summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2020-05-05 20:43:21 +0200
committerMarius Bakke <mbakke@fastmail.com>2020-05-05 20:43:21 +0200
commit87a40d7203a813921b3ef0805c2b46c0026d6c31 (patch)
treecebad70c1df30969005c18c4d9faa39d7d80cbf6
parentba151b7e1a9cc0baf932b5c5e0c916e54d2e27f4 (diff)
parent751d1f01e4f0607d41e4c859d944753b18466652 (diff)
downloadguix-87a40d7203a813921b3ef0805c2b46c0026d6c31.tar.gz
Merge branch 'master' into core-updates
-rw-r--r--.guix-authorizations157
-rw-r--r--Makefile.am7
-rw-r--r--build-aux/git-authenticate.scm198
-rw-r--r--doc/contributing.texi24
-rw-r--r--doc/guix-cookbook.texi4
-rw-r--r--doc/guix.texi136
-rw-r--r--gnu/build/bootloader.scm56
-rw-r--r--gnu/build/file-systems.scm45
-rw-r--r--gnu/build/image.scm273
-rw-r--r--gnu/build/install.scm21
-rw-r--r--gnu/build/vm.scm175
-rw-r--r--gnu/ci.scm45
-rw-r--r--gnu/image.scm76
-rw-r--r--gnu/local.mk11
-rw-r--r--gnu/packages/algebra.scm24
-rw-r--r--gnu/packages/audio.scm31
-rw-r--r--gnu/packages/bioinformatics.scm42
-rw-r--r--gnu/packages/check.scm25
-rw-r--r--gnu/packages/chemistry.scm126
-rw-r--r--gnu/packages/crates-io.scm2026
-rw-r--r--gnu/packages/databases.scm6
-rw-r--r--gnu/packages/emacs-xyz.scm16
-rw-r--r--gnu/packages/enlightenment.scm76
-rw-r--r--gnu/packages/gnome.scm1
-rw-r--r--gnu/packages/heads.scm163
-rw-r--r--gnu/packages/image.scm17
-rw-r--r--gnu/packages/less.scm44
-rw-r--r--gnu/packages/libusb.scm4
-rw-r--r--gnu/packages/linux.scm69
-rw-r--r--gnu/packages/lisp-xyz.scm6
-rw-r--r--gnu/packages/messaging.scm49
-rw-r--r--gnu/packages/monitoring.scm51
-rw-r--r--gnu/packages/music.scm22
-rw-r--r--gnu/packages/patches/collectd-5.11.0-noinstallvar.patch21
-rw-r--r--gnu/packages/patches/grocsvs-dont-use-admiral.patch69
-rw-r--r--gnu/packages/patches/gromacs-tinyxml2.patch67
-rw-r--r--gnu/packages/patches/musl-cross-locale.patch20
-rw-r--r--gnu/packages/patches/rust-nettle-disable-vendor.patch13
-rw-r--r--gnu/packages/patches/rust-nettle-sys-disable-vendor.patch48
-rw-r--r--gnu/packages/python-xyz.scm7
-rw-r--r--gnu/packages/security-token.scm28
-rw-r--r--gnu/packages/sequoia.scm162
-rw-r--r--gnu/packages/spice.scm49
-rw-r--r--gnu/packages/statistics.scm45
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/virtualization.scm4
-rw-r--r--gnu/packages/vpn.scm9
-rw-r--r--gnu/packages/xdisorg.scm32
-rw-r--r--gnu/packages/xorg.scm22
-rw-r--r--gnu/services/base.scm2
-rw-r--r--gnu/services/ssh.scm106
-rw-r--r--gnu/system.scm50
-rw-r--r--gnu/system/image.scm532
-rw-r--r--gnu/system/install.scm1
-rw-r--r--gnu/system/linux-initrd.scm3
-rw-r--r--gnu/system/vm.scm216
-rw-r--r--gnu/tests/install.scm97
-rw-r--r--guix/build/store-copy.scm1
-rw-r--r--guix/openpgp.scm1108
-rw-r--r--guix/scripts/system.scm13
-rw-r--r--tests/civodul.key1345
-rw-r--r--tests/dsa.key25
-rw-r--r--tests/ed25519.key10
-rw-r--r--tests/ed25519.sec10
-rw-r--r--tests/openpgp.scm253
-rw-r--r--tests/rsa.key18
66 files changed, 7765 insertions, 651 deletions
diff --git a/.guix-authorizations b/.guix-authorizations
new file mode 100644
index 0000000000..2142f88edb
--- /dev/null
+++ b/.guix-authorizations
@@ -0,0 +1,157 @@
+;; This is the list of OpenPGP keys currently authorized to sign commits in
+;; this repository.
+
+(authorizations
+ (version 0)
+
+ (("AD17 A21E F8AE D8F1 CC02  DBD9 F7D5 C9BF 765C 61E3"
+   (name "andreas"))
+  ("2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"
+   (name "ajgrf"))
+  ("306F CB8F 2C01 C25D 29D3  0556 61EF 502E F602 52F2"
+   (name "alexvong1995"))
+  ("4FB9 9F49 2B12 A365 7997  E664 8246 0C08 2A0E E98F"
+   (name "alezost"))
+  ("50F3 3E2E 5B0C 3D90 0424  ABE8 9BDC F497 A4BB CC7F"
+   (name "ambrevar"))
+  ("27D5 86A4 F890 0854 329F  F09F 1260 E464 82E6 3562"
+   (name "apteryx"))
+  ("7F73 0343 F2F0 9F3C 77BF  79D3 2E25 EE8B 6180 2BB3"
+   (name "arunisaac"))
+  (;; primary: "3B12 9196 AE30 0C3C 0E90  A26F A715 5567 3271 9948"
+   "9A2B 401E D001 0650 1584  BAAC 8BC4 F447 6E8A 8E00"
+   (name "atheia"))
+  (;; primary: "BE62 7373 8E61 6D6D 1B3A  08E8 A21A 0202 4881 6103"
+   "39B3 3C8D 9448 0D2D DCC2  A498 8B44 A0CD C7B9 56F2"
+   (name "bandali"))
+  (;; primary: "34FF 38BC D151 25A6 E340  A0B5 3453 2F9F AFCA 8B8E"
+   "A0C5 E352 2EF8 EF5C 64CD  B7F0 FD73 CAC7 19D3 2566"
+   (name "bavier"))
+  ("3774 8024 880F D3FF DCA2  C9AB 5893 6E0E 2F1B 5A4C"
+   (name "beffa"))
+  ("BCF8 F737 2CED 080A 67EB  592D 2A6A D9F4 AAC2 0DF6"
+   (name "benwoodcroft"))
+  ("45CC 63B8 5258 C9D5 5F34  B239 D37D 0EA7 CECC 3912"
+   (name "biscuolo"))
+  ("7988 3B9F 7D6A 4DBF 3719  0367 2506 A96C CF63 0B21"
+   (name "boskovits"))
+  ("DFC0 C7F7 9EE6 0CA7 AE55  5E19 6722 43C4 A03F 0EEE"
+   (name "brettgilio"))
+  (;; primary: "8929 BBC5 73CD 9206 3DDD 979D 3D36 CAA0 116F 0F99"
+   "1C9B F005 1A1A 6A44 5257 599A A949 03A1 66A1 8FAE"
+   (name "bricewge"))
+  (;; primary: "0401 7A2A 6D9A 0CCD C81D  8EC2 96AB 007F 1A7E D999"
+   "09CD D25B 5244 A376 78F6  EEA8 0CC5 2153 1979 91A5"
+   (name "carl"))
+  ("3E89 EEE7 458E 720D 9754  E0B2 5E28 A33B 0B84 F577"
+   (name "cbaines"))
+  ("3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5"
+   (name "civodul"))
+  ("510A 8628 E2A7 7678 8F8C  709C 4BC0 2592 5FF8 F4D3"
+   (name "cwebber"))
+  (;; primary: "295A F991 6F46 F8A1 34B0  29DA 8086 3842 F0FE D83B"
+   "76CE C6B1 7274 B465 C02D  B3D9 E71A 3554 2C30 BAA5"
+   (name "dannym"))
+  ("B3C0 DB4D AD73 BA5D 285E  19AE 5143 0234 CEFD 87C3"
+   (name "davexunit"))
+  ("8CCB A7F5 52B9 CBEA E1FB  2915 8328 C747 0FF1 D807" ;FIXME: to be confirmed!
+   (name "davexunit (2nd)"))
+  ("53C4 1E6E 41AA FE55 335A  CA5E 446A 2ED4 D940 BF14"
+   (name "daviwil"))
+  ("6909 6DFD D702 8BED ACC5  884B C5E0 51C7 9C0B ECDB"
+   (name "dvc"))
+  ("5F43 B681 0437 2F4B A898  A64B 33B9 E9FD E28D 2C23"
+   (name "dvc (old)"))
+  ("A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351"
+   (name "efraim"))
+  ("9157 41FE B22F A4E3 3B6E  8F8D F4C1 D391 7EAC EE93"
+   (name "efraim (old)"))
+  (;; primary: "2453 02B1 BAB1 F867 FDCA  96BC 8F3F 861F 82EB 7A9A"
+   "CBC5 9C66 EC27 B971 7940  6B3E 6BE8 208A DF21 FE3F"
+   (name "glv"))
+  ("2219 43F4 9E9F 276F 9499  3382 BF28 6CB6 593E 5FFD"
+   (name "hoebjo"))
+  ("B943 509D 633E 80DD 27FC  4EED 634A 8DFF D3F6 31DF"
+   (name "htgoebel"))
+  ("7440 26BA 7CA3 C668 E940  1D53 0B43 1E98 3705 6942"
+   (name "ipetkov"))
+  (;; primary: "66A5 6D9C 9A98 BE7F 719A  B401 2652 5665 AE72 7D37"
+   "0325 78A6 8298 94E7 2AA2  66F5 D415 BF25 3B51 5976"
+   (name "iyzsong"))
+
+  ;; https://lists.gnu.org/archive/html/guix-devel/2018-04/msg00229.html
+  ("DB34 CB51 D25C 9408 156F  CDD6 A12F 8797 8D70 1B99"
+   (name "janneke (old)"))
+  ("1A85 8392 E331 EAFD B8C2  7FFB F3C1 A0D9 C1D6 5273"
+   (name "janneke"))
+
+  (;; primary: "1BA4 08C5 8BF2 0EA7 3179  635A 865D C0A3 DED9 B5D0"
+   "E31D 9DDE EBA5 4A14 8A20  4550 DA45 97F9 47B4 1025"
+   (name "jlicht"))
+  ("83B6 703A DCCA 3B69 4BCE  2DA6 E6A5 EE3C 1946 7A0D"
+   (name "kkebreau"))
+  ("45E5 75FA 53EA 8BD6 1BCE  0B4E 3ADC 75F0 13D6 78F9"
+   (name "leungbk"))
+  (;; primary: "4F71 6F9A 8FA2 C80E F1B5  E1BA 5E35 F231 DE1A C5E0"
+   "B051 5948 F1E7 D3C1 B980  38A0 2646 FA30 BACA 7F08"
+   (name "lfam"))
+  ("2AE3 1395 932B E642 FC0E  D99C 9BED 6EDA 32E5 B0BC"
+   (name "lsl88"))
+  ("CBF5 9755 CBE7 E7EF EF18  3FB1 DD40 9A15 D822 469D"
+   (name "marusich"))
+  ("BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"
+   (name "mbakke"))
+  ("D919 0965 CE03 199E AF28  B3BE 7CEF 2984 7562 C516"
+   (name "mhw"))
+  ("4008 6A7E 0252 9B60 31FB  8607 8354 7635 3176 9CA6"
+   (name "mothacehe"))
+  (;; primary: "F5BC 5534 C36F 0087 B39D  36EF 1C9D C4FE B9DB 7C4B"
+   "F5DA 2032 4B87 3D0B 7A38  7672 0DB0 FF88 4F55 6D79"
+   (name "nckx"))
+  ("E576 BFB2 CF6E B13D F571  33B9 E315 A758 4613 1564"
+   (name "niedzejkob"))
+  ("ED0E F1C8 E126 BA83 1B48  5FE9 DA00 B4F0 48E9 2F2D"
+   (name "ngz"))
+  ("CEF4 CB91 4856 BA38 0A20  A7E2 3008 88CB 39C6 3817"
+   (name "pelzflorian"))
+  (;; primary: "B68B DF22 73F9 DA0E 63C1  8A32 515B F416 9242 D600"
+   "C699 ED09 E51B CE89 FD1D  A078 AAC7 E891 896B 568A"
+   (name "pgarlick"))
+  ("3A86 380E 58A8 B942 8D39  60E1 327C 1EF3 8DF5 4C32"
+   (name "phant0mas"))
+  ("74D6 A930 F44B 9B84 9EA5  5606 C166 AA49 5F7F 189C"
+   (name "reepca"))
+  ("BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC"
+   (name "rekado"))
+  ("0154 E1B9 1CC9 D9EF 7764  8DE7 F3A7 27DB 44FC CA36"
+   (name "rhelling"))
+  (;; From commit cc51c03ff867d4633505354819c6d88af88bf919 (March 2020).
+   ;; See <https://lists.gnu.org/archive/html/guix-devel/2020-03/msg00070.html>.
+   "F556 FD94 FB8F 8B87 79E3  6832 CBD0 CD51 38C1 9AFC"
+   (name "roelj"))
+  (;; From commit 2cbede5935eb6a40173bbdf30a9ad22bf7574c22 (Jan. 2020).  See
+   ;; <https://lists.gnu.org/archive/html/guix-devel/2020-01/msg00499.html>.
+   "1EFB 0909 1F17 D28C CBF9  B13A 53D4 57B2 D636 EE82"
+   (name "roptat"))
+  (;; primary: "D6B0 C593 DA8C 5EDC A44C  7A58 C336 91F7 1188 B004"
+   "A02C 2D82 0EF4 B25B A6B5  1D90 2AC6 A5EC 1C35 7C59"
+   (name "samplet"))
+  ("77DD AD2D 97F5 31BB C0F3  C7FD DFB5 EB09 AA62 5423"
+   (name "sleep_walker"))
+  ("F494 72F4 7A59 00D5 C235  F212 89F9 6D48 08F3 59C7"
+   (name "snape"))
+  ("9ADE 9ECF 2B19 C180 9C99  5CEA A1F4 CFCC 5283 6BAC"
+   (name "taylanub"))
+
+  ;; https://lists.gnu.org/archive/html/guix-devel/2017-03/msg00826.html
+  (;; primary: "1DD1 681F E285 E07F 11DC  0C59 2E15 A6BC D77D 54FD"
+   "3D2C DA58 819C 08C2 A649  D43D 5C3B 064C 724A 5726"
+   (name "thomasd"))
+
+  ("6580 7361 3BFC C5C7 E2E4  5D45 DC51 8FC8 7F97 16AA"
+   (name "vagrantc"))
+  (;; primary: "C955 CC5D C048 7FB1 7966  40A9 199A F6A3 67E9 4ABB"
+   "7238 7123 8EAC EB63 4548  5857 167F 8EA5 001A FA9C"
+   (name "wigust"))
+  ("FF47 8FB2 64DE 32EC 2967  25A3 DDC0 F535 8812 F8F2"
+   (name "wingo"))))
diff --git a/Makefile.am b/Makefile.am
index bb243fe9fe..6cd6e79cab 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -70,6 +70,7 @@ MODULES =					\
   guix/docker.scm	   			\
   guix/json.scm					\
   guix/records.scm				\
+  guix/openpgp.scm				\
   guix/pki.scm					\
   guix/progress.scm				\
   guix/combinators.scm				\
@@ -415,6 +416,7 @@ SCM_TESTS =					\
   tests/nar.scm				\
   tests/networking.scm				\
   tests/opam.scm				\
+  tests/openpgp.scm				\
   tests/packages.scm				\
   tests/pack.scm				\
   tests/pki.scm				\
@@ -565,6 +567,11 @@ EXTRA_DIST +=						\
   tests/signing-key.pub					\
   tests/signing-key.sec					\
   tests/cve-sample.json					\
+  tests/civodul.key					\
+  tests/rsa.key						\
+  tests/dsa.key						\
+  tests/ed25519.key					\
+  tests/ed25519.sec					\
   build-aux/config.rpath				\
   bootstrap						\
   doc/build.scm						\
diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index bb48dddc59..7bb3af6ecb 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -23,8 +23,10 @@
 
