B$${$4e@`Vv5
zivOLJk?E*FG*n)+p8>8nAUGn`TBqMAad)dsUQe@gFAFk!5tUe8Ho3S-6ZS*y+=_%q
zwV>bC|Jmg`znmsz{u=uUMqT&=p*riuSmO*+XL)pY;bBrG8AropRhr`;8OfC<*u2PP
z3eT^aWU@qpU2$I_#8!odJijMgre^c8WgE-s)J$mwPIe2R4iy`&D}_AJQC`~yg(=dn
zlX(^^P3f?I_3Rg=JS@N4x1+jugJd7=V;7}rDU9^NmsUvN%JJZ(#hidPGqN8DxPilu
zF>{}Qy)-_CxS{LLcl&bVc%XxZ$8mh~2HoQ8byTi%b1Oe-$zI~j*e)Kgb@hAO_UE0R
zO@4g+dZc#serk0g+xe~1DJT914UBZ&3La%aZXw#Vq&tlF&>|S)NGtKOmtT?SqP8hM>Q`hC&6o?1H*UZ@CmL89uPn^L=&6wfETjW_on0ah7lt5K+
zzQMm(iT58^`7}xjo7ukomm}r>YlK9xMg>AiR0p-DAEFnAQXU{^gb6w?$#ZBG25K5^zMVdAwx5b0OprHk+WMcxR)Xc
zYRe3bLen1i`komW(gl%K3hl_G&qed>BQnNC+gL!*T(oil#%>xEeiVJs{@$ccGr>x3
zq_`qWs%^}!V&xV|)^b&Z=A4_v6x>wvt7FHis<1bd68dl2!)LQyK4ZkaM2KxKJNRnS
zUL`yiLayIZo+^57iUfAs+0u3uzxbW*;g_)G`7cNF`JysqW
zrr&N~$-*CDIra`^^UCq5r0F1v)1RybTFw!$e%y3~m+>2p`^ficG`omt{hd-0~>#nW&yq%xVb?qyD)TVO-#2MfOp6
zv-t*-g7O1F3DMAt5CbTqCA+Td1d-6*+5_RySy#Ul?cp01!^3rB7UZy(!pvtjJ|8<|
z$8`;s2Gl=CrwJs7K{b=`c&9tO8~T%wjsLLgI*WquUW5dqlnUvS^k7h>w|lD>CVOiP
z5acH7rV)3$5n}Sf%H+eusSgv)cdLAgOqM&I&`rvzNoJv|fH~IMPODFuWO(>MSEA)P
z6K&^wk1z8>3+db$JD3O#c1592tMdgDv-)nc>Gc1aIhY=M$FNUV$8dDk;^p<
zPZqETVZMJ^lBGrMQQA2>zS~_Aruf-kP$37wW%s;W*f~_&sqOLD5$g`JyXvCJr6Q9B
zIvG;#{zGke)CudnND~hia%I-}atI3Lb)ew1!uUp#_13F1xK);9?&=o9@ZvHh$r&bD{$?b2WR0#Tes%DpB!0}ihXk_&
z)L>lmzOj)(lvKaMR0nU;D>~!o0&_4y-n^v^VY6^)IFLsi_3}q6>?IHzuq>pDRBV=K
zkL!^~s^)}^~T^9mD421(W(BL8Pk$xFi;eVgXqQ0X%;JL)M
zqjQK4FTBHRreyL|&(p|CFqVpGT@0f?a}q1o3dBqAm{LSwY2;)X(>ONWwz(y&GK5}8
zB`_p!AKsT?UfB$rSzH_NWz&u`U&YRSG@ZLrr1FeT%n3}ius(*WCgULq(4pt+zm6*y
z5QYB;`oU0FQD*Hb-u2?9R#D&$CniVeH(k-n)7ak6sAKoTE`;@zDy*YQcL7K+1II6}
zo6rEcuf>hR(@jl^xG*1~nH^CbqISFw6lt=9;w*rK7e7_YSc~cz8RB+fC{0`i*%drS
zuuL=krH3JD!M$)DxC@pg~%$YNuN5if{DGI=7FR?Op-(sNarZ9Uj
z(_4Dnt`S@tY6b}Ytm)71k9G+RgIcs;i&1rHQfu#SRbl4tx##Ou`z&b}f}mPVS-tzI
zh^DnH#({z!cGb6iQXVD@pHf1!*nN4f#hSR9fa}1}?Tnx2Q9nBd-h@?Q-gqtsqJO?St+2^&XK~3CA1%c#@#ihM@okuLnNoqyrRqQoAOb5<7
zqMETf(40@rlJm{AD56)mGtBGbPgv2;rLUViB$QI}cZx4;qU1NyvLGIrf4HzT(mUJ-
z`ZRuc9sU93Wu1Z1ibIaK_Ao2W8HCt&sD%$L;_~cTIHD(uBFVY>=c|Ej)wq3~zGLAr
zO5Cz3+d^{dPeVHk;UT$KkJB+J6nbByNe8FgzB5ERm-f9M2(Muy4u$&(hAgCt_+3xtB
zQMSQIf+`>8mZN+hCzFW_8=o-t61|(`@~R4ZZz=&1UFPDtjQp
zQhgUI%qCiMI4@&emm5
zs8?@N8zqjf5{_2<+=t1I`y)9%=hd-cK1Y-`V$DbKgxLpu;ys7@dhavc8Y7^kv`8{t
zIYCTUfz1S63PSVIv#0o1l=>({JuJ?=(V3Qez26vhF$LS~{p)oxHDb;mC8S
zYq=L(8VSzaPJ6pS9Bh~H++*4W=6K^=tzwTr>&1>vX44PemdOs>QKz$tKK43J$^EMr
zG}Eu^X*KH?TOM(Cj2!8A)0?+cDEJm`4Ohkw(Nh{o4Ja=noK?qgmE+OgY@?BU$3Oup@blNd9t-?(V|RJ;(I1-B=2eA_LG@QlO0?-*vtN0}{UgkSg)#1xim
zu9cat5LT|M;TOuiPe9-B?r06I&d#rtb#aa-7*@;p
zZ8%IsV*Y}Yf2)cGZ6*rr#^&NJ4UhCFnH_^4K_^n94ZguQ<*uKi{@(()I%$WIj)OEw
zC?9HpoXB-qMN8ub=E$L`JSRJWbp2Q+9fV1#8Wv%SL=Hufc8ur;X7v`+tX&uiEd}+C
zRNCX`k3J_?w#E_eMmRScd}9;3g)cp-%g#=0^-Z?Qcfw6|W=y=#s|TDJRVTZ8xrMGi
zb9xG&a1@g?y>wJ~71@@dSxtfM<3_!BQ46`(7`cu5pl34?S}=3ir%mZTn;=Lt7{x5X
zAbhI%L)`{8H*d{vu%x24q&nGNJ>5Famjs%XG~8YoI#tId4n^(uIS0*~bL}5AKR;-;
z$*>Y^;0Xp|wo7OB<{-L^I7lLfxw{A=L?{mg+?Frcp#|4WjFUrCdVzc!%f~C;yaxPr
z9V_c0U^qt6UU-fZn$$N>x*!l;=<#?6W6LH}Gp6@N=>R^fLzCQ!El@DTab;9q*odn2
z(iutFg!KBx%M-)1=x
zF@3O>V!W{ai+SY##5`-aKd5KwWNK~j-?2^#^zX86<{afwa<9zTY{1uQ^cWSkYG2^-
zpvD#J4KPI0{Ge{K+f)7%Ze#JNX@=7TawONoVdpsJ;nDkz?%2z&^SQ5VkN4wj`+alA
zs|j)29f#IuFQhCf1~|gZIhIW?Il4=xCw$u8ixl!;wY7!!5+dl9#b}^ShO}m%ieq3J
z=}Eyp;-N#;eiowMawq6bLSNnI`M&lZjm419hP1>*#=YyMrfRFQf9$fo_;Ic;O)Q0t
zb;_~4A`Z7#&_Ufh&l??tk8dVqp)z4*W;a$zar$hY8zAjGd*9c~?zDQ~G6$-DlxjPO
zRR7v>VPMOuT$m$LBxi>p!MO6kg@UU^fsaV3$sZT;5cYlLXKE!Q#j;cLrvT@pEkd-u
z{>Sj@YIt;#Bx?cBXK`;daW_~M$gMIHf_Nk`ms^b$!{{~OAHQKhJbr0(h6zZ0JX~dF
zL?&a5XgD6Z>*pgmUXi*vBoVto9uHRLD<;LmoHZM0=5!Mn)2ldmHnV}FW_V5RnmG6@
zJ}+)Pfv-RH^~YEhljhe+j}wADHT@snTW}3fF^lUk2S&}k(eF4{oH#q
z-k{wVyRLn&TGM?bCg9{+eIJ>EH*7@He7Ga1?0{L?zu
z-^MyAihq}NnbIh?kdz$iRVCqNuU-6^9+50a;qQkV+iOuQv$yGd-t3kH1yOF!+1#>T
zO%mxt#F4GSWpZjp(OP1%YNed4j!-_L%WKbVdv0Ns1dHQLQPVMcXMRnm*nIN`gtojJH|(?t<%UxQvyw^kk1KK$^Pd315%
z$2zMsF6S;)G*k+2i}lfaGYO;~i-qXmO*gp|)oa%_a)v~dqBU(v~vNPdgiudCHlsqh?XmetNd1>^nZsWp`!F1qLP*q=T8=qog;v%f=R%d!tMc^TbE8OF
zb!Qo#I=&(pBB66KS1ryUeg3|PHgWEa-rT#|AZngBsTYyzcv<}jvV=0>Z7-5hl;rdB
z##12Kq=xC4-%f~ry_(ebjD>Ez_2Bh2S$L$$dx-D}JI%Q*-%a88=4M7U#1z;gj_9&r
zDEH3Swe&C6asKDAj>go^kwnzUh~#NKi^R^>+MSk!|2Gq@?Tiep&F!52dBOGXM4bJ1
ziHMaA9{$);Ug{87;1{VrgGg?=lYDO^*MK95+GHF1?y^%tlG=uzF6oS@If~O!m?i0v
zH%K{xb$@Mglaaukxs*d&dvv)#;>$hC<5IeWIkrEgKLG*~yme}v{bxQXnm`fSKl9r=VN3R0W*^E)XvCx7J^@HeKY53l>ue|moVm?(g
zor`~#)-EaE#L{fs_`Ot7%yz)nDm?pK2{JcjHbp2i(odm2Bxj*?6`PS?m)fVG%^JBQ
z3E8!s^~m5rR`PtO+$3_w$zt>YyejRh$#F46I`c1s?8riv?GU_`_l8HJ-d5FgG1WxB
z(6>VcmFCz|Zbd#M9J2@5#97+KZ2IzRWV)_7
zs^`VNs6^KXUP$P4mt`L#P^1&bdK%t##t1<#3D
z{fmfn|Cxw?kDP#Ab8fFG
ztOS*hgm%ZWAch9K-SiJJr>f;^$De{cBAwQ85RrL?H$pbKrWDrKpdEOOJ7Q5sMN
z<}f9ZjQtFmb^!XNDOGYG=V;2xRa1aV%alyyY^r6T&+}F@ld99o%c(UD
z_H&PWv{%xuN1d_EQ1zH!P{Wi_~
z?^17P4HXCoWei2O$xDyje9-w!flLag-ZeB?y}dDL4f(?ab9nc|MHg-~Zlcljr+xTN
zXW905g9S1pYsN1dH6h
zI{tFgL}iyZrD!9V*qo7%O0>&
zUu7OKE0oBq`qb>M&*=XCiy_;x_|?3$61H1BP~uHF$_OsfZHG}1RHBIU19YX~6`upB
zod~^#A566agFZAND<&2!ub*-h%~VXI~i{E=`um$q!6i`8<+m$!B_n&MIP&;=+5x#zVRO>
z&)|KyH@EzNq!&Fu^#t%LT^anPg9fwE_ssPT0JQ+Ib#dZ-(r0AfF+5;6E{PO$aXMzv
zu@M~xR3|z2>GEwc-~5#QB;egO&|&gus+i1$Q6k$wa>a-`C^Z+B%Y}2Wg`1?x>NJS|
zvJASzB|`sZ-d$yt)_2z({^B_Y>s&1s1>d}_UZS91-}c3Kb`wpEtPpPv1VZBoftMZM
zs+1q2lXd$CVnHt%iqp!e
z+&Qc=L5u(Uby>V&PQeweZ*A-%GFkHeqfFg92RSRQeckbAO?d+$%I2>~&$=4BW|7{}
z<(@+QM2hR0lJacvWpojERtXXMUk>!ttmW3!5lqdk(uk_G~H4Iby>T@5xP-)9#jqI9o#~e!y;bFK}pf~Qp
z+(|YC_4C6}ONkwFwvNqacv$JHw$+%_3=J*Ofg%S6E{)T0BttVykf>UZFY|fdi0HiF
zu%E@zes-6OgO!-9g`IHlp!#~J5x=vii)t>bW1}|VDUPI;t8bN1cp<7N>h70*e7-9F
z=O23|%}KS7ih~a|KYT5kce{zU6Sz!fLd~p+Ib2H7nWMDr;Zc-NxRAA56k}G)n3r=O&@>k=y+Us`~slL
zO3FxrFMt4P@DF(0z?PSAvoHk!85ueN4lIZWAcI%;NWdr-e4v0aG&rpSAE;pbB+&pq
z&_R&EQ{_(w9tiqZ+5yJ+zwrPV)BKis+EBs@E{h3HC%^{=#2;m!@-2d(ewBTS@_Jwa
z0&w0o_{ap`h~&QxfQq7m766E=h%vt6VSVb%ubTc$S(%wRd70UHSy)I|*?3twcsW>r
zSB@68&NA`6$zxwbL0r)_&{~!I31vf11H&zB?vfzKTm-;t;>K_md3qXMr
zW>!{a$ml=%_Zln@^&8uQF(~E_84$S75HWw$@Bbtdi}35-pxBf9RM50RSL><3w2S
zeSc$ruj|*kA2|1Vhko{7W~vf7Aoc1|a^1A^(P9{)V6Az_$US!G#%r$2)NR?Fs&TihhNMKfzz=
zQx3Sgr{+(BV`N~pB?t&aq6F-BpK`$)uzm$_ql-zwf(roPJ(~dh1oXXybCAmb;2{Hi
zU6vUL_J)>a)(-X#t$&i=?E~5XKX9d;;1h7u7X$$y0U&8-)&^fk1C;f87IMHjNq;Hr
zsSp5+0-=CCVEt4c1e^kZvcYS>tLHtqi41=T{EGFUdjLS^al+RgTTlN9{~1C#|3v?f
zQi=aXX?)>&z#BjUx7i->?gQ)>!9Q$aa78OCPLjY8Kmx!5JisfU9S{PTg5K5F_bQw!
zP)PN<@+g2gB6lTs1;sJ{ukQ=iIvwyDi1~wGP|%=PAXwlL1oC5euw(3I1XES9fdL@1&@>Co)gu>TNsM`9!3nXy(0BB{UjtOf5pFe@*6$L{2}p#gr9OLjxxtB{<;hX(@z5UU?TpaA_e$F
z6CAaI&qjOxgW&H%!r*#@!5D8$Ub{dSumz9cD5-U@1009gJhaf6%31Ob##u!@wpG1n7X%NO0-@MOc_xFxE@f+tKSl?$R^W
ztJG^;Xk1`g;8-YG7+45cPzG|K)uG8kS?we3Aw#1=gQ1(Cdq&+4M%81W-t4|Xrq)Zt
zFU4QMSHwrdufeCp7sr>vkHNRbN5;>@-^4!!|4x7$;djEd!fxII3-;dB!oDWIP}zlrvP!KE@u?
