From 6d28e2220453b324e10bef8cf2146ed1dc6886b3 Mon Sep 17 00:00:00 2001 From: James Valleroy Date: Mon, 15 Feb 2016 10:36:27 -0500 Subject: [PATCH] fetch latest manual --- doc/freedombox-manual.xml | 719 ++++++++++++++++++++++--------- doc/images/cubieboard2_thumb.jpg | Bin 0 -> 6765 bytes 2 files changed, 508 insertions(+), 211 deletions(-) create mode 100644 doc/images/cubieboard2_thumb.jpg diff --git a/doc/freedombox-manual.xml b/doc/freedombox-manual.xml index c210621b2..9856c980d 100644 --- a/doc/freedombox-manual.xml +++ b/doc/freedombox-manual.xml @@ -7,7 +7,7 @@
FreedomBox Introduction - FreedomBox is a personal server that protects your privacy. It is a free software stack, a subset of the Debian universal operating system, that can be installed in many flavors of cheap and power-efficient hardware. The simplicity of setting up and operating a FreedomBox is similar to that of a smart phone. + FreedomBox is a personal server that protects your privacy. It is a free software stack, a subset of the Debian universal operating system, that can be installed in many flavors of inexpensive and power-efficient hardware. The simplicity of setting up and operating a FreedomBox is similar to that of a smart phone.
Smart Router FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by "onion routing" your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home. It can also be carried along with your laptop and used to connect to public networks at work, school, or office to avail its services. It could be used in a village to provide communications throughout the village. In future, FreedomBox intends to provide support for alternative ways of connecting to the Internet such as Mesh networks. @@ -41,22 +41,30 @@ On first boot, the FreedomBox will perform initial setup and then reboot. This may take several minutes. - After the FreedomBox has rebooted, you can access Plinth through your web browser. + After the FreedomBox has rebooted, you can access its web interface (called Plinth) through your web browser. If your computer is connected directly to the FreedomBox through a second (LAN) ethernet port, you can browse to: or . - If your computer supports mDNS (GNU/Linux, Mac OSX and Windows with mDNS software installed), you can browse to: . + If your computer supports mDNS (GNU/Linux, Mac OSX and Windows with mDNS software installed), you can browse to: (or ) If neither of these methods are available, then you will need to figure out the IP address of your FreedomBox. You can use the "nmap" program to find its IP address: nmap -p 80 --open -sV 192.168.0.0/24 + Your FreedomBox will show up as an IP address with an open tcp port 80 using Apache httpd service on Debian, such as the example below which would make it accessible at : + Nmap scan report for 192.168.0.165 + Host is up (0.00088s latency). + PORT STATE SERVICE VERSION + 80/tcp open http Apache httpd 2.4.17 ((Debian)) - When you first access Plinth, you will see a welcome page that asks you to provide some basic information for setting up your FreedomBox. + On accessing Plinth your browser will warn you that it communicates securely but that it regards the security certificate for doing so as invalid. This is a fact you need to accept because the certificate is auto generated on the box and therefore "self-signed" (the browser might also use words such as "untrusted", "not private", "privacy error" or "unknown issuer/authority"). Telling your browser that you are aware of this might involve pressing buttons such as "I understand the Risks", "proceed to ... (unsafe)" or "Add exception". + + + On the intial access you will see a welcome page that asks you to provide some basic information for setting up your FreedomBox. After completing the form, you will be logged in to Plinth and able to access apps and configuration through the interface. @@ -95,10 +103,39 @@ Release Notes The following are the release notes for each FreedomBox version.
- Version 0.7 (unreleased) + Version 0.8 (2016-02) - Translations! + Added Quassel, an IRC client that stays connected to IRC networks and can synchronize multiple frontends. + + + Improved first boot user interface. + + + Fixed Transmission RPC whitelist issue. + + + Added translations for Turkish, Chinese, and Russian. Fixed and updated translations in other languages. + + + Added Monkeysphere, which uses PGP web of trust for SSH host key verification. + + + Added Let's Encrypt, to obtain certificates for domains, so that browser certificate warnings can be avoided. + + + Added repro, a SIP server for audio and video calls. + + + Allow users to set their SSH public keys, so they can login over SSH without a password. + + +
+
+ Version 0.7 (2015-12-13) + + + Translations! Full translations of the interface in Danish, Dutch, French, German and Norwegian Bokmål, and partial Telugu. Support for OLinuXino A20 MICRO and LIME2 @@ -298,7 +335,7 @@
Download and Install - You may either use FreedomBox on one of the supported hardware, install it on a Debian machine, or deploy on a virtual machine. + Wellcome to the FreedomBox download page. You may either install FreedomBox on one of the supported inexpensive hardware, on a Linux Debian operating system, or deploy on a virtual machine. Installing on Debian is easy because FreedomBox is available as packages. On hardware, you may need a little bit of technical expertise to setup. What we are requiring is to buy a device and plug in an SD card. In case of trouble, please read and interact with the Questions and Answers page based on Freedombox-discuss mailing list archives.
Downloading on Debian If you are installing on Debian, you don't need to download these images. Instead read instructions on setting up FreedomBox on Debian. @@ -336,7 +373,7 @@ sub 4096R/4C1D4B57 2011-11-12 Finally, verify your downloaded image with its signature file .sig. For example: - $ gpg --verify freedombox-unstable_2015-01-15_beaglebone-armhf-card.tar.bz2.sig freedombox-unstable_2015-01-15_beaglebone-armhf-card.tar.bz2 + $ gpg --verify freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz.sig freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz gpg: Signature made Thursday 15 January 2015 09:27:50 AM IST using RSA key ID 0C9BC971 gpg: Good signature from "Sunil Mohan Adapa <sunil@medhas.org>" gpg: WARNING: This key is not certified with a trusted signature! @@ -388,15 +425,14 @@ Primary key fingerprint: BCBE BD57 A11F 70B2 3782 BC57 36C3 6144 0C9B C971 Decompress the downloaded image using tar: - $ tar -xjvf freedombox-unstable_2015-08-06_beaglebone-armhf-card.tar.bz2 - The above command is an example for the beaglebone image built on 2015-08-06. Your downloaded file name will be different. + $ xz -d freedombox-unstable-free_2015-12-13_cubietruck-armhf.img.xz + The above command is an example for the cubietruck image built on 2015-12-13. Your downloaded file name will be different. Copy the image to your card. Double check and make sure you don't write to your computer's main storage (such as /dev/sda). Also make sure that you don't run this step as root to avoid potentially overriding data on your hard drive due to a mistake in identifying the device or errors while typing the command. USB disks and SD cards inserted into the system should typically be write accessible to normal users. If you don't have permission to write to your SD card as a user, you may need to run this command as root. In this case triple check everything before you run the command. Another safety precaution is to unplug all external disks except the SD card before running the command. For example, if your SD card is /dev/sdf as noted in the first step above, then to copy the image, run: - $ cd build -$ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/sdf conv=fdatasync - The above command is an example for the beaglebone image built on 2015-08-06. Your image file name will be different. + $ dd bs=1M if=freedombox-unstable-free_2015-12-13_cubietruck-armhf.img of=/dev/sdf conv=fdatasync + The above command is an example for the cubietruck image built on 2015-12-13. Your image file name will be different. When picking a device, use the drive-letter destination, like /dev/sdf, not a numbered destination, like /dev/sdf1. The device without a number refers to the entire device, while the device with a number refers to a specific partition. We want to use the whole device. Downloaded images contain complete information about how many partitions there should be, their sizes and types. You don't have to format your SD card or create partitions. All the data on the SD card will be wiped off during the write process. @@ -414,6 +450,10 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s Apps
Anonymity Network (Tor) +
+ What is Tor? + Tor is a network of server operated by volunteers. It allows users of these servers to improve their privacy and security while surfing on the Internet. You and your friends are able to access to your FreedomBox via Tor network without revealing its IP address. Activating Tor application on your FreedomBox, you will be able to offer remote services (chat, wiki, file sharing, etc...) without showing your location. This application will give you a better protection than a public web server because you will be less exposed to intrusive people on the web. +
Using Tor to browse anonymously Tor Browser is the recommended way to browse the web using Tor. You can download the Tor Browser from and follow the instructions on that site to install and run it. @@ -430,11 +470,36 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s FreedomBox provides a Tor SOCKS port that other applications can connect to, in order to route their traffic over the Tor network. This port is accessible on any interfaces configured in the internal firewall zone. To configure the application, set SOCKS Host to the internal network connection's IP address, and set the SOCKS Port to 9050.
