Merge pull request #3397 from dm0-/intel

Update Intel's microcode with the fixed license
2025-08-20 05:51:18 +02:00 · 2018-08-31 14:49:21 -04:00 · 2018-08-31 14:49:21 -04:00 · c43759a14e
commit c43759a14e
parent 82e7b5ce8c a4013e2007
2 changed files with 82 additions and 40 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/Manifest
@ -1,2 +1,2 @@
-DIST intel-microcode-collection-20180630.tar.xz 4456400 BLAKE2B 493229bb8ce65c62b4a894a219bd89e677a5908a774e1104389335f88fe27479de8e117bbd3b1c5bd1d9e70ed0f1c79ddba684357138dbb559141d48d5a3c456 SHA512 66a1217514c43dcc308cc1e9e4737041c48cad85cd846a9adaabd5885197ffffca3fef71c43ccdaaf25d10df747a3c3e837d95ae332d53961579e4bb3c1f0bed
-DIST microcode-20180703.tgz 1550181 BLAKE2B edf86dcc8dedeffd22a9b608cc11e5b043d36617ae6325e14326d402388f42ead29c8483a0312ab9ea2015604803cc07506d6f119b314b922639a71f9d65a39d SHA512 25af4158f97fba2fb88f05a44f42ed7d2415001ccc58f573d366f405ff198472517468f619628f4f6e5a371793c41ea8faf5a932d2362b2a51726bb5c84e0eed
+DIST intel-microcode-collection-20180808.tar.xz 4463768 BLAKE2B bf04d00db7e11b7ef6da9b4221aa2dfae1a20a39ab2f99ad78e735c9cf0f1d9a949b81ceba740238da98d34a934d8829b6882714ec21a1ffa3c1a7dfcfbfdcc6 SHA512 e5607127464c71e3ed413ca3b66cde0b5b994d837655208997841ec5358c32bb197f4ad0123b19bae4254aa35770cfec32cf2780f2cb5dd5f0a00d1ca14cf93c
+DIST microcode-20180807a.tgz 1628061 BLAKE2B a6b5a07596a0b1687efb95c207b2194865b2f975cc0d761a687d5b9d8fea63e777eb73373113f356a18592fd53651cf37d044d4e98cdfe6b306393b54ac06129 SHA512 3cd6794a5ce26e86f7b644e523ba978699316046e593da215b73b17c4b43049ac4a81636e2ce3e727d06c2efbac98657764aa3ff355edb429127585bb49a9b10
--- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/intel-microcode/intel-microcode-20180807a_p20180808.ebuild
@ -6,11 +6,11 @@ EAPI="6"
 inherit linux-info toolchain-funcs mount-boot

 # Find updates by searching and clicking the first link (hopefully it's the one):
-# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File

-COLLECTION_SNAPSHOT="20180630"
-INTEL_SNAPSHOT="20180703"
-NUM="27945"
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+NUM="28087"
 DESCRIPTION="Intel IA32/IA64 microcode update data"
 HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
 SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
@ -28,6 +28,8 @@ DEPEND="sys-apps/iucode_tool"
 RDEPEND="!<sys-apps/microcode-ctl-1.17-r2
 	hostonly? ( sys-apps/iucode_tool )"

+RESTRICT="binchecks strip"
+
 S=${WORKDIR}

 # Blacklist bad microcode here.
@ -45,15 +47,6 @@ MICROCODE_SIGNATURES_DEFAULT=""
 MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"

 pkg_pretend() {
-	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
-		ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
-	fi
-
-	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
-		ewarn "The user has opted in for advanced use:"
-		ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
-	fi
-
 	use initramfs && mount-boot_pkg_pretend
 }

@ -109,13 +102,46 @@ src_install() {
 		|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"

 	dodoc releasenote
+
+	# Record how package was created so we can show this in build.log
+	# even for binary packages.
+	if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then
+		echo ${MICROCODE_BLACKLIST} > "${ED%/}/tmp/.blacklist_altered" || die "Failed to add marker that MICROCODE_BLACKLIST variable was used"
+	fi
+
+	if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then
+		echo ${MICROCODE_SIGNATURES} > "${ED%/}/tmp/.signatures_altered" || die "Failed to add marker that MICROCODE_SIGNATURES variable was used"
+	fi
 }

 pkg_preinst() {
+	if [[ -f "${ED%/}/tmp/.blacklist_altered" ]]; then
+		local _recorded_MICROCODE_BLACKLIST_value=$(cat "${ED%/}/tmp/.blacklist_altered")
+		ewarn "MICROCODE_BLACKLIST is set to \"${_recorded_MICROCODE_BLACKLIST_value}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+	fi
+
+	if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+		local _recorded_MICROCODE_SIGNATURES_value=$(cat "${ED%/}/tmp/.signatures_altered")
+		ewarn "Package was created using advanced options:"
+		ewarn "MICROCODE_SIGNATURES is set to \"${_recorded_MICROCODE_SIGNATURES_value}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+	fi
+
+	# Make sure /boot is available if needed.
 	use initramfs && mount-boot_pkg_preinst

