--- /dev/null
+rouf.grenode.net,91.216.110.98 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWolyL7ErNN/uHTAoQFIylOOC9sixbd4i0CNxAcGN0Ht7Z7HpquzwAmRj4JHNgRRTkUFnW0GBOB/E3Py5ckU1CZ8SBZyqt3zrBwO0xybZ6ZWNlzebdgiMU3Ke2p9WfZsAd0HKG9oJjeNJFDVATI/ez0IT8pKFR0AT5wO1u5HHDX3szPl19F5Blk8S3XYc//ZypVTokpH7EDgq+tj8FPERAuwIYl3qAJesR0omwn5Gro87pUhTgqK+9mkXcWacUYsLA6m0uR+1DhdTIHwcsHFoVI+DjwOGmfeI5ZallbgRdmoeTUi1lf1RVu5myoBl6eRob9dLWCtp+7zjp0fmPEDaJ root@rouf
+init.ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAmQZqrcEum8Ixy6kKU6AhENis9EmHOg8z0IPjCrF9glZjet66PLTPCulYcPdiBFhPJjxBFiKKp+bY/qiiVphSO7LXYutgzcbH9dKn681w4vsiAxTYIkgQao0AhrmsIMgoY+PZs3spoKt/E8GQq7SLXb9v7VuRcvQbkKIxp+HIc5uvaf8pZnhT2ODJLW1MiYlyIlJp+ZjvrBKd8/2TZaLOAW6P3XUqNQKCocngnDwDJQnq6EbVhrBjfU4CuFPXk9QY5dJjvSdyb5oCXDabHcQNymZwIYFsfdSjswpoDQH/bzqN0LhlvKYTauUoZNvMQ6FhHb5eiSBOv4vfJM8bJ/EftcT+Lz27u3KD7RePZudNJen75rB99UPWfcc1HkWS6I7pX4wzKtd9cUyx7qqpN7wn9G1RLYDbZ2Zo7AFJeHGdkIZ+SBEdFXuPc7W7p33A7VoRG1U/2Cq8DAiD6FpBYYYscFiacW2oGr913sYKWbSF1QxzmHHIefyio6+GthNHXebXkj3mS7DZGhEDtMq5WO5yhd3kGKsA5z67K0tdf5yte9ACOIVPJ7Ttg/adDHYVKM9Hr8PLX1OpCEuZu4CtX3F+BBH0dn3mLkBFpnHlXdN5mGNw/FDHFSO63t61xSJjM7PJG2/KOREr/5naYhEypG4FwLrbvjFq7dCwcywh+A0a4t6w98=
+ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ==
+91.216.110.42 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ==
--- /dev/null
+ HOME = .
+ RANDFILE = $HOME/var/lib/rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # Pour EVSSL
+ trustList = 2.16.840.1.113730.1.900
+ telephoneNumber = 2.5.4.20
+ initials = 2.5.4.43
+ logotype = 1.3.6.1.5.5.7.1.12
+[ req ]
+ prompt = no
+ distinguished_name = root_distinguished_name
+ string_mask = pkix
+[ root_distinguished_name ]
+ commonName = $ENV::x509_host
+ countryName = $ENV::x509_country
+ initials = $ENV::x509_initials
+ 0.organizationName = $ENV::x509_host
+ organizationalUnitName = Anti-autorité de certification primaire
+ postalCode = $ENV::x509_postal_code
+ stateOrProvinceName = $ENV::x509_state_or_province
+ streetAddress = $ENV::x509_street_address
+ telephoneNumber = $ENV::x509_telephone_number
+[ root_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:1
+ keyUsage = keyCertSign,cRLSign
+ subjectAltName = email:contact@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/crl.pem
+ #certificatePolicies = @root_certificate_policies
+ #trustList = ASN1:UTF8String:https://www.$ENV::x509_host/tls/trust.etl
+ #policyConstraints =
+ #extendedKeyUsage =
+ #inhibitAnyPolicy =
+ #nameConstraints =
+ #noCheck =
--- /dev/null
+#!/bin/sh
+
+export x509_host="ateliers.heureux-cyclage.org"
+export x509_country="FR"
+export x509_organization="Ateliers de l'Heureux-Cyclage"
+export x509_organization_unit_name="Anti-autorité de certification primaire"
+export x509_initials="(A)"
+export x509_state_or_province="néant"
+export x509_locality="néant"
+export x509_street_address="néant"
+export x509_postal_code="néant"
+export x509_telephone_number="néant"
+export x509_business_category="V1.0, ni dieu ni maître ni moteur"
+export x509_days="3653"
--- /dev/null
+ SERVICE = smtpd
+ HOME = .
+ RANDFILE = $HOME/var/rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # Pour la validation étendue (Extended Validation (EV))
+ jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1
+ jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+ jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+ prompt = no
+ distinguished_name = service_distinguished_name
+ string_mask = pkix
+ #x509_extensions = root_extensions
+ #req_extensions = service_extension
+ #attributes = req_attributes
+[ service_distinguished_name ]
+ countryName = $ENV::x509_country
+ stateOrProvinceName = $ENV::x509_state_or_province
+ localityName = $ENV::x509_state_or_province
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = Service SMTP (serveur)
+ commonName = $SERVICE.$ENV::x509_host
+ businessCategory = $ENV::x509_business_category
+ jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationCountryName = $ENV::x509_country
+[ service_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:smtp.$ENV::x509_host,DNS:submission.$ENV::x509_host,DNS:smtps.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.pem
+ certificatePolicies = @service_certificate_policies
+[ service_self_signed_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:smtp.$ENV::x509_host,DNS:submission.$ENV::x509_host,DNS:smtps.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.pem
+[ user_extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:$ENV::x509_user@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem
+[ service_certificate_policies ]
+ policyIdentifier = 1.2.250.1.42
+ CPS.1 = https://www.$ENV::x509_host/tls/cps
+[ service_ca ]
+ dir = $HOME/var/lib/x509/service/$SERVICE
+ crl_dir = $dir
+ crlnumber = $dir/crl.num
+ crl = $dir/crl.pem
+ private_key = $dir/key.pem
+ database = $dir/idx.txt
+[ service_self_signed_ca ]
+ dir = $HOME/var/lib/x509/service/$SERVICE
+ crl_dir = $dir
+ crlnumber = $dir/crl.self-signed.num
+ crl = $dir/crl.self-signed.pem
+ database = $dir/idx.self-signed.txt
+ private_key = $dir/key.pem
--- /dev/null
+#!/bin/sh
+# DESCRIPTION: ce fichier regroupe les variables propres à la VM
+
+readonly PATH=$PATH:/usr/sbin:/sbin
+readonly vm_domainname="heureux-cyclage.org"
+readonly vm_hostname="ateliers"
+readonly vm_fqdn="$vm_hostname.$vm_domainname"
+readonly vm=$vm_hostname
+readonly vm_host="rouf.grenode.net"
+
+readonly vm_use_lvm="yes"
+ # - sans LVM :
+ # - on a accès au LVM de l'hôte, mais c'est pas très propre.
+ # - pour l'extension de mémoire, on peut soit :
+ # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk
+ # 1.2. étendre avec sfdisk $vm_dev_disk_home
+ # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered
+ # soit :
+ # 2.1. créer une nouvelle partition sur le LVM de l'hôte
+ # 2.2. l'ajouter comme un disque supplémentaire dans /etc/xen/$vm_fqdn.cfg
+ # 2.3. le monter sur /home2 en pensant à changer DHOME=/home2 dans /etc/adduser.conf
+ # - pour la sauvegarde: on peut soit :
+ # 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git)
+ # 2. sauvegarder incrémentalement avec (duplicity, backup-ninja, BackupPC),
+ # depuis l'hôte pour avoir un snapshot LVM.
+ # - avec LVM :
+ # - question ouverte de la performance du LVM dans du LVM.
+ # - pour l'extension de mémoire, on peut soit :
+ # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk
+ # 1.1. étendre avec pvextend $vm_lvm_pv
+ # 1.1. étendre avec lvresize /dev/${vm_lvm_vg}/${vm_lvm_lv}_home
+ # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered
+ # - pour la sauvegarde: on peut soit :
+ # 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git)
+ # 2. sauvegarder incrémentalement avec (duplicity, backup-ninja, BackupPC),
+ # depuis la VM pour avoir un snapshot LVM.
+
+# Cartographie de la mémoire morte :
+# SATA2 * 2 (/dev/sd{a,b})
+# /dev/sda -> /dev/sda{1,2,3}
+# /dev/sdb -> /dev/sdb{1,2,3}
+# RAID1 logiciel
+# /dev/sd{a,b}1 -> /dev/md0
+# /dev/sd{a,b}2 -> /dev/md1
+# /dev/sd{a,b}3 -> /dev/md2
+# LVM
+# /dev/md0 -> dom0
+# /dev/md2 -> domU -> /dev/mapper/$vm_fqdn-disk
+# LVM
+# /dev/mapper/$vm_fqdn-disk -> /dev/xvda{1,2}
+# /dev/xvda2 -> /dev/mapper/${vm_lvm_vg}-${vm_lvm_lv}_{swap,root,var,home}
+
+case $vm_use_lvm in
+ (no)
+ ;;
+ (yes)
+ readonly vm_lvm_vg=$vm_fqdn
+ readonly vm_lvm_lv=$vm
+ ;;
+ (*)
+ exit 1;;
+ esac
+
+readonly vm_raid_effective_disks=1 # NOTE: RAID1 (mirroring)
+ # NOTE: julm@rouf:~$ sudo pvs /dev/md2 -o+pe_start
+ # PV VG Fmt Attr PSize PFree 1st PE
+ # /dev/md2 domU lvm2 a- 925,64g 470,64g 192,00k <- pas adapté au TRIM SSD, mais on utilise du SATA2
+readonly vm_e2fs_block_size=4096
+ # NOTE: valeur standard pour un disque avec des secteurs de 512 octets :
+ # julm@rouf:~$ grep . /sys/block/sd{a,b}/queue/*_block_size
+ # /sys/block/sda/queue/logical_block_size:512
+ # /sys/block/sda/queue/physical_block_size:512
+ # /sys/block/sdb/queue/logical_block_size:512
+ # /sys/block/sdb/queue/physical_block_size:512
+readonly vm_e2fs_stripe_size=
+ # NOTE: égal au chunk size de mdadm --detail ;
+ # mais ne concerne pas RAID1 où il n'y a pas de changement de disque à effectuer,
+ # et donc pas de chunk size.
+readonly vm_e2fs_stride=${vm_e2fs_stripe_size:+$((vm_e2fs_stripe_size / vm_e2fs_block_size))}
+readonly vm_e2fs_stripe_width=${vm_e2fs_stride:+$((vm_e2fs_stride * vm_raid_effective_disks))}
+ vm_e2fs_extended_options=${vm_e2fs_stride:+,stride=$vm_e2fs_stride}${vm_e2fs_stripe_width:+,stripe_width=$vm_e2fs_stripe_width}
+
+readonly vm_arch="amd64"
+readonly vm_bridge="br-gresille"
+readonly vm_ipv4="91.216.110.42" # NOTE: IPv4 publique assignée par Grésille
+readonly vm_lsb_name="wheezy"
+readonly vm_mac="00:16:3E:E5:98:42" # NOTE: addresse MAC assignée par Grésille
+ # NOTE: on part sur wheezy dès le début
+ # dans l'idée de ne pas s'embêter avec
+ # une migration squeeze -> wheezy dans deux mois ;
+ # et parce qu'on juge wheezy « suffisamment stable ».
+
+rule_env () { # DESCRIPTION: affiche les $vm_*
+ set | grep '^vm_'
+ }
+++ /dev/null
-#!/bin/sh
-# DESCRIPTION: ce fichier regroupe des utilitaires très génériques
-
-mk_dir () {
- local mod=${1#mod=}; shift
- local own=${1#own=}; shift
- sudo mkdir -p "$@"
- ! [ ${mod:+set} ] || sudo chmod $mod "$@"
- ! [ ${own:+set} ] || sudo chown $own "$@"
- }
-mk_reg () {
- local mod=${1#mod=}; shift
- local own=${1#own=}; shift
- local append
- if [ "x${1#--append}" = "x" ]
- then append='-a'; shift
- else append=''
- fi
- sudo tee >&2 $append "$@"
- ! [ ${mod:+set} ] || sudo chmod $mod "$@"
- ! [ ${own:+set} ] || sudo chown $own "$@"
- }
-mk_lnk () {
- sudo ln -fns "$@"
- }
-ssh_key_add () {
- local user=${1#user=}; shift
- local in=$1
- local out=$2
- local tmp=$(mktemp -t "$vm.ssh.XXXXXXXXX.tmp")
- # NOTE: ssh-keygen ne sait lire que depuis un fichier..
- while IFS= read -r key
- do
- # DESCRIPTION: ajoute dans le compte de root les clefs SSH de l'admin non déjà ajoutées.
