Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

overlay sys-kernel/coreos-firmware: update to 20230625_p20230724 for main #1040

Merged
merged 4 commits into from
Aug 3, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
- linux-firmware ([CVE-2023-20593](https://nvd.nist.gov/vuln/detail/CVE-2023-20593))
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,12 @@ USE="${USE} bindist"
#
# netperf - license for net-analyzer/netperf
# no-source-code - license for sys-kernel/coreos-firmware
# linux-fw-redistributable - license for sys-kernel/coreos-firmware
# freedist - license for sys-kernel/coreos-kernel
# BSD-2-Clause-Patent - license for sys-firmware/edk2-aarch64
# intel-ucode - license for sys-firmware/intel-microcode
ACCEPT_LICENSE="${ACCEPT_LICENSE} netperf no-source-code freedist BSD-2-Clause-Patent intel-ucode"
ACCEPT_LICENSE="${ACCEPT_LICENSE} netperf no-source-code
linux-fw-redistributable freedist BSD-2-Clause-Patent intel-ucode"

# Favor our own mirrors over Gentoo's
GENTOO_MIRRORS="
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
DIST linux-firmware-20230625.tar.xz 280854212 BLAKE2B 8ad8ce864e2a7b7d542569f5171ae0a7d9b05a1d55a04c507dbfb1939a60507ac8275eef24a165814aca8fdf93e6dbf3f7fbeaf25a8f46f022ca47b7b512401d SHA512 0e48aa7f63495485426d37491c7cb61843165625bd47f912c5d83628c6de871759f1a78be3af3d651f7c396bd87dff07e21ba7afc47896c1c143106d5f16d351
DIST linux-firmware-20230625_p20230724.tar.gz 441906566 BLAKE2B 5bed31d9ad78440bb12feeacb1ba27a07ad30b0eb8c7bfd03a4e7a7590012af1f9535a49fbf031abf79dd05ca90be79566f06db6f955910edfdca61281831c67 SHA512 daaf07422eb6f3e1b50f8a5dba5bfff747fe6750c0210ab798745f61d774eef7642ab45b9b404c668cf017d6b7fcf89c34bce9e6c77053b1b81f1a3498c5be18
Original file line number Diff line number Diff line change
@@ -1,64 +1,100 @@
# Copyright 1999-2020 Gentoo Authors
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7

# Tell linux-info where to find the kernel source/build
# Flatcar: Tell linux-info where to find the kernel source/build
KERNEL_DIR="${SYSROOT%/}/usr/src/linux"
KBUILD_OUTPUT="${SYSROOT%/}/var/cache/portage/sys-kernel/coreos-kernel"
inherit linux-info savedconfig

# In case this is a real snapshot, fill in commit below.
# For normal, tagged releases, leave blank
MY_COMMIT=
MY_COMMIT="59fbffa9ec8e4b0b31d2d13e715cf6580ad0e99c"

# Flatcar: use linux-firmware instead of ${PN}, coreos-firmware to avoid naming conflicts.
if [[ ${PV} == 99999999* ]]; then
inherit git-r3
EGIT_REPO_URI="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git"
else
if [[ -n "${MY_COMMIT}" ]]; then
SRC_URI="https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/snapshot/${MY_COMMIT}.tar.gz -> linux-firmware-${PV}.tar.gz"
S="${WORKDIR}/${MY_COMMIT}"
else
SRC_URI="https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/linux-firmware-${PV}.tar.xz -> linux-firmware-${PV}.tar.xz"
fi
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
fi

DESCRIPTION="Linux firmware files"
HOMEPAGE="https://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git"

LICENSE="GPL-2 GPL-2+ GPL-3 BSD MIT || ( MPL-1.1 GPL-2 )
BSD-2 BSD BSD-4 ISC MIT no-source-code"
redistributable? ( linux-fw-redistributable BSD-2 BSD BSD-4 ISC MIT )
unknown-license? ( all-rights-reserved )"
SLOT="0"
IUSE="savedconfig"
IUSE="compress-xz compress-zstd initramfs +redistributable savedconfig unknown-license"
REQUIRED_USE="initramfs? ( redistributable )
?? ( compress-xz compress-zstd )"

