Stories
Slash Boxes
Comments

SoylentNews is people

Log In

Log In

Create Account  |  Retrieve Password

Gift a Subscription
Why Gift

cafebabe (894)

cafebabe
(email not shown publicly)
Log Out
Subscribe
Why Subscribe

Journal of cafebabe (894)

The Fine Print: The following are owned by whoever posted them. We are not responsible for them in any way.
Saturday August 06, 16

LAMP Stack From Source

09:01 PM
Security

A while back, when such matters were important, I wanted to install the Apache Web Server, MySQL Server and Perl on multiple Unix servers. I wanted this to be a repeatable process which would be trivially adapted in the case of upgrades and security fixes. So, I began writing install.sh in the following form:-

#!/bin/sh

tar xfz httpd-1.3.22.tar.gz
cd httpd-1.2.3
./configure
make
make install
cd ..
tar xfz mysql-4.0.15.tar.gz
cd mysql-4.0.15
./configure
make
make install
cd ..

This has quite a few limitations. Firstly, version numbers are hard-coded. Secondly, there is no error checking. (Yes, I know that make handles the latter but let's continue revelling in my ignorance. You'll be surprised how far I can get and what can be incorporated from it.) A slightly smarter implementation is to use shell backticks for the purpose of finding the most recent version number. Oh, and, for portability, we may wish to avoid GNU-specific extensions, such as tar xfz:-

#!/bin/sh

gzcat `ls -d httpd-* | fgrep .tar.gz | tail -1` | tar xf -
(cd `ls -d httpd-* | fgrep -v .tar.gz | tail -1` && ./configure && make && make install)
gzcat `ls -d mysql-* | fgrep .tar.gz | tail -1` | tar xf -
(cd `ls -d mysql-* | fgrep -v .tar.gz | tail -1` && ./configure && make && make install)

This still lacks portability and error checking. This can be added to shell scripts. However, there is a much more subtle problem. This implementation doesn't handle a transition from project-X.Y.9 to project-X.Y.10 because the sort order of ls -d differs from requirements. On some platforms, this can be fixed with ls -dv. However, other problems remain. Firstly, the number of archive formats has grown significantly. We regularly handle .gz, .bz2, .xz, .7z and others. Dependencies have also grown significantly. For example, each of the major four forks of MySQL Server (Oracle, MariaDB, Percona, Drizzle) have four or more dependencies (and with little overlap between forks). So, you'll require a smattering of cmake, boost, m4, bison, ncurses, readline, gperf, protobuf and uuid. Ridiculously, boost requires python. Meanwhile, protobuf is mildly allergic to stable releases. In another example, Apache Web Server, nginx and Drizzle all require pcre [the Perl Compatible Regular Expression library].

Dishonorable mention goes to projects which break standard naming conventions such as:-

Python-2.7.10.tar.gz
iozone3_434.tar
node-v4.4.4.tar.gz

or support for a varying subset of:-

./configure --prefix /path/to/install
./configure --prefix=/path/to/install

and that assumes that configure is in a standard location, unlike python (again), iozone (again), boost, nginx (varies with version) or perl. Most boggling is the llvm back-end and cfe front-end of clang which use incompatible build systems with the exception that both deny compilation from the source directory tree. WTF?

Most alarming is that openssl-1.0.2h (current version at time of writing) doesn't compile with the DES cipher or the MD5 hash algorithm. MD5 has been publicly known to be insecure for almost nine years and DES is just as bad. Admittedly, openssl has to provide interoperability with previous versions and popular forks which may be in open-source and closed-source products with five year support or more. However, it is dangerous and worse than useless to have the most popular implementation if it is not secure by default. Unfortunately, plans to accelerate deprecation of insecure ciphers and hashes may push developers to distribute an outdated version within their own projects or encourage forks with common flaws.

On the upside, on a Raspberry Pi, I've reduced Perl execution time by 22% and MySQL stored procedure execution time by 45% while maintaining numerical accuracy and reducing compilation time and memory.

Unfortunately, I've been wading through this quagmire because my venture requires repeatable source code compilation with the added complication of providing low-bandwidth, secure updates and supporting low-memory RISC servers. This had led to the following development which is presented in a simplified form. For deployment, this build system is intended to run in one of numerous split-privilege accounts. For development and testing, build/Makefile assumes the following directory structure:-

  • $HOME/build - Default directory for installation.
  • $HOME/build/bin - Wrapper scripts for C compilers and suchlike to allow self-hosted compilation in 512MB RAM or less.
  • $HOME/build/repo - Read-only repository of .tar.gz files, .diff files and additional tests. Examples given. Full contents to be determined and sourced by you.
  • $HOME/build/work - Working directory where archives are decompressed, patched and compiled.
  • $HOME/build/conf - Post-installation configuration for Apache Web Server and MySQL Server. (Under development and not released.)
  • $HOME/build/stat - Installation status of dependencies.
  • $HOME/build/foo - Example target directory for installation.

In addition to this, $HOME/build/hash.table is pre-configured with SHA1 checksums of the Makefile and known projects. If you are certain that you have reputable omission from this list, such as a legitimately modified Makefile, add it in the following manner:-

shell> cd $HOME/build
shell> shasum Makefile >> hash.table
shell> shasum repo/project-1.2.3.tar.bz2 >> hash.table

In general, something like make apache, make nginx or make perl should validate, decompress, patch, configure, compile, test and install the required project and dependencies or inform you of one or more significant omissions from the repository.

