diff --git a/COPYRIGHT b/COPYRIGHT deleted file mode 120000 index 86c9843..0000000 --- a/COPYRIGHT +++ /dev/null @@ -1 +0,0 @@ -cbox-tree.d/usr/share/doc/cryptobox/copyright \ No newline at end of file diff --git a/bin/cbox-manage.sh b/bin/cbox-manage.sh new file mode 100755 index 0000000..d79b215 --- /dev/null +++ b/bin/cbox-manage.sh @@ -0,0 +1,590 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id$ +# +# this script does EVERYTHING +# all other scripts are only frontends :) +# +# called by: +# - some rc-scripts +# - the web frontend cgi +# + +# TODO: check permissions and owners of config files, directories and scripts before +# running cbox-root-actions.sh + +set -eu + +# define reasonable defaults +USE_STUNNEL=0 +EXEC_FIREWALL_RULES=0 +SKIP_NETWORK_CONFIG=1 +CONF_FILE=/etc/cryptobox/cryptobox.conf + + +# read the default setting file, if it exists +[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox + +# parse config file +. "$CONF_FILE" + +# check for writable log file +[ -w "$LOG_FILE" ] || LOG_FILE=/tmp/$(basename "$LOG_FILE") + +## configuration +CERT_TEMP=/tmp/stunnel.pem + +######## stuff ########## + +ALL_PARTITIONS=$(cat /proc/partitions | sed '1,2d; s/ */ /g; s/^ *//' | cut -d " " -f 4) + +######################### + +function log_msg() +{ + # the log file is not writable during boot - try before writing ... + [ -w "$LOG_FILE" ] || return 0 + echo >>"$LOG_FILE" + echo "##### `date` #####" >>"$LOG_FILE" + echo "$1" >>"$LOG_FILE" +} + + +function error_msg() +# parameters: ExitCode ErrorMessage +{ + echo "[`date`] - $2" | tee -a "$LOG_FILE" >&2 + # print the execution stack - not usable with busybox + # caller | sed 's/^/\t/' >&2 + exit "$1" +} + + +function config_set_value() +# parameters: SettingName [SettingValue] +# read from stdin if SettingValue is not defined +{ + [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config rw + if [ $# -gt 1 ] + then echo -n "$2" > "$CONFIG_DIR/$1" + else cat - >"$CONFIG_DIR/$1" + fi + [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config ro +} + + +function config_get_value() +# parameters: SettingName +{ + # use mounted config, if it exists - otherwise use defaults + local conf_dir + if is_config_active + then conf_dir=$CONFIG_DIR + else conf_dir=$CONFIG_DEFAULTS_DIR + fi + [ -z "$1" ] && error_msg 1 "empty setting name" + # check for existence - maybe use default values (for old releases without this setting) + if [ ! -e "$conf_dir/$1" ] + then case "$1" in + # you may place default values for older versions here + # for compatibility + * ) + error_msg 2 "unknown configuration value ($1)" + # empty output + ;; + esac + else echo -n $(cat "$conf_dir/$1") + # this removes the trailing line break + fi + # always return without error + true +} + + +function create_config() +# Parameter: device +{ + local device=$1 + unload_config + # create the new configuration filesystem if it is not static + if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ] + then log_msg "Using static configuration ..." + else log_msg "Creating config filesystem ..." + sudo "$ROOT_PERM_SCRIPT" create_config "$device" + log_msg "Mounting config partition ..." + sudo "$ROOT_PERM_SCRIPT" mount_config "$device" + sudo "$ROOT_PERM_SCRIPT" remount_config rw + fi + log_msg "Copying configuration defaults ..." + cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR" + + log_msg "Copying temporary certificate file to config filesystem ..." + # beware: the temp file should always be there - even after reboot - see "load_config" + [ "$USE_STUNNEL" = 1 ] && cp -p "$CERT_TEMP" "$CERT_FILE" + + log_msg "Setting inital values ..." + # beware: config_set_value remounts the config partition read-only + config_set_value "ip" "$(get_current_ip)" + # create database of readable names + config_set_value "names.db" "" + # create a marker to recognize a cryptobox partition + # this should be the last step, to prevent a half-initialized state + config_set_value "$CONFIG_MARKER" "$(date -I)" +} + + +function get_current_ip() +# not necessarily the same as configured (necessary for validation) +{ + # filter the output of ifconfig and remove trailing line break + echo -n $("$IFCONFIG" "$NET_IFACE" | grep "inet" | cut -d ":" -f2 | cut -d " " -f1) +} + + +function list_partitions_of_type() +# parameter: { config | crypto | plaindata | unused } +{ + local config= + local crypto= + local plaindata= + local unused= + for a in $ALL_PARTITIONS + do if sudo "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a" + then crypto="$crypto /dev/$a" + elif sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a" + then config="$config /dev/$a" + elif sudo "$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a" + then plaindata="$plaindata /dev/$a" + else unused="$unused /dev/$a" + fi + done + case "$1" in + config | crypto | plaindata | unused ) + # dirty hack, but it works + eval "echo \$$1" + ;; + * ) + errot_msg "wrong parameter ($1) for list_partition_types in $(basename $0)" + ;; + esac | tr " " "\n" | grep -v '^$' +} + + +function get_crypto_uuid() +# Parameter: DEVICE +{ + sudo "$ROOT_PERM_SCRIPT" get_device_name "$1" +} + + +function get_crypto_name() +# Parameter: DEVICE +# return the readable name of the crypto container, it it is already defined +# if undefined - return the uuid +{ + local uuid=$(get_crypto_uuid "$1") + local dbname=$(config_get_value "names.db" | grep "^$uuid:" | cut -d ":" -f 2-) + if [ -z "$dbname" ] + then echo -n "$uuid" + else echo -n "$dbname" + fi +} + + +function set_crypto_name() +# TODO: the implementation is quite ugly, but it works (tm) +# Parameter: DEVICE NAME +{ + local uuid=$(get_crypto_uuid "$1") + # remove the old setting for this device and every possible entry with the same name + (config_get_value 'names.db' | sed "/^$uuid:/d; /^[^:]*:$2$/d"; echo "$uuid:$2") | config_set_value 'names.db' +} + + +function does_crypto_name_exist() +# Parameter: NAME +{ + config_get_value 'names.db' | grep -q "^[^:]*:$1$" +} + + +function create_crypto() +# Parameter: DEVICE NAME KEYFILE +# keyfile is necessary, to allow background execution via 'at' +# TODO: check if the keyfile is still necessary for sudo -b +{ + local device=$1 + local name=$2 + local keyfile=$3 + # otherwise the web interface will hang + # passphrase may be passed via command line + local key=$(<"$keyfile") + # remove the passphrase-file as soon as possible + dd if=/dev/zero of="$keyfile" bs=512 count=1 2>/dev/null + rm "$keyfile" + + log_msg "Creating crypto partition with the cipher $DEFAULT_CIPHER on $device" + echo "$key" | sudo "$ROOT_PERM_SCRIPT" create_crypto "$device" + + set_crypto_name "$device" "$name" +} + + +function is_config_active() +{ + test -f "$CONFIG_DIR/$CONFIG_MARKER" +} + + +function is_crypto_mounted() +# Parameter: DEVICE +{ + local name=$(get_crypto_uuid "$1") + [ -n "$name" ] && mountpoint -q "$MNT_PARENT/$name" +} + + +function is_init_running() +{ + check_at_command_queue " init" +} + + +# check if a specified command is in an at-queue +# Parameter: a regular expression of the commandline +# Return: the command is part of an at-queue (0) or not (1) +function check_at_command_queue() +{ + # 1) get the available job numbers + # 2) remove empty lines (especially the last one) + # 3) check every associated command for the regexp + at -l | cut -f 1 | while read jobnum + do at -c $jobnum | sed '/^$/d' | tail -1 + done | grep -q "$1" +} + + +function find_harddisk() +# look for the harddisk to be partitioned +{ + local device=$(get_available_disks | head -1) + if [ -z "$device" ] ; then + log_msg "no valid harddisk for initialisation found!" + cat /proc/partitions >>"$LOG_FILE" + # do not return with an error, to avoid a failing of the script ('break on error') + # the caller of this function should handle an empty return string + fi + echo -n "$device" +} + + +function get_available_disks() +# looks which allowed disks are at the moment connected with the cbox +{ + for scan in $SCAN_DEVICES + do for avail in $ALL_PARTITIONS + do [ "$scan" = "$avail" ] && echo "/dev/$avail" + done + done +} + + +function load_config() +{ + unload_config + local status=0 + # look for a configuration partition + [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \ + list_partitions_of_type config | while read part && [ "$status" = 0 ] + do log_msg "Trying to load configuration from /dev/$part ..." + if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part" + then log_msg "configuraton found on $part" + sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part" + status=1 + fi + done + if is_config_active + then # copy certificate to /tmp in case of re-initialization + # /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d) + [ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP" + else log_msg "failed to locate config partition" + return 1 + fi + true +} + + +function unload_config() +{ + is_config_active || return + # only try to unmount, if it is not