├── rel ├── version ├── .gitignore ├── README.md ├── .gitmodules ├── check-for-config-changes ├── .gitlab-ci.yml ├── .qubesbuilder ├── Makefile.builder ├── 0001-sound-Disable-SG-buffer.patch ├── series.conf ├── 0001-amdgpu-timeout.patch ├── kernel-devel.spec ├── 0003-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch ├── apply-patches ├── mod-sign.sh ├── 0004-pvops-respect-removable-xenstore-flag-for-block-devi.patch ├── 0006-block-add-no_part_scan-module-parameter.patch ├── xen-events-Add-wakeup-support-to-xen-pirq.patch ├── gen-config ├── kernel.org-1-key.asc ├── kernel-updater.py ├── 0002-mce-hide-EBUSY-initialization-error-on-Xen.patch ├── config-qubes-minimal ├── 0013-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch ├── update-sources ├── Makefile ├── xen-pm-use-suspend.patch ├── 0001-PCI-add-a-reset-quirk-for-Intel-I219LM-ethernet-adap.patch ├── get-fedora-latest-config ├── 0001-xen-xenbus-better-handle-backend-crash.patch ├── 0001-Revert-e1000e-change-k1-configuration-on-MTP-and-lat.patch ├── config-qubes ├── guards ├── xen-pciback-pm-suspend.patch ├── kernel.spec.in └── kernel.org-2-key.asc /rel: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /version: -------------------------------------------------------------------------------- 1 | 6.17.13 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | linux-*.tar 2 | linux-*.tar.gz.UNTRUSTED 3 | linux-*.tar.xz.UNTRUSTED 4 | linux-*.sign 5 | linux-keyring.gpg 6 | kernel-*/ 7 | config-base-* 8 | macbook12-spi-driver-*.tar 9 | macbook12-spi-driver-*.tar.gz.UNTRUSTED 10 | pkgs 11 | spi.sha256 12 | genfs/genfs 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Qubes package for Linux kernel 2 | ============================== 3 | 4 | Building release candidate kernels 5 | ---------------------------------- 6 | 7 | 1. Write kernel version into `version` file, for example 6.0-rc7. 8 | 2. Comment out "normal" tarball section in `.qubesbuilder` and uncomment the one for rc kernel. 9 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "dummy-psu"] 2 | path = dummy-psu 3 | url = https://github.com/QubesOS/qubes-dummy-psu 4 | [submodule "dummy-backlight"] 5 | path = dummy-backlight 6 | url = https://github.com/QubesOS/qubes-dummy-backlight 7 | [submodule "linux-utils"] 8 | path = linux-utils 9 | url = https://github.com/QubesOS/qubes-linux-utils.git 10 | branch = release4.0 11 | [submodule "v4l2loopback"] 12 | path = v4l2loopback 13 | url = https://github.com/umlaeute/v4l2loopback 14 | -------------------------------------------------------------------------------- /check-for-config-changes: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # lines 4 contains a timestamp... 4 | differences="$( 5 | diff -bU0 <(sed -e '/^# .* is not set$/p' -e '/^$\|^#/d' "$1" | sort) \ 6 | <(sed -e '/^# .* is not set$/p' -e '/^$\|^#/d' "$2" | sort) \ 7 | | grep '^[-+][^-+]' 8 | )" || true 9 | if [ -n "$differences" ]; then 10 | echo 11 | echo "Changes after running \`make oldconfig':" 12 | echo "$differences" 13 | echo 14 | if echo "$differences" | grep -q '^+' ; then 15 | exit 1 16 | fi 17 | fi 18 | -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | include: 2 | - file: /r4.2/gitlab-base.yml 3 | project: QubesOS/qubes-continuous-integration 4 | - file: /r4.2/gitlab-host-build.yml 5 | project: QubesOS/qubes-continuous-integration 6 | - file: /r4.2/gitlab-host-openqa.yml 7 | project: QubesOS/qubes-continuous-integration 8 | - file: /r4.3/gitlab-base.yml 9 | project: QubesOS/qubes-continuous-integration 10 | - file: /r4.3/gitlab-host-build.yml 11 | project: QubesOS/qubes-continuous-integration 12 | - file: /r4.3/gitlab-host-openqa.yml 13 | project: QubesOS/qubes-continuous-integration 14 | -------------------------------------------------------------------------------- /.qubesbuilder: -------------------------------------------------------------------------------- 1 | host: 2 | rpm: 3 | build: 4 | - kernel.spec 5 | source: 6 | modules: 7 | - linux-utils 8 | - dummy-psu 9 | - dummy-backlight 10 | - v4l2loopback 11 | files: 12 | - url: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-@VERSION@.tar.xz 13 | signature: https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-@VERSION@.tar.sign 14 | uncompress: true 15 | ## for -rc kernels, use this: 16 | # - git-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 17 | # git-basename: linux-@VERSION@ 18 | # tag: v@VERSION@ 19 | pubkeys: 20 | - kernel.org-2-key.asc 21 | - kernel.org-1-key.asc 22 | -------------------------------------------------------------------------------- /Makefile.builder: -------------------------------------------------------------------------------- 1 | ifeq ($(PACKAGE_SET),dom0) 2 | RPM_SPEC_FILES := kernel.spec 3 | NO_ARCHIVE := 1 4 | 5 | INCLUDED_SOURCES = dummy-psu dummy-backlight linux-utils v4l2loopback 6 | SOURCE_COPY_IN := $(INCLUDED_SOURCES) 7 | 8 | $(INCLUDED_SOURCES): SRC_SUBDIR=$@ 9 | $(INCLUDED_SOURCES): VERSION=$(shell git -C $(ORIG_SRC)/$(SRC_SUBDIR) rev-parse --short HEAD) 10 | $(INCLUDED_SOURCES): 11 | $(BUILDER_DIR)/scripts/create-archive $(CHROOT_DIR)/$(DIST_SRC)/$(SRC_SUBDIR) $(SRC_SUBDIR)-$(VERSION).tar.gz $(SRC_SUBDIR)/ 12 | mv $(CHROOT_DIR)/$(DIST_SRC)/$(SRC_SUBDIR)/$(SRC_SUBDIR)-$(VERSION).tar.gz $(CHROOT_DIR)/$(DIST_SRC) 13 | sed -i "s#@$(SRC_SUBDIR)@#$(SRC_SUBDIR)-$(VERSION).tar.gz#" $(CHROOT_DIR)/$(DIST_SRC)/kernel.spec.in 14 | endif 15 | -------------------------------------------------------------------------------- /0001-sound-Disable-SG-buffer.patch: -------------------------------------------------------------------------------- 1 | From bcc68c3829df041bf22ee493f8eb58fce230303b Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= 3 | 4 | Date: Tue, 27 Dec 2022 15:49:46 +0100 5 | Subject: [PATCH] sound: Disable SG-buffer 6 | 7 | This appears to be broken under Xen PV (or other Qubes-specific 8 | factor?), so disable it until fixed. 9 | --- 10 | sound/core/Kconfig | 4 ++-- 11 | 1 file changed, 2 insertions(+), 2 deletions(-) 12 | 13 | diff --git a/sound/core/Kconfig b/sound/core/Kconfig 14 | index 12990d9a4dff..18798d99021d 100644 15 | --- a/sound/core/Kconfig 16 | +++ b/sound/core/Kconfig 17 | @@ -225,8 +225,8 @@ config SND_VMASTER 18 | bool 19 | 20 | config SND_DMA_SGBUF 21 | - def_bool y 22 | - depends on X86 23 | + def_bool n 24 | +# depends on X86 25 | 26 | config SND_CTL_LED 27 | tristate 28 | -- 29 | 2.37.3 30 | 31 | -------------------------------------------------------------------------------- /series.conf: -------------------------------------------------------------------------------- 1 | 0001-kbuild-AFTER_LINK.patch 2 | 0003-mce-hide-EBUSY-initialization-error-on-Xen.patch 3 | 0004-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch 4 | 5 | # Additional features 6 | 0005-pvops-respect-removable-xenstore-flag-for-block-devi.patch 7 | 0006-pvops-xen-blkfront-handle-FDEJECT-as-detach-request-.patch 8 | 0007-block-add-no_part_scan-module-parameter.patch 9 | 10 | # Security fixes 11 | 0008-xen-Add-RING_COPY_RESPONSE.patch 12 | 0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch 13 | 0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch 14 | 0011-xen-netfront-add-range-check-for-Tx-response-id.patch 15 | 0012-xen-blkfront-make-local-copy-of-response-before-usin.patch 16 | 0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch 17 | 18 | # MSI-X enabled device passthrough fix (#1734) 19 | 0014-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch 20 | 21 | # Fix for MSI support with stubdoms 22 | 0015-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch 23 | -------------------------------------------------------------------------------- /0001-amdgpu-timeout.patch: -------------------------------------------------------------------------------- 1 | From 3e4d6ef627749a90cdedc0e7ddae3eabe7c73bda Mon Sep 17 00:00:00 2001 2 | From: Augsch123 <130238014+Augsch123@users.noreply.github.com> 3 | Date: Wed, 17 May 2023 09:57:33 +0800 4 | Subject: [PATCH] Increase amdgpu_psp timeout 5 | 6 | The timeout of some psp commands seems to be too strict for resuming amdgpu in 7 | dom0, resulting in occasional resume failures on some AMD hardwares. 8 | 9 | --- 10 | drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- 11 | 1 file changed, 1 insertion(+), 1 deletion(-) 12 | 13 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c 14 | index 3f5d13035..fb27ed88d 100644 15 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c 16 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c 17 | @@ -248,7 +248,7 @@ static int psp_early_init(void *handle) 18 | 19 | psp->adev = adev; 20 | 21 | - adev->psp_timeout = 20000; 22 | + adev->psp_timeout = 50000; 23 | 24 | psp_check_pmfw_centralized_cstate_management(psp); 25 | 26 | -- 27 | 2.30.2 28 | 29 | -------------------------------------------------------------------------------- /kernel-devel.spec: -------------------------------------------------------------------------------- 1 | 2 | %if 0%{?qubes_builder} 3 | %define _sourcedir %(pwd) 4 | %endif 5 | 6 | #%define _unpackaged_files_terminate_build 0 7 | %define variant pvops.qubes 8 | %define plainrel %(cat rel) 9 | %define rel %{plainrel}.%{variant} 10 | %define version %(cat version) 11 | 12 | Name: kernel-devel 13 | Version: %{version} 14 | Release: %{rel} 15 | Epoch: 1000 16 | Summary: Development files necessary for building kernel modules 17 | 18 | Group: Development/Sources 19 | License: GPL v2 only 20 | Url: http://www.kernel.org/ 21 | 22 | %description 23 | This package contains files necessary for building kernel modules (and 24 | kernel module packages) against the pvops flavor of the kernel. 25 | 26 | %prep 27 | echo "Dummy spec, do not try to build, use kernel.spec instead" 28 | exit 1 29 | 30 | 31 | %build 32 | echo "Dummy spec, do not try to build, use kernel.spec instead" 33 | exit 1 34 | 35 | %install 36 | echo "Dummy spec, do not try to build, use kernel.spec instead" 37 | exit 1 38 | 39 | %files 40 | %doc 41 | 42 | 43 | 44 | %changelog 45 | 46 | -------------------------------------------------------------------------------- /0003-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch: -------------------------------------------------------------------------------- 1 | From b52ecfd2ee13fd99901b6d596bc3f7796c2ac12f Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= 3 | 4 | Date: Sat, 30 Jan 2016 01:53:26 +0100 5 | Subject: [PATCH] Log error code of EVTCHNOP_bind_pirq failure 6 | 7 | Ease debugging of PCI passthrough problems. 8 | --- 9 | drivers/xen/events/events_base.c | 2 +- 10 | 1 file changed, 1 insertion(+), 1 deletion(-) 11 | 12 | diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c 13 | index 3a791c8485d0..b75bcebc635b 100644 14 | --- a/drivers/xen/events/events_base.c 15 | +++ b/drivers/xen/events/events_base.c 16 | @@ -522,7 +522,7 @@ static unsigned int __startup_pirq(unsigned int irq) 17 | BIND_PIRQ__WILL_SHARE : 0; 18 | rc = HYPERVISOR_event_channel_op(EVTCHNOP_bind_pirq, &bind_pirq); 19 | if (rc != 0) { 20 | - pr_warn("Failed to obtain physical IRQ %d\n", info->irq); 21 | + pr_warn("Failed to obtain physical IRQ %d (error %d)\n", info->irq, rc); 22 | return 0; 23 | } 24 | evtchn = bind_pirq.port; 25 | -- 26 | 2.25.4 27 | 28 | -------------------------------------------------------------------------------- /apply-patches: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Given a series.conf file and a directory with patches, applies them to the 4 | # current directory. 5 | # Used by kernel-source.spec.in and kernel-binary.spec.in 6 | 7 | USAGE="$0 [--vanilla] [symbol ...]" 8 | 9 | set -e 10 | set -o pipefail 11 | vanilla=false 12 | if test "$1" == "--vanilla"; then 13 | vanilla=true 14 | shift 15 | fi 16 | if test $# -lt 2; then 17 | echo "$USAGE" >&2 18 | exit 1 19 | fi 20 | DIR="${0%/*}" 21 | SERIES_CONF=$1 22 | PATCH_DIR=$2 23 | shift 2 24 | 25 | trap 'rm -f "$series"' EXIT 26 | series=$(mktemp) 27 | # support for patches in patches.addon/series 28 | cp "$SERIES_CONF" "$series" 29 | if ! $vanilla && test -e "$PATCH_DIR/patches.addon/series"; then 30 | # make it user-friendly and automatically prepend "patches.addon/" 31 | # if there is no "/" 32 | sed -r 's|^([[:space:]]*)([^#[:space:]][^/]*)$|\1patches.addon/\2|' \ 33 | "$PATCH_DIR/patches.addon/series" >>"$series" 34 | fi 35 | 36 | ( 37 | echo "trap 'echo \"*** patch \$_ failed ***\"' ERR" 38 | echo "set -ex" 39 | "$DIR"/guards "$@" <"$series" | \ 40 | if $vanilla; then 41 | egrep '^patches\.(kernel\.org|rpmify)/' 42 | else 43 | cat 44 | fi |\ 45 | sed "s|^|patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/|" 46 | ) | sh 47 | 48 | -------------------------------------------------------------------------------- /mod-sign.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # The modules_sign target checks for corresponding .o files for every .ko that 4 | # is signed. This doesn't work for package builds which re-use the same build 5 | # directory for every flavour, and the .config may change between flavours. 6 | # So instead of using this script to just sign lib/modules/$KernelVer/extra, 7 | # sign all .ko in the buildroot. 8 | 9 | # This essentially duplicates the 'modules_sign' Kbuild target and runs the 10 | # same commands for those modules. 11 | 12 | MODSECKEY=$1 13 | MODPUBKEY=$2 14 | moddir=$3 15 | 16 | modules=`find $moddir -type f -name '*.ko'` 17 | 18 | NPROC=`nproc` 19 | [ -z "$NPROC" ] && NPROC=1 20 | 21 | # NB: this loop runs 2000+ iterations. Try to be fast. 22 | echo "$modules" | xargs -r -n16 -P $NPROC sh -c " 23 | for mod; do 24 | ./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod 25 | rm -f \$mod.sig \$mod.dig 26 | done 27 | " DUMMYARG0 # xargs appends ARG1 ARG2..., which go into $mod in for loop. 28 | 29 | RANDOMMOD=$(echo "$modules" | sort -R | head -n 1) 30 | if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then 31 | echo "*****************************" 32 | echo "*** Modules are unsigned! ***" 33 | echo "*****************************" 34 | exit 1 35 | fi 36 | 37 | exit 0 38 | -------------------------------------------------------------------------------- /0004-pvops-respect-removable-xenstore-flag-for-block-devi.patch: -------------------------------------------------------------------------------- 1 | From 5be0986f3e697c6b9b1f9d7427984b23d02ca80c Mon Sep 17 00:00:00 2001 2 | From: Marek Marczykowski 3 | Date: Mon, 11 Jun 2012 22:49:31 +0200 4 | Subject: [PATCH] pvops: respect 'removable' xenstore flag for block devices 5 | 6 | Especially this is needed by pmount to allow mount qvm-block attached devices 7 | by normal user. 8 | --- 9 | drivers/block/xen-blkfront.c | 7 +++++++ 10 | 1 file changed, 7 insertions(+) 11 | 12 | diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c 13 | index 67aa63dabcff..d5c0da5fe1cb 100644 14 | --- a/drivers/block/xen-blkfront.c 15 | +++ b/drivers/block/xen-blkfront.c 16 | @@ -2314,6 +2314,7 @@ static void blkfront_connect(struct blkfront_info *info) 17 | unsigned long long sectors; 18 | int err, i; 19 | struct blkfront_ring_info *rinfo; 20 | + int removable; 21 | 22 | switch (info->connected) { 23 | case BLKIF_STATE_CONNECTED: 24 | @@ -2378,6 +2379,12 @@ static void blkfront_connect(struct blkfront_info *info) 25 | } 26 | } 27 | 28 | + err = xenbus_gather(XBT_NIL, info->xbdev->otherend, 29 | + "removable", "%d", &removable, 30 | + NULL); 31 | + if (!err && removable) 32 | + info->vdisk_info |= VDISK_REMOVABLE; 33 | + 34 | err = xlvbd_alloc_gendisk(sectors, info); 35 | if (err) { 36 | xenbus_dev_fatal(info->xbdev, err, "xlvbd_add at %s", 37 | -- 38 | 2.45.2 39 | 40 | -------------------------------------------------------------------------------- /0006-block-add-no_part_scan-module-parameter.patch: -------------------------------------------------------------------------------- 1 | From a4b4ac197ecfb96377e06dc8a0fbb9d5c3867e77 Mon Sep 17 00:00:00 2001 2 | From: Rusty Bird 3 | Date: Mon, 11 Jul 2016 13:05:38 +0000 4 | Subject: [PATCH] block: add no_part_scan module parameter 5 | 6 | Define a boolean module parameter named "no_part_scan" defaulting to N, 7 | which, if set to Y, always causes the GENHD_FL_NO_PART_SCAN flag to be 8 | added to subsequently created block devices, thereby disabling the 9 | kernel's various partition table parsers for them. 10 | 11 | The parameter's current value can be changed at any time by writing to 12 | the /sys/module/block/parameters/no_part_scan file. 13 | --- 14 | block/genhd.c | 11 +++++++++++ 15 | 1 file changed, 11 insertions(+) 16 | 17 | diff --git a/block/genhd.c b/block/genhd.c 18 | index 8171a6bc3210f..755652ad806a9 100644 19 | --- a/block/genhd.c 20 | +++ b/block/genhd.c 21 | @@ -424,6 +424,14 @@ static void add_disk_final(struct gendisk *disk) 22 | set_bit(GD_ADDED, &disk->state); 23 | } 24 | 25 | +#undef MODULE_PARAM_PREFIX 26 | +#define MODULE_PARAM_PREFIX "block." 27 | + 28 | +/* partition scanning policy */ 29 | +static bool disk_no_part_scan = 0; 30 | +module_param_named(no_part_scan, disk_no_part_scan, bool, S_IRUGO|S_IWUSR); 31 | +MODULE_PARM_DESC(no_part_scan, "When adding block devices, always mark them as not to be scanned for partitions"); 32 | + 33 | static int __add_disk(struct device *parent, struct gendisk *disk, 34 | const struct attribute_group **groups, 35 | struct fwnode_handle *fwnode) 36 | @@ -447,6 +455,9 @@ static int __add_disk(struct device *parent, struct gendisk *disk, 37 | bdev_set_flag(disk->part0, BD_HAS_SUBMIT_BIO); 38 | } 39 | 40 | + if (disk_no_part_scan) 41 | + disk->flags |= GENHD_FL_NO_PART; 42 | + 43 | /* 44 | * If the driver provides an explicit major number it also must provide 45 | * the number of minors numbers supported, and those will be used to 46 | -- 47 | 2.49.0 48 | 49 | -------------------------------------------------------------------------------- /xen-events-Add-wakeup-support-to-xen-pirq.patch: -------------------------------------------------------------------------------- 1 | From 3a3cbf4f4e6289ecc421ebea610e68e95aaf37ec Mon Sep 17 00:00:00 2001 2 | : 3 | : Waiting for upstream review: 4 | : https://lore.kernel.org/xen-devel/20230313134102.3157-1-simon@invisiblethingslab.com/ 5 | : 6 | From: Simon Gaiser 7 | Date: Mon, 13 Mar 2023 14:01:47 +0100 8 | Subject: [PATCH] xen/events: Add wakeup support to xen-pirq 9 | 10 | This allows entering and exiting s2idle. Actual S0ix residency is 11 | another topic [1]. 12 | 13 | Without this the ACPI code currently ignores the error enable_irq_wake() 14 | returns when being used on a xen-pirq and the system goes to idle for 15 | ever since the wakeup IRQ doesn't gets enabled. With [2] the error is 16 | handled and the system refuses to go to s2idle. 17 | 18 | Link: https://lore.kernel.org/xen-devel/9051e484-b128-715a-9253-48af8e47bb9d@invisiblethingslab.com/ # [1] 19 | Link: https://lore.kernel.org/linux-acpi/20230313125344.2893-1-simon@invisiblethingslab.com/ # [2] 20 | Signed-off-by: Simon Gaiser 21 | --- 22 | 23 | While I think that the set of flags I set is correct, I'm not familiar 24 | with that code, so please pay special attention during review if they 25 | are actually correct for xen-pirq. 26 | 27 | drivers/xen/events/events_base.c | 4 ++++ 28 | 1 file changed, 4 insertions(+) 29 | 30 | diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c 31 | index c7715f8bd452..991082f04f05 100644 32 | --- a/drivers/xen/events/events_base.c 33 | +++ b/drivers/xen/events/events_base.c 34 | @@ -2176,6 +2176,10 @@ static struct irq_chip xen_pirq_chip __read_mostly = { 35 | .irq_set_affinity = set_affinity_irq, 36 | 37 | .irq_retrigger = retrigger_dynirq, 38 | + 39 | + .flags = IRQCHIP_SKIP_SET_WAKE | 40 | + IRQCHIP_ENABLE_WAKEUP_ON_SUSPEND | 41 | + IRQCHIP_MASK_ON_SUSPEND, 42 | }; 43 | 44 | static struct irq_chip xen_percpu_chip __read_mostly = { 45 | -- 46 | 2.39.2 47 | 48 | -------------------------------------------------------------------------------- /gen-config: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # The Qubes OS Project, https://www.qubes-os.org 4 | # 5 | # Copyright (C) 2017 Simon Gaiser 6 | # Copyright (c) 2009-2010 Wind River Systems, Inc. 7 | # Copyright 2011 Linaro 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License version 2 as 11 | # published by the Free Software Foundation. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 16 | # See the GNU General Public License for more details. 17 | 18 | set -eu -o pipefail 19 | 20 | linux_merge_config="./scripts/kconfig/merge_config.sh" 21 | make_opts="" 22 | 23 | if [ -n "${LINUX_UPSTREAM_VERSION:-}" ]; then 24 | linux_merge_config="../linux-$LINUX_UPSTREAM_VERSION/scripts/kconfig/merge_config.sh" 25 | make_opts="-C ../linux-$LINUX_UPSTREAM_VERSION O=$PWD" 26 | fi 27 | 28 | if [ -z "$linux_merge_config" ]; then 29 | printf 'Error: Could not find merge_config.sh from the linux source tree!\n' 30 | exit 1 31 | fi 32 | 33 | sed_config_exp='s/^\(# \)\{0,1\}\(CONFIG_[a-zA-Z0-9_]*\)[= ].*/\2/p' 34 | 35 | if [ $# -ne 2 ]; then 36 | printf 'Usage: gen-config base.config local.config\n' 37 | exit 1 38 | fi 39 | 40 | base_config="$1" 41 | local_config="$2" 42 | 43 | grep -v '^##' "$local_config" > "$local_config.gen" || [ $? -le 1 ] 44 | 45 | $linux_merge_config -m "$base_config" "$local_config.gen" 46 | 47 | make $make_opts KCONFIG_ALLCONFIG=.config alldefconfig 48 | 49 | rc=0 50 | for cfg in $(sed -n "$sed_config_exp" "$local_config.gen"); do 51 | requested="$(grep -w "$cfg" "$local_config.gen" || true)" 52 | actual="$(grep -w "$cfg" .config || true)" 53 | if [ "$requested" != "$actual" ]; then 54 | printf 'Local config setting for %s didn'\''t make it into the final config\n' "$cfg" 55 | rc=1 56 | fi 57 | done 58 | 59 | rm "$local_config.gen" 60 | 61 | exit $rc 62 | -------------------------------------------------------------------------------- /kernel.org-1-key.