CDEPEND=">=sys-kernel/coreos-modules-4.6.3-r1:="
DEPEND="${CDEPEND}
sys-kernel/coreos-sources"
RESTRICT="binchecks strip test
unknown-license? ( bindist )"

BDEPEND="initramfs? ( app-arch/cpio )
compress-xz? ( app-arch/xz-utils )
compress-zstd? ( app-arch/zstd )"

# Flatcar: depend on Kernel source and modules
DEPEND=">=sys-kernel/coreos-modules-6.1:=
sys-kernel/coreos-sources"
#add anything else that collides to this
RDEPEND="!savedconfig? (
!sys-firmware/alsa-firmware[alsa_cards_ca0132]
!sys-firmware/alsa-firmware[alsa_cards_korg1212]
!sys-firmware/alsa-firmware[alsa_cards_maestro3]
!sys-firmware/alsa-firmware[alsa_cards_sb16]
!sys-firmware/alsa-firmware[alsa_cards_ymfpci]
!net-dialup/ueagle-atm
!net-dialup/ueagle4-atm
!sys-block/qla-fc-firmware
!sys-firmware/iwl1000-ucode
!sys-firmware/iwl6005-ucode
!sys-firmware/iwl6030-ucode
!sys-firmware/iwl6050-ucode
!sys-firmware/iwl3160-ucode
!sys-firmware/iwl7260-ucode
!sys-firmware/iwl3160-7260-bt-ucode
redistributable? (
!sys-firmware/alsa-firmware[alsa_cards_ca0132]
!sys-block/qla-fc-firmware
!sys-firmware/iwl1000-ucode
!sys-firmware/iwl6005-ucode
!sys-firmware/iwl6030-ucode
!sys-firmware/iwl3160-ucode
!sys-firmware/iwl7260-ucode
!sys-firmware/iwl3160-7260-bt-ucode
!sys-firmware/raspberrypi-wifi-ucode
)
unknown-license? (
!sys-firmware/alsa-firmware[alsa_cards_korg1212]
!sys-firmware/alsa-firmware[alsa_cards_maestro3]
!sys-firmware/alsa-firmware[alsa_cards_sb16]
!sys-firmware/alsa-firmware[alsa_cards_ymfpci]
)
)"

RESTRICT="binchecks strip"
QA_PREBUILT="*"

# source name is linux-firmware, not coreos-firmware
# Flatcar: source name is linux-firmware, not coreos-firmware
S="${WORKDIR}/linux-firmware-${PV}"

pkg_setup() {
if use compress-xz || use compress-zstd ; then
local CONFIG_CHECK

if kernel_is -ge 5 19; then
use compress-xz && CONFIG_CHECK="~FW_LOADER_COMPRESS_XZ"
use compress-zstd && CONFIG_CHECK="~FW_LOADER_COMPRESS_ZSTD"
else
use compress-xz && CONFIG_CHECK="~FW_LOADER_COMPRESS"
if use compress-zstd; then
eerror "Kernels <5.19 do not support ZSTD-compressed firmware files"
fi
fi
linux-info_pkg_setup
fi
}

pkg_pretend() {
use initramfs && mount-boot_pkg_pretend
}

# Flatcar: create symlinks for cxgb and ice firmwares
CXGB_VERSION="1.27.3.0"
ICE_DDP_VERSION="1.3.30.0"

Expand All @@ -67,7 +103,14 @@ src_unpack() {
git-r3_src_unpack
else
default
# Upstream linux-firmware tarball does not contain
# rename directory from git snapshot tarball
# Flatcar: move a correct directory ${MY_COMMIT}, as defined
# above in ${S}.
if [[ ${#MY_COMMIT} -gt 8 ]]; then
mv ${MY_COMMIT}/ linux-firmware-${PV} || die
fi

# Flatcar: Upstream linux-firmware tarball does not contain
# symlinks for cxgb4 firmware files, but "modinfo
# cxgb4.ko" shows it requires t?fw.bin files. These
# normally are installed by the copy-firmware.sh
Expand All @@ -82,27 +125,17 @@ src_unpack() {
ln -sfn t5fw-${CXGB_VERSION}.bin linux-firmware-${PV}/cxgb4/t5fw.bin
ln -sfn t6fw-${CXGB_VERSION}.bin linux-firmware-${PV}/cxgb4/t6fw.bin

