From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id iMoCBdObzWLGfwEAbAwnHQ (envelope-from ) for ; Tue, 12 Jul 2022 18:05:39 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id kBALBNObzWIOlwAAG6o9tA (envelope-from ) for ; Tue, 12 Jul 2022 18:05:39 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 345A49CED for ; Tue, 12 Jul 2022 18:05:05 +0200 (CEST) Received: from localhost ([::1]:48804 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oBINj-0002Ll-Ej for larch@yhetil.org; Tue, 12 Jul 2022 12:05:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50536) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oBIIs-0007l2-CZ for guix-devel@gnu.org; Tue, 12 Jul 2022 12:00:08 -0400 Received: from mail-40134.protonmail.ch ([185.70.40.134]:34247) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oBIIo-0000Yh-Mi for guix-devel@gnu.org; Tue, 12 Jul 2022 12:00:01 -0400 Date: Tue, 12 Jul 2022 15:59:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1657641593; x=1657900793; bh=Bcvq4y/uC9cC7wZKvjcN56tk4zTya65sWuVIU0EUPpw=; h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc: Date:Subject:Reply-To:Feedback-ID:Message-ID; b=wBnypCDiNXBGKz/iFzxvuVgiF8Zb+YI2APbl4g0oHBZf9cFDJG6avFbRuLFYxs6Tg Lv/0ZqfIEXfV93A3m2qaBzrD+7XDLoNQE6TziIpjnRIrioDJaEYeuSvPU/zC4M6Txj HOWh6IdEqSBZcykYnRDAtRUlv3ldlyFVJTVFQWg9ft4eT4mWJgm4IXhvT3X3yVjkeN kLK87435gvU/z/Pi9W5o+++k2L8rQbwo72dMB4c9rJs+zT1Sm1i1cfC3NiX/QLW+PC Iv2Ik7xsv9Yb+7GSTcZiJ1GUjDr5PliU9M+wx5WTybYOouYgFdYSM/OUyXjhL8vROr GGyB85DWG2eYw== To: "guix-devel@gnu.org" From: John Kehayias Subject: [WIP Patch] Adding an FHS container to guix shell Message-ID: Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_7G6mOQ7mBApYCuacAsUmicZSM7cGKSRPh0emMTUZ8w" Received-SPF: pass client-ip=185.70.40.134; envelope-from=john.kehayias@protonmail.com; helo=mail-40134.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Tue, 12 Jul 2022 12:02:39 -0400 X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: John Kehayias Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1657641905; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Bcvq4y/uC9cC7wZKvjcN56tk4zTya65sWuVIU0EUPpw=; b=m8phDuY0iMmvqoR4/TDhgSWyXXef4bgiXcWfwSe+nG54dLrMCDaYe8jcAGYAWjm6OLLsq9 0VlCIU9GERw7GDclmxpziQcb7CpHnNsBbQZXVFMgWqJOp7Ql5oAz7JyJvK2wcaLnZC8TIT kUL0uSpdhfBrA/nThPoBqH7Ny51CKUS2KallrmEPbHqaWwasyLZhZfJC1tiCcLTW+eMppc TCf2qzirxaxk8GkPG/Hu1Yxo6hRy31I5u1A0SpR5XVNZQJi72WKqiNFBy73+4Ab7fCnkKC vVCQKshcpDZ3Z8CSdgFl2dXf04L+/UdihDgjetSiG9k5tPYhf/AIIn5xhuzilQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1657641905; a=rsa-sha256; cv=none; b=DVE2u64RqNhfOCyEjMfEWz+Cw9wuGuzx1XmH+h74o8aps5MGHKMF8Z2fa5gAuwPPVXKJ5/ nKVCMmrbyIKtH3Fv6PP0FP1wEd3yOfRg7IiwU49B4FBzIPHv6v8e7DeOHYBI73kKdWjZzY 54eSu+iJKm/WG3/e/6IDcqkgIQXPjBtjdAtvjwEUcAIbVSDizKmPEGnS7ngNS+EhCy9sqE 9Inm128C1CG0xuoBKzlNeWbU3aphKcjRXf4VH9ol31U97DqCC1R2BC+sU8GVjB1UBQXBE3 LHlF0E9MAV2sIM/l/+qGjQMrp6j7Y/pD/27IM6Q0F6w7ujYLWmKdF13Gn8BJQg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=wBnypCDi; dmarc=pass (policy=quarantine) header.from=protonmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.85 