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQENBE55CJIBCACkn+aOLmsaq1ejUcXCAOXkO3w7eiLqjR/ziTL2KZ30p7bxP8cT 4 | UXvfM7fwE7EnqCCkji25x2xsoKXB8AlUswIEYUFCOupj2BOsVmJ/rKZW7fCvKTOK 5 | +BguKjebDxNbgmif39bfSnHDWrW832f5HrYmZn7a/VySDQFdul8Gl/R6gs6PHJbg 6 | jjt+K7Px6cQVMVNvY/VBWdvA1zckO/4h6gf3kWWZN+Wlq8wv/pxft8QzNFgweH9o 7 | 5bj4tnQ+wMCLCLiDsgEuVawoOAkg3dRMugIUoiKoBKw7b21q9Vjp4jezRvciC6Ys 8 | 4kGUSFG1ZjIn3MpY3f3xZ3yuYwrxQ8JcA7KTABEBAAG0JExpbnVzIFRvcnZhbGRz 9 | IDx0b3J2YWxkc0BrZXJuZWwub3JnPokBTgQTAQgAOBYhBKuvEcZaKXCxMKvjxHm+ 10 | PkMAQRiGBQJaHxkTAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEHm+PkMA 11 | QRiGzMcH/ieyxrsHR0ng3pi+qy1/sLiTT4WEBN53+1FsGWdP6/DCD3sprFdWDkkB 12 | Dfh9vPCVzPqX7siZMJxw3+wOfjNnGBRiGj7mTE/1XeXJHDwFRyBEVa/bY8ExLKbv 13 | Bf+xpiWOg2Myj5RYaOUBFbOEtfTPob0FtvfZvK3PXkjODTHhDH7QJT2zNPivHG+E 14 | R5VyF1yJEpl10rDTM91NhEeV0n4wpfZkgL8a3JSzo9H2AJX3y35+Dk9wtNge440Z 15 | SVWAnjwxhBLX2R0LUszRhU925c0vP2l20eFncBmAT0NKpn7v9a670WHv45PluG+S 16 | KKktf6b5/BtfqpC3eV58I6FEtSVpM1u0LkxpbnVzIFRvcnZhbGRzIDx0b3J2YWxk 17 | c0BsaW51eC1mb3VuZGF0aW9uLm9yZz6JATgEEwECACIFAk55CJICGwMGCwkIBwMC 18 | BhUIAgkKCwQWAgMBAh4BAheAAAoJEHm+PkMAQRiGbpwH/2jMNyBq6SjFrltEwt6c 19 | wOJak1lkjpP5IfFMemfKPH03jBv98Yb7nnVE/VofRQi0erPvzU9HPitzmq9Hdaz8 20 | pTVD1nNiejn6MBHREY5T10U8J9Holn9S1G3CUvEUaBg+YEhHwWA8hhxFCIRcfz6N 21 | PRkZH5zi9xdXBnjLrE3CpoZwVguwCT/25DuSqqJnviKiH+BOvJi/BnHSnjV1J71M 22 | OpVabaTZKxQ1Qkwiyo7KRa/MrBV4Cw87MjF1jmja91wWNOuAwv1ST+aSaI038zcl 23 | VqbFrc9gHkTeP3o5p8DG3Q7A1pE/yVLRUW+3jucKtiojylWaqxX7FD0RZtIuhNsU 24 | ig+5AQ0ETnkIkgEIAN+ybgD0IlgKRPJ3eksafd+KORseBWwxUy3GH0yAg/4jZCsf 25 | HZ7jpbRKzxNTKW1kE6ClSqehUsuXT5Vc1eh6079erN3y+JNxl6zZPC9v+5GNyc28 26 | qSfNejt4wmwa/y86T7oQfgo77o8Gu/aO/xzOjw7jSDDR3u9p/hFVtsqzptxZzvs3 27 | hVaiLS+0mar9qYZheaCUqOXOKVo38Vg5gkOhMEwKvZs9x3fINU/t8ckxOHq6KiLa 28 | p5Bq87XP0ZJsCaMBwdLYhOFxAiEVtlzwyo3DvMplIahqqNELb71YDhpMq/Hu+42o 29 | R3pqASCPLfO/0GUSdAGXJVhv7L7ng02ETSBmVOUAEQEAAYkBHwQYAQIACQUCTnkI 30 | kgIbDAAKCRB5vj5DAEEYhuobB/9Fi1GVG5qnPq14S0WKYEW3N891L37LaXmDh977 31 | r/j2dyZOoYIiV4rx6a6urhq9UbcgNw/ke01TNM4y7EhW/lFnxJQXSMjdsXGcb9Hw 32 | UevDk2FMV1h9gkHLlqRUlTpjVdQwTB9wMd4bWhZsxybTnGh6o8dCwBEaGNsHsSBY 33 | O81OXrTE/fcZEgKCeKW2xdKRiazu6Mu5WLU6gBy2nOc6oL2zKJZjACfllQzBx5+6 34 | z2N4Sj0JBOobz4RR2JLElMEckMbdqbIS+c+n02ItMmCORgakf74k+TEbaZx3ZTVH 35 | nhvqQqanZz1i4I5IwHJxkUsYLddgYrylZH+MwNDlB5u3I138 36 | =d8eq 37 | -----END PGP PUBLIC KEY BLOCK----- 38 | -------------------------------------------------------------------------------- /kernel-updater.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | import sys 4 | import argparse 5 | import requests 6 | import json 7 | 8 | from packaging import version 9 | from packaging.version import parse as parse_version 10 | 11 | 12 | class KernelUpdaterClient: 13 | def __init__(self, version, branch): 14 | self.version = version 15 | self.branch = branch 16 | 17 | def get_version_qubes(self): 18 | return self.version 19 | 20 | def get_version_upstream(self): 21 | url_releases = 'https://www.kernel.org/releases.json' 22 | r = requests.get(url_releases) 23 | latest_upstream = None 24 | if 200 <= r.status_code < 300: 25 | content = json.loads(r.content.decode('utf-8')) 26 | releases = [rel['version'] for rel in content['releases'] if 27 | rel['moniker'] in ('stable', 'longterm') and not rel['iseol']] 28 | releases.sort(key=parse_version, reverse=True) 29 | 30 | if 'stable-' in self.branch: 31 | branch_version = self.branch.split('-')[1] 32 | releases = [rel for rel in releases if 33 | rel.startswith(branch_version)] 34 | 35 | latest_upstream = releases[0] 36 | else: 37 | print('An error occurred while downloading "%s"' % url_releases) 38 | 39 | return latest_upstream 40 | 41 | def is_update_needed(self): 42 | version_qubes = self.get_version_qubes() 43 | version_upstream = self.get_version_upstream() 44 | if version_qubes and version_upstream and (version.parse(version_qubes) < version.parse(version_upstream)): 45 | return version_upstream 46 | 47 | def parse_args(argv): 48 | parser = argparse.ArgumentParser() 49 | 50 | parser.add_argument('--check-update', required=False, action='store_true') 51 | parser.add_argument('--version', required=True) 52 | parser.add_argument('--branch', required=True) 53 | 54 | args = parser.parse_args(argv[1:]) 55 | 56 | return args 57 | 58 | 59 | def main(argv): 60 | args = parse_args(argv) 61 | client = KernelUpdaterClient(version=args.version, branch=args.branch) 62 | 63 | if args.check_update: 64 | is_update_needed = client.is_update_needed() 65 | if is_update_needed is not None: 66 | print(is_update_needed) 67 | 68 | return 0 69 | 70 | 71 | if __name__ == '__main__': 72 | sys.exit(main(sys.argv)) 73 | -------------------------------------------------------------------------------- /0002-mce-hide-EBUSY-initialization-error-on-Xen.patch: -------------------------------------------------------------------------------- 1 | From 75b3b949f232394e7079ee02916725a6fb03c273 Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= 3 | 4 | Date: Tue, 5 Jan 2016 02:44:04 +0100 5 | Subject: [PATCH] mce: hide EBUSY initialization error on Xen 6 | MIME-Version: 1.0 7 | Content-Type: text/plain; charset=UTF-8 8 | Content-Transfer-Encoding: 8bit 9 | 10 | In case of Xen, the device is already registered by xen mcelog (in 11 | xen_late_init_mcelog), so fail here is expected. Note that 12 | mcheck_init_device call is still expected to initialize mce_device. Comment 13 | from threshold_init_device explaining the situation: 14 | 15 | /* 16 | * there are 3 funcs which need to be _initcalled in a logic sequence: 17 | * 1. xen_late_init_mcelog 18 | * 2. mcheck_init_device 19 | * 3. threshold_init_device 20 | * 21 | * xen_late_init_mcelog must register xen_mce_chrdev_device before 22 | * native mce_chrdev_device registration if running under xen platform; 23 | * 24 | * mcheck_init_device should be inited before threshold_init_device to 25 | * initialize mce_device, otherwise a NULL ptr dereference will cause panic. 26 | * 27 | * so we use following _initcalls 28 | * 1. device_initcall(xen_late_init_mcelog); 29 | * 2. device_initcall_sync(mcheck_init_device); 30 | * 3. late_initcall(threshold_init_device); 31 | * 32 | * when running under xen, the initcall order is 1,2,3; 33 | * on baremetal, we skip 1 and we do only 2 and 3. 34 | */ 35 | 36 | Signed-off-by: Marek Marczykowski-Górecki 37 | --- 38 | arch/x86/kernel/cpu/mce/core.c | 9 +++++++++ 39 | 1 file changed, 9 insertions(+) 40 | 41 | diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c 42 | index 54165f3569e8..af6340b1e16f 100644 43 | --- a/arch/x86/kernel/cpu/mce/core.c 44 | +++ b/arch/x86/kernel/cpu/mce/core.c 45 | @@ -51,6 +51,10 @@ 46 | #include 47 | #include 48 | 49 | +#ifdef CONFIG_XEN_MCE_LOG 50 | +#include 51 | +#endif 52 | + 53 | #include "internal.h" 54 | 55 | /* sysfs synchronization */ 56 | @@ -2527,6 +2531,11 @@ static __init int mcheck_init_device(void) 57 | free_cpumask_var(mce_device_initialized); 58 | 59 | err_out: 60 | +#ifdef CONFIG_XEN_MCE_LOG 61 | + /* in case of Xen, the character device was already registered, so do not 62 | + * treat this as an error */ 63 | + if (!xen_initial_domain() || err != -EBUSY) 64 | +#endif 65 | pr_err("Unable to init MCE device (rc: %d)\n", err); 66 | 67 | return err; 68 | -- 69 | 2.25.4 70 | 71 | -------------------------------------------------------------------------------- /config-qubes-minimal: -------------------------------------------------------------------------------- 1 | ## Minimal config for a Qubes VM. Intended for easier testing (git bisect, etc.) 2 | ## 3 | ## Lines starting with ## are comments. 4 | ## 5 | ## Run 6 | ## 7 | ## .../linux-kernel/gen-config arch/x86/configs/x86_64_defconfig .../linux-kernel/config-qubes-minimal 8 | ## 9 | ## in a linux tree to generate a complete config file. 10 | 11 | ################################################################################ 12 | ## linux/kernel/configs/xen.config 13 | 14 | ## global stuff - these enable us to allow some 15 | ## of the not so generic stuff below for xen 16 | CONFIG_PARAVIRT=y 17 | CONFIG_NET=y 18 | CONFIG_NET_CORE=y 19 | CONFIG_NETDEVICES=y 20 | CONFIG_BLOCK=y 21 | CONFIG_WATCHDOG=y 22 | CONFIG_TARGET_CORE=y 23 | CONFIG_SCSI=y 24 | CONFIG_FB=y 25 | CONFIG_INPUT_MISC=y 26 | CONFIG_MEMORY_HOTPLUG=y 27 | CONFIG_TTY=y 28 | ## Technically not required but otherwise produces 29 | ## pretty useless systems starting from allnoconfig 30 | ## You want TCP/IP and ELF binaries right? 31 | CONFIG_INET=y 32 | CONFIG_BINFMT_ELF=y 33 | ## generic config 34 | CONFIG_XEN=y 35 | CONFIG_XEN_DOM0=y 36 | ## backend drivers 37 | CONFIG_XEN_BACKEND=y 38 | CONFIG_XEN_BLKDEV_BACKEND=m 39 | CONFIG_XEN_NETDEV_BACKEND=m 40 | CONFIG_HVC_XEN=y 41 | CONFIG_XEN_WDT=m 42 | CONFIG_XEN_SCSI_BACKEND=m 43 | ## frontend drivers 44 | CONFIG_XEN_FBDEV_FRONTEND=m 45 | CONFIG_HVC_XEN_FRONTEND=y 46 | CONFIG_INPUT_XEN_KBDDEV_FRONTEND=m 47 | ## others 48 | CONFIG_XEN_BALLOON=y 49 | CONFIG_XEN_SCRUB_PAGES=y 50 | CONFIG_XEN_DEV_EVTCHN=m 51 | CONFIG_XEN_BLKDEV_FRONTEND=m 52 | CONFIG_XEN_NETDEV_FRONTEND=m 53 | CONFIG_XENFS=m 54 | CONFIG_XEN_COMPAT_XENFS=y 55 | CONFIG_XEN_SYS_HYPERVISOR=y 56 | CONFIG_XEN_XENBUS_FRONTEND=y 57 | CONFIG_XEN_GNTDEV=m 58 | CONFIG_XEN_GRANT_DEV_ALLOC=m 59 | CONFIG_SWIOTLB_XEN=y 60 | CONFIG_XEN_PRIVCMD=m 61 | 62 | ################################################################################ 63 | ## linux/arch/x86/configs/xen.config 64 | 65 | ## global x86 required specific stuff 66 | CONFIG_64BIT=y 67 | 68 | ## These enable us to allow some of the 69 | ## not so generic stuff below 70 | CONFIG_HYPERVISOR_GUEST=y 71 | CONFIG_PCI=y 72 | CONFIG_PCI_MSI=y 73 | CONFIG_X86_MCE=y 74 | CONFIG_ACPI_PROCESSOR=y 75 | CONFIG_CPU_FREQ=y 76 | 77 | ## x86 xen specific config options 78 | CONFIG_XEN_PVH=y 79 | CONFIG_XEN_SAVE_RESTORE=y 80 | ## CONFIG_XEN_DEBUG_FS is not set 81 | CONFIG_XEN_MCE_LOG=y 82 | CONFIG_XEN_ACPI_PROCESSOR=m 83 | ## x86 specific backend drivers 84 | CONFIG_XEN_PCIDEV_BACKEND=m 85 | ## x86 specific frontend drivers 86 | CONFIG_XEN_PCIDEV_FRONTEND=m 87 | ## depends on MEMORY_HOTPLUG, arm64 doesn't enable this yet, 88 | ## move to generic config if it ever does. 89 | CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y 90 | 91 | 92 | ################################################################################ 93 | ## Some basic stuff required in an Qubes VM 94 | 95 | CONFIG_DM_SNAPSHOT=m 96 | -------------------------------------------------------------------------------- /0013-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch: -------------------------------------------------------------------------------- 1 | From 09e8c8c31b70ee92c712adf756418d27c73cafea Mon Sep 17 00:00:00 2001 2 | From: Konrad Rzeszutek Wilk 3 | Date: Wed, 1 Apr 2015 17:01:26 -0400 4 | Subject: [PATCH] xen/pcifront/pciback: Update pciif.h with ->err and ->result 5 | values. 6 | 7 | The '->err' should contain only the XEN_PCI_ERR_* type values. 8 | The '->result' may contain -EXX values or any other value 9 | that the XEN_PCI_OP_* deems appropiate. 10 | 11 | As such update the header and also the implementations. 12 | 13 | Signed-off-by: Konrad Rzeszutek Wilk 14 | 15 | Details in this thread: 16 | https://patchwork.kernel.org/patch/8258431/ 17 | --- 18 | drivers/pci/xen-pcifront.c | 2 +- 19 | drivers/xen/xen-pciback/pciback_ops.c | 2 +- 20 | include/xen/interface/io/pciif.h | 6 ++++-- 21 | 3 files changed, 6 insertions(+), 4 deletions(-) 22 | 23 | diff --git a/drivers/pci/xen-pcifront.c b/drivers/pci/xen-pcifront.c 24 | index d1b16cf3403f..4d6f2513b104 100644 25 | --- a/drivers/pci/xen-pcifront.c 26 | +++ b/drivers/pci/xen-pcifront.c 27 | @@ -297,7 +297,7 @@ static int pci_frontend_enable_msix(struct pci_dev *dev, 28 | } else { 29 | pci_err(dev, "enable msix get err %x\n", err); 30 | } 31 | - return err; 32 | + return err ? -EINVAL : 0; 33 | } 34 | 35 | static void pci_frontend_disable_msix(struct pci_dev *dev) 36 | diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c 37 | index 787966f44589..0574c9121124 100644 38 | --- a/drivers/xen/xen-pciback/pciback_ops.c 39 | +++ b/drivers/xen/xen-pciback/pciback_ops.c 40 | @@ -266,7 +266,7 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev, 41 | if (dev_data) 42 | dev_data->ack_intr = 0; 43 | 44 | - return result > 0 ? 0 : result; 45 | + return result >= 0 ? 0 : XEN_PCI_ERR_op_failed; 46 | } 47 | 48 | static 49 | diff --git a/include/xen/interface/io/pciif.h b/include/xen/interface/io/pciif.h 50 | index d9922ae36eb5..c8b674fd2455 100644 51 | --- a/include/xen/interface/io/pciif.h 52 | +++ b/include/xen/interface/io/pciif.h 53 | @@ -70,7 +70,7 @@ struct xen_pci_op { 54 | /* IN: what action to perform: XEN_PCI_OP_* */ 55 | uint32_t cmd; 56 | 57 | - /* OUT: will contain an error number (if any) from errno.h */ 58 | + /* OUT: will contain an XEN_PCI_ERR_* number. */ 59 | int32_t err; 60 | 61 | /* IN: which device to touch */ 62 | @@ -82,7 +82,9 @@ struct xen_pci_op { 63 | int32_t offset; 64 | int32_t size; 65 | 66 | - /* IN/OUT: Contains the result after a READ or the value to WRITE */ 67 | + /* IN/OUT: Contains the result after a READ or the value to WRITE. 68 | + * If the err does not have XEN_PCI_ERR_success, depending on 69 | + * XEN_PCI_OP_* might have the errno value. */ 70 | uint32_t value; 71 | /* IN: Contains extra infor for this operation */ 72 | uint32_t info; 73 | -- 74 | 2.25.4 75 | 76 | -------------------------------------------------------------------------------- /update-sources: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # vim: set ts=4 sw=4 sts=4 et : 3 | 4 | set -e 5 | set -o pipefail 6 | 7 | [ "$DEBUG" = "1" ] && set -x 8 | 9 | exit_clean() { 10 | local exit_code=$? 11 | if [ $exit_code -gt 0 ]; then 12 | git checkout -- version 13 | fi 14 | exit "${exit_code}" 15 | } 16 | 17 | distance_version() { 18 | read -ra VER1 <<<"$(echo "$1" | tr '.' ' ')" 19 | read -ra VER2 <<<"$(echo "$2" | tr '.' ' ')" 20 | 21 | [[ ${VER1[0]} -eq ${VER2[0]} ]] && [[ $((VER1[1] - VER2[1])) -le 1 ]] && [[ $((VER1[1] - VER2[1])) -ge 0 ]] 22 | } 23 | 24 | LOCALDIR="$(readlink -f "$(dirname "$0")")" 25 | BUILDERDIR="$LOCALDIR/../../" 26 | VERSION="$(cat version)" 27 | BRANCH="$1" 28 | FC_LATEST="${2//fc}" 29 | 30 | if [ -z "$BRANCH" ]; then 31 | # Check if qubes-builder Makefile is here 32 | # else rely on current checkout branch 33 | if [ -e "$BUILDERDIR/Makefile" ]; then 34 | BRANCH="$(make -C ../../ -s get-var GET_VAR=BRANCH_linux_kernel 2>/dev/null)" 35 | else 36 | BRANCH="$(git rev-parse --abbrev-ref HEAD)" 37 | fi 38 | fi 39 | 40 | if [ -z "$FC_LATEST" ]; then 41 | FC_LATEST="$(git ls-remote --heads https://src.fedoraproject.org/rpms/fedora-release | grep -Po "refs/heads/f[0-9][1-9]*" | sed 's#refs/heads/f##g' | sort -g | tail -1)" 42 | fi 43 | 44 | # Filter allowed branches 45 | if [[ ! "$BRANCH" =~ ^stable-[0-9]+\.[0-9]+$ ]] && [ "$BRANCH" != "main" ]; then 46 | echo "Cannot determine kernel branch to use." 47 | exit 1 48 | fi 49 | 50 | LATEST_KERNEL_VERSION="$(python3 "$LOCALDIR/kernel-updater.py" --check-update --version "$VERSION" --branch "$BRANCH")" 51 | 52 | if [ -z "$LATEST_KERNEL_VERSION" ]; then 53 | echo "Current kernel version in branch ${BRANCH} is up to date" 54 | exit 0 55 | fi 56 | 57 | # Download latest kernel 58 | trap 'exit_clean' 0 1 2 3 6 15 59 | 60 | echo "$LATEST_KERNEL_VERSION" > version 61 | make get-sources 62 | 63 | STABLE_KERNEL="$(dnf -q repoquery kernel --disablerepo=* --enablerepo=fedora --enablerepo=updates --releasever="$FC_LATEST" | sort -V | tail -1 | cut -d ':' -f2 | cut -d '-' -f1)" 64 | if [ "$BRANCH" == "main" ]; then 65 | TESTING_KERNEL="$(dnf -q repoquery kernel --disablerepo=* --enablerepo=fedora --enablerepo=updates --enablerepo=updates-testing --releasever="$FC_LATEST" | sort -V | tail -1 | cut -d ':' -f2 | cut -d '-' -f1)" 66 | RAWHIDE_KERNEL="$(dnf -q repoquery kernel --disablerepo=* --enablerepo=fedora --enablerepo=updates --releasever=rawhide | grep -v "rc[0-9]*" | sort -V | tail -1 | cut -d ':' -f2 | cut -d '-' -f1 || true)" 67 | fi 68 | 69 | if [ "$BRANCH" == "main" ] && { distance_version "$TESTING_KERNEL" "$LATEST_KERNEL_VERSION"; }; then 70 | "$LOCALDIR/get-fedora-latest-config" --releasever "$FC_LATEST" --include-testing 71 | mv config-base-"$TESTING_KERNEL" config-base 72 | elif [ "$BRANCH" == "main" ] && { distance_version "$RAWHIDE_KERNEL" "$LATEST_KERNEL_VERSION"; }; then 73 | "$LOCALDIR/get-fedora-latest-config" --releasever rawhide 74 | mv config-base-"$RAWHIDE_KERNEL" config-base 75 | elif distance_version "$STABLE_KERNEL" "$LATEST_KERNEL_VERSION"; then 76 | "$LOCALDIR/get-fedora-latest-config" --releasever "$FC_LATEST" 77 | mv config-base-"$STABLE_KERNEL" config-base 78 | else 79 | echo "Cannot determine latest config for kernel ${LATEST_KERNEL_VERSION}. Use the current existing config..." 80 | fi 81 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | NAME := kernel 2 | SPECFILE := kernel.spec 3 | 4 | WORKDIR := $(shell pwd) 5 | BRANCH ?= master 6 | DISTS ?= 7 | 8 | ifndef NAME 9 | $(error "You can not run this Makefile without having NAME defined") 10 | endif 11 | ifndef VERSION 12 | VERSION := $(file $@ 65 | 66 | .INTERMEDIATE: $(SRC_TARFILE)$(UNTRUSTED_SUFF) 67 | %.tar$(UNTRUSTED_SUFF): %.tar.xz$(UNTRUSTED_SUFF) 68 | if [ -f /usr/bin/qvm-run-vm ]; \ 69 | then qvm-run-vm --no-gui --dispvm 2>/dev/null xzcat <$< > $@; \ 70 | else xzcat <$< > $@; fi 71 | 72 | %.tar$(UNTRUSTED_SUFF): %.tar.gz$(UNTRUSTED_SUFF) 73 | if [ -f /usr/bin/qvm-run-vm ]; \ 74 | then qvm-run-vm --no-gui --dispvm 2>/dev/null zcat <$< > $@; \ 75 | else zcat <$< > $@; fi 76 | 77 | ifeq ($(VERIFICATION),signature) 78 | # signature based 79 | $(SRC_TARFILE): $(SRC_TARFILE)$(UNTRUSTED_SUFF) $(SIGN_FILE) linux-keyring.gpg 80 | gpgv --keyring ./$(word 3,$^) $(word 2,$^) $(word 1,$^) || \ 81 | { echo "Wrong signature on $@$(UNTRUSTED_SUFF)!"; exit 1; } 82 | mv $@$(UNTRUSTED_SUFF) $@ 83 | else 84 | # hash based 85 | $(SRC_TARFILE): $(SRC_TARFILE)$(UNTRUSTED_SUFF) $(HASH_FILE) 86 | # there are no signatures for rc tarballs 87 | # verify locally based on a signed git tag and commit hash file 88 | @sha256sum --status --strict -c <(printf "$(file <$(HASH_FILE)) -\n") <$< || \ 89 | { echo "Wrong hash of $@$(UNTRUSTED_SUFF)!"; exit 1; } 90 | @mv $< $@ 91 | endif 92 | 93 | $(SRC_FILE)$(UNTRUSTED_SUFF): 94 | @$(FETCH_CMD) $@ -- $(URL) 95 | 96 | .SECONDARY: $(SIGN_FILE) 97 | $(SIGN_FILE): 98 | @$(FETCH_CMD) $(SIGN_FILE) -- $(URL_SIGN) 99 | 100 | verify-sources: 101 | @true 102 | 103 | .PHONY: clean-sources 104 | clean-sources: 105 | ifneq ($(SRC_FILE), None) 106 | -rm $(SRC_FILE)$(UNTRUSTED_SUFF) $(SRC_TARFILE) $(SIGN_FILE) 107 | endif 108 | 109 | .PHONY: update-sources 110 | update-sources: 111 | @$(WORKDIR)/update-sources $(BRANCH) $(DIST) 112 | 113 | help: 114 | @echo "Usage: make " 115 | @echo 116 | @echo "get-sources Download kernel sources from kernel.org" 117 | @echo "verify-sources" 118 | @echo 119 | @echo "verrel" Echo version release" 120 | -------------------------------------------------------------------------------- /xen-pm-use-suspend.patch: -------------------------------------------------------------------------------- 1 | From 895c01cc7e63404250fd9763c4fb91620ad63a4c Mon Sep 17 00:00:00 2001 2 | From: Simon Gaiser 3 | Date: Tue, 30 Apr 2024 14:27:33 +0200 4 | Subject: [PATCH] Add experimental flag to use suspend instad of freeze for Xen 5 | VM suspend 6 | 7 | When suspending a VM the Xen driver currently uses the "freeze" methods 8 | for going to sleep. This doesn't put devices in low power state, at 9 | least for some drivers (for example USB). But for S0ix we need to put 10 | all (real) devices into their low power state. For this the "suspend" 11 | methods needs to be used. 12 | 13 | (See Documentation/driver-api/pm/devices.rst for description of those 14 | methods.) 15 | 16 | To be able to include this in a stable release put this behind an 17 | experimental flag such that by default the old behavior is unmodified. 18 | This flag is unstable and likely will go away. 19 | 20 | TODO: If this should be upstreamed it needs to be clarified when the old 21 | behavior in xenbus_frontend_dev_resume is needed (save/restore, I guess) 22 | and the new behavior adapted accordingly. 23 | --- 24 | drivers/xen/manage.c | 14 ++++++++++---- 25 | drivers/xen/xenbus/xenbus_probe_frontend.c | 5 +++++ 26 | 2 files changed, 15 insertions(+), 4 deletions(-) 27 | 28 | diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c 29 | index c16df629907e..1b723c68cc3c 100644 30 | --- a/drivers/xen/manage.c 31 | +++ b/drivers/xen/manage.c 32 | @@ -46,6 +46,9 @@ struct suspend_info { 33 | 34 | static RAW_NOTIFIER_HEAD(xen_resume_notifier); 35 | 36 | +bool __read_mostly xen_use_suspend; 37 | +core_param(qubes_exp_pm_use_suspend, xen_use_suspend, bool, 0); 38 | + 39 | void xen_resume_notifier_register(struct notifier_block *nb) 40 | { 41 | raw_notifier_chain_register(&xen_resume_notifier, nb); 42 | @@ -113,7 +116,10 @@ static void do_suspend(void) 43 | goto out_thaw; 44 | } 45 | 46 | - err = dpm_suspend_start(PMSG_FREEZE); 47 | + pr_info("Using %s for sleep/wakeup\n", 48 | + xen_use_suspend ? "suspend/resume" :"freeze/restore/thaw"); 49 | + 50 | + err = dpm_suspend_start(xen_use_suspend ? PMSG_SUSPEND : PMSG_FREEZE); 51 | if (err) { 52 | pr_err("%s: dpm_suspend_start %d\n", __func__, err); 53 | goto out_resume_end; 54 | @@ -122,7 +128,7 @@ static void do_suspend(void) 55 | printk(KERN_DEBUG "suspending xenstore...\n"); 56 | xs_suspend(); 57 | 58 | - err = dpm_suspend_end(PMSG_FREEZE); 59 | + err = dpm_suspend_end(xen_use_suspend ? PMSG_SUSPEND : PMSG_FREEZE); 60 | if (err) { 61 | pr_err("dpm_suspend_end failed: %d\n", err); 62 | si.cancelled = 0; 63 | @@ -143,7 +149,7 @@ static void do_suspend(void) 64 | 65 | xen_arch_resume(); 66 | 67 | - dpm_resume_start(si.cancelled ? PMSG_THAW : PMSG_RESTORE); 68 | + dpm_resume_start(xen_use_suspend ? PMSG_RESUME : (si.cancelled ? PMSG_THAW : PMSG_RESTORE)); 69 | 70 | if (err) { 71 | pr_err("failed to start xen_suspend: %d\n", err); 72 | @@ -156,7 +162,7 @@ static void do_suspend(void) 73 | xs_suspend_cancel(); 74 | 75 | out_resume_end: 76 | - dpm_resume_end(si.cancelled ? PMSG_THAW : PMSG_RESTORE); 77 | + dpm_resume_end(xen_use_suspend ? PMSG_RESUME : (si.cancelled ? PMSG_THAW : PMSG_RESTORE)); 78 | 79 | out_thaw: 80 | thaw_processes(); 81 | diff --git a/drivers/xen/xenbus/xenbus_probe_frontend.c b/drivers/xen/xenbus/xenbus_probe_frontend.c 82 | index fcb335bb7b18..5caa5b2369fb 100644 83 | --- a/drivers/xen/xenbus/xenbus_probe_frontend.c 84 | +++ b/drivers/xen/xenbus/xenbus_probe_frontend.c 85 | @@ -98,8 +98,13 @@ static void xenbus_frontend_delayed_resume(struct work_struct *w) 86 | xenbus_dev_resume(&xdev->dev); 87 | } 88 | 89 | +extern bool __read_mostly xen_use_suspend; 90 | + 91 | static int xenbus_frontend_dev_resume(struct device *dev) 92 | { 93 | + if (xen_use_suspend) 94 | + return xenbus_dev_cancel(dev); 95 | + 96 | /* 97 | * If xenstored is running in this domain, we cannot access the backend 98 | * state at the moment, so we need to defer xenbus_dev_resume 99 | -- 100 | 2.43.0 101 | 102 | -------------------------------------------------------------------------------- /0001-PCI-add-a-reset-quirk-for-Intel-I219LM-ethernet-adap.patch: -------------------------------------------------------------------------------- 1 | From 4859917799b85e3eeb6582f784e13ea244245849 Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= 3 | 4 | Date: Mon, 15 Jul 2024 16:55:56 +0200 5 | Subject: [PATCH] PCI: add a reset quirk for Intel I219LM ethernet adapter 6 | MIME-Version: 1.0 7 | Content-Type: text/plain; charset=UTF-8 8 | Content-Transfer-Encoding: 8bit 9 | 10 | The device does support FLR, has the relevant registers in the config 11 | space, but fails to link them to the pci caps list. Fix it by linking 12 | them manually, so the standard pci_af_flr() will find it. The fixup 13 | needs to be repeated after reset. 