+
+ Deluge +
+ What is Deluge? + Your FreedomBox provides a Deluge application to enable. Deluge is a lightweight Bit Torrent client. Bit Torrent is a communications protocol using peer-to-peer (P2P) file sharing. P2P is a system that aims to interconnect end-user machines. Highly configurable, Deluge offers functionalities in the form of plugins. +
+
+
+ Transmission +
+ What is Transmission ? + In addition to Deluge Bit Torrent, your FreedomBox provides a Transmission application to enable. Transmission is a lightweight Bit Torrent client allowing end-user machine to share files (documents, pictures, sounds, videos and programs). Transmission is well known for its simplicity and a default configuration that "Just Works". +
+
+
+ Shaarli +
+ What is Shaarli? + Shaarli is personal (single-user) bookmarking application to install on your FreedomBox. It can also be used for micro-blogging, pastebin, online notepad and snippet archive. Shaarli is designed as a no-database delicious clone. As such, it provides very fast services, easy backup and import/export links as desktop or mobile browser bookmarks. Links stored can be public or private. Shaarli delivers ATOM and RSS feeds from its minimalist interface. +
+
Chat Server (XMPP) +
+ What is XMPP? + XMPP is a federated protocol for Instant Messaging. This means that users who have accounts on one server, can talk to users that are on another server. +
Setting the Domain Name - XMPP is a federated protocol for Instant Messaging. This means that users who have accounts on one server, can talk to users that are on another server. However, for this to work, your FreedomBox needs to have a Domain Name that can be accessed over the public Internet. You can read more about obtaining a Domain Name in the Dynamic DNS section of this manual. + For XMPP to work, your FreedomBox needs to have a Domain Name that can be accessed over the public Internet. You can read more about obtaining a Domain Name in the Dynamic DNS section of this manual. Once you have a Domain Name, you can tell your FreedomBox to use it by setting the Domain Name in the System Config. Please note that Pagekite does not support the XMPP protocol at this time.
@@ -445,9 +510,12 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s
Dynamic DNS - In order reach a server on the Internet, the server needs to have permanent address also know as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server. - Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server. - For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on FreedomBox, such as ownCloud, to the Internet. +
+ What is Dynamic DNS? + In order to reach a server on the Internet, the server needs to have permanent address also know as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server. + Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server. + For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on FreedomBox, such as ownCloud, to the Internet. +
GnuDIP vs. Update URL There are two main mechanism to notify the Dynamic DNS server of your new IP address; using the GnuDIP protocol and using the Update URL mechanism. @@ -510,51 +578,73 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s
+
+ Roundcube +
+ What is Roundcube? + RoundCube is a browser-based multilingual email client with an application-like user interface. RoundCube is using the Internet Message Access Protocol (IMAP) to access e-mail on a remote mail server. It supports MIME to send files, and provides particularly address book, folder management, message searching and spell checking. +
+
+
+ ownCloud +
+ What is ownCloud? + ownCloud is a self-hosted file sync and share server. It provides access to your data through a platform to view, sync and share across devices. Calendars and Contacts feature will help you keeping google at a nice distance. ownCloud's functionalities are native or available via plugins (Collaborative Editing, Play Music, Watch Movies, Store Passwords, Dashboard, Mozilla Sync...) via +
+
+ Installation + Clicking on the ownCloud application in Plinth will show an installation prompt. Proceed to install. After the installation, visit the /owncloud link provided in the ownCloud page. First time installation wizard will show up asking for administrator username and password to setup (no additional details such as database configuration are requested). After providing the details, you will be logged. You will be able to start using the ownCloud and create more users. +
+ External Storage + ownCloud's external storage plugin allows you to expose the contents of a hard drive or those of an online storage account as a folder. Following are the steps required to setup such storage. + + + Mount your hard drive or external storage to any fixed directory on the system. + + + Install two packages needed via the 'apt-get' on the SSH command line shell (this step will not be needed in future): + + + $ sudo apt-get install php-google-api-php-client php-dropbox + + + + + Goto ownCloud Apps section and enable 'External Storage Support' plugin. + + + Goto 'Admin' section and add your hard drive mount path in the external storage section. This folder will now show up in your folders list to access and sync across devices. + + +
+
+
PageKite - PageKite is free Software solution for tunneling HTTP, HTTPS and SSH servers through firewalls and NAT. - See PageKite website. +
+ What is PageKite? + PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. PageKite provides "Kites" and "Services". Kites aims to make accessible in a second a web page (for instance foo.pagekite.me). Services can expose a file or a folder. Technically speaking, PageKite is free Software solution for tunneling HTTP, HTTPS and SSH servers through firewalls and NAT. +
+
+ Use PageKite + See PageKite website. +
Secure Shell - FreedomBox runs openssh-server server by default allowing remote logins from all interfaces. If your hardware device is connected to a monitor and a keyboard, you may login directly as well. Regular operation of FreedomBox does not require you to use the shell. However, some tasks or identifying a problem may require you to login to a shell. +
+ What is Secure Shell? + FreedomBox runs openssh-server server by default allowing remote logins from all interfaces. If your hardware device is connected to a monitor and a keyboard, you may login directly as well. Regular operation of FreedomBox does not require you to use the shell. However, some tasks or identifying a problem may require you to login to a shell. +
Default User Account - FreedomBox is bundled with a preset user account. This user also has superuser privileges via sudo. The default credentials are: - - - - - - - - - Username - - - - - Password - - - - - - fbx - - - frdm - - - - - - - - Change the password - - Soon after you get your FreedomBox working, you must change the default password for the fbx user. If you fail to do this, since the password is public knowledge, anyone will be able to take control of your device. - + The pre-built FreedomBox images have a default user account called "fbx". However the password is not set for this account, so it will not be possible to log in with this account by default. + There is a script included in the freedom-maker program, that will allow you to set the password for this account, if it is needed. To set a password for the "fbx" user: + 1. Decompress the image file. + 2. Get a copy of freedom-maker from . + 3. Run sudo ./bin/passwd-in-image <image-file> fbx. + 4. Copy the image file to SD card and boot device as normal. + The "fbx" user also has superuser privileges via sudo.
