Merge pull request #101 from junkurihara/develop

0.6.2

.github/dependabot.yml

@@ -5,17 +5,23 @@ version: 2
 updates:
   # Enable version updates for cargo
   - package-ecosystem: "cargo"
-    # Look for `Cargo.toml` and `lock` files in the `root` directory
     directory: "/"
-    # Check the crates.io for updates every day (weekdays)
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "cargo"
+    directory: "/rpxy-bin"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "cargo"
+    directory: "/rpxy-lib"
     schedule:
       interval: "daily"
 
   # Enable version updates for Docker
   - package-ecosystem: "docker"
-    # Look for a `Dockerfile` in the `root` directory
-    directory: "/"
-    # Check for updates everyday
+    directory: "/docker"
     schedule:
       interval: "daily"
 
@@ -23,5 +29,4 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      # Check for updates everyday
       interval: "daily"

.github/workflows/ci.yml

@@ -2,16 +2,14 @@ name: Unit Test
 
 on:
   push:
-    branches: [ main, develop ]
   pull_request:
-    branches: [ main, develop ]
+    types: [synchronize, opened]
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   test:
-
     runs-on: ubuntu-latest
 
     steps:

.github/workflows/docker_build_push.yml

@@ -1,11 +1,11 @@
-name: Build and Publish Docker
+name: Build and publish docker
 on:
   push:
     branches:
       - "develop"
       - "main"
-  pull_request:
-    types: [synchronize, opened]
+    tags:
+      - "*.*.*"
 
 env:
   GHCR: ghcr.io
@@ -51,6 +51,43 @@ jobs:
               jqtype/rpxy:s2n
               ghcr.io/junkurihara/rust-rpxy:s2n
 
+          - target: "native-roots"
+            dockerfile: ./docker/Dockerfile
+            platforms: linux/amd64,linux/arm64
+            build-args: |
+              "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
+            tags-suffix: "-native-roots"
+            # Aliases must be used only for release builds
+            aliases: |
+              jqtype/rpxy:native-roots
+              ghcr.io/junkurihara/rust-rpxy:native-roots
+
+          - target: "slim-native-roots"
+            dockerfile: ./docker/Dockerfile-slim
+            build-args: |
+              "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots"
+            build-contexts: |
+              messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
+              messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
+            platforms: linux/amd64,linux/arm64
+            tags-suffix: "-slim-native-roots"
+            # Aliases must be used only for release builds
+            aliases: |
+              jqtype/rpxy:slim-native-roots
+              ghcr.io/junkurihara/rust-rpxy:slim-native-roots
+
+          - target: "s2n-native-roots"
+            dockerfile: ./docker/Dockerfile
+            build-args: |
+              "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-roots"
+              "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
+            platforms: linux/amd64,linux/arm64
+            tags-suffix: "-s2n-native-roots"
+            # Aliases must be used only for release builds
+            aliases: |
+              jqtype/rpxy:s2n-native-roots
+              ghcr.io/junkurihara/rust-rpxy:s2n-native-roots
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -59,46 +96,46 @@ jobs:
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.GHCR }}/${{ env.GHCR_IMAGE_NAME }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.GHCR }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Nightly build test on amd64 for pull requests
-        if: ${{ github.event_name == 'pull_request' }}
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          build-args: ${{ matrix.build-args }}
-          push: false
-          build-contexts: ${{ matrix.build-contexts }}
-          file: ${{ matrix.dockerfile }}
-          cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }}
-          cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }}
-          platforms: linux/amd64
-          labels: ${{ steps.meta.outputs.labels }}
+      # - name: Nightly build test on amd64 for pull requests
+      #   if: ${{ github.event_name == 'pull_request' }}
+      #   uses: docker/build-push-action@v5
+      #   with:
+      #     context: .
+      #     build-args: ${{ matrix.build-args }}
+      #     push: false
+      #     build-contexts: ${{ matrix.build-contexts }}
+      #     file: ${{ matrix.dockerfile }}
+      #     cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }}
+      #     cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }}
+      #     platforms: linux/amd64
+      #     labels: ${{ steps.meta.outputs.labels }}
 
