forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sys-firmware/intel-microcode: add 20240910_p20240915
Signed-off-by: Mike Pagano <[email protected]>
- Loading branch information
Showing
2 changed files
with
340 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,9 @@ | ||
| DIST intel-microcode-collection-20240514.tar.xz 13421016 BLAKE2B 83b7d213709bf8c1ea1b62456974cf6a2087470d9e2456ef3de93569007cfa8c94021a21a9f3f7b638ffe4b2ad0f516deda04a1c630e54f35709e92a113a7683 SHA512 4cc364b19355f133dae0178f7d10b50abcc0e6e7919e646cfc756c8ff8dc1d6d0819abae6f5cb7f659f0466ee31196625cf022bb994f500ab08e93238a66d104 | ||
| DIST intel-microcode-collection-20240526.tar.xz 14673584 BLAKE2B 262f667ac46e190994e86f547c98ac776c73b1576c208fa32df96a2dd60af6cda9bd0b0367ca68bb6b85fd19f75913e73069d0064eb2b4c560068c3da50618c8 SHA512 4227c68ba60aea940b851f10d1006ee42b45d55425eb143210adeb363468238329d4a2720d117f5bdaeb9857ae29a6952a3df22769f4436638a9080ded6793ba | ||
| DIST intel-microcode-collection-20240815.tar.xz 15458512 BLAKE2B 17b3719961a30d18aecb7b5094de5250e36a6eaa2f880a020ca38762d8a037b7e25f322cc1cbb3000a520007beb0d47d6b4f4940c47fac2082c9c2a3fa3be5d4 SHA512 6faddcac20184424bbe0488dce8df31479b89da9affb5c2f2d93f2bccc045d41105d5a10e3c56ba48cf27853a089334adac6e42a27c5fb63e86f0ed7c51bbc42 | ||
| DIST intel-microcode-collection-20240915.tar.xz 15384092 BLAKE2B 8f7caf4e7e96544037f25f335a1fd24a04e9613cd397dcd4a299f385647335771bd2218b64b7fd047405e88ac3907f662b4a2d35c5600d488a197152514d0de8 SHA512 975867f7a817e4086c6901329de3c6bff2b6d8ed4719af41b349e87297c8b213a31708804d7216a44358fbe4effc227e96999fb7f9f4599dd83d033eee849a4d | ||
| DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567 | ||
| DIST microcode-20240514.tar.gz 12870457 BLAKE2B 2a3a357ecf8d9f17fd20cd651386e5687fbbca8a3a323caf846e7c84d440241c3c99cadd00016642c8d11f297c1d2ab63c54ea062644839b74f84d66b04c703e SHA512 1c0f1707bf7db70d04e94a0728c0f61a1f9c25fead8c2c3716cafd20c976973cf636e411d12f81b34bf0076d7c7601c11b1bcd92a2e1be35d98003bb61ace569 | ||
| DIST microcode-20240531.tar.gz 12870497 BLAKE2B 6a2c5ee6b6f3543b28f3753b30812e360bad50776b4f81e32a832e2169f38c11f8d5108ce0a81ddcdf1ecf7557baf1fd62c053a365f39a33ded5fd5018580b1f SHA512 fb9d772491f279ebb691248e4a665da45c986ca7b4668ecf311c5fcb91a42400f7a5b35e8bfc31ceb1c9d598e753c817359900e3fa316d825f8ecec21ec63cfe | ||
| DIST microcode-20240813.tar.gz 12879301 BLAKE2B f6a157de1f2c14e0e4d08ec71304451a52c7a0ffcfc79a1ebce7e8c16c7405587369c9cad994b8bdb0a987d4fe2769b2988948ffd9fe1e7f117eb624cf579b63 SHA512 ba1fa7d9bed7d90756ea959f5878afca0deacc9b1e932a936a15d74a411b7efb6103a4af75dc3731d9cbb2e464439ce9a7d448f75bc6f38b616907ff6dec6ee3 | ||
| DIST microcode-20240910.tar.gz 12879730 BLAKE2B b4c353dd340ef8004e5be2e596de0ebaf8366684a3371207e14d3d8c0e4bbdc5a9c75d8279d280d1029452368556a0c2e7bf85f3fe75f1b1560e16c953f223b7 SHA512 d996de4f045df33f4eb1a1dabfb2f55bd8941e8dc16241d7a6c361216f4b87b88c34ba57c88ee4d4b7b3cf2b3fac937c43806191681df031fa3d5cdd677a86fe |
338 changes: 338 additions & 0 deletions
338
sys-firmware/intel-microcode/intel-microcode-20240910_p20240915.ebuild
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,338 @@ | ||
| # Copyright 1999-2024 Gentoo Authors | ||
| # Distributed under the terms of the GNU General Public License v2 | ||
|
|
||
| EAPI=8 | ||
|
|
||
| inherit dist-kernel-utils linux-info mount-boot | ||
|
|
||
| # Find updates by searching and clicking the first link (hopefully it's the one): | ||
| # https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File | ||
| # | ||
| # | ||
| # Package Maintenance instructions: | ||
| # 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild | ||
| # 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files | ||
| # 3. The COLLECTION_SNAPSHOT is created manually using the following steps: | ||
| # a. Clone the repository https://github.com/platomav/CPUMicrocodes | ||
| # b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD> | ||