static (the config of a live-cd is always dynamic) + if [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] + then sudo "$ROOT_PERM_SCRIPT" umount_config + else true + fi +} + + +function mount_crypto() +# Parameter: DEVICE +{ + local device=$1 + [ -z "$device" ] && error_msg 4 'No valid harddisk found!' && return 1 + is_crypto_mounted "$device" && echo "The crypto filesystem is already active!" && return + # passphrase is read from stdin + log_msg "Mounting a crypto partition from $device" + sudo "$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1 +} + + +function umount_crypto() +# Parameter: DEVICE +{ + local device=$1 + local uuid=$(get_crypto_uuid $device) + sudo "$ROOT_PERM_SCRIPT" umount "$uuid" +} + + +function box_purge() +# removing just the first bytes from the harddisk should be enough +# every harddisk will be overriden! +{ + # TODO: not ALL harddisks, please! + get_available_disks | while read a + do log_msg "Purging $a ..." + sudo "$ROOT_PERM_SCRIPT" trash_device "$a" + done +} + + +function init_cryptobox() +# this is only the first part of initialisation that takes no time - good for a smooth web interface +{ + local device=$(find_harddisk) + [ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1 + turn_off_all_crypto + unload_config || true + log_msg "Partitioning the device ($device) ..." + sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n" + log_msg "Initializing config partition on ${device}1 ..." + # TODO: this should not be hard-coded + create_config "${device}1" +} + + +function turn_off_all_crypto() +{ + list_crypto_containers | while read a + do is_crypto_mounted "$a" && umount_crypto "$a" + done +} + + +### main ### + +# set PATH because thttpd removes /sbin and /usr/sbin for cgis +export PATH=/usr/sbin:/usr/bin:/sbin:/bin + + +ACTION=help +[ $# -gt 0 ] && ACTION=$1 && shift + +case "$ACTION" in + config-up ) + if load_config + then echo "Cryptobox configuration successfully loaded" + else error_msg 0 "Could not find a configuration partition!" + fi + ;; + config-down ) + unload_config || error_msg 4 "Could not unmount configuration partition" + ;; + network-up ) + if [ "$SKIP_NETWORK_CONFIG" != 1 ] + then conf_ip=$(config_get_value "ip") + log_msg "Configuring $NET_IFACE for $conf_ip ..." + echo "Configuring network interface for $NET_IFACE: $conf_ip" + "$IFCONFIG" "$NET_IFACE" "$conf_ip" + fi + if [ "$EXEC_FIREWALL_RULES" = 1 ] + then log_msg "Starting the firewall ..." + "$FIREWALL_SCRIPT" start + fi + if [ "$USE_STUNNEL" = 1 ] + then # start stunnel + if [ -f "$CERT_FILE" ] + then USE_CERT=$CERT_FILE + else USE_CERT=$CERT_TEMP + $MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1 + # TODO: this could be dangerous - right? + # this is necessary, to allow www-data to copy the certificate + chown "$WEB_USER" "$CERT_TEMP" + fi + log_msg "Starting stunnel ..." + stunnel -p "$USE_CERT" -r localhost:80 -d 443 \ + || echo "$USE_CERT not found - not starting stunnel" + fi + ;; + network-down ) + if [ "$EXEC_FIREWALL_RULES" = 1 ] + then log_msg "Stopping the firewall ..." + "$FIREWALL_SCRIPT" stop + fi + if [ "$USE_STUNNEL" = 1 ] + then log_msg "Stopping stunnel ..." + # TODO: what about a pid? + killall stunnel 2>/dev/null || true + fi + if [ "$SKIP_NETWORK_CONFIG" != 1 ] + then log_msg "Shutting the network interface down ..." + "$IFCONFIG" "$NET_IFACE" down + fi + ;; + services-up ) + # the mount point has to be writeable + # this action is called as root - so we are allowed to umount + # TODO: do this only for ro-filesystem + # TODO: this way of mounting is evil + if mountpoint -q "$MNT_PARENT" + then true + else mount -t tmpfs tmpfs "$MNT_PARENT" + fi + true + ;; + services-down ) + # this action is called as root - so we are allowed to umount + mountpoint -q "$MNT_PARENT" && umount "$MNT_PARENT" + # TODO: we should not depend on samba and thttpd + # /etc/init.d/samba stop || true + # /etc/init.d/thttpd stop || true + true + ;; + crypto-up ) + [ $# -ne 1 ] && error_msg "invalid number of parameters for 'crypto-up'" + mount_crypto "$1" + ;; + crypto-down ) + [ $# -ne 1 ] && error_msg "invalid number of parameters for 'crypto-down'" + umount_crypto "$1" + ;; + init ) + init_cryptobox >"$LOG_FILE" 2>&1 + ;; + crypto-create ) + # Parameter: DEVICE NAME + [ $# -ne 2 ] && error_msg "invalid number of parameters for 'crypto-create'" + # do it in the background to provide a smoother web interface + # messages and errors get written to $LOG_FILE + keyfile=/tmp/$(basename "$0")-passphrase-$(basename "$1") + # read the password + cat - >"$keyfile" + # execute it in the background + echo "'$0' crypto-create-bg '$1' '$2' '$keyfile' >'$LOG_FILE' 2>&1" | at now + ;; + crypto-create-bg ) + create_crypto "$@" + ;; + crypto-list ) + list_partitions_of_type crypto + ;; + crypto-list-unused ) + list_partitions_of_type unused + ;; + crypto-name ) + # Parameter: DEVICE + get_crypto_name "$1" + ;; + is_crypto_mounted ) + [ $# -ne 1 ] && error_msg 10 "invalid number of parameters for 'is_crypto_mounted'" + is_crypto_mounted "$1" + ;; + is_config_mounted ) + is_config_active + ;; + is_init_running ) + is_init_running + ;; + is_harddisk_available ) + [ -z "$(find_harddisk)" ] && exit 1 + exit 0 + ;; + update_ip_address ) + # reconfigure the network interface to a new IP address + # wait for 5 seconds to finish present http requests + if [ "$SKIP_NETWORK_CONFIG" != 1 ] + then echo -n "sleep 5; sudo $ROOT_PERM_SCRIPT update_network" | at now + fi + ;; + get_available_disks ) + get_available_disks + ;; + get_current_ip ) + get_current_ip + ;; + set_config ) + [ $# -ne 2 ] && error_msg 7 "'set_config' requires two parameters" + config_set_value "$1" "$2" + ;; + get_config ) + [ $# -ne 1 ] && error_msg 6 "'get_config' requires exactly one parameter" + config_get_value "$1" + ;; + diskinfo ) + get_available_disks | while read a + do sudo "$ROOT_PERM_SCRIPT" diskinfo "$a" + done + ;; + box-purge ) + log_msg "Cleaning the CryptoBox ..." + turn_off_all_crypto + "$0" config-down + box_purge >>"$LOG_FILE" 2>&1 + ;; + poweroff ) + log_msg "Turning off the CryptoBox ..." + turn_off_all_crypto + echo "poweroff" | at now + ;; + reboot ) + log_msg "Rebooting the CryptoBox ..." + turn_off_all_crypto + echo "reboot" | at now + ;; + * ) + echo "Syntax: `basename $0` ACTION [PARAMS]" + echo " config-up - scan for configuration partition and mount it" + echo " config-down - unmount configuration partition" + echo " network-up - enable network interface" + echo " network-down - disable network interface" + echo " services-up - run some cryptobox specific daemons" + echo " services-down - stop some cryptobox specific daemons" + echo " crypto-up - mount crypto partition" + echo " crypto-down - unmount crypto partition" + echo " box-init - initialize cryptobox (ALL data is LOST)" + echo " box-init-fg - the first part of initialization" + echo " box-init-bg - the last part of initialization (background)" + echo " is_crypto_mounted - check, if crypto partition is mounted" + echo " is_config_mounted - check, if configuration partition is mounted" + echo " is_init_running - check, if initialization is ongoing" + echo " is_harddisk_available - check, if there is a usable harddisk" + echo " get_available_disks - shows all connected and allowed disks" + echo " get_current_ip - get the current IP of the network interface" + echo " update_ip_address - update the network interface after reconfiguration" + echo " set_config NAME VALUE - change a configuration setting" + echo " get_config NAME - retrieve a configuration setting" + echo " diskinfo - show the partition table of the harddisk" + echo " box-purge - destroy partitiontable of all harddisks (delete everything)" + echo " poweroff - shutdown the cryptobox" + echo " reboot - reboot the cryptobox" + echo + ;; + esac + +exit 0 + diff --git a/bin/cbox-root-actions.sh b/bin/cbox-root-actions.sh new file mode 100755 index 0000000..0d33271 --- /dev/null +++ b/bin/cbox-root-actions.sh @@ -0,0 +1,330 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id$ +# +# this script is responsible for all dangerous actions, that require root privileges +# every action should be checked at least TWICE a day for open holes :) +# usually will get call via sudo +# +# called by: +# - cbox-manage.sh +# + +set -eu + +[ "$(id -u)" -ne 0 ] && echo "$(basename $0) - only root may call this script" >&2 && exit 100 + +# read the default setting file, if it exists +[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox + +# set CONF_FILE to default value, if not configured in /etc/default/cryptobox +CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} +# parse config file +. "$CONF_FILE" + + +############ some useful functions ############### + +# check if the given device is part of the SCAN_DEVICE list +# every entry in SCAN_DEVICES is matched as "^/dev/${SCAN_DEVICE}[0-9]*$" against +# the given device +# other devices may not be touched +function is_device_allowed() +# parameter: device +{ + for a in $SCAN_DEVICES + do [[ "$1" =~ "^/dev/${a}[0-9]*$" ]] && return 0 + done + return 1 +} + + +function get_device_name() +# return the uuid of the device +# if there is no uuid, then the device name is "flattened" and returned +# ignore volume-id as it may be non-unique +{ + local UUID= + # check for luksUUID or ext2/3-uuid + if is_luks_device "$1" + then UUID=$("$CRYPTSETUP" luksUUID "$1") + else [ -n "$(which dumpe2fs)" ] && UUID=$(dumpe2fs -h "$1" 2>/dev/null | grep "UUID" | cut -d ":" -f 2 | sed "s/ *//g") + fi + # if there is no valid UUUD, then take the flattened device name + is_uuid_valid "$UUID" || UUID=${1//\//_} + echo "$UUID" +} + + +function is_uuid_valid() +# every devmapper name should look like a UUID +{ + local hex=[0-9a-f] + [[ "$1" =~ "^$hex\{8\}-$hex\{4\}-$hex\{4\}-$hex\{4\}-$hex\{12\}$" ]] +} + + +function error_msg() +# parameter ExitCode ErrorMessage +{ + echo "CBOX-ERROR: [$(basename $0) - $ACTION] - $2" >&2 + exit $1 +} + + +function partition_device() +# parameter: device sfdisk_layout_setup +# e.g.: /dev/hda "0,1,L \n,,L\n" +{ + # TODO: allow different layouts + # TODO: skip config partition if a configuration is already active + # sfdisk -n doesn't actually write (for testing purpose) + if echo -e "$2" | "$SFDISK" -n "$1" + then echo -e "$2" | "$SFDISK" "$1" || return 1 + else return 2 + fi + true +} + + +function is_luks_device() +# parameter: device +{ + "$CRYPTSETUP" isLuks "$1" +} + + +################ main #################### + +ACTION=unknown +[ $# -gt 0 ] && ACTION=$1 && shift + + +case "$ACTION" in + partition_disk ) + [ $# -ne 2 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + partition_device "$1" "$2" || \ + error_msg 2 "failed to create new partition table on device $1" + ;; + mount ) + # parameters: device + # returns the relative name of the mointpoint for success + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + name=$(get_device_name "$1") + mountpoint -q "$MNT_PARENT/$name" && \ + error_msg 5 "a device with the same name ($name) is already mounted" + mkdir -p "$MNT_PARENT/$name" + if is_luks_device "$1" + then "$CRYPTSETUP" luksOpen "$1" "$name" || \ + error_msg 6 "could not open encrypted device $1" + if mount "$DEV_MAPPER_DIR/$name" "$MNT_PARENT/$name" + then true + else "$CRYPTSETUP" luksClose "$name" || true + error_msg 7 "wrong password for $1 supplied" + fi + else mount "$1" "$MNT_PARENT/$name" || \ + error_msg 8 "invalid filesystem on device $1" + fi + # just in case, that there is no ext2/3 filesystem: + # set uid option (will fail silently for ext2/3) + mount -o remount,uid="$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true + # adapt top-level permission to current setup - again: may fail silently + chown "$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true + true + ;; + umount ) + #parameter: name (relative mountpoint) + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_uuid_valid "$1" || [[ "$1" =~ "^[_a-z0-9]*$" ]] || \ + error_msg 4 "invalid UUID ($1)" + mountpoint -q "$MNT_PARENT/$1" || \ + error_msg 9 "the device with the UUID ($1) is not mounted" + # try to unmount - continue even on errors + umount "$MNT_PARENT/$1" || \ + error_msg 0 "unmount of device $1 failed - device is busy" + # remove (if necessary) the dev mapping + [ -e "$DEV_MAPPER_DIR/$1" ] && "$CRYPTSETUP" luksClose "$1" || \ + error_msg 11 "could not remove the device mapper for device $1" + # try to remove the mountpoint - a failure is not important + rmdir "$MNT_PARENT/$1" || true + # set exitcode + mountpoint -q "$MNT_PARENT/$1" && exit 1 + exit 0 + ;; + create_crypto ) + # parameter: device + # the passphrase is expected on stdin + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + # read the passphrase from stdin + key=$(cat -) + # the iter-time is in milliseconds - keep it low for fast mounting + echo "$key" | \ + "$CRYPTSETUP" --cipher "$DEFAULT_CIPHER" --iter-time 2000 luksFormat "$1" || \ + error_msg 11 "failed to create the encrypted partition" + name=$(get_device_name "$1") + echo "$key" | "$CRYPTSETUP" luksOpen "$1" "$name" || \ + error_msg 12 "failed to open the encrypted partition" + # silent output from mkfs.ext3 + "$MKFS_DATA" -q "$DEV_MAPPER_DIR/$name" || \ + error_msg 13 "failed to create the encrypted filesystem" + "$CRYPTSETUP" luksClose "$name" || \ + error_msg 14 "failed to close the encrypted mapped device" + ;; + get_device_name ) + # parameter: device + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + get_device_name "$1" + ;; + mount_config ) + # parameter: device + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + [ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \ + error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + mountpoint -q "$CONFIG_DIR" && \ + error_msg 0 "the configuration partition is already mounted" + "$MKFS_CONFIG" -q "$1" || \ + error_msg 20 "failed to create config partition filesystem" + ;; + mount_config ) + # parameter: device + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + [ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \ + error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + mountpoint -q "$CONFIG_DIR" && \ + error_msg 0 "the configuration partition is already mounted" + mount "$1" "$CONFIG_DIR" || \ + error_msg 16 "failed to mount configuration partition" + # chown to fix permissions - may fail for non-ext2/3 filesystems + chown -R "$WEB_USER" "$CONFIG_DIR" || true + mount -o remount,ro "$CONFIG_DIR" || \ + error_msg 18 "failed to remount configuration partition" + true + ;; + remount_config ) + # parameter: { ro | rw } + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + [ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \ + error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)" + [[ "$1" =~ "^r[ow]$" ]] || error_msg 17 "only 'rw' and 'ro' are allowed" + mount -o "remount,$1" "$CONFIG_DIR" || \ + error_msg 18 "failed to remount configuration partition" + true + ;; + umount_config ) + # no parameters + [ $# -ne 0 ] && error_msg 1 "wrong number of parameters" + [ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \ + error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)" + mountpoint -q "$CONFIG_DIR" && umount "$CONFIG_DIR" || \ + error_msg 18 "failed to unmount configuration partition" + ;; + is_config_partition ) + # parameter: device + # returns exitcode 0 if the device contains a configuration + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + [ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \ + error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + is_config=0 + tmp_dir=/tmp/$(basename $0)-$$-mnt + mkdir -p "$tmp_dir" + # error means "no config partition" + if mount "$1" "$CONFIG_DIR" + then [ -e "$CONFIG_DIR/$CONFIG_MARKER" ] && is_config=1 + umount "$CONFIG_DIR" || \ + error_msg 14 "unable to unmount configation partition after probing" + fi + rmdir "$tmp_dir" || true + # return 0 if $device is a config partition + [ "$is_config" -eq 1 ] && exit 0 + exit 1 + ;; + is_crypto_partition ) + # parameter: device + # returns exitcode 0 if the device contains a luks header + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + is_luks_device "$1" + ;; + is_data_partition ) + # parameter: device + # returns exitcode 0 if the device contains a readable filesystem + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + status=0 + tmp_dir=/tmp/$(basename $0)-$$-mnt + mkdir -p "$tmp_dir" + if mount "$1" "$tmp_dir" + then [ ! -e "$tmp_dir/$CONFIG_MARKER" ] && status=1 + umount "$tmp_dir" + fi + rmdir "$tmp_dir" || true + [ "$status" -eq 1 ] && exit 0 + exit 1 + ;; + trash_device ) + # parameter: device + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + dd if=/dev/urandom of="$1" bs=512 count=1 2>/dev/null + ;; + diskinfo ) + # parameter: device + [ $# -ne 1 ] && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + "$SFDISK" -L -q -l "$1" + ;; + update_network ) + # parameter: none + ip= + # TODO: can we avoid to hard-code the filename ($CONFIG_DIR/ip) here? + [ -e "$CONFIG_DIR/ip" ] && ip=$(<"$CONFIG_DIR/ip") + [ -n "$z" ] && ifconfig "$NET_IFACE" "$ip" + ;; + * ) + echo "Syntax: $(basename $0) ACTION PARAMETERS" + echo ' partition_disk $device $disk_layout' + echo ' get_device_name $device' + echo ' create_crypto $device' + echo ' mount $device' + echo ' umount $name' + echo ' create_config $device' + echo ' mount_config $device' + echo ' remount_config { ro | rw }' + echo ' umount_config' + echo ' is_config_partition $device' + echo ' is_plaindata_partition $device' + echo ' is_crypto_partition $device' + echo ' trash_device $device' + echo ' diskinfo $device' + echo ' update_network' + echo ' help' + echo + [ "$ACTION" == "help" ] && exit 0 + # return error for any unknown/unspecified action + exit 1 + ;; + esac + diff --git a/cgi/cryptobox.pl b/bin/cryptobox.pl similarity index 100% rename from cgi/cryptobox.pl rename to bin/cryptobox.pl diff --git a/changelog.gz