Blob Blame History Raw
%define upstream_version 2.1-20180703
%define microcode_ctl_libexec /usr/libexec/microcode_ctl
%define update_ucode %{microcode_ctl_libexec}/update_ucode
%define check_caveats %{microcode_ctl_libexec}/check_caveats
%define reload_microcode %{microcode_ctl_libexec}/reload_microcode

Summary:        Tool to transform and deploy CPU microcode update for x86.
Name:           microcode_ctl
Version:        2.1
Release:        29.10%{?dist}
Epoch:          2
Group:          System Environment/Base
License:        GPLv2+ and Redistributable, no modification permitted
URL:            https://pagure.io/microcode_ctl
Source0:        %{name}-%{upstream_version}.tar.xz
Source1:        microcode.service
Source2:        01-microcode.conf
Source3:        disclaimer
Source4:        update_ucode
Source5:        check_caveats
Source6:        reload_microcode
Source7:        dracut_99microcode_ctl-fw_dir_override_module_init.sh
Source8:        06-4f-01_readme
Source9:        06-4f-01_config

Buildroot:      %{_tmppath}/%{name}-%{version}-root
ExclusiveArch:  %{ix86} x86_64
BuildRequires:  systemd-units
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(posttrans): kernel

%description
The microcode_ctl utility is a companion to the microcode driver written
by Tigran Aivazian <tigran@aivazian.fsnet.co.uk>.

The microcode update is volatile and needs to be uploaded on each system
boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts
back to the old microcode.

%prep
%setup -q -n %{name}-%{upstream_version}

%build
make CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags}

find intel-ucode -type f | sed 's/^/%%ghost \/lib\/firmware\//' > ghost_list

%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} PREFIX=%{_prefix} INSDIR=/usr/sbin MICDIR=/usr/share/microcode_ctl install clean

mkdir -p %{buildroot}/usr/lib/dracut/dracut.conf.d
mkdir -p %{buildroot}%{_unitdir}
install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
install -m 644 %{SOURCE2} %{buildroot}/usr/lib/dracut/dracut.conf.d
install -m 644 %{SOURCE3} %{buildroot}/usr/share/doc/microcode_ctl/disclaimer

mkdir -p %{buildroot}/%{microcode_ctl_libexec}
install -m 755 %{SOURCE4} %{buildroot}/%{update_ucode}
install -m 755 %{SOURCE5} %{buildroot}/%{check_caveats}
install -m 755 %{SOURCE6} %{buildroot}/%{reload_microcode}

mkdir -p "%{buildroot}/usr/lib/dracut/modules.d/99microcode_ctl-fw_dir_override"
install -m 755 %{SOURCE7} %{buildroot}/usr/lib/dracut/modules.d/99microcode_ctl-fw_dir_override/module-setup.sh

mkdir -p "%{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/intel-ucode"
install -m 644 intel-ucode-with-caveats/06-4f-01 %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/intel-ucode/06-4f-01
install -m 644 %{SOURCE8} %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/readme
install -m 644 %{SOURCE9} %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/config

rm -f intel-ucode-with-caveats/06-4f-01
rmdir intel-ucode-with-caveats

%post
%systemd_post microcode.service
%{update_ucode}
# "reload" file is not presented on a certain virtualized hw
if [ -w /sys/devices/system/cpu/microcode/reload ] ; then
	%{reload_microcode}
fi
# send the message to syslog, so it gets recorded on /var/log
if [ -e /usr/bin/logger ]; then
	/usr/bin/logger -p syslog.notice -t DISCLAIMER -f /usr/share/doc/microcode_ctl/disclaimer
fi
# also paste it over dmesg (some customers drop dmesg messages while
# others keep them into /var/log for the later case, we'll have the
# disclaimer recorded twice into system logs.
cat /usr/share/doc/microcode_ctl/disclaimer > /dev/kmsg

%posttrans
# We only want to regenerate the initramfs for a fully booted
# system; if this package happened to e.g. be pulled in as a build
# dependency, it is pointless at best to regenerate the initramfs,
# and also does not work with rpm-ostree:
# https://bugzilla.redhat.com/show_bug.cgi?id=1199582
if [ -d /run/systemd/system ]; then
	dracut -f
fi

