--- /dev/null
+#!/bin/sh
+# This file is part of cloud-init. See LICENSE file for license information.
+
+# This script hooks into NetworkManager(8) via its scripts
+# arguments are 'interface-name' and 'action'
+#
+is_azure() {
+ local dmi_path="/sys/class/dmi/id/board_vendor" vendor=""
+ if [ -e "$dmi_path" ] && read vendor < "$dmi_path"; then
+ [ "$vendor" = "Microsoft Corporation" ] && return 0
+ fi
+ return 1
+}
+
+is_enabled() {
+ # only execute hooks if cloud-init is enabled and on azure
+ [ -e /run/cloud-init/enabled ] || return 1
+ is_azure
+}
+
+if is_enabled; then
+ case "$1:$2" in
+ *:up) exec cloud-init dhclient-hook up "$1";;
+ *:down) exec cloud-init dhclient-hook down "$1";;
+ esac
+fi
--- /dev/null
+# Only the system administrator should modify this file, ordinary users
+# should not have to change anything.
+
+[Daemon]
+
+# Default backends, as chosen in the configure script. This will be used
+# where no --backend="foo" option is given to the daemon.
+#
+# The order they are specified is the order they are tried, so for the
+# value "foo,bar" first "foo" will be attempted and then "bar" if the
+# libpk_backend_foo.so module load failed.
+#DefaultBackend=auto
+
+# Unlock the backend after this many seconds idle.
+#BackendShutdownTimeout=5
+
+# Shut down the daemon after this many seconds idle. 0 means don't shutdown.
+#ShutdownTimeout=300
+
+# Keep the packages after they have been downloaded
+#KeepCache=false
--- /dev/null
+# Only the system vendor should modify this file, ordinary users
+# should not have to change anything.
+
+[PackagesNotFound]
+
+# This is a link to a vendor URL which is shown when a suitable package
+# could not be found in any remote software repository.
+# The page set here should explain how to add new software repositories if required.
+#
+# If the value is set to 'none' then no link is shown.
+#
+# default=http://www.packagekit.org/pk-package-not-found.html
+DefaultUrl=https://help.ubuntu.com/community/Repositories/
+
+# The URL which is shown to the user when a codec could not be found.
+# It should explain why certain codecs cannot be used, and perhaps show
+# links to web stores where the codec can be legally purchased.
+#
+# If the value is set to 'none' then the value of DefaultUrl is used.
+#
+# default=none
+CodecUrl=http://shop.canonical.com/index.php?cPath=19&osCsid=f1e370ea7563ed5e654c10450364ff24
+
+# The URL which is shown to the user when hardware drivers could not be found.
+# It should explain why some hardware is not supported, and links to futher
+# information.
+#
+# If the value is set to 'none' then the value of DefaultUrl is used.
+#
+# default=none
+HardwareUrl=none
+
+# The URL which is shown to the user when fonts could not be found.
+# Alternatives should probably be suggested where possible.
+#
+# If the value is set to 'none' then the value of DefaultUrl is used.
+#
+# default=none
+FontUrl=none
+
+# The URL which is shown to the user when programs handing a mime tpye could not
+# be found. It should probably explain how to use wine if the program is a
+# Windows program, or suggest alternatives.
+#
+# If the value is set to 'none' then the value of DefaultUrl is used.
+#
+# default=none
+MimeUrl=none
--- /dev/null
+# Only the system vendor should modify this file, ordinary users
+# should not have to change anything.
+
+[UPower]
+
+# Enable the Watts Up Pro device.
+#
+# The Watts Up Pro contains a generic FTDI USB device without a specific
+# vendor and product ID. When we probe for WUP devices, we can cause
+# the user to get a perplexing "Device or resource busy" error when
+# attempting to use their non-WUP device.
+#
+# The generic FTDI device is known to also be used on:
+#
+# - Sparkfun FT232 breakout board
+# - Parallax Propeller
+#
+# default=false
+EnableWattsUpPro=false
+
+# Don't poll the kernel for battery level changes.
+#
+# Some hardware will send us battery level changes through
+# events, rather than us having to poll for it. This option
+# allows disabling polling for hardware that sends out events.
+#
+# default=false
+NoPollBatteries=false
+
+# Do we ignore the lid state
+#
+# Some laptops are broken. The lid state is either inverted, or stuck
+# on or off. We can't do much to fix these problems, but this is a way
+# for users to make the laptop panel vanish, a state that might be used
+# by a couple of user-space daemons. On Linux systems, see also
+# logind.conf(5).
+#
+# default=false
+IgnoreLid=false
+
+# Policy for warnings and action based on battery levels
+#
+# Whether battery percentage based policy should be used. The default
+# is to use the time left, change to true to use the percentage, which
+# should work around broken firmwares. It is also more reliable than
+# the time left (frantically saving all your files is going to use more
+# battery than letting it rest for example).
+# default=true
+UsePercentageForPolicy=true
+
+# When UsePercentageForPolicy is true, the levels at which UPower will
+# consider the battery low, critical, or take action for the critical
+# battery level.
+#
+# This will also be used for batteries which don't have time information
+# such as that of peripherals.
+#
+# If any value is invalid, or not in descending order, the defaults
+# will be used.
+#
+# Defaults:
+# PercentageLow=10
+# PercentageCritical=3
+# PercentageAction=2
+PercentageLow=10
+PercentageCritical=3
+PercentageAction=2
+
+# When UsePercentageForPolicy is false, the time remaining at which UPower
+# will consider the battery low, critical, or take action for the critical
+# battery level.
+#
+# If any value is invalid, or not in descending order, the defaults
+# will be used.
+#
+# Defaults:
+# TimeLow=1200
+# TimeCritical=300
+# TimeAction=120
+TimeLow=1200
+TimeCritical=300
+TimeAction=120
+
+# The action to take when "TimeAction" or "PercentageAction" above has been
+# reached for the batteries (UPS or laptop batteries) supplying the computer
+#
+# Possible values are:
+# PowerOff
+# Hibernate
+# HybridSleep
+#
+# If HybridSleep isn't available, Hibernate will be used
+# If Hibernate isn't available, PowerOff will be used
+CriticalPowerAction=HybridSleep
--- /dev/null
+# vim:set ft=sh sw=2 sts=2 et:
+
+if [ -z "$DBUS_SESSION_BUS_ADDRESS" ] && [ -n "$XDG_RUNTIME_DIR" ] && \
+ [ "$XDG_RUNTIME_DIR" = "/run/user/`id -u`" ] && \
+ [ -S "$XDG_RUNTIME_DIR/bus" ]; then
+ # We are under systemd-logind or something remarkably similar, and
+ # a user-session socket has already been set up.
+ #
+ # Be nice to non-libdbus, non-sd-bus implementations by using
+ # that as the session bus address in the environment. The check for
+ # XDG_RUNTIME_DIR = "/run/user/`id -u`" is because we know that
+ # form of the address, from systemd-logind, doesn't need escaping,
+ # whereas arbitrary addresses might.
+ DBUS_SESSION_BUS_ADDRESS="unix:path=$XDG_RUNTIME_DIR/bus"
+ export DBUS_SESSION_BUS_ADDRESS
+fi
+
+if [ -x "/usr/bin/dbus-update-activation-environment" ]; then
+ # tell dbus-daemon --session (and systemd --user, if running)
+ # to put a minimal subset of the Xsession's environment in activated
+ # services' environments
+ dbus-update-activation-environment --verbose --systemd \
+ DBUS_SESSION_BUS_ADDRESS DISPLAY XAUTHORITY
+fi
--- /dev/null
+# On systems with systemd running, we expect the agent to be launched
+# via systemd's user mode (see
+# /usr/lib/systemd/user/gpg-agent.{socket,service} and
+# systemd.unit(5)). This allows systemd to clean up the agent
+# automatically at logout.
+
+# If systemd is absent from your system, or you do not permit it to
+# run in user mode, then you may need to manually launch gpg-agent
+# from your session initialization with something like "gpgconf
+# --launch gpg-agent"
+
+# Nonetheless, ssh and older versions of gpg require environment
+# variables to be set in order to find the agent, so we will set those
+# here.
+
+agent_sock=$(gpgconf --list-dirs agent-socket)
+export GPG_AGENT_INFO=${agent_sock}:0:1
+if [ -n "$(gpgconf --list-options gpg-agent | \
+ awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then
+ export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+fi
+
--- /dev/null
+# /etc/adduser.conf: `adduser' configuration.
+# See adduser(8) and adduser.conf(5) for full documentation.
+
+# The DSHELL variable specifies the default login shell on your
+# system.
+DSHELL=/bin/bash
+
+# The DHOME variable specifies the directory containing users' home
+# directories.
+DHOME=/home
+
+# If GROUPHOMES is "yes", then the home directories will be created as
+# /home/groupname/user.
+GROUPHOMES=no
+
+# If LETTERHOMES is "yes", then the created home directories will have
+# an extra directory - the first letter of the user name. For example:
+# /home/u/user.
+LETTERHOMES=no
+
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+SKEL=/etc/skel
+
+# FIRST_SYSTEM_[GU]ID to LAST_SYSTEM_[GU]ID inclusive is the range for UIDs
+# for dynamically allocated administrative and system accounts/groups.
+# Please note that system software, such as the users allocated by the base-passwd
+# package, may assume that UIDs less than 100 are unallocated.
+FIRST_SYSTEM_UID=100
+LAST_SYSTEM_UID=999
+
+FIRST_SYSTEM_GID=100
+LAST_SYSTEM_GID=999
+
+# FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically
+# allocated user accounts/groups.
+FIRST_UID=1000
+LAST_UID=59999
+
+FIRST_GID=1000
+LAST_GID=59999
+
+# The USERGROUPS variable can be either "yes" or "no". If "yes" each
+# created user will be given their own group to use as a default. If
+# "no", each created user will be placed in the group whose gid is
+# USERS_GID (see below).
+USERGROUPS=yes
+
+# If USERGROUPS is "no", then USERS_GID should be the GID of the group
+# `users' (or the equivalent group) on your system.
+USERS_GID=100
+
+# If DIR_MODE is set, directories will be created with the specified
+# mode. Otherwise the default mode 0755 will be used.
+DIR_MODE=0755
+
+# If SETGID_HOME is "yes" home directories for users with their own
+# group the setgid bit will be set. This was the default for
+# versions << 3.13 of adduser. Because it has some bad side effects we
+# no longer do this per default. If you want it nevertheless you can
+# still set it here.
+SETGID_HOME=no
+
+# If QUOTAUSER is set, a default quota will be set from that user with
+# `edquota -p QUOTAUSER newuser'
+QUOTAUSER=""
+
+# If SKEL_IGNORE_REGEX is set, adduser will ignore files matching this
+# regular expression when creating a new home directory
+SKEL_IGNORE_REGEX="dpkg-(old|new|dist|save)"
+
+# Set this if you want the --add_extra_groups option to adduser to add
+# new users to other groups.
+# This is the list of groups that new non-system users will be added to
+# Default:
+#EXTRA_GROUPS="dialout cdrom floppy audio video plugdev users"
+
+# If ADD_EXTRA_GROUPS is set to something non-zero, the EXTRA_GROUPS
+# option above will be default behavior for adding new, non-system users
+#ADD_EXTRA_GROUPS=1
+
+
+# check user and group names also against this regular expression.
+#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
+
+# use extrausers by default
+#USE_EXTRAUSERS=1
--- /dev/null
+/usr/share/postgresql/12/man/man7/ABORT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_AGGREGATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_COLLATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_CONVERSION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_DATABASE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_DEFAULT_PRIVILEGES.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_DOMAIN.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_EVENT_TRIGGER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_EXTENSION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_FOREIGN_DATA_WRAPPER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_FOREIGN_TABLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_FUNCTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_GROUP.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_INDEX.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_LANGUAGE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_LARGE_OBJECT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_MATERIALIZED_VIEW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_OPERATOR.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_OPERATOR_CLASS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_OPERATOR_FAMILY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_POLICY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_PROCEDURE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_PUBLICATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_ROLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_ROUTINE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_RULE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_SCHEMA.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_SEQUENCE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_SERVER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_STATISTICS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_SUBSCRIPTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_SYSTEM.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TABLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TABLESPACE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_CONFIGURATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_DICTIONARY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_PARSER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TEXT_SEARCH_TEMPLATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TRIGGER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_TYPE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_USER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_USER_MAPPING.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ALTER_VIEW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ANALYZE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/BEGIN.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CALL.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CHECKPOINT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CLOSE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CLUSTER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/COMMENT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/COMMIT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/COMMIT_PREPARED.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/COPY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_ACCESS_METHOD.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_AGGREGATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_CAST.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_COLLATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_CONVERSION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_DATABASE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_DOMAIN.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_EVENT_TRIGGER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_EXTENSION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_FOREIGN_DATA_WRAPPER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_FOREIGN_TABLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_FUNCTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_GROUP.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_INDEX.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_LANGUAGE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_MATERIALIZED_VIEW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_OPERATOR.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_OPERATOR_CLASS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_OPERATOR_FAMILY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_POLICY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_PROCEDURE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_PUBLICATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_ROLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_RULE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_SCHEMA.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_SEQUENCE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_SERVER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_STATISTICS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_SUBSCRIPTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TABLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TABLESPACE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TABLE_AS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_CONFIGURATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_DICTIONARY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_PARSER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TEXT_SEARCH_TEMPLATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TRANSFORM.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TRIGGER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_TYPE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_USER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_USER_MAPPING.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/CREATE_VIEW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DEALLOCATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DECLARE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DELETE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DISCARD.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DO.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_ACCESS_METHOD.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_AGGREGATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_CAST.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_COLLATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_CONVERSION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_DATABASE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_DOMAIN.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_EVENT_TRIGGER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_EXTENSION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_FOREIGN_DATA_WRAPPER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_FOREIGN_TABLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_FUNCTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_GROUP.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_INDEX.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_LANGUAGE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_MATERIALIZED_VIEW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_OPERATOR.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_OPERATOR_CLASS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_OPERATOR_FAMILY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_OWNED.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_POLICY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_PROCEDURE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_PUBLICATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_ROLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_ROUTINE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_RULE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_SCHEMA.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_SEQUENCE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_SERVER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_STATISTICS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_SUBSCRIPTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TABLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TABLESPACE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_CONFIGURATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_DICTIONARY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_PARSER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TEXT_SEARCH_TEMPLATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TRANSFORM.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TRIGGER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_TYPE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_USER.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_USER_MAPPING.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/DROP_VIEW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/END.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/EXECUTE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/EXPLAIN.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/FETCH.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/GRANT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/IMPORT_FOREIGN_SCHEMA.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/INSERT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/LISTEN.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/LOAD.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/LOCK.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/MOVE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/NOTIFY.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/PREPARE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/PREPARE_TRANSACTION.7.gz
\ No newline at end of file
--- /dev/null
+Please read the update-alternatives(1) man page for information on this
+directory and its contents.
--- /dev/null
+/usr/share/postgresql/12/man/man7/REASSIGN_OWNED.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/REFRESH_MATERIALIZED_VIEW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/REINDEX.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/RELEASE_SAVEPOINT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/RESET.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/REVOKE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ROLLBACK.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ROLLBACK_PREPARED.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/ROLLBACK_TO_SAVEPOINT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SAVEPOINT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SECURITY_LABEL.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SELECT.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SELECT_INTO.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SET.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SET_CONSTRAINTS.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SET_ROLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SET_SESSION_AUTHORIZATION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SET_TRANSACTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/SHOW.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/START_TRANSACTION.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/TABLE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/TRUNCATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/UNLISTEN.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/UPDATE.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/VACUUM.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/VALUES.7.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man7/WITH.7.gz
\ No newline at end of file
--- /dev/null
+/usr/sbin/arptables-nft
\ No newline at end of file
--- /dev/null
+/usr/sbin/arptables-nft-restore
\ No newline at end of file
--- /dev/null
+/usr/sbin/arptables-nft-save
\ No newline at end of file
--- /dev/null
+/usr/bin/gawk
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/gawk.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/man7/bash-builtins.7.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/g++
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/g++.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/c89-gcc
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/c89-gcc.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/c99-gcc
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/c99-gcc.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/gcc
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/gcc.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/clusterdb.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/cpp
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/createdb.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/createuser.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/dropdb.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/dropuser.1.gz
\ No newline at end of file
--- /dev/null
+/usr/sbin/ebtables-nft
\ No newline at end of file
--- /dev/null
+/usr/sbin/ebtables-nft-restore
\ No newline at end of file
--- /dev/null
+/usr/sbin/ebtables-nft-save
\ No newline at end of file
--- /dev/null
+/bin/nano
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/nano.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/vim.basic
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/da/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/de/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/fr/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/it/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ja/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/pl/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ru/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/faked-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/es/man1/faked-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/fr/man1/faked-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/sv/man1/faked-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/fakeroot-sysv
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/fakeroot-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/es/man1/fakeroot-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/fr/man1/fakeroot-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/sv/man1/fakeroot-sysv.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/bsd-from
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/bsd-from.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/netkit-ftp
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/netkit-ftp.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/python3-futurize
\ No newline at end of file
--- /dev/null
+/usr/bin/info
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/info.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/initdb.1.gz
\ No newline at end of file
--- /dev/null
+/usr/sbin/ip6tables-legacy
\ No newline at end of file
--- /dev/null
+/usr/sbin/ip6tables-legacy-restore
\ No newline at end of file
--- /dev/null
+/usr/sbin/ip6tables-legacy-save
\ No newline at end of file
--- /dev/null
+/usr/sbin/iptables-legacy
\ No newline at end of file
--- /dev/null
+/usr/sbin/iptables-legacy-restore
\ No newline at end of file
--- /dev/null
+/usr/sbin/iptables-legacy-save
\ No newline at end of file
--- /dev/null
+/usr/bin/jsonpatch-jsondiff
\ No newline at end of file
--- /dev/null
+/usr/bin/xzcat
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzcat.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xzcmp
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzcmp.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xzdiff
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzdiff.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xzegrep
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzegrep.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xzfgrep
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzfgrep.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xzgrep
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzgrep.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xzless
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzless.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xz
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xz.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/xzmore
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/xzmore.1.gz
\ No newline at end of file
--- /dev/null
+/bin/mt-gnu
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/mt-gnu.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/gawk
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/gawk.1.gz
\ No newline at end of file
--- /dev/null
+/bin/nc.openbsd
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/nc_openbsd.1.gz
\ No newline at end of file
--- /dev/null
+/bin/nc.openbsd
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/nc_openbsd.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/man5/netkit-netrc.5.gz
\ No newline at end of file
--- /dev/null
+/etc/newt/palette.ubuntu
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/oid2name.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/less
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/less.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/python3-pasteurize
\ No newline at end of file
--- /dev/null
+/usr/bin/python3-pbr
\ No newline at end of file
--- /dev/null
+/usr/bin/netkit-ftp
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/netkit-ftp.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_archivecleanup.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_basebackup.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_checksums.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_controldata.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_ctl.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_dump.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_dumpall.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_isready.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_receivewal.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_recvlogical.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_resetwal.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_restore.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_rewind.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_standby.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_test_fsync.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_test_timing.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_upgrade.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pg_waldump.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/pgbench.1.gz
\ No newline at end of file
--- /dev/null
+/bin/nano
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/nano.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/pinentry-curses
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/pinentry-curses.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/postgres.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/postmaster.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/psql.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/scp
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/scp.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/reindexdb.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/slogin
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/slogin.1.gz
\ No newline at end of file
--- /dev/null
+/usr/sbin/rmt-tar
\ No newline at end of file
--- /dev/null
+/usr/share/man/man8/rmt-tar.8.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/ssh
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/ssh.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/vim.basic
\ No newline at end of file
--- /dev/null
+/usr/bin/vim.basic
\ No newline at end of file
--- /dev/null
+/usr/bin/sar.sysstat
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/sar.sysstat.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/telnet.netkit
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/telnet.netkit.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/plymouth/themes/ubuntu-text/ubuntu-text.plymouth
\ No newline at end of file
--- /dev/null
+/usr/bin/traceroute6.iputils
\ No newline at end of file
--- /dev/null
+/usr/share/man/man8/traceroute6.iputils.8.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/unxz
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/unxz.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/vacuumdb.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/postgresql/12/man/man1/vacuumlo.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/vim.basic
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/da/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/de/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/fr/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/it/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ja/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/pl/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ru/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/vim.basic
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/da/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/de/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/fr/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/it/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ja/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/pl/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/share/man/ru/man1/vim.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/vim.basic
\ No newline at end of file
--- /dev/null
+/usr/bin/vim.basic
\ No newline at end of file
--- /dev/null
+/etc/console-setup/vtrgb
\ No newline at end of file
--- /dev/null
+/usr/bin/w.procps
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/w.procps.1.gz
\ No newline at end of file
--- /dev/null
+/usr/bin/bsd-write
\ No newline at end of file
--- /dev/null
+/usr/share/man/man1/bsd-write.1.gz
\ No newline at end of file
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ #include <abstractions/dri-common>
+
+
+ # .ICEauthority files required for X authentication, per user
+ owner @{HOME}/.ICEauthority r,
+
+ # .Xauthority files required for X connections, per user
+ owner @{HOME}/.Xauthority r,
+ owner @{HOME}/.local/share/sddm/.Xauthority r,
+ owner /{,var/}run/gdm{,3}/*/database r,
+ owner /{,var/}run/lightdm/authority/[0-9]* r,
+ owner /{,var/}run/lightdm/*/xauthority r,
+ owner /{,var/}run/user/*/gdm/Xauthority r,
+ owner /{,var/}run/user/*/X11/Xauthority r,
+
+ # the unix socket to use to connect to the display
+ /tmp/.X11-unix/* rw,
+ unix (connect, receive, send)
+ type=stream
+ peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
+ unix (connect, receive, send)
+ type=stream
+ peer=(addr="@/tmp/.ICE-unix/[0-9]*"),
+
+ /usr/include/X11/ r,
+ /usr/include/X11/** r,
+
+ # The X tree changes and is large -- grant read access to the whole thing
+ /usr/X11R6/** r,
+ /usr/share/X11/ r,
+ /usr/share/X11/** r,
+ /usr/X11R6/**.so* mr,
+
+ # EGL
+ /usr/lib/@{multiarch}/egl/*.so* mr,
+
+ # Xcompose
+ owner @{HOME}/.XCompose r,
+
+ # mouse themes
+ /etc/X11/cursors/ r,
+ /etc/X11/cursors/** r,
+
+ # Xwayland
+ owner /run/user/*/.mutter-Xwaylandauth.* r,
--- /dev/null
+# vim:syntax=apparmor
+
+# This file contains basic permissions for Apache and every vHost
+
+ #include <abstractions/nameservice>
+
+ # Allow unconfined processes to send us signals by default
+ signal (receive) peer=unconfined,
+ # Allow apache to send us signals by default
+ signal (receive) peer=apache2,
+ # Allow other hats to signal by default
+ signal peer=apache2//*,
+ # Allow us to signal ourselves
+ signal peer=@{profile_name},
+
+ # Apache
+ network inet stream,
+ network inet6 stream,
+ # apache manual, error pages and icons
+ /usr/share/apache2/** r,
+
+ # changehat itself
+ @{PROC}/@{pid}/attr/current rw,
+
+ # htaccess files - for what ever it is worth
+ /**/.htaccess r,
+
+ /dev/urandom r,
+
+ # sasl-auth
+ /run/saslauthd/mux rw,
+
+ # OCSP stapling
+ /var/log/apache2/stapling-cache rw,
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include <abstractions/apparmor_api/introspect>
+
+@{PROC}/@{tid}/attr/{current,exec} w,
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# Make sure to include at least tunables/proc and tunables/kernelvars
+# when using this abstraction, if not tunables/global.
+
+@{PROC}/@{pids}/attr/{current,prev,exec} r,
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#permissions needed for aa_find_mountpoint
+
+# Make sure to include at least tunables/proc and tunables/kernelvars
+# when using this abstraction, if not tunables/global.
+
+@{PROC}/@{pids}/mounts r,
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# Make sure to include at least tunables/proc and tunables/kernelvars
+# when using this abstraction, if not tunables/global.
+
+@{PROC}/@{tid}/attr/{current,prev,exec} r,
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# permissions needed for aa_is_enabled
+
+# Make sure to include tunables/apparmorfs and tunables/global
+# when using this abstraction
+
+#include <abstractions/apparmor_api/find_mountpoint>
+@{sys}/module/apparmor/parameters/enabled r,
+
+# TODO: add alternate apparmorfs interface for enabled
--- /dev/null
+# vim:syntax=apparmor
+# aspell permissions
+
+ # per-user settings and dictionaries
+ owner @{HOME}/.aspell.*.{pws,prepl} rwk,
+
+ # system libraries and dictionaries
+ /usr/lib/aspell/ r,
+ /usr/lib/aspell/* r,
+ /usr/lib/aspell/*.so m,
+ /usr/share/aspell/ r,
+ /usr/share/aspell/* r,
+ /var/lib/aspell/* r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+
+/dev/admmidi* rw,
+/dev/adsp* rw,
+/dev/aload* rw,
+/dev/amidi* rw,
+/dev/audio* rw,
+/dev/dmfm* rw,
+/dev/dmmidi* rw,
+/dev/dsp* rw,
+/dev/midi* rw,
+/dev/mixer* rw,
+/dev/mpu401data rw,
+/dev/mpu401stat rw,
+/dev/patmgr* rw,
+/dev/phone* rw,
+/dev/radio* rw,
+/dev/rmidi* rw,
+/dev/sequencer rw,
+/dev/sequencer2 rw,
+/dev/smpte* rw,
+
+/dev/snd/* rw,
+/dev/sound/* rw,
+
+@{PROC}/asound/** rw,
+
+/usr/share/alsa/** r,
+/usr/share/sounds/** r,
+
+owner @{HOME}/.esd_auth r,
+/etc/asound.conf r,
+owner @{HOME}/.asoundrc r,
+/etc/esound/esd.conf r,
+
+# libao
+/etc/libao.conf r,
+owner @{HOME}/.libao r,
+
+# libcanberra
+owner @{HOME}/.cache/event-sound-cache.* rwk,
+
+# pulse
+/etc/pulse/ r,
+/etc/pulse/** r,
+/{run,dev}/shm/ r,
+owner /{run,dev}/shm/pulse-shm* rwk,
+owner @{HOME}/.pulse-cookie rwk,
+owner @{HOME}/.pulse/ rw,
+owner @{HOME}/.pulse/* rwk,
+owner /{,var/}run/user/*/pulse/ rw,
+owner /{,var/}run/user/*/pulse/{native,pid} rwk,
+owner @{HOME}/.config/pulse/*.conf r,
+owner @{HOME}/.config/pulse/client.conf.d/{,*.conf} r,
+owner @{HOME}/.config/pulse/cookie rwk,
+owner /tmp/pulse-*/ rw,
+owner /tmp/pulse-*/* rw,
+
+# libgnome2
+/etc/sound/ r,
+/etc/sound/** r,
+
+# openal
+/etc/alsa/conf.d/{,*} r,
+/etc/openal/alsoft.conf r,
+owner @{HOME}/.alsoftrc r,
+/usr/{,local/}share/openal/hrtf/{,**} r,
+owner @{HOME}/.local/share/openal/hrtf/{,**} r,
+
+# wildmidi
+/etc/wildmidi/wildmidi.cfg r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2012 Canonical Ltd
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+
+ # Some services need to perform authentication of users
+ # Such authentication almost certainly needs access to the local users
+ # databases containing passwords, PAM configuration files, PAM libraries
+ /etc/nologin r,
+ /etc/pam.d/* r,
+ /etc/securetty r,
+ /etc/security/* r,
+ /etc/shadow r,
+ /etc/gshadow r,
+ /etc/pwdb.conf r,
+
+ /{usr/,}lib{,32,64}/security/pam_filter/* mr,
+ /{usr/,}lib{,32,64}/security/pam_*.so mr,
+ /{usr/,}lib{,32,64}/security/ r,
+ /{usr/,}lib/@{multiarch}/security/pam_filter/* mr,
+ /{usr/,}lib/@{multiarch}/security/pam_*.so mr,
+ /{usr/,}lib/@{multiarch}/security/ r,
+
+ # kerberos
+ #include <abstractions/kerberosclient>
+ # SuSE's pwdutils are different:
+ /etc/default/passwd r,
+ /etc/login.defs r,
+
+ # nis
+ #include <abstractions/nis>
+
+ # winbind
+ #include <abstractions/winbind>
+
+ # likewise
+ #include <abstractions/likewise>
+
+ # smbpass
+ #include <abstractions/smbpass>
+
+ # p11-kit (PKCS#11 modules configuration)
+ #include <abstractions/p11-kit>
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+
+ # (Note that the ldd profile has inlined this file; if you make
+ # modifications here, please consider including them in the ldd
+ # profile as well.)
+
+ # The __canary_death_handler function writes a time-stamped log
+ # message to /dev/log for logging by syslogd. So, /dev/log, timezones,
+ # and localisations of date should be available EVERYWHERE, so
+ # StackGuard, FormatGuard, etc., alerts can be properly logged.
+ /dev/log w,
+ /dev/random r,
+ /dev/urandom r,
+ # Allow access to the uuidd daemon (this daemon is a thin wrapper around
+ # time and getrandom()/{,u}random and, when available, runs under an
+ # unprivilged, dedicated user).
+ /run/uuidd/request r,
+ /etc/locale/** r,
+ /etc/locale.alias r,
+ /etc/localtime r,
+ /etc/writable/localtime r,
+ /usr/share/locale-bundle/** r,
+ /usr/share/locale-langpack/** r,
+ /usr/share/locale/** r,
+ /usr/share/**/locale/** r,
+ /usr/share/zoneinfo/ r,
+ /usr/share/zoneinfo/** r,
+ /usr/share/X11/locale/** r,
+ /run/systemd/journal/dev-log w,
+ # systemd native journal API (see sd_journal_print(4))
+ /run/systemd/journal/socket w,
+ # Nested containers and anything using systemd-cat need this. 'r' shouldn't
+ # be required but applications fail without it. journald doesn't leak
+ # anything when reading so this is ok.
+ /run/systemd/journal/stdout rw,
+
+ /usr/lib{,32,64}/locale/** mr,
+ /usr/lib{,32,64}/gconv/*.so mr,
+ /usr/lib{,32,64}/gconv/gconv-modules* mr,
+ /usr/lib/@{multiarch}/gconv/*.so mr,
+ /usr/lib/@{multiarch}/gconv/gconv-modules* mr,
+
+ # used by glibc when binding to ephemeral ports
+ /etc/bindresvport.blacklist r,
+
+ # ld.so.cache and ld are used to load shared libraries; they are best
+ # available everywhere
+ /etc/ld.so.cache mr,
+ /etc/ld.so.conf r,
+ /etc/ld.so.conf.d/{,*.conf} r,
+ /etc/ld.so.preload r,
+ /{usr/,}lib{,32,64}/ld{,32,64}-*.so mr,
+ /{usr/,}lib/@{multiarch}/ld{,32,64}-*.so mr,
+ /{usr/,}lib/tls/i686/{cmov,nosegneg}/ld-*.so mr,
+ /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mr,
+ /opt/*-linux-uclibc/lib/ld-uClibc*so* mr,
+
+ # we might as well allow everything to use common libraries
+ /{usr/,}lib{,32,64}/** r,
+ /{usr/,}lib{,32,64}/**.so* mr,
+ /{usr/,}lib/@{multiarch}/** r,
+ /{usr/,}lib/@{multiarch}/**.so* mr,
+ /{usr/,}lib/tls/i686/{cmov,nosegneg}/*.so* mr,
+ /{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/*.so* mr,
+
+ # /dev/null is pretty harmless and frequently used
+ /dev/null rw,
+ # as is /dev/zero
+ /dev/zero rw,
+ # recent glibc uses /dev/full in preference to /dev/null for programs
+ # that don't have open fds at exec()
+ /dev/full rw,
+
+ # Sometimes used to determine kernel/user interfaces to use
+ @{PROC}/sys/kernel/version r,
+ # Depending on which glibc routine uses this file, base may not be the
+ # best place -- but many profiles require it, and it is quite harmless.
+ @{PROC}/sys/kernel/ngroups_max r,
+
+ # glibc's sysconf(3) routine to determine free memory, etc
+ @{PROC}/meminfo r,
+ @{PROC}/stat r,
+ @{PROC}/cpuinfo r,
+ @{sys}/devices/system/cpu/ r,
+ @{sys}/devices/system/cpu/online r,
+
+ # glibc's *printf protections read the maps file
+ @{PROC}/@{pid}/{maps,auxv,status} r,
+
+ # libgcrypt reads some flags from /proc
+ @{PROC}/sys/crypto/* r,
+
+ # some applications will display license information
+ /usr/share/common-licenses/** r,
+
+ # glibc statvfs
+ @{PROC}/filesystems r,
+
+ # glibc malloc (man 5 proc)
+ @{PROC}/sys/vm/overcommit_memory r,
+
+ # Allow determining the highest valid capability of the running kernel
+ @{PROC}/sys/kernel/cap_last_cap r,
+
+ # Allow other processes to read our /proc entries, futexes, perf tracing and
+ # kcmp for now (they will need 'read' in the first place). Administrators can
+ # override with:
+ # deny ptrace (readby) ...
+ ptrace (readby),
+
+ # Allow other processes to trace us by default (they will need 'trace' in
+ # the first place). Administrators can override with:
+ # deny ptrace (tracedby) ...
+ ptrace (tracedby),
+
+ # Allow us to ptrace read ourselves
+ ptrace (read) peer=@{profile_name},
+
+ # Allow unconfined processes to send us signals by default
+ signal (receive) peer=unconfined,
+
+ # Allow us to signal ourselves
+ signal peer=@{profile_name},
+
+ # Checking for PID existence is quite common so add it by default for now
+ signal (receive, send) set=("exists"),
+
+ # Allow us to create and use abstract and anonymous sockets
+ unix peer=(label=@{profile_name}),
+
+ # Allow unconfined processes to us via unix sockets
+ unix (receive) peer=(label=unconfined),
+
+ # Allow us to create abstract and anonymous sockets
+ unix (create),
+
+ # Allow us to getattr, getopt, setop and shutdown on unix sockets
+ unix (getattr, getopt, setopt, shutdown),
+
+ # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked
+ # filesystems generally. This does not appreciably decrease security with
+ # Ubuntu profiles because the user is expected to have access to files owned
+ # by him/her. Exceptions to this are explicit in the profiles. While this rule
+ # grants access to those exceptions, the intended privacy is maintained due to
+ # the encrypted contents of the files in this directory. Files in this
+ # directory will also use filename encryption by default, so the files are
+ # further protected. Also, with the use of 'owner', this rule properly
+ # prevents access to the files from processes running under a different uid.
+
+ # encrypted ~/.Private and old-style encrypted $HOME
+ owner @{HOME}/.Private/ r,
+ owner @{HOME}/.Private/** mrixwlk,
+ # new-style encrypted $HOME
+ owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
+ owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # user-specific bash files
+ @{HOMEDIRS} r,
+ @{HOME}/.bashrc r,
+ @{HOME}/.profile r,
+ @{HOME}/.bash_profile r,
+ @{HOME}/.bash_history rw,
+
+ # system-wide bash configuration
+ /etc/profile.dos r,
+ /etc/profile r,
+ /etc/profile.d/ r,
+ /etc/profile.d/* r,
+ /etc/bashrc r,
+ /etc/bash.bashrc r,
+ /etc/bash.bashrc.local r,
+ /etc/bash_completion r,
+ /etc/bash_completion.d/ r,
+ /etc/bash_completion.d/* r,
+
+ # bash relies on system-wide readline configuration
+ /etc/inputrc r,
+
+ # bash inspects filesystems at startup
+ /etc/mtab r,
+ @{PROC}/@{pid}/mounts r,
+ @{PROC}/filesystems r,
+
+ # probably readline wants to know terminal capabilities
+ /usr/share/terminfo/** r,
+
+ # run out of /etc/bash.bashrc
+ /etc/DIR_COLORS r,
+ /{usr/,}bin/ls mix,
+ /usr/bin/dircolors mix,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+
+ # there are three common ways to refer to consoles
+ /dev/console rw,
+ /dev/tty rw,
+ # this next entry is a tad unfortunate; /dev/tty will always be
+ # associated with the controlling terminal by the kernel, but if a
+ # program uses the /dev/pts/ interface, it actually has access to
+ # -all- xterm, sshd, etc, terminals on the system.
+ /dev/pts/[0-9]* rw,
+ /dev/pts/ r,
+
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009-2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # discoverable system configuration for non-local cupsd
+ /etc/cups/client.conf r,
+ # client should be able to talk the local cupsd
+ /{,var/}run/cups/cups.sock rw,
+ # client should be able to read user-specified cups configuration
+ owner @{HOME}/.cups/client.conf r,
+ owner @{HOME}/.cups/lpoptions r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009-2013 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # This abstraction grants full system bus access. Consider using the
+ # dbus-strict abstraction for fine-grained bus mediation.
+
+ #include <abstractions/dbus-strict>
+ dbus bus=system,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2013 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # This abstraction grants full accessibility bus access. Consider using the
+ # dbus-accessibility-strict abstraction for fine-grained bus mediation.
+
+ #include <abstractions/dbus-accessibility-strict>
+ dbus bus=accessibility,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2013 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ dbus send
+ bus=accessibility
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
+ peer=(name=org.freedesktop.DBus),
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011-2013 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # This abstraction grants full session bus access. Consider using the
+ # dbus-session-strict abstraction for fine-grained bus mediation.
+
+ #include <abstractions/dbus-session-strict>
+ /usr/bin/dbus-launch ix,
+ dbus bus=session,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011-2013 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # unique per-machine identifier
+ /etc/machine-id r,
+ /var/lib/dbus/machine-id r,
+ owner /run/user/*/bus rw,
+
+ unix (connect, receive, send)
+ type=stream
+ peer=(addr="@/tmp/dbus-*"),
+
+ # dbus with systemd and --enable-user-session
+ owner /run/user/[0-9]*/bus rw,
+
+ dbus send
+ bus=session
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
+ peer=(name=org.freedesktop.DBus),
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009-2013 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /{,var/}run/dbus/system_bus_socket rw,
+
+ dbus send
+ bus=system
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
+ peer=(name=org.freedesktop.DBus),
--- /dev/null
+# vim:syntax=apparmor
+
+# permissions for querying dconf settings; granting write access should
+# be specified in a specific application's profile.
+
+ /etc/dconf/** r,
+ owner /{,var/}run/user/*/dconf/user r,
+ owner @{HOME}/.config/dconf/user r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2014 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# used with dovecot/*
+
+ capability setgid,
+
+ deny capability block_suspend,
+
+ # dovecot's master can send us signals
+ signal receive peer=dovecot,
+
+ /{var/,}run/dovecot/config rw,
--- /dev/null
+# vim:syntax=apparmor
+
+# This file contains common DRI-specific rules useful for GUI applications
+# (needed by libdrm and similar).
+
+ /usr/lib{,32,64}/dri/** mr,
+ /usr/lib/@{multiarch}/dri/** mr,
+ /usr/lib/fglrx/dri/** mr,
+ /dev/dri/ r,
+ /dev/dri/** rw,
+ /etc/drirc r,
+ /usr/share/drirc.d/{,*.conf} r,
+ owner @{HOME}/.drirc r,
+
--- /dev/null
+# vim:syntax=apparmor
+
+# This file contains common DRI-specific rules useful for GUI applications that
+# needs to enumerate graphic devices (as with drmParsePciDeviceInfo() from
+# libdrm).
+
+ @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # abstraction for Enchant spellchecking frontend
+
+ /usr/share/enchant/ r,
+ /usr/share/enchant/enchant.ordering r,
+
+ # aspell
+ #include <abstractions/aspell>
+ /var/lib/dictionaries-common/aspell/ r,
+ /var/lib/dictionaries-common/aspell/* r,
+
+ # hspell
+ /usr/share/hspell/ r,
+ /usr/share/hspell/*.wgz.* r,
+
+ # hunspell
+ /usr/share/hunspell/ r,
+ /usr/share/hunspell/* r,
+
+ # ispell
+ /usr/lib/ispell/ r,
+ /usr/lib/ispell/*.hash r,
+ /usr/share/dict/ r,
+ /usr/share/dict/* r,
+ /var/lib/dictionaries-common/ r,
+ /var/lib/dictionaries-common/{ispell,wordlist}/ r,
+ /var/lib/dictionaries-common/{ispell,wordlist}/* r,
+
+ # myspell
+ /usr/share/myspell/ r,
+ /usr/share/myspell/** r,
+
+ # voikko
+ /usr/lib/voikko/ r,
+ /usr/lib/voikko/2/ r,
+ /usr/lib/voikko/2/mor-standard/ r,
+ /usr/lib/voikko/2/mor-standard/voikko* r,
+
+ # zemberek
+ /usr/share/java/ r,
+ /usr/share/java/zemberek-[0-9]*.jar r,
+ /usr/share/java/zemberek-tr-[0-9]*.jar r,
+
+ # per-user dictionaries
+ owner @{HOME}/.config/enchant/ rw,
+ owner @{HOME}/.config/enchant/* rwk,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ #include <abstractions/fcitx-strict>
+ dbus bus=fcitx,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ #include <abstractions/dbus-session-strict>
+
+ dbus send
+ bus=fcitx
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
+ peer=(name=org.freedesktop.DBus),
+
+ owner @{HOME}/.config/fcitx/dbus/* r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /usr/share/AbiSuite/fonts/** r,
+
+ /usr/lib/xorg/modules/fonts/**.so* mr,
+
+ /usr/share/fonts/ r,
+ /usr/share/fonts/** r,
+
+ /etc/fonts/** r,
+ # Debian, openSUSE paths are different
+ /usr/share/{fontconfig,fonts-config,*-fonts}/conf.avail/{,**} r,
+ /usr/share/ghostscript/fonts/{,**} r,
+
+ /opt/kde3/share/fonts/** r,
+
+ /usr/lib{,32,64}/openoffice/share/fonts/** r,
+
+ /var/cache/fonts/** r,
+ /var/cache/fontconfig/** mr,
+ /var/lib/defoma/** mr,
+
+ /usr/share/a2ps/fonts/** r,
+ /usr/share/xfce/fonts/** r,
+ /usr/share/ghostscript/fonts/** r,
+ /usr/share/javascript/*/fonts/** r,
+ /usr/share/texmf/{,*/}fonts/** r,
+ /usr/share/texlive/texmf-dist/fonts/** r,
+ /var/lib/ghostscript/** r,
+
+ owner @{HOME}/.fonts.conf r,
+ owner @{HOME}/.fonts/ r,
+ owner @{HOME}/.fonts/** r,
+ owner @{HOME}/.local/share/fonts/ r,
+ owner @{HOME}/.local/share/fonts/** r,
+ owner @{HOME}/.fonts.cache-2 mr,
+ owner @{HOME}/.{,cache/}fontconfig/ rw,
+ owner @{HOME}/.{,cache/}fontconfig/** mrl,
+ owner @{HOME}/.fonts.conf.d/ r,
+ owner @{HOME}/.fonts.conf.d/** r,
+ owner @{HOME}/.config/fontconfig/ r,
+ owner @{HOME}/.config/fontconfig/** r,
+
+ /usr/local/share/fonts/ r,
+ /usr/local/share/fonts/** r,
+
+ # poppler CMap tables
+ /usr/share/poppler/cMap/** r,
+
+ # data files for LibThai
+ /usr/share/libthai/thbrk.tri r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # system configuration
+ @{system_share_dirs}/applications/{**,} r,
+ @{system_share_dirs}/icons/{**,} r,
+ @{system_share_dirs}/pixmaps/{**,} r,
+
+ # communitheme snap
+ /snap/communitheme/*/share/icons/ r,
+ /snap/communitheme/*/share/icons/** r,
+
+ # mimeinfo and desktop files for snaps
+ /var/lib/snapd/desktop/applications/mimeinfo.cache r,
+ /var/lib/snapd/desktop/applications/{,*.desktop} r,
+
+ # this should probably go elsewhere
+ @{system_share_dirs}/mime/** r,
+
+ # per-user configurations
+ owner @{HOME}/.icons/ r,
+ owner @{HOME}/.recently-used.xbel* rw,
+ owner @{HOME}/.local/share/recently-used.xbel* rw,
+ owner @{HOME}/.config/user-dirs.dirs r,
+ owner @{HOME}/.config/mimeapps.list r,
+ owner @{user_share_dirs}/applications/{**,} r,
+ owner @{user_share_dirs}/icons/{**,} r,
+ owner @{user_share_dirs}/mime/{**,} r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+#include <abstractions/base>
+#include <abstractions/fonts>
+#include <abstractions/X>
+#include <abstractions/freedesktop.org>
+#include <abstractions/xdg-desktop>
+#include <abstractions/user-tmp>
+#include <abstractions/wayland>
+
+ # systemwide gtk defaults
+ /etc/gnome/gtkrc* r,
+ /etc/gtk/* r,
+ /usr/lib{,32,64}/gtk/** mr,
+ /usr/lib/@{multiarch}/gtk/** mr,
+ /usr/lib{,32,64}/gtk-[0-9]*/** mr,
+ /usr/lib/@{multiarch}/gtk-[0-9]*/** mr,
+ /usr/share/themes/ r,
+ /usr/share/themes/** r,
+
+ # communitheme snap
+ /snap/communitheme/*/share/themes/ r,
+ /snap/communitheme/*/share/themes/** r,
+
+ # for gnome 1 applications
+ /etc/orbitrc r,
+
+ # gtk-2 needed some new rights
+ /etc/fonts/* r,
+ /etc/gtk-*/* r,
+ /etc/pango/* r,
+ /usr/lib{,32,64}/pango/** mr,
+ /usr/lib{,32,64}/gtk-*/** mr,
+ /usr/lib{,32,64}/gdk-pixbuf-*/** mr,
+ /usr/lib/@{multiarch}/pango/** mr,
+ /usr/lib/@{multiarch}/gtk-*/** mr,
+ /usr/lib/@{multiarch}/gdk-pixbuf-*/** mr,
+
+ # per-user gtk configuration
+ owner @{HOME}/.config/gtk-3.0/ w,
+ owner @{HOME}/.config/gtk-3.0/* r,
+ owner @{HOME}/.gnome/Gnome r,
+ owner @{HOME}/.gtk r,
+ owner @{HOME}/.gtkrc r,
+ owner @{HOME}/.gtkrc-2.0 r,
+ owner @{HOME}/.gtk-bookmarks r,
+ owner @{HOME}/.themes/ r,
+ owner @{HOME}/.themes/** r,
+ owner @{user_share_dirs}/themes/ r,
+ owner @{user_share_dirs}/themes/** r,
+
+ # for gtk file dialog
+ owner @{HOME}/.config/gtk-2.0/ w,
+ owner @{HOME}/.config/gtk-2.0/** r,
+ owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw,
+
+ # from evolution-mail
+ owner @{HOME}/.gconfd/lock/* r,
+ owner @{HOME}/.gnome/application-info r,
+
+ # per-user font business
+ owner @{HOME}/.fonts.cache-* rwl,
+
+ # GtkComposeTable
+ owner @{HOME}/.cache/gtk-3.0/** r,
+
+ # icon caches
+ /var/cache/**/icon-theme.cache r,
+ /usr/share/**/icon-theme.cache r,
+
+ # GLib schemas
+ /usr/{local/,}share/glib-[0-9]*/schemas/ r,
+ /usr/{local/,}share/glib-[0-9]*/schemas/** r,
+
+ # gnome VFS modules
+ /etc/gnome-vfs-2.0/modules/ r,
+ /etc/gnome-vfs-2.0/modules/* r,
+ /usr/lib/gnome-vfs-2.0/modules/*.so mr,
+ /usr/lib/@{multiarch}/gnome-vfs-2.0/modules/*.so mr,
+
+ # gvfs
+ /usr/share/gvfs/remote-volume-monitors/ r,
+ /usr/share/gvfs/remote-volume-monitors/* r,
+ @{PROC}/@{pid}/mounts r,
+
+ # printing
+ /etc/papersize r,
+ /etc/cups/lpoptions r,
+ /usr/share/cups/charmaps/** r,
+
+ # holds MIT-MAGIC-COOKIE for gnome
+ owner /{,var/}run/gdm/auth*/database r,
+
+ # mime-types
+ /etc/gnome/defaults.list r,
+ /etc/xdg/{,*-}mimeapps.list r,
+ /usr/share/gnome/applications/ r,
+ /usr/share/gnome/applications/mimeinfo.cache r,
+
+ # Allow connecting to the GNOME vfs socket (still need corresponding DBus
+ # rules)
+ unix (send, receive, connect)
+ type=stream
+ peer=(addr="@/dbus-vfs-daemon/socket-*"),
--- /dev/null
+# vim:syntax=apparmor
+# gnupg sub-process running permissions
+
+ # user configurations
+ owner @{HOME}/.gnupg/options r,
+ owner @{HOME}/.gnupg/pubring.gpg r,
+ owner @{HOME}/.gnupg/pubring.kbx r,
+ owner @{HOME}/.gnupg/random_seed rw,
+ owner @{HOME}/.gnupg/secring.gpg r,
+ owner @{HOME}/.gnupg/so/*.x86_64 mr,
+ owner @{HOME}/.gnupg/trustdb.gpg rw,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # abstraction for ibus input methods
+ owner @{HOME}/.config/ibus/ r,
+ owner @{HOME}/.config/ibus/bus/ rw,
+ owner @{HOME}/.config/ibus/bus/* rw,
+
+ # abstract path in ibus < 1.5.22 uses /tmp
+ unix (connect, receive, send)
+ type=stream
+ peer=(addr="@/tmp/ibus/dbus-*"),
+
+ # abstract path in ibus >= 1.5.22 uses $XDG_CACHE_HOME (ie, @{HOME}/.cache)
+ # This should use this, but due to LP: #1856738 we cannot
+ #unix (connect, receive, send)
+ # type=stream
+ # peer=(addr="@@{HOME}/.cache/ibus/dbus-*"),
+ unix (connect, receive, send)
+ type=stream
+ peer=(addr="@/home/*/.cache/ibus/dbus-*"),
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include <abstractions/base>
+#include <abstractions/fonts>
+#include <abstractions/X>
+#include <abstractions/freedesktop.org>
+#include <abstractions/xdg-desktop>
+#include <abstractions/user-tmp>
+#include <abstractions/qt5>
+
+/etc/qt3/kstylerc r,
+/etc/qt3/qt_plugins_3.3rc r,
+/etc/qt3/qtrc r,
+/etc/kderc r,
+/etc/kde3/* r,
+/etc/kde4rc r,
+/etc/xdg/kdeglobals r,
+/etc/xdg/Trolltech.conf r,
+/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent()
+/usr/share/kubuntu-default-settings/kf5-settings/* r,
+
+owner @{HOME}/.DCOPserver_* r,
+owner @{HOME}/.ICEauthority r,
+owner @{HOME}/.fonts.* lrw,
+owner @{HOME}/.kde{,4}/share/config/kdeglobals rw,
+owner @{HOME}/.kde{,4}/share/config/*.lock rwl,
+owner @{HOME}/.qt/** rw,
+owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache
+owner @{HOME}/.config/Trolltech.conf rwk,
+owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
+owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
+owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
+owner @{HOME}/.config/kdeglobals r, # global settings, used by Breeze style, etc.
+owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so
+owner @{HOME}/.config/trashrc r, # Used by KFileWidget
+
+/usr/share/X11/XKeysymDB r,
+
+# kde3
+/usr/lib*/kde3/plugins/styles/ r,
+/usr/lib*/kde3/plugins/styles/* mr,
+/usr/lib*/kde3/lib*so* mr,
+/usr/lib/@{multiarch}/kde3/plugins/styles/ r,
+/usr/lib/@{multiarch}/kde3/plugins/styles/* mr,
+/usr/lib/@{multiarch}/kde3/lib*so* mr,
+/usr/lib*/qt3/lib*/lib*so* mr,
+/usr/lib*/qt3/plugins/** mr,
+/usr/lib/@{multiarch}/qt3/lib*/lib*so* mr,
+/usr/lib/@{multiarch}/qt3/plugins/** mr,
+/usr/lib*/libqt-mt*so* mr,
+/usr/lib*/libqui*so* mr,
+/usr/lib/@{multiarch}/libqt-mt*so* mr,
+/usr/lib/@{multiarch}/libqui*so* mr,
+/usr/share/qt3/lib*/libqt-mt*so* mr,
+/usr/share/qt3/lib*/libqui*so* mr,
+
+# kde4
+/usr/lib*/kde4/plugins/*/*.so mr,
+/usr/lib*/kde4/plugins/*/ r,
+/usr/lib*/kde4/lib*so* mr,
+/usr/lib/@{multiarch}/kde4/plugins/*/*.so mr,
+/usr/lib/@{multiarch}/kde4/plugins/*/ r,
+/usr/lib/@{multiarch}/kde4/lib*so* mr,
+/usr/lib*/qt4/lib*/lib*so* mr,
+/usr/lib*/qt4/plugins/** mr,
+/usr/lib/@{multiarch}/qt4/lib*/lib*so* mr,
+/usr/lib/@{multiarch}/qt4/plugins/** mr,
+/usr/share/qt4/** r,
--- /dev/null
+# vim:syntax=apparmor
+# Rules for changing KDE settings (for KFileDialog and other).
+
+ # User files
+
+ owner @{HOME}/.config/#[0-9]* rw,
+ owner @{HOME}/.config/kdeglobals rw,
+ owner @{HOME}/.config/kdeglobals.?????? rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/kdeglobals.lock rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# Rules for writing KDE icon cache
+
+ # User files
+
+ owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
+
--- /dev/null
+# vim:syntax=apparmor
+# Rules for changing per-application language settings on KDE. Some KDE
+# applications have "Help -> Switch Application Language..." option, that needs
+# write access to language settings file.
+
+ # User files
+
+ owner @{HOME}/.config/#[0-9]* rw,
+ owner @{HOME}/.config/klanguageoverridesrc rw,
+ owner @{HOME}/.config/klanguageoverridesrc.?????? rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/klanguageoverridesrc.lock rwk,
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # files required by kerberos client programs
+ /usr/lib{,32,64}/krb5/plugins/libkrb5/ r,
+ /usr/lib{,32,64}/krb5/plugins/libkrb5/* mr,
+ /usr/lib/@{multiarch}/krb5/plugins/libkrb5/ r,
+ /usr/lib/@{multiarch}/krb5/plugins/libkrb5/* mr,
+
+ /usr/lib{,32,64}/krb5/plugins/preauth/ r,
+ /usr/lib{,32,64}/krb5/plugins/preauth/* mr,
+ /usr/lib/@{multiarch}/krb5/plugins/preauth/ r,
+ /usr/lib/@{multiarch}/krb5/plugins/preauth/* mr,
+
+ /etc/krb5.keytab rk,
+ /etc/krb5.conf r,
+ /etc/krb5.conf.d/ r,
+ /etc/krb5.conf.d/* r,
+
+ # config files found via strings on libs
+ /etc/krb.conf r,
+ /etc/krb.realms r,
+ /etc/srvtab r,
+
+ # credential caches
+ /tmp/krb5cc* r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # files required by LDAP clients (e.g. nss_ldap/pam_ldap)
+ /etc/ldap.conf r,
+ /etc/ldap.secret r,
+ /etc/openldap/* r,
+ /etc/openldap/cacerts/* r,
+
+ # SASL plugins and config
+ /etc/sasl2/* r,
+ /usr/lib{,32,64}/sasl2/* r,
+
+ # local LDAP name service daemon
+ /{,var/}run/nslcd/socket rw,
+
+ #include <abstractions/ssl_certs>
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2015-2016 Simon Deziel
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include <abstractions/dbus-strict>
+
+ # libpam-systemd notifies systemd-logind about session logins/logouts
+ dbus send
+ bus=system
+ path=/org/freedesktop/login1
+ interface=org.freedesktop.login1.Manager
+ member={CreateSession,ReleaseSession},
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /tmp/.lwidentity/pipe rw,
+ /var/lib/likewise-open/lwidentity_privileged/pipe rw,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # mdnsd
+ /etc/mdns.allow r,
+ /etc/nss_mdns.conf r,
+ /{,var/}run/mdnsd w,
--- /dev/null
+# vim:syntax=apparmor
+# Rules for Mesa implementation of the OpenGL API
+
+ # System files
+ /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()
+
+ # Needed to check if the kernel supports the i915 perf interface
+ # (src/intel/perf/gen_perf.c, load_oa_metrics())
+ @{PROC}/sys/dev/i915/perf_stream_paranoid r,
+
+ # User files
+ owner @{HOME}/.cache/ w, # if user clears all caches
+ owner @{HOME}/.cache/mesa_shader_cache/ w,
+ owner @{HOME}/.cache/mesa_shader_cache/index rw,
+ owner @{HOME}/.cache/mesa_shader_cache/??/ w,
+ owner @{HOME}/.cache/mesa_shader_cache/??/* rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2015 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # mir libraries sometimes do not have a lib prefix
+ # see LP: #1422521
+ /usr/lib/@{multiarch}/mir/*.so* mr,
+ /usr/lib/@{multiarch}/mir/**/*.so* mr,
+
+ # unprivileged mir socket for clients
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ unix (connect, receive, send) type=stream peer=(addr="@tmp/.mozc.*"),
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2013 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /var/lib/mysql{,d}/mysql{,d}.sock rw,
+ /{var/,}run/mysql{,d}/mysql{,d}.sock rw,
+ /usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r,
+ /usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # Many programs wish to perform nameservice-like operations, such as
+ # looking up users by name or id, groups by name or id, hosts by name
+ # or IP, etc. These operations may be performed through files, dns,
+ # NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here.
+ /etc/group r,
+ /etc/host.conf r,
+ /etc/hosts r,
+ /etc/nsswitch.conf r,
+ /etc/gai.conf r,
+ /etc/passwd r,
+ /etc/protocols r,
+
+ # libtirpc (used for NIS/YP login) needs this
+ /etc/netconfig r,
+
+ # When using libnss-extrausers, the passwd and group files are merged from
+ # an alternate path
+ /var/lib/extrausers/group r,
+ /var/lib/extrausers/passwd r,
+
+ # NSS records from systemd-userdbd.service
+ /{,var/}run/systemd/userdb/ r,
+ /{,var/}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
+ @{PROC}/sys/kernel/random/boot_id r,
+
+ # When using sssd, the passwd and group files are stored in an alternate path
+ # and the nss plugin also needs to talk to a pipe
+ /var/lib/sss/mc/group r,
+ /var/lib/sss/mc/initgroups r,
+ /var/lib/sss/mc/passwd r,
+ /var/lib/sss/pipes/nss rw,
+
+ /etc/resolv.conf r,
+ # On systems where /etc/resolv.conf is managed programmatically, it is
+ # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
+ /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
+ /etc/resolvconf/run/resolv.conf r,
+ /{,var/}run/systemd/resolve/stub-resolv.conf r,
+
+ /etc/samba/lmhosts r,
+ /etc/services r,
+ # db backend
+ /var/lib/misc/*.db r,
+ # The Name Service Cache Daemon can cache lookups, sometimes leading
+ # to vast speed increases when working with network-based lookups.
+ /{,var/}run/.nscd_socket rw,
+ /{,var/}run/nscd/socket rw,
+ /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r,
+ # nscd renames and unlinks files in it's operation that clients will
+ # have open
+ /{,var/}run/nscd/db* rmix,
+
+ # The nss libraries are sometimes used in addition to PAM; make sure
+ # they are available
+ /{usr/,}lib{,32,64}/libnss_*.so* mr,
+ /{usr/,}lib/@{multiarch}/libnss_*.so* mr,
+ /etc/default/nss r,
+
+ # avahi-daemon is used for mdns4 resolution
+ /{,var/}run/avahi-daemon/socket rw,
+
+ # libnl-3-200 via libnss-gw-name
+ @{PROC}/@{pid}/net/psched r,
+ /etc/libnl-*/classid r,
+
+ # nis
+ #include <abstractions/nis>
+
+ # ldap
+ #include <abstractions/ldapclient>
+
+ # winbind
+ #include <abstractions/winbind>
+
+ # likewise
+ #include <abstractions/likewise>
+
+ # mdnsd
+ #include <abstractions/mdns>
+
+ # kerberos
+ #include <abstractions/kerberosclient>
+
+ # resolve
+ #
+ # Allow access to the safe members of the systemd-resolved D-Bus API:
+ #
+ # https://www.freedesktop.org/wiki/Software/systemd/resolved/
+ #
+ # This API may be used directly over the D-Bus system bus or it may be used
+ # indirectly via the nss-resolve plugin:
+ #
+ # https://www.freedesktop.org/software/systemd/man/nss-resolve.html
+ #
+ #include <abstractions/dbus-strict>
+ dbus send
+ bus=system
+ path="/org/freedesktop/resolve1"
+ interface="org.freedesktop.resolve1.Manager"
+ member="Resolve{Address,Hostname,Record,Service}"
+ peer=(name="org.freedesktop.resolve1"),
+
+ # libnss-systemd
+ #
+ # https://systemd.io/USER_GROUP_API/
+ # https://systemd.io/USER_RECORD/
+ # https://www.freedesktop.org/software/systemd/man/nss-systemd.html
+ #
+ # Allow User/Group lookups via common VarLink socket APIs. Applications need
+ # to either consult all of them or the io.systemd.Multiplexer frontend.
+ /run/systemd/userdb/ r,
+ /run/systemd/userdb/io.systemd.Multiplexer rw,
+ /run/systemd/userdb/io.systemd.DynamicUser rw, # systemd-exec users
+ /run/systemd/userdb/io.systemd.Home rw, # systemd-home dirs
+ /run/systemd/userdb/io.systemd.NameServiceSwitch rw, # UNIX/glibc NSS
+
+ # Also allow lookups for systemd-exec's DynamicUsers via D-Bus
+ # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+ dbus send
+ bus=system
+ path="/org/freedesktop/systemd1"
+ interface="org.freedesktop.systemd1.Manager"
+ member="{GetDynamicUsers,LookupDynamicUserByName,LookupDynamicUserByUID}"
+ peer=(name="org.freedesktop.systemd1"),
+
+ # TCP/UDP network access
+ network inet stream,
+ network inet6 stream,
+ network inet dgram,
+ network inet6 dgram,
+
+ # TODO: adjust when support finer-grained netlink rules
+ # Netlink raw needed for nscd
+ network netlink raw,
+
+ # interface details
+ @{PROC}/@{pid}/net/route r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # NIS rules
+ /var/yp/binding/* r,
+ # portmapper may ask root processes to do nis/ldap at low ports
+ capability net_bind_service,
+
--- /dev/null
+# vim:syntax=apparmor
+# nvidia access requirements
+
+ # configuration queries
+ capability ipc_lock,
+
+ /usr/share/nvidia/nvidia-application-profiles* r,
+
+ # libvdpau config file for nvidia workarounds
+ /etc/vdpau_wrapper.cfg r,
+
+ # device files
+ /dev/nvidiactl rw,
+ /dev/nvidia-modeset rw,
+ /dev/nvidia[0-9]* rw,
+
+ @{PROC}/interrupts r,
+ @{PROC}/sys/vm/max_map_count r,
+ @{PROC}/driver/nvidia/params r,
+ @{PROC}/modules r,
+
+ @{sys}/devices/system/memory/block_size_bytes r,
+
+ owner @{HOME}/.nv/ w,
+ owner @{HOME}/.nv/GLCache/ rw,
+ owner @{HOME}/.nv/GLCache/** rwk,
+
+ unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements
+
+ # TODO: use conditionals to select allowed implementations
+ #include <abstractions/opencl-intel>
+ #include <abstractions/opencl-mesa>
+ #include <abstractions/opencl-nvidia>
+ #include <abstractions/opencl-pocl>
+
--- /dev/null
+# vim:syntax=apparmor
+# implementation-independent OpenCL access requirements
+
+ # System files
+
+ /etc/OpenCL/** r,
+ @{sys}/bus/pci/devices/ r, # libpocl.so -> libhwlock.so, libnvidia-opencl.so, beignet/libcl.so -> libdrm_intel.so
+ @{sys}/devices/system/node/ r, # for clGetPlatformIDs() from libOpenCL.so
+ @{sys}/devices/system/node/node[0-9]*/meminfo r, # for clGetPlatformIDs() from libOpenCL.so
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for Intel implementation
+
+ #include <abstractions/opencl-common>
+
+ # for libcl.so (libOpenCL.so -> beignet/libcl.so calls XOpenDisplay())
+ #include <abstractions/X>
+
+ # for libOpenCL.so -> beignet/libcl.so -> libpciaccess.so
+ #include <abstractions/dri-enumerate>
+
+ # System files
+
+ /dev/dri/card[0-9]* rw, # beignet/libcl.so
+ @{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?)
+ /usr/lib/@{multiarch}/beignet/** r,
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for Mesa implementation
+
+ #include <abstractions/opencl-common>
+
+ # Additional libraries
+
+ /usr/lib/@{multiarch}/gallium-pipe/*.so mr, # libMesaOpenCL.so
+ /usr/lib{,64}/gallium-pipe/*.so mr, # libMesaOpenCL.so on openSUSE
+
+ # System files
+
+ /dev/dri/ r, # libMesaOpenCL.so -> libdrm.so
+ /dev/dri/render* rw, # libMesaOpenCL.so
+ /etc/drirc r, # libMesaOpenCL.so
+
+ # User files
+
+ owner @{HOME}/.cache/mesa_shader_cache/{,**} rw, # libMesaOpenCL.so -> pipe_nouveau.so
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for NVIDIA implementation
+
+ #include <abstractions/nvidia>
+ #include <abstractions/opencl-common>
+
+ # Executables
+
+ # https://github.com/NVIDIA/nvidia-modprobe
+ # This setuid executable is used to create various device files and load the
+ # the nvidia kernel module.
+ /usr/bin/nvidia-modprobe Px -> nvidia_modprobe,
+
+ # System files
+
+ # libnvidia-opencl.so rules:
+ /dev/nvidia-uvm rw,
+ /dev/nvidia-uvm-tools rw,
+ @{sys}/devices/pci[0-9]*/**/config r,
+ @{sys}/devices/system/memory/block_size_bytes r,
+ /usr/share/nvidia/** r,
+ @{PROC}/devices r,
+ @{PROC}/sys/vm/mmap_min_addr r,
+
+ # User files
+
+ owner @{HOME}/.nv/ComputeCache/ w,
+ owner @{HOME}/.nv/ComputeCache/** rw,
+ owner @{HOME}/.nv/ComputeCache/index rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for POCL implementation
+
+ #include <abstractions/opencl-common>
+
+ # Executables
+
+ /usr/bin/{,@{multiarch}-}ld.bfd Cx -> opencl_pocl_ld,
+ /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang Cx -> opencl_pocl_clang,
+
+ # System files
+
+ / r, # libpocl.so -> libhwloc.so
+ @{sys}/bus/pci/slots/ r, # libpocl.so -> hwloc_topology_load() from libhwloc.so
+ @{sys}/bus/{cpu,node}/devices/ r, # libpocl.so -> libhwlock.so
+ @{sys}/class/net/ r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so
+ @{sys}/devices/pci[0-9]*/**/ r, # for libpocl -> hwloc_linux_lookup_block_class() from libhwloc.so
+ @{sys}/devices/pci[0-9]*/**/block/*/dev r, # libpocl.so -> hwloc_linux_lookup_host_block_class() from libhwloc.so
+ @{sys}/devices/pci[0-9]*/**/{class,local_cpus} r, # libpocl.so -> libhwlock.so
+ @{sys}/devices/pci[0-9]*/*/net/*/address r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so
+ @{sys}/devices/system/cpu/ r, # libpocl.so -> libnuma.so
+ @{sys}/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/* r, # libpocl.so -> libhwloc.so
+ @{sys}/devices/system/cpu/cpu[0-9]*/online r, # libpocl.so -> libhwlock.so
+ @{sys}/devices/system/cpu/cpu[0-9]*/topology/* r, # *_siblings, physical_package_id and lot's of others, for libpocl.so -> libhwloc.so
+ @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/* r, # for clGetPlatformIDs() from libpocl.so
+ @{sys}/devices/system/cpu/possible r, # libpocl.so -> libhwloc.so
+ @{sys}/devices/virtual/dmi/id/{,*} r, # libpocl.so -> libhwloc.so
+ @{sys}/fs/cgroup/cpuset/cpuset.{cpus,mems} r, # libpocl.so -> libhwloc.so
+ @{sys}/kernel/mm/hugepages{/,/**} r, # libpocl.so -> libhwloc.so
+ /usr/share/pocl/** r,
+ /{,var/}run/udev/data/*:* r, # libpocl.so -> hwloc_linux_block_class_fillinfos() from libhwloc.so
+
+ # User files
+
+ owner @{HOME}/.cache/pocl/ w,
+ owner @{HOME}/.cache/pocl/kcache/ w,
+ owner @{HOME}/.cache/pocl/kcache/** rw,
+ owner @{HOME}/.cache/pocl/kcache/**.so mrw, # dangerous!
+ owner @{PROC}/@{pid}/{cgroup,cpuset,status} r, # libpocl.so -> libhwloc.so, status for libpocl.so -> libnuma.so
+
+ # Child profiles
+
+ profile opencl_pocl_ld {
+ #include <abstractions/base>
+
+ # Main executables
+
+ /usr/bin/{,@{multiarch}-}ld.bfd mr,
+
+ # User files
+
+ owner @{HOME}/.cache/pocl/kcache/tempfile*.so rw,
+ owner @{HOME}/.cache/pocl/kcache/**.so.o r,
+ }
+
+ profile opencl_pocl_clang {
+ #include <abstractions/base>
+
+ # Main executables
+
+ /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang mr,
+
+ # Additional executables
+
+ /usr/bin/{,@{multiarch}-}ld.bfd ix, # TODO: transfer to opencl_ld child profile?
+
+ # System files
+
+ /etc/debian-version r,
+ /etc/lsb-release r,
+
+ # User files
+
+ owner @{HOME}/.cache/pocl/kcache/*/*/*/*/*.so{,.o} rw,
+ }
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /etc/ssl/openssl.cnf r,
+ /usr/share/ssl/openssl.cnf r,
+ @{PROC}/sys/crypto/fips_enabled r,
+
--- /dev/null
+# vim:syntax=apparmor
+# orbit2 permissions
+
+ # system library
+ /usr/lib/orbit-2.0/*.so mr,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /etc/pkcs11/ r,
+ /etc/pkcs11/pkcs11.conf r,
+ /etc/pkcs11/modules/ r,
+ /etc/pkcs11/modules/* r,
+
+ /usr/lib{,32,64}/pkcs11/*.so mr,
+ /usr/lib/@{multiarch}/pkcs11/*.so mr,
+
+ /usr/share/p11-kit/modules/ r,
+ /usr/share/p11-kit/modules/* r,
+
+ # gnome-keyring pkcs11 module
+ owner /{,var/}run/user/[0-9]*/keyring*/pkcs11 rw,
+
+ # p11-kit also supports reading user configuration from ~/.pkcs11 depending
+ # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
+ # included in this abstraction.
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # a few files typically required for perl scripts
+ /usr/bin/perl rmix,
+ /usr/bin/perl[0-9].[0-9].[0-9] rmix,
+
+ /usr/lib{,32,64}/perl5/** r,
+ /usr/lib{,32,64}/perl{,5}/**.so* mr,
+ /usr/lib/@{multiarch}/perl{,5,-base}/** r,
+ /usr/lib/@{multiarch}/perl{,5,-base}/[0-9]*/**.so* mr,
+
+ /usr/share/perl/** r,
+ /usr/share/perl5/** r,
+ /etc/perl/** r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2009-2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # shared snippets for config files
+ /etc/php{,5,7}/**/ r,
+ /etc/php{,5,7}/**.ini r,
+
+ # Xlibs
+ /usr/X11R6/lib{,32,64}/lib*.so* mr,
+ # php extensions
+ /usr/lib{64,}/php{,5,7}/*/*.so mr,
+
+ # ICU (unicode support) data tables
+ /usr/share/icu/*/*.dat r,
+
+ # php session mmap socket
+ /var/lib/php{,5,7}/session_mm_* rwlk,
+ # file based session handler
+ /var/lib/php{,5,7}/sess_* rwlk,
+ /var/lib/php{,5,7}/sessions/* rwlk,
+
+ # php libraries
+ /usr/share/php{,5,7}/ r,
+ /usr/share/php{,5,7}/** mr,
+
+ # MySQL extension
+ /usr/share/mysql/** r,
+
+ # Zend opcache
+ /tmp/.ZendSem.* rwlk,
--- /dev/null
+#backwards compatibility include, actual abstraction moved from php5 to php
+
+#include <abstractions/php>
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (C) 2015 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# used with postfix/*
+
+
+ capability setuid,
+ capability setgid,
+ capability sys_chroot,
+
+ # postfix's master can send us signals
+ signal receive peer=/usr/lib/postfix/master,
+ signal receive peer=postfix-master,
+
+ unix (send, receive) peer=(label=/usr/lib/postfix/master),
+ unix (send, receive) peer=(label=postfix-master),
+
+ /etc/mailname r,
+ /etc/postfix/*.cf r,
+ /etc/postfix/*.db rk,
+ @{PROC}/net/if_inet6 r,
+ /usr/lib/postfix/*.so mr,
+ /usr/lib{,32,64}/sasl2/* mr,
+ /usr/lib{,32,64}/sasl2/ r,
+ /usr/lib/@{multiarch}/sasl2/* mr,
+ /usr/lib/@{multiarch}/sasl2/ r,
+
+ /var/spool/postfix/etc/* r,
+ /var/spool/postfix/lib/lib*.so* mr,
+ /var/spool/postfix/lib/@{multiarch}/lib*.so* mr,
--- /dev/null
+# vim:syntax=apparmor
+# privacy-violations contains rules for common files that you want to
+# explicitly deny access
+
+ # privacy violations (don't audit files under $HOME otherwise get a
+ # lot of false positives when reading contents of directories)
+ deny @{HOME}/.*history mrwkl,
+ deny @{HOME}/.fetchmail* mrwkl,
+ deny @{HOME}/.mutt** mrwkl,
+ deny @{HOME}/.viminfo* mrwkl,
+ deny @{HOME}/.*~ mrwkl,
+ deny @{HOME}/.*.swp mrwkl,
+ deny @{HOME}/.*~1~ mrwkl,
+ deny @{HOME}/.*.bak mrwkl,
+
+ # special attention to (potentially) executable files
+ audit deny @{HOME}/bin/{,**} wl,
+ audit deny @{HOME}/.config/ w,
+ audit deny @{HOME}/.config/autostart/{,**} wl,
+ audit deny @{HOME}/.config/upstart/{,**} wl,
+ audit deny @{HOME}/.init/{,**} wl,
+ audit deny @{HOME}/.kde{,4}/ w,
+ audit deny @{HOME}/.kde{,4}/Autostart/{,**} wl,
+ audit deny @{HOME}/.kde{,4}/env/{,**} wl,
+ audit deny @{HOME}/.local/{,share/} w,
+ audit deny @{HOME}/.local/share/thumbnailers/{,**} wl,
+ audit deny @{HOME}/.pki/ w,
+ audit deny @{HOME}/.pki/nssdb/{,*.so{,.[0-9]*}} wl,
+
+ # don't allow reading/updating of run control files
+ deny @{HOME}/.*rc mrk,
+ audit deny @{HOME}/.*rc wl,
+
+ # bash
+ deny @{HOME}/.bash* mrk,
+ audit deny @{HOME}/.bash* wl,
+ deny @{HOME}/.inputrc mrk,
+ audit deny @{HOME}/.inputrc wl,
+
+ # sh/dash/csh/tcsh/pdksh/zsh
+ deny @{HOME}/.{,z}profile* mrk,
+ audit deny @{HOME}/.{,z}profile* wl,
+ deny @{HOME}/.{,z}log{in,out} mrk,
+ audit deny @{HOME}/.{,z}log{in,out} wl,
+
+ deny @{HOME}/.zshenv mrk,
+ audit deny @{HOME}/.zshenv wl,
--- /dev/null
+# vim:syntax=apparmor
+# privacy-violations-strict contains additional rules for sensitive
+# files that you want to explicitly deny access
+
+ #include <abstractions/private-files>
+
+ # potentially extremely sensitive files
+ audit deny @{HOME}/.aws/{,**} mrwkl,
+ audit deny @{HOME}/.gnupg/{,**} mrwkl,
+ audit deny @{HOME}/.ssh/{,**} mrwkl,
+ audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
+ audit deny @{HOME}/.gnome2/ w,
+ audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
+ # don't allow access to any gnome-keyring modules
+ audit deny /{,var/}run/user/[0-9]*/keyring** mrwkl,
+ audit deny @{HOME}/.mozilla/{,**} mrwkl,
+ audit deny @{HOME}/.config/ w,
+ audit deny @{HOME}/.config/chromium/{,**} mrwkl,
+ audit deny @{HOME}/.config/evolution/{,**} mrwkl,
+ audit deny @{HOME}/.evolution/{,**} mrwkl,
+ audit deny @{HOME}/.{,mozilla-}thunderbird/{,**} mrwkl,
+ audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
+ audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl,
+ audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
+
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{pyc,so} mr,
+ /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{egg,py,pth} r,
+ /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/{site,dist}-packages/ r,
+ /usr/lib{,32,64}/python3.[0-9]/lib-dynload/*.so mr,
+
+ /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{pyc,so} mr,
+ /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{egg,py,pth} r,
+ /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/ r,
+ /usr/local/lib{,32,64}/python3.[0-9]/lib-dynload/*.so mr,
+
+ # Site-wide configuration
+ /etc/python{2.[4-7],3.[0-9]}/** r,
+
+ # shared python paths
+ /usr/share/{pyshared,pycentral,python-support}/** r,
+ /{var,usr}/lib/{pyshared,pycentral,python-support}/** r,
+ /usr/lib/{pyshared,pycentral,python-support}/**.so mr,
+ /var/lib/{pyshared,pycentral,python-support}/**.pyc mr,
+ /usr/lib/python3/dist-packages/**.so mr,
+
+ # wx paths
+ /usr/lib/wx/python/*.pth r,
+
+ # python build configuration and headers
+ /usr/include/python{2.[4-7],3.[0-9]}*/pyconfig.h r,
--- /dev/null
+# vim:syntax=apparmor
+# Common rules for Qt5-based applications
+
+ # Additional libraries
+
+ /usr/lib{,64,/@{multiarch}}/qt5/plugins/**.so mr,
+ /usr/lib{,64,/@{multiarch}}/qt5/qml/**.so mr,
+ /usr/lib{,64,/@{multiarch}}/qt5/qml/**.{qmlc,jsc} mr, # Precompiled QML/JavaScript modules
+
+ # System files
+
+ /etc/xdg/QtProject/qtlogging.ini r,
+ /usr/share/qt5/translations/*.qm r,
+ /usr/lib{,64,/@{multiarch}}/qt5/plugins/** r,
+ /usr/lib{,64,/@{multiarch}}/qt5/qml/** r,
+
+ # User files
+
+ owner @{HOME}/.config/QtProject/qtlogging.ini r,
+ owner @{HOME}/.config/QtProject.conf r, # common settings for QFileDialog, etc (application might need write access)
+ owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, # for "platforminputcontexts" plugins
+
--- /dev/null
+# vim:syntax=apparmor
+# Allow writing cache for Qt5 "platforminputcontexts" plugins
+
+ # User files
+
+ owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* rwl -> @{HOME}/.cache/#[0-9]*[0-9],
+ owner @{HOME}/.cache/#[0-9]*[0-9] rw, # QSaveFile (anonymous shared memory)
+
--- /dev/null
+# vim:syntax=apparmor
+# Allow writing shared settings for Qt-based applications
+
+ # User files
+
+ owner @{HOME}/.config/#[0-9]*[0-9] rw,
+ owner @{HOME}/.config/QtProject.conf rwl -> @{HOME}/.config/#[0-9]*[0-9],
+ # for temporary files like QtProject.conf.Aqrgeb
+ owner @{HOME}/.config/QtProject.conf.?????? rwl -> @{HOME}/.config/#[0-9]*[0-9],
+ owner @{HOME}/.config/QtProject.conf.lock rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# Allow updating recent documents
+
+ # User files
+
+ owner @{HOME}/.local/share/RecentDocuments/ rw,
+ owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw,
+ owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*,
+ owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/ r,
+ /usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/**.rb r,
+ /usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/*-linux/**.so mr,
+
+ /usr/{,local/}lib{,32,64}/ruby/{site,vendor}_ruby/1.[89]{.[0-9],}/ r,
+ /usr/{,local/}lib{,32,64}/ruby/{site,vendor}_ruby/1.[89]{.[0-9],}/**.rb r,
+ /usr/{,local/}lib{,32,64}/ruby/{site,vendor}_ruby/1.[89]{.[0-9],}/*-linux/**.so mr,
+
+ /usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/ r,
+ /usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/** r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009-2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /etc/samba/* r,
+ /usr/lib*/ldb/*.so mr,
+ /usr/lib*/samba/ldb/*.so mr,
+ /usr/share/samba/*.dat r,
+ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
+ /var/cache/samba/ w,
+ /var/cache/samba/lck/* rwk,
+ /var/lib/samba/** rwk,
+ /var/log/samba/cores/ rw,
+ /var/log/samba/cores/** rw,
+ /var/log/samba/* w,
+ /{,var/}run/samba/ w,
+ /{,var/}run/samba/*.tdb rw,
+
+ # required for clustering
+ /var/lib/ctdb/** rwk,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # libpam-smbpass/pam_smbpass.so permissions
+ /var/lib/samba/*.[lt]db rwk,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (C) 2010-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /etc/ssl/ r,
+ /etc/ssl/certs/ r,
+ /etc/ssl/certs/* r,
+ /etc/pki/trust/ r,
+ /etc/pki/trust/* r,
+ /etc/pki/trust/anchors/ r,
+ /etc/pki/trust/anchors/** r,
+ /usr/share/ca-certificates/ r,
+ /usr/share/ca-certificates/** r,
+ /usr/share/ssl/certs/ca-bundle.crt r,
+ /usr/local/share/ca-certificates/ r,
+ /usr/local/share/ca-certificates/** r,
+ /var/lib/ca-certificates/ r,
+ /var/lib/ca-certificates/** r,
+
+ # acmetool
+ /var/lib/acme/certs/*/chain r,
+ /var/lib/acme/certs/*/cert r,
+
+ # dehydrated
+ /{etc,var/lib}/dehydrated/certs/*/cert*.pem r,
+ /{etc,var/lib}/dehydrated/certs/*/chain*.pem r,
+ /{etc,var/lib}/dehydrated/certs/*/fullchain*.pem r,
+ /{etc,var/lib}/dehydrated/certs/*/ocsp*.der r,
+
+ # certbot
+ /etc/letsencrypt/archive/*/cert*.pem r,
+ /etc/letsencrypt/archive/*/chain*.pem r,
+ /etc/letsencrypt/archive/*/fullchain*.pem r,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # private ssl permissions
+
+ # Just include the whole /etc/ssl directory if we should have access to
+ # private keys too
+ /etc/ssl/ r,
+ /etc/ssl/** r,
+
+ # acmetool
+ /var/lib/acme/live/* r,
+ /var/lib/acme/certs/** r,
+ /var/lib/acme/keys/** r,
+
+ # dehydrated
+ /{etc,var/lib}/dehydrated/certs/*/privkey*.pem r,
+
+ # certbot / letsencrypt
+ /etc/letsencrypt/archive/*/privkey*.pem r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # This little snippet should abstract the read/write access to a repository.
+ # it is intended to be included in profiles for svnserve/apache2 and maybe
+ # some repository viewers like trac/viewvc
+
+ # no hooks exec by default; please define whatever you need explicitely.
+
+ /srv/svn/**/conf/* r,
+ /srv/svn/**/format r,
+ /srv/svn/**/db/fs-type r,
+ /srv/svn/**/db/format r,
+
+ # FSFS
+ /srv/svn/**/db/ r,
+ /srv/svn/**/db/uuid r,
+ /srv/svn/**/db/write-lock rwl,
+ /srv/svn/**/db/current rwl,
+ /srv/svn/**/db/current*.tmp rwl,
+ /srv/svn/**/db/revs/ r,
+ /srv/svn/**/db/revs/* rw,
+ /srv/svn/**/db/revprops/ r,
+ /srv/svn/**/db/revprops/* rw,
+ /srv/svn/**/db/transactions/** rw,
+
+ # BDB
+ /srv/svn/**/db/DB_CONFIG r,
+ /srv/svn/**/db/__db.[0-9]* rwl,
+ /srv/svn/**/db/log.[0-9]* rwl,
+ /srv/svn/**/db/nodes rwl,
+ /srv/svn/**/db/revisions rwl,
+ /srv/svn/**/db/transactions rwl,
+ /srv/svn/**/db/copies rwl,
+ /srv/svn/**/db/changes rwl,
+ /srv/svn/**/db/representations rwl,
+ /srv/svn/**/db/strings rwl,
+ /srv/svn/**/db/uuids rwl,
+ /srv/svn/**/db/locks rwl,
+ /srv/svn/**/db/lock-tokens rwl,
+
+ # temp files
+ /tmp/apr* rwl,
+ /var/tmp/apr* rwl,
+ /tmp/report*.tmp rwl,
--- /dev/null
+# vim:syntax=apparmor
+#
+# abstraction for allowing graphical bittorrent clients in Ubuntu
+#
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ /usr/bin/azureus Cxr -> sanitized_helper,
+ /usr/bin/bitstormlite Cxr -> sanitized_helper,
+ /usr/bin/btmaketorrentgui Cxr -> sanitized_helper,
+ /usr/bin/deluge{,-gtk,-console} Cxr -> sanitized_helper,
+ /usr/bin/gnome-btdownload Cxr -> sanitized_helper,
+ /usr/bin/kget Cxr -> sanitized_helper,
+ /usr/bin/ktorrent Cxr -> sanitized_helper,
+ /usr/bin/qbittorrent Cxr -> sanitized_helper,
+ /usr/bin/transmission{,-gtk,-qt,-cli} Cxr -> sanitized_helper,
--- /dev/null
+# vim:syntax=apparmor
+#
+# abstraction for allowing access to graphical browsers in Ubuntu
+#
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ /usr/bin/arora Cx -> sanitized_helper,
+ /usr/bin/conkeror Cx -> sanitized_helper,
+ /usr/bin/dillo Cx -> sanitized_helper,
+ /usr/bin/Dooble Cx -> sanitized_helper,
+ /usr/bin/epiphany Cx -> sanitized_helper,
+ /usr/bin/epiphany-browser Cx -> sanitized_helper,
+ /usr/bin/epiphany-webkit Cx -> sanitized_helper,
+ /usr/lib/fennec-*/fennec Cx -> sanitized_helper,
+ /usr/bin/galeon Cx -> sanitized_helper,
+ /usr/bin/kazehakase Cx -> sanitized_helper,
+ /usr/bin/konqueror Cx -> sanitized_helper,
+ /usr/bin/midori Cx -> sanitized_helper,
+ /usr/bin/netsurf Cx -> sanitized_helper,
+ /usr/bin/prism Cx -> sanitized_helper,
+ /usr/bin/rekonq Cx -> sanitized_helper,
+ /usr/bin/seamonkey Cx -> sanitized_helper,
+ /usr/bin/sensible-browser Pixr,
+
+ /usr/bin/chromium{,-browser} Cx -> sanitized_helper,
+ /usr/lib{,64}/chromium{,-browser}/chromium{,-browser} Cx -> sanitized_helper,
+
+ # this should cover all firefox browsers and versions (including shiretoko
+ # and abrowser)
+ /usr/bin/firefox Cxr -> sanitized_helper,
+ /usr/lib{,64}/firefox*/firefox* Cx -> sanitized_helper,
+
+ # Iceweasel
+ /usr/bin/iceweasel Cxr -> sanitized_helper,
+ /usr/lib/iceweasel/iceweasel Cx -> sanitized_helper,
+
+ # some unpackaged, but popular browsers
+ /usr/lib/icecat-*/icecat Cx -> sanitized_helper,
+ /usr/bin/opera Cx -> sanitized_helper,
+ /opt/google/chrome{,-beta,-unstable}/google-chrome{,-beta,-unstable} Cx -> sanitized_helper,
--- /dev/null
+# vim:syntax=apparmor
+
+ # Java plugin
+ owner @{HOME}/.java/deployment/deployment.properties k,
+ /etc/java-*/ r,
+ /etc/java-*/** r,
+ /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}lib/*/IcedTeaPlugin.so mr,
+ /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}lib/*/IcedTeaPlugin.so mr,
+ /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}bin/java cx -> browser_openjdk,
+ /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}bin/java cx -> browser_openjdk,
+ /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx -> browser_java,
+ /usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx -> browser_java,
+ /usr/lib/j2*-ibm/jre/bin/java cx -> browser_java,
+ owner /{,var/}run/user/*/icedteaplugin-*/ rw,
+ owner /{,var/}run/user/*/icedteaplugin-*/** rwk,
+
+ # Profile for the supported OpenJDK in Ubuntu. This doesn't require the
+ # unfortunate workarounds of the proprietary Javas, so have a separate
+ # profile.
+ profile browser_openjdk {
+ #include <abstractions/base>
+ #include <abstractions/fonts>
+ #include <abstractions/gnome>
+ #include <abstractions/kde>
+ #include <abstractions/nameservice>
+ #include <abstractions/ssl_certs>
+ #include <abstractions/user-tmp>
+ #include <abstractions/private-files-strict>
+
+ network inet stream,
+ network inet6 stream,
+ @{PROC}/@{pid}/net/if_inet6 r,
+ @{PROC}/@{pid}/net/ipv6_route r,
+
+ /etc/java-*/ r,
+ /etc/java-*/** r,
+ /etc/lsb-release r,
+ /etc/ssl/certs/java/* r,
+ /etc/timezone r,
+ /etc/writable/timezone r,
+
+ @{PROC}/@{pid}/ r,
+ @{PROC}/@{pid}/fd/ r,
+ @{PROC}/filesystems r,
+ @{sys}/devices/system/cpu/ r,
+ @{sys}/devices/system/cpu/** r,
+ /usr/share/** r,
+ /var/lib/dbus/machine-id r,
+
+ /usr/bin/env ix,
+ /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk/{,jre/}bin/java ix,
+ /usr/lib/jvm/java-[1-9]{,[0-9]}-openjdk-{amd64,armel,armhf,i386,powerpc}/{,jre/}bin/java ix,
+ /usr/lib/jvm/java-{6,7}-openjdk*/jre/lib/i386/client/classes.jsa m,
+
+ # Why would java need this?
+ deny /usr/bin/gconftool-2 x,
+
+ owner /{,var/}run/user/[0-9]*/icedteaplugin-*-*/[0-9]*-icedteanp-appletviewer-to-plugin rw,
+ owner /{,var/}run/user/[0-9]*/icedteaplugin-*-*/[0-9]*-icedteanp-plugin-{,debug-}to-appletviewer r,
+ owner @{HOME}/ r,
+ owner @{HOME}/** rwk,
+ }
+
+ # Profile for commercial Javas. These need workarounds to work right (eg
+ # Sun's forcing of an executable stack (LP: #535247)).
+ profile browser_java {
+ #include <abstractions/base>
+ #include <abstractions/fonts>
+ #include <abstractions/gnome>
+ #include <abstractions/kde>
+ #include <abstractions/nameservice>
+ #include <abstractions/ssl_certs>
+ #include <abstractions/user-tmp>
+ #include <abstractions/private-files-strict>
+
+ network inet stream,
+ network inet6 stream,
+ @{PROC}/@{pid}/net/if_inet6 r,
+ @{PROC}/@{pid}/net/ipv6_route r,
+ @{PROC}/loadavg r,
+
+ /etc/debian_version r,
+ /etc/java-*/ r,
+ /etc/java-*/** r,
+ /etc/lsb-release r,
+ /etc/ssl/certs/java/* r,
+ /etc/timezone r,
+ /etc/writable/timezone r,
+
+ @{PROC}/@{pid}/ r,
+ @{PROC}/@{pid}/fd/ r,
+ @{PROC}/filesystems r,
+ @{sys}/devices/system/cpu/ r,
+ @{sys}/devices/system/cpu/** r,
+ /usr/share/** r,
+ /var/lib/dbus/machine-id r,
+
+ /usr/bin/env ix,
+ /usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} ix,
+ /usr/lib/jvm/java-*-sun-1.*/jre/lib/i386/client/classes.jsa m,
+ /usr/lib/j2*-ibm/jre/bin/java ix,
+
+ # noisy, can't write here anyway
+ deny /etc/.java/ w,
+ deny /etc/.java/** w,
+
+ deny /usr/bin/gconftool-2 x,
+
+ owner @{HOME}/ r,
+ owner @{HOME}/** rwk,
+
+ # These are seriously unfortunate, but required due to LP: #535247
+ /etc/passwd m,
+ owner @{HOME}/.java/**/cache/** m,
+ owner /tmp/** m,
+ /usr/lib{,32,64}/jvm/**/*.jar mr,
+ /usr/share/fonts/** m,
+ }
--- /dev/null
+# vim:syntax=apparmor
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ #include <abstractions/kde>
+ /usr/bin/kde4-config Cx -> sanitized_helper,
--- /dev/null
+# vim:syntax=apparmor
+
+ # for mailto:
+ #include <abstractions/ubuntu-email>
+ #include <abstractions/ubuntu-console-email>
+
+ # Terminals for using console applications. These abstractions should ideally
+ # have 'ix' to restrct access to what only firefox is allowed to do
+ #include <abstractions/ubuntu-gnome-terminal>
--- /dev/null
+# vim:syntax=apparmor
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ #include <abstractions/X>
+
+ # Pulseaudio
+ /usr/bin/pulseaudio Pixr,
+
+ # Image viewers
+ /usr/bin/eog Cxr -> sanitized_helper,
+ /usr/bin/gimp* Cxr -> sanitized_helper,
+ /usr/bin/shotwell Cxr -> sanitized_helper,
+ /usr/bin/digikam Cxr -> sanitized_helper,
+ /usr/bin/f-spot Cxr -> sanitized_helper,
+ /usr/bin/gwenview Cxr -> sanitized_helper,
+
+ #include <abstractions/ubuntu-media-players>
+ owner @{HOME}/.adobe/ w,
+ owner @{HOME}/.adobe/** rw,
+ owner @{HOME}/.macromedia/ w,
+ owner @{HOME}/.macromedia/** rw,
+ /opt/real/RealPlayer/mozilla/nphelix.so rm,
+ /usr/bin/lpstat Cxr -> sanitized_helper,
+ /usr/bin/lpr Cxr -> sanitized_helper,
+
+ # npviewer
+ /usr/lib/nspluginwrapper/i386/linux/npviewer{,.bin} ixr,
+ /var/lib/ r,
+ /var/lib/**/*.so mr,
+ /usr/bin/setarch ixr,
+
+ # Bittorrent clients
+ #include <abstractions/ubuntu-bittorrent-clients>
+
+ # Mozplugger
+ /etc/mozpluggerrc r,
+ /usr/bin/mozplugger-helper Cxr -> sanitized_helper,
+
+ # Archivers
+ /usr/bin/ark Cxr -> sanitized_helper,
+ /usr/bin/file-roller Cxr -> sanitized_helper,
+ /usr/bin/xarchiver Cxr -> sanitized_helper,
+ /usr/local/lib{,32,64}/*.so* mr,
+
+ # News feed readers
+ #include <abstractions/ubuntu-feed-readers>
+
+ # Googletalk
+ /opt/google/talkplugin/*.so mr,
+ /opt/google/talkplugin/lib/*.so mr,
+ /opt/google/talkplugin/GoogleTalkPlugin ixr,
+ owner @{HOME}/.config/google-googletalkplugin/** rw,
+
+ # If we allow the above, nvidia based systems will also need this
+ #include <abstractions/nvidia>
+
+ # Virus scanners
+ /usr/bin/clamscan Cx -> sanitized_helper,
+
+ # gxine (LP: #1057642)
+ /var/lib/xine/gxine.desktop r,
+
+ # For WebRTC camera access (LP: #1665535)
+ /dev/video[0-9]* rw,
--- /dev/null
+# vim:syntax=apparmor
+
+ #
+ # Plugins/helpers
+ #
+ @{PROC}/@{pid}/fd/ r,
+ /usr/lib/** rm,
+ /{,usr/}bin/bash ixr,
+ /{,usr/}bin/dash ixr,
+ /{,usr/}bin/grep ixr,
+ /{,usr/}bin/sed ixr,
+ /usr/bin/m4 ixr,
+
+ # Since all the ubuntu-browsers.d abstractions need this, just include it
+ # here
+ #include <abstractions/ubuntu-helpers>
--- /dev/null
+# vim:syntax=apparmor
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ # Openoffice.org
+ /usr/bin/ooffice Cxr -> sanitized_helper,
+ /usr/bin/oocalc Cxr -> sanitized_helper,
+ /usr/bin/oodraw Cxr -> sanitized_helper,
+ /usr/bin/ooimpress Cxr -> sanitized_helper,
+ /usr/bin/oowriter Cxr -> sanitized_helper,
+ /usr/lib/openoffice/program/soffice Cxr -> sanitized_helper,
+
+ # LibreOffice
+ /usr/bin/libreoffice Cxr -> sanitized_helper,
+ /usr/bin/localc Cxr -> sanitized_helper,
+ /usr/bin/lodraw Cxr -> sanitized_helper,
+ /usr/bin/loimpress Cxr -> sanitized_helper,
+ /usr/bin/lowriter Cxr -> sanitized_helper,
+ /usr/lib/libreoffice/program/soffice Cxr -> sanitized_helper,
+
+ # PDFs
+ /usr/bin/evince Cxr -> sanitized_helper,
+ /usr/bin/okular Cxr -> sanitized_helper,
+
+ owner @{HOME}/.adobe/** rw,
+ /opt/Adobe/Reader9/bin/acroread Cxr -> sanitized_helper,
+ /opt/Adobe/Reader9/** r,
--- /dev/null
+# vim:syntax=apparmor
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ # Text editors (It's All Text [https://addons.mozilla.org/en-US/firefox/addon/4125])
+ /usr/bin/emacsclient.emacs-snapshot Cxr -> sanitized_helper,
+ /usr/bin/emacsclient.emacs2[2-9] Cxr -> sanitized_helper,
+ /usr/bin/emacs-snapshot-gtk Cxr -> sanitized_helper,
+ /usr/bin/gedit Cxr -> sanitized_helper,
+ /usr/bin/vim.gnome Cxr -> sanitized_helper,
+ /usr/bin/leafpad Cxr -> sanitized_helper,
+ /usr/bin/mousepad Cxr -> sanitized_helper,
+ /usr/bin/kate Cxr -> sanitized_helper,
--- /dev/null
+# vim:syntax=apparmor
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ # Apport
+ /usr/bin/apport-bug Cx -> sanitized_helper,
+
+ # Package installation
+ /usr/bin/apturl Cxr -> sanitized_helper,
+ /usr/bin/gnome-codec-install Cxr -> sanitized_helper,
+ /usr/lib/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner ix,
+ /usr/lib/@{multiarch}/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner ix,
+ /usr/share/software-center/software-center Cxr -> sanitized_helper,
+
+ # Input Methods
+ /usr/bin/scim Cx -> sanitized_helper,
+ /usr/bin/scim-bridge Cx -> sanitized_helper,
+
+ # File managers
+ /usr/bin/nautilus Cxr -> sanitized_helper,
+ /usr/bin/{t,T}hunar Cxr -> sanitized_helper,
+ /usr/bin/dolphin Cxr -> sanitized_helper,
+
+ # Themes
+ /usr/bin/gnome-appearance-properties Cxr -> sanitized_helper,
+
+ # Kubuntu
+ /usr/lib/mozilla/kmozillahelper Cxr -> sanitized_helper,
+
+ # Exo-aware applications
+ /usr/bin/exo-open ixr,
+ /usr/lib/@{multiarch}/xfce4/exo-1/exo-helper-1 ixr,
+ /etc/xdg/xdg-xubuntu/xfce4/helpers.rc r,
+ /etc/xdg/xfce4/helpers.rc r,
+
+ # unity webapps integration. Could go in its own abstraction
+ owner /run/user/*/dconf/user rw,
+ owner @{HOME}/.local/share/unity-webapps/availableapps*.db rwk,
+ /usr/bin/debconf-communicate Cxr -> sanitized_helper,
+ owner @{HOME}/.config/libaccounts-glib/accounts.db rk,
--- /dev/null
+# vim:syntax=apparmor
+
+ # firefox-notify
+ #include <abstractions/python>
+ /usr/bin/python2.[4567] ix,
+ /usr/share/xul-ext/notify/**/download_complete_notify.py ix,
--- /dev/null
+# vim:syntax=apparmor
+
+ # Allow read to all files user has DAC access to and write access to all
+ # files owned by the user in $HOME.
+ @{HOME}/ r,
+ @{HOME}/** r,
+ owner @{HOME}/** w,
+
+ # Do not allow read and/or write to particularly sensitive/problematic files
+ #include <abstractions/private-files>
+ audit deny @{HOME}/.ssh/{,**} mrwkl,
+ audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
+ audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
+ audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
+
+ # Comment this out if using gpg plugin/addons
+ audit deny @{HOME}/.gnupg/{,**} mrwkl,
+
+ # Allow read to all files user has DAC access to and write for files the user
+ # owns on removable media and filesystems.
+ /media/** r,
+ /mnt/** r,
+ /srv/** r,
+ /net/** r,
+ owner /media/** w,
+ owner /mnt/** w,
+ owner /srv/** w,
+ owner /net/** w,
--- /dev/null
+# vim:syntax=apparmor
+#
+# abstraction for allowing access to text-only browsers in Ubuntu. These will
+# typically also need a terminal, so when using this abstraction, should also
+# do something like:
+#
+# #include <abstractions/ubuntu-gnome-terminal>
+#
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ /usr/bin/elinks Cx -> sanitized_helper,
+ /usr/bin/links Cx -> sanitized_helper,
+ /usr/bin/lynx.cur Cx -> sanitized_helper,
+ /usr/bin/netrik Cx -> sanitized_helper,
+ /usr/bin/w3m Cx -> sanitized_helper,
+
--- /dev/null
+# vim:syntax=apparmor
+#
+# abstraction for allowing console email clients in Ubuntu. These will
+# typically also need a terminal, so when using this abstraction, should also
+# do something like:
+#
+# #include <abstractions/ubuntu-gnome-terminal>
+#
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ /usr/bin/alpine Cx -> sanitized_helper,
+ /usr/bin/citadel Cx -> sanitized_helper,
+ /usr/bin/cone Cx -> sanitized_helper,
+ /usr/bin/elmo Cx -> sanitized_helper,
+ /usr/bin/mutt Cx -> sanitized_helper,
+
--- /dev/null
+# vim:syntax=apparmor
+#
+# abstraction for allowing graphical email clients in Ubuntu
+#
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ /usr/bin/anjal Cx -> sanitized_helper,
+ /usr/bin/balsa Cx -> sanitized_helper,
+ /usr/bin/claws-mail Cx -> sanitized_helper,
+ /usr/bin/evolution Cx -> sanitized_helper,
+ /usr/bin/geary Cx -> sanitized_helper,
+ /usr/bin/gnome-gmail Cx -> sanitized_helper,
+ /usr/lib/GNUstep/Applications/GNUMail.app/GNUMail Cx -> sanitized_helper,
+ /usr/bin/kmail Cx -> sanitized_helper,
+ /usr/bin/mailody Cx -> sanitized_helper,
+ /usr/bin/modest Cx -> sanitized_helper,
+ /usr/bin/seamonkey Cx -> sanitized_helper,
+ /usr/bin/sylpheed Cx -> sanitized_helper,
+ /usr/bin/tkrat Cx -> sanitized_helper,
+
+ /usr/bin/thunderbird Cx -> sanitized_helper, # used by gio-launch-desktop
+ /usr/lib/thunderbird*/thunderbird{,.sh,-bin} Cx -> sanitized_helper,
--- /dev/null
+# vim:syntax=apparmor
+#
+# abstraction for allowing graphical news feed readers in Ubuntu
+#
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ /usr/bin/akregator Cxr -> sanitized_helper,
+ /usr/bin/liferea-add-feed Cxr -> sanitized_helper,
--- /dev/null
+# vim:syntax=apparmor
+#
+# for allowing access to gnome-terminal
+#
+
+ #include <abstractions/gnome>
+
+ # do not use ux or PUx here. Use at a minimum ix
+ /usr/bin/gnome-terminal ix,
+
--- /dev/null
+# Lenient profile that is intended to be used when 'Ux' is desired but
+# does not provide enough environment sanitizing. This effectively is an
+# open profile that blacklists certain known dangerous files and also
+# does not allow any capabilities. For example, it will not allow 'm' on files
+# owned be the user invoking the program. While this provides some additional
+# protection, please use with care as applications running under this profile
+# are effectively running without any AppArmor protection. Use this profile
+# only if the process absolutely must be run (effectively) unconfined.
+#
+# Usage:
+# Because this abstraction defines the sanitized_helper profile, it must only
+# be #included once. Therefore this abstraction should typically not be
+# included in other abstractions so as to avoid parser errors regarding
+# multiple definitions.
+#
+# Limitations:
+# 1. This does not work for root owned processes, because of the way we use
+# owner matching in the sanitized helper. We could do a better job with
+# this to support root, but it would make the policy harder to understand
+# and going unconfined as root is not desirable any way.
+#
+# 2. For this sanitized_helper to work, the program running in the sanitized
+# environment must open symlinks directly in order for AppArmor to mediate
+# it. This is confirmed to work with:
+# - compiled code which can load shared libraries
+# - python imports
+# It is known not to work with:
+# - perl includes
+# 3. Sanitizing ruby and java
+#
+# Use at your own risk. This profile was developed as an interim workaround for
+# LP: #851986 until AppArmor utilizes proper environment filtering.
+
+profile sanitized_helper {
+ #include <abstractions/base>
+ #include <abstractions/X>
+
+ # Allow all networking
+ network inet,
+ network inet6,
+
+ # Allow all DBus communications
+ #include <abstractions/dbus-session-strict>
+ #include <abstractions/dbus-strict>
+ dbus,
+
+ # Needed for Google Chrome
+ ptrace (trace) peer=**//sanitized_helper,
+
+ # Allow exec of anything, but under this profile. Allow transition
+ # to other profiles if they exist.
+ /{usr/,usr/local/,}{bin,sbin}/* Pixr,
+
+ # Allow exec of libexec applications in /usr/lib* and /usr/local/lib*
+ /usr/{,local/}lib*/{,**/}* Pixr,
+
+ # Allow exec of software-center scripts. We may need to allow wider
+ # permissions for /usr/share, but for now just do this. (LP: #972367)
+ /usr/share/software-center/* Pixr,
+
+ # Allow exec of texlive font build scripts (LP: #1010909)
+ /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr,
+
+ # While the chromium and chrome sandboxes are setuid root, they only link
+ # in limited libraries so glibc's secure execution should be enough to not
+ # require the santized_helper (ie, LD_PRELOAD will only use standard system
+ # paths (man ld.so)).
+ /usr/lib/chromium-browser/chromium-browser-sandbox PUxr,
+ /usr/lib/chromium{,-browser}/chrome-sandbox PUxr,
+ /opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
+ /opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
+ /opt/google/chrome{,-beta,-unstable}/chrome Pixr,
+ /opt/google/chrome{,-beta,-unstable}/{,**/}lib*.so{,.*} m,
+
+ # Full access
+ / r,
+ /** rwkl,
+ /{,usr/,usr/local/}lib{,32,64}/{,**/}*.so{,.*} m,
+
+ # Dangerous files
+ audit deny owner /**/* m, # compiled libraries
+ audit deny owner /**/*.py* r, # python imports
+}
--- /dev/null
+# vim:syntax=apparmor
+#
+# for allowing access to konsole
+#
+
+ #include <abstractions/consoles>
+ #include <abstractions/kde>
+ capability sys_ptrace,
+ @{PROC}/@{pid}/status r,
+ @{PROC}/@{pid}/stat r,
+ @{PROC}/@{pid}/cmdline r,
+ /{,var/}run/utmp r,
+ /dev/ptmx rw,
+
+ # do not use ux or Ux here. Use at a minimum ix
+ /usr/bin/konsole ix,
+
--- /dev/null
+# vim:syntax=apparmor
+#
+# abstraction for allowing access to media players in Ubuntu
+#
+# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# in the toplevel profile. Eg:
+# #include <abstractions/ubuntu-helpers>
+
+ /usr/bin/amarok Cxr -> sanitized_helper,
+ /usr/bin/audacious2 Cxr -> sanitized_helper,
+ /usr/bin/audacity Cxr -> sanitized_helper,
+ /usr/bin/bangarang Cxr -> sanitized_helper,
+ /usr/bin/banshee Cxr -> sanitized_helper,
+ /usr/bin/banshee-1 Cxr -> sanitized_helper,
+ /usr/bin/decibel Cxr -> sanitized_helper,
+ /usr/bin/dragon Cxr -> sanitized_helper,
+ /usr/bin/esperanza Cxr -> sanitized_helper,
+ /usr/bin/exaile Cxr -> sanitized_helper,
+ /usr/bin/freevo Cxr -> sanitized_helper,
+ /usr/bin/gmerlin Cxr -> sanitized_helper,
+ /usr/bin/gxmms Cxr -> sanitized_helper,
+ /usr/bin/gxmms2 Cxr -> sanitized_helper,
+ /usr/bin/hornsey Cxr -> sanitized_helper,
+ /usr/bin/jlgui Cxr -> sanitized_helper,
+ /usr/bin/juk Cxr -> sanitized_helper,
+ /usr/bin/kaffeine Cxr -> sanitized_helper,
+ /usr/bin/listen Cxr -> sanitized_helper,
+ /usr/share/minirok/minirok.py Cxr -> sanitized_helper,
+
+ # mplayer
+ /etc/mplayerplug-in.conf r,
+ /usr/bin/gmplayer Cxr -> sanitized_helper,
+ /usr/bin/gnome-mplayer Cxr -> sanitized_helper,
+ /usr/bin/kmplayer Cxr -> sanitized_helper,
+ /usr/bin/mplayer Cxr -> sanitized_helper,
+ /usr/bin/smplayer Cxr -> sanitized_helper,
+
+ /usr/bin/muine Cxr -> sanitized_helper,
+ /usr/bin/potamus Cxr -> sanitized_helper,
+ /usr/bin/promoe Cxr -> sanitized_helper,
+ /usr/bin/qmmp Cxr -> sanitized_helper,
+ /usr/bin/quodlibet Cxr -> sanitized_helper,
+ /usr/bin/rhythmbox Cxr -> sanitized_helper,
+ /usr/bin/strange-quark Cxr -> sanitized_helper,
+ /usr/bin/swfdec-player Cxr -> sanitized_helper,
+ /usr/bin/timidity Cxr -> sanitized_helper,
+ /usr/lib/totem/** ixr,
+ /usr/bin/totem-gstreamer Cxr -> sanitized_helper,
+ /usr/bin/totem-xine Cxr -> sanitized_helper,
+ /usr/bin/totem Cxr -> sanitized_helper,
+ /usr/bin/vlc Cxr -> sanitized_helper,
+ /usr/bin/xfmedia Cxr -> sanitized_helper,
+ /usr/bin/xmms Cxr -> sanitized_helper,
+
+ # gnash
+ /usr/bin/gtk-gnash ixr,
+ /etc/gnashrc r,
+ /etc/gnashpluginrc r,
+ owner @{HOME}/.gnash/ rw,
+ owner @{HOME}/.gnash/** rw,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2013-2014 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#
+# Rules common to applications running under Unity 7
+#
+
+#include <abstractions/gnome>
+
+#include <abstractions/dbus-session-strict>
+#include <abstractions/dbus-strict>
+
+ #
+ # Access required for connecting to/communication with Unity HUD
+ #
+ dbus (send)
+ bus=session
+ path="/com/canonical/hud",
+ dbus (send)
+ bus=session
+ interface="com.canonical.hud.*",
+ dbus (send)
+ bus=session
+ path="/com/canonical/hud/applications/*",
+ dbus (receive)
+ bus=session
+ path="/com/canonical/hud",
+ dbus (receive)
+ bus=session
+ interface="com.canonical.hud.*",
+
+ #
+ # Allow access for connecting to/communication with the appmenu
+ #
+ # dbusmenu
+ dbus (send)
+ bus=session
+ interface="com.canonical.AppMenu.*",
+ dbus (receive, send)
+ bus=session
+ path=/com/canonical/menu/**,
+
+ # gmenu
+ dbus (receive, send)
+ bus=session
+ interface=org.gtk.Actions,
+ dbus (receive, send)
+ bus=session
+ interface=org.gtk.Menus,
+
+ #
+ # Access required for using freedesktop notifications
+ #
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/Notifications
+ member=GetCapabilities,
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/Notifications
+ member=GetServerInformation,
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/Notifications
+ member=Notify,
+ dbus (receive)
+ bus=session
+ member="Notify"
+ peer=(name="org.freedesktop.DBus"),
+ dbus (receive)
+ bus=session
+ path=/org/freedesktop/Notifications
+ member=NotificationClosed,
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/Notifications
+ member=CloseNotification,
+
+ # accessibility
+ dbus (send)
+ bus=session
+ peer=(name=org.a11y.Bus),
+ dbus (receive)
+ bus=session
+ interface=org.a11y.atspi*,
+ dbus (receive, send)
+ bus=accessibility,
+
+ #
+ # Deny potentially dangerous access
+ #
+ deny dbus bus=session path=/com/canonical/[Uu]nity/[Dd]ebug**,
--- /dev/null
+ #
+ # Access required for connecting to/communicating with the Unity Launcher
+ #
+ dbus (send)
+ bus=session
+ interface="com.canonical.Unity.LauncherEntry"
+ member="Update",
--- /dev/null
+ #
+ # Access required for connecting to/communicating with the Unity messaging
+ # indicator
+ #
+ dbus (receive, send)
+ bus=session
+ path="/com/canonical/indicator/messages/*",
--- /dev/null
+# vim:syntax=apparmor
+#
+# for allowing access to xterm
+#
+
+ #include <abstractions/consoles>
+ /dev/ptmx rw,
+ /{,var/}run/utmp r,
+ /etc/X11/app-defaults/XTerm r,
+
+ # do not use ux or Ux here. Use at a minimum ix
+ /usr/bin/xterm ix,
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2014 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# Description: Where common programs should allow users to download
+# files
+
+ owner @{HOME}/tmp/** rwl,
+ owner @{HOME}/[dD]ownload{,s}/ r,
+ owner @{HOME}/[dD]ownload{,s}/** rwl,
+ owner @{HOME}/[^.]* rwl,
+ owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
+ owner @{HOME}/@{XDG_DESKTOP_DIR}/* rwl,
+ owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
+ owner @{HOME}/@{XDG_DOWNLOAD_DIR}/* rwl,
+ owner "@{HOME}/My Downloads/" r,
+ owner "@{HOME}/My Downloads/**" rwl,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2014 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # location of user mail, spool and mboxes
+ owner @{HOME}/[mM]ail/ r,
+ owner @{HOME}/[mM]ail/** rwl,
+ owner @{HOME}/postponed* rwl,
+ /var/{,spool/}mail/ r,
+ owner /var/{,spool/}mail/* rwl,
+ owner @{HOME}/mbox.lock* rwl,
+ owner @{HOME}/mbox rw,
+ owner @{HOME}/inbox rw,
+ owner @{HOME}/.forward r,
+ owner @{HOME}/Maildir/ r,
+ owner @{HOME}/Maildir/** rwl,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # perhaps your configuration has users elsewhere, or you don't wish
+ # them to read their own manpages
+ owner @{HOME}/man/ r,
+ owner @{HOME}/man/** r,
+ owner @{HOME}/tmp/groff* rwl,
+
+ # kindof required
+ owner /tmp/groff* rwl,
+
+ # standard system manpages
+ /usr/local/share/man/man?/ r,
+ /usr/local/share/man/man?/** r,
+ /usr/{share,X11R6,local,kerberos}/man/** r,
+ /usr/man/** r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # per-user tmp directories
+ owner @{HOME}/tmp/** rwkl,
+ owner @{HOME}/tmp/ rw,
+
+ # global tmp directories
+ owner /var/tmp/** rwkl,
+ /var/tmp/ rw,
+ owner /tmp/** rwkl,
+ /tmp/ rw,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2014 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # per-user write directories
+ owner @{HOME}/ r,
+ owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
+ owner @{HOME}/@{XDG_DOCUMENTS_DIR}/ r,
+ owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/ r,
+ owner @{HOME}/[^.]*/ rw,
+ owner @{HOME}/[^.]* rwl,
+ owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,
+ owner @{HOME}/@{XDG_DOCUMENTS_DIR}/** rwl,
+ owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/** rwl,
--- /dev/null
+# vim:syntax=apparmor
+# video device access
+
+ # System devices
+ @{sys}/class/video4linux r,
+ @{sys}/class/video4linux/** r,
--- /dev/null
+# vim:syntax=apparmor
+# Vulkan access requirements
+
+ # System files
+ /dev/dri/ r, # libvulkan_radeon.so, libvulkan_intel.so (Mesa)
+ /etc/vulkan/icd.d/{,*.json} r,
+ /etc/vulkan/{explicit,implicit}_layer.d/{,*.json} r,
+ # for drmGetMinorNameForFD() from libvulkan_intel.so (Mesa)
+ @{sys}/devices/pci[0-9]*/*/drm/ r,
+ /usr/share/vulkan/icd.d/{,*.json} r,
+ /usr/share/vulkan/{explicit,implicit}_layer.d/{,*.json} r,
+
+ # User files
+ owner @{HOME}/.local/share/vulkan/implicit_layer.d/{,*.json} r,
+
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2016 intrigeri <intrigeri@boum.org>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ owner /var/run/user/*/weston-shared-* rw,
+ owner /run/user/*/wayland-[0-9]* rw,
+ owner /run/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2014 Canonical Ltd
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /srv/www/htdocs/ r,
+ /srv/www/htdocs/** r,
+ # virtual hosting
+ /srv/www/vhosts/ r,
+ /srv/www/vhosts/** r,
+ # mod_userdir
+ @{HOME}/public_html/ r,
+ @{HOME}/public_html/** r,
+
+ /srv/www/rails/*/public/ r,
+ /srv/www/rails/*/public/** r,
+
+ /var/www/html/ r,
+ /var/www/html/** r,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # pam_winbindd
+ /tmp/.winbindd/pipe rw,
+ /var/{lib,run}/samba/winbindd_privileged/pipe rw,
+ /etc/samba/smb.conf r,
+ /etc/samba/dhcp.conf r,
+ /usr/lib*/samba/valid.dat r,
+ /usr/lib*/samba/upcase.dat r,
+ /usr/lib*/samba/lowcase.dat r,
+ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # some services update wtmp, utmp, and lastlog with per-user
+ # connection information
+ /var/log/lastlog rwk,
+ /var/log/wtmp wk,
+ /{,var/}run/utmp rwk,
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2007 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ /opt/novell/xad/lib/ r,
+ /opt/novell/xad/lib/lib*.so* mr,
+ /opt/novell/xad/lib/gss/*.so* mr,
+ /opt/novell/lib/libpthread_ext*.so* mr,
+ /opt/novell/lib/libccs2.so* mr,
+ /opt/novell/xad/lib64/ r,
+ /opt/novell/xad/lib64/lib*.so* mr,
+ /opt/novell/xad/lib64/gss/*.so* mr,
+ /opt/novell/lib64/libpthread_ext*.so* mr,
+ /opt/novell/lib64/libccs2.so* mr,
+ /etc/opt/novell/xad/krb5.conf r,
+ /etc/opt/novell/nici.cfg r,
+ /var/opt/novell/nici/* r,
+ /var/opt/novell/nici/*/ r,
+ /var/opt/novell/nici/*/* rw,
--- /dev/null
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ # Entries based on:
+ # http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
+
+ owner @{HOME}/.cache/ rw,
+
+ owner @{HOME}/.config/ rw,
+
+ owner @{HOME}/.local/ rw,
+ owner @{HOME}/.local/share/ rw,
+
+ # fallbacks
+ /usr/share/ r,
+ /usr/local/share/ r,
--- /dev/null
+/etc/apparmor.d/usr.sbin.rsyslogd
\ No newline at end of file
--- /dev/null
+# This directory is intended to contain profile additions and overrides for
+# inclusion by distributed profiles to aid in packaging AppArmor for
+# distributions.
+#
+# The shipped profiles in /etc/apparmor.d can still be modified by an
+# administrator and people should modify the shipped profile when making
+# large policy changes, rather than trying to make those adjustments here.
+#
+# For simple access additions or the occasional deny override, adjusting them
+# here can prevent the package manager of the distribution from interfering
+# with local modifications. As always, new policy should be reviewed to ensure
+# it is appropriate for your site.
+#
+# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
+# #include <local/usr.sbin.smbd>
+#
+# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to
+# contain any additional paths to be allowed, such as:
+#
+# /var/exports/** lrwk,
+#
+# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't
+# be able to allow access to files that are explicitly denied by the shipped
+# profile using this mechanism.
--- /dev/null
+# Note: This profile does not specify an attachment path because it is
+# intended to be used only via "Px -> lsb_release" exec transitions from
+# other profiles. We want to confine the lsb_release(1) utility when it
+# is invoked from other confined applications, but not when it is used
+# in regular (unconfined) shell scripts or run directly by the user.
+
+#include <tunables/global>
+
+# Do not attach to /usr/bin/lsb_release by default
+profile lsb_release {
+ #include <abstractions/base>
+ #include <abstractions/python>
+
+ owner @{PROC}/@{pid}/fd/ r,
+
+ /dev/tty rw,
+
+ /usr/bin/lsb_release r,
+ /usr/bin/python3.[0-9] mr,
+
+ /etc/debian_version r,
+ /etc/default/apport r,
+ /etc/dpkg/origins/** r,
+ /etc/lsb-release r,
+ /etc/lsb-release.d/ r,
+
+ /{usr/,}bin/bash ixr,
+ /{usr/,}bin/dash ixr,
+ /usr/bin/basename ixr,
+ /usr/bin/dpkg-query ixr,
+ /usr/bin/getopt ixr,
+ /usr/bin/sed ixr,
+ /usr/bin/tr ixr,
+
+ # TODO - many more permissions needed for this to work
+ deny /usr/bin/apt-cache x,
+
+ /usr/bin/ r,
+ /usr/include/python*/pyconfig.h r,
+ /usr/share/distro-info/** r,
+ /usr/share/dpkg/** r,
+ /usr/share/terminfo/** r,
+ /var/lib/dpkg/** r,
+
+ # file_inherit
+ deny /tmp/gtalkplugin.log w,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/lsb_release>
+}
--- /dev/null
+# vim:syntax=apparmor
+
+#include <tunables/global>
+
+profile nvidia_modprobe {
+ #include <abstractions/base>
+
+ # Capabilities
+
+ capability chown,
+ capability mknod,
+ capability setuid,
+ capability sys_admin,
+
+ # Main executable
+
+ /usr/bin/nvidia-modprobe mr,
+
+ # Other executables
+
+ /usr/bin/kmod Cx -> kmod,
+
+ # System files
+
+ /dev/nvidia-uvm w,
+ /dev/nvidia-uvm-tools w,
+ @{sys}/bus/pci/devices/ r,
+ @{sys}/devices/pci[0-9]*/**/config r,
+ @{PROC}/devices r,
+ @{PROC}/modules r,
+ @{PROC}/sys/kernel/modprobe r,
+
+ # Child profiles
+
+ profile kmod {
+ #include <abstractions/base>
+
+ # Capabilities
+
+ capability sys_module,
+
+ # Main executable
+
+ /usr/bin/kmod mrix,
+
+ # Other executables
+
+ /{,usr/}bin/{,ba,da}sh ix,
+
+ # System files
+
+ /etc/modprobe.d/{,*.conf} r,
+ /etc/nvidia/current/*.conf r,
+ @{sys}/module/ipmi_devintf/initstate r,
+ @{sys}/module/ipmi_msghandler/initstate r,
+ @{sys}/module/nvidia/initstate r,
+ @{PROC}/cmdline r,
+ }
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/nvidia_modprobe>
+}
+
--- /dev/null
+# vim:syntax=apparmor
+#include <tunables/global>
+
+/{,usr/}sbin/dhclient flags=(attach_disconnected) {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/openssl>
+
+ capability net_bind_service,
+ capability net_raw,
+ capability dac_override,
+ capability net_admin,
+
+ network packet,
+ network raw,
+
+ @{PROC}/[0-9]*/net/ r,
+ @{PROC}/[0-9]*/net/** r,
+
+ /{,usr/}sbin/dhclient mr,
+ # LP: #1197484 and LP: #1202203 - why is this needed? :(
+ /{,usr/}bin/bash mr,
+
+ /etc/dhclient.conf r,
+ /etc/dhcp/ r,
+ /etc/dhcp/** r,
+
+ /var/lib/dhcp{,3}/dhclient* lrw,
+ /{,var/}run/dhclient*.pid lrw,
+ /{,var/}run/dhclient*.lease* lrw,
+
+ # NetworkManager
+ /{,var/}run/nm*conf r,
+ /{,var/}run/sendsigs.omit.d/network-manager.dhclient*.pid lrw,
+ /var/lib/NetworkManager/dhclient*.conf lrw,
+ /var/lib/NetworkManager/dhclient*.lease* lrw,
+ signal (receive) peer=/usr/sbin/NetworkManager,
+ ptrace (readby) peer=/usr/sbin/NetworkManager,
+
+ # connman
+ /{,var/}run/connman/dhclient*.pid lrw,
+ /{,var/}run/connman/dhclient*.leases lrw,
+
+ # synce-hal
+ /usr/share/synce-hal/dhclient.conf r,
+
+ # if there is a custom script, let it run unconfined
+ /etc/dhcp/dhclient-script Uxr,
+
+ # The dhclient-script shell script sources other shell scripts rather than
+ # executing them, so we can't just use a separate profile for dhclient-script
+ # with 'Uxr' on the hook scripts. However, for the long-running dhclient3
+ # daemon to run arbitrary code via /sbin/dhclient-script, it would need to be
+ # able to subvert dhclient-script or write to the hooks.d directories. As
+ # such, if the dhclient3 daemon is subverted, this effectively limits it to
+ # only being able to run the hooks scripts.
+ /{,usr/}sbin/dhclient-script Uxr,
+
+ # Run the ELF executables under their own unrestricted profiles
+ /usr/lib/NetworkManager/nm-dhcp-client.action Pxrm,
+ /usr/lib/connman/scripts/dhclient-script Pxrm,
+
+ # Support the new executable helper from NetworkManager.
+ /usr/lib/NetworkManager/nm-dhcp-helper Pxrm,
+ signal (receive) peer=/usr/lib/NetworkManager/nm-dhcp-helper,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/sbin.dhclient>
+}
+
+/usr/lib/NetworkManager/nm-dhcp-client.action {
+ #include <abstractions/base>
+ #include <abstractions/dbus>
+ /usr/lib/NetworkManager/nm-dhcp-client.action mr,
+
+ /var/lib/NetworkManager/*lease r,
+ signal (receive) peer=/usr/sbin/NetworkManager,
+ ptrace (readby) peer=/usr/sbin/NetworkManager,
+ network inet dgram,
+ network inet6 dgram,
+}
+
+/usr/lib/NetworkManager/nm-dhcp-helper {
+ #include <abstractions/base>
+ #include <abstractions/dbus>
+ /usr/lib/NetworkManager/nm-dhcp-helper mr,
+
+ /run/NetworkManager/private-dhcp rw,
+ signal (send) peer=/sbin/dhclient,
+
+ /var/lib/NetworkManager/*lease r,
+ signal (receive) peer=/usr/sbin/NetworkManager,
+ ptrace (readby) peer=/usr/sbin/NetworkManager,
+ network inet dgram,
+ network inet6 dgram,
+}
+
+/usr/lib/connman/scripts/dhclient-script {
+ #include <abstractions/base>
+ #include <abstractions/dbus>
+ /usr/lib/connman/scripts/dhclient-script mr,
+ network inet dgram,
+ network inet6 dgram,
+}
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# Alias rules can be used to rewrite paths and are done after variable
+# resolution. For example, if '/usr' is on removable media:
+# alias /usr/ -> /mnt/usr/,
+#
+# Or if mysql databases are stored in /home:
+# alias /var/lib/mysql/ -> /home/mysql/,
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include <tunables/securityfs>
+
+@{apparmorfs}=@{securityfs}/apparmor/
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2013 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:ft=apparmor
+
+# @{DOVECOT_MAILSTORE} is a space-separated list of all directories
+# where dovecot is allowed to store and read mails
+#
+# The default value is quite broad to avoid breaking existing setups.
+# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory
+# you use, and remove everything else.
+
+@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/ /var/vmail/ /var/mail/ /var/spool/mail/
+
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2006-2009 Novell/SUSE
+# Copyright (C) 2010-2014 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# All the tunables definitions that should be available to every profile
+# should be included here
+
+#include <tunables/home>
+#include <tunables/multiarch>
+#include <tunables/proc>
+#include <tunables/alias>
+#include <tunables/kernelvars>
+#include <tunables/xdg-user-dirs>
+#include <tunables/share>
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2006-2009 Novell/SUSE
+# Copyright (C) 2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# @{HOME} is a space-separated list of all user home directories. While
+# it doesn't refer to a specific home directory (AppArmor doesn't
+# enforce discretionary access controls) it can be used as if it did
+# refer to a specific home directory
+@{HOME}=@{HOMEDIRS}/*/ /root/
+
+# @{HOMEDIRS} is a space-separated list of where user home directories
+# are stored, for programs that must enumerate all home directories on a
+# system.
+@{HOMEDIRS}=/home/
+
+# Also, include files in tunables/home.d for site-specific adjustments to
+# @{HOMEDIRS}.
+#include <tunables/home.d>
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2010 Canonical Ltd.
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# The following is a space-separated list of where additional user home
+# directories are stored, each must have a trailing '/'. Directories added
+# here are appended to @{HOMEDIRS}. See tunables/home for details. Eg:
+#@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/
--- /dev/null
+# This file is auto-generated. It is recommended you update it using:
+# $ sudo dpkg-reconfigure apparmor
+#
+# The following is a space-separated list of where additional user home
+# directories are stored, each must have a trailing '/'. Directories added
+# here are appended to @{HOMEDIRS}. See tunables/home for details.
+#@{HOMEDIRS}+=
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# This file should contain declarations to kernel vars or variables
+# that will become kernel vars at some point
+
+# until kernel vars are implemented
+# and until the parser supports nested groupings like
+# @{pid}=[1-9]{[0-9]{[0-9]{[0-9]{[0-9]{[0-9],},},},},}
+# use
+@{pid}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9]}
+
+#same pattern as @{pid} for now
+@{tid}=@{pid}
+
+#A pattern for pids that can appear
+@{pids}=@{pid}
+
+# Placeholder for user id until kernel var is implemented to match
+# current user of the confined application.
+# Values are 0...4,294,967,295 (32-bit unsigned, 10 digits).
+@{uid}={[0-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]}
+
+#same pattern as @{uid} for now
+@{uids}=@{uid}
+
+# until kernel var is implemented
+@{sys}=/sys/
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# @{multiarch} is the set of patterns matching multi-arch library
+# install prefixes.
+@{multiarch}=*-linux-gnu*
+
+# Also, include files in tunables/multiarch.d for site and packaging
+# specific adjustments to @{multiarch}.
+#include <tunables/multiarch.d>
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# The following is a space-separated list of where additional multipath
+# prefixes are stored, each should not have a trailing '/'. Directories
+# added here are appended to @{multiarch}. See tunables/mutliarch for details. Eg:
+#@{multiarch}+=*-freebsd* s390-hurd-zomg
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# @{PROC} is the location where procfs is mounted.
+@{PROC}=/proc/
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# @{securityfs} is the location where securityfs is mounted.
+@{securityfs}=@{sys}/kernel/security/
--- /dev/null
+@{flatpak_exports_root} = {flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}
+
+# System-wide directories with behaviour analogous to /usr/share
+# in patterns like the freedesktop.org basedir spec. These are
+# owned by root or a system user, appear in XDG_DATA_DIRS, and
+# are the parent directory for `applications`, `themes`,
+# `dbus-1/services`, etc.
+@{system_share_dirs} = /{usr,usr/local,var/lib/@{flatpak_exports_root}}/share
+
+# Per-user/personal directories with behaviour analogous to
+# ~/.local/share in patterns like the freedesktop.org basedir spec.
+# These are owned by the user running an application, appear in
+# XDG_DATA_DIRS or XDG_DATA_HOME, and are the parent directory
+# for the same subdirectories as @{system_share_dirs}
+@{user_share_dirs} = @{HOME}/.local{,/share/@{flatpak_exports_root}}/share
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#This file is DEPRECATED! @{sys} is defined in tunables/kernelvars now.
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2014 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# Define the common set of XDG user directories (usually defined in
+# /etc/xdg/user-dirs.defaults)
+@{XDG_DESKTOP_DIR}="Desktop"
+@{XDG_DOWNLOAD_DIR}="Downloads"
+@{XDG_TEMPLATES_DIR}="Templates"
+@{XDG_PUBLICSHARE_DIR}="Public"
+@{XDG_DOCUMENTS_DIR}="Documents"
+@{XDG_MUSIC_DIR}="Music"
+@{XDG_PICTURES_DIR}="Pictures"
+@{XDG_VIDEOS_DIR}="Videos"
+
+# Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments
+# to the various XDG directories
+#include <tunables/xdg-user-dirs.d>
--- /dev/null
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2014 Canonical Ltd.
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# The following may be used to add additional entries such as for
+# translations. See tunables/xdg-user-dirs for details. Eg:
+#@{XDG_MUSIC_DIR}+="Musique"
+
+#@{XDG_DESKTOP_DIR}+=""
+#@{XDG_DOWNLOAD_DIR}+=""
+#@{XDG_TEMPLATES_DIR}+=""
+#@{XDG_PUBLICSHARE_DIR}+=""
+#@{XDG_DOCUMENTS_DIR}+=""
+#@{XDG_MUSIC_DIR}+=""
+#@{XDG_PICTURES_DIR}+=""
+#@{XDG_VIDEOS_DIR}+=""
--- /dev/null
+# vim:syntax=apparmor
+
+#include <tunables/global>
+
+/usr/bin/man {
+ #include <abstractions/base>
+
+ # Use a special profile when man calls anything groff-related. We only
+ # include the programs that actually parse input data in a non-trivial
+ # way, not wrappers such as groff and nroff, since the latter would need a
+ # broader profile.
+ /usr/bin/eqn rmCx -> &man_groff,
+ /usr/bin/grap rmCx -> &man_groff,
+ /usr/bin/pic rmCx -> &man_groff,
+ /usr/bin/preconv rmCx -> &man_groff,
+ /usr/bin/refer rmCx -> &man_groff,
+ /usr/bin/tbl rmCx -> &man_groff,
+ /usr/bin/troff rmCx -> &man_groff,
+ /usr/bin/vgrind rmCx -> &man_groff,
+
+ # Similarly, use a special profile when man calls decompressors and other
+ # simple filters.
+ /{,usr/}bin/bzip2 rmCx -> &man_filter,
+ /{,usr/}bin/gzip rmCx -> &man_filter,
+ /usr/bin/col rmCx -> &man_filter,
+ /usr/bin/compress rmCx -> &man_filter,
+ /usr/bin/iconv rmCx -> &man_filter,
+ /usr/bin/lzip.lzip rmCx -> &man_filter,
+ /usr/bin/tr rmCx -> &man_filter,
+ /usr/bin/xz rmCx -> &man_filter,
+
+ # Allow basically anything in terms of file system access, subject to DAC.
+ # The purpose of this profile isn't to confine man itself (that might be
+ # nice in the future, but is tricky since it's quite configurable), but to
+ # confine the processes it calls that parse untrusted data.
+ /** mrixwlk,
+ unix,
+
+ capability setuid,
+ capability setgid,
+
+ signal peer=@{profile_name},
+ signal peer=/usr/bin/man//&man_groff,
+ signal peer=/usr/bin/man//&man_filter,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.man>
+}
+
+profile man_groff {
+ #include <abstractions/base>
+ # Recent kernels revalidate open FDs, and there are often some still
+ # open on TTYs. This is temporary until man learns to close irrelevant
+ # open FDs before execve.
+ #include <abstractions/consoles>
+ # man always runs its groff pipeline with the input file open on stdin,
+ # so we can skip <abstractions/user-manpages>.
+
+ /usr/bin/eqn rm,
+ /usr/bin/grap rm,
+ /usr/bin/pic rm,
+ /usr/bin/preconv rm,
+ /usr/bin/refer rm,
+ /usr/bin/tbl rm,
+ /usr/bin/troff rm,
+ /usr/bin/vgrind rm,
+
+ /etc/groff/** r,
+ /etc/papersize r,
+ /usr/lib/groff/site-tmac/** r,
+ /usr/share/groff/** r,
+
+ signal peer=/usr/bin/man,
+ # @{profile_name} doesn't seem to work here.
+ signal peer=/usr/bin/man//&man_groff,
+}
+
+profile man_filter {
+ #include <abstractions/base>
+ # Recent kernels revalidate open FDs, and there are often some still
+ # open on TTYs. This is temporary until man learns to close irrelevant
+ # open FDs before execve.
+ #include <abstractions/consoles>
+
+ /{,usr/}bin/bzip2 rm,
+ /{,usr/}bin/gzip rm,
+ /usr/bin/col rm,
+ /usr/bin/compress rm,
+ /usr/bin/iconv rm,
+ /usr/bin/lzip.lzip rm,
+ /usr/bin/tr rm,
+ /usr/bin/xz rm,
+
+ # Manual pages can be more or less anywhere, especially with "man -l", and
+ # there's no harm in allowing wide read access here since the worst it can
+ # do is feed data to the invoking man process.
+ /** r,
+
+ # Allow writing cat pages.
+ /var/cache/man/** w,
+
+ signal peer=/usr/bin/man,
+ # @{profile_name} doesn't seem to work here.
+ signal peer=/usr/bin/man//&man_filter,
+}
--- /dev/null
+# Author: Jamie Strandboge <jamie@canonical.com>
+#include <tunables/global>
+
+/usr/lib/snapd/snap-confine (attach_disconnected) {
+ # Include any additional files that snapd chose to generate.
+ # - for $HOME on NFS
+ # - for $HOME on encrypted media
+ #
+ # Those are discussed on https://forum.snapcraft.io/t/snapd-vs-upstream-kernel-vs-apparmor
+ # and https://forum.snapcraft.io/t/snaps-and-nfs-home/
+ #include "/var/lib/snapd/apparmor/snap-confine"
+
+ # We run privileged, so be fanatical about what we include and don't use
+ # any abstractions
+ /etc/ld.so.cache r,
+ /etc/ld.so.preload r,
+
+ # Do not assume that the interpreter is always named like
+ # ld-linux-x86_64.so, as on some architectures there can be a version after
+ # the .so suffix, eg. ld-linux-aarch64.so.1
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}ld{-*,64}.so* mrix,
+ # libc, you are funny
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libc{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libpthread{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libreadline{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}librt{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libgcc_s.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libncursesw{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libresolv{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libselinux.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpcre{,2}{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libmount.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libblkid.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libuuid.so* mr,
+ # normal libs in order
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libapparmor.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcgmanager.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libdl{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih-dbus.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libdbus-1.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libudev.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libseccomp.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcap.so* mr,
+
+ /usr/lib/snapd/snap-confine mr,
+
+ # This rule is needed when executing from a "base: core" devmode snap on
+ # UC18 and newer where the /usr/lib/snapd/snap-confine inside the
+ # "base: core" mount namespace always comes from the snapd snap, and thus
+ # we will execute snap-confine via this path, and thus need to be able to
+ # read this path when executing. It's also necessary on classic where both
+ # the snapd and the core snap are installed at the same time.
+ # TODO: remove this rule when we stop supporting executing other snaps from
+ # inside devmode snaps, ideally even in the short term we would only include
+ # this rule on core only, and specifically uc18 and newer where we need it
+ #@VERBATIM_LIBEXECDIR_SNAP_CONFINE@ mr,
+
+ /dev/null rw,
+ /dev/full rw,
+ /dev/zero rw,
+ /dev/random r,
+ /dev/urandom r,
+ /dev/pts/[0-9]* rw,
+ /dev/tty rw,
+
+ # cgroup: devices
+ capability sys_admin,
+ capability dac_read_search,
+ capability dac_override,
+ /sys/fs/cgroup/ r,
+ /sys/fs/cgroup/devices/ r,
+ /sys/fs/cgroup/devices/snap.*/ rw,
+ /sys/fs/cgroup/devices/snap.*/cgroup.procs w,
+ /sys/fs/cgroup/devices/snap.*/devices.{allow,deny} w,
+
+ # cgroup: freezer
+ # Allow creating per-snap cgroup freezers and adding snap command (task)
+ # invocations to the freezer. This allows for reliably enumerating all
+ # running processes for the snap. In addition, allow enumerating processes
+ # in the cgroup to determine if it is occupied.
+ /sys/fs/cgroup/freezer/ r,
+ /sys/fs/cgroup/freezer/snap.*/ w,
+ /sys/fs/cgroup/freezer/snap.*/cgroup.procs rw,
+ /sys/fs/cgroup/ r,
+ /sys/fs/cgroup/** r,
+
+ # cgroup: reading own cgroup
+ @{PROC}/@{pid}/cgroup r,
+
+ # cgroup: manage bpf map for device cgroup
+ /sys/fs/bpf/ r,
+ /sys/fs/bpf/snap/ rw,
+ /sys/fs/bpf/snap/* rw,
+ # s-c may need to raise the memlock limit
+ capability sys_resource,
+
+ # querying udev
+ /etc/udev/udev.conf r,
+ /sys/**/uevent r,
+ /run/udev/** rw,
+ /{,usr/}bin/tr ixr,
+ /usr/lib/locale/** r,
+ /usr/lib/@{multiarch}/gconv/gconv-modules r,
+ /usr/lib/@{multiarch}/gconv/gconv-modules.cache r,
+
+ # priv dropping
+ capability setuid,
+ capability setgid,
+
+ # changing profile
+ @{PROC}/[0-9]*/attr/{,apparmor/}exec w,
+ # Reading current profile
+ @{PROC}/[0-9]*/attr/{,apparmor/}current r,
+ # Reading available filesystems
+ @{PROC}/filesystems r,
+
+ # To find where apparmor is mounted
+ @{PROC}/[0-9]*/mounts r,
+ # To find if apparmor is enabled
+ /sys/module/apparmor/parameters/enabled r,
+
+ # Don't allow changing profile to unconfined or profiles that start with
+ # '/'. Use 'unsafe' to support snap-exec on armhf and its reliance on
+ # the environment for determining the capabilities of the architecture.
+ # 'unsafe' is ok here because the kernel will have already cleared the
+ # environment as part of launching snap-confine with CAP_SYS_ADMIN. This
+ # does leave directories as configured by ld.so.preload as well as
+ # LD_PRELOAD to be set to a library which is in a directory configured by
+ # ld.so.conf, but access to those locations is mediated by this profile
+ # (which requires rules for specific locations).
+ change_profile unsafe /** -> [^u/]**,
+ change_profile unsafe /** -> u[^n]**,
+ change_profile unsafe /** -> un[^c]**,
+ change_profile unsafe /** -> unc[^o]**,
+ change_profile unsafe /** -> unco[^n]**,
+ change_profile unsafe /** -> uncon[^f]**,
+ change_profile unsafe /** -> unconf[^i]**,
+ change_profile unsafe /** -> unconfi[^n]**,
+ change_profile unsafe /** -> unconfin[^e]**,
+ change_profile unsafe /** -> unconfine[^d]**,
+ change_profile unsafe /** -> unconfined?**,
+
+ # allow changing to a few not caught above
+ change_profile unsafe /** -> {u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine},
+
+ # LP: #1446794 - when this bug is fixed, change the above to:
+ # deny change_profile unsafe /** -> {unconfined,/**},
+ # change_profile unsafe /** -> **,
+
+ # reading seccomp filters
+ /{tmp/snap.rootfs_*/,}var/lib/snapd/seccomp/bpf/*.bin r,
+
+ # LP: #1668659 and parallel instaces of classic snaps
+ mount options=(rw rbind) /snap/ -> /snap/,
+ mount options=(rw rshared) -> /snap/,
+ mount options=(rw rbind) /var/lib/snapd/snap/ -> /var/lib/snapd/snap/,
+ mount options=(rw rshared) -> /var/lib/snapd/snap/,
+
+ # boostrapping the mount namespace
+ mount options=(rw rshared) -> /,
+ mount options=(rw bind) /tmp/snap.rootfs_*/ -> /tmp/snap.rootfs_*/,
+ mount options=(rw unbindable) -> /tmp/snap.rootfs_*/,
+ # the next line is for classic system
+ mount options=(rw rbind) /snap/*/*/ -> /tmp/snap.rootfs_*/,
+ # the next line is for core system
+ mount options=(rw rbind) / -> /tmp/snap.rootfs_*/,
+ # all of the constructed rootfs is a rslave
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/,
+ # bidirectional mounts (for both classic and core)
+ # NOTE: this doesn't capture the MERGED_USR configuration option so that
+ # when a distro with merged /usr and / that uses apparmor shows up it
+ # should be handled here.
+ /{,run/}media/ w,
+ mount options=(rw rbind) /{,run/}media/ -> /tmp/snap.rootfs_*/{,run/}media/,
+ /run/netns/ w,
+ mount options=(rw rbind) /run/netns/ -> /tmp/snap.rootfs_*/run/netns/,
+ # unidirectional mounts (only for classic system)
+ mount options=(rw rbind) /dev/ -> /tmp/snap.rootfs_*/dev/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/dev/,
+
+ mount options=(rw rbind) /etc/ -> /tmp/snap.rootfs_*/etc/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/etc/,
+
+ mount options=(rw rbind) /home/ -> /tmp/snap.rootfs_*/home/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/home/,
+
+ mount options=(rw rbind) /root/ -> /tmp/snap.rootfs_*/root/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/root/,
+
+ mount options=(rw rbind) /proc/ -> /tmp/snap.rootfs_*/proc/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/proc/,
+
+ mount options=(rw rbind) /sys/ -> /tmp/snap.rootfs_*/sys/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/sys/,
+
+ mount options=(rw rbind) /tmp/ -> /tmp/snap.rootfs_*/tmp/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/tmp/,
+
+ mount options=(rw rbind) /var/lib/dhcp/ -> /tmp/snap.rootfs_*/var/lib/dhcp/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/dhcp/,
+
+ mount options=(rw rbind) /var/lib/snapd/ -> /tmp/snap.rootfs_*/var/lib/snapd/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/snapd/,
+
+ mount options=(rw rbind) /var/snap/ -> /tmp/snap.rootfs_*/var/snap/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/snap/,
+
+ mount options=(rw rbind) /var/tmp/ -> /tmp/snap.rootfs_*/var/tmp/,
+ # /var/volatile is the default volatile location on Yocto/Poky, typically used with read-only rootfs setups
+ mount options=(rw rbind) /var/volatile/tmp/ -> /tmp/snap.rootfs_*/var/tmp/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/tmp/,
+
+ mount options=(rw rbind) /run/ -> /tmp/snap.rootfs_*/run/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/run/,
+
+ mount options=(rw rbind) /var/lib/extrausers/ -> /tmp/snap.rootfs_*/var/lib/extrausers/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/extrausers/,
+
+ mount options=(rw rbind) {,/usr}/lib{,32,64,x32}/modules/ -> /tmp/snap.rootfs_*{,/usr}/lib/modules/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*{,/usr}/lib/modules/,
+
+ mount options=(rw rbind) {,/usr}/lib{,32,64,x32}/firmware/ -> /tmp/snap.rootfs_*{,/usr}/lib/firmware/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*{,/usr}/lib/firmware/,
+
+ mount options=(rw rbind) /var/log/ -> /tmp/snap.rootfs_*/var/log/,
+ # /var/volatile is the default volatile location on Yocto/Poky, typically used with read-only rootfs setups
+ mount options=(rw rbind) /var/volatile/log/ -> /tmp/snap.rootfs_*/var/log/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/log/,
+
+ mount options=(rw rbind) /usr/src/ -> /tmp/snap.rootfs_*/usr/src/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/usr/src/,
+
+ mount options=(rw rbind) /mnt/ -> /tmp/snap.rootfs_*/mnt/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/mnt/,
+
+ # allow making host snap-exec available inside base snaps
+ mount options=(rw bind) /usr/lib/snapd/ -> /tmp/snap.rootfs_*/usr/lib/snapd/,
+ mount options=(rw slave) -> /tmp/snap.rootfs_*/usr/lib/snapd/,
+
+ # allow making re-execed host snap-exec available inside base snaps
+ mount options=(ro bind) /snap/core/*/usr/lib/snapd/ -> /tmp/snap.rootfs_*/usr/lib/snapd/,
+ # allow making snapd snap tools available inside base snaps
+ mount options=(ro bind) /snap/snapd/*/usr/lib/snapd/ -> /tmp/snap.rootfs_*/usr/lib/snapd/,
+
+ mount options=(rw bind) /usr/bin/snapctl -> /tmp/snap.rootfs_*/usr/bin/snapctl,
+ mount options=(rw slave) -> /tmp/snap.rootfs_*/usr/bin/snapctl,
+
+ # /etc/alternatives (classic and normal mode)
+ mount options=(rw bind) /snap/*/*/etc/alternatives/ -> /tmp/snap.rootfs_*/etc/alternatives/,
+ mount options=(rw bind) /snap/*/*/etc/ssl/ -> /tmp/snap.rootfs_*/etc/ssl/,
+ mount options=(rw bind) /snap/*/*/etc/nsswitch.conf -> /tmp/snap.rootfs_*/etc/nsswitch.conf,
+ mount options=(rw bind) /snap/*/*/etc/apparmor/ -> /tmp/snap.rootfs_*/etc/apparmor/,
+ mount options=(rw bind) /snap/*/*/etc/apparmor.d/ -> /tmp/snap.rootfs_*/etc/apparmor.d/,
+
+ # /etc/alternatives (core/legacy mode)
+ mount options=(rw bind) /etc/alternatives/ -> /tmp/snap.rootfs_*/etc/alternatives/,
+
+ # making all those directories slave shared.
+ mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/alternatives/,
+ mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/ssl/,
+ mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/nsswitch.conf,
+ mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/apparmor/,
+ mount options=(rw slave) -> /tmp/snap.rootfs_*/etc/apparmor.d/,
+
+ # the /snap directory
+ mount options=(rw rbind) /snap/ -> /tmp/snap.rootfs_*/snap/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/snap/,
+ # pivot_root preparation and execution
+ mount options=(rw bind) /tmp/snap.rootfs_*/var/lib/snapd/hostfs/ -> /tmp/snap.rootfs_*/var/lib/snapd/hostfs/,
+ mount options=(rw private) -> /tmp/snap.rootfs_*/var/lib/snapd/hostfs/,
+
+ # pivot_root mediation in AppArmor is not complete. See LP: #1791711.
+ # However, we can mediate the new_root and put_old to be what we expect,
+ # and then deny directory creation within old_root to prevent trivial
+ # pivoting into a whitelisted path.
+ pivot_root oldroot=/tmp/snap.rootfs_*/var/lib/snapd/hostfs/ /tmp/snap.rootfs_*/,
+ # Explicitly deny creating the old_root directory in case it is
+ # inadvertently added somewhere else. While this doesn't resolve
+ # LP: #1791711, it provides some hardening.
+ audit deny /tmp/snap.rootfs_*/{var/,var/lib/,var/lib/snapd/,var/lib/snapd/hostfs/} w,
+
+ # cleanup
+ umount /var/lib/snapd/hostfs/tmp/snap.rootfs_*/,
+ umount /var/lib/snapd/hostfs/sys/,
+ umount /var/lib/snapd/hostfs/dev/,
+ umount /var/lib/snapd/hostfs/proc/,
+ mount options=(rw rslave) -> /var/lib/snapd/hostfs/,
+
+ # Hide /writable from view of snaps.
+ mount options=(rprivate) -> /{,var/lib/snapd/hostfs/}writable/,
+ umount /{,var/lib/snapd/hostfs/}writable/,
+
+ # set up user mount namespace
+ mount options=(rslave) -> /,
+
+ # set up mount namespace for parallel instances of classic snaps
+ mount options=(rw rbind) /snap/{,*/} -> /snap/{,*/},
+ mount options=(rslave) -> /snap/,
+ mount options=(rslave) -> /var/snap/,
+ mount options=(rw rbind) /var/snap/{,*/} -> /var/snap/{,*/},
+ mount options=(rw rshared) -> /var/snap/,
+
+ # Allow reading the os-release file (possibly a symlink to /usr/lib).
+ /{etc/,usr/lib/}os-release r,
+
+ # Allow creating /var/lib/snapd/hostfs, if missing
+ /var/lib/snapd/hostfs/ rw,
+
+ # set up snap-specific private /tmp dir
+ capability chown,
+ /tmp/ rw,
+ /tmp/snap.*/ rw,
+ /tmp/snap.*/tmp/ rw,
+ mount options=(rw private) -> /tmp/,
+ mount options=(rw bind) /tmp/snap.*/tmp/ -> /tmp/,
+ mount fstype=devpts options=(rw) devpts -> /dev/pts/,
+ mount options=(rw bind) /dev/pts/ptmx -> /dev/ptmx, # for bind mounting
+ mount options=(rw bind) /dev/pts/ptmx -> /dev/pts/ptmx, # for bind mounting under LXD
+ # Workaround for LP: #1584456 on older kernels that mistakenly think
+ # /dev/pts/ptmx needs a trailing '/'
+ mount options=(rw bind) /dev/pts/ptmx/ -> /dev/ptmx/,
+ mount options=(rw bind) /dev/pts/ptmx/ -> /dev/pts/ptmx/,
+
+ # for running snaps on classic
+ /snap/ r,
+ /snap/** r,
+ /snap/ r,
+ /snap/** r,
+
+ # NOTE: at this stage the /snap directory is stable as we have called
+ # pivot_root already.
+
+ # nvidia handling, glob needs /usr/** and the launcher must be
+ # able to bind mount the nvidia dir
+ /sys/module/nvidia/version r,
+ /sys/**/drivers/nvidia{,_*}/* r,
+ /sys/**/nvidia*/uevent r,
+ /sys/module/nvidia{,_*}/* r,
+ /dev/nvidia[0-9]* r,
+ /dev/nvidiactl r,
+ /dev/nvidia-uvm r,
+ /usr/** r,
+ mount options=(rw bind) /usr/lib{,32}/nvidia-*/ -> /{tmp/snap.rootfs_*/,}var/lib/snapd/lib/gl{,32}/,
+ mount options=(rw bind) /usr/lib{,32}/nvidia-*/ -> /{tmp/snap.rootfs_*/,}var/lib/snapd/lib/gl{,32}/,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/{,*} w,
+ mount fstype=tmpfs options=(rw nodev noexec) none -> /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/,
+ mount options=(remount ro bind) -> /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/,
+
+ # Vulkan support
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/{,*} w,
+ mount fstype=tmpfs options=(rw nodev noexec) none -> /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/,
+ mount options=(remount ro bind) -> /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/,
+
+ # GLVND EGL vendor
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/{,*} w,
+ mount fstype=tmpfs options=(rw nodev noexec) none -> /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/,
+ mount options=(remount ro bind) -> /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/,
+
+ # create gl dirs as needed
+ /tmp/snap.rootfs_*/ r,
+ /tmp/snap.rootfs_*/var/ r,
+ /tmp/snap.rootfs_*/var/lib/ r,
+ /tmp/snap.rootfs_*/var/lib/snapd/ r,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/ r,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/ r,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/gl{,32}/** rw,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/ r,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/vulkan/** rw,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/ r,
+ /tmp/snap.rootfs_*/var/lib/snapd/lib/glvnd/** rw,
+
+ # for chroot on steroids, we use pivot_root as a better chroot that makes
+ # apparmor rules behave the same on classic and outside of classic.
+
+ # for creating the user data directories: ~/snap, ~/snap/<name> and
+ # ~/snap/<name>/<version>
+ / r,
+ @{HOMEDIRS}/ r,
+ # These should both have 'owner' match but due to LP: #1466234, we can't
+ # yet
+ @{HOME}/ r,
+ @{HOME}/snap/{,*/,*/*/} rw,
+
+ # experimental
+ @{HOME}/.snap/ rw,
+ @{HOME}/.snap/data/{,*/,*/*/} rw,
+
+ # Special case for *classic* snaps that are used by users with existing dirs
+ # in /var/lib/. Like jenkins, postgresql, mysql, puppet, ...
+ # (see https://forum.snapcraft.io/t/9717)
+ # TODO: this can be removed once we support home-dirs outside of /home
+ # better
+ /var/ r,
+ /var/lib/ r,
+ # These should both have 'owner' match but due to LP: #1466234, we can't
+ # yet
+ /var/lib/*/ r,
+ /var/lib/*/snap/{,*/,*/*/} rw,
+
+ # for creating the user shared memory directories
+ /{dev,run}/{,shm/} r,
+ # This should both have 'owner' match but due to LP: #1466234, we can't yet
+ /{dev,run}/shm/{,*/,*/*/} rw,
+
+ # for creating the user XDG_RUNTIME_DIR: /run/user, /run/user/UID and
+ # /run/user/UID/<name>
+ /run/user/{,[0-9]*/,[0-9]*/*/} rw,
+
+ # Workaround https://launchpad.net/bugs/359338 until upstream handles
+ # stacked filesystems generally.
+ # encrypted ~/.Private and old-style encrypted $HOME
+ @{HOME}/.Private/ r,
+ @{HOME}/.Private/** mrwlk,
+ # new-style encrypted $HOME
+ @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
+ @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
+
+ # Allow snap-confine to move to the void, creating it if necessary.
+ /var/lib/snapd/void/ rw,
+
+ # Allow snap-confine to read snap contexts
+ /var/lib/snapd/context/snap.* r,
+
+ # Allow snap-confine to unmount stale mount namespaces.
+ umount /run/snapd/ns/*.mnt,
+ /run/snapd/ns/snap.*.fstab w,
+ # Allow snap-confine to read and write mount namespace information files.
+ /run/snapd/ns/snap.*.info rw,
+ # Required to correctly unmount bound mount namespace.
+ # See LP: #1735459 for details.
+ umount /,
+
+ # support for locking
+ /run/snapd/lock/ rw,
+ /run/snapd/lock/*.lock rwk,
+
+ # support for the mount namespace sharing
+ capability sys_ptrace,
+ # allow snap-confine to read /proc/1/ns/mnt
+ ptrace read peer=unconfined,
+ # https://forum.snapcraft.io/t/custom-kernel-error-on-readlinkat-in-mount-namespace/6097/21
+ ptrace trace peer=unconfined,
+
+ mount options=(rw rbind) /run/snapd/ns/ -> /run/snapd/ns/,
+ mount options=(private) -> /run/snapd/ns/,
+ / rw,
+ /run/ rw,
+ /run/snapd/ rw,
+ /run/snapd/ns/ rw,
+ /run/snapd/ns/*.lock rwk,
+ /run/snapd/ns/*.mnt rw,
+ ptrace (read, readby, tracedby) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper,
+ @{PROC}/*/mountinfo r,
+ capability sys_chroot,
+ capability sys_admin,
+ signal (send, receive) set=(abrt) peer=/usr/lib/snapd/snap-confine,
+ signal (send) set=(int) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper,
+ signal (send, receive) set=(int, alrm, exists) peer=/usr/lib/snapd/snap-confine,
+ signal (receive) set=(exists) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper,
+
+ # workaround for linux 4.13/upstream, see
+ # https://forum.snapcraft.io/t/snapd-2-27-6-2-in-debian-sid-blocked-on-apparmor-in-kernel-4-13-0-1/2813/3
+ ptrace (trace, tracedby) peer=/usr/lib/snapd/snap-confine,
+
+ # Allow reading snap cookies.
+ /var/lib/snapd/cookie/snap.* r,
+
+ # For aa_change_hat() to go into ^mount-namespace-capture-helper
+ @{PROC}/[0-9]*/attr/{,apparmor/}current w,
+
+ # As a special exception allow snap-confine to write to anything in /var/lib.
+ # This code should be changed to allow delegation so that snap-confine can
+ # inherit any file descriptor and pass it to the invoked application but
+ # this is not possible in apparmor yet.
+ # See https://bugs.launchpad.net/snapd/+bug/1815869
+ /var/lib/** rw,
+
+ ^mount-namespace-capture-helper (attach_disconnected) {
+ # We run privileged, so be fanatical about what we include and don't use
+ # any abstractions
+ /etc/ld.so.cache r,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}ld{-*,64}.so* mrix,
+ # libc, you are funny
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libc{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libpthread{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libreadline{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}librt{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libgcc_s.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libncursesw{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libresolv{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libselinux.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libpcre.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libmount.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libblkid.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libuuid.so* mr,
+ # normal libs in order
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libapparmor.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcgmanager.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/{,atomics/}}libdl{,-[0-9]*}.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnih-dbus.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libdbus-1.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libudev.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libseccomp.so* mr,
+ /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libcap.so* mr,
+
+ /usr/lib/snapd/snap-confine mr,
+
+ /dev/null rw,
+ /dev/full rw,
+ /dev/zero rw,
+ /dev/random r,
+ /dev/urandom r,
+
+ capability sys_ptrace,
+ capability sys_admin,
+ # This allows us to read and bind mount the namespace file
+ / r,
+ @{PROC}/ r,
+ @{PROC}/*/ r,
+ @{PROC}/*/ns/ r,
+ @{PROC}/*/ns/mnt r,
+ /run/ r,
+ /run/snapd/ r,
+ /run/snapd/ns/ r,
+ /run/snapd/ns/*.mnt rw,
+ # NOTE: the source name is / even though we map /proc/123/ns/mnt
+ mount options=(rw bind) / -> /run/snapd/ns/*.mnt,
+ # This is the SIGALRM that we send and receive if a timeout expires
+ signal (send, receive) set=(alrm) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper,
+ # Those two rules are exactly the same but we don't know if the parent process is still alive
+ # and hence has the appropriate label or is already dead and hence has no label.
+ signal (send) set=(exists) peer=/usr/lib/snapd/snap-confine,
+ signal (send) set=(exists) peer=unconfined,
+ # This is so that we can abort
+ signal (send, receive) set=(abrt) peer=/usr/lib/snapd/snap-confine//mount-namespace-capture-helper,
+ # This is the signal we get if snap-confine dies (we subscribe to it with prctl)
+ signal (receive) set=(int) peer=/usr/lib/snapd/snap-confine,
+ # This allows snap-confine to be killed from the outside.
+ signal (receive) peer=unconfined,
+ # This allows snap-confine to wait for us
+ ptrace (read, trace, tracedby) peer=/usr/lib/snapd/snap-confine,
+ }
+
+ # Allow snap-confine to be killed
+ signal (receive) peer=unconfined,
+
+ # Allow switching to snap-update-ns with a per-snap profile.
+ change_profile -> snap-update-ns.*,
+
+ # Allow executing snap-update-ns when...
+
+ # ...snap-confine is, conceptually, re-executing and uses snap-update-ns
+ # from the distribution package. This is also the location used when using
+ # the core/base snap on all-snap systems. The variants here represent
+ # various locations of libexecdir across distributions.
+ /usr/lib{,exec,64}/snapd/snap-update-ns r,
+
+ # ...snap-confine is not, conceptually, re-executing and uses
+ # snap-update-ns from the distribution package but we are already inside
+ # the constructed mount namespace so we must traverse "hostfs". The
+ # variants here represent various locations of libexecdir across
+ # distributions.
+ /var/lib/snapd/hostfs/usr/lib{,exec,64}/snapd/snap-update-ns r,
+
+ # ..snap-confine is, conceptually, re-executing and uses snap-update-ns
+ # from the core or snapd snaps. Note that the location of the actual snap
+ # varies from distribution to distribution. The variants here represent
+ # different locations of snap mount directory across distributions.
+ /{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-update-ns r,
+
+ # ...snap-confine is, conceptually, re-executing and uses snap-update-ns
+ # from the core snap or snapd snap, but we are already inside the
+ # constructed mount namespace. Here the apparmor kernel module
+ # re-constructs the path to snap-update-ns using the "hostfs" mount entry
+ # rather than the more "natural" /snap mount entry but we have no control
+ # over that. This is reported as (LP: #1716339). The variants here
+ # represent different locations of snap mount directory across
+ # distributions.