b/changelog.gz deleted file mode 100644 index 10804c2..0000000 --- a/changelog.gz +++ /dev/null @@ -1 +0,0 @@ -link cbox-tree.d/usr/share/doc/cryptobox/changelog.gz \ No newline at end of file diff --git a/etc/cryptobox/cryptobox.conf b/conf-examples/cryptobox.conf similarity index 100% rename from etc/cryptobox/cryptobox.conf rename to conf-examples/cryptobox.conf diff --git a/etc/default/cryptobox b/conf-examples/defaults-cryptobox.conf similarity index 100% rename from etc/default/cryptobox rename to conf-examples/defaults-cryptobox.conf diff --git a/cover/antlogo-big.jpg b/cover/antlogo-big.jpg deleted file mode 100644 index 986cc51..0000000 Binary files a/cover/antlogo-big.jpg and /dev/null differ diff --git a/cover/antlogo-big.png b/cover/antlogo-big.png deleted file mode 100644 index e716c77..0000000 Binary files a/cover/antlogo-big.png and /dev/null differ diff --git a/cover/antlogo-small.png b/cover/antlogo-small.png deleted file mode 100644 index b9fd8ff..0000000 Binary files a/cover/antlogo-small.png and /dev/null differ diff --git a/cover/cover_de.pdf b/cover/cover_de.pdf deleted file mode 100644 index cc52bca..0000000 --- a/cover/cover_de.pdf +++ /dev/null @@ -1,1048 +0,0 @@ -%PDF-1.4 -% -1 0 obj -<< /Length 2 0 R ->> -stream -0 w -q 0 -0.4 842 595.4 re W* n -q 345.9 0 0 343 73.7 130.2 cm - /Im3 Do Q -q 262.5 0 0 312.7 462.7 145.3 cm - /Im4 Do Q -q 0 0 0 rg -BT -82.3 452.9 Td /F1 12 Tf <44696520> Tj -ET -Q -q 0 0 0 rg -BT -111.1 452.9 Td /F2 12 Tf <43727970746F426F78> Tj -ET -Q -q 0 0 0 rg -BT -175.9 452.9 Td /F1 12 Tf <206973742065696E6520626F6F7466E4686967652043442C20646965> Tj -ET -Q -q 0 0 0 rg -BT -82.3 439.4 Td /F1 12 Tf <6A6564656E20526563686E657220696E2077656E6967656E204D696E7574656E20696E20 -65696E656E> Tj -ET -Q -q 0 0 0 rg -BT -82.3 425.8 Td /F1 12 Tf <7665727363686CFC7373656C6E64656E2044617465697365727665722076657277616E64 -656C742E> Tj -ET -Q -q 0 0 0 rg -BT -82.3 412.3 Td /F1 12 Tf <536F6D6974206B616E6E7374206475206465696E6520507269766174737068E472652065 -6666656B746976> Tj -ET -Q -q 0 0 0 rg -BT -82.3 398.7 Td /F1 12 Tf <766F7220646572204E657567696572646520416E646572657220736368FC747A656E2E> Tj -ET -Q -q 0 0 0 rg -BT -82.3 371.6 Td /F3 12 Tf <496E68616C743A> Tj -ET -Q -q 0 0 0 rg -BT -82.3 358.1 Td /F4 9 Tf <01> Tj -ET -Q -q 0 0 0 rg -BT -96.4 358.1 Td /F1 12 Tf <65696E652044656269616E2D6261736965727465204C696E75782D4C6976654344> Tj -ET -Q -q 0 0 0 rg -BT -82.3 344.5 Td /F4 9 Tf <01> Tj -ET -Q -q 0 0 0 rg -BT -96.4 344.5 Td /F1 12 Tf <65696E206B6F6D666F727461626C6573205765622D496E74657266616365> Tj -ET -Q -q 0 0 0 rg -BT -82.3 331 Td /F4 9 Tf <01> Tj -ET -Q -q 0 0 0 rg -BT -96.4 331 Td /F1 12 Tf <4145532D5665727363686CFC7373656C756E6720283235362042697429> Tj -ET -Q -q 0 0 0 rg -BT -82.3 317.4 Td /F4 9 Tf <01> Tj -ET -Q -q 0 0 0 rg -BT -96.4 317.4 Td /F1 12 Tf <65696E204E75747A657268616E6462756368> Tj -ET -Q -q 0 0 0 rg -BT -82.3 294.2 Td /F5 10 Tf <5B> Tj -6 0 Td <44> Tj -6 0 Td <69> Tj -6 0 Td <65> Tj -6 0 Td <20> Tj -6 0 Td <43> Tj -6 0 Td <72> Tj -6 0 Td <79> Tj -6 0 Td <70> Tj -6 0 Td <74> Tj -6 0 Td <6F> Tj -6 0 Td <42> Tj -6 0 Td <6F> Tj -6 0 Td <78> Tj -6 0 Td <20> Tj -6 0 Td <6C> Tj -5.9 0 Td Tj -6.1 0 Td <73> Tj -6 0 Td <73> Tj -6 0 Td <74> Tj -6 0 Td <20> Tj -6 0 Td <73> Tj -6 0 Td <69> Tj -6 0 Td <63> Tj -6 0 Td <68> Tj -6 0 Td <20> Tj -6 0 Td <7A> Tj -6 0 Td <75> Tj -6 0 Td <73> Tj -6 0 Td <61> Tj -6 0 Td <6D> Tj -6 0 Td <6D> Tj -6 0 Td <65> Tj -5.9 0 Td <6E> Tj -6.1 0 Td <20> Tj -6 0 Td <6D> Tj -6 0 Td <69> Tj -6 0 Td <74> Tj -6 0 Td <20> Tj -6 0 Td <6A> Tj -6 0 Td <65> Tj -6 0 Td <64> Tj -6 0 Td <65> Tj -6 0 Td <6D> Tj -6 0 Td <20> Tj -6 0 Td <57> Tj -6 0 Td <69> Tj -6 0 Td <6E> Tj -6 0 Td <64> Tj -5.9 0 Td <6F> Tj -6.1 0 Td <77> Tj -6 0 Td <73> Tj -6 0 Td <2D> Tj -6 0 Td <2C> Tj -ET -Q -q 0 0 0 rg -BT -82.3 282.9 Td /F5 10 Tf <4D> Tj -6 0 Td <61> Tj -6 0 Td <63> Tj -6 0 Td <2D> Tj -6 0 Td <20> Tj -6 0 Td <6F> Tj -6 0 Td <64> Tj -6 0 Td <65> Tj -6 0 Td <72> Tj -6 0 Td <20> Tj -6 0 Td <2A> Tj -6 0 Td <6E> Tj -6 0 Td <69> Tj -6 0 Td <78> Tj -6 0 Td <2D> Tj -6 0 Td <52> Tj -5.9 0 Td <65> Tj -6.1 0 Td <63> Tj -6 0 Td <68> Tj -6 0 Td <6E> Tj -6 0 Td <65> Tj -6 0 Td <72> Tj -6 0 Td <20> Tj -6 0 Td <76> Tj -6 0 Td <65> Tj -6 0 Td <72> Tj -6 0 Td <77> Tj -6 0 Td <65> Tj -6 0 Td <6E> Tj -6 0 Td <64> Tj -6 0 Td <65> Tj -6 0 Td <6E> Tj -6 0 Td <20> Tj -6 0 Td <75> Tj -6 0 Td <6E> Tj -6 0 Td <64> Tj -6 0 Td <20> Tj -6 0 Td <65> Tj -6 0 Td <72> Tj -6 0 Td <66> Tj -6 0 Td <6F> Tj -6 0 Td <72> Tj -6 0 Td <64> Tj -6 0 Td <65> Tj -6 0 Td <72> Tj -6 0 Td <74> Tj -ET -Q -q 0 0 0 rg -BT -82.3 271.6 Td /F5 10 Tf <6B> Tj -6 0 Td <65> Tj -6 0 Td <69> Tj -6 0 Td <6E> Tj -6 0 Td <65> Tj -6 0 Td <72> Tj -6 0 Td <6C> Tj -6 0 Td <65> Tj -6 0 Td <69> Tj -6 0 Td <20> Tj -6 0 Td <74> Tj -6 0 Td <65> Tj -6 0 Td <63> Tj -6 0 Td <68> Tj -6 0 Td <6E> Tj -6 0 Td <69> Tj -5.9 0 Td <73> Tj -6.1 0 Td <63> Tj -6 0 Td <68> Tj -6 0 Td <65> Tj -6 0 Td <73> Tj -6 0 Td <20> Tj -6 0 Td <57> Tj -6 0 Td <69> Tj -6 0 Td <73> Tj -6 0 Td <73> Tj -6 0 Td <65> Tj -6 0 Td <6E> Tj -6 0 Td <2E> Tj -6 0 Td <5D> Tj -ET -Q -q 0 0 0 rg -BT -82.3 245.8 Td /F1 11 Tf <44> Tj -6.6 0 Td <75> Tj -6.6 0 Td <20> Tj -6.6 0 Td <6B> Tj -6.6 0 Td <61> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <73> Tj -6.6 0 Td <74> Tj -6.6 0 Td <20> Tj -6.6 0 Td <6D> Tj -6.6 0 Td <69> Tj -6.6 0 Td <74> Tj -6.6 0 Td <20> Tj -6.6 0 Td <64> Tj -6.6 0 Td <69> Tj -6.6 0 Td <65> Tj -6.5 0 Td <73> Tj -6.6 0 Td <65> Tj -6.6 0 Td <72> Tj -6.7 0 Td <20> Tj -6.6 0 Td <4C> Tj -6.6 0 Td <69> Tj -6.6 0 Td <76> Tj -6.6 0 Td <65> Tj -6.6 0 Td <2D> Tj -6.6 0 Td <43> Tj -6.6 0 Td <44> Tj -6.6 0 Td <20> Tj -6.6 0 Td <66> Tj -6.6 0 Td <61> Tj -6.6 0 Td <73> Tj -6.6 0 Td <74> Tj -6.6 0 Td <20> Tj -6.6 0 Td <61> Tj -6.6 0 Td <6C> Tj -6.6 0 Td <6C> Tj -6.6 0 Td <65> Tj -6.6 0 Td <73> Tj -6.6 0 Td <20> Tj -6.6 0 Td <6D> Tj -6.6 0 Td <61> Tj -6.6 0 Td <63> Tj -6.6 0 Td <68> Tj -6.6 0 Td <65> Tj -6.6 0 Td <6E> Tj -ET -Q -q 0 0 0 rg -BT -82.3 233.2 Td /F1 11 Tf <28> Tj -6.6 0 Td <69> Tj -6.5 0 Td <6E> Tj -6.6 0 Td <73> Tj -6.6 0 Td <62> Tj -6.6 0 Td <65> Tj -6.6 0 Td <73> Tj -6.6 0 Td <6F> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <64> Tj -6.6 0 Td <65> Tj -6.6 0 Td <72> Tj -6.6 0 Td <65> Tj -6.6 0 Td <3A> Tj -6.7 0 Td <20> Tj -6.6 0 Td <20> Tj -6.6 0 Td <6B> Tj -6.5 0 Td <6F> Tj -6.6 0 Td <70> Tj -6.6 0 Td <69> Tj -6.6 0 Td <65> Tj -6.6 0 Td <72> Tj -6.6 0 Td <65> Tj -6.6 0 Td <6E> Tj -6.7 0 Td <20> Tj -6.6 0 Td <75> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <64> Tj -6.6 0 Td <20> Tj -6.6 0 Td <77> Tj -6.6 0 Td <65> Tj -6.6 0 Td <69> Tj -6.6 0 Td <74> Tj -6.6 0 Td <65> Tj -6.5 0 Td <72> Tj -6.6 0 Td <67> Tj -6.6 0 Td <65> Tj -6.6 0 Td <62> Tj -6.6 0 Td <65> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <29> Tj -6.6 0 Td <2C> Tj -ET -Q -q 0 0 0 rg -BT -82.3 220.6 Td /F1 11 Tf <73> Tj -6.6 0 Td <6F> Tj -6.5 0 Td <6C> Tj -6.6 0 Td <61> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <67> Tj -6.6 0 Td <65> Tj -6.7 0 Td <20> Tj -6.6 0 Td <64> Tj -6.6 0 Td <75> Tj -6.6 0 Td <20> Tj -6.6 0 Td <73> Tj -6.6 0 Td <69> Tj -6.6 0 Td <65> Tj -6.6 0 Td <20> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <69> Tj -6.5 0 Td <63> Tj -6.6 0 Td <68> Tj -6.6 0 Td <74> Tj -6.6 0 Td <2D> Tj -6.7 0 Td <70> Tj -6.6 0 Td <72> Tj -6.6 0 Td <6F> Tj -6.6 0 Td <66> Tj -6.6 0 Td <69> Tj -6.6 0 Td <74> Tj -6.6 0 Td <6F> Tj -6.6 0 Td <72> Tj -6.6 0 Td <69> Tj -6.6 0 Td <65> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <74> Tj -6.6 0 Td <69> Tj -6.5 0 Td <65> Tj -6.6 0 Td <72> Tj -6.6 0 Td <74> Tj -6.7 0 Td <20> Tj -6.6 0 Td <76> Tj -6.6 0 Td <65> Tj -6.6 0 Td <72> Tj -6.6 0 Td <77> Tj -6.6 0 Td <65> Tj -6.6 0 Td <6E> Tj -6.6 0 Td <64> Tj -6.6 0 Td <65> Tj -6.6 0 Td <73> Tj -6.6 0 Td <74> Tj -6.6 0 Td <2E> Tj -ET -Q -q 0 0 0 rg -BT -82.3 194.7 Td /F1 12 Tf <56657273696F6E3A20302E32> Tj -ET -Q -q 0 0 0 rg -BT -82.3 167.6 Td /F1 12 Tf <486F6D65706167653A20687474703A2F2F63727970746F626F782E6F7267> Tj -ET -Q -q 0 0 0 rg -BT -82.3 143 Td /F1 9 Tf <65727374656C6C7420766F6E20> Tj -ET -Q -q 0 0 0 rg -BT -152.5 143 Td /F5 9 Tf <73656E73652E6C6162> Tj -ET -Q -q 0 0 0 rg -BT -201.1 143 Td /F1 9 Tf <20962068747470733A2F2F73797374656D61757366616C6C2E6F7267> Tj -ET -Q -0 0 0 rg -73.7 130.1 0.1 343 re f* -73.7 473 694.5 0.1 re f* -73.7 130.1 694.5 0.1 re f* -768.2 130.1 0.1 343 re f* -Q endstream -endobj - -2 0 obj - 6996 -endobj - -3 0 obj -<< /Type /XObject - /Subtype /Image - /Width 1024 - /Height 768 - /BitsPerComponent 8 - /Length 5 0 R - /Filter /FlateDecode - /ColorSpace [ /Indexed /DeviceRGB 255 < -000000 010101 020202 030303 040404 050505 060606 070707 -080808 090909 0A0A0A 0B0B0B 0C0C0C 0D0D0D 0E0E0E 0F0F0F -101010 111111 121212 131313 141414 151515 161616 171717 -181818 191919 1A1A1A 1B1B1B 1C1C1C 1D1D1D 1E1E1E 1F1F1F -202020 212121 222222 232323 242424 252525 262626 272727 -282828 292929 2A2A2A 2B2B2B 2C2C2C 2D2D2D 2E2E2E 2F2F2F -303030 