Blob Blame History Raw
%define intel_ucode_version 20190618
%define intel_ucode_file_id 28727
%global debug_package %{nil}

%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
%define microcode_ctl_libexec %{_libexecdir}/microcode_ctl

%define update_ucode %{microcode_ctl_libexec}/update_ucode
%define check_caveats %{microcode_ctl_libexec}/check_caveats
%define reload_microcode %{microcode_ctl_libexec}/reload_microcode

%define dracutlibdir %{_prefix}/lib/dracut

Summary:        CPU microcode updates for Intel x86 processors
Name:           microcode_ctl
Version:        20180807a
Release:        2.%{intel_ucode_version}.1%{?dist}
Epoch:          4
License:        CC0 and Redistributable, no modification permitted
URL:  {intel_ucode_file_id}/Linux-Processor-Microcode-Data-File

# systemd unit
Source10:       microcode.service

# dracut-related stuff
Source20:       01-microcode.conf
Source21:       99-microcode-override.conf

# libexec
Source30:       update_ucode
Source31:       check_caveats
Source32:       reload_microcode

# docs
Source41:       README.caveats

## Caveats
Source100:      06-4f-01_readme
Source101:      06-4f-01_config

# Unsafe early MC update inside VM:
Source110:      intel_readme
Source111:      intel_config


ExclusiveArch:  %{ix86} x86_64
BuildRequires:  systemd-units
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(posttrans): kernel

%global _use_internal_dependency_generator 0
%define __find_provides "%{SOURCE200}"

This package provides microcode update files for Intel x86 and x86_64 CPUs.

The microcode update is volatile and needs to be uploaded on each system
boot i.e. it isn't stored on a CPU permanently; reboot and it reverts
back to the old microcode.

Package name "microcode_ctl" is historical, as the binary with the same name
is no longer used for microcode upload and, as a result, no longer provided.

%setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}"


install -m 755 -d \
	"%{buildroot}/%{_datarootdir}/microcode_ctl/intel-ucode" \
	"%{buildroot}/%{caveat_dir}/" \

# systemd unit
install -m 755 -d "%{buildroot}/%{_unitdir}"
install -m 644 "%{SOURCE10}" -t "%{buildroot}/%{_unitdir}/"

# dracut
%define dracut_mod_dir "%{buildroot}/%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override"
install -m 755 -d \
	"%{dracut_mod_dir}" \
install -m 644 "%{SOURCE20}" "%{SOURCE21}" \
	-t "%{buildroot}/%{dracutlibdir}/dracut.conf.d/"
install -m 755 "%{SOURCE22}" "%{dracut_mod_dir}/"

# Internal helper scripts
install -m 755 -d "%{buildroot}/%{microcode_ctl_libexec}"
install "%{SOURCE30}" "%{SOURCE31}" "%{SOURCE32}" \
	-m 755 -t "%{buildroot}/%{microcode_ctl_libexec}"

## Documentation
install -m 755 -d "%{buildroot}/%{_pkgdocdir}/caveats"

install "%{SOURCE41}" \
	-m 644 -t "%{buildroot}/%{_pkgdocdir}/"

# Provide Intel microcode license, as it requires so
install -m 644 license \
install -m 644 releasenote \

# caveats
install -m 644 "%{SOURCE100}" "%{SOURCE110}" \
        -t "%{buildroot}/%{_pkgdocdir}/caveats/"

## Caveat data

# BDW caveat
%define bdw_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4f-01/
install -m 755 -d "%{bdw_inst_dir}/intel-ucode"
install -m 644 intel-ucode-with-caveats/* -t "%{bdw_inst_dir}/intel-ucode/"
install -m 644 "%{SOURCE100}" "%{bdw_inst_dir}/readme"
install -m 644 "%{SOURCE101}" "%{bdw_inst_dir}/config"

# Early update caveat
%define intel_inst_dir %{buildroot}/%{caveat_dir}/intel/
install -m 755 -d "%{intel_inst_dir}/intel-ucode"
install -m 644 intel-ucode/* -t "%{intel_inst_dir}/intel-ucode/"
install -m 644 "%{SOURCE110}" "%{intel_inst_dir}/readme"
install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config"