# Upstream linux-firmware tarball does not contain
# Flatcar: Upstream linux-firmware tarball does not contain
# a correct symlink to intel/ice/ddp/ice-1.3.28.0.pkg,
# but "modinfo ice.ko" shows it requires ice.pkg.
# So we need to create the symlink to avoid failures at the
# firmware scanning stage.
ln -sfn ice-${ICE_DDP_VERSION}.pkg linux-firmware-${PV}/intel/ice/ddp/ice.pkg

# The xhci-pci.ko kernel module started requiring a
# renesas_usb_fw.mem firmware file, but this file is
# nowhere to be found in the tarball. So we just fake
# the existence of the firmware, so the firmware
# scanning stage won't fail. Obviously, this means
# that if someone is going to use this specific
# renesas controller that requires the firmware, it
# won't work. Hopefully that file appears at some
# point in the tarball.
touch "linux-firmware-${PV}/renesas_usb_fw.mem"
fi
}

src_prepare() {
# Flatcar: generate a list of firmware
local kernel_mods="${SYSROOT%/}/lib/modules/${KV_FULL}"

# Fail if any firmware is missing.
Expand Down Expand Up @@ -173,11 +206,156 @@ src_prepare() {
# remove empty directories, bug #396073
find -type d -empty -delete || die
fi

# whitelist of misc files
local misc_files=(
copy-firmware.sh
WHENCE
README
)

# whitelist of images with a free software license
local free_software=(
# keyspan_pda (GPL-2+)
keyspan_pda/keyspan_pda.fw
keyspan_pda/xircom_pgs.fw
# dsp56k (GPL-2+)
dsp56k/bootstrap.bin
# ath9k_htc (BSD GPL-2+ MIT)
ath9k_htc/htc_7010-1.4.0.fw
ath9k_htc/htc_9271-1.4.0.fw
# pcnet_cs, 3c589_cs, 3c574_cs, serial_cs (dual GPL-2/MPL-1.1)
cis/LA-PCM.cis
cis/PCMLM28.cis
cis/DP83903.cis
cis/NE2K.cis
cis/tamarack.cis
cis/PE-200.cis
cis/PE520.cis
cis/3CXEM556.cis
cis/3CCFEM556.cis
cis/MT5634ZLX.cis
cis/RS-COM-2P.cis
cis/COMpad2.cis
cis/COMpad4.cis
# serial_cs (GPL-3)
cis/SW_555_SER.cis
cis/SW_7xx_SER.cis
cis/SW_8xx_SER.cis
# dvb-ttpci (GPL-2+)
av7110/bootcode.bin
# usbdux, usbduxfast, usbduxsigma (GPL-2+)
usbdux_firmware.bin
usbduxfast_firmware.bin
usbduxsigma_firmware.bin
# brcmfmac (GPL-2+)
brcm/brcmfmac4330-sdio.Prowise-PT301.txt
brcm/brcmfmac43340-sdio.meegopad-t08.txt
brcm/brcmfmac43362-sdio.cubietech,cubietruck.txt
brcm/brcmfmac43362-sdio.lemaker,bananapro.txt
brcm/brcmfmac43430a0-sdio.jumper-ezpad-mini3.txt
"brcm/brcmfmac43430a0-sdio.ONDA-V80 PLUS.txt"
brcm/brcmfmac43430-sdio.AP6212.txt
brcm/brcmfmac43430-sdio.Hampoo-D2D3_Vi8A1.txt
brcm/brcmfmac43430-sdio.MUR1DX.txt
brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.txt
brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt
brcm/brcmfmac4356-pcie.gpd-win-pocket.txt
# isci (GPL-2)
isci/isci_firmware.bin
# carl9170 (GPL-2+)
carl9170-1.fw
# atusb (GPL-2+)
atusb/atusb-0.2.dfu
atusb/atusb-0.3.dfu
atusb/rzusb-0.3.bin
# mlxsw_spectrum (dual BSD/GPL-2)
mellanox/mlxsw_spectrum-13.1420.122.mfa2
mellanox/mlxsw_spectrum-13.1530.152.mfa2
mellanox/mlxsw_spectrum-13.1620.192.mfa2
mellanox/mlxsw_spectrum-13.1702.6.mfa2
mellanox/mlxsw_spectrum-13.1703.4.mfa2
mellanox/mlxsw_spectrum-13.1910.622.mfa2
mellanox/mlxsw_spectrum-13.2000.1122.mfa2
)

