search

chrisstaite / DoTe

A simple DNS wrapping server to forward UDP requests to a DNS over TLS server
MIT License
43 stars 4 forks source link

No connection when running #17

Closed shaft8472 closed 2 years ago

shaft8472 commented 2 years ago

Hello,

This is the script I'm running if I need an update:

#!/bin/sh

set -e

tmpdir="$(mktemp -d)"
curl -sSLo "${tmpdir}/dote" https://github.com/chrisstaite/DoTe/releases/latest/download/dote_arm64

cat > "${tmpdir}/Dockerfile" <<EOF
FROM pihole/pihole:latest
ENV DOTE_OPTS="-s 127.0.0.1:5053"
COPY dote /opt/dote
RUN chmod +x /opt/dote && echo -e  "#!/bin/sh\n/opt/dote \\\$DOTE_OPTS -d\n" > /etc/cont-init.d/10-dote.sh
EOF

podman pull pihole/pihole:latest
podman build -t pihole:latest --format docker -f "${tmpdir}/Dockerfile" "${tmpdir}"
rm -rf "${tmpdir}"

set +e

podman stop pihole
podman rm pihole
podman run -d --network dns --restart always \
    --name pihole \
    -e TZ="Europe/Amsterdam" \
    -v "/mnt/data/etc-pihole/:/etc/pihole/" \
    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 \
    --hostname Marauder \
    -e DOTE_OPTS="-s 127.0.0.1:5053 -m 10" \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e PIHOLE_DNS_="127.0.0.1#5053" \
    -e ServerIP="192.168.205.101" \
    -e IPv6="False" \
    pihole:latest

But, my devices cannot connect to the internet. It seems DoTe is not running and thus not resolving. The system works if I change the DNS servers to for example 1.1.1.1 or 8.8.8.8.

What am I doing wrong?

chrisstaite commented 2 years ago

Your /etc/cont-init.d/10-dote.sh is not marked executable.

shaft8472 commented 2 years ago

Hmm, you brought me closer. The thing is, there is no /etc/cont-init.d/10-dote.sh at the moment. I'm starting to think I forgot a step in the installation.

chrisstaite commented 2 years ago 

#!/bin/sh

set -e

tmpdir="$(mktemp -d)"
curl -sSLo "${tmpdir}/dote" https://github.com/chrisstaite/DoTe/releases/latest/download/dote_arm64

cat > "${tmpdir}/Dockerfile" <<EOF
FROM pihole/pihole:latest
ENV DOTE_OPTS="-s 127.0.0.1:5053"
COPY dote /opt/dote
RUN chmod +x /opt/dote && echo -e  "#!/bin/sh\n/opt/dote \\\$DOTE_OPTS -d\n" > /etc/cont-init.d/10-dote.sh && chmod +x /etc/cont-init.d/10-dote.sh
EOF

podman pull pihole/pihole:latest
podman build -t pihole:latest --format docker -f "${tmpdir}/Dockerfile" "${tmpdir}"
rm -rf "${tmpdir}"

set +e

podman stop pihole
podman rm pihole
podman run -d --network dns --restart always \
    --name pihole \
    -e TZ="Europe/Amsterdam" \
    -v "/mnt/data/etc-pihole/:/etc/pihole/" \
    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 \
    --hostname Marauder \
    -e DOTE_OPTS="-s 127.0.0.1:5053 -m 10" \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e PIHOLE_DNS_="127.0.0.1#5053" \
    -e ServerIP="192.168.205.101" \
    -e IPv6="False" \
    pihole:latest```
chrisstaite commented 2 years ago

You should be able to check by running podman -ti exec pihole /bin/sh and the running ps aux and seeing the dote executable running.

shaft8472 commented 2 years ago

You should be able to check by running podman -ti exec pihole /bin/sh and the running ps aux and seeing the dote executable running.

podman -ti exec pihole /bin/sh gives: # podman -ti exec pihole /bin/sh Error: unknown shorthand flag: 't' in -ti

ps aux has no dote in the list.

When executing your update.sh it tells me: It seems to work and dote sees my hardware and then it gives some lines with authpriv.debug dropbear. First it's succeeded for root and then a disconnect is received.