Logging In @@ -582,8 +672,26 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s This will ask you for your current password before giving you the opportunity to set a new one.
+
+ Mumble +
+ What is Mumble? + Mumble is a voice chat software. Primarily intended for use while gaming, it is suitable for simple talking with high audio quality, noise suppression, encrypted communication, public/private-key authentication by default, and "wizards" to configure your microphone for instance. A user can be marked as a "priority speaker" within a channel. +
+
+
+ Privoxy +
+ What is Privoxy? + Privoxy is a software for security, privacy, and accurate control over the web. It provides a much more powerful web proxy (anonymity on the web) than what your browser can offer. Privoxy "is a proxy that is primarily focused on privacy enhancement, ad and junk elimination and freeing the user from restrictions placed on his activities" (source: Privoxy FAQ). Learning about networking protocols like HTTP, about HTML, and "Regular Expressions" can help a lot using Privoxy. +
+
Wiki & Blog (Ikiwiki) +
+ What is Ikiwiki? + Ikiwiki converts wiki pages into HTML pages suitable for publishing on a website. It provides particularly blogging, podcasting, calendars and a large selection of plugins. +
Creating a wiki or blog You can create a wiki or blog to be hosted on your FreedomBox through the Wiki & Blog (Ikiwiki) page in Plinth. The first time you visit this page, it will ask to install packages required by Ikiwiki. @@ -602,24 +710,27 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s
- Unhosted - From : - - Also known as "serverless", "client-side", or "static" web apps, unhosted web apps do not send your user data to their server. Either you connect your own server at runtime, or your data stays within the browser. - - Note: This module is not yet part of mainline FreedomBox, but available for testing via . + Unhosted Storage
- Set up remoteStorage - Your FreedomBox contains the restore remoteStorage server, which means that it can serve as your personal backend for Unhosted apps. Make sure the package is installed in your Plinth. - Then create a remoteStorage account at https://<yourdomain>/restore/. - Warning: These user accounts are currently not integrated with Plinth user management, and public sign-up is enabled! + What is Unhosted? + Unhosted is a way to uncouple web applications from data. No matter where a web application is served from, the data can be stored on an Unhosted storage server of user's choice. Unhosted web apps do not send your user data to their server and are hence known as "serverless", "client-side", or "static" web apps. Either you connect your own server at runtime, or your data stays within the browser. Your FreedomBox can become your Unhosted storage server using a remoteStorage server know as reStore. + + This module is currently disabled in FreedomBox as the package required for reStore server is not available in Debian yet. The package is available for testing via + +
+
+ Setup + Your FreedomBox contains a remoteStorage server called reStore, that can serve as your personal storage server for Unhosted web apps. To setup reStore, simply install and enable in FreedomBox web UI. After the setup, create an account by visiting the link provided on the Unhosted app page https://<yourdomain>/restore/. + + User accounts are currently not integrated with Plinth user management, and public sign-up is enabled! +
Try Unhosted apps - Once your FreedomBox is set up, and both PageKite and remoteStorage are running, try one of the following Unhosted apps (more are listed at ): + Once Unhosted is setup on FreedomBox and when FreedomBox is accessible by a domain name (such by using PageKite, Dynamic DNS or Tor Hidden Service), try one of the following Unhosted web apps (more are listed at ): - (a notepad) + (a note taking application) (list your favorite drinks) @@ -628,7 +739,7 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s (a simple todo list) - To connect the Unhosted app to your remoteStorage, click on the remoteStorage icon and type your address <user>@<yourdomain>, e.g.: + To connect the Unhosted app to your FreedomBox's Unhosted storage, click on the remoteStorage icon and type your address <user>@<yourdomain>, e.g.: @@ -639,8 +750,40 @@ $ dd bs=1M if=freedombox-unstable_2015-08-06_beaglebone-armhf-card.img of=/dev/s - If this doesn't work, make sure that both PageKite and remoteStorage are running, and that your FreedomBox SSL certificate is trusted in your current browser session (important when using private browsing). - Finish the OAuth flow by authenticating with your password and authorizing access, then you should get redirected back to the Unhosted app, and you should be able to use it. All data of the Unhosted app is stored on your FreedomBox. + If this doesn't work, make sure that + + + FreedomBox has a domain name using PageKite, Dynamic DNS or Tor Hidden Service. + + + The reStore server is running. + + + You have created the account specified in the reStore server. + + + Your FreedomBox SSL certificate is trusted in your current browser session (important when using private browsing). + + + Finish the OAuth flow by authenticating with your password and authorizing access, then you should get redirected back to the Unhosted app, and be able to use it. All data of the Unhosted web app is now stored on your FreedomBox. +
+
+
+ OpenVPN +
+ What is OpenVPN? + OpenVPN provides to your FreedomBox a virtual private network service. You can use this software for remote access, site-to-site VPNs and Wi-Fi security. OpenVPN includes support for dynamic IP addresses and NAT. +
+
+
+ GnuSocial +
+ What is GNU social? + GNU social is a continuation of the StatusNet project. It is social communication software for both public and private communications. It is widely supported and has a large userbase. It is already used by the Free Software Foundation, and Richard Stallman himself. Think of GNU Social as twitter and beyond. +
+
+ Status of package + GNU Social is still getting packaged for debian and will be available soon for everyone to use. check the progress by tracking the bug #782812.
