diff --git a/.circleci/config.yml b/.circleci/config.yml index c23a19e10..4d4ff24f4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,35 +2,8 @@ version: 2 jobs: build: docker: - - image: osresearch/heads-ubuntu:16.04 + - image: osresearch/musl-cross:38e52db steps: - - run: - name: Install dependencies - command: | - apt update - apt install -y \ - build-essential \ - zlib1g-dev \ - uuid-dev \ - libdigest-sha-perl \ - libelf-dev \ - bc \ - bzip2 \ - bison \ - flex \ - git \ - gnupg \ - iasl \ - m4 \ - nasm \ - patch \ - python \ - wget \ - gnat \ - cpio \ - ccache \ - lzma \ - - checkout - run: @@ -38,23 +11,39 @@ jobs: command: | make -j4 bootstrap - - run: - name: Bootstrap coreboot-gcc - command: | - ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ - V=1 \ - BOARD=qemu-coreboot \ - coreboot-gcc +# linuxboot steps need something to pass in the kernel header path +# skipping for now +# - run: +# name: qemu-linuxboot-edk2 +# command: | +# ./build/make-4.2.1/make \ +# CROSS=/cross/bin/x86_64-linux-musl- \ +# BOARD=qemu-linuxboot \ +# `/bin/pwd`/build/linuxboot-git/build/qemu/.configured \ +# # Run first to avoid too many processes +# +# - run: +# name: qemu-linuxboot +# command: | +# ./build/make-4.2.1/make \ +# CROSS=/cross/bin/x86_64-linux-musl- \ +# --load 2 \ +# V=1 \ +# BOARD=qemu-linuxboot \ +# +# - store-artifacts: +# path: build/qemu-linuxboot/linuxboot.rom +# - store-artifacts: +# path: build/qemu-linuxboot/hashes.txt - run: name: qemu-coreboot command: | ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ + CROSS=/cross/bin/x86_64-linux-musl- \ + --load 2 \ V=1 \ - -j4 \ BOARD=qemu-coreboot \ - store-artifacts: @@ -62,28 +51,12 @@ jobs: - store-artifacts: path: build/qemu-coreboot/hashes.txt - - - run: - name: qemu-linuxboot - command: | - ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ - V=1 \ - -j4 \ - BOARD=qemu-linuxboot \ - - - store-artifacts: - path: build/qemu-linuxboot/linuxboot.rom - - store-artifacts: - path: build/qemu-linuxboot/hashes.txt - - - run: name: x230 command: | ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ - -j4 \ + CROSS=/cross/bin/x86_64-linux-musl- \ + --load 2 \ V=1 \ BOARD=x230 \ diff --git a/Makefile b/Makefile index cc5cac6ad..a0bda55be 100644 --- a/Makefile +++ b/Makefile @@ -106,11 +106,13 @@ SHELL := /bin/bash # be defined prior to any other module. include modules/musl-cross -musl_dep := musl -heads_cc := $(INSTALL)/bin/musl-gcc \ +musl_dep := musl-cross +heads_cc := $(CROSS)gcc \ -fdebug-prefix-map=$(pwd)=heads \ -gno-record-gcc-switches \ -D__MUSL__ \ + -I$(INSTALL)/include \ + -L$(INSTALL)/lib \ CROSS_TOOLS_NOCC := \ AR="$(CROSS)ar" \ @@ -145,8 +147,9 @@ all: FORCE: # Make helpers to operate on lists of things +# Prefix is "smart" and doesn't add the prefix for absolute file paths define prefix = -$(foreach _, $2, $1$_) +$(foreach _, $2, $(if $(patsubst /%,,$_),$1$_,$_)) endef define map = $(foreach _,$2,$(eval $(call $1,$_))) @@ -264,9 +267,10 @@ define define_module = # Unpack the tar file and touch the canary so that we know # that the files are all present $(build)/$($1_base_dir)/.canary: $(packages)/.$1-$($1_version)_verify - tar -xf "$(packages)/$($1_tar)" -C "$(build)" + mkdir -p "$$(dir $$@)" + tar -xf "$(packages)/$($1_tar)" $(or $($1_tar_opt),--strip 1) -C "$$(dir $$@)" if [ -r patches/$1-$($1_version).patch ]; then \ - ( cd $(build)/$($1_base_dir) ; patch -p1 ) \ + ( cd $$(dir $$@) ; patch -p1 ) \ < patches/$1-$($1_version).patch \ || exit 1 ; \ fi @@ -274,7 +278,7 @@ define define_module = [ -r patches/$1-$($1_version) ] ; then \ for patch in patches/$1-$($1_version)/*.patch ; do \ echo "Applying patch file : $$$$patch " ; \ - ( cd $(build)/$($1_base_dir) ; patch -p1 ) \ + ( cd $$(dir $$@) ; patch -p1 ) \ < $$$$patch \ || exit 1 ; \ done ; \ @@ -409,6 +413,7 @@ endef # Only some modules have binaries that we install # Shouldn't this be specified in the module file? +#bin_modules-$(CONFIG_MUSL) += musl-cross bin_modules-$(CONFIG_KEXEC) += kexec bin_modules-$(CONFIG_TPMTOTP) += tpmtotp bin_modules-$(CONFIG_PCIUTILS) += pciutils @@ -450,8 +455,7 @@ endif $(COREBOOT_UTIL_DIR)/cbmem/cbmem \ $(COREBOOT_UTIL_DIR)/superiotool/superiotool \ $(COREBOOT_UTIL_DIR)/inteltool/inteltool \ -: $(build)/$(coreboot_base_dir)/.canary \ - $(build)/$(musl_dir)/.build +: $(build)/$(coreboot_base_dir)/.canary +$(call do,MAKE,$(notdir $@),\ $(MAKE) -C "$(dir $@)" $(CROSS_TOOLS) \ ) @@ -563,7 +567,6 @@ modules.clean: real.clean: for dir in \ $(module_dirs) \ - $(musl_dir) \ $(kernel_headers) \ ; do \ if [ ! -z "$$dir" ]; then \ diff --git a/blobs/dev.cpio b/blobs/dev.cpio index 5e71bf641..43f108809 100644 Binary files a/blobs/dev.cpio and b/blobs/dev.cpio differ diff --git a/blobs/librem_kbl/get_blobs.sh b/blobs/librem_kbl/get_blobs.sh index 7614119f1..ff7087f64 100755 --- a/blobs/librem_kbl/get_blobs.sh +++ b/blobs/librem_kbl/get_blobs.sh @@ -2,15 +2,16 @@ # depends on : wget sha256sum gunzip # Purism source -PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/master" +RELEASES_GIT_HASH="9828ffc0fbe7e0da65f10fe5e14f68f0ef061d5d" +PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/${RELEASES_GIT_HASH}" # Librem 13 v4 and Librem 15 v4 binary blob hashes -KBL_UCODE_SHA="a420274eecca369fcca465cc46725d61c0ae8ca2e18f201b1751faf9e081fb2e" +KBL_UCODE_SHA="bb07f0f77abe08e553f85b99d18fa129f991bf3613cf73d77c4f0ece87dd251e" KBL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524" KBL_ME_SHA="0eec2e1135193941edd39d0ec0f463e353d0c6c9068867a2f32a72b64334fb34" -KBL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d" -KBL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf" -KBL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98" +KBL_FSPM_SHA="b285fc2240df7fee4fa069444cc2be2ebf5ea70af21b722b0e3dd102321b4877" +KBL_FSPS_SHA="223d0f3d3ff28c46a3ac33442385ffedefe2d3063774784d4fef432013568019" +KBL_VBT_SHA="45135459f7cbc06675fec5688479c2e2f4335d77c61bb58e4016d32ba7daa9d0" # cbfstool, ifdtool, coreboot image from Purism repo CBFSTOOL_FILE="cbfstool.gz" @@ -26,7 +27,7 @@ IFDTOOL_BIN="./ifdtool" COREBOOT_IMAGE="coreboot-l13v4.rom" COREBOOT_IMAGE_FILE="$COREBOOT_IMAGE.gz" COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v4/$COREBOOT_IMAGE_FILE" -COREBOOT_IMAGE_SHA="4491efd0a8b2de5a88fd7491a5d2605884ed956c3d271d7761906269b4cfb601" +COREBOOT_IMAGE_SHA="5a7548e2742289fa66339f817f4247599d51bc7a5a6a9e887efd39fcf7f9e831" die () { local msg=$1 @@ -121,4 +122,4 @@ rm -f $COREBOOT_IMAGE >/dev/null 2>&1 rm -f *.gz >/dev/null 2>&1 echo "" -echo "All blobs have been verified and are ready for use" \ No newline at end of file +echo "All blobs have been verified and are ready for use" diff --git a/blobs/librem_skl/get_blobs.sh b/blobs/librem_skl/get_blobs.sh index 02ffad77d..e455f3d41 100755 --- a/blobs/librem_skl/get_blobs.sh +++ b/blobs/librem_skl/get_blobs.sh @@ -2,15 +2,16 @@ # depends on : wget sha256sum gunzip # Purism source -PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/master" +RELEASES_GIT_HASH="9828ffc0fbe7e0da65f10fe5e14f68f0ef061d5d" +PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/${RELEASES_GIT_HASH}" # Librem 13 v2/v3 and Librem 15 v3 binary blob hashes -SKL_UCODE_SHA="9c84936df700d74612a99e6ab581640ecf423d25a0b74a1ea23a6d9872349213" +SKL_UCODE_SHA="e528d2ccc5d76cd04bfabb556a3fbb70b93d9aca43e291e0f0104fbaae5720fd" SKL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524" SKL_ME_SHA="cf06d3eb8b24490a1ab46fd988b6cef822e5347cd6a2e92bc332cb4a376eb8bc" -SKL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d" -SKL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf" -SKL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98" +SKL_FSPM_SHA="5f402416894c324b6cbf8cba85068ac2c3de9be8dd4f37fae3af6cfed7acc38e" +SKL_FSPS_SHA="223d0f3d3ff28c46a3ac33442385ffedefe2d3063774784d4fef432013568019" +SKL_VBT_SHA="45135459f7cbc06675fec5688479c2e2f4335d77c61bb58e4016d32ba7daa9d0" # cbfstool, ifdtool, coreboot image from Purism repo CBFSTOOL_FILE="cbfstool.gz" @@ -23,10 +24,10 @@ IFDTOOL_URL="$PURISM_SOURCE/tools/$IFDTOOL_FILE" IFDTOOL_SHA="08228ece4968794499ebd49a851f7d3f7f1b81352da8cd6e0c7916ac931a7d72" IFDTOOL_BIN="./ifdtool" -COREBOOT_IMAGE="coreboot-l13v3.rom" +COREBOOT_IMAGE="coreboot-l13v2.rom" COREBOOT_IMAGE_FILE="$COREBOOT_IMAGE.gz" -COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v3/$COREBOOT_IMAGE_FILE" -COREBOOT_IMAGE_SHA="34276a7b82624cfb29aed688df7f2b4e747a9e951196e376732e972c8575ece6" +COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v2/$COREBOOT_IMAGE_FILE" +COREBOOT_IMAGE_SHA="c703e0e705554bc7eb90814ae933d4372c0042927a6bbd7f27024cb99a8993d6" die () { local msg=$1 @@ -121,4 +122,4 @@ rm -f $COREBOOT_IMAGE >/dev/null 2>&1 rm -f *.gz >/dev/null 2>&1 echo "" -echo "All blobs have been verified and are ready for use" \ No newline at end of file +echo "All blobs have been verified and are ready for use" diff --git a/blobs/t420/extract.sh b/blobs/t420/extract.sh new file mode 100755 index 000000000..e34c3f907 --- /dev/null +++ b/blobs/t420/extract.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -m (optional) -i (optional)" + exit 0 +} + +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "ME: $MECLEAN" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) + +cp "$FILE" $bioscopy + +cd "$extractdir" +$IFDTOOL -x $bioscopy +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" +$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin" +$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy +$IFDTOOL -x $bioscopy.new +cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin" + +rm "$bioscopy" +rm "$bioscopy.new" +rm -r "$extractdir" diff --git a/blobs/t420/layout.txt b/blobs/t420/layout.txt new file mode 100644 index 000000000..bbd90962c --- /dev/null +++ b/blobs/t420/layout.txt @@ -0,0 +1,4 @@ +00000000:00000fff fd +00018000:007fffff bios +00003000:00017fff me +00001000:00002fff gbe diff --git a/blobs/t420/readme.md b/blobs/t420/readme.md new file mode 100644 index 000000000..4a40a0528 --- /dev/null +++ b/blobs/t420/readme.md @@ -0,0 +1,29 @@ +To build for T420, we need to have the following files in this folder: +* `me.bin` - ME binary that has been stripped and truncated with me_cleaner +* `gbe.bin` - Network card blob from the original firmware +* `ifd.bin` - Flash layout file has been provided as text + +To get the binaries, start with a copy of the original Lenovo firmware image. +If you do not have one already, you can read one out from the laptops SPI flash with flashrom + +``` +flashrom -p -r original.bin +``` + +Set `` to the flashrom programmer type that you will use (for example, `linux_spi:dev=/dev/spidev0.0` on a Raspberry Pi). + +Once you have the image, the provided extraction script will extract the files needed. + +``` +./extract.sh -f +``` + +Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located automatically. + +The flash layout will be automatically adjusted and the ME image cleaned and truncated. + +You can now compile the image with: + +``` +make BOARD=t420 +``` diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh index 173ed7fc6..e34c3f907 100755 --- a/blobs/x220/extract.sh +++ b/blobs/x220/extract.sh @@ -5,6 +5,8 @@ function printusage { exit 0 } +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + if [ "$#" -eq 0 ]; then printusage; fi while getopts ":f:m:i:" opt; do @@ -26,7 +28,7 @@ while getopts ":f:m:i:" opt; do done if [ -z "$MECLEAN" ]; then - MECLEAN=`command -v me_cleaner.py 2>&1` + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1` if [ -z "$MECLEAN" ]; then echo "me_cleaner.py required but not found or specified with -m. Aborting." exit 1; @@ -34,7 +36,7 @@ if [ -z "$MECLEAN" ]; then fi if [ -z "$IFDTOOL" ]; then - IFDTOOL=`command -v ifdtool 2>&1` + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1` if [ -z "$IFDTOOL" ]; then echo "ifdtool required but not found or specified with -m. Aborting." exit 1; @@ -47,7 +49,6 @@ echo "IFD: $IFDTOOL" bioscopy=$(mktemp) extractdir=$(mktemp -d) -BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cp "$FILE" $bioscopy diff --git a/boards/kgpe-d16/kgpe-d16.config b/boards/kgpe-d16/kgpe-d16.config index 466fdf015..072f36ac8 100644 --- a/boards/kgpe-d16/kgpe-d16.config +++ b/boards/kgpe-d16/kgpe-d16.config @@ -28,6 +28,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 " export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/leopard/leopard.config b/boards/leopard/leopard.config index d0471623c..672ed47f8 100644 --- a/boards/leopard/leopard.config +++ b/boards/leopard/leopard.config @@ -42,7 +42,6 @@ export CONFIG_TPM=n export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" $(build)/$(BOARD)/linuxboot.rom: linuxboot.intermediate diff --git a/boards/librem13v2/librem13v2.config b/boards/librem13v2/librem13v2.config index eca005831..2d3f3aca2 100644 --- a/boards/librem13v2/librem13v2.config +++ b/boards/librem13v2/librem13v2.config @@ -30,8 +30,8 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq" diff --git a/boards/librem13v4/librem13v4.config b/boards/librem13v4/librem13v4.config index 12fe04886..e1a4bbc09 100644 --- a/boards/librem13v4/librem13v4.config +++ b/boards/librem13v4/librem13v4.config @@ -30,8 +30,8 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq" diff --git a/boards/librem15v3/librem15v3.config b/boards/librem15v3/librem15v3.config index 80c522952..2580e15b1 100644 --- a/boards/librem15v3/librem15v3.config +++ b/boards/librem15v3/librem15v3.config @@ -32,8 +32,8 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 15v3 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq" diff --git a/boards/librem15v4/librem15v4.config b/boards/librem15v4/librem15v4.config index 16f6aa44c..107be0325 100644 --- a/boards/librem15v4/librem15v4.config +++ b/boards/librem15v4/librem15v4.config @@ -32,8 +32,8 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 15v4 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq" diff --git a/boards/qemu-coreboot/qemu-coreboot.config b/boards/qemu-coreboot/qemu-coreboot.config index 1dc025692..aeb57c787 100644 --- a/boards/qemu-coreboot/qemu-coreboot.config +++ b/boards/qemu-coreboot/qemu-coreboot.config @@ -49,7 +49,6 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" #run: coreboot.intermediate run: diff --git a/boards/qemu-linuxboot/qemu-linuxboot.config b/boards/qemu-linuxboot/qemu-linuxboot.config index 730ce633d..4a9a3317d 100644 --- a/boards/qemu-linuxboot/qemu-linuxboot.config +++ b/boards/qemu-linuxboot/qemu-linuxboot.config @@ -36,7 +36,6 @@ export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_BOOT_STATIC_IP=10.0.2.15 # You can ssh into the qemu instance by running diff --git a/boards/r630/r630.config b/boards/r630/r630.config index 23c8d43b5..8f24f0573 100644 --- a/boards/r630/r630.config +++ b/boards/r630/r630.config @@ -28,4 +28,3 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/s2600wf/s2600wf.config b/boards/s2600wf/s2600wf.config index 8af985110..2c810da0f 100644 --- a/boards/s2600wf/s2600wf.config +++ b/boards/s2600wf/s2600wf.config @@ -40,4 +40,3 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/t420/t420.config b/boards/t420/t420.config new file mode 100644 index 000000000..ea4406424 --- /dev/null +++ b/boards/t420/t420.config @@ -0,0 +1,36 @@ +# Configuration for a T420 running Qubes and other OS, T420 is identical to X230 on the Linux Side of things. +export CONFIG_COREBOOT=y +CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq --ifd --image bios" diff --git a/boards/tioga/tioga.config b/boards/tioga/tioga.config index f1144254e..af16c1ce7 100644 --- a/boards/tioga/tioga.config +++ b/boards/tioga/tioga.config @@ -43,7 +43,6 @@ export CONFIG_TPM=n export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" $(build)/$(BOARD)/linuxboot.rom: linuxboot.intermediate diff --git a/boards/winterfell/winterfell.config b/boards/winterfell/winterfell.config index 8e457c6b5..b49421c2f 100644 --- a/boards/winterfell/winterfell.config +++ b/boards/winterfell/winterfell.config @@ -42,7 +42,6 @@ export CONFIG_TPM=n export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" #$(build)/$(BOARD)/linuxboot.rom: $(build)/$(linuxboot_dir)/ diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 0b901bdba..3af04149e 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -1,12 +1,12 @@ -# Configuration for a x220 running Qubes and other OS -# The Linux configuration is close enough to the x230 +# Configuration for a x220 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y -CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y CONFIG_LVM2=y @@ -17,14 +17,20 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq --ifd --image bios" diff --git a/boards/x230-flash/x230-flash.config b/boards/x230-flash/x230-flash.config index b10d17aff..5530ba27a 100644 --- a/boards/x230-flash/x230-flash.config +++ b/boards/x230-flash/x230-flash.config @@ -15,8 +15,8 @@ CONFIG_LINUX_CONFIG=config/linux-x230-flash.config CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_BOOTSCRIPT=/bin/x230-flash.init +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq --ifd --image bios" # This board is "special" in that we only want the top 4 MB of the ROM # for flashing into SPI flash 1 on the mainboard. This is enough to diff --git a/boards/x230/x230.config b/boards/x230/x230.config index 1d46ba920..ad49270eb 100644 --- a/boards/x230/x230.config +++ b/boards/x230/x230.config @@ -31,9 +31,9 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/config/coreboot-kgpe-d16.config b/config/coreboot-kgpe-d16.config index 4be5a04b7..01cf91ee6 100644 --- a/config/coreboot-kgpe-d16.config +++ b/config/coreboot-kgpe-d16.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_OPTION_TABLE=y # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_VENDOR_ASUS=y diff --git a/config/coreboot-librem13v2.config b/config/coreboot-librem13v2.config index b56ba9d32..412c2bfc2 100644 --- a/config/coreboot-librem13v2.config +++ b/config/coreboot-librem13v2.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -26,7 +27,5 @@ CONFIG_FSP_M_XIP=y CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/librem13v2/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/librem13v2/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y diff --git a/config/coreboot-librem13v4.config b/config/coreboot-librem13v4.config index c2935736c..0d4abc8b5 100644 --- a/config/coreboot-librem13v4.config +++ b/config/coreboot-librem13v4.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -26,7 +27,5 @@ CONFIG_FSP_M_XIP=y CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/librem13v4/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/librem13v4/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y diff --git a/config/coreboot-librem15v3.config b/config/coreboot-librem15v3.config index bf5a2bc14..4359227eb 100644 --- a/config/coreboot-librem15v3.config +++ b/config/coreboot-librem15v3.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -26,7 +27,5 @@ CONFIG_FSP_M_XIP=y CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/librem15v3/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/librem15v3/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y diff --git a/config/coreboot-librem15v4.config b/config/coreboot-librem15v4.config index 541d558a7..013718c26 100644 --- a/config/coreboot-librem15v4.config +++ b/config/coreboot-librem15v4.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -26,7 +27,5 @@ CONFIG_FSP_M_XIP=y CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/librem15v4/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/librem15v4/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y diff --git a/config/coreboot-qemu.config b/config/coreboot-qemu.config index cfccf5269..73856e412 100644 --- a/config/coreboot-qemu.config +++ b/config/coreboot-qemu.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="-heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set CONFIG_CBFS_SIZE=0x700000 # CONFIG_POST_IO is not set diff --git a/config/coreboot-t420.config b/config/coreboot-t420.config new file mode 100644 index 000000000..82095d22a --- /dev/null +++ b/config/coreboot-t420.config @@ -0,0 +1,25 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x700000 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_HAVE_IFD_BIN=y +CONFIG_HAVE_ME_BIN=y +CONFIG_HAVE_GBE_BIN=y +CONFIG_IFD_BIN_PATH="../../blobs/t420/ifd.bin" +CONFIG_ME_BIN_PATH="../../blobs/t420/me.bin" +CONFIG_BOARD_LENOVO_T420=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_NO_POST=y +CONFIG_GBE_BIN_PATH="../../blobs/t420/gbe.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t420/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" +CONFIG_LINUX_INITRD="../../build/t420/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index a91aef7dc..ab22774a7 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -1,10 +1,11 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y -CONFIG_CBFS_SIZE=0x7e8000 +CONFIG_CBFS_SIZE=0x700000 CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_HAVE_IFD_BIN=y CONFIG_HAVE_ME_BIN=y @@ -14,12 +15,11 @@ CONFIG_ME_BIN_PATH="../../blobs/x220/me.bin" CONFIG_BOARD_LENOVO_X220=y CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y -CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" +#CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 -CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/x220/bzImage" -CONFIG_LINUX_COMMAND_LINE="quiet" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/x220/initrd.cpio.xz" CONFIG_DEBUG_SMM_RELOCATION=y diff --git a/config/coreboot-x230-flash.config b/config/coreboot-x230-flash.config index 66f3a53cb..6461d02be 100644 --- a/config/coreboot-x230-flash.config +++ b/config/coreboot-x230-flash.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y diff --git a/config/coreboot-x230.config b/config/coreboot-x230.config index 65b13b581..c69f4174e 100644 --- a/config/coreboot-x230.config +++ b/config/coreboot-x230.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y diff --git a/config/linux-linuxboot.config b/config/linux-linuxboot.config index a454a0962..ac483be8a 100644 --- a/config/linux-linuxboot.config +++ b/config/linux-linuxboot.config @@ -294,7 +294,7 @@ CONFIG_STACKTRACE=y # CONFIG_RCU_TRACE is not set # CONFIG_FTRACE is not set # CONFIG_STRICT_DEVMEM is not set -# CONFIG_X86_VERBOSE_BOOTUP is not set +CONFIG_X86_VERBOSE_BOOTUP=y # CONFIG_DOUBLEFAULT is not set CONFIG_IO_DELAY_0XED=y CONFIG_OPTIMIZE_INLINING=y diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index ed31c478f..74e8e7f98 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -101,6 +101,15 @@ while true; do replace_config /etc/config.user "CONFIG_BOOT_DEV" "$SELECTED_FILE" combine_configs + # mount newly selected /boot device + if ! ( umount /boot 2>/tmp/error && \ + mount -o ro $SELECTED_FILE /boot 2>/tmp/error ); then + ERROR=`cat /tmp/error` + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: unable to mount /boot' \ + --msgbox "Unable to un/re-mount /boot:\n\n$ERROR" 16 60 + exit 1 + fi + whiptail --title 'Config change successful' \ --msgbox "The /boot device was successfully changed to $SELECTED_FILE" 16 60 ;; @@ -116,6 +125,16 @@ while true; do cbfs -o /tmp/config-gui.rom -d "heads/initrd/etc/config.user" fi cbfs -o /tmp/config-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user + + if (whiptail --title 'Update ROM?' \ + --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then + /bin/flash.sh /tmp/config-gui.rom + whiptail --title 'BIOS Updated Successfully' \ + --msgbox "BIOS updated successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60 + /bin/reboot + else + exit 0 + fi ;; "r" ) # prompt for confirmation @@ -150,6 +169,8 @@ while true; do whiptail --title 'Configuration Reset Updated Successfully' \ --msgbox "Configuration reset and BIOS updated successfully.\n\nPress Enter to reboot" 16 60 /bin/reboot + else + exit 0 fi ;; esac diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index 4105a9aea..c8cbd364b 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -7,16 +7,14 @@ set -e -o pipefail mount_usb(){ # Mount the USB boot device if ! grep -q /media /proc/mounts ; then - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + mount-usb && USB_FAILED=0 || USB_FAILED=1 if [ $USB_FAILED -ne 0 ]; then - if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then - whiptail --title 'USB Drive Missing' \ - --msgbox "Insert your USB drive and press Enter to continue." 16 60 USB_FAILED=0 - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - fi + whiptail --title 'USB Drive Missing' \ + --msgbox "Insert your USB drive and press Enter to continue." 16 60 + mount-usb && USB_FAILED=0 || USB_FAILED=1 if [ $USB_FAILED -ne 0 ]; then whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ - --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 + --msgbox "Unable to mount USB device" 16 60 fi fi fi @@ -71,7 +69,7 @@ file_selector() { while true; do unset menu_choice whiptail --clear --title "Firmware Management Menu" \ - --menu "Select the firmware function to perform\n\nRetaining settings copies existing settings to the new firmware:\n* Keeps your GPG keyring\n* Keeps changes to the default /boot device\n\nErasing settings uses the new firmware as-is:\n* Erases any existing GPG keyring\n* Restores firmware to default factory settings\n\nIf you are just updating your firmware, you probably want to retain\nyour settings." 20 90 10 \ + --menu "Select the firmware function to perform\n\nRetaining settings copies existing settings to the new firmware:\n* Keeps your GPG keyring\n* Keeps changes to the default /boot device\n\nErasing settings uses the new firmware as-is:\n* Erases any existing GPG keyring\n* Restores firmware to default factory settings\n* Clears out /boot signatures\n\nIf you are just updating your firmware, you probably want to retain\nyour settings." 20 90 10 \ 'f' ' Flash the firmware with a new ROM, retain settings' \ 'c' ' Flash the firmware with a new ROM, erase settings' \ 'x' ' Exit' \ @@ -100,6 +98,14 @@ while true; do --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then if [ "$menu_choice" == "c" ]; then /bin/flash.sh -c "$ROM" + # after flash, /boot signatures are now invalid so go ahead and clear them + if ls /boot/kexec* >/dev/null 2>&1 ; then + ( + mount -o remount,rw /boot 2>/dev/null + rm /boot/kexec* 2>/dev/null + mount -o remount,ro /boot 2>/dev/null + ) + fi else /bin/flash.sh "$ROM" fi diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 121b42b1e..d82d43b71 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -6,15 +6,9 @@ set -e -o pipefail . /etc/functions . /tmp/config -case "$CONFIG_BOARD" in - librem* ) - FLASHROM_OPTIONS='-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq' - ;; - x230* ) - FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' - ;; - "kgpe-d16" ) - FLASHROM_OPTIONS='--force --noverify --programmer internal' +case "$CONFIG_FLASHROM_OPTIONS" in + -* ) + echo "Board $CONFIG_BOARD detected, continuing..." ;; * ) die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." @@ -24,11 +18,11 @@ esac flash_rom() { ROM=$1 if [ "$READ" -eq 1 ]; then - flashrom $FLASHROM_OPTIONS -r "${ROM}.1" \ + flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}.1" \ || die "$ROM: Read failed" - flashrom $FLASHROM_OPTIONS -r "${ROM}.2" \ + flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}.2" \ || die "$ROM: Read failed" - flashrom $FLASHROM_OPTIONS -r "${ROM}.3" \ + flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}.3" \ || die "$ROM: Read failed" if [ `sha256sum ${ROM}.[123] | cut -f1 -d ' ' | uniq | wc -l` -eq 1 ]; then mv ${ROM}.1 $ROM @@ -50,7 +44,7 @@ flash_rom() { cbfs -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial fi - flashrom $FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ + flashrom $CONFIG_FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ || die "$ROM: Flash failed" fi } diff --git a/initrd/bin/gpg-gui.sh b/initrd/bin/gpg-gui.sh index c7d179e33..9ab70b6cc 100755 --- a/initrd/bin/gpg-gui.sh +++ b/initrd/bin/gpg-gui.sh @@ -7,16 +7,14 @@ set -e -o pipefail mount_usb(){ # Mount the USB boot device if ! grep -q /media /proc/mounts ; then - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 + mount-usb && USB_FAILED=0 || USB_FAILED=1 if [ $USB_FAILED -ne 0 ]; then - if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then - whiptail --title 'USB Drive Missing' \ - --msgbox "Insert your USB drive and press Enter to continue." 16 60 USB_FAILED=0 - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - fi + whiptail --title 'USB Drive Missing' \ + --msgbox "Insert your USB drive and press Enter to continue." 16 60 + mount-usb && USB_FAILED=0 || USB_FAILED=1 if [ $USB_FAILED -ne 0 ]; then whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ - --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 + --msgbox "Unable to mount USB device" 16 60 fi fi fi diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index dfa6a9233..1ac0273f8 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -118,8 +118,11 @@ clean_boot_check() [ $GPG_KEY_COUNT -ne 0 ] && return # check for USB security token - if ! gpg --card-status > /dev/null ; then - return + if [ "$CONFIG_LIBREMKEY" = "y" ]; then + enable_usb + if ! gpg --card-status > /dev/null ; then + return + fi fi # OS is installed, no kexec files present, no GPG keys in keyring, security token present @@ -128,9 +131,6 @@ clean_boot_check() "Clean Boot Detected - Perform OEM Factory Reset?" "$CONFIG_WARNING_BG_COLOR" } -# enable USB to load modules for external kb -enable_usb - if detect_boot_device ; then # /boot device with installed OS found clean_boot_check @@ -169,8 +169,14 @@ while true; do TOTP=`unseal-totp` if [ $? -ne 0 ]; then whiptail $CONFIG_ERROR_BG_COLOR --clear --title "ERROR: TOTP Generation Failed!" \ - --menu "ERROR: Heads couldn't generate the TOTP code.\n\nIf this is the first time the system has booted, you should reset the TPM\nand set your own password\n\nIf you just reflashed your BIOS, you'll need to generate a new TOTP secret.