14 | 15 | The fixup will be visible via sysfs, which is intended side effect so 16 | that libvirt can see FLR as supported too. 17 | 18 | Signed-off-by: Marek Marczykowski-Górecki 19 | --- 20 | drivers/pci/pci.c | 2 +- 21 | drivers/pci/pci.h | 1 + 22 | drivers/pci/quirks.c | 70 ++++++++++++++++++++++++++++++++++++++++++++ 23 | 3 files changed, 72 insertions(+), 1 deletion(-) 24 | 25 | diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c 26 | index e9448d55113bd..4492049395fce 100644 27 | --- a/drivers/pci/pci.c 28 | +++ b/drivers/pci/pci.c 29 | @@ -4559,7 +4559,7 @@ int pcie_reset_flr(struct pci_dev *dev, bool probe) 30 | } 31 | EXPORT_SYMBOL_GPL(pcie_reset_flr); 32 | 33 | -static int pci_af_flr(struct pci_dev *dev, bool probe) 34 | +int pci_af_flr(struct pci_dev *dev, bool probe) 35 | { 36 | int pos; 37 | u8 cap; 38 | diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h 39 | index 12215ee72afb6..8e83b7905cb37 100644 40 | --- a/drivers/pci/pci.h 41 | +++ b/drivers/pci/pci.h 42 | @@ -850,6 +850,7 @@ void pcie_reset_lbms(struct pci_dev *port); 43 | #else 44 | static inline void pcie_reset_lbms(struct pci_dev *port) {} 45 | #endif 46 | +int pci_af_flr(struct pci_dev *dev, bool probe); 47 | 48 | struct pci_dev_reset_methods { 49 | u16 vendor; 50 | diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c 51 | index d7f4ee634263c..a8ddc34902ab0 100644 52 | --- a/drivers/pci/quirks.c 53 | +++ b/drivers/pci/quirks.c 54 | @@ -4205,6 +4205,74 @@ static int reset_hinic_vf_dev(struct pci_dev *pdev, bool probe) 55 | return 0; 56 | } 57 | 58 | +#define PCI_DEVICE_ID_INTEL_I219LM 0x550A 59 | +#define I219_PCI_MSI_POS 0xd0 60 | +#define I219_PCI_AF_POS 0xe0 61 | + 62 | +/* FLR fixup for Intel I219LM Ethernet controller. 63 | + * The device does support FLR, has the relevant registers in the config space, 64 | + * but fails to link them to the pci caps list. Fix it by linking them 65 | + * manually, so the standard pci_af_flr() will find it. The fixup needs to be 66 | + * repeated after reset, so do that in probe stage. 67 | + * The fixup will be visible via sysfs, which is intended side effect so that 68 | + * libvirt can see FLR as supported too. 69 | + */ 70 | +static void fixup_intel_i219lm_flr(struct pci_dev *dev) 71 | +{ 72 | + int pos; 73 | + u8 cap; 74 | + 75 | + pos = pci_find_capability(dev, PCI_CAP_ID_AF); 76 | + if (pos) 77 | + return; 78 | + 79 | + /* 80 | + * If not found, check if we can find it - the last listed cap should 81 | + * be MSI at 0xd0 (I219_PCI_MSI_POS), and AF should be at 0xe0 82 | + * (I219_PCI_AF_POS). 83 | + */ 84 | + 85 | + pos = pci_find_capability(dev, PCI_CAP_ID_MSI); 86 | + if (pos != I219_PCI_MSI_POS) 87 | + return; 88 | + 89 | + pci_read_config_byte(dev, pos + PCI_CAP_LIST_NEXT, &cap); 90 | + /* 91 | + * Linked to something else already? Already linked to PCI_AF was 92 | + * handled earlier. 93 | + */ 94 | + if (cap) 95 | + return; 96 | + /* Check if PCI_AF indeed is at I219_PCI_AF_POS. */ 97 | + pci_read_config_byte(dev, I219_PCI_AF_POS, &cap); 98 | + if (cap != PCI_CAP_ID_AF) 99 | + return; 100 | + 101 | + /* All sanity checks done, link the cap */ 102 | + pci_write_config_byte(dev, pos + PCI_CAP_LIST_NEXT, I219_PCI_AF_POS); 103 | +} 104 | +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_I219LM, 105 | + fixup_intel_i219lm_flr); 106 | + 107 | +static int reset_i219lm_dev(struct pci_dev *dev, bool probe) 108 | +{ 109 | + int ret; 110 | + 111 | + /* Ensure AF FLR is visible before using it */ 112 | + if (!probe) 113 | + fixup_intel_i219lm_flr(dev); 114 | + 115 | + /* Call normal FLR, but re-apply fixup_intel_i219lm_flr() afterwards. */ 116 | + ret = pci_af_flr(dev, probe); 117 | + if (ret) 118 | + return ret; 119 | + 120 | + if (!probe) 121 | + fixup_intel_i219lm_flr(dev); 122 | + 123 | + return 0; 124 | +} 125 | + 126 | static const struct pci_dev_reset_methods pci_dev_reset_methods[] = { 127 | { PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82599_SFP_VF, 128 | reset_intel_82599_sfp_virtfn }, 129 | @@ -4220,6 +4288,8 @@ static const struct pci_dev_reset_methods pci_dev_reset_methods[] = { 130 | reset_chelsio_generic_dev }, 131 | { PCI_VENDOR_ID_HUAWEI, PCI_DEVICE_ID_HINIC_VF, 132 | reset_hinic_vf_dev }, 133 | + { PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_I219LM, 134 | + reset_i219lm_dev }, 135 | { 0 } 136 | }; 137 | 138 | -- 139 | 2.49.0 140 | 141 | -------------------------------------------------------------------------------- /get-fedora-latest-config: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # vim: set ts=4 sw=4 sts=4 et : 3 | 4 | set -e 5 | if [ "${VERBOSE:-0}" -ge 2 ] || [ "${DEBUG:-0}" -eq 1 ]; then 6 | debug=1 7 | set -x 8 | fi 9 | 10 | exit_clean() { 11 | local exit_code=$? 12 | if [ -n "$tmpdir" ]; then 13 | rm -rf "$tmpdir" 14 | fi 15 | if [ ${exit_code} != 0 ]; then 16 | errecho "Unable to find the latest kernel rpm for Fedora $releasever"; 17 | fi 18 | exit "${exit_code}" 19 | } 20 | 21 | errecho() { 22 | >&2 echo "$@" 23 | } 24 | 25 | usage() { 26 | errecho "Usage: $0 [OPTIONS]... [] 27 | 28 | This script is used for fetching latest Fedora kernel config for the current 29 | kernel version used by Qubes. 30 | 31 | Options: 32 | --releasever Fedora release version to use. Default is latest. 33 | --include-testing Include testing updates repository 34 | --include-rc Include release candidate kernels 35 | 36 | Remark: 37 | Ensure to have downloaded kernel sources in local directory (make get-sources). 38 | " 39 | exit 1 40 | } 41 | 42 | get_releasever() { 43 | releasever="$1" 44 | # example of releasever: '29' or 'rawhide' 45 | if [ -n "$releasever" ]; then 46 | if [[ ! "$releasever" =~ ^[1-9][0-9]$ ]] && [ "$releasever" != "rawhide" ]; then 47 | errecho "Invalid release format" 48 | exit 1 49 | fi 50 | elif [ -z "$releasever" ]; then 51 | releasever="$(git ls-remote --heads https://src.fedoraproject.org/rpms/fedora-release | grep -Po "refs/heads/f[0-9][1-9]*" | sed 's#refs/heads/f##g' | sort -g | tail -1)" 52 | if ! [[ "$releasever" =~ ^[1-9][0-9]$ ]]; then 53 | errecho "An error occurred while trying to determine latest Fedora version" 54 | exit 1 55 | fi 56 | fi 57 | echo "$releasever" 58 | } 59 | 60 | localdir="$(dirname "$(readlink -f "$0")")" 61 | kernelver="$(cat "$localdir/version")" 62 | kernelsrc="linux-$kernelver" 63 | kernelarchive="$kernelsrc.tar" 64 | 65 | if ! OPTS=$(getopt -o hv:t:r: --long help,releasever:,include-testing,include-rc -n "$0" -- "$@"); then 66 | errecho "An error occurred while parsing options." 67 | exit 1 68 | fi 69 | 70 | eval set -- "$OPTS" 71 | 72 | while [[ $# -gt 0 ]]; do 73 | case "$1" in 74 | -a | --releasever ) releasever="$2"; shift ;; 75 | -m | --include-testing ) ktesting="1";; 76 | -i | --include-rc ) krc="1";; 77 | -h | --help) usage ;; 78 | esac 79 | shift 80 | done 81 | 82 | if [ ! -e "$localdir/$kernelarchive" ]; then 83 | errecho "Cannot find $kernelarchive in local directory." 84 | exit 1 85 | fi 86 | 87 | trap 'exit_clean' 0 1 2 3 6 15 88 | 89 | releasever=$(get_releasever "$releasever") 90 | 91 | # get the latest kernel rpm 92 | repo_opts="--disablerepo=* --enablerepo=fedora --enablerepo=updates --releasever=$releasever" 93 | 94 | # include testing 95 | if [ "$ktesting" == "1" ]; then 96 | repo_opts="$repo_opts --enablerepo=updates-testing" 97 | fi 98 | 99 | # shellcheck disable=SC2086 100 | latestver=$(dnf -q repoquery kernel-core $repo_opts) 101 | 102 | # include rc 103 | if [ "$krc" != "1" ]; then 104 | latestver=$(echo "$latestver" | grep -v "rc[0-9]*") 105 | fi 106 | 107 | latestver=$(echo "$latestver" | sort -V | tail -1 | cut -d ':' -f2) 108 | latestrpm="kernel-core-$latestver.rpm" 109 | 110 | if [ "$releasever" == 'rawhide' ]; then 111 | releasever="$(echo "$latestver" | grep -o "fc[1-9][0-9]" | sed 's/fc//')" 112 | fi 113 | 114 | if [ -n "$latestrpm" ] && [ -n "$releasever" ]; then 115 | key="$localdir/../builder-rpm/keys/RPM-GPG-KEY-fedora-$releasever-primary" 116 | tmpdir="$(mktemp -d -p "$localdir")" 117 | # download latest kernel rpm 118 | # shellcheck disable=SC2086 119 | dnf -q download kernel-core $repo_opts 120 | mv "$latestrpm" "$tmpdir/$latestrpm.untrusted" 121 | 122 | # check signature 123 | mkdir -p "$tmpdir/rpmdb" 124 | rpmkeys --dbpath="$tmpdir/rpmdb" --import "$key" 125 | { rpmkeys --dbpath="$tmpdir/rpmdb" --checksig "$tmpdir/$latestrpm.untrusted" | grep -q 'signatures OK' ; } || { errecho "Failed to check signature"; exit 1; } 126 | mv "$tmpdir/$latestrpm.untrusted" "$tmpdir/$latestrpm" 127 | 128 | # extract kernel sources in qubes-linux-kernel 129 | tar xf "$localdir/$kernelarchive" -C "$tmpdir" 130 | 131 | # get latest config and put it in extracted sources 132 | rpm2cpio "$tmpdir/$latestrpm" | cpio --quiet -i --to-stdout "./lib/modules/$latestver/config" > "$tmpdir/$kernelsrc/.config" 133 | 134 | # generate new config with: yes '' | make oldconfig 135 | cd "$tmpdir/$kernelsrc/" 136 | ## drop config settings which depend on Fedora patches and adjust for the small version difference 137 | if [ "$debug" == "1" ]; then 138 | yes '' | make oldconfig 139 | else 140 | yes '' | make oldconfig > /dev/null 2>&1 141 | fi 142 | ## remove comments in header 143 | sed -i '1,4d' "$tmpdir/$kernelsrc/.config" 144 | 145 | # create final config 146 | cat - "$tmpdir/$kernelsrc/.config" > "$localdir/config-base-$(echo "$latestver" | cut -d '-' -f1)" << EOF 147 | # Base config based on Fedora's config ($latestrpm) 148 | # Only modification is \`yes '' | make oldconfig\` to drop config settings which 149 | # depend on Fedora patches and adjust for the small version difference. 150 | EOF 151 | else 152 | exit 1 153 | fi 154 | -------------------------------------------------------------------------------- /0001-xen-xenbus-better-handle-backend-crash.patch: -------------------------------------------------------------------------------- 1 | From c2b6a8e0c215ad574f49001994ab1ef661df57e1 Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= 3 | 4 | Date: Thu, 9 Oct 2025 14:51:04 +0200 5 | Subject: [PATCH] xen/xenbus: better handle backend crash 6 | MIME-Version: 1.0 7 | Content-Type: text/plain; charset=UTF-8 8 | Content-Transfer-Encoding: 8bit 9 | 10 | When the backend domain crashes, coordinated device cleanup is not 11 | possible (as it involves waiting for the backend state change). In that 12 | case, toolstack forcefully removes frontend xenstore entries. 13 | xenbus_dev_changed() handles this case, and triggers device cleanup. 14 | It's possible that toolstack manages to connect new device in that 15 | place, before xenbus_dev_changed() notices the old one is missing. If 16 | that happens, new one won't be probed and will forever remain in 17 | XenbusStateInitialising. 18 | 19 | Fix this by checking backend-id and if it changes, consider it 20 | unplug+plug operation. It's important that cleanup on such unplug 21 | doesn't modify xenstore entries (especially the "state" key) as it 22 | belong to the new device to be probed - changing it would derail 23 | establishing connection to the new backend (most likely, closing the 24 | device before it was even connected). Handle this case by setting new 25 | xenbus_device->vanished flag to true, and check it before changing state 26 | entry. 27 | 28 | And even if xenbus_dev_changed() correctly detects the device was 29 | forcefully removed, the cleanup handling is still racy. Since this whole 30 | handling doesn't happend in a single xenstore transaction, it's possible 31 | that toolstack might put a new device there already. Avoid re-creating 32 | the state key (which in the case of loosing the race would actually 33 | close newly attached device). 34 | 35 | The problem does not apply to frontend domain crash, as this case 36 | involves coordinated cleanup. 37 | 38 | Problem originally reported at 39 | https://lore.kernel.org/xen-devel/aOZvivyZ9YhVWDLN@mail-itl/T/#t, 40 | including reproduction steps. 41 | 42 | Signed-off-by: Marek Marczykowski-Górecki 43 | --- 44 | I considered re-using one of existing fields instead of a new 45 | xenbus_device->vanished, but I wasn't sure if that would work better. 46 | Setting xenbus_device->nodename to NULL would prevent few other places 47 | using it (including some log messages). Setting xenbus_device->otherend 48 | might have less unintentional impact, but logically it doesn't feel 49 | correct. 50 | --- 51 | drivers/xen/xenbus/xenbus_client.c | 2 ++ 52 | drivers/xen/xenbus/xenbus_probe.c | 25 +++++++++++++++++++++++++ 53 | include/xen/xenbus.h | 1 + 54 | 3 files changed, 28 insertions(+) 55 | 56 | diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c 57 | index e73ec225d4a61..ce2f49d9aa4ad 100644 58 | --- a/drivers/xen/xenbus/xenbus_client.c 59 | +++ b/drivers/xen/xenbus/xenbus_client.c 60 | @@ -275,6 +275,8 @@ __xenbus_switch_state(struct xenbus_device *dev, 61 | */ 62 | int xenbus_switch_state(struct xenbus_device *dev, enum xenbus_state state) 63 | { 64 | + if (dev->vanished) 65 | + return 0; 66 | return __xenbus_switch_state(dev, state, 0); 67 | } 68 | 69 | diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c 70 | index 86fe6e7790566..3c3e56b544976 100644 71 | --- a/drivers/xen/xenbus/xenbus_probe.c 72 | +++ b/drivers/xen/xenbus/xenbus_probe.c 73 | @@ -444,6 +444,9 @@ static void xenbus_cleanup_devices(const char *path, struct bus_type *bus) 74 | info.dev = NULL; 75 | bus_for_each_dev(bus, NULL, &info, cleanup_dev); 76 | if (info.dev) { 77 | + dev_warn(&info.dev->dev, 78 | + "device forcefully removed from xenstore\n"); 79 | + info.dev->vanished = true; 80 | device_unregister(&info.dev->dev); 81 | put_device(&info.dev->dev); 82 | } 83 | @@ -659,6 +662,28 @@ void xenbus_dev_changed(const char *node, struct xen_bus_type *bus) 84 | return; 85 | 86 | dev = xenbus_device_find(root, &bus->bus); 87 | + /* Backend domain crash results in not coordinated frontend removal, 88 | + * without going through XenbusStateClosing. Check if the device 89 | + * wasn't replaced to point at another backend in the meantime. 90 | + */ 91 | + if (dev && !strncmp(node, "device/", sizeof("device/")-1)) { 92 | + int backend_id; 93 | + int err = xenbus_gather(XBT_NIL, root, 94 | + "backend-id", "%i", &backend_id, 95 | + NULL); 96 | + if (!err && backend_id != dev->otherend_id) { 97 | + /* It isn't the same device, assume the old one 98 | + * vanished and new one needs to be probed. 99 | + */ 100 | + dev_warn(&dev->dev, 101 | + "backend-id mismatch (%d != %d), reconnecting\n", 102 | + backend_id, dev->otherend_id); 103 | + dev->vanished = true; 104 | + device_unregister(&dev->dev); 105 | + put_device(&dev->dev); 106 | + dev = NULL; 107 | + } 108 | + } 109 | if (!dev) 110 | xenbus_probe_node(bus, type, root); 111 | else 112 | diff --git a/include/xen/xenbus.h b/include/xen/xenbus.h 113 | index 7dab04cf4a36c..43a5335f1d5a3 100644 114 | --- a/include/xen/xenbus.h 115 | +++ b/include/xen/xenbus.h 116 | @@ -87,6 +87,7 @@ struct xenbus_device { 117 | struct completion down; 118 | struct work_struct work; 119 | struct semaphore reclaim_sem; 120 | + bool vanished; 121 | 122 | /* Event channel based statistics and settings. */ 123 | atomic_t event_channels; 124 | -- 125 | 2.51.0 126 | 127 | -------------------------------------------------------------------------------- /0001-Revert-e1000e-change-k1-configuration-on-MTP-and-lat.patch: -------------------------------------------------------------------------------- 1 | From 30084b7905d762f550b14cc4ef88530dd5965083 Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= 3 | 4 | Date: Thu, 24 Apr 2025 15:45:34 +0200 5 | Subject: [PATCH] Revert "e1000e: change k1 configuration on MTP and later 6 | platforms" 7 | 8 | This change results in a heavy packet loss on some MTL laptops, 9 | including NovaCustom V540TU. 10 | This reverts commit 85f6414167da39e0da30bf370f1ecda5a58c6f7b. 11 | https://github.com/QubesOS/qubes-issues/issues/9896 12 | --- 13 | drivers/net/ethernet/intel/e1000e/defines.h | 3 - 14 | drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 ++------------------- 15 | drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 -- 16 | 3 files changed, 5 insertions(+), 82 deletions(-) 17 | 18 | diff --git a/drivers/net/ethernet/intel/e1000e/defines.h b/drivers/net/ethernet/intel/e1000e/defines.h 19 | index 8294a7c4f122..5e2cfa73f889 100644 20 | --- a/drivers/net/ethernet/intel/e1000e/defines.h 21 | +++ b/drivers/net/ethernet/intel/e1000e/defines.h 22 | @@ -803,7 +803,4 @@ 23 | /* SerDes Control */ 24 | #define E1000_GEN_POLL_TIMEOUT 640 25 | 26 | -#define E1000_FEXTNVM12_PHYPD_CTRL_MASK 0x00C00000 27 | -#define E1000_FEXTNVM12_PHYPD_CTRL_P1 0x00800000 28 | - 29 | #endif /* _E1000_DEFINES_H_ */ 30 | diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c 31 | index 364378133526..2f9655cf5dd9 100644 32 | --- a/drivers/net/ethernet/intel/e1000e/ich8lan.c 33 | +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c 34 | @@ -285,45 +285,6 @@ static void e1000_toggle_lanphypc_pch_lpt(struct e1000_hw *hw) 35 | } 36 | } 37 | 38 | -/** 39 | - * e1000_reconfigure_k1_exit_timeout - reconfigure K1 exit timeout to 40 | - * align to MTP and later platform requirements. 41 | - * @hw: pointer to the HW structure 42 | - * 43 | - * Context: PHY semaphore must be held by caller. 44 | - * Return: 0 on success, negative on failure 45 | - */ 46 | -static s32 e1000_reconfigure_k1_exit_timeout(struct e1000_hw *hw) 47 | -{ 48 | - u16 phy_timeout; 49 | - u32 fextnvm12; 50 | - s32 ret_val; 51 | - 52 | - if (hw->mac.type < e1000_pch_mtp) 53 | - return 0; 54 | - 55 | - /* Change Kumeran K1 power down state from P0s to P1 */ 56 | - fextnvm12 = er32(FEXTNVM12); 57 | - fextnvm12 &= ~E1000_FEXTNVM12_PHYPD_CTRL_MASK; 58 | - fextnvm12 |= E1000_FEXTNVM12_PHYPD_CTRL_P1; 59 | - ew32(FEXTNVM12, fextnvm12); 60 | - 61 | - /* Wait for the interface the settle */ 62 | - usleep_range(1000, 1100); 63 | - 64 | - /* Change K1 exit timeout */ 65 | - ret_val = e1e_rphy_locked(hw, I217_PHY_TIMEOUTS_REG, 66 | - &phy_timeout); 67 | - if (ret_val) 68 | - return ret_val; 69 | - 70 | - phy_timeout &= ~I217_PHY_TIMEOUTS_K1_EXIT_TO_MASK; 71 | - phy_timeout |= 0xF00; 72 | - 73 | - return e1e_wphy_locked(hw, I217_PHY_TIMEOUTS_REG, 74 | - phy_timeout); 75 | -} 76 | - 77 | /** 78 | * e1000_init_phy_workarounds_pchlan - PHY initialization workarounds 79 | * @hw: pointer to the HW structure 80 | @@ -366,22 +327,15 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) 81 | * LANPHYPC Value bit to force the interconnect to PCIe mode. 82 | */ 83 | switch (hw->mac.type) { 84 | - case e1000_pch_mtp: 85 | - case e1000_pch_lnp: 86 | - case e1000_pch_ptp: 87 | - case e1000_pch_nvp: 88 | - /* At this point the PHY might be inaccessible so don't 89 | - * propagate the failure 90 | - */ 91 | - if (e1000_reconfigure_k1_exit_timeout(hw)) 92 | - e_dbg("Failed to reconfigure K1 exit timeout\n"); 93 | - 94 | - fallthrough; 95 | case e1000_pch_lpt: 96 | case e1000_pch_spt: 97 | case e1000_pch_cnp: 98 | case e1000_pch_tgp: 99 | case e1000_pch_adp: 100 | + case e1000_pch_mtp: 101 | + case e1000_pch_lnp: 102 | + case e1000_pch_ptp: 103 | + case e1000_pch_nvp: 104 | if (e1000_phy_is_accessible_pchlan(hw)) 105 | break; 106 | 107 | @@ -465,20 +419,8 @@ static s32 e1000_init_phy_workarounds_pchlan(struct e1000_hw *hw) 108 | * the PHY is in. 109 | */ 110 | ret_val = hw->phy.ops.check_reset_block(hw); 111 | - if (ret_val) { 112 | + if (ret_val) 113 | e_err("ME blocked access to PHY after reset\n"); 114 | - goto out; 115 | - } 116 | - 117 | - if (hw->mac.type >= e1000_pch_mtp) { 118 | - ret_val = hw->phy.ops.acquire(hw); 119 | - if (ret_val) { 120 | - e_err("Failed to reconfigure K1 exit timeout\n"); 121 | - goto out; 122 | - } 123 | - ret_val = e1000_reconfigure_k1_exit_timeout(hw); 124 | - hw->phy.ops.release(hw); 125 | - } 126 | } 127 | 128 | out: 129 | @@ -4946,18 +4888,6 @@ static s32 e1000_init_hw_ich8lan(struct e1000_hw *hw) 130 | u16 i; 131 | 132 | e1000_initialize_hw_bits_ich8lan(hw); 133 | - if (hw->mac.type >= e1000_pch_mtp) { 134 | - ret_val = hw->phy.ops.acquire(hw); 135 | - if (ret_val) 136 | - return ret_val; 137 | - 138 | - ret_val = e1000_reconfigure_k1_exit_timeout(hw); 139 | - hw->phy.ops.release(hw); 140 | - if (ret_val) { 141 | - e_dbg("Error failed to reconfigure K1 exit timeout\n"); 142 | - return ret_val; 143 | - } 144 | - } 145 | 146 | /* Initialize identification LED */ 147 | ret_val = mac->ops.id_led_init(hw); 148 | diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.h b/drivers/net/ethernet/intel/e1000e/ich8lan.h 149 | index 5feb589a9b5f..2504b11c3169 100644 150 | --- a/drivers/net/ethernet/intel/e1000e/ich8lan.h 151 | +++ b/drivers/net/ethernet/intel/e1000e/ich8lan.h 152 | @@ -219,10 +219,6 @@ 153 | #define I217_PLL_CLOCK_GATE_REG PHY_REG(772, 28) 154 | #define I217_PLL_CLOCK_GATE_MASK 0x07FF 155 | 156 | -/* PHY Timeouts */ 157 | -#define I217_PHY_TIMEOUTS_REG PHY_REG(770, 21) 158 | -#define I217_PHY_TIMEOUTS_K1_EXIT_TO_MASK 0x0FC0 159 | - 160 | #define SW_FLAG_TIMEOUT 1000 /* SW Semaphore flag timeout in ms */ 161 | 162 | /* Inband Control */ 163 | -- 164 | 2.49.0 165 | 166 | -------------------------------------------------------------------------------- /config-qubes: -------------------------------------------------------------------------------- 1 | ## Qubes specific config settings. 2 | ## 3 | ## Lines starting with ## are comments. 4 | 5 | 6 | ################################################################################ 7 | ## Enable expert options 8 | 9 | CONFIG_EXPERT=y 10 | 11 | 12 | ################################################################################ 13 | ## Use xz to save space on /boot 14 | 15 | # CONFIG_KERNEL_GZIP is not set 16 | # CONFIG_KERNEL_ZSTD is not set 17 | CONFIG_KERNEL_XZ=y 18 | 19 | 20 | ################################################################################ 21 | ## Enable /proc/config.gz to help debugging etc. 22 | 23 | CONFIG_IKCONFIG=y 24 | CONFIG_IKCONFIG_PROC=y 25 | 26 | 27 | ################################################################################ 28 | ## Enable some more hardening options 29 | 30 | CONFIG_GCC_PLUGINS=y 31 | CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y 32 | CONFIG_GCC_PLUGIN_STRUCTLEAK=y 33 | CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y 34 | ## XXX: What's about RANDSTRUCT? 