This archive has SHA1 of 1fea7e2cd6222fe73f3962a4a1c1c68b77d612a0:-

begin 644 build-dist-201608.tar.gz
M'XL("'VKI5<"`V)U:6QD+61I<W0M,C`Q-C`X+G1A<@#L7/ES&\>5UL_\*R8V
M5R0M`>S[6"[7UMJ.[2HGWHJ3.%6BK/0)3H3+&$"'+>W?OE\/@`%`$3JRBN1L
MB'**FD'WZ]?O^-[WNLGX13V,O5@W\QXC5!%SZNOQZ:UW^B'X:"G+3ZHEV?ZY
M_MRB3`LM%=%<W2*4<B5O5?+6>_@LFKF;5=6M?]&/O];_\_2T'N?)^_(_H\7_
MC%'.$0'P/X*!W:K(C?__X9^/?],ZO+D\.)C/%NG@X-;-YR;_'X;):%H/TWO)
M?RT97^*_$()2C*.<$GJ3_^\I_Q?-K'7Z-,V&5>^'@X./JQ]F;HK'ZK>36?5Y
M&PIN7D_&U3=C/(Z;^<S5XQ2K+\>/Z]ED/$KC.28=?WY20JCZXV5J1TUF\WHQ
MZA]\C._:V$)T5<7:\^X%)57C'J?-,]]YUNSJL]E]YG3Y?'`XG4T&#\=NE,X/
MR=GVX_\TI_U/+DY/3YNSLK-9^FE1SU+EAH/)K)Y?CJKYI,KU.%:N*I-F;E3E
MQ6Q^B=V[X60\J`Z__/V??SGZ[WM__/KH!03,+^L&WPPG3YJJ'C^>A*5E)KD:
M+8;S>CI,U9.E]9HJ3\JX&D*:>@0;SC;+]M<Z3]W\<DOG]A$Z7YS>__'B],$G
MAZWB=3[^34RY&/UX,^[D^?.MIRK]5!T=G9Q4OQQ4U;;LI?X_?''TXNS@Q3L0
M]?F[$/77Z9/XU[/==]CV_8OQQ>S!G=/305-6^*Q]?WQ2K%/^15I37+/F[=O;
M:X[39LVEB&8ZK.?'I_?__0S"[VZ[]*0HD2>SX\,AQ!\._Z,)#IXZ;N>=X,6=
M.TM!586E6S7N'PX?E'UMK;\:4;;3&FIXUCZ_."C_>U$"#TE33ZNTR9CJL9O5
MS@]34T+PT7CR9(RO,2HU"(YFX5?OVDU@7FN&5M7DPF5U6**[.OX,6]G6;QGS
MIS\>_^G[+__P_.OO?O?E\[+/Y_#_\V_O_?ZK/]W[ZLN3P]-F2V/(_J6=]V+I
MX.6_MS<`!?#%>=&BO)ZE^6(V/EON"S$>]VRK'F-CJ"0CA_0:PF7`@BI.QD?S
M*CCD8)V7V91=/2RC88?9?#%9-/BZZ:PPG:5I@H`V@(H=FLLZSXL>VZ&`+T[6
M>_IL/GF4QIW/JXMYZ_0R9+FKQ;B547UV[P]?_?GN<OC9:J<[F[L6+4:N:=P@
M[>RLFCH@1YHCZ\LFPV0!J_A4#=(XS=RP;H"6?C''W&>=T/1TGL9-_?B*^%D:
M%OL]6Z)2F(QS/5C,EBCSN'8[>%25]9MG(S\9UJ$H\JBSFILUJ;7'DTL4\HVA
MV@#9VO[)U>AI,[8W'2X&]?AH$R9;4U:A4:5ALQUR%ZM)%[W)='Y^.MF*L>+V
M:CR!M\>#_O6SCR]ZWR$PMV<=MD;]Y9"^.#\Z.GO%M./[I&>;!_NG'[*].M__
MXIMO'UR9^-@-%SM&.KLBLDSO+X>]6K=6^LEQ_Y-]NO4/V6LD_/#DP=]GE_L_
MY-';K[UM&WBT#&VG`V'7R-B&S7^2%G3+O^^3!^V2]W\\?W#GY/A\O>++2[9V
M.ZJ.^MM.>45L;2OS9DJ@:O8>7%E\Z<ZR[&M<"IW:L5M*I$[,=-%<EFJ"T7?;
MT;L(N84;ARMD:&W;9F.;RBV`37)N-@C65I#-XZH,M37D3COTU07I<)Y&T_.N
M)O6/3F'9(O)LG=&]I\M!6]98*]>^7UMAJ7U%K]M31=I=E7VDIRFTDDJHK?%O
M6>%7"Z2GP%SRE-&3-:`>EDGGZ]'7E+!"%*M'Z5E3_5MKW6YW96*_]=LJX;9=
MM19_M1Z^4L1Z4O.LP>Z/VZ]/5J7D\-/S<[*[C9.SZPQQ"/9W3ELF\K=)/3Z&
M]+O+<$0`CIXU/PWO_U@]^&20)GDQ#J<KZE,F+>>W-&+-3UOKI7`Y65EP.D/5
MK#JY1Y_@@Q_MB.4JJW<G_8\NQA\5!3M=.Q#88K](R\&G(3P/0S<>;`K_[1*1
MQ_3N4?O^")RM>S,(8>=Y^Y&L)J!KVWF).5=?=6]6$2%I9VB88FWGM2-6T;&R
M8Q>^.S[9\<HF2&^O",+QBIW^]MM[7WV_XG6W6PJU)$ZWVY)X?)T6J\`ZZGUW
M!$!D*T2\7:+CN(N!F(:H[SMC6[&;4;MBFJ,K7Z\,H>A^5]T/@P=/GSXO/R[N
M7-Q9>JW\:Y_G[MS9]=V5Y[#]3+HY+[GOY5>A>_6^_?>7O_SS>'!9'5:O1?OZ
MG^P$[?KS'^3SNS[_U_IUY_],44JU*N?_7`I^JV+O]ACJYOSGS?U_Y\Z'\K\6
MQ?]<L1O_?SC_AP_D?Z*1^:W_I;SQ_X?S?YZE]([]O__\GW%)K]S_,KR[.?__
M_W;^;PA=G?_?G-??G-?_JL_K_Y6/<#93=@]+5H/?XKR$=JO&Q6CT;.N`XR-2
MD=7QQ=_Q8NNL;=WJ;A`$2JQ:-K2S[;HE'F]^K^%MZO\POL??_Q*,ZLW]/R_W
M_U13<E/_?QWU_]MZ_*B4Q'=^]\]_57?Y;\4&RD(^M7SB48HWW.#F+O_F+O_7
M?I?_VFO[_^.]^?85^'%[!W[RZ9O>*V_=+9+EY>+=EVXB7[7.[FW[R])>=Z%)
M;VXTW^6-YF</_Z$7D-WUSC#NW-D,XS57-OMN:'87+#.6TJ]<QWS[Q>8V9G,7
ML[F)65+M511=>29WU]%UU&N.K@Y>O]R^5+EAZ;^2\]_PSOG_&Y[_4K8Z_[\Y
M__U`_B^_<?9N_P#HC?_^1PDB!2O]G^3BYN]_/HS_+UUSV9\7UO<N_:^$V.-_
M1CA5Q?^2<B8E;__^1V+X3?__'CXR))TS=]89FP*53ELF+,^!9)^8$,%+K07S
M5?4[]PA<>)@.>F_X.;`B$D,5-S8XF;P,*J0<8THA!6)#C"%(RPVMJM6=X]O.
M"&\Y85U/WG):^>6K`]B)F*2<HU08EHF5UB5&?0C..46SB%E8DO1R2KE`>\M5
M!F^]_P$,`%T2R8DDP84WDA#G3"2:)V^MBYQ`*^H"M\L9PWB0B$U91N&=U#)P
MSK3B5GFF9&#*.&:E-)02OYRP^D/`-_>YBEKJ'+(.RN`G)R10HA31*K-DN"$Y
MF^`#*91V.CEUTUF/]F6?`7%F??\S.PA"$QT0A)I%%Q*/5L5HHXQ446S,>*NM
M+J=)&P$U2M9CB&%]VHGQ0!9NO(0Y(2E%8D5(D1D??&9>>B]5D,;&+3&+>3UL
ME1&=E!2"H-QZ'X7TFF?!,)D(&#UJ':A"F<K)L;4ROFXFXQZ#@*4B@Y\/D%*1
MQ&`DCSRZ)%VT4L3()6*)N2!]SC98+_=*Z#?U`'H006&7;(VDR,QH209AXB:'
MY!P)481LF-%7I,B-'ABKL*X6TGBNN-*,N.RSD-Q%P8C5$6XCP>R5L-*#8EVB
MG`XYQ>B(BLQ&A)?PA".RF*.)>BUVI/`^69D4>B0)/;BTV#</QG&A7"*2>QN@
