From 2e5028549914ed82eb9efa542bde7acdbeda9e2a Mon Sep 17 00:00:00 2001 From: mhoellein Date: Mon, 3 Apr 2023 11:14:08 +0200 Subject: [PATCH] committing changes in /etc after apt run Package changes: +amd64-microcode 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1 amd64 +intel-microcode 3.20230214.0ubuntu0.18.04.1 amd64 +iucode-tool 2.3.1-1 amd64 +linux-generic-hwe-18.04 5.4.0.146.163~18.04.117 amd64 +linux-headers-5.4.0-146-generic 5.4.0-146.163~18.04.1 amd64 +linux-headers-generic-hwe-18.04 5.4.0.146.163~18.04.117 amd64 +linux-hwe-5.4-headers-5.4.0-146 5.4.0-146.163~18.04.1 all +linux-image-5.4.0-146-generic 5.4.0-146.163~18.04.1 amd64 +linux-image-generic-hwe-18.04 5.4.0.146.163~18.04.117 amd64 +linux-modules-5.4.0-146-generic 5.4.0-146.163~18.04.1 amd64 +linux-modules-extra-5.4.0-146-generic 5.4.0-146.163~18.04.1 amd64 --- .etckeeper | 6 +++ apt/apt.conf.d/01autoremove-kernels | 54 ++++++++++++----------- default/amd64-microcode | 13 ++++++ default/intel-microcode | 26 +++++++++++ kernel/preinst.d/intel-microcode | 17 +++++++ modprobe.d/amd64-microcode-blacklist.conf | 3 ++ modprobe.d/intel-microcode-blacklist.conf | 3 ++ 7 files changed, 97 insertions(+), 25 deletions(-) create mode 100644 default/amd64-microcode create mode 100644 default/intel-microcode create mode 100755 kernel/preinst.d/intel-microcode create mode 100644 modprobe.d/amd64-microcode-blacklist.conf create mode 100644 modprobe.d/intel-microcode-blacklist.conf diff --git a/.etckeeper b/.etckeeper index c558810c..f89b3936 100755 --- a/.etckeeper +++ b/.etckeeper @@ -2215,6 +2215,7 @@ maybe chmod 0644 'default/add-apt-key' maybe chmod 0644 'default/alsa' maybe chmod 0644 'default/amavis-mc' maybe chmod 0644 'default/amavisd-snmp-subagent' +maybe chmod 0644 'default/amd64-microcode' maybe chmod 0644 'default/anacron' maybe chmod 0644 'default/apache-htcacheclean' maybe chmod 0644 'default/apcupsd' @@ -2252,6 +2253,7 @@ maybe chmod 0644 'default/halt' maybe chmod 0644 'default/hddtemp' maybe chmod 0644 'default/icinga2' maybe chmod 0644 'default/im-config' +maybe chmod 0644 'default/intel-microcode' maybe chmod 0600 'default/iodine' maybe chmod 0644 'default/irqbalance' maybe chmod 0644 'default/isc-dhcp-server' @@ -3707,6 +3709,8 @@ maybe chmod 0755 'kernel/postinst.d/zz-update-grub' maybe chmod 0755 'kernel/postrm.d' maybe chmod 0755 'kernel/postrm.d/initramfs-tools' maybe chmod 0755 'kernel/postrm.d/zz-update-grub' +maybe chmod 0755 'kernel/preinst.d' +maybe chmod 0755 'kernel/preinst.d/intel-microcode' maybe chmod 0755 'kernel/prerm.d' maybe chmod 0755 'kernel/prerm.d/dkms' maybe chmod 0644 'kerneloops.conf' @@ -12544,6 +12548,7 @@ maybe chmod 0644 'mime.types' maybe chmod 0644 'mke2fs.conf' maybe chmod 0755 'modprobe.d' maybe chmod 0644 'modprobe.d/alsa-base.conf' +maybe chmod 0644 'modprobe.d/amd64-microcode-blacklist.conf' maybe chmod 0644 'modprobe.d/blacklist-ath_pci.conf' maybe chmod 0644 'modprobe.d/blacklist-firewire.conf' maybe chmod 0644 'modprobe.d/blacklist-framebuffer.conf' @@ -12552,6 +12557,7 @@ maybe chmod 0644 'modprobe.d/blacklist-rare-network.conf' maybe chmod 0644 'modprobe.d/blacklist-watchdog.conf' maybe chmod 0644 'modprobe.d/blacklist.conf' maybe chmod 0644 'modprobe.d/dkms.conf' +maybe chmod 0644 'modprobe.d/intel-microcode-blacklist.conf' maybe chmod 0644 'modprobe.d/iwlwifi.conf' maybe chmod 0644 'modprobe.d/vmwgfx-fbdev.conf' maybe chmod 0644 'modules' diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels index 07921d15..57033bae 