From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id CDD4020C6C; Sun, 27 Jul 2025 20:14:03 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 7F97220CB7; Sun, 27 Jul 2025 20:14:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) by atuin.qyliss.net (Postfix) with ESMTPS id 3E66E20C5E for ; Sun, 27 Jul 2025 20:14:00 +0000 (UTC) Received: by mail-qk1-x72b.google.com with SMTP id af79cd13be357-7dfdcded923so408094085a.1 for ; Sun, 27 Jul 2025 13:14:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1753647234; x=1754252034; darn=spectrum-os.org; h=in-reply-to:subject:autocrypt:from:content-language:references:to :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=ZTphB39TcdMiZ8sUkQJklPxmh7Tw+SCVBJ0K8MY2jTY=; b=hVPoyLVu4fiFz7WDR9MXhaQcJLIMv+srRLVlICveh95QakAXvK8fb2KDZZaY9t61Gv pm4S2QsAWPjzYjPYsx0tXGYbx+9FaFqfMFyRBjmzZJym1G25SNBsc974S85p8YvBD5C9 umlN0vmI+/AmmbqTFb7TUj/sI4FVFRp85OtLyVsAbRxPiAqlynFGhTPNVw16GdnzIy9G 6ppjtjMzqGCalGBUuRKrmysaix4vXXx/g5vXIPG9TV65v1SZkCxwHbWKn5epV7X6kxRw XZKhsvcBmWUG1pALYE2h8ZP/eWegOLjvT4jK02nvMwj/D5JLqA0ODHHNR4NBRdiYCOAa W7mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753647234; x=1754252034; h=in-reply-to:subject:autocrypt:from:content-language:references:to :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ZTphB39TcdMiZ8sUkQJklPxmh7Tw+SCVBJ0K8MY2jTY=; b=oskWOFVSuQEUiEtHOe++qziZMEsI9nyi9B2N9YhVFinnJxicfV14etROG7ky1oQ1Gv RyNELAytSCcGDuWFajsBaDkvVmp1byORm7RFFjck8uBOawx0wUEP+tdcMKZl24JlD+OO 7WjStLyF0xEVxnQ6qurbIvn3EYrH6sDlHWVkVXVOLPhWdLOEvI8KHC5eHemUgU5LbM/e bhzGqXgG+RhYBmdbhu6LEszgDwMPGSq9ueaEksZRYEkAn0NAi+zkZ9pQszObP/omW9ng gOVsTbVT0nOitNWTo7c0cTxGrGlj2f7MQe+AQHX6mA4GoCOcdVOp3ZIvA3VSYdfdJ6OT NeAA== X-Forwarded-Encrypted: i=1; AJvYcCVGBBH26qUVbh2s3REo9I/iPrgw0F9VATQcgdWh4l7IdqnLsZoBAMnIa9dHBkSPGV+GKJjVQQ==@spectrum-os.org X-Gm-Message-State: AOJu0YwklVUKL1OKWYeOrUUkWGLQA3cM9frcfFOhnHyi6mZllOVV7IZM 3rha8K59ha/Sy83rSVko5Av7MFwhheyR4+0EDVhU/C3MbuzlZoxOFHJ/u/A5bA== X-Gm-Gg: ASbGncs5XqgjuAjybI26i/zvgpqjBsz5bFDxdht3V8/MkWSiOyD0aUMvHoWe5Bjn0MQ bHbSbM5z1Mev4Ohyt+vqDoUC0NLC5gNJTkdSnda/Xy/SeYFJPLcHyhbcX0GGiiZABZLPK+cp0fI RzLOOilJKkCWe8/K2/vPBAZ+l6m7D/czPol9rnrBJajNuWMPU3GHtiQxculqc34f89L3/qg7H5M Aou8c1ZDB4ctsiNybjpNXP9vCC8fkXJh7g+ek/rffUs4XVzpBuBRnIbsbU/8SGr1+4+ldR8Q/b8 ee9dLYEXd0ZJCCEvrI2xfYHxU+K7zUlHN48TuNrG0ZXdRsg9/tCUUq45VbpxXh74UNlRURw5TAK TkBA4dkl+bxIVZz3voVL1lrY99Ng= X-Google-Smtp-Source: AGHT+IHExUf4y4dI7MD5sa8q4Hhd6P6E47zEZTKv5ZsGN33zk7UHJIoz/7aFSZ1t+LAtKDnpEj2Veg== X-Received: by 2002:a05:620a:19a0:b0:7e3:3001:47b5 with SMTP id af79cd13be357-7e63ba55f45mr1111031785a.1.1753647233490; Sun, 27 Jul 2025 13:13:53 -0700 (PDT) Received: from [10.138.10.6] ([89.187.178.201]) by smtp.gmail.com with ESMTPSA id af79cd13be357-7e64327bfd6sm214646085a.9.2025.07.27.13.13.