update_ucode: cleanup dangling symlinks during update
Microcode is not supposed to be removed during updates, so there are several possible code paths/situations when it is possible that symlinks are not completely cleaned up; as a result, when such a case occurs (for example, when there is a microcode, that is not supposed to be OS-loadable in the first place, added end then removed) a dangling symlinks may appear during updates; the most straightforward way to deal with it, it seems, is to just treat the microcode directories as being owned by the package (which they de-facto are) and simply cleanup all the dangling symlinks during an update. * update_ucode: Remove all the dangling symlinks at the end of common microcode removal phase; remove all the dangling symlinks in the kernel-specific directories at the end of the update process. * microcode_ctl.spec (Release): Bump to 2. (%changelog): Add an entry. Resolves: #2213022 Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
This commit is contained in:
Eugene Syromiatnikov
parent
396cd10b46
commit
04d5905f0e
|
|
@ -12,7 +12,7 @@
|
|||
Summary: CPU microcode updates for Intel x86 processors
|
||||
Name: microcode_ctl
|
||||
Version: %{intel_ucode_version}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Epoch: 4
|
||||
License: CC0 and Redistributable, no modification permitted
|
||||
URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
|
||||
|
|
@ -545,6 +545,9 @@ rm -rf %{buildroot}
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
|
||||
- Cleanup the dangling symlinks in update_ucode (#2213022).
|
||||
|
||||
* Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
|
||||
- Update Intel CPU microcode to microcode-20230214 release, addresses
|
||||
CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171237,
|
||||
|
|
|
|||
26
update_ucode
26
update_ucode
|
|
@ -151,6 +151,17 @@ while :; do
|
|||
$cmd rm -f $verbose_opt "$name"
|
||||
done
|
||||
[ "xlist" = "x$action" ] || {
|
||||
# Removing possible dangling symlinks
|
||||
find "${FW_DIR}/${INTEL_UCODE_DIR}" \
|
||||
-maxdepth 1 -mindepth 1 \
|
||||
-type l -printf '%p\n' \
|
||||
| while read -r fname; do
|
||||
[ -e "$fname" ] || {
|
||||
debug " Removing danging symlink \"$fname\""
|
||||
$cmd rm -f $verbose_opt "$fname"
|
||||
}
|
||||
done
|
||||
|
||||
$cmd rmdir -p $verbose_opt \
|
||||
"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
|
||||
|| true
|
||||
|
|
@ -225,6 +236,7 @@ fi | while read -r i; do
|
|||
fi
|
||||
done
|
||||
|
||||
|
||||
if [ -e "$FW_DIR/$k/readme-$i" ]; then
|
||||
if [ "xlist" = "x$action" ]; then
|
||||
echo "$FW_DIR/$k/readme-$i"
|
||||
|
|
@ -288,3 +300,17 @@ fi | while read -r i; do
|
|||
esac
|
||||
done
|
||||
done
|
||||
|
||||
# Removing possible dangling symlinks in kernel-specific directories
|
||||
debug "Checking for dangling symlinks..."
|
||||
for k in $(echo "$kernel"); do
|
||||
debug " Processing kernel version \"$k\""
|
||||
find "${FW_DIR}/${k}" \
|
||||
-mindepth 1 -type l -printf '%p\n' \
|
||||
| while read -r fname; do
|
||||
[ -e "$fname" ] || {
|
||||
debug " Removing danging symlink \"$fname\""
|
||||
$cmd rm -f $verbose_opt "$fname"
|
||||
}
|
||||
done
|
||||
done
|
||||
|
|
|
|||
Loading…
Reference in New Issue