From 137ffae7de84a51c4b438ccf2fb50f5571f522a6 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 1 Aug 2022 09:26:06 -0400 Subject: [PATCH] updates for t11 and fsf --- fai-redep | 2 +- fai/config/class/D16.var | 11 +- fai/config/class/FSF.var | 1 + fai/config/distro-install-common/end | 4 + .../distro-install-common/libreboot_grub.cfg | 2 +- fai/config/hooks/instsoft.DEFAULT | 30 +- fai/config/hooks/partition.DEFAULT | 158 +++-- fai/config/package_config/ARAMO_EXTRA.gpg | 2 +- fai/config/package_config/FSF | 5 + fai/config/package_config/NABIA_EXTRA.gpg | 2 +- fai/config/package_config/UBUNTU.gpg | 626 ------------------ fai/config/package_config/UBUNTU_UP.gpg | Bin 0 -> 18331 bytes fai/config/scripts/D16/12-d16 | 4 +- fai/config/scripts/DEBIAN/11-iank | 12 +- fai/config/scripts/FSF/11-iank | 78 ++- fai/config/scripts/GRUB_PC/10-setup | 10 +- fai/config/scripts/IANK/11-iank | 10 +- fsf/close-crypt-luks-keys-loopback | 30 + fsf/create-vm-disk | 160 +++++ fsf/crypt-disks-start | 30 + fsf/open-crypt-luks-keys-loopback | 40 ++ kd-mount | 17 + kd.log | 6 + lk | 2 +- pxe-server | 2 +- wrt-setup-local | 10 +- 26 files changed, 542 insertions(+), 712 deletions(-) create mode 100644 fai/config/class/FSF.var create mode 100644 fai/config/package_config/FSF delete mode 100644 fai/config/package_config/UBUNTU.gpg create mode 100644 fai/config/package_config/UBUNTU_UP.gpg create mode 100755 fsf/close-crypt-luks-keys-loopback create mode 100755 fsf/create-vm-disk create mode 100755 fsf/crypt-disks-start create mode 100755 fsf/open-crypt-luks-keys-loopback create mode 100644 kd-mount create mode 100644 kd.log diff --git a/fai-redep b/fai-redep index 924e8b7..a974208 100755 --- a/fai-redep +++ b/fai-redep @@ -72,7 +72,7 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized # we hssh and ssh_filter_btrbk for the initial btrbk (alternatively, I could open up the # permissions in authorized_keys, but that just seems lazy) install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh -rsync -atL /a/bin/ds/hssh fai/config/files/usr/local/bin/hssh/STANDARD +rsync -atL /a/bin/ds/hssh fai/config/files/usr/local/bin/hssh/IANK install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD diff --git a/fai/config/class/D16.var b/fai/config/class/D16.var index dc8d96b..fce2f84 100644 --- a/fai/config/class/D16.var +++ b/fai/config/class/D16.var @@ -1,3 +1,10 @@ +# /a/opt/linux/Documentation/admin-guide/serial-console.rst +# https://libreboot.org/docs/hardware/kgpe-d16.html + + # pci=realloc=off = per rubens suggestion to make a d16 more stable -d16_cmdline="console=ttyS0,115200n8 pci=realloc=off console=tty0" -d16_cmdline="pci=realloc=off console=tty0" + +# we make tty0 the last one so that it gets /dev/console and then +# debian's cryptsetup addition askpass prompts there in the initramfs. +# todo: file a bug to make it prompt on both. +d16_cmdline="pci=realloc=off console=ttyS0,115200n8 console=tty0" diff --git a/fai/config/class/FSF.var b/fai/config/class/FSF.var new file mode 100644 index 0000000..9193bf1 --- /dev/null +++ b/fai/config/class/FSF.var @@ -0,0 +1 @@ +fsf_cmdline_extra="elevator=deadline transparent_hugepage=always numa=off" diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 602e2ba..f8c9d5f 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -90,6 +90,10 @@ Defaults !umask Defaults:root,iank !log_allowed, !pam_session # for just the root user, set some env vars Defaults>root env_file=/etc/rootsudoenv + +# a few commands we should be able to run with no password +iank ALL = (root) NOPASSWD: /usr/local/bin/spend,/usr/bin/nmtui-connect + EOF case $HOSTNAME in diff --git a/fai/config/distro-install-common/libreboot_grub.cfg b/fai/config/distro-install-common/libreboot_grub.cfg index 7af4219..9ea5390 100644 --- a/fai/config/distro-install-common/libreboot_grub.cfg +++ b/fai/config/distro-install-common/libreboot_grub.cfg @@ -29,7 +29,7 @@ set default=/debianbullseye_bootstrap # could use 0 here. set timeout=1 # grub_extn -for part in (ahci*7) (ata*7); do +for part in (ahci*4) (ata*4); do envfile=$part/grubenv if [ -s $envfile ]; then load_env --file $envfile diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT index 9d8f0b7..5c7be4e 100755 --- a/fai/config/hooks/instsoft.DEFAULT +++ b/fai/config/hooks/instsoft.DEFAULT @@ -37,17 +37,21 @@ if [[ ${files[0]} ]]; then fi -#### this bit is duplicated in rootsshsync, except we skip update-initramfs, -# since I suspect its not needed. I'm not sure any of this is needed -# since we initially embed the key, and with distro-begin, we run rootsshsync -# around the same time as we remove it. -d=/etc/initramfs-tools -if [[ -e $d ]] && ! diff -q /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys &>/dev/null; then - mkdir -p $d/root/.ssh /etc/dropbear-initramfs - chmod 700 $d/root $d/root/.ssh - cp -p /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys - cp -p /root/.ssh/authorized_keys /etc/dropbear-initramfs - if [[ -e /root/.ssh/authorized_keys2 ]]; then - cat /root/.ssh/authorized_keys2 >>/etc/dropbear-initramfs - fi +#### This bit is duplicated in rootsshsync, except we skip +#### update-initramfs and add $target +#### +# We generally shouldn't need this, because we don't ssh in on the 1st +# reboot since we initially embed the luks key, and with distro-begin, +# we run rootsshsync around the same time as we remove it. However, it +# could be helpful in case of problems. + +auth_dir=$target/etc/dropbear/initramfs/ +candidate=$(apt-cache policy dropbear-initramfs | awk '$1 == "Candidate:" { print $2 }' | head -n1 ||:) +if [[ $candidate ]] && dpkg --compare-versions "$candidate" lt 2020.81-4; then + auth_dir=$target/etc/dropbear-initramfs +fi +auth_file=$auth_dir/authorized_keys +mkdir -p $auth_dir +if [[ ! -e $auth_file ]] || ! diff -q /root/.ssh/authorized_keys $auth_file; then + cp -p /root/.ssh/authorized_keys $auth_file fi diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index e953cf1..7990a19 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -122,6 +122,11 @@ if [[ $1 ]]; then esac fi +if [[ ! $SPECIAL_DISK ]] && ! $mkroot2 && ! $mkroot2tab && ! $mktab \ + && ! ifclass IANK && ! ifclass FSF; then + echo $0: error: need class IANK or FSF or SPECIAL_DISK for running in fai +fi + if [[ $SPECIAL_DISK ]]; then export CLASS_REPARTITION=true @@ -289,11 +294,17 @@ $first_boot_dev /boot btrfs nofail,$fstabstd,noatime,subvol=$boot_vol $first_efi /boot/efi vfat nofail,$fstabstd 0 0 $first_boot_dev /mnt/boot btrfs nofail,$fstabstd,noatime,subvolid=0 0 0 EOF + if ! fsf; then + cat >> /tmp/fai/fstab <>/tmp/fai/crypttab <>/tmp/fai/crypttab <> /tmp/fai/fstab <>/mnt/root/root2-crypttab <&2 exit 1 fi - pvsuf=$partsuffix$pvn +bootsuf=$partsuffix$bootn efisuf=$partsuffix$efin grub_extsuf=$partsuffix$grub_extn -bios_grubsuf=$partsuffix$bios_grubn +# We dont do anything with this partition here, so this +# is be unused, but left as a comment for completing the pattern +# of all the suffixes. +#bios_grubsuf=$partsuffix$bios_grubn even_bigsuf=$partsuffix$even_bign @@ -542,6 +568,7 @@ boot_devs=() boot2_devs=() for dev in ${devs[@]}; do vg=vg${dev##*/} + vg=${vg//:/} # I ran into a machine (frodo) where the bios doesn't know about some disks, # so 1st stage of grub also doesn't know about them. # Also, grub does not support mounting degraded btrfs as far as @@ -568,7 +595,7 @@ for dev in ${devs[@]}; do if $bad_disk; then continue fi - boot_devs+=(/dev/$vg/boot) + boot_devs+=($dev$bootsuf) boot2_devs+=(/dev/$vg/boot2) boot_space=$(( boot_space + $(parted -m $dev unit MiB print | \ sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1)) @@ -607,7 +634,7 @@ case $raid_level in 1c3) boot_space=$(( boot_space / 3 )) ;; esac if fsf; then - boot_mib=4000 + boot_mib=6000 elif (( boot_space > 900000 )); then # this is larger than needed for several /boot subvols, # becuase I keep a minimal debian install on it for @@ -713,16 +740,37 @@ fi if $partition; then ### begin wipefs if [[ ! $SPECIAL_DISK ]]; then - for lv in $(lvs --noheadings -o lv_path); do - wipefs -a $lv + + # we do lvm removals just for the disks we are using + pv_wipes=() + vg_wipes=() + pv_devs=$(pvs --noheadings -o pvname) + for pv_dev in $pv_devs; do + pv_disk=${pv_dev%%[0-9]*} + for short_dev in ${short_devs[@]}; do + if [[ $pv_disk == "$short_dev" ]]; then + pv_wipes+=($pv_dev) + vgs=$(pvs --noheadings -o vgname $pv_dev) + for vg in $vgs; do + vg_wipes+=($vg) + lvs=$(vgs --noheadings -o lv_path $vg) + for lv in $lvs; do + wipefs -a $lv + done + done + fi + done done - for vg in $(vgs --noheadings -o vgname); do + + for vg in ${vg_wipes[@]}; do vgchange -an $vg vgremove -ff $vg done - for pv in $(pvs --noheadings -o pvname); do + + for pv in ${pv_wipes[@]}; do pvremove -ff $pv done + for dev in ${devs[@]}; do # if we repartition to the same as an old partition, # we don't want any old fses hanging around. @@ -757,11 +805,12 @@ if $partition; then fi fi + if [[ $SPECIAL_DISK ]]; then + devs=($(devbyid $SPECIAL_DISK)) + fi for dev in ${devs[@]}; do vg=vg${dev##*/} - if [[ $SPECIAL_DISK ]]; then - dev=$(devbyid $SPECIAL_DISK) - fi + vg=${vg//:/} # parted will round up the disk size. Do -1 so we can have # fully 1MiB unit partitions for easy resizing of the last partition. @@ -778,27 +827,47 @@ if $partition; then # MiB because parted complains about alignment otherwise. pcmd="parted -a optimal -s -- $dev" # main lvm partition - $pcmd mkpart primary ext3 524MiB ${disk_mib}MiB + + pv_end=$(( disk_mib - boot_part_mib )) + $pcmd mkpart primary ext3 524MiB ${pv_end}MiB $pcmd name $pvn pv - pvcreate -y $dev$pvsuf - vgcreate -y $vg $dev$pvsuf + # + 794 pvcreate -y /dev/disk/by-id/ata-ST4000DM000-1F2168_Z3028BKA-part1 + # WARNING: Device /dev/sde1 not initialized in udev database even after waiting 10000000 microseconds. + # No device found for /dev/disk/by-id/ata-ST4000DM000-1F2168_Z3028BKA-part1. + # sleep 10 was not enough. + secs=0 + while [[ ! -e $dev$pvsuf ]] && (( secs < 40 )); do + sleep 1 + secs=$((secs +1)) + done + sleep 3 + pvcreate -y -ff $dev$pvsuf + vgcreate -y -ff $vg $dev$pvsuf if fsf; then root_mib=40000 else + # This would maximize it, but we are going for a separate filesystem in /o, + # so use fixed sizes to allow both to grow # 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm - root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 )) + #root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 )) + root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb. + o_mib=$(( 120 * 1000 )) fi - # -L unit default mebibyte - lvcreate -y -L $root_mib $vg -n root - lvcreate -y -L $swap_mib $vg -n swap - # unencrypted swap needs mkswap - if fsf; then - mkswap /dev/$vg/swap + if [[ ! $SPECIAL_DISK ]]; then + # -L unit default mebibyte + lvcreate -y -L $root_mib $vg -n root + if ! fsf; then + lvcreate -y -L $o_mib $vg -n o + fi + lvcreate -y -L $swap_mib $vg -n swap + # unencrypted swap needs mkswap + if fsf; then + mkswap /dev/$vg/swap + fi fi - lvcreate -y -L $boot_part_mib $vg -n boot if zilap; then # todo: now that we are using lvm, this doesnt need to be done until mkroot2 @@ -806,6 +875,10 @@ if $partition; then lvcreate -y -L $boot2_part_mib $vg -n boot2 fi + $pcmd mkpart primary "" ${pv_end}MiB ${disk_mib}MiB + $pcmd name $bootn boot + $pcmd set $bootn boot on + # uefi partition, for normal bios systems, its just in case. $pcmd mkpart primary "fat32" 12MiB 524MiB $pcmd name $efin efi @@ -844,7 +917,7 @@ if $partition; then # but then couldn't be found upon reboot. In that case we didn't # wait at all. So I've added a 3 second minimum wait. secs=0 - while [[ ! -e $dev$bios_grubsuf ]] && (( secs < 10 )); do + while [[ ! -e $dev$efisuf ]] && (( secs < 40 )); do sleep 1 secs=$((secs +1)) done @@ -853,8 +926,8 @@ if $partition; then mkfs.fat -F32 $dev$efisuf if ! fsf && $even_big_part && [[ $dev == "$even_big_dev" ]]; then - luks-setup $even_big_dev ${even_big_dev##*/} - mkfs.btrfs -f /dev/mapper/${even_big_dev##*/} + luks-setup $even_big_dev$even_bigsuf ${even_big_dev##*/}$even_bigsuf + mkfs.btrfs -f /dev/mapper/${even_big_dev##*/}$even_bigsuf fi # Holds just a single file, rarely written, so @@ -871,6 +944,7 @@ if $partition; then # sensitive data. if ! fsf; then luks-setup /dev/$vg/root crypt-$vg-root + luks-setup /dev/$vg/o crypt-$vg-o fi if [[ $SPECIAL_DISK ]]; then @@ -881,9 +955,12 @@ if $partition; then sleep 1 bpart ${root_devs[@]} + if ! fsf; then + bpart ${o_devs[@]} + fi bpart ${boot_devs[@]} -else ## above: if $partition ## +else ## end if $partition ## if ! fsf; then for vg in ${vgs[@]}; do @@ -893,7 +970,9 @@ else ## above: if $partition ## if $rerootfs; then luks-setup /dev/$vg/root crypt-$vg-root else - cryptsetup luksOpen /dev/$vg/root $vg-root \ + cryptsetup luksOpen /dev/$vg/root crypt-$vg-root \ + --key-file $luks_file + cryptsetup luksOpen /dev/$vg/o crypt-$vg-o \ --key-file $luks_file fi done @@ -945,7 +1024,8 @@ btrfs subvolume set-default 0 /mnt # already default, just ensuring it. # for libreboot systems. grub2 only reads from subvolid=0 mkdir -p /mnt/grub2 -# todo: this probably needs updating for our lvm transition +# todo: this would need some rework if we moved boot into +# lvm. cp $FAI/distro-install-common/libreboot_grub.cfg /mnt/grub2 if $wipe && [[ -e /mnt/$boot_vol ]]; then diff --git a/fai/config/package_config/ARAMO_EXTRA.gpg b/fai/config/package_config/ARAMO_EXTRA.gpg index 553a478..ce7b110 120000 --- a/fai/config/package_config/ARAMO_EXTRA.gpg +++ b/fai/config/package_config/ARAMO_EXTRA.gpg @@ -1 +1 @@ -UBUNTU.gpg \ No newline at end of file +UBUNTU_UP.gpg \ No newline at end of file diff --git a/fai/config/package_config/FSF b/fai/config/package_config/FSF new file mode 100644 index 0000000..78498e8 --- /dev/null +++ b/fai/config/package_config/FSF @@ -0,0 +1,5 @@ +PACKAGES install +# needed for bonding +ifenslave +# generating luks passwords +apg diff --git a/fai/config/package_config/NABIA_EXTRA.gpg b/fai/config/package_config/NABIA_EXTRA.gpg index 553a478..ce7b110 120000 --- a/fai/config/package_config/NABIA_EXTRA.gpg +++ b/fai/config/package_config/NABIA_EXTRA.gpg @@ -1 +1 @@ -UBUNTU.gpg \ No newline at end of file +UBUNTU_UP.gpg \ No newline at end of file diff --git a/fai/config/package_config/UBUNTU.gpg b/fai/config/package_config/UBUNTU.gpg deleted file mode 100644 index 6075639..0000000 --- a/fai/config/package_config/UBUNTU.gpg +++ /dev/null @@ -1,626 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQINBE+tgXgBEADfiL1KNFHT4H4Dw0OR9LemR8ebsFl+b9E44IpGhgWYDufj0gaM -/UJ1Ti3bHfRT39VVZ6cv1P4mQy0bnAKFbYz/wo+GhzjBWtn6dThYv7n+KL8bptSC -Xgg1a6en8dCCIA/pwtS2Ut/g4Eu6Z467dvYNlMgCqvg+prKIrXf5ibio48j3AFvd -1dDJl2cHfyuON35/83vXKXz0FPohQ7N7kPfI+qrlGBYGWFzC/QEGje360Q2Yo+rf -MoyDEXmPsoZVqf7EE8gjfnXiRqmz/Bg5YQb5bgnGbLGiHWtjS+ACIdLUq/h+jlSp -57jw8oQktMh2xVMX4utDM0UENeZnPllVJSlR0b+ZmZz7paeSar8Yxn4wsNlL7GZb -pW5A/WmcmWfuMYoPhBo5Fq1V2/siKNU3UKuf1KH+X0p1oZ4oOcZ2bS0Zh3YEG8IQ -ce9Bferq4QMKsekcG9IKS6WBIU7BwaElI2ILD0gSwu8KzvNSEeIJhYSsBIEzrWxI -BXoN2AC9PCqqXkWlI5Xr/86RWllB3CsoPwEfO8CLJW2LlXTen/Fkq4wT+apdhHei -WiSsq/J5OEff0rKHBQ3fK7fyVuVNrJFb2CopaBLyCxTupvxs162jjUNopt0c7OqN -BoPoUoVFAxUSpeEwAw6xrM5vROyLMSeh/YnTuRy8WviRapZCYo6naTCY5wARAQAB -tEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMTIpIDxm -dHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwECACIFAk+tgXgCGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheAAAoJEDtP5qzAsh8yXX4QAJHUdK6eYMyJcrFP3yKXtUYQ -MpaHRM/floqZtOFhlmcLVMgBNOr0eLvBU0JcZyZpHMvZciTDBMWX8ItCYVjRejf0 -K0lPvHHRGaE7t6JHVUCeznNbDMnOPYVwlVJdZLOa6PmE5WXVXpk8uTA8vm6RO2rS -23vE7U0pQlV+1GVXMWH4ZLjaQs/Tm7wdvRxeqTbtfOEeHGLjmsoh0erHfzMV4wA/ -9Zq86WzuJS1HxXR6OYDC3/aQX7CxYT1MQxEw/PObnHtkl3PRMWdTW7fSQtulEXzp -r2/JCev6Mfc8Uy0aD3jng9byVk9GpdNFEjGgaUqjqyZosvwAZ4/dmRjmMEibXeNU -GC8HeWC3WOVV8L/DiA+miJlwPvwPiA1ZuKBI5A8VF0rNHW7QVsG8kQ+PDHgRdsmh -pzSRgykN1PgK6UxScKX8LqNKCtKpuEPApka7FQ1u4BoZKjjpBhY1R4TpfFkMIe7q -W8XfqoaP99pED3xXch2zFRNHitNJr+yQJH4z/o+2UvnTA2niUTHlFSCBoU1MvSq1 -N2J3qU6oR2cOYJ4ZxqWyCoeQR1x8aPnLlcn4le6HU7TocYbHaImcIt7qnG4Ni0OW -P4giEhjOpgxtrWgl36mdufvriwya+EHXzn36EvQ9O+bm3fyarsnhPe01rlsRxqBi -K1JOw/g4GnpX8iLGEX1ViQIcBBABAgAGBQJPrYliAAoJEAv7hH8/Jy9bZ2oQAKT+ -lN7RHIhwpz+TuTrBJSGFYhLur5T9Fg11mIKbQ9hdVMAS9XO9fV/H4Odoiz6+ncbW -Iu8znPsqaziPoSEugj4CrBfVzDncDzOOeivJI66yuieks53P48ougGgM3G2aTFAn -s8hXCgSVBZd4DxMQwR9w9PmuXgGnsVIShsn9TrNz+UOSpTX2F7PGwT+vOW8hM6W0 -GpaUhFuNVvi4HAGcW3HgcDy/KuKU5JzLKdUbnGey5N+HtcTYq+KbRBHCpfG6pPNj -RIVdl/X6QcIFDaUO24L1tYTnvgehQnkz3GyLkeqiqmwub7sTXYmhUStzdPM2NXGb -PVQGNXu5tyvuvLAc+JTrn4ADIjDD35oY/4ti+LcCkuyDuzU8EWcMbG/QqF3VH2bU -I0pP4TFIkeLWkMO7idOCOf6+ntvQaGa3BrnRs9CemDKaVyWwjNJEXboS8+LwBpWm -Nw/idWgLzf9N7XF1+GfrF61FeYccltcB1X8M4ElI/Cchvk52+OG8j6USemCOL1OS -irbYqvj8UroQabVUwe90TZrboOL06Q2dPeX0fBIk837UXRDJpzKYexZvWg9kg7Ib -f9MYuodt5bkG+6slwmbN7W1I4UAgrIj4EhlE9wsmdsMc2eNXk6DOClN8sseXPx49 -0nL623SQSx4tbYpukzaEXREXOQT2uY5GHvDVMv7biQIcBBABCAAGBQJPrYpcAAoJ -EDk1h9l9hlALtdMP/19lZWneOCFEFdsK6I1fiUSrrsi+RRefxGT5VwUWTQYIr7Uw -TJLGPj+GkLQe2deEj1v+mmaZNsb83IQJKocQbo21OZAr3Uv4G6K3fAwj7zE3V+2k -1iZKDH/3MfHpZ9x+1sUQPcC+Y0Oh0jWw2GGPClYjLwP7WGegayCfPdejlAOReulK -i2ge+mkoNM2Zm1ApA1q15rHST5QvIp1WqarK003QPABreDY37zffKiQwTo/jUznc -TlTFlThLWqvh2H7g+r6rjrDhy/ytB+lOOAKp0qMHG1eovqQ6lpaRx+N0UR+bH4+W -MBAg756ter/3h/Z9wApIPgpdA/BkxFQu932JbheZq+8WXQ3XwvXj/PVkqRr3zNAM -YKVcSIFQ0hAhd2SK8XrzKUMPPDqDF6lUA4hv3aU0kmLiWJibFWGxlE5LLpSPwy3E -d/bSvxYxE+OE+skdB3iPqHN7GHLilTHXsRTEXPLMN9QfKGKXiLFGXnLLc7hMLFbt -oX5UdbaaEK7+rEkIc1zZzw9orgefH2oXQSehuhwzmQpfmGM/zEwUSmbeZwXW82tx -eaGRn/Q5MfAIeqxBKLST6Lv8SNfpI+f1vWNDZeRUTw3F8yWLrll8a5RKHDvnK3jX -zeT8dLZPIjGULMyFm8r3U2djKhIrUJjjd89QM7qQnNFdU7LR3YG0ezT5pJu+iQIc -BBABAgAGBQJPrYqXAAoJENfD8TGrKpH1rJAQAJr+AfdLW5oB95I68tZIYVwvqZ41 -wU8pkf8iXuNmT4C26wdj204jQl86iSJlf8EiuqswzD0eBrY/QNPOL6ABcKvhO4Kl -uaRiULruaXI7odkmIDAty5gYe04nD7E3wv55lQOTrT7u7QZnfy//yY+3Qw4Ea6Me -SeGW+s3REpmAPSl+iaWkqYiox/tmCQOQJK0jzxTcYyHcLzoNaJ+IqANZUM8URCrb -RapRbm3XxA9FeD0Zlg77NGCZyT1pw6XkG7kLlE4BvUmzS/dIQkx8qnpJhchLQ20l -xqcBaT1buRTxktvflWPeVhPy0MLl72l/Bdhly21YcQbmbClkbWMGgLctbqN25HwH -8Lo6guUk9oWlqvtuXOEI31lZgSestpsCz/JvlfYuyevBa33srUoRTFNnZshGNzkT -20GXjnx7WDb6mHxwcpAZFCCC2ktfDwd+/U0mU6+02zYHby6OIjRHnAvbCGhz51Ed -PfE362W3CY021ktEgu9xYpIGOfREncrjo0AoOwqoWQhEoLG3ihF8LMUryVNac0ew -srGY7gxFCnP+aHtXzaa8mMW8dkWgNwi6RfJfphrgHkdgKVjKukkIqRrZrDoD5O7A -18oTb3iMrBKHdSVZp0icpmAHb0ddBNlY9zun7akuBrVzM5aKuo21l/Qs9z3UK5k4 -DjfegedFClqpn37biQIcBBABCAAGBQJPtvp6AAoJEFdZ81ABqkpkFx8P/1XLWBTW -ICR2GxtKOA3877kX+IQ7wDcC4i1tcCAT30+0YHt/loM+NEkpO5VUbYTI0VX219bv -Of5rAoc7BgzEqPYbvEsr0Tlitqy0Fg2/zLkacWb3aeTSstKgE+7MYTYDqzr9ZXm4 -8AFquPtqnQKnh/SPB7Pp4gLmBM+9+ruiPQsGQdFS1nShJs+QJU2PJd5GcnUBP8mf -wcbDlwacUL1Vue71+yWeJjY01oC48tWuY4ojK8oMpqFGgfO9Arg4B3ZIgrJD05TI -vSz7Wolh4GIqXpkq+ZS/6pBOdMc9duOHUaABrbuNq2Ee8Z2xWMU56UIrDHozBr8Y -BFrM5kEuJM49tcJWj17iHnAeQe/2u0KZX6zgSwJ+9qqVq/G5XW6mA2BCNkM3eaRW -WZYI+yiD9iZaGuP3jJ2uACvFIR+tq/C3nC42P3Hr0EGkBPldapCeEibo1hr8XqMJ -utwbqfBYrBaXEY3lmGbjRQWYgGS5NUUFQcfUGVyrH9ZZxQVQFCvn7qkFKMpBy4Sn -5HMtwD/p91W209h/cp8pzdwEh25Ev3ezdxgb11JugZKqwProrghwyAPFrUdoLPs9 -jVUn5esLtnSqcxgVcogvPonfcm+eEyoAuwNChf6E9ZpWCMKYKZW8tCo/+EI2/DOx -+GiE015gpR+Og9BxhYNL9yZNCJfn7/YzkvnFiQIcBBABCgAGBQJQwv+7AAoJEB9n -UP08vczgcFIP/j6dDiOoEApruBfJLGJ0LSPq0RFKX5+HCuyrL+iily2kChgmxPsK -Z+4Letv38GyjeHdAAhAxhO3j4EXG3KaNuYDkDj/2FhGcLPALIcMdQy3aPyvWtdz6 -kFLo0PBdgYPvGj14zWvdBuTM4aMunfElrSRe+37U/s1DImD1S0wIzyMmrbTmmYn7 -XfNft21EDkWODx/BgkrMBZhNRGNHTjjBzk0McQd7IIr98vYkKLGvQmv8TbXan0qD -jLouTty8A5HoQbC4SSGgLdslU9rij+BxBErXFbZzTTyAaRK2K8XZHt8oPoEHZafL -ZzzE8Qdn7r6BCznjTN0y69DPMWlhcO3toBYWsGUbbcae3O/yUJ/McA0LCfFmbNLP -S8zAM/QT5PQW/nxuYFePshTkDZDmICRH+5p0fwN7/pJYMJfVapQuLPChMJ2S8Y0U -KaCYwgaG8FvRB2u0HIbfwIVlCSbeJ9NCjGY/A8R1p0BFIEbW0FvNqW66RP/9uN9J -4IDzQcW9nVKR/WWFmGpKtJTAk0Fl0GLGNicKfEU06ugZCcRYqKHniekTRw2Lm8Wr -v7gk6UGg6gm/mzfTn0q0WrRNgR508Grh+yZEh4WgxBCbIl/4x7wlCvahqmvlngBc -EobYBSFwQ09tp/nyMHBxnMKWzOkkXa9AgXpwB9Xvb7KpfBrjehWaPvdqiQEcBBAB -CAAGBQJUU2gvAAoJEFy5uzsSFmSKieUH/RALTTWRwuFq6s9yyBaizaJZrzO59U2l -nExOgqZMGl7qwVnh7Xy2sIHjjymmdSYc8oydOQPMWV9eVmcwgbgeNfvA28WNX6qL -5fSRULXs+ZgY5z2HJu/aHUk2M589QyUU2Ml3w/s4RW+CcWJyiARB7YGkLr0fPYh7 -BiMWZP+/svrPtaJmJaLp5vJn5YKkCBVXQcZ4vVB7Fd99goBhtIgIXjPGskJNfd1P -0Ao+1Cdy1B4dmXypGjZCsJfRb16q5xWPhIk+Jp1oM1CBw8j0apM0BmtmYLA+5vZb -B2/hQ3stHJx0ILTdKPV0y0QIXueEgrbHE0ZQIs5g1Vkj0Qm3/wdYRWyJAZwEEAEI -AAYFAlc6KdAACgkQoPIT8UbrWB+6PQwAjHCozOCX1n2lVF68Vcwp99knfVJlRZJO -UEpU/Cgj0PydLduDT4FhDykiCCu4qtVwyReE/6jbTro73ZXJiX23AF21a4UuA03T -EDg9lpKfsUXReKJRtVT5KApbac5kxJfeUpx5YV1r8sovOL1LISyJ0Vl1s9g9w0HT -ooDZypnpHoKaBFS0SUMv98pSbNZhDjfvmYbOeVz6+heWUGY1yoNC4aR6iS+2LlAM -rKIw3JYh+fXp+4PRdUp8RygtxRW4YQ0qt96HpVxl8d6G+cWKcnEUMjhKGH0G59HG -9i+6/mIi+uJkniuLvN/e6y/QaZofYuuzRPHGUksEDB8/3AJX4jp7iisryEIHZbyF -uuSCxGm5+eHZ3PcgwjhI8jw6XI2rd3HB0vqo3gheQfYUWyiFUm0DKKx+3HDB/gmq -RVqQnnil+d0qhixmAyiuVcs9JLYQEcZ0dLF1Ur5INPGn2oxzRjMcaqV9ROmscMfH -p7uYsY5PupmQ3/OB1vWHuPlJlZvAzvBViQEcBBABCAAGBQJatwXcAAoJEHkYry3T -dFwCHQAH/32P2DNWWoFV0sF+zNzzwee3WdgDA1A419PMcYyhp4JHBoYTIQjMJApW -ynXEsoUq0QHlzA0DNucagUez3IYvFRxIjtoKLOPv7bshtOGdBWx6qRX+EvI8tv+c -DGNSAmBvSU60gUVuDfoI8j35VvuaE/XypntTTUTSRJD/iCRQQGz3XkQr5ET1kYAu -bPSNgA4VTRlijTXvwlOY+wAI0C0y0CHz2XxSFZwldqy7asYEr5xA1QN6mCkdQLFd -KhXzrpcQOxmp3bCd8eK8w6kKLshFkpfi3z6tq+UlNDdUnVpTt7BjAPC6lSwcoupi -cwSJdIiYbCVJ3sDAF/loKd//+8mvGu6JAhwEEAEIAAYFAlq4ggoACgkQWIStaHln -tpfqdw//YcivUncPnpblTye1R59CkC/Uf4mYL9qVDWbk/LXA7d3ESBTQ9VDcVWeI -kAe+lL5o30Yb4mvKpD+0XpXxMltApZ6HmvfHIWbxxo6q8pVfI5NTM1Y3pX4IlGv6 -nOf2s7mwLPFjA/URGn4FO7VY5XXF8NSfal0c+I7yom81t3uZIZxUmOtN+0hHH1X2 -2O7tqafe3kBiV32Rz4hQTj7WoYHlzt/RElZQ81PYjkE3uksFfZJW2N6iU+zSlG6d -ulU7kEXot3lD7L49utRA7QTNhHsEyDQN6rE9wE9vvCJXDJuCLl+DRCGzh4UOiSDJ -0wtVqulaBCLh2ImclDfcHeJA4MgwaU443YD3PuYQD6uXg9kIuuqNinkHRVjKRU2V -XLdfL35LTFdZTW0dXa48NRbIr6ZX7oXNyxTSbceWhbTqgI81O66D3oW0nk3U5Rgr -2k10NB/GdamZy0+bxWWRRcVBwJZz0iCHaz43LXdwK3eXuiDl2nQixj7pzFGLilUk -E2dxnNMlG9TgqJq7x20qp1CWCQoVRZvyMLOyAZ6mVL/WcAX6N/F0yc/ZXjEkGKwW -Jfqrnv8jqhHMT6oVz8gD9dZydaiS9/nrmG9nAX/jG1X3//v+rxpUr3WbA+SOt2lk -wS9j1GnXKKIrvZHYpjCkidnrDmI9rvW8ic/lz2lVkM//YiG2QBKJAjMEEAEKAB0W -IQTP3lhs0NlLR3oYgY4qYhaY0j2SOgUCWtrHJAAKCRAqYhaY0j2SOkd7EACl9nJg -6v9D2Iehv8uaXzJYL16BH1XqCVhWTPQmLAGe/qJH0oDYB6FQOyVueOEmxB4o89YG -T0XgrJN0qrBsCRRpOM8kvMMBftMivvuURqKo8K2aptGa0xEhUqeuAcpLb+VldUL+ -/4OriRbkQMhCq8xi4UOm5JHtWmn2l3AsMBNa4S4soR+fn+ZTQ+ED+TbjjyDOAMEt -cFT+KTisuElIxPfCO9DMrAFg6Letpkow2XSiq/8sN6Gzua8OmDOXxWho95T+MQwH -M+KfoHPWwfRU06wPHTTaqZJO5l1niNmnoJoQvVXuRZbsa7sb40o12qaXSJynnr12 -rJav7YQpEGXYSZ6KwJh0EdgjAVHYbsxeSekZVLa9694rgfiLqZlyESf0NS2lXslr -k6U+VtyhvzsQ/wnfp5BaOnm3laCM5aaJJMiU33LG2M3qTIaEApPtiywBzCcjW+EK -1G4Gg+Zar6mwQz2/HE/adp1iVzSzDUbdOspl4asNP5l8Y/cmBg1jIiEwUIA+lkJx -ssslvYvC51cMpUGODlzbeYFPU2ZPOU3bRV2jjYOfXFCwuSx9oUQlY0kZxroMjUy6 -Z1skz/hfqyHXKOp5kYkTFJEKFFQmnMfyDtLGMSR8wuR4xFTevOkSUzzCl15+zalD -pSw+oRMInE04xjSJ/aSRzqUS3Z7HSHyVUf6BDYkCMwQQAQoAHRYhBCbC4mSQ4cKZ -mlA6JV+x60qkZkGHBQJa2t7PAAoJEF+x60qkZkGHJjMQAJlsZbHiGRTObj2Vs3si -NELWkY5OlmkgThwNjSL4zx1lBHjbFIfgiwIjPjzMSiPaDb96dD64duX3H9sYfvzV -hatl6QkQBYdY9m8Cg6kAAkc15D4Sqq5/85lhnHQ0UBXIFNuPoxfsKFlCdhxaGz9K -NiwEkfB75H4vn36NvJS9/ozcTcyj/3Cj2eDhmUi03FqlV/PRNhCgty7xbrFoNIlN -qFn1m54I90zy5+WWYtdi2TUXDcuYocO/vmRRHkTBNw4Z6yKaRjdBdQXy6FFOkr0q -xxHS4Zze4Lo7e4GSn5lEpAE9VAUgMHfyx70JFNIhdoRNGak/EKiAO57H3Dxqohnj -fCfTiUNgWbkvs5vduIcCHIqcq5HnMfcF3LT2NtpSCUPsiZq0kWOelYFYLPakmRww -xSOQZZ9OjgwgwgaJtDyzhuuzpiy03e10miadR5qe5D70iyGrmYFOxehqKjJS/U5w -JZfAtpy88BGwl/k33LfUAAVtgh4a6+J3o9CooIGSeFKgl98gHWcGShiAJ9GbYOgB -7lw43aUXsuVJxolN7JIgcJ3d6BTqy+2YS7mQhB+NHXXv+VSQHwiD+YJ/EJG/Lsc6 -kSlmwQdH7eU7LBlDtGaClCJV/PZuYb9w/k7XjjBksWK9pIyPqywMlYUO+B3o0GCI -/s5SCp5iIf7hYOIWSGXoAE2+iHUEEBEIAB0WIQQVwbaStxLcS/A8wbrJcu/9t7Zq -igUCWtrhwAAKCRDJcu/9t7ZqipG1AQCMeZdmq0NrLGwlgKnUMXlaI6FfcbNSmUUN -BNznqtsn3AEApZG67GhDNYVJlfwd41N5LPZF866TpAuQneiP38wdFNqIdQQQEQgA -HRYhBBXBtpK3EtxL8DzBusly7/23tmqKBQJa3OnRAAoJEMly7/23tmqKiyIBAN08 -khmetOd0QZ7ukwK49PBPhPIatOMJdENhPZpDrR1xAQDiD1TR+AV5KXPMdLrriPvJ -7x7tb8qua1baSs/JWxM5y4kCMwQQAQoAHRYhBNskc+jgZQ59A+3qnON+2vHrT2C7 -BQJa3UzIAAoJEON+2vHrT2C70VYP/jcSRw6YRMSvA8vri3T8KwPna0Zh+p7Ybqga -F/wrI+WAK5dJaQCqgKoZ/8013C6+3zgMQTudSIAyMZ/l42WybvjrjCkxCm19g+Du -jbA3FVC2zAlnRj8XBmA/KGUCHuouRC+MjXCfCtL2v7dyWMDOH1IYLnd7ZSAdLY5/ -zTMmwZl9komdfbNqGjRY6VacNejSDZvKmwWfA0/oLmKcB+DSsmDq3/OrKbsyPcub -n/Z34SjURzi2mrGLWCoRjya/Apt5cvxWMf+YoDYZYqgRPpUohdrRZLMAEE3eIqef -bjCI7BgwlokQB5JX5iIHnaTz+FzwSayECQjeq3O35nXuvySNtifTHsBDw5LTazRO -Q8oVdAR3oUJnwg4TQvg772PWgSbiZKjJfPEeMklSYWl2RAAXHogS2v8gFG1SJAHs -I8iRcBdtMVDE0JcCxf+2ZFSX7QBFwhbaI/Qp7V/lG2B2UgBjiaGbcnJUBLNOr20E -eq0pSN93EAD31keZaVcpxf17WdRkvoDcgCWZ7vpXhKo1dUsiPcmZNSbqs9Td6X/t -/5q3lHi40iTclIRwUnICCTgpb3acbJd/IujUZ7/xkSxA1S5pHLCYqaa/jOrgrbJ9 -XmSyyMaJ6lpAGoj/uQLZvpnc9IgtYZSKmL+7VSNCw+B/yuyAksn74pYS+WV67bbG -Ywfm20bNiQIcBBABAgAGBQJa383ZAAoJEJjkF994zXqqSN4P/0+xC8O1ZG6NIGCd -d2FNiSuj9rtyjnqvBy/+b/p/5RJEjSQuT0nqH5jaVIVT7fZ9xR/RSf8He8qlFL+m -w69YG67v5xp0ectHy5PsCtMFarUUrussIUre+1MRvVxAnd70XK1+8ZJDFyGKMh+i -j0NCRF7cyFrUvakWvIjofhqnVf99ysMzOxh3mQgCZKJzuTYOO+rPOlc+2Otdtr45 -NgbjVp86PjxO3yPCFPOaCMDuRPS5jpuFWIqhwIfQXuz+5Ghl7NrA1Vvj2Ef1R9Hj -CoNpIRrmpY51Qs1P9JIH7gwQMJJmE2zQspJRGInphVUJ6eYbRtn/bEkyLj4IrSKI -tQjyQN+XRaNqtyZYekW2hkOWfp+k5htIWFi7V6231K7xSsjByw38qkzb3TjN0OiH -9vt0XaJKIgDYltpAhAT4h0XYXCUlC2b86johax3kEra7DJdnNGgrZ37IcUaYafpG -yWUUFqQpel7Ca/yjjCQuMiPYy9qXxizZvyiZmey4ROmV/d1nUoieMIj4eA4cXUUw -C3k3Qz9AjpMjGasILf7C7eP7w2W/GA4OjuM0dqMC2w43cAPzdLSIezIxsn1eGB2y -2nIVxmOKwFnecpGdWTTN2yEwa+M4f+rRi/EDsJ00UWqFaCVFPJoF9w2jG6kZMl7M -vwjqJ14saedkWwkOIHODgaAJF7Z/iQIzBBABCgAdFiEEepI875g6dg7J2cQAp0YQ -1OZ6GfAFAlrg6WwACgkQp0YQ1OZ6GfC/hw/+LN7mnq87KjDoEn7fK4bn+BicLd84 -jvtlDLFmYi0xMxnzkpiM9B1Hl6fcaFPclV/P1KiqiHt+CVDZZ/3h3t5IZtzGDXgl -VrAsv0vcSvYX8EDw78xM9F8xFY6ioY0J7rKiNOrQr+7JYaCjS1SEZRr/k4rgimRq -5BofNnTbB5eUHuu4anGev9yZ3NQoVfo7YsvAx5utCMwTkcWU+k4FOXWnv/U0959N -lynyrIe1E48WGDpZmqxPKx6LVPwBDsH1ErVRuxesamLDFssMY0JdUtqiHZMYZCIV -Y1rAJ5+PibRJInDQKBDLJYKOCelqnI4qhXar1p0yjvh0Y1WwOj1UaGs3aEc/W9bX -H9PiRCHVLL4vpce/uPvk47jfNz+8YNsVDiGW6RVFjfZJO+/6AGp/sQbHLqm+d8n7 -igCpxpI6Akk2mxWrdCLeEaXCohqumCEE+rzAppe9gp3Zjrzdl/oPAv9HkNkMpSUR -cCxTx1GuGtXuYD5uoC5QSoaSxRJWQGnqjDjO0CTJzeTtqUkHTn14kQfb0Qan/iBq -hazM4jGhN4qwa60b7vR5/Py5ZBtTaXSgclCo9i4Kv21MV+V2ABzqrCSlqozU05Bf -O+kkvN1pXAaiNJ5CKyGbQLV+4ejohhTNSKh1HOmd5P2jLqvxpa+e0N5MyZL+iX+y -6qPLIHgrQd3iqrKJAjMEEAEKAB0WIQRl0hoYEF6X+7Tnc3Q4dy7g/cyrxQUCWuEK -TwAKCRA4dy7g/cyrxUNJD/4pRuCNIJ3vXGwx+3ftoWZaoVa3w0F9NdrNYvMOl5BQ -ShXi2bDNHsvML6MMiJ32rLdje8j0HYgZgU13+n2CpZk6/iQKH6Ms45xLJFXIjSlG -gtvyA6BEwKSbsgrQU6rh8piO+N1aXOOeijA1KIem6RkgaNwGqtu1tql5TNAHFu0e -nvINJa+mQPAUVWYveR5SdSK2H8ek1ofXmrhu1Wob8nAWt1AyYXg26MY/gL3ADFDO -EEEHz/QSp/3kXmo8kc0UEkh5Mjfh0BSuMzOHlsZZ2roGRIxHqPKvj+pSmUcUwunr -GptwFPSLlEVgM04JQZiUjDi7gkqYDyIhHil+3M1KAOGRVhvj9Z6hkDkz75MFurYm -OuZoy0eVA+62a+/eE6wbwknk9nUBKwUsLW8CI6erLX6QmJeIO0+q8WvgTzmIRuCn -cG2WIWi2/Gu2WYcnb6kDnjq7YZWaMB58J76AuQ4tPzrcvC4GxdarwmKZ9YDXUWmj -nNBmIfTy3elsRmsDKFZOQzYqcOliy3xcxjffqrdLSeBkSmGNShX4JWX3afcNKQUj -gQzUWYiegXbDRsn/5F3oPZORuL9xdkFNmelkbkuIO7QN97fM0k27+QUPYKYpMeCL -OgNRftHLMsKE40jrDgI3cbaRPk+YCwCijepaJEmi+Z0kiVtsn1q7NosisfcHi4os -rYkCMwQQAQoAHRYhBOo3i3WaAPFVTDbA+cz9YQbz6POhBQJa8Ll+AAoJEMz9YQbz -6POh/XIP/iyNCmMeBwtPSy6HZqnUmxyQ7uRPkCLGBUa1ox1RxmNID/R7ut8RpSin -uZ2C2ww+zOyH1HKUJl9hT0Hs2xc8rNdAsMKeBWfhIFJ+aFkRFxg3VlZ3c80jCfyd -8cmaC1lQxhcR/jtwQqCuoUxwRUwpqttqWB1UShx8DhYAQYWXKH/rKfdI3agmzP6G -J3bpl6V6g7Bc4XNx/CCk4Xz6HtReZMPzprtqM5rDgj8aDkNovWy4yupV4c7otd14 -VfYbCjHKQ8OoYdyNaMef1K/hNkQahZT7doUQ+LoKCKA5W2H/Ve99UDofQVY6Rcpv -5I4F9MD/mMDmLaD/AZZTwSNlJiVH0brgLP6fQGZcZFKDyyx/n2NQWz59Z+02c9F/ -BwZ4j53i+xhL2ERsa9iiElv2fdMY9vtkxdaWcJsE00gUZ6p8Oqela7+XY9V+hPnd -evBfdFXH8+YoYvec8nOa4JSzBCF8QRd4Ui+05dzPj/ztQs+X11htkxzAtmbYESV3 -pSbYa6OtLY4MJTNWllHDVy0TG8rZ7XiTaajGdgO9IJeO17sWqVfTbWiXVViMnUo3 -qbVNBhc2lG+C01uumKrDL6xBxdg2wyK2IFQK1pMuzwTy1WHwHNSya1Y3uz8u3NUi -6FMwiycfMsIYrT5GDQaUcDUwqNz3H7e4GJmIF1FsMC3SxFg4bBo7iQIzBBABCgAd -FiEE1P98HWCRXzhAv9WLK+ijrQ4hrZ0FAlvAhyIACgkQK+ijrQ4hrZ1oKg//TDcn -CXm16yjbDdp0wYXeDwqEcwaGC4lGVyLPVpLMI7kETfUG3R18cFLnfItDYLdfDbKp -yUhOFuk0rDPAS7G70ilnWn3O8Vvzj5gfz2uJIEXqpQJqPe1UCV7qm06l1BUq07eV -ZJXZhoF8HzZ+2KUrPGLgoKYOUXVOLgSfEYSdfG/ldSf2K4zwqQz9n32MPLNk+PgA -kPw6GSm7TeSV3vRkofPCG6864Rme8FTMrTk7MCqU7nhSkxUwTdY3vnhPoqYt1Yhu -fQe+8IFP5jcVWhovSPeg4tK6k9WzFliwCPj0HHdjfV8PhCtR7K8UxFD0IXwmwp6y -LoAPtaWpBIBhmFOWXsfYYlnBM+OS1iA5JP5BajPZG0rfp2+m0iZkocDmofJu8cnT -1cmUivAwHRn+T9ESJEg9uv9UkxcA1gRu8Awn0IkZxSgnFIWwhSq3/fqZld2c+//Y -76DKBu3dXGxG8BpEw4ABlCmyO/IwEZDMi5flGrHJjJY5tXqyfgfrfCwHJkDMvJbo -DpYXzpQRd5PPDlC10TAlQhgdkvp5VDd3gbfJ2G4VGXzwuEmHJp8T39HTOIqmYh6V -1W4jzvegJFBY13o08+qfoRJ2ytksOchfNMhAZRYiijL2G1bei2RPDzI1f5FuuZYf -uU5J1lkes5gdmSZpoQtWJx2itbRSfqq+HsOTwl2JAbMEEAEKAB0WIQT77VltWCQd -LB4hNMX+jIvdYjAwowUCXNbjYwAKCRD+jIvdYjAwo02oC/9aT10dD2mVo458i4XT -Js1UJeZGet48oaaCjKQFAc4VsPHCwdWxP7TadD4thBBQxoYAX0L+57Yduitt6QfJ -WpY5zRErp1MWCYRXGnEZq+M4kgiR+g3ruOtXR/NkZqXBMQoFGtL8566yzouVq81J -ApzeYHYT6cmxbfTunjdiWFIIdTal/Rad62zgOXO8QCO6dn1q+BTljlnzTfVPewGK -7//UfRnXbmGzy7Je27s1EbzaYh0bzWhjh9LR7nfAHlbnTrUaGZXEgAR32SuWSTZ4 -OUjl1uHdp8lsDZQjkYx+zpQ/bFUL73xyxn0eelk5Uj32dpv5qDDwxrlUuX3IKDua -0Sb83NvR3oplVPmd8xblRjBabkpTc44agXXPMk7Lu4Dcne8/BhRiPJu8XA4DssFA -6gzd9+4mj48m1OSx+sfWfMPlLNUnwZ1eEqgueMMMGkCQpoykv3PfHsraoxvTt/RL -4kUSYA4gGsYHDz2icHaIeYR8Z7HHg0bFEnlLTq5qmkp2qyk= -=yMYl ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGiBEFEnz8RBAC7LstGsKD7McXZgd58oN68KquARLBl6rjA2vdhwl77KkPPOr3O -YeSBH/voUsqausJfDNuTNivOfwceDe50lbhq52ODj4Mx9Jg+4aHn9fmRkIk41i2J -3hZiIGPACY/FsSlRq1AhBH2wZG1lQ45W/p77AeARRehYKJP9HY+1h/uihwCgrVE2 -VzACJLuZWHbDsPoJaNQjiFcEAKbUF1rMyjd1xJM7bZeXbs8c+ohUo/ywSI/OIr8n -OfUswy08tsCof1KU0JBGLBCn0lHAYkAAcSr2pQ+k/odwdLQSjgm/JcUbi2ll16Wy -7qFbUAUJ5xO+iP61vL3z4pJGcK1pMH6kBLA4CPBchJU/hh3f7vtX2oFdWw8tWqvm -m/W7BACE7h0p86OP2G3ZJBjNYNQTK1LFYa+3G0spsVi9wl+Ih49ImPbSsUc2CSMA -fDlGpYU8FuUKCgQnS3UZz6e0NwrHbZTHBy0ksRwT9jf7qSAEKEN2ECxfwR5i1dU+ -Yi4owkqGPhTLAbwkYdZZMcqfGgTXbiU4uy8DzMH/VhqP5wxdwbQ7VWJ1bnR1IEFy -Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5IDxmdHBtYXN0ZXJAdWJ1bnR1LmNv -bT6IXgQTEQIAHgUCQUSfPwIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRBAl26v -Q30FtSTNAJ9TwRBI9/dXHqsyx5LkWrPxyO2H7wCfXDY77HnwSK3tTqJzC4m6KuDd -RheJAhwEEwECAAYFAkFRZ98ACgkQ18PxMasqkfV9whAAj5sSzTHDIdYCmbZcumTH -limqS88m+0He6jkG5j6DjQq/xGWg7B/svG+mPCE4K/zYG3CA0G0lTgJJKQg6gcUg -oQpaiK22gLG5tjVOQRRaExu+FNKF9kvSYFbEwpn0OESsRPjrdS2RYpGjY+DLHPaB -06Y/hQvMSCh67ZeDmLLTwQFzF0RAUHtwU+tU/gnvrk7kk/yPDqtj53J6zuAf86ZX -GRlmJCTDYJ/yXoYlm4sz0E1XANrdwtUGic0PF1gJIe7ZAnqMVvRGCxArNT1th83w -uppjI4/rGrFttbQUPb0cXyXhSmNauRMiiX/lrjqjouk9DX8CyVQG/mTgjrKLAMBZ -OJ/Im3D33jOdEWIaaVAVOmOej3S8s33zcWAUYbpqg+10i3O4SfVYH88tmEnmX3mq -Y21B7fkHHOVXF/4/sCzft6Ek6E57vIh0i7PjnrTWBO2/dl7zJyZZo7ty4f69B1xU -ZNClBZPXgYWmh68z5SgyfY5/N/CmfnsH6u5vHSRpm039Nr4IFNREkamkXl2GCPbA -rkZIkqdGdrX1EfWw/fsndHqHKwrPGHXIWWboZT1ZDx48P+825fVMg4N2cr87Mv1K -7E/hgHjxJ6eeciJFic4GT199DZha+1Gs7FRXvCa+sOGP/9JuZ+/S+Tv71sIPmRqD -rr6bSBH/E6yBKz7jv42GO8iIRgQQEQIABgUCQ76shgAKCRDohqckZfvHogOmAKCQ -SaKL15jq0TvjWWrcjvQvODdgMgCfdkb3Jbsg5liM0edJohWfyhzfGIGIRgQQEQIA -BgUCQ/tL4QAKCRDk7WqA+zgH23hVAJ9WpyWCnJIHNQVHH4/V8kqaptbLQwCfQN5/ -kutAyXprjtU+W2stn2HV4pKIRgQQEQIABgUCRMoo7AAKCRD+VG3tGS5BXGKuAJ9c -XxY6TqxwIt6kTIShyykHuia7KgCdHYYlu+akh8PYBAlF4RvGlIkqmyiIRgQQEQIA -BgUCRQfC6gAKCRBbGMCBbDPfCDsGAKCO313nAlhu/FggyId7IG8yXtCa2QCguWI6 -WCp0v4jyAIA2LK/zKbNlDcCIRgQQEQIABgUCRRvO4AAKCRDgL5ttNArtqI0LAJ4i -vwtgU9g6hn6TsbejzabpS7JLAACeLKBkLfPymJXlbpCjzsav9qJdZhGIRgQQEQIA -BgUCRRvPMAAKCRCRA7V5h+SGXz8OAJ0aus80uJDxtlflUDD1B1iEcO9EMQCglMfy -ys5abo/h6ZicTp2WIhp9IBCIRgQQEQIABgUCRRvPQgAKCRALOQhgy6dmGRaTAJwJ -FCgDskBzIeqCEORLAtLaBJCLngCeJzjzf4A8G1ZhS39Y/Yk7LQYB3aGIRgQQEQIA -BgUCRRvPYAAKCRAurJaQpVDnhKIiAKDaziS1x3SZIOS8p4iVGVY43KYO7ACfdevW -FB3BLbmLKB9xsrH00safNJWIRgQQEQIABgUCRWfafAAKCRCV4getfktcl1R8AJ4x -8HI/GPIcpHNuJ8PUlJKvjSOY1QCeN8glquCHP7d9XyBe4p41o0WdbAqIRgQQEQIA -BgUCRaABKQAKCRBZgbnSh0vryCoKAJ9/KYHPBGwGuR4WR8ZWujLqIue92ACfVk5G -hTCj8sjkC2835BOmWdPia3yIRgQQEQIABgUCRbQdHQAKCRB9RtY87eO1ZT4AAJ9q -OBuspkVxj9ewlJtFPZfzKkRypACeM/WVpw+2rz7UHVAGXYZpWnqjmwaIRgQQEQIA -BgUCRfkxvwAKCRA+O+Dt/wMVgO5fAKDEdUwaGl6sd8pS2N5f+Fdm25EWQQCdE8p9 -Fsq+Q2lA2m3sbEgH3ga+zPGIRgQQEQIABgUCRq72nQAKCRD23TMCEPpM0XyeAJ9C -GZ1MNHUYsJv2ZdpzPqdc23EW6ACdEDfk5MnkAYX2i9eoEParoMRNcx+IRgQTEQIA -BgUCQp2FvgAKCRAwa1VExpE89g4LAJ9TY9lyD3u8eXXiVE11zw20lvIongCfUfLh -OE+oLMmUAwoCsCpVTxNhnRuIRgQTEQIABgUCQp2cvwAKCRBQ1yY84R14E1z9AKCG -2I2enXp7roBiIosVi76hx4Dd9gCgs21hGpvQqouLs6Oz9TbQ4COqrT+ISQQQEQIA -CQUCRZtwwAIHAAAKCRAHjSWNsiCtxiKBAJ9KL7LtkZiVNcj8kJJ9u4+QX00LsACg -hJVJpjXC5Q4EeGfyzm4MICf2MVqJAhwEEAECAAYFAkc0xpUACgkQC/uEfz8nL1sU -rBAAsLGXDeZ/QHyYfWHPrph+ALC94xmblfSu8Q/BRD09VyPimnoRtSNHZwwbTp38 -ysVU9G9mo3lgQ07HQP6XxoEDrw42sLUpnECUMptr1e66hlyvk4urMVjGEs4FCpA3 -wRuDUYuI4McpB1mRzYqJEYZ2bGl9MWN+FGEE6oFHCvJUUAEDVj7enCN1+ouKw+Wf -giki1BqPWGofTrj2G/st8hn2LhBgomCDtnb14gRSFHvINO+dDr96QjVXGg9+WSr2 -iIVeIHS8QWWOpYwgit16DK0SgXxlIMXMkcNpDosak639DF6wwRTvVoMGcr5OEbtU -I23GOdyX9RTrWCECmUctat9vprdx6e0nbYbt9jYheVBzTCMGCtc1pVSuNcsPBU3F -KZlMq6yH9D7POQPHamKcZdRhGKtR0vQadKt3bMZQP231pUMdCp9ayIMjLjjX7EDo -FO6iCqeuuqBa0quiz7Z6nAvTWkGHHXjd555iIrkTz1fgses05P9BHkfPmnOH55b3 -3vyopz53A74Vz6SutOUTQi0MaXAYNsX0A55bjNb3fm6LuuLAkOZAR1wfSM1Ecb5r -yZP+9kF6o9zSGcQ2sjG3b7pGFtQztwzXKNUCOI4Iv932IeD9O95w5omXZVahTGQ8 -NesFHdmEwq69aEGOq3E3q7Qz1pAgZsj2N+6LmE3Ln2rudKW5Ag0EQUSfRxAIAMgl -vR9L60xR65i2QG4k2CnqZhmRUaTySxwOlNqKWtokUpzf8WmqA383uRLO8W9Tee1a -F7KEMEUXgFiP7nns0kroKGLlcLbC+nEzkv51ao6Lcr5dWr0817LmlvCl2N1KeQDk -pHIAiS0LTjuEFY1yosi2ECiOan6sgcLaVqJVbEUeIaYJOiZ8O1INTAGGdpVoSPvg -kuZVKhP2uMIhYq3qgs6sB5SshEaKAGYIiH3lZ6UJUIVEuyumxpNPqkJ1Jkpo4SxI -wy8KYiQ9Uo1NPP8bmvyGGaeWbRObLPHCO+iqxHxMiE4xX08sVizxA1YLw9iwtdNP -OWkQsM9rn8W/gieH0SsAAwYIAMLzDICy2IA1wcmf5XPpg4JBFuMjeg8pIuaQZMf/ -MO2u+RlOVrIXPVFtYOpxQR9C1gCg+Blg2qQXBNw19cNT2EtSGi0HtycTww2xnIOn -aLOzq/eI/LnakdAMclaTVbNltraepkoRFE4Exvuq/tCdzssotnmAha1tzGf+O3Qy -xkIBJ6zHFTNCREGBPYi/Pe9iviWqNAIr3SPhlw7STFrVDgpne9VdpOZb3nVYYQHG -6iwvVwzrE23+84RMFENq4Dhyx9L8R6+PMt347uT8dB03PXMovOpwXX06zMgfGwF6 -0TZsmHqun/E3gE46YiME26rmUX5KSNTm9N2IZA8jz/sFXz2ISQQYEQIACQUCQUSf -RwIbDAAKCRBAl26vQ30FtdxYAJsFjU+xbex7gevyGQ2/mhqidES4MwCggqQyo+w1 -Twx6DKLF+3rF5nf1F3Q= -=PBAe ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGiBEHUUngRBAChnb3mDLFxN/2A/2m2VdF4VduvwWqdzD2AXanEBud8G5HiPYxr -y+nqu5xaiTpcwKxtjgCENd8dhmNA/uDmuoMBlZa7xLTdeGixdmj+VOce7fa6Guq1 -UOhDe/UtjDbRp9bLBhW5qDewL0RLJ1VElnl7rx1Acty9KUz3qQWtIzc4NwCgn/5b -eM2PUbQMHv8CTWf3nYWEFf8EAJSnXbfe1k8R6B+iSqralm7JJPpFRuCsI5Katcw1 -lrZW1Nm1KGTMy2yzi25DRQgQmxbhDgrjAwc+WzVLipXnNfUY1/E7XskwZeIw+TZ+ -jBRJYBRSW0u4vz4bqe/8IoRd9pVHO5By1o5wAi+WnS/2h//QYEmWlULbo6TBentT -mS7GA/9iwKv8F/nFrodffBgw4LSZnNV3dbZGIr5h/ncPMS1g+2QVchsrJyzVjOoK -fO4Gx5/h3Q8keCPaVs/7Dmq8LOIGUfZjG5MCn5rCHHMSOy3x4cU3xd0j/VipJl/b -oF+E8Hll+s87W2RxyfmuSb+BKMCbobac+x664t2R3iUqHQsZQbQ6VWJ1bnR1IENE -IEltYWdlIEF1dG9tYXRpYyBTaWduaW5nIEtleSA8Y2RpbWFnZUB1YnVudHUuY29t -PoheBBMRAgAeBQJB1FJ4AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEEYYFDP7 -t1RRrtQAn3lQd/AWEQgasJhvSuaEKE3dX3WjAJwIQPr+zjqUg0b2jRvvHqSviXXU -74hGBBMRAgAGBQJB1KChAAoJEPbdMwIQ+kzR784AoIZy8LRoinb6q2Wf+pD6Hqi7 -IMMoAJ40CFDbgnNiynFZ3GR2oJN9yHIf5YhGBBARAgAGBQJEktmNAAoJEILX1Yqw -qGAr3BQAmgMkTLx3nl6RT2gnpivlVbTLLp5LAJ9h457Bn5ltNr1VLXGu3KZC//M9 -g4hGBBARAgAGBQJElC+xAAoJEDofCI5h4RFTt4IAoJD/UQUco5ooL80k9GouG2zq -vHRRAJ40YXoS/epf8LgVbkPb4dZjemzJL4hGBBARAgAGBQJFB8KdAAoJEFsYwIFs -M98InFwAmwSyPe3rH1NM354zmWVhOXjb1JocAKDYTgJx5GevcIrcrB3ocGZb3I12 -H4hGBBARAgAGBQJFoAF5AAoJEFmBudKHS+vIpowAoIGO+EUF5Xf1hs2baKO5mZ37 -H0oHAJ4vpAexQJY+YHDqGWNkHsvIOWxpZohGBBARAgAGBQJF939rAAoJEDxjyj+g -s+iL5NcAni//R3GSb/5zCcpovhc35J3IEbVnAKCOs+PR2FkkipdYVC/9oRBMcPA5 -aohJBBARAgAJBQJEgFKZAgcAAAoJEFXlrhuO6QQREqUAoIqmXetBaIDlQEwllfH0 -s0Q+du0+AKCutoEkUCdcTw0quWBjOCPZ6alwP4hJBBARAgAJBQJEgcJmAgcAAAoJ -EJnmBLRVGFggKKgAoIYKZVWg8f2dVKm/J1NfNMa3xL7GAJ0c8M21PV5JjrN8mxqV -i6cnxLEA3YhJBBARAgAJBQJFm3DoAgcAAAoJEAeNJY2yIK3G294AnjKonrxlKETw -r/LyArS0bBNv3tmRAJ4wrnEvpFCBgMpOsD3bQ6VEsHzraIjcBBABAgAGBQJDb2Qe -AAoJENHZUgQJ6aHV1A0GALTFLl9rphqzqocobTkHOuORP8b/coYfY8H9sTZGGRV5 -YyWKRXVcf9dvAHxxXFoFSmDnCJL2IQMvwXDCtRWB3DW83cHj4s066RLvdM3Bb7oz -C8MlCiDqQMJ34ui7phVLb3ewkacAwAujzmIzJ9tFijgFV9F/vd0OeYZ6Z500U9Cc -zz5H7/cwCGV/nTMK1298m5t0ULkidupe6+U0zgWC52Wr7VBQODCXnuEJ4qwZngBN -Ld2vHL247soTtYhhwW9v9okBHAQQAQIABgUCROOo9gAKCRBpZyJzLMORIBo2B/4/ -XhrNUZwzu/SsFV/E9o31WSzOjYwpB1GsyrxGSIXCl9oGq2NRWbenl5W2J9gnYsmU -5dniz94c4eQx0gc5cVm1QbFlHTaTVxDMrcHP/348LIWxUNrvpowyO44Yc0W8UtiN -dzKcszsVdK6ksKWrYY7hE/pHhE8Lkiz26v9KRZvgtM08zlD3a6kMJRKO+7YlrQ5y -HMyIl5q40AZpY/6r2qpWwfQgOdr+5qJt8XVmngMGpaj06nsh+ZLOYGuzFYRqa8rG -wa4sNMRPwZe+2p88BKUn611DQGPi6m2Vu+UqfrsaJj7XBu398HTThOxhJnoImX2T -+RSEEHiE12aH7nPd666riQEcBBABAgAGBQJE47ItAAoJEGlnInMsw5EgnroIAIN8 -Q03TbUFG343G0cSst++9xpNWj327nFEUa/80dhnBqoJjwFKs5tyvMaX2+YvCwnBq -oTp0dPe85iVeaSYDt459A9szGuLW0CU+nXbES9jOJ0G2arl+Qd5jsNkihiQYyMjZ -93675WPu2I+4KmNZPfWlE4B7zeMG4fUbHRjujOYrmzHujeIpSDeZCq2DuNWayXzm -MsoSon0QBu2sYZrsKO162vWF1nReiqaXtwMlsqWz0fHjKaEZT7VKeHiXIykj0+X+ -+5WtPFouQURjN8MWkhlfstXqNxaOfOJH5k8+u1Pl40fpbwGUrKT4lbXsXnsCLyex -X/tSpX8f03ojArJb26aJARwEMAECAAYFAkTjqiEACgkQaWcicyzDkSDXDwf/a/f1 -T4443Hg7DFC7FnS/OQe2X3/koIAxztEK/NFdX/fiYRPPtla3vI9OlQrUCsTLeW/q -A/uM8JC/psLqzoid9A+Qx3VNnd87nLaLQtbHxDKf6R0OwRYDOwYOfOY9/Hwnqn2M -v8DcMu+qJl8P0VlzWo6KdkjoLzGaqX1dVHfh4TXoQy+BQqO/8tk/F1zd76KbIB+I -K3YyaZO47B8453RD7OVSs6/xMuxVBY3C2Xwp9LxrBw+k1B2JZ+3PWlEBSXJwKHN6 -DbZWfTVv0CQnj5cgUIl77MMDFb9hPPw/2fwM6OGT8V5hP8UJQZY+6i627IWCMY+g -SBpjScD+JobaCEi03IkBHAQwAQIABgUCROO0uwAKCRBpZyJzLMORIL07B/0cVMwF -kEzQ7NPLm4415ggCgyrc8NgMHHTzR9YmBAk0Rgn1ARZERkuZyrtgbjUY1AjZiHaA -VrNvF/DtrhWcKNQ7snBJdlU3GBVyzEuKTwtmmFsPxrFa/mWmy3S8b6SqejqzKMbh -XtG+LpSXGzidPRzcTUkWZzlIAI9OTL3Ot03z17x/hjRnvnAcOIL6gmEdPMsua4nT -BQIDxnzWoqKqO4dgW3Ooprb63UtutnioEGA4Zz5Eh9qQeRgEleoKLwpy57NZ4aae -T9gD2DX7ffYYuHx5CaCGz73S+0CPK9HrMADS1Pr/xnTMZAmOkxTaA8TMHqlWlM/t -q7kg1wm7u78NVztAiQIcBBABAgAGBQJHNMaeAAoJEAv7hH8/Jy9b3qYP/j9s/GTS -kSg92FZwp7uTxnCHUZjxbA3dzP87zU18S8TOcP7Ce2y1TI0Xbn7lUA8MMhq1mj9/ -NahdHaU8gvLuLHQLBsUU5KvCP+R7Qdns7XC27ohHfmwD1967jDSXXUDVNiyw8L0w -mgtSct8rOPpvYXWPU0gIFcJCzil8W3J7S6Xz/BmUm1gpE0ZYXBWbYot1fbAng0CJ -vuzi1UlwRGsCu+3esHI0x6URQcsibVwmsGK+Ow9u7CaRNyTxJJdnJ52JaAsqh35b -SQVw2IsBztpeerLZq/mJPOMcDRhzbpHL8M0gocO2OrjQuJN0+GXUaQa4c1/8/h5h -1AOBrQJY+YTougjRupa+Koqdd3AljxK9jDtCsKjbbIbTb2tchP0OsShrgreocfWV -7k4kHPSHMlHR3bnRRLgF4lWtrQGYWgCF4YeNQdcsw/upCk8Xar9YhM6e3sRnQzvQ -4jMoyUN2fK0TDwgjM+lWTLfGKQBrXEtfhKBKMb+3npcMKfsCwAajBIJBZX927oHh -XNBrHo+iv81KlmHQU3n32Rqvn5oqc+cbyQJMe9Va5YJEevPzefJVRkeNMmxRtQIf -m/q30ZdEzAbx8BM0qYPNrKeEBoWLKdZS2iZVCI4iNsogLB3EWgyajumC/bbL4p5v -qnIlKN70FUMxdKabTsePWdIAB2DVOz1Cx6bw -=p3ci ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBE+tgXgBEADfiL1KNFHT4H4Dw0OR9LemR8ebsFl+b9E44IpGhgWYDufj0gaM -/UJ1Ti3bHfRT39VVZ6cv1P4mQy0bnAKFbYz/wo+GhzjBWtn6dThYv7n+KL8bptSC -Xgg1a6en8dCCIA/pwtS2Ut/g4Eu6Z467dvYNlMgCqvg+prKIrXf5ibio48j3AFvd -1dDJl2cHfyuON35/83vXKXz0FPohQ7N7kPfI+qrlGBYGWFzC/QEGje360Q2Yo+rf -MoyDEXmPsoZVqf7EE8gjfnXiRqmz/Bg5YQb5bgnGbLGiHWtjS+ACIdLUq/h+jlSp -57jw8oQktMh2xVMX4utDM0UENeZnPllVJSlR0b+ZmZz7paeSar8Yxn4wsNlL7GZb -pW5A/WmcmWfuMYoPhBo5Fq1V2/siKNU3UKuf1KH+X0p1oZ4oOcZ2bS0Zh3YEG8IQ -ce9Bferq4QMKsekcG9IKS6WBIU7BwaElI2ILD0gSwu8KzvNSEeIJhYSsBIEzrWxI -BXoN2AC9PCqqXkWlI5Xr/86RWllB3CsoPwEfO8CLJW2LlXTen/Fkq4wT+apdhHei -WiSsq/J5OEff0rKHBQ3fK7fyVuVNrJFb2CopaBLyCxTupvxs162jjUNopt0c7OqN -BoPoUoVFAxUSpeEwAw6xrM5vROyLMSeh/YnTuRy8WviRapZCYo6naTCY5wARAQAB -tEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMTIpIDxm -dHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwECACIFAk+tgXgCGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheAAAoJEDtP5qzAsh8yXX4QAJHUdK6eYMyJcrFP3yKXtUYQ -MpaHRM/floqZtOFhlmcLVMgBNOr0eLvBU0JcZyZpHMvZciTDBMWX8ItCYVjRejf0 -K0lPvHHRGaE7t6JHVUCeznNbDMnOPYVwlVJdZLOa6PmE5WXVXpk8uTA8vm6RO2rS -23vE7U0pQlV+1GVXMWH4ZLjaQs/Tm7wdvRxeqTbtfOEeHGLjmsoh0erHfzMV4wA/ -9Zq86WzuJS1HxXR6OYDC3/aQX7CxYT1MQxEw/PObnHtkl3PRMWdTW7fSQtulEXzp -r2/JCev6Mfc8Uy0aD3jng9byVk9GpdNFEjGgaUqjqyZosvwAZ4/dmRjmMEibXeNU -GC8HeWC3WOVV8L/DiA+miJlwPvwPiA1ZuKBI5A8VF0rNHW7QVsG8kQ+PDHgRdsmh -pzSRgykN1PgK6UxScKX8LqNKCtKpuEPApka7FQ1u4BoZKjjpBhY1R4TpfFkMIe7q -W8XfqoaP99pED3xXch2zFRNHitNJr+yQJH4z/o+2UvnTA2niUTHlFSCBoU1MvSq1 -N2J3qU6oR2cOYJ4ZxqWyCoeQR1x8aPnLlcn4le6HU7TocYbHaImcIt7qnG4Ni0OW -P4giEhjOpgxtrWgl36mdufvriwya+EHXzn36EvQ9O+bm3fyarsnhPe01rlsRxqBi -K1JOw/g4GnpX8iLGEX1ViQIcBBABAgAGBQJPrYliAAoJEAv7hH8/Jy9bZ2oQAKT+ -lN7RHIhwpz+TuTrBJSGFYhLur5T9Fg11mIKbQ9hdVMAS9XO9fV/H4Odoiz6+ncbW -Iu8znPsqaziPoSEugj4CrBfVzDncDzOOeivJI66yuieks53P48ougGgM3G2aTFAn -s8hXCgSVBZd4DxMQwR9w9PmuXgGnsVIShsn9TrNz+UOSpTX2F7PGwT+vOW8hM6W0 -GpaUhFuNVvi4HAGcW3HgcDy/KuKU5JzLKdUbnGey5N+HtcTYq+KbRBHCpfG6pPNj -RIVdl/X6QcIFDaUO24L1tYTnvgehQnkz3GyLkeqiqmwub7sTXYmhUStzdPM2NXGb -PVQGNXu5tyvuvLAc+JTrn4ADIjDD35oY/4ti+LcCkuyDuzU8EWcMbG/QqF3VH2bU -I0pP4TFIkeLWkMO7idOCOf6+ntvQaGa3BrnRs9CemDKaVyWwjNJEXboS8+LwBpWm -Nw/idWgLzf9N7XF1+GfrF61FeYccltcB1X8M4ElI/Cchvk52+OG8j6USemCOL1OS -irbYqvj8UroQabVUwe90TZrboOL06Q2dPeX0fBIk837UXRDJpzKYexZvWg9kg7Ib -f9MYuodt5bkG+6slwmbN7W1I4UAgrIj4EhlE9wsmdsMc2eNXk6DOClN8sseXPx49 -0nL623SQSx4tbYpukzaEXREXOQT2uY5GHvDVMv7biQIcBBABCAAGBQJPrYpcAAoJ -EDk1h9l9hlALtdMP/19lZWneOCFEFdsK6I1fiUSrrsi+RRefxGT5VwUWTQYIr7Uw -TJLGPj+GkLQe2deEj1v+mmaZNsb83IQJKocQbo21OZAr3Uv4G6K3fAwj7zE3V+2k -1iZKDH/3MfHpZ9x+1sUQPcC+Y0Oh0jWw2GGPClYjLwP7WGegayCfPdejlAOReulK -i2ge+mkoNM2Zm1ApA1q15rHST5QvIp1WqarK003QPABreDY37zffKiQwTo/jUznc -TlTFlThLWqvh2H7g+r6rjrDhy/ytB+lOOAKp0qMHG1eovqQ6lpaRx+N0UR+bH4+W -MBAg756ter/3h/Z9wApIPgpdA/BkxFQu932JbheZq+8WXQ3XwvXj/PVkqRr3zNAM -YKVcSIFQ0hAhd2SK8XrzKUMPPDqDF6lUA4hv3aU0kmLiWJibFWGxlE5LLpSPwy3E -d/bSvxYxE+OE+skdB3iPqHN7GHLilTHXsRTEXPLMN9QfKGKXiLFGXnLLc7hMLFbt -oX5UdbaaEK7+rEkIc1zZzw9orgefH2oXQSehuhwzmQpfmGM/zEwUSmbeZwXW82tx -eaGRn/Q5MfAIeqxBKLST6Lv8SNfpI+f1vWNDZeRUTw3F8yWLrll8a5RKHDvnK3jX -zeT8dLZPIjGULMyFm8r3U2djKhIrUJjjd89QM7qQnNFdU7LR3YG0ezT5pJu+iQIc -BBABAgAGBQJPrYqXAAoJENfD8TGrKpH1rJAQAJr+AfdLW5oB95I68tZIYVwvqZ41 -wU8pkf8iXuNmT4C26wdj204jQl86iSJlf8EiuqswzD0eBrY/QNPOL6ABcKvhO4Kl -uaRiULruaXI7odkmIDAty5gYe04nD7E3wv55lQOTrT7u7QZnfy//yY+3Qw4Ea6Me -SeGW+s3REpmAPSl+iaWkqYiox/tmCQOQJK0jzxTcYyHcLzoNaJ+IqANZUM8URCrb -RapRbm3XxA9FeD0Zlg77NGCZyT1pw6XkG7kLlE4BvUmzS/dIQkx8qnpJhchLQ20l -xqcBaT1buRTxktvflWPeVhPy0MLl72l/Bdhly21YcQbmbClkbWMGgLctbqN25HwH -8Lo6guUk9oWlqvtuXOEI31lZgSestpsCz/JvlfYuyevBa33srUoRTFNnZshGNzkT -20GXjnx7WDb6mHxwcpAZFCCC2ktfDwd+/U0mU6+02zYHby6OIjRHnAvbCGhz51Ed -PfE362W3CY021ktEgu9xYpIGOfREncrjo0AoOwqoWQhEoLG3ihF8LMUryVNac0ew -srGY7gxFCnP+aHtXzaa8mMW8dkWgNwi6RfJfphrgHkdgKVjKukkIqRrZrDoD5O7A -18oTb3iMrBKHdSVZp0icpmAHb0ddBNlY9zun7akuBrVzM5aKuo21l/Qs9z3UK5k4 -DjfegedFClqpn37biQIcBBABCAAGBQJPtvp6AAoJEFdZ81ABqkpkFx8P/1XLWBTW -ICR2GxtKOA3877kX+IQ7wDcC4i1tcCAT30+0YHt/loM+NEkpO5VUbYTI0VX219bv -Of5rAoc7BgzEqPYbvEsr0Tlitqy0Fg2/zLkacWb3aeTSstKgE+7MYTYDqzr9ZXm4 -8AFquPtqnQKnh/SPB7Pp4gLmBM+9+ruiPQsGQdFS1nShJs+QJU2PJd5GcnUBP8mf -wcbDlwacUL1Vue71+yWeJjY01oC48tWuY4ojK8oMpqFGgfO9Arg4B3ZIgrJD05TI -vSz7Wolh4GIqXpkq+ZS/6pBOdMc9duOHUaABrbuNq2Ee8Z2xWMU56UIrDHozBr8Y -BFrM5kEuJM49tcJWj17iHnAeQe/2u0KZX6zgSwJ+9qqVq/G5XW6mA2BCNkM3eaRW -WZYI+yiD9iZaGuP3jJ2uACvFIR+tq/C3nC42P3Hr0EGkBPldapCeEibo1hr8XqMJ -utwbqfBYrBaXEY3lmGbjRQWYgGS5NUUFQcfUGVyrH9ZZxQVQFCvn7qkFKMpBy4Sn -5HMtwD/p91W209h/cp8pzdwEh25Ev3ezdxgb11JugZKqwProrghwyAPFrUdoLPs9 -jVUn5esLtnSqcxgVcogvPonfcm+eEyoAuwNChf6E9ZpWCMKYKZW8tCo/+EI2/DOx -+GiE015gpR+Og9BxhYNL9yZNCJfn7/YzkvnFiQIcBBABCgAGBQJQwv+7AAoJEB9n -UP08vczgcFIP/j6dDiOoEApruBfJLGJ0LSPq0RFKX5+HCuyrL+iily2kChgmxPsK -Z+4Letv38GyjeHdAAhAxhO3j4EXG3KaNuYDkDj/2FhGcLPALIcMdQy3aPyvWtdz6 -kFLo0PBdgYPvGj14zWvdBuTM4aMunfElrSRe+37U/s1DImD1S0wIzyMmrbTmmYn7 -XfNft21EDkWODx/BgkrMBZhNRGNHTjjBzk0McQd7IIr98vYkKLGvQmv8TbXan0qD -jLouTty8A5HoQbC4SSGgLdslU9rij+BxBErXFbZzTTyAaRK2K8XZHt8oPoEHZafL -ZzzE8Qdn7r6BCznjTN0y69DPMWlhcO3toBYWsGUbbcae3O/yUJ/McA0LCfFmbNLP -S8zAM/QT5PQW/nxuYFePshTkDZDmICRH+5p0fwN7/pJYMJfVapQuLPChMJ2S8Y0U -KaCYwgaG8FvRB2u0HIbfwIVlCSbeJ9NCjGY/A8R1p0BFIEbW0FvNqW66RP/9uN9J -4IDzQcW9nVKR/WWFmGpKtJTAk0Fl0GLGNicKfEU06ugZCcRYqKHniekTRw2Lm8Wr -v7gk6UGg6gm/mzfTn0q0WrRNgR508Grh+yZEh4WgxBCbIl/4x7wlCvahqmvlngBc -EobYBSFwQ09tp/nyMHBxnMKWzOkkXa9AgXpwB9Xvb7KpfBrjehWaPvdqiQEcBBAB -CAAGBQJUU2gvAAoJEFy5uzsSFmSKieUH/RALTTWRwuFq6s9yyBaizaJZrzO59U2l -nExOgqZMGl7qwVnh7Xy2sIHjjymmdSYc8oydOQPMWV9eVmcwgbgeNfvA28WNX6qL -5fSRULXs+ZgY5z2HJu/aHUk2M589QyUU2Ml3w/s4RW+CcWJyiARB7YGkLr0fPYh7 -BiMWZP+/svrPtaJmJaLp5vJn5YKkCBVXQcZ4vVB7Fd99goBhtIgIXjPGskJNfd1P -0Ao+1Cdy1B4dmXypGjZCsJfRb16q5xWPhIk+Jp1oM1CBw8j0apM0BmtmYLA+5vZb -B2/hQ3stHJx0ILTdKPV0y0QIXueEgrbHE0ZQIs5g1Vkj0Qm3/wdYRWyJAZwEEAEI -AAYFAlc6KdAACgkQoPIT8UbrWB+6PQwAjHCozOCX1n2lVF68Vcwp99knfVJlRZJO -UEpU/Cgj0PydLduDT4FhDykiCCu4qtVwyReE/6jbTro73ZXJiX23AF21a4UuA03T -EDg9lpKfsUXReKJRtVT5KApbac5kxJfeUpx5YV1r8sovOL1LISyJ0Vl1s9g9w0HT -ooDZypnpHoKaBFS0SUMv98pSbNZhDjfvmYbOeVz6+heWUGY1yoNC4aR6iS+2LlAM -rKIw3JYh+fXp+4PRdUp8RygtxRW4YQ0qt96HpVxl8d6G+cWKcnEUMjhKGH0G59HG -9i+6/mIi+uJkniuLvN/e6y/QaZofYuuzRPHGUksEDB8/3AJX4jp7iisryEIHZbyF -uuSCxGm5+eHZ3PcgwjhI8jw6XI2rd3HB0vqo3gheQfYUWyiFUm0DKKx+3HDB/gmq -RVqQnnil+d0qhixmAyiuVcs9JLYQEcZ0dLF1Ur5INPGn2oxzRjMcaqV9ROmscMfH -p7uYsY5PupmQ3/OB1vWHuPlJlZvAzvBViQEcBBABCAAGBQJatwXcAAoJEHkYry3T -dFwCHQAH/32P2DNWWoFV0sF+zNzzwee3WdgDA1A419PMcYyhp4JHBoYTIQjMJApW -ynXEsoUq0QHlzA0DNucagUez3IYvFRxIjtoKLOPv7bshtOGdBWx6qRX+EvI8tv+c -DGNSAmBvSU60gUVuDfoI8j35VvuaE/XypntTTUTSRJD/iCRQQGz3XkQr5ET1kYAu -bPSNgA4VTRlijTXvwlOY+wAI0C0y0CHz2XxSFZwldqy7asYEr5xA1QN6mCkdQLFd -KhXzrpcQOxmp3bCd8eK8w6kKLshFkpfi3z6tq+UlNDdUnVpTt7BjAPC6lSwcoupi -cwSJdIiYbCVJ3sDAF/loKd//+8mvGu6JAhwEEAEIAAYFAlq4ggoACgkQWIStaHln -tpfqdw//YcivUncPnpblTye1R59CkC/Uf4mYL9qVDWbk/LXA7d3ESBTQ9VDcVWeI -kAe+lL5o30Yb4mvKpD+0XpXxMltApZ6HmvfHIWbxxo6q8pVfI5NTM1Y3pX4IlGv6 -nOf2s7mwLPFjA/URGn4FO7VY5XXF8NSfal0c+I7yom81t3uZIZxUmOtN+0hHH1X2 -2O7tqafe3kBiV32Rz4hQTj7WoYHlzt/RElZQ81PYjkE3uksFfZJW2N6iU+zSlG6d -ulU7kEXot3lD7L49utRA7QTNhHsEyDQN6rE9wE9vvCJXDJuCLl+DRCGzh4UOiSDJ -0wtVqulaBCLh2ImclDfcHeJA4MgwaU443YD3PuYQD6uXg9kIuuqNinkHRVjKRU2V -XLdfL35LTFdZTW0dXa48NRbIr6ZX7oXNyxTSbceWhbTqgI81O66D3oW0nk3U5Rgr -2k10NB/GdamZy0+bxWWRRcVBwJZz0iCHaz43LXdwK3eXuiDl2nQixj7pzFGLilUk -E2dxnNMlG9TgqJq7x20qp1CWCQoVRZvyMLOyAZ6mVL/WcAX6N/F0yc/ZXjEkGKwW -Jfqrnv8jqhHMT6oVz8gD9dZydaiS9/nrmG9nAX/jG1X3//v+rxpUr3WbA+SOt2lk -wS9j1GnXKKIrvZHYpjCkidnrDmI9rvW8ic/lz2lVkM//YiG2QBKJAjMEEAEKAB0W -IQTP3lhs0NlLR3oYgY4qYhaY0j2SOgUCWtrHJAAKCRAqYhaY0j2SOkd7EACl9nJg -6v9D2Iehv8uaXzJYL16BH1XqCVhWTPQmLAGe/qJH0oDYB6FQOyVueOEmxB4o89YG -T0XgrJN0qrBsCRRpOM8kvMMBftMivvuURqKo8K2aptGa0xEhUqeuAcpLb+VldUL+ -/4OriRbkQMhCq8xi4UOm5JHtWmn2l3AsMBNa4S4soR+fn+ZTQ+ED+TbjjyDOAMEt -cFT+KTisuElIxPfCO9DMrAFg6Letpkow2XSiq/8sN6Gzua8OmDOXxWho95T+MQwH -M+KfoHPWwfRU06wPHTTaqZJO5l1niNmnoJoQvVXuRZbsa7sb40o12qaXSJynnr12 -rJav7YQpEGXYSZ6KwJh0EdgjAVHYbsxeSekZVLa9694rgfiLqZlyESf0NS2lXslr -k6U+VtyhvzsQ/wnfp5BaOnm3laCM5aaJJMiU33LG2M3qTIaEApPtiywBzCcjW+EK -1G4Gg+Zar6mwQz2/HE/adp1iVzSzDUbdOspl4asNP5l8Y/cmBg1jIiEwUIA+lkJx -ssslvYvC51cMpUGODlzbeYFPU2ZPOU3bRV2jjYOfXFCwuSx9oUQlY0kZxroMjUy6 -Z1skz/hfqyHXKOp5kYkTFJEKFFQmnMfyDtLGMSR8wuR4xFTevOkSUzzCl15+zalD -pSw+oRMInE04xjSJ/aSRzqUS3Z7HSHyVUf6BDYkCMwQQAQoAHRYhBCbC4mSQ4cKZ -mlA6JV+x60qkZkGHBQJa2t7PAAoJEF+x60qkZkGHJjMQAJlsZbHiGRTObj2Vs3si -NELWkY5OlmkgThwNjSL4zx1lBHjbFIfgiwIjPjzMSiPaDb96dD64duX3H9sYfvzV -hatl6QkQBYdY9m8Cg6kAAkc15D4Sqq5/85lhnHQ0UBXIFNuPoxfsKFlCdhxaGz9K -NiwEkfB75H4vn36NvJS9/ozcTcyj/3Cj2eDhmUi03FqlV/PRNhCgty7xbrFoNIlN -qFn1m54I90zy5+WWYtdi2TUXDcuYocO/vmRRHkTBNw4Z6yKaRjdBdQXy6FFOkr0q -xxHS4Zze4Lo7e4GSn5lEpAE9VAUgMHfyx70JFNIhdoRNGak/EKiAO57H3Dxqohnj -fCfTiUNgWbkvs5vduIcCHIqcq5HnMfcF3LT2NtpSCUPsiZq0kWOelYFYLPakmRww -xSOQZZ9OjgwgwgaJtDyzhuuzpiy03e10miadR5qe5D70iyGrmYFOxehqKjJS/U5w -JZfAtpy88BGwl/k33LfUAAVtgh4a6+J3o9CooIGSeFKgl98gHWcGShiAJ9GbYOgB -7lw43aUXsuVJxolN7JIgcJ3d6BTqy+2YS7mQhB+NHXXv+VSQHwiD+YJ/EJG/Lsc6 -kSlmwQdH7eU7LBlDtGaClCJV/PZuYb9w/k7XjjBksWK9pIyPqywMlYUO+B3o0GCI -/s5SCp5iIf7hYOIWSGXoAE2+iHUEEBEIAB0WIQQVwbaStxLcS/A8wbrJcu/9t7Zq -igUCWtrhwAAKCRDJcu/9t7ZqipG1AQCMeZdmq0NrLGwlgKnUMXlaI6FfcbNSmUUN -BNznqtsn3AEApZG67GhDNYVJlfwd41N5LPZF866TpAuQneiP38wdFNqIdQQQEQgA -HRYhBBXBtpK3EtxL8DzBusly7/23tmqKBQJa3OnRAAoJEMly7/23tmqKiyIBAN08 -khmetOd0QZ7ukwK49PBPhPIatOMJdENhPZpDrR1xAQDiD1TR+AV5KXPMdLrriPvJ -7x7tb8qua1baSs/JWxM5y4kCMwQQAQoAHRYhBNskc+jgZQ59A+3qnON+2vHrT2C7 -BQJa3UzIAAoJEON+2vHrT2C70VYP/jcSRw6YRMSvA8vri3T8KwPna0Zh+p7Ybqga -F/wrI+WAK5dJaQCqgKoZ/8013C6+3zgMQTudSIAyMZ/l42WybvjrjCkxCm19g+Du -jbA3FVC2zAlnRj8XBmA/KGUCHuouRC+MjXCfCtL2v7dyWMDOH1IYLnd7ZSAdLY5/ -zTMmwZl9komdfbNqGjRY6VacNejSDZvKmwWfA0/oLmKcB+DSsmDq3/OrKbsyPcub -n/Z34SjURzi2mrGLWCoRjya/Apt5cvxWMf+YoDYZYqgRPpUohdrRZLMAEE3eIqef -bjCI7BgwlokQB5JX5iIHnaTz+FzwSayECQjeq3O35nXuvySNtifTHsBDw5LTazRO -Q8oVdAR3oUJnwg4TQvg772PWgSbiZKjJfPEeMklSYWl2RAAXHogS2v8gFG1SJAHs -I8iRcBdtMVDE0JcCxf+2ZFSX7QBFwhbaI/Qp7V/lG2B2UgBjiaGbcnJUBLNOr20E -eq0pSN93EAD31keZaVcpxf17WdRkvoDcgCWZ7vpXhKo1dUsiPcmZNSbqs9Td6X/t -/5q3lHi40iTclIRwUnICCTgpb3acbJd/IujUZ7/xkSxA1S5pHLCYqaa/jOrgrbJ9 -XmSyyMaJ6lpAGoj/uQLZvpnc9IgtYZSKmL+7VSNCw+B/yuyAksn74pYS+WV67bbG -Ywfm20bNiQIcBBABAgAGBQJa383ZAAoJEJjkF994zXqqSN4P/0+xC8O1ZG6NIGCd -d2FNiSuj9rtyjnqvBy/+b/p/5RJEjSQuT0nqH5jaVIVT7fZ9xR/RSf8He8qlFL+m -w69YG67v5xp0ectHy5PsCtMFarUUrussIUre+1MRvVxAnd70XK1+8ZJDFyGKMh+i -j0NCRF7cyFrUvakWvIjofhqnVf99ysMzOxh3mQgCZKJzuTYOO+rPOlc+2Otdtr45 -NgbjVp86PjxO3yPCFPOaCMDuRPS5jpuFWIqhwIfQXuz+5Ghl7NrA1Vvj2Ef1R9Hj -CoNpIRrmpY51Qs1P9JIH7gwQMJJmE2zQspJRGInphVUJ6eYbRtn/bEkyLj4IrSKI -tQjyQN+XRaNqtyZYekW2hkOWfp+k5htIWFi7V6231K7xSsjByw38qkzb3TjN0OiH -9vt0XaJKIgDYltpAhAT4h0XYXCUlC2b86johax3kEra7DJdnNGgrZ37IcUaYafpG -yWUUFqQpel7Ca/yjjCQuMiPYy9qXxizZvyiZmey4ROmV/d1nUoieMIj4eA4cXUUw -C3k3Qz9AjpMjGasILf7C7eP7w2W/GA4OjuM0dqMC2w43cAPzdLSIezIxsn1eGB2y -2nIVxmOKwFnecpGdWTTN2yEwa+M4f+rRi/EDsJ00UWqFaCVFPJoF9w2jG6kZMl7M -vwjqJ14saedkWwkOIHODgaAJF7Z/iQIzBBABCgAdFiEEepI875g6dg7J2cQAp0YQ -1OZ6GfAFAlrg6WwACgkQp0YQ1OZ6GfC/hw/+LN7mnq87KjDoEn7fK4bn+BicLd84 -jvtlDLFmYi0xMxnzkpiM9B1Hl6fcaFPclV/P1KiqiHt+CVDZZ/3h3t5IZtzGDXgl -VrAsv0vcSvYX8EDw78xM9F8xFY6ioY0J7rKiNOrQr+7JYaCjS1SEZRr/k4rgimRq -5BofNnTbB5eUHuu4anGev9yZ3NQoVfo7YsvAx5utCMwTkcWU+k4FOXWnv/U0959N -lynyrIe1E48WGDpZmqxPKx6LVPwBDsH1ErVRuxesamLDFssMY0JdUtqiHZMYZCIV -Y1rAJ5+PibRJInDQKBDLJYKOCelqnI4qhXar1p0yjvh0Y1WwOj1UaGs3aEc/W9bX -H9PiRCHVLL4vpce/uPvk47jfNz+8YNsVDiGW6RVFjfZJO+/6AGp/sQbHLqm+d8n7 -igCpxpI6Akk2mxWrdCLeEaXCohqumCEE+rzAppe9gp3Zjrzdl/oPAv9HkNkMpSUR -cCxTx1GuGtXuYD5uoC5QSoaSxRJWQGnqjDjO0CTJzeTtqUkHTn14kQfb0Qan/iBq -hazM4jGhN4qwa60b7vR5/Py5ZBtTaXSgclCo9i4Kv21MV+V2ABzqrCSlqozU05Bf -O+kkvN1pXAaiNJ5CKyGbQLV+4ejohhTNSKh1HOmd5P2jLqvxpa+e0N5MyZL+iX+y -6qPLIHgrQd3iqrKJAjMEEAEKAB0WIQRl0hoYEF6X+7Tnc3Q4dy7g/cyrxQUCWuEK -TwAKCRA4dy7g/cyrxUNJD/4pRuCNIJ3vXGwx+3ftoWZaoVa3w0F9NdrNYvMOl5BQ -ShXi2bDNHsvML6MMiJ32rLdje8j0HYgZgU13+n2CpZk6/iQKH6Ms45xLJFXIjSlG -gtvyA6BEwKSbsgrQU6rh8piO+N1aXOOeijA1KIem6RkgaNwGqtu1tql5TNAHFu0e -nvINJa+mQPAUVWYveR5SdSK2H8ek1ofXmrhu1Wob8nAWt1AyYXg26MY/gL3ADFDO -EEEHz/QSp/3kXmo8kc0UEkh5Mjfh0BSuMzOHlsZZ2roGRIxHqPKvj+pSmUcUwunr -GptwFPSLlEVgM04JQZiUjDi7gkqYDyIhHil+3M1KAOGRVhvj9Z6hkDkz75MFurYm -OuZoy0eVA+62a+/eE6wbwknk9nUBKwUsLW8CI6erLX6QmJeIO0+q8WvgTzmIRuCn -cG2WIWi2/Gu2WYcnb6kDnjq7YZWaMB58J76AuQ4tPzrcvC4GxdarwmKZ9YDXUWmj -nNBmIfTy3elsRmsDKFZOQzYqcOliy3xcxjffqrdLSeBkSmGNShX4JWX3afcNKQUj -gQzUWYiegXbDRsn/5F3oPZORuL9xdkFNmelkbkuIO7QN97fM0k27+QUPYKYpMeCL -OgNRftHLMsKE40jrDgI3cbaRPk+YCwCijepaJEmi+Z0kiVtsn1q7NosisfcHi4os -rYkCMwQQAQoAHRYhBOo3i3WaAPFVTDbA+cz9YQbz6POhBQJa8Ll+AAoJEMz9YQbz -6POh/XIP/iyNCmMeBwtPSy6HZqnUmxyQ7uRPkCLGBUa1ox1RxmNID/R7ut8RpSin -uZ2C2ww+zOyH1HKUJl9hT0Hs2xc8rNdAsMKeBWfhIFJ+aFkRFxg3VlZ3c80jCfyd -8cmaC1lQxhcR/jtwQqCuoUxwRUwpqttqWB1UShx8DhYAQYWXKH/rKfdI3agmzP6G -J3bpl6V6g7Bc4XNx/CCk4Xz6HtReZMPzprtqM5rDgj8aDkNovWy4yupV4c7otd14 -VfYbCjHKQ8OoYdyNaMef1K/hNkQahZT7doUQ+LoKCKA5W2H/Ve99UDofQVY6Rcpv -5I4F9MD/mMDmLaD/AZZTwSNlJiVH0brgLP6fQGZcZFKDyyx/n2NQWz59Z+02c9F/ -BwZ4j53i+xhL2ERsa9iiElv2fdMY9vtkxdaWcJsE00gUZ6p8Oqela7+XY9V+hPnd -evBfdFXH8+YoYvec8nOa4JSzBCF8QRd4Ui+05dzPj/ztQs+X11htkxzAtmbYESV3 -pSbYa6OtLY4MJTNWllHDVy0TG8rZ7XiTaajGdgO9IJeO17sWqVfTbWiXVViMnUo3 -qbVNBhc2lG+C01uumKrDL6xBxdg2wyK2IFQK1pMuzwTy1WHwHNSya1Y3uz8u3NUi -6FMwiycfMsIYrT5GDQaUcDUwqNz3H7e4GJmIF1FsMC3SxFg4bBo7iQIzBBABCgAd -FiEE1P98HWCRXzhAv9WLK+ijrQ4hrZ0FAlvAhyIACgkQK+ijrQ4hrZ1oKg//TDcn -CXm16yjbDdp0wYXeDwqEcwaGC4lGVyLPVpLMI7kETfUG3R18cFLnfItDYLdfDbKp -yUhOFuk0rDPAS7G70ilnWn3O8Vvzj5gfz2uJIEXqpQJqPe1UCV7qm06l1BUq07eV -ZJXZhoF8HzZ+2KUrPGLgoKYOUXVOLgSfEYSdfG/ldSf2K4zwqQz9n32MPLNk+PgA -kPw6GSm7TeSV3vRkofPCG6864Rme8FTMrTk7MCqU7nhSkxUwTdY3vnhPoqYt1Yhu -fQe+8IFP5jcVWhovSPeg4tK6k9WzFliwCPj0HHdjfV8PhCtR7K8UxFD0IXwmwp6y -LoAPtaWpBIBhmFOWXsfYYlnBM+OS1iA5JP5BajPZG0rfp2+m0iZkocDmofJu8cnT -1cmUivAwHRn+T9ESJEg9uv9UkxcA1gRu8Awn0IkZxSgnFIWwhSq3/fqZld2c+//Y -76DKBu3dXGxG8BpEw4ABlCmyO/IwEZDMi5flGrHJjJY5tXqyfgfrfCwHJkDMvJbo -DpYXzpQRd5PPDlC10TAlQhgdkvp5VDd3gbfJ2G4VGXzwuEmHJp8T39HTOIqmYh6V -1W4jzvegJFBY13o08+qfoRJ2ytksOchfNMhAZRYiijL2G1bei2RPDzI1f5FuuZYf -uU5J1lkes5gdmSZpoQtWJx2itbRSfqq+HsOTwl2JAbMEEAEKAB0WIQT77VltWCQd -LB4hNMX+jIvdYjAwowUCXNbjYwAKCRD+jIvdYjAwo02oC/9aT10dD2mVo458i4XT -Js1UJeZGet48oaaCjKQFAc4VsPHCwdWxP7TadD4thBBQxoYAX0L+57Yduitt6QfJ -WpY5zRErp1MWCYRXGnEZq+M4kgiR+g3ruOtXR/NkZqXBMQoFGtL8566yzouVq81J -ApzeYHYT6cmxbfTunjdiWFIIdTal/Rad62zgOXO8QCO6dn1q+BTljlnzTfVPewGK -7//UfRnXbmGzy7Je27s1EbzaYh0bzWhjh9LR7nfAHlbnTrUaGZXEgAR32SuWSTZ4 -OUjl1uHdp8lsDZQjkYx+zpQ/bFUL73xyxn0eelk5Uj32dpv5qDDwxrlUuX3IKDua -0Sb83NvR3oplVPmd8xblRjBabkpTc44agXXPMk7Lu4Dcne8/BhRiPJu8XA4DssFA -6gzd9+4mj48m1OSx+sfWfMPlLNUnwZ1eEqgueMMMGkCQpoykv3PfHsraoxvTt/RL -4kUSYA4gGsYHDz2icHaIeYR8Z7HHg0bFEnlLTq5qmkp2qyk= -=yMYl ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFufwdoBEADv/Gxytx/LcSXYuM0MwKojbBye81s0G1nEx+lz6VAUpIUZnbkq -dXBHC+dwrGS/CeeLuAjPRLU8AoxE/jjvZVp8xFGEWHYdklqXGZ/gJfP5d3fIUBtZ -HZEJl8B8m9pMHf/AQQdsC+YzizSG5t5Mhnotw044LXtdEEkx2t6Jz0OGrh+5Ioxq -X7pZiq6Cv19BohaUioKMdp7ES6RYfN7ol6HSLFlrMXtVfh/ijpN9j3ZhVGVeRC8k -KHQsJ5PkIbmvxBiUh7SJmfZUx0IQhNMaDHXfdZAGNtnhzzNReb1FqNLSVkrS/Pns -AQzMhG1BDm2VOSF64jebKXffFqM5LXRQTeqTLsjUbbrqR6s/GCO8UF7jfUj6I7ta -LygmsHO/JD4jpKRC0gbpUBfaiJyLvuepx3kWoqL3sN0LhlMI80+fA7GTvoOx4tpq -VlzlE6TajYu+jfW3QpOFS5ewEMdL26hzxsZg/geZvTbArcP+OsJKRmhv4kNo6Ayd -yHQ/3ZV/f3X9mT3/SPLbJaumkgp3Yzd6t5PeBu+ZQk/mN5WNNuaihNEV7llb1Zhv -Y0Fxu9BVd/BNl0rzuxp3rIinB2TX2SCg7wE5xXkwXuQ/2eTDE0v0HlGntkuZjGow -DZkxHZQSxZVOzdZCRVaX/WEFLpKa2AQpw5RJrQ4oZ/OfifXyJzP27o03wQARAQAB -tEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMTgpIDxm -dHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwEKACIFAlufwdoCGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheAAAoJEIcZINGZG8k8LHMQAKS2cnxz/5WaoCOWArf5g6UH -beOCgc5DBm0hCuFDZWWv427aGei3CPuLw0DGLCXZdyc5dqE8mvjMlOmmAKKlj1uG -g3TYCbQWjWPeMnBPZbkFgkZoXJ7/6CB7bWRht1sHzpt1LTZ+SYDwOwJ68QRp7DRa -Zl9Y6QiUbeuhq2DUcTofVbBxbhrckN4ZteLvm+/nG9m/ciopc66LwRdkxqfJ32Cy -q+1TS5VaIJDG7DWziG+Kbu6qCDM4QNlg3LH7p14CrRxAbc4lvohRgsV4eQqsIcdF -kuVY5HPPj2K8TqpY6STe8Gh0aprG1RV8ZKay3KSMpnyV1fAKn4fM9byiLzQAovC0 -LZ9MMMsrAS/45AvC3IEKSShjLFn1X1dRCiO6/7jmZEoZtAp53hkf8SMBsi78hVNr -BumZwfIdBA1v22+LY4xQK8q4XCoRcA9G+pvzU9YVW7cRnDZZGl0uwOw7z9PkQBF5 -KFKjWDz4fCk+K6+YtGpovGKekGBb8I7EA6UpvPgqA/QdI0t1IBP0N06RQcs1fUaA -QEtz6DGy5zkRhR4pGSZn+dFET7PdAjEK84y7BdY4t+U1jcSIvBj0F2B7LwRL7xGp -SpIKi/ekAXLs117bvFHaCvmUYN7JVp1GMmVFxhIdx6CFm3fxG8QjNb5tere/YqK+ -uOgcXny1UlwtCUzlrSaP -=9AdM ------END PGP PUBLIC KEY BLOCK----- diff --git a/fai/config/package_config/UBUNTU_UP.gpg b/fai/config/package_config/UBUNTU_UP.gpg new file mode 100644 index 0000000000000000000000000000000000000000..86214bddc4fb442695e7299beafd16c242db4289 GIT binary patch literal 18331 zcma&OV|b-a(}ufZ+qP}nb|%Thb~53_wr$(CZQJ(5nn^Oro;=_8?04RMZ2hfutn2Q( z`t0heUezlN7!FjS%I`Z6B48)9OPW<_Vb>dEKqT&=rC4GlqgK<~ZjN&|Ts#;o75?O4 z9z625u(Lef2Hu0p&XSs03B%$$xd;eq(?7y%57{xvp3dNz%o~bexu^&?XI~ z01yFBZv>f5M3U2X&aH7pB+9RHoj})oEz-)0J2y^=o%#9@Ft{C>mOJ$$xyrb&tJGBH z$agTPSH*AED^&$iBIdxq6AC#PnOnG+5DGav+1VI4Sr`$jSeV&b*qRZ_ zn79#AGBYwUQxWo-I@#M8I69d)2s;1sHF_gE8~!k0PEZseU;r@~@F!ZpI3VCKP>>KH zz~E?*z);XIpy8A0vG4giX#_?FrZ+Hw|%25fc zc`urLVKVq>+`2A2vyjn=*M+NF#(wF!hmUJ`kUmZ{cRu37f_4B9cuem+v%VsulNfSx z=ko2}d5YDmtux@06+vQryU)n> zVEIm6LA+=|44Em{Lb{-W+`Rq`U>38LhIz~=nW1x_ipc=srr)A*q;}IY5Q8l3GeHWoGK88|wdMBtgHCM?m_`PZSH^5B@~bx{P*FAjJOXebil3sN;dVoAMO z-ea1Te=UGm>?<)Hp%MD!$;oz6H*pxcmdTe&n8E93V+|M8Lx;plXnUIfnn)V^nRFGR z(s=qUc*Hy`lX&|)(-tm5Bv~Mo7#VZA7}loBoNT8otL^n70yh1p(8{#e3-SXW&++lr zTYB}_9^WNf^;e|fTtgaV`GKFD*zRBMh=-B9)WU#qK@tC;1OAClnBgZLFt33=0u&5i z%`6cCh3|>mbGV`QB?1X;+2dSfbr&#z?B`+bIegvStp(>3z*%H*L~o6)74< zzd(Z~fu(#$Ktb#yuz&bftqW9Ar;Hpt_FKNe@s~(^5!(|+!*HKK4VN7eOHm_sa$?}u zDD|JMxImd-zwO%d_E7I99%fEZE#YLE)gSJJG!3p+>}QA~^%vc?7v39*2I-_cz6kY$ z!4<)8_&+uUo^(Ux3A?duT1Uj4=a*a4+jXGmgykvGI6B?4vwh3pQw3-9XltRl>a4~6 znRt=o3qs5|u#=AY5n=eV1vvgkKnEKyk{PVE-E67O5`pO=iL}BVlVsffa_m4y*n&UT zdw2H6ths3mc-vgVY<4Ph`WLd=$aztncI5m08}OuJ4upMYbC{_Qxyx_PKg}*Ms>Iwv zaFbVnmV97$r6k`dh`Qxne(rU~6d}9oM>D9zhc~a5|9n$!N3>{C?Ynl8OW(-de>j87 z;yZfqL?*rWUerMxD`8IcK)2IEFb=54@mauZ53xCF1Ana`>o=Xcw2|BsB&-bmiHs%s z3`6cRfV+0^B_VejTE(+|Bt-z9Z{Fc$!zoqx`xmJWZd@BWsAaU+z(h=tP zFBX)nQ)wBBR3KVS$93}xi44S9>Sg8Q3v#o(0ITop9M>E>)TE5^F$XGKoARndNt`lT z6??1RyD!}p(Y1RMZ&eUy@|?hB^92w%UrM_Rxs#LQMh={m2r>v_k{J;Rud}P%d!9p{ zyn3M}`Jr_{Zj1+2>7TvAY%$U*uF-YiR{9?g-X4w1u%9PqVfBl&CH)lV5s6%l!*AX1 zsYDQXxdSlDR6#=Rwu)He4fi!tGtdm`66Iy+6JrMG23?=#d(fFs4gz1s@F2d&lsbA~ zI_xJgt<<3oYTr$AED}%}ri9js>pDz0w#w3~U*>tMIya{yR=-zDK{{%$%^;XpL*x)x zVhB;>wd1m+LF=U&2~5hON}Fz*fi2%#eRIo;%X#2px`A}B6ryZQIPG|oTsb2-dF(P0 zF*#IKfE&6ei>TK0v`Uo5ptYT(FjZCAMdf+;v$kHC0 zIj5siKey%A=)wA{Fr)jwqDOejCmt&Uw@ek(agUX;h=BBWpl6w{=|Io%+;_{82HFf| z*=&6ZRB<1~x(B8TzRed9MjP@Z!g}0c#3nv{#O)P~lYIE#%>sf8(+s&l_7!_P{zYwt zhKlW177jdlYvhECbQ7tV9`Y0jbsYWgZb={sRs2_%;ATDyA7e2sBJiMA1^7~X$uCoL z$Z5WORNi4lg=L|oBd?}VAhD!XBr~X+Mnszo+;HYOp`{?2iZiI9)Ei>uO13sDg9u{Z z`LL4VUs?6j#`r7-iVktwU=rnlx}+Lpo+X84JqWrZToM0{3m9vn_Br^n|!+=k`A$eF`cnf3?-#gWS>7 z^rNV3&H$ddvrBrSAG_$Y^7>IFjU=mLW;!a)!G*FRloIXfp~3!=>S^x~i-k()zb>PP z0O9>xj$Eataf2Pgjy{^0RU#8+1Jc~_L|BDvj}WDabPHwMuS~!>itvaTL4nk(J0H&SaV;l9|Q&5Oxweplce>JSCT9^x#d7 zEXm>RQB5fiw9kBtG-;gh9NT^;V$fP;Io|&jJ(^$KKk@jYd9MgmE^UlKfbgL)i@C zga;gUu=EM1Q-)@a%dok!5go2)vJLy2>9fV*eEobb%GIO+J4glhZxgrH8z9TpSIaEm zl8}cOh=#L$;A7C4u9uE{J{WMJIpt-iJo1@XGPxMCZE*)@Ac3)*zTtrs@Jz)nwYICr zSF&t!cGhLz*1M%@qi_8}z}`>gNfozkI=00i`oioY9Bzf`n#qu_lmSoVTG$8Aky+IMnjs>Bs*0PI zOnP>KZx^#dg`mH5EMv2g$xoND-*gM0+Bb2^ZZs;X7}Z zR7stU)B-<++22^|ewqg^=;{{{LjE^(O`9*V%BQn8 zI(`Ay*nHoothT@pC-(~Ivu??%NOfPm7vHBui1i<3WFcor$g3KU)52bL?)6%1MB&Av z5eWMHr6<8s;#EB6{>BO zBFd%PAX8c2kJ?p_UYk}NMGqi@kL&@(4VNx<-#yfZmVRqH+2g7wByTyDl zJHupQV1Id;i;iAvf@3qBy?K47m@{b)2Lp9$YCS(AGug}XfO7bN{_bh3|0Sj#^$;%h zn2=QBHQmVv#N$0)gE3{vGLfG4CXX>I{x%AgDmS$sJox789E4RPZtzZTkO>s|HpPN) zq^SVNpmT|!7@_#`?ANI>+jh~9->o}RyT12ALtR`$INBh{%9^mDg|Sh}{WFZ0Ac za7Rn$f3^$*`bDgTCcMwBW>`ab(7n#KcGO4Mjt8T{V*NV^f+Pg6nrB@zt z^bn`m^y615<_TX2`Sm)U6gx`}p9mT1>X_@mE2o&9|2IR2P*9;uze4&h0=`fWa1wOm zkDmIMnWlVGvi!5-JF_GILP)ePLc`y?6g|*(y!?F)8bcvk*pv&>l({RT!KEE8D4txWZ6`H!EzLfGwzc+lZyIuSN* zQ9e3Nh(hX~1o}6Rpol9HPwOvflFUK1d_ZW3S%(2-{_CDE+*Grl?#aDFxfQ?AAZX`< z1w`7HPVS~GdljkbcB)NMJ+D!CDVvDJ%PUH&zEP6QzGcyE1St3!AW#uQ(zKQ@*^gla zew1#=xASZzjfHu&0CbwHg6Kiy77#i4lH+sg#OA)|D>bS9qJ;ixF>O4UvaOuyW}str zH_pJ>B|}6THmB*_u*x?ew2<$+HlB8d@1G8;+9)N$@I0<;y=(x_ah(=C?WX+$S0V9r_EQ-YFi2(8rsj=E(#q)6N3c02gjP`JZ4 zRAx?TOfT@0x#1^<_IE?#mwn@GnuyMw?F)uki*y3Riw4o#VPzRmSOS4f;4k~!9^o`J zqrwm-ok8t~{(}~6zxLKPp9%XpCGU8-wWBIrzxB<(lx{=n3O%8Ir3_NG0imq)-n8#~ zhbkA-ip~CB^lOVcnAQ}8vRZ9|kF*&PY1qlB&RMxzlJ&M^JS`PpG3oE zFasK{Wb`^T?ZNeB2T|i*7MQhr8QMGY9dGkTCajS%u)dv?e50S3E!+#_9p5kY*L0M} zyJ8O&InjC1*pEwcBgR{-QJ9rG;F{hFsT zS|*uGWryW3XicWz5{P>$6`o+74mH|+bqXR6R@qi<*6n`hKp8ass91c;{tkat#Ss}R zhiaCVN=vN~;HEu^7B~Og&=EAuDKyoZOlrHg7vq;X)y~K3SPk~oUxkHMt3ULodo%*8 z%-zhIQ_fuxJ`6@{lwA?BlaCZAnj~_BV;L5G!crO5li*Ab-frv2zRR~`Yw<`U%2Z9gkb9MsAW(Z+y}B$b+1?g3 z{Nfci6RIfBzntfHG`%y2tgd*kvKlSK(Jlk#6|cU!ov-p^KG8O-U5zJJ?6k#A0Clz=tJ_VcK4HwZC}aWT0h?G`--ZyDJynsPRHI@P>v=%Y2o zU#^0tCQ#>XMv{XX&wXRqc&Y=ogBr8t7LPD#*5#a735K1^(k2u#hD_qbhJ<>P9p?!{ ztoS+TT3QOv$&E|B3Y?v|!^jMz|@C?-QeqlsnQF*ei# zWf!aVEZc*Uy$jLcY5!nOz#eNV&I1T8dvsZnm;;d|yk{o>Q z=b4?X1kyiksVbIcTyx5=_@L#;YiO&1Pi09NGBfbzJUyP+h1*z++u6 ziQo9mM{$bUDb0E#OUYsJCS(4r5Qkh(H8Ayd_vMQAw-ka)#v`PY` zv}!x4D|LpY+T3-qP2=}7qAbk;iQ<8cu1I&xDxrv9eKW6z2k`@HrzBR3+pQ%jH}a@B zjC3?{$6RdKB5IEs7f);3!g5>KS^r9_zz_C_MS*-|P53a(xOP1jm)&@B7E$(rX zy$U#iG*6>va&R~!Vj@OGU;bp_Z}k&oT@n2!Uto)bqT#hS-24<&Ocl7~HpFxaq5^WX z6>HmQz4AoKjHIxJ+hL<*+s(d`&ivG?AX=e3cZ&-{L5+h(RVB|Hxr3h{W+L_MKm0zZ zy4`t(tis!$qU$|XCQ?MppN9gODaSd?8uq&|Zn_A0D|U=n`bNokUGxE^;W{#KWxXMzn(@3*C(3X?M^M6eKzCp+MPG61jy z+aW)4d9}}dnn9)$t0LMc>PAcf#t%wOVHaF2906%|TF|%~k3(;U9Pg;k#IE_J& z#!C32eH`#u7sTn}974`ucc)77@m;N9)9sTX`+Qde5zoCjIMVhT~Mg= zL@t4HSY-l;rM^7bBb&UI`B(>@6boS@`kHMF4H;XlA;7rdnH6y-OwVAOjZf_B%1|Od z!qOY#jIxvbG-#g+({LGwNMcQLru^dAY*_?=+4$pQU+lXU%$DZ*#eY}MP1zyDGXs~# z^re`~&_4yb(&pSM!l*xz8V-~D5l?8JwRMVmK5>~U(-s>@5QXP_{Yy2L05ag0zYk(u z5B&&t9F=Jwgv8|$4=t8Rqp5!)vD({{twE3dyZlNtqj8;KS7BsK1ubk+5d2TP(^>t{ z_i1J5Y(t{=J^g)jNt086Tz9B5C?XQ%KcNP#uQ|R2c~j?5eo{RDHPa-4K(zX*LDyT-q?8?UxfUzeU4`-;Lf@%I|p zAay+5HG%g6xjfH2@Ls>YP|)xA^SWEIqo2?H*D|M$@XmoO0iP;5SOYR~5#jVk19D;| zZt#-5YFmnp@kT>(nWqWoF7bIxwlX{do~d#RP5R z6|j31Rm*{<*gOekCN6*ht}j4o0*rr7FUk-ZWuF5*|J2jspwT-`po~fH>S02NM;Glg z#X{bf<`o~7<<($`&8l&xp2>DP50^2X0hR-za7u5O39&n0uYbOCUqRKu%r}vd^W?fm zxhTQeoL(29L5&nc-UFQB=J2M@^pTp&j%8Si#GgbNv_5Ct06>)6CN9abWeoj+$(S65 z2oe9~m>43f@cyUvjZ|eI6y$b=W6QDgRS#)YGsOaaugF0Bf)%U0$T*r4sB50ESwB3A z@K2s=qh&wxedE$G&s%(EDP;o-7f}EPekk(#2O+ABGAYmxlF>MO3>zlJ!Pykxp^s)` z)s#zsSU>tY$ph7;-Vu(zi!#6{EHA^sK^3$?zQzXBy^2b5#}yIqyeyGs@r7#Ww}(5JOCwf2ce>LJF?_bK;s$!&xWg*upl zCS%(uLj5dP1GzAof~O9LX!jZjhIhLcpCe?^C{lU_sdIwVb=4r1%O|fPf;p)V2#@h1 z)Slvj8V#K4>l17zw+V@fgdflgV3tj&)fcox(%Y{pNL|{3S=$fVRo=JpA{a#B%mn!{ zBEq7&o1dax?-C^2^c9biF(eOwgn zEIg&~5D#$$i^v#nief!mAFqTNb{3=tb#{y+zV=})#Z1o+Sw$S$1bHX8lOk4N*+Q=2 zF4i0@lI)#Rc#I>dq0#ZBs%5eIR(iB=0`9F`c4LckYW6hb>D5UmUz!-On!GL;2>LTb zY*m|#494{BoSVoB?-04U12)Bs)ttu6d-R)ls>O@=mJ$?C*< z$}sI(4`o`~k5e= zY;6!wB96Ft?2dKwC#dY6S$|UVucaph;hlE-IJ<_2n(-9bdxs|Y50=)n0fECwfORsvsv(;)W7m5cn4^C>8L8EB^QoF!ahOX8d|h54SlAaOTB7Y{C>rT$eLXyA-Qf`E)ZajZ zCrUm;6N`G1;<B9dGDQ`2BS_%mOA5}WgY%5ps%z<+ zmK}?K5A&%%FPI?wP9wCnUta$=H74`en25S5uZ<^;PMogvyT2zZhW=2q2d(f)&A%2A zDTH?_@!crGtZQv+rdQX?JX5Va^_Br4FShk5!+ZFYSVd{H{k7UD{E1110@%>3r^*&1 zkI@IbP%J+=*B3AUqBQPzQfPt#+Jj6PQnk@2DslgfJCIz_-olJ}=vkHWy}Q)tpIchm z2if6_Y?L9zXIO;ho8aXeP0eL)va=BAm-yLtaAY;bf;XsYrVMWQ%Fe{i1S5sZAuH*v zwo8^cclPKlip&Pz*-wWBe7kyK6{it}AZ8wrOMV~fTJpwCp(0DVF>~zAqE@r8gd`7Z zuD64WMoN_4)x?}Dr%9mppIu;Q*rPr~B#P;?$U_OGCPs30_)DiE5EJ23d2dch1NP$7 zaSk4{^J2MJt`or8o5{J4%_k(1K(3mtuD4Mtar&hWpPYecz-a00fJsU!