[pve-devel] [PATCH manager 9/9] report: add microcode info to better assess possible system impacts

Stoiko Ivanov s.ivanov at proxmox.com
Fri Mar 22 17:44:17 CET 2024


On Fri, 22 Mar 2024 14:59:33 +0100
Alexander Zeidler <a.zeidler at proxmox.com> wrote:

> * list availability and installation status of `*microcode` packages
> * grep for applied "Early OS Microcode Updates"
> * grep for (un)patched CPU vulnerability messages
> 
> Signed-off-by: Alexander Zeidler <a.zeidler at proxmox.com>
> ---
>  PVE/Report.pm | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/PVE/Report.pm b/PVE/Report.pm
> index fe497b43..18c554ec 100644
> --- a/PVE/Report.pm
> +++ b/PVE/Report.pm
> @@ -108,6 +108,8 @@ my $init_report_cmds = sub {
>  		'dmidecode -t bios -q',
>  		'dmidecode -t memory | grep -E "Capacity|Devices|Size|Manu|Part" | sed -Ez "s/\n\t(M|P)[^:]*: (\S*)/\t\2/g" | sort',
>  		'lscpu',
> +		'apt list *microcode 2>/dev/null | column -tL',
While `apt` works really well and its output hasn't changed since I
started using it (wheezy or jessie) - I still want to mention it's output
when piping:
```
WARNING: apt does not have a stable CLI interface. Use with caution in
scripts. ```
potentially consider either using our code directly or switching to 
`dpkg -l`?
(but as said `apt` has been pretty stable, and we simply dump the output -
so probably the warning is not too relevant here)

> +		'dmesg | grep -i "microcode\|vuln"',
>  		'lspci -nnk',
>  	    ],
>  	},





More information about the pve-devel mailing list