Not sure if I can paste the above information.

chrisstaite commented 2 years ago

What hardware is this?

shaft8472 commented 2 years ago

UDM-Pro

chrisstaite commented 2 years ago

Which firmware version?

shaft8472 commented 2 years ago

1.11.0

Your script detected all that as well.

chrisstaite commented 2 years ago

I'm very confused by the error "unknown shorthand flag: 't' in -ti" as that works fine on the UDMP running that firmware here... Might be worth trying to update to 1.11.4

shaft8472 commented 2 years ago

It gives the same error on 1.11.4

Upgrade went fine except I lost internet because Pi-hole cannot find 127.0.0.1#5053

# /mnt/data/scripts/upd_pihole.sh
Trying to pull docker.io/pihole/pihole:latest...
Getting image source signatures
Copying blob 4f6efa1d6401 skipped: already exists
Copying blob b31e93fe9668 skipped: already exists
Copying blob c30eb78f1f19 skipped: already exists
Copying blob 6ed1bd0e890e skipped: already exists
Copying blob 4c7c9f6f1115 skipped: already exists
Copying blob ae98c1d435b5 skipped: already exists
Copying blob 9e237bf3ec4d skipped: already exists
Copying blob e60da930df5d skipped: already exists
Copying blob 06894eaaf0fa skipped: already exists
Copying config 4493c74ada done
Writing manifest to image destination
Storing signatures
4493c74adab858c3e714ba7112b895a2ed75b90a50c6fbe5427bb73bb5f1e04f
STEP 1: FROM pihole/pihole:latest
STEP 2: ENV DOTE_OPTS="-s 127.0.0.1:5053"
--> Using cache e4a1b6fad649686211376ba86ac3693097944a1a321aa42847a1231784db2a2c
STEP 3: COPY dote /opt/dote
a3efe9bbaf06808135bf7c85c4cd9eb17a790dcee14d4a71e3ea94af207358a9
STEP 4: RUN chmod +x /opt/dote && echo -e  "#!/bin/sh\n/opt/dote \$DOTE_OPTS -d\n" > /etc/cont-init.d/10-dote.sh && chmod +x /etc/cont-init.d/10-dote.sh
STEP 5: COMMIT pihole:latest
dc202882f08440282fa70486a7fd7531e878073c6621f03e08f17f2b46ff7c3c
2724a07ccfc8914194ab668cd174005719c4f7d678ca1c2fccaf0b8ee1818fce
2724a07ccfc8914194ab668cd174005719c4f7d678ca1c2fccaf0b8ee1818fce
6da211477aaeebe1b7270c950bddf236134364aae7d05a50fd816bce1342fcb3
#

cont-init.d is also not present.

# cd /etc/
# ls -l
total 210
drwxr-xr-x    4 root     root            41 Feb 18 17:03 Wireless
drwxr-xr-x    3 root     root            98 Feb 18 17:10 avahi
-rw-r--r--    1 root     root           231 Mar  4 19:50 board.info
drwxr-xr-x    1 root     root            60 Feb 18 16:38 cni
drwxr-xr-x    1 root     root            60 Mar  4 19:51 containers
drwxr-xr-x    1 root     root           140 Mar  4 19:54 cron.d
drwxr-xr-x    2 root     root             3 Feb 18 16:26 cron.daily
drwxr-xr-x    1 root     root            80 Mar  4 19:50 cron.hourly
drwxr-xr-x    2 root     root             3 Feb 18 16:26 cron.monthly
drwxr-xr-x    2 root     root             3 Feb 18 16:26 cron.weekly
drwxr-xr-x    3 root     root            70 Feb 18 16:05 dbus-1
drwxr-xr-x    2 root     root            69 Jan 27 13:18 default
-rw-r--r--    1 root     root          3901 Nov  9 04:33 default-ea11.cfg
chrisstaite commented 2 years ago

You can't see the directories locally because they are inside the docker container... You can only see them if you exec into the container. Try docker exec /bin/sh -c cat /etc/cont-init.d/10-dote.sh

I think I can see the issue though. I think it's that the escaped $ on DOTE_OPTS is being unescaped a level too early. Meaning the options aren't being passed through.

shaft8472 commented 2 years ago

God I feel like such a noob venturing into this new terain. Ofcourse I cannot see it because the files are in a container. Thanks for helping me, greatly appreciate it!

# docker exec /bin/sh -c cat /etc/cont-init.d/10-dote.sh
Error: no container with name or ID /bin/sh found: no such container

I think I can see the issue though. I think it's that the escaped $ on DOTE_OPTS is being unescaped a level too early. Meaning the options aren't being passed through.