@@ -746,6 +889,7 @@ nmcli con modify "<connection_name>" connection.zone internal Manual Upgrades In the Plinth web interface, you can initiate a manual upgrade process from Upgrades page of the Settings section. Note that once the upgrades start, it may take a long time to complete and Plinth may seem to wait for the page to load. Under some circumstances, automatic upgrades may fail and require you perform a manual upgrade action. Even upgrades initiated from Plinth may not finish properly. This may be because the upgrade process requires you to make a decision. In these cases, manual upgrade on the terminal may be the only option. + In addition, while the upgrade task is running any application installations will wait until the upgrade task is finished. Depending on the hardware, the upgrade task may take a little time, therefore, giving the impression that the application installation stalled. To perform manual upgrades on the terminal, login into FreedomBox on a terminal or using a remote secure shell (see Secure Shell section). Then run the following commands: $ sudo su - Password: @@ -2192,9 +2336,9 @@ firewall-cmd --permanent --zone=internal --remove-service=xmpp-bosh firewall-cmd --zone=internal --remove-port=<port>/<protocol> firewall-cmd --permanent --zone=internal --remove-port=<port>/<protocol> Example: - firewall-cmd --zone=internal --remove-service=5353/udp + firewall-cmd --zone=internal --remove-port=5353/udp firewall-cmd --permanent --zone=internal --remove-port=5353/udp - To add a port to a zone: + To add a service to a zone: firewall-cmd --zone=<zone> --add-service=<service> firewall-cmd --permanent --zone=<zone> --add-service=<interface> Example: @@ -2204,7 +2348,7 @@ firewall-cmd --permanent --zone=internal --add-service=xmpp-bosh firewall-cmd --zone=internal --add-port=<port>/<protocol> firewall-cmd --permanent --zone=internal --add-port=<port>/<protocol> Example: - firewall-cmd --zone=internal --add-service=5353/udp + firewall-cmd --zone=internal --add-port=5353/udp firewall-cmd --permanent --zone=internal --add-port=5353/udp
@@ -2220,10 +2364,10 @@ firewall-cmd --permanent --zone=<zone> --remove-interface=<interface> firewall-cmd --permanent --zone=external --remove-interface=eth0 To add an interface to a zone: firewall-cmd --zone=<zone> --add-interface=<interface> -firewall-cmd --permanent --zone=<zone> --remove-interface=<interface> +firewall-cmd --permanent --zone=<zone> --add-interface=<interface> Example: firewall-cmd --zone=internal --add-interface=eth0 -firewall-cmd --permanent --zone=internal --remove-interface=eth0 +firewall-cmd --permanent --zone=internal --add-interface=eth0
@@ -2263,6 +2407,23 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0 (based on Cubietruck) + + + + + + + + + Cubieboard 2 + + + + + + Cubieboard2 + + @@ -2280,6 +2441,8 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0 BeagleBone Black + + @@ -3076,27 +3239,27 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0 First and the recommended option is to use the Bridge type of network. This option exposes the guest machine to the same network that host network is connected to. The guest obtains network configuration information from a router or DHCP server on the network. The guest will appear as just another machine in the network. A major advantage of this of setup is that the host and all other machines in the network will be able to access the services provided by guest without requiring any further setup. The only drawback of this approach is that if the host is not connected to any network, the guest's network will remain unconfigured making it inaccessible even from the host. - Second method is Host only type of networking. With a guest's network interface configured in this manner, it will only be accessible from the host machine. The guest will not able access any other machine but the host. It, however, does not require that the host machine be connected to a network. All services all accessible from the host machine without any special configuration such as port forwarding. + Second method is Host only type of networking. With a guest's network interface configured in this manner, it will only be accessible from the host machine. The guest will not able access any other machine but the host, so you do not have internet access on the guest. All services on the guest are available to the host machine without any configuration such as port forwarding. - The final option is to use the NAT type of network. This the networking type that VirtualBox assigns to a freshly created virtual machine. This option works even when host is not connected to any network. The guest is automatically configured and is able to access the Internet and local networks that host is able to connect to. However, the services provided by the guest require port forwarding configuration setup to be available outside. + The third option is to use the NAT type of network. This the networking type that VirtualBox assigns to a freshly created virtual machine. This option works even when host is not connected to any network. The guest is automatically configured and is able to access the Internet and local networks that host is able to connect to. However, the services provided by the guest require port forwarding configuration setup to be available outside. To configure this go to VM settings -> [Network] -> [Adapter] -> [Port Forwarding]. Map a port such as 2222 from host to guest port 22 and you will be able to ssh into FreedomBox from host machine as follows: - - - ssh -p 2222 fbx@localhost - - + ssh -p 2222 fbx@localhost Map 4443 on host to 443 on the guest. This make FreedomBox HTTPS service available on host using the URL You will need to add a mapping for each such services from host to guest. - + + The final option is to create two network interfaces, one host only and one NAT type. This way you can access the guest without any additional configuration, and you have internet access on the guest. The guest will be invisible to any other machines on the network. + + Summary of various network types: - + + @@ -3122,11 +3285,16 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0 Works without host connected to network + + + Guest has internet access + + - Bridged Adapter + Bridged @@ -3177,6 +3345,18 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0 + + + + + + + + (./) + + + + @@ -3232,6 +3412,18 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0 + + + + + + + + {X} + + + + @@ -3287,6 +3479,85 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0 + + + + + + + + (./) + + + + + + + + + NAT and Host + + + + + + + + + + {X} + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + + + + + + + + + (./) + + + + @@ -3294,13 +3565,7 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0
Using - You can log in as the following user: - - - Username: fbx - Password: frdm - - + You can log in as the user created during Plinth setup. After logging in, you can become root with the command sudo su. See the FreedomBox usage page for more details.
@@ -3309,6 +3574,12 @@ firewall-cmd --permanent --zone=internal --remove-interface=eth0
Tips & Troubleshooting +
+ Finding out the IP address of the virtual machine + This depends on the network configuration you chose. With a bridged adapter, your virtual machine gets its IP address from the DHCP server of your network, most likely of your Router. You can try the first couple of IP addresses or check your router web interface for a list of connected devices. + If you chose host-only adapter, the IP address is assigned by the DHCP server of your VirtualBox network. In the VirtualBox Manager, go to File -> Preferences -> Network -> Host-only Networks. You can see and edit the DHCP address range there, typically you get assigned addresses close to the Lower Address Bound. + Another possibility of finding the IP address is to login via the Virtualbox Manager (or similar software). The FreedomBox images do not have any default user accounts, so you need to set an initial user and password using the passwd-in-image script. +
Networking Problems with macchanger The package macchanger can cause network problems with VirtualBox. If you have a valid IP address on your guest's host network adapter (like 192.168.56.101) but are not able to ping or access the host (like 192.168.56.1), try uninstalling macchanger: @@ -3342,6 +3613,10 @@ $ sudo umount /tmp/vbox-root1 Use a fresh Debian installation Installing FreedomBox changes your Debian system in many important ways. This includes installing a firewall and regenerating server certificates. It is hence recommended that you install FreedomBox on a fresh Debian installation instead of an existing setup. + + use "fbx" as the login name + + If you choose to create an initial user account, use "fbx" as the login name. (Once the FreedomBox setup program completes, all user accounts except for the "fbx" account will be locked out via pam_access. This also affects sudo access.)