313131 323232 333333 343434 353535 363636 373737 -383838 393939 3A3A3A 3B3B3B 3C3C3C 3D3D3D 3E3E3E 3F3F3F -404040 414141 424242 434343 444444 454545 464646 474747 -484848 494949 4A4A4A 4B4B4B 4C4C4C 4D4D4D 4E4E4E 4F4F4F -505050 515151 525252 535353 545454 555555 565656 575757 -585858 595959 5A5A5A 5B5B5B 5C5C5C 5D5D5D 5E5E5E 5F5F5F -606060 616161 626262 636363 646464 656565 666666 676767 -686868 696969 6A6A6A 6B6B6B 6C6C6C 6D6D6D 6E6E6E 6F6F6F -707070 717171 727272 737373 747474 757575 767676 777777 -787878 797979 7A7A7A 7B7B7B 7C7C7C 7D7D7D 7E7E7E 7F7F7F -808080 818181 828282 838383 848484 858585 868686 878787 -888888 898989 8A8A8A 8B8B8B 8C8C8C 8D8D8D 8E8E8E 8F8F8F -909090 919191 929292 939393 949494 959595 969696 979797 -989898 999999 9A9A9A 9B9B9B 9C9C9C 9D9D9D 9E9E9E 9F9F9F -A0A0A0 A1A1A1 A2A2A2 A3A3A3 A4A4A4 A5A5A5 A6A6A6 A7A7A7 -A8A8A8 A9A9A9 AAAAAA ABABAB ACACAC ADADAD AEAEAE AFAFAF -B0B0B0 B1B1B1 B2B2B2 B3B3B3 B4B4B4 B5B5B5 B6B6B6 B7B7B7 -B8B8B8 B9B9B9 BABABA BBBBBB BCBCBC BDBDBD BEBEBE BFBFBF -C0C0C0 C1C1C1 C2C2C2 C3C3C3 C4C4C4 C5C5C5 C6C6C6 C7C7C7 -C8C8C8 C9C9C9 CACACA CBCBCB CCCCCC CDCDCD CECECE CFCFCF -D0D0D0 D1D1D1 D2D2D2 D3D3D3 D4D4D4 D5D5D5 D6D6D6 D7D7D7 -D8D8D8 D9D9D9 DADADA DBDBDB DCDCDC DDDDDD DEDEDE DFDFDF -E0E0E0 E1E1E1 E2E2E2 E3E3E3 E4E4E4 E5E5E5 E6E6E6 E7E7E7 -E8E8E8 E9E9E9 EAEAEA EBEBEB ECECEC EDEDED EEEEEE EFEFEF -F0F0F0 F1F1F1 F2F2F2 F3F3F3 F4F4F4 F5F5F5 F6F6F6 F7F7F7 -F8F8F8 F9F9F9 FAFAFA FBFBFB FCFCFC FDFDFD FEFEFE FFFFFF -> ] ->> -stream -x̽{9k73==NjyYEDщt@"&dfQԢKF\^SZm'ykZjmuUZOt:vl4+J9iһR 5w F6L(njcO-~ -o`77;";w0HyJ 5m$` poۏ -{b6J;K/ՀF^qOoJQ[ïzmRԦHK>a)Lgh?ORRAH Ed" }TU^KTMe>*HmǬM&çzPo=# ~FOv{zèk],G^bF_a~D0/q-*"k=0=@U]D @2OhR 5lZ@Dn1x v?7i7䅟z%6hfA$У0ED]? ~|]zKF+Ea}lcP~CNpIWS.Q۟tS/{Ccu#CϥhM|zO)_+&C; -CUPrQ)FLƻ@;=ܢ~R"0{i`ϣI**pf!]~<Π G~?z;:k* (/MʿpB5jhNz9Vv~ OOHjN0x߁|7p@#'^N&< -1Xa_։o2EiS쇂?>$3~%O?X??>1UO T?qD~m4wv@1 -*h(wT]zoF?}qgl. pџ+~v$;oszs"*o YP?\%jugD㎐`5QŦ?1t?/VQP+@/v !g/%mfR 0an(Nn-\e0}}!.UPJbS' ~]@I ۳< h bhxM^M"ݷnE?ľ`IP'0^U!?/F3~u{̟Jv3id`t=QC}ohښ -RDho"#X5<;y8v@A{yv5'iYU@PD62*~:{O4'W.;Vv?'ӟos2៾~G`Dvb6}w:QVH:`_@@ie'_c?]nXӛ[b^pw7aEӛF.O&N}fzQ'ui'qZ`"cހ?i3<3يFDhl5@Kl'1N  !a#"sO;U_ 1Fo7#;y+P|8'l]D{|,{`opgCG -`|G(.+¼_> }__w~h9?RO } }C |˽Jv;f=3Qi?ϋ~Lw_wO#Uʽ- } #!QzW8"%h(އ@zFpYt>}ۖ JZlq?b 3ljvMthGE -L?9fvh^.<LyA`4:ʕ|!u{ J6۳-A Ϫ6 'Sg2fD)PD=M T p% -?߲~++,G!|G"z-8rO|n1S9dg*B嫸%:LCяpD=!}go_, ^Q(hΒFO dϙ\ _7<ѮQRu. @g1~gFJ߉?y/;NNzC Ɂ{'X6AM?O & -M ր Pt 9^WowC6/wvD gps,Qli;zY2@'Wa]zETm]lC/K -/PPc?`쎓 POFan\m&&ۀNP3|?~cM.ߝiȿvU^9t%I&}h { |y@{?ӴÌx,bF !Of\hp$CVʌ P??g&b?e\8")?#wS -6luboWLQ8WZr0.XbݜLxf|s@Vy n=DZ\q?rٔr )kq@̇^C9;5/W"߮)@io1Vܺ83o<,7n /VW׶=Co; u OƟ^tOϭwƻx>[B?F^ mΦYk?sUxw)@(>rr2nGC7?f(~y3oOˏfV!?4^!)7+`܏m)v:1E SbĿuYm2Y{yY#养$O߸>?c!}}b*5`?=_ [;,ɃsXL>@nWӏWzƫE?B3}lN04@A/~}`Op -+Gf /\;NMO{&~7$)0 -iZBC_5ð\}K%H -3FW@%zKO?)ޜ:{ʰ=gCw*g͎y$:࠶z ?T@0L ?< f9 pģ?4Bpm0 @@>/`#5u.T!(@F}סN|D§Ƌ՟~=Y)c=#~ߦ.}gWYr'7W^wF."SPL9GsA?|A|/E*?19l)/,n omvh$w<gWO2'P5G`l}a ZM1R]wO!`P4ځ3OY>䫈_B}:P~[ɡG -@yS(H7(MahсNQd݉}ɥ}#Bi]5_B_E.< vY>:T!F? t<jg߼DZ Ƕ=*`j١?;+}kO͙ 85apOo=eH,&o^AzecI7ܪ~}V螘Ŀ-5*}1 t0~IO߅/z4sRU( -'SM=w7~_LWAޠ .Ɏ,y5$@W|Ngg߹5e tqzo4 , YНejP鍫ۚS;8^Ea!71C(^n*1FCO޺c^`F-e@$TC2#O,0=6?rK*K>,FП>jV0~ډʓ.(ݳ'7o ;|n Go^䪦Ul` " `RuW V__W|/>l=Φܥ"6}`߯ 9k<%z$-0% -K\7A+f ?%>RD!jWM}6P} |L~_ysx&ICpןȞe6L^"ɓEm8> 4Jna܆࿏[TYߘjnv5w b$~K,O^C!vK}%zԀsp}*!Ϙ+uGX/ pjCN%6"D ^. h;t@Q'F?<R`G͉|Q0~@2,v 4q~ `-@tn|% -0Mx4O -ީYfgc4@[C~~ -9G"x{"tNi["Xڏxg_c7d}-f.\״ ͼ?<f=~3!wg}`A9 NCZv2>::<8v;mc&xR C08GRa<]?~~ }Q*?Spt}jf5 H7?8$Q?Nƣ^ըV;坝rRUZ%{z5NON1n9hh5AGX Ϳ/C>L `,ANi̞hPZ߭NP _XswoNq -~锁_lGԗku/j*sۃ(RKcL hQ5/-" 1:/yy swkGL1Bdgߖ -':Ӡb -` <PLv)?~6اͤQ9 ߻Hw ؽ& -/Q>jJZ(ޯT~VKHu?o&ct8 - H@ fB_?] -?d x4!$ bz~"LvZs@]0 ?<HI;A~3m -~C_J&_,.DP5`;vjO"@B>)1oW"kg MSO/3 p@8:> - ~|[_Ck |ߢ?HOTq={uP&5}{I).|LT%)Vjy6A u*۰ѯm۟*"jSmM|mQœ_TxWɡo6ӿ\nK0.:Q?@ -bXZ Rhc0H'mg_3,)e0l·DHl7-?޳[*Ti}0Z.;qfW8'>ЇS;d:5c5WMݹG*dH-\O -`-͏NRi ?xy3vw?앁4Dw`Xact] հ_a=M|zPOAg ,=M" X!@Fq!OjV)Sާ E@ug)_' -L0LD"ߣHp:"IAdq?+n kh2̫gUG' ?3 #:Ѐvcr}%کh s[?>q__?e6@fߋ=`duga⟑z {hZfe}mD1@ÿS   !1Ak{ ;4@eN;} ˸N;~ ~9woSH~`N|\ FqZ>)o:Ӯmc;,jru ~\( -G.Ob-}SeW% ?7`@~gX@'Ȉ z)3~kRPTZj0T> -P<y@POoqgx3Wui܏?M K0~~o<,fb?Ҵ=EU~νjjel@ P**m8} s~ -~+~i͘ÿmHy[Y~}? |q\T$Y/}nj:eEdiIwpaw3$*1+nڗ(ÿP:| D wGT&Jpd=nO*ƪšB$Ȥ?l>[qB-Q+Hς0ЧZqh? @mJRfbjʺvըUk?ށ -p V?D%K֯InB }}g~k6Lok-:ڹ7+VϰI9SA%K2S`6 -pzcVR쳳1߻C)u` -m=0ɰЯ HJ?{2iq77c{]} Y_h>MĿ(هdz\{S"Xm0kOi.Z>+CUAB,v>|xJcK^4JrV1{SO`]>t?Tg<Δh[:5T=d#*`u(?_o 8e|=nGjy ?L>s] :@mml_+ -6":z9~~h8:<,j6Ӽߦ?t { >,ا;`A{8r٬砟4ƿ~3WWVp\駃K -?Ob𔊾=47!v_W\Gҁ&/r\1 T@{,?0@_-AoD^|ct=(/əiO]_V.oh3Uя?~ZC7_p'hoBBOb ~l'Dl! Эh@ydрrAm=Ҷ]'zLP^c󵲒П/fjk,& ~c;@tRT`{|rvgDtt9C@PT0@~>h9\?}~˨-.WrsNebֆIO~HpP Ѯ([?uvF?=F D> _\!FGӞ?_`~nW:TD,#X?POV}.>a-Tbo f?vrv]΍>,V@QB (-ʿ' tЏodIAA~AM zx?7s(rPw0񿴺ӌ@bgMQ][ڸ `1hi_%t񷗩(@hdΟ" -g}q -A?_nnay}lblO?Z{_1ph >@K8?K`$C>m[2~ZO&aF~O!q͈(ت4㢛B~ׇ`ҩ%`ޟ㿣x?dSL%>+pctvr8;z\ݻ*A?G͇嵍F3BflxSZ}{Ͽ-d]@K` %[~!u2lٷ+xoG95Ѫ\ʵS  Kk[;MYwkI7GK,G='xiWJsfX -'u?R߱/8 p4] }d3[?Ib?9uk՝rd|˞zM*@ @WK;5m2qӬl.>\&NJ,pڶO?51=tʟs?Vu/ w}.OO&^Sf95.$.t`@">},X]+fl9t)|!쳺_ M')r3 h~~#a$97[ usv~g#?GVީTZz8wM\*~qťHv*Ն{zl0o(y۵jesyN5̿RT w T״0U_>j$>@w"^r}fK{~s֋XV|LQ]>9תW+[+so_xn@8 Ƈ=/tڝ}yr{?]JOEbLhe՚d(@ J@ T,pYZ0RVo1LQVk~^=v}>;"I;z4ճwlf`"W~Y># Ϫ2ShЁ?-සv_*zbw;X~zJQ :`Znr(\/==ol'O|ԁL,1^>w[Fu{cuyÛ?FS5.N~$/X3x}>|7ξE?Y@>i7}TK?Dj7,Xvl6!< -(Nv<5nF6֖޽|E (oJm~~?N?2O~~7$=fFϱ?R>OY̯pߐ;& /u lEۋo߳ -NlER)E@Bǒ_凿$ py4 }O3IggF>~Ƨ~U+!< 1ovQ `euu @iƖțy&,N˂~G*vQ) ?}$#0?߉w%)29cO'$ma֯;= YЏ3Bdtc~YIО,h@ߘQeq v&! Ur_ܷ2=6Y)mn_ώ:7n9?fXۿ{?S{#Rɮ~~P'^}jI@^&WQū(0gD)|K&fÚ+}^ӪWŹo^_Y!*hE+| ]#Gi͒ ՝UWORO0uK %Ul = Uv艄>?Z*n; ߼|?3OD+T?34Mm(6oџ9UtZQFOjB'on<{ `m]@Zcc)i36~vUJ,f=z(ȳ!jeY/T|]O@-]~yǶ龘C` -=}յߞ@,bpsk4-^ꛃfI4֋-~ϔk<4i9Uׂ~ 1fC7fAc{ɥ7@wI~N7,_> 6 -Z|m\)E?Й)y-6ф@kzbj+ -~?WaNƽvG}\ -P^}2 ŧ,oE]`"b%(ۿQ-_9tǿoL4Ar~1ώ>>TU}vroL;v}7 $ -PkFp4a@0!@tv|רߏ#xjb*[]ܨ ~^'bH1}_VWOC6߾8Ax/~o@w~]o$?8zk|wy`)?rB9ry #7W#Gӏl/g޴_{\Gk?;6cB0{; eφĨ<1Mfs.w.<4C(;4ږTIOUg}e0"~?}?■^"C@g ~ʾNVj?N~5$$^;DI 7Otg[co,'a@=Edžw(UY1;+DK.ܵ{ #} ~Ny?#+ۿ|W:g>~k+YsޏH_dg$ ؛*| ,[ -ym<\5=#,`9`}'lMPiIf݊}/Ie)kq/釿zaSI"Lfo8?~}Kߚ 44' |F?``/gzt?}8ϛѬW1n_CXVm8h$[YlV$~,̟?sP릓~:^7ldط!csfD a_Do~ʅ`hګTwR~Fm _?G\O_|pX]SR*k8@^6/s~ o+o&2ؿBgVe>rC!>ٗ  W?wO7z(3/ށnn+ϙQ ^rP$ E${HEK_p_п(bW/": d-HͿEA- a#c /N~ݪ9} 33[3s<xQ{+!Bx,b$ $ ܆\ϫ~kkC_K~~VoD'K^XH/G#?~Yv/$cjD&#{je1|cb֟ϺgkV˥8<`\6_ - $ཐx^0O" D@D|ㇹq"&A?  O`hyqYooNeX=3}ь?#Xt?t}N_;4jk,\_N|:xx@$ Ma;mmX= ߅sO2W8A- ?Ϡg]]G~VO%)^I~ zF~.6G~^'W|-dRL-ƸڪEa޾}%_~\ß+98U&- "(_=>7ے>.M*ž 44 F!k~J>T죲_8^ݲ V٬ت}f}T@b|ūr\F0"zqi@mee9&)L ~?ޔwOًQ4dw ̆N~B?#.柅~^؄-U -]u~MlH9[.I}n3]O_e`F(`TZxLh23`.De-n`W/dޕ{'lbG=u& ?h׹7J\˪kD) 1~g}8|_8n)6חFV-N/Nvu>m^mYKb_+ĕ̩oD_JOW"# a@ޟ X4ոO>?_t(tM)&:7}?_} 6KL_X[0S ^v -z%Ӂqc9 ^Fwc-ϳ?Qp.*BCbOV IPgtul>b*myA݊|ܞ $ E0nU_*ZTcxiWZ}D> (\?>R ? q -*wpm_ W?e]V׳$gi{$ԟalwQP '|1贶~oضA|-M}o*2Ԁbߡ?:7B`bT'Z -q_QJ`yr~Zo?s&{,gގ'*py~?6[^?ůFo{~~a}C/?W@m9/"H[&Mu1xگ'>v -03࿭ﳳx]?goG˷D" -pROS˯iRRNϤT +m`W.A@`0Ǫ,TS{H~ZqU M?޳1`^3~1^MLk|*c/o -oC d,h Ɵ:G_v=l߽Wew~ݧp=Ƨ$!q$ۘbj}UGj )>UoV -@p(ɿ%)2 m~V)@??}Ow2aWW~vso o~5"8P@"'W-#Zx_/ߛb})}܂%+ݹkgOa'{ E:LRTea?W[G[>kI?˽vpdC(D"K2?~ -%0~U*t?E<6PWc~rGk++KKso_4e ZZ=C$F+ë=%NP?Y >$0.e.u?0oZcZ9oŇĆ[ _?Jw 9@$ܭd4I=#uG/wRcO[ټxF;$ iOr+z)!pzR4ޟl'6?뇯.M!Նr ?9=e?iрZ. PCTO;S1 'nM#xI'>:>7c4_-}?.mK'mν8} i xҨ7"E0}ӳo(U x>.go/'%32Y'q-Og;Qg3~ȟW~ľ,'U56,mn?2vƻ/gpǾ+\M/):po-84+P4˿}Mf?2˟??; zխd~ -ɛSokBCt>v 7?1Իuڱ@WM nE#gtC\W׀chbG7A[?-) CRO:<bT#D"KWYe-S  рm}< ?E? fAoO~܏߲`7*2?8jscqԩN~}VxE;#t@઩Mh@ğjw.4wOs#-bۮl&>3ϓ#!:ާw8[uھ_5j}派-$_6֫G|"$ $`i0=ҺVR -Y\fo͎&bй]hگЏ ,'x8n~~V:??jKOIsi/KӘ?A?:aH5odR}ݞ~Ϭo:]j6:o]bcx_uMݔGZ}+9(?30wל`%wȏ$z̷OU|b_to$2'pozlSkO_ZΖN#ff\xzpx()dO,+VE, g8ߒ{we|d-9ƷVkTy1Fg\:/gFY4gfixM3R0S7_(> p}xW&m9m}u}o|yqn:No/Nֹ@zYthm*WR&~>gxJQ}G}); -Fd8.}^>(?pUá8#ajc,H Wj^?lp5yTWuz@%JZ)jq8k蟙~2X_*e~ ?~=V'גRos{ߟ_2_ -q^|R?XmZ2]mZW,=oHY~N+q?(\}~U}y}rBZӛ(|#D1@8p5]0H 4K)}\ME @|#&_Cc?3I'wċy@VĘ_a-a%Z?=_ǛYEM0|R=T7M &?}V듳|Q3iz_CoۣS+GfoyL5Nw |>옽?So8%_ΦXŇp_akgsؾO1Gb~} sدTx(a;x?_vs^!Ѐwzh1V??Ip,7$gӗu5kh?p 'S"t~>CͥO(#M͈?m *@hெ=Psz7y}[e^?G\\~`-3L>4szY`'xĿm^^?~t[D}*H Ha%^q*N"ѯS&;}~]5adϯ>˹R :%kw*\y4}z?k=4O3ҟw -G2}xM=|ò~/ b{uC|kV#鳲άa_^(H?濈})l}E9d=YP5Ng?+7Ovm׀5NjDJ8 qcr|\kľnPU E?oS~st1G6XwS;Qrߤ_뗯_Qm{^d`!a*@H BrB??HIo\)Q?>ۺCNs5F̯?H6HdϦ'xWK9?V^wց#? I -_[؆w+kxNߏf?zoVIdž,II_?WլNhO ?# -P׆!fW6|9<Џ7 [rx3s?X3&`?ճH&+ Nsn0' M5/;7z:<07@*|M.+FϋWfz Oߛ|`r! ֎??ݚ[?o-)+s{ֵ}zUߨqO gs1PK_YzSgx5Wf?2hp=2@U ->G?~B#LŘcEXMmOOl+3{!x~~c_>߼cT9&vo >1l[˹rPx<^ -3B r[H +2@OcNDSpO~}kھocr%g_~Dۼc}2<8=zW̟{aAz?k/?l7gx8V@}-IY@ʘ'ҟ+W6 7qxҖïjx>Ce~(OYKʍ{*1ڰ@y[0Vz~V_-}{ȍ6Z]J?d_L %rx܊@40x'Q?,rԓ7דo?׮7[h/Չ+?.)x{_z<7ٶGPR+ύʿ;#%|F.|E?KehY/ݬJkQb=9fwd;dm`8BZw ?0}\ȧQدYk{+y26E -z~$O.?4/ڟ~΋wn6!?Q>9T`fτ~Xf}Ĺ/4w*Wumә {/f.R jL_ܣ,߯֌^>߶Nc~ا /̯3ߏ+?ȿp##O{Yݎ@&w@f PM8 A祟+l'mo|S-ltm{tЫ}uޘF3b_m'zϏ ?`z`u<^ 1~ -\D@ό?(ᇹOϪ򘞘PJ:igo_Wu+gqIt<'=Se/]F, -p H_7 Z;a}F:E+PUs^pըXc/y࿾I3;=~."ׯ-:3l@\UH ÿ9q;?8_(հ͑{W[V =/ } >'>/IKU}[l?/l#/) 3s{w{BOVc*P@,`Y?+36Sa =ځS}}=٭oU}6Ʒ;;Mj1p{soT\'ϗ[:gVmdpa*Gv,9'd%+,@|ܼCk|^}kǮ*27b¾)*d+ *# ꯝS|L {5Wnwn_H(^bOLWsD#3۾?H|l_͟2c9Plߜ̯;^P[ެf /=qZ}z<d~ 2ڀm_?g?Ԕ_s?Ǧg6$omy|w7h?@4PZil}R)$x ],o[^:IݫoS)'e~}S/c?^Ux$~ }rG\Og#ɿW! Pp,n> 5~^}V(WsK*PW⍋}d~‡%.Z߇cKNpB_+g/gw: d @8*{R{)O!B'zniCg}> S7|ߜ׷?ZA3 F<[~>֯앶>~~Kx6o[A@6c[lmSN_ m5Qj/o1 E_>3{Z_2Y?R4}MUWV~=_"/lM~+^m]tPÿI{umsu୼ŷ4_f@ bqΗ"P\J럄. /n"YMge6o~=o3e?