100644 --- a/apt/apt.conf.d/01autoremove-kernels +++ b/apt/apt.conf.d/01autoremove-kernels @@ -1,61 +1,65 @@ // DO NOT EDIT! File autogenerated by /etc/kernel/postinst.d/apt-auto-removal APT::NeverAutoRemove { - "^linux-image-4\.15\.0-20-generic$"; "^linux-image-5\.0\.0-32-generic$"; - "^linux-headers-4\.15\.0-20-generic$"; + "^linux-image-5\.4\.0-146-generic$"; "^linux-headers-5\.0\.0-32-generic$"; - "^linux-image-extra-4\.15\.0-20-generic$"; + "^linux-headers-5\.4\.0-146-generic$"; "^linux-image-extra-5\.0\.0-32-generic$"; - "^linux-modules-4\.15\.0-20-generic$"; + "^linux-image-extra-5\.4\.0-146-generic$"; "^linux-modules-5\.0\.0-32-generic$"; - "^linux-modules-extra-4\.15\.0-20-generic$"; + "^linux-modules-5\.4\.0-146-generic$"; "^linux-modules-extra-5\.0\.0-32-generic$"; - "^linux-signed-image-4\.15\.0-20-generic$"; + "^linux-modules-extra-5\.4\.0-146-generic$"; "^linux-signed-image-5\.0\.0-32-generic$"; - "^linux-image-unsigned-4\.15\.0-20-generic$"; + "^linux-signed-image-5\.4\.0-146-generic$"; "^linux-image-unsigned-5\.0\.0-32-generic$"; - "^kfreebsd-image-4\.15\.0-20-generic$"; + "^linux-image-unsigned-5\.4\.0-146-generic$"; "^kfreebsd-image-5\.0\.0-32-generic$"; - "^kfreebsd-headers-4\.15\.0-20-generic$"; + "^kfreebsd-image-5\.4\.0-146-generic$"; "^kfreebsd-headers-5\.0\.0-32-generic$"; - "^gnumach-image-4\.15\.0-20-generic$"; + "^kfreebsd-headers-5\.4\.0-146-generic$"; "^gnumach-image-5\.0\.0-32-generic$"; - "^.*-modules-4\.15\.0-20-generic$"; + "^gnumach-image-5\.4\.0-146-generic$"; "^.*-modules-5\.0\.0-32-generic$"; - "^.*-kernel-4\.15\.0-20-generic$"; + "^.*-modules-5\.4\.0-146-generic$"; "^.*-kernel-5\.0\.0-32-generic$"; - "^linux-backports-modules-.*-4\.15\.0-20-generic$"; + "^.*-kernel-5\.4\.0-146-generic$"; "^linux-backports-modules-.*-5\.0\.0-32-generic$"; - "^linux-modules-.*-4\.15\.0-20-generic$"; + "^linux-backports-modules-.*-5\.4\.0-146-generic$"; "^linux-modules-.*-5\.0\.0-32-generic$"; - "^linux-tools-4\.15\.0-20-generic$"; + "^linux-modules-.*-5\.4\.0-146-generic$"; "^linux-tools-5\.0\.0-32-generic$"; - "^linux-cloud-tools-4\.15\.0-20-generic$"; + "^linux-tools-5\.4\.0-146-generic$"; "^linux-cloud-tools-5\.0\.0-32-generic$"; - "^linux-buildinfo-4\.15\.0-20-generic$"; + "^linux-cloud-tools-5\.4\.0-146-generic$"; "^linux-buildinfo-5\.0\.0-32-generic$"; - "^linux-source-4\.15\.0-20-generic$"; + "^linux-buildinfo-5\.4\.0-146-generic$"; "^linux-source-5\.0\.0-32-generic$"; + "^linux-source-5\.4\.0-146-generic$"; }; /* Debug information: # dpkg list: ii linux-image-4.15.0-20-generic 4.15.0-20.21 amd64 Signed kernel image generic -iF linux-image-5.0.0-32-generic 5.0.0-32.34~18.04.2 amd64 Signed kernel image generic +ii linux-image-5.0.0-32-generic 5.0.0-32.34~18.04.2 amd64 Signed kernel image generic +iF linux-image-5.4.0-146-generic 5.4.0-146.163~18.04.1 amd64 Signed kernel image generic +ii linux-image-generic-hwe-18.04 5.4.0.146.163~18.04.117 amd64 Generic Linux kernel image # list of installed kernel packages: 4.15.0-20-generic 4.15.0-20.21 5.0.0-32-generic 5.0.0-32.34~18.04.2 +5.4.0-146-generic 5.4.0-146.163~18.04.1 # list of different kernel versions: +5.4.0-146.163~18.04.1 5.0.0-32.34~18.04.2 4.15.0-20.21 -# Installing kernel: 5.0.0-32.34~18.04.2 (5.0.0-32-generic) -# Running kernel: 4.15.0-20.21 (4.15.0-20-generic) -# Last kernel: 5.0.0-32.34~18.04.2 -# Previous kernel: 4.15.0-20.21 +# Installing kernel: 5.4.0-146.163~18.04.1 (5.4.0-146-generic) +# Running kernel: 5.0.0-32.34~18.04.2 (5.0.0-32-generic) +# Last