Installing on Debian @@ -3351,11 +3626,6 @@ $ sudo umount /tmp/vbox-root1 Install Debian Testing (Stretch) or Unstable (Sid) on your hardware. - - - If you choose to create an initial user account, use "fbx" as the login name. (Once the FreedomBox setup program completes, all user accounts except for the "fbx" account will be locked out via pam_access. This also affects sudo access.) - - Update your package list. @@ -3364,6 +3634,11 @@ $ sudo umount /tmp/vbox-root1 Install freedombox-setup package. $ sudo apt-get install freedombox-setup + + + When asked to specify whether Macchanger should be set up to run automatically, please choose "No". + + Run FreedomBox setup program. This installs further packages and sets up basic configuration. @@ -3734,117 +4009,136 @@ wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw<
Contributing From code, design and translation to spreading the world and donation, here is a list of possible contributions to develop FreedomBox. +
+ Quick Links + + Progess calls + + + TODO page + + + Donation page + +
Welcome to newcomers - As a newcomer, you are more than welcome to introduce yourself to all users and doers on the "FreedomBox-discuss" mailing list or on the #freedombox IRC channel. - In addition to make useful contacts, you can start reporting bugs and translate (see below) the wiki website and the FreedomBox web interface. + As a newcomer, you are more than welcome to introduce yourself to all users and doers on the "FreedomBox-discuss" mailing list or on the #freedombox IRC channel. In addition to make useful contacts, you can start reporting bugs and translate (see below) the wiki website and the FreedomBox web interface.
Development priorities - Upcoming priorities have been discussed end of October 2015 by several core developers and the Freedombox Foundation. You'll find on the mailing list archives a Medium Term Roadmap for 2015 and 2016. Please check next progess calls to keep yourself on track and meet members of the release team. A TODO page aggregates the complete list of the items to work on for FreedomBox. + Upcoming priorities have been discussed end of October 2015 by several core developers and the Freedombox Foundation. You'll find on the mailing list archives a Medium Term Roadmap for 2015 and 2016. We want to enjoy soon a version 1.0. We are targeting mid January for a 0.8 release. The main focus of the 0.8 release is going to be integrated in the PGP based SSL Client authentication work. We are planning on a 0.9 polish release for late February with general usability improvements. + Please check next progess calls to keep yourself on track and meet members of the release team. A TODO page aggregates the complete list of the items to work on for FreedomBox.
- Add an Application - If you are a developer and wish to see an application available in FreedomBox, you can contribute by adding the application to FreedomBox. See the FreedomBox Developer Manual. -
-
- Code - If you are a developer, you can contribute code to one of the sub-projects of FreedomBox. Step-by-step process of contributing code to FreedomBox is available. - - - FreedomBox Setup: a Debian package for setting up the FreedomBox. - - - Plinth: a web interface to administer the functions of FreedomBox. - - - Freedom Maker: a script to build FreedomBox disk images for use on various hardware devices or virtual machines. - - - You can pickup a task from one of the TODO lists. The individual page project pages contain information availabily of the code, how to build and TODO lists. -
-
- Design + Contributions needed
- User Experience Design - If you are a user experience designer, you can help FreedomBox with the following items: - - - UI experience for the Plinth web interface - - - Web design for freedomboxfoundation.org and FreedomBox wiki pages - - - Logo and branding (we currently have an identity manual and logos) - - - Possible designs for custom FreedomBox cases on single board computers - - - - User experience design - - - + Add an Application + If you are a developer and wish to see an application available in FreedomBox, you can contribute by adding the application to FreedomBox. See the FreedomBox Developer Manual.
- Technical Design - FreedomBox is still under development any many components are yet to be worked on. You can contribute to the discussion on various technical design and implementation aspects of FreedomBox. See: + Bugs + List of bugs listed on Debian universal system. +
+
+ Code + If you are a developer, you can contribute code to one of the sub-projects of FreedomBox. Step-by-step process of contributing code to FreedomBox is available. - - Design portal - + FreedomBox Setup: a Debian package for setting up the FreedomBox. + + + Plinth: a web interface to administer the functions of FreedomBox. + + + Freedom Maker: a script to build FreedomBox disk images for use on various hardware devices or virtual machines. + You can pickup a task from one of the TODO lists. The individual page project pages contain information availabily of the code, how to build and TODO lists. +
+
+ Design +
+ User Experience Design + If you are a user experience designer, you can help FreedomBox with the following items: + + + UI experience for the Plinth web interface + + + Web design for freedomboxfoundation.org and FreedomBox wiki pages + + + Logo and branding (we currently have an identity manual and logos) + + + Possible designs for custom FreedomBox cases on single board computers + + + + User experience design + + + +
+
+ Technical Design + FreedomBox is still under development any many components are yet to be worked on. You can contribute to the discussion on various technical design and implementation aspects of FreedomBox. See: + + + + Design portal + + + +
+
+
+ Donate + The FreedomBox Foundation is a Delaware non-profit corporation in the process of applying for 501(c)(3) federal nonprofit recognition from the IRS. FreedomBox project is run by volunteers. You can help the project financially by donating via PayPal, Bitcoin or by mailing a check. Please see the donation page for details on how to donate. +
+
+ Document: User Manual, Website and Wiki + FreedomBox needs better documentation for users and contributors. FreedomBox manual is prepared by aggregating various pages on the wiki and exporting to various formats. The manual is then used in Plinth and elsewhere. + If you wish to contribute to the FreedomBox wiki (and consequently the FreedomBox manual), you can create a wiki account and start editing. + For contributing to the website please start a discussion on the FreedomBox mailing list. +
+
+ Quality Assurance + + + FreedomBox already runs on many platforms and it is not possible for developers to test all possible platforms. If you have one of the supported hardware you can help with testing FreedomBox on the platform. + + + When an application is made available on FreedomBox, not all of its functionality is tested in the real world by developer doing the work. Deploying the application and testing it will help ensure high quality applications in FreedomBox. + + + See the quality assurance page for a basic list of test cases to check for and information on reporting bugs. +
+
+ Localization + All text visible to users of FreedomBox needs to be localized to various languages. This translation work includes: + + + Plinth web interface for FreedomBox + + + FreedomBox documentation + + + FreedomBox website and wiki + + + Individual applications that FreedomBox exposes to users such as ownCloud, JWChat etc. + + + Some of the translation work are implemented in user interface (Plinth) since the 0.7 release. Documents for user interface translation are currently available on Transifex localization platform and GitHub. If you wish to see FreedomBox available for one of your languages, please start a discussion on the FreedomBox discuss mailing list or on the #freedombox IRC channel to avoid double translations. + For more information, please visit the FreedomBox translation landing page. +
+
+ Spread the Word + Speak to your family, friends, local community or at global conferences about the importance of FreedomBox. To be a successful project we need many more participants, be it users or contributors. Write about your efforts at the talks page and on the wiki.