z{uV7V>Wy09s&UQ+nxXq
z)PLC}MDYKxODMqjU)d!L;QT-B5_T~DS9S?MI3EP@$2_S7#t^^p#qY8Ee{O34U~_93
z_yC|HA|WFopdvp*Mn^-%z@fpz!N$g6A*Upy;bjxx=V9aK5|-9c5Ej>v;NpH|qonc1
z(9GOSP~O4a-q=mY#LNhUhK`Pdh4TUr?}d>lH+bppe;OWpK-u8VL4$3+C$sN&02?Gw
z&@ixY;P+y&viikj!I6u8?!;1_
zJf&bWbo7TuzP#+``hy
z`K^nqo4d#R4*`Ke!6Bisaq$TsKP4t5XXoVR!y0f6-m4vA#7u2nC!D|4&C{ILAG-fcD(84dH_>FfUs+ySe
zE@JxowZ`VKq7wzvgp6f=l&&~47xZMSq-X-e1bEm;!365JKLSmS_lHDz>G`-m$1t=*w1hICvNy;wRX1D5WIj0=
zXZev{ve&rNXdU@;LD97Pa#=t@LOzkXFunIT57oQ1%Ou14X9}+Yb%Mf(^Sv*gbobppCmq*v$l$G7rpNDIW^mp5SvW1ETyUyS2TV2;&4%jhZXGK
z8@)@;AuHGATqs~?l%
zH%zHY^CyWGao^lLNN|sJ+fzmkN>rnf8Wy|Kyh+sma&|jwcVzJ%^}O%-j8k&%jh%y#
zM-Tcw7hSjQB8*3cWfG(977P{u+i6A}>a`!qV%}QuBtP9V^V4#%NG7OW~oDOF*Xjg$CgUx!Nq|4_Arz0h8a(C;bRTLw&{bC6qIZ
zxH~ZiW7T=Zg=3EO-e+dlN};}k&&NYW5Znh-8xV3<5h)!eZEijvPe5Izz5jHm##yT0
zl3PtwP(+pY36qz-!4ZdB?uvdXg)A{VrIICZvogYj)-ii62iw>bf!Wg2?dA6IN?D9Q
zTfYaL>b8dH=cISGbxygo8H|3U@0z?@8;g#AzCy{ffd5W0{2qJLiRGs03NveH3Cnzb
zVW);}+g@(CW6xu=pccO(2g-F!2myODw=mO+Wus|JUDl)^i{p|9F3SbO791$9XKpI
zUG;2#9>mGpN=W5!1c}MKCfE$M$P}gx^rg|$Gh!BXdf~MA?)G9?S{d`f=}-%wg4L1I
zzL>S=3ql1)UXOj%X9GO+j;t^5Z|58%E@_8)&=#bJ8}Z58c;_|j2xx7aRc+LYb7+RH
zsB&2Og)q6^ShbOUl*!YFaS9+TN*;+_S|#f`{?6oK59Z7EwuS&Vjm*MKtgx6Fzl&h}gJ1U7)9!-2w^{kZzT0s>lAH4fzutro*!KXI
zluBaiatV{(wqN$%5GyHQ^ms_Or@bzLo$2h2r5z{nr!5GbM2AQ=hoqZZkZhmJP3o~!
zlpRci(^g|y9&{Q0xFq|2AN-h#XU}tbqWV-}!IXuZNMG8Po*ILEc->Y)&iiOIg
z6=s)0YBU67%k2iV(T<-@S2)O$KX|CS>I;ZT1WJLyw?ombPvOl^nF
zC0n(0~J=M73(E#zja_DQl>6Fff-7*>lnGU-hcY
z9Brn5^I(R>v2)S}Pnw)k%Y@J^>RWWpQ7-%lpN=63{B$tl;u^Ctb;?o7NE_$`Z7n6)
zS7;AMnLormXmwuXld*MnN0jnS`}M5V?t<-l#>T5Ed`YyAu@~~U?(=S+MEdEdosR|cq?Ktzs{Z=94|H!E{=~
z)>IHFnGmT-s(ukjy7SA~a)xYLpWw-orVX`GCDRBhv!c=wT}qbw*yz!k0ZRaE>Q?Gc
z%ngd!p2?DY<~wQOT?b~D*=I7-1X
zgouy8-r^Hol=UHn^})LjZ>ek1Cigha!ra2GQe;vhHAbw>(uEXfR1fiLR$ik8zG9Vz
zBs{c`X|Ivh6E4T4?BN1)-O;t>##P%u%GkTH-G5YTYZGBC5Sv$GRZ^9XRW@-wlqvp!Vs09Flzgg5h;6>hFj?kY@5IBVb`v%Z30PJHA!2HV*0{cO*P*2OC;P5v`
zND0Hh0S1$d9P9|eg8c@p$un>X@cz~(KjaVLU-6Sy1%SYpXu)0x1PBTQ2?1V9{1w0}
z;AoIgV5f=)iR_Zx$@-jBOcFG`iZv2%;sq?#bo#qnDMVvhS8K3i<=M}q2;OP4
zg}*2>eyE>g$XL{RRy)H6Zz6G{fU}jMD9dsuX#mCS@dfwmuvIRbk4)VVYtWB~*P>2oD~Lc|Ax`U`evl
zPY~oW;we=qQM^~RxVZWfv&zWISF}EcJVHT};Y(gqVk?Ceui?rfqLl$+(V2|6APph>
zj?|ed7oKggUp_V)S=^wcy-=!3H!Vea7WsA`Ot;h~asK`{hR=vO{O0gyAyKEW$ljJ~
z-^Hd4bi$H|T}jAcg=#@1XUPqh*2-1B?_%hVUR)BQXr8j$A5spel2E-wIvwCS)axzi
z^oDL*KFn=Q5mFXMMPVX%u<#{1F*#s0w8f&i*U@4!s;_gWw8wNjQ8ZYqcI?Icgrq!6
zW=4R{v7!;h%43>4G?cx(Jjy6@A}TkSz{m_*Sj+(MH+gClV&uE*M3X4)tQk
z%>MU1lXrX+GUi9d!g|W~3Ox2D5gq3ww|G8W>IArH@q~Rl3h>}<6sBY1B&D)2jz4xI
zyFN^x*h*|fZre8C@GWd_RS?sS4JSy`ucKGypXj{y?47SQ6~m`^wH&N(y8V)HMEH&-
zvx1>wcdi^#GOYI0lzO8-`kM-sGIMzN6)e_w75|$VRsp&Rq>x$7@AMtSO7f4ub92F>
z&hzEEY~oi#Fq1S{`0U(E0UF%|&k5RQ2W=C-2o-?k+EtdP7zblr8&=B}6$
z2sei@0dM}|qpp?~Rh+#=oZJKEaK#!N+2w!%-B2A#Sl#ti0iC>tezvZUr0g*u#?*_<
zxA-{a65%`d(~WI%6)
zHiy;~uyC9RviZ&+;(fQpG1!y&Xm@!7y-`3EL48V5(nq(qx@BG^
zXYSRE#7^1#3H3W1wBkK~B4O3A{#pZk_f&)J*(c}l`MB$tg|*S}Fkmce)EmVn_1mVh
zUA@ZN`c`GRY?e~@he^YwRYY^H9*XcKmhDv*lTQ8PXFti~B~91O#;{lK2U?N_UMY8yzuv5Rr1C=|FNGbQWd{SkC#Nv#Io_Z(MU?2StZ!Zhl5*}(Qh7Obo<
zjc+)%OW#04`$9NTKGRFuug2?dMFMi50~~QC9qZu^@dsgKce@~SWBi?JxDmXNwtPbyY_%W@
z8yq1+kRRL^L6lFL%LelLdwUyR55sMtO7^Ccv)v
zcy;aQfNB%?v;UPa^Jp>%Dg;I#w*46lFIv+h=<5lp*n1}?)EIstJ;~_j%PZnu19X_3
z!zUXYS5~3zvk-^1&nlR9Hm}^nCYtidzD0G7s4UOK*oyX;3S~-LLq$A?d%hauQo64|
z1c`rJ!cOI0_*O=+R>Wld(SxTZ$;+qJOZUFLLiwQW3sLmMUbQo8VMa*%hsH#KM4ExA
zV!E6~{nf#Sc51r0v5PI2ZPgm~ksR;Jb#2eg2v7*MYhPwO+qd?HXt9LP-#NL~8V0-`
z*>4D3Ps42R6c&5+?Ha<|2Qs7E%G0UKdetxp49W=b!`q4zGPTQ!Pnayo4b>K()X6=<;D&3X&T0qvwEmq$#Ug
zKOm5KlVDTvt^nP?1G<8BN#+A$2bNiG;Co#6wK-H?Cbzm461t19(vBbZOJA5@Zsg10
zZ}iqv3|`02R)>^LXP+OEXYf69M0{cFVTE}E{UvtP=a_*o--RndK>r&Id)YJ#qcbH-
ze1rhX8_AY$ua4J#Aj{=ceG1gSs4BCZxvR4IY^9sJQ%LY$lZ+&?wJ>v_ep)S=RLVLM
z13|HlhkTr*fAW5v*vicz7$eqo{1wbs#+m(Ay}}Jx>d@<=$4~e#KpB5+!g=~|_V?#+
zmG*(cXe#2GdGJ2|iEY;*^fF$?<3jJOHEW35{90HdcX)7{0E_K_Gn~t{ai`qy-W^L*
zU&-E@<&`Bg@K*HieFTWCZ*GDN#&S5mMv@ej^gL|5RY{6ai=J-i(co)HU
ztzTghEZR7-LJcXS5e-!wwQ5|NV{Tqzbrg4<=UPtq#W}1A(>XItBc&&w-{nA^2?aP;
zK$(`5Z%G`IG)sAkP|IC9M#6J6X4P8;w#jWC_I`MWxe&;2xJK!I1luMj+~$;2Gvzw9
z5MH@DOzdUx#pC6cYj=S}XH0dvTZv*zfLr9fLTKnKo5s@kR0#}MDbkbxk#%0d?)i%K
zcykzdA_byb6`T(|JV;`Ug)oR&&=lK>;mKb+XBz5lyt5p=aLALOjNE>u>R-pp2?lCi&a&uzOtifSoZ^H15)7eY(qG=8
z2x;X1DKCgrtjr(@TYMVi`aVo4tyd?H3z0ctLNx%5wls2KHkvlTA3DVIl)V`SSCrU&
z>cEMDUs`FflDg5-0ONvT9?sDwRt#3W?TU{$Y<9h}CfyEEeaf?|$)7t3RZj75AI?Gm
z@J}BRNzj2mpZ)u{LYCF2z-O{n=QOuK)TpHw-pATDg@=B1f*(4$^!C_C77*^E)rcp5
zw$Q7*|Dap5yJ{Z6MTUm1)9?5-1K)_Y1Syy&cfMiCEF7gcKOi|K(p8SBy2`8Vxfn&``t@rP
zxSdE`T02(9wU_TLs#u}{|X_3k_FIP`;&J|*<3r6h_IUE?_sT_Pw)
zI2-F>#d8Fm3mmcm9(lwcd_p8THh3+r?O>?5wClU;@nW|{)|2fg?2z@=R-_O#vibr!9n=giUBl{y!q}M*O;0aXjKO~^vzr^>V+J)DGWZh
zQdy(+h*|&M-QMa;wIO$mBKMW!hUK@b&UoEI+gCenq#RB1dTS=8jaO
za?TTBk1l$&_NeHf_l%b*&Xytj^-o4a?KLU_Git>C;iaGx^rGbl6eweo?A>e|Mn)
z2U9ey@XV_Sk;1qC$Di|62#5^oY1b3@`)av(6Jcmb0R1iaO(Z<(C)9?NA&oMx0b|%l
zHFzdTr@WPMFXDI{_b6_0-ZkO2wFwUF;l?-zm1K=~&U?B?H22PUA()%!rZrAoWZNHpE}sQU1RLU}Zi1e<9%S%Boi*
z_-AEN)x!SdPUWkMTN<<&-n2T4Zl5_HjbeFuAE2XnIeIk2$5lDO;)X3mfOsye;yC+x
zb!B{TWQlE@Lt56cwa*fzBmfT=lCw1K<4@-g^BfSGRy5Crc3?Ls8AC{O!bD_%ilTjm
zRI=yfi_0Fb#2MYbHG68*BPZEx3KB2BB(xR}9Mj3|phY&xD2Wpt2$bbAo>aacz)Uln
z*IiP~4Hx!WR+|*y?MPMs$l?9@2UcfBmYH{M$w5fy(qv;EE4g-QMNB;@Tc&c3ErQ8;
zzXc8~(|}u`$a=il-i%h{sH9M|;!MgXMZ%~-bys>q7iqzaRi{3KOX!~ncr5zWIHp=d
z2c_w$pZ}Gz7K=6iSy|FZu#ZNLcpNuES6_w5+b&u(Gq%UX+^J$Yt}(31A0y?k++uw{
zW4iBHjrPX6NU9E~WY6YSiQ6g@ERMcaW+L3R_9EZn7gK~5Tv8Apsqc*!Obrk~K4QYV^
zS}O=GvW5H>U65)T>ei#wZf348t{kF0g#@lJM-P9L3V%G{m3_tG-H90de>UsIOpks!
z)6EyB#vR^#@3Z!|>wh!v#((U=5?H?HE*-)Qtg>V5fB2`}bE(wI>JM!%;q$AyY~d{=
zDi?lgyTo(3x&{MpcGaYdjrxiHY`rI^pRz=UF+5|CT#s^=NwGo=po5rF8x-`L%Yl<-)l~
ze;#@{i#_3i+=27!5Ac2#mc5==yYJ17*J0ABFE*w*?Vfn&*321tO#z=jr!Cuh(AIk4
zS9y{06&FHgaVtBqXj)!;#$-~w_ePJ~{}u65Di!Z)9G$!-rnb~S?#zsi!@qT(GB%%g
z_>^-}(1*X>^c;)P6ZZNFd6{A(#<#k
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 54641b2..99316b8 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -24,6 +24,9 @@ if [[ $EUID != 0 ]]; then
exit 1
fi
+# ignore this line. hack to make shellcheck ignore $target
+if [[ ! $target ]]; then target=; fi
+
if ! type -t fcopy &>/dev/null; then
sudo apt-get -y install fai-client
fi
@@ -185,12 +188,17 @@ EOF
dns=systemd-resolved
EOF
- $FAI/distro-install-common/ethusb-static
+
+ if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then
+ # for running from fai or remote connections, don't kill the internet
+ ethusb_arg=-c
+ fi
if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
&& ip n show 10.2.0.1 | grep . &>/dev/null; then
- : # we are at home. note: logic duplicated in btrbk-run
+ # we are at_home
+ $FAI/distro-install-common/ethusb-static $ethusb_arg
else
- $FAI/distro-install-common/ethusb-nm
+ $FAI/distro-install-common/ethusb-static off $ethusb_arg
fi
@@ -222,6 +230,7 @@ fi
if ifclass LINODE; then
mkdir -p $target/etc/initramfs-tools/conf.d
+ # shellcheck disable=SC2154 # comes with LINODE environment
cat >$target/etc/initramfs-tools/conf.d/mine <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ apt-get -y install wget
+ wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb
+ $ROOTCMD dpkg -i /tmp/x.deb
+ $ROOTCMD apt-get update
+ $ROOTCMD apt-get -y install linux-libre
+ fi
;;
esac
diff --git a/faiserver-disable b/faiserver-disable
index 65e2aa8..74aaef8 100755
--- a/faiserver-disable
+++ b/faiserver-disable
@@ -1,16 +1,17 @@
#!/bin/bash
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
-source "${script_dir}/bash-trace"
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat </dev/null; then
echo "$0: disabling fai nfs exports or apache site"
./faiserver-disable-local
else
- echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site"
