda51cae92692acce83eacce713e7989b2c00cce46df16c501f7f9863478106fc9ce8912ccfca8103f85c45d SHA512 d0a0d0d82522d07549343ee9817133cd721f953421b945584434d8ebb10f0bd6acdd2b1df3daf5a925d3e0f9ea695a4ae81935699d8d655f58daf4fff8a4bd20
 DIST intel-microcode-collection-20190525.tar.xz 5079704 BLAKE2B bc46128693eb9c14e9b4cf994c8affc332b236c222bf57df79e4f8aa4398d125734c1b61d9d0559518941642a5cad1345b5f894c6ed729273c3f8b1a54311113 SHA512 5aeb83bd1aaeb1e870447d18f91aa8f155da29dd89c3cec546a8a741c0c9fd21647cc64083dc5ca482562803a8e89c910ed2e18a6f232f3df64ac360002beaf4
-DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10
 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190512.ebuild
deleted file mode 100644
index 06557d9fb74..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20180807a_p20190512.ebuild
+++ /dev/null
@@ -1,239 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-NUM="28087"
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
-SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190512.ebuild
deleted file mode 100644
index c3838387251..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190512.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     b7ddc72cccf180726cdb7e9bf4cabe3fa62c3d81
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 10 20:03:50 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 10 20:06:00 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7ddc72c

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714 -> 2019-05-07, rev 0x0717
  sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014 -> 2019-05-13, rev 0x0015
  sig 0x000706e1, pf_mask 0x80, 2019-03-27, rev 0x0040 -> 2019-04-20, rev 0x0042
  sig 0x000706e2, pf_mask 0x80, 2019-03-27, rev 0x0040 -> 2019-04-20, rev 0x0042
  sig 0x000706e4, pf_mask 0x80, 2019-04-03, rev 0x001a -> 2019-05-02, rev 0x0020
  sig 0x000706e5, pf_mask 0x80, 2019-04-20, rev 0x001e -> 2019-05-23, rev 0x0026

Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20190514_p20190608.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 8919ca8e9d5..a9f4a4dff6e 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190525.tar.xz 5079704 BLAKE2B bc46128693eb9c14e9b4cf994c8affc332b236c222bf57df79e4f8aa4398d125734c1b61d9d0559518941642a5cad1345b5f894c6ed729273c3f8b1a54311113 SHA512 5aeb83bd1aaeb1e870447d18f91aa8f155da29dd89c3cec546a8a741c0c9fd21647cc64083dc5ca482562803a8e89c910ed2e18a6f232f3df64ac360002beaf4
+DIST intel-microcode-collection-20190608.tar.xz 5084728 BLAKE2B e6e011c8b2867a04edc75cba2229f5b2759905bd380bede55a8c3f2d28fd81035c401ea8fbdf2363fc1f953fbe233ea41a9a83403a24ce8c6131c29ec3e9a984 SHA512 cc884282c36fa6239b766de8fcf1e3137a6621076b270b6fceb880ecb2eca9c14d306e744d6110facbbeb08b14973dfc4742ab9d36ca7a11abc6772ea0b5793f
 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190608.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190608.ebuild
new file mode 100644
index 00000000000..c3838387251
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190608.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     83ed79dd1f96ab8f29f1c437a394dba2e92c833c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 10 20:05:48 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 10 20:06:01 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83ed79dd

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20190514_p20190525.ebuild      | 248 ---------------------
 2 files changed, 249 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index a9f4a4dff6e..936c1376590 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20190525.tar.xz 5079704 BLAKE2B bc46128693eb9c14e9b4cf994c8affc332b236c222bf57df79e4f8aa4398d125734c1b61d9d0559518941642a5cad1345b5f894c6ed729273c3f8b1a54311113 SHA512 5aeb83bd1aaeb1e870447d18f91aa8f155da29dd89c3cec546a8a741c0c9fd21647cc64083dc5ca482562803a8e89c910ed2e18a6f232f3df64ac360002beaf4
 DIST intel-microcode-collection-20190608.tar.xz 5084728 BLAKE2B e6e011c8b2867a04edc75cba2229f5b2759905bd380bede55a8c3f2d28fd81035c401ea8fbdf2363fc1f953fbe233ea41a9a83403a24ce8c6131c29ec3e9a984 SHA512 cc884282c36fa6239b766de8fcf1e3137a6621076b270b6fceb880ecb2eca9c14d306e744d6110facbbeb08b14973dfc4742ab9d36ca7a11abc6772ea0b5793f
 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190525.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190525.ebuild
deleted file mode 100644
index c3838387251..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190525.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     0edaa16ab33740de771464f780d467a4f4b9dda4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 24 21:37:27 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 24 21:57:43 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0edaa16a

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20190514_p20190608.ebuild      | 248 ---------------------
 2 files changed, 250 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index c7bcfe5fdc7..839daca1aa7 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,2 @@
-DIST intel-microcode-collection-20190608.tar.xz 5084728 BLAKE2B e6e011c8b2867a04edc75cba2229f5b2759905bd380bede55a8c3f2d28fd81035c401ea8fbdf2363fc1f953fbe233ea41a9a83403a24ce8c6131c29ec3e9a984 SHA512 cc884282c36fa6239b766de8fcf1e3137a6621076b270b6fceb880ecb2eca9c14d306e744d6110facbbeb08b14973dfc4742ab9d36ca7a11abc6772ea0b5793f
 DIST intel-microcode-collection-20190623.tar.xz 5085652 BLAKE2B 717e60682060db9e9eb602b2bfb2ed9e1e192c8388a9defcff48b086b0040cb17723f6eeeede55da8a7776f270acbc1a2c0ea6c89f094404689174fc46fb830d SHA512 bac96d527255594861eafa82d01d065ea02190677ef9d9a74a37914175df455a8d9b722d49ec537d5cec2edf73925210f44f57bac8bf64ae19c04ff09a9173fc
-DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190608.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190514_p20190608.ebuild
deleted file mode 100644
index c3838387251..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20190514_p20190608.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     10029729826cd75a0351e9ec65f2ed2644d777fb
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 24 21:35:32 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 24 21:57:42 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10029729

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d -> 2019-05-21, rev 0x061f
  sig 0x000206d7, pf_mask 0x6d, 2019-05-07, rev 0x0717 -> 2019-05-21, rev 0x0718
  sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae -> 2019-05-17, rev 0x00be
  sig 0x000906ed, pf_mask 0x22, 2019-05-13, rev 0x00bc -> 2019-05-17, rev 0x00be

Package-Manager: Portage-2.3.67, Repoman-2.3.14
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20190618_p20190623.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 250 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 936c1376590..c7bcfe5fdc7 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,4 @@
 DIST intel-microcode-collection-20190608.tar.xz 5084728 BLAKE2B e6e011c8b2867a04edc75cba2229f5b2759905bd380bede55a8c3f2d28fd81035c401ea8fbdf2363fc1f953fbe233ea41a9a83403a24ce8c6131c29ec3e9a984 SHA512 cc884282c36fa6239b766de8fcf1e3137a6621076b270b6fceb880ecb2eca9c14d306e744d6110facbbeb08b14973dfc4742ab9d36ca7a11abc6772ea0b5793f
+DIST intel-microcode-collection-20190623.tar.xz 5085652 BLAKE2B 717e60682060db9e9eb602b2bfb2ed9e1e192c8388a9defcff48b086b0040cb17723f6eeeede55da8a7776f270acbc1a2c0ea6c89f094404689174fc46fb830d SHA512 bac96d527255594861eafa82d01d065ea02190677ef9d9a74a37914175df455a8d9b722d49ec537d5cec2edf73925210f44f57bac8bf64ae19c04ff09a9173fc
 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017
+DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild
new file mode 100644
index 00000000000..c3838387251
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     ad55d59abec71d7ededcbbe31ad812b9e73092e5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 22 16:30:46 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jul 22 16:34:25 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad55d59a

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x000a0660, pf_mask 0x80, 2019-04-10, rev 0x00ae

- Updated microcodes:

  sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a    -> 2019-05-25, rev 0x001b
  sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017 -> 2019-05-25, rev 0x7000018
  sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015 -> 2019-05-25, rev 0xf000016
  sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d -> 2019-05-25, rev 0xe00000e

Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest                                   | 2 +-
 ...90618_p20190623.ebuild => intel-microcode-20190618_p20190722.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 839daca1aa7..9bab470000e 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,2 @@
-DIST intel-microcode-collection-20190623.tar.xz 5085652 BLAKE2B 717e60682060db9e9eb602b2bfb2ed9e1e192c8388a9defcff48b086b0040cb17723f6eeeede55da8a7776f270acbc1a2c0ea6c89f094404689174fc46fb830d SHA512 bac96d527255594861eafa82d01d065ea02190677ef9d9a74a37914175df455a8d9b722d49ec537d5cec2edf73925210f44f57bac8bf64ae19c04ff09a9173fc
+DIST intel-microcode-collection-20190722.tar.xz 5172324 BLAKE2B 50930467d939b15e1d57619afd035e0ab591854c271dfde0e06c9994ac95200bdf4febb6ba6caedc3bfe92b4464a7b3922b203e7dab3f67ead26e199f9bdcf61 SHA512 f5adf8560adc81288e974d51d516a548534ee61fed599c865cbc095c328a85a9c766d11d852ef3167e10c9b283dff0b6d5fb88725a4c123c2004971cdd22873c
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190722.ebuild
similarity index 100%
rename from sys-firmware/intel-microcode/intel-microcode-20190618_p20190623.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20190618_p20190722.ebuild

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     27829ba0e2e8c49ab7d2fceb41866a6ffa27fad5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 19 21:13:37 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Aug 19 21:16:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27829ba0

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x000606e1, pf_mask 0x01, 2019-04-23, rev 0x0108

- Updated microcodes:

  sig 0x000306f4, pf_mask 0x80, 2019-05-13, rev 0x0015    -> 2019-06-17, rev 0x0016
  sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020    -> 2019-06-13, rev 0x0021
  sig 0x000406f1, pf_mask 0xef, 2019-05-14, rev 0xb000037 -> 2019-06-18, rev 0xb000038
  sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e -> 2019-07-31, rev 0x2000064
  sig 0x00050657, pf_mask 0xbf, 2019-04-07, rev 0x5000024 -> 2019-06-14, rev 0x5000029
  sig 0x00050663, pf_mask 0x10, 2019-05-25, rev 0x7000018 -> 2019-06-17, rev 0x7000019
  sig 0x00050664, pf_mask 0x10, 2019-05-25, rev 0xf000016 -> 2019-06-17, rev 0xf000017
  sig 0x00050662, pf_mask 0x10, 2019-05-25, rev 0x001b    -> 2019-06-17, rev 0x001c
  sig 0x00050665, pf_mask 0x10, 2019-05-25, rev 0xe00000e -> 2019-06-17, rev 0xe00000f
  sig 0x000706e0, pf_mask 0xc0, 2018-05-28, rev 0x002a    -> 2018-06-14, rev 0x002c
  sig 0x000706e5, pf_mask 0x80, 2019-05-23, rev 0x0026    -> 2019-06-20, rev 0x002e
  sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4    -> 2019-04-30, rev 0x00ba
  sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4    -> 2019-04-30, rev 0x00ba
  sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4    -> 2019-04-30, rev 0x00ba
  sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8    -> 2019-06-27, rev 0x00c0
  sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4    -> 2019-04-30, rev 0x00ba
  sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4    -> 2019-04-30, rev 0x00ba
  sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4    -> 2019-04-30, rev 0x00ba
  sig 0x000a0660, pf_mask 0x80, 2019-04-10, rev 0x00ae    -> 2019-06-17, rev 0x00b4

Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20190618_p20190819.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 9bab470000e..7b6f93a6810 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190722.tar.xz 5172324 BLAKE2B 50930467d939b15e1d57619afd035e0ab591854c271dfde0e06c9994ac95200bdf4febb6ba6caedc3bfe92b4464a7b3922b203e7dab3f67ead26e199f9bdcf61 SHA512 f5adf8560adc81288e974d51d516a548534ee61fed599c865cbc095c328a85a9c766d11d852ef3167e10c9b283dff0b6d5fb88725a4c123c2004971cdd22873c
+DIST intel-microcode-collection-20190819.tar.xz 5309072 BLAKE2B b3c6167f0d380795ef1d22f8d0d39e7db54fa37357e4d650ca5948f049c3e9e51872a9c40c70d2a9103a2e53c5ac28510a4300aea025de38d9ef1b7a96dd3ffa SHA512 e9942ef3bced654433e356db58ca1647dc54caaab4511236ffdbec513871ead02838d50f81f298381f6376d2ff5dc33704f50cb0cc4e021bfca4c7681763233f
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190819.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190819.ebuild
new file mode 100644
index 00000000000..c3838387251
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190819.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     3ae138286c215f8ed921488f8a995bd7c4dc6d3e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 19 21:15:53 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Aug 19 21:16:04 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ae13828

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.72, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20190618_p20190722.ebuild      | 248 ---------------------
 2 files changed, 249 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 7b6f93a6810..84e9722c144 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20190722.tar.xz 5172324 BLAKE2B 50930467d939b15e1d57619afd035e0ab591854c271dfde0e06c9994ac95200bdf4febb6ba6caedc3bfe92b4464a7b3922b203e7dab3f67ead26e199f9bdcf61 SHA512 f5adf8560adc81288e974d51d516a548534ee61fed599c865cbc095c328a85a9c766d11d852ef3167e10c9b283dff0b6d5fb88725a4c123c2004971cdd22873c
 DIST intel-microcode-collection-20190819.tar.xz 5309072 BLAKE2B b3c6167f0d380795ef1d22f8d0d39e7db54fa37357e4d650ca5948f049c3e9e51872a9c40c70d2a9103a2e53c5ac28510a4300aea025de38d9ef1b7a96dd3ffa SHA512 e9942ef3bced654433e356db58ca1647dc54caaab4511236ffdbec513871ead02838d50f81f298381f6376d2ff5dc33704f50cb0cc4e021bfca4c7681763233f
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190722.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190722.ebuild
deleted file mode 100644
index c3838387251..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190722.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     b741668da1d9ce7f15a946b07dc08019059198d1
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  8 13:13:06 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep  8 13:17:29 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b741668d

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x000a0650, pf_mask 0x22, 2019-04-10, rev 0x00ae

- Updated microcodes:

  sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d    -> 2019-06-13, rev 0x002e
  sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc    -> 2019-08-14, rev 0x00d4
  sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010 -> 2019-04-12, rev 0x3000012
  sig 0x00050656, pf_mask 0xbf, 2019-04-07, rev 0x4000024 -> 2019-06-14, rev 0x4000029
  sig 0x00050657, pf_mask 0xbf, 2019-06-14, rev 0x5000029 -> 2019-08-12, rev 0x500002b
  sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038    -> 2019-07-22, rev 0x003c
  sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016    -> 2019-07-22, rev 0x001a
  sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc    -> 2019-08-14, rev 0x00d4
  sig 0x000706e4, pf_mask 0x80, 2019-05-02, rev 0x0020    -> 2019-07-05, rev 0x0032
  sig 0x000706e5, pf_mask 0x80, 2019-06-20, rev 0x002e    -> 2019-07-05, rev 0x0032
  sig 0x000806e9, pf_mask 0xc0, 2019-04-30, rev 0x00ba    -> 2019-08-14, rev 0x00c6
  sig 0x000806e9, pf_mask 0x10, 2019-04-30, rev 0x00ba    -> 2019-08-14, rev 0x00c6
  sig 0x000806ea, pf_mask 0xc0, 2019-04-30, rev 0x00ba    -> 2019-08-14, rev 0x00c6
  sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8    -> 2019-08-14, rev 0x00c6
  sig 0x000806ec, pf_mask 0x94, 2019-06-27, rev 0x00c0    -> 2019-08-14, rev 0x00c6
  sig 0x000906e9, pf_mask 0x2a, 2019-04-30, rev 0x00ba    -> 2019-08-14, rev 0x00c6
  sig 0x000906ea, pf_mask 0x22, 2019-04-30, rev 0x00ba    -> 2019-08-14, rev 0x00c6
  sig 0x000906eb, pf_mask 0x02, 2019-04-30, rev 0x00ba    -> 2019-08-14, rev 0x00c6
  sig 0x000906ec, pf_mask 0x22, 2019-05-17, rev 0x00be    -> 2019-08-14, rev 0x00c6
  sig 0x000906ed, pf_mask 0x22, 2019-05-17, rev 0x00be    -> 2019-08-14, rev 0x00c6
  sig 0x000a0660, pf_mask 0x80, 2019-06-17, rev 0x00b4    -> 2019-06-27, rev 0x00b6

Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20190618_p20190908.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 84e9722c144..21e1f2676a9 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20190819.tar.xz 5309072 BLAKE2B b3c6167f0d380795ef1d22f8d0d39e7db54fa37357e4d650ca5948f049c3e9e51872a9c40c70d2a9103a2e53c5ac28510a4300aea025de38d9ef1b7a96dd3ffa SHA512 e9942ef3bced654433e356db58ca1647dc54caaab4511236ffdbec513871ead02838d50f81f298381f6376d2ff5dc33704f50cb0cc4e021bfca4c7681763233f
+DIST intel-microcode-collection-20190908.tar.xz 5265124 BLAKE2B c3d9b611e9ea052e28921ea8cfa4c9b0dad980cd527564cdc077e9af2935f83ee24eb3c784d6dfe8e627a372c8474a218f7447f4d174e1677e04e59880a938ac SHA512 0d55067c3933f35526f655c20d732545bce83089c5cb45092bf7a50f6f8acff7b97266fa0c8a94ab88c67c77f836e88910851de4db98939a3775fb02fe7fa231
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190908.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190908.ebuild
new file mode 100644
index 00000000000..c3838387251
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190908.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
+
+		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e34f6b27b213f4195fe1c23005b45fda6cabe01b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep  8 13:18:33 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep  8 13:34:32 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e34f6b27

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20190618_p20190819.ebuild      | 248 ---------------------
 2 files changed, 249 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 21e1f2676a9..48a553fe6e0 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20190819.tar.xz 5309072 BLAKE2B b3c6167f0d380795ef1d22f8d0d39e7db54fa37357e4d650ca5948f049c3e9e51872a9c40c70d2a9103a2e53c5ac28510a4300aea025de38d9ef1b7a96dd3ffa SHA512 e9942ef3bced654433e356db58ca1647dc54caaab4511236ffdbec513871ead02838d50f81f298381f6376d2ff5dc33704f50cb0cc4e021bfca4c7681763233f
 DIST intel-microcode-collection-20190908.tar.xz 5265124 BLAKE2B c3d9b611e9ea052e28921ea8cfa4c9b0dad980cd527564cdc077e9af2935f83ee24eb3c784d6dfe8e627a372c8474a218f7447f4d174e1677e04e59880a938ac SHA512 0d55067c3933f35526f655c20d732545bce83089c5cb45092bf7a50f6f8acff7b97266fa0c8a94ab88c67c77f836e88910851de4db98939a3775fb02fe7fa231
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190819.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190819.ebuild
deleted file mode 100644
index c3838387251..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190819.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     3405c0d832761944c41790c4062a1c6de0ad40c7
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 19 18:29:52 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Sep 19 18:31:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3405c0d8

sys-firmware/intel-microcode: bump to v20190918

- Ebuild changes:

  EAPI bumped to EAPI=7.

- New microcode:

  sig 0x000706a8, pf_mask 0x01, 2018-09-21, rev 0x000c

- Updated microcodes:

  sig 0x00050656, pf_mask 0xbf, 2019-06-14, rev 0x4000029 -> 2019-08-19, rev 0x400002b

Package-Manager: Portage-2.3.76, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20190918_p20190918.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 250 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 48a553fe6e0..2cb0cabbb38 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,4 @@
 DIST intel-microcode-collection-20190908.tar.xz 5265124 BLAKE2B c3d9b611e9ea052e28921ea8cfa4c9b0dad980cd527564cdc077e9af2935f83ee24eb3c784d6dfe8e627a372c8474a218f7447f4d174e1677e04e59880a938ac SHA512 0d55067c3933f35526f655c20d732545bce83089c5cb45092bf7a50f6f8acff7b97266fa0c8a94ab88c67c77f836e88910851de4db98939a3775fb02fe7fa231
+DIST intel-microcode-collection-20190918.tar.xz 5341868 BLAKE2B 9825b57dc4cacd35003ed4e9c581c7d07e49701b12467d726e6620076d25024e79a54f279d0d89924945805565c4ab0521f67fdb7ce7294996cc34f637ae2a33 SHA512 0eb1caff43f1009f8370692b23a74cde5c35f67dc03fddb74925be5cccd2b14a1a021086af7f92d39b8ddf80ac91f32ab4970fa338124d686536e9ea94f35e55
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17
+DIST microcode-20190918.tar.gz 2452786 BLAKE2B 63054290e3691883eab20a2e86d9ef0a8b4417a9efd4ca3e2a540b7013c65751b4c9f1fa345345a73d97321bf3cc88dfe05dd4dd941994613ad358ee4e981c07 SHA512 82e5212238d3e35470d139240d9157877ac252725598ec31bfe1763755681539a4ecdf24e04c4e4270215578a9ca3c063c8fc353accf99999c3d4ac2780a6e0c

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190918_p20190918.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190918_p20190918.ebuild
new file mode 100644
index 00000000000..030826b2de0
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190918_p20190918.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     727d3152cc270812f8d4bd21c48228f59fd6213f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 10 18:48:41 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Nov 10 18:48:41 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=727d3152

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   3 -
 .../intel-microcode-20190618_p20190908.ebuild      | 248 ---------------------
 .../intel-microcode-20190918_p20190918.ebuild      | 248 ---------------------
 3 files changed, 499 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 12c521cc130..1e3912c6d64 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,5 +1,2 @@
-DIST intel-microcode-collection-20190908.tar.xz 5265124 BLAKE2B c3d9b611e9ea052e28921ea8cfa4c9b0dad980cd527564cdc077e9af2935f83ee24eb3c784d6dfe8e627a372c8474a218f7447f4d174e1677e04e59880a938ac SHA512 0d55067c3933f35526f655c20d732545bce83089c5cb45092bf7a50f6f8acff7b97266fa0c8a94ab88c67c77f836e88910851de4db98939a3775fb02fe7fa231
-DIST intel-microcode-collection-20190918.tar.xz 5341868 BLAKE2B 9825b57dc4cacd35003ed4e9c581c7d07e49701b12467d726e6620076d25024e79a54f279d0d89924945805565c4ab0521f67fdb7ce7294996cc34f637ae2a33 SHA512 0eb1caff43f1009f8370692b23a74cde5c35f67dc03fddb74925be5cccd2b14a1a021086af7f92d39b8ddf80ac91f32ab4970fa338124d686536e9ea94f35e55
 DIST intel-microcode-collection-20191110.tar.xz 5487112 BLAKE2B 89674e81857235abfdc21e50c767c702cd52da0c61c2c860bc8484c0d2b6c368601c5b1db956e90c9039c3e0b9d79139ed15e3a1a8c5a203e2cf196db69ade79 SHA512 b82221b7f506126613a80d1b8d0e47f4fea9debc51f5390c67eb50fda01677d60f50573376172054973c46563911dc79feb7b8d2cf35f53813c3a93228e7e2ee
-DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17
 DIST microcode-20190918.tar.gz 2452786 BLAKE2B 63054290e3691883eab20a2e86d9ef0a8b4417a9efd4ca3e2a540b7013c65751b4c9f1fa345345a73d97321bf3cc88dfe05dd4dd941994613ad358ee4e981c07 SHA512 82e5212238d3e35470d139240d9157877ac252725598ec31bfe1763755681539a4ecdf24e04c4e4270215578a9ca3c063c8fc353accf99999c3d4ac2780a6e0c

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190908.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190618_p20190908.ebuild
deleted file mode 100644
index c3838387251..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20190618_p20190908.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-DEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED%/}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
-
-		mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED%/}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT%/}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190918_p20190918.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190918_p20190918.ebuild
deleted file mode 100644
index 030826b2de0..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20190918_p20190918.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     c4e0bad82cc0bcf533431ea9650afa1f229c52c6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 10 18:47:32 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Nov 10 18:47:38 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4e0bad8

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x00050656, pf_mask 0xbf, 2019-08-19, rev 0x400002b -> 2019-09-05, rev 0x400002c
  sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b -> 2019-09-05, rev 0x500002c
  sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e    -> 2019-08-28, rev 0x0032
  sig 0x000706a8, pf_mask 0x01, 2018-09-21, rev 0x000c    -> 2019-08-29, rev 0x0016
  sig 0x000706e4, pf_mask 0x80, 2019-07-05, rev 0x0032    -> 2019-07-18, rev 0x0036
  sig 0x000706e5, pf_mask 0x80, 2019-07-05, rev 0x0032    -> 2019-10-27, rev 0x0050
  sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6    -> 2019-10-03, rev 0x00c8
  sig 0x000a0660, pf_mask 0x80, 2019-06-27, rev 0x00b6    -> 2019-08-27, rev 0x00c6

