sys-firmware/intel-microcode: Sync with Gentoo

It's from Gentoo commit 9e5c992e33b5225c92dae3bc82defad83f234047.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>

sdk_container/src/third_party/portage-stable/sys-firmware/intel-microcode/Manifest

@@ -1,7 +1,5 @@
-DIST intel-microcode-collection-20251112.tar.xz 22855268 BLAKE2B 13d40d224e838b9aecb5d404f63c36bec0fe162f51cc909a32cee8665a844a628083bdd915e06d4710029d89479c4e0e1c8ec2f9c7ade0a6fd2b210bdfc597d5 SHA512 cb7f070933c2fa49402f9d4646b4484d67a201b95c14b995cef749482e896f586a9eefd2cc8add7a6659012f95bc5316ea48f1ffae2502f268b30afab8587725
 DIST intel-microcode-collection-20260211.tar.xz 24796412 BLAKE2B a5944ed538a1d7ddae5e92409383f09e10304b39834d8488e5197e1b66d17fadd495f23e0bdab4ed06cd6abee73048617805f902ee95a01f37f79f54851d3ba0 SHA512 7d760a121601c329fdb7ef3d79217b29a6e3e2c7c7b112f701a6e60467641472fe4e3f66bf61d2788c4bfeb17fa2e6c1dc11c5cd18efd99e2acf753fdb3b1b0c
 DIST intel-microcode-collection-20260227.tar.xz 26976652 BLAKE2B 7a49dfcd62d9ba1773768954b4aaff98c37ae50a2be16c671a78a4046c5523634bc19809b4bbef03cd7a60e8c710ce477a9b0949ff6a8ddc8aa9f8590143de23 SHA512 1ce5428d50e692015b9c919049bda27215453aaddbcb8bc3c8c3312ad763ca9f102b0cc614905931441e031a5fc1ac7f54dd367a0b4506b41f73e7260e11ee18
 DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
-DIST microcode-20251111.tar.gz 16586556 BLAKE2B 5cfe307f498a153540196679d5f32b3d15d54ece195f7c2f937bb16731e705bb643ad9302e1eaf0356414a0d345fb158e75035e75993b4d00275fb9565fd77b4 SHA512 a11ded3158d761ae68258ca61a15014258d68ea28e9e9c94c125a49490a1df0f4b5c6cc37e97b42d84594760e455a1444feb2106e920ea6dd09934e545d92188
 DIST microcode-20260210.tar.gz 16622114 BLAKE2B 3b3a8fef499a67af0264550b457ae7de4f6965d9c8c02cc1b5b0f02316580662397016287510e09274e241d8d9cb7d70245f05a584f746515ac7c9bbe4a5cb28 SHA512 ec4ed32600ce1ce2c9c52796458f92205c89c38ba2834d84ab86d800790c709d22cb66e4fca5edda42752363956324f8066d08e3b1d81c50ac879d2749068655
 DIST microcode-20260227.tar.gz 16621772 BLAKE2B 3725dee3af32b545a754a47616c7451a6e7e227af125a8eb35729b2784dfbdecccea6054e1f3190119253041697ce525380e5a98c929e42a4294028d2eca1ebd SHA512 d9de41b1f1b2740d12f0e9e4987b8001d7b9a0ae53382e9bd715936fb7cab7da74a9154df781950738db1c1ebb9ad4f46700355b67a0fb4e8fd5e80711702723

sdk_container/src/third_party/portage-stable/sys-firmware/intel-microcode/intel-microcode-20251111_p20251112.ebuild