- ssh root@$(chost faiserver) bash >/srv/fai/nfsroot/root/.ssh/known_hosts
done
@@ -369,6 +362,6 @@ echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/in
# the logsave prompted because the hostname faiserver was uknown.
# Here it was faiserver.lan when running from a faiserver vm.
# When running from a normal host with faiserver alias, it was the normal hosts name.
-$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts
# ditch the logo banner up top which screws with less.
touch /srv/fai/nfsroot/.nocolorlogo
diff --git a/faiserver-uninstall b/faiserver-uninstall
index 71a4ea0..8392b35 100755
--- a/faiserver-uninstall
+++ b/faiserver-uninstall
@@ -15,20 +15,25 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
usage() {
- cat </dev/null || continue
if [[ -e $dir/boot ]]; then
dir=$dir/boot
fi
- e install -m 755 -o root -g root bash-trace $dir
e install -m 755 -o root -g root chboot $dir
done
e umount $mount_point
diff --git a/lk b/lk
index b757fcc..3364717 100755
--- a/lk
+++ b/lk
@@ -74,4 +74,4 @@ fi
# I don't know whats going on, but just running the same
# command again once it finishes works, and this is only
# rarely used and done manually anyways, so whatever.
-pxe-kexec -n --ignore-whitelist -l fai-generated faiserver
+pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz
diff --git a/mk-basefile-big b/mk-basefile-big
index 95d2e9f..1a6b6a9 100755
--- a/mk-basefile-big
+++ b/mk-basefile-big
@@ -16,11 +16,13 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+PATH="$this_dir:$PATH" # directory of this file
usage() {
cat < /srv/fai/config/class/51-multi-boot
rm -rf $t; mkdir -p $t
+# shellcheck disable=SC1007 # intentional
LANG= fai -N -u hostname_does_not_matter dirinstall $t
# Turn a dirinstall into a basefile. taken from mk-basefile
diff --git a/myfai-chboot b/myfai-chboot
index a653ae6..aa3c088 100755
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -19,13 +19,15 @@
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat </dev/null; then
./myfai-chboot-local "$@"
else
diff --git a/myfai-chboot-local b/myfai-chboot-local
index 7dea8f2..ca4d32e 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -130,7 +130,7 @@ else
fi
if modprobe nfsd &>/dev/null; then
- std_arg="-u nfs://faiserver/srv/fai/config"
+ std_arg="-u nfs://faiserver.b8.nz/srv/fai/config"
# nfsv4 wont do rw with overlayfs yet
# https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
@@ -150,9 +150,9 @@ EOF
fi
systemctl start nfs-server # assumes recent os
else
- std_arg="-u http://faiserver:8080/config.tar.gz"
- root_arg="live:http://faiserver:8080/squash.img"
- /a/exe/web-conf -i -p 8080 - apache2 faiserver <
Deny from all
Allow from $ip
@@ -169,7 +169,7 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
default_k_args=$(fai-chboot -L '^default$' | \
sed -r "s/^(\S+\s+){3}(.*)/\2/")
# example of default_k_args
-# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install
+# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install
# https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
# currently on needed on d16 samsung 870 qvo, but better to have this
diff --git a/mymk-basefile b/mymk-basefile
index 9dc7b14..1f32665 100755
--- a/mymk-basefile
+++ b/mymk-basefile
@@ -16,12 +16,15 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-script_dir="${x%/*}"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <&2;exit 1;}; . $f
+set -e; . /usr/local/lib/bash-bear; set +e
+
usage() {
cat < $(date +%s) )); then
+ if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then
if ! opkg update; then
echo "$0: warning: opkg update failed" >&2
fi
@@ -157,7 +159,7 @@ pi() {
pmirror
fi
done
- if [[ $to_install ]]; then
+ if (( ${#to_install[@]} >= 1 )); then
opkg install ${to_install[@]}
fi
}
@@ -238,7 +240,7 @@ fi
if $secrets; then
key=${rkey[$h]}
fi
-: ${key:=pictionary49}
+: "${key:=pictionary49}"
mask=255.255.0.0
cidr=16
@@ -536,8 +538,7 @@ EOF
# option config /etc/openvpn/client.conf
# EOF
-wgip4=10.3.0.1/24
-wgip6=fdfd::1/64
+
wgport=26000
network_restart=false
@@ -577,10 +578,10 @@ if $network_restart; then
v /etc/init.d/network reload
fi
-firewall-cedit() {
- if $client; then
- cedit wific /etc/config/firewall <
Date: Tue, 21 May 2024 20:12:20 -0400
Subject: [PATCH 07/14] bug fix
---
fai/config/distro-install-common/ethusb-static | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static
index f6cdd62..c55b93d 100755
--- a/fai/config/distro-install-common/ethusb-static
+++ b/fai/config/distro-install-common/ethusb-static
@@ -99,7 +99,10 @@ dns=8.8.8.4;8.8.8.8;"
exit 1
fi
else
- ip=$(getent ahostsv4 $HOSTNAME.office.fsf.org | awk '{ print $1 }' | head -n1)
+ if ! type -p dig &>/dev/null; then
+ apt-get install dig
+ fi
+ ip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
net_info="address1=$ip/24,192.168.0.1
dns=192.168.0.10;192.168.0.25;"
fi
--
2.30.2
From 4fad63c276c02e4a668fdd979b18342234827fd0 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Sun, 26 May 2024 17:34:24 -0400
Subject: [PATCH 08/14] fixes, minor config change
---
.../distro-install-common/ethusb-static | 197 ++++++++++--------
wrt-setup-local | 10 +-
2 files changed, 120 insertions(+), 87 deletions(-)
diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static
index c55b93d..fc31af1 100755
--- a/fai/config/distro-install-common/ethusb-static
+++ b/fai/config/distro-install-common/ethusb-static
@@ -30,27 +30,19 @@ shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
m() { printf "%s\n" "$*"; "$@"; }
## begin arg parsing ##
force=false
-conf_only=false
-comment='# iank file id: ethusb-dhcp-v1'
off=false
while [[ $1 ]]; do
case $1 in
- -c)
- conf_only=true
- ;;
-f)
force=true
;;
off)
off=true
- comment='# iank file id: ethusb-static-v1'
;;
*)
echo "$0: error unexpected argument: $1" >&2
@@ -65,14 +57,77 @@ done
shopt -s nullglob
-# we already configured the interface once, afterwards, comment and
-# uncomment to enable/disable. This makes it so we don't depend on /p
-# being mounted.
+wiredx=1
+
+# device that has an eth0, but we aren't using it because it is
+# broken. We could just hardcode a mac comparison with `cat
+# /sys/class/net/eth0/address` but this is cooler.
+if [[ -e /sys/class/net/eth0 ]]; then
+ bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }')
+ if [[ $bus_info != usb* ]]; then
+ wiredx=2
+ fi
+fi
+
+eth_dev=eth$(( wiredx - 1 ))
+
+nm_con=$(nmcli device show $eth_dev | \
+ awk '$1 == "GENERAL.CONNECTION:" {out=$2; for(i=3;i<=NF;i++){out=out" "$i}; print out}' ||:)
+
+if [[ ! $nm_con ]]; then
+ nm_con="Wired connection $wiredx"
+fi
+
-conf=/etc/NetworkManager/system-connections/ethusb-static.nmconnection
-if ! $force && [[ -s $conf ]] && grep -qFx "$comment" $conf; then
- # we already ran successfully in the past to set things this way, so
- # do nothing.
+con_exists=false
+if nmcli con | grep -q "^$nm_con " &>/dev/null; then
+ con_exists=true
+fi
+
+declare -a args
+if $off; then
+
+ if ! $con_exists; then
+ echo "warning: no existing connection: $nm_con found in output of nmcli con"
+ exit 0
+ fi
+
+
+ tmpstr=$(nmcli con show "$nm_con" 2>/dev/null | sort -r | awk '$1 == "ipv4.method:" || $1 == "ipv4.addresses:" || $1 == "ipv4.gateway:" || $1 == "ipv4.dns:" || $1 == "GENERAL.STATE:" {print $2}' )
+ {
+ read -r ipv4_method
+ read -r ipv4_gateway
+ read -r ipv4_dns
+ read -r ipv4_addresses
+ read -r state
+ }<<<"$tmpstr"
+
+ reup=false
+ if [[ $state == activated ]]; then
+ reup=true
+ fi
+
+ if [[ $ipv4_method != auto ]]; then
+ args+=(ipv4.method auto)
+ fi
+ if [[ $ipv4_addresses != -- ]]; then
+ args+=(-ipv4.addresses "$ipv4_addresses")
+ fi
+ if [[ $ipv4_dns != -- ]]; then
+ args+=(-ipv4.dns "$ipv4_dns")
+ fi
+ if [[ $ipv4_gateway != -- ]]; then
+ # undocumented in t11 man nmcli. guessed randomly
+ args+=(ipv4.gateway 0.0.0.0)
+ fi
+ if (( ${#args[@]} >= 1 )); then
+ m nmcli con mod "$nm_con" "${args[@]}"
+ if $reup; then
+ m nmcli con up "$nm_con"
+ fi
+ else
+ echo "$0: found expected state, nothing to do."
+ fi
exit 0
fi
@@ -82,14 +137,17 @@ if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
# we are at_home=true
while read -r ip_suf host mac; do
+ if [[ ! $ip_suf || $ip_suf == \#* ]]; then
+ continue
+ fi
if [[ $mac != usb ]]; then
continue
fi
if [[ $host == ${HOSTNAME}c ]]; then
- net_info="address1=10.2.0.$ip_suf/16,10.2.0.1
-dns=8.8.8.4;8.8.8.8;"
-
+ ip=10.2.0.$ip_suf/16
+ gateway=10.2.0.1
+ dns=8.8.8.4,8.8.8.8
break
fi
done
/dev/null; then
apt-get install dig
fi
- ip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
- net_info="address1=$ip/24,192.168.0.1
-dns=192.168.0.10;192.168.0.25;"
+ myip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
+ if [[ ! $ip ]]; then
+ echo "$0: error: didnt detect home network and failed to get office ip"
+ exit 1
+ fi
+ dns=192.168.0.10,192.168.0.25
+ gateway=192.168.0.1
+ ip=$myip/24
fi
-wiredx=
-
-# device that has an eth0, but we aren't using it because it is
-# broken. We could just hardcode a mac comparison with `cat
-# /sys/class/net/eth0/address` but this is cooler.
-if [[ -e /sys/class/net/eth0 ]]; then
- bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }')
- if [[ $bus_info != usb* ]]; then
- wiredx=2
+if ! $force && $con_exists; then
+ current=$(nmcli con show "$nm_con" 2>/dev/null | sort -r | awk '$1 == "ipv4.method:" || $1 == "ipv4.addresses:" || $1 == "ipv4.gateway:" || $1 == "ipv4.dns:" {print $2}')
+ expected="manual
+$gateway
+$dns
+$ip"
+ if [[ $current == "$expected" ]]; then
+ echo "$0: found expected state, nothing to do."
+ exit 0
fi
fi
-ethx=$(( wiredx - 1 ))
+m nmcli con mod 'Wired connection 1' ipv4.method manual ipv4.addresses $ip ipv4.gateway $gateway ipv4.dns $dns
+state=$(nmcli con show "$nm_con" 2>/dev/null | awk '$1 == "GENERAL.STATE:" {print $2}')
+if [[ $state == activated ]]; then
+ m nmcli con up "$nm_con"
+fi
-uuid=$(nmcli con show "Wired connection $wiredx" 2>/dev/null | awk '$1 == "connection.uuid:" {print $2}' ||:)
-if [[ ! $uuid ]]; then
- # just a uuid that nm generated for me at some point
- uuid=0da4c614-6a3c-3ad2-8d4b-c6eebe0814c3
-fi
+# example of down cli
+#nmcli con mod 'Wired connection 1' ipv4.method auto -ipv4.addresses 10.2.0.9/16 ipv4.gateway 0.0.0.0 -ipv4.dns "8.8.8.4,8.8.8.8"
-# This template is the result of running, for example
+# FYI: the result of running, for example
# nmcli con mod "Wired connection 1" \
+ # ipv4.method manual \
# ipv4.addresses "10.2.0.23/24" \
# ipv4.gateway "10.2.0.1" \
# ipv4.dns "8.8.8.4,8.8.8.8"
-# which creates a fille named "Wired connection 1.nmconnection",
-# below. I see no reason to keep the same file name, or a bunch of
+# creates a fille named "/etc/NetworkManager/system-connections/Wired connection 1.nmconnection",
+# below.
+#
+# The nmcli man page says you should just edit files in that dir and
+# then run nmcli con reload to reread them all to load your changes, but
+# I've found that to be unreliable, the systemd journal would say
+# something like "reload happened" then nothing would change in the
+# connect that the file clearly modifies, so I switched over to using
+# the command line and just ignoring those files.
+#
+# I see no reason to keep the same file name, or a bunch of
# setting that seem irrelevant, and empty sections don't seem to do
# anything according to the man page.
+#
# [connection]
-# id=Wired connection 2
+# id=Wired connection 1
# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7
# type=ethernet
# interface-name=eth1
@@ -160,45 +235,3 @@ fi
# method=auto
# [proxy]
-
-{
- cat </dev/null | awk '$1 == "GENERAL.STATE:" {print $2}' ||:)
-
- reup=false
- if [[ $state == activated ]]; then
- reup=true
- fi
-
- m nmcli con reload
-
- if $reup; then
- m nmcli con down $uuid
- m nmcli con up $uuid
- fi
-fi
-
-if ! grep -F "$comment" $conf; then
- printf "%s\n" "$comment" >>$conf
-fi
diff --git a/wrt-setup-local b/wrt-setup-local
index 527e4a8..092e486 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -617,7 +617,7 @@ EOF
esac
{
- /root/cmc-firewall-data
+ . /root/cmc-firewall-data
cat <
Date: Fri, 7 Jun 2024 00:05:47 -0400
Subject: [PATCH 09/14] general improvements
---
.../distro-install-common/ethusb-static | 246 +++++++++++-------
wrt-setup-local | 4 +-
2 files changed, 148 insertions(+), 102 deletions(-)
diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static
index fc31af1..0a6d1ae 100755
--- a/fai/config/distro-install-common/ethusb-static
+++ b/fai/config/distro-install-common/ethusb-static
@@ -32,6 +32,130 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
m() { printf "%s\n" "$*"; "$@"; }
+
+set-dynamic() {
+
+ reup=false
+ if [[ $cur_state == activated ]]; then
+ reup=true
+ fi
+
+ if [[ $cur_method != auto ]]; then
+ args+=(ipv4.method auto)
+ fi
+ if [[ $cur_ip != -- ]]; then
+ args+=(-ipv4.addresses "$ipv4_addresses")
+ fi
+ if [[ $cur_dns != -- ]]; then
+ args+=(-ipv4.dns "$ipv4_dns")
+ fi
+ if [[ $cur_gateway != -- ]]; then
+ # undocumented in t11 man nmcli. guessed randomly
+ args+=(ipv4.gateway 0.0.0.0)
+ fi
+ if (( ${#args[@]} >= 1 )); then
+ m nmcli con mod "$nm_con" "${args[@]}"
+ if $reup; then
+ m nmcli con up "$nm_con"
+ fi
+ else
+ echo "$0: found expected state, nothing to do."
+ fi
+ exit 0
+ set-nm
+}
+
+detect-net() {
+
+ # this assumes we have wifi up
+ if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ net=home
+ elif ip r show default | grep 'via 10.0.3.1 dev wlan0' &>/dev/null && [[ $(timeout 1 dig +short @10.0.3.1 -x 10.0.3.1) == cmc1.lan. ]]; then
+ net=work
+ else
+ echo "$0: error could not detect network"
+ exit 1
+ fi
+
+}
+
+set-nm() {
+ m nmcli con mod "$nm_con" ipv4.method manual ipv4.addresses $ip ipv4.gateway $gateway ipv4.dns $dns
+ state=$(nmcli con show "$nm_con" 2>/dev/null | awk '$1 == "GENERAL.STATE:" {print $2}')
+ if [[ $state == activated ]]; then
+ m nmcli con up "$nm_con"
+ fi
+
+}
+
+get-ip() {
+
+ case $net in
+ home)
+
+ while read -r ip_suf host mac; do
+ if [[ ! $ip_suf || $ip_suf == \#* ]]; then
+ continue
+ fi
+ if [[ $mac != usb ]]; then
+ continue
+ fi
+ if [[ $host == ${HOSTNAME}c ]]; then
+
+ ip=10.2.0.$ip_suf/16
+ gateway=10.2.0.1
+ dns=8.8.8.4,8.8.8.8
+ break
+ fi
+ done
/dev/null; then
+ if [[ $cur_method != manual ]]; then
+ echo "$0: error. Need to be on wired network to get our ip"
+ exit 1
+ fi
+ set-dynamic
+ sleep 10
+ fi
+ myip=$(timeout 1 dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
+ if [[ ! $myip ]]; then
+ echo "$0: error: didnt detect home network and failed to get office ip"
+ exit 1
+ fi
+ dns=192.168.0.10,192.168.0.25
+ gateway=192.168.0.1
+ ip=$myip/24
+
+ ;;
+ esac
+}
+
+
+get-cur-val() {
+ local key
+ key=$1
+ printf "%s\n" "$tmpstr" | awk '$1 == "'$key':" {print $2}'
+}
+
+get-cur() {
+ tmpstr=$(nmcli con show "$nm_con" 2>/dev/null)
+
+ cur_method=$(get-cur-val ipv4.method)
+ cur_ip=$(get-cur-val ipv4.addresses)
+ cur_gateway=$(get-cur-val ipv4.gateway)
+ cur_dns=$(get-cur-val ipv4.dns)
+ cur_state=$(get-cur-val GENERAL.STATE)
+}
+
+
## begin arg parsing ##
force=false
@@ -54,10 +178,11 @@ done
## end arg parsing ##
-
+## begin common setup / detection ##
shopt -s nullglob
wiredx=1
+declare -a args
# device that has an eth0, but we aren't using it because it is
# broken. We could just hardcode a mac comparison with `cat
@@ -74,120 +199,41 @@ eth_dev=eth$(( wiredx - 1 ))
nm_con=$(nmcli device show $eth_dev | \
awk '$1 == "GENERAL.CONNECTION:" {out=$2; for(i=3;i<=NF;i++){out=out" "$i}; print out}' ||:)
-if [[ ! $nm_con ]]; then
+if [[ ! $nm_con || $nm_con == -- ]]; then
nm_con="Wired connection $wiredx"
fi
-
-con_exists=false
-if nmcli con | grep -q "^$nm_con " &>/dev/null; then
- con_exists=true
+if ! nmcli con | grep -q "^$nm_con " &>/dev/null; then
+ # Note: we could support creation through a file or via
+ # nmcli, but right now I'm ok with just having plugged in a device once
+ # since this os was installed.