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20190918_p20191110.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 2cb0cabbb38..12c521cc130 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,5 @@
 DIST intel-microcode-collection-20190908.tar.xz 5265124 BLAKE2B c3d9b611e9ea052e28921ea8cfa4c9b0dad980cd527564cdc077e9af2935f83ee24eb3c784d6dfe8e627a372c8474a218f7447f4d174e1677e04e59880a938ac SHA512 0d55067c3933f35526f655c20d732545bce83089c5cb45092bf7a50f6f8acff7b97266fa0c8a94ab88c67c77f836e88910851de4db98939a3775fb02fe7fa231
 DIST intel-microcode-collection-20190918.tar.xz 5341868 BLAKE2B 9825b57dc4cacd35003ed4e9c581c7d07e49701b12467d726e6620076d25024e79a54f279d0d89924945805565c4ab0521f67fdb7ce7294996cc34f637ae2a33 SHA512 0eb1caff43f1009f8370692b23a74cde5c35f67dc03fddb74925be5cccd2b14a1a021086af7f92d39b8ddf80ac91f32ab4970fa338124d686536e9ea94f35e55
+DIST intel-microcode-collection-20191110.tar.xz 5487112 BLAKE2B 89674e81857235abfdc21e50c767c702cd52da0c61c2c860bc8484c0d2b6c368601c5b1db956e90c9039c3e0b9d79139ed15e3a1a8c5a203e2cf196db69ade79 SHA512 b82221b7f506126613a80d1b8d0e47f4fea9debc51f5390c67eb50fda01677d60f50573376172054973c46563911dc79feb7b8d2cf35f53813c3a93228e7e2ee
 DIST microcode-20190618.tar.gz 2446418 BLAKE2B f5e4846c7d6d4251c8a53e7a238ce0be9530827d16a015b91beec9d2ba2186d6632d370342b4b7a898f32d294b3c8c12522d07ea40c13ebc75d40b8b83eb1da3 SHA512 f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17
 DIST microcode-20190918.tar.gz 2452786 BLAKE2B 63054290e3691883eab20a2e86d9ef0a8b4417a9efd4ca3e2a540b7013c65751b4c9f1fa345345a73d97321bf3cc88dfe05dd4dd941994613ad358ee4e981c07 SHA512 82e5212238d3e35470d139240d9157877ac252725598ec31bfe1763755681539a4ecdf24e04c4e4270215578a9ca3c063c8fc353accf99999c3d4ac2780a6e0c

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190918_p20191110.ebuild b/sys-firmware/intel-microcode/intel-microcode-20190918_p20191110.ebuild
new file mode 100644
index 00000000000..030826b2de0
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20190918_p20191110.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     8ce0a213ea3d54763f9fdf7333d28f52eff1b260
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 12 21:26:22 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Nov 12 21:31:19 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ce0a213

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000406d8, pf_mask 0x01, 2018-01-04, rev 0x012a    -> 2019-09-16, rev 0x012d
  sig 0x00050653, pf_mask 0x97, 2018-08-24, rev 0x1000146 -> 2019-09-09, rev 0x1000151
  sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064 -> 2019-09-05, rev 0x2000065

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest                                   | 2 +-
 ...90918_p20191110.ebuild => intel-microcode-20191112_p20191110.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 1e3912c6d64..6f3a4a4b147 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,2 @@
 DIST intel-microcode-collection-20191110.tar.xz 5487112 BLAKE2B 89674e81857235abfdc21e50c767c702cd52da0c61c2c860bc8484c0d2b6c368601c5b1db956e90c9039c3e0b9d79139ed15e3a1a8c5a203e2cf196db69ade79 SHA512 b82221b7f506126613a80d1b8d0e47f4fea9debc51f5390c67eb50fda01677d60f50573376172054973c46563911dc79feb7b8d2cf35f53813c3a93228e7e2ee
-DIST microcode-20190918.tar.gz 2452786 BLAKE2B 63054290e3691883eab20a2e86d9ef0a8b4417a9efd4ca3e2a540b7013c65751b4c9f1fa345345a73d97321bf3cc88dfe05dd4dd941994613ad358ee4e981c07 SHA512 82e5212238d3e35470d139240d9157877ac252725598ec31bfe1763755681539a4ecdf24e04c4e4270215578a9ca3c063c8fc353accf99999c3d4ac2780a6e0c
+DIST microcode-20191112.tar.gz 2895473 BLAKE2B 5fd824ed52c9ce0a0f2d22f627e1c089fbd864d671598c2eeba1dac5c63a324a7ce7db63032542595155d20cde4401def40f1430a5004402adda027a98d1f955 SHA512 34cebf266f9d6cc38b0dd87f8c7fcf42f3c8d9e434560328b0811b4c4834d0f253d834f53bfaf5b4c561bb153b4bcf509620131046bf0afd6038d02bf9a25a13

diff --git a/sys-firmware/intel-microcode/intel-microcode-20190918_p20191110.ebuild b/sys-firmware/intel-microcode/intel-microcode-20191112_p20191110.ebuild
similarity index 100%
rename from sys-firmware/intel-microcode/intel-microcode-20190918_p20191110.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20191112_p20191110.ebuild

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     adb505034b7f8a897d310d7fcc17d5a4974d60dc
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 15 22:50:58 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Nov 15 22:58:32 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adb50503

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4 -> 2019-10-03, rev 0x00d6
  sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4 -> 2019-10-03, rev 0x00d6
  sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6 -> 2019-09-26, rev 0x00ca
  sig 0x000806e9, pf_mask 0x10, 2019-10-03, rev 0x00c8 -> 2019-10-15, rev 0x00ca
  sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6 -> 2019-10-03, rev 0x00ca
  sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6 -> 2019-10-03, rev 0x00ca

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest                                   | 2 +-
 ...91112_p20191110.ebuild => intel-microcode-20191115_p20191110.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 6f3a4a4b147..2ad31222e68 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,2 @@
 DIST intel-microcode-collection-20191110.tar.xz 5487112 BLAKE2B 89674e81857235abfdc21e50c767c702cd52da0c61c2c860bc8484c0d2b6c368601c5b1db956e90c9039c3e0b9d79139ed15e3a1a8c5a203e2cf196db69ade79 SHA512 b82221b7f506126613a80d1b8d0e47f4fea9debc51f5390c67eb50fda01677d60f50573376172054973c46563911dc79feb7b8d2cf35f53813c3a93228e7e2ee
-DIST microcode-20191112.tar.gz 2895473 BLAKE2B 5fd824ed52c9ce0a0f2d22f627e1c089fbd864d671598c2eeba1dac5c63a324a7ce7db63032542595155d20cde4401def40f1430a5004402adda027a98d1f955 SHA512 34cebf266f9d6cc38b0dd87f8c7fcf42f3c8d9e434560328b0811b4c4834d0f253d834f53bfaf5b4c561bb153b4bcf509620131046bf0afd6038d02bf9a25a13
+DIST microcode-20191115.tar.gz 2998063 BLAKE2B a06f2769da1577b9ce3a34f447e182312d003842b043372d850de51012efd9c0247f9a6bc8964e3da6127f8afb58f3fb31b1204e7286af9b27c795c00419ef7e SHA512 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881

diff --git a/sys-firmware/intel-microcode/intel-microcode-20191112_p20191110.ebuild b/sys-firmware/intel-microcode/intel-microcode-20191115_p20191110.ebuild
similarity index 100%
rename from sys-firmware/intel-microcode/intel-microcode-20191112_p20191110.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20191115_p20191110.ebuild

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     8b58aa8148dad8df9972cd03933ea299f222d9df
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Feb  9 14:06:54 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Feb  9 14:07:52 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b58aa81

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.87, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20191115_p20191110.ebuild      | 248 ---------------------
 2 files changed, 249 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 05066e35993..4018e5c53fa 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20191110.tar.xz 5487112 BLAKE2B 89674e81857235abfdc21e50c767c702cd52da0c61c2c860bc8484c0d2b6c368601c5b1db956e90c9039c3e0b9d79139ed15e3a1a8c5a203e2cf196db69ade79 SHA512 b82221b7f506126613a80d1b8d0e47f4fea9debc51f5390c67eb50fda01677d60f50573376172054973c46563911dc79feb7b8d2cf35f53813c3a93228e7e2ee
 DIST intel-microcode-collection-20200209.tar.xz 5858536 BLAKE2B 3618666b98f98c63af2c7d8accfe94adce6578b6c36452a3abe66df7b7a9f63465bb5b4c638ea0ed09f4a8df0a08b9efb8aede54d140c391a209c57aede5e85b SHA512 0d771011c6d9376c7c220b68916f7a8e261517034c543b4368d8a55850810053f410275f5a1973274e00e93e0ec2a0e86081b799ccfcef2e0c120209ee23e067
 DIST microcode-20191115.tar.gz 2998063 BLAKE2B a06f2769da1577b9ce3a34f447e182312d003842b043372d850de51012efd9c0247f9a6bc8964e3da6127f8afb58f3fb31b1204e7286af9b27c795c00419ef7e SHA512 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881

diff --git a/sys-firmware/intel-microcode/intel-microcode-20191115_p20191110.ebuild b/sys-firmware/intel-microcode/intel-microcode-20191115_p20191110.ebuild
deleted file mode 100644
index 030826b2de0..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20191115_p20191110.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     750cb7662bbf884ba97deeb372adad7f5cbfa48d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Feb  9 14:05:51 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Feb  9 14:07:51 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=750cb766

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000806c0, pf_mask 0x80, 2019-09-13, rev 0x0034
  sig 0x000a0651, pf_mask 0x22, 2019-11-13, rev 0x00c2
  sig 0x000a0653, pf_mask 0x22, 2019-11-26, rev 0x00ca
  sig 0x000a0654, pf_mask 0x22, 2019-12-03, rev 0x00c4
  sig 0x000a0655, pf_mask 0x22, 2020-01-02, rev 0x00c6

- Updated microcodes:

  sig 0x00030673, pf_mask 0x02, 2018-01-10, rev 0x0326    -> 2019-09-16, rev 0x0329
  sig 0x00030673, pf_mask 0x01, 2018-01-10, rev 0x0326    -> 2019-09-16, rev 0x0329
  sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c -> 2019-11-24, rev 0x500012c
  sig 0x000506ca, pf_mask 0x03, 2019-07-22, rev 0x001a    -> 2019-08-12, rev 0x001c
  sig 0x000706e4, pf_mask 0x80, 2019-07-18, rev 0x0036    -> 2019-08-14, rev 0x0042
  sig 0x000706e5, pf_mask 0x80, 2019-10-27, rev 0x0050    -> 2019-11-19, rev 0x005a
  sig 0x000a0650, pf_mask 0x22, 2019-04-10, rev 0x00ae    -> 2019-10-10, rev 0x00be

Package-Manager: Portage-2.3.87, Repoman-2.3.20
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20191115_p20200209.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 2ad31222e68..05066e35993 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20191110.tar.xz 5487112 BLAKE2B 89674e81857235abfdc21e50c767c702cd52da0c61c2c860bc8484c0d2b6c368601c5b1db956e90c9039c3e0b9d79139ed15e3a1a8c5a203e2cf196db69ade79 SHA512 b82221b7f506126613a80d1b8d0e47f4fea9debc51f5390c67eb50fda01677d60f50573376172054973c46563911dc79feb7b8d2cf35f53813c3a93228e7e2ee
+DIST intel-microcode-collection-20200209.tar.xz 5858536 BLAKE2B 3618666b98f98c63af2c7d8accfe94adce6578b6c36452a3abe66df7b7a9f63465bb5b4c638ea0ed09f4a8df0a08b9efb8aede54d140c391a209c57aede5e85b SHA512 0d771011c6d9376c7c220b68916f7a8e261517034c543b4368d8a55850810053f410275f5a1973274e00e93e0ec2a0e86081b799ccfcef2e0c120209ee23e067
 DIST microcode-20191115.tar.gz 2998063 BLAKE2B a06f2769da1577b9ce3a34f447e182312d003842b043372d850de51012efd9c0247f9a6bc8964e3da6127f8afb58f3fb31b1204e7286af9b27c795c00419ef7e SHA512 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881

diff --git a/sys-firmware/intel-microcode/intel-microcode-20191115_p20200209.ebuild b/sys-firmware/intel-microcode/intel-microcode-20191115_p20200209.ebuild
new file mode 100644
index 00000000000..0a7fafc268d
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20191115_p20200209.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     306d942bcb7f123f24b9fe4a586b1c08cea84c91
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 28 22:25:51 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 28 22:25:59 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=306d942b

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20191115_p20200209.ebuild      | 248 ---------------------
 2 files changed, 249 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 257a0b21a02..e5afbf6625a 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
-DIST intel-microcode-collection-20200209.tar.xz 5858536 BLAKE2B 3618666b98f98c63af2c7d8accfe94adce6578b6c36452a3abe66df7b7a9f63465bb5b4c638ea0ed09f4a8df0a08b9efb8aede54d140c391a209c57aede5e85b SHA512 0d771011c6d9376c7c220b68916f7a8e261517034c543b4368d8a55850810053f410275f5a1973274e00e93e0ec2a0e86081b799ccfcef2e0c120209ee23e067
 DIST intel-microcode-collection-20200429.tar.xz 6012000 BLAKE2B 38821d7732c952f2d1db17d3c289a53bc060d87fbaa4ba2b6c5875aab48d8ac695d11b57d83658633278f0227d9683b20af8141c67563b694fb05b41b3812651 SHA512 8c9004f8c7c08dbf69fad3dd195f1646a6aab9f8720c7fbeba57989c091e1adbaec1c85c079f1a74d8f07168120bdc575660b46391eaf854b4140596c11f53be
 DIST microcode-20191115.tar.gz 2998063 BLAKE2B a06f2769da1577b9ce3a34f447e182312d003842b043372d850de51012efd9c0247f9a6bc8964e3da6127f8afb58f3fb31b1204e7286af9b27c795c00419ef7e SHA512 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881

diff --git a/sys-firmware/intel-microcode/intel-microcode-20191115_p20200209.ebuild b/sys-firmware/intel-microcode/intel-microcode-20191115_p20200209.ebuild
deleted file mode 100644
index 0a7fafc268d..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20191115_p20200209.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     feb8654b466a44a3b9432cf88be74009529cc22b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 28 22:23:52 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 28 22:25:58 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=feb8654b

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000a0652, pf_mask 0x20, 2020-01-26, rev 0x00c8

- Updated microcodes:

  sig 0x00030673, pf_mask 0x0c, 2018-01-10, rev 0x0326    -> 2019-09-16, rev 0x0329
  sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c    -> 2019-07-10, rev 0x090d
  sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027    -> 2019-11-12, rev 0x0028
  sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e    -> 2019-11-12, rev 0x002f
  sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025    -> 2019-11-12, rev 0x0026
  sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c    -> 2019-02-26, rev 0x001b
  sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022    -> 2019-06-13, rev 0x0021
  sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6    -> 2020-01-09, rev 0x00da
  sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151 -> 2020-02-21, rev 0x1000155
  sig 0x00050654, pf_mask 0xb7, 2020-02-12, rev 0x2006901 -> 2019-09-05, rev 0x2000065
  sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c -> 2020-01-14, rev 0x4002f00
  sig 0x00050657, pf_mask 0xbf, 2020-01-14, rev 0x5002f00 -> 2019-11-24, rev 0x500012c
  sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6    -> 2020-01-09, rev 0x00da
  sig 0x000706e5, pf_mask 0x80, 2019-11-19, rev 0x005a    -> 2020-03-01, rev 0x0074
  sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca    -> 2020-01-10, rev 0x00d2
  sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca    -> 2020-01-09, rev 0x00d2
  sig 0x000a0653, pf_mask 0x22, 2019-11-26, rev 0x00ca    -> 2020-01-22, rev 0x00cc
  sig 0x000a0654, pf_mask 0x22, 2019-12-03, rev 0x00c4    -> 2020-01-23, rev 0x00c6
  sig 0x000a0655, pf_mask 0x22, 2020-01-02, rev 0x00c6    -> 2020-02-05, rev 0x00c8

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20191115_p20200429.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 4018e5c53fa..257a0b21a02 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20200209.tar.xz 5858536 BLAKE2B 3618666b98f98c63af2c7d8accfe94adce6578b6c36452a3abe66df7b7a9f63465bb5b4c638ea0ed09f4a8df0a08b9efb8aede54d140c391a209c57aede5e85b SHA512 0d771011c6d9376c7c220b68916f7a8e261517034c543b4368d8a55850810053f410275f5a1973274e00e93e0ec2a0e86081b799ccfcef2e0c120209ee23e067
+DIST intel-microcode-collection-20200429.tar.xz 6012000 BLAKE2B 38821d7732c952f2d1db17d3c289a53bc060d87fbaa4ba2b6c5875aab48d8ac695d11b57d83658633278f0227d9683b20af8141c67563b694fb05b41b3812651 SHA512 8c9004f8c7c08dbf69fad3dd195f1646a6aab9f8720c7fbeba57989c091e1adbaec1c85c079f1a74d8f07168120bdc575660b46391eaf854b4140596c11f53be
 DIST microcode-20191115.tar.gz 2998063 BLAKE2B a06f2769da1577b9ce3a34f447e182312d003842b043372d850de51012efd9c0247f9a6bc8964e3da6127f8afb58f3fb31b1204e7286af9b27c795c00419ef7e SHA512 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881

diff --git a/sys-firmware/intel-microcode/intel-microcode-20191115_p20200429.ebuild b/sys-firmware/intel-microcode/intel-microcode-20191115_p20200429.ebuild
new file mode 100644
index 00000000000..0a7fafc268d
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20191115_p20200429.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     a661604cc4fd5ca251b60b50a900923947dbd295
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May  8 22:58:53 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May  8 23:05:36 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a661604c

sys-firmware/intel-microcode: bump to v20200508

- Updated microcodes:

  sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f -> 2020-03-04, rev 0x0621
  sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718 -> 2020-03-24, rev 0x071a
  sig 0x000706e5, pf_mask 0x80, 2020-03-01, rev 0x0074 -> 2020-04-21, rev 0x0080
  sig 0x000a0655, pf_mask 0x22, 2020-02-05, rev 0x00c8 -> 2020-03-12, rev 0x00ca

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20200508_p20200508.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 250 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e5afbf6625a..fe0b99d2f72 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,4 @@
 DIST intel-microcode-collection-20200429.tar.xz 6012000 BLAKE2B 38821d7732c952f2d1db17d3c289a53bc060d87fbaa4ba2b6c5875aab48d8ac695d11b57d83658633278f0227d9683b20af8141c67563b694fb05b41b3812651 SHA512 8c9004f8c7c08dbf69fad3dd195f1646a6aab9f8720c7fbeba57989c091e1adbaec1c85c079f1a74d8f07168120bdc575660b46391eaf854b4140596c11f53be
+DIST intel-microcode-collection-20200508.tar.xz 6010560 BLAKE2B ebbbac3b474644d983f8f6f1a3b305b60a65732883658d18efe8c918f6d1ec55f8439313ccc2fe5d90a5ca5e207bcc2db9b9299148157f233007046fa3090e19 SHA512 48dde26041afb3a82afd3f4f8a2539ccf0da4a42c802b45aa776e16ceebf72cb39ce828278a423d4f2b2c0d7c29c5701978b4a223d135b453bc63cb1db3e5373
 DIST microcode-20191115.tar.gz 2998063 BLAKE2B a06f2769da1577b9ce3a34f447e182312d003842b043372d850de51012efd9c0247f9a6bc8964e3da6127f8afb58f3fb31b1204e7286af9b27c795c00419ef7e SHA512 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881
+DIST microcode-20200508.tar.gz 3002932 BLAKE2B 01964ca9cf6f3d0255d85d6bff9c8fedb127884a034d34eeec97e24d6689aa81eba758306316346cd686d2aee6c0cbc4afc0a2ccb49c3a4b2c5f0d6b1e543063 SHA512 00fa15464c7637c080c49d63b73c197418f4709eaaf55d515504f3bb8aab06dc97206c4fbef57250dc6ca8abf226e0f1fc39bad76ca8b0d705c820e3d1d8ffc9

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200508_p20200508.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200508_p20200508.ebuild
new file mode 100644
index 00000000000..0a7fafc268d
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20200508_p20200508.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     38422f9e73390ea1ac758840f241236cc1e249a9
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May  8 23:05:27 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May  8 23:05:37 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38422f9e

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20191115_p20200429.ebuild      | 248 ---------------------
 2 files changed, 250 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index fe0b99d2f72..0985b1cce92 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,2 @@
-DIST intel-microcode-collection-20200429.tar.xz 6012000 BLAKE2B 38821d7732c952f2d1db17d3c289a53bc060d87fbaa4ba2b6c5875aab48d8ac695d11b57d83658633278f0227d9683b20af8141c67563b694fb05b41b3812651 SHA512 8c9004f8c7c08dbf69fad3dd195f1646a6aab9f8720c7fbeba57989c091e1adbaec1c85c079f1a74d8f07168120bdc575660b46391eaf854b4140596c11f53be
 DIST intel-microcode-collection-20200508.tar.xz 6010560 BLAKE2B ebbbac3b474644d983f8f6f1a3b305b60a65732883658d18efe8c918f6d1ec55f8439313ccc2fe5d90a5ca5e207bcc2db9b9299148157f233007046fa3090e19 SHA512 48dde26041afb3a82afd3f4f8a2539ccf0da4a42c802b45aa776e16ceebf72cb39ce828278a423d4f2b2c0d7c29c5701978b4a223d135b453bc63cb1db3e5373
-DIST microcode-20191115.tar.gz 2998063 BLAKE2B a06f2769da1577b9ce3a34f447e182312d003842b043372d850de51012efd9c0247f9a6bc8964e3da6127f8afb58f3fb31b1204e7286af9b27c795c00419ef7e SHA512 11014c16bde83ac290bc75e458242f5e64b8dffd49de2e938f61f4a09979cd5e80dd1a85d2ccbac067e4398dc3d93ef3583e4aa9b2e545ba46d26e65ec1e2881
 DIST microcode-20200508.tar.gz 3002932 BLAKE2B 01964ca9cf6f3d0255d85d6bff9c8fedb127884a034d34eeec97e24d6689aa81eba758306316346cd686d2aee6c0cbc4afc0a2ccb49c3a4b2c5f0d6b1e543063 SHA512 00fa15464c7637c080c49d63b73c197418f4709eaaf55d515504f3bb8aab06dc97206c4fbef57250dc6ca8abf226e0f1fc39bad76ca8b0d705c820e3d1d8ffc9

diff --git a/sys-firmware/intel-microcode/intel-microcode-20191115_p20200429.ebuild b/sys-firmware/intel-microcode/intel-microcode-20191115_p20200429.ebuild
deleted file mode 100644
index 0a7fafc268d..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20191115_p20200429.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     01f51ff987a22f03d28959d43474af58c3b1492b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  1 22:10:54 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun  1 22:11:08 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01f51ff9

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20200508_p20200508.ebuild      | 248 ---------------------
 2 files changed, 250 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index f02a25cc671..37862ea8457 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,2 @@
-DIST intel-microcode-collection-20200508.tar.xz 6010560 BLAKE2B ebbbac3b474644d983f8f6f1a3b305b60a65732883658d18efe8c918f6d1ec55f8439313ccc2fe5d90a5ca5e207bcc2db9b9299148157f233007046fa3090e19 SHA512 48dde26041afb3a82afd3f4f8a2539ccf0da4a42c802b45aa776e16ceebf72cb39ce828278a423d4f2b2c0d7c29c5701978b4a223d135b453bc63cb1db3e5373
 DIST intel-microcode-collection-20200601.tar.xz 6163976 BLAKE2B eb17605a09f771562189924b916b0d2426d6c2b6f9d76447d05d614679f097acf71fc70dd96132c0ad9d3f1a954f5809456fa951ca42fa0db2373da2288417b7 SHA512 60e798dd357ce85d8bd1f78e0447d983d6916aec87bf8a3f375091e4c57ffa8fb654459a8ed7d2d83184a828060509e16aa37e3a23f70684ac1b170736a12d54
-DIST microcode-20200508.tar.gz 3002932 BLAKE2B 01964ca9cf6f3d0255d85d6bff9c8fedb127884a034d34eeec97e24d6689aa81eba758306316346cd686d2aee6c0cbc4afc0a2ccb49c3a4b2c5f0d6b1e543063 SHA512 00fa15464c7637c080c49d63b73c197418f4709eaaf55d515504f3bb8aab06dc97206c4fbef57250dc6ca8abf226e0f1fc39bad76ca8b0d705c820e3d1d8ffc9
 DIST microcode-20200520.tar.gz 3002980 BLAKE2B 5f91536e558827e5c412e336596d21c9aa9365e83ee9c96a9bcda9abbc3921c623e489f6e42be689203a1caa99cb6334b3124bf26764e4e1a4afe83de00aab3d SHA512 39e434406a0e855da911a4259691b9f60f4d205d8f0fbf47564a811c6317919fb7458ddf38a3a7922a3d06373a31f55e72069561c5d57e213702e2005579cf12

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200508_p20200508.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200508_p20200508.ebuild
deleted file mode 100644
index 0a7fafc268d..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20200508_p20200508.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     2ddff9bed91df8c82957eb63187568f6e7898330
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  1 21:58:16 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun  1 22:11:06 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ddff9be

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000a0661, pf_mask 0x80, 2019-10-07, rev 0x00ba

- Updated microcodes:

  sig 0x00050654, pf_mask 0xb7, 2020-02-12, rev 0x2006901 -> 2020-04-24, rev 0x2006906
  sig 0x00050657, pf_mask 0xbf, 2020-01-14, rev 0x5002f00 -> 2020-04-23, rev 0x5002f01
  sig 0x000506c9, pf_mask 0x03, 2019-07-22, rev 0x003c    -> 2020-02-27, rev 0x0040
  sig 0x000506ca, pf_mask 0x03, 2019-08-12, rev 0x001c    -> 2020-02-27, rev 0x001e
  sig 0x000706e5, pf_mask 0x80, 2020-04-21, rev 0x0080    -> 2020-04-22, rev 0x0082
  sig 0x000906ea, pf_mask 0x22, 2020-01-09, rev 0x00d2    -> 2020-04-27, rev 0x00d6
  sig 0x000906eb, pf_mask 0x02, 2020-01-09, rev 0x00d2    -> 2020-04-23, rev 0x00d6
  sig 0x000906ec, pf_mask 0x22, 2020-01-09, rev 0x00d2    -> 2020-04-27, rev 0x00d6
  sig 0x000906ed, pf_mask 0x22, 2020-01-09, rev 0x00d2    -> 2020-04-23, rev 0x00d6

Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20200520_p20200601.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 250 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 0985b1cce92..f02a25cc671 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,4 @@
 DIST intel-microcode-collection-20200508.tar.xz 6010560 BLAKE2B ebbbac3b474644d983f8f6f1a3b305b60a65732883658d18efe8c918f6d1ec55f8439313ccc2fe5d90a5ca5e207bcc2db9b9299148157f233007046fa3090e19 SHA512 48dde26041afb3a82afd3f4f8a2539ccf0da4a42c802b45aa776e16ceebf72cb39ce828278a423d4f2b2c0d7c29c5701978b4a223d135b453bc63cb1db3e5373
+DIST intel-microcode-collection-20200601.tar.xz 6163976 BLAKE2B eb17605a09f771562189924b916b0d2426d6c2b6f9d76447d05d614679f097acf71fc70dd96132c0ad9d3f1a954f5809456fa951ca42fa0db2373da2288417b7 SHA512 60e798dd357ce85d8bd1f78e0447d983d6916aec87bf8a3f375091e4c57ffa8fb654459a8ed7d2d83184a828060509e16aa37e3a23f70684ac1b170736a12d54
 DIST microcode-20200508.tar.gz 3002932 BLAKE2B 01964ca9cf6f3d0255d85d6bff9c8fedb127884a034d34eeec97e24d6689aa81eba758306316346cd686d2aee6c0cbc4afc0a2ccb49c3a4b2c5f0d6b1e543063 SHA512 00fa15464c7637c080c49d63b73c197418f4709eaaf55d515504f3bb8aab06dc97206c4fbef57250dc6ca8abf226e0f1fc39bad76ca8b0d705c820e3d1d8ffc9
+DIST microcode-20200520.tar.gz 3002980 BLAKE2B 5f91536e558827e5c412e336596d21c9aa9365e83ee9c96a9bcda9abbc3921c623e489f6e42be689203a1caa99cb6334b3124bf26764e4e1a4afe83de00aab3d SHA512 39e434406a0e855da911a4259691b9f60f4d205d8f0fbf47564a811c6317919fb7458ddf38a3a7922a3d06373a31f55e72069561c5d57e213702e2005579cf12

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200520_p20200601.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200520_p20200601.ebuild
new file mode 100644
index 00000000000..0a7fafc268d
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20200520_p20200601.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     6afb4d2ca806ad2fc487ff3c138913c0486089f3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 10 00:59:12 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 00:59:22 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6afb4d2c

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20200520_p20200601.ebuild      | 248 ---------------------
 2 files changed, 249 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index f18b3fcdb03..62ccb450a07 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,2 @@
 DIST intel-microcode-collection-20200601.tar.xz 6163976 BLAKE2B eb17605a09f771562189924b916b0d2426d6c2b6f9d76447d05d614679f097acf71fc70dd96132c0ad9d3f1a954f5809456fa951ca42fa0db2373da2288417b7 SHA512 60e798dd357ce85d8bd1f78e0447d983d6916aec87bf8a3f375091e4c57ffa8fb654459a8ed7d2d83184a828060509e16aa37e3a23f70684ac1b170736a12d54
-DIST microcode-20200520.tar.gz 3002980 BLAKE2B 5f91536e558827e5c412e336596d21c9aa9365e83ee9c96a9bcda9abbc3921c623e489f6e42be689203a1caa99cb6334b3124bf26764e4e1a4afe83de00aab3d SHA512 39e434406a0e855da911a4259691b9f60f4d205d8f0fbf47564a811c6317919fb7458ddf38a3a7922a3d06373a31f55e72069561c5d57e213702e2005579cf12
 DIST microcode-20200609.tar.gz 3043809 BLAKE2B 08e69e8cf0c6932d6cb9909f18c1c55f359491ed29ad296c28111e6301c9f6371ec25c4ce1c8884a50900b9ba9dfcab38e77c7f3ebb58f3a3d8518ed839c8d22 SHA512 bfcaaea2811214b79445d632e256cd35af82d62f748799d47f7bc2490c5a6fd53f020bcaa3331a96b54c91ded1d17dfd9946b40174694b9a7ad17810f58293ae

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200520_p20200601.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200520_p20200601.ebuild
deleted file mode 100644
index 0a7fafc268d..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20200520_p20200601.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     be023795c13480fcdcd91e549f54c3ecc0138c9f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 10 00:51:32 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 00:59:21 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be023795

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000406e3, pf_mask 0xc0, 2020-01-09, rev 0x00da    -> 2020-04-27, rev 0x00dc
  sig 0x00050653, pf_mask 0x97, 2020-02-21, rev 0x1000155 -> 2020-04-24, rev 0x1000157
  sig 0x00050656, pf_mask 0xbf, 2020-01-14, rev 0x4002f00 -> 2020-04-23, rev 0x4002f01
  sig 0x000506e3, pf_mask 0x36, 2020-01-09, rev 0x00da    -> 2020-04-27, rev 0x00dc
  sig 0x000806e9, pf_mask 0xc0, 2020-01-09, rev 0x00d2    -> 2020-04-27, rev 0x00d6
  sig 0x000806e9, pf_mask 0x10, 2020-01-09, rev 0x00d2    -> 2020-04-27, rev 0x00d6
  sig 0x000806ea, pf_mask 0xc0, 2020-01-09, rev 0x00d2    -> 2020-04-27, rev 0x00d6
  sig 0x000806eb, pf_mask 0xd0, 2020-01-09, rev 0x00d2    -> 2020-04-27, rev 0x00d6
  sig 0x000806ec, pf_mask 0x94, 2020-01-10, rev 0x00d2    -> 2020-04-23, rev 0x00d6
  sig 0x000906e9, pf_mask 0x2a, 2020-01-09, rev 0x00d2    -> 2020-04-23, rev 0x00d6

Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20200609_p20200601.ebuild      | 248 +++++++++++++++++++++
 2 files changed, 249 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 37862ea8457..f18b3fcdb03 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20200601.tar.xz 6163976 BLAKE2B eb17605a09f771562189924b916b0d2426d6c2b6f9d76447d05d614679f097acf71fc70dd96132c0ad9d3f1a954f5809456fa951ca42fa0db2373da2288417b7 SHA512 60e798dd357ce85d8bd1f78e0447d983d6916aec87bf8a3f375091e4c57ffa8fb654459a8ed7d2d83184a828060509e16aa37e3a23f70684ac1b170736a12d54
 DIST microcode-20200520.tar.gz 3002980 BLAKE2B 5f91536e558827e5c412e336596d21c9aa9365e83ee9c96a9bcda9abbc3921c623e489f6e42be689203a1caa99cb6334b3124bf26764e4e1a4afe83de00aab3d SHA512 39e434406a0e855da911a4259691b9f60f4d205d8f0fbf47564a811c6317919fb7458ddf38a3a7922a3d06373a31f55e72069561c5d57e213702e2005579cf12
+DIST microcode-20200609.tar.gz 3043809 BLAKE2B 08e69e8cf0c6932d6cb9909f18c1c55f359491ed29ad296c28111e6301c9f6371ec25c4ce1c8884a50900b9ba9dfcab38e77c7f3ebb58f3a3d8518ed839c8d22 SHA512 bfcaaea2811214b79445d632e256cd35af82d62f748799d47f7bc2490c5a6fd53f020bcaa3331a96b54c91ded1d17dfd9946b40174694b9a7ad17810f58293ae

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601.ebuild
new file mode 100644
index 00000000000..0a7fafc268d
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601.ebuild
@@ -0,0 +1,248 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     c1d8ba62ab0bcbea3133864a8dfce246406f181c
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 14 22:09:40 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jun 14 22:11:50 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1d8ba62

sys-firmware/intel-microcode: rev bump

- Mask sig 0x000406e3, pf_mask 0xc0, revision=0xd6 [Link 1]

- Mask sig 0x000406e3, pf_mask 0xc0, revision=0xda [Bug 722768]

This will basically downgrade microcode for 0x000406e3 back to rev 0x00d6 from 2019-10-03.

Link 1: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
Closes: https://bugs.gentoo.org/722768
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20200609_p20200601-r1.ebuild   | 259 +++++++++++++++++++++
 2 files changed, 260 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 62ccb450a07..6bc452dd5c8 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,2 +1,3 @@
 DIST intel-microcode-collection-20200601.tar.xz 6163976 BLAKE2B eb17605a09f771562189924b916b0d2426d6c2b6f9d76447d05d614679f097acf71fc70dd96132c0ad9d3f1a954f5809456fa951ca42fa0db2373da2288417b7 SHA512 60e798dd357ce85d8bd1f78e0447d983d6916aec87bf8a3f375091e4c57ffa8fb654459a8ed7d2d83184a828060509e16aa37e3a23f70684ac1b170736a12d54
+DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20200609.tar.gz 3043809 BLAKE2B 08e69e8cf0c6932d6cb9909f18c1c55f359491ed29ad296c28111e6301c9f6371ec25c4ce1c8884a50900b9ba9dfcab38e77c7f3ebb58f3a3d8518ed839c8d22 SHA512 bfcaaea2811214b79445d632e256cd35af82d62f748799d47f7bc2490c5a6fd53f020bcaa3331a96b54c91ded1d17dfd9946b40174694b9a7ad17810f58293ae

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601-r1.ebuild
new file mode 100644
index 00000000000..8beb82b50b7
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601-r1.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     f268b99679699fec54d9494e5f3b71057090f3fd
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 14 22:12:07 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Jun 14 22:12:07 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f268b996

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../intel-microcode-20200609_p20200601.ebuild      | 248 ---------------------
 1 file changed, 248 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601.ebuild
deleted file mode 100644
index 0a7fafc268d..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601.ebuild
+++ /dev/null
@@ -1,248 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     416f809eb7c4e2c4b67fa0f30c1084bde059308a
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 17 16:06:52 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jun 17 16:12:29 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=416f809e

sys-firmware/intel-microcode: bump

Package-Manager: Portage-2.3.101, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20200616_p20200617.ebuild      | 259 +++++++++++++++++++++
 2 files changed, 261 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 6bc452dd5c8..65cb0a4db9d 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,5 @@
 DIST intel-microcode-collection-20200601.tar.xz 6163976 BLAKE2B eb17605a09f771562189924b916b0d2426d6c2b6f9d76447d05d614679f097acf71fc70dd96132c0ad9d3f1a954f5809456fa951ca42fa0db2373da2288417b7 SHA512 60e798dd357ce85d8bd1f78e0447d983d6916aec87bf8a3f375091e4c57ffa8fb654459a8ed7d2d83184a828060509e16aa37e3a23f70684ac1b170736a12d54
+DIST intel-microcode-collection-20200617.tar.xz 6097076 BLAKE2B cbd323fb98569c58c3d89f0f7ae3bb4b215c518d90a83086e19fba9f61cfc591908e24a3d8620f93fbd6b6aa418ceb4e8899684dab3bc9450d4af08314d7a243 SHA512 0e99a75c1632da1e80b6d888b313d280e97e2902b51a21d2551444a5b6a332f85e8a008f69553b7154c50e68f90bfe7f86e152e2babd7a2d0b839ff27d18f8c0
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20200609.tar.gz 3043809 BLAKE2B 08e69e8cf0c6932d6cb9909f18c1c55f359491ed29ad296c28111e6301c9f6371ec25c4ce1c8884a50900b9ba9dfcab38e77c7f3ebb58f3a3d8518ed839c8d22 SHA512 bfcaaea2811214b79445d632e256cd35af82d62f748799d47f7bc2490c5a6fd53f020bcaa3331a96b54c91ded1d17dfd9946b40174694b9a7ad17810f58293ae
+DIST microcode-20200616.tar.gz 3036726 BLAKE2B c4db887743c916804624683b51306ba1fdb2281c3583a35706edfd5d6fbd7027793bf6fa952ba96dacd0e9b399a8e632d4997e46e13eba89d55f49328e0b5367 SHA512 39c4de3a292da0aeef4f35624d22ca6116dc8baa7f0683b1c16f5e153ba6d9d52f0879263313ef67922eda551d998521d3721af880c22c63083d8ebce81f413f

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild
new file mode 100644
index 00000000000..8beb82b50b7
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND="sys-apps/iucode_tool"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     a9b0f90f1b4fcb62a39201927634de7db3418336
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 17 16:11:25 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Jun 17 16:12:30 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9b0f90f

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-2.3.101, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20200609_p20200601-r1.ebuild   | 259 ---------------------
 2 files changed, 261 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 65cb0a4db9d..edddbb6a60c 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,5 +1,3 @@
-DIST intel-microcode-collection-20200601.tar.xz 6163976 BLAKE2B eb17605a09f771562189924b916b0d2426d6c2b6f9d76447d05d614679f097acf71fc70dd96132c0ad9d3f1a954f5809456fa951ca42fa0db2373da2288417b7 SHA512 60e798dd357ce85d8bd1f78e0447d983d6916aec87bf8a3f375091e4c57ffa8fb654459a8ed7d2d83184a828060509e16aa37e3a23f70684ac1b170736a12d54
 DIST intel-microcode-collection-20200617.tar.xz 6097076 BLAKE2B cbd323fb98569c58c3d89f0f7ae3bb4b215c518d90a83086e19fba9f61cfc591908e24a3d8620f93fbd6b6aa418ceb4e8899684dab3bc9450d4af08314d7a243 SHA512 0e99a75c1632da1e80b6d888b313d280e97e2902b51a21d2551444a5b6a332f85e8a008f69553b7154c50e68f90bfe7f86e152e2babd7a2d0b839ff27d18f8c0
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20200609.tar.gz 3043809 BLAKE2B 08e69e8cf0c6932d6cb9909f18c1c55f359491ed29ad296c28111e6301c9f6371ec25c4ce1c8884a50900b9ba9dfcab38e77c7f3ebb58f3a3d8518ed839c8d22 SHA512 bfcaaea2811214b79445d632e256cd35af82d62f748799d47f7bc2490c5a6fd53f020bcaa3331a96b54c91ded1d17dfd9946b40174694b9a7ad17810f58293ae
 DIST microcode-20200616.tar.gz 3036726 BLAKE2B c4db887743c916804624683b51306ba1fdb2281c3583a35706edfd5d6fbd7027793bf6fa952ba96dacd0e9b399a8e632d4997e46e13eba89d55f49328e0b5367 SHA512 39c4de3a292da0aeef4f35624d22ca6116dc8baa7f0683b1c16f5e153ba6d9d52f0879263313ef67922eda551d998521d3721af880c22c63083d8ebce81f413f

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601-r1.ebuild
deleted file mode 100644
index 8beb82b50b7..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20200609_p20200601-r1.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND="sys-apps/iucode_tool"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     7111a3030e6f80a165063bee9b19dc23d217c5ed
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 29 11:18:59 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jun 29 11:19:42 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7111a303

sys-firmware/intel-microcode: require >=sys-apps/iucode_tool-2.3

We make use of advanced microcode selection filters which were added
in 2.3 release.

Closes: https://bugs.gentoo.org/730128
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild
index 8beb82b50b7..d20d0f472fa 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild
@@ -25,7 +25,7 @@ KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 
-BDEPEND="sys-apps/iucode_tool"
+BDEPEND=">=sys-apps/iucode_tool-2.3"
 
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     d063321927b0ab74a096fab2110c217f3268d497
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 20 23:26:21 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Sep 20 23:41:17 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0633219

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x000606e0, pf_mask 0x01, 2016-11-04, rev 0x000b
  sig 0x000806a0, pf_mask 0x01, 2019-05-07, rev 0x0010
  sig 0x000806a1, pf_mask 0x10, 2020-06-12, rev 0x0027
  sig 0x000806c1, pf_mask 0x80, 2020-08-11, rev 0x0056
  sig 0x000806d0, pf_mask 0xc2, 2020-07-09, rev 0x002e
  sig 0x000a0670, pf_mask 0x02, 2020-03-04, rev 0x0002

- Updated microcodes:

  sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043    -> 2020-05-27, rev 0x0044
  sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6    -> 2020-06-24, rev 0x00e0
  sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157 -> 2020-06-18, rev 0x1000159
  sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906 -> 2020-06-16, rev 0x2006a08
  sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01 -> 2020-06-18, rev 0x4003003
  sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01 -> 2020-06-18, rev 0x5003003
  sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc    -> 2020-06-24, rev 0x00e0
  sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e    -> 2020-03-07, rev 0x0032
  sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032    -> 2020-06-09, rev 0x0034
  sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016    -> 2020-06-09, rev 0x0018
  sig 0x000706e4, pf_mask 0x80, 2019-08-14, rev 0x0042    -> 2019-09-05, rev 0x0046
  sig 0x000706e5, pf_mask 0x80, 2020-04-22, rev 0x0082    -> 2020-07-22, rev 0x009e
  sig 0x000806c0, pf_mask 0x80, 2019-09-13, rev 0x0034    -> 2020-04-02, rev 0x0068
  sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6    -> 2020-05-27, rev 0x00de
  sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6    -> 2020-05-27, rev 0x00de
  sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6    -> 2020-06-17, rev 0x00e0
  sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6    -> 2020-06-03, rev 0x00de
  sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6    -> 2020-05-18, rev 0x00de
  sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6    -> 2020-05-26, rev 0x00de
  sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6    -> 2020-05-25, rev 0x00de
  sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6    -> 2020-05-25, rev 0x00de
  sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6    -> 2020-06-03, rev 0x00de
  sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6    -> 2020-05-24, rev 0x00de
  sig 0x000a0652, pf_mask 0x20, 2020-01-26, rev 0x00c8    -> 2020-06-07, rev 0x00de
  sig 0x000a0653, pf_mask 0x22, 2020-01-22, rev 0x00cc    -> 2020-06-07, rev 0x00de
  sig 0x000a0655, pf_mask 0x22, 2020-03-12, rev 0x00ca    -> 2020-06-07, rev 0x00de
  sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca    -> 2020-06-07, rev 0x00de
  sig 0x000a0661, pf_mask 0x80, 2019-10-07, rev 0x00ba    -> 2020-06-07, rev 0x00de

Package-Manager: Portage-3.0.7, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20200616_p20200921.ebuild      | 259 +++++++++++++++++++++
 2 files changed, 260 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index edddbb6a60c..44f190c6817 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,4 @@
 DIST intel-microcode-collection-20200617.tar.xz 6097076 BLAKE2B cbd323fb98569c58c3d89f0f7ae3bb4b215c518d90a83086e19fba9f61cfc591908e24a3d8620f93fbd6b6aa418ceb4e8899684dab3bc9450d4af08314d7a243 SHA512 0e99a75c1632da1e80b6d888b313d280e97e2902b51a21d2551444a5b6a332f85e8a008f69553b7154c50e68f90bfe7f86e152e2babd7a2d0b839ff27d18f8c0
+DIST intel-microcode-collection-20200921.tar.xz 6482440 BLAKE2B d8cc478bf61c750fc73f1fd55ce8d8dd6655abc79bea77d2dfa21241ee0ff44c10931e28c6343494433d8dc1784b5bbf6ab47e5c8d5fa7c230749e057e21e33a SHA512 7c34a851b7047640557a2708bf0af9adcb40cffae73aa0c6d4a64dec33ba3df00854b056bb042d9886a9726eccb6053b418a2c515f07faa06d1ed0dfa984db05
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20200616.tar.gz 3036726 BLAKE2B c4db887743c916804624683b51306ba1fdb2281c3583a35706edfd5d6fbd7027793bf6fa952ba96dacd0e9b399a8e632d4997e46e13eba89d55f49328e0b5367 SHA512 39c4de3a292da0aeef4f35624d22ca6116dc8baa7f0683b1c16f5e153ba6d9d52f0879263313ef67922eda551d998521d3721af880c22c63083d8ebce81f413f

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200921.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200921.ebuild
new file mode 100644
index 00000000000..d20d0f472fa
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200921.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     076cd212ce202ac00dc02a3f2696b2fc6f52554d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 11 01:08:29 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov 11 01:16:46 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=076cd212

sys-firmware/intel-microcode: bump

- New microcode:

  sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e

- Updated microcodes:

  sig 0x000406e3, pf_mask 0xc0, 2020-06-24, rev 0x00e0 -> 2020-07-14, rev 0x00e2
  sig 0x000506e3, pf_mask 0x36, 2020-06-24, rev 0x00e0 -> 2020-07-14, rev 0x00e2
  sig 0x000706e5, pf_mask 0x80, 2020-07-22, rev 0x009e -> 2020-07-30, rev 0x00a0
  sig 0x000806a1, pf_mask 0x10, 2020-06-12, rev 0x0027 -> 2020-06-26, rev 0x0028
  sig 0x000806c1, pf_mask 0x80, 2020-08-11, rev 0x0056 -> 2020-10-02, rev 0x0068
  sig 0x000a0652, pf_mask 0x20, 2020-06-07, rev 0x00de -> 2020-07-08, rev 0x00e0
  sig 0x000a0653, pf_mask 0x22, 2020-06-07, rev 0x00de -> 2020-07-08, rev 0x00e0
  sig 0x000a0655, pf_mask 0x22, 2020-06-07, rev 0x00de -> 2020-09-14, rev 0x00e2
  sig 0x000a0660, pf_mask 0x80, 2020-06-07, rev 0x00de -> 2020-07-08, rev 0x00e0
  sig 0x000a0661, pf_mask 0x80, 2020-06-07, rev 0x00de -> 2020-07-02, rev 0x00e0

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20201110_p20201110.ebuild      | 259 +++++++++++++++++++++
 2 files changed, 261 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 44f190c6817..b08601f29ba 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,6 @@
 DIST intel-microcode-collection-20200617.tar.xz 6097076 BLAKE2B cbd323fb98569c58c3d89f0f7ae3bb4b215c518d90a83086e19fba9f61cfc591908e24a3d8620f93fbd6b6aa418ceb4e8899684dab3bc9450d4af08314d7a243 SHA512 0e99a75c1632da1e80b6d888b313d280e97e2902b51a21d2551444a5b6a332f85e8a008f69553b7154c50e68f90bfe7f86e152e2babd7a2d0b839ff27d18f8c0
 DIST intel-microcode-collection-20200921.tar.xz 6482440 BLAKE2B d8cc478bf61c750fc73f1fd55ce8d8dd6655abc79bea77d2dfa21241ee0ff44c10931e28c6343494433d8dc1784b5bbf6ab47e5c8d5fa7c230749e057e21e33a SHA512 7c34a851b7047640557a2708bf0af9adcb40cffae73aa0c6d4a64dec33ba3df00854b056bb042d9886a9726eccb6053b418a2c515f07faa06d1ed0dfa984db05
+DIST intel-microcode-collection-20201110.tar.xz 6476772 BLAKE2B 9f6bbc568f62a1593eba85a34861b70fd2598b745e1aac58df0ba4c248a9fafd1cda7bc428dfeff5b8da05d8098b7b98c7a64dc16ad4967aa34eff5b25d64a84 SHA512 6cf50f8f3b3531de11231e1f209c667bb715c5d4362ae5d4852ba7b76087e51dca2028b78dd521034013a32daf82c06cb6573f8fefc4acc8b955b42cef2ddea9
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20200616.tar.gz 3036726 BLAKE2B c4db887743c916804624683b51306ba1fdb2281c3583a35706edfd5d6fbd7027793bf6fa952ba96dacd0e9b399a8e632d4997e46e13eba89d55f49328e0b5367 SHA512 39c4de3a292da0aeef4f35624d22ca6116dc8baa7f0683b1c16f5e153ba6d9d52f0879263313ef67922eda551d998521d3721af880c22c63083d8ebce81f413f
+DIST microcode-20201110.tar.gz 3609989 BLAKE2B e984f6a69d8652f2842c78e62902c1aaca2fa39c2d9079be03ef829e8e9cb7e621bdfa6c5d49a2ad16759b393a7daaa375fe853c4e37a8789e280dfc749c3a9c SHA512 da0a2614fcd651536a2dc64a2207ab02d8b482453e9d2ae18f628f1cbc3da0aa0734f830264fca5541823693d300f74ae60f7014cbf43b87ff55345c8fd80014