 (use-modules (git)
              (guix git)
-             (guix gnupg)
-             (guix utils)
+             (guix openpgp)
+             (guix base16)
+             ((guix utils)
+              #:select (cache-directory with-atomic-file-output))
              ((guix build utils) #:select (mkdir-p))
              (guix i18n)
              (guix progress)
@@ -33,6 +35,7 @@
              (srfi srfi-26)
              (srfi srfi-34)
              (srfi srfi-35)
+             (rnrs bytevectors)
              (rnrs io ports)
              (ice-9 match)
              (ice-9 format)
@@ -215,7 +218,8 @@
   ;; Fingerprint of authorized signing keys.
   (map (match-lambda
          ((name fingerprint)
-          (string-filter char-set:graphic fingerprint)))
+          (base16-string->bytevector
+           (string-downcase (string-filter char-set:graphic fingerprint)))))
        %committers))
 
 (define %commits-with-bad-signature
@@ -226,93 +230,146 @@
   ;; Commits lacking a signature.
   '())
 
-(define-syntax-rule (with-temporary-files file1 file2 exp ...)
-  (call-with-temporary-output-file
-   (lambda (file1 port1)
-     (call-with-temporary-output-file
-      (lambda (file2 port2)
-        exp ...)))))
-
-(define (commit-signing-key repo commit-id)
-  "Return the OpenPGP key ID that signed COMMIT-ID (an OID).  Raise an
-exception if the commit is unsigned or has an invalid signature."
+(define (commit-signing-key repo commit-id keyring)
+  "Return the OpenPGP key that signed COMMIT-ID (an OID).  Raise an exception
+if the commit is unsigned, has an invalid signature, or if its signing key is
+not in KEYRING."
   (let-values (((signature signed-data)
                 (catch 'git-error
                   (lambda ()
                     (commit-extract-signature repo commit-id))
                   (lambda _
                     (values #f #f)))))
-    (if (not signature)
-        (raise (condition
-                (&message
-                 (message (format #f (G_ "commit ~a lacks a signature")
-                                  commit-id)))))
-        (begin
-          (with-fluids ((%default-port-encoding "UTF-8"))
-            (with-temporary-files data-file signature-file
-              (call-with-output-file data-file
-                (cut display signed-data <>))
-              (call-with-output-file signature-file
-                (cut display signature <>))
-
-              (let-values (((status data)
-                            (with-error-to-port (%make-void-port "w")
-                              (lambda ()
-                                (gnupg-verify* signature-file data-file
-                                               #:key-download 'always)))))
-                (match status
-                  ('invalid-signature
-                   ;; There's a signature but it's invalid.
-                   (raise (condition
-                           (&message
-                            (message (format #f (G_ "signature verification failed \
+    (unless signature
+      (raise (condition
+              (&message
+               (message (format #f (G_ "commit ~a lacks a signature")
+                                commit-id))))))
+
+    (let ((signature (string->openpgp-packet signature)))
+      (with-fluids ((%default-port-encoding "UTF-8"))
+        (let-values (((status data)
+                      (verify-openpgp-signature signature keyring
+                                                (open-input-string signed-data))))
+          (match status
+            ('bad-signature
+             ;; There's a signature but it's invalid.
+             (raise (condition
+                     (&message
+                      (message (format #f (G_ "signature verification failed \
 for commit ~a")
-                                             (oid->string commit-id)))))))
-                  ('missing-key
-                   (raise (condition
-                           (&message
-                            (message (format #f (G_ "could not authenticate \
+                                       (oid->string commit-id)))))))
+            ('missing-key
+             (raise (condition
+                     (&message
+                      (message (format #f (G_ "could not authenticate \
 commit ~a: key ~a is missing")
-                                             (oid->string commit-id)
-                                             data))))))
-                  ('valid-signature
-                   (match data
-                     ((fingerprint . user)
-                      fingerprint)))))))))))
-
-(define (authenticate-commit repository commit)
+                                       (oid->string commit-id)
+                                       data))))))
+            ('good-signature data)))))))
+
+(define (read-authorizations port)
+  "Read authorizations in the '.guix-authorizations' format from PORT, and
+return a list of authorized fingerprints."
+  (match (read port)
+    (('authorizations ('version 0)
+                      (((? string? fingerprints) _ ...) ...)
+                      _ ...)
+     (map (lambda (fingerprint)
+            (base16-string->bytevector
+             (string-downcase (string-filter char-set:graphic fingerprint))))
+          fingerprints))))
+
+(define* (commit-authorized-keys repository commit
+                                 #:optional (default-authorizations '()))
+  "Return the list of OpenPGP fingerprints authorized to sign COMMIT, based on
+authorizations listed in its parent commits.  If one of the parent commits
+does not specify anything, fall back to DEFAULT-AUTHORIZATIONS."
+  (define (commit-authorizations commit)
+    (catch 'git-error
+      (lambda ()
+        (let* ((tree  (commit-tree commit))
+               (entry (tree-entry-bypath tree ".guix-authorizations"))
+               (blob  (blob-lookup repository (tree-entry-id entry))))
+          (read-authorizations
+           (open-bytevector-input-port (blob-content blob)))))
+      (lambda (key error)
+        (if (= (git-error-code error) GIT_ENOTFOUND)
+            default-authorizations
+            (throw key error)))))
+
+  (apply lset-intersection bytevector=?
+         (map commit-authorizations (commit-parents commit))))
+
+(define (authenticate-commit repository commit keyring)
   "Authenticate COMMIT from REPOSITORY and return the signing key fingerprint.
 Raise an error when authentication fails."
   (define id
     (commit-id commit))
 