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 27 Jul 2025 13:13:52 -0700 (PDT) Message-ID: <68cb3568-8e56-45bb-a836-619d412b0521@gmail.com> Date: Sun, 27 Jul 2025 16:13:42 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Alyssa Ross , Spectrum OS Development References: <2862317f-1419-4405-870d-f7631bcd1d2a@gmail.com> <7b381025-42fc-448c-b0c7-5aa584c08daa@gmail.com> <87h5yzfdvp.fsf@alyssa.is> Content-Language: en-US From: Demi Marie Obenour Autocrypt: addr=demiobenour@gmail.com; keydata= xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49yB+l2nipd aq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYfbWpr/si88QKgyGSV Z7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/UorR+FaSuVwT7rqzGrTlscnT DlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7MMPCJwI8JpPlBedRpe9tfVyfu3euTPLPx wcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9Hzx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR 6h3nBc3eyuZ+q62HS1pJ5EvUT1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl 5FMWo8TCniHynNXsBtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2 Bkg1b//r6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nSm9BBff0N m0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQABzTxEZW1pIE1hcmll IE9iZW5vdXIgKGxvdmVyIG9mIGNvZGluZykgPGRlbWlvYmVub3VyQGdtYWlsLmNvbT7CwXgE EwECACIFAlp+A0oCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELKItV//nCLBhr8Q AK/xrb4wyi71xII2hkFBpT59ObLN+32FQT7R3lbZRjVFjc6yMUjOb1H/hJVxx+yo5gsSj5LS 9AwggioUSrcUKldfA/PKKai2mzTlUDxTcF3vKx6iMXKA6AqwAw4B57ZEJoMM6egm57TV19kz PMc879NV2nc6+elaKl+/kbVeD3qvBuEwsTe2Do3HAAdrfUG/j9erwIk6gha/Hp9yZlCnPTX+ VK+xifQqt8RtMqS5R/S8z0msJMI/ajNU03kFjOpqrYziv6OZLJ5cuKb3bZU5aoaRQRDzkFIR 6aqtFLTohTo20QywXwRa39uFaOT/0YMpNyel0kdOszFOykTEGI2u+kja35g9TkH90kkBTG+a EWttIht0Hy6YFmwjcAxisSakBuHnHuMSOiyRQLu43ej2+mDWgItLZ48Mu0C3IG1seeQDjEYP tqvyZ6bGkf2Vj+L6wLoLLIhRZxQOedqArIk/Sb2SzQYuxN44IDRt+3ZcDqsPppoKcxSyd1Ny 2tpvjYJXlfKmOYLhTWs8nwlAlSHX/c/jz/ywwf7eSvGknToo1Y0VpRtoxMaKW1nvH0OeCSVJ itfRP7YbiRVc2aNqWPCSgtqHAuVraBRbAFLKh9d2rKFB3BmynTUpc1BQLJP8+D5oNyb8Ts4x Xd3iV/uD8JLGJfYZIR7oGWFLP4uZ3tkneDfYzsFNBFp+A0oBEAC9ynZI9LU+uJkMeEJeJyQ/ 8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd8xD57ue0eB47bcJv VqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPpI4gfUbVEIEQuqdqQyO4GAe+M kD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalql1/iSyv1WYeC1OAs+2BLOAT2NEggSiVO txEfgewsQtCWi8H1SoirakIfo45Hz0tk/Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJ riwoaRIS8N2C8/nEM53jb1sH0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcN fRAIUrNlatj9TxwivQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6 dCxN0GNAORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog2LNtcyCj kTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZAgrrnNz0iZG2DVx46 x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJELKItV//nCLBwNIP/AiIHE8b oIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwjjVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGj gn0TPtsGzelyQHipaUzEyrsceUGWYoKXYyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8fr RHnJdBcjf112PzQSdKC6kqU0Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2 E0rW4tBtDAn2HkT9uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHM OBvy3EhzfAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVssZ/rYZ9+5 1yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aWemLLszcYz/u3XnbO vUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPthZlDnTnOT+C+OTsh8+m5tos8 HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E +MYSfkEjBz0E8CLOcAw7JIwAaeBT Subject: Re: [PATCH v6 4/5] img/app: Create needed directories in early boot In-Reply-To: <87h5yzfdvp.fsf@alyssa.is> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------WPXdj37P3t3IgRg6h4hBu7JC" Message-ID-Hash: TBK7BT7MNHD6KGVXL7IIR3BHFI4VF7KW X-Message-ID-Hash: TBK7BT7MNHD6KGVXL7IIR3BHFI4VF7KW X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------WPXdj37P3t3IgRg6h4hBu7JC Content-Type: multipart/mixed; boundary="------------00UTDoVzpkj0wng828KNTdqt"; protected-headers="v1" From: Demi Marie Obenour To: Alyssa Ross , Spectrum OS Development Message-ID: <68cb3568-8e56-45bb-a836-619d412b0521@gmail.com> Subject: Re: [PATCH v6 4/5] img/app: Create needed directories in early boot References: <2862317f-1419-4405-870d-f7631bcd1d2a@gmail.com> <7b381025-42fc-448c-b0c7-5aa584c08daa@gmail.com> <87h5yzfdvp.fsf@alyssa.is> In-Reply-To: <87h5yzfdvp.fsf@alyssa.is> --------------00UTDoVzpkj0wng828KNTdqt Content-Type: multipart/mixed; boundary="------------JdqZ5qQBEn2MAOvymaTlnKeF" --------------JdqZ5qQBEn2MAOvymaTlnKeF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 7/26/25 06:24, Alyssa Ross wrote: > Demi Marie Obenour writes: >=20 >> This moves various calls to mkdir(1) to very early boot, before any >> services are running. This has two advantages: >> >> 1. These directories are guaranteed to exist. Code can just assume th= at >> they are there without checking for them. >> >> 2. Malicious code running as an unprivileged user cannot create >> directories under /tmp before legitimate code has done so. >> >> Also, it creates the various directories used by X11 with restrictive >> permissions to prevent untrusted code