MED?T),-@CK170JN'I(Q#Z>@I,D:IJ*RS(3OILLE9:!ZE%33:SAZ323-_2!]*
M^Y"L%7%!"\SG3"0EB78<^27QC*QV2)FLF`@E$:Z(4&0C`B9P5F3E,X+>ES#C
MCL`>5&;X1%`;'<U*T>M$Q#KG`\8X2=DJ1%6$.2A/`=`K$6&>)!XB8D-X%M;&
M@,UA"@-C-+/0*O$42IADI0[P2O*(2`8+:.C.50[!"$-2U('3`@![9;0F%8Z"
M=ZE$%/4^&:(R@$=2)5QP6AL"C:S)HM-EA'(`2;+?F4-&A:0O*:^CHL'%J!@T
M0]PF!5A2FDH18)*7)+"UA,A#8!P31`*6Z>)$@8Q/0#/LS6:O/,DRK,,K3)XT
M[EF)#AZZ^.+,269$M$@1IS*PDPH+K70`FA")MQJ)Y%8BH@/3<4WJM;^WVY-]
MW:>L!^3KN=E(#7O#>KQXVAN,%\GY^C*750ZXDP98@KH(/S,0&ZDME9IY)X`/
M61-&<V)6_/U+E(U81659)"BIJ2B+!(IH0A6RV!['`DK"(OR5JQ0NW^KL6>;$
M([Q"B$@T)&%DCLC,#?>*4$%8\DE8^T;26O4X`(4`%(U,%A$,(0AU!V3BL(/Q
MC`6;.`\K@5_\UQ<K60+>X@])YW,/KV:-E"]UR`N`F(]X93`94.<$0Q:BZ,E.
MT#?`:,4[0-&::^L8G(&$+@CGK(&3)8IH=``Z!M`UZ"C7\^M!`M?]_NM[%/!&
M^5H,==0KG1V`2&M`O4D(Y&B2,\I;KCT-^"_ISMRS^N>?AZFG$;RBYX;32]<!
M"S8`3H7REU1BR3(:O0',L!+2G"D=4>&"H:^5U'<-ZCME'J4+?%FB;'*`HPE9
M.:0Y1YDTJ/4.([AXO;11E`<1:`N89P+LP#L+C3*3'$F"<@D*2*/*-`>SKHH@
M&/`77Z5X*8@PIO:"6$,!N+0D@$L6Q(<+3E&C<T)]\HK[?0):J,G@&@`IBBA$
M/610AULFHT52441-(C$Q'UG:$:(W0".B9@SXQC"#E/*)(ILX[&J)--IF0PFH
M0S1[YK<Z&'R?HQ0JN^BX$3ZC:,".W$9EF%3*0KRSNY:P_2Y>4.P`,HX%H`%%
MYT2#3H@A8#>1BA!D`>&.:KMG?JL#MPEET#BC.354@YP05K+3(&:D1$(PDU+<
MT4%VQBQPB;A&Y8G4&H-R1D2.V0%_*(_41,&U\%0PD?;,;W6@1.J$K,5ZL!^U
MDF-AQEI:X(N7/)@.('A+A@(GZ'2@68-&(,G`)X!0`31/>823!X4#O?0$E<-)
M8O;,;W4@!"15&F$!*`I.1;X[3BU/`&]&D@L$U0P9O24#9/E*9"H"I*0I%&<"
MS4("$^!`?@]6@^JA3<K<4\9>)63I%0]&#Q,`"9C,7H-[&2M`IHD&#]1.19$-
MLG%+T-_<8W=%G:A22:0`H)7",:H\@H.@04A602^OJ38*AGFEE*4^#$;(J+Y"
MPCR&4?`50UDI#0!;B8115I-,MR3-`7'-HIZG*TJ!OE&=>7(9S@7U*'4:E04,
M`C4Z.T/0?GC/[>M%+=D@9U$X1#!,K#D)UDDE)>).@[2H")*,+HGZSO?3-,N[
M;-!(;X*`XX73!&B-:`;U<JC22EOE"NE-2G0$Z&4)K1Z@40%D$BX"."J6(!3%
MPVD)EQ<^*6@&A?>=K4?3=C-="2K\/AD30F(J>L<C`-6`K:B$D(X\98%W*>0]
M\UL=D+<FZ%)"D+/.YE8+%,+(J$6?@/H;G4<!WY*QR8/B&\U1-3.G`G0+Y4%*
M)E'%K,Z1971`""!A4/?U/@&M%N@6$VH6]`4(!NW0L7(50`)+Y%HX13O@"UW#
M\^5\/HUMM\$VBL";&B&/R+7(%\08D!);HC`&2I`7\)=F(-LK&?7DY\DX\8=B
M69)1_E#",^`X(?PM8!S0@/9-R&1H*8IX93)JSO736T:`#A7E()>6U&IP($$(
M]``9CXRAO(-S!0G87TMHACW2IYNF#>C!/"`9F2\9:)+0J-L,')$`J-!.:AL%
MW))WYZNMYE&9PNHM0=N'[D3`HAQ4$LHHYJEW*0#E5>JXUZ-G\^1Z)2AU%U(9
M(8P^"RT*0CL!U^%5!#*J!4=&4`--0'G623NL_:`X@BW]><"0X&@N!)(Q)(7.
M40)9HT@I@(YS;`KA&$+7WUR9WM9(%AQ%&"61<R;8C2[[0;?$,FB5)*A<"22;
MO"1AJV-$82"P@$:!]$:UQQ&2Q4)!I<H@?!:MN+,;"=/QH'"S/NMD1#0X;:/M
MF$2'Q\`-T-]3A@I>SOJ\944=I3H9@V5(4MB2VX[B,>Z"I0;+81+:3P1+(:]H
M]UHD#0(<P&Z,.7P\>KE/HJ`:O.P`O;+(X$^H\0:Q:@I7\[(T'5')M!8R$JT2
M=M.W1B*0$=Q86J@2TL([S3W()?!/47`&$]`X7C]]V6%E0UR*`$:7.`A*MDC0
MX!7Z*G`)R10(,QH(LBN"=C&%+I'`7"#(B`K8H/!N-,Z&!PTF941"K='*Y#WS
M6QT4R'(,&@&DT;5HFCB"!)S41YDD\A.-LRE5:BVCM&A;IQE21Q"2THE%U".%
M;:"GXY(PSM$)(->,0U,LZ?73ET7#%9V!1ED%!K8"<.:&PK#H,H-%*^\\FO&\
MT6!6N^A[%"F*'J3#"(,,8V4Q1%5,8!"<9@8$#\:!R8/X:%EBXUHI?"/%)U6.
MOV`1M(J!(\C182J+Y`,M"R`3/H0N/$?3T"N(NVD:.*'HKAU62M83&H#A6J'9
M52@8,5N#_E_R[@#@ZOQEX0"%E&CX(P$)C-&A="%U#:`+;9I%9=86>NG0R<BS
M)6*OE2@&2Z#4A+$"5$!-EH'5I9,!A@I6D`3,2NT3L"RAY?]]"ZV6L6@HHD(W
MY="6<8J>'A'%(X@F"H#CVT)XGVXJ.2('#:8`9&DTX"!^:+X=B1J<U"4P9:&%
M*T1HGX!6"TM1>%K2"[!!1*.?!F`![P#'R:/5`*\U8$-K(:OF%-!MEP<JX)K_
MR]ZU?S=M;.N?Z[]BZH8Z(I$MV?(KX!8:H+!*2&X"J^TJN40:C1P?;,E'DD,"
MY/SM]]LSHX=?Q)"VA[M686&DT<S6S)[]^/:\!-,"=X<@!Z(E@+(D2^%:@4.%
MW0>CN&^U%PAT2Y*%X-.Q>4#C@YP#D'BH$.(VF&$;Y@.V$%K:M'K.*A*R#D`2
M;803-E"UW^MS2\#2!G:S'P3='J)M+FQ$NL!@<P3DV)`B4QA/.#R((<3)<P#^
M;#A28&W1ZK=Z"%#!9$BFZ.5F3Q$*8I>G[ECBMKI,4G`4(1^`&@RQ0/5[D#7/
MIF%5UX686DU$N0A:O,X\+;5TH$2E!6<(8`-%@[B@B]&W,,P=!T`6!J!'=L@#
MULG8&_)9G(@$S<K-*)P6^=8`<0L7"":#EHM0L@FP!Y-,?AUA%**J8"T%*2<(
M[N0"PC;%7A3UP;MV$6G`Q;<1P#8MWV_!V?`%*IW"/4(R$2593?(H-B`G)]EM
M<<2PMM]K=1S/@=X5XKI,00614''>;+4]Q(P=6]B$'X,NE,^!:_+[CK"ZA*-6
MU4.*2JL/\&Y9B#0)@0(J`:XA).^2*7?:;3(O;M"WLUYY(5+SX.KD?YX37LG%