ח$e~o"(l&k7+/WB~}toWτ~Q/T + -d';O `v6k2c<6=2_lׇٓ|?b/9=OK -d7_[,dVs/`WoGro֞=Jo '?oSU -ȏJ7ieN_8X~m3]dViʼqѯ{%zOp]O_}k;;݉ZuuXB`Aщ2/Qcl7t߉M6 ^щ -ZPQTH@lSYf?n"Xdǁ*#gkס<tA pK ?N.GƏnvԫ->lMxG1Xib3#9(7sfne#Iov6sqz_}|+ }}B+kG<\_^q>1`3 ]Ms燣_/T g [g`w|"p;lJzf_'5 ƯkMv2WWJ}Xe9iqq~uyk]( m'~[Y{ lwߑAF `t ZOk5D:Ȇ~Fy<֞=؆]Jau%bϳ1 c{>O:JG*- :Ep|g2@ЀHhTעUP>+iw;K ܫKk nyK><.uoط7BDfGvx̧GULXσwo<>\f)1׿}:kvkN;[̛ۅMV¼o] -GwF8$RUJo?5NJ?Ⓧ(kЯ_>νb%?~#W0 D4@kql6&!ן f\eg{k+xYR2MwMu?$gDݾwT8` KQ@$ ͅAm%ԫ[;痶;]GW,`KBf/44}3_¨Zz#,W` ?n>>" --mu_; Mym~__g\~|6zzg3&)k@3k;g->1v_;~BQ[\^]]RzF]Y}Fdvڝ]Y%wN=?_]_p/ ?nj(%?-2v&38S/]Z[x; *旘pc_\?^/+}fdߣ;bE7B=>IW?20g}m6(Un?[lVu2U7mXݻ )<"W7*}+Kq?ayriE1alۻ))pxvumy?rod}&OF<{aoi#gܠ>A\ȳ=}DcrƷo*$?<9e7*+7cj? - % ?(_Gr'~m쯖ϊlnV^[bu(Y>$_V-ocIvΓ_~``0 i ]YTnRR}wj!%P$U\DRRfe'{#{o]HfNwf)%D19qbk;?e-H_p|Osw -8/vS(W:M?O&}FGK,w%`g Hvq3:l/M%b qTY's3ӓ !l.[ j{=ܧw ލ/Ὧ -dAÝPs:;F;p7[>@G>> 2 YZD_/#~SXu?iZYLĆ}7Xffgf02>LOocgon* iÿ }뾋\/~kw,}GNm1:m-8gWL^ h87^+˫}סߵ&w7gbo7"Ç82Ϡwfg6|BL?ޙ=x-&w㡃&HCy>>f߀YK%Iw_|_B_#@7=+' ?nk}d;۫K3c?k>T g[_?{j.psTz'Q\6cwID -Z7fVJEr-!\7Xηi6K(u~M>N.GS$+P+++do?n"?;9>s:3|&y"9;5/@ꇸzbQ̛BY.b&jj@i2F"//C>O?fO~A({k@SRX>cM[k+KL }u||I`"Q%3߸tRDX/Wn\3'svF1Rl2 zVϤ3Q,_pPNa~Vuw#}NGŸ[D@IZDzWAnoow - ϝ7n[zbYd_WDzI-G'?P":z)v\ow -fj"滏5&0Mx-ةw\^þ]|?-[w@y]F-Khzp@#5)ҾӥN?<*[Ln+g ʽH迺:?Bpߣ#\[]Y\@|Ӈ7rRm`p𓈩GɜdF|%ϕ&_lK 3#uh V<7wב~ϓﺻONn+gs½ -)uïy}.$a֡?\zoo"[DZQ-YDzRS">m#>BN zrlww˯1752'O2ːgQj:'d~7G'G( z+2K1nKhk|'lYPЯBKe T֪pՐ-8aS 룩ҎK6oO?1?2v/'A|q?0O8*߾||># -B Jv\Jw=>B=[[e7yKteUښ+ҏ_gg;KF?pFr3?:<4_^ZIxlgnĤsc;o "`,9^S`l}@_Tޕ|->.woFx:Wߍ^\[~GM (`Z,YvSh=ݾȿugRƾKSs;-=~p$/aPa.?Ar5oo?TG>}5F),vJ*܍i0t3CN:Kzܱ$}Lls_(@~wZ?Cf=%\JW\=G?cE/ "p6^ί鹳M!I&%G -_,ޝzIŔx~[wE gbc 8胨Jg|ǵO?2WNQ?\\C -}sƙ BW^WJ ՟ŠrGsKE-өK߹_z"ӟ͞ˮ%G<MRJx2GRBww8sxsӤv+0f_ ?_QϤO=^[fH^/*<(//"O?)5o7US$)p -yF%&_GsRڞPC@QogҩZϱӀsKcߠ`ᏋH?}*;vbe?'T/aC=Sԥ1o@?#d[ LU5࿹Z K=~.Q쿱0 x &[aó,|RFgx yZ~iWe? \ S[>?sNuͽo }?ok~B1$ ?q?}=sAQooсlz{o}[,*ow/]LWb?$-g?ƿnNnG%C_Ho_Xg? P2~ciaRdžPə f9i2_Hf.;z69W͑dA  {<+ȿ&(2Ο/M]\Moߧ3+@ ~~a6[[YZZ8r#ݺtm?ySI w9r+zs8~=]G?믈#~@.P%w+2Q\c9(I~{85 Gg ?*tMf$i7c<E.=*}8v(DU{/}~E?zHGq8 &;;4p&G$?+w?LÃ?J>7-C,v-' `;U/hU_0w__8Uȍ`}?}TSڗ&33-cO>8uy⏗N?L @h!Do{xxUi/]˷ݾU*EjCVW߉}]W jg" -@5ޛE߂]K@?-/8vs\\tg[=4@ ?/6/f (.~wU:?xJ~)~uAڗrQ&AnwߧRiޟui oa.gaߐ}w3A5 | ]ߝ. _}t * }῱zazf?~c;++?#4^jMgI, Hve _ݺl`/.:H @ ?_ _Kg~]ssN_7cj?F?i?ihW+aXoue<ד|qk. -z3UľX\8]tB{ O>B?z7{''&ւ^;.u=.`$`;y)WLnk(_}/Ox? -+dǦfg6p`m?Cd?[K~L?'>C՛涤6~"N@+*M_ߛ O)hG8GM _7W\~H~n/3<,Ć>nTrZ]$+Oh8eJS?+Aҧ^e~ x2,Vsˉ8k* -y({{~.0??c#M0V!4p {+c}ߦr+.?}_C_H/]n~{43?~u *şpO?KGߡe?41~#ONC o{dS眒whkXȏp&_:W}?s\G+s K[\G?<:1OR?e ѿ07;;={~Ǭ݌BWIZNEqN?_`~?򏿕{}pN~NF',m{Ky02?1O_^-?s3ǷSg??DX.A~O*u%c[;`5'=Wa?JX.?KC 8:rvsUXV7wvTJpo1%]\4qx,5lc?ϒxҥ4/+3rj"i;gY}W_I -QT? 0M3)@{;oI_y U ed,d=2ߊ?dy_@?nO?ixH?_7-}5 -/9 -6?j¯-U|Я -~3 -K?Hf,,,nlc P8KP>`_ԃ\ñC*qCv*ccᶜKamW3 @&@x?G{Dw4$[On? .~r[ib @`): P2~wރgm~ g}T/VANw7^ pHw3W7 ? 5oT['1"+I/2|@?CQ,LR"Ҁ͝]Qs"p|Xo '~fqG?ªлg -gg@>\E_V{E:Я~{7 WU > #05 VV`<#˙Gt >cp(U(džP._nls?p/ȚQ^eˏψ}-Uwȓ/4ƿ}7>"M(  -\YY]]C*N$7 s<|>ed~ L? Nɟّ ./ m ¯~_WUd;Ī>oD5sDq/,---! wiA0[ 5Ң['I_486/!{?g{ -sx_9I>|6amG *w4R'@!" [-We{Ly}`e~3(OIۅݞxц真f?5g:`oo7y*%z~{nӁa+m"ݜ~Sbo@>!m@D@fQ - V`CLF?do2?!z;vd֎0߶/.o`kouW>tP_9`aoCCL "R% -ioSFê'c})_|t!- -rC6/Һ_X46Hܔw_S3W<}yY?8G@ 0LvDAXX"c+eV/`-?\~G7i_7W[A?X' ( I髢CM@$dP)Ͽ|x=R8xLLL` -6X/1Ϗ'5?G49?=K~9Lߔ}__]:All^h'3,;ZD 0wEa &w MAl"@ C ̀3)?l!S)7?7F?o{RT_HJ@@}2sw-a]Ŀg @? RDyycd97~/[x5s? umE0-n;?*OhJ4we/bQ@5)@P!`6HH$|zI?I> x`#y=&z(M?=DdgR+")A̿;Q O?hbxm@ Jj6h ``9 }`$~ -?6p?q3K]չQ~"ﲗD&@ƿ/"?Ti_3^?J`_mQVΑ"))  6/JG=`O ?O͗T|?:2'~j\f`A,_-'o2\cPӏZ)xT $ӦU/Lp&'c79Gf=D3egJ -a<̅(?;GzK/$7X .p5`2c|~g`9s `]>˦ ۂvS N${;οz \T_?+J߿FxSІ@TS #0b0@>F}<뿭;I:np;JY#KcdXg[o =k^6[u>,a${ >& ?+s67K7$` #P[QXYP* hJ.ƀ'߽~1qbw}kzT@i`JᏘթщ=T{ģ^۫)D# 0| C MZP9o|՛0q!Sם>aodn*DG Z-||%9[v=7+pM-|xpTHC"CC_|?{V7]+Ps lA`/uY9a GKGnnd|dlC((0 T``w޾|fd-wm>uTkO4K@oWg~;|v}id|Jv P\5:l`ćo@0~~x~>"/_K]86 _aOu@cGlw *K'?}}qd&վ#Wl -ű_#@N *l3 lc[W%=/VyP#PްߣyܠI*o?G\T穝{2N oh~/ތ$ֶ3W7@]޵IO?88^@E龹5J N3"W4`/\3Z ˵JLfٟOGp\]lq,~;%X5@^߂|^( bRժp4Os.tI0xQk/#"b"4ÏyMo3Hw)@Og* -x? #OF~Ǒ,!إ%~/H Ƀr=>#DT?DϿ&A l4m.$?.7HV:# -wqn: \#`=dP@$U' 8n`ߠvwWYM`]Z?6~4_?ebN?:F` '7g??  @;>w-wŸ&8-{4wOM/o@~aɞY_+R 82L@|bD!{gκ:];/  -@/lbt,,ҽ@ -;~ߝ݌o4Nr_$|LQA_(duW_X瀌~]]?$RjzC2;2S'gq{/$r&(W!cab_FX1gB0 - H`QwJ?41^l$N)޾+;\Q$._B &Q9g2CER0`Ӌ‹UCF?U^r& -KܜFb(6%h"~ܯs _ 8G(g Q } @8~XbG7zk?7į Mlks@:KklCP@[ol%OM<(' 3`2_%,`_[C~~~YO{|).q6ׂC/KGSI?@n0[?W6%`уb,$K^ 5(Hx`TGDvq" -px& ĂÏ2~X|?r>Uv_Ksd@޺D0S'}/a`/ 5ycf+ y|YnN:7jF866c&)0HI -pDVc_oK |` -@LXЀǿpLL@N)uodb񙝨wl0w._9z#/_ 7D;fO0 `Tӳ B`0w~H/.C&R?SwǿMoE˿C W~?$US>(~ߖN {irp"a~ߥ%`H ~?T@~cqnP_7 @H(D??Q(1,=RWkUk7o?%o3l0 P}1LEI$cm.994)#&`,## -{wXߏױT`A%&foI75/g_I'7p_Zſۮv68Nx%(ξkNƝ 8An>f 8>$- zVWzЋ|(e>;-Qۆ4˰ G,\SI! -@%{C;r? x:/C>r5Ÿ}Ze:>MaD'\0M -Ø/tÖ(Q85@X&DFO:}%LM` 4<,:=LE5''}HΊ-xv}{ߪ×FbL0.x);{~gQpuϾtRW+}ߺ[A~O͏rEQŕڕq'Ogq>['+ԋ<[ -0b*LA`n(&rnuYpt~  ĿF_v({|tW^w_8W`ׁ -س:D2/%~\jnu, -0a  B4Vhbf r& L>~*dg/<*@/Zwj'~s ![wpVI -1k+ ZGO?<96^`_56GS6wk&so[$Iuo׋ E1*dŕ -JQv0Nixgcs$1J ӍGOVJP\zdۍR?4c8:S1LA -v?dHȿ/)'㣷H$ Bm+'b\ҿmo(_NV5s?+{dC;ifhK, -M3ÿ< 7̿3:#W~>;_Cd]Ip[d2 -Ib09a(,>@<<~#tx‚sÿ?3t`SXt_%x[YgO@"\D`z- -Uؘx0hjzP_^j{`.ѧ΍㢟x?'_JN_' ʾbRU~d ^ -qn3ɾESl  oſ;Axeߊ5>YyXw*`uDŽl1)RT=~?_+"3>7[ ?B@`B㐟-;'Y@_Wժeߍ`gª qG$4=`ˢ9ʿNꀓ]պ@o @we_8/_kaSQj 2Mp`\Ѡ}^}@{~& }oZױ1sP7?iwV]@W6GrK//4%QT߯U*rgX k ˆ v6Ю!f&{˿ 8&Gɿ=r0pP?=ɤ(em+X+W/3 󇒿H# -|$HcstT V] -e?0c,ts##F"?@_ -%Bo֣Wbp'U (C 8“B_d5.*.4[GqO [q]KGa.,ɿYţ/*tVL)c@!l |[TgoǪ&e_ -9( @A/OKW$;o;+S⸑+U -PwoOr} -cOD)2@GYGQ_Bg\$KV-8g+ @<'N7,lp -`+wH@'ԣ~!jAbcPّ@O+SV~߃~#nnV-ɿ%'omsC$_dL?qgߑHNXA<@3uAP 0o_'6M?$@ t͛MU*Kּs( {,'l@ϰ*m, p8KO.<ٷ(1*8i0h gG. @_)/hȓ;N=G_2 |ŷ8 $ -3?#@E{,n_=~_h '7 _!9I?gkf(@oVDxZP1vs1ЮG:#Gr| @?[ PǿW55xIC7:9jG;9N?d꣧8m(w̿!10m=!̾/e{4[xOş\y M@^d ^Y7?l 0"NJ{/&n y@ xv]^__A* -"@q]O~wF;o?<'O&X,ÿfidEѬ  A)` ǃ׶, -#vϰ-,e7n$fvzFg? -|"~ `j!ިK|ΥwO]j5rܪ) p4hw+pI8?摆|Cppf4@KY-<l#P7s';dWŵj\$}IC4 ~m{ͿcCuğ;;-'OWvS?Wӊvj[nt+w9jYRaؐ@mB!8>>^RR{>pr\;P)8x` Mg%@ʿng]{REaA0Qܑہm4V&J@EQZ$*@/V @LQJ WzǾJ2QUP-].w,I*?t*9;6/n}Ӧ@ -㇄n b`ecxG(\@.@هU,>D7~maC0? UނF?W[eia"@A8qxH؄9,<4Y «{#o5䋧S -'{$3P~m__ -߅K97RKߊ['Qk;t EnP e"QQdиfG";?TE ut|XP@۲@!>v?ԾC"eχH?TZ6% J;$ ;|pȢyQ -u1`jzf{|8y -@ƁhT8cdhHja ! @Wϸ jR*r ~V\°mVI Œ hh`4<@ <7$ M$0E=oiC}`?'O IK ]/lϓVM?nֿJ?&KZM!.6)?"8@gMwåAs`h>WL`B[4oO)N;YhO*_Jl\=E/ʕ=d~tq -4R =[$v ZdP (Ӥ_} H. ە gE%1:>H&53 K$ {{EϿ?0.'ѸwY -j - |n ` -6O[lǧM@!c -L||jm=P:tɿr78 -?\t<]^uH41  :9W {'z?E7J-WE뭮 V4|9Θ -pԇ6_b. ‚A3d502>5^T˅E~޿n=~̵FUNlEH -@wOLNU= -Ѳ?1S'}6nӽ Hbjfq/@ ,9%;g9` WS -\q: 1>@?3 -_>rfnx?nR?T0w#+5\:ENP -А(_HGM7`W=:O @&}\' mq'HbbzN=7%@gpB++Y?Ο2ګ>RVQ/Ky110?x0EQ6abvSs*? -߃wf4boU= B?h !F&faРG;|W -'[S}4XvI"E0cGV0mD 7'r!cqjrO~{Oׂ\զx1n<}Y;{T -Hg"`]+?ӳ;3?%Axd eG=~OYK(x -VFd`}.~skIB'ľ+(bqr/z4)0@A5ٰt{>7g+;P -I`º` " -6=)jRg&@z%陹t%{QHP]ō8_~wE@U0$WATxTZm-=gq'&=ߊqa/- -n]GuVX-uMvsc٬`ZУA@eOj8`hb -L/( - xZ 5ףߖ.V6 H${1X <g` I"'&CdHӲYA闶~ʿ faC=_a_D"_Hbb - +Ɍ? mA EoD`L"`pVN1FW%Y Vc?0ſO: u^v!3#c8;* j`3JZ`%5E2?2` DhQ0 h(iz` #q4 2Nē\='_d -`fFbvXv>LBb -Rid8s˰ {SNOSXMy_~;-ۚKnTp0-ʍ<>[+82A[G{1[\Z:F\y><? p_IWOmZQݺµ b`b`)@'TȖoA)?;) $%": -v_XrmBNY;* -Bñ̰-ho-9@!c63;{|"0EO+ʿLoſwA7ے.}$0@`WR> 2GFi[SQ h$Z(čZ_~k4;@FH5|zL=};0G^/!\q zE?nmlQ-G GFY!4Mտu -D|/_!: TˀBz 4GwMq -`_POp#  Tv` ˫;{I!h0;”#H?OdݧFbWqzxUfPQfceGͣAލ_Ÿ_ZFx<&̡`}sk{gww>48jC.o8 + 7א4pG{ pUY8x9ro熠_B?"5*o!6: @Tߌ= HX@C>+N3ɕ}%˿>n߽; lI歙 -Ш : -`\< :)3%/'(+6|/5diŽ).f 4v3MqQq+$Ÿ+ϭ4:")X8(9;^2/#`zAfl!?+oȤOn,l^XZ[Icƶ%xUMzB`(G AThڅߞq .OEO(8zIXE -Jo 8$NpZRh.tWN]a痋xbFں=6d€%:숮azA%LVbg}ab0>ѮݫoEmW낿'4odU(3DN -0C 2/oЀLÏ>O-+kX5'/v.BԊ͕`B}ܯwM1WT{x0X; -& -+@: qa/so}+WVVVcֆu V㰱!*ĦM&D\_ G)r ~/?JY6kn$ - [ ǃS\ϿJNS~`iyez{ -\e -a5+_[-_5ߠ_R؁ۀ†.Zg0>YQX e|4(l8PNB,cxҢs~}PC + #o K ^ۀ?7%NKMh' -p+1̶NQcOUB?g Ⱦ_&Gx ¼s,H?( 8Bel+gïA5~ʿqP/m!z hYd`{|QNsF ˮ>޳~, 111=3?7??a.wߥ~a?PHNED=@>nWMMW6 -0`O1bZүg xOpi{7[SA>]aXtt`zFmPTNouנo`@Y>XG>~ /չ"^|Bے|I|Onף -we^@XZMMw(z}/? G@Ixl%#o^o1οj8X綿Ң?_5,<HSQ*>f;T' ]@ch_ſ٧S:й~޿೸o><8 RV:`:,)8v~:#\ ~xn 9ёe~|”N4w@]Hm ̀>@e!f IP9HH=sBfq`qmsyg0znG?o?14D~)|%.޽oT1T@O¶A!XWL[Y#<DÁCAZ5|zڈ -~xE޾{WŇՃ|^W0$-CˆN\ gLNCmU@ -_~~Bt o^q?_odׯޕC? P?7p dCT$&rn65B~4O]o_W^~ʚ_ƿW -Ϳ3%<4ǂ=`Af>>=17HjdC|3^@@JVzWwvv|zyyyE_EʿNwwwVVP ̛7 7m]r8޿?[\CVuNl/N {3sjO p_~[߻w7)'PnW쮡dU5*k 03V%2!D`k.7Ű*V/ F68Kn-͌Ӈ5Q}R7 %+&떿~yw@"UNCŒYPv2Xj)gܰ|f -,ٙQ];X/_:z~x s -^%?_~ttج -rU -7+< - -p<@z@R?1}r6~Y*772G.3!@8u}ȟ0nwHlrد ;C, -0H*3]?>>?J?v - |ե߯1/=?w bk %-"PINY *`n~a~ yZ_]^Xǯ?s|a|A%şh*Y~o#?dϗUu(ꀨ^# ocmyav.0P`O?c4æM _Wtps*gFUn@Ntm@f\:ƶ#~j? F'O?LB*@Ed~L~`?~]>`\Q+f͵T3kI7¿|Y7'd~M˓եl@j]0.(@¹ -`@:&/?;=M'\?D| pЄ`Om ^&Q8q(xhx῍񟞈4H*P+F 4%GW_xo -@?Qe?eP(sL*YGz?9G }_ye! h-WLV+J?CgpiM4|W< A/.Á}u:6OLX t[Ȩ @*&/ȷQ|`v;@T -3B!}OO>y1#]r ~W1ׇ݄য়B5]z1W$6ipRqN. *@}ۛx/m[j 8< @t^H{퇃`@kAgæߑN9~̎Cؕ3dL(;Q$Zɽo߰$)Yv -0veU9 -$< ?1_EQⷳO da?VvG>/!;6h.Mr*6"H -Fq_'G{;ƑO޼&NR8T,%@W(ʵr)]RYdZfßH -`J` -Ig7Wqt?@-! J *O7knUğ߮qXWi`Fa`pW>d-PVT a>K."淬񅊾DFH!,?ؓU0{$}M SWȆ*`f=/7_5}_V}hK &6Pk^@\ )*@Ӿ޽?;/m(~ggF+R?Y[|)5hQtdޢ7{dWfPQ ËӾd''|DK!|1΍#87~ o0hh yYXG<@z z75ĂJp߸ga?#''c{I@]~q tT6^ dd[@74@FGeL -@K[ -$o};m+?b@5-A7ͩ5$v z ܜa0 -gU0)`kYQ?__Lm_¿7h\X/b=r>b J@xoK6O~}Sw)p_$'ZGf$c?#~o_%w\'F]@"n(:`'?ϛ3c)l7fF5 bW{5pNb; -)S?} яqϹV|/\.-h𧟑 dGx8 _'?pm5`x.*]O-E>z!!_|i=F\4:dfX !z@T3#[K,7Ltr1lV %u|k}>"(H2@M+A=l -$&`qU3jwMo"iW5 ~S;px05@AO"ሀ؞~оWoe eЏV0`( X\Z^Z\o~3?2ư/e?uǿ{;kQg/*yw.O^ӲTwߵ(}œQ?_޿{$X?FY -+T`$ ~G@50 {LKs󝆺+?}S -8;!