From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 26BE41C354; Mon, 08 Sep 2025 18:06:01 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 676181C3B6; Mon, 08 Sep 2025 18:05:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yx1-xb135.google.com (mail-yx1-xb135.google.com [IPv6:2607:f8b0:4864:20::b135]) by atuin.qyliss.net (Postfix) with ESMTPS id C0B621C3B2 for ; Mon, 08 Sep 2025 18:05:56 +0000 (UTC) Received: by mail-yx1-xb135.google.com with SMTP id 956f58d0204a3-60f45afcc50so454294d50.3 for ; Mon, 08 Sep 2025 11:05:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1757354755; x=1757959555; darn=spectrum-os.org; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=e5MRS29v3410i8bVs/DHrZLH378n/RH7Q4C/biDp1p8=; b=lCS9zqOqGGzH3/UHeMXnZgDyoYkqyVSF7ypEW4DMS1K0RSou10Dyzf+YwCGxwRE4o3 UXzCh9JDZ7JxDIYV5N0Glua5Mr5tnKGajywgrcaiLo83zvtmE3hiehdSeVUj+JKogjCy xv8RKDjTLwHwVVpiRmSfxE7w1a2SLOCum4d66Qq2vVamnc/F8GZN8t3ShYwqkHAUVAaT 9RZqVXUed3GetPb6yNQwDWcS/3G5TAVorhihdiFS/+CaGBdM0bjuno4Tv3TUsMZpalu5 Og1h77L7T5IuIQKEEd4IADG2NWtdR5Y9HY79KIWoEq/SPEyXroc0hQqm08JlHyADqVpB k0QA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757354755; x=1757959555; h=in-reply-to:autocrypt:from:content-language:references:cc:to :subject:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=e5MRS29v3410i8bVs/DHrZLH378n/RH7Q4C/biDp1p8=; b=Z1UPAJHS8x3ZBy+BU5p4P/y+g/39bv3ApV/jVDaLKZ53KY/wvB9eoYt9W9f1JEo5dt bnwMc3AkZggzObRe6Dm1VdvZU5TMKkH1P4j6aRVwc1IddHqx/Nr7CsMkdluNfBvlXKmh oWXs4Sc4R6oC0Tu3M1RU/I/V/LWP+YB/fZKe01lOLKQVdhehR63aISX+tyheODeCtuSH xRHxIodTL/dw1MVH2vaff0Trm3VgdAjdScHsPMOnSvtJZuxwoYyT5mp2vE6yhW5QAp8b 0/BcwKy6kg8byO1++YGwnU12xFGEf+VKo6hQANjjs1E61O1CyI3R/Tg945rL8+s0smgW QP0g== X-Gm-Message-State: AOJu0Yy52Z39QhfQ7IvUMluf6aCJ5xFr6KbK9nNQI2xJ+2HxUjvqoeYU /NsjwuaR1FfeGkwn8E34HcIdbJW3Eed9rLujcCsRR0j/dEQp1auKGY0V X-Gm-Gg: ASbGncvx3sIrMkefeuAv2Nu17Fh7ktxnf46lof7XqsLnXONBd6myConNUfZSFZZQzXa w3Q/WYmhNi1ZA0o2a/E1gZwMGkhBiT/C+XN6qQl0nRCdAjPBGQ8hsrMqYMqUHcInOsxZ0pxxMkQ JsgFvO0QffAAW3mEr2kC6tXINAVWfUJOdUe/63pU4lycDcEJavt3XqqLNhFnqHuYMZ46HObrpDs cL9y0qI7hmZXzhoZobRqkgzCFAW84C+E+wHwReEF2HhAov8Z95G6TIx77YHC//ATOb0q9eWjO9I 4bXMz+H9OtGJPaQAxZe9lt3s5eAyu0+N2JoBN7zD04Yk2mtqpaOqQd3YCXhw9z/x1VYjfhLhzj3 5KcuNunDT6gElRAbPVjHJInM+wmgmr3qzPXCpfom6q4ZmqpvHFObZ4bfJKFsnhX77zMMUkZDBnv n6w8JN6HCJ5wVWNc2DVuEh0QfBZNOBDwUqsoO8Un3gtTxHeg== X-Google-Smtp-Source: AGHT+IHQHg0C9uilU5HICc8r8mnyAiQH5g+sG0HGI3oHFHBJTox/Nmc7Id4Bi473AjwAALd9amb3wA== X-Received: by 2002:a05:690e:2417:b0:5fe:d33:ffb7 with SMTP id 956f58d0204a3-610274a4addmr5291812d50.18.1757354753382; Mon, 08 Sep 2025 11:05:53 -0700 (PDT) Received: from [10.138.34.110] (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with ESMTPSA id 00721157ae682-723a85647a3sm54498117b3.61.2025.09.08.11.05.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 08 Sep 2025 11:05:52 -0700 (PDT) Message-ID: Date: Mon, 8 Sep 2025 14:05:47 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 08/20] Standardize directories and symlinks in images To: Alyssa Ross References: <20250904-systemd-v1-0-2a63b790a913@gmail.com> <20250904-systemd-v1-8-2a63b790a913@gmail.com> <87plc1jp5f.fsf@alyssa.is> Content-Language: en-US From: Demi Marie Obenour Autocrypt: addr=demiobenour@gmail.com; keydata= xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49yB+l2nipd aq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYfbWpr/si88QKgyGSV Z7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/UorR+FaSuVwT7rqzGrTlscnT DlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7MMPCJwI8JpPlBedRpe9tfVyfu3euTPLPx wcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9Hzx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR 6h3nBc3eyuZ+q62HS1pJ5EvUT1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl 5FMWo8TCniHynNXsBtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2 Bkg1b//r6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nSm9BBff0N