%preun
%systemd_preun microcode.service

# Storing ucode list before uninstall
ls /usr/share/microcode_ctl/intel-ucode |
	sort > "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode"
ls /usr/share/microcode_ctl/ucode_with_caveats |
	sort > "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats"

%postun
%systemd_postun microcode.service

ls /usr/share/microcode_ctl/intel-ucode 2> /dev/null |
	sort > "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode_after"
ls /usr/share/microcode_ctl/ucode_with_caveats 2> /dev/null |
	sort > "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats_after"

comm -23 \
	"%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode" \
	"%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode_after" \
	> "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode_diff"

comm -23 \
	"%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats" \
	"%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats_after" \
	> "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats_diff"

if [ -e "%{update_ucode}" ]; then
	%{update_ucode} --action remove --cleanup \
		"%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode_diff" \
		"%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats_diff" || exit 0
else
	while read f; do
		[ -L "/lib/firmware/intel-ucode/$f" ] || continue
		rm -f "/lib/firmware/intel-ucode/$f"
	done < "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode_diff"
fi

rm -f "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode"
rm -f "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats"

rm -f "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode_after"
rm -f "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats_after"

rm -f "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_intel-ucode_diff"
rm -f "%{_localstatedir}/lib/rpm-state/microcode_ctl_un_ucode_caveats_diff"

%triggerin -- kernel
%{update_ucode}

%triggerpostun -- kernel
%{update_ucode}


%clean
rm -rf %{buildroot}

%files -f ghost_list
%ghost %attr(0100755, root, root) /lib/firmware/intel-ucode/
/usr/sbin/intel-microcode2ucode
%{microcode_ctl_libexec}
/usr/share/microcode_ctl
/usr/lib/dracut/modules.d/99microcode_ctl-fw_dir_override
%config(noreplace) /usr/lib/dracut/dracut.conf.d/01-microcode.conf
%{_unitdir}/microcode.service
%doc /usr/share/doc/microcode_ctl/*


%changelog
* Fri Jul 27 2018 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-29.10
- Provide %attr for the ghosted /lib/firmware.

* Thu Jul 26 2018 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-29.9
- Remove model name blacklists from caveats configuration files.

* Tue Jul 24 2018 Eugene Syromiatnikov <esyr@redhat.com> - 2.1-29.8
- Add model name blacklist infrastructure.
- Store Intel ucode files in /usr/share/microcode_ctl; do not populate them
  in a virtualised environment.
- Resolves: #1576334

* Tue Jul 17 2018 Eugene Syromiatnikov <esyr@redhat.com> - 2.1-29.7
- Add infrastructure for handling kernel-version-dependant microcode.
- Resolves: #1576334

* Mon Jul 16 2018 Eugene Syromiatnikov <esyr@redhat.com> - 2.1-29.4
- Intel CPU microcode update to 20180703.
- Resolves: #1573456

* Wed Jun 13 2018 Petr Oros <poros@redhat.com> - 2.1-29.3
- Fix: Operation not permitted when installing microcode_ctl
- CVE-2018-3639 hw: cpu: speculative store bypass
- Resolves: #1573456

* Tue May 15 2018 Petr Oros <poros@redhat.com> - 2.1-29.2
- Update disclaimer text
- Resolves: #1575570

* Mon May 7 2018 Petr Oros <poros@redhat.com> - 2.1-29.1
- Intel CPU microcode update to 20180425.
- Resolves: #1575570

* Fri Jan 12 2018 Petr Oros <poros@redhat.com> - 2.1-29
- Revert Microcode from Intel for Side Channel attack
- Resolves: #1533939

* Fri Jan 12 2018 Petr Oros <poros@redhat.com> - 2.1-29
- Don't run dracut if not on a live system
- Resolves: #1530400

* Tue Jan 9 2018 Petr Oros <poros@redhat.com> - 2.1-28
- Remove old binary tool
- Resolves: #1527360

* Tue Jan 9 2018 Petr Oros <poros@redhat.com> - 2.1-27
- Update to upstream 2.1-15. Intel CPU microcode update to 20180108.
- Resolves: #1527360

* Fri Dec 15 2017 Petr Oros <poros@redhat.com> - 2.1-26
- Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04
- Resolves: #1527360

