[isar-cip-core][PATCH v2 0/5] Rework image classes

[isar-cip-core][PATCH v2 0/5] Rework image classes

[Felix Moessbauer]

Changes since v1:

- separation of concerns: do not append to :wic typedep in :swu [1]

This series reworks the image classes so that they are fully based on
the existing imagetypes infrastructure. Issues with swupdate on non
default partition layouts are solved by directly using the underlying
image / rootfs variant instead of a fixed wic partition. To support
further customizations, an interface is provided to select the type of
the rootfs image (e.g. squashfs). The verity class then uses this interface
to configure the swu.

[1] As we now use the image (e.g. squashfs / verity) directly to create
the swu file, we also explicity need that image type (compressed).
For wic, we now explicitly have to state the imagetype again, as we copy
that into one of the partitions (but this is not an aspect of the swu type).
In addition, we cannot simply always add that type to IMAGE_TYPEDEP:wic, as
otherwise always a squashfs is built when the swupdate.bbclass is included.
One key aspect of the imagetypes is that they are non-intrusive. By that,
the classes can always be added and only become into effect when selecting
the corresponding type.

Best regards,
Felix Moessbauer
Siemens AG

Felix Moessbauer (5):
  register image classes via layer.conf
  refactor: use imagetypes for swu generation
  swu: directly image from squashfs rootfs
  swupdate: only check partition uuids on swupdate
  refactor verity image creation

 classes/swupdate.bbclass             | 30 ++++++++++++++++++++--------
 classes/verity.bbclass               |  7 +------
 conf/layer.conf                      |  2 ++
 kas/opt/ebg-secure-boot-snakeoil.yml |  2 +-
 kas/opt/swupdate.yml                 |  4 +---
 recipes-core/images/swupdate.inc     | 20 -------------------
 6 files changed, 27 insertions(+), 38 deletions(-)

-- 
2.34.1

[isar-cip-core][PATCH v2 1/5] register image classes via layer.conf

[Felix Moessbauer]

This patch registers the provided image classes via the bblayer.conf
file. By that, no manual additions of these classes via kas is required
and erronous implementations are detected early (e.g. mandatory inputs
without defaults).

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 conf/layer.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/conf/layer.conf b/conf/layer.conf
index 0c5fd39..2c888b2 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -22,3 +22,5 @@ LAYERSERIES_COMPAT_cip-core = "next"
 
 LAYERDIR_cip-core = "${LAYERDIR}"
 LAYERDIR_cip-core[vardepvalue] = "isar-cip-core"
+
+IMAGE_CLASSES += "squashfs verity swupdate"
-- 
2.34.1

[isar-cip-core][PATCH v2 2/5] refactor: use imagetypes for swu generation

[Felix Moessbauer]

This patch reworks the implementation of the swupdate type.
All generic aspects are moved from the swupdate.inc file into the
swupdate class and made conditional on the swu type.
The sw-description file is now referenced using the image-type
infrastructure, which avoids manual additions to FILESEXTRAPATHS and
accidental overwrites of SRC_URI. The templating logic is moved into the
generic one provided by imagetypes.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass         | 22 +++++++++++++---------
 kas/opt/swupdate.yml             |  5 +----
 recipes-core/images/swupdate.inc | 14 --------------
 3 files changed, 14 insertions(+), 27 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 5eb4936..2e32729 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -8,23 +8,29 @@
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
 #
 # SPDX-License-Identifier: MIT
+ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
 
 SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-${MACHINE}.swu"
 SWU_DESCRIPTION_FILE ?= "sw-description"
-SWU_ADDITIONAL_FILES ?= ""
+SWU_ADDITIONAL_FILES ?= "linux.efi ${ROOTFS_PARTITION_NAME}"
 SWU_SIGNED ?= ""
 SWU_SIGNATURE_EXT ?= "sig"
 SWU_SIGNATURE_TYPE ?= "rsa"
 
 BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
 
-IMAGER_INSTALL += "cpio"
-IMAGER_INSTALL += "${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
+IMAGE_TYPEDEP:wic += "squashfs"
+IMAGE_TYPEDEP:swu = "wic"
+IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
 