       - name: Nightly build and push from develop branch
         if: ${{ (github.ref_name == 'develop') && (github.event_name == 'push') }}
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: ${{ matrix.build-args }}
@@ -115,7 +152,7 @@ jobs:
 
       - name: Release build and push from main branch
         if: ${{ (github.ref_name == 'main') && (github.event_name == 'push') }}
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: ${{ matrix.build-args }}

.github/workflows/release.yml

@@ -0,0 +1,128 @@
+name: Extract executable binary, upload artifacts, create release
+on:
+  workflow_run:
+    workflows:
+      - "Build and publish docker"
+    types:
+      - "completed"
+
+jobs:
+  on-success:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - target: "gnu"
+            platform: linux/amd64
+
+          - target: "gnu"
+            platform: linux/arm64
+
+          - target: "musl"
+            platform: linux/amd64
+            tags-suffix: "-slim"
+
+          - target: "musl"
+            platform: linux/arm64
+            tags-suffix: "-slim"
+
+          - target: "gnu"
+            build-feature: "-s2n"
+            platform: linux/amd64
+            tags-suffix: "-s2n"
+
+          - target: "gnu"
+            build-feature: "-s2n"
+            platform: linux/arm64
+            tags-suffix: "-s2n"
+
+          - target: "gnu"
+            build-feature: "-native-roots"
+            platform: linux/amd64
+            tags-suffix: "-native-roots"
+
+          - target: "gnu"
+            build-feature: "-native-roots"
+            platform: linux/arm64
+            tags-suffix: "-native-roots"
+
+          - target: "musl"
+            build-feature: "-native-roots"
+            platform: linux/amd64
+            tags-suffix: "-slim-native-roots"
+
+          - target: "musl"
+            build-feature: "-native-roots"
+            platform: linux/arm64
+            tags-suffix: "-slim-native-roots"
+
+          - target: "gnu"
+            build-feature: "-s2n-native-roots"
+            platform: linux/amd64
+            tags-suffix: "-s2n-native-roots"
+
+          - target: "gnu"
+            build-feature: "-s2n-native-roots"
+            platform: linux/arm64
+            tags-suffix: "-s2n-native-roots"
+
+    steps:
+      - run: "echo 'The relese triggering workflows passed'"
+      - name: "set env"
+        run: |
+          if [ ${{ matrix.platform }} = "linux/amd64" ];then PLATFORM_MAP="x86_64";else PLATFORM_MAP="aarch64";fi
+          if [ ${{ github.ref_name == 'develop' }} ];then BUILD_NAME="rpxy-nightly";else BUILD_NAME="rpxy";fi
+          echo "PLATFORM_MAP=${PLATFORM_MAP}" >> $GITHUB_ENV
+          echo "TARGET_NAME=${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_ENV
+
+      - name: "docker pull and extract binary from docker image"
+        id: "extract-binary"
+        run: |
+          CONTAINER_ID=`docker create --platform=${{ matrix.platform }} ghcr.io/junkurihara/rust-rpxy:nightly${{ matrix.tags-suffix }}`
+          docker cp ${CONTAINER_ID}:/rpxy/bin/rpxy /tmp/${TARGET_NAME}
+          cd /tmp
+          echo "artifact=${TARGET_NAME}" >> $GITHUB_OUTPUT
+
+      - name: "upload artifacts"
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ steps.extract-binary.outputs.artifact }}
+          path: "/tmp/${{ steps.extract-binary.outputs.artifact }}"
+
+  on-failure:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+    steps:
+      - run: echo 'The release triggering workflows failed'
+
+  release:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: on-success
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+
+      - name: download artifacts
+        uses: actions/download-artifact@v3
+        with:
+          path: /tmp/rpxy
+
+      - name: make tar.gz of assets
+        run: |
+          mkdir /tmp/assets
+          cd /tmp/rpxy
+          for i in ./*; do sh -c "cd $i && tar zcvf $i.tar.gz $i && mv $i.tar.gz /tmp/assets/"; done
+          ls -lha /tmp/assets
+
+      - name: release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          files: /tmp/assets/*.tar.gz
+          tag_name: ${{ github.ref }}
+          draft: true
+          prerelease: false
+          generate_release_notes: true

