mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-19 13:31:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3675 from bgilbert/ucode

Browse Source 
sys-firmware/intel-microcode: update for INTEL-SA-00233
This commit is contained in:
Benjamin Gilbert 2019-05-15 00:00:18 -04:00 committed by GitHub
commit 90e28bed6a
2 changed files with 44 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/Manifest vendored
View File

@ -1,2 +1,2 @@
DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c DIST intel-microcode-collection-20190512.tar.xz 5085812 BLAKE2B 4b873be318ea1c1d5157ccf9646ccdaf34caabfbdda51cae92692acce83eacce713e7989b2c00cce46df16c501f7f9863478106fc9ce8912ccfca8103f85c45d SHA512 d0a0d0d82522d07549343ee9817133cd721f953421b945584434d8ebb10f0bd6acdd2b1df3daf5a925d3e0f9ea695a4ae81935699d8d655f58daf4fff8a4bd20
DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10 DIST microcode-20190514.tar.gz 2447290 BLAKE2B c137342d6a4e662f1fe746e69c97f02a49c75645def0a74edde9e99eae29b2cea70206b2666e4f38c8439cc661adcdda6b60a352b11791c5bc9913cb19864a41 SHA512 fd5e82708d4a7f08630a2c51a182814cc4c0fbd88fe473e871b9784c03cb87e804a9ed4c2f3e041696aabfdd60996f2d50a175bea90f1644f6f3205a37215017