- has=
- cat >"$tmp" <<-EOF
- $key
- EOF
- key_fpr=$(ssh-keygen -l -f "$tmp" | cut -d ' ' -f 1,2)
- while IFS= read -r auth_key
- do
- cat >"$tmp" <<-EOF
- $auth_key
- EOF
- auth_key_fpr=$(ssh-keygen -l -f "$tmp" | cut -d ' ' -f 1,2)
- if [ "$key_fpr" = "$auth_key_fpr" ]
- then has=1; break
- fi
- done <<-EOF
- $(sudo cat /root/etc/ssh/authorized_keys)
- EOF
- [ ${has:+set} ] ||
- mk_reg mod=640 own="$user:$user" --append "$out" <<-EOF
- $key
- EOF
- done <"$in"
- rm -f "$tmp"
- }
+++ /dev/null
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-mQINBEwLbc8BEADCuF5LsUUDDH5Rc22BMGkBxVtVBX2+8xFHR1hN50kfSECrpYCS
-pC3OcSS2NzbB8ePtLNnyRtQZ3ee6ONd8oXK6bUkqIrXr0s3mEZsi6rHkWViEt3qh
-yZ4ZCeDowMMflvA6eZ1pT1LZ296I768wmuZzh0XLQLJtITWCVdaIsp//PPnh4AQf
-TOEvg3xtMSAN//SLNRH6cgNEzE9d6C7SU5QtJM8bK4aJNfa2ufI2nonsxgPrEOvu
-T95uwajQCV81vB1c0hrOaXfSkPE4WbeZrlIhse4HLbC9sFt9BPRpuxMitKQAJSyq
-FqzXVBa2H2Q++Vx1trRYiLr3tFri4UixCwJ3VoWdpGUjfp0Gka+ssXtfCSikHvhI
-d4CBezUC+tYLDOiI0fhpzlK+YgZf/iXY1IwUyF4rWLzqTENdMkvmnZjvtfY2e/TK
-LqShd9QGR3DmoRv7SgcK8rQ4t59K5IFQ5xTRtMQcWx23bjnwiWzSXrG8s7XAOpm4
-iUUjQKU/aYLPCUiCCqVsUtUvgSSlY4U5JV3OHoPJ2Xjkh9rvT5TktcEt4NOCM7lc
-8Q8zTcOc77oeq/SuaewQTzls8RTmGAX8qntP0KOgJnnnL0XVgsCffIxPWTBsG/tx
-rCxC3ggWiIS097/k4uu1t4F3HgzUP9WQwFWHHeE4HpORs4bsDZ0xAcmaHwARAQAB
-tCFKdWxpZW4gTW91dGluaG8gPGp1bG1AcmlzZXVwLm5ldD6JAmIEEwEKAEwCGwMF
-CQXoLFEGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJPvTxPIxhodHRwOi8vYXV0
-b2dlcmVlLm5ldC9+anVsbS9wdWIuZ3BnAAoJENFa9/Rn6CmbO58P/i0PYhcmJTOI
-f1kox5kK10QdrQIPIMTI9iEkwbvdbqUy0PyKVz0dLdg8H8CPIk567aduuig6GFZ5
-E28YL0ogA5t3dxbf+J/dokNmCSWAf8+zJHUP3vviguzA0f19eKvhR7rYgZbPgi+2
-IdJhWojTOrItpn3Otk/WHCbv4pcM14SbugSa1qptcTZzhJ8NFzY9X4+yEmLoUQ4z
-nhFxrccnFos2WeBWCFGL/DhrweONlF6thJda9lw5ukJzJlzRXn9yO29E1LrPmWzV
-ittrJYjXg5c4lPJIO2TBmm4l2xZTH9DM3DK11V3X42nKlVHlCn1J9g7ow5ymipBs
-4kz/c17itg4LPuZaGF7kWmsoIdmDlWLb74agJz/ql8zy3+X4NkGPrPUbYW4R8436
-87R/pkAPPHx8B6W+v8mOWysyZyEaGvo4E/86sTbVqd9gWzLNUtvVpQ0CsnZZWUok
-SPZSsNK+S7IuKYtyPsxcR8lM+nHF4UOwU9TeVFy3ddjHDkDibjNeUtY5oOVNuqUG
-nGy3cp/yEVp+YVkFT4JDFl/wmSMkxSTrkqDnO1OpTcRg9Uh3sbezy0h8EAheVA2V
-WA+V8RrOV7OWkZUabb4EPhBSTDbe9e1Mr3UIvW5+UipD6FGM2IUSPL6nzD8SdWdW
-mYHA2oW0kIuRo7vYpNkXp9QtONF54JqKtCVKdWxpZW4gTW91dGluaG8gPGp1bG1A
-Z3Jlbm91aWxsZS5jb20+iQJiBBMBCgBMAhsDBQkF6CxRBgsJCAcDAgYVCAIJCgsE
-FgIDAQIeAQIXgAUCT708TyMYaHR0cDovL2F1dG9nZXJlZS5uZXQvfmp1bG0vcHVi
-LmdwZwAKCRDRWvf0Z+gpmz4MD/4ix0DBAtY3zvDcNMjn1YaRLVv3EAQvs8kipaay
-a5o/55bZWrb2VWSLVrfas/ADvEHqBHQxdhbUQiraCD7QIbdt8+5i2UR6/KsvuYIe
-/xqO/QL2/rICheR5QnD1zgC3hC9uHK0ojtDRTi0AFHkTMCkU+p0yPIvUSOovueaR
-iJpkJSsCLYMQEZVKOnw7GDDAqLaXHeVreWbo2GVphD6hsgRfIDKhVDutkHjmXjSX
-qjG/T9H2y+u+wFRcoKc/LVNVTrD3JU290UHNMHoEV8iwaVWpz6plIaPs/S5VBzwA
-ZdsVHNNLuRUc1BHKXCsc2D8C96xnNLYFcEbvxteiAe/OM9BaX3xRcJ7JmPGXT0wH
-nyfx0eX9IfdTeGkX0vwg/9QxlzveFoC6x3BtMKIWZXwT4t9YNuzRq9Tij9Wg/sUP
-NgKr/6JUkL858vvKFPB9q2p0TDFPoqNOkIBObhvqrbCEM20pnlOqZ4X+3Lx16142
-xUmznxZjB/JDCicAMIGyb1mwUNUqAJcoR+qO6iddpjgmyyv8OJwG0jN2M5hRSon5
-8PNza/IKHAPPi7jI06hFroItG/ekftXhAJwkSzPfa/3UQdOHa0Nco9bBl7ZkC4Nd
-k9NDiftSLPaNUZ36hAJ08VLP7j79KkSWO6C1uu0WCEP8fuGTUqly6dSDJtUY0Lv4
-OzRIGbQeSnVsaWVuIE1vdXRpbmhvIDxqdWxtQGxpcDYuZnI+iQKRBBMBCgB7AhsD
-Ah4BAheAAwsKCQYVCgkICwIFFgMCAQAwFIAAAAAAFQAScGthLWFkZHJlc3NAZ251
-cGcub3JnanVsbUBhdXRvZ2VyZWUubmV0IxhodHRwOi8vYXV0b2dlcmVlLm5ldC9+
-anVsbS9wdWIuZ3BnBQJOV2IlBQkF6CxRAAoJENFa9/Rn6CmbXRAP/RXMI1LzU8tR
-G5UVm7FYKx0BBEgLg50JBRJ0HbqyYqp5wy5aqIyQyYkq2Dc0Oxqmxppfje7UXr9m
-cP7euhiIdBlxmvJYFakCi4ox+wIE1pygE/SeN5Ob21Gw4r/7ilqjuzgLYwYpqxlJ
-o6Q67qAGitIWbUMfY6wMg8ejV9QgZkBxJ8X79E+zIPHecVHSPgTgE/qfScCD2Sq8
-CYClfFiesT5iGLGvk4fhY/lC9aVuk+KHVwywMa8qraisR5iH8zQRKyUzmKJZnldE
-whaQaU6yKPUCtzr4T9NKNoOt5jY8zoqbeODWWs5e6Al87/dcl2Tavlz/iGwoOfwg
-s8PZz2eYaK3rryT0GU/6Bv1BfpVG3T6miRvSYEsFY/OMMm1WwW5PiQ7Vx/yMzaXe
-3087it3X+LEtfLl+4DTdEaFl39xl0fC3incVgUQ24EEM1mQm+Ng2srZRlz0nb2/2
-8Kl8wvEGdWXj3CvvUD7DBrDk+StQlCrygvdr07flpIA8hQAj/vp6LcNW8BYXBm2i
-8zwkfCE/O3FTfEE/fIaea6/SMIR7JaDkfIBMGVU7cnTq03Ij093F4yrN2nFbI0iu
-Wyksk1uUNgy83Het6WPWrWSa1z0NxGdSiR3CsbWZX2w/yz2rDQ6RXh+hGHH0Jjgc
-ImfjWvL33N+OZcU2x0c4w/5SIl/xXfvjtCBKdWxpZW4gTW91dGluaG8gPGp1bG1A
-cG9vbHAub3JnPokCkQQTAQoAewIbAwIeAQIXgAMLCgkGFQoJCAsCBRYDAgEAMBSA
-AAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ2p1bG1AYXV0b2dlcmVlLm5ldCMY
-aHR0cDovL2F1dG9nZXJlZS5uZXQvfmp1bG0vcHViLmdwZwUCTldiJgUJBegsUQAK
-CRDRWvf0Z+gpm41aEACAJ2a7Dfk8FOabL50ntxBkd7F6Rk5kuYU2JwtUWlvZ0e9w
-kieAfohFPfRO1nJc7tVd5cjI+SQh83wJVHNGC+U40Zxd/5obSW9S0QD2CUZM+uoP
-sbbJDewe10wuyk/QErDYOzHlcPfzRJyFehM6hX/ExbI0QZ2R7hDXerrtIko7nlIC
-1ck2Nklt8Pq5RVSkw0Sa4WGdVXrWGWEBbCObnuZgGRPc1clFiz43EvLpvXbSY1Xs
-fyOgI9v7NmjeEWdmImODsfupGJ0/JNgjgYLkaP7cupJRiJps8Bmp/DlS7AhYAjI3
-ntKyaE8k+0EGhkjZcFiDvHwWsiHdqWpad9/fbwqEPCKGsYY9dUqzV3K9B1LgWPwk
-cX2zxRneAK+oyrKTLufQ994zJwEuUt6XKCbHlPrTwNlcHy6LPzFWCvYVg5bGn8g8
-dM9pD1PuCWL4nE9mDGyNG3ZwfZTxqQVKMEAiXnnjm3MQz4onimiEizE5+lbgZtlw
-3cNQMxYcOkCevnq9HeRJQ3oedzS2gEC2gWnekGgkd9/GpTb1CR+660yz6HVE4bFg
-D9nKjbu86IkgYZbzxYKvErX16zEglXsvpdpE56t3nEAMRD973ssXrS7twiXnMDQn
-JulSY4/Tztn268vq3znDxMfFaz9pIK6x1VpNYoVunEFSBYs4OZ8XKe2Y3sWgsbQk
-SnVsaWVuIE1vdXRpbmhvIDxqdWxtQGF1dG9nZXJlZS5uZXQ+iQKUBBMBCgB+AhsD
-Ah4BAheAAhkBAwsKCQYVCgkICwIFFgMCAQAwFIAAAAAAFQAScGthLWFkZHJlc3NA
-Z251cGcub3JnanVsbUBhdXRvZ2VyZWUubmV0IxhodHRwOi8vYXV0b2dlcmVlLm5l
-dC9+anVsbS9wdWIuZ3BnBQJOV2IhBQkF6CxRAAoJENFa9/Rn6CmbIQQP/AsGxzLX
-XoS5oFx3m0+igNxzDtmJoyty+4VlLqdvZOsue+rTjagC7avmG8plsD3J027O/689
-Kj6a+EpFZeuo5g8YYzauiGBdCAiM9gwp4In/NzX28qKRlQnV477xb/TR1ypPLXLY
-6DOraZpKGfgKGKxWcMawySIXloOZE5OBAuMkm29pgscoGLoH8rTix07iZJtyn2Sc
-G5QCffQygRSDhcSHk8gIPAo/WTrCsNbk60yxOIoz7xXAlnVugHLv+WAL3c4w9NIN
-8R6a42fyUJbys/0uQ4SQaQQtkt/4W+NKnoAjIMshZkYk6hM84ZbsEGAM81RsvIJt
-7SwUSYQs2kulpCpk3K7XHExpPyv0LFDRt1KFYUT7Zy+ruAjFu4wbMkOcTnnyKdUQ
-waXnak6IGwSuwHBQ5A7e8LDNUaazor4tSKCY1j14sM+u41ETpLP4mAPaT53RPsid
-a7G7NeaadaRMbWyaQ0XoVZBwTkhj6u7D3BZIXPtm7ZWgKx2ccIMCTUbZ76dRbIoN
-Us7Lwr9KUBFeNVP6KL1mMbgZ4611NQVFDszw2KuJd4bp268X5iXgYL9YSTAFb1T7
-6HWuVK/h+l50zaw28oG4VXYMXdH00ap879dS+Ihx3l7nrgsaGJ+/77bxPVPosCTD
-KvQObmlwLTvFgeVZUKdEczf1IP1P+xTaPAOXtCZKdWxpZW4gTW91dGluaG8gPGp1
-bG1AdG9pbGUtbGlicmUub3JnPokCkQQTAQoAewIbAwIeAQIXgAMLCgkGFQoJCAsC
-BRYDAgEAMBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ2p1bG1AYXV0b2dl
-cmVlLm5ldCMYaHR0cDovL2F1dG9nZXJlZS5uZXQvfmp1bG0vcHViLmdwZwUCTldi
-JQUJBegsUQAKCRDRWvf0Z+gpm72iD/0bMsuMU2qA1BPTgnD6xoZIjXYX4Yu3xftD
-86d+muTH3QCaejJVs+yH3QW0H07qkgvGVGoyk2JctblTN0JaRlG4mjvU+kjC7Hqi
-rN2NN3lOM4AjRJzmgX5pbo0YzzyvA42rPfK3Lfsopsm/ux40G008vCCWSD2pYLfF
-hRVbBV4mjgllCzP2hVOpPslbbKid0UhavdeNnESHIwKwXJaCiZBtGWZ+DNyHgqs5
-fRU+TlHTlBLjj65sDEvk82uphqRAYJV3x7WUjAI708dL8zbL2Cmr112bo4K+g6D6
-9l3UyUc4BZYDAOjDqkrOK/sQ2C+9kMd/ENljVJxcIHWGbmfgq0UsL0t1dwrCZANx
-BBfjjeUK0agkUQA2qZVXbEsfMIhYhcc+WpmaNcUkMLGZtFH5XKC6XElaEqMglPn4
-bsxcbUqa5ha9Vf74hnbDe7kVtZPBQWe5ZS+75K3eJMw5mHxOLf/KNhD+bJ9HN+c+
-8f0eANp/ekGuh9Inn2TCL7UBkurfBkC8kbr4N1uiuqGLeu/qxLKItDVMj8h2V1KM
-dKEf3ROcziRJOzcgCSjBDVziDz+jDdHSN2JE5YXJIhq5D2Pux6xAMXhMFDet8Fi7
-MPW60kuSKRmx07BXUXV44LRO1th2fY+krMg9IzqAlLlZXqa/fsv+VgVWxKWVBKLE
-zIxlpBgW8rQuSnVsaWVuIE1vdXRpbmhvIDxqdWxtQHNhdmluZXMuYWxwZXMuZnIu
-ZXUub3JnPokCmwQTAQoAhQIbAwIeAQIXgDoUgAAAAAAVABxwa2EtYWRkcmVzc0Bn
-bnVwZy5vcmdqdWxtQHNhdmluZXMuYWxwZXMuZnIuZXUub3JnAwsKCQYVCgkICwIF
-FgMCAQAjGGh0dHA6Ly9hdXRvZ2VyZWUubmV0L35qdWxtL3B1Yi5ncGcFAk5XYiUF
-CQXoLFEACgkQ0Vr39GfoKZubAxAAtg6UK6qULT2mUxbPfdSzzC7MZtf4JqR80FOm
-6/5IX+syZNltBw0K7+L7lr/h31LEtNyj5XkXyZZzZvuit/YBNBrLLtO7Seknl/fq
-UGswrH/+cmvO7+GXtc2HwRY+RU9HJu9r/m2mjjeucUIzr3ngEpDDSLgEjJji8/6A
-jYJ6/eEkvsn9l8Sy9OHVuDcI1p9eUBe55M1cM6uAWPL9XMHNzVclL9jajHMQwcLg
-7CxdcIU5NGVi0/yET2w4c877sRCezkzuJw3HFRdXvxPjvVcQJZrvtLGpy1KDaxdY
-4AbseGO8nwSj0Yg8mKhk9cD5bRg5PAW+0cDiZ2eH9BLzc2YLVB2lXwnt2WePVzud
-9zPwxnGsaV56lI3cDfMYuJZOR3wrc9WKfJb4hFNgxu/6bnWJIfP+wSxWBaPGmOKh
-hmd7ZZvDxBm51SYtRQwsbyq5wXN99E8n59AkLwng1BtF8kMh4qxAldpobveQzreC
-izGqlkzyAU2Ou9Mlb1aS5N6neSwcgTznMQEVQyfcc8BQrneVAsVnLZwhyxXVCV7b
-VaSVbARWXfoHWnPtWkc6XQpOCVIYx5lHMMkFDjmvK5YHx9PqGBMm6Y6gis9JHbY2
-g+UrLVpBn1maW7HesqfjjHUub1jVsTX03JjyRFuiyOhX+iqftaIHwyYTTmtA0MmJ
-MQMK7+S0L0p1bGllbiBNb3V0aW5obyA8anVsbUBpbnRlcm5ldC5hbHBlcy5mci5l
-dS5vcmc+iQJIBDABCgAyBQJQTNMCKx0gaW50ZXJuZXQuYWxwZXMuZnIuZXUub3Jn
-IC0+IGF1dG9nZXJlZS5uZXQACgkQ0Vr39GfoKZt9zA//blGui+A6+4bx3WixRMi/
-CDPO5k+1Q53lmwtm2EDVAaMMS7Ce0Y1xO3e/rVuXw8RwrzItqpI/JxlfDTVHy1IF
-/IYVIGdQSsa0Af1xZzRaINJjBQbQWRxU9SiOrFL1Lc18YPCZaZ041mv6BiEiaHOr
-xuYT4xmEoSr9yYTA8isE+qeujOkklyxNYjz5D0z+D3f7IMhzBweJlP9wE93xsJVI
-WYzLnqFNfRp8R9dw48Yvm+IQflUXXmHHjrmN2xpzYP52xOk0VNxEKSuEmpr3huEJ
-sILhfInx2NSSp63qIZc6If9/RwCrHKk2E/G1sl2Q0xbdZgx9OGNxEfsXvUZli5fF
-RhybpiZb5DKkkVsVD6JAna4P7uyW9qFT4Bpjtud/UySV5gyYfYhYeggmHIXXgoEv
-8Ul8fAaAkulb6n76AS4vjivqvIY5aHofcWt7DqQBC6TVJjqGL+g5ZEchFbXHFqPn
-OQyqfrwHHLXrTvA+1mRcBRHfHJ1Mn3T69tTQCp+MAns1YphYV5yvWIhA7vHqTRWX
-lTrnm8fmZYbmvfNgH7VSCd+xyW12kKnU3CpJkzTZI/yxlMknXK04w9AcUw4blltl
-YA8W7k+KN8cUsbh2+jhz/NeDnGTA7gFU5aCL1CQvfxAPeOc76xtQgZwniWR9sSt2
-CrQjJA3SXE6gamVFSt8cxme5Ag0ETAt6PwEQAMS9F8kIKR0OIyMQUjt0IuoW1u9T
-YE+D84VhJIwPZlQu5hPSu0u3BBp5Rq6P97rIurC2RvcqWJ/XMNFZn/2YnDYIBCOf
-reEECjho4UeXBKEVltlCcqSdgDsAEv9rL9FWHxvCvZ07mjqbThEAKKUIF1WE7jNT
-0Dse/ZmcnubnaVSnhzo+ZvUeRZMfWiPyaVvbM9xsISJ80KybG7/TR/G5IiFi90xo
-RM0C1F5CqBygAwvGu8qMz5lOnt97QudkeUaDqT7MH4k3tEUKvtqW9Lz5aKmv3VD5
-ZHRXwDsd2Fv0hvtobi4aqhootqjyHRDJj0jYEx3+qLKoha8043YSIUL6DS5TSeTt
-eydBs1ROBi/c8CgRb0lTrahAC+jark/rCmmJgRjyaqhGN3fVKVKwGR+6Y35MSWyq
-he+9tKXF0LJ+7LjOLS4RW6j0HuW2PbdcSRBVRgfRrHzk0k89vAukN7Sc8VGNuCMp
-pMTvZpuvIi6gwu2KxrwbtbpwcEu3TY56wH/vUefFUEMYqLn1JNhFbY9YfGs9OeQM
-7eEGpqWDZlk66soGox/PCgA91OA8gWEqVN3VqEMgFJTYhSLanzxci4wjopsjSqza
-HjenhIWcYq9NeXrlmRIMhf+skB+xByPDUvBJxCuHl5v7wFEyRAdd2KE6k9NzpFSV
-XLB6aHkXL9qDjtZ7ABEBAAGJBHQEGAEKAA8FAkwLej8CGwIFCQHhM4ACWQkQ0Vr3
-9GfoKZvBjSAEGQEKADYFAkwLej8vGGh0dHA6Ly8xOTUuODguODQuNTEvfmp1bG0v
-a2V5L2dwZy9qdWxtLnB1Yi5ncGcACgkQXicZz3D+ip6f2xAAhh9iHeriCbdipkbL
-lqbixykoh4n1f/jv+IzfiNgjTC1XxzUHTY7q9xWdWjhyb1ooGw+zbGSflwsZKbN5
-OOQWnu/rQEDCx2ZVUagknd9KfeH38/AoDfHg5e+ha61DBKozLkKtaC5u77fk4eTz
-2QMycRZBfmbnJilKOQDkW6eMb5AdXdEnBcpLVg6OqJ/h0CfHiL/AdRtyLZdp0/ZU
-irp1eWVJWZtO8xurlCOVyvyE9CAIPVzB8Ql6nc1vRF2/Cpu7LAH6K1YP9naTUhLM
-G/fPP4DrFUQHAvgNAybDETkjpYem4Rfn5Q4eMGgcvpSl8S7drwu2GuSuk0CuxyRB
-JM28dK2KOkorYrLgDCSap1Jl3MzEhQNFLYLwhJYNnnH27MpwXWZP2VS4pIjID39J
-an/naeTsSSYwhFGXLKz8LrG8iMB0pbFZUQjn8oesZFxMurwVxKcHKZsqA1zHdqE8
-4tm3OZ/L01Vt+dF0vmzweMN5dhFPh6qKgSgPrlbvTsuTefs4/KdtVcBh7Q0xjzwY
-90nJuFVDgIpa+bfLeCR7ku3GaUBPBayvz+oAkfEec6WG5jfeI++NHDWPTORrWvlr
-pNMkG7DT4SwuWqf6Xm+F4bjsq4cytS1a921R/mVkTuc+tdnQeY0YxT5gl0sVJIeQ
-qVYWMvT9GKCppXaKFoK5KeQrwEGDjBAAmKZkw+nR3aRRbS8gIkCILJ3/n3bWGryb
-4c6xMIer8GuKYQx/uvXK2p1F1VbHgrKqFXFD9SwqsjW2ycpOAkk/5jvF2HyeHh5l
-m/SLzvtlRwAryfNEOVfbMpLzqactiK+eqkWMBpPoPvvmAXcUssBTSMmkV9NU+81/
-8EQCq3ivkU+z7uWuRoxnyaDMFS71XHb0tt+WhaEjTDe3Py5ibDSxOic81pOYg8uc
-xV+Yf3UXhm0y5EPSmbuJ5PYcnG77zRuwAFy65PCfFb7NgaiMaqsg4p33E5Q2Tim2
-nbAGXpprH6biYm4Z2kDCYC/KycDN0QjJucqAFpqJnImzKOjabaxDn5yfK0F94wo0
-IycOSgxSydLZQzqwldHCD2nY7RDtJbVsGorN1M67C00Gw8M1tf9Ru6lxqD/Zs8Mt
-CybjXdsPvfKkH7pYleLBa/Z8IrZKfpaBvY3F8MWdlWDoZqcoxMAssjfcVrJ13aj9
-bW6AzFyHYllNrfVCh8Ue/gR4u1z3l88B93DeKJS6de8xB7MoOR7w1YWAH8+9N0oa
-SNgQG31cJXR76i9hl2rA8UxKsm32eFn9yltDe0OHJufP5H1QTdMH7mgO/4MGd73+
-QOJrjB6pPaIeWrPlQX3TAi6PUoBKSIqenhiBQTkHl3sjM+AigbX4SHOZepM45Ie7
-gXf8fWISUfqJBHQEGAEKAA8CGwIFAk5XYpwFCQXoE9cCWcGNIAQZAQoANgUCTAt6
-Py8YaHR0cDovLzE5NS44OC44NC41MS9+anVsbS9rZXkvZ3BnL2p1bG0ucHViLmdw
-ZwAKCRBeJxnPcP6Knp/bEACGH2Id6uIJt2KmRsuWpuLHKSiHifV/+O/4jN+I2CNM
-LVfHNQdNjur3FZ1aOHJvWigbD7NsZJ+XCxkps3k45Bae7+tAQMLHZlVRqCSd30p9
-4ffz8CgN8eDl76FrrUMEqjMuQq1oLm7vt+Th5PPZAzJxFkF+ZucmKUo5AORbp4xv
-kB1d0ScFyktWDo6on+HQJ8eIv8B1G3Itl2nT9lSKunV5ZUlZm07zG6uUI5XK/IT0
-IAg9XMHxCXqdzW9EXb8Km7ssAforVg/2dpNSEswb988/gOsVRAcC+A0DJsMROSOl
-h6bhF+flDh4waBy+lKXxLt2vC7Ya5K6TQK7HJEEkzbx0rYo6SitisuAMJJqnUmXc
-zMSFA0UtgvCElg2ecfbsynBdZk/ZVLikiMgPf0lqf+dp5OxJJjCEUZcsrPwusbyI
-wHSlsVlRCOfyh6xkXEy6vBXEpwcpmyoDXMd2oTzi2bc5n8vTVW350XS+bPB4w3l2
-EU+HqoqBKA+uVu9Oy5N5+zj8p21VwGHtDTGPPBj3Scm4VUOAilr5t8t4JHuS7cZp
-QE8FrK/P6gCR8R5zpYbmN94j740cNY9M5Gta+Wuk0yQbsNPhLC5ap/peb4XhuOyr
-hzK1LVr3bVH+ZWRO5z612dB5jRjFPmCXSxUkh5CpVhYy9P0YoKmldooWgrkp5CvA
-QQkQ0Vr39GfoKZv/URAAk6pUUj/SbcARekcxWQ30Cbc3SCr6gAG/PcwBcouE2pBL
-eK7n6+Zb/DYCTfFbdpnTHKByNBbOTExJJpepk2RuxKbFzprLN0pTlX88Uf7Ula1+
-+d4broGxMWufZbsQUhl8hJpWZCTWbdw9Y8wKCcoF9Oe1JZwue4Z4Wpsgh7FBakJg
