From 48b5afa4cd0d751fe74b3462affc2eea2b2f31bf Mon Sep 17 00:00:00 2001 From: fkDeath Date: Thu, 2 Apr 2026 15:32:15 +0200 Subject: [PATCH] Migration of FWS from Github --- .gitattributes | 11 + .gitignore | 8 + AUTHORS.rst | 64 + CHANGELOG.rst | 846 ++++++++ CONTRIBUTING.rst | 48 + LICENSE | 674 ++++++ Makefile | 40 + README.rst | 189 ++ build.sh | 150 ++ .../etc/calamares/branding/fws/branding.desc | 40 + .../etc/calamares/branding/fws/logo.png | Bin 0 -> 10867 bytes .../etc/calamares/branding/fws/slideshow.qml | 138 ++ .../etc/calamares/modules/bootloader.conf | 22 + .../etc/calamares/modules/finished.conf | 11 + .../etc/calamares/modules/grubcfg.conf | 28 + .../etc/calamares/modules/initcpiocfg.conf | 24 + .../etc/calamares/modules/keyboard.conf | 17 + .../etc/calamares/modules/locale.conf | 18 + .../etc/calamares/modules/packages.conf | 54 + .../etc/calamares/modules/partition.conf | 34 + .../calamares/modules/services-systemd.conf | 23 + .../etc/calamares/modules/unpackfs.conf | 16 + .../airootfs/etc/calamares/modules/users.conf | 39 + .../etc/calamares/modules/welcome.conf | 29 + .../airootfs/etc/calamares/settings.conf | 21 + configs/baseline/airootfs/etc/locale.conf | 1 + configs/baseline/airootfs/etc/localtime | 1 + .../etc/mkinitcpio.conf.d/archiso.conf | 1 + .../airootfs/etc/mkinitcpio.d/linux.preset | 8 + configs/baseline/airootfs/etc/pacman.conf | 14 + configs/baseline/airootfs/etc/shadow | 1 + .../etc/ssh/sshd_config.d/10-archiso.conf | 3 + .../etc/systemd/network/20-ethernet.network | 11 + .../ipv6-privacy-extensions.conf | 2 + .../etc/systemd/resolved.conf.d/archiso.conf | 4 + .../systemd-gpt-auto-generator | 1 + .../etc/systemd/system/calamares.service | 16 + .../cloud-config.service | 1 + .../cloud-final.service | 1 + .../cloud-init-local.service | 1 + .../cloud-init-main.service | 1 + .../cloud-init-network.service | 1 + .../getty@tty1.service.d/autologin.conf | 3 + .../systemd-networkd-wait-online.service | 1 + .../systemd-networkd.socket | 1 + .../wait-for-only-one-interface.conf | 6 + .../etc/systemd/system/xorg-start.service | 14 + configs/baseline/airootfs/root/.xinitrc | 4 + configs/baseline/airootfs/root/.zprofile | 8 + configs/baseline/bootstrap_packages | 2 + .../loader/entries/01-archiso-linux.conf | 4 + configs/baseline/efiboot/loader/loader.conf | 2 + configs/baseline/grub/grub.cfg | 101 + configs/baseline/grub/loopback.cfg | 78 + configs/baseline/packages.x86_64 | 143 ++ configs/baseline/pacman.conf | 105 + configs/baseline/profiledef.sh | 19 + configs/baseline/syslinux/syslinux-linux.cfg | 5 + configs/baseline/syslinux/syslinux.cfg | 9 + .../etc/calamares/branding/fws/branding.desc | 40 + .../etc/calamares/branding/fws/logo.png | Bin 0 -> 10867 bytes .../etc/calamares/branding/fws/slideshow.qml | 138 ++ .../etc/calamares/modules/bootloader.conf | 22 + .../etc/calamares/modules/finished.conf | 11 + .../etc/calamares/modules/grubcfg.conf | 28 + .../etc/calamares/modules/initcpiocfg.conf | 24 + .../etc/calamares/modules/keyboard.conf | 17 + .../etc/calamares/modules/locale.conf | 18 + .../etc/calamares/modules/packages.conf | 54 + .../etc/calamares/modules/partition.conf | 34 + .../calamares/modules/services-systemd.conf | 23 + .../etc/calamares/modules/unpackfs.conf | 16 + .../airootfs/etc/calamares/modules/users.conf | 39 + .../etc/calamares/modules/welcome.conf | 29 + .../airootfs/etc/calamares/settings.conf | 51 + configs/releng/airootfs/etc/hostname | 1 + configs/releng/airootfs/etc/locale.conf | 1 + configs/releng/airootfs/etc/localtime | 1 + .../etc/mkinitcpio.conf.d/archiso.conf | 3 + .../airootfs/etc/mkinitcpio.d/linux.preset | 8 + .../airootfs/etc/modprobe.d/broadcom-wl.conf | 7 + configs/releng/airootfs/etc/motd | 11 + .../etc/pacman.d/hooks/uncomment-mirrors.hook | 13 + ...z99-remove-custom-hooks-from-airootfs.hook | 18 + configs/releng/airootfs/etc/passwd | 1 + .../airootfs/etc/profile.d/fastfetch.sh | 5 + configs/releng/airootfs/etc/resolv.conf | 1 + configs/releng/airootfs/etc/shadow | 1 + .../etc/ssh/sshd_config.d/10-archiso.conf | 3 + .../journald.conf.d/volatile-storage.conf | 2 + .../systemd/logind.conf.d/do-not-suspend.conf | 4 + .../etc/systemd/network/20-ethernet.network | 22 + .../etc/systemd/network/20-wlan.network | 20 + .../etc/systemd/network/20-wwan.network | 19 + .../ipv6-privacy-extensions.conf | 2 + .../etc/systemd/resolved.conf.d/archiso.conf | 4 + .../systemd-gpt-auto-generator | 1 + .../etc/systemd/system/calamares.service | 12 + .../etc/systemd/system/choose-mirror.service | 10 + .../cloud-config.service | 1 + .../cloud-final.service | 1 + .../cloud-init-local.service | 1 + .../cloud-init-main.service | 1 + .../cloud-init-network.service | 1 + ...dbus-org.freedesktop.ModemManager1.service | 1 + .../dbus-org.freedesktop.network1.service | 1 + .../dbus-org.freedesktop.resolve1.service | 1 + .../dbus-org.freedesktop.timesync1.service | 1 + .../systemd/system/etc-pacman.d-gnupg.mount | 8 + .../getty@tty1.service.d/autologin.conf | 3 + .../system/livecd-alsa-unmuter.service | 13 + .../etc/systemd/system/livecd-talk.service | 20 + .../systemd-networkd-wait-online.service | 1 + .../etc/systemd/system/pacman-init.service | 15 + .../system/sockets.target.wants/pcscd.socket | 1 + .../systemd-networkd.socket | 1 + .../livecd-alsa-unmuter.service | 1 + .../systemd-time-wait-sync.service | 1 + .../systemd-timesyncd.service | 1 + .../wait-for-only-one-interface.conf | 6 + .../releng/airootfs/root/.automated_script.sh | 43 + .../releng/airootfs/root/.gnupg/scdaemon.conf | 4 + configs/releng/airootfs/root/.zlogin | 6 + configs/releng/airootfs/usr/bin/fws-installer | 31 + .../airootfs/usr/local/bin/Installation_guide | 5 + .../airootfs/usr/local/bin/choose-mirror | 29 + .../airootfs/usr/local/bin/livecd-sound | 239 +++ .../local/share/livecd-sound/asound.conf.in | 3 + .../share/applications/fws-install.desktop | 13 + configs/releng/bootstrap_packages | 2 + .../loader/entries/01-archiso-linux.conf | 5 + .../entries/02-archiso-speech-linux.conf | 5 + .../entries/03-archiso-memtest86+x64.conf | 4 + configs/releng/efiboot/loader/loader.conf | 3 + configs/releng/grub/grub.cfg | 112 + configs/releng/grub/loopback.cfg | 85 + configs/releng/packages.x86_64 | 141 ++ configs/releng/pacman.conf | 14 + configs/releng/pacman.d/mirrorlist | 7 + configs/releng/profiledef.sh | 25 + configs/releng/syslinux/archiso_head.cfg | 28 + configs/releng/syslinux/archiso_pxe-linux.cfg | 32 + configs/releng/syslinux/archiso_pxe.cfg | 5 + configs/releng/syslinux/archiso_sys-linux.cfg | 20 + configs/releng/syslinux/archiso_sys.cfg | 8 + configs/releng/syslinux/archiso_tail.cfg | 35 + configs/releng/syslinux/splash.png | Bin 0 -> 45400 bytes configs/releng/syslinux/syslinux.cfg | 11 + docs/README.profile.rst | 186 ++ docs/README.transfer.rst | 165 ++ fws/mkarchiso | 1892 +++++++++++++++++ man/mkarchiso.1.rst | 80 + man/variables.rst | 10 + scripts/run_archiso.sh | 243 +++ setup-calamares.sh | 350 +++ 155 files changed, 7752 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 AUTHORS.rst create mode 100644 CHANGELOG.rst create mode 100644 CONTRIBUTING.rst create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.rst create mode 100644 build.sh create mode 100644 configs/baseline/airootfs/etc/calamares/branding/fws/branding.desc create mode 100644 configs/baseline/airootfs/etc/calamares/branding/fws/logo.png create mode 100644 configs/baseline/airootfs/etc/calamares/branding/fws/slideshow.qml create mode 100644 configs/baseline/airootfs/etc/calamares/modules/bootloader.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/finished.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/grubcfg.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/initcpiocfg.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/keyboard.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/locale.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/packages.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/partition.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/services-systemd.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/unpackfs.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/users.conf create mode 100644 configs/baseline/airootfs/etc/calamares/modules/welcome.conf create mode 100644 configs/baseline/airootfs/etc/calamares/settings.conf create mode 100644 configs/baseline/airootfs/etc/locale.conf create mode 100644 configs/baseline/airootfs/etc/localtime create mode 100644 configs/baseline/airootfs/etc/mkinitcpio.conf.d/archiso.conf create mode 100644 configs/baseline/airootfs/etc/mkinitcpio.d/linux.preset create mode 100644 configs/baseline/airootfs/etc/pacman.conf create mode 100644 configs/baseline/airootfs/etc/shadow create mode 100644 configs/baseline/airootfs/etc/ssh/sshd_config.d/10-archiso.conf create mode 100644 configs/baseline/airootfs/etc/systemd/network/20-ethernet.network create mode 100644 configs/baseline/airootfs/etc/systemd/networkd.conf.d/ipv6-privacy-extensions.conf create mode 100644 configs/baseline/airootfs/etc/systemd/resolved.conf.d/archiso.conf create mode 100644 configs/baseline/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator create mode 100644 configs/baseline/airootfs/etc/systemd/system/calamares.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-main.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-network.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf create mode 100644 configs/baseline/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service create mode 100644 configs/baseline/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket create mode 100644 configs/baseline/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf create mode 100644 configs/baseline/airootfs/etc/systemd/system/xorg-start.service create mode 100644 configs/baseline/airootfs/root/.xinitrc create mode 100644 configs/baseline/airootfs/root/.zprofile create mode 100644 configs/baseline/bootstrap_packages create mode 100644 configs/baseline/efiboot/loader/entries/01-archiso-linux.conf create mode 100644 configs/baseline/efiboot/loader/loader.conf create mode 100644 configs/baseline/grub/grub.cfg create mode 100644 configs/baseline/grub/loopback.cfg create mode 100644 configs/baseline/packages.x86_64 create mode 100644 configs/baseline/pacman.conf create mode 100644 configs/baseline/profiledef.sh create mode 100644 configs/baseline/syslinux/syslinux-linux.cfg create mode 100644 configs/baseline/syslinux/syslinux.cfg create mode 100644 configs/releng/airootfs/etc/calamares/branding/fws/branding.desc create mode 100644 configs/releng/airootfs/etc/calamares/branding/fws/logo.png create mode 100644 configs/releng/airootfs/etc/calamares/branding/fws/slideshow.qml create mode 100644 configs/releng/airootfs/etc/calamares/modules/bootloader.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/finished.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/grubcfg.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/initcpiocfg.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/keyboard.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/locale.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/packages.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/partition.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/services-systemd.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/unpackfs.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/users.conf create mode 100644 configs/releng/airootfs/etc/calamares/modules/welcome.conf create mode 100644 configs/releng/airootfs/etc/calamares/settings.conf create mode 100644 configs/releng/airootfs/etc/hostname create mode 100644 configs/releng/airootfs/etc/locale.conf create mode 100644 configs/releng/airootfs/etc/localtime create mode 100644 configs/releng/airootfs/etc/mkinitcpio.conf.d/archiso.conf create mode 100644 configs/releng/airootfs/etc/mkinitcpio.d/linux.preset create mode 100644 configs/releng/airootfs/etc/modprobe.d/broadcom-wl.conf create mode 100644 configs/releng/airootfs/etc/motd create mode 100644 configs/releng/airootfs/etc/pacman.d/hooks/uncomment-mirrors.hook create mode 100644 configs/releng/airootfs/etc/pacman.d/hooks/zzzz99-remove-custom-hooks-from-airootfs.hook create mode 100644 configs/releng/airootfs/etc/passwd create mode 100644 configs/releng/airootfs/etc/profile.d/fastfetch.sh create mode 100644 configs/releng/airootfs/etc/resolv.conf create mode 100644 configs/releng/airootfs/etc/shadow create mode 100644 configs/releng/airootfs/etc/ssh/sshd_config.d/10-archiso.conf create mode 100644 configs/releng/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf create mode 100644 configs/releng/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf create mode 100644 configs/releng/airootfs/etc/systemd/network/20-ethernet.network create mode 100644 configs/releng/airootfs/etc/systemd/network/20-wlan.network create mode 100644 configs/releng/airootfs/etc/systemd/network/20-wwan.network create mode 100644 configs/releng/airootfs/etc/systemd/networkd.conf.d/ipv6-privacy-extensions.conf create mode 100644 configs/releng/airootfs/etc/systemd/resolved.conf.d/archiso.conf create mode 100644 configs/releng/airootfs/etc/systemd/system-generators/systemd-gpt-auto-generator create mode 100644 configs/releng/airootfs/etc/systemd/system/calamares.service create mode 100644 configs/releng/airootfs/etc/systemd/system/choose-mirror.service create mode 100644 configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-config.service create mode 100644 configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-final.service create mode 100644 configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-local.service create mode 100644 configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-main.service create mode 100644 configs/releng/airootfs/etc/systemd/system/cloud-init.target.wants/cloud-init-network.service create mode 100644 configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.ModemManager1.service create mode 100644 configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service create mode 100644 configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service create mode 100644 configs/releng/airootfs/etc/systemd/system/dbus-org.freedesktop.timesync1.service create mode 100644 configs/releng/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount create mode 100644 configs/releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf create mode 100644 configs/releng/airootfs/etc/systemd/system/livecd-alsa-unmuter.service create mode 100644 configs/releng/airootfs/etc/systemd/system/livecd-talk.service create mode 100644 configs/releng/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service create mode 100644 configs/releng/airootfs/etc/systemd/system/pacman-init.service create mode 100644 configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket create mode 100644 configs/releng/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket create mode 100644 configs/releng/airootfs/etc/systemd/system/sound.target.wants/livecd-alsa-unmuter.service create mode 100644 configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-time-wait-sync.service create mode 100644 configs/releng/airootfs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service create mode 100644 configs/releng/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf create mode 100644 configs/releng/airootfs/root/.automated_script.sh create mode 100644 configs/releng/airootfs/root/.gnupg/scdaemon.conf create mode 100644 configs/releng/airootfs/root/.zlogin create mode 100644 configs/releng/airootfs/usr/bin/fws-installer create mode 100644 configs/releng/airootfs/usr/local/bin/Installation_guide create mode 100644 configs/releng/airootfs/usr/local/bin/choose-mirror create mode 100644 configs/releng/airootfs/usr/local/bin/livecd-sound create mode 100644 configs/releng/airootfs/usr/local/share/livecd-sound/asound.conf.in create mode 100644 configs/releng/airootfs/usr/share/applications/fws-install.desktop create mode 100644 configs/releng/bootstrap_packages create mode 100644 configs/releng/efiboot/loader/entries/01-archiso-linux.conf create mode 100644 configs/releng/efiboot/loader/entries/02-archiso-speech-linux.conf create mode 100644 configs/releng/efiboot/loader/entries/03-archiso-memtest86+x64.conf create mode 100644 configs/releng/efiboot/loader/loader.conf create mode 100644 configs/releng/grub/grub.cfg create mode 100644 configs/releng/grub/loopback.cfg create mode 100644 configs/releng/packages.x86_64 create mode 100644 configs/releng/pacman.conf create mode 100644 configs/releng/pacman.d/mirrorlist create mode 100644 configs/releng/profiledef.sh create mode 100644 configs/releng/syslinux/archiso_head.cfg create mode 100644 configs/releng/syslinux/archiso_pxe-linux.cfg create mode 100644 configs/releng/syslinux/archiso_pxe.cfg create mode 100644 configs/releng/syslinux/archiso_sys-linux.cfg create mode 100644 configs/releng/syslinux/archiso_sys.cfg create mode 100644 configs/releng/syslinux/archiso_tail.cfg create mode 100644 configs/releng/syslinux/splash.png create mode 100644 configs/releng/syslinux/syslinux.cfg create mode 100644 docs/README.profile.rst create mode 100644 docs/README.transfer.rst create mode 100644 fws/mkarchiso create mode 100644 man/mkarchiso.1.rst create mode 100644 man/variables.rst create mode 100644 scripts/run_archiso.sh create mode 100644 setup-calamares.sh diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..67dceb7 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,11 @@ +* text=auto eol=lf +*.sh text eol=lf +*.conf text eol=lf +*.yaml text eol=lf +*.x86_64 text eol=lf +*.zprofile text eol=lf +*.xinitrc text eol=lf +*.db binary +*.zst binary +*.so binary +*.gz binary diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3036c47 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +out/ +local-repo/ +configs/baseline/airootfs/etc/systemd/system/multi-user.target.wants/ +configs/releng/airootfs/etc/systemd/system/multi-user.target.wants/ +configs/baseline/airootfs/usr/lib/ +configs/baseline/airootfs/usr/bin/ +configs/baseline/airootfs/usr/include/ +configs/baseline/airootfs/usr/share/calamares/branding/default/ diff --git a/AUTHORS.rst b/AUTHORS.rst new file mode 100644 index 0000000..3f264bd --- /dev/null +++ b/AUTHORS.rst @@ -0,0 +1,64 @@ +=============== +Archiso Authors +=============== + +* 2hexed <2hexed@protonmail.com> +* Aaron Griffin +* Adam Purkrt +* Alexander Epaneshnikov +* Alexander Speshilov +* Anton Hvornum +* Antonio V +* Chandan Singh +* Charles Vejnar +* Christian Hesse +* Christopher Brannon +* Dan McGee +* Dariusz Pelowski +* Darren Ng +* David Runge +* David Thurstenson +* Dieter Plaetinck +* Eli Schwartz +* Eric Toombs <567-ewtoombs@users.noreply.gitlab.archlinux.org> +* Florian Pritz +* Francois Dupoux +* Gerardo Exequiel Pozzi +* Gerhard Brauer +* Giancarlo Razzolini +* Howard Hicks +* James Sitegen +* John Lane +* Jonathan Liu +* Jonathon Fernyhough +* Julian +* Justin Kromlinger +* Keshav Amburay +* Kristian Klausen +* Loui Chang +* Lukas Fleischer +* Martin Damian Fernandez +* Michael Gilchrist +* Michael Vorburger +* Pellegrino Prevete +* Pierre Schmitz +* Sean Enck +* Simo Leone +* Simon Wilper +* Sorin Pânca +* Steffen Bönigk +* Sven-Hendrik Haase +* Thomas Bächler +* Tobias Powalowski +* Tom Yan +* Yu Li-Yu +* Zig Globulin +* cvlc12 +* hayao +* kojq su <3145-kojqsu@users.noreply.gitlab.archlinux.org> +* mono wock +* nl6720 +* plain linen +* shivanandvp +* weltio weltio +* Øyvind Heggstad diff --git a/CHANGELOG.rst b/CHANGELOG.rst new file mode 100644 index 0000000..ffb20e2 --- /dev/null +++ b/CHANGELOG.rst @@ -0,0 +1,846 @@ +######### +Changelog +######### + +[XX] - YYYY-MM-DD +================= + +Added +----- + +Changed +------- + +- Use xz compression for the baseline profile's bootstrap tarball so that it has more differences when compared to the + releng profile. +- Match network interfaces by their type, instead of name, in systemd-networkd configuration. + +Deprecated +---------- + +Fixed +----- + +- Use ``systemd-run`` to invoke ``curl`` with a transient service that depends on ``network-online.target`` since no + services are currently pulling in ``network_online.target``. + +Removed +------- + +[87] - 2025-10-29 +================= + +Added +----- + +- Support other architectures. In theory it should now be possible to create UEFI bootable ISOs on AArch64, RISC-V 64 + and LoongArch 64. Cross-architecture building is not supported. +- Read package lists from ``bootstrap_packages`` and ``packages`` if they exist, but ``bootstrap_packages.