35 | 36 | ## Those depend on CONFIG_EXPERT 37 | CONFIG_ARCH_MMAP_RND_BITS=32 38 | CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16 39 | 40 | # CONFIG_KEXEC is not set 41 | # CONFIG_CRASH_DUMP is not set 42 | 43 | CONFIG_LEGACY_VSYSCALL_NONE=y 44 | 45 | CONFIG_SECURITY_DMESG_RESTRICT=y 46 | 47 | CONFIG_INTEL_IOMMU_DEFAULT_ON=y 48 | 49 | # CONFIG_PROC_KCORE is not set 50 | 51 | CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y 52 | CONFIG_INIT_ON_FREE_DEFAULT_ON=y 53 | 54 | CONFIG_PANIC_ON_OOPS=y 55 | CONFIG_PANIC_ON_OOPS_VALUE=1 56 | CONFIG_PANIC_TIMEOUT=-1 57 | 58 | CONFIG_SCHED_STACK_END_CHECK=y 59 | 60 | CONFIG_IO_STRICT_DEVMEM=y 61 | 62 | CONFIG_SECURITY_YAMA=y 63 | 64 | # CONFIG_HIBERNATION is not set 65 | 66 | CONFIG_STACKPROTECTOR=y 67 | CONFIG_STACKPROTECTOR_STRONG=y 68 | 69 | 70 | ################################################################################ 71 | ## Disable PCI hotplug to prevent DMA attacks via ExpressCard or Thunderbolt 72 | ## ports. QubesOS/qubes-issues#1673 73 | 74 | # CONFIG_HOTPLUG_PCI is not set 75 | 76 | 77 | ################################################################################ 78 | ## Deactivate selinux by default 79 | 80 | # CONFIG_DEFAULT_SECURITY_SELINUX is not set 81 | CONFIG_DEFAULT_SECURITY_DAC=y 82 | CONFIG_LSM="yama,loadpin,safesetid,integrity" 83 | 84 | 85 | ################################################################################ 86 | ## Enable paravirt spinlocks. This should be more performant. 87 | 88 | CONFIG_PARAVIRT_SPINLOCKS=y 89 | 90 | 91 | ################################################################################ 92 | ## Disable DEBUG_WX. Xen PV guests currently have some WX pages, so suppress 93 | ## the useless Warning. 94 | 95 | # CONFIG_DEBUG_WX is not set 96 | 97 | 98 | ################################################################################ 99 | ## Set USB drivers to module to allow attaching PCI devices to pciback before 100 | ## those get loaded. 101 | 102 | CONFIG_USB_UHCI_HCD=m 103 | CONFIG_USB_OHCI_HCD=m 104 | CONFIG_USB_EHCI_HCD=m 105 | CONFIG_USB_XHCI_HCD=m 106 | 107 | 108 | ################################################################################ 109 | ## USB gadget driver support for testing qvm-usb 110 | 111 | CONFIG_USB_GADGET=m 112 | CONFIG_USB_CONFIGFS=m 113 | CONFIG_USB_CONFIGFS_MASS_STORAGE=y 114 | CONFIG_USB_DUMMY_HCD=m 115 | 116 | 117 | ################################################################################ 118 | ## Enable AppArmor 119 | ## It's optionally used by Whonix (https://www.whonix.org/wiki/AppArmor). 120 | 121 | CONFIG_SECURITY_APPARMOR=y 122 | 123 | ################################################################################ 124 | ## Enable memory hotplug of Xen balloon driver. This is useful to map a lot of 125 | ## grant tables, without using otherwise usable physical address space 126 | 127 | CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y 128 | CONFIG_XEN_UNPOPULATED_ALLOC=y 129 | 130 | ################################################################################ 131 | ## Allow grant tables to be turned into dma-bufs and back. Needed by GUI daemon. 132 | CONFIG_XEN_GRANT_DMA_ALLOC=y 133 | CONFIG_XEN_GNTDEV_DMABUF=y 134 | 135 | ################################################################################ 136 | ## Help crash debugging by saving crash messages to EFI variables 137 | 138 | CONFIG_EFI_VARS_PSTORE=y 139 | 140 | 141 | ################################################################################ 142 | ## Support Linux installs where /sbin/ and /usr/sbin/ have not been merged 143 | 144 | CONFIG_MODPROBE_PATH="/sbin/modprobe" 145 | 146 | 147 | ################################################################################ 148 | ## workaround for running (unsupported) pv vms on qubes 4.1 149 | ## also need to blacklist the module in the vm/template! 150 | CONFIG_INTEL_PMC_CORE=m 151 | 152 | ## Technically, CONFIG_XEN_VIRTIO_FORCE_GRANT=y is a good idea, but we don't 153 | ## use virtio devices under Xen yet. On the other hand, this interfere with 154 | ## running Xen nested within KVM. CONFIG_XEN_VIRTIO under PV (dom0) behaves as 155 | ## CONFIG_XEN_VIRTIO_FORCE_GRANT, so disable whole CONFIG_XEN_VIRTIO. 156 | 157 | # CONFIG_XEN_VIRTIO is not set 158 | 159 | ## Without kernel preemption, long-running operations in the dom0 kernel (such 160 | ## as dm-thin metadata lookups or dm-crypt encryption and decryption) can make 161 | ## the entire system less responsive. It is easy to trigger this with e.g. 162 | ## a parallel kernel build. 163 | CONFIG_PREEMPT=y 164 | 165 | ################################################################################ 166 | ## TODO: from diff to old config 167 | 168 | ## CONFIG_X86_AMD_PLATFORM_DEVICE=y 169 | ## 170 | ## # CONFIG_X86_MCELOG_LEGACY is not set 171 | ## # CONFIG_X86_MCE_INJECT is not set 172 | ## 173 | ## CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y 174 | ## 175 | ## sensors from 0f976d972a1671a303fad30a5e690304b0b82ee0 176 | ## 177 | ## Intel ME driver e0f8e9ca81b80d897b190f48a4af80eff3198cb1 178 | 179 | ## Avoid kernel conflict with EfiACPIMemoryNVS region on some 180 | ## AMD Threadripper platforms 181 | CONFIG_PHYSICAL_START=0x200000 182 | CONFIG_PHYSICAL_ALIGN=0x200000 183 | 184 | ## AMD XDNA cannot work under Xen. It requires PASID, which Xen does 185 | ## not expose to any guest. Also, AMDXDNA breaks booting under Xen 186 | ## unless it is patched to fail to probe there. 187 | ## 188 | ## See and 189 | ## 190 | ## for details. 191 | # CONFIG_DRM_ACCEL_AMDXDNA is not set 192 | -------------------------------------------------------------------------------- /guards: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | ############################################################################# 3 | # Copyright (c) 2003-2007,2009 Novell, Inc. 4 | # All Rights Reserved. 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of version 2 of the GNU General Public License as 8 | # published by the Free Software Foundation. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, contact Novell, Inc. 17 | # 18 | # To contact Novell about this file by physical or electronic mail, 19 | # you may find current contact information at www.novell.com 20 | ############################################################################# 21 | # 22 | # Guards: 23 | # 24 | # +xxx include if xxx is defined 25 | # -xxx exclude if xxx is defined 26 | # +!xxx include if xxx is not defined 27 | # -!xxx exclude if xxx is not defined 28 | # 29 | 30 | use FileHandle; 31 | use Getopt::Long; 32 | use strict; 33 | 34 | # Prototypes 35 | sub files_in($$); 36 | sub parse($$); 37 | sub help(); 38 | 39 | #sub strip_ext($) { 40 | # local ($_) = @_; 41 | # s/\.(diff?|patch)$//; 42 | #} 43 | 44 | #sub try_ext($) { 45 | # my ($path) = @_; 46 | # for my $p in (($path, "$path.diff", "$path.dif", "$path.patch")) { 47 | # return $p 48 | # if (-f $p); 49 | # } 50 | # return undef; 51 | #} 52 | 53 | sub slashme($) { 54 | my ($dir) = @_; 55 | $dir =~ s#([^/])$#$&/#; # append a slash if necessary 56 | if ($dir eq './') { 57 | return ''; 58 | } else { 59 | return $dir; 60 | } 61 | } 62 | 63 | # Generate a list of files in a directory 64 | # 65 | sub files_in($$) { 66 | my ($dir, $path) = @_; 67 | my $dh = new FileHandle; 68 | my (@files, $file); 69 | 70 | 71 | opendir $dh, length("$dir$path") ? "$dir$path" : '.' 72 | or die "$dir$path: $!\n"; 73 | while ($file = readdir($dh)) { 74 | next if $file =~ /^(\.|\.\.|\.#.*|CVS|.*~)$/; 75 | if (-d "$dir$path$file") { 76 | @files = (@files, files_in($dir, "$path$file/")); 77 | } else { 78 | #print "[$path$file]\n"; 79 | push @files, "$path$file"; 80 | } 81 | } 82 | closedir $dh; 83 | return @files; 84 | } 85 | 86 | # Parse a configuration file 87 | # Callback called with ($patch, @guards) arguments 88 | # 89 | sub parse($$) { 90 | my ($fh, $callback) = @_; 91 | 92 | my $line = ""; 93 | 94 | while (<$fh>) { 95 | chomp; 96 | s/(^|\s+)#.*//; 97 | if (s/\\$/ /) { 98 | $line .= $_; 99 | next; 100 | } 101 | $line .= $_; 102 | my @guards = (); 103 | foreach my $token (split /[\s\t\n]+/, $line) { 104 | next if $token eq ""; 105 | if ($token =~ /^[-+]/) { 106 | push @guards, $token; 107 | } else { 108 | #print "[" . join(",", @guards) . "] $token\n"; 109 | &$callback($token, @guards); 110 | } 111 | } 112 | $line = ""; 113 | } 114 | } 115 | 116 | # Command line options 117 | # 118 | my ($dir, $config, $default, $check, $list, $invert_match, $with_guards) = 119 | ( '', '-', 1, 0, 0, 0, 0); 120 | my @path; 121 | 122 | # Help text 123 | # 124 | sub help() { 125 | print "$0 - select from a list of files guarded by conditions\n"; 126 | print "SYNOPSIS: $0 [--prefix=dir] [--path=dir1:dir2:...]\n" . 127 | " [--default=0|1] [--check|--list] [--invert-match]\n" . 128 | " [--with-guards] [--config=file] symbol ...\n\n" . 129 | " (Default values: --path='" . join(':', @path) . "', " . 130 | "--default=$default)\n"; 131 | exit 0; 132 | } 133 | 134 | # Parse command line options 135 | # 136 | Getopt::Long::Configure ("bundling"); 137 | eval { 138 | unless (GetOptions ( 139 | 'd|prefix=s' => \$dir, 140 | 'c|config=s' => \$config, 141 | 'C|check' => \$check, 142 | 'l|list' => \$list, 143 | 'w|with-guards' => \$with_guards, 144 | 'p|path=s' => \@path, 145 | 'D|default=i' => \$default, 146 | 'v|invert-match' => \$invert_match, 147 | 'h|help' => sub { help(); exit 0; })) { 148 | help(); 149 | exit 1; 150 | } 151 | }; 152 | if ($@) { 153 | print "$@"; 154 | help(); 155 | exit 1; 156 | } 157 | 158 | @path = ('.') 159 | unless (@path); 160 | @path = split(/:/, join(':', @path)); 161 | 162 | my $fh = ($config eq '-') ? \*STDIN : new FileHandle($config) 163 | or die "$config: $!\n"; 164 | 165 | $dir = slashme($dir); 166 | 167 | if ($check) { 168 | # Check for duplicate files, or for files that are not referenced by 169 | # the specification. 170 | 171 | my $problems = 0; 172 | my @files; 173 | 174 | foreach (@path) { 175 | @files = (@files, files_in($dir, slashme($_))); 176 | } 177 | my %files = map { $_ => 0 } @files; 178 | 179 | parse($fh, sub { 180 | my ($patch, @guards) = @_; 181 | if (exists $files{$patch}) { 182 | $files{$patch}++; 183 | } else { 184 | print "Not found: $dir$patch\n"; 185 | $problems++; 186 | }}); 187 | 188 | $fh->close(); 189 | 190 | my ($file, $ref); 191 | while (($file, $ref) = each %files) { 192 | next if $ref == 1; 193 | 194 | if ($ref == 0) { 195 | print "Unused: $file\n" if $ref == 0; 196 | $problems++; 197 | } 198 | if ($ref > 1) { 199 | print "Warning: multiple uses: $file\n" if $ref > 1; 200 | # This is not an error if the entries are mutually exclusive... 201 | } 202 | } 203 | exit $problems ? 1 : 0; 204 | 205 | } elsif ($list) { 206 | parse($fh, sub { 207 | my ($patch, @guards) = @_; 208 | print join(' ', @guards), ' ' 209 | if (@guards && $with_guards); 210 | print "$dir$patch\n"; 211 | }); 212 | } else { 213 | # Generate a list of patches to apply. 214 | 215 | my %symbols = map { $_ => 1 } @ARGV; 216 | 217 | parse($fh, sub { 218 | my ($patch, @guards) = @_; 219 | 220 | my $selected; 221 | if (@guards) { 222 | # If the first guard is -xxx, the patch is included by default; 223 | # if it is +xxx, the patch is excluded by default. 224 | $selected = ($guards[0] =~ /^-/); 225 | 226 | foreach (@guards) { 227 | /^([-+])(!?)(.*)?/ 228 | or die "Bad guard '$_'\n"; 229 | 230 | # Check if the guard matches 231 | if (($2 eq '!' && !exists $symbols{$3}) || 232 | ($2 eq '' && ( $3 eq '' || exists $symbols{$3}))) { 233 | # Include or exclude 234 | $selected = ($1 eq '+'); 235 | } 236 | } 237 | } else { 238 | # If there are no guards, use the specified default result. 239 | $selected = $default; 240 | } 241 | 242 | print "$dir$patch\n" 243 | if $selected ^ $invert_match; 244 | }); 245 | 246 | $fh->close(); 247 | 248 | exit 0; 249 | } 250 | 251 | __END__ 252 | 253 | =head1 NAME 254 | 255 | guards - select from a list of files guarded by conditions 256 | 257 | =head1 SYNOPSIS 258 | 259 | F [--prefix=F] [--path=F] [--default=<0|1>] 260 | [--check|--list] [--invert-match] [--with-guards] [--config=] 261 | I ... 262 | 263 | 264 | =head1 DESCRIPTION 265 | 266 | The script reads a configuration file that may contain so-called guards, file 267 | names, and comments, and writes those file names that satisfy all guards to 268 | standard output. The script takes a list of symbols as its arguments. Each line 269 | in the configuration file is processed separately. Lines may start with a 270 | number of guards. The following guards are defined: 271 | 272 | =over 273 | 274 | +I Include the file(s) on this line if the symbol I is defined. 275 | 276 | -I Exclude the file(s) on this line if the symbol I is defined. 277 | 278 | +!I Include the file(s) on this line if the symbol I is not defined. 279 | 280 | -!I Exclude the file(s) on this line if the symbol I is not defined. 281 | 282 | - Exclude this file. Used to avoid spurious I<--check> messages. 283 | 284 | =back 285 | 286 | The guards are processed left to right. The last guard that matches determines 287 | if the file is included. If no guard is specified, the I<--default> 288 | setting determines if the file is included. 289 | 290 | If no configuration file is specified, the script reads from standard input. 291 | 292 | The I<--check> option is used to compare the specification file against the 293 | file system. If files are referenced in the specification that do not exist, or 294 | if files are not enlisted in the specification file warnings are printed. The 295 | I<--path> option can be used to specify which directory or directories to scan. 296 | Multiple directories are eparated by a colon (C<:>) character. The 297 | I<--prefix> option specifies the location of the files. 298 | 299 | Use I<--list> to list all files independend of any rules. Use I<--invert-match> 300 | to list only the excluded patches. Use I<--with-guards> to also include all 301 | inclusion and exclusion rules. 302 | 303 | =head1 AUTHOR 304 | 305 | Andreas Gruenbacher , SUSE Labs 306 | -------------------------------------------------------------------------------- /xen-pciback-pm-suspend.patch: -------------------------------------------------------------------------------- 1 | From 7e9f846743d002a2348d92c8121b547f60d2f6ca Mon Sep 17 00:00:00 2001 2 | From: Simon Gaiser 3 | Date: Tue, 30 Apr 2024 14:27:40 +0200 4 | Subject: [PATCH] Add experimental support for (forced) device suspend in 5 | pciback 6 | 7 | This is a pretty hacky workaround to help getting devices into their low 8 | power states for S0ix. Ideally the driver in the VM should handle this 9 | but this doesn't works for all cases currently. 10 | 11 | This change adds two experimental options to pciback. Enabling 12 | qubes_exp_pm_suspend for a device assigned to pciback will imitate the 13 | normal prepare for suspend flow that pci_pm_suspend_noirq does for 14 | drivers that have enabled pm. This uses the PCIe power management 15 | function to put a device into a low power state. pciback didn't have pm 16 | enabled previously. This manual handling is needed to make this opt-in 17 | per device. 18 | 19 | Additionally this adds qubes_exp_pm_suspend_force. This ignores the 20 | check whether the device should be suspended, which the pci driver 21 | normally does before trying to put a device into low power state. This 22 | is needed for getting the Thunderbolt controller into a low power state. 23 | For some, not yet fully clear, reasons in the combination of running 24 | under Xen and disabled PCI hotplugging this doesn't work. This can be 25 | worked around by forcing the Thunderbolt PCIe root ports to D3. 26 | 27 | The later was initially intended to be done by adding an option to 28 | pci_bridge_d3_possible to override it's check for the Thunderbolt root 29 | ports. But this turned out to be hard to implement as an per device 30 | opt-in. So as an alternative the force option was added to pciback. Note 31 | that since the root ports are bridges they can never be actually 32 | passedthrough, they are just assigned to pciback. This way we can spare 33 | the effort to write another dummy driver. 34 | --- 35 | drivers/xen/xen-pciback/pci_stub.c | 165 +++++++++++++++++++++++++++++ 36 | drivers/xen/xen-pciback/pciback.h | 2 + 37 | 2 files changed, 167 insertions(+) 38 | 39 | diff --git a/drivers/xen/xen-pciback/pci_stub.c b/drivers/xen/xen-pciback/pci_stub.c 40 | index e34b623e4b41..c5570bca0d60 100644 41 | --- a/drivers/xen/xen-pciback/pci_stub.c 42 | +++ b/drivers/xen/xen-pciback/pci_stub.c 43 | @@ -26,6 +26,7 @@ 44 | #include "pciback.h" 45 | #include "conf_space.h" 46 | #include "conf_space_quirks.h" 47 | +#include "../../pci/pci.h" 48 | 49 | #define PCISTUB_DRIVER_NAME "pciback" 50 | 51 | @@ -978,6 +979,37 @@ static void xen_pcibk_error_resume(struct pci_dev *dev) 52 | return; 53 | } 54 | 55 | +static int xen_pcibk_suspend_noirq(struct device *dev) { 56 | + // Imitate pci_pm_suspend_noirq but with per-device opt-in and force 57 | + // option. 58 | + struct pci_dev *pci_dev = to_pci_dev(dev); 59 | + struct xen_pcibk_dev_data *dev_data = pci_get_drvdata(pci_dev); 60 | + 61 | + pci_save_state(pci_dev); 62 | + 63 | + if (dev_data->pm_suspend) { 64 | + if (pci_dev->skip_bus_pm || !pci_power_manageable(pci_dev)) { 65 | + if (!dev_data->pm_suspend_force) { 66 | + pci_info(pci_dev, "Skipping device suspend\n"); 67 | + return 0; 68 | + } else { 69 | + pci_info(pci_dev, "Forcing device suspend\n"); 70 | + } 71 | + } 72 | + int err = pci_prepare_to_sleep(pci_dev); 73 | + if (err) { 74 | + pci_err(pci_dev, "Suspending device failed: %i\n", err); 75 | + } else { 76 | + pci_info(pci_dev, "Device suspended. It's now in %s\n", 77 | + pci_power_name(pci_dev->current_state)); 78 | + } 79 | + } else { 80 | + pci_info(pci_dev, "Backend-side device suspend not enabled\n"); 81 | + } 82 | + 83 | + return 0; 84 | +} 85 | + 86 | /*add xen_pcibk AER handling*/ 87 | static const struct pci_error_handlers xen_pcibk_error_handler = { 88 | .error_detected = xen_pcibk_error_detected, 89 | @@ -986,6 +1018,10 @@ static const struct pci_error_handlers xen_pcibk_error_handler = { 90 | .resume = xen_pcibk_error_resume, 91 | }; 92 | 93 | +static const struct dev_pm_ops xen_pcibk_pm_ops = { 94 | + .suspend_noirq = xen_pcibk_suspend_noirq, 95 | +}; 96 | + 97 | /* 98 | * Note: There is no MODULE_DEVICE_TABLE entry here because this isn't 99 | * for a normal device. I don't want it to be loaded automatically. 100 | @@ -999,6 +1035,7 @@ static struct pci_driver xen_pcibk_pci_driver = { 101 | .probe = pcistub_probe, 102 | .remove = pcistub_remove, 103 | .err_handler = &xen_pcibk_error_handler, 104 | + .driver.pm = &xen_pcibk_pm_ops, 105 | }; 106 | 107 | static inline int str_to_slot(const char *buf, int *domain, int *bus, 108 | @@ -1486,6 +1523,124 @@ static ssize_t allow_interrupt_control_show(struct device_driver *drv, 109 | } 110 | static DRIVER_ATTR_RW(allow_interrupt_control); 111 | 112 | +static ssize_t qubes_exp_pm_suspend_store(struct device_driver *drv, 113 | + const char *buf, size_t count) 114 | +{ 115 | + int domain, bus, slot, func; 116 | + int err; 117 | + struct pcistub_device *psdev; 118 | + struct xen_pcibk_dev_data *dev_data; 119 | + 120 | + err = str_to_slot(buf, &domain, &bus, &slot, &func); 121 | + if (err) 122 | + goto out; 123 | + 124 | + psdev = pcistub_device_find(domain, bus, slot, func); 125 | + if (!psdev) { 126 | + err = -ENODEV; 127 | + goto out; 128 | + } 129 | + 130 | + dev_data = pci_get_drvdata(psdev->dev); 131 | + /* the driver data for a device should never be null at this point */ 132 | + if (!dev_data) { 133 | + err = -ENXIO; 134 | + goto release; 135 | + } 136 | + dev_data->pm_suspend = 1; 137 | +release: 138 | + pcistub_device_put(psdev); 139 | +out: 140 | + if (!err) 141 | + err = count; 142 | + return err; 143 | +} 144 | + 145 | +static ssize_t qubes_exp_pm_suspend_show(struct device_driver *drv, 146 | + char *buf) 147 | +{ 148 | + struct pcistub_device *psdev; 149 | + struct xen_pcibk_dev_data *dev_data; 150 | + size_t count = 0; 151 | + unsigned long flags; 152 | + 153 | + spin_lock_irqsave(&pcistub_devices_lock, flags); 154 | + list_for_each_entry(psdev, &pcistub_devices, dev_list) { 155 | + if (count >= PAGE_SIZE) 156 | + break; 157 | + if (!psdev->dev) 158 | + continue; 159 | + dev_data = pci_get_drvdata(psdev->dev); 160 | + if (!dev_data || !dev_data->pm_suspend) 161 | + continue; 162 | + count += 163 | + scnprintf(buf + count, PAGE_SIZE - count, "%s\n", 164 | + pci_name(psdev->dev)); 165 | + } 166 | + spin_unlock_irqrestore(&pcistub_devices_lock, flags); 167 | + return count; 168 | +} 169 | +static DRIVER_ATTR_RW(qubes_exp_pm_suspend); 170 | + 171 | +static ssize_t qubes_exp_pm_suspend_force_store(struct device_driver *drv, 172 | + const char *buf, size_t count) 173 | +{ 174 | + int domain, bus, slot, func; 175 | + int err; 176 | + struct pcistub_device *psdev; 177 | + struct xen_pcibk_dev_data *dev_data; 178 | + 179 | + err = str_to_slot(buf, &domain, &bus, &slot, &func); 180 | + if (err) 181 | + goto out; 182 | + 183 | + psdev = pcistub_device_find(domain, bus, slot, func); 184 | + if (!psdev) { 185 | + err = -ENODEV; 186 | + goto out; 187 | + } 188 | + 189 | + dev_data = pci_get_drvdata(psdev->dev); 190 | + /* the driver data for a device should never be null at this point */ 191 | + if (!dev_data) { 192 | + err = -ENXIO; 193 | + goto release; 194 | + } 195 | + dev_data->pm_suspend_force = 1; 196 | +release: 197 | + pcistub_device_put(psdev); 198 | +out: 199 | + if (!err) 200 | + err = count; 201 | + return err; 202 | +} 203 | + 204 | +static ssize_t qubes_exp_pm_suspend_force_show(struct device_driver *drv, 205 | + char *buf) 206 | +{ 207 | + struct pcistub_device *psdev; 208 | + struct xen_pcibk_dev_data *dev_data; 209 | + size_t count = 0; 210 | + unsigned long flags; 211 | + 212 | + spin_lock_irqsave(&pcistub_devices_lock, flags); 213 | + list_for_each_entry(psdev, &pcistub_devices, dev_list) { 214 | + if (count >= PAGE_SIZE) 215 | + break; 216 | + if (!psdev->dev) 217 | + continue; 218 | + dev_data = pci_get_drvdata(psdev->dev); 219 | + if (!dev_data || !dev_data->pm_suspend_force) 220 | + continue; 221 | + count += 222 | + scnprintf(buf + count, PAGE_SIZE - count, "%s\n", 223 | + pci_name(psdev->dev)); 224 | + } 225 | + spin_unlock_irqrestore(&pcistub_devices_lock, flags); 226 | + return count; 227 | +} 228 | +static DRIVER_ATTR_RW(qubes_exp_pm_suspend_force); 229 | + 230 | static void pcistub_exit(void) 231 | { 232 | driver_remove_file(&xen_pcibk_pci_driver.driver, &driver_attr_new_slot); 233 | @@ -1497,6 +1652,10 @@ static void pcistub_exit(void) 234 | &driver_attr_permissive); 235 | driver_remove_file(&xen_pcibk_pci_driver.driver, 236 | &driver_attr_allow_interrupt_control); 237 | + driver_remove_file(&xen_pcibk_pci_driver.driver, 238 | + &driver_attr_qubes_exp_pm_suspend); 239 | + driver_remove_file(&xen_pcibk_pci_driver.driver, 240 | + &driver_attr_qubes_exp_pm_suspend_force); 241 | driver_remove_file(&xen_pcibk_pci_driver.driver, 242 | &driver_attr_irq_handlers); 243 | driver_remove_file(&xen_pcibk_pci_driver.driver, 244 | @@ -1590,6 +1749,12 @@ static int __init pcistub_init(void) 245 | if (!err) 246 | err = driver_create_file(&xen_pcibk_pci_driver.driver, 247 | &driver_attr_allow_interrupt_control); 248 | + if (!err) 249 | + err = driver_create_file(&xen_pcibk_pci_driver.driver, 250 | + &driver_attr_qubes_exp_pm_suspend); 251 | + if (!err) 252 | + err = driver_create_file(&xen_pcibk_pci_driver.driver, 253 | + &driver_attr_qubes_exp_pm_suspend_force); 254 | 255 | if (!err) 256 | err = driver_create_file(&xen_pcibk_pci_driver.driver, 257 | diff --git a/drivers/xen/xen-pciback/pciback.h b/drivers/xen/xen-pciback/pciback.h 258 | index f9599ed2f2e2..cf6df6964664 100644 259 | --- a/drivers/xen/xen-pciback/pciback.h 260 | +++ b/drivers/xen/xen-pciback/pciback.h 261 | @@ -49,6 +49,8 @@ struct xen_pcibk_dev_data { 262 | struct pci_saved_state *pci_saved_state; 263 | unsigned int permissive:1; 264 | unsigned int allow_interrupt_control:1; 265 | + unsigned int pm_suspend:1; 266 | + unsigned int pm_suspend_force:1; 267 | unsigned int warned_on_write:1; 268 | unsigned int enable_intx:1; 269 | unsigned int isr_on:1; /* Whether the IRQ handler is installed. */ 270 | -- 271 | 2.43.0 272 | 273 | -------------------------------------------------------------------------------- /kernel.spec.in: -------------------------------------------------------------------------------- 1 | # A spec file for building xenlinux Dom0 kernel for Qubes 2 | # Based on the Open SUSE kernel-spec & Fedora kernel-spec. 3 | # 4 | 5 | %define variant qubes 6 | %define plainrel @REL@ 7 | %define version %(echo '@VERSION@' | sed 's/-rc.