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=wBnypCDi; dmarc=pass (policy=quarantine) header.from=protonmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 345A49CED X-Spam-Score: -3.85 X-Migadu-Scanner: scn1.migadu.com X-TUID: Wp2dZ/qaox6e This is a multi-part message in MIME format. --b1_7G6mOQ7mBApYCuacAsUmicZSM7cGKSRPh0emMTUZ8w Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Guixers, Apologies for the long email, so let me start with the punchline: attached = is a diff which adds an '--fhs-container' (or -F) option to guix shell/envi= ronment to set up an FHS-like container. This includes the usual /lib direc= tory and a glibc which loads (a generated in the container) /etc/ld.so.cach= e. This should allow running most things that expect a more "typical" Linux= environment. Give it a try! First, I wanted to ask how people feel about such a feature. Obviously, one= use is to run pre-built binaries (isolated!), but this is also handy for s= etting up development environments when not able (or wanting) to with Guix = packages only. For example, using the rustup [0] scripts, pretty much anyth= ing JS, or just following typical Readme instructions to try out something = new before packaging. I won't debate the details here other than to say thi= s topic comes up with Guix and I think it is yet another useful tool for gu= ix shell and containers. Nix, which I know almost nothing about, does have some FHS container/enviro= nment options as well. Next, some technical points about implementation, which I hope will be info= rmed by the first question and what we want from this tool. There are two m= ain things needed for the FHS-container: 1. Set up directories like /lib. This is easy enough and can be done curren= tly, like in roptat's response here [1] by building the profile first to kn= ow where to link to. Note that it is easier to do it within the environment= code since we have access to the profile even if it is being built for the= first time. There are some wrinkles with linking something like /bin since= we currently add a link for sh; see the comments in my diff. Right now I did not handle a multi-arch setup, though that shouldn't be too= difficult. This would probably require an option to build either all or sp= ecified packages for an additional arch, like 32bit in a 64bit system, and = make the libraries available (/lib32 or something). Though may run into a u= nion-build bug [2]? 2. Typically binaries will expect the ld loader to use /etc/ld.so.cache for= finding libraries. So, I made a glibc package that removes our dl cache pa= tch to restore this behavior. It seems enough to add this as a default pack= age to the container, though I commented out an option to automatically gra= ft everything with this glibc. Both worked for me, but grafting didn't seem= necessary. The second step is to generate the ld cache, which is done with a simple st= artup script in the container, after creating a temporary ld.so.conf (our l= dconfig doesn't use