{G6;~;ZN M ? N=Axy~BuStݝ_ZڥߺnxՋ'7_-U*n 9j")7O6 ?~N㭺 > z߉V>3~Z\ Z6)SXʼft#sWe<$7` -?rykZJP_{QTOA);s_znHUHC|?cg'@[T!ЂÝS#ڥSO/Fv%Zd/Oׯq ﶬ%X}߻C0@Tn\9/A忸< *]3_?d$J28(P0>}`o_|i"7e-8R>}qj@¿H⯭Ee?%X 훧#]M$f}]KgwџJw0žΟW⯬? _~q="M.ÿ/Hǿœ}B{WWFUwٟox/] -gccݟ  uill?/5rO??JӤWwO߻@_*y ΧI.YXs@ܿ) aׯ^xȍ9&>w4Z(o:S??-~ OzY_u XȀ'[[6_;/v[ͿHUA^x@~*|Whm7=Vt|O~X??KŸԯi-9 !Q`#F g}r ʄ[k6]$KAs@pejLF I) @ˁtVR{g ?wݟt ?v '@86 2?=O_h(?q'%8 ~F7?'1@1`0#`M\??yAΫ9쿚kb$uC -u-m Z$}PN՟rNl@?ď pVK5?C/_o﯀8ē&2# };ηZG3@^ ]^RJnQT#5[v py“TGF T@(>5}e% $@gjο @*#9y #~?Yr PFZ0?Q!ofv@ z/ft1I@*&(")8LcxW?} q -3 j?@< -L70PpwӿX ?Sg闘I.qC 񷙎:=_+ۀgts-&'@$ wxʿ_9c.2 #>@ ߦUͿbUL_$[C_ Csdɟ?~õQlE/x X' >|wNL??l.m@/_^rO, -23߿qG-Ϋ=TK+WHn'.Kh7HhBm%_?^VW`5/Y@^|VA(pC E73H -x -O_v~9T+ ws _GK4!@^ ʿRyi5'M, Iŋz ; D V Te523/C$.Js_n|` "`Z;Uo7߿hq$P˅ۿ|!I$ $FCifw tR~7f*_g'\  `zy?{1W\prʅ_.x@K֡?;^ jKWy32VQN%W+ԏ:gƟiq{xl{W-R --   _/+t)?A046Q`D?M>R&~U0(Z S`lamL.įǡ?yex꽍q =B99'kmtn|(E"uZ0?U)ElKw)Y^08JW> Ez_N,ޝ XJ܇wF:zF' -k_܄5r _~?灄G}E;=C{&iY0t ~#5 ;ۻg* _@?~ jKVOYE, > `7?x|_+{Mߛ_1$%+y_'}ٿ$ 1@uyp^)W·l{?GmZ:{'6yIL0RݺPF ?l@Q_7͝Ut Ms/_TеqWwu `?Xﻚ; pP<4P!KOH_A? A ?;>_R@Ϳf -g~Fyԧ96 ll MsW_!,k0_3_QlRo7vvML,VG b) gTf los;a546 -%ͅ&i' 7[@OƇrb¿6t;0219| HN#ٞךʡ:HV埩_UD\'W>&8=o"µϕTk?3bKI??S -7w?K3?s~eK7[ڗ꿴TQz?MקbSȽܪٿ%N鷺Bh&'.@KijvX  mo/_?Xn5 0h>?Pǵa\ AR?Jk2;uwZ;`plrn[xr`0/j*Ѿdͷ-psE }<s*V+mK[u# }d߅'7_~(_F7@J&C# -/?-o9@o߿0??kWJm;;UU?Kl篱`&"<sUkf@qsrPV%vTJ\Y_c/m'jp`4= 9@8ϕHucΓں[^ @@F ༲03ߡ?ѿ*7t߶ft j`R3 XO S^??Y_ lkP씊snЅGhpw>s_/t.Kot7:Яis6utzz`LO=}Wno.Ӿ=mgO? ~=K[ߘ' +:o)Nϫ=tV/oiG/ Loʊ(dg_Oe_` wNz.)8^躽?!jReA u4##g{ -/G`}z=io?ooj?i:eC~dr0]hUjnoOm_6B۾3+n6463Bf/{<7. %h?џI4P`G^8?pq^?ӿIOQ~cK<(=v=d82653=sq̦Ktwk2uZ\RG cS.G*Ŀ7(MjeS333`toz4Ss?{L_~K[a84 @<(tu@)C'K݅+?iCβ/TOhlj!` 0 `nqpYq{kO_'[ h.D=6/-jOi{mO_U T^v]Y tV`7]hxbǎ:hySv)5lJ`澵s@Pw׳߫nc_ߜǟ#ͿwÍzt0O-q0 -W.?Yr_+~:p68@f(giS@#3@{3|ҙKo?5GM?D`:247?4^cdl?v; '@646`] -, vww_xϿJNrſTH;[w[@W?Z\1:?ďΆKg}{\x?[iϠ[M8u-xxxtl^ 8=`8]h빓mϷׯ??p5CxP7G\oSϻ~('~~Sz|@[G,3wǚP[o\C -booD?^#4k @@]Ӊ?h=WonOaKafZ?k.?7_KlOWw $jӏ @xGh@@{'V/G~-//Cտ :g.Jug5γv8B F9 ëz1/9[?'3@<S@`na 0?Zw`iOAYW/??3%t_f)z3@cMMmxhlKNg -e@V鿑|O_. @pCt Zڃ?yٛt7_|'韒~'V,xXs'd'~/? !-@=i;uMUd8]M?s컯l_ݫjOw'7_> 7K%P{? Np0e `?Gc`x?~/?* me,]{|_T"G_/B-Jqp 6,_~ښ+.=>߿,/W?5qB@K" t -^ nP}//OMG9O߰-Y" s߼}i#5S 9S^ -Q4Z׿8; meX~{KP[իRz->$w/ƿ\5nЀ )`$ ?>ſ?tKP?75GSUc5O/6 -Y[/ȿD M- c{蚿[7]˹' -t?Egj/c/F獿wo Zx- =߮1Zͯ??l?ILϟ_c/n_,T[/f;V /`.rFn `9 @Unʯ?;sw_z_+]Se˿>r)?pB x-@SjLM{'- W}S}w6]~?9xսW#u@*my/'dcRt-@a 9AǐO ^zş?r[]CD's/?04e'E7o5!@K[;t90<:EFn kfkxǏ>.n%W -/ߞ~9@p I 驩9-ه~XΦzX\'<"GZk4_unտ}:n NsS$T _^|09؏w5ߪ;#w )4ߒsL/#& %@$F'IL<Aؐ|o;K8}d)SzO?oQ<IVp@sN n D/G ?3'~q?&-O -Y -0%ۤ e) lZ8A{0>OMzvHN8K s`ۏJog3ʯ~>ӀaPSg쟡_ZIPw `3~ -!n Л"`& v fE`anjlU_wZΞ>73&@?1$_?w'6w8hn '&` tC`^|'ľJH}C?,=wnׯ?s -G~PׯkU+m B-> #&}`тyXЯ:_t ϬoO ?a.b]ܨp@Y>Dz]L``MNݝ}b`a![¹Ϝ<~C7mπo6k=hnr7~OQ|U`䴛+Z`at5.^[Fϟ_*X!Yy ]_?\[=M8,;p< d/.</)556B n rG(?O BojbXZx|la`wxG2`̀Q~| -əsA3 K@ h3<};~_C_.­??A?Zt V?U}KTOU -MEwl:lnmAm6;p3o p7c$9h~~aqqKsS#P~vww45ANϭ}O v[(&m<s`. ܅3N@5 -~fzݿ`v=f&FG`ǫ܌Ƶ/L?%_?[J_3VOpk,>oI`+N$С@o{6.CC#kxhx^<.=_hkalEN?yݓ JFghY@- -|P:YoNNn{ " }~ 'cx!rW?*}=~{{[kK@?q~ccGs|K 6 "uO ouEP|9XK x} -w// FIm? ᇷ:;:Z[}o~To-?rk2_yqS@ԿU6\^s 06/m^ zN x |L(~>s?7_MW=+|~\ }rut_  7 -BO7܆=݁U "#B7p쏊?-u+ke1 4m7?_~Uy n;|P/F<$ 6o~НPZ -=~+K?/~8| sR?~iȃz֊LCg =? df @' -#.kI𷓺~H?nϝ=scG@W_<Z_Y[zs'WO w k 7~믭_nQ-_mr ukay矗oN? $Nq-Fg@b4$ -B0|B޵@'?;I{2 |oi_/yJZMb55(Fdw&@` 4Dm8 =_]@?VjBB7, 2hn_p[};&>T.wޏJE\O:C~ٷS*?unn[4 ,zwy{a_@NQ' OJo`knHի<7{p5WjC -9Zud@Uw]ӨAz|-a?55d6hTTq>zի$~ wS^=?j#OvFNk/,Hokg_/Qwp8pnodՒ~-`'Oy= ~wA+([i# 0U.o3W`Br(xȯ#><CC?86?M _i[_}(02 ʂqG }\O>~~T!?] K?5Ew_s= e܅~ +{CNf!k+ѾW#'߰uӾ]^ MhdmTErxzR@>lagG~&…m/ߘLgmRvPkdL-g_{"Ї=? -~x?{kE }]U_& Ot+(.@x}߇u`%/{ſWяQ| -Ǐ8w4+Wגk Tn_cg@kɑ4"Hckgo_uOLtן?:âjk V<Vd}72SzPυL)vwuH  oA<}o-=5֓'| دoN~*O!/ʡLo]>Y@bQl__ *jE2<<RC+S?XOOmt;ſ]$@~[Ы '?iW#7Y| < _E'_93io{|mX(~K B2ٲ*w)|@zm៪":'^DNu6RE`k|_o0*ϿKA!DbOƟ5/g7ZxѢr)} -Dԯɿw=dU=(4_T\jG@-u-@>8x?u7ĿJ&\bX`Y%5@ώUi?({V,Jmv5_Iϊ$_=Y_b`+*+nx`?2Oԇ r,P~O_^Xo^o@Ɋ采,+pV$5@[.??gXURO$'&7ro@K,@{>&rO a/bK#v/_~WSUkh9M'pR@˶b_?Uvi[ |G>@r H_n ?3_DŽ)1 -dL{wdTQ P̿)c @ w@Cw8#@?w/O_??h-kh:s;zH֟_O=bEY- @?w _j9){MO@A <  oq7/& 2K&GmRp /_w7@$~uf@ο@ _Dy?:F BI/߶Cӿ=& {yZ$~`M^?,?W>yGHP oX7ډOG 2\^s`-NV P _!ypIϲ޿ȯ~{+=y QrfܿH?Y?@B  J[ Pb7 -y:/=oȧ^ = !`/JU_| ??k/K4m5)H؉H@*({/ 8}$\[o$'5 ?E= -?a7D05 $W '7tc@@Zp@n_ `d! ?UY7U?y T}Af{=5<ԿvR@FE={;Jj ?:[ -*{)0&s+}ߩgr5[/瀱Amړ$z0m4_}oϓP-"Pus:Oj'l M9HjDgڷ_&Inmտ @/P&hRcAZ=@3@_Ko~ĝ J /=)ߞM1@2- `-ADZ -Iz u|:7 |Ϣ*І#_~WL#c @?= :EkE]2M9~te6]_#m' CH j?gY?ǿW/6JJӂ󿓨OjZwg$y ᲊoT+ET#Ͽie .x/p)%:zg@j%;b pCO -Cc'5/foٿjTs@KR/X+nl_u'Yl%.f'{.R@.SBGV0mJoj+d螀T1<7Q3 -\ہ$Z`Dw_lY/[iC!vovʿouYJH`[dWi4?إ?&=KzS&@Q@ cݷ?.ǟy8P@$*v B b?AI:RYc>V)WVrUm|>' qBgE# -endstream -endobj - -5 0 obj -78028 -endobj - -4 0 obj -<< /Type /XObject - /Subtype /Image - /Width 350 - /Height 417 - /BitsPerComponent 8 - /ColorSpace /DeviceRGB - /Filter /DCTDecode - /Length 11529 ->> -stream -JFIFC - - -   ' .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQROC&&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO^" - }!1AQa"q2#BR$3br -%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz - w!1AQaq"2B #3Rbr -$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(1|]b~&o ¼tj7 *Gq+]kזzg#@;Jhufi,Wۨ^\BA"2EPEPEPEPEPEPEPEPEPEPEPEPEPEPH̨P2I8UmOQҬdE -IOx|c} [X/ǿӠh~"LiQa8~=[޸ۿxo@@z"ԠmxV`,z^,I,lC)_=װ?7 ۞ٚ9EQE 'PxJMhϫ麉R6_C{MV$_b΀8$js +F6,۹j?շãPN+"=Es} -M VS?x7 j2߻v?X^ץQEQEQEQEQEQEQEQEQEQEQEQESTԭt ooԞW[Iss" JYݺ+ļ[YG"DӥC_^xP3NJ[">hEP2Emn啂"lޕ_*tFNjG1)ُ?jtZ{m@U-F7OX̣xźv#{ǑM^x;R|'Z8Ew -uk@?*HޑOPWPEy_<&j:Le$KɇzUeȯEw{ OҼ9ᕆ>+פ:gjR~F-c^x˚GUpA(O+MrZ^8+vWWY@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@2N'v4M2_R? x7GN;;~~Ȣ"(ē 'Moo=[ZD!¢ ^ämԂM}W>Q?&A{^P#ź繦xbco2@qORm??謻i~o>qʯh*( -&FD٣_?Һ,K/ƀ<>_ 2j"y}@(oא-faWIEx&^i7i E⩲׼k:=fm:5#?GhΣ} `=wV4SDۑר5D"m!_o^2Keysye)hU>>|)koX\Gw9=A(((((((((x4XOe}A'~?Pyf 71#RN* 9$zJK#I+3rI=H@jhzwDŽ_7AZuֶsuwת։ke - -tUg9a[lM>g[Q@Q@+]@z?kX2*F?sh |>l̉[y| iN(ҵ(9/˥B;X3^^[^]͌?ܷ--qCW(\hqGיOZ3@Q@Q@Eso ݻIJ # *Z(<[gk0X׫E}kwUtdu 0AWx٬ڎ6Ly>*t*;LsFrb=+-{?Y2"~yW:iuswg3Ep1[('b@MxTb|mvI?ΙTaEm 6z5<_nO޿-n"Z{@QEQEAsykf"}]W'x)c L??bQpFOF/F\wlxf {n?΀:*+k.[JNkSN4>D>տ[񯌢!k+Y5Q=ϿIyfvG%=!/,$r$RjTZkMǗk1En_ݽ; -j‘zYz3_n^"U -ԴQ@Q@Q@A5v?޷C+?r[7Czz{7|ꮿ/rUs#klgv+t_ԟ^^'|j  -ʃ@(JKj;?y$+<lxSEPEPEPHꮌ -E-5isa'?׎uro鮳"J)ECzzW_Z+m{PaX2Eija7cT]jZdM9]C)PM"hݕBM0ԋ: p:n,׶ѓaI֓z!ʨ4YسPN% LI Ԛ$ e`VEGjbր4eǦ\Kq\EhEG76z?z=?}[jm{zU܃>@Q@Q@Q@Q@Yeq?~M׮-yJ~. ^m_?@\跰rwJk>ˉuH #qz=h&.rL}7WHlp ?J3Lv,@ /JOX{"5xƽ%EQEQETwmo$6R}J<Hqas~*׵y~˒DŽyڽYԫmD=dg) I=M0?]jӀ#@i`پ^PSS:2oCA5C2n_zPɤ4nhPi@iIlnXQޠ&.z -%rIcހ,\IC9EEB#Htje(kHdob8;NTp{׮XeݳUܤ׆۟2dy`:`nJ7OFv5r -( -( -(<\]+о/OR$<k]#$?eת׍o'V U$0+(3ijz[i1*@MxL5_g<v?5tLk|"Vm^)1k"Nm@Q@Q@Se!啂FYu4tp[r>q#;Gv?Y%I gRWԥ ?>kPmQ1ji47:R1DWL^zO;zr:0GjL7/=jӭ@@@x4>z7X-L!wRzZ&JiKv(4YIRЋSR!TrhDf`2Ƭxh#>Qnɧ ԪjV6|=O߉D?zq\h x0ޗ-y&'WBh_@$fܦO`kݫpCf9WB(>d*(W'ݮ 6?r'?Zᗄ&5yNƯ׶|<MI:J( -( -{m),c$IxHlv`>S^e;e)l(jfZ!jf -0jR) `r*%R_^Y* PtI -jt:b ?򬗇= g2uu~efxҦJƠ@N;UQj3*ښ9΀Ve}/Nz -O'hKƺ5 H( Ǯ(;Ȏ"r1Yv5vL* -ԋIzzԫQTPV.eu;}OƪLw1^Yus u>f_~v%Rﵾ`2𮢀 -( -(<ޑ%y&!4%y&,kܼ/?|1˜nO?ʼ5zÉ[ra??5p2?`DmW3+_Ʋ3ԟ@ʁ+!T׶;xMϤ1f5~] 3'bh((fKӻJ~I:o_̇ PBQ P,*&; -@£aSȠJE&(T 4 -x=aS$=*HEN(>hK1M#=Vbj2*b)PxN((TS@PT)*Exs,ےG)Ы|1(Ě{2?%`?R+Ԩ((2%y&'"io$+!4s+ϻIsyJ~KN$oր8rO?Z޺U$5SLR׽16xCJ19}Eht=#PR1=I&cRc8cQLhFTY(澓qk@1mp ܣO+*((d,BvD*~b0R0 =ث̼AkMz V93?'? -aQSȠHSM"!"TRbP)JHL'c~€I؝?@FPxI1@ (R@ AYpj 7>?4n*R)1@ -~)@O -p(RR(  -Dd-"=? -<k>yJ((  n? о$g+|d~N?\Wu MK1PBjղoh?go!s~LEPESiE91uڼ\.m!i3~QʽiG\`?LW}@Q@Q@q;'IqП Q2?ҹN,wgrDTdU\_ޣ"!"ELE4qIc9?B}*~cPDRRI1F(R.F4)P4S[U?_~^-k5ۀn]Bv[Qkס,-_]c╁P|G7sW ׷qZۮfpWHgA?ߏ#CᯆNeve-ч9@aZEL95n((O*A !¨ɧuMt?$g-ޟRfizJRb2utAUU>$o{J~]ѱ8@rqHEZ{bI'3b62j@d#f~"$ qs?3}}^(sFP!B*b)PDSqRI1F(R8 -pPLeA\EL8 -.[IT2`=A~g9D/ - bIE$jhCT䀦CAP^>46L۱Ha@¨*H R'GoZG=}Oc@袊(+ϵBo7ܡῡ+uWB#(M{kٸu]J\8?p.[lvr2wVvkpEEQEQEfy?Sڹsy$5{Z9XOQWV:1F)أZ#-:#5b͵Nta?0S@M""EDE4iHGLT܄>P8@F)0 -pR@ 8 -P((( ^%gy?73`?1+{ɞ;9?-(ZxZpZ`Z]p:Pzz?Z}Ty{8G*QEQE5FuvE.r3((("3QKTi6X/(<4д,:6zP ("QO[qQ-ݤ=p!pEj[\k`?cJk*ޑd @*ghUtf6 =SHH""&*6\>"y""KJ +Hò-a]8Q!>^1wE -`0Y14ccYD`J=P2Ylx sx 2q@N -5˰Qh@nnAU5X{HI$4W,prMznh:|\w=\GӨz~]*ZMUoz O7@GޠyJ:5+@rdztI63S((Q@Q@Q@Q@Q@ekM>?ZԎ_@BӂӂӂN \jx(ѕb_eoC?*׬w<3(hRq^]ɒ@AAog%oLeoÊ;_ٻeo1sx?󮤚j?ͼ،x:`8Q@M!5:?SBi X{q=`xhOݯ3@^|o5ICUaw2jziz׳j߇HX'ޠ/M/@<ҤQ)gr@jz'7 ûPKڦl,]1jgޫ^IUoz1P9' \ޫ==0V|WI KI#+mVM'Џ(((((([SmVD3?΀! J J8-8- hZ{@IWO< - yn䵺,g QXGm)^F?w'c{*kk>nhᕿ" A!9/#}-kr"{8#tQE5Asg)jlws?Z}B=/K2aWOp$Ҷ$bOry4 ziz4B^-mV_1(-LAk- -) (4P;R@&aR@LaRL"!"EJE0f+Kn#5q@QEQEQEQEQEVcx:Ӫ2/D --.ڐ-.`ZP)R(L2MihndxD wH?w2W_zcI@Cx~GAd){R4%UdA_ul\F?o3 iѺ1VSGPkn՛BwgV,DKC_@Y5P;8?CZ5cS-^z+ z~^zާ}6*yA 3Y.aM?pE7Kq;W.MMks@3UIO=5l;~~iZ6ІǷ@^y˛S_-[~cuۤikH`**ܢKySS%o>)*NEB£aSҞ\c -}izPr)T̍QQ@ s?,Vv_EPEPEPEPEPUf_:P0ʀ# KTm-KK@ZZ-1 --Fe0M@'urqUjJOz4hOO&m.r~uC@2[;~6IG5 ):xa}*BhѲ8EK%БvHцEW&M+'+iM&iUon1ozu@Ǣ[C,OA@4i5K'$T;LK&#w֔m*^%"EGN4TSH)o -̏Vo,kQEQEQEQEQETW*Z#楢2ۗ ZHzO,4 KP4/D &( M?I8 MAP - 9bS8ϚTw5?]{pŏZK$a]MG)q@s{ӱObm?hiB ImBc=;ivPaZL1Pd3]E& (# ${M`GPw7?((((((V`K{Jt5ȋ$mɘZKI:ʟQ@(?b1O9S=zPj: Q(K;\R)أR碊b~\{ -Qb1Ob SK@)hS7m.)3SKf)q~)6eNh`Z4 -z -Z((((((+/\7!yEr801RvaDK)M\h_Zv)qK@ R"w4y=*LP1F)Qv)JmP a4bSF(Qn(?bQbPȥ1xqHKBq륨m㹅rP)Ǹ}k9~hݒ tQf(;bcKs@ )qA@bSF(Qf(?b1N.(Qf)˕4$xEͱ2/oޒd*ޕ )B8~ *N(((((((((lREʚ̖-~^Zգ !T5#-=c=?OҠIF)F)R -f()أQ~(7b1@ bPqF)R❊g¥B9H}{j;Ȓ?