You've lost me on this one. RUN chmod +x /opt/dote && echo -e "#!/bin/sh\n/opt/dote \\\$DOTE_OPTS -d\n" > /etc/cont-init.d/10-dote.sh && chmod +x /etc/cont-init.d/10-dote.sh Am I moving the $ just before DOTE_OPTS to another place or removing it all together?

chrisstaite commented 2 years ago

Forgot to put the container name in the exec docker exec pihole /bin/sh -c cat /etc/cont-init.d/10-dote.sh

shaft8472 commented 2 years ago

So when I execute: /mnt/data/scripts/upd_pihole.sh

which contains:

#!/bin/sh

set -e

tmpdir="$(mktemp -d)"
curl -sSLo "${tmpdir}/dote" https://github.com/chrisstaite/DoTe/releases/latest/download/dote_arm64

cat > "${tmpdir}/Dockerfile" <<EOF
FROM pihole/pihole:latest
ENV DOTE_OPTS="-s 127.0.0.1:5053"
COPY dote /opt/dote
RUN chmod +x /opt/dote && echo -e  "#!/bin/sh\n/opt/dote \\\$DOTE_OPTS -d\n" > /etc/cont-init.d/10-dote.sh && chmod +x /etc/cont-init.d/10-dote.sh
EOF

podman pull pihole/pihole:latest
podman build -t pihole:latest --format docker -f "${tmpdir}/Dockerfile" "${tmpdir}"
rm -rf "${tmpdir}"

set +e

podman stop pihole
podman rm pihole
podman run -d --network dns --restart always \
    --name pihole \
    -e TZ="Europe/Amsterdam" \
    -v "/mnt/data/etc-pihole/:/etc/pihole/" \
    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 \
    --hostname Marauder \
    -e DOTE_OPTS="-s 127.0.0.1:5053 -m 10" \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e PIHOLE_DNS_="127.0.0.1#5053" \
    -e ServerIP="192.168.205.101" \
    -e IPv6="False" \
    pihole:latest

I get no connection. If I execute docker exec pihole /bin/sh -c cat /etc/cont-init.d/10-dote.sh afterwards that does not change anything. Still not able to resolve any website.

As soon as I enter 1.1.1.1 into another upstream DNS spot it starts to resolve websites.

chrisstaite commented 2 years ago

What if you try

#!/bin/sh

set -e

tmpdir="$(mktemp -d)"
curl -sSLo "${tmpdir}/dote" https://github.com/chrisstaite/DoTe/releases/latest/download/dote_arm64

cat > "${tmpdir}/Dockerfile" <<EOF
FROM pihole/pihole:latest
COPY dote /opt/dote
RUN chmod +x /opt/dote && echo -e  "#!/bin/sh\n/opt/dote -s 127.0.0.1:5053 -m 10 -d\n" > /etc/cont-init.d/10-dote.sh && chmod +x /etc/cont-init.d/10-dote.sh
EOF

podman pull pihole/pihole:latest
podman build -t pihole:latest --format docker -f "${tmpdir}/Dockerfile" "${tmpdir}"
rm -rf "${tmpdir}"

set +e

podman stop pihole
podman rm pihole
podman run -d --network dns --restart always \
    --name pihole \
    -e TZ="Europe/Amsterdam" \
    -v "/mnt/data/etc-pihole/:/etc/pihole/" \
    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 \
    --hostname Marauder \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e PIHOLE_DNS_="127.0.0.1#5053" \
    -e ServerIP="192.168.205.101" \
    -e IPv6="False" \
    pihole:latest

It just removes the environment variable and hard codes the server options straight into the container.

shaft8472 commented 2 years ago

No, didn't work. Script ran like a champ but the end result is that I still cannot resolve.

chrisstaite commented 2 years ago

What happens if you run podman -i exec pihole /opt/dote -s 127.0.0.1:5053

shaft8472 commented 2 years ago 
# podman -i exec pihole /opt/dote -s 127.0.0.1:5053
Error: unknown shorthand flag: 'i' in -i
chrisstaite commented 2 years ago

