Tags give the ability to mark specific points in history as being important
-
-
v2020.4
901747f9 · ·Release 2020.4 By far the biggest change in this release is new ed25519 signing support, powered by libsodium. See: https://github.com/ostreedev/ostree/issues/1233 `ostree commit` [gained a new `--base` argument](https://github.com/ostreedev/ostree/pull/2059/commits/329a82c57e954392a2b33e60bcb8163892064205), which significantly simplifies constructing "derived" commits, particularly for systems using SELinux. Handling of the [read-only sysroot was reimplemented](https://github.com/ostreedev/ostree/pull/2113/commits/35642259175973617da937f3cab6ce5f13c95077) to run in the initramfs and be more reliable. Enabling the `readonly=true` flag in the repo config is recommended. Several bugs were fixed in locking for the temporary "staging" directories OSTree creates, particularly on NFS. [lib: Coerce flags enums to GIR bitfields](https://github.com/ostreedev/ostree/pull/2089/commits/dc69f56de6dab66f7bb4fe66aa203e84efa9676c) changed some values to be (correctly) flags - this may show up as incompatible for GObject Introspection consumers (but not C). A new [timestamp-check-from-rev](https://github.com/ostreedev/ostree/pull/2099/commits/c8efce06564b7adef83994dddb41cd61a030207d) option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS. Several fixes and enhancements were [made for "collection" pulls](https://github.com/ostreedev/ostree/pull/1973/commits) including a new `--mirror` option. The `ostree commit` command learned a new [`--mode-ro-executables`](https://github.com/ostreedev/ostree/pull/2091) which enforces [W^R](https://en.wikipedia.org/wiki/W%5EX) semantics on all executables. A new commit metadata key ([`OSTREE_COMMIT_META_KEY_ARCHITECTURE`](https://github.com/ostreedev/ostree/pull/2121)) was added to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying. Some [new tests are being written in Rust](https://github.com/ostreedev/ostree/pull/2048/commits/1f637bf34103746ab07f359d5488224134a16a08), and ostree now itself uses the Rust ostree bindings for tests; work on this is ongoing. The `pull` command learned a new `--per-object-fsync` which restores the original libostree behaviour of `fsync`ing each object as they are written. This makes the overall operation take much longer, but exhibits an I/O latency profile friendlier to neighbouring processes (such as databases) that also invoke `fsync`. This will be used in OpenShift for example, where etcd latency is crucial. There's a lot in the pipeline, including better handling of the `/boot = /` case, static delta inline signatures, more CI work, etc. ``` AJ Jordan (1): Fix typo Colin Walters (62): main/pin: Fix usage of GError tests: Rework tests/installed → tests/kola tests/kola: Two test fixes main/commit: Rework control flow to use --tree=X path tests/pull-repeated: Bump up retries to match max fails repo/commit: Add support for --selinux-policy-from-base build-sys: Print libsodium status at end of configure sign-ed25519: Convert some functions to new style sign-dummy: Convert to current code style signing: Remove g_debug(__FUNCTION__) lib: Add error prefixing for sysroot load and repo open sysroot: Reorganize sysroot load code a bit lib: Squash two gtk-doc warnings tests/pull-sizes: Disable xattrs everywhere pull: Update key loading function to match error style commit: Add --base argument OWNERS: add d4s to reviewers Only enable "dummy" signature type with opt-in env variable lib/pull: Two cosmetic internal function renames Change signature opts to include type, cleanup error handling ci: Build minimal without libsodium too Use `sign-ed25519` for the feature name travis: Add some libsodium coverage lib: Move internal binding verification API to repo.c lib: Move pull struct definition into repo-pull-private.h lib: Move gpg/signapi bits into ostree-repo-pull-verify.c deploy: Add --no-merge finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc tests/staged-deploy: Cleanup initial state signing: Add #define OSTREE_SIGN_NAME_ED25519 commit: Add --mode-ro-executables option ostree-prepare-root: Requires=sysroot.mount remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF signing: Change API to create