   (define signing-key
-    (commit-signing-key repository id))
+    (commit-signing-key repository id keyring))
 
-  (unless (member signing-key %authorized-signing-keys)
+  (unless (member (openpgp-public-key-fingerprint signing-key)
+                  (commit-authorized-keys repository commit
+                                          %authorized-signing-keys))
     (raise (condition
             (&message
              (message (format #f (G_ "commit ~a not signed by an authorized \
 key: ~a")
-                              (oid->string id) signing-key))))))
+                              (oid->string id)
+                              (openpgp-format-fingerprint
+                               (openpgp-public-key-fingerprint
+                                signing-key))))))))
 
   signing-key)
 
+(define (load-keyring-from-blob repository oid keyring)
+  "Augment KEYRING with the keyring available in the blob at OID, which may or
+may not be ASCII-armored."
+  (let* ((blob (blob-lookup repository oid))
+         (port (open-bytevector-input-port (blob-content blob))))
+    (get-openpgp-keyring (if (port-ascii-armored? port)
+                             (open-bytevector-input-port (read-radix-64 port))
+                             port)
+                         keyring)))
+
+(define (load-keyring-from-reference repository reference)
+  "Load the '.key' files from the tree at REFERENCE in REPOSITORY and return
+an OpenPGP keyring."
+  (let* ((reference (reference-lookup repository reference))
+         (target    (reference-target reference))
+         (commit    (commit-lookup repository target))
+         (tree      (commit-tree commit)))
+    (fold (lambda (name keyring)
+            (if (string-suffix? ".key" name)
+                (let ((entry (tree-entry-bypath tree name)))
+                  (load-keyring-from-blob repository
+                                          (tree-entry-id entry)
+                                          keyring))
+                keyring))
+          %empty-keyring
+          (tree-list tree))))
+
 (define* (authenticate-commits repository commits
-                               #:key (report-progress (const #t)))
+                               #:key
+                               (keyring-reference "refs/heads/keyring")
+                               (report-progress (const #t)))
   "Authenticate COMMITS, a list of commit objects, calling REPORT-PROGRESS for
-each of them.  Return an alist showing the number of occurrences of each key."
-  (parameterize ((current-keyring (string-append (config-directory)
-                                                 "/keyrings/channels/guix.kbx")))
-    (fold (lambda (commit stats)
-            (report-progress)
-            (let ((signer (authenticate-commit repository commit)))
-              (match (assoc signer stats)
-                (#f          (cons `(,signer . 1) stats))
-                ((_ . count) (cons `(,signer . ,(+ count 1))
-                                   (alist-delete signer stats))))))
-          '()
-          commits)))
+each of them.  Return an alist showing the number of occurrences of each key.
+The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY."
+  (define keyring
+    (load-keyring-from-reference repository keyring-reference))
+
+  (fold (lambda (commit stats)
+          (report-progress)
+          (let ((signer (authenticate-commit repository commit keyring)))
+            (match (assq signer stats)
+              (#f          (cons `(,signer . 1) stats))
+              ((_ . count) (cons `(,signer . ,(+ count 1))
+                                 (alist-delete signer stats))))))
+        '()
+        commits))
 
 (define commit-short-id
   (compose (cut string-take <> 7) oid->string commit-id))
@@ -409,7 +466,10 @@ COMMIT-ID is written to cache, though)."
            (format #t (G_ "Signing statistics:~%"))
            (for-each (match-lambda
                        ((signer . count)
-                        (format #t "  ~a ~10d~%" signer count)))
+                        (format #t "  ~a ~10d~%"
+                                (openpgp-format-fingerprint
+                                 (openpgp-public-key-fingerprint signer))
+                                count)))
                      (sort stats
                            (match-lambda*
                              (((_ . count1) (_ . count2))
@@ -423,7 +483,3 @@ COMMIT-ID is written to cache, though)."
                (G_ "Usage: git-authenticate START [END]
 
 Authenticate commits START to END or the current head.\n"))))))
-
-;;; Local Variables:
-;;; eval: (put 'with-temporary-files 'scheme-indent-function 2)
-;;; End:
diff --git a/doc/contributing.texi b/doc/contributing.texi
index 31b875f817..9583120742 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1187,18 +1187,38 @@ the OpenPGP key you will use to sign commits, and giving its fingerprint
 (see below).  See @uref{https://emailselfdefense.fsf.org/en/}, for an
 introduction to public-key cryptography with GnuPG.
 
+@c See <https://sha-mbles.github.io/>.
+Set up GnuPG such that it never uses the SHA1 hash algorithm for digital
+signatures, which is known to be unsafe since 2019, for instance by
+adding the following line to @file{~/.gnupg/gpg.conf} (@pxref{GPG
+Esoteric Options,,, gnupg, The GNU Privacy Guard Manual}):
+
+@example
+digest-algo sha512
+@end example
+
 @item
 Maintainers ultimately decide whether to grant you commit access,
 usually following your referrals' recommendation.
 
 @item
+@cindex OpenPGP, signed commits
 If and once you've been given access, please send a message to
 @email{guix-devel@@gnu.org} to say so, again signed with the OpenPGP key
 you will use to sign commits (do that before pushing your first commit).
 That way, everyone can notice and ensure you control that OpenPGP key.
 
-@c TODO: Add note about adding the fingerprint to the list of authorized
-@c keys once that has stabilized.
+@quotation Important
+Before you can push for the first time, maintainers must:
+
+@enumerate
+@item
+add your OpenPGP key to the @code{keyring} branch;
+@item
+add your OpenPGP fingerprint to the @file{.guix-authorizations} file of
+the branch(es) you will commit to.
+@end enumerate
+@end quotation
 
 @item
 Make sure to read the rest of this section and... profit!
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index f58d18d47c..2a605276e6 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -1594,7 +1594,7 @@ An example configuration can look like this:
 @cindex stumpwm fonts
 By default StumpWM uses X11 fonts, which could be small or pixelated on
 your system.  You could fix this by installing StumpWM contrib Lisp
-module @code{sbcl-stumpwm-ttf-fonts}, adding it to Guix system packages:
+module @code{sbcl-ttf-fonts}, adding it to Guix system packages:
 
 @lisp
 (use-modules (gnu))
@@ -1603,7 +1603,7 @@ module @code{sbcl-stumpwm-ttf-fonts}, adding it to Guix system packages:
 (operating-system
   ;; …
   (packages (append (list sbcl stumpwm `(,stumpwm "lib"))
-                    sbcl-stumpwm-ttf-fonts font-dejavu %base-packages)))
+                    sbcl-ttf-fonts font-dejavu %base-packages)))
 @end lisp
 
 Then you need to add the following code to a StumpWM configuration file
diff --git a/doc/guix.texi b/doc/guix.texi
index 472b70e092..6c448de33b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -79,6 +79,7 @@ Copyright @copyright{} 2020 Naga Malleswari@*
 Copyright @copyright{} 2020 Brice Waegeneire@*
 Copyright @copyright{} 2020 R Veera Kumar@*
 Copyright @copyright{} 2020 Pierre Langlois@*
+Copyright @copyright{} 2020 pinoaffe@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -1768,22 +1769,11 @@ can do so by running Emacs with the @code{--no-site-file} option
 
 @subsection The GCC toolchain
 
-@cindex GCC
-@cindex ld-wrapper
-
-Guix offers individual compiler packages such as @code{gcc} but if you
-are in need of a complete toolchain for compiling and linking source
-code what you really want is the @code{gcc-toolchain} package.  This
-package provides a complete GCC toolchain for C/C++ development,
-including GCC itself, the GNU C Library (headers and binaries, plus
-debugging symbols in the @code{debug} output), Binutils, and a linker
-wrapper.
-
-The wrapper's purpose is to inspect the @code{-L} and @code{-l} switches
-passed to the linker, add corresponding @code{-rpath} arguments, and
-invoke the actual linker with this new set of arguments.  You can instruct the
-wrapper to refuse to link against libraries not in the store by setting the
-@code{GUIX_LD_WRAPPER_ALLOW_IMPURITIES} environment variable to @code{no}.
+@c XXX: The contents of this section were moved under
+@c ``Development'', since it makes more sense there and is not specific
+@c foreign distros.  Remove it from here eventually?
+@xref{Packages for C Development}, for information on packages for C/C++
+development.
 
 @node Upgrading Guix
 @section Upgrading Guix
@@ -4681,6 +4671,7 @@ easily distributed to users who do not run Guix.
 @menu
 * Invoking guix environment::   Setting up development environments.
 * Invoking guix pack::          Creating software bundles.
+* Packages for C Development::  Working with C code with Guix.
 @end menu
 
 @node Invoking guix environment
@@ -5344,6 +5335,27 @@ In addition, @command{guix pack} supports all the common build options
 (@pxref{Common Build Options}) and all the package transformation
 options (@pxref{Package Transformation Options}).
 