M1'3AVWG0[':Z-O`VZ:"-`!C-0!]3#`9'$_#<%(;#47@),]2OV^U<>>U>"Q+6
MZED<#MYI67X;V!N6$;`!7K/E4X4Z[4^04&,5`G@`QAL="B,&[-U$5;HT(.@3
M$'8X8E&@$'N.3"S&D:8)>MHG]@@N'DK&Z_A>8#?3I0G@Z".0(2O<#AG*K$
MO9Q4Y`OSPJD[A4&BX3GP$G_]9K_/:6BH!930PJ^%8!DA65]`K3+X$DU%F"1C
M:9^;YQF15@"P@=`4T477=>']NC3U@-MFBVHFH`PN,&96C2F/19.<3(&`;`@9
M$&@7QMQUH<FVWP>*@_^&V`BW8W<$`#_/G?XR!14#P@3`.P`'D]-T$/&U!$+:
MED=ZT+%@+H$*O=SU$Q6S5V_U<E."R`3FV&W"[;<M0*]N"X:M"^,!3E"DZB!<
M02RXIKP:<T=G-!V$:QT'$**#>+A'L3:B`0]^BY,IZ?5;3N9G$*KQ*'3-1,07
M(M:FS2R&[9H^Y+()+.%;,,EM,J\TX=-UX`HIT!6VU>SUQ4;4:&PKF4TJ8`'@
MJFUW^N207=L2;:`R!&9]UW5:/C01L+.`K+3@&:2:S<*9`G=WH'4^0M%>4T!@
M/*OEM0,O:'=IYJ:'"+HI1&Y9CD#A*'HGXI=1-$Y(>*Q.3JI'@X_]KM^"],$Q
M4?P#5]\"?H4SZ'A(M+U^/L&P@E2._%H`:QV$4("P#J06H![<@96";7#=H`E-
M1Y3:S]W:-([2R)L%</.=`KO!3@(T`>-!EIRV#Z#$@2X\1`$P'3`<W$&@V.IG
ML>'T*CV74T!=4LQ,FH$%'.`$1/N=7MM"7!<X?1OV!\:C[0H8*VA#+Q^-C(7K
MTS)+LS3&#\0$V`\,&D"%86$0JR',`VHA_,=AP+NPJ?T<A^<D.J6Q-^B3U71H
M8KKCP0&U8'51)8BDYU!Y,+5I]7,LKN<PS=)4!2+8`'P$S!)!J]7I$R=HOL-V
M1,MJ(=ZDF0*OZ:REH,;.8&:!VX$4@++Z-!C+$>;##_8Y3*#5I;X27=Y>H%)R
M0ZY+$SV`W<T.`!;B`Y];#DP.WNT)MP\OUH:R.=9:"K(>""'\'NQ^`-C<1_#O
M=N&?K9X-+;5IHCKH0IK[^8A50:68I;3:P"4.K"NP":?8%]8;6-8%Z*)^;N*_
M?K,KUE)05DH0B.P$0$=H?2MP8.#<MN4!!,-B>'V:A.TB>-!49K.1K^+%G!V.
MW[+!30M!:QMVD48-H,^H%0(%WX.?["%.ZV4#2N\1<\IIW]S._;.>[_;K?[)U
M'G_3^B_;:M.>GWS]C^7(_;_M?_;__$W[?RA(I_7QSQ\>'+&3U.5OY5(?=L+C
MT73#?;UMO75G?W^PM7WTZR-#KR*M[/_VVUS*SD[E^:-RRMBO5'YZ]4PFT@X'
MI))$5H[L@;JH/#QZN/_T,1[+;$;#G;K\7%2>'!X6:4$457Y^\:I(&(:SRL^'
MAS\_+Q4<1M%P+"K9SHGB`1V*,W.'HO+HX<N'/ST\*3W*)D(K![\#=R^GJTBI
M\NNOOQ;/WKU[1_R,INEH(@_^"Z*8'3\[V8?5&D+1:&^1/+=OXH['C%-KZI7]
MPP.YT'I@'K:8&?@B`,R91E-F3O#+PQ2)T6244H`W$7@R"D$(B6%D"C<>7YFC
M$'Z2=BN9P43$0T'3M9#M,$V0,N2`V.-)=I7D5V,W?^P&H$AX/')]I(UBUZ0*
M1^$@"H5Z4X*Z^F8R%7SQWM2E*'$T#)'Z7L114J2XJ-W0#-U0IZ6TS8J2)K3+
MQPP2DCR3H(O@:40M0XEA:-(96K1C.QETG#QQ'$73^037$^-D8.<)_YI-INI>
M\@4-16>D`Y109]JQB7MIGD=D]WPQ3<\'G;DGNE`L*&0;70B=R9K+-`OC:(Q0
M>S01ZE6QB&(?//3&$7^;E!+R1J`[O=@-^3EZ)TD'3=S+7D4,%"QV[60:DQ3$
MQ&')'"^:A;X;7PV<RM'QXZ.!N)S2T6FT)VA0+71J;VL;NF#(T3=UOT59JNS[
M[YDNH@[)0J$M=<6VMC,!-.;RZ<.89$Y]O91W%B8B90>/#XJ;DY>'I2>'CUX\
M/)B[1_7G[D]>/2GN,^I%"K665(HP,B-AI,Z)::N5W.X#)6/DL<ZA5;1722H7
M55\^Q3WGZ`92#3I><Z:V,]'^'GX.W8PDA&A9+`6_$MJBQ(5/FY\B1!KY\Z9E
M>B)U=:F;LLJ)]TWR.FC5C&P$:N;3/J0)[4J:0#88%:`M6#`7^L`"-V1NS,_I
MQ%`HB#^*I:9<P7B\.AZHW9N"U1XH-@SNG[Q\].S%#_?RO2E;EVQ;/S0^X&YA
MC][UO=+9<W2VW*XZF>_#`ZZV7[&&/&?S=.=CW6CL;FVY]Q[XJY]X]Q8V3VWI
M74_;#[AA4+\63X+LB6\8Q@=YYN.6T.<Z;@79A?AV@#MDT!MAD')_\`.2KN]1
M2W#+^&2*Y.`>;6S9NBSEO+Q6F;)=1]Q`T>S&-U850'Y7$_2N6<:TW6K5J+&/
M3`P!/YEYP6JOZ]NP;1_=A']$"/HQ.7<_TL#.QW-NRYRI.T*GV)5'SXX'Y5*`
M'*\]R@!=>G5L5'X]//ZEY$"B^&T%(E]R<(1WX2->/!G0(AQ<'3\>Y`MR3UX]
M.APD,S^J5)X^/'E:B(+<X!3'4?Q!=2TDXO'Q,:O22DUT_`/UEU71"NH#>:2@
M>E:])W<$V=>+'3DO7`8)DDZ:DZ8H(;9^:_HL>VY\H"&6[6<O=JM@$Z)U9GJL
M5L7?+(>\81^KM*5)UGJ[RMTPC$@5X%MBD42SF(L5A>I5`SU&1F%PGT2>CZ-$
MX%5YZF+=9$.2<VLW(V,9Y2V&*NL?K^^^_O'TQT:4["HR6E1TB<%_&B3TKAF<
M?K`[UUM;C5%D?%A%N2BSJY\:UZ02]KV<)??!)WV*:6D!_CI64`XF<U#+%[LH
MYX/LG4^UW\YK:7]V^^U/MG^.<E%&M]\VKDG1JYH;>SE_JK3U3B?;>;)-?+@Y
M=Z8KI6+$`#&PKJ\+B9!-@#0N\%7N9UPACK23E1A-]E?MX:6WB02,O[Z^KE4J
MP'![C%PMFSAL")-!4QOXX6R4C)E<O\ITO,PX.Y*C*DP.]S.Y`I)E(QQ,#P^S
M#%LRJ<=RD"J-S#Q5C<U#H2_T)0WU,QJR8Q)YTB+W212^&5E[E6^VM2,GNT!&
M2&[5+CGX##ODVXGEH-BA@#M_C2[Q\_-N2Z\+O2=A%5`Y*KJ1OYR_'FK>V#
MA[\@MYFPHD:5"@?2"?>RI,HWN:U"OZ`>9`@-U:]5XX.V0;7*-S',11PPG:%Q
MMU*AD+5$9YO[K%ZGRD[>PC,BYY%MJ+CV#*P3;.?.[W<F=WSSSM,[!W=.SHQR
MD<VXP&&]IS$[H^T`.3,*926^R.073PQP1S4L+#GDQ3W,6V^,DG-6F>8\M"Y7
ME6W)Q;HZ[ZA9=3<K(D^$K9VQLZR_<A;<+7S1?,LI]C7-<(:(8<1-B#<!3P+W
M-Q`A#W9#EL9=L.$C>[WX.OZGT@;<1W16>H66E!7E)419QXCA^Q&ZMT\M+Y>A