instances directly tests/staged-delay.sh: New test pull: Further cleanup signapi verification finalize: Add RequiresMountsFor=/boot too ci: Install kola tests pull: Only have API to disable signapi for local pulls ci: Test for clock skew admin-test: Show err.txt on unexpected failure pull: Add support for sign-verify=<list> Move ro /sysroot bind mount of /etc into initramfs tests/kola: Move to tests/kolainst Add new Rust-based tests remote-add: Default to explicit sign-verify backends pull: Add error prefixing with specific object when parsing bupsplit: rustfmt(*) tests/rust: Extract a with_webserver_in helper wrapper commit: Note in help that --base takes an argument core: Add OSTREE_COMMIT_META_KEY_ARCHITECTURE tests: Add a pre-signed-pull.sh test sign/ed25519: Output failed signatures in error message signapi: Change API to also return a success message libostree-devel.sym: Remove nonexistent stub symbol core: Add documentation for ostree_commit_get_timestamp() sysroot: Remove unimplemented ostree_sysroot_lock_with_mount_namespace tests: Port to Debian autopkgtest reboot API tests: Add needs-internet tag for webserver bits pull: Also append bytes written pull: Add --per-object-fsync Release 2020.4 Dan Nicholson (1): lib: Coerce flags enums to GIR bitfields Denis Pynkin (80): Add libsodium dependency lib/sign: initial implementation sign: add new builtin for signing sign: allow to sign commits from CLI lib/sign: enable verification for pulling tests: add test for commits sign/verification sign: API changes for public keys and CLI keys format builtin/sign: allow to provide the file with public keys tests/sign: check public keys load from file builtin/sign: remove libsodium-specific code sign: fix unneeded objects creation sign: fix error return for dummy module builtin/sign: remove libsodium dependency sign: fixes for ed25519 for loading public keys from files sign: check signatures for pulled commits tests/sign: add initial test for pulling lib/sign: disable mandatory signature check lib/sign: add support of file with valid keys for remote lib/sign: read ed25519 public keys from well known places builtin/sign: allow to sign with keys from secret file tests/gpg: skip test in JS if GPG is not supported sign: fix memory leaks and code cleanup builtin/sign: allow to use multiple public keys for verification lib/sign-ed25519: cleanup unneeded code lib/sign: public API optimisation lib/sign: allow to add keys as base64 string for ed25519 sign: use common function for loading public keys during pulling lib/sign: minor optimisation for ed25519 lib/sign: add ostree_seign_clear_keys function lib/sign: add revoking mechanism for ed25519 keys builtin/sign: add option 'keys-dir' tests/sign: check system-wide config and revoked keys man: document `ostree sign` bash-completion: add completion for `ostree sign` apidoc: add API documentation for signing interface man: document commit signing bin/pull-local: add --sign-verify tests/libtest: add functions for ed25519 tests tests/sign: use library functions for ed25519 keys tests/local-pull: test "--sign-verify" option bin/remote-add: added "--no-sign-verify" option tests: use option "--no-sign-verify" for adding remote tests/sign: disable GPG for alternatively signed pull lib/sign: allow to build with glib version less than 2.44 lib/sign: use separate public and secret keys for 'dummy' tests/sign: add verification key for pulling with dummy lib/sign: fix the false failure while loading keys tests/sign: allow to start pull test without libsodium lib/sign: new function for summary file signing bin/summary: add signing with alternative mechanism lib/repo-pull: verify signature on summary pull tests/sign: new test for summary file verification man: add signature options for ostree summary gpg: do not fail GPG-related configuration get for remote lib/repo-pull: change sign supporting functions lib/repo-pull: set default for sign-verify-summary lib/repo-pull: add signature check while fetching summary bin/pull-local: add --sign-verify-summary lib/sign: make dummy engine non-public lib/sign: make ed25519 engine non-public lib/sign: better error handling of ed25519 initialization lib/repo-pull: return error from signing engine