* Wed Nov 22 2017 Petr Oros <poros@redhat.com> - 2.1-25
- Update to upstream 2.1-14. Intel CPU microcode update to 20171117.
- Resolves: #1457522

* Tue Oct 17 2017 Petr Oros <poros@redhat.com> - 2.1-24
- Fix upstream URL
- Resolves: #1502360

* Fri Jul 14 2017 Petr Oros <poros@redhat.com> - 2.1-23
- Update to upstream 2.1-13. Intel CPU microcode update to 20170707.
- Resolves: #1457522

* Wed May 24 2017 Petr Oros <poros@redhat.com> - 2.1-22
- Update to upstream 2.1-12. Intel CPU microcode update to 20170511.
- Resolves: #1384218

* Tue Mar 7 2017 Petr Oros <poros@redhat.com> - 2.1-21
- Rpm scriptlets should only rebuild the current kernel's initrd.
- Resolves: #1420180

* Wed Jan 18 2017 Petr Oros <poros@redhat.com> - 2.1-20
- Fix issue with hot microcode cpu reload.
- Resolves: #1411232

* Mon Jan 9 2017 Petr Oros <poros@redhat.com> - 2.1-19
- Fix broken quoting in ExecStart line.
- Resolves: #1411232

* Fri Dec 16 2016 Petr Oros <poros@redhat.com> - 2.1-18
- Fix issue with hot microcode cpu reload.
- Resolves: #1398698

* Wed Nov 30 2016 Petr Oros <poros@redhat.com> - 2.1-17
- Move dracut call into posttrans phase.
- Resolves: #1398698

* Thu Jul 21 2016 Petr Oros <poros@redhat.com> - 2.1-16
- Update to upstream 2.1-10. Intel CPU microcode update to 20160714.
- Resolves: #1358047

* Wed Jun 29 2016 Petr Oros <poros@redhat.com> - 2.1-15
- Load CPU microcode update only on supproted systems.
- Resolves: #1307179

* Fri Jun 24 2016 Petr Oros <poros@redhat.com> - 2.1-14
- Update to upstream 2.1-9. Intel CPU microcode update to 20160607.
- Resolves: #1253106

* Thu May 19 2016 Petr Oros <poros@redhat.com> - 2.1-13
- Run dracut -f for all kernels.
- Resolves: #1292158

* Fri Jul 3 2015 Petr Oros <poros@redhat.com> - 2.1-12
- Update to upstream 2.1-7. Intel CPU microcode update to 20150121.
- Resolves: #1174983

* Fri Oct 10 2014 Petr Oros <poros@redhat.com> - 2.1-11
- Run dracut -f after install microcode for update initramfs.
- Resolves: #1151192

* Tue Sep 30 2014 Petr Oros <poros@redhat.com> - 2.1-10
- Update to upstream 2.1-6. Intel CPU microcode update to 20140913.
- Resolves: #1142302

* Tue Jul 15 2014 Petr Oros <poros@redhat.com> - 2.1-9
- Update to upstream 2.1-5. Intel CPU microcode update to 20140624.
- Resolves: #1113396

* Tue Jun 3 2014 Petr Oros <poros@redhat.com> - 2.1-8
- Fix bogus time in changelog
- Resolves: #1085117

* Tue Jun 3 2014 Petr Oros <poros@redhat.com> - 2.1-8
- Update to upstream 2.1-4. Intel CPU microcode update to 20140430.
- Resolves: #1085117

* Wed Mar 12 2014 Anton Arapov <anton@redhat.com> - 2.1-7.1
- Fix the microcode's behaviour in virtual environment.

* Fri Feb 28 2014 Anton Arapov <anton@redhat.com> - 2.1-7
- Fix the microcode's dracut configuration file location. 

* Tue Feb 18 2014 Anton Arapov <anton@redhat.com> - 2.1-6
- Enable early microcode capabilities. Systemd and Dracut support. (Jeff Bastian)

* Fri Jan 24 2014 Anton Arapov <anton@redhat.com> - 2.1-5
- Update to upstream 2.1-3. Intel CPU microcode update to 20140122.

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2:2.1-4
- Mass rebuild 2013-12-27

* Mon Sep 09 2013 Anton Arapov <anton@redhat.com> 2.1-3
- Imported to RHEL tree

* Mon Sep 09 2013 Anton Arapov <anton@redhat.com> 2.1-2
- Update to upstream 2.1-2.