+@node Packages for C Development
+@section Packages for C Development
+
+@cindex GCC
+@cindex ld-wrapper
+@cindex linker wrapper
+@cindex toolchain, for C development
+
+If you need a complete toolchain for compiling and linking C or C++
+source code, use the @code{gcc-toolchain} package.  This package
+provides a complete GCC toolchain for C/C++ development, including GCC
+itself, the GNU C Library (headers and binaries, plus debugging symbols
+in the @code{debug} output), Binutils, and a linker wrapper.
+
+The wrapper's purpose is to inspect the @code{-L} and @code{-l} switches
+passed to the linker, add corresponding @code{-rpath} arguments, and
+invoke the actual linker with this new set of arguments.  You can instruct the
+wrapper to refuse to link against libraries not in the store by setting the
+@code{GUIX_LD_WRAPPER_ALLOW_IMPURITIES} environment variable to @code{no}.
+
+
 
 @c *********************************************************************
 @node Programming Interface
@@ -14379,6 +14391,86 @@ Whether to enable password-based authentication.
 @end table
 @end deftp
 
+@cindex AutoSSH
+@deffn {Scheme Variable} autossh-service-type
+This is the type for the @uref{https://www.harding.motd.ca/autossh,
+AutoSSH} program that runs a copy of @command{ssh} and monitors it,
+restarting it as necessary should it die or stop passing traffic.
+AutoSSH can be run manually from the command-line by passing arguments
+to the binary @command{autossh} from the package @code{autossh}, but it
+can also be run as a Guix service.  This latter use case is documented
+here.
+
+AutoSSH can be used to forward local traffic to a remote machine using
+an SSH tunnel, and it respects the @file{~/.ssh/config} of the user it
+is run as.
+
+For example, to specify a service running autossh as the user
+@code{pino} and forwarding all local connections to port @code{8081} to
+@code{remote:8081} using an SSH tunnel, add this call to the operating
+system's @code{services} field:
+
+@lisp
+(service autossh-service-type
+         (autossh-configuration
+          (user "pino")
+          (ssh-options (list "-T" "-N" "-L" "8081:localhost:8081" "remote.net"))))
+@end lisp
+@end deffn
+
+@deftp {Data Type} autossh-configuration
+This data type represents the configuration of an AutoSSH service.
+
+@table @asis
+
+@item @code{user} (default @code{"autossh"})
+The user as which the AutoSSH service is to be run.
+This assumes that the specified user exists.
+
+@item @code{poll} (default @code{600})
+Specifies the connection poll time in seconds.
+
+@item @code{first-poll} (default @code{#f})
+Specifies how many seconds AutoSSH waits before the first connection
+test.  After this first test, polling is resumed at the pace defined in
+@code{poll}.  When set to @code{#f}, the first poll is not treated
+specially and will also use the connection poll specified in
+@code{poll}.
+
+@item @code{gate-time} (default @code{30})
+Specifies how many seconds an SSH connection must be active before it is
+considered successful.
+
+@item @code{log-level} (default @code{1})
+The log level, corresponding to the levels used by syslog---so @code{0}
+is the most silent while @code{7} is the chattiest.
+
+@item @code{max-start} (default @code{#f})
+The maximum number of times SSH may be (re)started before AutoSSH exits.
+When set to @code{#f}, no maximum is configured and AutoSSH may restart indefinitely.
+
+@item @code{message} (default @code{""})
+The message to append to the echo message sent when testing connections.
+
+@item @code{port} (default @code{"0"})
+The ports used for monitoring the connection.  When set to @code{"0"},
+monitoring is disabled.  When set to @code{"@var{n}"} where @var{n} is
+a positive integer, ports @var{n} and @var{n}+1 are used for
+monitoring the connection, such that port @var{n} is the base
+monitoring port and @code{n+1} is the echo port.  When set to
+@code{"@var{n}:@var{m}"} where @var{n} and @var{m} are positive
+integers, the ports @var{n} and @var{n}+1 are used for monitoring the
+connection, such that port @var{n} is the base monitoring port and
+@var{m} is the echo port.
+
+@item @code{ssh-options} (default @code{'()})
+The list of command-line arguments to pass to @command{ssh} when it is
+run.  Options @option{-f} and @option{-M} are reserved for AutoSSH and
+may cause undefined behaviour.
+
+@end table
+@end deftp
+
 @defvr {Scheme Variable} %facebook-host-aliases
 This variable contains a string for use in @file{/etc/hosts}
 (@pxref{Host Names,,, libc, The GNU C Library Reference Manual}).  Each
@@ -26074,10 +26166,10 @@ pointed to by the @code{GIT_SSL_CAINFO} environment variable.  Thus, you
 would typically run something like:
 
 @example
-$ guix install nss-certs
-$ export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
-$ export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
-$ export GIT_SSL_CAINFO="$SSL_CERT_FILE"
+guix install nss-certs
+export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
+export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
+export GIT_SSL_CAINFO="$SSL_CERT_FILE"
 @end example
 
 As another example, R requires the @code{CURL_CA_BUNDLE} environment
@@ -26085,8 +26177,8 @@ variable to point to a certificate bundle, so you would have to run
 something like this:
 
 @example
-$ guix install nss-certs
-$ export CURL_CA_BUNDLE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
+guix install nss-certs
+export CURL_CA_BUNDLE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
 @end example
 
 For other applications you may want to look up the required environment
diff --git a/gnu/build/bootloader.scm b/gnu/build/bootloader.scm
index 9570d6dd18..498022f6db 100644
--- a/gnu/build/bootloader.scm
+++ b/gnu/build/bootloader.scm
@@ -18,8 +18,12 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu build bootloader)
+  #:use-module (guix build utils)
+  #:use-module (guix utils)
   #:use-module (ice-9 binary-ports)
-  #:export (write-file-on-device))
+  #:use-module (ice-9 format)
+  #:export (write-file-on-device
+            install-efi-loader))
 
 
 ;;;
@@ -36,3 +40,53 @@
             (seek output offset SEEK_SET)
             (put-bytevector output bv))
           #:binary #t)))))
+
+
+;;;
+;;; EFI bootloader.
+;;;
+
+(define (install-efi grub grub-config esp)
+  "Write a self-contained GRUB EFI loader to the mounted ESP using GRUB-CONFIG."
+  (let* ((system %host-type)
+         ;; Hard code the output location to a well-known path recognized by
+         ;; compliant firmware. See "3.5.1.1 Removable Media Boot Behaviour":
+         ;; http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf
+         (grub-mkstandalone (string-append grub "/bin/grub-mkstandalone"))
+         (efi-directory (string-append esp "/EFI/BOOT"))
+         ;; Map grub target names to boot file names.
+         (efi-targets (cond ((string-prefix? "x86_64" system)
+                             '("x86_64-efi" . "BOOTX64.EFI"))
+                            ((string-prefix? "i686" system)
+                             '("i386-efi" . "BOOTIA32.EFI"))
+                            ((string-prefix? "armhf" system)
+                             '("arm-efi" . "BOOTARM.EFI"))
+                            ((string-prefix? "aarch64" system)
+                             '("arm64-efi" . "BOOTAA64.EFI")))))
+    ;; grub-mkstandalone requires a TMPDIR to prepare the firmware image.
+    (setenv "TMPDIR" esp)
+
+    (mkdir-p efi-directory)
+    (invoke grub-mkstandalone "-O" (car efi-targets)
+            "-o" (string-append efi-directory "/"
+                                (cdr efi-targets))
+            ;; Graft the configuration file onto the image.
+            (string-append "boot/grub/grub.cfg=" grub-config))))
+
+(define (install-efi-loader grub-efi esp)
+  "Install in ESP directory the given GRUB-EFI bootloader.  Configure it to
+load the Grub bootloader located in the 'Guix_image' root partition."
+  (let ((grub-config "grub.cfg"))
+    (call-with-output-file grub-config
+      (lambda (port)
+        ;; Create a tiny configuration file telling the embedded grub where to
+        ;; load the real thing.  XXX This is quite fragile, and can prevent
+        ;; the image from booting when there's more than one volume with this
+        ;; label present.  Reproducible almost-UUIDs could reduce the risk
+        ;; (not eliminate it).
+        (format port
+                "insmod part_msdos~@
+               search --set=root --label Guix_image~@
+               configfile /boot/grub/grub.cfg~%")))
+    (install-efi grub-efi grub-config esp)
+    (delete-file grub-config)))
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index bbea4c766e..b920e8fc62 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -98,6 +98,47 @@ takes a bytevector and returns #t when it's a valid superblock."
 (define null-terminated-latin1->string
   (cut latin1->string <> zero?))
 
