.githooks/pre-push

@@ -13,8 +13,8 @@ compare_ancestors() {
 	correct_base="$(git merge-base "$local_hash" "$2")"
 	invalid_base_a="$(git merge-base "$local_hash" "$3")"
 	invalid_base_b="$(git merge-base "$local_hash" "$4")"
-	git merge-base --is-ancestor "$correct_base" "$invalid_base_a" \
-		&& git merge-base --is-ancestor "$correct_base" "$invalid_base_b"
+	git merge-base --is-ancestor "$invalid_base_a" "$correct_base" \
+		|| git merge-base --is-ancestor "$invalid_base_b" "$correct_base"
 }
 
 
@@ -49,19 +49,19 @@ while read -r local_ref local_sha1 remote_ref remote_sha1; do
 			push_hbd="$local_sha1"
 			;;
 		hotfix/*)
-			if compare_ancestors "$local_sha1" hbk hbl hbd; then
+			if ! compare_ancestors "$local_sha1" hbk hbl hbd; then
 				echo "Reference has invalid ancestor, please base it on top of hbk: $local_ref" >&2
 				exit 1
 			fi
 			;;
 		feature/*|bugfix/*|refactor/*|hack/*)
-			if compare_ancestors "$local_sha1" hbl hbk hbd; then
+			if ! compare_ancestors "$local_sha1" hbl hbk hbd; then
 				echo "Reference has invalid ancestor, please base it on top of hbl: $local_ref" >&2
 				exit 1
 			fi
 			;;
 		majorfeature/*|fix/*|majorrefactor/*|majorhack/*)
-			if compare_ancestors "$local_sha1" hbd hbk hbl; then
+			if ! compare_ancestors "$local_sha1" hbd hbk hbl; then
 				echo "Reference has invalid ancestor, please base it on top of hbd: $local_ref" >&2
 				exit 1
 			fi

.gitlab-ci.yml

-default:
-  image: registry.labs.nic.cz/turris/turris-build
+image: registry.labs.nic.cz/turris/os/build
 
 stages:
   - build
+  - verify
 
-Applying patches for Omnia:
+## Package build prepare #########################################################
+.prepare:
   stage: build
   script:
-    - './compile_pkgs prepare -t omnia'
+    - './compile_pkgs -t "$BOARD" prepare'
 
-Generate pkglists:
+
+prepare_mox:
+  extends: .prepare
+  variables:
+    BOARD: mox
+
+prepare_omnia:
+  extends: .prepare
+  variables:
+    BOARD: omnia
+
+prepare_turris1x:
+  extends: .prepare
+  variables:
+    BOARD: turris1x
+
+## Medkit ########################################################################
+.medkit:
   stage: build
   script:
-    - './generate_lists --debug'
+    - './generate_medkits -t "$BOARD" $(. defaults.sh && [ "$PUBLISH_BRANCH" = "hbs" ] && echo -b hbk)'
+    - '[ -f "generated_medkits/$BOARD-medkit-latest.tar.gz" ]'
+    - '[ -f "generated_medkits/$BOARD-medkit-min-latest.tar.gz" ]'
+
 
-Check generated pkglists:
+medkit_mox:
+  extends: .medkit
+  variables:
+    BOARD: mox
+
+medkit_omnia:
+  extends: .medkit
+  variables:
+    BOARD: omnia
+
+medkit_turris1x:
+  extends: .medkit
+  variables:
+    BOARD: turris1x
+
+## Updater lists #################################################################
+lists_generate:
   stage: build
   script:
-    - './generate_lists'
+    - './generate_lists --debug'
+  artifacts:
+      name: "Generated package lists"
+      paths:
+          - generated_lists/*
+
+lists_verify:
+  stage: verify
+  needs: [lists_generate]
+  script:
     - find generated_lists -type f -name '*.lua' -printf '-- %P --\n' -exec luac5.1 -p '{}' \;

