rpm/velociraptor
SHA256
1
0
Fork 0
forked from pool/velociraptor
Code Pull Requests Activity

Accepting request 1035327 from home:jeff_mahoney:security:sensor

Browse Source 
- Update to version 0.6.4.2~git86.b5931f7:
  * cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
- Fix building of libbpfgo on i586

- Update to version 0.6.4.2~git84.1b38fda:
  * Clean up libbpfgo mess
  * libbpfgo: use forked repo for fully static builds
  * libbpfgo: sync to v0.4.4-libbpf-1.0.1
  * contrib/kafka-humio-gateway: add new debug option for noisy events
  * contrib/kafka-humio-gateway: backoff and retry for metadata
  * vql/server/kafka: connect sarama logging to velociraptor logging
  * vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
  * vql/server/kafka: set appropriate ClientID
  * libbpfgo: add selftest to build so testcases work
  * cronsnoop: rework testcases to use t.TempDir
  * cronsnoop: move external dependencies to end of import list
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()

- Update to version 0.6.4.2~git67.85b608e:
  * clients/host-info.js: add MAC addresses to client dashboard
  * linux: Add ability to interrogate system and network configuration
  * SUSE: Add docker-compose environment
  * SUSE: add Docker files
  * Add Linux.Sys.Bash to Server.Monitor.Shell artifact
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
  * kafka-humio-gateway: add sample config file
  * Updating the NewFiles and ProcessStatuses Artifacts

OBS-URL: https://build.opensuse.org/request/show/1035327
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=22
This commit is contained in:
Jeff Mahoney 2022-11-12 01:51:37 +00:00 committed by Git OBS Bridge
parent 2c83e467e2
commit 4f3a31cc82
18 changed files with 196 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_servicedata
View File

@ -1,6 +1,6 @@
<servicedata> <servicedata>
<service name="tar_scm"> <service name="tar_scm">
<param name="url">https://github.com/jeffmahoney/linux-security-sensor</param> <param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
<param name="changesrevision">45393b11957049ed841f559cf9f3b88dc5a588d9</param></service><service name="tar_scm"> <param name="changesrevision">85b608e2da06a90d5e51ae39fe79adbdb8511a3f</param></service><service name="tar_scm">
<param name="url">https://github.com/SUSE/linux-security-sensor</param> <param name="url">https://github.com/SUSE/linux-security-sensor</param>
<param name="changesrevision">b7df81726e4a6c4cabad66b024bb5d2aeea885d6</param></service></servicedata> <param name="changesrevision">b5931f73eb6c171a558d09d4ef8b3d4d7292d519</param></service></servicedata>

15
libbpfgo-i386.patch Normal file
View File

@ -0,0 +1,15 @@
---
third_party/libbpfgo/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/third_party/libbpfgo/Makefile
+++ b/third_party/libbpfgo/Makefile
@@ -15,7 +15,7 @@ VAGRANT = vagrant
CLANG_FMT = clang-format
HOSTOS = $(shell uname)
-ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g')
+ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g; s/i.86/386/g')
BTFFILE = /sys/kernel/btf/vmlinux
BPFTOOL = $(shell which bpftool || /bin/false)

27
make-libbpfgo-vendorable.patch
View File

@ -1,27 +0,0 @@
---
third_party/libbpfgo/go.mod | 8 --------
third_party/libbpfgo/libbpfgo.go | 2 +-
2 files changed, 1 insertion(+), 9 deletions(-)
--- a/third_party/libbpfgo/go.mod
+++ /dev/null
@@ -1,8 +0,0 @@
-module github.com/aquasecurity/libbpfgo
-
-go 1.16
-
-require (
- github.com/stretchr/testify v1.7.0
- golang.org/x/sys v0.0.0-20210514084401-e8d321eab015
-)
--- a/third_party/libbpfgo/libbpfgo.go
+++ b/third_party/libbpfgo/libbpfgo.go
@@ -87,7 +87,7 @@ import (
"syscall"
"unsafe"
- "github.com/aquasecurity/libbpfgo/helpers"
+ "www.velocidex.com/golang/velociraptor/third_party/libbpfgo/helpers"
)
const (