MNBPWPT/FYL:Y+]_?D%6UH?)&GV>Q-Z\5W^+_*@*`M`&5DE#:@&KH;;W53,U*
MSY2)^]'03E][^P?XDY^8,:+(<#S.C\)2AB\C(>^6D``9NS?G"/-1/Z5CYI2.
M]$@KWZ31##(\7T?"Z[AY?&!(/+ZUC9C`6(%UY<$!@NJ4L&06!",^(M@[$1-`
M6P7E`7)IXSZ*(3SD@@[<^(Z)D3S7@P[4]P3B!.W_"!E3Y$FYD[?H4T2H_&T=
MAHG^?P.R):MXH]X73@5IT@C0QIY<NS7$BJ&KH=[S+GD?WJ>YK!Q1)K(C8-_N
M6/5F4(7FA](!JHSK<MI93OT,#[;E_0-OL%W]Y:?J;O6`?GZFGY?T<T0_CW^"
M!%"M/-3JK:>KM;4U'5AD;;;O4>H/`]MJ.I2ZLV/(?`V9DKWK^WB;$HTZ\.\?
MR'6JJJL1ROV!I6VS=2W/3,A@1A9R+-P^"$9B["\#C$:.*W+H+7/^89\"3DS/
MKY+!]]-M`G$7HSA5U[(>]*A<B3QQ1V6]GU?5^#3RA1XLBER=C7P!W;C:+<Z7
M\?T1:8H[AK']WBL88:JW(C`@):++$<**G)`+FJ-P-)E--J=EJA9HDG0Y*R@N
MZ63!C4U;G+K)6_45BAG$;1R]&U^Q=U"E:)9^:3OS6EW76$VI?$U"`:EQT-[/
MT3BI9'[`S+?_:%DAX*LA?AZ#W:Q@!+>!<,5E1M\^W<VTK7UJT#D0B+/'(ARF
MY\@RB69A:MS/[_.,$E&[%_"@@RRU=7I/%Q@4&:]54V3.+]/&S.K35T^B,0!*
MAL[EJU38EVO5O+A"3I=51<HF^:`:DR`XEU`"D9EO8(70XK&X3&DUC4+2$O7)
M+8[J4OI3&JD;QJ/T2KD9Z4JWMBET-PI/*"^.`!8E`+DK;T]>/3$(`OQ1OWM:
MFR.^_47(?,-7KH'MJQNGFY]!A%NV*X<,&L,7$4+!9[O,='M/@2B=7R)P6-2S
MSVRR1),-7UPTPMEXS)H_E&ZR\9>SQ60J<PDC-)=>1G:E2KW_TEK5[_X%M1E^
M7=7QOJ[J7'Y=U1E_7=5Y_U^NCH[E3(1P>254O+^N$O)%9,+.&OLT'+HO)]/2
MR[1D2+QQY'UJ)$3R0*'\TL"(:MR@)C=JULZ&'$&Q/YM,)W@#A2T?&44R2>-_
MW7AB-M1.SH:DMVS6+*-4'1J_O45UJ'AM]6OLTFLV&/K)2-8^46D=)RH/:)*X
M?';'*.HT@V.47R3'@70$_B?1_'.I*8]>UI0_BS"-UV5TY3=W_U3JNLO`#'.I
M4^7<P=S(W+F<ML_ZF:1FJ1#ICZQN\:@0"Q(2:L\_DO)72TIIH.N_*BKEWMY4
M7A8DA(2&P.R;2>3/QJ)DJU1#U`16J:+T>@WUC861Y0RYKTHF%#^7K*OX50OH
M,MY7!_-FLWWUH^?_*,-?J@S+0O\=VZ=6[;+'2H!VV9&;\O-=6@XEO\XI=MDS
M51Y!I9CRD;*#&TAJ(9)3(HD`R6+W;P1?:OO`G]3^_<,7EE&.QPI-K>CF[*U5
MKT+)LW8OZ/Z<6=B,E2_1TPL,3?]_<W3!`%:R1FW*U_1FQM(D%ZU$(CX5TV+R
MZ*JE7U:34V(TN$Y%:.C=$^.1N%"#\YZH,35I9L[.YLO14J]1<,46RH?LU<M]
M^B^(X@EBB-_QQSPX,!\]8D^?[AT<[)V<U.8(F2&K_<AJI9F.A3%C/7=!`SAR
M)$E-8^MU)A^<W6M#SJ/=_:/^VGS=V#O]4=WJY_9N\^O(T,AG:O)!QZUM6J]A
M,,U@=L=JCN;_.:,Z7=#`9!/_6OCGX%\;_V@&O6,8)?9<TYF^V53/?+?HSJ#I
M[0MW//+KK\-\0*Q)TSF9S)3G41>&GQ96DMTP'%42YI(\0CK/HR2E\V\WD\X3
M+67).54E*YM+T#J948N'*.G;_S3HZ[4-M7BH+#NN^?Y4___://U@[;9LZJ7R
MA)KJ'C7+NV4S!*HBY8VL%C3NNY`U>T39J\9<A^2/RIU0[H(LPU_1!26FHPO&
M$7?'E)1A]*SZ^<A<X\*-&_$L;(0BI35(9&^6,Y4R*.2H,HR"V92-H])[ULWR
MU\YFDB5F<E934_W/Z0BDTGR_>K%J1[G:E0KGICZ?OT3=G%R00<D_9(!8O71M
M61:RT.1].)T[!;"<:9G(L$QEN!&9X2HZ?&=G[F:3ZNSLK*A/F<YP(SITHF!E
M[&_`L;%?OEXB/?^8G#CU?B(GCECY%*Z*NEDAS`>/#P9-$"X-0)R\/!S8.FG)
M"QI+08$B/3^``9\[,!?+:\>X&M?JVJYRX?6&]M#UY!R%]?MJ&H<(_UOZ4_M$
MO1:!H['`J56[Q6[,T:U,*6%SEC8W9^G\ZV[+VH7*+XW0T?H8&N`Z1]C'NNTV
MNWLK.KEEDJ+L^KXW\A@$?7PE5\GBA[[4`1_$F9NXS'-#6MQ"2ZBD]?$XHSE,
M&O'DY\.8%@K0"F$*YF*Y])-'8_H73^07`QB?I<SGS!=Q%`2T^%92\6<,F`E<
M(Z<;N'+E.D5I:CU9,$G5-Q4"^AA"B-0XFK`A`!L;^7+]#GL[&H_9.&036I0R
M<=\+-H'3]`6/?*&-[N1M,`HB!J9-4;6I"^?#IJ`SC>G+2!.YN)@FHL(+%J,:
M>!(+7$ZH;'*.(G(9+Y`;WJ26Z]+W*\(AK;>8L-3E:D5,*H2,L11V2-4"ZO2*
M*6.-VJM&SL+1O^DG3?!+%:(/,-!_,UWIV4R$\N(=9^_.P5ZU#/H=+;8G6?<3
M=NG&>/L5:B[-BC3QU*V&CLR7NECRX0TXN3:'%`*53[5\+K<V7C?07)5+"1?)
M$[HZZ[2IYFF92>`*&DQMTC1OU+6;S$7I:)R*NM[[9JT16+0"[3QQ`SN@J"_K
M_V>IOR*BM+61Q+S!9W%,,[D+<=*-@R:?1V@H0EJ[1IV87(5PP,E8B"FSK5O0
M]FA]K<E95:I"79>B)5Q!%!$GVI8U8>:_F<W,*_IQF7G(S!/6:C+S.>LXU=NT
M#!8'KY'1GAX>7M=;JR2H)$#9\2L5NECC0-JK9&<^2;]6+E9=[2*RW2((>P>U
MNCQ!7H;RM%LF%L'HDI50[/Q\@QPU6)3\[/2<E:EVMS)Q/J,US=6M<6[=%F>#
MEN3'=%5PM:K2Y=JL'NY<'0XX:W;V?%Z?TGKE+V3#0-<$));YD"YW:7[@2X4N
MU[-"5^G3O%C72F=U7].*[%LV4](P36J+.:1/U.2M1RH0A3<6E&[*O5NA2WJ?
M);M)(N)T,R;I`X+`(WY;%LVW_<OX::_A)[\]._E:;LI4JG>9]YNP+SL)KH*+
MOTC`;&LE1VBI_RTY0B1*'%%C#*643=1NB2.EC?H5??T9EK.UNK'9;H9;-EB3
M6=<*W2>)_G1H>2%N?BK]=_IS8\K49L>\KDKN0Z>6DN5AJ!5<_:VJ-J=#&^75
MTK51WE+G?(8[T:76^)3GC]X\?_;3\</CW]_(4K5"B>G8O[U"@O7M0@&CMN"@
M>M8:/[W21_%;6QNY>N-SK$V1SE=8+#1T7FNUH?>B**7O8Q)9?Y3(-/E927`E
M*XM+-XTF(UX4R[:?)P.^RW=V=BE81""W&WG_XO1CTA"2:<KM\(/EI2AG*Q6(