@@ -1,338 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit dist-kernel-utils linux-info mount-boot
-
-# Find updates by searching and clicking the first link (hopefully it's the one):
-# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
-#
-#
-# Package Maintenance instructions:
-# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
-# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
-# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
-#   a. Clone the repository https://github.com/platomav/CPUMicrocodes
-#   b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
-#   c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
-#      tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
-#   d. This file can go in your devspace, add the URL to SRC_URI if it's not there
-#      https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-#
-# PV:
-# * the first date is upstream
-# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
-
-COLLECTION_SNAPSHOT="${PV##*_p}"
-INTEL_SNAPSHOT="${PV/_p*}"
-#NUM="28087"
-
-#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
-#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
-
-DESCRIPTION="Intel IA32/IA64 microcode update data"
-HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
-SRC_URI="
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
-	https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
-	https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
-"
-S="${WORKDIR}"
-
-LICENSE="intel-ucode"
-SLOT="0"
-KEYWORDS="-* amd64 x86"
-IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
-REQUIRED_USE="
-	|| ( initramfs split-ucode )
-	dist-kernel? ( split-ucode )
-"
-RESTRICT="binchecks strip"
-
-BDEPEND=">=sys-apps/iucode_tool-2.3"
-# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
-RDEPEND="
-	dist-kernel? (
-		virtual/dist-kernel
-		initramfs? (
-			sys-apps/iucode_tool
-		)
-	)
-"
-IDEPEND="
-	hostonly? ( sys-apps/iucode_tool )
-	dist-kernel? (
-		initramfs? ( sys-kernel/installkernel )
-	)
-"
-
-# Blacklist bad microcode here.
-# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
-
-# https://bugs.gentoo.org/722768
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
-
-# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
-MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
-
-# In case we want to set some defaults ...
-MICROCODE_SIGNATURES_DEFAULT=""
-
-# Advanced users only!
-# Set MIRCOCODE_SIGNATURES to merge with:
-# only current CPU: MICROCODE_SIGNATURES="-S"
-# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
-# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-
-pkg_pretend() {
-	if use initramfs; then
-		if use dist-kernel; then
-			# Check, but don't die because we can fix the problem and then
-			# emerge --config ... to re-run installation.
-			nonfatal mount-boot_check_status
-		else
-			mount-boot_pkg_pretend
-		fi
-	fi
-}
-
-src_prepare() {
-	default
-
-	if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
-		# new tarball format from GitHub
-		mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
-		cd .. || die
-		rm -r Intel-Linux-Processor-Microcode-Data* || die
-	fi
-
-	mkdir intel-ucode-old || die
-	cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
-
-	# Prevent "invalid file format" errors from iucode_tool
-	rm -f "${S}"/intel-ucod*/list || die
-
-	# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
-	rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
-
-	# Remove non-microcode file from list
-	rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
-	rm -f "${S}"/intel-ucode*/LICENSE || die
-}
-
-src_install() {
-	# This will take ALL of the upstream microcode sources:
-	# - microcode.dat
-	# - intel-ucode/
-	# In some cases, they have not contained the same content (eg the directory has newer stuff).
-	MICROCODE_SRC=(
-		"${S}"/intel-ucode/
-		"${S}"/intel-ucode-with-caveats/
-		"${S}"/intel-ucode-old/
-	)
-
-	# Allow users who are scared about microcode updates not included in Intel's official
-	# microcode tarball to opt-out and comply with Intel marketing
-	if ! use vanilla; then
-		MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
-	fi
-
-	# These will carry into pkg_preinst via env saving.
-	: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
-	: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
-
-	opts=(
-		${MICROCODE_BLACKLIST}
-		${MICROCODE_SIGNATURES}
-		# be strict about what we are doing
-		--overwrite
-		--strict-checks
-		--no-ignore-broken
-		# we want to install latest version
-		--no-downgrade
-		# show everything we find
-		--list-all
-		# show what we selected
-		--list
-	)
-
-	# Instruct Dracut on whether or not we want the microcode in initramfs
-	# Use here 15 instead of 10, intel-microcode overwrites linux-firmware
-	(
-		insinto /usr/lib/dracut/dracut.conf.d
-		newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)"
-	)
-	if use initramfs; then
-		# Install installkernel/kernel-install hooks for non-dracut initramfs
-		# generators that don't bundled the microcode
-		(
-			exeinto /usr/lib/kernel/preinst.d
-			doexe "${FILESDIR}/35-intel-microcode.install"
-			exeinto /usr/lib/kernel/install.d
-			doexe "${FILESDIR}/35-intel-microcode-systemd.install"
-		)
-	fi
-
-	# The earlyfw cpio needs to be in /boot because it must be loaded before
-	# rootfs is mounted.