the usual default directories?). I'm sure I found the h= ackiest way to do this, but it works :) Again, this could be possible witho= ut modifying guix containers, but this is easier. (For example, you can see= work done by myself and others at a certain non-free channel to do exactly= this.) Some questions going forward, besides overall cleanup and tweaking of the c= ode (which I provided comments in for some details, please see there). It m= ight be nice to be able to extend containers more easily with setup scripts= , though again this can be done by making some Guile scripts to wrap a cont= ainer and making a package around that (e.g. from the non-free channel). Wh= at kind of extensions would be useful to expose? I think I saw some talk on= IRC recently about how to manage env variables when using guix shell. Perh= aps an extended manifest format for shell? Relatedly and more generally, perhaps it would be good to have somewhere (c= ookbook?) some recipes of useful guix shell container incantations. Sharing= what you need from the host for graphical programs can be a little tricky = to figure out. We have the --network option, maybe others would be useful? = Or some base package lists for development: just like we have our various -= build-system's, a package list with typical library sets might be a nice co= nvenience. What about other uses for this container, like providing an isolated enviro= nment to build and run software we can't do fully with bootstrap and source= s (like JS)? Could this become some stop-gap to allow people to work with t= hese ecosystems in a more controlled way within Guix? Or an alternative bui= ld environment? Not entirely sure what this could mean, just thinking out l= oud. Okay, let me end by bringing it back to what we can currently do with this = code I whipped up (and many thanks to [1] and efforts in a non-free channel= for doing the work that I drew upon). I don't know any Rust, so I figured trying out what I read on the internet = about "just use rustup" and follow a readme is a good test case. So I did t= hat and compiled something that looked hefty, a graphical widget system [3]= . Here's the command I used and everything just worked: the rustup script r= an and downloaded the rust tools, the cargo build command worked to build e= verything. I couldn't run the actual widgets as I am within a pure shell fo= r my guix checkout (but have done this with similar code and it fully worke= d once sharing the right host env variables/directories). I used a director= y as my container home to keep everything. ./pre-inst-env guix shell --network --fhs-container bash coreutils curl gre= p nss-certs gcc:lib gcc-toolchain pkg-config glib cairo atk pango@1.48.10 g= dk-pixbuf gtk+ --share=3D$HOME/temp/fhs-home=3D$HOME On IRC, apteryx mentioned wanting to try buildroot [4] as a use-case. This = worked for me after setting TERM=3Dxterm in the container (I think I run th= e shell not quite correctly right now, or because it is already with in a g= uix shell --pure). Unfortunately