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 30 90 4 \ - 'g' ' Generate new TOTP/HOTP secret' \ + --menu " ERROR: Heads couldn't generate the TOTP code.\n + If you have just completed a Factory Reset, or just reflashed + your BIOS, you should generate a new HOTP/TOTP secret.\n + If this is the first time the system has booted, you should + reset the TPM and set your own password.\n + If you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n + How would you like to proceed?" 30 90 4 \ + 'g' ' Generate new HOTP/TOTP secret' \ 'i' ' Ignore error and continue to default boot menu' \ 'p' ' Reset the TPM' \ 'x' ' Exit to recovery shell' \ diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index e5138387a..2628eed91 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -18,6 +18,7 @@ WIDTH="220" USER_PIN_DEF=123456 ADMIN_PIN_DEF=12345678 TPM_PASS_DEF=12345678 +CUSTOM_PASS="" ## External files sourced @@ -85,6 +86,29 @@ gpg_key_reset() whiptail_error_die "GPG Key automatic keygen failed!\n\n$ERROR" fi } +gpg_key_change_pin() +{ + # 1 = user PIN, 3 = admin PIN + PIN_TYPE=$1 + PIN_ORIG=$2 + PIN_NEW=$3 + # Change PIN + { + echo admin + echo passwd + echo ${PIN_TYPE} + echo ${PIN_ORIG} + echo ${PIN_NEW} + echo ${PIN_NEW} + echo q + echo q + } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \ + > /tmp/gpg_card_edit_output 2>/dev/null + if [ $? -ne 0 ]; then + ERROR=`cat /tmp/gpg_card_edit_output` + whiptail_error_die "GPG Key PIN change failed!\n\n$ERROR" + fi +} generate_checksums() { @@ -130,7 +154,7 @@ generate_checksums() # sign kexec boot files if sha256sum $param_files 2>/dev/null | gpg \ --pinentry-mode loopback \ - --passphrase $USER_PIN_DEF \ + --passphrase "$USER_PIN_DEF" \ --digest-algo SHA256 \ --detach-sign \ -a \ @@ -217,6 +241,26 @@ if ! whiptail --yesno " exit 1 fi +# Prompt to change default passwords +echo -e -n "Would you like to set a custom password? [y/N]: " +read -n 1 prompt_output +echo +if [ "$prompt_output" == "y" \ + -o "$prompt_output" == "Y" ] \ +; then + echo -e "\nThe custom password will be used for the +TPM admin and GPG user/admin passwords. +It must be at least 8 characters in length.\n" + CUSTOM_PASS="" + echo + while [[ ${#CUSTOM_PASS} -lt 8 ]] ; do + echo -e -n "Enter the custom password: " + read CUSTOM_PASS + done + echo + TPM_PASS_DEF=$CUSTOM_PASS +fi + ## sanity check the USB, GPG key, and boot device before proceeding further # mount USB, then remount rw @@ -272,11 +316,21 @@ gpg --list-keys >/dev/null 2>&1 echo -e "\nResetting GPG Key...\n(this will take a minute or two)\n" gpg_key_reset -## export generated key to USB -echo -e "\nExporting generated key to USB...\n" # parse name of generated key GPG_GEN_KEY=`grep -A1 pub /tmp/gpg_card_edit_output | tail -n1 | sed -nr 's/^([ ])*//p'` PUBKEY="/tmp/${GPG_GEN_KEY}.asc" + +if [ "$CUSTOM_PASS" != "" ]; then + echo -e "\nChanging default GPG Admin PIN\n" + gpg_key_change_pin "3" "$ADMIN_PIN_DEF" "$CUSTOM_PASS" + echo -e "\nChanging default GPG User PIN\n" + gpg_key_change_pin "1" "$USER_PIN_DEF" "$CUSTOM_PASS" + USER_PIN_DEF=$CUSTOM_PASS + ADMIN_PIN_DEF=$CUSTOM_PASS +fi + +## export generated key to USB +echo -e "\nExporting generated key to USB...\n" # export pubkey to file if ! gpg --export --armor $GPG_GEN_KEY > "${PUBKEY}" 2>/tmp/error ; then ERROR=$(tail -n 1 /tmp/error) @@ -349,7 +403,7 @@ whiptail --msgbox " The OEM Factory Reset has completed successfully\n\n After rebooting, you will need to generate new TOTP/HOTP secrets\n when prompted in order to complete the setup process.\n\n - Press any key to reboot.\n" \ + Press Enter to reboot.\n" \ $WIDTH $HEIGHT --title "OEM Factory Reset Complete" reboot diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp index f4d397ec8..0fc3fb28e 100755 --- a/initrd/bin/unseal-hotp +++ b/initrd/bin/unseal-hotp @@ -21,21 +21,6 @@ mount_boot_or_die() # get current value of HOTP counter in TPM, create if absent mount_boot_or_die -tpm nv_readvalue \ - -in 4d47 \ - -sz 312 \ - -of "$HOTP_SEALED" \ -|| die "Unable to retrieve sealed file from TPM NV" - -tpm unsealfile \ - -hk 40000000 \ - -if "$HOTP_SEALED" \ - -of "$HOTP_SECRET" \ -|| die "Unable to unseal HOTP secret" - -shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null - - #check_tpm_counter $HOTP_COUNTER hotp \ #|| die "Unable to find/create TPM counter" #counter="$TPM_COUNTER" @@ -51,6 +36,20 @@ fi #counter_value=$(printf "%d" 0x${counter_value}) +tpm nv_readvalue \ + -in 4d47 \ + -sz 312 \ + -of "$HOTP_SEALED" \ +|| die "Unable to retrieve sealed file from TPM NV" + +tpm unsealfile \ + -hk 40000000 \ + -if "$HOTP_SEALED" \ + -of "$HOTP_SECRET" \ +|| die "Unable to unseal HOTP secret" + +shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null + if ! hotp $counter_value < "$HOTP_SECRET"; then shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null die 'Unable to compute HOTP hash?' diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan index 4d576555c..a9debdf5c 100755 --- a/initrd/bin/usb-scan +++ b/initrd/bin/usb-scan @@ -15,6 +15,8 @@ if ! grep -q /media /proc/mounts ; then mount-usb "$CONFIG_USB_BOOT_DEV" \ || die "Unable to mount /media" fi +# Get USB boot device +USB_BOOT_DEV=$(grep "/media" /etc/mtab | cut -f 1 -d' ') # Check for ISO first get_menu_option() { @@ -72,7 +74,7 @@ if [ `cat /tmp/iso_menu.txt | wc -l` -gt 0 ]; then if [ -n "$option" ]; then MOUNTED_ISO=$option ISO=${option:7} # remove /media/ to get device relative path - kexec-iso-init $MOUNTED_ISO $ISO $CONFIG_USB_BOOT_DEV + kexec-iso-init $MOUNTED_ISO $ISO $USB_BOOT_DEV die "Something failed in iso init" fi diff --git a/initrd/etc/distro/keys/fedora.key b/initrd/etc/distro/keys/fedora.key index e14b4cadb..684a758a0 100644 --- a/initrd/etc/distro/keys/fedora.key +++ b/initrd/etc/distro/keys/fedora.key @@ -1,194 +1,172 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFfTPiIBEACnRl8tUymlDOBNJWjtICofXNyM4qt2qfGTme3YZ0ZVOay55pK6 -1OLiyNLXyJfDH9d2U6dZn5UYLNdE3QXRVua5GXlSituY0+pzs7n9doW/U8kdhm9a -zOfyR1Wh/u/FHUmiXUvuwLVzqee7lSU3Ry1voDzPIyM/3/eXDa4wAkbYuestYV2F -G2VqcMgDIEudYlkz6N1OigMWvkvYXFHVC1A55ydHenWffQzQaPpGuJLA61ARZ5Cu -X46xgOCPc+aSvAm/D0cmOS7xhZcUqs1A5uGtViZqsRt59Bp0HVNxftfBCO/rQx+9 -FrV1vYXkbTdzG3unlVCJxxC2dW2W6hb3SNgPbE5fgiG9twvVU+3GsFUwARclRWiZ -HjbWdjlRTkRySzkkdnXalJo3G4UAEDfkvujM2dB4Dt6gVkCPvSKVpK6HTtBdHmDO -scYfazX/j86somO9npHSrb11tYaLbx2PYfEvw6F7rsxr78/GBjzPnKkK3suXxDlS -8q7tT1FYV89EzjME5+ThJOyPxyXHKQQwozIXcB/BUfyWGlfFFh8baD+DA8lNgQvl -/TVFvW6bUV6ll5JoVJJhC87EACL7mlo6AQtwCivUEPxusVXM6u53UKbsc4gVdkZd -WpUyT2YsgKK05/eVDIkMLHXb3efVbJ6NCj88Fq6hYB7+Y5MRbRFJpvS4DQARAQAB -tDxGZWRvcmEgMjYgUHJpbWFyeSAoMjYpIDxmZWRvcmEtMjYtcHJpbWFyeUBmZWRv -cmFwcm9qZWN0Lm9yZz6JAjgEEwECACIFAlfTPiICGw8GCwkIBwMCBhUIAgkKCwQW -AgMBAh4BAheAAAoJEIEqa0tk2rhdFk8P/1WZFEEBfUr9ywRxeVAwiKx9Ggzf8m61 -p98spnUGj8N53bKwguKnMqAUtm9/XQPRGYRfqKKuKF/4AySCOmqFP86zHThnbFcb -fMyiJOxBN5N/5dhUxTkZG1M51vFPQx53dnea3w7ypJekTwfEna46PKUD7dTV3HJg -d2YOojD9mxup0iAmi7/3mi0cHwTCZS9FF/A4eBWjuEd4OM3KzPF7HBdY37a1IBLR -k7wruMEGSq6EXcoeqG2sMmU7RnEeQxy3WqMYdRdzUjbfBN7mCAcuv2yKB1FFW4/v -PhP7ObpCCLiaL46APdGFHZ30EC4oaeqSygJ8+zAIFK40t/a0iNNf8ZKKeeuasinr -qNJAep/WoVjIpx/LlF9vw522fhYXJ75LYLBCQNke/4rQ1Rl29io2Dg29aPrEwFPj -+7zDztdvaGmu5wLPvsC+w5pyqOT2LPC19y3D7T+KfXp0gEwyZedviDwZdIXz1PX1 -IMytlwRXlrhkp/2WzJvAkJCmRSb8QsxY9Y2A4rfqrNCk6kgjc+3pXNdxumaXEp33 -pjm+z61Qrg2XXFHUhQyRiBnEtyo2Hj3tJQdrPxwGIgtKFZCv+oAwewnMw9TFycI6 -rYEfS4wdAIOGoSF/PL9Eq2xoUJQw8QFCrURm7sfS0/VmvXoSjqzZLeWI4e+JvId0 -QFFBR5ZKOqzomQINBFeocJYBEAD0YKTqzt0QVgmHkRO0G8HpwdsNEzPANkDWe4KC -1YnKTDjl4ojvBfGc4bzLb+jXM4364DWGxArW6QJFW0DWI9DsK8+5TO+Zi9xtLi5B -XKImw2cYh7HKbCdNtBxT3xI1UVUuAkL8qbschWTUKgLYC1ywwjiFmjY7fEUpr3jz -QrhYxazqN0NvR/lq9k3VAetXTRfOEOhUrIhrTRQnsK58rspF4nWqZTj6D8jkSGcQ -qs9D3/btbsx69QkFKIIfxvfZxIHccaYfJhjgNU75b4Zl6NQvRm0jB8jpFqMTvG7z -vwubRiCku0YST+jy5RiZyaL5Yue0RP8dW0xfsVdRE7zsNaTRuvwVOBfXIFuGj81q -0JrO7G5HW2Kmo2byOeqidPyrlFtJv1PfByUFKIZ530HM4mnVH8193ZbravjJCpj1 -Ye07cq0yy0Nt2rvEpi63EYCBOaOQ9SJaYf77SZlZj/r7W2Hnnn40RqfzRUS3EAIu -cx1KtqNly5B4zm56J8I9rPmqf/zfj+0/kGj8YRm8MP2+F7Se836PGF5d3zjazamc -f0ORQmG67dwqddB+a5JhAxWl8OlFNsNBdRnu4qY3i6jK8jhI4U6NwQYEcWmnEeK5 -rbU20lEKPKla+1bK5OlU02JINuS0iXyCMEYyLdheCRQVGXGADVgXy790nTb/IpGV -mDj7lQARAQABtEBGZWRvcmEgMjYgU2Vjb25kYXJ5ICgyNikgPGZlZG9yYS0yNi1z -ZWNvbmRhcnlAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMBAgAiBQJXqHCWAhsPBgsJ -CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBFYP1NO5IdCWGXD/wOG5fluN233GHQ -sZ1WQneDaq/zi/GyyNelbR5TVJhmZ/ifi51EGx4/w6ZdWokmVQ6UejatdeQCQhlF -lF1g9Ax/oYoEbdJVmFRP7HzXqWcENXnCSXcpha3C1N8g12a1B3qew0gbuRbhwnnz -cDUQSSrcefS1XpnhRmDUt7WanbWOWQ6kktYdAkfVd2/k/Y5nHUZp25mnjsNPbsff -ev6xTdUB4dVkirBR4quMYwDXzzKKLz5E7pZB94C8WUCAYPOKM5pCuJR3L4pAjHGj -UyrSSxAaCepfiwJcCOQHMJY7CpuRqmhc1o3BaV8nO1HWMzbI78RChYshKCDY38Cz -h6SoeMJzaKUDAsvz7tNhOl816s0dbtVw43Ngou7G7tOxmnI47AMNHBuBbA/qKRg6 -et96lWcjmJiS1xks4FZFSEoA9BzH2G9o5LgYKKTRZIRPVZ61nsKa+as4E5oyDbXn -UmnbanrfUvALL+vOYTEeFCB7qif2Ek58ujIQBLczmU+2S74pdQlu7kSYnrqNkkRx -FOgFWt5udiOw5R2vnUO2VAISDlUnkgyHp2SUnHAE2Q4StccvR9JeZUH9IuVioN/n -AwzYTTKyOiZXzipkxwznSjukiS4WPqdnLrTCNQ7WPpyygQDS/Z1DLt/+Rdxz4wkX -76JjNVL+8hBF07H2vzBvtkCoZXEQ17kCDQRXqHCWEAgA6UwG6HiPE0EY3UpaAJDQ -SibtS5zaId0H8SXhdAk3ZVtzbskmI8FVuAyi6+Phl9Ps2RjVR88p9Uk6dV2QnRp8 -DpXQFeGfjMkfokl5TmnGu5txXWMGdGeiAs/VlMzRuUZI05fJR6eeA8gn4wpBPmuX -BgFre/3tuMxuahBLIhrLuThMMKZrfV42zaYN9waddnN+upM96aKQziNbmU7CSVGX -K1wKtvbSF51BXeO7w7KdTspKedjVLMhWrlUEAKmdeZDj+9slw4QXpqWMP8vmmIxb -rYXm94r6IgYFKYk1eZ2t8JbNdjFfRKGLKsPI2W9uH8+fI9/Xqw+mSwFMGqruBpmx -ZwADBQf/R2o8TOghFlNt90wrfP0XaumUP+aZLvb6ndjESTS7PaX1R1wsHtPaVDWn -aTgfA66rrCp/66vmKf6uHlPeUx0RREaIJ56uKP3n0x8HDn1ZBba83NoriWdVqar6 -f3+UBoZ0u1GBK/F8vG70Xj3x0dJ2psFP62yrDg5z+/TCM+o7EnUl5KYOpa3R25W6 -UEHoEexUIqxZp9+4FGH7+aO2LKbslEL3AVgraUBiFknJl7ikH3ZxljiFVigjBq/J -N2F5CrmeAhdAZedF3lE/epQ+LSQ+TTN7ukGt2l37aJDTRGNHqe6KCy9KqIBr8XAa -z9mJ34QF4hB/tDUSGQP5eg93ecG5PokCHwQYAQIACQUCV6hwlgIbDAAKCRBFYP1N -O5IdCQHSEAC4g0BMaQu5qzLHeh/bFXtxT4vFucXLAenyLH+oIEo43crSUpjQiXzB -itUc9sWMX7/mjj8EWOGbIQNYZO712Ei7fPO7u/auZ7qIlVUKlEHZ+du1ORC5+khK -rimgjP/ZIhTYKHiIJD3BLs2rEGXdx3TQCYRIgRm066KKZ2gQy3YHngqipmOzvz9j -4ctpmD6NabgX3eWjUCzxofd3m67c6sQVKxUNQzujCgtaLIClYQEMO0E7Xq9auq9L -OvD+40dLE63jfYKSIvsQ+3qUmT0CEfk5K3GDYC30xQU4cvqCybOreSTQR0L/f/wU -bTYt7Iyj/8eZwfi9wh2zVY2MOoe2zT6XIW2oKJFD9ka7IZsezMR4PBhEGCg69uWb -PXbwIP3har1pzIrwR1Uto9qCosupnkz3+ILQOiGxY5vtKXUr/0ulQ3gjZiLNL12m -5MvnAUg4aoms0W76wYUQG/NnccBzKE9hUAlgSak8n0gZPSRbG0wjOIcbE/arSpQ2 -k8WkwxkcUuHfOnBq/2ME1njWkNp+h+F/ifZcwcBiRNZ+S8Y/kV2kh36pjkic4mCc -4JjoNLxMic3Jpbf15Q8X0mgDbp1RVPtm4QTagq3kXRGjFpVaUfJF6ZdzPBm5qJ6F -7ZX9p/av2zCpAw7ZjY7u8pfCZttaiaHYd6KYgPX5LEQK5QSTxy/JNJkCDQRYrJKj -ARAA027KAF6Qz5PhbXMARD2UFXtGEGHTqmr30EFQ/0WAHB5yVvytW2YULrAY1CHn -PUnxot7gTTZm84gL6Xf8nDCslh7lkC5gYGyJq6pz2wTzF5sXjRp2YwNYY1Q6dKc4 -9voGUIamFkn+pEMvbvQNZklOtypf7X8O/oV+03NyPH3hgBQh3BUIBEsVIm/DMPzj -hkdwJvXynQPitZCXkCImb1zHDRcftwn6Gr4RXYnLqE9im3Ers0Zu+nbijR5S2j+v -yG2cTYg1ofEg1aRWhT5akf0f/sImwOnvcDH+gmeL31GOzSmH+LWAbNBGHZJ94/yo -SScXW/jOOkP8cKvaL2aO1yIS6yFD7jMPdV/XG75FP2vZBNX33aTZhdXw51HBJLrh -KjpfmjFbFARGwEPOsq8KQ3y+F0/b8JwyJIICmcrw02eqtNFyoNxnqyrmbUAZf2HB -w17gZQdX86RpfGvIav/hnk9rFcY5WMD1467CndTXj+nLULEeoB7j91uaIT+KwK7T -OjjTfK5U4qHQy1RhwaVMyEXYK+0Qi9QKgfb63UNjFWTGrE3FJ1LyqNB+JqbPsdOY -xmqNG9GdEyXOsK+smxx9/DVRtOlV+ayWZX2XIRsJFs5mMWouef+5Z9byZpPpG3Uu -6StI35nlSfAO+1ywi9+qCRQogq2I1fmRoLwfs9PCc8HO7IMAEQEAAbQsRmVkb3Jh -IDI3ICgyNykgPGZlZG9yYS0yN0BmZWRvcmFwcm9qZWN0Lm9yZz6JAjgEEwECACIF -AliskqMCGw8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPVedDD1KC7k3MMP -/ixT1RMlYLjHlP0AARLBORRDe5HA0XmbXcKu6f2igtvZswsXh4IIrWDhpayDZCdu -gKuqfqFusOycQViZyqEwWCQxczSG6f+hmxuKCnBJ1kGX050S06+WrpFXVgRXr8wt -Ibq2qGys946GESF/NulVM0vwONfM6Zw1T7aaN8fOlfX9vdq6otrZ/UOXEAuQpN/3 -I0AxMJDfYB8+I/3NaGuswTnB2ypGmXVgNnSLOlzsQiB4O/IulUMDDLPr35tr21dw -AgnDlZ3d3ejcSELgyxEMHbXQdsyPEe+G42nKLK3Gnyvhdg55DO1qy0gokyiyQTEQ -8fl9pzo0+aS7rbOBQv12ETtt0jLTwDM0POdmdZZI7GlQ7I8zagmrFAdLwzxy0BPG -o9M3ITQUs7h6CqVzWE8ic7XpFi/0F5FLF7tMezeVoQZWfpZ4ui7WVOdZewSXdZ/m -Sp0OIJo0NX31S24M2/WdTDY3tLOtRXSplCUBlC2Kod9luBlfkS77SOgCVfxJhQlB -H0Sd3gPLSYsinuddsIopv1g4b8xbrjwbqdmd07n4miUDsrC5Tefh1EIrU7XHe4/G -YKbCACGbUljjMWyACVm85/II3yI+GQ3qNGWVx9FYA5F7ab9YPEdmkQM+qG+WGFuV -ZyNlBK+d8dWe5ZlIb/01GZ9uiHlNeowifNJO6Sb0EhfGmQINBFmSAVYBEADakUeJ -gNnAP2CE3vw+iI0Um9XvuBP6NdESRiJIEPgXhKWM058JPZDkpRETS4pbB3xUyPLo -ogoO76lheBEOPEAGp5mb/7vEcwlYqjtuetFi9hcsbNPxDeOLQ9KR7Xs2idU+DlCJ -W1WyU9UiLoyZpQgAqF7Y50MoxPKJtfDuM52YkulYLU+MleRtxJzHYcXArU3x3Czz -1FnemVtol3/1/BvmGQPIyj2HdG4vxWbiX79AUSlchh+MbNqOOpVVK16lLEbJCxCb -PdCsKCTOI+FsdQsB4bnX5ddNcvxxACwHNUifVD/1XH8Ax77DHohRbccRtIZqZEIK -ecHxVyFdr2mAl9mEXSzaFvRzWa+5seCgGoV0INBhj6NEtHhSxBYzLmr5noQ8JNPa -6eRipPvYTle2vstq2YUJ8D0ZbKbxaCPstemCQZrQKzh0tgezIgVXKc2U0i3ZOEYf -4ISMHeBnH36nRMBnaH/HkLyZyHXNE4vswJpwPjNtaofzQDD+TmCe2ObKei8iUqfL -o/8Je8IvnodS9C5l0fyEaMmo5BWc+SYRSTR9libNruwu4j6Kuoxge9SbRuD2S0qz -KK2LYRZrlkxjP8REnpvXxUfeSvNYHrbjzYDv677S6pqWdNqyoPduKiZWy6Vg4g+p -Ymk5T7vrpNizGK6exKiYZ5tAUaO3lrdpHOolUwARAQABtCxGZWRvcmEgMjggKDI4 -KSA8ZmVkb3JhLTI4QGZlZG9yYXByb2plY3Qub3JnPokCOAQTAQIAIgUCWZIBVgIb -DwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ4I5+Yp22L7GMDhAAwwQhpXFX -xegkgi0pFbA98Om3UBiQtcDemQSls0HEJh+J9sm4g0Sj2K7khFnJCKsQNVnJDVxv -xJ9j/AFZErRMjudUF7ACZfKDtNxq3gkH7qICPKk/DzeXblrzPc/RX+kkl9I5jFBh -apypsExa2yilfk8IiKq6nd2Ro7K+gEh/CMhfe7YBGInZ3FmZWsq1+WKTZCUNmA8+ -+eWIbmukrAoieTHTvIcOmc+dfaUAmjWtOnc69E9UmTCwEMEbPVMSmZv0qnp0kByW -UeV5cZR7NoXmaMaTr5aUY6wJuLshbWzgmudorf1udUwqYlpxZJtQCxlHezulrDJG -19d4dC5vGdYbnpeq01s9L9yieccKafWfldBU+YBZbo9e9Uzu/766pxEAtqYYSyZb -oiqsj5NCoq2fRc4DjfCDVEaK7HSPcQpQFA+p18sD2qccEPPo+F2+M8PZLf4khipG -RH1nm9AmM/v25a/9w22bDuUUvpcWwW45YsNToTTM4d6Ts750lCw/4K3jHnrQWxL7 -VfwLw0H1xlxnVqIXlL3HeOIn9EoaygxV2gJtPjB/Gwr2z/K+HoibAxvo7VcpxD+N -38LaPtrx/ERMxeYBJvMgSqGaC3MXj36/qv0zTyyTItYX9JfbOrikoJa+aKQGmTWL -rcuKaYl6Jzsq3vRTbNRRi4SpXwTwMyuW4pWZAg0EWohlNwEQAKOHQMrLA93QfH0j -icZixtRuohTtMZmDFpP2OdVJGCRx19Gq3YI/sR21FvKqQxQrIvbcIvADP5hKZ/0V -/2fEFKXwWIpQI01ZRg7d9oQBmRnmt4OvqHpbhrSeIExZ9UuqZiOlmaRwGqAuCX7b -BWr38T0Wr1LMOS3NzNQXvDABauwpbmvAQSr6LyOToVJRM0ypZmrr3LsO+jHyTxAj -G2i7l0gvdnypB2Rz/TKdOzht1pz3gWwkEzrSopIc/bcxjumnA6XvC20CydojMFoI -PRQgzmq18UE0Vph94nmQfWt/43OAWMnzLUPGJl0Rfa3g7Je+G4BBK9jKi0OsnMJu -6yNdBgxhiqd8ZyoyZMKSAbFht19UZsyzfHWYw5tlYxBtv0cY3QpMFoV3ADsScwGs -IbLcj1bGeAYgYBM49aQ89RTGVoj2PDFPe2pvBhjkqfZGEPgJnKPhUhpC8Z0xqinT -U7vxBUUeF0fbhpuo24+tioQNn5pJOCdgUolykZKxFUv4rD/HXCKTw9jOkL203NTU -tEKL2OxfSmT2A4NKBsotavJkSBloh1wFwkPhTeyUON0F5MNjyklX3P2vvP6AU8Ac -upK0YqPaJxu/zR0wZN+BSbcepYRL9deiZf1lYDW1XRmU04zz8i6eYhLP0w2lzcsK -Glxxx9+Ot+9YF+iQMppc72oJSBy3ABEBAAG0LEZlZG9yYSAyOSAoMjkpIDxmZWRv -cmEtMjlAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMBAgAiBQJaiGU3AhsPBgsJCAcD -AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCiCqVrQpR2tHtrEACW40dD3dPu7/IhBpMK -zi4Zv+MSDupubqFHHmeyqt2beoo2qfJcrrWec82gMk2TVaFnDDhF2u/EIM4bLI2E -ZJ6OO9czpEEMQ5j8qYPqG4+jzE3mLslUb4TaaXBMZ7sdKDjt3TAfJ0M1NEtCpPRV -memTFF7em5DgM00clkbVKxGX9J/ZUjVfIH+EdsUZstL0q8ffaUIgAC23p1sZNFkL -2CwYvpdH/qjsRTl+mPtTmtiINMVpiqaobbUtllX3G2oKgdwoSVjuNftF+aTxafUb -bMLZdHQtft5UfsYF5fDoluYtmPFKB3bfnMTWU1JpIswc4cxyBIdagQL1QvMtgm5N -qCMrdyOTRWQouhxqRFyxv120VzGBkZ1Ad8xfuYP16m4maoHhrpM5mgv+2Krbw5Fq -RRuNh8vP2eCep3+kmSf0w1ZzHLfIG051Nipx77rX9dCThxHa0fxXZ4/t8vxgxug2 -Q89txsqVy8ob9OBpLS1WsUxSYDXGYOKHN/qC6kAA2VwyRijSGb7PWEu+CqiynXih -Ohwl5csAVXDl3Gdv1uaqMHL7vu7+uqtjQSQtB31edeCjBRCXRFI1eBwgh8SRUGKk -v/ZgH4wUGYxApxMNdfuVz+GXpbgEWZWPYoeQ91nNQ4lBVh973RG3eF9cdWJTDXXy -GRNomGsI9XCQVtpRaxwQDY5oUpkCDQRL0ilCARAAyxp1I9uGVSlu5YhTfyQOQoLc -5TZyrO7AYO31WzVq8ohN1EW59SV763cB7ZCsmPev4n2dS3d5RNoDhetWxmdglsCT -Xnu+kqfWforD/EUF2xuY8I/+ATPRyu6YZLahVSfFW2No3043H8UbxjPGAcFxfIcd -Ag2VEQI739cUUkCe4gKOfKnB517cTgL0JgG0fc+kP4fw/mPz4aCCadTleFTRwmwr -PTOx1FQaYAudzw3E1ELsHIHmOqUIKPXk9XizUmVayeQXLYr5dVHA+j+giBpJHk9o -DYaop3UT54FFxl1u0M6Hn3vn1UKiUpu06tqvaKlWeOifeuMGgkSLUckqbluXcWTt -+FjOsLMNgT9jJQAmx+Jd5bqraV6Nwb355PhwBR9x3DLsHWrpcb+82ClwnzaEn4K6 -RH6NhMeCJvyN1nbcDBPxm58Hat1Sc4AMS1RYXMwx8DZI5iHTwJTSff4sUY4qeHYG -bVvFXAQqzaC/i4Q6yH475y3UbrwR8vT97AhexWcnGh5TFj+kYi7R5xDBnG2fEKUB -4tnUXlNcMq/UIILhlPo6kl2Gq9chHLHURmrKaTSGfPkGsG5v2uHaE9dExLTwK4Uq -B5cG76kw2I7X1fdpQv9osIDuoGIBvV6zuFfHVd/RX5u6CxX7024OZr+EPxOgFqP4 -JI5rcZHLpW8gL4xbWAEAEQEAAbQhRVBFTCAoNikgPGVwZWxAZmVkb3JhcHJvamVj -dC5vcmc+iQI2BBMBAgAgBQJL0ilCAhsPBgsJCAcDAgQVAggDBBYCAwECHgECF4AA -CgkQO0nfKgYIuJUfxg/8Cxj7/ajt/Xsm/TZa8HynVBKNbR8Sna4Tc/l2KzuMlQ0w -WUT0rry9smqHkiIUDioTT3xIE/ZnbG7IHH5qB8ZhlXJ/pW4XlrEr3IK17s9IC7fE -xhihhkTgKC16blLG9RzbShDsD0OM9bkNpzs+YS0cgzldCNi8GFfAYxiIwSlDBRFM -RU7C+1zmZKwIP1m0x9j1t4a30lrXEQOxGKJyNwfNHd/X38LO0psim0uT5mY6jj7k -71dhdLTISiIZ3AcKKI1mTxMX7R6SocylYfH3Qzv9z9ctRZNwop/FGwjvTFjBTUdu -31cwgDZRD5Y7BwPtxM+Be7m6BadDjhKL+GMouARG4KmZ7YUxuLm/Z8orqSGd3JDx -6951XA1BnC+pUA/55JjVSHi2D8dbhzzkpVn7qIwGIM0R+iy+yHYOBRxwQNLaOxVv -HUFxSDsjYiRQDk9o/D+frVXavMAdDw0h/MkaZ+B3SfUWKrmruDpI5bsTln9LkWkv -/0lHAmYftfygRDpnLwR2EWQOSZf52pAoMRm9qWkDs6qqTnByr5ci7szubsmzF2oq -SxMUxiVwZV622wEn12v8hmEgBolaxs/QhOuu+nTJZvBfrN11xNd0Ga15o5aHOo8D -pY53wJI0xl44gezlCxEnnfejEV7Xy5NFuQG/aXe7Sg0ekByO64B13wqKUZ2dlVWZ -Ag0EUq5ohAEQALVSmFfAyoIBqs9Qf9mw4WyVpt5NU7akOTlic73p/6uBkHvECsE5 -J5CTsH3SKpInzn9zvY4Cfg5di9PreB8J5ekmzkzt6ZeQ+w1BZZKO732Vb4CpI2aN -haGZGUtEaXQ47uAjCPvvp0he9ww0WXNI+PTQ3bECqMxuOWdXafZpsATmCrpWmo+8 -VdXJ+tVr+5qWiANWZ/qHa3hF2mJ+rypMewcVTfGkLP5Pr90ZYoZDjZlB9NoucMyN -OgCyZjQDJ6+QhtfqJlW3Ma9qdik9xZbhfREM9ymp8U1mTrjfEjiWxn5jYSv1i7lL -/zHSXL62aYiiRoTTDBt1S7vjRhNmMJ6yuhhaJGDnO5DbF8rEmhXkT4SH61jAYMmf -od9aFGCe51FHC+4njnO1hW0q6UrDxBCl3ZJNatxBAMlpFaacyihf88BNOMIETEH1 -2TPfwOu6+TsiQcy2wiqWQA5Ax2xfV3dOi/oETZcOMgbTMXEt24kZtXBz/qshz3lP -TnmPfoTPQeuPF2lMY44fFGowrmb1+UVtrHG0OdLvDvtarNbseMWsPRV5PHa+eOMa -pyEcRCl8OkU7NvwtMWGBiJ3JE1R+VBjflYs7Ms1X6lXd5DcmDXVQXB6VI0up9B+4 -VEZz7NzCQ2MeHnI++b2h1HUEh+onqwoY8Zu081ejsRExHKlbJHPTOLS3ABEBAAG0 -KEZlZG9yYSBFUEVMICg3KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjgEEwEC -ACIFAlKuaIQCGw8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGovrqI1LGTl -x8YP/iymqmxOO0MzuqnK0oscqu5m2+5aKq3lF+9P3DD0ZRQUxnhlkZfidReDj2qL -EMtrJZHx10b+zmTI6LcLS5f/qKfNpjJGD4GHvRuuopQrXgXUGus+Lb15op8b4a4w -W1d0EbZrs60+bDfK4qar0Sm/oHSY/oTkpJ29JFKola0ZwDrBFL/APNckQ0enmt70 -iybcJjJ2nLQYtEDnCjh88Hm4t1SEsRQO+HYor/98yONrejQv5I3Pw3RoNnKfkDEJ -T1EHcQdxN5wWCjLm6ZGP30Fmt5tHU077iAGuK8h928Ph8k180EdfCFIf0AIYI28e -ddWMdAX2IdYCkqREh6HwWvafl218kQXtIRfwZtfsVuxajb2RcytWA2oc3IOd8AFW -g+5uBB20lkmRVkCRoesy7wDK3BPrZDh42qYkjVpZtlA0jmNZipzpEq4Irr8X32q2 -EVP2Ak7Xv7JG4vpS/b++DNVHVEZ3BUsrCVSMY8CNh+WkJDBYwABLGK/24/Jg8dwS -tKttEbTCMh8BHe+6zU5I7HfFkdmlcV+ZBOwM/vNVE4vNX3xHcnAUDEnj/Gp443i8 -I8VTo6xPeVZDzDuKXmiFj3nCa6N+vqWTz2QTMl05PNyfsMFtSu7fcJAwYpncS+1G -OwLsUNsvTXurFL5lUD8caTJ+K7hymBXxVSduqXl4Bn7UuXoP -=PJUG +mQINBFturGcBEACv0xBo91V2n0uEC2vh69ywCiSyvUgN/AQH8EZpCVtM7NyjKgKm +bbY4G3R0M3ir1xXmvUDvK0493/qOiFrjkplvzXFTGpPTi0ypqGgxc5d0ohRA1M75 +L+0AIlXoOgHQ358/c4uO8X0JAA1NYxCkAW1KSJgFJ3RjukrfqSHWthS1d4o8fhHy +KJKEnirE5hHqB50dafXrBfgZdaOs3C6ppRIePFe2o4vUEapMTCHFw0woQR8Ah4/R +n7Z9G9Ln+0Cinmy0nbIDiZJ+pgLAXCOWBfDUzcOjDGKvcpoZharA07c0q1/5ojzO +4F0Fh4g/BUmtrASwHfcIbjHyCSr1j/3Iz883iy07gJY5Yhiuaqmp0o0f9fgHkG53 +2xCU1owmACqaIBNQMukvXRDtB2GJMuKa/asTZDP6R5re+iXs7+s9ohcRRAKGyAyc +YKIQKcaA+6M8T7/G+TPHZX6HJWqJJiYB+EC2ERblpvq9TPlLguEWcmvjbVc31nyq +SDoO3ncFWKFmVsbQPTbP+pKUmlLfJwtb5XqxNR5GEXSwVv4I7IqBmJz1MmRafnBZ +g0FJUtH668GnldO20XbnSVBr820F5SISMXVwCXDXEvGwwiB8Lt8PvqzXnGIFDAu3 +DlQI5sxSqpPVWSyw08ppKT2Tpmy8adiBotLfaCFl2VTHwOae48X2dMPBvQARAQAB +tDFGZWRvcmEgKDMwKSA8ZmVkb3JhLTMwLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v +cmc+iQI4BBMBAgAiBQJbbqxnAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK +CRDvPBEfz8ZZudTnD/9170LL3nyTVUCFmBjT9wZ4gYnpwtKVPa/pKnxbbS+Bmmac +g9TrT9pZbqOHrNJLiZ3Zx1Hp+8uxr3Lo6kbYwImLhkOEDrf4aP17HfQ6VYFbQZI8 +f79OFxWJ7si9+3gfzeh9UYFEqOQfzIjLWFyfnas0OnV/P+RMQ1Zr+vPRqO7AR2va +N9wg+Xl7157dhXPCGYnGMNSoxCbpRs0JNlzvJMuAea5nTTznRaJZtK/xKsqLn51D +K07k9MHVFXakOH8QtMCUglbwfTfIpO5YRq5imxlWbqsYWVQy1WGJFyW6hWC0+RcJ +Ox5zGtOfi4/dN+xJ+ibnbyvy/il7Qm+vyFhCYqIPyS5m2UVJUuao3eApE38k78/o +8aQOTnFQZ+U1Sw+6woFTxjqRQBXlQm2+7Bt3bqGATg4sXXWPbmwdL87Ic+mxn/ml +SMfQux/5k6iAu1kQhwkO2YJn9eII6HIPkW+2m5N1JsUyJQe4cbtZE5Yh3TRA0dm7 ++zoBRfCXkOW4krchbgww/ptVmzMMP7GINJdROrJnsGl5FVeid9qHzV7aZycWSma7 +CxBYB1J8HCbty5NjtD6XMYRrMLxXugvX6Q4NPPH+2NKjzX4SIDejS6JjgrP3KA3O +pMuo7ZHMfveBngv8yP+ZD/1sS6l+dfExvdaJdOdgFCnp4p3gPbw5+Lv70HrMjJkC +DQRcat0DARAA1IRnwnz9Yo4oIAblW0f6QQ0ljAt01m3wvKbe34WZGK4pc31lDH07 +IpD8pkq4knDjVz+gzcmea+7YKyFXVayb0SKiBUTtJrn6fR8n1igzv/wrcqezkM2M +OjVbYTv2lqchXyaY+rOImbGBqn/YAclfG6wQfL/IxLArVTo9QVN2zGy5DLESPflo +i4w2Mr6KajQULiHvKIMUsaWHW1M+vo8c374UaAc1nYyE3f/xo3fdJJKwTjFpDi06 +jtd9zg9VjE9PBuTbkOCoY2LFb0mwaX3ZE3Dbj/IAT/S8QkA3PntXgIWfeYN6pFy3 +ihCvY/hfsLhvzqxAMQbLHAsV0VAd/EB+ghXt1MRqEjJwYvoxIYnLnaPiLaRTsu6z +2mMkYeD5ruEB3AvN2zY6fDSOs0x6wZlbj6pMTJ9OxjAEGr/XswV4+rpqk1+HFHbC +VGryayd7u609JYQXYhq0Pcz2y9O7tip/jlzwAt3Skn+xvE78DQHa8vXrBkqYt/Gm +tZskGFWbwJbCAZGzd329cLwyROXM1Yc8EO+1dreuo8XoNKPf9jmVR9wqMw9mY79v +Cx7lv450B7bENH1MkGEZh8TRFZFtdBhjO30MMc6cRRUtTv9lxJ3zLu8gR2bIC0qI +31HLdBYS4RDf4PyCDV/WQla8yufw3tuwjY2BNXIGA/5U5kNEso3ylcMAEQEAAbQx +RmVkb3JhICgzMSkgPGZlZG9yYS0zMS1wcmltYXJ5QGZlZG9yYXByb2plY3Qub3Jn +PokCPgQTAQIAKAIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlxq5E0FCRLP +D/0ACgkQUMs5CzwzWcQZgw//dCBcAHxXEKuRDZe/6NgmEPZNmnUx21eUaCDlgv6P +SOf27Z9cvFg4TzlDZrIG1Kkas+rK5VaZYPi5KSI+uz1SwwcKVWwiQvKNX87XdjK8 +lanb7uetllYVKKyCPolu536g9Mr+eZx/W/yUdapaFGvC6XisPOCYL8RecFX8kYnd +VoyNAwZNrWhUeMQn1OU29utn23RY+YgfcbJD+6DXktvfknw45Z8m7ZRaKq/VAJ2N +br4QT5Bpo+OUiZKXz/i/pBmF1WlHdvTP6vz7eOl9Sg76+mdJfG0lBJN833DXY7hI +bRwakstVDzwIpBl9UOcBnbu0e/pr/wEanyOjguOIqaDjDStQIruvrJWz2KYcF4oI +Us/cmLhtBHVre2pHykdEdOCrno+C1y1nMU0eJfFw804WIDz9IPs9F0CawJFYYkq8 +yAngtytRj0olLTQMUky/qlloML0MgDzaD1fzmJmPsFMVJygmaRFj5C+/ZYegjGyc +f85azjM0bpks2jpylvQDpYr4h+EY/PTpg4nwRLENAnsHRzfZcuoOGRSSRmFyeR02 ++Y3QbrUwt7Q37x/Ge3bVynQuIqiQiMY+vfF5/FI1Xn2UNp27+Xl3GS3x7b2zQU07 +9b7wVeBu2ohymEUo+x5sYSwWQvGP55hQHpjqDmA6UeXlJj5kmxWsqC30bBV5ghy7 +O3OZAg0EXVFWqwEQANYwGpi/8bWvg/DKI9AJ+Dl9cUZdXUUJnfaoyL2AtRO/UJfu +tjIfgieP3eiJz6W3WRDSRAKQg07BBzM6SbpcOQR6SYyseScmkUvCtMrgBLbxtgXZ +GMsz5An90ZcMw9iw/S2Qu+jFoev1ZNGrz0D4CY41xQBAgwmDcnFcABp8GLZSzNRQ +Q8hTfkzK58W3Z493WT/qFUA7xLZVPvZPFdJjsdrhfYnSkbNupDoOrcBXOiCyegiL +T0Dt9i61hk9VUAQZFSpq+XS2HwvK5lKEBJnfwJ0AcEy9ZXhtVmCF3/ANXl6/ctdQ +TSiK0sCo1J6IMneCspY3q/Sp1TSXdhrrSy6AAF3fFoT5E57yQMLLdaYBo7nVDzzR +kDaJc5MkU5uqQFM/2P35l5D4o0TxIGiIfUTJsq0FTwebKBm+7xkLVMpTIvmDAZQm +3y96uDLkHDdDtq/nbSw0YPdwhavh8EBVjB0GhlPxFyydTU8/rs2Y4YVzBIUn8umI +4wKlnUgG+M4LsrIoRljb/reSNbveYHs4c53XwEe0ZWQDdAB1WVxK6V7/PrxU4DLp +uKETqZ3E/bwPgg2y2zzDrKvgb7doQg3y7SpFCrrpGLmY5dPKV74425218aDdT2WC +JyDPqhWTXtFPSNX24vorjWwZnWwf/rJNdApqB0BivfDWLHYvjomDML7/7pJLABEB +AAG0MUZlZG9yYSAoMzIpIDxmZWRvcmEtMzItcHJpbWFyeUBmZWRvcmFwcm9qZWN0 +Lm9yZz6JAjgEEwECACIFAl1RVqsCGw8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA +AAoJEGwTAm0SyUTQt0AP/Ap0Ay1/Ovs7bLTr+w4+etvcPf1jYNdsHzLSISZF0Evb +0Grlu3HCYCRrsllElUXE+w5WpnooBGNLT+gIGYlzSMJEA0UK0zhSNUdNKzGsl+4+ +R6W+uU0T21xHo4JGm6P89mBRrf2KJ8X8VNR8OCHhD3XGJCgup8HE4nOtq9Aegr1X +Osw1M67onqXjN4bNj+hyPoOlP7l91Q7/ceAYU2I1g8LoZXN6IDcABVHSwLIYQ26q +p2DBTFXcEiG3TkzlZx2/GDVT3HkjfKOQtDD6J29fil69OIKH3/S77iDzRxP/bULG +x3Hv4NUdp7BdsXztBAhw4CKeDRLlATruva49XGZbL/npMpSoOjI/xI2xXraVPaO6 +2yMt683FSTLTXWDnDdtzrVR5p4quu6sV1Gz5HAFWRea2qb+LqDRlNZnJYY7qAl34 +dYCpjU1iKrj5wy80tq2YDaw6gKxE2YT2rqMz8RJWBofyFKnwZwu7O33+vg9lkaXk +K9R6V06IPbbW7yvO4eYuzh2yDAkn2mAtPRxQCw6lsw8jQmkYg9DZIbrIrsuY7ocU +7FsCTPsgZS3SDLUzM9PIG+cH5aAPUj4hBdewluE/n5353eY6eqx3qgMz+CsoHOuG +hR6g1p1z27OOoqU6uat0hHcHPfxJKJaV17l+7rE+ol2YZlE2Ne1zImVtI9UMiWjH +mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1 +JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B +M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn +XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6 +pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV +QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp +Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq +3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu +vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar +1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g +YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB +tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS +KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9 +qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT +9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP +Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS +WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft +HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF +p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP +x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8 +wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J +l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG +iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR +XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVZkCDQRSrmiEARAAtVKYV8DKggGq +z1B/2bDhbJWm3k1TtqQ5OWJzven/q4GQe8QKwTknkJOwfdIqkifOf3O9jgJ+Dl2L +0+t4Hwnl6SbOTO3pl5D7DUFlko7vfZVvgKkjZo2FoZkZS0RpdDju4CMI+++nSF73 +DDRZc0j49NDdsQKozG45Z1dp9mmwBOYKulaaj7xV1cn61Wv7mpaIA1Zn+odreEXa +Yn6vKkx7BxVN8aQs/k+v3RlihkONmUH02i5wzI06ALJmNAMnr5CG1+omVbcxr2p2 +KT3FluF9EQz3KanxTWZOuN8SOJbGfmNhK/WLuUv/MdJcvrZpiKJGhNMMG3VLu+NG +E2YwnrK6GFokYOc7kNsXysSaFeRPhIfrWMBgyZ+h31oUYJ7nUUcL7ieOc7WFbSrp +SsPEEKXdkk1q3EEAyWkVppzKKF/zwE04wgRMQfXZM9/A67r5OyJBzLbCKpZADkDH +bF9Xd06L+gRNlw4yBtMxcS3biRm1cHP+qyHPeU9OeY9+hM9B648XaUxjjh8UajCu +ZvX5RW2scbQ50u8O+1qs1ux4xaw9FXk8dr544xqnIRxEKXw6RTs2/C0xYYGInckT +VH5UGN+VizsyzVfqVd3kNyYNdVBcHpUjS6n0H7hURnPs3MJDYx4ecj75vaHUdQSH +6ierChjxm7TzV6OxETEcqVskc9M4tLcAEQEAAbQoRmVkb3JhIEVQRUwgKDcpIDxl +cGVsQGZlZG9yYXByb2plY3Qub3JnPokCOAQTAQIAIgUCUq5ohAIbDwYLCQgHAwIG +FQgCCQoLBBYCAwECHgECF4AACgkQai+uojUsZOXHxg/+LKaqbE47QzO6qcrSixyq +7mbb7loqreUX70/cMPRlFBTGeGWRl+J1F4OPaosQy2slkfHXRv7OZMjotwtLl/+o +p82mMkYPgYe9G66ilCteBdQa6z4tvXminxvhrjBbV3QRtmuzrT5sN8ripqvRKb+g +dJj+hOSknb0kUqiVrRnAOsEUv8A81yRDR6ea3vSLJtwmMnactBi0QOcKOHzwebi3 +VISxFA74diiv/3zI42t6NC/kjc/DdGg2cp+QMQlPUQdxB3E3nBYKMubpkY/fQWa3 +m0dTTvuIAa4ryH3bw+HyTXzQR18IUh/QAhgjbx511Yx0BfYh1gKSpESHofBa9p+X +bXyRBe0hF/Bm1+xW7FqNvZFzK1YDahzcg53wAVaD7m4EHbSWSZFWQJGh6zLvAMrc +E+tkOHjapiSNWlm2UDSOY1mKnOkSrgiuvxffarYRU/YCTte/skbi+lL9v74M1UdU +RncFSysJVIxjwI2H5aQkMFjAAEsYr/bj8mDx3BK0q20RtMIyHwEd77rNTkjsd8WR +2aVxX5kE7Az+81UTi81ffEdycBQMSeP8anjjeLwjxVOjrE95VkPMO4peaIWPecJr +o36+pZPPZBMyXTk83J+wwW1K7t9wkDBimdxL7UY7AuxQ2y9Ne6sUvmVQPxxpMn4r +uHKYFfFVJ26peXgGftS5eg+ZAg0EXPfO+wEQAMk4ghaWUa53Gem8meTFDPYK2hYj +uCh1WehyWt2XzeRWOpJCn7Z2DG4bmZSIANR9gdpFDPErDx5+5CfDHNT2RnvSeALG +2ZtBYaZSZ9JOGJqk7PTTTXz56jkwVpt3a92IajXL7nWbaxEOk3yp0JqpeSjrlzIy +4teuiMkci69ED/HuKo6tF/JrzHc7ELg8SCXmmAOc/ylUrSUtidwMRAI3voP25uFl +BaEhIX/Mkj57zTpXvWHN/Iv8y3eZCb+WL6VEpTblSyT11Zp/g0f/Bkcwg8CRUni4 +Pgf+5Lj3CpafKJNgZPuFRuJ5wXtyuEsKaVHO8lHyaRE/r/hP8Xe00M9Zl4M0QNUV +SRMUc1Tr+Hb47f3ww1j986HIpo0reecTSDpAnV04ffWVccBGWkU61a3dWZlTQmdY +t5h29qngR9/2pNZkmEjsKrRabwOAtSleA2WSaq68Ts/ZbkQCvYTkCopCgNt/D8aJ +Z1G8dYp40YxEucYjdC6hfdSkCVcPu/XdV1nE3J2+l7Klt/8B9HKsdEqGRSPdxTWl +iQzcM1kTvsLklR7r/SfFu3gRNRkFOAuBgkY/xzs9uRWc7oj8qAvWPD7sxboDPw7H +5FdkvIYxWZtb9MxzyFol8osyhSjdNWTyc+JSGg4LT+QjuP2KUWsHEFTl1S0XghMB +ZzzGcbqMmz8iy9GlABEBAAG0KEZlZG9yYSBFUEVMICg4KSA8ZXBlbEBmZWRvcmFw +cm9qZWN0Lm9yZz6JAjgEEwECACIFAlz3zvsCGw8GCwkIBwMCBhUIAgkKCwQWAgMB +Ah4BAheAAAoJECHqRasvhtahZqAP/jGctbCzfgYHJUNCSOmuTR9fsjKGmb9TsGwg +cqykcsv5jjq8AAZj/28y90TR9yv0STZmnvMTVFaZILPPNSBMboEWhMbUfgWGj/tn +wFcr+PJujBdJl+pedM5+FIVqXAN3CVIm99g1X0xvK9vE3yplFTXPs8RZmsjMUMNO +gVGTRHvXMemc9M0gnn9hdPA2pT07EgjyExCPi58XXXTjQAlBntuvevN6uXIE4H4l +3XNI9WsA+l4zImmlYUdIMAhYrrH5qbXdUgide2oH8LPgYEcsUrl3b8hiylXDjtKi +WPyOIUS2cCrr7UCrlYfeIHhsTZ7rPTQNIX3d+vA7JY3taY8ihzZCw1EmGB8kL6Kw +ZADDCrzEBscQF67IwbwZmPPGiGDQfhs5IS6NUtOMfXFsAbgOeFY7/VVctf4tcQvJ +w7xlBNyOP/gBAq6jjC8w+u/0DXr2gRMb5XBCU13vhUE8YK+GfPAZc1tMr8ofX5ZE +fRhJv7jV+UHc0qExJTp0YjRIa0jENIeFVU2bHb/peJP1T/OetmwbkrDychtsXP70 +wZRRaAkyx3VmX1HyDPtX1+mfsvvLkuEnwc4Iyxj9nv/sdSz638DUwjiDtDmDlS5J +l2CLTPG6SJa4KQt4CIA/jLvMorg6Mnrjg0NxYIdrfrOfBWaTPeLEvxDRq5HXk6qr +YGNH9/KimQINBFvrElgBEACjNft3anFHNzwHW6dzxGinWEzFin3xBUjhre7e23Dg +DRIceDtePOqXGnIN5yGGH4VZrEGHfjTPoCcrRSpM75ryPLa3Pi0UHXRso/OkO2ta ++VaQRlwU2WAYqd3g/eck+x7MZHuKKyfyxDSUywuJumWhIqeJLyG/J9e1riHwaxYw +tLDvHCAtK4osoJ6GZDx95Rr4El/N5CtZBlIzRQUJMo695MIxeKA6RmlQVp8mGPQm +20Hveo0kBsLYFJxTW4D+KnwpQr2mJLsEQnCgKcr8TF5hDowz8+o3wdUrfteiVfkd +X64kXJm85jaR/K0ubnv96iTxoeh2Wf2jNAn3EjKhPzEeYFI2gCm2tzwUEzSuOjtr +x7FqDp7/iJRANmKQJ9KzhCT5JLkeS5do8d196xiI79Zlx8ISQRvCNuu1Or7idwvI +gHy/+BCyPUARv430YvXU4d01FVKTlNrbRsq91SVojek4UXkAk9oh4d3Y/AQF1DLs +4nK1vBukwWIKwcfVA/RidSqXofx6pahTPvguTkAARhMEJPLtbQBzD5kqkdgdP/6s +7ziTwGkGO8iF0TvkCwMXWXHl1B/m6b3h/wWOIFNfAZ0FxZmmD5UhytjVjhdI7jiy +Zf6JjNupVCVx1eqMGZfm3jkZqzWOB9wrVrb6rtI25ZuoRQJ/idnXkxZmq4m1MCZb +CQARAQABtDVGZWRvcmEgKGlvdCAyMDE5KSA8ZmVkb3JhLWlvdC0yMDE5QGZlZG9y +YXByb2plY3Qub3JnPokCPgQTAQIAKAUCW+sSWAIbDwUJEw5BKAYLCQgHAwIGFQgC +CQoLBBYCAwECHgECF4AACgkQe7kHItu9z3xs8Q/9HqL76vo5xZjl78USwgX7t2f8 +Aa6sqD6OIV4V9KPCaNeqP8OF6LqYFxkv3GX3FMHGPHVKOBLQ6LvuGozcnnpZ3ypq +6ChAy2L4W7ytFggpluArxSN5jmHoOXO51wPDPCSjd4rRi1+XnMDiA3VIk0vTcGHU +K13JgvzuUrIbFYhVwwCn8Rt0GvCWVLyvKRbykN3xgFmromREKdDCUymYS/u4hXw5 +xQt2AE9IgX9puLlGH5AdbJumMipcaI9erH/KVoBvtAHA5ozkL0PDocRaWA/W+i8r +XEeI8TJBA7Q/Xb/L12aIOCzeyEKGP911iR3/99UGMgfswKvF4WT4KdAV2VZoPizu +0Am2MUYhoexdnHY6GtU1UKcWt2hW7HmGBCZVdVpUF3W/gebe+ahLPT9UhqNTin2v +w7MxMKy2uWPZri76R165F3TP434dZLNfkNa1rdtQrRaD1Be9/hAQthYWKoCFowbM +LAr1BgzkUs97arxBTzqkr9GTCy5CX+nObIbwkrFYugRfA4bSzNFSpCo71cudqNwK +JEw65lF90+T5ma7lM6ZwijH1A9pYeGQS0eUOrV/0VTsxXQOyS6Mcfper+dkOpypZ +dSnJGzid9HPUSUdjI94wtRYInrcD09v5OnJcoxUDVVjVhH4FIqKVYstucn/LB67n +nn+55uTOKdm729ex0UI= +=FHrh -----END PGP PUBLIC KEY BLOCK----- diff --git a/initrd/etc/distro/keys/tails.key b/initrd/etc/distro/keys/tails.key index b43b9a543..dae415b93 100644 --- a/initrd/etc/distro/keys/tails.key +++ b/initrd/etc/distro/keys/tails.key @@ -12,34 +12,34 @@ zXSl42yg3EEsJlijBSR3wsIJ3+sWvQPMBdjgN0RjvoyI+zI7BeP8LC6ngz3GC8JS D5B8XNUYV32tlCs1ILdUPUF1BbxH2sWxysbpl9RvOG56JArSG2k+KlihXH5fmNiC NMWZ5vBShQ+bpBXh55fu3F7axequpWzocRfH+mfvBh5yvZnjDRGC3UZ06CFWN6JP 8wDFR+o8ZHSsq0Gx/2mIXVsJT6h0mF92Q1iqH2SQhFeRL3M+RcED6Bx33QARAQAB -tEJUYWlscyBkZXZlbG9wZXJzIChvZmZsaW5lIGxvbmctdGVybSBpZGVudGl0eSBr -ZXkpIDx0YWlsc0Bib3VtLm9yZz6JAlQEEwEKAD4CGwEFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQSkkND00xGkFT4rt8rbuAKyWKzYTwUCW4f3egUJCV4TZAAKCRDb -uAKyWKzYTy6iEACJ2vlgJLNN/IYTH1b3rBwRJDreicvOnOYjo8E1fWhsMv+ATs3G -0KgxOz6FzwERqmdbYAf+J39k+uQ8s+bBSgZ2J8YTQnF0unlrVQwCCxWOB2jpBUj+ -yhmFrtP3pcDYf42OFO3TjidIGzOwweYsavRFi66otgCtdCCp6NczLUNasBFlWGeT -QET9RSzhYlJypPTh2WJqTohn1eXqKesWao9B25JlTKosSWgc9v25fBslMZvWpb+V -cm/ePHcDz/8iiUBxZYCTYzmxHfS+j2gSZaphEEC2i5ftJzaRAOQ5JaRYHbpuoOhL -L4lEzGD5vEYg8mSUCUEJlx+fAUviJJ8fQR74mosdU1/7z2CeMzBbccQfhmq4wD0R -89YKmQUrLy+BTB8IqWCBco6Ht8AahIFMUK/ZjquOaPEPQU3iVPhuHv/hOE4mFWNC -/+GKzRnVv3mmZ49BG5tjjPlukJ6N9gV+3xTnjTseZAWGhySuk8+F66+OYHGnFUv+ -/fA9AqQOnNGVVhUpmIpC+V9xw5h6hr72V8zQ9gBdmFHGJjx2ua3AFItQgrJK05JV -64yApq9BjmqMlFfDmcbjNyq4/HY/ibLhzlswofJAwOy5Up3Y3EGxe2fmDO9ktlEY -extaMjQNcgik+e+FbqPDEbxJQ3Z/F4gf4YziHlxN31CE46g53UO2CdRv9rQhVGFp -bHMgZGV2ZWxvcGVycyA8dGFpbHNAYm91bS5vcmc+iQJUBBMBCgA+AhsBBQsJCAcD -BRUKCQgLBRYCAwEAAh4BAheAFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAluH93MF -CQleE2QACgkQ27gCslis2E+R2Q/+JE4gEhi+e/EMnDRflMYjiCdwssr8ZovyoxWQ -6Cz1AsWuLmRzTIWlMjkfQxs+fAXK/+yys85jiXzzDJkiw13BXTESdWpe7WAZImNy -GLe7lA0A+UMfD52FIjjkcuestH/J1CadykACyARZCL7l2eqY2UZL+oLRH4uNAqK4 -YRs9dey2bEQsZk4fvbEGf5RxY3799AHtcucIkJIzZjiUWZcKtYAW8FrspBj0cX5T -Lyd298or61lQf1IixnHyD2dxy1yTx3SwWyxAF5YFFvwkvTrPiyQSQEhQyUcLzOs5 -v69zd09MOfR+atyxpeG/p6HnOtsAuCc/hvghvsYalGK8eq/Ods6h97xPb01UOCgZ -bcXcy798KZzu9MM1ZZIqz+M+SvCCpch/dKH8yyZUipR+dR8ABYA7noZFdyAwlTzk -PaHwBzJ7g3CuABH8KA2KpP8POIAgyVosxm7q/73NdoH0ngRlx5oTBwblNRNxjd4Z -+FhZsrqN+NVlOOOFQRMeI9SAsXFHEsvZnRUbEwoeroFUUymJfQm5okXz99EZY6pM -Wd79Tr3fLNuBM+sUc8yx/wX31NwQRCrW+RwZj5TfKHTt99M9EIiLlSqUz6Gj5GYC -nf97bq4PqqF7/kGkkaNV+k/T4+mkvHW4IVyvuqhqna0E2WeoSRsSDq/pR0MGDyFZ -pP7t0hy5Ag0EVLvR7AEQAN/E325mECH9+a8jCu0yHu5s5GOT9MOjyChyAFuont9Y +tCFUYWlscyBkZXZlbG9wZXJzIDx0YWlsc0Bib3VtLm9yZz6JAlQEEwEKAD4CGwEF +CwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQSkkND00xGkFT4rt8rbuAKyWKzYTwUC +XZyG4AUJCsH5xgAKCRDbuAKyWKzYTwa3D/9JVmXlwcyi7F8/VpodUpjDlkJ+0aB4 +XPwunstpF6hq3v66JcCHcIvqXyEvp62pnmFgcANw88f05T+bl5bIOvR3+xlGGUlN +ybAAo7D9JfYbdOmlZSlQB+oxLD70ulGx9ZoC4smMrfOF7z/5zVtk+RRNKCemk2CG +dhAXCwI2OqGDurmAMBiPnrGKMrwInt9LzTLnVi3XmqNjGn10uOCUJLS2PZnIDvXW +KuevABfKbEIAFk2tYlhG27Yz3CL0luZmYzVuqFLn6Wa80NQ0RqDBiUHkvLi1T5f6 +R1QImtaTRB9GesAUhaoXrSNBSSJBcc8Xi4s6feathNcvvLG+GiYDGlJ/qoewVnzM +Ml1YOVBlKOXL6zNvL3mxRRYeV73w8+2jHozYaAhRWybAyybDH4AEzP0JVUe7zaNV +8F6kLgJ3f/vj18imNsSu2SRIKfUMEzQCN0/NBX8Cn8B5k99erYdd11P2oHPXK4qH +kYZrpknyXNqIURuDa45HgkIRAGToGer99R74iOdmMwO5RRjWqc8uAnUVaZD871xx +mF+ns9FXUEn2DcgX6l4Yvsl1QiWI2MR/G615b5Jkihyp5qptKteZnpVUasdSUIOI +93NKH/wEaHAHHiD78AjxZaQBTBVhOVFQvkXYteWZ2V+5PJBk7A67L8inFP1NoHdk +QnbURTdJEIrxJLRCVGFpbHMgZGV2ZWxvcGVycyAob2ZmbGluZSBsb25nLXRlcm0g +aWRlbnRpdHkga2V5KSA8dGFpbHNAYm91bS5vcmc+iQJUBBMBCgA+AhsBBQsJCAcD +BRUKCQgLBRYCAwEAAh4BAheAFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAl2chtUF +CQrB+cYACgkQ27gCslis2E8vkQ//Z+KpA+LY2xjy6SxAPLxLH30oGpYKPyA1ri0P +NmhGp/cj30iLr4aDXw/N4FM6XRILcce1pSxvaUbx+UGijm6KyDhcOmA309Vm2cEy +14Ik+89csjhfK+Q4kcZAhPEcQoVrM18JtKEDW61iEdkO8FxFKkkZiaui/uEyY22F +KpZQiJos9pyNMxb1bFKgWUKXgZBcSZSbE9Eo76jIIkra/4A8gww/nHcGdoBIcjSd +rAlLUzKF4k9Q3a2nN9UpAzUEoG6VaFVaM9ytgnpigHKuwQmk1EqnNPeynjjmSHxo +q3VAll8oaPO5yDFSM0XXIDypc7aXarzC1rCnZHEOMG4Zmi/SPO0SpdPDq9ZBT4hX +PmQrByRWMkHwxSm9Kcarcl4eCH08aY2akd98MpTByc1s8jO78Dqwpmw0BDR0vfZx +1J8E6+kou2+j3OXuXrPRwkT0/RnUdlM2/nsfWJQ7g6e+qfkZtGyA/etX0nfrutRr +DMtxncy6xHWRHyAEYJx5n/tD+zGzEEBNZ+zI2BX75hBvyF4UnVp4cyqe/6+0rrD7 +hcOSP4svAQXQdGHOcMiaiBFa+2AVzmtKvjX2YnaF0YfjD8Q5+9AqJKdkVWJhIJC2 +1OpXaaSzvQgUzUpmAlrn37vFZeeyCEbyL8Xjx6pSo2ckyNm2nrlXeF3YBlUWNfv3 +pGogBnK5Ag0EVLvR7AEQAN/E325mECH9+a8jCu0yHu5s5GOT9MOjyChyAFuont9Y KiUj+1f3Eu65rHmuGDAjAz6NZS9ONENzIcDvrKvTcQbtfggtQJ5ExUPt6n2X7xdN FW53KkonS+DjXwTQrr2vpnImb42XsNnZVBjaSzqpbxWF6rXWgTMeICWVuvkRfRab 8qNLh4ugPuC+dqVermt98uTf6eKa2sssBw4m36/sPXqoJ/TWahoCglob/uKbh3mr @@ -198,8 +198,8 @@ Z+0fex3DsVwXMdyMS78zfnm21bMpsgfJx7YZI1gFQXAKtVlEWPHajyjd2tCysYHy 1AnbehkHRIsYVqXV1AwF2bSN2rKf+nCTjvNgt5VNAiJGy4N+QuXFy5X4NdgMdYq7 vYT66IeZwlT9HV0wEB1jsX1y+50faxfn2YOPFpKXzNd7VOQDDx19J1IsNw2Q7gnr 4woqqJw+bLG7ClRuNfN861Dlxc52sH6rjdceiFsLKBj7T1mQFAUZB7TCMIvK2rry -lc5iXQARAQABiQRyBBgBCgAmAhsCFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAluH -+M8FCQR1mLkCQMF0IAQZAQoAHRYhBAVGn7herWWJtD1B09IdrTivKBwLBQJZpDyW +lc5iXQARAQABiQRyBBgBCgAmAhsCFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAl2c +hw4FCQXZffgCQMF0IAQZAQoAHRYhBAVGn7herWWJtD1B09IdrTivKBwLBQJZpDyW AAoJENIdrTivKBwLz48P/jgM5REXNkh4oW2GHC2ZfPMiupF11zTBKWuIrsjLzUhO IqMypbKDBAQfqV+TSal6RTvvZHQxYUxak4OK/TtjDL47XzHGQmzZbFndH42XVOua kD5dT2Sv+5oWNSZDz+Yk/1tg4aRCD1MqATPD7N2O8Y7+NFU2dtQLV2MPa/70K/Fm @@ -211,17 +211,17 @@ ghRuv6XsgjUz137gNkT2P+PNOBV19sTV3haz4i6gBr180xvvtOArwP1vTxnAa+Pm s9bJt6W60PO6kjWmDXnPykwq7fpmI7qgJ2svlqRcLN3GRLX3bc0jCpspUEWAiq2J QP3ejT2QmNF8GFCITQSB64Vb+aOBE3aifBjt82k+KSvy/P8gkPCc3fsxdYSgnesr k6EngA7vOM/x9unm3yPMctpT2kKav/xh0IYQdsyF6QX/ScKl3kvuRt3LTkx7nd/L -CRDbuAKyWKzYT7FlD/4m0ohmF5KffUQGW0L514b5uU1BkmhLv5kFEPPB3qxClfP/ -SzxdiiCyZHCSOqsGwepf3E+1X1KJEMt2Hv1XAAxLbfgyPv+uBrSjxqi1LWE8+2UB -W2zVAvGksKbzVn/GnGevKxknkvmxN9GEqiRTXdtMCNY/PtG1jISAYM9Li2TmL/IE -mmZlSHhxbaVfrIrsI5Sx20Xwp/WhQ5+ZDMLZEUQ9a1ptVsCHLgs/rJhyCfrZc8VT -KfTklb4dMWYg+8QdUO9YkzSdpwLulfVIYD3wIOZPKLzaxiXxP9lJWEiEuXvt+HAG -kWn1yeIBBqlBFRDF57EN58xPxNJ2Gq6RYW9vb3/h4GWpC6znoHeHYOwJAFPL7Jr3 -7G1YPlYEJWcprLoGsJpiHFixluopp+LVMmqoa6td2JRl4HIjsJy9Ocw/suVX+EXs -hgRfyKEkuODqayHeiP1Pof89/WvMqCC305LvBlT104CA3p4RqBho88tcJQDpVYib -FJOiuOTZn1NE8COo5Uu0j19R/amI4pLOrtfEDy63kaTVmfOrFkdGxDxikyt2DgXG -i41HNbWc0PiinSt5NGoR1oXyV4ouEYWuNEQe90hPtiuOXP5cHcekjUAgofhhtP06 -uUtwaDwLzno/gL/xChXWGboT58+c01lxBpis7grO3dW2siCtXC3HNat+WVn1gbkC +CRDbuAKyWKzYT4rbD/9nPA8b0jGyEJvdCv8y3W3CpgDV8WSs7JTlAojJ+m2826kL +fAmBbbsTSAY6DikZzbiU+il+m/sWUjTvtbmoirIwrbRhom+eQvXTC0IwOCBaqBO8 +lWfr/r2w0v9pypTuU2QzypJD59bf4ozV2+XPhpI3Jo8812/zpPQ2C9vxJzZLIzUb +kPw90uOedX9BIa3gQ5i9kdMrp09K0pa6JHQGr5+V4Q4yHZt0DjFFnU/mjmGr1Lt0 +wZ6D4S5OE+EOmQLHajqKBSklUaCJ/Q+f7BENnMSPvLL7rQmm8X7jE+jB8N27bV5y +qt+Wqdm2l0BJj/IwzWtXO2dZcPo6KYZ63V7J8NQY4pcyU80xjxHCgFtS1rCn7phX +HRFac+klAfTkord+CvsOTdWhO78nY2qlkHl/MErJzZQ2k4BLwgFbIudmOScg0N/g +JDQoPvCmv8WmxflsZx+ZRH1pDSwrB0trCIyzf6cA/t/7S8GhC1Ecd7GFmKr7CE5J +K44faVqQVH0iDYuI4ERBZ9kkf1qtsv9VDc51ghQn8wqe6yXKqyJc2DyOCQsP9AQM +L3+nziTPQ0Rj6AY/qpu+hVO0UDRXI8c/2JvM4LYJPMa24aSJSX0t+7Rl3tUagOle +1mpkxLGyf1jAZzXUgFvstI3iMzGB9sxQZzb4G1PaRMGjP5dhfupCkkPxSuXS9rkC DQRZpDyvARAAtfnSrtM7lNxN5FPfT0V8cUpXW5D3jhM6mC6NUSvKSDAeITNdQ5Rv o+k2GaN2dORrFSTRlBnGlF2DDpXY128zcvJakG3jadgGvAMflrpTDbFN52591u/+ JGbZ3rhTSKb0a+Vmo4MxDPKWF6ic69Ktk2NMze8pgJMpaqBSOqjWGnVpQw/eE/aO @@ -233,7 +233,7 @@ ef7D52q8Kt+DyfLSBjudGV0g7mRXEGDpJxBPhbkGJMwCoXTWlV5mPafpNIk1HR6i gC8ndBGxNk/yENfSGQpAHmVR9LzfXwFBdoDgUL1CzAu0iGfiRO62rGMlx0ZkUADL REpeLqZexYmQ3DJ1G/czh9f6aA1CDbD37kZ83St8GcDSFI+jvud5Dn7/zfOp+B61 Ykn3Zm5dHQ8BO07LbbqyAH+312aBlCWdsj8sIGF4KcxQSzuj1tuCLUUAEQEAAYkE -cgQYAQoAJgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJbh/jPBQkEdZigAkDB +cgQYAQoAJgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJdnIcPBQkF2X3fAkDB dCAEGQEKAB0WIQQvr5ug1luzcfC8LUYwIKepwrcnMwUCWaQ8rwAKCRAwIKepwrcn MxWKEACjpk4elL0hsOygwHaWilUwGIWnM/s8J/COeZ4aPJYL0uBRd4duvewHEf7c Ws9N/69HRY1m5o1wI/lBOKB32QXMaaLVXDuMkuXrZaNkT9D4WdCJ719izhkBQ45d @@ -245,34 +245,34 @@ Lvg07g/JA9p8+6lBlmMUkC7p4zihcUIoNXehfFsumReFea5qzQn7VWOQEYTNwtv/ FKV7kRBGctnHuOYgjmgKxIwmUO6ufA5grrE16peYhkRLeN4+m+pOG9swUwtvVdzS 7zY0Qq0qP5zWrh9P13znHb8zexd9DafgIGbP7lJqPP1Lh2/Kc676/SpyT+2A8teg sFdlc7yU0fHAOcbhOpMccXkYNGjqzAUnqY3K17Pi4JHHKM0xHYmRlZYWJ2fZb5IN -54EM0sGPZsOcIa1qg79qzjrY8ep0XJOLK3DMXKTjlWW+zxhZlAkQ27gCslis2E8X -AA/8CqeuxtsKzSosGloWVUkK7YrhwgMAMVxjdqCSetsO5oTB3OWAHAPlYoTaPcJh -69/Aixib6Ijs0sAf5nUlFRXeMON+gWo+52YW4HYf4+B87KUPye8XL8S9fsibxJ6V -rR5kRAoqxSUfpUhxUoNvaJhGD11SSCnMELxvpm86z1uAEkJH4cZ4vZtrdmD5gQNB -d9Xi58xV8Skzpu2W9PypFupM8K/9z/JfzAnm6HFAOVItAkv8S9sT0F5LGdS/G6Qc -SfDZGZUUSmNwy1+igCQdzReWkSFzzB2UJxX2Ap/b8gy7v8BLeP/VTG7BTZfKLrPv -i1V7Z0+w7iGW+tksP9ElK4cHSLMglcWoebY3DC9r98vBYmPTKHzB99LLcFnJHDJp -wqAUJIvw1NggjkFjNKSMQhJhuo1I4Rg+x/i8zPxcpCMCRol1vWC9Kts1cHDMwlrT -9v3W69gcOkVcfpD0MAE3xLCApR7C0Aky2BgWvQt00O38SCnOzdK/Thja61lSbPij -xmUL52K5d5v3WKKCo9vBCr/hqXwJxDApgn3YMLbndw0skmZ1sWKEGLJisYfrZTCQ -QmgBdN/C7RGf67XaXHjj966XOleBYI9QjciavBl0eX+nIJV1oSa41+/zLXYD90f0 -OPd1CpCoFgq+quk8lv6xlr8jsCLKZp8RNx7tj8UGBV9Bn0W4MwRZpCe2FgkrBgEE +54EM0sGPZsOcIa1qg79qzjrY8ep0XJOLK3DMXKTjlWW+zxhZlAkQ27gCslis2E+5 +hA/9FQDQu1N2EZl7FrrAdP9xO7y1ZUs33gys9eA7bY8ETMlDqchnEbnbqP25W2yO +bzrKtshVn44fWUGOwSmIDfVm0ATkuJgMReMTo3APfOHlV4HKlMZYMF7NufJs4f+0 +/DYCq2FN1ZscQmph8YKAsTFKxXWNw60ilfQoY/KxLbQ6YTw8rfd2FM0ZwjV1PbsF +7HR0FkZjbaJKry1vqtOS+cjs360t1rclm1KRMV9/yJJMow2VV+9FIhbZMowrfZI7 +Qx/Sx1pYNT07D9dBNeGSRnLWEubO/mb8s1Hzgty6CEf6qlEwdRMVELXaVJcf53CK +EqZe6uhVmTq7wrmbpnb/I0Wer6igL+aUvtkM46O8zVCT6T/mnsXyoCV6zmCPYM9R +ECEyRACx4Ik+ExjLnRLezYhOkl7uN3qTS5rxR2otbESgWNx9L85Iz75ahU0zas4F +R1cZ+YC2fCRAqmPveAidJbJ0ZJrx/JH09udX5LafUQIVkY6xmoE/9T8bIVSbDFwi +fig9OdP/OtaDJBS0BOfQ9QdlpIWe2owVZa9Aa54U2jjiupCGY0XB/LoNWe02WGUN +amnXegG+pHGGGt/atMAFAtsAJeXpLIddO3mQdbR25QgJ58fHtkX9y/FMT4bb3FII +Vfd4PMmQibGXEwi641+MtwlJ52QVZRmL+2XahXoqCx3hpPy4MwRZpCe2FgkrBgEE AdpHDwEBB0DtqAgreIYCHrjvjYlBdMOugNUQhW+E0ko4ynwSUi10l4kCswQYAQoA -JgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJbh/jPBQkEda2ZAIF2IAQZFgoA +JgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJdnIcPBQkF2ZLYAIF2IAQZFgoA HRYhBM1NQ1GvppM/V0qa+5CytL167SNfBQJZpCe2AAoJEJCytL167SNfLMcA/iHy x9wWfgOAHlRrf7lWpk5OF5BHNSrTqJay+OiAOJG2AP9PA+oPGmdr3WZpf6OcWc/U -vzu7VzEY4UorRPpt0sEKBgkQ27gCslis2E9pPxAAiCSmy+UOcnMzvtXQqczXPUys -OFmJBZI/AIxa67NtOWPHmbii2KA2YnoHxbXoUJVmq25EHjJQITjOhEM7GvDknkHq -Gq7+bcjvPTQURK/LL+5VEAfapUHHRrlEOJaUBhA5TXIHYMi6ND+IRG1o4e4ljLMp -oHyS4Nl8yqWmjr/mUWXUpw/D4K7+Xy9CCNA7PT7NLgtHp83sdLZ7DR1jUX1GTXNl -vEoILlFEtqSL/cp8nbIvnhPX6LmGoIq1Mh7UtdAp93b+JPDzobZBtRI73jPAxesm -b6Ipnju3jH6Pj6ig88OV9ah3eHmpplti0b/R41oq+JZONxs+e1Mp/T9/QGHH9L+n -j2uPdsFQ+x1FM2HeYjl68RLX1iP1TFUTlHBAIjKzVc1gFMO6mx2dsrhZR/4462/Z -lZg/EhtHK6lIIC0rsM2z5DY2jdvbKvNc24DVxFCtTy74/fuJWmClNVwLz/TstAUK -nVhTM33U/qUwelF63tPvYnna/Iq0NkAAB8UpcEuh0Vmzo/rSokeiuNStJp3eRVHN -PmIt58YVo+kTQSvNYAmXYEFjj4dmv1WaZbi4qdl8Eqq+Y9UXS5QO2GjDZs8+/NkA -fWIjjzHwa/blm0C03b5PkvzUv2qfkFHuYVYvlcEA7F0DyJcHcQlWthB6HEDTwx0L -8yYhRA/TeCS394jPwxe5Ag0EW4f3OwEQAL9qkAF7ImnL8bakmqQ640hqsh4SLjjF +vzu7VzEY4UorRPpt0sEKBgkQ27gCslis2E9AiA//XhNebVlk5rGxYXG/DfV2ulDI +YLAp4gkCD29msFRz57+QOYWnEwjA8cyICK3NHc1CfZFP03vJT0P/CDiZnljxFs9C +YstAjUMF8niiclOzyN7qAHSYQCmTWo88HUru7YhGo8tTSJj4D5gkvuXSgu7TW95M +ZhQnbUehy2H8Y1TbVTh7bv4cUw293RNN8nvoP/JO85u0rwOKwNsuqKjLVM7t6YxF +LW/ObS9CiIoAuPuwy/5zziRy78SfquQTkmrDVzndcurEJJEw51CZpVkOD1uhy3u5 +7/3h4AYeHSttEplRhbf37M/fFH2G0ASuRx2higAA0hEpgmo6oPk9CNWCQTZt/J90 +JzoXwa9xTQjjPP/TvGJ1EmUY6isnV5cQk3BCQaW5Bscp5yHIHe8n+TrJDI2CPzX1 +JFOTKx6eJ3aEROXR7lLBftcf3iP/pi5fcvbAuPkTXc2AJpBMXbPw1Q10v0Of7K/t +sj+FS3G0oPeSNaXNRmB5WDc1wqh3kA8sBgw1k7K6lO+stGQE2RgJFQIXmhyRn6Kr +XurlafdSlrXS30dn676Bus5p8yp2aho5AxkwJm76BSnczjMV1JBJqBJRZ52ntIzq +fW0Cl2qZ4S1SIxShW/vfgGBld0CdhPHpkpZP/jzInUucdZbYsBiLaLdnKFb8q6m2 +KRpjnPmgkok8w6gYDne5Ag0EW4f3OwEQAL9qkAF7ImnL8bakmqQ640hqsh4SLjjF E4XJb/VzXZmYJGbTDBDmNhQUpupyn2W6vJ7HRzW/cCOKZ4IpHxF3qoBYiLMQybjS cSEZcbvxBdhgxxWcPZXsdCnmq70+a3mUa1qODYjR8iAhyibDXZodPkpVSOCa1WSt opJ48EopahUBOkYwa3K/uM/SnCGvMV8iFbnVPfKA0VlJrbi/0jS2lbrOVSJTKxaI @@ -283,30 +283,30 @@ wWVoY0dq3HS0WH/BC4R9oT4euD/7177t8mLpCkFOiTPyn16cfgyubdRB6bXJMiNW jq1vMUNfceZnfR1tLdUEdKbgveIsR4VdNvVqBhwpRvzETa7ansTh9ifdPXIV5Cy+ Q5UJaguDGcHUGIE+QbGE52Wqu7s9MWiO904d4VUt6avJpF7g8Khvf+f6ccltIqS3 zQE+E5f74WmWsjEjGlpSpPo9rptYIGtCV11qyUfrEb1oYGCwn1y8TjqCE6oCkEaM -9n7dCClfYEv/ABEBAAGJBHIEGAEKACYWIQSkkND00xGkFT4rt8rbuAKyWKzYTwUC -W4f3OwIbAgUJApHcgAJACRDbuAKyWKzYT8F0IAQZAQoAHRYhBP4CnLSq1HiOHXgo -6Kiw9ORbG1DiBQJbh/c7AAoJEKiw9ORbG1DiPlsP/3SW95eFOmne+DNYROtGzPba -n3NCY2IkYMaZZgb2PvtnhRFTekCai/W0iemueOupPbNVdapkHADU+kO2RmnJshw+ -agKV/qDsWxldIaaTIiRIKv5yCDV3vNMFaZ/JcxTA7aLU+mWYNmWL0diIWVFqS62/ -1NTmpu2A0mwBNnNVChOH+R8AAgOIc5bc1cVaX6GTInbJMcuBFR3upziO0o4qSEEy -M6nQVNzM8Ejbi0k1OVtToF83oJ8n7ScaVxp8JGeHYXxLBQ/tzhIaM8KiIQo3Au75 -hmVwKTt2oA1swyZ4uBvttmk8DzduyoaCwmWjC556cGAhurDrB2e5Rs4CrzNbqQBa -WMpI/+92679l/Zg5Iw1mOU6qbidciLi70ZkZzbYUV7RXZU6XUKDo54WoEOR3jmGp -m5QTY7XSY5ZFPnAXt8So+YL/MrRC3ncwlKR2LRLa32pytTx3a/Ama8HWaySdnR7d -VQYljMZuNniD1FRjBiJXu/dvRKMyJQv2mU15m+/wAiwuKG70Q4CzkxRZFv/Y184U -57GVx7yiR5m5Og/VWRid2uno1Q+8XrXkyf5yYSEXaA0BUlmltRqiuMl4nEayKj7k -vP9AUVUkv5NbiFOuF7VRMi2hafiUfIowM9fTyV+tCBxk+/nx4O9pM60TSxo8TRQY -pNJ3jTN3WblMfOJ8vK2yXwcP/3EuXy+Wnc0oQ3B3X+riPohxPep6OX6NC6s80Y1N -7nHPP9BUlSTgNGxR4VoHzrRxuAgQeEM0faw0OjmXmaI9KqeJFU4RyMuZaGyOVzxg -jCOeJfxogkVmPpS7IHMOSWkagPaRymBXBZgNMxnLxMew1EnfngvMCV5tJQ1Uv0pP -sBnmdf1+TQnhZyaHUA3VYyC8lA9ZuQhtXzjuCdA4F5w9kIx27CnSAtyqNobyHGke -aB62qPobjIU1Ek7BGrvUDFXPTwr8SM4wbnmwky7eQ9UL6t++/I5d4QMzVp8WRW71 -2KeAgTmO3VGhJ1F1hFz5f2ENOQ/5nt0fvNBsDrigc6XouZDCkYY877TRCBvKr7gN -X5xCpLMRJecyezctAZSegySOWqv/ODmZ7r8Nmf9PMuWeAbGJktUPCHkcKkTT7IoX -cTtxyP5SJ6Pj5BArkX/RGt3RX0JWclqckJ1Lr5U7xFft79nXAmvVHahXJwYNFefv -/sJIGTDaAavQdiujiuxWemtqli3jjII0rrxKEb+WlqhWq4gK6epjixuiKEfyUbEZ -cBEB3KAiwLudRfKp7+7c9j/+Q6/JXdIJ0oCnI/tMndqdBHlWJUHMJGyutg91MfHd -qdDoafsIclj3n7qzixWlJ1iqcfnCK17cOhHGrI5JLz10irjz6hMu4LOUNGWeDO2O -zerI -=B0uR +9n7dCClfYEv/ABEBAAGJBHIEGAEKACYCGwIWIQSkkND00xGkFT4rt8rbuAKyWKzY +TwUCXZyHDwUJA/XDUwJAwXQgBBkBCgAdFiEE/gKctKrUeI4deCjoqLD05FsbUOIF +AluH9zsACgkQqLD05FsbUOI+Ww//dJb3l4U6ad74M1hE60bM9tqfc0JjYiRgxplm +BvY++2eFEVN6QJqL9bSJ6a5466k9s1V1qmQcANT6Q7ZGacmyHD5qApX+oOxbGV0h +ppMiJEgq/nIINXe80wVpn8lzFMDtotT6ZZg2ZYvR2IhZUWpLrb/U1Oam7YDSbAE2 +c1UKE4f5HwACA4hzltzVxVpfoZMidskxy4EVHe6nOI7SjipIQTIzqdBU3MzwSNuL +STU5W1OgXzegnyftJxpXGnwkZ4dhfEsFD+3OEhozwqIhCjcC7vmGZXApO3agDWzD +Jni4G+22aTwPN27KhoLCZaMLnnpwYCG6sOsHZ7lGzgKvM1upAFpYykj/73brv2X9 +mDkjDWY5TqpuJ1yIuLvRmRnNthRXtFdlTpdQoOjnhagQ5HeOYamblBNjtdJjlkU+ +cBe3xKj5gv8ytELedzCUpHYtEtrfanK1PHdr8CZrwdZrJJ2dHt1VBiWMxm42eIPU +VGMGIle7929EozIlC/aZTXmb7/ACLC4obvRDgLOTFFkW/9jXzhTnsZXHvKJHmbk6 +D9VZGJ3a6ejVD7xeteTJ/nJhIRdoDQFSWaW1GqK4yXicRrIqPuS8/0BRVSS/k1uI +U64XtVEyLaFp+JR8ijAz19PJX60IHGT7+fHg72kzrRNLGjxNFBik0neNM3dZuUx8 +4ny8rbIJENu4ArJYrNhP5GYP/AvzdcT6Z8F9qmH1y4WN3fjfqyJcL6rBMNUSQI4z +OhGXJV3NncONmu3gitfkwx8+GA0ieGR7DwS7wSZZRj331vnU67AKqDgxXegF0pfv +DxAuPH06hC9kYHIZJlP4tqvaJNTgUXwdGE88lihhEK6ZpJhj19IYLim72UbaPHWr +WJLKh1V+dUacCTrzvW/Y+U6hHX5gmMN4zXGoLwVQHynwh2yaCraiNcQnpYZCt95I ++xpO0dlF83rcsJab94hmxjmkZG3joih3bCzH+AoUzJ/LjcOjsaULiwgkfig+FE5i +N5OmaBXYRo+AZ8ujAldexvO0fHFawSd2DyU4igN35OVcZmulUoTegDaPDTvSStFO +1deWAP7BtkNFPPJ91BX+GhT6An6hTOI2GTfn45Rbk40n5nqYFqIRsF1p+PdxAGHJ +lu5Hsd37F1Yz7tmN0M/lK7IVsS25+E8ld/mwvuQYCreO0YuveV9HcyB+94GQ24MI +DsJQdNzHFIuxw1PktV33+YTu8qX05x3IgPrkRndq4u4BXRhtcONT52CoPQSlxiaD +QuUDwwJQVA2YHJxWFkSKkbUEOGAQZLm256uGToMMllaDM0jlmZVbP/Trwn/4D2JM +nmSMb56qXS5EANtrvBWB4dw70BHF01qnreMNkMmoF6YNf+8ru9L0V0TlAgaSKb9H +kP8+ +=KGfa -----END PGP PUBLIC KEY BLOCK----- diff --git a/initrd/etc/functions b/initrd/etc/functions index 056c3e822..2e8bd6a4b 