CHANGELOG.md

@@ -2,6 +2,14 @@
 
 ## 0.7.0  (unreleased)
 
+## 0.6.2
+
+### Improvement
+
+- Feat: Add a build feature of `native-roots` to use the system's default root cert store.
+- Feat: Add binary release in addition to container release
+- Refactor: lots of minor improvements
+
 ## 0.6.1
 
 ### Bugfix

docker/Dockerfile-slim

@@ -4,6 +4,8 @@ FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:${TARGETARCH}-musl AS bu
 LABEL maintainer="Jun Kurihara"
 
 ARG TARGETARCH
+ARG CARGO_FEATURES
+ENV CARGO_FEATURES ${CARGO_FEATURES}
 
 RUN if [ $TARGETARCH = "amd64" ]; then \
   echo "x86_64" > /arch; \
@@ -23,7 +25,7 @@ COPY . /tmp/
 ENV RUSTFLAGS "-C link-arg=-s"
 
 RUN echo "Building rpxy from source" && \
-  cargo build --release --target $(cat /arch)-unknown-linux-musl && \
+  cargo build --release --target $(cat /arch)-unknown-linux-musl ${CARGO_FEATURES} && \
   musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \
   cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy
 

docker/docker-compose-slim.yml

@@ -9,15 +9,17 @@ services:
       - 127.0.0.1:8080:8080/tcp
       - 127.0.0.1:8443:8443/udp
       - 127.0.0.1:8443:8443/tcp
-    # build: # Uncomment if you build yourself
-    #   context: ../
-    #   additional_contexts:
-    #     - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
-    #     - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
-    #   dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl
-    #   platforms: # Choose your platforms
+    build: # Uncomment if you build yourself
+      context: ../
+      additional_contexts:
+        - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl
+        - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl
+      # args: # Uncomment when build with native cert store
+      #   - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots"
+      dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl
+      platforms: # Choose your platforms
         # - "linux/amd64"
-    #     # - "linux/arm64"
+        - "linux/arm64"
     environment:
       - LOG_LEVEL=debug
       - LOG_TO_FILE=true

docker/docker-compose.yml

@@ -9,15 +9,17 @@ services:
       - 127.0.0.1:8080:8080/tcp
       - 127.0.0.1:8443:8443/udp
       - 127.0.0.1:8443:8443/tcp
-    # build: # Uncomment if you build yourself
-    #   context: ../
+    build: # Uncomment if you build yourself
+      context: ../
       # args: # Uncomment when build quic-s2n version
-    #     - "CARGO_FEATURES=--no-default-features --features http3-s2n"
+      #   - "CARGO_FEATURES=--no-default-features --features=http3-s2n"
       #   - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++"
-    #   dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu
-    #   platforms: # Choose your platforms
+      # args: # Uncomment when build with native cert store
+      #   - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots"
+      dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu
+      platforms: # Choose your platforms
         # - "linux/amd64"
-    #     # - "linux/arm64"
+        - "linux/arm64"
     environment:
       - LOG_LEVEL=debug
       - LOG_TO_FILE=true

rpxy-bin/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rpxy"
-version = "0.6.1"
+version = "0.6.2"
 authors = ["Jun Kurihara"]
 homepage = "https://github.com/junkurihara/rust-rpxy"
 repository = "https://github.com/junkurihara/rust-rpxy"
@@ -16,6 +16,7 @@ default = ["http3-quinn", "cache"]
 http3-quinn = ["rpxy-lib/http3-quinn"]
 http3-s2n = ["rpxy-lib/http3-s2n"]
 cache = ["rpxy-lib/cache"]
+native-roots = ["rpxy-lib/native-roots"]
 