| # c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>: | ||
| # tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/ | ||
| # d. This file can go in your devspace, add the URL to SRC_URI if it's not there | ||
| # https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz | ||
| # | ||
| # PV: | ||
| # * the first date is upstream | ||
| # * the second date is snapshot (use last commit date in repo) from intel-microcode-collection | ||
|
|
||
| COLLECTION_SNAPSHOT="${PV##*_p}" | ||
| INTEL_SNAPSHOT="${PV/_p*}" | ||
| #NUM="28087" | ||
|
|
||
| #https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM} | ||
| #https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz | ||
|
|
||
| DESCRIPTION="Intel IA32/IA64 microcode update data" | ||
| HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/" | ||
| SRC_URI=" | ||
| https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz | ||
| https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin | ||
| https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz | ||
| https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz | ||
| " | ||
| S="${WORKDIR}" | ||
|
|
||
| LICENSE="intel-ucode" | ||
| SLOT="0" | ||
| KEYWORDS="-* ~amd64 ~x86" | ||
| IUSE="dist-kernel hostonly +initramfs +split-ucode vanilla" | ||
| REQUIRED_USE=" | ||
| || ( initramfs split-ucode ) | ||
| dist-kernel? ( split-ucode ) | ||
| " | ||
| RESTRICT="binchecks strip" | ||
|
|
||
| BDEPEND=">=sys-apps/iucode_tool-2.3" | ||
| # !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586 | ||
| RDEPEND=" | ||
| dist-kernel? ( | ||
| virtual/dist-kernel | ||
| initramfs? ( | ||
| sys-apps/iucode_tool | ||
| ) | ||
| ) | ||
| " | ||
| IDEPEND=" | ||
| hostonly? ( sys-apps/iucode_tool ) | ||
| dist-kernel? ( | ||
| initramfs? ( sys-kernel/installkernel ) | ||
| ) | ||
| " | ||
|
|
||
| # Blacklist bad microcode here. | ||
| # 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader | ||
| MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1" | ||
|
|
||
| # https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 | ||
| MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc" | ||
|
|
||
| # https://bugs.gentoo.org/722768 | ||
| MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da" | ||
|
|
||
| # https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9 | ||
| MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068" | ||
|
|
||
| # In case we want to set some defaults ... | ||
| MICROCODE_SIGNATURES_DEFAULT="" | ||
|
|
||
| # Advanced users only! | ||
| # Set MIRCOCODE_SIGNATURES to merge with: | ||
| # only current CPU: MICROCODE_SIGNATURES="-S" | ||
| # only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" | ||
| # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" | ||
|
|
||
| pkg_pretend() { | ||
| if use initramfs; then | ||
| if use dist-kernel; then | ||
| # Check, but don't die because we can fix the problem and then | ||
| # emerge --config ... to re-run installation. | ||
| [[ -z ${ROOT} ]] && nonfatal mount-boot_check_status | ||
| else | ||
| mount-boot_pkg_pretend | ||
| fi | ||
| fi | ||
| } | ||
|
|
||
| src_prepare() { | ||
| default | ||
|
|
||
| if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then | ||
| # new tarball format from GitHub | ||
| mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*" | ||
| cd .. || die | ||
| rm -r Intel-Linux-Processor-Microcode-Data* || die | ||
| fi | ||
|
|
||
| mkdir intel-ucode-old || die | ||
| cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die | ||
|
|
||
| # Prevent "invalid file format" errors from iucode_tool | ||
| rm -f "${S}"/intel-ucod*/list || die | ||
|
|
||
| # https://gitlab.com/iucode-tool/iucode-tool/-/issues/4 | ||
| rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die | ||
|
|
||
| # Remove non-microcode file from list | ||
| rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die | ||
| rm -f "${S}"/intel-ucode*/LICENSE || die | ||
| } | ||
|
|
||
| src_install() { | ||