from writing to them, and sets u= p >> /run/user/0 to provide $XDG_RUNTIME_DIR. >> >> The copyright notice for directory creation is not kept because making= >> four directories with well-known names and permissions is not >> copyrightable. >=20 > Missing S-o-b. Will fix in v7. >> --- >> img/app/etc/s6-linux-init/scripts/rc.init | 8 ++++++++ >> img/app/etc/s6-rc/wayland-proxy-virtwl/run | 10 ---------- >> 2 files changed, 8 insertions(+), 10 deletions(-) >> >> diff --git a/img/app/etc/s6-linux-init/scripts/rc.init b/img/app/etc/s= 6-linux-init/scripts/rc.init >> index c5a59245ff3761e94acb974edde967806fb3b234..6f2db32935332793faf47e= 3c68e42b0afd537a2d 100755 >> --- a/img/app/etc/s6-linux-init/scripts/rc.init >> +++ b/img/app/etc/s6-linux-init/scripts/rc.init >> @@ -7,4 +7,12 @@ if { s6-rc-init -c /etc/s6-rc /run/service } >> if { modprobe overlay } >> if { mount -a --mkdir } >> =20 >> +# /tmp/.*-unix are used by X11 and exist on my machine with 1777 perm= issions. >> +# Use mode 0755 because no other user needs access to them. >=20 > 0755 gives read access to other things =E2=80=94 that what we want? Nope. Only stuff that needs access should have it. >> +# Also, I have seen some software use /tmp/user, so create it as well= =2E >> +if { mkdir -m 0755 /tmp/user /tmp/.X11-unix /tmp/.ICE-unix /tmp/.XIM-= unix /tmp/.font-unix } >=20 > In general I'd prefer to avoid having anything in the VMs where we don'= t > totally understand what it's for. If we want to create these anyway > just to make sure something evil doesn't create them with the wrong > owner/permissions before we can, rather than because we know they do > something useful that we want, maybe we should create them 0000? But > given that this is the guest, I'm not sure that's necessary=E2=80=A6 - /tmp/.X11-unix is the X server. - /tmp/.ICE-unix is for Inter-Client Exchange, which is still used. At a minimum, I have seen error messages referring to it. - /tmp/.font-unix is for the obsolete X Font Server. - /tmp/.XIM-unix is presumably for X11 input methods, which are not currently supported. At some point they might need to be supported. --=20 Sincerely, Demi Marie Obenour (she/her/hers) --------------JdqZ5qQBEn2MAOvymaTlnKeF Content-Type: application/pgp-keys; name="OpenPGP_0xB288B55FFF9C22C1.asc" Content-Disposition: attachment; filename="OpenPGP_0xB288B55FFF9C22C1.