.gitlab-ci/Dockerfile

 FROM debian:stable
 
-RUN \
-  apt-get update && \
-  apt-get -y upgrade && \
-  apt-get -y install --no-install-recommends \
+## Apt update and upgrade
+RUN apt-get update && \
+    apt-get -y upgrade
+
+## Dependencies required for tools which are used by OpenWrt and also a few to build some packages
+RUN apt-get -y install --no-install-recommends \
     git subversion \
     gawk unzip file \
     ca-certificates wget curl rsync \
     python python3 \
-    lua5.1 m4 \
-    build-essential zlib1g-dev libssl-dev libncurses-dev gcc-multilib \
-    && \
-  apt-get clean
+    build-essential zlib1g-dev libssl-dev libncurses-dev gcc-multilib
+
+## Dependencies for building medkit in general as Updater-ng, usign and fakeroot and others
+RUN apt-get -y install --no-install-recommends \
+    ca-certificates curl git bzip2 \
+    autoconf autoconf-archive automake libtool \
+    make cmake pkg-config gcc fakeroot \
+    libcurl4-openssl-dev libevent-dev libssl-dev liburiparser-dev \
+    libarchive-dev \
+    uthash-dev \
+    liblua5.1-0-dev
+
+## Dependencies for Turris updater's lists
+RUN apt-get -y install --no-install-recommends \
+    git \
+    lua5.1 \
+    m4
 
+## And finally, clean apt cache to not be present in the final container
+RUN apt-get clean
+
+## Add a user for build environment as it is not possible to build OpenWrt as root
 RUN useradd -ms /bin/bash -d /build build
 USER build
 ENV HOME /build
 
 CMD [ "bash" ]
-

.gitscripts/new-mr

 #!/bin/bash
-repo="https://gitlab.nic.cz/turris/turris-build"
+repo="https://gitlab.nic.cz/turris/os/build"
 cur_branch="$(git branch --show-current)"
 
 

NEWS

+5.3.0
+-----
+
+* Sentinel improvements
+* Updated Nextcloud
+
+5.2.2
+-----
+
+* reForis
+  * Add support for more extended Honeypot as a Service token
+  * Add support in Network Interfaces for Turris 1.x routers
+
+5.2.1
+-----
+
+* reForis
+  * Several bug fixes
+  * Update translations
+* Fixed dhparam generation for some OpenVPN server instances
+
 5.2.0
 -----
 
@@ -6,15 +27,22 @@
   * Storage plugin with option for persistent system logs
   * Factory reset from web interface
   * Support for Honeypot as a Service (haas.nic.cz)
+  * Add option to change hostname in reForis
   * Fix DHCP range configuration check
   * A few design improvements
-* Foris and reForis starts on demand
 * WebApps: New graphical design with optional dark mode
-* Sentinel: Introduce replacement for firewall logs collector
 * Turris MOX: Update firmware for SDIO card
 * Add RIPE Atlas SW probe, common passwords as package lists
 * Automatic installation of drivers for limited amount of LTE and DVB devices
 
+5.1.10
+-----
+
+* Fixed Python3 vulnerabilities - CVE-2021-3177 and CVE-2021-23336
+* Fixed Open vSwitch vulnerability - CVE-2020-35498
+* Fixed screen vulnerability - CVE-2021-26937
+* Fixed BIND vulnerability - CVE-2020-8625
+
 5.1.9
 -----
 

compile_pkgs

@@ -244,7 +244,7 @@ checkout() {
 		OPENWRT_URL="$GIT_MIRROR/openwrt"
 	fi
 	rm -rf .git
-	git init --initial-branch=master
+	git init
 	git remote add origin "$OPENWRT_URL"
 	if [ -z "$GIT_MIRROR" -a "${OPENWRT_BRANCH:0:1}" = "#" ]; then
 		# If we are downloading directly from server we can't fetch specific

configs/common/branding

@@ -5,7 +5,7 @@ CONFIG_VERSION_MANUFACTURER="CZ.NIC"
 CONFIG_VERSION_MANUFACTURER_URL="https://www.turris.cz/"
 CONFIG_VERSION_DIST="TurrisOS"
 CONFIG_VERSION_HOME_URL="https://www.turris.cz/"
-CONFIG_VERSION_BUG_URL="https://gitlab.labs.nic.cz/groups/turris/-/issues/"
+CONFIG_VERSION_BUG_URL="https://gitlab.nic.cz/groups/turris/-/issues/"
 CONFIG_VERSION_SUPPORT_URL="https://www.turris.cz/support/"
 
