Update to 0.0.99.5

Start using Toolbx as the name of the project, instead of Toolbox; and recommend subscription-manager, as requested by the Fedora Workstation Working Group [1], to make it easier to have gratis, self-supported Red Hat Enterprise Linux containers on Fedora. [1] https://pagure.io/fedora-workstation/issue/391
2023-12-19 12:43:59 +01:00 · 2023-12-19 12:43:59 +01:00 · 6682165143
commit 6682165143
parent a7b53166a8
9 changed files with 31 additions and 1444 deletions
--- a/.gitignore
+++ b/.gitignore
@ -30,3 +30,4 @@
 /toolbox-0.0.99.3.tar.xz
 /toolbox-0.0.99.3-vendor.tar.xz
 /toolbox-0.0.99.4-vendored.tar.xz
 /toolbox-0.0.99.5-vendored.tar.xz
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (toolbox-0.0.99.4-vendored.tar.xz) = 882cd6ec1c1a193af8774dfdfd0aff72d376c4fec3e0cc702e2d524353c051e408eab2ac3fb43ec00fe622b46ac89fdbe97aca2f7cfbe3822e5d3ff1743f2fd0
+SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745
--- a/toolbox-Build-fixes.patch
+++ b/toolbox-Build-fixes.patch
@ -1,240 +0,0 @@
 From 424cc42fba3cb182a360dcdda68caf20d9141ae6 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Tue, 28 Feb 2023 17:12:04 +0100
 Subject: [PATCH 1/4] cmd/root: Don't use podman(1) when generating the
 completions
 Ever since commit bafbbe81c9220cb3, the shell completions are generated
 while building Toolbx using the 'completion' command.  This involves
 running toolbox(1) itself, and hence invoking 'podman version' to decide
 if 'podman system migrate' is needed or not.
 Unfortunately, some build environments, like Fedora's, are set up inside
 a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may
 not work because it does various things with namespaces(7) and clone(2)
 that can, under certain circumstances, encounter an EPERM.
 Therefore, it's better to avoid using podman(1) when generating the
 shell completions, especially, since they are generated by Cobra itself
 and podman(1) is not involved at all.
 Note that podman(1) is needed when the generated shell completions are
 actually used in interactive command line environments.  The shell
 completions invoke the hidden '__complete' command to get the results
 that are presented to the user, and, if needed, 'podman system migrate'
 will continue to be run as part of that.
 This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011
 because podman(1) is now only an optional runtime dependency for the
 system tests.
 https://github.com/containers/podman/issues/17657
 ---
 meson.build     | 2 +-
 src/cmd/root.go | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)
 diff --git a/meson.build b/meson.build
 index 6f044bb204e3..653a3d3ac588 100644
 --- a/meson.build
 +++ b/meson.build
@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h'])
 go = find_program('go')
 go_md2man = find_program('go-md2man')
 -podman = find_program('podman')
 bats = find_program('bats', required: false)
 codespell = find_program('codespell', required: false)
 htpasswd = find_program('htpasswd', required: false)
 openssl = find_program('openssl', required: false)
 +podman = find_program('podman', required: false)
 shellcheck = find_program('shellcheck', required: false)
 skopeo = find_program('skopeo', required: false)
 diff --git a/src/cmd/root.go b/src/cmd/root.go
 index 304b03dcd889..9975ccc7a4c8 100644
 --- a/src/cmd/root.go
 +++ b/src/cmd/root.go
@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error {
 	logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath)
 -	if err := migrate(); err != nil {
 +	if err := migrate(cmd, args); err != nil {
 		return err
 	}
@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error {
 	return rootRunImpl(cmd, args)
 }
 -func migrate() error {
 +func migrate(cmd *cobra.Command, args []string) error {
 	logrus.Debug("Migrating to newer Podman")
 	if utils.IsInsideContainer() {