${arch}`` and + ``packages.${arch}`` do not. +- Support i686, aarch64 and riscv64 in the ``run_archiso`` script. + +Changed +------- + +- Show the FAT image size in MiB instead of KiB to make it easier to comprehend. +- ``reflector.service`` is no longer enabled by default in the releng profile since it takes too long to rate the + mirrors. The default mirrorlist's top mirror is fast enough for most people. +- Only uncomment HTTPS mirrors in ``/etc/pacman.d/mirrorlist``. Those who want to use HTTP mirrors can uncomment them + manually. +- The profiles do not hardcode the ``arch`` variable in ``profiledef.sh`` anymore and instead rely on ``mkarchiso`` + filling it in from ``uname -m``. +- UEFI-architecture-specific systemd-boot boot entry files for foreign UEFI architectures are not added to the ISO. IA32 + entries for x86_64 are an exception to support x86_64 systems with IA32 UEFI. +- Rename ``bootstrap_packages.x86_64`` to ``bootstrap_packages`` to simplify reusing them when porting to non-x86_64 + architectures. +- Print ``run_archiso`` errors to stderr and show the application name in them. + +Fixed +----- + +- Fixed deprecated boot mode upgrading. +- Ensure the ISO always contains the kernel and initramfs regardless of the used boot modes, so that an installation + medium created via file system transposition is bootable. + +[86] - 2025-09-25 +================= + +Added +----- + +- Document the ``profiledef.sh`` file's ``packages`` and ``bootstrap_packages`` variables. +- When using GRUB (only used by the baseline profile) or ``loopback.cfg``, support detecting the UEFI shell on other + architectures. This allows to reuse these files in case someone wants to port the profiles to non-x86_64. + +Changed +------- + +- ``run_archiso`` defaults to booting the ISO with UEFI since that is the boot mode most people actually use. +- Use the ``%ARCH%`` *custom template identifier* in the profile boot entry files for syslinux and systemd-boot instead + of hardcoding the architecture. +- GRUB boot entries are shown without the UEFI architecture so that they match systemd-boot's display. + +Deprecated +---------- + +- The ``bios.syslinux.eltorito`` and ``bios.syslinux.mbr`` boot modes are replaced by the ``bios.syslinux`` boot mode. + If you are using ``bios.syslinux.eltorito`` or ``bios.syslinux.mbr`` in your ``profiledef.sh``, replace them with a + single ``bios.syslinux``. +- The ``uefi-x64.systemd-boot.eltorito``, ``uefi-x64.systemd-boot.esp``, ``uefi-ia32.systemd-boot.eltorito`` and + ``uefi-ia32.systemd-boot.eltorito`` boot modes are replaced by the single ``uefi.systemd-boot`` boot mode. + Both x64 and IA32 architectures are covered by this new combined boot mode. + If you are using ``uefi-x64.systemd-boot.eltorito``, ``uefi-x64.systemd-boot.esp``, + ``uefi-ia32.systemd-boot.eltorito`` or ``uefi-ia32.systemd-boot.eltorito`` in your ``profiledef.sh``, replace them + with a single ``uefi.systemd-boot``. +- The ``uefi-x64.grub.eltorito``, ``uefi-x64.grub.esp``, ``uefi-ia32.grub.eltorito`` and ``uefi-ia32.grub.eltorito`` + boot modes are replaced by a single ``uefi.grub``. + Both x64 and IA32 architectures are covered by this new combined boot mode. + If you are using the ``uefi-x64.grub.eltorito``, ``uefi-x64.grub.esp``, ``uefi-ia32.grub.eltorito`` or + ``uefi-ia32.grub.eltorito`` boot modes in your ``profiledef.sh``, replace them with a single ``uefi.grub``. + +Fixed +----- + +- Correctly resolve relative paths in the ``profiledef.sh`` file's ``bootstrap_packages`` variable. +- Do not modify the ``os-release`` file or add a ``version`` file to the bootstrap tarball's ``root.${arch}`` directory. + Place the ``version`` file in the tarball's top level directory instead. +- Do not show the systemd-boot boot entry for x64 Memtest86+ in IA32 UEFI. + +[85] - 2025-07-28 +================= + +Fixed +----- + +- Fix systemd-networkd drop-in configuration path. + +[84] - 2025-06-26 +================= + +Added +----- + +- Added ``mmc-utils`` to releng packages. It can be used to configure MMC and eMMC storage devices. + +Changed +------- + +- Undeprecate ``/${install_dir}/grubenv``. There are use cases that rely on extracting only the ``${install_dir}`` from + the ISO. +- Use ``xdg-open`` instead of hardcoding the web browser in the ``Installation_guide`` script. + +Removed +------- + +- Removed ``rp-pppoe`` from releng packages. ``ppp`` provides a PPPoE client that is sufficient for most use cases. + +[83] - 2025-03-24 +================= + +Changed +------- + +- Remove the pacstrap directory early to lower the maximum size of the working directory. + +Fixed +----- + +- Do not hide ``pacstrap`` errors in non-verbose mode. + +Removed +------- + +- Removed deprecated dhclient from packages. + +[82] - 2024-11-27 +================= + +Fixed +----- + +- Commented out ``DownloadUser`` in ``pacman.conf`` so that the working directory is not restricted to paths to which + the ``alpm`` user has access to. + +[81] - 2024-10-28 +================= + +Fixed +----- + +- Change enabled services in baseline and releng profile to adapt to changes in ``cloud-init`` ≥ 24.3 (renamed + ``cloud-init.service`` to ``cloud-init-network.service``, introduced new ``cloud-init-main.service``). + +Removed +------- + +- Removed gnu-netcat from releng profile, as cloud-init requires openbsd-netcat and the two netcat versions can not be + installed side-by-side. + +[80] - 2024-09-26 +================= + +Added +----- + +- Support compressing the bootstrap tarball with ``xz``. + +Changed +------- + +- Use an empty UUID for the EROFS image file since the file system will never be referenced by it. +- Do not use ``mkfs.erofs`` extended options ``fragments`` and ``dedupe`` in the baseline profile. This reduces the EROFS + image size and compression time. +- Update profile ``pacman.conf`` to include the new options added to ``/etc/pacman.conf`` in pacman 7.0.0.r3.g7736133-1. + +Fixed +----- + +- Show the correct image file name, including the extension, when building a bootstrap image. + +Removed +------- + +- Removed reiserfsprogs from packages (EOL) + +[79] - 2024-07-25 +================= + +Fixed +----- + +- When downloading an automation script fail with non-zero status code instead of returning an HTML document when the + remote HTTP server fails to deliver the document. + +Removed +------- + +- Remove unneeded workaround for e2fsprogs < 1.47.1. + +[78] - 2024-05-23 +================= + +Changed +------- + +- Moved the ``pkglist.x86_64.txt`` file outside the bootstrap tarball's ``root.x86_64`` directly to avoid polluting the + root file system. +- Use 4 MiB OVMF files in ``run_archiso`` instead of the old 2 MiB ones. +- Increase the additional free space of the EFI partition size from 1 MiB to 8 MiB to account for file system overhead + when using FAT32 (needs less than 1 MiB) and to give more space for adding custom files when repacking an ISO (e.g. + when preparing it for Secure Boot). +- Remove 300 KiB padding needed for CDs if the ISO exceeds the maximum size of a CD. +- Use ``xz -9e`` as the releng profile's initramfs compression. Now that mkinitcpio does not decompress the loadable + kernel modules and firmware files anymore and moves them to the early uncompressed initramfs, we can compress the main + initramfs image with a higher compression without it having much impact on the ISO build time. +- Format the EFI system partition image as FAT32 if the size allows it (i.e. if it is at least 36 MiB). + +Fixed +----- + +- Look for microcode update files in the initramfs images when checking if external microcode images are needed. The + existence of a ``early_cpio`` file is not enough since mkinitcpio can and will place other files in the early + uncompressed CPIO even when the ``microcode`` hook is not used. + +Removed +------- + +- Remove the wezterm-terminfo package from the releng profile as the relevant file is now provided by the ncurses + package instead. + +[77] - 2024-04-21 +================= + +Added +----- + +- Copy Memtest86+ EFI binary to the EFI system partition and ISO 9660 for ``uefi-x86.systemd-boot`` boot modes. + Additionally, create a boot entry with it for the releng profile. + +Changed +------- + +- Change releng profile's bootstrap tarball compression from gzip to zstd. zstd provides higher and faster compression. +- Use mkinitcpio's ``microcode`` hook instead of external microcode images to simplify boot loader configuration. + Custom PXE setups will need to update their boot loader configuration. +- Replace ``archisodevice`` boot parameter with ``archisosearchuuid`` in all boot loader configuration. This allows to + have "file system transposition" without relaying on GRUB-specific features. +- Replace GRUB with systemd-boot as the UEFI boot loader for the releng profile. While this increases the ISO size, it + avoids all GRUB-specific annoyances and oddities. + +Fixed +----- + +- Fix requirement validation logic for the ``uefi-ia32.systemd-boot.eltorito`` boot mode. It incorrectly applied the + same requirements as ``uefi-x64.systemd-boot.esp``. + +[76] - 2024-03-30 +================= + +Added +----- + +- Add a man page for ``mkarchiso``. +- Implement configurable bootstrap tarball compression. It is configured in ``profiledef.sh`` using a bash array called + ``bootstrap_tarball_compression``. baseline tarball now uses zstd compression while releng remains with gzip for now. + +Changed +------- + +- Move ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` to ``/boot/YYYY-mm-dd-HH-MM-SS-00.uuid`` and always create the file. + Once mkinitcpio-archiso implements searching for the file in early userspace, this file's use will not be limited to + just GRUB. +- Skip including external microcode images in build artifacts if the initramfs file contains ``early_cpio`` (indicating + an early uncompressed CPIO archive which should have the microcode update files). + +Removed +------- + +- Remove workaround for glibc < 2.39. ``LC_ALL=C.UTF-8`` now overrides ``LANGUAGE``, just like ``LC_ALL=C``. + +[75] - 2024-01-24 +================= + +Added +----- + +- Explicitly add ldns to releng (as opposed to it only being pulled in as a dependency of another package) to ensure + ``drill`` remains available. + +Changed +------- + +- Update the releng ISO description to "Arch Linux Live/Rescue DVD" since the ISO size now exceeds the maximum size of + a CD (900 MiB). + +Fixed +----- + +- Update the location where ``mkarchiso`` looks for the memtest86+ license file. + +[74] - 2023-12-21 +================= + +Added +----- + +- Add bcachefs-tools to releng for access to bcachefs userspace tools. +- Add tftp as a valid protocol for downloading automated boot script. + +Changed +------- + +- Set ``RequiredForOnline=routable`` in systemd-networkd configuration files to improve the chances that the network + really is *online* when ``network-online.target`` is reached. + +Fixed +----- + +- Add missing replacement for the UUID variable in systemd-boot configuration files on ISO 9660. + +[73] - 2023-09-29 +================= + +Added +----- + +- Add bolt to releng for authorizing and otherwise managing Thunderbolt and USB4 devices. +- Add ``uefi-ia32.systemd-boot.esp`` and ``uefi-ia32.systemd-boot.eltorito`` boot modes that use systemd-boot for IA32 + UEFI. The boot modes of baseline and releng are not changed. +- Add GRUB configuration file ``/boot/grub/loopback.cfg`` to the releng and baseline profiles. It sets the necessary + boot parameters required for booting the ISO image as a file on a file system. + +Fixed +----- + +- Add ``/etc/localtime`` to the baseline profile to ensure the ISO can be booted successfully without triggering + questions from systemd-firstboot. + +[72] - 2023-08-29 +================= + +Added +----- + +- Add tpm2-tools to releng to allow clearing, creating and reading keys on the TPM. +- Add sequoia-sq and openpgp-card-tools as additional tooling for working with OpenPGP certificates and smartcards. + +Changed +------- + +- Moved custom ``mkinitcpio.conf`` files to ``/etc/mkinitcpio.conf.d/archiso.conf``. +- Mount ``/etc/pacman.d/gnupg`` on tmpfs with option ``noswap`` instead of using ramfs. This ensures there is a limit to + the file system size. +- Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection. +- Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf`` +- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it. + +Fixed +----- + +- Sign the root file system image only once. +- Make sure xorriso does not read its configuration files to prevent interference and unintended behavior. + +[71] - 2023-05-28 +================= + +Added +----- + +- Added classes for Memtest86+ and UEFI Shell menuentries. +- Add foot-terminfo and wezterm-terminfo packages to releng to support terminal emulators using them. E.g. when + installing via SSH. +- Add a new ``-r`` option to ``mkarchiso`` that deletes the working directly after the build. +- Add support for mDNS announce and resolve. + +Changed +------- + +- Increase EROFS compression for the baseline profile by using an extreme LZMA compression level and enabling the + experimental compressed fragments and data deduplication features. +- Identify the ISO volume via a UUID instead of a file system label in all boot loader configuration files. +- Update ``pacman.conf`` to match the one shipped with pacman 6.0.2-7 which removes the community repository. + +Fixed +----- + +- Wait for ``network-online.target`` to become active before trying to download the script passed via the ``script=`` + boot parameter. +- Subdirectories from ``grub/`` are copied to the ISO. +- Modify the commandline options to a ``cp`` command in ``mkarchiso`` so that the entire script does not exit with + failure when a custom ``.bashrc`` file is supplied with the archiso configuration. This fix was needed after + **GNU Coreutils** recently changed the behaviour of the ``-n`` (or ``--no-clobber``) commandline option to the ``cp`` + command. +- Ensure ``SOURCE_DATE_EPOCH`` is read from the ``build_date`` file before ``profiledef.sh`` is sourced to ensure the + variable has a correct value when used inside ``profiledef.sh``. + +[70] - 2023-02-27 +================= + +Added +----- + +- Support *file system transposition* to simplify boot medium preparation for UEFI boot via extracting the ISO image + contents to a drive. ``grub.cfg`` does not hardcode the ISO volume label anymore, instead GRUB will search for volume + with a ``/boot/grub/YYYY-mm-dd-HH-MM-SS-00.uuid`` file on it. +- Preload GRUB's NTFS modules for UEFI that allegedly have native NTFS support. GRUB's exFAT and UDF modules are also + preloaded in case someone finds them useful. + +Changed +------- + +- Identify the ISO volume via a UUID instead of a file system label to avoid collisions of multiple ISOs created in the + same month. +- Honor ``SOURCE_DATE_EPOCH`` in the ``date`` command used by ``profiledef.sh`` of the shipped profiles. +- Do not duplicate ``grub.cfg`` in both ISO 9660 and the EFI system partition / El Torito image. GRUB will search for + the ISO volume and load the ``grub.cfg`` from there. +- Moved GRUB files on ISO 9660 from ``/EFI/BOOT/`` to a boot-platform neutral place ``/boot/grub/``. This does not apply + to the EFI binaries that remain in the default/fallback boot path. +- Move ``grubenv`` to ``/boot/grub/grubenv`` on ISO 9660 so that it is together with the rest of GRUB-specific files. + Additionally write more variables in it. The previous ``/${install_dir}/grubenv`` (``/arch/grubenv`` for releng) + is deprecated and a future archiso release will not create this file anymore. +- Moved syslinux directory from ``/syslinux/`` to ``/boot/syslinux/`` to keep most boot loader files in ``/boot/``. +- Update ``README.transfer`` documentation and convert it to reStructuredText. +- Use ``console`` as grub's ``terminal_output``, as ``gfxterm`` leads to a blank screen on some hardware. + +Removed +------- + +- Do not place memtest86+ in netboot artifacts. + +[69] - 2022-12-24 +================= + +Added +----- + +- Add Memtest86+ to x86_64 UEFI GRUB boot menu. + +Changed +------- + +- Check if the GPG public key file was successfully placed in the work directory before trying to use it. +- Open the file descriptors for code signing certificates and GPG public key as read only. Nothing from the within the + ``pacstrap`` invoked chroot should ever be allowed to write outside of it. +- Error out early if any of the code signing certificate files passed with option ``-c`` do not exist. +- Use LZMA compressed EROFS image for the baseline profile. Now that xz 5.4 is out and erofs-utils is built with LZMA + support, using a higher compression is possible. +- Add ``/etc/machine-id`` with special value ``uninitialized``. The final id is generated at boot time, and systemd's + first-boot mechanim (see ``First Boot Semantics`` in ``machine-id(5)``) applies. No functional change unless that + ``ConditionFirstBoot=yes`` is true and passive unit ``first-boot-complete.target`` activates for ordering. + +[68] - 2022-10-30 +================= + +Changed +------- + +- Do not explicitly enable ``qemu-guest-agent.service`` as it will be started by a udev rule. +- Remove existing signature (``.sig``) files and do not sign them when signing netboot artifacts. This is mostly + applicable when re-running ``mkarchiso`` after a failure. +- Replace ``archiso_kms`` with ``kms`` in ``mkinitcpio.conf``. The hook is available in mkinitcpio since version 32. + +[67] - 2022-09-25 +================= + +Added +----- + +- The ability to generate rootfs signatures using openssl CMS module if ``-c`` is given. + +Changed +------- + +- Order ``pacman-init.service`` before ``archlinux-keyring-wkd-sync.service`` since + ``archlinux-keyring-wkd-sync.service`` needs an initialized pacman keyring. +- Order ``pacman-init.service`` after ``time-sync.target`` since ``pacman-init.service`` may otherwise create local + signatures that are not valid on target systems after installation. + +[66] - 2022-08-28 +================= + +Added +----- + +- Add ``efibootimg`` to ``mkarchiso`` to abstract the FAT image path. +- Unset ``LANGUAGE`` since ``LC_ALL=C.UTF-8``, unlike ``LC_ALL=C``, does not override ``LANGUAGE``. +- Copy all files from the ``grub`` directory to ISO9660 and the FAT image, not just only ``grub.cfg``. +- Touching ``/usr/lib/clock-epoch`` to to help ``systemd`` with screwed or broken RTC. + +Changed +------- + +- Disable GRUB's shim_lock verifier and preload more modules. This allows reusing the GRUB EFI binaries when repacking + the ISO to support Secure Boot with custom signatures. + +[65] - 2022-06-30 +================= + +Added +----- + +- Configure the locale for the baseline profile to ``C.UTF-8`` so that a UTF-8 locale is used. +- Add ``uefi-x64.grub.esp`` and ``uefi-x64.grub.eltorito`` boot mode to support x86_64 UEFI boot on x86_64 machines. +- Use ``mkfs.erofs``'s ``ztailpacking`` option in the baseline profile to reduce the image size. + +Changed +------- + +- Change the releng profile's locale from ``en_US.UTF-8`` to ``C.UTF-8``. +- Set ``LC_ALL`` to ``C.UTF-8`` instead of ``C`` in mkarchiso since it is now available and non-UTF-8 locales should be + avoided. + +Removed +------- + +- Remove the custom pacman hook that ran ``locale-gen`` on glibc install from the releng profile. The used locale now + ships with the glibc package itself. +- Remove "Copy to RAM" boot entries since the ``archiso`` mkinitcpio hook enables it automatically when there is enough + free RAM. + +[64] - 2022-05-30 +================= + +Added +----- + +- Add ``uefi-ia32.grub.esp`` boot mode to support IA32 UEFI boot on x86_64 machines. +- Add GRUB configuration files to profiles. +- Add accessible ``copytoram`` entry. +- Enable beeps in systemd-boot menu. + +Changed +------- + +- Fix systemd-boot menu entry sorting by using the ``sort-key`` option. + +[63] - 2022-04-30 +================= + +Added +----- + +- Add dmidecode to the list of packages in the releng profile. +- Add open-iscsi to the list of packages in the releng profile to allow installing Arch on an iSCSI target. +- Add open-vm-tools and hyperv to the list of packages and enable their services to provide better integration with the + VMware and Hyper-V hypervisors. + +Changed +------- + +- Mount /etc/pacman.d/gnupg on ramfs instead of tmpfs to ensure its contents never land in swap. +- Configure reflector to return only mirrors that support both IPv4 and IPv6. + + +[62.1] - 2022-04-05 +=================== + +Removed +------- + +- Easter egg + +[62] - 2022-03-31 +================= + +Changed +------- + +- Fix the PXE support. PXELINUX was having trouble finding the kernel and initrds. Now, archiso forces syslinux to + interpret all TFTP paths as absolute. That seems to have solved the issue. +- Disable systemd-gpt-auto-generator, which we do not need, in both baseline and releng profiles. It avoids the error + message about it failing during boot. + +[61] - 2022-01-31 +================= + +Added +----- + +- Add linux-firmware-marvell to the list of packages in the releng profile (e.g. for Surface Pro 6 WiFi support) +- Add documentation to systemd-networkd configuration files +- Add information about the use of changelog and merge requests to the contributing guidelines +- Make the CI pipelines more efficient by automatically cancelling running pipelines if they are superseded by a newer + commit and by only running build pipelines on code or profile changes + +Changed +------- + +- Fix an issue where mkarchiso is failing to raise an error when the ``mmd`` and ``mcopy`` commands are not found +- Fix an issue where the architecture detection in mkarchiso fails due to an unset ``arch`` variable in the profile + +Removed +------- + +[60] - 2021-12-28 +================= + +Added +----- + +- Add `BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF` in the Releases section of the README, giving maintainer power to + nl6720. + +Changed +------- + +- Show a more descriptive message when no code signing certificate is used + +Removed +------- + +- Remove unused archiso_shutdown hook from the releng profile's mkinitcpio config + +[59] - 2021-11-30 +================= + +Added +----- + +- Add mailmap file for easier author integration with git +- Add grub and refind to the package list of the releng profile + +Changed +------- + +- Replace use of date with printf +- Silence command output more efficiently when using --quiet +- Modify curl call to retry up to ten times before giving up on downloading an automated script + +Removed +------- + +- Remove requirement on setting a Boot mode when building a netboot image + +[58] - 2021-08-25 +================= + +Added +----- + +- Add support for ``gpg``'s ``--sender`` option + +Changed +------- + +- Change the way ``mkarchiso`` uses ext4 images to copying files to it directly instead of mounting (this action now + does not require elevated privileges anymore) +- Add version files when using ``netboot`` buildmode as well +- Update the sshd configuration to be compatible with openssh 8.7p1 +- Overhaul the used ``gpg`` options +- Fix use of potentially unbound variables +- Refactor the validation functions to have fewer large functions and less code duplication + +Removed +------- + +- Remove all files related to ``mkinitcpio`` integration, as they now live in + https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio-archiso + +[57] - 2021-07-30 +================= + +Added +----- + +- Add a missing line in the systemd-networkd-wait-online.service in the baseline profile + +Changed +------- + +- Adapt systemd-networkd configuration to systemd ≥ 249 +- Improve documentation in ``mkarchiso`` and systemd-networkd related configuration files +- Fix an issue that may prevent continuing an aborted build of the ``netboot`` or ``iso`` buildmode + +Removed +------- + +- Remove SPDX license identifier from files that are not eligible for copyright (e.g. configuration files) + +[56.1] - 2021-07-11 +=================== + +Added +----- + +Changed +------- + +- Simplify gitlab CI setup by using ci-scripts (shared amongst several projects) +- Fix an issue with the unsetting of environment variables before using pacstrap/arch-chroot +- Remove termite-terminfo from the releng profile's list of packages (it is not in the official repositories anymore) +- Set LC_ALL instead of LANG + +[56] - 2021-07-01 +================= + +Added +----- + +- Add pacman >= 6 compatible configuration +- Add documentation for the `script` boot parameter + +Changed +------- + +- Clear environment variables before working in chroot +- Update Arch Wiki URLs +- Pass SOURCE_DATE_EPOCH to chroot +- Enable parallel downloads in profile pacman configurations +- Generalize the approach of interacting with ucode images +- Execute the netboot build mode for the baseline profile in CI + +[55] - 2021-06-01 +================= + +Added +----- + +- Add integration for pv when using the copytoram boot parameter so that progress on copying the image to RAM is shown +- Add experimental support for EROFS by using it for the rootfs image in the baseline profile + +Changed +------- + +- Change information on IRC channel, as Arch Linux moved to Libera Chat +- Fix a regression, that would prevent network interfaces to be configured under certain circumstances + +[54] - 2021-05-13 +================= + +Added +----- + +- Add the concept of buildmodes to mkarchiso, which allows for building more than the default .iso artifact + (sequentially) +- Add support to mkarchiso and both baseline and releng profiles for building a bootstrap image (a compressed + bootstrapped Arch Linux environment), by using the new buildmode `bootstrap` +- Add support to mkarchiso and both baseline and releng profiles for building artifacts required for netboot with iPXE + (optionally allowing codesigning on the artifacts), by using the new buildmode `netboot` +- Add qemu-guest-agent and virtualbox-guest-utils-nox to the releng profile and enable their services by default to + allow interaction between hypervisor and virtual machine if the installation medium is booted in a virtualized + environment + +Changed +------- + +- Always use the .sig file extension when signing the rootfs image, as that is how mkinitcpio-archiso expects it +- Fix for CI and run_archiso scripts to be compatible with QEMU >= 6.0 +- Increase robustness of CI by granting more time to reach the first prompt +- Change CI to build all available buildmodes of the baseline and releng profiles (baseline's netboot is currently + excluded due to a bug) +- Install all implicitly installed packages explicitly for the releng profile +- Install keyrings more generically when using pacman-init.service +- Consolidate CI scripts so that they may be shared between the archiso, arch-boxes and releng project in the future and + expose their configuration with the help of environment variables + +[53] - 2021-05-01 +================= + +Added +----- + +- Add ISO name to grubenv +- Add further metrics to CI, so that number of packages and further image sizes can be tracked +- Add IMAGE_ID and IMAGE_VERSION to /etc/os-release + +Changed +------- + +- Revert to an invalid GPT for greater hardware compatibility +- Fix CI scripts and initcpio script to comply with stricter shellcheck +- Fix an issue where writing to /etc/machine-id might override a file outside of the build directory +- Change gzip flags, so that compressed files are created reproducibly +- Increase default serial baud rate to 115200 +- Remove deprecated documentation and format existing documentation + +[52] - 2021-04-01 +================= + +Added +----- + +- Add usbmuxd support +- Add EROFS support (as an experimental alternative to squashfs) +- Add creation of zsync control file for delta downloads +- Add sof-firmware for additional soundcard support +- Add support for recursively setting file permissions on folders using profiledef.sh +- Add support for mobile broadband devices with the help of modemmanager +- Add information on PGP signatures of tags +- Add archinstall support + +Changed +------- + +- Remove haveged +- Fix various things in relation to gitlab CI +- Change systemd-networkd files to more generically setup networkds for devices +- Fix the behavior of the `script=` kernel commandline parameter to follow redirects +- Change the amount of mirrors checked by reflector to 20 to speed up availability of the mirrorlist + +[51] - 2021-02-01 +================= + +Added +----- + +- VNC support for `run_archiso` +- SSH enabled by default in baseline and releng profiles +- Add cloud-init support to baseline and releng profiles +- Add simple port forwarding to `run_archiso` to allow testing of SSH +- Add support for loading cloud-init user data images to `run_archiso` +- Add version information to images generated with `mkarchiso` +- Use pacman hooks for things previously done in `customize_airootfs.sh` (e.g. generating locale, uncommenting mirror + list) +- Add network setup for the baseline profile +- Add scripts for CI to build the baseline and releng profiles automatically + +Changed +------- + +- Change upstream URL in vendored profiles to archlinux.org +- Reduce the amount of sed calls in mkarchiso +- Fix typos in `mkarchiso` +- mkinitcpio-archiso: Remove resolv.conf before copy to circumvent its use +- Remove `customize_airootfs.sh` from the vendored profiles +- Support overriding more variables in `profiledef.sh` and refactor their use in `mkarchiso` +- Cleanup unused code in `run_archiso` diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000..ba8bf4a --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,48 @@ +============ +Contributing +============ + +These are the contribution guidelines for archiso. +All contributions fall under the terms of the GPL-3.0-or-later (see `LICENSE `_). + +Editorconfig +============ + +A top-level editorconfig file is provided. Please configure your text editor to use it. + +Linting +======= + +All ash and bash scripts are linted using shellcheck: + + .. code:: bash + + make lint + +Changelog +========= + +When adding, changing or removing something in a merge request, add a sentence to the `CHANGELOG.rst `_ +explaining it. +The changelog entry needs to be added to the unreleased section at the top, as that section is used for the next +release. + +Merge requests and signed commits +================================= + +Merge requests are not required to contain signed commits (using ``git commit -S`` - see `man 1 git-commit +`_). +The project maintainers may rebase a given merge request branch at their discretion (if possible), which may remove +signed commits. + +The tip of the project's default branch is required to be a signed commit by the project maintainers. +For external contributors this means, that their merge request will be merged using ``--no-ff`` (see `man 1 git-merge +`_) in a signed merge commit, while contributions by the project maintainers +may be merged using ``--ff`` when the top-most commit of the source branch is signed by a valid PGP key of the given +maintainer. + +Testing +======= + +Contributors are expected to test their contributions by building the releng profile and running the resulting image +using `run_archiso `_. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f288702 --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1a6bf6f --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +# +# SPDX-License-Identifier: GPL-3.0-or-later + +PREFIX ?= /usr/local +BIN_DIR=$(DESTDIR)$(PREFIX)/bin +DOC_DIR=$(DESTDIR)$(PREFIX)/share/doc/archiso +MAN_DIR?=$(DESTDIR)$(PREFIX)/share/man +PROFILE_DIR=$(DESTDIR)$(PREFIX)/share/archiso + +DOC_FILES=$(wildcard docs/*) $(wildcard *.rst) +SCRIPT_FILES=$(wildcard archiso/*) $(wildcard scripts/*.sh) $(wildcard .gitlab/ci/*.sh) \ + $(wildcard configs/*/profiledef.sh) $(wildcard configs/*/airootfs/usr/local/bin/*) +VERSION?=$(shell git describe --long --abbrev=7 | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g;s/\.r0\.g.*//') + +all: + +check: shellcheck + +shellcheck: + shellcheck -s bash $(SCRIPT_FILES) + +install: install-scripts install-profiles install-doc install-man + +install-scripts: + install -vDm 755 archiso/mkarchiso -t "$(BIN_DIR)/" + install -vDm 755 scripts/run_archiso.sh "$(BIN_DIR)/run_archiso" + +install-profiles: + install -d -m 755 $(PROFILE_DIR) + cp -a --no-preserve=ownership configs $(PROFILE_DIR)/ + +install-doc: + install -vDm 644 $(DOC_FILES) -t $(DOC_DIR) + +install-man: + @printf '.. |version| replace:: %s\n' '$(VERSION)' > man/version.rst + install -d -m 755 $(MAN_DIR)/man1 + rst2man man/mkarchiso.1.rst $(MAN_DIR)/man1/mkarchiso.1 + +.PHONY: check install install-doc install-man install-profiles install-scripts shellcheck diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..7579f37 --- /dev/null +++ b/README.rst @@ -0,0 +1,189 @@ +======= +archiso +======= + +The archiso project features scripts and configuration templates to build installation media (*.iso* images and +*.tar bootstrap images) as well as netboot artifacts for BIOS and UEFI based systems. +Currently creating the images is only supported on Arch Linux but may work on other operating systems as well. + +Requirements +============ + +The following packages need to be installed to be able to create an image with the included scripts: + +* arch-install-scripts +* awk +* dosfstools +* e2fsprogs +* erofs-utils (optional) +* findutils +* grub +* gzip +* libarchive +* libisoburn +* mtools +* openssl +* pacman +* sed +* squashfs-tools + +For running the images in a virtualized test environment the following packages are required: + +* edk2-ovmf +* qemu + +For linting the shell scripts the following package is required: + +* shellcheck + +For generating the man pages: + +* python-docutils + +Profiles +======== + +Archiso comes with two profiles: **baseline** and **releng**. While both can serve as starting points for creating +custom live media, **releng** is used to create the monthly installation medium. +They can be found below `configs/baseline/ `_ and `configs/releng/ `_ +(respectively). Both profiles are defined by files to be placed into overlays (e.g. airootfs ‎→‎ the image's ``/``). + +Read `README.profile.rst `_ to learn more about how to create profiles. + +Create images +============= + +Usually the archiso tools are installed as a package. However, it is also possible to clone this repository and create +images without installing archiso system-wide. + +As filesystems are created and various mount actions have to be done when creating an image, **root** is required to run +the scripts. + +When archiso is installed system-wide and the modification of a profile is desired, it is necessary to copy it to a +writeable location, as ``/usr/share/archiso`` is tracked by the package manager and only writeable by root (changes will +be lost on update). + +The examples below will assume an unmodified profile in a system location (unless noted otherwise). + +It is advised to consult the help output of **mkarchiso**: + +.. code:: sh + + mkarchiso -h + +Create images with packaged archiso +----------------------------------- + +.. code:: sh + + mkarchiso -w path/to/work_dir -o path/to/out_dir path/to/profile + +Create images with local clone +------------------------------ + +Clone this repository and run: + +.. code:: sh + + ./archiso/mkarchiso -w path/to/work_dir -o path/to/out_dir path/to/profile + +Testing +======= + +The convenience script **run_archiso** is provided to boot into the medium using qemu. +It is advised to consult its help output: + +.. code:: sh + + run_archiso -h + +Run the following to boot the iso using BIOS: + +.. code:: sh + + run_archiso -i path/to/an/arch.iso + +Run the following to boot the iso using UEFI: + +.. code:: sh + + run_archiso -u -i path/to/an/arch.iso + +The script can of course also be executed from this repository: + + +.. code:: sh + + ./scripts/run_archiso.sh -i path/to/an/arch.iso + +Installation +============ + +To install archiso system-wide use the included ``Makefile``: + +.. code:: sh + + make install + +Optional features + +The iso image contains a GRUB environment block holding the iso name and version. This allows to +boot the iso image from GRUB with a version specific cow directory to mitigate overlay clashes. + +.. code:: sh + + loopback loop archlinux.iso + load_env -f (loop)/boot/grub/grubenv + linux (loop)/arch/boot/x86_64/vmlinuz-linux ... \ + cow_directory=${NAME}/${VERSION} ... + initrd (loop)/arch/boot/x86_64/initramfs-linux-lts.img + +Contribute +========== + +Development of archiso takes place on Arch Linux' Gitlab: https://gitlab.archlinux.org/archlinux/archiso. + +Please read our distribution-wide `Code of Conduct `_ before +contributing, to understand what actions will and will not be tolerated. + +Read our `contributing guide `_ to learn more about how to provide fixes or improvements for the code +base. + +Discussion around archiso takes place on the `arch-releng mailing list +`_ and in `#archlinux-releng +`_ on `Libera Chat `_. + +All past and present authors of archiso are listed in `AUTHORS `_. + +Releases +======== + +`Releases of archiso `_ are created by their current maintainers + +- `David Runge `_ (``991F6E3F0765CF6295888586139B09DA5BF0D338``) +- `nl6720 `_ (``BB8E6F1B81CF0BB301D74D1CBF425A01E68B38EF``) + +Tags are signed using respective PGP keys. + +To verify a tag, first import the relevant PGP key(s): + +.. code:: sh + + gpg --auto-key-locate wkd --search-keys dvzrv@archlinux.org + +or + +.. code:: sh + + gpg --auto-key-locate clear,dane --locate-external-keys devnull@nl6720.me + +Afterwards a tag can be verified from a clone of this repository: + +.. code:: sh + + git verify-tag + +License +======= + +Archiso is licensed under the terms of the **GPL-3.0-or-later** (see `LICENSE `_). diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..34f1997 --- /dev/null +++ b/build.sh @@ -0,0 +1,150 @@ +#!/bin/bash + +export MSYS_NO_PATHCONV=1 + +set -e +trap 'echo -e "\e[31mErreur lors de l execution (build.sh).\e[0m"; exit 1' ERR + +DISTRO_NAME="Arch" + +if [ -n "$WSL_DISTRO_NAME" ]; then + echo -e "\e[36mBuild exécuté depuis WSL ($WSL_DISTRO_NAME) en tant que root...\e[0m" + IN_WSL=1 +else + echo -e "\e[36mLancement du processus de build dans WSL ($DISTRO_NAME) en tant que root...