Skip to content

Commit

Permalink
Merge pull request #46018 from andir/18.03/microcode
Browse files Browse the repository at this point in the history 
backported because it contains security fixes
  • Loading branch information
@xeji
xeji committed Sep 3, 2018
2 parents f82b65b + d983236 commit ba52ef1
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 165 deletions.
154 changes: 0 additions & 154 deletions pkgs/os-specific/linux/microcode/intel-microcode2ucode.c
View file

This file was deleted.

21 changes: 10 additions & 11 deletions pkgs/os-specific/linux/microcode/intel.nix
View file
@@ -1,27 +1,26 @@
{ stdenv, fetchurl, libarchive }:
{ stdenv, fetchurl, libarchive, iucode-tool }:

stdenv.mkDerivation rec {
name = "microcode-intel-${version}";
version = "20180312";
version = "20180807";

src = fetchurl {
url = "https://downloadmirror.intel.com/27591/eng/microcode-${version}.tgz";
sha256 = "0yg7q5blcqgq8jyjxhn9n48rxws77ylqzyn4kn10l6yzwan1yf0b";
url = "https://downloadmirror.intel.com/28039/eng/microcode-${version}.tgz";
sha256 = "0h4ygwx5brnrjz8v47aikrwhf0q3jhizxmzcii4bdjg64zffiy99";
};

buildInputs = [ libarchive ];
nativeBuildInputs = [ iucode-tool libarchive ];

sourceRoot = ".";

buildPhase = ''
gcc -O2 -Wall -o intel-microcode2ucode ${./intel-microcode2ucode.c}
./intel-microcode2ucode microcode.dat
'';

installPhase = ''
runHook preInstall
mkdir -p $out kernel/x86/microcode
mv microcode.bin kernel/x86/microcode/GenuineIntel.bin
iucode_tool -w kernel/x86/microcode/GenuineIntel.bin intel-ucode/
echo kernel/x86/microcode/GenuineIntel.bin | bsdcpio -o -H newc -R 0:0 > $out/intel-ucode.img
runHook postInstall
'';

meta = with stdenv.lib; {
Expand Down
25 changes: 25 additions & 0 deletions pkgs/os-specific/linux/microcode/iucode-tool.nix
View file
@@ -0,0 +1,25 @@
{ stdenv, fetchFromGitLab, autoreconfHook }:

stdenv.mkDerivation rec {
name = "iucode-tool-${version}";
version = "2.3.1";

src = fetchFromGitLab {
owner = "iucode-tool";
repo = "iucode-tool";
rev = "v${version}";
sha256 = "04dlisw87dd3q3hhmkqc5dd58cp22fzx3rzah7pvcyij135yjc3a";
};

nativeBuildInputs = [ autoreconfHook ];

enableParallelBuilding = true;

meta = with stdenv.lib; {
description = "Intel® 64 and IA-32 processor microcode tool";
homepage = https://gitlab.com/iucode-tool/iucode-tool;
license = licenses.gpl2;
maintainers = with maintainers; [ peterhoeg ];
platforms = [ "x86_64-linux" "i686-linux" ];
};
}
2 changes: 2 additions & 0 deletions pkgs/top-level/all-packages.nix
View file
Expand Up @@ -12939,6 +12939,8 @@ with pkgs;

microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { };

iucode-tool = callPackage ../os-specific/linux/microcode/iucode-tool.nix { };

inherit (callPackages ../os-specific/linux/apparmor { python = python3; })
libapparmor apparmor-utils apparmor-bin-utils apparmor-parser apparmor-pam
apparmor-profiles apparmor-kernel-patches;
Expand Down

0 comments on commit ba52ef1

Please sign in to comment.