-	if ! use dist-kernel && use initramfs; then
-		dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
-	fi
-
-	keepdir /lib/firmware/intel-ucode
-	opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-
-	iucode_tool \
-		"${opts[@]}" \
-		"${MICROCODE_SRC[@]}" \
-		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
-
-	dodoc releasenote.md
-}
-
-pkg_preinst() {
-	if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-		ewarn "Package was created using advanced options:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
-	# Make sure /boot is available if needed.
-	use initramfs && ! use dist-kernel && mount-boot_pkg_preinst
-
-	local _initramfs_file="${ED}/boot/intel-uc.img"
-
-	if use hostonly; then
-		# While this output looks redundant we do this check to detect
-		# rare cases where iucode_tool was unable to detect system's processor(s).
-		local _detected_processors=$(iucode_tool --scan-system 2>&1)
-		if [[ -z "${_detected_processors}" ]]; then
-			ewarn "Looks like iucode_tool was unable to detect any processor!"
-		else
-			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
-		fi
-
-		opts=(
-			--scan-system
-			# be strict about what we are doing
-			--overwrite
-			--strict-checks
-			--no-ignore-broken
-			# we want to install latest version
-			--no-downgrade
-			# show everything we find
-			--list-all
-			# show what we selected
-			--list
-		)
-
-		# The earlyfw cpio needs to be in /boot because it must be loaded before
-		# rootfs is mounted.
-		if ! use dist-kernel && use initramfs; then
-			opts+=( --write-earlyfw=${_initramfs_file} )
-		fi
-
-		if use split-ucode; then
-			opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
-		fi
-
-		opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
-
-		mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
-		keepdir /lib/firmware/intel-ucode
-
-		iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
-
-		rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
-
-	elif ! use split-ucode; then # hostonly disabled
-		rm -r "${ED}"/lib/firmware/intel-ucode || die
-	fi
-
-	# Because it is possible that this package will install not one single file
-	# due to user selection which is still somehow unexpected we add the following
-	# check to inform user so that the user has at least a chance to detect
-	# a problem/invalid select.
-	local _has_installed_something=
-	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
-		_has_installed_something="yes"
-	elif use split-ucode; then
-		_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
-	fi
-
-	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
-		elog "You only installed ucode(s) for all currently available (=online)"
-		elog "processor(s). Remember to re-emerge this package whenever you"
-		elog "change the system's processor model."
-		elog ""
-	elif [[ -z "${_has_installed_something}" ]]; then
-		ewarn "WARNING:"
-		if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
-			ewarn "No ucode was installed! Because you have created this package"
-			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
-			ewarn "have an invalid select."
-			ewarn "It's rare but it is also possible that just no ucode update"
-			ewarn "is available for your processor(s). In this case it is safe"
-			ewarn "to ignore this warning."
-		else
-			ewarn "No ucode was installed! It's rare but it is also possible"
-			ewarn "that just no ucode update is available for your processor(s)."
-			ewarn "In this case it is safe to ignore this warning."
-		fi
-
-		ewarn ""
-
-		if use hostonly; then
-			ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
-			ewarn ""
-		fi
-	fi
-}
-
-pkg_prerm() {
-	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
-	use initramfs && ! use dist-kernel && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	# Don't forget to umount /boot if it was previously mounted by us.
-	use initramfs && ! use dist-kernel && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	if use initramfs; then
-		if use dist-kernel; then
-			dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}" --all
-		else
-			# Don't forget to umount /boot if it was previously mounted by us.
-			mount-boot_pkg_postinst
-		fi
-	fi
-
-	# We cannot give detailed information if user is affected or not:
-	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
-	# to to force a specific, otherwise blacklisted, microcode. So we
-	# only show a generic warning based on running kernel version:
-	if kernel_is -lt 4 14 34; then
-		ewarn "${P} contains microcode updates which require"
-		ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
-		ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
-		ewarn "can crash your system!"
-		ewarn ""
-		ewarn "Those microcodes are blacklisted per default. However, if you have altered"
-		ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
-		ewarn "re-enabled those microcodes...!"
-		ewarn ""
-		ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
-		ewarn "requires additional kernel patches or not."
-	fi
-}

sdk_container/src/third_party/portage-stable/sys-firmware/intel-microcode/intel-microcode-20260227_p20260227.ebuild

@@ -43,7 +43,7 @@ S="${WORKDIR}"
 
 LICENSE="intel-ucode"
 SLOT="0"
-KEYWORDS="-* ~amd64 ~x86"
+KEYWORDS="-* amd64 x86"
 IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla"
 REQUIRED_USE="
 	|| ( initramfs split-ucode )