90
sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild → sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20190514_p20190512.ebuild vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2018 Gentoo Foundation # Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI="6" EAPI="6"
@ -10,10 +10,12 @@ inherit linux-info toolchain-funcs mount-boot
COLLECTION_SNAPSHOT="${PV##*_p}" COLLECTION_SNAPSHOT="${PV##*_p}"
INTEL_SNAPSHOT="${PV/_p*}" INTEL_SNAPSHOT="${PV/_p*}"
NUM="28087" #NUM="28087"
#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
DESCRIPTION="Intel IA32/IA64 microcode update data" DESCRIPTION="Intel IA32/IA64 microcode update data"
HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}" HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files http://inertiawar.com/microcode/"
SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz" https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
LICENSE="intel-ucode" LICENSE="intel-ucode"
@ -25,8 +27,7 @@ REQUIRED_USE="|| ( initramfs split-ucode )"
DEPEND="sys-apps/iucode_tool" DEPEND="sys-apps/iucode_tool"
# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586 # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
RDEPEND="!<sys-apps/microcode-ctl-1.17-r2 RDEPEND="hostonly? ( sys-apps/iucode_tool )"
hostonly? ( sys-apps/iucode_tool )"
RESTRICT="binchecks strip" RESTRICT="binchecks strip"
@ -34,17 +35,15 @@ S=${WORKDIR}
# Blacklist bad microcode here. # Blacklist bad microcode here.
MICROCODE_BLACKLIST_DEFAULT="" MICROCODE_BLACKLIST_DEFAULT=""
MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
# In case we want to set some defaults ... # In case we want to set some defaults ...
MICROCODE_SIGNATURES_DEFAULT="" MICROCODE_SIGNATURES_DEFAULT=""
# Advanced users only: # Advanced users only!
# merge with: # Set MIRCOCODE_SIGNATURES to merge with:
# only current CPU: MICROCODE_SIGNATURES="-S" # only current CPU: MICROCODE_SIGNATURES="-S"
# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" # only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
pkg_pretend() { pkg_pretend() {
use initramfs && mount-boot_pkg_pretend use initramfs && mount-boot_pkg_pretend
@ -53,6 +52,13 @@ pkg_pretend() {
src_prepare() { src_prepare() {
default default
if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
# new tarball format from GitHub
mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
cd .. || die
rm -r Intel-Linux-Processor-Microcode-Data* || die
fi
# Prevent "invalid file format" errors from iucode_tool # Prevent "invalid file format" errors from iucode_tool
rm -f "${S}"/intel-ucod*/list || die rm -f "${S}"/intel-ucod*/list || die
} }
@ -73,6 +79,10 @@ src_install() {
MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} ) MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
fi fi
# These will carry into pkg_preinst via env saving.
: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
opts=( opts=(
${MICROCODE_BLACKLIST} ${MICROCODE_BLACKLIST}
${MICROCODE_SIGNATURES} ${MICROCODE_SIGNATURES}
@ -91,10 +101,9 @@ src_install() {
# The earlyfw cpio needs to be in /boot because it must be loaded before # The earlyfw cpio needs to be in /boot because it must be loaded before
# rootfs is mounted. # rootfs is mounted.
use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img ) use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
# split location (we use a temporary location so that we are able
# to re-run iucode_tool in pkg_preinst; use keepdir instead of dodir to carry keepdir /lib/firmware/intel-ucode
# this folder to pkg_preinst to avoid an error even if no microcode was selected): opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
keepdir /tmp/intel-ucode && opts+=( --write-firmware="${ED%/}"/tmp/intel-ucode )
iucode_tool \ iucode_tool \
"${opts[@]}" \ "${opts[@]}" \
@ -102,35 +111,22 @@ src_install() {
|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}" || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
dodoc releasenote dodoc releasenote
# Record how package was created so we can show this in build.log
# even for binary packages.
if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
fi
if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
fi
} }
pkg_preinst() { pkg_preinst() {
if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered") ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
fi fi
if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
ewarn "Package was created using advanced options:" ewarn "Package was created using advanced options:"
ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!" ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
fi fi
# Make sure /boot is available if needed. # Make sure /boot is available if needed.
use initramfs && mount-boot_pkg_preinst use initramfs && mount-boot_pkg_preinst
local _initramfs_file="${ED%/}/boot/intel-uc.img" local _initramfs_file="${ED%/}/boot/intel-uc.img"
local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
if use hostonly; then if use hostonly; then
# While this output looks redundant we do this check to detect # While this output looks redundant we do this check to detect
@ -159,20 +155,22 @@ pkg_preinst() {
# The earlyfw cpio needs to be in /boot because it must be loaded before # The earlyfw cpio needs to be in /boot because it must be loaded before
# rootfs is mounted. # rootfs is mounted.
use initramfs && opts+=( --write-earlyfw=${_initramfs_file} ) use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
# split location:
use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )
iucode_tool \
"${opts[@]}" \
"${ED%/}"/tmp/intel-ucode \
|| die "iucode_tool ${opts[@]} ${ED%/}/tmp/intel-ucode"
else
if use split-ucode; then if use split-ucode; then
# Temporary /tmp/intel-ucode will become final /lib/firmware/intel-ucode ... opts+=( --write-firmware="${ED%/}/lib/firmware/intel-ucode" )
dodir /lib/firmware
mv "${ED%/}/tmp/intel-ucode" "${ED%/}/lib/firmware" || die "Failed to install splitted ucodes!"
fi fi
opts+=( "${ED%/}"/lib/firmware/intel-ucode-temp )
mv "${ED%/}"/lib/firmware/intel-ucode{,-temp} || die
keepdir /lib/firmware/intel-ucode
iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
rm -r "${ED%/}"/lib/firmware/intel-ucode-temp || die
elif ! use split-ucode; then # hostonly disabled
rm -r "${ED%/}"/lib/firmware/intel-ucode || die
fi fi
# Because it is possible that this package will install not one single file # Because it is possible that this package will install not one single file
@ -183,7 +181,7 @@ pkg_preinst() {
if use initramfs && [[ -s "${_initramfs_file}" ]]; then if use initramfs && [[ -s "${_initramfs_file}" ]]; then
_has_installed_something="yes" _has_installed_something="yes"
elif use split-ucode; then elif use split-ucode; then
_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;) _has_installed_something=$(find "${ED%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
fi fi
if use hostonly && [[ -n "${_has_installed_something}" ]]; then if use hostonly && [[ -n "${_has_installed_something}" ]]; then
@ -193,7 +191,7 @@ pkg_preinst() {
elog "" elog ""
elif [[ -z "${_has_installed_something}" ]]; then elif [[ -z "${_has_installed_something}" ]]; then
ewarn "WARNING:" ewarn "WARNING:"
if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
ewarn "No ucode was installed! Because you have created this package" ewarn "No ucode was installed! Because you have created this package"
ewarn "using MICROCODE_SIGNATURES variable please double check if you" ewarn "using MICROCODE_SIGNATURES variable please double check if you"
ewarn "have an invalid select." ewarn "have an invalid select."
@ -213,10 +211,6 @@ pkg_preinst() {
ewarn "" ewarn ""
fi fi
fi fi
# Cleanup any temporary leftovers so that we don't merge any
# unneeded files on disk.
rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
} }
pkg_prerm() { pkg_prerm() {