+ echo "error: no existing connection: $nm_con found in output of nmcli con"
+ exit 0
fi
-declare -a args
-if $off; then
-
- if ! $con_exists; then
- echo "warning: no existing connection: $nm_con found in output of nmcli con"
- exit 0
- fi
-
- tmpstr=$(nmcli con show "$nm_con" 2>/dev/null | sort -r | awk '$1 == "ipv4.method:" || $1 == "ipv4.addresses:" || $1 == "ipv4.gateway:" || $1 == "ipv4.dns:" || $1 == "GENERAL.STATE:" {print $2}' )
- {
- read -r ipv4_method
- read -r ipv4_gateway
- read -r ipv4_dns
- read -r ipv4_addresses
- read -r state
- }<<<"$tmpstr"
+if ! type -p dig &>/dev/null; then
+ apt-get install dig
+fi
- reup=false
- if [[ $state == activated ]]; then
- reup=true
- fi
+get-cur
+## end common setup / detection ##
- if [[ $ipv4_method != auto ]]; then
- args+=(ipv4.method auto)
- fi
- if [[ $ipv4_addresses != -- ]]; then
- args+=(-ipv4.addresses "$ipv4_addresses")
- fi
- if [[ $ipv4_dns != -- ]]; then
- args+=(-ipv4.dns "$ipv4_dns")
- fi
- if [[ $ipv4_gateway != -- ]]; then
- # undocumented in t11 man nmcli. guessed randomly
- args+=(ipv4.gateway 0.0.0.0)
- fi
- if (( ${#args[@]} >= 1 )); then
- m nmcli con mod "$nm_con" "${args[@]}"
- if $reup; then
- m nmcli con up "$nm_con"
- fi
- else
- echo "$0: found expected state, nothing to do."
- fi
+if $off; then
+ set-dynamic
exit 0
fi
+detect-net
+get-ip
-if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
- && ip n show 10.2.0.1 | grep . &>/dev/null; then
- # we are at_home=true
-
- while read -r ip_suf host mac; do
- if [[ ! $ip_suf || $ip_suf == \#* ]]; then
- continue
- fi
- if [[ $mac != usb ]]; then
- continue
- fi
- if [[ $host == ${HOSTNAME}c ]]; then
-
- ip=10.2.0.$ip_suf/16
- gateway=10.2.0.1
- dns=8.8.8.4,8.8.8.8
- break
- fi
- done
/dev/null; then
- apt-get install dig
- fi
- myip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
- if [[ ! $ip ]]; then
- echo "$0: error: didnt detect home network and failed to get office ip"
- exit 1
- fi
- dns=192.168.0.10,192.168.0.25
- gateway=192.168.0.1
- ip=$myip/24
-fi
-
-if ! $force && $con_exists; then
- current=$(nmcli con show "$nm_con" 2>/dev/null | sort -r | awk '$1 == "ipv4.method:" || $1 == "ipv4.addresses:" || $1 == "ipv4.gateway:" || $1 == "ipv4.dns:" {print $2}')
- expected="manual
-$gateway
-$dns
-$ip"
- if [[ $current == "$expected" ]]; then
- echo "$0: found expected state, nothing to do."
- exit 0
- fi
+if ! $force && [[ "$cur_method $cur_gateway $cur_dns $cur_ip" == "manual $gateway $dns $ip" ]]; then
+ echo "$0: found expected state, nothing to do."
+ exit 0
fi
-m nmcli con mod 'Wired connection 1' ipv4.method manual ipv4.addresses $ip ipv4.gateway $gateway ipv4.dns $dns
+set-nm
-state=$(nmcli con show "$nm_con" 2>/dev/null | awk '$1 == "GENERAL.STATE:" {print $2}')
-if [[ $state == activated ]]; then
- m nmcli con up "$nm_con"
-fi
# example of down cli
diff --git a/wrt-setup-local b/wrt-setup-local
index 092e486..ac33e3a 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -791,7 +791,7 @@ config redirect
option src wan
option src_dport 80
option dest lan
- option dest_ip $l.2
+ option dest_ip $l.9
option proto tcp
config rule
option src wan
@@ -804,7 +804,7 @@ config redirect
option src wan
option src_dport 443
option dest lan
- option dest_ip $l.2
+ option dest_ip $l.9
option proto tcp
config rule
option src wan
--
2.30.2
From fd92920315ea1ec28049041f74011324c750c667 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Fri, 7 Jun 2024 00:46:48 -0400
Subject: [PATCH 10/14] enable ecne and noble
---
fai/config/basefiles/mk-basefile | 4 +++-
fai/config/class/50-host-classes | 20 ++++++++++++------
.../etc/apt/preferences.d/ecne-noble/ECNE | 3 +++
.../noble-firmware/NOBLE_FIRMWARE | 3 +++
.../etc/apt/sources.list.d/aaa-ecne.list/ECNE | 11 ++++++++++
.../apt/sources.list.d/noble.list/ECNE_EXTRA | 1 +
.../apt/sources.list.d/noble.list/JAMMY_EXTRA | 1 +
.../etc/apt/sources.list.d/noble.list/NOBLE | 14 ++++++++++++
fai/config/hooks/partition.DEFAULT | 4 ++++
fai/config/package_config/ARAMO.gpg | Bin 3471 -> 8 bytes
fai/config/package_config/ECNE.gpg | Bin 0 -> 3471 bytes
fai/config/package_config/ECNE_EXTRA.gpg | 1 +
fai/config/scripts/LAST/50-misc | 2 +-
mymk-basefile | 1 +
14 files changed, 56 insertions(+), 9 deletions(-)
create mode 100644 fai/config/files/etc/apt/preferences.d/ecne-noble/ECNE
create mode 100644 fai/config/files/etc/apt/preferences.d/noble-firmware/NOBLE_FIRMWARE
create mode 100644 fai/config/files/etc/apt/sources.list.d/aaa-ecne.list/ECNE
create mode 120000 fai/config/files/etc/apt/sources.list.d/noble.list/ECNE_EXTRA
create mode 120000 fai/config/files/etc/apt/sources.list.d/noble.list/JAMMY_EXTRA
create mode 100644 fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE
mode change 100644 => 120000 fai/config/package_config/ARAMO.gpg
create mode 100644 fai/config/package_config/ECNE.gpg
create mode 120000 fai/config/package_config/ECNE_EXTRA.gpg
diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile
index d449c60..91c4ea3 100755
--- a/fai/config/basefiles/mk-basefile
+++ b/fai/config/basefiles/mk-basefile
@@ -48,6 +48,7 @@ EXCLUDE_NABIA=udhcpc,dibbler-client,info
EXCLUDE_JAMMY=udhcpc,dibbler-client,info
EXCLUDE_ARAMO=udhcpc,dibbler-client,info
EXCLUDE_NOBLE=udhcpc,dibbler-client,info
+EXCLUDE_ECNE=udhcpc,dibbler-client,info
# here you can add packages, that are needed very early
INCLUDE_DEBIAN=
@@ -269,6 +270,7 @@ prtdists() {
JAMMY64
ARAMO64
NOBLE64
+ ECNE64
SQUEEZE32 SQUEEZE64
WHEEZY32 WHEEZY64
JESSIE32 JESSIE64
@@ -358,7 +360,7 @@ case "$target" in
SLC6_32) slc i386 6 ;;
SLC6_64) slc amd64 6 ;;
SLC7_64) slc amd64 7 ;;
- BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
+ BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*|ECNE*)
debgeneric $target $MIRROR_TRISQUEL ;;
TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)
debgeneric $target $MIRROR_UBUNTU ;;
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 600fd1a..25567e5 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -31,14 +31,14 @@ echo FAIBASE STANDARD DEBIAN
# things installed, to speed up installation.
#
# STRETCH64, BUSTER64, BULLSEYE64, BOOKWORM64
-# FLIDAS64, FLIDAS64BIG, ETIONA64, NABIA64, ARAMO64
+# FLIDAS64, FLIDAS64BIG, ETIONA64, NABIA64, ARAMO64, ECNE64
# XENIAL64, BIONIC64, FOCAL64,
#
# The distro subvol name, we can add as many of these as we want:
# VOL_TESTING, VOL_STRETCH, VOL_BUSTER, VOL_BULLSEYE, VOL_BOOKWORM
-# VOL_FLIDAS, VOL_ETIONA, VOL_NABIA, VOL_ARAMO
-# VOL_XENIAL, VOL_BIONIC VOL_FOCAL
-# VOL_BUSTER_BOOTSTRAP.
+# VOL_FLIDAS, VOL_ETIONA, VOL_NABIA, VOL_ARAMO, VOL_ECNE
+# VOL_XENIAL, VOL_BIONIC, VOL_FOCAL, VOL_JAMMY, VOL_NOBLE
+# VOL_BULLSEYE_BOOTSTRAP, VOL_BOOKWORM_BOOTSTRAP.
# Using VOL_BUSTER_BOOTSTRAP sets up the install to act like a pxe rom if
# grub sets a specific var.
#
@@ -48,7 +48,7 @@ echo FAIBASE STANDARD DEBIAN
# BULLSEYE_FREE, BULLSEYE_NONFREE
# BOOKWORM_FREE, BOOKWORM_NONFREE
# TESTING_FREE, TESTING_NONFREE,
-# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, NABIA, ARAMO.
+# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, NABIA, ARAMO, ECNE.
#
# It's all a little redundant in some cases, but it keeps things
# simpler.
@@ -135,6 +135,8 @@ exit 0
#echo FSF
if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
case $HOSTNAME in
+ # bullseye based minimal recovery / bootstraping os:
+ _) echo BOOKWORM64 VOL_BOOKWORM_BOOTSTRAP BOOKWORM_FREE ;;
# bullseye based minimal recovery / bootstraping os:
_) echo BULLSEYE64 VOL_BULLSEYE_BOOTSTRAP BULLSEYE_FREE ;;
# flidas
@@ -142,9 +144,11 @@ if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
# etiona
_) echo UBUNTU ETIONA64 VOL_ETIONA ETIONA ;;
# nabia
- _) echo UBUNTU NABIA64 VOL_NABIA NABIA NABIA_EXTRA ;;
+ _) echo UBUNTU NABIA64 VOL_NABIA NABIA ;;
# aramo
- _) echo UBUNTU ARAMO64 VOL_ARAMO ARAMO ARAMO_EXTRA ;;
+ _) echo UBUNTU ARAMO64 VOL_ARAMO ARAMO ARAMO_EXTRA JAMMY_FIRMWARE ;;
+ # ecne
+ _) echo UBUNTU ECNE64 VOL_ECNE ECNE ECNE_EXTRA NOBLE_FIRMWARE ;;
# stretch
_) echo STRETCH64 VOL_STRETCH STRETCH_NONFREE ;;
# buster
@@ -163,6 +167,8 @@ if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
_) echo UBUNTU FOCAL64 VOL_FOCAL FOCAL ;;
# jammy
_) echo UBUNTU JAMMY64 VOL_JAMMY JAMMY ;;
+ # NOBLE
+ _) echo UBUNTU NOBLE64 VOL_NOBLE NOBLE ;;
esac
fi
###### end Template for 51-multi-boot ######
diff --git a/fai/config/files/etc/apt/preferences.d/ecne-noble/ECNE b/fai/config/files/etc/apt/preferences.d/ecne-noble/ECNE
new file mode 100644
index 0000000..4e12926
--- /dev/null
+++ b/fai/config/files/etc/apt/preferences.d/ecne-noble/ECNE
@@ -0,0 +1,3 @@
+Package: *
+Pin: release n=noble,o=Ubuntu
+Pin-Priority: -100
diff --git a/fai/config/files/etc/apt/preferences.d/noble-firmware/NOBLE_FIRMWARE b/fai/config/files/etc/apt/preferences.d/noble-firmware/NOBLE_FIRMWARE
new file mode 100644
index 0000000..f26de6b
--- /dev/null
+++ b/fai/config/files/etc/apt/preferences.d/noble-firmware/NOBLE_FIRMWARE
@@ -0,0 +1,3 @@
+Package: linux-image-generic linux-firmware intel-microcode amd64-microcode
+Pin: release n=noble,o=Ubuntu
+Pin-Priority: 1001
diff --git a/fai/config/files/etc/apt/sources.list.d/aaa-ecne.list/ECNE b/fai/config/files/etc/apt/sources.list.d/aaa-ecne.list/ECNE
new file mode 100644
index 0000000..7313dac
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/aaa-ecne.list/ECNE
@@ -0,0 +1,11 @@
+deb http://archive.trisquel.org/trisquel/ ecne main
+deb-src http://archive.trisquel.org/trisquel/ ecne main
+
+deb http://archive.trisquel.org/trisquel/ ecne-updates main
+deb-src http://archive.trisquel.org/trisquel/ ecne-updates main
+
+deb http://archive.trisquel.info/trisquel/ ecne-security main
+deb-src http://archive.trisquel.info/trisquel/ ecne-security main
+
+deb http://archive.trisquel.org/trisquel/ ecne-backports main
+deb-src http://archive.trisquel.org/trisquel/ ecne-backports main
diff --git a/fai/config/files/etc/apt/sources.list.d/noble.list/ECNE_EXTRA b/fai/config/files/etc/apt/sources.list.d/noble.list/ECNE_EXTRA
new file mode 120000
index 0000000..fdba700
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/noble.list/ECNE_EXTRA
@@ -0,0 +1 @@
+NOBLE
\ No newline at end of file
diff --git a/fai/config/files/etc/apt/sources.list.d/noble.list/JAMMY_EXTRA b/fai/config/files/etc/apt/sources.list.d/noble.list/JAMMY_EXTRA
new file mode 120000
index 0000000..fdba700
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/noble.list/JAMMY_EXTRA
@@ -0,0 +1 @@
+NOBLE
\ No newline at end of file
diff --git a/fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE b/fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE
new file mode 100644
index 0000000..cda7d9c
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE
@@ -0,0 +1,14 @@
+# multiverse needed for libfdk-aac1, which is actually free
+# https://www.gnu.org/licenses/license-list.html#fdk
+
+###### Ubuntu Main Repos
+deb http://archive.ubuntu.com/ubuntu/ noble main universe multiverse
+deb-src http://archive.ubuntu.com/ubuntu/ noble main universe multiverse
+
+###### Ubuntu Update Repos
+deb http://archive.ubuntu.com/ubuntu/ noble-security main universe multiverse
+deb http://archive.ubuntu.com/ubuntu/ noble-updates main universe multiverse
+deb http://archive.ubuntu.com/ubuntu/ noble-backports main universe
+deb-src http://archive.ubuntu.com/ubuntu/ noble-security main universe multiverse
+deb-src http://archive.ubuntu.com/ubuntu/ noble-updates main universe multiverse
+deb-src http://archive.ubuntu.com/ubuntu/ noble-backports main universe
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 530a34d..36f858c 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -714,6 +714,8 @@ if [[ ! $DISTRO ]]; then
DISTRO=ubuntufocal
elif ifclass VOL_JAMMY; then
DISTRO=ubuntujammy
+ elif ifclass VOL_NOBLE; then
+ DISTRO=ubuntunoble
elif ifclass VOL_FLIDAS; then
DISTRO=trisquelflidas
elif ifclass VOL_ETIONA; then
@@ -722,6 +724,8 @@ if [[ ! $DISTRO ]]; then
DISTRO=trisquelnabia
elif ifclass VOL_ARAMO; then
DISTRO=trisquelaramo
+ elif ifclass VOL_ECNE; then
+ DISTRO=trisquelecne
elif $mkroot2 || $mkroot2tab; then
:
else
diff --git a/fai/config/package_config/ARAMO.gpg b/fai/config/package_config/ARAMO.gpg
deleted file mode 100644
index 58057f6c8594d41c77bcbf17af40e5eca896e804..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 3471
zcmai$S5y;-x`mTaLy<_YF?1M#(4{3bDbl4EMF`Rf#U%8OH0fO!29PE)2vVdfB1Mp*
zNR=dllpqL^-rJco_sqKY;jVlCw|~Fvm%YCA6@nNkZ36-*fDi!Q^y}mR#-T_pEUUoc
zW|I~NUpjCldy+(IDg2;x@@?Jr*ukMyqs7q);caCN*u67vigS5eWT3jU_DylzJx1;E
zc>ntv+FN&C$|Ti?q^4^_Zt*1X1+9pr7-BR|hL
zDOxMk64u|t=KsjBzRrwK(*TQG_VlDxzlmX~`1!^U6`qv*K(M#c;i|TFL6ut5t-^^n
z_J->?+2tZde6{3Li`d@oM*4{lfjT`aFR*m*%5j~J`*oMUKAZR=dYf>dp};N)&)j7Y
zA$Cy+ZFOFxh2oCxZyMR5N>lZlKgq`o*vD^ZoB*x^0l*d+%SWD=0Gz82OwYs$Zsh5U
z3x=s-|C32RbPaU%(fH?;^7M7{Lneb1DOrGY0Ddaazn28!p`fA%)6!5-vC)BP>8aQ$
zKtKQp3IuUP1L(kzMx|jL2CD1uwP~h9dD4`K0kr%`(K(RuYKUnQPmb&0U)}MO*E&2A
zeEG1xY}miQbZRwIs~N$=xCy>DioL&*7Mn3cp-_YL2tp`u{KmYT`>>TE7O{>a$VoP*
zkT*_h^$;?iq3Ey8&|eJsMkPhr;uj0iPLKaqPuWHq-6
zSv+;GjbnV(c-#A)f)`}|<#f%-i@T(EF|F`Cw(2CE2>V(RW%iyH=v=Jeaxr_8EI@N!6?9F1^&jWf$72
zYUPy4=p;gFC-(E0g58hCQbL0_8MBIgbY{%0JnJFFV^i}bKmi^c6E;Xh7K*x8093>v
zoV7U?NO5Ph%0SCBu;ahk^NKFLKl`=;XZk1u&x5^UF0osPh<#-`QU4z*CdQq1T>f-4
zAykGX7pYhFP5!>3fw4lcSCc|lsT#nQTuF8
zN|nEw>($FnpWR7t{IP^Tl2^TMLmJofPCdKN2h>wSSkJMBHcp@|hA`ySXx~UJPwg{|
z0jeg)Z8zPH`n#C==QvIIggP|=`J4m~=nj_G1X>&KC*7yn9ABS!OG9#1n;K15XGG}|
zNxLXq@FvL!