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201110_p20201110.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201110_p20201110.ebuild
new file mode 100644
index 00000000000..fb5b79ed745
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20201110_p20201110.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     1e31ac774d52e12217de11bdabd1cc06aa94fb0f
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 15 23:12:40 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Nov 15 23:50:36 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e31ac77

sys-firmware/intel-microcode: bump

- Updated microcodes:

  sig 0x000806d0, pf_mask 0xc2, 2020-07-09, rev 0x002e -> 2020-08-25, rev 0x0038

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20201112_p20201116.ebuild      | 259 +++++++++++++++++++++
 2 files changed, 261 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index b08601f29ba..3373bca7987 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,6 +1,8 @@
 DIST intel-microcode-collection-20200617.tar.xz 6097076 BLAKE2B cbd323fb98569c58c3d89f0f7ae3bb4b215c518d90a83086e19fba9f61cfc591908e24a3d8620f93fbd6b6aa418ceb4e8899684dab3bc9450d4af08314d7a243 SHA512 0e99a75c1632da1e80b6d888b313d280e97e2902b51a21d2551444a5b6a332f85e8a008f69553b7154c50e68f90bfe7f86e152e2babd7a2d0b839ff27d18f8c0
 DIST intel-microcode-collection-20200921.tar.xz 6482440 BLAKE2B d8cc478bf61c750fc73f1fd55ce8d8dd6655abc79bea77d2dfa21241ee0ff44c10931e28c6343494433d8dc1784b5bbf6ab47e5c8d5fa7c230749e057e21e33a SHA512 7c34a851b7047640557a2708bf0af9adcb40cffae73aa0c6d4a64dec33ba3df00854b056bb042d9886a9726eccb6053b418a2c515f07faa06d1ed0dfa984db05
 DIST intel-microcode-collection-20201110.tar.xz 6476772 BLAKE2B 9f6bbc568f62a1593eba85a34861b70fd2598b745e1aac58df0ba4c248a9fafd1cda7bc428dfeff5b8da05d8098b7b98c7a64dc16ad4967aa34eff5b25d64a84 SHA512 6cf50f8f3b3531de11231e1f209c667bb715c5d4362ae5d4852ba7b76087e51dca2028b78dd521034013a32daf82c06cb6573f8fefc4acc8b955b42cef2ddea9
+DIST intel-microcode-collection-20201116.tar.xz 6506624 BLAKE2B b74ec0ddafe9681ae94d6a0df1de51655004eecae83c413fa824c9ad25cf68a25059627e2809a3b8cd5b3cb18647455385de0be2b2a7fcc6bc6c30e2ccabd1af SHA512 3a1aab0af9ff6dc95778276964b457a4429aa12f13499f6f89fa48285cf8aef9a0990099a80e360b76b2d4b6a836f2528f984aab17f12d905cf237dbab2a8b33
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20200616.tar.gz 3036726 BLAKE2B c4db887743c916804624683b51306ba1fdb2281c3583a35706edfd5d6fbd7027793bf6fa952ba96dacd0e9b399a8e632d4997e46e13eba89d55f49328e0b5367 SHA512 39c4de3a292da0aeef4f35624d22ca6116dc8baa7f0683b1c16f5e153ba6d9d52f0879263313ef67922eda551d998521d3721af880c22c63083d8ebce81f413f
 DIST microcode-20201110.tar.gz 3609989 BLAKE2B e984f6a69d8652f2842c78e62902c1aaca2fa39c2d9079be03ef829e8e9cb7e621bdfa6c5d49a2ad16759b393a7daaa375fe853c4e37a8789e280dfc749c3a9c SHA512 da0a2614fcd651536a2dc64a2207ab02d8b482453e9d2ae18f628f1cbc3da0aa0734f830264fca5541823693d300f74ae60f7014cbf43b87ff55345c8fd80014
+DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116.ebuild
new file mode 100644
index 00000000000..fb5b79ed745
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116.ebuild
@@ -0,0 +1,259 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     8b500ffd6b7c02326e79fb107ecb5004b81a9f9b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 18 23:34:11 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov 18 23:35:31 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b500ffd

sys-firmware/intel-microcode: rev bump

- Blacklisted microcodes:

  sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068

Link: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../intel-microcode-20201112_p20201116-r1.ebuild   | 262 +++++++++++++++++++++
 1 file changed, 262 insertions(+)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
new file mode 100644
index 00000000000..a162e73196e
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
@@ -0,0 +1,262 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     e900d5d35e275cc25de22f68a3c861193898fa3d
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 18 23:35:15 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Nov 18 23:35:32 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e900d5d3

sys-firmware/intel-microcode: drop old

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   5 -
 .../intel-microcode-20200616_p20200617.ebuild      | 259 ---------------------
 .../intel-microcode-20200616_p20200921.ebuild      | 259 ---------------------
 .../intel-microcode-20201110_p20201110.ebuild      | 259 ---------------------
 .../intel-microcode-20201112_p20201116.ebuild      | 259 ---------------------
 5 files changed, 1041 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 3373bca7987..20d2f36ff05 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,8 +1,3 @@
-DIST intel-microcode-collection-20200617.tar.xz 6097076 BLAKE2B cbd323fb98569c58c3d89f0f7ae3bb4b215c518d90a83086e19fba9f61cfc591908e24a3d8620f93fbd6b6aa418ceb4e8899684dab3bc9450d4af08314d7a243 SHA512 0e99a75c1632da1e80b6d888b313d280e97e2902b51a21d2551444a5b6a332f85e8a008f69553b7154c50e68f90bfe7f86e152e2babd7a2d0b839ff27d18f8c0
-DIST intel-microcode-collection-20200921.tar.xz 6482440 BLAKE2B d8cc478bf61c750fc73f1fd55ce8d8dd6655abc79bea77d2dfa21241ee0ff44c10931e28c6343494433d8dc1784b5bbf6ab47e5c8d5fa7c230749e057e21e33a SHA512 7c34a851b7047640557a2708bf0af9adcb40cffae73aa0c6d4a64dec33ba3df00854b056bb042d9886a9726eccb6053b418a2c515f07faa06d1ed0dfa984db05
-DIST intel-microcode-collection-20201110.tar.xz 6476772 BLAKE2B 9f6bbc568f62a1593eba85a34861b70fd2598b745e1aac58df0ba4c248a9fafd1cda7bc428dfeff5b8da05d8098b7b98c7a64dc16ad4967aa34eff5b25d64a84 SHA512 6cf50f8f3b3531de11231e1f209c667bb715c5d4362ae5d4852ba7b76087e51dca2028b78dd521034013a32daf82c06cb6573f8fefc4acc8b955b42cef2ddea9
 DIST intel-microcode-collection-20201116.tar.xz 6506624 BLAKE2B b74ec0ddafe9681ae94d6a0df1de51655004eecae83c413fa824c9ad25cf68a25059627e2809a3b8cd5b3cb18647455385de0be2b2a7fcc6bc6c30e2ccabd1af SHA512 3a1aab0af9ff6dc95778276964b457a4429aa12f13499f6f89fa48285cf8aef9a0990099a80e360b76b2d4b6a836f2528f984aab17f12d905cf237dbab2a8b33
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20200616.tar.gz 3036726 BLAKE2B c4db887743c916804624683b51306ba1fdb2281c3583a35706edfd5d6fbd7027793bf6fa952ba96dacd0e9b399a8e632d4997e46e13eba89d55f49328e0b5367 SHA512 39c4de3a292da0aeef4f35624d22ca6116dc8baa7f0683b1c16f5e153ba6d9d52f0879263313ef67922eda551d998521d3721af880c22c63083d8ebce81f413f
-DIST microcode-20201110.tar.gz 3609989 BLAKE2B e984f6a69d8652f2842c78e62902c1aaca2fa39c2d9079be03ef829e8e9cb7e621bdfa6c5d49a2ad16759b393a7daaa375fe853c4e37a8789e280dfc749c3a9c SHA512 da0a2614fcd651536a2dc64a2207ab02d8b482453e9d2ae18f628f1cbc3da0aa0734f830264fca5541823693d300f74ae60f7014cbf43b87ff55345c8fd80014
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild
deleted file mode 100644
index d20d0f472fa..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200617.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200921.ebuild b/sys-firmware/intel-microcode/intel-microcode-20200616_p20200921.ebuild
deleted file mode 100644
index d20d0f472fa..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20200616_p20200921.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201110_p20201110.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201110_p20201110.ebuild
deleted file mode 100644
index fb5b79ed745..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20201110_p20201110.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116.ebuild
deleted file mode 100644
index fb5b79ed745..00000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116.ebuild
+++ /dev/null
@@ -1,259 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks bindist mirror strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     a91753a3d0d724a4cb183c85649c3b1e7cc34f74
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 21 03:14:46 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Feb 21 03:16:33 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a91753a3

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000806c1, pf_mask 0x80, 2021-01-25, rev 0x0078
  sig 0x000906c0, pf_mask 0x01, 2020-12-13, rev 0x0019
  sig 0x000a0671, pf_mask 0x02, 2021-01-28, rev 0x002c

- Updated microcodes:

  sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016    -> 2020-11-25, rev 0x0017
  sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08 -> 2021-01-15, rev 0x2006b05
  sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003 -> 2020-12-31, rev 0x4003006
  sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003 -> 2020-12-31, rev 0x5003006
  sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e -> 2020-11-20, rev 0x7000020
  sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040    -> 2020-10-23, rev 0x0044
  sig 0x000506f1, pf_mask 0x01, 2020-03-07, rev 0x0032    -> 2020-10-23, rev 0x0034
  sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034    -> 2020-10-23, rev 0x0036
  sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018    -> 2020-10-23, rev 0x001a
  sig 0x000806d0, pf_mask 0xc2, 2020-08-25, rev 0x0038    -> 2020-11-04, rev 0x004c
  sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de    -> 2020-12-08, rev 0x00e8
  sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de    -> 2020-10-23, rev 0x00e4
  sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0    -> 2020-10-26, rev 0x00e2
  sig 0x000a0670, pf_mask 0x02, 2020-03-04, rev 0x0002    -> 2020-11-24, rev 0x002c

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20210216_p20210221.ebuild      | 262 +++++++++++++++++++++
 2 files changed, 264 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 20d2f36ff05..6363e8267c1 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,5 @@
 DIST intel-microcode-collection-20201116.tar.xz 6506624 BLAKE2B b74ec0ddafe9681ae94d6a0df1de51655004eecae83c413fa824c9ad25cf68a25059627e2809a3b8cd5b3cb18647455385de0be2b2a7fcc6bc6c30e2ccabd1af SHA512 3a1aab0af9ff6dc95778276964b457a4429aa12f13499f6f89fa48285cf8aef9a0990099a80e360b76b2d4b6a836f2528f984aab17f12d905cf237dbab2a8b33
+DIST intel-microcode-collection-20210221.tar.xz 6690716 BLAKE2B 09758341d20d60b739c4859442457fcc4ce563327dd7f14e8a626f49198d3beb59ef580530500a2dacb5ab9832119e8d489f553ccffc56613b31df027eb93e98 SHA512 e3bb3644c46ee41752bbd21c56e69144d23dab9162ebfe9906a07ff646b7ba57d14b0280b044bf7ceab771fe80e75d7aed3808b68b823ae19bc0c7c4a94589dd
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
+DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
new file mode 100644
index 00000000000..0a8e3fc79f0
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
@@ -0,0 +1,262 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     361f080a7e856fd871c8997289e1a9272ff4fbe0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 14 14:57:22 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 14 14:58:42 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=361f080a

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000606a4, pf_mask 0x87, 2020-08-17, rev 0xb000280
  sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0
  sig 0x000606a6, pf_mask 0x87, 2021-03-31, rev 0xd000280
  sig 0x000806d1, pf_mask 0xc2, 2021-03-16, rev 0x0024
  sig 0x00090670, pf_mask 0x02, 2020-11-11, rev 0x0019

- Updated microcodes:

  sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2    -> 2021-01-25, rev 0x00ea
  sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006 -> 2021-01-15, rev 0x5003101
  sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2    -> 2021-01-25, rev 0x00ea
  sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0    -> 2020-11-01, rev 0x00a6
  sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028    -> 2020-11-06, rev 0x002a
  sig 0x000806c1, pf_mask 0x80, 2021-01-25, rev 0x0078    -> 2021-03-17, rev 0x0086
  sig 0x000806d0, pf_mask 0xc2, 2020-12-01, rev 0x004e    -> 2020-11-04, rev 0x004c
  sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de    -> 2021-01-05, rev 0x00ea
  sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de    -> 2021-01-05, rev 0x00ea
  sig 0x000806ec, pf_mask 0x94, 2020-10-23, rev 0x00e4    -> 2021-01-05, rev 0x00ea
  sig 0x000906c0, pf_mask 0x01, 2020-12-13, rev 0x0019    -> 2021-03-23, rev 0x001d
  sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de    -> 2021-01-05, rev 0x00ea
  sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de    -> 2021-01-05, rev 0x00ea
  sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de    -> 2021-01-05, rev 0x00ea
  sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de    -> 2021-01-05, rev 0x00ea
  sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de    -> 2021-01-05, rev 0x00ea
  sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0    -> 2021-03-08, rev 0x00ea
  sig 0x000a0655, pf_mask 0x22, 2020-09-14, rev 0x00e2    -> 2021-03-08, rev 0x00ec
  sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0    -> 2020-12-08, rev 0x00e8
  sig 0x000a0671, pf_mask 0x02, 2021-01-28, rev 0x002c    -> 2021-03-19, rev 0x003c

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20210216_p20210514.ebuild      | 262 +++++++++++++++++++++
 2 files changed, 263 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 6363e8267c1..ad796bc4647 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,5 +1,6 @@
 DIST intel-microcode-collection-20201116.tar.xz 6506624 BLAKE2B b74ec0ddafe9681ae94d6a0df1de51655004eecae83c413fa824c9ad25cf68a25059627e2809a3b8cd5b3cb18647455385de0be2b2a7fcc6bc6c30e2ccabd1af SHA512 3a1aab0af9ff6dc95778276964b457a4429aa12f13499f6f89fa48285cf8aef9a0990099a80e360b76b2d4b6a836f2528f984aab17f12d905cf237dbab2a8b33
 DIST intel-microcode-collection-20210221.tar.xz 6690716 BLAKE2B 09758341d20d60b739c4859442457fcc4ce563327dd7f14e8a626f49198d3beb59ef580530500a2dacb5ab9832119e8d489f553ccffc56613b31df027eb93e98 SHA512 e3bb3644c46ee41752bbd21c56e69144d23dab9162ebfe9906a07ff646b7ba57d14b0280b044bf7ceab771fe80e75d7aed3808b68b823ae19bc0c7c4a94589dd
+DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c0acfa648393032b08a317572be1e38743721613000dede886d3885b36f7fa4a9c061e72855fc0ad409ce3299f679afc866abda7d29c9512a SHA512 fc4fcd3e2c4f1abdf5c0d23c1c0ac2f8c572531dadbc9a070c38150ec939cd4e2b13226b86df2371eb0679cef96307262d0356f2e617773c51c53f3e440894d2
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
new file mode 100644
index 00000000000..0a8e3fc79f0
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
@@ -0,0 +1,262 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     66c8a60ea74e8ed2391c9fdff749c65eb0f398ff
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  8 22:20:35 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun  8 22:21:52 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66c8a60e

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000606a0, pf_mask 0x97, 2019-07-22, rev 0x001f
  sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f
  sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f
  sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016
  sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011

- Updated microcodes:

  sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044    -> 2021-01-27, rev 0x0046
  sig 0x000306f4, pf_mask 0x80, 2020-11-25, rev 0x0017    -> 2021-02-05, rev 0x0019
  sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159 -> 2021-03-08, rev 0x100015b
  sig 0x00050654, pf_mask 0xb7, 2021-01-15, rev 0x2006b05 -> 2021-03-08, rev 0x2006b06
  sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006 -> 2021-03-08, rev 0x4003102
  sig 0x00050657, pf_mask 0xbf, 2021-01-15, rev 0x5003101 -> 2021-04-08, rev 0x5003103
  sig 0x0005065b, pf_mask 0xbf, 2020-11-20, rev 0x7000020 -> 2021-04-23, rev 0x7002302
  sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019 -> 2021-02-04, rev 0x700001b
  sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017 -> 2021-02-04, rev 0xf000019
  sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f -> 2021-02-04, rev 0xe000012
  sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e    -> 2020-10-23, rev 0x0020
  sig 0x000606a6, pf_mask 0x87, 2021-03-31, rev 0xd000280 -> 2021-04-25, rev 0xd0002a0
  sig 0x000806c1, pf_mask 0x80, 2021-03-17, rev 0x0086    -> 2021-04-09, rev 0x008a
  sig 0x000806d0, pf_mask 0xc2, 2020-12-01, rev 0x004e    -> 2020-12-17, rev 0x0050
  sig 0x000806d1, pf_mask 0xc2, 2021-03-16, rev 0x0024    -> 2021-04-23, rev 0x002c
  sig 0x000806e9, pf_mask 0x10, 2020-12-08, rev 0x00e8    -> 2021-01-05, rev 0x00ea
  sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0    -> 2021-01-06, rev 0x00ea
  sig 0x000a0652, pf_mask 0x20, 2020-10-26, rev 0x00e2    -> 2021-02-07, rev 0x00ea
  sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0    -> 2021-02-07, rev 0x00ea
  sig 0x000a0671, pf_mask 0x02, 2021-03-19, rev 0x003c    -> 2021-04-11, rev 0x0040

Closes: https://bugs.gentoo.org/794994
Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20210608_p20210608.ebuild      | 262 +++++++++++++++++++++
 2 files changed, 264 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index ad796bc4647..82568c926ae 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,6 +1,8 @@
 DIST intel-microcode-collection-20201116.tar.xz 6506624 BLAKE2B b74ec0ddafe9681ae94d6a0df1de51655004eecae83c413fa824c9ad25cf68a25059627e2809a3b8cd5b3cb18647455385de0be2b2a7fcc6bc6c30e2ccabd1af SHA512 3a1aab0af9ff6dc95778276964b457a4429aa12f13499f6f89fa48285cf8aef9a0990099a80e360b76b2d4b6a836f2528f984aab17f12d905cf237dbab2a8b33
 DIST intel-microcode-collection-20210221.tar.xz 6690716 BLAKE2B 09758341d20d60b739c4859442457fcc4ce563327dd7f14e8a626f49198d3beb59ef580530500a2dacb5ab9832119e8d489f553ccffc56613b31df027eb93e98 SHA512 e3bb3644c46ee41752bbd21c56e69144d23dab9162ebfe9906a07ff646b7ba57d14b0280b044bf7ceab771fe80e75d7aed3808b68b823ae19bc0c7c4a94589dd
 DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c0acfa648393032b08a317572be1e38743721613000dede886d3885b36f7fa4a9c061e72855fc0ad409ce3299f679afc866abda7d29c9512a SHA512 fc4fcd3e2c4f1abdf5c0d23c1c0ac2f8c572531dadbc9a070c38150ec939cd4e2b13226b86df2371eb0679cef96307262d0356f2e617773c51c53f3e440894d2
+DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf
+DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
new file mode 100644
index 00000000000..0a8e3fc79f0
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
@@ -0,0 +1,262 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     392a27e6c9fda51aed7dc3da67a7e84608a241bf
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 30 16:02:24 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Aug 30 16:03:15 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=392a27e6

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x00090660, pf_mask 0x01, 2020-06-17, rev 0x0009
  sig 0x00090671, pf_mask 0x82, 2021-05-05, rev 0x001a
  sig 0x00090672, pf_mask 0x03, 2021-08-16, rev 0x000d
  sig 0x00090674, pf_mask 0x01, 2021-04-25, rev 0x0219
  sig 0x00090675, pf_mask 0x03, 2021-08-16, rev 0x000d
  sig 0x000906a0, pf_mask 0x82, 2021-05-05, rev 0x001a

- Updated microcodes:

  sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102 -> 2021-04-20, rev 0x4003103
  sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0 -> 2021-06-25, rev 0xd0002d0
  sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c    -> 2021-07-16, rev 0x003c

Package-Manager: Portage-3.0.22, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20210608_p20210830.ebuild      | 262 +++++++++++++++++++++
 2 files changed, 263 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 82568c926ae..9c39469a906 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -2,6 +2,7 @@ DIST intel-microcode-collection-20201116.tar.xz 6506624 BLAKE2B b74ec0ddafe9681a
 DIST intel-microcode-collection-20210221.tar.xz 6690716 BLAKE2B 09758341d20d60b739c4859442457fcc4ce563327dd7f14e8a626f49198d3beb59ef580530500a2dacb5ab9832119e8d489f553ccffc56613b31df027eb93e98 SHA512 e3bb3644c46ee41752bbd21c56e69144d23dab9162ebfe9906a07ff646b7ba57d14b0280b044bf7ceab771fe80e75d7aed3808b68b823ae19bc0c7c4a94589dd
 DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c0acfa648393032b08a317572be1e38743721613000dede886d3885b36f7fa4a9c061e72855fc0ad409ce3299f679afc866abda7d29c9512a SHA512 fc4fcd3e2c4f1abdf5c0d23c1c0ac2f8c572531dadbc9a070c38150ec939cd4e2b13226b86df2371eb0679cef96307262d0356f2e617773c51c53f3e440894d2
 DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
+DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
new file mode 100644
index 00000000000..0a8e3fc79f0
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
@@ -0,0 +1,262 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Thomas Deutschmann]

commit:     3929b7925d6255539ab40a9d76391c9a39458289
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 10 01:59:01 2022 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Feb 10 02:01:40 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3929b792

sys-firmware/intel-microcode: bump

- New microcodes:

  sig 0x000906a2, pf_mask 0x80, 2022-01-02, rev 0x0315
  sig 0x000906a3, pf_mask 0x80, 2021-12-29, rev 0x0415
  sig 0x000906a4, pf_mask 0x80, 2021-12-29, rev 0x0415
  sig 0x000b0670, pf_mask 0x02, 2021-11-15, rev 0x0009

- Updated microcodes:

  sig 0x000206f0, pf_mask 0x05, 2010-06-30, rev 0x0004    -> 2010-07-29, rev 0x0005
  sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046    -> 2021-08-11, rev 0x0049
  sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019    -> 2021-05-24, rev 0x001a
  sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b -> 2021-05-26, rev 0x100015c
  sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06 -> 2021-06-16, rev 0x2006c0a
  sig 0x00050656, pf_mask 0xbf, 2021-04-20, rev 0x4003103 -> 2021-08-13, rev 0x400320a
  sig 0x00050657, pf_mask 0xbf, 2021-04-08, rev 0x5003103 -> 2021-08-13, rev 0x500320a
  sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302 -> 2021-06-04, rev 0x7002402
  sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b -> 2021-06-12, rev 0x700001c
  sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019 -> 2021-06-12, rev 0xf00001a
  sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012 -> 2021-09-18, rev 0xe000014
  sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044    -> 2021-05-10, rev 0x0046
  sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020    -> 2021-05-10, rev 0x0024
  sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea    -> 2021-04-29, rev 0x00ec
  sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034    -> 2021-05-10, rev 0x0036
  sig 0x000606a6, pf_mask 0x87, 2021-06-25, rev 0xd0002d0 -> 2021-12-03, rev 0xd000331
  sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036    -> 2021-05-10, rev 0x0038
  sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a    -> 2021-05-10, rev 0x001c
  sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6    -> 2021-05-26, rev 0x00a8
  sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a    -> 2021-09-02, rev 0x002d
  sig 0x000806c1, pf_mask 0x80, 2021-04-09, rev 0x008a    -> 2021-10-26, rev 0x009c
  sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016    -> 2021-07-16, rev 0x0022
  sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011    -> 2021-09-21, rev 0x0015
  sig 0x00090671, pf_mask 0x82, 2021-05-05, rev 0x001a    -> 2021-06-14, rev 0x001c
  sig 0x00090672, pf_mask 0x03, 2021-08-16, rev 0x000d    -> 2022-01-03, rev 0x001a
  sig 0x00090675, pf_mask 0x03, 2021-08-16, rev 0x000d    -> 2022-01-03, rev 0x001a
  sig 0x000906a0, pf_mask 0x82, 2021-05-05, rev 0x001a    -> 2021-06-14, rev 0x001c
  sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d    -> 2021-08-09, rev 0x2400001f
  sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea    -> 2021-04-29, rev 0x00ec
  sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea    -> 2021-04-28, rev 0x00ec
  sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec    -> 2021-04-28, rev 0x00ee
  sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8    -> 2021-04-28, rev 0x00ea
  sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea    -> 2021-04-29, rev 0x00ec
  sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040    -> 2021-08-29, rev 0x0050

Bug: https://bugs.gentoo.org/832985
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20220207_p20220207.ebuild      | 262 +++++++++++++++++++++
 2 files changed, 264 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 9c39469a906a..1713042146b2 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -3,7 +3,9 @@ DIST intel-microcode-collection-20210221.tar.xz 6690716 BLAKE2B 09758341d20d60b7
 DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c0acfa648393032b08a317572be1e38743721613000dede886d3885b36f7fa4a9c061e72855fc0ad409ce3299f679afc866abda7d29c9512a SHA512 fc4fcd3e2c4f1abdf5c0d23c1c0ac2f8c572531dadbc9a070c38150ec939cd4e2b13226b86df2371eb0679cef96307262d0356f2e617773c51c53f3e440894d2
 DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
 DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6
+DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
+DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
new file mode 100644
index 000000000000..133ab887e9c7
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
@@ -0,0 +1,262 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info toolchain-funcs mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks bindist mirror strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     bb77ecbe6e87d2c2d33e2ecda99483b8dc005ecf
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 15 20:17:27 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Mar 15 20:19:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb77ecbe

sys-firmware/intel-microcode: drop RESTRICT="mirror"

dev.gentoo.org is currently experiencing issues so users may
not be able to reach it right now.