 		return nil
 	}
 +	if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
 +		logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName)
 +		return nil
 +	}
 +
 	configDir, err := os.UserConfigDir()
 	if err != nil {
 		logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err)
 -- 
 2.41.0
 From 0723706168a1bde708bc9acc203c5e9870bc94d5 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Wed, 1 Mar 2023 19:41:56 +0100
 Subject: [PATCH 2/4] cmd/root: Sprinkle a debug log
 https://github.com/containers/toolbox/pull/1251
 ---
 src/cmd/root.go | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/cmd/root.go b/src/cmd/root.go
 index 9975ccc7a4c8..2e7428a20b24 100644
 --- a/src/cmd/root.go
 +++ b/src/cmd/root.go
@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error {
 	logrus.Debug("Migrating to newer Podman")
 	if utils.IsInsideContainer() {
 +		logrus.Debug("Migration not needed: running inside a container")
 		return nil
 	}
 -- 
 2.41.0
 From 0736db58456bb635854493e28a0c36bda49988ce Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Wed, 1 Mar 2023 19:46:11 +0100
 Subject: [PATCH 3/4] cmd/root: Shuffle some code around and sprinkle some
 debug logs
 Having a separate convenience function reduces the indentation levels by
 at least one, and sometimes two, and makes it easy to have more detailed
 debug logs.
 This will make the subsequent commit easier to read.
 https://github.com/containers/toolbox/issues/1246
 ---
 src/cmd/root.go | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)
 diff --git a/src/cmd/root.go b/src/cmd/root.go
 index 2e7428a20b24..9aafe3e0d3be 100644
 --- a/src/cmd/root.go
 +++ b/src/cmd/root.go
@@ -1,5 +1,5 @@
 /*
 - * Copyright © 2019 – 2022 Red Hat Inc.
 + * Copyright © 2019 – 2023 Red Hat Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -139,13 +139,8 @@ func preRun(cmd *cobra.Command, args []string) error {
 	if !utils.IsInsideContainer() {
 		logrus.Debugf("Running on a cgroups v%d host", cgroupsVersion)
 -		if currentUser.Uid != "0" {
 -			logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", currentUser.Username)
 -
 -			if _, err := utils.ValidateSubIDRanges(currentUser); err != nil {
 -				logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
 -				return newSubIDError()
 -			}
 +		if _, err := validateSubIDRanges(cmd, args, currentUser); err != nil {
 +			return err
 		}
 	}
@@ -392,3 +387,24 @@ func setUpLoggers() error {
 	return nil
 }
 +
 +func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bool, error) {
 +	logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", user.Username)
 +
 +	if user.Uid == "0" {
 +		logrus.Debugf("Look-up not needed: user %s doesn't need them", user.Username)
 +		return true, nil
 +	}
 +
 +	if utils.IsInsideContainer() {
 +		logrus.Debug("Look-up not needed: running inside a container")
 +		return true, nil
 +	}
 +
 +	if _, err := utils.ValidateSubIDRanges(user); err != nil {
 +		logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
 +		return false, newSubIDError()
 +	}
 +
 +	return true, nil
 +}
 -- 
 2.41.0
 From 02537eac420f49e96110663794ef5f2511eb6860 Mon Sep 17 00:00:00 2001
 From: Jan Zerebecki <jan.suse@zerebecki.de>
 Date: Wed, 1 Mar 2023 19:52:28 +0100
 Subject: [PATCH 4/4] cmd/root: Don't validate subordinate IDs when generating
 the completions
 Ever since commit bafbbe81c9220cb3, the shell completions are generated
 while building Toolbx using the 'completion' command.  This involves
 running toolbox(1) itself, and hence validating the subordinate user and
 group ID ranges.
 Unfortunately, some build environments, like openSUSE's, don't have
 subordinate ID ranges set up.  Therefore, it's better to not validate
 the subordinate ID ranges when generating the shell completions, since
 they are generated by Cobra itself and subordinate ID ranges are not
 involved at all.