+(define (bytevector-utf16-length bv)
+  "Given a bytevector BV containing a NUL-terminated UTF16-encoded string,
+determine where the NUL terminator is and return its index.  If there's no
+NUL terminator, return the size of the bytevector."
+  (let ((length (bytevector-length bv)))
+    (let loop ((index 0))
+      (if (< index length)
+          (if (zero? (bytevector-u16-ref bv index 'little))
+              index
+              (loop (+ index 2)))
+          length))))
+
+(define* (bytevector->u16-list bv endianness #:optional (index 0))
+  (if (< index (bytevector-length bv))
+      (cons (bytevector-u16-ref bv index endianness)
+            (bytevector->u16-list bv endianness (+ index 2)))
+      '()))
+
+;; The initrd doesn't have iconv data, so do the conversion ourselves.
+(define (utf16->string bv endianness)
+  (list->string
+   (map integer->char
+        (reverse
+         (let loop ((remainder (bytevector->u16-list bv endianness))
+                    (result '()))
+             (match remainder
+              (() result)
+              ((a) (cons a result))
+              ((a b x ...)
+               (if (and (>= a #xD800) (< a #xDC00) ; high surrogate
+                        (>= b #xDC00) (< b #xE000)) ; low surrogate
+                   (loop x (cons (+ #x10000
+                                    (* #x400 (- a #xD800))
+                                    (- b #xDC00))
+                                 result))
+                   (loop (cons b x) (cons a result))))))))))
+
+(define (null-terminated-utf16->string bv endianness)
+  (utf16->string (sub-bytevector bv 0 (bytevector-utf16-length bv))
+                 endianness))
+
 
 ;;;
 ;;; Ext2 file systems.
@@ -377,7 +418,9 @@ if DEVICE does not contain an F2FS file system."
 (define (f2fs-superblock-volume-name sblock)
   "Return the volume name of SBLOCK as a string of at most 512 characters, or
 #f if SBLOCK has no volume name."
-  (utf16->string (sub-bytevector sblock (- (+ #x470 12) #x400) 512) %f2fs-endianness))
+  (null-terminated-utf16->string
+   (sub-bytevector sblock (- (+ #x470 12) #x400) 512)
+   %f2fs-endianness))
 
 (define (check-f2fs-file-system device)
   "Return the health of a F2FS file system on DEVICE."
diff --git a/gnu/build/image.scm b/gnu/build/image.scm
new file mode 100644
index 0000000000..fe8e11aa1b
--- /dev/null
+++ b/gnu/build/image.scm
@@ -0,0 +1,273 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu build image)
+  #:use-module (guix build store-copy)
+  #:use-module (guix build syscalls)
+  #:use-module (guix build utils)
+  #:use-module (guix store database)
+  #:use-module (gnu build bootloader)
+  #:use-module (gnu build install)
+  #:use-module (gnu build linux-boot)
+  #:use-module (gnu image)
+  #:use-module (gnu system uuid)
+  #:use-module (ice-9 ftw)
+  #:use-module (ice-9 match)
+  #:use-module (srfi srfi-19)
+  #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-35)
+  #:export (make-partition-image
+            genimage
+            initialize-efi-partition
+            initialize-root-partition
+
+            make-iso9660-image))
+
+(define (sexp->partition sexp)
+  "Take SEXP, a tuple as returned by 'partition->gexp', and turn it into a
+<partition> record."
+  (match sexp
+    ((size file-system label uuid)
+     (partition (size size)
+                (file-system file-system)
+                (label label)
+                (uuid uuid)))))
+
+(define (size-in-kib size)
+  "Convert SIZE expressed in bytes, to kilobytes and return it as a string."
+  (number->string
+   (inexact->exact (ceiling (/ size 1024)))))
+
+(define (estimate-partition-size root)
+  "Given the ROOT directory, evalute and return its size.  As this doesn't
+take the partition metadata size into account, take a 25% margin."
+  (* 1.25 (file-size root)))
+
+(define* (make-ext4-image partition target root
+                          #:key
+                          (owner-uid 0)
+                          (owner-gid 0))
+  "Handle the creation of EXT4 partition images. See 'make-partition-image'."
+  (let ((size (partition-size partition))
+        (label (partition-label partition))
+        (uuid (partition-uuid partition))
+        (options "lazy_itable_init=1,lazy_journal_init=1"))
+    (invoke "mke2fs" "-t" "ext4" "-d" root
+            "-L" label "-U" (uuid->string uuid)
+            "-E" (format #f "root_owner=~a:~a,~a"
+                         owner-uid owner-gid options)
+            target
+            (format #f "~ak"
+                    (size-in-kib
+                     (if (eq? size 'guess)
+                         (estimate-partition-size root)
+                         size))))))
+
+(define* (make-vfat-image partition target root)
+  "Handle the creation of VFAT partition images.  See 'make-partition-image'."
+  (let ((size (partition-size partition))
+        (label (partition-label partition)))
+    (invoke "mkdosfs" "-n" label "-C" target "-F" "16" "-S" "1024"
+            (size-in-kib
+             (if (eq? size 'guess)
+                 (estimate-partition-size root)
+                 size)))
+    (for-each (lambda (file)
+                (unless (member file '("." ".."))
+                  (invoke "mcopy" "-bsp" "-i" target
+                          (string-append root "/" file)
+                          (string-append "::" file))))
+              (scandir root))))
+
+(define* (make-partition-image partition-sexp target root)
+  "Create and return the image of PARTITION-SEXP as TARGET.  Use the given
+ROOT directory to populate the image."
+  (let* ((partition (sexp->partition partition-sexp))
+         (type (partition-file-system partition)))
+    (cond
+     ((string=? type "ext4")
+      (make-ext4-image partition target root))
+     ((string=? type "vfat")
+      (make-vfat-image partition target root))
+     (else
+      (format (current-error-port)
+              "Unsupported partition type~%.")))))
+
+(define* (genimage config target)
+  "Use genimage to generate in TARGET directory, the image described in the
+given CONFIG file."
+  ;; genimage needs a 'root' directory.
+  (mkdir "root")
+  (invoke "genimage" "--config" config
+          "--outputpath" target))
+
+(define* (register-closure prefix closure
+                           #:key
+                           (deduplicate? #t) (reset-timestamps? #t)
+                           (schema (sql-schema)))
+  "Register CLOSURE in PREFIX, where PREFIX is the directory name of the
+target store and CLOSURE is the name of a file containing a reference graph as
+produced by #:references-graphs..  As a side effect, if RESET-TIMESTAMPS? is
+true, reset timestamps on store files and, if DEDUPLICATE? is true,
+deduplicates files common to CLOSURE and the rest of PREFIX."
+  (let ((items (call-with-input-file closure read-reference-graph)))
+    (register-items items
+                    #:prefix prefix
+                    #:deduplicate? deduplicate?
+                    #:reset-timestamps? reset-timestamps?
+                    #:registration-time %epoch
+                    #:schema schema)))
+
+(define* (initialize-efi-partition root
+                                   #:key
+                                   bootloader-package
+                                   #:allow-other-keys)
+  "Install in ROOT directory, an EFI loader using BOOTLOADER-PACKAGE."
+  (install-efi-loader bootloader-package root))
+
+(define* (initialize-root-partition root
+                                    #:key
+                                    bootcfg
+                                    bootcfg-location
+                                    (deduplicate? #t)
+                                    references-graphs
+                                    (register-closures? #t)
+                                    system-directory
+                                    #:allow-other-keys)
+  "Initialize the given ROOT directory. Use BOOTCFG and BOOTCFG-LOCATION to
+install the bootloader configuration.
+
+If REGISTER-CLOSURES? is true, register REFERENCES-GRAPHS in the store.  If
+DEDUPLICATE? is true, then also deduplicate files common to CLOSURES and the
+rest of the store when registering the closures. SYSTEM-DIRECTORY is the name
+of the directory of the 'system' derivation."
+  (populate-root-file-system system-directory root)
+  (populate-store references-graphs root)
+
+  (when register-closures?
+    (for-each (lambda (closure)
+                (register-closure root
+                                  closure
+                                  #:reset-timestamps? #t
+                                  #:deduplicate? deduplicate?))
+              references-graphs))
+
+  (when bootcfg
+    (install-boot-config bootcfg bootcfg-location root)))
+
+(define* (make-iso9660-image xorriso grub-mkrescue-environment
+                             grub bootcfg system-directory root target
+                             #:key (volume-id "Guix_image") (volume-uuid #f)
+                             register-closures? (references-graphs '())
+                             (compression? #t))
+  "Given a GRUB package, creates an iso image as TARGET, using BOOTCFG as
+GRUB configuration and OS-DRV as the stuff in it."
+  (define grub-mkrescue
+    (string-append grub "/bin/grub-mkrescue"))
+
+  (define grub-mkrescue-sed.sh
+    (string-append (getcwd) "/" "grub-mkrescue-sed.sh"))
+
+  ;; Use a modified version of grub-mkrescue-sed.sh, see below.
+  (copy-file (string-append xorriso
+                            "/bin/grub-mkrescue-sed.sh")
+             grub-mkrescue-sed.sh)
+
+  ;; Force grub-mkrescue-sed.sh to use the build directory instead of /tmp
+  ;; that is read-only inside the build container.
+  (substitute* grub-mkrescue-sed.sh
+    (("/tmp/") (string-append (getcwd) "/"))
+    (("MKRESCUE_SED_XORRISO_ARGS \\$x")
+     (format #f "MKRESCUE_SED_XORRISO_ARGS $(echo $x | sed \"s|/tmp|~a|\")"
+             (getcwd))))
+
+  ;; 'grub-mkrescue' calls out to mtools programs to create 'efi.img', a FAT
+  ;; file system image, and mtools honors SOURCE_DATE_EPOCH for the mtime of
+  ;; those files.  The epoch for FAT is Jan. 1st 1980, not 1970, so choose
+  ;; that.
+  (setenv "SOURCE_DATE_EPOCH"
+          (number->string
+           (time-second
+            (date->time-utc (make-date 0 0 0 0 1 1 1980 0)))))
+
+  ;; Our patched 'grub-mkrescue' honors this environment variable and passes
+  ;; it to 'mformat', which makes it the serial number of 'efi.img'.  This
+  ;; allows for deterministic builds.
+  (setenv "GRUB_FAT_SERIAL_NUMBER"
+          (number->string (if volume-uuid
+
+                              ;; On 32-bit systems the 2nd argument must be
+                              ;; lower than 2^32.
+                              (string-hash (iso9660-uuid->string volume-uuid)
+                                           (- (expt 2 32) 1))
+
+                              #x77777777)
+                          16))
+
+  (setenv "MKRESCUE_SED_MODE" "original")
+  (setenv "MKRESCUE_SED_XORRISO" (string-append xorriso "/bin/xorriso"))
+  (setenv "MKRESCUE_SED_IN_EFI_NO_PT" "yes")
+
+  (for-each (match-lambda
+              ((name . value) (setenv name value)))
+            grub-mkrescue-environment)
+
+  (apply invoke grub-mkrescue
+         (string-append "--xorriso=" grub-mkrescue-sed.sh)
+         "-o" target
+         (string-append "boot/grub/grub.cfg=" bootcfg)
+         root
+         "--"
+         ;; Set all timestamps to 1.
+         "-volume_date" "all_file_dates" "=1"
+
+         `(,@(if compression?
+                 '(;; ‘zisofs’ compression reduces the total image size by
+                   ;; ~60%.
+                   "-zisofs" "level=9:block_size=128k" ; highest compression
+                   ;; It's transparent to our Linux-Libre kernel but not to
+                   ;; GRUB.  Don't compress the kernel, initrd, and other
+                   ;; files read by grub.cfg, as well as common
+                   ;; already-compressed file names.
+                   "-find" "/" "-type" "f"
+                   ;; XXX Even after "--" above, and despite documentation
+                   ;; claiming otherwise, "-or" is stolen by grub-mkrescue
+                   ;; which then chokes on it (as ‘-o …’) and dies.  Don't use
+                   ;; "-or".
+                   "-not" "-wholename" "/boot/*"
+                   "-not" "-wholename" "/System/*"
+                   "-not" "-name" "unicode.pf2"
+                   "-not" "-name" "bzImage"
+                   "-not" "-name" "*.gz"   ; initrd & all man pages
+                   "-not" "-name" "*.png"  ; includes grub-image.png
+                   "-exec" "set_filter" "--zisofs"
+                   "--")
+                 '())
+           "-volid" ,(string-upcase volume-id)
+           ,@(if volume-uuid
+             `("-volume_date" "uuid"
+               ,(string-filter (lambda (value)
+                                 (not (char=? #\- value)))
+                               (iso9660-uuid->string
+                                volume-uuid)))
+             '()))))
diff --git a/gnu/build/install.scm b/gnu/build/install.scm
index d46b588f53..87aa5d68da 100644
--- a/gnu/build/install.scm
+++ b/gnu/build/install.scm
@@ -25,7 +25,6 @@
   #:export (install-boot-config
             evaluate-populate-directive
             populate-root-file-system
-            register-closure
             install-database-and-gc-roots
             populate-single-profile-directory))
 