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -287,8 +287,10 @@ update_checksums() if [ "$CONFIG_TPM" = "y" ]; then extparam=-u fi - kexec-sign-config -p /boot $extparam \ - || die "Failed to sign default config" + if ! kexec-sign-config -p /boot $extparam ; then + echo "Failed to sign default config; press Enter to continue." + read + fi # switch back to ro mode mount -o ro,remount /boot @@ -303,10 +305,11 @@ detect_boot_device() # check $CONFIG_BOOT_DEV if set/valid if [ -e "$CONFIG_BOOT_DEV" ]; then - mount -o ro $CONFIG_BOOT_DEV /boot >/dev/null 2>&1 - if [[ $? && -d /boot/grub ]]; then - # CONFIG_BOOT_DEV is valid device and contains an installed OS - return 0 + if mount -o ro $CONFIG_BOOT_DEV /boot >/dev/null 2>&1; then + if ls -d /boot/grub* >/dev/null 2>&1; then + # CONFIG_BOOT_DEV is valid device and contains an installed OS + return 0 + fi fi fi @@ -328,10 +331,11 @@ detect_boot_device() # iterate thru possible options and check for grub dir for i in `cat /tmp/boot_device_list`; do umount /boot 2>/dev/null - mount -o ro $i /boot >/dev/null 2>&1 - if [[ $? && -d /boot/grub ]]; then - CONFIG_BOOT_DEV="$i" - return 0 + if mount -o ro $i /boot >/dev/null 2>&1; then + if ls -d /boot/grub* >/dev/null 2>&1; then + CONFIG_BOOT_DEV="$i" + return 0 + fi fi done diff --git a/initrd/etc/keylime-init b/initrd/etc/keylime-init deleted file mode 100755 index e0974e960..000000000 --- a/initrd/etc/keylime-init +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# Bring up the x230's NIC, get a DHCP address and invoke keylime - -insmod /lib/modules/e1000e.ko -udhcpc -n - -cd / -wget-measure.sh 6 http://192.168.1.5/keylime.tar.gz -tar xf keylime.tar.gz - -if [ ! -x /keylime-node ]; then - echo '!!!! Keylime overlay not found?' - tpm extend -ix 4 -ic "recovery" - exec /bin/ash -fi - -exec /keylime-node diff --git a/initrd/init b/initrd/init index 892a2a7c8..40063deaa 100755 --- a/initrd/init +++ b/initrd/init @@ -52,7 +52,7 @@ if [ "$CONFIG_LINUXBOOT" = "y" ]; then fi # Set GPG_TTY before calling gpg in key-init -export GPG_TTY=$(tty) +export GPG_TTY=/dev/console /bin/key-init @@ -64,6 +64,11 @@ if [ ! -z "$CONFIG_BOOT_RECOVERY_SERIAL" ]; then > "$CONFIG_BOOT_RECOVERY_SERIAL" 2>&1 & fi +# load USB modules for boards using a USB keyboard +if [ "$CONFIG_USB_KEYBOARD" = "y" ]; then + enable_usb +fi + # If the user has been holding down r, enter a recovery shell # otherwise immediately start the configured boot script. # We don't print a prompt, since this is a near instant timeout. @@ -92,9 +97,6 @@ combine_configs if [ ! -z "$CONFIG_BOOT_DEV" ]; then echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0" fi -if [ ! -z "$CONFIG_USB_BOOT_DEV" ]; then - echo >> /etc/fstab "$CONFIG_USB_BOOT_DEV /media auto defaults,ro 0 0" -fi if [ ! -x "$CONFIG_BOOTSCRIPT" -a ! -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then recovery 'Boot script missing? Entering recovery shell' diff --git a/modules/coreboot b/modules/coreboot index b2dfec590..2f63ee2ef 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -9,14 +9,14 @@ coreboot_tar := coreboot-$(coreboot_version).tar.xz coreboot_url := https://www.coreboot.org/releases/$(coreboot_tar) coreboot_hash := f0ddf4db0628c1fe1e8348c40084d9cbeb5771400c963fd419cda3995b69ad23 -# Coreboot builds are specialized on a per-target basis. +# coreboot builds are specialized on a per-target basis. # The builds are done in a per-target subdirectory CONFIG_COREBOOT_CONFIG ?= config/coreboot-$(BOARD).config # Ensure that touching the config file will force a rebuild $(build)/$(coreboot_dir)/.configured: $(CONFIG_COREBOOT_CONFIG) -EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches +EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned coreboot_configure := \ mkdir -p "$(build)/$(coreboot_dir)" \ @@ -29,9 +29,18 @@ coreboot_configure := \ CFLAGS_x86_32="$(EXTRA_FLAGS)" \ CFLAGS_x86_64="$(EXTRA_FLAGS)" \ +COREBOOT_IASL="$(build)/$(coreboot_base_dir)/util/crossgcc/xgcc/bin/iasl" + +# coreboot is built with the 32-bit compiler; ideally we could use the same +# x86_64-linux-musl -m32 to build it, but this causes some link errors that need +# to be tracked down. +# CROSS="$(CROSS)" \ + coreboot_target := \ -C "$(build)/$(coreboot_base_dir)" \ obj="$(build)/$(coreboot_dir)" \ + CROSS="$(dir $(CROSS))i386-linux-musl-" \ + IASL="$(COREBOOT_IASL)" \ DOTCONFIG="$(build)/$(coreboot_dir)/.config" \ BUILD_TIMELESS=1 \ CFLAGS_x86_32="$(EXTRA_FLAGS)" \ @@ -39,35 +48,11 @@ coreboot_target := \ $(MAKE_JOBS) coreboot_output := coreboot.rom -coreboot_depend += linux initrd - -COREBOOT_XGCC_REL := $(coreboot_base_dir)/util/crossgcc/xgcc -COREBOOT_XGCC_PATH := $(build)/$(COREBOOT_XGCC_REL) -COREBOOT_XGCC := $(COREBOOT_XGCC_PATH)/bin/i386-elf-gcc - -# hack to force a build dependency on the cross compiler -coreboot-gcc $(build)/$(coreboot_dir)/.configured: $(COREBOOT_XGCC) - -ifeq "$(TOOLCHAIN)" "" -# Force a rebuild of the entire coreboot toolchain -$(COREBOOT_XGCC): $(build)/$(coreboot_base_dir)/.canary - echo '******* Building crossgcc-i386 (this might take a while) ******' - $(MAKE) -C "$(build)/$(coreboot_base_dir)" CPUS=`nproc` crossgcc-i386 - #echo '******* Building crossgcc-arm (this might take a while) ******' - #$(MAKE) -C "$(build)/$(coreboot_base_dir)" crossgcc-arm -else -# Use the pre-build one from the external toolchain build -$(COREBOOT_XGCC): $(build)/$(coreboot_base_dir)/.canary - if [ ! -e "$(TOOLCHAIN)/build/$(COREBOOT_XGCC_REL)" ]; then \ - echo >&2 "ERROR: TOOLCHAIN=$(TOOLCHAIN) does not have coreboot" ; \ - exit 1 ; \ - fi - if [ ! -e "$(COREBOOT_XGCC_PATH)" ]; then \ - ln -s \ - "$(TOOLCHAIN)/build/$(COREBOOT_XGCC_REL)" \ - "$(COREBOOT_XGCC_PATH)" ; \ - fi -endif +coreboot_depend += linux initrd $(musl_dep) + +$(build)/$(coreboot_dir)/.configured: $(COREBOOT_IASL) +$(COREBOOT_IASL): $(build)/$(coreboot_base_dir)/.canary + $(MAKE) -C "$(build)/$(coreboot_base_dir)" CPUS=`nproc` iasl # Force a rebuild if the inputs have changed $(build)/$(coreboot_dir)/.build: \ @@ -108,6 +93,7 @@ modules-y += coreboot-blobs coreboot-blobs_version := $(coreboot_version) coreboot-blobs_tar := coreboot-blobs-$(coreboot-blobs_version).tar.xz +coreboot-blobs_tar_opt := --strip 3 coreboot-blobs_dir := coreboot-$(coreboot-blobs_version)/3rdparty/blobs coreboot-blobs_url := https://www.coreboot.org/releases/$(coreboot-blobs_tar) coreboot-blobs_hash := 18aa509ae3af005a05d7b1e0b0246dc640249c14fc828f5144b6fd20bb10e295 diff --git a/modules/hidapi b/modules/hidapi new file mode 100644 index 000000000..0a0ab5b10 --- /dev/null +++ b/modules/hidapi @@ -0,0 +1,2 @@ +# empty placeholder file +# This submodule is defined in modules/libremkey-hotp-verification diff --git a/modules/kexec b/modules/kexec index d2311c218..18f27dcf0 100644 --- a/modules/kexec +++ b/modules/kexec @@ -1,10 +1,10 @@ modules-$(CONFIG_KEXEC) += kexec -kexec_version := 2.0.16 +kexec_version := 2.0.20 kexec_dir := kexec-tools-$(kexec_version) kexec_tar := kexec-tools-$(kexec_version).tar.gz kexec_url := https://kernel.org/pub/linux/utils/kernel/kexec/$(kexec_tar) -kexec_hash := cf17fc99bf77c9b39f06ee88ac0e86d0349c4a0c3f8214a3cc78eece872f6f3a +kexec_hash := cb16d79818e0c9de3bb3e33ede5677c34a1d28c646379c7ab44e0faa3eb57a16 kexec_configure := ./configure \ $(CROSS_TOOLS) \ diff --git a/modules/libgcrypt b/modules/libgcrypt index aa7e1ef8e..1ba82fceb 100644 --- a/modules/libgcrypt +++ b/modules/libgcrypt @@ -12,8 +12,7 @@ libgcrypt_configure := ./configure \ --disable-static \ --with-libgpg-error-prefix="$(INSTALL)" \ --disable-asm \ - --disable-nls \ - + libgcrypt_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ $(CROSS_TOOLS) \ diff --git a/modules/libremkey-hotp-verification b/modules/libremkey-hotp-verification index c9b9d45ab..1a943847a 100644 --- a/modules/libremkey-hotp-verification +++ b/modules/libremkey-hotp-verification @@ -2,9 +2,11 @@ modules-$(CONFIG_LIBREMKEY) += libremkey-hotp-verification libremkey-hotp-verification_depends := libusb $(musl_dep) -libremkey-hotp-verification_version := git -libremkey-hotp-verification_dir := libremkey-hotp-verification -libremkey-hotp-verification_repo := --recursive https://github.com/Nitrokey/nitrokey-hotp-verification +libremkey-hotp-verification_version := e5fa36a7a1950226d0ef94e2eeed0ffb510eba89 +libremkey-hotp-verification_dir := libremkey-hotp-verification-$(libremkey-hotp-verification_version) +libremkey-hotp-verification_tar := nitrokey-hotp-verification-$(libremkey-hotp-verification_version).tar.gz +libremkey-hotp-verification_url := https://github.com/Nitrokey/nitrokey-hotp-verification/archive/$(libremkey-hotp-verification_version).tar.gz +libremkey-hotp-verification_hash := 668113ebc21cc875d49266c8d3a47acfd524a8d6b64f75b7ce5833d595415469 libremkey-hotp-verification_target := \ $(MAKE_JOBS) \ @@ -16,4 +18,20 @@ libremkey-hotp-verification_output := \ libremkey-hotp-verification_configure := \ INSTALL="$(INSTALL)" \ + CROSS="$(CROSS)" \ cmake -DCMAKE_TOOLCHAIN_FILE=./Toolchain-heads.cmake -DCMAKE_AR="$(CROSS)ar" . + +libremkey-hotp-verification_depends += hidapi +modules-y += hidapi + +hidapi_version := e5ae0d30a523c565595bdfba3d5f2e9e1faf0bd0 +hidapi_dir := libremkey-hotp-verification-$(libremkey-hotp-verification_version)/hidapi +hidapi_tar := hidapi-$(hidapi_version).tar.xz +hidapi_url := https://github.com/Nitrokey/hidapi/archive/$(hidapi_version).tar.gz +hidapi_hash := acc2a5089a8917085c2b3ebe9446065a21c760ba7e13cb54917043c4122188e0 + + +## hidapi will be built as part of libremkey-hotp-verification +## so nothing to do here (but need make to be happy) +hidapi_output := .built +hidapi_configure := echo -e 'all:\n\ttouch .built' > Makefile diff --git a/modules/lvm2 b/modules/lvm2 index 91f0f53f0..e3005f1bd 100644 --- a/modules/lvm2 +++ b/modules/lvm2 @@ -1,7 +1,7 @@ modules-$(CONFIG_LVM2) += lvm2 lvm2_version := 2.02.168 -lvm2_dir := LVM2.$(lvm2_version) +lvm2_dir := lvm2.$(lvm2_version) lvm2_tar := LVM2.$(lvm2_version).tgz lvm2_url := https://mirrors.kernel.org/sourceware/lvm2/$(lvm2_tar) lvm2_hash := 23a3d1cddd41b3ef51812ebf83e9fa491f502fe74130d4263be327a91914660d diff --git a/modules/msrtools b/modules/msrtools index 9adfab0cb..8a9b6b5b2 100644 --- a/modules/msrtools +++ b/modules/msrtools @@ -2,14 +2,15 @@ modules-$(CONFIG_MSRTOOLS) += msrtools msrtools_depends := $(musl_dep) -msrtools_version := git -msrtools_repo := https://github.com/osresearch/msr-tools +#msrtools_version := git +#msrtools_repo := https://github.com/osresearch/msr-tools -#msrtools_version := 1.3 +msrtools_version := 572ef8a2b873eda15a322daa48861140a078b92c msrtools_dir := msrtools-$(msrtools_version) msrtools_tar := msr-tools-$(msrtools_version).tar.gz -msrtools_url := https://github.com/intel/msr-tools/archive/msr-tools-$(msrtools_version).tar.gz -msrtools_hash := e8205aa3d19e536080f5974ed06ab9a88c4c3f37870c2f6a3a08a2f39302c22c +#msrtools_url := https://github.com/intel/msr-tools/archive/msr-tools-$(msrtools_version).tar.gz +msrtools_url := https://github.com/osresearch/msr-tools/archive/$(msrtools_version).tar.gz +msrtools_hash := 80554790d0a404205fe215c9ae8d2de159e980ec23821d636f201f12550e6ac0 msrtools_target := \ $(CROSS_TOOLS) \ diff --git a/modules/musl b/modules/musl deleted file mode 100644 index eec76de34..000000000 --- a/modules/musl +++ /dev/null @@ -1,41 +0,0 @@ -CONFIG_MUSL ?= y -modules-$(CONFIG_MUSL) += musl - -musl_version := 1.1.15 -musl_dir := musl-$(musl_version) -musl_tar := musl-$(musl_version).tar.gz -musl_url := https://www.musl-libc.org/releases/$(musl_tar) -musl_hash := 97e447c7ee2a7f613186ec54a93054fe15469fe34d7d323080f7ef38f5ecb0fa - -musl_output := ../../install/bin/musl-gcc - -# -# Note that for syslibdir to be /lib the install will fail. -# this is unfortunate since it prevents the binaries from running -# and requires that we treat the rest of the build as a cross compile. -# -# That works, with some hacks... -# -musl_configure := ./configure \ - $(CROSS_TOOLS_NOCC) \ - CC="$(CROSS)gcc" \ - --prefix="$(INSTALL)" \ - --syslibdir="/lib" \ - --enable-gcc-wrapper \ - --enable-shared \ - -musl_target := \ - $(MAKE_JOBS) \ - $(CROSS_TOOLS_NOCC) \ - CC="$(CROSS)gcc" \ - install \ - -musl_libraries := \ - lib/libc.so \ - - -musl_depends := musl-cross - -# Fake a target so that musl will force a header install by the -# Linux kernel sources. -$(build)/$(musl_dir)/.build: $(INSTALL)/include/linux/limits.h diff --git a/modules/musl-cross b/modules/musl-cross index 199731859..f9cf79db0 100644 --- a/modules/musl-cross +++ b/modules/musl-cross @@ -1,5 +1,14 @@ +CONFIG_MUSL ?= y + ifeq "$(MUSL_CROSS_ONCE)" "" MUSL_CROSS_ONCE := 1 +modules-$(CONFIG_MUSL) += musl-cross + +musl-cross_version := 38e52db8358c043ae82b346a2e6e66bc86a53bc1 +musl-cross_dir := musl-cross-$(musl-cross_version) +musl-cross_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross_version).tar.gz +musl-cross_tar := musl-cross-$(musl-cross_version).tar.gz +musl-cross_hash := b4b85d6d3ddab0f2b8650a53e775673f8c346fa2fb07d652a9880bd206ade100 ifneq "$(CROSS)" "" @@ -7,37 +16,47 @@ ifneq "$(CROSS)" "" # check that $(CROSS)gcc exists or else things just won't work ifneq "y" "$(shell [ -x '$(CROSS)gcc' ] && echo y)" $(error $(CROSS)gcc does not exist - can not build) +else +$(info Using $(CROSS)gcc) endif # The cross compiler has already been built, so the musl-cross target -# is a NOP. -#musl-cross.intermediate: +# is a NOP. We really don't need to check out this code tree, but it is easier +# if we have a target for it. +musl-cross_target := --version -musl-cross_dir := musl-cross-ext -$(build)/$(musl-cross_dir)/.build: - mkdir -p $(dir $@) - touch $@ +# Ask the compiler where to find its own libc.so +musl-cross_libraries := \ + $(shell $(CROSS)gcc --print-file-name=libc.so) \ else # Force a full build of the cross compiler +# have to build both x86_64 and i386 versions for coreboot -modules-y += musl-cross -musl-cross_version := git -musl-cross_dir := musl-cross-$(musl-cross_version) -musl-cross_repo := https://github.com/GregorR/musl-cross +musl-cross_configure := \ + /bin/echo -e >> Makefile 'both:' ; \ + /bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=x86_64-linux-musl install' ; \ + /bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=i386-linux-musl install' ; \ -CROSS_TOP := crossgcc/x86_64-linux-musl/bin/x86_64-musl-linux- -CROSS := $(build)/../$(CROSS_TOP) -musl-cross_output := ../../$(CROSS_TOP)gcc +CROSS_PATH ?