* Wed Aug 14 2013 Anton Arapov <anton@redhat.com> 2.1-1
- Update to upstream 2.1-1.

* Sat Jul 27 2013 Anton Arapov <anton@redhat.com> 2.1-0
- Update to upstream 2.1. AMD microcode has been removed, find it in linux-firmware.

* Wed Apr 03 2013 Anton Arapov <anton@redhat.com> 2.0-3.1
- Update to upstream 2.0-3

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2:2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Wed Oct 17 2012 Anton Arapov <anton@redhat.com> 2.0-2
- Update to upstream 2.0-2

* Tue Oct 02 2012 Anton Arapov <anton@redhat.com> 2.0-1
- Update to upstream 2.0-1

* Mon Aug 06 2012 Anton Arapov <anton@redhat.com> 2.0
- Update to upstream 2.0

* Wed Jul 25 2012 Anton Arapov <anton@redhat.com> 1.18-1
- Update to upstream 1.18

* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.17-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Thu Jun 07 2012 Anton Arapov <anton@redhat.com> 1.17-25
- Update to microcode-20120606.dat

* Tue Feb 07 2012 Anton Arapov <anton@redhat.com> 1.17-24
- Update to amd-ucode-2012-01-17.tar

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.17-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Thu Dec 22 2011 Anton Arapov <anton@redhat.com> 1.17-21
- Fix a segfault that may be triggered by very long parameter [#768803]

* Tue Dec 13 2011 Anton Arapov <anton@redhat.com> 1.17-20
- Update to microcode-20111110.dat

* Tue Sep 27 2011 Anton Arapov <anton@redhat.com> 1.17-19
- Update to microcode-20110915.dat

* Thu Aug 04 2011 Anton Arapov <anton@redhat.com> 1.17-18
- Ship splitted microcode for Intel CPUs [#690930]
- Include tool for splitting microcode for Intl CPUs (Kay Sievers )

* Thu Jun 30 2011 Anton Arapov <anton@redhat.com> 1.17-17
- Fix udev rules (Dave Jones ) [#690930]

* Thu May 12 2011 Anton Arapov <anton@redhat.com> 1.17-14
- Update to microcode-20110428.dat

* Thu Mar 24 2011 Anton Arapov <anton@redhat.com> 1.17-13
- fix memory leak.

* Mon Mar 07 2011 Anton Arapov <anton@redhat.com> 1.17-12
- Update to amd-ucode-2011-01-11.tar

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.17-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Wed Jan 19 2011 Anton Arapov <anton@redhat.com> 1.17-10
- manpage fix (John Bradshaw ) [#670879]

* Wed Jan 05 2011 Anton Arapov <anton@redhat.com> 1.17-9
- Update to microcode-20101123.dat

* Mon Nov 01 2010 Anton Arapov <anton@redhat.com> 1.17-8
- Update to microcode-20100914.dat

* Wed Sep 29 2010 jkeating - 1:1.17-7
- Rebuilt for gcc bug 634757

* Wed Sep 15 2010 Anton Arapov <anton@redhat.com> 1.17-6
- Update to microcode-20100826.dat

* Tue Sep 07 2010 Toshio Kuratomi <toshio@fedoraproject.org> 1.17-5
- Fix license tag: bz#450491

* Fri Aug 27 2010 Dave Jones <davej@redhat.com> 1.17-4
- Update to microcode-20100826.dat

* Tue Mar 23 2010 Anton Arapov <anton@redhat.com> 1.17-3
- Fix the udev rules (Harald Hoyer )

* Mon Mar 22 2010 Anton Arapov <anton@redhat.com> 1.17-2
- Make microcode_ctl event driven (Bill Nottingham ) [#479898]

* Thu Feb 11 2010 Dave Jones <davej@redhat.com> 1.17-1.58
- Update to microcode-20100209.dat

* Fri Dec 04 2009 Kyle McMartin <kyle@redhat.com> 1.17-1.57
- Fix duplicate message pointed out by Edward Sheldrake.

* Wed Dec 02 2009 Kyle McMartin <kyle@redhat.com> 1.17-1.56
- Add AMD x86/x86-64 microcode. (Dated: 2009-10-09)
  Doesn't need microcode_ctl modifications as it's loaded by
  request_firmware() like any other sensible driver.
- Eventually, this AMD firmware can probably live inside
  kernel-firmware once it is split out.