@@ -51,9 +50,14 @@ that the fonts, background images, etc. referred to by BOOTCFG are not GC'd."
     (copy-file bootcfg pivot)
     (rename-file pivot target)))
 
-(define (evaluate-populate-directive directive target)
+(define* (evaluate-populate-directive directive target
+                                      #:key
+                                      (default-gid 0)
+                                      (default-uid 0))
   "Evaluate DIRECTIVE, an sexp describing a file or directory to create under
-directory TARGET."
+directory TARGET.  DEFAULT-UID and DEFAULT-GID are the default UID and GID in
+the context of the caller.  If the directive matches those defaults then,
+'chown' won't be run."
   (let loop ((directive directive))
     (catch 'system-error
       (lambda ()
@@ -63,7 +67,12 @@ directory TARGET."
           (('directory name uid gid)
            (let ((dir (string-append target name)))
              (mkdir-p dir)
-             (chown dir uid gid)))
+             ;; If called from a context without "root" permissions, "chown"
+             ;; to root will fail.  In that case, do not try to run "chown"
+             ;; and assume that the file will be chowned elsewhere (when
+             ;; interned in the store for instance).
+             (or (and (= uid default-uid) (= gid default-gid))
+                 (chown dir uid gid))))
           (('directory name uid gid mode)
            (loop `(directory ,name ,uid ,gid))
            (chmod (string-append target name) mode))
@@ -98,9 +107,7 @@ directory TARGET."
 (define (directives store)
   "Return a list of directives to populate the root file system that will host
 STORE."
-  `(;; Note: the store's GID is fixed precisely so we can set it here rather
-    ;; than at activation time.
-    (directory ,store 0 30000 #o1775)
+  `((directory ,store 0 0 #o1775)
 
     (directory "/etc")
     (directory "/var/log")                          ; for shepherd
diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index d2bf7418fd..433b5a7e8d 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -27,6 +27,7 @@
   #:use-module (guix build store-copy)
   #:use-module (guix build syscalls)
   #:use-module (guix store database)
+  #:use-module (gnu build bootloader)
   #:use-module (gnu build linux-boot)
   #:use-module (gnu build install)
   #:use-module (gnu system uuid)
@@ -57,8 +58,7 @@
             estimated-partition-size
             root-partition-initializer
             initialize-partition-table
-            initialize-hard-disk
-            make-iso9660-image))
+            initialize-hard-disk))
 
 ;;; Commentary:
 ;;;
@@ -439,159 +439,6 @@ system that is passed to 'populate-root-file-system'."
     (mkdir-p directory)
     (symlink bootcfg (string-append directory "/bootcfg"))))
 
-(define (install-efi grub esp config-file)
-  "Write a self-contained GRUB EFI loader to the mounted ESP using CONFIG-FILE."
-  (let* ((system %host-type)
-         ;; Hard code the output location to a well-known path recognized by
-         ;; compliant firmware. See "3.5.1.1 Removable Media Boot Behaviour":
-         ;; http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_6.pdf
-         (grub-mkstandalone (string-append grub "/bin/grub-mkstandalone"))
-         (efi-directory (string-append esp "/EFI/BOOT"))
-         ;; Map grub target names to boot file names.
-         (efi-targets (cond ((string-prefix? "x86_64" system)
-                             '("x86_64-efi" . "BOOTX64.EFI"))
-                            ((string-prefix? "i686" system)
-                             '("i386-efi" . "BOOTIA32.EFI"))
-                            ((string-prefix? "armhf" system)
-                             '("arm-efi" . "BOOTARM.EFI"))
-                            ((string-prefix? "aarch64" system)
-                             '("arm64-efi" . "BOOTAA64.EFI")))))
-    ;; grub-mkstandalone requires a TMPDIR to prepare the firmware image.
-    (setenv "TMPDIR" esp)
-
-    (mkdir-p efi-directory)
-    (invoke grub-mkstandalone "-O" (car efi-targets)
-            "-o" (string-append efi-directory "/"
-                                (cdr efi-targets))
-            ;; Graft the configuration file onto the image.
-            (string-append "boot/grub/grub.cfg=" config-file))))
-
-(define* (make-iso9660-image xorriso grub-mkrescue-environment
-                             grub config-file os-drv target
-                             #:key (volume-id "Guix_image") (volume-uuid #f)
-                             register-closures? (closures '()))
-  "Given a GRUB package, creates an iso image as TARGET, using CONFIG-FILE as
-GRUB configuration and OS-DRV as the stuff in it."
-  (define grub-mkrescue
-    (string-append grub "/bin/grub-mkrescue"))
-
-  (define grub-mkrescue-sed.sh
-    (string-append xorriso "/bin/grub-mkrescue-sed.sh"))
-
-  (define target-store
-    (string-append "/tmp/root" (%store-directory)))
-
-  (define items
-    ;; The store items to add to the image.
-    (delete-duplicates
-     (append-map (lambda (closure)
-                   (map store-info-item
-                        (call-with-input-file (string-append "/xchg/" closure)
-                          read-reference-graph)))
-                 closures)))
-
-  (populate-root-file-system os-drv "/tmp/root")
-  (mount (%store-directory) target-store "" MS_BIND)
-
-  (when register-closures?
-    (display "registering closures...\n")
-    (for-each (lambda (closure)
-                (register-closure
-                 "/tmp/root"
-                 (string-append "/xchg/" closure)
-
-                 ;; TARGET-STORE is a read-only bind-mount so we shouldn't try
-                 ;; to modify it.
-                 #:deduplicate? #f
-                 #:reset-timestamps? #f))
-              closures)
-    (register-bootcfg-root "/tmp/root" config-file))
-
-  ;; 'grub-mkrescue' calls out to mtools programs to create 'efi.img', a FAT
-  ;; file system image, and mtools honors SOURCE_DATE_EPOCH for the mtime of
-  ;; those files.  The epoch for FAT is Jan. 1st 1980, not 1970, so choose
-  ;; that.
-  (setenv "SOURCE_DATE_EPOCH"
-          (number->string
-           (time-second
-            (date->time-utc (make-date 0 0 0 0 1 1 1980 0)))))
-
-  ;; Our patched 'grub-mkrescue' honors this environment variable and passes
-  ;; it to 'mformat', which makes it the serial number of 'efi.img'.  This
-  ;; allows for deterministic builds.
-  (setenv "GRUB_FAT_SERIAL_NUMBER"
-          (number->string (if volume-uuid
-
-                              ;; On 32-bit systems the 2nd argument must be
-                              ;; lower than 2^32.
-                              (string-hash (iso9660-uuid->string volume-uuid)
-                                           (- (expt 2 32) 1))
-
-                              #x77777777)
-                          16))
-
-  (setenv "MKRESCUE_SED_MODE" "original")
-  (setenv "MKRESCUE_SED_XORRISO" (string-append xorriso
-                                                "/bin/xorriso"))
-  (setenv "MKRESCUE_SED_IN_EFI_NO_PT" "yes")
-  (for-each (match-lambda
-             ((name . value) (setenv name value)))
-            grub-mkrescue-environment)
-
-  (let ((pipe
-         (apply open-pipe* OPEN_WRITE
-                grub-mkrescue
-                (string-append "--xorriso=" grub-mkrescue-sed.sh)
-                "-o" target
-                (string-append "boot/grub/grub.cfg=" config-file)
-                "etc=/tmp/root/etc"
-                "var=/tmp/root/var"
-                "run=/tmp/root/run"
-                ;; /mnt is used as part of the installation
-                ;; process, as the mount point for the target
-                ;; file system, so create it.
-                "mnt=/tmp/root/mnt"
-                "-path-list" "-"
-                "--"
-
-                ;; Set all timestamps to 1.
-                "-volume_date" "all_file_dates" "=1"
-
-                ;; ‘zisofs’ compression reduces the total image size by ~60%.
-                "-zisofs" "level=9:block_size=128k" ; highest compression
-                ;; It's transparent to our Linux-Libre kernel but not to GRUB.
-                ;; Don't compress the kernel, initrd, and other files read by
-                ;; grub.cfg, as well as common already-compressed file names.
-                "-find" "/" "-type" "f"
-                ;; XXX Even after "--" above, and despite documentation claiming
-                ;; otherwise, "-or" is stolen by grub-mkrescue which then chokes
-                ;; on it (as ‘-o …’) and dies.  Don't use "-or".
-                "-not" "-wholename" "/boot/*"
-                "-not" "-wholename" "/System/*"
-                "-not" "-name" "unicode.pf2"
-                "-not" "-name" "bzImage"
-                "-not" "-name" "*.gz"   ; initrd & all man pages
-                "-not" "-name" "*.png"  ; includes grub-image.png
-                "-exec" "set_filter" "--zisofs"
-                "--"
-
-                "-volid" (string-upcase volume-id)
-                (if volume-uuid
-                    `("-volume_date" "uuid"
-                      ,(string-filter (lambda (value)
-                                        (not (char=? #\- value)))
-                                      (iso9660-uuid->string
-                                       volume-uuid)))
-                    `()))))
-    ;; Pass lines like 'gnu/store/…-x=/gnu/store/…-x' corresponding to the
-    ;; '-path-list -' option.
-    (for-each (lambda (item)
-                (format pipe "~a=~a~%"
-                        (string-drop item 1) item))
-              items)
-    (unless (zero? (close-pipe pipe))
-      (error "oh, my! grub-mkrescue failed" grub-mkrescue))))
-
 (define* (initialize-hard-disk device
                                #:key
                                bootloader-package
@@ -633,30 +480,16 @@ passing it a directory name where it is mounted."
 