+ /var/lib/snapd/hostfs/{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-update-ns r,
+
+ # Allow executing snap-discard-ns, just like the set for snap-update-ns
+ # above but with the key difference that snap-discard-ns does not
+ # have a dedicated profile so we need to inherit snap-confine's profile.
+
+ /usr/lib{,exec,64}/snapd/snap-discard-ns rix,
+ /var/lib/snapd/hostfs/usr/lib{,exec,64}/snapd/snap-discard-ns rix,
+ /{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-discard-ns rix,
+ /var/lib/snapd/hostfs/{,var/lib/snapd/}snap/{core,snapd}/*/usr/lib/snapd/snap-discard-ns rix,
+
+ # Allow mounting /var/lib/jenkins from the host into the snap.
+ mount options=(rw rbind) /var/lib/jenkins/ -> /tmp/snap.rootfs_*/var/lib/jenkins/,
+ mount options=(rw rslave) -> /tmp/snap.rootfs_*/var/lib/jenkins/,
+
+ # Suppress noisy file_inherit denials (LP: #1850552) until LP: #1849753 is
+ # fixed.
+ deny /dev/shm/.org.chromium.Chromium.* rw,
+
+ # While snap-confine itself doesn't require unix rules and therefore all
+ # unix rules are implicitly denied, adding an explicit deny for unix to
+ # silence noisy denials breaks nested lxd. Until the cause is determined,
+ # do not use an explicit deny for unix. (LP: #1855355)
+ #deny unix,
+
+ # Explicitly deny these accesses which show up on Arch to silence the
+ # denials for this unneeded access.
+ deny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnss_files-[0-9]*.so* mr,
+ deny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnss_mymachines.[0-9]*.so* mr,
+ deny /{,usr/}lib{,32,64,x32}/{,@{multiarch}/}libnss_systemd.[0-9]*.so* mr,
+ deny /etc/nsswitch.conf r,
+ deny /etc/passwd r,
+}
--- /dev/null
+# Last Modified: Sun Sep 25 08:58:35 2011
+#include <tunables/global>
+
+# Debugging the syslogger can be difficult if it can't write to the file
+# that the kernel is logging denials to. In these cases, you can do the
+# following:
+# watch -n 1 'dmesg | tail -5'
+
+/usr/sbin/rsyslogd {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability sys_tty_config,
+ capability dac_override,
+ capability dac_read_search,
+ capability setuid,
+ capability setgid,
+ capability sys_nice,
+ capability syslog,
+
+ unix (receive) type=dgram,
+ unix (receive) type=stream,
+
+ # rsyslog configuration
+ /etc/rsyslog.conf r,
+ /etc/rsyslog.d/ r,
+ /etc/rsyslog.d/** r,
+ /{,var/}run/rsyslogd.pid{,.tmp} rwk,
+ /var/spool/rsyslog/ r,
+ /var/spool/rsyslog/** rwk,
+
+ /usr/sbin/rsyslogd mr,
+ /usr/lib{,32,64}/{,@{multiarch}/}rsyslog/*.so mr,
+
+ /dev/tty* rw,
+ /dev/xconsole rw,
+ @{PROC}/kmsg r,
+
+ /dev/log rwl,
+ /{,var/}run/utmp rk,
+ /var/lib/*/dev/log rwl,
+ /var/spool/postfix/dev/log rwl,
+ /{,var/}run/systemd/notify w,
+
+ # 'r' is needed when using imfile
+ /var/log/** rw,
+
+ # Add these for mysql support
+ #/etc/mysql/my.cnf r,
+ #/{,var/}run/mysqld/mysqld.sock rw,
+
+ # Add thes for postgresql support
+ ##include <abstractions/openssl>
+ ##include <abstractions/ssl_certs>
+ #/{,var/}run/postgresql/.s.PGSQL.*[0-9] rw,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.rsyslogd>
+}
--- /dev/null
+# vim:syntax=apparmor
+#include <tunables/global>
+
+/usr/sbin/tcpdump {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+ #include <abstractions/user-tmp>
+
+ capability net_raw,
+ capability setuid,
+ capability setgid,
+ capability dac_override,
+ capability chown,
+ network raw,
+ network packet,
+
+ # for -D
+ @{PROC}/bus/usb/ r,
+ @{PROC}/bus/usb/** r,
+
+ # for finding an interface
+ /dev/ r,
+ @{PROC}/[0-9]*/net/dev r,
+ /sys/bus/usb/devices/ r,
+ /sys/class/net/ r,
+ /sys/devices/**/net/** r,
+
+ # for -j
+ capability net_admin,
+
+ # for tracing USB bus, which libpcap supports
+ /dev/usbmon* r,
+ /dev/bus/usb/ r,
+ /dev/bus/usb/** r,
+
+ # for init_etherarray(), with -e
+ /etc/ethers r,
+
+ # for USB probing (see libpcap-1.1.x/pcap-usb-linux.c:probe_devices())
+ /dev/bus/usb/**/[0-9]* w,
+
+ # for -z
+ /{usr/,}bin/gzip ixr,
+ /{usr/,}bin/bzip2 ixr,
+
+ # for -F and -w
+ audit deny @{HOME}/.* mrwkl,
+ audit deny @{HOME}/.*/ rw,
+ audit deny @{HOME}/.*/** mrwkl,
+ audit deny @{HOME}/bin/ rw,
+ audit deny @{HOME}/bin/** mrwkl,
+ owner @{HOME}/ r,
+ owner @{HOME}/** rw,
+
+ # for -r, -F and -w
+ /**.[pP][cC][aA][pP] rw,
+
+ # for convenience with -r (ie, read pcap files from other sources)
+ /var/log/snort/*log* r,
+
+ /usr/sbin/tcpdump mr,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.tcpdump>
+}
--- /dev/null
+../../../apparmor.d/sbin.dhclient
\ No newline at end of file
--- /dev/null
+# parser.conf is a global AppArmor config file for the apparmor_parser
+#
+# It can be used to specify the default options for the parser, which
+# can then be overriden by options passed on the command line.
+#
+# Leading whitespace is ignored and lines that begin with # are treated
+# as comments.
+#
+# Config options are specified one per line using the same format as the
+# longform command line options (without the preceding --).
+#
+# If a value is specified twice the last version to appear is used.
+
+## Suppress Warnings
+#quiet
+
+## Be verbose
+#verbose
+
+## Set additional include path
+#Include /etc/apparmor.d/
+# or
+#Include /usr/share/apparmor
+
+
+## Set location of apparmor filesystem
+#subdomainfs /sys/kernel/security/apparmor
+
+## Set match-string to use - for forcing compiler to treat different kernels
+## the same
+# match-string "pattern=aadfa audit perms=crwxamlk/ user::other"
+
+## Turn creating/updating of the cache on by default
+#write-cache
+
+## Show cache hits
+#show-cache
+
+## skip cached policy
+#skip-cache
+
+## skip reading cache but allow updating
+#skip-read-cache
+
+
+#### Set Optimizaions. Multiple Optimizations can be set, one per line ####
+# For supported optimizations see
+# apparmor_parser --help=O
+
+## Turn on equivalence classes
+#equiv
+
+## Turn off expr tree simplification
+#Optimize=no-expr-simplify
+
+## Turn off DFA minimization
+#Optimize=no-minimize
+
+## Adjust compression
+#Optimize=compress-small
+#Optimize=compress-fast
--- /dev/null
+# Blacklist for apport
+# If an executable path appears on any line in any file in
+# /etc/apport/blacklist.d/, apport will not generate a crash report
+# for it. Matches are exact only at the moment (no globbing etc.).
--- /dev/null
+/usr/bin/wine-preloader
--- /dev/null
+# map crash database names to CrashDatabase implementations and URLs
+
+default = 'ubuntu'
+
+def get_oem_project():
+ '''Determine OEM project name from Distribution Channel Descriptor
+
+ Return None if it cannot be determined or does not exist.
+ '''
+ try:
+ dcd = open('/var/lib/ubuntu_dist_channel').read()
+ if dcd.startswith('canonical-oem-'):
+ return dcd.split('-')[2]
+ except IOError:
+ return None
+
+databases = {
+ 'ubuntu': {
+ 'impl': 'launchpad',
+ 'bug_pattern_url': 'http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml',
+ 'dupdb_url': 'http://people.canonical.com/~ubuntu-archive/apport-duplicates',
+ 'distro': 'ubuntu',
+ 'problem_types': ['Bug', 'Package'],
+ 'escalation_tag': 'bugpattern-needed',
+ 'escalated_tag': 'bugpattern-written',
+ },
+ 'canonical-oem': {
+ 'impl': 'launchpad',
+ 'bug_pattern_url': 'http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml',
+ 'project': get_oem_project(),
+ },
+ 'debug': {
+ # for debugging
+ 'impl': 'memory',
+ 'bug_pattern_url': '/tmp/bugpatterns.xml',
+ 'distro': 'debug'
+ },
+}
--- /dev/null
+Acquire::Changelogs::AlwaysOnline "true";
+Acquire::http::User-Agent-Non-Interactive "true";
--- /dev/null
+APT
+{
+ NeverAutoRemove
+ {
+ "^firmware-linux.*";
+ "^linux-firmware$";
+ "^linux-image-[a-z0-9]*$";
+ "^linux-image-[a-z0-9]*-[a-z0-9]*$";
+ };
+
+ VersionedKernelPackages
+ {
+ # kernels
+ "linux-.*";
+ "kfreebsd-.*";
+ "gnumach-.*";
+ # (out-of-tree) modules
+ ".*-modules";
+ ".*-kernel";
+ };
+
+ Never-MarkAuto-Sections
+ {
+ "metapackages";
+ "contrib/metapackages";
+ "non-free/metapackages";
+ "restricted/metapackages";
+ "universe/metapackages";
+ "multiverse/metapackages";
+ };
+
+ Move-Autobit-Sections
+ {
+ "oldlibs";
+ "contrib/oldlibs";
+ "non-free/oldlibs";
+ "restricted/oldlibs";
+ "universe/oldlibs";
+ "multiverse/oldlibs";
+ };
+};
--- /dev/null
+// File installed by postgresql-common. Currently not updated automatically,
+// but might be in future releases.
+//
+// We mark all PostgreSQL packages as NeverAutoRemove because otherwise apt
+// would remove the old postgresql-NN package when the "postgresql" meta
+// package changes its dependencies to a new version, rendering the old
+// database cluster inaccessible. As access to the cluster might depend on
+// other modules (like datatypes), we use a pretty wide pattern here. We might
+// tighten this to match only actually used PostgreSQL versions in the future.
+
+APT
+{
+ NeverAutoRemove
+ {
+ "^postgresql-";
+ };
+};
--- /dev/null
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "0";
+APT::Periodic::AutocleanInterval "0";
--- /dev/null
+APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};
--- /dev/null
+APT::Update::Post-Invoke-Stats {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-stats || true";
+};
+
+APT::Install::Post-Invoke-Success {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook post-invoke-success || true";
+};
+
+APT::Install::Pre-Invoke {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true";
+};
+
+AptCli::Hooks::Upgrade {
+ "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true";
+};
--- /dev/null
+APT::Archives::MaxAge "30";
+APT::Archives::MinAge "2";
+APT::Archives::MaxSize "500";
--- /dev/null
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
--- /dev/null
+// THIS FILE IS USED TO INFORM PACKAGEKIT
+// THAT THE UPDATE-INFO MIGHT HAVE CHANGED
+
+// Whenever dpkg is called we might have different updates
+// i.e. if an user removes a package that had an update
+DPkg::Post-Invoke {
+"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
+};
+
+// When Apt's cache is updated (i.e. apt-cache update)
+APT::Update::Post-Invoke-Success {
+"/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
+};
--- /dev/null
+AptCli::Hooks::Install { "[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"; };
--- /dev/null
+## This file is provided by command-not-found(1) to download
+## Commands metadata files.
+
+Acquire::IndexTargets {
+ # The deb822 metadata files
+ deb::CNF {
+ MetaKey "$(COMPONENT)/cnf/Commands-$(NATIVE_ARCHITECTURE)";
+ ShortDescription "Commands-$(NATIVE_ARCHITECTURE)";
+ Description "$(RELEASE)/$(COMPONENT) $(NATIVE_ARCHITECTURE) c-n-f Metadata";
+ };
+};
+
+# Refresh AppStream cache when APT's cache is updated (i.e. apt update)
+APT::Update::Post-Invoke-Success {
+ "if /usr/bin/test -w /var/lib/command-not-found/ -a -e /usr/lib/cnf-update-db; then /usr/lib/cnf-update-db > /dev/null; fi";
+};
--- /dev/null
+// Automatically upgrade packages from these (origin:archive) pairs
+//
+// Note that in Ubuntu security updates may pull in new dependencies
+// from non-security sources (e.g. chromium). By allowing the release
+// pocket these get automatically pulled in.
+Unattended-Upgrade::Allowed-Origins {
+ "${distro_id}:${distro_codename}";
+ "${distro_id}:${distro_codename}-security";
+ // Extended Security Maintenance; doesn't necessarily exist for
+ // every release and this system may not have it installed, but if
+ // available, the policy for updates is such that unattended-upgrades
+ // should also install from here by default.
+ "${distro_id}ESMApps:${distro_codename}-apps-security";
+ "${distro_id}ESM:${distro_codename}-infra-security";
+// "${distro_id}:${distro_codename}-updates";
+// "${distro_id}:${distro_codename}-proposed";
+// "${distro_id}:${distro_codename}-backports";
+};
+
+// Python regular expressions, matching packages to exclude from upgrading
+Unattended-Upgrade::Package-Blacklist {
+ // The following matches all packages starting with linux-
+// "linux-";
+
+ // Use $ to explicitely define the end of a package name. Without
+ // the $, "libc6" would match all of them.
+// "libc6$";
+// "libc6-dev$";
+// "libc6-i686$";
+
+ // Special characters need escaping
+// "libstdc\+\+6$";
+
+ // The following matches packages like xen-system-amd64, xen-utils-4.1,
+ // xenstore-utils and libxenstore3.0
+// "(lib)?xen(store)?";
+
+ // For more information about Python regular expressions, see
+ // https://docs.python.org/3/howto/regex.html
+};
+
+// This option controls whether the development release of Ubuntu will be
+// upgraded automatically. Valid values are "true", "false", and "auto".
+Unattended-Upgrade::DevRelease "auto";
+
+// This option allows you to control if on a unclean dpkg exit
+// unattended-upgrades will automatically run
+// dpkg --force-confold --configure -a
+// The default is true, to ensure updates keep getting installed
+//Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGTERM. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+//Unattended-Upgrade::MinimalSteps "true";
+
+// Install all updates when the machine is shutting down
+// instead of doing it in the background while the machine is running.
+// This will (obviously) make shutdown slower.
+// Unattended-upgrades increases logind's InhibitDelayMaxSec to 30s.
+// This allows more time for unattended-upgrades to shut down gracefully
+// or even install a few packages in InstallOnShutdown mode, but is still a
+// big step back from the 30 minutes allowed for InstallOnShutdown previously.
+// Users enabling InstallOnShutdown mode are advised to increase
+// InhibitDelayMaxSec even further, possibly to 30 minutes.
+//Unattended-Upgrade::InstallOnShutdown "false";
+
+// Send email to this address for problems or packages upgrades
+// If empty or unset then no email is sent, make sure that you
+// have a working mail setup on your system. A package that provides
+// 'mailx' must be installed. E.g. "user@example.com"
+//Unattended-Upgrade::Mail "";
+
+// Set this value to one of:
+// "always", "only-on-error" or "on-change"
+// If this is not set, then any legacy MailOnlyOnError (boolean) value
+// is used to chose between "only-on-error" and "on-change"
+//Unattended-Upgrade::MailReport "on-change";
+
+// Remove unused automatically installed kernel-related packages
+// (kernel images, kernel headers and kernel version locked tools).
+//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+
+// Do automatic removal of newly unused dependencies after the upgrade
+//Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+
+// Do automatic removal of unused packages after the upgrade
+// (equivalent to apt-get autoremove)
+//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+
+// Automatically reboot *WITHOUT CONFIRMATION* if
+// the file /var/run/reboot-required is found after the upgrade
+//Unattended-Upgrade::Automatic-Reboot "false";
+
+// Automatically reboot even if there are users currently logged in
+// when Unattended-Upgrade::Automatic-Reboot is set to true
+//Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
+
+// If automatic reboot is enabled and needed, reboot at the specific
+// time instead of immediately
+// Default: "now"
+//Unattended-Upgrade::Automatic-Reboot-Time "02:00";
+
+// Use apt bandwidth limit feature, this example limits the download
+// speed to 70kb/sec
+//Acquire::http::Dl-Limit "70";
+
+// Enable logging to syslog. Default is False
+// Unattended-Upgrade::SyslogEnable "false";
+
+// Specify syslog facility. Default is daemon
+// Unattended-Upgrade::SyslogFacility "daemon";
+
+// Download and install upgrades only on AC power
+// (i.e. skip or gracefully stop updates on battery)
+// Unattended-Upgrade::OnlyOnACPower "true";
+
+// Download and install upgrades only on non-metered connection
+// (i.e. skip or gracefully stop updates on a metered connection)
+// Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true";
+
+// Verbose logging
+// Unattended-Upgrade::Verbose "false";
+
+// Print debugging information both in unattended-upgrades and
+// in unattended-upgrade-shutdown
+// Unattended-Upgrade::Debug "false";
+
+// Allow package downgrade if Pin-Priority exceeds 1000
+// Unattended-Upgrade::Allow-downgrade "false";
--- /dev/null
+// Pre-configure all packages with debconf before they are installed.
+// If you don't like it, comment it out.
+DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";};
--- /dev/null
+DPkg::Post-Invoke {"if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; /usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";};
+APT::Update::Post-Invoke-Success {"/usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";};
--- /dev/null
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+deb http://us.archive.ubuntu.com/ubuntu focal main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu focal main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb http://us.archive.ubuntu.com/ubuntu focal-updates main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb http://us.archive.ubuntu.com/ubuntu focal universe
+# deb-src http://us.archive.ubuntu.com/ubuntu focal universe
+deb http://us.archive.ubuntu.com/ubuntu focal-updates universe
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+deb http://us.archive.ubuntu.com/ubuntu focal multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal multiverse
+deb http://us.archive.ubuntu.com/ubuntu focal-updates multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+deb http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository.
+## This software is not part of Ubuntu, but is offered by Canonical and the
+## respective vendors as a service to Ubuntu users.
+# deb http://archive.canonical.com/ubuntu focal partner
+# deb-src http://archive.canonical.com/ubuntu focal partner
+
+deb http://us.archive.ubuntu.com/ubuntu focal-security main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-security main restricted
+deb http://us.archive.ubuntu.com/ubuntu focal-security universe
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-security universe
+deb http://us.archive.ubuntu.com/ubuntu focal-security multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-security multiverse
--- /dev/null
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+deb http://archive.ubuntu.com/ubuntu/ focal main restricted
+# deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted
+# deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb http://archive.ubuntu.com/ubuntu/ focal universe
+# deb-src http://archive.ubuntu.com/ubuntu/ focal universe
+deb http://archive.ubuntu.com/ubuntu/ focal-updates universe
+# deb-src http://archive.ubuntu.com/ubuntu/ focal-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+deb http://archive.ubuntu.com/ubuntu/ focal multiverse
+# deb-src http://archive.ubuntu.com/ubuntu/ focal multiverse
+deb http://archive.ubuntu.com/ubuntu/ focal-updates multiverse
+# deb-src http://archive.ubuntu.com/ubuntu/ focal-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
+# deb-src http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository.
+## This software is not part of Ubuntu, but is offered by Canonical and the
+## respective vendors as a service to Ubuntu users.
+# deb http://archive.canonical.com/ubuntu focal partner
+# deb-src http://archive.canonical.com/ubuntu focal partner
+
+deb http://security.ubuntu.com/ubuntu/ focal-security main restricted
+# deb-src http://security.ubuntu.com/ubuntu/ focal-security main restricted
+deb http://security.ubuntu.com/ubuntu/ focal-security universe
+# deb-src http://security.ubuntu.com/ubuntu/ focal-security universe
+deb http://security.ubuntu.com/ubuntu/ focal-security multiverse
+# deb-src http://security.ubuntu.com/ubuntu/ focal-security multiverse
--- /dev/null
+deb http://ppa.launchpad.net/git-core/ppa/ubuntu focal main
+# deb-src http://ppa.launchpad.net/git-core/ppa/ubuntu focal main
--- /dev/null
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+deb http://us.archive.ubuntu.com/ubuntu focal main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu focal main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb http://us.archive.ubuntu.com/ubuntu focal-updates main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb http://us.archive.ubuntu.com/ubuntu focal universe
+# deb-src http://us.archive.ubuntu.com/ubuntu focal universe
+deb http://us.archive.ubuntu.com/ubuntu focal-updates universe
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+deb http://us.archive.ubuntu.com/ubuntu focal multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal multiverse
+deb http://us.archive.ubuntu.com/ubuntu focal-updates multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+deb http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository.
+## This software is not part of Ubuntu, but is offered by Canonical and the
+## respective vendors as a service to Ubuntu users.
+# deb http://archive.canonical.com/ubuntu focal partner
+# deb-src http://archive.canonical.com/ubuntu focal partner
+
+deb http://us.archive.ubuntu.com/ubuntu focal-security main restricted
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-security main restricted
+deb http://us.archive.ubuntu.com/ubuntu focal-security universe
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-security universe
+deb http://us.archive.ubuntu.com/ubuntu focal-security multiverse
+# deb-src http://us.archive.ubuntu.com/ubuntu focal-security multiverse
--- /dev/null
+alias
+backup
+bin
+daemon
+ftp
+games
+gnats
+guest
+irc
+lp
+mail
+man
+nobody
+operator
+proxy
+qmaild
+qmaill
+qmailp
+qmailq
+qmailr
+qmails
+sync
+sys
+www-data
--- /dev/null
+# System-wide .bashrc file for interactive bash(1) shells.
+
+# To enable the settings / commands in this file for login shells as well,
+# this file has to be sourced in /etc/profile.
+
+# If not running interactively, don't do anything
+[ -z "$PS1" ] && return
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+ debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, overwrite the one in /etc/profile)
+# but only if not SUDOing and have SUDO_PS1 set; then assume smart user.
+if ! [ -n "${SUDO_USER}" -a -n "${SUDO_PS1}" ]; then
+ PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+
+# Commented out, don't overwrite xterm -T "title" -n "icontitle" by default.
+# If this is an xterm set the title to user@host:dir
+#case "$TERM" in
+#xterm*|rxvt*)
+# PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"'
+# ;;
+#*)
+# ;;
+#esac
+
+# enable bash completion in interactive shells
+#if ! shopt -oq posix; then
+# if [ -f /usr/share/bash-completion/bash_completion ]; then
+# . /usr/share/bash-completion/bash_completion
+# elif [ -f /etc/bash_completion ]; then
+# . /etc/bash_completion
+# fi
+#fi
+
+# sudo hint
+if [ ! -e "$HOME/.sudo_as_admin_successful" ] && [ ! -e "$HOME/.hushlogin" ] ; then
+ case " $(groups) " in *\ admin\ *|*\ sudo\ *)
+ if [ -x /usr/bin/sudo ]; then
+ cat <<-EOF
+ To run a command as administrator (user "root"), use "sudo <command>".
+ See "man sudo_root" for details.
+
+ EOF
+ fi
+ esac
+fi
+
+# if the command-not-found package is installed, use it
+if [ -x /usr/lib/command-not-found -o -x /usr/share/command-not-found/command-not-found ]; then
+ function command_not_found_handle {
+ # check because c-n-f could've been removed in the meantime
+ if [ -x /usr/lib/command-not-found ]; then
+ /usr/lib/command-not-found -- "$1"
+ return $?
+ elif [ -x /usr/share/command-not-found/command-not-found ]; then
+ /usr/share/command-not-found/command-not-found -- "$1"
+ return $?
+ else
+ printf "%s: command not found\n" "$1" >&2
+ return 127
+ fi
+ }
+fi
--- /dev/null
+. /usr/share/bash-completion/bash_completion
--- /dev/null
+#
+# Apport bash-completion
+#
+###############################################################################
+
+# get available symptoms
+_apport_symptoms ()
+{
+ local syms
+ if [ -r /usr/share/apport/symptoms ]; then
+ for FILE in $(ls /usr/share/apport/symptoms); do
+ # hide utility files and symptoms that don't have a run() function
+ if [[ ! "$FILE" =~ ^_.* && -n $(egrep "^def run\s*\(.*\):" /usr/share/apport/symptoms/$FILE) ]]; then
+ syms="$syms ${FILE%.py}"
+ fi
+ done
+ fi
+ echo $syms
+
+}
+
+# completion when used without parameters
+_apport_parameterless ()
+{
+ local param
+ # parameter-less completion
+ # param= COMMAND parameters
+ # package names
+ # PIDs
+ # Symptoms
+ # any file
+ param="$dashoptions \
+ $( apt-cache pkgnames $cur 2> /dev/null ) \
+ $( command ps axo pid | sed 1d ) \
+ $( _apport_symptoms ) \
+ $( compgen -G "${cur}*" )"
+ COMPREPLY=( $( compgen -W "$param" -- $cur) )
+
+}
+
+# apport-bug ubuntu-bug completion
+_apport-bug ()
+{
+ local cur dashoptions prev param
+
+ COMPREPLY=()
+ cur=`_get_cword`
+ prev=${COMP_WORDS[COMP_CWORD-1]}
+
+
+ # available options
+ dashoptions='-h --help --save -v --version --tag -w --window'
+
+ case "$prev" in
+ ubuntu-bug | apport-bug)
+ case "$cur" in
+ -*)
+ # parameter completion
+ COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) )
+
+ ;;
+ *)
+ # no parameter given
+ _apport_parameterless
+
+ ;;
+ esac
+
+ ;;
+ --save)
+ COMPREPLY=( $( compgen -o default -G "$cur*" ) )
+
+ ;;
+ -w | --window)
+ dashoptions="--save --tag"
+ COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) )
+ ;;
+ -h | --help | -v | --version | --tag)
+ # standalone parameters
+ return 0
+
+ ;;
+ *)
+ # --save and --window make only sense once
+ dashoptions="--tag"
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--save.* ]]; then
+ dashoptions="--save $dashoptions"
+ fi
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--window.* || "${COMP_WORDS[*]}" =~ .*\ -w\ .* ]]; then
+ dashoptions="-w --window $dashoptions"
+ fi
+
+ case "$cur" in
+ -*)
+ # parameter completion
+ COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) )
+
+ ;;
+ *)
+ _apport_parameterless
+
+ ;;
+ esac
+
+ ;;
+ esac
+}
+
+# apport-cli completion
+_apport-cli ()
+{
+ local cur dashoptions prev param
+
+ COMPREPLY=()
+ cur=`_get_cword`
+ prev=${COMP_WORDS[COMP_CWORD-1]}
+
+
+ # available options
+ dashoptions='-h --help -f --file-bug -u --update-bug -s --symptom \
+ -c --crash-file --save -v --version --tag -w --window'
+
+ case "$prev" in
+ apport-cli)
+ case "$cur" in
+ -*)
+ # parameter completion
+ COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) )
+
+ ;;
+ *)
+ # no parameter given
+ _apport_parameterless
+
+ ;;
+ esac
+
+ ;;
+ -f | --file-bug)
+ param="-P --pid -p --package -s --symptom"
+ COMPREPLY=( $( compgen -W "$param $(_apport_symptoms)" -- $cur) )
+
+ ;;
+ -s | --symptom)
+ COMPREPLY=( $( compgen -W "$(_apport_symptoms)" -- $cur) )
+
+ ;;
+ --save)
+ COMPREPLY=( $( compgen -o default -G "$cur*" ) )
+
+ ;;
+ -c | --crash-file)
+ # only show *.apport *.crash files
+ COMPREPLY=( $( compgen -G "${cur}*.apport"
+ compgen -G "${cur}*.crash" ) )
+
+ ;;
+ -w | --window)
+ dashoptions="--save --tag"
+ COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) )
+ ;;
+ -h | --help | -v | --version | --tag)
+ # standalone parameters
+ return 0
+
+ ;;
+ *)
+ dashoptions='--tag'
+
+ # most parameters only make sense once
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--save.* ]]; then
+ dashoptions="--save $dashoptions"
+ fi
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--window.* || "${COMP_WORDS[*]}" =~ .*\ -w\ .* ]]; then
+ dashoptions="-w --window $dashoptions"
+ fi
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--symptom.* || "${COMP_WORDS[*]}" =~ .*\ -s\ .* ]]; then
+ dashoptions="-s --symptom $dashoptions"
+ fi
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--update.* || "${COMP_WORDS[*]}" =~ .*\ -u\ .* ]]; then
+ dashoptions="-u --update $dashoptions"
+ fi
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--file-bug.* || "${COMP_WORDS[*]}" =~ .*\ -f\ .* ]]; then
+ dashoptions="-f --file-bug $dashoptions"
+ fi
+ if ! [[ "${COMP_WORDS[*]}" =~ .*--crash-file.* || "${COMP_WORDS[*]}" =~ .*\ -c\ .* ]]; then
+ dashoptions="-c --crash-file $dashoptions"
+ fi
+
+ # use same completion as if no parameter is given
+ case "$cur" in
+ -*)
+ # parameter completion
+ COMPREPLY=( $( compgen -W "$dashoptions" -- $cur ) )
+
+ ;;
+ *)
+ _apport_parameterless
+
+ ;;
+ esac
+
+ ;;
+ esac
+}
+
+# apport-unpack completion
+_apport-unpack ()
+{
+ local cur prev
+
+ COMPREPLY=()
+ cur=`_get_cword`
+ prev=${COMP_WORDS[COMP_CWORD-1]}
+
+ case "$prev" in
+ apport-unpack)
+ # only show *.apport *.crash files
+ COMPREPLY=( $( compgen -G "${cur}*.apport"
+ compgen -G "${cur}*.crash" ) )
+
+ ;;
+ esac
+}
+
+# apport-collect completion
+_apport-collect ()
+{
+ local cur prev
+
+ COMPREPLY=()
+ cur=`_get_cword`
+ prev=${COMP_WORDS[COMP_CWORD-1]}
+
+ case "$prev" in
+ apport-collect)
+ COMPREPLY=( $( compgen -W "-p --package --tag" -- $cur) )
+
+ ;;
+ -p | --package)
+ # list package names
+ COMPREPLY=( $( apt-cache pkgnames $cur 2> /dev/null ) )
+
+ ;;
+ --tag)
+ # standalone parameter
+ return 0
+ ;;
+ *)
+ # only complete -p/--package once
+ if [[ "${COMP_WORDS[*]}" =~ .*\ -p.* || "${COMP_WORDS[*]}" =~ .*--package.* ]]; then
+ COMPREPLY=( $( compgen -W "--tag" -- $cur) )
+ else
+ COMPREPLY=( $( compgen -W "-p --package --tag" -- $cur) )
+ fi
+
+ ;;
+ esac
+}
+
+# bind completion to apport commands
+complete -F _apport-bug -o filenames -o dirnames ubuntu-bug
+complete -F _apport-bug -o filenames -o dirnames apport-bug
+complete -F _apport-cli -o filenames -o dirnames apport-cli
+complete -F _apport-unpack -o filenames -o dirnames apport-unpack
+complete -F _apport-collect apport-collect
+
+# vi: syntax=bash
--- /dev/null
+# In git versions < 1.7.12, this shell library was part of the
+# git completion script.
+#
+# Some users rely on the __git_ps1 function becoming available
+# when bash-completion is loaded. Continue to load this library
+# at bash-completion startup for now, to ease the transition to a
+# world order where the prompt function is requested separately.
+#
+if [[ -e /usr/lib/git-core/git-sh-prompt ]]; then
+ . /usr/lib/git-core/git-sh-prompt
+fi
--- /dev/null
+# Copyright 2012-2021, Andrey Kislyuk and argcomplete contributors.
+# Licensed under the Apache License. See https://github.com/kislyuk/argcomplete for more info.
+
+# Copy of __expand_tilde_by_ref from bash-completion
+__python_argcomplete_expand_tilde_by_ref () {
+ if [ "${!1:0:1}" = "~" ]; then
+ if [ "${!1}" != "${!1//\/}" ]; then
+ eval $1="${!1/%\/*}"/'${!1#*/}';
+ else
+ eval $1="${!1}";
+ fi;
+ fi
+}
+
+# Run something, muting output or redirecting it to the debug stream
+# depending on the value of _ARC_DEBUG.
+# If ARGCOMPLETE_USE_TEMPFILES is set, use tempfiles for IPC.
+__python_argcomplete_run() {
+ if [[ -z "${ARGCOMPLETE_USE_TEMPFILES-}" ]]; then
+ __python_argcomplete_run_inner "$@"
+ return
+ fi
+ local tmpfile="$(mktemp)"
+ _ARGCOMPLETE_STDOUT_FILENAME="$tmpfile" __python_argcomplete_run_inner "$@"
+ local code=$?
+ cat "$tmpfile"
+ rm "$tmpfile"
+ return $code
+}
+
+__python_argcomplete_run_inner() {
+ if [[ -z "${_ARC_DEBUG-}" ]]; then
+ "$@" 8>&1 9>&2 1>/dev/null 2>&1
+ else
+ "$@" 8>&1 9>&2 1>&9 2>&1
+ fi
+}
+
+# Scan the beginning of an executable file ($1) for a regexp ($2). By default,
+# scan for the magic string indicating that the executable supports the
+# argcomplete completion protocol. By default, scan the first kilobyte;
+# if $3 is set to -n, scan until the first line break up to a kilobyte.
+__python_argcomplete_scan_head() {
+ read -s -r ${3:--N} 1024 < "$1"
+ [[ "$REPLY" =~ ${2:-PYTHON_ARGCOMPLETE_OK} ]]
+}
+
+__python_argcomplete_scan_head_noerr() {
+ __python_argcomplete_scan_head "$@" 2>/dev/null
+}
+
+_python_argcomplete_global() {
+ local executable=$1
+ __python_argcomplete_expand_tilde_by_ref executable
+
+ local ARGCOMPLETE=0
+ if [[ "$executable" == python* ]] || [[ "$executable" == pypy* ]]; then
+ if [[ "${COMP_WORDS[1]}" == -m ]]; then
+ if __python_argcomplete_run "$executable" -m argcomplete._check_module "${COMP_WORDS[2]}"; then
+ ARGCOMPLETE=3
+ else
+ return
+ fi
+ elif [[ -f "${COMP_WORDS[1]}" ]] && __python_argcomplete_scan_head_noerr "${COMP_WORDS[1]}"; then
+ local ARGCOMPLETE=2
+ else
+ return
+ fi
+ elif type -P "$executable" >/dev/null 2>&1; then
+ local SCRIPT_NAME=$(type -P "$executable")
+ if (type -t pyenv && [[ "$SCRIPT_NAME" = $(pyenv root)/shims/* ]]) >/dev/null 2>&1; then
+ local SCRIPT_NAME=$(pyenv which "$executable")
+ fi
+ if __python_argcomplete_scan_head_noerr "$SCRIPT_NAME"; then
+ local ARGCOMPLETE=1
+ elif __python_argcomplete_scan_head_noerr "$SCRIPT_NAME" '^#!(.*)$' -n && [[ "${BASH_REMATCH[1]}" =~ ^.*(python|pypy)[0-9\.]*$ ]]; then
+ local interpreter="$BASH_REMATCH"
+ if (__python_argcomplete_scan_head_noerr "$SCRIPT_NAME" "(PBR Generated)|(EASY-INSTALL-(SCRIPT|ENTRY-SCRIPT|DEV-SCRIPT))" \
+ && "$interpreter" "$(type -P python-argcomplete-check-easy-install-script)" "$SCRIPT_NAME") >/dev/null 2>&1; then
+ local ARGCOMPLETE=1
+ elif __python_argcomplete_run "$interpreter" -m argcomplete._check_console_script "$SCRIPT_NAME"; then
+ local ARGCOMPLETE=1
+ fi
+ fi
+ fi
+
+ if [[ $ARGCOMPLETE != 0 ]]; then
+ local IFS=$(echo -e '\v')
+ COMPREPLY=( $(_ARGCOMPLETE_IFS="$IFS" \
+ COMP_LINE="$COMP_LINE" \
+ COMP_POINT="$COMP_POINT" \
+ COMP_TYPE="$COMP_TYPE" \
+ _ARGCOMPLETE_COMP_WORDBREAKS="$COMP_WORDBREAKS" \
+ _ARGCOMPLETE=$ARGCOMPLETE \
+ _ARGCOMPLETE_SUPPRESS_SPACE=1 \
+ __python_argcomplete_run "$executable" "${COMP_WORDS[@]:1:ARGCOMPLETE-1}") )
+ if [[ $? != 0 ]]; then
+ unset COMPREPLY
+ elif [[ "${COMPREPLY-}" =~ [=/:]$ ]]; then
+ compopt -o nospace
+ fi
+ else
+ type -t _completion_loader | grep -q 'function' && _completion_loader "$@"
+ fi
+}
+complete -o default -o bashdefault -D -F _python_argcomplete_global
--- /dev/null
+#
+# This file contains a list of port numbers between 600 and 1024,
+# which should not be used by bindresvport. bindresvport is mostly
+# called by RPC services. This mostly solves the problem, that a
+# RPC service uses a well known port of another service.
+#
+631 # cups
+636 # ldaps
+655 # tinc
+774 # rpasswd
+783 # spamd
+873 # rsync
+921 # lwresd
+993 # imaps
+995 # pops
--- /dev/null
+# BYOBU_BACKEND can currently be "screen" or "tmux"
+# Override this on a per-user basis by editing "$BYOBU_CONFIG_DIR/backend"
+# or by launching either "byobu-screen" or "byobu-tmux" instead of "byobu".
+BYOBU_BACKEND="tmux"
--- /dev/null
+# Set the location of the socket directory that byobu will use.
+# On Debian/Ubuntu systems, this is in /var/run/screen, but on
+# other distros, it might be elsewhere, such as /tmp/screens
+# depending on your compilation.
+#
+# This file will be sourced by both shell scripts and python code,
+# so please ensure that:
+# * the variable name is SOCKETDIR
+# * there is no space around the "="
+# * and that the path value is quoted
+SOCKETDIR="/var/run/screen"
--- /dev/null
+# This file lists certificates that you wish to use or to ignore to be
+# installed in /etc/ssl/certs.
+# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
+#
+# This is autogenerated by dpkg-reconfigure ca-certificates.
+# Certificates should be installed under /usr/share/ca-certificates
+# and files with extension '.crt' is recognized as available certs.
+#
+# line begins with # is comment.
+# line begins with ! is certificate filename to be deselected.
+#
+mozilla/ACCVRAIZ1.crt
+mozilla/AC_RAIZ_FNMT-RCM.crt
+mozilla/Actalis_Authentication_Root_CA.crt
+!mozilla/AddTrust_External_Root.crt
+mozilla/AffirmTrust_Commercial.crt
+mozilla/AffirmTrust_Networking.crt
+mozilla/AffirmTrust_Premium.crt
+mozilla/AffirmTrust_Premium_ECC.crt
+mozilla/Amazon_Root_CA_1.crt
+mozilla/Amazon_Root_CA_2.crt
+mozilla/Amazon_Root_CA_3.crt
+mozilla/Amazon_Root_CA_4.crt
+mozilla/Atos_TrustedRoot_2011.crt
+mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+mozilla/Baltimore_CyberTrust_Root.crt
+mozilla/Buypass_Class_2_Root_CA.crt
+mozilla/Buypass_Class_3_Root_CA.crt
+mozilla/CA_Disig_Root_R2.crt
+mozilla/CFCA_EV_ROOT.crt
+mozilla/COMODO_Certification_Authority.crt
+mozilla/COMODO_ECC_Certification_Authority.crt
+mozilla/COMODO_RSA_Certification_Authority.crt
+mozilla/Certigna.crt
+!mozilla/Certinomis_-_Root_CA.crt
+!mozilla/Certplus_Class_2_Primary_CA.crt
+mozilla/Certum_Trusted_Network_CA.crt
+mozilla/Certum_Trusted_Network_CA_2.crt
+!mozilla/Chambers_of_Commerce_Root_-_2008.crt
+mozilla/Comodo_AAA_Services_root.crt
+mozilla/Cybertrust_Global_Root.crt
+mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
+mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
+!mozilla/DST_Root_CA_X3.crt
+!mozilla/Deutsche_Telekom_Root_CA_2.crt
+mozilla/DigiCert_Assured_ID_Root_CA.crt
+mozilla/DigiCert_Assured_ID_Root_G2.crt
+mozilla/DigiCert_Assured_ID_Root_G3.crt
+mozilla/DigiCert_Global_Root_CA.crt
+mozilla/DigiCert_Global_Root_G2.crt
+mozilla/DigiCert_Global_Root_G3.crt
+mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
+mozilla/DigiCert_Trusted_Root_G4.crt
+mozilla/E-Tugra_Certification_Authority.crt
+mozilla/EC-ACC.crt
+!mozilla/EE_Certification_Centre_Root_CA.crt
+mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
+mozilla/Entrust_Root_Certification_Authority.crt
+mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
+mozilla/Entrust_Root_Certification_Authority_-_G2.crt
+mozilla/GDCA_TrustAUTH_R5_ROOT.crt
+!mozilla/GeoTrust_Global_CA.crt
+!mozilla/GeoTrust_Primary_Certification_Authority.crt
+!mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
+!mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
+!mozilla/GeoTrust_Universal_CA.crt
+!mozilla/GeoTrust_Universal_CA_2.crt
+mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
+mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
+mozilla/GlobalSign_Root_CA.crt
+mozilla/GlobalSign_Root_CA_-_R2.crt
+mozilla/GlobalSign_Root_CA_-_R3.crt
+mozilla/GlobalSign_Root_CA_-_R6.crt
+!mozilla/Global_Chambersign_Root_-_2008.crt
+mozilla/Go_Daddy_Class_2_CA.crt
+mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
+mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
+mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
+mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
+mozilla/Hongkong_Post_Root_CA_1.crt
+mozilla/ISRG_Root_X1.crt
+mozilla/IdenTrust_Commercial_Root_CA_1.crt
+mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
+mozilla/Izenpe.com.crt
+!mozilla/LuxTrust_Global_Root_2.crt
+mozilla/Microsec_e-Szigno_Root_CA_2009.crt
+mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
+mozilla/Network_Solutions_Certificate_Authority.crt
+!mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
+mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
+mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
+!mozilla/QuoVadis_Root_CA.crt
+mozilla/QuoVadis_Root_CA_1_G3.crt
+mozilla/QuoVadis_Root_CA_2.crt
+mozilla/QuoVadis_Root_CA_2_G3.crt
+mozilla/QuoVadis_Root_CA_3.crt
+mozilla/QuoVadis_Root_CA_3_G3.crt
+mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
+mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
+mozilla/SSL.com_Root_Certification_Authority_ECC.crt
+mozilla/SSL.com_Root_Certification_Authority_RSA.crt
+mozilla/SZAFIR_ROOT_CA2.crt
+mozilla/SecureSign_RootCA11.crt
+mozilla/SecureTrust_CA.crt
+mozilla/Secure_Global_CA.crt
+mozilla/Security_Communication_RootCA2.crt
+mozilla/Security_Communication_Root_CA.crt
+!mozilla/Sonera_Class_2_Root_CA.crt
+mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
+!mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
+!mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
+mozilla/Starfield_Class_2_CA.crt
+mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
+mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
+mozilla/SwissSign_Gold_CA_-_G2.crt
+mozilla/SwissSign_Silver_CA_-_G2.crt
+mozilla/T-TeleSec_GlobalRoot_Class_2.crt
+mozilla/T-TeleSec_GlobalRoot_Class_3.crt
+mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
+mozilla/TWCA_Global_Root_CA.crt
+mozilla/TWCA_Root_Certification_Authority.crt
+!mozilla/Taiwan_GRCA.crt
+mozilla/TeliaSonera_Root_CA_v1.crt
+mozilla/TrustCor_ECA-1.crt
+mozilla/TrustCor_RootCert_CA-1.crt
+mozilla/TrustCor_RootCert_CA-2.crt
+!mozilla/Trustis_FPS_Root_CA.crt
+mozilla/USERTrust_ECC_Certification_Authority.crt
+mozilla/USERTrust_RSA_Certification_Authority.crt
+!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
+!mozilla/VeriSign_Universal_Root_Certification_Authority.crt
+!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
+mozilla/XRamp_Global_CA_Root.crt
+mozilla/certSIGN_ROOT_CA.crt
+mozilla/ePKI_Root_Certification_Authority.crt
+!mozilla/thawte_Primary_Root_CA.crt
+!mozilla/thawte_Primary_Root_CA_-_G2.crt
+!mozilla/thawte_Primary_Root_CA_-_G3.crt
+mozilla/Certigna_Root_CA.crt
+mozilla/Entrust_Root_Certification_Authority_-_G4.crt
+mozilla/GTS_Root_R1.crt
+mozilla/GTS_Root_R2.crt
+mozilla/GTS_Root_R3.crt
+mozilla/GTS_Root_R4.crt
+mozilla/Hongkong_Post_Root_CA_3.crt
+mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
+mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
+mozilla/NAVER_Global_Root_Certification_Authority.crt
+mozilla/Trustwave_Global_Certification_Authority.crt
+mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt
+mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt
+mozilla/UCA_Extended_Validation_Root.crt
+mozilla/UCA_Global_G2_Root.crt
+mozilla/certSIGN_Root_CA_G2.crt
+mozilla/e-Szigno_Root_CA_2017.crt
+mozilla/emSign_ECC_Root_CA_-_C3.crt
+mozilla/emSign_ECC_Root_CA_-_G3.crt
+mozilla/emSign_Root_CA_-_C1.crt
+mozilla/emSign_Root_CA_-_G1.crt
+mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
+mozilla/ANF_Secure_Server_Root_CA.crt
+mozilla/Certum_EC-384_CA.crt
+mozilla/Certum_Trusted_Root_CA.crt
+mozilla/GlobalSign_Root_E46.crt
+mozilla/GlobalSign_Root_R46.crt
+mozilla/GLOBALTRUST_2020.crt
--- /dev/null
+# This file lists certificates that you wish to use or to ignore to be
+# installed in /etc/ssl/certs.
+# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
+#
+# This is autogenerated by dpkg-reconfigure ca-certificates.
+# Certificates should be installed under /usr/share/ca-certificates
+# and files with extension '.crt' is recognized as available certs.
+#
+# line begins with # is comment.
+# line begins with ! is certificate filename to be deselected.
+#
+mozilla/ACCVRAIZ1.crt
+mozilla/AC_RAIZ_FNMT-RCM.crt
+mozilla/Actalis_Authentication_Root_CA.crt
+!mozilla/AddTrust_External_Root.crt
+mozilla/AffirmTrust_Commercial.crt
+mozilla/AffirmTrust_Networking.crt
+mozilla/AffirmTrust_Premium.crt
+mozilla/AffirmTrust_Premium_ECC.crt
+mozilla/Amazon_Root_CA_1.crt
+mozilla/Amazon_Root_CA_2.crt
+mozilla/Amazon_Root_CA_3.crt
+mozilla/Amazon_Root_CA_4.crt
+mozilla/Atos_TrustedRoot_2011.crt
+mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+mozilla/Baltimore_CyberTrust_Root.crt
+mozilla/Buypass_Class_2_Root_CA.crt
+mozilla/Buypass_Class_3_Root_CA.crt
+mozilla/CA_Disig_Root_R2.crt
+mozilla/CFCA_EV_ROOT.crt
+mozilla/COMODO_Certification_Authority.crt
+mozilla/COMODO_ECC_Certification_Authority.crt
+mozilla/COMODO_RSA_Certification_Authority.crt
+mozilla/Certigna.crt
+!mozilla/Certinomis_-_Root_CA.crt
+!mozilla/Certplus_Class_2_Primary_CA.crt
+mozilla/Certum_Trusted_Network_CA.crt
+mozilla/Certum_Trusted_Network_CA_2.crt
+mozilla/Chambers_of_Commerce_Root_-_2008.crt
+mozilla/Comodo_AAA_Services_root.crt
+mozilla/Cybertrust_Global_Root.crt
+mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
+mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
+!mozilla/DST_Root_CA_X3.crt
+!mozilla/Deutsche_Telekom_Root_CA_2.crt
+mozilla/DigiCert_Assured_ID_Root_CA.crt
+mozilla/DigiCert_Assured_ID_Root_G2.crt
+mozilla/DigiCert_Assured_ID_Root_G3.crt
+mozilla/DigiCert_Global_Root_CA.crt
+mozilla/DigiCert_Global_Root_G2.crt
+mozilla/DigiCert_Global_Root_G3.crt
+mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
+mozilla/DigiCert_Trusted_Root_G4.crt
+mozilla/E-Tugra_Certification_Authority.crt
+mozilla/EC-ACC.crt
+!mozilla/EE_Certification_Centre_Root_CA.crt
+mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
+mozilla/Entrust_Root_Certification_Authority.crt
+mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
+mozilla/Entrust_Root_Certification_Authority_-_G2.crt
+mozilla/GDCA_TrustAUTH_R5_ROOT.crt
+!mozilla/GeoTrust_Global_CA.crt
+!mozilla/GeoTrust_Primary_Certification_Authority.crt
+mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
+!mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
+!mozilla/GeoTrust_Universal_CA.crt
+!mozilla/GeoTrust_Universal_CA_2.crt
+mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
+mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
+mozilla/GlobalSign_Root_CA.crt
+mozilla/GlobalSign_Root_CA_-_R2.crt
+mozilla/GlobalSign_Root_CA_-_R3.crt
+mozilla/GlobalSign_Root_CA_-_R6.crt
+mozilla/Global_Chambersign_Root_-_2008.crt
+mozilla/Go_Daddy_Class_2_CA.crt
+mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
+mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
+mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
+mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
+mozilla/Hongkong_Post_Root_CA_1.crt
+mozilla/ISRG_Root_X1.crt
+mozilla/IdenTrust_Commercial_Root_CA_1.crt
+mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
+mozilla/Izenpe.com.crt
+!mozilla/LuxTrust_Global_Root_2.crt
+mozilla/Microsec_e-Szigno_Root_CA_2009.crt
+mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
+mozilla/Network_Solutions_Certificate_Authority.crt
+!mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
+mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
+mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
+mozilla/QuoVadis_Root_CA.crt
+mozilla/QuoVadis_Root_CA_1_G3.crt
+mozilla/QuoVadis_Root_CA_2.crt
+mozilla/QuoVadis_Root_CA_2_G3.crt
+mozilla/QuoVadis_Root_CA_3.crt
+mozilla/QuoVadis_Root_CA_3_G3.crt
+mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
+mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
+mozilla/SSL.com_Root_Certification_Authority_ECC.crt
+mozilla/SSL.com_Root_Certification_Authority_RSA.crt
+mozilla/SZAFIR_ROOT_CA2.crt
+mozilla/SecureSign_RootCA11.crt
+mozilla/SecureTrust_CA.crt
+mozilla/Secure_Global_CA.crt
+mozilla/Security_Communication_RootCA2.crt
+mozilla/Security_Communication_Root_CA.crt
+mozilla/Sonera_Class_2_Root_CA.crt
+mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
+!mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
+mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
+mozilla/Starfield_Class_2_CA.crt
+mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
+mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
+mozilla/SwissSign_Gold_CA_-_G2.crt
+mozilla/SwissSign_Silver_CA_-_G2.crt
+mozilla/T-TeleSec_GlobalRoot_Class_2.crt
+mozilla/T-TeleSec_GlobalRoot_Class_3.crt
+mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
+mozilla/TWCA_Global_Root_CA.crt
+mozilla/TWCA_Root_Certification_Authority.crt
+!mozilla/Taiwan_GRCA.crt
+mozilla/TeliaSonera_Root_CA_v1.crt
+mozilla/TrustCor_ECA-1.crt
+mozilla/TrustCor_RootCert_CA-1.crt
+mozilla/TrustCor_RootCert_CA-2.crt
+mozilla/Trustis_FPS_Root_CA.crt
+mozilla/USERTrust_ECC_Certification_Authority.crt
+mozilla/USERTrust_RSA_Certification_Authority.crt
+!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
+mozilla/VeriSign_Universal_Root_Certification_Authority.crt
+!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
+mozilla/XRamp_Global_CA_Root.crt
+mozilla/certSIGN_ROOT_CA.crt
+mozilla/ePKI_Root_Certification_Authority.crt
+!mozilla/thawte_Primary_Root_CA.crt
+!mozilla/thawte_Primary_Root_CA_-_G2.crt
+!mozilla/thawte_Primary_Root_CA_-_G3.crt
+mozilla/Certigna_Root_CA.crt
+mozilla/Entrust_Root_Certification_Authority_-_G4.crt
+mozilla/GTS_Root_R1.crt
+mozilla/GTS_Root_R2.crt
+mozilla/GTS_Root_R3.crt
+mozilla/GTS_Root_R4.crt
+mozilla/Hongkong_Post_Root_CA_3.crt
+mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
+mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
+mozilla/NAVER_Global_Root_Certification_Authority.crt
+mozilla/Trustwave_Global_Certification_Authority.crt
+mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt
+mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt
+mozilla/UCA_Extended_Validation_Root.crt
+mozilla/UCA_Global_G2_Root.crt
+mozilla/certSIGN_Root_CA_G2.crt
+mozilla/e-Szigno_Root_CA_2017.crt
+mozilla/emSign_ECC_Root_CA_-_C3.crt
+mozilla/emSign_ECC_Root_CA_-_G3.crt
+mozilla/emSign_Root_CA_-_C1.crt
+mozilla/emSign_Root_CA_-_G1.crt
--- /dev/null
+/* This is the system-wide default calendar file, used if calendar(1)
+ * is invoked by a user without a ~/calendar or ~/.calendar/calendar file.
+ * It may be edited or even deleted to reflect local policy.
+ *
+ * In the standard setup, we simply include the default calendar
+ * definitions from /usr/share/calendar/calendar.all. If you want
+ * only some of those definitions, copy calendar.all to /etc/calendar
+ * and edit it there. That way, your changes will be kept next time
+ * you upgrade.
+ *
+ * The search path for include files is:
+ * /etc/calendar
+ * /usr/share/calendar
+ */
+#include "calendar.all"
--- /dev/null
+# The top level settings are used as module
+# and system configuration.
+# A set of users which may be applied and/or used by various modules
+# when a 'default' entry is found it will reference the 'default_user'
+# from the distro configuration specified below
+users:
+ - default
+
+
+# If this is set, 'root' will not be able to ssh in and they
+# will get a message to login instead as the default $user
+disable_root: true
+
+# This will cause the set+update hostname module to not operate (if true)
+preserve_hostname: false
+
+# If you use datasource_list array, keep array items in a single line.
+# If you use multi line array, ds-identify script won't read array items.
+# Example datasource config
+# datasource:
+# Ec2:
+# metadata_urls: [ 'blah.com' ]
+# timeout: 5 # (defaults to 50 seconds)
+# max_wait: 10 # (defaults to 120 seconds)
+
+
+
+
+# The modules that run in the 'init' stage
+cloud_init_modules:
+ - migrator
+ - seed_random
+ - bootcmd
+ - write-files
+ - growpart
+ - resizefs
+ - disk_setup
+ - mounts
+ - set_hostname
+ - update_hostname
+ - update_etc_hosts
+ - ca-certs
+ - rsyslog
+ - users-groups
+ - ssh
+
+# The modules that run in the 'config' stage
+cloud_config_modules:
+ - snap
+ - ssh-import-id
+ - keyboard
+ - locale
+ - set-passwords
+ - grub-dpkg
+ - apt-pipelining
+ - apt-configure
+ - ubuntu-advantage
+ - ntp
+ - timezone
+ - disable-ec2-metadata
+ - runcmd
+ - byobu
+
+# The modules that run in the 'final' stage
+cloud_final_modules:
+ - package-update-upgrade-install
+ - fan
+ - landscape
+ - lxd
+ - ubuntu-drivers
+ - write-files-deferred
+ - puppet
+ - chef
+ - mcollective
+ - salt-minion
+ - reset_rmc
+ - refresh_rmc_and_interface
+ - rightscale_userdata
+ - scripts-vendor
+ - scripts-per-once
+ - scripts-per-boot
+ - scripts-per-instance
+ - scripts-user
+ - ssh-authkey-fingerprints
+ - keys-to-console
+ - install-hotplug
+ - phone-home
+ - final-message
+ - power-state-change
+
+# System and/or distro specific settings
+# (not accessible to handlers/transforms)
+system_info:
+ # This will affect which distro class gets used
+ distro: ubuntu
+ # Default user name + that default users groups (if added/used)
+ default_user:
+ name: ubuntu
+ lock_passwd: True
+ gecos: Ubuntu
+ groups: [adm, audio, cdrom, dialout, dip, floppy, lxd, netdev, plugdev, sudo, video]
+ sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+ shell: /bin/bash
+ network:
+ renderers: ['netplan', 'eni', 'sysconfig']
+ # Automatically discover the best ntp_client
+ ntp_client: auto
+ # Other config here will be given to the distro class and/or path classes
+ paths:
+ cloud_dir: /var/lib/cloud/
+ templates_dir: /etc/cloud/templates/
+ package_mirrors:
+ - arches: [i386, amd64]
+ failsafe:
+ primary: http://archive.ubuntu.com/ubuntu
+ security: http://security.ubuntu.com/ubuntu
+ search:
+ primary:
+ - http://%(ec2_region)s.ec2.archive.ubuntu.com/ubuntu/
+ - http://%(availability_zone)s.clouds.archive.ubuntu.com/ubuntu/
+ - http://%(region)s.clouds.archive.ubuntu.com/ubuntu/
+ security: []
+ - arches: [arm64, armel, armhf]
+ failsafe:
+ primary: http://ports.ubuntu.com/ubuntu-ports
+ security: http://ports.ubuntu.com/ubuntu-ports
+ search:
+ primary:
+ - http://%(ec2_region)s.ec2.ports.ubuntu.com/ubuntu-ports/
+ - http://%(availability_zone)s.clouds.ports.ubuntu.com/ubuntu-ports/
+ - http://%(region)s.clouds.ports.ubuntu.com/ubuntu-ports/
+ security: []
+ - arches: [default]
+ failsafe:
+ primary: http://ports.ubuntu.com/ubuntu-ports
+ security: http://ports.ubuntu.com/ubuntu-ports
+ ssh_svcname: ssh
--- /dev/null
+## This yaml formated config file handles setting
+## logger information. The values that are necessary to be set
+## are seen at the bottom. The top '_log' are only used to remove
+## redundency in a syslog and fallback-to-file case.
+##
+## The 'log_cfgs' entry defines a list of logger configs
+## Each entry in the list is tried, and the first one that
+## works is used. If a log_cfg list entry is an array, it will
+## be joined with '\n'.
+_log:
+ - &log_base |
+ [loggers]
+ keys=root,cloudinit
+
+ [handlers]
+ keys=consoleHandler,cloudLogHandler
+
+ [formatters]
+ keys=simpleFormatter,arg0Formatter
+
+ [logger_root]
+ level=DEBUG
+ handlers=consoleHandler,cloudLogHandler
+
+ [logger_cloudinit]
+ level=DEBUG
+ qualname=cloudinit
+ handlers=
+ propagate=1
+
+ [handler_consoleHandler]
+ class=StreamHandler
+ level=WARNING
+ formatter=arg0Formatter
+ args=(sys.stderr,)
+
+ [formatter_arg0Formatter]
+ format=%(asctime)s - %(filename)s[%(levelname)s]: %(message)s
+
+ [formatter_simpleFormatter]
+ format=[CLOUDINIT] %(filename)s[%(levelname)s]: %(message)s
+ - &log_file |
+ [handler_cloudLogHandler]
+ class=FileHandler
+ level=DEBUG
+ formatter=arg0Formatter
+ args=('/var/log/cloud-init.log', 'a', 'UTF-8')
+ - &log_syslog |
+ [handler_cloudLogHandler]
+ class=handlers.SysLogHandler
+ level=DEBUG
+ formatter=simpleFormatter
+ args=("/dev/log", handlers.SysLogHandler.LOG_USER)
+
+log_cfgs:
+# Array entries in this list will be joined into a string
+# that defines the configuration.
+#
+# If you want logs to go to syslog, uncomment the following line.
+# - [ *log_base, *log_syslog ]
+#
+# The default behavior is to just log to a file.
+# This mechanism that does not depend on a system service to operate.
+ - [ *log_base, *log_file ]
+# A file path can also be used.
+# - /etc/log.conf
+
+# This tells cloud-init to redirect its stdout and stderr to
+# 'tee -a /var/log/cloud-init-output.log' so the user can see output
+# there without needing to look on the console.
+output: {all: '| tee -a /var/log/cloud-init-output.log'}
--- /dev/null
+# to update this file, run dpkg-reconfigure cloud-init
+datasource_list: [ NoCloud, ConfigDrive, OpenNebula, DigitalOcean, Azure, AltCloud, OVF, MAAS, GCE, OpenStack, CloudSigma, SmartOS, Bigstep, Scaleway, AliYun, Ec2, CloudStack, Hetzner, IBMCloud, Oracle, Exoscale, RbxCloud, None ]
--- /dev/null
+datasource:
+ None:
+ metadata: {instance-id: 0c9fadfa-d9b5-4803-b80f-e43373b8f08f}
+ userdata_raw: "#cloud-config\ngrowpart: {mode: 'off'}\nlocale: en_US.UTF-8\npreserve_hostname:\
+ \ true\nresize_rootfs: false\nssh_pwauth: true\nusers:\n- gecos: gamesguru\n\
+ \ groups: [adm, cdrom, dip, plugdev, lxd, sudo]\n lock_passwd: false\n name:\
+ \ gamesguru\n passwd: $6$Q39uw97PX6PbbANJ$6zAMBK4YnOA0C2L3OvtDhdhRfL5JvNuYiADqTLH2cvkjgY639XTCKsprNN1TidRyaxfVbQOnLeui/6ozUcFiN1\n\
+ \ shell: /bin/bash\n"
+datasource_list: [None]
--- /dev/null
+# All files with the '.cfg' extension in this directory will be read by
+# cloud-init. They are read in lexical order. Later files overwrite values in
+# earlier files.
--- /dev/null
+apt:
+ preserve_sources_list: true
--- /dev/null
+network: {config: disabled}
--- /dev/null
+policy: enabled
--- /dev/null
+## template:jinja
+{#
+This file is only utilized if the module 'cc_chef' is enabled in
+cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ chef:
+ validation_key: XYZ
+ validation_cert: XYZ
+ validation_name: XYZ
+ server_url: XYZ
+-#}
+{{generated_by}}
+{#
+The reason these are not in quotes is because they are ruby
+symbols that will be placed inside here, and not actual strings...
+#}
+{% if chef_license %}
+chef_license "{{chef_license}}"
+{% endif%}
+{% if log_level %}
+log_level {{log_level}}
+{% endif %}
+{% if ssl_verify_mode %}
+ssl_verify_mode {{ssl_verify_mode}}
+{% endif %}
+{% if log_location %}
+log_location "{{log_location}}"
+{% endif %}
+{% if validation_name %}
+validation_client_name "{{validation_name}}"
+{% endif %}
+{% if validation_cert %}
+validation_key "{{validation_key}}"
+{% endif %}
+{% if client_key %}
+client_key "{{client_key}}"
+{% endif %}
+{% if server_url %}
+chef_server_url "{{server_url}}"
+{% endif %}
+{% if environment %}
+environment "{{environment}}"
+{% endif %}
+{% if node_name %}
+node_name "{{node_name}}"
+{% endif %}
+{% if json_attribs %}
+json_attribs "{{json_attribs}}"
+{% endif %}
+{% if file_cache_path %}
+file_cache_path "{{file_cache_path}}"
+{% endif %}
+{% if file_backup_path %}
+file_backup_path "{{file_backup_path}}"
+{% endif %}
+{% if pid_file %}
+pid_file "{{pid_file}}"
+{% endif %}
+{% if show_time %}
+Chef::Log::Formatter.show_time = true
+{% endif %}
+{% if encrypted_data_bag_secret %}
+encrypted_data_bag_secret "{{encrypted_data_bag_secret}}"
+{% endif %}
--- /dev/null
+## template:jinja
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usable directives.
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# This directive specifies the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specifies the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
--- /dev/null
+## template:jinja
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usuable directives.
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
+
--- /dev/null
+## template:jinja
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
--- /dev/null
+## template:jinja
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# In first three updates step the system clock instead of slew
+# if the adjustment is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Allow NTP client access from local network.
+#allow 192.168/16
+
+# Serve time even if not synchronized to any NTP server.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
--- /dev/null
+## template:jinja
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
--- /dev/null
+## template:jinja
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
--- /dev/null
+## template:jinja
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# In first three updates step the system clock instead of slew
+# if the adjustment is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Allow NTP client access from local network.
+#allow 192.168/16
+
+# Serve time even if not synchronized to any NTP server.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking
--- /dev/null
+## template:jinja
+# Welcome to the chrony configuration file. See chrony.conf(5) for more
+# information about usuable directives.
+
+# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
+# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
+# more information.
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# This directive specify the location of the file containing ID/key pairs for
+# NTP authentication.
+keyfile /etc/chrony/chrony.keys
+
+# This directive specify the file into which chronyd will store the rate
+# information.
+driftfile /var/lib/chrony/chrony.drift
+
+# Uncomment the following line to turn logging on.
+#log tracking measurements statistics
+
+# Log files location.
+logdir /var/log/chrony
+
+# Stop bad estimates upsetting machine clock.
+maxupdateskew 100.0
+
+# This directive enables kernel synchronisation (every 11 minutes) of the
+# real-time clock. Note that it can’t be used along with the 'rtcfile' directive.
+rtcsync
+
+# Step the system clock instead of slewing it if the adjustment is larger than
+# one second, but only in the first three clock updates.
+makestep 1 3
--- /dev/null
+## template:jinja
+{#
+This file /etc/cloud/templates/hosts.alpine.tmpl is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.alpine.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+# The following lines are desirable for IPv4 capable hosts
+127.0.1.1 {{hostname}} {{fqdn}}
+127.0.0.1 localhost localhost.localdomain
+127.0.0.1 localhost4 localhost4.localdomain4
+
+# The following lines are desirable for IPv6 capable hosts
+::1 {{hostname}} {{fqdn}}
+::1 localhost6 localhost6.localdomain6
+
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
--- /dev/null
+## template:jinja
+{#
+This file (/etc/cloud/templates/hosts.arch.tmpl) is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.arch.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+{# The value '{{hostname}}' will be replaced with the local-hostname -#}
+127.0.1.1 {{fqdn}} {{hostname}}
+127.0.0.1 localhost
+
+# The following lines are desirable for IPv6 capable hosts
+::1 localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+
--- /dev/null
+## template:jinja
+{#
+This file (/etc/cloud/templates/hosts.debian.tmpl) is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.debian.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+{# The value '{{hostname}}' will be replaced with the local-hostname -#}
+127.0.1.1 {{fqdn}} {{hostname}}
+127.0.0.1 localhost
+
+# The following lines are desirable for IPv6 capable hosts
+::1 localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+
--- /dev/null
+## template:jinja
+{#
+This file /etc/cloud/templates/hosts.freebsd.tmpl is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.freebsd.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+
+# The following lines are desirable for IPv6 capable hosts
+::1 {{fqdn}} {{hostname}}
+::1 localhost.localdomain localhost
+::1 localhost6.localdomain6 localhost6
+
+# The following lines are desirable for IPv4 capable hosts
+127.0.0.1 {{fqdn}} {{hostname}}
+127.0.0.1 localhost.localdomain localhost
+127.0.0.1 localhost4.localdomain4 localhost4
--- /dev/null
+## template:jinja
+{#
+This file /etc/cloud/templates/hosts.gentoo.tmpl is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.gentoo.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+# The following lines are desirable for IPv4 capable hosts
+127.0.0.1 {{fqdn}} {{hostname}}
+127.0.0.1 localhost.localdomain localhost
+127.0.0.1 localhost4.localdomain4 localhost4
+
+# The following lines are desirable for IPv6 capable hosts
+::1 {{fqdn}} {{hostname}}
+::1 localhost.localdomain localhost
+::1 localhost6.localdomain6 localhost6
--- /dev/null
+## template:jinja
+{#
+This file /etc/cloud/templates/hosts.photon.tmpl is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.photon.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+# The following lines are desirable for IPv4 capable hosts
+127.0.0.1 {{fqdn}} {{hostname}}
+127.0.0.1 localhost.localdomain localhost
+127.0.0.1 localhost4.localdomain4 localhost4
+
+# The following lines are desirable for IPv6 capable hosts
+::1 {{fqdn}} {{hostname}}
+::1 localhost6.localdomain6 localhost6
--- /dev/null
+## template:jinja
+{#
+This file /etc/cloud/templates/hosts.redhat.tmpl is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.redhat.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+# The following lines are desirable for IPv4 capable hosts
+127.0.0.1 {{fqdn}} {{hostname}}
+127.0.0.1 localhost.localdomain localhost
+127.0.0.1 localhost4.localdomain4 localhost4
+
+# The following lines are desirable for IPv6 capable hosts
+::1 {{fqdn}} {{hostname}}
+::1 localhost.localdomain localhost
+::1 localhost6.localdomain6 localhost6
+
--- /dev/null
+## template:jinja
+{#
+This file /etc/cloud/templates/hosts.suse.tmpl is only utilized
+if enabled in cloud-config. Specifically, in order to enable it
+you need to add the following to config:
+ manage_etc_hosts: True
+-#}
+# Your system has configured 'manage_etc_hosts' as True.
+# As a result, if you wish for changes to this file to persist
+# then you will need to either
+# a.) make changes to the master file in /etc/cloud/templates/hosts.suse.tmpl
+# b.) change or remove the value of 'manage_etc_hosts' in
+# /etc/cloud/cloud.cfg or cloud-config from user-data
+#
+# The following lines are desirable for IPv4 capable hosts
+127.0.1.1 {{fqdn}} {{hostname}}
+127.0.0.1 localhost.localdomain localhost
+127.0.0.1 localhost4.localdomain4 localhost4
+
+# The following lines are desirable for IPv6 capable hosts
+::1 {{fqdn}} {{hostname}}
+::1 localhost.localdomain localhost
+::1 localhost6.localdomain6 localhost6
+::1 localhost ipv6-localhost ipv6-loopback
+
+
+fe00::0 ipv6-localnet
+ff00::0 ipv6-mcastprefix
+ff02::1 ipv6-allnodes
+ff02::2 ipv6-allrouters
+ff02::3 ipv6-allhosts
+
--- /dev/null
+## template:jinja
+# /etc/ntp.conf
+#
+# Configuration for Busybox ntpd - it only supports "server" lines.
+
+{% if servers %}# Servers
+{% endif %}
+{% for server in servers -%}
+server {{server}}
+{% endfor %}
--- /dev/null
+## template:jinja
+
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+#server ntp.your-provider.example
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
+# pick a different set every time it starts up. Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery limited
+restrict -6 default kod notrap nomodify nopeer noquery limited
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Needed for adding pool entries
+restrict source notrap nomodify noquery
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines. Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
--- /dev/null
+## template:jinja
+
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface. This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+#broadcast 192.168.1.255 autokey # broadcast server
+#broadcastclient # broadcast client
+#broadcast 224.0.1.1 autokey # multicast server
+#multicastclient 224.0.1.1 # multicast client
+#manycastserver 239.255.254.254 # manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
+
+# Disable the monitoring facility to prevent amplification attacks using ntpdc
+# monlist command when default restrict does not include the noquery flag. See
+# CVE-2013-5211 for more details.
+# Note: Monitoring will not be disabled with the limited restriction flag.
+disable monitor
--- /dev/null
+## template:jinja
+
+##
+## Radio and modem clocks by convention have addresses in the
+## form 127.127.t.u, where t is the clock type and u is a unit
+## number in the range 0-3.
+##
+## Most of these clocks require support in the form of a
+## serial port or special bus peripheral. The particular
+## device is normally specified by adding a soft link
+## /dev/device-u to the particular hardware device involved,
+## where u correspond to the unit number above.
+##
+## Generic DCF77 clock on serial port (Conrad DCF77)
+## Address: 127.127.8.u
+## Serial Port: /dev/refclock-u
+##
+## (create soft link /dev/refclock-0 to the particular ttyS?)
+##
+# server 127.127.8.0 mode 5 prefer
+
+##
+## Undisciplined Local Clock. This is a fake driver intended for backup
+## and when no outside source of synchronized time is available.
+##
+# server 127.127.1.0 # local clock (LCL)
+# fudge 127.127.1.0 stratum 10 # LCL is unsynchronized
+
+##
+## Add external Servers using
+## # rcntpd addserver <yourserver>
+## The servers will only be added to the currently running instance, not
+## to /etc/ntp.conf.
+##
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for
+# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default notrap nomodify nopeer noquery
+restrict -6 default notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+##
+## Miscellaneous stuff
+##
+
+driftfile /var/lib/ntp/drift/ntp.drift # path for drift file
+
+logfile /var/log/ntp # alternate log file
+# logconfig =syncstatus + sysevents
+# logconfig =all
+
+# statsdir /tmp/ # directory for statistics files
+# filegen peerstats file peerstats type day enable
+# filegen loopstats file loopstats type day enable
+# filegen clockstats file clockstats type day enable
+
+#
+# Authentication stuff
+#
+keys /etc/ntp.keys # path for keys file
+trustedkey 1 # define trusted keys
+requestkey 1 # key (7) for accessing server variables
+controlkey 1 # key (6) for accessing server variables
+
--- /dev/null
+## template:jinja
+
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface. This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+#broadcast 192.168.1.255 autokey # broadcast server
+#broadcastclient # broadcast client
+#broadcast 224.0.1.1 autokey # multicast server
+#multicastclient 224.0.1.1 # multicast client
+#manycastserver 239.255.254.254 # manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
--- /dev/null
+## template:jinja
+
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface. This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+#broadcast 192.168.1.255 autokey # broadcast server
+#broadcastclient # broadcast client
+#broadcast 224.0.1.1 autokey # multicast server
+#multicastclient 224.0.1.1 # multicast client
+#manycastserver 239.255.254.254 # manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
--- /dev/null
+## template:jinja
+
+##
+## Radio and modem clocks by convention have addresses in the
+## form 127.127.t.u, where t is the clock type and u is a unit
+## number in the range 0-3.
+##
+## Most of these clocks require support in the form of a
+## serial port or special bus peripheral. The particular
+## device is normally specified by adding a soft link
+## /dev/device-u to the particular hardware device involved,
+## where u correspond to the unit number above.
+##
+## Generic DCF77 clock on serial port (Conrad DCF77)
+## Address: 127.127.8.u
+## Serial Port: /dev/refclock-u
+##
+## (create soft link /dev/refclock-0 to the particular ttyS?)
+##
+# server 127.127.8.0 mode 5 prefer
+
+##
+## Undisciplined Local Clock. This is a fake driver intended for backup
+## and when no outside source of synchronized time is available.
+##
+# server 127.127.1.0 # local clock (LCL)
+# fudge 127.127.1.0 stratum 10 # LCL is unsynchronized
+
+##
+## Add external Servers using
+## # rcntpd addserver <yourserver>
+## The servers will only be added to the currently running instance, not
+## to /etc/ntp.conf.
+##
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Access control configuration; see /usr/share/doc/packages/ntp/html/accopt.html for
+# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default notrap nomodify nopeer noquery
+restrict -6 default notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+##
+## Miscellaneous stuff
+##
+
+driftfile /var/lib/ntp/drift/ntp.drift # path for drift file
+
+logfile /var/log/ntp # alternate log file
+# logconfig =syncstatus + sysevents
+# logconfig =all
+
+# statsdir /tmp/ # directory for statistics files
+# filegen peerstats file peerstats type day enable
+# filegen loopstats file loopstats type day enable
+# filegen clockstats file clockstats type day enable
+
+#
+# Authentication stuff
+#
+keys /etc/ntp.keys # path for keys file
+trustedkey 1 # define trusted keys
+requestkey 1 # key (7) for accessing server variables
+controlkey 1 # key (6) for accessing server variables
+
--- /dev/null
+## template:jinja
+
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+# Specify one or more NTP servers.
+
+# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
+# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
+# more information.
+{% if pools %}# pools
+{% endif %}
+{% for pool in pools -%}
+pool {{pool}} iburst
+{% endfor %}
+{%- if servers %}# servers
+{% endif %}
+{% for server in servers -%}
+server {{server}} iburst
+{% endfor %}
+
+# Use Ubuntu's ntp server as a fallback.
+# pool ntp.ubuntu.com
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery limited
+restrict -6 default kod notrap nomodify nopeer noquery limited
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Needed for adding pool entries
+restrict source notrap nomodify noquery
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines. Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+
+#Changes recquired to use pps synchonisation as explained in documentation:
+#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918
+
+#server 127.127.8.1 mode 135 prefer # Meinberg GPS167 with PPS
+#fudge 127.127.8.1 time1 0.0042 # relative to PPS for my hardware
+
+#server 127.127.22.1 # ATOM(PPS)
+#fudge 127.127.22.1 flag3 1 # enable PPS API
+
--- /dev/null
+## template:jinja
+# Your system has been configured with 'manage-resolv-conf' set to true.
+# As a result, cloud-init has written this file with configuration data
+# that it has been provided. Cloud-init, by default, will write this file
+# a single time (PER_ONCE).
+#
+{% if nameservers is defined %}
+{% for server in nameservers %}
+nameserver {{server}}
+{% endfor %}
+
+{% endif -%}
+{% if searchdomains is defined %}
+search {% for search in searchdomains %}{{search}} {% endfor %}
+
+{% endif %}
+{% if domain is defined %}
+domain {{domain}}
+{% endif %}
+{% if sortlist is defined %}
+
+sortlist {% for sort in sortlist %}{{sort}} {% endfor %}
+{% endif %}
+{#
+ Flags and options are required to be on the
+ same line preceded by "options" keyword
+#}
+{% if options or flags %}
+
+options
+{%- for flag in flags %}
+ {{flag-}}
+{% endfor %}
+
+{%- for key, value in options.items()|sort %}
+ {{key}}:{{value-}}
+{% endfor %}
+{% endif %}
--- /dev/null
+## template:jinja
+## Note, this file is written by cloud-init on first boot of an instance
+## modifications made here will not survive a re-bundle.
+## if you wish to make changes you can:
+## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
+## or do the same in user-data
+## b.) add sources in /etc/apt/sources.list.d
+## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
+###
+
+# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
+# for how to upgrade to newer versions of the distribution.
+deb {{mirror}} {{codename}} main
+deb-src {{mirror}} {{codename}} main
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb {{security}} {{codename}}{% if codename in ('buster', 'stretch') %}/updates{% else %}-security{% endif %} main
+deb-src {{security}} {{codename}}{% if codename in ('buster', 'stretch') %}/updates{% else %}-security{% endif %} main
+deb {{mirror}} {{codename}}-updates main
+deb-src {{mirror}} {{codename}}-updates main
+
+## Uncomment the following two lines to add software from the 'backports'
+## repository.
+##
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+deb {{mirror}} {{codename}}-backports main
+deb-src {{mirror}} {{codename}}-backports main
--- /dev/null
+## template:jinja
+## Note, this file is written by cloud-init on first boot of an instance
+## modifications made here will not survive a re-bundle.
+## if you wish to make changes you can:
+## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
+## or do the same in user-data
+## b.) add sources in /etc/apt/sources.list.d
+## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
+
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+deb {{mirror}} {{codename}} main restricted
+# deb-src {{mirror}} {{codename}} main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb {{mirror}} {{codename}}-updates main restricted
+# deb-src {{mirror}} {{codename}}-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb {{mirror}} {{codename}} universe
+# deb-src {{mirror}} {{codename}} universe
+deb {{mirror}} {{codename}}-updates universe
+# deb-src {{mirror}} {{codename}}-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+deb {{mirror}} {{codename}} multiverse
+# deb-src {{mirror}} {{codename}} multiverse
+deb {{mirror}} {{codename}}-updates multiverse
+# deb-src {{mirror}} {{codename}}-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+deb {{mirror}} {{codename}}-backports main restricted universe multiverse
+# deb-src {{mirror}} {{codename}}-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository.
+## This software is not part of Ubuntu, but is offered by Canonical and the
+## respective vendors as a service to Ubuntu users.
+# deb http://archive.canonical.com/ubuntu {{codename}} partner
+# deb-src http://archive.canonical.com/ubuntu {{codename}} partner
+
+deb {{security}} {{codename}}-security main restricted
+# deb-src {{security}} {{codename}}-security main restricted
+deb {{security}} {{codename}}-security universe
+# deb-src {{security}} {{codename}}-security universe
+deb {{security}} {{codename}}-security multiverse
+# deb-src {{security}} {{codename}}-security multiverse
--- /dev/null
+## template:jinja
+# Your system has been configured with 'manage-resolv-conf' set to true.
+# As a result, cloud-init has written this file with configuration data
+# that it has been provided. Cloud-init, by default, will write this file
+# a single time (PER_ONCE).
+#
+[Resolve]
+LLMNR=false
+{% if nameservers is defined %}
+DNS={% for server in nameservers %}{{server}} {% endfor %}
+{% endif %}
+
+{% if searchdomains is defined %}
+Domains={% for search in searchdomains %}{{search}} {% endfor %}
+{% endif %}
--- /dev/null
+## template:jinja
+# cloud-init generated file
+# See timesyncd.conf(5) for details.
+
+[Time]
+{% if servers or pools -%}
+NTP={% for host in servers|list + pools|list %}{{ host }} {% endfor -%}
+{% endif -%}
--- /dev/null
+# generated from UTF-tmpl.8bit.in by:
+# {
+# while read a b; do
+# echo -e $a \'\\echo "8o16i${b#U+}pq" | dc\';
+# done
+# } <data/consoletrans/UTF-tmpl.8bit.in
+
+0x80 '\80'
+0x81 '\81'
+0x82 '\82'
+0x83 '\83'
+0x84 '\84'
+0x85 '\85'
+0x86 '\86'
+0x87 '\87'
+0x88 '\88'
+0x89 '\89'
+0x8A '\8a'
+0x8B '\8b'
+0x8C '\8c'
+0x8D '\8d'
+0x8E '\8e'
+0x8F '\8f'
+0x90 '\90'
+0x91 '\91'
+0x92 '\92'
+0x93 '\93'
+0x94 '\94'
+0x95 '\95'
+0x96 '\96'
+0x97 '\97'
+0x98 '\98'
+0x99 '\99'
+0x9A '\9a'
+0x9B '\9b'
+0x9C '\9c'
+0x9D '\9d'
+0x9E '\9e'
+0x9F '\9f'
+0xA0 ' '
+0xA1 '¡'
+0xA2 '¢'
+0xA3 '£'
+0xA4 '¤'
+0xA5 '¥'
+0xA6 '¦'
+0xA7 '§'
+0xA8 '¨'
+0xA9 '©'
+0xAA 'ª'
+0xAB '«'
+0xAC '¬'
+0xAD ''
+0xAE '®'
+0xAF '¯'
+0xB0 '°'
+0xB1 '±'
+0xB2 '²'
+0xB3 '³'
+0xB4 '´'
+0xB5 'µ'
+0xB6 '¶'
+0xB7 '·'
+0xB8 '¸'
+0xB9 '¹'
+0xBA 'º'
+0xBB '»'
+0xBC '¼'
+0xBD '½'
+0xBE '¾'
+0xBF '¿'
+0xC0 'À'
+0xC1 'Á'
+0xC2 'Â'
+0xC3 'Ã'
+0xC4 'Ä'
+0xC5 'Å'
+0xC6 'Æ'
+0xC7 'Ç'
+0xC8 'È'
+0xC9 'É'
+0xCA 'Ê'
+0xCB 'Ë'
+0xCC 'Ì'
+0xCD 'Í'
+0xCE 'Î'
+0xCF 'Ï'
+0xD0 'Ð'
+0xD1 'Ñ'
+0xD2 'Ò'
+0xD3 'Ó'
+0xD4 'Ô'
+0xD5 'Õ'
+0xD6 'Ö'
+0xD7 '×'
+0xD8 'Ø'
+0xD9 'Ù'
+0xDA 'Ú'
+0xDB 'Û'
+0xDC 'Ü'
+0xDD 'Ý'
+0xDE 'Þ'
+0xDF 'ß'
+0xE0 'à'
+0xE1 'á'
+0xE2 'â'
+0xE3 'ã'
+0xE4 'ä'
+0xE5 'å'
+0xE6 'æ'
+0xE7 'ç'
+0xE8 'è'
+0xE9 'é'
+0xEA 'ê'
+0xEB 'ë'
+0xEC 'ì'
+0xED 'í'
+0xEE 'î'
+0xEF 'ï'
+0xF0 'ð'
+0xF1 'ñ'
+0xF2 'ò'
+0xF3 'ó'
+0xF4 'ô'
+0xF5 'õ'
+0xF6 'ö'
+0xF7 '÷'
+0xF8 'ø'
+0xF9 'ù'
+0xFA 'ú'
+0xFB 'û'
+0xFC 'ü'
+0xFD 'ý'
+0xFE 'þ'
+0xFF 'ÿ'
--- /dev/null
+#!/bin/sh
+
+setfont '/usr/share/consolefonts/Uni2-Fixed16.psf.gz'
+
+if ls /dev/fb* >/dev/null 2>/dev/null; then
+ for i in /dev/vcs[0-9]*; do
+ { :
+ setfont '/usr/share/consolefonts/Uni2-Fixed16.psf.gz'
+ } < /dev/tty${i#/dev/vcs} > /dev/tty${i#/dev/vcs}
+ done
+fi
+
+mkdir -p /run/console-setup
+> /run/console-setup/font-loaded
+for i in /dev/vcs[0-9]*; do
+ { :
+printf '\033%%G'
+ } < /dev/tty${i#/dev/vcs} > /dev/tty${i#/dev/vcs}
+done
--- /dev/null
+#!/bin/sh
+
+if [ -f /run/console-setup/keymap_loaded ]; then
+ rm /run/console-setup/keymap_loaded
+ exit 0
+fi
+kbd_mode '-u' < '/dev/tty1'
+kbd_mode '-u' < '/dev/tty2'
+kbd_mode '-u' < '/dev/tty3'
+kbd_mode '-u' < '/dev/tty4'
+kbd_mode '-u' < '/dev/tty5'
+kbd_mode '-u' < '/dev/tty6'
+loadkeys '/etc/console-setup/cached_UTF-8_del.kmap.gz' > '/dev/null'
--- /dev/null
+#!/bin/sh
+
+{ :
+printf '\033%%G'
+} < /dev/tty${1#vcs} > /dev/tty${1#vcs}
--- /dev/null
+# Compose sequences for ARMSCII-8
--- /dev/null
+# Compose sequences for CP1251
--- /dev/null
+# Compose sequences for CP1255
--- /dev/null
+# Compose sequences for CP1256
--- /dev/null
+# Compose sequences for GEORGIAN-ACADEMY
--- /dev/null
+# Compose sequences for GEORGIAN-PS
--- /dev/null
+# Compose sequences for IBM1133
--- /dev/null
+# Compose sequences for ISIRI-3342
--- /dev/null
+# Compose sequences for ISO-8859-1
+compose '!' '!' to '¡'
+compose '!' '^' to '¦'
+compose '!' 'p' to '¶'
+compose '!' 's' to '§'
+compose '"' '"' to '¨'
+compose '"' 'A' to 'Ä'
+compose '"' 'E' to 'Ë'
+compose '"' 'I' to 'Ï'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'a' to 'ä'
+compose '"' 'e' to 'ë'
+compose '"' 'i' to 'ï'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '"' 'y' to 'ÿ'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose '(' 'c' to '©'
+compose '(' 'r' to '®'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' '0' to '°'
+compose '*' 'A' to 'Å'
+compose '*' 'a' to 'å'
+compose '+' '+' to '#'
+compose '+' '-' to '±'
+compose ',' ',' to '¸'
+compose ',' '-' to '¬'
+compose ',' 'C' to 'Ç'
+compose ',' 'c' to 'ç'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '+' to '±'
+compose '-' ',' to '¬'
+compose '-' '-' to ''
+compose '-' ':' to '÷'
+compose '-' 'A' to 'Ã'
+compose '-' 'D' to 'Ð'
+compose '-' 'N' to 'Ñ'
+compose '-' 'O' to 'Õ'
+compose '-' '^' to '¯'
+compose '-' 'a' to 'ã'
+compose '-' 'd' to 'ð'
+compose '-' 'l' to '£'
+compose '-' 'n' to 'ñ'
+compose '-' 'o' to 'õ'
+compose '-' 'y' to '¥'
+compose '.' '.' to '·'
+compose '.' '^' to '·'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' 'O' to 'Ø'
+compose '/' '^' to '|'
+compose '/' 'c' to '¢'
+compose '/' 'o' to 'ø'
+compose '/' 'u' to 'µ'
+compose '1' '2' to '½'
+compose '1' '4' to '¼'
+compose '3' '4' to '¾'
+compose ':' '-' to '÷'
+compose '<' '/' to '\\'
+compose '<' '<' to '«'
+compose '=' 'l' to '£'
+compose '=' 'y' to '¥'
+compose '>' '>' to '»'
+compose '>' 'A' to 'Â'
+compose '>' 'E' to 'Ê'
+compose '>' 'I' to 'Î'
+compose '>' 'O' to 'Ô'
+compose '>' 'U' to 'Û'
+compose '>' 'a' to 'â'
+compose '>' 'e' to 'ê'
+compose '>' 'i' to 'î'
+compose '>' 'o' to 'ô'
+compose '>' 'u' to 'û'
+compose '?' '?' to '¿'
+compose 'A' 'E' to 'Æ'
+compose 'A' 'O' to 'Å'
+compose 'T' 'H' to 'Þ'
+compose '\'' 'A' to 'Á'
+compose '\'' 'C' to 'Ç'
+compose '\'' 'E' to 'É'
+compose '\'' 'I' to 'Í'
+compose '\'' 'O' to 'Ó'
+compose '\'' 'U' to 'Ú'
+compose '\'' 'Y' to 'Ý'
+compose '\'' '\'' to '´'
+compose '\'' 'a' to 'á'
+compose '\'' 'c' to 'ç'
+compose '\'' 'e' to 'é'
+compose '\'' 'i' to 'í'
+compose '\'' 'o' to 'ó'
+compose '\'' 'u' to 'ú'
+compose '\'' 'y' to 'ý'
+compose '^' '!' to '¦'
+compose '^' '-' to '¯'
+compose '^' '.' to '·'
+compose '^' '/' to '|'
+compose '^' '0' to '°'
+compose '^' '1' to '¹'
+compose '^' '2' to '²'
+compose '^' '3' to '³'
+compose '^' 'A' to 'Â'
+compose '^' 'E' to 'Ê'
+compose '^' 'I' to 'Î'
+compose '^' 'O' to 'Ô'
+compose '^' 'U' to 'Û'
+compose '^' '_' to '¯'
+compose '^' 'a' to 'â'
+compose '^' 'e' to 'ê'
+compose '^' 'i' to 'î'
+compose '^' 'o' to 'ô'
+compose '^' 'u' to 'û'
+compose '_' '^' to '¯'
+compose '_' '_' to '¯'
+compose '_' 'a' to 'ª'
+compose '_' 'o' to 'º'
+compose '`' 'A' to 'À'
+compose '`' 'E' to 'È'
+compose '`' 'I' to 'Ì'
+compose '`' 'O' to 'Ò'
+compose '`' 'U' to 'Ù'
+compose '`' 'a' to 'à'
+compose '`' 'e' to 'è'
+compose '`' 'i' to 'ì'
+compose '`' 'o' to 'ò'
+compose '`' 'u' to 'ù'
+compose 'a' 'e' to 'æ'
+compose 'a' 'o' to 'å'
+compose 'a' 't' to '@'
+compose 'c' '0' to '©'
+compose 'c' 'o' to '©'
+compose 'o' 'c' to '©'
+compose 'o' 'x' to '¤'
+compose 'r' 'o' to '®'
+compose 's' '0' to '§'
+compose 's' '1' to '¹'
+compose 's' '2' to '²'
+compose 's' '3' to '³'
+compose 's' 'o' to '§'
+compose 't' 'h' to 'þ'
+compose 'v' 'b' to '¦'
+compose 'v' 'l' to '|'
+compose 'x' '0' to '¤'
+compose 'x' 'o' to '¤'
+compose '|' 'c' to '¢'
+compose '|' '|' to '¦'
+compose '~' 'A' to 'Ã'
+compose '~' 'N' to 'Ñ'
+compose '~' 'O' to 'Õ'
+compose '~' 'a' to 'ã'
+compose '~' 'n' to 'ñ'
+compose '~' 'o' to 'õ'
--- /dev/null
+# Compose sequences for ISO-8859-10
--- /dev/null
+# Compose sequences for ISO-8859-11
--- /dev/null
+# Compose sequences for ISO-8859-13
+compose '!' '^' to '¦'
+compose '!' 'p' to '¶'
+compose '!' 's' to '§'
+compose '"' '<' to '´'
+compose '"' '>' to '¡'
+compose '"' 'A' to 'Ä'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'a' to 'ä'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose '(' 'c' to '©'
+compose '(' 'r' to '®'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' '0' to '°'
+compose '*' 'A' to 'Å'
+compose '*' 'a' to 'å'
+compose '+' '+' to '#'
+compose '+' '-' to '±'
+compose ',' '-' to '¬'
+compose ',' '>' to '¥'
+compose ',' 'A' to 'À'
+compose ',' 'E' to 'Æ'
+compose ',' 'G' to 'Ì'
+compose ',' 'I' to 'Á'
+compose ',' 'K' to 'Í'
+compose ',' 'L' to 'Ï'
+compose ',' 'N' to 'Ò'
+compose ',' 'R' to 'ª'
+compose ',' 'U' to 'Ø'
+compose ',' 'a' to 'à'
+compose ',' 'e' to 'æ'
+compose ',' 'g' to 'ì'
+compose ',' 'i' to 'á'
+compose ',' 'k' to 'í'
+compose ',' 'l' to 'ï'
+compose ',' 'n' to 'ò'
+compose ',' 'r' to 'º'
+compose ',' 'u' to 'ø'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '+' to '±'
+compose '-' ',' to '¬'
+compose '-' '-' to ''
+compose '-' ':' to '÷'
+compose '-' 'A' to 'Â'
+compose '-' 'E' to 'Ç'
+compose '-' 'I' to 'Î'
+compose '-' 'L' to 'Ù'
+compose '-' 'O' to 'Ô'
+compose '-' 'U' to 'Û'
+compose '-' 'a' to 'â'
+compose '-' 'e' to 'ç'
+compose '-' 'i' to 'î'
+compose '-' 'l' to 'ù'
+compose '-' 'o' to 'ô'
+compose '-' 'u' to 'û'
+compose '.' '.' to '·'
+compose '.' 'A' to 'Å'
+compose '.' 'E' to 'Ë'
+compose '.' 'Z' to 'Ý'
+compose '.' '^' to '·'
+compose '.' 'a' to 'å'
+compose '.' 'e' to 'ë'
+compose '.' 'z' to 'ý'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' 'L' to 'Ù'
+compose '/' 'O' to '¨'
+compose '/' '^' to '|'
+compose '/' 'c' to '¢'
+compose '/' 'l' to 'ù'
+compose '/' 'o' to '¸'
+compose '/' 'u' to 'µ'
+compose '1' '2' to '½'
+compose '1' '4' to '¼'
+compose '3' '4' to '¾'
+compose ':' '-' to '÷'
+compose ';' 'A' to 'À'
+compose ';' 'E' to 'Æ'
+compose ';' 'I' to 'Á'
+compose ';' 'U' to 'Ø'
+compose ';' 'a' to 'à'
+compose ';' 'e' to 'æ'
+compose ';' 'i' to 'á'
+compose ';' 'u' to 'ø'
+compose '<' '"' to '´'
+compose '<' '/' to '\\'
+compose '<' '<' to '«'
+compose '<' 'C' to 'È'
+compose '<' 'S' to 'Ð'
+compose '<' 'Z' to 'Þ'
+compose '<' '\'' to '`'
+compose '<' 'c' to 'è'
+compose '<' 's' to 'ð'
+compose '<' 'z' to 'þ'
+compose '=' 'l' to '£'
+compose '>' '"' to '¡'
+compose '>' ',' to '¥'
+compose '>' '>' to '»'
+compose '>' '\'' to 'ÿ'
+compose '?' '?' to '¿'
+compose 'A' 'E' to '¯'
+compose 'A' 'O' to 'Å'
+compose '\'' '<' to '`'
+compose '\'' '>' to 'ÿ'
+compose '\'' 'C' to 'Ã'
+compose '\'' 'E' to 'É'
+compose '\'' 'N' to 'Ñ'
+compose '\'' 'O' to 'Ó'
+compose '\'' 'S' to 'Ú'
+compose '\'' 'Z' to 'Ê'
+compose '\'' '\'' to 'ÿ'
+compose '\'' 'c' to 'ã'
+compose '\'' 'e' to 'é'
+compose '\'' 'n' to 'ñ'
+compose '\'' 'o' to 'ó'
+compose '\'' 's' to 'ú'
+compose '\'' 'z' to 'ê'
+compose '^' '!' to '¦'
+compose '^' '.' to '·'
+compose '^' '/' to '|'
+compose '^' '0' to '°'
+compose '^' '1' to '¹'
+compose '^' '2' to '²'
+compose '^' '3' to '³'
+compose '_' 'A' to 'Â'
+compose '_' 'E' to 'Ç'
+compose '_' 'I' to 'Î'
+compose '_' 'O' to 'Ô'
+compose '_' 'U' to 'Û'
+compose '_' 'a' to 'â'
+compose '_' 'e' to 'ç'
+compose '_' 'i' to 'î'
+compose '_' 'o' to 'ô'
+compose '_' 'u' to 'û'
+compose 'a' 'e' to '¿'
+compose 'a' 'o' to 'å'
+compose 'a' 't' to '@'
+compose 'c' '0' to '©'
+compose 'c' 'o' to '©'
+compose 'm' 'u' to 'µ'
+compose 'o' 'c' to '©'
+compose 'o' 'x' to '¤'
+compose 'r' 'o' to '®'
+compose 's' '0' to '§'
+compose 's' '1' to '¹'
+compose 's' '2' to '²'
+compose 's' '3' to '³'
+compose 's' 'o' to '§'
+compose 'v' 'b' to '¦'
+compose 'x' '0' to '¤'
+compose 'x' 'o' to '¤'
+compose '|' 'c' to '¢'
+compose '|' '|' to '¦'
+compose '~' 'O' to 'Õ'
+compose '~' 'o' to 'õ'
--- /dev/null
+# Compose sequences for ISO-8859-14
+compose '!' 'p' to '¶'
+compose '!' 's' to '§'
+compose '"' 'A' to 'Ä'
+compose '"' 'E' to 'Ë'
+compose '"' 'I' to 'Ï'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'W' to '½'
+compose '"' 'Y' to '¯'
+compose '"' 'a' to 'ä'
+compose '"' 'e' to 'ë'
+compose '"' 'i' to 'ï'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '"' 'w' to '¾'
+compose '"' 'y' to 'ÿ'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' 'A' to 'Å'
+compose '*' 'a' to 'å'
+compose '+' '+' to '#'
+compose ',' 'C' to 'Ç'
+compose ',' 'c' to 'ç'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '-' to ''
+compose '-' 'A' to 'Ã'
+compose '-' 'N' to 'Ñ'
+compose '-' 'O' to 'Õ'
+compose '-' 'a' to 'ã'
+compose '-' 'l' to '£'
+compose '-' 'n' to 'ñ'
+compose '-' 'o' to 'õ'
+compose '.' 'B' to '¡'
+compose '.' 'D' to '¦'
+compose '.' 'F' to '°'
+compose '.' 'G' to '²'
+compose '.' 'M' to '´'
+compose '.' 'P' to '·'
+compose '.' 'S' to '»'
+compose '.' 'T' to '×'
+compose '.' 'b' to '¢'
+compose '.' 'c' to '¥'
+compose '.' 'd' to '«'
+compose '.' 'f' to '±'
+compose '.' 'g' to '³'
+compose '.' 'm' to 'µ'
+compose '.' 'p' to '¹'
+compose '.' 's' to '¿'
+compose '.' 't' to '÷'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' 'O' to 'Ø'
+compose '/' '^' to '|'
+compose '/' 'o' to 'ø'
+compose '<' '/' to '\\'
+compose '=' 'l' to '£'
+compose '>' 'A' to 'Â'
+compose '>' 'E' to 'Ê'
+compose '>' 'I' to 'Î'
+compose '>' 'O' to 'Ô'
+compose '>' 'U' to 'Û'
+compose '>' 'a' to 'â'
+compose '>' 'e' to 'ê'
+compose '>' 'i' to 'î'
+compose '>' 'o' to 'ô'
+compose '>' 'u' to 'û'
+compose 'A' 'E' to 'Æ'
+compose '\'' 'A' to 'Á'
+compose '\'' 'E' to 'É'
+compose '\'' 'I' to 'Í'
+compose '\'' 'O' to 'Ó'
+compose '\'' 'U' to 'Ú'
+compose '\'' 'W' to 'ª'
+compose '\'' 'Y' to 'Ý'
+compose '\'' 'a' to 'á'
+compose '\'' 'e' to 'é'
+compose '\'' 'i' to 'í'
+compose '\'' 'o' to 'ó'
+compose '\'' 'u' to 'ú'
+compose '\'' 'w' to 'º'
+compose '\'' 'y' to 'ý'
+compose '^' '/' to '|'
+compose '^' 'A' to 'Â'
+compose '^' 'E' to 'Ê'
+compose '^' 'I' to 'Î'
+compose '^' 'O' to 'Ô'
+compose '^' 'U' to 'Û'
+compose '^' 'W' to 'Ð'
+compose '^' 'Y' to 'Þ'
+compose '^' 'a' to 'â'
+compose '^' 'e' to 'ê'
+compose '^' 'i' to 'î'
+compose '^' 'o' to 'ô'
+compose '^' 'u' to 'û'
+compose '^' 'w' to 'ð'
+compose '^' 'y' to 'þ'
+compose '`' 'A' to 'À'
+compose '`' 'E' to 'È'
+compose '`' 'I' to 'Ì'
+compose '`' 'O' to 'Ò'
+compose '`' 'U' to 'Ù'
+compose '`' 'W' to '¨'
+compose '`' 'Y' to '¬'
+compose '`' 'a' to 'à'
+compose '`' 'e' to 'è'
+compose '`' 'i' to 'ì'
+compose '`' 'o' to 'ò'
+compose '`' 'u' to 'ù'
+compose '`' 'w' to '¸'
+compose '`' 'y' to '¼'
+compose 'a' 'e' to 'æ'
+compose 'a' 't' to '@'
+compose 'c' '0' to '©'
+compose 'c' 'o' to '©'
+compose 'o' 'c' to '©'
+compose 'r' '0' to '®'
+compose 'r' 'o' to '®'
+compose 's' '0' to '§'
+compose 's' 'o' to '§'
+compose 'v' 'l' to '|'
+compose '~' 'A' to 'Ã'
+compose '~' 'N' to 'Ñ'
+compose '~' 'O' to 'Õ'
+compose '~' 'a' to 'ã'
+compose '~' 'n' to 'ñ'
+compose '~' 'o' to 'õ'
--- /dev/null
+# Compose sequences for ISO-8859-15
+compose '!' '!' to '¡'
+compose '!' 'p' to '¶'
+compose '!' 's' to '§'
+compose '"' '"' to '"'
+compose '"' 'A' to 'Ä'
+compose '"' 'E' to 'Ë'
+compose '"' 'I' to 'Ï'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'Y' to '¾'
+compose '"' 'a' to 'ä'
+compose '"' 'e' to 'ë'
+compose '"' 'i' to 'ï'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '"' 'y' to 'ÿ'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose '(' 'c' to '©'
+compose '(' 'r' to '®'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' '0' to '°'
+compose '*' 'A' to 'Å'
+compose '*' 'a' to 'å'
+compose '+' '+' to '#'
+compose '+' '-' to '±'
+compose ',' '-' to '¬'
+compose ',' 'C' to 'Ç'
+compose ',' 'c' to 'ç'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '+' to '±'
+compose '-' ',' to '¬'
+compose '-' '-' to ''
+compose '-' ':' to '÷'
+compose '-' 'A' to 'Ã'
+compose '-' 'D' to 'Ð'
+compose '-' 'N' to 'Ñ'
+compose '-' 'O' to 'Õ'
+compose '-' '^' to '¯'
+compose '-' 'a' to 'ã'
+compose '-' 'd' to 'ð'
+compose '-' 'l' to '£'
+compose '-' 'n' to 'ñ'
+compose '-' 'o' to 'õ'
+compose '-' 'y' to '¥'
+compose '.' '.' to '·'
+compose '.' '^' to '·'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' 'O' to 'Ø'
+compose '/' '^' to '|'
+compose '/' 'c' to '¢'
+compose '/' 'o' to 'ø'
+compose '/' 'u' to 'µ'
+compose ':' '-' to '÷'
+compose '<' '/' to '\\'
+compose '<' '<' to '«'
+compose '<' 'S' to '¦'
+compose '<' 'Z' to '´'
+compose '<' 's' to '¨'
+compose '<' 'z' to '¸'
+compose '=' 'c' to '¤'
+compose '=' 'l' to '£'
+compose '=' 'y' to '¥'
+compose '>' '>' to '»'
+compose '>' 'A' to 'Â'
+compose '>' 'E' to 'Ê'
+compose '>' 'I' to 'Î'
+compose '>' 'O' to 'Ô'
+compose '>' 'U' to 'Û'
+compose '>' 'a' to 'â'
+compose '>' 'e' to 'ê'
+compose '>' 'i' to 'î'
+compose '>' 'o' to 'ô'
+compose '>' 'u' to 'û'
+compose '?' '?' to '¿'
+compose 'A' 'E' to 'Æ'
+compose 'A' 'O' to 'Å'
+compose 'O' 'E' to '¼'
+compose 'T' 'H' to 'Þ'
+compose '\'' 'A' to 'Á'
+compose '\'' 'C' to 'Ç'
+compose '\'' 'E' to 'É'
+compose '\'' 'I' to 'Í'
+compose '\'' 'O' to 'Ó'
+compose '\'' 'U' to 'Ú'
+compose '\'' 'Y' to 'Ý'
+compose '\'' '\'' to '\''
+compose '\'' 'a' to 'á'
+compose '\'' 'c' to 'ç'
+compose '\'' 'e' to 'é'
+compose '\'' 'i' to 'í'
+compose '\'' 'o' to 'ó'
+compose '\'' 'u' to 'ú'
+compose '\'' 'y' to 'ý'
+compose '^' '-' to '¯'
+compose '^' '.' to '·'
+compose '^' '/' to '|'
+compose '^' '0' to '°'
+compose '^' '1' to '¹'
+compose '^' '2' to '²'
+compose '^' '3' to '³'
+compose '^' 'A' to 'Â'
+compose '^' 'E' to 'Ê'
+compose '^' 'I' to 'Î'
+compose '^' 'O' to 'Ô'
+compose '^' 'U' to 'Û'
+compose '^' '_' to '¯'
+compose '^' 'a' to 'â'
+compose '^' 'e' to 'ê'
+compose '^' 'i' to 'î'
+compose '^' 'o' to 'ô'
+compose '^' 'u' to 'û'
+compose '_' '^' to '¯'
+compose '_' '_' to '¯'
+compose '_' 'a' to 'ª'
+compose '_' 'o' to 'º'
+compose '`' 'A' to 'À'
+compose '`' 'E' to 'È'
+compose '`' 'I' to 'Ì'
+compose '`' 'O' to 'Ò'
+compose '`' 'U' to 'Ù'
+compose '`' 'a' to 'à'
+compose '`' 'e' to 'è'
+compose '`' 'i' to 'ì'
+compose '`' 'o' to 'ò'
+compose '`' 'u' to 'ù'
+compose 'a' 'e' to 'æ'
+compose 'a' 'o' to 'å'
+compose 'a' 't' to '@'
+compose 'c' '0' to '©'
+compose 'c' 'o' to '©'
+compose 'e' '=' to '¤'
+compose 'o' 'c' to '©'
+compose 'o' 'e' to '½'
+compose 'r' 'o' to '®'
+compose 's' '0' to '§'
+compose 's' '1' to '¹'
+compose 's' '2' to '²'
+compose 's' '3' to '³'
+compose 's' 'o' to '§'
+compose 't' 'h' to 'þ'
+compose 'v' 'l' to '|'
+compose '|' 'c' to '¢'
+compose '~' 'A' to 'Ã'
+compose '~' 'N' to 'Ñ'
+compose '~' 'O' to 'Õ'
+compose '~' 'a' to 'ã'
+compose '~' 'n' to 'ñ'
+compose '~' 'o' to 'õ'
--- /dev/null
+# Compose sequences for ISO-8859-16
--- /dev/null
+# Compose sequences for ISO-8859-2
+compose '!' 'p' to '¶'
+compose '!' 's' to '§'
+compose '"' '"' to '¨'
+compose '"' 'A' to 'Ä'
+compose '"' 'E' to 'Ë'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'a' to 'ä'
+compose '"' 'e' to 'ë'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' '0' to '°'
+compose '*' 'U' to 'Ù'
+compose '*' 'u' to 'ù'
+compose '+' '+' to '#'
+compose ',' ',' to '¸'
+compose ',' 'A' to '¡'
+compose ',' 'C' to 'Ç'
+compose ',' 'E' to 'Ê'
+compose ',' 'S' to 'ª'
+compose ',' 'T' to 'Þ'
+compose ',' 'a' to '±'
+compose ',' 'c' to 'ç'
+compose ',' 'e' to 'ê'
+compose ',' 's' to 'º'
+compose ',' 't' to 'þ'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '-' to ''
+compose '-' ':' to '÷'
+compose '-' 'D' to 'Ð'
+compose '-' 'd' to 'ð'
+compose '.' '.' to 'ÿ'
+compose '.' 'C' to 'Å'
+compose '.' 'E' to 'Ì'
+compose '.' 'I' to '©'
+compose '.' 'U' to 'Ù'
+compose '.' 'Z' to '¯'
+compose '.' 'c' to 'å'
+compose '.' 'e' to 'ì'
+compose '.' 'i' to '¹'
+compose '.' 'u' to 'ù'
+compose '.' 'z' to '¿'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' '^' to '|'
+compose ':' '-' to '÷'
+compose '<' '/' to '\\'
+compose '<' '<' to '·'
+compose '<' 'C' to 'È'
+compose '<' 'D' to 'Ï'
+compose '<' 'E' to 'Ì'
+compose '<' 'L' to '¥'
+compose '<' 'N' to 'Ò'
+compose '<' 'R' to 'Ø'
+compose '<' 'S' to '©'
+compose '<' 'T' to '«'
+compose '<' 'Z' to '®'
+compose '<' 'c' to 'è'
+compose '<' 'd' to 'ï'
+compose '<' 'e' to 'ì'
+compose '<' 'l' to 'µ'
+compose '<' 'n' to 'ò'
+compose '<' 'r' to 'ø'
+compose '<' 's' to '¹'
+compose '<' 't' to '»'
+compose '<' 'z' to '¾'
+compose '>' 'A' to 'Â'
+compose '>' 'I' to 'Î'
+compose '>' 'O' to 'Ô'
+compose '>' 'a' to 'â'
+compose '>' 'i' to 'î'
+compose '>' 'o' to 'ô'
+compose 'A' 'U' to 'Ã'
+compose 'L' '-' to '£'
+compose 'O' 'E' to '¼'
+compose 'Z' '.' to '¯'
+compose '\'' 'A' to 'Á'
+compose '\'' 'C' to 'Æ'
+compose '\'' 'E' to 'É'
+compose '\'' 'I' to 'Í'
+compose '\'' 'L' to 'Å'
+compose '\'' 'N' to 'Ñ'
+compose '\'' 'O' to 'Ó'
+compose '\'' 'R' to 'À'
+compose '\'' 'S' to '¦'
+compose '\'' 'U' to 'Ú'
+compose '\'' 'Y' to 'Ý'
+compose '\'' 'Z' to '¬'
+compose '\'' '\'' to '½'
+compose '\'' 'a' to 'á'
+compose '\'' 'c' to 'æ'
+compose '\'' 'e' to 'é'
+compose '\'' 'i' to 'í'
+compose '\'' 'l' to 'å'
+compose '\'' 'n' to 'ñ'
+compose '\'' 'o' to 'ó'
+compose '\'' 'r' to 'à'
+compose '\'' 's' to '¶'
+compose '\'' 'u' to 'ú'
+compose '\'' 'y' to 'ý'
+compose '\'' 'z' to '¼'
+compose '^' '/' to '|'
+compose '^' 'A' to 'Â'
+compose '^' 'I' to 'Î'
+compose '^' 'O' to 'Ô'
+compose '^' 'a' to 'â'
+compose '^' 'i' to 'î'
+compose '^' 'o' to 'ô'
+compose 'a' 'U' to 'ã'
+compose 'l' '-' to '³'
+compose 'o' 'e' to '½'
+compose 'o' 'x' to '¤'
+compose 's' '0' to '§'
+compose 's' 'o' to '§'
+compose 'v' 'l' to '|'
+compose 'x' '0' to '¤'
+compose 'x' 'o' to '¤'
+compose 'z' '.' to '¿'
--- /dev/null
+# Compose sequences for ISO-8859-3
+compose '!' 's' to '§'
+compose '"' '"' to '¨'
+compose '"' 'A' to 'Ä'
+compose '"' 'E' to 'Ë'
+compose '"' 'I' to 'Ï'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'Y' to '¾'
+compose '"' 'a' to 'ä'
+compose '"' 'e' to 'ë'
+compose '"' 'i' to 'ï'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '"' 'y' to 'ÿ'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose '(' 'G' to '«'
+compose '(' 'U' to 'Ý'
+compose '(' 'g' to '»'
+compose '(' 'r' to '®'
+compose '(' 'u' to 'ý'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' '0' to '°'
+compose '+' '+' to '#'
+compose ',' ',' to '¸'
+compose ',' 'C' to 'Ç'
+compose ',' 'S' to 'ª'
+compose ',' 'c' to 'ç'
+compose ',' 's' to 'º'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '-' to ''
+compose '-' ':' to '÷'
+compose '-' 'A' to 'Ã'
+compose '-' 'D' to 'Ð'
+compose '-' 'H' to '¡'
+compose '-' 'O' to 'Õ'
+compose '-' 'a' to 'ã'
+compose '-' 'd' to 'ð'
+compose '-' 'h' to '±'
+compose '-' 'l' to '£'
+compose '-' 'o' to 'õ'
+compose '-' 'y' to '¥'
+compose '.' '.' to '·'
+compose '.' 'C' to 'Å'
+compose '.' 'G' to 'Õ'
+compose '.' 'I' to '©'
+compose '.' 'Z' to '¯'
+compose '.' '^' to '·'
+compose '.' 'c' to 'å'
+compose '.' 'g' to 'õ'
+compose '.' 'i' to '¹'
+compose '.' 'z' to '¿'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' '^' to '|'
+compose '/' 'u' to 'µ'
+compose ':' '-' to '÷'
+compose '<' '/' to '\\'
+compose '=' 'c' to '¤'
+compose '=' 'e' to '¤'
+compose '=' 'l' to '£'
+compose '=' 'y' to '¥'
+compose '>' 'A' to 'Â'
+compose '>' 'C' to 'Æ'
+compose '>' 'E' to 'Ê'
+compose '>' 'G' to 'Ø'
+compose '>' 'H' to '¦'
+compose '>' 'I' to 'Î'
+compose '>' 'J' to '¬'
+compose '>' 'O' to 'Ô'
+compose '>' 'S' to 'Þ'
+compose '>' 'U' to 'Û'
+compose '>' 'a' to 'â'
+compose '>' 'c' to 'æ'
+compose '>' 'e' to 'ê'
+compose '>' 'g' to 'ø'
+compose '>' 'h' to '¶'
+compose '>' 'i' to 'î'
+compose '>' 'j' to '¼'
+compose '>' 'o' to 'ô'
+compose '>' 's' to 'þ'
+compose '>' 'u' to 'û'
+compose 'G' 'U' to '«'
+compose '\'' 'A' to 'Á'
+compose '\'' 'E' to 'É'
+compose '\'' 'I' to 'Í'
+compose '\'' 'O' to 'Ó'
+compose '\'' 'U' to 'Ú'
+compose '\'' 'Y' to 'Ý'
+compose '\'' '\'' to '´'
+compose '\'' 'a' to 'á'
+compose '\'' 'e' to 'é'
+compose '\'' 'i' to 'í'
+compose '\'' 'o' to 'ó'
+compose '\'' 'u' to 'ú'
+compose '\'' 'y' to 'ý'
+compose '^' '.' to '·'
+compose '^' '/' to '|'
+compose '^' '0' to '°'
+compose '^' '2' to '²'
+compose '^' '3' to '³'
+compose '^' 'A' to 'Â'
+compose '^' 'C' to 'Æ'
+compose '^' 'E' to 'Ê'
+compose '^' 'G' to 'Ø'
+compose '^' 'H' to '¦'
+compose '^' 'I' to 'Î'
+compose '^' 'J' to '¬'
+compose '^' 'O' to 'Ô'
+compose '^' 'S' to 'Þ'
+compose '^' 'U' to 'Û'
+compose '^' 'a' to 'â'
+compose '^' 'c' to 'æ'
+compose '^' 'e' to 'ê'
+compose '^' 'g' to 'ø'
+compose '^' 'h' to '¶'
+compose '^' 'i' to 'î'
+compose '^' 'j' to '¼'
+compose '^' 'o' to 'ô'
+compose '^' 's' to 'þ'
+compose '^' 'u' to 'û'
+compose '`' 'A' to 'À'
+compose '`' 'E' to 'È'
+compose '`' 'I' to 'Ì'
+compose '`' 'O' to 'Ò'
+compose '`' 'U' to 'Ù'
+compose '`' 'a' to 'à'
+compose '`' 'e' to 'è'
+compose '`' 'i' to 'ì'
+compose '`' 'o' to 'ò'
+compose '`' 'u' to 'ù'
+compose 'g' 'U' to '»'
+compose 'r' 'o' to '®'
+compose 's' '0' to '§'
+compose 's' '2' to '²'
+compose 's' '3' to '³'
+compose 's' 'o' to '§'
+compose 'u' 'u' to 'ý'
+compose 'v' 'l' to '|'
+compose '~' 'A' to 'Ã'
+compose '~' 'O' to 'Õ'
+compose '~' 'a' to 'ã'
+compose '~' 'o' to 'õ'
--- /dev/null
+# Compose sequences for ISO-8859-4
+compose '!' 's' to '§'
+compose '"' '"' to '¨'
+compose '"' 'A' to 'Ä'
+compose '"' 'E' to 'Ë'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'a' to 'ä'
+compose '"' 'e' to 'ë'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '*' '0' to '°'
+compose '*' 'A' to 'Å'
+compose '*' 'a' to 'å'
+compose ',' ',' to '¸'
+compose ',' 'A' to '¡'
+compose ',' 'E' to 'Ê'
+compose ',' 'G' to '«'
+compose ',' 'I' to 'Ç'
+compose ',' 'K' to 'Ó'
+compose ',' 'L' to '¦'
+compose ',' 'N' to 'Ñ'
+compose ',' 'R' to '£'
+compose ',' 'U' to 'Ù'
+compose ',' 'a' to '±'
+compose ',' 'e' to 'ê'
+compose ',' 'g' to '»'
+compose ',' 'i' to 'ç'
+compose ',' 'k' to 'ó'
+compose ',' 'l' to '¶'
+compose ',' 'n' to 'ñ'
+compose ',' 'r' to '³'
+compose ',' 'u' to 'ù'
+compose '-' '-' to ''
+compose '-' ':' to '÷'
+compose '-' 'A' to 'À'
+compose '-' 'D' to 'Ð'
+compose '-' 'E' to 'ª'
+compose '-' 'I' to 'Ï'
+compose '-' 'O' to 'Ò'
+compose '-' 'U' to 'Þ'
+compose '-' '^' to '¯'
+compose '-' 'a' to 'à'
+compose '-' 'd' to 'ð'
+compose '-' 'e' to 'º'
+compose '-' 'i' to 'ï'
+compose '-' 'o' to 'ò'
+compose '-' 'u' to 'þ'
+compose '.' '.' to 'ÿ'
+compose '.' 'E' to 'Ì'
+compose '.' 'e' to 'ì'
+compose '/' 'O' to 'Ø'
+compose '/' 'T' to '¬'
+compose '/' 'o' to 'ø'
+compose '/' 't' to '¼'
+compose ':' '-' to '÷'
+compose '<' '<' to '·'
+compose '<' 'C' to 'È'
+compose '<' 'S' to '©'
+compose '<' 'Z' to '®'
+compose '<' 'c' to 'è'
+compose '<' 's' to '¹'
+compose '<' 'z' to '¾'
+compose '>' 'A' to 'Â'
+compose '>' 'I' to 'Î'
+compose '>' 'O' to 'Ô'
+compose '>' 'U' to 'Û'
+compose '>' 'a' to 'â'
+compose '>' 'i' to 'î'
+compose '>' 'o' to 'ô'
+compose '>' 'u' to 'û'
+compose 'A' 'E' to 'Æ'
+compose 'N' 'G' to '½'
+compose 'T' '-' to '¬'
+compose '\'' 'A' to 'Á'
+compose '\'' 'E' to 'É'
+compose '\'' 'I' to 'Í'
+compose '\'' 'U' to 'Ú'
+compose '\'' '\'' to '´'
+compose '\'' 'a' to 'á'
+compose '\'' 'e' to 'é'
+compose '\'' 'i' to 'í'
+compose '\'' 'u' to 'ú'
+compose '^' '-' to '¯'
+compose '^' 'A' to 'Â'
+compose '^' 'I' to 'Î'
+compose '^' 'O' to 'Ô'
+compose '^' 'U' to 'Û'
+compose '^' '_' to '¯'
+compose '^' 'a' to 'â'
+compose '^' 'i' to 'î'
+compose '^' 'o' to 'ô'
+compose '^' 'u' to 'û'
+compose '_' 'A' to 'À'
+compose '_' 'E' to 'ª'
+compose '_' 'I' to 'Ï'
+compose '_' 'O' to 'Ò'
+compose '_' 'U' to 'Þ'
+compose '_' '^' to '¯'
+compose '_' '_' to '¯'
+compose '_' 'a' to 'à'
+compose '_' 'e' to 'º'
+compose '_' 'i' to 'ï'
+compose '_' 'o' to 'ò'
+compose '_' 'u' to 'þ'
+compose 'a' 'e' to 'æ'
+compose 'n' 'g' to '¿'
+compose 'o' 'x' to '¤'
+compose 's' '0' to '§'
+compose 's' 'o' to '§'
+compose 't' '-' to '¼'
+compose 'x' '0' to '¤'
+compose 'x' 'o' to '¤'
+compose '~' 'A' to 'Ã'
+compose '~' 'I' to '¥'
+compose '~' 'O' to 'Õ'
+compose '~' 'U' to 'Ý'
+compose '~' 'a' to 'ã'
+compose '~' 'i' to 'µ'
+compose '~' 'o' to 'õ'
+compose '~' 'u' to 'ý'
--- /dev/null
+# Compose sequences for ISO-8859-5
--- /dev/null
+# Compose sequences for ISO-8859-6
--- /dev/null
+# Compose sequences for ISO-8859-7
+compose '!' '^' to '¦'
+compose '!' 's' to '§'
+compose '"' '"' to '¨'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose '(' 'c' to '©'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' '0' to '°'
+compose '+' '+' to '#'
+compose '+' '-' to '±'
+compose ',' '-' to '¬'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '+' to '±'
+compose '-' ',' to '¬'
+compose '-' '-' to ''
+compose '-' 'l' to '£'
+compose '.' '.' to '·'
+compose '.' '^' to '·'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' '^' to '|'
+compose '1' '2' to '½'
+compose '<' '/' to '\\'
+compose '<' '<' to '«'
+compose '<' '\'' to '¡'
+compose '=' 'l' to '£'
+compose '>' '>' to '»'
+compose '>' '\'' to '¢'
+compose '\'' '<' to '¡'
+compose '\'' '>' to '¢'
+compose '\'' '\'' to '´'
+compose '^' '!' to '¦'
+compose '^' '.' to '·'
+compose '^' '/' to '|'
+compose '^' '0' to '°'
+compose '^' '2' to '²'
+compose '^' '3' to '³'
+compose 'a' 't' to '@'
+compose 'c' '0' to '©'
+compose 'c' 'o' to '©'
+compose 'o' 'c' to '©'
+compose 's' '0' to '§'
+compose 's' '2' to '²'
+compose 's' '3' to '³'
+compose 's' 'o' to '§'
+compose 'v' 'b' to '¦'
+compose 'v' 'l' to '|'
+compose '|' '|' to '¦'
+compose '~' '~' to '¯'
--- /dev/null
+# Compose sequences for ISO-8859-8
--- /dev/null
+# Compose sequences for ISO-8859-9
+compose '!' '!' to '¡'
+compose '!' 'p' to '¶'
+compose '!' 's' to '§'
+compose '"' '"' to '¨'
+compose '"' 'A' to 'Ä'
+compose '"' 'E' to 'Ë'
+compose '"' 'I' to 'Ï'
+compose '"' 'O' to 'Ö'
+compose '"' 'U' to 'Ü'
+compose '"' 'Y' to '¾'
+compose '"' 'a' to 'ä'
+compose '"' 'e' to 'ë'
+compose '"' 'i' to 'ï'
+compose '"' 'o' to 'ö'
+compose '"' 'u' to 'ü'
+compose '"' 'y' to 'ÿ'
+compose '(' '(' to '['
+compose '(' '-' to '{'
+compose '(' 'G' to 'Ð'
+compose '(' 'c' to '©'
+compose '(' 'g' to 'ð'
+compose '(' 'r' to '®'
+compose ')' ')' to ']'
+compose ')' '-' to '}'
+compose '*' '0' to '°'
+compose '*' 'A' to 'Å'
+compose '*' 'a' to 'å'
+compose '+' '+' to '#'
+compose '+' '-' to '±'
+compose ',' ',' to '¸'
+compose ',' '-' to '¬'
+compose ',' 'C' to 'Ç'
+compose ',' 'S' to 'Þ'
+compose ',' 'c' to 'ç'
+compose ',' 's' to 'þ'
+compose '-' '(' to '{'
+compose '-' ')' to '}'
+compose '-' '+' to '±'
+compose '-' ',' to '¬'
+compose '-' '-' to ''
+compose '-' ':' to '÷'
+compose '-' 'A' to 'Ã'
+compose '-' 'D' to 'Ð'
+compose '-' 'N' to 'Ñ'
+compose '-' 'O' to 'Õ'
+compose '-' '^' to '¯'
+compose '-' 'a' to 'ã'
+compose '-' 'd' to 'ð'
+compose '-' 'l' to '£'
+compose '-' 'n' to 'ñ'
+compose '-' 'o' to 'õ'
+compose '-' 'y' to '¥'
+compose '.' '.' to '·'
+compose '.' 'I' to 'Ý'
+compose '.' '^' to '·'
+compose '.' 'i' to 'ý'
+compose '/' '/' to '\\'
+compose '/' '<' to '\\'
+compose '/' 'O' to 'Ø'
+compose '/' '^' to '|'
+compose '/' 'c' to '¢'
+compose '/' 'o' to 'ø'
+compose '/' 'u' to 'µ'
+compose ':' '-' to '÷'
+compose '<' '/' to '\\'
+compose '<' '<' to '«'
+compose '<' 'Z' to '´'
+compose '<' 'z' to '¸'
+compose '=' 'c' to '¤'
+compose '=' 'e' to '¤'
+compose '=' 'l' to '£'
+compose '=' 'y' to '¥'
+compose '>' '>' to '»'
+compose '>' 'A' to 'Â'
+compose '>' 'E' to 'Ê'
+compose '>' 'I' to 'Î'
+compose '>' 'O' to 'Ô'
+compose '>' 'U' to 'Û'
+compose '>' 'a' to 'â'
+compose '>' 'e' to 'ê'
+compose '>' 'i' to 'î'
+compose '>' 'o' to 'ô'
+compose '>' 'u' to 'û'
+compose '?' '?' to '¿'
+compose 'A' 'E' to 'Æ'
+compose 'G' 'U' to 'Ð'
+compose 'T' 'H' to 'Þ'
+compose '\'' 'A' to 'Á'
+compose '\'' 'E' to 'É'
+compose '\'' 'I' to 'Í'
+compose '\'' 'O' to 'Ó'
+compose '\'' 'U' to 'Ú'
+compose '\'' 'Y' to 'Ý'
+compose '\'' '\'' to '´'
+compose '\'' 'a' to 'á'
+compose '\'' 'e' to 'é'
+compose '\'' 'i' to 'í'
+compose '\'' 'o' to 'ó'
+compose '\'' 'u' to 'ú'
+compose '\'' 'y' to 'ý'
+compose '^' '-' to '¯'
+compose '^' '.' to '·'
+compose '^' '/' to '|'
+compose '^' '0' to '°'
+compose '^' '1' to '¹'
+compose '^' '2' to '²'
+compose '^' '3' to '³'
+compose '^' 'A' to 'Â'
+compose '^' 'E' to 'Ê'
+compose '^' 'I' to 'Î'
+compose '^' 'O' to 'Ô'
+compose '^' 'U' to 'Û'
+compose '^' '_' to '¯'
+compose '^' 'a' to 'â'
+compose '^' 'e' to 'ê'
+compose '^' 'i' to 'î'
+compose '^' 'o' to 'ô'
+compose '^' 'u' to 'û'
+compose '_' '^' to '¯'
+compose '_' '_' to '¯'
+compose '_' 'a' to 'ª'
+compose '_' 'o' to 'º'
+compose '`' 'A' to 'À'
+compose '`' 'E' to 'È'
+compose '`' 'I' to 'Ì'
+compose '`' 'O' to 'Ò'
+compose '`' 'U' to 'Ù'
+compose '`' 'a' to 'à'
+compose '`' 'e' to 'è'
+compose '`' 'i' to 'ì'
+compose '`' 'o' to 'ò'
+compose '`' 'u' to 'ù'
+compose 'a' 'e' to 'æ'
+compose 'c' '0' to '©'
+compose 'c' 'o' to '©'
+compose 'g' 'U' to 'ð'
+compose 'o' 'c' to '©'
+compose 'o' 'e' to '¼'
+compose 'r' 'o' to '®'
+compose 's' '0' to '§'
+compose 's' '1' to '¹'
+compose 's' '2' to '²'
+compose 's' '3' to '³'
+compose 's' 'o' to '§'
+compose 't' 'h' to 'þ'
+compose 'v' 'Z' to '´'
+compose 'v' 'l' to '|'
+compose 'v' 'z' to '¸'
+compose '|' 'c' to '¢'
+compose '~' 'A' to 'Ã'
+compose '~' 'N' to 'Ñ'
+compose '~' 'O' to 'Õ'
+compose '~' 'a' to 'ã'
+compose '~' 'n' to 'ñ'
+compose '~' 'o' to 'õ'
--- /dev/null
+# Compose sequences for KOI8-R
--- /dev/null
+# Compose sequences for KOI8-U
--- /dev/null
+# Compose sequences for TIS-620
--- /dev/null
+# Compose sequences for VISCII
--- /dev/null
+# The content of this file will be appended to the keyboard layout.
+# The following is an example how to make Alt+j switch to to the next
+# console and Alt+k switch to the previous console.
+
+# Uncomment the following lines for Linux. Notice that everything is
+# replicated for all possible values of the modifiers shiftl, shiftr
+# and ctrll (shiftl and shiftr are used for groups 1..4 of XKB and
+# ctrll is used to fix the broken CapsLock when Linux console is in
+# Unicode mode).
+
+# alt keycode 36 = Incr_Console
+# shiftl alt keycode 36 = Incr_Console
+# shiftr alt keycode 36 = Incr_Console
+# shiftr shiftl alt keycode 36 = Incr_Console
+# ctrll alt keycode 36 = Incr_Console
+# ctrll shiftl alt keycode 36 = Incr_Console
+# ctrll shiftr alt keycode 36 = Incr_Console
+# ctrll shiftr shiftl alt keycode 36 = Incr_Console
+#
+# alt keycode 37 = Decr_Console
+# shiftl alt keycode 37 = Decr_Console
+# shiftr alt keycode 37 = Decr_Console
+# shiftr shiftl alt keycode 37 = Decr_Console
+# ctrll alt keycode 37 = Decr_Console
+# ctrll shiftl alt keycode 37 = Decr_Console
+# ctrll shiftr alt keycode 37 = Decr_Console
+# ctrll shiftr shiftl alt keycode 37 = Decr_Console
+
+# For the same result on FreeBSD uncomment the following lines:
+
+# 036 'j' 'J' nl nl nscr nscr nl nl C
+# 037 'k' 'K' vt vt pscr pscr nl nl C
--- /dev/null
+1,222,57,255,0,118,44,204,128,255,0,255,0,255,0,255
+1,56,181,199,111,38,181,204,128,0,255,255,0,0,255,255
+1,43,74,6,184,113,233,204,128,0,0,0,255,255,255,255
--- /dev/null
+0,170,0,170,0,170,0,170,85,255,85,255,85,255,85,255
+0,0,170,85,0,0,170,170,85,85,255,255,85,85,255,255
+0,0,0,0,170,170,170,170,85,85,85,85,255,255,255,255
--- /dev/null
+# DO NOT EDIT OR REMOVE
+# This file is a simple placeholder to keep dpkg from removing this directory
--- /dev/null
+# /etc/cron.d/certbot: crontab entries for the certbot package
+#
+# Upstream recommends attempting renewal twice a day
+#
+# Eventually, this will be an opportunity to validate certificates
+# haven't been revoked, etc. Renewal will only occur if expiration
+# is within 30 days.
+#
+# Important Note! This cronjob will NOT be executed if you are
+# running systemd as your init system. If you are running systemd,
+# the cronjob.timer function takes precedence over this cronjob. For
+# more details, see the systemd.timer manpage, or use systemctl show
+# certbot.timer.
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
--- /dev/null
+30 3 * * 0 root test -e /run/systemd/system || SERVICE_MODE=1 /usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron
+10 3 * * * root test -e /run/systemd/system || SERVICE_MODE=1 /sbin/e2scrub_all -A -r
--- /dev/null
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+47 3 * * * root test -x /etc/cron.daily/popularity-contest && /etc/cron.daily/popularity-contest --crond
--- /dev/null
+# The first element of the path is a directory where the debian-sa1
+# script is located
+PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# Activity reports every 10 minutes everyday
+5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
+
+# Additional run at 23:59 to rotate the statistics file
+59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2
--- /dev/null
+# DO NOT EDIT OR REMOVE
+# This file is a simple placeholder to keep dpkg from removing this directory
--- /dev/null
+#!/bin/sh -e
+# clean all crash reports which are older than a week.
+[ -d /var/crash ] || exit 0
+find /var/crash/. ! -name . -prune -type f \( \( -size 0 -a \! -name '*.upload*' -a \! -name '*.drkonqi*' \) -o -mtime +7 \) -exec rm -f -- '{}' \;
+find /var/crash/. ! -name . -prune -type d -regextype posix-extended -regex '.*/[0-9]{12}$' \( -mtime +7 \) -exec rm -Rf -- '{}' \;
--- /dev/null
+#!/bin/sh
+
+set -e
+
+# Systemd systems use a systemd timer unit which is preferable to
+# run. We want to randomize the apt update and unattended-upgrade
+# runs as much as possible to avoid hitting the mirrors all at the
+# same time. The systemd time is better at this than the fixed
+# cron.daily time
+if [ -d /run/systemd/system ]; then
+ exit 0
+fi
+
+check_power()
+{
+ # laptop check, on_ac_power returns:
+ # 0 (true) System is on main power
+ # 1 (false) System is not on main power
+ # 255 (false) Power status could not be determined
+ # Desktop systems always return 255 it seems
+ if which on_ac_power >/dev/null 2>&1; then
+ if on_ac_power; then
+ :
+ elif [ $? -eq 1 ]; then
+ return 1
+ fi
+ fi
+ return 0
+}
+
+# sleep for a random interval of time (default 30min)
+# (some code taken from cron-apt, thanks)
+random_sleep()
+{
+ RandomSleep=1800
+ eval $(apt-config shell RandomSleep APT::Periodic::RandomSleep)
+ if [ $RandomSleep -eq 0 ]; then
+ return
+ fi
+ if [ -z "$RANDOM" ] ; then
+ # A fix for shells that do not have this bash feature.
+ RANDOM=$(( $(dd if=/dev/urandom bs=2 count=1 2> /dev/null | cksum | cut -d' ' -f1) % 32767 ))
+ fi
+ TIME=$(($RANDOM % $RandomSleep))
+ sleep $TIME
+}
+
+# delay the job execution by a random amount of time
+random_sleep
+
+# ensure we don't do this on battery
+check_power || exit 0
+
+# run daily job
+exec /usr/lib/apt/apt.systemd.daily
--- /dev/null
+#!/bin/sh
+# /etc/cron.daily/calendar: BSD mainutils calendar daily maintenance script
+# Written by Austin Donnelly <and1000@debian.org>
+
+. /etc/default/bsdmainutils
+
+[ x$RUN_DAILY = xtrue ] || exit 0
+
+[ -x /usr/sbin/sendmail ] || exit 0
+
+if [ ! -x /usr/bin/cpp ]; then
+ echo "The cpp package is needed to run calendar."
+ exit 1
+fi
+
+/usr/bin/calendar -a
--- /dev/null
+#!/bin/sh
+
+dbdir=/var/lib/dpkg
+
+# Backup the 7 last versions of dpkg databases containing user data.
+if cd /var/backups ; then
+ # We backup all relevant database files if any has changed, so that
+ # the rotation number always contains an internally consistent set.
+ dbchanged=no
+ dbfiles="arch status diversions statoverride"
+ for db in $dbfiles ; do
+ if ! cmp -s "dpkg.${db}.0" "$dbdir/$db"; then
+ dbchanged=yes
+ break;
+ fi
+ done
+ if [ "$dbchanged" = "yes" ] ; then
+ for db in $dbfiles ; do
+ [ -e "$dbdir/$db" ] || continue
+ cp -p "$dbdir/$db" "dpkg.$db"
+ savelog -c 7 "dpkg.$db" >/dev/null
+ done
+ fi
+
+ # The alternatives database is independent from the dpkg database.
+ dbalt=alternatives
+
+ # XXX: Ideally we'd use --warning=none instead of discarding stderr, but
+ # as of GNU tar 1.27.1, it does not seem to work reliably (see #749307).
+ if ! test -e ${dbalt}.tar.0 ||
+ ! tar -df ${dbalt}.tar.0 -C $dbdir $dbalt >/dev/null 2>&1 ;
+ then
+ tar -cf ${dbalt}.tar -C $dbdir $dbalt >/dev/null 2>&1
+ savelog -c 7 ${dbalt}.tar >/dev/null
+ fi
+fi
--- /dev/null
+#!/bin/sh
+
+# skip in favour of systemd timer
+if [ -d /run/systemd/system ]; then
+ exit 0
+fi
+
+# this cronjob persists removals (but not purges)
+if [ ! -x /usr/sbin/logrotate ]; then
+ exit 0
+fi
+
+/usr/sbin/logrotate /etc/logrotate.conf
+EXITVALUE=$?
+if [ $EXITVALUE != 0 ]; then
+ /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+fi
+exit $EXITVALUE
--- /dev/null
+#!/bin/sh
+#
+# man-db cron daily
+
+set -e
+
+if [ -d /run/systemd/system ]; then
+ # Skip in favour of systemd timer.
+ exit 0
+fi
+
+iosched_idle=
+# Don't try to change I/O priority in a vserver or OpenVZ.
+if ! egrep -q '(envID|VxID):.*[1-9]' /proc/self/status && \
+ ([ ! -d /proc/vz ] || [ -d /proc/bc ]); then
+ iosched_idle='--iosched idle'
+fi
+
+if ! [ -d /var/cache/man ]; then
+ # Recover from deletion, per FHS.
+ install -d -o man -g man -m 0755 /var/cache/man
+fi
+
+# expunge old catman pages which have not been read in a week
+if [ -d /var/cache/man ]; then
+ cd /
+ start-stop-daemon --start --pidfile /dev/null --startas /bin/sh \
+ --oknodo --chuid man $iosched_idle -- -c \
+ "find /var/cache/man -type f -name '*.gz' -atime +6 -print0 | \
+ xargs -r0 rm -f"
+fi
+
+# regenerate man database
+if [ -x /usr/bin/mandb ]; then
+ # --pidfile /dev/null so it always starts; mandb isn't really a daemon,
+ # but we want to start it like one.
+ start-stop-daemon --start --pidfile /dev/null \
+ --startas /usr/bin/mandb --oknodo --chuid man \
+ $iosched_idle \
+ -- --no-purge --quiet
+fi
+
+exit 0
--- /dev/null
+#!/bin/sh
+set -e
+
+# don't run if this package is removed but not purged
+if [ ! -f /usr/sbin/popularity-contest ]; then
+ exit 0
+fi
+
+MODE="$1"
+
+unset MAILFROM
+unset MAILTO
+unset MY_HOSTID
+unset PARTICIPATE
+unset SUBMITURLS
+unset USEHTTP
+unset USETOR
+unset MTAOPS
+
+TORIFY_PATH=/usr/bin/torify
+
+torify_enabled() {
+ # Return 1 to enable torify for HTTP submission, otherwise 0; exit on error
+ TORSOCKS_PATH=/usr/bin/torsocks
+ [ -f "$TORIFY_PATH" ] && [ -f "$TORSOCKS_PATH" ] && TOR_AVAILABLE=1
+
+ case "$USETOR" in
+ "yes")
+ if [ -z $TOR_AVAILABLE ]; then
+ echo "popularity-contest: USETOR is set but torify is not available." 2>&1
+ echo "popularity-contest: Please install the tor and torsocks packages." 2>&1
+ exit 1
+ fi
+ if [ "yes" != "$USEHTTP" ]; then
+ echo "popularity-contest: when USETOR is set USEHTTP must be set as well" 2>&1
+ exit 1
+ fi
+ return 0
+ ;;
+ "maybe")
+ [ "yes" = "$USEHTTP" ] && [ ! -z $TOR_AVAILABLE ] && return 0
+ return 1
+ ;;
+ "no")
+ return 1
+ ;;
+ esac
+}
+
+# get configuration information
+. /usr/share/popularity-contest/default.conf
+. /etc/popularity-contest.conf
+
+if test -d /etc/popularity-contest.d/; then
+ for file in `run-parts --list --regex '\.conf$' /etc/popularity-contest.d/`;
+ do
+ . $file
+ done
+fi
+
+# don't run if MAILTO address is blank, and not configured to use HTTP POST!
+if [ -z "$MAILTO" ] && [ "yes" != "$USEHTTP" ]; then exit 0; fi
+
+# don't run if PARTICIPATE is "no" or unset!
+if [ "$PARTICIPATE" = "no" ] || [ -z "$PARTICIPATE" ]; then exit 0; fi
+
+# enable torify
+if torify_enabled; then
+ TORIFY=$TORIFY_PATH
+else
+ TORIFY=''
+fi
+
+
+if [ -n "$HTTP_PROXY" ]; then
+ export http_proxy="$HTTP_PROXY";
+fi
+
+POPCONOLD=/var/log/popularity-contest
+POPCONNEW=/var/log/popularity-contest.new
+POPCON="$POPCONNEW"
+
+# Only run on the given day, to spread the load on the server a bit
+if [ "$DAY" ] && [ "$DAY" != "$(date +%w)" ] ; then
+ # Ensure that popcon runs at least once in the last week
+ if [ -f "$POPCONOLD" ] ; then
+ now=$(date +%s)
+ lastrun=$(date -r $POPCONOLD +%s)
+ if [ "$MODE" = "--crond" ]; then
+ # 6.5 days, in seconds
+ week=561600
+ else
+ # 7.5 days, in seconds
+ week=648000
+ fi
+ if [ "$(( $now - $lastrun ))" -le "$week" ]; then
+ exit 0
+ fi
+ fi
+fi
+
+# keep old logs
+cd /var/log
+umask 022
+savelog -c 7 popularity-contest >/dev/null
+
+run_popcon()
+{
+ runuser -s /bin/sh -c "/usr/sbin/popularity-contest" nobody
+}
+
+do_sendmail()
+{
+ if [ -n "$MAILFROM" ]; then
+ sendmail -oi $MTAOPS -f "$MAILFROM" $MAILTO
+ else
+ sendmail -oi $MTAOPS $MAILTO
+ fi
+}
+
+# generate the popularity contest data
+
+run_popcon > $POPCON
+
+GPG=/usr/bin/gpg
+
+if [ "$ENCRYPT" = "yes" ] && ! [ -x "$GPG" ]; then
+ logger -t popularity-contest "encryption required but gpg is not available."
+ echo "popularity-contest: encryption required but gpg is not available." 2>&1
+ exit 1
+fi
+
+if [ -x "$GPG" ] && [ "$ENCRYPT" = "maybe" ] || [ "$ENCRYPT" = "yes" ]; then
+ POPCONGPG="$POPCON.gpg"
+ rm -f "$POPCONGPG"
+ GPGHOME=`mktemp -d`
+ $GPG --batch --no-options --no-default-keyring --trust-model=always \
+ --homedir "$GPGHOME" --keyring $KEYRING --quiet \
+ --armor -o "$POPCONGPG" -r $POPCONKEY --encrypt "$POPCON"
+ rm -rf "$GPGHOME"
+ POPCON="$POPCONGPG"
+fi
+
+SUBMITTED=no
+
+# try to post the report through http POST
+if [ "$SUBMITURLS" ] && [ "yes" = "$USEHTTP" ]; then
+ for URL in $SUBMITURLS ; do
+ if setsid $TORIFY /usr/share/popularity-contest/popcon-upload \
+ -u $URL -f $POPCON -C 2>/dev/null ; then
+ SUBMITTED=yes
+ else
+ logger -t popularity-contest "unable to submit report to $URL."
+ fi
+ done
+fi
+
+# try to email the popularity contest data
+# skip emailing if USETOR is set
+
+if [ "$MODE" = "--crond" ] && [ yes != "$SUBMITTED" ] && [ yes != "$USETOR" ] && [ "$MAILTO" ]; then
+ if [ -x "`which sendmail 2>/dev/null`" ]; then
+ (
+ if [ -n "$MAILFROM" ]; then
+ echo "From: <$MAILFROM>"
+ echo "Sender: <$MAILFROM>"
+ fi
+ echo "To: $MAILTO"
+ echo "Subject: popularity-contest submission"
+ echo "MIME-Version: 1.0"
+ echo "Content-Type: text/plain"
+ echo
+ cat $POPCON
+ ) | do_sendmail
+ SUBMITTED=yes
+ else
+ logger -t popularity-contest "unable to submit report using sendmail."
+ fi
+fi
+
+if [ "yes" != "$SUBMITTED" ] ; then
+ logger -t popularity-contest "unable to submit report."
+else
+ mv $POPCONNEW $POPCONOLD
+fi
--- /dev/null
+#!/bin/sh
+# Generate a daily summary of process accounting. Since this will probably
+# get kicked off in the morning, it is run against the previous day data.
+
+# our configuration file
+DEFAULT=/etc/default/sysstat
+# default settings, overriden in the above file
+ENABLED=false
+
+[ ! -x /usr/lib/sysstat/sa2 ] && exit 0
+
+# read our config
+[ -r "$DEFAULT" ] && . "$DEFAULT"
+
+[ "$ENABLED" = "true" ] || exit 0
+
+exec /usr/lib/sysstat/sa2 -A
+
--- /dev/null
+#!/bin/sh
+
+set -e
+
+[ -x /usr/lib/update-notifier/package-data-downloader ] || exit 0
+
+# Try to rerun any package data downloads that failed at package install time.
+/usr/lib/update-notifier/package-data-downloader
--- /dev/null
+# DO NOT EDIT OR REMOVE
+# This file is a simple placeholder to keep dpkg from removing this directory
--- /dev/null
+# DO NOT EDIT OR REMOVE
+# This file is a simple placeholder to keep dpkg from removing this directory
--- /dev/null
+# DO NOT EDIT OR REMOVE
+# This file is a simple placeholder to keep dpkg from removing this directory
--- /dev/null
+#!/bin/sh
+#
+# man-db cron weekly
+
+set -e
+
+if [ -d /run/systemd/system ]; then
+ # Skip in favour of systemd timer.
+ exit 0
+fi
+
+iosched_idle=
+# Don't try to change I/O priority in a vserver or OpenVZ.
+if ! egrep -q '(envID|VxID):.*[1-9]' /proc/self/status && \
+ ([ ! -d /proc/vz ] || [ -d /proc/bc ]); then
+ iosched_idle='--iosched idle'
+fi
+
+if ! [ -d /var/cache/man ]; then
+ # Recover from deletion, per FHS.
+ install -d -o man -g man -m 0755 /var/cache/man
+fi
+
+# regenerate man database
+if [ -x /usr/bin/mandb ]; then
+ # --pidfile /dev/null so it always starts; mandb isn't really a daemon,
+ # but we want to start it like one.
+ start-stop-daemon --start --pidfile /dev/null \
+ --startas /usr/bin/mandb --oknodo --chuid man \
+ $iosched_idle \
+ -- --quiet
+fi
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+set -e
+
+[ -x /usr/lib/ubuntu-release-upgrader/release-upgrade-motd ] || exit 0
+
+sleep_then_check() {
+ # Sleep for up to an hour to spread the load of checking for updates on
+ # the Ubuntu infrastructure
+ sleep $(shuf -i 1-3600 -n 1)
+ # Check to see whether there is a new version of Ubuntu available
+ /usr/lib/ubuntu-release-upgrader/release-upgrade-motd
+}
+
+sleep_then_check &
--- /dev/null
+# /etc/crontab: system-wide crontab
+# Unlike any other crontab you don't have to run the `crontab'
+# command to install the new version when you edit this file
+# and files in /etc/cron.d. These files also have username fields,
+# that none of the other crontabs do.
+
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+# Example of job definition:
+# .---------------- minute (0 - 59)
+# | .------------- hour (0 - 23)
+# | | .---------- day of month (1 - 31)
+# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
+# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+# | | | | |
+# * * * * * user-name command to be executed
+17 * * * * root cd / && run-parts --report /etc/cron.hourly
+25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
+47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
+52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
+#
--- /dev/null
+#
+# Configuration file for the cryptroot initramfs hook.
+#
+
+#
+# KEYFILE_PATTERN: ...
+#
+# The value of this variable is interpreted as a shell pattern.
+# Matching key files from the crypttab(5) are included in the initramfs
+# image. The associated devices can then be unlocked without manual
+# intervention. (For instance if /etc/crypttab lists two key files
+# /etc/keys/{root,swap}.key, you can set KEYFILE_PATTERN="/etc/keys/*.key"
+# to add them to the initrd.)
+#
+# If KEYFILE_PATTERN if null or unset (default) then no key file is
+# copied to the initramfs image.
+#
+# Note that the glob(7) is not expanded for crypttab(5) entries with a
+# 'keyscript=' option. In that case, the field is not treated as a file
+# name but given as argument to the keyscript.
+#
+# WARNING: If the initramfs image is to include private key material,
+# you'll want to create it with a restrictive umask in order to keep
+# non-privileged users at bay. For instance, set UMASK=0077 in
+# /etc/initramfs-tools/initramfs.conf
+#
+
+#KEYFILE_PATTERN=
--- /dev/null
+# <target name> <source device> <key file> <options>
--- /dev/null
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="com.ubuntu.LanguageSelector"/>
+ </policy>
+
+ <policy context="default">
+ <allow send_interface="com.ubuntu.LanguageSelector"/>
+ <allow receive_interface="com.ubuntu.LanguageSelector"
+ receive_sender="com.ubuntu.LanguageSelector"/>
+
+ <allow send_destination="com.ubuntu.LanguageSelector"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="com.ubuntu.LanguageSelector"
+ send_interface="org.freedesktop.DBus.Properties"/>
+
+ </policy>
+
+</busconfig>
+
--- /dev/null
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <policy user="root">
+ <allow own="com.ubuntu.SoftwareProperties"/>
+ </policy>
+
+ <policy context="default">
+ <allow send_destination="com.ubuntu.SoftwareProperties"
+ send_interface="com.ubuntu.SoftwareProperties"/>
+ <allow send_destination="com.ubuntu.SoftwareProperties"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="com.ubuntu.DeviceDriver"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ </policy>
+
+</busconfig>
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <!-- Only root can own the service -->
+ <policy user="root">
+ <allow own="org.freedesktop.Accounts"/>
+ </policy>
+
+ <policy context="default">
+ <allow send_destination="org.freedesktop.Accounts"/>
+ <allow send_destination="org.freedesktop.Accounts"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.freedesktop.Accounts"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.freedesktop.Accounts.User"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.freedesktop.Accounts.User"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ </policy>
+
+</busconfig>
--- /dev/null
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy context="default">
+ <deny send_destination="org.freedesktop.ModemManager1"
+ send_type="method_call"/>
+
+ <!-- Methods listed here are explicitly allowed or PolicyKit protected.
+ The rest are restricted to root for security.
+ -->
+
+ <!-- org.freedesktop.ModemManager1.xml -->
+
+ <!-- Allowed for everyone -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
+
+ <!-- Protected by the Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1"
+ send_member="ScanDevices"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1"
+ send_member="SetLogging"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.xml -->
+
+ <!-- Allowed for everyone -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="ListBearers"/>
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="Enable"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="CreateBearer"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="DeleteBearer"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="SetPowerState"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="Reset"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="FactoryReset"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="SetCurrentCapabilities"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="SetCurrentModes"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="SetCurrentBands"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem"
+ send_member="Command"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Firmware.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Firmware"
+ send_member="List"/>
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Firmware"
+ send_member="Select"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Simple.xml -->
+
+ <!-- Allowed for everyone -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Simple"
+ send_member="GetStatus"/>
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Simple"
+ send_member="Connect"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Simple"
+ send_member="Disconnect"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Modem3gpp.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp"
+ send_member="Register"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp"
+ send_member="Scan"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp"
+ send_member="SetEpsUeModeOperation"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp"
+ send_member="SetInitialEpsBearerSettings"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp"
+ send_member="DisableFacilityLock"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.ModemCdma.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.ModemCdma"
+ send_member="Activate"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.ModemCdma"
+ send_member="ActivateManual"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Oma.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Oma"
+ send_member="Setup"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Oma"
+ send_member="StartClientInitiatedSession"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Oma"
+ send_member="AcceptNetworkInitiatedSession"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Oma"
+ send_member="CancelSession"/>
+
+ <!-- org.freedesktop.ModemManager1.Sim.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Sim"
+ send_member="SendPin"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Sim"
+ send_member="SendPuk"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Sim"
+ send_member="EnablePin"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Sim"
+ send_member="ChangePin"/>
+
+ <!-- org.freedesktop.ModemManager1.Bearer.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Bearer"
+ send_member="Connect"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Bearer"
+ send_member="Disconnect"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Modem3gpp.ProfileManager.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp.ProfileManager"
+ send_member="List"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp.ProfileManager"
+ send_member="Set"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp.ProfileManager"
+ send_member="Delete"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Modem3gpp.Ussd.xml -->
+
+ <!-- Protected by the USSD policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp.Ussd"
+ send_member="Initiate"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp.Ussd"
+ send_member="Respond"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Modem3gpp.Ussd"
+ send_member="Cancel"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Location.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Location"
+ send_member="Setup"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Location"
+ send_member="SetSuplServer"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Location"
+ send_member="InjectAssistanceData"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Location"
+ send_member="SetGpsRefreshRate"/>
+
+ <!-- Protected by the Location policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Location"
+ send_member="GetLocation"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Messaging.xml -->
+
+ <!-- Allowed for everyone -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Messaging"
+ send_member="List"/>
+
+ <!-- Protected by the Messaging policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Messaging"
+ send_member="Create"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Messaging"
+ send_member="Delete"/>
+
+ <!-- org.freedesktop.ModemManager1.Sms.xml -->
+
+ <!-- Protected by the Messaging policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Sms"
+ send_member="Store"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Sms"
+ send_member="Send"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Voice.xml -->
+
+ <!-- Allowed for everyone -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="ListCalls"/>
+
+ <!-- Protected by the Voice policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="CreateCall"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="DeleteCall"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="HoldAndAccept"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="HangupAndAccept"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="HangupAll"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="Transfer"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="CallWaitingSetup"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Voice"
+ send_member="CallWaitingQuery"/>
+
+ <!-- org.freedesktop.ModemManager1.Call.xml -->
+
+ <!-- Protected by the Voice policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Call"
+ send_member="Start"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Call"
+ send_member="Accept"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Call"
+ send_member="Deflect"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Call"
+ send_member="JoinMultiparty"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Call"
+ send_member="LeaveMultiparty"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Call"
+ send_member="Hangup"/>
+
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Call"
+ send_member="SendDtmf"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Signal.xml -->
+
+ <!-- Protected by the Device.Control policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Signal"
+ send_member="Setup"/>
+
+ <!-- org.freedesktop.ModemManager1.Modem.Time.xml -->
+
+ <!-- Protected by the Time policy rule -->
+ <allow send_destination="org.freedesktop.ModemManager1"
+ send_interface="org.freedesktop.ModemManager1.Modem.Time"
+ send_member="GetNetworkTime"/>
+
+ </policy>
+
+ <policy user="root">
+ <allow own="org.freedesktop.ModemManager1"/>
+ <allow send_destination="org.freedesktop.ModemManager1"/>
+ </policy>
+</busconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
+
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- This configuration file specifies the required security policies
+ for the PackageKit to work. -->
+
+ <!-- Only user root can own the PackageKit service -->
+ <policy user="root">
+ <allow own="org.freedesktop.PackageKit"/>
+ </policy>
+
+ <!-- Allow anyone to call into the service - we'll reject callers using PolicyKit -->
+ <policy context="default">
+ <allow send_destination="org.freedesktop.PackageKit"
+ send_interface="org.freedesktop.PackageKit"/>
+ <allow send_destination="org.freedesktop.PackageKit"
+ send_interface="org.freedesktop.PackageKit.Transaction"/>
+ <allow send_destination="org.freedesktop.PackageKit"
+ send_interface="org.freedesktop.PackageKit.Offline"/>
+ <allow send_destination="org.freedesktop.PackageKit"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.freedesktop.PackageKit"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.freedesktop.PackageKit"
+ send_interface="org.freedesktop.DBus.Peer"/>
+ </policy>
+
+</busconfig>
+
--- /dev/null
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<!--
+ This file is part of systemd.
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+-->
+
+<busconfig>
+
+ <policy user="root">
+ <allow own="org.freedesktop.thermald"/>
+ <allow send_destination="org.freedesktop.thermald"/>
+ <allow receive_sender="org.freedesktop.thermald"/>
+ </policy>
+
+ <policy context="default">
+ <deny send_destination="org.freedesktop.thermald"/>
+ <allow receive_sender="org.freedesktop.thermald"/>
+ </policy>
+
+ <policy group="power">
+ <allow send_destination="org.freedesktop.thermald"/>
+ <allow receive_sender="org.freedesktop.thermald"/>
+ </policy>
+
+</busconfig>
--- /dev/null
+# This is the main config file for debconf. It tells debconf where to
+# store data. The format of this file is a set of stanzas. Each stanza
+# except the first sets up a database for debconf to use. For details, see
+# debconf.conf(5) (in the debconf-doc package).
+#
+# So first things first. This first stanza gives the names of two databases.
+
+# Debconf will use this database to store the data you enter into it,
+# and some other dynamic data.
+Config: configdb
+# Debconf will use this database to store static template data.
+Templates: templatedb
+
+# World-readable, and accepts everything but passwords.
+Name: config
+Driver: File
+Mode: 644
+Reject-Type: password
+Filename: /var/cache/debconf/config.dat
+
+# Not world readable (the default), and accepts only passwords.
+Name: passwords
+Driver: File
+Mode: 600
+Backup: false
+Required: false
+Accept-Type: password
+Filename: /var/cache/debconf/passwords.dat
+
+# Set up the configdb database. By default, it consists of a stack of two
+# databases, one to hold passwords and one for everything else.
+Name: configdb
+Driver: Stack
+Stack: config, passwords
+
+# Set up the templatedb database, which is a single flat text file
+# by default.
+Name: templatedb
+Driver: File
+Mode: 644
+Filename: /var/cache/debconf/templates.dat
+
+# Well that was pretty straightforward, and it will be enough for most
+# people's needs, but debconf's database drivers can be used to do much
+# more interesting things. For example, suppose you want to use config
+# data from another host, which is mounted over nfs or perhaps the database
+# is accessed via LDAP. You don't want to write to the remote debconf database,
+# just read from it, so you still need a local database for local changes.
+#
+# A remote NFS mounted database, read-only. It is optional; if debconf
+# fails to use it it will not abort.
+#Name: remotedb
+#Driver: DirTree
+#Directory: /mnt/otherhost/var/cache/debconf/config
+#Readonly: true
+#Required: false
+#
+# A remote LDAP database. It is also read-only. The password is really
+# only necessary if the database is not accessible anonymously.
+# Option KeyByKey instructs the backend to retrieve keys from the LDAP
+# server individually (when they are requested), instead of loading all
+# keys at startup. The default is 0, and should only be enabled if you
+# want to track accesses to individual keys on the LDAP server side.
+#Name: remotedb
+#Driver: LDAP
+#Server: remotehost
+#BaseDN: cn=debconf,dc=domain,dc=com
+#BindDN: uid=admin,dc=domain,dc=com
+#BindPasswd: secret
+#KeyByKey: 0
+#
+# A stack consisting of two databases. Values will be read from
+# the first database in the stack to contain a value. In this example,
+# writes always go to the first database.
+#Name: fulldb
+#Driver: Stack
+#Stack: configdb, remotedb
+#
+# In this example, we'd use Config: fulldb at the top of the file
+# to make it use the combination of the databases.
+#
+# Even more complex and interesting setups are possible, see the
+# debconf.conf(5) page for details.
--- /dev/null
+bullseye/sid
--- /dev/null
+# Configuration script for amd64-microcode version 3
+
+#
+# initramfs helper
+#
+
+#
+# Set this to "no" to disable automatic microcode updates on boot;
+# Set this to "early" to always install microcode updates to the early initramfs
+# Set this to "auto" to autodetect mode for current system (default);
+#
+#AMD64UCODE_INITRAMFS=auto
+
--- /dev/null
+# set this to 0 to disable apport, or to 1 to enable it
+# you can temporarily override this with
+# sudo service apport start force_start=1
+enabled=1
--- /dev/null
+# Uncomment the following line if you'd like all of your users'
+# ~/calendar files to be checked daily. Calendar will send them mail
+# to remind them of upcoming events. See calendar(1) for more details.
+#RUN_DAILY=true
--- /dev/null
+# CONFIGURATION FILE FOR SETUPCON
+
+# Consult the console-setup(5) manual page.
+
+ACTIVE_CONSOLES="/dev/tty[1-6]"
+
+CHARMAP="UTF-8"
+
+CODESET="guess"
+FONTFACE="Fixed"
+FONTSIZE="8x16"
+
+VIDEOMODE=
+
+# The following is an example how to use a braille font
+# FONT='lat9w-08.psf.gz brl-8x8.psf'
--- /dev/null
+# Set REGDOMAIN to a ISO/IEC 3166-1 alpha2 country code so that iw(8) may set
+# the initial regulatory domain setting for IEEE 802.11 devices which operate
+# on this system.
+#
+# Governments assert the right to regulate usage of radio spectrum within
+# their respective territories so make sure you select a ISO/IEC 3166-1 alpha2
+# country code suitable for your location or you may infringe on local
+# legislature. See `/usr/share/zoneinfo/zone.tab' for a table of timezone
+# descriptions containing ISO/IEC 3166-1 alpha2 country codes.
+
+REGDOMAIN=
--- /dev/null
+# This file has been deprecated. Please add custom options for cron using
+# $ systemctl edit cron.service
+# or
+# $ systemctl edit --full cron.service
--- /dev/null
+# Run cryptdisks initscripts at startup? Default is Yes.
+CRYPTDISKS_ENABLE=Yes
+
+# Mountpoints to mount, before cryptsetup is invoked at initscripts. Takes
+# mountpoins which are configured in /etc/fstab as arguments. Separate
+# mountpoints by space.
+# This is useful for keyfiles on removable media. Default is unset.
+CRYPTDISKS_MOUNT=""
+
+# Default check script. Takes effect, if the 'check' option is set in crypttab
+# without a value.