 Note that subordinate ID ranges may be needed when the generated shell
 completions are actually used in interactive command line environments.
 The shell completions invoke the hidden '__complete' command to get the
 results that are presented to the user, and, if needed, the subordinate
 ID ranges will continue to be used by podman(1) as part of that.
 Some changes by Debarshi Ray.
 https://github.com/containers/toolbox/issues/1246
 https://github.com/containers/toolbox/pull/1249
 ---
 src/cmd/root.go | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/src/cmd/root.go b/src/cmd/root.go
 index 9aafe3e0d3be..aee9fe026ac3 100644
 --- a/src/cmd/root.go
 +++ b/src/cmd/root.go
@@ -401,6 +401,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo
 		return true, nil
 	}
 +	if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
 +		logrus.Debugf("Look-up not needed: command %s doesn't need them", cmdName)
 +		return true, nil
 +	}
 +
 	if _, err := utils.ValidateSubIDRanges(user); err != nil {
 		logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
 		return false, newSubIDError()
 -- 
 2.41.0
--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
@ -1,4 +1,4 @@
-From 865f58881c17c233f288b8978faaeba8b4b2c2f0 Mon Sep 17 00:00:00 2001
+From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
@ -50,5 +50,5 @@ index c572d6dfb02b..cae2de426a96 100755
 exit "$?"
 -- 
-2.39.2
+2.43.0
--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
@ -1,4 +1,4 @@
-From f4582e4748a15c462eac229f9bd9214415f166c9 Mon Sep 17 00:00:00 2001
+From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
@ -50,5 +50,5 @@ index c572d6dfb02b..0e6a2efa6853 100755
 exit "$?"
 -- 
-2.39.2
+2.43.0
--- a/toolbox-Simplify-removing-the-user-s-password.patch
+++ b/toolbox-Simplify-removing-the-user-s-password.patch
--- a/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch
+++ b/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch
@ -1,44 +0,0 @@
 From a3e8d8d12bac6dd63010b71c6e091486fb585f37 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Thu, 30 Nov 2023 19:22:56 +0100
 Subject: [PATCH] cmd: Track the active container on Fedora Linux Asahi Remix
 Christian Hergert requested this.  He is working on improving the
 integration of Toolbx with the terminal emulation stack in GNOME and
 Fedora, and he is using Fedora Linux Asahi Remix for his work.
 https://github.com/containers/toolbox/pull/1413
 ---
 src/cmd/enter.go             | 2 ++
 src/cmd/rootMigrationPath.go | 2 ++
 2 files changed, 4 insertions(+)
 diff --git a/src/cmd/enter.go b/src/cmd/enter.go
 index f902ff6787cd..2b89d2c853ae 100644
 --- a/src/cmd/enter.go
 +++ b/src/cmd/enter.go
@@ -138,6 +138,8 @@ func enter(cmd *cobra.Command, args []string) error {
 	if hostID == "fedora" && (hostVariantID == "silverblue" || hostVariantID == "workstation") {
 		emitEscapeSequence = true
 +	} else if hostID == "fedora-asahi-remix" {
 +		emitEscapeSequence = true
 	}
 	if err := runCommand(container,
 diff --git a/src/cmd/rootMigrationPath.go b/src/cmd/rootMigrationPath.go
 index 40af5bd81d4e..92a24ac6edf6 100644
 --- a/src/cmd/rootMigrationPath.go
 +++ b/src/cmd/rootMigrationPath.go
@@ -86,6 +86,8 @@ func rootRunImpl(cmd *cobra.Command, args []string) error {
 	if hostID == "fedora" && (hostVariantID == "silverblue" || hostVariantID == "workstation") {
 		emitEscapeSequence = true
 +	} else if hostID == "fedora-asahi-remix" {
 +		emitEscapeSequence = true
 	}
 	if err := runCommand(container,
 -- 
 2.42.0
--- a/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch
+++ b/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch
@ -1,76 +0,0 @@
 From 1fde98456652ddbcb750ade2121c5ceec93fbfae Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Thu, 13 Jul 2023 13:08:40 +0200
 Subject: [PATCH] cmd/initContainer: Be aware of security hardened mount points
 Sometimes locations such as /var/lib/flatpak, /var/lib/systemd/coredump
 and /var/log/journal sit on security hardened mount points that are
 marked as 'nosuid,nodev,noexec' [1].  In such cases, when Toolbx is used
 rootless, an attempt to bind mount these locations read-only at runtime
 with mount(8) fails because of permission problems:
  # mount --rbind -o ro <source> <containerPath>
  mount: <containerPath>: filesystem was mounted, but any subsequent
      operation failed: Unknown error 5005.