     (when esp
       ;; Mount the ESP somewhere and install GRUB UEFI image.
-      (let ((mount-point (string-append target "/boot/efi"))
-            (grub-config (string-append target "/tmp/grub-standalone.cfg")))
+      (let ((mount-point (string-append target "/boot/efi")))
         (display "mounting EFI system partition...\n")
         (mkdir-p mount-point)
         (mount (partition-device esp) mount-point
                (partition-file-system esp))
 
-        ;; Create a tiny configuration file telling the embedded grub
-        ;; where to load the real thing.
-        ;; XXX This is quite fragile, and can prevent the image from booting
-        ;; when there's more than one volume with this label present.
-        ;; Reproducible almost-UUIDs could reduce the risk (not eliminate it).
-        (call-with-output-file grub-config
-          (lambda (port)
-            (format port
-                    "insmod part_msdos~@
-                    search --set=root --label Guix_image~@
-                    configfile /boot/grub/grub.cfg~%")))
-
         (display "creating EFI firmware image...")
-        (install-efi grub-efi mount-point grub-config)
+        (install-efi-loader grub-efi mount-point)
         (display "done.\n")
 
-        (delete-file grub-config)
         (umount mount-point)))
 
     ;; Register BOOTCFG as a GC root.
diff --git a/gnu/ci.scm b/gnu/ci.scm
index af58450a94..b61181be51 100644
--- a/gnu/ci.scm
+++ b/gnu/ci.scm
@@ -38,6 +38,7 @@
                 #:select (lookup-compressor self-contained-tarball))
   #:use-module (gnu bootloader)
   #:use-module (gnu bootloader u-boot)
+  #:use-module (gnu image)
   #:use-module (gnu packages)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages base)
@@ -49,6 +50,7 @@
   #:use-module (gnu packages make-bootstrap)
   #:use-module (gnu packages package-management)
   #:use-module (gnu system)
+  #:use-module (gnu system image)
   #:use-module (gnu system vm)
   #:use-module (gnu system install)
   #:use-module (gnu tests)
@@ -213,32 +215,23 @@ system.")
     (expt 2 20))
 
   (if (member system %guixsd-supported-systems)
-      (if (member system %u-boot-systems)
-          (list (->job 'flash-image
-                       (run-with-store store
-                         (mbegin %store-monad
-                           (set-guile-for-build (default-guile))
-                           (system-disk-image
-                            (operating-system (inherit installation-os)
-                             (bootloader (bootloader-configuration
-                                          (bootloader u-boot-bootloader)
-                                          (target #f))))
-                            #:disk-image-size
-                            (* 1500 MiB))))))
-          (list (->job 'usb-image
-                       (run-with-store store
-                         (mbegin %store-monad
-                           (set-guile-for-build (default-guile))
-                           (system-disk-image installation-os
-                                              #:disk-image-size
-                                              (* 1500 MiB)))))
-                (->job 'iso9660-image
-                       (run-with-store store
-                         (mbegin %store-monad
-                           (set-guile-for-build (default-guile))
-                           (system-disk-image installation-os
-                                              #:file-system-type
-                                              "iso9660"))))))
+      (list (->job 'usb-image
+                   (run-with-store store
+                     (mbegin %store-monad
+                       (set-guile-for-build (default-guile))
+                       (system-image
+                        (image
+                         (inherit efi-disk-image)
+                         (size (* 1500 MiB))
+                         (operating-system installation-os))))))
+            (->job 'iso9660-image
+                   (run-with-store store
+                     (mbegin %store-monad
+                       (set-guile-for-build (default-guile))
+                       (system-image
+                        (image
+                         (inherit iso9660-image)
+                         (operating-system installation-os)))))))
       '()))
 
 (define channel-build-system
diff --git a/gnu/image.scm b/gnu/image.scm
new file mode 100644
index 0000000000..b05fc69dc5
--- /dev/null
+++ b/gnu/image.scm
@@ -0,0 +1,76 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu image)
+  #:use-module (guix records)
+  #:export (partition
+            partition?
+            partition-device
+            partition-size
+            partition-file-system
+            partition-label
+            partition-uuid
+            partition-flags
+            partition-initializer
+
+            image
+            image-name
+            image-format
+            image-size
+            image-operating-system
+            image-partitions
+            image-compression?
+            image-volatile-root?
+            image-substitutable?))
+
+
+;;;
+;;; Partition record.
+;;;
+
+(define-record-type* <partition> partition make-partition
+  partition?
+  (device      partition-device (default #f))
+  (size        partition-size)
+  (file-system partition-file-system (default "ext4"))
+  (label       partition-label (default #f))
+  (uuid        partition-uuid (default #f))
+  (flags       partition-flags (default '()))
+  (initializer partition-initializer (default #f)))
+
+
+;;;
+;;; Image record.
+;;;
+
+(define-record-type* <image>
+  image make-image
+  image?
+  (format             image-format) ;symbol
+  (size               image-size  ;size in bytes as integer
+                      (default 'guess))
+  (operating-system   image-operating-system  ;<operating-system>
+                      (default #f))
+  (partitions         image-partitions ;list of <partition>
+                      (default '()))
+  (compression?       image-compression? ;boolean
+                      (default #t))
+  (volatile-root?     image-volatile-root? ;boolean
+                      (default #t))
+  (substitutable?     image-substitutable? ;boolean
+                      (default #t)))
diff --git a/gnu/local.mk b/gnu/local.mk
index 445c0cf3f9..be02f93ec7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -62,6 +62,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/bootloader/u-boot.scm                     \
   %D%/bootloader/depthcharge.scm                \
   %D%/ci.scm					\
+  %D%/image.scm					\
   %D%/packages.scm				\
   %D%/packages/abduco.scm			\
   %D%/packages/abiword.scm			\
@@ -260,6 +261,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/haskell-crypto.scm		\
   %D%/packages/haskell-web.scm			\
   %D%/packages/haskell-xyz.scm			\
+  %D%/packages/heads.scm			\
   %D%/packages/hexedit.scm			\
   %D%/packages/hugs.scm				\
   %D%/packages/hurd.scm				\
@@ -471,6 +473,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/search.scm			\
   %D%/packages/security-token.scm		\
   %D%/packages/selinux.scm			\
+  %D%/packages/sequoia.scm			\
   %D%/packages/serialization.scm		\
   %D%/packages/serveez.scm			\
   %D%/packages/shells.scm			\
@@ -605,6 +608,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/system/accounts.scm			\
   %D%/system/file-systems.scm			\
   %D%/system/hurd.scm				\
+  %D%/system/image.scm 				\
   %D%/system/install.scm			\
   %D%/system/keyboard.scm			\
   %D%/system/linux-container.scm		\
@@ -625,6 +629,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/build/activation.scm			\
   %D%/build/bootloader.scm			\
   %D%/build/cross-toolchain.scm			\
+  %D%/build/image.scm				\
   %D%/build/file-systems.scm			\
   %D%/build/install.scm				\
   %D%/build/linux-boot.scm			\
@@ -824,6 +829,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/clucene-pkgconfig.patch			\
   %D%/packages/patches/cmake-curl-certificates.patch		\
   %D%/packages/patches/coda-use-system-libs.patch		\
+  %D%/packages/patches/collectd-5.11.0-noinstallvar.patch		\
   %D%/packages/patches/combinatorial-blas-awpm.patch		\
   %D%/packages/patches/combinatorial-blas-io-fix.patch		\
   %D%/packages/patches/containerd-test-with-go1.13.patch		\
@@ -1024,6 +1030,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/gpsbabel-qstring.patch     		\
   %D%/packages/patches/grantlee-merge-theme-dirs.patch		\
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
+  %D%/packages/patches/grocsvs-dont-use-admiral.patch		\
+  %D%/packages/patches/gromacs-tinyxml2.patch			\
   %D%/packages/patches/groovy-add-exceptionutilsgenerator.patch	\
   %D%/packages/patches/grub-efi-fat-serial-number.patch		\
   %D%/packages/patches/grub-verifiers-Blocklist-fallout-cleanup.patch \
@@ -1265,6 +1273,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/mumps-shared-pord.patch			\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch    \
+  %D%/packages/patches/musl-cross-locale.patch			\
   %D%/packages/patches/mutt-store-references.patch		\
   %D%/packages/patches/m4-gnulib-libio.patch			\
   %D%/packages/patches/ncompress-fix-softlinks.patch		\
@@ -1459,6 +1468,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/rust-1.25-accept-more-detailed-gdb-lines.patch \
   %D%/packages/patches/rust-bootstrap-stage0-test.patch		\
   %D%/packages/patches/rust-coresimd-doctest.patch		\
+  %D%/packages/patches/rust-nettle-disable-vendor.patch		 \
+  %D%/packages/patches/rust-nettle-sys-disable-vendor.patch	 \
   %D%/packages/patches/rust-reproducible-builds.patch		 \
   %D%/packages/patches/rust-openssl-sys-no-vendor.patch	\
   %D%/packages/patches/rxvt-unicode-escape-sequences.patch	\
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index 6d1f6b8474..4df2e96ecd 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
+;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -922,6 +923,29 @@ Fourier Transform} (DFT), @dfn{Discrete Cosine Transform} (DCT), @dfn{Discrete
 Sine Transform} (DST) and @dfn{Discrete Hartley Transform} (DHT).")
     (license license:bsd-2)))
 