*//') 8 | %define upstream_version @VERSION@ 9 | %if "%{version}" != "%{upstream_version}" 10 | %define prerelease 1 11 | %define rel 0.%(echo '@VERSION@' | sed 's/.*-rc/rc/').%{plainrel}.%{variant}%{?dist} 12 | %else 13 | %define prerelease 0 14 | %define rel %{plainrel}.%{variant}%{?dist} 15 | %endif 16 | 17 | # Work around broken shebang mangling: https://github.com/QubesOS/qubes-issues/issues/10417 18 | %undefine __brp_mangle_shebangs 19 | 20 | %define name_suffix -latest 21 | 22 | %define _buildshell /bin/bash 23 | %define build_xen 1 24 | 25 | %global cpu_arch x86_64 26 | %define cpu_arch_flavor %cpu_arch 27 | 28 | %define kernelrelease %(echo %{upstream_version} | sed 's/-rc.*//;s/^[0-9]\\.[0-9]\\+$/\\0.0/')-%rel.%cpu_arch 29 | %define my_builddir %_builddir/%{name}-%{version} 30 | 31 | %define build_src_dir %my_builddir/linux-%upstream_version 32 | %define src_install_dir /usr/src/kernels/%kernelrelease 33 | %define kernel_build_dir %my_builddir/linux-obj 34 | %define vm_install_dir /var/lib/qubes/vm-kernels/%upstream_version-%{plainrel}%{?dist} 35 | 36 | %define install_vdso 1 37 | %define debuginfodir /usr/lib/debug 38 | 39 | # debuginfo build is disabled by default to save disk space (it needs 2-3GB build time) 40 | %define with_debuginfo 0 41 | 42 | # Sign all modules 43 | %global signmodules 1 44 | 45 | %if !%{with_debuginfo} 46 | %global debug_package %{nil} 47 | %define _build_id_links none 48 | %define setup_config --enable CONFIG_DEBUG_INFO_NONE \\\ 49 | --disable CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT \\\ 50 | --disable CONFIG_DEBUG_INFO 51 | %else 52 | %define setup_config --enable CONFIG_DEBUG_INFO \\\ 53 | --enable CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT \\\ 54 | --disable CONFIG_DEBUG_INFO_REDUCED 55 | %endif 56 | 57 | Name: kernel%{?name_suffix} 58 | Summary: The Xen Kernel 59 | Version: %{version} 60 | Epoch: 1000 61 | Release: %{rel} 62 | License: GPL v2 only 63 | Group: System/Kernel 64 | Url: http://www.kernel.org/ 65 | AutoReqProv: on 66 | BuildRequires: coreutils module-init-tools sparse 67 | BuildRequires: qubes-kernel-vm-support 68 | BuildRequires: dracut 69 | BuildRequires: busybox 70 | BuildRequires: bc 71 | BuildRequires: openssl 72 | BuildRequires: openssl-devel 73 | BuildRequires: libuuid-devel 74 | %if 0%{?fedora} >= 41 75 | BuildRequires: openssl-devel-engine 76 | %endif 77 | BuildRequires: python3-devel 78 | BuildRequires: gcc-plugin-devel 79 | BuildRequires: elfutils-libelf-devel 80 | BuildRequires: bison 81 | BuildRequires: flex 82 | 83 | # gcc with support for BTI mitigation 84 | %if 0%{?fedora} == 25 85 | BuildRequires: gcc >= 6.4.1-1.qubes1 86 | Requires: xen-libs >= 2001:4.8.5-15 87 | %else 88 | BuildRequires: gcc 89 | %endif 90 | 91 | # Needed for building GCC hardened plugins 92 | BuildRequires: gcc-c++ 93 | 94 | %if 0%{?fedora} >= 32 95 | # Required for CONFIG_DEBUG_INFO_BTF 96 | BuildRequires: dwarves 97 | %endif 98 | 99 | Provides: multiversion(kernel) 100 | Provides: %name = %kernelrelease 101 | 102 | Provides: kernel-xen-dom0 103 | Provides: kernel-qubes-dom0 104 | Provides: kernel-qubes-dom0-pvops 105 | Provides: kernel-drm = 4.3.0 106 | Provides: kernel-drm-nouveau = 16 107 | Provides: kernel-modules-extra = %kernelrelease 108 | Provides: kernel-modeset = 1 109 | 110 | Requires: %name-modules = %kernelrelease 111 | Requires(pre): coreutils gawk 112 | Requires(post): dracut binutils 113 | Requires: qubes-core-dom0-linux-kernel-install 114 | 115 | Conflicts: sysfsutils < 2.0 116 | # root-lvm only works with newer udevs 117 | Conflicts: udev < 118 118 | Conflicts: lvm2 < 2.02.33 119 | Provides: kernel = %kernelrelease 120 | Provides: kernel-uname-r = %kernelrelease 121 | 122 | ExclusiveArch: x86_64 123 | 124 | %if %prerelease 125 | Source0: linux-%{upstream_version}.tar.gz 126 | %else 127 | Source0: linux-%{upstream_version}.tar 128 | %endif 129 | Source1: @dummy-psu@ 130 | Source2: @dummy-backlight@ 131 | Source3: @linux-utils@ 132 | Source4: @v4l2loopback@ 133 | Source16: guards 134 | Source17: apply-patches 135 | Source18: mod-sign.sh 136 | Source33: check-for-config-changes 137 | Source34: gen-config 138 | Source100: config-base 139 | Source101: config-qubes 140 | %define modsign_cmd %{SOURCE18} 141 | 142 | Patch1: 0002-mce-hide-EBUSY-initialization-error-on-Xen.patch 143 | Patch2: 0003-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch 144 | Patch5: 0006-block-add-no_part_scan-module-parameter.patch 145 | Patch12: 0013-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch 146 | Patch26: 0001-sound-Disable-SG-buffer.patch 147 | Patch27: 0001-amdgpu-timeout.patch 148 | Patch30: 0004-pvops-respect-removable-xenstore-flag-for-block-devi.patch 149 | Patch31: 0001-PCI-add-a-reset-quirk-for-Intel-I219LM-ethernet-adap.patch 150 | Patch32: 0001-Revert-e1000e-change-k1-configuration-on-MTP-and-lat.patch 151 | Patch33: 0001-xen-xenbus-better-handle-backend-crash.patch 152 | 153 | # S0ix support: 154 | Patch61: xen-events-Add-wakeup-support-to-xen-pirq.patch 155 | Patch62: xen-pm-use-suspend.patch 156 | Patch63: xen-pciback-pm-suspend.patch 157 | 158 | %description 159 | Qubes Dom0 kernel. 160 | 161 | %package modules 162 | Summary: Kernel modules 163 | License: GPL v2 only 164 | Provides: multiversion(kernel) 165 | Provides: %name-modules = %kernelrelease 166 | %if "%{?name_suffix}" != "" 167 | Provides: kernel-modules = %kernelrelease 168 | %endif 169 | Provides: kernel-modules-uname-r = %kernelrelease 170 | Requires(post): kmod 171 | AutoReqProv: on 172 | 173 | %description modules 174 | This package provides kernel modules. 175 | 176 | %prep 177 | SYMBOLS="xen-dom0 pvops" 178 | 179 | # Unpack all sources and patches 180 | %autosetup -N -c -T -a 0 181 | 182 | export LINUX_UPSTREAM_VERSION=%{upstream_version} 183 | 184 | mkdir -p %kernel_build_dir 185 | 186 | cd linux-%upstream_version 187 | %autopatch -p1 188 | 189 | # drop EXTRAVERSION - possible -rc suffix already included in %release 190 | sed -i -e 's/^EXTRAVERSION = -rc.*/EXTRAVERSION =/' Makefile 191 | 192 | %if 0%{?fedora} >= 31 || 0%{?rhel} >= 8 193 | # Mangle /usr/bin/python shebangs to /usr/bin/python3 194 | # Mangle all Python shebangs to be Python 3 explicitly 195 | # -p preserves timestamps 196 | # -n prevents creating ~backup files 197 | # -i specifies the interpreter for the shebang 198 | # This fixes errors such as 199 | # *** ERROR: ambiguous python shebang in /usr/bin/kvm_stat: #!/usr/bin/python. Change it to python3 (or python2) explicitly. 200 | # We patch all sources below for which we got a report/error. 201 | %py3_shebang_fix \ 202 | tools/kvm/kvm_stat/kvm_stat \ 203 | scripts/show_delta \ 204 | scripts/diffconfig \ 205 | scripts/bloat-o-meter \ 206 | scripts/jobserver-exec \ 207 | tools \ 208 | Documentation \ 209 | scripts/clang-tools 210 | %endif 211 | 212 | cd %kernel_build_dir 213 | 214 | # FIXME: Find a modular way to include configuration per dist 215 | # On GCC12+, STRUCTLEAK configs are not needed anymore 216 | %if 0%{?fedora} >= 37 217 | sed -i '/CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y/d' %{SOURCE101} 218 | sed -i 's/CONFIG_GCC_PLUGIN_STRUCTLEAK=y/CONFIG_INIT_STACK_ALL_ZERO=y/' %{SOURCE101} 219 | %endif 220 | 221 | # Create QubesOS config kernel 222 | %{SOURCE34} %{SOURCE100} %{SOURCE101} 223 | 224 | %build_src_dir/scripts/config \ 225 | --set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config} 226 | %build_src_dir/scripts/config \ 227 | --set-str CONFIG_BUILD_SALT "%{kernelrelease}" %{setup_config} 228 | 229 | %if 0%{?fedora} < 32 230 | # No new enough dwarves package available 231 | %build_src_dir/scripts/config \ 232 | --disable CONFIG_DEBUG_INFO_BTF 233 | %endif 234 | 235 | MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD KERNELRELEASE=%{kernelrelease}" 236 | 237 | make prepare $MAKE_ARGS 238 | make scripts $MAKE_ARGS 239 | make scripts_basic $MAKE_ARGS 240 | krel=$(make -s kernelrelease $MAKE_ARGS) 241 | 242 | if [ "$krel" != "%kernelrelease" ]; then 243 | echo "Kernel release mismatch: $krel != %kernelrelease" >&2 244 | exit 1 245 | fi 246 | 247 | make clean $MAKE_ARGS 248 | 249 | rm -f source 250 | find . ! -type d -printf '%%P\n' > %my_builddir/obj-files 251 | 252 | rm -rf %_builddir/dummy-psu 253 | tar -x -C %_builddir -zf %{SOURCE1} 254 | 255 | rm -rf %_builddir/dummy-backlight 256 | tar -x -C %_builddir -zf %{SOURCE2} 257 | 258 | rm -rf %_builddir/u2mfn 259 | tar -x -C %_builddir -zf %{SOURCE3} --strip-components=2 linux-utils/kernel-modules/u2mfn 260 | 261 | rm -rf %_builddir/v4l2loopback 262 | tar -x -C %_builddir -zf %{SOURCE4} 263 | 264 | %build 265 | 266 | set -e 267 | 268 | cd %kernel_build_dir 269 | 270 | make %{?_smp_mflags} all $MAKE_ARGS CONFIG_DEBUG_SECTION_MISMATCH=y 271 | 272 | # Build dummy-psu module 273 | if [ -d "%_builddir/dummy-psu" ]; then 274 | make -C %kernel_build_dir M=%_builddir/dummy-psu modules 275 | fi 276 | 277 | # Build dummy-backlight module 278 | if [ -d "%_builddir/dummy-backlight" ]; then 279 | make -C %kernel_build_dir M=%_builddir/dummy-backlight modules 280 | fi 281 | 282 | # Build u2mfn module 283 | if [ -d "%_builddir/u2mfn" ]; then 284 | make -C %kernel_build_dir M=%_builddir/u2mfn modules 285 | fi 286 | 287 | # Build v4l2loopback module 288 | if [ -d "%_builddir/v4l2loopback" ]; then 289 | make -C %kernel_build_dir M=%_builddir/v4l2loopback modules 290 | fi 291 | 292 | %define __modsign_install_post \ 293 | if [ "%{signmodules}" -eq "1" ]; then \ 294 | %{modsign_cmd} certs/signing_key.pem certs/signing_key.x509 $RPM_BUILD_ROOT/lib/modules/%kernelrelease/ \ 295 | fi \ 296 | %{nil} 297 | 298 | # 299 | # Disgusting hack alert! We need to ensure we sign modules *after* all 300 | # invocations of strip occur, which is in __debug_install_post if 301 | # find-debuginfo.sh runs, and __os_install_post if not. 302 | # 303 | 304 | %define __spec_install_post \ 305 | %{?__debug_package:%{__debug_install_post}}\ 306 | %{__arch_install_post}\ 307 | %{__os_install_post}\ 308 | %{?__remove_unwanted_dbginfo_install_post}\ 309 | %{__modsign_install_post} 310 | 311 | 312 | %install 313 | 314 | # get rid of /usr/lib/rpm/brp-strip-debug 315 | # strip removes too much from the vmlinux ELF binary 316 | export NO_BRP_STRIP_DEBUG=true 317 | export STRIP_KEEP_SYMTAB='*/vmlinux-*' 318 | 319 | # /lib/modules/%kernelrelease-%build_flavor/build will be a stale symlink until the 320 | # kernel-devel package is installed. Don't check for stale symlinks 321 | # in the brp-symlink check: 322 | export NO_BRP_STALE_LINK_ERROR=yes 323 | 324 | cd %kernel_build_dir 325 | 326 | mkdir -p %buildroot/boot 327 | cp -p System.map %buildroot/boot/System.map-%kernelrelease 328 | cp -p arch/x86/boot/bzImage %buildroot/boot/vmlinuz-%kernelrelease 329 | cp .config %buildroot/boot/config-%kernelrelease 330 | 331 | %if %install_vdso 332 | # Install the unstripped vdso's that are linked in the kernel image 333 | make vdso_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot 334 | %endif 335 | 336 | # Create a dummy initramfs with roughly the size the real one will have. 337 | # That way, rpm will know that this package requires some additional 338 | # space in /boot. 339 | dd if=/dev/zero of=%buildroot/boot/initramfs-%kernelrelease.img \ 340 | bs=1M count=20 341 | 342 | gzip -c9 < Module.symvers > %buildroot/boot/symvers-%kernelrelease.gz 343 | 344 | make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot 345 | if [ -d "%_builddir/dummy-psu" ]; then 346 | make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/dummy-psu 347 | fi 348 | if [ -d "%_builddir/dummy-backlight" ]; then 349 | make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/dummy-backlight 350 | fi 351 | if [ -d "%_builddir/u2mfn" ]; then 352 | make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/u2mfn 353 | fi 354 | if [ -d "%_builddir/v4l2loopback" ]; then 355 | make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/v4l2loopback 356 | fi 357 | 358 | mkdir -p %buildroot/%src_install_dir 359 | 360 | rm -f %buildroot/lib/modules/%kernelrelease/build 361 | rm -f %buildroot/lib/modules/%kernelrelease/source 362 | mkdir -p %buildroot/lib/modules/%kernelrelease/build 363 | (cd %buildroot/lib/modules/%kernelrelease ; ln -s build source) 364 | # dirs for additional modules per module-init-tools, kbuild/modules.txt 365 | mkdir -p %buildroot/lib/modules/%kernelrelease/extra 366 | mkdir -p %buildroot/lib/modules/%kernelrelease/updates 367 | mkdir -p %buildroot/lib/modules/%kernelrelease/weak-updates 368 | 369 | pushd %build_src_dir 370 | cp --parents `find -type f -name "Makefile*" -o -name "Kconfig*"` %buildroot/lib/modules/%kernelrelease/build 371 | cp -a scripts %buildroot/lib/modules/%kernelrelease/build 372 | cp -a --parents arch/x86/include %buildroot/lib/modules/%kernelrelease/build/ 373 | cp -a include %buildroot/lib/modules/%kernelrelease/build/ 374 | popd 375 | 376 | cp Module.symvers %buildroot/lib/modules/%kernelrelease/build 377 | cp System.map %buildroot/lib/modules/%kernelrelease/build 378 | if [ -s Module.markers ]; then 379 | cp Module.markers %buildroot/lib/modules/%kernelrelease/build 380 | fi 381 | 382 | rm -rf %buildroot/lib/modules/%kernelrelease/build/Documentation 383 | 384 | # Remove useless scripts that creates ERROR with ambiguous shebang 385 | # that are removed too in Fedora 386 | rm -rf %buildroot/lib/modules/%kernelrelease/build/scripts/tracing 387 | rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/spdxcheck.py 388 | 389 | rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*.o 390 | rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*/*.o 391 | 392 | cp -a scripts/* %buildroot/lib/modules/%kernelrelease/build/scripts/ 393 | cp -a include/* %buildroot/lib/modules/%kernelrelease/build/include/ 394 | cp -a --parents arch/x86/include/* %buildroot/lib/modules/%kernelrelease/build/ 395 | if [ -f tools/objtool/objtool ]; then 396 | cp -a --parents tools/objtool %buildroot/lib/modules/%kernelrelease/build/ 397 | pushd %build_src_dir 398 | cp -a --parents tools/objtool %buildroot/lib/modules/%kernelrelease/build/ 399 | cp -a --parents tools/build/Build.include %buildroot/lib/modules/%kernelrelease/build/ 400 | cp -a --parents tools/build/fixdep.c %buildroot/lib/modules/%kernelrelease/build/ 401 | cp -a --parents tools/scripts/utilities.mak %buildroot/lib/modules/%kernelrelease/build/ 402 | cp -a --parents tools/lib/str_error_r.c %buildroot/lib/modules/%kernelrelease/build/ 403 | cp -a --parents tools/lib/string.c %buildroot/lib/modules/%kernelrelease/build/ 404 | cp -a --parents tools/lib/subcmd/* %buildroot/lib/modules/%kernelrelease/build/ 405 | popd 406 | fi 407 | 408 | # disable GCC plugins for external modules build, to not fail if different gcc 409 | # version is used 410 | sed -e 's/^\(CONFIG_GCC_PLUGIN.*\)=y/# \1 is not set/' .config > \ 411 | %buildroot/lib/modules/%kernelrelease/build/.config 412 | sed -e '/^#define CONFIG_GCC_PLUGIN/d' include/generated/autoconf.h > \ 413 | %buildroot/lib/modules/%kernelrelease/build/include/generated/autoconf.h 414 | sed -e '/^CONFIG_GCC_PLUGIN/d' include/config/auto.conf > \ 415 | %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf 416 | 417 | # Make sure the Makefile and version.h have a matching timestamp so that 418 | # external modules can be built 419 | touch -r %buildroot/lib/modules/%kernelrelease/build/Makefile %buildroot/lib/modules/%kernelrelease/build/include/generated/uapi/linux/version.h 420 | touch -r %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf 421 | touch -r %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/generated/autoconf.h 422 | 423 | if test -s vmlinux.id; then 424 | cp vmlinux.id %buildroot/lib/modules/%kernelrelease/build/vmlinux.id 425 | else 426 | echo >&2 "*** WARNING *** no vmlinux build ID! ***" 427 | fi 428 | 429 | # 430 | # save the vmlinux file for kernel debugging into the kernel-debuginfo rpm 431 | # 432 | %if %{with_debuginfo} 433 | mkdir -p %buildroot%{debuginfodir}/lib/modules/%kernelrelease 434 | cp vmlinux %buildroot%{debuginfodir}/lib/modules/%kernelrelease 435 | %endif 436 | 437 | find %buildroot/lib/modules/%kernelrelease -name "*.ko" -type f >modnames 438 | 439 | # mark modules executable so that strip-to-file can strip them 440 | xargs --no-run-if-empty chmod u+x < modnames 441 | 442 | # Generate a list of modules for block and networking. 443 | 444 | grep -F /drivers/ modnames | xargs --no-run-if-empty nm -upA | 445 | sed -n 's,^.*/\([^/]*\.ko\): *U \(.*\)$,\1 \2,p' > drivers.undef 446 | 447 | collect_modules_list() 448 | { 449 | sed -r -n -e "s/^([^ ]+) \\.?($2)\$/\\1/p" drivers.undef | 450 | LC_ALL=C sort -u > %buildroot/lib/modules/%kernelrelease/modules.$1 451 | } 452 | 453 | collect_modules_list networking \ 454 | 'register_netdev|ieee80211_register_hw|usbnet_probe' 455 | collect_modules_list block \ 456 | 'ata_scsi_ioctl|scsi_add_host|scsi_add_host_with_dma|blk_init_queue|register_mtd_blktrans|scsi_esp_register|scsi_register_device_handler' 457 | collect_modules_list drm \ 458 | 'drm_open|drm_init' 459 | collect_modules_list modesetting \ 460 | 'drm_crtc_init' 461 | 462 | # detect missing or incorrect license tags 463 | rm -f modinfo 464 | while read i 465 | do 466 | echo -n "${i#%buildroot/lib/modules/%kernelrelease/} " >> modinfo 467 | /sbin/modinfo -l $i >> modinfo 468 | done < modnames 469 | 470 | egrep -v \ 471 | 'GPL( v2)?$|Dual BSD/GPL$|Dual MPL/GPL$|GPL and additional rights$' \ 472 | modinfo && exit 1 473 | 474 | rm -f modinfo modnames 475 | 476 | # Move the devel headers out of the root file system 477 | mkdir -p %buildroot/usr/src/kernels 478 | mv %buildroot/lib/modules/%kernelrelease/build/* %buildroot/%src_install_dir/ 479 | mv %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/%src_install_dir 480 | rmdir %buildroot/lib/modules/%kernelrelease/build 481 | ln -sf %src_install_dir %buildroot/lib/modules/%kernelrelease/build 482 | 483 | # Abort if there are any undefined symbols 484 | msg="$(/sbin/depmod -F %buildroot/boot/System.map-%kernelrelease \ 485 | -b %buildroot -ae %kernelrelease 2>&1)" 486 | 487 | if [ $? -ne 0 ] || echo "$msg" | grep 'needs unknown symbol'; then 488 | exit 1 489 | fi 490 | 491 | # in case of no firmware built - place empty dir 492 | mkdir -p %buildroot/lib/firmware 493 | mv %buildroot/lib/firmware %buildroot/lib/firmware-all 494 | mkdir -p %buildroot/lib/firmware 495 | mv %buildroot/lib/firmware-all %buildroot/lib/firmware/%kernelrelease 496 | 497 | # Prepare initramfs for Qubes VM 498 | mkdir -p %buildroot/%vm_install_dir 499 | touch %_builddir/dummy_conf 500 | PATH="/sbin:$PATH" dracut --nomdadmconf --nolvmconf --no-hostonly \ 501 | --kmoddir %buildroot/lib/modules/%kernelrelease \ 502 | --modules "kernel-modules qubes-vm-simple busybox" \ 503 | --omit "nss-softokn extra-modules qubes-pciback qubes-udev" \ 504 | --conf %_builddir/dummy_conf --confdir /var/empty \ 505 | -d "xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot" \ 506 | %buildroot/%vm_install_dir/initramfs %kernelrelease 507 | 508 | cp -p arch/x86/boot/bzImage %buildroot/%vm_install_dir/vmlinuz 509 | 510 | # default kernel options for this kernel 511 | def_kernelopts="root=/dev/mapper/dmroot ro nomodeset console=hvc0" 512 | def_kernelopts="$def_kernelopts rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0" 513 | %if 0%{?fedora} >= 37 514 | def_kernelopts="$def_kernelopts clocksource=tsc" 515 | %endif 516 | if [ -e /usr/lib/dracut/modules.d/90qubes-vm-simple/xen-scrub-pages-supported ]; then 517 | # set xen_scrub_pages=0 _only_ when included initramfs does support 518 | # re-enabling it 519 | def_kernelopts="$def_kernelopts xen_scrub_pages=0" 520 | fi 521 | echo "$def_kernelopts " > %buildroot/%vm_install_dir/default-kernelopts-common.txt 522 | %if 0%{?fedora} >= 37 523 | touch %buildroot/%vm_install_dir/memory-hotplug-supported 524 | %endif 525 | 526 | # Create a dummy modules.img with roughly the size the real one will have. 527 | # That way, rpm will know that this package requires some additional 528 | # space in /boot. 529 | dd if=/dev/zero of=%buildroot/%vm_install_dir/modules.img \ 530 | bs=1M count=500 531 | 532 | 533 | # remove files that will be auto generated by depmod at rpm -i time 534 | for i in alias alias.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap 535 | do 536 | rm -f %buildroot/lib/modules/%kernelrelease/modules.