z4IZk`9`yU0J;|UOl$?Ko1pE(382%?PddHcrJk{?ozM=Y_4;x{XLT);2`^_JI)syEm
zeTq7ZElwEIY5Vg?g*Rki0Qpso@hq}0N=V%(fEf7ly7On9X}#w+aMX_o3qFLyf<@JK
zwr0_%pX0iIk7uWRDRgZlt-2T*nc8o_e|J>_-ZY957JK_fw6P{*qHj^M;-)hAI{eBF
zQjSvSIBht$S>`Aki}Na*)fR69=#vR
zLImo^4*Z|+B5RV#w%tlm5-okc*#{PZ;9q@-4r=<^C5?9>a^@X8R%fW4f>^_bcF0}8
zoS5EuK!PQ3GW1}UeR%*Dcr3NvuWjX487bbGeTdRF+~K*NI_Vmu^VQj{cKd!HtGYzK
z47zPR=__WIQ=8m-W!^5M1C^DHlipWPw-S(5bYvmzJM81l)um{cg5?@&oQ7YSX=Lcz
zyj8xOHmcEFSd{5;mUKp0M)ExE>R(TEE-dF4&VDYrS}~`n`?e5
zQWihlEIuvML+BA3(26McR+V!bD*THWE@rZ$f7!|lkB*Ur=QG1c?PCGMb@M%GA(3$f
z+z|{VDM<&7l_L?*BPefuXGby=b_ek+g}A|wBbnoiAS7R!ffF5@Ca84jm-l~Dwy
zB<1tk*f8$&uoN&VA@@lE0;6)~BKFs#oZP&4V%sj#gXF`F_D5{7ZB1)U@UU
zNz3zk=@nY+hIJ6SamByzMGzUQsezt?DNU)M*!?OOL|!?=_Dj8(Ml
z14$v~aZA_T9@1Rx`d~dvmWwRYpKz1MfOGc+cGVLg4fb+esAa?n-%%aqkSyUZ$>v@5Q)
zGn=A=u3m#2#S|lebu?aiT+%K0ia|Qbw>49_nj*OdYyVnyAP11URrTY^*{3p;ZDFTj
z=wx>@vPoIxbocf2b%z$aU&XTaz|)bMb>NiJd?#3T)h|xoh}a@
zvJ?3XVJ+`Fbu)`#)6%A?&G<5B*h6*0I0dEW<9PE}G8?aGOXSt={g!sTaqnJS*b-2Q
z25x-^wv%&tqC|K)o@sc|D_tS5TPMp+xv%#d0|)s~HirJ$xg-NuQUa&K#Tz?j_H*4|
zEl1tsd|y>IZz0szuAuTC1!iEG*Ok;X>B_M^8trQ7By)l946fJ!9oeknGpa{L{MmwM
z;cUrJ41-sa1JvUEbgOicb_yOI))z$#jK-AtYf=q*e(-qw-79L_#i(k$;{Y@0z(50u
z^e$c}e3F6*pDe>yeIxE7}9yvf`;pPdWM$z$ieG8Ex6;X}w|Nb7C3pExYVur#XTeK1WQ
zmQbIm%h$vzR-MzWVz+JtS`(C-2CVm-JLC)SYeI-^@r$7Rj(#SQi}}z9ttqOsM?V(D
zlV39yavC`~nhx?bGfs{duIoIHG(hJ)Zi8&^4D;zgv#q?$hIVN~Z{bJ(s8~{vm2T7Y
kDK58jDM_m@{W4`V&cSo>@T=Npjm1F5D{276Uqc4`3p!M6MF0Q*
diff --git a/fai/config/package_config/ARAMO.gpg b/fai/config/package_config/ARAMO.gpg
new file mode 120000
index 0000000..4c6b790
--- /dev/null
+++ b/fai/config/package_config/ARAMO.gpg
@@ -0,0 +1 @@
+ECNE.gpg
\ No newline at end of file
diff --git a/fai/config/package_config/ECNE.gpg b/fai/config/package_config/ECNE.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..58057f6c8594d41c77bcbf17af40e5eca896e804
GIT binary patch
literal 3471
zcmai$S5y;-x`mTaLy<_YF?1M#(4{3bDbl4EMF`Rf#U%8OH0fO!29PE)2vVdfB1Mp*
zNR=dllpqL^-rJco_sqKY;jVlCw|~Fvm%YCA6@nNkZ36-*fDi!Q^y}mR#-T_pEUUoc
zW|I~NUpjCldy+(IDg2;x@@?Jr*ukMyqs7q);caCN*u67vigS5eWT3jU_DylzJx1;E
zc>ntv+FN&C$|Ti?q^4^_Zt*1X1+9pr7-BR|hL
zDOxMk64u|t=KsjBzRrwK(*TQG_VlDxzlmX~`1!^U6`qv*K(M#c;i|TFL6ut5t-^^n
z_J->?+2tZde6{3Li`d@oM*4{lfjT`aFR*m*%5j~J`*oMUKAZR=dYf>dp};N)&)j7Y
zA$Cy+ZFOFxh2oCxZyMR5N>lZlKgq`o*vD^ZoB*x^0l*d+%SWD=0Gz82OwYs$Zsh5U
z3x=s-|C32RbPaU%(fH?;^7M7{Lneb1DOrGY0Ddaazn28!p`fA%)6!5-vC)BP>8aQ$
zKtKQp3IuUP1L(kzMx|jL2CD1uwP~h9dD4`K0kr%`(K(RuYKUnQPmb&0U)}MO*E&2A
zeEG1xY}miQbZRwIs~N$=xCy>DioL&*7Mn3cp-_YL2tp`u{KmYT`>>TE7O{>a$VoP*
zkT*_h^$;?iq3Ey8&|eJsMkPhr;uj0iPLKaqPuWHq-6
zSv+;GjbnV(c-#A)f)`}|<#f%-i@T(EF|F`Cw(2CE2>V(RW%iyH=v=Jeaxr_8EI@N!6?9F1^&jWf$72
zYUPy4=p;gFC-(E0g58hCQbL0_8MBIgbY{%0JnJFFV^i}bKmi^c6E;Xh7K*x8093>v
zoV7U?NO5Ph%0SCBu;ahk^NKFLKl`=;XZk1u&x5^UF0osPh<#-`QU4z*CdQq1T>f-4
zAykGX7pYhFP5!>3fw4lcSCc|lsT#nQTuF8
zN|nEw>($FnpWR7t{IP^Tl2^TMLmJofPCdKN2h>wSSkJMBHcp@|hA`ySXx~UJPwg{|
z0jeg)Z8zPH`n#C==QvIIggP|=`J4m~=nj_G1X>&KC*7yn9ABS!OG9#1n;K15XGG}|
zNxLXq@FvL!
z4IZk`9`yU0J;|UOl$?Ko1pE(382%?PddHcrJk{?ozM=Y_4;x{XLT);2`^_JI)syEm
zeTq7ZElwEIY5Vg?g*Rki0Qpso@hq}0N=V%(fEf7ly7On9X}#w+aMX_o3qFLyf<@JK
zwr0_%pX0iIk7uWRDRgZlt-2T*nc8o_e|J>_-ZY957JK_fw6P{*qHj^M;-)hAI{eBF
zQjSvSIBht$S>`Aki}Na*)fR69=#vR
zLImo^4*Z|+B5RV#w%tlm5-okc*#{PZ;9q@-4r=<^C5?9>a^@X8R%fW4f>^_bcF0}8
zoS5EuK!PQ3GW1}UeR%*Dcr3NvuWjX487bbGeTdRF+~K*NI_Vmu^VQj{cKd!HtGYzK
z47zPR=__WIQ=8m-W!^5M1C^DHlipWPw-S(5bYvmzJM81l)um{cg5?@&oQ7YSX=Lcz
zyj8xOHmcEFSd{5;mUKp0M)ExE>R(TEE-dF4&VDYrS}~`n`?e5
zQWihlEIuvML+BA3(26McR+V!bD*THWE@rZ$f7!|lkB*Ur=QG1c?PCGMb@M%GA(3$f
z+z|{VDM<&7l_L?*BPefuXGby=b_ek+g}A|wBbnoiAS7R!ffF5@Ca84jm-l~Dwy
zB<1tk*f8$&uoN&VA@@lE0;6)~BKFs#oZP&4V%sj#gXF`F_D5{7ZB1)U@UU
zNz3zk=@nY+hIJ6SamByzMGzUQsezt?DNU)M*!?OOL|!?=_Dj8(Ml
z14$v~aZA_T9@1Rx`d~dvmWwRYpKz1MfOGc+cGVLg4fb+esAa?n-%%aqkSyUZ$>v@5Q)
zGn=A=u3m#2#S|lebu?aiT+%K0ia|Qbw>49_nj*OdYyVnyAP11URrTY^*{3p;ZDFTj
z=wx>@vPoIxbocf2b%z$aU&XTaz|)bMb>NiJd?#3T)h|xoh}a@
zvJ?3XVJ+`Fbu)`#)6%A?&G<5B*h6*0I0dEW<9PE}G8?aGOXSt={g!sTaqnJS*b-2Q
z25x-^wv%&tqC|K)o@sc|D_tS5TPMp+xv%#d0|)s~HirJ$xg-NuQUa&K#Tz?j_H*4|
zEl1tsd|y>IZz0szuAuTC1!iEG*Ok;X>B_M^8trQ7By)l946fJ!9oeknGpa{L{MmwM
z;cUrJ41-sa1JvUEbgOicb_yOI))z$#jK-AtYf=q*e(-qw-79L_#i(k$;{Y@0z(50u
z^e$c}e3F6*pDe>yeIxE7}9yvf`;pPdWM$z$ieG8Ex6;X}w|Nb7C3pExYVur#XTeK1WQ
zmQbIm%h$vzR-MzWVz+JtS`(C-2CVm-JLC)SYeI-^@r$7Rj(#SQi}}z9ttqOsM?V(D
zlV39yavC`~nhx?bGfs{duIoIHG(hJ)Zi8&^4D;zgv#q?$hIVN~Z{bJ(s8~{vm2T7Y
kDK58jDM_m@{W4`V&cSo>@T=Npjm1F5D{276Uqc4`3p!M6MF0Q*
literal 0
HcmV?d00001
diff --git a/fai/config/package_config/ECNE_EXTRA.gpg b/fai/config/package_config/ECNE_EXTRA.gpg
new file mode 120000
index 0000000..ce7b110
--- /dev/null
+++ b/fai/config/package_config/ECNE_EXTRA.gpg
@@ -0,0 +1 @@
+UBUNTU_UP.gpg
\ No newline at end of file
diff --git a/fai/config/scripts/LAST/50-misc b/fai/config/scripts/LAST/50-misc
index e7b9e6d..c81dbe7 100755
--- a/fai/config/scripts/LAST/50-misc
+++ b/fai/config/scripts/LAST/50-misc
@@ -83,7 +83,7 @@ setrel() {
return
fi
- dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty aramo nabia etiona"
+ dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty ecne aramo nabia etiona"
for d in $dists; do
if grep -iq $d $target/etc/os-release; then
release=$d
diff --git a/mymk-basefile b/mymk-basefile
index 1f32665..03ef01e 100755
--- a/mymk-basefile
+++ b/mymk-basefile
@@ -41,6 +41,7 @@ Args I've used before:
-z STRETCH64
-z XENIAL64
+-z ECNE64
-z ARAMO64
-z NABIA64
-z ETIONA64
--
2.30.2
From dce9fd7e6023976f6e9622f035d5cab34479a68d Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Wed, 12 Jun 2024 16:27:46 -0400
Subject: [PATCH 11/14] t12 related changes
---
README | 4 ++
dnsmasq-end-lease | 57 ++++++++++++++++++
fai/config/basefiles/mk-basefile | 1 +
fai/config/class/FAIBASE.var | 2 +-
.../distro-install-common/ethusb-static | 9 ++-
.../etc/apt/preferences.d/aramo-noble/ARAMO | 3 +
.../etc/apt/preferences.d/noble-mint/NOBLE | 11 ++++
.../etc/apt/sources.list.d/noble.list/NOBLE | 1 +
fai/config/hooks/updatebase.UBUNTU | 33 +++++++---
fai/config/package_config/STANDARD | 4 +-
fai/config/package_config/UBUNTU_UP.gpg | Bin 18331 -> 2228 bytes
fai/config/scripts/IANK/11-iank | 22 ++++++-
wrt-setup | 4 +-
wrt-setup-local | 8 ++-
14 files changed, 141 insertions(+), 18 deletions(-)
create mode 100644 dnsmasq-end-lease
create mode 100644 fai/config/files/etc/apt/preferences.d/aramo-noble/ARAMO
create mode 100644 fai/config/files/etc/apt/preferences.d/noble-mint/NOBLE
diff --git a/README b/README
index 5e01bb4..84a733e 100644
--- a/README
+++ b/README
@@ -109,6 +109,10 @@ Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local.
After install, btrbk to setup data, and then distro-begin && distro end.
See notes in distro-begin for other configuration.
+# Per distro install/config
+
+./fai/config/package_config/CLASS.gpg
+
# Prerequesites:
diff --git a/dnsmasq-end-lease b/dnsmasq-end-lease
new file mode 100644
index 0000000..0787335
--- /dev/null
+++ b/dnsmasq-end-lease
@@ -0,0 +1,57 @@
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to change
+# to a recommended GPL license.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# usage: wrt-reip PATTERN
+# Removes pattern from dnsmasq leases file and restart dnsmasq.
+# PATTERN should generally be an ip or a mac.
+
+pattern=$1
+
+exit_code=0
+
+m() {
+ printf "%s\n" "$*";
+ "$@"
+}
+
+m /etc/init.d/dnsmasq stop
+
+tmp=/tmp/dhcp.leases.iank
+sed "/$pattern/d" /tmp/dhcp.leases >$tmp
+
+if (( $(wc -l /tmp/dhcp.leases | awk '{print $1}') - 1 == $(wc -l $tmp | awk '{print $1}') )); then
+ echo "info: found one less line after removing $pattern. installing new leases file"
+ cp /tmp/dhcp.leases /tmp/dhcp.leases.iank-backup
+ cat $tmp >/tmp/dhcp.leases
+ m rm -f $tmp
+else
+ exit_code=1
+ cat <&2; exit 1; fi
shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
@@ -213,9 +215,14 @@ fi
if ! type -p dig &>/dev/null; then
- apt-get install dig
+ apt-get -y install dig
+fi
+
+if ! type -p ethtool &>/dev/null; then
+ apt-get -y install ethtool
fi
+
get-cur
## end common setup / detection ##
diff --git a/fai/config/files/etc/apt/preferences.d/aramo-noble/ARAMO b/fai/config/files/etc/apt/preferences.d/aramo-noble/ARAMO
new file mode 100644
index 0000000..4e12926
--- /dev/null
+++ b/fai/config/files/etc/apt/preferences.d/aramo-noble/ARAMO
@@ -0,0 +1,3 @@
+Package: *
+Pin: release n=noble,o=Ubuntu
+Pin-Priority: -100
diff --git a/fai/config/files/etc/apt/preferences.d/noble-mint/NOBLE b/fai/config/files/etc/apt/preferences.d/noble-mint/NOBLE
new file mode 100644
index 0000000..a2644a7
--- /dev/null
+++ b/fai/config/files/etc/apt/preferences.d/noble-mint/NOBLE
@@ -0,0 +1,11 @@
+Package: firefox firefox-*
+Pin: release o=linuxmint
+Pin-Priority: 500
+
+Package: firefox firefox-*
+Pin: release o=ubuntu
+Pin-Priority: -20
+
+Package: *
+Pin: release o=linuxmint
+Pin-Priority: -20
diff --git a/fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE b/fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE
index cda7d9c..140df90 100644
--- a/fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE
+++ b/fai/config/files/etc/apt/sources.list.d/noble.list/NOBLE
@@ -12,3 +12,4 @@ deb http://archive.ubuntu.com/ubuntu/ noble-backports main universe
deb-src http://archive.ubuntu.com/ubuntu/ noble-security main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ noble-updates main universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ noble-backports main universe
+deb http://packages.linuxmint.com wilma upstream
diff --git a/fai/config/hooks/updatebase.UBUNTU b/fai/config/hooks/updatebase.UBUNTU
index 98f775f..55971e8 100755
--- a/fai/config/hooks/updatebase.UBUNTU
+++ b/fai/config/hooks/updatebase.UBUNTU
@@ -1,12 +1,5 @@
#! /bin/bash
-# mk-basefile doesn't use the -updates suite, then we unpack it, then we
-# install sources.list that has -updates and we install random
-# packages. It might avoid a problem if we a dist-upgrade first.