20
update-vendoring.sh
View File

@ -33,14 +33,34 @@ cpio -D "${dir}" -id < velociraptor-${version}.obscpio
echo "Running %prep" echo "Running %prep"
cd "${dir}/velociraptor-${version}" cd "${dir}/velociraptor-${version}"
tar Jxf ${topdir}/vmlinux.h-5.18.9-2-default.tar.xz
sh ${dir}/setup.sh sh ${dir}/setup.sh
echo "Re-vendoring Go code..." echo "Re-vendoring Go code..."
gopathdir="$(mktemp -d /tmp/gopath.XXXXXXX)" gopathdir="$(mktemp -d /tmp/gopath.XXXXXXX)"
rm -rf vendor rm -rf vendor
export GOPATH="$gopathdir" export GOPATH="$gopathdir"
# Vendoring doesn't get along with replaced modules, so symlink to those
go mod vendor go mod vendor
replace_module() {
local mod=$1
local path=$2
rm -rf "vendor/${mod}"
rel="$(echo $mod|tr A-Za-z0-9_- .|sed -e 's/\.\.\.*/../g')"
ln -s "${rel}/${path}" "vendor/${mod}"
ls -la vendor/${mod}/
}
replace_module github.com/aquasecurity/libbpfgo third_party/libbpfgo
replace_module github.com/elastic/go-libaudit/v2 third_party/go-libaudit
sh
tar Jcf ${dir}/vendor-golang-${version}.tar.xz vendor tar Jcf ${dir}/vendor-golang-${version}.tar.xz vendor
cd "${dir}"
mv vendor-golang-*${version}.tar.xz ${topdir}
cd "${dir}/velociraptor-${version}/contrib/kafka-humio-gateway" cd "${dir}/velociraptor-${version}/contrib/kafka-humio-gateway"
rm -rf vendor rm -rf vendor

3
velociraptor-0.6.4.2~git70.b7df8172.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6bb4ceb196d9dbcf6f05654e4e832e25aabcc8a5d9c59b1b488bc761db7cf77b
size 36226061

3
velociraptor-0.6.4.2~git86.b5931f7.obscpio Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cdf58a89e754e17e9f4bd837d71dc744e08539581cce39fb06aedd3f9a4f0f19
size 36331021

57
velociraptor-client.changes
View File

@ -1,3 +1,60 @@
-------------------------------------------------------------------
Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
- Fix building of libbpfgo on i586
-------------------------------------------------------------------
Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
* libbpfgo: use forked repo for fully static builds
* libbpfgo: sync to v0.4.4-libbpf-1.0.1
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* libbpfgo: add selftest to build so testcases work
* cronsnoop: rework testcases to use t.TempDir
* cronsnoop: move external dependencies to end of import list
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
-------------------------------------------------------------------
Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
* third_party/go-libaudit: don't directly use unix.*
* Add Linux.Remediation.Quarantine artifact
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* third_party/go-libaudit: move handling of receive buffer to caller
* third_party/go-libaudit: move buffer handling from netlink to audit
* third_party/go-libaudit: allow audit fd to be pollable
* third_party/go-libaudit: Add support for removing individual rules
* third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
* third_party/go-libaudit: Report missing rules during deletion
* import go-libaudit as a third-party module
* quarantine: actually call the OS-specific artifact
* artifactset: add ability to select named sources
* GUI: Artifact selector (#1790)
* host-info: make quarantine UI more robust with non-Windows client hosts
* shell-viewer: default to Bash on non-Windows clients
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com

20
velociraptor-client.spec
View File

@ -16,11 +16,11 @@
# #
%define projname velociraptor %define projname velociraptor
%define vendor_version 0.6.4.2~git59.5ebb49db %define vendor_version 0.6.4.2~git86.b5931f7
%define vmlinux_h_version 5.18.9-2-default %define vmlinux_h_version 5.18.9-2-default
Name: velociraptor-client Name: velociraptor-client
Version: 0.6.4.2~git70.b7df8172 Version: 0.6.4.2~git86.b5931f7
Release: 0 Release: 0
Summary: Endpoint visibility and collection tool (endpoint only) Summary: Endpoint visibility and collection tool (endpoint only)
Group: System/Monitoring Group: System/Monitoring
@ -34,7 +34,7 @@ Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
Patch1: velociraptor-golang-mage-vendoring.diff Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
Patch4: make-libbpfgo-vendorable.patch Patch4: libbpfgo-i386.patch
BuildRequires: golang-packaging BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: systemd-devel BuildRequires: systemd-devel
@ -42,11 +42,14 @@ BuildRequires: systemd-devel
BuildRequires: golang(API) = 1.17 BuildRequires: golang(API) = 1.17
BuildRequires: fileb0x BuildRequires: fileb0x
BuildRequires: mage BuildRequires: mage
%ifarch x86_64
BuildRequires: libtsan0 BuildRequires: libtsan0
%endif
BuildRequires: clang13 BuildRequires: clang13
BuildRequires: llvm13 BuildRequires: llvm13
BuildRequires: bpftool BuildRequires: bpftool
BuildRequires: libelf-devel BuildRequires: libelf-devel
BuildRequires: zlib-devel-static
Conflicts: velociraptor Conflicts: velociraptor
%description %description
@ -65,15 +68,16 @@ install the 'velociraptor' package.
%setup -q -a 1 -a 4 -n %{projname}-%{version} %setup -q -a 1 -a 4 -n %{projname}-%{version}
%autopatch -p1 %autopatch -p1
# Without this, the libbpfgo tests want to vendor the external version
rm -rf third_party/libbpfgo/selftest third_party/libbpfgo/helpers/example_tracelisten_test.go
# Set the version to something more specific than <next-tag>-dev # Set the version to something more specific than <next-tag>-dev
sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
mkdir -p third_party/libbpfgo/output mkdir -p third_party/libbpfgo/output
cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
third_party/libbpfgo/output/vmlinux.h # Any release more recent than SLE 15 SP3/Leap 15.3 will have this
if ! test -e /sys/kernel/btf/vmlinux; then
cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
third_party/libbpfgo/output/vmlinux.h
fi
# These just clutter the GUI and we don't have Windows clients # These just clutter the GUI and we don't have Windows clients
# Note: There are dependencies on these that need to be resolved before # Note: There are dependencies on these that need to be resolved before