= $(pwd)/crossgcc -musl-cross_configure := \ - /bin/echo -e > Makefile \ - '$(musl-cross_output):\n\tCC_BASE_PREFIX="$(pwd)/crossgcc" ./build.sh' +musl-cross_target := \ + OUTPUT="$(CROSS_PATH)" \ + MAKE="$(MAKE)" \ + both +CROSS := $(CROSS_PATH)/bin/x86_64-linux-musl- +musl-cross_libraries := $(CROSS_PATH)/x86_64-linux-musl/lib/libc.so endif -musl-cross_target := + +musl-cross_output := $(CROSS)gcc + +## Fake a target so that musl will force a header install by the +## Linux kernel sources. +$(build)/$(musl-cross_dir)/.build: $(INSTALL)/include/linux/limits.h + endif diff --git a/modules/tpmtotp b/modules/tpmtotp index 792dd512c..433df8ceb 100644 --- a/modules/tpmtotp +++ b/modules/tpmtotp @@ -2,14 +2,14 @@ modules-$(CONFIG_TPMTOTP) += tpmtotp tpmtotp_depends := mbedtls qrencode $(musl_dep) -tpmtotp_version := git -tpmtotp_repo := https://github.com/osresearch/tpmtotp +#tpmtotp_version := git +#tpmtotp_repo := https://github.com/osresearch/tpmtotp -#tpmtotp_version := 0.3.0 +tpmtotp_version := 18b860fdcf5a55537c8395b891f2b2a5c24fc00a tpmtotp_dir := tpmtotp-$(tpmtotp_version) tpmtotp_tar := tpmtotp-$(tpmtotp_version).tar.gz -tpmtotp_url := https://github.com/osresearch/tpmtotp/archive/v$(tpmtotp_version).tar.gz -tpmtotp_hash := e8205aa3d19e536080f5974ed06ab9a88c4c3f37870c2f6a3a08a2f39302c22c +tpmtotp_url := https://github.com/osresearch/tpmtotp/archive/$(tpmtotp_version).tar.gz +tpmtotp_hash := 1082f2b0e4af833e04220dddedcc21a39eb39ee4dc5668bb010e7bcc795c606c tpmtotp_target := \ $(CROSS_TOOLS) \ diff --git a/patches/coreboot-4.8.1/0010-cross-compiler-support.patch b/patches/coreboot-4.8.1/0010-cross-compiler-support.patch new file mode 100644 index 000000000..b99941df7 --- /dev/null +++ b/patches/coreboot-4.8.1/0010-cross-compiler-support.patch @@ -0,0 +1,27 @@ +--- clean/coreboot-4.8.1/Makefile 2018-05-16 21:00:17.000000000 +0200 ++++ coreboot-4.8.1/Makefile 2020-01-08 17:01:32.998287979 +0100 +@@ -152,6 +152,24 @@ + + -include .xcompile + ++ifneq "$(CROSS)" "" ++ $(info coreboot: Using $(CROSS)gcc) ++ CROSS_COMPILE_x86_32 := $(CROSS) ++ CC_x86_32 := $(CROSS_COMPILE_x86_32)gcc ++ CPP_x86_32 := $(CROSS_COMPILE_x86_32)cpp ++ AS_x86_32 := $(CROSS_COMPILE_x86_32)as --32 ++ LD_x86_32 := $(CROSS_COMPILE_x86_32)ld.bfd -b elf32-i386 -melf_i386 ++ NM_x86_32 := $(CROSS_COMPILE_x86_32)nm ++ OBJCOPY_x86_32 := $(CROSS_COMPILE_x86_32)objcopy ++ OBJDUMP_x86_32 := $(CROSS_COMPILE_x86_32)objdump ++ READELF_x86_32 := $(CROSS_COMPILE_x86_32)readelf ++ STRIP_x86_32 := $(CROSS_COMPILE_x86_32)strip ++ AR_x86_32 := $(CROSS_COMPILE_x86_32)ar ++ GNATBIND_x86_32 := $(CROSS_COMPILE_x86_32)gnatbind ++ COMPILER_RT_x86_32 := $(shell $(CC_x86_32) --print-libgcc-file-name) ++endif ++ ++ + ifneq ($(XCOMPILE_COMPLETE),1) + $(shell rm -f .xcompile) + $(error .xcompile deleted because it's invalid. \ diff --git a/patches/cryptsetup-1.7.3.patch b/patches/cryptsetup-1.7.3.patch index c36d36fd8..be7350d85 100644 --- a/patches/cryptsetup-1.7.3.patch +++ b/patches/cryptsetup-1.7.3.patch @@ -1,6 +1,512 @@ -diff -u --recursive ../../clean/cryptsetup-1.7.3/src/Makefile.in ./cryptsetup-1.7.3/src/Makefile.in ---- ../../clean/cryptsetup-1.7.3/src/Makefile.in 2016-10-28 09:45:06.000000000 -0400 -+++ cryptsetup-1.7.3/src/Makefile.in 2017-01-27 17:24:13.115962328 -0500 +diff -u -r cryptsetup-1.7.3-clean/configure cryptsetup-1.7.3/configure +--- cryptsetup-1.7.3-clean/configure 2016-10-28 06:45:06.000000000 -0700 ++++ cryptsetup-1.7.3/configure 2020-01-12 14:12:13.835035728 -0800 +@@ -10113,7 +10113,7 @@ + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no +- hardcode_libdir_flag_spec= ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported +@@ -10197,7 +10197,7 @@ + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then +@@ -10243,7 +10243,7 @@ + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + ;; + esac +@@ -10263,7 +10263,7 @@ + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl--export-all-symbols' + allow_undefined_flag=unsupported + always_export_symbols=no +@@ -10293,7 +10293,7 @@ + ;; + + os2*) +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll +@@ -10323,7 +10323,7 @@ + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no +- hardcode_libdir_flag_spec='$wl-rpath,$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by +@@ -10399,7 +10399,7 @@ + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ +@@ -10466,7 +10466,7 @@ + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else +@@ -10495,7 +10495,7 @@ + + if test no = "$ld_shlibs"; then + runpath_var= +- hardcode_libdir_flag_spec= ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi +@@ -10613,7 +10613,7 @@ + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator= + fi + ;; +@@ -10697,11 +10697,11 @@ + aix_libpath=$lt_cv_aix_libpath_ + fi + +- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" ++ hardcode_libdir_flag_spec=" " + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then +- hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else +@@ -10750,7 +10750,7 @@ + aix_libpath=$lt_cv_aix_libpath_ + fi + +- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" ++ hardcode_libdir_flag_spec=" " + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' $wl-bernotok' +@@ -10790,7 +10790,7 @@ + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + ;; + esac +@@ -10808,7 +10808,7 @@ + case $cc_basename in + cl*) + # Native MSVC +- hardcode_libdir_flag_spec=' ' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' +@@ -10849,7 +10849,7 @@ + ;; + *) + # Assume MSVC wrapper +- hardcode_libdir_flag_spec=' ' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib +@@ -10900,7 +10900,7 @@ + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_shlibpath_var=no + ;; + +@@ -10910,7 +10910,7 @@ + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; +@@ -10926,7 +10926,7 @@ + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; +@@ -10937,7 +10937,7 @@ + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + fi +- hardcode_libdir_flag_spec='$wl+b $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + hardcode_direct=yes + +@@ -10954,7 +10954,7 @@ + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test no = "$with_gnu_ld"; then +- hardcode_libdir_flag_spec='$wl+b $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes +@@ -11031,7 +11031,7 @@ + esac + fi + if test no = "$with_gnu_ld"; then +- hardcode_libdir_flag_spec='$wl+b $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + + case $host_cpu in +@@ -11090,7 +11090,7 @@ + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes +@@ -11112,7 +11112,7 @@ + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; +@@ -11120,7 +11120,7 @@ + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; +@@ -11136,11 +11136,11 @@ + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' +- hardcode_libdir_flag_spec='$wl-rpath,$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl-E' + else + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec='$wl-rpath,$libdir' ++ hardcode_libdir_flag_spec=" " + fi + else + ld_shlibs=no +@@ -11148,7 +11148,7 @@ + ;; + + os2*) +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll +@@ -11184,7 +11184,7 @@ + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + fi + archive_cmds_need_lc='no' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + ;; + +@@ -11192,7 +11192,7 @@ + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' +@@ -11200,7 +11200,7 @@ + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly +- hardcode_libdir_flag_spec='-rpath $libdir' ++ hardcode_libdir_flag_spec=" " + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: +@@ -11229,7 +11229,7 @@ + ;; + esac + fi +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; +@@ -11256,7 +11256,7 @@ + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no +@@ -11326,7 +11326,7 @@ + allow_undefined_flag='$wl-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no +- hardcode_libdir_flag_spec='$wl-R,$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='$wl-Bexport' +@@ -11343,7 +11343,7 @@ + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_shlibpath_var=no + ;; + +@@ -11711,7 +11711,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' +@@ -12001,16 +12001,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -12025,7 +12025,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -12037,7 +12037,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -12053,7 +12053,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -12086,7 +12086,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -12123,7 +12123,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -12144,11 +12144,11 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + ;; + + # This must be glibc/ELF. +@@ -12199,7 +12199,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not +@@ -12229,7 +12229,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -12248,7 +12248,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -12266,7 +12266,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -12338,7 +12338,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -12395,7 +12395,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -12417,7 +12417,7 @@ + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -14964,7 +14964,7 @@ + wl="$acl_cv_wl" + libext="$acl_cv_libext" + shlibext="$acl_cv_shlibext" +- hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + hardcode_direct="$acl_cv_hardcode_direct" + hardcode_minus_L="$acl_cv_hardcode_minus_L" +@@ -19683,7 +19683,7 @@ + with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' + allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' + no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +-hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' ++hardcode_libdir_flag_spec=" " + hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' + hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' + hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +@@ -19714,7 +19714,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' + configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' +@@ -20877,7 +20877,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +@@ -20974,7 +20974,7 @@ + + # Flag to hardcode \$libdir into a binary during linking. + # This must work even if \$libdir does not exist +-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec ++hardcode_libdir_flag_spec=" " + + # Whether we need a single "-rpath" flag with a separated argument. + hardcode_libdir_separator=$lt_hardcode_libdir_separator +diff -u -r cryptsetup-1.7.3-clean/src/Makefile.in cryptsetup-1.7.3/src/Makefile.in +--- cryptsetup-1.7.3-clean/src/Makefile.in 2016-10-28 06:45:06.000000000 -0700 ++++ cryptsetup-1.7.3/src/Makefile.in 2020-01-12 13:42:22.744734385 -0800 @@ -479,6 +479,8 @@ cryptsetup_LDADD = \ $(top_builddir)/lib/libcryptsetup.la \ diff --git a/patches/kexec-2.0.16.patch b/patches/kexec-2.0.16.patch deleted file mode 100644 index fc9a2579e..000000000 --- a/patches/kexec-2.0.16.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff -u --recursive clean/kexec-tools-2.0.16/Makefile.in kexec-tools-2.0.16/Makefile.in ---- clean/kexec-tools-2.0.16/Makefile.in 2016-12-09 04:42:06.000000000 -0500 -+++ kexec-tools-2.0.16/Makefile.in 2018-02-28 05:39:20.461000000 -0500 -@@ -158,16 +158,16 @@ - - # kdump (read a crashdump from memory) - # --include $(srcdir)/kdump/Makefile -+#include $(srcdir)/kdump/Makefile - - # vmcore-dmesg (read dmesg from a vmcore) - # --include $(srcdir)/vmcore-dmesg/Makefile -+#include $(srcdir)/vmcore-dmesg/Makefile - - # - # kexec_test (test program) - # --include $(srcdir)/kexec_test/Makefile -+#include $(srcdir)/kexec_test/Makefile - - SPEC=$(PACKAGE_NAME).spec - GENERATED_SRCS:= $(SPEC) -diff -u --recursive clean/kexec-tools-2.0.16/include/config.h kexec-tools-2.0.16/include/config.h ---- clean/kexec-tools-2.0.16/include/config.h 2017-11-20 04:17:12.000000000 -0500 -+++ kexec-tools-2.0.16/include/config.h 2018-02-28 05:39:22.420000000 -0500 -@@ -17,7 +17,7 @@ - /* #undef HAVE_LIBXENCTRL */ - - /* Define to 1 if you have the `z' library (-lz). */ --/* #undef HAVE_LIBZ */ -+#define HAVE_LIBZ 1 - - /* Define to 1 if you have the header file. */ - #define HAVE_MEMORY_H 1 -diff -u --recursive clean/kexec-tools-2.0.16/kexec/kexec.c kexec-tools-2.0.16/kexec/kexec.c ---- clean/kexec-tools-2.0.16/kexec/kexec.c 2017-03-02 04:45:46.000000000 -0500 -+++ kexec-tools-2.0.16/kexec/kexec.c 2018-02-28 10:40:01.662000000 -0500 -@@ -794,6 +794,27 @@ - if (sort_segments(&info) < 0) { - return -1; - } -+ -+#if 1 -+ // force segment 0 to have memsz == bufsz -+ // so that it won't overwrite EBDA -+ if (info.segment[0].mem == 0) -+ { -+ if (kexec_debug) -+ printf("hack ebda into segment 0!\n"); -+ -+ uint8_t * ebda = calloc(1, info.segment[0].memsz); -+ memcpy(ebda, info.segment[0].buf, info.segment[0].bufsz); -+ info.segment[0].bufsz = info.segment[0].memsz; -+ info.segment[0].buf = ebda; -+ -+ // install some default EBDA values that are off scale, -+ // which will force Xen to use the multiboot info -+ *(uint16_t*)(ebda + 0x40e) = 0xFFFF; // segment -+ *(uint16_t*)(ebda + 0x413) = 0xFFFF; // size -+ } -+#endif -+ - /* if purgatory is loaded update it */ - update_purgatory(&info); - if (entry) -diff -u --recursive clean/kexec-tools-2.0.16/purgatory/Makefile kexec-tools-2.0.16/purgatory/Makefile ---- clean/kexec-tools-2.0.16/purgatory/Makefile 2017-01-31 06:23:48.000000000 -0500 -+++ kexec-tools-2.0.16/purgatory/Makefile 2018-02-28 05:39:20.461000000 -0500 -@@ -44,7 +44,6 @@ - mkdir -p $(@D) - $(COMPILE.c) -o $@ $^ - --$(PURGATORY): CC=$(TARGET_CC) - $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \ - $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ - -Os -fno-builtin -ffreestanding \ -diff -u --recursive clean/kexec-tools-2.0.16/util/Makefile kexec-tools-2.0.16/util/Makefile ---- clean/kexec-tools-2.0.16/util/Makefile 2010-07-29 05:22:16.000000000 -0400 -+++ kexec-tools-2.0.16/util/Makefile 2018-02-28 05:39:20.461000000 -0500 -@@ -2,7 +2,7 @@ - - $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c - @$(MKDIR) -p $(@D) -- $(LINK.o) $(CFLAGS) -o $@ $^ -+ $(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^ - - $(BIN_TO_HEX): CC=$(BUILD_CC) - $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS) diff --git a/patches/kexec-2.0.20.patch b/patches/kexec-2.0.20.patch new file mode 100644 index 000000000..9e940494a --- /dev/null +++ b/patches/kexec-2.0.20.patch @@ -0,0 +1,76 @@ +diff --git ./Makefile.in ./Makefile.in +index fb01134..bf1973e 100644 +--- ./Makefile.in ++++ ./Makefile.in +@@ -157,12 +157,12 @@ include $(srcdir)/kexec/Makefile + + # vmcore-dmesg (read dmesg from a vmcore) + # +-include $(srcdir)/vmcore-dmesg/Makefile ++#include $(srcdir)/vmcore-dmesg/Makefile + + # + # kexec_test (test program) + # +-include $(srcdir)/kexec_test/Makefile ++#include $(srcdir)/kexec_test/Makefile + + SPEC=$(PACKAGE_NAME).spec + GENERATED_SRCS:= $(SPEC) +diff --git ./kexec/kexec.c ./kexec/kexec.c +index bc6ab3d..b82725b 100644 +--- ./kexec/kexec.c ++++ ./kexec/kexec.c +@@ -805,6 +805,27 @@ static int my_load(const char *type, int fileind, int argc, char **argv, + if (sort_segments(&info) < 0) { + return -1; + } ++ ++#if 1 ++ // force segment 0 to have memsz == bufsz ++ // so that it won't overwrite EBDA ++ if (info.segment[0].mem == 0) ++ { ++ if (kexec_debug) ++ printf("hack ebda into segment 0!