 # Set Linux kernel branding to Turris specific

feeds.conf

@@ -2,8 +2,8 @@
 ## It is commented out because it is not feed but is used by compile_pkgs script.
 # openwrt https://git.openwrt.org/openwrt/openwrt.git;openwrt-19.07
 
-src-git turrispackages https://gitlab.labs.nic.cz/turris/turris-os-packages.git;develop
-src-git node https://github.com/nxhack/openwrt-node-packages.git;master
+src-git turrispackages https://gitlab.nic.cz/turris/os/packages.git;develop
+src-git node https://github.com/nxhack/openwrt-node-packages.git;openwrt-19.07
 src-git packages https://git.openwrt.org/feed/packages.git;openwrt-19.07
 src-git luci https://git.openwrt.org/project/luci.git;openwrt-19.07
 src-git routing https://git.openwrt.org/feed/routing.git;openwrt-19.07

generate_medkits

@@ -117,18 +117,18 @@ generate() {
 
 get_usign
 
-generate "medkit"
+generate "medkit" --initial-config
 generate "medkit-min" --base "base-min" --lists "" --localization ""
 
 case "$board" in
 	omnia)
-		generate "medkit-contract-cti" --contract "cti"
+		generate "medkit-contract-cti" --contract "cti" --initial-config
 		;;
 	mox)
 		generate "netboot" --base "base-netboot"
-		generate "medkit-contract-shield" --contract "shield"
+		generate "medkit-contract-shield" --contract "shield" --initial-config
 		;;
 esac
 if [ "$board" != "turris1x" ]; then
-	generate "medkit-contract-cznic" --contract "cznic"
+	generate "medkit-contract-cznic" --contract "cznic" --initial-config
 fi

helpers/generate_common.sh

@@ -17,7 +17,7 @@ USIGN_VERSION=f1f65026a94137c91b5466b149ef3ea3f20091e9
 UPDATER_VERSION=master
 
 SRC_USIGN="https://git.openwrt.org/project/usign.git"
-SRC_UPDATER="https://gitlab.labs.nic.cz/turris/updater/updater.git"
+SRC_UPDATER="https://gitlab.nic.cz/turris/updater/updater.git"
 
 # Git puller helper function (git_pull output_path source_url target)
 git_get() {

helpers/generate_medkit.sh

@@ -33,6 +33,7 @@ export UPDATER_SCRIPT=
 export OVERLAY=
 export OUTPUT=
 export BOOTSTRAP_TESTKEY=
+export BOOTSTRAP_INITIAL_CONFIG=
 
 export TURRIS_BUILD_DIR="$src_dir"
 
@@ -86,6 +87,10 @@ while [ $# -gt 0 ]; do
 			echo "    first system update."
 			echo "  --contract CONTRACT"
 			echo "    Build medkit for router under CONTRACT."
+			echo "  --initial-config"
+			echo "    Include package initial-config in to the medkit. This package"
+			echo "    can be used to configure Wi-Fi and system passwords with"
+			echo "    configuration file stored on drive connected to router."
 			echo "  --updater-script FILE"
 			echo "    Run file as updater's script. It is executed after primary"
 			echo "    entry script of this tool."
@@ -133,6 +138,9 @@ while [ $# -gt 0 ]; do
 			BOOTSTRAP_CONTRACT="$1"
 			default_output_ext="-contract-$1"
 			;;
+		--initial-config)
+			BOOTSTRAP_INITIAL_CONFIG="y"
+			;;
 		--updater-script)
 			shift
 			UPDATER_SCRIPT="$1"

lists/base-fix.lua

@@ -137,23 +137,26 @@ if installed and installed["luci-lighttpd"] and not installed["turris-webapps-lu
 	Install("luci-base", { reinstall = true, condition = "luci-base" })
 end
 
--- With uboot-tools version 2018.03-4 environment configuration was fixed. Problem
+-- With uboot-envtools version 2018.03-4 environment configuration was fixed. Problem
 -- is that it is not applied in default as script checks for existence of
 -- /etc/config/ubootenv file and does nothing.
 -- In case of Mox we also move fw_env.config from mox-support package. Because of
 -- that we have to update mox-support first so we would not remove generated file.
 if not version_match or not installed or
-		(installed["uboot-tools"] and version_match(installed["uboot-tools"].version, "<2018.03-4")) then
-	Package("uboot-tools", { deps = "fix-uboot-env-reset" })
-	if board ~= "mox" then
-		Package("uboot-tools", { deps = "mox-support" })
+		(installed["uboot-envtools"] and version_match(installed["uboot-envtools"].version, "<2018.03-4")) then
+	Package("uboot-envtools", { deps = "fix-uboot-env-reset" })
+	if board == "mox" then
+		Package("uboot-envtools", { deps = "mox-support" })
 	end
 end
 