## Cleanup
#rm -f intel-ucode-with-caveats/06-4f-01
#rmdir intel-ucode-with-caveats
#rm -rf intel-ucode

%systemd_post microcode.service

exit 0

# We only want to regenerate the initramfs for a fully booted
# system; if this package happened to e.g. be pulled in as a build
# dependency, it is pointless at best to regenerate the initramfs,
# and also does not work with rpm-ostree:
# Also check that the running kernel is actually installed:
# We use the presence of symvers file as an indicator, the check similar
# to what weak-modules script does.
# Now that /boot/symvers-KVER.gz population is now relies on some shell scripts
# that are triggered by other shell scripts (kernel-install, which is a part
# of systemd) that called by RPM scripts, and systemd is not inclined to fix
# So, we check for symvers file inside /lib/modules.
if [ -d /run/systemd/system -a -e "/lib/modules/$(uname -r)/symvers.gz" ]; then
	dracut -f

%global rpm_state_dir %{_localstatedir}/lib/rpm-state

%systemd_preun microcode.service

# Storing ucode list before uninstall
ls /usr/share/microcode_ctl/intel-ucode |
	sort > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode"
ls /usr/share/microcode_ctl/ucode_with_caveats |
	sort > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats"
%{update_ucode} --action list --skip-common |
	sort > "%{rpm_state_dir}/microcode_ctl_un_file_list"

%systemd_postun microcode.service

ls /usr/share/microcode_ctl/intel-ucode 2> /dev/null |
	sort > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after"
comm -23 \
	"%{rpm_state_dir}/microcode_ctl_un_intel-ucode" \
	"%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after" \
	> "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff"

if [ -e "%{update_ucode}" ]; then
	ls /usr/share/microcode_ctl/ucode_with_caveats 2> /dev/null |
		sort > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after"

	comm -23 \
		"%{rpm_state_dir}/microcode_ctl_un_ucode_caveats" \
		"%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after" \
		> "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff"

	%{update_ucode} --action remove --cleanup \
		"%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" \
		"%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff" || :

	rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after"
	rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff"
	while read -r f; do
		[ -L "/lib/firmware/intel-ucode/$f" ] || continue
		rm -f "/lib/firmware/intel-ucode/$f"
	done < "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff"

	rmdir "/lib/firmware/intel-ucode" 2>/dev/null || :

	# We presume that if we don't have update_ucode script, we can remove
	# all the caveats-related files.
	while read -r f; do
		if [ -L "$f" ] || [ "${f%%readme-*}" != "$f" ]; then
			rm -f "$f"
			rmdir -p $(dirname "$f") 2>/dev/null || :
	done < "%{rpm_state_dir}/microcode_ctl_un_file_list"

rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode"
rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after"
rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff"

rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats"

rm -f "%{rpm_state_dir}/microcode_ctl_un_file_list"

exit 0

%triggerin -- kernel-core

%triggerpostun -- kernel-core

rm -rf %{buildroot}

%ghost %attr(0755, root, root) /lib/firmware/intel-ucode
%config(noreplace) %{dracutlibdir}/dracut.conf.d/*
%doc %{_pkgdocdir}

* Wed Jun 19 2019 Eugene Syromiatnikov <> - 4:20180807a-2.20190618.1
- Intel CPU microcode update to 20190618 (#1719634).

* Sun Jun 02 2019 Eugene Syromiatnikov <> - 4:20180807a-2.20190514a.2
- Remove disclaimer, as it is not as important now to justify kmsg/log
  pollution; its contents are partially adopted in README.caveats.

* Mon May 20 2019 Eugene Syromiatnikov <> - 4:20180807a-2.20190514a.1
- Intel CPU microcode update to 20190514a (#1715334).

* Fri May 10 2019 Eugene Syromiatnikov <> - 4:20180807a-2.20190507.1
- Intel CPU microcode update to 20190507 (#1704339).