\n"); ++ ++ uint8_t * ebda = calloc(1, info.segment[0].memsz); ++ memcpy(ebda, info.segment[0].buf, info.segment[0].bufsz); ++ info.segment[0].bufsz = info.segment[0].memsz; ++ info.segment[0].buf = ebda; ++ ++ // install some default EBDA values that are off scale, ++ // which will force Xen to use the multiboot info ++ *(uint16_t*)(ebda + 0x40e) = 0xFFFF; // segment ++ *(uint16_t*)(ebda + 0x413) = 0xFFFF; // size ++ } ++#endif ++ + /* if purgatory is loaded update it */ + update_purgatory(&info); + if (entry) +diff --git ./purgatory/Makefile ./purgatory/Makefile +index 2dd6c47..2de8f07 100644 +--- ./purgatory/Makefile ++++ ./purgatory/Makefile +@@ -44,7 +44,6 @@ purgatory/sha256.o: $(srcdir)/util_lib/sha256.c + mkdir -p $(@D) + $(COMPILE.c) -o $@ $^ + +-$(PURGATORY): CC=$(TARGET_CC) + $(PURGATORY): CFLAGS=$(PURGATORY_EXTRA_CFLAGS) \ + $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ + -Os -fno-builtin -ffreestanding \ +diff --git ./util/Makefile ./util/Makefile +index 948ee63..833a897 100644 +--- ./util/Makefile ++++ ./util/Makefile +@@ -2,7 +2,7 @@ BIN_TO_HEX:= bin/bin-to-hex + + $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c + @$(MKDIR) -p $(@D) +- $(LINK.o) $(CFLAGS) -o $@ $^ ++ $(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^ + + $(BIN_TO_HEX): CC=$(BUILD_CC) + $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS) diff --git a/patches/libassuan-2.5.1.patch b/patches/libassuan-2.5.1.patch new file mode 100644 index 000000000..ff27dbd27 --- /dev/null +++ b/patches/libassuan-2.5.1.patch @@ -0,0 +1,176 @@ +diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure +--- libassuan-2.5.1-clean/configure 2017-12-07 06:55:50.000000000 -0800 ++++ libassuan-2.5.1/configure 2020-01-12 13:39:50.655638965 -0800 +@@ -10781,7 +10781,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' +@@ -11020,16 +11020,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -11042,7 +11042,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + haiku*) +@@ -11055,7 +11055,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -11067,7 +11067,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11082,7 +11082,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11115,7 +11115,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -11152,7 +11152,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -11173,7 +11173,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -11228,7 +11228,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +@@ -11253,7 +11253,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -11272,7 +11272,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -11290,7 +11290,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -11352,7 +11352,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -11409,7 +11409,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -11431,7 +11431,7 @@ + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -15680,7 +15680,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' + hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +@@ -16896,7 +16896,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec diff --git a/patches/libgcrypt-1.8.3.patch b/patches/libgcrypt-1.8.3.patch new file mode 100644 index 000000000..902d96ec2 --- /dev/null +++ b/patches/libgcrypt-1.8.3.patch @@ -0,0 +1,176 @@ +diff -u -r libgcrypt-1.8.3-clean/configure libgcrypt-1.8.3/configure +--- libgcrypt-1.8.3-clean/configure 2018-06-13 00:39:33.000000000 -0700 ++++ libgcrypt-1.8.3/configure 2020-01-12 13:32:34.840010800 -0800 +@@ -11292,7 +11292,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' +@@ -11531,16 +11531,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -11553,7 +11553,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + haiku*) +@@ -11566,7 +11566,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -11578,7 +11578,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11593,7 +11593,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11626,7 +11626,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -11663,7 +11663,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -11684,7 +11684,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -11739,7 +11739,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +@@ -11764,7 +11764,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -11783,7 +11783,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -11801,7 +11801,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -11863,7 +11863,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -11920,7 +11920,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -11942,7 +11942,7 @@ + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -19824,7 +19824,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' + hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +@@ -21088,7 +21088,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec diff --git a/patches/libksba-1.3.5.patch b/patches/libksba-1.3.5.patch new file mode 100644 index 000000000..8c1ee16e9 --- /dev/null +++ b/patches/libksba-1.3.5.patch @@ -0,0 +1,200 @@ +diff -u -r libksba-1.3.5-clean/configure libksba-1.3.5/configure +--- libksba-1.3.5-clean/configure 2016-08-22 02:56:54.000000000 -0700 ++++ libksba-1.3.5/configure 2020-01-12 13:34:53.557259138 -0800 +@@ -10734,7 +10734,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' +@@ -10973,16 +10973,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -10995,7 +10995,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + haiku*) +@@ -11008,7 +11008,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -11020,7 +11020,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11035,7 +11035,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11068,7 +11068,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -11105,7 +11105,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -11126,7 +11126,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -11181,7 +11181,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +@@ -11206,7 +11206,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -11225,7 +11225,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -11243,7 +11243,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -11305,7 +11305,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -11362,7 +11362,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -11384,7 +11384,7 @@ + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -15804,7 +15804,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' + hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +@@ -17021,7 +17021,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +diff -u -r libksba-1.3.5-clean/src/asn1-gentables.c libksba-1.3.5/src/asn1-gentables.c +--- libksba-1.3.5-clean/src/asn1-gentables.c 2016-08-22 02:38:21.000000000 -0700 ++++ libksba-1.3.5/src/asn1-gentables.c 2020-01-12 13:34:45.877191990 -0800 +@@ -109,10 +109,17 @@ + static int + cmp_string (const void *aptr, const void *bptr) + { +- const struct name_list_s **a = (const struct name_list_s **)aptr; +- const struct name_list_s **b = (const struct name_list_s **)bptr; ++ const char *a = (*(const struct name_list_s **)aptr)->name; ++ const char *b = (*(const struct name_list_s **)bptr)->name; + +- return strlen ((*a)->name) < strlen ((*b)->name); ++ const size_t len_a = strlen(a); ++ const size_t len_b = strlen(b); ++ ++ if (len_a < len_b) ++ return -1; ++ if (len_a > len_b) ++ return +1; ++ return strcmp(a, b); + } + + static void diff --git a/patches/libremkey-hotp-verification.patch b/patches/libremkey-hotp-verification-e5fa36a7a1950226d0ef94e2eeed0ffb510eba89.patch similarity index 78% rename from patches/libremkey-hotp-verification.patch rename to patches/libremkey-hotp-verification-e5fa36a7a1950226d0ef94e2eeed0ffb510eba89.patch index c2b5dfeae..5f058f22d 100644 --- a/patches/libremkey-hotp-verification.patch +++ b/patches/libremkey-hotp-verification-e5fa36a7a1950226d0ef94e2eeed0ffb510eba89.patch @@ -1,15 +1,24 @@ --- nitrokey-hotp-verification-a/Toolchain-heads.cmake 2018-05-22 09:55:46.907209235 -0700 +++ nitrokey-hotp-verification-b/Toolchain-heads.cmake 2018-05-22 09:55:26.659371966 -0700 -@@ -0,0 +1,18 @@ +@@ -0,0 +1,27 @@ +SET(CMAKE_SYSTEM_NAME Linux) +SET(CMAKE_SYSTEM_VERSION 1) + +# Specify the cross compiler -+SET(CMAKE_C_COMPILER $ENV{INSTALL}/bin/musl-gcc) -+SET(CMAKE_CXX_COMPILER $ENV{INSTALL}/bin/musl-gcc) ++SET(CMAKE_C_COMPILER $ENV{CROSS}gcc) ++SET(CMAKE_CXX_COMPILER $ENV{CROSS}gcc) ++ ++#sysroot location ++set(MYSYSROOT $ENV{INSTALL}) ++ ++# compiler/linker flags ++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --sysroot=${MYSYSROOT}" CACHE INTERNAL "" FORCE) ++set(CMAKE_C_LINK_FLAGS "${CMAKE_C_LINK_FLAGS} --sysroot=${MYSYSROOT}" CACHE INTERNAL "" FORCE) ++set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --sysroot=${MYSYSROOT}" CACHE INTERNAL "" FORCE) ++set(CMAKE_CXX_LINK_FLAGS "${CMAKE_CXX_LINK_FLAGS} --sysroot=${MYSYSROOT}" CACHE INTERNAL "" FORCE) + +# Where is the target environment -+SET(CMAKE_FIND_ROOT_PATH $ENV{INSTALL}) ++SET(CMAKE_FIND_ROOT_PATH "${MYSYSROOT}") + +# Search for programs only in the build host directories +SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) diff --git a/patches/linux-4.14.62/0000-efi_bds.patch b/patches/linux-4.14.62/0000-efi_bds.patch index 5ffbf62bd..0d2d76ea3 100644 --- a/patches/linux-4.14.62/0000-efi_bds.patch +++ b/patches/linux-4.14.62/0000-efi_bds.patch @@ -43,3 +43,12 @@ diff -u --recursive ../../clean/linux-4.14.62/arch/x86/boot/compressed/eboot.c l return boot_params; fail2: +--- clean/linux-4.14.62/arch/x86/boot/compressed/early_serial_console.c 2018-08-09 12:16:40.000000000 +0200 ++++ linux-4.14.62/arch/x86/boot/compressed/early_serial_console.c 2018-09-28 11:59:36.824015244 +0200 +@@ -1,5 +1,5 @@ + #include "misc.h" + +-int early_serial_base; ++int early_serial_base = 0x3f8; + + #include "../early_serial_console.c" diff --git a/patches/lvm2-2.02.168.patch b/patches/lvm2-2.02.168.patch index d6547c475..0a0956998 100644 --- a/patches/lvm2-2.02.168.patch +++ b/patches/lvm2-2.02.168.patch @@ -1,6 +1,6 @@ -diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm/memlock.c ---- ../clean/LVM2.2.02.168/lib/mm/memlock.c 2016-11-30 18:17:29.000000000 -0500 -+++ LVM2.2.02.168/lib/mm/memlock.c 2017-04-12 08:18:18.533783802 -0400 +diff --recursive -u clean/LVM2.2.02.168/lib/mm/memlock.c lvm2.2.02.168/lib/mm/memlock.c +--- clean/LVM2.2.02.168/lib/mm/memlock.c 2016-12-01 00:17:29.000000000 +0100 ++++ lvm2.2.02.168/lib/mm/memlock.c 2020-01-09 13:23:14.017310025 +0100 @@ -150,6 +150,7 @@ static void _allocate_memory(void) @@ -9,7 +9,7 @@ diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm #ifndef VALGRIND_POOL void *stack_mem; struct rlimit limit; -@@ -208,6 +209,7 @@ +@@ -208,11 +209,14 @@ for (i = 0; i < area; ++i) free(areas[i]); #endif @@ -17,7 +17,14 @@ diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm } static void _release_memory(void) -@@ -288,7 +290,7 @@ + { ++#if 0 + free(_malloc_mem); ++#endif + } + + /* +@@ -288,7 +292,7 @@ if (lock == LVM_MLOCK) { if (mlock((const void*)from, sz) < 0) { @@ -26,9 +33,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm return 0; } } else { -diff -u --recursive ../clean/LVM2.2.02.168/libdm/libdm-stats.c LVM2.2.02.168/libdm/libdm-stats.c ---- ../clean/LVM2.2.02.168/libdm/libdm-stats.c 2016-11-30 18:17:30.000000000 -0500 -+++ LVM2.2.02.168/libdm/libdm-stats.c 2017-04-10 16:50:01.622529656 -0400 +diff --recursive -u clean/LVM2.2.02.168/libdm/libdm-stats.c lvm2.2.02.168/libdm/libdm-stats.c +--- clean/LVM2.2.02.168/libdm/libdm-stats.c 2016-12-01 00:17:30.000000000 +0100 ++++ lvm2.2.02.168/libdm/libdm-stats.c 2020-01-09 13:23:14.017310025 +0100 @@ -17,7 +17,24 @@ #include "dmlib.h" @@ -90,9 +97,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/libdm/libdm-stats.c LVM2.2.02.168/lib buflen += id_len + 1; /* range end plus "-" */ } buflen++; -diff -u --recursive ../clean/LVM2.2.02.168/libdm/Makefile.in LVM2.2.02.168/libdm/Makefile.in ---- ../clean/LVM2.2.02.168/libdm/Makefile.in 2016-11-30 18:17:30.000000000 -0500 -+++ LVM2.2.02.168/libdm/Makefile.in 2017-04-10 16:50:01.622529656 -0400 +diff --recursive -u clean/LVM2.2.02.168/libdm/Makefile.in lvm2.2.02.168/libdm/Makefile.in +--- clean/LVM2.2.02.168/libdm/Makefile.in 2016-12-01 00:17:30.000000000 +0100 ++++ lvm2.2.02.168/libdm/Makefile.in 2020-01-09 13:23:14.017310025 +0100 @@ -56,7 +56,8 @@ CFLAGS += $(UDEV_CFLAGS) $(VALGRIND_CFLAGS) @@ -103,9 +110,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/libdm/Makefile.in LVM2.2.02.168/libdm device-mapper: all -diff -u --recursive ../clean/LVM2.2.02.168/make.tmpl.in LVM2.2.02.168/make.tmpl.in ---- ../clean/LVM2.2.02.168/make.tmpl.in 2016-11-30 18:17:30.000000000 -0500 -+++ LVM2.2.02.168/make.tmpl.in 2017-04-10 16:50:01.626529699 -0400 +diff --recursive -u clean/LVM2.2.02.168/make.tmpl.in lvm2.2.02.168/make.tmpl.in +--- clean/LVM2.2.02.168/make.tmpl.in 2016-12-01 00:17:30.000000000 +0100 ++++ lvm2.2.02.168/make.tmpl.in 2020-01-09 13:23:14.017310025 +0100 @@ -142,7 +142,7 @@ M_INSTALL_PROGRAM = -m 555 M_INSTALL_DATA = -m 444 @@ -126,9 +133,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/make.tmpl.in LVM2.2.02.168/make.tmpl. LVM_VERSION := $(shell cat $(top_srcdir)/VERSION) -diff -u --recursive ../clean/LVM2.2.02.168/tools/lvmcmdline.c LVM2.2.02.168/tools/lvmcmdline.c ---- ../clean/LVM2.2.02.168/tools/lvmcmdline.c 2016-11-30 18:17:32.000000000 -0500 -+++ LVM2.2.02.168/tools/lvmcmdline.c 2017-04-10 16:50:01.626529699 -0400 +diff --recursive -u clean/LVM2.2.02.168/tools/lvmcmdline.c lvm2.2.02.168/tools/lvmcmdline.c +--- clean/LVM2.2.02.168/tools/lvmcmdline.c 2016-12-01 00:17:32.000000000 +0100 ++++ lvm2.2.02.168/tools/lvmcmdline.c 2020-01-09 13:23:49.057418263 +0100 @@ -1817,6 +1817,7 @@ { int err = is_valid_fd(STDERR_FILENO); @@ -145,3 +152,12 @@ diff -u --recursive ../clean/LVM2.2.02.168/tools/lvmcmdline.c LVM2.2.02.168/tool return 1; } +@@ -2023,7 +2025,7 @@ + */ + dm_set_name_mangling_mode(DM_STRING_MANGLING_NONE); + +- if (!(cmd = create_toolcontext(0, NULL, 1, 0, ++ if (!(cmd = create_toolcontext(0, NULL, 0, 0, + set_connections, set_filters))) { + udev_fin_library_context(); + return_NULL; diff --git a/patches/musl-cross.patch b/patches/musl-cross-1952975.patch similarity index 80% rename from patches/musl-cross.patch rename to patches/musl-cross-1952975.patch index 267c339a3..7161e6736 100644 --- a/patches/musl-cross.patch +++ b/patches/musl-cross-1952975.patch @@ -1,5 +1,5 @@ diff --git a/config.sh b/config.sh -index 4e321c9..6d9ea32 100644 +index ec3c1ce..844fb3d 100644 --- a/config.sh +++ b/config.sh @@ -1,13 +1,15 @@ @@ -20,7 +20,7 @@ index 4e321c9..6d9ea32 100644 # If you use arm, you may need more fine-tuning: # arm hardfloat v7 -@@ -20,7 +22,10 @@ CC_BASE_PREFIX=/opt/cross +@@ -20,11 +22,14 @@ CC_BASE_PREFIX=/opt/cross #GCC_BOOTSTRAP_CONFFLAGS="--with-arch=armv7-a --with-float=softfp" #GCC_CONFFLAGS="--with-arch=armv7-a --with-float=softfp" @@ -29,6 +29,10 @@ index 4e321c9..6d9ea32 100644 # Enable this to build the bootstrap gcc (thrown away) without optimization, to reduce build time GCC_STAGE1_NOOPT=1 -+ + +# Build GMP, MPFR and MPC +GCC_BUILTIN_PREREQS=yes ++ + # uncomment these to get smaller/stripped binaries + #export CFLAGS="-Os -g0 -s" + #export CXXFLAGS="-Os -g0"