gentoo resync : 22.12.2021

author: V3n3RiX <venerix@koprulu.sector> 2021-12-22 14:08:05 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2021-12-22 14:08:05 +0000
commit: 93a93e9a3b53c1a73142a305ea1f8136846942ee (patch)
tree: b9791a06ab3284e27b568412c59316c66240c682 /app-containers/lxc
parent: 2771f79232c273bc2a57d23bf335dd81ccf6af28 (diff)
8 files changed, 425 insertions, 0 deletions
diff --git a/app-containers/lxc/Manifest b/app-containers/lxc/Manifest
new file mode 100644
index 000000000000..1a65339a6138
--- /dev/null
+++ b/app-containers/lxc/Manifest
@@ -0,0 +1,9 @@
+AUX lxc-2.0.5-omit-sysconfig.patch 259 BLAKE2B 977e151fbb8c9d98e89aaa5ee0426e64ab4286b4440af1582086a0ced8c6568efb470ccf68786da6ea52c82d1f4e81feac45bec411febc04fc31d108f05ccde2 SHA512 0aed9aca687accc6df79e97f48ab333043256e8ae68c8643f2b2452cc8013191238867d64ec71f7d399c59a43d3ba698b35d965090c5cb149b4f41302432e6e7
+AUX lxc-4.0.11_p1-liburing-sync1.patch 972 BLAKE2B 0384058169c0b601d4f3f86ebd368c35af86d5975c89972b7e78212e8b76525ea28065e81537d3dff09c270e556596465bdadf3808cda9b9ce5755d5a930193a SHA512 56806b85094f488815da3fcde33089dbfac59b62491b5ea11fbdb50b7fd585aee0458ec70a60b843074e8d0f6be12a3bbf4fc20a5d6756b893e61fa87187e9e7
+AUX lxc-4.0.11_p1-liburing-sync2.patch 923 BLAKE2B a366d3717730943b315fe7eb8a9f5e65e03634d7093b4406c1f1e2f64265fe55b407bea3849d3b098b5e92ad6d971cc42f545fbc01fcde48b57fd60c0b0e2940 SHA512 70a6d23309bfd1a38ced46eaad2b28ceac6f2a48e40f5b0bf5287334b4a9867a8d2d7bdf551127445cb6b8e92e46b8ed10fb1484a0117f5f98739a21c49b8451
+AUX lxc.initd.8 3669 BLAKE2B 50d41e0923ba26b9653ca3b5b559dd0905e61ec81969e709650fe7f1b26a4dcdc17158b7e449d666e2103047d9f196e53df8beca15fffd529fa8e743de97bd82 SHA512 1182b53a65399746f6d6bced0df5c1fde09c1ede4a28bfe95b5ed0bbd969d6f6423f63021d4b6f1dc62c7b2703f6963c03d881291650bdf21cfcf8432586c1b4
+AUX lxc_at.service.4.0.0 284 BLAKE2B 1adc76b9861f2499b7b703f7076782a258f9b21a3d1e32b69334f753faca9ecd8c6fb2a03baf04698e765f079e73ee683434d8c7c6d3b3082427a6af74ab33b1 SHA512 4c2f9846ca60bb78df7e652309900c0e788b45d569f268a9e5b98842518542b35fce253e2aedeb0eded3d37274390988ef887b01d1d37859ccddf6225286b4bb
+DIST lxc-4.0.11.tar.gz 1543031 BLAKE2B 0309bbb96938e60e4cbe145fa0cc3c0a85d9154282a889d74167128b6166a280bb4d53df266990a529a98935ef2c12e8d2214e9a8f6cb293d47aa5808ebad82f SHA512 23287e468da8939334f4261bfcbb52eadcbe5806bd97896db38c84eb42f32143dc17bb8b9bb7f7f88584b72056553c9edc33ddb693a345ecf88f3177573fa9c0
+DIST lxc-4.0.11.tar.gz.asc 833 BLAKE2B 68804d1d5ad09e388541b3a95a98ca14202c513ea3544a7389a49f4e13ecffc17715bb023675134fd99047c727cffe09cbd0a89883054b82650ebd23366823a7 SHA512 49a54aaf018772db40e1dadc0a10e7d727a2b14b34c0a3c704fd3f7a12e60082abf4628cc0a489ee620ef2210c7542abbdb6d1432e4297ceef52cdd6b158a5f8
+EBUILD lxc-4.0.11_p1-r1.ebuild 5322 BLAKE2B 0f2a826ddd0f184a424f3992fa591cb754e9e391ec1b2217656ef322b31da0b257e77db4017ecca76c4c094c8acb3503cbf25f9c13c9773157a66d4476e5c5e8 SHA512 e704e03c6ba3e027db63b985a730af1f55af64fe30ffd9f024b3bd66ea828de99fe5c85d081b9f74f26a5a0e93a3a3f403a00c552a1ccdf7cf221859838c11fc
+MISC metadata.xml 713 BLAKE2B 982d13dbe2adffcdb473804981effa8eabc89ca95dc2f39ae6ebdbdce0f786311333c8f9cbfe2105faf55dcbaf7a63a09b46e6b7c7987ba629f5e87de24a348c SHA512 4c9d018afe1967708c18747f504b98487f110b6a021cd97c94693fa4b39d892b148ad19ae64399396b34502ed6f598d7515418b69d0b22031776366a9f172f3b
