[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

Thomas Deutschmann Thu, 24 May 2018 05:30:41 -0700

commit:     04384b5c8adb359c5a828ce1c34b4827122e917b
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu May 24 12:29:59 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu May 24 12:30:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04384b5c


sys-firmware/intel-microcode: Split env var into MICROCODE_...

...{BLACKLIST,SIGNATURES}

Especially now, since we are shipping a lot of microcodes,
initramfs can become very large and users might want to install
only specific microcode updates for their processor via
MICROCODE_SIGNATURES="-S" option.

However, this would overwrite our default BLACKLIST.

To allow users to use "-S" option without the burden to manually
maintain a BLACKLIST, we introduced a new MICROCODE_BLACKLIST
environment variable to split things.

In addition, there was a typo is previous blacklisted
signature which was corrected to blacklist the correct microcode.

Bug: https://bugs.gentoo.org/654638
Package-Manager: Portage-2.3.38, Repoman-2.3.9

 ...6.ebuild => intel-microcode-20180426-r1.ebuild} | 49 ++++++++++++++--------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild 
b/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
similarity index 64%
rename from sys-firmware/intel-microcode/intel-microcode-20180426.ebuild
rename to sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
index 648f16f204a..29a6958681d 100644
--- a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild
+++ b/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild
@@ -28,21 +28,30 @@ RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
 S=${WORKDIR}
 
 # Blacklist bad microcode here.
-# 0x000604f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
-DEFAULT_MICROCODE_SIGNATURES="-s !0x000604f1"
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
 
 # Advanced users only:
 # merge with:
 # only current CPU: MICROCODE_SIGNATURES="-S"
 # only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
 # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
-MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}"
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}"
 
 pkg_pretend() {
-       if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" 
]]; then
+       if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; 
then
+               ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" 
instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+       fi
+
+       if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" 
]]; then
                ewarn "The user has opted in for advanced use:"
-               ewarn "MICROCODE_SIGNATURES is set to 
\"${MICROCODE_SIGNATURES}\" instead of default 
\"${DEFAULT_MICROCODE_SIGNATURES}\"!"
+               ewarn "MICROCODE_SIGNATURES is set to 
\"${MICROCODE_SIGNATURES}\" instead of default 
\"${MICROCODE_SIGNATURES_DEFAULT}\"!"
        fi
+
        use initramfs && mount-boot_pkg_pretend
 }
 
@@ -70,6 +79,7 @@ src_install() {
        fi
 
        opts=(
+               ${MICROCODE_BLACKLIST}
                ${MICROCODE_SIGNATURES}
                # be strict about what we are doing
                --overwrite
@@ -112,18 +122,21 @@ pkg_postrm() {
 pkg_postinst() {
        use initramfs && mount-boot_pkg_postinst
 
-       if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" 
]]; then
-               if kernel_is -lt 4 14 34; then
-                       ewarn "${P} contains microcode updates which require"
-                       ewarn "additional kernel patches which aren't yet 
included in kernel <4.14.34."
-                       ewarn "Loading such a microcode through kernel 
interface from an unpatched kernel"
-                       ewarn "can crash your system!"
-                       ewarn ""
-                       ewarn "Those microcodes are blacklisted per default. 
However, you have altered"
-                       ewarn "MICROCODE_SIGNATURES and maybe unintentionally 
re-enabled those microcodes."
-                       ewarn ""
-                       ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* 
if your microcode update"
-                       ewarn "requires additional kernel patches or not."
-               fi
+       # We cannot give detailed information if user is affected or not:
+       # If MICROCODE_BLACKLIST wasn't modified, user can still use 
MICROCODE_SIGNATURES
+       # to to force a specific, otherwise blacklisted, microcode. So we
+       # only show a generic warning based on running kernel version:
+       if kernel_is -lt 4 14 34; then
+               ewarn "${P} contains microcode updates which require"
+               ewarn "additional kernel patches which aren't yet included in 
kernel <4.14.34."
+               ewarn "Loading such a microcode through kernel interface from 
an unpatched kernel"
+               ewarn "can crash your system!"
+               ewarn ""
+               ewarn "Those microcodes are blacklisted per default. However, 
if you have altered"
+               ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe 
have unintentionally"
+               ewarn "re-enabled those microcodes...!"
+               ewarn ""
+               ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your 
microcode update"
+               ewarn "requires additional kernel patches or not."
        fi
 }

[gentoo-commits] repo/gentoo:master commit in: sys-firmware/intel-microcode/

Reply via email to