It's clear from the original bug that led to the imposition
of the restriction that the issue is gone

Bug: https://bugs.gentoo.org/664134
Closes: https://bugs.gentoo.org/774360
Thanks-to: Ionen Wolkens <ionen <AT> gentoo.org>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild      | 4 ++--
 .../intel-microcode/intel-microcode-20210216_p20210221.ebuild         | 4 ++--
 .../intel-microcode/intel-microcode-20210216_p20210514.ebuild         | 4 ++--
 .../intel-microcode/intel-microcode-20210608_p20210608.ebuild         | 4 ++--
 .../intel-microcode/intel-microcode-20210608_p20210830.ebuild         | 4 ++--
 .../intel-microcode/intel-microcode-20220207_p20220207.ebuild         | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
index a162e73196e8..96e879dd2f60 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist mirror strip"
+RESTRICT="binchecks bindist strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
index 0a8e3fc79f0d..96e879dd2f60 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist mirror strip"
+RESTRICT="binchecks bindist strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
index 0a8e3fc79f0d..96e879dd2f60 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist mirror strip"
+RESTRICT="binchecks bindist strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
index 0a8e3fc79f0d..96e879dd2f60 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist mirror strip"
+RESTRICT="binchecks bindist strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
index 0a8e3fc79f0d..96e879dd2f60 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="7"
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist mirror strip"
+RESTRICT="binchecks bindist strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
index 133ab887e9c7..96e879dd2f60 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist mirror strip"
+RESTRICT="binchecks bindist strip"
 
 S=${WORKDIR}
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Ulrich Müller]

commit:     0d2889e6612232d5c376ab6753054167fd454ac0
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 16 06:31:55 2022 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Wed Mar 16 06:31:55 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d2889e6

sys-firmware/intel-microcode: Drop bindist restriction

Closes: https://bugs.gentoo.org/774360
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 .../intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild        | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild  | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild  | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild  | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild  | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild  | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
index 96e879dd2f60..adfb7ec7e6a4 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist strip"
+RESTRICT="binchecks strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
index 96e879dd2f60..adfb7ec7e6a4 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist strip"
+RESTRICT="binchecks strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
index 96e879dd2f60..adfb7ec7e6a4 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist strip"
+RESTRICT="binchecks strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
index 96e879dd2f60..adfb7ec7e6a4 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist strip"
+RESTRICT="binchecks strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
index 96e879dd2f60..adfb7ec7e6a4 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist strip"
+RESTRICT="binchecks strip"
 
 S=${WORKDIR}
 

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
index 96e879dd2f60..adfb7ec7e6a4 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
@@ -30,7 +30,7 @@ BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
 
-RESTRICT="binchecks bindist strip"
+RESTRICT="binchecks strip"
 
 S=${WORKDIR}
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     6251af7a0987db60a64e6b6c9871a9a7ca0bc94f
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Mon May  2 20:46:05 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Mon May  2 20:46:05 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6251af7a

sys-firmware/intel-microcode: add 20220419_p20220421

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20220419_p20220421.ebuild      | 263 +++++++++++++++++++++
 2 files changed, 265 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 1713042146b2..95a4de19db6b 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -4,8 +4,10 @@ DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c
 DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
 DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6
 DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
+DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c40b7638cd53e559f0d5b672f40676a3fc478d07ac5772f350da777c20f821ed5a0907ba31800874cd15553fcdbdae319e77e17961cf49f9f SHA512 a7b5ef78618a27c6065a78d5302d19f846feb71bc09cc0359342d1f31f1f793242982bc384227b0e59a4b7f246cb9f4aaa2350ad0a4fe1a23ce3504e59b0d2c2
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
+DIST microcode-20220419.tar.gz 4590171 BLAKE2B 69d296efad5329324a47640eace5d1a10e38b85cb8b7ac5baa9f14c40391ff809ae17cb7814f99f2e43910fe4c4b02dc77ffea7bb5f2b58069b2c17029e9f76a SHA512 abfe3942c204e42ed121bcea47c366469013a6751ef5d28d9c0d59a3a660bd1ad7010441e000367c052ee1ead00285a252d2b3c3ca86314eaea9f7d0de3f05c6

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220419_p20220421.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220419_p20220421.ebuild
new file mode 100644
index 000000000000..4171888a5826
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20220419_p20220421.ebuild
@@ -0,0 +1,263 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     62f84e98cfb995b3780aed1ff217131a4b299b30
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Tue May 10 20:24:38 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Tue May 10 20:24:38 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62f84e98

sys-firmware/intel-microcode: add 20220510_p20220508

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20220510_p20220508.ebuild      | 263 +++++++++++++++++++++
 2 files changed, 265 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 95a4de19db6b..8aca790448ed 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -5,9 +5,11 @@ DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf0
 DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6
 DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
 DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c40b7638cd53e559f0d5b672f40676a3fc478d07ac5772f350da777c20f821ed5a0907ba31800874cd15553fcdbdae319e77e17961cf49f9f SHA512 a7b5ef78618a27c6065a78d5302d19f846feb71bc09cc0359342d1f31f1f793242982bc384227b0e59a4b7f246cb9f4aaa2350ad0a4fe1a23ce3504e59b0d2c2
+DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
 DIST microcode-20220419.tar.gz 4590171 BLAKE2B 69d296efad5329324a47640eace5d1a10e38b85cb8b7ac5baa9f14c40391ff809ae17cb7814f99f2e43910fe4c4b02dc77ffea7bb5f2b58069b2c17029e9f76a SHA512 abfe3942c204e42ed121bcea47c366469013a6751ef5d28d9c0d59a3a660bd1ad7010441e000367c052ee1ead00285a252d2b3c3ca86314eaea9f7d0de3f05c6
+DIST microcode-20220510.tar.gz 5912115 BLAKE2B 5f8c238b00970ddda132dbcf9059df759bb768e1eb2fe0b9912ffe69cf9a6104b32ea816e7574660ea74e3d08af1aa45cc46b5f38d0b315e6e466d8ca466f37d SHA512 00329ce62a6d9cc66fb8594d132ef67951086ab1250ceaf908d5a357753ed62557275f55c5eb7b3ad55d1fdd312b5d1a436b214cdcbf6e3e1a840c8bf6f4795d

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220510_p20220508.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220510_p20220508.ebuild
new file mode 100644
index 000000000000..4171888a5826
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20220510_p20220508.ebuild
@@ -0,0 +1,263 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     ad2c208e9b4bdbe68645077d14f3c09ba1cd3ba8
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  9 20:42:56 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Tue Aug  9 20:42:56 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad2c208e

sys-firmware/intel-microcode: add 20220809_p20220809

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20220809_p20220809.ebuild      | 263 +++++++++++++++++++++
 2 files changed, 265 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 8aca790448ed..9db636008985 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -6,6 +6,7 @@ DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b
 DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
 DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c40b7638cd53e559f0d5b672f40676a3fc478d07ac5772f350da777c20f821ed5a0907ba31800874cd15553fcdbdae319e77e17961cf49f9f SHA512 a7b5ef78618a27c6065a78d5302d19f846feb71bc09cc0359342d1f31f1f793242982bc384227b0e59a4b7f246cb9f4aaa2350ad0a4fe1a23ce3504e59b0d2c2
 DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
+DIST intel-microcode-collection-20220809.tar.xz 9864684 BLAKE2B 904fb6f86fda5a754081725fa8bec4e751768a66883d3d6768e149906c93706b8de9bbc10ccc1cdaf16214f02dbb33616ebe2c47bb621c37f3bc87d4dd63c3c9 SHA512 9be22b542e44255da79bd3c8bfac13c01093963f84e9bf75da2c622c8315c9d321b3dd7e8467b218dadba30d2797ca16805972fde63d133c0146d88141762b7c
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf
@@ -13,3 +14,4 @@ DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef4
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
 DIST microcode-20220419.tar.gz 4590171 BLAKE2B 69d296efad5329324a47640eace5d1a10e38b85cb8b7ac5baa9f14c40391ff809ae17cb7814f99f2e43910fe4c4b02dc77ffea7bb5f2b58069b2c17029e9f76a SHA512 abfe3942c204e42ed121bcea47c366469013a6751ef5d28d9c0d59a3a660bd1ad7010441e000367c052ee1ead00285a252d2b3c3ca86314eaea9f7d0de3f05c6
 DIST microcode-20220510.tar.gz 5912115 BLAKE2B 5f8c238b00970ddda132dbcf9059df759bb768e1eb2fe0b9912ffe69cf9a6104b32ea816e7574660ea74e3d08af1aa45cc46b5f38d0b315e6e466d8ca466f37d SHA512 00329ce62a6d9cc66fb8594d132ef67951086ab1250ceaf908d5a357753ed62557275f55c5eb7b3ad55d1fdd312b5d1a436b214cdcbf6e3e1a840c8bf6f4795d
+DIST microcode-20220809.tar.gz 5929894 BLAKE2B 3765995c88b67aff78fe8c4280b3293c60a2013f2b8c9ec155a2ef187af55a7e562c73a000e45828cf5309e2c1b644dac5849347130b1a98c831bdad117df437 SHA512 1c91df1cbba33953f4ad19cc53215cad843c61a08509596fad32a84b4f0012d9d29bce64b58eb405c345af7f646d5982e45227570ce3605780be6e8bf31a63e1

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
new file mode 100644
index 000000000000..4171888a5826
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
@@ -0,0 +1,263 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* amd64 x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     579c2a5f2447aca71956fd63b6d96aa241970f1b
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  9 22:01:27 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Tue Aug  9 22:01:27 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=579c2a5f

sys-firmware/intel-microcode: update Manifest

Closes: https://bugs.gentoo.org/864719

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 9db636008985..e908cdf8692a 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -6,7 +6,7 @@ DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b
 DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
 DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c40b7638cd53e559f0d5b672f40676a3fc478d07ac5772f350da777c20f821ed5a0907ba31800874cd15553fcdbdae319e77e17961cf49f9f SHA512 a7b5ef78618a27c6065a78d5302d19f846feb71bc09cc0359342d1f31f1f793242982bc384227b0e59a4b7f246cb9f4aaa2350ad0a4fe1a23ce3504e59b0d2c2
 DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
-DIST intel-microcode-collection-20220809.tar.xz 9864684 BLAKE2B 904fb6f86fda5a754081725fa8bec4e751768a66883d3d6768e149906c93706b8de9bbc10ccc1cdaf16214f02dbb33616ebe2c47bb621c37f3bc87d4dd63c3c9 SHA512 9be22b542e44255da79bd3c8bfac13c01093963f84e9bf75da2c622c8315c9d321b3dd7e8467b218dadba30d2797ca16805972fde63d133c0146d88141762b7c
+DIST intel-microcode-collection-20220809.tar.xz 9863700 BLAKE2B 266deba0890cc68de72dab28cb76b9aedd81258c2da1c1c00a19f927c73e9856c9dc6a18c08a768d1df2d5c5c3b21aab13446cdb4f84e13078ff2124859cdb00 SHA512 4c35e26d5887e9182dce5cf4cce46d4cfe8cab926e833396a645561adab775b8a5eac9a27f50a4c83887c50e56384917680a596eb02d50f1a14a56e8c163f4c2
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     e9c8747c382c6cdd32fc89e2366b499364a479de
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 16:23:18 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 16:23:18 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9c8747c

sys-firmware/intel-microcode: Add pkg docs and minor fix

Remove non-microcode file from uncompressed source so that the
iucode_tool does not break installation

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 .../intel-microcode-20220809_p20220809.ebuild               | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
index 4171888a5826..9f6c94996cbe 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
@@ -56,6 +56,17 @@ MICROCODE_SIGNATURES_DEFAULT=""
 # only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
 
+#Version  bump instructions :
+# 1. The ebuild is the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild 
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files\
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+
 pkg_pretend() {
 	use initramfs && mount-boot_pkg_pretend
 }
@@ -76,6 +87,8 @@ src_prepare() {
 	# Prevent "invalid file format" errors from iucode_tool
 	rm -f "${S}"/intel-ucod*/list || die
 
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-ucode/LICENSE
 }
 
 src_install() {

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     4dfe672c16fbab8c80b79996907b4467932ff982
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 16:24:07 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 16:24:07 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dfe672c

sys-firmware/intel-microcode: Fix whitespace

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
index 9f6c94996cbe..f40acd842d36 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
@@ -57,7 +57,7 @@ MICROCODE_SIGNATURES_DEFAULT=""
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
 
 #Version  bump instructions :
-# 1. The ebuild is the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild 
+# 1. The ebuild is the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
 # 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files\
 # 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
 #   a. Clone the repository https://github.com/platomav/CPUMicrocodes

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     8fc6f6d51be6601217bce2c8a3a634d30e461de0
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 17:05:04 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 17:05:04 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8fc6f6d5

sys-firmware/intel-microcode: Minor grammar fixes

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 .../intel-microcode/intel-microcode-20220809_p20220809.ebuild         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
index f40acd842d36..426180b0a1f1 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
@@ -56,8 +56,8 @@ MICROCODE_SIGNATURES_DEFAULT=""
 # only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
 
-#Version  bump instructions :
-# 1. The ebuild is the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# Package Maintenance instructions :
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
 # 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files\
 # 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
 #   a. Clone the repository https://github.com/platomav/CPUMicrocodes

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     ffe5615d4943909b9bb981bafcfa29d1558ba623
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 17:07:03 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 17:07:03 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ffe5615d

sys-firmware/intel-microcode: drop 20210216_p20210221

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20210216_p20210221.ebuild      | 262 ---------------------
 2 files changed, 263 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 38456fac002c..089afe021d52 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,3 @@
-DIST intel-microcode-collection-20210221.tar.xz 6690716 BLAKE2B 09758341d20d60b739c4859442457fcc4ce563327dd7f14e8a626f49198d3beb59ef580530500a2dacb5ab9832119e8d489f553ccffc56613b31df027eb93e98 SHA512 e3bb3644c46ee41752bbd21c56e69144d23dab9162ebfe9906a07ff646b7ba57d14b0280b044bf7ceab771fe80e75d7aed3808b68b823ae19bc0c7c4a94589dd
 DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c0acfa648393032b08a317572be1e38743721613000dede886d3885b36f7fa4a9c061e72855fc0ad409ce3299f679afc866abda7d29c9512a SHA512 fc4fcd3e2c4f1abdf5c0d23c1c0ac2f8c572531dadbc9a070c38150ec939cd4e2b13226b86df2371eb0679cef96307262d0356f2e617773c51c53f3e440894d2
 DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
 DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
deleted file mode 100644
index adfb7ec7e6a4..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210221.ebuild
+++ /dev/null
@@ -1,262 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     ecc33118c767185ba8feb1c8743b8f4702f6df93
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 17:06:51 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 17:06:51 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ecc33118

sys-firmware/intel-microcode: drop 20201112_p20201116-r1

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20201112_p20201116-r1.ebuild   | 262 ---------------------
 2 files changed, 264 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e908cdf8692a..38456fac002c 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,3 @@
-DIST intel-microcode-collection-20201116.tar.xz 6506624 BLAKE2B b74ec0ddafe9681ae94d6a0df1de51655004eecae83c413fa824c9ad25cf68a25059627e2809a3b8cd5b3cb18647455385de0be2b2a7fcc6bc6c30e2ccabd1af SHA512 3a1aab0af9ff6dc95778276964b457a4429aa12f13499f6f89fa48285cf8aef9a0990099a80e360b76b2d4b6a836f2528f984aab17f12d905cf237dbab2a8b33
 DIST intel-microcode-collection-20210221.tar.xz 6690716 BLAKE2B 09758341d20d60b739c4859442457fcc4ce563327dd7f14e8a626f49198d3beb59ef580530500a2dacb5ab9832119e8d489f553ccffc56613b31df027eb93e98 SHA512 e3bb3644c46ee41752bbd21c56e69144d23dab9162ebfe9906a07ff646b7ba57d14b0280b044bf7ceab771fe80e75d7aed3808b68b823ae19bc0c7c4a94589dd
 DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c0acfa648393032b08a317572be1e38743721613000dede886d3885b36f7fa4a9c061e72855fc0ad409ce3299f679afc866abda7d29c9512a SHA512 fc4fcd3e2c4f1abdf5c0d23c1c0ac2f8c572531dadbc9a070c38150ec939cd4e2b13226b86df2371eb0679cef96307262d0356f2e617773c51c53f3e440894d2
 DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
@@ -8,7 +7,6 @@ DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c
 DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
 DIST intel-microcode-collection-20220809.tar.xz 9863700 BLAKE2B 266deba0890cc68de72dab28cb76b9aedd81258c2da1c1c00a19f927c73e9856c9dc6a18c08a768d1df2d5c5c3b21aab13446cdb4f84e13078ff2124859cdb00 SHA512 4c35e26d5887e9182dce5cf4cce46d4cfe8cab926e833396a645561adab775b8a5eac9a27f50a4c83887c50e56384917680a596eb02d50f1a14a56e8c163f4c2
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20201112.tar.gz 3610834 BLAKE2B 4212924f1673afded961266a25fe6063ec6cdafaa26c8bee1c42372eb8ab5f278dc2501615b23e09e2f9809bf2792a8db317c98c170bf0c5e1dd62b7dc80a084 SHA512 0875675d065a83ee14fa34a31022ee34e46aee579d1ff192414e79861af157ae269ca7c2c462f03b3accbd45590c76e5cbf4f53d7a6ed237e410213a96459211
 DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936

diff --git a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
deleted file mode 100644
index adfb7ec7e6a4..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20201112_p20201116-r1.ebuild
+++ /dev/null
@@ -1,262 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     b706c4312957ae12f969052b4aedea7ef1619c0e
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 17:08:00 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 17:08:00 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b706c431

sys-firmware/intel-microcode: drop 20210216_p20210514

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20210216_p20210514.ebuild      | 262 ---------------------
 2 files changed, 264 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 089afe021d52..5be1b70da773 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,3 @@
-DIST intel-microcode-collection-20210514.tar.xz 7907672 BLAKE2B d5226008e50e804c0acfa648393032b08a317572be1e38743721613000dede886d3885b36f7fa4a9c061e72855fc0ad409ce3299f679afc866abda7d29c9512a SHA512 fc4fcd3e2c4f1abdf5c0d23c1c0ac2f8c572531dadbc9a070c38150ec939cd4e2b13226b86df2371eb0679cef96307262d0356f2e617773c51c53f3e440894d2
 DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
 DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6
 DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
@@ -6,7 +5,6 @@ DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c
 DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
 DIST intel-microcode-collection-20220809.tar.xz 9863700 BLAKE2B 266deba0890cc68de72dab28cb76b9aedd81258c2da1c1c00a19f927c73e9856c9dc6a18c08a768d1df2d5c5c3b21aab13446cdb4f84e13078ff2124859cdb00 SHA512 4c35e26d5887e9182dce5cf4cce46d4cfe8cab926e833396a645561adab775b8a5eac9a27f50a4c83887c50e56384917680a596eb02d50f1a14a56e8c163f4c2
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20210216.tar.gz 3506111 BLAKE2B e09ab59dcccc77c15545b119dcf5309e626d53649a601c49fc7d6a65d774b8016d9ad44783f75ceb4bf384a03b909bc28693ed2be9f047029342dca9beae9cae SHA512 211ed90a248c891224bb8c569e24c04410d3f67ecc6daee41dc025042bd51c257baaba0da1ac5327df76352d2b53d812e81f06cc8726e43b95ea2f8898bc00bf
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
 DIST microcode-20220419.tar.gz 4590171 BLAKE2B 69d296efad5329324a47640eace5d1a10e38b85cb8b7ac5baa9f14c40391ff809ae17cb7814f99f2e43910fe4c4b02dc77ffea7bb5f2b58069b2c17029e9f76a SHA512 abfe3942c204e42ed121bcea47c366469013a6751ef5d28d9c0d59a3a660bd1ad7010441e000367c052ee1ead00285a252d2b3c3ca86314eaea9f7d0de3f05c6

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
deleted file mode 100644
index adfb7ec7e6a4..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20210216_p20210514.ebuild
+++ /dev/null
@@ -1,262 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     f6b7990e99f468687065b61979644271564bd059
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 10 17:08:07 2022 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Aug 10 17:08:07 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6b7990e

sys-firmware/intel-microcode: drop 20210608_p20210608

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 -
 .../intel-microcode-20210608_p20210608.ebuild      | 262 ---------------------
 2 files changed, 263 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 5be1b70da773..a12058526853 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,4 +1,3 @@
-DIST intel-microcode-collection-20210608.tar.xz 8012692 BLAKE2B 98df9d18658bfdf06ac7db84ac30707fe8834874583b324ebc882b514975d71b686788fcd1c9b9c5b05448403b27524e29a94ade34facdffb1645333059019a9 SHA512 7fd810cf05334f6442b9a0c77aef5319d3e2006e887d0354dee952647ded3fa6331a30192abf82eda0676af0439b40f5e3ab0210611f96c78fe52f01f106c5d4
 DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6
 DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
 DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c40b7638cd53e559f0d5b672f40676a3fc478d07ac5772f350da777c20f821ed5a0907ba31800874cd15553fcdbdae319e77e17961cf49f9f SHA512 a7b5ef78618a27c6065a78d5302d19f846feb71bc09cc0359342d1f31f1f793242982bc384227b0e59a4b7f246cb9f4aaa2350ad0a4fe1a23ce3504e59b0d2c2

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
deleted file mode 100644
index adfb7ec7e6a4..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210608.ebuild
+++ /dev/null
@@ -1,262 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     8cd157ea4a2599a8c02aca0f8ab76fe477afea65
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 19 03:31:50 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug 19 03:35:25 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8cd157ea

sys-firmware/intel-microcode: add github upstream metadata

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/metadata.xml | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/sys-firmware/intel-microcode/metadata.xml b/sys-firmware/intel-microcode/metadata.xml
index d12b8b092528..bc639705faae 100644
--- a/sys-firmware/intel-microcode/metadata.xml
+++ b/sys-firmware/intel-microcode/metadata.xml
@@ -1,14 +1,18 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-<maintainer type="project">
-	<email>base-system@gentoo.org</email>
-	<name>Gentoo Base System</name>
-</maintainer>
-<use>
-	<flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag>
-	<flag name="hostonly">only install ucode(s) supported by currently available (=online) processor(s)</flag>
-	<flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag>
-	<flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag>
-</use>
+	<maintainer type="project">
+		<email>base-system@gentoo.org</email>
+		<name>Gentoo Base System</name>
+	</maintainer>
+	<use>
+		<flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag>
+		<flag name="hostonly">only install ucode(s) supported by currently available (=online) processor(s)</flag>
+		<flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag>
+		<flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag>
+	</use>
+	<upstream>
+		<remote-id type="github">intel/Intel-Linux-Processor-Microcode-Data-Files</remote-id>
+		<remote-id type="github">platomav/CPUMicrocodes</remote-id>
+	</upstream>
 </pkgmetadata>

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     bd499e8cd81a03efb0d127914bf071240d29f800
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  9 03:20:37 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov  9 03:20:47 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd499e8c

sys-firmware/intel-microcode: add 20221108_p20221102

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20221108_p20221102.ebuild      | 277 +++++++++++++++++++++
 2 files changed, 279 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index a12058526853..b13749b3956e 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -3,9 +3,11 @@ DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d7
 DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c40b7638cd53e559f0d5b672f40676a3fc478d07ac5772f350da777c20f821ed5a0907ba31800874cd15553fcdbdae319e77e17961cf49f9f SHA512 a7b5ef78618a27c6065a78d5302d19f846feb71bc09cc0359342d1f31f1f793242982bc384227b0e59a4b7f246cb9f4aaa2350ad0a4fe1a23ce3504e59b0d2c2
 DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
 DIST intel-microcode-collection-20220809.tar.xz 9863700 BLAKE2B 266deba0890cc68de72dab28cb76b9aedd81258c2da1c1c00a19f927c73e9856c9dc6a18c08a768d1df2d5c5c3b21aab13446cdb4f84e13078ff2124859cdb00 SHA512 4c35e26d5887e9182dce5cf4cce46d4cfe8cab926e833396a645561adab775b8a5eac9a27f50a4c83887c50e56384917680a596eb02d50f1a14a56e8c163f4c2
+DIST intel-microcode-collection-20221102.tar.xz 11125112 BLAKE2B 6054a3278b694ee4b1d1a92ad586ce37cbbfbead1fc7100541f7b71fb0b9e0eb9fd9560a459f8ba861eb95595a89b79e8dbb8ef2e70ef6513245e206fecd3667 SHA512 76426f6f491a17302bc312cfd1d58849d42ffa8d454c05ab086f493de20cd24d328a7b05689493e1fa70c025097c61fd09fd765bc02485ba6efe81d0fac014cd
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
 DIST microcode-20220419.tar.gz 4590171 BLAKE2B 69d296efad5329324a47640eace5d1a10e38b85cb8b7ac5baa9f14c40391ff809ae17cb7814f99f2e43910fe4c4b02dc77ffea7bb5f2b58069b2c17029e9f76a SHA512 abfe3942c204e42ed121bcea47c366469013a6751ef5d28d9c0d59a3a660bd1ad7010441e000367c052ee1ead00285a252d2b3c3ca86314eaea9f7d0de3f05c6
 DIST microcode-20220510.tar.gz 5912115 BLAKE2B 5f8c238b00970ddda132dbcf9059df759bb768e1eb2fe0b9912ffe69cf9a6104b32ea816e7574660ea74e3d08af1aa45cc46b5f38d0b315e6e466d8ca466f37d SHA512 00329ce62a6d9cc66fb8594d132ef67951086ab1250ceaf908d5a357753ed62557275f55c5eb7b3ad55d1fdd312b5d1a436b214cdcbf6e3e1a840c8bf6f4795d
 DIST microcode-20220809.tar.gz 5929894 BLAKE2B 3765995c88b67aff78fe8c4280b3293c60a2013f2b8c9ec155a2ef187af55a7e562c73a000e45828cf5309e2c1b644dac5849347130b1a98c831bdad117df437 SHA512 1c91df1cbba33953f4ad19cc53215cad843c61a08509596fad32a84b4f0012d9d29bce64b58eb405c345af7f646d5982e45227570ce3605780be6e8bf31a63e1
+DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4

diff --git a/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild b/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
new file mode 100644
index 000000000000..4034f1e167a3
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
@@ -0,0 +1,277 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+# Package Maintenance instructions :
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files\
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-ucode/LICENSE
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     a7c7d8c63bc8f3b77494f7bffb22f7e714de54fd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  9 07:54:42 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Nov  9 07:54:58 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a7c7d8c6

sys-firmware/intel-microcode: fix installation with USE=-vanilla

Closes: https://bugs.gentoo.org/880561
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../intel-microcode/intel-microcode-20221108_p20221102.ebuild       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild b/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
index 4034f1e167a3..1a088a8d06d7 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
@@ -88,8 +88,12 @@ src_prepare() {
 	# Prevent "invalid file format" errors from iucode_tool
 	rm -f "${S}"/intel-ucod*/list || die
 