-
-$ROOTCMD apt-get update
-$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
-
# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
# changed. There is a /var/lib/dpkg/info/locales.config file, which
@@ -16,13 +9,35 @@ $ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
# hook applies the debconf setting. It must run after FAI's debconf task
# but before dpkg gets a chance to clobber debconf with an empty setting.
+# todo: debconf-get-selections did not show our locale settings.
+#
+# this could be related in the fai.log
+#
+#Calling task_debconf
+# Adding debconf data from /var/lib/fai/config/debconf/DEBIAN
+# Reconfiguring package keyboard-configuration
+# Your console font configuration will be updated the next time your system
+# boots. If you want to update it now, run 'setupcon' from a virtual console.
+# debconf: DbDriver "_ENV_stack": unable to save changes to: console-setup/ask_detect keyboard-configuration/model keyboard-configuration/model keyboard-configuration/modelcode keyboard-configuration/variant keyboard-configuration/variant keyboard-configuration/optionscode keyboard-configuration/store_defaults_in_debconf_db
+# todo fix the dropbear cat not found issue.
+#
+#
if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then
- $ROOTCMD debconf --owner=locales sh -c '
+ if $ROOTCMD debconf --owner=locales sh -c '
. /usr/share/debconf/confmodule
db_version 2.0
db_get locales/locales_to_be_generated &&
mkdir -p /var/lib/locales/supported.d &&
- echo "$RET" > /var/lib/locales/supported.d/local' &&
+ echo "$RET" > /var/lib/locales/supported.d/local'; then
$ROOTCMD dpkg-reconfigure locales
+ fi
fi
+
+
+# mk-basefile doesn't use the -updates suite, then we unpack it, then we
+# install sources.list that has -updates and we install random
+# packages. It might avoid a problem if we a dist-upgrade first.
+
+$ROOTCMD apt-get update
+$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
diff --git a/fai/config/package_config/STANDARD b/fai/config/package_config/STANDARD
index f55e664..091984c 100644
--- a/fai/config/package_config/STANDARD
+++ b/fai/config/package_config/STANDARD
@@ -16,7 +16,9 @@ locales
lsof
man-db
manpages
-mime-support
+# this split into mailcap and media-types in t12,
+# dunno that i need either of them at this stage
+#mime-support
ncurses-term
openssh-client
pciutils
diff --git a/fai/config/package_config/UBUNTU_UP.gpg b/fai/config/package_config/UBUNTU_UP.gpg
index 86214bddc4fb442695e7299beafd16c242db4289..ff1576ef6d8d135bf3cd4327da88ea6bed583702 100644
GIT binary patch
literal 2228
zcmV;l2ut^w0u2OLM2Fe|5CFE!sddX@r1!nn^^`BN5Zb^m1H1i_zFpJOHL(pFl_Jp?
z3QnRjxo6)d6j6~EUM2Sliv)ck{n3dZG-F>Xx0Iymw83XEOJ-9Yq0(mt&04ngO-!OM
zf!+sa6~3oY2abCn$*r9ZaKZHrI2w>yUXkkY6Z<>RVqZ0Gl2Gk4)WrFXI-|&bNffNG
zYQ%zv53Q3!6c
z>(GpR;a8}nAP_Cx*eLTMP(+U7qrn~LN#cUiOMTu-L+WruR%newV}J0DcuLzh;s%<`h_Ax-SoakninO(O`c}L~}v-
z^piL$M^tRqaj1*=xPzEYZtLZ<#$>50YJCR^g%>EKb481_ZMGRbXcWfwZzAAGHy~5FEB7`!pvc8bCVn=Y?j4FGchjT
zOd;r6##G}HjeP(S0RRECHcV-5b$B36X>N2NQe|*&b7^#Ma(N(AX=iR}Zf77%WqBYx
za&K>RKx}Dlb$D%QZgehVZ*4w_0yhK`0SW*i1p-$@huQ)g0|g5S2nPcN6$%Lm3k4Pe
z0|5X69svRufB*^!5T;>a2}K*b^3)^`|8Sz)d)se&2_^}D
zW+C%h9SarGmT`T95->lOME_j%=#kv{>Rf)_`$D0QprF>nb++s~>T{+UUjg?#v!m}-
z*a-rO{@jG^&9m_Hd{tN*Q8bHu*fYTuP_2k5W2!(3{ilDQ!@uCoTj8=oeX{1b3#g;j
zHgxfVulh~;TnB;DC^KeIB5lfYp|PUnmf4#Hq6&)S!&7Ak$$WADB=E4ERJ!u~EZ-9$
zS+k%@9xp0+S!=ZD5F3Oej>~&e69*UhK>>
zX4hb%03&SDY+O#@sX)^!TaT+fXPj1UJ@<)Wk>9zEU5))i@Z#{d5}Ft
zx`{Z)!1zhNX9UFzy_E!03dOrVC(yKpGqr4%Ke2tO7eKJo=o!IAZ{gih7qrwph&@qVIx$l4U
zt=A$bMhjKmH$)(>Gw}*+q=Dv5vx?j}<{3{FG@{hxXgYNswi8oyaHfd|XW`$E_Wvo)fqZ0w@*#o7bzy(38P#tAvp+ka6NCk!jEL`CQUEQgj$@Te3RHeV7a>I0MjPB`E%8X&X;Ee-i%@){
z&sPnlQhp4h_iWoJ9I`F!VH`YhmFB6*xS889B!J3(5n2?c*5p}JKF*;5sYXruN?9Y2
zV>?&4f#o$OZh!sN^t#x334H1TcX70wTYMU*;vppAf?M#CUAn+nB~V%e)=--^@M|Iq
zSIxPkIS(1$HmYq-n|t%kp_Op#V4~ti?D<-GFo$SviY
zhEk3dIYdnBOI&RO*-MJHwXSp64;SR-Ao4Y8qMp$;dm6T>AhB(S+@BVHh+reUMQf@(
zVoClAc}-pfJew7^pi%}X$t9tC;+HP;EXyAXbb(^Q`=oq+;D0g?SAJF&^x7B<1436X
zlKsG2O4#gWnBhgwWY;>q$f9MhaCeEf)@}Dc%B=8>hTe_9lhMi-E0U55h>;K~)}nmI
zduLt}|E1Py(gkf8F(=38!JvCsvL7KMSFuFjD9eYx3lIuL-R&0)C|yb*;gz0Xr59Kf
Cu_g8Z
literal 18331
zcma&OV|b-a(}ufZ+qP}nb|%Thb~53_wr$(CZQJ(5nn^Oro;=_8?04RMZ2hfutn2Q(
z`t0heUezlN7!FjS%I`Z6B48)9OPW<_Vb>dEKqT&=rC4GlqgK<~ZjN&|Ts#;o75?O4
z9z625u(Lef2Hu0p&XSs03B%$$xd;eq(?7y%57{xvp3dNz%o~bexu^&?XI~
z01yFBZv>f5M3U2X&aH7pB+9RHoj})oEz-)0J2y^=o%#9@Ft{C>mOJ$$xyrb&tJGBH
z$agTPSH*AED^&$iBIdxq6AC#PnOnG+5DGav+1VI4Sr`$jSeV&b*qRZ_
zn79#AGBYwUQxWo-I@#M8I69d)2s;1sHF_gE8~!k0PEZseU;r@~@F!ZpI3VCKP>>KH
zz~E?*z);XIpy8A0vG4giX#_?FrZ+Hw|%25fc
zc`urLVKVq>+`2A2vyjn=*M+NF#(wF!hmUJ`kUmZ{cRu37f_4B9cuem+v%VsulNfSx
z=ko2}d5YDmtux@06+vQryU)n>
zVEIm6LA+=|44Em{Lb{-W+`Rq`U>38LhIz~=nW1x_ipc=srr)A*q;}IY5Q8l3GeHWoGK88|wdMBtgHCM?m_`PZSH^5B@~bx{P*FAjJOXebil3sN;dVoAMO
z-ea1Te=UGm>?<)Hp%MD!$;oz6H*pxcmdTe&n8E93V+|M8Lx;plXnUIfnn)V^nRFGR
z(s=qUc*Hy`lX&|)(-tm5Bv~Mo7#VZA7}loBoNT8otL^n70yh1p(8{#e3-SXW&++lr
zTYB}_9^WNf^;e|fTtgaV`GKFD*zRBMh=-B9)WU#qK@tC;1OAClnBgZLFt33=0u&5i
z%`6cCh3|>mbGV`QB?1X;+2dSfbrz?B`+bIegvStp(>3z*%H*L~o6)74<
zzd(Z~fu(#$Ktb#yuz&bftqW9Ar;Hpt_FKNe@s~(^5!(|+!*HKK4VN7eOHm_sa$?}u
zDD|JMxImd-zwO%d_E7I99%fEZE#YLE)gSJJG!3p+>}QA~^%vc?7v39*2I-_cz6kY$
z!4<)8_&+uUo^(Ux3A?duT1Uj4=a*a4+jXGmgykvGI6B?4vwh3pQw3-9XltRl>a4~6
znRt=o3qs5|u#=AY5n=eV1vvgkKnEKyk{PVE-E67O5`pO=iL}BVlVsffa_m4y*n&UT
zdw2H6ths3mc-vgVY<4Ph`WLd=$aztncI5m08}OuJ4upMYbC{_Qxyx_PKg}*Ms>Iwv
zaFbVnmV97$r6k`dh`Qxne(rU~6d}9oM>D9zhc~a5|9n$!N3>{C?Ynl8OW(-de>j87
z;yZfqL?*rWUerMxD`8IcK)2IEFb=54@mauZ53xCF1Ana`>o=Xcw2|BsB&-bmiHs%s
z3`6cRfV+0^B_VejTE(+|Bt-z9Z{Fc$!zoqx`xmJWZd@BWsAaU+z(h=tP
zFBX)nQ)wBBR3KVS$93}xi44S9>Sg8Q3v#o(0ITop9M>E>)TE5^F$XGKoARndNt`lT
z6??1RyD!}p(Y1RMZ&eUy@|?hB^92w%UrM_Rxs#LQMh={m2r>v_k{J;Rud}P%d!9p{
zyn3M}`Jr_{Zj1+2>7TvAY%$U*uF-YiR{9?g-X4w1u%9PqVfBl&CH)lV5s6%l!*AX1
zsYDQXxdSlDR6#=Rwu)He4fi!tGtdm`66Iy+6JrMG23?=#d(fFs4gz1s@F2d&lsbA~
zI_xJgt<<3oYTr$AED}%}ri9js>pDz0w#w3~U*>tMIya{yR=-zDK{{%$%^;XpL*x)x
zVhB;>wd1m+LF=U&2~5hON}Fz*fi2%#eRIo;%X#2px`A}B6ryZQIPG|oTsb2-dF(P0
zF*#IKfE&6ei>TK0v`Uo5ptYT(FjZCAMdf+;v$kHC0
zIj5siKey%A=)wA{Fr)jwqDOejCmt&Uw@ek(agUX;h=BBWpl6w{=|Io%+;_{82HFf|
z*=&6ZRB<1~x(B8TzRed9MjP@Z!g}0c#3nv{#O)P~lYIE#%>sf8(+s&l_7!_P{zYwt
zhKlW177jdlYvhECbQ7tV9`Y0jbsYWgZb={sRs2_%;ATDyA7e2sBJiMA1^7~X$uCoL
z$Z5WORNi4lg=L|oBd?}VAhD!XBr~X+Mnszo+;HYOp`{?2iZiI9)Ei>uO13sDg9u{Z
z`LL4VUs?6j#`r7-iVktwU=rnlx}+Lpo+X84JqWrZToM0{3m9vn_Br^n|!+=k`A$eF`cnf3?-#gWS>7
z^rNV3&H$ddvrBrSAG_$Y^7>IFjU=mLW;!a)!G*FRloIXfp~3!=>S^x~i-k()zb>PP
z0O9>xj$Eataf2Pgjy{^0RU#8+1Jc~_L|BDvj}WDabPHwMuS~!>itvaTL4nk(J0H&SaV;l9|Q&5Oxweplce>JSCT9^x#d7
zEXm>RQB5fiw9kBtG-;gh9NT^;V$fP;Io|&jJ(^$KKk@jYd9MgmE^UlKfbgL)i@C
zga;gUu=EM1Q-)@a%dok!5go2)vJLy2>9fV*eEobb%GIO+J4glhZxgrH8z9TpSIaEm
zl8}cOh=#L$;A7C4u9uE{J{WMJIpt-iJo1@XGPxMCZE*)@Ac3)*zTtrs@Jz)nwYICr
zSF&t!cGhLz*1M%@qi_8}z}`>gNfozkI=00i`oioY9Bzf`n#qu_lmSoVTG$8Aky+IMnjs>Bs*0PI
zOnP>KZx^#dg`mH5EMv2g$xoND-*gM0+Bb2^ZZs;X7}Z
zR7stU)B-<++22^|ewqg^=;{{{LjE^(O`9*V%BQn8
zI(`Ay*nHoothT@pC-(~Ivu??%NOfPm7vHBui1i<3WFcor$g3KU)52bL?)6%1MB&Av
z5eWMHr6<8s;#EB6{>BO
zBFd%PAX8c2kJ?p_UYk}NMGqi@kL&@(4VNx<-#yfZmVRqH+2g7wByTyDl
zJHupQV1Id;i;iAvf@3qBy?K47m@{b)2Lp9$YCS(AGug}XfO7bN{_bh3|0Sj#^$;%h
zn2=QBHQmVv#N$0)gE3{vGLfG4CXX>I{x%AgDmS$sJox789E4RPZtzZTkO>s|HpPN)
zq^SVNpmT|!7@_#`?ANI>+jh~9->o}RyT12ALtR`$INBh{%9^mDg|Sh}{WFZ0Ac
za7Rn$f3^$*`bDgTCcMwBW>`ab(7n#KcGO4Mjt8T{V*NV^f+Pg6nrB@zt
z^bn`m^y615<_TX2`Sm)U6gx`}p9mT1>X_@mE2o&9|2IR2P*9;uze4&h0=`fWa1wOm
zkDmIMnWlVGvi!5-JF_GILP)ePLc`y?6g|*(y!?F)8bcvk*pv&>l({RT!KEE8D4txWZ6`H!EzLfGwzc+lZyIuSN*
zQ9e3Nh(hX~1o}6Rpol9HPwOvflFUK1d_ZW3S%(2-{_CDE+*Grl?#aDFxfQ?AAZX`<
z1w`7HPVS~GdljkbcB)NMJ+D!CDVvDJ%PUH&zEP6QzGcyE1St3!AW#uQ(zKQ@*^gla
zew1#=xASZzjfHu&0CbwHg6Kiy77#i4lH+sg#OA)|D>bS9qJ;ixF>O4UvaOuyW}str
zH_pJ>B|}6THmB*_u*x?ew2<$+HlB8d@1G8;+9)N$@I0<;y=(x_ah(=C?WX+$S0V9r_EQ-YFi2(8rsj=E(#q)6N3c02gjP`JZ4
zRAx?TOfT@0x#1^<_IE?#mwn@GnuyMw?F)uki*y3Riw4o#VPzRmSOS4f;4k~!9^o`J
zqrwm-ok8t~{(}~6zxLKPp9%XpCGU8-wWBIrzxB<(lx{=n3O%8Ir3_NG0imq)-n8#~
zhbkA-ip~CB^lOVcnAQ}8vRZ9|kF*&PY1qlB&RMxzlJ&M^JS`PpG3oE
zFasK{Wb`^T?ZNeB2T|i*7MQhr8QMGY9dGkTCajS%u)dv?e50S3E!+#_9p5kY*L0M}
zyJ8O&InjC1*pEwcBgR{-QJ9rG;F{hFsT
zS|*uGWryW3XicWz5{P>$6`o+74mH|+bqXR6R@qi<*6n`hKp8ass91c;{tkat#Ss}R
zhiaCVN=vN~;HEu^7B~Og&=EAuDKyoZOlrHg7vq;X)y~K3SPk~oUxkHMt3ULodo%*8
z%-zhIQ_fuxJ`6@{lwA?BlaCZAnj~_BV;L5G!crO5li*Ab-frv2zRR~`Yw<`U%2Z9gkb9MsAW(Z+y}B$b+1?g3
z{Nfci6RIfBzntfHG`%y2tgd*kvKlSK(Jlk#6|cU!ov-p^KG8O-U5zJJ?6k#A0Clz=tJ_VcK4HwZC}aWT0h?G`--ZyDJynsPRHI@P>v=%Y2o
zU#^0tCQ#>XMv{XX&wXRqc&Y=ogBr8t7LPD#*5#a735K1^(k2u#hD_qbhJ<>P9p?!{
ztoS+TT3QOv$&E|B3Y?v|!^jMz|@C?-QeqlsnQF*ei#
zWf!aVEZc*Uy$jLcY5!nOz#eNV&I1T8dvsZnm;;d|yk{o>Q
z=b4?X1kyiksVbIcTyx5=_@L#;YiO&1Pi09NGBfbzJUyP+h1*z++u6
ziQo9mM{$bUDb0E#OUYsJCS(4r5Qkh(H8Ayd_vMQAw-ka)#v`PY`
zv}!x4D|LpY+T3-qP2=}7qAbk;iQ<8cu1I&xDxrv9eKW6z2k`@HrzBR3+pQ%jH}a@B
zjC3?{$6RdKB5IEs7f);3!g5>KS^r9_zz_C_MS*-|P53a(xOP1jm)&@B7E$(rX
zy$U#iG*6>va&R~!Vj@OGU;bp_Z}k&oT@n2!Uto)bqT#hS-24<&Ocl7~HpFxaq5^WX
z6>HmQz4AoKjHIxJ+hL<*+s(d`&ivG?AX=e3cZ&-{L5+h(RVB|Hxr3h{W+L_MKm0zZ
zy4`t(tis!$qU$|XCQ?MppN9gODaSd?8uq&|Zn_A0D|U=n`bNokUGxE^;W{#KWxXMzn(@3*C(3X?M^M6eKzCp+MPG61jy
z+aW)4d9}}dnn9)$t0LMc>PAcf#t%wOVHaF2906%|TF|%~k3(;U9Pg;k#IE_J&
z#!C32eH`#u7sTn}974`ucc)77@m;N9)9sTX`+Qde5zoCjIMVhT~Mg=
zL@t4HSY-l;rM^7bBb&UI`B(>@6boS@`kHMF4H;XlA;7rdnH6y-OwVAOjZf_B%1|Od