diff --git a/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch b/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch
new file mode 100644
index 000000000000..3ec81356499e
--- /dev/null
+++ b/app-containers/lxc/files/lxc-2.0.5-omit-sysconfig.patch
@@ -0,0 +1,5 @@
+--- /config/Makefile.am.orig	2016-05-19 02:56:11.891113982 +0000
++++ /config/Makefile.am	2016-05-19 02:56:32.596115476 +0000
+@@ -1 +1 @@
+-SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
++SUBDIRS = apparmor bash etc init selinux templates yum
diff --git a/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch
new file mode 100644
index 000000000000..cd497a755523
--- /dev/null
+++ b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync1.patch
@@ -0,0 +1,29 @@
+From aac3f106ff012e1d6835b20c250dcf09c364530c Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 28 Oct 2021 17:39:11 +0200
+Subject: [PATCH] mainloop: make sure that descr->ring is allocated
+
+This is future proofing more than anything else.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/mainloop.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/mainloop.c b/src/lxc/mainloop.c
+index 7c8f5d86af..17a4d55293 100644
+--- a/src/lxc/mainloop.c
++++ b/src/lxc/mainloop.c
+@@ -515,8 +515,10 @@ void lxc_mainloop_close(struct lxc_async_descr *descr)
+ 
+ 	if (descr->type == LXC_MAINLOOP_IO_URING) {
+ #if HAVE_LIBURING
+-		io_uring_queue_exit(descr->ring);
+-		munmap(descr->ring, sizeof(struct io_uring));
++		if (descr->ring) {
++			io_uring_queue_exit(descr->ring);
++			munmap(descr->ring, sizeof(struct io_uring));
++		}
+ #else
+ 		ERROR("Unsupported io_uring mainloop");
+ #endif
diff --git a/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch
new file mode 100644
index 000000000000..33b8554193d3
--- /dev/null
+++ b/app-containers/lxc/files/lxc-4.0.11_p1-liburing-sync2.patch
@@ -0,0 +1,28 @@
+From a585382b972c25ee8489147d94918d001ef439a7 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 28 Oct 2021 17:39:42 +0200
+Subject: [PATCH] start: check event loop type before closing fd
+
+Since this is a union we might otherwise stomp on io_uring mmap()ed
+memory.
+
+Fixes: #4016
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/start.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 8f7173ec8c..1a6046c7a4 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -629,7 +629,8 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
+ 	TRACE("Mainloop is ready");
+ 
+ 	ret = lxc_mainloop(&descr, -1);
+-	close_prot_errno_disarm(descr.epfd);
++	if (descr.type == LXC_MAINLOOP_EPOLL)
++		close_prot_errno_disarm(descr.epfd);
+ 	if (ret < 0 || !handler->init_died)
+ 		goto out_mainloop_console;
+ 
diff --git a/app-containers/lxc/files/lxc.initd.8 b/app-containers/lxc/files/lxc.initd.8
new file mode 100644
index 000000000000..727f6d504fb3
--- /dev/null
+++ b/app-containers/lxc/files/lxc.initd.8
@@ -0,0 +1,131 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+CONTAINER=${SVCNAME#*.}
+
+LXC_PATH=`lxc-config lxc.lxcpath`
+
+lxc_get_configfile() {
+	if [ -f "${LXC_PATH}/${CONTAINER}.conf" ]; then
+		echo "${LXC_PATH}/${CONTAINER}.conf"
+	elif [ -f "${LXC_PATH}/${CONTAINER}/config" ]; then
+		echo "${LXC_PATH}/${CONTAINER}/config"
+	else
+		eerror "Unable to find a suitable configuration file."