+CRYPTDISKS_CHECK=blkid
--- /dev/null
+# This is a configuration file for /etc/init.d/dbus; it allows you to
+# perform common modifications to the behavior of the dbus daemon
+# startup without editing the init script (and thus getting prompted
+# by dpkg on upgrades). We all love dpkg prompts.
+
+# Parameters to pass to dbus.
+PARAMS=""
--- /dev/null
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+# info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT_STYLE=hidden
+GRUB_TIMEOUT=0
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity"
+GRUB_CMDLINE_LINUX=""
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"
--- /dev/null
+# Work around a bug in the obsolete init-select package which broke
+# grub-mkconfig when init-select was removed but not purged. This file does
+# nothing and will be removed in a later release.
+#
+# See:
+# https://bugs.debian.org/858528
+# https://bugs.debian.org/863801
--- /dev/null
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+# info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT_STYLE=hidden
+GRUB_TIMEOUT=0
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="maybe-ubiquity"
+GRUB_CMDLINE_LINUX=""
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"
--- /dev/null
+# Configuration script for intel-microcode version 3
+
+#
+# initramfs helper
+#
+
+# Set this to "no" to disable automatic microcode updates on boot;
+# Set this to "auto" to use early initramfs mode automatically (default);
+# Set this to "early" to always attempt to create an early initramfs;
+#IUCODE_TOOL_INITRAMFS=auto
+
+# Set this to "yes" (default) to use "iucode_tool --scan-system" to reduce
+# the initramfs size bloat, by detecting which Intel processors are active
+# in this system, and installing only their microcodes.
+#
+# Set this to "no" to either include all microcodes, or only the microcodes
+# selected through the use of IUCODE_TOOL_EXTRA_OPTIONS below.
+#
+# WARNING: including all microcodes will increase initramfs size greatly.
+# This can cause boot issues if the initramfs is already large.
+#IUCODE_TOOL_SCANCPUS=yes
+
+# Extra options to pass to iucode_tool, useful to forbid or to
+# force the inclusion of microcode for specific processor signatures.
+# See iucode_tool(8) for details.
+#IUCODE_TOOL_EXTRA_OPTIONS=""
--- /dev/null
+# irqbalance is a daemon process that distributes interrupts across
+# CPUS on SMP systems. The default is to rebalance once every 10
+# seconds. This is the environment file that is specified to systemd via the
+# EnvironmentFile key in the service unit file (or via whatever method the init
+# system you're using has.
+#
+# ONESHOT=yes
+# after starting, wait for a minute, then look at the interrupt
+# load and balance it once; after balancing exit and do not change
+# it again.
+#IRQBALANCE_ONESHOT=
+
+#
+# IRQBALANCE_BANNED_CPUS
+# 64 bit bitmask which allows you to indicate which cpu's should
+# be skipped when reblancing irqs. Cpu numbers which have their
+# corresponding bits set to one in this mask will not have any
+# irq's assigned to them on rebalance
+#
+#IRQBALANCE_BANNED_CPUS=
+
+#
+# IRQBALANCE_ARGS
+# append any args here to the irqbalance daemon as documented in the man page
+#
+#IRQBALANCE_ARGS=
--- /dev/null
+# KEYBOARD CONFIGURATION FILE
+
+# Consult the keyboard(5) manual page.
+
+XKBMODEL="pc105"
+XKBLAYOUT="us"
+XKBVARIANT=""
+XKBOPTIONS=""
+
+BACKSPACE="guess"
--- /dev/null
+LANG=en_US.UTF-8
--- /dev/null
+# mdadm Debian configuration
+#
+# You can run 'dpkg-reconfigure mdadm' to modify the values in this file, if
+# you want. You can also change the values here and changes will be preserved.
+# Do note that only the values are preserved; the rest of the file is
+# rewritten.
+#
+
+# AUTOCHECK:
+# should mdadm run periodic redundancy checks over your arrays? See
+# /etc/cron.d/mdadm.
+AUTOCHECK=true
+
+# AUTOSCAN:
+# should mdadm check once a day for degraded arrays? See
+# /etc/cron.daily/mdadm.
+AUTOSCAN=true
+
+# START_DAEMON:
+# should mdadm start the MD monitoring daemon during boot?
+START_DAEMON=true
+
+# DAEMON_OPTIONS:
+# additional options to pass to the daemon.
+DAEMON_OPTIONS="--syslog"
+
+# VERBOSE:
+# if this variable is set to true, mdadm will be a little more verbose e.g.
+# when creating the initramfs.
+VERBOSE=false
--- /dev/null
+# Enable/disable the dynamic MOTD news service
+# This is a useful way to provide dynamic, informative
+# information pertinent to the users and administrators
+# of the local system
+ENABLED=0
+
+# Configure the source of dynamic MOTD news
+# White space separated list of 0 to many news services
+# For security reasons, these must be https
+# and have a valid certificate
+# Canonical runs a service at motd.ubuntu.com, and you
+# can easily run one too
+URLS="https://motd.ubuntu.com"
+
+# Specify the time in seconds, you're willing to wait for
+# dynamic MOTD news
+# Note that news messages are fetched in the background by
+# a systemd timer, so this should never block boot or login
+WAIT=5
--- /dev/null
+# Specify command line options here. This config file is used
+# by the included systemd service file.
+networkd_dispatcher_args="--run-startup-triggers"
--- /dev/null
+# Note: You may want to look at the following page before setting the ULIMIT.
+# http://wiki.nginx.org/CoreModule#worker_rlimit_nofile
+# Set the ulimit variable if you need defaults to change.
+# Example: ULIMIT="-n 4096"
+#ULIMIT="-n 4096"
+
+# Define the stop schedule for nginx
+# see the start-stop-daemon --retry documentation for more information
+#
+#STOP_SCHEDULE="QUIT/5/TERM/5/KILL/5"
--- /dev/null
+# /etc/default/nss
+# This file can theoretically contain a bunch of customization variables
+# for Name Service Switch in the GNU C library. For now there are only
+# four variables:
+#
+# NETID_AUTHORITATIVE
+# If set to TRUE, the initgroups() function will accept the information
+# from the netid.byname NIS map as authoritative. This can speed up the
+# function significantly if the group.byname map is large. The content
+# of the netid.byname map is used AS IS. The system administrator has
+# to make sure it is correctly generated.
+#NETID_AUTHORITATIVE=TRUE
+#
+# SERVICES_AUTHORITATIVE
+# If set to TRUE, the getservbyname{,_r}() function will assume
+# services.byservicename NIS map exists and is authoritative, particularly
+# that it contains both keys with /proto and without /proto for both
+# primary service names and service aliases. The system administrator
+# has to make sure it is correctly generated.
+#SERVICES_AUTHORITATIVE=TRUE
+#
+# SETENT_BATCH_READ
+# If set to TRUE, various setXXent() functions will read the entire
+# database at once and then hand out the requests one by one from
+# memory with every getXXent() call. Otherwise each getXXent() call
+# might result into a network communication with the server to get
+# the next entry.
+#SETENT_BATCH_READ=TRUE
+#
+# ADJUNCT_AS_SHADOW
+# If set to TRUE, the passwd routines in the NIS NSS module will not
+# use the passwd.adjunct.byname tables to fill in the password data
+# in the passwd structure. This is a security problem if the NIS
+# server cannot be trusted to send the passwd.adjuct table only to
+# privileged clients. Instead the passwd.adjunct.byname table is
+# used to synthesize the shadow.byname table if it does not exist.
+ADJUNCT_AS_SHADOW=TRUE
--- /dev/null
+# List of LVMed iSCSI Volume Groups.
+# Multiple Volume Groups can be specified with spaces
+#
+# This list defines the Volume Groups that should be activated at boot
+# after iSCSI has been activated. If you use dynamic activation of LVM
+# volumes (lvmetad), you can (and should) leave this empty.
+#
+# On shutdown, this setting typically has no effect, since open-iscsi
+# tries to determine all active VGs on iSCSI and deactivate them.
+# However, if you have a really complicated stacking setup that isn't
+# automatically detected, volume groups defined here will also be
+# deactivated.
+#
+# To see whether open-iscsi is able to properly detect your setup for
+# shutdown, execute the following on a running system:
+# /lib/open-iscsi/umountiscsi.sh --dry-run
+# This will tell you what steps will betaken at shutdown before logging
+# out of the iSCSI session.
+LVMGROUPS=""
+
+
+# Handle _netdev devices
+# You can specify your iSCSI (LVMed or Multipathed or DM Encrypted)
+# devices with the _netdev mount option and open-iscsi will treat them
+# accordingly.
+#
+# Note: however, handling _netdev devices comes with the caveat that
+# other _netdev mounts, like an NFS share, also get pulled in with it.
+#
+# If this option is set to 0, no iSCSI mounts in /etc/fstab will be
+# automatically mounted on systems running sysvinit. This setting is
+# not necessary when using systemd as init system (Debian's default).
+HANDLE_NETDEV=1
+
+
+# Additional mounts to exclude at shutdown.
+#
+# If you have additional mounts on iSCSI that shouldn't be umounted at
+# shutdown by open-iscsi (by default, open-iscsi excludes / and on
+# systemd systems als /usr), place them here. iSCSI sessions that carry
+# these mounts will also be kept open.
+#
+# If any of these mountpoints contain spaces, please use the same
+# escaping as in /etc/fstab, i.e. replace the spaces with \040.
+EXCLUDE_MOUNTS_AT_SHUTDOWN=""
+
+
+
+# Don't logout from ANY iSCSI session on shutdown
+#
+# When shutting down, if the root filesystem is on iSCSI, open-iscsi
+# tries to determine which sessions are still required for the root
+# filesystem. By default, the host will still logout from all other
+# sessions.
+#
+# If you are running a very complicated setup of your root filesystem
+# (multiple mapping levels stacked on top of each other), it may be the
+# case that the autodetection logic doesn't work propery. You may then
+# enable this setting to keep around all iSCSI sessions.
+#
+# Note that /etc/iscsi/iscsi.initramfs must exist for this option to
+# have any effect at all.
+#
+# This was the default behavior in previous versions of this package
+# up to the version that shipped with Debian 8 (Jessie).
+#
+ISCSI_ROOT_KEEP_ALL_SESSIONS_AT_SHUTDOWN=0
--- /dev/null
+# These the options that are used by pollinate(1) by default.
+# Note that any option here can be overriden on the command line
+# at invocation time. Please see pollinate(1) for documentation.
+BINARY=1
+QUIET=0
+WAIT=10
+DEVICE="/dev/urandom"
+SERVER="https://entropy.ubuntu.com/"
+POOL=""
+CURL_OPTS="--cacert /etc/pollinate/entropy.ubuntu.com.pem --capath /dev/null"
--- /dev/null
+# defaults file for rsync daemon mode
+#
+# This file is only used for init.d based systems!
+# If this system uses systemd, you can specify options etc. for rsync
+# in daemon mode by copying /lib/systemd/system/rsync.service to
+# /etc/systemd/system/rsync.service and modifying the copy; add required
+# options to the ExecStart line.
+
+# start rsync in daemon mode from init.d script?
+# only allowed values are "true", "false", and "inetd"
+# Use "inetd" if you want to start the rsyncd from inetd,
+# all this does is prevent the init.d script from printing a message
+# about not starting rsyncd (you still need to modify inetd's config yourself).
+RSYNC_ENABLE=false
+
+# which file should be used as the configuration file for rsync.
+# This file is used instead of the default /etc/rsyncd.conf
+# Warning: This option has no effect if the daemon is accessed
+# using a remote shell. When using a different file for
+# rsync you might want to symlink /etc/rsyncd.conf to
+# that file.
+# RSYNC_CONFIG_FILE=
+
+# what extra options to give rsync --daemon?
+# that excludes the --daemon; that's always done in the init.d script
+# Possibilities are:
+# --address=123.45.67.89 (bind to a specific IP address)
+# --port=8730 (bind to specified port; default 873)
+RSYNC_OPTS=''
+
+# run rsyncd at a nice level?
+# the rsync daemon can impact performance due to much I/O and CPU usage,
+# so you may want to run it at a nicer priority than the default priority.
+# Allowed values are 0 - 19 inclusive; 10 is a reasonable value.
+RSYNC_NICE=''
+
+# run rsyncd with ionice?
+# "ionice" does for IO load what "nice" does for CPU load.
+# As rsync is often used for backups which aren't all that time-critical,
+# reducing the rsync IO priority will benefit the rest of the system.
+# See the manpage for ionice for allowed options.
+# -c3 is recommended, this will run rsync IO at "idle" priority. Uncomment
+# the next line to activate this.
+# RSYNC_IONICE='-c3'
+
+# Don't forget to create an appropriate config file,
+# else the daemon will not start.
--- /dev/null
+# Defaults for smartmontools initscript (/etc/init.d/smartmontools)
+# This is a POSIX shell fragment
+
+# List of devices you want to explicitly enable S.M.A.R.T. for
+# Not needed (and not recommended) if the device is monitored by smartd
+#enable_smart="/dev/hda /dev/hdb"
+
+# uncomment to pass additional options to smartd on startup
+#smartd_opts="--interval=1800"
--- /dev/null
+# Default settings for openssh-server. This file is sourced by /bin/sh from
+# /etc/init.d/ssh.
+
+# Options to pass to sshd
+SSHD_OPTS=
--- /dev/null
+#
+# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat
+# and /etc/cron.daily/sysstat files
+#
+
+# Should sadc collect system activity informations? Valid values
+# are "true" and "false". Please do not put other values, they
+# will be overwritten by debconf!
+ENABLED="false"
+
--- /dev/null
+# /etc/default/ufw
+#
+
+# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
+# accepted). You will need to 'disable' and then 'enable' the firewall for
+# the changes to take affect.
+IPV6=yes
+
+# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if
+# you change this you will most likely want to adjust your rules.
+DEFAULT_INPUT_POLICY="DROP"
+
+# Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if
+# you change this you will most likely want to adjust your rules.
+DEFAULT_OUTPUT_POLICY="ACCEPT"
+
+# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
+# if you change this you will most likely want to adjust your rules
+DEFAULT_FORWARD_POLICY="DROP"
+
+# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
+# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
+# details
+DEFAULT_APPLICATION_POLICY="SKIP"
+
+# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
+# manage the built-in chains too. Warning: setting this to 'yes' will break
+# non-ufw managed firewall rules
+MANAGE_BUILTINS=no
+
+#
+# IPT backend
+#
+# only enable if using iptables backend
+IPT_SYSCTL=/etc/ufw/sysctl.conf
+
+# Extra connection tracking modules to load. IPT_MODULES should typically be
+# empty for new installations and modules added only as needed. See
+# 'CONNECTION HELPERS' from 'man ufw-framework' for details. Complete list can
+# be found in net/netfilter/Kconfig of your kernel source. Some common modules:
+# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support
+# nf_conntrack_netbios_ns: NetBIOS (samba) client support
+# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
+# nf_conntrack_ftp, nf_nat_ftp: active FTP support
+# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
+# nf_conntrack_sane: sane support
+IPT_MODULES=""
--- /dev/null
+# Default values for useradd(8)
+#
+# The SHELL variable specifies the default login shell on your
+# system.
+# Similar to DSHELL in adduser. However, we use "sh" here because
+# useradd is a low level utility and should be as general
+# as possible
+SHELL=/bin/sh
+#
+# The default group for users
+# 100=users on Debian systems
+# Same as USERS_GID in adduser
+# This argument is used when the -n flag is specified.
+# The default behavior (when -n and -g are not specified) is to create a
+# primary user group with the same name as the user being added to the
+# system.
+# GROUP=100
+#
+# The default home directory. Same as DHOME for adduser
+# HOME=/home
+#
+# The number of days after a password expires until the account
+# is permanently disabled
+# INACTIVE=-1
+#
+# The default expire date
+# EXPIRE=
+#
+# The SKEL variable specifies the directory containing "skeletal" user
+# files; in other words, files such as a sample .profile that will be
+# copied to the new user's home directory when it is created.
+# SKEL=/etc/skel
+#
+# Defines whether the mail spool should be created while
+# creating the account
+# CREATE_MAIL_SPOOL=yes
+
--- /dev/null
+# /etc/deluser.conf: `deluser' configuration.
+
+# Remove home directory and mail spool when user is removed
+REMOVE_HOME = 0
+
+# Remove all files on the system owned by the user to be removed
+REMOVE_ALL_FILES = 0
+
+# Backup files before removing them. This options has only an effect if
+# REMOVE_HOME or REMOVE_ALL_FILES is set.
+BACKUP = 0
+
+# target directory for the backup file
+BACKUP_TO = "."
+
+# delete a group even there are still users in this group
+ONLY_IF_EMPTY = 0
+
+# exclude these filesystem types when searching for files of a user to backup
+EXCLUDE_FSTYPES = "(proc|sysfs|usbfs|devpts|tmpfs|afs)"
--- /dev/null
+search updates ubuntu built-in
--- /dev/null
+#
+# The purpose of this script is just to show the variables that are
+# available to all the scripts in this directory. All these scripts are
+# called from dhclient-script, which exports all the variables shown
+# before. If you want to debug a problem with your DHCP setup you can
+# enable this script and take a look at /tmp/dhclient-script.debug.
+
+# To enable this script set the following variable to "yes"
+RUN="no"
+
+if [ "$RUN" = "yes" ]; then
+ echo "$(date): entering ${1%/*}, dumping variables." \
+ >> /tmp/dhclient-script.debug
+
+ # loop over the 4 possible prefixes: (empty), cur_, new_, old_
+ for prefix in '' 'cur_' 'new_' 'old_'; do
+ # loop over the DHCP variables passed to dhclient-script
+ for basevar in reason interface medium alias_ip_address \
+ ip_address host_name network_number subnet_mask \
+ broadcast_address routers static_routes \
+ rfc3442_classless_static_routes \
+ domain_name domain_search domain_name_servers \
+ netbios_name_servers netbios_scope \
+ ntp_servers \
+ ip6_address ip6_prefix ip6_prefixlen \
+ dhcp6_domain_search dhcp6_name_servers ; do
+ var="${prefix}${basevar}"
+ eval "content=\$$var"
+
+ # show only variables with values set
+ if [ -n "${content}" ]; then
+ echo "$var='${content}'" >> /tmp/dhclient-script.debug
+ fi
+ done
+ done
+
+ echo '--------------------------' >> /tmp/dhclient-script.debug
+fi
--- /dev/null
+../debug
\ No newline at end of file
--- /dev/null
+#
+# Script fragment to make dhclient supply nameserver information to resolvconf
+#
+
+# Tips:
+# * Be careful about changing the environment since this is sourced
+# * This script fragment uses bash features
+# * As of isc-dhcp-client 4.2 the "reason" (for running the script) can be one of the following.
+# (Listed on man page:) MEDIUM(0) PREINIT(0) BOUND(M) RENEW(M) REBIND(M) REBOOT(M) EXPIRE(D) FAIL(D) RELEASE(D) STOP(D) NBI(-) TIMEOUT(M)
+# (Also used in master script:) ARPCHECK(0), ARPSEND(0)
+# (Also used in master script:) PREINIT6(0) BOUND6(M) RENEW6(M) REBIND6(M) DEPREF6(0) EXPIRE6(D) RELEASE6(D) STOP6(D)
+# (0) = master script does not run make_resolv_conf
+# (M) = master script runs make_resolv_conf
+# (D) = master script downs interface
+# (-) = master script does nothing with this
+
+if systemctl is-enabled systemd-resolved > /dev/null 2>&1; then
+ # For safety, first undefine the nasty default make_resolv_conf()
+ make_resolv_conf() { : ; }
+ case "$reason" in
+ BOUND|RENEW|REBIND|REBOOT|TIMEOUT|BOUND6|RENEW6|REBIND6)
+ # Define a resolvconf-compatible m_r_c() function
+ # It gets run later (or, in the TIMEOUT case, MAY get run later)
+ make_resolv_conf() {
+ local statedir
+ if [ ! "$interface" ] ; then
+ return
+ fi
+ statedir="/run/systemd/resolved.conf.d"
+ mkdir -p $statedir
+
+ oldstate="$(mktemp)"
+ md5sum $statedir/isc-dhcp-v4-$interface.conf $statedir/isc-dhcp-v6-$interface.conf > $oldstate 2> /dev/null
+ if [ -n "$new_domain_name_servers" ] ; then
+ cat <<EOF >$statedir/isc-dhcp-v4-$interface.conf
+[Resolve]
+DNS=$new_domain_name_servers
+EOF
+ if [ -n "$new_domain_name" ] || [ -n "$new_domain_search" ] ; then
+ cat <<EOF >>$statedir/isc-dhcp-v4-$interface.conf
+Domains=$new_domain_search $new_domain_name
+EOF
+ fi
+ fi
+ if [ -n "$new_dhcp6_name_servers" ] ; then
+ cat <<EOF >$statedir/isc-dhcp-v6-$interface.conf
+[Resolve]
+DNS=$new_dhcp6_name_servers
+EOF
+ if [ -n "$new_dhcp6_domain_search" ] ; then
+ cat <<EOF >>$statedir/isc-dhcp-v6-$interface.conf
+Domains=$new_dhcp6_domain_search
+EOF
+ fi
+ fi
+
+ newstate="$(mktemp)"
+ md5sum $statedir/isc-dhcp-v4-$interface.conf $statedir/isc-dhcp-v6-$interface.conf > $newstate 2> /dev/null
+ if ! cmp --quiet $oldstate $newstate; then
+ # We need to reset-failed to reset the start limit counter,
+ # in case we're processing more than StartLimitBurst interfaces
+ # LP: #1939255
+ systemctl reset-failed systemd-resolved.service
+ systemctl try-reload-or-restart systemd-resolved.service
+ fi
+
+ rm $oldstate
+ rm $newstate
+ }
+ ;;
+
+ EXPIRE|FAIL|RELEASE|STOP)
+ if [ ! "$interface" ] ; then
+ return
+ fi
+ rm -f /run/systemd/resolved.conf.d/isc-dhcp-v4-$interface.conf
+ systemctl try-reload-or-restart systemd-resolved.service
+ ;;
+ EXPIRE6|RELEASE6|STOP6)
+ if [ ! "$interface" ] ; then
+ return
+ fi
+ rm -f /run/systemd/resolved.conf.d/isc-dhcp-v6-$interface.conf
+ systemctl try-reload-or-restart systemd-resolved.service
+ ;;
+ esac
+fi
--- /dev/null
+../debug
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+# This file is part of cloud-init. See LICENSE file for license information.
+
+# This script writes DHCP lease information into the cloud-init run directory
+# It is sourced, not executed. For more information see dhclient-script(8).
+
+is_azure() {
+ local dmi_path="/sys/class/dmi/id/board_vendor" vendor=""
+ if [ -e "$dmi_path" ] && read vendor < "$dmi_path"; then
+ [ "$vendor" = "Microsoft Corporation" ] && return 0
+ fi
+ return 1
+}
+
+is_enabled() {
+ # only execute hooks if cloud-init is enabled and on azure
+ [ -e /run/cloud-init/enabled ] || return 1
+ is_azure
+}
+
+if is_enabled; then
+ case "$reason" in
+ BOUND) cloud-init dhclient-hook up "$interface";;
+ DOWN|RELEASE|REBOOT|STOP|EXPIRE)
+ cloud-init dhclient-hook down "$interface";;
+ esac
+fi
--- /dev/null
+# set classless routes based on the format specified in RFC3442
+# e.g.:
+# new_rfc3442_classless_static_routes='24 192 168 10 192 168 1 1 8 10 10 17 66 41'
+# specifies the routes:
+# 192.168.10.0/24 via 192.168.1.1
+# 10.0.0.0/8 via 10.10.17.66.41
+
+RUN="yes"
+
+
+if [ "$RUN" = "yes" ]; then
+ if [ -n "$new_rfc3442_classless_static_routes" ]; then
+ if [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ]; then
+
+ set -- $new_rfc3442_classless_static_routes
+
+ while [ $# -gt 0 ]; do
+ net_length=$1
+ via_arg=''
+
+ case $net_length in
+ 32|31|30|29|28|27|26|25)
+ if [ $# -lt 9 ]; then
+ return 1
+ fi
+ net_address="${2}.${3}.${4}.${5}"
+ gateway="${6}.${7}.${8}.${9}"
+ shift 9
+ ;;
+ 24|23|22|21|20|19|18|17)
+ if [ $# -lt 8 ]; then
+ return 1
+ fi
+ net_address="${2}.${3}.${4}.0"
+ gateway="${5}.${6}.${7}.${8}"
+ shift 8
+ ;;
+ 16|15|14|13|12|11|10|9)
+ if [ $# -lt 7 ]; then
+ return 1
+ fi
+ net_address="${2}.${3}.0.0"
+ gateway="${4}.${5}.${6}.${7}"
+ shift 7
+ ;;
+ 8|7|6|5|4|3|2|1)
+ if [ $# -lt 6 ]; then
+ return 1
+ fi
+ net_address="${2}.0.0.0"
+ gateway="${3}.${4}.${5}.${6}"
+ shift 6
+ ;;
+ 0) # default route
+ if [ $# -lt 5 ]; then
+ return 1
+ fi
+ net_address="0.0.0.0"
+ gateway="${2}.${3}.${4}.${5}"
+ shift 5
+ ;;
+ *) # error
+ return 1
+ ;;
+ esac
+
+ # take care of link-local routes
+ if [ "${gateway}" != '0.0.0.0' ]; then
+ via_arg="via ${gateway}"
+ fi
+
+ # set route (ip detects host routes automatically)
+ ip -4 route add "${net_address}/${net_length}" \
+ ${via_arg} dev "${interface}" >/dev/null 2>&1
+ done
+ fi
+ fi
+fi
--- /dev/null
+TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf
+
+timesyncd_servers_setup_remove() {
+ if [ -e $TIMESYNCD_CONF ]; then
+ rm -f $TIMESYNCD_CONF
+ systemctl try-restart systemd-timesyncd.service || true
+ fi
+}
+
+timesyncd_servers_setup_add() {
+ if [ ! -d /run/systemd/system ]; then
+ return
+ fi
+
+ if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
+ return
+ fi
+
+ if [ -z "$new_ntp_servers" ]; then
+ timesyncd_servers_setup_remove
+ return
+ fi
+
+ mkdir -p $(dirname $TIMESYNCD_CONF)
+ cat <<EOF > ${TIMESYNCD_CONF}.new
+# NTP server entries received from DHCP server
+[Time]
+NTP=$new_ntp_servers
+EOF
+ mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF}
+ systemctl try-restart systemd-timesyncd.service || true
+}
+
+
+case $reason in
+ BOUND|RENEW|REBIND|REBOOT)
+ timesyncd_servers_setup_add
+ ;;
+ EXPIRE|FAIL|RELEASE|STOP)
+ timesyncd_servers_setup_remove
+ ;;
+esac
--- /dev/null
+# Configuration file for /sbin/dhclient.
+#
+# This is a sample configuration file for dhclient. See dhclient.conf's
+# man page for more information about the syntax of this file
+# and a more comprehensive list of the parameters understood by
+# dhclient.
+#
+# Normally, if the DHCP server provides reasonable information and does
+# not leave anything out (like the domain name, for example), then
+# few changes must be made to this file, if any.
+#
+
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+
+send host-name = gethostname();
+request subnet-mask, broadcast-address, time-offset, routers,
+ domain-name, domain-name-servers, domain-search, host-name,
+ dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
+ netbios-name-servers, netbios-scope, interface-mtu,
+ rfc3442-classless-static-routes, ntp-servers;
+
+#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
+#send dhcp-lease-time 3600;
+#supersede domain-name "fugue.com home.vix.com";
+#prepend domain-name-servers 127.0.0.1;
+#require subnet-mask, domain-name-servers;
+timeout 300;
+#retry 60;
+#reboot 10;
+#select-timeout 5;
+#initial-interval 2;
+#script "/sbin/dhclient-script";
+#media "-link0 -link1 -link2", "link0 link1";
+#reject 192.33.137.209;
+
+#alias {
+# interface "eth0";
+# fixed-address 192.5.5.213;
+# option subnet-mask 255.255.255.255;
+#}
+
+#lease {
+# interface "eth0";
+# fixed-address 192.33.137.200;
+# medium "link0 link1";
+# option host-name "andare.swiftmedia.com";
+# option subnet-mask 255.255.255.0;
+# option broadcast-address 192.33.137.255;
+# option routers 192.33.137.250;
+# option domain-name-servers 127.0.0.1;
+# renew 2 2000/1/12 00:00:01;
+# rebind 2 2000/1/12 00:00:01;
+# expire 2 2000/1/12 00:00:01;
+#}
--- /dev/null
+# dpkg configuration file
+#
+# This file can contain default options for dpkg. All command-line
+# options are allowed. Values can be specified by putting them after
+# the option, separated by whitespace and/or an `=' sign.
+#
+
+# Do not enable debsig-verify by default; since the distribution is not using
+# embedded signatures, debsig-verify would reject all packages.
+no-debsig
+
+# Log status changes and actions to a file.
+log /var/log/dpkg.log
--- /dev/null
+post-invoke=if { test "$DPKG_HOOK_ACTION" = add-architecture || test "$DPKG_HOOK_ACTION" = remove-architecture; } && test -x /usr/share/pkg-config-dpkghook; then /usr/share/pkg-config-dpkghook update; fi
--- /dev/null
+Vendor: Debian
+Vendor-URL: http://www.debian.org/
+Bugs: debbugs://bugs.debian.org
--- /dev/null
+ubuntu
\ No newline at end of file
--- /dev/null
+Vendor: Ubuntu
+Vendor-URL: http://www.ubuntu.com/
+Bugs: https://bugs.launchpad.net/ubuntu/+filebug
+Parent: Debian
--- /dev/null
+# dpkg shlibs defaults file
+#
+# This file contains shlibs entries that are used as a last resort when
+# no matching entries are found elsewhere. For more information see the
+# dpkg-shlibdeps(1) manual page.
+#
+# <library name> <version/soname> <dependencies>
--- /dev/null
+# dpkg shlibs override file
+#
+# Entries in this file will override all others, only use if you
+# are really sure that is what you want!
+#
+# For more information see the dpkg-shlibdeps(1) manual page.
+#
+# <library name> <version/soname> <dependencies>
--- /dev/null
+# e2scrub configuration file
+
+# Uncomment to enable automatic periodic runs of e2scrub_all
+# (either via cron or via a systemd timer)
+# periodic_e2scrub=1
+
+# e-mail destination used by e2scrub_fail when problems are found with
+# the file system.
+# recipient=root
+
+# e-mail sender used by e2scrub_fail when problems are found with
+# the file system.
+# sender=e2scrub@host.domain.name
+
+# Snapshots will be created to run fsck; the snapshot will be of this size.
+# snap_size_mb=256
+
+# Set this to 1 to enable fstrim for everyone.
+# fstrim=0
+
+# Arguments passed into e2fsck.
+# e2fsck_opts="-vtt"
+
+# Set this to 1 to have e2scrub_all scrub all LVs, not just the mounted ones.
+# scrub_all=0
--- /dev/null
+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
--- /dev/null
+# Ethernet frame types
+#
+# The EtherType is a two-octet field of Ethernet frames used to indicate
+# which protocol is contained in their payload.
+#
+# More entries, mostly historical, can be found on:
+# https://www.iana.org/assignments/ieee-802-numbers/
+# http://standards-oui.ieee.org/ethertype/eth.txt
+#
+# <name> <hexnumber> <alias1>...<alias35> # Comment
+#
+IPv4 0800 ip ip4 # IP (IPv4)
+X25 0805
+ARP 0806 ether-arp # Address Resolution Protocol
+FR_ARP 0808 # Frame Relay ARP [RFC1701]
+BPQ 08FF # G8BPQ AX.25 over Ethernet
+TRILL 22F3 # TRILL [RFC6325]
+L2-IS-IS 22F4 # TRILL IS-IS [RFC6325]
+TEB 6558 # Transparent Ethernet Bridging [RFC1701]
+RAW_FR 6559 # Raw Frame Relay [RFC1701]
+RARP 8035 # Reverse ARP [RFC903]
+ATALK 809B # Appletalk
+AARP 80F3 # Appletalk Address Resolution Protocol
+802_1Q 8100 8021q 1q 802.1q dot1q # VLAN tagged frame [802.1q]
+IPX 8137 # Novell IPX
+NetBEUI 8191 # NetBEUI
+IPv6 86DD ip6 # IP version 6
+PPP 880B # Point-to-Point Protocol
+MPLS 8847 # MPLS [RFC5332]
+MPLS_MULTI 8848 # MPLS with upstream-assigned label [RFC5332]
+ATMMPOA 884C # MultiProtocol over ATM
+PPP_DISC 8863 # PPP over Ethernet discovery stage
+PPP_SES 8864 # PPP over Ethernet session stage
+ATMFATE 8884 # Frame-based ATM Transport over Ethernet
+EAPOL 888E # EAP over LAN [802.1x]
+S-TAG 88A8 # QinQ Service VLAN tag identifier [802.1q]
+EAP_PREAUTH 88C7 # EAPOL Pre-Authentication [802.11i]
+LLDP 88CC # Link Layer Discovery Protocol [802.1ab]
+MACSEC 88E5 # Media Access Control Security [802.1ae]
+PBB 88E7 macinmac # Provider Backbone Bridging [802.1ah]
+MVRP 88F5 # Multiple VLAN Registration Protocol [802.1q]
+PTP 88F7 # Precision Time Protocol
+FCOE 8906 # Fibre Channel over Ethernet
+FIP 8914 # FCoE Initialization Protocol
+ROCE 8915 # RDMA over Converged Ethernet
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+<!-- Use the Antialiasing -->
+ <match target="pattern">
+ <edit name="antialias" mode="append"><bool>true</bool></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Enable autohinter</description>
+<!-- Use the Autohinter -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="autohint" mode="append"><bool>true</bool></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set hintfull to hintstyle</description>
+
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="hintstyle" mode="append"><const>hintfull</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set hintmedium to hintstyle</description>
+
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="hintstyle" mode="append"><const>hintmedium</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set hintnone to hintstyle</description>
+
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="hintstyle" mode="append"><const>hintnone</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set hintslight to hintstyle</description>
+
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="hintstyle" mode="append"><const>hintslight</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Disable sub-pixel rendering</description>
+<!-- Disable sub-pixel rendering -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="rgba" mode="append"><const>none</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Bitmap scaling</description>
+<!--
+ If font is bitmap, calculate scale factor.
+ Note that color bitmap fonts have scalable=true, while
+ non-color ones have scalable=false. Both groups have outline=false.
+ -->
+<match target="font">
+ <test name="outline" compare="eq">
+ <bool>false</bool>
+ </test>
+ <edit name="pixelsizefixupfactor" mode="assign">
+ <divide>
+ <name target="pattern">pixelsize</name>
+ <name target="font" >pixelsize</name>
+ </divide>
+ </edit>
+</match>
+<!--
+ For non-scalable bitmap fonts (ie. non-color), skip
+ minor scaling if hinting is enabled.
+ -->
+<match target="font">
+ <test name="outline" compare="eq">
+ <bool>false</bool>
+ </test>
+ <test name="scalable" compare="eq">
+ <bool>false</bool>
+ </test>
+ <test name="hinting" compare="eq">
+ <bool>true</bool>
+ </test>
+ <edit name="scalingnotneeded" mode="assign">
+ <and>
+ <less>
+ <name>pixelsizefixupfactor</name>
+ <double>1.2</double>
+ </less>
+ <more>
+ <name>pixelsizefixupfactor</name>
+ <double>0.8</double>
+ </more>
+ </and>
+ </edit>
+</match>
+<match target="font">
+ <test name="scalingnotneeded" compare="eq">
+ <bool>true</bool>
+ </test>
+ <edit name="pixelsizefixupfactor" mode="assign">
+ <double>1.0</double>
+ </edit>
+</match>
+<!--
+ If we *are* going to scale, go ahead and do it.
+ -->
+<match target="font">
+ <test name="outline" compare="eq">
+ <bool>false</bool>
+ </test>
+ <test name="pixelsizefixupfactor" compare="not_eq">
+ <double>1.0</double>
+ </test>
+ <edit name="matrix" mode="assign">
+ <times>
+ <name>matrix</name>
+ <matrix>
+ <name>pixelsizefixupfactor</name> <double>0</double>
+ <double>0</double> <name>pixelsizefixupfactor</name>
+ </matrix>
+ </times>
+ </edit>
+ <edit name="size" mode="assign">
+ <divide>
+ <name>size</name>
+ <name>pixelsizefixupfactor</name>
+ </divide>
+ </edit>
+</match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Enable sub-pixel rendering with the BGR stripes layout</description>
+<!-- Enable sub-pixel rendering -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="rgba" mode="append"><const>bgr</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Enable sub-pixel rendering with the RGB stripes layout</description>
+<!-- Enable sub-pixel rendering -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="rgba" mode="append"><const>rgb</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Enable sub-pixel rendering with the vertical BGR stripes layout</description>
+<!-- Enable sub-pixel rendering -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="rgba" mode="append"><const>vbgr</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Enable sub-pixel rendering with the vertical RGB stripes layout</description>
+<!-- Enable sub-pixel rendering -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="rgba" mode="append"><const>vrgb</const></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Disable hinting</description>
+<!-- Disable hinting -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit name="hinting" mode="append"><bool>false</bool></edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Use lcddefault as default for LCD filter</description>
+<!-- Use lcddefault as default for LCD filter -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit mode="append" name="lcdfilter">
+ <const>lcddefault</const>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Use lcdlegacy as default for LCD filter</description>
+<!-- Use lcdlegacy as default for LCD filter -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit mode="append" name="lcdfilter">
+ <const>lcdlegacy</const>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Use lcdlight as default for LCD filter</description>
+<!-- Use lcdlight as default for LCD filter -->
+ <match target="pattern">
+ <!--
+ This configuration is available on the major desktop environments.
+ We shouldn't overwrite it with "assign" unconditionally.
+ Most clients may picks up the first value only. so using "append"
+ may simply works to avoid it.
+ -->
+ <edit mode="append" name="lcdfilter">
+ <const>lcdlight</const>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans-mono.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu LGC Sans Mono</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-sans.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu LGC Sans</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-lgc-serif.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu LGC Serif</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-sans-mono.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu Sans Mono</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu Sans</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<fontconfig>
+ <!-- /etc/fonts/conf.d/20-unhint-small-dejavu-serif.conf
+
+ Disable hinting manually at smaller sizes (< 8ppem)
+ This is a copy of the Bistream Vera fonts fonts rule, as DejaVu is
+ derived from Vera.
+
+ The Bistream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table.
+ -->
+ <match target="font">
+ <test name="family">
+ <string>DejaVu Serif</string>
+ </test>
+ <test compare="less" name="pixelsize">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Disable hinting for Bitstream Vera fonts when the size is less than 8ppem</description>
+<!--
+ The Bitstream Vera fonts have GASP entries suggesting that hinting be
+ disabled below 8 ppem, but FreeType ignores those, preferring to use
+ the data found in the instructed hints. The initial Vera release
+ didn't include the right instructions in the 'prep' table. Fix this
+ by disabling hinting manually at smaller sizes (< 8ppem)
+ -->
+
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Bitstream Vera Sans</string>
+ </test>
+ <test name="pixelsize" compare="less">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Bitstream Vera Serif</string>
+ </test>
+ <test name="pixelsize" compare="less">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Bitstream Vera Sans Mono</string>
+ </test>
+ <test name="pixelsize" compare="less">
+ <double>7.5</double>
+ </test>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Disable hinting for CJK fonts</description>
+<!-- We can't hint CJK fonts well, so turn off hinting for CJK fonts. -->
+
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Kochi Mincho</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Kochi Gothic</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Sazanami Mincho</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Sazanami Gothic</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Baekmuk Batang</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Baekmuk Dotum</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Baekmuk Gulim</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Baekmuk Headline</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>AR PL Mingti2L Big5</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>AR PL ShanHeiSun Uni</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>AR PL KaitiM Big5</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>AR PL ZenKai Uni</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>AR PL SungtiL GB</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>AR PL KaitiM GB</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>ZYSong18030</string>
+ </test>
+ <edit name="hinting" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+<!-- Aliases for Korean fonts -->
+ <alias>
+ <family>Batang</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>바탕</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>BatangChe</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>바탕체</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Myeongjo</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>명조</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MyeongjoChe</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>명조체</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>AR MingtiM KSC</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Adobe 명조 Std M</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Adobe Myeongjo Std M</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>NanumMyeongjo</family>
+ <family>UnBatang</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Gungsuh</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>UnGungseo</family>
+ <family>NanumMyeongjo</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>궁서</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>UnGungseo</family>
+ <family>NanumMyeongjo</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>GungsuhChe</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>UnGungseo</family>
+ <family>NanumMyeongjo</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>궁서체</family>
+ <accept>
+ <family>Noto Serif CJK KR</family>
+ <family>UnGungseo</family>
+ <family>NanumMyeongjo</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Dotum</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>돋움</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Gothic</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>고딕</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Malgun Gothic</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>맑은 고딕</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Gulim</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>굴림</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>AppleGothic</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>애플고딕</family>
+ <accept>
+ <family>Noto Sans CJK KR</family>
+ <family>NanumGothic</family>
+ <family>UnDotum</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>DotumChe</family>
+ <accept>
+ <family>Noto Sans Mono CJK KR</family>
+ <family>NanumGothicCoding</family>
+ <family>NanumGothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>돋움체</family>
+ <accept>
+ <family>Noto Sans Mono CJK KR</family>
+ <family>NanumGothicCoding</family>
+ <family>NanumGothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>GothicChe</family>
+ <accept>
+ <family>Noto Sans Mono CJK KR</family>
+ <family>NanumGothicCoding</family>
+ <family>NanumGothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>고딕체</family>
+ <accept>
+ <family>Noto Sans Mono CJK KR</family>
+ <family>NanumGothicCoding</family>
+ <family>NanumGothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>GulimChe</family>
+ <accept>
+ <family>Noto Sans Mono CJK KR</family>
+ <family>NanumGothicCoding</family>
+ <family>NanumGothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>굴림체</family>
+ <accept>
+ <family>Noto Sans Mono CJK KR</family>
+ <family>NanumGothicCoding</family>
+ <family>NanumGothic</family>
+ </accept>
+ </alias>
+<!-- Aliases for Japanese Windows fonts -->
+ <alias>
+ <family>MS Gothic</family>
+ <accept>
+ <family>Noto Sans Mono CJK JP</family>
+ <family>TakaoGothic</family>
+ <family>IPAGothic</family>
+ <family>IPAMonaGothic</family>
+ <family>VL Gothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS ゴシック</family>
+ <accept>
+ <family>Noto Sans Mono CJK JP</family>
+ <family>TakaoGothic</family>
+ <family>IPAGothic</family>
+ <family>IPAMonaGothic</family>
+ <family>VL Gothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS PGothic</family>
+ <accept>
+ <family>Noto Sans CJK JP</family>
+ <family>IPAMonaPGothic</family>
+ <family>TakaoPGothic</family>
+ <family>IPAPGothic</family>
+ <family>VL PGothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS Pゴシック</family>
+ <accept>
+ <family>Noto Sans CJK JP</family>
+ <family>IPAMonaPGothic</family>
+ <family>TakaoPGothic</family>
+ <family>IPAPGothic</family>
+ <family>VL PGothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS UIGothic</family>
+ <accept>
+ <family>Noto Sans CJK JP</family>
+ <family>IPAMonaPGothic</family>
+ <family>TakaoPGothic</family>
+ <family>IPAPGothic</family>
+ <family>VL PGothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Meiryo UI</family>
+ <accept>
+ <family>Noto Sans CJK JP</family>
+ <family>IPAMonaPGothic</family>
+ <family>TakaoPGothic</family>
+ <family>IPAPGothic</family>
+ <family>VL PGothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS Mincho</family>
+ <accept>
+ <family>Noto Serif CJK JP</family>
+ <family>TakaoMincho</family>
+ <family>IPAMincho</family>
+ <family>IPAMonaMincho</family>
+ <family>Sazanami Mincho</family>
+ <family>Kochi Mincho</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS 明朝</family>
+ <accept>
+ <family>Noto Serif CJK JP</family>
+ <family>TakaoMincho</family>
+ <family>IPAMincho</family>
+ <family>IPAMonaMincho</family>
+ <family>Sazanami Mincho</family>
+ <family>Kochi Mincho</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>AR MinchoL JIS</family>
+ <accept>
+ <family>Noto Serif CJK JP</family>
+ <family>TakaoMincho</family>
+ <family>IPAMincho</family>
+ <family>IPAMonaMincho</family>
+ <family>Sazanami Mincho</family>
+ <family>Kochi Mincho</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS PMincho</family>
+ <accept>
+ <family>Noto Serif CJK JP</family>
+ <family>IPAMonaPMincho</family>
+ <family>TakaoPMincho</family>
+ <family>IPAPMincho</family>
+ <family>Sazanami Mincho</family>
+ <family>Kochi Mincho</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MS P明朝</family>
+ <accept>
+ <family>Noto Serif CJK JP</family>
+ <family>IPAMonaPMincho</family>
+ <family>TakaoPMincho</family>
+ <family>IPAPMincho</family>
+ <family>Sazanami Mincho</family>
+ <family>Kochi Mincho</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Meiryo</family>
+ <accept>
+ <family>IPAexGothic</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>メイリオ</family>
+ <accept>
+ <family>IPAexGothic</family>
+ </accept>
+ </alias>
+<!-- Aliases for Simplified Chinese Windows fonts -->
+ <alias>
+ <family>SimSun</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>HYSong</family>
+ <family>AR PL UMing CN</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>NSimSun</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>HYSong</family>
+ <family>AR PL UMing CN</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>SimSun-18030</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>HYSong</family>
+ <family>AR PL UMing CN</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>NSimSun-18030</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>HYSong</family>
+ <family>AR PL UMing CN</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>宋体</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>HYSong</family>
+ <family>AR PL UMing CN</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>新宋体</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>HYSong</family>
+ <family>AR PL UMing CN</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>AR MingtiM GB</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>HYSong</family>
+ <family>AR PL UMing CN</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>KaiTi</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>AR PL UKai CN</family>
+ <family>AR PL ZenKai Uni</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>楷体</family>
+ <accept>
+ <family>Noto Serif CJK SC</family>
+ <family>AR PL UKai CN</family>
+ <family>AR PL ZenKai Uni</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Microsoft YaHei</family>
+ <accept>
+ <family>Noto Sans CJK SC</family>
+ <family>WenQuanYi Micro Hei</family>
+ <family>WenQuanYi Zen Hei</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>微软雅黑</family>
+ <accept>
+ <family>Noto Sans CJK SC</family>
+ <family>WenQuanYi Micro Hei</family>
+ <family>WenQuanYi Zen Hei</family>
+ </accept>
+ </alias>
+<!-- Aliases for Traditional Chinese Windows fonts -->
+ <alias>
+ <family>MingLiU</family>
+ <accept>
+ <family>Noto Serif CJK TC</family>
+ <family>AR PL UMing TW</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>細明體</family>
+ <accept>
+ <family>Noto Serif CJK TC</family>
+ <family>AR PL UMing TW</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>PMingLiU</family>
+ <accept>
+ <family>Noto Serif CJK TC</family>
+ <family>AR PL UMing TW</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>新細明體</family>
+ <accept>
+ <family>Noto Serif CJK TC</family>
+ <family>AR PL UMing TW</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>AR MingtiM BIG-5</family>
+ <accept>
+ <family>Noto Serif CJK TC</family>
+ <family>AR PL UMing TW</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>DFKai\-SB</family>
+ <accept>
+ <family>Noto Serif CJK TC</family>
+ <family>AR PL UKai TW</family>
+ <family>AR PL ZenKai Uni</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>標楷體</family>
+ <accept>
+ <family>Noto Serif CJK TC</family>
+ <family>AR PL UKai TW</family>
+ <family>AR PL ZenKai Uni</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>Microsoft JhengHei</family>
+ <accept>
+ <family>Noto Sans CJK TC</family>
+ <family>WenQuanYi Micro Hei</family>
+ <family>WenQuanYi Zen Hei</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>微軟正黑體</family>
+ <accept>
+ <family>Noto Sans CJK TC</family>
+ <family>WenQuanYi Micro Hei</family>
+ <family>WenQuanYi Zen Hei</family>
+ </accept>
+ </alias>
+<!-- Alias for HKSCS -->
+ <alias>
+ <family>Ming (for ISO10646)</family>
+ <accept>
+ <family>AR PL UMing HK</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>MingLiU_HKSCS</family>
+ <accept>
+ <family>AR PL UMing HK</family>
+ </accept>
+ </alias>
+ <alias>
+ <family>細明體_HKSCS</family>
+ <accept>
+ <family>AR PL UMing HK</family>
+ </accept>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set substitutions for similar/metric-compatible families</description>
+
+<!--
+
+Alias similar/metric-compatible families from various sources:
+
+PostScript fonts: URW fonts: GUST fonts: Windows fonts:
+====================== ================== ================= ==================
+Helvetica Nimbus Sans TeX Gyre Heros
+Helvetica Narrow Nimbus Sans Narrow TeX Gyre Heros Cn
+Times Nimbus Roman TeX Gyre Termes
+Courier Nimbus Mono PS TeX Gyre Cursor
+ITC Avant Garde Gothic URW Gothic TeX Gyre Adventor
+ITC Bookman URW Bookman TeX Gyre Bonum Bookman Old Style
+ITC Zapf Chancery Z003 TeX Gyre Chorus
+Palatino P052 TeX Gyre Pagella Palatino Linotype
+New Century Schoolbook C059 TeX Gyre Schola Century Schoolbook
+
+Microsoft fonts: Liberation fonts: Google CrOS core fonts: StarOffice fonts: AMT fonts:
+================ ====================== ======================= ================= ==============
+Arial Liberation Sans Arimo Albany Albany AMT
+Arial Narrow Liberation Sans Narrow
+Times New Roman Liberation Serif Tinos Thorndale Thorndale AMT
+Courier New Liberation Mono Cousine Cumberland Cumberland AMT
+Cambria Caladea
+Calibri Carlito
+Symbol SymbolNeu
+
+Microsoft fonts: Other fonts:
+================ ============
+Georgia Gelasio
+
+We want for each of them to fallback to any of these available,
+but in an order preferring similar designs first. We do this in three steps:
+
+1) Alias each specific to its generic family.
+ e.g. Liberation Sans to Arial
+
+2) Weak alias each generic to the other generic of its family.
+ e.g. Arial to Helvetica
+
+3) Alias each generic to its specifics.
+ e.g. Arial to Liberation Sans, Arimo, Albany, and Albany AMT
+
+NOTE: The (URW)++ fonts mappings of generics to specifics were removed, because
+ upstream now includes them in their release of (URW)++ Core Font Set here:
+ https://github.com/ArtifexSoftware/urw-base35-fonts/tree/master/fontconfig
+-->
+
+<!-- Map specifics to generics -->
+
+ <!-- PostScript -->
+ <alias binding="same">
+ <family>Nimbus Sans L</family>
+ <default>
+ <family>Helvetica</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Nimbus Sans</family>
+ <default>
+ <family>Helvetica</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Heros</family>
+ <default>
+ <family>Helvetica</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Nimbus Sans Narrow</family>
+ <default>
+ <family>Helvetica Narrow</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Heros Cn</family>
+ <default>
+ <family>Helvetica Narrow</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Nimbus Roman No9 L</family>
+ <default>
+ <family>Times</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Nimbus Roman</family>
+ <default>
+ <family>Times</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Termes</family>
+ <default>
+ <family>Times</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Nimbus Mono L</family>
+ <default>
+ <family>Courier</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Nimbus Mono</family>
+ <default>
+ <family>Courier</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Nimbus Mono PS</family>
+ <default>
+ <family>Courier</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Cursor</family>
+ <default>
+ <family>Courier</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Avant Garde</family>
+ <default>
+ <family>ITC Avant Garde Gothic</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>URW Gothic L</family>
+ <default>
+ <family>ITC Avant Garde Gothic</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>URW Gothic</family>
+ <default>
+ <family>ITC Avant Garde Gothic</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Adventor</family>
+ <default>
+ <family>ITC Avant Garde Gothic</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Bookman</family>
+ <default>
+ <family>ITC Bookman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>URW Bookman L</family>
+ <default>
+ <family>ITC Bookman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Bookman URW</family>
+ <default>
+ <family>ITC Bookman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>URW Bookman</family>
+ <default>
+ <family>ITC Bookman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Bonum</family>
+ <default>
+ <family>ITC Bookman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Bookman Old Style</family>
+ <default>
+ <family>ITC Bookman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Zapf Chancery</family>
+ <default>
+ <family>ITC Zapf Chancery</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>URW Chancery L</family>
+ <default>
+ <family>ITC Zapf Chancery</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Chancery URW</family>
+ <default>
+ <family>ITC Zapf Chancery</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Z003</family>
+ <default>
+ <family>ITC Zapf Chancery</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Chorus</family>
+ <default>
+ <family>ITC Zapf Chancery</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>URW Palladio L</family>
+ <default>
+ <family>Palatino</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Palladio URW</family>
+ <default>
+ <family>Palatino</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>P052</family>
+ <default>
+ <family>Palatino</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Pagella</family>
+ <default>
+ <family>Palatino</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Palatino Linotype</family>
+ <default>
+ <family>Palatino</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Century Schoolbook L</family>
+ <default>
+ <family>New Century Schoolbook</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Century SchoolBook URW</family>
+ <default>
+ <family>New Century Schoolbook</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>C059</family>
+ <default>
+ <family>New Century Schoolbook</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>TeX Gyre Schola</family>
+ <default>
+ <family>New Century Schoolbook</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Century Schoolbook</family>
+ <default>
+ <family>New Century Schoolbook</family>
+ </default>
+ </alias>
+
+ <!-- Microsoft -->
+ <alias binding="same">
+ <family>Arimo</family>
+ <default>
+ <family>Arial</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Liberation Sans</family>
+ <default>
+ <family>Arial</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Liberation Sans Narrow</family>
+ <default>
+ <family>Arial Narrow</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Albany</family>
+ <default>
+ <family>Arial</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Albany AMT</family>
+ <default>
+ <family>Arial</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Tinos</family>
+ <default>
+ <family>Times New Roman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Liberation Serif</family>
+ <default>
+ <family>Times New Roman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Thorndale</family>
+ <default>
+ <family>Times New Roman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Thorndale AMT</family>
+ <default>
+ <family>Times New Roman</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Cousine</family>
+ <default>
+ <family>Courier New</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Liberation Mono</family>
+ <default>
+ <family>Courier New</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Cumberland</family>
+ <default>
+ <family>Courier New</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Cumberland AMT</family>
+ <default>
+ <family>Courier New</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Gelasio</family>
+ <default>
+ <family>Georgia</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Caladea</family>
+ <default>
+ <family>Cambria</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>Carlito</family>
+ <default>
+ <family>Calibri</family>
+ </default>
+ </alias>
+
+ <alias binding="same">
+ <family>SymbolNeu</family>
+ <default>
+ <family>Symbol</family>
+ </default>
+ </alias>
+
+<!-- Accept the other group as fallback -->
+
+ <!-- PostScript -->
+ <alias>
+ <family>Helvetica</family>
+ <default>
+ <family>Arial</family>
+ </default>
+ </alias>
+
+ <alias>
+ <family>Helvetica Narrow</family>
+ <default>
+ <family>Arial Narrow</family>
+ </default>
+ </alias>
+
+ <alias>
+ <family>Times</family>
+ <default>
+ <family>Times New Roman</family>
+ </default>
+ </alias>
+
+ <alias>
+ <family>Courier</family>
+ <default>
+ <family>Courier New</family>
+ </default>
+ </alias>
+
+ <!-- Microsoft -->
+ <alias>
+ <family>Arial</family>
+ <default>
+ <family>Helvetica</family>
+ </default>
+ </alias>
+
+ <alias>
+ <family>Arial Narrow</family>
+ <default>
+ <family>Helvetica Narrow</family>
+ </default>
+ </alias>
+
+ <alias>
+ <family>Times New Roman</family>
+ <default>
+ <family>Times</family>
+ </default>
+ </alias>
+
+ <alias>
+ <family>Courier New</family>
+ <default>
+ <family>Courier</family>
+ </default>
+ </alias>
+
+<!-- Map generics to specifics -->
+
+ <!-- PostScript -->
+ <alias binding="same">
+ <family>Helvetica</family>
+ <accept>
+ <family>TeX Gyre Heros</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Helvetica Narrow</family>
+ <accept>
+ <family>TeX Gyre Heros Cn</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Times</family>
+ <accept>
+ <family>TeX Gyre Termes</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Courier</family>
+ <accept>
+ <family>TeX Gyre Cursor</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>ITC Avant Garde Gothic</family>
+ <accept>
+ <family>TeX Gyre Adventor</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>ITC Bookman</family>
+ <accept>
+ <family>Bookman Old Style</family>
+ <family>TeX Gyre Bonum</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>ITC Zapf Chancery</family>
+ <accept>
+ <family>TeX Gyre Chorus</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Palatino</family>
+ <accept>
+ <family>Palatino Linotype</family>
+ <family>TeX Gyre Pagella</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>New Century Schoolbook</family>
+ <accept>
+ <family>Century Schoolbook</family>
+ <family>TeX Gyre Schola</family>
+ </accept>
+ </alias>
+
+ <!-- Microsoft -->
+ <alias binding="same">
+ <family>Arial</family>
+ <accept>
+ <family>Arimo</family>
+ <family>Liberation Sans</family>
+ <family>Albany</family>
+ <family>Albany AMT</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Arial Narrow</family>
+ <accept>
+ <family>Liberation Sans Narrow</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Times New Roman</family>
+ <accept>
+ <family>Tinos</family>
+ <family>Liberation Serif</family>
+ <family>Thorndale</family>
+ <family>Thorndale AMT</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Courier New</family>
+ <accept>
+ <family>Cousine</family>
+ <family>Liberation Mono</family>
+ <family>Cumberland</family>
+ <family>Cumberland AMT</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Georgia</family>
+ <accept>
+ <family>Gelasio</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Cambria</family>
+ <accept>
+ <family>Caladea</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Calibri</family>
+ <accept>
+ <family>Carlito</family>
+ </accept>
+ </alias>
+
+ <alias binding="same">
+ <family>Symbol</family>
+ <accept>
+ <family>SymbolNeu</family>
+ </accept>
+ </alias>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set substitutions for non-Latin fonts</description>
+<!--
+ Mark common families with their generics so we'll get
+ something reasonable
+-->
+
+<!--
+ Serif faces
+ -->
+ <alias>
+ <family>Nazli</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Lotoos</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Mitra</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Ferdosi</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Badr</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Zar</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Titr</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Jadid</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Kochi Mincho</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>AR PL SungtiL GB</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>AR PL Mingti2L Big5</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>MS 明朝</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>NanumMyeongjo</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>UnBatang</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Baekmuk Batang</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>MgOpen Canonica</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Sazanami Mincho</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>AR PL ZenKai Uni</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>ZYSong18030</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>FreeSerif</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>SimSun</family>
+ <default><family>serif</family></default>
+ </alias>
+<!--
+ Sans-serif faces
+ -->
+ <alias>
+ <family>Arshia</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Elham</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Farnaz</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Nasim</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Sina</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Roya</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Koodak</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Terafik</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Kochi Gothic</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>AR PL KaitiM GB</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>AR PL KaitiM Big5</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>MS ゴシック</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>NanumGothic</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>UnDotum</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Baekmuk Dotum</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>MgOpen Moderna</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>MgOpen Modata</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>MgOpen Cosmetica</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Sazanami Gothic</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>AR PL ShanHeiSun Uni</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>ZYSong18030</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>FreeSans</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+<!--
+ Monospace faces
+ -->
+ <alias>
+ <family>NSimSun</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>ZYSong18030</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>NanumGothicCoding</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>FreeMono</family>
+ <default><family>monospace</family></default>
+ </alias>
+
+<!--
+ Fantasy faces
+ -->
+ <alias>
+ <family>Homa</family>
+ <default><family>fantasy</family></default>
+ </alias>
+ <alias>
+ <family>Kamran</family>
+ <default><family>fantasy</family></default>
+ </alias>
+ <alias>
+ <family>Fantezi</family>
+ <default><family>fantasy</family></default>
+ </alias>
+ <alias>
+ <family>Tabassom</family>
+ <default><family>fantasy</family></default>
+ </alias>
+
+<!--
+ Cursive faces
+ -->
+ <alias>
+ <family>IranNastaliq</family>
+ <default><family>cursive</family></default>
+ </alias>
+ <alias>
+ <family>Nafees Nastaleeq</family>
+ <default><family>cursive</family></default>
+ </alias>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set substitutions for emoji/math fonts</description>
+
+<!-- Keep in sync with 60-generic.conf -->
+
+<!-- Emoji -->
+
+ <!-- System emoji -->
+ <alias binding="same">
+ <family>Noto Color Emoji</family> <!-- Google -->
+ <default><family>emoji</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Apple Color Emoji</family> <!-- Apple -->
+ <default><family>emoji</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Segoe UI Emoji</family> <!-- Microsoft -->
+ <default><family>emoji</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Twitter Color Emoji</family> <!-- Twitter -->
+ <default><family>emoji</family></default>
+ </alias>
+ <alias binding="same">
+ <family>EmojiOne Mozilla</family> <!-- Mozilla -->
+ <default><family>emoji</family></default>
+ </alias>
+ <!-- Third-party emoji -->
+ <alias binding="same">
+ <family>Emoji Two</family>
+ <default><family>emoji</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Emoji One</family>
+ <default><family>emoji</family></default>
+ </alias>
+ <!-- B&W -->
+ <alias binding="same">
+ <family>Noto Emoji</family> <!-- Google -->
+ <default><family>emoji</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Android Emoji</family> <!-- Google -->
+ <default><family>emoji</family></default>
+ </alias>
+
+ <!-- Add language for emoji, to match other emoji fonts. -->
+ <match>
+ <test name="family">
+ <string>emoji</string>
+ </test>
+ <edit name="lang" mode="prepend">
+ <string>und-zsye</string>
+ </edit>
+ </match>
+
+ <match>
+ <test name="lang">
+ <string>und-zsye</string>
+ </test>
+ <test qual="all" name="family" compare="not_eq">
+ <string>emoji</string>
+ </test>
+
+ <!-- Add generic family. -->
+ <edit name="family" mode="append" binding="strong">
+ <string>emoji</string>
+ </edit>
+ </match>
+
+
+<!-- Math -->
+
+ <!-- https://en.wikipedia.org/wiki/Category:Mathematical_OpenType_typefaces -->
+ <alias binding="same">
+ <family>XITS Math</family> <!-- Khaled Hosny -->
+ <default><family>math</family></default>
+ </alias>
+ <alias binding="same">
+ <family>STIX Two Math</family> <!-- AMS -->
+ <default><family>math</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Cambria Math</family> <!-- Microsoft -->
+ <default><family>math</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Latin Modern Math</family> <!-- TeX -->
+ <default><family>math</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Minion Math</family> <!-- Adobe -->
+ <default><family>math</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Lucida Math</family> <!-- Adobe -->
+ <default><family>math</family></default>
+ </alias>
+ <alias binding="same">
+ <family>Asana Math</family>
+ <default><family>math</family></default>
+ </alias>
+
+ <!-- Add language for math, to match other math fonts. -->
+ <match>
+ <test name="family">
+ <string>math</string>
+ </test>
+ <edit name="lang" mode="prepend">
+ <string>und-zmth</string>
+ </edit>
+ </match>
+
+ <match>
+ <test name="lang">
+ <string>und-zmth</string>
+ </test>
+ <test qual="all" name="family" compare="not_eq">
+ <string>math</string>
+ </test>
+
+ <!-- Add generic family -->
+ <edit name="family" mode="append" binding="strong">
+ <string>math</string>
+ </edit>
+ </match>
+
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set substitutions for Latin fonts</description>
+<!--
+ Mark common families with their generics so we'll get
+ something reasonable
+-->
+
+<!--
+ Serif faces
+ -->
+ <alias>
+ <family>Bitstream Vera Serif</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Cambria</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Constantia</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>DejaVu Serif</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Elephant</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Garamond</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Georgia</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Liberation Serif</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Luxi Serif</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>MS Serif</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Nimbus Roman No9 L</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Nimbus Roman</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Palatino Linotype</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Thorndale AMT</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Thorndale</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Times New Roman</family>
+ <default><family>serif</family></default>
+ </alias>
+ <alias>
+ <family>Times</family>
+ <default><family>serif</family></default>
+ </alias>
+<!--
+ Sans-serif faces
+ -->
+ <alias>
+ <family>Albany AMT</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Albany</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Arial Unicode MS</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Arial</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Bitstream Vera Sans</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Britannic</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Calibri</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Candara</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Century Gothic</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Corbel</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>DejaVu Sans</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Helvetica</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Haettenschweiler</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Liberation Sans</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>MS Sans Serif</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Nimbus Sans L</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Nimbus Sans</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Luxi Sans</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Tahoma</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Trebuchet MS</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Twentieth Century</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+ <alias>
+ <family>Verdana</family>
+ <default><family>sans-serif</family></default>
+ </alias>
+<!--
+ Monospace faces
+ -->
+ <alias>
+ <family>Andale Mono</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Bitstream Vera Sans Mono</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Consolas</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Courier New</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Courier</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Cumberland AMT</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Cumberland</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>DejaVu Sans Mono</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Fixedsys</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Inconsolata</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Liberation Mono</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Luxi Mono</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Nimbus Mono L</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Nimbus Mono</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Nimbus Mono PS</family>
+ <default><family>monospace</family></default>
+ </alias>
+ <alias>
+ <family>Terminal</family>
+ <default><family>monospace</family></default>
+ </alias>
+<!--
+ Fantasy faces
+ -->
+ <alias>
+ <family>Bauhaus Std</family>
+ <default><family>fantasy</family></default>
+ </alias>
+ <alias>
+ <family>Cooper Std</family>
+ <default><family>fantasy</family></default>
+ </alias>
+ <alias>
+ <family>Copperplate Gothic Std</family>
+ <default><family>fantasy</family></default>
+ </alias>
+ <alias>
+ <family>Impact</family>
+ <default><family>fantasy</family></default>
+ </alias>
+<!--
+ Cursive faces
+ -->
+ <alias>
+ <family>Comic Sans MS</family>
+ <default><family>cursive</family></default>
+ </alias>
+ <alias>
+ <family>ITC Zapf Chancery Std</family>
+ <default><family>cursive</family></default>
+ </alias>
+ <alias>
+ <family>Zapfino</family>
+ <default><family>cursive</family></default>
+ </alias>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Add sans-serif to the family when no generic name</description>
+<!--
+ If the font still has no generic name, add sans-serif
+ -->
+ <match target="pattern">
+ <test qual="all" name="family" compare="not_eq">
+ <string>sans-serif</string>
+ </test>
+ <test qual="all" name="family" compare="not_eq">
+ <string>serif</string>
+ </test>
+ <test qual="all" name="family" compare="not_eq">
+ <string>monospace</string>
+ </test>
+ <edit name="family" mode="append_last">
+ <string>sans-serif</string>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Load per-user customization files</description>
+ <!--
+ Load per-user customization files where stored on XDG Base Directory
+ specification compliant places. it should be usually:
+ $HOME/.config/fontconfig/conf.d
+ $HOME/.config/fontconfig/fonts.conf
+ -->
+ <include ignore_missing="yes" prefix="xdg">fontconfig/conf.d</include>
+ <include ignore_missing="yes" prefix="xdg">fontconfig/fonts.conf</include>
+ <!-- the following elements will be removed in the future -->
+ <include ignore_missing="yes" deprecated="yes">~/.fonts.conf.d</include>
+ <include ignore_missing="yes" deprecated="yes">~/.fonts.conf</include>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Load local customization file</description>
+ <!-- Load local system customization file -->
+ <include ignore_missing="yes">local.conf</include>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<!-- conf.d/monospace-lcd-filter.conf -->
+<fontconfig>
+<!-- Use legacy LCD filter on smaller Monospace fonts -->
+ <match target="pattern">
+ <test name="family">
+ <string>DejaVu Sans Mono</string>
+ </test>
+ <test name="pixelsize" compare="less_eq">
+ <double>12.0</double>
+ </test>
+
+ <edit name="lcd_filter" mode="append">
+ <const>lcdlegacy</const>
+ </edit>
+ <edit name="hintstyle" mode="append">
+ <const>hintfull</const>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test name="family">
+ <string>Bitstream Vera Sans Mono</string>
+ </test>
+ <test name="pixelsize" compare="less_eq">
+ <double>12.0</double>
+ </test>
+
+ <edit name="lcd_filter" mode="append">
+ <const>lcdlegacy</const>
+ </edit>
+ <edit name="hintstyle" mode="append">
+ <const>hintfull</const>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <match target="pattern">
+ <test name="lang">
+ <string>ar</string>
+ </test>
+ <test qual="any" name="family">
+ <string>sans-serif</string>
+ </test>
+ <edit name="family" mode="prepend">
+ <string>Noto Sans</string>
+ <string>Noto Sans Arabic UI</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test name="lang">
+ <string>ar</string>
+ </test>
+ <test qual="any" name="family">
+ <string>serif</string>
+ </test>
+ <edit name="family" mode="prepend">
+ <string>Noto Serif</string>
+ <string>Noto Naskh Arabic</string>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/57-dejavu-sans-mono.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu Sans Mono.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bepa Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu LGC Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans Mono</family>
+ <accept>
+ <family>DejaVu Sans Mono</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu Sans Mono</family>
+ <default>
+ <family>monospace</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>DejaVu Sans Mono</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/57-dejavu-sans.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu Sans.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Arev Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bepa</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu LGC Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Verajja</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <!-- In case VerajjaPDA stops declaring itself as Verajja -->
+ <alias binding="same">
+ <family>VerajjaPDA</family>
+ <accept>
+ <family>DejaVu Sans</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu Sans</family>
+ <default>
+ <family>sans-serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>DejaVu Sans</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/57-dejavu-serif.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu Serif.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bitstream Prima Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu LGC Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <!-- In case Verajja Serif stops declaring itself as DejaVu Serif -->
+ <alias binding="same">
+ <family>Verajja Serif</family>
+ <accept>
+ <family>DejaVu Serif</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu Serif</family>
+ <default>
+ <family>serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>DejaVu Serif</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/58-dejavu-lgc-sans-mono.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu LGC Sans Mono.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bepa Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans Mono</family>
+ <accept>
+ <family>DejaVu LGC Sans Mono</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu LGC Sans Mono</family>
+ <default>
+ <family>monospace</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>DejaVu LGC Sans Mono</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/58-dejavu-lgc-sans.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu LGC Sans.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Arev Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bepa</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Prima Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Sans</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Verajja</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <!-- In case VerajjaPDA stops declaring itself as Verajja -->
+ <alias binding="same">
+ <family>VerajjaPDA</family>
+ <accept>
+ <family>DejaVu LGC Sans</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu LGC Sans</family>
+ <default>
+ <family>sans-serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>DejaVu LGC Sans</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE fontconfig SYSTEM "../fonts.dtd">
+<!-- /etc/fonts/conf.d/58-dejavu-lgc-serif.conf
+
+ Define aliasing and other fontconfig settings for
+ DejaVu LGC Serif.
+
+ © 2006-2008 Nicolas Mailhot <nicolas.mailhot at laposte.net>
+-->
+<fontconfig>
+ <!-- Font substitution rules -->
+ <alias binding="same">
+ <family>Bitstream Prima Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Bitstream Vera Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>DejaVu Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Hunky Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Olwen Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>SUSE Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <!-- In case Verajja Serif stops declaring itself as DejaVu Serif -->
+ <alias binding="same">
+ <family>Verajja Serif</family>
+ <accept>
+ <family>DejaVu LGC Serif</family>
+ </accept>
+ </alias>
+ <!-- Generic name assignment -->
+ <alias>
+ <family>DejaVu LGC Serif</family>
+ <default>
+ <family>serif</family>
+ </default>
+ </alias>
+ <!-- Generic name aliasing -->
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>DejaVu LGC Serif</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set preferable fonts for emoji/math fonts</description>
+<!-- Keep in sync with 45-generic.conf -->
+
+<!-- Emoji -->
+
+ <!-- Prefer to match color emoji font. -->
+ <match>
+ <test name="lang">
+ <string>und-zsye</string>
+ </test>
+ <test qual="all" name="color" compare="not_eq">
+ <bool>true</bool>
+ </test>
+ <test qual="all" name="color" compare="not_eq">
+ <bool>false</bool>
+ </test>
+ <edit name="color" mode="append">
+ <bool>true</bool>
+ </edit>
+ </match>
+
+ <!-- TODO
+ ! Match on "color" and alias B&W ones first if no color is requested.
+ ! That's "hard" because <alias> doesn't work in match and needs to be
+ ! expanded to its non-sugar form.
+ !-->
+ <alias binding="same">
+ <family>emoji</family>
+ <prefer>
+ <!-- System fonts -->
+ <family>Noto Color Emoji</family> <!-- Google -->
+ <family>Apple Color Emoji</family> <!-- Apple -->
+ <family>Segoe UI Emoji</family> <!-- Microsoft -->
+ <family>Twitter Color Emoji</family> <!-- Twitter -->
+ <family>EmojiOne Mozilla</family> <!-- Mozilla -->
+ <!-- Third-Party fonts -->
+ <family>Emoji Two</family>
+ <family>Emoji One</family>
+ <!-- Non-color -->
+ <family>Noto Emoji</family> <!-- Google -->
+ <family>Android Emoji</family> <!-- Google -->
+ </prefer>
+ </alias>
+
+<!-- Math -->
+ <alias binding="same">
+ <!-- https://en.wikipedia.org/wiki/Category:Mathematical_OpenType_typefaces -->
+ <family>math</family>
+ <prefer>
+ <family>XITS Math</family> <!-- Khaled Hosny -->
+ <family>STIX Two Math</family> <!-- AMS -->
+ <family>Cambria Math</family> <!-- Microsoft -->
+ <family>Latin Modern Math</family> <!-- TeX -->
+ <family>Minion Math</family> <!-- Adobe -->
+ <family>Lucida Math</family> <!-- Adobe -->
+ <family>Asana Math</family>
+ </prefer>
+ </alias>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set preferable fonts for Latin</description>
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>DejaVu Serif</family>
+ <family>Bitstream Vera Serif</family>
+ <family>Times New Roman</family>
+ <family>Thorndale AMT</family>
+ <family>Luxi Serif</family>
+ <family>Nimbus Roman No9 L</family>
+ <family>Nimbus Roman</family>
+ <family>Times</family>
+ </prefer>
+ </alias>
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>DejaVu Sans</family>
+ <family>Bitstream Vera Sans</family>
+ <family>Verdana</family>
+ <family>Arial</family>
+ <family>Albany AMT</family>
+ <family>Luxi Sans</family>
+ <family>Nimbus Sans L</family>
+ <family>Nimbus Sans</family>
+ <family>Helvetica</family>
+ <family>Lucida Sans Unicode</family>
+ <family>BPG Glaho International</family> <!-- lat,cyr,arab,geor -->
+ <family>Tahoma</family> <!-- lat,cyr,greek,heb,arab,thai -->
+ </prefer>
+ </alias>
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>DejaVu Sans Mono</family>
+ <family>Bitstream Vera Sans Mono</family>
+ <family>Inconsolata</family>
+ <family>Andale Mono</family>
+ <family>Courier New</family>
+ <family>Cumberland AMT</family>
+ <family>Luxi Mono</family>
+ <family>Nimbus Mono L</family>
+ <family>Nimbus Mono</family>
+ <family>Nimbus Mono PS</family>
+ <family>Courier</family>
+ </prefer>
+ </alias>
+<!--
+ Fantasy faces
+ -->
+ <alias>
+ <family>fantasy</family>
+ <prefer>
+ <family>Impact</family>
+ <family>Copperplate Gothic Std</family>
+ <family>Cooper Std</family>
+ <family>Bauhaus Std</family>
+ </prefer>
+ </alias>
+<!--
+ Cursive faces
+ -->
+ <alias>
+ <family>cursive</family>
+ <prefer>
+ <family>ITC Zapf Chancery Std</family>
+ <family>Zapfino</family>
+ <family>Comic Sans MS</family>
+ </prefer>
+ </alias>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>Noto Sans CJK JP</family>
+ <family>Noto Sans CJK KR</family>
+ <family>Noto Sans CJK SC</family>
+ <family>Noto Sans CJK TC</family>
+ <family>Noto Sans CJK HK</family>
+ <family>Lohit Devanagari</family>
+ </prefer>
+ </alias>
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>Noto Serif CJK JP</family>
+ <family>Noto Serif CJK KR</family>
+ <family>Noto Serif CJK SC</family>
+ <family>Noto Serif CJK TC</family>
+ <family>Lohit Devanagari</family>
+ </prefer>
+ </alias>
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>Noto Sans Mono CJK JP</family>
+ <family>Noto Sans Mono CJK KR</family>
+ <family>Noto Sans Mono CJK SC</family>
+ <family>Noto Sans Mono CJK TC</family>
+ <family>Noto Sans Mono CJK HK</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<!--
+ fonts-persian.conf
+ To configure Persian fonts from The FarsiWeb Project.
+
+ Copyright (C) 2005 Sharif FarsiWeb, Inc. <license@farsiweb.info>
+
+ Permission to use, copy, modify, distribute, and sell this software and its
+ documentation for any purpose is hereby granted without fee, provided that
+ the above copyright notice appear in all copies and that both that
+ copyright notice and this permission notice appear in supporting
+ documentation, and that the name of Sharif FarsiWeb, Inc. not be used in
+ advertising or publicity pertaining to distribution of the software without
+ specific, written prior permission. Sharif FarsiWeb, Inc. makes no
+ representations about the suitability of this software for any purpose. It
+ is provided "as is" without express or implied warranty.
+
+ SHARIF FARSIWEB, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
+ DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ PERFORMANCE OF THIS SOFTWARE.
+
+ ChangeLog:
+ 2005-04-03 Behdad Esfahbod: Initial revision.
+ 2005-10-09 Behdad Esfahbod: Turned off back-slant and Tahoma sections.
+ 2005-11-30 Behdad Esfahbod: Set Titr susbtitution size to 24 points.
+ 2008 Behdad Esfahbod: Cleanup. Add fantasy and cursive.
+ -->
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+
+
+<!-- Deprecated fonts are discouraged -->
+
+ <!-- Nesf[2] is officially deprecated and has problematic tables -->
+ <alias binding="same">
+ <family>Nesf</family>
+ <accept><family>Nesf2</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Nesf2</family>
+ <accept><family>Persian_sansserif_default</family></accept>
+ </alias>
+
+<!-- Name changes and spelling variant aliases -->
+
+ <alias binding="same">
+ <family>Nazanin</family>
+ <accept><family>Nazli</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Lotus</family>
+ <accept><family>Lotoos</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Yaqut</family>
+ <accept><family>Yaghoot</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Yaghut</family>
+ <accept><family>Yaghoot</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Traffic</family>
+ <accept><family>Terafik</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Ferdowsi</family>
+ <accept><family>Ferdosi</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Fantezy</family>
+ <accept><family>Fantezi</family></accept>
+ </alias>
+
+
+<!-- Classify fonts. -->
+
+ <!-- Persian_title class -->
+ <alias binding="same">
+ <family>Jadid</family>
+ <accept><family>Persian_title</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Titr</family>
+ <accept><family>Persian_title</family></accept>
+ </alias>
+
+ <!-- Persian_fantasy class -->
+ <alias binding="same">
+ <family>Kamran</family>
+ <accept>
+ <family>Persian_fantasy</family>
+ <family>Homa</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Homa</family>
+ <accept>
+ <family>Persian_fantasy</family>
+ <family>Kamran</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Fantezi</family>
+ <accept><family>Persian_fantasy</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Tabassom</family>
+ <accept><family>Persian_fantasy</family></accept>
+ </alias>
+
+ <!-- Persian_square class -->
+ <alias binding="same">
+ <family>Arshia</family>
+ <accept><family>Persian_square</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Nasim</family>
+ <accept><family>Persian_square</family></accept>
+ </alias>
+ <alias binding="same">
+ <family>Elham</family>
+ <accept>
+ <family>Persian_square</family>
+ <family>Farnaz</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Farnaz</family>
+ <accept>
+ <family>Persian_square</family>
+ <family>Elham</family>
+ </accept>
+ </alias>
+ <alias binding="same">
+ <family>Sina</family>
+ <accept><family>Persian_square</family></accept>
+ </alias>
+
+<!-- Font ordering per class -->
+
+ <!-- Persian_title class -->
+ <alias binding="same">
+ <family>Persian_title</family>
+ <accept>
+ <family>Titr</family>
+ <family>Jadid</family>
+ <family>Persian_serif</family>
+ </accept>
+ </alias>
+
+ <!-- Persian_fantasy class -->
+ <alias binding="same">
+ <family>Persian_fantasy</family>
+ <accept>
+ <family>Homa</family>
+ <family>Kamran</family>
+ <family>Fantezi</family>
+ <family>Tabassom</family>
+ <family>Persian_square</family>
+ </accept>
+ </alias>
+
+ <!-- Persian_square class -->
+ <alias binding="same">
+ <family>Persian_square</family>
+ <accept>
+ <family>Arshia</family>
+ <family>Elham</family>
+ <family>Farnaz</family>
+ <family>Nasim</family>
+ <family>Sina</family>
+ <family>Persian_serif</family>
+ </accept>
+ </alias>
+
+<!-- Register the fonts that we actually do have -->
+
+ <match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Elham</string>
+ </test>
+ <edit name="foundry">
+ <string>farsiweb</string>
+ </edit>
+ </match>
+
+ <match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Homa</string>
+ </test>
+ <edit name="foundry">
+ <string>farsiweb</string>
+ </edit>
+ </match>
+
+ <match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Koodak</string>
+ </test>
+ <edit name="foundry">
+ <string>farsiweb</string>
+ </edit>
+ </match>
+
+ <match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Nazli</string>
+ </test>
+ <edit name="foundry">
+ <string>farsiweb</string>
+ </edit>
+ </match>
+
+ <match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Roya</string>
+ </test>
+ <edit name="foundry">
+ <string>farsiweb</string>
+ </edit>
+ </match>
+
+ <match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Terafik</string>
+ </test>
+ <edit name="foundry">
+ <string>farsiweb</string>
+ </edit>
+ </match>
+
+ <match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Titr</string>
+ </test>
+ <edit name="foundry">
+ <string>farsiweb</string>
+ </edit>
+ </match>
+
+
+<!-- Our fonts should oblique to the other side (TURNED-OFF) -->
+
+ <match target="font">
+ <test name="foundry">
+ <!--string>farsiweb</string-->
+ <string>TURNED-OFF</string>
+ </test>
+ <test name="foundry">
+ <string>farsiweb</string>
+ </test>
+ <!-- check to see if the font is roman -->
+ <test name="slant">
+ <const>roman</const>
+ </test>
+ <!-- check to see if the pattern requested non-roman -->
+ <test target="pattern" name="slant" compare="not_eq">
+ <const>roman</const>
+ </test>
+ <!-- multiply the matrix to slant the font -->
+ <edit name="matrix" mode="assign">
+ <times>
+ <name>matrix</name>
+ <matrix><double>1</double><double>-0.2</double>
+ <double>0</double><double>1</double>
+ </matrix>
+ </times>
+ </edit>
+ <!-- pretend the font is oblique now -->
+ <edit name="slant" mode="assign">
+ <const>oblique</const>
+ </edit>
+ </match>
+
+
+<!--
+ We can't hint our fonts well, so turn off hinting.
+ Moreover, the bitmaps we have designed (well, they
+ have designed), suck, so disable them too.
+ -->
+
+ <match target="font">
+ <test name="foundry">
+ <string>farsiweb</string>
+ </test>
+ <edit name="autohint">
+ <bool>false</bool>
+ </edit>
+ <edit name="hinting">
+ <bool>false</bool>
+ </edit>
+ <edit name="embeddedbitmap">
+ <bool>false</bool>
+ </edit>
+ </match>
+
+
+<!-- Alias our fonts to common families -->
+
+ <!-- Persian serif fonts -->
+ <alias>
+ <family>serif</family>
+ <accept>
+ <family>Nazli</family>
+ <family>Lotoos</family>
+ <family>Mitra</family>
+ <family>Ferdosi</family>
+ <family>Badr</family>
+ <family>Zar</family>
+ </accept>
+ </alias>
+
+ <!-- Persian sans-serif fonts -->
+ <alias>
+ <family>sans-serif</family>
+ <accept>
+ <family>Roya</family>
+ <family>Koodak</family>
+ <family>Terafik</family>
+ </accept>
+ </alias>
+
+ <!-- Persian monospace fonts -->
+ <alias>
+ <family>monospace</family>
+ <accept>
+ <!-- Not really monospace -->
+ <family>Terafik</family>
+ </accept>
+ </alias>
+
+ <!-- Persian fantasy fonts -->
+ <alias>
+ <family>fantasy</family>
+ <accept>
+ <family>Homa</family>
+ <family>Kamran</family>
+ <family>Fantezi</family>
+ <family>Tabassom</family>
+ </accept>
+ </alias>
+
+ <!-- Persian (and Urdu) Nastaliq/cursive fonts -->
+ <alias>
+ <family>cursive</family>
+ <accept>
+ <family>IranNastaliq</family>
+ <family>Nafees Nastaleeq</family>
+ </accept>
+ </alias>
+
+<!-- Use Titr in titles -->
+
+ <!-- Both serif... -->
+ <match>
+ <test name="family">
+ <string>serif</string>
+ </test>
+ <test name="weight" compare="more_eq">
+ <int>200</int>
+ </test>
+ <test name="size" compare="more_eq">
+ <double>24</double>
+ </test>
+ <edit name="family" mode="prepend">
+ <string>Titr</string>
+ </edit>
+ </match>
+
+ <!-- and sans-serif. -->
+ <match>
+ <test name="family">
+ <string>sans-serif</string>
+ </test>
+ <test name="weight" compare="more_eq">
+ <int>200</int>
+ </test>
+ <test name="size" compare="more_eq">
+ <double>24</double>
+ </test>
+ <edit name="family" mode="prepend">
+ <string>Titr</string>
+ </edit>
+ </match>
+
+ <!-- and more. -->
+ <match>
+ <test name="family">
+ <string>Persian_sansserif_default</string>
+ </test>
+ <test name="weight" compare="more_eq">
+ <int>200</int>
+ </test>
+ <test name="size" compare="more_eq">
+ <double>24</double>
+ </test>
+ <edit name="family" mode="prepend" binding="same">
+ <string>Titr</string>
+ </edit>
+ </match>
+
+
+<!-- Default substituted for deprecated sans-serif fonts -->
+
+ <match>
+ <test name="family">
+ <string>Persian_sansserif_default</string>
+ </test>
+ <edit name="family" mode="assign" binding="same">
+ <string>Roya</string>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>Khmer OS"</family>
+ </prefer>
+ </alias>
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>Khmer OS"</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Set preferable fonts for non-Latin</description>
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>Artsounk</family> <!-- armenian -->
+ <family>BPG UTF8 M</family> <!-- georgian -->
+ <family>Kinnari</family> <!-- thai -->
+ <family>Norasi</family> <!-- thai -->
+ <family>Frank Ruehl</family> <!-- hebrew -->
+ <family>Dror</family> <!-- hebrew -->
+ <family>JG LaoTimes</family> <!-- lao -->
+ <family>Saysettha Unicode</family> <!-- lao -->
+ <family>Pigiarniq</family> <!-- canadian syllabics -->
+ <family>B Davat</family> <!-- arabic (fa) -->
+ <family>B Compset</family> <!-- arabic (fa) -->
+ <family>Kacst-Qr</family> <!-- arabic (ar) -->
+ <family>Urdu Nastaliq Unicode</family> <!-- arabic (ur) -->
+ <family>Raghindi</family> <!-- devanagari -->
+ <family>Mukti Narrow</family> <!-- bengali -->
+ <family>padmaa</family> <!-- gujarati -->
+ <family>Hapax Berbère</family> <!-- tifinagh -->
+ <family>MS Mincho</family> <!-- han (ja) -->
+ <family>SimSun</family> <!-- han (zh-cn,zh-tw) -->
+ <family>PMingLiu</family> <!-- han (zh-tw) -->
+ <family>WenQuanYi Zen Hei</family> <!-- han (zh-cn,zh-tw) -->
+ <family>WenQuanYi Bitmap Song</family> <!-- han (zh-cn,zh-tw) -->
+ <family>AR PL ShanHeiSun Uni</family> <!-- han (ja,zh-cn,zh-tw) -->
+ <family>AR PL New Sung</family> <!-- han (zh-cn,zh-tw) -->
+ <family>ZYSong18030</family> <!-- han (zh-cn,zh-tw) -->
+ <family>HanyiSong</family> <!-- han (zh-cn,zh-tw) -->
+ <family>MgOpen Canonica</family>
+ <family>Sazanami Mincho</family>
+ <family>IPAMonaMincho</family>
+ <family>IPAMincho</family>
+ <family>Kochi Mincho</family>
+ <family>AR PL SungtiL GB</family>
+ <family>AR PL Mingti2L Big5</family>
+ <family>AR PL Zenkai Uni</family>
+ <family>MS 明朝</family>
+ <family>ZYSong18030</family>
+ <family>NanumMyeongjo</family> <!-- hangul (ko) -->
+ <family>UnBatang</family> <!-- hangul (ko) -->
+ <family>Baekmuk Batang</family> <!-- hangul (ko) -->
+ <family>KacstQura</family>
+ <family>Frank Ruehl CLM</family>
+ <family>Lohit Bengali</family>
+ <family>Lohit Gujarati</family>
+ <family>Lohit Hindi</family>
+ <family>Lohit Marathi</family>
+ <family>Lohit Maithili</family>
+ <family>Lohit Kashmiri</family>
+ <family>Lohit Konkani</family>
+ <family>Lohit Nepali</family>
+ <family>Lohit Sindhi</family>
+ <family>Lohit Punjabi</family>
+ <family>Lohit Tamil</family>
+ <family>Rachana</family>
+ <family>Lohit Malayalam</family>
+ <family>Lohit Kannada</family>
+ <family>Lohit Telugu</family>
+ <family>Lohit Oriya</family>
+ <family>LKLUG</family>
+ </prefer>
+ </alias>
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>Nachlieli</family> <!-- hebrew -->
+ <family>Lucida Sans Unicode</family>
+ <family>Yudit Unicode</family>
+ <family>Kerkis</family> <!-- greek -->
+ <family>ArmNet Helvetica</family> <!-- armenian -->
+ <family>Artsounk</family> <!-- armenian -->
+ <family>BPG UTF8 M</family> <!-- georgian -->
+ <family>Waree</family> <!-- thai -->
+ <family>Loma</family> <!-- thai -->
+ <family>Garuda</family> <!-- thai -->
+ <family>Umpush</family> <!-- thai -->
+ <family>Saysettha Unicode</family> <!-- lao? -->
+ <family>JG Lao Old Arial</family> <!-- lao -->
+ <family>GF Zemen Unicode</family> <!-- ethiopic -->
+ <family>Pigiarniq</family> <!-- canadian syllabics -->
+ <family>B Davat</family> <!-- arabic (fa) -->
+ <family>B Compset</family> <!-- arabic (fa) -->
+ <family>Kacst-Qr</family> <!-- arabic (ar) -->
+ <family>Urdu Nastaliq Unicode</family> <!-- arabic (ur) -->
+ <family>Raghindi</family> <!-- devanagari -->
+ <family>Mukti Narrow</family> <!-- bengali -->
+ <family>padmaa</family> <!-- gujarati -->
+ <family>Hapax Berbère</family> <!-- tifinagh -->
+ <family>MS Gothic</family> <!-- han (ja) -->
+ <family>UmePlus P Gothic</family> <!-- han (ja) -->
+ <family>Microsoft YaHei</family> <!-- han (zh-cn,zh-tw) -->
+ <family>Microsoft JhengHei</family> <!-- han (zh-tw) -->
+ <family>WenQuanYi Zen Hei</family> <!-- han (zh-cn,zh-tw) -->
+ <family>WenQuanYi Bitmap Song</family> <!-- han (zh-cn,zh-tw) -->
+ <family>AR PL ShanHeiSun Uni</family> <!--han (ja,zh-cn,zh-tw) -->
+ <family>AR PL New Sung</family> <!-- han (zh-cn,zh-tw) -->
+ <family>MgOpen Moderna</family>
+ <family>MgOpen Modata</family>
+ <family>MgOpen Cosmetica</family>
+ <family>VL Gothic</family>
+ <family>IPAMonaGothic</family>
+ <family>IPAGothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ <family>AR PL KaitiM GB</family>
+ <family>AR PL KaitiM Big5</family>
+ <family>AR PL ShanHeiSun Uni</family>
+ <family>AR PL SungtiL GB</family>
+ <family>AR PL Mingti2L Big5</family>
+ <family>MS ゴシック</family>
+ <family>ZYSong18030</family> <!-- han (zh-cn,zh-tw) -->
+ <family>NanumGothic</family> <!-- hangul (ko) -->
+ <family>UnDotum</family> <!-- hangul (ko) -->
+ <family>Baekmuk Dotum</family> <!-- hangul (ko) -->
+ <family>Baekmuk Gulim</family> <!-- hangul (ko) -->
+ <family>KacstQura</family>
+ <family>Lohit Bengali</family>
+ <family>Lohit Gujarati</family>
+ <family>Lohit Hindi</family>
+ <family>Lohit Marathi</family>
+ <family>Lohit Maithili</family>
+ <family>Lohit Kashmiri</family>
+ <family>Lohit Konkani</family>
+ <family>Lohit Nepali</family>
+ <family>Lohit Sindhi</family>
+ <family>Lohit Punjabi</family>
+ <family>Lohit Tamil</family>
+ <family>Meera</family>
+ <family>Lohit Malayalam</family>
+ <family>Lohit Kannada</family>
+ <family>Lohit Telugu</family>
+ <family>Lohit Oriya</family>
+ <family>LKLUG</family>
+ </prefer>
+ </alias>
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>Miriam Mono</family> <!-- hebrew -->
+ <family>VL Gothic</family>
+ <family>IPAMonaGothic</family>
+ <family>IPAGothic</family>
+ <family>Sazanami Gothic</family>
+ <family>Kochi Gothic</family>
+ <family>AR PL KaitiM GB</family>
+ <family>MS Gothic</family> <!-- han (ja) -->
+ <family>UmePlus Gothic</family> <!-- han (ja) -->
+ <family>NSimSun</family> <!-- han (zh-cn,zh-tw) -->
+ <family>MingLiu</family> <!-- han (zh-tw) -->
+ <family>AR PL ShanHeiSun Uni</family> <!-- han (ja,zh-cn,zh-tw) -->
+ <family>AR PL New Sung Mono</family> <!-- han (zh-cn,zh-tw) -->
+ <family>HanyiSong</family> <!-- han (zh-cn) -->
+ <family>AR PL SungtiL GB</family>
+ <family>AR PL Mingti2L Big5</family>
+ <family>ZYSong18030</family> <!-- han (zh-cn,zh-tw) -->
+ <family>NanumGothicCoding</family> <!-- hangul (ko) -->
+ <family>NanumGothic</family> <!-- hangul (ko) -->
+ <family>UnDotum</family> <!-- hangul (ko) -->
+ <family>Baekmuk Dotum</family> <!-- hangul (ko) -->
+ <family>Baekmuk Gulim</family> <!-- hangul (ko) -->
+ <family>TlwgTypo</family> <!-- thai -->
+ <family>TlwgTypist</family> <!-- thai -->
+ <family>TlwgTypewriter</family> <!-- thai -->
+ <family>TlwgMono</family> <!-- thai -->
+ <family>Hasida</family> <!-- hebrew -->
+ <family>Mitra Mono</family> <!-- bengali -->
+ <family>GF Zemen Unicode</family> <!-- ethiopic -->
+ <family>Hapax Berbère</family> <!-- tifinagh -->
+ <family>Lohit Bengali</family>
+ <family>Lohit Gujarati</family>
+ <family>Lohit Hindi</family>
+ <family>Lohit Marathi</family>
+ <family>Lohit Maithili</family>
+ <family>Lohit Kashmiri</family>
+ <family>Lohit Konkani</family>
+ <family>Lohit Nepali</family>
+ <family>Lohit Sindhi</family>
+ <family>Lohit Punjabi</family>
+ <family>Lohit Tamil</family>
+ <family>Meera</family>
+ <family>Lohit Malayalam</family>
+ <family>Lohit Kannada</family>
+ <family>Lohit Telugu</family>
+ <family>Lohit Oriya</family>
+ <family>LKLUG</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <match target="font">
+ <test name="family" compare="contains">
+ <string>Noto Sans CJK JP</string>
+ </test>
+ <test qual="all" name="pixelsize" compare="less_eq">
+ <double>18</double>
+ </test>
+ <edit mode="assign" name="embeddedbitmap">
+ <bool>false</bool>
+ </edit>
+ <edit mode="assign" name="hintstyle">
+ <const>hintnone</const>
+ </edit>
+ </match>
+ <match target="font">
+ <test name="family" compare="contains">
+ <string>Noto Serif CJK JP</string>
+ </test>
+ <test qual="all" name="pixelsize" compare="less_eq">
+ <double>18</double>
+ </test>
+ <edit mode="assign" name="embeddedbitmap">
+ <bool>false</bool>
+ </edit>
+ <edit mode="assign" name="hintstyle">
+ <const>hintnone</const>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+
+ <match target="pattern">
+ <test name="lang">
+ <string>zh-cn</string>
+ </test>
+ <test qual="any" name="family">
+ <string>serif</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Serif CJK SC</string>
+ <string>HYSong</string>
+ <string>AR PL UMing CN</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>WenQuanYi Bitmap Song</string>
+ <string>AR PL UKai CN</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans-serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-cn</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Sans CJK SC</string>
+ <string>WenQuanYi Zen Hei</string>
+ <string>HYSong</string>
+ <string>AR PL UMing CN</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>AR PL UKai CN</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>monospace</string>
+ </test>
+ <test name="lang">
+ <string>zh-cn</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>DejaVu Sans Mono</string>
+ <string>Noto Sans Mono CJK SC</string>
+ <string>WenQuanYi Zen Hei Mono</string>
+ <string>HYSong</string>
+ <string>AR PL UMing CN</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>AR PL UKai CN</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-hk</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Serif CJK TC</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>WenQuanYi Bitmap Song</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans-serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-hk</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Sans CJK HK</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>monospace</string>
+ </test>
+ <test name="lang">
+ <string>zh-hk</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>DejaVu Sans Mono</string>
+ <string>Noto Sans Mono CJK HK</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-mo</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Serif CJK TC</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>WenQuanYi Bitmap Song</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans-serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-mo</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Bitstream Vera Sans</string>
+ <string>Noto Sans CJK TC</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>monospace</string>
+ </test>
+ <test name="lang">
+ <string>zh-mo</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Bitstream Vera Sans Mono</string>
+ <string>DejaVu Sans Mono</string>
+ <string>Noto Sans Mono CJK TC</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-sg</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Serif CJK SC</string>
+ <string>HYSong</string>
+ <string>AR PL UMing CN</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>WenQuanYi Bitmap Song</string>
+ <string>AR PL UKai CN</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans-serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-sg</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Sans CJK SC</string>
+ <string>WenQuanYi Zen Hei</string>
+ <string>HYSong</string>
+ <string>AR PL UMing CN</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>AR PL UKai CN</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>monospace</string>
+ </test>
+ <test name="lang">
+ <string>zh-sg</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>DejaVu Sans Mono</string>
+ <string>Noto Sans Mono CJK SC</string>
+ <string>WenQuanYi Zen Hei Mono</string>
+ <string>HYSong</string>
+ <string>AR PL UMing CN</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>AR PL UKai CN</string>
+ <string>AR PL ZenKai Uni</string>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+
+ <!-- Set fonts selection order for Chinese users -->
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-tw</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Serif CJK TC</string>
+ <string>AR PL UMing TW</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>WenQuanYi Bitmap Song</string>
+ <string>AR PL UKai TW</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ <string>DejaVu Serif</string>
+ <string>Bitstream Vera Serif</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans-serif</string>
+ </test>
+ <test name="lang">
+ <string>zh-tw</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>Noto Sans CJK TC</string>
+ <string>WenQuanYi Zen Hei</string>
+ <string>AR PL UMing TW</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>AR PL UKai TW</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ <string>DejaVu Sans</string>
+ <string>Bitstream Vera Sans</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>monospace</string>
+ </test>
+ <test name="lang">
+ <string>zh-tw</string>
+ </test>
+ <edit name="family" mode="prepend" binding="strong">
+ <string>DejaVu Sans Mono</string>
+ <string>Noto Sans Mono CJK TC</string>
+ <string>WenQuanYi Zen Hei Mono</string>
+ <string>AR PL UMing TW</string>
+ <string>AR PL UMing HK</string>
+ <string>AR PL New Sung</string>
+ <string>HYSong</string>
+ <string>AR PL UKai TW</string>
+ <string>AR PL UKai HK</string>
+ <string>AR PL ZenKai Uni</string>
+ <string>DejaVu Sans Mono</string>
+ <string>Bitstream Vera Sans Mono</string>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <alias>
+ <family>serif</family>
+ <prefer>
+ <family>FreeSerif</family>
+ <family>Code2000</family>
+ <family>Code2001</family> <!-- plane1 and beyond -->
+ </prefer>
+ </alias>
+ <alias>
+ <family>sans-serif</family>
+ <prefer>
+ <family>FreeSans</family>
+ <family>Arial Unicode MS</family>
+ <family>Arial Unicode</family>
+ <family>Code2000</family> <!-- almost everything; serif actually -->
+ <family>Code2001</family> <!-- plane1 and beyond -->
+ </prefer>
+ </alias>
+ <alias>
+ <family>monospace</family>
+ <prefer>
+ <family>FreeMono</family>
+ </prefer>
+ </alias>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Accept bitmap fonts</description>
+<!-- Accept bitmap fonts -->
+ <selectfont>
+ <acceptfont>
+ <pattern>
+ <patelt name="scalable"><bool>false</bool></patelt>
+ </pattern>
+ </acceptfont>
+ </selectfont>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Reject bitmap fonts</description>
+<!-- Reject bitmap fonts -->
+ <selectfont>
+ <rejectfont>
+ <pattern>
+ <patelt name="scalable"><bool>false</bool></patelt>
+ </pattern>
+ </rejectfont>
+ </selectfont>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig/>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+<!-- Fix-ups for Delicious family -->
+
+<!-- Delicious 'heavy' variant says its Medium weight -->
+<match target="scan">
+ <test name="family" compare="eq" ignore-blanks="true">
+ <string>Delicious</string>
+ </test>
+ <test name="style">
+ <string>Heavy</string>
+ </test>
+ <edit name="weight">
+ <const>heavy</const>
+ </edit>
+</match>
+
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+<!--
+ Artificial oblique for fonts without an italic or oblique version
+ -->
+
+ <match target="font">
+ <!-- check to see if the font is roman -->
+ <test name="slant">
+ <const>roman</const>
+ </test>
+ <!-- check to see if the pattern requested non-roman -->
+ <test target="pattern" name="slant" compare="not_eq">
+ <const>roman</const>
+ </test>
+ <!-- multiply the matrix to slant the font -->
+ <edit name="matrix" mode="assign">
+ <times>
+ <name>matrix</name>
+ <matrix><double>1</double><double>0.2</double>
+ <double>0</double><double>1</double>
+ </matrix>
+ </times>
+ </edit>
+ <!-- pretend the font is oblique now -->
+ <edit name="slant" mode="assign">
+ <const>oblique</const>
+ </edit>
+ <!-- and disable embedded bitmaps for artificial oblique -->
+ <edit name="embeddedbitmap" mode="assign">
+ <bool>false</bool>
+ </edit>
+ </match>
+
+<!--
+ Synthetic emboldening for fonts that do not have bold face available
+ -->
+
+ <match target="font">
+ <!-- check to see if the weight in the font is less than medium which possibly need emboldening -->
+ <test name="weight" compare="less_eq">
+ <const>medium</const>
+ </test>
+ <!-- check to see if the pattern requests bold -->
+ <test target="pattern" name="weight" compare="more_eq">
+ <const>bold</const>
+ </test>
+ <!--
+ set the embolden flag
+ needed for applications using cairo, e.g. gucharmap, gedit, ...
+ -->
+ <edit name="embolden" mode="assign">
+ <bool>true</bool>
+ </edit>
+ <!--
+ set weight to bold
+ needed for applications using Xft directly, e.g. Firefox, ...
+ -->
+ <edit name="weight" mode="assign">
+ <const>bold</const>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+
+ <match target="font" >
+ <test name="family" compare="contains" >
+ <string>Song</string>
+ </test>
+ <!-- check to see if the font is just regular -->
+ <test name="weight" compare="less_eq">
+ <int>100</int>
+ </test>
+ <test compare="more_eq" target="pattern" name="weight" >
+ <int>180</int>
+ </test>
+ <edit mode="assign" name="embolden" >
+ <bool>true</bool>
+ </edit>
+ </match>
+
+ <match target="font" >
+ <test name="family" compare="contains" >
+ <string>Sun</string>
+ </test>
+ <!-- check to see if the font is just regular -->
+ <test name="weight" compare="less_eq">
+ <int>100</int>
+ </test>
+ <test compare="more_eq" target="pattern" name="weight" >
+ <int>180</int>
+ </test>
+ <edit mode="assign" name="embolden" >
+ <bool>true</bool>
+ </edit>
+ </match>
+
+ <match target="font" >
+ <test name="family" compare="contains" >
+ <string>Kai</string>
+ </test>
+ <!-- check to see if the font is just regular -->
+ <test name="weight" compare="less_eq">
+ <int>100</int>
+ </test>
+ <test compare="more_eq" target="pattern" name="weight" >
+ <int>180</int>
+ </test>
+ <edit mode="assign" name="embolden" >
+ <bool>true</bool>
+ </edit>
+ </match>
+
+ <match target="font" >
+ <test name="family" compare="contains" >
+ <string>Ming</string>
+ </test>
+ <!-- check to see if the font is just regular -->
+ <test name="weight" compare="less_eq">
+ <int>100</int>
+ </test>
+ <test compare="more_eq" target="pattern" name="weight" >
+ <int>180</int>
+ </test>
+ <edit mode="assign" name="embolden" >
+ <bool>true</bool>
+ </edit>
+ </match>
+
+</fontconfig>
--- /dev/null
+../conf.avail/10-antialias.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/10-hinting-slight.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/10-scale-bitmap-fonts.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/11-lcdfilter-default.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-lgc-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-lgc-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-lgc-serif.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-dejavu-serif.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/20-unhint-small-vera.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/30-cjk-aliases.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/30-metric-aliases.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/40-nonlatin.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/45-generic.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/45-latin.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/49-sansserif.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/50-user.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/51-local.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/56-language-selector-ar.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/57-dejavu-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/57-dejavu-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/57-dejavu-serif.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/58-dejavu-lgc-sans-mono.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/58-dejavu-lgc-sans.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/58-dejavu-lgc-serif.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/60-generic.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/60-latin.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/64-language-selector-prefer.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/65-fonts-persian.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/65-nonlatin.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/69-language-selector-ja.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/69-language-selector-zh-cn.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/69-language-selector-zh-hk.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/69-language-selector-zh-mo.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/69-language-selector-zh-sg.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/69-language-selector-zh-tw.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/69-unifont.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/70-no-bitmaps.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/80-delicious.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/90-synthetic.conf
\ No newline at end of file
--- /dev/null
+../conf.avail/99-language-selector-zh.conf
\ No newline at end of file
--- /dev/null
+conf.d/README
+
+Each file in this directory is a fontconfig configuration file. Fontconfig
+scans this directory, loading all files of the form [0-9][0-9]*.conf.
+These files are normally installed in /usr/share/fontconfig/conf.avail
+and then symlinked here, allowing them to be easily installed and then
+enabled/disabled by adjusting the symlinks.
+
+The files are loaded in numeric order, the structure of the configuration
+has led to the following conventions in usage:
+
+ Files begining with: Contain:
+
+ 00 through 09 Font directories
+ 10 through 19 system rendering defaults (AA, etc)
+ 20 through 29 font rendering options
+ 30 through 39 family substitution
+ 40 through 49 generic identification, map family->generic
+ 50 through 59 alternate config file loading
+ 60 through 69 generic aliases, map generic->family
+ 70 through 79 select font (adjust which fonts are available)
+ 80 through 89 match target="scan" (modify scanned patterns)
+ 90 through 99 font synthesis
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<!-- /etc/fonts/fonts.conf file to configure system font access -->
+<fontconfig>
+ <its:rules xmlns:its="http://www.w3.org/2005/11/its" version="1.0">
+ <its:translateRule translate="no" selector="/fontconfig/*[not(self::description)]"/>
+ </its:rules>
+
+ <description>Default configuration file</description>
+
+<!--
+ DO NOT EDIT THIS FILE.
+ IT WILL BE REPLACED WHEN FONTCONFIG IS UPDATED.
+ LOCAL CHANGES BELONG IN 'local.conf'.
+
+ The intent of this standard configuration file is to be adequate for
+ most environments. If you have a reasonably normal environment and
+ have found problems with this configuration, they are probably
+ things that others will also want fixed. Please submit any
+ problems to the fontconfig bugzilla system located at fontconfig.org
+
+ Note that the normal 'make install' procedure for fontconfig is to
+ replace any existing fonts.conf file with the new version. Place
+ any local customizations in local.conf which this file references.
+
+ Keith Packard
+-->
+
+<!-- Font directory list -->
+
+ <dir>/usr/share/fonts</dir>
+ <dir>/usr/local/share/fonts</dir>
+ <dir prefix="xdg">fonts</dir>
+ <!-- the following element will be removed in the future -->
+ <dir>~/.fonts</dir>
+
+<!--
+ Accept deprecated 'mono' alias, replacing it with 'monospace'
+-->
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>mono</string>
+ </test>
+ <edit name="family" mode="assign" binding="same">
+ <string>monospace</string>
+ </edit>
+ </match>
+
+<!--
+ Accept alternate 'sans serif' spelling, replacing it with 'sans-serif'
+-->
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans serif</string>
+ </test>
+ <edit name="family" mode="assign" binding="same">
+ <string>sans-serif</string>
+ </edit>
+ </match>
+
+<!--
+ Accept deprecated 'sans' alias, replacing it with 'sans-serif'
+-->
+ <match target="pattern">
+ <test qual="any" name="family">
+ <string>sans</string>
+ </test>
+ <edit name="family" mode="assign" binding="same">
+ <string>sans-serif</string>
+ </edit>
+ </match>
+
+<!--
+ Ignore dpkg temporary files created in fonts directories
+-->
+ <selectfont>
+ <rejectfont>
+ <glob>*.dpkg-tmp</glob>
+ </rejectfont>
+ </selectfont>
+ <selectfont>
+ <rejectfont>
+ <glob>*.dpkg-new</glob>
+ </rejectfont>
+ </selectfont>
+
+<!--
+ Load local system customization file
+-->
+ <include ignore_missing="yes">conf.d</include>
+
+<!-- Font cache directory list -->
+
+ <cachedir>/var/cache/fontconfig</cachedir>
+ <cachedir prefix="xdg">fontconfig</cachedir>
+ <!-- the following element will be removed in the future -->
+ <cachedir>~/.fontconfig</cachedir>
+
+ <config>
+<!--
+ Rescan configuration every 30 seconds when FcFontSetList is called
+ -->
+ <rescan>
+ <int>30</int>
+ </rescan>
+ </config>
+
+</fontconfig>
--- /dev/null
+# /etc/fstab: static file system information.
+#
+# Use 'blkid' to print the universally unique identifier for a
+# device; this may be used with UUID= as a more robust way to name devices
+# that works even if disks are added and removed. See fstab(5).
+#
+# <file system> <mount point> <type> <options> <dump> <pass>
+# / was on /dev/sda2 during curtin installation
+/dev/disk/by-uuid/f0928f5d-dd43-419c-838b-65f726da56e3 / ext4 defaults 0 0
+/swap.img none swap sw 0 0
--- /dev/null
+# /etc/fuse.conf - Configuration file for Filesystem in Userspace (FUSE)
+
+# Set the maximum number of FUSE mounts allowed to non-root users.
+# The default is 1000.
+#mount_max = 1000
+
+# Allow non-root users to specify the allow_other or allow_root mount options.
+#user_allow_other
--- /dev/null
+[fwupd]
+
+# Allow blocking specific devices by their GUID
+# Uses semicolons as delimiter
+DisabledDevices=
+
+# Allow blocking specific plugins
+# Uses semicolons as delimiter
+DisabledPlugins=test;test_ble;invalid
+
+# Maximum archive size that can be loaded in Mb, with 0 for the default
+ArchiveSizeMax=0
+
+# Idle time in seconds to shut down the daemon -- note some plugins might
+# inhibit the auto-shutdown, for instance thunderbolt.
+#
+# A value of 0 specifies 'never'
+IdleTimeout=7200
+
+# Comma separated list of domains to log in verbose mode
+# If unset, no domains
+# If set to FuValue, FuValue domain (same as --domain-verbose=FuValue)
+# If set to *, all domains (same as --verbose)
+VerboseDomains=
+
+# Update the message of the day (MOTD) on device and metadata changes
+UpdateMotd=true
+
+# For some plugins, enumerate only devices supported by metadata
+EnumerateAllDevices=false
+
+# A list of firmware checksums that has been approved by the site admin
+# If unset, all firmware is approved
+ApprovedFirmware=
+
+# Allow blocking specific devices by their checksum, either SHA1 or SHA256
+# Uses semicolons as delimiter
+BlockedFirmware=
+
+# Allowed URI schemes in the preference order; failed downloads from the first
+# scheme will be retried with the next in order until no choices remain.
+#
+# If unset or no schemes are listed, the default will be: file,https,http,ipfs
+UriSchemes=
+
+# Ignore power levels of devices when running updates
+IgnorePower=false
+
+# Only support installing firmware signed with a trusted key
+OnlyTrusted=true
+
+# A host best known configuration is used when using `fwupdmgr sync` which can
+# downgrade firmware to factory versions or upgrade firmware to a supported
+# config level. e.g. `vendor-factory-2021q1`
+HostBkc=
+
+# these are only required when the SMBIOS or Device Tree data is invalid or missing
+#Manufacturer=
+#ProductName=
+#ProductSku=
+#Family=
+#EnclosureKind=
+#BaseboardProduct=
+#BaseboardManufacturer=
--- /dev/null
+[redfish]
+
+# The URI to the Redfish service in the format <scheme>://<ip>:<port>
+# ex: https://192.168.0.133:443
+#Uri=
+
+# The username and password to the Redfish service
+#Username=
+#Password=
+
+# Whether to verify the server certificate or not
+# Expected value: TRUE or FALSE
+# Default: FALSE
+#CACheck=
+
+# Do not use IPMI KCS to create an initial user account if no SMBIOS data
+IpmiDisableCreateUser=False
--- /dev/null
+[fwupd Remote]
+
+# this remote provides metadata shipped with the fwupd package
+Enabled=true
+Title=Enable UEFI capsule updates on Dell systems
+Keyring=none
+MetadataURI=file:///usr/share/fwupd/remotes.d/dell-esrt/metadata.xml
+ApprovalRequired=false
--- /dev/null
+[fwupd Remote]
+
+# this remote provides metadata and firmware marked as 'testing' from the LVFS
+Enabled=false
+Title=Linux Vendor Firmware Service (testing)
+MetadataURI=https://cdn.fwupd.org/downloads/firmware-testing.xml.gz
+ReportURI=https://fwupd.org/lvfs/firmware/report
+#Username=
+#Password=
+OrderBefore=lvfs,fwupd
+AutomaticReports=false
+ApprovalRequired=false
--- /dev/null
+[fwupd Remote]
+
+# this remote provides metadata and firmware marked as 'stable' from the LVFS
+Enabled=true
+Title=Linux Vendor Firmware Service
+MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz
+ReportURI=https://fwupd.org/lvfs/firmware/report
+SecurityReportURI=https://fwupd.org/lvfs/hsireports/upload
+OrderBefore=fwupd
+AutomaticReports=false
+AutomaticSecurityReports=false
+ApprovalRequired=false
--- /dev/null
+[fwupd Remote]
+# this remote provides dynamically generated metadata shipped by the OS vendor and can
+# be found in /usr/share/fwupd/remotes.d/vendor/firmware
+Enabled=false
+Title=Vendor (Automatic)
+Keyring=none
+MetadataURI=file:///usr/share/fwupd/remotes.d/vendor/firmware
+ApprovalRequired=false
--- /dev/null
+[fwupd Remote]
+# this remote provides metadata shipped by the OS vendor and can be found in
+# /usr/share/fwupd/remotes.d/vendor and firmware in /usr/share/fwupd/remotes.d/vendor/firmware
+Enabled=false
+Title=Vendor
+Keyring=none
+MetadataURI=file:///usr/share/fwupd/remotes.d/vendor/vendor.xml.gz
+ApprovalRequired=false
--- /dev/null
+[thunderbolt]
+
+# Minimum kernel version to allow use of this plugin
+# It's important that all backports from this kernel have been
+# made if using an older kernel
+MinimumKernelVersion=4.13.0
+
+# Forces delaying activation until shutdown/logout/reboot
+DelayedActivation=false
--- /dev/null
+[uefi_capsule]
+
+# use GRUB to launch fwupdx64.efi
+#EnableGrubChainLoad=false
+
+# the shim loader is required to chainload the fwupd EFI binary unless
+# the fwupd.efi file has been self-signed manually
+#DisableShimForSecureBoot=true
+
+# the EFI system partition (ESP) path used if UDisks is not available
+# or if this partition is not mounted at /boot/efi, /boot, or /efi
+#OverrideESPMountPoint=
+
+# amount of free space required on the ESP, for example using 0x2000000 for 32Mb
+#RequireESPFreeSpace=
+
+# with the UEFI removable path enabled, the default esp path is set to /EFI/boot
+# the shim EFI binary and presumably this is $ESP/EFI/boot/bootx64.efi
+#FallbacktoRemovablePath=false
+
+# allow ignoring the CapsuleOnDisk support advertised by the firmware
+#DisableCapsuleUpdateOnDisk=true
--- /dev/null
+[upower]
+
+# The threshold to to require battery be at or above to allow updates
+# Measure in percent
+BatteryThreshold=10
--- /dev/null
+# Configuration for getaddrinfo(3).
+#
+# So far only configuration for the destination address sorting is needed.
+# RFC 3484 governs the sorting. But the RFC also says that system
+# administrators should be able to overwrite the defaults. This can be
+# achieved here.
+#
+# All lines have an initial identifier specifying the option followed by
+# up to two values. Information specified in this file replaces the
+# default information. Complete absence of data of one kind causes the
+# appropriate default information to be used. The supported commands include:
+#
+# reload <yes|no>
+# If set to yes, each getaddrinfo(3) call will check whether this file
+# changed and if necessary reload. This option should not really be
+# used. There are possible runtime problems. The default is no.
+#
+# label <mask> <value>
+# Add another rule to the RFC 3484 label table. See section 2.1 in
+# RFC 3484. The default is:
+#
+#label ::1/128 0
+#label ::/0 1
+#label 2002::/16 2
+#label ::/96 3
+#label ::ffff:0:0/96 4
+#label fec0::/10 5
+#label fc00::/7 6
+#label 2001:0::/32 7
+#
+# This default differs from the tables given in RFC 3484 by handling
+# (now obsolete) site-local IPv6 addresses and Unique Local Addresses.
+# The reason for this difference is that these addresses are never
+# NATed while IPv4 site-local addresses most probably are. Given
+# the precedence of IPv6 over IPv4 (see below) on machines having only
+# site-local IPv4 and IPv6 addresses a lookup for a global address would
+# see the IPv6 be preferred. The result is a long delay because the
+# site-local IPv6 addresses cannot be used while the IPv4 address is
+# (at least for the foreseeable future) NATed. We also treat Teredo
+# tunnels special.
+#
+# precedence <mask> <value>
+# Add another rule to the RFC 3484 precedence table. See section 2.1
+# and 10.3 in RFC 3484. The default is:
+#
+#precedence ::1/128 50
+#precedence ::/0 40
+#precedence 2002::/16 30
+#precedence ::/96 20
+#precedence ::ffff:0:0/96 10
+#
+# For sites which prefer IPv4 connections change the last line to
+#
+#precedence ::ffff:0:0/96 100
+
+#
+# scopev4 <mask> <value>
+# Add another rule to the RFC 6724 scope table for IPv4 addresses.
+# By default the scope IDs described in section 3.2 in RFC 6724 are
+# used. Changing these defaults should hardly ever be necessary.
+# The defaults are equivalent to:
+#
+#scopev4 ::ffff:169.254.0.0/112 2
+#scopev4 ::ffff:127.0.0.0/104 2
+#scopev4 ::ffff:0.0.0.0/96 14
--- /dev/null
+.\" -*- nroff -*-
+.\"
+.\" This file is loaded after an-old.tmac.
+.\" Put any local modifications to an-old.tmac here.
+.
+.if n \{\
+. \" Debian: Map \(oq to ' rather than ` in nroff mode for devices other
+. \" than utf8.
+. if !'\*[.T]'utf8' \
+. tr \[oq]'
+.
+. \" Debian: Disable the use of SGR (ANSI colour) escape sequences by
+. \" grotty.
+. if '\V[GROFF_SGR]'' \
+. output x X tty: sgr 0
+.
+. \" Debian: Strictly, "-" is a hyphen while "\-" is a minus sign, and the
+. \" former may not always be rendered in the form expected for things like
+. \" command-line options. Uncomment this if you want to make sure that
+. \" manual pages you're writing are clear of this problem.
+. \" if '\*[.T]'utf8' \
+. \" char - \[hy]
+.
+. \" Debian: "\-" is more commonly used for option dashes than for minus
+. \" signs in manual pages, so map it to plain "-" for HTML/XHTML output
+. \" rather than letting it be rendered as "−".
+. ie '\*[.T]'html' \
+. char \- \N'45'
+. el \{\
+. if '\*[.T]'xhtml' \
+. char \- \N'45'
+. \}
+.\}
--- /dev/null
+.\" -*- nroff -*-
+.\"
+.\" This file is loaded after doc.tmac.
+.\" Put any local modifications to doc.tmac here.
+.
+.if n \{\
+. \" Debian: Map \(oq to ' rather than ` in nroff mode for devices other
+. \" than utf8.
+. if !'\*[.T]'utf8' \
+. tr \[oq]'
+.
+. \" Debian: Disable the use of SGR (ANSI colour) escape sequences by
+. \" grotty.
+. if '\V[GROFF_SGR]'' \
+. output x X tty: sgr 0
+.
+. \" Debian: Strictly, "-" is a hyphen while "\-" is a minus sign, and the
+. \" former may not always be rendered in the form expected for things like
+. \" command-line options. Uncomment this if you want to make sure that
+. \" manual pages you're writing are clear of this problem.
+. \" if '\*[.T]'utf8' \
+. \" char - \[hy]
+.
+. \" Debian: "\-" is more commonly used for option dashes than for minus
+. \" signs in manual pages, so map it to plain "-" for HTML/XHTML output
+. \" rather than letting it be rendered as "−".
+. ie '\*[.T]'html' \
+. char \- \N'45'
+. el \{\
+. if '\*[.T]'xhtml' \
+. char \- \N'45'
+. \}
+.\}
--- /dev/null
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:syslog
+tty:x:5:syslog
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:gg
+audio:x:29:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+systemd-journal:x:101:
+systemd-network:x:102:
+systemd-resolve:x:103:
+systemd-timesync:x:104:
+crontab:x:105:
+messagebus:x:106:
+input:x:107:
+kvm:x:108:
+render:x:109:
+syslog:x:110:
+tss:x:111:
+uuidd:x:112:
+tcpdump:x:113:
+ssh:x:114:
+landscape:x:115:
+lxd:x:116:
+systemd-coredump:x:999:
+ssl-cert:x:117:postgres
+postgres:x:118:
+shane:x:1001:
+jon:x:1002:
+gg:x:1003:
--- /dev/null
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:syslog,gamesguru
+tty:x:5:syslog
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:gamesguru
+floppy:x:25:
+tape:x:26:
+sudo:x:27:gamesguru,gg
+audio:x:29:
+dip:x:30:gamesguru
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:gamesguru
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+systemd-journal:x:101:
+systemd-network:x:102:
+systemd-resolve:x:103:
+systemd-timesync:x:104:
+crontab:x:105:
+messagebus:x:106:
+input:x:107:
+kvm:x:108:
+render:x:109:
+syslog:x:110:
+tss:x:111:
+uuidd:x:112:
+tcpdump:x:113:
+ssh:x:114:
+landscape:x:115:
+lxd:x:116:gamesguru
+systemd-coredump:x:999:
+gamesguru:x:1000:
+ssl-cert:x:117:postgres
+postgres:x:118:
+shane:x:1001:
+jon:x:1002:
+gg:x:1003:
--- /dev/null
+#! /bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+prefix="/usr"
+exec_prefix="/usr"
+datarootdir="/usr/share"
+grub_lang=`echo $LANG | cut -d . -f 1`
+grubdir="`echo "/boot/grub" | sed 's,//*,/,g'`"
+quick_boot="1"
+
+export TEXTDOMAIN=grub
+export TEXTDOMAINDIR="${datarootdir}/locale"
+
+. "$pkgdatadir/grub-mkconfig_lib"
+
+# Do this as early as possible, since other commands might depend on it.
+# (e.g. the `loadfont' command might need lvm or raid modules)
+for i in ${GRUB_PRELOAD_MODULES} ; do
+ echo "insmod $i"
+done
+
+if [ "x${GRUB_DEFAULT}" = "x" ] ; then GRUB_DEFAULT=0 ; fi
+if [ "x${GRUB_DEFAULT}" = "xsaved" ] ; then GRUB_DEFAULT='${saved_entry}' ; fi
+if [ "x${GRUB_TIMEOUT}" = "x" ] ; then GRUB_TIMEOUT=5 ; fi
+if [ "x${GRUB_GFXMODE}" = "x" ] ; then GRUB_GFXMODE=auto ; fi
+
+if [ "x${GRUB_DEFAULT_BUTTON}" = "x" ] ; then GRUB_DEFAULT_BUTTON="$GRUB_DEFAULT" ; fi
+if [ "x${GRUB_DEFAULT_BUTTON}" = "xsaved" ] ; then GRUB_DEFAULT_BUTTON='${saved_entry}' ; fi
+if [ "x${GRUB_TIMEOUT_BUTTON}" = "x" ] ; then GRUB_TIMEOUT_BUTTON="$GRUB_TIMEOUT" ; fi
+
+cat << EOF
+if [ -s \$prefix/grubenv ]; then
+ set have_grubenv=true
+ load_env
+fi
+EOF
+cat <<EOF
+if [ "\${initrdfail}" = 2 ]; then
+ set initrdfail=
+elif [ "\${initrdfail}" = 1 ]; then
+ set next_entry="\${prev_entry}"
+ set prev_entry=
+ save_env prev_entry
+ if [ "\${next_entry}" ]; then
+ set initrdfail=2
+ fi
+fi
+EOF
+if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ]; then
+ cat <<EOF
+if cmostest $GRUB_BUTTON_CMOS_ADDRESS ; then
+ set default="${GRUB_DEFAULT_BUTTON}"
+elif [ "\${next_entry}" ] ; then
+ set default="\${next_entry}"
+ set next_entry=
+ save_env next_entry
+ set boot_once=true
+else
+ set default="${GRUB_DEFAULT}"
+fi
+EOF
+else
+ cat <<EOF
+if [ "\${next_entry}" ] ; then
+ set default="\${next_entry}"
+ set next_entry=
+ save_env next_entry
+ set boot_once=true
+else
+ set default="${GRUB_DEFAULT}"
+fi
+EOF
+fi
+cat <<EOF
+
+if [ x"\${feature_menuentry_id}" = xy ]; then
+ menuentry_id_option="--id"
+else
+ menuentry_id_option=""
+fi
+
+export menuentry_id_option
+
+if [ "\${prev_saved_entry}" ]; then
+ set saved_entry="\${prev_saved_entry}"
+ save_env saved_entry
+ set prev_saved_entry=
+ save_env prev_saved_entry
+ set boot_once=true
+fi
+
+function savedefault {
+ if [ -z "\${boot_once}" ]; then
+ saved_entry="\${chosen}"
+ save_env saved_entry
+ fi
+}
+EOF
+
+cat <<"EOF"
+function initrdfail {
+ if [ -n "${have_grubenv}" ]; then if [ -n "${partuuid}" ]; then
+ if [ -z "${initrdfail}" ]; then
+ set initrdfail=1
+ if [ -n "${boot_once}" ]; then
+ set prev_entry="${default}"
+ save_env prev_entry
+ fi
+ fi
+ save_env initrdfail
+ fi; fi
+}
+EOF
+
+if [ "$quick_boot" = 1 ]; then
+ cat <<EOF
+function recordfail {
+ set recordfail=1
+EOF
+
+ check_writable () {
+ abstractions="$(grub-probe --target=abstraction "${grubdir}")"
+ for abstraction in $abstractions; do
+ case "$abstraction" in
+ diskfilter | lvm)
+ cat <<EOF
+ # GRUB lacks write support for $abstraction, so recordfail support is disabled.
+EOF
+ return 1
+ ;;
+ esac
+ done
+
+ FS="$(grub-probe --target=fs "${grubdir}")"
+ case "$FS" in
+ btrfs | cpiofs | newc | odc | romfs | squash4 | tarfs | zfs)
+ cat <<EOF
+ # GRUB lacks write support for $FS, so recordfail support is disabled.
+EOF
+ return 1
+ ;;
+ esac
+
+ cat <<EOF
+ if [ -n "\${have_grubenv}" ]; then if [ -z "\${boot_once}" ]; then save_env recordfail; fi; fi
+EOF
+ }
+
+ if ! check_writable; then
+ recordfail_broken=1
+ fi
+
+ cat <<EOF
+}
+EOF
+fi
+
+cat <<EOF
+function load_video {
+EOF
+if [ -n "${GRUB_VIDEO_BACKEND}" ]; then
+ cat <<EOF
+ insmod ${GRUB_VIDEO_BACKEND}
+EOF
+else
+# If all_video.mod isn't available load all modules available
+# with versions prior to introduction of all_video.mod
+cat <<EOF
+ if [ x\$feature_all_video_module = xy ]; then
+ insmod all_video
+ else
+ insmod efi_gop
+ insmod efi_uga
+ insmod ieee1275_fb
+ insmod vbe
+ insmod vga
+ insmod video_bochs
+ insmod video_cirrus
+ fi
+EOF
+fi
+cat <<EOF
+}
+
+EOF
+
+serial=0;
+gfxterm=0;
+for x in ${GRUB_TERMINAL_INPUT} ${GRUB_TERMINAL_OUTPUT}; do
+ if [ xserial = "x$x" ]; then
+ serial=1;
+ fi
+ if [ xgfxterm = "x$x" ]; then
+ gfxterm=1;
+ fi
+done
+
+if [ "x$serial" = x1 ]; then
+ if [ "x${GRUB_SERIAL_COMMAND}" = "x" ] ; then
+ grub_warn "$(gettext "Requested serial terminal but GRUB_SERIAL_COMMAND is unspecified. Default parameters will be used.")"
+ GRUB_SERIAL_COMMAND=serial
+ fi
+ echo "${GRUB_SERIAL_COMMAND}"
+fi
+
+if [ "x$gfxterm" = x1 ]; then
+ if [ -n "$GRUB_FONT" ] ; then
+ # Make the font accessible
+ prepare_grub_to_access_device `${grub_probe} --target=device "${GRUB_FONT}"`
+ cat << EOF
+if loadfont `make_system_path_relative_to_its_root "${GRUB_FONT}"` ; then
+EOF
+ else
+ for dir in "${pkgdatadir}" "`echo '/boot/grub' | sed "s,//*,/,g"`" /usr/share/grub ; do
+ for basename in unicode unifont ascii; do
+ path="${dir}/${basename}.pf2"
+ if is_path_readable_by_grub "${path}" > /dev/null ; then
+ font_path="${path}"
+ else
+ continue
+ fi
+ break 2
+ done
+ done
+ if [ -n "${font_path}" ] ; then
+ cat << EOF
+if [ x\$feature_default_font_path = xy ] ; then
+ font=unicode
+else
+EOF
+ # Make the font accessible
+ prepare_grub_to_access_device `${grub_probe} --target=device "${font_path}"`
+ cat << EOF
+ font="`make_system_path_relative_to_its_root "${font_path}"`"
+fi
+
+if loadfont \$font ; then
+EOF
+ else
+ cat << EOF
+if loadfont unicode ; then
+EOF
+ fi
+ fi
+
+ cat << EOF
+ set gfxmode=${GRUB_GFXMODE}
+ load_video
+ insmod gfxterm
+EOF
+
+# Gettext variables and module
+if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "x" ]; then
+ cat << EOF
+ set locale_dir=\$prefix/locale
+ set lang=${grub_lang}
+ insmod gettext
+EOF
+fi
+
+cat <<EOF
+fi
+EOF
+fi
+
+case x${GRUB_TERMINAL_INPUT} in
+ x)
+ # Just use the native terminal
+ ;;
+ x*)
+ cat << EOF
+terminal_input ${GRUB_TERMINAL_INPUT}
+EOF
+ ;;
+esac
+
+case x${GRUB_TERMINAL_OUTPUT} in
+ x)
+ # Just use the native terminal
+ ;;
+ x*)
+ cat << EOF
+terminal_output ${GRUB_TERMINAL_OUTPUT}
+EOF
+ ;;
+esac
+
+if [ "x$gfxterm" = x1 ]; then
+ if [ "x$GRUB_THEME" != x ] && [ -f "$GRUB_THEME" ] \
+ && is_path_readable_by_grub "$GRUB_THEME"; then
+ gettext_printf "Found theme: %s\n" "$GRUB_THEME" >&2
+
+ prepare_grub_to_access_device `${grub_probe} --target=device "$GRUB_THEME"`
+ cat << EOF
+insmod gfxmenu
+EOF
+ themedir="`dirname "$GRUB_THEME"`"
+ for x in "$themedir"/*.pf2 "$themedir"/f/*.pf2; do
+ if [ -f "$x" ]; then
+ cat << EOF
+loadfont (\$root)`make_system_path_relative_to_its_root $x`
+EOF
+ fi
+ done
+ if [ x"`echo "$themedir"/*.jpg`" != x"$themedir/*.jpg" ] || [ x"`echo "$themedir"/*.jpeg`" != x"$themedir/*.jpeg" ]; then
+ cat << EOF
+insmod jpeg
+EOF
+ fi
+ if [ x"`echo "$themedir"/*.png`" != x"$themedir/*.png" ]; then
+ cat << EOF
+insmod png
+EOF
+ fi
+ if [ x"`echo "$themedir"/*.tga`" != x"$themedir/*.tga" ]; then
+ cat << EOF
+insmod tga
+EOF
+ fi
+
+ cat << EOF
+set theme=(\$root)`make_system_path_relative_to_its_root $GRUB_THEME`
+export theme
+EOF
+ elif [ "x$GRUB_BACKGROUND" != x ] && [ -f "$GRUB_BACKGROUND" ] \
+ && is_path_readable_by_grub "$GRUB_BACKGROUND"; then
+ gettext_printf "Found background: %s\n" "$GRUB_BACKGROUND" >&2
+ case "$GRUB_BACKGROUND" in
+ *.png) reader=png ;;
+ *.tga) reader=tga ;;
+ *.jpg|*.jpeg) reader=jpeg ;;
+ *) gettext "Unsupported image format" >&2; echo >&2; exit 1 ;;
+ esac
+ prepare_grub_to_access_device `${grub_probe} --target=device "$GRUB_BACKGROUND"`
+ cat << EOF
+insmod $reader
+background_image -m stretch `make_system_path_relative_to_its_root "$GRUB_BACKGROUND"`
+EOF
+ fi
+fi
+
+make_timeout ()
+{
+ cat << EOF
+if [ "\${recordfail}" = 1 ] ; then
+ set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30}
+else
+EOF
+ if [ "x${3}" != "x" ] ; then
+ timeout="${2}"
+ style="${3}"
+ elif [ "x${1}" != "x" ] && \
+ ([ "$quick_boot" = 1 ] || [ "x${1}" != "x0" ]) ; then
+ # Handle the deprecated GRUB_HIDDEN_TIMEOUT scheme.
+ timeout="${1}"
+ if [ "x${2}" != "x0" ] ; then
+ grub_warn "$(gettext "Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.")"
+ fi
+ if [ "x${GRUB_HIDDEN_TIMEOUT_QUIET}" = "xtrue" ] ; then
+ style="hidden"
+ verbose=
+ else
+ style="countdown"
+ verbose=" --verbose"
+ fi
+ else
+ # No hidden timeout, so treat as GRUB_TIMEOUT_STYLE=menu
+ timeout="${2}"
+ style="menu"
+ fi
+ cat << EOF
+ if [ x\$feature_timeout_style = xy ] ; then
+ set timeout_style=${style}
+ set timeout=${timeout}
+EOF
+ if [ "x${style}" = "xmenu" ] ; then
+ cat << EOF
+ # Fallback normal timeout code in case the timeout_style feature is
+ # unavailable.
+ else
+ set timeout=${timeout}
+EOF
+ else
+ cat << EOF
+ # Fallback hidden-timeout code in case the timeout_style feature is
+ # unavailable.
+ elif sleep${verbose} --interruptible ${timeout} ; then
+ set timeout=0
+EOF
+ fi
+ cat << EOF
+ fi
+fi
+EOF
+if [ "$recordfail_broken" = 1 ]; then
+ cat << EOF
+if [ \$grub_platform = efi ]; then
+ set timeout=${GRUB_RECORDFAIL_TIMEOUT:-30}
+ if [ x\$feature_timeout_style = xy ] ; then
+ set timeout_style=menu
+ fi
+fi
+EOF
+fi
+}
+
+if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ]; then
+ cat <<EOF
+if cmostest $GRUB_BUTTON_CMOS_ADDRESS ; then
+EOF
+make_timeout "${GRUB_HIDDEN_TIMEOUT_BUTTON}" "${GRUB_TIMEOUT_BUTTON}" "${GRUB_TIMEOUT_STYLE_BUTTON}"
+echo else
+make_timeout "${GRUB_HIDDEN_TIMEOUT}" "${GRUB_TIMEOUT}" "${GRUB_TIMEOUT_STYLE}"
+echo fi
+else
+make_timeout "${GRUB_HIDDEN_TIMEOUT}" "${GRUB_TIMEOUT}" "${GRUB_TIMEOUT_STYLE}"
+fi
+
+if [ "x$GRUB_BUTTON_CMOS_ADDRESS" != "x" ] && [ "x$GRUB_BUTTON_CMOS_CLEAN" = "xyes" ]; then
+ cat <<EOF
+cmosclean $GRUB_BUTTON_CMOS_ADDRESS
+EOF
+fi
+
+# Play an initial tune
+if [ "x${GRUB_INIT_TUNE}" != "x" ] ; then
+ echo "play ${GRUB_INIT_TUNE}"
+fi
+
+if [ "x${GRUB_BADRAM}" != "x" ] ; then
+ echo "badram ${GRUB_BADRAM}"
+fi
--- /dev/null
+#!/bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2010 Alexander Kurtz <kurtz.alex@googlemail.com>
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+# Include the GRUB helper library for grub-mkconfig.
+. /usr/share/grub/grub-mkconfig_lib
+
+# We want to work in /boot/grub/ only.
+test -d /boot/grub; cd /boot/grub
+
+# Set the location of a possibly necessary cache file for the background image.
+# NOTE: This MUST BE A DOTFILE to avoid confusing it with user-defined images.
+BACKGROUND_CACHE=".background_cache"
+
+set_default_theme(){
+ case $GRUB_DISTRIBUTOR in
+ Tanglu|Ubuntu|Kubuntu)
+ # Set a monochromatic theme for Tanglu/Ubuntu.
+ echo "${1}set menu_color_normal=white/black"
+ echo "${1}set menu_color_highlight=black/light-gray"
+
+ if [ -e /usr/share/plymouth/themes/default.grub ]; then
+ sed "s/^/${1}/" /usr/share/plymouth/themes/default.grub
+ fi
+ # For plymouth backward compatiblity. Can be removed
+ # after xenial.
+ if [ -e /lib/plymouth/themes/default.grub ]; then
+ sed "s/^/${1}/" /lib/plymouth/themes/default.grub
+ fi
+ ;;
+ *)
+ # Set the traditional Debian blue theme.
+ echo "${1}set menu_color_normal=cyan/blue"
+ echo "${1}set menu_color_highlight=white/blue"
+ ;;
+ esac
+}
+
+module_available(){
+ local module
+ for module in "${1}.mod" */"${1}.mod"; do
+ if [ -f "${module}" ]; then
+ return 0
+ fi
+ done
+ return 1
+}
+
+set_background_image(){
+ # Step #1: Search all available output modes ...
+ local output
+ for output in ${GRUB_TERMINAL_OUTPUT}; do
+ if [ "x$output" = "xgfxterm" ]; then
+ break
+ fi
+ done
+
+ # ... and check if we are able to display a background image at all.
+ if ! [ "x${output}" = "xgfxterm" ]; then
+ return 1
+ fi
+
+ # Step #2: Check if the specified background image exists.
+ if ! [ -f "${1}" ]; then
+ return 2
+ fi
+
+ # Step #3: Search the correct GRUB module for our background image.
+ local reader
+ case "${1}" in
+ *.jpg|*.JPG|*.jpeg|*.JPEG) reader="jpeg";;
+ *.png|*.PNG) reader="png";;
+ *.tga|*.TGA) reader="tga";;
+ *) return 3;; # Unknown image type.
+ esac
+
+ # Step #4: Check if the necessary GRUB module is available.
+ if ! module_available "${reader}"; then
+ return 4
+ fi
+
+ # Step #5: Check if GRUB can read the background image directly.
+ # If so, we can remove the cache file (if any). Otherwise the backgound
+ # image needs to be cached under /boot/grub/.
+ if is_path_readable_by_grub "${1}"; then
+ rm --force "${BACKGROUND_CACHE}.jpeg" \
+ "${BACKGROUND_CACHE}.png" "${BACKGROUND_CACHE}.tga"
+ elif cp "${1}" "${BACKGROUND_CACHE}.${reader}"; then
+ set -- "${BACKGROUND_CACHE}.${reader}" "${2}" "${3}"
+ else
+ return 5
+ fi
+
+ # Step #6: Prepare GRUB to read the background image.
+ if ! prepare_grub_to_access_device "`${grub_probe} --target=device "${1}"`"; then
+ return 6
+ fi
+
+ # Step #7: Everything went fine, print out a message to stderr ...
+ echo "Found background image: ${1}" >&2
+
+ # ... and write our configuration snippet to stdout. Use the colors
+ # desktop-base specified. If we're using a user-defined background, use
+ # the default colors since we've got no idea how the image looks like.
+ # If loading the background image fails, use the default theme.
+ echo "insmod ${reader}"
+ echo "if background_image `make_system_path_relative_to_its_root "${1}"`; then"
+ if [ -n "${2}" ]; then
+ echo " set color_normal=${2}"
+ fi
+ if [ -n "${3}" ]; then
+ echo " set color_highlight=${3}"
+ fi
+ if [ -z "${2}" ] && [ -z "${3}" ]; then
+ echo " true"
+ fi
+ echo "else"
+ set_default_theme " "
+ echo "fi"
+}
+
+# Earlier versions of grub-pc copied the default background image to /boot/grub
+# during postinst. Remove those obsolete images if they haven't been touched by
+# the user. They are still available under /usr/share/images/desktop-base/ if
+# desktop-base is installed.
+while read checksum background; do
+ if [ -f "${background}" ] && [ "x`sha1sum "${background}"`" = "x${checksum} ${background}" ]; then
+ echo "Removing old background image: ${background}" >&2
+ rm "${background}"
+ fi
+done <<EOF
+648ee65dd0c157a69b019a5372cbcfea4fc754a5 debian-blueish-wallpaper-640x480.png
+0431e97a6c661084c59676c4baeeb8c2f602edb8 debian-blueish-wallpaper-640x480.png
+968ecf6696c5638cfe80e8e70aba239526270864 debian-blueish-wallpaper-640x480.tga
+11143e8c92a073401de0b0fd42d0c052af4ccd9b moreblue-orbit-grub.png
+d00d5e505ab63f2d53fa880bfac447e2d3bb197c moreblue-orbit-grub.png
+f5b12c1009ec0a3b029185f6b66cd0d7e5611019 moreblue-orbit-grub.png
+EOF
+
+# Include the configuration of desktop-base if available.
+if [ -f "/usr/share/desktop-base/grub_background.sh" ]; then
+ . "/usr/share/desktop-base/grub_background.sh"
+fi
+
+# First check whether the user has specified a background image explicitly.
+# If so, try to use it. Don't try the other possibilities in that case
+# (#608263).
+if [ -n "${GRUB_BACKGROUND+x}" ]; then
+ set_background_image "${GRUB_BACKGROUND}" || set_default_theme
+ exit 0
+fi
+
+# Next search for pictures the user put into /boot/grub/ and use the first one.
+for background in *.jpg *.JPG *.jpeg *.JPEG *.png *.PNG *.tga *.TGA; do
+ if set_background_image "${background}"; then
+ exit 0
+ fi
+done
+
+# Next try to use the background image and colors specified by desktop-base.
+if set_background_image "${WALLPAPER}" "${COLOR_NORMAL}" "${COLOR_HIGHLIGHT}"; then
+ exit 0
+fi
+
+# If we haven't found a background image yet, use the default from desktop-base.
+case $GRUB_DISTRIBUTOR in
+ Ubuntu|Kubuntu)
+ ;;
+ Tanglu)
+ if set_background_image "/usr/share/images/grub/grub.png"; then
+ exit 0
+ fi
+ ;;
+ *)
+ if set_background_image "/usr/share/images/desktop-base/desktop-grub.png"; then
+ exit 0
+ fi
+ ;;
+esac
+
+# Finally, if all of the above fails, use the default theme.
+set_default_theme
--- /dev/null
+#! /bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+prefix="/usr"
+exec_prefix="/usr"
+datarootdir="/usr/share"
+ubuntu_recovery="1"
+quiet_boot="1"
+quick_boot="1"
+gfxpayload_dynamic="1"
+vt_handoff="1"
+
+. "$pkgdatadir/grub-mkconfig_lib"
+
+export TEXTDOMAIN=grub
+export TEXTDOMAINDIR="${datarootdir}/locale"
+
+CLASS="--class gnu-linux --class gnu --class os"
+SUPPORTED_INITS="sysvinit:/lib/sysvinit/init systemd:/lib/systemd/systemd upstart:/sbin/upstart"
+
+if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
+ OS=GNU/Linux
+else
+ case ${GRUB_DISTRIBUTOR} in
+ Ubuntu|Kubuntu)
+ OS="${GRUB_DISTRIBUTOR}"
+ ;;
+ *)
+ OS="${GRUB_DISTRIBUTOR} GNU/Linux"
+ ;;
+ esac
+ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
+fi
+
+# loop-AES arranges things so that /dev/loop/X can be our root device, but
+# the initrds that Linux uses don't like that.
+case ${GRUB_DEVICE} in
+ /dev/loop/*|/dev/loop[0-9])
+ GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
+ # We can't cope with devices loop-mounted from files here.
+ case ${GRUB_DEVICE} in
+ /dev/*) ;;
+ *) exit 0 ;;
+ esac
+ ;;
+esac
+
+# Default to disabling partition uuid support to maintian compatibility with
+# older kernels.
+GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true}
+
+# get_dm_field_for_dev /dev/dm-0 uuid -> get the device mapper UUID for /dev/dm-0
+# get_dm_field_for_dev /dev/dm-1 name -> get the device mapper name for /dev/dm-1
+# etc
+get_dm_field_for_dev () {
+ dmsetup info -c --noheadings -o $2 $1 2>/dev/null
+}
+
+# Is $1 a multipath device?
+is_multipath () {
+ local dmuuid dmtype
+ dmuuid="$(get_dm_field_for_dev $1 uuid)"
+ if [ $? -ne 0 ]; then
+ # Not a device mapper device -- or dmsetup not installed, and as
+ # multipath depends on kpartx which depends on dmsetup, if there is no
+ # dmsetup then there are not going to be any multipath devices.
+ return 1
+ fi
+ # A device mapper "uuid" is always <type>-<uuid>. If <type> is of the form
+ # part[0-9] then <uuid> is the device the partition is on and we want to
+ # look at that instead. A multipath node always has <type> of mpath.
+ dmtype="${dmuuid%%-*}"
+ if [ "${dmtype#part}" != "$dmtype" ]; then
+ dmuuid="${dmuuid#*-}"
+ dmtype="${dmuuid%%-*}"
+ fi
+ if [ "$dmtype" = "mpath" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+if test -e "${GRUB_DEVICE}" && is_multipath "${GRUB_DEVICE}"; then
+ # If / is multipathed, there will be multiple paths to the partition, so
+ # using root=UUID= exposes the boot process to udev races. In addition
+ # GRUB_DEVICE in this case will be /dev/dm-0 or similar -- better to use a
+ # symlink that depends on the multipath name.
+ GRUB_DEVICE=/dev/mapper/"$(get_dm_field_for_dev $GRUB_DEVICE name)"
+ GRUB_DISABLE_LINUX_UUID=true
+fi
+
+# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter
+# and mounting btrfs requires user space scanning, so force UUID in this case.
+if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \
+ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
+ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \
+ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
+ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \
+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
+ LINUX_ROOT_DEVICE=${GRUB_DEVICE}
+elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \
+ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then
+ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID}
+else
+ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
+fi
+
+case x"$GRUB_FS" in
+ xbtrfs)
+ rootsubvol="`make_system_path_relative_to_its_root /`"
+ rootsubvol="${rootsubvol#/}"
+ if [ "x${rootsubvol}" != x ]; then
+ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
+ fi;;
+ xzfs)
+ # We have a more specialized ZFS handler, with multiple system in 10_linux_zfs.
+ if [ -e "`dirname $(readlink -f $0)`/10_linux_zfs" ]; then
+ exit 0
+ fi
+ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true`
+ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`"
+ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}"
+ ;;
+esac
+
+title_correction_code=
+
+if [ -x /lib/recovery-mode/recovery-menu ]; then
+ GRUB_CMDLINE_LINUX_RECOVERY=recovery
+else
+ GRUB_CMDLINE_LINUX_RECOVERY=single
+fi
+if [ "$ubuntu_recovery" = 1 ]; then
+ GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY nomodeset"
+fi
+
+if [ "$vt_handoff" = 1 ]; then
+ for word in $GRUB_CMDLINE_LINUX_DEFAULT; do
+ if [ "$word" = splash ]; then
+ GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT \$vt_handoff"
+ fi
+ done
+fi
+
+if [ x"$GRUB_FORCE_PARTUUID" != x ]; then
+ gettext_printf "GRUB_FORCE_PARTUUID is set, will attempt initrdless boot\n" >&2
+ cat << EOF
+#
+# GRUB_FORCE_PARTUUID is set, will attempt initrdless boot
+# Upon panic fallback to booting with initrd
+EOF
+ echo "set partuuid=${GRUB_FORCE_PARTUUID}"
+fi
+
+linux_entry ()
+{
+ os="$1"
+ version="$2"
+ type="$3"
+ args="$4"
+
+ if [ -z "$boot_device_id" ]; then
+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+ fi
+ if [ x$type != xsimple ] ; then
+ case $type in
+ recovery)
+ title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" ;;
+ init-*)
+ title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "${type#init-}")" ;;
+ *)
+ title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;;
+ esac
+ if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
+ replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
+ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
+ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
+ grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")"
+ fi
+ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+ else
+ echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+ fi
+ if [ "$quick_boot" = 1 ]; then
+ echo " recordfail" | sed "s/^/$submenu_indentation/"
+ fi
+ if [ x$type != xrecovery ] ; then
+ save_default_entry | grub_add_tab
+ fi
+
+ # Use ELILO's generic "efifb" when it's known to be available.
+ # FIXME: We need an interface to select vesafb in case efifb can't be used.
+ if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then
+ echo " load_video" | sed "s/^/$submenu_indentation/"
+ else
+ if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then
+ echo " load_video" | sed "s/^/$submenu_indentation/"
+ fi
+ fi
+ if ([ "$ubuntu_recovery" = 0 ] || [ x$type != xrecovery ]) && \
+ ([ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 1 ]); then
+ echo " gfxmode \$linux_gfx_mode" | sed "s/^/$submenu_indentation/"
+ fi
+
+ echo " insmod gzio" | sed "s/^/$submenu_indentation/"
+ echo " if [ x\$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi" | sed "s/^/$submenu_indentation/"
+
+ if [ x$dirname = x/ ]; then
+ if [ -z "${prepare_root_cache}" ]; then
+ prepare_root_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE} | grub_add_tab)"
+ fi
+ printf '%s\n' "${prepare_root_cache}" | sed "s/^/$submenu_indentation/"
+ else
+ if [ -z "${prepare_boot_cache}" ]; then
+ prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)"
+ fi
+ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
+ fi
+ if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
+ message="$(gettext_printf "Loading Linux %s ..." ${version})"
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$message" | grub_quote)'
+EOF
+ fi
+ if test -d /sys/firmware/efi && test -e "${linux}.efi.signed"; then
+ sed "s/^/$submenu_indentation/" << EOF
+ linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args}
+EOF
+ else
+ # We have initrd and PARTUUID is set - we try to boot without initrd, and fallback to using it
+ # if it fails.
+ # "panic=-1" means "on panic reboot immediately". "panic=0" disables the reboot behavior.
+ if [ x"$GRUB_FORCE_PARTUUID" != x ]; then
+ linux_root_device_thisversion="PARTUUID=${GRUB_FORCE_PARTUUID}"
+ fi
+ message="$(gettext_printf "Loading initial ramdisk ...")"
+ initrdlessfail_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.")"
+ initrdlesstry_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, attempting initrdless boot.")"
+ initrd_path=
+ for i in ${initrd}; do
+ initrd_path="${initrd_path} ${rel_dirname}/${i}"
+ done
+ initrd_path_only_early=
+ for i in ${initrd_early}; do
+ initrd_path_only_early="${initrd_path_only_early} ${rel_dirname}/${i}"
+ done
+ if test -n "${initrd}" && [ x"$GRUB_FORCE_PARTUUID" != x ]; then
+ sed "s/^/$submenu_indentation/" << EOF
+ if [ "\${initrdfail}" = 1 ]; then
+ echo '$(echo "$initrdlessfail_msg" | grub_quote)'
+ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
+EOF
+ if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$message" | grub_quote)'
+EOF
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+ initrd $(echo $initrd_path)
+ else
+ echo '$(echo "$initrdlesstry_msg" | grub_quote)'
+ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} panic=-1
+EOF
+ if [ -n "$initrd_path_only_early" ]; then
+ sed "s/^/$submenu_indentation/" << EOF
+ initrd $(echo $initrd_path_only_early)
+EOF
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+ fi
+ initrdfail
+EOF
+ else
+ # We don't have initrd or we don't want to set PARTUUID. Don't try initrd-less boot with fallback.
+ sed "s/^/$submenu_indentation/" << EOF
+ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
+EOF
+ if test -n "${initrd}"; then
+ # We do have initrd - let's use it at boot.
+ # TRANSLATORS: ramdisk isn't identifier. Should be translated.
+ if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$message" | grub_quote)'
+EOF
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+ initrd $(echo $initrd_path)
+EOF
+ fi
+ fi
+ if test -n "${dtb}" ; then
+ if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then
+ message="$(gettext_printf "Loading device tree blob...")"
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$message" | grub_quote)'
+EOF
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+ devicetree ${rel_dirname}/${dtb}
+EOF
+ fi
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+}
+EOF
+}
+
+machine=`uname -m`
+case "x$machine" in
+ xi?86 | xx86_64)
+ list=
+ for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do
+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
+ done ;;
+ *)
+ list=
+ for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do
+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi
+ done ;;
+esac
+
+case "$machine" in
+ i?86) GENKERNEL_ARCH="x86" ;;
+ mips|mips64) GENKERNEL_ARCH="mips" ;;
+ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
+ arm*) GENKERNEL_ARCH="arm" ;;
+ *) GENKERNEL_ARCH="$machine" ;;
+esac
+
+case "$GENKERNEL_ARCH" in
+ x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";;
+esac
+
+prepare_boot_cache=
+prepare_root_cache=
+boot_device_id=
+title_correction_code=
+
+cat << 'EOF'
+function gfxmode {
+ set gfxpayload="${1}"
+EOF
+if [ "$vt_handoff" = 1 ]; then
+ cat << 'EOF'
+ if [ "${1}" = "keep" ]; then
+ set vt_handoff=vt.handoff=7
+ else
+ set vt_handoff=
+ fi
+EOF
+fi
+cat << EOF
+}
+EOF
+
+# Use ELILO's generic "efifb" when it's known to be available.
+# FIXME: We need an interface to select vesafb in case efifb can't be used.
+if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 0 ]; then
+ echo "set linux_gfx_mode=$GRUB_GFXPAYLOAD_LINUX"
+else
+ cat << EOF
+if [ "\${recordfail}" != 1 ]; then
+ if [ -e \${prefix}/gfxblacklist.txt ]; then
+ if [ \${grub_platform} != pc ]; then
+ set linux_gfx_mode=keep
+ elif hwmatch \${prefix}/gfxblacklist.txt 3; then
+ if [ \${match} = 0 ]; then
+ set linux_gfx_mode=keep
+ else
+ set linux_gfx_mode=text
+ fi
+ else
+ set linux_gfx_mode=text
+ fi
+ else
+ set linux_gfx_mode=keep
+ fi
+else
+ set linux_gfx_mode=text
+fi
+EOF
+fi
+cat << EOF
+export linux_gfx_mode
+EOF
+
+# Extra indentation to add to menu entries in a submenu. We're not in a submenu
+# yet, so it's empty. In a submenu it will be equal to '\t' (one tab).
+submenu_indentation=""
+
+is_top_level=true
+while [ "x$list" != "x" ] ; do
+ linux=`version_find_latest $list`
+ case $linux in
+ *.efi.signed)
+ # We handle these in linux_entry.
+ list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
+ continue
+ ;;
+ esac
+ gettext_printf "Found linux image: %s\n" "$linux" >&2
+ basename=`basename $linux`
+ dirname=`dirname $linux`
+ rel_dirname=`make_system_path_relative_to_its_root $dirname`
+ version=`echo $basename | sed -e "s,^[^0-9]*-,,g"`
+ alt_version=`echo $version | sed -e "s,\.old$,,g"`
+ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
+
+ initrd_early=
+ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \
+ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do
+ if test -e "${dirname}/${i}" ; then
+ initrd_early="${initrd_early} ${i}"
+ fi
+ done
+
+ initrd_real=
+ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
+ "initrd-${version}" "initramfs-${version}.img" \
+ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+ "initrd-${alt_version}" "initramfs-${alt_version}.img" \
+ "initramfs-genkernel-${version}" \
+ "initramfs-genkernel-${alt_version}" \
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
+ if test -e "${dirname}/${i}" ; then
+ initrd_real="${i}"
+ break
+ fi
+ done
+
+ initrd=
+ if test -n "${initrd_early}" || test -n "${initrd_real}"; then
+ initrd="${initrd_early} ${initrd_real}"
+
+ initrd_display=
+ for i in ${initrd}; do
+ initrd_display="${initrd_display} ${dirname}/${i}"
+ done
+ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
+ fi
+
+ dtb=
+ for i in "dtb-${version}" "dtb-${alt_version}" "dtb"; do
+ if test -e "${dirname}/${i}" ; then
+ dtb="$i"
+ break
+ fi
+ done
+
+ config=
+ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
+ if test -e "${i}" ; then
+ config="${i}"
+ break
+ fi
+ done
+
+ initramfs=
+ if test -n "${config}" ; then
+ initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"`
+ fi
+
+ if test -z "${initramfs}" && test -z "${initrd_real}" ; then
+ # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's
+ # no initrd or builtin initramfs, it can't work here.
+ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \
+ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then
+
+ linux_root_device_thisversion=${GRUB_DEVICE}
+ else
+ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID}
+ fi
+ fi
+
+ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then
+ linux_entry "${OS}" "${version}" simple \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+
+ submenu_indentation="$grub_tab"
+
+ if [ -z "$boot_device_id" ]; then
+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+ fi
+ # TRANSLATORS: %s is replaced with an OS name
+ echo "submenu '$(gettext_printf "Advanced options for %s" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
+ is_top_level=false
+ fi
+
+ linux_entry "${OS}" "${version}" advanced \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+ for supported_init in ${SUPPORTED_INITS}; do
+ init_path="${supported_init#*:}"
+ if [ -x "${init_path}" ] && [ "$(readlink -f /sbin/init)" != "$(readlink -f "${init_path}")" ]; then
+ linux_entry "${OS}" "${version}" "init-${supported_init%%:*}" \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} init=${init_path}"
+ fi
+ done
+ if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
+ linux_entry "${OS}" "${version}" recovery \
+ "${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}"
+ fi
+
+ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
+done
+
+# If at least one kernel was found, then we need to
+# add a closing '}' for the submenu command.
+if [ x"$is_top_level" != xtrue ]; then
+ echo '}'
+fi
+
+echo "$title_correction_code"
--- /dev/null
+#! /bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2019 Canonical Ltd.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+prefix="/usr"
+datarootdir="/usr/share"
+ubuntu_recovery="1"
+quiet_boot="1"
+quick_boot="1"
+gfxpayload_dynamic="1"
+vt_handoff="1"
+
+. "${pkgdatadir}/grub-mkconfig_lib"
+
+export TEXTDOMAIN=grub
+export TEXTDOMAINDIR="${datarootdir}/locale"
+
+set -u
+
+## Skip early if zfs utils isn't installed (instead of failing on first zpool list)
+if ! `which zfs >/dev/null 2>&1`; then
+ exit 0
+fi
+
+imported_pools=""
+MNTDIR="$(mktemp -d ${TMPDIR:-/tmp}/zfsmnt.XXXXXX)"
+ZFSTMP="$(mktemp -d ${TMPDIR:-/tmp}/zfstmp.XXXXXX)"
+
+
+machine="$(uname -m)"
+case "${machine}" in
+ i?86) GENKERNEL_ARCH="x86" ;;
+ mips|mips64) GENKERNEL_ARCH="mips" ;;
+ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
+ arm*) GENKERNEL_ARCH="arm" ;;
+ *) GENKERNEL_ARCH="${machine}" ;;
+esac
+
+RC=0
+on_exit() {
+ # Restore initial zpool import state
+ for pool in ${imported_pools}; do
+ zpool export "${pool}"
+ done
+
+ mountpoint -q "${MNTDIR}" && umount "${MNTDIR}" || true
+ rmdir "${MNTDIR}"
+ rm -rf "${ZFSTMP}"
+ exit "${RC}"
+}
+trap on_exit EXIT INT QUIT ABRT PIPE TERM
+
+# List ONLINE and DEGRADED pools
+import_pools() {
+ # We have to ignore zpool import output, as potentially multiple / will be available,
+ # and we need to autodetect all zpools this way with their real mountpoints.
+ local initial_pools="$(zpool list | awk '{if (NR>1) print $1}')"
+ local all_pools=""
+ local imported_pools=""
+ local err=""
+
+ set +e
+ err="$(zpool import -f -a -o cachefile=none -o readonly=on -N 2>&1)"
+ # Only print stderr if the command returned an error
+ # (it can echo "No zpool to import" with success, which we don't want)
+ if [ $? -ne 0 ]; then
+ echo "Some pools couldn't be imported and will be ignored:\n${err}" >&2
+ fi
+ set -e
+
+ all_pools="$(zpool list | awk '{if (NR>1) print $1}')"
+ for pool in ${all_pools}; do
+ if echo "${initial_pools}" | grep -wq "${pool}"; then
+ continue
+ fi
+ imported_pools="${imported_pools} ${pool}"
+ done
+
+ echo "${imported_pools}"
+}
+
+# List all the dataset with a root mountpoint
+get_root_datasets() {
+ local pools="$(zpool list | awk '{if (NR>1) print $1}')"
+
+ for p in ${pools}; do
+ local rel_pool_root=$(zpool get -H altroot ${p} | awk '{print $3}')
+ if [ "${rel_pool_root}" = "-" ]; then
+ rel_pool_root="/"
+ fi
+
+ zfs list -H -o name,canmount,mountpoint -t filesystem | grep -E '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'$' | awk '{print $1}'
+ done
+}
+
+# find if given datasets can be mounted for directory and return its path (snapshot or real path)
+# $1 is our current dataset name
+# $2 directory path we look for (cannot contains /)
+# $3 is the temporary mount directory to use
+# $4 is the optional snapshot name
+# return path for directory (which can be a mountpoint)
+validate_system_dataset() {
+ local dataset="$1"
+ local directory="$2"
+ local mntdir="$3"
+ local snapshot_name="$4"
+
+ local mount_path="${mntdir}/${directory}"
+
+ if ! zfs list "${dataset}" >/dev/null 2>&1; then
+ return
+ fi
+
+ if ! mount -o noatime,zfsutil -t zfs "${dataset}" "${mount_path}"; then
+ grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset}@${snapshot_name}'. Ignoring"
+ return
+ fi
+
+ local candidate_path="${mount_path}"
+ if [ -n "${snapshot_name}" ]; then
+ # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958
+ # Reading the content of a snapshot fails if it is not the first mount
+ # for a given dataset
+ first_mntdir=$(awk '{if ($1 == "'${dataset}'") {print $2; exit;}}' /proc/mounts)
+ if [ "${first_mntdir}" = "/" ]; then
+ # prevents // on candidate_path
+ first_mntdir=""
+ fi
+ candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}"
+ fi
+
+ if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then
+ echo "${candidate_path}"
+ return
+ else
+ mountpoint -q "${mount_path}" && umount "${mount_path}" || true
+ fi
+}
+
+# Detect system directory relevant to the other, trying to find the ones associated on the current dataset or snapshot/
+# System directory should be at most a direct child dataset of main datasets (no recursivity)
+# We can fallback trying other zfs pools if no match has been found.