Try without the -i

shaft8472 commented 2 years ago 
# /mnt/data/scripts/upd_pihole3.sh
Trying to pull docker.io/pihole/pihole:latest...
Getting image source signatures
Copying blob 4f6efa1d6401 skipped: already exists
Copying blob 6ed1bd0e890e skipped: already exists
Copying blob ae98c1d435b5 skipped: already exists
Copying blob b31e93fe9668 skipped: already exists
Copying blob 4c7c9f6f1115 skipped: already exists
Copying blob 9e237bf3ec4d skipped: already exists
Copying blob e60da930df5d skipped: already exists
Copying blob 06894eaaf0fa skipped: already exists
Copying blob c30eb78f1f19 skipped: already exists
Copying config 4493c74ada done
Writing manifest to image destination
Storing signatures
4493c74adab858c3e714ba7112b895a2ed75b90a50c6fbe5427bb73bb5f1e04f
STEP 1: FROM pihole/pihole:latest
STEP 2: COPY dote /opt/dote
b647a9f7e53c42c52f3099bb24fb7e644c203808d384b441443fda04e5093f02
STEP 3: RUN chmod +x /opt/dote && echo -e  "#!/bin/sh\n/opt/dote -s 127.0.0.1:5053 -m 10 -d\n" > /etc/cont-init.d/10-dote.sh && chmod +x /etc/cont-init.d/10-dote.sh
STEP 4: COMMIT pihole:latest
b0cc538330d12491dafd764c44c6b378e4ef099384da001276301615998915cf
ce567a0295c8375b11733dc602d2f6b05b2313c35a9de008d3dbbf194f544a68
ce567a0295c8375b11733dc602d2f6b05b2313c35a9de008d3dbbf194f544a68
8e6167618bdd3b5c61ab571ed2eb1c7c2130998c5a3b36256504e0850c23f0c5
#

&

# podman exec pihole /opt/dote -s 127.0.0.1:5053
Not running on VyOS, config through parameters
Removed all forwarders
Adding forwarder 2606:4700:4700::1111
Adding forwarder 2606:4700:4700::1001
Adding forwarder 1.1.1.1
Adding forwarder 1.0.0.1
Bind failed: Address already in use
Unable to bind to server port 127.0.0.1
Error: non zero exit code: 1: OCI runtime error
#
chrisstaite commented 2 years ago

The failed to bind tells me that it's running fine in the container already. I wonder if it's a firewall issue? The main issue with the container is there's nowhere for the logs to go. If you run podman exec pihole /opt/dote -s 0.0.0.0:5353 then on another terminal do dig -p 5353 @192.168.205.101 example.com you should see any errors show in the first terminal.

shaft8472 commented 2 years ago

You're right, I got errors.

# podman exec pihole /opt/dote -s 0.0.0.0:5353
Not running on VyOS, config through parameters
Removed all forwarders
Adding forwarder 2606:4700:4700::1111
Adding forwarder 2606:4700:4700::1001
Adding forwarder 1.1.1.1
Adding forwarder 1.0.0.1
Bound server 0.0.0.0
DoTe started and running
Connect failed: Network is unreachable
Connect failed: Network is unreachable
Connect failed: Network is unreachable

It might be a firewall issue. As Pi-hole is running on it's own VLAN I paused the inter-vlan firewall rule. Everything should be able to reach everything. Just to be sure. But it didn't help.

chrisstaite commented 2 years ago

The podman container networks don't act "normally". Have you got the CNI set up? Check you've done the steps here; https://github.com/boostchicken-dev/udm-utilities/tree/master/run-pihole It sounds like you don't have the gateway configured correctly.

shaft8472 commented 2 years ago

I do actually. I have the same script running when the UDMP reboots but with my router's IP as the upstream DNS (which uses 1.1.1.1 and 1.0.0.1)

Everything loads automatically and survived the firmware upgrade we did the other day.

Perhaps I understand it wrong, but wouldn't pi-hole fail entirely if I had the gateway setup wrong? IPV4_GW="192.168.205.100/24" in 10-dns.sh, or should that be 192.168.200.100/24?

# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
# re-routed through the DNS container. separate interfaces with spaces.
# e.g. "br0" or "br0 br1" etc.
FORCED_INTFC="br0 br201 br202 br203"

Should this include br205? My guess is not.

chrisstaite commented 2 years ago

Is 192.168.205.100 your gateway? It's usually 192.168.205.1 or 192.168.205.254

chrisstaite commented 2 years ago

Try setting FORCED_INTFC to the empty string too while you're getting it to work.

shaft8472 commented 2 years ago

Is 192.168.205.100 your gateway? It's usually 192.168.205.1 or 192.168.205.254

My routers IP is 192.168.200.100. I double checked, this vlans gateway is 192.168.200.100.

Will test tomorrow.

shaft8472 commented 2 years ago

IPV4_GW="192.168.205.100/24" (This is the Gateway) FORCED_INTFC="" set.