 [dependencies]
 rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [
@@ -26,7 +27,7 @@ anyhow = "1.0.75"
 rustc-hash = "1.1.0"
 serde = { version = "1.0.188", default-features = false, features = ["derive"] }
 derive_builder = "0.12.0"
-tokio = { version = "1.32.0", default-features = false, features = [
+tokio = { version = "1.33.0", default-features = false, features = [
   "net",
   "rt-multi-thread",
   "time",
@@ -38,8 +39,8 @@ rustls-pemfile = "1.0.3"
 mimalloc = { version = "*", default-features = false }
 
 # config
-clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] }
-toml = { version = "0.7.8", default-features = false, features = ["parse"] }
+clap = { version = "4.4.6", features = ["std", "cargo", "wrap_help"] }
+toml = { version = "0.8", default-features = false, features = ["parse"] }
 hot_reload = "0.1.4"
 
 # logging

rpxy-lib/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rpxy-lib"
-version = "0.6.1"
+version = "0.6.2"
 authors = ["Jun Kurihara"]
 homepage = "https://github.com/junkurihara/rust-rpxy"
 repository = "https://github.com/junkurihara/rust-rpxy"
@@ -17,6 +17,7 @@ http3-quinn = ["quinn", "h3", "h3-quinn", "socket2"]
 http3-s2n = ["h3", "s2n-quic", "s2n-quic-rustls", "s2n-quic-h3"]
 sticky-cookie = ["base64", "sha2", "chrono"]
 cache = ["http-cache-semantics", "lru"]
+native-roots = ["hyper-rustls/native-tokio"]
 
 [dependencies]
 rand = "0.8.5"
@@ -24,7 +25,7 @@ rustc-hash = "1.1.0"
 bytes = "1.5.0"
 derive_builder = "0.12.0"
 futures = { version = "0.3.28", features = ["alloc", "async-await"] }
-tokio = { version = "1.32.0", default-features = false, features = [
+tokio = { version = "1.33.0", default-features = false, features = [
   "net",
   "rt-multi-thread",
   "time",
@@ -37,7 +38,7 @@ hot_reload = "0.1.4" # reloading certs
 
 # Error handling
 anyhow = "1.0.75"
-thiserror = "1.0.48"
+thiserror = "1.0.49"
 
 # http and tls
 hyper = { version = "0.14.27", default-features = false, features = [
@@ -54,7 +55,7 @@ hyper-rustls = { version = "0.24.1", default-features = false, features = [
 ] }
 tokio-rustls = { version = "0.24.1", features = ["early-data"] }
 rustls = { version = "0.21.7", default-features = false }
-webpki = "0.22.1"
+webpki = "0.22.4"
 x509-parser = "0.15.1"
 
 # logging
@@ -67,7 +68,7 @@ h3 = { path = "../submodules/h3/h3/", optional = true }
 # h3-quinn = { path = "./h3/h3-quinn/", optional = true }
 h3-quinn = { path = "../submodules/h3-quinn/", optional = true } # Tentative to support rustls-0.21
 # for UDP socket wit SO_REUSEADDR when h3 with quinn
-socket2 = { version = "0.5.3", features = ["all"], optional = true }
+socket2 = { version = "0.5.4", features = ["all"], optional = true }
 s2n-quic = { path = "../submodules/s2n-quic/quic/s2n-quic/", default-features = false, features = [
   "provider-tls-rustls",
 ], optional = true }
@@ -76,16 +77,16 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio
 
 # cache
 http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true }
-lru = { version = "0.11.1", optional = true }
+lru = { version = "0.12.0", optional = true }
 
 # cookie handling for sticky cookie
-chrono = { version = "0.4.30", default-features = false, features = [
+chrono = { version = "0.4.31", default-features = false, features = [
   "unstable-locales",
   "alloc",
   "clock",
 ], optional = true }
-base64 = { version = "0.21.3", optional = true }
-sha2 = { version = "0.10.7", default-features = false, optional = true }
+base64 = { version = "0.21.4", optional = true }
+sha2 = { version = "0.10.8", default-features = false, optional = true }
 