+# $1 is our current dataset name (which can have @snapshot name)
+# $2 directory path we look for (cannot contains /)
+# $3 restrict_to_same_pool (true|false) force looking for dataset with the same basename in the current dataset pool only
+# $4 is the temporary mount directory to use
+# $5 is the optional etc directory (if not $2 is not etc itself)
+# return path for directory (which can be a mountpoint)
+get_system_directory() {
+ local dataset_path="$1"
+ local directory="$2"
+ local restrict_to_same_pool="$3"
+ local mntdir="$4"
+ local etc_dir="$5"
+
+ if [ -z "${etc_dir}" ]; then
+ etc_dir="${mntdir}/etc"
+ fi
+
+ local candidate_path="${mntdir}/${directory}"
+
+ # 1. Look for /etc/fstab first (which will mount even on top of non empty $directory)
+ local mounted_fstab_entry="false"
+ if [ -f "${etc_dir}/fstab" ]; then
+ mount_args=$(awk '/^[^#].*[ \t]\/'"${directory}"'[ \t]/ {print "-t", $3, $1}' "${etc_dir}/fstab")
+ if [ -n "${mount_args}" ]; then
+ mounted_fstab_entry="true"
+ mount -o noatime ${mount_args} "${candidate_path}" || mounted_fstab_entry="false"
+ fi
+ fi
+
+ # If directory isn't empty. Only count if coming from /etc/fstab. Will be
+ # handled below otherwise as we are interested in potential snapshots.
+ if [ "${mounted_fstab_entry}" = "true" -a -n "$(ls ${candidate_path} 2>/dev/null)" ]; then
+ echo "${candidate_path}"
+ return
+ fi
+
+ # 2. Handle zfs case, which can be a snapshots.
+
+ local base_dataset_path="${dataset_path}"
+ local snapshot_name=""
+ # For snapshots we extract the parent dataset
+ if echo "${dataset_path}" | grep -q '@'; then
+ base_dataset_path=$(echo "${dataset_path}" | cut -d '@' -f1)
+ snapshot_name=$(echo "${dataset_path}" | cut -d '@' -f2)
+ fi
+ base_dataset_name="${base_dataset_path##*/}"
+ base_pool="$(echo "${base_dataset_path}" | cut -d'/' -f1)"
+
+ # 2.a) Look for child dataset included in base dataset, which needs to hold same snapshot if any
+ candidate_path=$(validate_system_dataset "${base_dataset_path}/${directory}" "${directory}" "${mntdir}" "${snapshot_name}")
+ if [ -n "${candidate_path}" ]; then
+ echo "${candidate_path}"
+ return
+ fi
+
+ # 2.b) Look for current dataset (which is already mounted as /)
+ candidate_path="${mntdir}/${directory}"
+ if [ -n "${snapshot_name}" ]; then
+ # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958
+ # Reading the content of a snapshot fails if it is not the first mount
+ # for a given dataset
+ first_mntdir=$(awk '{if ($1 == "'${base_dataset_path}'") {print $2; exit;}}' /proc/mounts)
+ if [ "${first_mntdir}" = "/" ]; then
+ # prevents // on candidate_path
+ first_mntdir=""
+ fi
+ candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}/${directory}"
+ fi
+ if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then
+ echo "${candidate_path}"
+ return
+ fi
+
+ # 2.c) Look for every datasets in every pool which isn't the current dataset which holds:
+ # - the same dataset name (last section) than our base_dataset_name
+ # - mountpoint=directory
+ # - canmount!=off
+ all_same_base_dataset_name="$(zfs list -H -t filesystem -o name,canmount | awk '/^[^ ]+\/'"${base_dataset_name}"'[ \t](on|noauto)/ {print $1}') "
+
+ # order by local pool datasets first
+ current_pool_same_base_datasets=""
+ other_pools_same_base_datasets=""
+ root_pool=$(echo "${dataset_path%%/*}")
+ for d in ${all_same_base_dataset_name}; do
+ cur_dataset_pool=$(echo "${d%%/*}")
+ if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then
+ current_pool_same_base_datasets="${current_pool_same_base_datasets} ${d}"
+ else
+ other_pools_same_base_datasets="${other_pools_same_base_datasets} ${d}"
+ fi
+ done
+ ordered_same_base_datasets="${current_pool_same_base_datasets} ${other_pools_same_base_datasets}"
+ if [ "${restrict_to_same_pool}" = "true" ]; then
+ ordered_same_base_datasets="${current_pool_same_base_datasets}"
+ fi
+
+ # now, loop over them
+ for d in ${ordered_same_base_datasets}; do
+ cur_dataset_pool=$(echo "${d%%/*}")
+
+ rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}')
+ if [ "${rel_pool_root}" = "-" ]; then
+ rel_pool_root=""
+ fi
+
+ # check mountpoint match
+ candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}')
+ if [ -z "${candidate_dataset}" ]; then
+ continue
+ fi
+
+ candidate_path=$(validate_system_dataset "${candidate_dataset}" "${directory}" "${mntdir}" "${snapshot_name}")
+ if [ -n "${candidate_path}" ]; then
+ echo "${candidate_path}"
+ return
+ fi
+ done
+
+ # 2.d) If we didn't find anything yet: check for persistent datasets corresponding to our mountpoint, with canmount=on without any snapshot associated:
+ # Note: we go over previous datasets as well, but this is ok, as we didn't include them before.
+ all_mountable_datasets="$(zfs list -t filesystem -o name,canmount | awk '/^[^ ]+[ \t]+on/ {print $1}')"
+
+ # order by local pool datasets first
+ current_pool_datasets=""
+ other_pools_datasets=""
+ root_pool=$(echo "${dataset_path%%/*}")
+ for d in ${all_mountable_datasets}; do
+ cur_dataset_pool=$(echo "${d%%/*}")
+ if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then
+ current_pool_datasets="${current_pool_datasets} ${d}"
+ else
+ other_pools_datasets="${other_pools_datasets} ${d}"
+ fi
+ done
+ ordered_datasets="${current_pool_datasets} ${other_pools_datasets}"
+ if [ "${restrict_to_same_pool}" = "true" ]; then
+ ordered_datasets="${current_pool_datasets}"
+ fi
+
+ for d in ${ordered_datasets}; do
+ cur_dataset_pool=$(echo "${d%%/*}")
+
+ rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}')
+ if [ "${rel_pool_root}" = "-" ]; then
+ rel_pool_root=""
+ fi
+
+ # check mountpoint match
+ candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}')
+ if [ -z "${candidate_dataset}" ]; then
+ continue
+ fi
+
+ candidate_path=$(validate_system_dataset "${d}" "${directory}" "${mntdir}" "")
+ if [ -n "${candidate_path}" ]; then
+ echo "${candidate_path}"
+ return
+ fi
+ done
+
+ grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset_path}'. Ignoring"
+ return
+}
+
+# Try our default layout bpool as a prefered layout (fast path)
+# This is get_system_directory for boot optimized for our default installation layout
+# $1 is our current dataset name (which can have @snapshot name)
+# $2 is the temporary mount directory to use
+# return path for directory (which can be a mountpoint) if found
+try_default_layout_bpool() {
+ local root_dataset_path="$1"
+ local mntdir="$2"
+
+ dataset_basename="${root_dataset_path##*/}"
+ candidate_dataset="bpool/BOOT/${dataset_basename}"
+ dataset_properties="$(zfs get -H mountpoint,canmount ${candidate_dataset} | cut -f3 | paste -sd ' ')"
+ if [ -z "${dataset_properties}" ]; then
+ return
+ fi
+
+ rel_pool_root=$(zpool get -H altroot bpool | awk '{print $3}')
+ if [ "${rel_pool_root}" = "-" ]; then
+ rel_pool_root=""
+ fi
+
+ snapshot_name="${dataset_basename##*@}"
+ [ "${snapshot_name}" = "${dataset_basename}" ] && snapshot_name=""
+ if [ -z "${snapshot_name}" ]; then
+ if ! echo "${dataset_properties}" | grep -Eq "${rel_pool_root}/boot (on|noauto)"; then
+ return
+ fi
+ else
+ candidate_dataset=$(echo "${candidate_dataset}" | cut -d '@' -f1)
+ fi
+
+ validate_system_dataset "${candidate_dataset}" "boot" "${mntdir}" "${snapshot_name}"
+}
+
+# Return if secure boot is enabled on that system
+is_secure_boot_enabled() {
+ if LANG=C mokutil --sb-state 2>/dev/null | grep -qi enabled; then
+ echo "true"
+ return
+ fi
+ echo "false"
+ return
+}
+
+# Given a filesystem or snapshot dataset, returns dataset|machine id|pretty name|last used
+# $1 is dataset we want information from
+# $2 is the temporary mount directory to use
+get_dataset_info() {
+ local dataset="$1"
+ local mntdir="$2"
+
+ local base_dataset="${dataset}"
+ local etc_dir="${mntdir}/etc"
+ local is_snapshot="false"
+ # For snapshot we extract the parent dataset
+ if echo "${dataset}" | grep -q '@'; then
+ base_dataset=$(echo "${dataset}" | cut -d '@' -f1)
+ is_snapshot="true"
+ fi
+
+ mount -o noatime,zfsutil -t zfs "${base_dataset}" "${mntdir}"
+
+ # read machine-id/os-release from /etc
+ etc_dir=$(get_system_directory "${dataset}" "etc" "true" "${mntdir}" "")
+ if [ -z "${etc_dir}" ]; then
+ grub_warn "Ignoring ${dataset}"
+ mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true
+ umount "${mntdir}"
+ return
+ fi
+
+ machine_id=""
+ if [ -f "${etc_dir}/machine-id" ]; then
+ machine_id=$(cat "${etc_dir}/machine-id")
+ fi
+ # We have to use a random temporary id if we don't have any machine-id file or if this one is empty
+ # (mostly the case of new installations before first boot).
+ # Let's use the dataset name directly for this.
+ # Consequence is that all datasets are then separated.
+ if [ -z "${machine_id}" ]; then
+ machine_id="${dataset}"
+ fi
+ pretty_name=$(. "${etc_dir}/os-release" && echo "${PRETTY_NAME}")
+ mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true
+
+ # read available kernels from /boot
+ boot_dir="$(try_default_layout_bpool "${dataset}" "${mntdir}")"
+ if [ -z "${boot_dir}" ]; then
+ boot_dir=$(get_system_directory "${dataset}" "boot" "false" "${mntdir}" "${etc_dir}")
+ fi
+
+ if [ -z "${boot_dir}" ]; then
+ grub_warn "Ignoring ${dataset}"
+ mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true
+ umount "${mntdir}"
+ return
+ fi
+
+ initrd_list=""
+ kernel_list=""
+ list=$(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*')
+ while [ "x$list" != "x" ] ; do
+ linux=`version_find_latest $list`
+ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
+ if ! grub_file_is_not_garbage "${linux}" ; then
+ continue
+ fi
+
+ # Filters entry if efi/non efi.
+ # Note that for now we allow kernel without .efi.signed as those are signed kernel
+ # on ubuntu, loaded by the shim.
+ case "${linux}" in
+ *.efi.signed)
+ if [ "$(is_secure_boot_enabled)" = "false" ]; then
+ continue
+ fi
+ ;;
+ esac
+
+ linux_basename=$(basename "${linux}")
+ linux_dirname=$(dirname "${linux}")
+ version=$(echo "${linux_basename}" | sed -e "s,^[^0-9]*-,,g")
+ alt_version=$(echo "${version}" | sed -e "s,\.old$,,g")
+
+ gettext_printf "Found linux image: %s in %s\n" "${linux_basename}" "${dataset}" >&2
+
+ initrd=""
+ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
+ "initrd-${version}" "initramfs-${version}.img" \
+ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+ "initrd-${alt_version}" "initramfs-${alt_version}.img" \
+ "initramfs-genkernel-${version}" \
+ "initramfs-genkernel-${alt_version}" \
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
+ if test -e "${linux_dirname}/${i}" ; then
+ initrd="$i"
+ break
+ fi
+ done
+
+ if test -z "${initrd}" ; then
+ grub_warn "Couldn't find any valid initrd for dataset ${dataset}."
+ continue
+ fi
+
+ gettext_printf "Found initrd image: %s in %s\n" "${initrd}" "${dataset}" >&2
+
+ rel_linux_dirname=$(make_system_path_relative_to_its_root "${linux_dirname}")
+
+ initrd_list="${initrd_list}|${rel_linux_dirname}/${initrd}"
+ kernel_list="${kernel_list}|${rel_linux_dirname}/${linux_basename}"
+ done
+
+ initrd_list="${initrd_list#|}"
+ kernel_list="${kernel_list#|}"
+
+ initrd_device=$(${grub_probe} --target=device "${boot_dir}" | head -1)
+
+ mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true
+ # We needed to look in / for snapshots on root dataset, umount there before zfs lazily unmount it
+ case "${boot_dir}" in /boot/.zfs/snapshot/*)
+ umount "${boot_dir}" || true
+ ;;
+ esac
+
+ # for zsys snapshots: we want to know which kernel we successful last booted with
+ last_booted_kernel=$(zfs get -H com.ubuntu.zsys:last-booted-kernel "${dataset}" | awk '{print $3}')
+
+ # snapshot: last_used is dataset creation time
+ if [ "${is_snapshot}" = "true" ]; then
+ last_used="$(zfs get -pH creation "${dataset}" | awk -F '\t' '{print $3}')"
+ # otherwise, last_used is manually marked at boot/shutdown on a root dataset for zsys
+ else
+ # if current system, take current time
+ if zfs mount | awk '/[ \t]+\/$/ {print $1}' | grep -q ${dataset}; then
+ last_used=$(date +%s)
+ else
+ last_used=$(zfs get -H com.ubuntu.zsys:last-used "${dataset}" | awk '{print $3}')
+ # case of non zsys, or zsys without annotation, take /etc/machine-id stat (as we mounted with noatime).
+ # However, as systems can be relatime, if system is current mounted one, set current time (case of clone + reboot
+ # within the same d).
+ if [ "${last_used}" = "-" ]; then
+ last_used=$(stat --printf="%X" "${mntdir}/etc/os-release")
+ if [ -f "${mntdir}/etc/machine-id" ]; then
+ last_used=$(stat --printf="%X" "${mntdir}/etc/machine-id")
+ fi
+ fi
+ fi
+ fi
+
+ is_zsys=$(zfs get -H com.ubuntu.zsys:bootfs "${base_dataset}" | awk '{print $3}')
+
+ if [ -n "${initrd_list}" -a -n "${kernel_list}" ]; then
+ echo "${dataset}\t${is_zsys}\t${machine_id}\t${pretty_name}\t${last_used}\t${initrd_device}\t${initrd_list}\t${kernel_list}\t${last_booted_kernel}"
+ else
+ grub_warn "didn't find any valid initrd or kernel."
+ fi
+
+ umount "${mntdir}" || true
+ # We needed to look in / for snapshots on root dataset, umount the snapshot for etc before zfs lazily unmount it
+ case "${etc_dir}" in /.zfs/snapshot/*/etc)
+ snapshot_path="$(findmnt -n -o TARGET -T ${etc_dir})"
+ umount "${snapshot_path}" || true
+ ;;
+ esac
+}
+
+# Scan available boot options and returns in a formatted list
+# $1 is the temporary mount directory to use
+bootlist() {
+ local mntdir="$1"
+ local boot_list=""
+
+ for dataset in $(get_root_datasets); do
+ # get information from current root dataset
+ boot_list="${boot_list}$(get_dataset_info ${dataset} ${mntdir})\n"
+
+ # get information from snapshots of this root dataset
+ for snapshot_dataset in $(zfs list -H -o name -t snapshot "${dataset}"); do
+ boot_list="${boot_list}$(get_dataset_info ${snapshot_dataset} ${mntdir})\n"
+ done
+ done
+ echo "${boot_list}"
+}
+
+
+# Order machine ids by last_used from their main entry
+get_machines_sorted() {
+ local bootlist="$1"
+
+ local machineids="$(echo "${bootlist}" | awk '{print $3}' | sort -u)"
+ for machineid in ${machineids}; do
+ echo "${bootlist}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print $5, $3}' | sort -nr | grep -E "[^^]\b${machineid}\b" | head -1
+ done | sort -nr | awk '{print $2}'
+}
+
+# Sort entries by last_used for a given machineid
+sort_entries_for_machineid() {
+ local bootlist="$1"
+ local machineid="$2"
+
+ tab="$(printf '\t')"
+ echo "${bootlist}" | grep -E "[^^]\b${machineid}\b" | sort -k5,5r -k1,1 -t "${tab}"
+}
+
+# Return main entry index
+get_main_entry() {
+ local entries="$1"
+
+ echo "${entries}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print}' | head -1
+}
+
+# Return specific field at index from entry
+get_field_from_entry() {
+ local entry="$1"
+ local index="$2"
+
+ echo "${entry}" | awk "BEGIN{FS=\"\t\"} {print \$$index}"
+}
+
+# Get the main entry metadata
+main_entry_meta() {
+ local main_entry="$1"
+
+ initrd=$(get_field_from_entry "${main_entry}" 7 | cut -d'|' -f1)
+ kernel=$(get_field_from_entry "${main_entry}" 8 | cut -d'|' -f1)
+
+ # Take first element (most recent entry) which is not a snapshot
+ echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"main\", \$4, \$1, \$6, \"$initrd\", \"$kernel\"}"
+}
+
+# Get advanced entries metadata
+advanced_entries_meta() {
+ local main_entry="$1"
+
+ last_used_kernel="$(get_field_from_entry "${main_entry}" 9 )"
+
+ # We must align initrds with kernels.
+ # Adds initrds to the stack then pop them 1 by 1 as we process the kernels
+ set -- $(get_field_from_entry "${main_entry}" 7 | tr "|" " ")
+ for kernel in $(get_field_from_entry "${main_entry}" 8 | tr "|" " "); do
+ # get initrd and pop to the next one
+ initrd="$1"; shift
+
+ was_last_used_kernel="false"
+ kernel_basename=$(basename "${kernel}")
+ if [ "${kernel_basename}" = "${last_used_kernel}" ]; then
+ was_last_used_kernel="true"
+ fi
+
+ echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"advanced\", \$4, \$1, \$6, \"$initrd\", \"$kernel\", \"$was_last_used_kernel\"}"
+ done
+}
+
+# Get history metadata
+history_entries_meta() {
+ local entries="$1"
+ local main_dataset_name="$2"
+ local main_dataset_releasename="$3"
+
+ if [ -z "${entries}" ]; then
+ return
+ fi
+
+ # Traverse snapshots and clones
+ echo "${entries}" | while read entry; do
+ name=""
+ # Compute snapshot/filesystem dataset name
+ snap_dataset_name="$(get_field_from_entry "${entry}" 1)"
+
+ snapname="${snap_dataset_name##*@}"
+ # If, this is a clone, take what is after main_dataset_name
+ if [ "${snapname}" = "${snap_dataset_name}" ]; then
+ snapname="${snap_dataset_name##${main_dataset_name}_}"
+
+ # Handle manual user clone (not prefixed by "main_dataset_name")
+ snapname="${snapname##*/}"
+ fi
+
+ # We keep the snapname only if it is not only a zsys auto snapshot
+ if echo "${snapname}" | grep -q "^autozsys_"; then
+ snapname=""
+ fi
+
+ # We store the release only if it different from main dataset release (snapshot before a release upgrade)
+ releasename=$(get_field_from_entry "${entry}" 4)
+ if [ "${releasename}" = "${main_dataset_releasename}" ]; then
+ releasename=""
+ fi
+
+ # Snapshot date
+ foo="$(get_field_from_entry "${entry}" 5)"
+ snapdate="$(date -d @$(get_field_from_entry "${entry}" 5) "+%x @ %H:%M")"
+
+ # For snapshots/clones the name can have the following formats:
+ # <DATE>: autozsys, same release
+ # <OLD_RELEASE> on <DATE>: autozsys, different release
+ # <SNAPNAME> on <DATE>: Manual snapshot, same release
+ # <SNAPNAME>, <OLD_RELEASE> on <DATE>: Manual snapshot, different release
+ if [ "${snapname}" = "" -a "${releasename}" = "" ]; then
+ name="${snapdate}"
+ elif [ "${snapname}" = "" -a "${releasename}" != "" ]; then
+ name=$(gettext_printf "%s on %s" "${releasename}" "${snapdate}")
+ elif [ "${snapname}" != "" -a "${releasename}" = "" ]; then
+ name=$(gettext_printf "%s on %s" "${snapname}" "${snapdate}")
+ else # snapname != "" && releasename != ""
+ name=$(gettext_printf "%s, %s on %s" "${snapname}" "${releasename}" "${snapdate}")
+ fi
+
+ # Choose kernel and initrd if the snapshot was booted successfully on a specific kernel before
+ # Take latest by default if no match
+ initrd=$(get_field_from_entry "${entry}" 7 | cut -d'|' -f1)
+ kernel=$(get_field_from_entry "${entry}" 8 | cut -d'|' -f1)
+ last_used_kernel="$(get_field_from_entry "${entry}" 9)"
+
+ # We must align initrds with kernels.
+ # Adds initrds to the stack then pop them 1 by 1 as we process the kernels
+ set -- $(get_field_from_entry "${entry}" 7 | tr "|" " ")
+ for k in $(get_field_from_entry "${entry}" 8|tr "|" " "); do
+ # get initrd and pop to the next one
+ candidate_initrd="$1"; shift
+
+ kernel_basename=$(basename "${k}")
+ if [ "${kernel_basename}" = "${last_used_kernel}" ]; then
+ kernel="${k}"
+ initrd="${candidate_initrd}"
+ break
+ fi
+ done
+
+ echo "${entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"history\", \"$name\", \$1, \$6, \"$initrd\", \"$kernel\"}"
+ done
+}
+
+# Generate metadata from a BOOTLIST that will subsequently used to generate
+# the final grub menu entries
+generate_grub_menu_metadata() {
+ local bootlist="$1"
+
+ # Sort machineids by last_used from their main entry
+ for machineid in $(get_machines_sorted "${bootlist}"); do
+ entries="$(sort_entries_for_machineid "${bootlist}" ${machineid})"
+ main_entry="$(get_main_entry "${entries}")"
+
+ if [ -z "$main_entry" ]; then
+ continue
+ fi
+
+ main_entry_meta "${main_entry}"
+ advanced_entries_meta "${main_entry}"
+
+ main_dataset_name="$(get_field_from_entry "${main_entry}" 1)"
+ main_dataset_releasename="$(get_field_from_entry "${main_entry}" 4)"
+ # grep -v errcode != 0 if there is no match. || true to not fail with -e
+ other_entries="$(echo "${entries}" | grep -v "${main_entry}" || true)"
+ history_entries_meta "${other_entries}" "${main_dataset_name}" "${main_dataset_releasename}"
+ done
+}
+
+# Print the configuration part common to all sections
+# Note:
+# If 10_linux runs these part will be defined twice in grub configuration
+print_menu_prologue() {
+ cat << 'EOF'
+function gfxmode {
+ set gfxpayload="${1}"
+EOF
+ if [ "${vt_handoff}" = 1 ]; then
+ cat << 'EOF'
+ if [ "${1}" = "keep" ]; then
+ set vt_handoff=vt.handoff=1
+ else
+ set vt_handoff=
+ fi
+EOF
+ fi
+ cat << EOF
+}
+EOF
+
+ # Use ELILO's generic "efifb" when it's known to be available.
+ # FIXME: We need an interface to select vesafb in case efifb can't be used.
+ GRUB_GFXPAYLOAD_LINUX="${GRUB_GFXPAYLOAD_LINUX:-}"
+ if [ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 0 ]; then
+ echo "set linux_gfx_mode=${GRUB_GFXPAYLOAD_LINUX}"
+ else
+ cat << EOF
+if [ "\${recordfail}" != 1 ]; then
+ if [ -e \${prefix}/gfxblacklist.txt ]; then
+ if hwmatch \${prefix}/gfxblacklist.txt 3; then
+ if [ \${match} = 0 ]; then
+ set linux_gfx_mode=keep
+ else
+ set linux_gfx_mode=text
+ fi
+ else
+ set linux_gfx_mode=text
+ fi
+ else
+ set linux_gfx_mode=keep
+ fi
+else
+ set linux_gfx_mode=text
+fi
+EOF
+ fi
+ cat << EOF
+export linux_gfx_mode
+EOF
+}
+
+# Cache for prepare_grub_to_access_device call
+# $1: boot_device
+# $2: submenu_level
+prepare_grub_to_access_device_cached() {
+ local boot_device="$1"
+ local submenu_level="$2"
+
+ local boot_device_idx="$(echo ${boot_device} | tr '/' '_')"
+
+ cache_file="${ZFSTMP}/$(echo boot_device${boot_device_idx})"
+ if [ ! -f "${cache_file}" ]; then
+ set +u
+ echo "$(prepare_grub_to_access_device "${boot_device}")" > "${cache_file}"
+ set -u
+ for i in 0 1 2; do
+ submenu_indentation="$(printf %${i}s | tr " " "${grub_tab}")"
+ sed "s/^/${submenu_indentation} /" "${cache_file}" > "${cache_file}--${i}"
+ done
+ fi
+
+ cat "${cache_file}--${submenu_level}"
+}
+
+
+# Print a grub menu entry
+zfs_linux_entry () {
+ submenu_level="$1"
+ title="$2"
+ type="$3"
+ dataset="$4"
+ boot_device="$5"
+ initrd="$6"
+ kernel="$7"
+ kernel_version="$8"
+ kernel_additional_args="${9:-}"
+ boot_devices="${10:-}"
+
+ submenu_indentation="$(printf %${submenu_level}s | tr " " "${grub_tab}")"
+
+ echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {"
+
+ if [ "${quick_boot}" = 1 ]; then
+ echo "${submenu_indentation} recordfail"
+ fi
+
+ if [ "${type}" != "recovery" ] ; then
+ GRUB_SAVEDEFAULT=${GRUB_SAVEDEFAULT:-}
+ default_entry="$(save_default_entry)"
+ if [ -n "${default_entry}" ]; then
+ echo "${submenu_indentation} ${default_entry}"
+ fi
+ fi
+
+ # Use ELILO's generic "efifb" when it's known to be available.
+ # FIXME: We need an interface to select vesafb in case efifb can't be used.
+ if [ "${GRUB_GFXPAYLOAD_LINUX}" = "" ]; then
+ echo "${submenu_indentation} load_video"
+ else
+ if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then
+ echo "${submenu_indentation} load_video"
+ fi
+ fi
+
+ if ([ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]) && \
+ ([ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 1 ]); then
+ echo "${submenu_indentation} gfxmode \${linux_gfx_mode}"
+ fi
+
+ echo "${submenu_indentation} insmod gzio"
+ echo "${submenu_indentation} if [ \"\${grub_platform}\" = xen ]; then insmod xzio; insmod lzopio; fi"
+
+ if [ -n "$boot_devices" ]; then
+ for device in ${boot_devices}; do
+ echo "${submenu_indentation} if [ "${boot_device}" = "${device}" ]; then"
+ echo "$(prepare_grub_to_access_device_cached "${device}" $(( submenu_level +1 )) )"
+ echo "${submenu_indentation} fi"
+ done
+ else
+ echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")"
+ fi
+
+ if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then
+ echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)"
+ fi
+
+ linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
+ if [ ${type} = "recovery" ]; then
+ linux_default_args="${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}"
+ fi
+
+ echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}"
+
+ if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then
+ echo "${submenu_indentation} echo '$(gettext_printf "Loading initial ramdisk ..." | grub_quote)'"
+ fi
+ echo "${submenu_indentation} initrd ${initrd}"
+ echo "${submenu_indentation}}"
+}
+
+# Generate a GRUB Menu from menu meta data
+# $1 menu metadata
+generate_grub_menu() {
+ local menu_metadata="$1"
+ local last_section=""
+ local main_dataset_name=""
+ local main_dataset=""
+ local have_zsys=""
+
+ if [ -z "${menu_metadata}" ]; then
+ return
+ fi
+
+ CLASS="--class gnu-linux --class gnu --class os"
+
+ if [ "${GRUB_DISTRIBUTOR}" = "" ] ; then
+ OS=GNU/Linux
+ else
+ case ${GRUB_DISTRIBUTOR} in
+ Ubuntu|Kubuntu)
+ OS="${GRUB_DISTRIBUTOR}"
+ ;;
+ *)
+ OS="${GRUB_DISTRIBUTOR} GNU/Linux"
+ ;;
+ esac
+ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1 | LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
+ fi
+
+ if [ -x /lib/recovery-mode/recovery-menu ]; then
+ GRUB_CMDLINE_LINUX_RECOVERY=recovery
+ else
+ GRUB_CMDLINE_LINUX_RECOVERY=single
+ fi
+ if [ "${ubuntu_recovery}" = 1 ]; then
+ GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset"
+ fi
+
+ case "$GENKERNEL_ARCH" in
+ x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";;
+ esac
+
+
+ if [ "${vt_handoff}" = 1 ]; then
+ for word in ${GRUB_CMDLINE_LINUX_DEFAULT}; do
+ if [ "${word}" = splash ]; then
+ GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} \${vt_handoff}"
+ fi
+ done
+ fi
+
+ print_menu_prologue
+
+ cat<<'EOF'
+function zsyshistorymenu {
+ # $1: root dataset (eg rpool/ROOT/ubuntu_2zhm07@autozsys_k56fr6)
+ # $2: boot device id (eg 411f29ce1557bfed)
+ # $3: initrd (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/initrd.img-5.4.0-21-generic)
+ # $4: kernel (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/vmlinuz-5.4.0-21-generic)
+ # $5: kernel_version (eg 5.4.0-21-generic)
+
+ set root_dataset="${1}"
+ set boot_device="${2}"
+ set initrd="${3}"
+ set kernel="${4}"
+ set kversion="${5}"
+
+EOF
+ boot_devices=$(echo "${menu_metadata}" | cut -d"$(printf '\t')" -f6 | sort -u)
+
+ title=$(gettext_printf "Revert system only")
+ zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}"
+
+ title="$(gettext_printf "Revert system and user data")"
+ zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}"
+
+ GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}"
+ if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then
+ title="$(gettext_printf "Revert system only (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")"
+ zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}"
+
+ title="$(gettext_printf "Revert system and user data (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")"
+ zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}"
+ fi
+echo "}"
+echo
+
+ # IFS is set to TAB (ASCII 0x09)
+ echo "${menu_metadata}" |
+ {
+ at_least_one_entry=0
+ have_zsys="$(which zsysd || true)"
+ while IFS="$(printf '\t')" read -r machineid iszsys section name dataset device initrd kernel opt; do
+
+ # Disable history for non zsys system or if systems is a zsys one and zsys isn't installed.
+ # In pure zfs systems, we identified multiple issues due to the mount generator
+ # in upstream zfs which makes it incompatible. Don't show history for now.
+ if [ "${section}" = "history" ]; then
+ if [ "${iszsys}" != "yes" ] || [ "${iszsys}" = "yes" -a -z "${have_zsys}" ]; then
+ continue
+ fi
+ fi
+
+ if [ "${last_section}" != "${section}" -a -n "${last_section}" ]; then
+ # Close previous section wrapper
+ if [ "${last_section}" != "main" ]; then
+ echo "}" # Add grub_tabs
+ at_least_one_entry=0
+ fi
+ fi
+
+ case "${section}" in
+ main)
+ title="${name}"
+ main_dataset_name="${name}"
+ main_dataset="${dataset}"
+
+ kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g")
+ zfs_linux_entry 0 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}"
+ at_least_one_entry=1
+ ;;
+ advanced)
+ # normal and recovery entries for a given kernel
+ if [ "${last_section}" != "${section}" ]; then
+ echo "submenu '$(gettext_printf "Advanced options for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-advanced-${main_dataset}' {"
+ fi
+
+ last_booted_kernel_marker=""
+ if [ "${opt}" = "true" ]; then
+ last_booted_kernel_marker="* "
+ fi
+
+ kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g")
+ title="$(gettext_printf "%s%s, with Linux %s" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")"
+ zfs_linux_entry 1 "${title}" "advanced" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}"
+
+ GRUB_DISABLE_RECOVERY=${GRUB_DISABLE_RECOVERY:-}
+ if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then
+ title="$(gettext_printf "%s%s, with Linux %s (%s)" "${last_booted_kernel_marker}" "${name}" "${kernel_version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")"
+ zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}"
+ fi
+ at_least_one_entry=1
+ ;;
+ history)
+ # Revert to a snapshot
+ # revert system, revert system and user data and associated recovery entries
+ if [ "${last_section}" != "${section}" ]; then
+ echo "submenu '$(gettext_printf "History for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-history-${main_dataset}' {"
+ fi
+
+ if [ "${iszsys}" = "yes" ]; then
+ title="$(gettext_printf "Revert to %s" "${name}" | grub_quote)"
+ else
+ title="$(gettext_printf "Boot on %s" "${name}" | grub_quote)"
+ fi
+ echo " submenu '${title}' \${menuentry_id_option} 'gnulinux-history-${dataset}' {"
+
+ kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g")
+
+ # Zsys only: let revert system without destroying snapshots
+ if [ "${iszsys}" = "yes" ]; then
+ echo "${grub_tab}${grub_tab}zsyshistorymenu" \"${dataset}\" \"${device}\" \"${initrd}\" \"${kernel}\" \"${kernel_version}\"
+ # Non-zsys: boot temporarly on snapshots or rollback (destroying intermediate snapshots)
+ else
+ title="$(gettext_printf "One time boot")"
+ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}"
+
+ GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}"
+ if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then
+ title="$(gettext_printf "One time boot (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")"
+ zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}"
+ fi
+
+ title="$(gettext_printf "Revert system (all intermediate snapshots will be destroyed)")"
+ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" "rollback=yes"
+ fi
+
+ echo " }"
+ at_least_one_entry=1
+ ;;
+ *)
+ grub_warn "unknown section: ${section}. Ignoring entry ${name} for ${dataset}"
+ ;;
+ esac
+ last_section="${section}"
+ done
+
+ if [ "${at_least_one_entry}" -eq 1 ]; then
+ echo "}"
+ fi
+ }
+}
+
+# don't add trailing newline of variable is empty
+# $1: content to write
+# $2: destination file
+trailing_newline_if_not_empty() {
+ content="$1"
+ dest="$2"
+
+ if [ -z "${content}" ]; then
+ rm -f "${dest}"
+ touch "${dest}"
+ return
+ fi
+ echo "${content}" > "${dest}"
+}
+
+
+GRUB_LINUX_ZFS_TEST="${GRUB_LINUX_ZFS_TEST:-}"
+case "${GRUB_LINUX_ZFS_TEST}" in
+ bootlist)
+ # Import all available pools on the system and return imported list
+ imported_pools=$(import_pools)
+ boot_list="$(bootlist ${MNTDIR})"
+ trailing_newline_if_not_empty "${boot_list}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}"
+ break
+ ;;
+ metamenu)
+ boot_list="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})"
+ menu_metadata="$(generate_grub_menu_metadata "${boot_list}")"
+ trailing_newline_if_not_empty "${menu_metadata}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}"
+ break
+ ;;
+ grubmenu)
+ menu_metadata="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})"
+ grub_menu=$(generate_grub_menu "${menu_metadata}")
+ trailing_newline_if_not_empty "${grub_menu}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}"
+ break
+ ;;
+ *)
+ # Import all available pools on the system and return imported list
+ imported_pools=$(import_pools)
+ # Generate the complete list of boot entries
+ boot_list="$(bootlist ${MNTDIR})"
+ # Create boot menu meta data from the list of boot entries
+ menu_metadata="$(generate_grub_menu_metadata "${boot_list}")"
+ # Create boot menu meta data from the list of boot entries
+ grub_menu="$(generate_grub_menu "${menu_metadata}")"
+ if [ -n "${grub_menu}" ]; then
+ # We want the trailing newline as a marker will be added
+ echo "${grub_menu}"
+ fi
+ ;;
+esac
--- /dev/null
+#! /bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+prefix="/usr"
+exec_prefix="/usr"
+datarootdir="/usr/share"
+
+. "$pkgdatadir/grub-mkconfig_lib"
+
+export TEXTDOMAIN=grub
+export TEXTDOMAINDIR="${datarootdir}/locale"
+
+CLASS="--class gnu-linux --class gnu --class os --class xen"
+SUPPORTED_INITS="sysvinit:/lib/sysvinit/init systemd:/lib/systemd/systemd upstart:/sbin/upstart"
+
+if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
+ OS=GNU/Linux
+else
+ OS="${GRUB_DISTRIBUTOR} GNU/Linux"
+ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}"
+fi
+
+# loop-AES arranges things so that /dev/loop/X can be our root device, but
+# the initrds that Linux uses don't like that.
+case ${GRUB_DEVICE} in
+ /dev/loop/*|/dev/loop[0-9])
+ GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"`
+ # We can't cope with devices loop-mounted from files here.
+ case ${GRUB_DEVICE} in
+ /dev/*) ;;
+ *) exit 0 ;;
+ esac
+ ;;
+esac
+
+# Default to disabling partition uuid support to maintian compatibility with
+# older kernels.
+GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true}
+
+# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter
+# and mounting btrfs requires user space scanning, so force UUID in this case.
+if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \
+ || ( [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \
+ && [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ] ) \
+ || ( ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \
+ && ! test -e "/dev/disk/by-partuuid/${GRUB_DEVICE_PARTUUID}" ) \
+ || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then
+ LINUX_ROOT_DEVICE=${GRUB_DEVICE}
+elif [ "x${GRUB_DEVICE_UUID}" = "x" ] \
+ || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ]; then
+ LINUX_ROOT_DEVICE=PARTUUID=${GRUB_DEVICE_PARTUUID}
+else
+ LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID}
+fi
+
+# Allow overriding GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT.
+if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE}" ]; then
+ GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX_XEN_REPLACE}"
+fi
+if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" ]; then
+ GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}"
+fi
+
+case x"$GRUB_FS" in
+ xbtrfs)
+ rootsubvol="`make_system_path_relative_to_its_root /`"
+ rootsubvol="${rootsubvol#/}"
+ if [ "x${rootsubvol}" != x ]; then
+ GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}"
+ fi;;
+ xzfs)
+ rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true`
+ bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`"
+ LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}"
+ ;;
+esac
+
+title_correction_code=
+
+linux_entry ()
+{
+ os="$1"
+ version="$2"
+ xen_version="$3"
+ type="$4"
+ args="$5"
+ xen_args="$6"
+ if [ -z "$boot_device_id" ]; then
+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+ fi
+ if [ x$type != xsimple ] ; then
+ if [ x$type = xrecovery ] ; then
+ title="$(gettext_printf "%s, with Xen %s and Linux %s (%s)" "${os}" "${xen_version}" "${version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")"
+ elif [ "${type#init-}" != "$type" ] ; then
+ title="$(gettext_printf "%s, with Xen %s and Linux %s (%s)" "${os}" "${xen_version}" "${version}" "${type#init-}")"
+ else
+ title="$(gettext_printf "%s, with Xen %s and Linux %s" "${os}" "${xen_version}" "${version}")"
+ fi
+ replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
+ if [ x"Xen ${xen_version}>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
+ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
+ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
+ grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")"
+ fi
+ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+ else
+ title="$(gettext_printf "%s, with Xen hypervisor" "${os}")"
+ echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/"
+ fi
+ if [ x$type != xrecovery ] ; then
+ save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/"
+ fi
+
+ if [ -z "${prepare_boot_cache}" ]; then
+ prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)"
+ fi
+ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
+ xmessage="$(gettext_printf "Loading Xen %s ..." ${xen_version})"
+ lmessage="$(gettext_printf "Loading Linux %s ..." ${version})"
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$xmessage" | grub_quote)'
+ if [ "\$grub_platform" = "pc" -o "\$grub_platform" = "" ]; then
+ xen_rm_opts=
+ else
+ xen_rm_opts="no-real-mode edd=off"
+ fi
+ ${xen_loader} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts}
+ echo '$(echo "$lmessage" | grub_quote)'
+ ${module_loader} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args}
+EOF
+ if test -n "${initrd}" ; then
+ # TRANSLATORS: ramdisk isn't identifier. Should be translated.
+ message="$(gettext_printf "Loading initial ramdisk ...")"
+ initrd_path=
+ for i in ${initrd}; do
+ initrd_path="${initrd_path} ${rel_dirname}/${i}"
+ done
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$message" | grub_quote)'
+ ${module_loader} --nounzip $(echo $initrd_path)
+EOF
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+}
+EOF
+}
+
+linux_list=
+for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do
+ if grub_file_is_not_garbage "$i"; then
+ basename=$(basename $i)
+ version=$(echo $basename | sed -e "s,^[^0-9]*-,,g")
+ dirname=$(dirname $i)
+ config=
+ for j in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
+ if test -e "${j}" ; then
+ config="${j}"
+ break
+ fi
+ done
+ if (grep -qx "CONFIG_XEN_DOM0=y" "${config}" 2> /dev/null || grep -qx "CONFIG_XEN_PRIVILEGED_GUEST=y" "${config}" 2> /dev/null); then linux_list="$linux_list $i" ; fi
+ fi
+done
+if [ "x${linux_list}" = "x" ] ; then
+ exit 0
+fi
+
+file_is_not_sym () {
+ case "$1" in
+ */xen-syms-*)
+ return 1;;
+ *)
+ return 0;;
+ esac
+}
+
+xen_list=
+for i in /boot/xen*; do
+ if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then xen_list="$xen_list $i" ; fi
+done
+prepare_boot_cache=
+boot_device_id=
+
+title_correction_code=
+
+machine=`uname -m`
+
+case "$machine" in
+ i?86) GENKERNEL_ARCH="x86" ;;
+ mips|mips64) GENKERNEL_ARCH="mips" ;;
+ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
+ arm*) GENKERNEL_ARCH="arm" ;;
+ *) GENKERNEL_ARCH="$machine" ;;
+esac
+
+# Extra indentation to add to menu entries in a submenu. We're not in a submenu
+# yet, so it's empty. In a submenu it will be equal to '\t' (one tab).
+submenu_indentation=""
+
+is_top_level=true
+
+while [ "x${xen_list}" != "x" ] ; do
+ list="${linux_list}"
+ current_xen=`version_find_latest $xen_list`
+ xen_basename=`basename ${current_xen}`
+ xen_dirname=`dirname ${current_xen}`
+ rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname`
+ xen_version=`echo $xen_basename | sed -e "s,.gz$,,g;s,^xen-,,g"`
+ if [ -z "$boot_device_id" ]; then
+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+ fi
+ if [ "x$is_top_level" != xtrue ]; then
+ echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
+ fi
+ if ($grub_file --is-arm64-efi $current_xen); then
+ xen_loader="xen_hypervisor"
+ module_loader="xen_module"
+ else
+ if ($grub_file --is-x86-multiboot2 $current_xen); then
+ xen_loader="multiboot2"
+ module_loader="module2"
+ else
+ xen_loader="multiboot"
+ module_loader="module"
+ fi
+ fi
+
+ initrd_early=
+ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \
+ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do
+ if test -e "${xen_dirname}/${i}" ; then
+ initrd_early="${initrd_early} ${i}"
+ fi
+ done
+
+ while [ "x$list" != "x" ] ; do
+ linux=`version_find_latest $list`
+ gettext_printf "Found linux image: %s\n" "$linux" >&2
+ basename=`basename $linux`
+ dirname=`dirname $linux`
+ rel_dirname=`make_system_path_relative_to_its_root $dirname`
+ version=`echo $basename | sed -e "s,^[^0-9]*-,,g"`
+ alt_version=`echo $version | sed -e "s,\.old$,,g"`
+ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
+
+ initrd_real=
+ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
+ "initrd-${version}" "initramfs-${version}.img" \
+ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+ "initrd-${alt_version}" "initramfs-${alt_version}.img" \
+ "initramfs-genkernel-${version}" \
+ "initramfs-genkernel-${alt_version}" \
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" ; do
+ if test -e "${dirname}/${i}" ; then
+ initrd_real="$i"
+ break
+ fi
+ done
+
+ initrd=
+ if test -n "${initrd_early}" || test -n "${initrd_real}"; then
+ initrd="${initrd_early} ${initrd_real}"
+
+ initrd_display=
+ for i in ${initrd}; do
+ initrd_display="${initrd_display} ${dirname}/${i}"
+ done
+ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
+ fi
+
+ if test -z "${initrd_real}"; then
+ # "UUID=" magic is parsed by initrds. Since there's no initrd, it can't work here.
+ if [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] \
+ || [ "x${GRUB_DISABLE_LINUX_PARTUUID}" = "xtrue" ]; then
+
+ linux_root_device_thisversion=${GRUB_DEVICE}
+ else
+ linux_root_device_thisversion=PARTUUID=${GRUB_DEVICE_PARTUUID}
+ fi
+ fi
+
+ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then
+ linux_entry "${OS}" "${version}" "${xen_version}" simple \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}"
+
+ submenu_indentation="$grub_tab$grub_tab"
+
+ if [ -z "$boot_device_id" ]; then
+ boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")"
+ fi
+ # TRANSLATORS: %s is replaced with an OS name
+ echo "submenu '$(gettext_printf "Advanced options for %s (with Xen hypervisor)" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {"
+ echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {"
+ is_top_level=false
+ fi
+
+ linux_entry "${OS}" "${version}" "${xen_version}" advanced \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}"
+ for supported_init in ${SUPPORTED_INITS}; do
+ init_path="${supported_init#*:}"
+ if [ -x "${init_path}" ] && [ "$(readlink -f /sbin/init)" != "$(readlink -f "${init_path}")" ]; then
+ linux_entry "${OS}" "${version}" "${xen_version}" "init-${supported_init%%:*}" \
+ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT} init=${init_path}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}"
+
+ fi
+ done
+ if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then
+ linux_entry "${OS}" "${version}" "${xen_version}" recovery \
+ "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}"
+ fi
+
+ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '`
+ done
+ if [ x"$is_top_level" != xtrue ]; then
+ echo ' }'
+ fi
+ xen_list=`echo $xen_list | tr ' ' '\n' | fgrep -vx "$current_xen" | tr '\n' ' '`
+done
+
+# If at least one kernel was found, then we need to
+# add a closing '}' for the submenu command.
+if [ x"$is_top_level" != xtrue ]; then
+ echo '}'
+fi
+
+echo "$title_correction_code"
--- /dev/null
+#! /bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2006,2007,2008,2009 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+prefix="/usr"
+exec_prefix="/usr"
+datarootdir="/usr/share"
+quick_boot="1"
+
+export TEXTDOMAIN=grub
+export TEXTDOMAINDIR="${datarootdir}/locale"
+
+. "$pkgdatadir/grub-mkconfig_lib"
+
+found_other_os=
+
+adjust_timeout () {
+ if [ "$quick_boot" = 1 ] && [ "x${found_other_os}" != "x" ]; then
+ cat << EOF
+set timeout_style=menu
+if [ "\${timeout}" = 0 ]; then
+ set timeout=10
+fi
+EOF
+ fi
+}
+
+if [ "x${GRUB_DISABLE_OS_PROBER}" = "xtrue" ]; then
+ exit 0
+fi
+
+if [ -z "`which os-prober 2> /dev/null`" ] || [ -z "`which linux-boot-prober 2> /dev/null`" ] ; then
+ # missing os-prober and/or linux-boot-prober
+ exit 0
+fi
+
+OSPROBED="`os-prober | tr ' ' '^' | paste -s -d ' '`"
+if [ -z "${OSPROBED}" ] ; then
+ # empty os-prober output, nothing doing
+ exit 0
+fi
+
+osx_entry() {
+ found_other_os=1
+ if [ x$2 = x32 ]; then
+ # TRANSLATORS: it refers to kernel architecture (32-bit)
+ bitstr="$(gettext "(32-bit)")"
+ else
+ # TRANSLATORS: it refers to kernel architecture (64-bit)
+ bitstr="$(gettext "(64-bit)")"
+ fi
+ # TRANSLATORS: it refers on the OS residing on device %s
+ onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
+ cat << EOF
+menuentry '$(echo "${LONGNAME} $bitstr $onstr" | grub_quote)' --class osx --class darwin --class os \$menuentry_id_option 'osprober-xnu-$2-$(grub_get_device_id "${DEVICE}")' {
+EOF
+ save_default_entry | grub_add_tab
+ prepare_grub_to_access_device ${DEVICE} | grub_add_tab
+ cat << EOF
+ load_video
+ set do_resume=0
+ if [ /var/vm/sleepimage -nt10 / ]; then
+ if xnu_resume /var/vm/sleepimage; then
+ set do_resume=1
+ fi
+ fi
+ if [ \$do_resume = 0 ]; then
+ xnu_uuid ${OSXUUID} uuid
+ if [ -f /Extra/DSDT.aml ]; then
+ acpi -e /Extra/DSDT.aml
+ fi
+ if [ /kernelcache -nt /System/Library/Extensions ]; then
+ $1 /kernelcache boot-uuid=\${uuid} rd=*uuid
+ elif [ -f /System/Library/Kernels/kernel ]; then
+ $1 /System/Library/Kernels/kernel boot-uuid=\${uuid} rd=*uuid
+ xnu_kextdir /System/Library/Extensions
+ else
+ $1 /mach_kernel boot-uuid=\${uuid} rd=*uuid
+ if [ /System/Library/Extensions.mkext -nt /System/Library/Extensions ]; then
+ xnu_mkext /System/Library/Extensions.mkext
+ else
+ xnu_kextdir /System/Library/Extensions
+ fi
+ fi
+ if [ -f /Extra/Extensions.mkext ]; then
+ xnu_mkext /Extra/Extensions.mkext
+ fi
+ if [ -d /Extra/Extensions ]; then
+ xnu_kextdir /Extra/Extensions
+ fi
+ if [ -f /Extra/devprop.bin ]; then
+ xnu_devprop_load /Extra/devprop.bin
+ fi
+ if [ -f /Extra/splash.jpg ]; then
+ insmod jpeg
+ xnu_splash /Extra/splash.jpg
+ fi
+ if [ -f /Extra/splash.png ]; then
+ insmod png
+ xnu_splash /Extra/splash.png
+ fi
+ if [ -f /Extra/splash.tga ]; then
+ insmod tga
+ xnu_splash /Extra/splash.tga
+ fi
+ fi
+}
+EOF
+}
+
+used_osprober_linux_ids=
+
+wubi=
+
+for OS in ${OSPROBED} ; do
+ DEVICE="`echo ${OS} | cut -d ':' -f 1`"
+ LONGNAME="`echo ${OS} | cut -d ':' -f 2 | tr '^' ' '`"
+ LABEL="`echo ${OS} | cut -d ':' -f 3 | tr '^' ' '`"
+ BOOT="`echo ${OS} | cut -d ':' -f 4`"
+ if UUID="`${grub_probe} --target=fs_uuid --device ${DEVICE%@*}`"; then
+ EXPUUID="$UUID"
+
+ if [ x"${DEVICE#*@}" != x ] ; then
+ EXPUUID="${EXPUUID}@${DEVICE#*@}"
+ fi
+
+ if [ "x${GRUB_OS_PROBER_SKIP_LIST}" != "x" ] && [ "x`echo ${GRUB_OS_PROBER_SKIP_LIST} | grep -i -e '\b'${EXPUUID}'\b'`" != "x" ] ; then
+ echo "Skipped ${LONGNAME} on ${DEVICE} by user request." >&2
+ continue
+ fi
+ fi
+
+ BTRFS="`echo ${OS} | cut -d ':' -f 5`"
+ if [ "x$BTRFS" = "xbtrfs" ]; then
+ BTRFSuuid="`echo ${OS} | cut -d ':' -f 6`"
+ BTRFSsubvol="`echo ${OS} | cut -d ':' -f 7`"
+ fi
+
+ if [ -z "${LONGNAME}" ] ; then
+ LONGNAME="${LABEL}"
+ fi
+
+ # os-prober returns text string followed by optional counter
+ CLASS="--class $(echo "${LABEL}" | LC_ALL=C sed 's,[[:digit:]]*$,,' | cut -d' ' -f1 | tr 'A-Z' 'a-z' | LC_ALL=C sed 's,[^[:alnum:]_],_,g')"
+
+ gettext_printf "Found %s on %s\n" "${LONGNAME}" "${DEVICE}" >&2
+
+ case ${BOOT} in
+ chain)
+
+ case ${LONGNAME} in
+ Windows*)
+ if [ -z "$wubi" ]; then
+ if [ -x /usr/share/lupin-support/grub-mkimage ] && \
+ /usr/share/lupin-support/grub-mkimage --test; then
+ wubi=yes
+ else
+ wubi=no
+ fi
+ fi
+ if [ "$wubi" = yes ]; then
+ echo "Skipping ${LONGNAME} on Wubi system" >&2
+ continue
+ fi
+ ;;
+ esac
+
+ found_other_os=1
+ onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
+ cat << EOF
+menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' $CLASS --class os \$menuentry_id_option 'osprober-chain-$(grub_get_device_id "${DEVICE}")' {
+EOF
+ save_default_entry | grub_add_tab
+ prepare_grub_to_access_device ${DEVICE} | grub_add_tab
+
+ if [ x"`${grub_probe} --device ${DEVICE} --target=partmap`" = xmsdos ]; then
+ cat << EOF
+ parttool \${root} hidden-
+EOF
+ fi
+
+ case ${LONGNAME} in
+ Windows\ Vista*|Windows\ 7*|Windows\ Server\ 2008*)
+ ;;
+ *)
+ cat << EOF
+ drivemap -s (hd0) \${root}
+EOF
+ ;;
+ esac
+
+ cat <<EOF
+ chainloader +1
+}
+EOF
+ ;;
+ efi)
+
+ found_other_os=1
+ EFIPATH=${DEVICE#*@}
+ DEVICE=${DEVICE%@*}
+ onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
+ cat << EOF
+menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' $CLASS --class os \$menuentry_id_option 'osprober-efi-$(grub_get_device_id "${DEVICE}")' {
+EOF
+ save_default_entry | sed -e "s/^/\t/"
+ prepare_grub_to_access_device ${DEVICE} | sed -e "s/^/\t/"
+
+ cat <<EOF
+ chainloader ${EFIPATH}
+}
+EOF
+ ;;
+ linux)
+ if [ "x$BTRFS" = "xbtrfs" ]; then
+ LINUXPROBED="`linux-boot-prober btrfs ${BTRFSuuid} ${BTRFSsubvol} 2> /dev/null | tr ' ' '^' | paste -s -d ' '`"
+ else
+ LINUXPROBED="`linux-boot-prober ${DEVICE} 2> /dev/null | tr ' ' '^' | paste -s -d ' '`"
+ fi
+ prepare_boot_cache=
+ boot_device_id=
+ is_top_level=true
+ title_correction_code=
+ OS="${LONGNAME}"
+
+ for LINUX in ${LINUXPROBED} ; do
+ LROOT="`echo ${LINUX} | cut -d ':' -f 1`"
+ LBOOT="`echo ${LINUX} | cut -d ':' -f 2`"
+ LLABEL="`echo ${LINUX} | cut -d ':' -f 3 | tr '^' ' '`"
+ LKERNEL="`echo ${LINUX} | cut -d ':' -f 4`"
+ LINITRD="`echo ${LINUX} | cut -d ':' -f 5`"
+ LPARAMS="`echo ${LINUX} | cut -d ':' -f 6- | tr '^' ' '`"
+
+ if [ -z "${LLABEL}" ] ; then
+ LLABEL="${LONGNAME}"
+ fi
+
+ if [ "${LROOT}" != "${LBOOT}" ]; then
+ LKERNEL="${LKERNEL#/boot}"
+ LINITRD="${LINITRD#/boot}"
+ fi
+
+ if [ -z "${prepare_boot_cache}" ]; then
+ prepare_boot_cache="$(prepare_grub_to_access_device ${LBOOT} | grub_add_tab)"
+ [ "${prepare_boot_cache}" ] || continue
+ fi
+
+ found_other_os=1
+ onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
+ recovery_params="$(echo "${LPARAMS}" | grep 'single\|recovery')" || true
+ counter=1
+ while echo "$used_osprober_linux_ids" | grep 'osprober-gnulinux-$LKERNEL-${recovery_params}-$counter-$boot_device_id' > /dev/null; do
+ counter=$((counter+1));
+ done
+ if [ -z "$boot_device_id" ]; then
+ boot_device_id="$(grub_get_device_id "${DEVICE}")"
+ fi
+ used_osprober_linux_ids="$used_osprober_linux_ids 'osprober-gnulinux-$LKERNEL-${recovery_params}-$counter-$boot_device_id'"
+
+ if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then
+ cat << EOF
+menuentry '$(echo "$OS $onstr" | grub_quote)' $CLASS --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-simple-$boot_device_id' {
+EOF
+ save_default_entry | grub_add_tab
+ printf '%s\n' "${prepare_boot_cache}"
+ cat << EOF
+ linux ${LKERNEL} ${LPARAMS}
+EOF
+ if [ -n "${LINITRD}" ] ; then
+ cat << EOF
+ initrd ${LINITRD}
+EOF
+ fi
+ cat << EOF
+}
+EOF
+ echo "submenu '$(gettext_printf "Advanced options for %s" "${OS} $onstr" | grub_quote)' \$menuentry_id_option 'osprober-gnulinux-advanced-$boot_device_id' {"
+ is_top_level=false
+ fi
+ title="${LLABEL} $onstr"
+ cat << EOF
+ menuentry '$(echo "$title" | grub_quote)' --class gnu-linux --class gnu --class os \$menuentry_id_option 'osprober-gnulinux-$LKERNEL-${recovery_params}-$boot_device_id' {
+EOF
+ save_default_entry | sed -e "s/^/$grub_tab$grub_tab/"
+ printf '%s\n' "${prepare_boot_cache}" | grub_add_tab
+ cat << EOF
+ linux ${LKERNEL} ${LPARAMS}
+EOF
+ if [ -n "${LINITRD}" ] ; then
+ cat << EOF
+ initrd ${LINITRD}
+EOF
+ fi
+ cat << EOF
+ }
+EOF
+ if [ x"$title" = x"$GRUB_ACTUAL_DEFAULT" ] || [ x"Previous Linux versions>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then
+ replacement_title="$(echo "Advanced options for ${OS} $onstr" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')"
+ quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)"
+ title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;"
+ grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")"
+ fi
+ done
+ if [ x"$is_top_level" != xtrue ]; then
+ echo '}'
+ fi
+ echo "$title_correction_code"
+ ;;
+ macosx)
+ if [ "${UUID}" ]; then
+ OSXUUID="${UUID}"
+ osx_entry xnu_kernel 32
+ osx_entry xnu_kernel64 64
+ fi
+ ;;
+ hurd)
+ found_other_os=1
+ onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
+ cat << EOF
+menuentry '$(echo "${LONGNAME} $onstr" | grub_quote)' --class hurd --class gnu --class os \$menuentry_id_option 'osprober-gnuhurd-/boot/gnumach.gz-false-$(grub_get_device_id "${DEVICE}")' {
+EOF
+ save_default_entry | grub_add_tab
+ prepare_grub_to_access_device ${DEVICE} | grub_add_tab
+ grub_device="`${grub_probe} --device ${DEVICE} --target=drive`"
+ mach_device="`echo "${grub_device}" | sed -e 's/(\(hd.*\),msdos\(.*\))/\1s\2/'`"
+ grub_fs="`${grub_probe} --device ${DEVICE} --target=fs`"
+ case "${grub_fs}" in
+ *fs) hurd_fs="${grub_fs}" ;;
+ *) hurd_fs="${grub_fs}fs" ;;
+ esac
+ cat << EOF
+ multiboot /boot/gnumach.gz root=device:${mach_device}
+ module /hurd/${hurd_fs}.static ${hurd_fs} --readonly \\
+ --multiboot-command-line='\${kernel-command-line}' \\
+ --host-priv-port='\${host-port}' \\
+ --device-master-port='\${device-port}' \\
+ --exec-server-task='\${exec-task}' -T typed '\${root}' \\
+ '\$(task-create)' '\$(task-resume)'
+ module /lib/ld.so.1 exec /hurd/exec '\$(exec-task=task-create)'
+}
+EOF
+ ;;
+ minix)
+ cat << EOF
+menuentry "${LONGNAME} (on ${DEVICE}, Multiboot)" {
+EOF
+ save_default_entry | sed -e "s/^/\t/"
+ prepare_grub_to_access_device ${DEVICE} | sed -e "s/^/\t/"
+ cat << EOF
+ multiboot /boot/image_latest
+}
+EOF
+ ;;
+ *)
+ # TRANSLATORS: %s is replaced by OS name.
+ gettext_printf "%s is not yet supported by grub-mkconfig.\n" " ${LONGNAME}" >&2
+ ;;
+ esac
+done
+
+adjust_timeout
--- /dev/null
+#! /bin/sh
+set -e
+
+# grub-mkconfig helper script.
+# Copyright (C) 2012 Free Software Foundation, Inc.
+#
+# GRUB is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# GRUB is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+
+prefix="/usr"
+exec_prefix="/usr"
+datarootdir="/usr/share"
+
+export TEXTDOMAIN=grub
+export TEXTDOMAINDIR="${datarootdir}/locale"
+
+. "${datarootdir}/grub/grub-mkconfig_lib"
+
+efi_vars_dir=/sys/firmware/efi/vars
+EFI_GLOBAL_VARIABLE=8be4df61-93ca-11d2-aa0d-00e098032b8c
+OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data"
+
+if [ -e "$OsIndications" ] && \
+ [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then
+ LABEL="UEFI Firmware Settings"
+
+ gettext_printf "Adding boot menu entry for UEFI Firmware Settings\n" >&2
+
+ onstr="$(gettext_printf "(on %s)" "${DEVICE}")"
+
+ cat << EOF
+menuentry '$LABEL' \$menuentry_id_option 'uefi-firmware' {
+ fwsetup
+}
+EOF
+fi
--- /dev/null
+#! /bin/sh
+# SPDX-License-Identifier: LGPL-2.1+
+set -e
+
+[ -d ${pkgdatadir:?} ]
+# shellcheck source=/dev/null
+. "$pkgdatadir/grub-mkconfig_lib"
+
+if [ -f /var/lib/fwupd/uefi_capsule.conf ] &&
+ ls /sys/firmware/efi/efivars/fwupd-*-0abba7dc-e516-4167-bbf5-4d9d1c739416 1>/dev/null 2>&1; then
+ . /var/lib/fwupd/uefi_capsule.conf
+ if [ "${EFI_PATH}" != "" ] && [ "${ESP}" != "" ]; then
+ echo "Adding Linux Firmware Updater entry" >&2
+cat << EOF
+menuentry 'Linux Firmware Updater' \$menuentry_id_option 'fwupd' {
+EOF
+ ${grub_probe:?}
+ prepare_grub_to_access_device '`${grub_probe} --target=device \${ESP}` | sed -e "s/^/\t/"'
+cat << EOF
+ chainloader ${EFI_PATH}
+}
+EOF
+ fi
+fi
--- /dev/null
+#!/bin/sh
+exec tail -n +3 $0
+# This file provides an easy way to add custom menu entries. Simply type the
+# menu entries you want to add after this comment. Be careful not to change
+# the 'exec tail' line above.
--- /dev/null
+#!/bin/sh
+cat <<EOF
+if [ -f \${config_directory}/custom.cfg ]; then
+ source \${config_directory}/custom.cfg
+elif [ -z "\${config_directory}" -a -f \$prefix/custom.cfg ]; then
+ source \$prefix/custom.cfg;
+fi
+EOF
+
--- /dev/null
+
+All executable files in this directory are processed in shell expansion order.
+
+ 00_*: Reserved for 00_header.
+ 10_*: Native boot entries.
+ 20_*: Third party apps (e.g. memtest86+).
+
+The number namespace in-between is configurable by system installer and/or
+administrator. For example, you can add an entry to boot another OS as
+01_otheros, 11_otheros, etc, depending on the position you want it to occupy in
+the menu; and then adjust the default setting via /etc/default/grub.
--- /dev/null
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::syslog
+tty:*::syslog
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::gg
+audio:*::
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+systemd-journal:!::
+systemd-network:!::
+systemd-resolve:!::
+systemd-timesync:!::
+crontab:!::
+messagebus:!::
+input:!::
+kvm:!::
+render:!::
+syslog:!::
+tss:!::
+uuidd:!::
+tcpdump:!::
+ssh:!::
+landscape:!::
+lxd:!::
+systemd-coredump:!!::
+ssl-cert:!::postgres
+postgres:!::
+shane:!::
+jon:!::
+gg:!::
--- /dev/null
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::syslog,gamesguru
+tty:*::syslog
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::gamesguru
+floppy:*::
+tape:*::
+sudo:*::gamesguru,gg
+audio:*::
+dip:*::gamesguru
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::gamesguru
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+systemd-journal:!::
+systemd-network:!::
+systemd-resolve:!::
+systemd-timesync:!::
+crontab:!::
+messagebus:!::
+input:!::
+kvm:!::
+render:!::
+syslog:!::
+tss:!::
+uuidd:!::
+tcpdump:!::
+ssh:!::
+landscape:!::
+lxd:!::gamesguru
+systemd-coredump:!!::
+gamesguru:!::
+ssl-cert:!::postgres
+postgres:!::
+shane:!::
+jon:!::
+gg:!::
--- /dev/null
+## This is the default configuration for hdparm for Debian. It is a
+## rather simple script, so please follow the following guidelines :)
+## Any line that begins with a comment is ignored - add as many as you
+## like. Note that an in-line comment is not supported. If a line
+## consists of whitespace only (tabs, spaces, carriage return), it will be
+## ignored, so you can space control fields as you like. ANYTHING ELSE
+## IS PARSED!! This means that lines with stray characters or lines that
+## use non # comment characters will be interpreted by the initscript.
+## This has probably minor, but potentially serious, side effects for your
+## hard drives, so please follow the guidelines. Patches to improve
+## flexibilty welcome. Please read /usr/share/doc/hdparm/README.Debian for
+## notes about known issues, especially if you have an MD array.
+##
+## Note that if the init script causes boot problems, you can pass 'nohdparm'
+## on the kernel command line, and the script will not be run.
+##
+## Uncommenting the options below will cause them to be added to the DEFAULT
+## string which is prepended to options listed in the blocks below.
+##
+## If an option is listed twice, the second instance replaces the first.
+##
+## /sbin/hdparm is not run unless a block of the form:
+## DEV {
+## option
+## option
+## ...
+## }
+## exists. This blocks will cause /sbin/hdparm OPTIONS DEV to be run.
+## Where OPTIONS is the concatenation of all options previously defined
+## outside of a block and all options defined with in the block.
+
+# -q be quiet
+quiet
+# -a sector count for filesystem read-ahead
+#read_ahead_sect = 12
+# -A disable/enable the IDE drive's read-lookahead feature
+#lookahead = on
+# -b bus state
+#bus = on
+# -B apm setting
+#apm = 255
+# -B apm setting when on battery
+#apm_battery = 127
+# -c enable (E)IDE 32-bit I/O support - can be any of 0,1,3
+#io32_support = 1
+# -d disable/enable the "using_dma" flag for this drive
+#dma = off
+# -D enable/disable the on-drive defect management
+#defect_mana = off
+# -E cdrom speed
+#cd_speed = 16
+# -k disable/enable the "keep_settings_over_reset" flag for this drive
+#keep_settings_over_reset = off
+# -K disable/enable the drive's "keep_features_over_reset" flag
+#keep_features_over_reset = on
+# -m sector count for multiple sector I/O
+#mult_sect_io = 32
+# -P maximum sector count for the drive's internal prefetch mechanism
+#prefetch_sect = 12
+# -r read-only flag for device
+#read_only = off
+# -R Enable/Disable Write-Read-Verify, on to enable (R1), off to disable (R0)
+# write_read_verify = off
+# -s Turn on/off power on in standby mode
+# poweron_standby = off
+# -S standby (spindown) timeout for the drive
+#spindown_time = 24
+# "force_spindown_time" - the same as "-S", but will be applied even if disk
+# doesn't support APM. Use on your own risk. This is debian specific option.
+# See also #758988
+#force_spindown_time = 24
+# -u interrupt-unmask flag for the drive
+#interrupt_unmask = on
+# -W Disable/enable the IDE drive's write-caching feature
+#write_cache = off
+# -X IDE transfer mode for newer (E)IDE/ATA2 drives
+#transfer_mode = 34
+# -y force to immediately enter the standby mode
+#standby
+# -Y force to immediately enter the sleep mode
+#sleep
+# -Z Disable the power-saving function of certain Seagate drives
+#disable_seagate
+# -M Set the acoustic management properties of a drive
+#acoustic_management
+# -p Set the chipset PIO mode
+# chipset_pio_mode
+# --security-freeze Freeze the drive's security status
+# security_freeze
+# --security-unlock Unlock the drive's security
+# security_unlock = PWD
+# --security-set-pass Set security password
+# security_pass = password
+# --security-disable Disable drive locking
+# security_disable
+# --user-master Select password to use
+# user-master = u
+# --security-mode Set the security mode
+# security_mode = h
+
+# Root file systems. Please see README.Debian for details
+# ROOTFS = /dev/hda
+
+## New note - you can use straight hdparm commands in this config file
+## as well - the set up is ugly, but it keeps backwards compatibility
+## Additionally, it should be noted that any blocks that begin with
+## the keyword 'command_line' are not run until after the root filesystem
+## is mounted. This is done to avoid running blocks twice. If you need
+## to run hdparm to set parameters for your root disk, please use the
+## standard format.
+
+#Samples follow:
+#First three are good for devfs systems, fourth one for systems that do
+#not use devfs. The fifth example uses straight hdparm command line
+#syntax. Any of the blocks that use command line syntax must begin with
+#the keyword 'command_line', and no attempt is made to validate syntax.
+#It is provided for those more comfortable with hdparm syntax.
+
+#/dev/discs/disc0/disc {
+# mult_sect_io = 16
+# write_cache = off
+# spindown_time = 240
+#}
+
+#/dev/discs/disc1/disc {
+# mult_sect_io = 32
+# spindown_time = 36
+# write_cache = off
+#}
+
+#/dev/cdroms/cdrom0 {
+# dma = on
+# interrupt_unmask = on
+# io32_support = 0
+#}
+
+#/dev/hda {
+# mult_sect_io = 16
+# write_cache = off
+# dma = on
+#}
+
--- /dev/null
+# The "order" line is only used by old versions of the C library.
+order hosts,bind
+multi on
--- /dev/null
+127.0.0.1 localhost
+127.0.1.1 vps76
+
+# The following lines are desirable for IPv6 capable hosts
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
--- /dev/null
+# /etc/hosts.allow: list of hosts that are allowed to access the system.
+# See the manual pages hosts_access(5) and hosts_options(5).
+#
+# Example: ALL: LOCAL @some_netgroup
+# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
+#
+# If you're going to protect the portmapper use the name "rpcbind" for the
+# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
+#
+
--- /dev/null
+# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
+# See the manual pages hosts_access(5) and hosts_options(5).
+#
+# Example: ALL: some.host.name, .some.domain
+# ALL EXCEPT in.fingerd: other.host.name, .other.domain
+#
+# If you're going to protect the portmapper use the name "rpcbind" for the
+# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
+#
+# The PARANOID wildcard matches any host whose name does not match its
+# address.
+#
+# You may wish to enable this to ensure any programs that don't
+# validate looked up hostnames still leave understandable logs. In past
+# versions of Debian this has been the default.
+# ALL: PARANOID
+
--- /dev/null
+#!/bin/sh
+# ----------------------------------------------------------------------
+# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
+# NOVELL (All rights reserved)
+# Copyright (c) 2008, 2009 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, contact Novell, Inc.
+# ----------------------------------------------------------------------
+# Authors:
+# Steve Beattie <steve.beattie@canonical.com>
+# Kees Cook <kees@ubuntu.com>
+#
+# /etc/init.d/apparmor
+#
+# Note: "Required-Start: $local_fs" implies that the cache may not be available
+# yet when /var is on a remote filesystem. The worst consequence this should
+# have is slowing down the boot.
+#
+### BEGIN INIT INFO
+# Provides: apparmor
+# Required-Start: $local_fs
+# Required-Stop: umountfs
+# Default-Start: S
+# Default-Stop:
+# Short-Description: AppArmor initialization
+# Description: AppArmor init script. This script loads all AppArmor profiles.
+### END INIT INFO
+
+APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
+
+# Functions needed by rc.apparmor.functions
+
+. /lib/lsb/init-functions
+
+aa_action() {
+ STRING=$1
+ shift
+ $*
+ rc=$?
+ if [ $rc -eq 0 ] ; then
+ aa_log_success_msg $"$STRING "
+ else
+ aa_log_failure_msg $"$STRING "
+ fi
+ return $rc
+}
+
+aa_log_action_start() {
+ log_action_begin_msg $@
+}
+
+aa_log_action_end() {
+ log_action_end_msg $@
+}
+
+aa_log_success_msg() {
+ log_success_msg $@
+}
+
+aa_log_warning_msg() {
+ log_warning_msg $@
+}
+
+aa_log_failure_msg() {
+ log_failure_msg $@
+}
+
+aa_log_skipped_msg() {
+ if [ -n "$1" ]; then
+ log_warning_msg "${1}: Skipped."
+ fi
+}
+
+aa_log_daemon_msg() {
+ log_daemon_msg $@
+}
+
+aa_log_end_msg() {
+ log_end_msg $@
+}
+
+# Source AppArmor function library
+if [ -f "${APPARMOR_FUNCTIONS}" ]; then
+ . ${APPARMOR_FUNCTIONS}
+else
+ aa_log_failure_msg "Unable to find AppArmor initscript functions"
+ exit 1
+fi
+
+usage() {
+ echo "Usage: $0 {start|stop|restart|reload|force-reload|status}"
+}
+
+test -x ${PARSER} || exit 0 # by debian policy
+# LSM is built-in, so it is either there or not enabled for this boot
+test -d /sys/module/apparmor || exit 0
+
+# do not perform start/stop/reload actions when running from liveCD
+test -d /rofs/etc/apparmor.d && exit 0
+
+rc=255
+case "$1" in
+ start)
+ if [ -x /usr/bin/systemd-detect-virt ] && \
+ systemd-detect-virt --quiet --container && \
+ ! is_container_with_internal_policy; then
+ aa_log_daemon_msg "Not starting AppArmor in container"
+ aa_log_end_msg 0
+ exit 0
+ fi
+ apparmor_start
+ rc=$?
+ ;;
+ restart|reload|force-reload)
+ if [ -x /usr/bin/systemd-detect-virt ] && \
+ systemd-detect-virt --quiet --container && \
+ ! is_container_with_internal_policy; then
+ aa_log_daemon_msg "Not starting AppArmor in container"
+ aa_log_end_msg 0
+ exit 0
+ fi
+ apparmor_restart
+ rc=$?
+ ;;
+ stop)
+ aa_log_daemon_msg "Leaving AppArmor profiles loaded"
+ cat >&2 <<EOM
+No profiles have been unloaded.
+
+Unloading profiles will leave already running processes permanently
+unconfined, which can lead to unexpected situations.
+
+To set a process to complain mode, use the command line tool
+'aa-complain'. To really tear down all profiles, run 'aa-teardown'."
+EOM
+ ;;
+ status)
+ apparmor_status
+ rc=$?
+ ;;
+ *)
+ usage
+ rc=1
+ ;;
+ esac
+exit $rc
--- /dev/null
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: apport
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: automatic crash report generation
+### END INIT INFO
+
+DESC="automatic crash report generation"
+NAME=apport
+AGENT=/usr/share/apport/apport
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$AGENT" ] || exit 0
+
+# read default file
+enabled=1
+[ -e /etc/default/$NAME ] && . /etc/default/$NAME || true
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+
+ [ -e /var/crash ] || mkdir -p /var/crash
+ chmod 1777 /var/crash
+
+ # check for kernel crash dump, convert it to apport report
+ if [ -e /var/crash/vmcore ] || [ -n "`ls /var/crash | egrep ^[0-9]{12}$`" ];then
+ /usr/share/apport/kernel_crashdump || true
+ fi
+
+ # check for incomplete suspend/resume or hibernate
+ if [ -e /var/lib/pm-utils/status ]; then
+ /usr/share/apport/apportcheckresume || true
+ rm -f /var/lib/pm-utils/status
+ rm -f /var/lib/pm-utils/resume-hang.log
+ fi
+
+ echo "|$AGENT -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" > /proc/sys/kernel/core_pattern
+ echo 2 > /proc/sys/fs/suid_dumpable
+ echo 10 > /proc/sys/kernel/core_pipe_limit
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+
+ echo 0 > /proc/sys/kernel/core_pipe_limit
+ echo 0 > /proc/sys/fs/suid_dumpable
+
+ # Check for a hung resume. If we find one try and grab everything
+ # we can to aid in its discovery.
+ if [ -e /var/lib/pm-utils/status ]; then
+ ps -wwef >/var/lib/pm-utils/resume-hang.log
+ fi
+
+ if [ "`dd if=/proc/sys/kernel/core_pattern count=1 bs=1 2>/dev/null`" != "|" ]; then
+ return 1
+ else
+ echo "core" > /proc/sys/kernel/core_pattern
+ fi
+}
+
+case "$1" in
+ start)
+ # don't start in containers
+ grep -zqs '^container=' /proc/1/environ && exit 0
+
+ [ "$enabled" = "1" ] || [ "$force_start" = "1" ] || exit 0
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC:" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ # don't stop in containers
+ grep -zqs '^container=' /proc/1/environ && exit 0
+
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC:" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ restart|force-reload)
+ $0 stop || true
+ $0 start
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: atd
+# Required-Start: $syslog $time $remote_fs
+# Required-Stop: $syslog $time $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Deferred execution scheduler
+# Description: Debian init script for the atd deferred executions
+# scheduler
+### END INIT INFO
+#
+# Author: Ryan Murray <rmurray@debian.org>
+#
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAEMON=/usr/sbin/atd
+PIDFILE=/var/run/atd.pid
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting deferred execution scheduler" "atd"
+ start_daemon -p $PIDFILE $DAEMON
+ log_end_msg $?
+ ;;
+ stop)
+ log_daemon_msg "Stopping deferred execution scheduler" "atd"
+ killproc -p $PIDFILE $DAEMON
+ log_end_msg $?
+ ;;
+ force-reload|restart)
+ $0 stop
+ $0 start
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON atd && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: /etc/init.d/atd {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: binfmt-support
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Support for extra binary formats
+# Description: Enable support for extra binary formats using the Linux
+# kernel's binfmt_misc facility.
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+NAME=binfmt-support
+DESC="additional executable binary formats"
+
+if [ "$(uname)" != Linux ]; then
+ exit 0
+fi
+
+which update-binfmts >/dev/null 2>&1 || exit 0
+
+. /lib/lsb/init-functions
+[ -r /etc/default/rcS ] && . /etc/default/rcS
+
+set -e
+CODE=0
+
+case "$1" in
+ start)
+ log_daemon_msg "Enabling $DESC" "$NAME"
+ update-binfmts --enable || CODE=$?
+ log_end_msg $CODE
+ exit $CODE
+ ;;
+
+ stop)
+ log_daemon_msg "Disabling $DESC" "$NAME"
+ update-binfmts --disable || CODE=$?
+ log_end_msg $CODE
+ exit $CODE
+ ;;
+
+ restart|force-reload)
+ $0 stop
+ $0 start
+ ;;
+
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: console-setup.sh
+# Required-Start: $remote_fs
+# Required-Stop:
+# Should-Start: console-screen kbd
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# X-Interactive: true
+# Short-Description: Set console font and keymap
+### END INIT INFO
+
+if [ -f /bin/setupcon ]; then
+ case "$1" in
+ stop|status)
+ # console-setup isn't a daemon
+ ;;
+ start|force-reload|restart|reload)
+ if [ -f /lib/lsb/init-functions ]; then
+ . /lib/lsb/init-functions
+ else
+ log_action_begin_msg () {
+ echo -n "$@... "
+ }
+
+ log_action_end_msg () {
+ if [ "$1" -eq 0 ]; then
+ echo done.
+ else
+ echo failed.
+ fi
+ }
+ fi
+ log_action_begin_msg "Setting up console font and keymap"
+ if /lib/console-setup/console-setup.sh; then
+ log_action_end_msg 0
+ else
+ log_action_end_msg $?
+ fi
+ ;;
+ *)
+ echo 'Usage: /etc/init.d/console-setup {start|reload|restart|force-reload|stop|status}'
+ exit 3
+ ;;
+ esac
+fi
--- /dev/null
+#!/bin/sh
+# Start/stop the cron daemon.
+#
+### BEGIN INIT INFO
+# Provides: cron
+# Required-Start: $remote_fs $syslog $time
+# Required-Stop: $remote_fs $syslog $time
+# Should-Start: $network $named slapd autofs ypbind nscd nslcd winbind sssd
+# Should-Stop: $network $named slapd autofs ypbind nscd nslcd winbind sssd
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Regular background program processing daemon
+# Description: cron is a standard UNIX program that runs user-specified
+# programs at periodic scheduled times. vixie cron adds a
+# number of features to the basic UNIX cron, including better
+# security and more powerful configuration options.
+### END INIT INFO
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DESC="cron daemon"
+NAME=cron
+DAEMON=/usr/sbin/cron
+PIDFILE=/var/run/crond.pid
+SCRIPTNAME=/etc/init.d/"$NAME"
+
+test -f $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+[ -r /etc/default/cron ] && . /etc/default/cron
+
+# Read the system's locale and set cron's locale. This is only used for
+# setting the charset of mails generated by cron. To provide locale
+# information to tasks running under cron, see /etc/pam.d/cron.
+#
+# We read /etc/environment, but warn about locale information in
+# there because it should be in /etc/default/locale.
+parse_environment ()
+{
+ for ENV_FILE in /etc/environment /etc/default/locale; do
+ [ -r "$ENV_FILE" ] || continue
+ [ -s "$ENV_FILE" ] || continue
+
+ for var in LANG LANGUAGE LC_ALL LC_CTYPE; do
+ value=`egrep "^${var}=" "$ENV_FILE" | tail -n1 | cut -d= -f2`
+ [ -n "$value" ] && eval export $var=$value
+
+ if [ -n "$value" ] && [ "$ENV_FILE" = /etc/environment ]; then
+ log_warning_msg "/etc/environment has been deprecated for locale information; use /etc/default/locale for $var=$value instead"
+ fi
+ done
+ done
+
+# Get the timezone set.
+ if [ -z "$TZ" -a -e /etc/timezone ]; then
+ TZ=`cat /etc/timezone`
+ fi
+}
+
+# Parse the system's environment
+if [ "$READ_ENV" = "yes" ] ; then
+ parse_environment
+fi
+
+
+case "$1" in
+start) log_daemon_msg "Starting periodic command scheduler" "cron"
+ start_daemon -p $PIDFILE $DAEMON $EXTRA_OPTS
+ log_end_msg $?
+ ;;
+stop) log_daemon_msg "Stopping periodic command scheduler" "cron"
+ killproc -p $PIDFILE $DAEMON
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && [ -e "$PIDFILE" ] && rm -f $PIDFILE
+ log_end_msg $RETVAL
+ ;;
+restart) log_daemon_msg "Restarting periodic command scheduler" "cron"
+ $0 stop
+ $0 start
+ ;;
+reload|force-reload) log_daemon_msg "Reloading configuration files for periodic command scheduler" "cron"
+ # cron reloads automatically
+ log_end_msg 0
+ ;;
+status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+ ;;
+*) log_action_msg "Usage: /etc/init.d/cron {start|stop|status|restart|reload|force-reload}"
+ exit 2
+ ;;
+esac
+exit 0
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: cryptdisks
+# Required-Start: checkroot cryptdisks-early
+# Required-Stop: umountroot cryptdisks-early
+# Should-Start: udev mdadm-raid lvm2
+# Should-Stop: udev mdadm-raid lvm2
+# X-Start-Before: checkfs
+# X-Stop-After: umountfs
+# X-Interactive: true
+# Default-Start: S
+# Default-Stop: 0 6
+# Short-Description: Setup remaining encrypted block devices.
+# Description:
+### END INIT INFO
+
+set -e
+
+if [ -r /lib/cryptsetup/cryptdisks-functions ]; then
+ . /lib/cryptsetup/cryptdisks-functions
+else
+ exit 0
+fi
+
+INITSTATE="remaining"
+DEFAULT_LOUD="yes"
+
+case "$CRYPTDISKS_ENABLE" in
+[Nn]*)
+ exit 0
+ ;;
+esac
+
+case "$1" in
+start)
+ do_start
+ ;;
+stop)
+ do_stop
+ ;;
+restart|reload|force-reload)
+ do_stop
+ do_start
+ ;;
+force-start)
+ FORCE_START="yes"
+ do_start
+ ;;
+*)
+ echo "Usage: cryptdisks {start|stop|restart|reload|force-reload|force-start}"
+ exit 1
+ ;;
+esac
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: cryptdisks-early
+# Required-Start: checkroot
+# Required-Stop: umountroot
+# Should-Start: udev mdadm-raid
+# Should-Stop: udev mdadm-raid
+# X-Start-Before: lvm2
+# X-Stop-After: lvm2 umountfs
+# X-Interactive: true
+# Default-Start: S
+# Default-Stop: 0 6
+# Short-Description: Setup early encrypted block devices.
+# Description:
+### END INIT INFO
+
+set -e
+
+if [ -r /lib/cryptsetup/cryptdisks-functions ]; then
+ . /lib/cryptsetup/cryptdisks-functions
+else
+ exit 0
+fi
+
+INITSTATE="early"
+DEFAULT_LOUD=""
+
+case "$CRYPTDISKS_ENABLE" in
+[Nn]*)
+ exit 0
+ ;;
+esac
+
+case "$1" in
+start)
+ do_start
+ ;;
+stop)
+ do_stop
+ ;;
+restart|reload|force-reload)
+ do_stop
+ do_start
+ ;;
+force-start)
+ FORCE_START="yes"
+ do_start
+ ;;
+*)
+ echo "Usage: cryptdisks-early {start|stop|restart|reload|force-reload|force-start}"
+ exit 1
+ ;;
+esac
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: dbus
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: D-Bus systemwide message bus
+# Description: D-Bus is a simple interprocess messaging system, used
+# for sending messages between applications.
+### END INIT INFO
+# -*- coding: utf-8 -*-
+# Debian init.d script for D-BUS
+# Copyright © 2003 Colin Walters <walters@debian.org>
+# Copyright © 2005 Sjoerd Simons <sjoerd@debian.org>
+
+set -e
+
+DAEMON=/usr/bin/dbus-daemon
+UUIDGEN=/usr/bin/dbus-uuidgen
+UUIDGEN_OPTS=--ensure
+NAME=dbus
+DAEMONUSER=messagebus
+PIDDIR=/var/run/dbus
+PIDFILE=$PIDDIR/pid
+DESC="system message bus"
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+# Source defaults file; edit that file to configure this script.
+PARAMS=""
+if [ -e /etc/default/dbus ]; then
+ . /etc/default/dbus
+fi
+
+create_machineid() {
+ # Create machine-id file
+ if [ -x $UUIDGEN ]; then
+ $UUIDGEN $UUIDGEN_OPTS
+ fi
+}
+
+start_it_up()
+{
+ if [ ! -d $PIDDIR ]; then
+ mkdir -p $PIDDIR
+ chown $DAEMONUSER $PIDDIR
+ chgrp $DAEMONUSER $PIDDIR
+ fi
+
+ if ! mountpoint -q /proc/ ; then
+ log_failure_msg "Can't start $DESC - /proc is not mounted"
+ return
+ fi
+
+ if [ -e $PIDFILE ]; then
+ if $0 status > /dev/null ; then
+ log_success_msg "$DESC already started; not starting."
+ return
+ else
+ log_success_msg "Removing stale PID file $PIDFILE."
+ rm -f $PIDFILE
+ fi
+ fi
+
+ create_machineid
+
+ # Force libnss-systemd to avoid trying to communicate via D-Bus, which
+ # is never going to work well from within dbus-daemon. systemd
+ # special-cases this internally, but we might need to do the same when
+ # booting with sysvinit if libnss-systemd is still installed.
+ # (Workaround for #940971)
+ export SYSTEMD_NSS_BYPASS_BUS=1
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --exec $DAEMON -- --system $PARAMS
+ log_end_msg $?
+}
+
+shut_it_down()
+{
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ start-stop-daemon --stop --retry 5 --quiet --oknodo --pidfile $PIDFILE \
+ --user $DAEMONUSER
+ # We no longer include these arguments so that start-stop-daemon
+ # can do its job even given that we may have been upgraded.
+ # We rely on the pidfile being sanely managed
+ # --exec $DAEMON -- --system $PARAMS
+ log_end_msg $?
+ rm -f $PIDFILE
+}
+
+reload_it()
+{
+ create_machineid
+ log_action_begin_msg "Reloading $DESC config"
+ dbus-send --print-reply --system --type=method_call \
+ --dest=org.freedesktop.DBus \
+ / org.freedesktop.DBus.ReloadConfig > /dev/null
+ # hopefully this is enough time for dbus to reload it's config file.
+ log_action_end_msg $?
+}
+
+case "$1" in
+ start)
+ start_it_up
+ ;;
+ stop)
+ shut_it_down
+ ;;
+ reload|force-reload)
+ reload_it
+ ;;
+ restart)
+ shut_it_down
+ start_it_up
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|status}" >&2
+ exit 2
+ ;;
+esac
+
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: grub-common
+# Required-Start: $all
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Record successful boot for GRUB
+# Description: GRUB displays the boot menu at the next boot if it
+# believes that the previous boot failed. This script
+# informs it that the system booted successfully.
+### END INIT INFO
+
+which grub-editenv >/dev/null 2>&1 || exit 0
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+case $1 in
+ start|restart|force-reload)
+ log_action_msg "Recording successful boot for GRUB"
+ [ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv
+ mkdir -p /boot/grub
+ grub-editenv /boot/grub/grubenv unset recordfail
+ log_end_msg $?
+ ;;
+ stop)
+ ;;
+ status)
+ exit 0
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+# hwclock.sh Set and adjust the CMOS clock.
+#
+# Version: @(#)hwclock.sh 2.00 14-Dec-1998 miquels@cistron.nl
+#
+# Patches:
+# 2000-01-30 Henrique M. Holschuh <hmh@rcm.org.br>
+# - Minor cosmetic changes in an attempt to help new
+# users notice something IS changing their clocks
+# during startup/shutdown.
+# - Added comments to alert users of hwclock issues
+# and discourage tampering without proper doc reading.
+# 2012-02-16 Roger Leigh <rleigh@debian.org>
+# - Use the UTC/LOCAL setting in /etc/adjtime rather than
+# the UTC setting in /etc/default/rcS. Additionally
+# source /etc/default/hwclock to permit configuration.
+
+### BEGIN INIT INFO
+# Provides: hwclock
+# Required-Start: mountdevsubfs
+# Required-Stop: mountdevsubfs
+# Should-Stop: umountfs
+# Default-Start: S
+# X-Start-Before: checkroot
+# Default-Stop: 0 6
+# Short-Description: Sync hardware and system clock time.
+### END INIT INFO
+
+# These defaults are user-overridable in /etc/default/hwclock
+BADYEAR=no
+HWCLOCKACCESS=yes
+HWCLOCKPARS=
+HCTOSYS_DEVICE=rtc0
+
+# We only want to use the system timezone or else we'll get
+# potential inconsistency at startup.
+unset TZ
+
+hwclocksh()
+{
+ [ ! -x /sbin/hwclock ] && return 0
+ [ ! -r /etc/default/rcS ] || . /etc/default/rcS
+ [ ! -r /etc/default/hwclock ] || . /etc/default/hwclock
+
+ . /lib/lsb/init-functions
+ verbose_log_action_msg() { [ "$VERBOSE" = no ] || log_action_msg "$@"; }
+
+ case "$BADYEAR" in
+ no|"") BADYEAR="" ;;
+ yes) BADYEAR="--badyear" ;;
+ *) log_action_msg "unknown BADYEAR setting: \"$BADYEAR\""; return 1 ;;
+ esac
+
+ case "$1" in
+ start)
+ # If the admin deleted the hwclock config, create a blank
+ # template with the defaults.
+ if [ -w /etc ] && [ ! -f /etc/adjtime ] && [ ! -e /etc/adjtime ]; then
+ printf "0.0 0 0.0\n0\nUTC\n" > /etc/adjtime
+ fi
+
+ if [ -d /run/udev ] || [ -d /dev/.udev ]; then
+ return 0
+ fi
+
+ if [ "$HWCLOCKACCESS" != no ]; then
+ log_action_msg "Setting the system clock"
+
+ # Just for reporting.
+ if sed '3!d' /etc/adjtime | grep -q '^UTC$'; then
+ UTC="--utc"
+ else
+ UTC=
+ fi
+ # Copies Hardware Clock time to System Clock using the correct
+ # timezone for hardware clocks in local time, and sets kernel
+ # timezone. DO NOT REMOVE.
+ if /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --hctosys $HWCLOCKPARS $BADYEAR; then
+ # Announce the local time.
+ verbose_log_action_msg "System Clock set to: `date $UTC`"
+ else
+ log_warning_msg "Unable to set System Clock to: `date $UTC`"
+ fi
+ else
+ verbose_log_action_msg "Not setting System Clock"
+ fi
+ ;;
+ stop|restart|reload|force-reload)
+ #
+ # Updates the Hardware Clock with the System Clock time.
+ # This will *override* any changes made to the Hardware Clock.
+ #
+ # WARNING: If you disable this, any changes to the system
+ # clock will not be carried across reboots.
+ #
+
+ if [ "$HWCLOCKACCESS" != no ]; then
+ log_action_msg "Saving the system clock"
+ if /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --systohc $HWCLOCKPARS $BADYEAR; then
+ verbose_log_action_msg "Hardware Clock updated to `date`"
+ fi
+ else
+ verbose_log_action_msg "Not saving System Clock"
+ fi
+ ;;
+ show)
+ if [ "$HWCLOCKACCESS" != no ]; then
+ /sbin/hwclock --rtc=/dev/$HCTOSYS_DEVICE --show $HWCLOCKPARS $BADYEAR
+ fi
+ ;;
+ *)
+ log_success_msg "Usage: hwclock.sh {start|stop|reload|force-reload|show}"
+ log_success_msg " start sets kernel (system) clock from hardware (RTC) clock"
+ log_success_msg " stop and reload set hardware (RTC) clock from kernel (system) clock"
+ return 1
+ ;;
+ esac
+}
+
+hwclocksh "$@"
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: irqbalance
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: daemon to balance interrupts for SMP systems
+### END INIT INFO
+# irqbalance init script
+# August 2003
+# Eric Dorland
+
+# Based on spamassassin init script
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/irqbalance
+NAME=irqbalance
+SNAME=irqbalance
+DESC="SMP IRQ Balancer"
+PIDFILE="/run/$NAME.pid"
+PNAME="irqbalance"
+DOPTIONS=""
+
+# Defaults - don't touch, edit /etc/default/
+OPTIONS=""
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+test -f /etc/default/irqbalance && . /etc/default/irqbalance
+
+# Beware: irqbalance tries to read and handle environment variables
+# directly itself, but since start-stop-daemon clears the env
+# we convert the variables to commandline arguments here...
+# (Note: in the daemon an option is enabled even if its set to
+# e.g. the empty string or 0 or whatever. To disable it should not
+# be exported at all!)
+# Warning: this will need to be maintained and updated on upgrades
+# to new upstream release which might introduce new ones!
+if [ ! -z ${IRQBALANCE_ONESHOT+x} ]; then
+ DOPTIONS="--oneshot"
+fi
+if [ ! -z ${IRQBALANCE_ARGS+x} ]; then
+ OPTIONS="$OPTIONS $IRQBALANCE_ARGS"
+fi
+
+case "$1" in
+ start)
+ log_begin_msg "Starting $DESC: $NAME"
+
+ pid=$( pidofproc -p $PIDFILE $DAEMON )
+ if [ -n "$pid" ] ; then
+ log_begin_msg ". Already running"
+ log_end_msg 0
+ exit 0
+ fi
+
+ mkdir -p /run/irqbalance
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- --pid=$PIDFILE $OPTIONS $DOPTIONS
+
+ log_end_msg $?
+ ;;
+ stop)
+ log_begin_msg "Stopping $DESC: $NAME"
+
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON
+ rm -f $PIDFILE
+
+ log_end_msg $?
+ ;;
+ restart|force-reload)
+ log_begin_msg "Restarting $DESC: $NAME"
+
+ start-stop-daemon --stop --retry 5 --quiet --oknodo --exec $DAEMON
+ rm -f $PIDFILE
+
+ mkdir -p /run/irqbalance
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- --pid=$PIDFILE $OPTIONS $DOPTIONS
+
+ log_end_msg $?
+ ;;
+ status)
+ if [ -z "${IRQBALANCE_ONESHOT+x}" ]; then
+ status_of_proc $DAEMON $NAME
+ else
+ echo "Irqbalance setup to run in oneshot mode."
+ fi
+ ;;
+ *)
+ N=/etc/init.d/$SNAME
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
+if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
+ set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
+fi
+### BEGIN INIT INFO
+# Provides: iscsid
+# Required-Start: $network $local_fs
+# Required-Stop: $network $local_fs sendsigs
+# Default-Start: S
+# Default-Stop: 0 1 6
+# Short-Description: iSCSI initiator daemon (iscsid)
+# Description: The iSCSI initiator daemon takes care of
+# monitoring iSCSI connections to targets. It is
+# also the daemon providing the interface for the
+# iscisadm tool to talk to when administering iSCSI
+# connections.
+### END INIT INFO
+
+# Author: Christian Seiler <christian@iwakd.de>
+
+DESC="iSCSI initiator daemon"
+DAEMON=/sbin/iscsid
+PIDFILE=/run/iscsid.pid
+OMITDIR=/run/sendsigs.omit.d
+
+do_start_prepare() {
+ if ! /lib/open-iscsi/startup-checks.sh ; then
+ exit 1
+ fi
+}
+
+do_start_cleanup() {
+ ln -sf $PIDFILE $OMITDIR
+}
+
+do_stop_override() {
+ # Don't stop iscsid if we're on initramfs or we had some
+ # excluded sessions. We could actually stop it, it's not
+ # required for the kernel to continue working with active
+ # sessions, but it also doesn't hurt to leave it running.
+ if [ -f /etc/iscsi/iscsi.initramfs ] ||
+ ( [ -f /run/open-iscsi/shutdown-keep-sessions ] && [ -n "$(cat /run/open-iscsi/shutdown-keep-sessions)" ] )
+ then
+ return
+ fi
+ do_stop "$@"
+}
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: keyboard-setup.sh
+# Required-Start: mountkernfs
+# Required-Stop:
+# X-Start-Before: checkroot
+# Default-Start: S
+# Default-Stop:
+# X-Interactive: true
+# Short-Description: Set the console keyboard layout
+# Description: Set the console keyboard as early as possible
+# so during the file systems checks the administrator
+# can interact. At this stage of the boot process
+# only the ASCII symbols are supported.
+### END INIT INFO
+
+if [ -f /bin/setupcon ]; then
+ case "$1" in
+ stop|status)
+ # console-setup isn't a daemon
+ ;;
+ start|force-reload|restart|reload)
+ if [ -f /lib/lsb/init-functions ]; then
+ . /lib/lsb/init-functions
+ else
+ log_action_begin_msg () {
+ echo -n "$@... "
+ }
+
+ log_action_end_msg () {
+ if [ "$1" -eq 0 ]; then
+ echo done.
+ else
+ echo failed.
+ fi
+ }
+ fi
+ log_action_begin_msg "Setting up keyboard layout"
+ if /lib/console-setup/keyboard-setup.sh; then
+ log_action_end_msg 0
+ else
+ log_action_end_msg $?
+ fi
+ ;;
+ *)
+ echo 'Usage: /etc/init.d/keyboard-setup {start|reload|restart|force-reload|stop|status}'
+ exit 3
+ ;;
+ esac
+fi
--- /dev/null
+#!/bin/sh -e
+### BEGIN INIT INFO
+# Provides: kmod
+# Required-Start:
+# Required-Stop:
+# Should-Start: checkroot
+# Should-Stop:
+# Default-Start: S
+# Default-Stop:
+# Short-Description: Load the modules listed in /etc/modules.
+# Description: Load the modules listed in /etc/modules.
+### END INIT INFO
+
+# Silently exit if the kernel does not support modules.
+[ -f /proc/modules ] || exit 0
+[ -x /sbin/modprobe ] || exit 0
+
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+. /lib/lsb/init-functions
+
+PATH='/sbin:/bin'
+
+case "$1" in
+ start)
+ ;;
+
+ stop|restart|reload|force-reload)
+ log_warning_msg "Action '$1' is meaningless for this init script"
+ exit 0
+ ;;
+
+ *)
+ log_success_msg "Usage: $0 start"
+ exit 1
+esac
+
+load_module() {
+ local module args
+ module="$1"
+ args="$2"
+
+ if [ "$VERBOSE" != no ]; then
+ log_action_msg "Loading kernel module $module"
+ modprobe $module $args || true
+ else
+ modprobe $module $args > /dev/null 2>&1 || true
+ fi
+}
+
+modules_files() {
+ local modules_load_dirs='/etc/modules-load.d /run/modules-load.d /usr/local/lib/modules-load.d /usr/lib/modules-load.d /lib/modules-load.d'
+ local processed=' '
+ local add_etc_modules=true
+
+ for dir in $modules_load_dirs; do
+ [ -d $dir ] || continue
+ for file in $(run-parts --list --regex='\.conf$' $dir 2> /dev/null || true); do
+ local base=${file##*/}
+ if echo -n "$processed" | grep -qF " $base "; then
+ continue
+ fi
+ if [ "$add_etc_modules" -a -L $file \
+ -a "$(readlink -f $file)" = /etc/modules ]; then
+ add_etc_modules=
+ fi
+ processed="$processed$base "
+ echo $file
+ done
+ done
+
+ if [ "$add_etc_modules" ]; then
+ echo /etc/modules
+ fi
+}
+
+if [ "$VERBOSE" = no ]; then
+ log_action_begin_msg 'Loading kernel modules'
+fi
+
+files=$(modules_files)
+if [ "$files" ] ; then
+ grep -h '^[^#]' $files |
+ while read module args; do
+ [ "$module" ] || continue
+ load_module "$module" "$args"
+ done
+fi
+
+if [ "$VERBOSE" = no ]; then
+ log_action_end_msg 0
+fi
+
--- /dev/null
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: lvm2 lvm
+# Required-Start: mountdevsubfs
+# Required-Stop:
+# Should-Start: udev mdadm-raid cryptdisks-early multipath-tools-boot
+# Should-Stop: umountroot mdadm-raid
+# X-Start-Before: checkfs mountall
+# X-Stop-After: umountfs
+# Default-Start: S
+# Default-Stop:
+### END INIT INFO
+
+SCRIPTNAME=/etc/init.d/lvm2
+
+. /lib/lsb/init-functions
+
+[ -x /sbin/vgchange ] || exit 0
+
+case "$1" in
+ start)
+ log_action_begin_msg "Setting up LVM Volume Groups"
+ /sbin/lvm vgchange -aay --sysinit >/dev/null
+ log_action_end_msg "$?"
+ ;;
+ stop|restart|force-reload|status)
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME start" >&2
+ exit 3
+ ;;
+esac
+
--- /dev/null
+#!/bin/sh
+# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
+if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
+ set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
+fi
+### BEGIN INIT INFO
+# Provides: lvm2-lvmpolld
+# Required-Start: $local_fs
+# Required-Stop: $local_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: LVM2 poll daemon
+### END INIT INFO
+
+DESC="LVM2 poll daemon"
+DAEMON=/sbin/lvmpolld
+DAEMON_ARGS="-t 60"
+PIDFILE=/run/lvmpolld.pid
+
+do_start_prepare() {
+ mkdir -m 0700 -p /run/lvm
+}
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: multipath-tools
+# Required-Start: udev $local_fs $remote_fs $syslog
+# Required-Stop: udev $local_fs $remote_fs $syslog
+# Should-Start: iscsi
+# Should-Stop: iscsi
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: multipath daemon
+# Description:
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin/:/usr/bin
+DAEMON=/sbin/multipathd
+NAME=multipathd
+DESC="multipath daemon"
+syspath=/sys/block
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+if [ -f /etc/default/multipath-tools ] ; then
+ . /etc/default/multipath-tools
+fi
+
+teardown_slaves()
+{
+cd $1;
+if [ -d "slaves" ]; then
+for slave in slaves/*;
+do
+ if [ "$slave" = "slaves/*" ]; then
+ read dev < $1/dev
+ tablename=$(dmsetup table --target multipath | sed -n "s/\(.*\): .* $dev .*/\1/p")
+ if ! [ -z $tablename ]; then
+ log_daemon_msg "Root is on a multipathed device, multipathd can not be stopped"
+ DONT_STOP_MPATHD=1
+ fi
+ else
+ local_slave=`readlink -f $slave`;
+ teardown_slaves $local_slave;
+ fi
+ done
+
+else
+ read dev < $1/dev
+ tablename=$(dmsetup table --target multipath | sed -n "s/\(.*\): .* $dev .*/\1/p")
+ if ! [ -z $tablename ]; then
+ log_daemon_msg "Root is on a multipathed device, multipathd can not be stopped"
+ DONT_STOP_MPATHD=1
+ fi
+fi
+}
+
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ modprobe -a scsi_dh_alua scsi_dh_emc scsi_dh_rdac dm-multipath 2> /dev/null || true
+ start-stop-daemon --oknodo --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
+ log_end_msg $?
+ ;;
+ stop)
+ DONT_STOP_MPATHD=0
+ root_dev=$(awk '{ if ($1 !~ /^[ \t]*#/ && $1 ~ /\// && $2 == "/") { print $1; }}' /etc/mtab)
+ if [ -n "$root_dev" ]; then
+ dm_num=$(dmsetup info -c --noheadings -o minor $root_dev 2>/dev/null)
+ else
+ dm_num=
+ fi
+ if [ $? -ne 0 -o -z "$dm_num" ]; then
+ # Looks like we couldn't find a device mapper root device
+ # But we shouldn't bail out here, otherwise the stop target and the
+ # upgrade processes will break. See DBUG #674733
+ :
+ else
+ root_dm_device="dm-$dm_num"
+ [ -d "$syspath/$root_dm_device" ] && teardown_slaves $syspath/$root_dm_device
+ fi
+
+ if [ x$DONT_STOP_MPATHD = x0 ]; then
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ start-stop-daemon --oknodo --stop --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON
+ log_end_msg $?
+ fi
+ ;;
+ status)
+ status_of_proc -p /var/run/$NAME.pid $DAEMON $NAME && exit 0 || exit $?
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ start-stop-daemon --stop --signal 1 --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON
+ log_end_msg $?
+ ;;
+ restart|force-reload)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ N=/etc/init.d/multipath-tools
+ echo "Usage: $N {start|stop|status|restart|reload|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: nginx
+# Required-Start: $local_fs $remote_fs $network $syslog $named
+# Required-Stop: $local_fs $remote_fs $network $syslog $named
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: starts the nginx web server
+# Description: starts nginx using start-stop-daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nginx
+NAME=nginx
+DESC=nginx
+
+# Include nginx defaults if available
+if [ -r /etc/default/nginx ]; then
+ . /etc/default/nginx
+fi
+
+STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
+
+test -x $DAEMON || exit 0
+
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+# Try to extract nginx pidfile
+PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
+if [ -z "$PID" ]; then
+ PID=/run/nginx.pid
+fi
+
+if [ -n "$ULIMIT" ]; then
+ # Set ulimit if it is set in /etc/default/nginx
+ ulimit $ULIMIT
+fi
+
+start_nginx() {
+ # Start the daemon/service
+ #
+ # Returns:
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON -- \
+ $DAEMON_OPTS 2>/dev/null \
+ || return 2
+}
+
+test_config() {
+ # Test the nginx configuration
+ $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
+}
+
+stop_nginx() {
+ # Stops the daemon/service
+ #
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
+ RETVAL="$?"
+ sleep 1
+ return "$RETVAL"
+}
+
+reload_nginx() {
+ # Function that sends a SIGHUP to the daemon/service
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
+ return 0
+}
+
+rotate_logs() {
+ # Rotate log files
+ start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
+ return 0
+}
+
+upgrade_nginx() {
+ # Online upgrade nginx executable
+ # http://nginx.org/en/docs/control.html
+ #
+ # Return
+ # 0 if nginx has been successfully upgraded
+ # 1 if nginx is not running
+ # 2 if the pid files were not created on time
+ # 3 if the old master could not be killed
+ if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
+ # Wait for both old and new master to write their pid file
+ while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
+ cnt=`expr $cnt + 1`
+ if [ $cnt -gt 10 ]; then
+ return 2
+ fi
+ sleep 1
+ done
+ # Everything is ready, gracefully stop the old master
+ if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
+ return 0
+ else
+ return 3
+ fi
+ else
+ return 1
+ fi
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start_nginx
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ stop_nginx
+ case "$?" in
+ 0|1) log_end_msg 0 ;;
+ 2) log_end_msg 1 ;;
+ esac
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+
+ # Check configuration before stopping nginx
+ if ! test_config; then
+ log_end_msg 1 # Configuration error
+ exit $?
+ fi
+
+ stop_nginx
+ case "$?" in
+ 0|1)
+ start_nginx
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $DESC configuration" "$NAME"
+
+ # Check configuration before stopping nginx
+ #
+ # This is not entirely correct since the on-disk nginx binary
+ # may differ from the in-memory one, but that's not common.
+ # We prefer to check the configuration and return an error
+ # to the administrator.
+ if ! test_config; then
+ log_end_msg 1 # Configuration error
+ exit $?
+ fi
+
+ reload_nginx
+ log_end_msg $?
+ ;;
+ configtest|testconfig)
+ log_daemon_msg "Testing $DESC configuration"
+ test_config
+ log_end_msg $?
+ ;;
+ status)
+ status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ upgrade)
+ log_daemon_msg "Upgrading binary" "$NAME"
+ upgrade_nginx
+ log_end_msg $?
+ ;;
+ rotate)
+ log_daemon_msg "Re-opening $DESC log files" "$NAME"
+ rotate_logs
+ log_end_msg $?
+ ;;
+ *)
+ echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
+ exit 3
+ ;;
+esac
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: open-iscsi iscsi
+# Required-Start: $network $local_fs iscsid
+# Required-Stop: $network $local_fs iscsid sendsigs
+# Default-Start: S
+# Default-Stop: 0 1 6
+# Short-Description: Login to default iSCSI targets
+# Description: Login to default iSCSI targets at boot and log out
+# of all iSCSI targets at shutdown.
+### END INIT INFO
+
+PATH=/sbin:/bin
+DAEMON=/sbin/iscsid
+ADM=/sbin/iscsiadm
+PIDFILE=/run/iscsid.pid
+NAMEFILE=/etc/iscsi/initiatorname.iscsi
+CONFIGFILE=/etc/iscsi/iscsid.conf
+OMITDIR=/run/sendsigs.omit.d
+
+[ -x "$DAEMON" ] || exit 0
+
+. /lib/lsb/init-functions
+
+# Include defaults if available
+if [ -f /etc/default/open-iscsi ]; then
+ . /etc/default/open-iscsi
+fi
+
+
+if [ ! -d /sys/class/ ]; then
+ log_failure_msg "iSCSI requires a mounted sysfs, not started."
+ exit 0
+fi
+
+RETVAL=0
+
+start() {
+ if ! [ -s $PIDFILE ] || ! kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then
+ log_failure_msg "iSCSI initiator daemon not started: not logging in to default targets"
+ exit 1
+ fi
+
+ starttargets
+
+ # activate LVM, mount filesystems, etc.
+ /lib/open-iscsi/activate-storage.sh
+}
+
+starttargets() {
+ log_daemon_msg "Setting up iSCSI targets"
+ echo
+ $ADM -m node --loginall=automatic
+ log_end_msg 0
+}
+
+stoptargets() {
+ log_daemon_msg "Disconnecting iSCSI targets"
+ sync
+ # only logout if daemon is running, iscsiadm hangs otherwise
+ if [ -s $PIDFILE ] && kill -0 `sed -n 1p $PIDFILE` >/dev/null ; then
+ /lib/open-iscsi/logout-all.sh
+ fi
+
+ log_end_msg 0
+}
+
+stop() {
+ # Call umountiscsi.sh to unmount iSCSI devices first (always do
+ # that, regardless of whether root is on iSCSI, umountiscsi.sh
+ # will exclude it - and even if that shouldn't work, the mount
+ # point will be busy)
+ log_daemon_msg "Umounting iSCSI filesystems"
+ /lib/open-iscsi/umountiscsi.sh
+ umount_exit_status=$?
+ log_end_msg $umount_exit_status
+
+ if [ $umount_exit_status -ne 0 ]; then
+ log_failure_msg "Couldn't unmount all iSCSI devices. not logging out from any target."
+ exit 1
+ fi
+
+ stoptargets
+}
+
+restart() {
+ stop
+ start
+}
+
+restarttargets() {
+ stoptargets
+ starttargets
+}
+
+status() {
+ #XXX FIXME: what to do here?
+ #status iscsid
+ # list active sessions
+ echo Current active iSCSI sessions:
+ $ADM -m session
+}
+
+case "$1" in
+ start|starttargets|stop|stoptargets|restart|restarttargets|status)
+ $1
+ ;;
+ force-reload)
+ restart
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
+exit $RETVAL
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: open-vm-tools
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# X-Start-Before:
+# X-Stop-After:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Description: Runs the open-vm-tools services
+# Short-Description: Runs the open-vm-tools services
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+exit_if_not_in_vm () {
+ if which systemd-detect-virt 1>/dev/null; then
+ checktool='systemd-detect-virt'
+ else
+ checktool='vmware-checkvm'
+ fi
+
+ if ! ${checktool} | grep -iq vmware; then
+ echo "open-vm-tools: not starting as this is not a VMware VM"
+ exit 0
+ fi
+}
+
+case "${1}" in
+ start)
+ # Check if we're running inside VMWare
+ exit_if_not_in_vm
+
+ log_daemon_msg "Starting open-vm daemon" "vmtoolsd"
+ start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd --test > /dev/null || exit 1
+ start-stop-daemon --start --quiet --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd -- --background /var/run/vmtoolsd.pid || exit 2
+ log_end_msg 0
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping open-vm guest daemon" "vmtoolsd"
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/vmtoolsd.pid --exec /usr/bin/vmtoolsd
+ RETURN="${?}"
+ [ "${RETURN}" = 2 ] && exit 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f /var/run/vmtoolsd.pid
+ log_end_msg 0
+ ;;
+
+ force-reload|restart)
+ ${0} stop
+ ${0} start
+ ;;
+
+ status)
+ status_of_proc -p /var/run/vmtoolsd.pid /usr/bin/vmtoolsd vmtoolsd && exit 0 || exit $?
+ ;;
+
+ *)
+ log_success_msg "Usage: ${0} {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: plymouth
+# Required-Start: udev $remote_fs $all
+# Required-Stop: $remote_fs
+# Should-Start: $x-display-manager
+# Should-Stop: $x-display-manager
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 6
+# Short-Description: Stop plymouth during boot and start it on shutdown
+### END INIT INFO
+
+PATH="/sbin:/bin:/usr/sbin:/usr/bin"
+NAME="plymouth"
+DESC="Boot splash manager"
+
+test -x /sbin/plymouthd || exit 0
+
+if [ -r "/etc/default/${NAME}" ]
+then
+ . "/etc/default/${NAME}"
+fi
+
+. /lib/lsb/init-functions
+
+set -e
+
+SPLASH="true"
+for ARGUMENT in $(cat /proc/cmdline)
+do
+ case "${ARGUMENT}" in
+ splash*)
+ SPLASH="true"
+ ;;
+
+ nosplash*|plymouth.enable=0)
+ SPLASH="false"
+ ;;
+ esac
+done
+
+case "${1}" in
+ start)
+ case "${SPLASH}" in
+ true)
+ /bin/plymouth quit --retain-splash
+ ;;
+ esac
+ ;;
+
+ stop)
+ case "${SPLASH}" in
+ true)
+ if ! plymouth --ping
+ then
+ /sbin/plymouthd --mode=shutdown
+ fi
+
+ RUNLEVEL="$(/sbin/runlevel | cut -d " " -f 2)"
+
+ case "${RUNLEVEL}" in
+ 0)
+ TEXT="Shutting down system..."
+ ;;
+
+ 6)
+ TEXT="Restarting system..."
+ ;;
+ esac
+
+ /bin/plymouth message --text="${TEXT}"
+
+ /bin/plymouth --show-splash
+ ;;
+ esac
+ ;;
+
+ restart|force-reload)
+
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: plymouth-log
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Should-Start:
+# Should-Stop:
+# Default-Start: S
+# Default-Stop:
+# Short-Description: Inform plymouth that /var/log is writable
+### END INIT INFO
+
+PATH="/sbin:/bin:/usr/sbin:/usr/bin"
+NAME="plymouth-log"
+DESC="Boot splash manager (write log file)"
+
+test -x /bin/plymouth || exit 0
+
+if [ -r "/etc/default/${NAME}" ]
+then
+ . "/etc/default/${NAME}"
+fi
+
+. /lib/lsb/init-functions
+
+set -e
+
+case "${1}" in
+ start)
+ if plymouth --ping
+ then
+ /bin/plymouth update-root-fs --read-write
+ fi
+ ;;
+
+ stop|restart|force-reload)
+
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+set -e
+
+### BEGIN INIT INFO
+# Provides: postgresql
+# Required-Start: $local_fs $remote_fs $network $time
+# Required-Stop: $local_fs $remote_fs $network $time
+# Should-Start: $syslog
+# Should-Stop: $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: PostgreSQL RDBMS server
+### END INIT INFO
+
+# Setting environment variables for the postmaster here does not work; please
+# set them in /etc/postgresql/<version>/<cluster>/environment instead.
+
+[ -r /usr/share/postgresql-common/init.d-functions ] || exit 0
+
+. /usr/share/postgresql-common/init.d-functions
+
+# versions can be specified explicitly
+if [ -n "$2" ]; then
+ versions="$2 $3 $4 $5 $6 $7 $8 $9"
+else
+ get_versions
+fi
+
+case "$1" in
+ start|stop|restart|reload)
+ if [ "$1" = "start" ]; then
+ create_socket_directory
+ fi
+ if [ -z "`pg_lsclusters -h`" ]; then
+ log_warning_msg 'No PostgreSQL clusters exist; see "man pg_createcluster"'
+ exit 0
+ fi
+ for v in $versions; do
+ $1 $v || EXIT=$?
+ done
+ exit ${EXIT:-0}
+ ;;
+ status)
+ LS=`pg_lsclusters -h`
+ # no clusters -> unknown status
+ [ -n "$LS" ] || exit 4
+ echo "$LS" | awk 'BEGIN {rc=0} {if (match($4, "down")) rc=3; printf ("%s/%s (port %s): %s\n", $1, $2, $3, $4)}; END {exit rc}'
+ ;;
+ force-reload)
+ for v in $versions; do
+ reload $v
+ done
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|force-reload|status} [version ..]"
+ exit 1
+ ;;
+esac
+
+exit 0
+
--- /dev/null
+#! /bin/sh
+# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
+if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
+ set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
+fi
+### BEGIN INIT INFO
+# Provides: procps
+# Required-Start: mountkernfs $local_fs
+# Required-Stop:
+# Should-Start: udev module-init-tools
+# X-Start-Before: $network
+# Default-Start: S
+# Default-Stop:
+# Short-Description: Configure kernel parameters at boottime
+# Description: Loads kernel parameters that are specified in /etc/sysctl.conf
+### END INIT INFO
+#
+# written by Elrond <Elrond@Wunder-Nett.org>
+
+DESC="Setting kernel variables"
+DAEMON=/sbin/sysctl
+PIDFILE=none
+
+# Comment this out for sysctl to print every item changed
+QUIET_SYSCTL="-q"
+
+do_start_cmd() {
+ STATUS=0
+ $DAEMON $QUIET_SYSCTL --system || STATUS=$?
+ return $STATUS
+}
+
+do_stop() { return 0; }
+do_status() { return 0; }
--- /dev/null
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: rsyncd
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Should-Start: $named autofs
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: fast remote file copy program daemon
+# Description: rsync is a program that allows files to be copied to and
+# from remote machines in much the same way as rcp.
+# This provides rsyncd daemon functionality.
+### END INIT INFO
+
+set -e
+
+# /etc/init.d/rsync: start and stop the rsync daemon
+
+DAEMON=/usr/bin/rsync
+RSYNC_ENABLE=false
+RSYNC_OPTS=''
+RSYNC_DEFAULTS_FILE=/etc/default/rsync
+RSYNC_CONFIG_FILE=/etc/rsyncd.conf
+RSYNC_PID_FILE=/var/run/rsync.pid
+RSYNC_NICE_PARM=''
+RSYNC_IONICE_PARM=''
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+if [ -s $RSYNC_DEFAULTS_FILE ]; then
+ . $RSYNC_DEFAULTS_FILE
+ case "x$RSYNC_ENABLE" in
+ xtrue|xfalse) ;;
+ xinetd) exit 0
+ ;;
+ *) log_failure_msg "Value of RSYNC_ENABLE in $RSYNC_DEFAULTS_FILE must be either 'true' or 'false';"
+ log_failure_msg "not starting rsync daemon."
+ exit 1
+ ;;
+ esac
+ case "x$RSYNC_NICE" in
+ x[0-9]|x1[0-9]) RSYNC_NICE_PARM="--nicelevel $RSYNC_NICE";;
+ x) ;;
+ *) log_warning_msg "Value of RSYNC_NICE in $RSYNC_DEFAULTS_FILE must be a value between 0 and 19 (inclusive);"
+ log_warning_msg "ignoring RSYNC_NICE now."
+ ;;
+ esac
+ case "x$RSYNC_IONICE" in
+ x-c[123]*) RSYNC_IONICE_PARM="$RSYNC_IONICE";;
+ x) ;;
+ *) log_warning_msg "Value of RSYNC_IONICE in $RSYNC_DEFAULTS_FILE must be -c1, -c2 or -c3;"
+ log_warning_msg "ignoring RSYNC_IONICE now."
+ ;;
+ esac
+fi
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+rsync_start() {
+ if [ ! -s "$RSYNC_CONFIG_FILE" ]; then
+ log_failure_msg "missing or empty config file $RSYNC_CONFIG_FILE"
+ log_end_msg 1
+ exit 0
+ fi
+ # See ionice(1)
+ if [ -n "$RSYNC_IONICE_PARM" ] && [ -x /usr/bin/ionice ] &&
+ /usr/bin/ionice "$RSYNC_IONICE_PARM" true 2>/dev/null; then
+ /usr/bin/ionice "$RSYNC_IONICE_PARM" -p$$ > /dev/null 2>&1
+ fi
+ if start-stop-daemon --start --quiet --background \
+ --pidfile $RSYNC_PID_FILE --make-pidfile \
+ $RSYNC_NICE_PARM --exec $DAEMON \
+ -- --no-detach --daemon --config "$RSYNC_CONFIG_FILE" $RSYNC_OPTS
+ then
+ rc=0
+ sleep 1
+ if ! kill -0 $(cat $RSYNC_PID_FILE) >/dev/null 2>&1; then
+ log_failure_msg "rsync daemon failed to start"
+ rc=1
+ fi
+ else
+ rc=1
+ fi
+ if [ $rc -eq 0 ]; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ rm -f $RSYNC_PID_FILE
+ fi
+} # rsync_start
+
+
+case "$1" in
+ start)
+ if "$RSYNC_ENABLE"; then
+ log_daemon_msg "Starting rsync daemon" "rsync"
+ if [ -s $RSYNC_PID_FILE ] && kill -0 $(cat $RSYNC_PID_FILE) >/dev/null 2>&1; then
+ log_progress_msg "apparently already running"
+ log_end_msg 0
+ exit 0
+ fi
+ rsync_start
+ else
+ if [ -s "$RSYNC_CONFIG_FILE" ]; then
+ [ "$VERBOSE" != no ] && log_warning_msg "rsync daemon not enabled in $RSYNC_DEFAULTS_FILE, not starting..."
+ fi
+ fi
+ ;;
+ stop)
+ log_daemon_msg "Stopping rsync daemon" "rsync"
+ start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile $RSYNC_PID_FILE
+ RETVAL="$?"
+ log_end_msg $RETVAL
+ if [ $RETVAL != 0 ]
+ then
+ exit 1
+ fi
+ rm -f $RSYNC_PID_FILE
+ ;;
+
+ reload|force-reload)
+ log_warning_msg "Reloading rsync daemon: not needed, as the daemon"
+ log_warning_msg "re-reads the config file whenever a client connects."
+ ;;
+
+ restart)
+ set +e
+ if $RSYNC_ENABLE; then
+ log_daemon_msg "Restarting rsync daemon" "rsync"
+ if [ -s $RSYNC_PID_FILE ] && kill -0 $(cat $RSYNC_PID_FILE) >/dev/null 2>&1; then
+ start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile $RSYNC_PID_FILE
+ else
+ log_warning_msg "rsync daemon not running, attempting to start."
+ rm -f $RSYNC_PID_FILE
+ fi
+ rsync_start
+ else
+ if [ -s "$RSYNC_CONFIG_FILE" ]; then
+ [ "$VERBOSE" != no ] && log_warning_msg "rsync daemon not enabled in $RSYNC_DEFAULTS_FILE, not starting..."
+ fi
+ fi
+ ;;
+
+ status)
+ status_of_proc -p $RSYNC_PID_FILE "$DAEMON" rsync
+ exit $? # notreached due to set -e
+ ;;
+ *)
+ echo "Usage: /etc/init.d/rsync {start|stop|reload|force-reload|restart|status}"
+ exit 1
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: rsyslog
+# Required-Start: $remote_fs $time
+# Required-Stop: umountnfs $time
+# X-Stop-After: sendsigs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: enhanced syslogd
+# Description: Rsyslog is an enhanced multi-threaded syslogd.
+# It is quite compatible to stock sysklogd and can be
+# used as a drop-in replacement.
+### END INIT INFO
+
+#
+# Author: Michael Biebl <biebl@debian.org>
+#
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="enhanced syslogd"
+NAME=rsyslog
+
+RSYSLOGD=rsyslogd
+DAEMON=/usr/sbin/rsyslogd
+PIDFILE=/run/rsyslogd.pid
+
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Define LSB log_* functions.
+. /lib/lsb/init-functions
+
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # other if daemon could not be started or a failure occured
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $RSYSLOGD_OPTIONS
+}
+
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # other if daemon could not be stopped or a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON
+}
+
+#
+# Tell rsyslogd to close all open files
+#
+do_rotate() {
+ start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --exec $DAEMON
+}
+
+create_xconsole() {
+ XCONSOLE=/dev/xconsole
+ if [ "$(uname -s)" != "Linux" ]; then
+ XCONSOLE=/run/xconsole
+ ln -sf $XCONSOLE /dev/xconsole
+ fi
+ if [ ! -e $XCONSOLE ]; then
+ mknod -m 640 $XCONSOLE p
+ chown root:adm $XCONSOLE
+ [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE
+ fi
+}
+
+sendsigs_omit() {
+ OMITDIR=/run/sendsigs.omit.d
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/rsyslog
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting $DESC" "$RSYSLOGD"
+ create_xconsole
+ do_start
+ case "$?" in
+ 0) sendsigs_omit
+ log_end_msg 0 ;;
+ 1) log_progress_msg "already started"
+ log_end_msg 0 ;;
+ *) log_end_msg 1 ;;
+ esac
+
+ ;;
+ stop)
+ log_daemon_msg "Stopping $DESC" "$RSYSLOGD"
+ do_stop
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_progress_msg "already stopped"
+ log_end_msg 0 ;;
+ *) log_end_msg 1 ;;
+ esac
+
+ ;;
+ rotate)
+ log_daemon_msg "Closing open files" "$RSYSLOGD"
+ do_rotate
+ log_end_msg $?
+ ;;
+ restart|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ try-restart)
+ $0 status >/dev/null 2>&1 && $0 restart
+ ;;
+ status)
+ status_of_proc -p $PIDFILE $DAEMON $RSYSLOGD && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|try-restart|status}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- /dev/null
+#!/bin/sh
+# $Id: init,v 1.3 2004/03/16 01:43:45 zal Exp $
+#
+# Script to remove stale screen named pipes on bootup.
+#
+
+### BEGIN INIT INFO
+# Provides: screen-cleanup
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Default-Start: S
+# Default-Stop:
+# Short-Description: screen sessions cleaning
+# Description: Cleans up the screen session directory and fixes its
+# permissions if needed.
+### END INIT INFO
+
+set -e
+
+test -f /usr/bin/screen || exit 0
+
+SCREENDIR=/run/screen
+
+case "$1" in
+start)
+ if test -L $SCREENDIR || ! test -d $SCREENDIR; then
+ rm -f $SCREENDIR
+ mkdir $SCREENDIR
+ chown root:utmp $SCREENDIR
+ [ -x /sbin/restorecon ] && /sbin/restorecon $SCREENDIR
+ fi
+ find $SCREENDIR -type p -delete
+# If the local admin has used dpkg-statoverride to install the screen
+# binary with different set[ug]id bits, change the permissions of
+# $SCREENDIR accordingly
+ BINARYPERM=`stat -c%a /usr/bin/screen`
+ if [ "$BINARYPERM" -ge 4000 ]; then
+ chmod 0755 $SCREENDIR
+ elif [ "$BINARYPERM" -ge 2000 ]; then
+ chmod 0775 $SCREENDIR
+ else
+ chmod 1777 $SCREENDIR
+ fi
+ ;;
+stop|restart|reload|force-reload)
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+#
+# smartmontools init.d startup script
+#
+# (C) 2003,04,07 Guido Günther <agx@sigxcpu.org>
+#
+# loosely based on the init script that comes with smartmontools which is
+# copyrighted 2002 by Bruce Allen <smartmontools-support@lists.sourceforge.net>
+#
+### BEGIN INIT INFO
+# Provides: smartmontools
+# Required-Start: $syslog $remote_fs
+# Required-Stop: $syslog $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: SMART monitoring daemon
+### END INIT INFO
+
+SMARTCTL=/usr/sbin/smartctl
+DAEMON=/usr/sbin/smartd
+PIDFILE=/var/run/smartd.pid
+[ -x $SMARTCTL ] || exit 0
+[ -x $DAEMON ] || exit 0
+. /lib/lsb/init-functions
+
+RET=0
+
+[ -r /etc/default/rcS ] && . /etc/default/rcS
+[ -r /etc/default/smartmontools ] && . /etc/default/smartmontools
+
+smartd_opts="--pidfile $PIDFILE $smartd_opts"
+
+enable_smart() {
+ log_action_begin_msg "Enabling S.M.A.R.T."
+ for device in $enable_smart; do
+ log_action_cont_msg "$device"
+ if ! $SMARTCTL --quietmode=errorsonly --smart=on $device; then
+ log_action_cont_msg "(failed)"
+ RET=2
+ fi
+ done
+ log_action_end_msg 0
+}
+
+running_pid()
+{
+ # Check if a given process pid's cmdline matches a given name
+ pid=$1
+ name=$2
+ [ -z "$pid" ] && return 1
+ [ ! -d /proc/$pid ] && return 1
+ cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
+ # Is this the expected child?
+ [ "$cmd" != "$name" ] && return 1
+ return 0
+}
+
+running()
+{
+# Check if the process is running looking at /proc
+# (works for all users)
+ # No pidfile, probably no daemon present
+ [ ! -f "$PIDFILE" ] && return 1
+ # Obtain the pid and check it against the binary name
+ pid=`cat $PIDFILE`
+ running_pid $pid $DAEMON || return 1
+ return 0
+}
+
+case "$1" in
+ start)
+ [ -n "$enable_smart" ] && enable_smart
+ log_daemon_msg "Starting S.M.A.R.T. daemon" "smartd"
+ if running; then
+ log_progress_msg "already running"
+ log_end_msg 0
+ exit 0
+ fi
+ rm -f $PIDFILE
+ if start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --exec $DAEMON -- $smartd_opts; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ RET=1
+ fi
+ ;;
+ stop)
+ log_daemon_msg "Stopping S.M.A.R.T. daemon" "smartd"
+ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
+ log_end_msg 0
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading S.M.A.R.T. daemon" "smartd"
+ if start-stop-daemon --stop --quiet --signal 1 \
+ --pidfile $PIDFILE; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ RET=1
+ fi
+ ;;
+ restart)
+ log_daemon_msg "Restarting S.M.A.R.T. daemon" "smartd"
+ start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile $PIDFILE
+ rm -f $PIDFILE
+ if start-stop-daemon --start --quiet --pidfile $PIDFILE \
+ --exec $DAEMON -- $smartd_opts; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ RET=1
+ fi
+ ;;
+ status)
+ status_of_proc $DAEMON smartd && exit 0 || exit $?
+ ;;
+ *)
+ echo "Usage: /etc/init.d/smartmontools {start|stop|restart|reload|force-reload|status}"
+ exit 1
+esac
+
+exit $RET
--- /dev/null
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides: sshd
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: OpenBSD Secure Shell server
+### END INIT INFO
+
+set -e
+
+# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
+
+test -x /usr/sbin/sshd || exit 0
+( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
+
+umask 022
+
+if test -f /etc/default/ssh; then
+ . /etc/default/ssh
+fi
+
+. /lib/lsb/init-functions
+
+if [ -n "$2" ]; then
+ SSHD_OPTS="$SSHD_OPTS $2"
+fi
+
+# Are we running from init?
+run_by_init() {
+ ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
+}
+
+check_for_no_start() {
+ # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
+ if [ -e /etc/ssh/sshd_not_to_be_run ]; then
+ if [ "$1" = log_end_msg ]; then
+ log_end_msg 0 || true
+ fi
+ if ! run_by_init; then
+ log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" || true
+ fi
+ exit 0
+ fi
+}
+
+check_dev_null() {
+ if [ ! -c /dev/null ]; then
+ if [ "$1" = log_end_msg ]; then
+ log_end_msg 1 || true
+ fi
+ if ! run_by_init; then
+ log_action_msg "/dev/null is not a character device!" || true
+ fi
+ exit 1
+ fi
+}
+
+check_privsep_dir() {
+ # Create the PrivSep empty dir if necessary
+ if [ ! -d /run/sshd ]; then
+ mkdir /run/sshd
+ chmod 0755 /run/sshd
+ fi
+}
+
+check_config() {
+ if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
+ /usr/sbin/sshd $SSHD_OPTS -t || exit 1
+ fi
+}
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+case "$1" in
+ start)
+ check_privsep_dir
+ check_for_no_start
+ check_dev_null
+ log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd" || true
+ if start-stop-daemon --start --quiet --oknodo --chuid 0:0 --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0 || true
+ else
+ log_end_msg 1 || true
+ fi
+ ;;
+ stop)
+ log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd" || true
+ if start-stop-daemon --stop --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd; then
+ log_end_msg 0 || true
+ else
+ log_end_msg 1 || true
+ fi
+ ;;
+
+ reload|force-reload)
+ check_for_no_start
+ check_config
+ log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd" || true
+ if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /run/sshd.pid --exec /usr/sbin/sshd; then
+ log_end_msg 0 || true
+ else
+ log_end_msg 1 || true
+ fi
+ ;;
+
+ restart)
+ check_privsep_dir
+ check_config
+ log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
+ start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /run/sshd.pid --exec /usr/sbin/sshd
+ check_for_no_start log_end_msg
+ check_dev_null log_end_msg
+ if start-stop-daemon --start --quiet --oknodo --chuid 0:0 --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0 || true
+ else
+ log_end_msg 1 || true
+ fi
+ ;;
+
+ try-restart)
+ check_privsep_dir
+ check_config
+ log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true
+ RET=0
+ start-stop-daemon --stop --quiet --retry 30 --pidfile /run/sshd.pid --exec /usr/sbin/sshd || RET="$?"
+ case $RET in
+ 0)
+ # old daemon stopped
+ check_for_no_start log_end_msg
+ check_dev_null log_end_msg
+ if start-stop-daemon --start --quiet --oknodo --chuid 0:0 --pidfile /run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0 || true
+ else
+ log_end_msg 1 || true
+ fi
+ ;;
+ 1)
+ # daemon not running
+ log_progress_msg "(not running)" || true
+ log_end_msg 0 || true
+ ;;
+ *)
+ # failed to stop
+ log_progress_msg "(failed to stop)" || true
+ log_end_msg 1 || true
+ ;;
+ esac
+ ;;
+
+ status)
+ status_of_proc -p /run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $?
+ ;;
+
+ *)
+ log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}" || true
+ exit 1
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+# vim:ft=sh:et
+### BEGIN INIT INFO
+# Provides: sysstat
+# Required-Start: $remote_fs $local_fs $syslog
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Start/stop sysstat's sadc
+# Description: Sysstat contains system performance tools for Linux
+# The init file runs the sadc command in order to write
+# the "LINUX RESTART" mark to the daily data file
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/lib/sysstat/debian-sa1
+NAME=sadc
+DESC="the system activity data collector"
+
+test -f "$DAEMON" || exit 0
+umask 022
+
+# our configuration file
+DEFAULT=/etc/default/sysstat
+
+# default setting...
+ENABLED="false"
+
+# ...overridden in the configuration file
+test -r "$DEFAULT" && . "$DEFAULT"
+
+set -e
+status=0
+
+. /lib/lsb/init-functions
+
+case "$1" in
+ start|restart|reload|force-reload)
+ if [ "$ENABLED" = "true" ] ; then
+ log_daemon_msg "Starting $DESC" "$NAME"
+ start-stop-daemon --start --quiet --exec $DAEMON -- --boot || status=$?
+ log_end_msg $status
+ fi
+ ;;
+ stop)
+ ;;
+ status)
+ if [ "$ENABLED" = "true" ] ; then
+ log_success_msg "sadc cron jobs are enabled"
+ exit 0
+ else
+ log_failure_msg "sadc cron jobs are disabled"
+ exit 3
+ fi
+ ;;
+ *)
+ log_failure_msg "Usage: $0 {start|stop|restart|reload|force-reload|status}"
+ exit 1
+ ;;
+esac
+
+exit $status
--- /dev/null
+#!/bin/sh -e
+### BEGIN INIT INFO
+# Provides: udev
+# Required-Start: mountkernfs
+# Required-Stop: umountroot
+# Default-Start: S
+# Default-Stop: 0 6
+# Short-Description: Start systemd-udevd, populate /dev and load drivers.
+### END INIT INFO
+
+PATH="/sbin:/bin"
+NAME="systemd-udevd"
+DAEMON="/lib/systemd/systemd-udevd"
+DESC="hotplug events dispatcher"
+PIDFILE="/run/udev.pid"
+CTRLFILE="/run/udev/control"
+OMITDIR="/run/sendsigs.omit.d"
+
+# we need to unmount /dev/pts/ and remount it later over the devtmpfs
+unmount_devpts() {
+ if mountpoint -q /dev/pts/; then
+ umount -n -l /dev/pts/
+ fi
+
+ if mountpoint -q /dev/shm/; then
+ umount -n -l /dev/shm/
+ fi
+}
+
+# mount a devtmpfs over /dev, if somebody did not already do it
+mount_devtmpfs() {
+ if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev
+ return
+ fi
+
+ if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+ fi
+
+ return 0
+}
+
+create_dev_makedev() {
+ if [ -e /sbin/MAKEDEV ]; then
+ ln -sf /sbin/MAKEDEV /dev/MAKEDEV
+ else
+ ln -sf /bin/true /dev/MAKEDEV
+ fi
+}
+
+# shell version of /usr/bin/tty
+my_tty() {
+ [ -x /bin/readlink ] || return 0
+ [ -e /proc/self/fd/0 ] || return 0
+ readlink --silent /proc/self/fd/0 || true
+}
+
+warn_if_interactive() {
+ if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
+ return
+ fi
+
+ TTY=$(my_tty)
+ if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
+ return
+ fi
+
+ printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
+ printf "has been run from an interactive shell.\n"
+ printf "It will probably not do what you expect, so this script will wait\n"
+ printf "60 seconds before continuing. Press ^C to stop it.\n"
+ printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
+ sleep 60
+}
+
+make_static_nodes() {
+ [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0
+ [ -x /bin/kmod ] || return 0
+
+ /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \
+ while read type name mode uid gid age arg; do
+ [ -e $name ] && continue
+ case "$type" in
+ c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;;
+ d|d!) mkdir $name ;;
+ *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;;
+ esac
+
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $name
+ fi
+ done
+}
+
+
+##############################################################################
+
+
+[ -x $DAEMON ] || exit 0
+
+# defaults
+tmpfs_size="10M"
+
+if [ -e /etc/udev/udev.conf ]; then
+ . /etc/udev/udev.conf
+fi
+
+. /lib/lsb/init-functions
+
+if [ ! -e /proc/filesystems ]; then
+ log_failure_msg "udev requires a mounted procfs, not started"
+ log_end_msg 1
+fi
+
+if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+fi
+
+if [ ! -d /sys/class/ ]; then
+ log_failure_msg "udev requires a mounted sysfs, not started"
+ log_end_msg 1
+fi
+
+if [ ! -w /sys ]; then
+ log_warning_msg "udev does not support containers, not started"
+ exit 0
+fi
+
+if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \
+ [ -e /sys/block -a ! -e /sys/class/block ]; then
+ log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected"
+ log_warning_msg "Booting will continue in 30 seconds but many things will be broken"
+ sleep 30
+fi
+
+# When modifying this script, do not forget that between the time that the
+# new /dev has been mounted and udevadm trigger has been run there will be
+# no /dev/null. This also means that you cannot use the "&" shell command.
+
+case "$1" in
+ start)
+ if [ ! -e "/run/udev/" ]; then
+ warn_if_interactive
+ fi
+
+ if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+ fi
+
+ if ! mountpoint -q /dev/; then
+ unmount_devpts
+ mount_devtmpfs
+ [ -d /proc/1 ] || mount -n /proc
+ fi
+
+ make_static_nodes
+
+ # clean up parts of the database created by the initramfs udev
+ udevadm info --cleanup-db
+
+ # set the SELinux context for devices created in the initramfs
+ [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \
+ --notify-await; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_warning_msg $?
+ log_warning_msg "Waiting 15 seconds and trying to continue anyway"
+ sleep 15
+ fi
+
+ log_action_begin_msg "Synthesizing the initial hotplug events (subsystems)"
+ if udevadm trigger --type=subsystems --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+ log_action_begin_msg "Synthesizing the initial hotplug events (devices)"
+ if udevadm trigger --type=devices --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+
+ create_dev_makedev
+
+ # wait for the systemd-udevd childs to finish
+ log_action_begin_msg "Waiting for /dev to be fully populated"
+ if udevadm settle; then
+ log_action_end_msg 0
+ else
+ log_action_end_msg 0 'timeout'
+ fi
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ restart)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $? || true
+ fi
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \
+ --notify-await; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ reload|force-reload)
+ udevadm control --reload-rules
+ ;;
+
+ status)
+ status_of_proc $DAEMON $NAME && exit 0 || exit $?
+ ;;
+
+ *)
+ echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: ufw
+# Required-Start: $local_fs
+# Required-Stop: $local_fs
+# Default-Start: S
+# Default-Stop: 1
+# Short-Description: start firewall
+# Description: Start ufw firewall
+### END INIT INFO
+
+set -e
+
+PATH="/sbin:/bin"
+
+[ -d /lib/ufw ] || exit 0
+
+. /lib/lsb/init-functions
+
+for s in "/lib/ufw/ufw-init-functions" "/etc/ufw/ufw.conf" "/etc/default/ufw" ; do
+ if [ -s "$s" ]; then
+ . "$s"
+ else
+ log_failure_msg "Could not find $s (aborting)"
+ exit 1
+ fi
+done
+
+error=0
+case "$1" in
+start)
+ if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
+ log_action_begin_msg "Starting firewall:" "ufw"
+ output=`ufw_start` || error="$?"
+ if [ "$error" = "0" ]; then
+ log_action_cont_msg "Setting kernel variables ($IPT_SYSCTL)"
+ fi
+ if [ ! -z "$output" ]; then
+ echo "$output" | while read line ; do
+ log_action_cont_msg "$line"
+ done
+ fi
+ else
+ log_action_begin_msg "Skip starting firewall:" "ufw (not enabled)"
+ fi
+ log_action_end_msg $error
+ exit $error
+ ;;
+stop)
+ if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
+ log_action_begin_msg "Stopping firewall:" "ufw"
+ output=`ufw_stop` || error="$?"
+ if [ ! -z "$output" ]; then
+ log_action_cont_msg "$output"
+ fi
+ else
+ log_action_begin_msg "Skip stopping firewall:" "ufw (not enabled)"
+ fi
+ log_action_end_msg $error
+ exit $error
+ ;;
+restart|force-reload)
+ log_action_begin_msg "Reloading firewall:" "ufw"
+ output=`ufw_reload` || error="$?"
+ if [ ! -z "$output" ]; then
+ log_action_cont_msg "$output"
+ fi
+ log_action_end_msg $error
+ exit $error
+ ;;
+status)
+ output=`ufw_status` || error="$?"
+ if [ ! -z "$output" ]; then
+ log_action_cont_msg "$output"
+ fi
+ log_action_end_msg $error
+ exit $error
+ ;;
+*)
+ echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh
+#
+### BEGIN INIT INFO
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Provides: unattended-upgrade-shutdown-check
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 6
+# Short-Description: Check if unattended upgrades are being applied
+# Description: Check if unattended upgrades are being applied
+# and wait for them to finish
+### END INIT INFO
+set -e
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+NAME="unattended-upgrades-shutdown"
+DESC="unattended package upgrades shutdown"
+SCRIPTNAME="/etc/init.d/$NAME"
+SHUTDOWN_HELPER="/usr/share/unattended-upgrades/unattended-upgrade-shutdown"
+
+if [ -x /usr/bin/python3 ]; then
+ PYTHON=python3
+else
+ PYTHON=python
+fi
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+. /lib/lsb/init-functions
+
+case "$1" in
+start|restart|force-reload|status)
+ # nothing, just to keep update-rc.d happy (see debian #630732)
+ ;;
+stop)
+ if [ -e $SHUTDOWN_HELPER ]; then
+ [ "$VERBOSE" != "no" ] && log_action_begin_msg "Checking for running $DESC"
+ $PYTHON $SHUTDOWN_HELPER
+ [ "$VERBOSE" != "no" ] && log_action_end_msg $? "$NAME"
+ fi
+ ;;
+*)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+:
--- /dev/null
+#! /bin/sh -e
+### BEGIN INIT INFO
+# Provides: uuidd
+# Required-Start: $time $local_fs $remote_fs
+# Required-Stop: $time $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: uuidd daemon
+# Description: Init script for the uuid generation daemon
+### END INIT INFO
+#
+# Author: "Theodore Ts'o" <tytso@mit.edu>
+#
+set -e
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAEMON=/usr/sbin/uuidd
+UUIDD_USER=uuidd
+UUIDD_GROUP=uuidd
+UUIDD_DIR=/run/uuidd
+PIDFILE=$UUIDD_DIR/uuidd.pid
+
+test -x $DAEMON || exit 0
+
+. /lib/lsb/init-functions
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting uuid generator" "uuidd"
+ if ! test -d $UUIDD_DIR; then
+ mkdir -p $UUIDD_DIR
+ chown -R $UUIDD_USER:$UUIDD_GROUP $UUIDD_DIR
+ fi
+ start_daemon -p $PIDFILE $DAEMON
+ log_end_msg $?
+ ;;
+ stop)
+ log_daemon_msg "Stopping uuid generator" "uuidd"
+ killproc -p $PIDFILE $DAEMON
+ log_end_msg $?
+ ;;
+ status)
+ if pidofproc -p $PIDFILE $DAEMON >/dev/null 2>&1; then
+ echo "$DAEMON is running";
+ exit 0;
+ else
+ echo "$DAEMON is NOT running";
+ if test -f $PIDFILE; then exit 2; fi
+ exit 3;
+ fi
+ ;;
+ force-reload|restart)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: /etc/init.d/uuidd {start|stop|restart|force-reload}"
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#
+# initramfs.conf
+# Configuration file for mkinitramfs(8). See initramfs.conf(5).
+#
+# Note that configuration options from this file can be overridden
+# by config files in the /etc/initramfs-tools/conf.d directory.
+
+#
+# MODULES: [ most | netboot | dep | list ]
+#
+# most - Add most filesystem and all harddrive drivers.
+#
+# dep - Try and guess which modules to load.
+#
+# netboot - Add the base modules, network modules, but skip block devices.
+#
+# list - Only include modules from the 'additional modules' list
+#
+
+MODULES=most
+
+#
+# BUSYBOX: [ y | n | auto ]
+#
+# Use busybox shell and utilities. If set to n, klibc utilities will be used.
+# If set to auto (or unset), busybox will be used if installed and klibc will
+# be used otherwise.
+#
+
+BUSYBOX=auto
+
+#
+# COMPCACHE_SIZE: [ "x K" | "x M" | "x G" | "x %" ]
+#
+# Amount of RAM to use for RAM-based compressed swap space.
+#
+# An empty value - compcache isn't used, or added to the initramfs at all.
+# An integer and K (e.g. 65536 K) - use a number of kilobytes.
+# An integer and M (e.g. 256 M) - use a number of megabytes.
+# An integer and G (e.g. 1 G) - use a number of gigabytes.
+# An integer and % (e.g. 50 %) - use a percentage of the amount of RAM.
+#
+# You can optionally install the compcache package to configure this setting
+# via debconf and have userspace scripts to load and unload compcache.
+#
+
+COMPCACHE_SIZE=""
+
+#
+# COMPRESS: [ gzip | bzip2 | lz4 | lzma | lzop | xz ]
+#
+
+COMPRESS=lz4
+
+#
+# NFS Section of the config.
+#
+
+#
+# DEVICE: ...
+#
+# Specify a specific network interface, like eth0
+# Overridden by optional ip= or BOOTIF= bootarg
+#
+
+DEVICE=
+
+#
+# NFSROOT: [ auto | HOST:MOUNT ]
+#
+
+NFSROOT=auto
+
+#
+# RUNSIZE: ...
+#
+# The size of the /run tmpfs mount point, like 256M or 10%
+# Overridden by optional initramfs.runsize= bootarg
+#
+
+RUNSIZE=10%
--- /dev/null
+# List of modules that you want to include in your initramfs.
+# They will be loaded at boot time in the order below.
+#
+# Syntax: module_name [args ...]
+#
+# You must run update-initramfs(8) to effect this change.
+#
+# Examples:
+#
+# raid1
+# sd_mod
--- /dev/null
+#
+# Configuration file for update-initramfs(8)
+#
+
+#
+# update_initramfs [ yes | all | no ]
+#
+# Default is yes
+# If set to all update-initramfs will update all initramfs
+# If set to no disables any update to initramfs beside kernel upgrade
+
+update_initramfs=yes
+
+#
+# backup_initramfs [ yes | no ]
+#
+# Default is no
+# If set to no leaves no .bak backup files.
+
+backup_initramfs=no
--- /dev/null
+# /etc/inputrc - global inputrc for libreadline
+# See readline(3readline) and `info rluserman' for more information.
+
+# Be 8 bit clean.
+set input-meta on
+set output-meta on
+
+# To allow the use of 8bit-characters like the german umlauts, uncomment
+# the line below. However this makes the meta key not work as a meta key,
+# which is annoying to those which don't need to type in 8-bit characters.
+
+# set convert-meta off
+
+# try to enable the application keypad when it is called. Some systems
+# need this to enable the arrow keys.
+# set enable-keypad on
+
+# see /usr/share/doc/bash/inputrc.arrows for other codes of arrow keys
+
+# do not bell on tab-completion
+# set bell-style none
+# set bell-style visible
+
+# some defaults / modifications for the emacs mode
+$if mode=emacs
+
+# allow the use of the Home/End keys
+"\e[1~": beginning-of-line
+"\e[4~": end-of-line
+
+# allow the use of the Delete/Insert keys
+"\e[3~": delete-char
+"\e[2~": quoted-insert
+
+# mappings for "page up" and "page down" to step to the beginning/end
+# of the history
+# "\e[5~": beginning-of-history
+# "\e[6~": end-of-history
+
+# alternate mappings for "page up" and "page down" to search the history
+# "\e[5~": history-search-backward
+# "\e[6~": history-search-forward
+
+# mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
+"\e[1;5C": forward-word
+"\e[1;5D": backward-word
+"\e[5C": forward-word
+"\e[5D": backward-word
+"\e\e[C": forward-word
+"\e\e[D": backward-word
+
+$if term=rxvt
+"\e[7~": beginning-of-line
+"\e[8~": end-of-line
+"\eOc": forward-word
+"\eOd": backward-word
+$endif
+
+# for non RH/Debian xterm, can't hurt for RH/Debian xterm
+# "\eOH": beginning-of-line
+# "\eOF": end-of-line
+
+# for freebsd console
+# "\e[H": beginning-of-line
+# "\e[F": end-of-line
+
+$endif
--- /dev/null
+#
+# subpath mappings from mount point for pinning
+#
+#3 tracing
+#4 foo/bar
+#5 tc/cls1
--- /dev/null
+# lookup table for ematch kinds
+1 cmp
+2 nbyte
+3 u32
+4 meta
+7 canid
+8 ipset
+9 ipt
--- /dev/null
+# device group names
+0 default
--- /dev/null
+# Netlink protocol names mapping
+
+0 rtnl
+1 unused
+2 usersock
+3 fw
+4 tcpdiag
+5 nflog
+6 xfrm
+7 selinux
+8 iscsi
+9 audit
+10 fiblookup
+11 connector
+12 nft
+13 ip6fw
+14 dec-rt
+15 uevent
+16 genl
+18 scsi-trans
+19 ecryptfs
+20 rdma
+21 crypto
--- /dev/null
+# Differentiated field values
+# These include the DSCP and unused bits
+0x0 default
+# Newer RFC2597 values
+0x28 AF11
+0x30 AF12
+0x38 AF13
+0x48 AF21
+0x50 AF22
+0x58 AF23
+0x68 AF31
+0x70 AF32
+0x78 AF33
+0x88 AF41
+0x90 AF42
+0x98 AF43
+# Older values RFC2474
+0x20 CS1
+0x40 CS2
+0x60 CS3
+0x80 CS4
+0xA0 CS5
+0xC0 CS6
+0xE0 CS7
+# RFC 2598
+0xB8 EF
--- /dev/null
+#
+# Reserved protocols.
+#
+0 unspec
+1 redirect
+2 kernel
+3 boot
+4 static
+8 gated
+9 ra
+10 mrt
+11 zebra
+12 bird
+13 dnrouted
+14 xorp
+15 ntk
+16 dhcp
+42 babel
+186 bgp
+187 isis
+188 ospf
+189 rip
+192 eigrp
--- /dev/null
+Each file in this directory is an rt_protos configuration file. iproute2
+commands scan this directory processing all files that end in '.conf'.
--- /dev/null
+#
+# reserved values
+#
+0 cosmos
+#
+# local
+#
+#1 inr.ac
+#2 inr.ruhep
+#3 freenet
+#4 radio-msu
+#5 russia
+#6 internet
--- /dev/null
+#
+# reserved values
+#
+0 global
+255 nowhere
+254 host
+253 link
+#
+# pseudo-reserved
+#
+200 site
--- /dev/null
+#
+# reserved values
+#
+255 local
+254 main
+253 default
+0 unspec
+#
+# local
+#
+#1 inr.ruhep
--- /dev/null
+Each file in this directory is an rt_tables configuration file. iproute2
+commands scan this directory processing all files that end in '.conf'.
--- /dev/null
+## DO NOT EDIT OR REMOVE THIS FILE!
+## If you remove this file, the iSCSI daemon will not start.
+## If you change the InitiatorName, existing access control lists
+## may reject this initiator. The InitiatorName must be unique
+## for each iSCSI initiator. Do NOT duplicate iSCSI InitiatorNames.
+InitiatorName=iqn.1993-08.org.debian:01:af5bf2af245
--- /dev/null
+#
+# Open-iSCSI default configuration.
+# Could be located at /etc/iscsi/iscsid.conf or ~/.iscsid.conf
+#
+# Note: To set any of these values for a specific node/session run
+# the iscsiadm --mode node --op command for the value. See the README
+# and man page for iscsiadm for details on the --op command.
+#
+
+######################
+# iscsid daemon config
+######################
+# If you want iscsid to start the first time an iscsi tool
+# needs to access it, instead of starting it when the init
+# scripts run, set the iscsid startup command here. This
+# should normally only need to be done by distro package
+# maintainers.
+#
+# Default for Fedora and RHEL. (uncomment to activate).
+# iscsid.startup = /etc/rc.d/init.d/iscsid force-start
+iscsid.startup = /bin/systemctl start iscsid.socket
+#
+# Default for upstream open-iscsi scripts (uncomment to activate).
+# iscsid.startup = /sbin/iscsid
+
+# Check for active mounts on devices reachable through a session
+# and refuse to logout if there are any. Defaults to "No".
+# iscsid.safe_logout = Yes
+
+#############################
+# NIC/HBA and driver settings
+#############################
+# open-iscsi can create a session and bind it to a NIC/HBA.
+# To set this up see the example iface config file.
+
+#*****************
+# Startup settings
+#*****************
+
+# To request that the iscsi initd scripts startup a session set to "automatic".
+# node.startup = automatic
+#
+# To manually startup the session set to "manual". The default is manual.
+node.startup = manual
+
+# For "automatic" startup nodes, setting this to "Yes" will try logins on each
+# available iface until one succeeds, and then stop. The default "No" will try
+# logins on all available ifaces simultaneously.
+node.leading_login = No
+
+# *************
+# CHAP Settings
+# *************
+
+# To enable CHAP authentication set node.session.auth.authmethod
+# to CHAP. The default is None.
+#node.session.auth.authmethod = CHAP
+
+# To set a CHAP username and password for initiator
+# authentication by the target(s), uncomment the following lines:
+#node.session.auth.username = username
+#node.session.auth.password = password
+
+# To set a CHAP username and password for target(s)
+# authentication by the initiator, uncomment the following lines:
+#node.session.auth.username_in = username_in
+#node.session.auth.password_in = password_in
+
+# To enable CHAP authentication for a discovery session to the target
+# set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
+#discovery.sendtargets.auth.authmethod = CHAP
+
+# To set a discovery session CHAP username and password for the initiator
+# authentication by the target(s), uncomment the following lines:
+#discovery.sendtargets.auth.username = username
+#discovery.sendtargets.auth.password = password
+
+# To set a discovery session CHAP username and password for target(s)
+# authentication by the initiator, uncomment the following lines:
+#discovery.sendtargets.auth.username_in = username_in
+#discovery.sendtargets.auth.password_in = password_in
+
+# ********
+# Timeouts
+# ********
+#
+# See the iSCSI README's Advanced Configuration section for tips
+# on setting timeouts when using multipath or doing root over iSCSI.
+#
+# To specify the length of time to wait for session re-establishment
+# before failing SCSI commands back to the application when running
+# the Linux SCSI Layer error handler, edit the line.
+# The value is in seconds and the default is 120 seconds.
+# Special values:
+# - If the value is 0, IO will be failed immediately.
+# - If the value is less than 0, IO will remain queued until the session
+# is logged back in, or until the user runs the logout command.
+node.session.timeo.replacement_timeout = 120
+
+# To specify the time to wait for login to complete, edit the line.
+# The value is in seconds and the default is 15 seconds.
+node.conn[0].timeo.login_timeout = 15
+
+# To specify the time to wait for logout to complete, edit the line.
+# The value is in seconds and the default is 15 seconds.
+node.conn[0].timeo.logout_timeout = 15
+
+# Time interval to wait for on connection before sending a ping.
+node.conn[0].timeo.noop_out_interval = 5
+
+# To specify the time to wait for a Nop-out response before failing
+# the connection, edit this line. Failing the connection will
+# cause IO to be failed back to the SCSI layer. If using dm-multipath
+# this will cause the IO to be failed to the multipath layer.
+node.conn[0].timeo.noop_out_timeout = 5
+
+# To specify the time to wait for abort response before
+# failing the operation and trying a logical unit reset edit the line.
+# The value is in seconds and the default is 15 seconds.
+node.session.err_timeo.abort_timeout = 15
+
+# To specify the time to wait for a logical unit response
+# before failing the operation and trying session re-establishment
+# edit the line.
+# The value is in seconds and the default is 30 seconds.
+node.session.err_timeo.lu_reset_timeout = 30
+
+# To specify the time to wait for a target response
+# before failing the operation and trying session re-establishment
+# edit the line.
+# The value is in seconds and the default is 30 seconds.
+node.session.err_timeo.tgt_reset_timeout = 30
+
+
+#******
+# Retry
+#******
+
+# To specify the number of times iscsid should retry a login
+# if the login attempt fails due to the node.conn[0].timeo.login_timeout
+# expiring modify the following line. Note that if the login fails
+# quickly (before node.conn[0].timeo.login_timeout fires) because the network
+# layer or the target returns an error, iscsid may retry the login more than
+# node.session.initial_login_retry_max times.
+#
+# This retry count along with node.conn[0].timeo.login_timeout
+# determines the maximum amount of time iscsid will try to
+# establish the initial login. node.session.initial_login_retry_max is
+# multiplied by the node.conn[0].timeo.login_timeout to determine the
+# maximum amount.
+#
+# The default node.session.initial_login_retry_max is 8 and
+# node.conn[0].timeo.login_timeout is 15 so we have:
+#
+# node.conn[0].timeo.login_timeout * node.session.initial_login_retry_max =
+# 120 seconds
+#
+# Valid values are any integer value. This only
+# affects the initial login. Setting it to a high value can slow
+# down the iscsi service startup. Setting it to a low value can
+# cause a session to not get logged into, if there are distuptions
+# during startup or if the network is not ready at that time.
+node.session.initial_login_retry_max = 8
+
+################################
+# session and device queue depth
+################################
+
+# To control how many commands the session will queue set
+# node.session.cmds_max to an integer between 2 and 2048 that is also
+# a power of 2. The default is 128.
+node.session.cmds_max = 128
+
+# To control the device's queue depth set node.session.queue_depth
+# to a value between 1 and 1024. The default is 32.
+node.session.queue_depth = 32
+
+##################################
+# MISC SYSTEM PERFORMANCE SETTINGS
+##################################
+
+# For software iscsi (iscsi_tcp) and iser (ib_iser) each session
+# has a thread used to transmit or queue data to the hardware. For
+# cxgb3i you will get a thread per host.
+#
+# Setting the thread's priority to a lower value can lead to higher throughput
+# and lower latencies. The lowest value is -20. Setting the priority to
+# a higher value, can lead to reduced IO performance, but if you are seeing
+# the iscsi or scsi threads dominate the use of the CPU then you may want
+# to set this value higher.
+#
+# Note: For cxgb3i you must set all sessions to the same value, or the
+# behavior is not defined.
+#
+# The default value is -20. The setting must be between -20 and 20.
+node.session.xmit_thread_priority = -20
+
+
+#***************
+# iSCSI settings
+#***************
+
+# To enable R2T flow control (i.e., the initiator must wait for an R2T
+# command before sending any data), uncomment the following line:
+#
+#node.session.iscsi.InitialR2T = Yes
+#
+# To disable R2T flow control (i.e., the initiator has an implied
+# initial R2T of "FirstBurstLength" at offset 0), uncomment the following line:
+#
+# The defaults is No.