lib/repo-pull: return errors from signature engines tests/sign: added check with file and single key on pull sign-ed25519: Convert functions to new style sign-dummy: optimize ostree_sign_dummy_data_verify lib/sign: convert ostree_sign_summary to new style tests/sign: check pull failure with invalid remote options lib/sign: return false for non-implemented functions sign-pull: improve error handling ostree-repo: improve error handling lib/repo-pull: fix GPG check while pulling remote Add ci_pkgs to travis-install.sh Fix the lost line separator Add the same config options for distcheck tests/signed-commit: fix the test of well-known places sign: rename option for enabling ed25519 signapi: expose metadata format and key sign/ed25519: fix the abort in case of incorrect public key sign/ed25519: fix return value if no correct keys in file Felix Krull (1): lib: fix typo in function docs Frédéric Danis (1): lib/deltas: convert ostree_repo_static_delta_generate to new style Javier Martinez Canillas (1): grub2: Don't add menu entries if GRUB supports parsing BLS snippets Jonathan Lebon (17): Post-release version bump bin/diff: Clarify documentation around REV and DIR syntax lib/pull: Don't leave commits pulled by depth as partial ci: Adapt to use new fcosKola semantics lib/commit: Add more error prefixing lib: Rename function for staging dir check lib/commit: Check that dirent is a directory before cleaning lib/pull: Add `timestamp-check-from-rev` lib/upgrader: Pull with `timestamp-check-from-rev` tests/admin-test: Ensure that commits are 1s apart switchroot/remount: Neuter sysroot.readonly for now tests/admin-test: Fix --allow-downgrade check libglnx: Bump to latest ci: Import latest ci-commitmessage-submodules from rpm-ostree ci: Remove libpaprci/ directory lib/repo: Handle EACCES for POSIX locking ci: Constrain parallel build jobs Matthew Leeds (4): lib/fetcher-util: retry download on G_IO_ERROR_PARTIAL_INPUT find-remotes: Add a --mirror option Don't copy summary for collection-ref mirror subset pulls tests: Check that example symbol isn't released NEPO (1): README.md: Fix link to CONTRIBUTING.md Stefan Agner (7): docs: clarify archive repo type docs: extend object type documentation docs: extend repository types deploy: support devicetree directory man/checkout: fix short name option of --user-mode checkout: use FILE as option argument string for --skip-list man/checkout: document missing options William Manley (1): OWNERS: Uncomment @wmanley ``` Git-EVTag-v0-SHA512: b65a23ebc1de1b33d886657720c84cffdf9a67e4a154e732693a986a8b2f781c36574e509acf329b835354116bcdabde55a96084f06e5abcb77f6e02e09779f4 -
debian/2020.3-1_bpo10+1
ee24ddb2 · ·ostree release 2020.3-1~bpo10+1 for buster-backports (buster-backports) (maintainer view tag generated by dgit --quilt=unapplied) [dgit distro=debian split --quilt=unapplied]
-
debian/2020.3-1
7eadc0e8 · ·ostree release 2020.3-1 for unstable (sid) (maintainer view tag generated by dgit --quilt=unapplied) [dgit distro=debian split --quilt=unapplied]
-
-
v2020.3
6ed48234 · ·Release 2020.3 A quick followup to 2020.2, which introduced support for [read-only sysroot][1] ended up breaking some of the Fedora CoreOS tests in [coreos-assembler][2] which in turn holds back ostree going into FCOS: https://github.com/coreos/fedora-coreos-tracker/issues/343 Now we've closed that gap and are running more of those tests as part of our [new CI][3]. [1] https://github.com/ostreedev/ostree/pull/1767/commits/5af403be0cc64df50ad21cef05f3268ead256d6d [2] https://github.com/coreos/fedora-coreos-tracker/issues/343 [3] https://github.com/coreos/fedora-coreos-tracker/issues/263 ``` Colin Walters (3): Post-release version bump ci: Test kola --upgrades main: Also automatically remount rw /sysroot for `ostree pull` etc. Jonathan Lebon (3): ci: migrate to new coreos-ci project ci: use `fcosKola` for running kola tests Release 2020.3 ``` Git-EVTag-v0-SHA512: 0032a560965e0dc2e8cd27b4324b54ca5f968a0a1f2ca67f1de7d810ac135595c034f3f5d2f8f68ef38cb0172558d0911583cd57c17cf12b1cba19ebdadf8997 -
-
v2020.2
c6085ebd · ·Release 2020.2 "Brown paper bag" release that actually sets the `is_release_build=yes` flag and also fixes the `Since:` on a few new functions. Git-EVTag-v0-SHA512: 0adf090dcafc39ff06e8269b220e626c32256b599311d2c16758c0ce59e96dbfb9788a759710663c19b515190d1ac5a1dd1b1d46a476d4d11b92fc71ad5c0659