-x4FVw+D4Ine8Mz9VGBy9foUOlQd8KCLXVrNBtwya6dVDDbFqLBaszEDrf5TegA46
-yy3Kfa812hz/nes0DFnTEoTc4PW6q6Xs0QbGSS6vKJmi0mo7JghIEqKyBSJmMlt3
-CXzk1zKGDkfcaw08RPGkrsY6+kbq85e7ixSKbqMPbzvUyXc6yhXwK/0djIyVm85u
-rR9byZQfF+VNcxY74gCO+f64tUIvqVW3UOcXgHThf/r0AEw3smNr878wRM7UKZM/
-K6uqtgWRauk+cgGB5M0NJScxOuwRa8IicWFagVnqLdrVRuWWia1vJGeyNG1Jk/o+
-THV5r/zcRKYsnJCHJkcN8ksEQGFuKjuZ1Z+mY2P8D99F59QPrqSCH9R2KRml5GFq
-Ah7Xjg5ut2Z1fPI2SOFywMZGowgO5Qa4NWOFmWsOCpHmvKLS+mFHoxpQvCai8hjl
-0u543sarcCeMA8Xnr70yx+WUsVG/Y0zpuAsAXPF3RZQ3TQtDv5TkgRstXjzkMpm5
-Ag0ETAt7ugEQAKodFJpS9VqiH4wdq36aF0T1NuL/ymZKoworZrBV+iFOQ5TKRLJc
-4363b/s4FnGiRNz1gCaOupcDrbR/qATUPoSA/cJBzAMcc0fcwJW+YOrdF69ziRtn
-5hPPvgqNdKnw2UdgQHZk/SXXTmuvLrhUBqSAGuIz0Cx1gGmIe0mTIkgJH3K3igFO
-JlXteaDR68Dg0dZmSo8gHl2ivjBQgUtSHaQxURv9xGrRQQXAm5bg2fxdnfhKNtSv
-6dYSUZhwyCFgCX8VZqTKnS6bEjYk74pQiAZ0EPQLS+/qjEIV0iJjgJbI7slE0Zwe
-fMaNxmog2rlcEYEvkdP6nm0UhTevndb0aFePGZ/Bch1xK6/GZdWXDO0RasXWDMBj
-+q8Tp0hrmRtBjScaILgM1viaSZhFxin34IU2K6gEem85hiNTloUQTmSifFzM21i3
-TQ7qjy76XlRrJethlndX0kjZSBo8m0PiqUs+JbiU88e6hvOYL7yjB46Ja439LC/8
-qxYSLhdUpiGKHXfh18yRKb81hrJYG0EY3rT61vH9p+Nw0Neq4uq648RAPUgf34Lv
-OpHlOSgOfNCEZVHBn0p7k2qUMx0vHP1tCbvN9h89SR2i6scc4XsoXBBK/UngDdeP
-tUSWvEcl9kyJjyMtTb0gMkQndVAwMBAiIASZ+YB8z3vx9gpm2xT0t8a5ABEBAAGJ
-AiUEGAEKAA8FAkwLe7oCGwwFCQHhM4AACgkQ0Vr39GfoKZsQOw//S9M+V2XayLjM
-d0MhXE0Sws/w8dGTqZC3aRMUY4rMMDRXjV/N+Bj4RDC1WyrBj95VubFolaOTkkzD
-PPnWLv17MUfIvOxQflJJ9a1g41BfDI/Euv7GgJf4gAYZjYm0tyjcsbkZR3ZasJuK
-OeyLXedW6Wg/BYfyolrl0g5oi5CwqXacjw87G4Vz9/Ly7ITkt7QyG1wb3LuZZTbt
-R/QMXV6/W1C5AtkksUvvGEtxsgiiKbTEQ3JjmKlDTNHw8N4eZePhaKSvGTM6pbb8
-wtQW8tiXAaGmkXRSQxaU2Pln/edAL18V6mybmZi46TaIYCo4PjnAhMWPSfD5LxU1
-WPMUF5gID7i8QiWiUFGkrQxZboVSzHRhchuBVrpPlx1vIHqaqR/Gdf1ZZC4U7hfy
-arIizdodaB862/IxfeEU8JBc5V68Zls/i9H8BELrtZ3FhhQWnjw3AR/FnvDrizMQ
-f0b/07HA1TqLFAPhDmTdsZj+mHsP6VBWZdSQ3LuGoUnfcH3Hw3r3hOBtolsPYlNs
-HiLc3beelf1mHTVzNtBjz5sxKQRTRal2BPJWTxfStifaZu5zjDQMBaZlbJTbTB6Y
-55byFfqN9h3RO9291yBAcz6IBGHhFYOxqsz0VT03W1lI2g9WX/MQYTBeJkXjz6A2
-CRoxfUpmxOpirhkKyJpe3Umhhgr++02JAiUEGAEKAA8CGwwFAk5XYrAFCQXoEnIA
-CgkQ0Vr39GfoKZtlgw/+IfqUea0q0fD+m9QUobyRSG8nrPnV+QTh3ok3BKTXxohs
-unDPTxz9ClW2Am56ZKh5a9L0JaF28UDf1YZXXbjXl4dSmiu88aTOglMHTJ+K5ASM
-nZ3uAILxIqhDD3BeVkv92F0YYgWFtYJFlGwlAqB1F4ae7x8vZ103q4zUjwefmpRQ
-0J6vdbgAjCgNA1V0iFn6wbiYJK2P4rQ5bRMr5tTHVosU1/tSEF2BKMY+SZTbnR53
-REvuX9spLUdZqclWVvQFUtlmf7UmVmwmNii61HAYXxysqPrEFkI0V6+lfg4kd/dW
-CQ6KkfMSONxkSS8jIXzjr02D0WWu5Bf9LeS+HMSVYCZiJbHFsIf181s9/CdieZnL
-nwFd3kiVKRyzbbdb+O1lDQDF7Go84U6ZUdWDEbzsFV9UDFoF22wcf52Jli78Pt+U
-ML2hAXY1UsMKZ9KF6iQjYQjnyhAt5tkbQm5QjXoyiyNmSyh6EKTkbEONHFqu4Yip
-6NgKOmiUTCXjq1/YYbnia/4dTZ4YaivieO4S9BWnx5X0QpUoI2ZzMS8rqZOF4Oxd
-0rlf7+IDAqDD2XFFYg3E6uQZ+99US43SOCOOzjjvpvM+5R+chhrAfh39QVa3HNs2
-dWUm8QVVgRead2ksPvY7BkNFYlJfTsVB1qxpvjxsVNlD/Ym0XZd2iC0YPMNuBY+5
-Ag0ETAtvtwEQAPkW1H75Q8SD/nAV7JvYlJLT2J1NoNvi0whF/XLEKzIgkSnktAyJ
-/98im0N4ehhznmXDLy+dZY308mlvo9LxhJossVXm2fx6xHwyX5680IAPnZN27WQ9
-FcYsJIXmRJWdsAyjGqI2Ly9FEpfADMaBeYhTMMAThBOyrcTBkzpwGcPHk7v3AEhn
-29rZM5svnaq/5WmL5DIg26yUopz46y73al3Bx4gZlRzADpjxofqVq9pPINRB1KMx
-ExMCJdI9GOYd/Wr5XvAQ1dP9Mpe65qE3w2clKFfdB/2HA0QhTjpI4Q2ytEVDl5hq
-ECapQgrgZuwRFLYpEPFu9I6XusqHaxq4HHIp+Rb+DFDgsDLLDG66akjSk7teZ0g0
-IZZ1dL2APbXqVwa4f9MLQpuiI5UTGHrl5Eg54QVN5zRUlASqqcW6Xu7xg0+ZsGku
-cz5JDdMCR1CZ9qwqA8hrMU0ICcLwj2EqUZikuT8OCL+xVvAV6g5RBxpMFGdYpQJ5
-1fi/iSY8ge4dI09XYL/TvvSAfaInU3VcQ7dgMaKLG4ceIuUJXwqj3nQKhOHU/AM0
-J3dDL+NH9CETbBpU+WIXCXb4foiQjGRQ7wD2S0sIlR5pkk3eyehX72G+lPUTZOsR
-xyxNXHkFoYAkJSS87ZdiUSw1x4giK2StuGJ2Nm99nj9zMZQqg3XBJKkzABEBAAGJ
-AiUEGAEKAA8CGyAFAk5XYowFCQXoHiEACgkQ0Vr39GfoKZtvKg//StVAE+oW0uNb
-GE+DF8lr0Q3+JErqleWfwhpsthXkpOEOxnWdzpjijsjIgb2cJyqendCFucHLPvLQ
-19vkwbzkjMphNW0sDlivONMUfUx6GfO31NZOvypQqzVVpIZjoTjQIv9hRri1inQb
-A0fe1tr9DRLbY44gDc/y20zghZv6XPPVkuEA0UQ68mo9kqa7fV0qZty7+hLrxfuc
-R0YtR9oCtuSZ4aZKCcFGcADqGHtu1kknvXbHHgiR1fjeMo9/ScOe7qEfHmm+09Pc
-ZUAQkWxt9JPzc6UmfLuWN7qzv2gGKFyMGfYEf/EL/65JJPV7o3ZdgEIF7IY66dSS
-7FJt2VvutC+YfLRGFkXPdyhpOx6eTbkXJBYRPF69ic24bphxr/3chay+WG7XyiH5
-/JhVy0WCyd1h5wpTt/Rv9qXj1Y0/U2bIQ0nG/4g4+kQQScAuyYvAXCYoXsdv2a3a
-9ayBvjf9ugySsMqzBGHPPhHHvycWULHpgMhpMhEIlDTsoN99SBsoGTyUD2z2jWIA
-4BAoRySUcV5Wk+Dx5k1xKraHokkK5X48t5SuWj/0AYxEMtSrPIKBK3EE279jTFQX
-yjTWAsKMHhAjy0T/uvGP8fgzO/ukOfTt7/T8qDC2LC3BoUNQpJUduIDFrhxHVmIh
-+JOXylIEam3Nybo/mSRCHxYjz499KHM=
-=RsTM
------END PGP PUBLIC KEY BLOCK-----
+++ /dev/null
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD5FtR++UPEg/5wFeyb2JSS09idTaDb4tMIRf1yxCsyIJEp5LQMif/fIptDeHoYc55lwy8vnWWN9PJpb6PS8YSaLLFV5tn8esR8Ml+evNCAD52Tdu1kPRXGLCSF5kSVnbAMoxqiNi8vRRKXwAzGgXmIUzDAE4QTsq3EwZM6cBnDx5O79wBIZ9va2TObL52qv+Vpi+QyINuslKKc+Osu92pdwceIGZUcwA6Y8aH6lavaTyDUQdSjMRMTAiXSPRjmHf1q+V7wENXT/TKXuuahN8NnJShX3Qf9hwNEIU46SOENsrRFQ5eYahAmqUIK4GbsERS2KRDxbvSOl7rKh2sauBxyKfkW/gxQ4LAyywxuumpI0pO7XmdINCGWdXS9gD216lcGuH/TC0KboiOVExh65eRIOeEFTec0VJQEqqnFul7u8YNPmbBpLnM+SQ3TAkdQmfasKgPIazFNCAnC8I9hKlGYpLk/Dgi/sVbwFeoOUQcaTBRnWKUCedX4v4kmPIHuHSNPV2C/0770gH2iJ1N1XEO3YDGiixuHHiLlCV8Ko950CoTh1PwDNCd3Qy/jR/QhE2waVPliFwl2+H6IkIxkUO8A9ktLCJUeaZJN3snoV+9hvpT1E2TrEccsTVx5BaGAJCUkvO2XYlEsNceIIitkrbhidjZvfZ4/czGUKoN1wSSpMw== GnuPG pub=F2E027182397AC0775714F2AD15AF7F467E8299B sub=7819E44BAEEDE91683811BB00E1AAADBE227DDAA Julien Moutinho <julm@autogeree.net>
+++ /dev/null
-rouf.grenode.net,91.216.110.98 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWolyL7ErNN/uHTAoQFIylOOC9sixbd4i0CNxAcGN0Ht7Z7HpquzwAmRj4JHNgRRTkUFnW0GBOB/E3Py5ckU1CZ8SBZyqt3zrBwO0xybZ6ZWNlzebdgiMU3Ke2p9WfZsAd0HKG9oJjeNJFDVATI/ez0IT8pKFR0AT5wO1u5HHDX3szPl19F5Blk8S3XYc//ZypVTokpH7EDgq+tj8FPERAuwIYl3qAJesR0omwn5Gro87pUhTgqK+9mkXcWacUYsLA6m0uR+1DhdTIHwcsHFoVI+DjwOGmfeI5ZallbgRdmoeTUi1lf1RVu5myoBl6eRob9dLWCtp+7zjp0fmPEDaJ root@rouf
-init.ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAmQZqrcEum8Ixy6kKU6AhENis9EmHOg8z0IPjCrF9glZjet66PLTPCulYcPdiBFhPJjxBFiKKp+bY/qiiVphSO7LXYutgzcbH9dKn681w4vsiAxTYIkgQao0AhrmsIMgoY+PZs3spoKt/E8GQq7SLXb9v7VuRcvQbkKIxp+HIc5uvaf8pZnhT2ODJLW1MiYlyIlJp+ZjvrBKd8/2TZaLOAW6P3XUqNQKCocngnDwDJQnq6EbVhrBjfU4CuFPXk9QY5dJjvSdyb5oCXDabHcQNymZwIYFsfdSjswpoDQH/bzqN0LhlvKYTauUoZNvMQ6FhHb5eiSBOv4vfJM8bJ/EftcT+Lz27u3KD7RePZudNJen75rB99UPWfcc1HkWS6I7pX4wzKtd9cUyx7qqpN7wn9G1RLYDbZ2Zo7AFJeHGdkIZ+SBEdFXuPc7W7p33A7VoRG1U/2Cq8DAiD6FpBYYYscFiacW2oGr913sYKWbSF1QxzmHHIefyio6+GthNHXebXkj3mS7DZGhEDtMq5WO5yhd3kGKsA5z67K0tdf5yte9ACOIVPJ7Ttg/adDHYVKM9Hr8PLX1OpCEuZu4CtX3F+BBH0dn3mLkBFpnHlXdN5mGNw/FDHFSO63t61xSJjM7PJG2/KOREr/5naYhEypG4FwLrbvjFq7dCwcywh+A0a4t6w98=
-ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ==
-|1|p+07/BQvEHNha3nWzaQimjM242U=|Ouc4VzPcrmZoCecGIJb27ztT/Og= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ==
--- /dev/null
+#!/bin/sh
+# DESCRIPTION: ce fichier regroupe des utilitaires très génériques
+
+mk_dir () {
+ local mod=${1#mod=}; shift
+ local own=${1#own=}; shift
+ sudo mkdir -p "$@"
+ ! [ ${mod:+set} ] || sudo chmod $mod "$@"
+ ! [ ${own:+set} ] || sudo chown $own "$@"
+ }
+mk_reg () {
+ local mod=${1#mod=}; shift
+ local own=${1#own=}; shift
+ local append
+ if [ "x${1#--append}" = "x" ]
+ then append='-a'; shift
+ else append=''
+ fi
+ sudo tee >&2 $append "$@"
+ ! [ ${mod:+set} ] || sudo chmod $mod "$@"
+ ! [ ${own:+set} ] || sudo chown $own "$@"
+ }
+mk_lnk () {
+ sudo ln -fns "$@"
+ }
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+mQINBEwLbc8BEADCuF5LsUUDDH5Rc22BMGkBxVtVBX2+8xFHR1hN50kfSECrpYCS
+pC3OcSS2NzbB8ePtLNnyRtQZ3ee6ONd8oXK6bUkqIrXr0s3mEZsi6rHkWViEt3qh
+yZ4ZCeDowMMflvA6eZ1pT1LZ296I768wmuZzh0XLQLJtITWCVdaIsp//PPnh4AQf
+TOEvg3xtMSAN//SLNRH6cgNEzE9d6C7SU5QtJM8bK4aJNfa2ufI2nonsxgPrEOvu
+T95uwajQCV81vB1c0hrOaXfSkPE4WbeZrlIhse4HLbC9sFt9BPRpuxMitKQAJSyq
+FqzXVBa2H2Q++Vx1trRYiLr3tFri4UixCwJ3VoWdpGUjfp0Gka+ssXtfCSikHvhI
+d4CBezUC+tYLDOiI0fhpzlK+YgZf/iXY1IwUyF4rWLzqTENdMkvmnZjvtfY2e/TK
+LqShd9QGR3DmoRv7SgcK8rQ4t59K5IFQ5xTRtMQcWx23bjnwiWzSXrG8s7XAOpm4
+iUUjQKU/aYLPCUiCCqVsUtUvgSSlY4U5JV3OHoPJ2Xjkh9rvT5TktcEt4NOCM7lc
+8Q8zTcOc77oeq/SuaewQTzls8RTmGAX8qntP0KOgJnnnL0XVgsCffIxPWTBsG/tx
+rCxC3ggWiIS097/k4uu1t4F3HgzUP9WQwFWHHeE4HpORs4bsDZ0xAcmaHwARAQAB
+tCFKdWxpZW4gTW91dGluaG8gPGp1bG1AcmlzZXVwLm5ldD6JAmIEEwEKAEwCGwMF
+CQXoLFEGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJPvTxPIxhodHRwOi8vYXV0
+b2dlcmVlLm5ldC9+anVsbS9wdWIuZ3BnAAoJENFa9/Rn6CmbO58P/i0PYhcmJTOI
+f1kox5kK10QdrQIPIMTI9iEkwbvdbqUy0PyKVz0dLdg8H8CPIk567aduuig6GFZ5
+E28YL0ogA5t3dxbf+J/dokNmCSWAf8+zJHUP3vviguzA0f19eKvhR7rYgZbPgi+2
+IdJhWojTOrItpn3Otk/WHCbv4pcM14SbugSa1qptcTZzhJ8NFzY9X4+yEmLoUQ4z
+nhFxrccnFos2WeBWCFGL/DhrweONlF6thJda9lw5ukJzJlzRXn9yO29E1LrPmWzV
+ittrJYjXg5c4lPJIO2TBmm4l2xZTH9DM3DK11V3X42nKlVHlCn1J9g7ow5ymipBs
+4kz/c17itg4LPuZaGF7kWmsoIdmDlWLb74agJz/ql8zy3+X4NkGPrPUbYW4R8436
+87R/pkAPPHx8B6W+v8mOWysyZyEaGvo4E/86sTbVqd9gWzLNUtvVpQ0CsnZZWUok
+SPZSsNK+S7IuKYtyPsxcR8lM+nHF4UOwU9TeVFy3ddjHDkDibjNeUtY5oOVNuqUG
+nGy3cp/yEVp+YVkFT4JDFl/wmSMkxSTrkqDnO1OpTcRg9Uh3sbezy0h8EAheVA2V
+WA+V8RrOV7OWkZUabb4EPhBSTDbe9e1Mr3UIvW5+UipD6FGM2IUSPL6nzD8SdWdW
+mYHA2oW0kIuRo7vYpNkXp9QtONF54JqKtCVKdWxpZW4gTW91dGluaG8gPGp1bG1A
+Z3Jlbm91aWxsZS5jb20+iQJiBBMBCgBMAhsDBQkF6CxRBgsJCAcDAgYVCAIJCgsE
+FgIDAQIeAQIXgAUCT708TyMYaHR0cDovL2F1dG9nZXJlZS5uZXQvfmp1bG0vcHVi
+LmdwZwAKCRDRWvf0Z+gpmz4MD/4ix0DBAtY3zvDcNMjn1YaRLVv3EAQvs8kipaay
+a5o/55bZWrb2VWSLVrfas/ADvEHqBHQxdhbUQiraCD7QIbdt8+5i2UR6/KsvuYIe
+/xqO/QL2/rICheR5QnD1zgC3hC9uHK0ojtDRTi0AFHkTMCkU+p0yPIvUSOovueaR
+iJpkJSsCLYMQEZVKOnw7GDDAqLaXHeVreWbo2GVphD6hsgRfIDKhVDutkHjmXjSX
+qjG/T9H2y+u+wFRcoKc/LVNVTrD3JU290UHNMHoEV8iwaVWpz6plIaPs/S5VBzwA
+ZdsVHNNLuRUc1BHKXCsc2D8C96xnNLYFcEbvxteiAe/OM9BaX3xRcJ7JmPGXT0wH
+nyfx0eX9IfdTeGkX0vwg/9QxlzveFoC6x3BtMKIWZXwT4t9YNuzRq9Tij9Wg/sUP
+NgKr/6JUkL858vvKFPB9q2p0TDFPoqNOkIBObhvqrbCEM20pnlOqZ4X+3Lx16142
+xUmznxZjB/JDCicAMIGyb1mwUNUqAJcoR+qO6iddpjgmyyv8OJwG0jN2M5hRSon5
+8PNza/IKHAPPi7jI06hFroItG/ekftXhAJwkSzPfa/3UQdOHa0Nco9bBl7ZkC4Nd
+k9NDiftSLPaNUZ36hAJ08VLP7j79KkSWO6C1uu0WCEP8fuGTUqly6dSDJtUY0Lv4
+OzRIGbQeSnVsaWVuIE1vdXRpbmhvIDxqdWxtQGxpcDYuZnI+iQKRBBMBCgB7AhsD
+Ah4BAheAAwsKCQYVCgkICwIFFgMCAQAwFIAAAAAAFQAScGthLWFkZHJlc3NAZ251
+cGcub3JnanVsbUBhdXRvZ2VyZWUubmV0IxhodHRwOi8vYXV0b2dlcmVlLm5ldC9+
+anVsbS9wdWIuZ3BnBQJOV2IlBQkF6CxRAAoJENFa9/Rn6CmbXRAP/RXMI1LzU8tR
+G5UVm7FYKx0BBEgLg50JBRJ0HbqyYqp5wy5aqIyQyYkq2Dc0Oxqmxppfje7UXr9m
+cP7euhiIdBlxmvJYFakCi4ox+wIE1pygE/SeN5Ob21Gw4r/7ilqjuzgLYwYpqxlJ
+o6Q67qAGitIWbUMfY6wMg8ejV9QgZkBxJ8X79E+zIPHecVHSPgTgE/qfScCD2Sq8
+CYClfFiesT5iGLGvk4fhY/lC9aVuk+KHVwywMa8qraisR5iH8zQRKyUzmKJZnldE
+whaQaU6yKPUCtzr4T9NKNoOt5jY8zoqbeODWWs5e6Al87/dcl2Tavlz/iGwoOfwg
+s8PZz2eYaK3rryT0GU/6Bv1BfpVG3T6miRvSYEsFY/OMMm1WwW5PiQ7Vx/yMzaXe
+3087it3X+LEtfLl+4DTdEaFl39xl0fC3incVgUQ24EEM1mQm+Ng2srZRlz0nb2/2
+8Kl8wvEGdWXj3CvvUD7DBrDk+StQlCrygvdr07flpIA8hQAj/vp6LcNW8BYXBm2i
+8zwkfCE/O3FTfEE/fIaea6/SMIR7JaDkfIBMGVU7cnTq03Ij093F4yrN2nFbI0iu
+Wyksk1uUNgy83Het6WPWrWSa1z0NxGdSiR3CsbWZX2w/yz2rDQ6RXh+hGHH0Jjgc
+ImfjWvL33N+OZcU2x0c4w/5SIl/xXfvjtCBKdWxpZW4gTW91dGluaG8gPGp1bG1A
+cG9vbHAub3JnPokCkQQTAQoAewIbAwIeAQIXgAMLCgkGFQoJCAsCBRYDAgEAMBSA
+AAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ2p1bG1AYXV0b2dlcmVlLm5ldCMY
+aHR0cDovL2F1dG9nZXJlZS5uZXQvfmp1bG0vcHViLmdwZwUCTldiJgUJBegsUQAK
+CRDRWvf0Z+gpm41aEACAJ2a7Dfk8FOabL50ntxBkd7F6Rk5kuYU2JwtUWlvZ0e9w
+kieAfohFPfRO1nJc7tVd5cjI+SQh83wJVHNGC+U40Zxd/5obSW9S0QD2CUZM+uoP
+sbbJDewe10wuyk/QErDYOzHlcPfzRJyFehM6hX/ExbI0QZ2R7hDXerrtIko7nlIC
+1ck2Nklt8Pq5RVSkw0Sa4WGdVXrWGWEBbCObnuZgGRPc1clFiz43EvLpvXbSY1Xs
+fyOgI9v7NmjeEWdmImODsfupGJ0/JNgjgYLkaP7cupJRiJps8Bmp/DlS7AhYAjI3
+ntKyaE8k+0EGhkjZcFiDvHwWsiHdqWpad9/fbwqEPCKGsYY9dUqzV3K9B1LgWPwk
+cX2zxRneAK+oyrKTLufQ994zJwEuUt6XKCbHlPrTwNlcHy6LPzFWCvYVg5bGn8g8
+dM9pD1PuCWL4nE9mDGyNG3ZwfZTxqQVKMEAiXnnjm3MQz4onimiEizE5+lbgZtlw
+3cNQMxYcOkCevnq9HeRJQ3oedzS2gEC2gWnekGgkd9/GpTb1CR+660yz6HVE4bFg
+D9nKjbu86IkgYZbzxYKvErX16zEglXsvpdpE56t3nEAMRD973ssXrS7twiXnMDQn
+JulSY4/Tztn268vq3znDxMfFaz9pIK6x1VpNYoVunEFSBYs4OZ8XKe2Y3sWgsbQk
+SnVsaWVuIE1vdXRpbmhvIDxqdWxtQGF1dG9nZXJlZS5uZXQ+iQKUBBMBCgB+AhsD
+Ah4BAheAAhkBAwsKCQYVCgkICwIFFgMCAQAwFIAAAAAAFQAScGthLWFkZHJlc3NA
+Z251cGcub3JnanVsbUBhdXRvZ2VyZWUubmV0IxhodHRwOi8vYXV0b2dlcmVlLm5l
+dC9+anVsbS9wdWIuZ3BnBQJOV2IhBQkF6CxRAAoJENFa9/Rn6CmbIQQP/AsGxzLX
+XoS5oFx3m0+igNxzDtmJoyty+4VlLqdvZOsue+rTjagC7avmG8plsD3J027O/689
+Kj6a+EpFZeuo5g8YYzauiGBdCAiM9gwp4In/NzX28qKRlQnV477xb/TR1ypPLXLY
+6DOraZpKGfgKGKxWcMawySIXloOZE5OBAuMkm29pgscoGLoH8rTix07iZJtyn2Sc
+G5QCffQygRSDhcSHk8gIPAo/WTrCsNbk60yxOIoz7xXAlnVugHLv+WAL3c4w9NIN