+node.session.iscsi.InitialR2T = No
+
+#
+# To disable immediate data (i.e., the initiator does not send
+# unsolicited data with the iSCSI command PDU), uncomment the following line:
+#
+#node.session.iscsi.ImmediateData = No
+#
+# To enable immediate data (i.e., the initiator sends unsolicited data
+# with the iSCSI command packet), uncomment the following line:
+#
+# The default is Yes
+node.session.iscsi.ImmediateData = Yes
+
+# To specify the maximum number of unsolicited data bytes the initiator
+# can send in an iSCSI PDU to a target, edit the following line.
+#
+# The value is the number of bytes in the range of 512 to (2^24-1) and
+# the default is 262144
+node.session.iscsi.FirstBurstLength = 262144
+
+# To specify the maximum SCSI payload that the initiator will negotiate
+# with the target for, edit the following line.
+#
+# The value is the number of bytes in the range of 512 to (2^24-1) and
+# the defauls it 16776192
+node.session.iscsi.MaxBurstLength = 16776192
+
+# To specify the maximum number of data bytes the initiator can receive
+# in an iSCSI PDU from a target, edit the following line.
+#
+# The value is the number of bytes in the range of 512 to (2^24-1) and
+# the default is 262144
+node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
+
+# To specify the maximum number of data bytes the initiator will send
+# in an iSCSI PDU to the target, edit the following line.
+#
+# The value is the number of bytes in the range of 512 to (2^24-1).
+# Zero is a special case. If set to zero, the initiator will use
+# the target's MaxRecvDataSegmentLength for the MaxXmitDataSegmentLength.
+# The default is 0.
+node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
+
+# To specify the maximum number of data bytes the initiator can receive
+# in an iSCSI PDU from a target during a discovery session, edit the
+# following line.
+#
+# The value is the number of bytes in the range of 512 to (2^24-1) and
+# the default is 32768
+#
+discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
+
+# To allow the targets to control the setting of the digest checking,
+# with the initiator requesting a preference of enabling the checking, uncomment# one or both of the following lines:
+#node.conn[0].iscsi.HeaderDigest = CRC32C,None
+#node.conn[0].iscsi.DataDigest = CRC32C,None
+#
+# To allow the targets to control the setting of the digest checking,
+# with the initiator requesting a preference of disabling the checking,
+# uncomment one or both of the following lines:
+#node.conn[0].iscsi.HeaderDigest = None,CRC32C
+#node.conn[0].iscsi.DataDigest = None,CRC32C
+#
+# To enable CRC32C digest checking for the header and/or data part of
+# iSCSI PDUs, uncomment one or both of the following lines:
+#node.conn[0].iscsi.HeaderDigest = CRC32C
+#node.conn[0].iscsi.DataDigest = CRC32C
+#
+# To disable digest checking for the header and/or data part of
+# iSCSI PDUs, uncomment one or both of the following lines:
+#node.conn[0].iscsi.HeaderDigest = None
+#node.conn[0].iscsi.DataDigest = None
+#
+# The default is to never use DataDigests or HeaderDigests.
+#
+
+# For multipath configurations, you may want more than one session to be
+# created on each iface record. If node.session.nr_sessions is greater
+# than 1, performing a 'login' for that node will ensure that the
+# appropriate number of sessions is created.
+node.session.nr_sessions = 1
+
+#************
+# Workarounds
+#************
+
+# Some targets like IET prefer after an initiator has sent a task
+# management function like an ABORT TASK or LOGICAL UNIT RESET, that
+# it does not respond to PDUs like R2Ts. To enable this behavior uncomment
+# the following line (The default behavior is Yes):
+node.session.iscsi.FastAbort = Yes
+
+# Some targets like Equalogic prefer that after an initiator has sent
+# a task management function like an ABORT TASK or LOGICAL UNIT RESET, that
+# it continue to respond to R2Ts. To enable this uncomment this line
+# node.session.iscsi.FastAbort = No
+
+# To prevent doing automatic scans that would add unwanted luns to the system
+# we can disable them and have sessions only do manually requested scans.
+# Automatic scans are performed on startup, on login, and on AEN/AER reception
+# on devices supporting it. For HW drivers all sessions will use the value
+# defined in the configuration file. This configuration option is independent
+# of scsi_mod scan parameter. (The default behavior is auto):
+node.session.scan = auto
--- /dev/null
+Ubuntu 20.04.4 LTS \n \l
+
--- /dev/null
+Ubuntu 20.04.4 LTS
--- /dev/null
+#!/bin/sh -e
+
+version="$1"
+bootopt=""
+
+command -v update-initramfs >/dev/null 2>&1 || exit 0
+
+# passing the kernel version is required
+if [ -z "${version}" ]; then
+ echo >&2 "W: initramfs-tools: ${DPKG_MAINTSCRIPT_PACKAGE:-kernel package} did not pass a version number"
+ exit 2
+fi
+
+# exit if kernel does not need an initramfs
+if [ "$INITRD" = 'No' ]; then
+ exit 0
+fi
+
+# absolute file name of kernel image may be passed as a second argument;
+# create the initrd in the same directory
+if [ -n "$2" ]; then
+ bootdir=$(dirname "$2")
+ bootopt="-b ${bootdir}"
+fi
+
+# avoid running multiple times
+if [ -n "$DEB_MAINT_PARAMS" ]; then
+ eval set -- "$DEB_MAINT_PARAMS"
+ if [ -z "$1" ] || [ "$1" != "configure" ]; then
+ exit 0
+ fi
+fi
+
+# we're good - create initramfs. update runs do_bootloader
+# shellcheck disable=SC2086
+INITRAMFS_TOOLS_KERNEL_HOOK=1 update-initramfs -c -k "${version}" ${bootopt} >&2
--- /dev/null
+#!/bin/sh
+
+case "$DPKG_MAINTSCRIPT_PACKAGE::$DPKG_MAINTSCRIPT_NAME" in
+ linux-image-extra*::postrm)
+ exit 0;;
+esac
+
+if [ -d /var/run ]; then
+ touch /var/run/reboot-required
+ if ! grep -q "^$DPKG_MAINTSCRIPT_PACKAGE$" /var/run/reboot-required.pkgs 2> /dev/null ; then
+ echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /var/run/reboot-required.pkgs
+ fi
+fi
--- /dev/null
+/usr/share/update-notifier/notify-reboot-required
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+set -e
+
+# installkernel script calls postinst.d without any DEB_MAINT_PARAMS set
+# linux-image-* postinst calls postinst.d with DEB_MAINT_PARAMS set
+# do nothing in case linux-image-* calls this, as it already calls `linux-update-symlinks`
+[ -z "$DEB_MAINT_PARAMS" ] || exit 0
+
+# installkernel must call postinst.d with two args, version & image_path
+version="$1"
+image_path="$2"
+
+[ -n "$version" ] || exit 0
+[ -n "$image_path" ] || exit 0
+
+# call linux-update-symlinks in install mode, which will correctly
+# update vmlinuz & initrd.img symlinks. Even if initrd.img does not
+# exist yet, or has already been created by the initramfs-update
+# postinst.d hook. It will also honor kernel_img.conf settings to
+# link_in_boot yes/no. Thus matching behaviour of linux-image-*
+# postinst call to linux-update-symlinks.
+linux-update-symlinks install $version $image_path
+
+exit 0
--- /dev/null
+#! /bin/sh
+set -e
+
+which update-grub >/dev/null 2>&1 || exit 0
+
+if type systemd-detect-virt >/dev/null 2>&1 &&
+ systemd-detect-virt --quiet --container; then
+ exit 0
+fi
+
+set -- $DEB_MAINT_PARAMS
+mode="${1#\'}"
+mode="${mode%\'}"
+case $0:$mode in
+ # Only run on postinst configure and postrm remove, to avoid wasting
+ # time by calling update-grub multiple times on upgrade and removal.
+ # Also run if we have no DEB_MAINT_PARAMS, in order to work with old
+ # kernel packages.
+ */postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove)
+ if [ -e /boot/grub/grub.cfg ]; then
+ exec update-grub
+ fi
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+
+version="$1"
+bootopt=""
+
+[ -x /usr/sbin/update-initramfs ] || exit 0
+
+# passing the kernel version is required
+if [ -z "${version}" ]; then
+ echo >&2 "W: initramfs-tools: ${DPKG_MAINTSCRIPT_PACKAGE:-kernel package} did not pass a version number"
+ exit 0
+fi
+
+# exit if custom kernel does not need an initramfs
+if [ "$INITRD" = 'No' ]; then
+ exit 0
+fi
+
+# absolute file name of kernel image may be passed as a second argument;
+# create the initrd in the same directory
+if [ -n "$2" ]; then
+ bootdir=$(dirname "$2")
+ bootopt="-b ${bootdir}"
+fi
+
+# avoid running multiple times
+if [ -n "$DEB_MAINT_PARAMS" ]; then
+ eval set -- "$DEB_MAINT_PARAMS"
+ if [ -z "$1" ] || [ "$1" != "remove" ]; then
+ exit 0
+ fi
+fi
+
+# delete initramfs
+# shellcheck disable=SC2086
+INITRAMFS_TOOLS_KERNEL_HOOK=1 update-initramfs -d -k "${version}" ${bootopt} >&2
--- /dev/null
+#! /bin/sh
+set -e
+
+which update-grub >/dev/null 2>&1 || exit 0
+
+if type systemd-detect-virt >/dev/null 2>&1 &&
+ systemd-detect-virt --quiet --container; then
+ exit 0
+fi
+
+set -- $DEB_MAINT_PARAMS
+mode="${1#\'}"
+mode="${mode%\'}"
+case $0:$mode in
+ # Only run on postinst configure and postrm remove, to avoid wasting
+ # time by calling update-grub multiple times on upgrade and removal.
+ # Also run if we have no DEB_MAINT_PARAMS, in order to work with old
+ # kernel packages.
+ */postinst.d/*:|*/postinst.d/*:configure|*/postrm.d/*:|*/postrm.d/*:remove)
+ if [ -e /boot/grub/grub.cfg ]; then
+ exec update-grub
+ fi
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh
+#
+# /etc/kernel/preinst.d script for intel-microcode version 3
+# Copyright (C) 2014 Henrique de Moraes Holschuh <hmh@debian.org>
+# Released under the GPL v2 or later license
+#
+# This script makes sure the cpuid module is loaded, before the
+# kernel image has a chance to replace it with a new one that
+# might not be compatible with the current kernel.
+#
+# We need the cpuid module for iucode_tool --scan-system,
+# which is used by the initramfs hook.
+#
+
+grep -q cpu/cpuid /proc/devices || modprobe -q cpuid || true
+
+:
--- /dev/null
+include /etc/ld.so.conf.d/*.conf
+
--- /dev/null
+/usr/lib/x86_64-linux-gnu/libfakeroot
--- /dev/null
+# libc default configuration
+/usr/local/lib
--- /dev/null
+# Multiarch support
+/usr/local/lib/x86_64-linux-gnu
+/lib/x86_64-linux-gnu
+/usr/lib/x86_64-linux-gnu
--- /dev/null
+# Legacy biarch compatibility support
+/lib32
+/usr/lib32
--- /dev/null
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE dc=example,dc=com
+#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT 12
+#TIMELIMIT 15
+#DEREF never
+
+# TLS certificates (needed for GnuTLS)
+TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+
--- /dev/null
+
+The programs included with the Ubuntu system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
+applicable law.
+
--- /dev/null
+# This is the configuration file for libaudit tunables.
+# It is currently only used for the failure_action tunable.
+
+# failure_action can be: log, ignore, terminate
+failure_action = ignore
+
+
--- /dev/null
+# This is the default configuration for the libblockdev library. For
+# each supported technology/plugin there is a separate section/group
+# with the 'sonames' key. The value of the key has to be a list of
+# sonames of shared objects that should be attempted to be loaded for
+# the plugin falling back to the next one in the list.
+#
+# So this example:
+# [lvm]
+# sonames=libbd_lvm-dbus.so.0;libbd_lvm.so.0
+#
+# would result in the libbd_lvm-dbus.so.0 shared object attempted to
+# be loaded and if that failed, the libbd_lvm.so.0 would be attempted
+# to be loaded.
+
+[btrfs]
+sonames=libbd_btrfs.so.2
+
+[crypto]
+sonames=libbd_crypto.so.2
+
+[dm]
+sonames=libbd_dm.so.2
+
+[kbd]
+sonames=libbd_kbd.so.2
+
+[loop]
+sonames=libbd_loop.so.2
+
+[lvm]
+sonames=libbd_lvm.so.2
+
+[mdraid]
+sonames=libbd_mdraid.so.2
+
+[mpath]
+sonames=libbd_mpath.so.2
+
+[swap]
+sonames=libbd_swap.so.2
+
+[s390]
+sonames=libbd_s390.so.2
--- /dev/null
+###############################################################################
+#
+# ClassID <-> Name Translation Table
+#
+# This file can be used to assign names to classids for easier reference
+# in all libnl tools.
+#
+# Format:
+# <MAJ:> <NAME> # qdisc definition
+# <MAJ:MIN> <NAME> # class deifnition
+# <NAME:MIN> <NAME> # class definition referencing an
+# existing qdisc definition.
+#
+# Example:
+# 1: top # top -> 1:0
+# top:1 interactive # interactive -> 1:1
+# top:2 www # www -> 1:2
+# top:3 bulk # bulk -> 1:3
+# 2:1 test_class # test_class -> 2:1
+#
+# Illegal Example:
+# 30:1 classD
+# classD:2 invalidClass # classD refers to a class, not a qdisc
+#
+###############################################################################
+
+# <CLASSID> <NAME>
+
+# Reserved default classids
+0:0 none
+ffff:ffff root
+ffff:fff1 ingress
+
+#
+# List your classid definitions here:
+#
+
+
+
+###############################################################################
+# List of auto-generated classids
+#
+# DO NOT ADD CLASSID DEFINITIONS BELOW THIS LINE
+#
+# <CLASSID> <NAME>
--- /dev/null
+#
+# Location definitions for packet matching
+#
+
+# name alignment offset mask shift
+ip.version u8 net+0 0xF0 4
+ip.hdrlen u8 net+0 0x0F
+ip.diffserv u8 net+1
+ip.length u16 net+2
+ip.id u16 net+4
+ip.flag.res u8 net+6 0xff 7
+ip.df u8 net+6 0x40 6
+ip.mf u8 net+6 0x20 5
+ip.offset u16 net+6 0x1FFF
+ip.ttl u8 net+8
+ip.proto u8 net+9
+ip.chksum u16 net+10
+ip.src u32 net+12
+ip.dst u32 net+16
+
+# if ip.ihl > 5
+ip.opts u32 net+20
+
+
+#
+# IP version 6
+#
+# name alignment offset mask shift
+ip6.version u8 net+0 0xF0 4
+ip6.tc u16 net+0 0xFF0 4
+ip6.flowlabel u32 net+0 0xFFFFF
+ip6.length u16 net+4
+ip6.nexthdr u8 net+6
+ip6.hoplimit u8 net+7
+ip6.src 16 net+8
+ip6.dst 16 net+24
+
+#
+# Transmission Control Protocol (TCP)
+#
+# name alignment offset mask shift
+tcp.sport u16 tcp+0
+tcp.dport u16 tcp+2
+tcp.seq u32 tcp+4
+tcp.ack u32 tcp+8
+
+# Data offset (4 bits)
+tcp.off u8 tcp+12 0xF0 4
+
+# Reserved [0 0 0] (3 bits)
+tcp.reserved u8 tcp+12 0x04 1
+
+# ECN [N C E] (3 bits)
+tcp.ecn u16 tcp+12 0x01C00 6
+
+# Individual TCP flags (0|1) (6 bits in total)
+tcp.flag.urg u8 tcp+13 0x20 5
+tcp.flag.ack u8 tcp+13 0x10 4
+tcp.flag.psh u8 tcp+13 0x08 3
+tcp.flag.rst u8 tcp+13 0x04 2
+tcp.flag.syn u8 tcp+13 0x02 1
+tcp.flag.fin u8 tcp+13 0x01
+
+tcp.win u16 tcp+14
+tcp.csum u16 tcp+16
+tcp.urg u16 tcp+18
+tcp.opts u32 tcp+20
+
+#
+# User Datagram Protocol (UDP)
+#
+# name alignment offset mask shift
+udp.sport u16 tcp+0
+udp.dport u16 tcp+2
+udp.length u16 tcp+4
+udp.csum u16 tcp+6
--- /dev/null
+# Locale name alias data base.
+# Copyright (C) 1996-2020 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+
+# The format of this file is the same as for the corresponding file of
+# the X Window System, which normally can be found in
+# /usr/lib/X11/locale/locale.alias
+# A single line contains two fields: an alias and a substitution value.
+# All entries are case independent.
+
+# Note: This file is obsolete and is kept around for the time being for
+# backward compatibility. Nobody should rely on the names defined here.
+# Locales should always be specified by their full name.
+
+# Note: This file used to contain the following lines:
+# bokmaal nb_NO.ISO-8859-1
+# franc,ais fr_FR.ISO-8859-1
+# except that the "aa" was actually the byte '\0xE5' (the Latin-1
+# encoding for U+00E5 LATIN SMALL LETTER A WITH RING ABOVE) and the
+# "c," was actually the byte '\xE7' (the Latin-1 encoding for U+00E7
+# LATIN SMALL LETTER C WITH CEDILLA). These lines were removed
+# because they caused 'locale -a' to output text encoded in Latin-1,
+# which broke applications in UTF-8 locales. See:
+# https://sourceware.org/bugzilla/show_bug.cgi?id=18412
+
+bokmal nb_NO.ISO-8859-1
+catalan ca_ES.ISO-8859-1
+croatian hr_HR.ISO-8859-2
+czech cs_CZ.ISO-8859-2
+danish da_DK.ISO-8859-1
+dansk da_DK.ISO-8859-1
+deutsch de_DE.ISO-8859-1
+dutch nl_NL.ISO-8859-1
+eesti et_EE.ISO-8859-15
+estonian et_EE.ISO-8859-15
+finnish fi_FI.ISO-8859-1
+french fr_FR.ISO-8859-1
+galego gl_ES.ISO-8859-1
+galician gl_ES.ISO-8859-1
+german de_DE.ISO-8859-1
+greek el_GR.ISO-8859-7
+hebrew he_IL.ISO-8859-8
+hrvatski hr_HR.ISO-8859-2
+hungarian hu_HU.ISO-8859-2
+icelandic is_IS.ISO-8859-1
+italian it_IT.ISO-8859-1
+japanese ja_JP.eucJP
+japanese.euc ja_JP.eucJP
+ja_JP ja_JP.eucJP
+ja_JP.ujis ja_JP.eucJP
+japanese.sjis ja_JP.SJIS
+korean ko_KR.eucKR
+korean.euc ko_KR.eucKR
+ko_KR ko_KR.eucKR
+lithuanian lt_LT.ISO-8859-13
+no_NO nb_NO.ISO-8859-1
+no_NO.ISO-8859-1 nb_NO.ISO-8859-1
+norwegian nb_NO.ISO-8859-1
+nynorsk nn_NO.ISO-8859-1
+polish pl_PL.ISO-8859-2
+portuguese pt_PT.ISO-8859-1
+romanian ro_RO.ISO-8859-2
+russian ru_RU.KOI8-R
+slovak sk_SK.ISO-8859-2
+slovene sl_SI.ISO-8859-2
+slovenian sl_SI.ISO-8859-2
+spanish es_ES.ISO-8859-1
+swedish sv_SE.ISO-8859-1
+thai th_TH.TIS-620
+turkish tr_TR.ISO-8859-9
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# agr_PE UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# az_IR UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bho_NP UTF-8
+# bi_VU UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia UTF-8
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# ckb_IQ UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dsb_DE UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# el_GR@euro ISO-8859-7
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SC.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# eo_US.UTF-8 UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hif_FJ UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kab_DZ UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mai_NP UTF-8
+# mfe_MU UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# miq_NI UTF-8
+# mjw_IN UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mnw_MM UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sah_RU UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# sd_PK UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shn_MM UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# sm_WS UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# to_TO UTF-8
+# tpi_PG UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# ug_CN@latin UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# yuw_PG UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+/usr/share/zoneinfo/Etc/UTC
\ No newline at end of file
--- /dev/null
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG network certificate management daemon\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(restricted\)\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(access for web browsers\)\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(ssh-agent emulation\)\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG network certificate management daemon\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(restricted\)\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(ssh-agent emulation\)\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(access for web browsers\)\.$
+
--- /dev/null
+\w{3} [ :0-9]{11} [._[:alnum:]-]+ [._[:alnum:]-]+: DIGEST-MD5 common mech free
--- /dev/null
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md driver [.[:digit:]]+ MAX_MD_DEVS=[[:digit:]]+, MD_SB_DISKS=[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: bitmap version [.[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md[[:digit:]]+ stopped\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md[[:digit:]]+ still in use\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: cannot remove active disk [[:alnum:]]+ from md[[:digit:]]+ \.\.\. ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: raid([01456]|456|10) personality registered for level ([01456]|10)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: (data-check|requested-resync|resync|reshape|recovery) of RAID array md[[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: resuming (data-check|requested-resync|resync|reshape|recovery) of md[[:digit:]]+ from checkpoint\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: md[[:digit:]]+: (data-check|requested-resync|resync|reshape|recovery) done\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: minimum _guaranteed_ ?speed: [[:digit:]]+ KB/sec/disk\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: using maximum available idle IO bandwidth \(but not more than [[:digit:]]+ KB/sec\) for (data-check|requested-resync|resync|reshape|recovery)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: delaying (data-check|requested-resync|resync|reshape|recovery) of md[[:digit:]]+ until md[[:digit:]]+ has finished \(they share one or more physical units\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: using [[:digit:]]+k window, over a total of [[:digit:]]+( blocks|k)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: (un)?bind<[^>]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: export_rdev\([^)]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? raid[[:digit:]]+: raid set [[:alnum:]]+ active with [[:digit:]]+ out of [[:digit:]]+ mirrors$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? RAID([01456]|10) conf printout:$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])?[[:space:]]+---( [wrf]d:[[:digit:]]+){2,3}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])?[[:space:]]+disk [[:digit:]]+,( wo:[[:digit:]]+,)? o:[[:digit:]]+, dev:[[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: Rebuild((Start|Finish)ed|[[:digit:]]+) event detected on md device /dev/[-_./[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: SpareActive event detected on md device /dev/[-_./[:alnum:]]+, component device /dev/[-_./[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: (New|Degraded)Array event detected on md device /dev/[-_./[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mdadm(\[[[:digit:]]+\])?: DeviceDisappeared event detected on md device /dev/[-_./[:alnum:]]+$
--- /dev/null
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: imklog [0-9.]+, log source = /proc/kmsg started.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Kernel logging \(proc\) stopped.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https://www.rsyslog.com"\] start$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https://www.rsyslog.com"\] exiting on signal [0-9]+.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="https://www.rsyslog.com"\] rsyslogd was HUPed$
--- /dev/null
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? md: kicking non-fresh [[:alnum:]]+ from array!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? raid[[:digit:]]+: Disk failure on [[:alnum:]]+, disabling device\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])?[[:space:]]+Operation continuing on [[:digit:]]+ devices?$
--- /dev/null
+#
+# /etc/login.defs - Configuration control definitions for the login package.
+#
+# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
+# If unspecified, some arbitrary (and possibly incorrect) value will
+# be assumed. All other items are optional - if not specified then
+# the described action or option will be inhibited.
+#
+# Comment lines (lines beginning with "#") and blank lines are ignored.
+#
+# Modified for Linux. --marekm
+
+# REQUIRED for useradd/userdel/usermod
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
+# MAIL_DIR takes precedence.
+#
+# Essentially:
+# - MAIL_DIR defines the location of users mail spool files
+# (for mbox use) by appending the username to MAIL_DIR as defined
+# below.
+# - MAIL_FILE defines the location of the users mail spool files as the
+# fully-qualified filename obtained by prepending the user home
+# directory before $MAIL_FILE
+#
+# NOTE: This is no more used for setting up users MAIL environment variable
+# which is, starting from shadow 4.0.12-1 in Debian, entirely the
+# job of the pam_mail PAM modules
+# See default PAM configuration files provided for
+# login, su, etc.
+#
+# This is a temporary situation: setting these variables will soon
+# move to /etc/default/useradd and the variables will then be
+# no more supported
+MAIL_DIR /var/mail
+#MAIL_FILE .mail
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+# This option conflicts with the pam_tally PAM module.
+#
+FAILLOG_ENAB yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+# WARNING: Unknown usernames may become world readable.
+# See #290803 and #298773 for details about how this could become a security
+# concern
+LOG_UNKFAIL_ENAB no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB yes
+SYSLOG_SG_ENAB yes
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE /var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100 tty01".
+#
+#TTYTYPE_FILE /etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE /var/log/btmp
+
+#
+# If defined, the command name to display when running "su -". For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su". If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME su
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence. If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file. If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE /etc/hushlogins
+
+#
+# *REQUIRED* The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+#
+# Terminal permissions
+#
+# TTYGROUP Login tty will be assigned this group ownership.
+# TTYPERM Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+# In Debian /usr/bin/bsd-write or similar programs are setgid tty
+# However, the default and recommended value for TTYPERM is still 0600
+# to not allow anyone to write to anyone else console or terminal
+
+# Users can still allow other people to write them by issuing
+# the "mesg y" command.
+
+TTYGROUP tty
+TTYPERM 0600
+
+#
+# Login configuration initializations:
+#
+# ERASECHAR Terminal ERASE character ('\010' = backspace).
+# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+# UMASK Default "umask" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+#
+# UMASK is the default umask value for pam_umask and is used by
+# useradd and newusers to set the mode of the new home directories.
+# 022 is the "historical" value in Debian for UMASK
+# 027, or even 077, could be considered better for privacy
+# There is no One True Answer here : each sysadmin must make up his/her
+# mind.
+#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR 0177
+KILLCHAR 025
+UMASK 022
+
+#
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS 99999
+PASS_MIN_DAYS 0
+PASS_WARN_AGE 7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN 1000
+UID_MAX 60000
+# System accounts
+#SYS_UID_MIN 100
+#SYS_UID_MAX 999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN 1000
+GID_MAX 60000
+# System accounts
+#SYS_GID_MIN 100
+#SYS_GID_MAX 999
+
+#
+# Max number of login retries if password is bad. This will most likely be
+# overriden by PAM, since the default pam_unix module has it's own built
+# in of 3 retries. However, this is a safe fallback in case you are using
+# an authentication module that does not enforce PAM_MAXTRIES.
+#
+LOGIN_RETRIES 5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT 60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone). If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT rwh
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# If set to yes, userdel will remove the user's group if it contains no
+# more members, and useradd will create by default a group with the name
+# of the user.
+#
+USERGROUPS_ENAB yes
+
+#
+# Instead of the real user shell, the program specified by this parameter
+# will be launched, although its visible name (argv[0]) will be the shell's.
+# The program may do whatever it wants (logging, additional authentification,
+# banner, ...) before running the actual shell.
+#
+# FAKE_SHELL /bin/fakeshell
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names. Root logins will be allowed only
+# upon these devices.
+#
+# This variable is used by login and su.
+#
+#CONSOLE /etc/consoles
+#CONSOLE console:tty01:tty02:tty03:tty04
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting). Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# This variable is used by login and su.
+#
+#CONSOLE_GROUPS floppy:audio:cdrom
+
+#
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm. Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB no
+
+#
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+# Note: It is recommended to use a value consistent with
+# the PAM modules configuration.
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+################# OBSOLETED BY PAM ##############
+# #
+# These options are now handled by PAM. Please #
+# edit the appropriate file in /etc/pam.d/ to #
+# enable the equivelants of them.
+#
+###############
+
+#MOTD_FILE
+#DIALUPS_CHECK_ENAB
+#LASTLOG_ENAB
+#MAIL_CHECK_ENAB
+#OBSCURE_CHECKS_ENAB
+#PORTTIME_CHECKS_ENAB
+#SU_WHEEL_ONLY
+#CRACKLIB_DICTPATH
+#PASS_CHANGE_TRIES
+#PASS_ALWAYS_WARN
+#ENVIRON_FILE
+#NOLOGINS_FILE
+#ISSUE_FILE
+#PASS_MIN_LEN
+#PASS_MAX_LEN
+#ULIMIT
+#ENV_HZ
+#CHFN_AUTH
+#CHSH_AUTH
+#FAIL_DELAY
+
+################# OBSOLETED #######################
+# #
+# These options are no more handled by shadow. #
+# #
+# Shadow utilities will display a warning if they #
+# still appear. #
+# #
+###################################################
+
+# CLOSE_SESSIONS
+# LOGIN_STRING
+# NO_PASSWORD_CONSOLE
+# QMAIL_DIR
+
+
+
--- /dev/null
+# see "man logrotate" for details
+# rotate log files weekly
+weekly
+
+# use the adm group by default, since this is the owning group
+# of /var/log/syslog.
+su root adm
+
+# keep 4 weeks worth of backlogs
+rotate 4
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+#dateext
+
+# uncomment this if you want your log files compressed
+#compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may be also be configured here.
--- /dev/null
+/var/log/alternatives.log {
+ monthly
+ rotate 12
+ compress
+ delaycompress
+ missingok
+ notifempty
+ create 644 root root
+}
--- /dev/null
+/var/log/apport.log {
+ daily
+ rotate 7
+ delaycompress
+ compress
+ notifempty
+ missingok
+}
+
--- /dev/null
+/var/log/apt/term.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+
+/var/log/apt/history.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
+
--- /dev/null
+/var/log/boot.log
+{
+ missingok
+ daily
+ copytruncate
+ rotate 7
+ notifempty
+}
--- /dev/null
+# no packages own btmp -- we'll rotate it here
+/var/log/btmp {
+ missingok
+ monthly
+ create 0660 root utmp
+ rotate 1
+}
--- /dev/null
+/var/log/letsencrypt/*.log {
+ rotate 12
+ weekly
+ compress
+ missingok
+}
\ No newline at end of file
--- /dev/null
+/var/log/dpkg.log {
+ monthly
+ rotate 12
+ compress
+ delaycompress
+ missingok
+ notifempty
+ create 644 root root
+}
--- /dev/null
+/var/log/nginx/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 0640 www-data adm
+ sharedscripts
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
+ run-parts /etc/logrotate.d/httpd-prerotate; \
+ fi \
+ endscript
+ postrotate
+ invoke-rc.d nginx rotate >/dev/null 2>&1
+ endscript
+}
--- /dev/null
+/var/log/postgresql/*.log {
+ weekly
+ rotate 10
+ copytruncate
+ delaycompress
+ compress
+ notifempty
+ missingok
+ su root root
+}
--- /dev/null
+/var/log/syslog
+{
+ rotate 7
+ daily
+ missingok
+ notifempty
+ delaycompress
+ compress
+ postrotate
+ /usr/lib/rsyslog/rsyslog-rotate
+ endscript
+}
+
+/var/log/mail.info
+/var/log/mail.warn
+/var/log/mail.err
+/var/log/mail.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/auth.log
+/var/log/user.log
+/var/log/lpr.log
+/var/log/cron.log
+/var/log/debug
+/var/log/messages
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /usr/lib/rsyslog/rsyslog-rotate
+ endscript
+}
--- /dev/null
+# use the root group by default, since this is the owning group
+# of /var/log/ubuntu-advantage*.log files.
+/var/log/ubuntu-advantage*.log {
+ su root root
+ create 0644 root root
+ rotate 6
+ monthly
+ compress
+ delaycompress
+ missingok
+ notifempty
+}
--- /dev/null
+/var/log/ufw.log
+{
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
+ endscript
+}
--- /dev/null
+/var/log/unattended-upgrades/unattended-upgrades.log
+/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
+/var/log/unattended-upgrades/unattended-upgrades-shutdown.log
+{
+ rotate 6
+ monthly
+ compress
+ missingok
+ notifempty
+}
--- /dev/null
+# no packages own wtmp -- we'll rotate it here
+/var/log/wtmp {
+ missingok
+ monthly
+ create 0664 root utmp
+ minsize 1M
+ rotate 1
+}
--- /dev/null
+DISTRIB_ID=Ubuntu
+DISTRIB_RELEASE=20.04
+DISTRIB_CODENAME=focal
+DISTRIB_DESCRIPTION="Ubuntu 20.04.4 LTS"
--- /dev/null
+; ltrace.conf
+;
+; ~/.ltrace.conf will also be read, if it exists. The -F option may be
+; used to suppress the automatic inclusion of both this file and
+; ~/.ltrace.conf, and load a different config file or config files
+; instead.
+;
+; See ltrace.conf(5) for description of syntax of this file.
+
+; arpa/inet.h
+typedef in_addr = struct(hex(uint));
+int inet_aton(string, +in_addr*);
+hex(uint) inet_addr(string);
+hex(uint) inet_network(string);
+string inet_ntoa(in_addr);
+in_addr inet_makeaddr(hex(int), hex(int));
+hex(uint) inet_lnaof(in_addr);
+hex(uint) inet_netof(in_addr);
+
+; bfd.h
+void bfd_init();
+int bfd_set_default_target(string);
+addr bfd_scan_vma(string, addr, int);
+addr bfd_openr(string,string);
+int bfd_check_format(addr,int);
+
+; ctype.h
+char tolower(char);
+char toupper(char);
+addr __ctype_b_loc();
+addr __ctype_tolower_loc();
+addr __ctype_toupper_loc();
+ulong __ctype_get_mb_cur_max();
+
+; curses.h
+int waddch(addr, char);
+int mvprintw(int, int, format);
+int wmove(addr, int, int);
+int waddnstr(addr, string, int);
+string tgoto(string, int, int);
+
+; dirent.h
+int closedir(addr);
+addr opendir(string);
+addr readdir(addr);
+addr readdir64(addr);
+
+; dlfcn.h
+addr dlopen(string, int);
+string dlerror();
+addr dlsym(addr, string);
+int dlclose(addr);
+
+; errno.h
+addr __errno_location();
+
+; fcntl.h
+int open(string,int,octal); ; WARNING: 3rd argument may not be there
+int open64(string,int,octal); ; WARNING: 3rd argument may not be there
+
+; fnmatch.h
+int fnmatch(string, string, int);
+
+; getopt.h
+int getopt_long(int,addr,string,addr,int*);
+int getopt_long_only(int,addr,string,addr,addr);
+
+; grp.h
+void endgrent();
+addr getgrnam(string);
+void setgrent();
+addr getgrent();
+
+; libintl.h
+string __dcgettext(string,string,int);
+string bindtextdomain(string, string);
+string textdomain(string);
+
+; libio.h
+char _IO_getc(file);
+int _IO_putc(char,file);
+
+; locale.h
+string setlocale(enum(LC_CTYPE=0, LC_NUMERIC=1, LC_TIME=2, LC_COLLATE=3, LC_MONETARY=4, LC_MESSAGES=5, LC_ALL=6, LC_PAPER=7, LC_NAME=8, LC_ADDRESS=9, LC_TELEPHONE=10, LC_MEASUREMENT=11, LC_IDENTIFICATION=12), string);
+
+; mcheck.h
+void mtrace();
+void muntrace();
+
+; mqueue.h
+int mq_open(string, int, octal, addr); ; WARNING: 3rd and 4th arguments may not be there
+int mq_close(int);
+int mq_unlink(string);
+int mq_getattr(int, addr);
+int mq_setattr(int, addr, addr);
+int mq_notify(int, addr);
+int mq_send(int, string3, ulong, uint);
+int mq_timedsend(int, string3, ulong, uint, addr);
+long mq_receive(int, +string0, ulong, addr);
+long mq_timedreceive(int, +string0, ulong, addr, addr);
+
+; netdb.h
+void endhostent();
+void endnetent();
+void endnetgrent();
+void endprotoent();
+void endservent();
+void freeaddrinfo(addr);
+string gai_strerror(int);
+int getaddrinfo(string, string, addr, addr);
+addr gethostbyaddr(string, uint, int);
+addr gethostbyname(string);
+addr gethostent();
+int getnameinfo(addr, uint, string, uint, string, uint, uint);
+addr getnetbyaddr(uint, int);
+addr getnetbyname(string);
+addr getnetent();
+int getnetgrent(addr, addr, addr);
+addr getprotobyname(string);
+addr getprotobynumber(int);
+addr getprotoent();
+addr getservbyname(string, string);
+addr getservbyport(int, string);
+addr getservent();
+void herror(string);
+string hstrerror(int);
+int rcmd(addr, ushort, string, string, string, addr);
+int rcmd_af(addr, ushort, string, string, string, addr, int);
+int rexec(addr, int, string, string, string, addr);
+int rexec_af(addr, int, string, string, string, addr, int);
+int rresvport (addr);
+int rresvport_af (addr, int);
+int ruserok(string, int, string, string);
+int ruserok_af(string, int, string, string, int);
+void sethostent(int);
+void setnetent(int);
+int setnetgrent(string);
+void setprotoent(int);
+void setservent(int);
+
+; netinet/in.h
+uint ntohs(uint);
+
+; pcap.h
+string pcap_lookupdev(addr);
+addr pcap_open_live(string, int, int, int, addr);
+int pcap_snapshot(addr);
+int pcap_lookupnet(string, addr, addr, addr);
+int pcap_compile(addr, addr, string, int, addr);
+
+; pwd.h
+string getpass(string);
+void endpwent();
+addr getpwnam(string);
+void setpwent();
+
+; readline/readline.h
+string readline(string);
+
+; signal.h
+typedef signum = enum(SIGHUP=1, SIGINT=2, SIGQUIT=3, SIGILL=4, SIGTRAP=5, SIGABRT=6, SIGBUS=7, SIGFPE=8, SIGKILL=9, SIGUSR1=10, SIGSEGV=11, SIGUSR2=12, SIGPIPE=13, SIGALRM=14, SIGTERM=15, SIGSTKFLT=16, SIGCHLD=17, SIGCONT=18, SIGSTOP=19, SIGTSTP=20, SIGTTIN=21, SIGTTOU=22, SIGURG=23, SIGXCPU=24, SIGXFSZ=25, SIGVTALRM=26, SIGPROF=27, SIGWINCH=28, SIGIO=29, SIGPWR=30, SIGSYS=31, SIGRTMIN_0=32, SIGRTMIN_1=33, SIGRTMIN_2=34, SIGRTMIN_3=35, SIGRTMIN_4=36, SIGRTMIN_5=37, SIGRTMIN_6=38, SIGRTMIN_7=39, SIGRTMIN_8=40, SIGRTMIN_9=41, SIGRTMIN_10=42, SIGRTMIN_11=43, SIGRTMIN_12=44, SIGRTMIN_13=45, SIGRTMIN_14=46, SIGRTMIN_15=47, SIGRTMIN_16=48, SIGRTMIN_17=49, SIGRTMIN_18=50, SIGRTMIN_19=51, SIGRTMIN_20=52, SIGRTMIN_21=53, SIGRTMIN_22=54, SIGRTMIN_23=55, SIGRTMIN_24=56, SIGRTMIN_25=57, SIGRTMIN_26=58, SIGRTMIN_27=59, SIGRTMIN_28=60, SIGRTMIN_29=61, SIGRTMIN_30=62, SIGRTMIN_31=63);
+typedef sigset_t = bitvec(ulong);
+; elm3 should be flags
+typedef sigaction = struct(addr, sigset_t, hex(int), addr);
+int kill(int, signum);
+int sigemptyset(+sigset_t*);
+int sigaddset(+sigset_t*, signum);
+int sigdelset(+sigset_t*, signum);
+int sigfillset(+sigset_t*);
+int sigismember(sigset_t*, signum);
+addr signal(signum,addr);
+int sigaction(signum, sigaction*, +sigaction*);
+int sigprocmask(enum(SIG_BLOCK=1, SIG_UNBLOCK=2, SIG_SETMASK=3), sigset_t*, +sigset_t*);
+int sigpending(+sigset_t*);
+int sigsuspend(sigset_t*);
+int sigisemptyset(sigset_t*);
+int sigorset(+sigset_t*, sigset_t*, sigset_t*);
+int sigandset(+sigset_t*, sigset_t*, sigset_t*);
+
+; stdio.h
+int fclose(file);
+int feof(file);
+int ferror(file);
+int fflush(file);
+char fgetc(file);
+addr fgets(+string, int, file);
+int fileno(file);
+file fopen(string,string);
+file fopen64(string,string);
+int fprintf(file,format);
+int fputc(char,file);
+int fputs(string,file);
+ulong fread(addr,ulong,ulong,file);
+ulong fread_unlocked(addr,ulong,ulong,file);
+ulong fwrite(string,ulong,ulong,file);
+ulong fwrite_unlocked(string,ulong,ulong,file);
+int pclose(addr);
+void perror(string);
+addr popen(string, string);
+int printf(format);
+int puts(string);
+int remove(string);
+int snprintf(+string2,ulong,format);
+int sprintf(+string,format);
+string tempnam(string,string);
+int vfprintf(file,string,addr);
+int vsnprintf(+string2,ulong,string,addr);
+int setvbuf(file,addr,int,ulong);
+void setbuf(file,addr);
+void setbuffer(file,addr,ulong);
+void setlinebuf(file);
+int rename(string,string);
+
+; stdlib.h
+long __strtol_internal(string,addr,int);
+ulong __strtoul_internal(string,addr,int);
+int atexit(addr);
+addr bsearch(string, addr, ulong, ulong, addr);
+addr calloc(ulong, ulong);
+void exit(int);
+void free(addr);
+string getenv(string);
+int putenv(string);
+int setenv(string,string,int);
+void unsetenv(string);
+addr malloc(ulong);
+void qsort(addr,ulong,ulong,addr);
+int random();
+addr realloc(addr,ulong);
+void srandom(uint);
+int system(string);
+
+; string.h
+void bcopy(addr,addr,ulong);
+void bzero(addr,ulong);
+string basename(string);
+string index(string,char);
+addr memchr(string,char,ulong);
+addr memcpy(addr,string(array(char, arg3)*),ulong);
+addr memmove(addr,string(array(char, arg3)*),ulong);
+addr memset(addr,char,long);
+string rindex(string,char);
+addr stpcpy(addr,string);
+int strcasecmp(string, string);
+string strcat(string, string);
+string strchr(string,char);
+int strcoll(string,string);
+ulong strlen(string);
+int strcmp(string,string);
+addr strcpy(addr,string);
+addr strdup(string);
+string strerror(int);
+int strncmp(string,string,ulong);
+addr strncpy(addr,string3,ulong);
+string strrchr(string,char);
+string strsep(addr,string);
+ulong strspn(string,string);
+ulong strcspn(string,string);
+string strstr(string,string);
+string strtok(string, string);
+
+; sys/ioctl.h
+int ioctl(int, int, addr);
+
+; sys/socket.h
+int socket(int,int,int);
+
+; sys/stat.h
+int __fxstat(int,int,addr);
+int __xstat(int,string,addr);
+int __lxstat(int,string,addr);
+int __fxstat64(int,int,addr);
+int __xstat64(int,string,addr);
+int __lxstat64(int,string,addr);
+int chmod(string,octal);
+int fchmod(int,octal);
+int mkfifo(string,octal);
+octal umask(octal);
+
+; sys/utsname.h
+int uname(addr);
+
+; sys/vfs.h
+int statfs(string,addr);
+
+; syslog.h
+void closelog();
+void openlog(string,int,int);
+void syslog(int,format);
+
+; term.h
+int tputs(string, int, addr);
+
+; termios.h
+int tcgetattr(int,addr);
+int tcsetattr(int,int,addr);
+
+; time.h
+string ctime(addr);
+int gettimeofday(addr, addr);
+addr gmtime(addr);
+addr localtime(addr);
+ulong strftime(+string2,ulong,string,addr);
+long time(addr);
+
+; unistd.h
+void _exit(int);
+int access(string, int);
+uint alarm(uint);
+int chdir(string);
+int chown(string,int,int);
+int close(int);
+string crypt(string,string);
+int dup2(int,int);
+int execlp(string,string,addr,addr,addr);
+int execv(string,addr);
+int fchdir(int);
+int fork();
+int ftruncate(int,ulong);
+string2 getcwd(addr,ulong);
+int getdomainname(+string2,ulong);
+int geteuid();
+int getegid();
+int getgid();
+int gethostname(+string2,ulong);
+string getlogin();
+int getopt(int,addr,string);
+int getpid();
+int getppid();
+int getuid();
+int getpgrp();
+int setpgrp();
+int getpgid(int);
+int isatty(int);
+int link(string,string);
+int mkdir(string,octal);
+long read(int, +string[retval], ulong);
+int rmdir(string);
+int seteuid(uint);
+int setgid(int);
+int sethostname(+string2,ulong);
+int setpgid(int,int);
+int setreuid(uint, uint);
+int setuid(int);
+uint sleep(uint);
+int symlink(string,string);
+int sync();
+int truncate(string,ulong);
+string ttyname(int);
+int unlink(string);
+void usleep(uint);
+long write(int, string3, ulong);
+addr sbrk(long);
+int getpagesize();
+long lseek(int,long,int);
+int pipe(addr);
+
+; utmp.h
+void endutent();
+addr getutent();
+void setutent();
+
+; wchar.h
+int fwide(addr, int);
+
+; sys/wait.h
+int wait(addr);
+int waitpid(int,addr,int);
+
+; X11/Xlib.h
+void XCloseDisplay(addr);
+int XMapWindow(addr,addr);
+addr XOpenDisplay(string);
+
+; sys/acl.h
+int acl_add_perm(addr,uint);
+int acl_calc_mask(addr);
+int acl_clear_perms(addr);
+int acl_copy_entry(addr,addr);
+int acl_copy_ext(addr,addr,int);
+addr acl_copy_int(addr);
+int acl_create_entry(addr,addr);
+int acl_delete_def_file(string);
+int acl_delete_entry(addr,addr);
+int acl_delete_perm(addr,uint);
+addr acl_dup(addr);
+int acl_free(addr);
+addr acl_from_text(string);
+int acl_get_entry(addr,int,addr);
+addr acl_get_fd(int);
+addr acl_get_file(string,int);
+int acl_get_permset(addr,addr);
+addr acl_get_qualifier(addr);
+int acl_get_tag_type(addr,addr);
+addr acl_init(int);
+int acl_set_fd(int,addr);
+int acl_set_file(string,int,addr);
+int acl_set_permset(addr,addr);
+int acl_set_qualifier(addr,addr);
+int acl_set_tag_type(addr,int);
+int acl_size(addr);
+string acl_to_text(addr,addr);
+int acl_valid(addr);
+
+; acl/libacl.h
+int acl_check(addr,addr);
+int acl_cmp(addr,addr);
+int acl_entries(addr);
+int acl_equiv_mode(addr,addr);
+string acl_error(int);
+int acl_extended_fd(int);
+int acl_extended_file(string);
+addr acl_from_mode(octal);
+int acl_get_perm(addr,uint);
+string acl_to_any_text(addr,string,char,int);
+
+; other symbols not included above
+long a64l(string);
+string l64a(long);
+void abort();
+int abs(int);
+long labs(long);
+
+typedef mntent = struct(string, string, string, string, int, int);
+int addmntent(file, mntent*);
+int endmntent(file);
+int __endmntent(file);
+file setmntent(string,string);
+file __setmntent(string,string);
+mntent *getmntent(addr);
+mntent *getmntent_r(file, +mntent*, string, int);
+mntent *__getmntent_r(file, +mntent*, string, int);
+string hasmntopt(mntent*, string);
+
+; SYSCALLS
+addr SYS_brk(addr);
+int SYS_close(int);
+int SYS_execve(string,addr,addr);
+void SYS_exit(int);
+void SYS_exit_group(int);
+int SYS_fork();
+int SYS_getcwd(+string2,ulong);
+int SYS_getpid();
+;addr SYS_mmap(addr,ulong,int,int,int,long);
+int SYS_munmap(addr,ulong);
+int SYS_open(string,int,octal);
+int SYS_personality(uint);
+long SYS_read(int,+string0,ulong);
+int SYS_stat(string,addr);
+octal SYS_umask(octal);
+int SYS_uname(addr);
+long SYS_write(int,string3,ulong);
+int SYS_sync();
+int SYS_setxattr(string,string,addr,uint,int);
+int SYS_lsetxattr(string,string,addr,uint,int);
+int SYS_fsetxattr(int,string,addr,uint,int);
+int SYS_getxattr(string,string,addr,uint);
+int SYS_lgetxattr(string,string,addr,uint);
+int SYS_fgetxattr(int,string,addr,uint);
+int SYS_listxattr(string,addr,uint);
+int SYS_llistxattr(string,addr,uint);
+int SYS_flistxattr(int,addr,uint);
+int SYS_removexattr(string,string);
+int SYS_lremovexattr(string,string);
+int SYS_fremovexattr(int,string);
+int SYS_chdir(string);
+int SYS_fchdir(int);
+int SYS_chmod(string,octal);
+int SYS_fchmod(int,octal);
+int SYS_chown(string,int,int);
+int SYS_fchown(int,int,int);
+int SYS_lchown(string,int,int);
+int SYS_chroot(string);
+int SYS_dup(int);
+int SYS_dup2(int,int);
+int SYS_fdatasync(int);
+int SYS_fsync(int);
+int SYS_getpriority(int,int);
+int SYS_setpriority(int,int,int);
+int SYS_getrlimit(int,addr);
+int SYS_setrlimit(int,addr);
+int SYS_gettimeofday(addr,addr);
+int SYS_settimeofday(addr,addr);
+int SYS_setfsgid(int);
+int SYS_setfsuid(int);
+int SYS_getuid();
+int SYS_setuid(int);
+int SYS_getgid();
+int SYS_setgid(int);
+int SYS_getsid(int);
+int SYS_setsid(int);
+int SYS_setreuid(int,int);
+int SYS_setregid(int,int);
+int SYS_geteuid();
+int SYS_getegid();
+int SYS_setpgid(int,int);
+int SYS_getresuid(addr,addr,addr);
+int SYS_setresuid(int,int,int);
+int SYS_getresgid(addr,addr,addr);
+int SYS_setresgid(int,int,int);
+int SYS_kill(int,int);
+int SYS_link(string,string);
+int SYS_madvise(addr,ulong,int);
+int SYS_mkdir(string,octal);
+int SYS_mknod(string,octal,int);
+int SYS_msync(addr,ulong,int);
+int SYS_nice(int);
+int SYS_poll(addr,uint,int);
+int SYS_readdir(uint,addr,uint);
+int SYS_readlink(string,string,ulong);
+int SYS_reboot(int,int,int,addr);
+int SYS_rename(string,string);
+int SYS_rmdir(string);
+int SYS_sigaltstack(addr,addr);
+int SYS_statfs(string,addr);
+int SYS_fstatfs(int,addr);
+int SYS_fstat(int,addr);
+int SYS_lstat(string,addr);
+int SYS_stime(addr);
+int SYS_symlink(string, string);
+int SYS_sysinfo(addr);
+int SYS_syslog(int,string,int);
+int SYS_truncate(string,long);
+int SYS_ftruncate(int,long);
+int SYS_mount(string,string,string,ulong,addr);
+int SYS_umount(string);
+int SYS_umount2(string,int);
+int SYS_unlink(string);
+int SYS_utime(string,addr);
+long SYS_lseek(int,long,int);
+addr SYS_signal(int,addr);
+int SYS_sigaction(int,addr,addr);
+int SYS_pause();
+int SYS_sigpending(addr);
+int SYS_sigprocmask(int,addr,addr);
+int SYS_sigqueue(int,int,addr);
+int SYS_sigsuspend(addr);
+int SYS_wait(addr);
+int SYS_waitpid(int,addr,int);
+ulong SYS_readv(int,addr,int);
+ulong SYS_writev(int,addr,int);
+int SYS_mprotect(addr,int,int);
+int SYS_access(string,octal);
--- /dev/null
+# This is an example configuration file for the LVM2 system.
+# It contains the default settings that would be used if there was no
+# /etc/lvm/lvm.conf file.
+#
+# Refer to 'man lvm.conf' for further information including the file layout.
+#
+# Refer to 'man lvm.conf' for information about how settings configured in
+# this file are combined with built-in values and command line options to
+# arrive at the final values used by LVM.
+#
+# Refer to 'man lvmconfig' for information about displaying the built-in
+# and configured values used by LVM.
+#
+# If a default value is set in this file (not commented out), then a
+# new version of LVM using this file will continue using that value,
+# even if the new version of LVM changes the built-in default value.
+#
+# To put this file in a different directory and override /etc/lvm set
+# the environment variable LVM_SYSTEM_DIR before running the tools.
+#
+# N.B. Take care that each setting only appears once if uncommenting
+# example settings in this file.
+
+
+# Configuration section config.
+# How LVM configuration settings are handled.
+config {
+
+ # Configuration option config/checks.
+ # If enabled, any LVM configuration mismatch is reported.
+ # This implies checking that the configuration key is understood by
+ # LVM and that the value of the key is the proper type. If disabled,
+ # any configuration mismatch is ignored and the default value is used
+ # without any warning (a message about the configuration key not being
+ # found is issued in verbose mode only).
+ checks = 1
+
+ # Configuration option config/abort_on_errors.
+ # Abort the LVM process if a configuration mismatch is found.
+ abort_on_errors = 0
+
+ # Configuration option config/profile_dir.
+ # Directory where LVM looks for configuration profiles.
+ profile_dir = "/etc/lvm/profile"
+}
+
+# Configuration section devices.
+# How LVM uses block devices.
+devices {
+
+ # Configuration option devices/dir.
+ # Directory in which to create volume group device nodes.
+ # Commands also accept this as a prefix on volume group names.
+ # This configuration option is advanced.
+ dir = "/dev"
+
+ # Configuration option devices/scan.
+ # Directories containing device nodes to use with LVM.
+ # This configuration option is advanced.
+ scan = [ "/dev" ]
+
+ # Configuration option devices/obtain_device_list_from_udev.
+ # Obtain the list of available devices from udev.
+ # This avoids opening or using any inapplicable non-block devices or
+ # subdirectories found in the udev directory. Any device node or
+ # symlink not managed by udev in the udev directory is ignored. This
+ # setting applies only to the udev-managed device directory; other
+ # directories will be scanned fully. LVM needs to be compiled with
+ # udev support for this setting to apply.
+ obtain_device_list_from_udev = 1
+
+ # Configuration option devices/external_device_info_source.
+ # Select an external device information source.
+ # Some information may already be available in the system and LVM can
+ # use this information to determine the exact type or use of devices it
+ # processes. Using an existing external device information source can
+ # speed up device processing as LVM does not need to run its own native
+ # routines to acquire this information. For example, this information
+ # is used to drive LVM filtering like MD component detection, multipath
+ # component detection, partition detection and others.
+ #
+ # Accepted values:
+ # none
+ # No external device information source is used.
+ # udev
+ # Reuse existing udev database records. Applicable only if LVM is
+ # compiled with udev support.
+ #
+ external_device_info_source = "none"
+
+ # Configuration option devices/hints.
+ # Use a local file to remember which devices have PVs on them.
+ # Some commands will use this as an optimization to reduce device
+ # scanning, and will only scan the listed PVs. Removing the hint file
+ # will cause lvm to generate a new one. Disable hints if PVs will
+ # be copied onto devices using non-lvm commands, like dd.
+ #
+ # Accepted values:
+ # all
+ # Use all hints.
+ # none
+ # Use no hints.
+ #
+ # This configuration option has an automatic default value.
+ # hints = "all"
+
+ # Configuration option devices/preferred_names.
+ # Select which path name to display for a block device.
+ # If multiple path names exist for a block device, and LVM needs to
+ # display a name for the device, the path names are matched against
+ # each item in this list of regular expressions. The first match is
+ # used. Try to avoid using undescriptive /dev/dm-N names, if present.
+ # If no preferred name matches, or if preferred_names are not defined,
+ # the following built-in preferences are applied in order until one
+ # produces a preferred name:
+ # Prefer names with path prefixes in the order of:
+ # /dev/mapper, /dev/disk, /dev/dm-*, /dev/block.
+ # Prefer the name with the least number of slashes.
+ # Prefer a name that is a symlink.
+ # Prefer the path with least value in lexicographical order.
+ #
+ # Example
+ # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ]
+ #
+ # This configuration option does not have a default value defined.
+
+ # Configuration option devices/filter.
+ # Limit the block devices that are used by LVM commands.
+ # This is a list of regular expressions used to accept or reject block
+ # device path names. Each regex is delimited by a vertical bar '|'
+ # (or any character) and is preceded by 'a' to accept the path, or
+ # by 'r' to reject the path. The first regex in the list to match the
+ # path is used, producing the 'a' or 'r' result for the device.
+ # When multiple path names exist for a block device, if any path name
+ # matches an 'a' pattern before an 'r' pattern, then the device is
+ # accepted. If all the path names match an 'r' pattern first, then the
+ # device is rejected. Unmatching path names do not affect the accept
+ # or reject decision. If no path names for a device match a pattern,
+ # then the device is accepted. Be careful mixing 'a' and 'r' patterns,
+ # as the combination might produce unexpected results (test changes.)
+ # Run vgscan after changing the filter to regenerate the cache.
+ #
+ # Example
+ # Accept every block device:
+ # filter = [ "a|.*|" ]
+ # Reject the cdrom drive:
+ # filter = [ "r|/dev/cdrom|" ]
+ # Work with just loopback devices, e.g. for testing:
+ # filter = [ "a|loop|", "r|.*|" ]
+ # Accept all loop devices and ide drives except hdc:
+ # filter = [ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ]
+ # Use anchors to be very specific:
+ # filter = [ "a|^/dev/hda8$|", "r|.*|" ]
+ #
+ # This configuration option has an automatic default value.
+ # filter = [ "a|.*|" ]
+
+ # Configuration option devices/global_filter.
+ # Limit the block devices that are used by LVM system components.
+ # Because devices/filter may be overridden from the command line, it is
+ # not suitable for system-wide device filtering, e.g. udev.
+ # Use global_filter to hide devices from these LVM system components.
+ # The syntax is the same as devices/filter. Devices rejected by
+ # global_filter are not opened by LVM.
+ # This configuration option has an automatic default value.
+ # global_filter = [ "a|.*|" ]
+
+ # Configuration option devices/types.
+ # List of additional acceptable block device types.
+ # These are of device type names from /proc/devices, followed by the
+ # maximum number of partitions.
+ #
+ # Example
+ # types = [ "fd", 16 ]
+ #
+ # This configuration option is advanced.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option devices/sysfs_scan.
+ # Restrict device scanning to block devices appearing in sysfs.
+ # This is a quick way of filtering out block devices that are not
+ # present on the system. sysfs must be part of the kernel and mounted.)
+ sysfs_scan = 1
+
+ # Configuration option devices/scan_lvs.
+ # Scan LVM LVs for layered PVs, allowing LVs to be used as PVs.
+ # When 1, LVM will detect PVs layered on LVs, and caution must be
+ # taken to avoid a host accessing a layered VG that may not belong
+ # to it, e.g. from a guest image. This generally requires excluding
+ # the LVs with device filters. Also, when this setting is enabled,
+ # every LVM command will scan every active LV on the system (unless
+ # filtered), which can cause performance problems on systems with
+ # many active LVs. When this setting is 0, LVM will not detect or
+ # use PVs that exist on LVs, and will not allow a PV to be created on
+ # an LV. The LVs are ignored using a built in device filter that
+ # identifies and excludes LVs.
+ scan_lvs = 0
+
+ # Configuration option devices/multipath_component_detection.
+ # Ignore devices that are components of DM multipath devices.
+ multipath_component_detection = 1
+
+ # Configuration option devices/md_component_detection.
+ # Enable detection and exclusion of MD component devices.
+ # An MD component device is a block device that MD uses as part
+ # of a software RAID virtual device. When an LVM PV is created
+ # on an MD device, LVM must only use the top level MD device as
+ # the PV, and should ignore the underlying component devices.
+ # In cases where the MD superblock is located at the end of the
+ # component devices, it is more difficult for LVM to consistently
+ # identify an MD component, see the md_component_checks setting.
+ md_component_detection = 1
+
+ # Configuration option devices/md_component_checks.
+ # The checks LVM should use to detect MD component devices.
+ # MD component devices are block devices used by MD software RAID.
+ #
+ # Accepted values:
+ # auto
+ # LVM will skip scanning the end of devices when it has other
+ # indications that the device is not an MD component.
+ # start
+ # LVM will only scan the start of devices for MD superblocks.
+ # This does not incur extra I/O by LVM.
+ # full
+ # LVM will scan the start and end of devices for MD superblocks.
+ # This requires an extra read at the end of devices.
+ #
+ # This configuration option has an automatic default value.
+ # md_component_checks = "auto"
+
+ # Configuration option devices/fw_raid_component_detection.
+ # Ignore devices that are components of firmware RAID devices.
+ # LVM must use an external_device_info_source other than none for this
+ # detection to execute.
+ fw_raid_component_detection = 0
+
+ # Configuration option devices/md_chunk_alignment.
+ # Align the start of a PV data area with md device's stripe-width.
+ # This applies if a PV is placed directly on an md device.
+ # default_data_alignment will be overriden if it is not aligned
+ # with the value detected for this setting.
+ # This setting is overriden by data_alignment_detection,
+ # data_alignment, and the --dataalignment option.
+ md_chunk_alignment = 1
+
+ # Configuration option devices/default_data_alignment.
+ # Align the start of a PV data area with this number of MiB.
+ # Set to 1 for 1MiB, 2 for 2MiB, etc. Set to 0 to disable.
+ # This setting is overriden by data_alignment and the --dataalignment
+ # option.
+ # This configuration option has an automatic default value.
+ # default_data_alignment = 1
+
+ # Configuration option devices/data_alignment_detection.
+ # Align the start of a PV data area with sysfs io properties.
+ # The start of a PV data area will be a multiple of minimum_io_size or
+ # optimal_io_size exposed in sysfs. minimum_io_size is the smallest
+ # request the device can perform without incurring a read-modify-write
+ # penalty, e.g. MD chunk size. optimal_io_size is the device's
+ # preferred unit of receiving I/O, e.g. MD stripe width.
+ # minimum_io_size is used if optimal_io_size is undefined (0).
+ # If md_chunk_alignment is enabled, that detects the optimal_io_size.
+ # default_data_alignment and md_chunk_alignment will be overriden
+ # if they are not aligned with the value detected for this setting.
+ # This setting is overriden by data_alignment and the --dataalignment
+ # option.
+ data_alignment_detection = 1
+
+ # Configuration option devices/data_alignment.
+ # Align the start of a PV data area with this number of KiB.
+ # When non-zero, this setting overrides default_data_alignment.
+ # Set to 0 to disable, in which case default_data_alignment
+ # is used to align the first PE in units of MiB.
+ # This setting is overriden by the --dataalignment option.
+ data_alignment = 0
+
+ # Configuration option devices/data_alignment_offset_detection.
+ # Shift the start of an aligned PV data area based on sysfs information.
+ # After a PV data area is aligned, it will be shifted by the
+ # alignment_offset exposed in sysfs. This offset is often 0, but may
+ # be non-zero. Certain 4KiB sector drives that compensate for windows
+ # partitioning will have an alignment_offset of 3584 bytes (sector 7
+ # is the lowest aligned logical block, the 4KiB sectors start at
+ # LBA -1, and consequently sector 63 is aligned on a 4KiB boundary).
+ # This setting is overriden by the --dataalignmentoffset option.
+ data_alignment_offset_detection = 1
+
+ # Configuration option devices/ignore_suspended_devices.
+ # Ignore DM devices that have I/O suspended while scanning devices.
+ # Otherwise, LVM waits for a suspended device to become accessible.
+ # This should only be needed in recovery situations.
+ ignore_suspended_devices = 0
+
+ # Configuration option devices/ignore_lvm_mirrors.
+ # Do not scan 'mirror' LVs to avoid possible deadlocks.
+ # This avoids possible deadlocks when using the 'mirror' segment type.
+ # This setting determines whether LVs using the 'mirror' segment type
+ # are scanned for LVM labels. This affects the ability of mirrors to
+ # be used as physical volumes. If this setting is enabled, it is
+ # impossible to create VGs on top of mirror LVs, i.e. to stack VGs on
+ # mirror LVs. If this setting is disabled, allowing mirror LVs to be
+ # scanned, it may cause LVM processes and I/O to the mirror to become
+ # blocked. This is due to the way that the mirror segment type handles
+ # failures. In order for the hang to occur, an LVM command must be run
+ # just after a failure and before the automatic LVM repair process
+ # takes place, or there must be failures in multiple mirrors in the
+ # same VG at the same time with write failures occurring moments before
+ # a scan of the mirror's labels. The 'mirror' scanning problems do not
+ # apply to LVM RAID types like 'raid1' which handle failures in a
+ # different way, making them a better choice for VG stacking.
+ ignore_lvm_mirrors = 1
+
+ # Configuration option devices/require_restorefile_with_uuid.
+ # Allow use of pvcreate --uuid without requiring --restorefile.
+ require_restorefile_with_uuid = 1
+
+ # Configuration option devices/pv_min_size.
+ # Minimum size in KiB of block devices which can be used as PVs.
+ # In a clustered environment all nodes must use the same value.
+ # Any value smaller than 512KiB is ignored. The previous built-in
+ # value was 512.
+ pv_min_size = 2048
+
+ # Configuration option devices/issue_discards.
+ # Issue discards to PVs that are no longer used by an LV.
+ # Discards are sent to an LV's underlying physical volumes when the LV
+ # is no longer using the physical volumes' space, e.g. lvremove,
+ # lvreduce. Discards inform the storage that a region is no longer
+ # used. Storage that supports discards advertise the protocol-specific
+ # way discards should be issued by the kernel (TRIM, UNMAP, or
+ # WRITE SAME with UNMAP bit set). Not all storage will support or
+ # benefit from discards, but SSDs and thinly provisioned LUNs
+ # generally do. If enabled, discards will only be issued if both the
+ # storage and kernel provide support.
+ issue_discards = 1
+
+ # Configuration option devices/allow_changes_with_duplicate_pvs.
+ # Allow VG modification while a PV appears on multiple devices.
+ # When a PV appears on multiple devices, LVM attempts to choose the
+ # best device to use for the PV. If the devices represent the same
+ # underlying storage, the choice has minimal consequence. If the
+ # devices represent different underlying storage, the wrong choice
+ # can result in data loss if the VG is modified. Disabling this
+ # setting is the safest option because it prevents modifying a VG
+ # or activating LVs in it while a PV appears on multiple devices.
+ # Enabling this setting allows the VG to be used as usual even with
+ # uncertain devices.
+ allow_changes_with_duplicate_pvs = 0
+
+ # Configuration option devices/allow_mixed_block_sizes.
+ # Allow PVs in the same VG with different logical block sizes.
+ # When allowed, the user is responsible to ensure that an LV is
+ # using PVs with matching block sizes when necessary.
+ allow_mixed_block_sizes = 0
+}
+
+# Configuration section allocation.
+# How LVM selects space and applies properties to LVs.
+allocation {
+
+ # Configuration option allocation/cling_tag_list.
+ # Advise LVM which PVs to use when searching for new space.
+ # When searching for free space to extend an LV, the 'cling' allocation
+ # policy will choose space on the same PVs as the last segment of the
+ # existing LV. If there is insufficient space and a list of tags is
+ # defined here, it will check whether any of them are attached to the
+ # PVs concerned and then seek to match those PV tags between existing
+ # extents and new extents.
+ #
+ # Example
+ # Use the special tag "@*" as a wildcard to match any PV tag:
+ # cling_tag_list = [ "@*" ]
+ # LVs are mirrored between two sites within a single VG, and
+ # PVs are tagged with either @site1 or @site2 to indicate where
+ # they are situated:
+ # cling_tag_list = [ "@site1", "@site2" ]
+ #
+ # This configuration option does not have a default value defined.
+
+ # Configuration option allocation/maximise_cling.
+ # Use a previous allocation algorithm.
+ # Changes made in version 2.02.85 extended the reach of the 'cling'
+ # policies to detect more situations where data can be grouped onto
+ # the same disks. This setting can be used to disable the changes
+ # and revert to the previous algorithm.
+ maximise_cling = 1
+
+ # Configuration option allocation/use_blkid_wiping.
+ # Use blkid to detect and erase existing signatures on new PVs and LVs.
+ # The blkid library can detect more signatures than the native LVM
+ # detection code, but may take longer. LVM needs to be compiled with
+ # blkid wiping support for this setting to apply. LVM native detection
+ # code is currently able to recognize: MD device signatures,
+ # swap signature, and LUKS signatures. To see the list of signatures
+ # recognized by blkid, check the output of the 'blkid -k' command.
+ use_blkid_wiping = 1
+
+ # Configuration option allocation/wipe_signatures_when_zeroing_new_lvs.
+ # Look for and erase any signatures while zeroing a new LV.
+ # The --wipesignatures option overrides this setting.
+ # Zeroing is controlled by the -Z/--zero option, and if not specified,
+ # zeroing is used by default if possible. Zeroing simply overwrites the
+ # first 4KiB of a new LV with zeroes and does no signature detection or
+ # wiping. Signature wiping goes beyond zeroing and detects exact types
+ # and positions of signatures within the whole LV. It provides a
+ # cleaner LV after creation as all known signatures are wiped. The LV
+ # is not claimed incorrectly by other tools because of old signatures
+ # from previous use. The number of signatures that LVM can detect
+ # depends on the detection code that is selected (see
+ # use_blkid_wiping.) Wiping each detected signature must be confirmed.
+ # When this setting is disabled, signatures on new LVs are not detected
+ # or erased unless the --wipesignatures option is used directly.
+ wipe_signatures_when_zeroing_new_lvs = 1
+
+ # Configuration option allocation/mirror_logs_require_separate_pvs.
+ # Mirror logs and images will always use different PVs.
+ # The default setting changed in version 2.02.85.
+ mirror_logs_require_separate_pvs = 0
+
+ # Configuration option allocation/raid_stripe_all_devices.
+ # Stripe across all PVs when RAID stripes are not specified.
+ # If enabled, all PVs in the VG or on the command line are used for
+ # raid0/4/5/6/10 when the command does not specify the number of
+ # stripes to use.
+ # This was the default behaviour until release 2.02.162.
+ # This configuration option has an automatic default value.
+ # raid_stripe_all_devices = 0
+
+ # Configuration option allocation/cache_pool_metadata_require_separate_pvs.
+ # Cache pool metadata and data will always use different PVs.
+ cache_pool_metadata_require_separate_pvs = 0
+
+ # Configuration option allocation/cache_metadata_format.
+ # Sets default metadata format for new cache.
+ #
+ # Accepted values:
+ # 0 Automatically detected best available format
+ # 1 Original format
+ # 2 Improved 2nd. generation format
+ #
+ # This configuration option has an automatic default value.
+ # cache_metadata_format = 0
+
+ # Configuration option allocation/cache_mode.
+ # The default cache mode used for new cache.
+ #
+ # Accepted values:
+ # writethrough
+ # Data blocks are immediately written from the cache to disk.
+ # writeback
+ # Data blocks are written from the cache back to disk after some
+ # delay to improve performance.
+ #
+ # This setting replaces allocation/cache_pool_cachemode.
+ # This configuration option has an automatic default value.
+ # cache_mode = "writethrough"
+
+ # Configuration option allocation/cache_policy.
+ # The default cache policy used for new cache volume.
+ # Since kernel 4.2 the default policy is smq (Stochastic multiqueue),
+ # otherwise the older mq (Multiqueue) policy is selected.
+ # This configuration option does not have a default value defined.
+
+ # Configuration section allocation/cache_settings.
+ # Settings for the cache policy.
+ # See documentation for individual cache policies for more info.
+ # This configuration section has an automatic default value.
+ # cache_settings {
+ # }
+
+ # Configuration option allocation/cache_pool_chunk_size.
+ # The minimal chunk size in KiB for cache pool volumes.
+ # Using a chunk_size that is too large can result in wasteful use of
+ # the cache, where small reads and writes can cause large sections of
+ # an LV to be mapped into the cache. However, choosing a chunk_size
+ # that is too small can result in more overhead trying to manage the
+ # numerous chunks that become mapped into the cache. The former is
+ # more of a problem than the latter in most cases, so the default is
+ # on the smaller end of the spectrum. Supported values range from
+ # 32KiB to 1GiB in multiples of 32.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option allocation/cache_pool_max_chunks.
+ # The maximum number of chunks in a cache pool.
+ # For cache target v1.9 the recommended maximumm is 1000000 chunks.
+ # Using cache pool with more chunks may degrade cache performance.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option allocation/thin_pool_metadata_require_separate_pvs.
+ # Thin pool metdata and data will always use different PVs.
+ thin_pool_metadata_require_separate_pvs = 0
+
+ # Configuration option allocation/thin_pool_zero.
+ # Thin pool data chunks are zeroed before they are first used.
+ # Zeroing with a larger thin pool chunk size reduces performance.
+ # This configuration option has an automatic default value.
+ # thin_pool_zero = 1
+
+ # Configuration option allocation/thin_pool_discards.
+ # The discards behaviour of thin pool volumes.
+ #
+ # Accepted values:
+ # ignore
+ # nopassdown
+ # passdown
+ #
+ # This configuration option has an automatic default value.
+ # thin_pool_discards = "passdown"
+
+ # Configuration option allocation/thin_pool_chunk_size_policy.
+ # The chunk size calculation policy for thin pool volumes.
+ #
+ # Accepted values:
+ # generic
+ # If thin_pool_chunk_size is defined, use it. Otherwise, calculate
+ # the chunk size based on estimation and device hints exposed in
+ # sysfs - the minimum_io_size. The chunk size is always at least
+ # 64KiB.
+ # performance
+ # If thin_pool_chunk_size is defined, use it. Otherwise, calculate
+ # the chunk size for performance based on device hints exposed in
+ # sysfs - the optimal_io_size. The chunk size is always at least
+ # 512KiB.
+ #
+ # This configuration option has an automatic default value.
+ # thin_pool_chunk_size_policy = "generic"
+
+ # Configuration option allocation/thin_pool_chunk_size.
+ # The minimal chunk size in KiB for thin pool volumes.
+ # Larger chunk sizes may improve performance for plain thin volumes,
+ # however using them for snapshot volumes is less efficient, as it
+ # consumes more space and takes extra time for copying. When unset,
+ # lvm tries to estimate chunk size starting from 64KiB. Supported
+ # values are in the range 64KiB to 1GiB.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option allocation/physical_extent_size.
+ # Default physical extent size in KiB to use for new VGs.
+ # This configuration option has an automatic default value.
+ # physical_extent_size = 4096
+
+ # Configuration option allocation/vdo_use_compression.
+ # Enables or disables compression when creating a VDO volume.
+ # Compression may be disabled if necessary to maximize performance
+ # or to speed processing of data that is unlikely to compress.
+ # This configuration option has an automatic default value.
+ # vdo_use_compression = 1
+
+ # Configuration option allocation/vdo_use_deduplication.
+ # Enables or disables deduplication when creating a VDO volume.
+ # Deduplication may be disabled in instances where data is not expected
+ # to have good deduplication rates but compression is still desired.
+ # This configuration option has an automatic default value.
+ # vdo_use_deduplication = 1
+
+ # Configuration option allocation/vdo_use_metadata_hints.
+ # Enables or disables whether VDO volume should tag its latency-critical
+ # writes with the REQ_SYNC flag. Some device mapper targets such as dm-raid5
+ # process writes with this flag at a higher priority.
+ # Default is enabled.
+ # This configuration option has an automatic default value.
+ # vdo_use_metadata_hints = 1
+
+ # Configuration option allocation/vdo_minimum_io_size.
+ # The minimum IO size for VDO volume to accept, in bytes.
+ # Valid values are 512 or 4096. The recommended and default value is 4096.
+ # This configuration option has an automatic default value.
+ # vdo_minimum_io_size = 4096
+
+ # Configuration option allocation/vdo_block_map_cache_size_mb.
+ # Specifies the amount of memory in MiB allocated for caching block map
+ # pages for VDO volume. The value must be a multiple of 4096 and must be
+ # at least 128MiB and less than 16TiB. The cache must be at least 16MiB
+ # per logical thread. Note that there is a memory overhead of 15%.
+ # This configuration option has an automatic default value.
+ # vdo_block_map_cache_size_mb = 128
+
+ # Configuration option allocation/vdo_block_map_period.
+ # The speed with which the block map cache writes out modified block map pages.
+ # A smaller era length is likely to reduce the amount time spent rebuilding,
+ # at the cost of increased block map writes during normal operation.
+ # The maximum and recommended value is 16380; the minimum value is 1.
+ # This configuration option has an automatic default value.
+ # vdo_block_map_period = 16380
+
+ # Configuration option allocation/vdo_check_point_frequency.
+ # The default check point frequency for VDO volume.
+ # This configuration option has an automatic default value.
+ # vdo_check_point_frequency = 0
+
+ # Configuration option allocation/vdo_use_sparse_index.
+ # Enables sparse indexing for VDO volume.
+ # This configuration option has an automatic default value.
+ # vdo_use_sparse_index = 0
+
+ # Configuration option allocation/vdo_index_memory_size_mb.
+ # Specifies the amount of index memory in MiB for VDO volume.
+ # The value must be at least 256MiB and at most 1TiB.
+ # This configuration option has an automatic default value.
+ # vdo_index_memory_size_mb = 256
+
+ # Configuration option allocation/vdo_slab_size_mb.
+ # Specifies the size in MiB of the increment by which a VDO is grown.
+ # Using a smaller size constrains the total maximum physical size
+ # that can be accommodated. Must be a power of two between 128MiB and 32GiB.
+ # This configuration option has an automatic default value.
+ # vdo_slab_size_mb = 2048
+
+ # Configuration option allocation/vdo_ack_threads.
+ # Specifies the number of threads to use for acknowledging
+ # completion of requested VDO I/O operations.
+ # The value must be at in range [0..100].
+ # This configuration option has an automatic default value.
+ # vdo_ack_threads = 1
+
+ # Configuration option allocation/vdo_bio_threads.
+ # Specifies the number of threads to use for submitting I/O
+ # operations to the storage device of VDO volume.
+ # The value must be in range [1..100]
+ # Each additional thread after the first will use an additional 18MiB of RAM,
+ # plus 1.12 MiB of RAM per megabyte of configured read cache size.
+ # This configuration option has an automatic default value.
+ # vdo_bio_threads = 4
+
+ # Configuration option allocation/vdo_bio_rotation.
+ # Specifies the number of I/O operations to enqueue for each bio-submission
+ # thread before directing work to the next. The value must be in range [1..1024].
+ # This configuration option has an automatic default value.
+ # vdo_bio_rotation = 64
+
+ # Configuration option allocation/vdo_cpu_threads.
+ # Specifies the number of threads to use for CPU-intensive work such as
+ # hashing or compression for VDO volume. The value must be in range [1..100]
+ # This configuration option has an automatic default value.
+ # vdo_cpu_threads = 2
+
+ # Configuration option allocation/vdo_hash_zone_threads.
+ # Specifies the number of threads across which to subdivide parts of the VDO
+ # processing based on the hash value computed from the block data.
+ # The value must be at in range [0..100].
+ # vdo_hash_zone_threads, vdo_logical_threads and vdo_physical_threads must be
+ # either all zero or all non-zero.
+ # This configuration option has an automatic default value.
+ # vdo_hash_zone_threads = 1
+
+ # Configuration option allocation/vdo_logical_threads.
+ # Specifies the number of threads across which to subdivide parts of the VDO
+ # processing based on the hash value computed from the block data.
+ # A logical thread count of 9 or more will require explicitly specifying
+ # a sufficiently large block map cache size, as well.
+ # The value must be in range [0..100].
+ # vdo_hash_zone_threads, vdo_logical_threads and vdo_physical_threads must be
+ # either all zero or all non-zero.
+ # This configuration option has an automatic default value.
+ # vdo_logical_threads = 1
+
+ # Configuration option allocation/vdo_physical_threads.
+ # Specifies the number of threads across which to subdivide parts of the VDO
+ # processing based on physical block addresses.
+ # Each additional thread after the first will use an additional 10MiB of RAM.
+ # The value must be in range [0..16].
+ # vdo_hash_zone_threads, vdo_logical_threads and vdo_physical_threads must be
+ # either all zero or all non-zero.
+ # This configuration option has an automatic default value.
+ # vdo_physical_threads = 1
+
+ # Configuration option allocation/vdo_write_policy.
+ # Specifies the write policy:
+ # auto - VDO will check the storage device and determine whether it supports flushes.
+ # If it does, VDO will run in async mode, otherwise it will run in sync mode.
+ # sync - Writes are acknowledged only after data is stably written.
+ # This policy is not supported if the underlying storage is not also synchronous.
+ # async - Writes are acknowledged after data has been cached for writing to stable storage.
+ # Data which has not been flushed is not guaranteed to persist in this mode.
+ # This configuration option has an automatic default value.
+ # vdo_write_policy = "auto"
+
+ # Configuration option allocation/vdo_max_discard.
+ # Specified te maximum size of discard bio accepted, in 4096 byte blocks.
+ # I/O requests to a VDO volume are normally split into 4096-byte blocks,
+ # and processed up to 2048 at a time. However, discard requests to a VDO volume
+ # can be automatically split to a larger size, up to <max discard> 4096-byte blocks
+ # in a single bio, and are limited to 1500 at a time.
+ # Increasing this value may provide better overall performance, at the cost of
+ # increased latency for the individual discard requests.
+ # The default and minimum is 1. The maximum is UINT_MAX / 4096.
+ # This configuration option has an automatic default value.
+ # vdo_max_discard = 1
+}
+
+# Configuration section log.
+# How LVM log information is reported.
+log {
+
+ # Configuration option log/report_command_log.
+ # Enable or disable LVM log reporting.
+ # If enabled, LVM will collect a log of operations, messages,
+ # per-object return codes with object identification and associated
+ # error numbers (errnos) during LVM command processing. Then the
+ # log is either reported solely or in addition to any existing
+ # reports, depending on LVM command used. If it is a reporting command
+ # (e.g. pvs, vgs, lvs, lvm fullreport), then the log is reported in
+ # addition to any existing reports. Otherwise, there's only log report
+ # on output. For all applicable LVM commands, you can request that
+ # the output has only log report by using --logonly command line
+ # option. Use log/command_log_cols and log/command_log_sort settings
+ # to define fields to display and sort fields for the log report.
+ # You can also use log/command_log_selection to define selection
+ # criteria used each time the log is reported.
+ # This configuration option has an automatic default value.
+ # report_command_log = 0
+
+ # Configuration option log/command_log_sort.
+ # List of columns to sort by when reporting command log.
+ # See <lvm command> --logonly --configreport log -o help
+ # for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # command_log_sort = "log_seq_num"
+
+ # Configuration option log/command_log_cols.
+ # List of columns to report when reporting command log.
+ # See <lvm command> --logonly --configreport log -o help
+ # for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # command_log_cols = "log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code"
+
+ # Configuration option log/command_log_selection.
+ # Selection criteria used when reporting command log.
+ # You can define selection criteria that are applied each
+ # time log is reported. This way, it is possible to control the
+ # amount of log that is displayed on output and you can select
+ # only parts of the log that are important for you. To define
+ # selection criteria, use fields from log report. See also
+ # <lvm command> --logonly --configreport log -S help for the
+ # list of possible fields and selection operators. You can also
+ # define selection criteria for log report on command line directly
+ # using <lvm command> --configreport log -S <selection criteria>
+ # which has precedence over log/command_log_selection setting.
+ # For more information about selection criteria in general, see
+ # lvm(8) man page.
+ # This configuration option has an automatic default value.
+ # command_log_selection = "!(log_type=status && message=success)"
+
+ # Configuration option log/verbose.
+ # Controls the messages sent to stdout or stderr.
+ verbose = 0
+
+ # Configuration option log/silent.
+ # Suppress all non-essential messages from stdout.
+ # This has the same effect as -qq. When enabled, the following commands
+ # still produce output: dumpconfig, lvdisplay, lvmdiskscan, lvs, pvck,
+ # pvdisplay, pvs, version, vgcfgrestore -l, vgdisplay, vgs.
+ # Non-essential messages are shifted from log level 4 to log level 5
+ # for syslog and lvm2_log_fn purposes.
+ # Any 'yes' or 'no' questions not overridden by other arguments are
+ # suppressed and default to 'no'.
+ silent = 0
+
+ # Configuration option log/syslog.
+ # Send log messages through syslog.
+ syslog = 1
+
+ # Configuration option log/file.
+ # Write error and debug log messages to a file specified here.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option log/overwrite.
+ # Overwrite the log file each time the program is run.
+ overwrite = 0
+
+ # Configuration option log/level.
+ # The level of log messages that are sent to the log file or syslog.
+ # There are 6 syslog-like log levels currently in use: 2 to 7 inclusive.
+ # 7 is the most verbose (LOG_DEBUG).
+ level = 0
+
+ # Configuration option log/indent.
+ # Indent messages according to their severity.
+ # This configuration option has an automatic default value.
+ # indent = 0
+
+ # Configuration option log/command_names.
+ # Display the command name on each line of output.
+ command_names = 0
+
+ # Configuration option log/prefix.
+ # A prefix to use before the log message text.
+ # (After the command name, if selected).
+ # Two spaces allows you to see/grep the severity of each message.
+ # To make the messages look similar to the original LVM tools use:
+ # indent = 0, command_names = 1, prefix = " -- "
+ prefix = " "
+
+ # Configuration option log/activation.
+ # Log messages during activation.
+ # Don't use this in low memory situations (can deadlock).
+ activation = 0
+
+ # Configuration option log/debug_classes.
+ # Select log messages by class.
+ # Some debugging messages are assigned to a class and only appear in
+ # debug output if the class is listed here. Classes currently
+ # available: memory, devices, io, activation, allocation,
+ # metadata, cache, locking, lvmpolld. Use "all" to see everything.
+ debug_classes = [ "memory", "devices", "io", "activation", "allocation", "metadata", "cache", "locking", "lvmpolld", "dbus" ]
+
+ # Configuration option log/debug_file_fields.
+ # The fields included in debug output written to log file.
+ # Use "all" to include everything (the default).
+ # This configuration option is advanced.
+ # This configuration option has an automatic default value.
+ # debug_file_fields = [ "time", "command", "fileline", "message" ]
+
+ # Configuration option log/debug_output_fields.
+ # The fields included in debug output written to stderr.
+ # Use "all" to include everything (the default).
+ # This configuration option is advanced.
+ # This configuration option has an automatic default value.
+ # debug_output_fields = [ "time", "command", "fileline", "message" ]
+}
+
+# Configuration section backup.
+# How LVM metadata is backed up and archived.
+# In LVM, a 'backup' is a copy of the metadata for the current system,
+# and an 'archive' contains old metadata configurations. They are
+# stored in a human readable text format.
+backup {
+
+ # Configuration option backup/backup.
+ # Maintain a backup of the current metadata configuration.
+ # Think very hard before turning this off!
+ backup = 1
+
+ # Configuration option backup/backup_dir.
+ # Location of the metadata backup files.
+ # Remember to back up this directory regularly!
+ backup_dir = "/etc/lvm/backup"
+
+ # Configuration option backup/archive.
+ # Maintain an archive of old metadata configurations.
+ # Think very hard before turning this off.
+ archive = 1
+
+ # Configuration option backup/archive_dir.
+ # Location of the metdata archive files.
+ # Remember to back up this directory regularly!
+ archive_dir = "/etc/lvm/archive"
+
+ # Configuration option backup/retain_min.
+ # Minimum number of archives to keep.
+ retain_min = 10
+
+ # Configuration option backup/retain_days.
+ # Minimum number of days to keep archive files.
+ retain_days = 30
+}
+
+# Configuration section shell.
+# Settings for running LVM in shell (readline) mode.
+shell {
+
+ # Configuration option shell/history_size.
+ # Number of lines of history to store in ~/.lvm_history.
+ history_size = 100
+}
+
+# Configuration section global.
+# Miscellaneous global LVM settings.
+global {
+
+ # Configuration option global/umask.
+ # The file creation mask for any files and directories created.
+ # Interpreted as octal if the first digit is zero.
+ umask = 077
+
+ # Configuration option global/test.
+ # No on-disk metadata changes will be made in test mode.
+ # Equivalent to having the -t option on every command.
+ test = 0
+
+ # Configuration option global/units.
+ # Default value for --units argument.
+ units = "r"
+
+ # Configuration option global/si_unit_consistency.
+ # Distinguish between powers of 1024 and 1000 bytes.
+ # The LVM commands distinguish between powers of 1024 bytes,
+ # e.g. KiB, MiB, GiB, and powers of 1000 bytes, e.g. KB, MB, GB.
+ # If scripts depend on the old behaviour, disable this setting
+ # temporarily until they are updated.
+ si_unit_consistency = 1
+
+ # Configuration option global/suffix.
+ # Display unit suffix for sizes.
+ # This setting has no effect if the units are in human-readable form
+ # (global/units = "h") in which case the suffix is always displayed.
+ suffix = 1
+
+ # Configuration option global/activation.
+ # Enable/disable communication with the kernel device-mapper.
+ # Disable to use the tools to manipulate LVM metadata without
+ # activating any logical volumes. If the device-mapper driver
+ # is not present in the kernel, disabling this should suppress
+ # the error messages.
+ activation = 1
+
+ # Configuration option global/proc.
+ # Location of proc filesystem.
+ # This configuration option is advanced.
+ proc = "/proc"
+
+ # Configuration option global/etc.
+ # Location of /etc system configuration directory.
+ etc = "/etc"
+
+ # Configuration option global/wait_for_locks.
+ # When disabled, fail if a lock request would block.
+ wait_for_locks = 1
+
+ # Configuration option global/locking_dir.
+ # Directory to use for LVM command file locks.
+ # Local non-LV directory that holds file-based locks while commands are
+ # in progress. A directory like /tmp that may get wiped on reboot is OK.
+ locking_dir = "/run/lock/lvm"
+
+ # Configuration option global/prioritise_write_locks.
+ # Allow quicker VG write access during high volume read access.
+ # When there are competing read-only and read-write access requests for
+ # a volume group's metadata, instead of always granting the read-only
+ # requests immediately, delay them to allow the read-write requests to
+ # be serviced. Without this setting, write access may be stalled by a
+ # high volume of read-only requests. This option only affects
+ # locking_type 1 viz. local file-based locking.
+ prioritise_write_locks = 1
+
+ # Configuration option global/library_dir.
+ # Search this directory first for shared libraries.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option global/abort_on_internal_errors.
+ # Abort a command that encounters an internal error.
+ # Treat any internal errors as fatal errors, aborting the process that
+ # encountered the internal error. Please only enable for debugging.
+ abort_on_internal_errors = 0
+
+ # Configuration option global/metadata_read_only.
+ # No operations that change on-disk metadata are permitted.
+ # Additionally, read-only commands that encounter metadata in need of
+ # repair will still be allowed to proceed exactly as if the repair had
+ # been performed (except for the unchanged vg_seqno). Inappropriate
+ # use could mess up your system, so seek advice first!
+ metadata_read_only = 0
+
+ # Configuration option global/mirror_segtype_default.
+ # The segment type used by the short mirroring option -m.
+ # The --type mirror|raid1 option overrides this setting.
+ #
+ # Accepted values:
+ # mirror
+ # The original RAID1 implementation from LVM/DM. It is
+ # characterized by a flexible log solution (core, disk, mirrored),
+ # and by the necessity to block I/O while handling a failure.
+ # There is an inherent race in the dmeventd failure handling logic
+ # with snapshots of devices using this type of RAID1 that in the
+ # worst case could cause a deadlock. (Also see
+ # devices/ignore_lvm_mirrors.)
+ # raid1
+ # This is a newer RAID1 implementation using the MD RAID1
+ # personality through device-mapper. It is characterized by a
+ # lack of log options. (A log is always allocated for every
+ # device and they are placed on the same device as the image,
+ # so no separate devices are required.) This mirror
+ # implementation does not require I/O to be blocked while
+ # handling a failure. This mirror implementation is not
+ # cluster-aware and cannot be used in a shared (active/active)
+ # fashion in a cluster.
+ #
+ mirror_segtype_default = "raid1"
+
+ # Configuration option global/support_mirrored_mirror_log.
+ # Enable mirrored 'mirror' log type for testing.
+ #
+ # This type is deprecated to create or convert to but can
+ # be enabled to test that activation of existing mirrored
+ # logs and conversion to disk/core works.
+ #
+ # Not supported for regular operation!
+ support_mirrored_mirror_log = 0
+
+ # Configuration option global/raid10_segtype_default.
+ # The segment type used by the -i -m combination.
+ # The --type raid10|mirror option overrides this setting.
+ # The --stripes/-i and --mirrors/-m options can both be specified
+ # during the creation of a logical volume to use both striping and
+ # mirroring for the LV. There are two different implementations.
+ #
+ # Accepted values:
+ # raid10
+ # LVM uses MD's RAID10 personality through DM. This is the
+ # preferred option.
+ # mirror
+ # LVM layers the 'mirror' and 'stripe' segment types. The layering
+ # is done by creating a mirror LV on top of striped sub-LVs,
+ # effectively creating a RAID 0+1 array. The layering is suboptimal
+ # in terms of providing redundancy and performance.
+ #
+ raid10_segtype_default = "raid10"
+
+ # Configuration option global/sparse_segtype_default.
+ # The segment type used by the -V -L combination.
+ # The --type snapshot|thin option overrides this setting.
+ # The combination of -V and -L options creates a sparse LV. There are
+ # two different implementations.
+ #
+ # Accepted values:
+ # snapshot
+ # The original snapshot implementation from LVM/DM. It uses an old
+ # snapshot that mixes data and metadata within a single COW
+ # storage volume and performs poorly when the size of stored data
+ # passes hundreds of MB.
+ # thin
+ # A newer implementation that uses thin provisioning. It has a
+ # bigger minimal chunk size (64KiB) and uses a separate volume for
+ # metadata. It has better performance, especially when more data
+ # is used. It also supports full snapshots.
+ #
+ sparse_segtype_default = "thin"
+
+ # Configuration option global/lvdisplay_shows_full_device_path.
+ # Enable this to reinstate the previous lvdisplay name format.
+ # The default format for displaying LV names in lvdisplay was changed
+ # in version 2.02.89 to show the LV name and path separately.
+ # Previously this was always shown as /dev/vgname/lvname even when that
+ # was never a valid path in the /dev filesystem.
+ # This configuration option has an automatic default value.
+ # lvdisplay_shows_full_device_path = 0
+
+ # Configuration option global/event_activation.
+ # Activate LVs based on system-generated device events.
+ # When a device appears on the system, a system-generated event runs
+ # the pvscan command to activate LVs if the new PV completes the VG.
+ # Use auto_activation_volume_list to select which LVs should be
+ # activated from these events (the default is all.)
+ # When event_activation is disabled, the system will generally run
+ # a direct activation command to activate LVs in complete VGs.
+ event_activation = 1
+
+ # Configuration option global/use_aio.
+ # Use async I/O when reading and writing devices.
+ # This configuration option has an automatic default value.
+ # use_aio = 1
+
+ # Configuration option global/use_lvmlockd.
+ # Use lvmlockd for locking among hosts using LVM on shared storage.
+ # Applicable only if LVM is compiled with lockd support in which
+ # case there is also lvmlockd(8) man page available for more
+ # information.
+ use_lvmlockd = 0
+
+ # Configuration option global/lvmlockd_lock_retries.
+ # Retry lvmlockd lock requests this many times.
+ # Applicable only if LVM is compiled with lockd support
+ # This configuration option has an automatic default value.
+ # lvmlockd_lock_retries = 3
+
+ # Configuration option global/sanlock_lv_extend.
+ # Size in MiB to extend the internal LV holding sanlock locks.
+ # The internal LV holds locks for each LV in the VG, and after enough
+ # LVs have been created, the internal LV needs to be extended. lvcreate
+ # will automatically extend the internal LV when needed by the amount
+ # specified here. Setting this to 0 disables the automatic extension
+ # and can cause lvcreate to fail. Applicable only if LVM is compiled
+ # with lockd support
+ # This configuration option has an automatic default value.
+ # sanlock_lv_extend = 256
+
+ # Configuration option global/thin_check_executable.
+ # The full path to the thin_check command.
+ # LVM uses this command to check that a thin metadata device is in a
+ # usable state. When a thin pool is activated and after it is
+ # deactivated, this command is run. Activation will only proceed if
+ # the command has an exit status of 0. Set to "" to skip this check.
+ # (Not recommended.) Also see thin_check_options.
+ # (See package device-mapper-persistent-data or thin-provisioning-tools)
+ # This configuration option has an automatic default value.
+ # thin_check_executable = "/usr/sbin/thin_check"
+
+ # Configuration option global/thin_dump_executable.
+ # The full path to the thin_dump command.
+ # LVM uses this command to dump thin pool metadata.
+ # (See package device-mapper-persistent-data or thin-provisioning-tools)
+ # This configuration option has an automatic default value.
+ # thin_dump_executable = "/usr/sbin/thin_dump"
+
+ # Configuration option global/thin_repair_executable.
+ # The full path to the thin_repair command.
+ # LVM uses this command to repair a thin metadata device if it is in
+ # an unusable state. Also see thin_repair_options.
+ # (See package device-mapper-persistent-data or thin-provisioning-tools)
+ # This configuration option has an automatic default value.
+ # thin_repair_executable = "/usr/sbin/thin_repair"
+
+ # Configuration option global/thin_check_options.
+ # List of options passed to the thin_check command.
+ # With thin_check version 2.1 or newer you can add the option
+ # --ignore-non-fatal-errors to let it pass through ignorable errors
+ # and fix them later. With thin_check version 3.2 or newer you should
+ # include the option --clear-needs-check-flag.
+ # This configuration option has an automatic default value.
+ # thin_check_options = [ "-q", "--clear-needs-check-flag" ]
+
+ # Configuration option global/thin_repair_options.
+ # List of options passed to the thin_repair command.
+ # This configuration option has an automatic default value.
+ # thin_repair_options = [ "" ]
+
+ # Configuration option global/thin_disabled_features.
+ # Features to not use in the thin driver.
+ # This can be helpful for testing, or to avoid using a feature that is
+ # causing problems. Features include: block_size, discards,
+ # discards_non_power_2, external_origin, metadata_resize,
+ # external_origin_extend, error_if_no_space.
+ #
+ # Example
+ # thin_disabled_features = [ "discards", "block_size" ]
+ #
+ # This configuration option does not have a default value defined.
+
+ # Configuration option global/cache_disabled_features.
+ # Features to not use in the cache driver.
+ # This can be helpful for testing, or to avoid using a feature that is
+ # causing problems. Features include: policy_mq, policy_smq, metadata2.
+ #
+ # Example
+ # cache_disabled_features = [ "policy_smq" ]
+ #
+ # This configuration option does not have a default value defined.
+
+ # Configuration option global/cache_check_executable.
+ # The full path to the cache_check command.
+ # LVM uses this command to check that a cache metadata device is in a
+ # usable state. When a cached LV is activated and after it is
+ # deactivated, this command is run. Activation will only proceed if the
+ # command has an exit status of 0. Set to "" to skip this check.
+ # (Not recommended.) Also see cache_check_options.
+ # (See package device-mapper-persistent-data or thin-provisioning-tools)
+ # This configuration option has an automatic default value.
+ # cache_check_executable = "/usr/sbin/cache_check"
+
+ # Configuration option global/cache_dump_executable.
+ # The full path to the cache_dump command.
+ # LVM uses this command to dump cache pool metadata.
+ # (See package device-mapper-persistent-data or thin-provisioning-tools)
+ # This configuration option has an automatic default value.
+ # cache_dump_executable = "/usr/sbin/cache_dump"
+
+ # Configuration option global/cache_repair_executable.
+ # The full path to the cache_repair command.
+ # LVM uses this command to repair a cache metadata device if it is in
+ # an unusable state. Also see cache_repair_options.
+ # (See package device-mapper-persistent-data or thin-provisioning-tools)
+ # This configuration option has an automatic default value.
+ # cache_repair_executable = "/usr/sbin/cache_repair"
+
+ # Configuration option global/cache_check_options.
+ # List of options passed to the cache_check command.
+ # With cache_check version 5.0 or newer you should include the option
+ # --clear-needs-check-flag.
+ # This configuration option has an automatic default value.
+ # cache_check_options = [ "-q", "--clear-needs-check-flag" ]
+
+ # Configuration option global/cache_repair_options.
+ # List of options passed to the cache_repair command.
+ # This configuration option has an automatic default value.
+ # cache_repair_options = [ "" ]
+
+ # Configuration option global/vdo_format_executable.
+ # The full path to the vdoformat command.
+ # LVM uses this command to initial data volume for VDO type logical volume
+ # This configuration option has an automatic default value.
+ # vdo_format_executable = "autodetect"
+
+ # Configuration option global/vdo_format_options.
+ # List of options passed added to standard vdoformat command.
+ # This configuration option has an automatic default value.
+ # vdo_format_options = [ "" ]
+
+ # Configuration option global/fsadm_executable.
+ # The full path to the fsadm command.
+ # LVM uses this command to help with lvresize -r operations.
+ # This configuration option has an automatic default value.
+ # fsadm_executable = "/sbin/fsadm"
+
+ # Configuration option global/system_id_source.
+ # The method LVM uses to set the local system ID.
+ # Volume Groups can also be given a system ID (by vgcreate, vgchange,
+ # or vgimport.) A VG on shared storage devices is accessible only to
+ # the host with a matching system ID. See 'man lvmsystemid' for
+ # information on limitations and correct usage.
+ #
+ # Accepted values:
+ # none
+ # The host has no system ID.
+ # lvmlocal
+ # Obtain the system ID from the system_id setting in the 'local'
+ # section of an lvm configuration file, e.g. lvmlocal.conf.
+ # uname
+ # Set the system ID from the hostname (uname) of the system.
+ # System IDs beginning localhost are not permitted.
+ # machineid
+ # Use the contents of the machine-id file to set the system ID.
+ # Some systems create this file at installation time.
+ # See 'man machine-id' and global/etc.
+ # file
+ # Use the contents of another file (system_id_file) to set the
+ # system ID.
+ #
+ system_id_source = "none"
+
+ # Configuration option global/system_id_file.
+ # The full path to the file containing a system ID.
+ # This is used when system_id_source is set to 'file'.
+ # Comments starting with the character # are ignored.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option global/use_lvmpolld.
+ # Use lvmpolld to supervise long running LVM commands.
+ # When enabled, control of long running LVM commands is transferred
+ # from the original LVM command to the lvmpolld daemon. This allows
+ # the operation to continue independent of the original LVM command.
+ # After lvmpolld takes over, the LVM command displays the progress
+ # of the ongoing operation. lvmpolld itself runs LVM commands to
+ # manage the progress of ongoing operations. lvmpolld can be used as
+ # a native systemd service, which allows it to be started on demand,
+ # and to use its own control group. When this option is disabled, LVM
+ # commands will supervise long running operations by forking themselves.
+ # Applicable only if LVM is compiled with lvmpolld support.
+ use_lvmpolld = 1
+
+ # Configuration option global/notify_dbus.
+ # Enable D-Bus notification from LVM commands.
+ # When enabled, an LVM command that changes PVs, changes VG metadata,
+ # or changes the activation state of an LV will send a notification.
+ notify_dbus = 1
+
+ # Configuration option global/io_memory_size.
+ # The amount of memory in KiB that LVM allocates to perform disk io.
+ # LVM performance may benefit from more io memory when there are many
+ # disks or VG metadata is large. Increasing this size may be necessary
+ # when a single copy of VG metadata is larger than the current setting.
+ # This value should usually not be decreased from the default; setting
+ # it too low can result in lvm failing to read VGs.
+ # This configuration option has an automatic default value.
+ # io_memory_size = 8192
+}
+
+# Configuration section activation.
+activation {
+
+ # Configuration option activation/checks.
+ # Perform internal checks of libdevmapper operations.
+ # Useful for debugging problems with activation. Some of the checks may
+ # be expensive, so it's best to use this only when there seems to be a
+ # problem.
+ checks = 0
+
+ # Configuration option activation/udev_sync.
+ # Use udev notifications to synchronize udev and LVM.
+ # The --nodevsync option overrides this setting.
+ # When disabled, LVM commands will not wait for notifications from
+ # udev, but continue irrespective of any possible udev processing in
+ # the background. Only use this if udev is not running or has rules
+ # that ignore the devices LVM creates. If enabled when udev is not
+ # running, and LVM processes are waiting for udev, run the command
+ # 'dmsetup udevcomplete_all' to wake them up.
+ udev_sync = 1
+
+ # Configuration option activation/udev_rules.
+ # Use udev rules to manage LV device nodes and symlinks.
+ # When disabled, LVM will manage the device nodes and symlinks for
+ # active LVs itself. Manual intervention may be required if this
+ # setting is changed while LVs are active.
+ udev_rules = 1
+
+ # Configuration option activation/verify_udev_operations.
+ # Use extra checks in LVM to verify udev operations.
+ # This enables additional checks (and if necessary, repairs) on entries
+ # in the device directory after udev has completed processing its
+ # events. Useful for diagnosing problems with LVM/udev interactions.
+ verify_udev_operations = 0
+
+ # Configuration option activation/retry_deactivation.
+ # Retry failed LV deactivation.
+ # If LV deactivation fails, LVM will retry for a few seconds before
+ # failing. This may happen because a process run from a quick udev rule
+ # temporarily opened the device.
+ retry_deactivation = 1
+
+ # Configuration option activation/missing_stripe_filler.
+ # Method to fill missing stripes when activating an incomplete LV.
+ # Using 'error' will make inaccessible parts of the device return I/O
+ # errors on access. Using 'zero' will return success (and zero) on I/O
+ # You can instead use a device path, in which case,
+ # that device will be used in place of missing stripes. Using anything
+ # other than 'error' with mirrored or snapshotted volumes is likely to
+ # result in data corruption.
+ # This configuration option is advanced.
+ missing_stripe_filler = "error"
+
+ # Configuration option activation/use_linear_target.
+ # Use the linear target to optimize single stripe LVs.
+ # When disabled, the striped target is used. The linear target is an
+ # optimised version of the striped target that only handles a single
+ # stripe.
+ use_linear_target = 1
+
+ # Configuration option activation/reserved_stack.
+ # Stack size in KiB to reserve for use while devices are suspended.
+ # Insufficent reserve risks I/O deadlock during device suspension.
+ reserved_stack = 64
+
+ # Configuration option activation/reserved_memory.
+ # Memory size in KiB to reserve for use while devices are suspended.
+ # Insufficent reserve risks I/O deadlock during device suspension.
+ reserved_memory = 8192
+
+ # Configuration option activation/process_priority.
+ # Nice value used while devices are suspended.
+ # Use a high priority so that LVs are suspended
+ # for the shortest possible time.
+ process_priority = -18
+
+ # Configuration option activation/volume_list.
+ # Only LVs selected by this list are activated.
+ # If this list is defined, an LV is only activated if it matches an
+ # entry in this list. If this list is undefined, it imposes no limits
+ # on LV activation (all are allowed).
+ #
+ # Accepted values:
+ # vgname
+ # The VG name is matched exactly and selects all LVs in the VG.
+ # vgname/lvname
+ # The VG name and LV name are matched exactly and selects the LV.
+ # @tag
+ # Selects an LV if the specified tag matches a tag set on the LV
+ # or VG.
+ # @*
+ # Selects an LV if a tag defined on the host is also set on the LV
+ # or VG. See tags/hosttags. If any host tags exist but volume_list
+ # is not defined, a default single-entry list containing '@*'
+ # is assumed.
+ #
+ # Example
+ # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ]
+ #
+ # This configuration option does not have a default value defined.
+
+ # Configuration option activation/auto_activation_volume_list.
+ # Only LVs selected by this list are auto-activated.
+ # This list works like volume_list, but it is used only by
+ # auto-activation commands. It does not apply to direct activation
+ # commands. If this list is defined, an LV is only auto-activated
+ # if it matches an entry in this list. If this list is undefined, it
+ # imposes no limits on LV auto-activation (all are allowed.) If this
+ # list is defined and empty, i.e. "[]", then no LVs are selected for
+ # auto-activation. An LV that is selected by this list for
+ # auto-activation, must also be selected by volume_list (if defined)
+ # before it is activated. Auto-activation is an activation command that
+ # includes the 'a' argument: --activate ay or -a ay. The 'a' (auto)
+ # argument for auto-activation is meant to be used by activation
+ # commands that are run automatically by the system, as opposed to LVM
+ # commands run directly by a user. A user may also use the 'a' flag
+ # directly to perform auto-activation. Also see pvscan(8) for more
+ # information about auto-activation.
+ #
+ # Accepted values:
+ # vgname
+ # The VG name is matched exactly and selects all LVs in the VG.
+ # vgname/lvname
+ # The VG name and LV name are matched exactly and selects the LV.
+ # @tag
+ # Selects an LV if the specified tag matches a tag set on the LV
+ # or VG.
+ # @*
+ # Selects an LV if a tag defined on the host is also set on the LV
+ # or VG. See tags/hosttags. If any host tags exist but volume_list
+ # is not defined, a default single-entry list containing '@*'
+ # is assumed.
+ #
+ # Example
+ # auto_activation_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ]
+ #
+ # This configuration option does not have a default value defined.
+
+ # Configuration option activation/read_only_volume_list.
+ # LVs in this list are activated in read-only mode.
+ # If this list is defined, each LV that is to be activated is checked
+ # against this list, and if it matches, it is activated in read-only
+ # mode. This overrides the permission setting stored in the metadata,
+ # e.g. from --permission rw.
+ #
+ # Accepted values:
+ # vgname
+ # The VG name is matched exactly and selects all LVs in the VG.
+ # vgname/lvname
+ # The VG name and LV name are matched exactly and selects the LV.
+ # @tag
+ # Selects an LV if the specified tag matches a tag set on the LV
+ # or VG.
+ # @*
+ # Selects an LV if a tag defined on the host is also set on the LV
+ # or VG. See tags/hosttags. If any host tags exist but volume_list
+ # is not defined, a default single-entry list containing '@*'
+ # is assumed.
+ #
+ # Example
+ # read_only_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ]
+ #
+ # This configuration option does not have a default value defined.
+
+ # Configuration option activation/raid_region_size.
+ # Size in KiB of each raid or mirror synchronization region.
+ # The clean/dirty state of data is tracked for each region.
+ # The value is rounded down to a power of two if necessary, and
+ # is ignored if it is not a multiple of the machine memory page size.
+ raid_region_size = 2048
+
+ # Configuration option activation/error_when_full.
+ # Return errors if a thin pool runs out of space.
+ # The --errorwhenfull option overrides this setting.
+ # When enabled, writes to thin LVs immediately return an error if the
+ # thin pool is out of data space. When disabled, writes to thin LVs
+ # are queued if the thin pool is out of space, and processed when the
+ # thin pool data space is extended. New thin pools are assigned the
+ # behavior defined here.
+ # This configuration option has an automatic default value.
+ # error_when_full = 0
+
+ # Configuration option activation/readahead.
+ # Setting to use when there is no readahead setting in metadata.
+ #
+ # Accepted values:
+ # none
+ # Disable readahead.
+ # auto
+ # Use default value chosen by kernel.
+ #
+ readahead = "auto"
+
+ # Configuration option activation/raid_fault_policy.
+ # Defines how a device failure in a RAID LV is handled.
+ # This includes LVs that have the following segment types:
+ # raid1, raid4, raid5*, and raid6*.
+ # If a device in the LV fails, the policy determines the steps
+ # performed by dmeventd automatically, and the steps perfomed by the
+ # manual command lvconvert --repair --use-policies.
+ # Automatic handling requires dmeventd to be monitoring the LV.
+ #
+ # Accepted values:
+ # warn
+ # Use the system log to warn the user that a device in the RAID LV
+ # has failed. It is left to the user to run lvconvert --repair
+ # manually to remove or replace the failed device. As long as the
+ # number of failed devices does not exceed the redundancy of the LV
+ # (1 device for raid4/5, 2 for raid6), the LV will remain usable.
+ # allocate
+ # Attempt to use any extra physical volumes in the VG as spares and
+ # replace faulty devices.
+ #
+ raid_fault_policy = "warn"
+
+ # Configuration option activation/mirror_image_fault_policy.
+ # Defines how a device failure in a 'mirror' LV is handled.
+ # An LV with the 'mirror' segment type is composed of mirror images
+ # (copies) and a mirror log. A disk log ensures that a mirror LV does
+ # not need to be re-synced (all copies made the same) every time a
+ # machine reboots or crashes. If a device in the LV fails, this policy
+ # determines the steps perfomed by dmeventd automatically, and the steps
+ # performed by the manual command lvconvert --repair --use-policies.
+ # Automatic handling requires dmeventd to be monitoring the LV.
+ #
+ # Accepted values:
+ # remove
+ # Simply remove the faulty device and run without it. If the log
+ # device fails, the mirror would convert to using an in-memory log.
+ # This means the mirror will not remember its sync status across
+ # crashes/reboots and the entire mirror will be re-synced. If a
+ # mirror image fails, the mirror will convert to a non-mirrored
+ # device if there is only one remaining good copy.
+ # allocate
+ # Remove the faulty device and try to allocate space on a new
+ # device to be a replacement for the failed device. Using this
+ # policy for the log is fast and maintains the ability to remember
+ # sync state through crashes/reboots. Using this policy for a
+ # mirror device is slow, as it requires the mirror to resynchronize
+ # the devices, but it will preserve the mirror characteristic of
+ # the device. This policy acts like 'remove' if no suitable device
+ # and space can be allocated for the replacement.
+ # allocate_anywhere
+ # Not yet implemented. Useful to place the log device temporarily
+ # on the same physical volume as one of the mirror images. This
+ # policy is not recommended for mirror devices since it would break
+ # the redundant nature of the mirror. This policy acts like
+ # 'remove' if no suitable device and space can be allocated for the
+ # replacement.
+ #
+ mirror_image_fault_policy = "remove"
+
+ # Configuration option activation/mirror_log_fault_policy.
+ # Defines how a device failure in a 'mirror' log LV is handled.
+ # The mirror_image_fault_policy description for mirrored LVs also
+ # applies to mirrored log LVs.
+ mirror_log_fault_policy = "allocate"
+
+ # Configuration option activation/snapshot_autoextend_threshold.
+ # Auto-extend a snapshot when its usage exceeds this percent.
+ # Setting this to 100 disables automatic extension.
+ # The minimum value is 50 (a smaller value is treated as 50.)
+ # Also see snapshot_autoextend_percent.
+ # Automatic extension requires dmeventd to be monitoring the LV.
+ #
+ # Example
+ # Using 70% autoextend threshold and 20% autoextend size, when a 1G
+ # snapshot exceeds 700M, it is extended to 1.2G, and when it exceeds
+ # 840M, it is extended to 1.44G:
+ # snapshot_autoextend_threshold = 70
+ #
+ snapshot_autoextend_threshold = 100
+
+ # Configuration option activation/snapshot_autoextend_percent.
+ # Auto-extending a snapshot adds this percent extra space.
+ # The amount of additional space added to a snapshot is this
+ # percent of its current size.
+ #
+ # Example
+ # Using 70% autoextend threshold and 20% autoextend size, when a 1G
+ # snapshot exceeds 700M, it is extended to 1.2G, and when it exceeds
+ # 840M, it is extended to 1.44G:
+ # snapshot_autoextend_percent = 20
+ #
+ snapshot_autoextend_percent = 20
+
+ # Configuration option activation/thin_pool_autoextend_threshold.
+ # Auto-extend a thin pool when its usage exceeds this percent.
+ # Setting this to 100 disables automatic extension.
+ # The minimum value is 50 (a smaller value is treated as 50.)
+ # Also see thin_pool_autoextend_percent.
+ # Automatic extension requires dmeventd to be monitoring the LV.
+ #
+ # Example
+ # Using 70% autoextend threshold and 20% autoextend size, when a 1G
+ # thin pool exceeds 700M, it is extended to 1.2G, and when it exceeds
+ # 840M, it is extended to 1.44G:
+ # thin_pool_autoextend_threshold = 70
+ #
+ thin_pool_autoextend_threshold = 100
+
+ # Configuration option activation/thin_pool_autoextend_percent.
+ # Auto-extending a thin pool adds this percent extra space.
+ # The amount of additional space added to a thin pool is this
+ # percent of its current size.
+ #
+ # Example
+ # Using 70% autoextend threshold and 20% autoextend size, when a 1G
+ # thin pool exceeds 700M, it is extended to 1.2G, and when it exceeds
+ # 840M, it is extended to 1.44G:
+ # thin_pool_autoextend_percent = 20
+ #
+ thin_pool_autoextend_percent = 20
+
+ # Configuration option activation/vdo_pool_autoextend_threshold.
+ # Auto-extend a VDO pool when its usage exceeds this percent.
+ # Setting this to 100 disables automatic extension.
+ # The minimum value is 50 (a smaller value is treated as 50.)
+ # Also see vdo_pool_autoextend_percent.
+ # Automatic extension requires dmeventd to be monitoring the LV.
+ #
+ # Example
+ # Using 70% autoextend threshold and 20% autoextend size, when a 10G
+ # VDO pool exceeds 7G, it is extended to 12G, and when it exceeds
+ # 8.4G, it is extended to 14.4G:
+ # vdo_pool_autoextend_threshold = 70
+ #
+ vdo_pool_autoextend_threshold = 100
+
+ # Configuration option activation/vdo_pool_autoextend_percent.
+ # Auto-extending a VDO pool adds this percent extra space.
+ # The amount of additional space added to a VDO pool is this
+ # percent of its current size.
+ #
+ # Example
+ # Using 70% autoextend threshold and 20% autoextend size, when a 10G
+ # VDO pool exceeds 7G, it is extended to 12G, and when it exceeds
+ # 8.4G, it is extended to 14.4G:
+ # This configuration option has an automatic default value.
+ # vdo_pool_autoextend_percent = 20
+
+ # Configuration option activation/mlock_filter.
+ # Do not mlock these memory areas.
+ # While activating devices, I/O to devices being (re)configured is
+ # suspended. As a precaution against deadlocks, LVM pins memory it is
+ # using so it is not paged out, and will not require I/O to reread.
+ # Groups of pages that are known not to be accessed during activation
+ # do not need to be pinned into memory. Each string listed in this
+ # setting is compared against each line in /proc/self/maps, and the
+ # pages corresponding to lines that match are not pinned. On some
+ # systems, locale-archive was found to make up over 80% of the memory
+ # used by the process.
+ #
+ # Example
+ # mlock_filter = [ "locale/locale-archive", "gconv/gconv-modules.cache" ]
+ #
+ # This configuration option is advanced.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option activation/use_mlockall.
+ # Use the old behavior of mlockall to pin all memory.
+ # Prior to version 2.02.62, LVM used mlockall() to pin the whole
+ # process's memory while activating devices.
+ use_mlockall = 0
+
+ # Configuration option activation/monitoring.
+ # Monitor LVs that are activated.
+ # The --ignoremonitoring option overrides this setting.
+ # When enabled, LVM will ask dmeventd to monitor activated LVs.
+ monitoring = 1
+
+ # Configuration option activation/polling_interval.
+ # Check pvmove or lvconvert progress at this interval (seconds).
+ # When pvmove or lvconvert must wait for the kernel to finish
+ # synchronising or merging data, they check and report progress at
+ # intervals of this number of seconds. If this is set to 0 and there
+ # is only one thing to wait for, there are no progress reports, but
+ # the process is awoken immediately once the operation is complete.
+ polling_interval = 15
+
+ # Configuration option activation/auto_set_activation_skip.
+ # Set the activation skip flag on new thin snapshot LVs.
+ # The --setactivationskip option overrides this setting.
+ # An LV can have a persistent 'activation skip' flag. The flag causes
+ # the LV to be skipped during normal activation. The lvchange/vgchange
+ # -K option is required to activate LVs that have the activation skip
+ # flag set. When this setting is enabled, the activation skip flag is
+ # set on new thin snapshot LVs.
+ # This configuration option has an automatic default value.
+ # auto_set_activation_skip = 1
+
+ # Configuration option activation/activation_mode.
+ # How LVs with missing devices are activated.
+ # The --activationmode option overrides this setting.
+ #
+ # Accepted values:
+ # complete
+ # Only allow activation of an LV if all of the Physical Volumes it
+ # uses are present. Other PVs in the Volume Group may be missing.
+ # degraded
+ # Like complete, but additionally RAID LVs of segment type raid1,
+ # raid4, raid5, radid6 and raid10 will be activated if there is no
+ # data loss, i.e. they have sufficient redundancy to present the
+ # entire addressable range of the Logical Volume.
+ # partial
+ # Allows the activation of any LV even if a missing or failed PV
+ # could cause data loss with a portion of the LV inaccessible.
+ # This setting should not normally be used, but may sometimes
+ # assist with data recovery.
+ #
+ activation_mode = "degraded"
+
+ # Configuration option activation/lock_start_list.
+ # Locking is started only for VGs selected by this list.
+ # The rules are the same as those for volume_list.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option activation/auto_lock_start_list.
+ # Locking is auto-started only for VGs selected by this list.
+ # The rules are the same as those for auto_activation_volume_list.
+ # This configuration option does not have a default value defined.
+}
+
+# Configuration section metadata.
+# This configuration section has an automatic default value.
+# metadata {
+
+ # Configuration option metadata/check_pv_device_sizes.
+ # Check device sizes are not smaller than corresponding PV sizes.
+ # If device size is less than corresponding PV size found in metadata,
+ # there is always a risk of data loss. If this option is set, then LVM
+ # issues a warning message each time it finds that the device size is
+ # less than corresponding PV size. You should not disable this unless
+ # you are absolutely sure about what you are doing!
+ # This configuration option is advanced.
+ # This configuration option has an automatic default value.
+ # check_pv_device_sizes = 1
+
+ # Configuration option metadata/record_lvs_history.
+ # When enabled, LVM keeps history records about removed LVs in
+ # metadata. The information that is recorded in metadata for
+ # historical LVs is reduced when compared to original
+ # information kept in metadata for live LVs. Currently, this
+ # feature is supported for thin and thin snapshot LVs only.
+ # This configuration option has an automatic default value.
+ # record_lvs_history = 0
+
+ # Configuration option metadata/lvs_history_retention_time.
+ # Retention time in seconds after which a record about individual
+ # historical logical volume is automatically destroyed.
+ # A value of 0 disables this feature.
+ # This configuration option has an automatic default value.
+ # lvs_history_retention_time = 0
+
+ # Configuration option metadata/pvmetadatacopies.
+ # Number of copies of metadata to store on each PV.
+ # The --pvmetadatacopies option overrides this setting.
+ #
+ # Accepted values:
+ # 2
+ # Two copies of the VG metadata are stored on the PV, one at the
+ # front of the PV, and one at the end.
+ # 1
+ # One copy of VG metadata is stored at the front of the PV.
+ # 0
+ # No copies of VG metadata are stored on the PV. This may be
+ # useful for VGs containing large numbers of PVs.
+ #
+ # This configuration option is advanced.
+ # This configuration option has an automatic default value.
+ # pvmetadatacopies = 1
+
+ # Configuration option metadata/vgmetadatacopies.
+ # Number of copies of metadata to maintain for each VG.
+ # The --vgmetadatacopies option overrides this setting.
+ # If set to a non-zero value, LVM automatically chooses which of the
+ # available metadata areas to use to achieve the requested number of
+ # copies of the VG metadata. If you set a value larger than the the
+ # total number of metadata areas available, then metadata is stored in
+ # them all. The value 0 (unmanaged) disables this automatic management
+ # and allows you to control which metadata areas are used at the
+ # individual PV level using pvchange --metadataignore y|n.
+ # This configuration option has an automatic default value.
+ # vgmetadatacopies = 0
+
+ # Configuration option metadata/pvmetadatasize.
+ # The default size of the metadata area in units of 512 byte sectors.
+ # The metadata area begins at an offset of the page size from the start
+ # of the device. The first PE is by default at 1 MiB from the start of
+ # the device. The space between these is the default metadata area size.
+ # The actual size of the metadata area may be larger than what is set
+ # here due to default_data_alignment making the first PE a MiB multiple.
+ # The metadata area begins with a 512 byte header and is followed by a
+ # circular buffer used for VG metadata text. The maximum size of the VG
+ # metadata is about half the size of the metadata buffer. VGs with large
+ # numbers of PVs or LVs, or VGs containing complex LV structures, may need
+ # additional space for VG metadata. The --metadatasize option overrides
+ # this setting.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option metadata/pvmetadataignore.
+ # Ignore metadata areas on a new PV.
+ # The --metadataignore option overrides this setting.
+ # If metadata areas on a PV are ignored, LVM will not store metadata
+ # in them.
+ # This configuration option is advanced.
+ # This configuration option has an automatic default value.
+ # pvmetadataignore = 0
+
+ # Configuration option metadata/stripesize.
+ # This configuration option is advanced.
+ # This configuration option has an automatic default value.
+ # stripesize = 64
+# }
+
+# Configuration section report.
+# LVM report command output formatting.
+# This configuration section has an automatic default value.
+# report {
+
+ # Configuration option report/output_format.
+ # Format of LVM command's report output.
+ # If there is more than one report per command, then the format
+ # is applied for all reports. You can also change output format
+ # directly on command line using --reportformat option which
+ # has precedence over log/output_format setting.
+ # Accepted values:
+ # basic
+ # Original format with columns and rows. If there is more than
+ # one report per command, each report is prefixed with report's
+ # name for identification.
+ # json
+ # JSON format.
+ # This configuration option has an automatic default value.
+ # output_format = "basic"
+
+ # Configuration option report/compact_output.
+ # Do not print empty values for all report fields.
+ # If enabled, all fields that don't have a value set for any of the
+ # rows reported are skipped and not printed. Compact output is
+ # applicable only if report/buffered is enabled. If you need to
+ # compact only specified fields, use compact_output=0 and define
+ # report/compact_output_cols configuration setting instead.
+ # This configuration option has an automatic default value.
+ # compact_output = 0
+
+ # Configuration option report/compact_output_cols.
+ # Do not print empty values for specified report fields.
+ # If defined, specified fields that don't have a value set for any
+ # of the rows reported are skipped and not printed. Compact output
+ # is applicable only if report/buffered is enabled. If you need to
+ # compact all fields, use compact_output=1 instead in which case
+ # the compact_output_cols setting is then ignored.
+ # This configuration option has an automatic default value.
+ # compact_output_cols = ""
+
+ # Configuration option report/aligned.
+ # Align columns in report output.
+ # This configuration option has an automatic default value.
+ # aligned = 1
+
+ # Configuration option report/buffered.
+ # Buffer report output.
+ # When buffered reporting is used, the report's content is appended
+ # incrementally to include each object being reported until the report
+ # is flushed to output which normally happens at the end of command
+ # execution. Otherwise, if buffering is not used, each object is
+ # reported as soon as its processing is finished.
+ # This configuration option has an automatic default value.
+ # buffered = 1
+
+ # Configuration option report/headings.
+ # Show headings for columns on report.
+ # This configuration option has an automatic default value.
+ # headings = 1
+
+ # Configuration option report/separator.
+ # A separator to use on report after each field.
+ # This configuration option has an automatic default value.
+ # separator = " "
+
+ # Configuration option report/list_item_separator.
+ # A separator to use for list items when reported.
+ # This configuration option has an automatic default value.
+ # list_item_separator = ","
+
+ # Configuration option report/prefixes.
+ # Use a field name prefix for each field reported.
+ # This configuration option has an automatic default value.
+ # prefixes = 0
+
+ # Configuration option report/quoted.
+ # Quote field values when using field name prefixes.
+ # This configuration option has an automatic default value.
+ # quoted = 1
+
+ # Configuration option report/columns_as_rows.
+ # Output each column as a row.
+ # If set, this also implies report/prefixes=1.
+ # This configuration option has an automatic default value.
+ # columns_as_rows = 0
+
+ # Configuration option report/binary_values_as_numeric.
+ # Use binary values 0 or 1 instead of descriptive literal values.
+ # For columns that have exactly two valid values to report
+ # (not counting the 'unknown' value which denotes that the
+ # value could not be determined).
+ # This configuration option has an automatic default value.
+ # binary_values_as_numeric = 0
+
+ # Configuration option report/time_format.
+ # Set time format for fields reporting time values.
+ # Format specification is a string which may contain special character
+ # sequences and ordinary character sequences. Ordinary character
+ # sequences are copied verbatim. Each special character sequence is
+ # introduced by the '%' character and such sequence is then
+ # substituted with a value as described below.
+ #
+ # Accepted values:
+ # %a
+ # The abbreviated name of the day of the week according to the
+ # current locale.
+ # %A
+ # The full name of the day of the week according to the current
+ # locale.
+ # %b
+ # The abbreviated month name according to the current locale.
+ # %B
+ # The full month name according to the current locale.
+ # %c
+ # The preferred date and time representation for the current
+ # locale (alt E)
+ # %C
+ # The century number (year/100) as a 2-digit integer. (alt E)
+ # %d
+ # The day of the month as a decimal number (range 01 to 31).
+ # (alt O)
+ # %D
+ # Equivalent to %m/%d/%y. (For Americans only. Americans should
+ # note that in other countries%d/%m/%y is rather common. This
+ # means that in international context this format is ambiguous and
+ # should not be used.
+ # %e
+ # Like %d, the day of the month as a decimal number, but a leading
+ # zero is replaced by a space. (alt O)
+ # %E
+ # Modifier: use alternative local-dependent representation if
+ # available.
+ # %F
+ # Equivalent to %Y-%m-%d (the ISO 8601 date format).
+ # %G
+ # The ISO 8601 week-based year with century as adecimal number.
+ # The 4-digit year corresponding to the ISO week number (see %V).
+ # This has the same format and value as %Y, except that if the
+ # ISO week number belongs to the previous or next year, that year
+ # is used instead.
+ # %g
+ # Like %G, but without century, that is, with a 2-digit year
+ # (00-99).
+ # %h
+ # Equivalent to %b.
+ # %H
+ # The hour as a decimal number using a 24-hour clock
+ # (range 00 to 23). (alt O)
+ # %I
+ # The hour as a decimal number using a 12-hour clock
+ # (range 01 to 12). (alt O)
+ # %j
+ # The day of the year as a decimal number (range 001 to 366).
+ # %k
+ # The hour (24-hour clock) as a decimal number (range 0 to 23);
+ # single digits are preceded by a blank. (See also %H.)
+ # %l
+ # The hour (12-hour clock) as a decimal number (range 1 to 12);
+ # single digits are preceded by a blank. (See also %I.)
+ # %m
+ # The month as a decimal number (range 01 to 12). (alt O)
+ # %M
+ # The minute as a decimal number (range 00 to 59). (alt O)
+ # %O
+ # Modifier: use alternative numeric symbols.
+ # %p
+ # Either "AM" or "PM" according to the given time value,
+ # or the corresponding strings for the current locale. Noon is
+ # treated as "PM" and midnight as "AM".
+ # %P
+ # Like %p but in lowercase: "am" or "pm" or a corresponding
+ # string for the current locale.
+ # %r
+ # The time in a.m. or p.m. notation. In the POSIX locale this is
+ # equivalent to %I:%M:%S %p.
+ # %R
+ # The time in 24-hour notation (%H:%M). For a version including
+ # the seconds, see %T below.
+ # %s
+ # The number of seconds since the Epoch,
+ # 1970-01-01 00:00:00 +0000 (UTC)
+ # %S
+ # The second as a decimal number (range 00 to 60). (The range is
+ # up to 60 to allow for occasional leap seconds.) (alt O)
+ # %t
+ # A tab character.
+ # %T
+ # The time in 24-hour notation (%H:%M:%S).
+ # %u
+ # The day of the week as a decimal, range 1 to 7, Monday being 1.
+ # See also %w. (alt O)
+ # %U
+ # The week number of the current year as a decimal number,
+ # range 00 to 53, starting with the first Sunday as the first
+ # day of week 01. See also %V and %W. (alt O)
+ # %V
+ # The ISO 8601 week number of the current year as a decimal number,
+ # range 01 to 53, where week 1 is the first week that has at least
+ # 4 days in the new year. See also %U and %W. (alt O)
+ # %w
+ # The day of the week as a decimal, range 0 to 6, Sunday being 0.
+ # See also %u. (alt O)
+ # %W
+ # The week number of the current year as a decimal number,
+ # range 00 to 53, starting with the first Monday as the first day
+ # of week 01. (alt O)
+ # %x
+ # The preferred date representation for the current locale without
+ # the time. (alt E)
+ # %X
+ # The preferred time representation for the current locale without
+ # the date. (alt E)
+ # %y
+ # The year as a decimal number without a century (range 00 to 99).
+ # (alt E, alt O)
+ # %Y
+ # The year as a decimal number including the century. (alt E)
+ # %z
+ # The +hhmm or -hhmm numeric timezone (that is, the hour and minute
+ # offset from UTC).
+ # %Z
+ # The timezone name or abbreviation.
+ # %%
+ # A literal '%' character.
+ #
+ # This configuration option has an automatic default value.
+ # time_format = "%Y-%m-%d %T %z"
+
+ # Configuration option report/devtypes_sort.
+ # List of columns to sort by when reporting 'lvm devtypes' command.
+ # See 'lvm devtypes -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # devtypes_sort = "devtype_name"
+
+ # Configuration option report/devtypes_cols.
+ # List of columns to report for 'lvm devtypes' command.
+ # See 'lvm devtypes -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # devtypes_cols = "devtype_name,devtype_max_partitions,devtype_description"
+
+ # Configuration option report/devtypes_cols_verbose.
+ # List of columns to report for 'lvm devtypes' command in verbose mode.
+ # See 'lvm devtypes -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # devtypes_cols_verbose = "devtype_name,devtype_max_partitions,devtype_description"
+
+ # Configuration option report/lvs_sort.
+ # List of columns to sort by when reporting 'lvs' command.
+ # See 'lvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # lvs_sort = "vg_name,lv_name"
+
+ # Configuration option report/lvs_cols.
+ # List of columns to report for 'lvs' command.
+ # See 'lvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # lvs_cols = "lv_name,vg_name,lv_attr,lv_size,pool_lv,origin,data_percent,metadata_percent,move_pv,mirror_log,copy_percent,convert_lv"
+
+ # Configuration option report/lvs_cols_verbose.
+ # List of columns to report for 'lvs' command in verbose mode.
+ # See 'lvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # lvs_cols_verbose = "lv_name,vg_name,seg_count,lv_attr,lv_size,lv_major,lv_minor,lv_kernel_major,lv_kernel_minor,pool_lv,origin,data_percent,metadata_percent,move_pv,copy_percent,mirror_log,convert_lv,lv_uuid,lv_profile"
+
+ # Configuration option report/vgs_sort.
+ # List of columns to sort by when reporting 'vgs' command.
+ # See 'vgs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # vgs_sort = "vg_name"
+
+ # Configuration option report/vgs_cols.
+ # List of columns to report for 'vgs' command.
+ # See 'vgs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # vgs_cols = "vg_name,pv_count,lv_count,snap_count,vg_attr,vg_size,vg_free"
+
+ # Configuration option report/vgs_cols_verbose.
+ # List of columns to report for 'vgs' command in verbose mode.
+ # See 'vgs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # vgs_cols_verbose = "vg_name,vg_attr,vg_extent_size,pv_count,lv_count,snap_count,vg_size,vg_free,vg_uuid,vg_profile"
+
+ # Configuration option report/pvs_sort.
+ # List of columns to sort by when reporting 'pvs' command.
+ # See 'pvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvs_sort = "pv_name"
+
+ # Configuration option report/pvs_cols.
+ # List of columns to report for 'pvs' command.
+ # See 'pvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvs_cols = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free"
+
+ # Configuration option report/pvs_cols_verbose.
+ # List of columns to report for 'pvs' command in verbose mode.
+ # See 'pvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvs_cols_verbose = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,dev_size,pv_uuid"
+
+ # Configuration option report/segs_sort.
+ # List of columns to sort by when reporting 'lvs --segments' command.
+ # See 'lvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # segs_sort = "vg_name,lv_name,seg_start"
+
+ # Configuration option report/segs_cols.
+ # List of columns to report for 'lvs --segments' command.
+ # See 'lvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # segs_cols = "lv_name,vg_name,lv_attr,stripes,segtype,seg_size"
+
+ # Configuration option report/segs_cols_verbose.
+ # List of columns to report for 'lvs --segments' command in verbose mode.
+ # See 'lvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # segs_cols_verbose = "lv_name,vg_name,lv_attr,seg_start,seg_size,stripes,segtype,stripesize,chunksize"
+
+ # Configuration option report/pvsegs_sort.
+ # List of columns to sort by when reporting 'pvs --segments' command.
+ # See 'pvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvsegs_sort = "pv_name,pvseg_start"
+
+ # Configuration option report/pvsegs_cols.
+ # List of columns to sort by when reporting 'pvs --segments' command.
+ # See 'pvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvsegs_cols = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size"
+
+ # Configuration option report/pvsegs_cols_verbose.
+ # List of columns to sort by when reporting 'pvs --segments' command in verbose mode.
+ # See 'pvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvsegs_cols_verbose = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size,lv_name,seg_start_pe,segtype,seg_pe_ranges"
+
+ # Configuration option report/vgs_cols_full.
+ # List of columns to report for lvm fullreport's 'vgs' subreport.
+ # See 'vgs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # vgs_cols_full = "vg_all"
+
+ # Configuration option report/pvs_cols_full.
+ # List of columns to report for lvm fullreport's 'vgs' subreport.
+ # See 'pvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvs_cols_full = "pv_all"
+
+ # Configuration option report/lvs_cols_full.
+ # List of columns to report for lvm fullreport's 'lvs' subreport.
+ # See 'lvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # lvs_cols_full = "lv_all"
+
+ # Configuration option report/pvsegs_cols_full.
+ # List of columns to report for lvm fullreport's 'pvseg' subreport.
+ # See 'pvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvsegs_cols_full = "pvseg_all,pv_uuid,lv_uuid"
+
+ # Configuration option report/segs_cols_full.
+ # List of columns to report for lvm fullreport's 'seg' subreport.
+ # See 'lvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # segs_cols_full = "seg_all,lv_uuid"
+
+ # Configuration option report/vgs_sort_full.
+ # List of columns to sort by when reporting lvm fullreport's 'vgs' subreport.
+ # See 'vgs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # vgs_sort_full = "vg_name"
+
+ # Configuration option report/pvs_sort_full.
+ # List of columns to sort by when reporting lvm fullreport's 'vgs' subreport.
+ # See 'pvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvs_sort_full = "pv_name"
+
+ # Configuration option report/lvs_sort_full.
+ # List of columns to sort by when reporting lvm fullreport's 'lvs' subreport.
+ # See 'lvs -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # lvs_sort_full = "vg_name,lv_name"
+
+ # Configuration option report/pvsegs_sort_full.
+ # List of columns to sort by when reporting for lvm fullreport's 'pvseg' subreport.
+ # See 'pvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # pvsegs_sort_full = "pv_uuid,pvseg_start"
+
+ # Configuration option report/segs_sort_full.
+ # List of columns to sort by when reporting lvm fullreport's 'seg' subreport.
+ # See 'lvs --segments -o help' for the list of possible fields.
+ # This configuration option has an automatic default value.
+ # segs_sort_full = "lv_uuid,seg_start"
+
+ # Configuration option report/mark_hidden_devices.
+ # Use brackets [] to mark hidden devices.
+ # This configuration option has an automatic default value.
+ # mark_hidden_devices = 1
+
+ # Configuration option report/two_word_unknown_device.
+ # Use the two words 'unknown device' in place of '[unknown]'.
+ # This is displayed when the device for a PV is not known.
+ # This configuration option has an automatic default value.
+ # two_word_unknown_device = 0
+# }
+
+# Configuration section dmeventd.
+# Settings for the LVM event daemon.
+dmeventd {
+
+ # Configuration option dmeventd/mirror_library.
+ # The library dmeventd uses when monitoring a mirror device.
+ # libdevmapper-event-lvm2mirror.so attempts to recover from
+ # failures. It removes failed devices from a volume group and
+ # reconfigures a mirror as necessary. If no mirror library is
+ # provided, mirrors are not monitored through dmeventd.
+ mirror_library = "libdevmapper-event-lvm2mirror.so"
+
+ # Configuration option dmeventd/raid_library.
+ # This configuration option has an automatic default value.
+ # raid_library = "libdevmapper-event-lvm2raid.so"
+
+ # Configuration option dmeventd/snapshot_library.
+ # The library dmeventd uses when monitoring a snapshot device.
+ # libdevmapper-event-lvm2snapshot.so monitors the filling of snapshots
+ # and emits a warning through syslog when the usage exceeds 80%. The
+ # warning is repeated when 85%, 90% and 95% of the snapshot is filled.
+ snapshot_library = "libdevmapper-event-lvm2snapshot.so"
+
+ # Configuration option dmeventd/thin_library.
+ # The library dmeventd uses when monitoring a thin device.
+ # libdevmapper-event-lvm2thin.so monitors the filling of a pool
+ # and emits a warning through syslog when the usage exceeds 80%. The
+ # warning is repeated when 85%, 90% and 95% of the pool is filled.
+ thin_library = "libdevmapper-event-lvm2thin.so"
+
+ # Configuration option dmeventd/thin_command.
+ # The plugin runs command with each 5% increment when thin-pool data volume
+ # or metadata volume gets above 50%.
+ # Command which starts with 'lvm ' prefix is internal lvm command.
+ # You can write your own handler to customise behaviour in more details.
+ # User handler is specified with the full path starting with '/'.
+ # This configuration option has an automatic default value.
+ # thin_command = "lvm lvextend --use-policies"
+
+ # Configuration option dmeventd/vdo_library.
+ # The library dmeventd uses when monitoring a VDO pool device.
+ # libdevmapper-event-lvm2vdo.so monitors the filling of a pool
+ # and emits a warning through syslog when the usage exceeds 80%. The
+ # warning is repeated when 85%, 90% and 95% of the pool is filled.
+ # This configuration option has an automatic default value.
+ # vdo_library = "libdevmapper-event-lvm2vdo.so"
+
+ # Configuration option dmeventd/vdo_command.
+ # The plugin runs command with each 5% increment when VDO pool volume
+ # gets above 50%.
+ # Command which starts with 'lvm ' prefix is internal lvm command.
+ # You can write your own handler to customise behaviour in more details.
+ # User handler is specified with the full path starting with '/'.
+ # This configuration option has an automatic default value.
+ # vdo_command = "lvm lvextend --use-policies"
+
+ # Configuration option dmeventd/executable.
+ # The full path to the dmeventd binary.
+ # This configuration option has an automatic default value.
+ # executable = "/sbin/dmeventd"
+}
+
+# Configuration section tags.
+# Host tag settings.
+# This configuration section has an automatic default value.
+# tags {
+
+ # Configuration option tags/hosttags.
+ # Create a host tag using the machine name.
+ # The machine name is nodename returned by uname(2).
+ # This configuration option has an automatic default value.
+ # hosttags = 0
+
+ # Configuration section tags/<tag>.
+ # Replace this subsection name with a custom tag name.
+ # Multiple subsections like this can be created. The '@' prefix for
+ # tags is optional. This subsection can contain host_list, which is a
+ # list of machine names. If the name of the local machine is found in
+ # host_list, then the name of this subsection is used as a tag and is
+ # applied to the local machine as a 'host tag'. If this subsection is
+ # empty (has no host_list), then the subsection name is always applied
+ # as a 'host tag'.
+ #
+ # Example
+ # The host tag foo is given to all hosts, and the host tag
+ # bar is given to the hosts named machine1 and machine2.
+ # tags { foo { } bar { host_list = [ "machine1", "machine2" ] } }
+ #
+ # This configuration section has variable name.
+ # This configuration section has an automatic default value.
+ # tag {
+
+ # Configuration option tags/<tag>/host_list.
+ # A list of machine names.
+ # These machine names are compared to the nodename returned
+ # by uname(2). If the local machine name matches an entry in
+ # this list, the name of the subsection is applied to the
+ # machine as a 'host tag'.
+ # This configuration option does not have a default value defined.
+ # }
+# }
--- /dev/null
+# This is a local configuration file template for the LVM2 system
+# which should be installed as /etc/lvm/lvmlocal.conf .
+#
+# Refer to 'man lvm.conf' for information about the file layout.
+#
+# To put this file in a different directory and override
+# /etc/lvm set the environment variable LVM_SYSTEM_DIR before
+# running the tools.
+#
+# The lvmlocal.conf file is normally expected to contain only the
+# "local" section which contains settings that should not be shared or
+# repeated among different hosts. (But if other sections are present,
+# they *will* get processed. Settings in this file override equivalent
+# ones in lvm.conf and are in turn overridden by ones in any enabled
+# lvm_<tag>.conf files.)
+#
+# Please take care that each setting only appears once if uncommenting
+# example settings in this file and never copy this file between hosts.
+
+
+# Configuration section local.
+# LVM settings that are specific to the local host.
+local {
+
+ # Configuration option local/system_id.
+ # Defines the local system ID for lvmlocal mode.
+ # This is used when global/system_id_source is set to 'lvmlocal' in the
+ # main configuration file, e.g. lvm.conf. When used, it must be set to
+ # a unique value among all hosts sharing access to the storage,
+ # e.g. a host name.
+ #
+ # Example
+ # Set no system ID:
+ # system_id = ""
+ # Set the system_id to a specific name:
+ # system_id = "host1"
+ #
+ # This configuration option has an automatic default value.
+ # system_id = ""
+
+ # Configuration option local/extra_system_ids.
+ # A list of extra VG system IDs the local host can access.
+ # VGs with the system IDs listed here (in addition to the host's own
+ # system ID) can be fully accessed by the local host. (These are
+ # system IDs that the host sees in VGs, not system IDs that identify
+ # the local host, which is determined by system_id_source.)
+ # Use this only after consulting 'man lvmsystemid' to be certain of
+ # correct usage and possible dangers.
+ # This configuration option does not have a default value defined.
+
+ # Configuration option local/host_id.
+ # The lvmlockd sanlock host_id.
+ # This must be unique among all hosts, and must be between 1 and 2000.
+ # Applicable only if LVM is compiled with lockd support
+ # This configuration option has an automatic default value.
+ # host_id = 0
+}
--- /dev/null
+# Demo configuration 'mq' cache policy
+#
+# Note: This policy has been deprecated in favor of the smq policy
+# keyword "default" means, setting is left with kernel defaults.
+#
+
+allocation {
+ cache_pool_chunk_size = 64
+ cache_mode = "writethrough"
+ cache_policy = "mq"
+ cache_settings {
+ mq {
+ sequential_threshold = "default" # #nr_sequential_ios
+ random_threshold = "default" # #nr_random_ios
+ read_promote_adjustment = "default"
+ write_promote_adjustment = "default"
+ discard_promote_adjustment = "default"
+ }
+ }
+}
--- /dev/null
+# Demo configuration 'smq' cache policy
+#
+# The stochastic multi-queue (smq) policy addresses some of the problems
+# with the multiqueue (mq) policy and uses less memory.
+#
+
+allocation {
+ cache_pool_chunk_size = 64
+ cache_mode = "writethrough"
+ cache_policy = "smq"
+ cache_settings {
+ # currently no settings for "smq" policy
+ }
+}
--- /dev/null
+# This is a command profile template for the LVM2 system.
+#
+# It contains all configuration settings that are customizable by command
+# profiles. To create a new command profile, select the settings you want
+# to customize and add them in a new file named <profile_name>.profile.
+# Then install the new profile in a directory as defined by config/profile_dir
+# setting found in /etc/lvm/lvm.conf file.
+#
+# Command profiles can be referenced by using the --commandprofile option then.
+#
+# Refer to 'man lvm.conf' for further information about profiles and
+# general configuration file layout.
+#
+allocation {
+ cache_mode="writethrough"
+ cache_settings {
+ }
+}
+log {
+ report_command_log=0
+ command_log_sort="log_seq_num"
+ command_log_cols="log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code"
+ command_log_selection="!(log_type=status && message=success)"
+}
+global {
+ units="h"
+ si_unit_consistency=1
+ suffix=1
+ lvdisplay_shows_full_device_path=0
+}
+report {
+ output_format="basic"
+ compact_output=0
+ compact_output_cols=""
+ aligned=1
+ buffered=1
+ headings=1
+ separator=" "
+ list_item_separator=","
+ prefixes=0
+ quoted=1
+ columns_as_rows=0
+ binary_values_as_numeric=0
+ time_format="%Y-%m-%d %T %z"
+ devtypes_sort="devtype_name"
+ devtypes_cols="devtype_name,devtype_max_partitions,devtype_description"
+ devtypes_cols_verbose="devtype_name,devtype_max_partitions,devtype_description"
+ lvs_sort="vg_name,lv_name"
+ lvs_cols="lv_name,vg_name,lv_attr,lv_size,pool_lv,origin,data_percent,metadata_percent,move_pv,mirror_log,copy_percent,convert_lv"
+ lvs_cols_verbose="lv_name,vg_name,seg_count,lv_attr,lv_size,lv_major,lv_minor,lv_kernel_major,lv_kernel_minor,pool_lv,origin,data_percent,metadata_percent,move_pv,copy_percent,mirror_log,convert_lv,lv_uuid,lv_profile"
+ vgs_sort="vg_name"
+ vgs_cols="vg_name,pv_count,lv_count,snap_count,vg_attr,vg_size,vg_free"
+ vgs_cols_verbose="vg_name,vg_attr,vg_extent_size,pv_count,lv_count,snap_count,vg_size,vg_free,vg_uuid,vg_profile"
+ pvs_sort="pv_name"
+ pvs_cols="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free"
+ pvs_cols_verbose="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,dev_size,pv_uuid"
+ segs_sort="vg_name,lv_name,seg_start"
+ segs_cols="lv_name,vg_name,lv_attr,stripes,segtype,seg_size"
+ segs_cols_verbose="lv_name,vg_name,lv_attr,seg_start,seg_size,stripes,segtype,stripesize,chunksize"
+ pvsegs_sort="pv_name,pvseg_start"
+ pvsegs_cols="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size"
+ pvsegs_cols_verbose="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size,lv_name,seg_start_pe,segtype,seg_pe_ranges"
+ vgs_cols_full="vg_all"
+ pvs_cols_full="pv_all"
+ lvs_cols_full="lv_all"
+ pvsegs_cols_full="pvseg_all,pv_uuid,lv_uuid"
+ segs_cols_full="seg_all,lv_uuid"
+ vgs_sort_full="vg_name"
+ pvs_sort_full="pv_name"
+ lvs_sort_full="vg_name,lv_name"
+ pvsegs_sort_full="pv_uuid,pvseg_start"
+ segs_sort_full="lv_uuid,seg_start"
+ mark_hidden_devices=1
+}
--- /dev/null
+#
+# DO NOT EDIT THIS FILE!
+#
+# LVM configuration profile used by lvmdbusd daemon.
+#
+# This sets up LVM to produce output in the most suitable format for processing
+# by lvmdbusd daemon which utilizes LVM shell to execute LVM commands.
+#
+# Do not edit this file in any way. This profile is distributed together with
+# lvmdbusd and it contains configuration that is important for lvmdbusd to
+# cooperate and interface with LVM correctly.
+#
+
+global {
+ # use bytes for expected and deterministic output
+ units=b
+ # no need for suffix if we have units set
+ suffix=0
+}
+
+report {
+ compact_output=0
+ compact_output_cols=""
+ binary_values_as_numeric=0
+ # time in number of seconds since the Epoch
+ time_format="%s"
+ mark_hidden_devices=1
+ # lvmdbusd expects JSON output
+ output_format=json
+ # *_cols_full for lvm fullreport's fields which lvmdbusd relies on to update its state
+ vgs_cols_full="vg_name,vg_uuid,vg_fmt,vg_size,vg_free,vg_sysid,vg_extent_size,vg_extent_count,vg_free_count,vg_profile,max_lv,max_pv,pv_count,lv_count,snap_count,vg_seqno,vg_mda_count,vg_mda_free,vg_mda_size,vg_mda_used_count,vg_attr,vg_tags"
+ pvs_cols_full="pv_name,pv_uuid,pv_fmt,pv_size,pv_free,pv_used,dev_size,pv_mda_size,pv_mda_free,pv_ba_start,pv_ba_size,pe_start,pv_pe_count,pv_pe_alloc_count,pv_attr,pv_tags,vg_name,vg_uuid"
+ lvs_cols_full="lv_uuid,lv_name,lv_path,lv_size,vg_name,pool_lv_uuid,pool_lv,origin_uuid,origin,data_percent,lv_attr,lv_tags,vg_uuid,lv_active,data_lv,metadata_lv,lv_parent,lv_role,lv_layout"
+ pvsegs_cols_full="pvseg_start,pvseg_size,segtype,pv_uuid,lv_uuid,pv_name"
+ segs_cols_full="seg_pe_ranges,segtype,lv_uuid"
+ vgs_sort_full="vg_name"
+ pvs_sort_full="pv_name"
+ lvs_sort_full="vg_name,lv_name"
+ pvsegs_sort_full="pv_uuid,pvseg_start"
+ segs_sort_full="lv_uuid,seg_start"
+}
+
+log {
+ # lvmdbusd relies on command log report to inspect LVM command's execution status
+ report_command_log=1
+ # display only outermost LVM shell-related log that lvmdbusd inspects first after LVM command execution (it calls 'lastlog' for more detailed log afterwards if needed)
+ command_log_selection="log_context=shell"
+ command_log_cols="log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code"
+ command_log_sort="log_seq_num"
+}
--- /dev/null
+# This is a metadata profile template for the LVM2 system.
+#
+# It contains all configuration settings that are customizable by metadata
+# profiles. To create a new metadata profile, select the settings you want
+# to customize and add them in a new file named <profile_name>.profile.
+# Then install the new profile in a directory as defined by config/profile_dir
+# setting found in /etc/lvm/lvm.conf file.
+#
+# Metadata profiles can be referenced by using the --metadataprofile LVM2
+# command line option.
+#
+# Refer to 'man lvm.conf' for further information about profiles and
+# general configuration file layout.
+#
+allocation {
+ thin_pool_zero=1
+ thin_pool_discards="passdown"
+ thin_pool_chunk_size_policy="generic"
+# thin_pool_chunk_size=128
+}
+activation {
+ thin_pool_autoextend_threshold=100
+ thin_pool_autoextend_percent=20
+}
--- /dev/null
+allocation {
+ thin_pool_chunk_size_policy = "generic"
+ thin_pool_zero = 1
+}
--- /dev/null
+allocation {
+ thin_pool_chunk_size_policy = "performance"
+ thin_pool_zero = 0
+}
--- /dev/null
+# Demo configuration for 'VDO' using less memory.
+# ~lvmconfig --type full | grep vdo
+
+allocation {
+ vdo_use_compression=1
+ vdo_use_deduplication=1
+ vdo_use_metadata_hints=1
+ vdo_minimum_io_size=4096
+ vdo_block_map_cache_size_mb=128
+ vdo_block_map_period=16380
+ vdo_check_point_frequency=0
+ vdo_use_sparse_index=0
+ vdo_index_memory_size_mb=256
+ vdo_slab_size_mb=2048
+ vdo_ack_threads=1
+ vdo_bio_threads=1
+ vdo_bio_rotation=64
+ vdo_cpu_threads=2
+ vdo_hash_zone_threads=1
+ vdo_logical_threads=1
+ vdo_physical_threads=1
+ vdo_write_policy="auto"
+ vdo_max_discard=1
+}
--- /dev/null
+2d2af241f7a8487eb0c9b8fad347cb9f
--- /dev/null
+# Magic local data for file(1) command.
+# Insert here your local magic data. Format is described in magic(5).
+
--- /dev/null
+# Magic local data for file(1) command.
+# Insert here your local magic data. Format is described in magic(5).
+
--- /dev/null
+###############################################################################
+#
+# MIME media types and programs that process those types
+#
+# Much of this file is generated automatically by the program "update-mime".
+# Please see the "update-mime" man page for more information.
+#
+# Users can add their own rules if they wish by creating a ".mailcap"
+# file in their home directory. Entries included there will take
+# precedence over those listed here.
+#
+###############################################################################
+
+
+###############################################################################
+#
+# User section follows: Any entries included in this section will take
+# precedence over those created by "update-mime". DO NOT CHANGE the
+# "User Section Begins" and "User Section Ends" lines, or anything outside
+# of this section!
+#
+
+# ----- User Section Begins ----- #
+# ----- User Section Ends ----- #
+
+###############################################################################
+
+text/plain; less '%s'; needsterminal
+application/x-troff-man; /usr/bin/man -X100 -l '%s'; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page
+text/troff; /usr/bin/man -X100 -l '%s'; test=test -n "$DISPLAY" -a -e /usr/bin/gxditview; description=Man page
+application/x-troff-man; /usr/bin/man -l '%s'; needsterminal; description=Man page
+text/troff; /usr/bin/man -l '%s'; needsterminal; description=Man page
+text/html; /usr/bin/sensible-browser %s; description=HTML Text; nametemplate=%s.html
+application/x-troff-man; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:-
+text/troff; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:-
+application/x-info; /usr/bin/info -f '%s'; needsterminal; description=GNU Info document
+text/plain; more %s; needsterminal
+x-scheme-handler/snap; /usr/bin/snap handle-link %s; test=test -n "$DISPLAY"
+text/english; vim %s; needsterminal
+text/plain; vim %s; needsterminal
+text/x-makefile; vim %s; needsterminal
+text/x-c++hdr; vim %s; needsterminal
+text/x-c++src; vim %s; needsterminal
+text/x-chdr; vim %s; needsterminal
+text/x-csrc; vim %s; needsterminal
+text/x-java; vim %s; needsterminal
+text/x-moc; vim %s; needsterminal
+text/x-pascal; vim %s; needsterminal
+text/x-tcl; vim %s; needsterminal
+text/x-tex; vim %s; needsterminal
+application/x-shellscript; vim %s; needsterminal
+text/x-c; vim %s; needsterminal
+text/x-c++; vim %s; needsterminal
+text/plain; view %s; edit=vim %s; compose=vim %s; test=test -x /usr/bin/vim; needsterminal
+text/plain; view %s; edit=vi %s; compose=vi %s; needsterminal
+application/x-troff-man; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page
+text/troff; /usr/bin/man -Tascii -l '%s' | col -b; copiousoutput; description=Man page
+text/*; less '%s'; needsterminal
+text/*; view %s; edit=vim %s; compose=vim %s; test=test -x /usr/bin/vim; needsterminal
+application/x-info; /usr/bin/info --subnodes -o /dev/stdout -f '%s' 2>/dev/null; copiousoutput; description=GNU Info document
+application/x-tar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput
+application/x-gtar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput
+application/x-ustar; /bin/tar tvf '%s'; print=/bin/tar tvf - | print text/plain:-; copiousoutput
+text/*; more %s; needsterminal
+text/*; view %s; edit=vi %s; compose=vi %s; needsterminal
+application/vnd.debian.binary-package; /usr/lib/mime/debian-view %s; needsterminal; description=Debian GNU/Linux Package; nametemplate=%s.deb
--- /dev/null
+###############################################################################
+#
+# Mailcap.order: This file allows a system-wide override of MIME program
+# preferences. See the mailcap.order(5) man page for more information.
+#
+# After modifying this file, be sure to run /usr/sbin/update-mime (as root)
+# to propagate the changes into the /etc/mailcap file.
+#
+################################################################################
+
--- /dev/null
+# manpath.config
+#
+# This file is used by the man-db package to configure the man and cat paths.
+# It is also used to provide a manpath for those without one by examining
+# their PATH environment variable. For details see the manpath(5) man page.
+#
+# Lines beginning with `#' are comments and are ignored. Any combination of
+# tabs or spaces may be used as `whitespace' separators.
+#
+# There are three mappings allowed in this file:
+# --------------------------------------------------------
+# MANDATORY_MANPATH manpath_element
+# MANPATH_MAP path_element manpath_element
+# MANDB_MAP global_manpath [relative_catpath]
+#---------------------------------------------------------
+# every automatically generated MANPATH includes these fields
+#
+#MANDATORY_MANPATH /usr/src/pvm3/man
+#
+MANDATORY_MANPATH /usr/man
+MANDATORY_MANPATH /usr/share/man
+MANDATORY_MANPATH /usr/local/share/man
+#---------------------------------------------------------
+# set up PATH to MANPATH mapping
+# ie. what man tree holds man pages for what binary directory.
+#
+# *PATH* -> *MANPATH*
+#
+MANPATH_MAP /bin /usr/share/man
+MANPATH_MAP /usr/bin /usr/share/man
+MANPATH_MAP /sbin /usr/share/man
+MANPATH_MAP /usr/sbin /usr/share/man
+MANPATH_MAP /usr/local/bin /usr/local/man
+MANPATH_MAP /usr/local/bin /usr/local/share/man
+MANPATH_MAP /usr/local/sbin /usr/local/man
+MANPATH_MAP /usr/local/sbin /usr/local/share/man
+MANPATH_MAP /usr/X11R6/bin /usr/X11R6/man
+MANPATH_MAP /usr/bin/X11 /usr/X11R6/man
+MANPATH_MAP /usr/games /usr/share/man
+MANPATH_MAP /opt/bin /opt/man
+MANPATH_MAP /opt/sbin /opt/man
+#---------------------------------------------------------
+# For a manpath element to be treated as a system manpath (as most of those
+# above should normally be), it must be mentioned below. Each line may have
+# an optional extra string indicating the catpath associated with the
+# manpath. If no catpath string is used, the catpath will default to the
+# given manpath.
+#
+# You *must* provide all system manpaths, including manpaths for alternate
+# operating systems, locale specific manpaths, and combinations of both, if
+# they exist, otherwise the permissions of the user running man/mandb will
+# be used to manipulate the manual pages. Also, mandb will not initialise
+# the database cache for any manpaths not mentioned below unless explicitly
+# requested to do so.
+#
+# In a per-user configuration file, this directive only controls the
+# location of catpaths and the creation of database caches; it has no effect
+# on privileges.
+#
+# Any manpaths that are subdirectories of other manpaths must be mentioned
+# *before* the containing manpath. E.g. /usr/man/preformat must be listed
+# before /usr/man.
+#
+# *MANPATH* -> *CATPATH*
+#
+MANDB_MAP /usr/man /var/cache/man/fsstnd
+MANDB_MAP /usr/share/man /var/cache/man
+MANDB_MAP /usr/local/man /var/cache/man/oldlocal
+MANDB_MAP /usr/local/share/man /var/cache/man/local
+MANDB_MAP /usr/X11R6/man /var/cache/man/X11R6
+MANDB_MAP /opt/man /var/cache/man/opt
+MANDB_MAP /snap/man /var/cache/man/snap
+#
+#---------------------------------------------------------
+# Program definitions. These are commented out by default as the value
+# of the definition is already the default. To change: uncomment a
+# definition and modify it.
+#
+#DEFINE pager pager
+#DEFINE cat cat
+#DEFINE tr tr '\255\267\264\327' '\055\157\047\170'
+#DEFINE grep grep
+#DEFINE troff groff -mandoc
+#DEFINE nroff nroff -mandoc
+#DEFINE eqn eqn
+#DEFINE neqn neqn
+#DEFINE tbl tbl
+#DEFINE col col
+#DEFINE vgrind vgrind
+#DEFINE refer refer
+#DEFINE grap grap
+#DEFINE pic pic -S
+#
+#DEFINE compressor gzip -c7
+#---------------------------------------------------------
+# Misc definitions: same as program definitions above.
+#
+#DEFINE whatis_grep_flags -i
+#DEFINE apropos_grep_flags -iEw
+#DEFINE apropos_regex_grep_flags -iE
+#---------------------------------------------------------
+# Section names. Manual sections will be searched in the order listed here;
+# the default is 1, n, l, 8, 3, 0, 2, 5, 4, 9, 6, 7. Multiple SECTION
+# directives may be given for clarity, and will be concatenated together in
+# the expected way.
+# If a particular extension is not in this list (say, 1mh), it will be
+# displayed with the rest of the section it belongs to. The effect of this
+# is that you only need to explicitly list extensions if you want to force a
+# particular order. Sections with extensions should usually be adjacent to
+# their main section (e.g. "1 1mh 8 ...").
+#
+SECTION 1 n l 8 3 2 3posix 3pm 3perl 3am 5 4 9 6 7
+#
+#---------------------------------------------------------
+# Range of terminal widths permitted when displaying cat pages. If the
+# terminal falls outside this range, cat pages will not be created (if
+# missing) or displayed.
+#
+#MINCATWIDTH 80
+#MAXCATWIDTH 80
+#
+# If CATWIDTH is set to a non-zero number, cat pages will always be
+# formatted for a terminal of the given width, regardless of the width of
+# the terminal actually being used. This should generally be within the
+# range set by MINCATWIDTH and MAXCATWIDTH.
+#
+#CATWIDTH 0
+#
+#---------------------------------------------------------
+# Flags.