M#D'46X"*13[R:,0-9C%OSKYQQKEINTVK4IY"+%9(;%`RG\23[?^$6G.^F0]8
M*:EVD?JIX&I.P_#&=8A-52EKU<8C,(L+*B5?-G_["H;J:*5>5T=HWC#-M4;A
MBM%I(F+<.)R]/'*M17?9MA4=OQ3V\$`L2SL2E^3DR>&AH3X]H(9:9513-)P^
MC[#4;O/1/KWPS;,7)R\?/G_^!N2>//MMKJWTJBS;_ANU9[Y6VBA?*Y[^]MNJ
MY\;-55^E>/_7WK,`MW%<1]FQ(L%2(LF.K,AQLB'9D!1UX-WA2WJ0(3Y'$A$(
M,`#XD>($!(DC"(D$4'PHDVIBV9&2JI*G<2=V+3=U[<KC865-QK+I2>JVSEBU
M4\N)U;&MI*KCUG:GXSIIQLXT]C23)G%W][X`[H`[`B0EYW9&(F[OW=M]N^^]
MW7W[]JTJG*K<J7]10^S4/Y2D#L*H"YU2]^F1.JH.J2MCR^JBR%.Z?$F$"'B;
M4EGCS:31IY#/D!T!+?+KK+?8=5.LHL2(?58I,'+?'5A<Z>8R_*Y\*BF[$<:$
M?Z_E:M:I.%/@#MO6N:S'2)0GI=SA79%N:6M*FQ%"H<;\<>#E3V]D>X$8E88U
M@?PR'/@F&\\54NB\DQ(,NJK&A!_4>UNBH;9@TZ3:FJJ*8"N<A,!%5A=B[HAU
M1<O&JM@TM194:=CCVJOF@"E.$,W(OBCU(AZ4,([5J0;=(7G'%'@'F8K;B53M
MCV++UC)@R^X(4GM!FR:K&"?MZNRBH+6U&RCE$_723IC4:*&41S94>6.'2T[A
M0<>BFU*V5XI1`NI4;P(>#33*@N^:^-\VG797!4*$*`>5=-C,NB@1$*'\3#(7
MGQ6Z4I:#SY/AG!);'!>)25JCQ2=QJ"INA38Y79C/LJYBFHMC)2X%9^/Y`T1!
MS-?1@';(__QO^THVH'UM&U"Y1?A2Y-,-H2U*YQP"BU68T*5+/TSXMQYA4K8H
M("QUVQ00$@U,4!J,U20\UKT=(R"JAPX<(*]#C!>K@1HIY*8)_:R[*Q"2.BC`
M.GM!0[VE6*,F]%.AW@I&+HP=@6LT:VDG&R&MEVR$0Y%R?M4FU3Z5GIPI)E@I
M.`I<JJ`7ZJ!=0@7%!0O*,'/M:)XN75>J?SV9E7UJ+EE:FOB`V]*JO6PN(P3D
MUFB%J&@>_GN8S_^"A$OQM)!'GP0!NQ>]1;R(?!F@TL=\GIA/QY&E+ITA<I/6
MCGJJ*?11@H7PB4:@:DAUB/T49RAH!#+)#,!_J+YFJ'[`0ZLJT>#9(/2Q+M<F
M72>P!1P2/U>MA>*<6;8O(;_3HFQS4';3!'*C%T(SMA$A./3&TXFN3`YJ,2$3
MYLG0PD^Y$Y)]J1DVWX4N=(`<WY4JL+.Q))M!\2EA!\S@5LR;)R?-&73P7M@[
MH0$^X#@]A<+$JI0`JS>?EY>!,W`IL_,Q%.HT,VF>Q,[)&1RY!;E)Y95+P:2J
M<X_B`D1U1T2T"FB"ELVN-,'+Y^6:/A"7*=KL(Q5!/:WR)TQ;%=M)MYKQ1'%;
M%[6ZEE%)Q8IJ!L0H5)4)=D[=8HK#Z$*:?<(;G!%ED`=W&$XS?:/^Z$!L'QQF
M71-%%-0J(>1%(H'RK*%P*!KR#/?)\KW#X0@3@>5Z`\,^AAO)2Z>[XF@H`O-C
M>CD<'`'0/_[1'!=*]81"D:BK3=25PKZDXMJ[3?@JS+A]`7^0<96MPX3WS*"'
M\?D87RS"A$>8L"O4U\>_"@U'8^ZP=\`_PL1@]X6A)HHQP7Z$BY*!>`)N[YZ!
M4*`J$#/F'ARJ#M+'^)BP.XIJH@XTY`Y'_5%_*%@!I#87DVN*TBN=JKVTF%KX
M#,GJ-FOEH^H)HHJYSU0.MRRKY*JH#)T:H+K8U]Q=0EJ`5%E5*'IYX6:LH0:$
M(<"O+%MM)9O'`G"@JU+"VG0H%S6=(D3M[A"N^5)1(RNK&\:B8;?/$POM$04E
M%@SQ8N/S1]P>)'8#[C#CTR0D*A>>F%KX%Y(\<*.ADDB4@U[6`^ERI$(N!TH;
M):4;=`V2D-*>6>'Q4N)MOM@UX>U2;E88!<WF6N,?X_-'\?C'UUF#""C<96WB
M\ZJP].4UVQ--39J@Y38=31\("VUM\JM-VO?MV\=I=LZX(O%-0,S"_BQ^)1.#
M""28320X?A%4"2J\*(%&\6PK07&N`*?,W8%*=I:@A?ZK!!??</`"8W-<77+Z
MI&Q?254A259"3>?V5"/SM\(.J1V3OQRJP=72JR1Y.:W#QB5I/@&7Y$$EVE15
M39DRX(5R<Z'L'38+5IK59!#(_J%F6!*K@ZY+*P5"6<HJ3HCC+#>(XY57J36<
MG\J49O)C0&DFWSP0M109VA8C8V25J;"PTM/HBJ&V,:'%#T-/_+K*:R?E`>OX
ML'T;A54D'DHQ%.HP^)`@XHE$CLWG7>+./'R!HL`2R5P\72!PG&:H[85#(A9T
MT+&E'9T!4Z\"KD%YB8"8!K)"BB"7R8CN-BWM"]51FI,+^K&V)U<$ZT0MK!,+
M]#+0WEH+[:W+J>Q,+:PSR\&Z4`OKPC*P\B%**K^*%;.0&]'8H_"UT@?QQ&PJ
MK0@-\M/%0B)S,"TP-$TJRSH7+E[9_"C7&HY8]]IH#9TRG4JGD--*:H&%/_/H
MDAZVX7KA2NJYBL%$ZL^R8:5TB!"1H$V`%>SYE1LL*N\[KGO($-G`KC(Z5);9
MH#%"X?+FAHT4C<(]H0UWXT8-!>0-&SL4<#=L!%'`W=!Q1)]R*7-*D&Z^15:B
MF67Y-&KSQRW;\:LGP`"N=8W-R/RT%$D*$"%L[U#REL0!27S<'7T+K*(O]C)*
MK[HWJP-!S2AJ>G!I"YRF!Z,4*TW#OJZ29Z#/XT?>&!:K"?ZJ$MI"V_E.B*,&
M:\G##5;4)96$#41$!MP40:,M!UF&CJK1BC634.FKH<_C([@YAYI_A`A!-"*D
M(!P-$9L@P2^9)*%,5&>7Q4+:^>=BGLVY\$%X[G4\GT=A'5QYRX$<I2*Z.FI;
M18+T8JDI1KH1:I,EW6@EUPD5AVP)H]5,6BPQDI981'W>)MX9I=5$6,:OVK[A
MI$^C\_?R@]6(].H:1I1F?B43/!SGJ[D_[`Y&@3L0`$-A_X@_P/0S$1`*XOXV
M[P+1$&B#'-_6VR8*1QOP^YA@U-_G9WS`LQ>T<>S?=G.SRA@O+!/*Y[P29'7G
M;MU,)=<A0HS_YC`S$MK#Z*.T)DFJDQ.5^8B=K-Z[M8:/(%L@!N=AB>BX-V42
M'^M5UR(B?<JZ_(HV^6I,I*MT'2:65$Y:/)N#(R/R*H>_]-&C0!#$48<)EKMY
M&=VXG-/@8HEJ7BRD9G#UK2;A45T[\96K3W%4H,2%-H9H#A5OYX7/RVJ2%"QE
M#KO,4B;QN:>QC6%1;0Q<6H-:@\-51W-@.[G3;'&:T"^J?A=H=.=AG5ZTRH9Z
M%%M".,!7N1TE^<5BDI3(I)$#"TUA0NF&$$I?'I2B/W)ZQ*T)U*-ENQ6HUN6-
M,UTH9!-PGFTUPT4I=Y5[O1JB4O0U?R"*A[;M69[?-`$+GNV:@%4<1"OA*[8'
M=6S4:MF`K;G1N(+EZ3P'@SFI`:J-PZ.FUF0O,'M5&2$0>]3>_YM))7&)59RC