 -- Package dhparam was removed and replaced by turris-cagen ability to generate
 -- dhparam instead. These files are expected to be in different locations so we
 -- have to fix paths in existing server configurations. This does exactly that.
-if installed and installed["dhparam"] then
+-- With Turris OS 5.2.0 this fix was released and it turns out that it was way
+-- cautious. We removed some unnecessary checks and we reapply it with 5.2.1
+-- version again.
+if installed and os_release and (installed["foris-controller-openvpn-module"] and version_match(os_release['VERSION'], "<5.2.1")) then
 	Install("fix-dhparam-to-cagen")
 	Package("fix-dhparam-to-cagen", { replan = "finished" })
 end
@@ -165,3 +168,11 @@ if not version_match or not installed or
 		(installed["pkglists"] and version_match(installed["pkglists"].version, "<1.6.0")) then
 	Install("fix-pkglists-hardening-options")
 end
+
+-- Fix empty nextcloud config if it was created by nextcloud cron.
+-- If empty config is detected it will remove it.
+if not version_match or not installed or
+		(installed["nextcloud"] and version_match(installed["nextcloud"].version, "<19.0.3-3")) then
+	Install("fix-nextcloud-conf")
+	Package("fix-nextcloud-conf", { replan = "finished" })
+end

lists/base-min.lua.m4

@@ -31,10 +31,12 @@ Install("netifd", "firewall", "dns-resolver", { critical = true})
 
 -- OpenWrt minimum
 Install("ebtables", "dnsmasq-full", "odhcpd", "odhcp6c", { priority = 40 })
+Install("urandom-seed", { priority = 40 })
 Install("opkg", "libustream-openssl", { priority = 40 })
 Uninstall("wget-nossl", { priority = 40 }) -- opkg required SSL variant only
 
 -- Turris minimum
+Install("turris-defaults", { priority = 40 })
 Install("cronie", { priority = 40 })
 Install("syslog-ng", "logrotate", { priority = 40 })
 if board == "turris1x" then
@@ -104,7 +106,7 @@ end
 
 
 -- Wifi
-Install("hostapd-common", "wireless-tools", "wpad", "iw", "iwinfo", { priority = 40 })
+Install("hostapd-common", "wireless-tools", "wpad-openssl", "iw", "iwinfo", { priority = 40 })
 if board == "mox" then
 	Install("kmod-ath10k-ct", { priority = 40 })
 	Install("mwifiex-sdio-firmware", "ath10k-firmware-qca988x-ct", { priority = 40 })

lists/bootstrap.lua

@@ -16,6 +16,8 @@ This script expects following variables to be possibly defined in environment:
     standard medkits
   BOOTSTRAP_TESTKEY: if defined non-empty then test kyes are included in
     installation
+  BOOTSTRAP_INITIAL_CONFIG: if defined non-empty then package initial-config is
+    included.
 ]]
 
 -- Sanity checks
@@ -75,9 +77,9 @@ if env_devices then
 	for device in env_devices:gmatch('[^,]+') do
 		local tp, class = device:match('([^:]+):(.*)')
 		if tp == "usb" then
-			table.insert(usb_device, class)
+			table.insert(usb_devices, class)
 		elseif tp == "pci" then
-			table.insert(pci_device, class)
+			table.insert(pci_devices, class)
 		else
 			WARN("Invalid device type, ignoring: " .. device)
 		end
@@ -101,3 +103,9 @@ local env_testkey = os.getenv('BOOTSTRAP_TESTKEY')
 if env_testkey and env_testkey ~= "" then
 	Install('cznic-repo-keys-test')
 end
+
+
+local env_initial_config = os.getenv('BOOTSTRAP_INITIAL_CONFIG')
+if env_initial_config and env_initial_config ~= "" then
+	Install('initial-config')
+end

lists/contracts/shield.lua.m4

@@ -4,6 +4,9 @@ _FEATURE_GUARD_
 -- No more Foris and LuCI and data collect UI
 Uninstall("foris", "luci", "luci-base", "turris-webapps", { priority = 45 })
 