z!qOY#jIxvbG-#g+({LGwNMcQLru^dAY*_?=+4$pQU+lXU%$DZ*#eY}MP1zyDGXs~#
z^re`~&_4yb(&pSM!l*xz8V-~D5l?8JwRMVmK5>~U(-s>@5QXP_{Yy2L05ag0zYk(u
z5B&&t9F=Jwgv8|$4=t8Rqp5!)vD({{twE3dyZlNtqj8;KS7BsK1ubk+5d2TP(^>t{
z_i1J5Y(t{=J^g)jNt086Tz9B5C?XQ%KcNP#uQ|R2c~j?5eo{RDHPa-4K(zX*LDyT-q?8?UxfUzeU4`-;Lf@%I|p
zAay+5HG%g6xjfH2@Ls>YP|)xA^SWEIqo2?H*D|M$@XmoO0iP;5SOYR~5#jVk19D;|
zZt#-5YFmnp@kT>(nWqWoF7bIxwlX{do~d#RP5R
z6|j31Rm*{<*gOekCN6*ht}j4o0*rr7FUk-ZWuF5*|J2jspwT-`po~fH>S02NM;Glg
z#X{bf<`o~7<<($`&8l&xp2>DP50^2X0hR-za7u5O39&n0uYbOCUqRKu%r}vd^W?fm
zxhTQeoL(29L5&nc-UFQB=J2M@^pTp&j%8Si#GgbNv_5Ct06>)6CN9abWeoj+$(S65
z2oe9~m>43f@cyUvjZ|eI6y$b=W6QDgRS#)YGsOaaugF0Bf)%U0$T*r4sB50ESwB3A
z@K2s=qh&wxedE$G&s%(EDP;o-7f}EPekk(#2O+ABGAYmxlF>MO3>zlJ!Pykxp^s)`
z)s#zsSU>tY$ph7;-Vu(zi!#6{EHA^sK^3$?zQzXBy^2b5#}yIqyeyGs@r7#Ww}(5JOCwf2ce>LJF?_bK;s$!&xWg*upl
zCS%(uLj5dP1GzAof~O9LX!jZjhIhLcpCe?^C{lU_sdIwVb=4r1%O|fPf;p)V2#@h1
z)Slvj8V#K4>l17zw+V@fgdflgV3tj&)fcox(%Y{pNL|{3S=$fVRo=JpA{a#B%mn!{
zBEq7&o1dax?-C^2^c9biF(eOwgn
zEIg&~5D#$$i^v#nief!mAFqTNb{3=tb#{y+zV=})#Z1o+Sw$S$1bHX8lOk4N*+Q=2
zF4i0@lI)#Rc#I>dq0#ZBs%5eIR(iB=0`9F`c4LckYW6hb>D5UmUz!-On!GL;2>LTb
zY*m|#494{BoSVoB?-04U12)Bs)ttu6d-R)ls>O@=mJ$?C*<
z$}sI(4`o`~k5e=
zY;6!wB96Ft?2dKwC#dY6S$|UVucaph;hlE-IJ<_2n(-9bdxs|Y50=)n0fECwfORsvsv(;)W7m5cn4^C>8L8EB^QoF!ahOX8d|h54SlAaOTB7Y{C>rT$eLXyA-Qf`E)ZajZ
zCrUm;6N`G1;<B9dGDQ`2BS_%mOA5}WgY%5ps%z<+
zmK}?K5A&%%FPI?wP9wCnUta$=H74`en25S5uZ<^;PMogvyT2zZhW=2q2d(f)&A%2A
zDTH?_@!crGtZQv+rdQX?JX5Va^_Br4FShk5!+ZFYSVd{H{k7UD{E1110@%>3r^*&1
zkI@IbP%J+=*B3AUqBQPzQfPt#+Jj6PQnk@2DslgfJCIz_-olJ}=vkHWy}Q)tpIchm
z2if6_Y?L9zXIO;ho8aXeP0eL)va=BAm-yLtaAY;bf;XsYrVMWQ%Fe{i1S5sZAuH*v
zwo8^cclPKlip&Pz*-wWBe7kyK6{it}AZ8wrOMV~fTJpwCp(0DVF>~zAqE@r8gd`7Z
zuD64WMoN_4)x?}Dr%9mppIu;Q*rPr~B#P;?$U_OGCPs30_)DiE5EJ23d2dch1NP$7
zaSk4{^J2MJt`or8o5{J4%_k(1K(3mtuD4Mtar&hWpPYecz-a00fJsU!=)7Z7Q$l$Z
z%5SZ96}UphcT4PTl8MZl->jN7Ln!RZK(e_z43g3r@jWTJecRya1h_Xl>A{DVEBX!7
z9(`AoEDADbO^F`vw$7}@tw1Q%-YtRpkGYIv>U+<
zqU1d{!Q3BsAb9}~%<-)`j$a`a29O_hu0<-9|0|0$?5lN-RtI|oaosaSL^y5L-_)FQ
zL^!7dZq;Pjdw)&-HUPgrz0dnY%}ty4CpG_Cemne$HBrz;_z*A(GV~#)Ws4cOu~&x*
zvBbk*;!Op3O2bBy2oE0ZJ4i*8C2d*$8?gM7KSCBA63O)p6oh_kVDMJ12-fyzgPH9S
zDtnu2B4J>1sH?j=PLV*pW!;XY!)PiFV<5fr*bC=Y=gHcO$x@YXSZd&@O5=LMqXUG3
zQYd{csGcRaO35eRgDG6jQi|LIYPI(qzr7I_?s>l8FX|c(+!uFPvZN3A3t+>Gn0HyX
zj-RXTO`kSxeOG(Jfo2*P87MW_j4~g|S*+P(7sU=re02#z{Mil-nalOn;6v@&OOcyE
zNS#}3-0m{GMP@I_v_{MVJ!3(t%#~Wx>WgMNK0zOPZssNe&!?J<-m8
z;cInj`2a(u(9kOT0C6*+D)e#!{S4^clEDq`V!f3*M~49Y<`VI#3S$HX0dqfQ6~8zf
zc%nTUW9jBIK}#!US}2B+H6z{ppa!QkHqYPGEPi<6>Bs4D3id2T(3}=j!4p+wfdPN*
z4I%!d=3k3BHNuB12L+T{(*@-Q+`3a=&^7{epd)xNOqlo=;u-b$Ns=~DxkvCVJWqS&
z6VC_{{T4mA`m!-edGs^ZN|s)kx{i4&GcB*_+pqUAsRT1tVT5AmMZlJPm#R>@=Na-v
zi)hpfElI{nYr%e=1nl0cMKrvIySc^iO3w21pgBl^S)O)B&J<5HkvC
z{shFnabr<+$Q>qaKN#oT_v6%X?_p)%s7_XK@i0;+UVT?iKx33!=IH*ekY7x<6l&`Q
z(S75maLj?Gh0P%OoV!2Yp0Lz_u2Bp5^8we@$V(3)kVff84eFrc1Cb|re|9~+FG5pM
z8K|#8s!Fo%$f}`cAIm}fG9ee~yO1Tz8jkc%iCytLxp7|aao(Nn?byQ7SYr4MBOcbf
z!W=TGBwzc7Y61pe8PxU$mSQ#xYlxBpHK;a-y5;vvTGCeL>&NPK?l}16mbSI{4Yufj
zFHj;?Jt}!n@^l=TQWhLywtKLenTo=8o5Otj5-Bgep92ecX>Dd
zKtjJx7*NCic?|V>scEA@ibso2#5(jI8L?%^$XEadti60-^hwRX7P(TG4=n{9JOqoR
zf@sf(pat?NRkCAo_if(1V*kiOFraC)+S~rVr8i3&PY;1}#~SQQ7H@sM#Za2Kr?UnK60O^f=Npuw=`-%hIQrz4Uorlf!~
zxAk36&c^C&9Gs(^9-~6M2GKY*0lgQsv&Pir#3uDeV^bt?AG%Yc}xuX;$hv($g=0a
z5$zI1UzRR%DgE~WSZu-A;>f}t#~u9f^#YuQmIs-AF=TysLhNA(1ipNGmr%DrPqVs_
z0P!JYHyQbA%XDd%3aT`qd{80L904RyKnMMVcx~=0)6kmVwrB2kCv}CdXsyY4Yw!BA
zLBH-Rwa5&2*R;W*AHnOX@_2fCzaH#H0z1vL4+K8kl~Yoy<%v;1OaRkED*s;I$>XoM
z*f7pzy0C3@LqelosF;MG>Ug1&Q
z7sRaEtdU|)=`W(tC=VIbwBX24)oFC~>xG8INTxo`*GaHLkpMio#EXJ>(T|{^K`CUM
zv1UpdIiN>u5=S8DNb7J>o;Y612tg@DTo7sX`tS{xmiP_nDf^{^`B5i;I!O(dHJQe9
zut8UB$v8V0KqmV>)UjhuV0HQ$dH#R(J^tS}JcjCmq96eS@WFsT=lMVVjv#2jARy?#
zfAu;Frr6eqc!4#MP62XM`Vb|bpTFQ&FptC^YBk)BUWQx)aHJHmvu
zQ}1qxV|_8TJ1gVqYIYWA&bYi5%d
zLe)aS=|-IodXkyfS0C(8d*BqU6#aSOOc!SuS75X|f&1jQP%IDxGbu^wewh-GTEEZ-
zZSJ>7^T<^sFUrl}E?uM1a?Y){%qs||%X
z%;%_@yCDCJ56%a8OcngycsIH}0?@0;nKPPU|GdqTg=C0rp@_z9lpW*L+2D2mO&`^u
z-7?_PDZ;T;>QRGWhAvg=SkJB8$VTY$7XE(mQ^dHBC=V_%splc?GW7j~-lHNu&>yN_-Y8T?7dX>bXt$?HfyNHHKcRw_SY
zCG~uc=RnhPGx~vnlS7{wkmDl$Ox8hotPwePB9)JpGmg81>Gzk;tIXb~&f%q{?<*(7
z#&#MH%hD(qKsIp?jK0b$cd&OtT}#1K@tI7$
z3;>W#n`=yWf0vqcWE)#BJzVpYuVaezx6TaXr%oJ5lUvAPu$}-sAPc*FhP5^Jw)xAE
zBI6^3Mxgz*C=(zzapZ1%TFW+O?<_S_J}a3R+lvtKzjTB@bzrz4^(RV9vCtC$nNX;d
zAoYTdMCbm9hcdwP>!7g_*??>c&U+tUUL17;86S<`VLWu;KwEkLrKA6;LtmL3Tcmgr
zm`@DIU7sdx8gWV^JnSq9O~O*=+$@Iw0myN_SVqO`qic(xB=}Ze_b@-4!+g(x6sj+Vqh^bz9xz!bqSEoF-lgx8zRu+rAMf{pUqYv
zmSqk7mrgDa)u)c8U)y|$%*7}*G$6-^%5MhL8oUi3U1C_ho%x*jq-*sLRr2CNj0Jb2
zhcI>=hbYCG3;R}{f9W*h;eG0Oi7)eB9yFQo0{}UeoH&)mV&7s`Y7;ZW_)_kvMI8zO
z*({GqB?!$m{EK*s;5xw;TJ8lI;D71-V(R(S;pf@C`~X4oz0w2Z4m!(XW9wGBjw`Qj
z>;3#o8-0t7
z_v(m=)sus%1>^=MNfop8AHjouH@lm*g(akTV$%BSKvsfvIO$X9-@a|sN<=_yT?*W>
zkDzC&m%&VRsyCpv>i{bw>7n`-p-+^L?+eL(x;s)6iG}j(pbJ_>k&@ooRuazKHyY
z;CsrjA4m;6du0=e2=>@+ZSvEZ%yi_&>&qxr%oZ0=%Pr%@GW=PDr7%T6T+d%
zxB(0J2<(Ka->|y1eW=&!0pJeZ@<<)3BsRlbn<ohn?dhZO~E
z9*acqpmVfF14!sOSAGbdqF&`gmsGdsYRy;V&osMd!YpVBh2VYPI>|O9ZbO;*vRik-
zdiWuPFENwu7;=*Qy!}>M!tV;wjW$zQ-FSo|Ob2UWkI6pt0FwPRa{1ZYHllsMH}+Ui
zLYqKxO7vT|)mXy&laPDC<~-IQdp%Q&UAs8?B1;SG3gr?oXEbEb))Ue0Z=P-YMnDk=!$O~6^$&*v4p0hPaIbfsd5uJmRC+iZGUbV{Yi}^5Fr7h
zWL*R@7qUthsm+46q^nftrdV-Gg?BQz@QLf;TI;0BnLD=@+1Px)?)ZX#ZcVjo;=EMvOvKuN#>HTyYa_r)F@A_{X~XU
z=l;``5Q&w6;^6>O$WX5%vmz+PAkhw*;^72^a$#q3Y4bf=$pHpvLsCBFC^_B_ob71uhH3+8L{yp&oyVkU1Iv2sk95
z{~p%2e$|()Z!G7?@hre!2>pP>{ZH@Hajfyk2jgY+FD!ZWdJH}#8~yWdLIlFgfZU&0
z`s;-lpqp%u11hUB%Gh)eEfgpNaCMmhCFTtc70;n>ZR>Hfuny`8Y7HjM&Dq7$NT~9l
z!>{G~
zNZEOAuj9o%IZA*70_tJ&xYK%ZK^9rWN_b2jT
z{)vQtBF`rkz&Nm<0ps7?cvAzA0T!iDXY<3u@8S*%t|uKk-$}HU1(54s$XxJ)O##*&
zHh<{VedyTr5yR=9>S|H>`=9D6FRSYqw(c9pZ{H7#X0^HRY8y3umRXa0zB*-t;3u9q
zar=CcRugCE9hq8T+}gdBHqn4UwjI1+BfbuQ-bsweoDPwm*}
zO^T-?9*=a9>~kf{6X0lVr5v>kqB0a}qRDO^HF$y!n_X10&t+g$BpjR^fZUw-uivL)
zlp102KY-=Tp0k1i(LO){i6uHM+sg__rv&-Z7y!tm1*ta
z$0@shBM#JgN|NA-by$wJ2WCjlVt5MqnAMj`P7>ZIDC~3hP)Va72Kg}Tt$4%uHB=p<
z=ZVR<+nAQQ*h(AT)T;mtkggGx>
z|7SN9TFlM+1o7Y9{d)S(Zt8H;XddqJQel$w68nN*+Cex#3CL!JRNU})G#vk?xoPZ@
zo8UF-KydV*EI~AWE$UOpe`P7Wwp5>H6BUpSLMq$onynkBU`|m?bEMWdL7y!H$T2v`
z?#oHDVee9-`&PYKEc|iL7x0%(B17G$4mSa0w80*dN{j!WZ2m(D47VVil3|MU!IB=w
z`n=Og>Cbo!+>w8u>)o`X*@|rJEgQL8k1_m5=TG+hPuB8p_ME8=$N;V9ySyM!k=@B=
zNi#9v`o6K4jtj_Ll?VQIXjWq%zFCQPYH#{=Gs@*NYx&>mLM#`^?Q=Z;W_87pfLy=m
zpJHG~u8+Y}8Ri9TX<4rX(hz`bhC+xs!DN1Y`*SQKWBiFxE^7sJVis5;ddUQto;p_<$tmk
zQD5b>|IJ#|j;e8@&p?roivYRd#X1*4=DtUQvSdlO4-KOHE|>g(-0EgOQbh`F1vu(9
zeIrhiwX-t&zY-u(zkbvIl}bAXZB)b5Afzn)GyBjcYPq++vsBA^C{*-Vhg$}_hXGl*
zH&ab~x>C^%o*CFl5hWCZb%3q^jOtG=b^3qFr8c$!+03QcohFo`H#K*6z>SU8D0bUx
zae!>b>Te8%ihjQ1^0j;$B1NLLo)_k!n|}`Z{->O?GsgdP)ZCgfDAZZr(jpuKM=_d=ooj7e37{9IVA_y{
zVnZyP6YR^JPuCW_Td=!X7OTo^<_y2Y^)n-+iBA>_^opHlMuwAO8?no|?!^)7G?@R1
zNyVk2A}3=?_8!!JB~~^-j&7?4x2yGP9HlALpwG_k>3IzW>3FC_(;Iw>deo$yj*6s$P^uj76qgL@Pgw`AFjCTNDM?9crdXvg
z97{Y}+n?FS-8*EOhv53A*(6kFg2$fl1#z;fZ|1|Bmo}(Qas9eDl9?wO(^0Hbc{R$F
zIkSNW&8fPuwy44&dJpAAB2WP)p7!bdLs~3jw{ePhTJhPc43-Qz`n8#?3f=*CGBhQ<
zbr#&h=)GdST)ppskZb+@IN#>h*)$sjyr}fy+=J*>{ItGR16rV^)%b8VwqEPf4{wD9=DUzbLTOct_3+rOSBir1`GE7@+=vDmdl{b>NJH=vt^sN(6&+S
z8gVcw=IH3!vv3Rn$I}Bu5%_RY2=f
z`k3c2^Eh(87b5s&r9t`+%1ih4$Dm~=-SFa+77()fqK3KK1FAeMg(m6m-&07aNEVLX
zUz4hMwdjRJjW`C-5Y;9>)J!9HIy1M1Q+y1p(s2>iJP2nsf6z53FJbx>FAqM6;gHVXiOJ
z^c?itoQ~e}z5&WivwBNsjC>OGBJ|*do839cYvfIAPjUbGbZFKCLhOjMT-FXxW^;t_
z^2i`_&KVwjA36vRIK1aE-)syQ
zsR)Cga6!-AngE9O)^&acAwejO3$sN+>kk6X6DN@$N6HN~x6D7(z@qxsJgFW!tsoEz
z7xBW(E@!lqfTSGkDIMM6n$^A7>}E+RVp0ed!#sWrfS~ml@V*JGy}_RDCEV&72n<09
zCG(%tH~$FoXNt*{#5R)ZeJ2lIhy2s7_h0U5{O1bGzl*Dj2jVxb>LggK?Cg()iHvBr
zV@Tit>dl)~SX`%jiDhz7C{}T(M<8@jahbI74t-lT%tgqxP#0hI20M(K%WAYt%0-@f
zdnp$+jz1S|CS}4EU`$iLA`I7Qy_*zIICa_;mb-H|P!8|u&UMo#rr>a9@!@XDNuir@
zNdjWzWxJ+Zc|!ERI+hkUzii3a
zHh(Wg)aNwg7Y$jDb;ATrI)`R}b~tI!+$+vjSOr;Sd-Zz4Z1r@5$_<|Bntv6Hp_#j2
z1k5kKd<;8H8bd`Vpss@qPU4rTC(c|}v=OdAb#(N=ec=)O?lb(O8)a_z~cLD1+
zIZv6vY5Vtn59=n`C=6TgBSi#QX6&YP0Ux$f
z9lRo5|GO(%Cm8S{)WeE?fkO|WwI7%E%~zok-qs*1+Z~atDLR5n?6kEvU5x24$__g;
zoG*3;&M_*IkZAqF(^Q^c9Xw=;?%%KyGc>4B#5J_hG7KY}y=o}}1jD+2>@P{#i&_D9
zTyEDou#OZV2~7~&Xp`3(cJm&o!&Cq(Z5h45
zTxq7Bmh2Q*s#oA%@B&bOArl{$E5AMMSu6aQ{GKW4WP@21x92tNnw)fM#}k|}U|EkP
zts{R?_xpRdJ2i2MC}wM=CSZb$mzKE{(Mj;z8x+>EfT_xoK=7als%7PMay7_kV)k)D
zTD(Cm*!1W#|KH6M``LEo4rG+u4`?DxPQ@AWBQcuu00{jh9zNlb;+wQTRqEHAzV$!<
zg>n66?a)Fn@r`V?bqcn(oWvS8`~E8{j^^OVnd6xvYGDvoRvWdmy#&mOeWh^^)Ja4u
z+4JZ&b0mS@#(he>SdF-%9G8jwokst_I{=l
zaMpNgui3LjEf+=KMMhtpk)P~XxcfqA`3K+WUY~bMm9Obo&Yp7prow{vjFv|$4dR~I
z-+Xdd*!zoI;PP$WGkdZOcxM{QP7yjf)$i;zC)cp)e-l~tCe6CRqIr0V=UP6E^w0A<
zzkX6T{`Rid{2-}kVOZcl3xf-E76vG3A-XTv&%$VzRJb@(`lO9cG4Qa1ZACT3|EJDc
zpgfIf`_Ja3?75Gd8qYbi{4B`I?sj=)=X6&
zSu)?4M5VSe|5!iIJqLOQk
z;&InWPa~cbpYKoFj$IY4Nm;h(&XS&GHB+yC;F{ll=IfqC`X&sE
zK5WsQ?_+RUn^FJA6YfKI8o4|*l64}##)k)TDewBf<5`NA!(
zW_vmF;3ruY-u&D7-N`)x+NXBJXbBeZyZxH|Iry4r^mf5HW|2~{dI#QEpTGRXL9kLI
zXmNzij~Y!o?e#OZWM%A0nl~XK`a|Cl=B1i@erPd&kyZ9CRS^DS?l;l#v}vtdgM)YR
z3&Ty%Ed^WUG$qy2e_nL)-+Y(Jkn3~LZq{oS+n<{D9_iR4@kKnLTA#)Hz2Hi(NnG9E
zmoOH+xgK|WPv9-CpHmX$target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf <<'EOF'
+[device*]
+managed=1
+EOF
# in a default desktop install, it looks like netplan creates this file under
# run/NetworkManager/conf.d in early boot.
diff --git a/wrt-setup b/wrt-setup