ִ(ƑF5 -((((((((((((lB>3xyp7mYЌV5$]*#4d$=O. ;wb@(FZ?ZOq >.(0\DT|_ ?bsS~8\ qF)]#ԋgw't~gkQ*?;sl -!8m#]΋O_Z @b@jJ(((((((((((((((((n( tQ@· -( ((((((((( -endstream -endobj - -7 0 obj -<< /Type /Page - /Parent 6 0 R - /MediaBox [ 0 0 842 595 ] - /Contents 1 0 R ->> -endobj - -8 0 obj -<< /Length 9 0 R - /Filter /FlateDecode - /Length1 1428 ->> -stream -xkAƟM5[njFSJEd$ӧ!>EV2}d%ӧx!̗Q K2e?<QF {7J\sd3mPq׶Nq#>nGz+ LL,7SwچZ4kyBGc-_6ܺW -endstream -endobj - -9 0 obj -626 -endobj - -10 0 obj -<< /Type /FontDescriptor - /FontName /EAAAAA+OpenSymbol - /Flags 4 - /FontBBox [ -179 -312 1082 916 ] - /ItalicAngle 0 - /Ascent 916 - /Descent -312 - /CapHeight 916 - /StemV 80 - /FontFile2 8 0 R ->> -endobj - -11 0 obj -<< /Length 232 - /Filter /FlateDecode >> -stream -x]j Fp` -݄@2Eh0zܘE޾ sSҒ>؛# ,6=(+1ofA -n#N- Z -9 -g{|;[dG#OuK?8!E(h8lo'ckzLk {7-AdM#JQEHd^~0\&z*wof콗YS<\e+s >doendstream -endobj - -12 0 obj -<< /Type /Font - /Subtype /TrueType - /BaseFont /EAAAAA+OpenSymbol - /FirstChar 0 - /LastChar 1 - /Widths [ 500 655 ] - /FontDescriptor 10 0 R - /ToUnicode 11 0 R ->> -endobj - -13 0 obj -<< /Type /Font - /Subtype /Type1 - /BaseFont /Courier - /Encoding /WinAnsiEncoding ->> -endobj - -14 0 obj -<< /Type /Font - /Subtype /Type1 - /BaseFont /Courier-Oblique - /Encoding /WinAnsiEncoding ->> -endobj - -15 0 obj -<< /Type /Font - /Subtype /Type1 - /BaseFont /Courier-Bold - /Encoding /WinAnsiEncoding ->> -endobj - -16 0 obj -<< /Type /Font - /Subtype /Type1 - /BaseFont /Courier-BoldOblique - /Encoding /WinAnsiEncoding ->> -endobj - -17 0 obj -<< /F1 13 0 R - /F2 15 0 R - /F3 16 0 R - /F4 12 0 R - /F5 14 0 R - >> -endobj - -18 0 obj -<< /Im3 3 0 R - /Im4 4 0 R - >> -endobj - -19 0 obj -<< - /Font 17 0 R - /XObject 18 0 R - /ProcSet [ /PDF /ImageC /ImageI ] ->> -endobj - -6 0 obj -<< /Type /Pages - /Resources 19 0 R - /MediaBox [ 0 0 595 842 ] - /Kids [ 7 0 R - ] - /Count 1 ->> -endobj - -20 0 obj -<< /Type /Catalog - /Pages 6 0 R ->> -endobj - -21 0 obj -<< /Creator -/Producer -/CreationDate (D:20051007161100+02'00') ->> -endobj - -xref -0 22 -0000000000 65535 f -0000000017 00000 n -0000007073 00000 n -0000007100 00000 n -0000087210 00000 n -0000087184 00000 n -0000101307 00000 n -0000098945 00000 n -0000099052 00000 n -0000099783 00000 n -0000099807 00000 n -0000100047 00000 n -0000100362 00000 n -0000100564 00000 n -0000100678 00000 n -0000100800 00000 n -0000100919 00000 n -0000101045 00000 n -0000101147 00000 n -0000101204 00000 n -0000101444 00000 n -0000101504 00000 n -trailer -<< /Size 22 - /Root 20 0 R - /Info 21 0 R ->> -startxref -101711 -%%EOF diff --git a/cover/cover_de.sxw b/cover/cover_de.sxw deleted file mode 100644 index e5e6ac5..0000000 Binary files a/cover/cover_de.sxw and /dev/null differ diff --git a/cover/cover_en.pdf b/cover/cover_en.pdf deleted file mode 100644 index d5a8ebd..0000000 Binary files a/cover/cover_en.pdf and /dev/null differ diff --git a/cover/cover_en.sxw b/cover/cover_en.sxw deleted file mode 100644 index eed4050..0000000 Binary files a/cover/cover_en.sxw and /dev/null differ diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..8a503fc --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,6 @@ +CryptoBox for Debian - installation notes + +be aware of two things: +1) you need cryptsetup with luks support (for now only in unstable) +2) the debian perl-clearsilver package is broken (at least until April 02006) + diff --git a/doc/README.Debian b/doc/README.Debian deleted file mode 100644 index 72c1a65..0000000 --- a/doc/README.Debian +++ /dev/null @@ -1,18 +0,0 @@ -CryptoBox for Debian - installation notes - -1) additional dependencies -you need the following packages, which are not (yet) part of the main debian distribution: - * cryptsetup_luks - http://luks.endorphin.org/masses - * clearsilver for perl (>=0.9.14) - http://www.clearsilver.net/downloads/ - - -2) cgi-bin -If you do not use thttpd as your webserver, you should add the cgi-bin path to -your script directory. For apache this would be something like the following: -(file /etc/apache???/conf.d/cryptobox) -Alias /cryptobox-misc /var/www/cryptobox-misc -ScriptAlias /cryptobox /usr/lib/cgi-bin/cryptobox.pl - - --- Lars Kruse Sun, 4 Dec 2005 21:05:45 +0100 - diff --git a/etc/cryptobox/revision b/etc/cryptobox/revision deleted file mode 100644 index 31cc7b9..0000000 --- a/etc/cryptobox/revision +++ /dev/null @@ -1 +0,0 @@ -$Revision$ diff --git a/etc/cryptobox/ssl-cert.conf b/etc/cryptobox/ssl-cert.conf deleted file mode 100644 index a1a1a63..0000000 --- a/etc/cryptobox/ssl-cert.conf +++ /dev/null @@ -1,65 +0,0 @@ -# -# OpenSSL configuration file. -# - -# Establish working directory. - -dir = . - -[ ca ] -default_ca = CA_default - -[ CA_default ] -default_days = 3650 -default_md = md5 -policy = policy_match -#serial = $dir/serial -#database = $dir/index.txt -#new_certs_dir = $dir/newcert -#certificate = $dir/cacert.pem -#private_key = $dir/private/cakey.pem -#preserve = no -#email_in_dn = no -#nameopt = default_ca -#certopt = default_ca - -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = match -commonName = supplied -emailAddress = optional - -[ req ] -default_bits = 1024 # Size of keys -default_keyfile = stunnel.pem # name of generated keys -default_md = md5 # message digest algorithm -distinguished_name = req_distinguished_name - -[ req_distinguished_name ] -# Variable name Prompt string -#---------------------- ---------------------------------- -0.organizationName = Organization Name (company) -organizationalUnitName = Organizational Unit Name (department, division) -emailAddress = Email Address -emailAddress_max = 40 -localityName = Locality Name (city, district) -stateOrProvinceName = State or Province Name (full name) -#countryName = Country Name (2 letter code) -#countryName_min = 2 -#countryName_max = 2 -#commonName = Common Name (hostname, IP, or your name) -#commonName_max = 64 - -# Default values for the above, for consistency and less typing. -# Variable name Value -#------------------------------ ------------------------------ -0.organizationName_default = CryptoBox -organizationalUnitName_default = s.l. -localityName_default = Kugelmugel -stateOrProvinceName_default = Metropolis -emailAddress_default = info@systemausfall.org - - - diff --git a/etc/init.d/cryptobox b/etc/init.d/cryptobox deleted file mode 100755 index 9e6c35c..0000000 --- a/etc/init.d/cryptobox +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/sh -set -eu -# -# we give some hints for users, sitting in front of the cryptobox waiting for a login prompt -# - -# check if the cryptobox is installed -[ -e "/usr/lib/cryptobox/cbox-manage.sh" ] || exit 0 - -# read the default setting file, if it exists -[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox - -# startup switch defaults to zero (enabled) -NO_START=${NO_START:-0} -# check startup switch -if [ "$NO_START" = "1" ] - then [ $# -eq 0 ] && exit 0 - [ "$1" = "status" ] && exit 1 - [ "$1" = "stop" ] && exit 0 - echo "CryptoBox is disabled by default" - exit 0 - fi - -# stop-on-errors -set -eu - -# set CONF_FILE to default value, if not configured in /etc/default/cryptobox -CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} - -# parse config file -if [ -e "$CONF_FILE" ] - then . "$CONF_FILE" - else echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2 - exit 1 - fi - -case "$1" in - start ) - # stop if already running - "$0" status && "$0" stop - # initialize - "$CB_SCRIPT" config-up - "$CB_SCRIPT" network-up - "$CB_SCRIPT" services-up - # check if we are on a developers CryptoBox - # if not give some usage hints - # otherwise give a warning and start the devel features - if [ ! -e "$DEV_FEATURES_SCRIPT" ]; then - echo - echo "How to use the CryptoBox:" - echo " * point a webbrowser from another computer to 'http://$(/usr/lib/cryptobox/cbox-manage.sh get_current_ip)/cryptobox'" - echo " * configure your CryptoBox via a webbrowser" - echo - else - echo - echo "+---------------------------------------------------------------+" - echo "| WARNING: Some CryptoBox development features are enabled |" - echo "| This should definitely NOT happen for a production CD. |" - echo "| as it offers no security at all. |" - echo "| If you don't plan to refine this CD, don't use it! |" - echo "+---------------------------------------------------------------+" - echo - "$DEV_FEATURES_SCRIPT" "$@" - fi - true - ;; - stop ) - # exit if not running - "$0" status || exit 0 - # shut down - "$CB_SCRIPT" services-down - "$CB_SCRIPT" network-down - "$CB_SCRIPT" config-down - ;; - restart | reload | force-reload ) - $0 stop - $0 start - ;; - status ) - if "$CB_SCRIPT" is_config_mounted - then exit 0 - else exit 1 - fi - ;; - * ) - echo "Syntax: $0 { start | stop | restart | reload | force-reload | status }" - ;; - esac - diff --git a/etc/cron.d/cryptobox b/stuff/cron-cryptobox similarity index 100% rename from etc/cron.d/cryptobox rename to stuff/cron-cryptobox