+8R6a42fyUJbys/0uQ4SQaQQtkt/4W+NKnoAjIMshZkYk6hM84ZbsEGAM81RsvIJt
+7SwUSYQs2kulpCpk3K7XHExpPyv0LFDRt1KFYUT7Zy+ruAjFu4wbMkOcTnnyKdUQ
+waXnak6IGwSuwHBQ5A7e8LDNUaazor4tSKCY1j14sM+u41ETpLP4mAPaT53RPsid
+a7G7NeaadaRMbWyaQ0XoVZBwTkhj6u7D3BZIXPtm7ZWgKx2ccIMCTUbZ76dRbIoN
+Us7Lwr9KUBFeNVP6KL1mMbgZ4611NQVFDszw2KuJd4bp268X5iXgYL9YSTAFb1T7
+6HWuVK/h+l50zaw28oG4VXYMXdH00ap879dS+Ihx3l7nrgsaGJ+/77bxPVPosCTD
+KvQObmlwLTvFgeVZUKdEczf1IP1P+xTaPAOXtCZKdWxpZW4gTW91dGluaG8gPGp1
+bG1AdG9pbGUtbGlicmUub3JnPokCkQQTAQoAewIbAwIeAQIXgAMLCgkGFQoJCAsC
+BRYDAgEAMBSAAAAAABUAEnBrYS1hZGRyZXNzQGdudXBnLm9yZ2p1bG1AYXV0b2dl
+cmVlLm5ldCMYaHR0cDovL2F1dG9nZXJlZS5uZXQvfmp1bG0vcHViLmdwZwUCTldi
+JQUJBegsUQAKCRDRWvf0Z+gpm72iD/0bMsuMU2qA1BPTgnD6xoZIjXYX4Yu3xftD
+86d+muTH3QCaejJVs+yH3QW0H07qkgvGVGoyk2JctblTN0JaRlG4mjvU+kjC7Hqi
+rN2NN3lOM4AjRJzmgX5pbo0YzzyvA42rPfK3Lfsopsm/ux40G008vCCWSD2pYLfF
+hRVbBV4mjgllCzP2hVOpPslbbKid0UhavdeNnESHIwKwXJaCiZBtGWZ+DNyHgqs5
+fRU+TlHTlBLjj65sDEvk82uphqRAYJV3x7WUjAI708dL8zbL2Cmr112bo4K+g6D6
+9l3UyUc4BZYDAOjDqkrOK/sQ2C+9kMd/ENljVJxcIHWGbmfgq0UsL0t1dwrCZANx
+BBfjjeUK0agkUQA2qZVXbEsfMIhYhcc+WpmaNcUkMLGZtFH5XKC6XElaEqMglPn4
+bsxcbUqa5ha9Vf74hnbDe7kVtZPBQWe5ZS+75K3eJMw5mHxOLf/KNhD+bJ9HN+c+
+8f0eANp/ekGuh9Inn2TCL7UBkurfBkC8kbr4N1uiuqGLeu/qxLKItDVMj8h2V1KM
+dKEf3ROcziRJOzcgCSjBDVziDz+jDdHSN2JE5YXJIhq5D2Pux6xAMXhMFDet8Fi7
+MPW60kuSKRmx07BXUXV44LRO1th2fY+krMg9IzqAlLlZXqa/fsv+VgVWxKWVBKLE
+zIxlpBgW8rQuSnVsaWVuIE1vdXRpbmhvIDxqdWxtQHNhdmluZXMuYWxwZXMuZnIu
+ZXUub3JnPokCmwQTAQoAhQIbAwIeAQIXgDoUgAAAAAAVABxwa2EtYWRkcmVzc0Bn
+bnVwZy5vcmdqdWxtQHNhdmluZXMuYWxwZXMuZnIuZXUub3JnAwsKCQYVCgkICwIF
+FgMCAQAjGGh0dHA6Ly9hdXRvZ2VyZWUubmV0L35qdWxtL3B1Yi5ncGcFAk5XYiUF
+CQXoLFEACgkQ0Vr39GfoKZubAxAAtg6UK6qULT2mUxbPfdSzzC7MZtf4JqR80FOm
+6/5IX+syZNltBw0K7+L7lr/h31LEtNyj5XkXyZZzZvuit/YBNBrLLtO7Seknl/fq
+UGswrH/+cmvO7+GXtc2HwRY+RU9HJu9r/m2mjjeucUIzr3ngEpDDSLgEjJji8/6A
+jYJ6/eEkvsn9l8Sy9OHVuDcI1p9eUBe55M1cM6uAWPL9XMHNzVclL9jajHMQwcLg
+7CxdcIU5NGVi0/yET2w4c877sRCezkzuJw3HFRdXvxPjvVcQJZrvtLGpy1KDaxdY
+4AbseGO8nwSj0Yg8mKhk9cD5bRg5PAW+0cDiZ2eH9BLzc2YLVB2lXwnt2WePVzud
+9zPwxnGsaV56lI3cDfMYuJZOR3wrc9WKfJb4hFNgxu/6bnWJIfP+wSxWBaPGmOKh
+hmd7ZZvDxBm51SYtRQwsbyq5wXN99E8n59AkLwng1BtF8kMh4qxAldpobveQzreC
+izGqlkzyAU2Ou9Mlb1aS5N6neSwcgTznMQEVQyfcc8BQrneVAsVnLZwhyxXVCV7b
+VaSVbARWXfoHWnPtWkc6XQpOCVIYx5lHMMkFDjmvK5YHx9PqGBMm6Y6gis9JHbY2
+g+UrLVpBn1maW7HesqfjjHUub1jVsTX03JjyRFuiyOhX+iqftaIHwyYTTmtA0MmJ
+MQMK7+S0L0p1bGllbiBNb3V0aW5obyA8anVsbUBpbnRlcm5ldC5hbHBlcy5mci5l
+dS5vcmc+iQJIBDABCgAyBQJQTNMCKx0gaW50ZXJuZXQuYWxwZXMuZnIuZXUub3Jn
+IC0+IGF1dG9nZXJlZS5uZXQACgkQ0Vr39GfoKZt9zA//blGui+A6+4bx3WixRMi/
+CDPO5k+1Q53lmwtm2EDVAaMMS7Ce0Y1xO3e/rVuXw8RwrzItqpI/JxlfDTVHy1IF
+/IYVIGdQSsa0Af1xZzRaINJjBQbQWRxU9SiOrFL1Lc18YPCZaZ041mv6BiEiaHOr
+xuYT4xmEoSr9yYTA8isE+qeujOkklyxNYjz5D0z+D3f7IMhzBweJlP9wE93xsJVI
+WYzLnqFNfRp8R9dw48Yvm+IQflUXXmHHjrmN2xpzYP52xOk0VNxEKSuEmpr3huEJ
+sILhfInx2NSSp63qIZc6If9/RwCrHKk2E/G1sl2Q0xbdZgx9OGNxEfsXvUZli5fF
+RhybpiZb5DKkkVsVD6JAna4P7uyW9qFT4Bpjtud/UySV5gyYfYhYeggmHIXXgoEv
+8Ul8fAaAkulb6n76AS4vjivqvIY5aHofcWt7DqQBC6TVJjqGL+g5ZEchFbXHFqPn
+OQyqfrwHHLXrTvA+1mRcBRHfHJ1Mn3T69tTQCp+MAns1YphYV5yvWIhA7vHqTRWX
+lTrnm8fmZYbmvfNgH7VSCd+xyW12kKnU3CpJkzTZI/yxlMknXK04w9AcUw4blltl
+YA8W7k+KN8cUsbh2+jhz/NeDnGTA7gFU5aCL1CQvfxAPeOc76xtQgZwniWR9sSt2
+CrQjJA3SXE6gamVFSt8cxme5Ag0ETAt6PwEQAMS9F8kIKR0OIyMQUjt0IuoW1u9T
+YE+D84VhJIwPZlQu5hPSu0u3BBp5Rq6P97rIurC2RvcqWJ/XMNFZn/2YnDYIBCOf
+reEECjho4UeXBKEVltlCcqSdgDsAEv9rL9FWHxvCvZ07mjqbThEAKKUIF1WE7jNT
+0Dse/ZmcnubnaVSnhzo+ZvUeRZMfWiPyaVvbM9xsISJ80KybG7/TR/G5IiFi90xo
+RM0C1F5CqBygAwvGu8qMz5lOnt97QudkeUaDqT7MH4k3tEUKvtqW9Lz5aKmv3VD5
+ZHRXwDsd2Fv0hvtobi4aqhootqjyHRDJj0jYEx3+qLKoha8043YSIUL6DS5TSeTt
+eydBs1ROBi/c8CgRb0lTrahAC+jark/rCmmJgRjyaqhGN3fVKVKwGR+6Y35MSWyq
+he+9tKXF0LJ+7LjOLS4RW6j0HuW2PbdcSRBVRgfRrHzk0k89vAukN7Sc8VGNuCMp
+pMTvZpuvIi6gwu2KxrwbtbpwcEu3TY56wH/vUefFUEMYqLn1JNhFbY9YfGs9OeQM
+7eEGpqWDZlk66soGox/PCgA91OA8gWEqVN3VqEMgFJTYhSLanzxci4wjopsjSqza
+HjenhIWcYq9NeXrlmRIMhf+skB+xByPDUvBJxCuHl5v7wFEyRAdd2KE6k9NzpFSV
+XLB6aHkXL9qDjtZ7ABEBAAGJBHQEGAEKAA8FAkwLej8CGwIFCQHhM4ACWQkQ0Vr3
+9GfoKZvBjSAEGQEKADYFAkwLej8vGGh0dHA6Ly8xOTUuODguODQuNTEvfmp1bG0v
+a2V5L2dwZy9qdWxtLnB1Yi5ncGcACgkQXicZz3D+ip6f2xAAhh9iHeriCbdipkbL
+lqbixykoh4n1f/jv+IzfiNgjTC1XxzUHTY7q9xWdWjhyb1ooGw+zbGSflwsZKbN5
+OOQWnu/rQEDCx2ZVUagknd9KfeH38/AoDfHg5e+ha61DBKozLkKtaC5u77fk4eTz
+2QMycRZBfmbnJilKOQDkW6eMb5AdXdEnBcpLVg6OqJ/h0CfHiL/AdRtyLZdp0/ZU
+irp1eWVJWZtO8xurlCOVyvyE9CAIPVzB8Ql6nc1vRF2/Cpu7LAH6K1YP9naTUhLM
+G/fPP4DrFUQHAvgNAybDETkjpYem4Rfn5Q4eMGgcvpSl8S7drwu2GuSuk0CuxyRB
+JM28dK2KOkorYrLgDCSap1Jl3MzEhQNFLYLwhJYNnnH27MpwXWZP2VS4pIjID39J
+an/naeTsSSYwhFGXLKz8LrG8iMB0pbFZUQjn8oesZFxMurwVxKcHKZsqA1zHdqE8
+4tm3OZ/L01Vt+dF0vmzweMN5dhFPh6qKgSgPrlbvTsuTefs4/KdtVcBh7Q0xjzwY
+90nJuFVDgIpa+bfLeCR7ku3GaUBPBayvz+oAkfEec6WG5jfeI++NHDWPTORrWvlr
+pNMkG7DT4SwuWqf6Xm+F4bjsq4cytS1a921R/mVkTuc+tdnQeY0YxT5gl0sVJIeQ
+qVYWMvT9GKCppXaKFoK5KeQrwEGDjBAAmKZkw+nR3aRRbS8gIkCILJ3/n3bWGryb
+4c6xMIer8GuKYQx/uvXK2p1F1VbHgrKqFXFD9SwqsjW2ycpOAkk/5jvF2HyeHh5l
+m/SLzvtlRwAryfNEOVfbMpLzqactiK+eqkWMBpPoPvvmAXcUssBTSMmkV9NU+81/
+8EQCq3ivkU+z7uWuRoxnyaDMFS71XHb0tt+WhaEjTDe3Py5ibDSxOic81pOYg8uc
+xV+Yf3UXhm0y5EPSmbuJ5PYcnG77zRuwAFy65PCfFb7NgaiMaqsg4p33E5Q2Tim2
+nbAGXpprH6biYm4Z2kDCYC/KycDN0QjJucqAFpqJnImzKOjabaxDn5yfK0F94wo0
+IycOSgxSydLZQzqwldHCD2nY7RDtJbVsGorN1M67C00Gw8M1tf9Ru6lxqD/Zs8Mt
+CybjXdsPvfKkH7pYleLBa/Z8IrZKfpaBvY3F8MWdlWDoZqcoxMAssjfcVrJ13aj9
+bW6AzFyHYllNrfVCh8Ue/gR4u1z3l88B93DeKJS6de8xB7MoOR7w1YWAH8+9N0oa
+SNgQG31cJXR76i9hl2rA8UxKsm32eFn9yltDe0OHJufP5H1QTdMH7mgO/4MGd73+
+QOJrjB6pPaIeWrPlQX3TAi6PUoBKSIqenhiBQTkHl3sjM+AigbX4SHOZepM45Ie7
+gXf8fWISUfqJBHQEGAEKAA8CGwIFAk5XYpwFCQXoE9cCWcGNIAQZAQoANgUCTAt6
+Py8YaHR0cDovLzE5NS44OC44NC41MS9+anVsbS9rZXkvZ3BnL2p1bG0ucHViLmdw
+ZwAKCRBeJxnPcP6Knp/bEACGH2Id6uIJt2KmRsuWpuLHKSiHifV/+O/4jN+I2CNM
+LVfHNQdNjur3FZ1aOHJvWigbD7NsZJ+XCxkps3k45Bae7+tAQMLHZlVRqCSd30p9
+4ffz8CgN8eDl76FrrUMEqjMuQq1oLm7vt+Th5PPZAzJxFkF+ZucmKUo5AORbp4xv
+kB1d0ScFyktWDo6on+HQJ8eIv8B1G3Itl2nT9lSKunV5ZUlZm07zG6uUI5XK/IT0
+IAg9XMHxCXqdzW9EXb8Km7ssAforVg/2dpNSEswb988/gOsVRAcC+A0DJsMROSOl
+h6bhF+flDh4waBy+lKXxLt2vC7Ya5K6TQK7HJEEkzbx0rYo6SitisuAMJJqnUmXc