\e[0m" +fi + +if [ -z "$IN_WSL" ]; then + # ── Depuis Git Bash ────────────────────────────────────── + SCRIPT_DIR_WIN="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -W)" + WORK_DIR_WSL=$(MSYS_NO_PATHCONV=1 wsl.exe -d "$DISTRO_NAME" -u root -- \ + wslpath "$(echo "$SCRIPT_DIR_WIN" | sed 's|/|\\\\|g')" 2>/dev/null | tr -d '\r\n') + + echo "==> Dossier de travail WSL : $WORK_DIR_WSL" + + MSYS_NO_PATHCONV=1 wsl.exe -d "$DISTRO_NAME" -u root -- bash << EOF +set -e +WORK_DIR="${WORK_DIR_WSL}" +echo "==> Dossier de travail : \$WORK_DIR" + +echo "==> Mise à jour des miroirs et installation de archiso..." +pacman -Sy --noconfirm reflector || true +reflector --verbose --latest 10 --sort rate --save /etc/pacman.d/mirrorlist || true +pacman -Sy --noconfirm archiso + +echo "==> Préparation de l'environnement de build..." +rm -rf /tmp/fws-build +mkdir -p /tmp/fws-build/releng + +# Copie configs/releng/ en base +if [ -d "\$WORK_DIR/configs/releng" ]; then + cp -ar "\$WORK_DIR/configs/releng/"* /tmp/fws-build/releng/ + echo "==> configs/releng/ copié" +fi + +# Fusionne configs/baseline/ par dessus (priorité aux fichiers baseline) +if [ -d "\$WORK_DIR/configs/baseline" ]; then + cp -ar "\$WORK_DIR/configs/baseline/"* /tmp/fws-build/releng/ + echo "==> configs/baseline/ fusionné (prioritaire)" +fi + +echo "==> Vérification des services systemd..." +ls /tmp/fws-build/releng/airootfs/etc/systemd/system/ 2>/dev/null || echo " (aucun service)" +ls /tmp/fws-build/releng/airootfs/etc/systemd/system/multi-user.target.wants/ 2>/dev/null || echo " (aucun symlink)" + +# Copie le repo local Calamares +if ls "\$WORK_DIR/local-repo/"*.pkg.tar.zst &>/dev/null 2>&1; then + echo "==> Copie du repo local Calamares..." + mkdir -p /tmp/fws-build/local-repo + cp -a "\$WORK_DIR/local-repo/"* /tmp/fws-build/local-repo/ + + echo "==> Injection [fws-local] dans pacman.conf..." + sed -i '/^\[fws-local\]/,/^$/d' /tmp/fws-build/releng/pacman.conf + PACMAN_TMP=\$(mktemp) + printf '[fws-local]\nSigLevel = Optional TrustAll\nServer = file:///tmp/fws-build/local-repo\n\n' \ + > "\$PACMAN_TMP" + cat /tmp/fws-build/releng/pacman.conf >> "\$PACMAN_TMP" + mv "\$PACMAN_TMP" /tmp/fws-build/releng/pacman.conf + + echo "==> Vérification pacman.conf :" + head -5 /tmp/fws-build/releng/pacman.conf +else + echo "==> Aucun repo local détecté." +fi + +echo "==> Correction des retours à la ligne Windows (dos2unix)..." +pacman -S --needed --noconfirm dos2unix +find /tmp/fws-build/releng -type f -exec dos2unix {} + 2>/dev/null + +echo "==> Lancement de mkarchiso..." +mkdir -p "\$WORK_DIR/out" +mkarchiso -v -w /tmp/fws-build/work -o "\$WORK_DIR/out" /tmp/fws-build/releng + +echo "==> Nettoyage..." +rm -rf /tmp/fws-build/work + +echo "==> Build terminé ! ISO dans \$WORK_DIR/out" +EOF + +else + # ── Déjà dans WSL ──────────────────────────────────────── + WORK_DIR="$PWD" + echo "==> Dossier de travail : $WORK_DIR" + + echo "==> Mise à jour et installation de archiso..." + pacman -Sy --noconfirm reflector || true + reflector --verbose --latest 10 --sort rate --save /etc/pacman.d/mirrorlist || true + pacman -Sy --noconfirm archiso + + echo "==> Préparation de l'environnement de build..." + rm -rf /tmp/fws-build + mkdir -p /tmp/fws-build/releng + + if [ -d "$WORK_DIR/configs/releng" ]; then + cp -ar "$WORK_DIR/configs/releng/"* /tmp/fws-build/releng/ + echo "==> configs/releng/ copié" + fi + + if [ -d "$WORK_DIR/configs/baseline" ]; then + cp -ar "$WORK_DIR/configs/baseline/"* /tmp/fws-build/releng/ + echo "==> configs/baseline/ fusionné (prioritaire)" + fi + + echo "==> Vérification des services systemd..." + ls /tmp/fws-build/releng/airootfs/etc/systemd/system/ 2>/dev/null || echo " (aucun service)" + ls /tmp/fws-build/releng/airootfs/etc/systemd/system/multi-user.target.wants/ 2>/dev/null || echo " (aucun symlink)" + + if ls "$WORK_DIR/local-repo/"*.pkg.tar.zst &>/dev/null 2>&1; then + echo "==> Copie du repo local Calamares..." + mkdir -p /tmp/fws-build/local-repo + cp -a "$WORK_DIR/local-repo/"* /tmp/fws-build/local-repo/ + + echo "==> Injection [fws-local] dans pacman.conf..." + sed -i '/^\[fws-local\]/,/^$/d' /tmp/fws-build/releng/pacman.conf + PACMAN_TMP=$(mktemp) + printf '[fws-local]\nSigLevel = Optional TrustAll\nServer = file:///tmp/fws-build/local-repo\n\n' \ + > "$PACMAN_TMP" + cat /tmp/fws-build/releng/pacman.conf >> "$PACMAN_TMP" + mv "$PACMAN_TMP" /tmp/fws-build/releng/pacman.conf + + echo "==> Vérification pacman.conf :" + head -5 /tmp/fws-build/releng/pacman.conf + else + echo "==> Aucun repo local détecté." + fi + + echo "==> Correction des retours à la ligne Windows (dos2unix)..." + pacman -S --needed --noconfirm dos2unix + find /tmp/fws-build/releng -type f -exec dos2unix {} + 2>/dev/null + + echo "==> Lancement de mkarchiso..." + mkdir -p "$WORK_DIR/out" + mkarchiso -v -w /tmp/fws-build/work -o "$WORK_DIR/out" /tmp/fws-build/releng + + echo "==> Nettoyage..." + rm -rf /tmp/fws-build/work + + echo "==> Build terminé ! L'ISO se trouve dans '$WORK_DIR/out'." +fi + +echo -e "\e[32mScript de build terminé avec succès.\e[0m" \ No newline at end of file diff --git a/configs/baseline/airootfs/etc/calamares/branding/fws/branding.desc b/configs/baseline/airootfs/etc/calamares/branding/fws/branding.desc new file mode 100644 index 0000000..9b85604 --- /dev/null +++ b/configs/baseline/airootfs/etc/calamares/branding/fws/branding.desc @@ -0,0 +1,40 @@ +# ============================================================ +# FWS Linux — branding.desc +# ============================================================ + +componentName: fws + +strings: + productName: "FWS Linux" + shortProductName: "FWS" + version: "1.0" + shortVersion: "1.0" + versionedName: "FWS Linux 1.0" + shortVersionedName: "FWS 1.0" + bootloaderEntryName: "FWS Linux" + productUrl: "https://fws-linux.org" + supportUrl: "https://fws-linux.org/support" + releaseNotesUrl: "https://fws-linux.org/release-notes" + donateUrl: "https://fws-linux.org/donate" + +images: + productLogo: "logo.png" + productIcon: "logo.png" + productWelcome: "logo.png" + +slideshow: "slideshow.qml" +slideshowAPI: 2 + +style: + # Couleurs de la sidebar + sidebarBackground: "#1a1a2e" + sidebarText: "#e0e0e0" + sidebarTextHighlight: "#00d4ff" + sidebarSelect: "#16213e" + + # Couleurs générales + backgroundColor: "#0f3460" + highlightedTextColor: "#ffffff" + genericTextColor: "#e0e0e0" + errorTextColor: "#ff6b6b" + warningTextColor: "#ffa500" diff --git a/configs/baseline/airootfs/etc/calamares/branding/fws/logo.png b/configs/baseline/airootfs/etc/calamares/branding/fws/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..dda0772bccb4461a37d9090f8daa8da297406dc5 GIT binary patch literal 10867 zcmX|{1ymbdw6=i;2vFQ95+GP9?oeEU7S}>?*Wylr;_mJ#Qmk0%X`_jT0yNVm7X(|1bIXZ-E;r}$RIq_6%v0-{|a z0)2AY*pLDy7zczCX)hlhxRy?aL|vQ)o?Dx%-3rA(DJL#h@Msh|rK&wzZf~C~Tgq`= zINjYG?Rz{rI&x`wUOxKw@$xPI|7};CG%Hx(5AVzcMP!QD$^KY@yKvu1Fc6Eg#$$jH z=Y6Wq5XyXBRsnZ6PaQ;7$UhS_id15tc;aY@6pVI|+F+z{lA$<06(_)i`a%dha!Q$O z@f-C(-vwkGg`e>Rw2V@}u>J@VM5cquOpYKD>p*C^U2@lWI_5udXCOOhMBy8Q!W?&^0U2CS#< zI*ZHr7I5W>WXiB6YJ?QH{uqom-#2$Dc!QR>eRt1{8a22lxGYLChm@dZEZj${1AK}H z>Y@-nQ#byR081-ZRBFiRr5xP0D(%f&}%D&jq+3ere zT(B2gb;(RPccaylyV1Oy->+j}=#Aauvr?MW&XK>v-W=`3k*#^6a&-WFqE%e|dwtBS zwh|Dv6}PIOqxzkO-A+_5P9$MxQ<>qH;hc;n>WYLD8}h~wNi#7Y-e=I^mIi?X@(8%w zk`Tt5`0~ub6kr(WF&tnrTXWKN*S9-)6?|V$?(v?JNl}tnH)0E=IHKBQ*T7CrF_2&Y zX^j=^f_6?iU26bsf1w$8^?dVVAj9srq_R@UJ+zs7SP0v`|CdS+`0Rb+=ZyEf-DB

0h%?qZf>UmPmB!D^3asmXQ866{3~wdriY({#@)vXxb>Y#VL@*s3CmC%N)k)> zWdJ67dK!DL@Tb*%qmwOO$hoomU`O1m{Tf+g8lklKZ+^{xgfGay7pUHq2Vjd zwP9dIN?GYrj1ey0wD*E$ZBlek2gCj)_Qv{hrx;KVTQu}Rp_&@rrCFC&dmk0wHF8LD z_pSWNofJh@1IPVnp9Ye}5hy7^JMOs4s#zofPhXuJ)~J^$Gk0gvalc5jH- zrF}_EXT23)@njRO5N<)uD2KkG$SJU ztwEt9hFR3r#wH?ITTi)+@Q0bG69%Q_+;8R0tdB7Z?@lD&@lKpvO#+Fox3#Na%<->- zxJ|mTTkMBrTgof6m+P$$cInN*q#2omC(I7T+fC}npQ>fp^N?z|X8ffkRtfsO1@Jxb zNo=^IW{7Gjo1?aFS7YN0v4jinzjKwgURXf+2E2a~l%EPN#Et41MI@Z(h^UrdH15m)qpsJ@7SW8!9TFGXA2wtkF4Qlo z_(yReNNX#w4DqxaQ@+3~^fvhfeFD@*i3vVE946$RrMNA@!?OCc)Wq{A(|qhX&Af<+ zLY07V8nV&mxs#)3MO?n_1v;S(ws`liAIZ7Zeps7{xKoumvc)BtV%6ls<9y1%jajV$ zV2F_m&Kufnrxbx9c}f2yIOE2f91XX!rhm*eOuE`GIluTv9a>M}OVZHzj3rDr>?=_l z{obEwv~=wbZHurhaWpT`CC0+s1GAa$1?hH1>8tZUYRbDlrNRdo!#G#47IT{-hv>E) zZd#Af`94&Esef0lVxzQ-=JX*XmLCOl;>ermF)Up=O*o^zn>flPOPXfMbHkUSrqXTN ziBzP^!bW$R8RcaEO25M@aD}PAYR_xA^6&lx3c1iASYfYvQ9rO5cwB`yZ)LG?;J>0mqJ^kl zuhs3%7guVz66_?geTfUfuECY{v73gFSoBM)<9ogOBur9!0HXq)%zpZ}5@eX@mCb!0 zQLPDIj`XK8t0b56Sz8zRYK7>00-M1NlPqa!v;*zt9#$}As;PQL#W;J`pHdkFR-`&; zeCfqY$vVG#9yt&V3qP-V$cB%d+RU(Z%br~GIaS&gB)J_`qu=AnHxp`VuQ&1*|lTyy!2e1Crxyj#mIRFq^~$MiJA#XkI-kr69j+aI__5&*QeG*5x+A;AN59 z=$`8Y#G1BMJ zf|IIs){cNYdTV3_rhSSIm8EQCC|mrJDC!%wl@f3`y~xiGecHrK6!jmqfyGLAxjL?t z+&+NH&C%rukW7UXZ8QafS%oJDL^f~;uclnz=jl5vx0<1nsi(7MdT&y;&jx|NVxxS` zKQw#Zp@)!TsY+VgfF1+0Du!wxn;SP@S|Qa_wO>Z0jP&gCZWcH#*|5S&H<_L?r)CZ7 zGph?!M)qPJd|2bBCt{4sIDo1wi_#C5akou2sA01Go+lhGo^4XnztXXP9J87l6zn3M zJ7>6EX2M^JME&op|80d+$zt}r?ofU&hVs=~`S2t|jJIDO&`7Gp^y)hqQRf^ku%el_ zXui~z5Q0=RxU|}uOUGAgeDi!}J*PqIDn`>o@zo|@B zQqp;-Em5`k>AevbEZL}PQ!W=^UN+Cz9PQ?;)_8anDC%K6XEU$)kh5$R6fCJIXYj&c z>+pt8{?>A?l_B25i#@SfM!k0uoBGMmJqtAqF$j1kXGoTeu&p>V6#uR*tjGsxya}W0 zLz|BauAJdj>oX|@Uh>wc*2ap488_P6Ym2(}EV9~%SJXe)(Z$i0uLx@HyDwN+?QzM_ zjr;#XGSF_d8UphPO`B;&`mp!gUa2m*5DhinvUlx}EL^}DE z(bpc_F*fTM8*Huqob-`gjH6G+*&bT0Q%uivU*wUK5`^`P@}n#eI{IN5(RwA1 zeybrT6`uLMDS4;FblOJN?16>l_ibv;(w*|1S(Sk6x9LW8kp^V!+-@5hkl87FJnz6fybVm;^Nvj%O+&J1ciPOJk8UC4XK z%TIq7rTVYBU{jE9gxk)3I!x4OL+|_kp6U~*gakWD3)xOZk z6)Tt!DhiY8BH`If*72bVt_~pO*wbET5k<;blTVb~uU zJ*#4pQHqE16jl=6?wI(hV{wvXV7A$@*s|e-%=bFZtJfDd`YDRJCP#9{14KP(P+2~U znJb?r#O7MuYA8r)lFBoFg?=i&-)&S4*f4XY`^#cXfcl{<~WlAehx0TPs#4zUjg zh2{J`f#jOr4%{b1(EwpNLwVcKOY8JWIR~UNS{skGm1c||5*2E)%NHJ-s>jx+`Qs1&VV-8b<*gb9o;*mi zH-?fDU=Uv1CxOfh@I;?#}y z_%_v&>IhO(oPiE*5sNgW->hNtwr*V|O1{uDD(ztf`QWrjq#MtTB#`Rfu*kXy*c7cZ zX)}zwt1ybockh%8w4b0YRZ>SY%*G48cxi4>phBKhZvic-@ST)%x=S;@Kqd@d z2=vIckTjb_J%f&hb`n~zsG95^b)NBOf9G2YiIzt1TNNoXbgsCy{5_Sd{16xE5+T3&z8rIPuS8JRi9JPg_}AEYmAPTtgpHKG7f-?YB?8G^x)F%h>!Qs)m$dov zB&sKz`nNU(x|%CHGAJ0VD&A->?kc6(Tt-E`oXcLfHPF9B`Ee_veo4Os7kW`ln9Y0@qffeLc%+I8wSZN|4yyWzC}PKQTj<$Z9`~OKz0y5WYhJ>` z(o{K#@fo6}^OeIsMm=oh=mFSDr{)(E-qOd5jzCRNizX;FibAjiM$j<5bB^D^UFE#ac^#(a~0v(wRJ z)U>}bSi9$$(!aNzNK%#i0+hD> zfTyx`8eand{il^%^wh)<2a02)QfA4T&p*{~$TCKsgj|7bF#*u%!sBG-QolX>!L*Mu z%cNn2UVm}`%^#>dw52h+a!(KQAH`Su^UV_gj( zBQgkF1FL?0zg|}R&+b&*;yB}j6dn5x!lh)1Us(CnL>h_Kw+>S)ewL`UUNH&Ha2`g4 zTFOy{4zn@)sB!H%N{SQw$?N!&3$;Bvj;znc*ztFo0Qs|%1YI`|* z!v}HTF-*ZC%NfY=m@%5-FEwa0l!@g=1N(Y>%FjtVM6aS+sIgG-hGQM_eDT$pI9GB6 z<8;&JptrkPmd0sHNn^Dg$I!+kLJIJtm9+n3VgZ#S%>E&m)jjuk`{rJnQ)Su&JXdW=FIBrs3iY?t+*hG!*`{_2=`KoVXB@ z(>n(RzELi|@8*K9x0u842GpzbhheD?^RG0IlihoH3vF})Nb?ZKu+~#?_{?1v=tiQw zRk+RApB({+rl$91IdPQ7H9!11dvJFlNU0S_&WGIbz$-5!bA}D8kf}V`@qqHJKX@aP z8dig7-QLWNV`N=bj)@_0TIQl?E2<0#+#Ip)?Hy2v?B%Q5_304V}J zlw6md;Hu5{$ux#G0?*u*gSGNm&`rI@%UKz`ndge5*D}oJu0$$N;J!h$3X_;|c}3$& zs=}KKc>NA^e~SlP2bid0J3v6o(i(HaA&h&H78_L7M-RwO_AB*`(>R}J*Rfb0mLQd1|&nlI#Eb=z*>tChn z-sc$OX$wh?lhY5R^1YOwK9Aw)p`{qtGTkH>b54b_A1K79gz!4b86%ryY9;UUp0;Bp zsH#WW++uw61Z1AuGyNjHbq@wz<#_(qan`59gbe-m*A%q*;m0e@X)(#|7W3pdjCaDu{(N2;aBVZ$vyV0r-5V@MYNG@=6>W|D%J**Q-pO%}L>ye{ zkf(&(DV#ln998Cfhn0zb(K4+aj~up%(afz4Df@Y_TyV}`V5uX6`a}24Oor=ZMN;lQ z5W3j!JT*AtJ=RhX47-&`9zGOO#s+^@DgP_|nRyR?SM_!+OJn6L9ZOORC^xlJ2_u@d2E0ZIp z5-MZ*tXVpZ`_`DL41m?~eW7avvV4IyK-CVJNGo>=(8gbqXR-!h-Q!|n_=^vvvkz?e z+MZXPzLKu|*&%JT>J&_JP>V}Vpdc(kK_Rp8LN-P&)Lwh(wNM7UhTcSU1^<1UxVLSP z1ty@ZN9&v9U-u*5fINcZn zBP91PDAiywP+0v0Z+3@hAttErbNP+lbhBY!n}A zI~jV0ZLCxpqNXb4*m?Pv0_vB+I_P0$B zF`scSIFy7Xkr&28_RlX~t}yVrHd2^L0J<2=>sgv4R@Hhp=rk=$VnO?+{q5}xyY2h> zO3&Z*o&7lT1VXxubnj>5FOJC6zVy?uyYW_rQ7Ro$qi#}VL}>_Fzk$Y~`6$SL<#HAM0jUeKEDb=07+J9$gscW4OF*Gx zLWe!=i}%1)AQ!yGJ#4GzI>TuIpu+?544iwZm}6m~NsVz;o@E#a_yhtWAgqWO$3bz6 zUSEyi=28wZub)NqVXDaQsQ}Bqn%axWr%^UPvBORqp{&!#Fgi{Qr@^NmLPw3 z((iq)%6p>UoCdy*+Ptp$DO*&%T{EP0K0N}cVV;w`Tzk6y3>x!eNUHyc8-}wd|4*7G zw7vUjXBAlL`;9t5-)M^wUI)a`UHVfXYII57Sa_*gdQpJPDaZZIYp?t|eA8zyH(1iw zT6hCcCw^A8`~*Q=C-wn;;iCLa?q-6m@8T3L$^ywVo>W!aZG*EI>#k@ zx(%FYON-x6phbpnBNvypgC9Ur6O0zzLPaccNtX9??iwnUjyd3V#^$-1)OUXm4Xi0K zG=$!7HOo3Cj$dIS7cij4NZs&Y6cp7>S=nTIP?nCQtuV3h94&p3s9c8aW2r)ZR^3=m zhZ`}`)Mm3JScbTqgMWGSs=nilCOWKuO5y}!R{z@j>*HzegG8TtfLc%Khqth1EThg< z)&HeBpBX9R!%y5cBW|8tH{<=1PODO<^&GOYX*#QA z)#OkaBeP{>uFS7*2^slPRjZ@Q@Cr|jsXgbAk?wqcY3TSdapt?+sqmpaA?59PxJcKzpX8#o+^ ziH@)zWko}!v+C;Qo5P9>|0pvH(2mURg-2EScYG;dyXM~-v?u!*E=v>qRzIDrr}PHH z1}3BFBSsus^pxSHK@be^V!=KAdW6pK1YMLx3jDU;)UH6?a=u-U&v;LKT4CLDXm2vz zT3$+GwfRP3>}=9d$F6OJ`&?7I{9wfc)P#9spS?wur+m2H=UVG2@w-_s`Wj z)@9`S#lK(1Wc|GEX|v-KDPEHHsO7JVow|LwBV_@rJ&&3h z|Ju&TV-*|f-{x{W-OWU$f2qwL%3YRqdH2z8^pN~%4#`2lmaD_t%X0P>d}PTz(t%)K zYHi6air(nf2s^vBQ?;d`v^Ys?>Lnko zKK;!qdQ*4sf~9yV#JR<6y7?F*(&)K|m<&MufjMt@2(qsgiam6nh%lp6D*PeEiL8jsKA#CAYfaDNI z$q^Uu{W(WqaQDf{%zPat5JL(xNGQ5Eb@S5?_<#`pIrFEWynZ;-ln5f!cq2tVrXGl( zaR&Z1W3}M7UD*%aqSQWK!$IQ|2wB!%G2yu2kxuB-4=LP55|9CW3+dg$S{PgBemc7N zf6cCmS!z+hDDnD(^M!qvMeTKcmjpHF1GF;gaF}S7B~qvT)58fE;&||fJLhZF^plDQ zJ@WBhJ1KOUGXy+?i0Ya?_0t*U`RPM)Xv>$@m|#g%ZyUiBWtPU@ltN?ac&w!Q+Iu-f zfVsMkD~Y$`FufI=10n%hJ*@G9lY_;Ijj{22UB`$w-s&I(_3p6FQ~2L3f~%mrNuO(8 zEUaOM;UC+w3dPC;&x-g|w>y5`qOz6^u1VdNofYkT=M4!S*CB99w0FHI@b=@ADTCT| zf8M{tf5?W2Vd@}no+?p6RXb^C@i~$8;sMY(N)&&fLLE?@xzeJryxiMoWITp7d^VH3~F|k!25EZc--|t zK()P6a%21{_?|o0TCNjxN9<(4efsV>h5OyM6H*1rO-!FPS#u-H-_}9*T?159{Qn60 z&IqKkdY6vzAILCS=5l5H6h{${ZZA8Qx`gPb{P1u`kEp-%l;i1G$2oi+zS%*o*szjv z(yQ-5tib_xa-S2TTXw;&1v%+b4t(;!><{1Ai3Q)9!D*ek->qrCnWO|;VCY(jk5+?B z&KxGwc2ox~yEOYjhOWkPM|x-fIEPDDK>!ZPZ>s4IgP`0TTVXds?cXtm<*d1K2 zeSqINBvok6`#_n%30I=~W0$sXaYINv!KK2Qd6DkuK+!{ERL*!MVt9bBh$gm(EkkS? z)6Rxx_?rznoNsj@G904PMuYfJOAGbuR!b}4tA0e!gk_!Oolzq2ekou+zIa{ssY}E+KUK zb9CTkIA&yG86XZ1#+%+%KuMU*YR9IwB5qt?U!BoIsu;q|P|`PTgh}2O8)+s14}&Nl zbyeRd=RLwFR7L2{@313@nXGSAT+(gkF1ky5K1hf<4A|o9EYXOu->huuF0pSDFTVVv zSEKMw*h$(|_2`Llmm5*Q$tEg4OQ;&-Lq__gg(b6X4ze-~fhub!UZ3TRFl&p7E6Wv~ zXgAK8ivaG(L+VU$J?AJMs>BdPl37u{^1-V|$$GjnGtYdR291JPu>w-^i&q&(uoueu zHfr~hJegmmjk5{2^nRZ~6mW=&`wz=lsBaFXA6Ry8IgBwZ&>BUJl~z=0$Mh zdB1yYrVykv5dc6^0Sn8XK>aez$41pI9vzcv?h3xI=0U3qx3LOeCTu0Id0f{J^_pWy z|5BOGwkW}!8mJ)`Rse;-ni=)N9~oC^Y4I%^qi|?Kp8d{KHZBdG`t^Mhf{HOn8Xtgrl-#QLF*6H_YE zKjW7MQHc7u&>I_N-v+w=lCfCdL0O;;w!ekCJ1$EdL=wxsoKbvF-SdIn;6+LtR?u2K z4g7Wbd-i5@W5boD%qjwp&>jHhVtPV zE%)%VTvIlpV9++>(u`rKL#u=dIy9I@_uH2HU!e4zANcu@R_z6bbej3fPvO0wearJ~ zB*M~{XEBoRAYF@>a`@;YN=qKW5|1@AlmT>*x{&-^QRwRT$}({J8nYGm8hH5VXu4KDBOv^V0$5Eb10mmzzxkn_RA$M(+!-W_ z7-am)(1M#~O0N6ytppCh@MXYVtBuqXYd{j7(V4D&$ulxSg9a;c#vx!N=m!}q_oy_< zyKfj=dp&kEl;hY}ayZrACai!LibtXLJ9Y~e!!-((rhQrf1r?otW~vnSRF7nD)Ik)o zOpH4^V2p2G-%0K{X?*RQ_=q=|^ny$FI^fLmW?m@}F8F-!C(jAV!>iXoPxu(|4$9!P z--y*TIuasOG~M5h(=qJ=N#;Q=<9E1DSV2X{7Q6Ndc-jLVO^x<{8~iX%jz2ruF9wzS zY9GyvGouGm(*mO@;sXA`4RF1iR6+@zXU}3%cZ7|nF0Y7*+Bj`+`4aJS^cesFx!1GJ z2;vWX1VC`ahfJic5T_#5;LeY!i<3* zXdq`KhMp+NjQ*1t?Uxw+_urRyoaFZXPDqlFd~C{vFR;UUq&$!prYJMNj)r?lqEs)g ztmS{sDsqhMwp~M&Z)T#K@74?mRthrW9&DpED&QVQ&B$$bR||x?K!Hw0P$BVS`eZJh z8U7jRnZWxzcHN`!I_+n42uRqxQn5!GG0_@WOp}4W_2##&Vv#JVO0b$(}c|Wbxep z`6|guB~(J7fRJNZca=VOEMk_g4^XWCzZtB*B6|PWl?*Wylr;_mJ#Qmk0%X`_jT0yNVm7X(|1bIXZ-E;r}$RIq_6%v0-{|a z0)2AY*pLDy7zczCX)hlhxRy?aL|vQ)o?Dx%-3rA(DJL#h@Msh|rK&wzZf~C~Tgq`= zINjYG?Rz{rI&x`wUOxKw@$xPI|7};CG%Hx(5AVzcMP!QD$^KY@yKvu1Fc6Eg#$$jH z=Y6Wq5XyXBRsnZ6PaQ;7$UhS_id15tc;aY@6pVI|+F+z{lA$<06(_)i`a%dha!Q$O z@f-C(-vwkGg`e>Rw2V@}u>J@VM5cquOpYKD>p*C^U2@lWI_5udXCOOhMBy8Q!W?&^0U2CS#< zI*ZHr7I5W>WXiB6YJ?QH{uqom-#2$Dc!QR>eRt1{8a22lxGYLChm@dZEZj${1AK}H z>Y@-nQ#byR081-ZRBFiRr5xP0D(%f&}%D&jq+3ere zT(B2gb;(RPccaylyV1Oy->+j}=#Aauvr?MW&XK>v-W=`3k*#^6a&-WFqE%e|dwtBS zwh|Dv6}PIOqxzkO-A+_5P9$MxQ<>qH;hc;n>WYLD8}h~wNi#7Y-e=I^mIi?X@(8%w zk`Tt5`0~ub6kr(WF&tnrTXWKN*S9-)6?|V$?(v?JNl}tnH)0E=IHKBQ*T7CrF_2&Y zX^j=^f_6?iU26bsf1w$8^?dVVAj9srq_R@UJ+zs7SP0v`|CdS+`0Rb+=ZyEf-DB

0h%?qZf>UmPmB!D^3asmXQ866{3~wdriY({#@)vXxb>Y#VL@*s3CmC%N)k)> zWdJ67dK!DL@Tb*%qmwOO$hoomU`O1m{Tf+g8lklKZ+^{xgfGay7pUHq2Vjd zwP9dIN?GYrj1ey0wD*E$ZBlek2gCj)_Qv{hrx;KVTQu}Rp_&@rrCFC&dmk0wHF8LD z_pSWNofJh@1IPVnp9Ye}5hy7^JMOs4s#zofPhXuJ)~J^$Gk0gvalc5jH- zrF}_EXT23)@njRO5N<)uD2KkG$SJU ztwEt9hFR3r#wH?ITTi)+@Q0bG69%Q_+;8R0tdB7Z?@lD&@lKpvO#+Fox3#Na%<->- zxJ|mTTkMBrTgof6m+P$$cInN*q#2omC(I7T+fC}npQ>fp^N?z|X8ffkRtfsO1@Jxb zNo=^IW{7Gjo1?aFS7YN0v4jinzjKwgURXf+2E2a~l%EPN#Et41MI@Z(h^UrdH15m)qpsJ@7SW8!9TFGXA2wtkF4Qlo z_(yReNNX#w4DqxaQ@+3~^fvhfeFD@*i3vVE946$RrMNA@!?OCc)Wq{A(|qhX&Af<+ zLY07V8nV&mxs#)3MO?n_1v;S(ws`liAIZ7Zeps7{xKoumvc)BtV%6ls<9y1%jajV$ zV2F_m&Kufnrxbx9c}f2yIOE2f91XX!rhm*eOuE`GIluTv9a>M}OVZHzj3rDr>?=_l z{obEwv~=wbZHurhaWpT`CC0+s1GAa$1?hH1>8tZUYRbDlrNRdo!#G#47IT{-hv>E) zZd#Af`94&Esef0lVxzQ-=JX*XmLCOl;>ermF)Up=O*o^zn>flPOPXfMbHkUSrqXTN ziBzP^!bW$R8RcaEO25M@aD}PAYR_xA^6&lx3c1iASYfYvQ9rO5cwB`yZ)LG?;J>0mqJ^kl zuhs3%7guVz66_?geTfUfuECY{v73gFSoBM)<9ogOBur9!0HXq)%zpZ}5@eX@mCb!0 zQLPDIj`XK8t0b56Sz8zRYK7>00-M1NlPqa!v;*zt9#$}As;PQL#W;J`pHdkFR-`&; zeCfqY$vVG#9yt&V3qP-V$cB%d+RU(Z%br~GIaS&gB)J_`qu=AnHxp`VuQ&1*|lTyy!2e1Crxyj#mIRFq^~$MiJA#XkI-kr69j+aI__5&*QeG*5x+A;AN59 z=$`8Y#G1BMJ zf|IIs){cNYdTV3_rhSSIm8EQCC|mrJDC!%wl@f3`y~xiGecHrK6!jmqfyGLAxjL?t z+&+NH&C%rukW7UXZ8QafS%oJDL^f~;uclnz=jl5vx0<1nsi(7MdT&y;&jx|NVxxS` zKQw#Zp@)!TsY+VgfF1+0Du!wxn;SP@S|Qa_wO>Z0jP&gCZWcH#*|5S&H<_L?r)CZ7 zGph?!M)qPJd|2bBCt{4sIDo1wi_#C5akou2sA01Go+lhGo^4XnztXXP9J87l6zn3M zJ7>6EX2M^JME&op|80d+$zt}r?ofU&hVs=~`S2t|jJIDO&`7Gp^y)hqQRf^ku%el_ zXui~z5Q0=RxU|}uOUGAgeDi!}J*PqIDn`>o@zo|@B zQqp;-Em5`k>AevbEZL}PQ!W=^UN+Cz9PQ?;)_8anDC%K6XEU$)kh5$R6fCJIXYj&c z>+pt8{?>A?l_B25i#@SfM!k0uoBGMmJqtAqF$j1kXGoTeu&p>V6#uR*tjGsxya}W0 zLz|BauAJdj>oX|@Uh>wc*2ap488_P6Ym2(}EV9~%SJXe)(Z$i0uLx@HyDwN+?QzM_ zjr;#XGSF_d8UphPO`B;&`mp!gUa2m*5DhinvUlx}EL^}DE z(bpc_F*fTM8*Huqob-`gjH6G+*&bT0Q%uivU*wUK5`^`P@}n#eI{IN5(RwA1 zeybrT6`uLMDS4;FblOJN?16>l_ibv;(w*|1S(Sk6x9LW8kp^V!+-@5hkl87FJnz6fybVm;^Nvj%O+&J1ciPOJk8UC4XK z%TIq7rTVYBU{jE9gxk)3I!x4OL+|_kp6U~*gakWD3)xOZk z6)Tt!DhiY8BH`If*72bVt_~pO*wbET5k<;blTVb~uU zJ*#4pQHqE16jl=6?wI(hV{wvXV7A$@*s|e-%=bFZtJfDd`YDRJCP#9{14KP(P+2~U znJb?r#O7MuYA8r)lFBoFg?=i&-)&S4*f4XY`^#cXfcl{<~WlAehx0TPs#4zUjg zh2{J`f#jOr4%{b1(EwpNLwVcKOY8JWIR~UNS{skGm1c||5*2E)%NHJ-s>jx+`Qs1&VV-8b<*gb9o;*mi zH-?fDU=Uv1CxOfh@I;?#}y z_%_v&>IhO(oPiE*5sNgW->hNtwr*V|O1{uDD(ztf`QWrjq#MtTB#`Rfu*kXy*c7cZ zX)}zwt1ybockh%8w4b0YRZ>SY%*G48cxi4>phBKhZvic-@ST)%x=S;@Kqd@d z2=vIckTjb_J%f&hb`n~zsG95^b)NBOf9G2YiIzt1TNNoXbgsCy{5_Sd{16xE5+T3&z8rIPuS8JRi9JPg_}AEYmAPTtgpHKG7f-?YB?8G^x)F%h>!Qs)m$dov zB&sKz`nNU(x|%CHGAJ0VD&A->?kc6(Tt-E`oXcLfHPF9B`Ee_veo4Os7kW`ln9Y0@qffeLc%+I8wSZN|4yyWzC}PKQTj<$Z9`~OKz0y5WYhJ>` z(o{K#@fo6}^OeIsMm=oh=mFSDr{)(E-qOd5jzCRNizX;FibAjiM$j<5bB^D^UFE#ac^#(a~0v(wRJ z)U>}bSi9$$(!aNzNK%#i0+hD> zfTyx`8eand{il^%^wh)<2a02)QfA4T&p*{~$TCKsgj|7bF#*u%!sBG-QolX>!L*Mu z%cNn2UVm}`%^#>dw52h+a!(KQAH`Su^UV_gj( zBQgkF1FL?0zg|}R&+b&*;yB}j6dn5x!lh)1Us(CnL>h_Kw+>S)ewL`UUNH&Ha2`g4 zTFOy{4zn@)sB!H%N{SQw$?N!&3$;Bvj;znc*ztFo0Qs|%1YI`|* z!v}HTF-*ZC%NfY=m@%5-FEwa0l!@g=1N(Y>%FjtVM6aS+sIgG-hGQM_eDT$pI9GB6 z<8;&JptrkPmd0sHNn^Dg$I!+kLJIJtm9+n3VgZ#S%>E&m)jjuk`{rJnQ)Su&JXdW=FIBrs3iY?t+*hG!*`{_2=`KoVXB@ z(>n(RzELi|@8*K9x0u842GpzbhheD?^RG0IlihoH3vF})Nb?ZKu+~#?_{?1v=tiQw zRk+RApB({+rl$91IdPQ7H9!11dvJFlNU0S_&WGIbz$-5!bA}D8kf}V`@qqHJKX@aP z8dig7-QLWNV`N=bj)@_0TIQl?E2<0#+#Ip)?Hy2v?B%Q5_304V}J zlw6md;Hu5{$ux#G0?*u*gSGNm&`rI@%UKz`ndge5*D}oJu0$$N;J!h$3X_;|c}3$& zs=}KKc>NA^e~SlP2bid0J3v6o(i(HaA&h&H78_L7M-RwO_AB*`(>R}J*Rfb0mLQd1|&nlI#Eb=z*>tChn z-sc$OX$wh?lhY5R^1YOwK9Aw)p`{qtGTkH>b54b_A1K79gz!4b86%ryY9;UUp0;Bp zsH#WW++uw61Z1AuGyNjHbq@wz<#_(qan`59gbe-m*A%q*;m0e@X)(#|7W3pdjCaDu{(N2;aBVZ$vyV0r-5V@MYNG@=6>W|D%J**Q-pO%}L>ye{ zkf(&(DV#ln998Cfhn0zb(K4+aj~up%(afz4Df@Y_TyV}`V5uX6`a}24Oor=ZMN;lQ z5W3j!JT*AtJ=RhX47-&`9zGOO#s+^@DgP_|nRyR?SM_!+OJn6L9ZOORC^xlJ2_u@d2E0ZIp z5-MZ*tXVpZ`_`DL41m?~eW7avvV4IyK-CVJNGo>=(8gbqXR-!h-Q!|n_=^vvvkz?e z+MZXPzLKu|*&%JT>J&_JP>V}Vpdc(kK_Rp8LN-P&)Lwh(wNM7UhTcSU1^<1UxVLSP z1ty@ZN9&v9U-u*5fINcZn zBP91PDAiywP+0v0Z+3@hAttErbNP+lbhBY!n}A zI~jV0ZLCxpqNXb4*m?Pv0_vB+I_P0$B zF`scSIFy7Xkr&28_RlX~t}yVrHd2^L0J<2=>sgv4R@Hhp=rk=$VnO?+{q5}xyY2h> zO3&Z*o&7lT1VXxubnj>5FOJC6zVy?uyYW_rQ7Ro$qi#}VL}>_Fzk$Y~`6$SL<#HAM0jUeKEDb=07+J9$gscW4OF*Gx zLWe!=i}%1)AQ!yGJ#4GzI>TuIpu+?544iwZm}6m~NsVz;o@E#a_yhtWAgqWO$3bz6 zUSEyi=28wZub)NqVXDaQsQ}Bqn%axWr%^UPvBORqp{&!