5
velociraptor-skip-git-submodule-import-for-OBS-build.patch
View File

@ -18,7 +18,6 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>
- $(GIT) submodule update --init --recursive $@ - $(GIT) submodule update --init --recursive $@
+# echo "INFO: updating submodule 'libbpfgo'" +# echo "INFO: updating submodule 'libbpfgo'"
+# $(GIT) submodule update --init --recursive $@ +# $(GIT) submodule update --init --recursive $@
# Fake that it's an internal module
rm -f $@/go.mod
sed -e 's;"github.com/aquasecurity;"www.velocidex.com/golang/velociraptor/third_party;' -i $@/libbpfgo.go
$(LIBBPF_LIB): $(LIBBPFGO_DIR)
make -C $(LIBBPFGO_DIR) libbpfgo-full-static

57
velociraptor.changes
View File

@ -1,3 +1,60 @@
-------------------------------------------------------------------
Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
- Fix vendoring of replaced modules.
- Only require libtsan0 on x86_64
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
- Fix building of libbpfgo on i586
-------------------------------------------------------------------
Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
* libbpfgo: use forked repo for fully static builds
* libbpfgo: sync to v0.4.4-libbpf-1.0.1
* contrib/kafka-humio-gateway: add new debug option for noisy events
* contrib/kafka-humio-gateway: backoff and retry for metadata
* vql/server/kafka: connect sarama logging to velociraptor logging
* vql/server/kafka: add exponential backoff (limited to 30s) for metadata retries
* vql/server/kafka: set appropriate ClientID
* libbpfgo: add selftest to build so testcases work
* cronsnoop: rework testcases to use t.TempDir
* cronsnoop: move external dependencies to end of import list
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
-------------------------------------------------------------------
Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
* linux: Add ability to interrogate system and network configuration
* SUSE: Add docker-compose environment
* SUSE: add Docker files
* Add Linux.Sys.Bash to Server.Monitor.Shell artifact
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
* kafka-humio-gateway: add sample config file
* Updating the NewFiles and ProcessStatuses Artifacts
* cronsnoop: Add plugin which is able to snoop removal/addition of cron… (#37)
* third_party/go-libaudit: don't directly use unix.*
* Add Linux.Remediation.Quarantine artifact
* Extend audit artifacts to use new interface
* audit: rearchitect plugin to scale better with multiple invocations
* third_party/go-libaudit: move handling of receive buffer to caller
* third_party/go-libaudit: move buffer handling from netlink to audit
* third_party/go-libaudit: allow audit fd to be pollable
* third_party/go-libaudit: Add support for removing individual rules
* third_party/go-libaudit: rule.Rule.Build: Don't assume that no syscalls means all syscalls
* third_party/go-libaudit: Report missing rules during deletion
* import go-libaudit as a third-party module
* quarantine: actually call the OS-specific artifact
* artifactset: add ability to select named sources
* GUI: Artifact selector (#1790)
* host-info: make quarantine UI more robust with non-Windows client hosts
* shell-viewer: default to Bash on non-Windows clients
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com

6
velociraptor.obsinfo
View File

@ -1,4 +1,4 @@
name: velociraptor name: velociraptor
version: 0.6.4.2~git70.b7df8172 version: 0.6.4.2~git86.b5931f7
mtime: 1667239302 mtime: 1668201110
commit: b7df81726e4a6c4cabad66b024bb5d2aeea885d6 commit: b5931f73eb6c171a558d09d4ef8b3d4d7292d519