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
 	# Remove non-microcode file from list
-	rm -f "${S}"/intel-ucode/LICENSE
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
 }
 
 src_install() {

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     339f7825ecb9ee0ea13172efbb403ebd27ef7e1d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 16 06:28:13 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 16 06:28:13 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=339f7825

sys-firmware/intel-microcode: stabilize 20221108_p20221102 for amd64, x86

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild b/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
index 1a088a8d06d7..006f4811618a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
@@ -22,7 +22,7 @@ SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/arc
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     36dccf12ff7eddd2529908e7ffc170a75a576d34
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 15 01:36:17 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 15 01:38:25 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36dccf12

sys-firmware/intel-microcode: add 20230214_p20230212

Bug: https://bugs.gentoo.org/894474
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20230214_p20230212.ebuild      | 281 +++++++++++++++++++++
 2 files changed, 283 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index b13749b3956e..89e7bd6be05d 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -4,6 +4,7 @@ DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c
 DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
 DIST intel-microcode-collection-20220809.tar.xz 9863700 BLAKE2B 266deba0890cc68de72dab28cb76b9aedd81258c2da1c1c00a19f927c73e9856c9dc6a18c08a768d1df2d5c5c3b21aab13446cdb4f84e13078ff2124859cdb00 SHA512 4c35e26d5887e9182dce5cf4cce46d4cfe8cab926e833396a645561adab775b8a5eac9a27f50a4c83887c50e56384917680a596eb02d50f1a14a56e8c163f4c2
 DIST intel-microcode-collection-20221102.tar.xz 11125112 BLAKE2B 6054a3278b694ee4b1d1a92ad586ce37cbbfbead1fc7100541f7b71fb0b9e0eb9fd9560a459f8ba861eb95595a89b79e8dbb8ef2e70ef6513245e206fecd3667 SHA512 76426f6f491a17302bc312cfd1d58849d42ffa8d454c05ab086f493de20cd24d328a7b05689493e1fa70c025097c61fd09fd765bc02485ba6efe81d0fac014cd
+DIST intel-microcode-collection-20230212.tar.xz 13213352 BLAKE2B b2548908632cc65e997186e7af60a35ba4a44edb88263f5018c1cc9619299816c6184352653076413b95fb914f799b765e4fa6a5c46513d1425bde353e4dcde2 SHA512 27f2aacbf409acb005f83f0f486b59128ebac4c8d6b1b329cff7e33b237a8d47e579c6afb064d7a9ff634ad652ae0c2b9bc9302e6269007e12bd4aa391075430
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
@@ -11,3 +12,4 @@ DIST microcode-20220419.tar.gz 4590171 BLAKE2B 69d296efad5329324a47640eace5d1a10
 DIST microcode-20220510.tar.gz 5912115 BLAKE2B 5f8c238b00970ddda132dbcf9059df759bb768e1eb2fe0b9912ffe69cf9a6104b32ea816e7574660ea74e3d08af1aa45cc46b5f38d0b315e6e466d8ca466f37d SHA512 00329ce62a6d9cc66fb8594d132ef67951086ab1250ceaf908d5a357753ed62557275f55c5eb7b3ad55d1fdd312b5d1a436b214cdcbf6e3e1a840c8bf6f4795d
 DIST microcode-20220809.tar.gz 5929894 BLAKE2B 3765995c88b67aff78fe8c4280b3293c60a2013f2b8c9ec155a2ef187af55a7e562c73a000e45828cf5309e2c1b644dac5849347130b1a98c831bdad117df437 SHA512 1c91df1cbba33953f4ad19cc53215cad843c61a08509596fad32a84b4f0012d9d29bce64b58eb405c345af7f646d5982e45227570ce3605780be6e8bf31a63e1
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
+DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
new file mode 100644
index 000000000000..215705bf7f7b
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
@@ -0,0 +1,281 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+# Package Maintenance instructions :
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     c0221699cb3e36b5bd56031703940274ed2e28a0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 15 08:37:27 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 15 09:29:59 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0221699

sys-firmware/intel-microcode: tweak USE flag description style

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/metadata.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys-firmware/intel-microcode/metadata.xml b/sys-firmware/intel-microcode/metadata.xml
index bc639705faae..31efbfe0fea2 100644
--- a/sys-firmware/intel-microcode/metadata.xml
+++ b/sys-firmware/intel-microcode/metadata.xml
@@ -6,10 +6,10 @@
 		<name>Gentoo Base System</name>
 	</maintainer>
 	<use>
-		<flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag>
-		<flag name="hostonly">only install ucode(s) supported by currently available (=online) processor(s)</flag>
-		<flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag>
-		<flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag>
+		<flag name="initramfs">Install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag>
+		<flag name="hostonly">Only install ucode(s) supported by currently available (=online) processor(s)</flag>
+		<flag name="split-ucode">Install the split binary ucode files (used by the kernel directly)</flag>
+		<flag name="vanilla">Only install microcode updates from Intel's official microcode tarball</flag>
 	</use>
 	<upstream>
 		<remote-id type="github">intel/Intel-Linux-Processor-Microcode-Data-Files</remote-id>

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     6ad8a702c9da71e19b723afb4aea9dbe445e7c72
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 22 05:26:08 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 22 05:26:08 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ad8a702

sys-firmware/intel-microcode: Stabilize 20230214_p20230212 x86, #902591

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
index 215705bf7f7b..d8bac987c64a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
@@ -22,7 +22,7 @@ SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/arc
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* ~amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     c13aabef2ed599990622af47ed0ee16fe20ff859
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 22 05:26:09 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 22 05:26:09 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c13aabef

sys-firmware/intel-microcode: Stabilize 20230214_p20230212 amd64, #902591

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
index d8bac987c64a..d0d809679e8d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
@@ -22,7 +22,7 @@ SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/arc
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     be26894bf7a52d564335e04af2a52b54581e8280
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Fri May 12 23:13:42 2023 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Fri May 12 23:13:42 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be26894b

sys-firmware/intel-microcode: add 20230512_p20230512

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20230512_p20230512.ebuild      | 281 +++++++++++++++++++++
 2 files changed, 283 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 89e7bd6be05d..d863cd101999 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -5,6 +5,7 @@ DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d955
 DIST intel-microcode-collection-20220809.tar.xz 9863700 BLAKE2B 266deba0890cc68de72dab28cb76b9aedd81258c2da1c1c00a19f927c73e9856c9dc6a18c08a768d1df2d5c5c3b21aab13446cdb4f84e13078ff2124859cdb00 SHA512 4c35e26d5887e9182dce5cf4cce46d4cfe8cab926e833396a645561adab775b8a5eac9a27f50a4c83887c50e56384917680a596eb02d50f1a14a56e8c163f4c2
 DIST intel-microcode-collection-20221102.tar.xz 11125112 BLAKE2B 6054a3278b694ee4b1d1a92ad586ce37cbbfbead1fc7100541f7b71fb0b9e0eb9fd9560a459f8ba861eb95595a89b79e8dbb8ef2e70ef6513245e206fecd3667 SHA512 76426f6f491a17302bc312cfd1d58849d42ffa8d454c05ab086f493de20cd24d328a7b05689493e1fa70c025097c61fd09fd765bc02485ba6efe81d0fac014cd
 DIST intel-microcode-collection-20230212.tar.xz 13213352 BLAKE2B b2548908632cc65e997186e7af60a35ba4a44edb88263f5018c1cc9619299816c6184352653076413b95fb914f799b765e4fa6a5c46513d1425bde353e4dcde2 SHA512 27f2aacbf409acb005f83f0f486b59128ebac4c8d6b1b329cff7e33b237a8d47e579c6afb064d7a9ff634ad652ae0c2b9bc9302e6269007e12bd4aa391075430
+DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281471e1ef335bb8e3fccee99cf484256b9f3b1f2fd0af1d1266c0237bf7cf97314e229f0e3ae622de68bdbe2cf3d9ed4b74ca9189f2aa7bf226 SHA512 9d65406898a8e82e66ab9ff684166eaf61a2b42c765d6f55603985176cdf7600b1f95626da0f1fc25d781212ce2c80ac108d0174371390e0e2c2ab7dd48c7b0d
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
 DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
@@ -13,3 +14,4 @@ DIST microcode-20220510.tar.gz 5912115 BLAKE2B 5f8c238b00970ddda132dbcf9059df759
 DIST microcode-20220809.tar.gz 5929894 BLAKE2B 3765995c88b67aff78fe8c4280b3293c60a2013f2b8c9ec155a2ef187af55a7e562c73a000e45828cf5309e2c1b644dac5849347130b1a98c831bdad117df437 SHA512 1c91df1cbba33953f4ad19cc53215cad843c61a08509596fad32a84b4f0012d9d29bce64b58eb405c345af7f646d5982e45227570ce3605780be6e8bf31a63e1
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
+DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
new file mode 100644
index 000000000000..215705bf7f7b
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
@@ -0,0 +1,281 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
+SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+RESTRICT="binchecks strip"
+
+S=${WORKDIR}
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+# Package Maintenance instructions :
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     8f0c1f4d5ba5d038180cef7dfb3f7c64594fc015
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 10 13:34:47 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 10 13:35:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f0c1f4d

sys-firmware/intel-microcode: Stabilize 20230512_p20230512 x86, #908224

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
index 215705bf7f7b..d8bac987c64a 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
@@ -22,7 +22,7 @@ SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/arc
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* ~amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     f345c0e431e812894dd7976e970c17ce0dc8f137
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 10 13:34:49 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 10 13:35:05 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f345c0e4

sys-firmware/intel-microcode: Stabilize 20230512_p20230512 amd64, #908224

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
index d8bac987c64a..d0d809679e8d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
@@ -22,7 +22,7 @@ SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/arc
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     055ba222c02b61d3f4a841fcfd242f9117df87a8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 15 16:53:48 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 15 16:53:48 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=055ba222

sys-firmware/intel-microcode: drop versions

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |  10 -
 .../intel-microcode-20210608_p20210830.ebuild      | 262 -------------------
 .../intel-microcode-20220207_p20220207.ebuild      | 262 -------------------
 .../intel-microcode-20220419_p20220421.ebuild      | 263 --------------------
 .../intel-microcode-20220510_p20220508.ebuild      | 263 --------------------
 .../intel-microcode-20220809_p20220809.ebuild      | 276 ---------------------
 6 files changed, 1336 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index d863cd101999..e4f6bc2bfd0b 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,17 +1,7 @@
-DIST intel-microcode-collection-20210830.tar.xz 8681768 BLAKE2B 84f098285ed0b79b953e1f54b9ca077e42e7a2b6b28e862dddcb23a546ebebdd5afb9e54215b6c6493b72bf82121ace4b06f759413d3745571ff8156db52d6b1 SHA512 8a6a7376524888b0e89f9fd9a592d52a3859f4ddf1d961484b60d77098faa6984c5e8efc9cf4258a943cfc2c3503dbb87989868962a7ad8028c391d897e212b6
-DIST intel-microcode-collection-20220207.tar.xz 9362888 BLAKE2B 9efb2a943bffc1d702675c4ca5d17b6bc7f5bf5688fb1979caadbf96c516c31c3e1894823aaa16dbdb8c778c933eaf49dec6f2d416483d11e58ed1e75823cef8 SHA512 72458aa64c05ceb8bb21b296da5ad15230af3e6ac63240a10370fadec09523cf7ebefaaddce2b31e2c16570c2700a875cccf86fd1770046ff36cc30eb594f041
-DIST intel-microcode-collection-20220421.tar.xz 9442704 BLAKE2B 9c0d682d4ae07c6c40b7638cd53e559f0d5b672f40676a3fc478d07ac5772f350da777c20f821ed5a0907ba31800874cd15553fcdbdae319e77e17961cf49f9f SHA512 a7b5ef78618a27c6065a78d5302d19f846feb71bc09cc0359342d1f31f1f793242982bc384227b0e59a4b7f246cb9f4aaa2350ad0a4fe1a23ce3504e59b0d2c2
-DIST intel-microcode-collection-20220508.tar.xz 9444060 BLAKE2B 1737143f5227d95590f325f7205c04816d7791bebb27573dc30774fe5f40f74c1e0506d41774474a8b2495b0dc210528fac1362545d670a085c5c502aa903b24 SHA512 b9d7f2d5db0f625a219959f52822c8d6fba2e0bc682257a204c9b33cd19ed2101f5f661e7f2e2b98a8ad8d105fcb3309699d193469ee4d67d99ae188dc7034d9
-DIST intel-microcode-collection-20220809.tar.xz 9863700 BLAKE2B 266deba0890cc68de72dab28cb76b9aedd81258c2da1c1c00a19f927c73e9856c9dc6a18c08a768d1df2d5c5c3b21aab13446cdb4f84e13078ff2124859cdb00 SHA512 4c35e26d5887e9182dce5cf4cce46d4cfe8cab926e833396a645561adab775b8a5eac9a27f50a4c83887c50e56384917680a596eb02d50f1a14a56e8c163f4c2
 DIST intel-microcode-collection-20221102.tar.xz 11125112 BLAKE2B 6054a3278b694ee4b1d1a92ad586ce37cbbfbead1fc7100541f7b71fb0b9e0eb9fd9560a459f8ba861eb95595a89b79e8dbb8ef2e70ef6513245e206fecd3667 SHA512 76426f6f491a17302bc312cfd1d58849d42ffa8d454c05ab086f493de20cd24d328a7b05689493e1fa70c025097c61fd09fd765bc02485ba6efe81d0fac014cd
 DIST intel-microcode-collection-20230212.tar.xz 13213352 BLAKE2B b2548908632cc65e997186e7af60a35ba4a44edb88263f5018c1cc9619299816c6184352653076413b95fb914f799b765e4fa6a5c46513d1425bde353e4dcde2 SHA512 27f2aacbf409acb005f83f0f486b59128ebac4c8d6b1b329cff7e33b237a8d47e579c6afb064d7a9ff634ad652ae0c2b9bc9302e6269007e12bd4aa391075430
 DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281471e1ef335bb8e3fccee99cf484256b9f3b1f2fd0af1d1266c0237bf7cf97314e229f0e3ae622de68bdbe2cf3d9ed4b74ca9189f2aa7bf226 SHA512 9d65406898a8e82e66ab9ff684166eaf61a2b42c765d6f55603985176cdf7600b1f95626da0f1fc25d781212ce2c80ac108d0174371390e0e2c2ab7dd48c7b0d
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20210608.tar.gz 4782451 BLAKE2B 2eac43aaa7832365e428bf2de20797ef42293a53087545920d205bd3b11a3d8ca2afb33931af5d36b8f3a224b9c22ed89ff828acc8afdcfa1b8220884c55ae89 SHA512 61acd2e76aa019fa0002fbf56c503791080a937ff93d81e020f8f0cc089dc08928b4c7e9884f713b886e2f9d4a8409fea59e39f628ef534a588515e1c3fc861d
-DIST microcode-20220207.tar.gz 4590237 BLAKE2B 8c47a330794615b6684084976b6bb9e8800cd2869f81ecc33b28b54441b220a645502c0ade0cbd58e91879a652ff6bca181800004de477fc74033413ea4b1c8f SHA512 efa9f80815947cf2be371e7da7185634cbacefe779d1d6dfef0c15b78ccae7d2740ea6681b967a19dfbcc3014edce5bcdcdba87c9dea1f19d0415a03fca9e936
-DIST microcode-20220419.tar.gz 4590171 BLAKE2B 69d296efad5329324a47640eace5d1a10e38b85cb8b7ac5baa9f14c40391ff809ae17cb7814f99f2e43910fe4c4b02dc77ffea7bb5f2b58069b2c17029e9f76a SHA512 abfe3942c204e42ed121bcea47c366469013a6751ef5d28d9c0d59a3a660bd1ad7010441e000367c052ee1ead00285a252d2b3c3ca86314eaea9f7d0de3f05c6
-DIST microcode-20220510.tar.gz 5912115 BLAKE2B 5f8c238b00970ddda132dbcf9059df759bb768e1eb2fe0b9912ffe69cf9a6104b32ea816e7574660ea74e3d08af1aa45cc46b5f38d0b315e6e466d8ca466f37d SHA512 00329ce62a6d9cc66fb8594d132ef67951086ab1250ceaf908d5a357753ed62557275f55c5eb7b3ad55d1fdd312b5d1a436b214cdcbf6e3e1a840c8bf6f4795d
-DIST microcode-20220809.tar.gz 5929894 BLAKE2B 3765995c88b67aff78fe8c4280b3293c60a2013f2b8c9ec155a2ef187af55a7e562c73a000e45828cf5309e2c1b644dac5849347130b1a98c831bdad117df437 SHA512 1c91df1cbba33953f4ad19cc53215cad843c61a08509596fad32a84b4f0012d9d29bce64b58eb405c345af7f646d5982e45227570ce3605780be6e8bf31a63e1
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
 DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48

diff --git a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild b/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
deleted file mode 100644
index adfb7ec7e6a4..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20210608_p20210830.ebuild
+++ /dev/null
@@ -1,262 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
deleted file mode 100644
index adfb7ec7e6a4..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20220207_p20220207.ebuild
+++ /dev/null
@@ -1,262 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info toolchain-funcs mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220419_p20220421.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220419_p20220421.ebuild
deleted file mode 100644
index 4171888a5826..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20220419_p20220421.ebuild
+++ /dev/null
@@ -1,263 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220510_p20220508.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220510_p20220508.ebuild
deleted file mode 100644
index 4171888a5826..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20220510_p20220508.ebuild
+++ /dev/null
@@ -1,263 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild b/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
deleted file mode 100644
index 426180b0a1f1..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20220809_p20220809.ebuild
+++ /dev/null
@@ -1,276 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-# Package Maintenance instructions :
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files\
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-ucode/LICENSE
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     6c9f7fbbca0f76a1459ceb28d3b6fe1c55dde7c4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 15 23:41:58 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun 15 23:41:58 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c9f7fbb

sys-firmware/intel-microcode: add 20230613_p20230520

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20230613_p20230520.ebuild      | 287 +++++++++++++++++++++
 2 files changed, 289 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e4f6bc2bfd0b..b20ca738140c 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,7 +1,9 @@
 DIST intel-microcode-collection-20221102.tar.xz 11125112 BLAKE2B 6054a3278b694ee4b1d1a92ad586ce37cbbfbead1fc7100541f7b71fb0b9e0eb9fd9560a459f8ba861eb95595a89b79e8dbb8ef2e70ef6513245e206fecd3667 SHA512 76426f6f491a17302bc312cfd1d58849d42ffa8d454c05ab086f493de20cd24d328a7b05689493e1fa70c025097c61fd09fd765bc02485ba6efe81d0fac014cd
 DIST intel-microcode-collection-20230212.tar.xz 13213352 BLAKE2B b2548908632cc65e997186e7af60a35ba4a44edb88263f5018c1cc9619299816c6184352653076413b95fb914f799b765e4fa6a5c46513d1425bde353e4dcde2 SHA512 27f2aacbf409acb005f83f0f486b59128ebac4c8d6b1b329cff7e33b237a8d47e579c6afb064d7a9ff634ad652ae0c2b9bc9302e6269007e12bd4aa391075430
 DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281471e1ef335bb8e3fccee99cf484256b9f3b1f2fd0af1d1266c0237bf7cf97314e229f0e3ae622de68bdbe2cf3d9ed4b74ca9189f2aa7bf226 SHA512 9d65406898a8e82e66ab9ff684166eaf61a2b42c765d6f55603985176cdf7600b1f95626da0f1fc25d781212ce2c80ac108d0174371390e0e2c2ab7dd48c7b0d
+DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b8835565dec3560d059f909d13da853d37c79ddbaa049b94f96e811a2240ab043dfdbf59074e683383f5c17e76ceb0e7f6cccffdaad330bf7de1 SHA512 6302866edf5a5209f8dfc80817fe306fc11376ac7d70450f32e38483902c428365fb553c57e989a6ca6e1cf07573352c9b500764250a815c4aff6b9f6b6d47fb
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
 DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48
+DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild
new file mode 100644
index 000000000000..8f5ab874339b
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     ef6d52664f0625911c1dfd55c10249e34ab32dc8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 24 04:14:40 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jul 24 04:14:40 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef6d5266

sys-firmware/intel-microcode: Stabilize 20230613_p20230520 x86, #911021

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild
index 8f5ab874339b..75b180e6208e 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* ~amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     7dc83ae5adc579e1710dc38b4833e4cafdebd115
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  8 18:46:19 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Aug  8 18:46:19 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dc83ae5

sys-firmware/intel-microcode: add 20230808_p20230804

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20230808_p20230804.ebuild      | 287 +++++++++++++++++++++
 2 files changed, 289 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index b20ca738140c..522f496a89bf 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -2,8 +2,10 @@ DIST intel-microcode-collection-20221102.tar.xz 11125112 BLAKE2B 6054a3278b694ee
 DIST intel-microcode-collection-20230212.tar.xz 13213352 BLAKE2B b2548908632cc65e997186e7af60a35ba4a44edb88263f5018c1cc9619299816c6184352653076413b95fb914f799b765e4fa6a5c46513d1425bde353e4dcde2 SHA512 27f2aacbf409acb005f83f0f486b59128ebac4c8d6b1b329cff7e33b237a8d47e579c6afb064d7a9ff634ad652ae0c2b9bc9302e6269007e12bd4aa391075430
 DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281471e1ef335bb8e3fccee99cf484256b9f3b1f2fd0af1d1266c0237bf7cf97314e229f0e3ae622de68bdbe2cf3d9ed4b74ca9189f2aa7bf226 SHA512 9d65406898a8e82e66ab9ff684166eaf61a2b42c765d6f55603985176cdf7600b1f95626da0f1fc25d781212ce2c80ac108d0174371390e0e2c2ab7dd48c7b0d
 DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b8835565dec3560d059f909d13da853d37c79ddbaa049b94f96e811a2240ab043dfdbf59074e683383f5c17e76ceb0e7f6cccffdaad330bf7de1 SHA512 6302866edf5a5209f8dfc80817fe306fc11376ac7d70450f32e38483902c428365fb553c57e989a6ca6e1cf07573352c9b500764250a815c4aff6b9f6b6d47fb
+DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
 DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48
 DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639
+DIST microcode-20230808.tar.gz 13011561 BLAKE2B 400ba9b91a7048c780377d49ff6cb00458c60a9d53c2e5cef1eb99170ca8f0cad66336841d14869bd42d182f7d8df27a2fa9cb982b0df0c5fc9f62325b6acb69 SHA512 8316eb9d35b315e630c6c9fab1ba601b91e72cc42926ef14e7c2b77e7025d276ae06c143060f44cd1a873d3879c067d11ad82e1886c796e6be6bf466243ad85b

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild
new file mode 100644
index 000000000000..8f5ab874339b
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     e1f208e1fa8c030d1bf9571b36e67d552325c73b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  9 03:14:09 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  9 03:20:15 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1f208e1

sys-firmware/intel-microcode: stabilize 20230808_p20230804 for amd64, x86

Bug: https://bugs.gentoo.org/911939
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild
index 8f5ab874339b..5d1ff1e7f4be 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     49fe8376218d15dce8d39ffba486be54b06562eb
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 16:40:13 2023 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Wed Oct 11 16:40:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49fe8376

sys-firmware/intel-microcode: add 20230808_p20231007

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   1 +
 .../intel-microcode-20230808_p20231007.ebuild      | 287 +++++++++++++++++++++
 2 files changed, 288 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 522f496a89bf..e134334401ed 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -3,6 +3,7 @@ DIST intel-microcode-collection-20230212.tar.xz 13213352 BLAKE2B b2548908632cc65
 DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281471e1ef335bb8e3fccee99cf484256b9f3b1f2fd0af1d1266c0237bf7cf97314e229f0e3ae622de68bdbe2cf3d9ed4b74ca9189f2aa7bf226 SHA512 9d65406898a8e82e66ab9ff684166eaf61a2b42c765d6f55603985176cdf7600b1f95626da0f1fc25d781212ce2c80ac108d0174371390e0e2c2ab7dd48c7b0d
 DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b8835565dec3560d059f909d13da853d37c79ddbaa049b94f96e811a2240ab043dfdbf59074e683383f5c17e76ceb0e7f6cccffdaad330bf7de1 SHA512 6302866edf5a5209f8dfc80817fe306fc11376ac7d70450f32e38483902c428365fb553c57e989a6ca6e1cf07573352c9b500764250a815c4aff6b9f6b6d47fb
 DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e
+DIST intel-microcode-collection-20231007.tar.xz 13997252 BLAKE2B fdd9f42c1b8945c4fdc9eed3b07959ac193df365dce7ff0f81c5f10916581914800701a57f9a57822369967a24cb092acb770f79815c5f595633f3e19a3e3fb5 SHA512 59fe08497c8c4a137c7212a8cc4bd038a740059059ae938dff7759c6797a29d008df7661c7f0fb20ea673f12df40479866d62278bb58a79e78789704a76cfc88
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
new file mode 100644
index 000000000000..8f5ab874339b
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Arthur Zamarin]

commit:     313324f2740ecf518717fabe64da8d6f6986f3fc
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 12 08:20:47 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 12 08:20:47 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=313324f2

sys-firmware/intel-microcode: Stabilize 20230808_p20231007 x86, #917242

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
index 8f5ab874339b..75b180e6208e 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* ~amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     4fc67987c533a23a3c1d6f9dc91d35e4cec82462
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 12 12:20:10 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 12 12:20:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fc67987

sys-firmware/intel-microcode: Stabilize 20230808_p20231007 amd64, #917242

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
index 75b180e6208e..5d1ff1e7f4be 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     05c588f2b663ba37a55381160b325f9c1259f489
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 14 23:41:04 2023 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Tue Nov 14 23:41:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05c588f2

sys-firmware/intel-microcode: add 20231114_p20231114

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20231114_p20231114.ebuild      | 287 +++++++++++++++++++++
 2 files changed, 289 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e134334401ed..bb6d032eb9c8 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -4,9 +4,11 @@ DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281
 DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b8835565dec3560d059f909d13da853d37c79ddbaa049b94f96e811a2240ab043dfdbf59074e683383f5c17e76ceb0e7f6cccffdaad330bf7de1 SHA512 6302866edf5a5209f8dfc80817fe306fc11376ac7d70450f32e38483902c428365fb553c57e989a6ca6e1cf07573352c9b500764250a815c4aff6b9f6b6d47fb
 DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e
 DIST intel-microcode-collection-20231007.tar.xz 13997252 BLAKE2B fdd9f42c1b8945c4fdc9eed3b07959ac193df365dce7ff0f81c5f10916581914800701a57f9a57822369967a24cb092acb770f79815c5f595633f3e19a3e3fb5 SHA512 59fe08497c8c4a137c7212a8cc4bd038a740059059ae938dff7759c6797a29d008df7661c7f0fb20ea673f12df40479866d62278bb58a79e78789704a76cfc88
+DIST intel-microcode-collection-20231114.tar.xz 13782912 BLAKE2B 65e2e8753e41fb140abdcc821b6fcdf9b930bcfcd24dcf523ab334c7cbfe1ce2f891b8c4385adb2a6ab4896a08215f140698a028265d0bfbc18b6fbd66720b3c SHA512 c9e590053f2fcd8882727476ea08c7ff68d2f65487c87845513c0037f741e4548b56bee69b0c05b864f92f23e1453f638e5547f716319a861c4f0de8f51a39da
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
 DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48
 DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639
 DIST microcode-20230808.tar.gz 13011561 BLAKE2B 400ba9b91a7048c780377d49ff6cb00458c60a9d53c2e5cef1eb99170ca8f0cad66336841d14869bd42d182f7d8df27a2fa9cb982b0df0c5fc9f62325b6acb69 SHA512 8316eb9d35b315e630c6c9fab1ba601b91e72cc42926ef14e7c2b77e7025d276ae06c143060f44cd1a873d3879c067d11ad82e1886c796e6be6bf466243ad85b
+DIST microcode-20231114.tar.gz 12466839 BLAKE2B e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612 SHA512 a684444ef81e81687ff43b8255e95675eed1d728053bb1a483a60e94e2d2d43f10fc12522510b22daf90c4debd8f035e6b9a565813aa799c2e1e3a464124f59b