-
-
- Donate - The FreedomBox Foundation is a Delaware non-profit corporation in the process of applying for 501(c)(3) federal nonprofit recognition from the IRS. FreedomBox project is run by volunteers. You can help the project financially by donating via PayPal, Bitcoin or by mailing a check. Please see the donation page for details on how to donate. -
-
- Document: User Manual, Website and Wiki - FreedomBox needs better documentation for users and contributors. FreedomBox manual is prepared by aggregating various pages on the wiki and exporting to various formats. The manual is then used in Plinth and elsewhere. - If you wish to contribute to the FreedomBox wiki (and consequently the FreedomBox manual), you can create a wiki account and start editing. - For contributing to the website please start a discussion on the FreedomBox mailing list. -
-
- Quality Assurance - - - FreedomBox already runs on many platforms and it is not possible for developers to test all possible platforms. If you have one of the supported hardware you can help with testing FreedomBox on the platform. - - - When an application is made available on FreedomBox, not all of its functionality is tested in the real world by developer doing the work. Deploying the application and testing it will help ensure high quality applications in FreedomBox. - - - See the quality assurance page for a basic list of test cases to check for and information on reporting bugs. -
-
- Localization - All text visible to users of FreedomBox needs to be localized to various languages. This translation work includes: - - - Plinth web interface for FreedomBox - - - FreedomBox documentation - - - FreedomBox website and wiki - - - Individual applications that FreedomBox exposes to users such as ownCloud, JWChat etc. - - - Some of the translation work are implemented in user interface (Plinth) since the 0.7 release. Documents for user interface translation are currently available on Transifex localization platform and GitHub. If you wish to see FreedomBox available for one of your languages, please start a discussion on the FreedomBox discuss mailing list or on the #freedombox IRC channel to avoid double translations. - For more information, please visit the FreedomBox translation landing page. -
-
- Spread the Word - Speak to your family, friends, local community or at global conferences about the importance of FreedomBox. To be a successful project we need many more participants, be it users or contributors. Write about your efforts at the talks page and on the wiki.
@@ -3879,7 +4173,7 @@ wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw<
Packaging the application Majority of the effort in creating an application for FreedomBox is to package it for Debian and get it uploaded to Debian repositories. Going through the process of packaging itself is outside the scope of this tutorial. It is, however, well documented elsewhere. You should start here. - Debian packaging might seem like an unnecessary process that takes time with its adherence to standards, review process, legal checks, etc. However, upon close examination, one will find that without these steps the goals of the FreedomBox project cannot be met without such a process. Some of the advantages of Debian packaging are listed below: + Debian packaging might seem like an unnecessary process that takes time with its adherence to standards, review process, legal checks, etc. However, upon close examination, one will find that without these steps the goals of the FreedomBox project cannot be met. Some of the advantages of Debian packaging are listed below: Legal check ensures that proprietary licensed code or code with bad licenses does not inadvertently creep in. @@ -3947,12 +4241,13 @@ wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw<
Writing the URLs For a user to visit our application in Plinth, we need to provide a URL. When the user visits this URL, a view is executed and a page is displayed. In urls.py write the following: - from django.conf.urls import patterns, url + from django.conf.urls import url -urlpatterns = patterns( - 'plinth.modules.ttrss.views', - url(r'^apps/ttrss/$', 'index', name='index'), - ) +from . import views + +urlpatterns = [ + url(r'^apps/ttrss/$', views.index, name='index'), +] This routes the /apps/ttrss/ URL to a view called index defined in plinth/modules/ttrss/views.py. This is no different than how routing URLs are written in Django. See Django URL dispatcher for more information.
@@ -4105,9 +4400,9 @@ def _apply_changes(request, old_status, new_status): modified = True if modified: - messages.success(request, _('Configuration updated')) + messages.success(request, 'Configuration updated') else: - messages.info(request, _('Setting unchanged')) + messages.info(request, 'Setting unchanged') We check to make sure that we don't try to disable the application when it is already disabled or try to enable the application when it is already enabled. Although Plinth's operations are idempotent, meaning that running them twice will not be problematic, we still wish avoid unnecessary operations for the sake of speed. We are actually perform the operation using Plinth actions. We will implement the action to be performed a bit later. After we perform the operation, we will show a message on the response page showing that the action was successful or that nothing happened. We use the Django messaging framework to accomplish this. See Django messaging framework for more information. @@ -4246,16 +4541,8 @@ def example_method():
Internationalization - Every string message that is visible to the user must localized to user's native language. For this to happen, our application needs to be internationalized. This requires marking the user visible messages for translation. Plinth applications use the gettext library to make that happen. - from gettext import gettext as _ - -def init(): - """Intialize the module.""" - menu = cfg.main_menu.get('apps:index') - menu.add_urlname(_('News Feed Reader (Tiny Tiny RSS)'), 'glyphicon-envelope', - 'ttrss:index', 600) - Notice that the menu item's display name is wrapped in the _() method call. Let us do that for the title of the application page too. - from gettext import gettext as _ + Every string message that is visible to the user must be localized to user's native language. For this to happen, our application needs to be internationalized. This requires marking the user visible messages for translation. Plinth applications use the Django's localization methods to make that happen. + from django.utils.translation import ugettext as _ def index(request): ... @@ -4263,6 +4550,16 @@ def index(request): {'title': _('News Feed Reader (Tiny Tiny RSS)'), 'status': status, 'form': form}) + Notice that the page's title is wrapped in the _() method call. Let us do that for the menu item of the application too. + from django.utils.translation import ugettext_lazy as _ + +def init(): + """Intialize the module.""" + menu = cfg.main_menu.get('apps:index') + menu.add_urlname(_('News Feed Reader (Tiny Tiny RSS)'), 'glyphicon-envelope', + 'ttrss:index', 600) + Notice that in this case, we have used the ugettext_lazy and in the first case we have used the regular ugettext. This is because in the second case the gettext lookup is made once and reused for every user looking at the interface. These users may each have a different language set for their interface. Lookup made for one language should not be used for other users. The _lazy method provided by Django makes sure that the return value is an object that will actually be converted to string at the final moment when the string is being displayed. In the first case, the looked is made and string is returned immediately. + All of this is the usual way internationalization is done in Django. See Django internationalization and localization documentation for more information.