+-- Remove some more advanced reForis plugins
+Uninstall("reforis-storage-plugin", { priority = 45 })
+
 -- Alternative versions of packages
 Install("shield-support", { priority = 45 })
 
@@ -15,11 +18,11 @@ Install('common_passwords', { priority = 45 })
 Install('sentinel-i_agree_with_eula', { priority = 45 })
 
 options = {
-    ["dynfw"] = true,
-    ["haas"] = true,
-    ["survey"] = true,
-    ["nikola"] = true,
-    ["minipot"] = true,
+	["dynfw"] = true,
+	["haas"] = true,
+	["survey"] = true,
+	["nikola"] = true,
+	["minipot"] = true,
 }
 Export("options")
 Script("../pkglists/datacollect.lua")
@@ -27,8 +30,8 @@ Unexport("options")
 
 -- Extra software
 options = {
-    ["netmetr"] = true,
-    ["dev-detect"] = true,
+	["netmetr"] = true,
+	["dev_detect"] = true,
 }
 Export("options")
 Script("../pkglists/net_monitoring.lua")

lists/drivers/pci.lua

@@ -9,22 +9,22 @@ local db = {
 	{ -- Qualcomm Atheros AR9287 Wireless Network Adapter
 		vendor = 0x168c,
 		device = 0x002e,
-		packages = {"ath9k"}
+		packages = {"kmod-ath9k"}
 	},
 	{ -- Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01)
 		vendor = 0x168c,
 		device = 0x0030,
-		packages = {"ath9k"}
+		packages = {"kmod-ath9k"}
 	},
 	{ -- Qualcomm Atheros QCA986x/988x 802.11ac Wireless Network Adapter
 		vendor = 0x168c,
 		device = 0x003c,
-		packages = {"ath10k_pci"}
+		packages = {"kmod-ath10k", "ath10k-firmware-qca988x"}
 	},
 	{ -- MEDIATEK Corp. Device 7612
 		vendor = 0x14c3,
 		device = 0x7612,
-		packages = {"mt76"}
+		packages = {"kmod-mt76"}
 	},
 }
 

lists/drivers/usb.lua

@@ -37,7 +37,7 @@ local db = {
 	{ -- Computer & Entertainment, Inc. Astrometa DVB-T/T2/C FM & DAB receiver [RTL2832P]
 		vendor = 0x15f4,
 		product = 0x0131,
-		packages = {"kmod-dvb-cxd2841er", "kmod-dvb-usb-rtl28xxu", "kmod-media-tuner-r820t"},
+		packages = {"kmod-dvb-usb", "kmod-dvb-cxd2841er", "kmod-dvb-mn88473", "kmod-dvb-rtl2832", "kmod-dvb-usb-rtl28xxu", "kmod-media-tuner-r820t", "kmod-media-tuner-r820t"},
 		class = {"dvb"}
 	},
 	{ -- Microsoft Corporation Xbox One Digital TV Tuner
@@ -51,7 +51,7 @@ local db = {
 	{ -- Qualcomm, Inc. Acer Gobi 2000 Wireless Modem
 		vendor = 0x05c6,
 		product = 0x9215,
-		packages = {"usb-net-qmi-wwan", "usb-serial-qualcomm"},
+		packages = {"kmod-usb-net-qmi-wwan", "kmod-usb-serial-qualcomm"},
 		class = {"broadband"}
 	},
 	{ -- Huawei Technologies Co., Ltd. K5150 LTE modem
@@ -67,12 +67,6 @@ local db = {
 		class = {"broadband"}
 	},
 	-- WiFi dongles --------------------------------------------------------------
-	{ -- Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
-		vendor = 0x0bda,
-		product = 0x8812,
-		packages = {"kmod-rtl8812au-ct"},
-		class = {"wifi"}
-	},
 	{ -- Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
 		vendor = 0x148f,
 		product = 0x3070,
@@ -92,6 +86,12 @@ local db = {
 		packages = {"kmod-usb-acm"},
 		class = {"serial"}
 	},
+	{ -- Future Technology Devices International, Ltd FT232 USB-Serial (UART) IC
+		vendor = 0x0403,
+		product = 0x6001,
+		packages = {"kmod-usb-serial-ftdi"},
+		class = {"serial"}
+	},
 	{ -- Sigma Designs, Inc. Aeotec Z-Stick Gen5 (ZW090) - UZB
 		vendor = 0x0658,
 		product = 0x0200,

lists/foris.lua.m4

@@ -64,4 +64,8 @@ end
 
 Install("lighttpd-https-cert", { priority = 40 })
 