m0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQABzTxEZW1pIE1hcmll IE9iZW5vdXIgKGxvdmVyIG9mIGNvZGluZykgPGRlbWlvYmVub3VyQGdtYWlsLmNvbT7CwXgE EwECACIFAlp+A0oCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELKItV//nCLBhr8Q AK/xrb4wyi71xII2hkFBpT59ObLN+32FQT7R3lbZRjVFjc6yMUjOb1H/hJVxx+yo5gsSj5LS 9AwggioUSrcUKldfA/PKKai2mzTlUDxTcF3vKx6iMXKA6AqwAw4B57ZEJoMM6egm57TV19kz PMc879NV2nc6+elaKl+/kbVeD3qvBuEwsTe2Do3HAAdrfUG/j9erwIk6gha/Hp9yZlCnPTX+ VK+xifQqt8RtMqS5R/S8z0msJMI/ajNU03kFjOpqrYziv6OZLJ5cuKb3bZU5aoaRQRDzkFIR 6aqtFLTohTo20QywXwRa39uFaOT/0YMpNyel0kdOszFOykTEGI2u+kja35g9TkH90kkBTG+a EWttIht0Hy6YFmwjcAxisSakBuHnHuMSOiyRQLu43ej2+mDWgItLZ48Mu0C3IG1seeQDjEYP tqvyZ6bGkf2Vj+L6wLoLLIhRZxQOedqArIk/Sb2SzQYuxN44IDRt+3ZcDqsPppoKcxSyd1Ny 2tpvjYJXlfKmOYLhTWs8nwlAlSHX/c/jz/ywwf7eSvGknToo1Y0VpRtoxMaKW1nvH0OeCSVJ itfRP7YbiRVc2aNqWPCSgtqHAuVraBRbAFLKh9d2rKFB3BmynTUpc1BQLJP8+D5oNyb8Ts4x Xd3iV/uD8JLGJfYZIR7oGWFLP4uZ3tkneDfYzsFNBFp+A0oBEAC9ynZI9LU+uJkMeEJeJyQ/ 8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd8xD57ue0eB47bcJv VqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPpI4gfUbVEIEQuqdqQyO4GAe+M kD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalql1/iSyv1WYeC1OAs+2BLOAT2NEggSiVO txEfgewsQtCWi8H1SoirakIfo45Hz0tk/Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJ riwoaRIS8N2C8/nEM53jb1sH0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcN fRAIUrNlatj9TxwivQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6 dCxN0GNAORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog2LNtcyCj kTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZAgrrnNz0iZG2DVx46 x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJELKItV//nCLBwNIP/AiIHE8b oIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwjjVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGj gn0TPtsGzelyQHipaUzEyrsceUGWYoKXYyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8fr RHnJdBcjf112PzQSdKC6kqU0Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2 E0rW4tBtDAn2HkT9uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHM OBvy3EhzfAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVssZ/rYZ9+5 1yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aWemLLszcYz/u3XnbO vUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPthZlDnTnOT+C+OTsh8+m5tos8 HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E +MYSfkEjBz0E8CLOcAw7JIwAaeBT In-Reply-To: <87plc1jp5f.fsf@alyssa.is> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------LAyIdWs0k8yJgU7W0U0iKyjg" Message-ID-Hash: A6WRNEKMULKMVQVGPAZNCSMB6NVRSHDB X-Message-ID-Hash: A6WRNEKMULKMVQVGPAZNCSMB6NVRSHDB X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Spectrum OS Development X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------LAyIdWs0k8yJgU7W0U0iKyjg Content-Type: multipart/mixed; boundary="------------oHBC53n9U0Emw8xag3ta5faZ"; protected-headers="v1" From: Demi Marie Obenour To: Alyssa Ross Cc: Spectrum OS Development Message-ID: Subject: Re: [PATCH 08/20] Standardize directories and symlinks in images References: <20250904-systemd-v1-0-2a63b790a913@gmail.com> <20250904-systemd-v1-8-2a63b790a913@gmail.com> <87plc1jp5f.fsf@alyssa.is> In-Reply-To: <87plc1jp5f.fsf@alyssa.is> --------------oHBC53n9U0Emw8xag3ta5faZ Content-Type: multipart/mixed; boundary="------------aydtSOqmihAaQC9vrXx6nDaR" --------------aydtSOqmihAaQC9vrXx6nDaR Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 9/8/25 04:59, Alyssa Ross wrote: > Demi Marie Obenour writes: >=20 >> There are a few directories and symbolic links that a Linux system >> should always have. Even if Spectrum OS itself does not use them, >> third-party dependencies and/or applications might rely on them. >> Create these in scripts/make-erofs.sh rather than separately in >> each VM's build scripts. The creation of /run/lock assumes that >> s6-linux-init is being used, but that assumption is easy to fix later.