make failed with some broken URLs, but so = far didn't need any tweaks. ./pre-inst-env guix shell --network --fhs-container bash coreutils grep mak= e nss-certs diffutils findutils ncurses which sed unzip gzip bzip2 wget per= l cpio bc patch rsync tar file python gawk util-linux-with-udev gcc:lib pkg= -config gcc-toolchain --share=3D$HOME/temp/fhs-home=3D$HOME So, things should work as long as you provide the necessary packages. There= may be some tweaks needed with some symlinks or env variables, but I think= the basics are there. Happy to hear everyone's thoughts! And sorry for the long email, but the co= de is pretty short and straightforward. John PS: Is there an easy way to use the modified environment scripts outside of= a guix checkout shell? [0] https://rustup.rs/ [1] https://unix.stackexchange.com/questions/600311/how-to-run-a-dynamicall= y-compiled-32-bit-x86-binary-on-a-amd64-bit-guix-system [2] https://issues.guix.gnu.org/53406 [3] https://github.com/elkowar/eww [4] https://git.buildroot.net/buildroot/ --b1_7G6mOQ7mBApYCuacAsUmicZSM7cGKSRPh0emMTUZ8w Content-Type: text/x-patch; name=fhs-container.diff Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=fhs-container.diff ZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9iYXNlLnNjbSBiL2dudS9wYWNrYWdlcy9iYXNlLnNj bQppbmRleCA0YmRjM2U3NzkyLi4xYjRjOTlkM2U5IDEwMDY0NAotLS0gYS9nbnUvcGFja2FnZXMv YmFzZS5zY20KKysrIGIvZ251L3BhY2thZ2VzL2Jhc2Uuc2NtCkBAIC05MjgsNiArOTI4LDIwIEBA IChkZWZpbmUtcHVibGljIGdsaWJjCiAgICAobGljZW5zZSBsZ3BsMi4wKykKICAgIChob21lLXBh Z2UgImh0dHBzOi8vd3d3LmdudS5vcmcvc29mdHdhcmUvbGliYy8iKSkpCiAKKzs7IERlZmluZSBn bGliYy1mb3ItZmhzICh3aXRoIGEgbmFtZSB0aGF0IGFsbG93cyBncmFmdHMgZm9yIGdsaWJjKSwg YSB2YXJpYXRpb24KKzs7IG9mIGdsaWJjIHdoaWNoIHVzZXMgdGhlIGRlZmF1bHQgbGQuc28uY2Fj aGUsIHVzZWZ1bCBpbiBGSFMgY29udGFpbmVycy4KKzs7IE5vdGU6IHNob3VsZCB0aGlzIGJlIGhp ZGRlbj8KKyhkZWZpbmUtcHVibGljIGdjZmhzCisgIChwYWNrYWdlCisgICAgKGluaGVyaXQgZ2xp YmMpCisgICAgKG5hbWUgImdjZmhzIikKKyAgICAoc291cmNlIChvcmlnaW4gKGluaGVyaXQgKHBh Y2thZ2Utc291cmNlIGdsaWJjKSkKKyAgICAgICAgICAgICAgICAgICAgOzsgUmVtb3ZlIEd1aXgn cyBwYXRjaCB0byByZWFkIGxkLnNvLmNhY2hlIGZyb20gL2dudS9zdG9yZQorICAgICAgICAgICAg ICAgICAgICA7OyBkaXJlY3RvcmllcywgcmUtZW5hYmxpbmcgdGhlIGRlZmF1bHQgL2V0Yy9sZC5z by5jYWNoZQorICAgICAgICAgICAgICAgICAgICA7OyBiZWhhdmlvci4KKyAgICAgICAgICAgICAg ICAgICAgKHBhdGNoZXMgKGRlbGV0ZSAoY2FyIChzZWFyY2gtcGF0Y2hlcyAiZ2xpYmMtZGwtY2Fj aGUucGF0Y2giKSkKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAob3JpZ2lu LXBhdGNoZXMgKHBhY2thZ2Utc291cmNlIGdsaWJjKSkpKSkpKSkKKwogOzsgQmVsb3cgYXJlIG9s ZCBsaWJjIHZlcnNpb25zLCB3aGljaCB3ZSB1c2UgbW9zdGx5IHRvIGJ1aWxkIGxvY2FsZSBkYXRh IGluCiA7OyB0aGUgb2xkIGZvcm1hdCAod2hpY2ggdGhlIG5ldyBsaWJjIGNhbm5vdCBjb3BlIHdp dGguKQogKGRlZmluZS1wdWJsaWMgZ2xpYmMtMi4zMgpkaWZmIC0tZ2l0IGEvZ3VpeC9zY3JpcHRz L2Vudmlyb25tZW50LnNjbSBiL2d1aXgvc2NyaXB0cy9lbnZpcm9ubWVudC5zY20KaW5kZXggMzIx NjIzNTkzNy4uNDI1NjQ5Yjg0MyAxMDA2NDQKLS0tIGEvZ3VpeC9zY3JpcHRzL2Vudmlyb25tZW50 LnNjbQorKysgYi9ndWl4L3NjcmlwdHMvZW52aXJvbm1lbnQuc2NtCkBAIC0yLDYgKzIsNyBAQAog Ozs7IENvcHlyaWdodCDCqSAyMDE0LCAyMDE1LCAyMDE4IERhdmlkIFRob21wc29uIDxkYXZldEBn