$i 537 | done 538 | 539 | %post modules 540 | /sbin/depmod -a %{kernelrelease} 541 | 542 | %posttrans 543 | # with kernel-4.14+ plymouth detects hvc0 serial console and forces text boot 544 | # we simply make plymouth ignore it to recover the splash screen 545 | if [ -f /etc/default/grub ]; then 546 | if ! grep -q plymouth.ignore-serial-consoles /etc/default/grub; then 547 | echo 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX plymouth.ignore-serial-consoles"' >> /etc/default/grub 548 | fi 549 | fi 550 | 551 | if [ -f /boot/efi/EFI/qubes/xen.cfg ]; then 552 | if ! grep -q plymouth.ignore-serial-consoles /boot/efi/EFI/qubes/xen.cfg; then 553 | sed -i 's/kernel=.*/& plymouth.ignore-serial-consoles/g' /boot/efi/EFI/qubes/xen.cfg 554 | fi 555 | fi 556 | 557 | /bin/kernel-install add %{kernelrelease} /boot/vmlinuz-%{kernelrelease} || exit $? 558 | 559 | %preun 560 | /bin/kernel-install remove %{kernelrelease} /boot/vmlinuz-%{kernelrelease} || exit $? 561 | 562 | %files 563 | %defattr(-, root, root) 564 | %ghost /boot/initramfs-%{kernelrelease}.img 565 | /boot/System.map-%{kernelrelease} 566 | /boot/config-%{kernelrelease} 567 | /boot/symvers-%kernelrelease.gz 568 | %attr(0644, root, root) /boot/vmlinuz-%{kernelrelease} 569 | /lib/firmware/%{kernelrelease} 570 | 571 | %files modules 572 | /lib/modules/%{kernelrelease} 573 | 574 | %package devel 575 | Summary: Development files necessary for building kernel modules 576 | License: GPL v2 only 577 | Group: Development/Sources 578 | Provides: multiversion(kernel) 579 | Provides: %name-devel = %kernelrelease 580 | %if "%{?name_suffix}" != "" 581 | Provides: kernel-devel = %kernelrelease 582 | %endif 583 | Provides: kernel-devel-uname-r = %kernelrelease 584 | Requires: elfutils-libelf-devel 585 | AutoReqProv: on 586 | 587 | %description devel 588 | This package contains files necessary for building kernel modules (and 589 | kernel module packages) against the kernel. 590 | 591 | %post devel 592 | if [ -f /etc/sysconfig/kernel ] 593 | then 594 | . /etc/sysconfig/kernel || exit $? 595 | fi 596 | if [ "$HARDLINK" != "no" ] && [ -x /usr/sbin/hardlink ] 597 | then 598 | (cd /usr/src/kernels/%{kernelrelease} && 599 | /usr/bin/find . -type f | while read f; do 600 | hardlink -c /usr/src/kernels/*.fc*.*/$f $f 601 | done) 602 | fi 603 | 604 | 605 | %files devel 606 | %defattr(-,root,root) 607 | /usr/src/kernels/%{kernelrelease} 608 | 609 | 610 | %package qubes-vm 611 | Summary: The Xen Kernel 612 | Version: %{version} 613 | Release: %{rel} 614 | License: GPL v2 only 615 | Group: System/Kernel 616 | Url: http://www.kernel.org/ 617 | AutoReqProv: on 618 | BuildRequires: coreutils module-init-tools sparse 619 | Provides: multiversion(kernel-qubes-vm) 620 | 621 | Provides: kernel-xen-domU 622 | Provides: kernel-qubes-domU 623 | 624 | Requires(pre): coreutils gawk 625 | Requires(post): qubes-core-dom0 626 | Requires(post): qubes-prepare-vm-kernel >= 2 627 | Requires(post): kernel-devel = %kernelrelease 628 | Requires(post): kernel-modules = %kernelrelease 629 | 630 | # needed for changed Linux compression parameters 631 | Conflicts: xen-libs < 2001:4.17.5-5 632 | Provides: kernel-qubes-vm = %kernelrelease 633 | 634 | %description qubes-vm 635 | Qubes domU kernel. 636 | 637 | %post qubes-vm 638 | 639 | current_default="$(qubes-prefs default-kernel)" 640 | current_default_path="/var/lib/qubes/vm-kernels/$current_default" 641 | current_default_package="$(rpm --qf '%%{NAME}' -qf "$current_default_path")" 642 | if [ "$current_default_package" = "%{name}-qubes-vm" ]; then 643 | # Set kernel as default VM kernel if we are the default package. 644 | 645 | # If qubes-prefs isn't installed yet, the default kernel will be set by %post 646 | # of qubes-core-dom0 647 | type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %upstream_version-%plainrel%{?dist} 648 | fi 649 | 650 | SOURCE_DATE_EPOCH=$(stat -c %%Y %vm_install_dir/initramfs) 651 | export SOURCE_DATE_EPOCH 652 | qubes-prepare-vm-kernel --modules-only --include-devel %kernelrelease "%upstream_version-%{plainrel}%{?dist}" 653 | 654 | exit 0 655 | 656 | %preun qubes-vm 657 | 658 | if [ "$(qubes-prefs -g default-kernel)" == "%upstream_version-%plainrel%{?dist}" ]; then 659 | echo "This kernel version is set as default VM kernel, cannot remove" 660 | exit 1 661 | fi 662 | if qvm-ls --kernel | grep -qw "%upstream_version-%plainrel%{?dist}"; then 663 | echo "This kernel version is used by at least one VM, cannot remove" 664 | exit 1 665 | fi 666 | 667 | exit 0 668 | 669 | %files qubes-vm 670 | %defattr(-, root, root) 671 | %dir %vm_install_dir 672 | %ghost %attr(0644, root, root) %vm_install_dir/modules.img 673 | %attr(0644, root, root) %vm_install_dir/initramfs 674 | %attr(0644, root, root) %vm_install_dir/vmlinuz 675 | %attr(0644, root, root) %vm_install_dir/default-kernelopts-common.txt 676 | %if 0%{?fedora} >= 37 677 | %attr(0644, root, root) %vm_install_dir/memory-hotplug-supported 678 | %endif 679 | 680 | %changelog 681 | @CHANGELOG@ 682 | -------------------------------------------------------------------------------- /kernel.org-2-key.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | 3 | mQINBE58tdUBEADY5iQsoL4k8l06dNt+uP2lH8IPi14M51/tOHsW1ZNc8Iok0stH 4 | +uA8w0LpN97UgNhsvXFEkIK2JjLalasUTiUoIeeTshD9t+ekFBx5a9SbLCFlBrDS 5 | TwfieK2xalzomoL22N5ztj1XbdLWh6NRM6kKMeYvgAGo8p884WJk4pPIJK6G0wEw 6 | e9/TG6ilRSLOtxyaF9yZ+FC1eOA1S47Ld2K25Y5GsQF5agwi7nES+9tVVBZp97kB 7 | 8IOvELeiSiY0xFXi60yfwIlK6x9dfcxsx5nCyrp2qdqQiPiMD0EJMiuA6wymoi5W 8 | XtmfCpweTB8TvW8Y8uqrwYApzmDleBDTIDP0vCY1o9eftJcWWMkRKC9c7Ziy4nT6 9 | TzmVkNXgqC8/BuOQbpU7I/1VCMoa6e+2a8jrgy5to4dGgu6xQ6jTxWbvgDeB6Hct 10 | WGqf8f9s5lSpH8D8OZLDOXKolqnBd5YrJr0Qmpq4cCcIqwNCMbURtsTpbW/EdWl+ 11 | AKwnStXXLI5O6Hg+m4c3O8ZwbzcnAOgTJePm2Xoi71t9SbAZZx1/W7p6/57UGrXR 12 | Q4WfiwpOPD0siF33yO2L7G7Gmm4zh8ieX8aS8guqfWFhuSsDta77F2FB9ozD9WN0 13 | Z5tJowiy3Z1VkxvZjZH8IbcB05yBBBV47BJxrPnSuDT+w45yNTqZ6m4VYwARAQAB 14 | tE1HcmVnIEtyb2FoLUhhcnRtYW4gKExpbnV4IGtlcm5lbCBzdGFibGUgcmVsZWFz 15 | ZSBzaWduaW5nIGtleSkgPGdyZWdAa3JvYWguY29tPohGBBARAgAGBQJOfLf0AAoJ 16 | EDFH1A3bLfspsc8AoJeJ0K9+ljvswJ2fU2fQMOt3FLBAAKCnXAUE978mhH97P+yr 17 | PL1ZqKSV14hGBBARAgAGBQJOjM+WAAoJEKWk6ZxxHTthN8sAoIFRnSwklncsxar8 18 | MCQozSkfD9AHAJ0dDRZwnZuGMU0sqn5e46KMgI/GXohGBBARAgAGBQJOlMbvAAoJ 19 | EKdWqZUOCPZln3oAnRVZEPBJuW4nrM1aG6N9GucG0UK8AJ454SWmwRmdO/P3715I 20 | YWSdfq4nEIhGBBARAgAGBQJOpzEcAAoJEPxN5MllPXYnmdwAnRptA/XLj8TBtB0Z 21 | yynX9ZtPcIDrAJ9Jncr2ca0mOSv8q0CYWPxsIz8ydYhGBBARAgAGBQJOp2HTAAoJ 22 | ELxiKtMOer3swPQAnRiZTGI83lNh1Iobmr6nNUAgXaAqAJ0c/N7XeJps9qD7gUxo 23 | dCNcFdz1xIhGBBARAgAGBQJO3YwrAAoJEO06OeOTZ0xAxF4AnA0D7bRAmP65OrLV 24 | Y1Fp2huT/9wGAJ0ZyDONrZDg81X0Bd6MedU1wWOzbohGBBARCAAGBQJOpuNeAAoJ 25 | EO/WTQkSBmIHnGIAnRxBKHHTF5gEK7oK5klBWV3d53+bAKCjmenXmyEUk80pf/Pk 26 | JwNlPpvQcYkBHAQQAQIABgUCTnzEcwAKCRDIOwdF3xiN/ka8CACBJLhOQB2g5W7S 27 | aG+C3clZHORBAoPVU8sJfm6Sk6KmU8WQ4tuXkw4Mipc/wKRcpH+I3hti72rsYyOi 28 | UVK6dL6GG1I6EtgY7vpvFN4khnzTUwyVaMB715456IZ9QPnKL9/zWOjdmkttZBYy 29 | TCtZHeoFpipGqvTtofDnAnaXnQW10T9uf4m62yfXbILcAHg1egH38kcE9fTt1ZW5 30 | WiLvPTZ2tA21JRQv8Oap042S/bIKbo0XKFvTqohK7RhtaoduNSI3Rbx8+wtaeBp8 31 | q5utki3j1zCPE13vs0BGAQ5/vljsSCAAo9F6gx6ypEoBkf4quEqPGJc66aaSIghN 32 | aQ3LpktuiQEcBBABAgAGBQJOpxNZAAoJEHm+PkMAQRiGuoAH/1WF1KAb0Er9gHAm 33 | jbBVLrAic9J23IAj5Z0rfkyG2glXplUvQZjEi0Bdj6qMPtLEfO6A8BPPLkRmkO27 34 | jjGvHVP0fx2J792MJA+hWQ5VBkVP/WtQU/rG5AoUh75NpgFbx0vuGnNOXToCs4J/ 35 | fg17bJM3xiIZgM37Bm5RqIQCrheozQsD9+7hYI3g0oZySwqLXJfI/L37mUFD09Ad 36 | TiOARsArDWOI4SY7Z/KcMRW/xc38yiJlxSPMsceO4UixoCLd9VkAqlFnJLuObAx7 37 | UbS/vdCBh5H8MRxCMz4WTtAzM6KMD2+FZSN/R8m18SFgMfwvosYO8scR0SqfYiPS 38 | UJZ8h+2JARwEEAECAAYFAk6o5j8ACgkQwK3/+rH7HBjAvQf+J3MQoAzQuDnTnMnz 39 | ulhBR8xdUfHk3fqBV3NBgHcf98T/T01lkX1NyGurzjXFFP8D820svCYVCErQiolk 40 | MGecIXE1SoemIN6+GSWXtpQitzo1g3/pS1k94hat79GuQJUWogurpgXF3gGDBtYp 41 | 0oMfQKCgOySx20ClnKrbV7ChsMlvYpeKJ19VaqqKbw+EcHPJZRurtFXKNYuuSmR/ 42 | ptOhqPpRRF2YpnskVuXujhk+pbfeau5YKNvq6W5hAGorEmW42kDwEyE2puIg/0zy 43 | s8EIrU6BhZ0YN/6QWe+ARUyfpm/2ey/dFD24FIIJ09pcRaEQEDnDc2YTXrUEoWE6 44 | V0/mJYkBHAQQAQIABgUCTqmKWAAKCRBB3UsYeA1ZxK/TCADZ54hNKlmVtjo9RNgT 45 | L6EwIY94mBLHnl5VXI/w83DbszYA+Plz6T7qtJtYVGwGe0dhpZ+zgtW0lQiheocE 46 | aloCHXUk9VLyhLH3au0UVq4lvtl7V/V9FKSScmKWZr65/bbbrCsMwurE7SW9DAGF 47 | 4XQnlvbSf3OfUubEEDH+lNUQS/3GX5IV42W00HCbl1F8HykBR26Gwnd8LDrbay9F 48 | jKGN18EmHk12VPiOqM5zsK3QKaRcGTXkMnSvbLBngv8ggTf31DrJn/eBR95bctIa 49 | damkPn5T6TwqUUJHwsAz09M53Q68t53K0AzCaYqvzQumV8B+8x8bIXH1bih4dPTM 50 | 150uiQEcBBABAgAGBQJOqj8XAAoJEBcoCpeBGGrPkZoIAJDaTrdkHb7v9XOAKyjF 51 | pckSmhhOyzChq60dOjLCtMhMxpRtX7C59QcwfByZgn196XTpe0TkSVggJnRPrONb 52 | TUaQNMrT+ATxe0BVukrqeJUJXXYfPgg0qcD7L3xUsrYA6DFc6yLQs6Nn2idFxkav 53 | 7IirA8LJJQkZGFYqIDZOWnPTXiIyj/7OyGHy0koWq5Rz2WoCxd9vvMimduscsKPI 54 | tNy6EoAx+EBZIx1TNXt8xgAYkgzHSVRXHPNSh5ghaEXv15nKHuCxogEUpALJ6qt7 55 | d0fpjKfKR4LCP7IYMhmZr6dS3YSRx42+aI0O20uuz+kMGkbf2N/czIIlrL8DQOwM 56 | IbyJARwEEAECAAYFAk8HmU8ACgkQDsZ45vmKAXaxbgf/f+s9XZKl8npJUhWexZ4f 57 | kGo79mE53nRH+vClmTw1I1ngQhhx2tWkKodP2u894KJS+4vwVzGE4ewxddo2K/vF 58 | GI4PZMECXsyt8mPitbKRB2Q7DJCA8zjUbqorZoeqDNF8YOaeI7kIOGU7rxxCmlf+ 59 | fYgSea/7V1Hht853WTsS+D31+0zeS5rscHvH8aNX2ycJnfcGF85rQxhVcRmJoSof 60 | LpmY6Yas1yrHLUxmBIup8pGqGqG4YQIDazE32XXZhS2eG86SeFS+1MF54zHNMR/+ 61 | Jtb8x7cV+gN8ebMsOPrG7giTn6ius6XnLXYe/fzqhCopFhnh9EKEd50WbVHLiN6a 62 | +okBIAQQAQIACgUCToYCYgMFAXgACgkQgUrkfCFIVNaGKQf7BzQMPjlnSP8TYCZ8 63 | px2UbegPmeBo4VO9SR9uUTjRbcWtBKSkeVJjusfruQWB12xMTU3rDrFF/+zq5vpp 64 | OBWk0SnQu5wGtfC77g95yY2IIa/NVAFBgJsvEc4u0sHWFojd1fcjxRx73gV9DgP8 65 | BmVqhQ7YBrqv06y9tSt72WdONK0bw+ahTuCi2zSkH5HG5orV+085np9ZKB5miPuC 66 | m4ADx+TJWamCdel4BGXrf+j0sXoVAtP33Aj+6Rrjj15JGX8nzKm5Y/z7IQJtASbD 67 | WJkwqd4SSTAowByAdNZYTj2RTt1/bdO0NJBzLcSkYgMo06Pkx+sISzecKvNgQ59B 68 | ibxieYkCHAQQAQIABgUCTnzTAQAKCRC9oGCFSTus5LEiD/sHre85Pc0kPT59xGkF 69 | DONgwr6AUOAk8UbKJwjMynT6hv/MN86P4iG+UO6W6XlPk+3Df5Q08sQquE6IOJ8Q 70 | KKAT3mVzRxJgtM/TbZSi58tlnwa0COfJH5ettqOxgrlmxnxexbfMlOuDR0rFRDMZ 71 | PNVWSD3Stj+116FRLy4wckGqAZ1BFvFW066vydkdgahQAvzHM3P1teNsNH37Atpl 72 | KwRsPnxyJ5nMf2nvJY3DHWowW2+pLfbCAvIj9xaO15UCqeYLURU/TTSXslwjlHd+ 73 | 7S2KuFLoYPNaYjWk4j3haRQ9ArMBYByZUS5d2r+LNNev6QgnrgoWy26qOgAyhYMg 74 | TSVH7cQ6RDShviEVpgWFkNn/YNFxwHGOyDt4pqF8DwrzCJ0BIYxw4Xrj4ErM4HQb 75 | oga03jxTJXsGBNTHs+hx/a36m4nXW7DoH42xLMjeD80sdeKgE3ts8Q5jcjWYplbk 76 | t8jSw5WEGFBsMJWlirYzOloHHHs/fq1otRJBmCa8aS183OpACfbC4dJvM9dJSByC 77 | yP0QzQ7H/289vXcdSOVarmni1oh4BIald73KSkjqKWPqX0U2ux36bdhaYR69eYe2 78 | yOp0kzFpuu6KivsPqxtTfyAeIL3cJbRUosJc4jIqo8yZ4RL45nkAd/CfeQBWKX/1 79 | gsopSJsmCc4e2VYpH7QaAIb2dYkCHAQQAQIABgUCToo2tAAKCRAFg1gQ3ZKewbJ3 80 | EACukrooWocgUdjPtaNVOMI1rkMAHQvoyompTu8IPXBdLdx9krhbfEhcoEGBduBM 81 | 1xvfwX5B8tMpUyoUuQd4uIdCckFJtQwPtJQJIV6ApsDX7AS74SKdP7RMcMDAqk05 82 | ZCeFy9sXs0Jm6DBfzhZqy4VXK4n2jSbI59QZ2PjoxNvglkoOjytzi0LSjwu2ssab 83 | J4h1oWfPo1OqYlqyD+5jf0pYQxQqe0JJCpOf0zUe9jQ+NMfXa+gwbhIMJmNHevQe 84 | yg8lyTTN1Xp7RINY/Hl7d/gjNmCKIgwv4vSqM+qHnYxkkrnqJ3mCJiXRmYma6j6H 85 | WSkhA72dQ7uLgqu+ITz06eVVKBFe92k1PI0SQ/iNTSdko6BkUArEH9qIUv06bvyr 86 | FPlEeAFh7/8UBUCn2yah1mp6d7FUYsdh/6m35J2Q+SBbBM53xCKUktxnaUCMvIia 87 | 7QUrlptDzTSgQnYYopdbabwkPNcj3oQbPcHgqlBsI6c1hHCP4v6XdGu1KicOXuz1 88 | iTX6/Z+c4B7B5b3w7nQKO0So/HAMjKokROcLfu+cK28uqHVeRSFLKoX3Gk4HYuU/ 89 | pRlFsMj5U1xYTIFoDEl6FMNnglmMRyDuq3YZxQrJgPAn1G+BJ1SV2Elxc3JBTX+O 90 | wQp9G2hrodcjcVAeBUguRhqVA+VSsAWWwMIGfT57fLCQ74kCHAQQAQIABgUCTosu 91 | 0QAKCRCmYvOPa+1gSXSLD/9Xhut8xvkKqFCKlBGoOJgzpOnIMeLrZYPCWC153oKj 92 | Kml1AEvyZVIroGnvN13ZdgmXs9Sjog9YDXUX3hxCbzZqnR3QT2RfaPCXy+HQeVZM 93 | /Q+wHHgPRvPhtL/ESWSjLJY4NaFl3X1lif6e2T0p1Kbodrzd046CW5d5qtdmV0AW 94 | MpO1MhrxKBazQKj5Rgf1ujKVtnGz0KzJwlMojs8sgDDj79oTPq3DOp3KZ4fP9nho 95 | XxplaCUd2+sYz/JXm12DFmzXVfoveyNKrak99RPSJCPkDeRgQs0oFdhZX+F6m6Y2 96 | 73gIoPeL82Tp64RzVSAxdrWxzaZS54PbUwZTqMeh0PGf6If6ybyAyBF6uqWu4OKX 97 | Kdt/dro4vdyKD11PCLt7JZfbjbaaenjU5UKgm/KKbBg4MiAmrSfU2R3VkRxcTgBr 98 | oJA7q57ypTUorFB1Y7Vm31QNaoO2cgmmPj6zqMwO6M0Rhm2BsF9oR/tby0Iro5w0 99 | 0Z2zzJJdFe0DKo6AFR6GyOW1cBuPu9BhSkyV9zahSy9NYBjF3jwLaGkQd8E4UMhf 100 | c5GJiebshHWNj40lMeL1MDzYE1/kl1IyO6voqubcC6Ve1cPNmnD714wkViwxRs5f 101 | 8NJTj9T7SRoYZ4vuXqRZaZw1RINn93Dy1S1sLIDdlaiUVWCQ2vzVOQkHEzd0/6eV 102 | r4kCHAQQAQIABgUCTot2KQAKCRCoTn+5pfLjbKV1EACr/h9tZPTeRSkOvCzYrZW/ 103 | ff11Rj0xPQIUIC/I+XXUThkMvXy/ROxA3fC+kcUwNeRvUwsvY+4pfzHBw4hrYgaJ 104 | 0f9F6it0j8QelmC7zKBrFKjjwtV5fknHuB+BmZ62DuKLrE5xM3qKwT9RhrbwqXdh 105 | EoQiV5HtXAht1XG372dN0Hr/cxOLvdxXwrmW0mIuK5NanGB6Gbn4bB4mKTJVjImD 106 | zGCMouKMravr4h5SM7Pg67bhARFv3N49AumYDLKNC5VYCzNq0exZMm9pTncLeEQZ 107 | wSZsiKuKw8m6p+TgMFqGLQ7z5RL6h2VI4C7oKNbxyZyr4cCR9QNA7l1jh7Gl0Ybw 108 | /wLHf9U7Im/wf6P9MVEiMx5LzDGuX0ym2LRaFTF+9lmyQUWtA+iJCTNPx4dpb6Fx 109 | Q1yZXSXD4ZGPtZVNWaxddW6qdF/MqJfm2ZCzPgbMsuC2EOC6mwz/XblH1NDv6+nq 110 | S6GH/1IWl7MTMQdVd2y3AmpENUwX9DhhSYvNXS17Xxy71s+YPNDPg2lcZdRHrDqY 111 | G8HzgkScM49kNUSGczQH2KtXllPSuPe68tuJWwnFIsBt6gdJ/vSxPq8OzYELtw3/ 112 | +Hy1/2tEbpv0ADgb4G6pK/ftHslpJCm/qJZfIj2CJxCVY+G2qovlX6eNh10teO7p 113 | LHO1TbqL4kYTzQkyAt+JTYkCHAQQAQIABgUCTot2QwAKCRCsHHNDKkpIawtzD/4l 114 | ug/LpmyoPGS304xLWwVn04XvVI9bWOXhVFKK5JdK1ItjiI9nC64Vf8EKgdD2+x2I 115 | 2KYkbFSXCOQqWhQAxGme1W+KBvHNCHOEs8EWaCrATe3glYoEuXEYr5Cutrdc7JaG 116 | 4CZkzJa28VfAkCe8M+DPabvAO1K1l00Ud7Cc5Ns0emf6IREeMNs/PoYo6XLZ8IXD 117 | x/UyoJ9tzYq58e/ucPVOBQQzfck4gHWJTgknG8V1KiwsJ9xS76/+0mOzUhYIVK8d 118 | Q4gSTLEvmwxgcvTrPFrs/vf+A29Mcw7sDxgXaXhFjgHlThYnTK+KEc+ZYGTxDQre 119 | AYFi4e1TT6OI0x0KCdfTAFrJYiGjQMSk4wZbd6bAp9pg7/aVT6QX7sOFKtnWfcXS 120 | Idyix5BOtAAdRR3BXORGPhUVbRRcqLZ2pe4xv2AchKC+mS7ZwMjiLXoX30mZwmGD 121 | CEtS5cuaxVq8UHCINIcEbGJ5vKqlNvnFFNKpy51G7BZX48tYI4i0BbO5fxzhGrtr 122 | CXS7Kkr53jUxVke0fxsxMeupH7tZSUF/zlV1gu5WQBBo1zyZ8CpT8dA0uErWku8Q 123 | QPczEpLeFwFNoeN83zO7TeFqE92yw3w9eOAUPS65OET3Aitx8x4+L/8e+zAfT+vj 124 | wBnNvW0ljMi+ME6hUcZ7XWMvd5EhjyDeIqGfaKuXv4kCHAQQAQIABgUCTo32YgAK 125 | CRATBljC4tRnOY+MD/4zyZNrd6DZRRA+80KzIIUKIWJlOQq53aphJn4ctJm/hqQm 126 | dkZjnDoUXgSHDU2oFxN5HDXMPlXoMzTFQhaskutML8ZScabM+0kSmdwgmW0SOcRa 127 | y4FjzhwQwGg028izbOThI+8yynk9P8VFPaDjKw+CV/b1tZhh2dLh1Ex26jzNjFZ2 128 | Y7b3REjIZTWG/BshWZYOYFKaG8wqlg1lL7o01vv4a9lKlEWJ/gHOm4xgnU+Zn9YQ 129 | 7YzHBse5KH28q3q6MKqwXd6nPey+uMfDnpe1RQv/wQOfzKB5r/bTSE8G5LFyCTyD 130 | vOvVzGfKs+g1EFoOX9GYmf0HjRMJvwIvN+CgM15ZySEKxVJxaDS7BZi9Wcbjodf4 131 | Wf4PkSYIYWzXErgQViChIwcP5kBmladU8xrW4v7deSl7BrolJyp2ExkuheScyulX 132 | r9y2GWLbM6mSdtNqaA9RPQNC4LXYCBKdpy4xMpVTDYNPJs8gvT3IPCdfjgFdSU3m 133 | 3uIjRcMQ0lUfXC8Axd+ap7H+qoQ3p7QGdDsF0E8b3SuNHvu5sThe/CPLomp4AXqQ 134 | NayGthCwsvzYV2qBVtGozLWPUQ/OlNbk+fiLZ3nta5VDygvLrfHM3diFVatOdKzZ 135 | GOj64MNh1LHrsL+KjIaozSaiXlAcdl3QDMmDqRM5SoFFBHOAx1eRo5gqY4G3zIkC 136 | HAQQAQIABgUCTo4DmgAKCRCpwXbMf6x9VoPHD/97TyJ7KeirqZGIOH6AXa9uXiSK 137 | foEOwsba+lfduuhcIsxwj1tOu8Il/1YFdwMG6IEN111VQqe9PdPeh3CXOmma8Fyx 138 | IaKY3GJeQKHlFCo6/KnALvkeuTo5sD/2AGTaHQou98aXxrmiWBeAkHeS/awWGULp 139 | rQJWBbbxCFa/5Q+zUWOV1/FGdQddhm66QA3J3RbP6/Vv+l7QnD/vKXmfQ91Pv8sH 140 | 4Deh9LwP6mUg3i1O0MxV8cDMtBbQ71R0GBms2BddBstgQJ8IOpm67XcVw7yuACUz 141 | idSR1cdRK5OSVViL9y6h6PSc75oZgsk7PKaniApQGJrGbOw1fNhmnH4oQAdfZQov 142 | HED/B8IU00CXiYhNGdTIP0x2wGk78IcCsp+FSdpg3LPObzBgJAUPwM/yIm26ZcNY 143 | lYDuP8Se9vhNQZNpkVeW7xSG41aLNq2XSHD+y4tzERor3X3paF//KtOlJryRc7Uh 144 | Mb1tCZxyFyHQqGiHzzGfklJhl6GZNPXhlEfzVS+1VzcA2+kgQ5Gfg023a7XLrQCM 145 | ENW5/EODgLpTviB9RXDJ8ZKpmxdc5nhB+8bhHJgc6zPBzeWp6iw1kpU0EqKUNKgW 146 | 33kSpzwve0+CL5xEyPN4X0oO9SiCTRpMUU+3BonSpXCq9KnYJL8i3XEmhAu3fwr8 147 | JgQAZ/rhNOvbHoKN+4kCHAQQAQIABgUCTo4MtgAKCRAup2ucK0ZtnYcFD/0fRdXU 148 | KWjNgscrGhYtgyUX0Rq7U2lifz9XDcoiHUWHXdAleTLOCNbyk7pW5EtODOXV4uQt 149 | giZZGUE5lJSHM9FAZUAl4+ln8rwr8lnfRpFIG0TpP0nm/BIiaY67/gY0KlYnKt0x 150 | Hrl6bresKmrrKDQrPki+m5FngQNhKzsJe+SbrO0nqzUnnR6W5yghHSDtY4c+7XWK 151 | 77tWmXH6J9qMeaaecTGYLdTrGCDqXSx1eDym3JJ1PfMsn0LAd3qMSDrqEg4YU6Ax 152 | Z41gHX1aMNRELEk1WGbGOgfaHE1BpWACKJzxU53/xO4zD7s2+whEuLeSzBjxJ482 153 | lSPCIySsR9jZ3/STn0857CfaFjwG4fRCYUK6babSkJ+eGpxo9dJ/y+NgWaupx0SS 154 | MjVVFDDSCXxOW6bZbz2Ldu2oMFekHESsT6G30w21p9dm4TACr1kg3yzZZhZYvZnC 155 | k3iKsY8D7GwFD6SFfI7tUA5mXclOvhLJAPd5KIhWOm590lxZ2HY2qwmJZIsQif+1 156 | 03A3XkNWflL/ghsbXYytKf7z3hMPSIlAUieVIzuIW6BzOR8z0MjKy/QF8TYUheBG 157 | wxLBm4KIdCcUxphRBuqDd9MnMoRZAO7wUvNy/T/zn2T5JdkNU36qHGqMsYpaZ8bB 158 | 7bjKs4uG54rVYt8xjnQvQOrUbl5Fv4WonKRG7IkCHAQQAQIABgUCTo4NfQAKCRCX 159 | LVv03GE4BiQ9D/4loorpIw4+wIYki0020ctvaUC8XoaoEncFfUq+aun5H6g+2cME 160 | l1tbBGwmVRJ5Rl14xkFgfvPhM2IJlOH9h9sZrD3BBGtV1r9netvIPlXN0BTFcfRL 161 | l1uXRcPoYHHTI7nVHtHLWxYUlxdd5TkAybVIlX484ju/SGa9LhztJW81Duswk90s 162 | PzWbe+/8Y6wFyjYzUFvEzs9S4JsPGfxiAwQzRa6B0gT3MK3sqwPgahfWBbB3v4G4 163 | L6uQsWlhNSeyfI8zl8tpBcLwYFj3D8OtXN4XSn0lSQBGReH/nY5qOsQZGPaWtH7C 164 | 0aZ49dBtn8W6wZaf97NdwkpzDb5surMXoYsGAiydh/GZO8BTcYmB14h4z5sfYBJu 165 | vlB9G6O4Tg4EaR6w3FHOMM7Sc2AxRdAC6tgXg//AenU4//nfHawy+8ZfQFcgeJIo 166 | qLRJi4hCvQRaBBs3JMkv73GGPeVZQRfGIiNpRw9is7XogZ/ZwFP2E6xs6+a55qmy 167 | JHzNToNaej0R7ghYuss0CnlTQfig6N0jTWPq9B1ziqQFWKLDI2IDhyBUuKq/08js 168 | 6qn0LSPX0cHlfEj/w9fjTbIgEuR+lBGAsO7rTjqoBKoKv3gV1dZQC71BrN6MUXev 169 | CyUcBg5hBx6WotVA1FhH6EDLUdTIGKPDd+7a+NX962mTRKz3D81ykawZHokCHAQQ 170 | AQIABgUCTo4ONgAKCRBBZwbddg/ZAUKBD/0YWIBRrCXcDLtb7Kue4MRgEDwUsP5l 171 | gVZ65DBHheRLFIHhlIkipcUarYlEOE7EnrLNLRR3CWvVqzyZ2vcao2IvVx4L4+ui 172 | JVctb3SlAoRMK9oedYeeEMogKuRLcULumy3BGhJwNnipVGGXsqTZnDgN1WqWzTs3 173 | Ghwn0ikEVuaOSbNvIkq5jMun3leyKO2+0jaI9J2V/QfnedROg8/XESOwhfCsRjyY 174 | q0vqasYvuCk2HF1OCyjYIm2NjNgnpyPTPW5H/HjCI6OLGgD16wbtXHX6M3fhwg3z 175 | GezkW+tS+KkHIDVZTSQ+nPfzvblUZuZJq7JuJfh/iqZO3UhMBSjwsSLEwpDCcj5H 176 | HnJpEBy1728THma7v2/0KRSgaq9dTm0BRL9b5P1rrBgidOu9qsPfLCAP8n60X0im 177 | jX6gAH+2ZTw4MnOkPPRUBeMQdI/Sjy8DWg2HzNY/j92fkOqY/Yf7/V4+t7rWCcpL 178 | cB7QIQpkkaO8WpqxhOXiuUARueizlUzp2TIWR3+C5cIjgY8HH2NqXetLn/qSe1jN 179 | /lHi/82GlDyDZuMBesN65Ayz3F4hItrfiW/kJIqfzHdq6USAxPRa8LTRbQrh49o+ 180 | 0e2b4MnNqfjE/UR3X/PU5rqgapF255908yVlzrOft3oHxjJkG8TN3Y+HytBiaiDh 181 | 77gdoGCFk01dzokCHAQQAQIABgUCTo4OxQAKCRCNzjVWMCLleuCOD/0S/zMc0miN 182 | /MvtNla2uAyl5Bdgn6VX54Ejz2Es3Y14At3DAGgRjL980xJIAuvj1/2v3ZdoSHLX 183 | X8ULboVWX2Dk6ggAW/G+lZCwS9QmZIbYzqcpcf2KfW4Ixh/ZxnYvjTx55oqpKB1B 184 | 8CNsIY82FCDjHYGJJiZFsWqx1U+6M6rcsyCZ9DEEFplVRSvfThl0z1/QDGJUCbRL 185 | 6xZMp+Bh/5yTvDjgjY8r+MrXS1vo8cLsGDr47ZjZnHtBJTGWOZUV+KN79A2Da1xu 186 | n4Vzt2lZv19jZnJnEz2FjFxaxkCaeK7inwKMr+Pp1YNjtGKixNLatRu9npND6jMr 187 | dWA80wkeYwbadG1CERJHDh17gHigGvtq47yqYnDOH25npI/ZRpJJamQLzYDAgmDQ 188 | ukhpUfvyJCcKe5ufPzljyIl2lV9nuXeeS3B+QAYPQEIf9g/kYPYDP8EfKvgXtt3F 189 | 7nLj8W15XHL50iihT1aj9ZYyh2PrPpKCNW9JtaNNgYiad+gx4r7EV/9GymlPqXBt 190 | blOxanhiOqvL4ozvECARWTIXcatX7ChHGwmTAgtzipWDF9pAHQxmZavYAMpMNa4J 191 | ZS6OF4RDzBXmKnQNY60obh+VwITCoamjIj7Z1kDppFqcLUD06xQ3Va36JXTeNEoS 192 | AW+5sXS2dZn4gT11Lu3S0eTI0X4jdRY9+IkCHAQQAQIABgUCTo4P6wAKCRAQnwmF 193 | Bv8LFNw4D/wIDiPEEI+IZA+CUKvfFatLV5oc3txbbw0sj/F8nJxbHvxUpyUolbUM 194 | YcLYo2fmkPROP17KdVxqEFtFJG9S9Inrty6u338iRM9k/wzDv+P54iS6wOr1tPgh 195 | oK/rV4ecNpvNjK/L3/Q4D0L2qcXsYqhuJ+PvsQVjTq1/MHmi/NPARHvWe82oVzPV 196 | YGPn4tRc8mb9i9GnzmWrktkz7nOfZzIbnrWnjFW4kE02he3vFHk/BR7rqgd696fW 197 | C710gPUmU6sKwDcwpMgnEW49bdmhQ0ytsF8YZR4byov0i8HWFNIbaLUTKnkRmB4O 198 | mHzTBthzl0w5U97bLnDDzHSM8Iw8AHDxxFRxGxmPDWk/lsLxJhdIw1pxWi8SgdWK 199 | WTphHYj8JU1lXw/1V25np1GvEqEPpuNWR5BnJI5GZH7lS1iwWj3ApMpEwWi0zLE6 200 | eepq6S9Jt8bcY0lCDwcg3zr+3QkSWt3K+od4HOnDdlL0yn49OFeAsL3TeQ+vaah3 201 | emn9+I3Pud4tqtgQgYvrkbExMGNSmMBBhChyI7tSvDSf2xvZDbbeqJ76nniHXG3R 202 | G9LII50P6pqH9Ln/OOJdjkAhItW3LFnYle5p2VCbVWMarncgwDCTRZSdqxUl4HQx 203 | Ye4V+Y7AwgkwTelp2/lxrxotwxZkcDlee3NGh9wda41lzjyS4VXNookCHAQQAQIA 204 | BgUCTqPXegAKCRDJOo8QkWvKOaZ9EAChGISIVHn5+HGFmHlwYlJkF5yrAN5MMwxl 205 | GsfSpO151jVZGEdc+cSA06CO8GAFISr/1cj7897PRuiwghYqhG4gMZJEtHjhJD+e 206 | +8yvEB80Dmjfy74hsEcfLaCW58ylWR0D6r37yaN6aqH93J168hEgJmOOQIGhR3AN 207 | DiWHrAm43Bb+9++3iDo3DSLml+HY2hJfTVGVpVwYfRKbQiAwqrhjJSMfOv0wcpYM 208 | HaEGu7TVI8dSzYPEBNkWQ+EA7nXRBRxlJhr+j7bbK5J2O1SUL1/oXywO4Gj5FOt4 209 | 8mbybJ0zdTe6LUuNylB5POZCz4sG2siZFwm8PTW6IWwPTExj5jsok1KBz+E7uqwX 210 | OR5jpFyVN2YAKU7hrVGG1qW0AVEFnXUTvQc+XYPZihPiJQsZ6ch8hO2UbKUnR/5C 211 | vdZxbKUBahiOYuzwLruRxEyWmu4Pj19SoYUflUZ/+pKcbwpLPvHkBif8MJmWliVn 212 | sUDQ4iEn4qRTRFnx+Da/MO8UfoUJKWRtWXdD08e8GP4teDcPYpUjRTMOMTknZEhg 213 | sQRCC6t3RPgGyRCqCuSdG9iyRW19Wbdg6AOFMHFm6PEJSv6glnJfzoyI/L1iOehV 214 | i7oTLQnCkG+lru6RzLsol0JFonDXfEDVZQjabn40ZQFJS02oebfm/dfBAg8E/EgA 215 | CR9kZLY0eokCHAQQAQIABgUCTqbTNgAKCRDq48FeWTEX9pe6EADVXXm3+h705Nrv 216 | 27WvI4IZtq5tUXI7U9NVWyqdjc++KdOEZ2mlQA7yAfouxOlOx+VmpTlOaq5VRFrQ 217 | +B/LXWyDjr6UKS0kjmguGzhkRtxWOCxLJKFNXXR5nnoQQ65xHwFvgMKmEtHGn4J0 218 | odX5de9eZaEKsDi3KyDPDQMHg1k/FUOwNBGICkz2q2FgmDuU1xjZSnFNjafRUmFy 219 | eLC1B8AadHOMjdoSXsleaWT6emztpaM9LO/PQsqVXf3SyYv5bHpZoxGTCWmtCeAn 220 | C5vFQwwPjweEcDbJzaRRR2KFFwk2rAFH7T3/nxqQev3Ay0qzsLDwFqTWw9o35cq0 221 | lUKXGESvpEpq7iXr2aO9Rjnx/IdIDRNlT+pAvnxoDWQ86Y1kUdwYTuS/+mSsLvSQ 222 | rG4AYWi09dbB1XxVFOaMLF6XKanjZ7T15CU0gMxru8cCHQmtv7R55MHW1dO31fam 223 | p32uqP27xb69PPkPM4gXMmwU2O9bI6/sHKTqwLzzvYYBF4W/Ufpep+SsNa2/AO1k 224 | D7ajJ9sHbM4eHWv4v+Y9DIABSqwBeg3XbcY9omXLJCUQmeZdf6dPDmO38wSTR2Ou 225 | Ce9DiMklRdNBzxf8Qx57HYrEI/pCHD3Tfb2z0oYfrkcV66O0vSWaS5P8WA1jv5bm 226 | 48DtToHPzbsI7SPxj5VkmUs/QDzi44kCHAQQAQIABgUCTqcZSQAKCRCY5dzIFke3 227 | KvWUEACOIsVDn9Gprydr9rZtyEjeMDbG41iUfP6LVPo+nHzX915EzF6vzrETeYhR 228 | 5sYkGfhaChlZt/2Kpz5zyNSUTrmB6OTycdLUILE/TrGyJy9jqmixNLBWzMdOy5Ir 229 | Lwuy9pOBXJck+27laxanegZKUi3shVjeP45Mhq/m023FAAx6Ppl/tDH9E6QjSDy5 230 | bxUxm1jHyiF//F+QXmcrEjXVZZmdTmhBXUKefFLX2U9v30qLPqk5mYzylc893mEE 231 | zUdgHNdhyB+m45vx2D5btJEnJTlvZJCibfDImhHZpyK5uLxs+mV2h8y6ixRfHoyM 232 | CjcelQ1J+V1RszFUUuAuAJw2B7V8u0lhmsY49sH7dWJvLJvJ1GnNooXiuAoeQgRT 233 | fDvybjDJjOCn+1mNqWyop9tV/NvFcWW1AhN1oDQo8ZB+4z1FJNTjZkPLAJaQ5Htz 234 | K4bKEtcyb2O4T6XTKQD5qCHBIz3al5rUG+hFFrGUWxiphHGc7QtUR2+5p00nw/jp 235 | l/0k0dv/7iD7ItPLP4HipMUPSfclf+w8tVXBBvTFLxdoqqXlhW1mRLyfDNaGS/0q 236 | 9bdc6Ej8L/86x0Dh1WKF9Lqa4doB2NQWiTso2JlV+o7dsm7u01cswBMzOs9JikcS 237 | vzoOAijwUPDNFOPT2qhsiF9rD7c43tcw87WQJ42s8IMBzntRHYkCHAQQAQIABgUC 238 | TqcaBAAKCRBzQWGe0zcWDIflD/9ZNzThnqs2/eCKcTqnz00OMvL8hcCkvOWmwPxx 239 | xGkeXe9o9Nnkz90g0WZtMzS9n2z+IF32ylIjgwiIxCHNeNwhE5cZIoMsdklyU9Q2 240 | Q9FO6d8vlAu8serbOcmG4B3t20Nlp9hsqwMxKo8y2Lb0MOqOI74zNVtBkjcj21Aq 241 | IXK973M4prPSHKLTB3Ugs3g+43o8oe08I2fSIVj7DG8uKSRVAqx3yPG5/CbJLF1O 242 | o2iOtzMFcjJ8Z5zSH8lpHd+8dt0/SXcbe31u6BSWTalU4sOemdfijXWlBpEkU1In 243 | Y+eGJi44Sjud3o4X1DIKzWI3UjN6lLkiik1Ror1YJsN31jM0Br+Tn+qYRkEBd6Lc 244 | zQvu13RjyQo2vHw3qz6zMpIN9ZA0VU/iOF8GjM67q+Xbr8qig0X0dI5+1JKjCjQT 245 | 741aLZJU2p++BBAfU6FyHiypX3fMTIh1B9KoiIKrIEkua1WJ3IQ3WzuVp7jtC1N8 246 | 1HnGEVsWsZ40vd8u154v4p7PJOSK1ExhiHU24zT/MbkXKLAa610jj6LszlmHzHlI 247 | GUUM5kHF+yam2k72hzeqM5nDjqLntCWlo8dvfT0T8P7AX2AQBejub4Bl3G/IPnGF 248 | Kj5moJ4z3o0W722nIlAZaDJ1JmQoH/dWipMw3VJLwgBHVDgM/9uzCJS5RWulIWzH 249 | XsgVqokCHAQQAQIABgUCTqcaEQAKCRCbjacJJlQhnNmcEACf5A8aTKQd9CWt3fix 250 | VEGHK30L55Z09rXHqdSYR6YPX0p4Vi7llsM/Hx7Uj9qWonp9Rp18/Cj7rYwS5Z/i 251 | pbokc4lGjrOJY+pibearblQJ2uX0k0bpWBmF4Su2TcZJ28vefoP6YDo/1NzS+Atr 252 | tMgv/XbdmaIgLpWR2gT/lIgWIu+QDKv54uICUsaLF0kzpmbDbuqlo0gjlOorzy3r 253 | YwkT8leqIqS4gkZMh5FnCWqsa7xchuMa6qABVxz7oKUhhGTO9WrYLvlc1K//5KUu 254 | 7Z0AyGeoxa8onKReHJazZ8iNqNNy5BEyNvh1ufUVSks9LfLNSQPmcAbkpnLBgb8R 255 | hQN0EFuQPl4vlu802Xu3bD0lLUkXh1ZSaHGsJ2pNxY/SMDPm9x9EyQe9dSG7HVS/ 256 | gWib7W/OJLc9Fg22IQb+4xKVTD8jPC8mqu3TGSZhW+8Etfp7/TsdO4J3vaWKFSWs 257 | +rHnl8lTz49jioaqo4xg7hSF1V0Njnj2bgYvHz4XAWKRv80KO+OZnXGXlqARuuu6 258 | QpJBj0OjVDQKWI+hPr3McLpySb+YEkhP2jz9hg6YDgV8NdZf2oxjtkfi3JqCLZvT 259 | 8JLNBB7DS+JCLnhz0GLTt8MLmVTJEBIl9Wcz4OHj2HKvmmeZoFKdUSFhDI2PstgY 260 | 44uBGplQvrmlHW/o5zIPG2dmaokCHAQQAQIABgUCTqcaJgAKCRDM62pObW8nMW/F 261 | EACoh3GFgINpFxSDl3T3EK/JvXmKq3+VvRKDxo78oWjrDYyuYhA/CsVyuAhehnJO 262 | Nef5EtfGmneFL35Ln/yWpRF+J/ddfF6dUoJdCbmwzf8IcUlnBy/N9E8hI0nhVm+m 263 | cWVeHDAbQgypY309OtVXDt4p851+ov1RNPE0/z0g1HA3zzcyepknCARw6DJnlHNK 264 | 5bDvMDcU1SPmDy2g3iCh68UCdrtO+7GuvDIt7YuJ1dpm+vjIETbXPRfOufUJWMSz 265 | sXAhX9/lovPNI5wD/EUfRtEdmm2weUWxVALeLi5iKgSdiLFjg99alv3sYgvwejwB 266 | Va3iE5ElffWB3ZsP5ikOJwRtIK68Xb3DNbEf9DXQP7QB5tGlL0eBPFTZc7cScCQh 267 | QEDqxIBeqazNLv87yA6osMjwFPSLTo5VCgPzZOYQsA0MTe5sWtM7ShCEiknE7qEa 268 | 2IiiKejH59a9TCqZS7BH9OA6A4sLSdWBZYmOMXYjERO7KcsqKvMNujV/Piqp3rWH 269 | QAClhe6ZOSeTOdLZEKyKxj9jFr6lZORlFyVFVXpo4KgW3shN41aj7MDw/OsQNO6a 270 | +PLm6H4iL0DBvzmEJWYkGE5AZUQlXkvGq2LlGoA3YDldk4eAFE3BuCG5E37l/a5/ 271 | l8bG+AASUYMV6vhUfunqUrBckuOtgiAqIMtRJk+f3Kwy/okCHAQQAQIABgUCTqca 272 | JgAKCRDM62pObW8nMW/FEACoh3GFgINpFxSDl3T3EK/JvXmKq3+VvRKDxo78oWjr 273 | DYyuYhA/CsVyuAhehnJONef5EtfGmneFL35Ln/yWpRF+J/ddfF6dUoJdCbmwzf8I 274 | cUlnBy/N9E8hI0nhVm+mcWVeHDAbQgypY309OtVXDt4p851+ov1RNPE0/z0g1HA3 275 | zzcyepknCARw6DJnlHNK5bDvMDcU1SPmDy2g3iCh68UCdrtO+7GuvDIt7YuJ1dpm 276 | +vjIETbXPRfOufUJWMSzsXAhX9/lovPNI5wD/EUfRtEdmm2weUWxVALeLi5iKgSd 277 | iLFjg99alv3sYgvwejwBVa3iE5ElffWB3ZsP5ikOJwRtIK68Xb3DNbEf9DXQP7QB 278 | 5tGlL0eBPFTZc7cScCQhQEDqxIBeqazNLv87yA6osMjwFPSLTo5VCgPzZOYQsA0M 279 | Te5sWtM7ShCEiknE7qEa2IiiKejH59a9TCqZS7BH9OA6A4sLSdWBzKJRkEXG3OuL 280 | E3fRo/0n5AJZT1BVqiBUEMnlR97zz2CTOdLZEKyKxj9jFr6lZORlFyVFVXpo4KgW 281 | 3shN41aj7MDw/OsQNO6a+PLm6H4iL0DBvzmEJWYkGE5AZUQlXkvGq2LlGoA3YDld 282 | k4eAFE3BuCG5E37l/a5/l8bG+AASUYMV6vhUfunqUrBckuOtgiAqIMtRJk+f3Kwy 283 | /okCHAQQAQIABgUCTqcajAAKCRBBYzuf6Df1gROOEADUpZRQ8GEdGMI9VoLqHl3j 284 | 8hC6k1q/4wsKZsClyHucVsfH8Zq/MCO2cZoSfCzow4ukSjNvzugyiKukFFjdAWK5 285 | V/cponACySm/SdEm8sYkiEcZBIdYXOviDu7Xb40rhazIVEO/WyBnRpikzWp9/zzf 286 | u6lT8C9tX7NZuvnfoWrN8v4cSwPuvmZufs2OnPP8iYrivEuUR7fCu4zdoGg0s2z3 287 | APplo0yjC6iueEDTNTDf5FTi7MPIGaBhHqWpjiemCEYAndYf0jDTVPi1RDgiYgbZ 288 | 9uRZvkCwaBLs1cYh7xwHvPx61ftb2HvAHKx7QYk9qTMrkEW33PzJ8+rSPuNeFUP5 289 | eHJxzyuhDaKwN6YLi68/p55NkXsPNs2MD0N6us6mWjLY0CEgkxz3O9kLpLDQ0qob 290 | uOUDrHmGBCA0FOrHtmM1kZ8walD2tvfUzivZniEDskYO4YZDd86gGszpShBra+KD 291 | I2xxY4BQOW/uk0xsbEplyusmCZDlAGzjKk168YIjKQIgBLaVZgWGgHi3L5Ce8w6s 292 | ppi7P1vmWcqLbXMc3ajImQRuDu8VSBUUH+4RZbkxQN1nmYCTMFprLgi2OHtBI+fl 293 | S54tNvnrd2gf44Dphv/XV6YyZThI2zIwCPtVR45kqMemlIVSvisjuQtEc+HlO+Er 294 | rmhiWQQ6T1CY3P6tuzjE04kCHAQQAQIABgUCTqcajAAKCRBBYzuf6Df1gROOEADU 295 | pZRQ8GEdGMI9VoLqHl3j8hC6k1q/4wsKZsClyHucVsfH8Zq/MCO2cZoSfCzow4uk 296 | SjNvzugyiKukFFjdAWK5V/cponACySm/SdEm8sYkiEcZBIdYXOviDu7Xb40rhazI 297 | VEO/WyBnRpikzWp9/zzfu6lT8C9tX7NZuvnfoWrN8v4cSwPuvmZufs2OnPP8iYri 298 | vEuUR7fCu4zdoGg0s2z3APplo0yjC6iueEDTNTDf5FTi7MPIGaBhHqWpjiemCEYA 299 | ndYf0jDTVPi1RDgiYgbZ9uRZvkCwaBLs1cYh7xwHvPx61ftb2HvAHKx7QYk9qTMr 300 | kEW33PzJ8+rSPuNeFUP5eHJxzyuhDaKwN6YLi68/p55NkXsPNs2MD0N6us6mWjLY 301 | 0CEgkxz3O9kLpLDQ0qobuOUDrHmGBCA0FOrHtmM1kZ8walD2tvfUzivZniEDskYO 302 | 4YZDd86gGszpShBra+KDI2xxY4BQOW/uk0xsbEplyusmCZDlAGzjKk168YIjKQIg 303 | BLaVZgWGgHi3L5Ce8w6sppi7P1vmWcqLbXP1qyeeuyj+moLhtAD8+HwIZUkOfKVF 304 | N+7K3sn9DDFvi3tBI+flS54tNvnrd2gf44Dphv/XV6YyZThI2zIwCPtVR45kqMem 305 | lIVSvisjuQtEc+HlO+ErrmhiWQQ6T1CY3P6tuzjE04kCHAQQAQIABgUCTqcgBQAK 306 | CRD7t1drp8sLa4RGD/0XqiNLSGfOdJ4zPbe7fAynHSpe7iqYMU5vSx97K8WCVT1X 307 | u9OzpFVYMfA9GV/tF0RKxPRcB7sHaLkfYqd1SAk5DnK6p0VBXBi5B529Xt4mw24A 308 | UP7l7ZvXahxsrK7ahINMAINK6NyxgzWlPX0Fh8Hq+WqI1h3Udk9XmxAxAo1pxa98 309 | m5FeG/QkHf2akKXEw5NMxFzODycxMW9doQY6f8NKXOpG8M0Mt3dX50rKCSN2Ja+T 310 | aU2HMkTNJIvd1FpgMyQTW8YAbQDT5VuAwKlmUQ4Rs9uSBs9+AW0vQU63FtFpY0gp 311 | CjbazYHJr6XoURANh7LhwmB2T5OFplSVLEEYKH0+EW2Xteb9xzrMYyABkwFQHKj/ 312 | FYTJndhPBqxg/fmj1OZGLRwKbSy1FCpO+hN8VHeNxuZf68yf0RMSxabxXj8Ry/wM 313 | v5XtwdGoynOJqcCwzNt/9zBw+IXUJxv0Qk32xV9l+x7lrB4zm9Uu7RP4pmrHSWXM 314 | gr7dQ0R3nlPh8bWxHtalYk7Yp3GYQzYyqP2uFE2WWN7qvsYYhUbbiJgj4+Am1/cn 315 | XM6+vsFw2b2rGGsBSfQ2nxbjY+29EOMB1gTsMZ972K6x0yIVwQdYVWiK5kSdthdt 316 | EdsVSAzqAIwxQ2BXOwNlJJt+0w0DKEWmqYIDD+MS7Gfw2R/LWitcInR4gMQPzYkC 317 | HAQQAQIABgUCTqc2XAAKCRDu6WAadcXePaJfD/40sEQenbyPwC61/KDl7YdyOYGk 318 | 4CyastdJ+6N5dbojGoeDOM0RD9tO8kmGKg3BeQVDk1vcoSzRaD+4/zfYv6W3+vdY 319 | m+/4mwOUyx++hiu5Sn4bEvSa0HG2k5mwPIG+MeTqtJOZM3pne+ZPiKddQXRK/Ohn 320 | 0b4Fh+AM+22jonBbUlBlwqwno+r9hQBmYLzzs3yFkXcRZqWIuAQGqlAp4akSJ0A6 321 | pZX3sIkQyy/fvDj24//MFdyWZ+Zhh2M6IrkQPC8SQsy3Wf+3lmBSGsBCOLd4xF54 322 | V8GjnwdmJ3APpDOgJeN7hm6ec7MiMjMzilWBgFicRNPWc+YoNpBuJOXf1wAGXEbM 323 | SxYJQ0AJ00Li6e01ZhUfGy39+8yki9JEUl7JKnOOimeYErVS9WMTf/5zbpaaUeF4 324 | mvRhtyDWKGaSvMtQozQUEkRUif7U+hWz6OilN/xum+d6aMkmf4jQXO15IM1W2sb8 325 | LdZL6fuNzvdo15Yx5ud7DKDD5V1uPZPZZMjR1igCn/Dn1rVpFvpcdpLIATtdVSuo 326 | Vu61jSWYQuR1QQE80Q8rIo+KptioC6Gd2HHOUW6+3BRAD7GrusuHhpEUz6iliSg1 327 | 7t3lI0PWfHtUzC80g8VK9lhaIlAjWiVGQHPLUHkAE1LRrrFBWycZm1z0j5qZpS2b 328 | fzAXyrpHNwMTz3yM8YkCHAQQAQIABgUCTqdCCwAKCRBjtPAZfzxC55hdEACt6bZD 329 | sYHwzJAlg6N8Fpyi9SJ1R17OK8fDw9Lc1+F2Lkho5i0U0hpary/oN1UFA3AVnmaS 330 | XIUQUtjutO5NOYcD2ypJwIZ0CqvhVOQCtD/dqhToYAO36IzKK3CkJr5wRYVnmG3q 331 | F6E8ZtSByCK5HpWpPQ1hAN0N9w3mWOJEXeCKUiCNx+PlwlwJikk/d7d7DCUrsxTD 332 | nJxH45D88e8IqBhiXhx9pd1pKLHbYHNRQ19i6pzTnYwQKx5GNj0f0qgodDhcPkHH 333 | C0qC2upstXE1cCXGhVQD3M5wJY1+RVdk0XUojXIhi2xRNg4J/4+hC6nlFEQkt4uE 334 | 0mBWVG9N+QaZrBKamp09hwIJ6hIlI7ZxXTMK+Df9QWAsGuHrRASg57rQljiMS86s 335 | HA9d4PX43PbIsJS90g6JEMyzI5Evs9RnIl78/87eQq+k5ew7YoOff4Xsi47O+uKV 336 | dTJfe7wNOy+yZ0lkiMOYVnHes4Q0rpZ5EUko7BfwKY2Mw/CgWE+dfLYYStJrI58Q 337 | XdTTaZJ36yjs1eZd6oyl1JqSJpIZnHSd4NkoaSpkDqnHwOQ/frCWWUEZbzhDRi2w 338 | P8PNeOImvFF2Hy2n7clo+YH3JULv2WtIH+wB6XE8p9n4+HDvV2EkpNJOVqwglV3i 339 | TrTDEHbcBKLhkwAvpgPI9dX1QZuqW0yRebFHuokCHAQQAQIABgUCTqdhzAAKCRBn 340 | C+eKlgoA8u7VEAC5Z65bfH/KgVigebGOZiYzJPe1Hew8jNGnM8j8Wkb8O4mzYgWo 341 | vbQRU++NsYL0hW4bbKtpj6ORhDWwBdonZZl3hlDMcgurcNONN3ZKsMJPsBCVOIQ9 342 | qN1mxMMT2+SN1wvojDrFXZsdsJ34oPsAxa2iBRA2LfgrJmSIOVZUHxzr6EspbV9B 343 | uLOEmzP82QPwbpoWMAz8KoFcylFrpvqMG5CbXClLgizTi3qzMluTxg0Ewm69vthF 344 | VbMznW8xSkN5qb0VuxWjCsXeD4FtLTzdjatbJyAFFKLTXdV0abQ0XJxt3gVylu+S 345 | uQDA5TevMxYvvAtM8KHxM6rgvYj57GfRoJzWCx2SNDa2gNUxj4LjH4PDxXGCclHC 346 | C7UdYwd32BwgxZW12UJVRIovB6PmulW59+Ywt6Bq8l4F4QZozmH+/x14x/THi+bB 347 | VB/eswo86HytAMP3PTwT9q6tngkH0ty4G8buakDNxovtusIhvmYdA83KXoUts277 348 | Bn1qkOasXMjMaGoWlm/UeWNGprkzAe1IPq1vOySBqBuVHmWnJKNt2kUX/rxFHtur 349 | JQkhYNk+mF4M1sURgXH9DKespUBoK1uSpsQEFXFgtAjsXBEKUpArdNRUSxCAFRdF 350 | AyO1Uae3VPUls9R/BDmK6YUCvdCNtXfxsvSppcoCchzVDJX8YTQdt+GwuIkCHAQQ 351 | AQIABgUCTqfZlAAKCRC3qxXtQrqaRDtmEACOMtuq7S1ADzweLUDco59w7Sp+bH6j 352 | sye/LaLLAAXFdr3rWtjphqlhdRthO4dCZKVlu3fey3m0YoCpJPmWcD1U17IumVPE 353 | LsZFzCFisam1V6WdvlRqX9LnH+ziAmEWrQSIsltxHgOMRHPvdKjsC15nCZIcZZsM 354 | v1GNvmSZ68Fv1ICHNn02azyLT9NuKKpNw+v5Aof/wTmJpRoSvE6oEYIpdEaRsm6+ 355 | 7nPjnR1qIcVIEO1nZb02i+A7GQXZ3KpnUhjrAbiH1j7j8MZZIXCTyU7BdT0rGJhu 356 | jq3kJgYUwxd30o4Kh92C6EQkRTVipRWuRK9Ft7pULaCom6aQk2gEHF++UYvSsoOg 357 | b7m3iMKF3jQXMg8vgMgwNuOnSjOwsAU8XxSltYkiUV+aHjTo3CzYRw+9y83/erJJ 358 | PEMB1XaqS2joh9Qfnt8wnTq8zZ0m/JYk7yzfsjjwZizVhckQ3Beyg+UWMq+kJfq+ 359 | z5w3bFSaZap3dvtmeLeraSN/c+9QS8Psn3VulizeLXvvK9VU6Kx/vkqvr6LNJZoK 360 | T9JU1Z+sYA3oO5FT1wtanhfudKwUMo0aliXggAy7DAAPGGgmOrN4zIdfBT1+qEp1 361 | yrQYBoobi0CsrXVPdcYwMM8Pwp0NUvQAaCwO4bnnWzJTA7/AUf51XuqGzD5bugRn 362 | SDut8f3dQGesyYkCHAQQAQIABgUCTqfavQAKCRCevxLzctn7jPsMD/0UOPhs3Ov+ 363 | H3hnVWMa+60xI9zlfTm2gfu7KpXpZG/eGZTHMG6A1Zwkmb5yMLratZcpRAJP/gQ3 364 | 1c7V1fPCCzHnKyonSndNYR1rmHphUW+mj055nuBv3opaGTu7l/8IQWvCIELidHw/ 365 | aY6XuNkwn9Npjda/en+9AWFBpUmpZfXr0FfHvseLBEI4ud8PrdLGepJMTFkPlXk8 366 | J2f3dHcx/7Rqet4TJeCYTQ5XpmlIbq4Xy9hjT7chqzP7ZgMUGV7eeCNdkP3LUdHg 367 | poXtwiJSQ4c8LrfY7lK7warKejZ3NwsQeecqKLzjcNCrh3oCX3qFGW01BOclGTYU 368 | dHI+1Uf/rVw21spEPdQ4avBHXo1WydpYRm9y2gAa6P8AG0DFvFZbt662H89Pg6wd 369 | +cu8pEz+QmGGMAzrGjPJaKCRAQMcg1RlfUlTYuxvH2+5bSbpWLXC2MsWuubK8vxz 370 | oGY3AKg6PyTEQtrVKoUx1OBpaVq9StNy/LshiMMT9N+B+Go/RvGBOdup1HEV3+Bf 371 | 6aSFR9+6LSvfg7xaUC3kq/L4/tMbdn5XnJcY7RAUZFI97UUgbKRQr0K0l6mZqsiP 372 | dOAnumhYOI561P+XfqJ4sQIKlwzSuc4xaKtYHwWs2HuBUlIYYh8jJdrcz30zD9tJ 373 | p2ZO0Dx+NrwoX7tJ52uOgjhcsj8AELeJEYkCHAQQAQIABgUCTqfoDAAKCRBa0kIR 374 | wGDRyJmmEACp3GxEcWwQTJ26iAAWKNWDPlF5LD1uDak0yLX4fvT8PMT75nGIvd+P 375 | bnquSm77645ddBzGatMQcqU7GrW/r83NtI5PMKaVy4vmsqNGniZLufznGv4QXjIW 376 | f2I6i7igHmt4ELhTqiVdyPW6ozQhSf20+quN+4C6rk1TinbRDhTYOTo9JDQuiuh0 377 | N3cMRyagoeBh3bRb0ZF0LtjKpkuoinGooyO3MSFcrF1S62Q6r4HkKWguShvMnoRs 378 | WHAhnDVWUWoX/cHneUhnVVMKCJlPmeOOK09yRiUh2i7v3yUut2ajNYum0uHI0PR9 379 | 3unH/vc9eod/bQEY7qluT745Ms4rGatTu9rUf/V52JgcU4IMJAl+Uf+VI6Z9BB+d 380 | Sq3fb0s8uTsjIoJb9i2mqCNprhsXb7XK+UIybvT05uR4TAZ94P/vbhaBOu863L5r 381 | 78f16KynV4W7awXXqzvUogm0BPFdNm28PoqlR7gUPqlIxizmVfsm8NojhQi27z4v 382 | EHUaCQ0BvpuBb2eBVcKPXAKkMoMjchSCw3HhV+kQYwbH2yHLrcXgVHiEBwoAgCvU 383 | 5Xl1po+F/gsLo10/BI5xHG7A/WpVfH6dO42ilhDZK6WUnkjApr7YU0SDc/IFgd3I 384 | VzZTkSqW5UdpdkGUApwWM4SBfqap//0WrNgPtkIUHKX7kWIpGgkKIokCHAQQAQIA 385 | BgUCTqfoEwAKCRBAsZjzlF+RRMXRD/9efEX126631g0T8y3E7C02awKfJ7j9kGRS 386 | jxZFVRj/RD5mcC7sE1XLUZFH12QV0ZOLiVNd2/jpnRnuusMqhc3lTBwp6wVmu2Jl 387 | 1OWTBVWu1l4F4sTM3MPB2zRXwT1vQJXW0c81iyepmNoUv3uv7ca1DChSqqmgWDLN 388 | +kpgrGFnoPuHMH1Wi/wm9haHGEH+J4TumRUotJa4A6w5deNNaxiIRKuMNBQPCZkk 389 | ckhNSAACse427qArVAkOMD5/gBFScsaD6gXdjl/C7GGG3XBeyI68H+FIIjggvkuX 390 | O1061oGescUtLomdBKEWtRpOWdQOm0Im6Nkyovy7bfPfn4Siv4MSkWBGzLckuCEB 391 | UgKjZ2436xppdqr/yGdVL0oD4v6HAeGFSTKWwgSpkqDb0IE58tt5S2LjRtC+cZJK 392 | lffl9fT+ap+Pf7RkAgwZTS4H13Reeq0jYSwLWSjglzi/2FeYyvb/I9ayoqbfwrwn 393 | zPKHSgc3RQyr7unHIEfNT/Wd0em9s8pENplH+YHHYCTPveog4QbdgQU+dSi9jy9q 394 | jAT0jTfQ8UPHr0AyVCWZzAEK2Y54PgaMjnT/iosCRhFs9rxWxppbOH9M1tZjIRdE 395 | C6FO1N9rkBfz56YAorVCRiDRxdR82R8+rXIhBO553CUe9AYfCBzlngFAaLqT7fc8 396 | wS1FvTuy5IkCHAQQAQIABgUCTqgKyQAKCRAc5QqTCBi6nCwnD/4mN9aWyR7/dR7n 397 | 29hvbd5HBZ6ttIuuZrWvxRQZ8KGX1PL8FGUYuoe+SE7GaJnxDP3fjHLckog8N6bO 398 | SKFLWnL4YtguAD7XznjBJG+2ZIgpAGp6UUIJHuZszOmqYU/RWma9G7scEIG6YK6s 399 | QYmNqWaUFJsoW1d7JR8tV0tMTwyy3EnyE3Ksf6nXUNvBnENqX4ZKwUrR6LKjOrpF 400 | A5aslFMM6Gs115vobOw3SLOCjC/Wiy/8JLg5BYRrawitfcAkKrMuZegoM/g+gBrH 401 | DM1gdNJiqbfSDgRkdJKuEZ4rIxzd4maAeBsi9VfkNl/g7UfHA44pWwuBy1Sm6HKM 402 | 1d7Nu/+97Dw2aw0RaWd+ARzcFmGluv1/m4HQmwH2itWN+P8hmhvstIwYszqeRF9w 403 | 0X0i6jmyxLHZ36cbj2scVl3P/bDMDXeMrJ9S1zq2B9TInsDZGVLBXH/smEcPMpC4 404 | uN5K86p+IpQAsIdxu4M6OdLEqJPczBQwehgAHoQMTS0kYoH/T3uGF2VL3dX+F/JJ 405 | 6GgEKgZGOnre483+LV/6jS5J6OAAev4vGq8MvAhvEjFTarHFvfKnHyIv+ZMjjgd3 406 | ZtB9hRvTn+e/4a4d0KTyGDu/lAGCUNkLPVFfzaz8uZU7EtCRkfmzT/La+Dcm9guS 407 | XCE9gYZ+ufmwv1RLRq9PDVDb3h08bokCHAQQAQIABgUCTqgRRwAKCRAVvIM0QwON 408 | jDxcD/0a0Pvy5fU0/6GCNGQ5bvJckBf+gSR6aFvoGlrhFtgPbJS+/LoIIanaKekT 409 | C0k80GWu6sQRMqZbVcy+NV+/c3N4YdlwTREo5ddOBaZLYeh5um500C2g3fXk/dls 410 | V1mlG6+Vp+Hd/zLDojmRWwv99kMCP83l7gA1uLoZD7peI2enssEf7X+9dXTBww3w 411 | 6wYGsbq0J0TuridRwm9nLbGzeEsDWxtXErruUzKk88e+wHS1CL32bz9WaoGt4fy6 412 | NXz0uCJmfY586IBz6f5bgLy6ZuqOo3RznZ+WFcI+5HET0+DeyyNx9+U5sU5D56gX 413 | I+b88DaZracbNRyIUzZzb6fSuYCcTr4eXpXjofjmPoCZv/fecItcX7jL0L1Mp295 414 | amI7BoFoduvdrUexzLUox05vHNzNmJ+4LNppMC6ahhbobHrU34Mfv8RPfdi7/vzY 415 | aMT4t+Yh83tpMbTlzc+8SF8t7mWTw8JlZUkrUvNOWHUCCR1cS7YR3GsJE40QYfM9 416 | 4AE/X5fSfR0mg0VmUlNiCVcHdTi8xbIZezIjtwrx9JQPNTG44lve6o71XzFd1kPK 417 | vpbvWWAf06TVEDJt+sutHhgGkw7cVeC3d5We1zMVy9hXCunSPw0vG9yOEvgu9w9j 418 | yKeHixbsiyDg0HjUdRQpIiTXqpBd0w3D059BELIpLvRBQcr31okCHAQQAQIABgUC 419 | TqhoOwAKCRB8xvwzRLJH4vU7D/9VQCHpyD3Lsq4P3KQG0/tZHS9GoFgIeU/BMdIE 420 | uOUbSnxv0JD1WVM45Yfnk65KlnGtgZU0IIKxnzkV1fSGkk59MO/h8hVJ9MEko90T 421 | YJX+qG89mC3z8MnDMblqhMh5r2y4q1sNWTw6PGayAs2aKKSLfaz3c2qy1OINfNzf 422 | b4YD75ucdeaidS3zt5+dK6Kwko7z6PX5W4gJdVEYLfSu0+4hR9PRckaI/fQZxyJh 423 | jLNWdRVrdABswJ+IRPMY0lQ42KhEIcsJbkLdUv7gOK9AwukLSs3Nmk0H6askQNjH 424 | RTJFFMTvx28elspZnjP8pAYwXR4VhygYQKjr1ksVa2V+MKDHbcrhtQY2B41sBIcw 425 | ILoKIYa54D3uMXIQTV8rHc8Lqm8pDeBi9nvSgpSEr2K2OWs+DU2GAdaYDPsdSpFE 426 | iEKeGfpxWQof8VM/ic2n9SOFTzkOzRjPAgossYVngSA1B3FU6sqdi6LKvUSwUz7h 427 | GgYU7jfTRLuCo9Tk15TR/U6IPIzF6nXNZbiNb//ttPmcEK7Qphq+U9yh0WP6X80j 428 | Tax7y4PDSc/LYYgAbkOdyy6+nmthzOA1HwhnmziAUd4qTIZUmgGqXfFFZUt6wVtL 429 | qKlRZEPKfvBNBbGsPTHHfvWkcHBg0T3w3fxV2yuEkDebF6TxT2sgfugGxwXptoP9 430 | S+zTe4kCHAQQAQIABgUCTqjj3gAKCRDHj7ENC70qSyE/EACBua8oXH1SPleZaYd6 431 | IF6AxAW1yiXfVy74HxK7oQ5GHHhX4KNFTxKUcEl3pScVuRWDxPkKqW8cGDMBrXMl 432 | DCJQYw+VERLwi3pJUNrstZctSUy7nH66aliD1iyL10ooWW1oFhEkWDM3WzgHPgd4 433 | KFnsuvUZxBCz4Tqzv0ysxQ51Vph7GGwPC/JNsyMa083fd+H7yeBTiBmVOS0SYth3 434 | caANmXj6W94rZQlQsHTSRbnqmH695dwQsnbZSfIQnWIuEvBdKSzgb3Z3l1E5itjB 435 | nvlWJvckxqtTqO3mLiv+iPoEJ+r4hFGocKsAk5GdEqTUwFY1yZLc9K196Nd8kzBF 436 | QVU8V7uBKrbRtR1Zd4hbBnQzX27z6Rgc73t8q50YDKW9nlPNarX1+ZVucX+BfnhR 437 | vUDl8f6DBsFWglkF6dA7UGC7P7pOaqx9HBruQp4zfAqcd9iYWXzcnSWNxQX5GNUI 438 | vYhakX1y72duJ5VwzmU1CSbDdyM0vWNqhKoVGgXRQpwlLsa/SwA7aoN4zxh6UgZ7 439 | Mihw8/99JE1tPueRSXlWXx1ZtreQy02Fp8l6jHjfaWxlSZ0ht5CTFjChlxjQb/64 440 | 2hMixKm/nmdNOoLtDnLUR/C9Rhkr6asjwv6i5X27pWLyb37FxmIwFJGnRFjMxNRX 441 | Zq9Jnd4VCNb/p5WFWxh4PPuK1IkCHAQQAQIABgUCTqkfMwAKCRAb1D7JXKulc19R 442 | EADJ/l5u+IbopmBpQEUAhShl0vyHZ9AW8IyS5/zGyIQ0zgwo70/+0vzVGGBfOXa2 443 | almUSmAisJzq3GOg8D9UHgeRBdmmdIzMD7SQ8jCdc5x0pZKVcXbyL7fgQaNko7KS 444 | D4QktO0If7oYC6QBOs/V2fsaInugmC1BdTpZmpePJJweBwUeR6fjcPm3pKbvYADR 445 | nuh9O9bRwx3GRiu4Y1mt8q4Vk4xsl/c7ddkrlvKso0TKa44VKJzp7+9ksIQzrXNB 446 | QYWOl9Jp+hvsb+3Z3oxpSYx7lGXUBq2E2+IFyqAcAH28n+UnbCiydbMYbdUCZb/5 447 | W07wdXmVih2RLK6efs4mjsKKjpIl2sN3qZ345cUmscKPEIzrg2P1gMOxn4/I/VYi 448 | h/6lYqkSbW7PJbE3vH9IBx84w8dBlfc/gDGMr4F3mrJmp62O+Awhi+r/TreBQbSu 449 | aVd5R/uhtLxURIqgjM3kqp8TBXYJhyMxEPIjhT/vEvByUHwTnYQsa1uwkxPu5lVp 450 | hwO1D3P1t/X2qPpgYOwDEtzPnsAVUQUr/gD166WWCgk0NDbbDfNZO9tmU1ql9/nl 451 | 2SidMvto8ssLLe6c0jgVUDTCxPKX0yxFU4oCoFP6YNyy1kI2YI+4mOwCFw/wbjNX 452 | MbLnOnPvrbUB/9b7+xiinBsLnelw2OjkwM/0V02xJYjtYYkCHAQQAQIABgUCTqkn 453 | YQAKCRBsuookORlo/hKnEACoBm7dldU+fTBFJ3UBitHr7eqGKCTE9Y8nQxQp5ksv 454 | 3+c+h1+5rqA3NgQ0oS/69Ay/l9xoZylyJ+VT3y0Z6c5+KZuFF8Wdw4stgIWy0QNw 455 | 6XxHr+EyLnwZNQ1POAkXWbcRTKApenJrXgVce8+6ASo3CN709Zq3eJ0OPrWgxNqr 456 | /QNAUafemBy4f9DYocyVBXBL4zHdkJlwU3D4WVW1hcaMSxqrVsFsh5VkLVRcTZBp 457 | 9fsWwrZJ80fNGQ/txpuC5Tl94uvZ1o81bP4TVLzNoFFZzbjiO8BeWdtaN189GWvC 458 | 3c7l+Vb78M7dG+RgRHarSctbtFtf87gQAiAlBmNjYOBOKqcLu9XCuBwmal3Zpetp 459 | RgqPjsY5PvK0J5CdTtyEBmM0U1Ytdan9EQXkZDT6WPrd1J6kTmw1S02R4AfIzpoy 460 | NsE+OzEM6i/QuRB0X3EmiH4ENxUTEZtFEj4Jy9ziMu+StXxSDjmfw2SjiMq+Tssa 461 | byvXO7WlSoiWO5aFz6RDxfurRih1qur3NbMC6FTceSsh08u3Jmlituv4Wn9WwXdC 462 | hLYpjMQ3uxmZW2Igkj4dxM7Idd1RN6zKSVQmhtSiv18x4QKBDSf2odt6Y9lt4C0H 463 | NWAd4qs30noT1oDho5a0rdO6G/5aQeoYmPbhDmJgbU+dRvl9SItGhZPI/YU8waaY 464 | JIkCHAQQAQIABgUCTqkpYAAKCRAryoMKfkvCWhnlD/9LFsA8RvwaAxe+3jtezsoq 465 | lU0GAZ3S0/nN2QDltABON+45ZNcwL8n+mlo4qOrni13DgTbEMj1p5KG7APPmNGoV 466 | uC8Jpn2SSjMPZOjcW/jgRgVnZgRvKDbp7N8c6wLYw+KDNQp5eaOsF2ymI3sAchSl 467 | uG9MRuKy0wCirqk7DUcB8ysOjQPKpe8yV1J+mNQK1L4qQB6RvBm5zqnA6AfC8XSW 468 | gLyv0+WA6RUaW12/ZHpfK+CKNiSPUq5IGgfhRJXH9ftQzfDzOn2JLZ5EW5wnxCBn 469 | yWvNl5aMi4KioXeMKeNgiNIQA6UhmHTb7qus50K5C7sh2lGybCRia8XrIc02xlBD 470 | o2nYLWPJDZtubsqCTj/QXtYMfMIiLonIfNcXkJ7K/cfZ16/2Y4mROJJFa11lkOIn 471 | FjaW9UaAmCJkGL4dptRSESVBdhCLwTKGAWKZDcuOAudxLbJcTzS0RiaigGCFrWdr 472 | k7vEu0CcwgMBAW7rzhjYCM3gAy+bjef4Ucfv+YptGt9jLFR6+yUAcKpONG1yDrIX 473 | Aoxlwgt/eyTZOxEA0nhIpBIiOr9PjT06Sldqa94VQvH8nNELDi0EJ8P5TBjXQJti 474 | /RX4Yb0/8LS8VwUO2yjyFSoyj2q2tJjqTVXo1xTvcw1mG266k1a7c7F8RJJ7fU97 475 | ff9+drqKjUb60SQhJ2WJuIkCHAQQAQIABgUCTqlmAQAKCRBIav29Kq06LsDCD/0V 476 | HdspO6DQ9hahnVnNLDv3i7wVu3R7R7t2HP9p0hX/hE/CLFMr65Jp+spI98uiNS4X 477 | JDZjNxaX/ni9/eG2hybtK5XBdd6uFoTjP59OiTTu9xIUojDl3n4ilL9z78EPwsWp 478 | RKh9r8vJK2oSqQKTLuhpATJubWxa5nqTl30jp3g1r7haK7o3pZUtGA+ExCjXZVhy 479 | Xjl5SXFFxPPgYE2zKCX2PAhyHEa76KpzdbiqDFWT8wr5/mBYycHuDLZNxWKSO/Ph 480 | QQDBf2UVNQa/ww7MvxKLbG5UrK3MB4dR4C/6yhVdzrQfyhXnld1tJWqPdHfTYtKa 481 | SCX3Wba77vivIfZE8qFuUEJeGHoLlUu62zF5mD5nAjS6GkLBR095lRc61lY4ypv4 482 | x21fx/vyAyMDf6KQ2GruUaaZtp6v/KaTdAzUODBVBtOEjk05ZU78vZywzjTf7pVG 483 | ELz+abu4ShC4zq2PICgb4+KRkoUhRARLOeShBSrkATTVhVT5ALdDcsG/7EBvCIlc 484 | 7e5YvL3ayrJCAfrvalNbBnQ8pb8KIauqhq8QjYFFK/EqLjFKtLGactYqTGsXuwL3 485 | qDeAHX1UaLosLiviwI1eU5A/2RDmXQpq5DvwK5dvVOctWL4ekF7ful2043xMMuqL 486 | zRkaGOSixuGE+Si5AEoJPE+h6QQWZbksYuMyHuPBEYkCHAQQAQIABgUCTql5xAAK 487 | CRCQHIfw9X2x1Ln3D/9BIiTlYSXJbgvO3HhQpiL55JqgSVBGrN4+ZAPE1gZVeBzD 488 | jfkItmlYNqa0GfCQRr56/NIVRpFn9fJ0uO2Q8vRA4e9IFnEp7tRFZkWnfZPk/BHj 489 | gQF7ImriM5B+eH1XuY+0SuSibwxBUfanU2p1xM7uYZApWsrsFyrcA2Yfu2h0Ejrj 490 | hh3TbefPrgc1Cq5/ZgkF8aH7uZIm8PEV6XpP8JbnDL1UjV8hebz8pbCga02+3/7c 491 | 500fN1lYkqzIvzl5KhwsAb9v0QRBF2keguVLe4VnMUw4pgGu3YWC3dgqYtla5XfR 492 | PcyGq1NWRgASPWicvjjrwajiyXo6Nr/eh5N44BKbE9gVrb97HpEr1JuV7DBUIqWG 493 | 6MSG55myoaE3yjHsI50FcM05aBsuIzXQsQLyw0FmjypH4yHawLCeeUADLp0CtaND 494 | giZ8/cdDgQhICUsVKfegZoVgL0iYbVxqjkw3f7qZvT9PiowZy7PrctztcfLBsNqL 495 | 6ZQozeA/wGoARNf54yb7BfNWujsTTLUydAwpfFgSI1hWv3sFuJ26jVx1za/v2Puu 496 | LwlXeWem/ULRQBL9IdO+UiwW6o4SLQh/kSITlQpUicjKB8EHaBAageZAzuMjMpjV 497 | 8OGW/LRQJODCMrRP+WTCvIReLM4bo6MUd0CH2egPbKX7ePfSvgt3NPYb1VKfwIkC 498 | HAQQAQIABgUCTql+9AAKCRBsMYBUPSkppJWvEACEkoDziwVE7+PWr4Pq5fFK84KI 499 | p9IDXdXfzaJ31R9ERGnrFzNSliIGLJ+PTcR7mXspvKO7uiTZhfF23oBgN3RExnOb 500 | bJ8X4QCVNgXKORHltvoyaV5LxhZRal94qbY9sZE65WXpea+drgrQJ8BsEC1IctLf 501 | khL3Zab8jY/uTmAJMHtfG/p4aN97+HgkHt6cRh2lgiIIdlYoj0YpOwjUApnIxZJt 502 | NoM/u4a38Bwafa40xE4TAz97JQB6D1ePs2h3NAsA+4avHZwUfCfYXHCy05HXiqlf 503 | W6IVi2xNpZucP7qzZ3ydFSQdbPvUttBJr1z7ijI/hUcBN+9M6PqA8tuJmt0IuiA6 504 | Y6wq8r0Z3eCtpMsyi+K3u54zyADwvmkBOrPuCHp1TBMHHvFbXBk8oRUyIRRSPIiZ 505 | 0isr8u1k04tqJhbDbpmJkiRT+tEb6nRsRWp6QxqcWUUvmtKsOJv4sVHw1G1lZ6pF 506 | ZcFLIaEFp0/QE8VGJjlc1TwnKGy7PzaIsgij4cCY7FWRsdqmPu8XEbjOZN99IlOE 507 | PwtzBFYSgl9AkPAw2Nc+leq9qgYO6nKCkvMBJiRdMLsL0sHEQB6ioZPkvpjGX6Lf 508 | DW3k+RZgm5mH+jNMRArD8xFgj6gH6hQ3X47BCHXxQay6I1S/Xpz/D1kBF3TeDIjc 509 | fOMiq9Cg1PCNFLgX44kCHAQQAQIABgUCTqmI7QAKCRClUmubs81OajBtD/0Qz8Qh 510 | 7tqFVVeYt8gxq64fQXCyv2+VgOY8gsfgm0G+TpRuZc6DTYXwNBa+DzAzi2ss9Hf6 511 | fGeR2o7QaEGWxRCKJIPOPIG55mJ6S98zDzMarmpZdZJ2HCXafYopT1zvhpvOMrfR 512 | PnuHb4If9V3lcPzI4wvhsVOawrH7OqW1B9gblvddfH6UHvXq9w0I+6SaH9pR4PFM 513 | xlHvpcz/o2tXJEjyFCr/e4L1osi4RXkFSPAdvlsgRWntgbBZ8fLn5ln7kdPCLIpc 514 | wlD8c6sbwSTen5iOZYCvf0hbG2qLCKAsuPn9otWam1KYxxAW39+X5MmbfXAZyNGI 515 | g4gBPdcnwyO9iDTUQkK3qHu1oiLQjq8xB4It89/4IrvNyHpIpn7OpwrI6QDkL3o8 516 | fLDp+AXjidsoWQu70RXb67a9PKeYIDOnzQGPlYmegTp6FRkq2WjTryaK0ZXhtjJ9 517 | gmXFaBrMWROapHDNMd/7CCixm8SJ5/E4VT5MCMVs21BXyG8WGpyi+SzRt0iu0kAA 518 | x1QvIYc61o25Uim2rM6JjvIXNH3x+bU2d/nc0zxrhQEqae4OypSGZKP8euz9TICZ 519 | esLh8z2iL0n2SOfiI+pW9YI1Pvye4HBKpXrlXzYFucTJj74KJAeKb6KY1ZEHWSXz 520 | 7TrnWJJfFhyrWWRgeIGBGFHZH2fSgJ91Iu15E4kCHAQQAQIABgUCTqqELgAKCRAH 521 | 0EU6Frc2F27cD/9rO09pPjdBksuiqoQC53654sq/DERIT7Ic7xKDWwUAqcGqYbUn 522 | gfG0CrjsRQf50y6/lbw3Pb4tGTJV3D8ZXaZc07EcVJnMxcpY9bjRIdwjOMMh4Pk2 523 | J+AhnGjLzmWn0hrzvxAIBNzyFz2qQJi1e4/+W5KtZ9dAglRelhJ+8ts2S7eolzYX 524 | qO/9gXqhJiC+k4ZZ9XuzqXmbGk5DiSRbzZS13H6vYvdIqfeCJRAz8ThbeCGgh/99 525 | VbqLKGWTLXy80+FQtbKAxw/tTFAJ0F3++y4WMopPUw+JAhIo9W02+9MLC4VQc1Ta 526 | Rs79U459fzCE37mlosvRV1amiBpntmPdASh/5gq3Y3h3vh7eqoKu3k9mLDhVjM1P 527 | cAtNoSrUJfpDGF1voHZDW9f9xnTytM6kSfeAkFf3rNTtxiZyXr0aIFRCb/gCLr7N 528 | C04rtJzxI7KSNKHoQQIawITHg019+qouseB8UaVhpqpkcUQ/5Lc/cqbANWeb+zMm 529 | kz0kTkxco98vuP42rn5MqdqofAgah7TT9vZrPfjBwovR1RhaJu7I5wtXE9Mcy667 530 | 58b1a3XxUc86GaloHoB4ZA4paGmdVaioHTBfQ2PwuEjw/IZj7TsrXiiWcyPaXT4c 531 | lCC9uIf84bi3o7W7Znyc/+jnqXyNDc84tV3NTQfmNV/QsFLEdv3YyGpneokCHAQQ 532 | AQIABgUCTq2jRQAKCRDp2ZFyP2B6kVJvEACvTmvruOYNCCXv536XGMzEDE7CvH3f 533 | EQLp0mehhB19hUDpNNqU/JbA6DZLteIwH8ylvRbiQvEAiz4hHblqSGFHr1eWFIh3 534 | m5jBTFTYKTkVuc1OmEnQUclxkyW2X7CfWekeO1PCn29MCOgMyPB1vP+ZAl/pa62X 535 | a5GbnPR0AJemN4kZXW0ykQzTqxYL7eNQWXuxqpfJ81AfzilEtgyFZX7lPFhb34Lt 536 | 3rHMzUBkOI6FvcP3xPexgKD3dRZc5odmBW88ceHl+YWWFph0ODRvm050nvUEE2Vz 537 | akBjdy9kG4mldtiK/SwHH36UkPvEnQYxzMkIW0k0UFF25zfwpMqWGOHCM4POGyZ9 538 | kkqGpIQhtcvJWXHlE00SFiCi3lnQHRJHCFVw8va7s6l3vj1vYuxVHpJSDJ8GflVN 539 | jlRm5bJQtd58Pz7jgNsD5jhDppdIR/PWIvL8g/3eK6siX09T3kZMDGAh34nGUV2z 540 | 6qtOIwUXzDJRfU9bOzTrlGrXjOitAP8a9dzjcpwvkh8iHytDFD0hqBKSdni2NBdG 541 | /9yWkyP9HyQBSGGEkbbPsQp/edbcyLwcRgUJ7sndHIZfl4KslxbxD1V/78pO4Ucv 542 | 7Xmf+P4VJ8Ma43dDtDArWo3d3fWwBVPEuPNHBjo+VrWNhRGCvtkycRThmk8czSz2 543 | XvUZ/hRobv8584kCHAQQAQIABgUCTq5RYAAKCRAO5w4nc/MHc/qED/9mMORsi3Wx 544 | DppkuEAz8TsfidwHg+0nx1GGiRwqhXb5MSsHhu9fLyFIyfCdYV2jmrJKf/bdH3Us 545 | caFVFywiyrYoKePlQYYx+E/bL+gpjgYq+OVCgxldQPUvzUlmMSa1pKzVHzSE/4Aa 546 | b71feJaENPL3uNklkkPrfQV6tuMZw+bOd0A32gAIpuT2dh7DGaEIb85bLSbQdgYm 547 | 6HJj0nYXfs3laoW6jwGwjlDA85MCntIqPknIbrWyozQejds+u9RsqA2FO16nRgWE 548 | PPO8uiRBImQYjtJofk4UXuYJHH96xz78Jt/SC1TqbP82uY33uaS6sX/gyPuwIxAf 549 | X0GH6Tn2D+PUBamVqW4BvFWQTVG4FwQE7jYEREZ8Tu24VFnDucoDxvXCknaQM+RL 550 | igpQXN616yoET+y0GuX2J69z1Re2sRax6vV4VORRT0G5YAvtoWUzFRAX14CGh/C+ 551 | gIQuQP3tyawWltRsc3lIXVhFMd7hBTr161jikZkPOfzXnPqyy7mF0TkDehMbvx6h 552 | z1DLwHmLtWdnfS7PpalDsPksIfV+kYRAXqGZDjJkDTQ9T4JsIq6e8Zhs8D4gNhyC 553 | rhfJbpNMWU/w6yPyDDiTofGZSuMqLXcZG2zWXHAJKgNf3NmoOUgJSssNkILRvZDN 554 | SOoJqvSAJximRhQeFfw5Us/IfvWnqfXaqYkCHAQQAQIABgUCTq5fwQAKCRB+gLLb 555 | Be0jbQUFD/9ZXGT1ougJNEbjI9rKizPzVphCZju7BAcDq3JnIUIxLOZkbqlYbIdT 556 | BVMqhmXyYZ7YuJgR+bxFkIm2j5dIX5GFiDDOvlnCNCR1IcPBr/t3YRxc/rP+2tFe 557 | WmkFqdW9kYRdZIAt067vR9V3pAXkXAMcay6aSRS8yw7SilVJgtd20jocpb1ihxBC 558 | e9uZT+ZbXTwT86FH7u+PeK2E8eRhilTMETEwQ3JyGvzxuGm6wljybFxUuc7d7TY6 559 | GYBohBAE6RudkRb37muJYWz0UYJEp8Ior6bcWpgh2Ke2CF4VJk0UkAZw9PCTgFQY 560 | vrVjtgfhty6c4POO5hiJAPXWyd8oRR1IBid6ugSDfvcBDUWgtMEsAXrH80sFGbuw 561 | 6H0mQ2ZrE2DL9EJBn9tFZ9Qu6jfTUokJnpGAQ6qsYMcfMAyfw6Vm90+Ao8rvCb08 562 | MT95L9UA1L+zHVHgnySt0mzC33KDo3pVeCEoN8HVe9IXrxm2q2EWlChRX2zocgeY 563 | tAskLAXYQLnuwtWsZseSxbBqCkfL1bGEK32nnqR8FTmCuGTnzrB5gMUX9FX8DCdC 564 | wBBNQnn2IYXdhVISRQJSnIrGSZn6zoWEZPVY0GNEj/qWvvP7TvBd3dGr0AZWhbkk 565 | BP+PhVvoeGs5Dg0mou1INcuSWteDcyACPRVX6/hEMgro51+JBL1EZYkCHAQQAQIA 566 | BgUCTq5f1QAKCRCZ3UxQwX+oQ9HQD/97iTuxPMr/L2xGjU9e3xc/IHfWhUE8aamv 567 | Fz2xYLbM8CUXSoPQFLCs/2BbU2oywi7yKiLefIxNVJzLV4kWWDSxl0hx+5VqFGTs 568 | JaUfltC5kLwXS17XhLrd10JLJ/EtzctgFPIhx49ITInKbMbDfmPZ7aHNqJRqmSj7 569 | L+ujTC0AZX9ega17omR7csycxYg4IkBRzaXSMG3oS6CdwMQOQZh+4gZjFdvrx5qb 570 | caolr20qxzm7n/NbTu0IDXJqpk6/qwI1p+pWoutMbda4e9vpeQ3l8v/wwdzkaJQO 571 | sNgctCmEVY/xke0T5ltxJvyQjJO3gbSGcToHsLu+j9o2mXgGxaAhS7xMsbicY0O3 572 | 9epa0tcMKC+E5nlRsSodUZnTxZOtEbU/oSeyCkcSrr/V+Z/wR/KFvHy0prWMDbTN 573 | RQ8sKFPqR66plQLYj8gThg8Uh9oUkxBljil8z7plT88pvgcoXx5SkAJ6to/UC1Sx 574 | 4lxmjKmLkqQXagir3079vn7v2Lvqi2OnqBUk1rhB5eVh+OVoS7VyTjMY5VyvloH1 575 | yZvvmj1jSzLaFrTAgYp/XIM6Ah6JH6KNl7ncyMvT7L9yNrlncaMWcjgKfVXtUlLL 576 | JWxxv6fE+uDnrt+m2bmuK1paxDLZ9l0iVYEVbhgitDNoAakZWRwtZXDnFmS6y/FQ 577 | 7TQMYaL5iIkCHAQQAQIABgUCTq5x8AAKCRDHJx0KSbGLp4tTEACeJ2cDcVobXUTJ 578 | f3ngqx/4Zm2wcRehOrjJ1tBm+hec00JO1aYgIj2IHgJiaqntB66Zy+s4Y7ivjiXv 579 | LnlJT+5BXc/V2qhu5o8zOsDi/LnEqfVx+RN9LtZqkfZV+xF4oPnO6qdvguPfzF1l 580 | SuJJRJ49drkkTJ20CcNXk5g1VvzenMBBVxmsV3n3JAGGFE3dRcjeDP/nlnmlG8zd 581 | bt6QxLizLauyQ+ULNgbLlV1vvxqE4MNnkiG2qBKDoIO6VZap/Ey/xAloQtLEuRyc 582 | sVd/X0vx84BVaWBQ0y0n1qOp1wEIEEK7sU8NoomVEBJKWyi4uJV0gshR5zXqk3N9 583 | WRR28hhJAjHN9dNwUkuI1uxdkJUeCo8b47+A6xYKu3Y2bpTtc9hzAJb3V06w+U0r 584 | PRPWt+5tPhDD6Rc5ZxnDuQqBlmbcbBscM9FTnbMHcM9SK2j+o01QBnJPNf0I1Iae 585 | iFqjDTD1RghXDp9MaZWaCy822aOMT2YqlpGFgMITbApfHxH9kqiStpyfpJiZQPWq 586 | Q/UeQGq5c6z3+WVoZ2BnT0TuCBjWIIol/k2pObKfWyrP8h4WExZyyyCayzCfMpab 587 | QcSwruJHCESy4FNc1jkIlregPdSY3CMfaYtCkJEww8bv3qvruQBtm0bqOSu8vY7B 588 | PfUSLTIO8mNlWLgGVdu6zsfTIOTsfokCHAQQAQIABgUCTq/1RgAKCRCT5QTI+GMN 589 | jTpeD/9ptyiWG/EQhQb7qrVQr3Pk3fRruMHAQnHO7FSEr9I41wBSB+ck+YT2iuIS 590 | hH6tg+K4nsuAx5gz0UjBnIK0YFXVxl3v89nkGgb0umnDSXBBNejQI2DJYQq7pM1k 591 | bLWm7xlB7k/0AjVM7VESauzY7xmIBXDg0eB1FP39SA8Dc5iI4dShme4wahuPSzFf 592 | ma6Wjy45amgooIbYBem+pmosZjbkA6loi6gB+MtqMDWuOfXtIOwAgFHCJlF9ZQdo 593 | DvYugecQ2dsyf/lh+tbvao+j8MsOcxnzm6NzlMRGrNPcvRJG+zhYDn6YQWbNPQch 594 | C/VUpgaAQP7iydE4nYqRFxHNYV1hPDK+SpHnGnV6swWDqUifTmCyfDNGsEtWcZ/0 595 | E7ipmhQC2fdH9QblIywvaaxN0rESmmcwNc51l61WapiAn85YzZOtX+zIOFlB36Se 596 | iigHHPlE1kx0CzqkZWScpPB0dWsfWFccAG6+fuIZ1s5+nsNiFP2ebcPfGhkJT8JB 597 | o2PnDMc2+lEMroIYjfky37/Vz9ZCrk7rIzXoltCRBMk+dKJr4sJp0gW5AjlgRXX3 598 | 66kYa8WHn86vacg++XUpEPob8JKnMbf/RoG54G/q1GJ81PKEmOiO6mzUxHf3WXCT 599 | 6nAIT4bKGA0vruDm1AzvnGrcrd1YkHwgn5qBqtRyFwabbWtmookCHAQQAQIABgUC 600 | TrCOawAKCRChb5q4DLLTlVeAD/wNvnidcTpU5L2+2kzdsx1/OtPxdfJa8jXz3wJY 601 | YuxnbHYsoxIrwVdWc4DuS+m4wxUuhNY+oXczhEJhBvDEfPr0D3o1mUs2WuIPPK0h 602 | uwiHnjhtKsqOSpuAoChLvowmQpoeFNgVbTTRaX3pqab0wZchLPziI7LQCiekExeO 603 | T9Ti71Bh+yj8o2clUPXrv95Ti5ayY7Wz1l9JZR+ClMCjdvAajEuzoj1k6YZ98uCd 604 | ubLqW6UlmStTpTTppJmQ6xMNRsCb7xAbmoi4C08/Bbel+KBnR7OjjmjqrPVeaNf3 605 | Hsm5Z4/sAwgrjIQTG/YaUA9muHk9Bog8WsBQXbKUw1EINnGmlG5UZ7E1YUz0YPIu 606 | +Fu/Ljp1a46OsQQIjqiPlEJq2yjXS4hllP5iBk6Nvn235ZTHlGO9b+BeISkxthjq 607 | sm78zg0PFyzsZ5DblsBK8qeECPzmxxqRCGzHs9MuR+M/CMU9zeQZ4hVwnCJrlnkg 608 | 7GAiFWdc23+7Do/h+M1NoxM6vcnQgClv20f04yo3l1YWyAJuHy0BNHbzNIYkfRp3 609 | I6z6xNJtlfYIrsxZMA9FfAneENDWth9cJ6bwzmmWrKAe4wDSdAnGwOrwtImE/21m 610 | ZI5u3Z8QcojJGrWvsBHvnL0hKniODTbDzZvrEgEO4P0p+9c8PFUr8cReXe1PBK6J 611 | tSn4vIkCHAQQAQIABgUCTrHLrAAKCRBZNxia0/vGZbSpD/9sYsZ7TN7/z87+HB3A 612 | uqCZodd3YASLRoub0uIrXEU77/eij/lDlvqF8U8Hyh7Ctl+Vv/nqxAbrMUNd0rW1 613 | b3YpR6ovnRMWWEOsC6AcY0ayu3srh18tPOdBlM8BfEYGrMjOM2FhjYKpcccxyItf 614 | +zRJL4ln0E370CrxzyDGelnbj9Es6uPlo7O2ky/vgU4TeO+8SdIP3szSuNmeJyBb 615 | l7nB5+7HksMgkZrTN8rNj4Qn1cGzDxVKftFZgYAIWFl6JEpLVgV5aG5xSCHiNWT0 616 | S6G4dT/qG9Sli8eLeUpllpdIRrY1E5KnlEPmfMc71w5xLTEBjNEdrKYXtmp+VTzZ 617 | c3SQBaBsPdSjS+lBSJdQSCAokPWfGL+SV+TOWBCgheQ62nD8EfFFUH+kV6FHc/qn 618 | JDpKSQ5ARFROxJN3fAIfXN1W7B+sjXnrfimQ4+K/8Auxj8i5UfXDvqDiFQPYwi05 619 | 2BUeLQctawNtZV3eCBGDGNvNHXr3SLG7Zg0y7y02YA6VUFBap/fTDZzuB17agpwa 620 | ejc3opVkxSipYu4WnOSxYCm8KAoHy0F34w2rn0TGdcYSO3iq+xtDvv0Nld0qc4A6 621 | W86TnrXKWOs7FbSej+tk5p54AvNVK82uM8lnClwCSOAmtsWqvAnB9p1gh9fkKlVN 622 | PZwegtj+jSIdQX5i5ftECzZjpokCHAQQAQIABgUCTrar9AAKCRB7lugWKoz10UV1 623 | D/0f2IcM1JVYhmi8uAB9G/Udh/i+7s8yA66tzGlSOETnjNUSJXJTDY4DGawuY4vp 624 | nFQMPNJJRYMDksEEE4NOeUjcAnm9Pn/35qnx82sq16iAn3Tc9VimAy6ug6Adunuh 625 | lquyfyZZ10vkg9JIkx/yM4HrpaQyBjUKpZDZtIJa+lV8N49ZH5aYjOOUoDjtDgOm 626 | DNFV2qq4LXx1BzKAt2JdxZA/XkstpAXl0kNjbPmoNh04txcKK8wLpN6UXG5+/jHH 627 | uvj3SUw9jPS4D72y9UU+y3wstBYco+aA6buvaiTUQ2ODgWQKPS2sTyF6HeFMSYuQ 628 | CzfSKYgYHtLL0seYAVjSmlqesALP3OCmGeDk5HQXg3I6dCbUKg/JmxMM3Ad7DvN0 629 | eCXG5D3gpI1TvfkdtC4Qs/TOkbzBYuUDp9TrM5Byjhv6SlKhCv51Bnr/cgXjMRdC 630 | CIw60inZnPjCIrotfAf02f9L1pxhHSmcJnaO8aitw6bLOskKa00DnXCEQ7J6GfwV 631 | CpPdr33UMT9SBxyZy591FqlfG7JVwGUZpoYIpgI1Fa4n4LRCvPqWXRQyCqIVsyFl 632 | I+VEF6I59PrRs5DH1+lV1Y2zEk4GuQpClTFnuqXWivqYME/RaO9hdhlB3KU0xhuV 633 | X/xfeChl9NXS5dzjYolpqt+2VDHpNpzyxpQQTGMB876AoIkCHAQQAQIABgUCTrxr 634 | KAAKCRCy6JTJU0SKDN2pD/9qxwe2bLcQlPnqaMRRlpM3/CgqBf3csjzMuvTDdTdq 635 | BPwYGrupRCuvVOEB8rJUaMg3GLBVCd8pBnuhqHSYFZnkBqvKb+UYqMxO6wKU1Wes 636 | vkMgh2ux904cTIOgadOT2RTQEq24oFnIDgzX2qS6chwOo8IrT2iiVF/qwD1JolHm 637 | 9zolm6VCGV9GWzDe42MYFGH7rT51bzMsiFUEq1i8oEDtas5RQwhqTv+Eb5jECP0N 638 | LjE/rfV+upHgtaUgs6/ukgzgxRdIPd0164ul9NMMQVL3pxb6pUziRIpii59pFAMl 639 | EpU/LcxMqakPt89TOlvUo3Bt18oEDhul5v/81kDB5c6MxXV3bly3RatmGKreQ+/6 640 | K4BbTeO2ET1vpqJBFtR7u3fH1d2nEDjmzpr/xa+8IxaHtMWc4U/tVoBT4NgEwglz 641 | phi0bN96EXNS1c250bmPUflNS5DMuyQNOwM3Iq7jXGkk+OT04VDJsIGj9kugCXV/ 642 | FDnvsCTpjhcIEyWXYi9q4/oE2/zEhANwqSN7bk/5Yo/ZcTIwVLdBL6g+IfuHI8Up 643 | o2rhJL/czsI7hxYfF75Kxb/I+PWVNg84EGqyqNpNZTD3pTDSR4IifLo1EtdQ8DKO 644 | LfYSOGikzbgTmi78UGWSjKsFaC0E0uvMkUB7Lx3UgQB501+TeRPM03hGuPeUd0G+ 645 | 2okCHAQQAQIABgUCTtMrdwAKCRAyJH+7QK0fpj5lD/4nbI9uXwXRXP8Dex7ixNmj 646 | DaiK8cL3OJyaHgbQ14884trg4tg5mfyFl4oKZVtMML6uK3+XnosMyuAly1m1w1no 647 | 4m8RE3qMwwf3jFz/LvfdQJqllRY810FNKNWPkKsxXA+AG6UdNLd+LlaB2nofRSss 648 | tDw7OMC7M/hi2+nK6Tcgot8ESm8AXlswim9YuAH5PjuW63z+HSBUsrCn1WMLszHF 649 | bHDwA60vpw13xl/7anZntlbB+NynO3O3tSnsTemvSS+jJIV1nHb6a1fzAyXh0kpp 650 | NKMBTEbXfjcQR7mwFR2DL3p68t9nXR9a9BSxFTnXUUKDLRTxURwkQ8fYF1hX3cRh 651 | GABIDnJqQM7eWv3deoF/AJEwRZiLvJdKlH0dCI/LCM5hgRJ6Epos40H0qXXPZFck 652 | ualw5FPqt45GlEcfdIvtntpIYfNpGDJtfy4I5VNSbfuHWaxaoIgV4LBmNB0by1u0 653 | uCbNp081eZ+Q8tkuUbsRkUncbgq/XzvUP50spoNWtizkmMGZQMqid8OOTBIBx/Nu 654 | y8Tw27GhH/xRy4yiGOMASMZ5CuD2Tlp87HeBCcBJVJWmxNTAevaO3oRM0TP4N6oa 655 | rykLo2ohjootyrwqMH1HAb0PLqySYnFXxBE9KdC6d18fCKeyp6170cOPzJLzrmwp 656 | 2VEULbfiLW+wS+qtXNACs4kCHAQQAQIABgUCTtQzmwAKCRCgjGIsCkVFOuGCD/4+ 657 | URJJVe579ihdxobTeXi89gIBx7EwFiXZVWWLGWzKfHxX9PkMuSamILe4FOV/B7FA 658 | V0VfXoglxm9aI8qGZXJGIY+sw8AcRdPZxBKd8PIPX5cRE8Upo+pml3igRJ8OrEYD 659 | O9lO5OCobameoZMmfEaJZxo67afv9IGXoTrhg0pqOLAuA/lnhvrOQXFEJ9JhLyT6 660 | mbUO6u6rp/8oLAwwYsXR/pn8fYmBDuQuw+aHMEr8lwizhoqgqbaudi3J1RGq5QZ/ 661 | VeOoqEAlxIbGLa9FpSU9hVWuMedsYUJ9PxqM2c55I/WFWbE9695NXIm7HV9h8A4q 662 | qKw3A3PZCz5DGWljG/AixJA9GJ9HhmQgIvShL0iBTELqaWDU8S/SQN+h9dh6y9/s 663 | tDlQJfcvTP+8Jdy/Oqc1ADHq46femLx0gWw4bph/n/PewMQocB00q2QS6DW444co 664 | w8VjyvOhQPqAXGncgLoROICHAuW12JRPmo3+1cQrtndZ+9XxVy2pijN0+LHRtwa5 665 | dr6HrKZ4uhtit2VizZw9MjZV3v33G3OlPPW2AovJHPmzOBwV3VY32ltmj/y2w9c/ 666 | K5ytwgtP5q9pdvjeQSHuErxA6EmhvI32aD3vyM7aaqj0L+VPe2fgAtLJJZFFfS6O 667 | LWZYG77znDiSCEcQ2BTAULU+UWxLAvJX0MplXMhesokCHAQQAQIABgUCTtQz/wAK 668 | CRB4qXP32VQsFmp6EACyte/iWXgmmOen4bScN43A9X4JVgy+WNVZxMtl+h/RW0Vz 669 | ZGcQUjKH71Kl5fUU9ac0PJ1L8gitkJVq5euYShtc7Rn7zz7X7AQD2+ZeHMhxT833 670 | OdNJPoshSPJDBKbcQAn4RoEqfuZNgNmj8gJjfJJhw8WytYn9E+ArFlw63A4fS+/0 671 | NckMS6Sf3ItW8HuAtB0m0/lC4qxymr2JGSzjqi8PN255JXaY8ih+3/T83fPEEwv3 672 | GeICF//bZ/Fys6/arbZf3BzqlxrCJ7fEGYmZfpR2zbPaRx8xc0qFWO0xOD+pKiWt 673 | 5/ZTM9+vtcAFtQ61dWJ3AxVpWqw5o954J2SfrocDhugDx26o0sOJy4XMXlYL54em 674 | D58UkVFfhllrSoqvYrYWJujcuiUQeYmpuTdg1gEC8WQIrQoHohnrxuBFE3oNd7ht 675 | BtfHqqEJxSj9q5NrFYcsaH8h1r9/ndN5pS56dcoau1RKWxHlckjfvJkD5vXhhvQX 676 | HF1wHjze/Esd/TiP9+VPvMXpR3JGvANL02obi/3RZSSjO6yV7ORI35BW67ZrVzbu 677 | labeKmHEDIH1bJrSwSffWCtu5YrnGDB/vZcLo0/K9Si2QyK6+2+QAtOsrdBCP6Sc 678 | uwBsJAlKZWSz6FG3Fe6Ran1ck1IRnf6/l9Dkx5xksnKZRcgJ6B1f8c4EER4POIkC 679 | HAQQAQIABgUCTtQ21wAKCRDXz2RpajdPvjvnD/4+zuWNHY7fRzPU5XfUWGIB6kVp 680 | XiiHqvEkysrY2o/rirzV2dfYCYerTApEVUkNuKcENNTGz3BzqW4zixUZW0wZpueA 681 | Wgqfvn8xsKR7a/zUeutzVWoWXizBVUW0BcxcN0eDcqr9B6JxlGv2dH0SjNwjLrar 682 | Nr0G8lxCCYmHGONLbaGUSh7RN/bwryFZBBdnkS/HibqcHWFhq1qndDqyKzEDYVA8 683 | 9oq68qcDyGQwB2xvMmjh2Qg3o3zfNaXqrejKWbBzsO2jgKcMWmuuhZzzDUGyXoEs 684 | QI801cO61GJEwyYyruKmfNrR34NYea9fNxL3EmagvhkE0STmfcymPOD0QsNMtbOM 685 | jJgi+94gA47l2Bq3Qzcs9hH8ZRE+mJR0Rhe//WXNVg5cH8TBabZsrlFlEG8weXPz 686 | IZsP3m32YVSkwG/2874atVFY9yf37Zu/zAitfLB8tIEP1AqpIYTKlVA08bGKTGBx 687 | ++TkQe3pEQp9qY97UPoLUfHj7LsrrIOp6pxjieJXYZrFyFGgdgns3UyxDjlMZqza 688 | saRjbEt47XGAztaj9CY0QzE8saSxXC2VOJXhZFP4LYZ8E6wK55oLfXp3hNFm7Xb0 689 | u++i3iDATiS/b3Ks75pNyzLE37439zcLb695X1KIMYmnL88waFqRzYv6sC+YLYHe 690 | iiRrgEOFYfFDPSwNfokCHAQQAQIABgUCTtTg+wAKCRB2R+GkS8Dkuu9aEAC0gdF1 691 | c8s8f+kO9vap6PFt9d6DYfM/17rtYx9D+kGD9US75H8R2JrE+h55VIvZP4+gCCAx 692 | H+AMeIuLCBmKBL520nbfXq2GIFtTKEd8Dey///2PgnwJmnGQROHNJxBpDL2u+mbm 693 | +MA/l2UNEkcgfoS3PfviMSUAIhDG2dKfTPC5H18ECDZShDDQt53hnn8Dzwkzy+q/ 694 | R+hV2wpX614zYU04e0FyMJoVoLTl09rDoYXGZlPWqFmH3LxKC5WZDh9qDYJFAjHa 695 | Y5d8L4ZGaECGQleTZgKCJsugpqUr8PaAcOx8Oyi1Ftr8i72V7amcTpVLeZhjqRSn 696 | RimgPqJHuDaB8HdCkexvDSJMck6Ax+pkXEIFp48dE1ok++j42e4P877rOAaK0pVW 697 | 5qrdU7jXw1ZPt8eMIZZs7kxpIQwZ1rat4t+Wi6KZCP4SM0ARCA9Y2xdlPLpLbu7Q 698 | 9mPHJkmU9uGVKV62HPJ3JwTU1EmmW3rE3kaQlQKJr9MurPV83hAlstR+slnVtXct 699 | Xh4SYCWZZnQXdN+aR+GIMHx5IDM7IhhZXA69sOTwKQuyg5gWthvur6P4l1gjaUxI 700 | GscUuC1TDMPBh5pHxpys6VR5SpMnIxeVnelXt6PiHvcQl6RwdBqVZuojh4LufH+o 701 | 2xM6IVB+NsUWoxnzPwxtqQnnh+/Rs7nhvlalZIkCHAQQAQIABgUCTt2MEgAKCRDT 702 | b3abwRgE8CJ0EACmZGgqmD06Dniob1bnGnATLk8jWiHJgREUjoSzyCYGTPdUuj+N 703 | d8m8bIb5zb2crjwf/svrkXe5g5BmCAiFDBQAY6jIf9q14WBE91XjK6OyjCX5zGaQ 704 | v2hhgncXl0T5dwOlcd1jmJRG63fkycB3//l37QjZnlh9Z3/qm5U2oiTtP7ICFiB7 705 | 34dqA2uGViWiHih9oq+ZMhkq7LEaXGzkOMGEun2hbvljL6QpHyAaYSSgLhSxcH4S 706 | ZHrUPEIQNjls7ICqg+zDz6gBZIRTGgpizN4P5ghVUWNz/R4HiIY0bEmhL7C5afFo 707 | gABLx6HZxO4Q2KW1ceATalyhyHMOpDH1o/OQVEK9BdNbwhm/XO+ZNCx9t6mJDNma 708 | VzhkXDv1K1UNrLZNN+hu3KAVJox044g9JXS4/PlME4d5826YYKFxETtxO3EUMoro 709 | 5Zl4SvXfvMWpXwhZ3TdZ2FUB9aB+8ZYiSpZ1365jgJfl13u5WmTPmUoQdiVegI3o 710 | AKSVeF673Zfhu/aQINmIxZXoo+3nThXJX3HnwSsq+QG/ZaWZAW+23F8auqj9f+8F 711 | OP6JTR+0JHgFT3gzO8HqOKC2HEYKdX93sbdOOCvgLRYe19cuy8X7bYnV1Q+bJarn 712 | 41QIKsNbjXrMXfAP4Qt7LYBqM9tyxBsZ2UasZAepveReeUNvc0Aq2ddsc4kCHAQQ 713 | AQgABgUCTqVpVQAKCRD301j7KXHgpgEGD/9AiIeyxhPx9tUevlfjzLl9mEvj35EM 714 | JKLWczQYWdEK1MmgLawL697xkER9+dY83FOBVDW/fTj6gqupD1kTzRNNr/Ijot1P 715 | RiCdoVC/egQTg+XcgAuo/OKCGbDh4Nf+lsTFKE7Zm8FP9VPmCdFgICF6sUElQBaJ 716 | T/30BSDu2ldGGGv+FYlr3LzUsewwR9aRlciYv3HfIfFFkvmEIsXpOaBu23nPYAla 717 | /hXi7A54PC4ewwwEh8jv5j4iOyS68IscCb4g/LN4N6OHUI2OIaKuFw6GHwqgFeDA 718 | i2zq7Hl3RhKcL46BGuPhW1KtV3KNPZQ5ZJ6ZGoLNnKxuFRO5x1aSq6FhrRqS7Pq+ 719 | wBv+kuLccg/vsGOy1rMmuVFWPMrvCuEz5X5Ho2/mESwmdF293n4Sth8vfpbnYgDw 720 | qPI3HX+kVKnnVpmGDlRZdOi8AVDKOANzF5gF8QErsE9Xata2/mzhVMSdpFUU5BJR 721 | XXYsfy76SLYGqLNcCO2ua9BmcRNta6oTv7lw3WkBuAuTwnpdXMdmjsP9+R2wfvDH 722 | uOO13Y/4Lq8g6xcrFKsOBeZKb1UFhxkha3/KBkcChDkszAvKIZqoBKYtWMk4pGtq 723 | ahMe6BWPNwgFzkRMywbBHanWvziapKwS7hvd36nXk7/FqDD78oOyhdBIfuv6Jrcr 724 | u0A6Tp9rA2hGdYkCHAQQAQgABgUCTqbjdwAKCRDnv8jslYYRCRh6D/9L9QjJ6iiM 725 | mPyB0VcoaZ624bkK8kJZ8jIgtkGGk+gylet0zfLInsU2/5t5iuqhP9DnIlQtu6Hx 726 | qvTB+SMVRTZfg7Nn0XStaV3ZjlNO6oC0X/LZe65Ma2aDjr233gFS1+Rt5xkoAeCO 727 | /mi4iogIkZcmTfk2cpyohnOZvB0wvUFi0D4BW8y4nYKBLdj3d+ht+C6R2sCthZR1 728 | JZgEYNnwH+Trw7Sq/56GRy1qUKxSBFYmGI5qhrQe/V+KXgyny5P+hapi4Af5qPd+ 729 | JHnIuniyl8PALF5icG4dP3JV3tl1ndqVj4rWxpI3SlqcqMFRMEnzPStzZS2X06xL 730 | NFoEymp5cpYuwpyYo31IblZlT4BX3IW2jhRgbx1HV01sHsagpErD0xmBUDYrwxdi 731 | evJgQCgIL+mOOWt8W0aTV2a7EfWBBVsLBwe8D0NhDLHPj6Eh75G4w8Nic/mKdoO5 732 | J3w9AMnlgN6isRCzOtIKy59e4roMLyvk8NRKREbCXlgU7/bdT/tYXASjQNExoAB4 733 | eYmpHJ88DkddhAxpX18+WghFyZBvCxZXmq4UR2j4fcHvJunar43v+qr2lxYG957e 734 | ZHrTH0pmK62chWCBhvr9xe0Rfw9+dUbSMQlH7rdpEPlGpNg+lru2TK1pIcnuooJF 735 | 72wfv6mXV/ER7oEpa4CxH8dX9kk46YYivIkCHAQQAQgABgUCTqhmDwAKCRDg83Pz 736 | e/kJmtP/D/oC2pe2Ry8IY1Y287GNpDX18/LQCac+yG7LkXQxpYsyQph9Jc5Mnzhv 737 | 5uOiPB/eXpaYIWkwQLCUiwJ2KLx8FKRjKI3hug2qQoIRGm9dypW1uG8VhoKTShpJ 738 | 17fC9Q6NrAVktLTVCS1/fnraY+U/4OmxA6jHvlWJjL2ReNBRGRVi9j+byU39Lvt2 739 | CIRzp+fLUQMVdCodPcLjX7sPctMpe+kwOBW6y31iaBkevhy+yvIXDUQe82SfXbtY 740 | MoxWwtnea4s9RLVzUWToHQkkpCTSjCwBKo56FPaaWMQ3tez7VBkCBsIYpyeaVnmC 741 | Up7psbfPQpjb5fRYDVz9HU2vF9cqykKOUtKqmM0/ktaENiC7qCtOA7XNYPm6zbNq 742 | xBL96uTqQnDaXTcPZLVx4PkuidIWUGPNdMN0DBNJJf5YKmD4Qn6Kpq0wXT0BUm3c 743 | GJWjqa+ag8D7Nudb8jAGF9ehVuSn0n6M8ac1Sa5Om6T8VTLJYWM40Y6nGZWKYGUn 744 | N15MprQ1WxhNd25d6Fu8UOM1jxqrzrKT8nI9QzXm5IDKeampZsWSSgbYWQY4a6+3 745 | L3AvPS+yk2RcBxlXiPGQyiUeRoCmaX76NoBGEkxuh6Iq9scS2eOqqwwKQzj4WZjZ 746 | 0NZvZL12W8ZDVy8lvZVO2kxusMsiMfOht1FPURcSmqVRns7TTVui4okCHAQQAQoA 747 | BgUCTozMfwAKCRA6k2GWwJXZQamLD/0XUM36vtusMbm228B9DEJ3LlZrKefmSz2F 748 | FX3prjgSpkFQbvfWcNetRsT6DHB7TVLkqfW+vyxkKAXEIyW801b2LcY5sMPQlmyZ 749 | W/J8xgyPaYYFvx+jDcugmq0yT5RAM09nYVfeQ4kLVWQNJH0dH8SfI+mq91S0Vf6z 750 | fxSyrXcE4JEgz0ifuNNslPs0K4NHJpMMzOgb77uZeqPqf5uxWWS4xOCRYDx9w2i9 751 | k3jUeo/bs4rWAzOMNNTl+EarmUZ/5u5TZW6XK0j9CnQLm9nFGtMsqw6DIxKX2D6Z 752 | rYFMttZWC7Go/sKlH/10dtUstbZL16i70w1WFp5k+DuUGLdZ1T/unaRW1hDoXgA1 753 | xlXkz2mRgNbNjSo44N74cVS43v4QO4H1RQmR1jYNhUbrSMmUhQreP8xUWwWJ7Aw+ 754 | QRcJwzc3Hxevdxv8y7qGyL6ccWHozZgFH601i3v251tbdyuuFv7Z5UkqHmlGke7e 755 | NXHLHkclbmuZEWNQopWm4DJlY225LPZukdzXyyT9G0ub7sBTNmsQpI3n5XFX75rg 756 | RMRQCMgkNJqyf5BozYrIEyuIT1shjV64sgGwkdCcKFmW29KlQ/92X49qiP/gQwJX 757 | kO194BimbXry7e+13XoG6cCMM32J0tRZK9PYkShHzQvJZGMOnTMhH/i21+y9suCH 758 | UEjehaqt/okCHAQTAQIABgUCTo0o6wAKCRCkHscxUxntqpcyEADnP1u32rhVVhrQ 759 | 5WMTtUWoak6Ah2HQyRH5+6W8h2yPhdDKgycysGuSfchvtjrysH+uhx7snZBGSNPn 760 | NkI67egpA5XnKy/jy0TbVUUYE2hF+Ow/eVTzb7q4dpF/IgZTcIxtSyDWbGLN7lI6 761 | tKsJfN6TM7LVsWAFYQzmphPOIozTa8tOUowXcBKw8eGurXC/RWXqAoP+BDAuF7X0 762 | yiBBrLFiAg6nDa67dnurfRoGcka0wVupwWYGIANRTETOyyd6LDIqpiWwpl6CYTdv 763 | ZFWD77fwVbnAkpKfJ2gUWt8exlWiyBYmfpd/WBwo4HZ7owI5BvesjP0uwRSlnlYy 764 | SSnegfs7c2Bsb+a+I3lnCSA8axDAHpwEdz0+VFOZXJ1h2S6s7AjNoCSoRTUQn5YQ 765 | Wv45iAqd8yCixqvNknzXvdF4XUnstbMleO5/YPCi12EPyEGQVvdqbjT+3FAZSR/y 766 | 9VoMd8njsXL/bhS2oBSnQG3u5NkOjTWKt51S7Ov+OkRKnh7xLj4hSnO1ow24ANrk 767 | prAB/QjkqxbBq02jo1mtoOxhtFgu0ozd7j93T0mZVLtQ0ce/phsgC6yjTACC2OYS 768 | 09nppiKc0H7FISQz2ZeCcNh0LFoIcdB23OymB+LlDJzfZQBVSN4+2jMxE8oF2lhH 769 | h3qxXs74eYNBNYYkKWKRbvuTG5joP4kCHAQTAQIABgUCTqaYjQAKCRDBpGByW1HL 770 | zyplEACDN1dLNR4DM3j4b53eO95HcWOnCPSKxUFTGPLh8TUYdMcTgiyFpv19j9VP 771 | pGCJs2hXnCL9BaV9UmtKmJ3Lqql6OnNVbrtGy/duiu3rSLkv8scJB51ex6iwaCti 772 | n3ifi22EA82zU4EAsWNv9SvOHysOw4trmt1C5Lz6WX5As+7/7p5oA5NpvLi6gfYo 773 | tC96VSZD1wD5n+0ebu1vecpWPEZo4ZYaiaz4QIwaLL2djQWlv2BVb2OpyCmGcVUO 774 | xYn7hsc4NLrBvH7UUw/xZfgviwkqwcOl9gFHbPopUYHoiaJkHDShaz4eLG5Km3eU 775 | 0u16sFVj+OWzQMYY03oA93B8R8DPykFrw4GwnlQnGbvnnhLbtWjj6giEwFCnBXMY 776 | p06l7bZnMSkI8Vxv8f4fFhV3aA4b0urYbRvctuGnWsUTAkQFPGCVZRgPGxgAK+Pq 777 | NWDPhMJS5GaUTXMT6vWfL7y+jtoeyS4IS0Fr/r/qSjx7vj/eZlmyphxmGY3nNFi7 778 | EMG9l3ZkPIn737/6ydGyv2RtUvAshEqwgK+O4gbXOj2OYmB8k/KlLvLYmJgwfrON 779 | tGde5Rbrt4YljPFppoQtXLwNFyufR6EmhF5AHgZGBRiAvmN6tVqTIjiD315YYHNL 780 | /j4QjVgrOe/tK9UW5LtPO1WgtJHkhtneQRrAPzvgcc7kLYiZZokCHAQTAQIABgUC 781 | Tqez9AAKCRC9JbEEBrRwSfYGD/0eEWf0qPO6k62+3CBtJPVA0U+yrH00fhKLe4HX 782 | l1CtwJEd6SeGNeiRZdbTfSdVrjVX4imhNhNuJzObOJQxEsGTtiqjVWqXRTpfBHqT 783 | BCY3twSJPZr1CbGVQ9AZ/jnOoCgMztkx13glu1VwzWZu/EJ8PxvMOyOH1E8sbncH 784 | PDt7N9/JoMr2Njda0UvKvbp+cnv5kS4AXYUo+4ORAoJXC5LQ+K3n7+iH2fnhV0Gv 785 | +hAwWmBM3dln9YK2lL8oxMoHOBOqTtvspJoCsOL7ns+qbVkcNptMBDUGf0FkLCWP 786 | IKSP2H2y/cX9Hzfp9GdgJDD6X1Vu7RfR1287CN+ynLV8c9p+zPGOmwAnIqUUHTps 787 | +RaIxWAMy8hEp5KYXgAXX1IB/tTbSi5FT49hldK0SboE+VWFBPlKF3fdtkmYuhJu 788 | Z2CIcx4Tnce+kZCrMwHy/dztgj2gQJfCtkTkmL4UNBxCMhDLYOXI/+gj3kQuo7Lw 789 | zN4nL7gszRCt4UBTqCsxEmPA3K8Vn+6CR/St+3sx+/k+tBbf1gVVw7BoK1dixSmi 790 | 3SXUIUqo6iKjNAS6xitRa8hmYpYkBsadBMBhTUD+eftK1PpaYzy3b+4K8aLo0ldt 791 | VeV5jX8GZj4HflFsIWzglBh6VDwgACOmXNc5p+ucA/ELmb2HqoYFFkvpkkcoNIww 792 | 8bH+r4kCHAQTAQIABgUCTq67wAAKCRBr1rEtAMhe8Vk8D/9nuzxvW2eJgh1QirJa 793 | gCS/EXrRWsDmYiOKerjWQDzbVahuV1MfKkUf4xTtfpl5YIGO9ZZn5jkMtqKvbjPE 794 | RyQlmKuHxhokcifILoZzvuoghTKTVTSRtH1DiEoymCn348thO8afvmVjC4E24UOS 795 | kbdy5cccVCjPf7sWnd2y9a1aUfsYE9CLyZVMdBmEt45756pwmyzlhNtgWxaYeVVJ 796 | xkfbw6Zba1VzhTBCm5ZQT/YkFLwH59cjGd8bdoIZ1k4QBXMdc3svFQb1Hb+6IdKM 797 | S4gVPjEfdDHszKZ/H/RQs1lYowAkYggJ+YX4gczeq4sgVkLVKCP5WukOvSCB3QRk 798 | igYyShBy1mSjqOONPc/+oROiuUkHpc+i1BwfkOX3zbj1SpuTT9FOjK7hfF9QL79T 799 | LwAS4fS7pkxKAdTKhoy+s20VwXEMgdUEYRNpPF6r1VHt0WfC/Yory9GqwRKQoTqo 800 | mNsFbZopS6aFpSWOrSOcOcPgQ4atY6ZOIVi251dMyu9vkdfjNBzOL21RpDiKY6DY 801 | jsRcEIwXYybYJmzLr+1WTbh/Gi+qrLFfFLXCVERLCMhS51XaZPcMEyRJXOM45Wwi 802 | AnhgzyySDIJz1o5q0OGG2FFPTUSTIB1xjXpiP9aZ8MA9eWv82gEWMHdstMlZwuiE 803 | z0t6pl/I02xvnC5auurRmSrk5YkCHAQTAQoABgUCTo1NAwAKCRDlb++VWkvtznsx 804 | EACJmZ/1qBkoVa2APnb0KyYnGCHfkBG0KU7l0p+GXnTebexpIfv46tFpmnqP65r/ 805 | nnPx122WIVBL70qcc/jLFibZKzGgt8Pkkr6ttz58Z5t3s8oJBIKDrl/91VDXIU2i 806 | Dl3B8Y5p8VcltsrS7Z/Dzgs4I9cNTOeN/4Tqm7VtJqC1/RE11esQ6T8CVTwzisEs 807 | ycAIw6vvGuWZ9PvqaebL0bPXYx72ewObmby/PJ7AMzQX46G+8Tp2WuoAvk3peHlG 808 | yyuZdpujavLRLrHBKyHRX7qYuD6GINFkdst7mkK7cGEldApPnymEK24XHqsiNRPC 809 | 1rR8lbQMRD+vmMl0gSOXvgbCrXWGEESbNBXnoHU7j27LorAxzXj0FiL2DjnKTT8E 810 | CebWcSTmHpu/TLGBmuk/w4SdK+GC+5h8/iwF7mFPn9LLaFboVoMDUWrAWPuc/tBM 811 | It+xzoKgA7s1Fg2gqfLLIJA6vFY9F+LrOz08SW7OeUufeXTdX6R0KTHHdqHcaw4u 812 | t280Xt5rbbjEsaIQAk43WM9V9rmstRpOvmg4iN5xpJAm7VTHHb3J8avJwqkZJCMM 813 | 3/TvaSrXjaC2ytK6d7mOsxobdjZ74xIgKIk3AE/sQyvv+zqR0nbe5WBiOlrdpaqg 814 | R147cl9WN9xc33NYdoQH3ON81USjD1gpFxK9Pj0w0l/XL4kCIAQQAQIACgUCTo6Y 815 | /QMFAXgACgkQkNE7g/JkgWVxfBAAiGnLNj9bfAVRkMjtfKdTNNnYhetcn3e+w+H5 816 | /15nX0eCKrpYzpa5No9B6I42UF6BwWQZgzK2pXkqU+SdiygMcZyMVbEA38TjqLFZ 817 | 5wn7vqu3H6OBN50bipJke1GgqokIinAiSpsQ00Va+/q8zgFM10GFVoE/4Fo3nGMg 818 | F+cR78KGyThXK2G258impFGhdpeHNvX7c4WfoWiUKpavb9aLl53qqb3SGqzNZ+Ll 819 | ecQsBEAvsTYYwhnPBB1cJ0DpxF5q3H1w/suxFwOpzM2a4RwtZrHzLpaDjcViqhtp 820 | xB/LM+ahlCRRuw+IqkKwQnVBF6SW/R+znR6ReSh+rJGrnBmsMFTWDI0ONoweE16H 821 | chhuNdHTvFkT2M5a1nkOJ0SpsRutHn1VwNBySDilQLQ/IUKAn7AhDgMu6iznDAYh 822 | nyIg1Ej9Epelnb4exGB56ITLoMlIjTTdLJJCVNLiLUFmms7ip+mEKSLjMVJNEGnT 823 | 4NDg+eA+mXDvtvXkAdbh3w7K6sOZxIh9/wmTM/TeOBOGvAJvMdlKtgHAavivKFyo 824 | nkOcSShd2lmyrUmwi2CS56ACsL6byW2vTk4vF2etOmgar3kdavzPxszdXAKXkldp 825 | Rl96lYcYlpIt5vofUVVOb6MnTDMtrqRxqeBJER6g00tMBTmP39FOS9vDa7yqAiWv 826 | hYXmzf6JAjgEEwECACIFAk58tdUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA 827 | AAoJEDjbvchgkmk+X1wQAMdjX029SGefXldzyrajRtKsEHav+tqEqjSpb5afyc5H 828 | sp43ie4nNSDrPwk079vsaD5CzXDYTj8+7npv+Gmv5svQNABKeVLBei73aPx8uycX 829 | PvtBIFv/08r1nFPaneakv/OVWX/COaS/U2bR1cHyHyzBPhvIZEMdPglkSZaCxRuP 830 | JcIvJIafk7AkWL9bUHouxttsQGObPud07LGgtTF8kE+2iQRocJ27KWNiGkTM7K19 831 | JrGZ/hZ+VpccTA8VJlAAhTMihiftRelWNNZ1qJU9xtbnTp6XnuuqlxyaOl585DYc 832 | 3h/FX97DHtLF8fGJDevNoNTRWmvnpdEg3F2bwfdaRZFp0GkEn2nOYCOCokocQKnj 833 | wB+joPmv34bOV3cmMNEjedDvsmkp6hA5eyZAcl1SiYlVYoQ7hHuSWV5KCDv3kzer 834 | nHhfPWUIjv3RZ9CnKnOLy+7riOhQzEWSu5mO24xcRVtVY7KXMYU9TXUe0hTayvBp 835 | c3eRUuu6E8EjQdws5Cdzjf5DifCUsRRLdWU3NmaULo6xck7W5LFpt2Mut5G6cMUa 836 | EesYGhsLcdEnZJFgwnAPthmcpgo5ORRUJAIaBJNLbv5+X7x0u002bovWthzLMqpo 837 | Eyc3lNHkCQ4Jm/2oc1tFYIx7QAWia+NEPNzPbqZGXRxV0mW+1BxWJAHR9TsXb0hV 838 | tC9HcmVnIEtyb2FoLUhhcnRtYW4gPGdyZWdraEBsaW51eGZvdW5kYXRpb24ub3Jn 839 | PokCTgQTAQgAOBYhBGR/KGVIlOO9RXGZvjjbvchgkmk+BQJaHvQRAhsDBQsJCAcC 840 | BhUICQoLAgQWAgMBAh4BAheAAAoJEDjbvchgkmk+3/8P+gJ85fYDzXoy47y90FFi 841 | PJqqtkZhf/VPMP5YOJzxCnGVh0CUwC2fGFV6SIU5V78Ede+gArocYq+LpTV4nJz5 842 | SJZZxNBzuEW8t42juF6GZ9uB5SNlqYHUjWbM0bLpl1gut3pe9yJ7mQ2DaZUMYlav 843 | D7sOAiKw/5pCyFLvY9a6ZJmp8QmPUU8Fb9kbbudxfjxgDrAwuVlnGU/I8YIZOHhX 844 | s1hjBNagZCWcxawktDLPylifNOL5UtNuoLJRjsUVatAEjp+g1Xq2A8/t/mfi5K1p 845 | juQaEr5fVzqhkPqt7UQbT1QuZghStYJ5QRunaYT1trvBXmrXKzebBKk85+nlh58g 846 | fRNTyEt2eflNkU1XpFtNcCWo6rke/PZjtHb1CivHD/GhyogeGBfRAMRfmfNDZRZw 847 | e5V+EBNI+RUexscvhVyTp0XhxgXdGy9KpSpWbuwGaQ+q9mVLrYRlNn1k3dnYaWxD 848 | nk0x7xGCE59dd6vpckcD6t/SXujRwT4b0Ypw1jy3Ve3h8OTB5sP5SBpCA33DoQs9 849 | ONbgtL3nX3XST7frXxBkfCD7D58gGCvFvZYAEd1MDGj3250UnBHUPGeVp7/+t/wH 850 | MJ/E3rvb45RGYadd736i0vnJStPIae4M/bVG5qddRjU6mcpir5qYHAIrDz6QwWWF 851 | 2BvR7vqYKa36TGX7TORxuyfotCZHcmVnIEtyb2FoLUhhcnRtYW4gPGdyZWdraEBr 852 | ZXJuZWwub3JnPokCTgQTAQgAOBYhBGR/KGVIlOO9RXGZvjjbvchgkmk+BQJaHvNA 853 | AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEDjbvchgkmk+TLEQAJ1Ux/6n 854 | //f2jEVBdWb13qYFBBxKJMNeTU9yPMedQAAhrt68IU1Bt8+/nmZLm1iXWOvPQ019 855 | 21i3HBxANnbTqEYYYWnQJJyROiyTuwY7HWlguQXlkxLa1mahVuFee6DHO+O8IGU8 856 | IM+PHdEL08e629sIluu3WGmNXXJ307j47UBu3QFA67YQ7YBmChl7AHBcSpKSplgN 857 | 82tbAYtrm5ywYHM5uMFhmbw/DJpzLdFsnzRT9E7PKhH+q1MyPojGT4Oytj3D1QZr 858 | hp8yZ+Zp8TQnleXeBczLfpQPduzurqVomZpWwIZLHCgBJRWmz7/M0kTDIndQle9L 859 | VcJtJqasrRmgL3NsKrYYBw+jHnBe2hp8aq6W3DVaUmkSdshran9ZCaLCpxt62NAg 860 | UkI/eg1sSljo1aeXmF33ymYIpxavW5CGUYKlqYRLUT7en6t/mFiYCwPD22KOdLSf 861 | svVG+pr4UNsfSZdIF+W9/FLW7HJVZGMIldsrGFv4lOtqiXdbRafMtylYw/mU+xhu 862 | 9+NslRRrbi1TlWS/BH7ULYu9zKahApf1DFRcrx0PyvtlFleoDZa88uIbmcUO8GzZ 863 | XEhejTv9vNnbmjgvYsRywFcJPkJ/TObfasvvSU9GZn6aU36Y7GYSUGjD1anLiUpr 864 | 0FKkruymqBdXHaXGJ44GZ8Hhd5ZMTavwEX7BuQINBE58tdUBEACyIiG/54lsujOh 865 | nwTLf9hAVqS7hPhWFXlEBqRoVw9q1ITqPVKaMQQ/2OZnOTmibFS938kmEJXVRTmk 866 | +z7tCdTeRVyAXJILW093oPkxg/ViHycumaVowSn+iuH68E8EaSwSqmYXAP+/Cs8R 867 | R3kR41eHBFWVTaEbVai2Lk5W3ZZB+htmMYAoqMQH6r7Bo7INhEu15esc97mgR9Qx 868 | V+0ti1x5Ax55aFjk2g0Xv+IdlZxR3++sbCQoLdrHiafdZCPG4bkewlKzuZpETIZ6 869 | f8/b+r3NqnDL/BDCuthYgWqhDWioOemoPCHLo2q9WMFxu6GITrmIlsahqSVMIOfo 870 | fx3mMOUPLntFMBzwlGUdeKc0AisWoETIm4rnzpUulEWwnARuOHXRQLdr6qqKSKNO 871 | vZqMX6rejhooOfXGL+z0jHx19uXVdNTbPtkdXqO6opLZFftwkkrP3VAK3E8cqL7m 872 | nSAFGmQCd16rEtxRs2bD2DGDTPX2majnxepphpgmUSTDBElrlo3PGZ1QL+Jbsg9f 873 | L5bK/yfaztLdvLODycqiRqMxFywS7bGglYocQRzGO0Cv6QtI0Z4i6Xp4gwx2PO+U 874 | yIht565rUfOJ51vVjThurbmiHAeoQ/w5kq+9q0aDRKQmv3k+14gjsphh0uYFkfve 875 | Edfida0GW3dU/IEqv50EJbiSCO6M+wARAQABiQIfBBgBAgAJBQJOfLXVAhsMAAoJ 876 | EDjbvchgkmk+MFMQAL7qdYsq5R3HIdkR38aZhUQWDTsLZqRMSQcvilMw2ekYzE0x 877 | xW8N2K5JFwNXDEKGxdr08ZzWbOQdiN7trKfwA9THhcQ/zHubXm2XIyUwR/AwXyjE 878 | cBcF932x+F+zHCw+l2DCBM+1aNHt7E8wlamTNuzZj2a4Vh49OS0CJYi3lLsl+eL2 879 | MC+uoZbz7jT4RLCLmm1RmGIVVneGWn4XCNFdyxmPyicAWauKapc1TxCzJMXLwhoY 880 | tfRg3hd9WfPaZboFdNtO5CIxW/tde6F+BXs5btQRqXAvbNdmXfa4ctysy6sAqMQI 881 | G2S7wsGhnxCw0opDyYKQTr6YdYEwKV9df+2tv5HzmGBFPobZ6k5uJOepE65ZUV/g 882 | goMUNmmdd3HWhbR08wDp52CTRI10tApRMsSF156C58I3Li3E01W95DR+ywKEf8dS 883 | Zm0daJ4SDgf0cBSXFE9/5pSRbV1GnBgkkgqQrS9B3sFNGK9Li+TcedYu6TRuGnCC 884 | TbXis9TzMmmGSxE1WP3rjWdQP88mjSrO2P0gm2uauMjpg3P7JEilEHz+8kPColOr 885 | VJnlgGn6lLjSPeOjNEUbCp8ZnOILll8r1FsHa6fgAGH83JGVOIBiEVVikrxugkyg 886 | 7NB7WeVtXAN/pa3Lq+h6Sss5Oe7hjkaljharkBETLNKF3RynOcOebKM4gpZU 887 | =SZuD 888 | -----END PGP PUBLIC KEY BLOCK----- 889 | --------------------------------------------------------------------------------