M-;&9,'V4A%;?$5J55A6J5T?#CHZ.=G2)>+C&R10+!']KII[&*CU.E4RE;R5R
M[`P+YUAP1$6WOYEP9FE4X>6>JY*CKY=\C*R$U@J'43P:*D_ERZ,<\412:T!D
MO%C(K#:==(/HO"P[T;**Q*U^Y_7HU6;BZ3]>CLO.!/*,KYA+*^9:8%4.'CPH
M7X-QTXQ2:$$_*>"HT#N9!$O,6>&4Q6I"OWO4C.24#@<9A$BA"^?T,6@FH45Q
M(A>5=)([_D:9N"?UX4?;Q,7KQ39S;T?M&4'Y,3E:\[R7JVK=$]]T4ELC)='$
ME"X_K"Z]P&V7K#)R2_5M6./)/.+2206'.)A9;Q,GZSZ*F%1QYVPRTN6><%0Q
M[DYRFJ3LI+,KQV8S70TM`S&CPV9#?RF'C93_%5(313NL#KN5HJP0CJ)L-FL3
ML*U&`Q3SZ$Y"8/1_2?_+CR'B:"#U]K_=:E7K?P?L;]3_\`=B`AKVO]5"VIH`
M:?3_BB>"($K.G`JG%!!;Q`2-'\<!'[KX"R9R,;1M#C/,&'8CY!LK0=H(T@XH
MLL=JZ[$YS*)@`W11!6GJ[.QL0#%V@H0E=0.RN\=FZ2&=9NY\(V0GOIC>7D#0
MMMTT#3K1'SOH[34!$P"@!?C8J7AQI@#ZO5XP-1-/YE&VOZ^=C\H6&ASR!YAP
MS!^)]0>'X=!L(N![$&&BR#%@,!04PKJ!TM1,)`$Q%9]($7-L+@^KZX)+W*ET
MALC,I@K(!V26);(9'!68RT>Q]R<+1'PF%<^GTLGF#E-GB\:20G!N/I5C,[D$
MFR/0D5T^#L<41)9,2SDNNU7,G,EDLGP&9/3)`RBR1X%%]Q3`*LSHJFHEG4D2
M$+.%Z>(LG*;,3L=S"6)J)A,OP(>I;-$U-Y6=LR#Z/A#DH3L`7/'<[)P5TX?H
M)""\*Y^9*NCJ1%*EH!H%X,\A&W,A5T`JC<^A\`XLG.2@:R;0)4/)'+I\`FWH
M(;(*&1"?RZ30]10S>71S1#Y52,VQ>0XCE`!\/F?$'>@/^X,^OJ":I#3C)N1K
MT7JH%/++0GV9H`\6P#]@C/((B3$?XQGNE^%4PD,H?QIF`JC>$(,_V!="[6I1
MK$:GUL_S:E3(:%!5%V-C"OI""/2X&AI#M:P/BLZX0@G4K374Z;P"]88B,2J:
M0X"MJ3L$P"K:0XZ+4/N\N@:1H^C4BD*5&I$6;BXR,#0\QD]"],R_IMAX`2Z_
M8WFVL$)3+\42Y+,N:P]I,5N=E;,NNWTW906=Z(\-S[H`3^MP%E]*.(E,<'ST
M/_[2$\AQ13:_&^38V<P<"UAD?&/SX"`+$AE\7]YD/,>"^$2F6.!0X=N3<+W-
MJ%O[0F'&[1UHAQ\"/D`"$*,@`#&.`?`'@R%TD@R(40L`'P>!YP[8-<%0%&!^
M;CT$T7VY+*P!#\<Q@1`#01$2>=)XT?80\(1"`=#<+'XZZ`[OB;DC,;=OQ!WT
M,K[J>"I*5"NNKT^Q/"808=H%)+5P*%=9X-E.[2W--ROP1D;``.,>`H-[_1'W
MX&"X7R9$>MNO<SFMU[F\MNO$9`OD5M`^Q(3[(O"#0;<"4VDL5`=]FHBKTI25
M]($R^F2*R3"%&?:?<ON/\KF.1MM_**O5@>P_E)4B;10-X2@':;<8]I_52)Y]
MT]V4>^]G(GOW-)_>WK3NB=CAZ!;O^^__[K9W7GO]>\G7WABZ^K-_>2-H7Z2;
M-P^V'?MDY.)F5Y_W>:NKY>6!JP>;IC^1./_PO8$3M]^^XSZR;\OTRTU7;6HV
M[;\_\IXUL/7ABSLG=FQYVC78M.[![P?N2QUY[KD=6X^=^E!\_9UD$[BK=7_B
MG/6NGY[RK3L5&E@(1?J^ZGUQ\\Z%;UY%[]PW:SEY^)4;]YQ\B/W;[WSE[P:*
MU.`CAUL7P3'ZPI9;%N_Y\*[1BV=N^,'U^W]]\=5_H[=]>@/8\LC1^YQ?VGC[
MN9O&'W_KMPNQ%W9_]NVG=]V<&#CW!>>?CK?^=.#\;[[[L;-/_-#UHZ615[XY
MW?[NF8N;-HZ8'GUSA_MSI[L]1R9.@P<BX6OS-[^]Z[_/#[[S\S_/O3NP:;'%
M<\=X[YY_W.!9_Q\;[WOFI:-O.FX[_BERX.S$B>O67?.%-'7=U;\IVA_;^<K]
MJ?^DO_='7[W[N=]^A_[Q^3SXY_N=BX\.7=@X=<.S\SM>N,-YY$O9_W4\Z,L=
M.K;MEL3SMW[[#M\GGUR\SMMTV#)R^[];/C3[TMUO?,3Q5[$-7['V/?7M+Y[Y
MUM*)7]J.]4Y\_=X-LRT/OSSU]CMOO/C6'U(/O!K\$_;Q%S[><NW1^=L^O?16
M^_]U?.)O;KKFPY\?>>90\!>%>Y\\?N]HX<D#_^4\^]#\AL0Y?_#%(\\\]<:)
M1U.[F2VGMO_/$Z>SK>[-FU)+EWZ46&\]UK%^[X[!WM'W?O;$6/C"KR;L)S[W
MTJ$`_6<#\YN.G^D?CXP_ON-?IA;&7_B'UGO6+?TZ>]IT[MT[?VG9:6F^9_K"
MTH/?(-I/VI>^E5U<;&OI'7B`VK5E<V]J[)K14\['FA^XTS-\Z>RYL]O_VM^V
MZ:GKUXT5SRQ.NCU?ZSYR[9GU;W_^L7^Z9-^9>B28O72!2@Z]N2VUM'WH+\;_
M=;Q[\\2NSUSWT4U_'#WI[+SJ)Z]WG+TE^1KU]5,_.+]UZ];G;UJ\=./=7SS_
ML<Y???^C2S=_X\7?1:_-_?B:X_NZG]TQ_I/)G;,/4\>.-3\T=O'HSW9][?6G
M/O*+C?<?L9[<G=OR\1.>3[VW_]7O;OO[2-_P([FE"^'V'Y+$]MR;FY;`A<*!
MQ[+-ZV^X>FA#W]/KBZ/G0P>Z_.SQL\/#MLG7?SY^X/UG7[TK>'WKMN=.'SW\
M^Z;_*Z*!UVW_MZOJ?]).8_L_9;'2:`L=V?^M:/_'T/^K8_^7=S;7\UV\D<$\
MG<VB):"-H&B"=`+*V6.S]5#=BHO,VFCL>*WJ0&@HJL=B,U-.A]-"499NB(;B
M5Y)4]VX'Z,3_HW5D5Q<`.-A0;(0)1]#BK0NN=4GP!P"'`4WE06$:79J;1C8,
MKCC5C^0?Q/?+/S`1+0EV"EDD2C^C2#LF3^VMK1N^!:A`>:$!OT>$F2VBZ%QP
M38L1))!9!3ZA*N31O;KQ?"E.T^4A__)@HRN]_V>UT#:\_VLC'314!MS^'V7(
M_VKO_Z'.7O;&G(6@L7X@[3V09:H9H>HJQD%0L!A+#VGKL5%F_DX@L1B\_^=$
M^@/_?T7L_JU*09KMX9Q=EIA)0;PN%0/Y%;@;A1C#XD",@?_G#)3U["M=IAM#
MJU34!XF=EKM)@5C*ZMQ-T:"3^U.I;;SH:D<E?2/C$Q\8=$>]`TP$-&/P9GVZ
M9\5TS1HSP_(VBU=(J&&WZ^NPJF*W@A)]^72:SETZ4/\NG:SS#+-N'?-_V+^%
M-?/_)&V\_Z?=9OA_KDW_(]?W->Q_E`_[WT$:_6\D(QG)2$8RDI&,9"0C&<E(
M1C*2D8QD)",9R4A&,I*1C&0D(QG)2$8RDI&,9"0C&<E(1C*2D8QD)".5I_\'
(HNM`!0!``0``
`
end