bnUub3JnPgogOzs7IENvcHlyaWdodCDCqSAyMDE1LTIwMjIgTHVkb3ZpYyBDb3VydMOocyA8bHVk b0BnbnUub3JnPgogOzs7IENvcHlyaWdodCDCqSAyMDE4IE1pa2UgR2Vyd2l0eiA8bXRnQGdudS5v cmc+Cis7OzsgQ29weXJpZ2h0IMKpIDIwMjEgSm9obiBLZWhheWlhcyA8am9obi5rZWhheWlhc0Bw cm90b25tYWlsLmNvbT4KIDs7OwogOzs7IFRoaXMgZmlsZSBpcyBwYXJ0IG9mIEdOVSBHdWl4Lgog Ozs7CkBAIC00NSw2ICs0Niw3IEBAIChkZWZpbmUtbW9kdWxlIChndWl4IHNjcmlwdHMgZW52aXJv bm1lbnQpCiAgICM6YXV0b2xvYWQgICAoZ3VpeCBidWlsZCBzeXNjYWxscykgKHNldC1uZXR3b3Jr LWludGVyZmFjZS11cCBvcGVucHR5IGxvZ2luLXR0eSkKICAgIzp1c2UtbW9kdWxlIChnbnUgc3lz dGVtIGZpbGUtc3lzdGVtcykKICAgIzphdXRvbG9hZCAgIChnbnUgcGFja2FnZXMpIChzcGVjaWZp Y2F0aW9uLT5wYWNrYWdlK291dHB1dCkKKyAgIzphdXRvbG9hZCAgIChnbnUgcGFja2FnZXMgYmFz ZSkgKGdjZmhzKQogICAjOmF1dG9sb2FkICAgKGdudSBwYWNrYWdlcyBiYXNoKSAoYmFzaCkKICAg IzphdXRvbG9hZCAgIChnbnUgcGFja2FnZXMgYm9vdHN0cmFwKSAoYm9vdHN0cmFwLWV4ZWN1dGFi bGUgJWJvb3RzdHJhcC1ndWlsZSkKICAgIzp1c2UtbW9kdWxlIChpY2UtOSBtYXRjaCkKQEAgLTEw MSw2ICsxMDMsOCBAQCAoZGVmaW5lIChzaG93LWVudmlyb25tZW50LW9wdGlvbnMtaGVscCkKICAg KGRpc3BsYXkgKEdfICIKICAgLUMsIC0tY29udGFpbmVyICAgICAgICBydW4gY29tbWFuZCB3aXRo aW4gYW4gaXNvbGF0ZWQgY29udGFpbmVyIikpCiAgIChkaXNwbGF5IChHXyAiCisgIC1GLCAtLWZo cy1jb250YWluZXIgICAgcnVuIGNvbW1hbmQgd2l0aGluIGFuIGlzb2xhdGVkIEZIUyBjb250YWlu ZXIiKSkKKyAgKGRpc3BsYXkgKEdfICIKICAgLU4sIC0tbmV0d29yayAgICAgICAgICBhbGxvdyBj b250YWluZXJzIHRvIGFjY2VzcyB0aGUgbmV0d29yayIpKQogICAoZGlzcGxheSAoR18gIgogICAt UCwgLS1saW5rLXByb2ZpbGUgICAgIGxpbmsgZW52aXJvbm1lbnQgcHJvZmlsZSB0byB+Ly5ndWl4 LXByb2ZpbGUgd2l0aGluCkBAIC0yMjksNiArMjMzLDEwIEBAIChkZWZpbmUgJW9wdGlvbnMKICAg ICAgICAgIChvcHRpb24gJygjXEMgImNvbnRhaW5lciIpICNmICNmCiAgICAgICAgICAgICAgICAg IChsYW1iZGEgKG9wdCBuYW1lIGFyZyByZXN1bHQpCiAgICAgICAgICAgICAgICAgICAgKGFsaXN0 LWNvbnMgJ2NvbnRhaW5lcj8gI3QgcmVzdWx0KSkpCisgICAgICAgICAob3B0aW9uICcoI1xGICJm aHMtY29udGFpbmVyIikgI2YgI2YKKyAgICAgICAgICAgICAgICAgKGxhbWJkYSAob3B0IG5hbWUg YXJnIHJlc3VsdCkKKyAgICAgICAgICAgICAgICAgICAoYWxpc3QtY29ucyAnZmhzLWNvbnRhaW5l cj8gI3QKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoYWxpc3QtY29ucyAnY29udGFp bmVyPyAjdCByZXN1bHQpKSkpCiAgICAgICAgICAob3B0aW9uICcoI1xOICJuZXR3b3JrIikgI2Yg I2YKICAgICAgICAgICAgICAgICAgKGxhbWJkYSAob3B0IG5hbWUgYXJnIHJlc3VsdCkKICAgICAg ICAgICAgICAgICAgICAoYWxpc3QtY29ucyAnbmV0d29yaz8gI3QgcmVzdWx0KSkpCkBAIC02MDYs OSArNjE0LDEwIEBAIChkZWZpbmUqIChsYXVuY2gtZW52aXJvbm1lbnQvZm9yayBjb21tYW5kIHBy b2ZpbGUgbWFuaWZlc3QKICAgICAgICAgICAgKChfIC4gc3RhdHVzKQogICAgICAgICAgICAgKHZh bGlkYXRlLWV4aXQtc3RhdHVzIHByb2ZpbGUgY29tbWFuZCBzdGF0dXMpKSkpKSkKIAotKGRlZmlu ZSogKGxhdW5jaC1lbnZpcm9ubWVudC9jb250YWluZXIgIzprZXkgY29tbWFuZCBiYXNoIHVzZXIg dXNlci1tYXBwaW5ncwotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJv ZmlsZSBtYW5pZmVzdCBsaW5rLXByb2ZpbGU/IG5ldHdvcms/Ci0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBtYXAtY3dkPyAod2hpdGUtbGlzdCAnKCkpKQorKGRlZmluZSog KGxhdW5jaC1lbnZpcm9ubWVudC9jb250YWluZXIgIzprZXkgY29tbWFuZCBiYXNoIGZocy1jb250 YWluZXI/IHVzZXIKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHVzZXIt bWFwcGluZ3MgcHJvZmlsZSBtYW5pZmVzdAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgbGluay1wcm9maWxlPyBuZXR3b3JrPyBtYXAtY3dkPworICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgKHdoaXRlLWxpc3QgJygpKSkKICAgIlJ1biBDT01NQU5E IHdpdGhpbiBhIGNvbnRhaW5lciB0aGF0IGZlYXR1cmVzIHRoZSBzb2Z0d2FyZSBpbiBQUk9GSUxF LgogRW52aXJvbm1lbnQgdmFyaWFibGVzIGFyZSBzZXQgYWNjb3JkaW5nIHRvIHRoZSBzZWFyY2gg cGF0aHMgb2YgTUFOSUZFU1QuCiBUaGUgZ2xvYmFsIHNoZWxsIGlzIEJBU0gsIGEgZmlsZSBuYW1l IGZvciBhIEdOVSBCYXNoIGJpbmFyeSBpbiB0aGUKQEAgLTcwOSw2ICs3MTgsNDkgQEAgKGRlZmlu ZSogKGxhdW5jaC1lbnZpcm9ubWVudC9jb250YWluZXIgIzprZXkgY29tbWFuZCBiYXNoIHVzZXIg dXNlci1tYXBwaW5ncwogICAgICAgICAgICAgKG1rZGlyLXAgaG9tZS1kaXIpCiAgICAgICAgICAg ICAoc2V0ZW52ICJIT01FIiBob21lLWRpcikKIAorICAgICAgICAgICAgOzsgU2V0IHVwIGFuIEZI UyBjb250YWluZXIuCisgICAgICAgICAgICAod2hlbiBmaHMtY29udGFpbmVyPworICAgICAgICAg ICAgICA7OyBTZXQgdXAgdGhlIGV4cGVjdGVkIGJpbiBhbmQgbGlicmFyeSBkaXJlY3RvcmllcyBh cyBzeW1saW5rcyB0bworICAgICAgICAgICAgICA7OyB0aGUgcHJvZmlsZSBsaWIgZGlyZWN0b3J5 LiAgTm90ZSB0aGF0IHRoaXMgaXMgYXNzdW1pbmcgYSA2NGJpdAorICAgICAgICAgICAgICA7OyBh cmNoaXRlY3R1cmUuCisgICAgICAgICAgICAgIChsZXQgKChsaWItZGlyIChzdHJpbmctYXBwZW5k IHByb2ZpbGUgIi9saWIiKSkpCisgICAgICAgICAgICAgICAgKHN5bWxpbmsgbGliLWRpciAiL2xp YjY0IikKKyAgICAgICAgICAgICAgICAoc3ltbGluayBsaWItZGlyICIvbGliIikKKyAgICAgICAg ICAgICAgICAobWtkaXItcCAiL3VzciIpCisgICAgICAgICAgICAgICAgKHN5bWxpbmsgbGliLWRp ciAiL3Vzci9saWIiKSkKKyAgICAgICAgICAgICAgOzsgTm90ZTogY2FuJ3Qgc3ltbGluayBmdWxs IC9iaW4gaW4gdGhlIGNvbnRhaW5lciBkdWUgdG8gdGhlIHNoCisgICAgICAgICAgICAgIDs7IHN5 bWxpbmsuCisgICAgICAgICAgICAgIChzeW1saW5rIChzdHJpbmctYXBwZW5kIHByb2ZpbGUgIi9i aW4iKSAiL3Vzci9iaW4iKQorICAgICAgICAgICAgICAoc3ltbGluayAoc3RyaW5nLWFwcGVuZCBw cm9maWxlICIvc2JpbiIpICIvc2JpbiIpCisgICAgICAgICAgICAgIChzeW1saW5rIChzdHJpbmct YXBwZW5kIHByb2ZpbGUgIi9zYmluIikgIi91c3Ivc2JpbiIpCisKKyAgICAgICAgICAgICAgOzsg UHJvdmlkZSBhIGZyZXF1ZW50bHkgZXhwZWN0ZWQgJ2NjJyBzeW1saW5rIHRvIGdjYywgdGhvdWdo IHRoaXMKKyAgICAgICAgICAgICAgOzsgY291bGQgYWxzbyBiZSBkb25lIGJ5IHRoZSB1c2VyIGlu IHRoZSBjb250YWluZXIsIGUuZy4gaW4KKyAgICAgICAgICAgICAgOzsgJEhPTUUvLmxvY2FsL2Jp biBhbmQgYWRkaW5nIHRoYXQgdG8gJFBBVEguICBOb3RlOiB3ZSBkbyB0aGlzCisgICAgICAgICAg ICAgIDs7IGluIC9iaW4gc2luY2UgdGhhdCBhbHJlYWR5IGhhcyB0aGUgc2ggc3ltbGluayBhbmQg Y2FuJ3Qgd3JpdGUKKyAgICAgICAgICAgICAgOzsgdG8gdGhlIG90aGVyIGJpbiBkaXJlY3Rvcmll cyB0aGF0IGFyZSBhbHJlYWR5IHN5bWxpbmtzIHRoZW1zZWx2ZXMuCisgICAgICAgICAgICAgIChz eW1saW5rIChzdHJpbmctYXBwZW5kIHByb2ZpbGUgIi9iaW4vZ2NjIikgIi9iaW4vY2MiKQorICAg ICAgICAgICAgICA7OyBUT0RPOiBweXRob24gbWF5IGFsc28gYmUgZXhwZWN0ZWQgdG8gc3ltbGlu ayB0byBweXRob24zLgorCisgICAgICAgICAgICAgIDs7IEd1aXgncyBsZGNvbmZpZyBkb2Vzbid0 IHNlZW0gdG8gc2VhcmNoIGluIEZIUyBkZWZhdWx0CisgICAgICAgICAgICAgIDs7IGxvY2F0aW9u cywgc28gcHJvdmlkZSBhIG1pbmltYWwgbGQuc28uY29uZi4KKyAgICAgICAgICAgICAgOzsgVE9E TzogdGhpcyBtYXkgbmVlZCBtb3JlLCBlLmcuIGxpYm5zczMgaXMgaW4gL2xpYi9uc3MKKyAgICAg ICAgICAgICAgKGNhbGwtd2l0aC1vdXRwdXQtZmlsZSAiL3RtcC9sZC5zby5jb25mIgorICAgICAg ICAgICAgICAgIChsYW1iZGEgKHBvcnQpCisgICAgICAgICAgICAgICAgICAoZGlzcGxheSAiL2xp YjY0IiBwb3J0KQorICAgICAgICAgICAgICAgICAgKG5ld2xpbmUgcG9ydCkpKQorCisgICAgICAg ICAgICAgIDs7IERlZmluZSBhbiBlbnRyeSBzY3JpcHQgdG8gc3RhcnQgdGhlIGNvbnRhaW5lcjog