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49y B+l2nipdaq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYf bWpr/si88QKgyGSVZ7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/ UorR+FaSuVwT7rqzGrTlscnTDlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7M MPCJwI8JpPlBedRpe9tfVyfu3euTPLPxwcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9H zx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR6h3nBc3eyuZ+q62HS1pJ5EvU T1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl5FMWo8TCniHynNXs BtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2Bkg1b//r 6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nS m9BBff0Nm0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQAB zTxEZW1pIE9iZW5vdXIgKElUTCBFbWFpbCBLZXkpIDxhdGhlbmFAaW52aXNpYmxl dGhpbmdzbGFiLmNvbT7CwY4EEwEIADgWIQR2h02fEza6IlkHHHGyiLVf/5wiwQUC X6YJvQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCyiLVf/5wiwWRhD/0Y R+YYC5Kduv/2LBgQJIygMsFiRHbR4+tWXuTFqgrxxFSlMktZ6gQrQCWe38WnOXkB oY6n/5lSJdfnuGd2UagZ/9dkaGMUkqt+5WshLFly4BnP7pSsWReKgMP7etRTwn3S zk1OwFx2lzY1EnnconPLfPBc6rWG2moA6l0WX+3WNR1B1ndqpl2hPSjT2jUCBWDV rGOUSX7r5f1WgtBeNYnEXPBCUUM51pFGESmfHIXQrqFDA7nBNiIVFDJTmQzuEqIy Jl67pKNgooij5mKzRhFKHfjLRAH4mmWZlB9UjDStAfFBAoDFHwd1HL5VQCNQdqEc /9lZDApqWuCPadZN+pGouqLysesIYsNxUhJ7dtWOWHl0vs7/3qkWmWun/2uOJMQh ra2u8nA9g91FbOobWqjrDd6x3ZJoGQf4zLqjmn/P514gb697788e573WN/MpQ5XI Fl7aM2d6/GJiq6LC9T2gSUW4rbPBiqOCeiUx7Kd/sVm41p9TOA7fEG4bYddCfDsN xaQJH6VRK3NOuBUGeL+iQEVF5Xs6Yp+U+jwvv2M5Lel3EqAYo5xXTx4ls0xaxDCu fudcAh8CMMqx3fguSb7Mi31WlnZpk0fDuWQVNKyDP7lYpwc4nCCGNKCj622ZSocH AcQmX28L8pJdLYacv9pU3jPy4fHcQYvmTavTqowGnM08RGVtaSBNYXJpZSBPYmVu b3VyIChsb3ZlciBvZiBjb2RpbmcpIDxkZW1pb2Jlbm91ckBnbWFpbC5jb20+wsF4 BBMBAgAiBQJafgNKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCyiLVf /5wiwYa/EACv8a2+MMou9cSCNoZBQaU+fTmyzft9hUE+0d5W2UY1RY3OsjFIzm9R /4SVccfsqOYLEo+S0vQMIIIqFEq3FCpXXwPzyimotps05VA8U3Bd7yseojFygOgK sAMOAee2RCaDDOnoJue01dfZMzzHPO/TVdp3OvnpWipfv5G1Xg96rwbhMLE3tg6N xwAHa31Bv4/Xq8CJOoIWvx6fcmZQpz01/lSvsYn0KrfEbTKkuUf0vM9JrCTCP2oz VNN5BYzqaq2M4r+jmSyeXLim922VOWqGkUEQ85BSEemqrRS06IU6NtEMsF8EWt/b hWjk/9GDKTcnpdJHTrMxTspExBiNrvpI2t+YPU5B/dJJAUxvmhFrbSIbdB8umBZs I3AMYrEmpAbh5x7jEjoskUC7uN3o9vpg1oCLS2ePDLtAtyBtbHnkA4xGD7ar8mem xpH9lY/i+sC6CyyIUWcUDnnagKyJP0m9ks0GLsTeOCA0bft2XA6rD6aaCnMUsndT ctrab42CV5XypjmC4U1rPJ8JQJUh1/3P48/8sMH+3krxpJ06KNWNFaUbaMTGiltZ 7x9DngklSYrX0T+2G4kVXNmjaljwkoLahwLla2gUWwBSyofXdqyhQdwZsp01KXNQ UCyT/Pg+aDcm/E7OMV3d4lf7g/CSxiX2GSEe6BlhSz+Lmd7ZJ3g32M1ARGVtaSBN YXJpZSBPYmVub3VyIChJVEwgRW1haWwgS2V5KSA8ZGVtaUBpbnZpc2libGV0aGlu Z3NsYWIuY29tPsLBjgQTAQgAOBYhBHaHTZ8TNroiWQcccbKItV//nCLBBQJgOEV+ AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELKItV//nCLBKwoP/1WSnFdv SAD0g7fD0WlF+oi7ISFT7oqJnchFLOwVHK4Jg0e4hGn1ekWsF3Ha5tFLh4V/7UUu obYJpTfBAA2CckspYBqLtKGjFxcaqjjpO1I2W/jeNELVtSYuCOZICjdNGw2Hl9yH KRZiBkqc9u8lQcHDZKq4LIpVJj6ZQV/nxttDX90ax2No1nLLQXFbr5wb465LAPpU