#Fgi{Qr@^NmLPw3 z((iq)%6p>UoCdy*+Ptp$DO*&%T{EP0K0N}cVV;w`Tzk6y3>x!eNUHyc8-}wd|4*7G zw7vUjXBAlL`;9t5-)M^wUI)a`UHVfXYII57Sa_*gdQpJPDaZZIYp?t|eA8zyH(1iw zT6hCcCw^A8`~*Q=C-wn;;iCLa?q-6m@8T3L$^ywVo>W!aZG*EI>#k@ zx(%FYON-x6phbpnBNvypgC9Ur6O0zzLPaccNtX9??iwnUjyd3V#^$-1)OUXm4Xi0K zG=$!7HOo3Cj$dIS7cij4NZs&Y6cp7>S=nTIP?nCQtuV3h94&p3s9c8aW2r)ZR^3=m zhZ`}`)Mm3JScbTqgMWGSs=nilCOWKuO5y}!R{z@j>*HzegG8TtfLc%Khqth1EThg< z)&HeBpBX9R!%y5cBW|8tH{<=1PODO<^&GOYX*#QA z)#OkaBeP{>uFS7*2^slPRjZ@Q@Cr|jsXgbAk?wqcY3TSdapt?+sqmpaA?59PxJcKzpX8#o+^ ziH@)zWko}!v+C;Qo5P9>|0pvH(2mURg-2EScYG;dyXM~-v?u!*E=v>qRzIDrr}PHH z1}3BFBSsus^pxSHK@be^V!=KAdW6pK1YMLx3jDU;)UH6?a=u-U&v;LKT4CLDXm2vz zT3$+GwfRP3>}=9d$F6OJ`&?7I{9wfc)P#9spS?wur+m2H=UVG2@w-_s`Wj z)@9`S#lK(1Wc|GEX|v-KDPEHHsO7JVow|LwBV_@rJ&&3h z|Ju&TV-*|f-{x{W-OWU$f2qwL%3YRqdH2z8^pN~%4#`2lmaD_t%X0P>d}PTz(t%)K zYHi6air(nf2s^vBQ?;d`v^Ys?>Lnko zKK;!qdQ*4sf~9yV#JR<6y7?F*(&)K|m<&MufjMt@2(qsgiam6nh%lp6D*PeEiL8jsKA#CAYfaDNI z$q^Uu{W(WqaQDf{%zPat5JL(xNGQ5Eb@S5?_<#`pIrFEWynZ;-ln5f!cq2tVrXGl( zaR&Z1W3}M7UD*%aqSQWK!$IQ|2wB!%G2yu2kxuB-4=LP55|9CW3+dg$S{PgBemc7N zf6cCmS!z+hDDnD(^M!qvMeTKcmjpHF1GF;gaF}S7B~qvT)58fE;&||fJLhZF^plDQ zJ@WBhJ1KOUGXy+?i0Ya?_0t*U`RPM)Xv>$@m|#g%ZyUiBWtPU@ltN?ac&w!Q+Iu-f zfVsMkD~Y$`FufI=10n%hJ*@G9lY_;Ijj{22UB`$w-s&I(_3p6FQ~2L3f~%mrNuO(8 zEUaOM;UC+w3dPC;&x-g|w>y5`qOz6^u1VdNofYkT=M4!S*CB99w0FHI@b=@ADTCT| zf8M{tf5?W2Vd@}no+?p6RXb^C@i~$8;sMY(N)&&fLLE?@xzeJryxiMoWITp7d^VH3~F|k!25EZc--|t zK()P6a%21{_?|o0TCNjxN9<(4efsV>h5OyM6H*1rO-!FPS#u-H-_}9*T?159{Qn60 z&IqKkdY6vzAILCS=5l5H6h{${ZZA8Qx`gPb{P1u`kEp-%l;i1G$2oi+zS%*o*szjv z(yQ-5tib_xa-S2TTXw;&1v%+b4t(;!><{1Ai3Q)9!D*ek->qrCnWO|;VCY(jk5+?B z&KxGwc2ox~yEOYjhOWkPM|x-fIEPDDK>!ZPZ>s4IgP`0TTVXds?cXtm<*d1K2 zeSqINBvok6`#_n%30I=~W0$sXaYINv!KK2Qd6DkuK+!{ERL*!MVt9bBh$gm(EkkS? z)6Rxx_?rznoNsj@G904PMuYfJOAGbuR!b}4tA0e!gk_!Oolzq2ekou+zIa{ssY}E+KUK zb9CTkIA&yG86XZ1#+%+%KuMU*YR9IwB5qt?U!BoIsu;q|P|`PTgh}2O8)+s14}&Nl zbyeRd=RLwFR7L2{@313@nXGSAT+(gkF1ky5K1hf<4A|o9EYXOu->huuF0pSDFTVVv zSEKMw*h$(|_2`Llmm5*Q$tEg4OQ;&-Lq__gg(b6X4ze-~fhub!UZ3TRFl&p7E6Wv~ zXgAK8ivaG(L+VU$J?AJMs>BdPl37u{^1-V|$$GjnGtYdR291JPu>w-^i&q&(uoueu zHfr~hJegmmjk5{2^nRZ~6mW=&`wz=lsBaFXA6Ry8IgBwZ&>BUJl~z=0$Mh zdB1yYrVykv5dc6^0Sn8XK>aez$41pI9vzcv?h3xI=0U3qx3LOeCTu0Id0f{J^_pWy z|5BOGwkW}!8mJ)`Rse;-ni=)N9~oC^Y4I%^qi|?Kp8d{KHZBdG`t^Mhf{HOn8Xtgrl-#QLF*6H_YE zKjW7MQHc7u&>I_N-v+w=lCfCdL0O;;w!ekCJ1$EdL=wxsoKbvF-SdIn;6+LtR?u2K z4g7Wbd-i5@W5boD%qjwp&>jHhVtPV zE%)%VTvIlpV9++>(u`rKL#u=dIy9I@_uH2HU!e4zANcu@R_z6bbej3fPvO0wearJ~ zB*M~{XEBoRAYF@>a`@;YN=qKW5|1@AlmT>*x{&-^QRwRT$}({J8nYGm8hH5VXu4KDBOv^V0$5Eb10mmzzxkn_RA$M(+!-W_ z7-am)(1M#~O0N6ytppCh@MXYVtBuqXYd{j7(V4D&$ulxSg9a;c#vx!N=m!}q_oy_< zyKfj=dp&kEl;hY}ayZrACai!LibtXLJ9Y~e!!-((rhQrf1r?otW~vnSRF7nD)Ik)o zOpH4^V2p2G-%0K{X?*RQ_=q=|^ny$FI^fLmW?m@}F8F-!C(jAV!>iXoPxu(|4$9!P z--y*TIuasOG~M5h(=qJ=N#;Q=<9E1DSV2X{7Q6Ndc-jLVO^x<{8~iX%jz2ruF9wzS zY9GyvGouGm(*mO@;sXA`4RF1iR6+@zXU}3%cZ7|nF0Y7*+Bj`+`4aJS^cesFx!1GJ z2;vWX1VC`ahfJic5T_#5;LeY!i<3* zXdq`KhMp+NjQ*1t?Uxw+_urRyoaFZXPDqlFd~C{vFR;UUq&$!prYJMNj)r?lqEs)g ztmS{sDsqhMwp~M&Z)T#K@74?mRthrW9&DpED&QVQ&B$$bR||x?K!Hw0P$BVS`eZJh z8U7jRnZWxzcHN`!I_+n42uRqxQn5!GG0_@WOp}4W_2##&Vv#JVO0b$(}c|Wbxep z`6|guB~(J7fRJNZca=VOEMk_g4^XWCzZtB*B6|PWl/dev/null 2>&1; then + exec sudo -E calamares "$@" + elif command -v pkexec >/dev/null 2>&1; then + exec pkexec calamares "$@" + else + echo "ERREUR : Impossible de lancer Calamares en tant que root (sudo/pkexec non trouvés)." + exit 1 + fi +else + exec calamares "$@" +fi diff --git a/configs/releng/airootfs/usr/local/bin/Installation_guide b/configs/releng/airootfs/usr/local/bin/Installation_guide new file mode 100644 index 0000000..58b97b0 --- /dev/null +++ b/configs/releng/airootfs/usr/local/bin/Installation_guide @@ -0,0 +1,5 @@ +#!/bin/sh +# +# SPDX-License-Identifier: GPL-3.0-or-later + +exec xdg-open 'https://wiki.archlinux.org/title/Installation_guide' diff --git a/configs/releng/airootfs/usr/local/bin/choose-mirror b/configs/releng/airootfs/usr/local/bin/choose-mirror new file mode 100644 index 0000000..d2349de --- /dev/null +++ b/configs/releng/airootfs/usr/local/bin/choose-mirror @@ -0,0 +1,29 @@ +#!/bin/bash +# +# SPDX-License-Identifier: GPL-3.0-or-later + +get_cmdline() { + local param + for param in $(/etc/pacman.d/mirrorlist < +# $2 +# $3 +unmute_and_set_level() { + [[ -n "$3" && -n "$2" && -n "$1" ]] || bugout + systemd-cat -t "livecdsound" printf "Setting: %s on card: %s to %s\n" "$2" "$1" "$3" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" unmute + return 0 +} + +# $1 +# $2 +mute_and_zero_level() { + [[ -n "$1" && -n "$2" ]] || bugout + systemd-cat -t "livecdsound" printf "Muting control: %s on card: %s\n" "$2" "$1" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "0%" mute + return 0 +} + +# $1 +# $2 +# $3 "on" | "off" +switch_control() { + [[ -n "$3" && -n "$1" ]] || bugout + systemd-cat -t "livecdsound" printf "Switching control: %s on card: %s to %s\n" "$2" "$1" "$3" + systemd-cat -t "livecdsound" amixer -c "$1" set "$2" "$3" + return 0 +} + +# $1 +sanify_levels_on_card() { + unmute_and_set_level "$1" "Front" "80%" + unmute_and_set_level "$1" "Master" "80%" + unmute_and_set_level "$1" "Master Mono" "80%" + unmute_and_set_level "$1" "Master Digital" "80%" # E.g., cs4237B + unmute_and_set_level "$1" "Playback" "80%" + unmute_and_set_level "$1" "Headphone" "100%" + unmute_and_set_level "$1" "PCM" "80%" + unmute_and_set_level "$1" "PCM,1" "80%" # E.g., ess1969 + unmute_and_set_level "$1" "DAC" "80%" # E.g., envy24, cs46xx + unmute_and_set_level "$1" "DAC,0" "80%" # E.g., envy24 + unmute_and_set_level "$1" "DAC,1" "80%" # E.g., envy24 + unmute_and_set_level "$1" "Synth" "80%" + unmute_and_set_level "$1" "CD" "80%" + unmute_and_set_level "$1" "PC Speaker" "100%" + + mute_and_zero_level "$1" "Mic" + mute_and_zero_level "$1" "IEC958" # Ubuntu #19648 + + # Intel P4P800-MX + switch_control "$1" "Master Playback Switch" on + switch_control "$1" "Master Surround" on + + # Trident/YMFPCI/emu10k1: + unmute_and_set_level "$1" "Wave" "80%" + unmute_and_set_level "$1" "Music" "80%" + unmute_and_set_level "$1" "AC97" "80%" + + # DRC: + unmute_and_set_level "$1" "Dynamic Range Compression" "80%" + + # Required for HDA Intel (hda-intel): + unmute_and_set_level "$1" "Front" "80%" + + # Required for SB Live 7.1/24-bit (ca0106): + unmute_and_set_level "$1" "Analog Front" "80%" + + # Required at least for Via 823x hardware on DFI K8M800-MLVF Motherboard + switch_control "$1" "IEC958 Capture Monitor" off + + # Required for hardware allowing toggles for AC97 through IEC958, + # valid values are 0, 1, 2, 3. Needs to be set to 0 for PCM1. + unmute_and_set_level "$1" "IEC958 Playback AC97-SPSA" "0" + + # Required for newer Via hardware + unmute_and_set_level "$1" "VIA DXS,0" "80%" + unmute_and_set_level "$1" "VIA DXS,1" "80%" + unmute_and_set_level "$1" "VIA DXS,2" "80%" + unmute_and_set_level "$1" "VIA DXS,3" "80%" + + # Required on some notebooks with ICH4: + switch_control "$1" "Headphone Jack Sense" off + switch_control "$1" "Line Jack Sense" off + + # Some machines need one or more of these to be on; + # others need one or more of these to be off: + + switch_control "$1" "Audigy Analog/Digital Output Jack" on + switch_control "$1" "SB Live Analog/Digital Output Jack" on + + # D1984 -- Thinkpad T61/X61 + switch_control "$1" "Speaker" on + switch_control "$1" "Headphone" on + + # HDA-Intel w/ "Digital" capture mixer (See Ubuntu #193823) + unmute_and_set_level "$1" "Digital" "80%" + + return 0 +} + +# $1 | "all" +sanify_levels() { + local ttsdml_returnstatus=0 + local card + case "$1" in + all) + for card in $(echo_card_indices); do + sanify_levels_on_card "$card" || ttsdml_returnstatus=1 + done + ;; + *) + sanify_levels_on_card "$1" || ttsdml_returnstatus=1 + ;; + esac + return "$ttsdml_returnstatus" +} + +# List all cards that *should* be usable for PCM audio. In my experience, +# the console speaker (handled by the pcsp driver) isn't a suitable playback +# device, so we'll exclude it. +list_non_pcsp_cards() { + for card in $(echo_card_indices); do + local cardfile="/proc/asound/card${card}/id" + if [[ -r "$cardfile" && -f "$cardfile" && "$(cat "$cardfile")" != pcsp ]]; then + echo "$card" + fi + done +} + +# Properly initialize the sound card so that we have audio at boot. +unmute_all_cards() { + sanify_levels all +} + +is_numeric() { + local str="$1" + [[ "$str" =~ ^[0-9]+$ ]] +} + +set_default_card() { + local card="$1" + sed -e "s/%card%/$card/g" /etc/asound.conf +} + +play_on_card() { + local card="$1" file="$2" + aplay -q "-Dplughw:$card,0" "$file" +} + +# If there are multiple usable sound cards, prompt the user to choose one, +# using auditory feedback. +pick_a_card() { + set -f + usable_cards="$(list_non_pcsp_cards)" + num_usable_cards="$(wc -w <<<"$usable_cards")" + + if (( num_usable_cards == 1 )); then + systemd-cat -t "livecdsound" printf "Only one sound card is detected\n" + exit 0 + fi + systemd-cat -t "livecdsound" printf "multiple sound cards detected\n" + for card in "${usable_cards[@]}"; do + if ! is_numeric "$card"; then + continue + fi + play_on_card "$card" /usr/share/livecd-sounds/pick-a-card.wav & + done + wait + sleep 1 + for card in "${usable_cards[@]}"; do + if ! is_numeric "$card"; then + continue + fi + play_on_card "$card" /usr/share/livecd-sounds/beep.wav + if read -r -t 10; then + systemd-cat -t "livecdsound" printf "Selecting %s sound card as default\n" "$card" + set_default_card "$card" + break + fi + done +} + +if (( $# == 0 )); then + echo "error: No argument passed." + exit 1 +fi +while [[ "${1}" != "" ]]; do + case ${1} in + -h|--help) + usage + exit + ;; + -u|--unmute) + systemd-cat -t "livecdsound" printf "Unmuting all cards" + unmute_all_cards + ;; + -p|--pick) + pick_a_card + ;; + *) + echo "error: Unsupported argument" + usage + exit 1 + ;; + esac + shift +done diff --git a/configs/releng/airootfs/usr/local/share/livecd-sound/asound.conf.in b/configs/releng/airootfs/usr/local/share/livecd-sound/asound.conf.in new file mode 100644 index 0000000..3f9c7aa --- /dev/null +++ b/configs/releng/airootfs/usr/local/share/livecd-sound/asound.conf.in @@ -0,0 +1,3 @@ +Defaults node +defaults.ctl.card %card%; +defaults.pcm.card %card%; diff --git a/configs/releng/airootfs/usr/share/applications/fws-install.desktop b/configs/releng/airootfs/usr/share/applications/fws-install.desktop new file mode 100644 index 0000000..1407706 --- /dev/null +++ b/configs/releng/airootfs/usr/share/applications/fws-install.desktop @@ -0,0 +1,13 @@ +[Desktop Entry] +Version=1.0 +Type=Application +Name=Installer FWS Linux +Name[fr]=Installer FWS Linux +Comment=Installe FWS Linux sur votre machine +Comment[fr]=Installe FWS Linux sur votre machine +Exec=fws-installer +Icon=/etc/calamares/branding/fws/logo.png +Terminal=false +Categories=System; +Keywords=install;installer;fws;calamares; +StartupNotify=true diff --git a/configs/releng/bootstrap_packages b/configs/releng/bootstrap_packages new file mode 100644 index 0000000..64966d0 --- /dev/null +++ b/configs/releng/bootstrap_packages @@ -0,0 +1,2 @@ +arch-install-scripts +base diff --git a/configs/releng/efiboot/loader/entries/01-archiso-linux.conf b/configs/releng/efiboot/loader/entries/01-archiso-linux.conf new file mode 100644 index 0000000..1d02178 --- /dev/null +++ b/configs/releng/efiboot/loader/entries/01-archiso-linux.conf @@ -0,0 +1,5 @@ +title FWS install medium (%ARCH%, UEFI) +sort-key 01 +linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% diff --git a/configs/releng/efiboot/loader/entries/02-archiso-speech-linux.conf b/configs/releng/efiboot/loader/entries/02-archiso-speech-linux.conf new file mode 100644 index 0000000..7bf988d --- /dev/null +++ b/configs/releng/efiboot/loader/entries/02-archiso-speech-linux.conf @@ -0,0 +1,5 @@ +title FWS install medium (%ARCH%, UEFI) with speech +sort-key 02 +linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux +initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +options archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/efiboot/loader/entries/03-archiso-memtest86+x64.conf b/configs/releng/efiboot/loader/entries/03-archiso-memtest86+x64.conf new file mode 100644 index 0000000..7a0ef5e --- /dev/null +++ b/configs/releng/efiboot/loader/entries/03-archiso-memtest86+x64.conf @@ -0,0 +1,4 @@ +title Memtest86+ +sort-key 03 +efi /boot/memtest86+/memtest.efi +architecture x64 diff --git a/configs/releng/efiboot/loader/loader.conf b/configs/releng/efiboot/loader/loader.conf new file mode 100644 index 0000000..06d4ac4 --- /dev/null +++ b/configs/releng/efiboot/loader/loader.conf @@ -0,0 +1,3 @@ +timeout 15 +default 01-archiso-linux.conf +beep on diff --git a/configs/releng/grub/grub.cfg b/configs/releng/grub/grub.cfg new file mode 100644 index 0000000..a6be2bd --- /dev/null +++ b/configs/releng/grub/grub.cfg @@ -0,0 +1,112 @@ +# Load partition table and file system modules +insmod part_gpt +insmod part_msdos +insmod fat +insmod iso9660 +insmod ntfs +insmod ntfscomp +insmod exfat +insmod udf + +# Use graphics-mode output +if loadfont "${prefix}/fonts/unicode.pf2" ; then + insmod all_video + set gfxmode="auto" + terminal_input console + terminal_output console +fi + +# Enable serial console +insmod serial +insmod usbserial_common +insmod usbserial_ftdi +insmod usbserial_pl2303 +insmod usbserial_usbdebug +if serial --unit=0 --speed=115200; then + terminal_input --append serial + terminal_output --append serial +fi + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu}-${grub_platform}" +fi + +# Set default menu entry +default=fws +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "FWS install medium (%ARCH%, ${archiso_platform})" --class fws --class gnu-linux --class gnu --class os --id 'fws' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +menuentry "FWS install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class fws --class gnu-linux --class gnu --class os --id 'fws-accessibility' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == 'i386' -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellia32.efi + } + elif [ "${grub_cpu}" == 'arm64' -a -f '/shellaa64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellaa64.efi + } + elif [ "${grub_cpu}" == 'riscv64' -a -f '/shellriscv64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellriscv64.efi + } + elif [ "${grub_cpu}" == 'loongarch64' -a -f '/shellloongarch64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellloongarch64.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} + + +# GRUB init tune for accessibility +play 600 988 1 1319 4 diff --git a/configs/releng/grub/loopback.cfg b/configs/releng/grub/loopback.cfg new file mode 100644 index 0000000..b0e3a34 --- /dev/null +++ b/configs/releng/grub/loopback.cfg @@ -0,0 +1,85 @@ +# https://www.supergrubdisk.org/wiki/Loopback.cfg + +# Search for the ISO volume +search --no-floppy --set=archiso_img_dev --file "${iso_path}" +probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}" + +# Get a human readable platform identifier +if [ "${grub_platform}" == 'efi' ]; then + archiso_platform='UEFI' +elif [ "${grub_platform}" == 'pc' ]; then + archiso_platform='BIOS' +else + archiso_platform="${grub_cpu}-${grub_platform}" +fi + +# Set default menu entry +default=fws +timeout=15 +timeout_style=menu + + +# Menu entries + +menuentry "FWS install medium (%ARCH%, ${archiso_platform})" --class fws --class gnu-linux --class gnu --class os --id 'fws' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + +menuentry "FWS install medium with speakup screen reader (%ARCH%, ${archiso_platform})" --hotkey s --class fws --class gnu-linux --class gnu --class os --id 'fws-accessibility' { + set gfxpayload=keep + linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}" accessibility=on + initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +} + + +if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest.efi + } +fi +if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then + menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool { + set gfxpayload=800x600,1024x768 + linux /boot/memtest86+/memtest + } +fi +if [ "${grub_platform}" == 'efi' ]; then + if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellx64.efi + } + elif [ "${grub_cpu}" == 'i386' -a -f '/shellia32.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellia32.efi + } + elif [ "${grub_cpu}" == 'arm64' -a -f '/shellaa64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellaa64.efi + } + elif [ "${grub_cpu}" == 'riscv64' -a -f '/shellriscv64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellriscv64.efi + } + elif [ "${grub_cpu}" == 'loongarch64' -a -f '/shellloongarch64.efi' ]; then + menuentry 'UEFI Shell' --class efi { + chainloader /shellloongarch64.efi + } + fi + + menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' { + fwsetup + } +fi + +menuentry 'System shutdown' --class shutdown --class poweroff { + echo 'System shutting down...' + halt +} + +menuentry 'System restart' --class reboot --class restart { + echo 'System rebooting...' + reboot +} diff --git a/configs/releng/packages.x86_64 b/configs/releng/packages.x86_64 new file mode 100644 index 0000000..31f47e3 --- /dev/null +++ b/configs/releng/packages.x86_64 @@ -0,0 +1,141 @@ +alsa-utils +amd-ucode +arch-install-scripts +archinstall +b43-fwcutter +base +bcachefs-tools +bind +bolt +brltty +broadcom-wl +btrfs-progs +calamares +clonezilla +cloud-init +cryptsetup +darkhttpd +ddrescue +dhcpcd +diffutils +dmidecode +dmraid +dnsmasq +dosfstools +e2fsprogs +edk2-shell +efibootmgr +espeakup +ethtool +exfatprogs +f2fs-tools +fatresize +foot-terminfo +fsarchiver +gpart +gpm +gptfdisk +grml-zsh-config +grub +hdparm +hyperv +intel-ucode +irssi +iw +iwd +jfsutils +kitty-terminfo +kpmcore +ldns +less +lftp +libfido2 +libusb-compat +linux +linux-atm +linux-firmware +linux-firmware-marvell +livecd-sounds +lsscsi +lvm2 +lynx +man-db +man-pages +mc +mdadm +memtest86+ +memtest86+-efi +mkinitcpio +mkinitcpio-archiso +mkinitcpio-nfs-utils +mmc-utils +modemmanager +mtools +nano +nbd +ndisc6 +fastfetch +nfs-utils +nilfs-utils +nmap +ntfs-3g +nvme-cli +openbox +open-iscsi +open-vm-tools +openconnect +openpgp-card-tools +openssh +openvpn +partclone +parted +partimage +pcsclite +ppp +pptpclient +pv +qemu-guest-agent +qt5-base +qt5-svg +qt6-base +refind +reflector +rsync +rxvt-unicode-terminfo +screen +sdparm +sequoia-sq +sg3_utils +smartmontools +sof-firmware +squashfs-tools +sudo +polkit +polkit-gnome +syslinux +systemd-resolvconf +tcpdump +terminus-font +testdisk +tmux +tpm2-tools +tpm2-tss +ttf-dejavu +udftools +usb_modeswitch +usbmuxd +usbutils +vim +virtualbox-guest-utils-nox +vpnc +wireless-regdb +wireless_tools +wpa_supplicant +wvdial +xdg-utils +xfsprogs +xl2tpd +xorg-server +xorg-xinit +xorg-xrandr +zsh \ No newline at end of file diff --git a/configs/releng/pacman.conf b/configs/releng/pacman.conf new file mode 100644 index 0000000..ab9baa7 --- /dev/null +++ b/configs/releng/pacman.conf @@ -0,0 +1,14 @@ +[options] +HoldPkg = pacman glibc +Architecture = auto +ParallelDownloads = 5 +CheckSpace + +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional + +[core] +Include = /etc/pacman.d/mirrorlist + +[extra] +Include = /etc/pacman.d/mirrorlist \ No newline at end of file diff --git a/configs/releng/pacman.d/mirrorlist b/configs/releng/pacman.d/mirrorlist new file mode 100644 index 0000000..0d0c602 --- /dev/null +++ b/configs/releng/pacman.d/mirrorlist @@ -0,0 +1,7 @@ +## Custom mirrorlist for FWS build +## Generated to avoid stale/broken mirrors during ISO build. + +Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch +Server = https://mirror.rit.edu/archlinux/$repo/os/$arch +Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch +Server = https://mirror.univ-lille1.fr/archlinux/$repo/os/$arch diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh new file mode 100644 index 0000000..429e6f2 --- /dev/null +++ b/configs/releng/profiledef.