kernel: 5.4.0-146.163~18.04.1 +# Previous kernel: 5.0.0-32.34~18.04.2 # Kernel versions list to keep: -4.15.0-20.21 5.0.0-32.34~18.04.2 +5.4.0-146.163~18.04.1 # Kernel packages (version part) to protect: -4\.15\.0-20-generic 5\.0\.0-32-generic +5\.4\.0-146-generic */ diff --git a/default/amd64-microcode b/default/amd64-microcode new file mode 100644 index 00000000..7254c016 --- /dev/null +++ b/default/amd64-microcode @@ -0,0 +1,13 @@ +# Configuration script for amd64-microcode version 3 + +# +# initramfs helper +# + +# +# Set this to "no" to disable automatic microcode updates on boot; +# Set this to "early" to always install microcode updates to the early initramfs +# Set this to "auto" to autodetect mode for current system (default); +# +#AMD64UCODE_INITRAMFS=auto + diff --git a/default/intel-microcode b/default/intel-microcode new file mode 100644 index 00000000..b9584645 --- /dev/null +++ b/default/intel-microcode @@ -0,0 +1,26 @@ +# Configuration script for intel-microcode version 3 + +# +# initramfs helper +# + +# Set this to "no" to disable automatic microcode updates on boot; +# Set this to "auto" to use early initramfs mode automatically (default); +# Set this to "early" to always attempt to create an early initramfs; +#IUCODE_TOOL_INITRAMFS=auto + +# Set this to "yes" (default) to use "iucode_tool --scan-system" to reduce +# the initramfs size bloat, by detecting which Intel processors are active +# in this system, and installing only their microcodes. +# +# Set this to "no" to either include all microcodes, or only the microcodes +# selected through the use of IUCODE_TOOL_EXTRA_OPTIONS below. +# +# WARNING: including all microcodes will increase initramfs size greatly. +# This can cause boot issues if the initramfs is already large. +#IUCODE_TOOL_SCANCPUS=yes + +# Extra options to pass to iucode_tool, useful to forbid or to +# force the inclusion of microcode for specific processor signatures. +# See iucode_tool(8) for details. +#IUCODE_TOOL_EXTRA_OPTIONS="" diff --git a/kernel/preinst.d/intel-microcode b/kernel/preinst.d/intel-microcode new file mode 100755 index 00000000..d98b40cb --- /dev/null +++ b/kernel/preinst.d/intel-microcode @@ -0,0 +1,17 @@ +#!/bin/sh +# +# /etc/kernel/preinst.d script for intel-microcode version 3 +# Copyright (C) 2014 Henrique de Moraes Holschuh +# Released under the GPL v2 or later license +# +# This script makes sure the cpuid module is loaded, before the +# kernel image has a chance to replace it with a new one that +# might not be compatible with the current kernel. +# +# We need the cpuid module for iucode_tool --scan-system, +# which is used by the initramfs hook. +# + +grep -q cpu/cpuid /proc/devices || modprobe -q cpuid || true + +: diff --git a/modprobe.d/amd64-microcode-blacklist.conf b/modprobe.d/amd64-microcode-blacklist.conf new file mode 100644 index 00000000..1dc2c23c --- /dev/null +++ b/modprobe.d/amd64-microcode-blacklist.conf @@ -0,0 +1,3 @@ +# The microcode module attempts to apply a microcode update when +# it autoloads. This is not always safe, so we block it by default. +blacklist microcode diff --git a/modprobe.d/intel-microcode-blacklist.conf b/modprobe.d/intel-microcode-blacklist.conf new file mode 100644 index 00000000..1dc2c23c --- /dev/null +++ b/modprobe.d/intel-microcode-blacklist.conf @@ -0,0 +1,3 @@ +# The microcode module attempts to apply a microcode update when +# it autoloads. This is not always safe, so we block it by default. +blacklist microcode -- 2.43.0