=)7Z7Q$l$Z z%5SZ96}UphcT4PTl8MZl->jN7Ln!RZK(e_z43g3r@jWTJecRya1h_Xl>A{DVEBX!7 z9(`AoEDADbO^F`vw$7}@tw1Q%-YtRpkGYIv>U+< zqU1d{!Q3BsAb9}~%<-)`j$a`a29O_hu0<-9|0|0$?5lN-RtI|oaosaSL^y5L-_)FQ zL^!7dZq;Pjdw)&-HUPgrz0dnY%}ty4CpG_Cemne$HBrz;_z*A(GV~#)Ws4cOu~&x* zvBbk*;!Op3O2bBy2oE0ZJ4i*8C2d*$8?gM7KSCBA63O)p6oh_kVDMJ12-fyzgPH9S zDtnu2B4J>1sH?j=PLV*pW!;XY!)PiFV<5fr*bC=Y=gHcO$x@YXSZd&@O5=LMqXUG3 zQYd{csGcRaO35eRgDG6jQi|LIYPI(qzr7I_?s>l8FX|c(+!uFPvZN3A3t+>Gn0HyX zj-RXTO`kSxeOG(Jfo2*P87MW_j4~g|S*+P(7sU=re02#z{Mil-nalOn;6v@&OOcyE zNS#}3-0m{GMP@I_v_{MVJ!3(t%#~Wx>WgMNK0zOPZssNe&!?J<-m8 z;cInj`2a(u(9kOT0C6*+D)e#!{S4^clEDq`V!f3*M~49Y<`VI#3S$HX0dqfQ6~8zf zc%nTUW9jBIK}#!US}2B+H6z{ppa!QkHqYPGEPi<6>Bs4D3id2T(3}=j!4p+wfdPN* z4I%!d=3k3BHNuB12L+T{(*@-Q+`3a=&^7{epd)xNOqlo=;u-b$Ns=~DxkvCVJWqS& z6VC_{{T4mA`m!-edGs^ZN|s)kx{i4&GcB*_+pqUAsRT1tVT5AmMZlJPm#R>@=Na-v zi)hpfElI{nYr%e=1nl0cMKrvIySc^iO3w21pgBl^S)O)B&J<5HkvC z{shFnabr<+$Q>qaKN#oT_v6%X?_p)%s7_XK@i0;+UVT?iKx33!=IH*ekY7x<6l&`Q z(S75maLj?Gh0P%OoV!2Yp0Lz_u2Bp5^8we@$V(3)kVff84eFrc1Cb|re|9~+FG5pM z8K|#8s!Fo%$f}`cAIm}fG9ee~yO1Tz8jkc%iCytLxp7|aao(Nn?byQ7SYr4MBOcbf z!W=TGBwzc7Y61pe8PxU$mSQ#xYlxBpHK;a-y5;vvTGCeL>&NPK?l}16mbSI{4Yufj zFHj;?Jt}!n@^l=TQWhLywtKLenTo=8o5Otj5-Bgep92ecX>Dd zKtjJx7*NCic?|V>scEA@ibso2#5(jI8L?%^$XEadti60-^hwRX7P(TG4=n{9JOqoR zf@sf(pat?NRkCAo_if(1V*kiOFraC)+S~rVr8i3&PY;1}#~SQQ7H@sM#Za2Kr?UnK60O^f=Npuw=`-%hIQrz4Uorlf!~ zxAk36&c^C&9Gs(^9-~6M2GKY*0lgQsv&Pir#3uDeV^bt?AG%Yc}xuX;$hv($g=0a z5$zI1UzRR%DgE~WSZu-A;>f}t#~u9f^#YuQmIs-AF=TysLhNA(1ipNGmr%DrPqVs_ z0P!JYHyQbA%XDd%3aT`qd{80L904RyKnMMVcx~=0)6kmVwrB2kCv}CdXsyY4Yw!BA zLBH-Rwa5&2*R;W*AHnOX@_2fCzaH#H0z1vL4+K8kl~Yoy<%v;1OaRkED*s;I$>XoM z*f7pzy0C3@LqelosF;MG>Ug1&Q z7sRaEtdU|)=`W(tC=VIbwBX24)oFC~>xG8INTxo`*GaHLkpMio#EXJ>(T|{^K`CUM zv1UpdIiN>u5=S8DNb7J>o;Y612tg@DTo7sX`tS{xmiP_nDf^{^`B5i;I!O(dHJQe9 zut8UB$v8V0KqmV>)UjhuV0HQ$dH#R(J^tS}JcjCmq96eS@WFsT=lMVVjv#2jARy?# zfAu;Frr6eqc!4#MP62XM`Vb|bpTFQ&FptC^YBk)BUWQx)aHJHmvu zQ}1qxV|_8TJ1gVqYIYWA&bYi5%d zLe)aS=|-IodXkyfS0C(8d*BqU6#aSOOc!SuS75X|f&1jQP%IDxGbu^wewh-GTEEZ- zZSJ>7^T<^sFUrl}E?uM1a?Y){%qs||%X z%;%_@yCDCJ56%a8OcngycsIH}0?@0;nKPPU|GdqTg=C0rp@_z9lpW*L+2D2mO&`^u z-7?_PDZ;T;>QRGWhAvg=SkJB8$VTY$7XE(mQ^dHBC=V_%splc?GW7j~-lHNu&>yN_-Y8T?7dX>bXt$?HfyNHHKcRw_SY zCG~uc=RnhPGx~vnlS7{wkmDl$Ox8hotPwePB9)JpGmg81>Gzk;tIXb~&f%q{?<*(7 z#&#MH%hD(qKsIp?jK0b$cd&OtT}#1K@tI7$ z3;>W#n`=yWf0vqcWE)#BJzVpYuVaezx6TaXr%oJ5lUvAPu$}-sAPc*FhP5^Jw)xAE zBI6^3Mxgz*C=(zzapZ1%TFW+O?<_S_J}a3R+lvtKzjTB@bzrz4^(RV9vCtC$nNX;d zAoYTdMCbm9hcdwP>!7g_*??>c&U+tUUL17;86S<`VLWu;KwEkLrKA6;LtmL3Tcmgr zm`@DIU7sdx8gWV^JnSq9O~O*=+$@Iw0myN_SVqO`qic(xB=}Ze_b@-4!+g(x6sj+Vqh^bz9xz!bqSEoF-lgx8zRu+rAMf{pUqYv zmSqk7mrgDa)u)c8U)y|$%*7}*G$6-^%5MhL8oUi3U1C_ho%x*jq-*sLRr2CNj0Jb2 zhcI>=hbYCG3;R}{f9W*h;eG0Oi7)eB9yFQo0{}UeoH&)mV&7s`Y7;ZW_)_kvMI8zO z*({GqB?!$m{EK*s;5xw;TJ8lI;D71-V(R(S;pf@C`~X4oz0w2Z4m!(XW9wGBjw`Qj z>;3#o8-0t7 z_v(m=)sus%1>^=MNfop8AHjouH@lm*g(akTV$%BSKvsfvIO$X9-@a|sN<=_yT?*W> zkDzC&m%&VRsyCpv>i{bw>7n`-p-+^L?+eL(x;s)6iG&#}j(pbJ_>k&@ooRuazKHyY z;CsrjA4m;6du0=e2=>@+ZSvEZ%yi_&>&qxr%oZ0=%Pr%@GW=PDr7%T6T+d% zxB(0J2<(Ka->|y1eW=&!0pJeZ@<<)3BsRlbn<ohn?dhZO~E z9*acqpmVfF14!sOSAGbdqF&`gmsGdsYRy;V&osMd!YpVBh2VYPI>|O9ZbO;*vRik- zdiWuPFENwu7;=*Qy!}>M!tV;wjW$zQ-FSo|Ob2UWkI6pt0FwPRa{1ZYHllsMH}+Ui zLYqKxO7vT|)mXy&laPDC<~-IQdp%Q&UAs8?B1;SG3gr?oXEbEb))Ue0Z=P-YMnDk=!$O~6^$&*v4p0hPaIbfsd5uJmRC+iZGUbV{Yi}^5Fr7h zWL*R@7qUthsm+46q^nftrdV-Gg?BQz@QLf;TI;0BnLD=@+1Px)?)ZX#ZcVjo;=EMvOvKuN#>HTyYa_r)F@A_{X~XU z=l;``5Q&w6;^6>O$WX5%vmz+PAkhw*;^72^a$#q3Y4bf=$pHpvLsCBFC^_B_ob71uhH3+8L{yp&oyVkU1Iv2sk95 z{~p%2e$|()Z!G7?@hre!2>pP>{ZH@Hajfyk2jgY+FD!ZWdJH}#8~yWdLIlFgfZU&0 z`s;-lpqp%u11hUB%Gh)eEfgpNaCMmhCFTtc70;n>ZR>Hfuny`8Y7HjM&Dq7$NT~9l z!>{G~ zNZEOAuj9o%IZA*70_tJ&xYK%ZK^9rWN_b2jT z{)vQtBF`rkz&Nm<0ps7?cvAzA0T!iDXY<3u@8S*%t|uKk-$}HU1(54s$XxJ)O##*& zHh<{VedyTr5yR=9>S|H>`=9D6FRSYqw(c9pZ{H7#X0^HRY8y3umRXa0zB*-t;3u9q zar=CcRugCE9hq8T+}gdBHqn4UwjI1+BfbuQ-bsweoDPwm*} zO^T-?9*=a9>~kf{6X0lVr5v>kqB0a}qRDO^HF$y!n_X10&t+g$BpjR^fZUw-uivL) zlp102KY-=Tp0k1i(LO){i6uHM+sg__rv&-Z7y!tm1*ta z$0@shBM#JgN|NA-by$wJ2WCjlVt5MqnAMj`P7>ZIDC~3hP)Va72Kg}Tt$4%uHB=p< z=ZVR<+nAQQ*h(AT)T;mtkggGx> z|7SN9TFlM+1o7Y9{d)S(Zt8H;XddqJQel$w68nN*+Cex#3CL!JRNU})G#vk?xoPZ@ zo8UF-KydV*EI~AWE$UOpe`P7Wwp5>H6BUpSLMq$onynkBU`|m?bEMWdL7y!H$T2v` z?#oHDVee9-`&PYKEc|iL7x0%(B17G$4mSa0w80*dN{j!WZ2m(D47VVil3|MU!IB=w z`n=Og>Cbo!+>w8u>)o`X*@|rJEgQL8k1_m5=TG+hPuB8p_ME8=$N;V9ySyM!k=@B= zNi#9v`o6K4jtj_Ll?VQIXjWq%zFCQPYH#{=Gs@*NYx&>mLM#`^?Q=Z;W_87pfLy=m zpJHG~u8+Y}8Ri9TX<4rX(hz`bhC+xs!DN1Y`*SQKWBiFxE^7sJVis5;ddUQto;p_<$tmk zQD5b>|IJ#|j;e8@&p?roivYRd#X1*4=DtUQvSdlO4-KOHE|>g(-0EgOQbh`F1vu(9 zeIrhiwX-t&zY-u(zkbvIl}bAXZB)b5Afzn)GyBjcYPq++vsBA^C{*-Vhg$}_hXGl* zH&ab~x>C^%o*CFl5hWCZb%3q^jOtG=b^3qFr8c$!+03QcohFo`H#K*6z>SU8D0bUx zae!>b>Te8%ihjQ1^0j;$B1NLLo)_k!n|}`Z{->O?GsgdP)ZCgfDAZZr(jpuKM=_d=ooj7e37{9IVA_y{ zVnZyP6YR^JPuCW_Td=!X7OTo^<_y2Y^)n-+iBA>_^opHlMuwAO8?no|?!^)7G?@R1 zNyVk2A}3=?_8!!JB~~^-j&7?4x2yGP9HlALpwG_k>3IzW>3FC_(;Iw>deo$yj*6s$P^uj76qgL@Pgw`AFjCTNDM?9crdXvg z97{Y}+n?FS-8*EOhv53A*(6kFg2$fl1#z;fZ|1|Bmo}(Qas9eDl9?wO(^0Hbc{R$F zIkSNW&8fPuwy44&dJpAAB2WP)p7!bdLs~3jw{ePhTJhPc43-Qz`n8#?3f=*CGBhQ< zbr#&h=)GdST)ppskZb+@IN#>h*)$sjyr}fy+=J*>{ItGR16rV^)%b8VwqEPf4{wD9=DUzbLTOct_3+rOSBir1`GE7@+=vDmdl{b>NJH=vt^sN(6&+S z8gVcw=IH3!vv3Rn$I}Bu5%_RY2=f z`k3c2^Eh(87b5s&r9t`+%1ih4$Dm~=-SFa+77()fqK3KK1FAeMg(m6m-&07aNEVLX zUz4hMwdjRJjW`C-5Y;9>)J!9HIy1M1Q+y1p(s2>iJP2nsf6z53FJbx>FAqM6;gHVXiOJ z^c?itoQ~e}z5&WivwBNsjC>OGBJ|*do839cYvfIAPjUbGbZFKCLhOjMT-FXxW^;t_ z^2i`_&KVwjA36vRIK1aE-)syQ zsR)Cga6!-AngE9O)^&acAwejO3$sN+>kk6X6DN@$N6HN~x6D7(z@qxsJgFW!tsoEz z7xBW(E@!lqfTSGkDIMM6n$^A7>}E+RVp0ed!#sWrfS~ml@V*JGy}_RDCEV&72n<09 zCG(%tH~$FoXNt*{#5R)ZeJ2lIhy2s7_h0U5{O1bGzl*Dj2jVxb>LggK?Cg()iHvBr zV@Tit>dl)~SX`%jiDhz7C{}T(M<8@jahbI74t-lT%tgqxP#0hI20M(K%WAYt%0-@f zdnp$+jz1S|CS}4EU`$iLA`I7Qy_*zIICa_;mb-H|P!8|u&UMo#rr>a9@!@XDNuir@ zNdjWzWxJ+Zc|!ERI+hkUzii3a zHh(Wg)aNwg7Y$jDb;ATrI)`R}b~tI!+$+vjSOr;Sd-Zz4Z1r@5$_<|Bntv6Hp_#j2 z1k5kKd<;8H8bd`Vpss@qPU4rTC(c|}v=OdAb#(N=ec=)O?lb(O8)a_z~cLD1+ zIZv6vY5Vtn59=n`C=6TgBSi#QX6&YP0Ux$f z9lRo5|GO(%Cm8S{)WeE?fkO|WwI7%E%~zok-qs*1+Z~atDLR5n?6kEvU5x24$__g; zoG*3;&M_*IkZAqF(^Q^c9Xw=;?%%KyGc>4B#5J_hG7KY}y=o}}1jD+2>@P{#i&_D9 zTyEDou#OZV2~7~&Xp`3(cJm&o!&Cq(Z5h45 zTxq7Bmh2Q*s#oA%@B&bOArl{$E5AMMSu6aQ{GKW4WP@21x92tNnw)fM#}k|}U|EkP zts{R?_xpRdJ2i2MC}wM=CSZb$mzKE{(Mj;z8x+>EfT_xoK=7als%7PMay7_kV)k)D zTD(Cm*!1W#|KH6M``LEo4rG+u4`?DxPQ@AWBQcuu00{jh9zNlb;+wQTRqEHAzV$!< zg>n66?a)Fn@r`V?bqcn(oWvS8`~E8{j^^OVnd6xvYGDvoRvWdmy#&mOeWh^^)Ja4u z+4JZ&b0mS@#(he>SdF-%9G8jwokst_I{=l zaMpNgui3LjEf+=KMMhtpk)P~XxcfqA`3K+WUY~bMm9Obo&Yp7prow{vjFv|$4dR~I z-+Xdd*!zoI;PP$WGkdZOcxM{QP7yjf)$i;zC)cp)e-l~tCe6CRqIr0V=UP6E^w0A< zzkX6T{`Rid{2-}kVOZcl3xf-E76vG3A-XTv&%$VzRJb@(`lO9cG4Qa1ZACT3|EJDc zpgfIf`_Ja3?75Gd8qYbi{4B`I?sj=)=X6& zSu)?4M5VSe|5!iIJqLOQk z;&InWPa~cbpYKoFj$IY4Nm;h(&XS&GHB+yC;F{ll=IfqC`X&sE zK5WsQ?_+RUn^FJA6YfKI8o4|*l64}##)k)TDewBf<5`NA!( zW_vmF;3ruY-u&D7-N`)x+NXBJXbBeZyZxH|Iry4r^mf5HW|2~{dI#QEpTGRXL9kLI zXmNzij~Y!o?e#OZWM%A0nl~XK`a|Cl=B1i@erPd&kyZ9CRS^DS?l;l#v}vtdgM)YR z3&Ty%Ed^WUG$qy2e_nL)-+Y(Jkn3~LZq{oS+n<{D9_iR4@kKnLTA#)Hz2Hi(NnG9E zmoOH+xgK|WPv9-CpHmX$FAI_ROOT/etc/grub.d/40_custom </dev/null; then # makes the journal be saved to disk. mkdir -p /var/log/journal @@ -30,13 +31,15 @@ sed -i '$a kernel.sysrq=1 EOFOUTER +cmdline_extra="$d16_cmdline $fsf_cmdline_extra" + # luks options, see man systemd-cryptsetup-generator # all i know is that with luks.crypttab=no, swap still timed out on boot. # and with rd.luks.crypttab=no, it works. cmdline="rd.luks.crypttab=no net.ifnames=0 $cmdline_extra" - chroot $FAI_ROOT bash <>/etc/default/grub + + sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub sed -ri 's/^ *GRUB_TIMEOUT_STYLE=.*/GRUB_TIMEOUT_STYLE=menu/' /etc/default/grub sed -ri 's/^ *GRUB_TIMEOUT=.*/GRUB_TIMEOUT=6/' /etc/default/grub diff --git a/fai/config/scripts/FSF/11-iank b/fai/config/scripts/FSF/11-iank index 93c227f..8a33d6f 100755 --- a/fai/config/scripts/FSF/11-iank +++ b/fai/config/scripts/FSF/11-iank @@ -23,27 +23,78 @@ iface eth0 inet6 auto source-directory /etc/network/interfaces.d EOF else - ip=$(getent ahosts $HOSTNAME |grep ^209.*RAW| sed 's/ .*//') - ip6=$(getent ahosts $HOSTNAME |grep ^2001.*RAW| sed 's/ .*//') - gateway=209.51.188.1 + ip6=$(getent ahosts $HOSTNAME |grep ^2001.*RAW| sed 's/ .*//' ||:) gateway6=2001:470:142::1 - cat > $target/etc/network/interfaces </dev/null; then + cat >$target/etc/network/interfaces < /proc/sys/net/ipv6/conf/eth0/accept_dad +auto eth1 +allow-bond eth1 +iface eth1 inet manual + bond-master bond0 + +auto bond0 +iface bond0 inet static + bond-slaves none + bond-mode 0 + bond-miimon 100 + address $internal_ip + pre-up ip link add link bond0 name macvtap-bond0 type macvtap mode bridge +# no iptables files exist yet +# post-up iptables-restore < /etc/default/iptables ; ip6tables-restore < /etc/default/ip6tables || : + +auto macvtap-bond0 +iface macvtap-bond0 inet static + address $CIDR + gateway $GATEWAYS + post-up ip a add $internal_ip broadcast 10.0.255.255 dev macvtap-bond0 + +EOF + + # I'm not sure ipv6 works well with the macvtap stuff. todo: research. + # anyways, other kvm hosts dont have it enabled. + if false && [[ $ip6 ]]; then + cat >>$target/etc/network/interfaces < /proc/sys/net/ipv6/conf/bond0/accept_dad address $ip6 netmask 48 gateway $gateway6 EOF + fi + + else + cat > $target/etc/network/interfaces <>$target/etc/network/interfaces < /proc/sys/net/ipv6/conf/eth0/accept_dad +address $ip6 +netmask 48 +gateway $gateway6 +EOF + fi + fi fi # previously had an else condition after @@ -61,10 +112,13 @@ fi ##### end network setup ##### +# note: systemd-resolved + ifupdown causes networking.service to fail in t11, +# https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878 +systemctl disable systemd-resolved # rm first to remove any symlink rm -f $target/etc/resolv.conf -if ifclass demohost; then +if ifclass demohost || [[ $GATEWAYS != 209.51.188.