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2034 + +iso_name="fws" +iso_label="FWS_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)" +iso_publisher="FWS" +iso_application="FWS Live/Rescue DVD" +iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)" +install_dir="fws" +buildmodes=('iso') +bootmodes=('bios.syslinux' + 'uefi.systemd-boot') +pacman_conf="pacman.conf" +airootfs_image_type="squashfs" +airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M') +bootstrap_tarball_compression=('zstd' '-c' '-T0' '--auto-threads=logical' '--long' '-19') +file_permissions=( + ["/etc/shadow"]="0:0:400" + ["/root"]="0:0:750" + ["/root/.automated_script.sh"]="0:0:755" + ["/root/.gnupg"]="0:0:700" + ["/usr/local/bin/choose-mirror"]="0:0:755" + ["/usr/local/bin/Installation_guide"]="0:0:755" + ["/usr/local/bin/livecd-sound"]="0:0:755" +) diff --git a/configs/releng/syslinux/archiso_head.cfg b/configs/releng/syslinux/archiso_head.cfg new file mode 100644 index 0000000..d6f09e0 --- /dev/null +++ b/configs/releng/syslinux/archiso_head.cfg @@ -0,0 +1,28 @@ +SERIAL 0 115200 +UI vesamenu.c32 +MENU TITLE FWS +MENU BACKGROUND splash.png + +MENU WIDTH 78 +MENU MARGIN 4 +MENU ROWS 7 +MENU VSHIFT 10 +MENU TABMSGROW 14 +MENU CMDLINEROW 14 +MENU HELPMSGROW 16 +MENU HELPMSGENDROW 29 + +# Refer to https://wiki.syslinux.org/wiki/index.php/Comboot/menu.c32 + +MENU COLOR border 30;44 #40ffffff #a0000000 std +MENU COLOR title 1;36;44 #9033ccff #a0000000 std +MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all +MENU COLOR unsel 37;44 #50ffffff #a0000000 std +MENU COLOR help 37;40 #c0ffffff #a0000000 std +MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std +MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std +MENU COLOR msg07 37;40 #90ffffff #a0000000 std +MENU COLOR tabmsg 31;40 #30ffffff #00000000 std + +MENU CLEAR +MENU IMMEDIATE diff --git a/configs/releng/syslinux/archiso_pxe-linux.cfg b/configs/releng/syslinux/archiso_pxe-linux.cfg new file mode 100644 index 0000000..1029243 --- /dev/null +++ b/configs/releng/syslinux/archiso_pxe-linux.cfg @@ -0,0 +1,32 @@ +LABEL fws_nbd +TEXT HELP +Boot the FWS install medium using NBD. +It allows you to install FWS or perform system maintenance. +ENDTEXT +MENU LABEL FWS install medium (%ARCH%, NBD) +LINUX ::/%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% archiso_nbd_srv=${pxeserver} cms_verify=y +SYSAPPEND 3 + +LABEL fws_nfs +TEXT HELP +Boot the FWS live medium using NFS. +It allows you to install FWS or perform system maintenance. +ENDTEXT +MENU LABEL FWS install medium (%ARCH%, NFS) +LINUX ::/%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archiso_nfs_srv=${pxeserver}:/run/archiso/bootmnt cms_verify=y +SYSAPPEND 3 + +LABEL fws_http +TEXT HELP +Boot the FWS live medium using HTTP. +It allows you to install FWS or perform system maintenance. +ENDTEXT +MENU LABEL FWS install medium (%ARCH%, HTTP) +LINUX ::/%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux +INITRD ::/%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archiso_http_srv=http://${pxeserver}/ cms_verify=y +SYSAPPEND 3 diff --git a/configs/releng/syslinux/archiso_pxe.cfg b/configs/releng/syslinux/archiso_pxe.cfg new file mode 100644 index 0000000..b4c9a80 --- /dev/null +++ b/configs/releng/syslinux/archiso_pxe.cfg @@ -0,0 +1,5 @@ +INCLUDE archiso_head.cfg + +INCLUDE archiso_pxe-linux.cfg + +INCLUDE archiso_tail.cfg diff --git a/configs/releng/syslinux/archiso_sys-linux.cfg b/configs/releng/syslinux/archiso_sys-linux.cfg new file mode 100644 index 0000000..40e365c --- /dev/null +++ b/configs/releng/syslinux/archiso_sys-linux.cfg @@ -0,0 +1,20 @@ +LABEL fws +TEXT HELP +Boot the FWS install medium on BIOS. +It allows you to install FWS or perform system maintenance. +ENDTEXT +MENU LABEL FWS install medium (%ARCH%, BIOS) +LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% + +# Accessibility boot option +LABEL fwsspeech +TEXT HELP +Boot the FWS install medium on BIOS with speakup screen reader. +It allows you to install FWS or perform system maintenance with speech feedback. +ENDTEXT +MENU LABEL FWS install medium (%ARCH%, BIOS) with ^speech +LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux +INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img +APPEND archisobasedir=%INSTALL_DIR% archisosearchuuid=%ARCHISO_UUID% accessibility=on diff --git a/configs/releng/syslinux/archiso_sys.cfg b/configs/releng/syslinux/archiso_sys.cfg new file mode 100644 index 0000000..662482c --- /dev/null +++ b/configs/releng/syslinux/archiso_sys.cfg @@ -0,0 +1,8 @@ +INCLUDE archiso_head.cfg + +DEFAULT arch +TIMEOUT 150 + +INCLUDE archiso_sys-linux.cfg + +INCLUDE archiso_tail.cfg diff --git a/configs/releng/syslinux/archiso_tail.cfg b/configs/releng/syslinux/archiso_tail.cfg new file mode 100644 index 0000000..e84897c --- /dev/null +++ b/configs/releng/syslinux/archiso_tail.cfg @@ -0,0 +1,35 @@ +LABEL existing +TEXT HELP +Boot an existing operating system. +Press TAB to edit the disk and partition number to boot. +ENDTEXT +MENU LABEL Boot existing OS +COM32 chain.c32 +APPEND hd0 0 + +# https://www.memtest.org/ +LABEL memtest +MENU LABEL Run Memtest86+ (RAM test) +LINUX /boot/memtest86+/memtest + +# https://wiki.syslinux.org/wiki/index.php/Hdt_(Hardware_Detection_Tool) +LABEL hdt +MENU LABEL Hardware Information (HDT) +COM32 hdt.c32 +APPEND modules_alias=hdt/modalias.gz pciids=hdt/pciids.gz + +LABEL reboot +TEXT HELP +Reboot computer. +The computer's firmware must support APM. +ENDTEXT +MENU LABEL Reboot +COM32 reboot.c32 + +LABEL poweroff +TEXT HELP +Power off computer. +The computer's firmware must support APM. +ENDTEXT +MENU LABEL Power Off +COM32 poweroff.c32 diff --git a/configs/releng/syslinux/splash.png b/configs/releng/syslinux/splash.png new file mode 100644 index 0000000000000000000000000000000000000000..64b959a61efb767a58d484601f122f6d4ead5a8a GIT binary patch literal 45400 zcmXt9by!n>xZg&N9!P^oOLup-ba$t8D&5^(QqmzIjW9q!8brE7N)V)*dw%ym_m6FG zo@Zlx-}uD)o)|S1IZQMXG!O`csUR<{0RlmSK_KuZ6dAa}Gqbu2ynsD4xP1d9*^q5vsKOKABnAAj@7CY#F+XW#kOA(UG|ARdw` zixUD;ppeEw9%#yLc`}=Kgs&HJ@FqSU$K5pXuD3M0oYj9h8D2ytjn`*aps-4zNr#OJ zOwzwQLM^D7>%Py1!r^+7Q)2)x`KIeN_2_<}u*V-8S<+0Q)mg;vG_*Qda z!a%lsgJVU6X?5y~OG-p8WjH-1aa{M=ChxLCuW0;Hg?EV2@Pm!tI-$XK{vWZNAHzqR zQ_SKE%uUQ`;=_v8c@pG#PIX)e?adk`HsTdF`0hHy$I3ydiiSDM;LeQf6~L?kxOGA}(>E0tBnH4~>dq zyO7Gff)jQoR}ShlyGWN`#~2Mu`(4CCX$IhtJ&(;;W;63{OJ0f0xKpaa&5~?1(qzK9 z-a8hdjVHUI^K*fHt{gemebg4k3OyWg0)6p6VFUh?j?I75<2E^ho_Gl!+AE)53vqIp zZcd}|(~(-w7~yIBU@p=I$>AL6pTgbgF6gy}%$P&cB^U7wG28Lb((I7x6jGkXo@|11 z%YMobum=@2L$TuEaK-+1DA@#)QrwZLV*w#EqPu1799x>TI+M0wA>FFwl@vo$@Ewv; z#~G5g@;vNW=E`O3%25<-S^OSUyLmqte{4DmYEaXI`)9Zi5KLn*ZZ{%^51(%f>D-UK z4@gJVH`aPd#K_lA`Q3a@M&w8ef1fT>r*lVzZs&And40j8vszp}TVC>Juw;{O#fG=A zs7~!ji~E`VjY)%KNe)?f<0ORO=tFPgSIw4O7p7)}q>|+&qbG|pq%YG`$2ndDPGvlk zXuf^S<{P*oaue-oJk2V-c2|arr`cXx6K~P=5JT>qG${-JeO>l3rdKH*?x!mva`(8E zo`|Q}Ae4arvFuPA5RkV+)p=)fL|+ zd%r3Toy`J)pv3}DWmHP$@Yhx(knqi3_Ku^WI`mIxY7aClM%gxMs~rLi?QmM5sIKRMQQCjPeMl(}a6 zwqJ=);vhnxCa_PK+l0~m84^C0OoUR{4)T1|`i;uCdpW=W`POgnh!%nLby?D>^%_6d zTt)rKkZ2=E+qgGALR1+Ql-L4u%lViUM!)}RiLZ3s4V=l_* ztIFB0!SC~?TWZ~=vi!@fGuNww=&__1b>8B}8)vZ2e7uniVoytG>}Tb%1f|d)o3?)d zf9|wDqD9LAQ^xd(-Y6D*CE4uuC76b6avR>%(!Y=095Xr@8N3CmbKYS$Q#)ws~({4sa!HZWCU8TDJ^ zUq;$IarTuDgy*YGC1ebUEe%VkA&n%oBefTn?fZ7DLK|qdnX=T}0{dq5oZ;nlYG1y~ zJwX*QI8n&Z>*v>-zC*Zmf=%kNMe_c2aWXZhDhOyDWDXCei@@!8HiC4r<75`t?hbu& z|3s{zIh)I-^(S1w8R=*wRuFrjntE`Cix4-=4@=s=8G9S?>}d)i~7noTSuyac#+&QYf9L0brb127&5LIc( zJif%QH;9WR;)htv3?Mhhdx>U;Z3Wgg=;5L5SnyoA6br?*_Uj)|J!JKE$a5vo4>x(( zRei*z+G%MH_;=GX8{7j$*a;4BVA^EVenXdO1FmbO$hQ7BR#v3Q_ogP8xaMt5%|3bx zl-{$&HRY+@Ku0sw?DWJw#rSTpN3*SlI( z!K-o`6VC~93F#5Tgh!4OjWf4*6l(dRuOLVmRM+8eC_y{HY$cB?yk3;=(^%Ez!g6h> z2uma5StvLO5bYYLE@m?=4%+%NKL7>%FlAMfWG5OCPMj~5GL)gDI3K z!WqS3h~e}_stBQYAQU-qn`B}HeCfq<79CD2P5|h<5$%fkBU^FN`7_0fa)v1gE%h;; zZ0cL_?^CjY2;_X6^*>c%J|T!i+sv18$VcxmPwc-()iQt9T28{ngyQ~oDe>(5&fl+? z&cA45idWgDl4#x9S6l0YgP54mp=ozD!RyFJAlZ+;5@zjyN+bUYb6Dcl; zV67j+xW{IZ@|_V#Lk9t^()I;*Q;HygK!isRGbam-k)lAf&^As-+GXDFssX-Y!RrS7 z@L@fqkO&Jq4xQg0C@Ui-%qR-i>Fc?3ZegV(*)aYiz4@j=2Z@di5Zmwr^xSvl)s`q!ZlT1g}%e_AEnXoV?rjzWj8ssE(+GUZRn@ehxtPjt_zRe_a?oHZ7)Ms*0=o zdv9G!hRrcMRA5uxq*Ea~dm>#`P5jx7fF26vV-J=s3_`89H&a6hCnE#LNbHS@7+#P? zV{&O<%FA8N;LUy8Ly5An0LM{GfAr#JdeGH+>2KQbqP)(Uv(m0lJXK>-De`X)&i82e zpeyCtDIt*L^%zfoAVtLMVVLW1q9Gs5U_&1?lUM%CbXf91Nn! zU`O)IEU>>9Q;HrO7W}IEQ3P@dTBX_iSPLO-Hg4Ot`R*|E#^yk`rZI>C0dC|IOpGC! zis}P0qs=HvBdnbKL=5F22}u5K25YQ0i|*4c8s~@L=qKTA=l39f?Nn#rKq^fJlHo)z zr^5{FQHHjcAI5<^lx~SLF)@+N<4BONQb8-8bdKo(n*>c#F0GkqDPKJ4!R%~o`(!qP z?nuK*W(=L-<|$7~pQI-Rpp*>wnWG*Z$DiNNzjb?#wcBsj3Dr_j>xWl?CT{6NB-icB z-xz(H!W@Haf%rfJ&rrDzO+;F<)=@$Jau&&=W|l;xajQJJRMYzPMgx<9-+Z}EE|azUuG7c(^?lF3r$xMZ|Ej}9;FLc z8Y(uwiF3s;LPP;8z)xkULlK$|KpC_!)?p*QKak|H1Z!5fCS^sV!m0pa$7^KxQ+m-GZ!P5@cUj?crjrxqbQCux7?A|my%%g~ndBCX|49e$8Xi#;OIY{%dFacT&K;v~o>GeO9&~IO_ zxD4|w7=@jmyZZ`%B7&oUnwX_Btrt(Ozrsy>f+_aNQYR8Zmi3R2%HMZq3-9hJ)#$4Z zK=Si^n5^U&LVshzq!22FJM=TKVsfOom_a#{y_L@sSZX{7t_)2<)KdestX+1zh^i8u z5$2rPb}0587!WXjngoOT)H(6wBc}6$JaFn8V*XuX}mj2z5G<9w5vM^zVREjZ9B1;$|IF!N)5pF#z|2><}95;MA z*jsAl4l_?~_;Sw9@R9gOq6Ul(3|b~!jrmkQct4r6Z}wORU$nX~WJTot0{d;yv!{{r zL@GMt&pYJqY))bmreg9rl)w7)xs)SN!Gc|WyKmFX5*7mDL_n5Q#$-ZC|D_rdFd9lv ztzIO~w(+K1JO6X83_sTp3N2@O~La9^js{-xFTZ$a{OdE z@FcWb_qtEK&+)t8l*_AU4LQuGOy{tTKq&*+4G%KEUi)jJM0~fpU?zGPlz z2qgb=Y+5}v<9{m2{OWDH4b}T*R&8Ptv}!^3`94#~4QnIiHncM2_2;9ce#fQWbKrXSUeE>ez4u$>6rYb;NmjNm zxN=A_y7&m{x*UNq5;no&P{b~TPe{6sbzkGB*_lYypv-3Vgtv|TLom9K_ zqg`TBOC16BA-$3fKbT2^b_o^@%()zYH@H}aJSm}p>KtIHbrBhULw)n^#NwbyYweai z{_d4cz1|o&g#r{g!;gycOpfRg2U$X!x~qH=p};pL7j^%QfxdF}MZFXptlapt1wk0R2l5g)yij^tUf z5V0U(?2y6FZXr9E@*pz`Dk%txIp_O&jrOZE*KyANQUGLip#+-cDDhQr)v&Pnd|e&p zFO>wm8+7xd=eD&CLHQTEpy_yI$~$*-%RFIIuvZgeh^$mMaf(r`Vb+0*gBh~d-ZUJI zj*|ihDj~iNRZz?p2!Z@v8j~1O)i%X#y2eSQ=>@<*g)#>{ELqZm9G6ZKj>J)Rje~$V z9@#MIEtc1JTbezNfHARH5Adxe=?QM|#B$@$s32riBymJicn8)leGJdFJTf$tLX@WB7o!GyGDo`p zqP8U5?Cd+y+Bk7@!=1Uf@DX6IXi4a31DZ~%^c_?;Bv=3C8pE+y{Z}IfS9eq35zIT4szvyQ5yt8?!?MZ2( zqHk;Zll4AB*Xo5+4B3Ja+m;KaU9OCf?)ym5F4W((AQ)ayTZm{N$#RJZraL7vWn!u$&-@GZsd~)W9iYW=9S; z2AG?=PHWP3OqI>2vBjG5=vT~(0Pa#nlu(>)qCjCqyF+YJ?4jZlqgkXU&lu{P9b1Gk zy#*K;xLCKekqzVKg!G86=`2QJ@au)XZ~NN49Ksc5&XtdmOmYbHw6wI@?B)yn0(wRmE_^;UQSyDp*iiT`j4k6c@Pm=gQ)A{o7)P$6Ma_i^1rGte=fdF~8df z*EKfcczJpKcald(N9=)*zQ5+?id$O=fQtuz{tSq{T!@wS_P$BicztYdzc-$fE#k*Z zr;;BH5C<)7?L#rFDC)f>1QaZ@i@gcAEBW~f@+1_16ZMCqzG4T?R!c{x|HOOX(6isB z`EV*?z&w1w90LOb{^x4@zrgriGbg?lBGBDaKbQbGGn$A*B*r?NJvTxHU zq(`B3(BU8PYKKiD@HeX};0#oS{~-#KtB!l=XIh>s=wepQl>!-&Wf~~J+WY9f`teVl zUT>htrw@C?;gZGaM>SOrh6V<%r{8XlimIEMIO``3j!sVIB+{?*JQBxPyD<3HeW`86 zvqL&NJJavaGIUKOC}6=9P&c@;5)TiLUXQ=P-b7v$KrFR%bxW(O(LyOc3uA4$5{Zb2 z2zqpWxUe~1Y^1Ii<6_u-&ud6l$_Ry&s}?3Iq|urG{H#z}QxgUx|Aft~)YwQJv8;poWZ;NY<7-DRmYFGZ`Lxpi?jy|NNF5QV+-bh9x${3Zyaa4L&> zOF;wqW4>DO1(EGE$FXhdYN`yj!euuzKa80)$xH@;idH-MgxqxoSw&{h>>b(w!Eu<= zCRP4A?;^6GL=Jbgj8ctU(~YbTqW~8u{j;DffyE2j2LyGim-B(=LlFBcbI}}zB)hz8 z7IQB#9>{joLK%rvc)=g*ngJch_eNjd2?ZbQ@6P8xB?i8^!j`DbgDOJ#b&cB&#!Yb< z1fUos`hD3qP;rUPIQH~WG$$IG%5kQ?Hk5Tk9xEkj(k(eN61B+=7nd!sw!hfy9I*dZ06X%C3 zXnz1(Oxnf8CB6?8G@i|Y;IrmMs8er5T*{eA!+@;j;H7Nc%`HVx$7aMzSpF_A(tfsl zYlzh4d(D@gSfEG{2-!^H&1K~{*&rdHz~_rX%cuJ*dN#IUv8P$Ftz5_Y7@?IBqBzUY zG_c|chBY9+=4d9`VZ*LaWKI$-~EnrQCH(FTWEk zLQGsGaU*|?A(Cc7?UZOU%e z0ukhK$EK`FG0{sPpBzM(K+7$XSz$BowbC-X5gO7GPXkxI5fXSka&s( z3&o`6hQ7@1{rm5>Vh{SYhHY3ucVngv<^#x=H#htFGSJNV;x=>eM^Zwn<0=`2g_zHI zoS1k(xCZY&v`KikU%`?-T|B4_=Je?>qfy)+?HBtUWt=T2D`8z)jB*PS;p0@lm#%EW zS>w_v-TqFXMRq52+%svO)7-Z?#MguLElrmK_}undESNM*0CKY=viVHj!m_0AiwZ)H zRlAZ7XUc<-FT`)&68xCtj9+;)Y)9$bUhc=JelT0}yfks=5|-PL8~MkA$~R@-Tp}yQ z;Whrbnhv_&OyN$0g_x_&0(e@r+B$USubP+iYKX&w)!GS-(L-?A^^wa$&n3{Qi1tCY zMc#y~x~oVJUv+N9{BgDr@~X*-Kz^fP4h`_4z4b1($|MqX;vH+*?)G}@FbQgwwDexWx}CXQe$tM`!>0JopH=&3YYC}OwZ*7r-HU8g;yK%Cj~ zRcw_Fe-7Q{CHrJhK9-xtgrGL7 zKm0>K%inlo>7VKErvB-CuEng#-u(ErKFRs9DIKBM9=*hV?34r}SN@j_YK7m0^K=`# z)(85J_UyU>pPK}u*PI&sR#G`Lso$mKjvSa=So2T$$2VaIy&2fcCH{=J)Y~}t3=Sic z*q0J3sIiUg{_?lywMTuh$F`BkCpI4GeHav62I2OK`4%WR>gF(euK~ zn_J#Tos8k!Fxz^$XLiAWa@qZvFsYFgy^87BW_w5uLV$Th0v>#`-Z9+o+B)*-!?oz> zOt+?iL3NF+M-KNi%@`*M3CUT`l)tQPVWc2amSRt^#p3zgmq7exn~9(LUp>K>FOO3% z2SHgG8UIBf1nZf5h)o;+)b2qMV9h!JnDyQCzB~~*{wZEmt4kDn{+HC~cjGMle7o}> z`fhm&a;+28^^i<29IgKR8G0J@^3c8&Nh-_8Du=8n-GvrT#W2NCLe8PC^;NjuACjnM z|61kCEu=e5>ufmZymqfNeY$wAmt$(iPCuV|yQ*(VNi3;nZxGoxOLD`}$;ut$U{re- zTLtNNeyI)$h$d##bgbegHE+7*93AM8!3xQ1+6Nt%T**!Om(?18J2U{uVSHeiE-^ENz zNW`2c{@#r5`u|-3isjAR4m|wAX9C4jUyQHi#KkOZ#i!UwQhx<%KoW|c$iWozFf&)g zv7+O%p8xnDE07J@=eed0G$m@?3`U1w7Iz z7CkQmw1FN9lmLzp-+H4Z3f3D@3~@J?i$%*M^Q9*1P6;K}?4MT0RXR}sNAdq-xIyyM zI;m0YzxGzr-26)HHg4%l(&^SfSHyF08NEbCI7f_#-+> z!UU3k^_C%OZ*zbA#CBXilw(~e)zBmmNgEILSB^Y5jeO{*OfOuHjkP>2JwNE87iz($ zB}@{BUJh}347I1_hs0s!n|ksg4^1WZPj2xhab!Am@ZD0!OGJlT@ScuT7q^5*`n!=n zyPj}gvi2x-d>8OVUjEs8W)uEr{{YVas~cpz5P+az&jL-&QjboFk3BZ^9%4xglpd63 zi)RRf(e5G}dFYl{8PuFl6%#O()S*J!J4q|N-x@XR!UZf*Azge_4Oi9}-M6p!vo;|6 zt4tsg9xO`#>AyynAPh)c@^>pl%4vP^3OfWOHG`GtXQld3mkZO`bM$QV1-4}&fT_%a zH#cuuA{L+}sUb*CA*#b?=Ijj}d%2DcE*qjEh0-`2KkW@W&3-OMv3c0J8|*_}b;qelOwvtH!G8m9p4DuhG_-F>rfz5FhQ zkh>LYG&gr6yepLxVLW!XOvp-$Yu!wA)!Co^^K6(n*$K_ zsKCy9w)drm!kSip<~GWr)`#`~fJPfD6MbIty zdUK0W(yW7FYBQ0k^DVBddI_6<-$j!xVUd#sms%qs`b4-VPH)l;5xvTmW6Jgw*;XIr zg_%R;F`V;2d7yN*F7lqWJdml+s4ch|e3|-<%X$@Icnde(5APXNDq#%&>sr(dYV>!KurM&6JqsyY*9e8)22E0 zKi>Yak-;3U1i41a+p~1fevv*IW(#)ByZRiu zZ@%VWN*c`)^oax%ca9Kf{gd=$E*Ee?PU31$=ot{;CxSu|8B47CNY0e%B@cdh|0r-O z;zg-k!xtG4fv)0|JkhClXTgKRtAF1B0KZ624;J2W*fMA!3BfjDr$y)gaK6ibt@>b? zO7pd)W$SpU8G!WRyNmsqwY7xxbrZxe3HG7O2G`%ef7{vF!N1ziHh3QXBr^4@ny)G@ z2ETjvZn4e9)Wq8+-vdzR-IqU=pvYl>oE!+aS*r*u_pb_gRR*B-4nW3;9|K>K&Ga*^ z)3dTldwNW4FEpH@c%1>QG!TJK2!kR5rDEQ;vh~kb&CoCo^%dP`k^Qgd#;kxDMgqAFuS`Hj}z z&fNB~xtVVn9~5+xg)vWT7I-p@CI&#|T>K;@_^9L-=`6(P_E+L+MJ!@*Bc(|ligLM+Ot6Y(zbYM}#$I_SQuv6O*!&=;fKIs73%G^_?t?R| zmpWQV!>fev>5aX^KGH;nsF5H%Vi<}@d15;^WNKoozABM}m{%j{F+yD@jF1UpKt?~O zo`_MRYs`{~Bq)f#N){m6dH@54IxEo_5< zjV(z)Y<^=S39w8y;UNh8A1~=yjoO3%{&n{B@*38K^sF zSQ-E6{D6n+K_XTwrmM?KGvL7aJr7_ig`x>+^x+{PU@`%BM3C!A%R)(GBL~xXA%XsP z=e7!wNWePqJ*uj3-Rh4Z>irm_bsI_nKS`ARt}vh2XX&}skMw@A0ql44cW^L{aO>(L z4q5~ZE6QuW4Zs~tOw9Jj^RY(nlVyHnfs9|v%dtOyYOF0-Xl(ts_yMYRGH=E8RMkhd ziMv;<Zzc`%899q|Q=V$qnTmrx`Ohu{y6>h<5A1c55>0$ybe4ZR{fIh&h`C~Y&g z1~>ckv#q3XrHZ%!U2X7Mtn|+)n`{d$S@P&xc-Q3{cITa!I=z!>3fIbeyMUd-CXAlU zIb;isLjk`Pa^LIjYLBtQh9Dadsj!^Rn#^_5zO{dpHE1}LagoQ8V^x!o$gZ7;rH)n3 za_Tp2^sYG(X?3UNX7wMUK4%28*$`Sj*3YQkbN=X z_)FJR+3!TLmCXjg1$qqr8DeTmL zUkGSp#s;;TQc_a$3m2twN!!1(Oo!y&1cWChVi`v`C<9hv`(b(BPn#Fqs~}xn!t2wG zB;zjct??YLgTq6>3z`OdynBafGnpR)6q5y@X*m+hS{}d3GXfrvs>l@{7P&ByC4RnQ zfrfeB!^6YB-Sd0-CeZ?URzc5XrW3mY(`>LGuhOj`2D$Y{vO{h;`G`tFOwyemxT2XuYW4-2QIjVSchA9OamO1!M)5t2Ik>7q z1)z+qT{0Yx$))2m<9EG%-Xw@&i(;J6GGYm8@LNg$?0V@)ib%+6X?aE!WrapF0E-uDQ+ZMgfx#q{)aGG}ykef{KZ{;%_Y zcmB742NK=;_?wN0h$tG|AzSDd&rz%2EbEh$=8Rz_9`mQm=hUS8dfD;zpfm{pK-^Fs zNhsiKMzR>TZu;~-yru(eEK=uoaE(r#q_%bjxsPtm#;mGX0-&tGWaH2lpZ;{s)_nF+G%;M{SnFSpGL%8-u_n83UG-HcD+d?7MJ*oOYEtB9b5i zQA_3*(OUwC8%GRW;(2yzd~fMAv`{?hiBG!I-b;ia#v@xyso$?C1jfwYv}X&KhLeWQ z6uu)_OchLrV+cu-7os%HA@G&yM03S zeS)Zd=M&Omrz+E5>+JleLts*&Jouc$vbz!uHlu6~{=1Y_Vzr%5#K$cAT?R-<@`}N# z=p6>3?}dLznbjk~VQy6O!F&vqM9?wU6-0i9&HB11+dc=3$ETziY$hAnL0N7*R#rVH&nM4-O@e{+p3|vvsyL@LvN3B$39meEhL4 zohWOaF;JtoZNS*$c>S9Y@~T}VN|?kMzOGSm1JvQ5Gd)w_>gm;6mCc3TXP$Kc;P^qA z#q7H9eh`O^C=`26q93l0#epM4uHffuCz#dQV~V=8~yVd|5J?{>^v&v{i% zmbV_GPRw!_cMJ3Lk)}^ay0_~$Jt$dY8Jtk={q4L*k*SV=N`c$RN#_)dP^gnl`_ySv z%>^Q)Www;BDmc2r030lwfRu#wDv|Zi6RDT4$S-}FiTyX`xQwkYs0F`wC^J;mBZs2# z7Z(?!hlXTV{Vyi|Gf@AXzC54ud+aG2e6S*6he^8rT@~=Z$lLh-Z)dnvxry@E@+P+z zumj7-msI&h?D0(M@pf2D*2l+3Igh)Idqk^M7N2FGY&h}t0CwOR!he{CEqn$t3B0ow zz8L3{3hhlfHbSL5I6CV8uXZLURYbH*1^<0anD1I?bsA`OT5%o3*WG;$O0-g^ly`4c zZc!{V7jwAjMeetfd7TfrC1nuO@V4oKfG{2Q>Cs0t_pbQy`(lzcUDL>xu`bdLPz-}m z7+ar!^=@(qB8LOsHhqZCp$O5<^%Mo-g9UR*4&(E{TpD}B89~c{RY3q=x2<~Tg$#as z%|4U`*(~;WW6|tI!vfUY2icpWkVcXzL$8+{`K5$+#YQQ3J6qyTB+^Qx&xaL8iBcj< z946I`gNu&bf=Q(d{%j(PM|kuBhuW_)t8ft*QNrJtLzj`-QRVC>eA7+bY47<&vgV7g z-y5QD07=_^HE+maITW8Q6Tt45q1cn}5nU3U=iG^kkB|S6Y)LCboT@Z>#@{MM9udHe zbgX9$4pw`6`x)(-s&?_2pHXiDqXEmBY|B;8$ESp&t}4(^cKQd=K=YJnoKzInVI;%h z(DOUmZ@1fVA75yMu#y$mS_FN(y>s8UO=u2L$P(jDS>R~pFQeJIJTzcv(523+_L5 zOJam2JGQX{GX~$?6uAaKW52$%M<%5eBKFERT`aJ#>jZ#==J!v8l`X! zwv2Z9VMV=lpQix43%Y0PkVv@h!?cY8-PG%D3O5VcTzpc!o~qp%jy*0ESQG;l=`?7K z=;+vztH+q{#KMC=Z8J7IvScreA+FF58lX{BVb`u0x9;mqvaa#VZ zVH8n>hH?&wOK%Y2&`lR1UtGOH< zkt#)Ac7Hd|rH5EIs@VHBT|+sWowAOTMxp<|)(CJ`TBM*-eVVTxVN#LOq~_~uYipfx zg)`D7BRlIK7X>REa)iiAt#7>g_HGz;iN++xel$Exz8`z^H+`!td)F$~Hy=QUHZ<3B z>hcZqIi~LZqHjovo&EHF@wGrvyZ_xTK7M=Ju0x>S!at9cCoY!&*&~YFy;m)JBwk@0 z)2W^bhmp^yyd=pBXb3D5>`H(}7NTTJhKzNGLM@JB7|}Q!v$H<5>0kp* z=q*v8G+K1JIQwHXhZr7J+33YlfWwb0hvO37UFekG6f#);YOgt@wa{Tg zMxzi)qcAW(QX5B5QDV@$OTmke%wBe_PC4Y2u8?)oZ(*)gu`qdoqTaeA<3(0-u6V6A z;CE;{)Ah)eT%EhkJNK!8t#92+Ltv$9GR5EU)+V=VOirG^*&L-NxYP3-KY{Pu?GxQ> z;9{gvZ~?iNX<(j(`53>rWx)MEM1l^Inu=q*mUv_t$jqWhM$Aq$&#z=+3O6i;y=0=O z?*dj~rD8kDP&~kXMJl0Ce`?b}kwU~F?+PJ=hL~;xOESXV;1={Rk{j22eO*&F<1EUI zr^2_JVcEhTn*JJ2#;f>p@tj5`vXB}kUUvcVr>v~Z9xQ$mZ^9@`*YQ}+$uh3N!j*OG zLKiEqfA)%GfPXJeg!tU})6yyXs|C5)Q`wwTfiqsJo!qU$9?p;CFtXxuC0wXK-0Kpd z9ovb_Yk1d?#V8t>?&u3Kk(DW3*7Dj!UN4-fuHz#(RQ zC?9pmabw2{Czb*hV-ztYu6(kq{t9R{49C}lZ#N?_)my%f-lB%XDK!=u%m^9CAR+Ip zk&#GRxNSC*iKj_Zx0+C0brYoqn@FcG?t|W5Gi4){CebQonw>1SxS@L$m%H-UhQYPO zWPyRZA#24?F+eI3w|$(5QrGPab>L5S%(%-~r4OZ%&a*Lvdxa6MP2dsZGVGU&Sp9P0 z^2!IYI!a#q71a)1Rp`dF%7Fi?d)EHuCnT@B=ppRMiSp0DKpE34r{GB`{re2}P%XNA ziL|kG<+n#0>$YLM-k@Akd}G8j{?CL6$So6vm5{Fu<6dw+SSAN7b1RGAYSPPFMH?zT zb%Xh~1}~gw=PD`8jH18f$hIU{GAp5<7Pnm*O^CKgOPymZzf_F5xSz7b=2`Lb{+9*x!l{ZH%-2{bii(PAIy#w`1uS#lUw=Y!8~lU#t!S$h12ax>IP z>+WFKp+7L)B@lT{_oZh0NX85E)d0vnv56%p_~6gHanJ78Z~too0bF$hXQGMTDi4Xw z=dR9m;TM9Mg+uCR+~Dtjf{QubAQI9#@K0?0K-6XkQ*qKQp9US5U?pC_O=r(h>DF!* z3Vu;lFKKX`Ol#k{x5uFnsFE~Vg*=4^Tq@+eno*0ThvfAaGKG%>?3&D*-(y~J051Pm zA0d+Dm7V~h|3)z1{BBAB>Kypr9>;&q4dD8)u(15MGeW>(fS5OtnbA>w2OTdzd)Efg z_U!3ss#g@QG&>VSq}R%(^~8Pg>0xB(?oP_h4TtO;OPR%uRR1!la)fM;5BL+$>!$kr z4g)rMP;afI*@b&kqIr;}DzlBD$!_2I)nbYJ|609N=Wcg$0QH!$EB`xBAkj|MgmEoL^Fc zSR~o36cH<=L`<6f+h~LvP|s7tK~cZFDJI!A+=T4LA# zXk;(Y>i+$=M+!!lgm#;-sQ`$ME%pclx&F@3-R^n#JMegSAt%!7-m=9JxR}c!S1o$O zxyAc7ZKHu;esWxB-Dp2ge#BA7#%%FH(sLyjwJ?~tcTxaeMoGJGcfLRs#6Nk0g6T`S za%9nZ!##~MJmNIktQCzqn}wbUxPWf6mtnvfVZ!35!Jf_GcSTR|3U_q-tIi7^b_Q=w4Sc1&BN?bB*wgBRT%#5 zb>O9&Q2xb2Wvx`VDO~wvmrnH)h6Id4;b$^v8cHX6yNMutIW6V8lfZ{78_nJ%X7DMG z*QuX6NjP=-#iVE7nDIk|WbxPjB5f@#nv*G`YRP!Z6x9sJa^{D2q{)@vmVH}V?0#&) zKQuDk6Ae7E$9s_7^$QryN{0l-wIksew26G?oK0KTz}R{Vh_g_Ky)3(ehjvc>1F{w& zy`K};Pz!K3%|~jExa=A1q6FMUq~8~(Sn`V-#NT@oK`J*9)1(^SAG{UKu08e*4Bw|0 zG5we(PBzQ)!Iyu+NYELpG@A)@Jl=5qU~l=KpAWbz8xnGIQT52=if8skF&b!q*YUQ{ zA6LlxINE%!mcqAxtKo0FU`F7Vy1Izr9S&_$=EGB#xFS`bmlWG4JK4n)8f42mL=Mz& z`JquBlLdE7ZkF%xe6J$}=6V-@j|ED0>kceZ0bq{7x>u32*z2F5M29MvJBIe#v%kj7 ze6`8TRc9__j8i_efF)|%d5}&`nrQfgDPorpWO0@lF4G&HJWh!_C|7vhO)JW+ojrna zfU0N)G8%JHUsWbzx#8q?29|??oiz@S%fXiU?bOSo>gDydB;FvUc5K*~ZM+1Y3^3f@ z!4A3&BPVgJolA9xx_>yQ;K;3TjqL7_?(lJh%v*qia5f% zeAJ6uS?VgaWfUb>JffV#8W&*_Q@WvzI{I6IgeQs>J2F)IZi@gC7$!kM3kQ~Y07{+T zK_+>TUwhd#)1tt5n5HV)*AwtyA^uMAw`2T9y>Ztif3uA(nCH3*SPL-u!dJ)3X4)hC zM`-80(=K=U+U4JO?ZUCxA}=68!((|$y;3Zc>UbYN!VT1pZWW{;+HzfFhO)6H>;8VEyfEahQA|GuHO?en$nQtYQ*Dgb zz_LHuUzXh02_yxD$6^Pf<6hSwG33pwT|h95+zak+4^Dn~@O%N5IIj6d?;z=i!b%tF zeMX)|HEx0qnI^BAEj1;}8D@C8C5Zim!hmXkBNe)nD`{RB=yShCwiOR|^F*SV-s^x> zuqZJ8kfUkiYpT*Cl=@4r)zbV%sX7?p^lU) zF5hKhMXq3TuF5Ho(PuY--gA+Vsot5d?}XUM>)%Um^c&6@EB(?-y#GeO@{f>T^?iij z6sg1O5>aiGy^UzKr+ogL+%Zd98x$)bUGjl@tm=2|5KT|;3qucF59`sTc|PZgQSF%N z!U~NpOTUR>REvpIo7L0ug0tsBXon73YzFlAt;}fOLWT>>hdUdS8 z7ulgzlWX%T?NC3)QZUQ@Aur_rgegD5NU7Ujz?OqS0AYGBE0DY z1VTrv*3a$1IF5k(OPn@2Jek+>4$mM>B!t6uvyscFnkT=7dgIO`!Hj#rosEq}6Mj4! z0QNCs-HJrElQxQ)dI5gY`0?r}AFXqyA*3T7DgT&s1nG8+_aQ5LOR4Xt-ZHgl8QboO&x*g zjS1A6NqT^-D|J)TLLEDPmUunUHFh99cQ*UN7;ds`ehb@9k_q1*l%DwtCtC|_byY!) z6sxd=U3#Cq{r|<8ez!~#iL9yb9R1a`BFth=T;np{H2`|)t_swQsZ4R5Og-igB=;0C zTC%GwC8&-GjoFSq$DW^(cmO{%@~m4w55>nZ_K~j{@fCzAN!4gAQ`PUY&{4mZWBX4P6Y~G zbSz%RlY4UtL~VuWQ6_XK1+2lS>N(7z_Ze*zh@@CXWbo&|?30+4$mBHG`;SzVP{Je$ z;VX`CEa`{yq*xDW`kX*ebOg9A)1rpfR%5_+Xb8{l^X;=gKF*5P=Fu=iHRe}{BK z{@{RL|L(s%A<=t!