* Wed Sep 30 2009 Dave Jones <davej@redhat.com>
- Update to microcode-20090927.dat

* Fri Sep 11 2009 Dave Jones <davej@redhat.com>
- Remove some unnecessary code from the init script.

* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.17-1.52.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Thu Jun 25 2009 Dave Jones <davej@redhat.com>
- Shorten sleep time during init.
  This really needs to be replaced with proper udev hooks, but this is
  a quick interim fix.

* Wed Jun 03 2009 Kyle McMartin <kyle@redhat.com> 1:1.17-1.50
- Change ExclusiveArch to i586 instead of i386. Resolves rhbz#497711.

* Wed May 13 2009 Dave Jones <davej@redhat.com>
- update to microcode 20090330

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.17-1.46.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Fri Sep 12 2008 Dave Jones <davej@redhat.com>
- update to microcode 20080910

* Tue Apr 01 2008 Jarod Wilson <jwilson@redhat.com>
- Update to microcode 20080401

* Sat Mar 29 2008 Dave Jones <davej@redhat.com>
- Update to microcode 20080220
- Fix rpmlint warnings in specfile.

* Mon Mar 17 2008 Dave Jones <davej@redhat.com>
- specfile cleanups.

* Fri Feb 22 2008 Jarod Wilson <jwilson@redhat.com>
- Use /lib/firmware instead of /etc/firmware

* Wed Feb 13 2008 Jarod Wilson <jwilson@redhat.com>
- Fix permissions on microcode.dat

* Thu Feb 07 2008 Jarod Wilson <jwilson@redhat.com>
- Spec cleanup and macro standardization.
- Update license
- Update microcode data file to 20080131 revision.

* Mon Jul  2 2007 Dave Jones <davej@redhat.com>
- Update to upstream 1.17

* Thu Oct 12 2006 Jon Masters <jcm@redhat.com>
- BZ209455 fixes.

* Mon Jul 17 2006 Jesse Keating <jkeating@redhat.com>
- rebuild

* Fri Jun 16 2006 Bill Nottingham <notting@redhat.com>
- remove kudzu requirement
- add prereq for coreutils, awk, grep

* Thu Feb 09 2006 Dave Jones <davej@redhat.com>
- rebuild.

* Fri Jan 27 2006 Dave Jones <davej@redhat.com>
- Update to upstream 1.13

* Fri Dec 16 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt for new gcj

* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt

* Mon Nov 14 2005 Dave Jones <davej@redhat.com>
- initscript tweaks.

* Tue Sep 13 2005 Dave Jones <davej@redhat.com>
- Update to upstream 1.12

* Wed Aug 17 2005 Dave Jones <davej@redhat.com>
- Check for device node *after* loading the module. (#157672)

* Tue Mar  1 2005 Dave Jones <davej@redhat.com>
- Rebuild for gcc4

* Thu Feb 17 2005 Dave Jones <davej@redhat.com>
- s/Serial/Epoch/

* Tue Jan 25 2005 Dave Jones <davej@redhat.com>
- Drop the node creation/deletion change from previous release.
  It'll cause grief with selinux, and was a hack to get around
  a udev shortcoming that should be fixed properly.

* Fri Jan 21 2005 Dave Jones <davej@redhat.com>
- Create/remove the /dev/cpu/microcode dev node as needed.
- Use correct path again for the microcode.dat.
- Remove some no longer needed tests in the init script.

* Fri Jan 14 2005 Dave Jones <davej@redhat.com>
- Only enable microcode_ctl service if the CPU is capable.
- Prevent microcode_ctl getting restarted multiple times on initlevel change (#141581)
- Make restart/reload work properly
- Do nothing if not started by root.

* Wed Jan 12 2005 Dave Jones <davej@redhat.com>
- Adjust dev node location. (#144963)

* Tue Jan 11 2005 Dave Jones <davej@redhat.com>
- Load/Remove microcode module in initscript.

* Mon Jan 10 2005 Dave Jones <davej@redhat.com>
- Update to upstream 1.11 release.

* Sat Dec 18 2004 Dave Jones <davej@redhat.com>
- Initial packaging, based upon kernel-utils.