+# NOCACHE keeps man from creating cat pages.
+#NOCACHE
--- /dev/null
+# mdadm.conf
+#
+# !NB! Run update-initramfs -u after updating this file.
+# !NB! This will ensure that initramfs has an uptodate copy.
+#
+# Please refer to mdadm.conf(5) for information about this file.
+#
+
+# by default (built-in), scan all partitions (/proc/partitions) and all
+# containers for MD superblocks. alternatively, specify devices to scan, using
+# wildcards if desired.
+#DEVICE partitions containers
+
+# automatically tag new arrays as belonging to the local system
+HOMEHOST <system>
+
+# instruct the monitoring daemon where to send mail alerts
+MAILADDR root
+
+# definitions of existing MD arrays
+
+# This configuration was auto-generated on Fri, 31 Jul 2020 16:29:35 +0000 by mkconf
--- /dev/null
+###############################################################################
+#
+# MIME media types and the extensions that represent them.
+#
+# The format of this file is a media type on the left and zero or more
+# filename extensions on the right. Programs using this file will map
+# files ending with those extensions to the associated type.
+#
+# This file is part of the "mime-support" package. Please report a bug using
+# the "reportbug" command of the "reportbug" package if you would like new
+# types or extensions to be added.
+#
+# The reason that all types are managed by the mime-support package instead
+# allowing individual packages to install types in much the same way as they
+# add entries in to the mailcap file is so these types can be referenced by
+# other programs (such as a web server) even if the specific support package
+# for that type is not installed.
+#
+# Users can add their own types if they wish by creating a ".mime.types"
+# file in their home directory. Definitions included there will take
+# precedence over those listed here.
+#
+###############################################################################
+
+
+application/activemessage
+application/andrew-inset ez
+application/annodex anx
+application/applefile
+application/atom+xml atom
+application/atomcat+xml atomcat
+application/atomicmail
+application/atomserv+xml atomsrv
+application/batch-SMTP
+application/bbolin lin
+application/beep+xml
+application/cals-1840
+application/commonground
+application/cu-seeme cu
+application/cybercash
+application/davmount+xml davmount
+application/dca-rft
+application/dec-dx
+application/dicom dcm
+application/docbook+xml
+application/dsptype tsp
+application/dvcs
+application/ecmascript es
+application/edi-consent
+application/edi-x12
+application/edifact
+application/epub+zip epub
+application/eshop
+application/font-sfnt otf ttf
+application/font-tdpfr pfr
+application/font-woff woff
+application/futuresplash spl
+application/ghostview
+application/gzip gz
+application/hta hta
+application/http
+application/hyperstudio
+application/iges
+application/index
+application/index.cmd
+application/index.obj
+application/index.response
+application/index.vnd
+application/iotp
+application/ipp
+application/isup
+application/java-archive jar
+application/java-serialized-object ser
+application/java-vm class
+application/javascript js mjs
+application/json json
+application/ld+json jsonld
+application/m3g m3g
+application/mac-binhex40 hqx
+application/mac-compactpro cpt
+application/macwriteii
+application/marc
+application/mathematica nb nbp
+application/mbox mbox
+application/ms-tnef
+application/msaccess mdb
+application/msword doc dot
+application/mxf mxf
+application/news-message-id
+application/news-transmission
+application/ocsp-request
+application/ocsp-response
+application/octet-stream bin deploy msu msp
+application/oda oda
+application/oebps-package+xml opf
+application/ogg ogx
+application/onenote one onetoc2 onetmp onepkg
+application/parityfec
+application/pdf pdf
+application/pgp-encrypted pgp
+application/pgp-keys key
+application/pgp-signature sig
+application/pics-rules prf
+application/pkcs10
+application/pkcs7-mime
+application/pkcs7-signature
+application/pkix-cert
+application/pkix-crl
+application/pkixcmp
+application/postscript ps ai eps epsi epsf eps2 eps3
+application/prs.alvestrand.titrax-sheet
+application/prs.cww
+application/prs.nprend
+application/qsig
+application/rar rar
+application/rdf+xml rdf
+application/remote-printing
+application/riscos
+application/rtf rtf
+application/sdp
+application/set-payment
+application/set-payment-initiation
+application/set-registration
+application/set-registration-initiation
+application/sgml
+application/sgml-open-catalog
+application/sieve
+application/sla stl
+application/slate
+application/smil+xml smi smil
+application/timestamp-query
+application/timestamp-reply
+application/vemmi
+application/wasm wasm
+application/whoispp-query
+application/whoispp-response
+application/wita
+application/x400-bp
+application/xhtml+xml xhtml xht
+application/xml xml xsd
+application/xml-dtd
+application/xml-external-parsed-entity
+application/xslt+xml xsl xslt
+application/xspf+xml xspf
+application/zip zip
+application/vnd.3M.Post-it-Notes
+application/vnd.accpac.simply.aso
+application/vnd.accpac.simply.imp
+application/vnd.acucobol
+application/vnd.aether.imp
+application/vnd.android.package-archive apk
+application/vnd.anser-web-certificate-issue-initiation
+application/vnd.anser-web-funds-transfer-initiation
+application/vnd.audiograph
+application/vnd.bmi
+application/vnd.businessobjects
+application/vnd.canon-cpdl
+application/vnd.canon-lips
+application/vnd.cinderella cdy
+application/vnd.claymore
+application/vnd.commerce-battelle
+application/vnd.commonspace
+application/vnd.comsocaller
+application/vnd.contact.cmsg
+application/vnd.cosmocaller
+application/vnd.ctc-posml
+application/vnd.cups-postscript
+application/vnd.cups-raster
+application/vnd.cups-raw
+application/vnd.cybank
+application/vnd.debian.binary-package deb ddeb udeb
+application/vnd.dna
+application/vnd.dpgraph
+application/vnd.dxr
+application/vnd.ecdis-update
+application/vnd.ecowin.chart
+application/vnd.ecowin.filerequest
+application/vnd.ecowin.fileupdate
+application/vnd.ecowin.series
+application/vnd.ecowin.seriesrequest
+application/vnd.ecowin.seriesupdate
+application/vnd.enliven
+application/vnd.epson.esf
+application/vnd.epson.msf
+application/vnd.epson.quickanime
+application/vnd.epson.salt
+application/vnd.epson.ssf
+application/vnd.ericsson.quickcall
+application/vnd.eudora.data
+application/vnd.fdf
+application/vnd.ffsns
+application/vnd.flographit
+application/vnd.font-fontforge-sfd sfd
+application/vnd.framemaker
+application/vnd.fsc.weblaunch
+application/vnd.fujitsu.oasys
+application/vnd.fujitsu.oasys2
+application/vnd.fujitsu.oasys3
+application/vnd.fujitsu.oasysgp
+application/vnd.fujitsu.oasysprs
+application/vnd.fujixerox.ddd
+application/vnd.fujixerox.docuworks
+application/vnd.fujixerox.docuworks.binder
+application/vnd.fut-misnet
+application/vnd.google-earth.kml+xml kml
+application/vnd.google-earth.kmz kmz
+application/vnd.grafeq
+application/vnd.groove-account
+application/vnd.groove-identity-message
+application/vnd.groove-injector
+application/vnd.groove-tool-message
+application/vnd.groove-tool-template
+application/vnd.groove-vcard
+application/vnd.hhe.lesson-player
+application/vnd.hp-HPGL
+application/vnd.hp-PCL
+application/vnd.hp-PCLXL
+application/vnd.hp-hpid
+application/vnd.hp-hps
+application/vnd.httphone
+application/vnd.hzn-3d-crossword
+application/vnd.ibm.MiniPay
+application/vnd.ibm.afplinedata
+application/vnd.ibm.modcap
+application/vnd.informix-visionary
+application/vnd.intercon.formnet
+application/vnd.intertrust.digibox
+application/vnd.intertrust.nncp
+application/vnd.intu.qbo
+application/vnd.intu.qfx
+application/vnd.irepository.package+xml
+application/vnd.is-xpr
+application/vnd.japannet-directory-service
+application/vnd.japannet-jpnstore-wakeup
+application/vnd.japannet-payment-wakeup
+application/vnd.japannet-registration
+application/vnd.japannet-registration-wakeup
+application/vnd.japannet-setstore-wakeup
+application/vnd.japannet-verification
+application/vnd.japannet-verification-wakeup
+application/vnd.koan
+application/vnd.lotus-1-2-3
+application/vnd.lotus-approach
+application/vnd.lotus-freelance
+application/vnd.lotus-notes
+application/vnd.lotus-organizer
+application/vnd.lotus-screencam
+application/vnd.lotus-wordpro
+application/vnd.mcd
+application/vnd.mediastation.cdkey
+application/vnd.meridian-slingshot
+application/vnd.mif
+application/vnd.minisoft-hp3000-save
+application/vnd.mitsubishi.misty-guard.trustweb
+application/vnd.mobius.daf
+application/vnd.mobius.dis
+application/vnd.mobius.msl
+application/vnd.mobius.plc
+application/vnd.mobius.txf
+application/vnd.motorola.flexsuite
+application/vnd.motorola.flexsuite.adsi
+application/vnd.motorola.flexsuite.fis
+application/vnd.motorola.flexsuite.gotap
+application/vnd.motorola.flexsuite.kmr
+application/vnd.motorola.flexsuite.ttc
+application/vnd.motorola.flexsuite.wem
+application/vnd.mozilla.xul+xml xul
+application/vnd.ms-artgalry
+application/vnd.ms-asf
+application/vnd.ms-excel xls xlb xlt
+application/vnd.ms-excel.addin.macroEnabled.12 xlam
+application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb
+application/vnd.ms-excel.sheet.macroEnabled.12 xlsm
+application/vnd.ms-excel.template.macroEnabled.12 xltm
+application/vnd.ms-fontobject eot
+application/vnd.ms-lrm
+application/vnd.ms-officetheme thmx
+application/vnd.ms-pki.seccat cat
+#application/vnd.ms-pki.stl stl
+application/vnd.ms-powerpoint ppt pps
+application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam
+application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm
+application/vnd.ms-powerpoint.slide.macroEnabled.12 sldm
+application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
+application/vnd.ms-powerpoint.template.macroEnabled.12 potm
+application/vnd.ms-project
+application/vnd.ms-tnef
+application/vnd.ms-word.document.macroEnabled.12 docm
+application/vnd.ms-word.template.macroEnabled.12 dotm
+application/vnd.ms-works
+application/vnd.mseq
+application/vnd.msign
+application/vnd.music-niff
+application/vnd.musician
+application/vnd.netfpx
+application/vnd.noblenet-directory
+application/vnd.noblenet-sealer
+application/vnd.noblenet-web
+application/vnd.novadigm.EDM
+application/vnd.novadigm.EDX
+application/vnd.novadigm.EXT
+application/vnd.oasis.opendocument.chart odc
+application/vnd.oasis.opendocument.database odb
+application/vnd.oasis.opendocument.formula odf
+application/vnd.oasis.opendocument.graphics odg
+application/vnd.oasis.opendocument.graphics-template otg
+application/vnd.oasis.opendocument.image odi
+application/vnd.oasis.opendocument.presentation odp
+application/vnd.oasis.opendocument.presentation-template otp
+application/vnd.oasis.opendocument.spreadsheet ods
+application/vnd.oasis.opendocument.spreadsheet-template ots
+application/vnd.oasis.opendocument.text odt
+application/vnd.oasis.opendocument.text-master odm
+application/vnd.oasis.opendocument.text-template ott
+application/vnd.oasis.opendocument.text-web oth
+application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
+application/vnd.openxmlformats-officedocument.presentationml.slide sldx
+application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx
+application/vnd.openxmlformats-officedocument.presentationml.template potx
+application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx
+application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx
+application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
+application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
+application/vnd.osa.netdeploy
+application/vnd.palm
+application/vnd.pg.format
+application/vnd.pg.osasli
+application/vnd.powerbuilder6
+application/vnd.powerbuilder6-s
+application/vnd.powerbuilder7
+application/vnd.powerbuilder7-s
+application/vnd.powerbuilder75
+application/vnd.powerbuilder75-s
+application/vnd.previewsystems.box
+application/vnd.publishare-delta-tree
+application/vnd.pvi.ptid1
+application/vnd.pwg-xhtml-print+xml
+application/vnd.rapid
+application/vnd.rim.cod cod
+application/vnd.s3sms
+application/vnd.seemail
+application/vnd.shana.informed.formdata
+application/vnd.shana.informed.formtemplate
+application/vnd.shana.informed.interchange
+application/vnd.shana.informed.package
+application/vnd.smaf mmf
+application/vnd.sss-cod
+application/vnd.sss-dtf
+application/vnd.sss-ntf
+application/vnd.stardivision.calc sdc
+application/vnd.stardivision.chart sds
+application/vnd.stardivision.draw sda
+application/vnd.stardivision.impress sdd
+application/vnd.stardivision.math sdf
+application/vnd.stardivision.writer sdw
+application/vnd.stardivision.writer-global sgl
+application/vnd.street-stream
+application/vnd.sun.xml.calc sxc
+application/vnd.sun.xml.calc.template stc
+application/vnd.sun.xml.draw sxd
+application/vnd.sun.xml.draw.template std
+application/vnd.sun.xml.impress sxi
+application/vnd.sun.xml.impress.template sti
+application/vnd.sun.xml.math sxm
+application/vnd.sun.xml.writer sxw
+application/vnd.sun.xml.writer.global sxg
+application/vnd.sun.xml.writer.template stw
+application/vnd.svd
+application/vnd.swiftview-ics
+application/vnd.symbian.install sis
+application/vnd.tcpdump.pcap cap pcap
+application/vnd.triscape.mxs
+application/vnd.trueapp
+application/vnd.truedoc
+application/vnd.tve-trigger
+application/vnd.ufdl
+application/vnd.uplanet.alert
+application/vnd.uplanet.alert-wbxml
+application/vnd.uplanet.bearer-choice
+application/vnd.uplanet.bearer-choice-wbxml
+application/vnd.uplanet.cacheop
+application/vnd.uplanet.cacheop-wbxml
+application/vnd.uplanet.channel
+application/vnd.uplanet.channel-wbxml
+application/vnd.uplanet.list
+application/vnd.uplanet.list-wbxml
+application/vnd.uplanet.listcmd
+application/vnd.uplanet.listcmd-wbxml
+application/vnd.uplanet.signal
+application/vnd.vcx
+application/vnd.vectorworks
+application/vnd.vidsoft.vidconference
+application/vnd.visio vsd vst vsw vss
+application/vnd.vividence.scriptfile
+application/vnd.wap.sic
+application/vnd.wap.slc
+application/vnd.wap.wbxml wbxml
+application/vnd.wap.wmlc wmlc
+application/vnd.wap.wmlscriptc wmlsc
+application/vnd.webturbo
+application/vnd.wordperfect wpd
+application/vnd.wordperfect5.1 wp5
+application/vnd.wrq-hp3000-labelled
+application/vnd.wt.stf
+application/vnd.xara
+application/vnd.xfdl
+application/vnd.yellowriver-custom-menu
+application/zlib
+application/x-123 wk
+application/x-7z-compressed 7z
+application/x-abiword abw
+application/x-apple-diskimage dmg
+application/x-bcpio bcpio
+application/x-bittorrent torrent
+application/x-cab cab
+application/x-cbr cbr
+application/x-cbz cbz
+application/x-cdf cdf cda
+application/x-cdlink vcd
+application/x-chess-pgn pgn
+application/x-comsol mph
+application/x-core
+application/x-cpio cpio
+application/x-csh csh
+application/x-debian-package deb udeb
+application/x-director dcr dir dxr
+application/x-dms dms
+application/x-doom wad
+application/x-dvi dvi
+application/x-executable
+application/x-font pfa pfb gsf
+application/x-font-pcf pcf pcf.Z
+application/x-freemind mm
+application/x-futuresplash spl
+application/x-ganttproject gan
+application/x-gnumeric gnumeric
+application/x-go-sgf sgf
+application/x-graphing-calculator gcf
+application/x-gtar gtar
+application/x-gtar-compressed tgz taz
+application/x-hdf hdf
+#application/x-httpd-eruby rhtml
+#application/x-httpd-php phtml pht php
+#application/x-httpd-php-source phps
+#application/x-httpd-php3 php3
+#application/x-httpd-php3-preprocessed php3p
+#application/x-httpd-php4 php4
+#application/x-httpd-php5 php5
+application/x-hwp hwp
+application/x-ica ica
+application/x-info info
+application/x-internet-signup ins isp
+application/x-iphone iii
+application/x-iso9660-image iso
+application/x-jam jam
+application/x-java-applet
+application/x-java-bean
+application/x-java-jnlp-file jnlp
+application/x-jmol jmz
+application/x-kchart chrt
+application/x-kdelnk
+application/x-killustrator kil
+application/x-koan skp skd skt skm
+application/x-kpresenter kpr kpt
+application/x-kspread ksp
+application/x-kword kwd kwt
+application/x-latex latex
+application/x-lha lha
+application/x-lyx lyx
+application/x-lzh lzh
+application/x-lzx lzx
+application/x-maker frm maker frame fm fb book fbdoc
+application/x-mif mif
+application/x-mpegURL m3u8
+application/x-ms-application application
+application/x-ms-manifest manifest
+application/x-ms-wmd wmd
+application/x-ms-wmz wmz
+application/x-msdos-program com exe bat dll
+application/x-msi msi
+application/x-netcdf nc
+application/x-ns-proxy-autoconfig pac
+application/x-nwc nwc
+application/x-object o
+application/x-oz-application oza
+application/x-pkcs7-certreqresp p7r
+application/x-pkcs7-crl crl
+application/x-python-code pyc pyo
+application/x-qgis qgs shp shx
+application/x-quicktimeplayer qtl
+application/x-rdp rdp
+application/x-redhat-package-manager rpm
+application/x-rss+xml rss
+application/x-ruby rb
+application/x-rx
+application/x-scilab sci sce
+application/x-scilab-xcos xcos
+application/x-sh sh
+application/x-shar shar
+application/x-shellscript
+application/x-shockwave-flash swf swfl
+application/x-silverlight scr
+application/x-sql sql
+application/x-stuffit sit sitx
+application/x-sv4cpio sv4cpio
+application/x-sv4crc sv4crc
+application/x-tar tar
+application/x-tcl tcl
+application/x-tex-gf gf
+application/x-tex-pk pk
+application/x-texinfo texinfo texi
+application/x-trash ~ % bak old sik
+application/x-troff t tr roff
+application/x-troff-man man
+application/x-troff-me me
+application/x-troff-ms ms
+application/x-ustar ustar
+application/x-videolan
+application/x-wais-source src
+application/x-wingz wz
+application/x-x509-ca-cert crt
+application/x-xcf xcf
+application/x-xfig fig
+application/x-xpinstall xpi
+application/x-xz xz
+
+audio/32kadpcm
+audio/3gpp
+audio/amr amr
+audio/amr-wb awb
+audio/annodex axa
+audio/basic au snd
+audio/csound csd orc sco
+audio/flac flac
+audio/g.722.1
+audio/l16
+audio/midi mid midi kar
+audio/mp4a-latm
+audio/mpa-robust
+audio/mpeg mpga mpega mp2 mp3 m4a
+audio/mpegurl m3u
+audio/ogg oga ogg opus spx
+audio/parityfec
+audio/prs.sid sid
+audio/telephone-event
+audio/tone
+audio/vnd.cisco.nse
+audio/vnd.cns.anp1
+audio/vnd.cns.inf1
+audio/vnd.digital-winds
+audio/vnd.everad.plj
+audio/vnd.lucent.voice
+audio/vnd.nortel.vbk
+audio/vnd.nuera.ecelp4800
+audio/vnd.nuera.ecelp7470
+audio/vnd.nuera.ecelp9600
+audio/vnd.octel.sbc
+audio/vnd.qcelp
+audio/vnd.rhetorex.32kadpcm
+audio/vnd.vmx.cvsd
+audio/x-aiff aif aiff aifc
+audio/x-gsm gsm
+audio/x-mpegurl m3u
+audio/x-ms-wma wma
+audio/x-ms-wax wax
+audio/x-pn-realaudio-plugin
+audio/x-pn-realaudio ra rm ram
+audio/x-realaudio ra
+audio/x-scpls pls
+audio/x-sd2 sd2
+audio/x-wav wav
+
+chemical/x-alchemy alc
+chemical/x-cache cac cache
+chemical/x-cache-csf csf
+chemical/x-cactvs-binary cbin cascii ctab
+chemical/x-cdx cdx
+chemical/x-cerius cer
+chemical/x-chem3d c3d
+chemical/x-chemdraw chm
+chemical/x-cif cif
+chemical/x-cmdf cmdf
+chemical/x-cml cml
+chemical/x-compass cpa
+chemical/x-crossfire bsd
+chemical/x-csml csml csm
+chemical/x-ctx ctx
+chemical/x-cxf cxf cef
+#chemical/x-daylight-smiles smi
+chemical/x-embl-dl-nucleotide emb embl
+chemical/x-galactic-spc spc
+chemical/x-gamess-input inp gam gamin
+chemical/x-gaussian-checkpoint fch fchk
+chemical/x-gaussian-cube cub
+chemical/x-gaussian-input gau gjc gjf
+chemical/x-gaussian-log gal
+chemical/x-gcg8-sequence gcg
+chemical/x-genbank gen
+chemical/x-hin hin
+chemical/x-isostar istr ist
+chemical/x-jcamp-dx jdx dx
+chemical/x-kinemage kin
+chemical/x-macmolecule mcm
+chemical/x-macromodel-input mmd mmod
+chemical/x-mdl-molfile mol
+chemical/x-mdl-rdfile rd
+chemical/x-mdl-rxnfile rxn
+chemical/x-mdl-sdfile sd sdf
+chemical/x-mdl-tgf tgf
+#chemical/x-mif mif
+chemical/x-mmcif mcif
+chemical/x-mol2 mol2
+chemical/x-molconn-Z b
+chemical/x-mopac-graph gpt
+chemical/x-mopac-input mop mopcrt mpc zmt
+chemical/x-mopac-out moo
+chemical/x-mopac-vib mvb
+chemical/x-ncbi-asn1 asn
+chemical/x-ncbi-asn1-ascii prt ent
+chemical/x-ncbi-asn1-binary val aso
+chemical/x-ncbi-asn1-spec asn
+chemical/x-pdb pdb ent
+chemical/x-rosdal ros
+chemical/x-swissprot sw
+chemical/x-vamas-iso14976 vms
+chemical/x-vmd vmd
+chemical/x-xtel xtel
+chemical/x-xyz xyz
+
+font/collection ttc
+font/otf ttf otf
+font/sfnt ttf otf
+font/ttf ttf otf
+font/woff woff
+font/woff2 woff2
+
+image/cgm
+image/g3fax
+image/gif gif
+image/ief ief
+image/jp2 jp2 jpg2
+image/jpeg jpeg jpg jpe
+image/jpm jpm
+image/jpx jpx jpf
+image/naplps
+image/pcx pcx
+image/png png
+image/prs.btif
+image/prs.pti
+image/svg+xml svg svgz
+image/tiff tiff tif
+image/vnd.cns.inf2
+image/vnd.djvu djvu djv
+image/vnd.dwg
+image/vnd.dxf
+image/vnd.fastbidsheet
+image/vnd.fpx
+image/vnd.fst
+image/vnd.fujixerox.edmics-mmr
+image/vnd.fujixerox.edmics-rlc
+image/vnd.microsoft.icon ico
+image/vnd.mix
+image/vnd.net-fpx
+image/vnd.svf
+image/vnd.wap.wbmp wbmp
+image/vnd.xiff
+image/x-canon-cr2 cr2
+image/x-canon-crw crw
+image/x-cmu-raster ras
+image/x-coreldraw cdr
+image/x-coreldrawpattern pat
+image/x-coreldrawtemplate cdt
+image/x-corelphotopaint cpt
+image/x-epson-erf erf
+image/x-icon
+image/x-jg art
+image/x-jng jng
+image/x-ms-bmp bmp
+image/x-nikon-nef nef
+image/x-olympus-orf orf
+image/x-photoshop psd
+image/x-portable-anymap pnm
+image/x-portable-bitmap pbm
+image/x-portable-graymap pgm
+image/x-portable-pixmap ppm
+image/x-rgb rgb
+image/x-xbitmap xbm
+image/x-xpixmap xpm
+image/x-xwindowdump xwd
+
+inode/chardevice
+inode/blockdevice
+inode/directory-locked
+inode/directory
+inode/fifo
+inode/socket
+
+message/delivery-status
+message/disposition-notification
+message/external-body
+message/http
+message/s-http
+message/news
+message/partial
+message/rfc822 eml
+
+model/iges igs iges
+model/mesh msh mesh silo
+model/vnd.dwf
+model/vnd.flatland.3dml
+model/vnd.gdl
+model/vnd.gs-gdl
+model/vnd.gtw
+model/vnd.mts
+model/vnd.vtu
+model/vrml wrl vrml
+model/x3d+vrml x3dv
+model/x3d+xml x3d
+model/x3d+binary x3db
+
+multipart/alternative
+multipart/appledouble
+multipart/byteranges
+multipart/digest
+multipart/encrypted
+multipart/form-data
+multipart/header-set
+multipart/mixed
+multipart/parallel
+multipart/related
+multipart/report
+multipart/signed
+multipart/voice-message
+
+text/cache-manifest appcache
+text/calendar ics icz
+text/css css
+text/csv csv
+text/directory
+text/english
+text/enriched
+text/h323 323
+text/html html htm shtml
+text/iuls uls
+text/mathml mml
+text/markdown md markdown
+text/parityfec
+text/plain asc txt text pot brf srt
+text/prs.lines.tag
+text/rfc822-headers
+text/richtext rtx
+text/rtf
+text/scriptlet sct wsc
+text/t140
+text/texmacs tm
+text/tab-separated-values tsv
+text/turtle ttl
+text/uri-list
+text/vcard vcf vcard
+text/vnd.abc
+text/vnd.curl
+text/vnd.debian.copyright
+text/vnd.DMClientScript
+text/vnd.flatland.3dml
+text/vnd.fly
+text/vnd.fmi.flexstor
+text/vnd.in3d.3dml
+text/vnd.in3d.spot
+text/vnd.IPTC.NewsML
+text/vnd.IPTC.NITF
+text/vnd.latex-z
+text/vnd.motorola.reflex
+text/vnd.ms-mediapackage
+text/vnd.sun.j2me.app-descriptor jad
+text/vnd.wap.si
+text/vnd.wap.sl
+text/vnd.wap.wml wml
+text/vnd.wap.wmlscript wmls
+text/x-bibtex bib
+text/x-boo boo
+text/x-c++hdr h++ hpp hxx hh
+text/x-c++src c++ cpp cxx cc
+text/x-chdr h
+text/x-component htc
+text/x-crontab
+text/x-csh csh
+text/x-csrc c
+text/x-dsrc d
+text/x-diff diff patch
+text/x-haskell hs
+text/x-java java
+text/x-lilypond ly
+text/x-literate-haskell lhs
+text/x-makefile
+text/x-moc moc
+text/x-pascal p pas
+text/x-pcs-gcd gcd
+text/x-perl pl pm
+text/x-python py
+text/x-scala scala
+text/x-server-parsed-html
+text/x-setext etx
+text/x-sfv sfv
+text/x-sh sh
+text/x-tcl tcl tk
+text/x-tex tex ltx sty cls
+text/x-vcalendar vcs
+
+video/3gpp 3gp
+video/annodex axv
+video/dl dl
+video/dv dif dv
+video/fli fli
+video/gl gl
+video/mpeg mpeg mpg mpe
+video/MP2T ts
+video/mp4 mp4
+video/quicktime qt mov
+video/mp4v-es
+video/ogg ogv
+video/parityfec
+video/pointer
+video/webm webm
+video/vnd.fvt
+video/vnd.motorola.video
+video/vnd.motorola.videop
+video/vnd.mpegurl mxu
+video/vnd.mts
+video/vnd.nokia.interleaved-multimedia
+video/vnd.vivo
+video/x-flv flv
+video/x-la-asf lsf lsx
+video/x-mng mng
+video/x-ms-asf asf asx
+video/x-ms-wm wm
+video/x-ms-wmv wmv
+video/x-ms-wmx wmx
+video/x-ms-wvx wvx
+video/x-msvideo avi
+video/x-sgi-movie movie
+video/x-matroska mpv mkv
+
+x-conference/x-cooltalk ice
+
+x-epoc/x-sisx-app sisx
+x-world/x-vrml vrm vrml wrl
--- /dev/null
+[defaults]
+ base_features = sparse_super,large_file,filetype,resize_inode,dir_index,ext_attr
+ default_mntopts = acl,user_xattr
+ enable_periodic_fsck = 0
+ blocksize = 4096
+ inode_size = 256
+ inode_ratio = 16384
+
+[fs_types]
+ ext3 = {
+ features = has_journal
+ }
+ ext4 = {
+ features = has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize
+ inode_size = 256
+ }
+ small = {
+ inode_size = 128
+ inode_ratio = 4096
+ }
+ floppy = {
+ inode_size = 128
+ inode_ratio = 8192
+ }
+ big = {
+ inode_ratio = 32768
+ }
+ huge = {
+ inode_ratio = 65536
+ }
+ news = {
+ inode_ratio = 4096
+ }
+ largefile = {
+ inode_ratio = 1048576
+ blocksize = -1
+ }
+ largefile4 = {
+ inode_ratio = 4194304
+ blocksize = -1
+ }
+ hurd = {
+ blocksize = 4096
+ inode_size = 128
+ }
+
+[options]
+ fname_encoding = utf8
--- /dev/null
+# The microcode module attempts to apply a microcode update when
+# it autoloads. This is not always safe, so we block it by default.
+blacklist microcode
--- /dev/null
+# For some Atheros 5K RF MACs, the madwifi driver loads buts fails to
+# correctly initialize the hardware, leaving it in a state from
+# which ath5k cannot recover. To prevent this condition, stop
+# madwifi from loading by default. Use Jockey to select one driver
+# or the other. (Ubuntu: #315056, #323830)
+blacklist ath_pci
+
--- /dev/null
+# Select the legacy firewire stack over the new CONFIG_FIREWIRE one.
+
+blacklist ohci1394
+blacklist sbp2
+blacklist dv1394
+blacklist raw1394
+blacklist video1394
+
+#blacklist firewire-ohci
+#blacklist firewire-sbp2
--- /dev/null
+# Framebuffer drivers are generally buggy and poorly-supported, and cause
+# suspend failures, kernel panics and general mayhem. For this reason we
+# never load them automatically.
+blacklist aty128fb
+blacklist atyfb
+blacklist radeonfb
+blacklist cirrusfb
+blacklist cyber2000fb
+blacklist cyblafb
+blacklist gx1fb
+blacklist hgafb
+blacklist i810fb
+blacklist intelfb
+blacklist kyrofb
+blacklist lxfb
+blacklist matroxfb_base
+blacklist neofb
+blacklist nvidiafb
+blacklist pm2fb
+blacklist rivafb
+blacklist s1d13xxxfb
+blacklist savagefb
+blacklist sisfb
+blacklist sstfb
+blacklist tdfxfb
+blacklist tridentfb
+#blacklist vesafb
+blacklist vfb
+blacklist viafb
+blacklist vt8623fb
+blacklist udlfb
--- /dev/null
+# Many less commonly used network protocols have recently had various
+# security flaws discovered. In an effort to reduce the scope of future
+# vulnerability exploitations, they are being blacklisted here so that
+# unprivileged users cannot use them by default. System owners can still
+# either modify this file, or specifically modprobe any needed protocols.
+
+# ax25
+alias net-pf-3 off
+# netrom
+alias net-pf-6 off
+# x25
+alias net-pf-9 off
+# rose
+alias net-pf-11 off
+# decnet
+alias net-pf-12 off
+# econet
+alias net-pf-19 off
+# rds
+alias net-pf-21 off
+# af_802154
+alias net-pf-36 off
--- /dev/null
+# This file lists those modules which we don't want to be loaded by
+# alias expansion, usually so some other driver will be loaded for the
+# device instead.
+
+# evbug is a debug tool that should be loaded explicitly
+blacklist evbug
+
+# these drivers are very simple, the HID drivers are usually preferred
+blacklist usbmouse
+blacklist usbkbd
+
+# replaced by e100
+blacklist eepro100
+
+# replaced by tulip
+blacklist de4x5
+
+# causes no end of confusion by creating unexpected network interfaces
+blacklist eth1394
+
+# snd_intel8x0m can interfere with snd_intel8x0, doesn't seem to support much
+# hardware on its own (Ubuntu bug #2011, #6810)
+blacklist snd_intel8x0m
+
+# Conflicts with dvb driver (which is better for handling this device)
+blacklist snd_aw2
+
+# replaced by p54pci
+blacklist prism54
+
+# replaced by b43 and ssb.
+blacklist bcm43xx
+
+# most apps now use garmin usb driver directly (Ubuntu: #114565)
+blacklist garmin_gps
+
+# replaced by asus-laptop (Ubuntu: #184721)
+blacklist asus_acpi
+
+# low-quality, just noise when being used for sound playback, causes
+# hangs at desktop session start (Ubuntu: #246969)
+blacklist snd_pcsp
+
+# ugly and loud noise, getting on everyone's nerves; this should be done by a
+# nice pulseaudio bing (Ubuntu: #77010)
+blacklist pcspkr
+
+# EDAC driver for amd76x clashes with the agp driver preventing the aperture
+# from being initialised (Ubuntu: #297750). Blacklist so that the driver
+# continues to build and is installable for the few cases where its
+# really needed.
+blacklist amd76x_edac
--- /dev/null
+# The microcode module attempts to apply a microcode update when
+# it autoloads. This is not always safe, so we block it by default.
+blacklist microcode
--- /dev/null
+# /etc/modprobe.d/iwlwifi.conf
+# iwlwifi will dyamically load either iwldvm or iwlmvm depending on the
+# microcode file installed on the system. When removing iwlwifi, first
+# remove the iwl?vm module and then iwlwifi.
+remove iwlwifi \
+(/sbin/lsmod | grep -o -e ^iwlmvm -e ^iwldvm -e ^iwlwifi | xargs /sbin/rmmod) \
+&& /sbin/modprobe -r mac80211
--- /dev/null
+# mdadm module configuration file
+# set start_ro=1 to make newly assembled arrays read-only initially,
+# to prevent metadata writes. This is needed in order to allow
+# resume-from-disk to work - new boot should not perform writes
+# because it will be done behind the back of the system being
+# resumed. See http://bugs.debian.org/415441 for details.
+
+options md_mod start_ro=1
--- /dev/null
+# /etc/modules: kernel modules to load at boot time.
+#
+# This file contains the names of kernel modules that should be loaded
+# at boot time, one per line. Lines beginning with "#" are ignored.
+
--- /dev/null
+../modules
\ No newline at end of file
--- /dev/null
+../proc/self/mounts
\ No newline at end of file
--- /dev/null
+defaults {
+ user_friendly_names yes
+}
--- /dev/null
+# Multipath wwids, Version : 1.0
+# NOTE: This file is automatically maintained by multipath and multipathd.
+# You should not need to edit this file in normal circumstances.
+#
+# Valid WWIDs:
--- /dev/null
+## Sample initialization file for GNU nano.
+##
+## This file should not be in DOS or Mac format, and characters
+## specially interpreted by the shell should not be escaped here.
+##
+## To make sure an option is disabled, use "unset <option>".
+##
+## For the options that take parameters, the default value is given.
+## Other options are unset by default.
+##
+## Inside string parameters, quotes should not be escaped. The last
+## double quote on the line will be seen as the closing quote.
+
+## Make the 'nextword' function (Ctrl+Right) stop at word ends
+## instead of at beginnings.
+# set afterends
+
+## When soft line wrapping is enabled, make it wrap lines at blanks
+## (tabs and spaces) instead of always at the edge of the screen.
+# set atblanks
+
+## Automatically indent a newly created line to the same number of
+## tabs and/or spaces as the preceding line -- or as the next line
+## if the preceding line is the beginning of a paragraph.
+# set autoindent
+
+## Back up files to the current filename plus a tilde.
+# set backup
+
+## The directory to put unique backup files in.
+# set backupdir ""
+
+## Use bold text instead of reverse video text.
+# set boldtext
+
+## The characters treated as closing brackets when justifying paragraphs.
+## This may not include any blank characters. Only closing punctuation,
+## optionally followed by these closing brackets, can end sentences.
+# set brackets ""')>]}"
+
+## Automatically hard-wrap the current line when it becomes overlong.
+# set breaklonglines
+
+## Do case-sensitive searches by default.
+# set casesensitive
+
+## Constantly display the cursor position in the status bar. Note that
+## this overrides "quickblank".
+# set constantshow
+
+## Use cut-from-cursor-to-end-of-line by default.
+# set cutfromcursor
+
+## Do not use the line below the title bar, leaving it entirely blank.
+# set emptyline
+
+## Set the target width for automatic hard-wrapping and for justifying
+## paragraphs. If the specified value is 0 or less, the wrapping point
+## will be the terminal's width minus this number.
+# set fill -8
+
+## Remember the used search/replace strings for the next session.
+set historylog
+
+## Scroll the buffer contents per half-screen instead of per line.
+# set jumpyscrolling
+
+## Display line numbers to the left of the text.
+# set linenumbers
+
+## Enable vim-style lock-files. This is just to let a vim user know you
+## are editing a file [s]he is trying to edit and vice versa. There are
+## no plans to implement vim-style undo state in these files.
+set locking
+
+## The opening and closing brackets that can be found by bracket
+## searches. They cannot contain blank characters. The former set must
+## come before the latter set, and both must be in the same order.
+# set matchbrackets "(<[{)>]}"
+
+## Enable mouse support, if available for your system. When enabled,
+## mouse clicks can be used to place the cursor, set the mark (with a
+## double click), and execute shortcuts. The mouse will work in the X
+## Window System, and on the console when gpm is running.
+# set mouse
+
+## Switch on multiple file buffers (inserting a file will put it into
+## a separate buffer).
+# set multibuffer
+
+## Don't convert files from DOS/Mac format.
+# set noconvert
+
+## Don't display the helpful shortcut lists at the bottom of the screen.
+# set nohelp
+
+## Don't automatically add a newline when a file does not end with one.
+# set nonewlines
+
+## Set operating directory. nano will not read or write files outside
+## this directory and its subdirectories. Also, the current directory
+## is changed to here, so any files are inserted from this dir. A blank
+## string means the operating-directory feature is turned off.
+# set operatingdir ""
+
+## Remember the cursor position in each file for the next editing session.
+# set positionlog
+
+## Preserve the XON and XOFF keys (^Q and ^S).
+# set preserve
+
+## The characters treated as closing punctuation when justifying
+## paragraphs. They cannot contain blank characters. Only closing
+## punctuation, optionally followed by closing brackets, can end
+## sentences.
+# set punct "!.?"
+
+## Do quick status-bar blanking. Status-bar messages will disappear after
+## 1 keystroke instead of 26. Note that "constantshow" overrides this.
+# set quickblank
+
+## The regular expression that matches quoting characters in email
+## or line-comment introducers in source code. The default is:
+# set quotestr "^([ ]*([!#%:;>|}]|//))+"
+
+## Try to work around a mismatching terminfo terminal description.
+# set rawsequences
+
+## Fix Backspace/Delete confusion problem.
+# set rebinddelete
+
+## Do regular-expression searches by default.
+## Regular expressions are of the extended type (ERE).
+# set regexp
+
+## Put the cursor on the highlighted item in the file browser, and show
+## the cursor in the help viewer; useful for people who use a braille
+## display and people with poor vision.
+# set showcursor
+
+## Make the Home key smarter. When Home is pressed anywhere but at the
+## very beginning of non-whitespace characters on a line, the cursor
+## will jump to that beginning (either forwards or backwards). If the
+## cursor is already at that position, it will jump to the true
+## beginning of the line.
+# set smarthome
+
+## Enable soft line wrapping (AKA full-line display).
+# set softwrap
+
+## Use this spelling checker instead of the internal one. This option
+## does not have a default value.
+# set speller "aspell -x -c"
+
+## Allow nano to be suspended.
+set suspend
+
+## Use this tab size instead of the default; it must be greater than 0.
+# set tabsize 8
+
+## Convert typed tabs to spaces.
+# set tabstospaces
+
+## Save automatically on exit; don't prompt.
+# set tempfile
+
+## Snip whitespace at the end of lines when justifying or hard-wrapping.
+# set trimblanks
+
+## Disallow file modification. Why would you want this in an rcfile? ;)
+# set view
+
+## The two single-column characters used to display the first characters
+## of tabs and spaces. 187 in ISO 8859-1 (0000BB in Unicode) and 183 in
+## ISO-8859-1 (0000B7 in Unicode) seem to be good values for these.
+## The default when in a UTF-8 locale:
+# set whitespace "»·"
+## The default otherwise:
+# set whitespace ">."
+
+## Detect word boundaries differently by treating punctuation
+## characters as parts of words.
+# set wordbounds
+
+## The characters (besides alphanumeric ones) that should be considered
+## as parts of words. This option does not have a default value. When
+## set, it overrides option 'set wordbounds'.
+# set wordchars "<_>."
+
+## Let an unmodified Backspace or Delete erase the marked region (instead
+## of a single character, and without affecting the cutbuffer).
+# set zap
+
+## Paint the interface elements of nano. These are examples;
+## by default there are no colors, except for errorcolor.
+# set titlecolor brightwhite,blue
+# set statuscolor brightwhite,green
+# set errorcolor brightwhite,red
+# set selectedcolor brightwhite,magenta
+# set stripecolor ,yellow
+# set numbercolor cyan
+# set keycolor cyan
+# set functioncolor green
+## In root's .nanorc you might want to use:
+# set titlecolor brightwhite,magenta
+# set statuscolor brightwhite,magenta
+# set errorcolor brightwhite,red
+# set selectedcolor brightwhite,cyan
+# set stripecolor ,yellow
+# set numbercolor magenta
+# set keycolor brightmagenta
+# set functioncolor magenta
+
+
+## Setup of syntax coloring.
+##
+## syntax "name" ["filename regex" ...]
+##
+## color|icolor foreground,background "regex" ["regex"...]
+## [...]
+##
+## 'color' will do case-sensitive matches, while 'icolor' will do
+## case-insensitive matches.
+##
+## All color commands are applied in the order in which they are specified,
+## meaning that later commands can recolor stuff that was colored earlier.
+##
+## Valid color names for foreground and background are: white, black, normal,
+## red, blue, green, yellow, magenta, cyan. For foreground colors, you may
+## use the prefix "bright" to get a stronger highlight.
+##
+## All regexes (regular expressions) are of the extended type (ERE).
+##
+## If the coloring rule should span multiple lines, use the following format:
+##
+## color fg,bg start="regex" end="regex"
+##
+## If you wish, you may put your syntax definitions in separate files.
+## You can make use of such files as follows:
+##
+## include "/path/to/syntax_file.nanorc"
+
+## To include all existing syntax definitions, you can do:
+include "/usr/share/nano/*.nanorc"
+
+
+## If <Tab> should always produce four spaces when editing a Python file,
+## independent of the settings of 'tabsize' and 'tabstospaces':
+# extendsyntax python tabgives " "
+
+## If <Tab> should always produce an actual TAB when editing a Makefile:
+# extendsyntax makefile tabgives " "
+
+
+## Key bindings.
+## See nanorc(5) (section REBINDING KEYS) for more details on this.
+
+## The <Ctrl+Delete> keystroke deletes the word to the right of the cursor.
+## On some terminals the <Ctrl+Backspace> keystroke produces ^H, which is
+## the ASCII character for backspace, so it is bound by default to the
+## backspace function. The <Backspace> key itself produces a different
+## keycode, which is hard-bound to the backspace function. So, if you
+## normally use <Backspace> for backspacing and not ^H, you can make
+## <Ctrl+Backspace> delete the word to the left of the cursor with:
+# bind ^H chopwordleft main
+
+## If you would like nano to have keybindings that are more "usual",
+## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit,
+## then uncomment these:
+#bind ^Q exit all
+#bind ^S savefile main
+#bind ^W writeout main
+#bind ^O insert main
+#bind ^H help all
+#bind ^H exit help
+#bind ^F whereis all
+#bind ^G findnext all
+#bind ^B wherewas all
+#bind ^D findprevious all
+#bind ^R replace main
+#bind M-X flipnewbuffer all
+#bind ^X cut all
+#bind ^C copy main
+#bind ^V paste all
+#bind ^P curpos main
+#bind ^A mark main
+#unbind ^K main
+#unbind ^U all
+#unbind ^N main
+#unbind ^Y all
+#unbind M-J main
+#unbind M-T main
+#bind ^T gotoline main
+#bind ^T gotodir browser
+#bind ^Y speller main
+#bind M-U undo main
+#bind M-R redo main
+#bind ^U undo main
+#bind ^E redo main
+#set multibuffer
--- /dev/null
+# This is the network config written by 'subiquity'
+network:
+ ethernets:
+ ens160:
+ addresses:
+ - 216.218.216.163/24
+ - 2001:470:1:1ee::76/64
+ gateway4: 216.218.216.161
+ gateway6: 2001:470:1:1ee::1
+ nameservers:
+ addresses:
+ - 2001:4860:4860::8888
+ - 2001:4860:4860::8844
+ version: 2
--- /dev/null
+#!/bin/sh
+
+ETHTOOL=/sbin/ethtool
+
+test -x $ETHTOOL || exit 0
+
+[ "$IFACE" != "lo" ] || exit 0
+
+# Gather together the mixed bag of settings applied with -s/--change
+SETTINGS="\
+${IF_ETHERNET_PORT:+ port $IF_ETHERNET_PORT}\
+${IF_DRIVER_MESSAGE_LEVEL:+ msglvl $IF_DRIVER_MESSAGE_LEVEL}\
+"
+[ -z "$SETTINGS" ] || $ETHTOOL --change "$IFACE" $SETTINGS
--- /dev/null
+#!/bin/sh
+
+ETHTOOL=/sbin/ethtool
+
+test -x $ETHTOOL || exit 0
+
+[ "$IFACE" != "lo" ] || exit 0
+
+# Find settings with a given prefix and print them as they appeared in
+# /etc/network/interfaces, only with the prefix removed.
+# This actually prints each name and value on a separate line, but that
+# doesn't matter to the shell.
+gather_settings () {
+ set | sed -n "
+/^IF_$1[A-Za-z0-9_]*=/ {
+ h; # hold line
+ s/^IF_$1//; s/=.*//; s/_/-/g; # get name without prefix
+ y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/; # lower-case
+ p;
+ g; # restore line
+ s/^[^=]*=//; s/^'\(.*\)'/\1/; # get value
+ p;
+}"
+}
+
+# Gather together the mixed bag of settings applied with -s/--change
+SETTINGS="\
+${IF_LINK_SPEED:+ speed $IF_LINK_SPEED}\
+${IF_LINK_DUPLEX:+ duplex $IF_LINK_DUPLEX}\
+"
+
+# WOL has an optional pass-key
+set -- $IF_ETHERNET_WOL
+SETTINGS="$SETTINGS${1:+ wol $1}${2:+ sopass $2}"
+
+# Autonegotiation can be on|off or an advertising mask
+case "$IF_ETHERNET_AUTONEG" in
+'') ;;
+on|off) SETTINGS="$SETTINGS autoneg $IF_ETHERNET_AUTONEG" ;;
+*) SETTINGS="$SETTINGS autoneg on advertise $IF_ETHERNET_AUTONEG" ;;
+esac
+
+[ -z "$SETTINGS" ] || $ETHTOOL --change "$IFACE" $SETTINGS
+
+SETTINGS="$(gather_settings ETHERNET_PAUSE_)"
+[ -z "$SETTINGS" ] || $ETHTOOL --pause "$IFACE" $SETTINGS
+
+SETTINGS="$(gather_settings HARDWARE_IRQ_COALESCE_)"
+[ -z "$SETTINGS" ] || $ETHTOOL --coalesce "$IFACE" $SETTINGS
+
+SETTINGS="$(gather_settings HARDWARE_DMA_RING_)"
+[ -z "$SETTINGS" ] || $ETHTOOL --set-ring "$IFACE" $SETTINGS
+
+SETTINGS="$(gather_settings OFFLOAD_)"
+[ -z "$SETTINGS" ] || $ETHTOOL --offload "$IFACE" $SETTINGS
--- /dev/null
+# symbolic names for networks, see networks(5) for more information
+link-local 169.254.0.0
--- /dev/null
+/etc/alternatives/newt-palette
\ No newline at end of file
--- /dev/null
+root=,magenta
+checkbox=,magenta
+entry=,magenta
+label=magenta,
+actlistbox=,magenta
+helpline=,magenta
+roottext=,magenta
+emptyscale=magenta
+disabledentry=magenta,
--- /dev/null
+
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
--- /dev/null
+
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
--- /dev/null
+
+# This map is not a full koi8-r <> utf8 map: it does not contain
+# box-drawing and some other characters. Besides this map contains
+# several koi8-u and Byelorussian letters which are not in koi8-r.
+# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
+# map instead.
+
+charset_map koi8-r utf-8 {
+
+ 80 E282AC ; # euro
+
+ 95 E280A2 ; # bullet
+
+ 9A C2A0 ; #
+
+ 9E C2B7 ; # ·
+
+ A3 D191 ; # small yo
+ A4 D194 ; # small Ukrainian ye
+
+ A6 D196 ; # small Ukrainian i
+ A7 D197 ; # small Ukrainian yi
+
+ AD D291 ; # small Ukrainian soft g
+ AE D19E ; # small Byelorussian short u
+
+ B0 C2B0 ; # °
+
+ B3 D081 ; # capital YO
+ B4 D084 ; # capital Ukrainian YE
+
+ B6 D086 ; # capital Ukrainian I
+ B7 D087 ; # capital Ukrainian YI
+
+ B9 E28496 ; # numero sign
+
+ BD D290 ; # capital Ukrainian soft G
+ BE D18E ; # capital Byelorussian short U
+
+ BF C2A9 ; # (C)
+
+ C0 D18E ; # small yu
+ C1 D0B0 ; # small a
+ C2 D0B1 ; # small b
+ C3 D186 ; # small ts
+ C4 D0B4 ; # small d
+ C5 D0B5 ; # small ye
+ C6 D184 ; # small f
+ C7 D0B3 ; # small g
+ C8 D185 ; # small kh
+ C9 D0B8 ; # small i
+ CA D0B9 ; # small j
+ CB D0BA ; # small k
+ CC D0BB ; # small l
+ CD D0BC ; # small m
+ CE D0BD ; # small n
+ CF D0BE ; # small o
+
+ D0 D0BF ; # small p
+ D1 D18F ; # small ya
+ D2 D180 ; # small r
+ D3 D181 ; # small s
+ D4 D182 ; # small t
+ D5 D183 ; # small u
+ D6 D0B6 ; # small zh
+ D7 D0B2 ; # small v
+ D8 D18C ; # small soft sign
+ D9 D18B ; # small y
+ DA D0B7 ; # small z
+ DB D188 ; # small sh
+ DC D18D ; # small e
+ DD D189 ; # small shch
+ DE D187 ; # small ch
+ DF D18A ; # small hard sign
+
+ E0 D0AE ; # capital YU
+ E1 D090 ; # capital A
+ E2 D091 ; # capital B
+ E3 D0A6 ; # capital TS
+ E4 D094 ; # capital D
+ E5 D095 ; # capital YE
+ E6 D0A4 ; # capital F
+ E7 D093 ; # capital G
+ E8 D0A5 ; # capital KH
+ E9 D098 ; # capital I
+ EA D099 ; # capital J
+ EB D09A ; # capital K
+ EC D09B ; # capital L
+ ED D09C ; # capital M
+ EE D09D ; # capital N
+ EF D09E ; # capital O
+
+ F0 D09F ; # capital P
+ F1 D0AF ; # capital YA
+ F2 D0A0 ; # capital R
+ F3 D0A1 ; # capital S
+ F4 D0A2 ; # capital T
+ F5 D0A3 ; # capital U
+ F6 D096 ; # capital ZH
+ F7 D092 ; # capital V
+ F8 D0AC ; # capital soft sign
+ F9 D0AB ; # capital Y
+ FA D097 ; # capital Z
+ FB D0A8 ; # capital SH
+ FC D0AD ; # capital E
+ FD D0A9 ; # capital SHCH
+ FE D0A7 ; # capital CH
+ FF D0AA ; # capital hard sign
+}
--- /dev/null
+
+charset_map koi8-r windows-1251 {
+
+ 80 88 ; # euro
+
+ 95 95 ; # bullet
+
+ 9A A0 ; #
+
+ 9E B7 ; # ·
+
+ A3 B8 ; # small yo
+ A4 BA ; # small Ukrainian ye
+
+ A6 B3 ; # small Ukrainian i
+ A7 BF ; # small Ukrainian yi
+
+ AD B4 ; # small Ukrainian soft g
+ AE A2 ; # small Byelorussian short u
+
+ B0 B0 ; # °
+
+ B3 A8 ; # capital YO
+ B4 AA ; # capital Ukrainian YE
+
+ B6 B2 ; # capital Ukrainian I
+ B7 AF ; # capital Ukrainian YI
+
+ B9 B9 ; # numero sign
+
+ BD A5 ; # capital Ukrainian soft G
+ BE A1 ; # capital Byelorussian short U
+
+ BF A9 ; # (C)
+
+ C0 FE ; # small yu
+ C1 E0 ; # small a
+ C2 E1 ; # small b
+ C3 F6 ; # small ts
+ C4 E4 ; # small d
+ C5 E5 ; # small ye
+ C6 F4 ; # small f
+ C7 E3 ; # small g
+ C8 F5 ; # small kh
+ C9 E8 ; # small i
+ CA E9 ; # small j
+ CB EA ; # small k
+ CC EB ; # small l
+ CD EC ; # small m
+ CE ED ; # small n
+ CF EE ; # small o
+
+ D0 EF ; # small p
+ D1 FF ; # small ya
+ D2 F0 ; # small r
+ D3 F1 ; # small s
+ D4 F2 ; # small t
+ D5 F3 ; # small u
+ D6 E6 ; # small zh
+ D7 E2 ; # small v
+ D8 FC ; # small soft sign
+ D9 FB ; # small y
+ DA E7 ; # small z
+ DB F8 ; # small sh
+ DC FD ; # small e
+ DD F9 ; # small shch
+ DE F7 ; # small ch
+ DF FA ; # small hard sign
+
+ E0 DE ; # capital YU
+ E1 C0 ; # capital A
+ E2 C1 ; # capital B
+ E3 D6 ; # capital TS
+ E4 C4 ; # capital D
+ E5 C5 ; # capital YE
+ E6 D4 ; # capital F
+ E7 C3 ; # capital G
+ E8 D5 ; # capital KH
+ E9 C8 ; # capital I
+ EA C9 ; # capital J
+ EB CA ; # capital K
+ EC CB ; # capital L
+ ED CC ; # capital M
+ EE CD ; # capital N
+ EF CE ; # capital O
+
+ F0 CF ; # capital P
+ F1 DF ; # capital YA
+ F2 D0 ; # capital R
+ F3 D1 ; # capital S
+ F4 D2 ; # capital T
+ F5 D3 ; # capital U
+ F6 C6 ; # capital ZH
+ F7 C2 ; # capital V
+ F8 DC ; # capital soft sign
+ F9 DB ; # capital Y
+ FA C7 ; # capital Z
+ FB D8 ; # capital SH
+ FC DD ; # capital E
+ FD D9 ; # capital SHCH
+ FE D7 ; # capital CH
+ FF DA ; # capital hard sign
+}
--- /dev/null
+
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+ image/svg+xml svg svgz;
+ image/webp webp;
+
+ application/font-woff woff;
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.wap.wmlc wmlc;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-image-filter.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-http-xslt-filter.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-mail.conf
\ No newline at end of file
--- /dev/null
+/usr/share/nginx/modules-available/mod-stream.conf
\ No newline at end of file
--- /dev/null
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
--- /dev/null
+
+scgi_param REQUEST_METHOD $request_method;
+scgi_param REQUEST_URI $request_uri;
+scgi_param QUERY_STRING $query_string;
+scgi_param CONTENT_TYPE $content_type;
+
+scgi_param DOCUMENT_URI $document_uri;
+scgi_param DOCUMENT_ROOT $document_root;
+scgi_param SCGI 1;
+scgi_param SERVER_PROTOCOL $server_protocol;
+scgi_param REQUEST_SCHEME $scheme;
+scgi_param HTTPS $https if_not_empty;
+
+scgi_param REMOTE_ADDR $remote_addr;
+scgi_param REMOTE_PORT $remote_port;
+scgi_param SERVER_PORT $server_port;
+scgi_param SERVER_NAME $server_name;
--- /dev/null
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+# Check that the PHP script exists before passing it
+try_files $fastcgi_script_name =404;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: http://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+fastcgi_index index.php;
+include fastcgi.conf;
--- /dev/null
+# Self signed certificates generated by the ssl-cert package
+# Don't use them in a production server!
+
+ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
--- /dev/null
+
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
--- /dev/null
+# This map is not a full windows-1251 <> utf8 map: it does not
+# contain Serbian and Macedonian letters. If you need a full map,
+# use contrib/unicode2nginx/win-utf map instead.
+
+charset_map windows-1251 utf-8 {
+
+ 82 E2809A; # single low-9 quotation mark
+
+ 84 E2809E; # double low-9 quotation mark
+ 85 E280A6; # ellipsis
+ 86 E280A0; # dagger
+ 87 E280A1; # double dagger
+ 88 E282AC; # euro
+ 89 E280B0; # per mille
+
+ 91 E28098; # left single quotation mark
+ 92 E28099; # right single quotation mark
+ 93 E2809C; # left double quotation mark
+ 94 E2809D; # right double quotation mark
+ 95 E280A2; # bullet
+ 96 E28093; # en dash
+ 97 E28094; # em dash
+
+ 99 E284A2; # trade mark sign
+
+ A0 C2A0; #
+ A1 D18E; # capital Byelorussian short U
+ A2 D19E; # small Byelorussian short u
+
+ A4 C2A4; # currency sign
+ A5 D290; # capital Ukrainian soft G
+ A6 C2A6; # borken bar
+ A7 C2A7; # section sign
+ A8 D081; # capital YO
+ A9 C2A9; # (C)
+ AA D084; # capital Ukrainian YE
+ AB C2AB; # left-pointing double angle quotation mark
+ AC C2AC; # not sign
+ AD C2AD; # soft hypen
+ AE C2AE; # (R)
+ AF D087; # capital Ukrainian YI
+
+ B0 C2B0; # °
+ B1 C2B1; # plus-minus sign
+ B2 D086; # capital Ukrainian I
+ B3 D196; # small Ukrainian i
+ B4 D291; # small Ukrainian soft g
+ B5 C2B5; # micro sign
+ B6 C2B6; # pilcrow sign
+ B7 C2B7; # ·
+ B8 D191; # small yo
+ B9 E28496; # numero sign
+ BA D194; # small Ukrainian ye
+ BB C2BB; # right-pointing double angle quotation mark
+
+ BF D197; # small Ukrainian yi
+
+ C0 D090; # capital A
+ C1 D091; # capital B
+ C2 D092; # capital V
+ C3 D093; # capital G
+ C4 D094; # capital D
+ C5 D095; # capital YE
+ C6 D096; # capital ZH
+ C7 D097; # capital Z
+ C8 D098; # capital I
+ C9 D099; # capital J
+ CA D09A; # capital K
+ CB D09B; # capital L
+ CC D09C; # capital M
+ CD D09D; # capital N
+ CE D09E; # capital O
+ CF D09F; # capital P
+
+ D0 D0A0; # capital R
+ D1 D0A1; # capital S
+ D2 D0A2; # capital T
+ D3 D0A3; # capital U
+ D4 D0A4; # capital F
+ D5 D0A5; # capital KH
+ D6 D0A6; # capital TS
+ D7 D0A7; # capital CH
+ D8 D0A8; # capital SH
+ D9 D0A9; # capital SHCH
+ DA D0AA; # capital hard sign
+ DB D0AB; # capital Y
+ DC D0AC; # capital soft sign
+ DD D0AD; # capital E
+ DE D0AE; # capital YU
+ DF D0AF; # capital YA
+
+ E0 D0B0; # small a
+ E1 D0B1; # small b
+ E2 D0B2; # small v
+ E3 D0B3; # small g
+ E4 D0B4; # small d
+ E5 D0B5; # small ye
+ E6 D0B6; # small zh
+ E7 D0B7; # small z
+ E8 D0B8; # small i
+ E9 D0B9; # small j
+ EA D0BA; # small k
+ EB D0BB; # small l
+ EC D0BC; # small m
+ ED D0BD; # small n
+ EE D0BE; # small o
+ EF D0BF; # small p
+
+ F0 D180; # small r
+ F1 D181; # small s
+ F2 D182; # small t
+ F3 D183; # small u
+ F4 D184; # small f
+ F5 D185; # small kh
+ F6 D186; # small ts
+ F7 D187; # small ch
+ F8 D188; # small sh
+ F9 D189; # small shch
+ FA D18A; # small hard sign
+ FB D18B; # small y
+ FC D18C; # small soft sign
+ FD D18D; # small e
+ FE D18E; # small yu
+ FF D18F; # small ya
+}
--- /dev/null
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
+passwd: files systemd
+group: files systemd
+shadow: files
+gshadow: files
+
+hosts: files dns
+networks: files
+
+protocols: db files
+services: db files
+ethers: db files
+rpc: db files
+
+netgroup: nis
--- /dev/null
+../usr/lib/os-release
\ No newline at end of file
--- /dev/null
+# This is the overlayroot config file
+# By default, overlayroot is not enabled.
+# To enable overlayroot:
+# 1) edit the 'overlayroot' definition below
+# 2) reboot
+#
+# Supported values:
+# * overlayroot=tmpfs or overlayroot=tmpfs:PARAMETERS
+# write all changes to a temporary (ram only) backing device
+# A tmpfs mount will be created, and usable filesystem can
+# grow to 1/2 available memory.
+#
+# available parameters:
+# * see COMMON PARAMETERS
+#
+# examples:
+# overlayroot=tmpfs
+# overlayroot=tmpfs:swap=1
+#
+# * overlayroot=DEVICE or overlayroot=device:PARAMETERS
+# mount DEVICE as overlayfs and write changes there
+# device must already have kernel mountalbe filesystem on it.
+#
+# available parameters are:
+# * dev: default: "" [REQUIRED]
+# use given device for backing filesystem.
+# Note, 'overlayroot=/dev/vdb' is translated to
+# 'overlayrooot=device:dev=/dev/vdb'
+# * timeout: default: 0
+# if 'dev' provided does not exist, wait up to many seconds for
+# it to appear.
+# * see COMMON PARAMETERS
+#
+# examples:
+# overlayroot=/dev/xvdb
+# overlayroot=/dev/vdb
+# overlayroot=device:dev=/dev/sdb,timeout=180
+# overlayroot=device:dev=LABEL=my-flashdrive,timeout=180
+#
+# * overlayroot=crypt:PARAMETERS
+# use an encrypted [dmcrypt] device as the backing device. Parameters
+# are comma delimited key=value pairs.
+#
+# available parameters are:
+# * dev: default: "" [REQUIRED]
+# use given device for backing filesystem.
+# * mapname: default: "secure"
+# the name of the map device to be created in /dev/mapper
+# * pass: default: ""
+# if not provided or empty, password is randomly generated
+# the generated password will be stored for recovery in
+# /run/initramfs/overlayroot.passwd
+# * fstype: default: "ext4"
+# mapname=mapper,pass=foo,fstype=ext4,mkfs=1
+# * mkfs: default: 1
+# 0: never create filesystem
+# 1: if pass is given and mount fails, create a new one
+# if no pass given, create new
+# 2: if pass is given and mount fails, fail
+# if no pass given, create new
+# * timeout: default: 0
+# if 'dev' provided does not exist, wait up to many seconds for
+# it to appear.
+# * see COMMON PARAMETERS
+#
+# examples:
+# crypt:mapname=mapper,pass=foo,fstype=ext4,mkfs=1,dev=vdb
+# crypt:mapname=mapper,pass=foo,fstype=ext3,mkfs=1,dev=/dev/disk/by-label/my-jumpdrive,timeout=120
+# crypt:dev=xvdb
+#
+# * overlayroot=disabled
+# if set explicitly to 'disabled', or an empty string, then
+# overlayroot will do nothing.
+#
+#
+# COMMON PARAMETERS:
+# The following parameters are supported for each of overlayroot=
+# values above.
+# * swap: default: 0
+# allowed values: 0, 1
+# indicate if swap partitions should be allowed. By default swap entries
+# are removed from /etc/fstab to disable swap.
+# Swap *files* are always disabled, independent of this setting.
+#
+# * recurse: default: 1
+# allowed values: 0, 1
+# indicate if all mounts should be made read-only, or just /.
+# if set to 1, then all filesystems will be mounted read-only.
+# if set to 0, only root will be set to read-only, and changes
+# to other filesystems will be permenant. For example, if
+# /home is on a separate partition from / and recurse set to 0
+# then changes to /home will go through to the original device.
+#
+# * debug: default: 0
+# allowed values: 0, 1
+# enable debug output if set to 1
+#
+# * dir: default: "/overlay"
+# the directory under the filesystem to use for writes
+# default is to use top level directory. For example, use
+# 'dir=my-tests/run1' and later 'dir=my-tests/run2'
+#
+# * driver: default: "auto"
+# This can be 'overlay' or 'overlayfs'. It will affect which filesystem
+# is used to provide the overlay and the entries in fstab.
+# The default value is almost certainly correct.
+#
+# overlayroot_cfgdisk:
+# * default: 'disabled'
+# If this variable is set, it references a disk/filesystem that
+# may exist, and include a 'overlayroot.conf' file in it's root directory
+# If a such a device exists, then it's overlayroot.conf file can
+# set overlayroot as above.
+#
+# examples:
+# * overlayroot_cfgdisk="LABEL=OROOTCFG"
+# * overlayroot_cfgdisk="/dev/vdb"
+#
+# Note: if you enable this setting, then you must be careful to be sure
+# that no filesystems are created that match this without your
+# knowledge. This is because code on that filesystem is executed
+# as root in the initramfs environment.
+#
+# Notes:
+# * This file is managed by dpkg as a conffile, so changes to it
+# will force dpkg config file prompts on package updates that contain a
+# change. Instead of putting changes here, put them in
+# /etc/overlayroot.local.conf
+# * you can pass the same 'overlayroot=' parameters on the kernel
+# command line, and they will override any values set here.
+# This includes 'overlayroot=' or 'overlayroot=disabled' to disable
+# a value set in this file.
+# * if you specify crypt:dev=/dev/vdb, then DATA WILL BE LOST
+# on /dev/vdb. A safer value would be to use
+# crypt:dev=/dev/vdb,pass=somepassword,mkfs=0
+# However, you would then have to have previously set up the luks device.
+# Do that like the following:
+# $ MAPNAME="secure"; DEV="/dev/vdg"; PASSWORD="foobar"
+# $ sudo wipefs -a $DEV
+# $ printf "%s" "$PASSWORD" |
+# sudo cryptsetup luksFormat "${$DEV}" --key-file -
+# $ printf "%s" "$PASSWORD" |
+# sudo cryptsetup luksOpen "${DEV}" "${MAPNAME}" --key-file -
+# $ sudo mke2fs -t "ext4" "/dev/mapper/${MAPNAME}"
+#
+# Security Note:
+# IT IS INSECURE TO SET THIS PASSWORD HERE IN THIS CLEARTEXT CONFIGURATION
+# FILE OR ON THE KERNEL COMMAND LINE.
+# Randomly generated passwords are more secure, but you won't be able to
+# read your encrypted disk on reboot.
+# Randomly generated passwords are generated by calculating the sha512sum
+# of a concatenation of:
+# - stat -L /dev/* /proc/* /sys/*
+# + some unpredictability of access/modify times of a number of kernel
+# files, directories, and block devices
+# - /proc/sys/kernel/random/boot_id
+# + 16-bytes uuid, consider this a 'salt'
+# - /proc/sys/kernel/random/uuid
+# + 16-bytes uuid, consider this psuedo randomness
+# - /dev/urandom
+# + 4096-bytes of psuedo randomness
+# - $DEV
+# + 4096-bytes from the head of the disk
+# + security-paranoid users can write 4096-bytes of randomness to
+# this device and specify mkfs=1 before rebooting into an
+# crypt+overlayroot setup
+# The result is stored in r-------- /dev/.initramfs/overlayroot.XXXXXXX,
+# which is a tmpfs in memory.
+overlayroot_cfgdisk="disabled"
+overlayroot=""
--- /dev/null
+# ---------------------------------------------------------------------------#
+# /etc/pam.conf #
+# ---------------------------------------------------------------------------#
+#
+# NOTE
+# ----
+#
+# NOTE: Most program use a file under the /etc/pam.d/ directory to setup their
+# PAM service modules. This file is used only if that directory does not exist.
+# ---------------------------------------------------------------------------#
+
+# Format:
+# serv. module ctrl module [path] ...[args..] #
+# name type flag #
+
--- /dev/null
+#
+# The PAM configuration file for the at daemon
+#
+
+@include common-auth
+@include common-account
+session required pam_loginuid.so
+@include common-session-noninteractive
+session required pam_limits.so
+auth required pam_env.so user_readenv=1
--- /dev/null
+#
+# The PAM configuration file for the Shadow `chfn' service
+#
+
+# This allows root to change user infomation without being
+# prompted for a password
+auth sufficient pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
+
--- /dev/null
+# The PAM configuration file for the Shadow 'chpasswd' service
+#
+
+@include common-password
+
--- /dev/null
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth required pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth sufficient pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
--- /dev/null
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system. The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+#
+
+# here are the per-package modules (the "Primary" block)
+account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
+# here's the fallback if no module succeeds
+account requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+account required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
--- /dev/null
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth [success=1 default=ignore] pam_unix.so nullok
+# here's the fallback if no module succeeds
+auth requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+auth optional pam_cap.so
+# end of pam-auth-update config
--- /dev/null
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords. The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords. Without this option,
+# the default is Unix crypt. Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password [success=1 default=ignore] pam_unix.so obscure sha512
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
--- /dev/null
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session [default=1] pam_permit.so
+# here's the fallback if no module succeeds
+session requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session required pam_permit.so
+# The pam_umask module will set the umask according to the system default in
+# /etc/login.defs and user settings, solving the problem of different
+# umask settings with different shells, display managers, remote sessions etc.
+# See "man pam_umask".
+session optional pam_umask.so
+# and here are more per-package modules (the "Additional" block)
+session required pam_unix.so
+session optional pam_systemd.so
+# end of pam-auth-update config
--- /dev/null
+#
+# /etc/pam.d/common-session-noninteractive - session-related modules
+# common to all non-interactive services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of all non-interactive sessions.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+session [default=1] pam_permit.so
+# here's the fallback if no module succeeds
+session requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+session required pam_permit.so
+# The pam_umask module will set the umask according to the system default in
+# /etc/login.defs and user settings, solving the problem of different
+# umask settings with different shells, display managers, remote sessions etc.
+# See "man pam_umask".
+session optional pam_umask.so
+# and here are more per-package modules (the "Additional" block)
+session required pam_unix.so
+# end of pam-auth-update config
--- /dev/null
+# The PAM configuration file for the cron daemon
+
+@include common-auth
+
+# Sets the loginuid process attribute
+session required pam_loginuid.so
+
+# Read environment variables from pam_env's default files, /etc/environment
+# and /etc/security/pam_env.conf.
+session required pam_env.so
+
+# In addition, read system locale information
+session required pam_env.so envfile=/etc/default/locale
+
+@include common-account
+@include common-session-noninteractive
+
+# Sets up user limits, please define limits for cron tasks
+# through /etc/security/limits.conf
+session required pam_limits.so
+
--- /dev/null
+#
+# The PAM configuration file for the Shadow `login' service
+#
+
+# Enforce a minimal delay in case of failure (in microseconds).
+# (Replaces the `FAIL_DELAY' setting from login.defs)
+# Note that other modules may require another minimal delay. (for example,
+# to disable any delay, you should add the nodelay option to pam_unix)
+auth optional pam_faildelay.so delay=3000000
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth required pam_issue.so issue=/etc/issue
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth requisite pam_nologin.so
+
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without this it is possible
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# Sets the loginuid process attribute
+session required pam_loginuid.so
+
+# Prints the message of the day upon successful login.
+# (Replaces the `MOTD_FILE' option in login.defs)
+# This includes a dynamically generated part from /run/motd.dynamic
+# and a static (admin-editable) part from /etc/motd.
+session optional pam_motd.so motd=/run/motd.dynamic
+session optional pam_motd.so noupdate
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+# pam_selinux.so changes the SELinux context of the used TTY and configures
+# SELinux in order to transition to the user context with the next execve()
+# call.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+#
+# parsing /etc/environment needs "readenv=1"
+session required pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session required pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Standard Un*x authentication.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please edit /etc/security/group.conf to fit your needs
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+auth optional pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restraint on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account requisite pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account required pam_access.so
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session required pam_limits.so
+
+# Prints the last login info upon successful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session optional pam_lastlog.so
+
+# Prints the status of the user's mailbox upon successful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
+#
+# This also defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+session optional pam_mail.so standard
+
+# Create a new session keyring.
+session optional pam_keyinit.so force revoke
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+@include common-password
--- /dev/null
+# The PAM configuration file for the Shadow 'newusers' service
+#
+
+@include common-password
+
--- /dev/null
+#
+# /etc/pam.d/other - specify the PAM fallback behaviour
+#
+# Note that this file is used for any unspecified service; for example
+#if /etc/pam.d/cron specifies no session modules but cron calls
+#pam_open_session, the session module out of /etc/pam.d/other is
+#used. If you really want nothing to happen then use pam_permit.so or
+#pam_deny.so as appropriate.
+
+# We fall back to the system default in /etc/pam.d/common-*
+#
+
+@include common-auth
+@include common-account
+@include common-password
+@include common-session
--- /dev/null
+#
+# The PAM configuration file for the Shadow `passwd' service
+#
+
+@include common-password
+
--- /dev/null
+#%PAM-1.0
+
+@include common-auth
+@include common-account
+@include common-password
+session required pam_env.so readenv=1 user_readenv=0
+session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
+@include common-session-noninteractive
--- /dev/null
+#%PAM-1.0
+auth sufficient pam_rootok.so
+session optional pam_keyinit.so revoke
+session required pam_limits.so
+session required pam_unix.so
--- /dev/null
+#%PAM-1.0
+auth include runuser
+session optional pam_keyinit.so force revoke
+-session optional pam_systemd.so
+session include runuser
--- /dev/null
+# PAM configuration for the Secure Shell service
+
+# Standard Un*x authentication.
+@include common-auth
+
+# Disallow non-root logins when /etc/nologin exists.
+account required pam_nologin.so
+
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account required pam_access.so
+
+# Standard Un*x authorization.
+@include common-account
+
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without this it is possible that a
+# module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# Set the loginuid process attribute.
+session required pam_loginuid.so
+
+# Create a new session keyring.
+session optional pam_keyinit.so force revoke
+
+# Standard Un*x session setup and teardown.
+@include common-session
+
+# Print the message of the day upon successful login.
+# This includes a dynamically generated part from /run/motd.dynamic
+# and a static (admin-editable) part from /etc/motd.
+session optional pam_motd.so motd=/run/motd.dynamic
+session optional pam_motd.so noupdate
+
+# Print the status of the user's mailbox upon successful login.
+session optional pam_mail.so standard noenv # [1]
+
+# Set up user limits from /etc/security/limits.conf.
+session required pam_limits.so
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+session required pam_env.so # [1]
+# In Debian 4.0 (etch), locale-related environment variables were moved to
+# /etc/default/locale, so read that as well.
+session required pam_env.so user_readenv=1 envfile=/etc/default/locale
+
+# SELinux needs to intervene at login time to ensure that the process starts
+# in the proper default security context. Only sessions which are intended
+# to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+
+# Standard Un*x password updating.
+@include common-password
--- /dev/null
+#
+# The PAM configuration file for the Shadow `su' service
+#
+
+# This allows root to su without passwords (normal operation)
+auth sufficient pam_rootok.so
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo"
+# to the end of this line if you want to use a group other
+# than the default "root" (but this may have side effect of
+# denying "root" user, unless she's a member of "foo" or explicitly
+# permitted earlier by e.g. "sufficient pam_rootok.so").
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth required pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth required pam_wheel.so deny group=nosu
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account requisite pam_time.so
+
+# This module parses environment configuration file(s)
+# and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+#
+# parsing /etc/environment needs "readenv=1"
+session required pam_env.so readenv=1
+# locale variables are also kept into /etc/default/locale in etch
+# reading this file *in addition to /etc/environment* does not hurt
+session required pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Defines the MAIL environment variable
+# However, userdel also needs MAIL_DIR and MAIL_FILE variables
+# in /etc/login.defs to make sure that removing a user
+# also removes the user's mail spool file.
+# See comments in /etc/login.defs
+#
+# "nopen" stands to avoid reporting new mail when su'ing to another user
+session optional pam_mail.so nopen
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session required pam_limits.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session
+
+
--- /dev/null
+#%PAM-1.0
+auth include su
+account include su
+password include su
+session optional pam_keyinit.so force revoke
+session include su
--- /dev/null
+#%PAM-1.0
+
+session required pam_env.so readenv=1 user_readenv=0
+session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0
+@include common-auth
+@include common-account
+@include common-session-noninteractive
--- /dev/null
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+@include common-account
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session required pam_limits.so
+@include common-session-noninteractive
+session optional pam_systemd.so
--- /dev/null
+# PAM configuration for vmtoolsd
+
+@include common-auth
+
+account required pam_shells.so
+@include common-account
+
--- /dev/null
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
+systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
+systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
+messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
+syslog:x:104:110::/home/syslog:/usr/sbin/nologin
+_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
+tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
+uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
+tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
+landscape:x:109:115::/var/lib/landscape:/usr/sbin/nologin
+pollinate:x:110:1::/var/cache/pollinate:/bin/false
+usbmux:x:111:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
+sshd:x:112:65534::/run/sshd:/usr/sbin/nologin
+systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
+lxd:x:998:100::/var/snap/lxd/common/lxd:/bin/false
+postgres:x:113:118:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
+shane:x:1001:1001::/home/shane:/bin/bash
+jon:x:1002:1002::/home/jon:/bin/bash
+gg:x:1003:1003::/home/gg:/bin/bash
--- /dev/null
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
+systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
+systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
+messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
+syslog:x:104:110::/home/syslog:/usr/sbin/nologin
+_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
+tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
+uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
+tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
+landscape:x:109:115::/var/lib/landscape:/usr/sbin/nologin
+pollinate:x:110:1::/var/cache/pollinate:/bin/false
+usbmux:x:111:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
+sshd:x:112:65534::/run/sshd:/usr/sbin/nologin
+systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
+gamesguru:x:1000:1000:gamesguru:/home/gamesguru:/bin/bash
+lxd:x:998:100::/var/snap/lxd/common/lxd:/bin/false
+postgres:x:113:118:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
+shane:x:1001:1001::/home/shane:/bin/bash
+jon:x:1002:1002::/home/jon:/bin/bash
+gg:x:1003:1003::/home/gg:/bin/bash
--- /dev/null
+# Prior to perl 5.8.8-7, libnet was a seperate package with a debconf
+# configuration managed config in /etc/libnet.cfg which is used if
+# present. Remove the following line, or the old file before making
+# changes below.
+return do '/etc/libnet.cfg' if -f '/etc/libnet.cfg';
+
+{
+ nntp_hosts => [ qw {} ],
+ snpp_hosts => [ qw {} ],
+ pop3_hosts => [ qw {} ],
+ smtp_hosts => [ qw {} ],
+ ph_hosts => [ qw {} ],
+ daytime_hosts => [ qw {} ],
+ time_hosts => [ qw {} ],
+ inet_domain => undef,
+ ftp_firewall => qq {},
+ ftp_firewall_type => qq {},
+ ftp_ext_passive => 0,
+ ftp_int_passive => 0,
+ local_netmask => qq {},
+}
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFsDA8IBCACgSd0NAJFEUjqcyv38If9f/FCQi2C2MQbzNt05DblHAg6eBk/V
+eYM/GI+Cr9sPwxs8ZWtN0IRoQp/d7MRxe43zFT4IH2N4RVaBTgWCoRerPn09k4K/
+2fk6GWIY8lgxlKV/LinM5XkFDXv6Zf/o8Nv/i9bVO9Dv1bVh1ThgA3xy8WIzUQge
+cVviEjEYG10TX+NENGgdA+aD/fMk4Wzwz6L48D+ryTiXGFnwoizifr9DIn4yIp6i
+b4vTQY96VoXHSgU6JRvYjzPPME+NmmcLgW0hGJlVvi8RL+7wJPVeS0ioqPzMtonS
+evrwVv5E5k87i+LS/vdVu3SIUzR9JLIXtvNNABEBAAG0WkxWRlMgYSBTZXJpZXMg
+b2YgTEYgUHJvamVjdHMsIExMQyAoTFZGUyBhIFNlcmllcyBvZiBMRiBQcm9qZWN0
+cywgTExDKSA8bWV0YWRhdGFAZnd1cGQub3JnPokBOAQTAQIAIgUCWwMDwgIbAwYL
+CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQCm3O9rRvPb/wsQf7BGEkgT08Bx1v
+657l//B/yniB7VGH+4plrX2OkWVzDxn+z6APcgqDMnzwatddxM7J6mm4yxA0nFKs
+D5BueTItYv5zQCzX8e4TM1oaUWBr8nACK7/WSxNIC+GRUKl68v+dIbp1bhdmAYzj
+wTn/uDW47Z7gtQYDJJit2MsKfu5Lwar7w+divH+6KWdaMctm2injYYIlpKCjffl8
+RZ4PgX7lN5C0s9kWDkH9iI2i5aqJaI8gZHK6EKwitmsHMJBczekymlXh4MheYCKm
+IWJLh8tvK6LaVoddwfle4orhq4b7doA57H8BgJDDz+MxyjZn+GAireCMaJjtCSWv
+q5bnsdnMH7kBDQRbAwPCAQgAq6hTejZZcIXnfA4Z/1c03USKnK8SeG/yqlggvpyZ
+9C3hAvJITtQ7iZmz0VKOjwQtds52qnZYbOn/Fr+4Ef+cbFZRNxamZ4kf0XSAVXSv
+EODMFj+BpdoDwAWhJcvyijoMV6N+gbCG+UedMNnpe25tlCRjouBSEF5KWJabejdh
+iZ8ikN+HNJa5uQ68F76aDP1BOE0XiLrOZC0MZ7mvbyOi9LPXFyV2EuVj+gt7r+2x
+OlSMmor7RTEAJcBK9tiew5LhNHeaqbe3xnOcpWrAaoVdIed7h5YbbetTFMWHCPGJ
+raGGRSv3OrZDfQXZvOi+k6I6wWEQrsUCIiVKPefU+5xSpwARAQABiQI+BBgBAgAJ
+BQJbAwPCAhsuASkJEAptzva0bz2/wF0gBBkBAgAGBQJbAwPCAAoJEL4e3StH4Ita
+hvAIAIlZlrAJrbj7aQ3VkFcTJJC+68BaGNqte2S3Zv7ONLjT1kc0xSflf4c4MHef
+q7WmLLsjUHocD0a8SUsR1V/Fp36qG1Yr7mfhf7dY3TwwUw9VXQoEdpEWZES/IJ4d
+oPXSowk8eSbb72g4dvt9p+wlDKlsT7YHjmfn9Zct5FqcQ2kV9+900DtWlvPK8hRR
+N0FibLR9GMorSFfHotFQ8AjdiXQUo+6GTb2HDJ1+aI4fpYo8NnqUs0wvCVtxrqn9
+JBzSgKkFAjHOiz/C6a0JOBtmH6tL41U7ZtUI2idQWsHiufyCTVOHRbyHoOxxFEpX
+Xu3l2vckZaENNyNOGCqrIo8npFQczAf/REhK0Z8UumttRm2CQkJnkqRgLnIoJq3i
+l7ljKjFi06XLJxOjLLpIFBH/yAJ5YbsYZt+XuT3WgORfHPDU3xepWGfQj4QFcsny
+GWStnu6Ej/PogJyyvZ1hFpKu8g2cIp04vEebWeYHAMorvwty/p+MJnH6NeSQq5Pe
+n22AuKKENtgYwulgJH0VQ0lJ5k1CcFuEuZqnXk5CUIC4tStdUS6hgn+vEkaJ5dX8
+nj/X9etEj2nnQGIL+7Dh2Z+UGaZqxSa1tjF5+7uC85K0NTq6Cpc+Bnd7Gqb+afnn
+/iFHG21+hpjQmdSvpbGTabrM9gxd0iuDFXSFSttMtSC+gR5VcNQpUA==
+=7Jrd
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQENBFWt/98BCADZ4+lUHSp4OMlzVf4HlJNLJ7Ks5QxGwL/hy2wChoNLuA/j4GNM
+9mBZutKynYmphD0Mi4XjXn7JNXyuJa8Qutz98/Iyhsjq4LeiL9ayaKMXT+3pKlTm
+Gd/Fzo3QEOqTJ5s2RamrfwFIVuvwoj+rNmzj5fUCgoDOZeqVl6gxb7ZPzL8sWTOU
+iLeGMSzZBGE0ioJ82PZzsHelrrObDP1mMre1jQ6zxLlnYUlLvtJpydAfeBxU+6yL
+fgPeoFeuCE6JIszyWuyAgpBpYSGgj1bpt9Sxc2+MoZ0BjDzoijZqt4O48gYuEaLf
+iqYzQybe1JF0McO4C0dmjdKQz2qm0XrQyNhVABEBAAG0LkxpbnV4IFZlbmRvciBG
+aXJtd2FyZSBTZXJ2aWNlIDxzaWduQGZ3dXBkLm9yZz6JATcEEwEIACEFAlWt/98C
+GwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQSKbYDkU4usJjjQgAzmTcA8qH
+s+1kieEZvsUzH4wun2Hlz7R5FRc/7BijgIQAA9TTrJnwbJmEBzEvHv7FKQLiBN3a
+0lQIZgahmcUt1qm6VW94VAio+SDCdqTx73wUsgM3t9sAwKxkEdJQQoO8PqYHV3uK
+rq0t2YjXglIBHRDiJlOTAR3if37OCDKCcHOOODqYrsN7wNleez+ulkDyP7C7ZTbm
+/A7Xec73t2OQUnejU0uvRvc7VSnQDRFBHA9TPiBhbruMw+ZX+z/wfPd7x2RCqoOE
+vHh+QofE41Ya2QOkT96fAKfcJ+gvIbmwp3w7h+Hus1h3xDrykCG9cCxuH0HxooVI
+XL3IlFx/6OUpBA==
+=6Dz2
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEqjCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADA6MRAwDgYDVQQDEwdMVkZT
+IENBMSYwJAYDVQQKEx1MaW51eCBWZW5kb3IgRmlybXdhcmUgUHJvamVjdDAeFw0x
+NzA4MDEwMDAwMDBaFw00NzA4MDEwMDAwMDBaMDoxEDAOBgNVBAMTB0xWRlMgQ0Ex
+JjAkBgNVBAoTHUxpbnV4IFZlbmRvciBGaXJtd2FyZSBQcm9qZWN0MIIBojANBgkq
+hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtfUXH3NwDJzWyhkPyPcFI899+tPZ/SMp
+OkDtRr9dJjgQkSO9jKCue4DVq8Bd9RcL76F7XnEKG0LiuKnr+D7+x86TtDAPCbkP
+WAS7fAaetLtiNFU96cokhjeALB3hyamkMQnCw+5Ov+sHJfGI9Bor9UaIIbIB4r8v
+oU1WpE7N6Ix2qsS5b88+Z6EIV6CX8RbciOC/TfyYVnpF1cd4l7LH7TtL+ERpsPwv
+rk0JgVoRzG3BT5yYfuxHIe4H4Axh95tW9i6urzyQkXRz14twwwcEDvl5ALrBLNJJ
+8EDz9oR8HBPbxbd4i2dBfziY7TW4o/VgZKTGWA39JfwWNc5RxaYzBhBmg5nRcVFs
+E7PlovhyFH/0RNm/3E6vZQCeM+FNps0ovVq8Yqg8whL/yZ0iNlavCGTWhaxisVHG
+7mQopV4jZlafxvrcBFzK8RPe8Gi04FFn4ugZtJnOuMel+AiADhgtWZCENiyWV+V7
+WF1SFF4HaHuS8qqna/p9lrpVq6TBr0WRAgMBAAGjgbowgbcwEgYDVR0TAQH/BAgw
+BgEB/wIBATAwBgNVHREEKTAnhhVodHRwOi8vd3d3LmZ3dXBkLm9yZy+BDnNpZ25A
+Znd1cGQub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA8GA1UdDwEB/wQFAwMHBgAw
+HQYDVR0OBBYEFLGN6uQjp34JjrXuMeBq3Z40N2WsMCoGA1UdHwQjMCEwH6AdoBuG
+GWh0dHA6Ly93d3cuZnd1cGQub3JnL3BraS8wDQYJKoZIhvcNAQELBQADggGBABNK
+mC4AcqsBCVRGpwJeUymh5G6uUpzkoEDw+y9TEoWzfldV0epU7ruqI2p8B8YshDK6
++D4CFmCnW8cc+Jb6jrJ2ZcjUqWE/c+uwZhwsUHNdk6ummPPKfMhRSbduk1ngdQe5
+meIgWGkoCfJ48GUAVVD6MlrMTNFsot1GN9x3ALMqhSU49+X43yikcc9WY2F8JOY8
+xYpGpgUQV1hBSPOGK4XhgztpFLqw0GxJiLrOfKjtJwSTkxGCpPi2dLS0huk/mreT
+NAQ5FnMLkoqfR1RGga3tiP5w13gqDBV7a6MYMdmMfAAZhfRtlDu6SiAmjEmlSkOK
+PNhdoCNVDQLQpGaKZUI5hjMfR90U8Cm/6e0ondwjV4J6f4CS4wkQ5zzITGWptagE
+01tpgTXf7TLaFGtzR8cl8XgV+UO3T4DQjEQkXUaS7n72ZCGv/s4LraLunhBrVHSq
+glEXpU/V/JNptgArIiRFZOrto52cUnnlNEfgqIzAHv/LMFRIkMo8ZMGTgScFrA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFUr0UoBCACsdOLuTJ81dICrSvUhyznBsL4WgEa2RUbEjJuaXwrEyPMikHE1
+Clda2YI7VbpCgIVq8Zy63CGJ4Xqs2T6pyetaXnbX8J0C+7wg2IfPv7pUyCsP7/JR
+HRB2GNelCWrsGArN1cOPI0ESH4yHWKF9KCGlpsLfSHmvF7D8vcKlKQUlO4T6lxOP
+SNjMSXkMsxfDDhl1mzqrwxfU4V6nnPcuMwU7tvg+39PioP4Ny1tKP4SSpBfh7qwz
+XXRd505dqNLOubxmOPZ5rznVkKmW2cwahO6fr5zVA8/2TDZQ79mdbfvSJVlW06qs
+C5PYmLnBjyzE5uQ4oxSIuUEiMfqrn3Qs6PhhABEBAAG0Ikh1Z2hza2kgTGltaXRl
+ZCA8aW5mb0BodWdoc2tpLmNvbT6JATgEEwECACIFAlUr0UoCGwMGCwkIBwMCBhUI
+AgkKCwQWAgMBAh4BAheAAAoJEK2KUo/sRIge/fUH/Rblgzh5GeB0Zp2U9W+r26iJ
+t1AD5a/fKxQahz/pwMkevQCCMzI1vpX12P3HtACZOD3Zjh9RXY6Z3033YZjrRApe
+FkOVfcyUF1nP/z2Ox3jE3+B8v1u0UzH/MqtF/1095mqvR7gllE288KDqu7bvd5l3
+z4IETk5qqoeCe9LYc8aob973dbocyS/gou/FLCKxoXVEe8DPRwv8qmXlXOujxdxd
+FcslpYqtjj4fgUswQ/cY/a1UcAX5zCnVqFbU7oJH2uTNewKuaZ2wgPbnzvwx8JYl
+VfFdPN7GZ0NMrZDLeJ0SLXer/9+qAKNH4UpQS9axXQL+VKOzsZCXuv31VDCj5Jy5
+AQ0EVSvRSgEIAMgVrZP3LmA9bx7B8l+agVh5DNXrMixX9jhZ0Yfn8+UIMMNTZziD
+ZV3nXxswKPrcsqQ+KP9iUwq3V2oio46bvHiMMoZSGCaTv4yiKOliFOMYr9NAOSTZ
+8mOI24dNXI9XqQ7ZA8m4uKmgHZQUIUUlx693uRI2Wmk/Y5XEBoL2+XdA5KalO+36
+27YXpdyU3GiMCOtSBLWNfBxXw6oKdNUp+8o/fYrmQnBxuGgmVlcZEmjhrIGXaCH1
+iDeWIFqaM/S+DXMF3bgqvqRZq1U2RwT2oxapAuaG/0I5JaKKpb3HqMCXfOUxpFPk
+zgUYpHatUcePG/94K8N8CRjnJ+l83H5PewcAEQEAAYkBHwQYAQIACQUCVSvRSgIb
+DAAKCRCtilKP7ESIHrrcCACc6UTZzVGbVq9pXSz2Bw2xQpAEAhnnedPgfXwEJMM0
+24bMUNsyJcQZAW1d5KfJYNAihOfse3oDQ/hJAycTK3GAHsPfljEQjWGn27eC8Fxu
+mHpfNpxbTirChfepCNctZG818Hp2v+K4X/PjyQMQ6J5H9oinnlasVQ6wzdZifnWm
+7E5OL0NV/ni9xqq4fC5y5qxNBeYVmHUF4H0E3VOuCbESAOnUDpCo998Dc68eZEmV
+f3IMukvvnxM9VOZQSnp7J/kkhPB5fim2z2qrlJK9N+tBjAMugxtnAV2fIaZYTiba
+SnN2hheFd9Y0nMmWbwRqFtwMG1m/tS3JlD52Rpwzk59B
+=WFoi
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFsDBO0BCACjkrMuRgaWxP88Ubc1Xar5mxLMNXAJUzeYQVh/LnkEwytO3Ekh
+GDH8Ch78269MiezkJmUGUUGyjKhqZECtZaKGp4LSl6gTPFDFHS/xKaq8L+8G/v4K
+LEtZE03PKSnY2XYnf+3Kc6tmIZBB67yRg/79p3OpFd95wqyu+2c1cVkjCA1Q8XpO
+bgCDfNacU3Yag6GXYlKpLmlVkYaAptjV0FrbLLBjaHvFeGAXgRUlv0PRyDjKD2XT
+PEBtbg2+qTxPJIOlFgGNsJjkFL7R3mWwn00yF4jt9JMYGkpNAuFg1c/TZ1v64wlP
+N6i2DsDwIMQ9S/ahJWdX/zP4JMTdpYNP91o9ABEBAAG0WkxWRlMgYSBTZXJpZXMg
+b2YgTEYgUHJvamVjdHMsIExMQyAoTFZGUyBhIFNlcmllcyBvZiBMRiBQcm9qZWN0
+cywgTExDKSA8ZmlybXdhcmVAZnd1cGQub3JnPokBOAQTAQIAIgUCWwME7QIbAwYL
+CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQxjYXh6CoSeE3pQf+MlPyQzkVhdRU
+fqjzu3Ba9dZ+hmsol2ooFmytd058AIO1eKie2LxnkQw4P5prFOnVWbbFi79vUEzQ
+KK5xpW46nEglU14xYgv+4cMlVNWBYIVsXIIKKs2z4gM8oCA20JpVunnVbaViWTna
+YwiUbTniIvLQH4RLo66Qzd0b3Z8ycK0bVbCl4RazSbWAGHMAnqm0xSQqsWRQwaHk
+vxXEbjb0hfO4P/PZui5vFGr82tZUdGVKift1JlOzDMjVcmFIuYITHQyGaZ5Xsh2h
+Pu9gI9Vp7OQoA7dJ+Qc5LBk3rVxN5Zx3jUSWOd7Dtvrm+ArBy/y0MCVyv9fcSvAH
+vEv9T4zhE7kBDQRbAwTtAQgAwjiRDT3qinYz7b1s9SM2Y7aZG9JhWi/Zp2qGzGVX
+QpVV2EK3PnAfZpyt99I63N7d/QDPqLFmTyjlv5cMb3QxVyXGBCGGz3OiWYY0NaDd
+s1sp3J+TT6bHNG/Lo+vgcTRvzHvq7HbbeNssIMLr6MDAj0fZSh5UlAfQdC3qz90A
+qIPGcx5AwgCwXLDqzCusz17Erc3IK/TG4r0AbRFtGx0hl2w5EOn7funw8BhnJ59w
+OMsq7sXDmFff4hQjgQoDezMkA1EgzFokRY7pToLG3X1KdDXKR0edQ3+1mlJTf9XN
+Zaz+ortKsugmTmzsF4DlRhq0Ok0VWuq0rzWndpFyFvIewwARAQABiQI+BBgBAgAJ
+BQJbAwTtAhsuASkJEMY2F4egqEnhwF0gBBkBAgAGBQJbAwTtAAoJENTAcNuxNA6+
+1T4H/jsWVrANLKElBwZJpPOVy4Haw7UG+zk7lfwck0H8J9ShDtwhNTg03BiOONP/
+JuR8XvOxjqdUexEmAJdQCtxJgLTlI40xSlcmSEIneCamOhA/I/T+nkXFAfV65FKF
++OR3Ee122sUMXvLCcNvcbM23GIWiN/YmYFlK1PGNe3oOn4MWJ/28dbCLuEOPP4Tu
+VJM/RpZ65qCnojc1meMcPJxI5iNWZtG9SmmGWDI3f7mDK+dtD06VLmPd3uc8P23t
+YN0o/Jkgz2oV5GKD9t2+Ne2C5H5xZ0aE7dDVM8ErEPd3wTS+bC8GhPxHjj4A6HyA
+MNZAEZSAJ4TVpzbfyOMcpSRK4yVLTAgAmTVV79EH/14s60Ya0LCtpifpvpZimbbo
+xBGFaymvX7doxZyITC66JNTzT4Eixp8FNRloKWkEo6gPwA6qshlhc0HpmiqNmC+k
+QNYIVeanrflV2bVzYSdsIzrZLUTd6P835YYxD1nsQGwnCqeeD0gJlV+alo0LYTRt
+lFwNYxHU7BM09wu7sUEvYW5wt4TXPUrZ9jV+BM9UQLatW+S5vO41wqfTmPKGEqct
+doW2ZYUgCc4aFGTOj3fA5hoK6EjAQpVdkcA7fiRYLn5AIvM4FGxIqI5khjsZUEPa
+9Gpui69Y4a+x4QEIDj/WAHOOMSIg/n96e+uRdGXN4c8nr7JSASxlow==
+=RFA4
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2
+
+mQENBFWt/98BCADZ4+lUHSp4OMlzVf4HlJNLJ7Ks5QxGwL/hy2wChoNLuA/j4GNM
+9mBZutKynYmphD0Mi4XjXn7JNXyuJa8Qutz98/Iyhsjq4LeiL9ayaKMXT+3pKlTm
+Gd/Fzo3QEOqTJ5s2RamrfwFIVuvwoj+rNmzj5fUCgoDOZeqVl6gxb7ZPzL8sWTOU
+iLeGMSzZBGE0ioJ82PZzsHelrrObDP1mMre1jQ6zxLlnYUlLvtJpydAfeBxU+6yL
+fgPeoFeuCE6JIszyWuyAgpBpYSGgj1bpt9Sxc2+MoZ0BjDzoijZqt4O48gYuEaLf
+iqYzQybe1JF0McO4C0dmjdKQz2qm0XrQyNhVABEBAAG0LkxpbnV4IFZlbmRvciBG
+aXJtd2FyZSBTZXJ2aWNlIDxzaWduQGZ3dXBkLm9yZz6JATcEEwEIACEFAlWt/98C
+GwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQSKbYDkU4usJjjQgAzmTcA8qH
+s+1kieEZvsUzH4wun2Hlz7R5FRc/7BijgIQAA9TTrJnwbJmEBzEvHv7FKQLiBN3a
+0lQIZgahmcUt1qm6VW94VAio+SDCdqTx73wUsgM3t9sAwKxkEdJQQoO8PqYHV3uK
+rq0t2YjXglIBHRDiJlOTAR3if37OCDKCcHOOODqYrsN7wNleez+ulkDyP7C7ZTbm
+/A7Xec73t2OQUnejU0uvRvc7VSnQDRFBHA9TPiBhbruMw+ZX+z/wfPd7x2RCqoOE
+vHh+QofE41Ya2QOkT96fAKfcJ+gvIbmwp3w7h+Hus1h3xDrykCG9cCxuH0HxooVI
+XL3IlFx/6OUpBA==
+=6Dz2
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEqjCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADA6MRAwDgYDVQQDEwdMVkZT
+IENBMSYwJAYDVQQKEx1MaW51eCBWZW5kb3IgRmlybXdhcmUgUHJvamVjdDAeFw0x
+NzA4MDEwMDAwMDBaFw00NzA4MDEwMDAwMDBaMDoxEDAOBgNVBAMTB0xWRlMgQ0Ex
+JjAkBgNVBAoTHUxpbnV4IFZlbmRvciBGaXJtd2FyZSBQcm9qZWN0MIIBojANBgkq
+hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtfUXH3NwDJzWyhkPyPcFI899+tPZ/SMp
+OkDtRr9dJjgQkSO9jKCue4DVq8Bd9RcL76F7XnEKG0LiuKnr+D7+x86TtDAPCbkP
+WAS7fAaetLtiNFU96cokhjeALB3hyamkMQnCw+5Ov+sHJfGI9Bor9UaIIbIB4r8v
+oU1WpE7N6Ix2qsS5b88+Z6EIV6CX8RbciOC/TfyYVnpF1cd4l7LH7TtL+ERpsPwv
+rk0JgVoRzG3BT5yYfuxHIe4H4Axh95tW9i6urzyQkXRz14twwwcEDvl5ALrBLNJJ
+8EDz9oR8HBPbxbd4i2dBfziY7TW4o/VgZKTGWA39JfwWNc5RxaYzBhBmg5nRcVFs
+E7PlovhyFH/0RNm/3E6vZQCeM+FNps0ovVq8Yqg8whL/yZ0iNlavCGTWhaxisVHG
+7mQopV4jZlafxvrcBFzK8RPe8Gi04FFn4ugZtJnOuMel+AiADhgtWZCENiyWV+V7
+WF1SFF4HaHuS8qqna/p9lrpVq6TBr0WRAgMBAAGjgbowgbcwEgYDVR0TAQH/BAgw
+BgEB/wIBATAwBgNVHREEKTAnhhVodHRwOi8vd3d3LmZ3dXBkLm9yZy+BDnNpZ25A
+Znd1cGQub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA8GA1UdDwEB/wQFAwMHBgAw
+HQYDVR0OBBYEFLGN6uQjp34JjrXuMeBq3Z40N2WsMCoGA1UdHwQjMCEwH6AdoBuG
+GWh0dHA6Ly93d3cuZnd1cGQub3JnL3BraS8wDQYJKoZIhvcNAQELBQADggGBABNK
+mC4AcqsBCVRGpwJeUymh5G6uUpzkoEDw+y9TEoWzfldV0epU7ruqI2p8B8YshDK6
++D4CFmCnW8cc+Jb6jrJ2ZcjUqWE/c+uwZhwsUHNdk6ummPPKfMhRSbduk1ngdQe5
+meIgWGkoCfJ48GUAVVD6MlrMTNFsot1GN9x3ALMqhSU49+X43yikcc9WY2F8JOY8
+xYpGpgUQV1hBSPOGK4XhgztpFLqw0GxJiLrOfKjtJwSTkxGCpPi2dLS0huk/mreT
+NAQ5FnMLkoqfR1RGga3tiP5w13gqDBV7a6MYMdmMfAAZhfRtlDu6SiAmjEmlSkOK
+PNhdoCNVDQLQpGaKZUI5hjMfR90U8Cm/6e0ondwjV4J6f4CS4wkQ5zzITGWptagE
+01tpgTXf7TLaFGtzR8cl8XgV+UO3T4DQjEQkXUaS7n72ZCGv/s4LraLunhBrVHSq
+glEXpU/V/JNptgArIiRFZOrto52cUnnlNEfgqIzAHv/LMFRIkMo8ZMGTgScFrA==
+-----END CERTIFICATE-----
--- /dev/null
+#!/bin/sh
+
+# Tell grub that resume was successful
+
+case "$1" in
+ thaw)
+ [ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv
+ mkdir -p /boot/grub
+ grub-editenv /boot/grub/grubenv unset recordfail
+ ;;
+esac
--- /dev/null
+#!/bin/sh
+
+# Action script ensure that unattended-upgrades is finished
+# before a hibernate
+#
+# Copyright: Copyright (c) 2009 Michael Vogt
+# License: GPL-2
+#
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+SHUTDOWN_HELPER=/usr/share/unattended-upgrades/unattended-upgrade-shutdown
+
+if [ -x /usr/bin/python3 ]; then
+ PYTHON=python3
+else
+ PYTHON=python
+fi
+
+if [ ! -x /usr/share/unattended-upgrades/unattended-upgrade-shutdown ]; then
+ exit 0
+fi
+
+case "${1}" in
+ hibernate)
+ if [ -e $SHUTDOWN_HELPER ]; then
+ $PYTHON $SHUTDOWN_HELPER --stop-only
+ fi
+ ;;
+ resume|thaw)
+ # nothing
+ ;;
+esac
+
--- /dev/null
+# Configuration file for the PolicyKit Local Authority.
+#
+# DO NOT EDIT THIS FILE, it will be overwritten on update.
+#
+# See the pklocalauthority(8) man page for more information
+# about configuring the Local Authority.
+#
+
+[Configuration]
+AdminIdentities=unix-user:0
--- /dev/null
+[Configuration]
+AdminIdentities=unix-group:sudo;unix-group:admin
--- /dev/null
+subiquity/20.07.1+git2.5de9df3e_1966 # written by curtin
+curtin/20.1-226-g34894cc70 # written by curtin
--- /dev/null
+-----BEGIN CERTIFICATE-----\r
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\r
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\r
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\r
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\r
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\r
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\r
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\r
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\r
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\r
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\r
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\r
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\r
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\r
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\r
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\r
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\r
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\r
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\r
+-----END CERTIFICATE-----\r
+-----BEGIN CERTIFICATE-----\r
+MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\r
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\r
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\r
+QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\r
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\r
+U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\r
+ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\r
+nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\r
+KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\r
+/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\r
+kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\r
+/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\r
+AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\r
+aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\r
+Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\r
+oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\r
+QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\r
+d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\r
+xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\r
+CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\r
+5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\r
+8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\r
+2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\r
+c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\r
+j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\r
+-----END CERTIFICATE-----\r
--- /dev/null
+# Config file for Debian's popularity-contest package.
+#
+# To change this file, use:
+# dpkg-reconfigure popularity-contest
+#
+# You can also edit it by hand, if you so choose.
+#
+# See /usr/share/popularity-contest/default.conf for more info
+# on the options.
+
+MY_HOSTID="538cdd57c46d4cb3b7a86b599070900d"
+PARTICIPATE="no"
+USEHTTP="yes"
+DAY="3"
--- /dev/null
+# Default values for pg_createcluster(8)
+# Occurrences of '%v' are replaced by the major version number,
+# and '%c' by the cluster name. Use '%%' for a literal '%'.
+
+# Create a "main" cluster when a new postgresql-x.y server package is installed
+#create_main_cluster = true
+
+# Default start.conf value, must be one of "auto", "manual", and "disabled".
+# See pg_createcluster(8) for more documentation.
+#start_conf = 'auto'
+
+# Default data directory.
+#data_directory = '/var/lib/postgresql/%v/%c'
+
+# Default directory for transaction logs
+# Unset by default, i.e. transaction logs remain in the data directory.
+#waldir = '/var/lib/postgresql/wal/%v/%c/pg_wal'
+
+# Options to pass to initdb.
+#initdb_options = ''
+
+# The following options are copied into the new cluster's postgresql.conf:
+
+# Enable SSL by default (using the "snakeoil" certificates installed by the
+# ssl-cert package, unless configured otherwise here)
+ssl = on
+
+# Show cluster name in process title
+cluster_name = '%v/%c'
+
+# Put stats_temp_directory on tmpfs
+stats_temp_directory = '/var/run/postgresql/%v-%c.pg_stat_tmp'
+
+# Add prefix to log lines
+log_line_prefix = '%%m [%%p] %%q%%u@%%d '
+
+# Add "include_dir" in postgresql.conf
+add_include_dir = 'conf.d'
+
+# Directory for additional createcluster config
+include_dir '/etc/postgresql-common/createcluster.d'
--- /dev/null
+This is a dummy root certificate file for PostgreSQL. To enable client side
+authentication, add some certificates to it. Client certificates must be signed
+with any certificate in this file to be accepted.
+
+A reasonable choice is to just symlink this file to
+/etc/ssl/certs/ssl-cert-snakeoil.pem; in this case, client certificates need to
+be signed by the postgresql server certificate, which might be desirable in
+many cases. See chapter "Server Setup and Operation" in the PostgreSQL
+documentation for details (in package postgresql-doc-9.2).
+
+ file:///usr/share/doc/postgresql-doc-9.2/html/ssl-tcp.html
--- /dev/null
+# See /usr/share/postgresql-common/supported-versions for documentation of this file
+default
--- /dev/null
+# This file maps users against the database clusters to which they
+# will connect by default. Any user may create ~/.postgresqlrc which
+# will supersede the defaults stored here. If a database is
+# specified, that will be the one connected to by client tools if none
+# is specified on the command line. If the database specified here is
+# "*", this is interpreted as the database whose name is the same as
+# the user's login. (Setting the database to "*" will provide the
+# current default upstream behaviour for command line tools.)
+#
+# When pg_wrapper scans this file, the first matching line is used.
+# It is a good idea to provide a default explicitly, with a final line
+# where both user and group are set to "*". If there is no default,
+# the implicit default is to connect to the cluster listening on
+# port 5432 and to the database matching the user's login name.
+#
+# In the context of this file, user and group refer to the Unix login
+# or group, not to PostgreSQL users and groups.
+#
+# Please see user_clusters(5) and postgresqlrc(5) for more information.
+#
+# USER GROUP VERSION CLUSTER DATABASE
+
--- /dev/null
+# environment variables for postgres processes
+# This file has the same syntax as postgresql.conf:
+# VARIABLE = simple_value
+# VARIABLE2 = 'any value!'
+# I. e. you need to enclose any value which does not only consist of letters,
+# numbers, and '-', '_', '.' in single quotes. Shell commands are not
+# evaluated.
--- /dev/null
+# Automatic pg_ctl configuration
+# This configuration file contains cluster specific options to be passed to
+# pg_ctl(1).
+
+pg_ctl_options = ''
--- /dev/null
+# PostgreSQL User Name Maps
+# =========================
+#
+# Refer to the PostgreSQL documentation, chapter "Client
+# Authentication" for a complete description. A short synopsis
+# follows.
+#
+# This file controls PostgreSQL user name mapping. It maps external
+# user names to their corresponding PostgreSQL user names. Records
+# are of the form:
+#
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
+#
+# (The uppercase quantities must be replaced by actual values.)
+#
+# MAPNAME is the (otherwise freely chosen) map name that was used in
+# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
+# client. PG-USERNAME is the requested PostgreSQL user name. The
+# existence of a record specifies that SYSTEM-USERNAME may connect as
+# PG-USERNAME.
+#
+# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
+# regular expression. Optionally this can contain a capture (a
+# parenthesized subexpression). The substring matching the capture
+# will be substituted for \1 (backslash-one) if present in
+# PG-USERNAME.
+#
+# Multiple maps may be specified in this file and used by pg_hba.conf.
+#
+# No map names are defined in the default configuration. If all
+# system user names and PostgreSQL user names are the same, you don't
+# need anything in this file.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal. If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect. You can
+# use "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
--- /dev/null
+# Automatic startup configuration
+# auto: automatically start the cluster
+# manual: manual startup with pg_ctlcluster/postgresql@.service only
+# disabled: refuse to start cluster
+# See pg_createcluster(1) for details. When running from systemd,
+# invoke 'systemctl daemon-reload' after editing this file.
+
+auto
--- /dev/null
+# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
+# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
+
+if [ "${PS1-}" ]; then
+ if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then
+ # The file bash.bashrc already sets the default PS1.
+ # PS1='\h:\w\$ '
+ if [ -f /etc/bash.bashrc ]; then
+ . /etc/bash.bashrc
+ fi
+ else
+ if [ "`id -u`" -eq 0 ]; then
+ PS1='# '
+ else
+ PS1='$ '
+ fi
+ fi
+fi
+
+if [ -d /etc/profile.d ]; then
+ for i in /etc/profile.d/*.sh; do
+ if [ -r $i ]; then
+ . $i
+ fi
+ done
+ unset i
+fi
--- /dev/null
+# Make sure the locale variables are set to valid values.
+eval $(/usr/bin/locale-check C.UTF-8)
--- /dev/null
+# Z97-byobu.sh - allow any user to opt into auto-launching byobu
+# Copyright (C) 2011 Canonical Ltd.
+#
+# Authors: Dustin Kirkland <kirkland@byobu.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Allow any user to opt into auto-launching byobu by setting LC_BYOBU=1
+# Apologies for borrowing the LC_BYOBU namespace, but:
+# a) it's reasonable to assume that no one else is using LC_BYOBU
+# b) LC_* is sent and receieved by most /etc/ssh/ssh*_config
+
+if [ -r "/usr/bin/byobu-launch" ]; then
+ if [ "$LC_BYOBU" = "0" ]; then
+ true
+ elif [ "$LC_BYOBU" = "1" ]; then
+ . /usr/bin/byobu-launch
+ elif [ -e "/etc/byobu/autolaunch" ]; then
+ . /usr/bin/byobu-launch
+ elif [ "$LC_TERMTYPE" = "byobu" ]; then
+ . /usr/bin/byobu-launch
+ elif [ "$LC_TERMTYPE" = "byobu-screen" ]; then
+ export BYOBU_BACKEND="screen"
+ . /usr/bin/byobu-launch
+ elif [ "$LC_TERMTYPE" = "byobu-tmux" ]; then
+ export BYOBU_BACKEND="tmux"
+ . /usr/bin/byobu-launch
+ fi
+fi
+
+# vi: syntax=sh ts=4 noexpandtab
--- /dev/null
+#!/bin/sh
+# Copyright (C) 2012, Canonical Group, Ltd.
+#
+# Author: Ben Howard <ben.howard@canonical.com>
+# Author: Scott Moser <scott.moser@ubuntu.com>
+# (c) 2012, Canonical Group, Ltd.
+#
+# This file is part of cloud-init. See LICENSE file for license information.
+
+# Purpose: Detect invalid locale settings and inform the user
+# of how to fix them.
+
+locale_warn() {
+ command -v local >/dev/null && local _local="local" ||
+ typeset _local="typeset"
+
+ $_local bad_names="" bad_lcs="" key="" val="" var="" vars="" bad_kv=""
+ $_local w1 w2 w3 w4 remain
+
+ # if shell is zsh, act like sh only for this function (-L).
+ # The behavior change will not permenently affect user's shell.
+ [ "${ZSH_NAME+zsh}" = "zsh" ] && emulate -L sh
+
+ # locale is expected to output either:
+ # VARIABLE=
+ # VARIABLE="value"
+ # locale: Cannot set LC_SOMETHING to default locale
+ while read -r w1 w2 w3 w4 remain; do
+ case "$w1" in
+ locale:) bad_names="${bad_names} ${w4}";;
+ *)
+ key=${w1%%=*}
+ val=${w1#*=}
+ val=${val#\"}
+ val=${val%\"}
+ vars="${vars} $key=$val";;
+ esac
+ done
+ for bad in $bad_names; do
+ for var in ${vars}; do
+ [ "${bad}" = "${var%=*}" ] || continue
+ val=${var#*=}
+ [ "${bad_lcs#* ${val}}" = "${bad_lcs}" ] &&
+ bad_lcs="${bad_lcs} ${val}"
+ bad_kv="${bad_kv} $bad=$val"
+ break
+ done
+ done
+ bad_lcs=${bad_lcs# }
+ bad_kv=${bad_kv# }
+ [ -n "$bad_lcs" ] || return 0
+
+ printf "_____________________________________________________________________\n"
+ printf "WARNING! Your environment specifies an invalid locale.\n"
+ printf " The unknown environment variables are:\n %s\n" "$bad_kv"
+ printf " This can affect your user experience significantly, including the\n"
+ printf " ability to manage packages. You may install the locales by running:\n\n"
+
+ $_local bad invalid="" to_gen="" sfile="/usr/share/i18n/SUPPORTED"
+ $_local local pkgs=""
+ if [ -e "$sfile" ]; then
+ for bad in ${bad_lcs}; do
+ grep -q -i "${bad}" "$sfile" &&
+ to_gen="${to_gen} ${bad}" ||
+ invalid="${invalid} ${bad}"
+ done
+ else
+ printf " sudo apt-get install locales\n"
+ to_gen=$bad_lcs
+ fi
+ to_gen=${to_gen# }
+
+ $_local pkgs=""
+ for bad in ${to_gen}; do
+ pkgs="${pkgs} language-pack-${bad%%_*}"
+ done
+ pkgs=${pkgs# }
+
+ if [ -n "${pkgs}" ]; then
+ printf " sudo apt-get install ${pkgs# }\n"
+ printf " or\n"
+ printf " sudo locale-gen ${to_gen# }\n"
+ printf "\n"
+ fi
+ for bad in ${invalid}; do
+ printf "WARNING: '${bad}' is an invalid locale\n"
+ done
+
+ printf "To see all available language packs, run:\n"
+ printf " apt-cache search \"^language-pack-[a-z][a-z]$\"\n"
+ printf "To disable this message for all users, run:\n"
+ printf " sudo touch /var/lib/cloud/instance/locale-check.skip\n"
+ printf "_____________________________________________________________________\n\n"
+
+ # only show the message once
+ : > ~/.cloud-locale-test.skip 2>/dev/null || :
+}
+
+[ -f ~/.cloud-locale-test.skip -o -f /var/lib/cloud/instance/locale-check.skip ] ||
+ locale 2>&1 | locale_warn
+
+unset locale_warn
+# vi: ts=4 expandtab
--- /dev/null
+#!/bin/sh
+# This file is part of cloud-init. See LICENSE file for license information.
+
+# Purpose: show user warnings on login.
+
+cloud_init_warnings() {
+ command -v local >/dev/null && local _local="local" ||
+ typeset _local="typeset"
+ $_local warning="" idir="/var/lib/cloud/instance" n=0
+ $_local warndir="$idir/warnings"
+ $_local ufile="$HOME/.cloud-warnings.skip" sfile="$warndir/.skip"
+ [ -d "$warndir" ] || return 0
+ [ ! -f "$ufile" ] || return 0
+ [ ! -f "$sfile" ] || return 0
+
+ for warning in "$warndir"/*; do
+ [ -f "$warning" ] || continue
+ cat "$warning"
+ n=$((n+1))
+ done
+ [ $n -eq 0 ] && return 0
+ echo ""
+ echo "Disable the warnings above by:"
+ echo " touch $ufile"
+ echo "or"
+ echo " touch $sfile"
+}
+
+cloud_init_warnings 1>&2
+unset cloud_init_warnings
+
+# vi: syntax=sh ts=4 expandtab
--- /dev/null
+# shellcheck shell=sh
+
+# Expand $PATH to include the directory where snappy applications go.
+snap_bin_path="/snap/bin"
+if [ -n "${PATH##*${snap_bin_path}}" ] && [ -n "${PATH##*${snap_bin_path}:*}" ]; then
+ export PATH="$PATH:${snap_bin_path}"
+fi
+
+# Ensure base distro defaults xdg path are set if nothing filed up some
+# defaults yet.
+if [ -z "$XDG_DATA_DIRS" ]; then
+ export XDG_DATA_DIRS="/usr/local/share:/usr/share"
+fi
+
+# Desktop files (used by desktop environments within both X11 and Wayland) are
+# looked for in XDG_DATA_DIRS; make sure it includes the relevant directory for
+# snappy applications' desktop files.
+snap_xdg_path="/var/lib/snapd/desktop"
+if [ -n "${XDG_DATA_DIRS##*${snap_xdg_path}}" ] && [ -n "${XDG_DATA_DIRS##*${snap_xdg_path}:*}" ]; then
+ export XDG_DATA_DIRS="${XDG_DATA_DIRS}:${snap_xdg_path}"
+fi
+
--- /dev/null
+# shellcheck shell=sh disable=SC1091,SC2039,SC2166
+# Check for interactive bash and that we haven't already been sourced.
+if [ "x${BASH_VERSION-}" != x -a "x${PS1-}" != x -a "x${BASH_COMPLETION_VERSINFO-}" = x ]; then
+
+ # Check for recent enough version of bash.
+ if [ "${BASH_VERSINFO[0]}" -gt 4 ] || \
+ [ "${BASH_VERSINFO[0]}" -eq 4 -a "${BASH_VERSINFO[1]}" -ge 1 ]; then
+ [ -r "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ] && \
+ . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
+ if shopt -q progcomp && [ -r /usr/share/bash-completion/bash_completion ]; then
+ # Source completion code.
+ . /usr/share/bash-completion/bash_completion
+ fi
+ fi
+
+fi
--- /dev/null
+# cedilla-portuguese.sh (c) 2015 Canonical
+# Author: Gunnar Hjalmarsson <gunnarhj@ubuntu.com>
+#
+# Released under the GPL
+#
+# File: /etc/profile.d/cedilla-portuguese.sh
+#
+# The desired behavior when typing in certain languages is that
+# '+c results in the ç character, and not ć. In Portuguese this
+# can be achieved by setting LC_CTYPE to either pt_BR.UTF-8 or
+# pt_PT.UTF-8. Related files:
+# /usr/share/X11/locale/pt_BR.UTF-8/Compose
+# /usr/share/X11/locale/pt_PT.UTF-8/Compose
+#
+# When the selected display language is Portuguese (either Brazilian
+# Portuguese or Portuguese as spoken in Portugal), LC_CTYPE inherits
+# the desired value from LANG. Due to this file, setting the Regional
+# Formats value to Portuguese (Brazil) or Portuguese (Portugal) is
+# sufficient to enable the just mentioned behavior, even if the
+# display language is something else but Portuguese.
+#
+if [ "${LC_IDENTIFICATION%_*}" = 'pt' -a "${LANG%_*}" != 'pt' ]; then
+ export LC_CTYPE="${LC_IDENTIFICATION%.*}.UTF-8"
+fi
--- /dev/null
+alias gawkpath_default 'unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`'
+
+alias gawkpath_prepend 'if (! $?AWKPATH) setenv AWKPATH ""; if ($AWKPATH == "") then; unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKPATH "\!*"":$AWKPATH"'
+
+alias gawkpath_append 'if (! $?AWKPATH) setenv AWKPATH ""; if ($AWKPATH == "") then; unsetenv AWKPATH; setenv AWKPATH `gawk -v x=AWKPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKPATH "$AWKPATH"":\!*"'
+
+alias gawklibpath_default 'unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`'
+
+alias gawklibpath_prepend 'if (! $?AWKLIBPATH) setenv AWKLIBPATH ""; if ($AWKLIBPATH == "") then; unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKLIBPATH "\!*"":$AWKLIBPATH"'
+
+alias gawklibpath_append 'if (! $?AWKLIBPATH) setenv AWKLIBPATH ""; if ($AWKLIBPATH == "") then; unsetenv AWKLIBPATH; setenv AWKLIBPATH `gawk -v x=AWKLIBPATH "BEGIN {print ENVIRON[x]}"`; endif; setenv AWKLIBPATH "$AWKLIBPATH"":\!*"'
--- /dev/null
+gawkpath_default () {
+ unset AWKPATH
+ export AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'`
+}
+
+gawkpath_prepend () {
+ [ -z "$AWKPATH" ] && AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'`
+ export AWKPATH="$*:$AWKPATH"
+}
+
+gawkpath_append () {
+ [ -z "$AWKPATH" ] && AWKPATH=`gawk 'BEGIN {print ENVIRON["AWKPATH"]}'`
+ export AWKPATH="$AWKPATH:$*"
+}
+
+gawklibpath_default () {
+ unset AWKLIBPATH
+ export AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'`
+}
+
+gawklibpath_prepend () {
+ [ -z "$AWKLIBPATH" ] && \
+ AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'`
+ export AWKLIBPATH="$*:$AWKLIBPATH"
+}
+
+gawklibpath_append () {
+ [ -z "$AWKLIBPATH" ] && \
+ AWKLIBPATH=`gawk 'BEGIN {print ENVIRON["AWKLIBPATH"]}'`
+ export AWKLIBPATH="$AWKLIBPATH:$*"
+}
--- /dev/null
+# Internet (IP) protocols
+#
+# Updated from http://www.iana.org/assignments/protocol-numbers and other
+# sources.
+# New protocols will be added on request if they have been officially
+# assigned by IANA and are not historical.
+# If you need a huge list of used numbers please install the nmap package.
+
+ip 0 IP # internet protocol, pseudo protocol number
+hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883]
+icmp 1 ICMP # internet control message protocol
+igmp 2 IGMP # Internet Group Management
+ggp 3 GGP # gateway-gateway protocol
+ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
+st 5 ST # ST datagram mode
+tcp 6 TCP # transmission control protocol
+egp 8 EGP # exterior gateway protocol
+igp 9 IGP # any private interior gateway (Cisco)
+pup 12 PUP # PARC universal packet protocol
+udp 17 UDP # user datagram protocol
+hmp 20 HMP # host monitoring protocol
+xns-idp 22 XNS-IDP # Xerox NS IDP
+rdp 27 RDP # "reliable datagram" protocol
+iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 [RFC905]
+dccp 33 DCCP # Datagram Congestion Control Prot. [RFC4340]
+xtp 36 XTP # Xpress Transfer Protocol
+ddp 37 DDP # Datagram Delivery Protocol
+idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport
+ipv6 41 IPv6 # Internet Protocol, version 6
+ipv6-route 43 IPv6-Route # Routing Header for IPv6
+ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
+idrp 45 IDRP # Inter-Domain Routing Protocol
+rsvp 46 RSVP # Reservation Protocol
+gre 47 GRE # General Routing Encapsulation
+esp 50 IPSEC-ESP # Encap Security Payload [RFC2406]
+ah 51 IPSEC-AH # Authentication Header [RFC2402]
+skip 57 SKIP # SKIP
+ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
+ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
+ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
+rspf 73 RSPF CPHB # Radio Shortest Path First (officially CPHB)
+vmtp 81 VMTP # Versatile Message Transport
+eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)
+ospf 89 OSPFIGP # Open Shortest Path First IGP
+ax.25 93 AX.25 # AX.25 frames
+ipip 94 IPIP # IP-within-IP Encapsulation Protocol
+etherip 97 ETHERIP # Ethernet-within-IP Encapsulation [RFC3378]
+encap 98 ENCAP # Yet Another IP encapsulation [RFC1241]
+# 99 # any private encryption scheme
+pim 103 PIM # Protocol Independent Multicast
+ipcomp 108 IPCOMP # IP Payload Compression Protocol
+vrrp 112 VRRP # Virtual Router Redundancy Protocol [RFC5798]
+l2tp 115 L2TP # Layer Two Tunneling Protocol [RFC2661]
+isis 124 ISIS # IS-IS over IPv4
+sctp 132 SCTP # Stream Control Transmission Protocol
+fc 133 FC # Fibre Channel
+mobility-header 135 Mobility-Header # Mobility Support for IPv6 [RFC3775]
+udplite 136 UDPLite # UDP-Lite [RFC3828]
+mpls-in-ip 137 MPLS-in-IP # MPLS-in-IP [RFC4023]
+manet 138 # MANET Protocols [RFC5498]
+hip 139 HIP # Host Identity Protocol
+shim6 140 Shim6 # Shim6 Protocol [RFC5533]
+wesp 141 WESP # Wrapped Encapsulating Security Payload
+rohc 142 ROHC # Robust Header Compression
--- /dev/null
+# install the apport exception handler if available
+try:
+ import apport_python_hook
+except ImportError:
+ pass
+else:
+ apport_python_hook.install()
--- /dev/null
+[DEFAULT]
+# how to byte-compile (comma separated: standard, optimize)
+byte-compile = standard
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cryptdisks
\ No newline at end of file
--- /dev/null
+../init.d/cryptdisks-early
\ No newline at end of file
--- /dev/null
+../init.d/irqbalance
\ No newline at end of file
--- /dev/null
+../init.d/iscsid
\ No newline at end of file
--- /dev/null
+../init.d/lvm2-lvmpolld
\ No newline at end of file
--- /dev/null
+../init.d/multipath-tools
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/open-iscsi
\ No newline at end of file
--- /dev/null
+../init.d/open-vm-tools
\ No newline at end of file
--- /dev/null
+../init.d/plymouth
\ No newline at end of file
--- /dev/null
+../init.d/postgresql
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/smartmontools
\ No newline at end of file
--- /dev/null
+../init.d/udev
\ No newline at end of file
--- /dev/null
+../init.d/unattended-upgrades
\ No newline at end of file
--- /dev/null
+../init.d/uuidd
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/irqbalance
\ No newline at end of file
--- /dev/null
+../init.d/iscsid
\ No newline at end of file
--- /dev/null
+../init.d/lvm2-lvmpolld
\ No newline at end of file
--- /dev/null
+../init.d/multipath-tools
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/open-iscsi
\ No newline at end of file
--- /dev/null
+../init.d/open-vm-tools
\ No newline at end of file
--- /dev/null
+../init.d/postgresql
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/smartmontools
\ No newline at end of file
--- /dev/null
+../init.d/ufw
\ No newline at end of file
--- /dev/null
+../init.d/uuidd
\ No newline at end of file
--- /dev/null
+../init.d/apport
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/binfmt-support
\ No newline at end of file
--- /dev/null
+../init.d/console-setup.sh
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/grub-common
\ No newline at end of file
--- /dev/null
+../init.d/irqbalance
\ No newline at end of file
--- /dev/null
+../init.d/lvm2-lvmpolld
\ No newline at end of file
--- /dev/null
+../init.d/multipath-tools
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/open-vm-tools
\ No newline at end of file
--- /dev/null
+../init.d/plymouth
\ No newline at end of file
--- /dev/null
+../init.d/postgresql
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/smartmontools
\ No newline at end of file
--- /dev/null
+../init.d/ssh
\ No newline at end of file
--- /dev/null
+../init.d/sysstat
\ No newline at end of file
--- /dev/null
+../init.d/unattended-upgrades
\ No newline at end of file
--- /dev/null
+../init.d/uuidd
\ No newline at end of file
--- /dev/null
+../init.d/apport
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/binfmt-support
\ No newline at end of file
--- /dev/null
+../init.d/console-setup.sh
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/grub-common
\ No newline at end of file
--- /dev/null
+../init.d/irqbalance
\ No newline at end of file
--- /dev/null
+../init.d/lvm2-lvmpolld
\ No newline at end of file
--- /dev/null
+../init.d/multipath-tools
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/open-vm-tools
\ No newline at end of file
--- /dev/null
+../init.d/plymouth
\ No newline at end of file
--- /dev/null
+../init.d/postgresql
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/smartmontools
\ No newline at end of file
--- /dev/null
+../init.d/ssh
\ No newline at end of file
--- /dev/null
+../init.d/sysstat
\ No newline at end of file
--- /dev/null
+../init.d/unattended-upgrades
\ No newline at end of file
--- /dev/null
+../init.d/uuidd
\ No newline at end of file
--- /dev/null
+../init.d/apport
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/binfmt-support
\ No newline at end of file
--- /dev/null
+../init.d/console-setup.sh
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/grub-common
\ No newline at end of file
--- /dev/null
+../init.d/irqbalance
\ No newline at end of file
--- /dev/null
+../init.d/lvm2-lvmpolld
\ No newline at end of file
--- /dev/null
+../init.d/multipath-tools
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/open-vm-tools
\ No newline at end of file
--- /dev/null
+../init.d/plymouth
\ No newline at end of file
--- /dev/null
+../init.d/postgresql
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/smartmontools
\ No newline at end of file
--- /dev/null
+../init.d/ssh
\ No newline at end of file
--- /dev/null
+../init.d/sysstat
\ No newline at end of file
--- /dev/null
+../init.d/unattended-upgrades
\ No newline at end of file
--- /dev/null
+../init.d/uuidd
\ No newline at end of file
--- /dev/null
+../init.d/apport
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/binfmt-support
\ No newline at end of file
--- /dev/null
+../init.d/console-setup.sh
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
--- /dev/null
+../init.d/dbus
\ No newline at end of file
--- /dev/null
+../init.d/grub-common
\ No newline at end of file
--- /dev/null
+../init.d/irqbalance
\ No newline at end of file
--- /dev/null
+../init.d/lvm2-lvmpolld
\ No newline at end of file
--- /dev/null
+../init.d/multipath-tools
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/open-vm-tools
\ No newline at end of file
--- /dev/null
+../init.d/plymouth
\ No newline at end of file
--- /dev/null
+../init.d/postgresql
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/smartmontools
\ No newline at end of file
--- /dev/null
+../init.d/ssh
\ No newline at end of file
--- /dev/null
+../init.d/sysstat
\ No newline at end of file
--- /dev/null
+../init.d/unattended-upgrades
\ No newline at end of file
--- /dev/null
+../init.d/uuidd
\ No newline at end of file
--- /dev/null
+../init.d/atd
\ No newline at end of file
--- /dev/null
+../init.d/cryptdisks
\ No newline at end of file
--- /dev/null
+../init.d/cryptdisks-early
\ No newline at end of file
--- /dev/null
+../init.d/irqbalance
\ No newline at end of file
--- /dev/null
+../init.d/iscsid
\ No newline at end of file
--- /dev/null
+../init.d/lvm2-lvmpolld
\ No newline at end of file
--- /dev/null
+../init.d/multipath-tools
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/open-iscsi
\ No newline at end of file
--- /dev/null
+../init.d/open-vm-tools
\ No newline at end of file
--- /dev/null
+../init.d/plymouth
\ No newline at end of file
--- /dev/null
+../init.d/postgresql
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/smartmontools
\ No newline at end of file
--- /dev/null
+../init.d/udev
\ No newline at end of file
--- /dev/null
+../init.d/unattended-upgrades
\ No newline at end of file
--- /dev/null
+../init.d/uuidd
\ No newline at end of file
--- /dev/null
+../init.d/apparmor
\ No newline at end of file
--- /dev/null
+../init.d/cryptdisks
\ No newline at end of file
--- /dev/null
+../init.d/cryptdisks-early
\ No newline at end of file
--- /dev/null
+../init.d/iscsid
\ No newline at end of file
--- /dev/null
+../init.d/keyboard-setup.sh
\ No newline at end of file
--- /dev/null
+../init.d/kmod
\ No newline at end of file
--- /dev/null
+../init.d/lvm2
\ No newline at end of file
--- /dev/null
+../init.d/open-iscsi
\ No newline at end of file
--- /dev/null
+../init.d/plymouth-log
\ No newline at end of file
--- /dev/null
+../init.d/procps
\ No newline at end of file
--- /dev/null
+../init.d/screen-cleanup
\ No newline at end of file
--- /dev/null
+../init.d/udev
\ No newline at end of file
--- /dev/null
+../init.d/ufw
\ No newline at end of file
--- /dev/null
+../run/systemd/resolve/stub-resolv.conf
\ No newline at end of file
--- /dev/null
+/usr/sbin/rmt
\ No newline at end of file
--- /dev/null
+# This file contains user readable names that can be used in place of rpc
+# program numbers.
+
+portmapper 100000 portmap sunrpc
+rstatd 100001 rstat rstat_svc rup perfmeter
+rusersd 100002 rusers
+nfs 100003 nfsprog
+ypserv 100004 ypprog
+mountd 100005 mount showmount
+ypbind 100007
+walld 100008 rwall shutdown
+yppasswdd 100009 yppasswd
+etherstatd 100010 etherstat
+rquotad 100011 rquotaprog quota rquota
+sprayd 100012 spray
+3270_mapper 100013
+rje_mapper 100014
+selection_svc 100015 selnsvc
+database_svc 100016
+rexd 100017 rex
+alis 100018
+sched 100019
+llockmgr 100020
+nlockmgr 100021
+x25.inr 100022
+statmon 100023
+status 100024
+bootparam 100026
+ypupdated 100028 ypupdate
+keyserv 100029 keyserver
+tfsd 100037
+nsed 100038
+nsemntd 100039
+ypxfrd 100069
+pcnfsd 150001
+amd 300019 amq
+sgi_fam 391002
+ugidd 545580417
+fypxfrd 600100069 freebsd-ypxfrd
+bwnfsd 788585389
--- /dev/null
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+#
+# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+#module(load="immark") # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+# provides kernel logging support and enable non-kernel klog messages
+module(load="imklog" permitnonkernelfacility="on")
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# Filter duplicated messages
+$RepeatedMsgReduction on
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner syslog
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+$PrivDropToUser syslog
+$PrivDropToGroup syslog
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
--- /dev/null
+# Log kernel generated UFW log messages to file
+:msg,contains,"[UFW " /var/log/ufw.log
+
+# Uncomment the following to stop logging anything that matches the last rule.
+# Doing this will stop logging kernel generated UFW log messages to the file
+# normally containing kern.* messages (eg, /var/log/kern.log)
+#& stop
--- /dev/null
+# Log cloudinit generated log messages to file
+:syslogtag, isequal, "[CLOUDINIT]" /var/log/cloud-init.log
+
+# comment out the following line to allow CLOUDINIT messages through.
+# Doing so means you'll also get CLOUDINIT messages in /var/log/syslog
+& stop
--- /dev/null
+# Default rules for rsyslog.
+#
+# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
+
+#
+# First some standard log files. Log by facility.
+#
+auth,authpriv.* /var/log/auth.log
+*.*;auth,authpriv.none -/var/log/syslog
+#cron.* /var/log/cron.log
+#daemon.* -/var/log/daemon.log
+kern.* -/var/log/kern.log
+#lpr.* -/var/log/lpr.log
+mail.* -/var/log/mail.log
+#user.* -/var/log/user.log
+
+#
+# Logging for the mail system. Split it up so that
+# it is easy to write scripts to parse these files.
+#
+#mail.info -/var/log/mail.info
+#mail.warn -/var/log/mail.warn
+mail.err /var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+#*.=debug;\
+# auth,authpriv.none;\
+# news.none;mail.none -/var/log/debug
+#*.=info;*.=notice;*.=warn;\
+# auth,authpriv.none;\
+# cron,daemon.none;\
+# mail,news.none -/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg :omusrmsg:*
+
+#
+# I like to have messages displayed on the console, but only on a virtual
+# console I usually leave idle.
+#
+#daemon,mail.*;\
+# news.=crit;news.=err;news.=notice;\
+# *.=debug;*.=info;\
+# *.=notice;*.=warn /dev/tty8
--- /dev/null
+# $Id: screenrc,v 1.15 2003/10/08 11:39:03 zal Exp $
+#
+# /etc/screenrc
+#
+# This is the system wide screenrc.
+#
+# You can use this file to change the default behavior of screen system wide
+# or copy it to ~/.screenrc and use it as a starting point for your own
+# settings.
+#
+# Commands in this file are used to set options, bind screen functions to
+# keys, redefine terminal capabilities, and to automatically establish one or
+# more windows at the beginning of your screen session.
+#
+# This is not a comprehensive list of options, look at the screen manual for
+# details on everything that you can put in this file.
+#
+
+# ------------------------------------------------------------------------------
+# SCREEN SETTINGS
+# ------------------------------------------------------------------------------
+
+#startup_message off
+#nethack on
+
+#defflow on # will force screen to process ^S/^Q
+deflogin on
+#autodetach off
+
+# turn visual bell on
+vbell on
+vbell_msg " Wuff ---- Wuff!! "
+
+# define a bigger scrollback, default is 100 lines
+defscrollback 1024
+
+# ------------------------------------------------------------------------------
+# SCREEN KEYBINDINGS
+# ------------------------------------------------------------------------------
+
+# Remove some stupid / dangerous key bindings
+bind ^k
+#bind L
+bind ^\
+# Make them better
+bind \\ quit
+bind K kill
+bind I login on
+bind O login off
+bind } history
+
+# An example of a "screen scraper" which will launch urlview on the current
+# screen window
+#
+#bind ^B eval "hardcopy_append off" "hardcopy -h $HOME/.screen-urlview" "screen urlview $HOME/.screen-urlview"
+
+# ------------------------------------------------------------------------------
+# TERMINAL SETTINGS
+# ------------------------------------------------------------------------------
+
+# The vt100 description does not mention "dl". *sigh*
+termcapinfo vt100 dl=5\E[M
+
+# turn sending of screen messages to hardstatus off
+hardstatus off
+# Set the hardstatus prop on gui terms to set the titlebar/icon title
+termcapinfo xterm*|rxvt*|kterm*|Eterm* hs:ts=\E]0;:fs=\007:ds=\E]0;\007
+# use this for the hard status string
+hardstatus string "%h%? users: %u%?"
+
+# An alternative hardstatus to display a bar at the bottom listing the
+# windownames and highlighting the current windowname in blue. (This is only
+# enabled if there is no hardstatus setting for your terminal)
+#
+#hardstatus lastline "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<"
+
+# set these terminals up to be 'optimal' instead of vt100
+termcapinfo xterm*|linux*|rxvt*|Eterm* OP
+
+# Change the xterm initialization string from is2=\E[!p\E[?3;4l\E[4l\E>
+# (This fixes the "Aborted because of window size change" konsole symptoms found
+# in bug #134198)
+termcapinfo xterm 'is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l'
+
+# To get screen to add lines to xterm's scrollback buffer, uncomment the
+# following termcapinfo line which tells xterm to use the normal screen buffer
+# (which has scrollback), not the alternate screen buffer.
+#
+#termcapinfo xterm|xterms|xs|rxvt ti@:te@
+
+# Enable non-blocking mode to better cope with flaky ssh connections.
+defnonblock 5
+
+# ------------------------------------------------------------------------------
+# STARTUP SCREENS
+# ------------------------------------------------------------------------------
+
+# Example of automatically running some programs in windows on screen startup.
+#
+# The following will open top in the first window, an ssh session to monkey
+# in the next window, and then open mutt and tail in windows 8 and 9
+# respectively.
+#
+# screen top
+# screen -t monkey ssh monkey
+# screen -t mail 8 mutt
+# screen -t daemon 9 tail -f /var/log/daemon.log
+
--- /dev/null
+# Login access control table.
+#
+# Comment line must start with "#", no space at front.
+# Order of lines is important.
+#
+# When someone logs in, the table is scanned for the first entry that
+# matches the (user, host) combination, or, in case of non-networked
+# logins, the first entry that matches the (user, tty) combination. The
+# permissions field of that table entry determines whether the login will
+# be accepted or refused.
+#
+# Format of the login access control table is three fields separated by a
+# ":" character:
+#
+# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so
+# module, you can change the field separation character to be
+# '|'. This is useful for configurations where you are trying to use
+# pam_access with X applications that provide PAM_TTY values that are
+# the display variable like "host:0".]
+#
+# permission:users:origins
+#
+# The first field should be a "+" (access granted) or "-" (access denied)
+# character.
+#
+# The second field should be a list of one or more login names, group
+# names, or ALL (always matches). A pattern of the form user@host is
+# matched when the login name matches the "user" part, and when the
+# "host" part matches the local machine name.
+#
+# The third field should be a list of one or more tty names (for
+# non-networked logins), host names, domain names (begin with "."), host
+# addresses, internet network numbers (end with "."), ALL (always
+# matches), NONE (matches no tty on non-networked logins) or
+# LOCAL (matches any string that does not contain a "." character).
+#
+# You can use @netgroupname in host or user patterns; this even works
+# for @usergroup@@hostgroup patterns.
+#
+# The EXCEPT operator makes it possible to write very compact rules.
+#
+# The group file is searched only when a name does not match that of the
+# logged-in user. Both the user's primary group is matched, as well as
+# groups in which users are explicitly listed.
+# To avoid problems with accounts, which have the same name as a group,
+# you can use brackets around group names '(group)' to differentiate.
+# In this case, you should also set the "nodefgroup" option.
+#
+# TTY NAMES: Must be in the form returned by ttyname(3) less the initial
+# "/dev" (e.g. tty1 or vc/1)
+#
+##############################################################################
+#
+# Disallow non-root logins on tty1
+#
+#-:ALL EXCEPT root:tty1
+#
+# Disallow console logins to all but a few accounts.
+#
+#-:ALL EXCEPT wheel shutdown sync:LOCAL
+#
+# Same, but make sure that really the group wheel and not the user
+# wheel is used (use nodefgroup argument, too):
+#
+#-:ALL EXCEPT (wheel) shutdown sync:LOCAL
+#
+# Disallow non-local logins to privileged accounts (group wheel).
+#
+#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
+#
+# Some accounts are not allowed to login from anywhere:
+#
+#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
+#
+# All other accounts are allowed to login from anywhere.
+#
+##############################################################################
+# All lines from here up to the end are building a more complex example.
+##############################################################################
+#
+# User "root" should be allowed to get access via cron .. tty5 tty6.
+#+:root:cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6
+#
+# User "root" should be allowed to get access from hosts with ip addresses.
+#+:root:192.168.200.1 192.168.200.4 192.168.200.9
+#+:root:127.0.0.1
+#
+# User "root" should get access from network 192.168.201.
+# This term will be evaluated by string matching.
+# comment: It might be better to use network/netmask instead.
+# The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0
+#+:root:192.168.201.
+#
+# User "root" should be able to have access from domain.
+# Uses string matching also.
+#+:root:.foo.bar.org
+#
+# User "root" should be denied to get access from all other sources.
+#-:root:ALL
+#
+# User "foo" and members of netgroup "nis_group" should be
+# allowed to get access from all sources.
+# This will only work if netgroup service is available.
+#+:@nis_group foo:ALL
+#
+# User "john" should get access from ipv4 net/mask
+#+:john:127.0.0.0/24
+#
+# User "john" should get access from ipv4 as ipv6 net/mask
+#+:john:::ffff:127.0.0.0/127
+#
+# User "john" should get access from ipv6 host address
+#+:john:2001:4ca0:0:101::1
+#
+# User "john" should get access from ipv6 host address (same as above)
+#+:john:2001:4ca0:0:101:0:0:0:1
+#
+# User "john" should get access from ipv6 net/mask
+#+:john:2001:4ca0:0:101::/64
+#
+# All other users should be denied to get access from all sources.
+#-:ALL:ALL
--- /dev/null
+#
+# /etc/security/capability.conf
+#
+# this is a sample capability file (to be used in conjunction with
+# the pam_cap.so module)
+#
+# In order to use this module, it must have been linked with libcap
+# and thus you'll know about Linux's capability support.
+# [If you don't know about libcap, the sources for it are here:
+#
+# http://www.kernel.org/pub/linux/libs/security/linux-privs/
+#
+# .]
+#
+# Here are some sample lines (remove the preceding '#' if you want to
+# use them
+
+## user 'morgan' gets the CAP_SETFCAP inheritable capability (commented out!)
+#cap_setfcap morgan
+
+## user 'luser' inherits the CAP_DAC_OVERRIDE capability (commented out!)
+#cap_dac_override luser
+
+## 'everyone else' gets no inheritable capabilities (restrictive config)
+none *
+
+## if there is no '*' entry, all users not explicitly mentioned will
+## get all available capabilities. This is a permissive default, and
+## possibly not what you want... On first reading, you might think this
+## is a security problem waiting to happen, but it defaults to not being
+## so in this sample file! Further, by 'get', we mean 'get in their inheritable
+## set'. That is, if you look at a random process, even one run by root,
+## you will see it has no inheritable capabilities (by default):
+##
+## $ /sbin/capsh --decode=$(grep CapInh /proc/1/status|awk '{print $2}')
+## 0000000000000000=
+##
+## The pam_cap module simply alters the value of this capability
+## set. Including the 'none *' forces use of this module with an
+## unspecified user to have their inheritable set forced to zero.
+##
+## Omitting the line will cause the inheritable set to be unmodified
+## from what the parent process had (which is generally 0 unless the
+## invoking user was bestowed with some inheritable capabilities by a
+## previous invocation).
--- /dev/null
+# Configuration for locking the user after multiple failed
+# authentication attempts.
+#
+# The directory where the user files with the failure records are kept.
+# The default is /var/run/faillock.
+# dir = /var/run/faillock
+#
+# Will log the user name into the system log if the user is not found.
+# Enabled if option is present.
+# audit
+#
+# Don't print informative messages.
+# Enabled if option is present.
+# silent
+#
+# Don't log informative messages via syslog.
+# Enabled if option is present.
+# no_log_info
+#
+# Only track failed user authentications attempts for local users
+# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+# The `faillock` command will also no longer track user failed
+# authentication attempts. Enabling this option will prevent a
+# double-lockout scenario where a user is locked out locally and
+# in the centralized mechanism.
+# Enabled if option is present.
+# local_users_only
+#
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+# deny = 3
+#
+# The length of the interval during which the consecutive
+# authentication failures must happen for the user account
+# lock out is <replaceable>n</replaceable> seconds.
+# The default is 900 (15 minutes).
+# fail_interval = 900
+#
+# The access will be re-enabled after n seconds after the lock out.
+# The value 0 has the same meaning as value `never` - the access
+# will not be re-enabled without resetting the faillock
+# entries by the `faillock` command.
+# The default is 600 (10 minutes).
+# unlock_time = 600
+#
+# Root account can become locked as well as regular accounts.
+# Enabled if option is present.
+# even_deny_root
+#
+# This option implies the `even_deny_root` option.
+# Allow access after n seconds to root account after the
+# account is locked. In case the option is not specified
+# the value is the same as of the `unlock_time` option.
+# root_unlock_time = 900
+#
+# If a group name is specified with this option, members
+# of the group will be handled by this module the same as
+# the root account (the options `even_deny_root>` and
+# `root_unlock_time` will apply to them.
+# By default, the option is not set.
+# admin_group = <admin_group_name>
--- /dev/null
+#
+# This is the configuration file for the pam_group module.
+#
+
+#
+# *** Please note that giving group membership on a session basis is
+# *** NOT inherently secure. If a user can create an executable that
+# *** is setgid a group that they are infrequently given membership
+# *** of, they can basically obtain group membership any time they
+# *** like. Example: games are allowed between the hours of 6pm and 6am
+# *** user joe logs in at 7pm writes a small C-program toplay.c that
+# *** invokes their favorite shell, compiles it and does
+# *** "chgrp play toplay; chmod g+s toplay". They are basically able
+# *** to play games any time... You have been warned. AGM
+#
+
+#
+# The syntax of the lines is as follows:
+#
+# services;ttys;users;times;groups
+#
+# white space is ignored and lines maybe extended with '\\n' (escaped
+# newlines). From reading these comments, it is clear that
+# text following a '#' is ignored to the end of the line.
+#
+# the combination of individual users/terminals etc is a logic list
+# namely individual tokens that are optionally prefixed with '!' (logical
+# not) and separated with '&' (logical and) and '|' (logical or).
+#
+# services
+# is a logic list of PAM service names that the rule applies to.
+#
+# ttys
+# is a logic list of terminal names that this rule applies to.
+#
+# users
+# is a logic list of users or a netgroup of users to whom this
+# rule applies.
+#
+# NB. For these items the simple wildcard '*' may be used only once.
+# With netgroups no wildcards or logic operators are allowed.
+#
+# times
+# It is used to indicate "when" these groups are to be given to the
+# user. The format here is a logic list of day/time-range
+# entries the days are specified by a sequence of two character
+# entries, MoTuSa for example is Monday Tuesday and Saturday. Note
+# that repeated days are unset MoMo = no day, and MoWk = all weekdays
+# bar Monday. The two character combinations accepted are
+#
+# Mo Tu We Th Fr Sa Su Wk Wd Al
+#
+# the last two being week-end days and all 7 days of the week
+# respectively. As a final example, AlFr means all days except Friday.
+#
+# Each day/time-range can be prefixed with a '!' to indicate "anything
+# but"
+#
+# The time-range part is two 24-hour times HHMM separated by a hyphen
+# indicating the start and finish time (if the finish time is smaller
+# than the start time it is deemed to apply on the following day).
+#
+# groups
+# The (comma or space separated) list of groups that the user
+# inherits membership of. These groups are added if the previous
+# fields are satisfied by the user's request
+#
+# For a rule to be active, ALL of service+ttys+users must be satisfied
+# by the applying process.
+#
+
+#
+# Note, to get this to work as it is currently typed you need
+#
+# 1. to run an application as root
+# 2. add the following groups to the /etc/group file:
+# floppy, play, sound
+#
+
+#
+# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),
+# the user 'us' is given access to the floppy (through membership of
+# the floppy group)
+#
+
+#xsh;tty*&!ttyp*;us;Al0000-2400;floppy
+
+#
+# another example: running 'xsh' on tty* (any ttyXXX device),
+# the user 'sword' is given access to games (through membership of
+# the sound and play group) after work hours.
+#
+
+#xsh; tty* ;sword;!Wk0900-1800;sound, play
+#xsh; tty* ;*;Al0900-1800;floppy
+
+#
+# yet another example: any member of the group 'admin' running
+# 'xsh' on tty*, is granted access (at any time) to the group 'plugdev'
+#
+
+#xsh; tty* ;%admin;Al0000-2400;plugdev
+
+#
+# End of group.conf file
+#
--- /dev/null
+# /etc/security/limits.conf
+#
+#Each line describes a limit for a user in the form:
+#
+#<domain> <type> <item> <value>
+#
+#Where:
+#<domain> can be:
+# - a user name
+# - a group name, with @group syntax
+# - the wildcard *, for default entry
+# - the wildcard %, can be also used with %group syntax,
+# for maxlogin limit
+# - NOTE: group and wildcard limits are not applied to root.
+# To apply a limit to the root user, <domain> must be
+# the literal username root.
+#
+#<type> can have the two values:
+# - "soft" for enforcing the soft limits
+# - "hard" for enforcing hard limits
+#
+#<item> can be one of the following:
+# - core - limits the core file size (KB)
+# - data - max data size (KB)
+# - fsize - maximum filesize (KB)
+# - memlock - max locked-in-memory address space (KB)
+# - nofile - max number of open file descriptors
+# - rss - max resident set size (KB)
+# - stack - max stack size (KB)
+# - cpu - max CPU time (MIN)
+# - nproc - max number of processes
+# - as - address space limit (KB)
+# - maxlogins - max number of logins for this user
+# - maxsyslogins - max number of logins on the system
+# - priority - the priority to run user process with
+# - locks - max number of file locks the user can hold
+# - sigpending - max number of pending signals
+# - msgqueue - max memory used by POSIX message queues (bytes)
+# - nice - max nice priority allowed to raise to values: [-20, 19]
+# - rtprio - max realtime priority
+# - chroot - change root to directory (Debian-specific)
+#
+#<domain> <type> <item> <value>
+#
+
+#* soft core 0
+#root hard core 100000
+#* hard rss 10000
+#@student hard nproc 20
+#@faculty soft nproc 20
+#@faculty hard nproc 50
+#ftp hard nproc 0
+#ftp - chroot /ftp
+#@student - maxlogins 4
+
+# End of file
--- /dev/null
+# /etc/security/namespace.conf
+#
+# See /usr/share/doc/pam-*/txts/README.pam_namespace for more information.
+#
+# Uncommenting the following three lines will polyinstantiate
+# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
+# be polyinstantiated based on the MLS level part of the security context as well as user
+# name, Polyinstantion will not be performed for user root and adm for directories
+# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users.
+# The user name and context is appended to the instance prefix.
+#
+# Note that instance directories do not have to reside inside the
+# polyinstantiated directory. In the examples below, instances of /tmp
+# will be created in /tmp-inst directory, where as instances of /var/tmp
+# and users home directories will reside within the directories that
+# are being polyinstantiated.
+#
+# Instance parent directories must exist for the polyinstantiation
+# mechanism to work. By default, they should be created with the mode
+# of 000. pam_namespace module will enforce this mode unless it
+# is explicitly called with an argument to ignore the mode of the
+# instance parent. System administrators should use this argument with
+# caution, as it will reduce security and isolation achieved by
+# polyinstantiation.
+#
+#/tmp /tmp-inst/ level root,adm
+#/var/tmp /var/tmp/tmp-inst/ level root,adm
+#$HOME $HOME/$USER.inst/ level
--- /dev/null
+#!/bin/sh
+# It receives polydir path as $1, the instance path as $2,
+# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
+# and user name in $4.
+#
+# The following section will copy the contents of /etc/skel if this is a
+# newly created home directory.
+if [ "$3" = 1 ]; then
+ # This line will fix the labeling on all newly created directories
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$1"
+ user="$4"
+ passwd=$(getent passwd "$user")
+ homedir=$(echo "$passwd" | cut -f6 -d":")
+ if [ "$1" = "$homedir" ]; then
+ gid=$(echo "$passwd" | cut -f4 -d":")
+ cp -rT /etc/skel "$homedir"
+ chown -R "$user":"$gid" "$homedir"
+ mask=$(awk '/^UMASK/{gsub("#.*$", "", $2); print $2; exit}' /etc/login.defs)
+ mode=$(printf "%o" $((0777 & ~$mask)))
+ chmod ${mode:-700} "$homedir"
+ [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir"
+ fi
+fi
+
+exit 0
--- /dev/null
+#
+# This is the configuration file for pam_env, a PAM module to load in
+# a configurable list of environment variables for a
+#
+# The original idea for this came from Andrew G. Morgan ...
+#<quote>
+# Mmm. Perhaps you might like to write a pam_env module that reads a
+# default environment from a file? I can see that as REALLY
+# useful... Note it would be an "auth" module that returns PAM_IGNORE
+# for the auth part and sets the environment returning PAM_SUCCESS in
+# the setcred function...
+#</quote>
+#
+# What I wanted was the REMOTEHOST variable set, purely for selfish
+# reasons, and AGM didn't want it added to the SimpleApps login
+# program (which is where I added the patch). So, my first concern is
+# that variable, from there there are numerous others that might/would
+# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
+#
+# Of course, these are a different kind of variable than REMOTEHOST in
+# that they are things that are likely to be configured by
+# administrators rather than set by logging in, how to treat them both
+# in the same config file?
+#
+# Here is my idea:
+#
+# Each line starts with the variable name, there are then two possible
+# options for each variable DEFAULT and OVERRIDE.
+# DEFAULT allows and administrator to set the value of the
+# variable to some default value, if none is supplied then the empty
+# string is assumed. The OVERRIDE option tells pam_env that it should
+# enter in its value (overriding the default value) if there is one
+# to use. OVERRIDE is not used, "" is assumed and no override will be
+# done.
+#
+# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
+#
+# (Possibly non-existent) environment variables may be used in values
+# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
+# be used in values using the @{string} syntax. Both the $ and @
+# characters can be backslash escaped to be used as literal values
+# values can be delimited with "", escaped " not supported.
+# Note that many environment variables that you would like to use
+# may not be set by the time the module is called.
+# For example, HOME is used below several times, but
+# many PAM applications don't make it available by the time you need it.
+#
+#
+# First, some special variables
+#
+# Set the REMOTEHOST variable for any hosts that are remote, default
+# to "localhost" rather than not being set at all
+#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
+#
+# Set the DISPLAY variable if it seems reasonable
+#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
+#
+#
+# Now some simple variables
+#
+#PAGER DEFAULT=less
+#MANPAGER DEFAULT=less
+#LESS DEFAULT="M q e h15 z23 b80"
+#NNTPSERVER DEFAULT=localhost
+#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
+#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
+#
+# silly examples of escaped variables, just to show how they work.
+#
+#DOLLAR DEFAULT=\$
+#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
+#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
+#ATSIGN DEFAULT="" OVERRIDE=\@
--- /dev/null
+# /etc/security/sepermit.conf
+#
+# Each line contains either:
+# - an user name
+# - a group name, with @group syntax
+# - a SELinux user name, with %seuser syntax
+# Each line can contain optional arguments separated by :
+# The possible arguments are:
+# - exclusive - only single login session will
+# be allowed for the user and the user's processes
+# will be killed on logout
--- /dev/null
+# this is an example configuration file for the pam_time module. Its syntax
+# was initially based heavily on that of the shadow package (shadow-960129).
+#
+# the syntax of the lines is as follows:
+#
+# services;ttys;users;times
+#
+# white space is ignored and lines maybe extended with '\\n' (escaped
+# newlines). As should be clear from reading these comments,
+# text following a '#' is ignored to the end of the line.
+#
+# the combination of individual users/terminals etc is a logic list
+# namely individual tokens that are optionally prefixed with '!' (logical
+# not) and separated with '&' (logical and) and '|' (logical or).
+#
+# services
+# is a logic list of PAM service names that the rule applies to.
+#
+# ttys
+# is a logic list of terminal names that this rule applies to.
+#
+# users
+# is a logic list of users or a netgroup of users to whom this
+# rule applies.
+#
+# NB. For these items the simple wildcard '*' may be used only once.
+#
+# times
+# the format here is a logic list of day/time-range
+# entries the days are specified by a sequence of two character
+# entries, MoTuSa for example is Monday Tuesday and Saturday. Note
+# that repeated days are unset MoMo = no day, and MoWk = all weekdays
+# bar Monday. The two character combinations accepted are
+#
+# Mo Tu We Th Fr Sa Su Wk Wd Al
+#
+# the last two being week-end days and all 7 days of the week
+# respectively. As a final example, AlFr means all days except Friday.
+#
+# each day/time-range can be prefixed with a '!' to indicate "anything
+# but"
+#
+# The time-range part is two 24-hour times HHMM separated by a hyphen
+# indicating the start and finish time (if the finish time is smaller
+# than the start time it is deemed to apply on the following day).
+#
+# for a rule to be active, ALL of service+ttys+users must be satisfied
+# by the applying process.
+#
+
+#
+# Here is a simple example: running blank on tty* (any ttyXXX device),
+# the users 'you' and 'me' are denied service all of the time
+#
+
+#blank;tty* & !ttyp*;you|me;!Al0000-2400
+
+# Another silly example, user 'root' is denied xsh access
+# from pseudo terminals at the weekend and on mondays.
+
+#xsh;ttyp*;root;!WdMo0000-2400
+
+#
+# End of example file.
+#
--- /dev/null
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+#
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+# "source" - libsemanage manipulates a source SELinux policy
+# "direct" - libsemanage will write directly to a module store.
+# /foo/bar - Write by way of a policy management server, whose
+# named socket is at /foo/bar. The path must begin
+# with a '/'.
+# foo.com:4242 - Establish a TCP connection to a remote policy
+# management server at foo.com. If there is a colon
+# then the remainder is interpreted as a port number;
+# otherwise default to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanage will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>. Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# expand-check check neverallow rules when executing all semanage commands.
+# Large penalty in time if you turn this on.
+expand-check=0
+
+# By default, semanage will generate policies for the SELinux target.
+# To build policies for Xen, uncomment the following line.
+#target-platform = xen
--- /dev/null
+# libsensors configuration file
+# -----------------------------
+#
+# This default configuration file only includes statements which do not
+# differ from one mainboard to the next. Only label, compute and set
+# statements for internal voltage and temperature sensors are included.
+#
+# In general, local changes should not be added to this file, but rather
+# placed in custom configuration files located in /etc/sensors.d. This
+# approach makes further updates much easier.
+#
+# Such custom configuration files for specific mainboards can be found in
+# "configs" directory of lm-sensors package.
+#
+# Please contribute back a configuration of your board so other users with
+# the same hardware won't need to recreate it again and again.
+
+chip "lm78-*" "lm79-*" "lm80-*" "lm96080-*"
+
+ label temp1 "M/B Temp"
+
+
+chip "w83792d-*"
+
+ label in0 "VcoreA"
+ label in1 "VcoreB"
+ label in6 "+5V"
+ label in7 "5VSB"
+ label in8 "Vbat"
+
+ set in6_min 5.0 * 0.90
+ set in6_max 5.0 * 1.10
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+ set in8_min 3.0 * 0.90
+ set in8_max 3.0 * 1.10
+
+
+chip "w83793-*"
+
+ label in0 "VcoreA"
+ label in1 "VcoreB"
+ label in7 "+5V"
+ label in8 "5VSB"
+ label in9 "Vbat"
+
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+ set in8_min 5.0 * 0.90
+ set in8_max 5.0 * 1.10
+ set in9_min 3.0 * 0.90
+ set in9_max 3.0 * 1.10
+
+
+chip "w83795g-*" "w83795adg-*"
+
+ label in12 "+3.3V"
+ label in13 "3VSB"
+ label in14 "Vbat"
+
+ set in12_min 3.3 * 0.90
+ set in12_max 3.3 * 1.10
+ set in13_min 3.3 * 0.90
+ set in13_max 3.3 * 1.10
+ set in14_min 3.0 * 0.90
+ set in14_max 3.3 * 1.10
+
+
+chip "via686a-*"
+
+ label in0 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+
+
+chip "adm1025-*" "ne1619-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "VCC"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+# Depending on how your chip is hardwired, you may or may not have
+# +12V readings.