+zMSFA0UtgvCElg2ecfbsynBdZk/ZVLikiMgPf0lqf+dp5OxJJjCEUZcsrPwusbyI
+wHSlsVlRCOfyh6xkXEy6vBXEpwcpmyoDXMd2oTzi2bc5n8vTVW350XS+bPB4w3l2
+EU+HqoqBKA+uVu9Oy5N5+zj8p21VwGHtDTGPPBj3Scm4VUOAilr5t8t4JHuS7cZp
+QE8FrK/P6gCR8R5zpYbmN94j740cNY9M5Gta+Wuk0yQbsNPhLC5ap/peb4XhuOyr
+hzK1LVr3bVH+ZWRO5z612dB5jRjFPmCXSxUkh5CpVhYy9P0YoKmldooWgrkp5CvA
+QQkQ0Vr39GfoKZv/URAAk6pUUj/SbcARekcxWQ30Cbc3SCr6gAG/PcwBcouE2pBL
+eK7n6+Zb/DYCTfFbdpnTHKByNBbOTExJJpepk2RuxKbFzprLN0pTlX88Uf7Ula1+
++d4broGxMWufZbsQUhl8hJpWZCTWbdw9Y8wKCcoF9Oe1JZwue4Z4Wpsgh7FBakJg
+x4FVw+D4Ine8Mz9VGBy9foUOlQd8KCLXVrNBtwya6dVDDbFqLBaszEDrf5TegA46
+yy3Kfa812hz/nes0DFnTEoTc4PW6q6Xs0QbGSS6vKJmi0mo7JghIEqKyBSJmMlt3
+CXzk1zKGDkfcaw08RPGkrsY6+kbq85e7ixSKbqMPbzvUyXc6yhXwK/0djIyVm85u
+rR9byZQfF+VNcxY74gCO+f64tUIvqVW3UOcXgHThf/r0AEw3smNr878wRM7UKZM/
+K6uqtgWRauk+cgGB5M0NJScxOuwRa8IicWFagVnqLdrVRuWWia1vJGeyNG1Jk/o+
+THV5r/zcRKYsnJCHJkcN8ksEQGFuKjuZ1Z+mY2P8D99F59QPrqSCH9R2KRml5GFq
+Ah7Xjg5ut2Z1fPI2SOFywMZGowgO5Qa4NWOFmWsOCpHmvKLS+mFHoxpQvCai8hjl
+0u543sarcCeMA8Xnr70yx+WUsVG/Y0zpuAsAXPF3RZQ3TQtDv5TkgRstXjzkMpm5
+Ag0ETAt7ugEQAKodFJpS9VqiH4wdq36aF0T1NuL/ymZKoworZrBV+iFOQ5TKRLJc
+4363b/s4FnGiRNz1gCaOupcDrbR/qATUPoSA/cJBzAMcc0fcwJW+YOrdF69ziRtn
+5hPPvgqNdKnw2UdgQHZk/SXXTmuvLrhUBqSAGuIz0Cx1gGmIe0mTIkgJH3K3igFO
+JlXteaDR68Dg0dZmSo8gHl2ivjBQgUtSHaQxURv9xGrRQQXAm5bg2fxdnfhKNtSv
+6dYSUZhwyCFgCX8VZqTKnS6bEjYk74pQiAZ0EPQLS+/qjEIV0iJjgJbI7slE0Zwe
+fMaNxmog2rlcEYEvkdP6nm0UhTevndb0aFePGZ/Bch1xK6/GZdWXDO0RasXWDMBj
++q8Tp0hrmRtBjScaILgM1viaSZhFxin34IU2K6gEem85hiNTloUQTmSifFzM21i3
+TQ7qjy76XlRrJethlndX0kjZSBo8m0PiqUs+JbiU88e6hvOYL7yjB46Ja439LC/8
+qxYSLhdUpiGKHXfh18yRKb81hrJYG0EY3rT61vH9p+Nw0Neq4uq648RAPUgf34Lv
+OpHlOSgOfNCEZVHBn0p7k2qUMx0vHP1tCbvN9h89SR2i6scc4XsoXBBK/UngDdeP
+tUSWvEcl9kyJjyMtTb0gMkQndVAwMBAiIASZ+YB8z3vx9gpm2xT0t8a5ABEBAAGJ
+AiUEGAEKAA8FAkwLe7oCGwwFCQHhM4AACgkQ0Vr39GfoKZsQOw//S9M+V2XayLjM
+d0MhXE0Sws/w8dGTqZC3aRMUY4rMMDRXjV/N+Bj4RDC1WyrBj95VubFolaOTkkzD
+PPnWLv17MUfIvOxQflJJ9a1g41BfDI/Euv7GgJf4gAYZjYm0tyjcsbkZR3ZasJuK
+OeyLXedW6Wg/BYfyolrl0g5oi5CwqXacjw87G4Vz9/Ly7ITkt7QyG1wb3LuZZTbt
+R/QMXV6/W1C5AtkksUvvGEtxsgiiKbTEQ3JjmKlDTNHw8N4eZePhaKSvGTM6pbb8
+wtQW8tiXAaGmkXRSQxaU2Pln/edAL18V6mybmZi46TaIYCo4PjnAhMWPSfD5LxU1
+WPMUF5gID7i8QiWiUFGkrQxZboVSzHRhchuBVrpPlx1vIHqaqR/Gdf1ZZC4U7hfy
+arIizdodaB862/IxfeEU8JBc5V68Zls/i9H8BELrtZ3FhhQWnjw3AR/FnvDrizMQ
+f0b/07HA1TqLFAPhDmTdsZj+mHsP6VBWZdSQ3LuGoUnfcH3Hw3r3hOBtolsPYlNs
+HiLc3beelf1mHTVzNtBjz5sxKQRTRal2BPJWTxfStifaZu5zjDQMBaZlbJTbTB6Y
+55byFfqN9h3RO9291yBAcz6IBGHhFYOxqsz0VT03W1lI2g9WX/MQYTBeJkXjz6A2
+CRoxfUpmxOpirhkKyJpe3Umhhgr++02JAiUEGAEKAA8CGwwFAk5XYrAFCQXoEnIA
+CgkQ0Vr39GfoKZtlgw/+IfqUea0q0fD+m9QUobyRSG8nrPnV+QTh3ok3BKTXxohs
+unDPTxz9ClW2Am56ZKh5a9L0JaF28UDf1YZXXbjXl4dSmiu88aTOglMHTJ+K5ASM
+nZ3uAILxIqhDD3BeVkv92F0YYgWFtYJFlGwlAqB1F4ae7x8vZ103q4zUjwefmpRQ
+0J6vdbgAjCgNA1V0iFn6wbiYJK2P4rQ5bRMr5tTHVosU1/tSEF2BKMY+SZTbnR53
+REvuX9spLUdZqclWVvQFUtlmf7UmVmwmNii61HAYXxysqPrEFkI0V6+lfg4kd/dW
+CQ6KkfMSONxkSS8jIXzjr02D0WWu5Bf9LeS+HMSVYCZiJbHFsIf181s9/CdieZnL
+nwFd3kiVKRyzbbdb+O1lDQDF7Go84U6ZUdWDEbzsFV9UDFoF22wcf52Jli78Pt+U
+ML2hAXY1UsMKZ9KF6iQjYQjnyhAt5tkbQm5QjXoyiyNmSyh6EKTkbEONHFqu4Yip
+6NgKOmiUTCXjq1/YYbnia/4dTZ4YaivieO4S9BWnx5X0QpUoI2ZzMS8rqZOF4Oxd
+0rlf7+IDAqDD2XFFYg3E6uQZ+99US43SOCOOzjjvpvM+5R+chhrAfh39QVa3HNs2
+dWUm8QVVgRead2ksPvY7BkNFYlJfTsVB1qxpvjxsVNlD/Ym0XZd2iC0YPMNuBY+5
+Ag0ETAtvtwEQAPkW1H75Q8SD/nAV7JvYlJLT2J1NoNvi0whF/XLEKzIgkSnktAyJ
+/98im0N4ehhznmXDLy+dZY308mlvo9LxhJossVXm2fx6xHwyX5680IAPnZN27WQ9
+FcYsJIXmRJWdsAyjGqI2Ly9FEpfADMaBeYhTMMAThBOyrcTBkzpwGcPHk7v3AEhn
+29rZM5svnaq/5WmL5DIg26yUopz46y73al3Bx4gZlRzADpjxofqVq9pPINRB1KMx
+ExMCJdI9GOYd/Wr5XvAQ1dP9Mpe65qE3w2clKFfdB/2HA0QhTjpI4Q2ytEVDl5hq
+ECapQgrgZuwRFLYpEPFu9I6XusqHaxq4HHIp+Rb+DFDgsDLLDG66akjSk7teZ0g0
+IZZ1dL2APbXqVwa4f9MLQpuiI5UTGHrl5Eg54QVN5zRUlASqqcW6Xu7xg0+ZsGku
+cz5JDdMCR1CZ9qwqA8hrMU0ICcLwj2EqUZikuT8OCL+xVvAV6g5RBxpMFGdYpQJ5
+1fi/iSY8ge4dI09XYL/TvvSAfaInU3VcQ7dgMaKLG4ceIuUJXwqj3nQKhOHU/AM0
+J3dDL+NH9CETbBpU+WIXCXb4foiQjGRQ7wD2S0sIlR5pkk3eyehX72G+lPUTZOsR
+xyxNXHkFoYAkJSS87ZdiUSw1x4giK2StuGJ2Nm99nj9zMZQqg3XBJKkzABEBAAGJ
+AiUEGAEKAA8CGyAFAk5XYowFCQXoHiEACgkQ0Vr39GfoKZtvKg//StVAE+oW0uNb
+GE+DF8lr0Q3+JErqleWfwhpsthXkpOEOxnWdzpjijsjIgb2cJyqendCFucHLPvLQ
+19vkwbzkjMphNW0sDlivONMUfUx6GfO31NZOvypQqzVVpIZjoTjQIv9hRri1inQb
+A0fe1tr9DRLbY44gDc/y20zghZv6XPPVkuEA0UQ68mo9kqa7fV0qZty7+hLrxfuc
+R0YtR9oCtuSZ4aZKCcFGcADqGHtu1kknvXbHHgiR1fjeMo9/ScOe7qEfHmm+09Pc
+ZUAQkWxt9JPzc6UmfLuWN7qzv2gGKFyMGfYEf/EL/65JJPV7o3ZdgEIF7IY66dSS
+7FJt2VvutC+YfLRGFkXPdyhpOx6eTbkXJBYRPF69ic24bphxr/3chay+WG7XyiH5
+/JhVy0WCyd1h5wpTt/Rv9qXj1Y0/U2bIQ0nG/4g4+kQQScAuyYvAXCYoXsdv2a3a
+9ayBvjf9ugySsMqzBGHPPhHHvycWULHpgMhpMhEIlDTsoN99SBsoGTyUD2z2jWIA
+4BAoRySUcV5Wk+Dx5k1xKraHokkK5X48t5SuWj/0AYxEMtSrPIKBK3EE279jTFQX
+yjTWAsKMHhAjy0T/uvGP8fgzO/ukOfTt7/T8qDC2LC3BoUNQpJUduIDFrhxHVmIh
++JOXylIEam3Nybo/mSRCHxYjz499KHM=
+=RsTM
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD5FtR++UPEg/5wFeyb2JSS09idTaDb4tMIRf1yxCsyIJEp5LQMif/fIptDeHoYc55lwy8vnWWN9PJpb6PS8YSaLLFV5tn8esR8Ml+evNCAD52Tdu1kPRXGLCSF5kSVnbAMoxqiNi8vRRKXwAzGgXmIUzDAE4QTsq3EwZM6cBnDx5O79wBIZ9va2TObL52qv+Vpi+QyINuslKKc+Osu92pdwceIGZUcwA6Y8aH6lavaTyDUQdSjMRMTAiXSPRjmHf1q+V7wENXT/TKXuuahN8NnJShX3Qf9hwNEIU46SOENsrRFQ5eYahAmqUIK4GbsERS2KRDxbvSOl7rKh2sauBxyKfkW/gxQ4LAyywxuumpI0pO7XmdINCGWdXS9gD216lcGuH/TC0KboiOVExh65eRIOeEFTec0VJQEqqnFul7u8YNPmbBpLnM+SQ3TAkdQmfasKgPIazFNCAnC8I9hKlGYpLk/Dgi/sVbwFeoOUQcaTBRnWKUCedX4v4kmPIHuHSNPV2C/0770gH2iJ1N1XEO3YDGiixuHHiLlCV8Ko950CoTh1PwDNCd3Qy/jR/QhE2waVPliFwl2+H6IkIxkUO8A9ktLCJUeaZJN3snoV+9hvpT1E2TrEccsTVx5BaGAJCUkvO2XYlEsNceIIitkrbhidjZvfZ4/czGUKoN1wSSpMw== GnuPG pub=F2E027182397AC0775714F2AD15AF7F467E8299B sub=7819E44BAEEDE91683811BB00E1AAADBE227DDAA Julien Moutinho <julm@autogeree.net>
+++ /dev/null
-#!/bin/sh
-# DESCRIPTION: ce fichier regroupe les variables propres à la VM
-
-readonly PATH=$PATH:/usr/sbin:/sbin
-readonly vm_domainname="heureux-cyclage.org"
-readonly vm_hostname="ateliers"
-readonly vm_fqdn="$vm_hostname.$vm_domainname"
-readonly vm=$vm_hostname
-readonly vm_host="rouf.grenode.net"
-
-readonly vm_use_lvm="yes"
- # - sans LVM :
- # - on a accès au LVM de l'hôte, mais c'est pas très propre.