Z2VuZXJhdGUKKyAgICAgICAgICAgICAgOzsgbGQuc28uY2FjaGUsIHN1cHBsZW1lbnQgJFBBVEgs IGFuZCBpbmNsdWRlIGNvbW1hbmQuCisgICAgICAgICAgICAgIChjYWxsLXdpdGgtb3V0cHV0LWZp bGUgIi90bXAvZmhzLnNoIgorICAgICAgICAgICAgICAgIChsYW1iZGEgKHBvcnQpCisgICAgICAg ICAgICAgICAgICAoZGlzcGxheSAibGRjb25maWcgLVggLWYgL3RtcC9sZC5zby5jb25mIiBwb3J0 KQorICAgICAgICAgICAgICAgICAgKG5ld2xpbmUgcG9ydCkKKyAgICAgICAgICAgICAgICAgIChk aXNwbGF5ICJleHBvcnQgUEFUSD0vYmluOi91c3IvYmluOi9zYmluOi91c3Ivc2JpbjokUEFUSCIg cG9ydCkKKyAgICAgICAgICAgICAgICAgIChuZXdsaW5lIHBvcnQpCisgICAgICAgICAgICAgICAg ICAoZGlzcGxheSAoY2FyIGNvbW1hbmQpIHBvcnQpCisgICAgICAgICAgICAgICAgICAobmV3bGlu ZSBwb3J0KSkpKQorCiAgICAgICAgICAgICA7OyBJZiByZXF1ZXN0ZWQsIGxpbmsgJEdVSVhfRU5W SVJPTk1FTlQgdG8gJEhPTUUvLmd1aXgtcHJvZmlsZTsKICAgICAgICAgICAgIDs7IHRoaXMgYWxs b3dzIHByb2dyYW1zIGV4cGVjdGluZyB0aGF0IHBhdGggdG8gY29udGludWUgd29ya2luZyBhcwog ICAgICAgICAgICAgOzsgZXhwZWN0ZWQgd2l0aGluIGEgY29udGFpbmVyLgpAQCAtNzQ2LDcgKzc5 OCwxMiBAQCAoZGVmaW5lKiAobGF1bmNoLWVudmlyb25tZW50L2NvbnRhaW5lciAjOmtleSBjb21t YW5kIGJhc2ggdXNlciB1c2VyLW1hcHBpbmdzCiAgICAgICAgICAgICAocHJpbWl0aXZlLWV4aXQv c3RhdHVzCiAgICAgICAgICAgICAgOzsgQSBjb250YWluZXIncyBlbnZpcm9ubWVudCBpcyBhbHJl YWR5IHB1cmlmaWVkLCBzbyBubyBuZWVkIHRvCiAgICAgICAgICAgICAgOzsgcmVxdWVzdCBpdCBi ZSBwdXJpZmllZCBhZ2Fpbi4KLSAgICAgICAgICAgICAobGF1bmNoLWVudmlyb25tZW50IGNvbW1h bmQKKyAgICAgICAgICAgICAobGF1bmNoLWVudmlyb25tZW50IChpZiBmaHMtY29udGFpbmVyPwor ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDs7IFVzZSB0aGUgRkhTIHN0YXJ0 IHNjcmlwdC4KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA7OyBGSVhNRTog cHJvYmFibHkgdGhlIGRlZmF1bHQgY29tbWFuZCBzaG91bGQKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICA7OyBiZSBkaWZmZXJlbnQgYXMgaXQgc3Bhd25zIGEgZGlmZmVyZW50 IHNoZWxsPworICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICcoIi9iaW4vc2gi ICIvdG1wL2Zocy5zaCIpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY29t bWFuZCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIChpZiBsaW5rLXByb2ZpbGU/ CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHN0cmluZy1hcHBlbmQgaG9t ZS1kaXIgIi8uZ3VpeC1wcm9maWxlIikKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICBwcm9maWxlKQpAQCAtODc0LDE1ICs5MzEsMTYgQEAgKGRlZmluZSAoZ3VpeC1lbnZpcm9u bWVudCogb3B0cykKICAgIlJ1biB0aGUgJ2d1aXggZW52aXJvbm1lbnQnIGNvbW1hbmQgb24gT1BU UywgYW4gYWxpc3QgcmVzdWx0aW5nIGZvcgogY29tbWFuZC1saW5lIG9wdGlvbiBwcm9jZXNzaW5n IHdpdGggJ3BhcnNlLWNvbW1hbmQtbGluZScuIgogICAod2l0aC1lcnJvci1oYW5kbGluZwotICAg IChsZXQqICgocHVyZT8gICAgICAoYXNzb2MtcmVmIG9wdHMgJ3B1cmUpKQotICAgICAgICAgICAo Y29udGFpbmVyPyAoYXNzb2MtcmVmIG9wdHMgJ2NvbnRhaW5lcj8pKQotICAgICAgICAgICAobGlu ay1wcm9mPyAoYXNzb2MtcmVmIG9wdHMgJ2xpbmstcHJvZmlsZT8pKQotICAgICAgICAgICAobmV0 d29yaz8gICAoYXNzb2MtcmVmIG9wdHMgJ25ldHdvcms/KSkKLSAgICAgICAgICAgKG5vLWN3ZD8g ICAgKGFzc29jLXJlZiBvcHRzICduby1jd2Q/KSkKLSAgICAgICAgICAgKHVzZXIgICAgICAgKGFz c29jLXJlZiBvcHRzICd1c2VyKSkKLSAgICAgICAgICAgKGJvb3RzdHJhcD8gKGFzc29jLXJlZiBv cHRzICdib290c3RyYXA/KSkKLSAgICAgICAgICAgKHN5c3RlbSAgICAgKGFzc29jLXJlZiBvcHRz ICdzeXN0ZW0pKQotICAgICAgICAgICAocHJvZmlsZSAgICAoYXNzb2MtcmVmIG9wdHMgJ3Byb2Zp