+# set in4_min 12.0 * 0.90
+# set in4_max 12.0 * 1.10
+
+ label temp1 "CPU Temp"
+ label temp2 "M/B Temp"
+
+
+chip "lm87-*" "adm1024-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+
+ label temp1 "M/B Temp"
+ label temp2 "CPU Temp"
+
+
+chip "it87-*" "it8712-*" "it8716-*" "it8718-*" "it8720-*"
+
+ label in8 "Vbat"
+
+
+chip "fscpos-*" "fscher-*"
+#FSC "Hermes"
+
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "Vbat"
+
+ label temp1 "CPU Temp"
+ label temp2 "M/B Temp"
+ label temp3 "Aux Temp"
+
+
+chip "fscscy-*"
+#FSC "Scylla"
+
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "+3.3V"
+
+ label temp1 "CPU0 Temp"
+ label temp2 "CPU1 Temp"
+ label temp3 "M/B Temp"
+ label temp4 "Aux Temp"
+
+
+chip "fschds-*"
+# Fujitsu Technology Solutions, "Hades"-Chip
+
+# Temperatures
+ label temp1 "CPU Temp"
+ label temp2 "Super I/O Temp"
+ label temp3 "System Temp"
+
+# Fans
+ label fan1 "PSU Fan"
+ label fan2 "CPU Fan"
+ label fan3 "System FAN2"
+ label fan4 "System FAN3"
+ label fan5 "System FAN4"
+
+# Voltages
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "Vbat"
+
+chip "fscsyl-*"
+# Fujitsu Technology Solutions, "Syleus"-Chip
+
+# Temperatures
+ label temp1 "CPU Temp"
+ label temp4 "Super I/O Temp"
+ label temp5 "Northbridge Temp"
+
+# Fans
+ label fan1 "CPU Fan"
+ label fan2 "System FAN2"
+ label fan3 "System FAN3"
+ label fan4 "System FAN4"
+ label fan7 "PSU Fan"
+
+# Voltages
+ label in0 "+12V"
+ label in1 "+5V"
+ label in2 "Vbat"
+ label in3 "+3.3V"
+ label in5 "+3.3V-Aux"
+
+chip "vt1211-*"
+
+ label in5 "+3.3V"
+
+ label temp2 "SIO Temp"
+
+
+chip "vt8231-*"
+
+ label in5 "+3.3V"
+
+
+chip "smsc47m192-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "VCC"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+
+ label temp1 "SIO Temp"
+
+
+chip "lm85-*" "lm85b-*" "lm85c-*" "adm1027-*" "adt7463-*" "adt7468-*" \
+ "emc6d100-*" "emc6d102-*" "emc6d103-*" "emc6d103s-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+# Depending on how your chip is hardwired, you may or may not have
+# +12V readings.
+# set in4_min 12.0 * 0.90
+# set in4_max 12.0 * 1.10
+
+ label temp2 "M/B Temp"
+
+
+chip "emc6w201-*"
+
+ label in2 "+3.3V"
+ label in3 "+5V"
+
+ label temp6 "M/B Temp"
+
+
+chip "pc87365-*" "pc87366-*"
+
+# Voltage inputs
+
+ label in7 "3VSB"
+ label in8 "VDD"
+ label in9 "Vbat"
+ label in10 "AVDD"
+
+ compute in7 @*2, @/2
+ compute in8 @*2, @/2
+ compute in10 @*2, @/2
+
+# These are the operating conditions as recommended by National
+# Semiconductor
+ set in7_min 3.0
+ set in7_max 3.6
+ set in8_min 3.0
+ set in8_max 3.6
+ set in10_min 3.0
+ set in10_max 3.6
+# Depending on the hardware setup, the battery voltage may or may not
+# be monitored.
+# set in9_min 2.4
+# set in9_max 3.6
+
+ label temp3 "SIO Temp"
+
+ set temp3_min 0
+ set temp3_max 70
+ set temp3_crit 85
+
+
+chip "adm1030-*" "adm1031-*"
+
+ label temp1 "M/B Temp"
+
+
+chip "w83627thf-*"
+
+ label in3 "+5V"
+ label in7 "5VSB"
+ label in8 "Vbat"
+
+ # Internal resistors
+ compute in3 @ * (1 + 34/51), @ / (1 + 34/51)
+ compute in7 @ * (1 + 34/51), @ / (1 + 34/51)
+
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+# The battery voltage may or may not be monitored.
+# set in8_min 3.0 * 0.90
+# set in8_max 3.0 * 1.10
+
+
+chip "w83627ehf-*" "w83627dhg-*" "w83667hg-*" "nct6775-*" "nct6776-*" \
+ "nct6779-*" "nct6791-*" "nct6795-*" "nct6796-*"
+
+ label in0 "Vcore"
+ label in2 "AVCC"
+ label in3 "+3.3V"
+ label in7 "3VSB"
+ label in8 "Vbat"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 3.3 * 0.90
+ set in3_max 3.3 * 1.10
+ set in7_min 3.3 * 0.90
+ set in7_max 3.3 * 1.10
+ set in8_min 3.0 * 0.90
+ set in8_max 3.3 * 1.10
+
+
+chip "w83627uhg-*"
+
+ label in2 "AVCC"
+ label in3 "+5V"
+ label in7 "5VSB"
+ label in8 "Vbat"
+
+ set in2_min 5.0 * 0.90
+ set in2_max 5.0 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in7_min 5.0 * 0.90
+ set in7_max 5.0 * 1.10
+ set in8_min 3.0 * 0.90
+ set in8_max 3.3 * 1.10
+
+
+chip "f71805f-*"
+
+ label in0 "+3.3V"
+
+ set in0_min 3.3 * 0.90
+ set in0_max 3.3 * 1.10
+
+
+chip "f71872f-*"
+
+ label in0 "+3.3V"
+ label in9 "Vbat"
+ label in10 "3VSB"
+
+ set in0_min 3.3 * 0.90
+ set in0_max 3.3 * 1.10
+ set in9_min 3.0 * 0.90
+ set in9_max 3.0 * 1.10
+ set in10_min 3.3 * 0.90
+ set in10_max 3.3 * 1.10
+
+
+chip "k8temp-*"
+
+ label temp1 "Core0 Temp"
+ label temp2 "Core0 Temp"
+ label temp3 "Core1 Temp"
+ label temp4 "Core1 Temp"
+
+
+chip "dme1737-*"
+
+ label in0 "5VSB"
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ label temp2 "SIO Temp"
+
+ set in0_min 5.0 * 0.90
+ set in0_max 5.0 * 1.10
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "sch311x-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ label temp2 "SIO Temp"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+ set in4_min 12.0 * 0.90
+ set in4_max 12.0 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "sch5027-*"
+
+ label in0 "5VSB"
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ label temp2 "SIO Temp"
+
+ set in0_min 5.0 * 0.90
+ set in0_max 5.0 * 1.10
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "sch5127-*"
+
+ label in2 "+3.3V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in5_min 3.3 * 0.90
+ set in5_max 3.3 * 1.10
+ set in6_min 3.0 * 0.90
+ set in6_max 3.0 * 1.10
+
+
+chip "f71808e-*" "f71808a-*" "f71862fg-*" "f71869-*" "f71869a-*" "f71882fg-*" \
+ "f71889fg-*" "f71889ed-*" "f71889a-*"
+
+ label in0 "+3.3V"
+ label in7 "3VSB"
+ label in8 "Vbat"
+
+ compute in0 @*2, @/2
+ compute in7 @*2, @/2
+ compute in8 @*2, @/2
+
+
+chip "f71858fg-*" "f8000-*"
+
+ label in0 "+3.3V"
+ label in1 "3VSB"
+ label in2 "Vbat"
+
+ compute in0 @*2, @/2
+ compute in1 @*2, @/2
+ compute in2 @*2, @/2
+
+
+chip "f71868a-*"
+
+ label in0 "+3.3V"
+ label in7 "3VSB"
+ label in8 "Vbat"
+ label in9 "5VSB"
+
+ compute in0 @*2, @/2
+ compute in7 @*2, @/2
+ compute in8 @*2, @/2
+ compute in9 @*3, @/3
+
+
+chip "f81865f-*"
+
+ label in0 "+3.3V"
+ label in5 "3VSB"
+ label in6 "Vbat"
+
+ compute in0 @*2, @/2
+ compute in5 @*2, @/2
+ compute in6 @*2, @/2
+
+
+chip "adt7473-*" "adt7475-*"
+
+ label in2 "+3.3V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+
+ label temp2 "Board Temp"
+
+
+chip "adt7476-*" "adt7490-*"
+
+ label in1 "Vcore"
+ label in2 "+3.3V"
+ label in3 "+5V"
+ label in4 "+12V"
+
+ set in2_min 3.3 * 0.90
+ set in2_max 3.3 * 1.10
+ set in3_min 5.0 * 0.90
+ set in3_max 5.0 * 1.10
+# Depending on how your ADT7476 is hardwired, you may or may not have
+# +12V readings.
+# set in4_min 12.0 * 0.90
+# set in4_max 12.0 * 1.10
+
+ label temp2 "M/B Temp"
--- /dev/null
+# Network services, Internet style
+#
+# Note that it is presently the policy of IANA to assign a single well-known
+# port number for both TCP and UDP; hence, officially ports have two entries
+# even if the protocol doesn't support UDP operations.
+#
+# Updated from https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml .
+#
+# New ports will be added on request if they have been officially assigned
+# by IANA and used in the real-world or are needed by a debian package.
+# If you need a huge list of used numbers please install the nmap package.
+
+tcpmux 1/tcp # TCP port service multiplexer
+echo 7/tcp
+echo 7/udp
+discard 9/tcp sink null
+discard 9/udp sink null
+systat 11/tcp users
+daytime 13/tcp
+daytime 13/udp
+netstat 15/tcp
+qotd 17/tcp quote
+chargen 19/tcp ttytst source
+chargen 19/udp ttytst source
+ftp-data 20/tcp
+ftp 21/tcp
+fsp 21/udp fspd
+ssh 22/tcp # SSH Remote Login Protocol
+telnet 23/tcp
+smtp 25/tcp mail
+time 37/tcp timserver
+time 37/udp timserver
+whois 43/tcp nicname
+tacacs 49/tcp # Login Host Protocol (TACACS)
+tacacs 49/udp
+domain 53/tcp # Domain Name Server
+domain 53/udp
+bootps 67/udp
+bootpc 68/udp
+tftp 69/udp
+gopher 70/tcp # Internet Gopher
+finger 79/tcp
+http 80/tcp www # WorldWideWeb HTTP
+kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5
+kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5
+iso-tsap 102/tcp tsap # part of ISODE
+acr-nema 104/tcp dicom # Digital Imag. & Comm. 300
+pop3 110/tcp pop-3 # POP version 3
+sunrpc 111/tcp portmapper # RPC 4.0 portmapper
+sunrpc 111/udp portmapper
+auth 113/tcp authentication tap ident
+nntp 119/tcp readnews untp # USENET News Transfer Protocol
+ntp 123/udp # Network Time Protocol
+epmap 135/tcp loc-srv # DCE endpoint resolution
+netbios-ns 137/tcp # NETBIOS Name Service
+netbios-ns 137/udp
+netbios-dgm 138/tcp # NETBIOS Datagram Service
+netbios-dgm 138/udp
+netbios-ssn 139/tcp # NETBIOS session service
+netbios-ssn 139/udp
+imap2 143/tcp imap # Interim Mail Access P 2 and 4
+snmp 161/tcp # Simple Net Mgmt Protocol
+snmp 161/udp
+snmp-trap 162/tcp snmptrap # Traps for SNMP
+snmp-trap 162/udp snmptrap
+cmip-man 163/tcp # ISO mgmt over IP (CMOT)
+cmip-man 163/udp
+cmip-agent 164/tcp
+cmip-agent 164/udp
+mailq 174/tcp # Mailer transport queue for Zmailer
+xdmcp 177/udp # X Display Manager Control Protocol
+bgp 179/tcp # Border Gateway Protocol
+smux 199/tcp # SNMP Unix Multiplexer
+qmtp 209/tcp # Quick Mail Transfer Protocol
+z3950 210/tcp wais # NISO Z39.50 database
+ipx 213/udp # IPX [RFC1234]
+ptp-event 319/udp
+ptp-general 320/udp
+pawserv 345/tcp # Perf Analysis Workbench
+zserv 346/tcp # Zebra server
+rpc2portmap 369/tcp
+rpc2portmap 369/udp # Coda portmapper
+codaauth2 370/tcp
+codaauth2 370/udp # Coda authentication server
+clearcase 371/udp Clearcase
+ldap 389/tcp # Lightweight Directory Access Protocol
+ldap 389/udp
+svrloc 427/tcp # Server Location
+svrloc 427/udp
+https 443/tcp # http protocol over TLS/SSL
+snpp 444/tcp # Simple Network Paging Protocol
+microsoft-ds 445/tcp # Microsoft Naked CIFS
+microsoft-ds 445/udp
+kpasswd 464/tcp
+kpasswd 464/udp
+submissions 465/tcp ssmtp smtps urd # Submission over TLS [RFC8314]
+saft 487/tcp # Simple Asynchronous File Transfer
+isakmp 500/udp # IPSEC key management
+rtsp 554/tcp # Real Time Stream Control Protocol
+rtsp 554/udp
+nqs 607/tcp # Network Queuing system
+asf-rmcp 623/udp # ASF Remote Management and Control Protocol
+qmqp 628/tcp
+ipp 631/tcp # Internet Printing Protocol
+#
+# UNIX specific services
+#
+exec 512/tcp
+biff 512/udp comsat
+login 513/tcp
+who 513/udp whod
+shell 514/tcp cmd syslog # no passwords used
+syslog 514/udp
+printer 515/tcp spooler # line printer spooler
+talk 517/udp
+ntalk 518/udp
+route 520/udp router routed # RIP
+gdomap 538/tcp # GNUstep distributed objects
+gdomap 538/udp
+uucp 540/tcp uucpd # uucp daemon
+klogin 543/tcp # Kerberized `rlogin' (v5)
+kshell 544/tcp krcmd # Kerberized `rsh' (v5)
+dhcpv6-client 546/udp
+dhcpv6-server 547/udp
+afpovertcp 548/tcp # AFP over TCP
+nntps 563/tcp snntp # NNTP over SSL
+submission 587/tcp # Submission [RFC4409]
+ldaps 636/tcp # LDAP over SSL
+ldaps 636/udp
+tinc 655/tcp # tinc control port
+tinc 655/udp
+silc 706/tcp
+kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
+#
+domain-s 853/tcp # DNS over TLS [RFC7858]
+domain-s 853/udp # DNS over DTLS [RFC8094]
+rsync 873/tcp
+ftps-data 989/tcp # FTP over SSL (data)
+ftps 990/tcp
+telnets 992/tcp # Telnet over SSL
+imaps 993/tcp # IMAP over SSL
+pop3s 995/tcp # POP-3 over SSL
+#
+# From ``Assigned Numbers'':
+#
+#> The Registered Ports are not controlled by the IANA and on most systems
+#> can be used by ordinary user processes or programs executed by ordinary
+#> users.
+#
+#> Ports are used in the TCP [45,106] to name the ends of logical
+#> connections which carry long term conversations. For the purpose of
+#> providing services to unknown callers, a service contact port is
+#> defined. This list specifies the port used by the server process as its
+#> contact port. While the IANA can not control uses of these ports it
+#> does register or list uses of these ports as a convienence to the
+#> community.
+#
+socks 1080/tcp # socks proxy server
+proofd 1093/tcp
+rootd 1094/tcp
+openvpn 1194/tcp
+openvpn 1194/udp
+rmiregistry 1099/tcp # Java RMI Registry
+lotusnote 1352/tcp lotusnotes # Lotus Note
+ms-sql-s 1433/tcp # Microsoft SQL Server
+ms-sql-s 1433/udp
+ms-sql-m 1434/tcp # Microsoft SQL Monitor
+ms-sql-m 1434/udp
+ingreslock 1524/tcp
+datametrics 1645/tcp old-radius
+datametrics 1645/udp old-radius
+sa-msg-port 1646/tcp old-radacct
+sa-msg-port 1646/udp old-radacct
+kermit 1649/tcp
+groupwise 1677/tcp
+l2f 1701/udp l2tp
+radius 1812/tcp
+radius 1812/udp
+radius-acct 1813/tcp radacct # Radius Accounting
+radius-acct 1813/udp radacct
+cisco-sccp 2000/tcp # Cisco SCCP
+nfs 2049/tcp # Network File System
+nfs 2049/udp # Network File System
+gnunet 2086/tcp
+gnunet 2086/udp
+rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99
+rtcm-sc104 2101/udp
+gsigatekeeper 2119/tcp
+gris 2135/tcp # Grid Resource Information Server
+cvspserver 2401/tcp # CVS client/server operations
+venus 2430/tcp # codacon port
+venus 2430/udp # Venus callback/wbc interface
+venus-se 2431/tcp # tcp side effects
+venus-se 2431/udp # udp sftp side effect
+codasrv 2432/tcp # not used
+codasrv 2432/udp # server port
+codasrv-se 2433/tcp # tcp side effects
+codasrv-se 2433/udp # udp sftp side effect
+mon 2583/tcp # MON traps
+mon 2583/udp
+dict 2628/tcp # Dictionary server
+f5-globalsite 2792/tcp
+gsiftp 2811/tcp
+gpsd 2947/tcp
+gds-db 3050/tcp gds_db # InterBase server
+icpv2 3130/tcp icp # Internet Cache Protocol
+icpv2 3130/udp icp
+isns 3205/tcp # iSNS Server Port
+isns 3205/udp # iSNS Server Port
+iscsi-target 3260/tcp
+mysql 3306/tcp
+ms-wbt-server 3389/tcp
+nut 3493/tcp # Network UPS Tools
+nut 3493/udp
+distcc 3632/tcp # distributed compiler
+distcc 3632/udp
+daap 3689/tcp # Digital Audio Access Protocol
+daap 3689/udp
+svn 3690/tcp subversion # Subversion protocol
+svn 3690/udp subversion
+suucp 4031/tcp # UUCP over SSL
+suucp 4031/udp
+sysrqd 4094/tcp # sysrq daemon
+sysrqd 4094/udp
+sieve 4190/tcp # ManageSieve Protocol
+epmd 4369/tcp # Erlang Port Mapper Daemon
+epmd 4369/udp
+remctl 4373/tcp # Remote Authenticated Command Service
+remctl 4373/udp
+f5-iquery 4353/tcp # F5 iQuery
+f5-iquery 4353/udp
+ipsec-nat-t 4500/udp # IPsec NAT-Traversal [RFC3947]
+iax 4569/tcp # Inter-Asterisk eXchange
+iax 4569/udp
+mtn 4691/tcp # monotone Netsync Protocol
+mtn 4691/udp
+radmin-port 4899/tcp # RAdmin Port
+radmin-port 4899/udp
+sip 5060/tcp # Session Initiation Protocol
+sip 5060/udp
+sip-tls 5061/tcp
+sip-tls 5061/udp
+xmpp-client 5222/tcp jabber-client # Jabber Client Connection
+xmpp-server 5269/tcp jabber-server # Jabber Server Connection
+cfengine 5308/tcp
+mdns 5353/udp # Multicast DNS
+postgresql 5432/tcp postgres # PostgreSQL Database
+freeciv 5556/tcp rptp # Freeciv gameplay
+amqps 5671/tcp # AMQP protocol over TLS/SSL
+amqp 5672/tcp
+amqp 5672/udp
+amqp 5672/sctp
+x11 6000/tcp x11-0 # X Window System
+x11-1 6001/tcp
+x11-2 6002/tcp
+x11-3 6003/tcp
+x11-4 6004/tcp
+x11-5 6005/tcp
+x11-6 6006/tcp
+x11-7 6007/tcp
+gnutella-svc 6346/tcp # gnutella
+gnutella-svc 6346/udp
+gnutella-rtr 6347/tcp # gnutella
+gnutella-rtr 6347/udp
+sge-qmaster 6444/tcp sge_qmaster # Grid Engine Qmaster Service
+sge-execd 6445/tcp sge_execd # Grid Engine Execution Service
+mysql-proxy 6446/tcp # MySQL Proxy
+babel 6696/udp # Babel Routing Protocol
+ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL
+afs3-fileserver 7000/tcp bbs # file server itself
+afs3-fileserver 7000/udp bbs
+afs3-callback 7001/tcp # callbacks to cache managers
+afs3-callback 7001/udp
+afs3-prserver 7002/tcp # users & groups database
+afs3-prserver 7002/udp
+afs3-vlserver 7003/tcp # volume location database
+afs3-vlserver 7003/udp
+afs3-kaserver 7004/tcp # AFS/Kerberos authentication
+afs3-kaserver 7004/udp
+afs3-volser 7005/tcp # volume managment server
+afs3-volser 7005/udp
+afs3-errors 7006/tcp # error interpretation service
+afs3-errors 7006/udp
+afs3-bos 7007/tcp # basic overseer process
+afs3-bos 7007/udp
+afs3-update 7008/tcp # server-to-server updater
+afs3-update 7008/udp
+afs3-rmtsys 7009/tcp # remote cache manager service
+afs3-rmtsys 7009/udp
+font-service 7100/tcp xfs # X Font Service
+http-alt 8080/tcp webcache # WWW caching service
+puppet 8140/tcp # The Puppet master service
+bacula-dir 9101/tcp # Bacula Director
+bacula-fd 9102/tcp # Bacula File Daemon
+bacula-sd 9103/tcp # Bacula Storage Daemon
+xmms2 9667/tcp # Cross-platform Music Multiplexing System
+nbd 10809/tcp # Linux Network Block Device
+zabbix-agent 10050/tcp # Zabbix Agent
+zabbix-trapper 10051/tcp # Zabbix Trapper
+amanda 10080/tcp # amanda backup services
+dicom 11112/tcp
+hkp 11371/tcp # OpenPGP HTTP Keyserver
+db-lsp 17500/tcp # Dropbox LanSync Protocol
+dcap 22125/tcp # dCache Access Protocol
+gsidcap 22128/tcp # GSI dCache Access Protocol
+wnn6 22273/tcp # wnn6
+
+#
+# Datagram Delivery Protocol services
+#
+rtmp 1/ddp # Routing Table Maintenance Protocol
+nbp 2/ddp # Name Binding Protocol
+echo 4/ddp # AppleTalk Echo Protocol
+zip 6/ddp # Zone Information Protocol
+
+#=========================================================================
+# The remaining port numbers are not as allocated by IANA.
+#=========================================================================
+
+# Kerberos (Project Athena/MIT) services
+kerberos4 750/udp kerberos-iv kdc # Kerberos (server)
+kerberos4 750/tcp kerberos-iv kdc
+kerberos-master 751/udp kerberos_master # Kerberos authentication
+kerberos-master 751/tcp
+passwd-server 752/udp passwd_server # Kerberos passwd server
+krb-prop 754/tcp krb_prop krb5_prop hprop # Kerberos slave propagation
+zephyr-srv 2102/udp # Zephyr server
+zephyr-clt 2103/udp # Zephyr serv-hm connection
+zephyr-hm 2104/udp # Zephyr hostmanager
+iprop 2121/tcp # incremental propagation
+supfilesrv 871/tcp # Software Upgrade Protocol server
+supfiledbg 1127/tcp # Software Upgrade Protocol debugging
+
+#
+# Services added for the Debian GNU/Linux distribution
+#
+poppassd 106/tcp # Eudora
+poppassd 106/udp
+moira-db 775/tcp moira_db # Moira database
+moira-update 777/tcp moira_update # Moira update protocol
+moira-ureg 779/udp moira_ureg # Moira user registration
+spamd 783/tcp # spamassassin daemon
+skkserv 1178/tcp # skk jisho server port
+predict 1210/udp # predict -- satellite tracking
+rmtcfg 1236/tcp # Gracilis Packeten remote config server
+xtel 1313/tcp # french minitel
+xtelw 1314/tcp # french minitel
+support 1529/tcp # GNATS
+cfinger 2003/tcp # GNU Finger
+frox 2121/tcp # frox: caching ftp proxy
+zebrasrv 2600/tcp # zebra service
+zebra 2601/tcp # zebra vty
+ripd 2602/tcp # ripd vty (zebra)
+ripngd 2603/tcp # ripngd vty (zebra)
+ospfd 2604/tcp # ospfd vty (zebra)
+bgpd 2605/tcp # bgpd vty (zebra)
+ospf6d 2606/tcp # ospf6d vty (zebra)
+ospfapi 2607/tcp # OSPF-API
+isisd 2608/tcp # ISISd vty (zebra)
+afbackup 2988/tcp # Afbackup system
+afbackup 2988/udp
+afmbackup 2989/tcp # Afmbackup system
+afmbackup 2989/udp
+fax 4557/tcp # FAX transmission service (old)
+hylafax 4559/tcp # HylaFAX client-server protocol (new)
+distmp3 4600/tcp # distmp3host daemon
+munin 4949/tcp lrrd # Munin
+enbd-cstatd 5051/tcp # ENBD client statd
+enbd-sstatd 5052/tcp # ENBD server statd
+pcrd 5151/tcp # PCR-1000 Daemon
+noclog 5354/tcp # noclogd with TCP (nocol)
+noclog 5354/udp # noclogd with UDP (nocol)
+hostmon 5355/tcp # hostmon uses TCP (nocol)
+hostmon 5355/udp # hostmon uses UDP (nocol)
+rplay 5555/udp # RPlay audio service
+nrpe 5666/tcp # Nagios Remote Plugin Executor
+nsca 5667/tcp # Nagios Agent - NSCA
+mrtd 5674/tcp # MRT Routing Daemon
+bgpsim 5675/tcp # MRT Routing Simulator
+canna 5680/tcp # cannaserver
+syslog-tls 6514/tcp # Syslog over TLS [RFC5425]
+sane-port 6566/tcp sane saned # SANE network scanner daemon
+ircd 6667/tcp # Internet Relay Chat
+zope-ftp 8021/tcp # zope management by ftp
+tproxy 8081/tcp # Transparent Proxy
+omniorb 8088/tcp # OmniORB
+omniorb 8088/udp
+clc-build-daemon 8990/tcp # Common lisp build daemon
+xinetd 9098/tcp
+mandelspawn 9359/udp mandelbrot # network mandelbrot
+git 9418/tcp # Git Version Control System
+zope 9673/tcp # zope server
+webmin 10000/tcp
+kamanda 10081/tcp # amanda backup services (Kerberos)
+amandaidx 10082/tcp # amanda backup services
+amidxtape 10083/tcp # amanda backup services
+smsqp 11201/tcp # Alamin SMS gateway
+smsqp 11201/udp
+xpilot 15345/tcp # XPilot Contact Port
+xpilot 15345/udp
+sgi-cmsd 17001/udp # Cluster membership services daemon
+sgi-crsd 17002/udp
+sgi-gcd 17003/udp # SGI Group membership daemon
+sgi-cad 17004/tcp # Cluster Admin daemon
+isdnlog 20011/tcp # isdn logging system
+isdnlog 20011/udp
+vboxd 20012/tcp # voice box system
+vboxd 20012/udp
+binkp 24554/tcp # binkp fidonet protocol
+asp 27374/tcp # Address Search Protocol
+asp 27374/udp
+csync2 30865/tcp # cluster synchronization tool
+dircproxy 57000/tcp # Detachable IRC Proxy
+tfido 60177/tcp # fidonet EMSI over telnet
+fido 60179/tcp # fidonet EMSI over TCP
+
+# Local services
--- /dev/null
+# /etc/shells: valid login shells
+/bin/sh
+/bin/bash
+/usr/bin/bash
+/bin/rbash
+/usr/bin/rbash
+/bin/dash
+/usr/bin/dash
+/usr/bin/tmux
+/usr/bin/screen
--- /dev/null
+# ~/.bash_logout: executed by bash(1) when login shell exits.
+
+# when leaving the console clear the screen to increase privacy
+
+if [ "$SHLVL" = 1 ]; then
+ [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q
+fi
--- /dev/null
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+ *i*) ;;
+ *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+ debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+ xterm-color|*-256color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+ if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+ # We have color support; assume it's compliant with Ecma-48
+ # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+ # a case would tend to support setf rather than setaf.)
+ color_prompt=yes
+ else
+ color_prompt=
+ fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+ PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+ PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+ PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+ ;;
+*)
+ ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+ test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+ alias ls='ls --color=auto'
+ #alias dir='dir --color=auto'
+ #alias vdir='vdir --color=auto'
+
+ alias grep='grep --color=auto'
+ alias fgrep='fgrep --color=auto'
+ alias egrep='egrep --color=auto'
+fi
+
+# colored GCC warnings and errors
+#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+
+# some more ls aliases
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+
+# Add an "alert" alias for long running commands. Use like so:
+# sleep 10; alert
+alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+ . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+ if [ -f /usr/share/bash-completion/bash_completion ]; then
+ . /usr/share/bash-completion/bash_completion
+ elif [ -f /etc/bash_completion ]; then
+ . /etc/bash_completion
+ fi
+fi
--- /dev/null
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+ # include .bashrc if it exists
+ if [ -f "$HOME/.bashrc" ]; then
+ . "$HOME/.bashrc"
+ fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+ PATH="$HOME/bin:$PATH"
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+ PATH="$HOME/.local/bin:$PATH"
+fi
--- /dev/null
+# Sample configuration file for smartd. See man smartd.conf.
+
+# Home page is: http://www.smartmontools.org
+
+# smartd will re-read the configuration file if it receives a HUP
+# signal
+
+# The file gives a list of devices to monitor using smartd, with one
+# device per line. Text after a hash (#) is ignored, and you may use
+# spaces and tabs for white space. You may use '\' to continue lines.
+
+# You can usually identify which hard disks are on your system by
+# looking in /proc/ide and in /proc/scsi.
+
+# The word DEVICESCAN will cause any remaining lines in this
+# configuration file to be ignored: it tells smartd to scan for all
+# ATA and SCSI devices. DEVICESCAN may be followed by any of the
+# Directives listed below, which will be applied to all devices that
+# are found. Most users should comment out DEVICESCAN and explicitly
+# list the devices that they wish to monitor.
+DEVICESCAN -d removable -n standby -m root -M exec /usr/share/smartmontools/smartd-runner
+
+# Alternative setting to ignore temperature and power-on hours reports
+# in syslog.
+#DEVICESCAN -I 194 -I 231 -I 9
+
+# Alternative setting to report more useful raw temperature in syslog.
+#DEVICESCAN -R 194 -R 231 -I 9
+
+# Alternative setting to report raw temperature changes >= 5 Celsius
+# and min/max temperatures.
+#DEVICESCAN -I 194 -I 231 -I 9 -W 5
+
+# First ATA/SATA or SCSI/SAS disk. Monitor all attributes, enable
+# automatic online data collection, automatic Attribute autosave, and
+# start a short self-test every day between 2-3am, and a long self test
+# Saturdays between 3-4am.
+#/dev/sda -a -o on -S on -s (S/../.././02|L/../../6/03)
+
+# Monitor SMART status, ATA Error Log, Self-test log, and track
+# changes in all attributes except for attribute 194
+#/dev/sdb -H -l error -l selftest -t -I 194
+
+# Monitor all attributes except normalized Temperature (usually 194),
+# but track Temperature changes >= 4 Celsius, report Temperatures
+# >= 45 Celsius and changes in Raw value of Reallocated_Sector_Ct (5).
+# Send mail on SMART failures or when Temperature is >= 55 Celsius.
+#/dev/sdc -a -I 194 -W 4,45,55 -R 5 -m admin@example.com
+
+# An ATA disk may appear as a SCSI device to the OS. If a SCSI to
+# ATA Translation (SAT) layer is between the OS and the device then
+# this can be flagged with the '-d sat' option. This situation may
+# become common with SATA disks in SAS and FC environments.
+# /dev/sda -a -d sat
+
+# A very silent check. Only report SMART health status if it fails
+# But send an email in this case
+#/dev/sdc -H -C 0 -U 0 -m admin@example.com
+
+# First two SCSI disks. This will monitor everything that smartd can
+# monitor. Start extended self-tests Wednesdays between 6-7pm and
+# Sundays between 1-2 am
+#/dev/sda -d scsi -s L/../../3/18
+#/dev/sdb -d scsi -s L/../../7/01
+
+# Monitor 4 ATA disks connected to a 3ware 6/7/8000 controller which uses
+# the 3w-xxxx driver. Start long self-tests Sundays between 1-2, 2-3, 3-4,
+# and 4-5 am.
+# NOTE: starting with the Linux 2.6 kernel series, the /dev/sdX interface
+# is DEPRECATED. Use the /dev/tweN character device interface instead.
+# For example /dev/twe0, /dev/twe1, and so on.
+#/dev/sdc -d 3ware,0 -a -s L/../../7/01
+#/dev/sdc -d 3ware,1 -a -s L/../../7/02
+#/dev/sdc -d 3ware,2 -a -s L/../../7/03
+#/dev/sdc -d 3ware,3 -a -s L/../../7/04
+
+# Monitor 2 ATA disks connected to a 3ware 9000 controller which
+# uses the 3w-9xxx driver (Linux, FreeBSD). Start long self-tests Tuesdays
+# between 1-2 and 3-4 am.
+#/dev/twa0 -d 3ware,0 -a -s L/../../2/01
+#/dev/twa0 -d 3ware,1 -a -s L/../../2/03
+
+# Monitor 2 SATA (not SAS) disks connected to a 3ware 9000 controller which
+# uses the 3w-sas driver (Linux). Start long self-tests Tuesdays
+# between 1-2 and 3-4 am.
+# On FreeBSD /dev/tws0 should be used instead
+#/dev/twl0 -d 3ware,0 -a -s L/../../2/01
+#/dev/twl0 -d 3ware,1 -a -s L/../../2/03
+
+# Same as above for Windows. Option '-d 3ware,N' is not necessary,
+# disk (port) number is specified in device name.
+# NOTE: On Windows, DEVICESCAN works also for 3ware controllers.
+#/dev/hdc,0 -a -s L/../../2/01
+#/dev/hdc,1 -a -s L/../../2/03
+#
+# Monitor 2 disks connected to the first HP SmartArray controller which
+# uses the cciss driver. Start long tests on Sunday nights and short
+# self-tests every night and send errors to root
+#/dev/sda -d cciss,0 -a -s (L/../../7/02|S/../.././02) -m root
+#/dev/sda -d cciss,1 -a -s (L/../../7/03|S/../.././03) -m root
+
+# Monitor 3 ATA disks directly connected to a HighPoint RocketRAID. Start long
+# self-tests Sundays between 1-2, 2-3, and 3-4 am.
+#/dev/sdd -d hpt,1/1 -a -s L/../../7/01
+#/dev/sdd -d hpt,1/2 -a -s L/../../7/02
+#/dev/sdd -d hpt,1/3 -a -s L/../../7/03
+
+# Monitor 2 ATA disks connected to the same PMPort which connected to the
+# HighPoint RocketRAID. Start long self-tests Tuesdays between 1-2 and 3-4 am
+#/dev/sdd -d hpt,1/4/1 -a -s L/../../2/01
+#/dev/sdd -d hpt,1/4/2 -a -s L/../../2/03
+
+# HERE IS A LIST OF DIRECTIVES FOR THIS CONFIGURATION FILE.
+# PLEASE SEE THE smartd.conf MAN PAGE FOR DETAILS
+#
+# -d TYPE Set the device type: ata, scsi, marvell, removable, 3ware,N, hpt,L/M/N
+# -T TYPE set the tolerance to one of: normal, permissive
+# -o VAL Enable/disable automatic offline tests (on/off)
+# -S VAL Enable/disable attribute autosave (on/off)
+# -n MODE No check. MODE is one of: never, sleep, standby, idle
+# -H Monitor SMART Health Status, report if failed
+# -l TYPE Monitor SMART log. Type is one of: error, selftest
+# -f Monitor for failure of any 'Usage' Attributes
+# -m ADD Send warning email to ADD for -H, -l error, -l selftest, and -f
+# -M TYPE Modify email warning behavior (see man page)
+# -s REGE Start self-test when type/date matches regular expression (see man page)
+# -p Report changes in 'Prefailure' Normalized Attributes
+# -u Report changes in 'Usage' Normalized Attributes
+# -t Equivalent to -p and -u Directives
+# -r ID Also report Raw values of Attribute ID with -p, -u or -t
+# -R ID Track changes in Attribute ID Raw value with -p, -u or -t
+# -i ID Ignore Attribute ID for -f Directive
+# -I ID Ignore Attribute ID for -p, -u or -t Directive
+# -C ID Report if Current Pending Sector count non-zero
+# -U ID Report if Offline Uncorrectable count non-zero
+# -W D,I,C Monitor Temperature D)ifference, I)nformal limit, C)ritical limit
+# -v N,ST Modifies labeling of Attribute N (see man page)
+# -a Default: equivalent to -H -f -t -l error -l selftest -C 197 -U 198
+# -F TYPE Use firmware bug workaround. Type is one of: none, samsung
+# -P TYPE Drive-specific presets: use, ignore, show, showall
+# # Comment: text after a hash sign is ignored
+# \ Line continuation character
+# Attribute ID is a decimal integer 1 <= ID <= 255
+# except for -C and -U, where ID = 0 turns them off.
+# All but -d, -m and -M Directives are only implemented for ATA devices
+#
+# If the test string DEVICESCAN is the first uncommented text
+# then smartd will scan for devices.
+# DEVICESCAN may be followed by any desired Directives.
--- /dev/null
+#!/bin/bash -e
+
+# Send mail if /usr/bin/mail exists
+if ! [ -x /usr/bin/mail ]; then
+ echo "Your system does not have /usr/bin/mail. Install the mailx or mailutils package"
+ exit 1
+fi
+
+input=$1
+shift
+
+/usr/bin/mail "$@" < $input
+
--- /dev/null
+[general]
+#verbose = 3
+#verify = yes
+#batch = yes
+#log-size = 15
+
+[plugins]
+#disable = rpm, selinux, dovecot
+
+[tunables]
+#rpm.rpmva = off
--- /dev/null
+[global]
+# Set global options here that are not component specific
+# If you would like one global default value to be specifically overridden for
+# just one component, but not others, you may override that value in the
+# component specific section below
+#verbose = 3
+#verify = yes
+#batch = yes
+#log-size = 15
+tmp-dir = /tmp
+
+[report]
+# Options that will apply to any `sos report` run should be listed here.
+# Note that the option names *must* be the long-form name as seen in --help
+# output. Use a comma for list delimitations.
+#skip-plugins = rpm, selinux, dovecot
+#enable-plugins = host,logs
+
+[collect]
+# Options that will apply to any `sos collect` run should be listed here.
+# Note that the option names *must* be the long-form name as seen in --help
+# output. Use a comma for list delimitations
+#primary = myhost.example.com
+#ssh-key = /home/user/.ssh/mykey
+#password = true
+
+[clean]
+# Options that will apply to any `sos clean|mask` run should be listed here.
+# Note that the option names *must* be the long-form name as seen in --help
+# output. Use a comma for list delimitations
+#domains = mydomain.com
+#no-update = true
+
+[plugin_options]
+# Specify any plugin options and their values here. These options take the form
+# plugin_name.option_name = value
+#rpm.rpmva = off
--- /dev/null
+GlobalSign_Root_R46.pem
\ No newline at end of file
--- /dev/null
+Entrust_Root_Certification_Authority_-_G2.pem
\ No newline at end of file
--- /dev/null
+Staat_der_Nederlanden_EV_Root_CA.pem
\ No newline at end of file
--- /dev/null
+GlobalSign_Root_CA_-_R3.pem
\ No newline at end of file
--- /dev/null
+QuoVadis_Root_CA_2_G3.pem
\ No newline at end of file
--- /dev/null
+SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
\ No newline at end of file
--- /dev/null
+Starfield_Services_Root_Certificate_Authority_-_G2.pem
\ No newline at end of file
--- /dev/null
+GTS_Root_R3.pem
\ No newline at end of file
--- /dev/null
+CFCA_EV_ROOT.pem
\ No newline at end of file
--- /dev/null
+SSL.com_Root_Certification_Authority_ECC.pem
\ No newline at end of file
--- /dev/null
+UCA_Extended_Validation_Root.pem
\ No newline at end of file
--- /dev/null
+GDCA_TrustAUTH_R5_ROOT.pem
\ No newline at end of file
--- /dev/null
+GTS_Root_R1.pem
\ No newline at end of file
--- /dev/null
+Entrust_Root_Certification_Authority_-_EC1.pem
\ No newline at end of file
--- /dev/null
+emSign_ECC_Root_CA_-_G3.pem
\ No newline at end of file
--- /dev/null
+Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
\ No newline at end of file
--- /dev/null
+SecureSign_RootCA11.pem
\ No newline at end of file
--- /dev/null
+GlobalSign_ECC_Root_CA_-_R5.pem
\ No newline at end of file
--- /dev/null
+IdenTrust_Public_Sector_Root_CA_1.pem
\ No newline at end of file
--- /dev/null
+T-TeleSec_GlobalRoot_Class_2.pem
\ No newline at end of file
--- /dev/null
+DigiCert_High_Assurance_EV_Root_CA.pem
\ No newline at end of file
--- /dev/null
+ssl-cert-snakeoil.pem
\ No newline at end of file
--- /dev/null
+ssl-cert-snakeoil.pem
\ No newline at end of file
--- /dev/null
+emSign_Root_CA_-_G1.pem
\ No newline at end of file
--- /dev/null
+CA_Disig_Root_R2.pem
\ No newline at end of file
--- /dev/null
+AffirmTrust_Commercial.pem
\ No newline at end of file
--- /dev/null
+Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
\ No newline at end of file
--- /dev/null
+EC-ACC.pem
\ No newline at end of file
--- /dev/null
+DigiCert_Global_Root_CA.pem
\ No newline at end of file
--- /dev/null
+Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
\ No newline at end of file
--- /dev/null
+TrustCor_RootCert_CA-2.pem
\ No newline at end of file
--- /dev/null
+Hongkong_Post_Root_CA_1.pem
\ No newline at end of file
--- /dev/null
+NAVER_Global_Root_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+Certum_Trusted_Network_CA_2.pem
\ No newline at end of file
--- /dev/null
+ISRG_Root_X1.pem
\ No newline at end of file
--- /dev/null
+COMODO_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+emSign_Root_CA_-_C1.pem
\ No newline at end of file
--- /dev/null
+Network_Solutions_Certificate_Authority.pem
\ No newline at end of file
--- /dev/null
+Certum_Trusted_Network_CA.pem
\ No newline at end of file
--- /dev/null
+GlobalSign_Root_CA_-_R2.pem
\ No newline at end of file
--- /dev/null
+emSign_ECC_Root_CA_-_C3.pem
\ No newline at end of file
--- /dev/null
+Starfield_Root_Certificate_Authority_-_G2.pem
\ No newline at end of file
--- /dev/null
+SwissSign_Gold_CA_-_G2.pem
\ No newline at end of file
--- /dev/null
+E-Tugra_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+T-TeleSec_GlobalRoot_Class_3.pem
\ No newline at end of file
--- /dev/null
+Buypass_Class_2_Root_CA.pem
\ No newline at end of file
--- /dev/null
+SwissSign_Silver_CA_-_G2.pem
\ No newline at end of file
--- /dev/null
+GlobalSign_Root_CA.pem
\ No newline at end of file
--- /dev/null
+TeliaSonera_Root_CA_v1.pem
\ No newline at end of file
--- /dev/null
+TrustCor_RootCert_CA-1.pem
\ No newline at end of file
--- /dev/null
+Entrust_Root_Certification_Authority_-_G4.pem
\ No newline at end of file
--- /dev/null
+TWCA_Global_Root_CA.pem
\ No newline at end of file
--- /dev/null
+certSIGN_Root_CA_G2.pem
\ No newline at end of file
--- /dev/null
+DigiCert_Global_Root_G2.pem
\ No newline at end of file
--- /dev/null
+GTS_Root_R2.pem
\ No newline at end of file
--- /dev/null
+Baltimore_CyberTrust_Root.pem
\ No newline at end of file
--- /dev/null
+Hongkong_Post_Root_CA_3.pem
\ No newline at end of file
--- /dev/null
+Entrust_Root_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+Amazon_Root_CA_2.pem
\ No newline at end of file
--- /dev/null
+SSL.com_Root_Certification_Authority_RSA.pem
\ No newline at end of file
--- /dev/null
+XRamp_Global_CA_Root.pem
\ No newline at end of file
--- /dev/null
+QuoVadis_Root_CA_1_G3.pem
\ No newline at end of file
--- /dev/null
+DigiCert_Trusted_Root_G4.pem
\ No newline at end of file
--- /dev/null
+Cybertrust_Global_Root.pem
\ No newline at end of file
--- /dev/null
+QuoVadis_Root_CA_3.pem
\ No newline at end of file
--- /dev/null
+Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
\ No newline at end of file
--- /dev/null
+OISTE_WISeKey_Global_Root_GC_CA.pem
\ No newline at end of file
--- /dev/null
+TrustCor_ECA-1.pem
\ No newline at end of file
--- /dev/null
+DigiCert_Assured_ID_Root_G3.pem
\ No newline at end of file
--- /dev/null
+Microsec_e-Szigno_Root_CA_2009.pem
\ No newline at end of file
--- /dev/null
+Amazon_Root_CA_3.pem
\ No newline at end of file
--- /dev/null
+certSIGN_ROOT_CA.pem
\ No newline at end of file
--- /dev/null
+Microsoft_ECC_Root_Certificate_Authority_2017.pem
\ No newline at end of file
--- /dev/null
+Actalis_Authentication_Root_CA.pem
\ No newline at end of file
--- /dev/null
+AffirmTrust_Networking.pem
\ No newline at end of file
--- /dev/null
+Certum_EC-384_CA.pem
\ No newline at end of file
--- /dev/null
+NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
\ No newline at end of file
--- /dev/null
+Trustwave_Global_ECC_P256_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+AffirmTrust_Premium_ECC.pem
\ No newline at end of file
--- /dev/null
+DigiCert_Assured_ID_Root_G2.pem
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Certigna.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/EC-ACC.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Izenpe.com.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
\ No newline at end of file
--- /dev/null
+GTS_Root_R4.pem
\ No newline at end of file
--- /dev/null
+ACCVRAIZ1.pem
\ No newline at end of file
--- /dev/null
+Entrust.net_Premium_2048_Secure_Server_CA.pem
\ No newline at end of file
--- /dev/null
+GlobalSign_ECC_Root_CA_-_R4.pem
\ No newline at end of file
--- /dev/null
+DigiCert_Assured_ID_Root_CA.pem
\ No newline at end of file
--- /dev/null
+ANF_Secure_Server_Root_CA.pem
\ No newline at end of file
--- /dev/null
+Secure_Global_CA.pem
\ No newline at end of file
--- /dev/null
+AffirmTrust_Premium.pem
\ No newline at end of file
--- /dev/null
+TWCA_Root_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
\ No newline at end of file
--- /dev/null
+Microsoft_RSA_Root_Certificate_Authority_2017.pem
\ No newline at end of file
--- /dev/null
+UCA_Global_G2_Root.pem
\ No newline at end of file
--- /dev/null
+D-TRUST_Root_Class_3_CA_2_2009.pem
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE
+AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw
+CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ
+BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND
+VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb
+qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY
+HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo
+G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA
+lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr
+IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/
+0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH
+k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47
+4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO
+m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa
+cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl
+uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI
+KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls
+ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG
+AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
+VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT
+VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG
+CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA
+cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA
+QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA
+7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA
+cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA
+QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA
+czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu
+aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt
+aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF
+BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp
+D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU
+JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m
+AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD
+vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms
+tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH
+7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
+I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA
+h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF
+d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H
+pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx
+CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ
+WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ
+BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG
+Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/
+yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf
+BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz
+WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF
+tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z
+374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC
+IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL
+mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7
+wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS
+MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2
+ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet
+UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H
+YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3
+LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
+nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1
+RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM
+LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf
+77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N
+JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm
+fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp
+6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp
+1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B
+9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok
+RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv
+uu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE
+BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w
+MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC
+SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1
+ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv
+UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX
+4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9
+KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/
+gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb
+rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ
+51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F
+be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe
+KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F
+v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn
+fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7
+jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz
+ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL
+e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70
+jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz
+WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V
+SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j
+pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX
+X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok
+fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R
+K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU
+ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU
+LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT
+LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP
+Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr
+ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL
+MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1
+yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr
+VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/
+nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG
+XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj
+vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt
+Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g
+N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC
+nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y
+YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua
+kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL
+QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp
+6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG
+yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i
+QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO
+tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu
+QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ
+Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u
+olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48
+x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz
+dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG
+A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U
+cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf
+qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ
+JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ
++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS
+s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5
+HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7
+70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG
+V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S
+qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S
+5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia
+C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX
+OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE
+FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2
+KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B
+8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ
+MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc
+0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ
+u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF
+u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH
+YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8
+GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO
+RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e
+KeC2uAloGRwYQw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ
+cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ
+BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt
+VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D
+0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9
+ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G
+A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs
+aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I
+flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
+ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
+9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
+IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
+VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
+93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
+jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
+A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
+U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
+N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
+o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
+5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
+rqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK
+gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ
+W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg
+1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K
+8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r
+2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me
+z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR
+8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj
+mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz
+7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6
++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI
+0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm
+UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2
+LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS
+k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl
+7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm
+btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl
+urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+
+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63
+n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE
+76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H
+9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT
+4PsJYGw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5
+MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
+Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
+A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
+Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl
+ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr
+ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr
+BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM
+YyRIHN8wfdVoOw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5
+MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
+Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
+A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
+Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi
+9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk
+M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB
+MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw
+CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW
+1KyLa2tJElMzrdfkviT8tQp21KW8EA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE
+AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG
+EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM
+FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC
+REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp
+Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM
+VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+
+SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ
+4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L
+cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi
+eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG
+A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
+DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j
+vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP
+DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc
+maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D
+lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv
+KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE
+BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h
+cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy
+MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg
+Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9
+thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM
+cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG
+L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i
+NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h
+X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b
+m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy
+Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja
+EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T
+KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF
+6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh
+OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD
+VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv
+ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl
+AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF
+661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9
+am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1
+ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481
+PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS
+3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k
+SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF
+3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM
+ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g
+StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz
+Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB
+jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg
+Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow
+TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw
+HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr
+6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV
+L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91
+1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx
+MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ
+QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB
+arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr
+Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi
+FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS
+P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN
+9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz
+uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h
+9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
+A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t
+OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo
++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7
+KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2
+DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us
+H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ
+I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7
+5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h
+3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz
+Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg
+Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow
+TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw
+HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y
+ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E
+N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9
+tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX
+0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c
+/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X
+KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY
+zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS
+O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D
+34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP
+K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv
+Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj
+QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
+cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS
+IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2
+HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa
+O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv
+033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u
+dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE
+kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41
+3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD
+u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq
+4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
+BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu
+MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy
+MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx
+EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe
+NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH
+PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I
+x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe
+QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR
+yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO
+QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912
+H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ
+QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD
+i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs
+nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1
+rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI
+hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
+tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf
+GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb
+lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka
++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal
+TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i
+nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3
+gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr
+G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os
+zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x
+L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD
+TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx
+MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j
+aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP
+T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03
+sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL
+TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5
+/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp
+7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz
+EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt
+hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP
+a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot
+aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg
+TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV
+PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv
+cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL
+tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
+BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
+ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT
+ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL
+jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS
+ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy
+P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19
+xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d
+Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN
+5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe
+/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z
+AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ
+5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
+MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW
+/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
+PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY
+SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
+IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
+zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
+BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
+ZQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT
+IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw
+MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
+ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
+T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR
+FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
+cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
+BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
+fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
+GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
+hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
+BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
+MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
+EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
+6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
+pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
+9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
+/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
+Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
+qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
+SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
+u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
+Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
+crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
+wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
+4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
+2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
+FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
+CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
+boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
+jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
+S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
+QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
+0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
+NVOFBkpdn627G190
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV
+BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X
+DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ
+BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4
+QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny
+gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw
+zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q
+130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2
+JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw
+ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT
+AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj
+AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG
+9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h
+bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc
+fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu
+HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w
+t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
+MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
+ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
+cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
+WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
+Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
+IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
+UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
+TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
+BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
+kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
+AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
+sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
+I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
+J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
+VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB
+gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu
+QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG
+A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz
+OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ
+VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3
+b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA
+DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn
+0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB
+OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE
+fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E
+Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m
+o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i
+sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW
+OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez
+Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS
+adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n
+3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ
+F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf
+CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29
+XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm
+djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/
+WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb
+AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq
+P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko
+b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj
+XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P
+5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi
+DrW5viSP
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
+A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
+bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE
+ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS
+b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5
+7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS
+J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y
+HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP
+t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz
+FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY
+XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw
+hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js
+MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA
+A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
+Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx
+XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o
+omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc
+A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
+WL1WMRJOEcgh4LMRkWXbtKaIOM5V
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD
+bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha
+ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM
+HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03
+UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42
+tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R
+ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM
+lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp
+/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G
+A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy
+MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl
+cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js
+L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL
+BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni
+acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
+o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K
+zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8
+PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y
+Johw1+qRzT65ysCQblrGXnRl11z+o+I=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD
+bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw
+NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV
+BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn
+ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0
+3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z
+qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR
+p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8
+HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw
+ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea
+HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw
+Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh
+c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E
+RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt
+dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku
+Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp
+3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
+nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF
+CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na
+xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX
+KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
+JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
+mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
+AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
+AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
+pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
+dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
+fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
+NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
+H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA
+n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc
+biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp
+EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA
+bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu
+YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB
+AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW
+BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI
+QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I
+0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni
+lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9
+B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv
+ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
+IhNzbM8m9Yop5w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg
+RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu
+Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf
+Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q
+RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD
+AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY
+JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv
+6pZjamVFkpUBtA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
+5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
+1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
+NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
+Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
+8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
+pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe
+Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw
+EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
+IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF
+K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG
+fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO
+Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd
+BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx
+AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/
+oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8
+sycX
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg
+RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu
+Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y
+ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If
+xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV
+ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO
+DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ
+jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/
+CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi
+EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM
+fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY
+uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK
+chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t
+9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
+ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2
+SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd
++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc
+fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa
+sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N
+cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N
+0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie
+4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI
+r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
+/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm
+gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV
+BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC
+aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV
+BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1
+Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz
+MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+
+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp
+em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY
+B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH
+D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF
+Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo
+q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D
+k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH
+fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut
+dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM
+ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8
+zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX
+U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6
+Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5
+XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF
+Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR
+HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY
+GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c
+77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3
++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK
+vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6
+FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl
+yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P
+AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD
+y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
+NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB
+8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy
+dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1
+YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3
+dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh
+IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD
+LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG
+EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g
+KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD
+ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu
+bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg
+ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R
+85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm
+4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV
+HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd
+QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t
+lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB
+o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4
+opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo
+dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW
+ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN
+AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y
+/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k
+SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy
+Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS
+Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl
+nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3
+MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub
+j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
+U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
+u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
+fF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
+Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
+KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
+NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
+NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
+ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
+BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
+Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
+4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
+KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
+rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
+94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
+sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
+gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
+kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
+vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
+O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
+AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
+9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
+eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
+0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG
+A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
+d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
+dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq
+RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy
+MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD
+VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
+L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g
+Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
+ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
+Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
+R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
+hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
+cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
+IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
+dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
+NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
+dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
+dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
+aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
+RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
+cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
+wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
+U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
+jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
+BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
+jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
+1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
+nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
+VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE
+BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
+IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0
+MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV
+BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w
+HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj
+Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj
+TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u
+KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj
+qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm
+MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12
+ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP
+zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk
+L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC
+jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA
+HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC
+AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
+p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm
+DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5
+COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry
+L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf
+JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg
+IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io
+2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV
+09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ
+XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq
+T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe
+MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk
+MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH
+bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX
+DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD
+QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ
+FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F
+uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX
+kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs
+ewv4n4Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk
+MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH
+bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX
+DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD
+QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc
+8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke
+hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI
+KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg
+515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO
+xwy8p2Fp8fc74SrL+SvzZpA3
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg
+MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh
+bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx
+MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET
+MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI
+xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k
+ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD
+aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw
+LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw
+1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX
+k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2
+SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h
+bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n
+WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY
+rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce
+MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu
+bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
+nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt
+Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61
+55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj
+vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf
+cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz
+oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp
+nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs
+pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v
+JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R
+8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4
+5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
+AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
+E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
+/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
+DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
+GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
+tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
+WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
+9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
+gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
+2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
+4uJEvlz36hz1
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN
+BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
+c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl
+bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv
+b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ
+BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj
+YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5
+MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0
+dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg
+QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa
+jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi
+C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep
+lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof
+TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix
+RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1
+dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p
+YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw
+NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK
+EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl
+cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
+c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz
+dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ
+fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns
+bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD
+75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP
+FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp
+5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu
+b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
+A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p
+6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
+TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7
+dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys
+Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI
+l7WdmplNsDz4SgCbZN2fOUvRJ9e4
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix
+DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k
+IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT
+N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v
+dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG
+A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh
+ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx
+QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1
+dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA
+4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0
+AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10
+4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C
+ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV
+9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD
+gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6
+Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq
+NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko
+LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
+Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd
+ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I
+XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI
+M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot
+9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V
+Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea
+j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh
+X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ
+l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf
+bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4
+pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK
+e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0
+vm9qp/UsQu0yrbYhnr68
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
+FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG
+A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ
+jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn
+PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh
+ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9
+nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h
+q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED
+MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC
+mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
+7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
+oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
+EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
+fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
+AmvZWg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu
+VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw
+MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw
+JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT
+3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU
++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
+S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1
+bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
+T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL
+vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK
+Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK
+dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT
+c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv
+l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N
+iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD
+ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt
+LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93
+nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3
++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK
+W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT
+AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq
+l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
+4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ
+mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
+7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu
+VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN
+MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0
+MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7
+ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy
+RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS
+bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF
+/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R
+3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw
+EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy
+9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V
+GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ
+2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV
+WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD
+W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN
+AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
+t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV
+DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9
+TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G
+lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW
+mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df
+WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5
++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ
+tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA
+GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv
+8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6
+ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD
+VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j
+b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq
+scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO
+xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H
+LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX
+uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD
+yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+
+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q
+rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN
+BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L
+hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB
+QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+
+HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu
+Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg
+QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB
+BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA
+A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb
+laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56
+awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo
+JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw
+LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT
+VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk
+LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb
+UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/
+QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+
+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls
+QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0
+ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y
+OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx
+FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp
+Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP
+kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc
+cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U
+fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7
+N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC
+xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1
++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM
+Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG
+SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h
+mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk
+ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c
+2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t
+HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG
+EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3
+MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR
+dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB
+pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM
+b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz
+IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT
+lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz
+AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5
+VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG
+ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2
+BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG
+AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M
+U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh
+bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C
++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F
+uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
+XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV
+UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO
+ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz
+c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP
+OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl
+mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF
+BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4
+qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw
+gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu
+bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
+dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8
+6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/
+h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH
+/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
+pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt
+MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg
+Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i
+YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x
+CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG
+b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
+bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3
+HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx
+WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX
+1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk
+u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P
+99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r
+M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB
+BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh
+cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5
+gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO
+ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf
+aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
+Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw
+CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91
+bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg
+Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ
+BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu
+ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS
+b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni
+eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W
+p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T
+rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV
+57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg
+Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
+BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00
+MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV
+wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe
+rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341
+68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh
+4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp
+UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o
+abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc
+3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G
+KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt
+hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO
+Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt
+zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD
+ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
+MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2
+cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN
+qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5
+YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv
+b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2
+8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k
+NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj
+ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp
+q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt
+nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa
+GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg
+Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J
+WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB
+rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp
++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1
+ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i
+Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz
+PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og
+/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH
+oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
+yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2
+A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL
+MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f
+BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn
+g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl
+fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K
+WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha
+B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc
+hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
+TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
+mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
+ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
+4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
+8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
+BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00
+MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf
+qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW
+n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym
+c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+
+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1
+o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j
+IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq
+IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz
+8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh
+vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l
+7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG
+cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD
+ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
+AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC
+roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga
+W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n
+lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE
++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV
+csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd
+dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg
+KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM
+HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4
+WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM
+V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB
+4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr
+H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv
+vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT
+mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe
+btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc
+T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt
+WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ
+c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
+4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD
+VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0
+aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw
+czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G
+A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg
+Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0
+7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd
++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B
+4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN
+t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
+DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
+k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
+zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
+Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
+mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
+BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00
+MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR
+/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu
+FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR
+U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c
+ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR
+FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k
+A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw
+eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl
+sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp
+VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q
+A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+
+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD
+ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
+KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI
+FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv
+oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg
+u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP
+0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf
+3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl
+8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+
+DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN
+PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/
+ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC
+VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T
+U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx
+NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv
+dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv
+bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA
+VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku
+WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP
+MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX
+5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ
+ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg
+h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV
+BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE
+CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy
+MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G
+A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD
+DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq
+M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf
+OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa
+4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9
+HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR
+aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA
+b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ
+Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV
+PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO
+pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu
+UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY
+MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
+HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4
+9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW
+s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5
+Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg
+cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM
+79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz
+/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt
+ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm
+Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK
+QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ
+w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi
+S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07
+mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC
+VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T
+U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz
+WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0
+b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS
+b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI
+7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg
+CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud
+EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD
+VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T
+kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+
+gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE
+BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK
+DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz
+OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv
+dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
+bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R
+xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX
+qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC
+C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3
+6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh
+/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF
+YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E
+JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc
+US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8
+ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm
++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi
+M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G
+A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV
+cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc
+Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs
+PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/
+q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0
+cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr
+a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I
+H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y
+K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu
+nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf
+oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY
+Ic2wBlX7Jz9TkHCpBB5XJ7k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL
+BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6
+ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw
+NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L
+cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg
+Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN
+QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT
+3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw
+3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6
+3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5
+BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN
+XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF
+AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw
+8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG
+nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP
+oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy
+d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg
+LvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr
+MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG
+A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0
+MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp
+Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD
+QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz
+i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8
+h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV
+MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9
+UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni
+8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC
+h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
+AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm
+KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ
+X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr
+QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5
+pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN
+QSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
+MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
+cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz
+Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO
+0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao
+wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj
+7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT
+BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
+6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/
+3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm
+D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS
+CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
+MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg
+Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa
+/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ
+jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI
+HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7
+sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w
+gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO
+H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm
+I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY
+iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl
+MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX
+DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy
+dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj
+YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV
+OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr
+zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM
+VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ
+hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO
+ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
+awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs
+OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF
+coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc
+okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8
+t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
+1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/
+SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
+MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
+dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
+WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
+9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
+DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
+Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
+QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
+xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
+A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
+kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
+Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
+Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
+JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
+RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO
+TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y
+MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg
+TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS
+b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS
+M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC
+UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d
+Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p
+rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l
+pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb
+j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC
+KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS
+/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X
+cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH
+1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP
+px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7
+MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI
+eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u
+2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS
+v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC
+wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy
+CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e
+vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6
+Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa
+Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL
+eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8
+FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc
+7uzXLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
+MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
+aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg
+nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1
+HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N
+Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0
+HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G
+CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
+sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
+4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
+8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
+mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
+ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
+ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
+dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
+OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
+8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
+Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
+hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
+6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
+AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
+bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
+ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
+qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
+0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
+sSi6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
+biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
+MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
+d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8
+76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+
+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c
+6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE
+emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd
+MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt
+MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y
+MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
+FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi
+aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
+gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB
+qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7
+lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn
+8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6
+45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO
+UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
+O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC
+bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv
+GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a
+77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
+hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
+92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
+Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
+ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
+Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
+IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
+RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
+U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
+Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
+YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
+nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
+6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
+eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
+c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
+MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
+HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
+jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
+5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
+rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
+wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
+AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
+WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
+xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
+2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
+IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
+aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
+em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
+dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
+OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
+tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
+AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
+FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
+1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
+jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
+wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
+WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
+NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
+IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
+g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
+BSeOE6Fuwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN
+8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/
+RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4
+hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5
+ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM
+EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1
+A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy
+WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ
+1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30
+6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT
+91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p
+TpPDpFQUWw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx
+GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp
+bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w
+KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0
+BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy
+dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG
+EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll
+IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU
+QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT
+TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg
+LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7
+a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr
+LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr
+N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X
+YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/
+iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f
+AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH
+V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh
+AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf
+IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4
+lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c
+8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf
+lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx
+EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT
+VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5
+NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT
+B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF
+10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz
+0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh
+MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH
+zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc
+46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2
+yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi
+laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP
+oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA
+BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE
+qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm
+4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL
+1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
+LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF
+H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo
+RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+
+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh
+15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW
+6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW
+nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j
+wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz
+aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy
+KwbQBM0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES
+MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU
+V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz
+WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO
+LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE
+AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH
+K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX
+RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z
+rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx
+3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq
+hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC
+MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls
+XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D
+lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn
+aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ
+YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw
+NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv
+b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD
+VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F
+VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1
+7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X
+Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+
+/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs
+81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm
+dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe
+Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu
+sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4
+pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs
+slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ
+arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD
+VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG
+9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl
+dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
+0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj
+TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed
+Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7
+Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI
+OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7
+vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW
+t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn
+HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx
+SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk
+MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U
+cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y
+IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV
+BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw
+IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy
+dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig
+RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb
+3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA
+BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5
+3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou
+owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/
+wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF
+ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf
+BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/
+MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv
+civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2
+AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F
+hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50
+soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI
+WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi
+tJ/X5g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD
+VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk
+MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U
+cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y
+IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB
+pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h
+IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG
+A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU
+cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid
+RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V
+seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme
+9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV
+EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW
+hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/
+DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD
+ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I
+/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf
+ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ
+yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts
+L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN
+zl/HHk484IkzlQsPpTLWPFp5LBk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV
+BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw
+IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy
+dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig
+Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk
+MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg
+Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD
+VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy
+dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+
+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq
+1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp
+2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK
+DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape
+az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF
+3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88
+oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM
+g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3
+mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh
+8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd
+BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U
+nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw
+DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX
+dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+
+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL
+/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX
+CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa
+ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW
+2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7
+N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3
+Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB
+As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp
+5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu
+1uwJ
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl
+eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT
+JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx
+MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg
+VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo
+I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng
+o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G
+A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB
+zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW
+RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
+MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
+3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
+tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
+Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
+VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
+79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
+c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
+Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
+c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
+UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
+Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
+Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
+VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
+ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
+8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
+iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
+Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
+XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
+qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
+VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
+L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
+jjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
+gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
+UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
+NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
+dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
+dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
+38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
+KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
+DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
+qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
+JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
+PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
+jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
+eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
+ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
+vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
+IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
+i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
+O+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT
+AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD
+QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP
+MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do
+0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ
+UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d
+RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ
+OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv
+JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C
+AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O
+BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ
+LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY
+MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ
+44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I
+Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw
+i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN
+9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe
+MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0
+ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw
+IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL
+SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH
+SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh
+ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X
+DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1
+TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ
+fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA
+sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU
+WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS
+nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH
+dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip
+NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC
+AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF
+MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB
+uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl
+PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP
+JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/
+gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2
+j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6
+5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB
+o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS
+/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z
+Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE
+W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
+hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw
+WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw
+MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x
+MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD
+VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX
+BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO
+ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M
+CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu
+I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm
+TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh
+C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf
+ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz
+IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT
+Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k
+JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5
+hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB
+GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov
+L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo
+dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr
+aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq
+hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L
+6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG
+HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6
+0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB
+lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi
+o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1
+gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v
+faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63
+Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh
+jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw
+3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw
+gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
+Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
+MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
+BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0
+MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1
+c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ
+bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ
+2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E
+T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j
+5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM
+C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T
+DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX
+wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A
+2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm
+nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
+dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl
+N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj
+c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS
+5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS
+Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr
+hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/
+B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI
+AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw
+H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+
+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk
+2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol
+IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk
+5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY
+n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH
+MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
+QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy
+MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl
+cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM
+f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX
+mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7
+zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P
+fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc
+vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4
+Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp
+zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO
+Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW
+k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+
+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF
+lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW
+Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1
+d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z
+XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR
+gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3
+d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv
+J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg
+DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM
++SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy
+F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9
+SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws
+E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH
+MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
+QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy
+MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl
+cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv
+CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg
+GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu
+XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd
+re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu
+PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1
+mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K
+8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj
+x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR
+nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0
+kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok
+twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp
+8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT
+vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT
+z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA
+pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb
+pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB
+R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R
+RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk
+0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC
+5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF
+izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn
+yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
+MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout
+736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A
+DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk
+fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA
+njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw
+CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU
+MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw
+MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp
+Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu
+hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l
+xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0
+CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx
+sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL
+BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ
+SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n
+a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5
+NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT
+CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u
+Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO
+dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI
+VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV
+9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY
+2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY
+vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt
+bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb
+x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+
+l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK
+TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj
+Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
+i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw
+DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG
+7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk
+MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr
+gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk
+GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS
+3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm
+Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+
+l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c
+JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP
+L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa
+LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG
+mpv0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw
+CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD
+VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw
+MTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV
+UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy
+b3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR
+ogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb
+hGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3
+FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV
+L8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB
+iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl
+MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw
+NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
+IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG
+EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N
+aWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ
+Nt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0
+ZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1
+HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm
+gGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ
+jEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc
+aDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG
+YaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6
+W6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K
+UGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH
++FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q
+W5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC
+LgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC
+gMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6
+tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh
+SnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2
+TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3
+pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR
+xpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp
+GWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9
+dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN
+AHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB
+RA+GsCyRxj3qrg+E
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM
+BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG
+T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx
+CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD
+b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA
+iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH
+38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE
+HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz
+kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP
+szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq
+vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf
+nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG
+YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo
+0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a
+CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K
+AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I
+36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN
+qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj
+cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm
++LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL
+hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe
+lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7
+p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8
+piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR
+LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX
+5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO
+dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul
+9XXeifdy
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw
+CQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x
+ITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1
+c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMx
+OTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwI
+SWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBI
+b2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+ALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0Xzn
+swuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu
+7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz8
+1Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW
+80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotP
+JqX+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1l
+RtzuzWniTY+HKE40Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfw
+hI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10
+coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9jaJXLE9gCxInm943xZYkqc
+BW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqjifLJS3tBEW1n
+twiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1Ud
+DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W
+0OhUKDtkLSGm+J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfe
+uyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0Q
+lG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhB
+aCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5RvbbE
+sLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPT
+MaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qe
+qu5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxh
+VicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8
+h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9
+EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTK
+yeC2nOnOcXHebD8WpHk=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf
+BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3
+YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x
+NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G
+A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0
+d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF
+Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN
+FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w
+DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw
+CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh
+DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD
+VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf
+BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3
+YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x
+NzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYDVQQGEwJVUzERMA8G
+A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0
+d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF
+Q0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABGvaDXU1CDFHBa5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJ
+j9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr/TklZvFe/oyujUF5nQlgziip04pt89ZF
+1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G
+A1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNnADBkAjA3
+AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsC
+MGclCrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVu
+Sw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH
+MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF
+eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx
+MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV
+BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog
+D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS
+sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop
+O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk
+sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi
+c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj
+VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz
+KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/
+TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G
+sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs
+1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD
+fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN
+l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
+ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ
+VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5
+c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp
+4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s
+t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj
+2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO
+vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C
+xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx
+cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM
+fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9
+MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH
+bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x
+CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds
+b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr
+b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9
+kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm
+VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R
+VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc
+C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj
+tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY
+D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv
+j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl
+NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6
+iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP
+O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV
+ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj
+L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
+1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl
+1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU
+b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV
+PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj
+y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb
+EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg
+DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI
++Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy
+YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX
+UB+K+wb1whnw0A==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
+BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g
+Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ
+BgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ
+R04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF
+dRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw
+vlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ
+uIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp
+n+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs
+cpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW
+xPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P
+rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF
+DsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx
+DTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy
+LcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C
+eWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ
+d8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq
+kX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC
+b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl
+qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0
+OJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c
+NywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk
+ltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO
+pwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj
+03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk
+PuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE
+1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX
+QRBdJ3NghVdJIgc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV
+BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk
+LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv
+b3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ
+BgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg
+THRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v
+IFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv
+xie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H
+Wyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB
+eAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo
+jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ
++efcMQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG
+EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx
+IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw
+MFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln
+biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND
+IFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci
+MK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti
+sIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O
+BBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
+Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c
+3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J
+0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG
+EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo
+bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
+RzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ
+TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s
+b2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0
+WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS
+fvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB
+zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq
+hkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB
+CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD
++JbNR6iC8hZVdyR+EhCVBCyj
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG
+A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg
+SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw
+MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln
+biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v
+dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ
+BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ
+HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH
+3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH
+GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c
+xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1
+aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq
+TbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87
+/kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4
+kqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG
+YQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT
++xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo
+WXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD
+VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU
+ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH
+MTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO
+MRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv
+Z2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz
+f2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO
+8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq
+d7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM
+tTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt
+Od9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB
+o0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD
+AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x
+PaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM
+wiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d
+GNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH
+6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby
+RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
+iN66zB+Afko=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw
+CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw
+FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S
+Q00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4MTIyMDA5MzczM1oXDTQzMTIyMDA5
+MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4wDAYDVQQL
+DAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNBQyBS
+QUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LH
+sbI6GA60XYyzZl2hNPk2LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oK
+Um8BA06Oi6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqGSM49BAMDA2kAMGYCMQCu
+SuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoDzBOQn5IC
+MQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJy
+v+c=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV
+BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk
+YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV
+BAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN
+MzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF
+UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD
+VQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v
+dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj
+cqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q
+yGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH
+2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX
+H1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL
+zc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR
+p1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz
+W7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/
+SiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn
+LNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3
+n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B
+u8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj
+o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L
+9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej
+rw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK
+pFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0
+vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq
+OknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ
+/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9
+2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI
++PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2
+MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo
+tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw
+CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw
+JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT
+EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0
+WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT
+LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX
+BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE
+KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm
+Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8
+EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J
+UG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn
+nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6
+MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu
+MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV
+BAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw
+MzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg
+U3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ
+n0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q
+p1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq
+NwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF
+8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3
+HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa
+mqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi
+7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF
+ytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P
+qafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ
+v3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6
+Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1
+vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD
+ggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4
+WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo
+zMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR
+5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ
+GfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf
+5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq
+0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D
+P78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM
+qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP
+0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf
+E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx
+CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD
+ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw
+MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex
+HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq
+R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd
+yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ
+7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8
++RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA
+MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD
+VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy
+MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
+c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ
+OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG
+vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud
+316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo
+0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE
+y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF
+zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE
++cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN
+I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs
+x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa
+ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC
+4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4
+7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
+JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti
+2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk
+pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF
+FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt
+rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk
+ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5
+u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP
+4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6
+N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3
+vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG
+A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw
+FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx
+MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u
+aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b
+RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z
+YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3
+QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw
+yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+
+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ
+SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH
+r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0
+4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me
+dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw
+q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2
+nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu
+H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
+VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC
+XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd
+6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf
++I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi
+kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7
+wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB
+TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C
+MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn
+4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I
+aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy
+qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
+-----END CERTIFICATE-----
--- /dev/null
+ePKI_Root_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+Go_Daddy_Root_Certificate_Authority_-_G2.pem
\ No newline at end of file
--- /dev/null
+Izenpe.com.pem
\ No newline at end of file
--- /dev/null
+Security_Communication_RootCA2.pem
\ No newline at end of file
--- /dev/null
+AC_RAIZ_FNMT-RCM.pem
\ No newline at end of file
--- /dev/null
+Amazon_Root_CA_1.pem
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt
\ No newline at end of file
--- /dev/null
+D-TRUST_Root_Class_3_CA_2_EV_2009.pem
\ No newline at end of file
--- /dev/null
+COMODO_RSA_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+QuoVadis_Root_CA_2.pem
\ No newline at end of file
--- /dev/null
+Trustwave_Global_ECC_P384_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+GlobalSign_Root_CA_-_R6.pem
\ No newline at end of file
--- /dev/null
+DigiCert_Global_Root_G3.pem
\ No newline at end of file
--- /dev/null
+Amazon_Root_CA_4.pem
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt
\ No newline at end of file
--- /dev/null
+Certigna.pem
\ No newline at end of file
--- /dev/null
+QuoVadis_Root_CA_3_G3.pem
\ No newline at end of file
--- /dev/null
+Certum_Trusted_Root_CA.pem
\ No newline at end of file
--- /dev/null
+Atos_TrustedRoot_2011.pem
\ No newline at end of file
--- /dev/null
+OISTE_WISeKey_Global_Root_GB_CA.pem
\ No newline at end of file
--- /dev/null
+e-Szigno_Root_CA_2017.pem
\ No newline at end of file
--- /dev/null
+Buypass_Class_3_Root_CA.pem
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
\ No newline at end of file
--- /dev/null
+Comodo_AAA_Services_root.pem
\ No newline at end of file
--- /dev/null
+COMODO_ECC_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+IdenTrust_Commercial_Root_CA_1.pem
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt
\ No newline at end of file
--- /dev/null
+/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt
\ No newline at end of file
--- /dev/null
+Go_Daddy_Class_2_CA.pem
\ No newline at end of file
--- /dev/null
+SSL.com_EV_Root_Certification_Authority_ECC.pem
\ No newline at end of file
--- /dev/null
+Trustwave_Global_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+USERTrust_ECC_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+Security_Communication_Root_CA.pem
\ No newline at end of file
--- /dev/null
+Starfield_Class_2_CA.pem
\ No newline at end of file
--- /dev/null
+SecureTrust_CA.pem
\ No newline at end of file
--- /dev/null
+Certigna_Root_CA.pem
\ No newline at end of file
--- /dev/null
+GLOBALTRUST_2020.pem
\ No newline at end of file
--- /dev/null
+USERTrust_RSA_Certification_Authority.pem
\ No newline at end of file
--- /dev/null
+SZAFIR_ROOT_CA2.pem
\ No newline at end of file
--- /dev/null
+GlobalSign_Root_E46.pem
\ No newline at end of file
--- /dev/null
+TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbWgAwIBAgIUPP4p7J1yEkvAFkIZPQoSrXHLNOcwDQYJKoZIhvcNAQEL
+BQAwEDEOMAwGA1UEAwwFdnBzNzYwHhcNMjIwNjA3MTE1NzQ4WhcNMzIwNjA0MTE1
+NzQ4WjAQMQ4wDAYDVQQDDAV2cHM3NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAKvzxy/Uh0+ScbUids6/TznvVPVCUZlCzhJFdJZ48kfzQ6VB7npHdTZh
+ZHwRYCESEWCeeTygFuDr598o/REHWFO7Ph51AhJru8Kq4DZFPKJK1+y1VNVpBJEm
+pZrgR3t/S7rIKef4WrTH+oM/t1TC+M/U/JtQeIIOoCFOH1exsiGQJ3RtjXly2Pjj
+v7G12XeyUqBkmCkPQASb6nVHNV9vvTNSASypIIm3iDIxvMPrzNAVTLtXJC6tfVKn
+XxoE4l3mOiedd3M6c1PLZWoUnTPcQZ+xvMjZPgMvYAXFdeJWKyfvd1y1x1lTIKmn
+oxElPHJ736FLzI64UaoMkVWLVHCmTnsCAwEAAaMfMB0wCQYDVR0TBAIwADAQBgNV
+HREECTAHggV2cHM3NjANBgkqhkiG9w0BAQsFAAOCAQEAYXUdyCB4zv8yElEiclC9
+zGqdECdUDB1BknhO4kaH/dWOF/T2Mbq0UxXD3uAtbYLVfhc/3K0c6X6mZYrIasTr
+DaI9LSPGRumOp2M4tIBvQWQUYxnXLWu9FhLxKHUJSdnoq/gb6IM+sZ8HUSKNhFfE
+BIcGsKgm+IqBiORXykW1ebvoOyEsinjRNqNJOPKBB+nwoxVD/6pE5N/CSkupNLux
+bTM1odNJkDtSIf+o7gOnRDMTz6mcnioLi4Wbjc5pDyufPFV6REl9cYSgIStQTUtR
+5SOIriflYlmLgFVDJDM3grbKTY3cDmUQ4ml7YaWxvGXrE3cE6aMqrxS6wKWUcG60
+tw==
+-----END CERTIFICATE-----
--- /dev/null
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# Note that you can include other files from the main configuration
+# file using the .include directive.
+#.include filename
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several certs with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+
+x509_extensions = usr_cert # The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = default # use public key default MD
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = critical,CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1 # the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir = ./demoCA # TSA root directory
+serial = $dir/tsaserial # The current serial number (mandatory)
+crypto_device = builtin # OpenSSL engine to use for signing
+signer_cert = $dir/tsacert.pem # The TSA signing certificate
+ # (optional)
+certs = $dir/cacert.pem # Certificate chain to include in reply
+ # (optional)
+signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
+signer_digest = sha256 # Signing digest to use. (Optional)
+default_policy = tsa_policy1 # Policy if request did not specify it
+ # (optional)
+other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
+accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
+clock_precision_digits = 0 # number of digits after dot. (optional)
+ordering = yes # Is ordering defined for timestamps?
+ # (optional, default: no)
+tsa_name = yes # Must the TSA name be included in the reply?
+ # (optional, default: no)
+ess_cert_id_chain = no # Must the ESS cert id chain be included?
+ # (optional, default: no)
+ess_cert_id_alg = sha1 # algorithm to compute certificate
+ # identifier (optional, default: sha1)
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCr88cv1IdPknG1
+InbOv08571T1QlGZQs4SRXSWePJH80OlQe56R3U2YWR8EWAhEhFgnnk8oBbg6+ff
+KP0RB1hTuz4edQISa7vCquA2RTyiStfstVTVaQSRJqWa4Ed7f0u6yCnn+Fq0x/qD
+P7dUwvjP1PybUHiCDqAhTh9XsbIhkCd0bY15ctj447+xtdl3slKgZJgpD0AEm+p1
+RzVfb70zUgEsqSCJt4gyMbzD68zQFUy7VyQurX1Sp18aBOJd5jonnXdzOnNTy2Vq
+FJ0z3EGfsbzI2T4DL2AFxXXiVisn73dctcdZUyCpp6MRJTxye9+hS8yOuFGqDJFV
+i1Rwpk57AgMBAAECggEAYPB/I/zqB7ckuZxjZG1AKgY+XEJ2JDQgXvafItGurVd8
+lGcWHgO5Fd5UOwnEqwA3ocPVz5LlMwpr30iJWxdL+XB/NcZ7U40+/iE9Y/smkswk
+7QLRf7rD41zpUeYNBpeeRv/feDJwWKjBF0tNfNCqWujVPG5icdfy+LPFQbghF3/z
+XnJ2rGG9nGKzHDQMSdeG9HzncxJRYMBiqucI5QSDBCNvsridaSRhksf51eST+Ezk
+YLzwKBGP+eM/HJ7TKKFtambR99rkDhi/9vSrzwRhr06tO5IJ9C7uhrOORO909MiT
+fMed5rsvIQirDhN6tbNH5PoQG3sYm9KQrg1JUj+oKQKBgQDf1hi+hdV111WxCvHB
+HU3wHE1WrYugqUfJhg7uUrCEwqeyWPt2hHGYKJW+hWX3pi0AxfqYU0TjhTSOyrNh
+y8b1+wwnbMxzQ3bC2vNEdTFD1GYfVmLWWRGgeCCy+R9uZYL/8dGr1FHMSBBHUvhi
+e7XNDzTPJrsgOXuMSmmCsORhHwKBgQDEqRtW+QtMrkVJfemVbSnkl0/7kE1jJsu3
+tEAhG2mZuvzjE0hyWVlnGgbjF0u1IeteUMWE32wezjWI9uZbKm2MTfaIlKGe6iBV
+7ZnDwYrGOhlUI2N/2gCSqfKGJEGjHTj2ZmaCs5SN/jgbYCy/vK6u/pT5+QBb5nWl
+tIrmS9obJQKBgDc80Xxq8KOVEVuQdNqQTcR8Z4WFbFiojcOoppSfqVoJ43J6zQuR
+YasIEPQkXWaBBsgTE2V13yE6pR673Qq8TAw1+Ojdy5KCSpOJjtENDqxLhSwkmF2H
+O3dbTc589gm7WVmqJnD+A3WjLwk663r6RoIlR4X7a+Bm7xtO3bzXxHRHAoGAKqZW
+FI2cQrwEsMSK1OpAzJ94LCGGdvth8Ow5gDSWuU1RLNnwu0PfXLnLRpK1y4mYpvKz
+c3aU1zV3bMXG/Xx9F5GM5t/9ER7Ldnc6ArdFpmnRNmsaWA7qUuRigW75gSuEQAPD
+NZNGo2i/uEgqTEbaR39UxcWXq1aWqyI1gW5v1bUCgYEAjjv8/FpvFZAAOW+dUtQ3
+ZG+RmXO98q6zxJqo4MJNRdyfMSB3XlHfAenSalFTrP3Igau8FMkAS/XeMs6kwt4m
+wvSsFoQtjGGBBCMCa79Uy3QYEZkvQpKHzjxqWE3d+Q5UNCf/IZQTRsNcmPFQZ6Zb
+V0Fz9Yei6w9W3s6t4fROFUg=
+-----END PRIVATE KEY-----
--- /dev/null
+shane:165536:65536
+jon:231072:65536
+gg:296608:65536
--- /dev/null
+gamesguru:100000:65536
+shane:165536:65536
+jon:231072:65536
+gg:296608:65536
--- /dev/null
+shane:165536:65536
+jon:231072:65536
+gg:296608:65536
--- /dev/null
+gamesguru:100000:65536
+shane:165536:65536
+jon:231072:65536
+gg:296608:65536
--- /dev/null
+#
+# As of Debian version 1.7.2p1-1, the default /etc/sudoers file created on
+# installation of the package now includes the directive:
+#
+# #includedir /etc/sudoers.d
+#
+# This will cause sudo to read and parse any files in the /etc/sudoers.d
+# directory that do not end in '~' or contain a '.' character.
+#
+# Note that there must be at least one file in the sudoers.d directory (this
+# one will do), and all files in this directory should be mode 0440.
+#
+# Note also, that because sudoers contents can vary widely, no attempt is
+# made to add this directive to existing sudoers files on upgrade. Feel free
+# to add the above directive to the end of your /etc/sudoers file to enable
+# this functionality for existing installations if you wish!
+#
+# Finally, please note that using the visudo command is the recommended way
+# to update sudoers content, since it protects against many failure modes.
+# See the man page for visudo for more information.
+#
--- /dev/null
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+#net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+# Enabling this option disables Stateless Address Autoconfiguration
+# based on Router Advertisements for this host
+#net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all, >1 bitmask of sysrq functions
+# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
+# for what other values do
+#kernel.sysrq=438
+
--- /dev/null
+
+# the following stops low-level messages on console
+kernel.printk = 4 4 1 7
--- /dev/null
+# IPv6 Privacy Extensions (RFC 4941)
+# ---
+# IPv6 typically uses a device's MAC address when choosing an IPv6 address
+# to use in autoconfiguration. Privacy extensions allow using a randomly
+# generated IPv6 address, which increases privacy.
+#
+# Acceptable values:
+# 0 - don’t use privacy extensions.
+# 1 - generate privacy addresses
+# 2 - prefer privacy addresses and use them over the normal addresses.
+net.ipv6.conf.all.use_tempaddr = 2
+net.ipv6.conf.default.use_tempaddr = 2
--- /dev/null
+# These settings are specific to hardening the kernel itself from attack
+# from userspace, rather than protecting userspace from other malicious
+# userspace things.
+#
+#
+# When an attacker is trying to exploit the local kernel, it is often
+# helpful to be able to examine where in memory the kernel, modules,
+# and data structures live. As such, kernel addresses should be treated
+# as sensitive information.
+#
+# Many files and interfaces contain these addresses (e.g. /proc/kallsyms,
+# /proc/modules, etc), and this setting can censor the addresses. A value
+# of "0" allows all users to see the kernel addresses. A value of "1"
+# limits visibility to the root user, and "2" blocks even the root user.
+kernel.kptr_restrict = 1
--- /dev/null
+# These settings eliminate an entire class of security vulnerability:
+# time-of-check-time-of-use cross-privilege attacks using guessable
+# filenames (generally seen as "/tmp file race" vulnerabilities).
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1
--- /dev/null
+# The magic SysRq key enables certain keyboard combinations to be
+# interpreted by the kernel to help with debugging. The kernel will respond
+# to these keys regardless of the current running applications.
+#
+# In general, the magic SysRq key is not needed for the average Ubuntu
+# system, and having it enabled by default can lead to security issues on
+# the console such as being able to dump memory or to kill arbitrary
+# processes including the running screen lock.
+#
+# Here is the list of possible values:
+# 0 - disable sysrq completely
+# 1 - enable all functions of sysrq
+# >1 - enable certain functions by adding up the following values:
+# 2 - enable control of console logging level
+# 4 - enable control of keyboard (SAK, unraw)
+# 8 - enable debugging dumps of processes etc.
+# 16 - enable sync command
+# 32 - enable remount read-only
+# 64 - enable signalling of processes (term, kill, oom-kill)
+# 128 - allow reboot/poweroff
+# 256 - allow nicing of all RT tasks
+#
+# For example, to enable both control of console logging level and
+# debugging dumps of processes: kernel.sysrq = 10
+#
+kernel.sysrq = 176
--- /dev/null
+
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks.
+net.ipv4.conf.default.rp_filter=2
+net.ipv4.conf.all.rp_filter=2
+
--- /dev/null
+# The PTRACE system is used for debugging. With it, a single user process
+# can attach to any other dumpable process owned by the same user. In the
+# case of malicious software, it is possible to use PTRACE to access
+# credentials that exist in memory (re-using existing SSH connections,
+# extracting GPG agent information, etc).
+#
+# A PTRACE scope of "0" is the more permissive mode. A scope of "1" limits
+# PTRACE only to direct child processes (e.g. "gdb name-of-program" and
+# "strace -f name-of-program" work, but gdb's "attach" and "strace -fp $PID"
+# do not). The PTRACE scope is ignored when a user has CAP_SYS_PTRACE, so
+# "sudo strace -fp $PID" will work as before. For more details see:
+# https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace
+#
+# For applications launching crash handlers that need PTRACE, exceptions can
+# be registered by the debugee by declaring in the segfault handler
+# specifically which process will be using PTRACE on the debugee:
+# prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
+#
+# In general, PTRACE is not needed for the average running Ubuntu system.
+# To that end, the default is to set the PTRACE scope to "1". This value
+# may not be appropriate for developers or servers with only admin accounts.
+kernel.yama.ptrace_scope = 1
--- /dev/null
+# Protect the zero page of memory from userspace mmap to prevent kernel
+# NULL-dereference attacks against potential future kernel security
+# vulnerabilities. (Added in kernel 2.6.23.)
+#
+# While this default is built into the Ubuntu kernel, there is no way to
+# restore the kernel default if the value is changed during runtime; for
+# example via package removal (e.g. wine, dosemu). Therefore, this value
+# is reset to the secure default each time the sysctl values are loaded.
+vm.mmap_min_addr = 65536
--- /dev/null
+# Shared memory settings for PostgreSQL on Linux
+
+# The settings here are upper limits; performance is not affected if the
+# settings are larger than necessary. If other programs use shared memory as
+# well, you will have to coordinate the size settings between them.
+
+# Maximum size of a single shared memory segment in bytes
+#kernel.shmmax = 33554432
+
+# Maximum total size of all shared memory segments in pages (normally 4096 bytes)
+#kernel.shmall = 2097152
+
--- /dev/null
+../sysctl.conf
\ No newline at end of file
--- /dev/null
+Kernel system variables configuration files
+
+Files found under the /etc/sysctl.d directory that end with .conf are
+parsed within sysctl(8) at boot time. If you want to set kernel variables
+you can either edit /etc/sysctl.conf or make a new file.
+
+The filename isn't important, but don't make it a package name as it may clash
+with something the package builder needs later. It must end with .conf though.
+
+My personal preference would be for local system settings to go into
+/etc/sysctl.d/local.conf but as long as you follow the rules for the names
+of the file, anything will work. See sysctl.conf(8) man page for details
+of the format.
+
+After making any changes, please run "service procps reload" (or, from
+a Debian package maintainer script "deb-systemd-invoke restart procps.service").
--- /dev/null
+# sysstat configuration file. See sysstat(5) manual page.
+
+# How long to keep log files (in days).
+# Used by sa2(8) script
+# If value is greater than 28, then use sadc's option -D to prevent older
+# data files from being overwritten. See sadc(8) and sysstat(5) manual pages.
+HISTORY=7
+
+# Compress (using xz, gzip or bzip2) sa and sar files older than (in days):
+COMPRESSAFTER=10
+
+# Parameters for the system activity data collector (see sadc(8) manual page)
+# which are used for the generation of log files.
+# By default contains the `-S DISK' option responsible for generating disk
+# statisitcs. Use `-S XALL' to collect all available statistics.
+SADC_OPTIONS="-S DISK"
+
+# Directory where sa and sar files are saved. The directory must exist.
+SA_DIR=/var/log/sysstat
+
+# Compression program to use.
+ZIP="xz"
+
+# By default sa2 script generates yesterday's summary, since the cron job
+# usually runs right after midnight. If you want sa2 to generate the summary
+# of the same day (for example when cron job runs at 23:53) set this variable.
+#YESTERDAY=no
+
+# By default sa2 script generates reports files (the so called sarDD files).
+# Set this variable to false to disable reports generation.
+#REPORTS=false
+
+# The sa1 and sa2 scripts generate system activity data and report files in
+# the /var/log/sysstat directory. By default the files are created with umask 0022
+# and are therefore readable for all users. Change this variable to restrict
+# the permissions on the files (e.g. use 0027 to adhere to more strict
+# security standards).
+UMASK=0022
--- /dev/null
+#
+# sysstat.ioconf
+#
+# Copyright (C) 2004, Red Hat, Inc.
+#
+# Maintained by Sebastien Godard (sysstat [at] orange.fr)
+#
+# This file gives iostat and sadc a clue about how to find whole
+# disk devices in /proc/partitions and /proc/diskstats
+# Authoritative source is: linux/Documentation/devices.txt or
+# linux/Documentation/admin-guide/devices.txt
+#
+# line format, general record:
+# major:name:ctrlpre:ctrlno:devfmt:devcnt:partpre:partcnt:description
+#
+# major: major # for device
+# name: base of device name
+# ctrlpre: string to use in generating controller designators
+# eg: the c in c0d2p6, decimal formatting implied
+# '*' means none or irrelevant
+# 'x': exception... record contains a specific name
+# for a specific minor #, stored in the ctrlno field
+# ctrlno: which controller of this type is this
+# devfmt: type of device naming convention
+# a: alpha: xxa, xxb, ... xxaa, xxab, ... xxzz
+# %string: string to use in generating drive designators,
+# eg: the 'd' in c0d2p6 , decimal formatting implied
+# d: no special translations (decimal formatting)
+# devcnt: how many whole devs per major number
+# partpre: appended to whole dev before part designator
+# eg. the p in c0d2p6, decimal formatting implied
+# '*' means none
+# partcnt: number of partitions per volume
+# or minor # for exception records
+# description: informative text
+#
+# line format, indirect record:
+# major:base_major:ctrlno[:[desc]]
+#
+# major: major number of the device
+# base_major: major number of the template for this type,
+# 0 for not supported
+# ctrlno: controller number of this type
+# desc: controller-specific description
+# if absent the desc from base_major will be
+# used in sprintf( buf, desc, ctrlno )
+
+
+1:ram:*:0:d:256:*:1:RAM disks (ram0..ram255)
+1:initrd:x:250:d:256:*:1:Initial RAM Disk (initrd)
+
+#2:0:0:Floppy Devices
+2:fd:*:0:d:4:*:1:Floppy Devices fd0,fd1,fd2,fd3
+
+3:hd:*:0:a:2:*:64:IDE - Controller %d
+22:3:1:
+33:3:2:
+34:3:3:
+56:3:4:
+57:3:5:
+88:3:6:
+89:3:7:
+90:3:8:
+91:3:9:
+
+#4:0:0:NODEV
+#5:0:0:NODEV
+#6:0:0:NODEV
+7:loop:*:0:d:256:*:1:Loop Devices
+
+8:sd:*:0:a:16:*:16:SCSI - Controller %d
+65:8:1:
+66:8:2:
+67:8:3:
+68:8:4:
+69:8:5:
+70:8:6:
+71:8:7:
+128:8:8:
+129:8:9:
+130:8:10:
+131:8:11:
+132:8:12:
+133:8:13:
+134:8:14:
+135:8:15:
+
+9:md:*:0:d:256:*:1:Metadisk (Software RAID) devices (md0..md255)
+
+#10:0:0:NODEV
+
+#11:sr:*:0:d:256:*:1:CDROM - CDROM (sr0..sr255) (deprecated)
+11:scd:*:0:d:256:*:1:CDROM - CDROM (scd0..scd255)
+
+#12:0:0:MSCDEX CD-ROM Callback
+
+13:xd:*:0:a:2:*:64:8-bit MFM/RLL/IDE controller (xda, xdb)
+
+#14:0:0:BIOS Hard Drive Callback
+#15:0:0:CDROM - Sony CDU-31A/CDU-33A
+#16:0:0:CDROM - Goldstar
+#17:0:0:CDROM - Optics Storage
+#18:0:0:CDROM - Sanyo
+
+19:double:*:0:d:256:*:1:Compressed Disk (double0..double255)
+
+#20:0:0:CDROM - Hitachi
+
+21:mfm:*:0:a:2:*:64:Acorn MFM Hard Drive (mfma, mfmb)
+
+# 22: see IDE, dev 3
+
+#23:0:0:CDROM - Mistumi Proprietary
+#24:0:0:CDROM - Sony CDU-535
+#25:0:0:CDROM - Matsushita (Panasonic/Soundblaster) #1
+#26:0:1:CDROM - Matsushita (Panasonic/Soundblaster) #2
+#27:0:2:CDROM - Matsushita (Panasonic/Soundblaster) #3
+#28:0:3:CDROM - Matsushita (Panasonic/Soundblaster) #4
+# 28:0:0:! ACSI (Atari) Disk Not Supported
+#29:0:0:CDROM - Aztech/Orchid/Okano/Wearnes
+#30:0:0:CDROM - Philips LMS CM-205
+#31:0:0:ROM/flash Memory Card
+#32:0:0:CDROM - Phillips LMS CM-206
+
+# 33: See IDE, dev 3
+# 34: See IDE, dev 3
+
+#35:0:0:Slow Memory RAM Disk
+
+36:ed:*:0:a:2:*:64:MCA ESDI Hard Disk (eda, edb)
+
+#37:0:0:Zorro II Ram Disk
+#38:0:0:Reserved For Linux/AP+
+#39:0:0:Reserved For Linux/AP+
+#40:0:0:Syquest EZ135 Parallel Port Drive
+#41:0:0:CDROM - MicroSolutions Parallel Port BackPack
+#42:0:0:For DEMO Use Only
+
+43:nb:*:0:d:256:*:1:Network Block devices (nb0..nb255)
+44:ftl:*:0:a:16:*:16:Flash Translation Layer (ftla..ftlp)
+45:pd:*:0:a:4:*:16:Parallel Port IDE (pda..pdd)
+
+#46:0:0:CDROM - Parallel Port ATAPI
+
+47:pf:*:0:d:256:*:1:Parallel Port ATAPI Disk Devices (pf0..pf255)
+
+48:rd:/c:0:%d:32:p:8:Mylex DAC960 RAID, Controller %d
+49:48:1:
+50:48:2:
+51:48:3:
+52:48:4:
+53:48:5:
+54:48:6:
+55:48:7:
+136:48:8:
+137:48:9:
+138:48:10:
+139:48:11:
+140:48:12:
+141:48:13:
+142:48:14:
+143:48:15:
+
+# 56, 57: see IDE, dev 3:
+
+58:lvm:*:0:d:256:*:1:Logical Volume Manager (lvm0..lvm255)
+
+#59:0:0:PDA Filesystem Device
+#60:0:0:Local/Experimental Use
+#61:0:0:Local/Experimental Use
+#62:0:0:Local/Experimental Use
+#63:0:0:Local/Experimental Use
+#64:0:0:NODEV
+
+# 65..71: See SCSI, dev 8:
+
+72:ida/:c:0:%d:16:p:16:Compaq Intelligent Drive Array - Controller %d
+73:72:1:
+74:72:2:
+75:72:3:
+76:72:4:
+77:72:5:
+78:72:6:
+79:72:7:
+
+80:i2o/hd:*:0:a:16:*:16:I2O Disk - Controller %d
+81:80:1:
+82:80:2:
+83:80:3:
+84:80:4:
+85:80:5:
+86:80:6:
+87:80:7:
+
+# 88..91: see IDE, dev 3:
+
+#92:0:0:PPDD Encrypted Disk
+#93:0:0:NAND Flash Translation Layer not supported
+
+94:dasd:*:0:a:64:*:4:IBM S/390 DASD Block Storage (dasda, dasdb, ...)
+
+#95:0:0:IBM S/390 VM/ESA Minidisk
+#96:0:0:NODEV
+#97:0:0:CD/DVD packed writing devices not supported
+
+98:ubd:*:0:d:256:*:1:User-mode Virtual Block Devices (ubd0..ubd256)
+
+#99:0:0:JavaStation Flash Disk
+#100:0:0:NODEV
+
+101:amiraid/ar:*:0:d:16:p:16:AMI HyperDisk RAID (amiraid/ar0 - amiraid/ar15)
+
+#102:0:0:Compressed Block Device
+#103:0:0:Audit Block Device
+
+104:cciss:/c:0:%d:16:p:16:HP SA 5xxx/6xxx (cciss) Controller %d
+105:104:1:
+106:104:2:
+107:104:3:
+108:104:4:
+109:104:5:
+110:104:6:
+111:104:7:
+
+112:iseries/vd:*:0:a:32:*:8:IBM iSeries Virtual Disk (.../vda - .../vdaf)
+
+#113:0:0:CDROM - IBM iSeries Virtual
+
+# 114..159 NODEV
+
+120:emcpower:*:0:a:16:*:16:EMC PowerPath Unit %d
+
+#160:sx8/:*:0:d:8:p:32:Promise SATA SX8 Unit %d
+#161:160:1:
+160:carmel/:*:0:d:8:p:32:Carmel 8-port SATA Disks (carmel/0 - carmel/7)
+161:160:1:
+
+# 162..198 UNUSED
+
+180:ub:*:0:a:32:p:8:USB block devices
+
+#199:0:0:Veritas Volume Manager (VxVM) Volumes
+#200:0:0:NODEV
+#201:0:0:Veritas VxVM Dynamic Multipathing Driver
+
+202:xvd:*:0:a:16:p:16:Xen Virtual Block Device
+
+# 203..230: UNUSED
+
+232:emcpower:*:0:a:16:*:16:EMC PowerPath Unit %d
+233:232:1:
+234:232:2:
+235:232:3:
+236:232:4:
+237:232:5:
+238:232:6:
+239:232:7:
+240:232:8:
+241:232:9:
+242:232:10:
+243:232:11:
+244:232:12:
+245:232:13:
+246:232:14:
+247:232:15:
+
+# 240..254: LOCAL/Experimental
+
+256:rfd:*:0:a:16:*:16:Resident Flash Disk Flash Translation Layer (rfda..rfdp)
+
+257:ssfdc:*:0:a:8:*:8:SSFDC Flash Translation Layer filesystem (ssfdca..ssfdch)
+
+258:blockrom:*:0:d:256:*:1:ROM/Flash Read-Only Translation Layer (blockrom0...)
+
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See journald.conf(5) for details.
+
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=10000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+#RuntimeMaxUse=
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+#ForwardToSyslog=yes
+#ForwardToKMsg=no
+#ForwardToConsole=no
+#ForwardToWall=yes
+#TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+#MaxLevelConsole=info
+#MaxLevelWall=emerg
+#LineMax=48K
+#ReadKMsg=yes
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See logind.conf(5) for details.
+
+[Login]
+#NAutoVTs=6
+#ReserveVT=6
+#KillUserProcesses=no
+#KillOnlyUsers=
+#KillExcludeUsers=root
+#InhibitDelayMaxSec=5
+#HandlePowerKey=poweroff
+#HandleSuspendKey=suspend
+#HandleHibernateKey=hibernate
+#HandleLidSwitch=suspend
+#HandleLidSwitchExternalPower=suspend
+#HandleLidSwitchDocked=ignore
+#PowerKeyIgnoreInhibited=no
+#SuspendKeyIgnoreInhibited=no
+#HibernateKeyIgnoreInhibited=no
+#LidSwitchIgnoreInhibited=yes
+#HoldoffTimeoutSec=30s
+#IdleAction=ignore
+#IdleActionSec=30min
+#RuntimeDirectorySize=10%
+#RemoveIPC=yes
+#InhibitorsMax=8192
+#SessionsMax=8192
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See networkd.conf(5) for details
+
+[Network]
+#SpeedMeter=no
+#SpeedMeterIntervalSec=10sec
+
+[DHCP]
+#DUIDType=vendor
+#DUIDRawData=
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See pstore.conf(5) for details.
+
+[PStore]
+#Storage=external
+#Unlink=yes
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See resolved.conf(5) for details
+
+[Resolve]
+#DNS=
+#FallbackDNS=
+#Domains=
+#LLMNR=no
+#MulticastDNS=no
+#DNSSEC=no
+#DNSOverTLS=no
+#Cache=no-negative
+#DNSStubListener=yes
+#ReadEtcHosts=yes
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See systemd-sleep.conf(5) for details
+
+[Sleep]
+#AllowSuspend=yes
+#AllowHibernation=yes
+#AllowSuspendThenHibernate=yes
+#AllowHybridSleep=yes
+#SuspendMode=
+#SuspendState=mem standby freeze
+#HibernateMode=platform shutdown
+#HibernateState=disk
+#HybridSleepMode=suspend platform shutdown
+#HybridSleepState=disk
+#HibernateDelaySec=180min
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See systemd-system.conf(5) for details.
+
+[Manager]
+#LogLevel=info
+#LogTarget=journal-or-kmsg
+#LogColor=yes
+#LogLocation=no
+#DumpCore=yes
+#ShowStatus=yes
+#CrashChangeVT=no
+#CrashShell=no
+#CrashReboot=no
+#CtrlAltDelBurstAction=reboot-force
+#CPUAffinity=1 2
+#NUMAPolicy=default
+#NUMAMask=
+#RuntimeWatchdogSec=0
+#RebootWatchdogSec=10min
+#ShutdownWatchdogSec=10min
+#KExecWatchdogSec=0
+#WatchdogDevice=
+#CapabilityBoundingSet=
+#NoNewPrivileges=no
+#SystemCallArchitectures=
+#TimerSlackNSec=
+#StatusUnitFormat=description
+#DefaultTimerAccuracySec=1min
+#DefaultStandardOutput=journal
+#DefaultStandardError=inherit
+#DefaultTimeoutStartSec=90s
+#DefaultTimeoutStopSec=90s
+#DefaultTimeoutAbortSec=
+#DefaultRestartSec=100ms
+#DefaultStartLimitIntervalSec=10s
+#DefaultStartLimitBurst=5
+#DefaultEnvironment=
+#DefaultCPUAccounting=no
+#DefaultIOAccounting=no
+#DefaultIPAccounting=no
+#DefaultBlockIOAccounting=no
+#DefaultMemoryAccounting=yes
+#DefaultTasksAccounting=yes
+#DefaultTasksMax=
+#DefaultLimitCPU=
+#DefaultLimitFSIZE=
+#DefaultLimitDATA=
+#DefaultLimitSTACK=
+#DefaultLimitCORE=
+#DefaultLimitRSS=
+#DefaultLimitNOFILE=1024:524288
+#DefaultLimitAS=
+#DefaultLimitNPROC=
+#DefaultLimitMEMLOCK=
+#DefaultLimitLOCKS=
+#DefaultLimitSIGPENDING=
+#DefaultLimitMSGQUEUE=
+#DefaultLimitNICE=
+#DefaultLimitRTPRIO=
+#DefaultLimitRTTIME=
--- /dev/null
+/lib/systemd/system/snapd.seeded.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/cloud-config.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/cloud-final.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/cloud-init-hotplugd.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/cloud-init-local.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/cloud-init.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ModemManager.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-resolved.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/thermald.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-timesyncd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/e2scrub_reap.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/grub-initrd-fallback.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.system-shutdown.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/getty@.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/accounts-daemon.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/udisks2.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/open-iscsi.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/mdcheck_continue.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/mdcheck_start.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/mdmonitor-oneshot.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ModemManager.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/atd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/binfmt-support.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/console-setup.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/cron.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/dmesg.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/grub-common.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/grub-initrd-fallback.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/irqbalance.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/lxd-agent-9p.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/lxd-agent.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/networkd-dispatcher.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/nginx.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ondemand.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/open-vm-tools.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/pollinate.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/postgresql.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/remote-fs.target
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/rsync.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/rsyslog.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/secureboot-db.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/smartmontools.service
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap-core18-1880.mount
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap-core18-2409.mount
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap-core20-1518.mount
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap-lxd-16099.mount
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap-lxd-22753.mount
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap-snapd-15904.mount
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap-snapd-16010.mount
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap.lxd.activate.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.apparmor.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.autoimport.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.core-fixup.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.recovery-chooser-trigger.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.seeded.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ssh.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/sysstat.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-networkd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-resolved.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/thermald.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ua-license-check.path
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ua-reboot-cmds.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ufw.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/unattended-upgrades.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/multipathd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-networkd-wait-online.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/vgauth.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/apport-autoreport.path
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/grub-initrd-fallback.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/grub-common.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/grub-initrd-fallback.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/smartmontools.service
\ No newline at end of file
--- /dev/null
+[Unit]
+Description=Mount unit for core18, revision 1880
+Before=snapd.service
+After=zfs-mount.service
+
+[Mount]
+What=/var/lib/snapd/snaps/core18_1880.snap
+Where=/snap/core18/1880
+Type=squashfs
+Options=nodev,ro,x-gdu.hide,x-gvfs-hide
+LazyUnmount=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Mount unit for core18, revision 2409
+Before=snapd.service
+After=zfs-mount.service
+
+[Mount]
+What=/var/lib/snapd/snaps/core18_2409.snap
+Where=/snap/core18/2409
+Type=squashfs
+Options=nodev,ro,x-gdu.hide,x-gvfs-hide
+LazyUnmount=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Mount unit for core20, revision 1518
+Before=snapd.service
+After=zfs-mount.service
+
+[Mount]
+What=/var/lib/snapd/snaps/core20_1518.snap
+Where=/snap/core20/1518
+Type=squashfs
+Options=nodev,ro,x-gdu.hide,x-gvfs-hide
+LazyUnmount=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Mount unit for lxd, revision 16099
+Before=snapd.service
+After=zfs-mount.service
+
+[Mount]
+What=/var/lib/snapd/snaps/lxd_16099.snap
+Where=/snap/lxd/16099
+Type=squashfs
+Options=nodev,ro,x-gdu.hide,x-gvfs-hide
+LazyUnmount=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Mount unit for lxd, revision 22753
+Before=snapd.service
+After=zfs-mount.service
+
+[Mount]
+What=/var/lib/snapd/snaps/lxd_22753.snap
+Where=/snap/lxd/22753
+Type=squashfs
+Options=nodev,ro,x-gdu.hide,x-gvfs-hide
+LazyUnmount=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Mount unit for snapd, revision 15904
+Before=snapd.service
+After=zfs-mount.service
+
+[Mount]
+What=/var/lib/snapd/snaps/snapd_15904.snap
+Where=/snap/snapd/15904
+Type=squashfs
+Options=nodev,ro,x-gdu.hide,x-gvfs-hide
+LazyUnmount=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Mount unit for snapd, revision 16010
+Before=snapd.service
+After=zfs-mount.service
+
+[Mount]
+What=/var/lib/snapd/snaps/snapd_16010.snap
+Where=/snap/snapd/16010
+Type=squashfs
+Options=nodev,ro,x-gdu.hide,x-gvfs-hide
+LazyUnmount=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+# Auto-generated, DO NOT EDIT
+Description=Service for snap application lxd.activate
+Requires=snap-lxd-22753.mount
+Wants=network.target
+After=snap-lxd-22753.mount network.target snapd.apparmor.service
+X-Snappy=yes
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/bin/snap run lxd.activate
+SyslogIdentifier=lxd.activate
+Restart=no
+WorkingDirectory=/var/snap/lxd/22753
+TimeoutStopSec=30
+Type=oneshot
+Delegate=true
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+# Auto-generated, DO NOT EDIT
+Description=Service for snap application lxd.daemon
+Requires=snap-lxd-22753.mount
+Wants=network.target
+After=snap-lxd-22753.mount network.target snapd.apparmor.service
+X-Snappy=yes
+
+[Service]
+EnvironmentFile=-/etc/environment
+ExecStart=/usr/bin/snap run lxd.daemon
+SyslogIdentifier=lxd.daemon
+Restart=on-failure
+WorkingDirectory=/var/snap/lxd/22753
+ExecStop=/usr/bin/snap run --command=stop lxd.daemon
+ExecReload=/usr/bin/snap run --command=reload lxd.daemon
+TimeoutStopSec=600
+Type=simple
+Delegate=true
--- /dev/null
+[Unit]
+# Auto-generated, DO NOT EDIT
+Description=Socket unix for snap application lxd.daemon
+Requires=snap-lxd-22753.mount
+After=snap-lxd-22753.mount
+X-Snappy=yes
+
+[Socket]
+Service=snap.lxd.daemon.service
+FileDescriptorName=unix
+ListenStream=/var/snap/lxd/common/lxd/unix.socket
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
--- /dev/null
+/lib/systemd/system/apport-forward.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/dm-event.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/iscsid.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/multipathd.socket
\ No newline at end of file
--- /dev/null
+/etc/systemd/system/snap.lxd.daemon.unix.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-networkd.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/uuidd.socket
\ No newline at end of file
--- /dev/null
+# In some cloud-init enabled images the sshd-keygen template service may race
+# with cloud-init during boot causing issues with host key generation. This
+# drop-in config adds a condition to sshd-keygen@.service if it exists and
+# prevents the sshd-keygen units from running *if* cloud-init is going to run.
+#
+[Unit]
+ConditionPathExists=!/run/systemd/generator.early/multi-user.target.wants/cloud-init.target
--- /dev/null
+/lib/systemd/system/ssh.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/apparmor.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/blk-availability.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/finalrd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/keyboard-setup.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/lvm2-lvmpolld.socket
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/lvm2-monitor.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/multipathd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/open-iscsi.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/setvtrgb.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-pstore.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-timesyncd.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/rsyslog.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/apt-daily-upgrade.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/apt-daily.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/certbot.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/e2scrub_all.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/fstrim.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/fwupd-refresh.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/logrotate.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/man-db.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/motd-news.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/snapd.snap-repair.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/ua-timer.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/open-vm-tools.service
\ No newline at end of file
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See timesyncd.conf(5) for details.
+
+[Time]
+#NTP=
+#FallbackNTP=ntp.ubuntu.com
+#RootDistanceMaxSec=5
+#PollIntervalMinSec=32
+#PollIntervalMaxSec=2048
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# You can override the directives in this file by creating files in
+# /etc/systemd/user.conf.d/*.conf.
+#
+# See systemd-user.conf(5) for details
+
+[Manager]
+#LogLevel=info
+#LogTarget=console
+#LogColor=yes
+#LogLocation=no
+#SystemCallArchitectures=
+#TimerSlackNSec=
+#StatusUnitFormat=description
+#DefaultTimerAccuracySec=1min
+#DefaultStandardOutput=inherit
+#DefaultStandardError=inherit
+#DefaultTimeoutStartSec=90s
+#DefaultTimeoutStopSec=90s
+#DefaultTimeoutAbortSec=
+#DefaultRestartSec=100ms
+#DefaultStartLimitIntervalSec=10s
+#DefaultStartLimitBurst=5
+#DefaultEnvironment=
+#DefaultLimitCPU=
+#DefaultLimitFSIZE=
+#DefaultLimitDATA=
+#DefaultLimitSTACK=
+#DefaultLimitCORE=
+#DefaultLimitRSS=
+#DefaultLimitNOFILE=
+#DefaultLimitAS=
+#DefaultLimitNPROC=
+#DefaultLimitMEMLOCK=
+#DefaultLimitLOCKS=
+#DefaultLimitSIGPENDING=
+#DefaultLimitMSGQUEUE=
+#DefaultLimitNICE=
+#DefaultLimitRTPRIO=
+#DefaultLimitRTTIME=
--- /dev/null
+/usr/lib/systemd/user/dirmngr.socket
\ No newline at end of file
--- /dev/null
+/usr/lib/systemd/user/gpg-agent-browser.socket
\ No newline at end of file
--- /dev/null
+/usr/lib/systemd/user/gpg-agent-extra.socket
\ No newline at end of file
--- /dev/null
+/usr/lib/systemd/user/gpg-agent-ssh.socket
\ No newline at end of file
--- /dev/null
+/usr/lib/systemd/user/gpg-agent.socket
\ No newline at end of file
--- /dev/null
+/usr/lib/systemd/user/pk-debconf-helper.socket
\ No newline at end of file
--- /dev/null
+This directory is for system-local terminfo descriptions. By default,
+ncurses will search ${HOME}/.terminfo first, then /etc/terminfo (this
+directory), then /lib/terminfo, and last not least /usr/share/terminfo.
--- /dev/null
+
+<!--
+Specifies the order of compensation to cool CPU only.
+There is a default already implemented in the code, but
+this file can be used to change order
+
+The Following cooling device can present
+-->
+
+<CoolingDeviceOrder>
+ <!-- Specify Cooling device order -->
+ <CoolingDevice>rapl_controller</CoolingDevice>
+ <CoolingDevice>intel_pstate</CoolingDevice>
+ <CoolingDevice>intel_powerclamp</CoolingDevice>
+ <CoolingDevice>cpufreq</CoolingDevice>
+ <CoolingDevice>Processor</CoolingDevice>
+</CoolingDeviceOrder>
+
--- /dev/null
+# This file is generated by /var/lib/dpkg/info/screen.postinst upon package configuration
+d /run/screen 1777 root utmp
--- /dev/null
+cc-eal:
+ help: |
+ Common Criteria is an Information Technology Security Evaluation standard
+ (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
+ been evaluated to assurance level EAL2 through CSEC. The evaluation was
+ performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
+
+cis:
+ help: |
+ Ubuntu Security Guide is a tool for hardening and auditing and allows for
+ environment-specific customizations. It enables compliance with profiles
+ such as DISA-STIG and the CIS benchmarks. Find out more at
+ https://ubuntu.com/security/certifications/docs/usg
+
+
+esm-apps:
+ help: |
+ UA Apps: Extended Security Maintenance is enabled by default on entitled
+ workloads. It provides access to a private PPA which includes available
+ high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
+ and Ubuntu Universe repositories from the Ubuntu LTS release date until
+ its end of life. You can find out more about the esm service at
+ https://ubuntu.com/security/esm
+
+esm-infra:
+ help: |
+ esm-infra provides access to a private ppa which includes available high
+ and critical CVE fixes for Ubuntu LTS packages in the Ubuntu Main
+ repository between the end of the standard Ubuntu LTS security
+ maintenance and its end of life. It is enabled by default with
+ Extended Security Maintenance (ESM) for UA Apps and UA Infra.
+ You can find our more about the esm service at
+ https://ubuntu.com/security/esm
+
+fips:
+ help: |
+ FIPS 140-2 is a set of publicly announced cryptographic standards
+ developed by the National Institute of Standards and Technology
+ applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
+ Note that "fips" does not provide security patching. For fips certified
+ modules with security patches please refer to fips-updates. The modules
+ are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
+ 18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
+ Ubuntu 16.04. Below is the list of fips certified components per an
+ Ubuntu Version. You can find out more at
+ https://ubuntu.com/security/certifications#fips
+
+fips-updates:
+ help: |
+ fips-updates installs fips modules including all security patches
+ for those modules that have been provided since their certification date.
+ You can find out more at https://ubuntu.com/security/certifications#fips.
+
+livepatch:
+ help: |
+ Livepatch provides selected high and critical kernel CVE fixes and other
+ non-security bug fixes as kernel livepatches. Livepatches are applied
+ without rebooting a machine which drastically limits the need for
+ unscheduled system reboots. Due to the nature of fips compliance,
+ livepatches cannot be enabled on fips-enabled systems. You can find out
+ more about Ubuntu Kernel Livepatch service at
+ https://ubuntu.com/security/livepatch
+
+realtime-kernel:
+ help: |
+ The real-time kernel is a beta version of the 22.04 Ubuntu kernel with the
+ PREEMPT_RT patchset integrated for x86_64 and ARM64. It services extreme
+ latency-dependent use cases and provides deterministic response times to
+ service events. By meeting stringent preemption specifications, the
+ real-time kernel is suitable for telco applications and embedded devices
+ in industrial automation and robotics. To enroll in the beta program, visit
+ https://ubuntu.com/realtime-kernel
+
+ros:
+ help: |
+ ros provides access to a private PPA which includes security-related
+ updates for available high and critical CVE fixes for Robot Operating
+ System (ROS) packages. For access to ROS ESM and security updates, both
+ esm-infra and esm-apps services will also be enabled. To get additional
+ non-security updates, enable ros-updates. You can find out more about the
+ ROS ESM service at https://ubuntu.com/robotics/ros-esm
+
+ros-updates:
+ help: |
+ ros-updates provides access to a private PPA which includes
+ non-security-related updates for Robot Operating System (ROS) packages.
+ For full access to ROS ESM, security and non-security updates,
+ the esm-infra, esm-apps, and ros services will also be enabled. You can
+ find out more about the ROS ESM service at
+ https://ubuntu.com/robotics/ros-esm
--- /dev/null
+# Ubuntu-Advantage client config file.
+# If you modify this file, run "ua refresh config" to ensure changes are
+# picked up by Ubuntu-Advantage client.
+
+contract_url: https://contracts.canonical.com
+data_dir: /var/lib/ubuntu-advantage
+log_file: /var/log/ubuntu-advantage.log
+log_level: debug
+security_url: https://ubuntu.com/security
+timer_log_file: /var/log/ubuntu-advantage-timer.log
+ua_config:
+ apt_http_proxy: null
+ apt_https_proxy: null
+ http_proxy: null
+ https_proxy: null
+ update_messaging_timer: 21600
+ update_status_timer: 43200
+ metering_timer: 14400
--- /dev/null
+#
+# This file is a bourne shell snippet, and is sourced by the
+# ucf script for configuration.
+#
+
+# Debugging information: The default value is 0 (no debugging
+# information is printed). To change the default behavior, uncomment
+# the following line and set the value to 1.
+#
+# DEBUG=0
+
+# Verbosity: The default value is 0 (quiet). To change the default
+# behavior, uncomment the following line and set the value to 1.
+#
+# VERBOSE=0
+
+
+# The src directory. This is the directory where the historical
+# md5sums for a file are looked for. Specifically, the historical
+# md5sums are looked for in the subdirectory ${filename}.md5sum.d/
+#
+# conf_source_dir=/some/path/
+
+# Force the installed file to be retained. The default is have this
+# variable unset, which makes the script ask in case of doubt. To
+# change the default behavior, uncomment the following line and set
+# the value to YES
+#
+# conf_force_conffold=YES
+
+# Force the installed file to be overridden. The default is have this
+# variable unset, which makes the script ask in case of doubt. To
+# change the default behavior, uncomment the following line and set
+# the value to YES
+#
+# conf_force_conffnew=YES
+
+# Please note that only one of conf_force_conffold and
+# conf_force_conffnew should be set.
--- /dev/null
+# This file is automatically generated.
+
+# Concatenation of all ModemManager udev rules
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move|bind", GOTO="mm_cinterion_port_types_end"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="1e2d", GOTO="mm_cinterion_port_types"
+GOTO="mm_cinterion_port_types_end"
+
+LABEL="mm_cinterion_port_types"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# PHS8
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0053", ENV{.MM_USBIFNUM}=="01", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_GPS}="1"
+
+# PLS8 port types
+# ttyACM0 (if #0): AT port
+# ttyACM1 (if #2): AT port
+# ttyACM2 (if #4): GPS data port
+# ttyACM3 (if #6): unknown
+# ttyACM4 (if #8): unknown
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0061", ENV{.MM_USBIFNUM}=="00", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_PRIMARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0061", ENV{.MM_USBIFNUM}=="02", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_SECONDARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0061", ENV{.MM_USBIFNUM}=="04", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_GPS}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0061", ENV{.MM_USBIFNUM}=="06", ENV{ID_MM_PORT_IGNORE}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0061", ENV{.MM_USBIFNUM}=="08", ENV{ID_MM_PORT_IGNORE}="1"
+
+# PLS62 family non-mbim enumeration uses alternate settings for 2G band management
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005b", ENV{ID_MM_CINTERION_MODEM_FAMILY}="imt"
+# PLS62 family non-mbim enumeration
+# ttyACM0 (if #0): AT port
+# ttyACM1 (if #2): AT port
+# ttyACM2 (if #4): can be AT or GNSS in some models
+# ttyACM3 (if #6): AT port (but just ignore)
+# ttyACM4 (if #8): DIAG/QCDM
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005b", ENV{.MM_USBIFNUM}=="00", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_PRIMARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005b", ENV{.MM_USBIFNUM}=="02", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_SECONDARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005b", ENV{.MM_USBIFNUM}=="04", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_GPS}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005b", ENV{.MM_USBIFNUM}=="06", ENV{ID_MM_PORT_IGNORE}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005b", ENV{.MM_USBIFNUM}=="08", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_QCDM}="1"
+
+# PLS62 family mbim enumeration
+# ttyACM0 (if #0): AT port
+# ttyACM1 (if #2): AT port
+# ttyACM2 (if #4): can be AT or GNSS in some models
+# ttyACM3 (if #6): AT port (but just ignore)
+# ttyACM4 (if #8): DIAG/QCDM
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005d", ENV{.MM_USBIFNUM}=="00", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_PRIMARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005d", ENV{.MM_USBIFNUM}=="02", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_SECONDARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005d", ENV{.MM_USBIFNUM}=="04", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_GPS}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005d", ENV{.MM_USBIFNUM}=="06", ENV{ID_MM_PORT_IGNORE}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="005d", ENV{.MM_USBIFNUM}=="08", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_QCDM}="1"
+
+# PLS63
+# ttyACM0 (if #0): AT port
+# ttyACM1 (if #2): AT port
+# ttyACM2 (if #4): GPS data port
+# ttyACM3 (if #6): DIAG/QCDM
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0069", ENV{.MM_USBIFNUM}=="00", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_PRIMARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0069", ENV{.MM_USBIFNUM}=="02", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_SECONDARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0069", ENV{.MM_USBIFNUM}=="04", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_GPS}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="0069", ENV{.MM_USBIFNUM}=="06", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_QCDM}="1"
+
+# PLS83
+# ttyACM0 (if #0): AT port
+# ttyACM1 (if #2): AT port
+# ttyACM2 (if #4): GPS data port
+# ttyACM3 (if #6): DIAG/QCDM
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="006F", ENV{.MM_USBIFNUM}=="00", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_PRIMARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="006F", ENV{.MM_USBIFNUM}=="02", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_AT_SECONDARY}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="006F", ENV{.MM_USBIFNUM}=="04", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_GPS}="1"
+ATTRS{idVendor}=="1e2d", ATTRS{idProduct}=="006F", ENV{.MM_USBIFNUM}=="06", SUBSYSTEM=="tty", ENV{ID_MM_PORT_TYPE_QCDM}="1"
+
+LABEL="mm_cinterion_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_mbm_end"
+SUBSYSTEMS=="usb", GOTO="mm_mbm_check"
+GOTO="mm_mbm_end"
+
+LABEL="mm_mbm_check"
+
+# Ericsson F3507g
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1900", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1902", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson F3607gw
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1904", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1905", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1906", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson F3307
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="190a", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1909", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson F3307 R2
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1914", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson C3607w
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1049", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson C3607w v2
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="190b", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson F5521gw
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="190d", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1911", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson H5321gw
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1919", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson H5321w
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="191d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson F5321gw
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1917", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson F5321w
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="191b", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson C5621gw
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="191f", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson C5621w
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1921", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson H5321gw
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1927", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson C3304w
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1928", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Ericsson C5621 TFF
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1936", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Sony-Ericsson MD300
+ATTRS{idVendor}=="0fce", ATTRS{idProduct}=="d0cf", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Sony-Ericsson MD400
+ATTRS{idVendor}=="0fce", ATTRS{idProduct}=="d0e1", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Sony-Ericsson MD400G
+ATTRS{idVendor}=="0fce", ATTRS{idProduct}=="d103", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Dell 5560
+ATTRS{idVendor}=="413c", ATTRS{idProduct}=="818e", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Dell 5550
+ATTRS{idVendor}=="413c", ATTRS{idProduct}=="818d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Dell 5530 HSDPA
+ATTRS{idVendor}=="413c", ATTRS{idProduct}=="8147", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Dell F3607gw
+ATTRS{idVendor}=="413c", ATTRS{idProduct}=="8183", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="413c", ATTRS{idProduct}=="8184", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Dell F3307
+ATTRS{idVendor}=="413c", ATTRS{idProduct}=="818b", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="413c", ATTRS{idProduct}=="818c", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# HP hs2330 Mobile Broadband Module
+ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="271d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# HP hs2320 Mobile Broadband Module
+ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="261d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# HP hs2340 Mobile Broadband Module
+ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3a1d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# HP hs2350 Mobile Broadband Module
+ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3d1d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# HP lc2000 Mobile Broadband Module
+ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="301d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# HP lc2010 Mobile Broadband Module
+ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="2f1d", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Toshiba
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="130b", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Toshiba F3607gw
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="130c", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="1311", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Toshiba F3307
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="1315", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="1316", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="1317", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Toshiba F5521gw
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="1313", ENV{ID_MM_ERICSSON_MBM}="1"
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="1314", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Toshiba H5321gw
+ATTRS{idVendor}=="0930", ATTRS{idProduct}=="1319", ENV{ID_MM_ERICSSON_MBM}="1"
+
+# Lenovo N5321gw
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="193e", ENV{ID_MM_ERICSSON_MBM}="1"
+
+LABEL="mm_mbm_end"
+# do not edit this file, it will be overwritten on update
+ACTION!="add|change|move", GOTO="mm_huawei_port_types_end"
+
+ENV{ID_VENDOR_ID}!="12d1", GOTO="mm_huawei_port_types_end"
+
+# MU609 does not support getportmode (crashes modem with default firmware)
+ATTRS{idProduct}=="1573", ENV{ID_MM_HUAWEI_DISABLE_GETPORTMODE}="1"
+
+# Mark the modem and at port flags for ModemManager
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="ff", ATTRS{bInterfaceSubClass}=="01", ATTRS{bInterfaceProtocol}=="01", ENV{ID_MM_HUAWEI_MODEM_PORT}="1"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="ff", ATTRS{bInterfaceSubClass}=="01", ATTRS{bInterfaceProtocol}=="02", ENV{ID_MM_HUAWEI_AT_PORT}="1"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="ff", ATTRS{bInterfaceSubClass}=="02", ATTRS{bInterfaceProtocol}=="01", ENV{ID_MM_HUAWEI_MODEM_PORT}="1"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="ff", ATTRS{bInterfaceSubClass}=="02", ATTRS{bInterfaceProtocol}=="02", ENV{ID_MM_HUAWEI_AT_PORT}="1"
+
+# GPS NMEA port on MU609
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="ff", ATTRS{bInterfaceSubClass}=="01", ATTRS{bInterfaceProtocol}=="05", ENV{ID_MM_HUAWEI_GPS_PORT}="1"
+# GPS NMEA port on MU909
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="ff", ATTRS{bInterfaceSubClass}=="01", ATTRS{bInterfaceProtocol}=="14", ENV{ID_MM_HUAWEI_GPS_PORT}="1"
+
+# Only the standard ECM or NCM port can support dial-up with AT NDISDUP through AT port
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="02", ATTRS{bInterfaceSubClass}=="06",ATTRS{bInterfaceProtocol}=="00", ENV{ID_MM_HUAWEI_NDISDUP_SUPPORTED}="1"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceClass}=="02", ATTRS{bInterfaceSubClass}=="0d",ATTRS{bInterfaceProtocol}=="00", ENV{ID_MM_HUAWEI_NDISDUP_SUPPORTED}="1"
+
+LABEL="mm_huawei_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+# Longcheer makes modules that other companies rebrand, like:
+#
+# Alcatel One Touch X020
+# Alcatel One Touch X030
+# MobiData MBD-200HU
+# ST Mobile Connect HSUPA USB Modem
+#
+# Most of these values were scraped from various Longcheer-based Windows
+# driver .inf files. cmmdm.inf lists the actual data (ie PPP) ports, while
+# cmser.inf lists the aux ports that may be either AT-capable or not but
+# cannot be used for PPP.
+
+
+ACTION!="add|change|move", GOTO="mm_longcheer_port_types_end"
+SUBSYSTEM!="tty", GOTO="mm_longcheer_port_types_end"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="1c9e", GOTO="mm_longcheer_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="1bbb", GOTO="mm_tamobile_vendorcheck"
+GOTO="mm_longcheer_port_types_end"
+
+LABEL="mm_longcheer_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="3197", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="3197", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="3197", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6000", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6000", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6000", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6060", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6060", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6060", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+# Alcatel One Touch X020
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6061", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6061", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="6061", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7001", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7001", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7001", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7001", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7002", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7002", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7002", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7002", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7002", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7101", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7101", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7101", ENV{.MM_USBIFNUM}=="05", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7101", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7102", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7102", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7102", ENV{.MM_USBIFNUM}=="05", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7102", ENV{.MM_USBIFNUM}=="06", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="7102", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8000", ENV{.MM_USBIFNUM}=="05", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8000", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8000", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8000", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8001", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8001", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8001", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8001", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8002", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8002", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8002", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="8002", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+# ChinaBird PL68
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9000", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9000", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9000", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9001", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9001", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9001", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9001", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9002", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9002", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9002", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9002", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9003", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9003", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9003", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9003", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9003", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9004", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9004", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9004", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9005", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9005", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9005", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9010", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9010", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9010", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9010", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9012", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9012", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9012", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9012", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9020", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9020", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9020", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9020", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9022", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9022", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9022", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9022", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+# Zoom products
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9602", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9602", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9602", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9602", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9603", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9603", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9603", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9603", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9604", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9604", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9604", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9604", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9605", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9605", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9605", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9605", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9605", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9606", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9606", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9606", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9606", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9606", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9607", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9607", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9607", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9607", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9607", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9607", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+GOTO="mm_longcheer_port_types_end"
+
+
+LABEL="mm_tamobile_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# Alcatel One Touch X060s
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_LONGCHEER_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_LONGCHEER_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{ID_MM_LONGCHEER_TAGGED}="1"
+
+GOTO="mm_longcheer_port_types_end"
+
+
+LABEL="mm_longcheer_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_mtk_port_types_end"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0e8d", GOTO="mm_mtk_port_types_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="2001", GOTO="mm_dlink_port_types_vendorcheck"
+GOTO="mm_mtk_port_types_end"
+
+# MediaTek devices ---------------------------
+
+LABEL="mm_mtk_port_types_vendorcheck"
+ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a1", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_MTK_MODEM_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a1", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_MTK_AT_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a1", ENV{ID_MM_MTK_TAGGED}="1"
+
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a2", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_MTK_MODEM_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a2", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_MTK_AT_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a2", ENV{ID_MM_MTK_TAGGED}="1"
+
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a4", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_MTK_MODEM_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a4", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_MTK_AT_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a4", ENV{ID_MM_MTK_TAGGED}="1"
+
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a5", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_MTK_MODEM_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a5", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_MTK_AT_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a5", ENV{ID_MM_MTK_TAGGED}="1"
+
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a7", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_MTK_MODEM_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a7", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_MTK_AT_PORT}="1"
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="00a7", ENV{ID_MM_MTK_TAGGED}="1"
+
+GOTO="mm_mtk_port_types_end"
+
+# D-Link devices ---------------------------
+
+LABEL="mm_dlink_port_types_vendorcheck"
+ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# D-Link DWM-156 A5 (and later?)
+ATTRS{idVendor}=="2001", ATTRS{idProduct}=="7d00", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_MTK_MODEM_PORT}="1"
+ATTRS{idVendor}=="2001", ATTRS{idProduct}=="7d00", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_MTK_AT_PORT}="1"
+ATTRS{idVendor}=="2001", ATTRS{idProduct}=="7d00", ENV{ID_MM_MTK_TAGGED}="1"
+
+GOTO="mm_mtk_port_types_end"
+
+LABEL="mm_mtk_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_nokia_port_types_end"
+SUBSYSTEM!="tty", GOTO="mm_nokia_port_types_end"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0421", GOTO="mm_nokia_port_types_vendorcheck"
+GOTO="mm_nokia_port_types_end"
+
+LABEL="mm_nokia_port_types_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# For Nokia Internet Sticks (CS-xx) the modem/PPP port appears to always be USB interface 1
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="060D", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="0611", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="061A", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="061B", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="061F", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="0619", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="0620", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="0623", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="0624", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="0625", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="062A", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="062E", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="062F", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_NOKIA_PORT_TYPE_MODEM}="1"
+
+LABEL="mm_nokia_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_pcmcia_device_blacklist_end"
+SUBSYSTEM!="pcmcia", GOTO="mm_pcmcia_device_blacklist_end"
+
+# Gemplus Serial Port smartcard adapter
+ATTRS{prod_id1}=="Gemplus", ATTRS{prod_id2}=="SerialPort", ATTRS{prod_id3}=="GemPC Card", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+LABEL="mm_pcmcia_device_blacklist_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_platform_device_whitelist_end"
+SUBSYSTEM!="platform", GOTO="mm_platform_device_whitelist_end"
+
+# Be careful here since many devices connected to platform drivers on PCs
+# are legacy devices that won't like probing. But often on embedded
+# systems serial ports are provided by platform devices.
+
+# Allow atmel_usart
+DRIVERS=="atmel_usart", ENV{ID_MM_PLATFORM_DRIVER_PROBE}="1"
+
+LABEL="mm_platform_device_whitelist_end"
+# do not edit this file, it will be overwritten on update
+
+# Simtech makes modules that other companies rebrand, like:
+#
+# A-LINK 3GU
+# SCT UM300
+#
+# Most of these values were scraped from various SimTech-based Windows
+# driver .inf files. *mdm.inf lists the main command ports, while
+# *ser.inf lists the aux ports that may be used for PPP.
+
+
+ACTION!="add|change|move", GOTO="mm_simtech_port_types_end"
+SUBSYSTEM!="tty", GOTO="mm_simtech_port_types_end"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="1e0e", GOTO="mm_alink_vendorcheck"
+GOTO="mm_simtech_port_types_end"
+
+LABEL="mm_alink_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# A-LINK 3GU
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="cefe", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_SIMTECH_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="cefe", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_SIMTECH_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="cefe", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_SIMTECH_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="cefe", ENV{ID_MM_SIMTECH_TAGGED}="1"
+
+# Prolink PH-300
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="9100", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_SIMTECH_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="9100", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_SIMTECH_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="9100", ENV{ID_MM_SIMTECH_TAGGED}="1"
+
+# SCT UM300
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="9200", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_SIMTECH_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="9200", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_SIMTECH_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1e0e", ATTRS{idProduct}=="9200", ENV{ID_MM_SIMTECH_TAGGED}="1"
+
+GOTO="mm_simtech_port_types_end"
+
+LABEL="mm_simtech_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_telit_port_types_end"
+SUBSYSTEM!="tty", GOTO="mm_telit_port_types_end"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="1bc7", GOTO="mm_telit_vendorcheck"
+GOTO="mm_telit_port_types_end"
+
+LABEL="mm_telit_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# UC864-E, UC864-E-AUTO, UC864-K, UC864-WD, UC864-WDU
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1003", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_TELIT_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1003", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_TELIT_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1003", ENV{ID_MM_TELIT_TAGGED}="1"
+
+# UC864-G
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1004", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_TELIT_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1004", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_TELIT_PORT_TYPE_NMEA}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1004", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_TELIT_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1004", ENV{ID_MM_TELIT_TAGGED}="1"
+
+# CC864-DUAL
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1005", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_TELIT_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1005", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_TELIT_PORT_TYPE_NMEA}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1005", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_TELIT_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1005", ENV{ID_MM_TELIT_TAGGED}="1"
+
+# CC864-SINGLE, CC864-KPS
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1006", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_TELIT_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1006", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_TELIT_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1006", ENV{ID_MM_TELIT_TAGGED}="1"
+
+# DE910-DUAL
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1010", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_TELIT_PORT_TYPE_NMEA}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1010", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_TELIT_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1010", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_TELIT_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1010", ENV{ID_MM_TELIT_TAGGED}="1"
+
+# CE910-DUAL
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1011", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_TELIT_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bc7", ATTRS{idProduct}=="1011", ENV{ID_MM_TELIT_TAGGED}="1"
+
+# NOTE: Qualcomm Gobi-based devices like the LE920 should not be handled
+# by this plugin, but by the Gobi plugin.
+
+GOTO="mm_telit_port_types_end"
+LABEL="mm_telit_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end"
+SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end"
+ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_device_blacklist_end"
+
+# Telegesis zigbee dongle
+ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="0003", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# APC UPS devices
+ATTRS{idVendor}=="051d", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Sweex 1000VA
+ATTRS{idVendor}=="0925", ATTRS{idProduct}=="1234", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Agiler UPS
+ATTRS{idVendor}=="05b8", ATTRS{idProduct}=="0000", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Krauler UP-M500VA
+ATTRS{idVendor}=="0001", ATTRS{idProduct}=="0000", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Ablerex 625L USB
+ATTRS{idVendor}=="ffff", ATTRS{idProduct}=="0000", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Belkin F6C1200-UNV
+ATTRS{idVendor}=="0665", ATTRS{idProduct}=="5161", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Various Liebert and Phoenixtec Power devices
+ATTRS{idVendor}=="06da", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Unitek Alpha 1200Sx
+ATTRS{idVendor}=="0f03", ATTRS{idProduct}=="0001", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Various Tripplite devices
+ATTRS{idVendor}=="09ae", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Various MGE Office Protection Systems devices
+ATTRS{idVendor}=="0463", ATTRS{idProduct}=="0001", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="0463", ATTRS{idProduct}=="ffff", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# CyberPower 900AVR/BC900D
+ATTRS{idVendor}=="0764", ATTRS{idProduct}=="0005", ENV{ID_MM_DEVICE_IGNORE}="1"
+# CyberPower CP1200AVR/BC1200D
+ATTRS{idVendor}=="0764", ATTRS{idProduct}=="0501", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Various Belkin devices
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0980", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0900", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0910", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0912", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0551", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0751", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0375", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="1100", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# HP R/T 2200 INTL (like SMART2200RMXL2U)
+ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1f0a", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Powerware devices
+ATTRS{idVendor}=="0592", ATTRS{idProduct}=="0002", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Palm Treo 700/900/etc
+# Shouldn't be probed themselves, but you can install programs like
+# "MobileStream USB Modem" which changes the USB PID of the device to something
+# that isn't blacklisted.
+ATTRS{idVendor}=="0830", ATTRS{idProduct}=="0061", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# GlobalScaleTechnologies SheevaPlug
+ATTRS{idVendor}=="9e88", ATTRS{idProduct}=="9e8f", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Atmel Corp at91sam SAMBA bootloader
+ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="6124", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Dangerous Prototypes Bus Pirate v4
+ATTRS{idVendor}=="04d8", ATTRS{idProduct}=="fb00", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# All devices from the Swiss Federal Institute of Technology
+ATTRS{idVendor}=="0617", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# West Mountain Radio devices
+ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="814a", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="814b", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="2405", ATTRS{idProduct}=="0003", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Arduinos
+ATTRS{idVendor}=="2341", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9207", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="1b4f", ATTRS{idProduct}=="9208", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Adafruit Flora
+ATTRS{idVendor}=="239a", ATTRS{idProduct}=="0004", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="239a", ATTRS{idProduct}=="8004", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# All devices from Pololu Corporation
+# except some possible future products.
+ATTRS{idVendor}=="1ffb", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="1ffb", ATTRS{idProduct}=="00ad", ENV{ID_MM_DEVICE_IGNORE}="0"
+ATTRS{idVendor}=="1ffb", ATTRS{idProduct}=="00ae", ENV{ID_MM_DEVICE_IGNORE}="0"
+
+# Altair U-Boot device
+ATTRS{idVendor}=="0216", ATTRS{idProduct}=="0051", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Bluegiga BLE112B
+ATTRS{idVendor}=="2458", ATTRS{idProduct}=="0001", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Analog Devices BLIP camera
+ATTRS{idVendor}=="064b", ATTRS{idProduct}=="7823", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# MediaTek GPS chip (HOLUX M-1200E, GlobalTop Gms-d1, etc)
+ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="3329", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# PS-360 OEM (GPS sold with MS Street and Trips 2005)
+ATTRS{idVendor}=="067b", ATTRS{idProduct}=="aaa0", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# u-blox AG, u-blox 5 GPS chips
+ATTRS{idVendor}=="1546", ATTRS{idProduct}=="01a5", ENV{ID_MM_DEVICE_IGNORE}="1"
+ATTRS{idVendor}=="1546", ATTRS{idProduct}=="01a6", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Garmin GPS devices
+DRIVERS=="garmin_gps", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Cypress M8-based GPS devices, UPSes, and serial converters
+DRIVERS=="cypress_m8", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# All devices in the Openmoko vendor ID
+ATTRS{idVendor}=="1d50", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# All devices from 3D Robotics
+ATTRS{idVendor}=="26ac", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# empiriKit science lab controller device
+ATTRS{idVendor}=="0425", ATTRS{idProduct}=="0408", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+# Infineon Flashloader used by Intel XMM modem bootloader
+ATTRS{idVendor}=="8087", ATTRS{idProduct}=="0716", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+LABEL="mm_usb_device_blacklist_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_usb_serial_adapters_greylist_end"
+SUBSYSTEM!="usb", GOTO="mm_usb_serial_adapters_greylist_end"
+ENV{DEVTYPE}!="usb_device", GOTO="mm_usb_serial_adapters_greylist_end"
+
+# Belkin F5U183 Serial Adapter
+ATTRS{idVendor}=="050d", ATTRS{idProduct}=="0103", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# FTDI-based serial adapters
+# FTDI does USB to serial converter ICs; and it's very likely that they'll
+# never do modems themselves, so it should be safe to add a rule only based
+# on the vendor Id.
+ATTRS{idVendor}=="0403", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# ATEN Intl UC-232A (Prolific)
+ATTRS{idVendor}=="0557", ATTRS{idProduct}=="2008", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# Prolific USB to Serial adapter
+ATTRS{idVendor}=="067b", ATTRS{idProduct}=="2303", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# Magic Control Technology Corp adapters
+ATTRS{idVendor}=="0711", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# Cygnal Integrated Products, Inc. CP210x
+ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea71", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# QinHeng Electronics HL-340
+ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# Atmel Corp. LUFA USB to Serial Adapter Project (Arduino)
+ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="204b", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+# Netchip Technology, Inc. Linux-USB Serial Gadget (CDC ACM mode)
+ATTRS{idVendor}=="0525", ATTRS{idProduct}=="a4a7", ENV{ID_MM_DEVICE_MANUAL_SCAN_ONLY}="1"
+
+LABEL="mm_usb_serial_adapters_greylist_end"
+# do not edit this file, it will be overwritten on update
+
+# Alcatel One Touch X220D
+# Alcatel One Touch X200
+#
+# These values were scraped from the X220D's Windows .inf files. jrdmdm.inf
+# lists the actual command and data (ie PPP) ports, while jrdser.inf lists the
+# aux ports that may be either AT-capable or not but cannot be used for PPP.
+
+
+ACTION!="add|change|move", GOTO="mm_x22x_port_types_end"
+SUBSYSTEM!="tty", GOTO="mm_x22x_port_types_end"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="1bbb", GOTO="mm_x22x_generic_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="0b3c", GOTO="mm_x22x_olivetti_vendorcheck"
+GOTO="mm_x22x_port_types_end"
+
+# Generic JRD devices ---------------------------
+
+LABEL="mm_x22x_generic_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# Alcatel X200
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_X22X_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0000", ENV{ID_MM_X22X_TAGGED}="1"
+
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0017", ENV{.MM_USBIFNUM}=="05", ENV{ID_MM_X22X_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0017", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0017", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0017", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0017", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="0017", ENV{ID_MM_X22X_TAGGED}="1"
+
+# Archos G9
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="00B7", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_X22X_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="00B7", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="00B7", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_X22X_PORT_TYPE_NMEA}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="00B7", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_X22X_PORT_TYPE_VOICE}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="00B7", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="1bbb", ATTRS{idProduct}=="00B7", ENV{ID_MM_X22X_TAGGED}="1"
+
+GOTO="mm_x22x_port_types_end"
+
+# Olivetti devices ---------------------------
+
+LABEL="mm_x22x_olivetti_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+# Olicard 200
+ATTRS{idVendor}=="0b3c", ATTRS{idProduct}=="c005", ENV{.MM_USBIFNUM}=="05", ENV{ID_MM_X22X_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="0b3c", ATTRS{idProduct}=="c005", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="0b3c", ATTRS{idProduct}=="c005", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="0b3c", ATTRS{idProduct}=="c005", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="0b3c", ATTRS{idProduct}=="c005", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="0b3c", ATTRS{idProduct}=="c005", ENV{.MM_USBIFNUM}=="06", ENV{ID_MM_X22X_PORT_TYPE_AUX}="1"
+ATTRS{idVendor}=="0b3c", ATTRS{idProduct}=="c005", ENV{ID_MM_X22X_TAGGED}="1"
+
+GOTO="mm_x22x_port_types_end"
+
+LABEL="mm_x22x_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change|move", GOTO="mm_zte_port_types_end"
+SUBSYSTEM!="tty", GOTO="mm_zte_port_types_end"
+
+SUBSYSTEMS=="usb", ATTRS{idVendor}=="19d2", GOTO="mm_zte_port_types_vendorcheck"
+GOTO="mm_zte_port_types_end"
+
+LABEL="mm_zte_port_types_vendorcheck"
+SUBSYSTEMS=="usb", ATTRS{bInterfaceNumber}=="?*", ENV{.MM_USBIFNUM}="$attr{bInterfaceNumber}"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0001", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0001", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0002", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0002", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0003", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0003", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0004", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0004", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0005", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0005", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0006", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0006", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0007", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0007", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0008", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0008", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0009", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0009", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="000A", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="000A", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0012", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0012", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0015", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0015", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0016", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0016", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0017", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0017", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0018", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0018", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0019", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0019", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0021", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0021", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0024", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0024", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0025", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0025", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0030", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0030", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0031", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0031", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0033", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0033", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0037", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0037", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0039", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0039", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0042", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0042", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0043", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0043", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0048", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0048", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0049", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0049", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0052", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0052", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0054", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0054", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0055", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0055", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0057", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0057", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0058", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0058", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0061", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0061", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0063", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0063", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0064", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0064", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0066", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0066", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0078", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0078", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0082", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0082", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0091", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0091", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0104", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0104", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0106", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0106", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0108", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0108", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0113", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0113", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0117", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0117", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0118", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0118", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0121", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0121", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0122", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0122", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0123", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0123", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0124", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0124", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0125", ENV{.MM_USBIFNUM}=="05", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0125", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0126", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0126", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0128", ENV{.MM_USBIFNUM}=="04", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="0128", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1007", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1007", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1008", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1008", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1010", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1010", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1254", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1254", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1515", ENV{.MM_USBIFNUM}=="00", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="1515", ENV{.MM_USBIFNUM}=="02", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="2002", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="2002", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="2003", ENV{.MM_USBIFNUM}=="03", ENV{ID_MM_ZTE_PORT_TYPE_MODEM}="1"
+ATTRS{idVendor}=="19d2", ATTRS{idProduct}=="2003", ENV{.MM_USBIFNUM}=="01", ENV{ID_MM_ZTE_PORT_TYPE_AUX}="1"
+
+# Icera-based devices that use DHCP, not AT%IPDPADDR
+ATTRS{product}=="K3805-z", ENV{ID_MM_ZTE_ICERA_DHCP}="1"
+
+LABEL="mm_zte_port_types_end"
+# do not edit this file, it will be overwritten on update
+
+# Tag any devices that MM might be interested in; if ModemManager is started
+# up right after udev, when MM explicitly requests devices on startup it may
+# get devices that haven't had all rules run yet. Thus, we tag devices we're
+# interested in and when handling devices during MM startup we ignore any
+# that don't have this tag. MM will still get the udev 'add' event for the
+# device a short while later and then process it as normal.
+
+ACTION!="add|change|move|bind", GOTO="mm_candidate_end"
+
+# Opening bound but disconnected Bluetooth RFCOMM ttys would initiate the
+# connection. Don't do that.
+KERNEL=="rfcomm*", DEVPATH=="*/virtual/*", GOTO="mm_candidate_end"
+
+SUBSYSTEM=="tty", ENV{ID_MM_CANDIDATE}="1"
+SUBSYSTEM=="net", ENV{ID_MM_CANDIDATE}="1"
+KERNEL=="cdc-wdm[0-9]*", SUBSYSTEM=="usb", ENV{ID_MM_CANDIDATE}="1"
+KERNEL=="cdc-wdm[0-9]*", SUBSYSTEM=="usbmisc", ENV{ID_MM_CANDIDATE}="1"
+
+# WWAN subsystem port handling
+# - All USB devices ignored for now, only PCI devices expected
+# - Only "wwan_port" device types processed (single ports); we fully ignore
+# the "wwan_dev" device type (full device, not just one port)
+SUBSYSTEMS=="usb", GOTO="mm_candidate_end"
+SUBSYSTEM=="wwan", ENV{DEVTYPE}=="wwan_dev", GOTO="mm_candidate_end"
+SUBSYSTEM=="wwan", ENV{ID_MM_CANDIDATE}="1"
+SUBSYSTEM=="wwan", KERNEL=="*MBIM", ENV{ID_MM_PORT_TYPE_MBIM}="1"
+SUBSYSTEM=="wwan", KERNEL=="*QMI", ENV{ID_MM_PORT_TYPE_QMI}="1"
+SUBSYSTEM=="wwan", KERNEL=="*AT", ENV{ID_MM_PORT_TYPE_AT_PRIMARY}="1"
+SUBSYSTEM=="wwan", KERNEL=="*QCDM", ENV{ID_MM_PORT_TYPE_QCDM}="1"
+
+LABEL="mm_candidate_end"
+
+
+## Concatenation of all ofono udev rules (plugins/*.rules in ofono sources)
+## Note that ofono uses this for very few modems and that in most cases it finds
+## modems by checking directly in code udev events, so changes here will be rare
+
+## plugins/ofono.rules
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change", GOTO="ofono_end"
+
+# ISI/Phonet drivers
+SUBSYSTEM!="net", GOTO="ofono_isi_end"
+ATTRS{type}!="820", GOTO="ofono_isi_end"
+KERNELS=="gadget", GOTO="ofono_isi_end"
+
+# Nokia N900 modem
+SUBSYSTEMS=="hsi", ENV{OFONO_DRIVER}="n900", ENV{OFONO_ISI_ADDRESS}="108"
+KERNEL=="phonet*", ENV{OFONO_DRIVER}="n900", ENV{OFONO_ISI_ADDRESS}="108"
+
+# STE u8500
+KERNEL=="shrm0", ENV{OFONO_DRIVER}="u8500"
+
+LABEL="ofono_isi_end"
+
+SUBSYSTEM!="usb", GOTO="ofono_end"
+ENV{DEVTYPE}!="usb_device", GOTO="ofono_end"
+
+# Ignore fake serial number
+ATTRS{serial}=="1234567890ABCDEF", ENV{ID_SERIAL_SHORT}=""
+
+# Nokia CDMA Device
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="023e", ENV{OFONO_DRIVER}="nokiacdma"
+ATTRS{idVendor}=="0421", ATTRS{idProduct}=="00b6", ENV{OFONO_DRIVER}="nokiacdma"
+
+# Lenovo H5321gw 0bdb:1926
+ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926", ENV{OFONO_DRIVER}="mbm"
+
+LABEL="ofono_end"
+
+## plugins/ofono-speedup.rules
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add|change", GOTO="ofono_speedup_end"
+
+SUBSYSTEM!="tty", GOTO="ofono_speedup_end"
+KERNEL!="ttyUSB[0-9]*", GOTO="ofono_speedup_end"
+
+# SpeedUp 7300
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9e00", ENV{ID_USB_INTERFACE_NUM}=="00", ENV{OFONO_LABEL}="modem"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9e00", ENV{ID_USB_INTERFACE_NUM}=="03", ENV{OFONO_LABEL}="aux"
+
+# SpeedUp
+ATTRS{idVendor}=="2020", ATTRS{idProduct}=="1005", ENV{ID_USB_INTERFACE_NUM}=="03", ENV{OFONO_LABEL}="modem"
+ATTRS{idVendor}=="2020", ATTRS{idProduct}=="1005", ENV{ID_USB_INTERFACE_NUM}=="01", ENV{OFONO_LABEL}="aux"
+
+ATTRS{idVendor}=="2020", ATTRS{idProduct}=="1008", ENV{ID_USB_INTERFACE_NUM}=="03", ENV{OFONO_LABEL}="modem"
+ATTRS{idVendor}=="2020", ATTRS{idProduct}=="1008", ENV{ID_USB_INTERFACE_NUM}=="01", ENV{OFONO_LABEL}="aux"
+
+# SpeedUp 9800
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9800", ENV{ID_USB_INTERFACE_NUM}=="01", ENV{OFONO_LABEL}="modem"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9800", ENV{ID_USB_INTERFACE_NUM}=="02", ENV{OFONO_LABEL}="aux"
+
+# SpeedUp U3501
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9605", ENV{ID_USB_INTERFACE_NUM}=="03", ENV{OFONO_LABEL}="modem"
+ATTRS{idVendor}=="1c9e", ATTRS{idProduct}=="9605", ENV{ID_USB_INTERFACE_NUM}=="01", ENV{OFONO_LABEL}="aux"
+
+LABEL="ofono_speedup_end"
+
--- /dev/null
+# see udev.conf(5) for details
+#
+# udevd is also started in the initrd. When this file is modified you might
+# also want to rebuild the initrd, so that it will include the modified configuration.
+
+#udev_log=info
+#children_max=
+#exec_delay=
+#event_timeout=180
+#resolve_names=early
--- /dev/null
+[udisks2]
+# Comma separated list of modules to load.
+# Use asterisk to load all the modules.
+modules=*
+# Valid options are 'ondemand' or 'onstartup'.
+modules_load_preference=ondemand
+
+[defaults]
+# Valid options are 'luks1' or 'luks2'
+encryption=luks1
--- /dev/null
+#!/bin/sh
+#
+# after.init: if executable, called by ufw-init. See 'man ufw-framework' for
+# details. Note that output from these scripts is not seen via the
+# the ufw command, but instead via ufw-init.
+#
+# Copyright 2013 Canonical Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3,
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+set -e
+
+case "$1" in
+start)
+ # typically required
+ ;;
+stop)
+ # typically required
+ ;;
+status)
+ # optional
+ ;;
+flush-all)
+ # optional
+ ;;
+*)
+ echo "'$1' not supported"
+ echo "Usage: after.init {start|stop|flush-all|status}"
+ ;;
+esac
--- /dev/null
+#
+# rules.input-after
+#
+# Rules that should be run after the ufw command line added rules. Custom
+# rules should be added to one of these chains:
+# ufw-after-input
+# ufw-after-output
+# ufw-after-forward
+#
+
+# Don't delete these required lines, otherwise there will be errors
+*filter
+:ufw-after-input - [0:0]
+:ufw-after-output - [0:0]
+:ufw-after-forward - [0:0]
+# End required lines
+
+# don't log noisy services by default
+-A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input
+-A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input
+-A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input
+-A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input
+-A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input
+-A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input
+
+# don't log noisy broadcast
+-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
+
+# don't delete the 'COMMIT' line or these rules won't be processed
+COMMIT
--- /dev/null
+#
+# rules.input-after
+#
+# Rules that should be run after the ufw command line added rules. Custom
+# rules should be added to one of these chains:
+# ufw6-after-input
+# ufw6-after-output
+# ufw6-after-forward
+#
+
+# Don't delete these required lines, otherwise there will be errors
+*filter
+:ufw6-after-input - [0:0]
+:ufw6-after-output - [0:0]
+:ufw6-after-forward - [0:0]
+# End required lines
+
+# don't log noisy services by default
+-A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input
+-A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input
+-A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input
+-A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input
+-A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input
+-A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input
+
+# don't delete the 'COMMIT' line or these rules won't be processed
+COMMIT
--- /dev/null
+[Nginx HTTP]
+title=Web Server (Nginx, HTTP)
+description=Small, but very powerful and efficient web server
+ports=80/tcp
+
+[Nginx HTTPS]
+title=Web Server (Nginx, HTTPS)
+description=Small, but very powerful and efficient web server
+ports=443/tcp
+
+[Nginx Full]
+title=Web Server (Nginx, HTTP + HTTPS)
+description=Small, but very powerful and efficient web server
+ports=80,443/tcp
--- /dev/null
+[OpenSSH]
+title=Secure shell server, an rshd replacement
+description=OpenSSH is a free implementation of the Secure Shell protocol.
+ports=22/tcp
--- /dev/null
+#!/bin/sh
+#
+# before.init: if executable, called by ufw-init. See 'man ufw-framework' for
+# details. Note that output from these scripts is not seen via the
+# the ufw command, but instead via ufw-init.
+#
+# Copyright 2013 Canonical Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3,
+# as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+set -e
+
+case "$1" in
+start)
+ # typically required
+ ;;
+stop)
+ # typically required
+ ;;
+status)
+ # optional
+ ;;
+flush-all)
+ # optional
+ ;;
+*)
+ echo "'$1' not supported"
+ echo "Usage: before.init {start|stop|flush-all|status}"
+ ;;
+esac
--- /dev/null
+#
+# rules.before
+#
+# Rules that should be run before the ufw command line added rules. Custom
+# rules should be added to one of these chains:
+# ufw-before-input
+# ufw-before-output
+# ufw-before-forward
+#
+
+# Don't delete these required lines, otherwise there will be errors
+*filter
+:ufw-before-input - [0:0]
+:ufw-before-output - [0:0]
+:ufw-before-forward - [0:0]
+:ufw-not-local - [0:0]
+# End required lines
+
+
+# allow all on loopback
+-A ufw-before-input -i lo -j ACCEPT
+-A ufw-before-output -o lo -j ACCEPT
+
+# quickly process packets for which we already have a connection
+-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+# drop INVALID packets (logs these in loglevel medium and higher)
+-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
+-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
+
+# ok icmp codes for INPUT
+-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
+-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
+-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
+-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
+
+# ok icmp code for FORWARD
+-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
+-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
+-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
+-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
+
+# allow dhcp client to work
+-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
+
+#
+# ufw-not-local
+#
+-A ufw-before-input -j ufw-not-local
+
+# if LOCAL, RETURN
+-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
+
+# if MULTICAST, RETURN
+-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
+
+# if BROADCAST, RETURN
+-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
+
+# all other non-local packets are dropped
+-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
+-A ufw-not-local -j DROP
+
+# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
+# is uncommented)
+-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
+
+# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
+# is uncommented)
+-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
+
+# don't delete the 'COMMIT' line or these rules won't be processed
+COMMIT
--- /dev/null
+#
+# rules.before
+#
+# Rules that should be run before the ufw command line added rules. Custom
+# rules should be added to one of these chains:
+# ufw6-before-input
+# ufw6-before-output
+# ufw6-before-forward
+#
+
+# Don't delete these required lines, otherwise there will be errors
+*filter
+:ufw6-before-input - [0:0]
+:ufw6-before-output - [0:0]
+:ufw6-before-forward - [0:0]
+# End required lines
+
+
+# allow all on loopback
+-A ufw6-before-input -i lo -j ACCEPT
+-A ufw6-before-output -o lo -j ACCEPT
+
+# drop packets with RH0 headers
+-A ufw6-before-input -m rt --rt-type 0 -j DROP
+-A ufw6-before-forward -m rt --rt-type 0 -j DROP
+-A ufw6-before-output -m rt --rt-type 0 -j DROP
+
+# quickly process packets for which we already have a connection
+-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+# multicast ping replies are part of the ok icmp codes for INPUT (rfc4890,
+# 4.4.1 and 4.4.2), but don't have an associated connection and are otherwise
+# be marked INVALID, so allow here instead.