LAMP Stack From Source | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Scruffy Beard 2 on Sunday August 07 2016, @04:44AM

    by Scruffy Beard 2 (6030) on Sunday August 07 2016, @04:44AM (#384885)

    IMO, modern computers are insecure: because of complexity like this.

    If we are going to have any chance of proving something like the LAMP stack are "correct", reproducible builds are an essential starting point.

    I think the GNU tools do a little bit of "embrace and extend". Something to be mindful of when porting to something that does not used GNU tools. I think many GNU tools support flags like "--posix", but I doubt any POSIX-compliant tools do.

    • (Score: 2) by cafebabe on Thursday August 18 2016, @03:57PM

      by cafebabe (894) on Thursday August 18 2016, @03:57PM (#389625) Journal

      We're a long way from having widespread reproducible builds. Efforts are being made to harmonize hard-coded paths and usernames merely by putting compilation in a harmonized container. That solution covers an increasing number of cases but at the expense of severe bloat and technical debt. Ignoring this, two fundamental problems remain.

      Firstly, the common implementations of common archiving utilities do not allow timestamps to be overriden. Therefore, any component in any build which differs by one second (or less) leads to an archive with a differing hash. Yes, it is possible to recurse directories and fix timestamps prior to archiving. Alternatively, individual files can be hashed. However, the former is not an obvious step and the latter is unwieldy.

      Second, to overcome untrustworthy compilers, we require more independent implementations. clang's BSD licence may lead to a rash of slightly different compilers distributed without source. This is dangerous. Furthermore, clang's less crufty implementation is, in part, because it bootstraps from other implementations and therefore some of the cruft is elsewhere rather than eliminated. So, overall, we've got 1.5 trustworthy compilers on two trustworthy kernel families. Ideally, we require a minimum of three of each. Indeed, if I remember correctly, an official report after the 1987 Internet Worm concluded that a minimum of five fully independent operating systems were required.

      Regarding GNU extensions, an ex-colleague discovered this the hard way with sockaddr_in6. I believe that the glibc implementation of this structure involves a union which allows the longer addresses to be handled as unsigned char or unsigned int. The latter is the extension which fails to work elsewhere. Why do they do that? Partly because a differing implementation has differing features. But there's also an attitude that it is alright to extend because they're the good guys.

      --
      1702845791×2

  • (Score: 2) by The Mighty Buzzard on Sunday August 07 2016, @10:51AM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday August 07 2016, @10:51AM (#384940) Homepage Journal

    You have my greatest sympathies. This isn't exactly easy to do even without the extra overhead of making it reproducible.

    --
    My rights don't end where your fear begins.

    • (Score: 2) by cafebabe on Thursday August 18 2016, @04:36PM

      by cafebabe (894) on Thursday August 18 2016, @04:36PM (#389639) Journal

      I'm not sure that the problem of reproducible builds has been properly defined. By that I mean something akin to database ACID compliance or a definitions of object orientation. Whatever it is, I think I'm solving the overlapping problem of resilient and trustworthy. So, in the case of archive files being corrupt or missing, or source code patches not being fetched or applied, there will be attempts to fallback.

      It didn't occur to me that such a system would be useful for maintaining a sane development environment for the SoylentNews fork of SlashCode. However, this is exactly the type of LAMP stack application which would benefit. On this basis, the next version will have support for varnish and other components used by SoylentNews. In the unlikely event of overwhelming demand, I'll even add support for MySQL NDB Cluster. However, that's probably a distraction for development.

      Given the timescale of visual hash ponderings [soylentnews.org], don't expect anything significant before 2017.

      --
      1702845791×2

  • (Score: 2) by https on Tuesday August 09 2016, @02:21PM

    by https (5248) on Tuesday August 09 2016, @02:21PM (#385761) Journal

    if you have bash, $(version_finder) is preferred over `version_finder`. if you have sh as in bourne shell, your computer may be so old as to be unreplaceable if something breaks.

    --
    Offended and laughing about it.