* Fri May 10 2019 Eugene Syromiatnikov <> 4:20180807a-2.20190312.1
- Intel CPU microcode update to 20190312 (#1704339).
- Add "Provides:" tags generation.

* Tue Nov 06 2018 Eugene Syromiatnikov <> 4:20180807a-2
- Do not exit with error in %postin if disclaimer printing returned an error

* Wed Oct 17 2018 Eugene Syromiatnikov <> 4:20180807a-1
- Use the tar ball distributed by Intel directly, sync up with RHEL 7.6.

* Fri Aug 24 2018 Eugene Syromiatnikov <> 3:2.1-27
- Bump epoch in order to ensure upgrade from RHEL 7 (#1622131).

* Mon Aug 13 2018 Anton Arapov <> 2:2.1-26
- Update to upstream 2.1-19. 20180807

* Fri Jul 13 2018 Fedora Release Engineering <> - 2:2.1-25
- Rebuilt for

* Mon Jul 09 2018 Anton Arapov <> 2:2.1-24
- Update to upstream 2.1-18. 20180703

* Wed May 16 2018 Anton Arapov <> 2:2.1-23
- Update to upstream 2.1-17. 20180425

* Thu Mar 15 2018 Anton Arapov <> 2:2.1-22
- Update to upstream 2.1-16. 20180312

* Thu Feb 08 2018 Fedora Release Engineering <> - 2:2.1-21
- Rebuilt for

* Tue Jan 09 2018 Anton Arapov <> 2:2.1-20
- Update to upstream 2.1-15. 20180108

* Tue Nov 21 2017 Anton Arapov <> 2:2.1-19
- Update to upstream 2.1-14. 20171117

* Thu Aug 03 2017 Fedora Release Engineering <> - 2:2.1-18
- Rebuilt for

* Wed Jul 26 2017 Fedora Release Engineering <> - 2:2.1-17
- Rebuilt for

* Wed Jul 12 2017 Anton Arapov <> 2:2.1-16
- Update to upstream 2.1-13. 20170707

* Tue May 23 2017 Anton Arapov <> 2:2.1-15
- Update to upstream 2.1-12. 20170511

* Fri Feb 10 2017 Fedora Release Engineering <> - 2:2.1-14.1
- Rebuilt for

* Fri Dec 02 2016 Anton Arapov <> 2.1-13.1
- Update to upstream 2.1-11. 20161104

* Thu Jul 21 2016 Anton Arapov <> 2.1-13
- Update to upstream 2.1-10. 20160714
- Fixes rhbz#1353103

* Fri Jun 24 2016 Anton Arapov <> 2.1-12
- Update to upstream 2.1-9. 20160607

* Thu Feb 04 2016 Fedora Release Engineering <> - 2:2.1-11
- Rebuilt for

* Tue Jan 12 2016 Anton Arapov <> 2.1-10
- Update to upstream 2.1-8. 20151106

* Wed Jun 17 2015 Fedora Release Engineering <> - 2:2.1-9.1
- Rebuilt for

* Tue Feb 03 2015 Anton Arapov <> 2.1-8.1
- Update to upstream 2.1-7. 20150121

* Sun Sep 21 2014 Anton Arapov <> 2.1-8
- Update to upstream 2.1-6. 20140913

* Sun Aug 17 2014 Fedora Release Engineering <> - 2:2.1-7
- Rebuilt for

* Tue Jul 08 2014 Anton Arapov <> 2.1-6
- Update to upstream 2.1-5. 20140624

* Sat Jun 07 2014 Fedora Release Engineering <> - 2:2.1-5
- Rebuilt for

* Thu May 01 2014 Anton Arapov <> 2.1-4
- Update to upstream 2.1-4.

* Fri Jan 24 2014 Anton Arapov <> 2.1-3
- Update to upstream 2.1-3.

* Mon Sep 09 2013 Anton Arapov <> 2.1-2
- Update to upstream 2.1-2.