+-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
+# drop INVALID packets (logs these in loglevel medium and higher)
+-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
+-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
+
+# ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2)
+-A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+-A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
+# codes 0 and 1
+-A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+# codes 0-2 (echo-reply needs to be before INVALID, see above)
+-A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+-A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
+-A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
+-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
+-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
+# IND solicitation
+-A ufw6-before-input -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
+# IND advertisement
+-A ufw6-before-input -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
+# MLD query
+-A ufw6-before-input -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
+# MLD report
+-A ufw6-before-input -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
+# MLD done
+-A ufw6-before-input -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
+# MLD report v2
+-A ufw6-before-input -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
+# SEND certificate path solicitation
+-A ufw6-before-input -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
+# SEND certificate path advertisement
+-A ufw6-before-input -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
+# MR advertisement
+-A ufw6-before-input -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
+# MR solicitation
+-A ufw6-before-input -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
+# MR termination
+-A ufw6-before-input -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
+
+# ok icmp codes for OUTPUT (rfc4890, 4.4.1 and 4.4.2)
+-A ufw6-before-output -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
+# codes 0 and 1
+-A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+# codes 0-2
+-A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
+-A ufw6-before-output -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
+# IND solicitation
+-A ufw6-before-output -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
+# IND advertisement
+-A ufw6-before-output -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
+# MLD query
+-A ufw6-before-output -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
+# MLD report
+-A ufw6-before-output -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
+# MLD done
+-A ufw6-before-output -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
+# MLD report v2
+-A ufw6-before-output -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
+# SEND certificate path solicitation
+-A ufw6-before-output -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
+# SEND certificate path advertisement
+-A ufw6-before-output -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
+# MR advertisement
+-A ufw6-before-output -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
+# MR solicitation
+-A ufw6-before-output -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
+# MR termination
+-A ufw6-before-output -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
+
+# ok icmp codes for FORWARD (rfc4890, 4.3.1)
+-A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+-A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
+# codes 0 and 1
+-A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+# codes 0-2
+-A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+# ok icmp codes for FORWARD (rfc4890, 4.3.2)
+# Home Agent Address Discovery Reques
+-A ufw6-before-input -p icmpv6 --icmpv6-type 144 -j ACCEPT
+# Home Agent Address Discovery Reply
+-A ufw6-before-input -p icmpv6 --icmpv6-type 145 -j ACCEPT
+# Mobile Prefix Solicitation
+-A ufw6-before-input -p icmpv6 --icmpv6-type 146 -j ACCEPT
+# Mobile Prefix Advertisement
+-A ufw6-before-input -p icmpv6 --icmpv6-type 147 -j ACCEPT
+
+# allow dhcp client to work
+-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT
+
+# allow MULTICAST mDNS for service discovery
+-A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT
+
+# allow MULTICAST UPnP for service discovery
+-A ufw6-before-input -p udp -d ff02::f --dport 1900 -j ACCEPT
+
+# don't delete the 'COMMIT' line or these rules won't be processed
+COMMIT
--- /dev/null
+#
+# Configuration file for setting network variables. Please note these settings
+# override /etc/sysctl.conf and /etc/sysctl.d. If you prefer to use
+# /etc/sysctl.conf, please adjust IPT_SYSCTL in /etc/default/ufw. See
+# Documentation/networking/ip-sysctl.txt in the kernel source code for more
+# information.
+#
+
+# Uncomment this to allow this host to route packets between interfaces
+#net/ipv4/ip_forward=1
+#net/ipv6/conf/default/forwarding=1
+#net/ipv6/conf/all/forwarding=1
+
+# Disable ICMP redirects. ICMP redirects are rarely used but can be used in
+# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate
+# traffic to those sites.
+net/ipv4/conf/all/accept_redirects=0
+net/ipv4/conf/default/accept_redirects=0
+net/ipv6/conf/all/accept_redirects=0
+net/ipv6/conf/default/accept_redirects=0
+
+# Ignore bogus ICMP errors
+net/ipv4/icmp_echo_ignore_broadcasts=1
+net/ipv4/icmp_ignore_bogus_error_responses=1
+net/ipv4/icmp_echo_ignore_all=0
+
+# Don't log Martian Packets (impossible addresses)
+# packets
+net/ipv4/conf/all/log_martians=0
+net/ipv4/conf/default/log_martians=0
+
+#net/ipv4/tcp_fin_timeout=30
+#net/ipv4/tcp_keepalive_intvl=1800
+
+# Uncomment this to turn off ipv6 autoconfiguration
+#net/ipv6/conf/default/autoconf=1
+#net/ipv6/conf/all/autoconf=1
+
+# Uncomment this to enable ipv6 privacy addressing
+#net/ipv6/conf/default/use_tempaddr=2
+#net/ipv6/conf/all/use_tempaddr=2
--- /dev/null
+# /etc/ufw/ufw.conf
+#
+
+# Set to yes to start on boot. If setting this remotely, be sure to add a rule
+# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
+ENABLED=yes
+
+# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
+# See 'man ufw' for details.
+LOGLEVEL=low
--- /dev/null
+*filter
+:ufw-user-input - [0:0]
+:ufw-user-output - [0:0]
+:ufw-user-forward - [0:0]
+:ufw-before-logging-input - [0:0]
+:ufw-before-logging-output - [0:0]
+:ufw-before-logging-forward - [0:0]
+:ufw-user-logging-input - [0:0]
+:ufw-user-logging-output - [0:0]
+:ufw-user-logging-forward - [0:0]
+:ufw-after-logging-input - [0:0]
+:ufw-after-logging-output - [0:0]
+:ufw-after-logging-forward - [0:0]
+:ufw-logging-deny - [0:0]
+:ufw-logging-allow - [0:0]
+:ufw-user-limit - [0:0]
+:ufw-user-limit-accept - [0:0]
+### RULES ###
+
+### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
+-A ufw-user-input -p tcp --dport 22 -j ACCEPT
+-A ufw-user-input -p udp --dport 22 -j ACCEPT
+
+### tuple ### allow tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Nginx%20Full - in
+-A ufw-user-input -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment 'dapp_Nginx%20Full'
+
+### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 OpenSSH - in
+-A ufw-user-input -p tcp --dport 22 -j ACCEPT -m comment --comment 'dapp_OpenSSH'
+
+### END RULES ###
+
+### LOGGING ###
+-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+### END LOGGING ###
+
+### RATE LIMITING ###
+-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
+-A ufw-user-limit -j REJECT
+-A ufw-user-limit-accept -j ACCEPT
+### END RATE LIMITING ###
+COMMIT
--- /dev/null
+*filter
+:ufw6-user-input - [0:0]
+:ufw6-user-output - [0:0]
+:ufw6-user-forward - [0:0]
+:ufw6-before-logging-input - [0:0]
+:ufw6-before-logging-output - [0:0]
+:ufw6-before-logging-forward - [0:0]
+:ufw6-user-logging-input - [0:0]
+:ufw6-user-logging-output - [0:0]
+:ufw6-user-logging-forward - [0:0]
+:ufw6-after-logging-input - [0:0]
+:ufw6-after-logging-output - [0:0]
+:ufw6-after-logging-forward - [0:0]
+:ufw6-logging-deny - [0:0]
+:ufw6-logging-allow - [0:0]
+:ufw6-user-limit - [0:0]
+:ufw6-user-limit-accept - [0:0]
+### RULES ###
+
+### tuple ### allow any 22 ::/0 any ::/0 in
+-A ufw6-user-input -p tcp --dport 22 -j ACCEPT
+-A ufw6-user-input -p udp --dport 22 -j ACCEPT
+
+### tuple ### allow tcp 80,443 ::/0 any ::/0 Nginx%20Full - in
+-A ufw6-user-input -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment 'dapp_Nginx%20Full'
+
+### tuple ### allow tcp 22 ::/0 any ::/0 OpenSSH - in
+-A ufw6-user-input -p tcp --dport 22 -j ACCEPT -m comment --comment 'dapp_OpenSSH'
+
+### END RULES ###
+
+### LOGGING ###
+-A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+-A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+-A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+### END LOGGING ###
+
+### RATE LIMITING ###
+-A ufw6-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
+-A ufw6-user-limit -j REJECT
+-A ufw6-user-limit-accept -j ACCEPT
+### END RATE LIMITING ###
+COMMIT
--- /dev/null
+# default location for the meta-release file
+
+[METARELEASE]
+URI = https://changelogs.ubuntu.com/meta-release
+URI_LTS = https://changelogs.ubuntu.com/meta-release-lts
+URI_UNSTABLE_POSTFIX = -development
+URI_PROPOSED_POSTFIX = -proposed
--- /dev/null
+# Default behavior for the release upgrader.
+
+[DEFAULT]
+# Default prompting and upgrade behavior, valid options:
+#
+# never - Never check for, or allow upgrading to, a new release.
+# normal - Check to see if a new release is available. If more than one new
+# release is found, the release upgrader will attempt to upgrade to
+# the supported release that immediately succeeds the
+# currently-running release.
+# lts - Check to see if a new LTS release is available. The upgrader
+# will attempt to upgrade to the first LTS release available after
+# the currently-running one. Note that if this option is used and
+# the currently-running release is not itself an LTS release the
+# upgrader will assume prompt was meant to be normal.
+Prompt=lts
--- /dev/null
+[Sources]
+Pockets=security,updates,proposed,backports,infra-security,infra-updates,apps-security,apps-updates
+[Distro]
+PostInstallScripts=./xorg_fix_proprietary.py, /usr/lib/ubuntu-advantage/upgrade_lts_contract.py
--- /dev/null
+#!/bin/sh
+#
+# 00-header - create the header of the MOTD
+# Copyright (C) 2009-2010 Canonical Ltd.
+#
+# Authors: Dustin Kirkland <kirkland@canonical.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+[ -r /etc/lsb-release ] && . /etc/lsb-release
+
+if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
+ # Fall back to using the very slow lsb_release utility
+ DISTRIB_DESCRIPTION=$(lsb_release -s -d)
+fi
+
+printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
--- /dev/null
+#!/bin/sh
+#
+# 10-help-text - print the help text associated with the distro
+# Copyright (C) 2009-2010 Canonical Ltd.
+#
+# Authors: Dustin Kirkland <kirkland@canonical.com>,
+# Brian Murray <brian@canonical.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+printf "\n"
+printf " * Documentation: https://help.ubuntu.com\n"
+printf " * Management: https://landscape.canonical.com\n"
+printf " * Support: https://ubuntu.com/advantage\n"
--- /dev/null
+/usr/share/landscape/landscape-sysinfo.wrapper
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+#
+# 50-motd-news - print the live news from the Ubuntu wire
+# Copyright (C) 2016-2020 Canonical Ltd.
+# Copyright (C) 2016-2017 Dustin Kirkland
+#
+# Authors: Dustin Kirkland <kirkland@canonical.com>
+# Steve Langasek <steve.langasek@canonical.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+##############################################################################
+# This program could be rewritten in C or Golang for faster performance.
+# Or it could be rewritten in Python or another higher level language
+# for more modularity.
+# However, I've insisted on shell here for transparency!
+# - Dustin
+##############################################################################
+
+# Source the local configuration
+[ -r /etc/default/motd-news ] && . /etc/default/motd-news
+
+# Exit immediately, unless we're enabled
+# This makes this script very easy to disable in /etc/default/motd-news configuration
+[ "$ENABLED" = "1" ] || exit 0
+
+# Ensure sane defaults
+[ -n "$URLS" ] || URLS="https://motd.ubuntu.com"
+[ -n "$WAIT" ] || WAIT=5
+[ -n "$CACHE" ] || CACHE="/var/cache/motd-news"
+[ "$1" = "--force" ] && FORCED=1
+
+# Ensure we print safely, maximum of the first 10 lines,
+# maximum of the first 80 chars per line, no control chars
+safe_print() {
+ cat "$1" | head -n 10 | tr -d '\000-\011\013\014\016-\037' | cut -c -80
+}
+
+
+# If we're not forcing an update, and we have a cached motd-news file,
+# then just print it and exit as quickly as possible, for login performance.
+# Note that systemd should keep this cache file up to date, asynchronously
+if [ "$FORCED" != "1" ]; then
+ if [ -r $CACHE ]; then
+ echo
+ safe_print $CACHE
+ elif [ "$(id -u)" -eq 0 ]; then
+ : > $CACHE
+ fi
+ exit 0
+fi
+
+# If we've made it here, we've been given the --force argument,
+# probably from the systemd motd-news.service. Let's update...
+
+# Abort early if wget is missing
+[ -x /usr/bin/wget ] || exit 0
+
+# Generate our temp files, clean up when done
+NEWS=$(mktemp) || exit 1
+ERR=$(mktemp) || exit 1
+CLOUD=$(mktemp) || exit 1
+trap "rm -f $NEWS $ERR $CLOUD" HUP INT QUIT ILL TRAP KILL BUS TERM
+
+# Construct a user agent, similar to Firefox/Chrome/Safari/IE to
+# ensure a proper, tailored, accurate message of the day
+
+# wget browser version, for debug purposes
+wget_ver="$(dpkg -l wget | awk '$1 == "ii" { print($3); exit(0); }')"
+
+# Distribution version, for messages releated to this Ubuntu release
+. /etc/lsb-release
+lsb=$(echo "$DISTRIB_DESCRIPTION" | sed -e "s/ /\//g")
+codename="$DISTRIB_CODENAME"
+
+# Kernel version and CPU type, for messages related to a particular revision or hardware
+platform="$(uname -o)/$(uname -r)/$(uname -m)"
+arch="$(uname -m)"
+cpu="$(grep -m1 "^model name" /proc/cpuinfo | sed -e "s/.*: //" -e "s:\s\+:/:g")"
+cloud_id="unknown"
+if [ -x /usr/bin/cloud-id ]; then
+ /usr/bin/cloud-id > "$CLOUD" 2>/dev/null
+ if [ "$?" -eq "0" ]; then
+ # sanitize it a bit, just in case
+ cloud_id=$(cut -c -40 "${CLOUD}" | tr -c -d '[:alnum:]')
+ if [ -z "${cloud_id}" ]; then
+ cloud_id="unknown"
+ fi
+ fi
+fi
+
+# Piece together the user agent
+USER_AGENT="wget/$wget_ver $lsb $platform $cpu cloud_id/$cloud_id"
+
+# Loop over any configured URLs
+for u in $URLS; do
+ # Ensure https:// protocol, for security reasons
+ case $u in
+ https://*)
+ true
+ ;;
+ https://motd.ubuntu.com)
+ u="$u/$codename/$arch"
+ ;;
+ *)
+ continue
+ ;;
+ esac
+ # If we're forced, set the wait to much higher (1 minute)
+ [ "$FORCED" = "1" ] && WAIT=60
+ # Fetch and print the news motd
+ result=0
+ not_found_is_ok=0
+ wget --timeout "$WAIT" -U "$USER_AGENT" -O- --content-on-error "$u" >"$NEWS" 2>"$ERR" || result=$?
+ # from wget's manpage: 8 Server issued an error response.
+ if [ $result -eq 8 ]; then
+ if grep -q "ERROR 404" "$ERR"; then
+ # The server's 404 document is the generic, non cloud-specific, motd-news
+ # content present in the index.txt file
+ not_found_is_ok=1
+ fi
+ fi
+ if [ $result -eq 0 ] || [ $not_found_is_ok -eq 1 ]; then
+ echo
+ # At most, 10 lines of text, remove control characters, print at most 80 characters per line
+ safe_print "$NEWS"
+ # Try to update the cache
+ safe_print "$NEWS" 2>/dev/null >$CACHE || true
+ else
+ : > "$CACHE"
+ fi
+done
+rm -f "$NEWS" "$ERR" "$CLOUD"
+exit 0
--- /dev/null
+#!/bin/sh
+
+if [ -f /run/motd.d/85-fwupd ]; then
+ cat /run/motd.d/85-fwupd
+fi
--- /dev/null
+#!/bin/sh
+stamp="/var/lib/ubuntu-advantage/messages/motd-esm-announce"
+
+[ ! -r "$stamp" ] || cat "$stamp"
--- /dev/null
+#!/bin/sh
+
+stamp="/var/lib/update-notifier/updates-available"
+
+[ ! -r "$stamp" ] || cat "$stamp"
+
+find $stamp -newermt 'now-7 days' 2> /dev/null | grep -q -m 1 '.' || /usr/share/update-notifier/notify-updates-outdated
--- /dev/null
+#!/bin/sh
+stamp="/var/lib/ubuntu-advantage/messages/motd-esm-service-status"
+
+[ ! -r "$stamp" ] || cat "$stamp"
--- /dev/null
+#!/bin/sh
+
+# if the current release is under development there won't be a new one
+if [ "$(lsb_release -sd | cut -d' ' -f4)" = "(development" ]; then
+ exit 0
+fi
+
+# if it is non-root user, skip
+if [ $(id -u) -ne 0 ]; then
+ exit 0
+fi
+
+if [ -x /usr/lib/ubuntu-release-upgrader/release-upgrade-motd ]; then
+ exec /usr/lib/ubuntu-release-upgrader/release-upgrade-motd
+fi
--- /dev/null
+#!/bin/sh
+
+if [ -x /usr/share/unattended-upgrades/update-motd-unattended-upgrades ]; then
+ exec /usr/share/unattended-upgrades/update-motd-unattended-upgrades
+fi
--- /dev/null
+#!/bin/sh
+
+if [ -x /usr/lib/update-notifier/update-motd-hwe-eol ]; then
+ exec /usr/lib/update-notifier/update-motd-hwe-eol
+fi
--- /dev/null
+#!/bin/sh
+
+(egrep "overlayroot|/media/root-ro|/media/root-rw" /proc/mounts 2>/dev/null | sort -r) || true
+echo
--- /dev/null
+#!/bin/sh
+
+if [ -x /usr/lib/update-notifier/update-motd-fsck-at-reboot ]; then
+ exec /usr/lib/update-notifier/update-motd-fsck-at-reboot
+fi
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+
+if [ -x /usr/lib/update-notifier/update-motd-reboot-required ]; then
+ exec /usr/lib/update-notifier/update-motd-reboot-required
+fi
\ No newline at end of file
--- /dev/null
+# Configuration for the usb_modeswitch package, a mode switching tool for
+# USB devices providing multiple states or modes
+#
+# Evaluated by the wrapper script /usr/sbin/usb_modeswitch_dispatcher
+#
+# To enable an option, set it to "1", "yes" or "true" (case doesn't matter)
+# Everything else counts as "disable"
+
+
+# Disable automatic mode switching globally (e.g. to access the original
+# install storage)
+
+DisableSwitching=0
+
+# Disable check for MBIM module presence and configuration globally (to aid
+# special embedded environments). Available as per-device parameter
+# 'NoMBIMCheck'
+
+DisableMBIMGlobal=0
+
+# Enable logging (results in a extensive report file in /var/log, named
+# "usb_modeswitch_<interface-name>" and probably others
+
+EnableLogging=0
+
+# Optional increase of "delay_use" for the usb-storage driver; there are hints
+# that a recent kernel default change to 1 sec. may lead to problems, particu-
+# larly with USB 3.0 ports. Set this to at least 3 (seconds) in that case.
+# Does nothing if the current system value is same or higher
+
+#SetStorageDelay=4
+
+# If the configuration for your Huawei modem uses the standard switching method,
+# you can globally set an alternative method here which provides a different mode:
+# either plain serial PPP (for older modems) or NCM which integrates nicely
+# with recent Linux distributions, possibly avoiding configuration through a
+# modem built-in web page. All other modems are not affected.
+# Available as per-device parameter 'AltHuaweiMode'
+
+HuaweiAltModeGlobal=0
--- /dev/null
+" All system-wide defaults are set in $VIMRUNTIME/debian.vim and sourced by
+" the call to :runtime you can find below. If you wish to change any of those
+" settings, you should do it in this file (/etc/vim/vimrc), since debian.vim
+" will be overwritten everytime an upgrade of the vim packages is performed.
+" It is recommended to make changes after sourcing debian.vim since it alters
+" the value of the 'compatible' option.
+
+runtime! debian.vim
+
+" Vim will load $VIMRUNTIME/defaults.vim if the user does not have a vimrc.
+" This happens after /etc/vim/vimrc(.local) are loaded, so it will override
+" any settings in these files.
+" If you don't want that to happen, uncomment the below line to prevent
+" defaults.vim from being loaded.
+" let g:skip_defaults_vim = 1
+
+" Uncomment the next line to make Vim more Vi-compatible
+" NOTE: debian.vim sets 'nocompatible'. Setting 'compatible' changes numerous
+" options, so any other options should be set AFTER setting 'compatible'.
+"set compatible
+
+" Vim5 and later versions support syntax highlighting. Uncommenting the next
+" line enables syntax highlighting by default.
+if has("syntax")
+ syntax on
+endif
+
+" If using a dark background within the editing area and syntax highlighting
+" turn on this option as well
+"set background=dark
+
+" Uncomment the following to have Vim jump to the last position when
+" reopening a file
+"au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
+
+" Uncomment the following to have Vim load indentation rules and plugins
+" according to the detected filetype.
+"filetype plugin indent on
+
+" The following are commented out as they cause vim to behave a lot
+" differently from regular Vi. They are highly recommended though.
+"set showcmd " Show (partial) command in status line.
+"set showmatch " Show matching brackets.
+"set ignorecase " Do case insensitive matching
+"set smartcase " Do smart case matching
+"set incsearch " Incremental search
+"set autowrite " Automatically save before commands like :next and :make
+"set hidden " Hide buffers when they are abandoned
+"set mouse=a " Enable mouse usage (all modes)
+
+" Source a global configuration file if available
+if filereadable("/etc/vim/vimrc.local")
+ source /etc/vim/vimrc.local
+endif
+
--- /dev/null
+" Vim configuration file, in effect when invoked as "vi". The aim of this
+" configuration file is to provide a Vim environment as compatible with the
+" original vi as possible. Note that ~/.vimrc configuration files as other
+" configuration files in the runtimepath are still sourced.
+" When Vim is invoked differently ("vim", "view", "evim", ...) this file is
+" _not_ sourced; /etc/vim/vimrc and/or /etc/vim/gvimrc are.
+
+" Debian system-wide default configuration Vim
+set runtimepath=~/.vim,/var/lib/vim/addons,/usr/share/vim/vimfiles,/usr/share/vim/vim81,/usr/share/vim/vimfiles/after,/var/lib/vim/addons/after,~/.vim/after
+
+set compatible
+
+" vim: set ft=vim:
--- /dev/null
+#!/bin/sh
+##########################################################
+# Copyright (C) 2010-2016 VMware, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation version 2.1 and no later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+##########################################################
+
+##########################################################################
+# DO NOT modify this file directly as it will be overwritten the next
+# time the VMware Tools are installed.
+##########################################################################
+
+#
+# statechange.sh
+#
+# This script is a refactored version of the legacy power scripts (e.g.,
+# poweron-vm-default). It expects to be installed in their places --
+# in other words, `basename "$0"` might be poweron-vm-default.
+#
+# Handy reference/shorthand used in this doc/scripts:
+# TOOLS_CONFDIR ::= Depends on platform and installation settings. Likely
+# "/etc/vmware-tools" or
+# "/Library/Application Support/VMware Tools"
+# powerOp ::= One of "poweron-vm", "poweroff-vm", "suspend-vm", and
+# "resume-vm".
+# vmwScriptDir ::= $TOOLS_CONFDIR/scripts/vmware
+# userScriptDir ::= $TOOLS_CONFDIR/scripts/${powerOp}-default.d
+#
+# End users may install scripts of their own under $userScriptDir. They
+# are executed in alphabetical order with "$powerOp" as the only argument.
+#
+# NB: This directory layout remains to preserve backwards compatibility. End
+# users are free to write a single script which uses its only parameter
+# (${powerOp}) as a discriminator, and then install symlinks to it in each
+# of the ${powerOp}-default.d directories.
+#
+# On power-on and resume, VMware's scripts execute before the end user's. On
+# suspend and power-off, the end user's execute before VMware's. (This way,
+# VMware stops services only after the user's scripts have finished their
+# work, and conversely restores the same services before the user's scripts
+# attempt to use them.)
+#
+# Should any script exit non-zero, only its value will be saved to exitCode.
+# (Any further non-zero exits will have no effect on exitCode.) This script
+# exits with $exitCode.
+#
+# XXX Consider using the available/enabled pattern for VMware's scripts.
+#
+# XXX This should be staged as a single executable whereby the desired
+# power operation is passed in as a parameter. (I.e., one would run
+# "/path/to/statechange.sh suspend-vm" rather than having to install
+# statechange.sh as suspend-vm-default.)
+#
+
+echo `date` ": Executing '$0'"
+
+# See above.
+TOOLS_CONFDIR=`dirname "$0"`
+export TOOLS_CONFDIR
+
+# Pull in subroutines like Panic.
+. "$TOOLS_CONFDIR"/statechange.subr
+
+
+#
+# RunScripts --
+#
+# Executes scripts installed under $scriptDir.
+#
+# Side effects:
+# exitCode may be incremented.
+#
+
+RunScripts() {
+ scriptDir="$1"
+
+ if [ -d "$scriptDir" ]; then
+ for scriptFile in "$scriptDir"/*; do
+ if [ -x "$scriptFile" ]; then
+ "$scriptFile" $powerOp
+ exitCode=`expr $exitCode \| $?`
+ fi
+ done
+ fi
+}
+
+
+#
+# main --
+#
+# Entry point. See comments at top of file for details.
+#
+# Results:
+# Exits with $exitCode.
+#
+
+main() {
+ # This is sanity checked in the case/esac bit below.
+ powerOp=`basename "$0" | sed 's,-default,,'`
+ exitCode=0
+
+ vmwScriptDir="$TOOLS_CONFDIR/scripts/vmware"
+ userScriptDir="$TOOLS_CONFDIR/scripts/${powerOp}-default.d"
+
+ case "$powerOp" in
+ poweron-vm|resume-vm)
+ RunScripts "$vmwScriptDir"
+ RunScripts "$userScriptDir"
+ ;;
+ poweroff-vm|suspend-vm)
+ RunScripts "$userScriptDir"
+ RunScripts "$vmwScriptDir"
+ ;;
+ *)
+ Panic "Invalid argument: $powerOp"
+ ;;
+ esac
+
+ return $exitCode
+}
+
+main
--- /dev/null
+#!/bin/sh
+##########################################################
+# Copyright (C) 2010-2016 VMware, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation version 2.1 and no later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+##########################################################
+
+##########################################################################
+# DO NOT modify this file directly as it will be overwritten the next
+# time the VMware Tools are installed.
+##########################################################################
+
+#
+# statechange.sh
+#
+# This script is a refactored version of the legacy power scripts (e.g.,
+# poweron-vm-default). It expects to be installed in their places --
+# in other words, `basename "$0"` might be poweron-vm-default.
+#
+# Handy reference/shorthand used in this doc/scripts:
+# TOOLS_CONFDIR ::= Depends on platform and installation settings. Likely
+# "/etc/vmware-tools" or
+# "/Library/Application Support/VMware Tools"
+# powerOp ::= One of "poweron-vm", "poweroff-vm", "suspend-vm", and
+# "resume-vm".
+# vmwScriptDir ::= $TOOLS_CONFDIR/scripts/vmware
+# userScriptDir ::= $TOOLS_CONFDIR/scripts/${powerOp}-default.d
+#
+# End users may install scripts of their own under $userScriptDir. They
+# are executed in alphabetical order with "$powerOp" as the only argument.
+#
+# NB: This directory layout remains to preserve backwards compatibility. End
+# users are free to write a single script which uses its only parameter
+# (${powerOp}) as a discriminator, and then install symlinks to it in each
+# of the ${powerOp}-default.d directories.
+#
+# On power-on and resume, VMware's scripts execute before the end user's. On
+# suspend and power-off, the end user's execute before VMware's. (This way,
+# VMware stops services only after the user's scripts have finished their
+# work, and conversely restores the same services before the user's scripts
+# attempt to use them.)
+#
+# Should any script exit non-zero, only its value will be saved to exitCode.
+# (Any further non-zero exits will have no effect on exitCode.) This script
+# exits with $exitCode.
+#
+# XXX Consider using the available/enabled pattern for VMware's scripts.
+#
+# XXX This should be staged as a single executable whereby the desired
+# power operation is passed in as a parameter. (I.e., one would run
+# "/path/to/statechange.sh suspend-vm" rather than having to install
+# statechange.sh as suspend-vm-default.)
+#
+
+echo `date` ": Executing '$0'"
+
+# See above.
+TOOLS_CONFDIR=`dirname "$0"`
+export TOOLS_CONFDIR
+
+# Pull in subroutines like Panic.
+. "$TOOLS_CONFDIR"/statechange.subr
+
+
+#
+# RunScripts --
+#
+# Executes scripts installed under $scriptDir.
+#
+# Side effects:
+# exitCode may be incremented.
+#
+
+RunScripts() {
+ scriptDir="$1"
+
+ if [ -d "$scriptDir" ]; then
+ for scriptFile in "$scriptDir"/*; do
+ if [ -x "$scriptFile" ]; then
+ "$scriptFile" $powerOp
+ exitCode=`expr $exitCode \| $?`
+ fi
+ done
+ fi
+}
+
+
+#
+# main --
+#
+# Entry point. See comments at top of file for details.
+#
+# Results:
+# Exits with $exitCode.
+#
+
+main() {
+ # This is sanity checked in the case/esac bit below.
+ powerOp=`basename "$0" | sed 's,-default,,'`
+ exitCode=0
+
+ vmwScriptDir="$TOOLS_CONFDIR/scripts/vmware"
+ userScriptDir="$TOOLS_CONFDIR/scripts/${powerOp}-default.d"
+
+ case "$powerOp" in
+ poweron-vm|resume-vm)
+ RunScripts "$vmwScriptDir"
+ RunScripts "$userScriptDir"
+ ;;
+ poweroff-vm|suspend-vm)
+ RunScripts "$userScriptDir"
+ RunScripts "$vmwScriptDir"
+ ;;
+ *)
+ Panic "Invalid argument: $powerOp"
+ ;;
+ esac
+
+ return $exitCode
+}
+
+main
--- /dev/null
+#!/bin/sh
+##########################################################
+# Copyright (C) 2010-2016 VMware, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation version 2.1 and no later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+##########################################################
+
+##########################################################################
+# DO NOT modify this file directly as it will be overwritten the next
+# time the VMware Tools are installed.
+##########################################################################
+
+#
+# statechange.sh
+#
+# This script is a refactored version of the legacy power scripts (e.g.,
+# poweron-vm-default). It expects to be installed in their places --
+# in other words, `basename "$0"` might be poweron-vm-default.
+#
+# Handy reference/shorthand used in this doc/scripts:
+# TOOLS_CONFDIR ::= Depends on platform and installation settings. Likely
+# "/etc/vmware-tools" or
+# "/Library/Application Support/VMware Tools"
+# powerOp ::= One of "poweron-vm", "poweroff-vm", "suspend-vm", and
+# "resume-vm".
+# vmwScriptDir ::= $TOOLS_CONFDIR/scripts/vmware
+# userScriptDir ::= $TOOLS_CONFDIR/scripts/${powerOp}-default.d
+#
+# End users may install scripts of their own under $userScriptDir. They
+# are executed in alphabetical order with "$powerOp" as the only argument.
+#
+# NB: This directory layout remains to preserve backwards compatibility. End
+# users are free to write a single script which uses its only parameter
+# (${powerOp}) as a discriminator, and then install symlinks to it in each
+# of the ${powerOp}-default.d directories.
+#
+# On power-on and resume, VMware's scripts execute before the end user's. On
+# suspend and power-off, the end user's execute before VMware's. (This way,
+# VMware stops services only after the user's scripts have finished their
+# work, and conversely restores the same services before the user's scripts
+# attempt to use them.)
+#
+# Should any script exit non-zero, only its value will be saved to exitCode.
+# (Any further non-zero exits will have no effect on exitCode.) This script
+# exits with $exitCode.
+#
+# XXX Consider using the available/enabled pattern for VMware's scripts.
+#
+# XXX This should be staged as a single executable whereby the desired
+# power operation is passed in as a parameter. (I.e., one would run
+# "/path/to/statechange.sh suspend-vm" rather than having to install
+# statechange.sh as suspend-vm-default.)
+#
+
+echo `date` ": Executing '$0'"
+
+# See above.
+TOOLS_CONFDIR=`dirname "$0"`
+export TOOLS_CONFDIR
+
+# Pull in subroutines like Panic.
+. "$TOOLS_CONFDIR"/statechange.subr
+
+
+#
+# RunScripts --
+#
+# Executes scripts installed under $scriptDir.
+#
+# Side effects:
+# exitCode may be incremented.
+#
+
+RunScripts() {
+ scriptDir="$1"
+
+ if [ -d "$scriptDir" ]; then
+ for scriptFile in "$scriptDir"/*; do
+ if [ -x "$scriptFile" ]; then
+ "$scriptFile" $powerOp
+ exitCode=`expr $exitCode \| $?`
+ fi
+ done
+ fi
+}
+
+
+#
+# main --
+#
+# Entry point. See comments at top of file for details.
+#
+# Results:
+# Exits with $exitCode.
+#
+
+main() {
+ # This is sanity checked in the case/esac bit below.
+ powerOp=`basename "$0" | sed 's,-default,,'`
+ exitCode=0
+
+ vmwScriptDir="$TOOLS_CONFDIR/scripts/vmware"
+ userScriptDir="$TOOLS_CONFDIR/scripts/${powerOp}-default.d"
+
+ case "$powerOp" in
+ poweron-vm|resume-vm)
+ RunScripts "$vmwScriptDir"
+ RunScripts "$userScriptDir"
+ ;;
+ poweroff-vm|suspend-vm)
+ RunScripts "$userScriptDir"
+ RunScripts "$vmwScriptDir"
+ ;;
+ *)
+ Panic "Invalid argument: $powerOp"
+ ;;
+ esac
+
+ return $exitCode
+}
+
+main
--- /dev/null
+#!/bin/sh -x
+##########################################################
+# Copyright (C) 2001-2018 VMware, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation version 2.1 and no later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+##########################################################
+
+
+#
+# network (Linux)
+#
+# Using a combination of a system networking script, ifconfig, ifup, ifdown
+# and the ip command, attempt to release and renew DHCP leases upon receipt
+# of suspend and resume events, respectively.
+#
+
+logbase=/var/log/vmware-network
+logfile=$logbase.log
+
+#
+# Rotate any logs
+#
+rotate_logfile() {
+ max=9
+ max=`expr $max - 1`
+ for s in `seq $max -1 1`; do
+ d=`expr $s + 1`
+ mv -f $logbase.$s.log $logbase.$d.log
+ done
+ mv -f $logbase.log $logbase.1.log
+}
+
+rotate_logfile
+
+# redirect stdio
+exec > $logfile 2>&1
+chmod 0600 $logfile
+
+
+echo `date` ": Executing '$0 $*'"
+echo
+
+. `dirname "$0"`/../../statechange.subr
+
+
+#
+# find_networking_script --
+#
+# Searches common Linux distro init/rc paths to find a singular network
+# services script.
+#
+# Result:
+# Returns a valid networking script path on success or "error" on failure.
+#
+# Side effects:
+# None.
+#
+
+find_networking_script() {
+ local script="error"
+ for dir in "/etc/init.d" "/sbin/init.d" "/etc" "/etc/rc.d" ; do
+ if [ -d "$dir/rc0.d" ] &&
+ [ -d "$dir/rc1.d" ] &&
+ [ -d "$dir/rc2.d" ] &&
+ [ -d "$dir/rc3.d" ] &&
+ [ -d "$dir/rc4.d" ] &&
+ [ -d "$dir/rc5.d" ] &&
+ [ -d "$dir/rc6.d" ]; then
+
+ # Now find the appropriate networking script.
+ if [ -d "$dir/init.d" ]; then
+ if [ -x "$dir/init.d/network" ]; then
+ script="$dir/init.d/network"
+ elif [ -x "$dir/init.d/networking" ]; then
+ script="$dir/init.d/networking"
+ fi
+ else
+ if [ -x "$dir/network" ]; then
+ script="$dir/network"
+ elif [ -x "$dir/networking" ]; then
+ script="$dir/networking"
+ fi
+ fi
+ fi
+ done
+
+ echo "$script"
+}
+
+
+#
+# exec_networking_script --
+#
+# Execute the networking script to bring network interfaces up or down
+# based on the given input action argument.
+#
+
+exec_networking_script()
+{
+ local script=$1
+ local action=$2
+
+ # Using SysV "service" if it exists, otherwise fall back to run the
+ # script directly
+ service=`which service 2>/dev/null`
+ if [ $? = 0 -a -n "$service" ]; then
+ serviceName=`basename "$script"`
+ "$service" "$serviceName" "$action"
+ else
+ "$script" "$action"
+ fi
+
+ return $?
+}
+
+
+#
+# exec_systemctl_service --
+#
+# Handle linux distributions that use systemd to replace the legacy
+# system V startup scripts. The previous network script searching
+# approach is no longer viable in these systems. Invoke the systemctl
+# command to control the network service instead.
+#
+
+exec_systemctl_service()
+{
+ local rc=1
+ local action=$1
+ local ctlcmd=$(which systemctl 2>/dev/null)
+ local service
+
+ [ -z "$ctlcmd" ] && return $rc
+
+ for svc in systemd-networkd network; do
+ if ! $ctlcmd status $svc | grep -iq 'not-found'; then
+ service=$svc && break
+ fi
+ done
+
+ [ -z "$service" ] && return $rc
+
+ $ctlcmd $action $service; rc=$?
+
+ # When use the systemd-networkd service to shut down interfaces, interface
+ # address and state remain unchanged. Need to use ip command to change its
+ # address and state.
+ if [ $rc = 0 -a $service = 'systemd-networkd' -a $action = 'stop' ]; then
+ config_network_intfs $action; rc=$?
+ fi
+
+ return $rc
+}
+
+
+#
+# del_intf_ip --
+#
+# Use the ip command to remove all the addresses of an interface.
+#
+
+del_intf_ip()
+{
+ local nic=$1
+
+ $ip_cmd addr flush dev $nic
+ return $?
+}
+
+
+#
+# ip_intf_ops --
+#
+# Use the ip command to change the state of an interface to up or down.
+#
+
+ip_intf_ops()
+{
+ local rc=1
+ local nic=$1
+ local ops=$2
+
+ [ -z "$ip_cmd" ] && return $rc
+
+ $ip_cmd link set $nic $ops; rc=$?
+
+ # Remove interface addresses when taking an interface down.
+ if [ $rc = 0 -a $ops = down ]; then
+ del_intf_ip $nic; rc=$?
+ fi
+
+ return $rc
+}
+
+
+#
+# intf_ops --
+#
+# Execute the specified command (ifup or ifdown) if available, otherwise use
+# the ip command as fallback. If ifup or ifdown fails, run the ip command to
+# retry the intended operation.
+#
+
+intf_ops()
+{
+ local rc=0
+ local cmd=$1
+ local ops=$2
+ local nic=$3
+ local tmp
+
+ if [ ! -z "$cmd" ]; then
+ tmp=$($cmd $nic 2>&1); rc=$?
+
+ # Some systems still return a successful status even the command fails
+ # because the interface is not configured in the configuration file. So
+ # have to examine the command output to determine the actual status.
+ if [ $rc = 0 ]; then
+ echo $tmp | egrep -iq 'not configured|ignoring unknown' && rc=1
+ fi
+ fi
+
+ # If ifup/ifdown fails, try the ip fallback.
+ if [ -z "$cmd" -o $rc != 0 ]; then
+ ip_intf_ops $nic $ops; rc=$?
+ fi
+
+ return $rc
+}
+
+
+#
+# exec_intf_ops --
+#
+# Perform an operation to bring an individual interface up or down.
+#
+
+exec_intf_ops()
+{
+ local rc=0
+ local action=$1
+ local nic=$2
+
+ case $action in
+ start)
+ intf_ops "$ifup_cmd" up $nic; rc=$?
+ ;;
+ stop)
+ intf_ops "$ifdown_cmd" down $nic; rc=$?
+ ;;
+ *)
+ Panic "Illegal interface action: $action"
+ ;;
+ esac
+
+ return $rc
+}
+
+
+#
+# config_network_intfs --
+#
+# For Linux systems not supporting networking scripts to bring interfaces
+# up or down, provide a way to change the interface state individually.
+#
+
+config_network_intfs()
+{
+ local rc=0
+ local action=$1
+
+ if [ -f "$activeList" ]; then
+
+ while read nic; do
+ exec_intf_ops $action $nic
+ rc=$(expr $rc \| $?)
+ done < $activeList
+ fi
+
+ return $rc
+}
+
+
+#
+# run_network_script --
+#
+# Finds out how to run the system's script used to control networking, and
+# runs it with the given argument (which should be one of the usual SysV
+# init script arguments). If it does not work, tries the other alternatives.
+# So far, our alternatives are (a) systemctl (b) network script (c) perform
+# an individual interface state change.
+#
+
+run_network_script()
+{
+ local action=$1
+ local rc=0
+ local script
+
+ while true; do
+
+ exec_systemctl_service $action
+ [ $? != 0 ] || break
+
+ script=`find_networking_script`
+
+ if [ $script != "error" ]; then
+ exec_networking_script $script $action
+ [ $? != 0 ] || break
+ fi
+
+ # Since all the other alternatives fail, need to manually change
+ # individual interface state.
+ config_network_intfs $action; rc=$?
+ break
+ done
+
+ return $rc
+}
+
+
+#
+# save_active_NIC_list --
+#
+# Records a list of every active NIC to /var/run/vmware-active-nics.
+#
+# XXX What's the story on aliases? Should they still be included, or will
+# they be recreated automatically upon resume?
+#
+# Results:
+# $activeList has, one per line, a list of all active NICs.
+#
+# Side effects:
+# None.
+#
+
+save_active_NIC_list()
+{
+ local intf_out
+
+ >$activeList
+
+ # Find out all the non-loopback up interfaces. Use ip if available
+ # otherwise fall back to the ifconfig command.
+ # ifconfig is buggy on some platforms and truncates long
+ # network names
+ if [ -n "$ip_cmd" ]; then
+ for nic in $($ip_cmd link show up | egrep '\bUP\b' | awk -F: '{print $2}'); do
+ $ip_cmd link show ${nic%@*} | grep -iq 'link/ether' && echo ${nic%@*} >> $activeList
+ done
+ else
+ for nic in $($ifconfig_cmd | sed -n 's/^\([^: \t]*\).*$/\1/p'); do
+ intf_out=$($ifconfig_cmd $nic)
+ echo $intf_out | grep -iq loopback && continue
+ echo $intf_out | egrep -q '\bUP\b' && echo $nic >> $activeList
+ done
+ fi
+}
+
+
+#
+# rescue_NIC --
+#
+# For each NIC recorded in $activeList that is not currently "up", run
+# "ifup $nic" or "ip link set $nic up" to bring the interface up.
+#
+# Results:
+# All downed NICs should be active.
+#
+
+rescue_NIC()
+{
+ local rc=0
+ local intf_out
+
+ if [ -f "$activeList" ]; then
+ while read nic; do
+ if [ -n "$ip_cmd" ]; then
+ intf_out=$($ip_cmd link show $nic up)
+ else
+ intf_out=$($ifconfig_cmd $nic)
+ fi
+
+ if echo $intf_out | grep -q 'UP'; then
+ echo `date` "[rescue_nic] $nic is already active."
+ else
+ echo `date` "[rescue_nic] activating $nic ..."
+
+ # Our best effort to activate interfaces, use ifup if available
+ # otherwise use the ip command as fallback.
+ intf_ops "$ifup_cmd" up $nic
+ rc=$(expr $rc \| $?)
+ fi
+ done < $activeList
+
+ rm -f $activeList
+ fi
+
+ return $rc
+}
+
+
+#
+# TranquilizeNetworkManager --
+#
+# Put the NetworkManager daemon to sleep (maybe).
+#
+# See http://projects.gnome.org/NetworkManager/developers/spec.html .
+#
+# Results:
+# Sleep(true) request is sent to the NetworkManager D-Bus interface.
+#
+# Side effects:
+# None.
+#
+
+TranquilizeNetworkManager()
+{
+ # `which' may be a bit noisy, so we'll shush it.
+ dbusSend=`which dbus-send 2>/dev/null`
+ rc=$?
+ if [ $rc -ne 0 ]; then
+ return $rc
+ fi
+
+ # Check NetworkManager state before disabling it.
+ nm_state=`$dbusSend --system --print-reply \
+ --dest=org.freedesktop.NetworkManager \
+ /org/freedesktop/NetworkManager \
+ org.freedesktop.DBus.Properties.Get \
+ string:'org.freedesktop.NetworkManager' \
+ string:'State' \
+ | awk '/variant/ {print $3;}'`
+ if [ -z "$nm_state" ]; then
+ return 1
+ fi
+ # NetworkManager API 0.7/0.8 0.9
+ # NM_STATE_ASLEEP 1 10
+ # NM_STATE_DISCONNECTED 4 20
+ case $nm_state in
+ 1|4|10|20)
+ # Nothing needs to be done.
+ return 0
+ ;;
+ esac
+
+ # NetworkManager 0.8.0 and above
+ $dbusSend --system --print-reply \
+ --dest=org.freedesktop.NetworkManager \
+ /org/freedesktop/NetworkManager \
+ org.freedesktop.NetworkManager.Enable boolean:false
+ rc=$?
+ if [ $rc -eq 0 ]; then
+ return $rc
+ fi
+ # NetworkManager 0.7.0
+ $dbusSend --system --print-reply \
+ --dest=org.freedesktop.NetworkManager \
+ /org/freedesktop/NetworkManager \
+ org.freedesktop.NetworkManager.Sleep boolean:true
+ rc=$?
+ if [ $rc -eq 0 ]; then
+ return $rc
+ fi
+ # NetworkManager 0.6
+ $dbusSend --system --print-reply \
+ --dest=org.freedesktop.NetworkManager \
+ /org/freedesktop/NetworkManager \
+ org.freedesktop.NetworkManager.sleep
+ rc=$?
+
+ return $rc
+}
+
+
+#
+# WakeNetworkManager --
+#
+# Wake the NetworkManager daemon (maybe).
+#
+# See http://projects.gnome.org/NetworkManager/developers/spec.html .
+#
+# Results:
+# Sleep(false)request is sent to the NetworkManager D-Bus interface.
+#
+# Side effects:
+# None.
+#
+
+WakeNetworkManager()
+{
+ # `which' may be a bit noisy, so we'll shush it.
+ dbusSend=`which dbus-send 2>/dev/null`
+ rc=$?
+ if [ $rc = 0 ]; then
+ # NetworkManager 0.8.0
+ $dbusSend --system --print-reply \
+ --dest=org.freedesktop.NetworkManager \
+ /org/freedesktop/NetworkManager \
+ org.freedesktop.NetworkManager.Enable boolean:true
+ rc=$?
+ if [ $rc = 0 ]; then
+ return $rc
+ fi
+ # NetworkManager 0.7.0
+ $dbusSend --system --print-reply \
+ --dest=org.freedesktop.NetworkManager \
+ /org/freedesktop/NetworkManager \
+ org.freedesktop.NetworkManager.Sleep boolean:false
+ rc=$?
+ if [ $rc = 0 ]; then
+ return $rc
+ fi
+ # NetworkManager 0.6
+ $dbusSend --system --print-reply \
+ --dest=org.freedesktop.NetworkManager \
+ /org/freedesktop/NetworkManager \
+ org.freedesktop.NetworkManager.wake
+ rc=$?
+ fi
+ return $rc
+}
+
+
+#
+# sanity_check --
+#
+# Check if the script has all the commands it needs to carry out the
+# request. So far, it requires either ip or ifconfig command to read
+# interface configuration. Ifup is not checked here. It is checked at
+# the place where we need to do individual interface state change.
+#
+
+sanity_check()
+{
+ ip_cmd=$(which ip 2>/dev/null)
+ ifconfig_cmd=$(which ifconfig 2>/dev/null)
+ ifup_cmd=$(which ifup 2>/dev/null)
+ ifdown_cmd=$(which ifdown 2>/dev/null)
+
+ [ -z "$ifconfig_cmd" -a -z "$ip_cmd" ] && \
+ Panic "ip and ifconfig not in search path."
+}
+
+
+#
+# main --
+#
+# Main entry point. Perform some sanity checking, then map state change
+# events to relevant networking operations.
+#
+# Results:
+# See comment at top of file.
+#
+
+main() {
+ exitCode=0
+ activeList=/var/run/vmware-active-nics
+
+ case "$1" in
+ poweron-vm)
+ rm -f $activeList
+ ;;
+ suspend-vm)
+ TranquilizeNetworkManager
+ exitCode=$?
+ if [ $exitCode != 0 ]; then
+ sanity_check suspend-vm
+ save_active_NIC_list
+ run_network_script stop
+ exitCode=$?
+ fi
+ ;;
+ resume-vm)
+ WakeNetworkManager
+ exitCode=$?
+ if [ $exitCode != 0 ]; then
+ sanity_check resume-vm
+ # According to hfu, "/etc/init.d/networking restart" on Debian 5.0
+ # may bring down ethernet interfaces tagged as "allow-hotplug" without
+ # bringing them back up.
+ #
+ # This is especially a problem when reverting to a live, running
+ # VM snapshot where an active NIC list hadn't yet been generated,
+ # resulting in sudden loss of an otherwise operational NIC.
+ #
+ # So, if the active list doesn't exist, assume we're coming back to
+ # a live snapshot and capture the current active list now for
+ # rescue later.
+ if [ ! -s $activeList ]; then
+ save_active_NIC_list
+ fi
+
+ # We shall use start not restart here. Otherwise we may not be able
+ # to bring back active list on distros like sles11sp2
+ # -- PR 816791
+ run_network_script start
+ rescue_NIC
+ exitCode=$?
+ fi
+ ;;
+ *)
+ echo "No argument supplied."
+ ;;
+ esac
+
+ return $exitCode
+}
+
+main "$@"
+echo `date` ": Finished '$0 $*'"
--- /dev/null
+#!/bin/sh
+##########################################################
+# Copyright (C) 2010-2016 VMware, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation version 2.1 and no later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+##########################################################
+
+##########################################################################
+# DO NOT modify this file directly as it will be overwritten the next
+# time the VMware Tools are installed.
+##########################################################################
+
+
+#
+# Panic --
+#
+# Write a formatted error message to stderr and exit.
+#
+# Results:
+# Stderr is spammed, program exits with exit code 1.
+#
+# Side effects:
+# None.
+#
+
+Panic() {
+ fmt="`date '+%b %d %H:%M:%S'` `basename \"$0\"`"
+ if [ -n "$1" ]; then
+ fmt="${fmt}: $1"
+ shift
+ fi
+
+ printf >&2 "${fmt}\n" "$@"
+ exit 1
+}
--- /dev/null
+#!/bin/sh
+##########################################################
+# Copyright (C) 2010-2016 VMware, Inc. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation version 2.1 and no later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the Lesser GNU General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+##########################################################
+
+##########################################################################
+# DO NOT modify this file directly as it will be overwritten the next
+# time the VMware Tools are installed.
+##########################################################################
+
+#
+# statechange.sh
+#
+# This script is a refactored version of the legacy power scripts (e.g.,
+# poweron-vm-default). It expects to be installed in their places --
+# in other words, `basename "$0"` might be poweron-vm-default.
+#
+# Handy reference/shorthand used in this doc/scripts:
+# TOOLS_CONFDIR ::= Depends on platform and installation settings. Likely
+# "/etc/vmware-tools" or
+# "/Library/Application Support/VMware Tools"
+# powerOp ::= One of "poweron-vm", "poweroff-vm", "suspend-vm", and
+# "resume-vm".
+# vmwScriptDir ::= $TOOLS_CONFDIR/scripts/vmware
+# userScriptDir ::= $TOOLS_CONFDIR/scripts/${powerOp}-default.d
+#
+# End users may install scripts of their own under $userScriptDir. They
+# are executed in alphabetical order with "$powerOp" as the only argument.
+#
+# NB: This directory layout remains to preserve backwards compatibility. End
+# users are free to write a single script which uses its only parameter
+# (${powerOp}) as a discriminator, and then install symlinks to it in each
+# of the ${powerOp}-default.d directories.
+#
+# On power-on and resume, VMware's scripts execute before the end user's. On
+# suspend and power-off, the end user's execute before VMware's. (This way,
+# VMware stops services only after the user's scripts have finished their
+# work, and conversely restores the same services before the user's scripts
+# attempt to use them.)
+#
+# Should any script exit non-zero, only its value will be saved to exitCode.
+# (Any further non-zero exits will have no effect on exitCode.) This script
+# exits with $exitCode.
+#
+# XXX Consider using the available/enabled pattern for VMware's scripts.
+#
+# XXX This should be staged as a single executable whereby the desired
+# power operation is passed in as a parameter. (I.e., one would run
+# "/path/to/statechange.sh suspend-vm" rather than having to install
+# statechange.sh as suspend-vm-default.)
+#
+
+echo `date` ": Executing '$0'"
+
+# See above.
+TOOLS_CONFDIR=`dirname "$0"`
+export TOOLS_CONFDIR
+
+# Pull in subroutines like Panic.
+. "$TOOLS_CONFDIR"/statechange.subr
+
+
+#
+# RunScripts --
+#
+# Executes scripts installed under $scriptDir.
+#
+# Side effects:
+# exitCode may be incremented.
+#
+
+RunScripts() {
+ scriptDir="$1"
+
+ if [ -d "$scriptDir" ]; then
+ for scriptFile in "$scriptDir"/*; do
+ if [ -x "$scriptFile" ]; then
+ "$scriptFile" $powerOp
+ exitCode=`expr $exitCode \| $?`
+ fi
+ done
+ fi
+}
+
+
+#
+# main --
+#
+# Entry point. See comments at top of file for details.
+#
+# Results:
+# Exits with $exitCode.
+#
+
+main() {
+ # This is sanity checked in the case/esac bit below.
+ powerOp=`basename "$0" | sed 's,-default,,'`
+ exitCode=0
+
+ vmwScriptDir="$TOOLS_CONFDIR/scripts/vmware"
+ userScriptDir="$TOOLS_CONFDIR/scripts/${powerOp}-default.d"
+
+ case "$powerOp" in
+ poweron-vm|resume-vm)
+ RunScripts "$vmwScriptDir"
+ RunScripts "$userScriptDir"
+ ;;
+ poweroff-vm|suspend-vm)
+ RunScripts "$userScriptDir"
+ RunScripts "$vmwScriptDir"
+ ;;
+ *)
+ Panic "Invalid argument: $powerOp"
+ ;;
+ esac
+
+ return $exitCode
+}
+
+main
--- /dev/null
+[logging]
+# Turns on logging globally. It can still be disabled for each domain.
+# log = true
+
+# Disables core dumps on fatal errors; they're enabled by default.
+# enableCoreDump = false
+
+# Defines the "vmsvc" domain, logging to file
+# vmsvc.level = message
+vmsvc.handler = file
+# Setup file rotation - keep 3 files
+vmsvc.maxOldLogFiles = 3
+# Max log file size kept: 1 MB
+vmsvc.maxLogSize = 1
+
+# Defines the "vmtoolsd" domain, and disable logging for it.
+# vmtoolsd.level = none
--- /dev/null
+# Copyright (c) 2019-2021 VMware, Inc. All rights reserved.
+
+# "CAUTION: tools.conf is highly syntax sensitive file. Use extreme caution
+# while editing it. If modified, it is automatically re-loaded by
+# VMware Tools services every 5 seconds."
+#
+# Lines must not end with trailing white space.
+
+[unsetenvironment]
+# Defines environment variables to be removed from the service reading
+# the configuration file. Supported formats are:
+#
+# 1. <variableName>=
+# 2. <serviceName>.<variableName>=
+#
+# Where <serviceName> refers to the 'vmsvc' and 'vmusr',
+# <variableName> refers to the name of the environment
+# variable to be removed. '=' sign after <variableName>
+# is mandatory to maintain the configuration file syntax.
+# However, anything after '=' is ignored.
+#
+# Case-sensitive behavior is defined by the operating system.
+#
+# Note: unsetenvironment group is processed before setenvironment group.
+# As the service environment is setup at start up time, any changes
+# in this group require service to be restarted in order to take effect.
+#
+# Unsetting PATH for all services:
+# PATH=
+#
+# Unsetting PATH for vmsvc only:
+# vmsvc.PATH=
+#
+# Unsetting PATH for vmusr only:
+# vmusr.PATH=
+
+[setenvironment]
+# Defines environment variables to be set for the service reading
+# the configuration file. Supported formats are:
+#
+# 1. <variableName>=<variableValue>
+# 2. <serviceName>.<variableName>=<variableValue>
+#
+# Where <serviceName> refers to the 'vmsvc' and 'vmusr',
+# <variableName> refers to the name of the environment
+# variable to be set, and <variableValue> refers to the
+# value to be assigned to the environment variable.
+#
+# Case-sensitive behavior is defined by the operating system.
+#
+# Note: setenvironment group is processed after unsetenvironment group.
+# As the service environment is setup at start up time, any changes
+# in this group require service to be restarted in order to take effect.
+#
+# Setting TMPDIR for all services:
+# TMPDIR=/vmware/temp
+#
+# Setting TMPDIR for vmsvc only:
+# vmsvc.TMPDIR=/vmware/vmsvc/temp
+#
+# Setting TMPDIR for vmusr only:
+# vmusr.TMPDIR=/vmware/vmusr/temp
+
+[logging]
+# set to false to disable logging
+#log = true
+
+# Log destinations for various services
+# By default, logs go to
+# %windir%/temp/vmware-<servicename>.log
+# for Windows, and
+# /var/log/vmware-<servicename>-<username>.log
+# for Linux, MacOS and Solaris.
+
+# Possible values for handler are:
+# file: logs to a file. Set *.data to the file name
+# file+: same as 'file', but appends to the file
+# All file paths used in *.data value need to be in Unix
+# format (forward slashes) and in utf-8, for all operating
+# systems.
+# vmx: logs to the host (ESXi, Workstation, Fusion)
+# std: Logs to stdout for level >= 'message',
+# and to stderr for more severe than 'message'.
+# syslog: logs to syslog
+# outputdebugstring: uses OutputDebugString (Windows only)
+
+# If handler is 'syslog' and the OS is Linux, the facility
+# can be set with <domain>.facility. The facility value can be one of
+# 'local0'..'local7', 'daemon' or 'user'. The default is 'user'.
+#vmtoolsd.facility = user
+
+# possible values for level are:
+# debug, info, message, warning, critical, error
+# Note that "debug" level logs generate huge amounts of logs and may also
+# include sensitive data required for diagnosis. Therefore, this level should
+# be used only for the duration of diagnosis of an issue and reverted back to
+# default setting post diagnosis.
+
+# Enable tools service logging to a file.
+#vmtoolsd.level = debug
+#vmtoolsd.handler = file
+#vmtoolsd.data = c:/tmp/vmtoolsd-${USER}.log
+
+# Enable 'vmsvc' service logging to a file.
+#vmsvc.level = debug
+#vmsvc.handler = file
+#vmsvc.data = c:/tmp/vmsvc.log
+
+# Enable VMwareResolutionSet.exe logging to a file.
+# Comment this for Linux guest, sometimes vmusr logs are not generated due
+# to this being uncommented
+#vmresset.level = debug
+#vmresset.handler = file+
+#vmresset.data = c:/tmp/vmresset.log
+
+# Enable new "vmusr" service logging to a file.
+#vmusr.level = debug
+#vmusr.handler = file
+#vmusr.data = c:/tmp/vmusr.${USER}.log
+
+# Set the following configuration if you want to collect the logs for
+# vmware-toolbox-cmd utility
+#toolboxcmd.level = debug
+#toolboxcmd.handler = file
+#toolboxcmd.data = c:/tmp/vmtoolboxcmd-${USER}.log
+
+# With no explicit logging configuration for deployPkg, its default log path in
+# Linux is /var/log/vmware-imc/toolsDeployPkg.log, and in Windows is
+# %WINDIR%/Temp/vmware-imc/toolsDeployPkg.log
+# Set the following configuration if you want to redirect the deployPkg log to
+# any existing location other than the default.
+#deployPkg.level = debug
+#deployPkg.handler = file
+#deployPkg.data = c:/tmp/toolsDeployPkg-${USER}.log
+
+# Redirecting the deployPkg log to the vmx log file. Please note that
+# "log = true" and the vmsvc log handler setting to vmx are also neccessary
+# if you want to redirect the deployPkg log to vmx.
+#log = true
+#vmsvc.level = debug
+#vmsvc.handler = vmx
+#deployPkg.level = debug
+#deployPkg.handler = vmx
+
+# Enable old VMwareUser/vmware-user logging to file.
+#log.file = c:/tmp/vmtools.log
+
+# Enable "hgfsServer" request handling logging to the appropriate service file.
+#hgfsServer.level = debug
+
+# Enable "hgfs" manager and transport logging to the appropriate service file.
+#hgfsd.level = debug
+
+#vmbackup.level = debug
+#vmbackup.handler = vmx
+
+#vmvss.level = debug
+#vmvss.handler = vmx
+
+# Default 4096, 0=> disable log caching
+#maxCacheEntries=4096
+
+[powerops]
+# Custom scripts for power operations
+# This can be an absolute path, or a path relative to the tools
+# install path (/etc/vmware-tools/ for Linux).
+# For more information on configuring and querying custom scripts with
+# VMware Tools, see the "Use Custom VMware Tools Scripts" section of the
+# "VMware Tools Configuration Utility User's Guide".
+
+# Runs when the virtual machine is being powered on rather than resumed.
+# Also runs after virtual machine restarts.
+# The default script has no effect on networking for the virtual machine.
+#poweron-script=poweron-vm-default
+
+# Runs when the virtual machine is being powered off or reset.
+# The default script has no effect on networking for the virtual machine.
+#poweroff-script=poweroff-vm-default
+
+# Runs when the virtual machine is resumed after it was suspended.
+# On Windows guest operating systems, if the virtual machine is configured to
+# use DHCP, the default script renews the IP address of the virtual machine.
+# On Linux, Mac OS X, Solaris, and FreeBSD guest operating systems,
+# this script starts networking for the virtual machine.
+#resume-script=resume-vm-default
+
+# Runs when the virtual machine is being suspended.
+# On Windows guest operating systems, if the virtual machine is configured
+# to use DHCP, the default script releases the IP address of the virtual
+# machine.
+# On Linux, Mac OS X, Solaris, and FreeBSD, this script stops networking for
+# the virtual machine.
+#suspend-script=suspend-vm-default
+
+[guestinfo]
+
+# Set to true to disable the perf monitor.
+#disable-perf-mon=false
+
+# Set to true to disable DiskInfo.
+#disable-query-diskinfo=false
+
+# User-defined poll interval in seconds. Set to 0 to disable polling.
+#poll-interval=30
+
+# User-defined stats interval in seconds. Set to 0 to disable stats collection.
+#stats-interval=20
+
+# Whether stat results should be written to the log.
+#enable-stat-logging=false
+
+# Set a comma separated list of network interface names that can be the
+# primary ones. These will be sorted to the top. Interface names can use
+# wildcards like '*' and '?'. Default is no value.
+#primary-nics=
+
+# Set a comma separated list of network interface names that have low priority
+# (so they will be sorted to the end). Interface names can use wildcards like
+# '*' and '?'. Default is no value.
+#low-priority-nics=
+
+# Set a comma separated list of network interface names that shall be ignored.
+# Interface names can use wildcards like '*' and '?'.
+# Default for Linux and all non-Windows:
+#exclude-nics=veth*,docker*,virbr*
+# Default for Windows:
+#exclude-nics=vEthernet*
+
+# max umber of IPv4 routes to gather.
+#max-ipv4-routes=100
+
+# max umber of IPv6 routes to gather.
+#max-ipv6-routes=100
+
+# whether to include reserved space in diskInfo space metrics on Linux
+#diskinfo-include-reserved=false
+
+[appinfo]
+
+# This plugin collects info about running applications in guest OS.
+
+# Set to true to disable the appinfo plugin.
+#disabled=false
+
+# User-defined poll interval in seconds. Set to 0 to disable the plugin.
+#poll-interval=21600
+
+# For Windows guest, set to true to use WMI for getting the application
+# version info, otherwise native Win32 API is used.
+#useWMI=false
+
+[servicediscovery]
+
+# This plugin provides admins with additional info for better VM management.
+
+# Set to true to disable the servicediscovery plugin.
+#disabled=false
+
+[unity]
+#
+# Unity is available for Windows only.
+#
+
+# Set to true to override system decisions about whether unity should be available.
+#forceEnable=false
+
+# Override the desktop background color when in Unity mode.
+#desktop.backgroundColor=
+
+# The socket type can be 'ipsocket' or 'vsocket':
+#pbrpc.socketType
+
+[resolutionKMS]
+
+# Default is true if tools finds an xf86-video-vmware driver with
+# version >= 13.2.0. If you don't have X installed, set this to true manually.
+# This only affects tools for Linux.
+#enable=true
+
+[guestosinfo]
+
+# Override the short OS name sent by tools.
+#short-name=
+
+# Override the long OS name sent by tools.
+#long-name=
+
+[vmbackup]
+
+# enableSyncDriver is Linux only.
+#enableSyncDriver=true
+
+# enableVSS is Windows only.
+#enableVSS=true
+
+# vss.disableAppQuiescing is Windows only.
+# This setting can be used to force file system quiescing on Windows systems
+# having problems with application quiescing.
+# See https://kb.vmware.com/s/article/2146204
+#vss.disableAppQuiescing=false
+
+# Linux:
+# The value of excludedFileSystems is a comma-separated list of glob-style
+# patterns specifying the file system mount points to be excluded from
+# quiescing operation. The patterns may use '*' (wildcard) to represent
+# any string of characters and '?' (joker) to represent any single character.
+# The characters represented by the patterns '*' and '?' may include any
+# characters, including '/'.
+#
+# Windows:
+# The value of excludedFileSystems is a comma-separated list of mount points
+# specifying the volumes to be excluded from quiesced snapshots.
+# Each mount point must be a full path separated and ended with "\\".
+# For example, to exclude volumes with drive letter 'E' or mount point
+# "F:\mount\", use:
+# excludedFileSystems=E:\\,F:\\mount\\
+# This setting is ignored when application quiescing is used.
+
+#excludedFileSystems=
+
+# execScripts specifies whether to execute scripts as part of the quiescing
+# operation. Scripts are executed from the scripts directory along with the
+# legacy scripts.
+#
+# Scripts directory:
+# Linux: /etc/vmware-tools/backupScripts.d
+# Windows: <Install-Path>\backupScripts.d
+#
+# Legacy scripts:
+# Linux: /usr/sbin/pre-freeze-script and /usr/sbin/post-thaw-script
+# Windows: C:\windows\pre-freeze-script.bat and C:\windows\post-thaw-script.bat
+#
+# On each quiescing operation, scripts are invoked before quiescing and
+# either after a quiescing failure or after thawing.
+# The first argument passed to each script is
+# "freeze", when invoked before quiescing;
+# "freezefail", when invoked after a quiescing failure; or
+# "thaw", when invoked after thawing.
+# When invoked before quiescing, scripts from the directory are invoked in
+# alphabetically ascending order; when invoked following a quiescing failure
+# or thawing, they are invoked in the reverse order. Any subdirectories are
+# ignored.
+# Note that the legacy pre-freeze-script is invoked only before quiescing as
+# the first script and post-thaw-script is invoked after a quiescing failure
+# as well as after thawing as the last script.
+
+#execScripts=true
+
+# Additional argument to be passed to scripts
+#scriptArg=
+
+[guestoperations]
+
+# to disable all guest ops
+#disabled=false
+
+# Whether to use vgauth for guest op authentication
+#useVGAuth=true
+
+[autoupgrade]
+
+# The autoupgrade plugin is only available for Windows.
+
+# The "allow-upgrade" option controls whether automatic upgrades (or reinstalls)
+# are allowed. The two options "allow-add-feature" and "allow-remove-feature"
+# control whether adding or removing a feature will be allowed. The two latter
+# ones only affect Windows tools.
+
+#allow-upgrade=true
+#allow-add-feature=true
+#allow-remove-feature=true
+
+[deployPkg]
+
+# to disable guest customization
+#enable-customization=false
+
+[cbhelper]
+
+# The carbonblack helper plugin is only available for Windows.
+
+# User-defined poll interval in seconds. Set to 0 to disable polling.
+#poll-interval=60
+
+[gueststoreupgrade]
+
+# The guestStoreUpgrade plugin is only available for Windows.
+
+# The policy value is one of the settings listed below.
+# off = no VMware Tools upgrade from GuestStore. Feature is
+# disabled.
+# manual = (Default) VMware Tools upgrade from GuestStore is
+# manually started.
+# powercycle = VMware Tools upgrade from GuestStore on system
+# power on.
+
+#policy=manual
+
+# Time interval for periodically checking available VMware Tools package
+# version in the GuestStore.
+# User-defined poll interval in seconds. Set to 0 to disable polling.
+# Minimum valid value is 900 seconds (15 minutes)
+# Default value is 3600 seconds (60 minutes)
+#poll-interval=3600
+
+# VMware Tools package version metadata key to specify a VMware Tools
+# package version in the GuestStore.
+# User-defined key for VMware Tools package version.
+# Default value is "vmtools" which points to the latest version of
+# VMware Tools package in the GuestStore.
+#vmtools-version-key=vmtools
+
+[devicehelper]
+
+# The deviceHelper plugin is only available for Windows.
+
+# Set to true to disable the deviceHelper plugin.
+#disabled=false
--- /dev/null
+[service]
+samlSchemaDir = /etc/vmware-tools/vgauth/schemas
+
+[localization]
+msgCatalog = /usr/share/open-vm-tools
--- /dev/null
+<?xml version='1.0'?>
+<!DOCTYPE schema PUBLIC "-//W3C//DTD XMLSCHEMA 200102//EN" "XMLSchema.dtd" [
+<!ENTITY % s ''>
+<!ENTITY % p ''>
+<!-- keep this XML 1.0 correct -->
+<!ATTLIST schema xmlns:hfp CDATA #IMPLIED
+ xmlns:xhtml CDATA #IMPLIED
+ xmlns:xsi CDATA #IMPLIED
+ xsi:schemaLocation CDATA #IMPLIED>
+<!ELEMENT xhtml:p ANY>
+<!ELEMENT xhtml:em ANY>
+]>
+<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.w3.org/2001/XMLSchema-hasFacetAndProperty" xmlns:hfp="http://www.w3.org/2001/XMLSchema-hasFacetAndProperty" xmlns:xhtml="http://www.w3.org/1999/xhtml"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.w3.org/1999/xhtml http://www.w3.org/1999/xhtml.xsd">
+
+ <annotation>
+ <documentation>
+ <xhtml:p> This schema defines 2 elements for use in the
+appinfo portion section of (potentially) all builtin datatypes in the schema
+for XML Schema Part 2: Datatypes. </xhtml:p>
+ <xhtml:p> One intended use of
+this appinfo is in the generation of the HTML version of the XML Schema Part 2:
+Datatypes specification itself. All portions of the HTML text which describe
+the facets and/or properties of each datatype is generated by an XSLT
+transformation which keys off of this appinfo. </xhtml:p>
+ <xhtml:p> Schema
+processors may have another use for this appinfo (although one certainly not
+required in any way by the specification). The information may be useful in
+dynamically building validation modules/classes and/or user-interfaces for
+schema creation. </xhtml:p>
+ </documentation>
+ </annotation>
+
+ <element name="hasFacet">
+ <annotation>
+ <documentation>
+ <xhtml:p>
+ hasFacet is used to signal that the contraining facet
+ given in the name attribute is applicable to a primitive
+ datatype (and all types derived from it).
+</xhtml:p>
+ <xhtml:p>
+ Note: this element will only appear in the appinfo of
+ primitive types or built-in types derived by "list".
+ </xhtml:p>
+ <xhtml:p>
+ A schema processor (or the XSLT which generates the
+ HTML version of the XML Schema Part 2: Datatypes
+ specification) which reads a derived simpleType
+ definition should walk up the base type chain until
+ it reaches the primitive type at the top of the chain
+ and "push" all facets found their down to all derived
+ types in the chain.
+ </xhtml:p>
+ </documentation>
+ </annotation>
+ <complexType>
+ <attribute name="name" use="required">
+ <simpleType>
+ <annotation>
+ <documentation>
+ <xhtml:p>
+ This datatype names all existing contraining facets.
+</xhtml:p>
+ <xhtml:p>
+ Question: should each of the enumerations below be
+ given a documentation annotation, which would contain
+ the text to be used in the definition of the facet
+ in the XML Schema Part 2: Datatypes specification?
+ Might be nice to try to collect all of that information
+ together here.
+ </xhtml:p>
+ </documentation>
+ </annotation>
+ <restriction base="NMTOKEN">
+ <enumeration value="length"/>
+ <enumeration value="minLength"/>
+ <enumeration value="maxLength"/>
+ <enumeration value="pattern"/>
+ <enumeration value="enumeration"/>
+ <enumeration value="maxInclusive"/>
+ <enumeration value="maxExclusive"/>
+ <enumeration value="minInclusive"/>
+ <enumeration value="minExclusive"/>
+ <enumeration value="totalDigits"/>
+ <enumeration value="fractionDigits"/>
+ <enumeration value="whiteSpace"/>
+ <enumeration value="maxScale"/>
+ <enumeration value="minScale"/>
+ </restriction>
+ </simpleType>
+ </attribute>
+ </complexType>
+ </element>
+
+ <element name="hasProperty">
+ <annotation>
+ <documentation>
+ <xhtml:p> hasProperty is used to signal that the property
+given in the name attribute has the value given in the value attribute for the
+datatype in which it occurs (and all types derived from it, which do not
+override the value of the property). </xhtml:p>
+ <xhtml:p> Note: this element
+may appear in the appinfo of primitive and built-in derived types. </xhtml:p>
+ <xhtml:p> A schema processor (or the XSLT which generates the HTML version of
+the XML Schema Part 2: Datatypes specification) which reads a simpleType
+definition should gather the information from any occurances of hasProperty in
+that simpleType definition, and then walk up the base type chain gathering
+information from any occurances of hasProperty (unless a value was given to the
+name in a dervied type) until either it reaches the primitive type at the top
+of the chain or it has gathered values for all existing properties. </xhtml:p>
+ </documentation>
+ </annotation>
+ <complexType>
+ <attribute name="name" use="required">
+ <simpleType>
+ <annotation>
+ <documentation>
+ <xhtml:p> This datatype names all existing fundamental
+facets, otherwise known as properties (with the exception of
+<xhtml:em>equality</xhtml:em>, a property which has no
+<xhtml:em>value</xhtml:em>). </xhtml:p>
+ <xhtml:p> Question: should each of
+the enumerations below be given a documentation annotation, which would contain
+the text to be used in the definition of the properties in the XML Schema Part
+2: Datatypes specification? Might be nice to try to collect all of that
+information together here. </xhtml:p>
+ </documentation>
+ </annotation>
+ <restriction base="NMTOKEN">
+ <enumeration value="ordered"/>
+ <enumeration value="bounded"/>
+ <enumeration value="cardinality"/>
+ <enumeration value="numeric"/>
+ </restriction>
+ </simpleType>
+ </attribute>
+ <attribute name="value" type="normalizedString" use="required"/>
+ </complexType>
+ </element>
+</schema>
--- /dev/null
+<?xml version='1.0'?>
+<!DOCTYPE xs:schema SYSTEM "XMLSchema.dtd" [
+<!ELEMENT p ANY>
+<!ELEMENT a ANY>
+<!ATTLIST a href CDATA #IMPLIED>
+<!ELEMENT hr ANY>
+<!ELEMENT h1 ANY>
+<!ELEMENT br ANY>
+]>
+<xs:schema targetNamespace="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="http://www.w3.org/1999/xhtml">
+ <xs:annotation>
+ <xs:documentation>
+ <h1>XML Schema instance namespace</h1>
+ <p>See <a href="http://www.w3.org/TR/xmlschema-1/">the XML Schema
+ Recommendation</a> for an introduction</p>
+
+
+ <hr />
+ $Date: 2001/03/16 20:25:57 $<br />
+ $Id: XMLSchema-instance.xsd,v 1.4 2001/03/16 20:25:57 ht Exp $
+ </xs:documentation>
+ </xs:annotation>
+ <xs:annotation>
+ <xs:documentation><p>This schema should never be used as such:
+ <a href="http://www.w3.org/TR/xmlschema-1/#no-xsi">the XML
+ Schema Recommendation</a> forbids the declaration of
+ attributes in this namespace</p>
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="nil"/>
+ <xs:attribute name="type"/>
+ <xs:attribute name="schemaLocation"/>
+ <xs:attribute name="noNamespaceSchemaLocation"/>
+</xs:schema>
--- /dev/null
+<!-- DTD for XML Schemas: Part 1: Structures
+ Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+ Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
+<!-- prose copy in the structures REC is the definitive version --> <!--d-->
+<!-- (which shouldn't differ from this one except for this --> <!--d-->
+<!-- comment and entity expansions, but just in case) --> <!--d-->
+<!-- With the exception of cases with multiple namespace
+ prefixes for the XML Schema namespace, any XML document which is
+ not valid per this DTD given redefinitions in its internal subset of the
+ 'p' and 's' parameter entities below appropriate to its namespace
+ declaration of the XML Schema namespace is almost certainly not
+ a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+ are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+ schema document to establish a different
+ namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+ also define %s as the suffix for the appropriate
+ namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+ Define one of these if your schema takes advantage of the
+ anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+ <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+ <!-- #all or space-separated list drawn from
+ derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+ which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+ ((%simpleType; | %complexType;
+ | %element; | %attribute;
+ | %attributeGroup; | %group;
+ | %notation; ),
+ (%annotation;)*)* )>
+<!ATTLIST %schema;
+ targetNamespace %URIref; #IMPLIED
+ version CDATA #IMPLIED
+ %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
+ xmlns CDATA #IMPLIED
+ finalDefault %complexDerivationSet; ''
+ blockDefault %blockSet; ''
+ id ID #IMPLIED
+ elementFormDefault %formValues; 'unqualified'
+ attributeFormDefault %formValues; 'unqualified'
+ xml:lang CDATA #IMPLIED
+ %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+ because at the Infoset level where schemas operate,
+ xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+
+<!-- The id attribute here and below is for use in external references
+ from non-schemas using simple fragment identifiers.
+ It is NOT used for schema-to-schema reference, internal or
+ external. -->
+
+<!-- a type is a named content type specification which allows attribute
+ declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+ (%simpleContent;|%complexContent;|
+ %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %complexDerivationSet; #IMPLIED
+ mixed (true|false) 'false'
+ %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+ has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+ and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+ mixed (true|false) #IMPLIED
+ id ID #IMPLIED
+ %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+ one from part2; extension should use the full model -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+ id ID #IMPLIED
+ %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the
+ one defined above; extension should have no particle -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+ base %QName; #REQUIRED
+ id ID #IMPLIED
+ %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+ (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ nillable %boolean; #IMPLIED
+ substitutionGroup %QName; #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %blockSet; #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+ substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group;
+ name %NCName; #IMPLIED
+ ref %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+ minOccurs (1) #IMPLIED
+ maxOccurs (1) #IMPLIED
+ id ID #IMPLIED
+ %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+ a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+ If order is 'all' THIS group must be alone (or referenced alone) at
+ the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ minOccurs %nonNegativeInteger; '1'
+ maxOccurs CDATA '1'
+ id ID #IMPLIED
+ %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+ ##any - - any non-conflicting WFXML at all
+
+ ##other - - any non-conflicting WFXML from namespace other
+ than targetNamespace
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+ one or - - any non-conflicting WFXML from
+ more URI the listed namespaces
+ references
+
+ ##targetNamespace ##local may appear in the above list,
+ with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ id ID #IMPLIED
+ %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ use (prohibited|optional|required) #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+ reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+ (%attribute; | %attributeGroup;)*,
+ (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name. ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %uniqueAttrs;>
+
+<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+ name %NCName; #REQUIRED
+ refer %QName; #REQUIRED
+ id ID #IMPLIED
+ %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+ namespace %URIref; #IMPLIED
+ schemaLocation %URIref; #IMPLIED
+ id ID #IMPLIED
+ %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+ %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ public CDATA #REQUIRED
+ system %URIref; #IMPLIED
+ %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+ as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+ to work -->
+<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
+<!ATTLIST %appinfo;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ %appinfoAttrs;>
+<!ELEMENT %documentation; ANY> <!-- too restrictive -->
+<!ATTLIST %documentation;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ xml:lang CDATA #IMPLIED
+ %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+ 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+ 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- XML Schema schema for XML Schemas: Part 1: Structures -->
+<!-- Note this schema is NOT the normative structures schema. -->
+<!-- The prose copy in the structures REC is the normative -->
+<!-- version (which shouldn't differ from this one except for -->
+<!-- this comment and entity expansions, but just in case -->
+<!DOCTYPE xs:schema PUBLIC "-//W3C//DTD XMLSCHEMA 200102//EN" "XMLSchema.dtd" [
+
+<!-- provide ID type information even for parsers which only read the
+ internal subset -->
+<!ATTLIST xs:schema id ID #IMPLIED>
+<!ATTLIST xs:complexType id ID #IMPLIED>
+<!ATTLIST xs:complexContent id ID #IMPLIED>
+<!ATTLIST xs:simpleContent id ID #IMPLIED>
+<!ATTLIST xs:extension id ID #IMPLIED>
+<!ATTLIST xs:element id ID #IMPLIED>
+<!ATTLIST xs:group id ID #IMPLIED>
+<!ATTLIST xs:all id ID #IMPLIED>
+<!ATTLIST xs:choice id ID #IMPLIED>
+<!ATTLIST xs:sequence id ID #IMPLIED>
+<!ATTLIST xs:any id ID #IMPLIED>
+<!ATTLIST xs:anyAttribute id ID #IMPLIED>
+<!ATTLIST xs:attribute id ID #IMPLIED>
+<!ATTLIST xs:attributeGroup id ID #IMPLIED>
+<!ATTLIST xs:unique id ID #IMPLIED>
+<!ATTLIST xs:key id ID #IMPLIED>
+<!ATTLIST xs:keyref id ID #IMPLIED>
+<!ATTLIST xs:selector id ID #IMPLIED>
+<!ATTLIST xs:field id ID #IMPLIED>
+<!ATTLIST xs:include id ID #IMPLIED>
+<!ATTLIST xs:import id ID #IMPLIED>
+<!ATTLIST xs:redefine id ID #IMPLIED>
+<!ATTLIST xs:notation id ID #IMPLIED>
+<!--
+ keep this schema XML1.0 DTD valid
+ -->
+ <!ENTITY % schemaAttrs 'xmlns:hfp CDATA #IMPLIED'>
+
+ <!ELEMENT hfp:hasFacet EMPTY>
+ <!ATTLIST hfp:hasFacet
+ name NMTOKEN #REQUIRED>
+
+ <!ELEMENT hfp:hasProperty EMPTY>
+ <!ATTLIST hfp:hasProperty
+ name NMTOKEN #REQUIRED
+ value CDATA #REQUIRED>
+<!--
+ Make sure that processors that do not read the external
+ subset will know about the various IDs we declare
+ -->
+ <!ATTLIST xs:simpleType id ID #IMPLIED>
+ <!ATTLIST xs:maxExclusive id ID #IMPLIED>
+ <!ATTLIST xs:minExclusive id ID #IMPLIED>
+ <!ATTLIST xs:maxInclusive id ID #IMPLIED>
+ <!ATTLIST xs:minInclusive id ID #IMPLIED>
+ <!ATTLIST xs:totalDigits id ID #IMPLIED>
+ <!ATTLIST xs:fractionDigits id ID #IMPLIED>
+ <!ATTLIST xs:length id ID #IMPLIED>
+ <!ATTLIST xs:minLength id ID #IMPLIED>
+ <!ATTLIST xs:maxLength id ID #IMPLIED>
+ <!ATTLIST xs:enumeration id ID #IMPLIED>
+ <!ATTLIST xs:pattern id ID #IMPLIED>
+ <!ATTLIST xs:appinfo id ID #IMPLIED>
+ <!ATTLIST xs:documentation id ID #IMPLIED>
+ <!ATTLIST xs:list id ID #IMPLIED>
+ <!ATTLIST xs:union id ID #IMPLIED>
+ ]>
+<xs:schema targetNamespace="http://www.w3.org/2001/XMLSchema" blockDefault="#all" elementFormDefault="qualified" version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="EN" xmlns:hfp="http://www.w3.org/2001/XMLSchema-hasFacetAndProperty">
+ <xs:annotation>
+ <xs:documentation>
+ Part 1 version: Id: structures.xsd,v 1.2 2004/01/15 11:34:25 ht Exp
+ Part 2 version: Id: datatypes.xsd,v 1.3 2004/01/23 18:11:13 ht Exp
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/2004/PER-xmlschema-1-20040318/structures.html">
+ The schema corresponding to this document is normative,
+ with respect to the syntactic constraints it expresses in the
+ XML Schema language. The documentation (within <documentation> elements)
+ below, is not normative, but rather highlights important aspects of
+ the W3C Recommendation of which this is a part</xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>
+ The simpleType element and all of its members are defined
+ towards the end of this schema document</xs:documentation>
+ </xs:annotation>
+
+ <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd">
+ <xs:annotation>
+ <xs:documentation>
+ Get access to the xml: attribute groups for xml:lang
+ as declared on 'schema' and 'documentation' below
+ </xs:documentation>
+ </xs:annotation>
+ </xs:import>
+
+ <xs:complexType name="openAttrs">
+ <xs:annotation>
+ <xs:documentation>
+ This type is extended by almost all schema types
+ to allow attributes from other namespaces to be
+ added to user schemas.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:restriction base="xs:anyType">
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="annotated">
+ <xs:annotation>
+ <xs:documentation>
+ This type is extended by all types which allow annotation
+ other than <schema> itself
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="xs:openAttrs">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="id" type="xs:ID"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:group name="schemaTop">
+ <xs:annotation>
+ <xs:documentation>
+ This group is for the
+ elements which occur freely at the top level of schemas.
+ All of their types are based on the "annotated" type by extension.</xs:documentation>
+ </xs:annotation>
+ <xs:choice>
+ <xs:group ref="xs:redefinable"/>
+ <xs:element ref="xs:element"/>
+ <xs:element ref="xs:attribute"/>
+ <xs:element ref="xs:notation"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:group name="redefinable">
+ <xs:annotation>
+ <xs:documentation>
+ This group is for the
+ elements which can self-redefine (see <redefine> below).</xs:documentation>
+ </xs:annotation>
+ <xs:choice>
+ <xs:element ref="xs:simpleType"/>
+ <xs:element ref="xs:complexType"/>
+ <xs:element ref="xs:group"/>
+ <xs:element ref="xs:attributeGroup"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:simpleType name="formChoice">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="qualified"/>
+ <xs:enumeration value="unqualified"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="reducedDerivationControl">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:derivationControl">
+ <xs:enumeration value="extension"/>
+ <xs:enumeration value="restriction"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="derivationSet">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ <xs:documentation>
+ #all or (possibly empty) subset of {extension, restriction}</xs:documentation>
+ </xs:annotation>
+ <xs:union>
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="#all"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType>
+ <xs:list itemType="xs:reducedDerivationControl"/>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+
+ <xs:simpleType name="typeDerivationControl">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:derivationControl">
+ <xs:enumeration value="extension"/>
+ <xs:enumeration value="restriction"/>
+ <xs:enumeration value="list"/>
+ <xs:enumeration value="union"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="fullDerivationSet">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ <xs:documentation>
+ #all or (possibly empty) subset of {extension, restriction, list, union}</xs:documentation>
+ </xs:annotation>
+ <xs:union>
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="#all"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType>
+ <xs:list itemType="xs:typeDerivationControl"/>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+
+ <xs:element name="schema" id="schema">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-schema"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:openAttrs">
+ <xs:sequence>
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="xs:include"/>
+ <xs:element ref="xs:import"/>
+ <xs:element ref="xs:redefine"/>
+ <xs:element ref="xs:annotation"/>
+ </xs:choice>
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:group ref="xs:schemaTop"/>
+ <xs:element ref="xs:annotation" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:sequence>
+ <xs:attribute name="targetNamespace" type="xs:anyURI"/>
+ <xs:attribute name="version" type="xs:token"/>
+ <xs:attribute name="finalDefault" type="xs:fullDerivationSet" use="optional" default=""/>
+ <xs:attribute name="blockDefault" type="xs:blockSet" use="optional" default=""/>
+ <xs:attribute name="attributeFormDefault" type="xs:formChoice" use="optional" default="unqualified"/>
+ <xs:attribute name="elementFormDefault" type="xs:formChoice" use="optional" default="unqualified"/>
+ <xs:attribute name="id" type="xs:ID"/>
+ <xs:attribute ref="xml:lang"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:key name="element">
+ <xs:selector xpath="xs:element"/>
+ <xs:field xpath="@name"/>
+ </xs:key>
+
+ <xs:key name="attribute">
+ <xs:selector xpath="xs:attribute"/>
+ <xs:field xpath="@name"/>
+ </xs:key>
+
+ <xs:key name="type">
+ <xs:selector xpath="xs:complexType|xs:simpleType"/>
+ <xs:field xpath="@name"/>
+ </xs:key>
+
+ <xs:key name="group">
+ <xs:selector xpath="xs:group"/>
+ <xs:field xpath="@name"/>
+ </xs:key>
+
+ <xs:key name="attributeGroup">
+ <xs:selector xpath="xs:attributeGroup"/>
+ <xs:field xpath="@name"/>
+ </xs:key>
+
+ <xs:key name="notation">
+ <xs:selector xpath="xs:notation"/>
+ <xs:field xpath="@name"/>
+ </xs:key>
+
+ <xs:key name="identityConstraint">
+ <xs:selector xpath=".//xs:key|.//xs:unique|.//xs:keyref"/>
+ <xs:field xpath="@name"/>
+ </xs:key>
+
+ </xs:element>
+
+ <xs:simpleType name="allNNI">
+ <xs:annotation><xs:documentation>
+ for maxOccurs</xs:documentation></xs:annotation>
+ <xs:union memberTypes="xs:nonNegativeInteger">
+ <xs:simpleType>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="unbounded"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+
+ <xs:attributeGroup name="occurs">
+ <xs:annotation><xs:documentation>
+ for all particles</xs:documentation></xs:annotation>
+ <xs:attribute name="minOccurs" type="xs:nonNegativeInteger" use="optional" default="1"/>
+ <xs:attribute name="maxOccurs" type="xs:allNNI" use="optional" default="1"/>
+ </xs:attributeGroup>
+
+ <xs:attributeGroup name="defRef">
+ <xs:annotation><xs:documentation>
+ for element, group and attributeGroup,
+ which both define and reference</xs:documentation></xs:annotation>
+ <xs:attribute name="name" type="xs:NCName"/>
+ <xs:attribute name="ref" type="xs:QName"/>
+ </xs:attributeGroup>
+
+ <xs:group name="typeDefParticle">
+ <xs:annotation>
+ <xs:documentation>
+ 'complexType' uses this</xs:documentation></xs:annotation>
+ <xs:choice>
+ <xs:element name="group" type="xs:groupRef"/>
+ <xs:element ref="xs:all"/>
+ <xs:element ref="xs:choice"/>
+ <xs:element ref="xs:sequence"/>
+ </xs:choice>
+ </xs:group>
+
+
+
+ <xs:group name="nestedParticle">
+ <xs:choice>
+ <xs:element name="element" type="xs:localElement"/>
+ <xs:element name="group" type="xs:groupRef"/>
+ <xs:element ref="xs:choice"/>
+ <xs:element ref="xs:sequence"/>
+ <xs:element ref="xs:any"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:group name="particle">
+ <xs:choice>
+ <xs:element name="element" type="xs:localElement"/>
+ <xs:element name="group" type="xs:groupRef"/>
+ <xs:element ref="xs:all"/>
+ <xs:element ref="xs:choice"/>
+ <xs:element ref="xs:sequence"/>
+ <xs:element ref="xs:any"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:complexType name="attribute">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:sequence>
+ <xs:element name="simpleType" minOccurs="0" type="xs:localSimpleType"/>
+ </xs:sequence>
+ <xs:attributeGroup ref="xs:defRef"/>
+ <xs:attribute name="type" type="xs:QName"/>
+ <xs:attribute name="use" use="optional" default="optional">
+ <xs:simpleType>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="prohibited"/>
+ <xs:enumeration value="optional"/>
+ <xs:enumeration value="required"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="default" type="xs:string"/>
+ <xs:attribute name="fixed" type="xs:string"/>
+ <xs:attribute name="form" type="xs:formChoice"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="topLevelAttribute">
+ <xs:complexContent>
+ <xs:restriction base="xs:attribute">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:element name="simpleType" minOccurs="0" type="xs:localSimpleType"/>
+ </xs:sequence>
+ <xs:attribute name="ref" use="prohibited"/>
+ <xs:attribute name="form" use="prohibited"/>
+ <xs:attribute name="use" use="prohibited"/>
+ <xs:attribute name="name" use="required" type="xs:NCName"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:group name="attrDecls">
+ <xs:sequence>
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element name="attribute" type="xs:attribute"/>
+ <xs:element name="attributeGroup" type="xs:attributeGroupRef"/>
+ </xs:choice>
+ <xs:element ref="xs:anyAttribute" minOccurs="0"/>
+ </xs:sequence>
+ </xs:group>
+
+ <xs:element name="anyAttribute" type="xs:wildcard" id="anyAttribute">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-anyAttribute"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:group name="complexTypeModel">
+ <xs:choice>
+ <xs:element ref="xs:simpleContent"/>
+ <xs:element ref="xs:complexContent"/>
+ <xs:sequence>
+ <xs:annotation>
+ <xs:documentation>
+ This branch is short for
+ <complexContent>
+ <restriction base="xs:anyType">
+ ...
+ </restriction>
+ </complexContent></xs:documentation>
+ </xs:annotation>
+ <xs:group ref="xs:typeDefParticle" minOccurs="0"/>
+ <xs:group ref="xs:attrDecls"/>
+ </xs:sequence>
+ </xs:choice>
+ </xs:group>
+
+ <xs:complexType name="complexType" abstract="true">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:group ref="xs:complexTypeModel"/>
+ <xs:attribute name="name" type="xs:NCName">
+ <xs:annotation>
+ <xs:documentation>
+ Will be restricted to required or forbidden</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="mixed" type="xs:boolean" use="optional" default="false">
+ <xs:annotation>
+ <xs:documentation>
+ Not allowed if simpleContent child is chosen.
+ May be overriden by setting on complexContent child.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="abstract" type="xs:boolean" use="optional" default="false"/>
+ <xs:attribute name="final" type="xs:derivationSet"/>
+ <xs:attribute name="block" type="xs:derivationSet"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="topLevelComplexType">
+ <xs:complexContent>
+ <xs:restriction base="xs:complexType">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:complexTypeModel"/>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:NCName" use="required"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="localComplexType">
+ <xs:complexContent>
+ <xs:restriction base="xs:complexType">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:complexTypeModel"/>
+ </xs:sequence>
+ <xs:attribute name="name" use="prohibited"/>
+ <xs:attribute name="abstract" use="prohibited"/>
+ <xs:attribute name="final" use="prohibited"/>
+ <xs:attribute name="block" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="restrictionType">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:sequence>
+ <xs:choice minOccurs="0">
+ <xs:group ref="xs:typeDefParticle"/>
+ <xs:group ref="xs:simpleRestrictionModel"/>
+ </xs:choice>
+ <xs:group ref="xs:attrDecls"/>
+ </xs:sequence>
+ <xs:attribute name="base" type="xs:QName" use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="complexRestrictionType">
+ <xs:complexContent>
+ <xs:restriction base="xs:restrictionType">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>This choice is added simply to
+ make this a valid restriction per the REC</xs:documentation>
+ </xs:annotation>
+ <xs:group ref="xs:typeDefParticle"/>
+ </xs:choice>
+ <xs:group ref="xs:attrDecls"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="extensionType">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:sequence>
+ <xs:group ref="xs:typeDefParticle" minOccurs="0"/>
+ <xs:group ref="xs:attrDecls"/>
+ </xs:sequence>
+ <xs:attribute name="base" type="xs:QName" use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="complexContent" id="complexContent">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-complexContent"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:choice>
+ <xs:element name="restriction" type="xs:complexRestrictionType"/>
+ <xs:element name="extension" type="xs:extensionType"/>
+ </xs:choice>
+ <xs:attribute name="mixed" type="xs:boolean">
+ <xs:annotation>
+ <xs:documentation>
+ Overrides any setting on complexType parent.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="simpleRestrictionType">
+ <xs:complexContent>
+ <xs:restriction base="xs:restrictionType">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>This choice is added simply to
+ make this a valid restriction per the REC</xs:documentation>
+ </xs:annotation>
+ <xs:group ref="xs:simpleRestrictionModel"/>
+ </xs:choice>
+ <xs:group ref="xs:attrDecls"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="simpleExtensionType">
+ <xs:complexContent>
+ <xs:restriction base="xs:extensionType">
+ <xs:sequence>
+ <xs:annotation>
+ <xs:documentation>
+ No typeDefParticle group reference</xs:documentation>
+ </xs:annotation>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:attrDecls"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="simpleContent" id="simpleContent">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-simpleContent"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:choice>
+ <xs:element name="restriction" type="xs:simpleRestrictionType"/>
+ <xs:element name="extension" type="xs:simpleExtensionType"/>
+ </xs:choice>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="complexType" type="xs:topLevelComplexType" id="complexType">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-complexType"/>
+ </xs:annotation>
+ </xs:element>
+
+
+ <xs:simpleType name="blockSet">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ <xs:documentation>
+ #all or (possibly empty) subset of {substitution, extension,
+ restriction}</xs:documentation>
+ </xs:annotation>
+ <xs:union>
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="#all"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType>
+ <xs:list>
+ <xs:simpleType>
+ <xs:restriction base="xs:derivationControl">
+ <xs:enumeration value="extension"/>
+ <xs:enumeration value="restriction"/>
+ <xs:enumeration value="substitution"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:list>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+
+ <xs:complexType name="element" abstract="true">
+ <xs:annotation>
+ <xs:documentation>
+ The element element can be used either
+ at the top level to define an element-type binding globally,
+ or within a content model to either reference a globally-defined
+ element or type or declare an element-type binding locally.
+ The ref form is not allowed at the top level.</xs:documentation>
+ </xs:annotation>
+
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:sequence>
+ <xs:choice minOccurs="0">
+ <xs:element name="simpleType" type="xs:localSimpleType"/>
+ <xs:element name="complexType" type="xs:localComplexType"/>
+ </xs:choice>
+ <xs:group ref="xs:identityConstraint" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attributeGroup ref="xs:defRef"/>
+ <xs:attribute name="type" type="xs:QName"/>
+ <xs:attribute name="substitutionGroup" type="xs:QName"/>
+ <xs:attributeGroup ref="xs:occurs"/>
+ <xs:attribute name="default" type="xs:string"/>
+ <xs:attribute name="fixed" type="xs:string"/>
+ <xs:attribute name="nillable" type="xs:boolean" use="optional" default="false"/>
+ <xs:attribute name="abstract" type="xs:boolean" use="optional" default="false"/>
+ <xs:attribute name="final" type="xs:derivationSet"/>
+ <xs:attribute name="block" type="xs:blockSet"/>
+ <xs:attribute name="form" type="xs:formChoice"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="topLevelElement">
+ <xs:complexContent>
+ <xs:restriction base="xs:element">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="0">
+ <xs:element name="simpleType" type="xs:localSimpleType"/>
+ <xs:element name="complexType" type="xs:localComplexType"/>
+ </xs:choice>
+ <xs:group ref="xs:identityConstraint" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="ref" use="prohibited"/>
+ <xs:attribute name="form" use="prohibited"/>
+ <xs:attribute name="minOccurs" use="prohibited"/>
+ <xs:attribute name="maxOccurs" use="prohibited"/>
+ <xs:attribute name="name" use="required" type="xs:NCName"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="localElement">
+ <xs:complexContent>
+ <xs:restriction base="xs:element">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="0">
+ <xs:element name="simpleType" type="xs:localSimpleType"/>
+ <xs:element name="complexType" type="xs:localComplexType"/>
+ </xs:choice>
+ <xs:group ref="xs:identityConstraint" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="substitutionGroup" use="prohibited"/>
+ <xs:attribute name="final" use="prohibited"/>
+ <xs:attribute name="abstract" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="element" type="xs:topLevelElement" id="element">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-element"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:complexType name="group" abstract="true">
+ <xs:annotation>
+ <xs:documentation>
+ group type for explicit groups, named top-level groups and
+ group references</xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:group ref="xs:particle" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:attributeGroup ref="xs:defRef"/>
+ <xs:attributeGroup ref="xs:occurs"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="realGroup">
+ <xs:complexContent>
+ <xs:restriction base="xs:group">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="0" maxOccurs="1">
+ <xs:element ref="xs:all"/>
+ <xs:element ref="xs:choice"/>
+ <xs:element ref="xs:sequence"/>
+ </xs:choice>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="namedGroup">
+ <xs:complexContent>
+ <xs:restriction base="xs:realGroup">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="1" maxOccurs="1">
+ <xs:element name="all">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:restriction base="xs:all">
+ <xs:group ref="xs:allModel"/>
+ <xs:attribute name="minOccurs" use="prohibited"/>
+ <xs:attribute name="maxOccurs" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="choice" type="xs:simpleExplicitGroup"/>
+ <xs:element name="sequence" type="xs:simpleExplicitGroup"/>
+ </xs:choice>
+ </xs:sequence>
+ <xs:attribute name="name" use="required" type="xs:NCName"/>
+ <xs:attribute name="ref" use="prohibited"/>
+ <xs:attribute name="minOccurs" use="prohibited"/>
+ <xs:attribute name="maxOccurs" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="groupRef">
+ <xs:complexContent>
+ <xs:restriction base="xs:realGroup">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="ref" use="required" type="xs:QName"/>
+ <xs:attribute name="name" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="explicitGroup">
+ <xs:annotation>
+ <xs:documentation>
+ group type for the three kinds of group</xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:restriction base="xs:group">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:nestedParticle" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:NCName" use="prohibited"/>
+ <xs:attribute name="ref" type="xs:QName" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="simpleExplicitGroup">
+ <xs:complexContent>
+ <xs:restriction base="xs:explicitGroup">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:nestedParticle" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="minOccurs" use="prohibited"/>
+ <xs:attribute name="maxOccurs" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:group name="allModel">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>This choice with min/max is here to
+ avoid a pblm with the Elt:All/Choice/Seq
+ Particle derivation constraint</xs:documentation>
+ </xs:annotation>
+ <xs:element name="element" type="xs:narrowMaxMin"/>
+ </xs:choice>
+ </xs:sequence>
+ </xs:group>
+
+
+ <xs:complexType name="narrowMaxMin">
+ <xs:annotation>
+ <xs:documentation>restricted max/min</xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:restriction base="xs:localElement">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:choice minOccurs="0">
+ <xs:element name="simpleType" type="xs:localSimpleType"/>
+ <xs:element name="complexType" type="xs:localComplexType"/>
+ </xs:choice>
+ <xs:group ref="xs:identityConstraint" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="minOccurs" use="optional" default="1">
+ <xs:simpleType>
+ <xs:restriction base="xs:nonNegativeInteger">
+ <xs:enumeration value="0"/>
+ <xs:enumeration value="1"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="maxOccurs" use="optional" default="1">
+ <xs:simpleType>
+ <xs:restriction base="xs:allNNI">
+ <xs:enumeration value="0"/>
+ <xs:enumeration value="1"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="all">
+ <xs:annotation>
+ <xs:documentation>
+ Only elements allowed inside</xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:restriction base="xs:explicitGroup">
+ <xs:group ref="xs:allModel"/>
+ <xs:attribute name="minOccurs" use="optional" default="1">
+ <xs:simpleType>
+ <xs:restriction base="xs:nonNegativeInteger">
+ <xs:enumeration value="0"/>
+ <xs:enumeration value="1"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="maxOccurs" use="optional" default="1">
+ <xs:simpleType>
+ <xs:restriction base="xs:allNNI">
+ <xs:enumeration value="1"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="all" id="all" type="xs:all">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-all"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="choice" type="xs:explicitGroup" id="choice">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-choice"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="sequence" type="xs:explicitGroup" id="sequence">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-sequence"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="group" type="xs:namedGroup" id="group">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-group"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:complexType name="wildcard">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:attribute name="namespace" type="xs:namespaceList" use="optional" default="##any"/>
+ <xs:attribute name="processContents" use="optional" default="strict">
+ <xs:simpleType>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="skip"/>
+ <xs:enumeration value="lax"/>
+ <xs:enumeration value="strict"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="any" id="any">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-any"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:wildcard">
+ <xs:attributeGroup ref="xs:occurs"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:annotation>
+ <xs:documentation>
+ simple type for the value of the 'namespace' attr of
+ 'any' and 'anyAttribute'</xs:documentation>
+ </xs:annotation>
+ <xs:annotation>
+ <xs:documentation>
+ Value is
+ ##any - - any non-conflicting WFXML/attribute at all
+
+ ##other - - any non-conflicting WFXML/attribute from
+ namespace other than targetNS
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+
+ one or - - any non-conflicting WFXML/attribute from
+ more URI the listed namespaces
+ references
+ (space separated)
+
+ ##targetNamespace or ##local may appear in the above list, to
+ refer to the targetNamespace of the enclosing
+ schema or an absent targetNamespace respectively</xs:documentation>
+ </xs:annotation>
+
+ <xs:simpleType name="namespaceList">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ </xs:annotation>
+ <xs:union>
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="##any"/>
+ <xs:enumeration value="##other"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType>
+ <xs:list>
+ <xs:simpleType>
+ <xs:union memberTypes="xs:anyURI">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="##targetNamespace"/>
+ <xs:enumeration value="##local"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+ </xs:list>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+
+ <xs:element name="attribute" type="xs:topLevelAttribute" id="attribute">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-attribute"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:complexType name="attributeGroup" abstract="true">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:group ref="xs:attrDecls"/>
+ <xs:attributeGroup ref="xs:defRef"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="namedAttributeGroup">
+ <xs:complexContent>
+ <xs:restriction base="xs:attributeGroup">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:attrDecls"/>
+ </xs:sequence>
+ <xs:attribute name="name" use="required" type="xs:NCName"/>
+ <xs:attribute name="ref" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="attributeGroupRef">
+ <xs:complexContent>
+ <xs:restriction base="xs:attributeGroup">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="ref" use="required" type="xs:QName"/>
+ <xs:attribute name="name" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="attributeGroup" type="xs:namedAttributeGroup" id="attributeGroup">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-attributeGroup"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="include" id="include">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-include"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:attribute name="schemaLocation" type="xs:anyURI" use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="redefine" id="redefine">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-redefine"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:openAttrs">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="xs:annotation"/>
+ <xs:group ref="xs:redefinable"/>
+ </xs:choice>
+ <xs:attribute name="schemaLocation" type="xs:anyURI" use="required"/>
+ <xs:attribute name="id" type="xs:ID"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="import" id="import">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-import"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:attribute name="namespace" type="xs:anyURI"/>
+ <xs:attribute name="schemaLocation" type="xs:anyURI"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="selector" id="selector">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-selector"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:attribute name="xpath" use="required">
+ <xs:simpleType>
+ <xs:annotation>
+ <xs:documentation>A subset of XPath expressions for use
+in selectors</xs:documentation>
+ <xs:documentation>A utility type, not for public
+use</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:token">
+ <xs:annotation>
+ <xs:documentation>The following pattern is intended to allow XPath
+ expressions per the following EBNF:
+ Selector ::= Path ( '|' Path )*
+ Path ::= ('.//')? Step ( '/' Step )*
+ Step ::= '.' | NameTest
+ NameTest ::= QName | '*' | NCName ':' '*'
+ child:: is also allowed
+ </xs:documentation>
+ </xs:annotation>
+ <xs:pattern value="(\.//)?(((child::)?((\i\c*:)?(\i\c*|\*)))|\.)(/(((child::)?((\i\c*:)?(\i\c*|\*)))|\.))*(\|(\.//)?(((child::)?((\i\c*:)?(\i\c*|\*)))|\.)(/(((child::)?((\i\c*:)?(\i\c*|\*)))|\.))*)*">
+ </xs:pattern>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="field" id="field">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-field"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:attribute name="xpath" use="required">
+ <xs:simpleType>
+ <xs:annotation>
+ <xs:documentation>A subset of XPath expressions for use
+in fields</xs:documentation>
+ <xs:documentation>A utility type, not for public
+use</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:token">
+ <xs:annotation>
+ <xs:documentation>The following pattern is intended to allow XPath
+ expressions per the same EBNF as for selector,
+ with the following change:
+ Path ::= ('.//')? ( Step '/' )* ( Step | '@' NameTest )
+ </xs:documentation>
+ </xs:annotation>
+ <xs:pattern value="(\.//)?((((child::)?((\i\c*:)?(\i\c*|\*)))|\.)/)*((((child::)?((\i\c*:)?(\i\c*|\*)))|\.)|((attribute::|@)((\i\c*:)?(\i\c*|\*))))(\|(\.//)?((((child::)?((\i\c*:)?(\i\c*|\*)))|\.)/)*((((child::)?((\i\c*:)?(\i\c*|\*)))|\.)|((attribute::|@)((\i\c*:)?(\i\c*|\*)))))*">
+ </xs:pattern>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="keybase">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:sequence>
+ <xs:element ref="xs:selector"/>
+ <xs:element ref="xs:field" minOccurs="1" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:NCName" use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:group name="identityConstraint">
+ <xs:annotation>
+ <xs:documentation>The three kinds of identity constraints, all with
+ type of or derived from 'keybase'.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:choice>
+ <xs:element ref="xs:unique"/>
+ <xs:element ref="xs:key"/>
+ <xs:element ref="xs:keyref"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:element name="unique" type="xs:keybase" id="unique">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-unique"/>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="key" type="xs:keybase" id="key">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-key"/>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="keyref" id="keyref">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-keyref"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:keybase">
+ <xs:attribute name="refer" type="xs:QName" use="required"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="notation" id="notation">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-notation"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:attribute name="name" type="xs:NCName" use="required"/>
+ <xs:attribute name="public" type="xs:public"/>
+ <xs:attribute name="system" type="xs:anyURI"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:simpleType name="public">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ <xs:documentation>
+ A public identifier, per ISO 8879</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:token"/>
+ </xs:simpleType>
+
+ <xs:element name="appinfo" id="appinfo">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-appinfo"/>
+ </xs:annotation>
+ <xs:complexType mixed="true">
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:any processContents="lax"/>
+ </xs:sequence>
+ <xs:attribute name="source" type="xs:anyURI"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="documentation" id="documentation">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-documentation"/>
+ </xs:annotation>
+ <xs:complexType mixed="true">
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:any processContents="lax"/>
+ </xs:sequence>
+ <xs:attribute name="source" type="xs:anyURI"/>
+ <xs:attribute ref="xml:lang"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="annotation" id="annotation">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-1/#element-annotation"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="xs:openAttrs">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="xs:appinfo"/>
+ <xs:element ref="xs:documentation"/>
+ </xs:choice>
+ <xs:attribute name="id" type="xs:ID"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:annotation>
+ <xs:documentation>
+ notations for use within XML Schema schemas</xs:documentation>
+ </xs:annotation>
+
+ <xs:notation name="XMLSchemaStructures" public="structures" system="http://www.w3.org/2000/08/XMLSchema.xsd"/>
+ <xs:notation name="XML" public="REC-xml-19980210" system="http://www.w3.org/TR/1998/REC-xml-19980210"/>
+
+ <xs:complexType name="anyType" mixed="true">
+ <xs:annotation>
+ <xs:documentation>
+ Not the real urType, but as close an approximation as we can
+ get in the XML representation</xs:documentation>
+ </xs:annotation>
+ <xs:sequence>
+ <xs:any minOccurs="0" maxOccurs="unbounded" processContents="lax"/>
+ </xs:sequence>
+ <xs:anyAttribute processContents="lax"/>
+ </xs:complexType>
+
+ <xs:annotation>
+ <xs:documentation>
+ First the built-in primitive datatypes. These definitions are for
+ information only, the real built-in definitions are magic.
+ </xs:documentation>
+
+ <xs:documentation>
+ For each built-in datatype in this schema (both primitive and
+ derived) can be uniquely addressed via a URI constructed
+ as follows:
+ 1) the base URI is the URI of the XML Schema namespace
+ 2) the fragment identifier is the name of the datatype
+
+ For example, to address the int datatype, the URI is:
+
+ http://www.w3.org/2001/XMLSchema#int
+
+ Additionally, each facet definition element can be uniquely
+ addressed via a URI constructed as follows:
+ 1) the base URI is the URI of the XML Schema namespace
+ 2) the fragment identifier is the name of the facet
+
+ For example, to address the maxInclusive facet, the URI is:
+
+ http://www.w3.org/2001/XMLSchema#maxInclusive
+
+ Additionally, each facet usage in a built-in datatype definition
+ can be uniquely addressed via a URI constructed as follows:
+ 1) the base URI is the URI of the XML Schema namespace
+ 2) the fragment identifier is the name of the datatype, followed
+ by a period (".") followed by the name of the facet
+
+ For example, to address the usage of the maxInclusive facet in
+ the definition of int, the URI is:
+
+ http://www.w3.org/2001/XMLSchema#int.maxInclusive
+
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:simpleType name="string" id="string">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#string"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="preserve" id="string.preserve"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="boolean" id="boolean">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="finite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#boolean"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="boolean.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="float" id="float">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="total"/>
+ <hfp:hasProperty name="bounded" value="true"/>
+ <hfp:hasProperty name="cardinality" value="finite"/>
+ <hfp:hasProperty name="numeric" value="true"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#float"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="float.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="double" id="double">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="total"/>
+ <hfp:hasProperty name="bounded" value="true"/>
+ <hfp:hasProperty name="cardinality" value="finite"/>
+ <hfp:hasProperty name="numeric" value="true"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#double"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="double.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="decimal" id="decimal">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="totalDigits"/>
+ <hfp:hasFacet name="fractionDigits"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="total"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="true"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#decimal"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="decimal.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="duration" id="duration">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#duration"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="duration.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="dateTime" id="dateTime">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#dateTime"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="dateTime.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="time" id="time">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#time"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="time.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="date" id="date">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#date"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="date.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="gYearMonth" id="gYearMonth">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#gYearMonth"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="gYearMonth.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="gYear" id="gYear">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#gYear"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="gYear.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="gMonthDay" id="gMonthDay">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#gMonthDay"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="gMonthDay.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="gDay" id="gDay">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#gDay"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="gDay.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="gMonth" id="gMonth">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="maxInclusive"/>
+ <hfp:hasFacet name="maxExclusive"/>
+ <hfp:hasFacet name="minInclusive"/>
+ <hfp:hasFacet name="minExclusive"/>
+ <hfp:hasProperty name="ordered" value="partial"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#gMonth"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="gMonth.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="hexBinary" id="hexBinary">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#binary"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="hexBinary.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="base64Binary" id="base64Binary">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#base64Binary"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="base64Binary.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="anyURI" id="anyURI">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#anyURI"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="anyURI.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="QName" id="QName">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#QName"/>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="QName.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="NOTATION" id="NOTATION">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#NOTATION"/>
+ <xs:documentation>
+ NOTATION cannot be used directly in a schema; rather a type
+ must be derived from it by specifying at least one enumeration
+ facet whose value is the name of a NOTATION declared in the
+ schema.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:anySimpleType">
+ <xs:whiteSpace value="collapse" fixed="true" id="NOTATION.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:annotation>
+ <xs:documentation>
+ Now the derived primitive types
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:simpleType name="normalizedString" id="normalizedString">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#normalizedString"/>
+ </xs:annotation>
+ <xs:restriction base="xs:string">
+ <xs:whiteSpace value="replace" id="normalizedString.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="token" id="token">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#token"/>
+ </xs:annotation>
+ <xs:restriction base="xs:normalizedString">
+ <xs:whiteSpace value="collapse" id="token.whiteSpace"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="language" id="language">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#language"/>
+ </xs:annotation>
+ <xs:restriction base="xs:token">
+ <xs:pattern value="[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*" id="language.pattern">
+ <xs:annotation>
+ <xs:documentation source="http://www.ietf.org/rfc/rfc3066.txt">
+ pattern specifies the content of section 2.12 of XML 1.0e2
+ and RFC 3066 (Revised version of RFC 1766).
+ </xs:documentation>
+ </xs:annotation>
+ </xs:pattern>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="IDREFS" id="IDREFS">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#IDREFS"/>
+ </xs:annotation>
+ <xs:restriction>
+ <xs:simpleType>
+ <xs:list itemType="xs:IDREF"/>
+ </xs:simpleType>
+ <xs:minLength value="1" id="IDREFS.minLength"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="ENTITIES" id="ENTITIES">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#ENTITIES"/>
+ </xs:annotation>
+ <xs:restriction>
+ <xs:simpleType>
+ <xs:list itemType="xs:ENTITY"/>
+ </xs:simpleType>
+ <xs:minLength value="1" id="ENTITIES.minLength"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="NMTOKEN" id="NMTOKEN">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#NMTOKEN"/>
+ </xs:annotation>
+ <xs:restriction base="xs:token">
+ <xs:pattern value="\c+" id="NMTOKEN.pattern">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/REC-xml#NT-Nmtoken">
+ pattern matches production 7 from the XML spec
+ </xs:documentation>
+ </xs:annotation>
+ </xs:pattern>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="NMTOKENS" id="NMTOKENS">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasFacet name="length"/>
+ <hfp:hasFacet name="minLength"/>
+ <hfp:hasFacet name="maxLength"/>
+ <hfp:hasFacet name="enumeration"/>
+ <hfp:hasFacet name="whiteSpace"/>
+ <hfp:hasFacet name="pattern"/>
+ <hfp:hasProperty name="ordered" value="false"/>
+ <hfp:hasProperty name="bounded" value="false"/>
+ <hfp:hasProperty name="cardinality" value="countably infinite"/>
+ <hfp:hasProperty name="numeric" value="false"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#NMTOKENS"/>
+ </xs:annotation>
+ <xs:restriction>
+ <xs:simpleType>
+ <xs:list itemType="xs:NMTOKEN"/>
+ </xs:simpleType>
+ <xs:minLength value="1" id="NMTOKENS.minLength"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="Name" id="Name">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#Name"/>
+ </xs:annotation>
+ <xs:restriction base="xs:token">
+ <xs:pattern value="\i\c*" id="Name.pattern">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/REC-xml#NT-Name">
+ pattern matches production 5 from the XML spec
+ </xs:documentation>
+ </xs:annotation>
+ </xs:pattern>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="NCName" id="NCName">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#NCName"/>
+ </xs:annotation>
+ <xs:restriction base="xs:Name">
+ <xs:pattern value="[\i-[:]][\c-[:]]*" id="NCName.pattern">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/REC-xml-names/#NT-NCName">
+ pattern matches production 4 from the Namespaces in XML spec
+ </xs:documentation>
+ </xs:annotation>
+ </xs:pattern>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="ID" id="ID">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#ID"/>
+ </xs:annotation>
+ <xs:restriction base="xs:NCName"/>
+ </xs:simpleType>
+
+ <xs:simpleType name="IDREF" id="IDREF">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#IDREF"/>
+ </xs:annotation>
+ <xs:restriction base="xs:NCName"/>
+ </xs:simpleType>
+
+ <xs:simpleType name="ENTITY" id="ENTITY">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#ENTITY"/>
+ </xs:annotation>
+ <xs:restriction base="xs:NCName"/>
+ </xs:simpleType>
+
+ <xs:simpleType name="integer" id="integer">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#integer"/>
+ </xs:annotation>
+ <xs:restriction base="xs:decimal">
+ <xs:fractionDigits value="0" fixed="true" id="integer.fractionDigits"/>
+ <xs:pattern value="[\-+]?[0-9]+"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="nonPositiveInteger" id="nonPositiveInteger">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#nonPositiveInteger"/>
+ </xs:annotation>
+ <xs:restriction base="xs:integer">
+ <xs:maxInclusive value="0" id="nonPositiveInteger.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="negativeInteger" id="negativeInteger">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#negativeInteger"/>
+ </xs:annotation>
+ <xs:restriction base="xs:nonPositiveInteger">
+ <xs:maxInclusive value="-1" id="negativeInteger.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="long" id="long">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasProperty name="bounded" value="true"/>
+ <hfp:hasProperty name="cardinality" value="finite"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#long"/>
+ </xs:annotation>
+ <xs:restriction base="xs:integer">
+ <xs:minInclusive value="-9223372036854775808" id="long.minInclusive"/>
+ <xs:maxInclusive value="9223372036854775807" id="long.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="int" id="int">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#int"/>
+ </xs:annotation>
+ <xs:restriction base="xs:long">
+ <xs:minInclusive value="-2147483648" id="int.minInclusive"/>
+ <xs:maxInclusive value="2147483647" id="int.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="short" id="short">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#short"/>
+ </xs:annotation>
+ <xs:restriction base="xs:int">
+ <xs:minInclusive value="-32768" id="short.minInclusive"/>
+ <xs:maxInclusive value="32767" id="short.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="byte" id="byte">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#byte"/>
+ </xs:annotation>
+ <xs:restriction base="xs:short">
+ <xs:minInclusive value="-128" id="byte.minInclusive"/>
+ <xs:maxInclusive value="127" id="byte.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="nonNegativeInteger" id="nonNegativeInteger">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#nonNegativeInteger"/>
+ </xs:annotation>
+ <xs:restriction base="xs:integer">
+ <xs:minInclusive value="0" id="nonNegativeInteger.minInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="unsignedLong" id="unsignedLong">
+ <xs:annotation>
+ <xs:appinfo>
+ <hfp:hasProperty name="bounded" value="true"/>
+ <hfp:hasProperty name="cardinality" value="finite"/>
+ </xs:appinfo>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#unsignedLong"/>
+ </xs:annotation>
+ <xs:restriction base="xs:nonNegativeInteger">
+ <xs:maxInclusive value="18446744073709551615" id="unsignedLong.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="unsignedInt" id="unsignedInt">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#unsignedInt"/>
+ </xs:annotation>
+ <xs:restriction base="xs:unsignedLong">
+ <xs:maxInclusive value="4294967295" id="unsignedInt.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="unsignedShort" id="unsignedShort">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#unsignedShort"/>
+ </xs:annotation>
+ <xs:restriction base="xs:unsignedInt">
+ <xs:maxInclusive value="65535" id="unsignedShort.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="unsignedByte" id="unsignedByte">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#unsignedByte"/>
+ </xs:annotation>
+ <xs:restriction base="xs:unsignedShort">
+ <xs:maxInclusive value="255" id="unsignedByte.maxInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="positiveInteger" id="positiveInteger">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#positiveInteger"/>
+ </xs:annotation>
+ <xs:restriction base="xs:nonNegativeInteger">
+ <xs:minInclusive value="1" id="positiveInteger.minInclusive"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:simpleType name="derivationControl">
+ <xs:annotation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ </xs:annotation>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="substitution"/>
+ <xs:enumeration value="extension"/>
+ <xs:enumeration value="restriction"/>
+ <xs:enumeration value="list"/>
+ <xs:enumeration value="union"/>
+ </xs:restriction>
+ </xs:simpleType>
+
+ <xs:group name="simpleDerivation">
+ <xs:choice>
+ <xs:element ref="xs:restriction"/>
+ <xs:element ref="xs:list"/>
+ <xs:element ref="xs:union"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:simpleType name="simpleDerivationSet">
+ <xs:annotation>
+ <xs:documentation>
+ #all or (possibly empty) subset of {restriction, union, list}
+ </xs:documentation>
+ <xs:documentation>
+ A utility type, not for public use</xs:documentation>
+ </xs:annotation>
+ <xs:union>
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="#all"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType>
+ <xs:list>
+ <xs:simpleType>
+ <xs:restriction base="xs:derivationControl">
+ <xs:enumeration value="list"/>
+ <xs:enumeration value="union"/>
+ <xs:enumeration value="restriction"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:list>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+
+ <xs:complexType name="simpleType" abstract="true">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:group ref="xs:simpleDerivation"/>
+ <xs:attribute name="final" type="xs:simpleDerivationSet"/>
+ <xs:attribute name="name" type="xs:NCName">
+ <xs:annotation>
+ <xs:documentation>
+ Can be restricted to required or forbidden
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="topLevelSimpleType">
+ <xs:complexContent>
+ <xs:restriction base="xs:simpleType">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:simpleDerivation"/>
+ </xs:sequence>
+ <xs:attribute name="name" use="required" type="xs:NCName">
+ <xs:annotation>
+ <xs:documentation>
+ Required at the top level
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="localSimpleType">
+ <xs:complexContent>
+ <xs:restriction base="xs:simpleType">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ <xs:group ref="xs:simpleDerivation"/>
+ </xs:sequence>
+ <xs:attribute name="name" use="prohibited">
+ <xs:annotation>
+ <xs:documentation>
+ Forbidden when nested
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="final" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="simpleType" type="xs:topLevelSimpleType" id="simpleType">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-simpleType"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:group name="facets">
+ <xs:annotation>
+ <xs:documentation>
+ We should use a substitution group for facets, but
+ that's ruled out because it would allow users to
+ add their own, which we're not ready for yet.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:choice>
+ <xs:element ref="xs:minExclusive"/>
+ <xs:element ref="xs:minInclusive"/>
+ <xs:element ref="xs:maxExclusive"/>
+ <xs:element ref="xs:maxInclusive"/>
+ <xs:element ref="xs:totalDigits"/>
+ <xs:element ref="xs:fractionDigits"/>
+ <xs:element ref="xs:length"/>
+ <xs:element ref="xs:minLength"/>
+ <xs:element ref="xs:maxLength"/>
+ <xs:element ref="xs:enumeration"/>
+ <xs:element ref="xs:whiteSpace"/>
+ <xs:element ref="xs:pattern"/>
+ </xs:choice>
+ </xs:group>
+
+ <xs:group name="simpleRestrictionModel">
+ <xs:sequence>
+ <xs:element name="simpleType" type="xs:localSimpleType" minOccurs="0"/>
+ <xs:group ref="xs:facets" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:group>
+
+ <xs:element name="restriction" id="restriction">
+ <xs:complexType>
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-restriction">
+ base attribute and simpleType child are mutually
+ exclusive, but one or other is required
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:group ref="xs:simpleRestrictionModel"/>
+ <xs:attribute name="base" type="xs:QName" use="optional"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="list" id="list">
+ <xs:complexType>
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-list">
+ itemType attribute and simpleType child are mutually
+ exclusive, but one or other is required
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:sequence>
+ <xs:element name="simpleType" type="xs:localSimpleType" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="itemType" type="xs:QName" use="optional"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="union" id="union">
+ <xs:complexType>
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-union">
+ memberTypes attribute must be non-empty or there must be
+ at least one simpleType child
+ </xs:documentation>
+ </xs:annotation>
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:sequence>
+ <xs:element name="simpleType" type="xs:localSimpleType" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="memberTypes" use="optional">
+ <xs:simpleType>
+ <xs:list itemType="xs:QName"/>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:complexType name="facet">
+ <xs:complexContent>
+ <xs:extension base="xs:annotated">
+ <xs:attribute name="value" use="required"/>
+ <xs:attribute name="fixed" type="xs:boolean" use="optional" default="false"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="noFixedFacet">
+ <xs:complexContent>
+ <xs:restriction base="xs:facet">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="fixed" use="prohibited"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="minExclusive" id="minExclusive" type="xs:facet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-minExclusive"/>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="minInclusive" id="minInclusive" type="xs:facet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-minInclusive"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="maxExclusive" id="maxExclusive" type="xs:facet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-maxExclusive"/>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="maxInclusive" id="maxInclusive" type="xs:facet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-maxInclusive"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:complexType name="numFacet">
+ <xs:complexContent>
+ <xs:restriction base="xs:facet">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="value" type="xs:nonNegativeInteger" use="required"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="totalDigits" id="totalDigits">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-totalDigits"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:restriction base="xs:numFacet">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="value" type="xs:positiveInteger" use="required"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="fractionDigits" id="fractionDigits" type="xs:numFacet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-fractionDigits"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="length" id="length" type="xs:numFacet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-length"/>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="minLength" id="minLength" type="xs:numFacet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-minLength"/>
+ </xs:annotation>
+ </xs:element>
+ <xs:element name="maxLength" id="maxLength" type="xs:numFacet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-maxLength"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="enumeration" id="enumeration" type="xs:noFixedFacet">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-enumeration"/>
+ </xs:annotation>
+ </xs:element>
+
+ <xs:element name="whiteSpace" id="whiteSpace">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-whiteSpace"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:restriction base="xs:facet">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="value" use="required">
+ <xs:simpleType>
+ <xs:restriction base="xs:NMTOKEN">
+ <xs:enumeration value="preserve"/>
+ <xs:enumeration value="replace"/>
+ <xs:enumeration value="collapse"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="pattern" id="pattern">
+ <xs:annotation>
+ <xs:documentation source="http://www.w3.org/TR/xmlschema-2/#element-pattern"/>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:restriction base="xs:noFixedFacet">
+ <xs:sequence>
+ <xs:element ref="xs:annotation" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="value" type="xs:string" use="required"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:restriction>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+</xs:schema>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd">
+<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
+ <uri name="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd" uri="xmldsig-core-schema.xsd"/>
+ <uri name="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd" uri="xenc-schema.xsd"/>
+</catalog>
--- /dev/null
+<!--
+ DTD for XML Schemas: Part 2: Datatypes
+ $Id: datatypes.dtd,v 1.23 2001/03/16 17:36:30 ht Exp $
+ Note this DTD is NOT normative, or even definitive. - - the
+ prose copy in the datatypes REC is the definitive version
+ (which shouldn't differ from this one except for this comment
+ and entity expansions, but just in case)
+ -->
+
+<!--
+ This DTD cannot be used on its own, it is intended
+ only for incorporation in XMLSchema.dtd, q.v.
+ -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+ Customisation entities for the ATTLIST of each element
+ type. Define one of these if your schema takes advantage
+ of the anyAttribute='##other' in the schema for schemas
+ -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+ types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+ #all or space-separated list drawn from derivationChoice
+ -->
+
+<!--
+ Note that the use of 'facet' below is less restrictive
+ than is really intended: There should in fact be no
+ more than one of each of minInclusive, minExclusive,
+ maxInclusive, maxExclusive, totalDigits, fractionDigits,
+ length, maxLength, minLength within datatype,
+ and the min- and max- variants of Inclusive and Exclusive
+ are mutually exclusive. On the other hand, pattern and
+ enumeration may repeat.
+ -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+ "%pattern; | %enumeration; | %whiteSpace; | %length; |
+ %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr
+ "value CDATA #REQUIRED
+ id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+ ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+ name %NCName; #IMPLIED
+ final %simpleDerivationSet; #IMPLIED
+ id ID #IMPLIED
+ %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+ (%restriction1; |
+ ((%simpleType;)?,(%facet;)*)),
+ (%attrDecls;))>
+<!ATTLIST %restriction;
+ base %QName; #IMPLIED
+ id ID #IMPLIED
+ %restrictionAttrs;>
+<!--
+ base and simpleType child are mutually exclusive,
+ one is required.
+
+ restriction is shared between simpleType and
+ simpleContent and complexContent (in XMLSchema.xsd).
+ restriction1 is for the latter cases, when this
+ is restricting a complex type, as is attrDecls.
+ -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+ itemType %QName; #IMPLIED
+ id ID #IMPLIED
+ %listAttrs;>
+<!--
+ itemType and simpleType child are mutually exclusive,
+ one is required
+ -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+ id ID #IMPLIED
+ memberTypes %QNames; #IMPLIED
+ %unionAttrs;>
+<!--
+ At least one item in memberTypes or one simpleType
+ child is required
+ -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+ %facetAttr;
+ %fixedAttr;
+ %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+ %facetAttr;
+ %fixedAttr;
+ %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+ %facetAttr;
+ %fixedAttr;
+ %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+ %facetAttr;
+ %fixedAttr;
+ %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+ %facetAttr;
+ %fixedAttr;
+ %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+ %facetAttr;
+ %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+ %facetAttr;
+ %fixedAttr;
+ %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+ %facetAttr;
+ %patternAttrs;>
--- /dev/null
+<?xml version="1.0" encoding="US-ASCII"?>\r
+<schema\r
+ targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"\r
+ xmlns="http://www.w3.org/2001/XMLSchema"\r
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"\r
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"\r
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"\r
+ elementFormDefault="unqualified"\r
+ attributeFormDefault="unqualified"\r
+ blockDefault="substitution"\r
+ version="2.0">\r
+ <import namespace="http://www.w3.org/2000/09/xmldsig#"\r
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>\r
+ <import namespace="http://www.w3.org/2001/04/xmlenc#"\r
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>\r
+ <annotation>\r
+ <documentation>\r
+ Document identifier: saml-schema-assertion-2.0\r
+ Location: http://docs.oasis-open.org/security/saml/v2.0/\r
+ Revision history:\r
+ V1.0 (November, 2002):\r
+ Initial Standard Schema.\r
+ V1.1 (September, 2003):\r
+ Updates within the same V1.0 namespace.\r
+ V2.0 (March, 2005):\r
+ New assertion schema for SAML V2.0 namespace.\r
+ </documentation>\r
+ </annotation>\r
+ <attributeGroup name="IDNameQualifiers">\r
+ <attribute name="NameQualifier" type="string" use="optional"/>\r
+ <attribute name="SPNameQualifier" type="string" use="optional"/>\r
+ </attributeGroup>\r
+ <element name="BaseID" type="saml:BaseIDAbstractType"/>\r
+ <complexType name="BaseIDAbstractType" abstract="true">\r
+ <attributeGroup ref="saml:IDNameQualifiers"/>\r
+ </complexType>\r
+ <element name="NameID" type="saml:NameIDType"/>\r
+ <complexType name="NameIDType">\r
+ <simpleContent>\r
+ <extension base="string">\r
+ <attributeGroup ref="saml:IDNameQualifiers"/>\r
+ <attribute name="Format" type="anyURI" use="optional"/>\r
+ <attribute name="SPProvidedID" type="string" use="optional"/>\r
+ </extension>\r
+ </simpleContent>\r
+ </complexType>\r
+ <complexType name="EncryptedElementType">\r
+ <sequence>\r
+ <element ref="xenc:EncryptedData"/>\r
+ <element ref="xenc:EncryptedKey" minOccurs="0" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ </complexType>\r
+ <element name="EncryptedID" type="saml:EncryptedElementType"/>\r
+ <element name="Issuer" type="saml:NameIDType"/>\r
+ <element name="AssertionIDRef" type="NCName"/>\r
+ <element name="AssertionURIRef" type="anyURI"/>\r
+ <element name="Assertion" type="saml:AssertionType"/>\r
+ <complexType name="AssertionType">\r
+ <sequence>\r
+ <element ref="saml:Issuer"/>\r
+ <element ref="ds:Signature" minOccurs="0"/>\r
+ <element ref="saml:Subject" minOccurs="0"/>\r
+ <element ref="saml:Conditions" minOccurs="0"/>\r
+ <element ref="saml:Advice" minOccurs="0"/>\r
+ <choice minOccurs="0" maxOccurs="unbounded">\r
+ <element ref="saml:Statement"/>\r
+ <element ref="saml:AuthnStatement"/>\r
+ <element ref="saml:AuthzDecisionStatement"/>\r
+ <element ref="saml:AttributeStatement"/>\r
+ </choice>\r
+ </sequence>\r
+ <attribute name="Version" type="string" use="required"/>\r
+ <attribute name="ID" type="ID" use="required"/>\r
+ <attribute name="IssueInstant" type="dateTime" use="required"/>\r
+ </complexType>\r
+ <element name="Subject" type="saml:SubjectType"/>\r
+ <complexType name="SubjectType">\r
+ <choice>\r
+ <sequence>\r
+ <choice>\r
+ <element ref="saml:BaseID"/>\r
+ <element ref="saml:NameID"/>\r
+ <element ref="saml:EncryptedID"/>\r
+ </choice>\r
+ <element ref="saml:SubjectConfirmation" minOccurs="0" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>\r
+ </choice>\r
+ </complexType>\r
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>\r
+ <complexType name="SubjectConfirmationType">\r
+ <sequence>\r
+ <choice minOccurs="0">\r
+ <element ref="saml:BaseID"/>\r
+ <element ref="saml:NameID"/>\r
+ <element ref="saml:EncryptedID"/>\r
+ </choice>\r
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>\r
+ </sequence>\r
+ <attribute name="Method" type="anyURI" use="required"/>\r
+ </complexType>\r
+ <element name="SubjectConfirmationData" type="saml:SubjectConfirmationDataType"/>\r
+ <complexType name="SubjectConfirmationDataType" mixed="true">\r
+ <complexContent>\r
+ <restriction base="anyType">\r
+ <sequence>\r
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ <attribute name="NotBefore" type="dateTime" use="optional"/>\r
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
+ <attribute name="Recipient" type="anyURI" use="optional"/>\r
+ <attribute name="InResponseTo" type="NCName" use="optional"/>\r
+ <attribute name="Address" type="string" use="optional"/>\r
+ <anyAttribute namespace="##other" processContents="lax"/>\r
+ </restriction>\r
+ </complexContent>\r
+ </complexType>\r
+ <complexType name="KeyInfoConfirmationDataType" mixed="false">\r
+ <complexContent>\r
+ <restriction base="saml:SubjectConfirmationDataType">\r
+ <sequence>\r
+ <element ref="ds:KeyInfo" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ </restriction>\r
+ </complexContent>\r
+ </complexType>\r
+ <element name="Conditions" type="saml:ConditionsType"/>\r
+ <complexType name="ConditionsType">\r
+ <choice minOccurs="0" maxOccurs="unbounded">\r
+ <element ref="saml:Condition"/>\r
+ <element ref="saml:AudienceRestriction"/>\r
+ <element ref="saml:OneTimeUse"/>\r
+ <element ref="saml:ProxyRestriction"/>\r
+ </choice>\r
+ <attribute name="NotBefore" type="dateTime" use="optional"/>\r
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>\r
+ </complexType>\r
+ <element name="Condition" type="saml:ConditionAbstractType"/>\r
+ <complexType name="ConditionAbstractType" abstract="true"/>\r
+ <element name="AudienceRestriction" type="saml:AudienceRestrictionType"/>\r
+ <complexType name="AudienceRestrictionType">\r
+ <complexContent>\r
+ <extension base="saml:ConditionAbstractType">\r
+ <sequence>\r
+ <element ref="saml:Audience" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ </extension>\r
+ </complexContent>\r
+ </complexType>\r
+ <element name="Audience" type="anyURI"/>\r
+ <element name="OneTimeUse" type="saml:OneTimeUseType" />\r
+ <complexType name="OneTimeUseType">\r
+ <complexContent>\r
+ <extension base="saml:ConditionAbstractType"/>\r
+ </complexContent>\r
+ </complexType>\r
+ <element name="ProxyRestriction" type="saml:ProxyRestrictionType"/>\r
+ <complexType name="ProxyRestrictionType">\r
+ <complexContent>\r
+ <extension base="saml:ConditionAbstractType">\r
+ <sequence>\r
+ <element ref="saml:Audience" minOccurs="0" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ <attribute name="Count" type="nonNegativeInteger" use="optional"/>\r
+ </extension>\r
+ </complexContent>\r
+ </complexType>\r
+ <element name="Advice" type="saml:AdviceType"/>\r
+ <complexType name="AdviceType">\r
+ <choice minOccurs="0" maxOccurs="unbounded">\r
+ <element ref="saml:AssertionIDRef"/>\r
+ <element ref="saml:AssertionURIRef"/>\r
+ <element ref="saml:Assertion"/>\r
+ <element ref="saml:EncryptedAssertion"/>\r
+ <any namespace="##other" processContents="lax"/>\r
+ </choice>\r
+ </complexType>\r
+ <element name="EncryptedAssertion" type="saml:EncryptedElementType"/>\r
+ <element name="Statement" type="saml:StatementAbstractType"/>\r
+ <complexType name="StatementAbstractType" abstract="true"/>\r
+ <element name="AuthnStatement" type="saml:AuthnStatementType"/>\r
+ <complexType name="AuthnStatementType">\r
+ <complexContent>\r
+ <extension base="saml:StatementAbstractType">\r
+ <sequence>\r
+ <element ref="saml:SubjectLocality" minOccurs="0"/>\r
+ <element ref="saml:AuthnContext"/>\r
+ </sequence>\r
+ <attribute name="AuthnInstant" type="dateTime" use="required"/>\r
+ <attribute name="SessionIndex" type="string" use="optional"/>\r
+ <attribute name="SessionNotOnOrAfter" type="dateTime" use="optional"/>\r
+ </extension>\r
+ </complexContent>\r
+ </complexType>\r
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>\r
+ <complexType name="SubjectLocalityType">\r
+ <attribute name="Address" type="string" use="optional"/>\r
+ <attribute name="DNSName" type="string" use="optional"/>\r
+ </complexType>\r
+ <element name="AuthnContext" type="saml:AuthnContextType"/>\r
+ <complexType name="AuthnContextType">\r
+ <sequence>\r
+ <choice>\r
+ <sequence>\r
+ <element ref="saml:AuthnContextClassRef"/>\r
+ <choice minOccurs="0">\r
+ <element ref="saml:AuthnContextDecl"/>\r
+ <element ref="saml:AuthnContextDeclRef"/>\r
+ </choice>\r
+ </sequence>\r
+ <choice>\r
+ <element ref="saml:AuthnContextDecl"/>\r
+ <element ref="saml:AuthnContextDeclRef"/>\r
+ </choice>\r
+ </choice>\r
+ <element ref="saml:AuthenticatingAuthority" minOccurs="0" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ </complexType>\r
+ <element name="AuthnContextClassRef" type="anyURI"/>\r
+ <element name="AuthnContextDeclRef" type="anyURI"/>\r
+ <element name="AuthnContextDecl" type="anyType"/>\r
+ <element name="AuthenticatingAuthority" type="anyURI"/>\r
+ <element name="AuthzDecisionStatement" type="saml:AuthzDecisionStatementType"/>\r
+ <complexType name="AuthzDecisionStatementType">\r
+ <complexContent>\r
+ <extension base="saml:StatementAbstractType">\r
+ <sequence>\r
+ <element ref="saml:Action" maxOccurs="unbounded"/>\r
+ <element ref="saml:Evidence" minOccurs="0"/>\r
+ </sequence>\r
+ <attribute name="Resource" type="anyURI" use="required"/>\r
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>\r
+ </extension>\r
+ </complexContent>\r
+ </complexType>\r
+ <simpleType name="DecisionType">\r
+ <restriction base="string">\r
+ <enumeration value="Permit"/>\r
+ <enumeration value="Deny"/>\r
+ <enumeration value="Indeterminate"/>\r
+ </restriction>\r
+ </simpleType>\r
+ <element name="Action" type="saml:ActionType"/>\r
+ <complexType name="ActionType">\r
+ <simpleContent>\r
+ <extension base="string">\r
+ <attribute name="Namespace" type="anyURI" use="required"/>\r
+ </extension>\r
+ </simpleContent>\r
+ </complexType>\r
+ <element name="Evidence" type="saml:EvidenceType"/>\r
+ <complexType name="EvidenceType">\r
+ <choice maxOccurs="unbounded">\r
+ <element ref="saml:AssertionIDRef"/>\r
+ <element ref="saml:AssertionURIRef"/>\r
+ <element ref="saml:Assertion"/>\r
+ <element ref="saml:EncryptedAssertion"/>\r
+ </choice>\r
+ </complexType>\r
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>\r
+ <complexType name="AttributeStatementType">\r
+ <complexContent>\r
+ <extension base="saml:StatementAbstractType">\r
+ <choice maxOccurs="unbounded">\r
+ <element ref="saml:Attribute"/>\r
+ <element ref="saml:EncryptedAttribute"/>\r
+ </choice>\r
+ </extension>\r
+ </complexContent>\r
+ </complexType>\r
+ <element name="Attribute" type="saml:AttributeType"/>\r
+ <complexType name="AttributeType">\r
+ <sequence>\r
+ <element ref="saml:AttributeValue" minOccurs="0" maxOccurs="unbounded"/>\r
+ </sequence>\r
+ <attribute name="Name" type="string" use="required"/>\r
+ <attribute name="NameFormat" type="anyURI" use="optional"/>\r
+ <attribute name="FriendlyName" type="string" use="optional"/>\r
+ <anyAttribute namespace="##other" processContents="lax"/>\r
+ </complexType>\r
+ <element name="AttributeValue" type="anyType" nillable="true"/>\r
+ <element name="EncryptedAttribute" type="saml:EncryptedElementType"/>\r
+</schema>\r
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE schema PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "XMLSchema.dtd" [
+ <!ATTLIST schema
+ xmlns:xenc CDATA #FIXED 'http://www.w3.org/2001/04/xmlenc#'
+ xmlns:ds CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY xenc 'http://www.w3.org/2001/04/xmlenc#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+<schema xmlns="http://www.w3.org/2001/XMLSchema" version="1.0" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.w3.org/2001/04/xmlenc#" elementFormDefault="qualified">
+
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+
+ <complexType name="EncryptedType" abstract="true">
+ <sequence>
+ <element name="EncryptionMethod" type="xenc:EncryptionMethodType" minOccurs="0"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="xenc:CipherData"/>
+ <element ref="xenc:EncryptionProperties" minOccurs="0"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/>
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+ </complexType>
+
+ <complexType name="EncryptionMethodType" mixed="true">
+ <sequence>
+ <element name="KeySize" minOccurs="0" type="xenc:KeySizeType"/>
+ <element name="OAEPparams" minOccurs="0" type="base64Binary"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <simpleType name="KeySizeType">
+ <restriction base="integer"/>
+ </simpleType>
+
+ <element name="CipherData" type="xenc:CipherDataType"/>
+ <complexType name="CipherDataType">
+ <choice>
+ <element name="CipherValue" type="base64Binary"/>
+ <element ref="xenc:CipherReference"/>
+ </choice>
+ </complexType>
+
+ <element name="CipherReference" type="xenc:CipherReferenceType"/>
+ <complexType name="CipherReferenceType">
+ <choice>
+ <element name="Transforms" type="xenc:TransformsType" minOccurs="0"/>
+ </choice>
+ <attribute name="URI" type="anyURI" use="required"/>
+ </complexType>
+
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+
+ <element name="EncryptedData" type="xenc:EncryptedDataType"/>
+ <complexType name="EncryptedDataType">
+ <complexContent>
+ <extension base="xenc:EncryptedType">
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <!-- Children of ds:KeyInfo -->
+
+ <element name="EncryptedKey" type="xenc:EncryptedKeyType"/>
+ <complexType name="EncryptedKeyType">
+ <complexContent>
+ <extension base="xenc:EncryptedType">
+ <sequence>
+ <element ref="xenc:ReferenceList" minOccurs="0"/>
+ <element name="CarriedKeyName" type="string" minOccurs="0"/>
+ </sequence>
+ <attribute name="Recipient" type="string" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
+ <complexType name="AgreementMethodType" mixed="true">
+ <sequence>
+ <element name="KA-Nonce" minOccurs="0" type="base64Binary"/>
+ <!-- <element ref="ds:DigestMethod" minOccurs="0"/> -->
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <element name="OriginatorKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+ <element name="RecipientKeyInfo" minOccurs="0" type="ds:KeyInfoType"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <!-- End Children of ds:KeyInfo -->
+
+ <element name="ReferenceList">
+ <complexType>
+ <choice minOccurs="1" maxOccurs="unbounded">
+ <element name="DataReference" type="xenc:ReferenceType"/>
+ <element name="KeyReference" type="xenc:ReferenceType"/>
+ </choice>
+ </complexType>
+ </element>
+
+ <complexType name="ReferenceType">
+ <sequence>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="URI" type="anyURI" use="required"/>
+ </complexType>
+
+
+ <element name="EncryptionProperties" type="xenc:EncryptionPropertiesType"/>
+ <complexType name="EncryptionPropertiesType">
+ <sequence>
+ <element ref="xenc:EncryptionProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+ <element name="EncryptionProperty" type="xenc:EncryptionPropertyType"/>
+ <complexType name="EncryptionPropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ <attribute name="Target" type="anyURI" use="optional"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
+ </complexType>
+
+</schema>
--- /dev/null
+<?xml version='1.0'?>
+<?xml-stylesheet href="../2008/09/xsd.xsl" type="text/xsl"?>
+<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns ="http://www.w3.org/1999/xhtml"
+ xml:lang="en">
+
+ <xs:annotation>
+ <xs:documentation>
+ <div>
+ <h1>About the XML namespace</h1>
+
+ <div class="bodytext">
+ <p>
+ This schema document describes the XML namespace, in a form
+ suitable for import by other schema documents.
+ </p>
+ <p>
+ See <a href="http://www.w3.org/XML/1998/namespace.html">
+ http://www.w3.org/XML/1998/namespace.html</a> and
+ <a href="http://www.w3.org/TR/REC-xml">
+ http://www.w3.org/TR/REC-xml</a> for information
+ about this namespace.
+ </p>
+ <p>
+ Note that local names in this namespace are intended to be
+ defined only by the World Wide Web Consortium or its subgroups.
+ The names currently defined in this namespace are listed below.
+ They should not be used with conflicting semantics by any Working
+ Group, specification, or document instance.
+ </p>
+ <p>
+ See further below in this document for more information about <a
+ href="#usage">how to refer to this schema document from your own
+ XSD schema documents</a> and about <a href="#nsversioning">the
+ namespace-versioning policy governing this schema document</a>.
+ </p>
+ </div>
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="lang">
+ <xs:annotation>
+ <xs:documentation>
+ <div>
+
+ <h3>lang (as an attribute name)</h3>
+ <p>
+ denotes an attribute whose value
+ is a language code for the natural language of the content of
+ any element; its value is inherited. This name is reserved
+ by virtue of its definition in the XML specification.</p>
+
+ </div>
+ <div>
+ <h4>Notes</h4>
+ <p>
+ Attempting to install the relevant ISO 2- and 3-letter
+ codes as the enumerated possible values is probably never
+ going to be a realistic possibility.
+ </p>
+ <p>
+ See BCP 47 at <a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">
+ http://www.rfc-editor.org/rfc/bcp/bcp47.txt</a>
+ and the IANA language subtag registry at
+ <a href="http://www.iana.org/assignments/language-subtag-registry">
+ http://www.iana.org/assignments/language-subtag-registry</a>
+ for further information.
+ </p>
+ <p>
+ The union allows for the 'un-declaration' of xml:lang with
+ the empty string.
+ </p>
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+ <xs:simpleType>
+ <xs:union memberTypes="xs:language">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value=""/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="space">
+ <xs:annotation>
+ <xs:documentation>
+ <div>
+
+ <h3>space (as an attribute name)</h3>
+ <p>
+ denotes an attribute whose
+ value is a keyword indicating what whitespace processing
+ discipline is intended for the content of the element; its
+ value is inherited. This name is reserved by virtue of its
+ definition in the XML specification.</p>
+
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+ <xs:simpleType>
+ <xs:restriction base="xs:NCName">
+ <xs:enumeration value="default"/>
+ <xs:enumeration value="preserve"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="base" type="xs:anyURI"> <xs:annotation>
+ <xs:documentation>
+ <div>
+
+ <h3>base (as an attribute name)</h3>
+ <p>
+ denotes an attribute whose value
+ provides a URI to be used as the base for interpreting any
+ relative URIs in the scope of the element on which it
+ appears; its value is inherited. This name is reserved
+ by virtue of its definition in the XML Base specification.</p>
+
+ <p>
+ See <a
+ href="http://www.w3.org/TR/xmlbase/">http://www.w3.org/TR/xmlbase/</a>
+ for information about this attribute.
+ </p>
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attribute name="id" type="xs:ID">
+ <xs:annotation>
+ <xs:documentation>
+ <div>
+
+ <h3>id (as an attribute name)</h3>
+ <p>
+ denotes an attribute whose value
+ should be interpreted as if declared to be of type ID.
+ This name is reserved by virtue of its definition in the
+ xml:id specification.</p>
+
+ <p>
+ See <a
+ href="http://www.w3.org/TR/xml-id/">http://www.w3.org/TR/xml-id/</a>
+ for information about this attribute.
+ </p>
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attributeGroup name="specialAttrs">
+ <xs:attribute ref="xml:base"/>
+ <xs:attribute ref="xml:lang"/>
+ <xs:attribute ref="xml:space"/>
+ <xs:attribute ref="xml:id"/>
+ </xs:attributeGroup>
+
+ <xs:annotation>
+ <xs:documentation>
+ <div>
+
+ <h3>Father (in any context at all)</h3>
+
+ <div class="bodytext">
+ <p>
+ denotes Jon Bosak, the chair of
+ the original XML Working Group. This name is reserved by
+ the following decision of the W3C XML Plenary and
+ XML Coordination groups:
+ </p>
+ <blockquote>
+ <p>
+ In appreciation for his vision, leadership and
+ dedication the W3C XML Plenary on this 10th day of
+ February, 2000, reserves for Jon Bosak in perpetuity
+ the XML name "xml:Father".
+ </p>
+ </blockquote>
+ </div>
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>
+ <div xml:id="usage" id="usage">
+ <h2><a name="usage">About this schema document</a></h2>
+
+ <div class="bodytext">
+ <p>
+ This schema defines attributes and an attribute group suitable
+ for use by schemas wishing to allow <code>xml:base</code>,
+ <code>xml:lang</code>, <code>xml:space</code> or
+ <code>xml:id</code> attributes on elements they define.
+ </p>
+ <p>
+ To enable this, such a schema must import this schema for
+ the XML namespace, e.g. as follows:
+ </p>
+ <pre>
+ <schema . . .>
+ . . .
+ <import namespace="http://www.w3.org/XML/1998/namespace"
+ schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ </pre>
+ <p>
+ or
+ </p>
+ <pre>
+ <import namespace="http://www.w3.org/XML/1998/namespace"
+ schemaLocation="http://www.w3.org/2009/01/xml.xsd"/>
+ </pre>
+ <p>
+ Subsequently, qualified reference to any of the attributes or the
+ group defined below will have the desired effect, e.g.
+ </p>
+ <pre>
+ <type . . .>
+ . . .
+ <attributeGroup ref="xml:specialAttrs"/>
+ </pre>
+ <p>
+ will define a type which will schema-validate an instance element
+ with any of those attributes.
+ </p>
+ </div>
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>
+ <div id="nsversioning" xml:id="nsversioning">
+ <h2><a name="nsversioning">Versioning policy for this schema document</a></h2>
+ <div class="bodytext">
+ <p>
+ In keeping with the XML Schema WG's standard versioning
+ policy, this schema document will persist at
+ <a href="http://www.w3.org/2009/01/xml.xsd">
+ http://www.w3.org/2009/01/xml.xsd</a>.
+ </p>
+ <p>
+ At the date of issue it can also be found at
+ <a href="http://www.w3.org/2001/xml.xsd">
+ http://www.w3.org/2001/xml.xsd</a>.
+ </p>
+ <p>
+ The schema document at that URI may however change in the future,
+ in order to remain compatible with the latest version of XML
+ Schema itself, or with the XML namespace itself. In other words,
+ if the XML Schema or XML namespaces change, the version of this
+ document at <a href="http://www.w3.org/2001/xml.xsd">
+ http://www.w3.org/2001/xml.xsd
+ </a>
+ will change accordingly; the version at
+ <a href="http://www.w3.org/2009/01/xml.xsd">
+ http://www.w3.org/2009/01/xml.xsd
+ </a>
+ will not change.
+ </p>
+ <p>
+ Previous dated (and unchanging) versions of this schema
+ document are at:
+ </p>
+ <ul>
+ <li><a href="http://www.w3.org/2009/01/xml.xsd">
+ http://www.w3.org/2009/01/xml.xsd</a></li>
+ <li><a href="http://www.w3.org/2007/08/xml.xsd">
+ http://www.w3.org/2007/08/xml.xsd</a></li>
+ <li><a href="http://www.w3.org/2004/10/xml.xsd">
+ http://www.w3.org/2004/10/xml.xsd</a></li>
+ <li><a href="http://www.w3.org/2001/03/xml.xsd">
+ http://www.w3.org/2001/03/xml.xsd</a></li>
+ </ul>
+ </div>
+ </div>
+ </xs:documentation>
+ </xs:annotation>
+
+</xs:schema>
+
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE schema PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "XMLSchema.dtd" [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+<schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.w3.org/2000/09/xmldsig#" version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="base64Binary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="base64Binary"/>
+ <element name="X509CRL" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="base64Binary"/>
+ <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
--- /dev/null
+/etc/alternatives/vtrgb
\ No newline at end of file
--- /dev/null
+###
+### Sample Wget initialization file .wgetrc
+###
+
+## You can use this file to change the default behaviour of wget or to
+## avoid having to type many many command-line options. This file does
+## not contain a comprehensive list of commands -- look at the manual
+## to find out what you can put into this file. You can find this here:
+## $ info wget.info 'Startup File'
+## Or online here:
+## https://www.gnu.org/software/wget/manual/wget.html#Startup-File
+##
+## Wget initialization file can reside in /etc/wgetrc
+## (global, for all users) or $HOME/.wgetrc (for a single user).
+##
+## To use the settings in this file, you will have to uncomment them,
+## as well as change them, in most cases, as the values on the
+## commented-out lines are the default values (e.g. "off").
+##
+## Command are case-, underscore- and minus-insensitive.
+## For example ftp_proxy, ftp-proxy and ftpproxy are the same.
+
+
+##
+## Global settings (useful for setting up in /etc/wgetrc).
+## Think well before you change them, since they may reduce wget's
+## functionality, and make it behave contrary to the documentation:
+##
+
+# You can set retrieve quota for beginners by specifying a value
+# optionally followed by 'K' (kilobytes) or 'M' (megabytes). The
+# default quota is unlimited.
+#quota = inf
+
+# You can lower (or raise) the default number of retries when
+# downloading a file (default is 20).
+#tries = 20
+
+# Lowering the maximum depth of the recursive retrieval is handy to
+# prevent newbies from going too "deep" when they unwittingly start
+# the recursive retrieval. The default is 5.
+#reclevel = 5
+
+# By default Wget uses "passive FTP" transfer where the client
+# initiates the data connection to the server rather than the other
+# way around. That is required on systems behind NAT where the client
+# computer cannot be easily reached from the Internet. However, some
+# firewalls software explicitly supports active FTP and in fact has
+# problems supporting passive transfer. If you are in such
+# environment, use "passive_ftp = off" to revert to active FTP.
+#passive_ftp = off
+passive_ftp = on
+
+# The "wait" command below makes Wget wait between every connection.
+# If, instead, you want Wget to wait only between retries of failed
+# downloads, set waitretry to maximum number of seconds to wait (Wget
+# will use "linear backoff", waiting 1 second after the first failure
+# on a file, 2 seconds after the second failure, etc. up to this max).
+#waitretry = 10
+
+
+##
+## Local settings (for a user to set in his $HOME/.wgetrc). It is
+## *highly* undesirable to put these settings in the global file, since
+## they are potentially dangerous to "normal" users.
+##
+## Even when setting up your own ~/.wgetrc, you should know what you
+## are doing before doing so.
+##
+
+# Set this to on to use timestamping by default:
+#timestamping = off
+
+# It is a good idea to make Wget send your email address in a `From:'
+# header with your request (so that server administrators can contact
+# you in case of errors). Wget does *not* send `From:' by default.
+#header = From: Your Name <username@site.domain>
+
+# You can set up other headers, like Accept-Language. Accept-Language
+# is *not* sent by default.
+#header = Accept-Language: en
+
+# You can set the default proxies for Wget to use for http, https, and ftp.
+# They will override the value in the environment.
+#https_proxy = http://proxy.yoyodyne.com:18023/
+#http_proxy = http://proxy.yoyodyne.com:18023/
+#ftp_proxy = http://proxy.yoyodyne.com:18023/
+
+# If you do not want to use proxy at all, set this to off.
+#use_proxy = on
+
+# You can customize the retrieval outlook. Valid options are default,
+# binary, mega and micro.
+#dot_style = default
+
+# Setting this to off makes Wget not download /robots.txt. Be sure to
+# know *exactly* what /robots.txt is and how it is used before changing
+# the default!
+#robots = on
+
+# It can be useful to make Wget wait between connections. Set this to
+# the number of seconds you want Wget to wait.
+#wait = 0
+
+# You can force creating directory structure, even if a single is being
+# retrieved, by setting this to on.
+#dirstruct = off
+
+# You can turn on recursive retrieving by default (don't do this if
+# you are not sure you know what it means) by setting this to on.
+#recursive = off
+
+# To always back up file X as X.orig before converting its links (due
+# to -k / --convert-links / convert_links = on having been specified),
+# set this variable to on:
+#backup_converted = off
+
+# To have Wget follow FTP links from HTML files by default, set this
+# to on:
+#follow_ftp = off
+
+# To try ipv6 addresses first:
+#prefer-family = IPv6
+
+# Set default IRI support state
+#iri = off
+
+# Force the default system encoding
+#localencoding = UTF-8
+
+# Force the default remote server encoding
+#remoteencoding = UTF-8
+
+# Turn on to prevent following non-HTTPS links when in recursive mode
+#httpsonly = off
+
+# Tune HTTPS security (auto, SSLv2, SSLv3, TLSv1, PFS)
+#secureprotocol = auto
--- /dev/null
+# /etc/xattr.conf
+#
+# Format:
+# <pattern> <action>
+#
+# Actions:
+# permissions - copy when trying to preserve permissions.
+# skip - do not copy.
+
+system.nfs4_acl permissions
+system.nfs4acl permissions
+system.posix_acl_access permissions
+system.posix_acl_default permissions
+trusted.SGI_ACL_DEFAULT skip # xfs specific
+trusted.SGI_ACL_FILE skip # xfs specific
+trusted.SGI_CAP_FILE skip # xfs specific
+trusted.SGI_DMI_* skip # xfs specific
+trusted.SGI_MAC_FILE skip # xfs specific
+xfsroot.* skip # xfs specific; obsolete
+user.Beagle.* skip # ignore Beagle index data
+security.evm skip # may only be written by kernel
--- /dev/null
+[Desktop Entry]
+Name=Snap user application autostart helper
+Comment=Helper program for launching snap applications that are configured to start automatically.
+Exec=/usr/bin/snap userd --autostart
+Type=Application
+NoDisplay=true
--- /dev/null
+[Desktop Entry]
+Type=Application
+Name=User folders update
+TryExec=xdg-user-dirs-update
+Exec=xdg-user-dirs-update
+StartupNotify=false
+NoDisplay=true
+X-Ubuntu-Gettext-Domain=xdg-user-dirs
+
+X-GNOME-Autostart-Phase=Initialization
+X-KDE-autostart-phase=1
--- /dev/null
+../../systemd/user
\ No newline at end of file
--- /dev/null
+# This controls the behaviour of xdg-user-dirs-update which is run on user login
+# You can also have per-user config in ~/.config/user-dirs.conf, or specify
+# the XDG_CONFIG_HOME and/or XDG_CONFIG_DIRS to override this
+#
+
+enabled=True
+
+# This sets the filename encoding to use. You can specify an explicit
+# encoding, or "locale" which means the encoding of the users locale
+# will be used
+filename_encoding=UTF-8
--- /dev/null
+# Default settings for user directories
+#
+# The values are relative pathnames from the home directory and
+# will be translated on a per-path-element basis into the users locale
+DESKTOP=Desktop
+DOWNLOAD=Downloads
+TEMPLATES=Templates
+PUBLICSHARE=Public
+DOCUMENTS=Documents
+MUSIC=Music
+PICTURES=Pictures
+VIDEOS=Videos
+# Another alternative is:
+#MUSIC=Documents/Music
+#PICTURES=Documents/Pictures
+#VIDEOS=Documents/Videos
--- /dev/null
+# (c) Zygmunt Krynicki 2007,
+# Licensed under GPL, see COPYING for the whole text
+#
+# This script will look-up command in the database and suggest
+# installation of packages available from the repository
+
+if [[ -x /usr/lib/command-not-found ]] ; then
+ if (( ! ${+functions[command_not_found_handler]} )) ; then
+ function command_not_found_handler {
+ [[ -x /usr/lib/command-not-found ]] || return 1
+ /usr/lib/command-not-found --no-failure-msg -- ${1+"$1"} && :
+ }
+ fi
+fi
projects / nutratech / vps-root.git / commitdiff