-do_swupdate_binary[stamp-extra-info] = "${DISTRO}-${MACHINE}"
-do_swupdate_binary[cleandirs] += "${WORKDIR}/swu"
-do_swupdate_binary[network] = "${TASK_USE_SUDO}"
-do_swupdate_binary() {
+IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
+IMAGE_TEMPLATE_FILES:swu = "${SWU_DESCRIPTION_FILE}.tmpl"
+IMAGE_TEMPLATE_VARS:swu = "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
+
+do_image_swu[stamp-extra-info] = "${DISTRO}-${MACHINE}"
+do_image_swu[cleandirs] += "${WORKDIR}/swu"
+IMAGE_CMD:swu[depends] = "${PN}:do_transform_template"
+IMAGE_CMD:swu() {
     rm -f '${SWU_IMAGE_FILE}'
     cp '${WORKDIR}/${SWU_DESCRIPTION_FILE}' '${WORKDIR}/swu/${SWU_DESCRIPTION_FILE}'
 
@@ -91,5 +97,3 @@ do_swupdate_binary() {
            fi
         done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
 }
-
-addtask swupdate_binary before do_build after do_deploy do_copy_boot_files do_install_imager_deps do_transform_template
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index ae5e3a1..80cd86e 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -19,11 +19,8 @@ local_conf_header:
     CIP_IMAGE_OPTIONS:append = " swupdate.inc"
 
   wic-swu: |
-    IMAGE_CLASSES += "squashfs"
-    IMAGE_TYPEDEP:wic += "squashfs"
-    IMAGE_FSTYPES = "wic"
+    IMAGE_FSTYPES += "swu"
     WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
     INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
-    WIC_DEPLOY_PARTITIONS = "1"
     ABROOTFS_PART_UUID_A ?= "fedcba98-7654-3210-cafe-5e0710000001"
     ABROOTFS_PART_UUID_B ?= "fedcba98-7654-3210-cafe-5e0710000002"
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index ee893dd..20ed600 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -16,20 +16,6 @@ inherit read-only-rootfs
 IMAGE_INSTALL += " swupdate"
 IMAGE_INSTALL += " swupdate-handler-roundrobin"
 
-ROOTFS_PARTITION_NAME = "${IMAGE_FULLNAME}.wic.p4.gz"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
-
-SRC_URI += "file://sw-description.tmpl"
-TEMPLATE_FILES += "sw-description.tmpl"
-
-do_transform_template[vardeps] += "TARGET_IMAGE_UUID"
-addtask do_transform_template before do_swupdate_binary after do_generate_image_uuid
-
-TEMPLATE_VARS += "ROOTFS_PARTITION_NAME TARGET_IMAGE_UUID ABROOTFS_PART_UUID_A ABROOTFS_PART_UUID_B"
-
-SWU_ADDITIONAL_FILES += "linux.efi ${ROOTFS_PARTITION_NAME}"
-
 python() {
     for u in ['A', 'B']:
         if not d.getVar('ABROOTFS_PART_UUID_' + u):
-- 
2.34.1

[isar-cip-core][PATCH v2 3/5] swu: directly image from squashfs rootfs

[Felix Moessbauer]

This patch reworks the generation of the swu file. Instead of using the
rootfs partition created by wic, we directly use the squashfs rootfs as
default. By that, we do not have to deploy the WIC partitions and also
always select the correct rootfs independent of the partition number.
This is especially relevant for embedded boards, where the first
partitions contain the u-boot-spl and firmware.

For use-cases with other fs formats (like verity), we support to
overwrite the SWU_ROOTFS_NAME and SWU_ROOTFS_TYPE.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass             | 8 +++++---
 kas/opt/ebg-secure-boot-snakeoil.yml | 1 +
 kas/opt/swupdate.yml                 | 1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 2e32729..451dee6 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -6,9 +6,12 @@
 # Authors:
 #  Christian Storm <christian.storm@siemens.com>
 #  Quirin Gylstorff <quirin.gylstorff@siemens.com>
+#  Felix Moessbauer <felix.moessbauer@siemens.com>
 #
 # SPDX-License-Identifier: MIT
-ROOTFS_PARTITION_NAME ?= "${IMAGE_FULLNAME}.wic.p4.gz"
+SWU_ROOTFS_TYPE ?= "squashfs"
+SWU_ROOTFS_NAME ?= "${IMAGE_FULLNAME}"
+ROOTFS_PARTITION_NAME ?= "${SWU_ROOTFS_NAME}.${SWU_ROOTFS_TYPE}.gz"
 