Coding standards diff --git a/doc/images/cubieboard2_thumb.jpg b/doc/images/cubieboard2_thumb.jpg new file mode 100644 index 0000000000000000000000000000000000000000..5f9eab185f107c91cf00a7bfcc2c8264aeda42f8 GIT binary patch literal 6765 zcmb7obyQSq+xMOsQfh_<1sS?y5F`YK?(TFLNH#~Vo}Ps=+71q<%#~VaIUufNTH;No=Sav zf_n3`vuOxc38EY+uy8P$bI*QNnF0|X?@Q_3*%qZwa7JNuIe8d~V`@TKil}2AJqOcL z@Q)PVaeNZICfyc$fGLMuxxn|9x-7H0t{$~AX`YzMmV}i;^C`xmJQv)2l6umcDKb7; zrVvM5rqJt|;JHovwMLVf-QQ>nI7#bMAO?hDmttdEQ~s6LX`urxY&q<8Mh0)#7&Gfa zRyH~G!ge|P>l#EqDK=iNnk zJG9lfxf?uG^YINHRaF82u4DWVD!v7Uuafz~W~5Gct8ZF`A(N_g>F=*gki+`kL`@}= z2Ku}vn)#cpQ{1+B9aati__ruvAw$SmgpjS5x6&tvz&6f5asb@KnoZ0`DOK-XeR`kI zD&!w2fKNP@!W+7^^FKV+18K#?chnce?@ji-vZ-J2}blSbe}rkj~Y&RvnNCltVc4^*IKX@OSpb zHPjC6t4p&tLo{>tpW<0W7&Nq|neGK~FncJ)EqovBof2ia-_~2@F}F+`Y4kgxEkBBu zjHs#wy{lnq`53|zwCYB5@?@>4mBl#5yK=FEe;s-!{n2*B(&&9Us5V6}eH=M|b4+LF zN7A~>ykjk!j9b&cau=)6UvwucbuC)Xeu#b0Sar?O7y7_N%KQbbI4u@eTiezB7q1&( z@1mL0Ly9}{rnrUa@8@RO>F4|svv(veGU~q?#2Slohqc@QmR8TISzi&lFCO8uHAz|k zVK&w@wzCUMKH-%RenES93^E`};J}&BmJ-ahTi0f1ZH}gB=UQ}HNov;nbxZyr0`&tr z0{>QY?DhfAC+so2CTI?$7!r(H^E@J3cbaiR)X0~c{Hmd%>Zq72Z_Ny8B@mB}EhrE4 z{P>xwxN$N6;`h4=l57mfeko>*-xj={ z&DvR8UgW|=w_w86J%4eFnOH!6Ads9cZk)OS-mdL$-dX*AnsHY$RMik|n(u~D+7N+> z7E~v+wDmW6j23Z}`uw;^D61-Q{G>PiisBK6ou(u%`u)H>T6CP>q)ve8$K0NSeSP{D z%Eu4YJl>TS3H``umQdD3F-=s3HNR0=c4y*^^)(VfCI+=ZH z1B?_O%_|7~&}1w(G3XL6FW{Y6|D}HXLfc$v49VCbdtiD4kYV9|8-~rK`2QY?KMxoH zVnXV;h5SJ{Hq*+0s@~t%(2n`^1#5l>tHr@4)Bi3I0MkLik+Qmf?7@HAzeJE9>Ons< z8Pjl<5!oChH@!}ceo-62f!)uCJzXF$4lV>2o5cTd0)m0zP$5}eawcZ?6bQmv5UCeh zET@AR`}c_9$$;0rr10+*k1xuOPe|<^R8=T>wul+Djkc#RMtYBAT}o65*pz*q57^>5 ziWDl4E2lt&N-+AE71zKT<~cAt7Gf_tg=r55kIfo545f*`bvXRopk43d^1UO>zZLDs zZt**hLikuo&!4tB+uoKwr-r{@@wG{dl~%O_#{U`b%*2R{?c@{OGI4<<;^nnf!`bt0 zWwvo@m5hpk7s`*5f}#zjiDsKNFe#5^w#B?mT@~8Y1`!P6dnUuGm*UiJwgohCvErFO zh2ITaSbySuEUu2Gihm0ekp032eZeMf*27TqG$VR)>s+ERT|-GYVPH+aSp5leLS)Yk z5Gh>nBrVcGmp|701$FqB6rxiO?It)V)X>5}hWqgSGyEoKJ>)7tXS za}Cn;s;tmzKJ+8rcdK?BFvq>$!%q1Ee5NBedaR~nwH$VS*Ur zH5F(^Ri_dw8&?-wzOQ_Kb!wC{kc9|V+nU|>ke@-U^$1)czMJOIm{PQcMgQhH`Ixo# zZP!xOwVE!*LBQy1(Mxpc!btFrG?pt?%$w6y4=DM_DrZ71y4k zN%Oe~mm7zQg}k_eN`hQ(Q{2|+wwGk7VYgn^I}-muEwW`g5TNfTLMXYK zT|)9VLoXt{?1|^O5iM~{b7R%!E}bpJI*Y1BBxZ}tIWX6=Yo6_KgYIE6<=9ZFRR@47 z1N?OyaXVwWbEfhR5e+5rNOjYZ0IED!Kml>)#e@IwFNGX z?Tn91N4DC%n7Wb$E!$u3>)&q=D179Z4OOQ+xdEiecP|4?F^Un zTD|y<&90>X(&5Yc*=6DXDeGLeF6GHNLzj){(X;GRaRINVK;BE`($>EQ_)bUhu0y74 zGvBbVGIot;m8qW;*im-ihpiicJKk8_BPO`(t5MalmBSvpvT^HMqQ43a#4#Y}E!$>u zbmgYLcfX;o;K=>WsTF8#w$?kM&{dwdw7!kUQC1mtNe^GL8=t>i@ad-|E)=yQy>cCN zuF2kof)hGIY;ne(>fjqr{zaM=C0v*E(zxYWwqk6GpppIaLXfz85PN{o6Ew7K+>%@W zjoENAliZ9_Nu{i!yt8(wgcPIOY zXqo8@!B5e#FPb0R&L1C86xk#uf31!OZ;d>K6BhUr%+=;AbZ3Q=e|g~>0%0yFy>nWh zT(vz@Beo?-HTp)?BM^>3N{4Yaz^_&w2W(Y21 ziw*a|dMsmE@IY0U7+ZQaDlNAb5MsF1@Ia$7!4eIkr`n3JzzHfDTZKe`AiU8IV_`m= zonRfDrnw>NjcS?TN>Tje!-=2#wz#KC#dynyj=uKh$8z3-ve5|!qK3N+@7K!?A{naD z3NEAN{r03$J4q*8y5@e}*$!^EAR9XD$||Nx-}ls-^nzQ4jXfS$r>`3eR6;$3`Lm7{ zaxVxEG8*P+J_eN3!R-rV*4S65+Lf*EJ&bb0MYa05+EBk~XGhJO4W&UYqDn#+h#p7ly)_sJpL=pZtH$dxIclwuXN!U@; z)bJTt`o2E*c$(++b@|4|mdz30&i!