| # This will take ALL of the upstream microcode sources: | ||
| # - microcode.dat | ||
| # - intel-ucode/ | ||
| # In some cases, they have not contained the same content (eg the directory has newer stuff). | ||
| MICROCODE_SRC=( | ||
| "${S}"/intel-ucode/ | ||
| "${S}"/intel-ucode-with-caveats/ | ||
| "${S}"/intel-ucode-old/ | ||
| ) | ||
|
|
||
| # Allow users who are scared about microcode updates not included in Intel's official | ||
| # microcode tarball to opt-out and comply with Intel marketing | ||
| if ! use vanilla; then | ||
| MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} ) | ||
| fi | ||
|
|
||
| # These will carry into pkg_preinst via env saving. | ||
| : ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}} | ||
| : ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}} | ||
|
|
||
| opts=( | ||
| ${MICROCODE_BLACKLIST} | ||
| ${MICROCODE_SIGNATURES} | ||
| # be strict about what we are doing | ||
| --overwrite | ||
| --strict-checks | ||
| --no-ignore-broken | ||
| # we want to install latest version | ||
| --no-downgrade | ||
| # show everything we find | ||
| --list-all | ||
| # show what we selected | ||
| --list | ||
| ) | ||
|
|
||
| # Instruct Dracut on whether or not we want the microcode in initramfs | ||
| # Use here 15 instead of 10, intel-microcode overwrites linux-firmware | ||
| ( | ||
| insinto /usr/lib/dracut/dracut.conf.d | ||
| newins - 15-${PN}.conf <<<"early_microcode=$(usex initramfs)" | ||
| ) | ||
| if use initramfs; then | ||
| # Install installkernel/kernel-install hooks for non-dracut initramfs | ||
| # generators that don't bundled the microcode | ||
| ( | ||
| exeinto /usr/lib/kernel/preinst.d | ||
| doexe "${FILESDIR}/35-intel-microcode.install" | ||
| exeinto /usr/lib/kernel/install.d | ||
| doexe "${FILESDIR}/35-intel-microcode-systemd.install" | ||
| ) | ||
| fi | ||
|
|
||
| # The earlyfw cpio needs to be in /boot because it must be loaded before | ||
| # rootfs is mounted. | ||
| if ! use dist-kernel && use initramfs; then | ||
| dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" ) | ||
| fi | ||
|
|
||
| keepdir /lib/firmware/intel-ucode | ||
| opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" ) | ||
|
|
||
| iucode_tool \ | ||
| "${opts[@]}" \ | ||
| "${MICROCODE_SRC[@]}" \ | ||
| || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}" | ||
|
|
||
| dodoc releasenote.md | ||
| } | ||
|
|
||
| pkg_preinst() { | ||
| if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then | ||
| ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!" | ||
| fi | ||
|
|
||
| if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then | ||
| ewarn "Package was created using advanced options:" | ||
| ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!" | ||
| fi | ||
|
|
||
| # Make sure /boot is available if needed. | ||
| use initramfs && ! use dist-kernel && mount-boot_pkg_preinst | ||
|
|
||
| local _initramfs_file="${ED}/boot/intel-uc.img" | ||
|
|
||
| if use hostonly; then | ||
| # While this output looks redundant we do this check to detect | ||
| # rare cases where iucode_tool was unable to detect system's processor(s). | ||
| local _detected_processors=$(iucode_tool --scan-system 2>&1) | ||
| if [[ -z "${_detected_processors}" ]]; then | ||
| ewarn "Looks like iucode_tool was unable to detect any processor!" | ||
| else | ||
| einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..." | ||
| fi | ||
|
|
||
| opts=( | ||
| --scan-system | ||
| # be strict about what we are doing | ||
| --overwrite | ||
| --strict-checks | ||
| --no-ignore-broken | ||
| # we want to install latest version | ||
| --no-downgrade | ||
| # show everything we find | ||
| --list-all | ||
| # show what we selected | ||
| --list | ||
| ) | ||
|
|
||
| # The earlyfw cpio needs to be in /boot because it must be loaded before | ||
| # rootfs is mounted. | ||
| if ! use dist-kernel && use initramfs; then | ||
| opts+=( --write-earlyfw=${_initramfs_file} ) | ||