# blacklist of images with unknown license
# Flatcar: remove Alteon AceNIC drivers from unknown_license to install
# the firmware files: acenic/tg?.bin.
local unknown_license=(
korg/k1212.dsp
ess/maestro3_assp_kernel.fw
ess/maestro3_assp_minisrc.fw
yamaha/ds1_ctrl.fw
yamaha/ds1_dsp.fw
yamaha/ds1e_ctrl.fw
ttusb-budget/dspbootcode.bin
emi62/bitstream.fw
emi62/loader.fw
emi62/midi.fw
emi62/spdif.fw
ti_3410.fw
ti_5052.fw
mts_mt9234mu.fw
mts_mt9234zba.fw
whiteheat.fw
whiteheat_loader.fw
cpia2/stv0672_vp4.bin
vicam/firmware.fw
edgeport/boot.fw
edgeport/boot2.fw
edgeport/down.fw
edgeport/down2.fw
edgeport/down3.bin
sb16/mulaw_main.csp
sb16/alaw_main.csp
sb16/ima_adpcm_init.csp
sb16/ima_adpcm_playback.csp
sb16/ima_adpcm_capture.csp
sun/cassini.bin
adaptec/starfire_rx.bin
adaptec/starfire_tx.bin
yam/1200.bin
yam/9600.bin
ositech/Xilinx7OD.bin
qlogic/isp1000.bin
myricom/lanai.bin
yamaha/yss225_registers.bin
lgs8g75.fw
)

if use !unknown-license; then
einfo "Removing files with unknown license ..."
# Flatcar: do not die even if no such license file is there.
rm -v "${unknown_license[@]}"
fi

if use !redistributable; then
# remove files _not_ in the free_software or unknown_license lists
# everything else is confirmed (or assumed) to be redistributable
# based on upstream acceptance policy
einfo "Removing non-redistributable files ..."
local OLDIFS="${IFS}"
local IFS=$'\n'
set -o pipefail
find ! -type d -printf "%P\n" \
| grep -Fvx -e "${misc_files[*]}" -e "${free_software[*]}" -e "${unknown_license[*]}" \
| xargs -d '\n' --no-run-if-empty rm -v

[[ ${?} -ne 0 ]] && die "Failed to remove non-redistributable files"

IFS="${OLDIFS}"
fi

restore_config ${PN}.conf
}

src_install() {
# Flatcar: Don't save the firmware config to /etc/portage/savedconfig/
# if use !savedconfig; then
# Flatcar: take a simplified approach instead of cumbersome installation
# like done in Gentoo.
#
# Don't save the firmware config to /etc/portage/savedconfig/
# if we use !savedconfig; then
# save_config ${PN}.conf
# fi
rm ${PN}.conf || die
Expand All @@ -189,9 +367,41 @@ pkg_preinst() {
if use savedconfig; then
ewarn "USE=savedconfig is active. You must handle file collisions manually."
fi

# Fix 'symlink is blocked by a directory' Bug #871315
if has_version "<${CATEGORY}/${PN}-20220913-r2" ; then
rm -rf "${EROOT}"/lib/firmware/qcom/LENOVO/21BX
fi

# Make sure /boot is available if needed.
use initramfs && mount-boot_pkg_preinst
}

pkg_postinst() {
elog "If you are only interested in particular firmware files, edit the saved"
elog "configfile and remove those that you do not want."

local ver
for ver in ${REPLACING_VERSIONS}; do
if ver_test ${ver} -lt 20190514; then
elog
elog 'Starting with version 20190514, installation of many firmware'
elog 'files is controlled by USE flags. Please review your USE flag'
elog 'and package.license settings if you are missing some files.'
break
fi
done

# Don't forget to umount /boot if it was previously mounted by us.
use initramfs && mount-boot_pkg_postinst
}

pkg_prerm() {
# Make sure /boot is mounted so that we can remove /boot/amd-uc.img!
use initramfs && mount-boot_pkg_prerm
}

pkg_postrm() {
# Don't forget to umount /boot if it was previously mounted by us.
use initramfs && mount-boot_pkg_postrm
}