From 656c1bfbd5e20a26722b319b8cf24fef511addf5 Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 31 Aug 2018 14:41:52 +0000 Subject: [PATCH 1/2] sys-firmware/intel-microcode: Import Gentoo's latest stable version --- .../sys-firmware/intel-microcode/Manifest | 4 +- ...ntel-microcode-20180807a_p20180808.ebuild} | 123 ++++++++++++------ 2 files changed, 85 insertions(+), 42 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/{intel-microcode-20180703.ebuild => intel-microcode-20180807a_p20180808.ebuild} (64%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/Manifest index a473005982..242227288e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/Manifest @@ -1,2 +1,2 @@ -DIST intel-microcode-collection-20180630.tar.xz 4456400 BLAKE2B 493229bb8ce65c62b4a894a219bd89e677a5908a774e1104389335f88fe27479de8e117bbd3b1c5bd1d9e70ed0f1c79ddba684357138dbb559141d48d5a3c456 SHA512 66a1217514c43dcc308cc1e9e4737041c48cad85cd846a9adaabd5885197ffffca3fef71c43ccdaaf25d10df747a3c3e837d95ae332d53961579e4bb3c1f0bed -DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed +DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c +DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild similarity index 64% rename from sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild index 1e4f677126..07f74ab977 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180703.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild @@ -6,18 +6,18 @@ EAPI="6" inherit linux-info toolchain-funcs mount-boot # Find updates by searching and clicking the first link (hopefully it's the one): -# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File +# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File -COLLECTION_SNAPSHOT="20180630" -INTEL_SNAPSHOT="20180703" -NUM="27945" +COLLECTION_SNAPSHOT="${PV##*_p}" +INTEL_SNAPSHOT="${PV/_p*}" +NUM="28087" DESCRIPTION="Intel IA32/IA64 microcode update data" HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}" SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz" LICENSE="intel-ucode" -SLOT="0/${PVR}" +SLOT="0" KEYWORDS="-* amd64 x86" IUSE="hostonly initramfs +split-ucode vanilla" REQUIRED_USE="|| ( initramfs split-ucode )" @@ -28,10 +28,13 @@ DEPEND="sys-apps/iucode_tool" RDEPEND="! "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used" + fi + + if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then + echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used" + fi } pkg_preinst() { + if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then + local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered") + ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!" + fi + + if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then + local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered") + ewarn "Package was created using advanced options:" + ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!" + fi + + # Make sure /boot is available if needed. use initramfs && mount-boot_pkg_preinst + local _initramfs_file="${ED%/}/boot/intel-uc.img" + local _ucode_dir="${ED%/}/lib/firmware/intel-ucode" + if use hostonly; then - einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..." + # While this output looks redundant we do this check to detect + # rare cases where iucode_tool was unable to detect system's processor(s). + local _detected_processors=$(iucode_tool --scan-system 2>&1) + if [[ -z "${_detected_processors}" ]]; then + ewarn "Looks like iucode_tool was unable to detect any processor!" + else + einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..." + fi + opts=( --scan-system # be strict about what we are doing @@ -132,9 +159,9 @@ pkg_preinst() { # The earlyfw cpio needs to be in /boot because it must be loaded before # rootfs is mounted. - use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img ) + use initramfs && opts+=( --write-earlyfw=${_initramfs_file} ) # split location: - use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode ) + use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} ) iucode_tool \ "${opts[@]}" \ @@ -149,27 +176,15 @@ pkg_preinst() { fi fi - # Cleanup any temporary leftovers so that we don't merge any - # unneeded files on disk - rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'" -} - -pkg_prerm() { - use initramfs && mount-boot_pkg_prerm -} - -pkg_postrm() { - use initramfs && mount-boot_pkg_postrm -} - -pkg_postinst() { - use initramfs && mount-boot_pkg_postinst - + # Because it is possible that this package will install not one single file + # due to user selection which is still somehow unexpected we add the following + # check to inform user so that the user has at least a chance to detect + # a problem/invalid select. local _has_installed_something= - if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then + if use initramfs && [[ -s "${_initramfs_file}" ]]; then _has_installed_something="yes" elif use split-ucode; then - _has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;) + _has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;) fi if use hostonly && [[ -n "${_has_installed_something}" ]]; then @@ -179,10 +194,19 @@ pkg_postinst() { elog "" elif [[ -z "${_has_installed_something}" ]]; then ewarn "WARNING:" - ewarn "No ucode was installed! You can ignore this warning if there" - ewarn "aren't any microcode updates available for your processor(s)." - ewarn "But if you use MICROCODE_SIGNATURES variable please double check" - ewarn "if you have an invalid select." + if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then + ewarn "No ucode was installed! Because you have created this package" + ewarn "using MICROCODE_SIGNATURES variable please double check if you" + ewarn "have an invalid select." + ewarn "It's rare but it is also possible that just no ucode update" + ewarn "is available for your processor(s). In this case it is safe" + ewarn "to ignore this warning." + else + ewarn "No ucode was installed! It's rare but it is also possible" + ewarn "that just no ucode update is available for your processor(s)." + ewarn "In this case it is safe to ignore this warning." + fi + ewarn "" if use hostonly; then @@ -191,6 +215,25 @@ pkg_postinst() { fi fi + # Cleanup any temporary leftovers so that we don't merge any + # unneeded files on disk. + rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'" +} + +pkg_prerm() { + # Make sure /boot is mounted so that we can remove /boot/intel-uc.img! + use initramfs && mount-boot_pkg_prerm +} + +pkg_postrm() { + # Don't forget to umount /boot if it was previously mounted by us. + use initramfs && mount-boot_pkg_postrm +} + +pkg_postinst() { + # Don't forget to umount /boot if it was previously mounted by us. + use initramfs && mount-boot_pkg_postinst + # We cannot give detailed information if user is affected or not: # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES # to to force a specific, otherwise blacklisted, microcode. So we From a4013e2007578992867caf007c89e7080ec0de16 Mon Sep 17 00:00:00 2001 From: David Michael Date: Fri, 31 Aug 2018 14:45:19 +0000 Subject: [PATCH 2/2] sys-firmware/intel-microcode: Apply CoreOS changes - Add PVR to sub-slot - Don't blacklist 06-4f-01; we have a new enough kernel - Revert 933df6d841020ef50bea24836ea854f6e4474cf7 RESTRICTs --- .../intel-microcode-20180807a_p20180808.ebuild | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild index 07f74ab977..ab28418cbc 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild @@ -17,7 +17,7 @@ SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT} https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz" LICENSE="intel-ucode" -SLOT="0" +SLOT="0/${PVR}" KEYWORDS="-* amd64 x86" IUSE="hostonly initramfs +split-ucode vanilla" REQUIRED_USE="|| ( initramfs split-ucode )" @@ -28,13 +28,12 @@ DEPEND="sys-apps/iucode_tool" RDEPEND="!