bGUpKQorICAgIChsZXQqICgocHVyZT8gICAgICAgICAgKGFzc29jLXJlZiBvcHRzICdwdXJlKSkK KyAgICAgICAgICAgKGNvbnRhaW5lcj8gICAgIChhc3NvYy1yZWYgb3B0cyAnY29udGFpbmVyPykp CisgICAgICAgICAgIChmaHMtY29udGFpbmVyPyAoYXNzb2MtcmVmIG9wdHMgJ2Zocy1jb250YWlu ZXI/KSkKKyAgICAgICAgICAgKGxpbmstcHJvZj8gICAgIChhc3NvYy1yZWYgb3B0cyAnbGluay1w cm9maWxlPykpCisgICAgICAgICAgIChuZXR3b3JrPyAgICAgICAoYXNzb2MtcmVmIG9wdHMgJ25l dHdvcms/KSkKKyAgICAgICAgICAgKG5vLWN3ZD8gICAgICAgIChhc3NvYy1yZWYgb3B0cyAnbm8t Y3dkPykpCisgICAgICAgICAgICh1c2VyICAgICAgICAgICAoYXNzb2MtcmVmIG9wdHMgJ3VzZXIp KQorICAgICAgICAgICAoYm9vdHN0cmFwPyAgICAgKGFzc29jLXJlZiBvcHRzICdib290c3RyYXA/ KSkKKyAgICAgICAgICAgKHN5c3RlbSAgICAgICAgIChhc3NvYy1yZWYgb3B0cyAnc3lzdGVtKSkK KyAgICAgICAgICAgKHByb2ZpbGUgICAgICAgIChhc3NvYy1yZWYgb3B0cyAncHJvZmlsZSkpCiAg ICAgICAgICAgIChjb21tYW5kICAgIChvciAoYXNzb2MtcmVmIG9wdHMgJ2V4ZWMpCiAgICAgICAg ICAgICAgICAgICAgICAgICAgICA7OyBTcGF3biBhIHNoZWxsIGlmIHRoZSB1c2VyIGRpZG4ndCBz cGVjaWZ5CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA7OyBhbnl0aGluZyBpbiBwYXJ0aWN1 bGFyLgpAQCAtOTI3LDcgKzk4NSwxNiBAQCAoZGVmaW5lIChndWl4LWVudmlyb25tZW50KiBvcHRz KQogICAgICAgKHdpdGgtc3RvcmUvbWF5YmUgc3RvcmUKICAgICAgICAgKHdpdGgtc3RhdHVzLXZl cmJvc2l0eSAoYXNzb2MtcmVmIG9wdHMgJ3ZlcmJvc2l0eSkKICAgICAgICAgICAoZGVmaW5lIG1h bmlmZXN0LWZyb20tb3B0cwotICAgICAgICAgICAgKG9wdGlvbnMvcmVzb2x2ZS1wYWNrYWdlcyBz dG9yZSBvcHRzKSkKKyAgICAgICAgICAgIChvcHRpb25zL3Jlc29sdmUtcGFja2FnZXMgc3RvcmUK KyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgOzsgRm9yIGFuIEZIUy1jb250 YWluZXIsIGFkZCBhIGdsaWJjIHRoYXQgdXNlcworICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA7OyAvZXRjL2xkLnNvLmNhY2hlLgorICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAoaWYgZmhzLWNvbnRhaW5lcj8KKyAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgIChhbGlzdC1jb25zICdwYWNrYWdlICcoYWQtaG9jLXBhY2thZ2Ug ImdjZmhzIikKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIG9wdHMpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA7 OyBBbHRlcm5hdGl2ZWx5LCBjb3VsZCBncmFmdCBhbGwgcGFja2FnZXMgd2l0aAorICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgOzsgdGhpcyBnbGliYywgdGhvdWdoIHRo YXQgc2VlbXMgdW5uZWNlc3NhcnkuCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICA7OyAoYWxpc3QtY29ucyAnd2l0aC1ncmFmdCAiZ2xpYmM9Z2NmaHMiIG9wdHMpCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvcHRzKSkpCiAKICAgICAg ICAgICAoZGVmaW5lIG1hbmlmZXN0CiAgICAgICAgICAgICAoaWYgcHJvZmlsZQpAQCAtOTk0LDYg KzEwNjEsNyBAQCAoZGVmaW5lIChndWl4LWVudmlyb25tZW50KiBvcHRzKQogICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIvYmluL3NoIikpKSkKICAgICAgICAg ICAgICAgICAgICAgICAobGF1bmNoLWVudmlyb25tZW50L2NvbnRhaW5lciAjOmNvbW1hbmQgY29t bWFuZAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICM6YmFzaCBiYXNoLWJpbmFyeQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICM6ZmhzLWNvbnRhaW5lcj8gZmhzLWNvbnRhaW5lcj8KICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjOnVzZXIgdXNlcgog ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICM6dXNl ci1tYXBwaW5ncyBtYXBwaW5ncwogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICM6cHJvZmlsZSBwcm9maWxlCg== --b1_7G6mOQ7mBApYCuacAsUmicZSM7cGKSRPh0emMTUZ8w--