= >> This also enforces that the symlinks and directories were *not* create= d >> in other places. The app VM build violated this rule, so fix it. >> >> Signed-off-by: Demi Marie Obenour >=20 > This really seems like it's making things substantially more > complicated, especially with the need to remove links so they can later= > be recreated again by make-erofs.sh. If we really want to make sure we= > don't forget certain directories, we could do that in a much simpler wa= y > by just checking for existence once we've assembled the directory that > will become the image. I decided that it was simpler to make all of the links in the same place so that it would be easier to add or remove them in the future. Moving creation to common code seems more complexity than two rm commands. >> --- >> host/rootfs/Makefile | 15 ++------ >> host/rootfs/bin | 1 - >> host/rootfs/lib | 1 - >> host/rootfs/sbin | 1 - >> img/app/Makefile | 8 ++-- >> img/app/bin | 1 - >> img/app/default.nix | 101 +++++++++++++++++++++++++++++-----------= --------- >> img/app/sbin | 1 - >> scripts/make-erofs.sh | 34 +++++++++++++++++ >> vm/sys/net/Makefile | 8 +--- >> vm/sys/net/bin | 1 - >> vm/sys/net/default.nix | 2 + >> vm/sys/net/lib | 1 - >> vm/sys/net/sbin | 1 - >> vm/sys/net/var/run | 1 - >> 15 files changed, 106 insertions(+), 71 deletions(-) >> >> diff --git a/host/rootfs/Makefile b/host/rootfs/Makefile >> index dce78e60bc1a8c18f5f448aaa9aeed2c8a7da04e..6cdbac201257faedb70344= bcfd5cf9d4fd25b507 100644 >> --- a/host/rootfs/Makefile >> +++ b/host/rootfs/Makefile >> @@ -54,7 +54,6 @@ FILES =3D \ >> etc/s6-linux-init/scripts/rc.init \ >> etc/xdg/weston/autolaunch \ >> etc/xdg/weston/weston.ini \ >> - usr/share/dbus-1/services/org.freedesktop.portal.Documents.service \= >> usr/bin/assign-devices \ >> usr/bin/create-vm-dependencies \ >> usr/bin/run-appimage \ >> @@ -63,10 +62,10 @@ FILES =3D \ >> usr/bin/vm-import \ >> usr/bin/vm-start \ >> usr/bin/vm-stop \ >> - usr/bin/xdg-open >> + usr/bin/xdg-open \ >> + usr/share/dbus-1/services/org.freedesktop.portal.Documents.service >=20 > Would nice for this sort of trivial fix to be a separate patch that > could be immediately applied. Will send later. =20 >> DIRS =3D \ >> - dev \ >> etc/s6-linux-init/env \ >> etc/s6-linux-init/run-image/configs \ >> etc/s6-linux-init/run-image/service/dbus/instance \ >> @@ -90,14 +89,11 @@ DIRS =3D \ >> etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host= /instances \ >> etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host= /template/data \ >> etc/s6-linux-init/run-image/service/xdg-desktop-portal-spectrum-host= /template/env \ >> - etc/s6-linux-init/run-image/user \ >> etc/s6-linux-init/run-image/vm/by-id \ >> etc/s6-linux-init/run-image/vm/by-name \ >> etc/s6-linux-init/run-image/wait \ >> ext \ >> - run \ >> - proc \ >> - sys \ >> + root \ >=20 > I'm not sure what we'd want /root for? Root's home directory is /. It is certainly /root on my systems. >> var >> =20 >> FIFOS =3D etc/s6-linux-init/run-image/service/s6-svscan-log/fifo >> @@ -105,11 +101,8 @@ FIFOS =3D etc/s6-linux-init/run-image/service/s6-= svscan-log/fifo >> # These are separate because they need to be included, but putting >> # them as make dependencies would confuse make. >> LINKS =3D \ >> - bin \ >> etc/s6-linux-init/run-image/opengl-driver \ >> - etc/s6-linux-init/run-image/service/vmm/template/run \ >> - lib \ >> - sbin >> + etc/s6-linux-init/run-image/service/vmm/template/run >> =20 >> BUILD_FILES =3D build/etc/s6-rc >> =20 >> diff --git a/host/rootfs/bin b/host/rootfs/bin >> deleted file mode 120000 >> index 1e881eda3a544eaa86b6019cbe7067ffc58bfafc..0000000000000000000000= 000000000000000000 >> --- a/host/rootfs/bin >> +++ /dev/null >> @@ -1 +0,0 @@ >> -usr/bin >> \ No newline at end of file >> diff --git a/host/rootfs/lib b/host/rootfs/lib >> deleted file mode 120000 >> index 0d5487ba8608d4d1a7328cf8a4e0242d1988c491..0000000000000000000000= 