-
v2020.1
04c85fa1 · ·Release 2020.1 There is now support for making the [`/sysroot` mount point read-only to start](https://github.com/ostreedev/ostree/pull/1767), and this is used by Fedora CoreOS today. This protects against a lot of accidental damage, and also generalizes and improves the previous special case handling of having `/boot` read-only. One known issue is that `ostree pull` is broken with this enabled, and this will be fixed. Error-handling around GPG verification has had an overhaul. Specifically, libostree now has more specific error codes to distinguish between different verification failures. This should allow apps to have more fine-grained control over how to respond to errors. Do note that the error messages themselves have changed, and we strongly suggest that anyone relying on a specific error message string to migrate to using the API directly. The original "archive" (split up objects) format didn't make it easy for a client system to know how much data it would be downloading. Later, static deltas were added which addressed this problem, but there are situations in which object fetches still occur. Later then support for optional `sizes` metadata in commit objects was added but was never really stabilized/publicized. There were also some bugs in it. [That is now completed](https://github.com/ostreedev/ostree/pull/1957) - the sizes data is now stable. and new API was added to read it. This release adds [initial fs-verity support](https://github.com/ostreedev/ostree/pull/1959); it doesn't do too much today. Bigger picture it's important to understand that the vision of OSTree is to enable Linux systems that feel like they're "image based" (transactional, versioned updates, no dependency resolution client side), but also to enable things like doing commits on the client side. Today rpm-ostree supports replacing the kernel client side as a first class operation. This is crucially important to make it feel truly like a Linux system that *you own*. See also [this blog](https://blog.verbum.org/2019/12/23/starting-from-open-and-foss/). Having a story for how system integrity works in this model is more complicated, but we (the CoreOS team at RHT) will be continuing work on it. A small tweak was made to have OSTree create repo structure directories and files (such as `objects/` or `.lock`) with group write permissions. This is useful for managing OSTree remote servers from multiple UIDs. For systems with the default umask of `0022`, this should have no effect. We've extensively reworked CI for the upstream repo. In addition to Travis, testing is now done on top of Fedora CoreOS. Not all tests have been carried over, but expect to see more coming. This rework will also allow us to have more comprehensive tests previously not possible. Several fixes were made to the test suite to handle the cases of systemd vs no-systemd, and `systemd` is now advertised in the list of features in `ostree --version` if present. --- ``` $ git shortlog --no-merges v2019.6.. Alex Kiernan (6): test-switchroot.sh: Exclude /proc from file list build: Expose systemd in OSTREE_FEATURES tests: Skip /var test if running with systemd and libmount test-switchroot.sh: Find ostree-prepare-root in installed tests fixup! test-switchroot.sh: Find ostree-prepare-root in installed tests build: fix systemd feature advertisement Cole Robinson (1): docs: Fix 'package layering' rpm-ostree link Colin Walters (8): Post-release version bump finalize-staged: Use the core option parsing to load sysroot Support mounting /sysroot (and /boot) read-only Initial fs-verity support Add .cci.jenkinsfile travis: Update debian/ubuntu environments ci: Replace PAPR with CoreOS CI deploy: Avoid trying to change immutable state unnecessarily Dan Nicholson (26): lib/commit: Only set generate_sizes for archive repos tests/sizes: Improve metadata validation lib/commit: Fix object sizes metadata for multiple commits lib/commit: Make size entries for existing objects tests/sizes: Test sizes metadata with existing objects tests/sizes: Test that sizes metadata is not reused