 
 [dev-dependencies]

rpxy-lib/src/handler/forwarder.rs

@@ -1,8 +1,6 @@
 #[cfg(feature = "cache")]
 use super::cache::{get_policy_if_cacheable, RpxyCache};
-#[cfg(feature = "cache")]
-use crate::log::*;
-use crate::{error::RpxyError, globals::Globals, CryptoSource};
+use crate::{error::RpxyError, globals::Globals, log::*, CryptoSource};
 use async_trait::async_trait;
 #[cfg(feature = "cache")]
 use bytes::Buf;
@@ -118,18 +116,22 @@ where
 impl Forwarder<HttpsConnector<HttpConnector>, Body> {
   /// Build forwarder
   pub async fn new<T: CryptoSource>(_globals: &std::sync::Arc<Globals<T>>) -> Self {
-    // let connector = TrustDnsResolver::default().into_rustls_webpki_https_connector();
-    let connector = hyper_rustls::HttpsConnectorBuilder::new()
-      .with_webpki_roots()
-      .https_or_http()
-      .enable_http1()
-      .enable_http2()
-      .build();
-    let connector_h2 = hyper_rustls::HttpsConnectorBuilder::new()
-      .with_webpki_roots()
-      .https_or_http()
-      .enable_http2()
-      .build();
+    #[cfg(feature = "native-roots")]
+    let builder = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots();
+    #[cfg(feature = "native-roots")]
+    let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots();
+    #[cfg(feature = "native-roots")]
+    info!("Native cert store is used for the connection to backend applications");
+
+    #[cfg(not(feature = "native-roots"))]
+    let builder = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
+    #[cfg(not(feature = "native-roots"))]
+    let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_webpki_roots();
+    #[cfg(not(feature = "native-roots"))]
+    info!("Mozilla WebPKI root certs is used for the connection to backend applications");
+
+    let connector = builder.https_or_http().enable_http1().enable_http2().build();
+    let connector_h2 = builder_h2.https_or_http().enable_http2().build();
 
     let inner = Client::builder().build::<_, Body>(connector);
     let inner_h2 = Client::builder().http2_only(true).build::<_, Body>(connector_h2);

rpxy-lib/src/proxy/proxy_tls.rs

@@ -46,13 +46,13 @@ where
             let client_hello = start.client_hello();
             let server_name = client_hello.server_name();
             debug!("HTTP/2 or 1.1: SNI in ClientHello: {:?}", server_name);
-            let server_name = server_name.map_or_else(|| None, |v| Some(v.to_server_name_vec()));
-            if server_name.is_none(){
+            let server_name_in_bytes = server_name.map_or_else(|| None, |v| Some(v.to_server_name_vec()));
+            if server_name_in_bytes.is_none(){
               return Err(RpxyError::Proxy("No SNI is given".to_string()));
             }
-            let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name.as_ref().unwrap());
+            let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name_in_bytes.as_ref().unwrap());
             if server_crypto.is_none() {
-              return Err(RpxyError::Proxy(format!("No TLS serving app for {:?}", "xx")));
+              return Err(RpxyError::Proxy(format!("No TLS serving app for {:?}", server_name.unwrap())));
             }
             let stream = match start.into_stream(server_crypto.unwrap().clone()).await {
               Ok(s) => s,
@@ -60,7 +60,7 @@ where
                 return Err(RpxyError::Proxy(format!("Failed to handshake TLS: {e}")));
               }
             };
-            self_inner.client_serve(stream, server_clone, client_addr, server_name);
+            self_inner.client_serve(stream, server_clone, client_addr, server_name_in_bytes);
             Ok(())
           };
 

submodules/quinn

@@ -1 +1 @@
-Subproject commit 5d4d58387d77db952c47168ed2185b6a38b8717a
+Subproject commit e1e1e6e392a382fbded42ca010505fecb8fe3655

submodules/s2n-quic

@@ -1 +1 @@
-Subproject commit 9fd762a538924f943c4c8ae0aae95337635fb485
+Subproject commit c88e64b6c58891651954834207d974de80e9bba8