+-- Workaround how to install foris-controller-nextcloud-module
+-- because there is no nextcloud-plugin
+Install("foris-controller-nextcloud-module", { condition = {"nextcloud", "foris-controller-storage-module"} })
+
 _END_FEATURE_GUARD_

lists/kmod-turris.list

@@ -5,5 +5,7 @@ hwmon-lm90
 leds-gpio
 input-gpio-keys
 
+rtc-ds1307
+
 # For Turris 1.1
 usb3

lists/migrate3x.lua

@@ -25,23 +25,54 @@ if not version_match or not self_version or version_match(self_version, "<64.0")
 		subdirs = { "base", "core", "packages", "turrispackages"}
 	})
 
-	Install('updater-ng', 'tos3to4-early', { critical = true })
-
-	Package('tos3to4-early', {
+	Install('updater-ng', { critical = true })
+	Package('updater-ng', {
 		replan = 'immediate',
-		deps = { 'libgcc', 'busybox', 'updater-ng' }
+		deps = { 'libgcc', 'busybox' }
 	})
 	--[[
 	Updater package does not depend on libgcc but it requires it and dependency
 	breaks otherwise.
-
-	We added additional dependency in form of package tos3to4-early which contains
-	script to migrate updater configuration. That means that when new updater is
-	being installed the configuration is also migrated at the same time.
 	]]
 
 else
 
+	if version_match(installed["tos3to4"].version, "<2.0.0") then
+		--[[
+		The first phase is to install new version of updater-ng. This is a second
+		phase where we install tos3to4-early that migrates updater's configuration
+		before we perform full system update.
+		The tos3to4-early is downloaded from HBS no matter what branch user has
+		configured as migration itself is performed by it later on and in case of
+		no settings HBS is the default.
+		With Turris OS 5.2.0 the package lists were migrated to separate file. The
+		fixup scripts were created to migrate it but trigger for them won't work
+		for us here as we install latest version of pkglists as part of this
+		immediate replan.
+		]]
+		Install('tos3to4-early', 'fix-pkglists-hardening-options', { critical = true, priority = 100 })
+		Package('tos3to4-early', { replan = 'immediate' })
+		Package('fix-pkglists-hardening-options', {
+			replan = 'immediate',
+			deps = 'fix-pkglists-options'
+		})
+		Package("fix-pkglists-options", {
+			deps = 'tos3to4-early'
+		})
+
+		--[[
+		tos3to4-early requires switch-branch but that depends on
+		updater-supervisor and that pulls in load of dependencies including
+		cronie. The issue is that cronie collides with vixe-cron. By making
+		updater-supervisor virtual we skip it for now and thus we prevent the
+		collision.
+		It has to be virtual till we install package we are doing replan on here.
+		]]
+		if not installed["fix-pkglists-hardening-options"] then
+			Package("updater-supervisor", { virtual = true })
+		end
+	end
+
 	--[[
 	The process of update is that we first update only updater and minimal system
 	dependencies with it. That replaces libc and pretty much breaks whole system.
@@ -55,10 +86,19 @@ else
 	going to proceed and that result is working system.
 
 	This does not solve problem ultimately. It instead moves problem for user to
-	solver later when migration is completed. User have to modify its requests.
+	solve later when migration is completed. User have to modify its requests.
 	]]
 	Mode("optional_installs")
 
+	--[[
+	We install newer version of tos3to4 that migrates switch configuration. The
+	migration creates situation where we are running on kernel without DSA support
+	and without switch-config tools and thus we can't configure LAN in any way.
+	The solution is to just unconditionally reboot router after migration is
+	finished.
+	]]
+	Package("tos3to4", { reboot = "finished" })
+
 end
 
 --[[