index 975a1dd..1a85864 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -73,13 +73,13 @@ fi
echo "$0: h=$h"
# todo: ecdsa key not working with dropbear
cat ~/.ssh/{h,hrsa,home}.pub | ssh $h dd of=/etc/dropbear/authorized_keys
-scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/cedit/cedit $h:/usr/bin
+scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/fai/dnsmasq-end-lease /a/bin/cedit/cedit $h:/usr/bin
# relay is built for openwrt 18.06.2, r7676-cddd7b4c77
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/{ptr,dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
diff --git a/wrt-setup-local b/wrt-setup-local
index ac33e3a..d18d798 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -15,6 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+# shellcheck disable=SC1091 # somewhat dynamic
set -e; . /usr/local/lib/bash-bear; set +e
@@ -234,7 +235,7 @@ elif $secrets; then
ssid=${rssid[$h]}
fi
-: ${ssid:=librecmc}
+: "${ssid:=librecmc}"
if $secrets; then
@@ -617,6 +618,7 @@ EOF
esac
{
+ # shellcheck source=/p/c/cmc-firewall-data
. /root/cmc-firewall-data
cat <
Date: Wed, 12 Jun 2024 20:49:42 -0400
Subject: [PATCH 12/14] minor improvements
---
fai/config/distro-install-common/install-mainline-kernel-debs | 2 +-
fai/config/scripts/IANK/11-iank | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fai/config/distro-install-common/install-mainline-kernel-debs b/fai/config/distro-install-common/install-mainline-kernel-debs
index 93f7c57..aaee5eb 100755
--- a/fai/config/distro-install-common/install-mainline-kernel-debs
+++ b/fai/config/distro-install-common/install-mainline-kernel-debs
@@ -82,6 +82,6 @@ for p in ${pkgs[@]}; do
fi
done
if (( ${#urls[@]} >= 1 )); then
- wget -nv "${urls[@]}"
+ wget -nv -- "${urls[@]}"
$ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/}
fi
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index d7a5bd3..25c0503 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -211,7 +211,7 @@ EOF
# for running from fai or remote connections, don't kill the internet
ethusb_arg=-c
fi
- if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
&& ip n show 10.2.0.1 | grep . &>/dev/null; then
# we are at_home
$FAI/distro-install-common/ethusb-static $ethusb_arg
--
2.30.2
From e0b34d32f5cc83e960188387a9c9a9af071fecb2 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Sun, 16 Jun 2024 20:11:44 -0400
Subject: [PATCH 13/14] minor fixes
---
fai/config/package_config/UBUNTU.gpg | Bin 0 -> 369 bytes
wrt-setup | 10 +++++-----
wrt-setup-local | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
create mode 100644 fai/config/package_config/UBUNTU.gpg
diff --git a/fai/config/package_config/UBUNTU.gpg b/fai/config/package_config/UBUNTU.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..544b4af21abd0b077d1df85529d66f060d3833a1
GIT binary patch
literal 369
zcmV-%0gnEdjRaAtc7g!}0Hnpy(*MUjhT#m(Cqgf&im-qMw;3&|$*Mo7E{yr*5gWy#
z*)VfWAZHZQcnE%6urW2^E!^V>$R(r;89A+z;!1W1DaP%c&4zd0l)F0wH8o7Cxy1>6
z)>fah54-tY_n}p$;pXE2ui|q(EylQAlyb<97Mq<7#E6q_hNL|3qeea>LXj>?g(2(W(&H=ZpCha`#
z02sR;aMh4}=jO$GSA9Vn_(0q{xAqf5P1ZxFFJ{D*|6mrllJH|Nfx%ez;CnVejMwG^
PZ+e0Dk0%5=Kt`1nd{LY4
literal 0
HcmV?d00001
diff --git a/wrt-setup b/wrt-setup
index 1a85864..55de769 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -38,11 +38,11 @@ bash, we can use ${@@Q} to properly pass an empty var.
Note, if we dont have internet yet, then just download the bash package,
-scp it over manually and install it, eg:
+rsync it over manually and install it, eg:
cat /etc/opkg/distfeeds.conf
wget https://librecmc.org/librecmc/downloads/snapshots/v1.5.1-core/packages/mips_24kc/packages/bash_5.0-3_mips_24kc.ipk
-scp bash_5.0-3_mips_24kc.ipk wrt:
+rsync bash_5.0-3_mips_24kc.ipk wrt:
ssh wrt
opkg install /root/bash_5.0-3_mips_24kc.ipk
EOF
@@ -73,13 +73,13 @@ fi
echo "$0: h=$h"
# todo: ecdsa key not working with dropbear
cat ~/.ssh/{h,hrsa,home}.pub | ssh $h dd of=/etc/dropbear/authorized_keys
-scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/fai/dnsmasq-end-lease /a/bin/cedit/cedit $h:/usr/bin
+rsync /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-local /a/bin/fai/dnsmasq-end-lease /a/bin/cedit/cedit $h:/usr/bin
# relay is built for openwrt 18.06.2, r7676-cddd7b4c77
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
-scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
+rsync /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
/p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/{ptr,dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
-scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
+rsync ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
diff --git a/wrt-setup-local b/wrt-setup-local
index d18d798..c78fd90 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -793,7 +793,7 @@ config redirect
option src wan
option src_dport 80
option dest lan
- option dest_ip $l.9
+ option dest_ip $l.3
option proto tcp
config rule
option src wan
@@ -806,7 +806,7 @@ config redirect
option src wan
option src_dport 443
option dest lan
- option dest_ip $l.9
+ option dest_ip $l.3
option proto tcp
config rule
option src wan
--
2.30.2
From d3fb9d4972142e5a1676435dfdefbe0ea821a201 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Tue, 18 Jun 2024 19:31:52 -0400
Subject: [PATCH 14/14] improvements
---
fai-redep | 2 +-
fai/config/scripts/DEBIAN/11-iank | 53 ++++++++++-------------------
myfai-chboot-local | 2 +-
wrt-setup | 3 +-
wrt-setup-local | 55 +++++++++++++++++--------------
5 files changed, 52 insertions(+), 63 deletions(-)
diff --git a/fai-redep b/fai-redep
index 250b458..5498667 100755
--- a/fai-redep
+++ b/fai-redep
@@ -129,7 +129,7 @@ else
rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common
fi
-rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common
+rsrv -rlpt --delete /a/bin/ds/bash-lib-u /a/opt/btrfs-progs-release /fai/config/distro-install-common
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank
index 130c7e9..b2c5567 100755
--- a/fai/config/scripts/DEBIAN/11-iank
+++ b/fai/config/scripts/DEBIAN/11-iank
@@ -26,6 +26,7 @@ fi
m() { printf "%s\n" "$*"; "$@"; }
+source $FAI/distro-install-common/bash-misc-functions
fcopy -riB /root
@@ -70,7 +71,6 @@ apt-get install -y kexec-tools
# that a non-root user can disrupt the system, eg cause a reboot.
sed -i '$a kernel.sysrq=1
/^kernel.sysrq=/d' /etc/sysctl.conf
-
EOFOUTER
cmdline_extra="$d16_cmdline $fsf_cmdline_extra"
@@ -80,45 +80,28 @@ cmdline_extra="$d16_cmdline $fsf_cmdline_extra"
# and with rd.luks.crypttab=no, it works.
cmdline="rd.luks.crypttab=no net.ifnames=0 $cmdline_extra"
-chroot $FAI_ROOT bash <>/etc/default/grub
+u /etc/default/grub.d/iank.cfg <<'EOF'
+# note: in git history, you can see code that modified the existing
+# GRUB_CMDLINE_LINUX_DEFAULT. That was being cautious in case something
+# else modified it, but experience has shown nothing else modifying it.
-sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
-sed -ri 's/^ *GRUB_TIMEOUT_STYLE=.*/GRUB_TIMEOUT_STYLE=menu/' /etc/default/grub
-sed -ri 's/^ *GRUB_TIMEOUT=.*/GRUB_TIMEOUT=6/' /etc/default/grub
+GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"
+GRUB_TERMINAL=console
# on xenial, no grub is displayed at all. fix that.
-# found just by noticing this in the config file, and a
-# warning about it in error.log
-sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
-
-if type -P update-grub2 &>/dev/null; then
- update-grub2
-else
- update-grub
-fi
-
+# found just by noticing a warning about it in error.log
+GRUB_HIDDEN_TIMEOUT=
+GRUB_TIMEOUT_STYLE=menu
+GRUB_TIMEOUT=4
+# grub tries to detect error in booting and then wait longer with this entry.
+# but that detection doesn't work for us because we have btrfs /boot, and so it flags
+# failure always.
+GRUB_RECORDFAIL_TIMEOUT=4
EOF
+if $ur; then
+ $ROOTCMD update-grub
+fi
# I prefer to stick with ifup/down or networkmanager: networkd is not in its
# own package, so cant use in other init systems. b. it works fine.
diff --git a/myfai-chboot-local b/myfai-chboot-local
index ca4d32e..0f83ea0 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -111,7 +111,7 @@ if [[ $hostip ]]; then
exit 1
fi
else
- my_ip=$(ip r show default | sed -r 's/.*via ([^ ]*).*/\1/' | head -n1)
+ my_ip=$(ip r show default | sed -r 's/.*src ([^ ]*).*/\1/' | head -n1)
fi
if [[ $host == default ]]; then
diff --git a/wrt-setup b/wrt-setup
index 55de769..8f94f71 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -79,7 +79,8 @@ rsync /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-l
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
rsync /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/{ptr,dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} \
+ /p/c/{ptr,dnsmasq,cmc-firewall}-data /p/c/cmc-firewall-data-http /b/bash-bear-trap/bash-bear $h:
rsync ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
diff --git a/wrt-setup-local b/wrt-setup-local
index c78fd90..11c9327 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -620,7 +620,37 @@ esac
{
# shellcheck source=/p/c/cmc-firewall-data
. /root/cmc-firewall-data
+ # sets $http_ip
+ # shellcheck source=/p/c/cmc-firewall-data-http
+ . /root/cmc-firewall-data-http
cat <