+		eerror "If you set up the container in a non-standard"
+		eerror "location, please set the CONFIGFILE variable."
+		return 1
+	fi
+}
+
+[ $CONTAINER != $SVCNAME ] && CONFIGFILE=${CONFIGFILE:-$(lxc_get_configfile)}
+
+lxc_get_var() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*" } $1 == "'$1'" { print $2; exit }' ${CONFIGFILE}
+}
+
+lxc_get_net_link_type() {
+	awk 'BEGIN { FS="[ \t]*=[ \t]*"; _link=""; _type="" }
+		$1 == "lxc.network.type" {_type=$2;}
+		$1 == "lxc.network.link" {_link=$2;}
+		match($1, /lxc\.net\.[[:digit:]]+\.type/) {_type=$2;}
+		match($1, /lxc\.net\.[[:digit:]]+\.link/) {_link=$2;}
+		{if(_link != "" && _type != ""){
+			printf("%s:%s\n", _link, _type );
+			_link=""; _type="";
+		}; }' <${CONFIGFILE}
+}
+
+checkconfig() {
+	if [ ${CONTAINER} = ${SVCNAME} ]; then
+		eerror "You have to create an init script for each container:"
+		eerror " ln -s lxc /etc/init.d/lxc.container"
+		return 1
+	fi
+
+	# no need to output anything, the function takes care of that.
+	[ -z "${CONFIGFILE}" ] && return 1
+
+	utsname=$(lxc_get_var lxc.uts.name)
+	if [ -z "$utsname" ] ; then
+		utsname=$(lxc_get_var lxc.utsname)
+	fi
+
+	if [ "${CONTAINER}" != "${utsname}" ]; then
+	    eerror "You should use the same name for the service and the"
+	    eerror "container. Right now the container is called ${utsname}"
+	    return 1
+	fi
+}
+
+depend() {
+	# be quiet, since we have to run depend() also for the
+	# non-muxed init script, unfortunately.
+	checkconfig 2>/dev/null || return 0
+
+	config ${CONFIGFILE}
+	need localmount
+	use lxcfs
+
+	local _x _if
+	for _x in $(lxc_get_net_link_type); do
+		_if=${_x%:*}
+		case "${_x##*:}" in
+			# when the network type is set to phys, we can make use of a
+			# network service (for instance to set it up before we disable
+			# the net_admin capability), but we might also  not set it up
+			# at all on the host and leave the net_admin capable service
+			# to take care of it.
+			phys)	use net.${_if} ;;
+			*)	need net.${_if} ;;
+		esac
+	done
+}
+
+start() {
+	checkconfig || return 1
+	rm -f /var/log/lxc/${CONTAINER}.log
+
+	rootpath=$(lxc_get_var lxc.rootfs)
+
+	# Check the format of our init and the chroot's init, to see
+	# if we have to use linux32 or linux64; always use setarch
+	# when required, as that makes it easier to deal with
+	# x32-based containers.
+	case $(scanelf -BF '%a#f' ${rootpath}/sbin/init) in
+		EM_X86_64)	setarch=linux64;;
+		EM_386)		setarch=linux32;;
+	esac
+
+	ebegin "Starting LXC container ${CONTAINER}"
+	env -i ${setarch} $(which lxc-start) -n ${CONTAINER} -f ${CONFIGFILE} -d -o /var/log/lxc/${CONTAINER}.log
+	sleep 1
+
+	# lxc-start -d will _always_ report a correct startup, even if it
+	# failed, so rather than trust that, check that the cgroup exists.
+	# fix for LXC 3.1	
+
+	STATE="$(lxc-info -s -H ${CONTAINER})"
+	[ "$STATE" = "RUNNING" ]
+	
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+	STATE="$(lxc-info -s -H ${CONTAINER})"
+	
+	if ! [ "$STATE" = "RUNNING" ]; then
+	    ewarn "${CONTAINER} doesn't seem to be started."
+	    return 0
+	fi
+
+	# 30s should be enough to shut everything down
+	# lxc-stop will return back anyway as soon as successful shutdown
+	# after 30s, lxc-stop sends SIGKILL (dirty shotdown)
+	ebegin "Stopping LXC container ${CONTAINER}"
+	lxc-stop -t 30 -n ${CONTAINER}
+	eend $?