lXwunYDij7xJGye+VUASQh9datye6orZYuJvNo8Tr3mAQxxkfR46LzWgxFCPEAZJ 5P56Nc0IMHdJZj0Uc9+1jxERhOGppp5jlLgYGK7faGB/jTV6LaRQ4Ad+xiqokDWp mUOZsmA+bMbtPfYjDZBz5mlyHcIRKIFpE1l3Y8F7PhJuzzMUKkJi90CYakCV4x/a Zs4pzk5E96c2VQx01RIEJ7fzHF7lwFdtfTS4YsLtAbQFsKayqwkGcVv2B1AHeqdo TMX+cgDvjd1ZganGlWA8Sv9RkNSMchn1hMuTwERTyFTr2dKPnQdA1F480+jUap41 ClXgn227WkCIMrNhQGNyJsnwyzi5wS8rBVRQ3BOTMyvGM07j3axUOYaejEpg7wKi wTPZGLGH1sz5GljD/916v5+v2xLbOo5606j9dWf5/tAhbPuqrQgWv41wuKDi+dDD EKkODF7DHes8No+QcHTDyETMn1RYm7t0RKR4zsFNBFp+A0oBEAC9ynZI9LU+uJkM eEJeJyQ/8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd 8xD57ue0eB47bcJvVqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPp I4gfUbVEIEQuqdqQyO4GAe+MkD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalq l1/iSyv1WYeC1OAs+2BLOAT2NEggSiVOtxEfgewsQtCWi8H1SoirakIfo45Hz0tk /Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJriwoaRIS8N2C8/nEM53jb1sH 0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcNfRAIUrNlatj9Txwi vQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6dCxN0GNA ORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog 2LNtcyCjkTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZA grrnNz0iZG2DVx46x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJ ELKItV//nCLBwNIP/AiIHE8boIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwj jVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGjgn0TPtsGzelyQHipaUzEyrsceUGWYoKX YyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8frRHnJdBcjf112PzQSdKC6kqU0 Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2E0rW4tBtDAn2HkT9 uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHMOBvy3Ehz fAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVss Z/rYZ9+51yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aW emLLszcYz/u3XnbOvUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPt hZlDnTnOT+C+OTsh8+m5tos8HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj 6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E+MYSfkEjBz0E8CLOcAw7JIwAaeBTzsFN BGbyLVgBEACqClxh50hmBepTSVlan6EBq3OAoxhrAhWZYEwN78k+ENhK68KhqC5R IsHzlL7QHW1gmfVBQZ63GnWiraM6wOJqFTL4ZWvRslga9u28FJ5XyK860mZLgYhK 9BzoUk4s+dat9jVUbq6LpQ1Ot5I9vrdzo2p1jtQ8h9WCIiFxSYy8s8pZ3hHh5T64 GIj1m/kY7lG3VIdUgoNiREGf/iOMjUFjwwE9ZoJ26j9p7p1U+TkKeF6wgswEB1T3 J8KCAtvmRtqJDq558IU5jhg5fgN+xHB8cgvUWulgK9FIF9oFxcuxtaf/juhHWKMO RtL0bHfNdXoBdpUDZE+mLBUAxF6KSsRrvx6AQyJs7VjgXJDtQVWvH0PUmTrEswgb 49nNU+dLLZQAZagxqnZ9Dp5l6GqaGZCHERJcLmdY/EmMzSf5YazJ6c0vO8rdW27M kn73qcWAplQn5mOXaqbfzWkAUPyUXppuRHfrjxTDz3GyJJVOeMmMrTxH4uCaGpOX Z8tN6829J1roGw4oKDRUQsaBAeEDqizXMPRc+6U9vI5FXzbAsb+8lKW65G7JWHym YPOGUt2hK4DdTA1PmVo0DxH00eWWeKxqvmGyX+Dhcg+5e191rPsMRGsDlH6KihI6 +3JIuc0y6ngdjcp6aalbuvPIGFrCRx3tnRtNc7He6cBWQoH9RPwluwARAQABwsOs BBgBCgAgFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmbyLVgCGwICQAkQsoi1X/+c IsHBdCAEGQEKAB0WIQSilC2pUlbVp66j3+yzNoc6synyUwUCZvItWAAKCRCzNoc6 synyU85gD/0T1QDtPhovkGwoqv4jUbEMMvpeYQf+oWgm/TjWPeLwdjl7AtY0G9Ml ZoyGniYkoHi37Gnn/ShLT3B5vtyI58ap2+SSa8SnGftdAKRLiWFWCiAEklm9FRk8 N3hwxhmSFF1KR/AIDS4g+HIsZn7YEMubBSgLlZZ9zHl4O4vwuXlREBEW97iL/FSt VownU2V39t7PtFvGZNk+DJH7eLO3jmNRYB0PL4JOyyda3NH/J92iwrFmjFWWmmWb /Xz8l9DIs+Z59pRCVTTwbBEZhcUc7rVMCcIYL+q1WxBG2e6lMn15OQJ5WfiE6E0I sGirAEDnXWx92JNGx5l+mMpdpsWhBZ5iGTtttZesibNkQfd48/eCgFi4cxJUC4PT UQwfD9AMgzwSTGJrkI5XGy+XqxwOjL8UA0iIrtTpMh49zw46uV6kwFQCgkf32jZM OLwLTNSzclbnA7GRd8tKwezQ/XqeK3dal2n+cOr+o+Eka7yGmGWNUqFbIe8cjj9T JeF3mgOCmZOwMI+wIcQYRSf+e5VTMO6TNWH5BI3vqeHSt7HkYuPlHT0pGum88d4a pWqhulH4rUhEMtirX1hYx8Q4HlUOQqLtxzmwOYWkhl1C+yPObAvUDNiHCLf9w28n uihgEkzHt9J4VKYulyJM9fe3ENcyU6rpXD7iANQqcr87ogKXFxknZ97uEACvSucc RbnnAgRqZ7GDzgoBerJ2zrmhLkeREZ08iz1zze1JgyW3HEwdr2UbyAuqvSADCSUU GN0vtQHsPzWl8onRc7lOPqPDF8OO+UfN9NAfA4wl3QyChD1GXl9rwKQOkbvdlYFV UFx9u86LNi4ssTmU8p9NtHIGpz1SYMVYNoYy9NU7EVqypGMguDCL7gJt6GUmA0sw p+YCroXiwL2BJ7RwRqTpgQuFL1gShkA17D5jK4mDPEetq1d8kz9rQYvAR/sTKBsR ImC3xSfn8zpWoNTTB6lnwyP5Ng1bu6esS7+SpYprFTe7ZqGZF6xhvBPf1Ldi9UAm U2xPN1/eeWxEa2kusidmFKPmN8lcT4miiAvwGxEnY7Oww9CgZlUB+LP4dl5VPjEt sFeAhrgxLdpVTjPRRwTd9VQF3/XYl83j5wySIQKIPXgT3sG3ngAhDhC8I8GpM36r 8WJJ3x2yVzyJUbBPO0GBhWE2xPNIfhxVoU4cGGhpFqz7dPKSTRDGq++MrFgKKGpI ZwT3CPTSSKc7ySndEXWkOYArDIdtyxdE1p5/c3aoz4utzUU7NDHQ+vVIwlnZSMiZ jek2IJP3SZ+COOIHCVxpUaZ4lnzWT4eDqABhMLpIzw6NmGfg+kLBJhouqz81WITr EtJuZYM5blWncBOJCoWMnBEcTEo/viU3GgcVRw=3D=3D =3Dx94R -----END PGP PUBLIC KEY BLOCK----- --------------JdqZ5qQBEn2MAOvymaTlnKeF-- --------------00UTDoVzpkj0wng828KNTdqt-- --------------WPXdj37P3t3IgRg6h4hBu7JC Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEopQtqVJW1aeuo9/sszaHOrMp8lMFAmiGiHcACgkQszaHOrMp 8lO2fg/9FIXxoOIhrspm/DbsePrMalN8gavdFbs9jjettYVVcY5Kzhiuk9gHUhlK OIqMZeAQC8WmHZhvPB2GPF1JER80K/li4Yo+yonhaF2mlEJIYsjJDUtuD6Wg7Lvn ktEu/O9PSBjm2XHtQVqgkf+Q5t5bPSOujP9yC+v2MgNcabOAFVOOmsXYR73ZRt+J zSupTeJ7M1Ky5neWVS+6kkRacCxblRaEGBqvnPcF68ag0sswLE/5WHyR01vCYkDI ilx3iRmlzeF/CpHlbpqlimIrgofclnJ5alf2ltwgWiDGrr7LN6rW5l5n78R2ND36 Y0aHPGX0T6dfdbuQzLnvGXm/0NteKJik+i0BItPdqrzAGh0z/ImG4EyMygx3E190 JrLMmTjnx4O7Phl9d3BVJG/9pBWYV9GP+xDUggEuso+OSM2P77FQTjkKRMuofSlS 1Dr1hskHaCX8vHTehbBLwp13/TqvVnEBWoHPfjI1h0xhmI5vt2LLVUDL9SG9t4vW NcjsUNNfRNASvMkXOyE7ps6dCVsxHdvfxS01iyNQhwa1XJLVbodQwGi6cQIQxHGM rJkm1ccqPK2NTLfCmiqCP2wagbY5dApJNhDEuHY8ysaSb5qAE+FeWXcvs9ExF5Jz 3Z6zYAJvHeKQdpteUFCkRQ3TYXIAspRYZ62whO0umb+n6FP8CHg= =Of50 -----END PGP SIGNATURE----- --------------WPXdj37P3t3IgRg6h4hBu7JC--