@{b3U(9q;$iSelaq3J4vs_MG%rMv6WAPP!INOuX+ARt|Wgd*MD zpdyV3(nu@a-6aBobazR2UA}$ZnQw+ajtb}Qv-e(WJw7wUT=73X4OILe}$1#YF?2MsK z)+{TIClR*zgBgoJ!Fr-s%k2xJpx-M}SX3J$?=!;#0~Zl6fsHq14||AvQbsvrB>ds( z<1x2M-{X}0CrV_HS4n!Obby}EKhEmm0eogRNhS_S@220NQ|6CL@f!D4We!{XSYpgz zBwgYe*eH>;2R5SSEqQ-+^ej^Tz{gZm|IRHV8Hi^tI$Q2(F)5+~L(pM*NLhrmOZ$ql z%tP`X=i^In_&hrTNF$M29OI?(pN7}jqrmb+qUpA$=s+V1!0CdYKUMnQBnaY10`;I9xDvYGCU z4`7Rsk~rED4l2yG)EuCQHMzf@bewmcguai*#k{-g1O8O9Q(x=&Y$4j|COryHh>&goK^@zk5Xs|T?e6m3J zP%o$eop<^@@<3ev+J#erY$%;RsH1Bk+LNo>m&i4rUwm-Rh{~ z1*)_q&7JdP*6q|Q%q*mCT505*P?w(T&jJgQV4KjS@w#>=@)@o_8LqVqXx53!H*x2W)@*6%Coih^4i+tz)L^IZYq3tw%~nWw%YSqxB9L2 zz}W~5n^GLA1}V4wg6QBk0fLJ~e~Bm>p&;|#s4O7g$x_F(tEC3YIY_z~N%>4&LnDiN z~q z!EzQR_1Vz~dRgq?Pv^Rl<6H#k@djkY`qjsjNW(?g{D#vZfs{H$yy-s*jK|*GYe`Z( zp^t8PUMqj{aua@bmU)|FCH3_?SBe6AdiCwzCP9|V4bGN{Uo-AX zwSPXgvce$J@>F+F;HB5n^_Eb?CO(71I7QpQ+i-0g3#R@=Jj@~84{`IQ+q=K5b=$x- zxC$mL8FO>RH@sz=H@a5qL?0YeC}hx`&GP&1d98sY1cS{)m%2BH|CaZ4jmM zRmA-%&|Q!6SpFH(f4gr12|+xLUb7oFd2Dg(3{!u6y>gd9gbJpeU|?tQ*stFlbvlWE z&rm>#l>6WrfG#IETH`~5GziryZ+kt{Pa?aya)OAitp!ICRj9^B*-IU%AGfGhno zDf!wg&3hZ6=kNSy$yWY;Y3QY_zWqy@TIVm`hwc{73`_4&t6E7?)qO8;^j@|tWYXiW zH{ov5)Qn}c-PO_uo~M3Je>3Qa{oDAxLvc*H_V$uDMDd?bTe&jC4tyn+cHv_B<@B=E zaYjsoG~DQN(f{7}_9)u_FCLXHI{VYg@>%APCE!nlBsN7Tvo5&Ok8`fy^8!A`zxUapl^J=tJ`a714QvY-4}zqE5BkZQe=0fkJU7?gj1c-Q&n&7j^^$np!7D6BRhYq%Uj|e%w<=3{$U~ ziCeLoJ{JpeE}=a3Q4==51DqcjAc~ayd0rNwkgUEg<+ci9cxcr3`E0h*ih$1l)^X0E z6Ax5r)#(=xGg>kcfDT>-#Vr)SW%SLDs+KYMxW!#kQFYay;U&PI{Gcw5{2mQA&m*1b z$rz+CRkeIX(t?9!<&ZX8s@kN>A%CAh2LD>ciyb4^jz9{qbkswL(#MvZSzG zI47!RG89Ae#j%@^O4-Pg`X?MZn&$txBI*f#X3yh~cNEK4TlJ4c3R~z>8fXyp@9<3d zJ@p+neRc1)E*!T}?s0VPN)J{BN_}wfPAGD0{^Wl3?aT)gEHKGz+RniEx2Q+Uk&mGoHm93J9sJ5N$-&4#dZopB)EDiDNf2dYtGUue| zif0hq0~RzeJw2T<#}2o90vAD9;n2?8`-XFly|j)Ozu6fw{1KkFVAo6{ z&G%g}Z=Wry-_?Wu;PxoWs5eE*2qmvk{yw_;P3l3Q$HYhMEkhTI z+oIwxe|%iqu{i3=&WjJ#jI)y%ab2=p?ynOlD<3E4dkAkC9osmB8=SQlOsHb#*zRU9 zpyoU^8AU3T72DksEysK0y*T1#(SUow(Lxft)6b3iJliMAzlK83&*YXQa(ZJ zmHE}3NzaOZ6aDW`oE#PYkA3oo>$z@Ud_b!D$SPQ|MSl44NMk9XbIs$THuH{lpnZiA zW>BjJ|LyUc~SUcFCRV2>2Vwn(mVL!4j z8FWfFzrRf5O1wl4u%vU@Ly2SCWgIq6qc|U~IiQ`2vRCq?5M~$23LH=~4t7}nifrjj zR-wFCGjjS1kbk%i{I;UMvNi(FF93sb_|x7OCoL_lpRe@w0ownq4{`#?GkA61A+fUR%hOFHbTn0rwVcX%LEYwITZjEtaxLXJsoN` z@ibZ|v^FYgJqUbAhb)l;>n*hF{~G0rNr zp^AJp4YzfdVJ(!c%SHm)@#Qpc+NUL6aEg*Es@wQ4uppJ{b8U;*o5My2`o$kX5^>fP zi4H%PQkkZzU@g;=vg_5?KXTp+%u&6QkNEgTo~}AX(afVp6o>d6i9s#RO-7C-Gn z7HSoDS6Wd%>?{pFM{M!Sb+xi12?Rl1?>PCiM7)si(566op;fmQ`IHO!s;xx6u5saV z8~Gf}SQsE9ycA5|F{5G#YK;8HC@?xK&d4b}8^?9yA(U}{a=CSbQ9EF*jYk*lThn)% zEIpm}2}fy(S?QPtgRim|z_Rn-o`f25pzMEU@V@%TPlMW(qh5M>d3lT$K>58MXMIGY z$-`H~9re#zyAwa$eCsMj&Y$wW*=m^1=Wf@ecdvFaYSyk15BMvm(~#fRhvUaF=^PsP3Xu%2^pm%;Q5dSH^yjiBcj40T*VBws7$mHlbmsN70 z-lql`EFHd_#v)2t?9K^yI^HP)Rg zaM4Rrgauye2LldS4k@?cm3k}18-x4rjXsQ&!fxiR9=Q9ooUfNE{6B8v+^1F(a?*sZ zPHlvk4++WNU%AnE-Dtzw{s2AD;#FnDCA!1m&sH+t8y%PH)C@Nu=Cx$S_@f2;itE{d z+gDivce+Tz+b3cu+na@DooFR^Dwi7-21vrnXs-xYey}m}{nk9DaB6#9X!=BOmsJqI z8E3ZJTmvRNAXE-61fO*_llC@&r)$1ww&r;eyVz{&POGXkotYuUKNequndnn zHwb?7iX-}in+!lFtmb%rr+zO>o~R-p8d@#5JDl9AJ3T>HL*^1d zFIv)6dM?xdAzJ~-vT7;E-@#f_x*aQlR(lX`?uu3bwBK8^pudqQbPr(ca;l)VeS#hKHs zhJ#1h%e|N|Q~rSYf~6$vx;3Q@oH+91mkhj9((K8&NSFK{4de&Zl5^%Zq?nSd1b zIHKN_m}81C)t%Os+7F3KuaMxfU;~y*3U1cRvr_-hwTph#&`1vC#IJaHc_ZPM0QvXt zRN`z70g60i*qogJo!{kh2&+jC{QCOZ;ri4DNcYhXnod+luiqZ9r1XMz3c8S@=p~{+ zTfh9bP_xeC=m9!9dVDVW&ruv++O(K3mE&JX%A*d&=>2J_5cdu>;)Z@ zN(K8W5GHx-{;Vx~^NSpSA-ioV&Xmt+iiNbiJD0hF+8Kbg@ss-F1dn!_tU<1dxX$K- zGcQf#iVy|UnQ5NH-`TOSF4M)b4sG(Za?k!O#`%aC*#NYF--{^OJQjU{?b!0jcrqzg z{7OUgU6-HLa-91m7_^?bj^w4nkCh4IKEM$pZ&HP8zY`8fc%tQEEWE5@50Q=TwjQS1 z6)%wBb1k_UX^a`@VfxE!;$ONp!kj?kX=0+wQ~lPa#H{U&M-77V<(Wkv842vcj_VqJ z?a_8!3v)uyGj!?4b=b<)@1{}lu8=*<=l7IK@FYgj11vSrc2zT2o(9Z0y%}g6$NelU z2|Mai1!F;Xxqq@b5*c}io6EC~Btx8fODDtB0o(kMQ!)pdIZW@HmdHUYj*qD3${5dv z#c$ZjpBhGhS49er1aNNhrK++3s0n;M&W(A91;i}vri9={L(110yZMjrXKR406^DDB zM0#Xw3`HSs1jzY-oikO~6`MsZy{kW-1vokb9Rz_HR`ekpV3L@q$Xi=mlHT5p_~(#1 z5BwZPIPL>d>^HbuxyR-20{#K&3$$^~b0g!{LzT5(vXC*W%Tn{Y0B;V>*vnLOlMB5IN~rE(&++A_1`C0wFe} z&IaGgYth}+m5~O2SM_`N+f8f!=s-yr_yX)4q@zxLX7%5$1Ro+_Eo0*I+c1=%#Qd6| z7iM)$R;JWj0US%AnR<;>lHE%d7p@)SuE>v!SeCZLaI7vAFwHWqhcZvfQ$*uC36Yx} zPE8~gdNt~Vquc+?;xp24alO_v78Sz4!;oC#vPDTNyQt~(byE`+SK>8}SP=pe>@#Wv z$wG4Rh{Tx_P;i!4=vh6h4`gA&S{J}O?;LNz$i129+<&jBr<>iVu^h4`$MA3sC9#9h z=icAjp3Y)YBlpJ7JHxj~k*`4UQQ}5>+#`ed_tSRZ7<}PC;g_32H@BV3Lzx+z7l_z6 z+Fz%{y*q3^qRI~3NM34*GTqvrMCJV*YG-F6FwAd<>(P-TN>E{$_^|k)cHzcy>K&p$ zxKTCntzhTSU}Ca~+~YRa^C81zZ>y3;W46fwl0Ldck?QW&V%ih>TmFXHxqy8R0S50C zSV}r#I>c+N4Dp%ML#PWgW_w$5byY%ovJrud`K*u5mliJ?fl|?X!K_f2{|X81-I~Ys z_c~mqCTuoiKGzg+;-Qc;HK(QCkZPZ+31s*Y*_dE^Z|(2Pfe4`}Ix(*v-)`6E8X>N`6U#sn3byXon!9O4 z3p4@)opYKgIIWfD>O+0kK4lNw~e?~U7>%b1Fw+dnuy zjbH#cR^V?5LFrF{RW*>0`@~4WHx(ON10>JkLqu@+r|uDMGaImwNRi`zgpNCG6k<4UxVD>;=fBa3(ubQW_jf*UX4RX^>OQ{U z$-s$#5TBBG(eneL+1O#(0O>!W6@rCNGh+T<%S#g_ zRR~cv_c__BOI9p;bK73EC+gSvHS}|98g;uSy#Aw!7TA4E+EY5}{@y8L^!k#`uLtW? zD+b3Y@1>58Krx?tQ8}w8Qkv=g$6p^$Ip;*QVcJK0?UWaZlg8DGBI(^7I(BKErYq_E zFs8Gg@VELQv0I*>+mN^bK#2puiW}*5gfqtMo!rr$Se< zMUks?E>2e6}85 zv8rJF)pX{F&Y7MCmbdUcDfMT1+v2~2P;9t5mPg*QD$7)%>BF(JFyg_OT;rr!7rtYq z$xf{gQO(ISL3*P>RGUQAtuMK}wbSg&=6ITHNzjL<`TK>pOn_z zulrsdusdh2g=z4Zf+kquUNP3b$lK*{PN6ApY?fm2n1|8oml{D#xnXev=`N|fEt6$? zsUV9`bKc;%9+7m%xqL#G0dryPdcRMMTymbXb*?{!h>_%8-#kV0OGOGGM)#Xh(7s%p zk&84GbqmWWY4Rsg#&5>NX{S$Vaaa+g!;qYR!`}ABbd|4f@^{)Xm-CZPiT#>lwnFI& zo8pw(hlQ)~+NxQuqjvU3Z+V`=CZ~G;ZMD+G&`S|+enjwx`D05B9!e(cy-hkaQ`pV$ z&7DJp6k%jvd-a|pj2t*tYRXSYT|4OmOzY^E`-4d=Mvtiv;eL1dLZAPbFg;0>BEAd3_qf=aJ-^5yY(%FPWCu}wQY&fZkQ+Od( zoyGBsffeI#MY|Ib!rG@}NvEDgfjeHsx{B{PUARO8%1&Mgr@?pRUDm3PG?f)Yx_y2T z%XZk(GTsS>JQG>-;rK_u0E0+N9$@$*F>m z&T^j^rr8?>&Rrd(z#cLyj?9~F6kA$gN~y^Ur}a%d5U9obV_=`X9O$ia(WNFAub)Kt zbK1ZCtdFloHL%s`2PSi3@WbbYB&ee_(P3d>MQQ?+_ik8uVmJ-o30k<6U-ki|^RSmM zbG*j29WNhWR$iXvtK|IM6XiWpiwqI>eaiO*skNboDULKbxw((}i}mbg&EVO&xo@Ob zPTx9B41E)@A0P=;{wc(|k#`#KY>ZxsRXijY)ld1Wh%g$5Rc4%~#8WSV5w77EGf7yv zwPUy*J)R+AESg2^vU4LJ+nr0h+O7`drY1vsOngy(-=DVT>`$9Ka6V?>5>>xth`S3v zO0~qbZLw3%)BQv?!dthk+or-kTD0kEU|^uYkkoGx({B-1nY?%u<-YWhtptAes^5}C z^6}%-{(B=_vCvkE0nkMq0w|FR78kFfh!iYM>wnwpADJfN{vgVH&T}&j3r;qZf@@%M zHK0@WcAOPPGAv&5^XGGC=M&0fvg>E{^DB-|B&}(B>(;**lz|ustX7JW!oor+n%+x* z9z`11)uXjpr*}!GnZaK#G3=Wg|nx(R~h$0u%-BnTMMV5vo$OIg4+6eAG)^0{55S5wWe-z{m3 zyC|rsaT{=a8rCfs1*ptukipXB=o7|{mYnlgafZDQ9=06Px{K(`K2xKentoX{9YyjR z)9eZT{i~9gqtUaz_YHYvE^yj4)4JN7Iln{%9sYS9UqQ}!qjJbxcJ-D)6?x}PMt5qy ze_&XzKdvak9QS7frcCkEjzjRDhYiqCS3h003F%~>SBDd&35%NJ?{8n5vDzEwI^{k& zPd`j` zlY@bQ0`_9&Nm$HuT;On;h(I~AFA(D^`~6aLrrQld!--o2n>KC{be*5T8(RsNxLroY zeA1`&BEopCv|s)RsSUDs|#Lz2TO+(yCV9b-VmSudL*2f@}rt>zh&iD0ed>w zlK0|`vC}Z{%}|@drzw_k z(R|>0d3WF+4I)3xJK!#EZY#Sc_g=?~z+2E?$rjnEwQ9(|3f^}a7=j_EK#$4YxQWVN zndb*PYmP78asI$FcwsAetm1CKkM5^@`QjTmQYNZ6Vq_NgY9|e`#S&p2%WqF6Bw)#t zei9AtcBA!OiKnG=i_RQM+!g0>9nsqAwp?z^R(_PY~b1rse4 z2?g@9I)ye$9(;UYJKsPiA4MbO>nmp0a%E}gI7+$raMj z9Oj!mp8={J$5MI7imK&Tnk>i9MJm*=^6i72=``_U~?c5>H~Ouu-f$P=X?xv;ozNNZc8TZxttOOB~D8#4LKX?Ag?C3-O z0u6Re)F_+ALJa{KemG~12#OTM9ksRB(!Jd8g?zc6c$;>;hjDn79goLazuu>)y<6s3 zPkF600HS^(YZtuO99dLrQqsKl>;GFm;5-KCi5Ymib=Nz^C_XwEZA^tG$o1NlX|GE>j+Q7>d z2&_MAPC|wtR|v$%v{z01?pO?Bc=1CV$S+uquSB63EvR&8keUHf@p6TtHNw65or}Md zj0}p~{@e!!Om!WdaFD4$0xP`|van#NQIS&b80RO{fyu=lW&v|7A8VvZ|p}eAY zJ*%`(;A8tQL`%F2e!Aj2R?TfhWH^8fQo!#9d zsJH{*_k$ty*1+-sI@aN4uQsQ!5DPpi{moP_v*AT~v@b4LNkQLhUa$;mk`YE-m<~y1nX;MMLH?6v${DvAq zgX_Lo37AEN9FsrWp4CokF}9xqdr*#o?#b^@e;QZE;KqJ*JNJibeJ<_{H2@yrAoX^3`?9o{?wm52(gif*N)3NkME4F92vKskT}L+l?Q@F795 zBd}s2!RMW8fh7)-JhfxcchMsbF+kI|3KSO|!+z(_fQ#D9+8PsrBmvxbSebE$3xnF1 zRnShgarzy7dNN6{O zM}Yhw2AyFKNFIw8jDqq)MDK4;fMH(-V9l?7=mr9~WqH~vqx*RMSGmm?v(L@!qMW@w zr(NALdJ|wxI-d=T27?m>_?9dHJb*i@ciw&Rb9=iKP^7*FAO}qDqLEh60R|<>qz0@& z*HWqP-a8LqFFypJ=LOg*%9(G9{K&7JSGurn!SRA}7>L2z*J zRI|5$-}P9=3KZ`Jid>+|H~!^si?_^>0y`yz3arm^QE`d1l@&|NN!kGn25!8JfA^xE z#}>!z{C0B@%FOYn=D?f;A`Rrh#p-t)pJ57;3?U=+;Yr3ljeIm+H*m{CGTA5<|M^h*dbG-2jzpqbsxt*lWS^LkcDs z%x6b4qoaD#_&+B#5b#}st0=BXhr-B(DBbURTWgYuLb7Y~#4oqOPYGR;Y`{Y9msTph z%8kDUH@NYtfD*y4J^#4_VW>;S*{9eT4<{l%->CY{a}R(+6TGwzGAq3HCp|b z+z3_L6vv0Gf#kGhZ>S`z#b-%pzx_-Ho?%lE76au0LT?kgRjkrn$w5UBSZ;uPd(`~4 zZSE~6v`r8@2E=2*6viHA9hTQYH`VIG!or6gIGhjf=RrOlP{Bj-f2B>wipX5a%FN{x zk&%(6`*Zbmi0fTPph02!_8S-jI08qdmpW{%$SDk`Kn(-O*yZ?wCEWv=nm+D9M>>KzBFX=X;=i{FnkO;QtF?G6Q2_w~bHwdc-@4NWA4eJ%B$@7sS;*iQ zTi)0xGEE??&7jVxo)2;~k@}=<0FWl%>p>m{)iaQ^i5Ua~WaJvE$J3_9Q10ZnocUn< z-WMJV5=k@NH2C1c8k4;9IoRQ}uDpSHt)@vN5Z~ef5ek`=JVof5t$doIX#Dt?>Q_ov zEDWUM-=9WKq9l6zvR%KP{JobHocbh)NrZovz5iK0j)V`T%N&VuTQA?X@_f6@<<&bh z<=tTOhFuWJ=g^Ku0oK@O<5`A6Hd8Iw)JU*SE?G4-f_)Hy_`|rF3bJ=pza{&^X_79f zBK1K|BcTqnlS}!>bF}BiF}Z>~m4bv>gp4=A^tUi@8_|Q#4&)hryX8+Lvt{n)u0QBL zRz?pG^11R64=e+g&@9jgK^EKgU<{}s1Uobn6oC87==%s9&L+ZW34|aJ-_Y^$^JnMh zTfIVi6*0kK_)IU%!uRv41-sR*Jx#Bb>>~?LXkyLRq08F-KNB z16+BtA$PXjF)z!)$P&b1G!lL^pcm<{o-}k;K_-b`=a|bF-ekG00b8I6l%!tJ-5!EA zf2HYUsPpiU3!=Ed6}@)i2|4LOJre{+h`&)YKx_lV$y2{8X6kq^Io!^OqeMB-IhEU8xAM^?WHi6Jy{)ab?KitSnESHZ8_2~=eI=4Lm|Wb2tu=6uVy*mE5<2@ZqoLZIGz0LRG(=v{xH zt}M&g2RD^GsIEN8xPG8VT>(9v!pj2XS7qJxXV~x2r2;_lw4JHK0v9nOgz1|gj+0;k zprZvGQlQfWvxeVcFg*-DZ{P-6sa0^Bi94Io{G!#pya&iV6vGA$ zEKodH2Si+gWs%J*Tq`augn)!0Wrwaf^02fY$ zMX)mXxsIRgK@arb98D)00d_Q~^H5h@T#N&l zNQmBsT87n73S&ty(?XG}Q0_Bm=%G*((7*|ch>*lgfgv3zP0H;TTTs)X_63YRSzutr zA!nBasN(1Z6zS;$GF{ak7~wq8hbA>}OrU26XAm@R+#r@E-ZuzM-5BViA)Y*uO=ks6 z-eBPGsd)1%uI5=XE{Kv%{;sA6`lBJS3qx>V9~L&Yw9tXz9R;edpd$u{2Lh7-)%xLA zO_??{xI^tDm~OyYLVpXE{IO>XNWt!cpod;=w}XYW@4BGp!U2zd1oHft4R8P)0lJwo zpko8QAv;L9y}P@EN-FS*9|3{JLvMn2U=#v{80x1WJ#Xx9OUIqRPryWH24b6_ixwL5 zz{v2ZWC7rb5GVl)0DlBZ;b$MJ_IGxWVGt$(jw}eg0MCvBT^t~lF5j!_+xI>bbieN? zHhG4vWGI=yn$2nWId&GonOX9OW@}KrBgfu!DEj^ceu`>UC#fxEN;95)Z*-5v^p2BH z)4;uCm6h<=S&t2(b1nfx{eq|k}<^Q33UhfNQSP`UDTem!{e2lou9Rw{j^^O z;Wn2ccLv?ADhrV&w#$uBZw-owDlEIuf+GR!r2k+lsEyCg%R`5BSD<98DVH$}C5U>~ zgnBi&;rK_d!lCud7e9M)yYJrG`L47%Y`3(P&XH#IX7L^o;`MQtqmRo#BsW0*sCk{{ z>eaqjVvUIQqUH6C?U~xyMd3nWq2Cyq=TqeLs%O8o(>yFkuQ6cBd3kxQ>=Zj%lBRYy z84rxT>?$bKQDNk&LvZJCOJi@;c87cT;rCMYd>6(E{?}U_X%V{yJ;Z_-mOadvaj@9A zrZ>>A$dixHv?DG~4u2-j+`w)ou6twq0@(;w^h6@{W7M;6w-+l+5!2n^pyx-UBD9O-|QyBy~Kxi=R!u^&@4gl>UCH^`7j2h5gjm zNdmk5c|1xubFH4JT=xa(LfVRNTDP~{r(Q4NLpAEP)8gkR4*A8LdApi;pW4CHxT=`> zR0Zs##fVsgeWZ%&2PX(5m|U3p#V79=q0^Nr8&j>vYk);Lz3p#y>dC^C4$kuXD{)Qm z^<<~h{ENmQcHqn97?!}Ta@0J}3=Zr+RiW80L%-$mee|C+NP4oHf&VK_Yd1rsWbqk$ zKoPt5n2`wM_KAoD3cKzTd_<6Dc&yOngX~GaXzR&VCTAZ`K;i!EZDY)k@z}xaC^2vA zV^B9BkgZ0?$hE#O(F$I!L|{6?8D|j#){5}ogfDa)Tmv4XA-_kJqNU!_mKT~K{7|%8 zpG&!(!EBp zls<)V>h@r3S1~G(4W_QX?va2U7=J<4VJ$|ZKOPvH(nA7U!a&OH+2JjtE@I=Wu4LwFg2M55(T+?H_P+ z%|w?6BoJDO*W9LBMzYUF%oX8qS9s7K|NLb|_vvqs=OD2lPsoPJLhwHWduH;5s=%;7 zdW2-=L->ygBMY3{X;jarw?+bM+poc$9!T z#}@MEdX+cagT99g7Rpu?$TQX-oW(FQu?6h)VfoakV>3(^9dQiPX9oLXxQ8)#9{gy2 zga}e3)B4Fx&PKd?Ht`?)+s+41EWm}bj4;BCZi&jg_#1NPx|;R4yr$|Ys~_ipzIJ3~ z{{a)ukhI;A5Zw5LKk`SDWc5VX-2Ih_#u#ECL@d$;O{UAfMkezuoHv=ggZDN$j86Z4 zP>SxSzmuc}A3OOX$#2DoH|$l9=$ZKJDV-?hW2hXI-DolF_nvQr-Vp8k<1hDjt|p1ihEYVGxhn^`Fe&ass|m@yOWcyIej)>u~WK;x5#vUp2V|fdc`y>keRZjo5$FsH#w@(a^zZ`4y+ls7;QmhwzkCx~?t0F0L zGSyOry*sqobJ2w)dGI78+*o>}8-s|>53POVGFHp+E7I}RhmujfYc0jru{yc&1Ekjs zfQCT*5XuLqls!NE)JNw>R1bKt*hreTMyad;^=nn3BrR+JWZ!2Q>rH zvLA5r_YU)ao&9<_Kedf2v+bbYmc4T;#In%~d9hlvmNo{?SQzb#3`~-w#(R^&5}CQY=OK z^Wmc$Yolg-0>n7QpBg)qiPqg_YlB*(PT%IKn?9M!^XNc&uoIGc#A;Z5#wO6yCK&ba zPbFAL_O5(Z!r#;9j`foizO`uR7IW{%2uKl1#PB2ip(k%Ff7xS>X>!HUF=qd{_VW?% zGfg!4tuomyyJ8ESqbUzkWaA(~f;Bny${UTp|NKZh**M!qW`1!sT}KzW5k#}=MFWml zcK#Oub30%BueR+m`2GQPvtK6t-mt{y_WiMfv{}QK_qNVxI$qHq7ZnpV6Cag%a62KP zYB#`K4WzX6Y998R8;n}nl$g*SFd4P(ltvHK*T2+Ji#zq)%Z->cemTy7cH_=?GSG>+ z=tC@JvI!p{{by+Iee+UFzos!LpQf{%n>Esa2E`0!LGVxdyzOZu5G7<)Cz)-fzR&SQ z`^91IAW^o=`uCqF^0K6R98H7nP(ca)w9pwWpkd>c=*94Tz(Q25!`c0L(m;SJ4^7Gx zfi)GftAC_|h6_JS@E2>cDm1S5<>ZAm3){%D@#dViw3m56n4&-U$dtc9UuXlf;w^dMVmwz9=;+SM~-}6tQ zWWZ)|BQ@+~>cqrv4jCM~|7g1CjOo;gbxGF9>-vO$EFk~-Lc_F|k|lbLYSY|$6(9F! zEA~|$T8{r9h3YFTE7Z2bQ%BzWS$~<0Q-cqW;IJU+>^)>3^5)Dzq%8qdMRX~nF9giN z%v?o9!@Nt}n;E#5C;`gm=Bp+}0~Zu1m@9B={eZcsXq3-C&G*}%WM;(>l$nmtw&MJ; zzo$!Hylcf&qmv`t>5o{D6c>I_{4Ph`{X1$xT!QS4L#5|7W-)c!I1IYDA?>(A8H^bokX}rK7P@SnISRG1?DgWE`C}&L+B}jd#rY7ehZBPW=~ru#@He zLI&;c@s~dYWAT#C#dq%;lY~z-?qff_{UVDWE%ps2Dfl=1Ulv8o{5^Y6EYceFW_0ip z?xV>Dn(CW$Il+;%zkJ=_#Fp=G9K0g19TG4DZKP9G;cE&E*Npw=+3(nG2d|PQZtNdC z9++_V9;i`X(97{Dwsn6vaK*y`Sr_0PSQ^Lkla6eLem54L$ONp(yvZ^N|<}L3GgK!9CIP zAAugD=I4iI)N|9Y5930pXg;RDB_W(76q8M1HT9?i^i3g%C`64dQy_1Z()b~1;$AC8PJt8H$Rw1^pCt@e^g z{OiABd4rd7{4l19{N$D|1NJ5LS^D`SO!;VA?`!`DCvE=nbr+PVOu_Nzm&xHG3IX}V z$3>x^j>Lj;7`|=`1W;~M+h|vVej{wo^j#4H|I+x7phzsp(sFv2yWdi zj6LD)>Wf{gGevW&R>=D(y4qq6f`#u>YsQu~ylU$z+=6VcZ^He?ICb+^S@&ySz9ujpZhcJn2iH zicV=(dqDHAy{~Cq@;A+z!50SSB3huS?7vxI9l1)uoaw&xZy+mviuQKKRiQXjFCuGK zXQOV*D}4;v^!X=8LG%EMJz1Y4@4(d?B609)>94puH1~3lnH44Y(cNl-vbA&$L+*P# z{&IETcEn0qM7Qu$apN-79@?(yf5~(kj>ingkc*CB8WF+>d>WkjbSch@7}HEuLidL1 zQfjhvrX2eVyB=|V1L5#{8AOU2gP0d8doMgQ zfftsytiHn6(r&Wc!ZnUokBKTjjP!JG&^R%;(3x?P?C87GLFho~Z&UV}M!|pb9TYWd zoIaWd5k=3R?TLwL-f8-l+8-vJ({O9UFSA}rOcf|;M+a6FEcWk(u%hC~*>i~(Fqe!~ z3rMdZtMAyyGx@7*PV(R-fF zvqbJ3Ns+BG@?DAt(nH-V7XxH1F&XORK{B1_ovR#_9v9A~JXIuaB&s}y;qN?O5X+mt z9PRTqzC5&lLv^5C(4e6mY&!6|z*)1dAM42zYO$ZbZz=A0=i9}DO!@96%3r;Bf%=|! zNV&ly`GnK=PI1!S>k+SzSuRNp9%n@tFN|1H?HHNU(Gd8{v93CmA&j zUdd0E+HtAvrmH8ldKo3fgXhBE?mB~0R?MLLe$mCxdS>gIuh2!s8|nMc zablN*BFE$DGZ7@1YtvkLuoPp%PKB#P=6>h^GfsGsV-jkh&0~%yTwlZ3#hHWnv8-M) zs;x8$;IX^hr3C&`-~44CU!Qn`^!qU}8Ft@>GJ-k47!5U#s4J5MbIi6h?v$6mJ%f#l z#gpUku1=uAZ@h|R2Z0=C>Nfs9Ocx zMP|LBFyd_oMkIXKXf&hN^+ggzKTj12*yK6NjOC-hS&_EQ^4O@au89g**EJvAKV+W} zUQ){sa%_LZz8pwklp0XHxgF(ewG`HM{mt12OyQ|Cvh%iX|e zV$ET&svPTP`iR9Uzh?b*QU-WElU9{4NABKa$k9m_auu-kW)T#cZe5R8mTVg`xpZVG zP?UexQy)N<{2=Wtk!f5Uop8~?B2dmosLR2w5G1vM#7p2QY#LQ!a^m$n!7u6D&}EK9 zaf>}(_L~MWD+O-eXN_Wphmx6gpPGgY1M-exJ1G|p3qs$r19Jzx8~o;-?-a*XvPjJg zaj^d+Kb%R(Z9^N0x8193A2(+uSkj7lrNR)FAR3S-acw9>t&3r*h%7U<8@Ok6cO7$_ z`x*vtg3(DZw|Neb-ChGG7$PI{nZQRoP- z{8uk|oQu!~s(3C_Tjl+s6{hgF^!R4hy8BjP&<8cNh; zYQu^!RA$cjt;ns^BdA9--*BegEoX z@>tIlJ@jkxr84n*IvN$}%qp;-+LQX-v;!(R=*?@S=!{xj?i4Y$t7^1EM++0B7ijre-}eEt^CRn&TxF-D4U zBTG4Myo3Bgz1p{o?{2E4WVNKmZX$5hSpI)v6 zCVJ>)?8B6&ivu7v=|>=|)X3?KIV(oyhpV?aO1eSXF(oEg}vt|AAzOfxf``Xi-m#OB8FFAXD(y-PuzV|WlE#=?$wo5G%VykdP#LLku21?Qu zRrLtfrBfngUlkNhj#F(OKjzJ5rKe_TUZ3)Pw{AufeyG`6v+#l&OPV2AdN4StFmwU~ zGa(&a?t;Qa|LXqXIxK-l-laYy`S|%=c$SvwYD+6NlDZR%QLy9_6C1Ea7H2lSsJ<4q zvA=KQO-Ao|b(s^YmVOrg!~`r4E6l>8EPdDGCFW1x21YK9^(AR4xOPQ>`uCEyjCVH( zkD2iF8e8zzXnNyd>MW={JYQKtM`n`t?S+jx5`!|83Qe`-P;PvlmOV91sNyd)4u4ed zXC$$s!s-)VP#ylcsJ8KD2aZw6C(3u$ZxHh%ImNYUBq6mY7;F7p zHJZB6;f4_-zcFGl%f6wb9Ka0w%waKO+KPPV zZ6x92i*8ekvifer?Bf_Jq#sNkGTH{LKl1s}f~N}9zW>A$7N7F``%N$HC$)=A+GlQ_ zsX^IzKf}~g!U88lEsSujlh`jcPU=UT@2^}+pS3iE)E}t*q&qw-5GbU7JbwP@@BCw? z;5X8lA)HD{jOw-7s=MyvL~T#MC`$7DE@!??#t>3idi+PS)7O7vnKNot11Ix<@bMi^ zaBMq*IrfVwnK}R}U$VmGkiTh$&0Sy+?ZPhZrcwMQV{vr7I;`Z-Z)hoh?EKPysZZJ8 zP9F(VHL)~d3LFdLnH`f*xObQ=^nbW*pCm>aN}TdQ102RcNgbx(|CMyzfoy$WJR(Sp zikLMj_A1q?QHms1#4J&*ttg6CjV?10tyWvRW-Im{wOaYM1YM{~toP+y)kn{PQ)UvZsk zYY+3rRh=pbdhYA3ZfxoIWBe^;(!~DY8y{0j3Op)5RVBc5c?@Y8dmAulRwJO8TBy;w zc4INZs2i6KSL{mt%?ZKbx_^1m&2s3^u0ra1{HAcMm;n(Bch}CAopUvsIs1p3!H;X` z+H#LL)A`hry>gvr?$nq`KqDysP_Z9FHh>%m$o`j(I`P5V zu+kwxnP?aWPJcox1J_nfur3xk*edufzRsLu_Glr@Zyr2@#Fj#yZPR39X4Lh$rRtrq zC+GB)g)g~~&=VJ^ZESJao70t-RPKJM+x0~;R9HdbTwlm=4Y=Zj-8=$KAw3`>5kf__LPB zm>W{e5@_sze3t5|xH`Dvh0ED?xR$kj4MDc$jmuPj12K6wU)qCJ-n$a)0vSgZy0*p> z&ebDM2$9d>dRQ2wcl}FzR1D$^c;sb5*+l7(2VBynvyClkeuz(*{HXiIR+BKW&G9`N zjvo&$*;%C6%xuZmsW!JYE#|CnbKWy;;vt5dx%QnJJh125A?lB*W$n#~f+x0%usvtuA+PtQHz6 z6W50(_a*x&KOmcD-f&uD>jz)_Av|H$$#?iC`b~wKSGaqT7#0>I2u4aJ!~G%({nF~M zVm$E?+X3h31z!F6LsVXe^_)lG*=W?=yV!7M?Vt$KBnii2`;adD@ozR7_~71cDcc_5 z(i^KD3y+HO0xVCk`0CLeG@kko0pq2&3Y*wCLuaCa3s%33^AN=LkPIV)NYP3LF|xBF zn?957CCGAV#3eTI%4=OCGSe>L^9~#Ki%!0X!#e{HPWt6lP5{degK$cg#_W#w>Yhee znsHbp?pZB~R(x$A9tvu(@o%bIkFxQ4QeRPySESgz8wKBQY0eg6j=fn+LQC#-yks2O z=EOEZdK@|JPV&kNyW6vf>plgmY~|o;pGPJoex*`~=z*+=mX2pu^s+AS9}61C^r3 zHUCQyJyB(mI_%d=TLvEmT8lC9&g@pj2`_ncTuFxPQCabp8PERs$DvB!WSMHIKQX*?@!x%3N9}p zIZljlWj-aYJnw)Ps?S(5t^ZZ`K@Z&&&#T&JfyLb0IyT*}&rm5LX@z}YgPy%x6Ew&E zgPVXre*M#CD3L7NjAzZ(TIEQ;bMNU;g4^WaTP(<7a;h$U-^f|FWTR?A3p#X=VG2FV z`_OLZp!EbZrR9yh4cp7`{_3-_jY=tvJbdk`C*#$++~0%z_#tP^kWw^Kyiw0u>H0y5 zgt`<9=V1E#VS98Xn~s?4KU&pk{$hf6KGYr19R-0X2O}7u$k%2HxYqGhSGlQlEmB47 znPIbz3b5heK1&cpXLiq?%i%F2gDVD=eStc7@rrqvdeUS2(C55gJBAO{3jS68$vY7` z+ETb@q+PQVc5o@`3|8ml@{e2KC%!5IO;wsvj#jIJLS!I$pfv*cz&cmc~B~S?ikbIUW{L=0gOOG zVLW`=Et=V_*$bPC((yt16|HY?&VYc-x;wsxoiN`_;h>0m-FDl5qB&1ulP z^P3g6$!!WA3d~)Wn1Qtva18aVzlSB4>Fs*U-q?5XIE<*^>b@5U>vT{h3pbv7#?qO8 zK=<8~d9dK-O?4OlI5@|Wjy&>yMIRO*?u4U!LxILo$tR#!0x;p7`FTtDC94U#FaK{# zM@&U}<-Qw+ybqt}{8OU&V#cLRMf8qxRw{cuHzbAicIvdvcTpT8jU^@(e64hxRi`y; zoWFeEZ54(Om54Lj{8sSm@=~6o{E|bf?GHFqdM56Z=~&nZnz6xkIB+i`C z2#ys!Op|YZEda$ZWSD%1%MT36j~inbj%n=-3`n>f{#wM)u}&fB`{Lm*K);OO2_zKU zbuIVlBrImOz`ExFV!Do^i*eRPLuDa3^>z#(-x~;sI?pECXYe{tovSKp^LMeb8jSszU6%9d4W#3-q>I`%4zZMwscq7JDR&+MPz8Hdzx!PIOtA zQEtFRh{FlC7eA~Rjl&rh42!xKwBqD2j^3Q)((w+valEb|#%ZN^MyPhv=>@p(*5iRT zH@j$5r{r|f!xw$gVfS@Kr63d-0U@mY17!V8#A0G+&d#`gg@B~|j1r#udXS^yz$gFX_tJiqXJ*;6RR*Kt1N^ zZ<5nDz@XCRPe%?{3ry14Ht|6mSo5BskraWPME~qSkaoA4E6|l2IM9(N$e|x3e#4Ty zpCijfM~j7pS<%HP!RaKr8AGN0sVxzXI04>)^f-CAypdmVi7s)GIR|=IhJ-t^qO$^@ z1FahQ55Is=7=Q{)q3MO6EnQ^fKqNGBft`Ro2KfrJM4XKCZ!rQCYW}MRrZxpLq)D7y zJwb`v8uIzAsa!jFPB?5NQ)oH6x_9Vfu0^mS3<-<5iu&UFf9~EkBKs>&{Y0E`2tyK(Pt7==-MhE3Wz|-$n1kFN~}WfoT-lF27hh$*atH(0tz=D`HB)s~UZ#qIeu=_MhlMlx(bCB8VUJ~|``sC7O<#%~`m5EZeqnCc zzljJ8;V5%0Gk*1QXdCaIyRBQ$U|^nDuf~?O-E2UKhs8v9<*V!;K3Y=Z`p-q4Q!&&u z7GkQ0t)rN3HKdlE$l$(pB%UhWkq?9;P_He~YG|@(2`O3-HBA&$$OSDCn!u4@tIE_m&rks{h8bUP~Y`07TEY+@%ym@&<+%6tx4CO;kYX& zL_OO+>km5{Q1bUH;?iPx>fo!_l(qh=Tm{`w!&Q#69D(wS(txK9lvgPO@Yv%ZluDT> z2e!_xW;|Q6L5Nf`q+i`MM6!H+9G(mq-=eCvk|h~F&ko6fXiZZ4v|cyL{S9>rS_rZF zkt325d*n!CyfGCl|4|bkFrGGXpq7h4!n?>rh0dq5!SIJ|KX0*O>gBa4?aE`sPiE62#?LRz%n;Y>rg&<0Jq^r+%<$*lzLEt7d*kB#Qc>y z0NS}zOgWHZIG+M!kB6WY`z#Tu$OfD@Tu`Y`RO29y9t+eez99vO*Hfdy0ywoKyj=8z z%S(DI^tQaqTS`Yw&UV#`x(&E1-O=2YAE0Z+-){a9uSKjZZ`VChSA3ae ztD`0tl6grOXyGfvw1UMBOj$iz_av#ic4|?dTkRi4f-v?t3|IiZ=-rXO=po&i?@HH} z`7aETP(AEHo47*^)nz@u)%SY{YYU6zyz%#$e0p6mMG3=d<3l z8H*zxt0w&t31lLy8Lg7ta#5`NemctM4eR}VYtAw0`eA4ns~ zDZz8>+&Gfa@IG4!J8=|jS=*7H?u%oD@*XO)13JH(B?H-mJ=TgP%X;KmA4?-hmS&{) z^L4c}Ssgvht?rjjtvKKwM++PZHsQ23<1YNN)!7(*hVHw0?=!{GO@RA0NsQ{6y;C^-&a8KuDAr!V-1KZ5g(06%f z!fx7-dx4rcrzNA2>(GuBRe}5j_0&Vh(fov=i(qX@BFa(`ox2U8a6U|3ls}5f6|4Zo zNkY@v&uDe#^hO-Mp0sIOFAT_1bMMS=rGn;DqJ<$T2fNJt&TVo{Xh^K*5#B^XqNrfgBKi__-5E`74FIF=TEw z%K-8};kh7m1_-dq25!KIOG@T8;Q8%JAlqT^XQ(FzS#Y5xy#GE3t`w}O4=v8wUl4u9 z5tE7r*fY&z*rw>q|1*s+9`S|Q<{Q^{FIpx+fexxefWw>Bqf|WSYmdA7`;0?(Bn3hpm-aWPP)U`Us7`CUh@z8-frx zqM^|6FVNUF6xlyP27(w0gdN(#Zm6LO-l5<`$!VaLnFhYD*6D5z!U8cIu{ciB%|#ek z5RD`VNcox*T1Llg7LkBM+8se7GC5Qb3?r^j>Q#`hI-jnoj$|?PS2qJ-kzLv74Z=55 z`N1pfXh&o+QZd3B!T6)-KfFVW571Ue94^PUKLXk6LU1fP`N(8j1>wcw8ODYnv_uJ1 z0ryn-Y(DN)vELO-_XQ$4H=yB=RW5+uz)xEUb}aAa0GI1CVH2 zX#o38A%DKIg=(Sly|JEC?0_37aR0~ml1N%OJY9D#QqfKzDQVTSg6_-p4#S&{RudDg@AfaGZwBp>Cwn?EDFkg6UKD87Dt~` zt6u1lB_9EH)ric4nmaRO4rL~T{gu7dB}6)-2(wa&Xt9O1w9kJPxDG)`V7uqTAl>oj zaK)u)O6m$5S}-(ypUET{WK#RzM_9h)Po4S-MC;n0WMF^)#n#|`g!nHobU@Tkn`Rz| z#uT{r7*R~R<*2fNnJv2}At3x)TMZo&+;1bQt@VzBQLc@x;;uJbjM^`EsmbRJEM~Q9 z@;Jy(3{vW<0C*fc?D)l!w!zxCf~Qe&2!X-?wJVNzb?vz!}B?w!&}}Sjt1cYqi57Zz+ag#Hah&Vw+0Zt}VV01Ua0V9TzTtb;5~tf^?2O zn!y!em#!f7#VyvW{y_}g@eF`~)>F3Nc{pSxYAuS@$Q_JvVOMcF_!ARWo)g-laK~B# z6!n05cB#lB3uG?RBzDY-Eq?UH$sDTRzoAHGD@%+ID|yi*8$K`W&1jnY()>2M<7; z5B$#kSk<^&*E=<*a+LG78F}PvnOA)LbI{hAr!;>N7T2h1XF!yS!`wLv3<@6Aov$`zh!p@hI&{gl`Jz@)(~)lDsq zc;HibB*XAfBE3um6ci8aW&7F;;!8vNS81N^+b`)v7TEsmR5OR|&l;5UX3~9oMfoa( zetwH0_;)$y^i19g@Mzu{Y_2-N?(6(6lEvux>a|tgP2ry|dWo6zvN_h%17D%8o$Jz1 zgId_X9}DrH+i1L*G-=6|7ZmIlVpC{r;x7Z;<-Re#25etpLD9y?#g{Gx2kD(NHhHV| z0-0*6-!^$_;qoZdNBJ$c0kw2xpVbO19=dUQw9AxkG4f@0cJ|U7cx{6(1R-UMpu!MiXf#~e#v$t3yw*sV-?d|=Plw4h%&BiB*Sw@)0-49p|bjf z0VLry$WRTP*Ju9xIGechWa-+JubxinuC@ATmjokM2o#PXUrQw2ILA6zop{~za(HHr^l$}2Fj;e|HI)e!uLe z!P-h6-|n*CFLfDI<9GlchsJ1qwptK6D9p^qP`sm$`xKtk#I(;ujt;De)#iVAQ3$Xzqndh`a7L}l4>svr(K(u zWPY8gYI&}xDg}scU-wA=N-ZT`Zn$W1Y=MaEzIe{DC?$MY zv1T%|JoIrOp<_Wvoc-=7Z*yvfR)JNte&tVx)t$jX)AW{LwbvvEMeY1*g8#@&qQ$ol zZ=*a}5&HNPtS!$k9AsdgcXz!JAv4#o%jE9^04F#)qz{{WBoGk>A!)Enhh7 zSBxpT0K2vQ{o5_7_);xnt0K=r%lL2)@mIxD+=Ul@Q)1L_>-V_Eu~^EHQ3pild7-!