+}
diff --git a/app-containers/lxc/files/lxc_at.service.4.0.0 b/app-containers/lxc/files/lxc_at.service.4.0.0
new file mode 100644
index 000000000000..b354bc53e080
--- /dev/null
+++ b/app-containers/lxc/files/lxc_at.service.4.0.0
@@ -0,0 +1,15 @@
+[Unit]
+Description=Linux Container %i
+After=network.target
+Wants=lxcfs.service
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/lxc-start -d -n %i -p /run/lxc-%i.pid
+PIDFile=/run/lxc-%i.pid
+ExecStop=/usr/bin/lxc-stop -n %i
+Delegate=true
+TasksMax=32768
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-containers/lxc/lxc-4.0.11_p1-r1.ebuild b/app-containers/lxc/lxc-4.0.11_p1-r1.ebuild
new file mode 100644
index 000000000000..4e14a39d94fa
--- /dev/null
+++ b/app-containers/lxc/lxc-4.0.11_p1-r1.ebuild
@@ -0,0 +1,188 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools bash-completion-r1 linux-info flag-o-matic optfeature pam readme.gentoo-r1 systemd verify-sig
+
+DESCRIPTION="A userspace interface for the Linux kernel containment features"
+HOMEPAGE="https://linuxcontainers.org/ https://github.com/lxc/lxc"
+SRC_URI="https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz
+	verify-sig? ( https://linuxcontainers.org/downloads/lxc/${P/_p1}.tar.gz.asc )"
+
+KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~riscv x86"
+
+LICENSE="GPL-2 LGPL-2.1 LGPL-3"
+SLOT="0"
+IUSE="apparmor +caps doc io-uring man pam seccomp selinux +ssl +tools verify-sig"
+
+RDEPEND="acct-group/lxc
+	acct-user/lxc
+	app-misc/pax-utils
+	sys-apps/util-linux
+	sys-libs/libcap
+	virtual/awk
+	caps? ( sys-libs/libcap )
+	io-uring? ( >=sys-libs/liburing-2:= )
+	pam? ( sys-libs/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )
+	ssl? (
+		dev-libs/openssl:0=
+	)"
+DEPEND="${RDEPEND}
+	>=sys-kernel/linux-headers-4
+	apparmor? ( sys-apps/apparmor )"
+BDEPEND="virtual/pkgconfig
+	doc? ( app-doc/doxygen[dot] )
+	man? ( app-text/docbook-sgml-utils )
+	verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )"
+
+CONFIG_CHECK="~!NETPRIO_CGROUP
+	~CGROUPS
+	~CGROUP_CPUACCT
+	~CGROUP_DEVICE
+	~CGROUP_FREEZER
+
+	~CGROUP_SCHED
+	~CPUSETS
+	~IPC_NS
+	~MACVLAN
+
+	~MEMCG
+	~NAMESPACES
+	~NET_NS
+	~PID_NS
+
+	~POSIX_MQUEUE
+	~USER_NS
+	~UTS_NS
+	~VETH"
+
+ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER: needed to freeze containers"
+ERROR_MACVLAN="CONFIG_MACVLAN: needed for internal (inter-container) networking"
+ERROR_MEMCG="CONFIG_MEMCG: needed for memory resource control in containers"
+ERROR_NET_NS="CONFIG_NET_NS: needed for unshared network"
+ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE: needed for lxc-execute command"
+ERROR_UTS_NS="CONFIG_UTS_NS: needed to unshare hostnames and uname info"
+ERROR_VETH="CONFIG_VETH: needed for internal (host-to-container) networking"
+
+DOCS=( AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt )
+
+pkg_setup() {
+	linux-info_pkg_setup
+}
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch # bug 558854
+	"${FILESDIR}"/${P}-liburing-sync1.patch #820545
+	"${FILESDIR}"/${P}-liburing-sync2.patch #820545
+)
+
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc
+
+S="${WORKDIR}/${PN}-${PV/_p1}"
+
+src_prepare() {
+	default
+
+	export bashcompdir="/etc/bash_completion.d"
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fno-strict-aliasing
+
+	local myeconfargs=(
+		--bindir=/usr/bin
+		--localstatedir=/var
+		--sbindir=/usr/bin
+
+		--with-config-path=/var/lib/lxc
+		--with-distro=gentoo
+		--with-init-script=systemd
+		--with-rootfs-path=/var/lib/lxc/rootfs
+		--with-runtime-path=/run
+		--with-systemdsystemunitdir=$(systemd_get_systemunitdir)
+
+		--disable-coverity-build
+		--disable-dlog
+		--disable-fuzzers
+		--disable-mutex-debugging
+		--disable-no-undefined
+		--disable-rpath
+		--disable-sanitizers
+		--disable-tests
+		--disable-werror
+
+		--enable-bash
+		--enable-commands
+		--enable-memfd-rexec
+		--enable-thread-safety
+
+		$(use_enable apparmor)
+		$(use_enable caps capabilities)
+		$(use_enable doc api-docs)
+		$(use_enable doc examples)
+		$(use_enable io-uring liburing)
+		$(use_enable man doc)
+		$(use_enable pam)
+		$(use_enable seccomp)
+		$(use_enable selinux)
+		$(use_enable ssl openssl)
+		$(use_enable tools)
+
+		$(use_with pam pamdir $(getpam_mod_dir))
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	# The main bash-completion file will collide with lxd, need to relocate and update symlinks.