26
velociraptor.spec
View File

@ -16,11 +16,11 @@
# #
%define projname velociraptor %define projname velociraptor
%define vendor_version 0.6.4.2~git59.5ebb49db %define vendor_version 0.6.4.2~git86.b5931f7
%define vmlinux_h_version 5.18.9-2-default %define vmlinux_h_version 5.18.9-2-default
Name: velociraptor Name: velociraptor
Version: 0.6.4.2~git70.b7df8172 Version: 0.6.4.2~git86.b5931f7
Release: 0 Release: 0
Summary: Endpoint visibility and collection tool Summary: Endpoint visibility and collection tool
Group: System/Monitoring Group: System/Monitoring
@ -38,7 +38,7 @@ Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz
Patch1: velociraptor-golang-mage-vendoring.diff Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
Patch4: make-libbpfgo-vendorable.patch Patch4: libbpfgo-i386.patch
BuildRequires: golang-packaging BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: systemd-devel BuildRequires: systemd-devel
@ -46,13 +46,16 @@ BuildRequires: systemd-devel
BuildRequires: golang(API) = 1.17 BuildRequires: golang(API) = 1.17
BuildRequires: fileb0x BuildRequires: fileb0x
BuildRequires: mage BuildRequires: mage
%ifarch x86_64
BuildRequires: libtsan0 BuildRequires: libtsan0
BuildRequires: nodejs16 %endif
BuildRequires: npm16 BuildRequires: nodejs >= 16
BuildRequires: npm >= 16
BuildRequires: clang13 BuildRequires: clang13
BuildRequires: llvm13 BuildRequires: llvm13
BuildRequires: bpftool BuildRequires: bpftool
BuildRequires: libelf-devel BuildRequires: libelf-devel
BuildRequires: zlib-devel-static
Conflicts: velociraptor-client Conflicts: velociraptor-client
%description %description
@ -68,7 +71,7 @@ For just the endpoint agent, please install the 'velociraptor-client' package.
%package kafka-humio-gateway %package kafka-humio-gateway
Summary: Gateway between Kafka and Humio for Velociraptor Artifacts Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
Version: 0.6.4.2~git70.b7df8172 Version: 0.6.4.2~git86.b5931f7
%description kafka-humio-gateway %description kafka-humio-gateway
This tool is used to consume events generated by the Kafka Velociraptor plugin This tool is used to consume events generated by the Kafka Velociraptor plugin
@ -78,15 +81,16 @@ and post them to a Humio cluster.
%setup -q -a 1 -a 2 -a 3 -a 8 -n %{projname}-%{version} %setup -q -a 1 -a 2 -a 3 -a 8 -n %{projname}-%{version}
%autopatch -p1 %autopatch -p1
# Without this, the libbpfgo tests want to vendor the external version
rm -rf third_party/libbpfgo/selftest third_party/libbpfgo/helpers/example_tracelisten_test.go
# Set the version to something more specific than <next-tag>-dev # Set the version to something more specific than <next-tag>-dev
sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
mkdir -p third_party/libbpfgo/output mkdir -p third_party/libbpfgo/output
cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
third_party/libbpfgo/output/vmlinux.h # Any release more recent than SLE 15 SP3/Leap 15.3 will have this
if ! test -e /sys/kernel/btf/vmlinux; then
cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
third_party/libbpfgo/output/vmlinux.h
fi
# These just clutter the GUI and we don't have Windows clients # These just clutter the GUI and we don't have Windows clients
# Note: There are dependencies on these that need to be resolved before # Note: There are dependencies on these that need to be resolved before

3
vendor-golang-0.6.4.2~git59.5ebb49db.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e8f77ac096b5e31cb4f2d3350f462ff02c4e6b20310f285456411fbe0d5bf1ec
size 7869080

3
vendor-golang-0.6.4.2~git86.b5931f7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5658ece191a8d0ab5c0d9e558d756ab688eb7faf8544441e5baf37d55ac9fbf1
size 7824160

3
vendor-golang-kafka-humio-gateway-0.6.4.2~git59.5ebb49db.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fde72109a7f0de8aa2c413e60c5ede497bf4ced503ee8dc7b123f77ccc9c25ee
size 454240

3
vendor-golang-kafka-humio-gateway-0.6.4.2~git86.b5931f7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d32c165efeb3ace20edd14d308c0a4aacd441d0cfb29f8c3e74e5549781609e8
size 454332

3
vendor-nodejs-0.6.4.2~git59.5ebb49db.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:534aa7c32515bf54c823ada382c08ba01ec650e5b88258edc409cef3c5fddcf9
size 37119140

3
vendor-nodejs-0.6.4.2~git86.b5931f7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6a749b2c6b6e6544ed0a47e8aaf8df463e4a38a0dbc2233f0739a91e2de41c6d
size 37506080