 SWU_IMAGE_FILE ?= "${DEPLOY_DIR_IMAGE}/${PN}-${DISTRO}-${MACHINE}.swu"
 SWU_DESCRIPTION_FILE ?= "sw-description"
@@ -19,8 +22,7 @@ SWU_SIGNATURE_TYPE ?= "rsa"
 
 BUILDCHROOT_IMAGE_FILE ?= "${PP_DEPLOY}/${@os.path.basename(d.getVar('SWU_IMAGE_FILE'))}"
 
-IMAGE_TYPEDEP:wic += "squashfs"
-IMAGE_TYPEDEP:swu = "wic"
+IMAGE_TYPEDEP:swu = "wic ${SWU_ROOTFS_TYPE}.gz"
 IMAGER_INSTALL:swu += "cpio ${@'openssl' if bb.utils.to_boolean(d.getVar('SWU_SIGNED')) else ''}"
 
 IMAGE_SRC_URI:swu = "file://${SWU_DESCRIPTION_FILE}.tmpl"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index a182a67..8f2b7bb 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -19,6 +19,7 @@ local_conf_header:
     IMAGE_CLASSES += "verity"
     IMAGE_FSTYPES = "wic"
     IMAGE_TYPEDEP:wic += "verity"
+    SWU_ROOTFS_TYPE = "verity"
     WKS_FILE = "${MACHINE}-efibootguard-secureboot.wks.in"
     INITRAMFS_INSTALL:append = " initramfs-verity-hook"
     # abrootfs cannot be installed together with verity
diff --git a/kas/opt/swupdate.yml b/kas/opt/swupdate.yml
index 80cd86e..236b3c4 100644
--- a/kas/opt/swupdate.yml
+++ b/kas/opt/swupdate.yml
@@ -19,6 +19,7 @@ local_conf_header:
     CIP_IMAGE_OPTIONS:append = " swupdate.inc"
 
   wic-swu: |
+    IMAGE_TYPEDEP:wic += "squashfs"
     IMAGE_FSTYPES += "swu"
     WKS_FILE ?= "${MACHINE}-${SWUPDATE_BOOTLOADER}.wks.in"
     INITRAMFS_INSTALL:append = " initramfs-squashfs-hook"
-- 
2.34.1

[isar-cip-core][PATCH v2 4/5] swupdate: only check partition uuids on swupdate

[Felix Moessbauer]

This patch moves the partition uuid check into a task to only execute
the logic in case an swu image is built. Previously this was checked at
parse time, leading to errors when not setting these variables and
building an image without swupdate support from an layer that also
provides images with swupdate support.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/swupdate.bbclass         | 8 ++++++++
 recipes-core/images/swupdate.inc | 6 ------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/classes/swupdate.bbclass b/classes/swupdate.bbclass
index 451dee6..6e117bd 100644
--- a/classes/swupdate.bbclass
+++ b/classes/swupdate.bbclass
@@ -99,3 +99,11 @@ IMAGE_CMD:swu() {
            fi
         done | cpio -ovL -H crc > "${BUILDCHROOT_IMAGE_FILE}"'
 }
+
+python do_check_swu_partition_uuids() {
+    for u in ['A', 'B']:
+        if not d.getVar('ABROOTFS_PART_UUID_' + u):
+            bb.fatal('ABROOTFS_PART_UUID_' + u + ' not set')
+}
+
+addtask check_swu_partition_uuids before do_image_swu
diff --git a/recipes-core/images/swupdate.inc b/recipes-core/images/swupdate.inc
index 20ed600..3ec7767 100644
--- a/recipes-core/images/swupdate.inc
+++ b/recipes-core/images/swupdate.inc
@@ -15,9 +15,3 @@ inherit read-only-rootfs
 
 IMAGE_INSTALL += " swupdate"
 IMAGE_INSTALL += " swupdate-handler-roundrobin"
-
-python() {
-    for u in ['A', 'B']:
-        if not d.getVar('ABROOTFS_PART_UUID_' + u):
-            bb.fatal('ABROOTFS_PART_UUID_' + u + ' not set')
-}
-- 
2.34.1

[isar-cip-core][PATCH v2 5/5] refactor verity image creation

[Felix Moessbauer]

