-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
microcodeIntel: 20171117 -> 20170108 (should fix CVE-2017-5715 (Spectre)) #33684
Conversation
@GrahamcOfBorg build microcodeIntel |
1 similar comment
@GrahamcOfBorg build microcodeIntel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Failure for system: x86_64-darwin
Package ‘microcode-intel-20180108’ in /nix-test-rs/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ankhers-mbp/pkgs/os-specific/linux/microcode/intel.nix:29 is not supported on ‘x86_64-darwin’, refusing to evaluate.
a) For `nixos-rebuild` you can set
{ nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
{ allowBroken = true; }
to ~/.config/nixpkgs/config.nix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Success for system: aarch64-linux
size: 16384
installing
3153 blocks
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/yg9fygkav6y111dkdpmgz7y0vcba8ii2-microcode-intel-20180108
strip is /nix/store/c6qj0j45xizkrx58i65j75a5ysmqhgrs-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/yg9fygkav6y111dkdpmgz7y0vcba8ii2-microcode-intel-20180108
checking for references to /build in /nix/store/yg9fygkav6y111dkdpmgz7y0vcba8ii2-microcode-intel-20180108...
/nix/store/yg9fygkav6y111dkdpmgz7y0vcba8ii2-microcode-intel-20180108
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Success for system: x86_64-linux
size: 16384
installing
3153 blocks
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/35mxsszgnym3d1r2c304fqd0pjspjjx1-microcode-intel-20180108
strip is /nix/store/wxn5gn8amxm1w0ikcx4gbs8a17wvss4j-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/35mxsszgnym3d1r2c304fqd0pjspjjx1-microcode-intel-20180108
checking for references to /tmp/nix-build-microcode-intel-20180108.drv-0 in /nix/store/35mxsszgnym3d1r2c304fqd0pjspjjx1-microcode-intel-20180108...
/nix/store/35mxsszgnym3d1r2c304fqd0pjspjjx1-microcode-intel-20180108
Tested on my laptop (Thinkpad 25 with i7-7500U) and it works fine. |
Backported in ea1cf95 |
Motivation for this change
This is a followup of #33563. Since there are now official microcode updates we do no longer need the other PR.
This PR should address CVE-2017-5715 (Spectre) but the changelog is as vauge as always with these:
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)