diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2018-05-24 14:29:59 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2018-05-24 14:30:14 +0200 |
commit | 04384b5c8adb359c5a828ce1c34b4827122e917b (patch) | |
tree | fb067f48fdad69f40062019253e19362a8849c3a /sys-firmware | |
parent | dev-python/matplotlib: Drop 2.1.2-r1 (diff) | |
download | gentoo-04384b5c8adb359c5a828ce1c34b4827122e917b.tar.gz gentoo-04384b5c8adb359c5a828ce1c34b4827122e917b.tar.bz2 gentoo-04384b5c8adb359c5a828ce1c34b4827122e917b.zip |
sys-firmware/intel-microcode: Split env var into MICROCODE_...
...{BLACKLIST,SIGNATURES}
Especially now, since we are shipping a lot of microcodes,
initramfs can become very large and users might want to install
only specific microcode updates for their processor via
MICROCODE_SIGNATURES="-S" option.
However, this would overwrite our default BLACKLIST.
To allow users to use "-S" option without the burden to manually
maintain a BLACKLIST, we introduced a new MICROCODE_BLACKLIST
environment variable to split things.
In addition, there was a typo is previous blacklisted
signature which was corrected to blacklist the correct microcode.
Bug: https://bugs.gentoo.org/654638
Package-Manager: Portage-2.3.38, Repoman-2.3.9
Diffstat (limited to 'sys-firmware')
-rw-r--r-- | sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild (renamed from sys-firmware/intel-microcode/intel-microcode-20180426.ebuild) | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild index 648f16f204aa..29a6958681db 100644 --- a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild +++ b/sys-firmware/intel-microcode/intel-microcode-20180426-r1.ebuild @@ -28,21 +28,30 @@ RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586 S=${WORKDIR} # Blacklist bad microcode here. -# 0x000604f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader -DEFAULT_MICROCODE_SIGNATURES="-s !0x000604f1" +# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader +MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1" +MICROCODE_BLACKLIST="${MICROCODE_BLACKLIST:=${MICROCODE_BLACKLIST_DEFAULT}}" + +# In case we want to set some defaults ... +MICROCODE_SIGNATURES_DEFAULT="" # Advanced users only: # merge with: # only current CPU: MICROCODE_SIGNATURES="-S" # only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" # exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" -MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}" +MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${MICROCODE_SIGNATURES_DEFAULT}}" pkg_pretend() { - if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then + if [[ "${MICROCODE_BLACKLIST}" != "${MICROCODE_BLACKLIST_DEFAULT}" ]]; then + ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!" + fi + + if [[ "${MICROCODE_SIGNATURES}" != "${MICROCODE_SIGNATURES_DEFAULT}" ]]; then ewarn "The user has opted in for advanced use:" - ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${DEFAULT_MICROCODE_SIGNATURES}\"!" + ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!" fi + use initramfs && mount-boot_pkg_pretend } @@ -70,6 +79,7 @@ src_install() { fi opts=( + ${MICROCODE_BLACKLIST} ${MICROCODE_SIGNATURES} # be strict about what we are doing --overwrite @@ -112,18 +122,21 @@ pkg_postrm() { pkg_postinst() { use initramfs && mount-boot_pkg_postinst - if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then - if kernel_is -lt 4 14 34; then - ewarn "${P} contains microcode updates which require" - ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." - ewarn "Loading such a microcode through kernel interface from an unpatched kernel" - ewarn "can crash your system!" - ewarn "" - ewarn "Those microcodes are blacklisted per default. However, you have altered" - ewarn "MICROCODE_SIGNATURES and maybe unintentionally re-enabled those microcodes." - ewarn "" - ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update" - ewarn "requires additional kernel patches or not." - fi + # We cannot give detailed information if user is affected or not: + # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES + # to to force a specific, otherwise blacklisted, microcode. So we + # only show a generic warning based on running kernel version: + if kernel_is -lt 4 14 34; then + ewarn "${P} contains microcode updates which require" + ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." + ewarn "Loading such a microcode through kernel interface from an unpatched kernel" + ewarn "can crash your system!" + ewarn "" + ewarn "Those microcodes are blacklisted per default. However, if you have altered" + ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally" + ewarn "re-enabled those microcodes...!" + ewarn "" + ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update" + ewarn "requires additional kernel patches or not." fi } |