* Wed Aug 14 2013 Anton Arapov <> 2.1-1
- Update to upstream 2.1-1.

* Sat Jul 27 2013 Anton Arapov <> 2.1-0
- Update to upstream 2.1. AMD microcode has been removed, find it in linux-firmware.

* Wed Apr 03 2013 Anton Arapov <> 2.0-3.1
- Update to upstream 2.0-3

* Thu Feb 14 2013 Fedora Release Engineering <> - 2:2.0-3
- Rebuilt for

* Wed Oct 17 2012 Anton Arapov <> 2.0-2
- Update to upstream 2.0-2

* Tue Oct 02 2012 Anton Arapov <> 2.0-1
- Update to upstream 2.0-1

* Mon Aug 06 2012 Anton Arapov <> 2.0
- Update to upstream 2.0

* Wed Jul 25 2012 Anton Arapov <> 1.18-1
- Update to upstream 1.18

* Fri Jul 20 2012 Fedora Release Engineering <> - 1:1.17-26
- Rebuilt for

* Thu Jun 07 2012 Anton Arapov <> 1.17-25
- Update to microcode-20120606.dat

* Tue Feb 07 2012 Anton Arapov <> 1.17-24
- Update to amd-ucode-2012-01-17.tar

* Fri Jan 13 2012 Fedora Release Engineering <> - 1:1.17-22
- Rebuilt for

* Thu Dec 22 2011 Anton Arapov <> 1.17-21
- Fix a segfault that may be triggered by very long parameter [#768803]

* Tue Dec 13 2011 Anton Arapov <> 1.17-20
- Update to microcode-20111110.dat

* Tue Sep 27 2011 Anton Arapov <> 1.17-19
- Update to microcode-20110915.dat

* Thu Aug 04 2011 Anton Arapov <> 1.17-18
- Ship splitted microcode for Intel CPUs [#690930]
- Include tool for splitting microcode for Intl CPUs (Kay Sievers )

* Thu Jun 30 2011 Anton Arapov <> 1.17-17
- Fix udev rules (Dave Jones ) [#690930]

* Thu May 12 2011 Anton Arapov <> 1.17-14
- Update to microcode-20110428.dat

* Thu Mar 24 2011 Anton Arapov <> 1.17-13
- fix memory leak.

* Mon Mar 07 2011 Anton Arapov <> 1.17-12
- Update to amd-ucode-2011-01-11.tar

* Tue Feb 08 2011 Fedora Release Engineering <> - 1:1.17-11
- Rebuilt for

* Wed Jan 19 2011 Anton Arapov <> 1.17-10
- manpage fix (John Bradshaw ) [#670879]

* Wed Jan 05 2011 Anton Arapov <> 1.17-9
- Update to microcode-20101123.dat

* Mon Nov 01 2010 Anton Arapov <> 1.17-8
- Update to microcode-20100914.dat

* Wed Sep 29 2010 jkeating - 1:1.17-7
- Rebuilt for gcc bug 634757

* Wed Sep 15 2010 Anton Arapov <> 1.17-6
- Update to microcode-20100826.dat

* Tue Sep 07 2010 Toshio Kuratomi <> 1.17-5
- Fix license tag: bz#450491

* Fri Aug 27 2010 Dave Jones <> 1.17-4
- Update to microcode-20100826.dat

* Tue Mar 23 2010 Anton Arapov <> 1.17-3
- Fix the udev rules (Harald Hoyer )

* Mon Mar 22 2010 Anton Arapov <> 1.17-2
- Make microcode_ctl event driven (Bill Nottingham ) [#479898]

* Thu Feb 11 2010 Dave Jones <> 1.17-1.58
- Update to microcode-20100209.dat

* Fri Dec 04 2009 Kyle McMartin <> 1.17-1.57
- Fix duplicate message pointed out by Edward Sheldrake.