* ]]; then cat >$target/etc/resolv.conf <<'EOF' nameserver 8.8.8.8 EOF diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup index e26aa26..11535f1 100755 --- a/fai/config/scripts/GRUB_PC/10-setup +++ b/fai/config/scripts/GRUB_PC/10-setup @@ -73,14 +73,16 @@ if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then mbrdevices=${mbrdevices%, } else for dev in $BOOT_DEVICE; do - mbrdevices=$(get_stable_devname $dev) + mbrdev=$(get_stable_devname $dev) if [ -z "$mbrdevices" ]; then # if we cannot find a persistent name (for e.g. in a VM) use old name - mbrdevices=$dev + mbrdevices+="$dev, " fi - echo "Installing grub on $dev = $mbrdevices" - $ROOTCMD grub-install --no-floppy "$mbrdevices" + echo "Installing grub on $dev = $mbrdev" + $ROOTCMD grub-install --no-floppy "$mbrdev" done + # remove trailing , + mbrdevices=${mbrdevices%, } fi echo "grub-pc grub-pc/install_devices multiselect $mbrdevices" | $ROOTCMD debconf-set-selections diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 1ffb74d..5245b35 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -24,14 +24,14 @@ fi # -r = recursive # -i = ignore non-matching class warnings, always exit 0 # -B = no backup files -fcopy -riBM /boot +fcopy -riB /boot # this is also done by FAIBASE/10-misc by default (without B) -fcopy -riBM /usr/local/bin +fcopy -riB /usr/local/bin # this gets done by fai, but just happens too often that # I add sources due to new distros, whatever. -fcopy -riBM /etc/apt/preferences.d -fcopy -riBM /etc/apt/sources.list.d +fcopy -riB /etc/apt/preferences.d +fcopy -riB /etc/apt/sources.list.d src=$FAI/distro-install-common/shadow @@ -52,7 +52,7 @@ $FAI/distro-install-common/end tmpfile1=$(mktemp) # this can fail if we need an apt update chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile1 ||: -fcopy -riBM /etc/apt +fcopy -riB /etc/apt tmpfile2=$(mktemp) chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile2 diff --git a/fsf/close-crypt-luks-keys-loopback b/fsf/close-crypt-luks-keys-loopback new file mode 100755 index 0000000..6b0f80d --- /dev/null +++ b/fsf/close-crypt-luks-keys-loopback @@ -0,0 +1,30 @@ +#!/bin/bash + +# usage: $0 +# this script is idempotent + +# warning: changes here may affect the open version of this script + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR + +m() { printf "%s\n" "$*"; "$@"; } + + +fs_file=/root/crypt-luks-keys-loopback +mapper_name=crypt-luks-keys-loopback + +if mountpoint /mnt2 &>/dev/null; then + m umount /mnt2 +fi +if cryptsetup status /dev/mapper/$mapper_name &>/dev/null; then + m cryptsetup luksClose /dev/mapper/$mapper_name; then +fi +l=$(losetup -l --noheadings | awk '$6 ~ /\/'$mapper_name'$/ {print $1}') +if [[ $l ]]; then + m losetup -d $l +else + echo "$0: warning: no loopback device found" >&2 +fi diff --git a/fsf/create-vm-disk b/fsf/create-vm-disk new file mode 100755 index 0000000..37cc45f --- /dev/null +++ b/fsf/create-vm-disk @@ -0,0 +1,160 @@ +#!/bin/bash +# Copyright (C) 2022 Ian Kelling +# SPDX-License-Identifier: AGPL-3.0-or-later + +# todo: put this script and this library into ansible +source /usr/local/lib/err + +#### begin arg processing ### +usage() { + cat <&2 + usage 1 +fi + +read -r disk_type gb hostname <<<"$@" +#### end arg processing ### + +if ! type -p apg &>/dev/null; then + apt install -y apg +fi + +if ! mountpoint -q /mnt2; then + echo "$0: error: expected /mnt2 to be a mountpoint, run /root/open-crypt-luks-keys-loopback" >&2 +fi + +case $disk_type in + hdd) + volgroups=( + vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M + vgata-ST4000DM000-1F2168_Z3028BKA + vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017 + ) + ;; + sdd) + volgroups=( + vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K + vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V + vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K + ) + ;; +esac + +for vg in ${volgroups[@]}; do + lvdev=/dev/$vg/$hostname + if [[ -e $lvdev ]]; then + echo "$0: skipping creation of existing lv: $lvdev" + else + m lvcreate -L ${gb}g -n $hostname $vg + fi +done + +keyfile=/mnt2/$hostname +if [[ ! -s $keyfile ]]; then + apg -m 25 -x 25 -n1 | tr -d '\n' >$keyfile + # directory is already 700, just being thorough + m chmod 600 $keyfile +fi + +crypttab_err=false + +mountdir=/mnt/$hostname +mkdir -p $mountdir +integrity_devs=() +if $mdraid; then + for vg in ${volgroups[@]}; do + lvdev=/dev/$vg/$hostname + integrity_name=integrity-$vg-$hostname + integrity_dev=/dev/mapper/$integrity_name + integrity_devs+=($integrity_dev) + if [[ -e $integrity_dev ]]; then + echo "$0: skipping creation of existing integrity dev: $integrity_dev" + else + m time integritysetup --batch-mode format $lvdev + m integritysetup open --allow-discards $lvdev $integrity_name + fi + done + mddev=/dev/md/md$hostname + if [[ -e $mddev ]]; then + echo "$0: skipping creation of existing mddev: $mddev" + else + # get stable auto-assembled names + # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0 + if ! grep -Fxq "HOMEHOST " /etc/mdadm/mdadm.conf; then + sed -i '/^ *HOMEHOST/d' /etc/mdadm/mdadm.conf + echo "HOMEHOST " >>/etc/mdadm/mdadm.conf + m update-initramfs -u -k all + fi + yes yes | m mdadm --create /dev/md/md$hostname --level 1 --raid-devices=3 ${integrity_devs[@]} || [[ $? == 141 ]] + fi + luks_name=crypt-$hostname + luks_dev=/dev/mapper/$luks_name + if [[ -e $luks_dev ]]; then + echo "$0: skipping creation of existing luks dev: $luks_dev" + else + yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]] + echo appending to /etc/crypttab + echo "$luks_name $mddev $keyfile discard,luks" | tee -a /etc/crypttab + m cryptdisks_start $luks_name + fi + m mkfs.ext4 $luks_dev +else + + luks_devs=() + for vg in ${volgroups[@]}; do + lvdev=/dev/$vg/$hostname + # todo add apg to automatically installed packages + yes YES | m cryptsetup luksFormat $lvdev $keyfile || [[ $? == 141 ]] + luks_name=crypt-$vg-$hostname + echo appending to /etc/crypttab + line="$luks_name $lvdev $keyfile discard,luks,noauto" + if grep -Fq "$lvdev" /etc/crypttab; then + if grep -Fx "$line" /etc/crypttab; then + echo "$0: crypttab line already found ^. not adding" + else + echo "$0: error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:" + echo "$line" + echo "saving exit 1 until script completes. manual intervention required" + crypttab_err=true + fi + else + echo "appending to /etc/crypttab:" + echo "$line" | tee -a /etc/crypttab + fi + m cryptdisks_start $luks_name + luks_devs+=(/dev/mapper/$luks_name) + done + + m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${luks_devs[@]} + m mount ${luks_devs[0]} $mountdir + m btrfs sub create $mountdir/root + m umount $mountdir +fi + +if $crypttab_err; then + echo "$0: crypttab error, exiting 1, see above." + exit 1 +fi diff --git a/fsf/crypt-disks-start b/fsf/crypt-disks-start new file mode 100755 index 0000000..7e310da --- /dev/null +++ b/fsf/crypt-disks-start @@ -0,0 +1,30 @@ +#!/bin/bash + +# usage: $0 +# this script is idempotent + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR + +m() { printf "%s\n" "$*"; "$@"; } + + +lvs --noheadings -o vg_name,lv_name | while read -r vg lv; do + if [[ ! $vg || ! $lv ]]; then + continue + fi + if ! integritysetup dump /dev/$vg/$lv &>/dev/null; then + continue + fi + int_name=integrity-$vg-$lv + if integritysetup status $int_name &>/dev/null; then + continue + fi + m integritysetup open --allow-discards /dev/$vg/$lv $int_name +done + +awk '$1 !~ /^ *#/ {print $1}' /etc/crypttab | while read -r c; do + m cryptdisks_start $c +done diff --git a/fsf/open-crypt-luks-keys-loopback b/fsf/open-crypt-luks-keys-loopback new file mode 100755 index 0000000..09c85fd --- /dev/null +++ b/fsf/open-crypt-luks-keys-loopback @@ -0,0 +1,40 @@ +#!/bin/bash + +# usage: $0 +# this script is idempotent + +# warning: changes here may affect the close version of this script + + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR + +m() { printf "%s\n" "$*"; "$@"; } + + +fs_file=/root/crypt-luks-keys-loopback +mapper_name=crypt-luks-keys-loopback + +l=$(losetup -j $fs_file | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:) +if [[ $l ]]; then + echo "$0: skipping losetup due to existing loopback: $l" +else + l=$(losetup -f) + m losetup $l $fs_file +fi +if cryptsetup status /dev/mapper/$mapper_name &>/dev/null; then + echo "$0: skipping cryptsetup due to existing /dev/mapper/$mapper_name" +else + if ! cryptsetup luksOpen $l $mapper_name; then + echo "$0: error luksOpen failed. detaching loopback" >&2 + m losetup -d $l + exit 1 + fi +fi +if mountpoint -q /dev/mapper/$mapper_name; then + echo "$0: skipping mount /dev/mapper/$mapper_name /mnt2 due to existing mount" +else + m mount /dev/mapper/$mapper_name /mnt2 +fi diff --git a/kd-mount b/kd-mount new file mode 100644 index 0000000..ad3c7f7 --- /dev/null +++ b/kd-mount @@ -0,0 +1,17 @@ +#!/bin/bash + +cd /dev +ls -lad vgata-Samsung_SSD_8* + +read -p "enter crypt pass" -r key +printf %s "$key" >/root/key + +cryptsetup luksOpen /dev/vgata-Samsung_SSD_850_EVO_2TB_S2RLNX0J502123D/root crypt-vgata-Samsung_SSD_850_EVO_2TB_S2RLNX0J502123D-root --key-file /root/key +cryptsetup luksOpen /dev/vgata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V/root crypt-vgata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-root --key-file /root/key +mount -o subvol=root_trisquelaramo /dev/mapper/crypt-vgata-Samsung_SSD_850_EVO_2TB_S2RLNX0J502123D-root /mnt +mount -o subvol=boot_trisquelaramo /dev/sda2 /mnt/boot + +cryptsetup luksOpen /dev/vgata-Samsung_SSD_850_EVO_2TB_S2RLNX0J502123D/o crypt-vgata-Samsung_SSD_850_EVO_2TB_S2RLNX0J502123D-o --key-file /root/key +cryptsetup luksOpen /dev/vgata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V/o crypt-vgata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-o --key-file /root/key + +mount /dev/mapper/crypt-vgata-Samsung_SSD_850_EVO_2TB_S2RLNX0J502123D-o /mnt/mnt/o diff --git a/kd.log b/kd.log new file mode 100644 index 0000000..2106679 --- /dev/null +++ b/kd.log @@ -0,0 +1,6 @@ + 407 root 3204 S /bin/sh /scripts/local-top/cryptroot + 423 root 0 IW [kworker/6:2-eve] + 432 root 3064 S /bin/sh /lib/cryptsetup/scripts/decrypt_keyctl none + 433 root 3204 S /bin/sh /scripts/local-top/cryptroot + 434 root 10768 S< /sbin/cryptsetup -T1 --allow-discards --type=luks --key-file=- ope + 436 root 2648 S /lib/cryptsetup/askpass Caching passphrase for crypt-vgata-Samsung diff --git a/lk b/lk index d3d13ea..247f4ed 100755 --- a/lk +++ b/lk @@ -60,7 +60,7 @@ if grep -q ID=ubuntu /etc/os-release; then sed -ri '/^\s*deb/{/universe/!s/$/ universe/}' /etc/apt/sources.list fi if ! type -p pxe-kexec >/dev/null 2>&1; then - apt-get update + apt-get update ||: # try even if we fail apt-get install -y debconf debconf-set-selections <