( z8)5G6U=qY&cLmN|&Ui?l`yhT6Xo0jf(=%{p9b9csx_I7sXY2IhH`UQb^A7&e@mNEr z1Mj{AY-Zxc62#fBPoIpS+^0VI-c~D$hTT(BxeX)iQp#d5iYAkWdbs!}0-S9;D)1YgcuhiC-T7RE^A}pVr-M&y&uU13|aD zw#rXE_V*Yk=}W92n9yia`=#-`r#%%3BdELNih+UoA1{o4P@RMWFE&u&+%v=%eUCDx zj*_yHZ*F+=k|y>ZFetxDsnt|?h$6IuW~j5eASU^bB3A06H6)h z41rW$w5_ZmK+qA@x8=d-WvPx8T$Jy*A9rL)4_N)zyGV_4ui>wYMv5NgVV>n z1 zmQQ}a8*i_4VND_~IDu)RijAirT6#;GEOCRXiV%#UXaCjrHs4N80<&oHptCFl-5*0f zJa`^N8wYv5{F|moo_~sz2!$hp@?D<6$DCi+oV;3$K{~Pev~*y--+C2rv0HVBbkMHT zWH$K*T;dHgYoh&Ij#nU_j-XnD;E=73oYlx@2+(6C4{yv13z`{Omaz+s@qZ;;A(TFX z8be|;8-XoLUF5U#%D^e%FhtNJ{4JBy2<8<7?XI=geHRT?LFN4EmdzD|6r%vLSoqR? z^a9FH4}Vj9tJzFNv?jVXW_hB-VxMr&{x&K+UuDfG*hJaUz^i>#mgMPfRd>t zGa+$vShT!Kl}J9GJOJA*HFyS%C+UC7&|PY7zfR0A0r>&LXeCYI@lLHc@(S5slpO~A zFD$6bVl~+a5bR*-Ezl5;cj?q1TL5`6dX$@3>OqrDIK7g%Pxi%}zz8e>^+11(GoC3L zEZ*`{_P06V#GK2vBL{Bggj2+V3G!Uw6*)Xb<0r&09^}XQ&Qj6Zo^JlCzIrd{hF7Uc zoRT~Aj@?YLST+EswC1bE^0A-JCTA0EGXLw)s#aLLmln&#R<8UCO=9rkDN^vM7rCfY zKDD_(wLJ~xE&9olTBdT{^EuK_FEEFQ79-HKkwtbJ{J}?=pZTR;=|PliNtAF6p*EJR zQV)n%<{b9gF{$269f{u?y1zzu^fOEa8{2)q{S{D?JIU%Fk6_CC1Qd331Gaam-LU_1 zr+DgSflx-s=^DcICbON!K%F$iL~prU=L><$Q0v)zj+*Gz&%e9R7|)FVDFT=n3qK32 zoSI7XnCG2ut<8f)hrH0MiJtXN=&7M<2aq4$a{Vp|On(@J-g8g3VLF9%k>=MGcz8btmG4*9FjT=d970v z3vcpWwv5gj<-}*GrRz#}x~j_W&m+9+dB)Zxrg;}w$^K9co{N7<+Q<6DJFhDFe}?z!B!mvh(t^nhprQ1es*a^5sT{-7utA+A$$dnw3y>s$kln+$kgZ)6PK zk0cv2J+`^8>~nBI%FMfxKa5KQHzug)bx&BR^Tc#V_@_-CW+Vgq$ny51>z;s&zg5`U zvLHFsxyJJlLt=j4hFPaZo3;51GDQ<}V9M^X@iX$L}?)8trUWxG4xK8%iu9OblcQ;55z8uVlh zmkM}NsKZmNbeOrrCkWaQnc(mGN9~?`zu$HRe9tdRhS7S;OjeKrB|^~VK^EEkZF9R` zc7BE*GNwNMm17Ux|`FHVp&Q^ zzj&_GLy3!mc%9xi4Mi_>L0gbCVODZCzQ#e=|9qn-GX?MH!aI{n-tc z&yup1;7t z4@9KvUnaWGm<;2MU#X*$y=-^?G{P#g7};dAc^QUz^mgRGJ(()FA`B(orxycHm+T18 zFz#!a+C7#~TUzV6DAHm@ZxlYP1m>uya(vdu>!rDXW5(xxA+$m6ztE} zHfk_ux)5UGuWbyMg?`r&8u;m&Z{MmurjZ{P)(VY|^V zz#}A_lEkLqr2Ke*yY?cpek8?H&32(~5JSgl8zm49qDDl{1oN?%4%p92;7`JcJv+Zu?GnbU^V>DGuMhG9p z<$K~seiZZ${>4#8a~n($x)?yZJ-S*eyLHJ)W0LW0mL!@PU4}8H>MUE~1q5bv^7?DJ zq6(AV?YHR==N_|j(3qA_Lgq`w-X(oeiMM*ZxVZN~B#4TEB<9#h(pn<-m~@3iDZqX6 zV%!MmWvD%glPEcP!?nR=K+gu=Bng4VEvSJ>7@iXU_NXvXs3U3J3IKFL;14d~Pv7xC z2K?sfB*~8CN5m+Zq1Wq7C{QsctKvrG{Yqx~Tt9{ABfVPUAH`y+p*3~?8Ft-7ioXP>2;PMzyK;ms_SFy4gey+l0NbttviQfXUqz( z>H6h1H2eH3f~FaY$if?Jvv=jRSrVswRYBju5Un1IL@`ewLXm7gVc1OPivrV6^V}^u zt7i@0w6Xs2VE_Wrc~-iap4srxgCiWkrimLHGgSHQX%F?X3ID{8GU^` zA2~nyAhzo6{+$L6&!mGROn!Np{pSf@8w)Sa)9NHw)f=nJa=*-n81~HezsWV9#X9~5 zl0}x@*&QkeD#t$sDQ-7b-%m2=ng8kXD2&SpF5C1SDr8XRH+`3iR~F|W=GXO4%R@T4cb z9&OmkO>h7Fan1XwYw zF+=DX!HeJ2b|MMM@zjseuTQFc96He|Q}MjW}K%>(gOU6?+ ztq~BVMjK!Z>|J2z-F|fS!FY=5b9t!URd>&1K+7iB`J!rw;Ti}C?OD>?2+qsU2>g2b z@T=SI&C4k@tQdIlIH_Y@h=(Y}k`Pt83~1}RDhL6A+4)}}NM5=y+=1dPh&P-Sit__DK0^=eeCYJ?O!Z3xhW*- zAZt8HLT+b9k(t{&Qn;c<2zopIKcx;_X&(dnssO@{dbp1&T;@8~ksME+`zQiuj&ksU zE}a*tE!`nIB&%c90So-PQ-5kXPURp0&%=pMrg`7PAnxIut97jL2I7+252EO66OZt` z2z2s+)cp6iAyKfF-?`1k50G+Jv%<;<`S@T64TuP~B}_hm+Oeav#=(weik6Wo!|-Q2bt ziQxcn6#pnQD(v68yDc@yROzhV{V&kgBee<{5|YU84zVkavR1ahi<42GIx+AoF=LY3 zWzY&@Kf+ok z#-!)8NBd}5*q-p%2>R%uM;B+hUwQx?9^N|D(A?FO^)mm+0Lqq6Vf!C_XJMc{FtKej zMg7vQ_uQqIw&;+^Q9}dmH4x1VzRAN5I|nfmQZ{}nxc_OctTZMiAnrF8ayKh9$;18t z({Z{OI6?8oGBkQQe-JdU0_f=SfQzM0Ej|QLUE0A$QB2BG+}z*=9|NTult+E4y5a%K zXP%zg?>!uw{P-!8u(|TtDc|NdlKjajFVgV%{rLXa1D}6ow>8#-h>Tga8FO(6MpCHR zF8}oO<28}}zQdRKULcW=FEeY6R&!--.iso`` +(e.g. ``archlinux-202010-x86_64.iso``). + +* ``iso_name``: The first part of the name of the resulting image (defaults to ``mkarchiso``) +* ``iso_label``: The ISO's volume label (defaults to ``MKARCHISO``) +* ``iso_publisher``: A free-form string that states the publisher of the resulting image (defaults to ``mkarchiso``) +* ``iso_application``: A free-form string that states the application (i.e. its use-case) of the resulting image (defaults + to ``mkarchiso iso``) +* ``iso_version``: A string that states the version of the resulting image (defaults to ``""``) +* ``install_dir``: A string (maximum eight characters long, which **must** consist of ``[a-z0-9]``) that states the + directory on the resulting image into which all files will be installed (defaults to ``mkarchiso``) +* ``buildmodes``: An optional list of strings, that state the build modes that the profile uses. Only the following are + understood: + + - ``bootstrap``: Build a compressed file containing a minimal system to bootstrap from + - ``iso``: Build a bootable ISO image (implicit default, if no ``buildmodes`` are set) + - ``netboot``: Build artifacts required for netboot using iPXE +* ``bootmodes``: A list of strings, that state the supported boot modes of the resulting image. Only the following are + understood: + + - ``bios.syslinux``: Syslinux for x86 BIOS booting + - ``uefi.grub``: GRUB for UEFI booting. For the x86_64 architecture, in addition to x64 UEFI, support for mixed-mode + booting (IA32 UEFI) will also be added. + - ``uefi.systemd-boot``: systemd-boot for UEFI booting. For the x86_64 architecture, in addition to x64 UEFI, support + for mixed-mode booting (IA32 UEFI) will also be added. +* ``arch``: The architecture (e.g. ``x86_64``) to build the image for (defaults to the value returned by ``uname -m``). + This is also used to resolve the name of the packages file (e.g. ``packages.x86_64``) +* ``packages``: File path to a text file containing a list of packages to install into the environment in ``iso`` and + ``netboot`` build modes (defaults to ``packages.${arch}``). +* ``bootstrap_packages``: File path to a text file containing a list of packages to install into the environment in the + ``bootstrap`` build mode (defaults to ``bootstrap_packages.${arch}``). +* ``pacman_conf``: The ``pacman.conf`` to use to install packages to the work directory when creating the image (defaults to + the host's ``/etc/pacman.conf``) +* ``airootfs_image_type``: The image type to create. The following options are understood (defaults to ``squashfs``): + + - ``squashfs``: Create a squashfs image directly from the airootfs work directory + - ``ext4+squashfs``: Create an ext4 partition, copy the airootfs work directory to it and create a squashfs image from it + - ``erofs``: Create an EROFS image for the airootfs work directory +* ``airootfs_image_tool_options``: An array of options to pass to the tool to create the airootfs image. ``mksquashfs`` and + ``mkfs.erofs`` are supported. See ``mksquashfs --help`` or ``mkfs.erofs --help`` for all possible options +* ``bootstrap_tarball_compression``: An array containing the compression program and arguments passed to it for + compressing the bootstrap tarball (defaults to ``cat``). For example: ``bootstrap_tarball_compression=(zstd -c -T0 --long -19)``. +* ``file_permissions``: An associative array that lists files and/or directories who need specific ownership or + permissions. The array's keys contain the path and the value is a colon separated list of owner UID, owner GID and + access mode. E.g. ``file_permissions=(["/etc/shadow"]="0:0:400")``. When directories are listed with a trailing backslash (``/``) **all** files and directories contained within the listed directory will have the same owner UID, owner GID, and access mode applied recursively. + +bootstrap_packages.arch +======================= + +All packages to be installed into the environment of a bootstrap image have to be listed in a file specified by the +``bootstrap_packages`` variable. If the variable is not specified, the architecture specific +``bootstrap_packages.${arch}`` file (e.g. ``bootstrap_packages.x86_64``) or the ``bootstrap_packages`` file which reside +top-level in the profile will be used instead. + +Packages have to be listed one per line. Lines starting with a ``#`` and blank lines are ignored. + +This file is required when generating bootstrap images using the ``bootstrap`` build mode. + +packages.arch +============= + +All packages to be installed into the environment of an ISO image have to be listed in a file specified by the +``packages`` variable. If the variable is not specified, the architecture specific ``packages.${arch}`` file (e.g. +``packages.x86_64``) or the ``packages`` file which reside top-level in the profile will be used instead. + +Packages have to be listed one per line. Lines starting with a ``#`` and blank lines are ignored. + + .. note:: + + The **mkinitcpio** and **mkinitcpio-archiso** packages are mandatory (see `#30 + `_). + +This file is required when generating ISO images using the ``iso`` or ``netboot`` build modes. + +pacman.conf +=========== + +A configuration for pacman is required per profile. + +Some configuration options will not be used or will be modified: + +* ``CacheDir``: the profile's option is **only** used if it is not the default (i.e. ``/var/cache/pacman/pkg``) and if it is + not the same as the system's option. In all other cases the system's pacman cache is used. +* ``HookDir``: it is **always** set to the ``/etc/pacman.d/hooks`` directory in the work directory's airootfs to allow + modification via the profile and ensure interoparability with hosts using dracut (see `#73 + `_) +* ``RootDir``: it is **always** removed, as setting it explicitely otherwise refers to the host's root filesystem (see + ``man 8 pacman`` for further information on the ``-r`` option used by ``pacstrap``) +* ``LogFile``: it is **always** removed, as setting it explicitely otherwise refers to the host's pacman log file (see + ``man 8 pacman`` for further information on the ``-r`` option used by ``pacstrap``) +* ``DBPath``: it is **always** removed, as setting it explicitely otherwise refers to the host's pacman database (see + ``man 8 pacman`` for further information on the ``-r`` option used by ``pacstrap``) + +airootfs +======== + +This optional directory may contain files and directories that will be copied to the work directory of the resulting +image's root filesystem. +The files are copied before packages are being installed to work directory location. +Ownership and permissions of files and directories from the profile's ``airootfs`` directory are not preserved. The mode +will be ``644`` for files and ``755`` for directories, all of them will be owned by root. To set custom ownership and/or +permissions, use ``file_permissions`` in ``profiledef.sh``. + +With this overlay structure it is possible to e.g. create users and set passwords for them, by providing +``airootfs/etc/passwd``, ``airootfs/etc/shadow``, ``airootfs/etc/gshadow`` (see ``man 5 passwd``, ``man 5 shadow`` and ``man 5 gshadow`` respectively). +If user home directories exist in the profile's ``airootfs``, their ownership and (and top-level) permissions will be +altered according to the provided information in the password file. + +Boot loader configuration +========================= + +A profile may contain configuration for several boot loaders. These reside in specific top-level directories, which are +explained in the following subsections. + +The following *custom template identifiers* are understood and will be replaced according to the assignments of the +respective variables in ``profiledef.sh``: + +* ``%ARCHISO_LABEL%``: Set this using the ``iso_label`` variable in ``profiledef.sh``. +* ``%INSTALL_DIR%``: Set this using the ``install_dir`` variable in ``profiledef.sh``. +* ``%ARCH%``: Set this using the ``arch`` variable in ``profiledef.sh``. + +Additionally there are also *custom template identifiers* have harcoded values set by ``mkarchiso`` that cannot be +overridden: + +* ``%ARCHISO_UUID%``: the ISO 9660 modification date in UTC, i.e. its "UUID", +* ``%ARCHISO_SEARCH_FILENAME%``: file path on ISO 9660 that can be used by GRUB to find the ISO volume + (**for GRUB ``.cfg`` files only**). + +efiboot +------- + +This directory is mandatory when the ``uefi.systemd-boot`` bootmode is selected in ``profiledef.sh``. +It contains configuration for `systemd-boot +`_. + + .. note:: + + The directory is a top-level representation of the systemd-boot configuration directories and files found in the + root of an EFI system partition. + +The *custom template identifiers* are **only** understood in the boot loader entry `.conf` files (i.e. **not** in +``loader.conf``). Boot entries for foreign UEFI architectures will be skipped with the exception of IA32 boot entries +when building for the x86_64 architecture. + +syslinux +-------- + +This directory is mandatory when the ``bios.syslinux`` bootmode is selected in ``profiledef.sh``. +It contains configuration files for `syslinux `_ or `isolinux +`_ , or `pxelinux +`_ used in the resulting image. + +The *custom template identifiers* are understood in all `.cfg` files in this directory. + +grub +---- + +This directory is mandatory when the ``uefi.grub`` bootmode is selected in ``profiledef.sh``. +It contains configuration files for `GRUB `_ +used in the resulting image. diff --git a/docs/README.transfer.rst b/docs/README.transfer.rst new file mode 100644 index 0000000..ab99b10 --- /dev/null +++ b/docs/README.transfer.rst @@ -0,0 +1,165 @@ +============================================== +Transfer ISO to target medium (configs/releng) +============================================== + +ISO images names consist of: ``archlinux-YYYY.MM.DD-x86_64.iso``. + +Where: ``YYYY`` is the year, ``MM`` the month and ``DD`` the day. + +.. contents:: + +Burn to an optical disc +======================= + + .. note:: + All ISO images are BIOS and UEFI bootable via "El Torito" in no-emulation mode. + +Burn the ISO using your favorite disc burning program. + +For example: + +.. code:: sh + + xorriso -as cdrecord -v -sao dev=/dev/sr0 archlinux-YYYY.MM.DD-x86_64.iso + +Write to an USB flash drive / memory card / hard disk drive / solid state drive / etc. +====================================================================================== + + .. tip:: + See https://wiki.archlinux.org/title/USB_flash_installation_medium for more detailed instructions. + +Nomeclature: + +```` + Device node of the drive where ISO contents should be copied (example: ``/dev/sdx``). +```` + Device node of the partition on ```` (example: ``/dev/sdx1``). +```` + Represents the file system label of the ``archlinux-YYYY.MM.DD-x86_64.iso`` (example: ``ARCH_201703``). + +ISOHYBRID (BIOS and UEFI) +------------------------- + + .. note:: + This method is the most easily, quick and dirty, but is the most limited if you want to use your target medium + for other purposes. If using this does not work, use the `File system transposition (UEFI only)`_ method instead. + +Directly write the ISO file to the target medium: + +.. code:: sh + + dd bs=4M if=archlinux-YYYY.MM.DD-x86_64.iso of= conv=fsync oflag=direct status=progress + +File system transposition (UEFI only) +-------------------------------- + +This method extracts the contents of the ISO onto a prepared UEFI-bootable volume. + +If your drive is already partitioned and formatted, skip to the "Mount the target file system" step. + + .. note:: + Using MBR with one FAT formatted active partition is the most compatible method. + +1. Partition the drive with *fdisk*. + + .. code:: sh + + fdisk + + 1) Create a new MBR partition table with command ``o``. + + .. warning:: + This will destroy all data on the drive. + + 2) Create a new primary partition with command ``n`` and set its type code to ``0c`` with command ``t``. + + 3) Mark the partition as bootable with the ``a`` command. + + 4) Write the changes and exit with ``w``. + +2. Format the newly created partition to FAT32 + + .. code:: sh + + mkfs.fat -F 32 /dev/disk/by-id/-part1 + +3. Mount the target file system + + .. code:: sh + + mount /mnt + +4. Extract the ISO image on the target file system. + + .. code:: sh + + bsdtar -x --exclude=boot/syslinux/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt + +5. Unmount the target file system. + + .. code:: sh + + umount /mnt + +Manual formatting (BIOS only) +----------------------------- + + .. note:: + These steps are the general workflow, you can skip some of them, using another file system if your boot loader + supports it, installing to another directory than ``arch/`` or using more than one partition. Just ensure that + main boot parameters (``archisolabel=`` and ``archisobasedir=``) are set correctly according to your setup. + + Using here a MBR partition mode as example, but GPT should also work if the machine firmware is not broken. Just + ensure that partition is set with attribute ``2: legacy BIOS bootable`` and use ``gptmbr.bin`` instead of + ``mbr.bin`` for syslinux. + +1) Create one partition entry in MBR and mark it as "active" (bootable). + + .. note:: + Type ``b`` for FAT32, ``83`` for EXTFS or ``7`` for NTFS. + + .. code:: sh + + fdisk + +2) Create a FAT32, EXTFS or NTFS file system on such partition and setup a label. + + .. note:: + COW is not supported on NTFS. + + .. code:: sh + + mkfs.fat -F 32 -n + mkfs.ext4 -L + mkfs.ntfs -L + +3) Mount the target file system. + + .. code:: sh + + mount /mnt + +4) Extract the ISO image on the target file system. + + .. code:: sh + + bsdtar -x --exclude=boot/grub/ --exclude=EFI/ -f archlinux-YYYY.MM.DD-x86_64.iso -C /mnt + +5) Install the syslinux boot loader on the target file system. + + .. code:: sh + + extlinux -i /mnt/boot/syslinux + +6) Unmount the target file system. + + .. code:: sh + + umount /mnt + +7) Install syslinux MBR boot code on the target drive. + + .. code:: sh + + dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of= + diff --git a/fws/mkarchiso b/fws/mkarchiso new file mode 100644 index 0000000..73f95ea --- /dev/null +++ b/fws/mkarchiso @@ -0,0 +1,1892 @@ +#!/usr/bin/env bash +# +# SPDX-License-Identifier: GPL-3.0-or-later + +set -e -u +shopt -s extglob + +# Control the environment +umask 0022 +export LC_ALL="C.UTF-8" +[[ -v SOURCE_DATE_EPOCH ]] || printf -v SOURCE_DATE_EPOCH '%(%s)T' -1 +export SOURCE_DATE_EPOCH + +# Set application name from the script's file name +app_name="${0##*/}" + +# Define global variables. All of them will be overwritten later +pkg_list=() +bootstrap_pkg_list=() +quiet="" +work_dir="" +out_dir="" +gpg_key="" +gpg_sender="" +iso_name="" +iso_label="" +iso_uuid="" +iso_publisher="" +iso_application="" +iso_version="" +install_dir="" +arch="" +pacman_conf="" +packages="" +bootstrap_packages="" +bootstrap_parent="" +pacstrap_dir="" +search_filename="" +declare -i rm_work_dir=0 +buildmodes=() +bootmodes=() +airootfs_image_type="" +airootfs_image_tool_options=() +bootstrap_tarball_compression="" +cert_list=() +declare -A file_permissions=() +efibootimg="" +efiboot_files=() +# adapted from GRUB_EARLY_INITRD_LINUX_STOCK in https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-mkconfig.in +readonly ucodes=('intel-uc.img' 'intel-ucode.img' 'amd-uc.img' 'amd-ucode.img' 'early_ucode.cpio' 'microcode.cpio') +declare -i need_external_ucodes=0 +readonly -A uefi_arch=( + ['x86_64']='x64' + ['aarch64']='AA64' + ['riscv64']='RISCV64' + ['loongarch64']='LOONGARCH64' +) + + +# Show an INFO message +# $1: message string +_msg_info() { + local _msg="${1}" + [[ "${quiet}" == "y" ]] || printf '[%s] INFO: %s\n' "${app_name}" "${_msg}" +} + +# Show a WARNING message +# $1: message string +_msg_warning() { + local _msg="${1}" + printf '[%s] WARNING: %s\n' "${app_name}" "${_msg}" >&2 +} + +# Show an ERROR message then exit with status +# $1: message string +# $2: exit code number (with 0 does not exit) +_msg_error() { + local _msg="${1}" + local _error=${2} + printf '[%s] ERROR: %s\n' "${app_name}" "${_msg}" >&2 + if (( _error > 0 )); then + exit "${_error}" + fi +} + +# Show help usage, with an exit status. +# $1: exit status number. +_usage() { + IFS='' read -r -d '' usagetext < + options: + -A Set an application name for the ISO + Default: '${iso_application}' + -C pacman configuration file. + Default: '${pacman_conf}' + -D Set an install_dir. All files will be located here. + Default: '${install_dir}' + NOTE: Max 8 characters, use only [a-z0-9] + -L