This patch simplifies the integration of verity with swupdate.
We now directly copy the generated verity image into the swu file,
instead of going via wic. This solves the issue with leading partitions,
shifting the partition layout and resulting in a wrong partition in the
swu file. Further, we cleanup some duplicated variables.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 classes/verity.bbclass               | 7 +------
 kas/opt/ebg-secure-boot-snakeoil.yml | 1 -
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/classes/verity.bbclass b/classes/verity.bbclass
index 154b9e1..747a7ae 100644
--- a/classes/verity.bbclass
+++ b/classes/verity.bbclass
@@ -9,21 +9,16 @@
 # SPDX-License-Identifier: MIT
 #
 
-VERITY_IMAGE_TYPE ?= "squashfs"
-
-inherit ${VERITY_IMAGE_TYPE}
-
 IMAGE_TYPEDEP:verity = "${VERITY_IMAGE_TYPE}"
 IMAGER_INSTALL:verity += "cryptsetup"
 
+VERITY_IMAGE_TYPE ?= "squashfs"
 VERITY_INPUT_IMAGE ?= "${IMAGE_FULLNAME}.${VERITY_IMAGE_TYPE}"
 VERITY_OUTPUT_IMAGE ?= "${IMAGE_FULLNAME}.verity"
 VERITY_IMAGE_METADATA = "${VERITY_OUTPUT_IMAGE}.metadata"
 VERITY_HASH_BLOCK_SIZE ?= "1024"
 VERITY_DATA_BLOCK_SIZE ?= "1024"
 
-IMAGER_INSTALL += "cryptsetup"
-
 create_verity_env_file() {
 
     local ENV="${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.verity.env"
diff --git a/kas/opt/ebg-secure-boot-snakeoil.yml b/kas/opt/ebg-secure-boot-snakeoil.yml
index 8f2b7bb..3d0e3c9 100644
--- a/kas/opt/ebg-secure-boot-snakeoil.yml
+++ b/kas/opt/ebg-secure-boot-snakeoil.yml
@@ -16,7 +16,6 @@ header:
 
 local_conf_header:
   secure-boot-image: |
-    IMAGE_CLASSES += "verity"
     IMAGE_FSTYPES = "wic"
     IMAGE_TYPEDEP:wic += "verity"
     SWU_ROOTFS_TYPE = "verity"
-- 
2.34.1

Re: [isar-cip-core][PATCH v2 1/5] register image classes via layer.conf

[Gylstorff Quirin]

[-- Attachment #1: Type: text/plain, Size: 837 bytes --]



On 2/10/23 07:44, Felix Moessbauer wrote:
> This patch registers the provided image classes via the bblayer.conf
> file. By that, no manual additions of these classes via kas is required
> and erronous implementations are detected early (e.g. mandatory inputs
> without defaults).
> 
> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> ---
>   conf/layer.conf | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/conf/layer.conf b/conf/layer.conf
> index 0c5fd39..2c888b2 100644
> --- a/conf/layer.conf
> +++ b/conf/layer.conf
> @@ -22,3 +22,5 @@ LAYERSERIES_COMPAT_cip-core = "next"
>   
>   LAYERDIR_cip-core = "${LAYERDIR}"
>   LAYERDIR_cip-core[vardepvalue] = "isar-cip-core"
> +
> +IMAGE_CLASSES += "squashfs verity swupdate"
The Class swupdate is only available after patch 2 if I see it correctly.
Quirin

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 7613 bytes --]

Re: [isar-cip-core][PATCH v2 1/5] register image classes via layer.conf

[Moessbauer, Felix]

On Fri, 2023-02-10 at 09:18 +0100, Gylstorff Quirin wrote:
> 
> 
> On 2/10/23 07:44, Felix Moessbauer wrote:
> > This patch registers the provided image classes via the
> > bblayer.conf
> > file. By that, no manual additions of these classes via kas is
> > required
> > and erronous implementations are detected early (e.g. mandatory
> > inputs
> > without defaults).
> > 
> > Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
> > ---
> >   conf/layer.conf | 2 ++
> >   1 file changed, 2 insertions(+)
> > 
> > diff --git a/conf/layer.conf b/conf/layer.conf
> > index 0c5fd39..2c888b2 100644
> > --- a/conf/layer.conf
> > +++ b/conf/layer.conf
> > @@ -22,3 +22,5 @@ LAYERSERIES_COMPAT_cip-core = "next"
> >   
> >   LAYERDIR_cip-core = "${LAYERDIR}"
> >   LAYERDIR_cip-core[vardepvalue] = "isar-cip-core"
> > +
> > +IMAGE_CLASSES += "squashfs verity swupdate"
> The Class swupdate is only available after patch 2 if I see it
> correctly.
> Quirin

Why do you think so? The swupdate class existed before. I just moved
parts over to it, but the core logic has long been in the
swupdate.bbclass.