+	mkdir -p "${ED}"/$(get_bashcompdir) || die "Failed to create bashcompdir."
+	mv "${ED}"/etc/bash_completion.d/lxc "${ED}"/$(get_bashcompdir)/lxc-start || die "Failed to relocate lxc bash-completion file."
+	rm -r "${ED}"/etc/bash_completion.d || die "Failed to remove wrong bash_completion.d content."
+
+	if use tools; then
+		bashcomp_alias lxc-start lxc-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,usernsexec,wait}
+	else
+		bashcomp_alias lxc-start lxc-usernsexec
+	fi
+
+	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
+	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
+
+	find "${D}" -name '*.la' -delete -o -name '*.a' -delete || die
+
+	# Gentoo-specific additions!
+	newinitd "${FILESDIR}/lxc.initd.8" lxc
+
+	# Remember to compare our systemd unit file with the upstream one
+	# config/init/systemd/lxc.service.in
+	systemd_newunit "${FILESDIR}"/lxc_at.service.4.0.0 "lxc@.service"
+
+	DOC_CONTENTS="
+		For openrc, there is an init script provided with the package.
+		You should only need to symlink /etc/init.d/lxc to
+		/etc/init.d/lxc.configname to start the container defined in
+		/etc/lxc/configname.conf.
+
+		Correspondingly, for systemd a service file lxc@.service is installed.
+		Enable and start lxc@configname in order to start the container defined
+		in /etc/lxc/configname.conf."
+	DISABLE_AUTOFORMATTING=true
+	readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+
+	elog "Please run 'lxc-checkconfig' to see optional kernel features."
+	elog
+	optfeature "automatic template scripts" app-containers/lxc-templates
+	optfeature "Debian-based distribution container image support" dev-util/debootstrap
+	optfeature "snapshot & restore functionality" sys-process/criu
+}
diff --git a/app-containers/lxc/metadata.xml b/app-containers/lxc/metadata.xml
new file mode 100644
index 000000000000..8c08b596f2e4
--- /dev/null
+++ b/app-containers/lxc/metadata.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="person">
+    <email>juippis@gentoo.org</email>
+    <name>Joonas Niilola</name>
+  </maintainer>
+  <maintainer type="project">
+    <email>virtualization@gentoo.org</email>
+    <name>Gentoo Virtualization Project</name>
+  </maintainer>
+  <use>
+    <flag name="apparmor">Enable AppArmor support</flag>
+    <flag name="io-uring">Enable io_uring support, and use io_uring instead of epoll</flag>
+    <flag name="tools">Build and install additional command line tools</flag>
+  </use>
+  <upstream>
+    <remote-id type="github">lxc/lxc</remote-id>
+  </upstream>
+</pkgmetadata>
author	V3n3RiX <venerix@koprulu.sector>	2021-12-22 14:08:05 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2021-12-22 14:08:05 +0000
commit	93a93e9a3b53c1a73142a305ea1f8136846942ee (patch)
tree	b9791a06ab3284e27b568412c59316c66240c682 /app-containers/lxc
parent	2771f79232c273bc2a57d23bf335dd81ccf6af28 (diff)