tests/sizes: Check duplicate file doesn't add sizes entry libarchive: Support commit sizes metadata core: Add OstreeCommitSizesEntry type core: Add ostree_commit_get_object_sizes API bin/show: Add --print-sizes option to show sizes metadata tests/core: Really pick C.UTF-8 locale ci/rpmostree: Bump to 2019.4 lib/gpg: Prefer declare-and-initialize style tests/libtest: Record long GPG key IDs and fingerprints tests/libtest: Make temporary gpghome private tests/gpghome: Create revocation certificates for keys tests/gpg-verify-data: Split out signature data tests/gpg-verify-data: Empty out trustdb.gpg tests/test-gpg-verify-result: Allow specifying signature files lib/gpg: Add more specific OstreeGpgError codes tests/gpg: Test ostree_gpg_verify_result_require_valid_signature tests/gpg: Add tests for importing updated remote GPG keys ci/flatpak: Patch GPG error assertions from OSTree ostree/trivial-httpd: Fix --autoexit with --daemonize and --log-file ostree/trivial-httpd: Add log message for autoexit John Hiesey (1): lib/commit: Include object type in sizes metadata Jonathan Lebon (1): lib/repo: Create repo directories as 0775 clime (1): Update ostree-pull.xml with info about pulled refs location and access ``` Git-EVTag-v0-SHA512: b3907c7d53696eee789bf9be60df54385a3146347b78752212745b2f84e0429b5d50f8cb7408b2be483757893e1b65dc1eeb5c8fa1f6446efbe81efbd998e249 -
debian/2019.6-1_bpo10+1
a63a4b46 · ·ostree release 2019.6-1~bpo10+1 for buster-backports (buster-backports) (maintainer view tag generated by dgit --quilt=unapplied) [dgit distro=debian split --quilt=unapplied]
-
debian/2019.6-1
7b9005a0 · ·ostree release 2019.6-1 for unstable (sid) (maintainer view tag generated by dgit --quilt=unapplied) [dgit distro=debian split --quilt=unapplied]
-
-
v2019.6
978bd19f · ·Release 2019.6 Nothing major in this release, but we have some bigger stuff outstanding and ready to merge, so I want to get this release out so that work will have time to stabilize. A few build/CI fixes. A new progress API which will be used by flatpak (and can be used by others). Finally, we also avoid reordering kernel arguments. Thanks to all contributors! ``` git shortlog --no-merges v2019.5.. Alex Kiernan (5): tests/core: Fallback to en_US.UTF-8 locale tests: Handle EPIPE failures when head terminates tests/core: Assume C.UTF-8 if locale isn't found tests: Avoid musl failure with `cp -a` build: create tests directory for split builds Colin Walters (6): Post-release version bump lib/keyfile: Treat "group not found" the same as "key not found" Bump libglnx tests/repo-finder: Run realpath() on /tmp pull: Add support for basic auth Release 2019.6 Philip Chimento (2): Bump version in symbols file libostree: Add ostree_async_progress_copy_state() Ricardo Salveti (1): Makefile: declare ostree_boot_SCRIPTS and append values Robert Fairley (1): lib/kernel-args: Store kernel args as key/value entries Sam Thursfield (1): README.md: Tweak text about BuildStream Stefan Agner (1): Avoid race condition when building outside of source tree ``` Git-EVTag-v0-SHA512: 915ebfe9501a74ca86a3b3aceafad352f4730fb148cc1874f2e49c7076fa1a948049fe9bd96b081502995b56096892a7405f5628f4e2e749bfaed2f35136f42a -
debian/2019.5-1
7d7b1c3d · ·ostree release 2019.5-1 for unstable (sid) (maintainer view tag generated by dgit --quilt=unapplied) [dgit distro=debian split --quilt=unapplied]
-
-
v2019.5
980ca07b · ·Release 2019.5 Mainly in this release: - We discovered that CLang has a static analyzer `scan-build`; it found some small memory leaks so far, otherwise mostly noise, but we haven't dug through all the errors yet. - Gained a new zipl (s390x bootloader) backend - Install the `.hmac` files needed for FIPS mode in `/boot` too This is also the first release where we switched to using the OpenShift Prow as a merge bot, though a lot more CI work is pending. ``` Alex Kiernan (5): Always enable trivial-httpd for tests Gate ostree-trivial-httpd on BUILDOPT_TRIVIAL_HTTPD Revert "Gate ostree-trivial-httpd on BUILDOPT_TRIVIAL_HTTPD" Revert "Always enable trivial-httpd for tests" tests/export: Guard with check for libarchive Colin Walters (25): ci: Honor ARTIFACTS environment variable ci: Make ${ARTIFACTS} directory OWNERS: New file libostree: Add an assert to pacify clang-analyzer repo: [scan-build] Initialize a variable sysroot: [scan-build]: Remove a dead assignment sysroot: [scan-build] Remove a dead assignment repo: [scan-build]: Mark a variable used libotutil: Port keyfile-utils.c to new style ci: Skip all yum operations if SKIP_INSTALLDEPS is set commit: [scan-build] Remove a dead assignment tree-wide: [scan-build]: Add some asserts that pointers are non-NULL prune: [scan-build] Initialize a variable bootloader: Add a zipl bootloader backend ci: Trim PAPR config to drop required flag tree-wide: [scan-build] Fix some dead stores lib/repo: [scan-build] Quiet a dead store warning lib/pull: [scan-build] Silence a dead store warning tests: Port keyfile test to new style lib: Port variant-builder.c to new style tests: [scan-build] Initialize a variable lib/checksum-utils: Use g_memdup() build-sys: Cleanup handling for trivial-httpd-cmdline Revert "grub2: Exit gracefully if the configuration has BLS enabled" Release 2019.5 Dan Nicholson (1): repo: Stop using deprecated G_GNUC_FUNCTION Javier Martinez Canillas (1): grub2: Exit gracefully if the configuration has BLS enabled Jonathan Lebon (6): Post-release version bump configure.ac: Add more details on how to do a release src/libotutil: Fix strv memory leak lib/pull: Avoid calling destroy on unref'ed GSource lib/pull: Tweak update_timeout logic again lib/deploy: Also install HMAC file into /boot Umang Jain (1): async-progress: Plug memory leak while destroying GSource ``` Git-EVTag-v0-SHA512: 395f281ee8286eb6d22c215abc5146e1f27ecba6b120abee045d178150ea2116dd87e0e82b2d9ef4c150dec719716ae0d2583e5a1f9f38cb790fa81f55867e70 -
debian/2019.4-1
c4e555ae · ·ostree release 2019.4-1 for unstable (sid) (maintainer view tag generated by dgit --quilt=unapplied) [dgit distro=debian split --quilt=unapplied]
-
-
v2019.4
9d39e7d9 · ·2019.4 This is mostly a bugfix release. Notably, the 2019.3 release caused some issues related to the gpg-agent code spewing messages on the terminal. Additionally, Fedora 31 users have hit upon issues with `ostree-finalize-staged.service` running too late to be able to write back its logs to the journal. This then confused `rpm-ostree` after reboot, because it looks at the previous boot's journal for this message. The biggest feature-ish change is support for a partial commit "reason" so that after `ostree fsck --delete` was used, subsequent `ostree fsck` will continue to report an error. This should be used by higher level tools that want to do "fsck and repair". It's likely at some point that "fsck and repair" logic will move down into the libostree core as well. There are ongoing efforts to port Fedora CoreOS to s390x: one fix landed here to add the deployment prefix to BLS entries since it's what the `zipl` bootloader expected. Special thanks to first-time contributors Benjamin Gilbert and Jason Wessel! --- ``` Benjamin Gilbert (1 PR, 1 commit) prepare-root: remember to remove /sysroot.tmp (#1919) Colin Walters (4 PRs, 4 commits) Post-release version bump (#1902) sysroot: Add a clearer error if /boot/loader isn't found (#1905) ci: Add prow/ subdirectory with Dockerfile (#1906) fsck: Fix version in docs, tweak error text (#1918) Dan Nicholson (3 PRs, 3 commits) lib/gpg: Only show gpg-connect-agent stderr on failures (#1908) lib/gpg: Don't kill gpg-agent on newer gnupg (#1915) lib/gpg: Use g_spawn_sync to kill gpg-agent (#1917) Jason Wessel (1 PR, 2 commits) PR: #1910 fsck: Add test for --delete corruption, fix repair, and partial commit checks fsck: Implement a partial commit reason bitmask Javier Martinez Canillas (2 PRs, 3 commits) lib/bootconfig-parser: Always include deployment index in BLS title (#1911) PR: #1904 lib/bootconfig-parser: Write BLS fragment fields in a deterministic order lib/bootconfig-parser: Remove support to preserve comments in BLS files Jonathan Lebon (2 PRs, 3 commits) boot/finalize-staged: Run after systemd-journal-flush.service (#1926) Release 2019.4 (#1927) Philip Withnall (1 PR, 1 commit) lib/repo-pull: Add more debugging on pull failure (#1925) ``` Git-EVTag-v0-SHA512: 55b10530b19a813298e0fa1485961182be0002b33cb45effe2f619d91a6a2225be4966774f6c58c15104f32df857ffa48e7b52126020fa075f90610958eb077f