000000000000000000 >> --- a/host/rootfs/lib >> +++ /dev/null >> @@ -1 +0,0 @@ >> -usr/lib >> \ No newline at end of file >> diff --git a/host/rootfs/sbin b/host/rootfs/sbin >> deleted file mode 120000 >> index 1e881eda3a544eaa86b6019cbe7067ffc58bfafc..0000000000000000000000= 000000000000000000 >> --- a/host/rootfs/sbin >> +++ /dev/null >> @@ -1 +0,0 @@ >> -usr/bin >> \ No newline at end of file >> diff --git a/img/app/Makefile b/img/app/Makefile >> index c6b9a23ce8796582d6e2f5121c30c2269975aa2d..062082e35ba352a8f0520b= 28379690f5a2ba2ed3 100644 >> --- a/img/app/Makefile >> +++ b/img/app/Makefile >> @@ -57,15 +57,15 @@ VM_FILES =3D \ >> etc/wireplumber/wireplumber.conf.d/99_spectrum.conf \ >> etc/xdg/xdg-desktop-portal/portals.conf >> =20 >> -VM_DIRS =3D dev run proc sys tmp var \ >> +VM_DIRS =3D \ >> etc/s6-linux-init/run-image/service \ >> - etc/s6-linux-init/run-image/user \ >> - etc/s6-linux-init/run-image/wait >> + etc/s6-linux-init/run-image/wait \ >> + var >> VM_FIFOS =3D etc/s6-linux-init/run-image/service/s6-linux-init-shutdo= wnd/fifo >> =20 >> # These are separate because they need to be included, but putting >> # them as make dependencies would confuse make. >> -VM_LINKS =3D bin etc/ssl/certs/ca-certificates.crt sbin >> +VM_LINKS =3D etc/ssl/certs/ca-certificates.crt >> =20 >> VM_BUILD_FILES =3D build/etc/s6-rc >> =20 >> diff --git a/img/app/bin b/img/app/bin >> deleted file mode 120000 >> index 1e881eda3a544eaa86b6019cbe7067ffc58bfafc..0000000000000000000000= 000000000000000000 >> --- a/img/app/bin >> +++ /dev/null >> @@ -1 +0,0 @@ >> -usr/bin >> \ No newline at end of file >> diff --git a/img/app/default.nix b/img/app/default.nix >> index d3eed1f0accdc8968d1ba5bdec74ab597789082f..4daee260afd41de14de06a= 006b00c2c6db0f5e2a 100644 >> --- a/img/app/default.nix >> +++ b/img/app/default.nix >> @@ -12,6 +12,42 @@ pkgsStatic.callPackage ( >> }: >> =20 >> let >> + kernelTarget =3D >> + if stdenvNoCC.hostPlatform.isx86 then >> + # vmlinux.bin is the stripped version of vmlinux. >> + # Confusingly, compressed/vmlinux.bin is the stripped version o= f >> + # the top-level vmlinux target, while the top-level vmlinux.bin= >> + # is the stripped version of compressed/vmlinux. So we use >> + # compressed/vmlinux.bin, since we want a stripped version of >> + # the kernel that *hasn't* been built to be compressed. Weird!= >> + "compressed/vmlinux.bin" >> + else >> + stdenvNoCC.hostPlatform.linux-kernel.target; >> + >> + kernel =3D (linux_latest.override { >> + structuredExtraConfig =3D with lib.kernel; { >> + DRM_FBDEV_EMULATION =3D lib.mkForce no; >> + EROFS_FS =3D yes; >> + FONTS =3D lib.mkForce unset; >> + FONT_8x8 =3D lib.mkForce unset; >> + FONT_TER16x32 =3D lib.mkForce unset; >> + FRAMEBUFFER_CONSOLE =3D lib.mkForce unset; >> + FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER =3D lib.mkForce unset; >> + FRAMEBUFFER_CONSOLE_DETECT_PRIMARY =3D lib.mkForce unset; >> + FRAMEBUFFER_CONSOLE_ROTATION =3D lib.mkForce unset; >> + RC_CORE =3D lib.mkForce unset; >> + VIRTIO =3D yes; >> + VIRTIO_BLK =3D yes; >> + VIRTIO_CONSOLE =3D yes; >> + VIRTIO_PCI =3D yes; >> + VT =3D no; >> + }; >> + }).overrideAttrs ({ installFlags ? [], ... }: { >> + installFlags =3D installFlags ++ [ >> + "KBUILD_IMAGE=3D$(boot)/${kernelTarget}" >> + ]; >> + }); >> + >> appimageFhsenv =3D (buildFHSEnv (appimageTools.defaultFhsEnvArgs //= { >> name =3D "vm-fhs-env"; >> targetPkgs =3D pkgs: appimageTools.defaultFhsEnvArgs.targetPkgs p= kgs ++ [ >> @@ -53,50 +89,33 @@ let >> pkgs.wireplumber >> ]; >> })).fhsenv; >> -in >> =20 >> -let >=20 > Another cleanup that would be really nice to have separately, so I don'= t > have to try to review two things at once. Will send separately. >> packagesSysroot =3D runCommand "packages-sysroot" {} '' >> - mkdir -p $out/etc/ssl/certs >> - ln -s ${appimageFhsenv}/{lib64,usr} ${kernel}/lib $out >> - ln -s ${cacert}/etc/ssl/certs/* $out/etc/ssl/certs >> + set -eu >> + mkdir -p -- "$out/etc/ssl/certs" "$out/usr/bin" >> + # ../../scripts/make-erofs.sh will re-create these >> + rm -f -- "$out/usr/lib64" "$out/usr/lib" >> + source_dir=3D${lib.escapeShellArg appimageFhsenv}/usr >> + for i in "$source_dir"/*; do >> + subdir=3D''${i##*/} >> + case $subdir in >> + (bin|include|lib|lib64|libexec|sbin|share) :;; >> + (*) printf 'Bad subdirectory %s\n' "$subdir" >&2; exit 1;; >> + esac >> + done >> + if ! [ -h "$source_dir/lib" ]; then echo "FHSenv didn't make lib = a symlink" >&2; exit 1; fi >> + ln -s -- "$source_dir/include" "$source_dir/libexec" "$source_dir= /share" "$out/usr" >> + cp -RT -- "$source_dir/lib64" "$out/usr/lib" >> + # Do this first so that the subsequent call to cp (without -T) >> + # will create new entries in the existing bin directory. >> + cp -RT -- "$source_dir/sbin" "$out/usr/bin" >> + # with -T cp tries to delete the whole target directory first >> + cp -R -- "$source_dir/bin" "$out/usr" >> + # so that ln can make the symlink >> + chmod -- 0755 "$out/usr/lib" >> + ln -s -- ${lib.escapeShellArg kernel}/lib/modules "$out/usr/lib/"= >> + ln -s -- ${lib.escapeShellArg cacert}/etc/ssl/certs/* "$out/etc/s= sl/certs" >> ''; >> - >> - kernelTarget =3D >> - if stdenvNoCC.hostPlatform.isx86 then >> - # vmlinux.bin is the stripped version of vmlinux. >> - # Confusingly, compressed/vmlinux.bin is the stripped version o= f >> - # the top-level vmlinux target, while the top-level vmlinux.bin= >> - # is the stripped version of compressed/vmlinux. So we use >> - # compressed/vmlinux.bin, since we want a stripped version of >> - # the kernel that *hasn't* been built to be compressed. Weird!= >> - "compressed/vmlinux.bin" >> - else >> - stdenvNoCC.hostPlatform.linux-kernel.target; >> - >> - kernel =3D (linux_latest.override { >> - structuredExtraConfig =3D with lib.kernel; { >> - DRM_FBDEV_EMULATION =3D lib.mkForce no; >> - EROFS_FS =3D yes; >> - FONTS =3D lib.mkForce unset; >> - FONT_8x8 =3D lib.mkForce unset; >> - FONT_TER16x32 =3D lib.mkForce unset; >> - FRAMEBUFFER_CONSOLE =3D lib.mkForce unset; >> - FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER =3D lib.mkForce unset; >> - FRAMEBUFFER_CONSOLE_DETECT_PRIMARY =3D lib.mkForce unset; >> - FRAMEBUFFER_CONSOLE_ROTATION =3D lib.mkForce unset; >> - RC_CORE =3D lib.mkForce unset; >> - VIRTIO =3D yes; >> - VIRTIO_BLK =3D yes; >> - VIRTIO_CONSOLE =3D yes; >> - VIRTIO_PCI =3D yes; >> - VT =3D no; >> - }; >> - }).overrideAttrs ({ installFlags ? [], ... }: { >> - installFlags =3D installFlags ++ [ >> - "KBUILD_IMAGE=3D$(boot)/${kernelTarget}" >> - ]; >> - }); >> in >> =20 >> stdenvNoCC.mkDerivation { >> diff --git a/img/app/sbin b/img/app/sbin >> deleted file mode 120000 >> index 1e881eda3a544eaa86b6019cbe7067ffc58bfafc..0000000000000000000000= 000000000000000000 >> --- a/img/app/sbin >> +++ /dev/null >> @@ -1 +0,0 @@ >> -usr/bin >> \ No newline at end of file >> diff --git a/scripts/make-erofs.sh b/scripts/make-erofs.sh >> index d566a4ac7b30f55338fe9b8b6a94702686f6ddd1..5196394d405310971659b0= dbc0c91cfcaaaf9118 100755 >> --- a/scripts/make-erofs.sh >> +++ b/scripts/make-erofs.sh >> @@ -115,5 +115,39 @@ find "$root" \ >> find "$root/etc" "$root/var" ! -type l -execdir chmod u+w,go-w,ugo+rX= -- '{}' + >> chmod 0755 "$root" >> =20 >> +# Fix permissions on / so that the subsequent commands work >> +chmod 0755 "$root" >> + >> +# Create the basic mount points for pseudo-filesystems and tmpfs file= systems. >> +# These should always be mounted over, so use 0400 permissions for th= em. >> +# 0000 would be better, but it breaks mkfs.erofs as it tries to open = the >> +# directories for reading. >> +mkdir -m 0400 "$root/dev" "$root/proc" "$root/run" "$root/sys" "$root= /tmp" >> + >> +# Cause s6-linux-init to create /run/lock and /run/user >> +# with the correct mode (0755) and create /home, >> +# /var/cache, /var/log, and /var/spool directly. >> +mkdir -m 0755 \ >> + "$root/etc/s6-linux-init/run-image/lock" \ >> + "$root/etc/s6-linux-init/run-image/user" \ >> + "$root/home" \ >> + "$root/var/cache" \ >> + "$root/var/log" \ >> + "$root/var/spool" >> + >> +# Create symbolic links that are always expected to exist. >> +chmod 0755 "$root/usr" >> +ln -s ../proc/self/mounts "$root/etc/mtab" >> +ln -s ../run "$root/var/run" >> +ln -s ../run/lock "$root/var/lock" >> +ln -s ../tmp "$root/var/tmp" >> +ln -s bin "$root/usr/sbin" >> +ln -s lib "$root/usr/lib64" >=20 > This doesn't seem right as a generic thing. Nix-built binaries won't > ever need this. It's only in img/app for AppImage etc. compatibility. > Not relevant to other images. I decided it was better to add all of these now to avoid any sort of problems later on. The size impact is tiny and the cost of debugging a problem later on would not be. In particular, contributors not so used to NixOS might assume these exist. >> +ln -s usr/bin "$root/bin" >> +ln -s usr/bin "$root/sbin" >> +ln -s usr/lib "$root/lib" >> +ln -s usr/lib "$root/lib64" >> +chmod 0555 "$root/usr" >> + >> # Make the erofs image. >> mkfs.erofs -x-1 -b4096 --all-root "$@" "$root" >> diff --git a/vm/sys/net/Makefile b/vm/sys/net/Makefile >> index e6819400b2079e3eaa9d24737b2fc4b816a592c8..a8ad03862165a69f3f7dd3= e49f668cfa887d817f 100644 >> --- a/vm/sys/net/Makefile >> +++ b/vm/sys/net/Makefile >> @@ -39,11 +39,7 @@ VM_FILES =3D \ >> etc/s6-linux-init/run-image/service/getty-hvc0/run \ >> etc/s6-linux-init/scripts/rc.init \ >> etc/sysctl.conf >> -VM_DIRS =3D dev etc/s6-linux-init/env run proc sys var/lib/connman >> - >> -# These are separate because they need to be included, but putting >> -# them as make dependencies would confuse make. >> -VM_LINKS =3D bin lib sbin var/run >> +VM_DIRS =3D etc/s6-linux-init/env var/lib/connman >> =20 >> VM_BUILD_FILES =3D build/etc/s6-rc >> =20 >> @@ -53,7 +49,7 @@ build/empty: >> build/rootfs.erofs: ../../../scripts/make-erofs.sh $(PACKAGES_FILE) $= (VM_FILES) $(VM_BUILD_FILES) build/empty >> ( \ >> cat $(PACKAGES_FILE) ;\ >> - for file in $(VM_FILES) $(VM_LINKS); do printf '%s\n%s\n' $$file= $$file; done ;\ >> + for file in $(VM_FILES); do printf '%s\n%s\n' $$file $$file; don= e ;\ >> for file in $(VM_BUILD_FILES); do printf '%s\n%s\n' $$file $${fi= le#build/}; done ;\ >> printf 'build/empty\n%s\n' $(VM_DIRS) ;\ >> ) | ../../../scripts/make-erofs.sh $@ >> diff --git a/vm/sys/net/bin b/vm/sys/net/bin >> deleted file mode 120000 >> index 1e881eda3a544eaa86b6019cbe7067ffc58bfafc..0000000000000000000000= 000000000000000000 >> --- a/vm/sys/net/bin >> +++ /dev/null >> @@ -1 +0,0 @@ >> -usr/bin >> \ No newline at end of file >> diff --git a/vm/sys/net/default.nix b/vm/sys/net/default.nix >> index b5873ebe1e80dd88c1ba997f7ebd3ee7369bb40f..a2c635e8ff09ab2b0ae469= 4344f3810c1b9739a5 100644 >> --- a/vm/sys/net/default.nix >> +++ b/vm/sys/net/default.nix >> @@ -51,6 +51,8 @@ let >> for pkg in ${lib.escapeShellArgs usrPackages}; do >> lndir -ignorelinks -silent "$pkg" "$out/usr" >> done >> + [ -h "$out/usr/sbin" ] >> + rm -f -- "$out/usr/sbin" >> ''; >> =20 >> nixosAllHardware =3D nixos ({ modulesPath, ... }: { --=20 Sincerely, Demi Marie Obenour (she/her/hers) --------------aydtSOqmihAaQC9vrXx6nDaR Content-Type: application/pgp-keys; name="OpenPGP_0xB288B55FFF9C22C1.asc" Content-Disposition: attachment; filename="OpenPGP_0xB288B55FFF9C22C1.