 (Note that the above error message from mount(8) was subsequently
 improved to show something more meaningful than 'Unknown error' [2].)
 The problem is that 'init-container' is running inside the container's
 mount and user namespace, and the source paths were mounted inside the
 host's namespace with 'nosuid,nodev,noexec'.  The above mount(8) call
 tries to remove the 'nosuid,nodev,noexec' flags from the mount point and
 replace them with only 'ro', which is something that can't be done from
 a child namespace.
 Note that this doesn't fail when Toolbx is running as root.  This is
 because the container uses the host's user namespace and is able to
 remove the 'nosuid,nodev,noexec' flags from the mount point and replace
 them with only 'ro'.  Even though it doesn't fail, the flags shouldn't
 get replaced like that inside the container, because it removes the
 security hardening of those mount points.
 There's actually no benefit in bind mounting these paths as read-only.
 It was historically done this way 'just to be safe' because a user isn't
 expected to write to these locations from inside a container.  However,
 Toolbx doesn't intend to provide any heightened security beyond what's
 already available on the host.
 Hence, it's better to get out of the way and leave it to the permissions
 on the source location from the host operating system to guard the
 castle.  This is accomplished by not passing any file system options to
 mount(8) [1].
 Based on an idea from Si.
 [1] https://man7.org/linux/man-pages/man8/mount.8.html
 [2] util-linux commit 9420ca34dc8b6f0f
    https://github.com/util-linux/util-linux/commit/9420ca34dc8b6f0f
    https://github.com/util-linux/util-linux/pull/2376
 https://github.com/containers/toolbox/issues/911
 ---
 src/cmd/initContainer.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go
 index 465ac063b210..c4cd1b02d298 100644
 --- a/src/cmd/initContainer.go
 +++ b/src/cmd/initContainer.go
@@ -62,10 +62,10 @@ var (
 		{"/run/udev/data", "/run/host/run/udev/data", ""},
 		{"/run/udev/tags", "/run/host/run/udev/tags", ""},
 		{"/tmp", "/run/host/tmp", "rslave"},
 -		{"/var/lib/flatpak", "/run/host/var/lib/flatpak", "ro"},
 +		{"/var/lib/flatpak", "/run/host/var/lib/flatpak", ""},
 		{"/var/lib/libvirt", "/run/host/var/lib/libvirt", ""},
 -		{"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", "ro"},
 -		{"/var/log/journal", "/run/host/var/log/journal", "ro"},
 +		{"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", ""},
 +		{"/var/log/journal", "/run/host/var/log/journal", ""},
 		{"/var/mnt", "/run/host/var/mnt", "rslave"},
 	}
 )
 -- 
 2.41.0
--- a/toolbox.spec
+++ b/toolbox.spec
@ -1,7 +1,7 @@
 %global __brp_check_rpaths %{nil}
 Name:          toolbox
-Version:       0.0.99.4
+Version:       0.0.99.5
 %global goipath github.com/containers/%{name}
@ -17,8 +17,8 @@ Version:       0.0.99.4
 %endif
 %endif
-Release:       10%{?dist}
+Release:       1%{?dist}
-Summary:       Tool for containerized command line environments on Linux
+Summary:       Tool for interactive command line environments on Linux
 License:       ASL 2.0
 URL:           https://containertoolbx.org/
@ -27,12 +27,6 @@ Source0:       https://github.com/containers/%{name}/releases/download/%{version
 # RHEL specific
 Source1:       %{name}.conf
 # Upstream
 Patch0:        toolbox-Build-fixes.patch
 Patch1:        toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch
 Patch2:        toolbox-Simplify-removing-the-user-s-password.patch
 Patch3:        toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch
 # Fedora specific
 Patch100:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
 Patch101:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
@ -44,7 +38,7 @@ Patch202:      toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
 BuildRequires: gcc
 BuildRequires: go-md2man
-BuildRequires: golang >= 1.19.4
+BuildRequires: golang >= 1.20
 BuildRequires: meson >= 0.58.0
 BuildRequires: pkgconfig(bash-completion)
 BuildRequires: shadow-utils-subid-devel
@ -54,14 +48,15 @@ BuildRequires: systemd-rpm-macros
 BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1
 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0
 BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0
-BuildRequires: golang(github.com/docker/go-units) >= 0.4.0
+BuildRequires: golang(github.com/docker/go-units) >= 0.5.0
 BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1
 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6
 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1
 BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0
 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1
-BuildRequires: golang(golang.org/x/sys/unix)
+BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0
-BuildRequires: golang(golang.org/x/term)
+BuildRequires: golang(golang.org/x/text) >= 0.3.8
 BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0
 BuildRequires: pkgconfig(fish)
 # for tests
 # BuildRequires: codespell
@ -69,17 +64,26 @@ BuildRequires: pkgconfig(fish)
 # BuildRequires: ShellCheck
 %endif
 Recommends:    skopeo
 Recommends:    subscription-manager
 Requires:      containers-common
-Requires:      podman >= 1.4.0
+Requires:      podman >= 1.6.4
 %if ! 0%{?rhel}
 Requires:      flatpak-session-helper
 %endif
 %description
-Toolbox is a tool for Linux operating systems, which allows the use of
+Toolbx is a tool for Linux, which allows the use of interactive command line
-containerized command line environments. It is built on top of Podman and
+environments for development and troubleshooting the host operating system,
-other standard container technologies from OCI.
+without having to install software on the host. It is built on top of Podman
 and other standard container technologies from OCI.
 Toolbx environments have seamless access to the user's home directory, the
 Wayland and X11 sockets, networking (including Avahi), removable devices (like
 USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
 database, etc..
 %if ! 0%{?rhel}
@ -163,14 +167,13 @@ Summary:       Tests for %{name}
 Requires:      %{name}%{?_isa} = %{version}-%{release}
 Requires:      coreutils
 Requires:      gawk
 Requires:      grep
 # for htpasswd
 Requires:      httpd-tools
 Requires:      openssl
 Requires:      skopeo
 %if ! 0%{?rhel}
-Requires:      bats
+Requires:      bats >= 1.7.0
 %endif
 %description   tests
@ -179,10 +182,6 @@ The %{name}-tests package contains system tests for %{name}.
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %if 0%{?fedora}
 %ifnarch ppc64
@ -267,6 +266,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
 %changelog
 * Tue Dec 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-1
 - Update to 0.0.99.5
 * Tue Dec 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-10
 - Require openssl(1) for the system tests in the tests subpackage
`@ -1 +1 @@`
	`SHA512 (toolbox-0.0.99.4-vendored.tar.xz) = 882cd6ec1c1a193af8774dfdfd0aff72d376c4fec3e0cc702e2d524353c051e408eab2ac3fb43ec00fe622b46ac89fdbe97aca2f7cfbe3822e5d3ff1743f2fd0`	`SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745`