- # - pour l'extension de mémoire, on peut soit :
- # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk
- # 1.2. étendre avec sfdisk $vm_dev_disk_home
- # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered
- # soit :
- # 2.1. créer une nouvelle partition sur le LVM de l'hôte
- # 2.2. l'ajouter comme un disque supplémentaire dans /etc/xen/$vm_fqdn.cfg
- # 2.3. le monter sur /home2 en pensant à changer DHOME=/home2 dans /etc/adduser.conf
- # - pour la sauvegarde: on peut soit :
- # 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git)
- # 2. sauvegarder incrémentalement avec (duplicity, backup-ninja, BackupPC),
- # depuis l'hôte pour avoir un snapshot LVM.
- # - avec LVM :
- # - question ouverte de la performance du LVM dans du LVM.
- # - pour l'extension de mémoire, on peut soit :
- # 1.1. étendre avec lvresize /dev/domU/$vm_fqdn-disk
- # 1.1. étendre avec pvextend $vm_lvm_pv
- # 1.1. étendre avec lvresize /dev/${vm_lvm_vg}/${vm_lvm_lv}_home
- # 1.3. étendre avec resize2fs /dev/mapper/${vm_lvm_lv}_home_deciphered
- # - pour la sauvegarde: on peut soit :
- # 1. sauvegarder au niveau applicatif (pgdump, mysqldump, etckeeper, git)
- # 2. sauvegarder incrémentalement avec (duplicity, backup-ninja, BackupPC),
- # depuis la VM pour avoir un snapshot LVM.
-
-# Cartographie de la mémoire morte :
-# SATA2 * 2 (/dev/sd{a,b})
-# /dev/sda -> /dev/sda{1,2,3}
-# /dev/sdb -> /dev/sdb{1,2,3}
-# RAID1 logiciel
-# /dev/sd{a,b}1 -> /dev/md0
-# /dev/sd{a,b}2 -> /dev/md1
-# /dev/sd{a,b}3 -> /dev/md2
-# LVM
-# /dev/md0 -> dom0
-# /dev/md2 -> domU -> /dev/mapper/$vm_fqdn-disk
-# LVM
-# /dev/mapper/$vm_fqdn-disk -> /dev/xvda{1,2}
-# /dev/xvda2 -> /dev/mapper/${vm_lvm_vg}-${vm_lvm_lv}_{swap,root,var,home}
-
-case $vm_use_lvm in
- (no)
- ;;
- (yes)
- readonly vm_lvm_vg=$vm_fqdn
- readonly vm_lvm_lv=$vm
- ;;
- (*)
- exit 1;;
- esac
-
-readonly vm_raid_effective_disks=1 # NOTE: RAID1 (mirroring)
- # NOTE: julm@rouf:~$ sudo pvs /dev/md2 -o+pe_start
- # PV VG Fmt Attr PSize PFree 1st PE
- # /dev/md2 domU lvm2 a- 925,64g 470,64g 192,00k <- pas adapté au TRIM SSD, mais on utilise du SATA2
-readonly vm_e2fs_block_size=4096
- # NOTE: valeur standard pour un disque avec des secteurs de 512 octets :
- # julm@rouf:~$ grep . /sys/block/sd{a,b}/queue/*_block_size
- # /sys/block/sda/queue/logical_block_size:512
- # /sys/block/sda/queue/physical_block_size:512
- # /sys/block/sdb/queue/logical_block_size:512
- # /sys/block/sdb/queue/physical_block_size:512
-readonly vm_e2fs_stripe_size=
- # NOTE: égal au chunk size de mdadm --detail ;
- # mais ne concerne pas RAID1 où il n'y a pas de changement de disque à effectuer,
- # et donc pas de chunk size.
-readonly vm_e2fs_stride=${vm_e2fs_stripe_size:+$((vm_e2fs_stripe_size / vm_e2fs_block_size))}
-readonly vm_e2fs_stripe_width=${vm_e2fs_stride:+$((vm_e2fs_stride * vm_raid_effective_disks))}
- vm_e2fs_extended_options=${vm_e2fs_stride:+,stride=$vm_e2fs_stride}${vm_e2fs_stripe_width:+,stripe_width=$vm_e2fs_stripe_width}
-
-readonly vm_arch="amd64"
-readonly vm_bridge="br-gresille"
-readonly vm_ipv4="91.216.110.42" # NOTE: IPv4 publique assignée par Grésille
-readonly vm_lsb_name="wheezy"
-readonly vm_mac="00:16:3E:E5:98:42" # NOTE: addresse MAC assignée par Grésille
- # NOTE: on part sur wheezy dès le début
- # dans l'idée de ne pas s'embêter avec
- # une migration squeeze -> wheezy dans deux mois ;
- # et parce qu'on juge wheezy « suffisamment stable ».
-
-rule_env () { # DESCRIPTION: affiche les $vm_*
- set | grep '^vm_'
- }
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
-. "$tool"/functions.sh
-. "$tool"/vm.sh
+. "$tool"/lib/functions.sh
+. "$tool"/etc/vm.sh
test "$(hostname --fqdn)" = "$vm_host"
rule_help () {
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
-. "$tool"/functions.sh
-. "$tool"/vm.sh
+. "$tool"/lib/functions.sh
+. "$tool"/etc/vm.sh
test "$(hostname --fqdn)" = "$vm_fqdn"
rule_help () {
EOF
done |
mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
- sudo find "$tool"/key -type f -name '*.gpg.pub' -exec gpg --import {} \;
+ sudo find "$tool"/var/pub/openpgp -type f -name '*.key' -exec gpg --import {} \;
}
rule__initramfs_init () {
mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF
#mk_reg mod=640 own=root:root </dev/null \
# /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
# /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/key/ssh.known_hosts |
+ ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
sudo dropbearkey -t rsa -s 4096 -f \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/key/ssh.known_hosts |
+ ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" DSA") return 0; break;; esac
done; return 1 ) ||
mk_dir mod=700 own="root:adm" /etc/skel/tmp
mk_lnk etc/ssh /etc/skel/.ssh
mk_lnk etc/gpg /etc/skel/.gnupg
- ssh-keygen -F "$vm_fqdn" -f "$tool"/key/ssh.known_hosts |
+ ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
# NOTE: le mot-de-passe doit être initialisé par l'utilisateur à l'aide de passwd-init .
eval local home\; home="~$user"
sudo adduser "$user" sudo
- ssh_key_add user=$user "$tool"/key/"$user".ssh.pub "$home"/etc/ssh/authorized_keys
+ ssh_key_add user=$user "$tool"/var/pub/ssh/"$user".key "$home"/etc/ssh/authorized_keys
rule__initramfs_init
rule__user_root_init
- sudo gpg --import "$tool"/key/"$user".gpg.pub
+ sudo gpg --import "$tool"/var/pub/opengpg/"$user".key
}
rule_user_mail_format () {
mk_dir mod=770 own=root:adm /etc/skel/etc/procmail
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
tool=${0%/*}
-. "$tool"/functions.sh
-. "$tool"/vm.sh
+. "$tool"/lib/functions.sh
+. "$tool"/etc/vm.sh
test ! "$(hostname --fqdn)" = "$vm_fqdn"
test ! "$(hostname --fqdn)" = "$vm_host"
local remote=${1#remote=}; shift
git add . &&
git commit -a -C HEAD "$@" &&
- local pwd=$(cd "$tool" && cd -)
GIT_SSH=./vm_ssh git push -v -f "$remote"
}
whoami
}
rule_disk_key_send () {
- gpg --decrypt key/secret/$vm_fqdn.disk.gpg |
- ssh "$@" root@$vm_fqdn \
+ gpg --decrypt var/lib/luks/$vm_fqdn.key.gpg |
+ "$tool"/vm_ssh root@$vm_fqdn "$@" \
-o CheckHostIP=no \
-o HostKeyAlias=init.$vm_fqdn \
- -o StrictHostKeyChecking=yes \
- -o UserKnownHostsFile="$tool"/key/ssh.known_hosts \
tee /lib/cryptsetup/passfifo \>/dev/null
}
rule_disk_key_backup () {
for part in root swap var home
do
- rule_ssh sudo cryptsetup luksHeaderBackup /dev/$vm_lvm_vg/${vm_lvm_lv}_${part} |
- gpg --encrypt --recipient $USER@ -o key/secret/${vm_lvm_lv}_${part}.luks.gpg
- done
- }
-rule_disk_key_restore () {
- for part in root swap var home
- do
- gpg --decrypt ${vm_lvm_lv}_${part}.luks |
- rule_ssh sudo cryptsetup luksHeaderRestore /dev/$vm_lvm_vg/${vm_lvm_lv}_${part}
+ mkdir -p var/lib/luks
+ rule_ssh -l root ' \
+ tmp=$(mktemp)
+ cryptsetup luksHeaderBackup \
+ /dev/$vm_lvm_vg/${vm_lvm_lv}_${part} \
+ --header-backup-file "$tmp" \
+ cat "$tmp"
+ shred --remove "$tmp"
+ ' |
+ gpg --encrypt --recipient $USER@ \
+ -o var/lib/luks/${vm_lvm_lv}_${part}.luks.gpg
done
}
tool=${0%/*}
ssh \
-o StrictHostKeyChecking=yes \
- -o UserKnownHostsFile="$tool"/key/ssh.known_hosts \
+ -o UserKnownHostsFile=etc/openssh/known_hosts \
+ -o HashKnownHosts=no \
"$@"
dépôts / lhc / ateliers.git / commitdiff