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBFp+A0oBEADffj6anl9/BHhUSxGTICeVl2tob7hPDdhHNgPR4C8xlYt5q49y B+l2nipdaq+4Gk6FZfqC825TKl7eRpUjMriwle4r3R0ydSIGcy4M6eb0IcxmuPYf bWpr/si88QKgyGSVZ7GeNW1UnzTdhYHuFlk8dBSmB1fzhEYEk0RcJqg4AKoq6/3/ UorR+FaSuVwT7rqzGrTlscnTDlPWgRzrQ3jssesI7sZLm82E3pJSgaUoCdCOlL7M MPCJwI8JpPlBedRpe9tfVyfu3euTPLPxwcV3L/cfWPGSL4PofBtB8NUU6QwYiQ9H zx4xOyn67zW73/G0Q2vPPRst8LBDqlxLjbtx/WLR6h3nBc3eyuZ+q62HS1pJ5EvU T1vjyJ1ySrqtUXWQ4XlZyoEFUfpJxJoN0A9HCxmHGVckzTRl5FMWo8TCniHynNXs BtDQbabt7aNEOaAJdE7to0AH3T/Bvwzcp0ZJtBk0EM6YeMLtotUut7h2Bkg1b//r 6bTBswMBXVJ5H44Qf0+eKeUg7whSC9qpYOzzrm7+0r9F5u3qF8ZTx55TJc2g656C 9a1P1MYVysLvkLvS4H+crmxA/i08Tc1h+x9RRvqba4lSzZ6/Tmt60DPM5Sc4R0nS m9BBff0Nm0bSNRS8InXdO1Aq3362QKX2NOwcL5YaStwODNyZUqF7izjK4QARAQAB zTxEZW1pIE9iZW5vdXIgKElUTCBFbWFpbCBLZXkpIDxhdGhlbmFAaW52aXNpYmxl dGhpbmdzbGFiLmNvbT7CwY4EEwEIADgWIQR2h02fEza6IlkHHHGyiLVf/5wiwQUC X6YJvQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCyiLVf/5wiwWRhD/0Y R+YYC5Kduv/2LBgQJIygMsFiRHbR4+tWXuTFqgrxxFSlMktZ6gQrQCWe38WnOXkB oY6n/5lSJdfnuGd2UagZ/9dkaGMUkqt+5WshLFly4BnP7pSsWReKgMP7etRTwn3S zk1OwFx2lzY1EnnconPLfPBc6rWG2moA6l0WX+3WNR1B1ndqpl2hPSjT2jUCBWDV rGOUSX7r5f1WgtBeNYnEXPBCUUM51pFGESmfHIXQrqFDA7nBNiIVFDJTmQzuEqIy Jl67pKNgooij5mKzRhFKHfjLRAH4mmWZlB9UjDStAfFBAoDFHwd1HL5VQCNQdqEc /9lZDApqWuCPadZN+pGouqLysesIYsNxUhJ7dtWOWHl0vs7/3qkWmWun/2uOJMQh ra2u8nA9g91FbOobWqjrDd6x3ZJoGQf4zLqjmn/P514gb697788e573WN/MpQ5XI Fl7aM2d6/GJiq6LC9T2gSUW4rbPBiqOCeiUx7Kd/sVm41p9TOA7fEG4bYddCfDsN xaQJH6VRK3NOuBUGeL+iQEVF5Xs6Yp+U+jwvv2M5Lel3EqAYo5xXTx4ls0xaxDCu fudcAh8CMMqx3fguSb7Mi31WlnZpk0fDuWQVNKyDP7lYpwc4nCCGNKCj622ZSocH AcQmX28L8pJdLYacv9pU3jPy4fHcQYvmTavTqowGnM08RGVtaSBNYXJpZSBPYmVu b3VyIChsb3ZlciBvZiBjb2RpbmcpIDxkZW1pb2Jlbm91ckBnbWFpbC5jb20+wsF4 BBMBAgAiBQJafgNKAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCyiLVf /5wiwYa/EACv8a2+MMou9cSCNoZBQaU+fTmyzft9hUE+0d5W2UY1RY3OsjFIzm9R /4SVccfsqOYLEo+S0vQMIIIqFEq3FCpXXwPzyimotps05VA8U3Bd7yseojFygOgK sAMOAee2RCaDDOnoJue01dfZMzzHPO/TVdp3OvnpWipfv5G1Xg96rwbhMLE3tg6N xwAHa31Bv4/Xq8CJOoIWvx6fcmZQpz01/lSvsYn0KrfEbTKkuUf0vM9JrCTCP2oz VNN5BYzqaq2M4r+jmSyeXLim922VOWqGkUEQ85BSEemqrRS06IU6NtEMsF8EWt/b hWjk/9GDKTcnpdJHTrMxTspExBiNrvpI2t+YPU5B/dJJAUxvmhFrbSIbdB8umBZs I3AMYrEmpAbh5x7jEjoskUC7uN3o9vpg1oCLS2ePDLtAtyBtbHnkA4xGD7ar8mem xpH9lY/i+sC6CyyIUWcUDnnagKyJP0m9ks0GLsTeOCA0bft2XA6rD6aaCnMUsndT ctrab42CV5XypjmC4U1rPJ8JQJUh1/3P48/8sMH+3krxpJ06KNWNFaUbaMTGiltZ 7x9DngklSYrX0T+2G4kVXNmjaljwkoLahwLla2gUWwBSyofXdqyhQdwZsp01KXNQ UCyT/Pg+aDcm/E7OMV3d4lf7g/CSxiX2GSEe6BlhSz+Lmd7ZJ3g32M1ARGVtaSBN YXJpZSBPYmVub3VyIChJVEwgRW1haWwgS2V5KSA8ZGVtaUBpbnZpc2libGV0aGlu Z3NsYWIuY29tPsLBjgQTAQgAOBYhBHaHTZ8TNroiWQcccbKItV//nCLBBQJgOEV+ AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELKItV//nCLBKwoP/1WSnFdv SAD0g7fD0WlF+oi7ISFT7oqJnchFLOwVHK4Jg0e4hGn1ekWsF3Ha5tFLh4V/7UUu obYJpTfBAA2CckspYBqLtKGjFxcaqjjpO1I2W/jeNELVtSYuCOZICjdNGw2Hl9yH KRZiBkqc9u8lQcHDZKq4LIpVJj6ZQV/nxttDX90ax2No1nLLQXFbr5wb465LAPpU lXwunYDij7xJGye+VUASQh9datye6orZYuJvNo8Tr3mAQxxkfR46LzWgxFCPEAZJ 5P56Nc0IMHdJZj0Uc9+1jxERhOGppp5jlLgYGK7faGB/jTV6LaRQ4Ad+xiqokDWp mUOZsmA+bMbtPfYjDZBz5mlyHcIRKIFpE1l3Y8F7PhJuzzMUKkJi90CYakCV4x/a Zs4pzk5E96c2VQx01RIEJ7fzHF7lwFdtfTS4YsLtAbQFsKayqwkGcVv2B1AHeqdo TMX+cgDvjd1ZganGlWA8Sv9RkNSMchn1hMuTwERTyFTr2dKPnQdA1F480+jUap41 ClXgn227WkCIMrNhQGNyJsnwyzi5wS8rBVRQ3BOTMyvGM07j3axUOYaejEpg7wKi wTPZGLGH1sz5GljD/916v5+v2xLbOo5606j9dWf5/tAhbPuqrQgWv41wuKDi+dDD EKkODF7DHes8No+QcHTDyETMn1RYm7t0RKR4zsFNBFp+A0oBEAC9ynZI9LU+uJkM eEJeJyQ/8VFkCJQPQZEsIGzOTlPnwvVna0AS86n2Z+rK7R/usYs5iJCZ55/JISWd 8xD57ue0eB47bcJvVqGlObI2DEG8TwaW0O0duRhDgzMEL4t1KdRAepIESBEA/iPp I4gfUbVEIEQuqdqQyO4GAe+MkD0Hy5JH/0qgFmbaSegNTdQg5iqYjRZ3ttiswalq l1/iSyv1WYeC1OAs+2BLOAT2NEggSiVOtxEfgewsQtCWi8H1SoirakIfo45Hz0tk /Ad9ZWh2PvOGt97Ka85o4TLJxgJJqGEnqcFUZnJJriwoaRIS8N2C8/nEM53jb1sH 0gYddMU3QxY7dYNLIUrRKQeNkF30dK7V6JRH7pleRlf+wQcNfRAIUrNlatj9Txwi vQrKnC9aIFFHEy/0mAgtrQShcMRmMgVlRoOA5B8RTulRLCmkafvwuhs6dCxN0GNA ORIVVFxjx9Vn7OqYPgwiofZ6SbEl0hgPyWBQvE85klFLZLoj7p+joDY1XNQztmfA rnJ9x+YV4igjWImINAZSlmEcYtd+xy3Li/8oeYDAqrsnrOjb+WvGhCykJk4urBog 2LNtcyCjkTs7F+WeXGUo0NDhbd3Z6AyFfqeF7uJ3D5hlpX2nI9no/ugPrrTVoVZA grrnNz0iZG2DVx46x913pVKHl5mlYQARAQABwsFfBBgBAgAJBQJafgNKAhsMAAoJ ELKItV//nCLBwNIP/AiIHE8boIqReFQyaMzxq6lE4YZCZNj65B/nkDOvodSiwfwj jVVE2V3iEzxMHbgyTCGA67+Bo/d5aQGjgn0TPtsGzelyQHipaUzEyrsceUGWYoKX