Felix

Re: [isar-cip-core][PATCH v2 1/5] register image classes via layer.conf

[Gylstorff Quirin]

[-- Attachment #1: Type: text/plain, Size: 1311 bytes --]



On 2/10/23 09:29, Moessbauer, Felix (T CED INW-CN) wrote:
> On Fri, 2023-02-10 at 09:18 +0100, Gylstorff Quirin wrote:
>>
>>
>> On 2/10/23 07:44, Felix Moessbauer wrote:
>>> This patch registers the provided image classes via the
>>> bblayer.conf
>>> file. By that, no manual additions of these classes via kas is
>>> required
>>> and erronous implementations are detected early (e.g. mandatory
>>> inputs
>>> without defaults).
>>>
>>> Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
>>> ---
>>>    conf/layer.conf | 2 ++
>>>    1 file changed, 2 insertions(+)
>>>
>>> diff --git a/conf/layer.conf b/conf/layer.conf
>>> index 0c5fd39..2c888b2 100644
>>> --- a/conf/layer.conf
>>> +++ b/conf/layer.conf
>>> @@ -22,3 +22,5 @@ LAYERSERIES_COMPAT_cip-core = "next"
>>>
>>>    LAYERDIR_cip-core = "${LAYERDIR}"
>>>    LAYERDIR_cip-core[vardepvalue] = "isar-cip-core"
>>> +
>>> +IMAGE_CLASSES += "squashfs verity swupdate"
>> The Class swupdate is only available after patch 2 if I see it
>> correctly.
>> Quirin
> 
> Why do you think so? The swupdate class existed before. I just moved
> parts over to it, but the core logic has long been in the
> swupdate.bbclass.

swupdate.bbclass did not follow the pattern for IMAGE_CLASSES before 
patch 2. But this only nitpicking :-)

Quirin

> 
> Felix
> 

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 7613 bytes --]

Re: [isar-cip-core][PATCH v2 0/5] Rework image classes

[Schmidt, Adriaan]

Hi Felix,
Had a quick review regarding the use of imagetypes and dependency mechanisms,
and it looks good to me (infrastructure used as intended, and resulting code
seems simpler than before :).
Ack,
Adriaan


Moessbauer, Felix <felix.moessbauer@siemens.com>,Freitag, 10. Februar 2023 07:45:
> 
> Changes since v1:
> 
> - separation of concerns: do not append to :wic typedep in :swu [1]
> 
> This series reworks the image classes so that they are fully based on
> the existing imagetypes infrastructure. Issues with swupdate on non
> default partition layouts are solved by directly using the underlying
> image / rootfs variant instead of a fixed wic partition. To support
> further customizations, an interface is provided to select the type of
> the rootfs image (e.g. squashfs). The verity class then uses this interface
> to configure the swu.
> 
> [1] As we now use the image (e.g. squashfs / verity) directly to create
> the swu file, we also explicity need that image type (compressed).
> For wic, we now explicitly have to state the imagetype again, as we copy
> that into one of the partitions (but this is not an aspect of the swu type).
> In addition, we cannot simply always add that type to IMAGE_TYPEDEP:wic, as
> otherwise always a squashfs is built when the swupdate.bbclass is included.
> One key aspect of the imagetypes is that they are non-intrusive. By that,
> the classes can always be added and only become into effect when selecting
> the corresponding type.
> 
> Best regards,
> Felix Moessbauer
> Siemens AG
> 
> Felix Moessbauer (5):
>   register image classes via layer.conf
>   refactor: use imagetypes for swu generation
>   swu: directly image from squashfs rootfs
>   swupdate: only check partition uuids on swupdate
>   refactor verity image creation
> 
>  classes/swupdate.bbclass             | 30 ++++++++++++++++++++--------
>  classes/verity.bbclass               |  7 +------
>  conf/layer.conf                      |  2 ++
>  kas/opt/ebg-secure-boot-snakeoil.yml |  2 +-
>  kas/opt/swupdate.yml                 |  4 +---
>  recipes-core/images/swupdate.inc     | 20 -------------------
>  6 files changed, 27 insertions(+), 38 deletions(-)
> 
> --
> 2.34.1