| fi | ||
|
|
||
| if use split-ucode; then | ||
| opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" ) | ||
| fi | ||
|
|
||
| opts+=( "${ED}/lib/firmware/intel-ucode-temp" ) | ||
|
|
||
| mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die | ||
| keepdir /lib/firmware/intel-ucode | ||
|
|
||
| iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}" | ||
|
|
||
| rm -r "${ED}"/lib/firmware/intel-ucode-temp || die | ||
|
|
||
| elif ! use split-ucode; then # hostonly disabled | ||
| rm -r "${ED}"/lib/firmware/intel-ucode || die | ||
| fi | ||
|
|
||
| # Because it is possible that this package will install not one single file | ||
| # due to user selection which is still somehow unexpected we add the following | ||
| # check to inform user so that the user has at least a chance to detect | ||
| # a problem/invalid select. | ||
| local _has_installed_something= | ||
| if use initramfs && [[ -s "${_initramfs_file}" ]]; then | ||
| _has_installed_something="yes" | ||
| elif use split-ucode; then | ||
| _has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;) | ||
| fi | ||
|
|
||
| if use hostonly && [[ -n "${_has_installed_something}" ]]; then | ||
| elog "You only installed ucode(s) for all currently available (=online)" | ||
| elog "processor(s). Remember to re-emerge this package whenever you" | ||
| elog "change the system's processor model." | ||
| elog "" | ||
| elif [[ -z "${_has_installed_something}" ]]; then | ||
| ewarn "WARNING:" | ||
| if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then | ||
| ewarn "No ucode was installed! Because you have created this package" | ||
| ewarn "using MICROCODE_SIGNATURES variable please double check if you" | ||
| ewarn "have an invalid select." | ||
| ewarn "It's rare but it is also possible that just no ucode update" | ||
| ewarn "is available for your processor(s). In this case it is safe" | ||
| ewarn "to ignore this warning." | ||
| else | ||
| ewarn "No ucode was installed! It's rare but it is also possible" | ||
| ewarn "that just no ucode update is available for your processor(s)." | ||
| ewarn "In this case it is safe to ignore this warning." | ||
| fi | ||
|
|
||
| ewarn "" | ||
|
|
||
| if use hostonly; then | ||
| ewarn "Unset \"hostonly\" USE flag to install all available ucodes." | ||
| ewarn "" | ||
| fi | ||
| fi | ||
| } | ||
|
|
||
| pkg_prerm() { | ||
| # Make sure /boot is mounted so that we can remove /boot/intel-uc.img! | ||
| use initramfs && ! use dist-kernel && mount-boot_pkg_prerm | ||
| } | ||
|
|
||
| pkg_postrm() { | ||
| # Don't forget to umount /boot if it was previously mounted by us. | ||
| use initramfs && ! use dist-kernel && mount-boot_pkg_postrm | ||
| } | ||
|
|
||
| pkg_postinst() { | ||
| if use initramfs; then | ||
| if use dist-kernel; then | ||
| [[ -z ${ROOT} ]] && dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}" | ||
| else | ||
| # Don't forget to umount /boot if it was previously mounted by us. | ||
| mount-boot_pkg_postinst | ||
| fi | ||
| fi | ||
|
|
||
| # We cannot give detailed information if user is affected or not: | ||
| # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES | ||
| # to to force a specific, otherwise blacklisted, microcode. So we | ||
| # only show a generic warning based on running kernel version: | ||
| if kernel_is -lt 4 14 34; then | ||
| ewarn "${P} contains microcode updates which require" | ||
| ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." | ||
| ewarn "Loading such a microcode through kernel interface from an unpatched kernel" | ||
| ewarn "can crash your system!" | ||
| ewarn "" | ||
| ewarn "Those microcodes are blacklisted per default. However, if you have altered" | ||
| ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally" | ||
| ewarn "re-enabled those microcodes...!" | ||
| ewarn "" | ||
| ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update" | ||
| ewarn "requires additional kernel patches or not." | ||
| fi | ||
| } |