YyVWKEfyh0cDfnd9diAm3VeNqchtcMpoehETH8frRHnJdBcjf112PzQSdKC6kqU0 Q196c4Vp5HDOQfNiDnTf7gZSj0BraHOByy9LEDCLhQiCmr+2E0rW4tBtDAn2HkT9 uf32ZGqJCn1O+2uVfFhGu6vPE5qkqrbSE8TG+03H8ecU2q50zgHWPdHMOBvy3Ehz fAh2VmOSTcRK+tSUe/u3wdLRDPwv/DTzGI36Kgky9MsDC5gpIwNbOJP2G/q1wT1o Gkw4IXfWv2ufWiXqJ+k7HEi2N1sree7Dy9KBCqb+ca1vFhYPDJfhP75I/VnzHVss Z/rYZ9+51yDoUABoNdJNSGUYl+Yh9Pw9pE3Kt4EFzUlFZWbE4xKL/NPno+z4J9aW emLLszcYz/u3XnbOvUSQHSrmfOzX3cV4yfmjM5lewgSstoxGyTx2M8enslgdXhPt hZlDnTnOT+C+OTsh8+m5tos8HQjaPM01MKBiAqdPgksm1wu2DrrwUi6ChRVTUBcj 6+/9IJ81H2P2gJk3Ls3AVIxIffLoY34E+MYSfkEjBz0E8CLOcAw7JIwAaeBTzsFN BGbyLVgBEACqClxh50hmBepTSVlan6EBq3OAoxhrAhWZYEwN78k+ENhK68KhqC5R IsHzlL7QHW1gmfVBQZ63GnWiraM6wOJqFTL4ZWvRslga9u28FJ5XyK860mZLgYhK 9BzoUk4s+dat9jVUbq6LpQ1Ot5I9vrdzo2p1jtQ8h9WCIiFxSYy8s8pZ3hHh5T64 GIj1m/kY7lG3VIdUgoNiREGf/iOMjUFjwwE9ZoJ26j9p7p1U+TkKeF6wgswEB1T3 J8KCAtvmRtqJDq558IU5jhg5fgN+xHB8cgvUWulgK9FIF9oFxcuxtaf/juhHWKMO RtL0bHfNdXoBdpUDZE+mLBUAxF6KSsRrvx6AQyJs7VjgXJDtQVWvH0PUmTrEswgb 49nNU+dLLZQAZagxqnZ9Dp5l6GqaGZCHERJcLmdY/EmMzSf5YazJ6c0vO8rdW27M kn73qcWAplQn5mOXaqbfzWkAUPyUXppuRHfrjxTDz3GyJJVOeMmMrTxH4uCaGpOX Z8tN6829J1roGw4oKDRUQsaBAeEDqizXMPRc+6U9vI5FXzbAsb+8lKW65G7JWHym YPOGUt2hK4DdTA1PmVo0DxH00eWWeKxqvmGyX+Dhcg+5e191rPsMRGsDlH6KihI6 +3JIuc0y6ngdjcp6aalbuvPIGFrCRx3tnRtNc7He6cBWQoH9RPwluwARAQABwsOs BBgBCgAgFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmbyLVgCGwICQAkQsoi1X/+c IsHBdCAEGQEKAB0WIQSilC2pUlbVp66j3+yzNoc6synyUwUCZvItWAAKCRCzNoc6 synyU85gD/0T1QDtPhovkGwoqv4jUbEMMvpeYQf+oWgm/TjWPeLwdjl7AtY0G9Ml ZoyGniYkoHi37Gnn/ShLT3B5vtyI58ap2+SSa8SnGftdAKRLiWFWCiAEklm9FRk8 N3hwxhmSFF1KR/AIDS4g+HIsZn7YEMubBSgLlZZ9zHl4O4vwuXlREBEW97iL/FSt VownU2V39t7PtFvGZNk+DJH7eLO3jmNRYB0PL4JOyyda3NH/J92iwrFmjFWWmmWb /Xz8l9DIs+Z59pRCVTTwbBEZhcUc7rVMCcIYL+q1WxBG2e6lMn15OQJ5WfiE6E0I sGirAEDnXWx92JNGx5l+mMpdpsWhBZ5iGTtttZesibNkQfd48/eCgFi4cxJUC4PT UQwfD9AMgzwSTGJrkI5XGy+XqxwOjL8UA0iIrtTpMh49zw46uV6kwFQCgkf32jZM OLwLTNSzclbnA7GRd8tKwezQ/XqeK3dal2n+cOr+o+Eka7yGmGWNUqFbIe8cjj9T JeF3mgOCmZOwMI+wIcQYRSf+e5VTMO6TNWH5BI3vqeHSt7HkYuPlHT0pGum88d4a pWqhulH4rUhEMtirX1hYx8Q4HlUOQqLtxzmwOYWkhl1C+yPObAvUDNiHCLf9w28n uihgEkzHt9J4VKYulyJM9fe3ENcyU6rpXD7iANQqcr87ogKXFxknZ97uEACvSucc RbnnAgRqZ7GDzgoBerJ2zrmhLkeREZ08iz1zze1JgyW3HEwdr2UbyAuqvSADCSUU GN0vtQHsPzWl8onRc7lOPqPDF8OO+UfN9NAfA4wl3QyChD1GXl9rwKQOkbvdlYFV UFx9u86LNi4ssTmU8p9NtHIGpz1SYMVYNoYy9NU7EVqypGMguDCL7gJt6GUmA0sw p+YCroXiwL2BJ7RwRqTpgQuFL1gShkA17D5jK4mDPEetq1d8kz9rQYvAR/sTKBsR ImC3xSfn8zpWoNTTB6lnwyP5Ng1bu6esS7+SpYprFTe7ZqGZF6xhvBPf1Ldi9UAm U2xPN1/eeWxEa2kusidmFKPmN8lcT4miiAvwGxEnY7Oww9CgZlUB+LP4dl5VPjEt sFeAhrgxLdpVTjPRRwTd9VQF3/XYl83j5wySIQKIPXgT3sG3ngAhDhC8I8GpM36r 8WJJ3x2yVzyJUbBPO0GBhWE2xPNIfhxVoU4cGGhpFqz7dPKSTRDGq++MrFgKKGpI ZwT3CPTSSKc7ySndEXWkOYArDIdtyxdE1p5/c3aoz4utzUU7NDHQ+vVIwlnZSMiZ jek2IJP3SZ+COOIHCVxpUaZ4lnzWT4eDqABhMLpIzw6NmGfg+kLBJhouqz81WITr EtJuZYM5blWncBOJCoWMnBEcTEo/viU3GgcVRw=3D=3D =3Dx94R -----END PGP PUBLIC KEY BLOCK----- --------------aydtSOqmihAaQC9vrXx6nDaR-- --------------oHBC53n9U0Emw8xag3ta5faZ-- --------------LAyIdWs0k8yJgU7W0U0iKyjg Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEopQtqVJW1aeuo9/sszaHOrMp8lMFAmi/GvwACgkQszaHOrMp 8lPL5A//QzCZuyALg7cBgXY/kIPrJSJgVD5rp2MrBQm6wT/s6rnIedVgj/bckYHO uK3uHUm28R2B4LT4o72o6oQB/fOBcDncjkmHmaDbULojLf03GhydX/wz5sBbCrDH CfKaQEp9Rum3JXUcf8TYCHufwRnh0nVtwI50AYCzQtniar1HNnW6hHUiHLAuUQzn 94TgCYMx461jXRp764H4fecZx0arzhRpJDchc0MPMwsG2wOIwM2MzUiGGYZz46Lc BdSb8N/t0RUnfK0C4FRN1qOvRUESj/N8xcn3m6DOhfL/tu7ONCExSkB/x/bsYPBQ 3RzzzKqfYv+vsPOb7Z5ndDL09R4ZI02nif/Yv23WZ29/vki4Y29wKKqkoAJPwSa6 fzO6761esr2ScNMFHWv32iT0PMFVvfDwUZKrcBnmZ4GNgnLLdaWudbbvntnfrDh8 hQCKDlHOmgzDM23E2XOfGMOCzGB5dByNEAvc6Ze0R6RxAUTQqe84GNNjj3jBvE02 nvI65DZ484lMYZG5ivJRKMfuznwgQ6Zqkdg2nBaBVCSeD9qdD+DWB8U5mqdxj8Oa BaUqhT+0QU+GZHTZgQgze8l9fzAac3ORc+EUDSoTVeXizjGZ+0aDu82nAV0EnXJF ni0GZRnAEnDGuMpjn3DrBkvCSbLhtSp/ep60/ivXrk7nDPEfAUs= =+4r+ -----END PGP SIGNATURE----- --------------LAyIdWs0k8yJgU7W0U0iKyjg--