diff --git a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
new file mode 100644
index 000000000000..8f5ab874339b
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     23d1cb8a4ff9b62f4f41875f6e0c99388dc6bbc2
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 17 13:53:14 2023 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Fri Nov 17 13:53:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23d1cb8a

sys-firmware/intel-microcode: stabilize for amd64, bug #917503

Bug: https://bugs.gentoo.org/917503

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
index 8f5ab874339b..7d1e978da6df 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 ~x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     649feb2f9d40830700fb6b2929c1266419d37e09
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 17 15:08:34 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 17 15:08:34 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=649feb2f

sys-firmware/intel-microcode: Stabilize 20231114_p20231114 x86, #917503

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
index 7d1e978da6df..5d1ff1e7f4be 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     d9b820aa1f77e0c3df7c9883684a0dcb67ee4ad5
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 12 20:25:17 2024 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Tue Mar 12 20:25:17 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9b820aa

sys-firmware/intel-microcode: add 20240312_p20240312

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20240312_p20240312.ebuild      | 287 +++++++++++++++++++++
 2 files changed, 289 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index bb6d032eb9c8..15207ee0441e 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -5,6 +5,7 @@ DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b88
 DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e
 DIST intel-microcode-collection-20231007.tar.xz 13997252 BLAKE2B fdd9f42c1b8945c4fdc9eed3b07959ac193df365dce7ff0f81c5f10916581914800701a57f9a57822369967a24cb092acb770f79815c5f595633f3e19a3e3fb5 SHA512 59fe08497c8c4a137c7212a8cc4bd038a740059059ae938dff7759c6797a29d008df7661c7f0fb20ea673f12df40479866d62278bb58a79e78789704a76cfc88
 DIST intel-microcode-collection-20231114.tar.xz 13782912 BLAKE2B 65e2e8753e41fb140abdcc821b6fcdf9b930bcfcd24dcf523ab334c7cbfe1ce2f891b8c4385adb2a6ab4896a08215f140698a028265d0bfbc18b6fbd66720b3c SHA512 c9e590053f2fcd8882727476ea08c7ff68d2f65487c87845513c0037f741e4548b56bee69b0c05b864f92f23e1453f638e5547f716319a861c4f0de8f51a39da
+DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
@@ -12,3 +13,4 @@ DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da72
 DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639
 DIST microcode-20230808.tar.gz 13011561 BLAKE2B 400ba9b91a7048c780377d49ff6cb00458c60a9d53c2e5cef1eb99170ca8f0cad66336841d14869bd42d182f7d8df27a2fa9cb982b0df0c5fc9f62325b6acb69 SHA512 8316eb9d35b315e630c6c9fab1ba601b91e72cc42926ef14e7c2b77e7025d276ae06c143060f44cd1a873d3879c067d11ad82e1886c796e6be6bf466243ad85b
 DIST microcode-20231114.tar.gz 12466839 BLAKE2B e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612 SHA512 a684444ef81e81687ff43b8255e95675eed1d728053bb1a483a60e94e2d2d43f10fc12522510b22daf90c4debd8f035e6b9a565813aa799c2e1e3a464124f59b
+DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
new file mode 100644
index 000000000000..418ab5cc22e2
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Arthur Zamarin]

commit:     53307408bd5423fac91699dc5e7d1e0f1386eb4a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat May  4 07:20:45 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat May  4 07:20:45 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53307408

sys-firmware/intel-microcode: Stabilize 20240312_p20240312 x86, #930902

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
index 418ab5cc22e2..0b4e7026d94f 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* ~amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Arthur Zamarin]

commit:     c567d072fbca3388222b43750a6dc8db2d31a70d
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat May  4 09:48:26 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat May  4 09:48:26 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c567d072

sys-firmware/intel-microcode: Stabilize 20240312_p20240312 amd64, #930902

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
index 0b4e7026d94f..5992eadefd5f 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 x86"
+KEYWORDS="-* amd64 x86"
 IUSE="hostonly initramfs +split-ucode vanilla"
 REQUIRED_USE="|| ( initramfs split-ucode )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     e3e97fafd8ad6d796609ad8e7c0620215a92c226
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed May 15 12:48:09 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 15 12:48:43 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3e97faf

sys-firmware/intel-microcode: add 20240514_p20240514

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20240514_p20240514.ebuild      | 287 +++++++++++++++++++++
 2 files changed, 289 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 6977fbfe04f3..03d11061b4c8 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,3 +1,5 @@
 DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
+DIST intel-microcode-collection-20240514.tar.xz 13421016 BLAKE2B 83b7d213709bf8c1ea1b62456974cf6a2087470d9e2456ef3de93569007cfa8c94021a21a9f3f7b638ffe4b2ad0f516deda04a1c630e54f35709e92a113a7683 SHA512 4cc364b19355f133dae0178f7d10b50abcc0e6e7919e646cfc756c8ff8dc1d6d0819abae6f5cb7f659f0466ee31196625cf022bb994f500ab08e93238a66d104
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911
+DIST microcode-20240514.tar.gz 12870457 BLAKE2B 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e SHA512 1c0f1707bf7db70d04e94a0728c0f61a1f9c25fead8c2c3716cafd20c976973cf636e411d12f81b34bf0076d7c7601c11b1bcd92a2e1be35d98003bb61ace569

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
new file mode 100644
index 000000000000..418ab5cc22e2
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     6ea33edebec051138011bea77ed362e4b0fc62d6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed May 15 12:43:40 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed May 15 12:48:43 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ea33ede

sys-firmware/intel-microcode: drop versions

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |  13 -
 .../intel-microcode-20221108_p20221102.ebuild      | 281 --------------------
 .../intel-microcode-20230214_p20230212.ebuild      | 281 --------------------
 .../intel-microcode-20230512_p20230512.ebuild      | 281 --------------------
 .../intel-microcode-20230613_p20230520.ebuild      | 287 ---------------------
 .../intel-microcode-20230808_p20230804.ebuild      | 287 ---------------------
 .../intel-microcode-20230808_p20231007.ebuild      | 287 ---------------------
 .../intel-microcode-20231114_p20231114.ebuild      | 287 ---------------------
 8 files changed, 2004 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 15207ee0441e..6977fbfe04f3 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,16 +1,3 @@
-DIST intel-microcode-collection-20221102.tar.xz 11125112 BLAKE2B 6054a3278b694ee4b1d1a92ad586ce37cbbfbead1fc7100541f7b71fb0b9e0eb9fd9560a459f8ba861eb95595a89b79e8dbb8ef2e70ef6513245e206fecd3667 SHA512 76426f6f491a17302bc312cfd1d58849d42ffa8d454c05ab086f493de20cd24d328a7b05689493e1fa70c025097c61fd09fd765bc02485ba6efe81d0fac014cd
-DIST intel-microcode-collection-20230212.tar.xz 13213352 BLAKE2B b2548908632cc65e997186e7af60a35ba4a44edb88263f5018c1cc9619299816c6184352653076413b95fb914f799b765e4fa6a5c46513d1425bde353e4dcde2 SHA512 27f2aacbf409acb005f83f0f486b59128ebac4c8d6b1b329cff7e33b237a8d47e579c6afb064d7a9ff634ad652ae0c2b9bc9302e6269007e12bd4aa391075430
-DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281471e1ef335bb8e3fccee99cf484256b9f3b1f2fd0af1d1266c0237bf7cf97314e229f0e3ae622de68bdbe2cf3d9ed4b74ca9189f2aa7bf226 SHA512 9d65406898a8e82e66ab9ff684166eaf61a2b42c765d6f55603985176cdf7600b1f95626da0f1fc25d781212ce2c80ac108d0174371390e0e2c2ab7dd48c7b0d
-DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b8835565dec3560d059f909d13da853d37c79ddbaa049b94f96e811a2240ab043dfdbf59074e683383f5c17e76ceb0e7f6cccffdaad330bf7de1 SHA512 6302866edf5a5209f8dfc80817fe306fc11376ac7d70450f32e38483902c428365fb553c57e989a6ca6e1cf07573352c9b500764250a815c4aff6b9f6b6d47fb
-DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e
-DIST intel-microcode-collection-20231007.tar.xz 13997252 BLAKE2B fdd9f42c1b8945c4fdc9eed3b07959ac193df365dce7ff0f81c5f10916581914800701a57f9a57822369967a24cb092acb770f79815c5f595633f3e19a3e3fb5 SHA512 59fe08497c8c4a137c7212a8cc4bd038a740059059ae938dff7759c6797a29d008df7661c7f0fb20ea673f12df40479866d62278bb58a79e78789704a76cfc88
-DIST intel-microcode-collection-20231114.tar.xz 13782912 BLAKE2B 65e2e8753e41fb140abdcc821b6fcdf9b930bcfcd24dcf523ab334c7cbfe1ce2f891b8c4385adb2a6ab4896a08215f140698a028265d0bfbc18b6fbd66720b3c SHA512 c9e590053f2fcd8882727476ea08c7ff68d2f65487c87845513c0037f741e4548b56bee69b0c05b864f92f23e1453f638e5547f716319a861c4f0de8f51a39da
 DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
-DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
-DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48
-DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639
-DIST microcode-20230808.tar.gz 13011561 BLAKE2B 400ba9b91a7048c780377d49ff6cb00458c60a9d53c2e5cef1eb99170ca8f0cad66336841d14869bd42d182f7d8df27a2fa9cb982b0df0c5fc9f62325b6acb69 SHA512 8316eb9d35b315e630c6c9fab1ba601b91e72cc42926ef14e7c2b77e7025d276ae06c143060f44cd1a873d3879c067d11ad82e1886c796e6be6bf466243ad85b
-DIST microcode-20231114.tar.gz 12466839 BLAKE2B e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612 SHA512 a684444ef81e81687ff43b8255e95675eed1d728053bb1a483a60e94e2d2d43f10fc12522510b22daf90c4debd8f035e6b9a565813aa799c2e1e3a464124f59b
 DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911

diff --git a/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild b/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
deleted file mode 100644
index 006f4811618a..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20221108_p20221102.ebuild
+++ /dev/null
@@ -1,281 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-# Package Maintenance instructions :
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files\
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
deleted file mode 100644
index d0d809679e8d..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20230214_p20230212.ebuild
+++ /dev/null
@@ -1,281 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-# Package Maintenance instructions :
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
deleted file mode 100644
index d0d809679e8d..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20230512_p20230512.ebuild
+++ /dev/null
@@ -1,281 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
-SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-RESTRICT="binchecks strip"
-
-S=${WORKDIR}
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-# Package Maintenance instructions :
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild
deleted file mode 100644
index 5d1ff1e7f4be..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20230613_p20230520.ebuild
+++ /dev/null
@@ -1,287 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-#
-#
-# Package Maintenance instructions:
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-#
-# PV:
-# * the first date is upstream
-# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
-SRC_URI="
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-"
-S="${WORKDIR}"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-RESTRICT="binchecks strip"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild
deleted file mode 100644
index 5d1ff1e7f4be..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20230808_p20230804.ebuild
+++ /dev/null
@@ -1,287 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-#
-#
-# Package Maintenance instructions:
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-#
-# PV:
-# * the first date is upstream
-# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
-SRC_URI="
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-"
-S="${WORKDIR}"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-RESTRICT="binchecks strip"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild b/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
deleted file mode 100644
index 5d1ff1e7f4be..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20230808_p20231007.ebuild
+++ /dev/null
@@ -1,287 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-#
-#
-# Package Maintenance instructions:
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-#
-# PV:
-# * the first date is upstream
-# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
-SRC_URI="
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-"
-S="${WORKDIR}"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-RESTRICT="binchecks strip"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

diff --git a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
deleted file mode 100644
index 5d1ff1e7f4be..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
+++ /dev/null
@@ -1,287 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-#
-#
-# Package Maintenance instructions:
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-#
-# PV:
-# * the first date is upstream
-# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
-SRC_URI="
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-"
-S="${WORKDIR}"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
-RESTRICT="binchecks strip"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Andrew Ammerlaan]

commit:     f93d0ab96634750c940e9068324795b5efca20cc
Author:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
AuthorDate: Wed May  8 06:38:14 2024 +0000
Commit:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
CommitDate: Fri May 17 12:06:44 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f93d0ab9

sys-firmware/intel-microcode: add USE=dist-kernel

The /boot/intel-uc.img is useless when we use a dist-kernel since dracut is
responsible for generating the initramfs, and it (by default) includes the
microcode.

Instead add USE=dist-kernel and enable USE=initramfs by default. The
initramfs flag toggles the early_microcode setting of dracut, and if both flags
are enabled we trigger initramfs re-installation. This ensures that when we
update this package, we also get the latest microcode in our dist-kernel
initramfs or UKI.

Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>

 .../intel-microcode-20240312_p20240312.ebuild      | 38 ++++++++++++++++++----
 .../intel-microcode-20240514_p20240514.ebuild      | 38 ++++++++++++++++++----
 2 files changed, 62 insertions(+), 14 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
index 5992eadefd5f..957da662f92e 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 
-inherit linux-info mount-boot
+inherit dist-kernel-utils linux-info mount-boot
 
 # Find updates by searching and clicking the first link (hopefully it's the one):
 # https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
@@ -44,13 +44,21 @@ S="${WORKDIR}"
 LICENSE="intel-ucode"
 SLOT="0"
 KEYWORDS="-* amd64 x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
+IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
+REQUIRED_USE="!dist-kernel? ( || ( initramfs split-ucode ) )"
 RESTRICT="binchecks strip"
 
 BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+RDEPEND="
+	dist-kernel? ( virtual/dist-kernel )
+	hostonly? ( sys-apps/iucode_tool )
+"
+IDEPEND="
+	dist-kernel? (
+		initramfs? ( sys-kernel/installkernel )
+	)
+"
 
 # Blacklist bad microcode here.
 # 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
@@ -138,9 +146,18 @@ src_install() {
 		--list
 	)
 
+	# Instruct Dracut on whether or not we want the microcode in initramfs
+	# Use here 15 instead of 10, intel-microcode overwrites linux-firmware
+	(
+		insinto /usr/lib/dracut/dracut.conf.d
+		newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)"
+	)
+
 	# The earlyfw cpio needs to be in /boot because it must be loaded before
 	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+	if ! use dist-kernel && use initramfs; then
+		dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+	fi
 
 	keepdir /lib/firmware/intel-ucode
 	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
@@ -194,7 +211,9 @@ pkg_preinst() {
 
 		# The earlyfw cpio needs to be in /boot because it must be loaded before
 		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+		if ! use dist-kernel && use initramfs; then
+			opts+=( --write-earlyfw=${_initramfs_file} )
+		fi
 
 		if use split-ucode; then
 			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
@@ -265,7 +284,12 @@ pkg_postrm() {
 
 pkg_postinst() {
 	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
+	if use initramfs; then
+		if [[ -z ${ROOT} ]] && use dist-kernel; then
+			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		fi
+		mount-boot_pkg_postinst
+	fi
 
 	# We cannot give detailed information if user is affected or not:
 	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
index 418ab5cc22e2..c33321a94497 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 
-inherit linux-info mount-boot
+inherit dist-kernel-utils linux-info mount-boot
 
 # Find updates by searching and clicking the first link (hopefully it's the one):
 # https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
@@ -44,13 +44,21 @@ S="${WORKDIR}"
 LICENSE="intel-ucode"
 SLOT="0"
 KEYWORDS="-* ~amd64 ~x86"
-IUSE="hostonly initramfs +split-ucode vanilla"
-REQUIRED_USE="|| ( initramfs split-ucode )"
+IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
+REQUIRED_USE="!dist-kernel? ( || ( initramfs split-ucode ) )"
 RESTRICT="binchecks strip"
 
 BDEPEND=">=sys-apps/iucode_tool-2.3"
 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+RDEPEND="
+	dist-kernel? ( virtual/dist-kernel )
+	hostonly? ( sys-apps/iucode_tool )
+"
+IDEPEND="
+	dist-kernel? (
+		initramfs? ( sys-kernel/installkernel )
+	)
+"
 
 # Blacklist bad microcode here.
 # 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
@@ -138,9 +146,18 @@ src_install() {
 		--list
 	)
 
+	# Instruct Dracut on whether or not we want the microcode in initramfs
+	# Use here 15 instead of 10, intel-microcode overwrites linux-firmware
+	(
+		insinto /usr/lib/dracut/dracut.conf.d
+		newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)"
+	)
+
 	# The earlyfw cpio needs to be in /boot because it must be loaded before
 	# rootfs is mounted.
-	use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+	if ! use dist-kernel && use initramfs; then
+		dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+	fi
 
 	keepdir /lib/firmware/intel-ucode
 	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
@@ -194,7 +211,9 @@ pkg_preinst() {
 
 		# The earlyfw cpio needs to be in /boot because it must be loaded before
 		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+		if ! use dist-kernel && use initramfs; then
+			opts+=( --write-earlyfw=${_initramfs_file} )
+		fi
 
 		if use split-ucode; then
 			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
@@ -265,7 +284,12 @@ pkg_postrm() {
 
 pkg_postinst() {
 	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postinst
+	if use initramfs; then
+		if [[ -z ${ROOT} ]] && use dist-kernel; then
+			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		fi
+		mount-boot_pkg_postinst
+	fi
 
 	# We cannot give detailed information if user is affected or not:
 	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     e1dda3e7d5cf531916db74bec2247e590e262b94
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  1 00:59:59 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun  1 00:59:59 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1dda3e7

sys-firmware/intel-microcode: add 20240531_p20240526

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20240531_p20240526.ebuild      | 311 +++++++++++++++++++++
 2 files changed, 313 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 03d11061b4c8..b3906fe1771b 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,5 +1,7 @@
 DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
 DIST intel-microcode-collection-20240514.tar.xz 13421016 BLAKE2B 83b7d213709bf8c1ea1b62456974cf6a2087470d9e2456ef3de93569007cfa8c94021a21a9f3f7b638ffe4b2ad0f516deda04a1c630e54f35709e92a113a7683 SHA512 4cc364b19355f133dae0178f7d10b50abcc0e6e7919e646cfc756c8ff8dc1d6d0819abae6f5cb7f659f0466ee31196625cf022bb994f500ab08e93238a66d104
+DIST intel-microcode-collection-20240526.tar.xz 13421124 BLAKE2B fd56bdef9dde99b8845f746aca7bc7b4ac0ce231402bb6b157d35d2f28a494788439469aa6c947234e4a514f92d2506eaa71de3781a8530748916e8cea5c8ed8 SHA512 9b8cba74996a981eab57141a8e9713bc4e9f4afdc543a4ac874459437ff922fe0929b4c41f5bce7ff189319792c9881f75f83fc27adb50a16addeca173527574
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911
 DIST microcode-20240514.tar.gz 12870457 BLAKE2B 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e SHA512 1c0f1707bf7db70d04e94a0728c0f61a1f9c25fead8c2c3716cafd20c976973cf636e411d12f81b34bf0076d7c7601c11b1bcd92a2e1be35d98003bb61ace569
+DIST microcode-20240531.tar.gz 12870497 BLAKE2B 6a2c5ee6b6f3543b28f3753b30812e360bad50776b4f81e32a832e2169f38c11f8d5108ce0a81ddcdf1ecf7557baf1fd62c053a365f39a33ded5fd5018580b1f SHA512 fb9d772491f279ebb691248e4a665da45c986ca7b4668ecf311c5fcb91a42400f7a5b35e8bfc31ceb1c9d598e753c817359900e3fa316d825f8ecec21ec63cfe

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
new file mode 100644
index 000000000000..c33321a94497
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
@@ -0,0 +1,311 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit dist-kernel-utils linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
+REQUIRED_USE="!dist-kernel? ( || ( initramfs split-ucode ) )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="
+	dist-kernel? ( virtual/dist-kernel )
+	hostonly? ( sys-apps/iucode_tool )
+"
+IDEPEND="
+	dist-kernel? (
+		initramfs? ( sys-kernel/installkernel )
+	)
+"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# Instruct Dracut on whether or not we want the microcode in initramfs
+	# Use here 15 instead of 10, intel-microcode overwrites linux-firmware
+	(
+		insinto /usr/lib/dracut/dracut.conf.d
+		newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)"
+	)
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	if ! use dist-kernel && use initramfs; then
+		dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+	fi
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		if ! use dist-kernel && use initramfs; then
+			opts+=( --write-earlyfw=${_initramfs_file} )
+		fi
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	if use initramfs; then
+		if [[ -z ${ROOT} ]] && use dist-kernel; then
+			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		fi
+		mount-boot_pkg_postinst
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     d26515974443ce2d125b0176f35b472d9bb3533e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  1 02:11:05 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun  1 02:11:05 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2651597

sys-firmware/intel-microcode: fix date mix-up

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
index c33321a94497..01f5afa4d1ad 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
@@ -103,7 +103,7 @@ src_prepare() {
 	rm -f "${S}"/intel-ucod*/list || die
 
 	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+	rm "${S}"/intel-microcode-collection-${INTEL_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
 
 	# Remove non-microcode file from list
 	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Sam James]

commit:     94cb7ce139fa128203cd76d778928cd2ac0a0675
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  1 02:53:31 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun  1 02:54:27 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94cb7ce1

sys-firmware/intel-microcode: fix date mix-up properly

This reverts commit d26515974443ce2d125b0176f35b472d9bb3533e. I ended up
confusing myself with how I swapped the dates around a few times and missed
I got the directory name wrong when I renamed the tarball.

The size is different because I just recompressed it on woodpecker
which has diff xz options unlike me locally.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest                                  | 2 +-
 sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index b3906fe1771b..53def8c134e2 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,6 +1,6 @@
 DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
 DIST intel-microcode-collection-20240514.tar.xz 13421016 BLAKE2B 83b7d213709bf8c1ea1b62456974cf6a2087470d9e2456ef3de93569007cfa8c94021a21a9f3f7b638ffe4b2ad0f516deda04a1c630e54f35709e92a113a7683 SHA512 4cc364b19355f133dae0178f7d10b50abcc0e6e7919e646cfc756c8ff8dc1d6d0819abae6f5cb7f659f0466ee31196625cf022bb994f500ab08e93238a66d104
-DIST intel-microcode-collection-20240526.tar.xz 13421124 BLAKE2B fd56bdef9dde99b8845f746aca7bc7b4ac0ce231402bb6b157d35d2f28a494788439469aa6c947234e4a514f92d2506eaa71de3781a8530748916e8cea5c8ed8 SHA512 9b8cba74996a981eab57141a8e9713bc4e9f4afdc543a4ac874459437ff922fe0929b4c41f5bce7ff189319792c9881f75f83fc27adb50a16addeca173527574
+DIST intel-microcode-collection-20240526.tar.xz 14673584 BLAKE2B 262f667ac46e190994e86f547c98ac776c73b1576c208fa32df96a2dd60af6cda9bd0b0367ca68bb6b85fd19f75913e73069d0064eb2b4c560068c3da50618c8 SHA512 4227c68ba60aea940b851f10d1006ee42b45d55425eb143210adeb363468238329d4a2720d117f5bdaeb9857ae29a6952a3df22769f4436638a9080ded6793ba
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911
 DIST microcode-20240514.tar.gz 12870457 BLAKE2B 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e SHA512 1c0f1707bf7db70d04e94a0728c0f61a1f9c25fead8c2c3716cafd20c976973cf636e411d12f81b34bf0076d7c7601c11b1bcd92a2e1be35d98003bb61ace569

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
index 01f5afa4d1ad..c33321a94497 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526.ebuild
@@ -103,7 +103,7 @@ src_prepare() {
 	rm -f "${S}"/intel-ucod*/list || die
 
 	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${INTEL_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
 
 	# Remove non-microcode file from list
 	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Arthur Zamarin]

commit:     0c094cd0136bce2d3583052645dd37e2c2103e5a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 26 17:53:53 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 26 17:53:53 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c094cd0

sys-firmware/intel-microcode: Stabilize 20240514_p20240514 x86, #934876

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
index c33321a94497..ca29f6f7e640 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* ~amd64 x86"
 IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
 REQUIRED_USE="!dist-kernel? ( || ( initramfs split-ucode ) )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Arthur Zamarin]

commit:     90289f5ea63bb9c56a0b3e6bdb47f328b82ea93d
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 26 18:58:44 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Jun 26 18:58:44 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90289f5e

sys-firmware/intel-microcode: Stabilize 20240514_p20240514 amd64, #934876

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
index ca29f6f7e640..957da662f92e 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 x86"
+KEYWORDS="-* amd64 x86"
 IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
 REQUIRED_USE="!dist-kernel? ( || ( initramfs split-ucode ) )"
 RESTRICT="binchecks strip"

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Andrew Ammerlaan]

commit:     8da5d5cc4ed7a090c83b9f99577c31365c6884da
Author:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 25 14:36:46 2024 +0000
Commit:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
CommitDate: Sat Jun 29 08:36:22 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8da5d5cc

sys-firmware/intel-microcode: complain less when /boot is not mounted

When using dist-kernel users can correct the problem and then
emerge --config ...

Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/37292
Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>

 .../intel-microcode-20240312_p20240312.ebuild       | 21 +++++++++++++++------
 .../intel-microcode-20240514_p20240514.ebuild       | 21 +++++++++++++++------
 .../intel-microcode-20240531_p20240526-r1.ebuild    | 21 +++++++++++++++------
 3 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
index 957da662f92e..5e2d305fc9ed 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
@@ -83,7 +83,15 @@ MICROCODE_SIGNATURES_DEFAULT=""
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
 
 pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
+	if use initramfs; then
+		if [[ -z ${ROOT} ]] && use dist-kernel; then
+			# Check, but don't die because we can fix the problem and then
+			# emerge --config ... to re-run installation.
+			nonfatal mount-boot_check_status
+		else
+			mount-boot_pkg_pretend
+		fi
+	fi
 }
 
 src_prepare() {
@@ -181,7 +189,7 @@ pkg_preinst() {
 	fi
 
 	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
+	use initramfs && ! use dist-kernel && mount-boot_pkg_preinst
 
 	local _initramfs_file="${ED}/boot/intel-uc.img"
 
@@ -274,21 +282,22 @@ pkg_preinst() {
 
 pkg_prerm() {
 	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
+	use initramfs && ! use dist-kernel && mount-boot_pkg_prerm
 }
 
 pkg_postrm() {
 	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
+	use initramfs && ! use dist-kernel && mount-boot_pkg_postrm
 }
 
 pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
 	if use initramfs; then
 		if [[ -z ${ROOT} ]] && use dist-kernel; then
 			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		else
+			# Don't forget to umount /boot if it was previously mounted by us.
+			mount-boot_pkg_postinst
 		fi
-		mount-boot_pkg_postinst
 	fi
 
 	# We cannot give detailed information if user is affected or not:

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
index 957da662f92e..5e2d305fc9ed 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240514_p20240514.ebuild
@@ -83,7 +83,15 @@ MICROCODE_SIGNATURES_DEFAULT=""
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
 
 pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
+	if use initramfs; then
+		if [[ -z ${ROOT} ]] && use dist-kernel; then
+			# Check, but don't die because we can fix the problem and then
+			# emerge --config ... to re-run installation.
+			nonfatal mount-boot_check_status
+		else
+			mount-boot_pkg_pretend
+		fi
+	fi
 }
 
 src_prepare() {
@@ -181,7 +189,7 @@ pkg_preinst() {
 	fi
 
 	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
+	use initramfs && ! use dist-kernel && mount-boot_pkg_preinst
 
 	local _initramfs_file="${ED}/boot/intel-uc.img"
 
@@ -274,21 +282,22 @@ pkg_preinst() {
 
 pkg_prerm() {
 	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
+	use initramfs && ! use dist-kernel && mount-boot_pkg_prerm
 }
 
 pkg_postrm() {
 	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
+	use initramfs && ! use dist-kernel && mount-boot_pkg_postrm
 }
 
 pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
 	if use initramfs; then
 		if [[ -z ${ROOT} ]] && use dist-kernel; then
 			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		else
+			# Don't forget to umount /boot if it was previously mounted by us.
+			mount-boot_pkg_postinst
 		fi
-		mount-boot_pkg_postinst
 	fi
 
 	# We cannot give detailed information if user is affected or not:

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526-r1.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526-r1.ebuild
index 6ad9cfa826b6..55f66f30803d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526-r1.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240531_p20240526-r1.ebuild
@@ -83,7 +83,15 @@ MICROCODE_SIGNATURES_DEFAULT=""
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
 
 pkg_pretend() {
-	use initramfs && mount-boot_pkg_pretend
+	if use initramfs; then
+		if [[ -z ${ROOT} ]] && use dist-kernel; then
+			# Check, but don't die because we can fix the problem and then
+			# emerge --config ... to re-run installation.
+			nonfatal mount-boot_check_status
+		else
+			mount-boot_pkg_pretend
+		fi
+	fi
 }
 
 src_prepare() {
@@ -191,7 +199,7 @@ pkg_preinst() {
 	fi
 
 	# Make sure /boot is available if needed.
-	use initramfs && mount-boot_pkg_preinst
+	use initramfs && ! use dist-kernel && mount-boot_pkg_preinst
 
 	local _initramfs_file="${ED}/boot/intel-uc.img"
 
@@ -284,21 +292,22 @@ pkg_preinst() {
 
 pkg_prerm() {
 	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && mount-boot_pkg_prerm
+	use initramfs && ! use dist-kernel && mount-boot_pkg_prerm
 }
 
 pkg_postrm() {
 	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && mount-boot_pkg_postrm
+	use initramfs && ! use dist-kernel && mount-boot_pkg_postrm
 }
 
 pkg_postinst() {
-	# Don't forget to umount /boot if it was previously mounted by us.
 	if use initramfs; then
 		if [[ -z ${ROOT} ]] && use dist-kernel; then
 			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		else
+			# Don't forget to umount /boot if it was previously mounted by us.
+			mount-boot_pkg_postinst
 		fi
-		mount-boot_pkg_postinst
 	fi
 
 	# We cannot give detailed information if user is affected or not:

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     1bc27f5173298af323c44e4138d90faf4428845f
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 15 22:21:24 2024 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Thu Aug 15 22:21:35 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bc27f51

sys-firmware/intel-microcode: add 20240813_p20240815

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20240813_p20240815.ebuild      | 338 +++++++++++++++++++++
 2 files changed, 340 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 53def8c134e2..626054c8dec9 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,7 +1,9 @@
 DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
 DIST intel-microcode-collection-20240514.tar.xz 13421016 BLAKE2B 83b7d213709bf8c1ea1b62456974cf6a2087470d9e2456ef3de93569007cfa8c94021a21a9f3f7b638ffe4b2ad0f516deda04a1c630e54f35709e92a113a7683 SHA512 4cc364b19355f133dae0178f7d10b50abcc0e6e7919e646cfc756c8ff8dc1d6d0819abae6f5cb7f659f0466ee31196625cf022bb994f500ab08e93238a66d104
 DIST intel-microcode-collection-20240526.tar.xz 14673584 BLAKE2B 262f667ac46e190994e86f547c98ac776c73b1576c208fa32df96a2dd60af6cda9bd0b0367ca68bb6b85fd19f75913e73069d0064eb2b4c560068c3da50618c8 SHA512 4227c68ba60aea940b851f10d1006ee42b45d55425eb143210adeb363468238329d4a2720d117f5bdaeb9857ae29a6952a3df22769f4436638a9080ded6793ba
+DIST intel-microcode-collection-20240815.tar.xz 15458512 BLAKE2B 17b3719961a30d18aecb7b5094de5250e36a6eaa2f880a020ca38762d8a037b7e25f322cc1cbb3000a520007beb0d47d6b4f4940c47fac2082c9c2a3fa3be5d4 SHA512 6faddcac20184424bbe0488dce8df31479b89da9affb5c2f2d93f2bccc045d41105d5a10e3c56ba48cf27853a089334adac6e42a27c5fb63e86f0ed7c51bbc42
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911
 DIST microcode-20240514.tar.gz 12870457 BLAKE2B 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e SHA512 1c0f1707bf7db70d04e94a0728c0f61a1f9c25fead8c2c3716cafd20c976973cf636e411d12f81b34bf0076d7c7601c11b1bcd92a2e1be35d98003bb61ace569
 DIST microcode-20240531.tar.gz 12870497 BLAKE2B 6a2c5ee6b6f3543b28f3753b30812e360bad50776b4f81e32a832e2169f38c11f8d5108ce0a81ddcdf1ecf7557baf1fd62c053a365f39a33ded5fd5018580b1f SHA512 fb9d772491f279ebb691248e4a665da45c986ca7b4668ecf311c5fcb91a42400f7a5b35e8bfc31ceb1c9d598e753c817359900e3fa316d825f8ecec21ec63cfe
+DIST microcode-20240813.tar.gz 12879301 BLAKE2B f6a157de1f2c14e0e4d08ec71304451a52c7a0ffcfc79a1ebce7e8c16c7405587369c9cad994b8bdb0a987d4fe2769b2988948ffd9fe1e7f117eb624cf579b63 SHA512 ba1fa7d9bed7d90756ea959f5878afca0deacc9b1e932a936a15d74a411b7efb6103a4af75dc3731d9cbb2e464439ce9a7d448f75bc6f38b616907ff6dec6ee3

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild
new file mode 100644
index 000000000000..947e22ff9bc2
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit dist-kernel-utils linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
+REQUIRED_USE="
+	|| ( initramfs split-ucode )
+	dist-kernel? ( split-ucode )
+"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="
+	dist-kernel? (
+		virtual/dist-kernel
+		initramfs? (
+			sys-apps/iucode_tool
+		)
+	)
+"
+IDEPEND="
+	hostonly? ( sys-apps/iucode_tool )
+	dist-kernel? (
+		initramfs? ( sys-kernel/installkernel )
+	)
+"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	if use initramfs; then
+		if use dist-kernel; then
+			# Check, but don't die because we can fix the problem and then
+			# emerge --config ... to re-run installation.
+			[[ -z ${ROOT} ]] && nonfatal mount-boot_check_status
+		else
+			mount-boot_pkg_pretend
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# Instruct Dracut on whether or not we want the microcode in initramfs
+	# Use here 15 instead of 10, intel-microcode overwrites linux-firmware
+	(
+		insinto /usr/lib/dracut/dracut.conf.d
+		newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)"
+	)
+	if use initramfs; then
+		# Install installkernel/kernel-install hooks for non-dracut initramfs
+		# generators that don't bundled the microcode
+		(
+			exeinto /usr/lib/kernel/preinst.d
+			doexe "${FILESDIR}/35-intel-microcode.install"
+			exeinto /usr/lib/kernel/install.d
+			doexe "${FILESDIR}/35-intel-microcode-systemd.install"
+		)
+	fi
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	if ! use dist-kernel && use initramfs; then
+		dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+	fi
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && ! use dist-kernel && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		if ! use dist-kernel && use initramfs; then
+			opts+=( --write-earlyfw=${_initramfs_file} )
+		fi
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && ! use dist-kernel && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && ! use dist-kernel && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	if use initramfs; then
+		if use dist-kernel; then
+			[[ -z ${ROOT} ]] && dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		else
+			# Don't forget to umount /boot if it was previously mounted by us.
+			mount-boot_pkg_postinst
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     9dc29b37c1a3a85b104d1f8aa1426d236b78972e
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  7 18:31:23 2024 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Sat Sep  7 18:31:23 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9dc29b37

sys-firmware/intel-microcode: stabilize 20240813_p20240815 for amd64, x86

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild
index 947e22ff9bc2..3af9d1741d1e 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20240813_p20240815.ebuild
@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
 REQUIRED_USE="
 	|| ( initramfs split-ucode )

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     edb572b10f51520d99a307b4ab7a08ce88d7d00f
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Sat Sep  7 18:31:43 2024 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Sat Sep  7 18:31:43 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edb572b1

sys-firmware/intel-microcode: drop 20240312_p20240312

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 -
 .../intel-microcode-20240312_p20240312.ebuild      | 320 ---------------------
 2 files changed, 322 deletions(-)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index 626054c8dec9..b0ac6af5bce0 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,9 +1,7 @@
-DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
 DIST intel-microcode-collection-20240514.tar.xz 13421016 BLAKE2B 83b7d213709bf8c1ea1b62456974cf6a2087470d9e2456ef3de93569007cfa8c94021a21a9f3f7b638ffe4b2ad0f516deda04a1c630e54f35709e92a113a7683 SHA512 4cc364b19355f133dae0178f7d10b50abcc0e6e7919e646cfc756c8ff8dc1d6d0819abae6f5cb7f659f0466ee31196625cf022bb994f500ab08e93238a66d104
 DIST intel-microcode-collection-20240526.tar.xz 14673584 BLAKE2B 262f667ac46e190994e86f547c98ac776c73b1576c208fa32df96a2dd60af6cda9bd0b0367ca68bb6b85fd19f75913e73069d0064eb2b4c560068c3da50618c8 SHA512 4227c68ba60aea940b851f10d1006ee42b45d55425eb143210adeb363468238329d4a2720d117f5bdaeb9857ae29a6952a3df22769f4436638a9080ded6793ba
 DIST intel-microcode-collection-20240815.tar.xz 15458512 BLAKE2B 17b3719961a30d18aecb7b5094de5250e36a6eaa2f880a020ca38762d8a037b7e25f322cc1cbb3000a520007beb0d47d6b4f4940c47fac2082c9c2a3fa3be5d4 SHA512 6faddcac20184424bbe0488dce8df31479b89da9affb5c2f2d93f2bccc045d41105d5a10e3c56ba48cf27853a089334adac6e42a27c5fb63e86f0ed7c51bbc42
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911
 DIST microcode-20240514.tar.gz 12870457 BLAKE2B 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e SHA512 1c0f1707bf7db70d04e94a0728c0f61a1f9c25fead8c2c3716cafd20c976973cf636e411d12f81b34bf0076d7c7601c11b1bcd92a2e1be35d98003bb61ace569
 DIST microcode-20240531.tar.gz 12870497 BLAKE2B 6a2c5ee6b6f3543b28f3753b30812e360bad50776b4f81e32a832e2169f38c11f8d5108ce0a81ddcdf1ecf7557baf1fd62c053a365f39a33ded5fd5018580b1f SHA512 fb9d772491f279ebb691248e4a665da45c986ca7b4668ecf311c5fcb91a42400f7a5b35e8bfc31ceb1c9d598e753c817359900e3fa316d825f8ecec21ec63cfe
 DIST microcode-20240813.tar.gz 12879301 BLAKE2B f6a157de1f2c14e0e4d08ec71304451a52c7a0ffcfc79a1ebce7e8c16c7405587369c9cad994b8bdb0a987d4fe2769b2988948ffd9fe1e7f117eb624cf579b63 SHA512 ba1fa7d9bed7d90756ea959f5878afca0deacc9b1e932a936a15d74a411b7efb6103a4af75dc3731d9cbb2e464439ce9a7d448f75bc6f38b616907ff6dec6ee3

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
deleted file mode 100644
index 5e2d305fc9ed..000000000000
--- a/sys-firmware/intel-microcode/intel-microcode-20240312_p20240312.ebuild
+++ /dev/null
@@ -1,320 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit dist-kernel-utils linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-#
-#
-# Package Maintenance instructions:
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-#
-# PV:
-# * the first date is upstream
-# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
-SRC_URI="
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-"
-S="${WORKDIR}"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
-REQUIRED_USE="!dist-kernel? ( || ( initramfs split-ucode ) )"
-RESTRICT="binchecks strip"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="
-	dist-kernel? ( virtual/dist-kernel )
-	hostonly? ( sys-apps/iucode_tool )
-"
-IDEPEND="
-	dist-kernel? (
-		initramfs? ( sys-kernel/installkernel )
-	)
-"
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	if use initramfs; then
-		if [[ -z ${ROOT} ]] && use dist-kernel; then
-			# Check, but don't die because we can fix the problem and then
-			# emerge --config ... to re-run installation.
-			nonfatal mount-boot_check_status
-		else
-			mount-boot_pkg_pretend
-		fi
-	fi
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# Instruct Dracut on whether or not we want the microcode in initramfs
-	# Use here 15 instead of 10, intel-microcode overwrites linux-firmware
-	(
-		insinto /usr/lib/dracut/dracut.conf.d
-		newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)"
-	)
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	if ! use dist-kernel && use initramfs; then
-		dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-	fi
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && ! use dist-kernel && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		if ! use dist-kernel && use initramfs; then
-			opts+=( --write-earlyfw=${_initramfs_file} )
-		fi
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && ! use dist-kernel && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && ! use dist-kernel && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	if use initramfs; then
-		if [[ -z ${ROOT} ]] && use dist-kernel; then
-			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
-		else
-			# Don't forget to umount /boot if it was previously mounted by us.
-			mount-boot_pkg_postinst
-		fi
-	fi
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

[Mike Pagano]

commit:     efe8acaa3a3d271d0b9cb79ad5d560a0cf02506b
Author:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 16:25:54 2024 +0000
Commit:     Mike Pagano <mpagano <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 16:25:54 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efe8acaa

sys-firmware/intel-microcode: add 20240910_p20240915

Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>

 sys-firmware/intel-microcode/Manifest              |   2 +
 .../intel-microcode-20240910_p20240915.ebuild      | 338 +++++++++++++++++++++
 2 files changed, 340 insertions(+)

diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index b0ac6af5bce0..9b2804517915 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -1,7 +1,9 @@
 DIST intel-microcode-collection-20240514.tar.xz 13421016 BLAKE2B 83b7d213709bf8c1ea1b62456974cf6a2087470d9e2456ef3de93569007cfa8c94021a21a9f3f7b638ffe4b2ad0f516deda04a1c630e54f35709e92a113a7683 SHA512 4cc364b19355f133dae0178f7d10b50abcc0e6e7919e646cfc756c8ff8dc1d6d0819abae6f5cb7f659f0466ee31196625cf022bb994f500ab08e93238a66d104
 DIST intel-microcode-collection-20240526.tar.xz 14673584 BLAKE2B 262f667ac46e190994e86f547c98ac776c73b1576c208fa32df96a2dd60af6cda9bd0b0367ca68bb6b85fd19f75913e73069d0064eb2b4c560068c3da50618c8 SHA512 4227c68ba60aea940b851f10d1006ee42b45d55425eb143210adeb363468238329d4a2720d117f5bdaeb9857ae29a6952a3df22769f4436638a9080ded6793ba
 DIST intel-microcode-collection-20240815.tar.xz 15458512 BLAKE2B 17b3719961a30d18aecb7b5094de5250e36a6eaa2f880a020ca38762d8a037b7e25f322cc1cbb3000a520007beb0d47d6b4f4940c47fac2082c9c2a3fa3be5d4 SHA512 6faddcac20184424bbe0488dce8df31479b89da9affb5c2f2d93f2bccc045d41105d5a10e3c56ba48cf27853a089334adac6e42a27c5fb63e86f0ed7c51bbc42
+DIST intel-microcode-collection-20240915.tar.xz 15384092 BLAKE2B 8f7caf4e7e96544037f25f335a1fd24a04e9613cd397dcd4a299f385647335771bd2218b64b7fd047405e88ac3907f662b4a2d35c5600d488a197152514d0de8 SHA512 975867f7a817e4086c6901329de3c6bff2b6d8ed4719af41b349e87297c8b213a31708804d7216a44358fbe4effc227e96999fb7f9f4599dd83d033eee849a4d
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
 DIST microcode-20240514.tar.gz 12870457 BLAKE2B 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e SHA512 1c0f1707bf7db70d04e94a0728c0f61a1f9c25fead8c2c3716cafd20c976973cf636e411d12f81b34bf0076d7c7601c11b1bcd92a2e1be35d98003bb61ace569
 DIST microcode-20240531.tar.gz 12870497 BLAKE2B 6a2c5ee6b6f3543b28f3753b30812e360bad50776b4f81e32a832e2169f38c11f8d5108ce0a81ddcdf1ecf7557baf1fd62c053a365f39a33ded5fd5018580b1f SHA512 fb9d772491f279ebb691248e4a665da45c986ca7b4668ecf311c5fcb91a42400f7a5b35e8bfc31ceb1c9d598e753c817359900e3fa316d825f8ecec21ec63cfe
 DIST microcode-20240813.tar.gz 12879301 BLAKE2B f6a157de1f2c14e0e4d08ec71304451a52c7a0ffcfc79a1ebce7e8c16c7405587369c9cad994b8bdb0a987d4fe2769b2988948ffd9fe1e7f117eb624cf579b63 SHA512 ba1fa7d9bed7d90756ea959f5878afca0deacc9b1e932a936a15d74a411b7efb6103a4af75dc3731d9cbb2e464439ce9a7d448f75bc6f38b616907ff6dec6ee3
+DIST microcode-20240910.tar.gz 12879730 BLAKE2B b4c353dd340ef8004e5be2e596de0ebaf8366684a3371207e14d3d8c0e4bbdc5a9c75d8279d280d1029452368556a0c2e7bf85f3fe75f1b1560e16c953f223b7 SHA512 d996de4f045df33f4eb1a1dabfb2f55bd8941e8dc16241d7a6c361216f4b87b88c34ba57c88ee4d4b7b3cf2b3fac937c43806191681df031fa3d5cdd677a86fe

diff --git a/sys-firmware/intel-microcode/intel-microcode-20240910_p20240915.ebuild b/sys-firmware/intel-microcode/intel-microcode-20240910_p20240915.ebuild
new file mode 100644
index 000000000000..947e22ff9bc2
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20240910_p20240915.ebuild
@@ -0,0 +1,338 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit dist-kernel-utils linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
+#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
+REQUIRED_USE="
+	|| ( initramfs split-ucode )
+	dist-kernel? ( split-ucode )
+"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="
+	dist-kernel? (
+		virtual/dist-kernel
+		initramfs? (
+			sys-apps/iucode_tool
+		)
+	)
+"
+IDEPEND="
+	hostonly? ( sys-apps/iucode_tool )
+	dist-kernel? (
+		initramfs? ( sys-kernel/installkernel )
+	)
+"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+	if use initramfs; then
+		if use dist-kernel; then
+			# Check, but don't die because we can fix the problem and then
+			# emerge --config ... to re-run installation.
+			[[ -z ${ROOT} ]] && nonfatal mount-boot_check_status
+		else
+			mount-boot_pkg_pretend
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+		# new tarball format from GitHub
+		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+		cd .. || die
+		rm -r Intel-Linux-Processor-Microcode-Data* || die
+	fi
+
+	mkdir intel-ucode-old || die
+	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+	# Prevent "invalid file format" errors from iucode_tool
+	rm -f "${S}"/intel-ucod*/list || die
+
+	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+	# Remove non-microcode file from list
+	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+	rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+	# This will take ALL of the upstream microcode sources:
+	# - microcode.dat
+	# - intel-ucode/
+	# In some cases, they have not contained the same content (eg the directory has newer stuff).
+	MICROCODE_SRC=(
+		"${S}"/intel-ucode/
+		"${S}"/intel-ucode-with-caveats/
+		"${S}"/intel-ucode-old/
+	)
+
+	# Allow users who are scared about microcode updates not included in Intel's official
+	# microcode tarball to opt-out and comply with Intel marketing
+	if ! use vanilla; then
+		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+	fi
+
+	# These will carry into pkg_preinst via env saving.
+	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+	opts=(
+		${MICROCODE_BLACKLIST}
+		${MICROCODE_SIGNATURES}
+		# be strict about what we are doing
+		--overwrite
+		--strict-checks
+		--no-ignore-broken
+		# we want to install latest version
+		--no-downgrade
+		# show everything we find
+		--list-all
+		# show what we selected
+		--list
+	)
+
+	# Instruct Dracut on whether or not we want the microcode in initramfs
+	# Use here 15 instead of 10, intel-microcode overwrites linux-firmware
+	(
+		insinto /usr/lib/dracut/dracut.conf.d
+		newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)"
+	)
+	if use initramfs; then
+		# Install installkernel/kernel-install hooks for non-dracut initramfs
+		# generators that don't bundled the microcode
+		(
+			exeinto /usr/lib/kernel/preinst.d
+			doexe "${FILESDIR}/35-intel-microcode.install"
+			exeinto /usr/lib/kernel/install.d
+			doexe "${FILESDIR}/35-intel-microcode-systemd.install"
+		)
+	fi
+
+	# The earlyfw cpio needs to be in /boot because it must be loaded before
+	# rootfs is mounted.
+	if ! use dist-kernel && use initramfs; then
+		dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+	fi
+
+	keepdir /lib/firmware/intel-ucode
+	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+	iucode_tool \
+		"${opts[@]}" \
+		"${MICROCODE_SRC[@]}" \
+		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+	dodoc releasenote.md
+}
+
+pkg_preinst() {
+	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
+	use initramfs && ! use dist-kernel && mount-boot_pkg_preinst
+
+	local _initramfs_file="${ED}/boot/intel-uc.img"
+
+	if use hostonly; then
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
+		opts=(
+			--scan-system
+			# be strict about what we are doing
+			--overwrite
+			--strict-checks
+			--no-ignore-broken
+			# we want to install latest version
+			--no-downgrade
+			# show everything we find
+			--list-all
+			# show what we selected
+			--list
+		)
+
+		# The earlyfw cpio needs to be in /boot because it must be loaded before
+		# rootfs is mounted.
+		if ! use dist-kernel && use initramfs; then
+			opts+=( --write-earlyfw=${_initramfs_file} )
+		fi
+
+		if use split-ucode; then
+			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+		fi
+
+		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+		keepdir /lib/firmware/intel-ucode
+
+		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+	elif ! use split-ucode; then # hostonly disabled
+		rm -r "${ED}"/lib/firmware/intel-ucode || die
+	fi
+
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
+	local _has_installed_something=
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+		_has_installed_something="yes"
+	elif use split-ucode; then
+		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+	fi
+
+	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+		elog "You only installed ucode(s) for all currently available (=online)"
+		elog "processor(s). Remember to re-emerge this package whenever you"
+		elog "change the system's processor model."
+		elog ""
+	elif [[ -z "${_has_installed_something}" ]]; then
+		ewarn "WARNING:"
+		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
+		ewarn ""
+
+		if use hostonly; then
+			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+			ewarn ""
+		fi
+	fi
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && ! use dist-kernel && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && ! use dist-kernel && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	if use initramfs; then
+		if use dist-kernel; then
+			[[ -z ${ROOT} ]] && dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}"
+		else
+			# Don't forget to umount /boot if it was previously mounted by us.
+			mount-boot_pkg_postinst
+		fi
+	fi
+
+	# We cannot give detailed information if user is affected or not:
+	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+	# to to force a specific, otherwise blacklisted, microcode. So we
+	# only show a generic warning based on running kernel version:
+	if kernel_is -lt 4 14 34; then
+		ewarn "${P} contains microcode updates which require"
+		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+		ewarn "can crash your system!"
+		ewarn ""
+		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+		ewarn "re-enabled those microcodes...!"
+		ewarn ""
+		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+		ewarn "requires additional kernel patches or not."
+	fi
+}