+	local _initramfs_file="${ED%/}/boot/intel-uc.img"
+	local _ucode_dir="${ED%/}/lib/firmware/intel-ucode"
+
 	if use hostonly; then
-		einfo "Removing ucode(s) not supported by any currently available (=online) processor(s) due to USE=hostonly ..."
+		# While this output looks redundant we do this check to detect
+		# rare cases where iucode_tool was unable to detect system's processor(s).
+		local _detected_processors=$(iucode_tool --scan-system 2>&1)
+		if [[ -z "${_detected_processors}" ]]; then
+			ewarn "Looks like iucode_tool was unable to detect any processor!"
+		else
+			einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+		fi
+
 		opts=(
 			--scan-system
 			# be strict about what we are doing
@ -132,9 +158,9 @@ pkg_preinst() {

 		# The earlyfw cpio needs to be in /boot because it must be loaded before
 		# rootfs is mounted.
-		use initramfs && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img )
+		use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
 		# split location:
-		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode )
+		use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware=${_ucode_dir} )

 		iucode_tool \
 			"${opts[@]}" \
@ -149,27 +175,15 @@ pkg_preinst() {
 		fi
 	fi

-	# Cleanup any temporary leftovers so that we don't merge any
-	# unneeded files on disk
-	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
-}
-
-pkg_prerm() {
-	use initramfs && mount-boot_pkg_prerm
-}
-
-pkg_postrm() {
-	use initramfs && mount-boot_pkg_postrm
-}
-
-pkg_postinst() {
-	use initramfs && mount-boot_pkg_postinst
-
+	# Because it is possible that this package will install not one single file
+	# due to user selection which is still somehow unexpected we add the following
+	# check to inform user so that the user has at least a chance to detect
+	# a problem/invalid select.
 	local _has_installed_something=
-	if use initramfs && [[ -s "${EROOT%/}/boot/intel-uc.img" ]]; then
+	if use initramfs && [[ -s "${_initramfs_file}" ]]; then
 		_has_installed_something="yes"
 	elif use split-ucode; then
-		_has_installed_something=$(find "${EROOT%/}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+		_has_installed_something=$(find "${_ucode_dir}" -maxdepth 0 -not -empty -exec echo yes \;)
 	fi

 	if use hostonly && [[ -n "${_has_installed_something}" ]]; then
@ -179,10 +193,19 @@ pkg_postinst() {
 		elog ""
 	elif [[ -z "${_has_installed_something}" ]]; then
 		ewarn "WARNING:"
-		ewarn "No ucode was installed! You can ignore this warning if there"
-		ewarn "aren't any microcode updates available for your processor(s)."
-		ewarn "But if you use MICROCODE_SIGNATURES variable please double check"
-		ewarn "if you have an invalid select."
+		if [[ -f "${ED%/}/tmp/.signatures_altered" ]]; then
+			ewarn "No ucode was installed! Because you have created this package"
+			ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+			ewarn "have an invalid select."
+			ewarn "It's rare but it is also possible that just no ucode update"
+			ewarn "is available for your processor(s). In this case it is safe"
+			ewarn "to ignore this warning."
+		else
+			ewarn "No ucode was installed! It's rare but it is also possible"
+			ewarn "that just no ucode update is available for your processor(s)."
+			ewarn "In this case it is safe to ignore this warning."
+		fi
+
 		ewarn ""

 		if use hostonly; then
@ -191,6 +214,25 @@ pkg_postinst() {
 		fi
 	fi

+	# Cleanup any temporary leftovers so that we don't merge any
+	# unneeded files on disk.
+	rm -r "${ED%/}/tmp" || die "Failed to cleanup '${ED%/}/tmp'"
+}
+
+pkg_prerm() {
+	# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+	use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+	# Don't forget to umount /boot if it was previously mounted by us.
+	use initramfs && mount-boot_pkg_postinst
+
 	# We cannot give detailed information if user is affected or not:
 	# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
 	# to to force a specific, otherwise blacklisted, microcode. So we