* Wed Dec 02 2009 Kyle McMartin <> 1.17-1.56
- Add AMD x86/x86-64 microcode. (Dated: 2009-10-09)
  Doesn't need microcode_ctl modifications as it's loaded by
  request_firmware() like any other sensible driver.
- Eventually, this AMD firmware can probably live inside
  kernel-firmware once it is split out.

* Wed Sep 30 2009 Dave Jones <>
- Update to microcode-20090927.dat

* Fri Sep 11 2009 Dave Jones <>
- Remove some unnecessary code from the init script.

* Sat Jul 25 2009 Fedora Release Engineering <> - 1:1.17-1.52.1
- Rebuilt for

* Thu Jun 25 2009 Dave Jones <>
- Shorten sleep time during init.
  This really needs to be replaced with proper udev hooks, but this is
  a quick interim fix.

* Wed Jun 03 2009 Kyle McMartin <> 1:1.17-1.50
- Change ExclusiveArch to i586 instead of i386. Resolves rhbz#497711.

* Wed May 13 2009 Dave Jones <>
- update to microcode 20090330

* Wed Feb 25 2009 Fedora Release Engineering <> - 1:1.17-1.46.1
- Rebuilt for

* Fri Sep 12 2008 Dave Jones <>
- update to microcode 20080910

* Tue Apr 01 2008 Jarod Wilson <>
- Update to microcode 20080401

* Sat Mar 29 2008 Dave Jones <>
- Update to microcode 20080220
- Fix rpmlint warnings in specfile.

* Mon Mar 17 2008 Dave Jones <>
- specfile cleanups.

* Fri Feb 22 2008 Jarod Wilson <>
- Use /lib/firmware instead of /etc/firmware

* Wed Feb 13 2008 Jarod Wilson <>
- Fix permissions on microcode.dat

* Thu Feb 07 2008 Jarod Wilson <>
- Spec cleanup and macro standardization.
- Update license
- Update microcode data file to 20080131 revision.

* Mon Jul  2 2007 Dave Jones <>
- Update to upstream 1.17

* Thu Oct 12 2006 Jon Masters <>
- BZ209455 fixes.

* Mon Jul 17 2006 Jesse Keating <>
- rebuild

* Fri Jun 16 2006 Bill Nottingham <>
- remove kudzu requirement
- add prereq for coreutils, awk, grep

* Thu Feb 09 2006 Dave Jones <>
- rebuild.

* Fri Jan 27 2006 Dave Jones <>
- Update to upstream 1.13

* Fri Dec 16 2005 Jesse Keating <>
- rebuilt for new gcj

* Fri Dec 09 2005 Jesse Keating <>
- rebuilt

* Mon Nov 14 2005 Dave Jones <>
- initscript tweaks.

* Tue Sep 13 2005 Dave Jones <>
- Update to upstream 1.12

* Wed Aug 17 2005 Dave Jones <>
- Check for device node *after* loading the module. (#157672)

* Tue Mar  1 2005 Dave Jones <>
- Rebuild for gcc4

* Thu Feb 17 2005 Dave Jones <>
- s/Serial/Epoch/

* Tue Jan 25 2005 Dave Jones <>
- Drop the node creation/deletion change from previous release.
  It'll cause grief with selinux, and was a hack to get around
  a udev shortcoming that should be fixed properly.

* Fri Jan 21 2005 Dave Jones <>
- Create/remove the /dev/cpu/microcode dev node as needed.
- Use correct path again for the microcode.dat.
- Remove some no longer needed tests in the init script.

* Fri Jan 14 2005 Dave Jones <>
- Only enable microcode_ctl service if the CPU is capable.
- Prevent microcode_ctl getting restarted multiple times on initlevel change (#141581)
- Make restart/reload work properly
- Do nothing if not started by root.

* Wed Jan 12 2005 Dave Jones <>
- Adjust dev node location. (#144963)

* Tue Jan 11 2005 Dave Jones <>
- Load/Remove microcode module in initscript.

* Mon Jan 10 2005 Dave Jones <>
- Update to upstream 1.11 release.

* Sat Dec 18 2004 Dave Jones <>
- Initial packaging, based upon kernel-utils.