>s;?68T!NoZ;g>8$T*u7Cf1{(_w~zQLAapHB&NVxOD8F)@nz*N9p@qFttYOZWB4A_ zsH5Y2413J8G?7lWf?wQND-7)ty_!~VLLGXz?i{=sfF=IbBP-1tImHvk2; zeE%7{{HZN;Gu;U$4+vzZ zx&tCfm+E~0h-)P-g?u0$4^{+ltGlb$8V6J*ZMy*Q)s7U(+l*c%0{a>>N;+01mDCU{ z2@r0nDdOM%TZ*08NKzl=QilAY0i0mjlz%AfJ!kqqBmlb=1v2vqAHjfvs@Juje@=+;R98}TRJ^r&=J%igHq29 zC;EN21f)uFzJ=1#iI;?p(iqR3n9-TD60qoz(S6+TJ{TJ&9EJ_>?=ZptUz|`TxDZlM zR#(T`{XdNybl%=C#cj?laX?$70jdgrsguz&_H!+`luelPTrrM@Y|yQ$FkgSe*A+%x z)wYhN3*z0XQEz_JHt?z5(^T&KRAyS@n;LI@OkqT?2fy!^rnkC^HPrCF+~U2~s(uDN za=)^Qv*;OG^xa^>$lQCmh15r$u0*x9A}XK1YbNZpmYI}pKTIXD6J3@Zqd1t_%kfbQ zkYRah_c^0+q*p5I@Q_r!Ms+1W*_Be)YprZ*UMC-SGn$Q`fnL6IVTM4og;4yO;=i>U z2ZWvJ{^>bEFgWn1c88`EW4=R~y2k{OM=SsKn;;qJRds;Sv;7#MuS#E7T2&MxCNG4R zE)mLkc+9WN9*Qv&44gd2slB@gP5!KtE8TPy%_JCQw{S5*XTRy3Z1)zelm2l^dxRy) zoFqK1oD*ifY!-hjMkQC`baUEyvN^&pFF|4ga;$Vq-TU1ebZL>A9LML&q(P_K1#TZQ zV-c~qVugqJ(8LOQ7;PBS{i_ zK>R#$=>|ypF^0&5)M_6kb*kHE#U35fGgGn~&C@K@yJxc+&mG$&ak@B`PD$C|h3;r; zgeMcaD%0)dP$9qW$BGi*rC#P)H{zRVdA)EuwmDNd`ThG12m+<*EWkXHK}avXVs`(k zeDyO5)OiC4It}_rd|L}4@3Bcz0?QMyYX#b(#JqGX2!|#g=*fGfgs2EFf+dt6oOb~% z`gAp^2RDESXL1#p&gZjm%2*@}(@`Is+9+;LsJK^)#sJgydz+UZoU-^olhp#*n@*>` z-PTn6w20rzGwg8YdTsy5#e*O;rK)%R4RBana8FKovDSw>N~c3IV5NK0q96}-+C;!C zwHEN#yWYB%#{zk7)KLX9Hsw5;tW~k7UW}s$)WGztS3s|g%s=oQHpe~32|%-|Qe3K; z;B*tc_Hz%ylnKKLJ?*@91$?&Jvr3Qp;d7BRrm@Q!Nn_j3s^e2>?{>%J(I?JwTe1OX zDU;Kul#LZ8q}kO>`W^O@Z>95(xQprj@#}4bV;>o2}AO_e$K>+7_5{Hqn)n zlQE1=6b!@ws?1YGlF}Yd9hOl6#VEUXQ-8epY>p-FyfQlno24v@(TDG_=txAAMq zYwx;|>P${L<{>{J-`G7zC8jeU+s8Y-F4WPxe!W9Qov7}8p$N1bs^u^~wTO<$wX^4; z$S)`~V(^9ATE|b`0e{r|R$wC(R)wIR`1~8;6z&r|aXDgIgrSFBV@|kRhdIOZgBNvr z6wc*H`dnC3#I34jmC&){MS=`phB~&n7jxne2$$R+A#`U_W#6o4 zD67xLFo`f5DHtp-Gbs@o#`cJh?)NMoMG^`f2!Snp2PQ#@f~rJXepk!o{G*lBoteE2 zM=68~qVk+CNECh!Ds*upQEZuk9e#2|hRX{xd+rnDq8`CXdERu9$Wdq8t80Ani?s75 z##Kwy?d7w|H{=?7sagk5M%2>x0|~C3scb!QVQSyHPU5-98<*JAw%2!)4XerL(IovC zT*_Mr?ZWZjSvc}X{E81*(h0|A2$ESowsVS}_hN`GZB0vOM{14*OUx@dD1591e~Yc0 zjIktVWS;d4sW)T7s)8UiwW1T%&r+CBFg z7%m3C0_+5kglLDyK_pUEQfoVq z3Gxd8N>)%#Q?O|tE53{PwVSl zKAZJ1TG-DXA#5@TGs66W#lE-gGNm@X@mZ988L%;6%aejX!K_<0mMu}w3JvMi3~Kz8 z_U7ru%m@h%LEcz>;P3Y9TpKp9%c~d7JHJ;_Ds=j-8CKlED!O5n$zfU-4_?8ReqLSn zqKI%B+OOUHxx1ISLox>Z1q&T`A}Ix=uD;o+KMgOe^&Q|aQ6UiRV?4?&4=*$&Fv1~B z5)z9y9u;>hM~jXKFG80u}xgdY6gc#W<;H@>ZKJ$s_zh@=2P^Bw}Z=h{KAFu29Fsezf z2Pd3@43Ktza%VWxOh&_akhKW+9VeqlaF3sp`R;{HsbXY|Sg?fc2QIwF9C)6oxHQwP zXGfte-shhbW@oLk-tEFfu43=9BiY1N-d**6+`xgY%>;Qxv{oa9#*O;~mtG0;0V#DD zsT+VrV4^5en<^|UkFe|O?I4j|9=T-BoY0f-Rh=O&%@EDT4;oMvy&>7n*zE|IBmT4C z%5pGlt$*@Brip3rPT|o&P`-0n2>@Ll@yv0nw8 zF66dD(d$`1Q#|%?1RUPQm-_KI=m_RJ5in9*t!yQQ;bR)&J4MxTs1*{sFNPSwX1w1{ z(kO{V5zfyuZCa6@s_(wP_gPa~6<|>THxfO_6Ky}lf?+k;i)&$CKxFq{i~YVB$lK7+PiLeF;21}$q>Z6PDe ziLR8Qy%aOjs~a0-4H<_R|ARf z=1H@@`>_1BEouAQJrqWUcVm!0B=+pn*jC!f2oX+~Od(mrB_}ge;s*xzNPKtkF4EU! z$MCLIEjF}Y>E)U%PGYY+bC9sjE%5uPG|}7mFFN~DlQ)fv2jfkkIkX?5t~(H_RPZ}; zm;uy&v?0gYE`g-5WUuU01KXGAE`01ifttJQr#54|G7Cl=tlG#!51Vy5sveG1tu`?U z!3ZJiPZ{x}o}*8)hano(CTQbMvH2A^wM8VS#VXUI9TTNTELRaOWO