# /mnt/data/on_boot.d/10-dns.sh
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
b76ec54296ea236e69db6f1dae726b120a8a2c337fb6edef3234e25279f87aa9

&

# /mnt/data/scripts/upd_pihole3.sh
Trying to pull docker.io/pihole/pihole:latest...
Getting image source signatures
Copying blob 4f6efa1d6401 skipped: already exists
Copying blob ae98c1d435b5 skipped: already exists
Copying blob 9e237bf3ec4d skipped: already exists
Copying blob c30eb78f1f19 skipped: already exists
Copying blob e60da930df5d skipped: already exists
Copying blob 06894eaaf0fa skipped: already exists
Copying blob 6ed1bd0e890e skipped: already exists
Copying blob b31e93fe9668 skipped: already exists
Copying blob 4c7c9f6f1115 skipped: already exists
Copying config 4493c74ada done
Writing manifest to image destination
Storing signatures
4493c74adab858c3e714ba7112b895a2ed75b90a50c6fbe5427bb73bb5f1e04f
STEP 1: FROM pihole/pihole:latest
STEP 2: COPY dote /opt/dote
88bb7680a58f18d4192e11ed927ac5c21b11d57f2c15e78485799ec3913a9e5f
STEP 3: RUN chmod +x /opt/dote && echo -e  "#!/bin/sh\n/opt/dote -s 127.0.0.1:5053 -m 10 -d\n" > /etc/cont-init.d/10-dote.sh && chmod +x /etc/cont-init.d/10-dote.sh
PING ping.ui.com (1.1.1.1): 56 data bytes

--- ping.ui.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6.918/6.946/6.975 ms
th key sha1!! de:10:5e:26:2a:ba:8e:fd:a1:a8:70:bb:80:2b:c5:9c:fd:c2:d2:9c from 127.0.0.1:48914
Mar  6 22:26:17 UDMP authpriv.debug dropbear[13872]: Exit (root): Disconnect received
Mar  6 22:26:17 UDMP authpriv.debug dropbear[13896]: Child connection from 127.0.0.1:48926
Mar  6 22:26:17 UDMP authpriv.debug dropbear[13896]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48926
Mar  6 22:26:17 UDMP authpriv.debug dropbear[13896]: Exit (root): Disconnect received
Mar  6 22:26:17 UDMP authpriv.debug dropbear[13909]: Child connection from 127.0.0.1:48932
Mar  6 22:26:17 UDMP authpriv.debug dropbear[13909]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48932
Mar  6 22:26:17 UDMP authpriv.debug dropbear[13909]: Exit (root): Disconnect received
Mar  6 22:26:18 UDMP authpriv.debug dropbear[13931]: Child connection from 127.0.0.1:48944
Mar  6 22:26:18 UDMP authpriv.debug dropbear[13931]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48944
Mar  6 22:26:18 UDMP authpriv.debug dropbear[13931]: Exit (root): Disconnect received
Mar  6 22:26:18 UDMP authpriv.debug dropbear[13949]: Child connection from 127.0.0.1:48950
Mar  6 22:26:18 UDMP authpriv.debug dropbear[13949]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48950
Mar  6 22:26:18 UDMP authpriv.debug dropbear[13949]: Exit (root): Disconnect received
Mar  6 22:26:18 UDMP authpriv.debug dropbear[13963]: Child connection from 127.0.0.1:48956
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13963]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48956
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13979]: Child connection from 127.0.0.1:48966
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13979]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48966
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13979]: Exit (root): Disconnect received
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13963]: Exit (root): Disconnect received
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13994]: Child connection from 127.0.0.1:48970
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13994]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48970
Mar  6 22:26:19 UDMP authpriv.debug dropbear[13994]: Exit (root): Disconnect received
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14014]: Child connection from 127.0.0.1:48984
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14014]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48984
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14014]: Exit (root): Disconnect received
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14025]: Child connection from 127.0.0.1:48988
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14025]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:48988
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14025]: Exit (root): Disconnect received
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14044]: Child connection from 127.0.0.1:49000
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14053]: Child connection from 127.0.0.1:49004
Mar  6 22:26:20 UDMP authpriv.debug dropbear[14044]: Pubkey auth succeeded for 'root' with key sha1!! *************************************************************** from 127.0.0.1:49000
Mar  6 22:26:21 UDMP authpriv.debug dropbear[14044]: Exit (rooSTEP 4: COMMIT pihole:latest
62cade6590e6450cda1e5896c7d4aec54d6893752c9813ed60857cbf8542ddb2
b76ec54296ea236e69db6f1dae726b120a8a2c337fb6edef3234e25279f87aa9
b76ec54296ea236e69db6f1dae726b120a8a2c337fb6edef3234e25279f87aa9
6e915c39732ff14add9cf55a70227ae51f07e234d889bd0e9ddcdc6f3d424e8d
#

***** is edited out, not sure if that's dangerous.