+(define-public lmfit
+  (package
+    (name "lmfit")
+    (version "8.2.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://jugit.fz-juelich.de/mlz/lmfit.git")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "00bch77a6qgnw6vzsjn2a42n8n683ih3xm0wpr454jxa15hw78vf"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("perl" ,perl)))                   ; for pod2man
+    (home-page "https://jugit.fz-juelich.de/mlz/lmfit")
+    (synopsis "Levenberg-Marquardt minimization and least-squares fitting")
+    (description "lmfit is a C library for Levenberg-Marquardt least-squares
+minimization and curve fitting.  It is mature code, based on decades-old
+algorithms from the FORTRAN library MINPACK.")
+    (license license:bsd-2)))
+
 (define-public eigen
   (package
     (name "eigen")
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 32839ab8c9..eb7064430f 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -31,6 +31,7 @@
 ;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
 ;;; Copyright © 2020 Guillaume Le Vaillant <glv@posteo.net>
 ;;; Copyright © 2020 Jonathan Frederickson <jonathan@terracrypt.net>
+;;; Copyright © 2020 Giacomo Leidi <goodoldpaul@autistici.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2320,18 +2321,20 @@ background file post-processing.")
     (name "supercollider")
     (version "3.10.4")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/supercollider/supercollider"
-                    "/releases/download/Version-" version
-                    "/SuperCollider-" version "-Source-linux.tar.bz2"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/supercollider/supercollider.git")
+                    (commit (string-append "Version-" version))
+                    ;; for nova-simd, nova-tt, hidapi, TLSF, oscpack
+                    (recursive? #t)))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "0x11g3pfw11m6v18qfpfl5w99dbmf73g4z7wvwhrj1a4qv2dn084"))))
+                "0xdg1dx0y0agircnkn4bg3jpw184xc5pn28k7rrzgjh1rdnyzz24"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags '("-DSYSTEM_BOOST=on" "-DSYSTEM_YAMLCPP=on"
-                           "-DSC_QT=off"
+                           "-DSC_QT=off" "-DCMAKE_BUILD_TYPE=Release"
                            "-DSC_EL=off") ;scel is packaged individually as
                                           ;emacs-scel
        #:modules ((guix build utils)
@@ -2369,7 +2372,19 @@ background file post-processing.")
                (("add_subdirectory\\(sclang\\)")
                 ""))
              (delete-file "testsuite/sclang/CMakeLists.txt")
-             #t)))))
+             #t))
+         (add-after 'disable-broken-tests 'patch-scclass-dir
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (scclass-dir
+                     (string-append out
+                                    "/share/SuperCollider/SCClassLibrary")))
+               (substitute* "lang/LangSource/SC_LanguageConfig.cpp"
+                 (((string-append
+                    "SC_Filesystem::instance\\(\\)\\.getDirectory"
+                    "\\(DirName::Resource\\) / CLASS_LIB_DIR_NAME"))
+                  (string-append "Path(\"" scclass-dir "\")")))
+               #t))))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 617908a4a6..32b795948b 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -79,6 +79,7 @@
   #:use-module (gnu packages golang)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages graph)
+  #:use-module (gnu packages graphviz)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages guile)
@@ -15854,3 +15855,44 @@ biological processes.  SBML is useful for models of metabolism, cell
 signaling, and more.  It continues to be evolved and expanded by an
 international community.")
     (license license:lgpl2.1+)))
+
+(define-public grocsvs
+  ;; The last release is out of date and new features have been added.
+  (let ((commit "ecd956a65093a0b2c41849050e4512d46fecea5d")
+        (revision "1"))
+    (package
+      (name "grocsvs")
+      (version (git-version "0.2.6.1" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/grocsvs/grocsvs")
+                       (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32 "14505725gr7qxc17cxxf0k6lzcwmgi64pija4mwf29aw70qn35cc"))
+                (patches (search-patches "grocsvs-dont-use-admiral.patch"))))
+      (build-system python-build-system)
+      (arguments
+       `(#:tests? #f            ; No test suite.
+         #:python ,python-2))   ; Only python-2 supported.
+      (inputs
+       `(("python2-h5py" ,python2-h5py)
+         ("python2-ipython-cluster-helper" ,python2-ipython-cluster-helper)
+         ("python2-networkx" ,python2-networkx)
+         ("python2-psutil" ,python2-psutil)
+         ("python2-pandas" ,python2-pandas)
+         ("python2-pybedtools" ,python2-pybedtools)
+         ("python2-pyfaidx" ,python2-pyfaidx)
+         ("python2-pygraphviz" ,python2-pygraphviz)
+         ("python2-pysam" ,python2-pysam)
+         ("python2-scipy" ,python2-scipy)))
+      (home-page "https://github.com/grocsvs/grocsvs")
+      (synopsis "Genome-wide reconstruction of complex structural variants")
+      (description
+       "@dfn{Genome-wide Reconstruction of Complex Structural Variants}
+(GROC-SVs) is a software pipeline for identifying large-scale structural
+variants, performing sequence assembly at the breakpoints, and reconstructing
+the complex structural variants using the long-fragment information from the
+10x Genomics platform.")
+       (license license:expat))))
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 55733ff299..9971700d2d 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -32,6 +32,7 @@
 ;;; Copyright © 2019 Chris Marusich <cmmarusich@gmail.com>
 ;;; Copyright © 2020 Lars-Dominik Braun <ldb@leibniz-psychology.org>
 ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
+;;; Copyright © 2020 Josh Marshall <joshua.r.marshall.1991@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1458,6 +1459,30 @@ executed.")
 (define-public python2-coverage
   (package-with-python2 python-coverage))
 
+(define-public python-pytest-asyncio
+  (package
+    (name "python-pytest-asyncio")
+    (version "0.10.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pytest-asyncio" version))
+       (sha256
+        (base32 "1bysy4nii13bm7h345wxf8fxcjhab7l374pqdv7vwv3izl053b4z"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-coverage" ,python-coverage)
+       ("python-async-generator" ,python-async-generator)
+       ("python-hypothesis" ,python-hypothesis)
+       ("python-pytest" ,python-pytest)))
+    (home-page "https://github.com/pytest-dev/pytest-asyncio")
+    (synopsis "Pytest support for asyncio")
+    (description "Python asyncio code is usually written in the form of
+coroutines, which makes it slightly more difficult to test using normal
+testing tools.  @code{pytest-asyncio} provides useful fixtures and markers
+to make testing async code easier.")
+    (license license:asl2.0)))
+
 (define-public python-cov-core
   (package
     (name "python-cov-core")
diff --git a/gnu/packages/chemistry.scm b/gnu/packages/chemistry.scm
index 855ae2df22..0540dfceb6 100644
--- a/gnu/packages/chemistry.scm
+++ b/gnu/packages/chemistry.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
+;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,15 +30,20 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages gl)
+  #:use-module (gnu packages graphviz)
   #:use-module (gnu packages gv)
   #:use-module (gnu packages maths)
+  #:use-module (gnu packages mpi)
+  #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
+  #:use-module (gnu packages sphinx)
   #:use-module (gnu packages xml)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
@@ -300,6 +306,126 @@ is currently not actively maintained and works only with Python 2 and
 NumPy < 1.9.")
     (license license:cecill)))
 
+(define-public tng
+  (package
+    (name "tng")
+    (version "1.8.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/gromacs/tng.git")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1apf2n8nb34z09xarj7k4jgriq283l769sakjmj5aalpbilvai4q"))))
+    (build-system cmake-build-system)
+    (inputs
+     `(("zlib" ,zlib)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-bundled-zlib
+           (lambda _
+             (delete-file-recursively "external")
+             #t))
+         (replace 'check
+           (lambda _
+             (invoke "../build/bin/tests/tng_testing")
+             #t)))))
+    (home-page "https://github.com/gromacs/tng")
+    (synopsis "Trajectory Next Generation binary format manipulation library")
+    (description "TRAJNG (Trajectory next generation) is a program library for
+handling molecular dynamics (MD) trajectories.  It can store coordinates, and
+optionally velocities and the H-matrix.  Coordinates and velocities are
+stored with user-specified precision.")
+    (license license:bsd-3)))
+
+(define-public gromacs
+  (package
+    (name "gromacs")
+    (version "2020.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://ftp.gromacs.org/pub/gromacs/gromacs-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1wyjgcdl30wy4hy6jvi9lkq53bqs9fgfq6fri52dhnb3c76y8rbl"))
+              ;; Our version of tinyxml2 is far newer than the bundled one and
+              ;; require fixing `testutils' code. See patch header for more info
+              (patches (search-patches "gromacs-tinyxml2.patch"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "-DGMX_DEVELOPER_BUILD=on" ; Needed to run tests
+             ;; Unbundling
+             "-DGMX_USE_LMFIT=EXTERNAL"
+             "-DGMX_BUILD_OWN_FFTW=off"
+             "-DGMX_EXTERNAL_BLAS=on"
+             "-DGMX_EXTERNAL_LAPACK=on"
+             "-DGMX_EXTERNAL_TNG=on"
+             "-DGMX_EXTERNAL_ZLIB=on"
+             "-DGMX_EXTERNAL_TINYXML2=on"
+             (string-append "-DTinyXML2_DIR="
+                            (assoc-ref %build-inputs "tinyxml2"))
+             ;; Workaround for cmake/FindSphinx.cmake version parsing that does
+             ;; not understand the guix-wrapped `sphinx-build --version' answer
+             (string-append "-DSPHINX_EXECUTABLE_VERSION="
+                            ,(package-version python-sphinx)))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'fixes
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Still bundled: part of gromacs, source behind registration
+             ;; but free software anyways
+             ;;(delete-file-recursively "src/external/vmd_molfile")
+             ;; Still bundled: threads-based OpenMPI-compatible fallback
+             ;; designed to be bundled like that
+             ;;(delete-file-recursively "src/external/thread_mpi")
+             ;; Unbundling
+             (delete-file-recursively "src/external/lmfit")
+             (delete-file-recursively "src/external/clFFT")
+             (delete-file-recursively "src/external/fftpack")
+             (delete-file-recursively "src/external/build-fftw")
+             (delete-file-recursively "src/external/tng_io")
+             (delete-file-recursively "src/external/tinyxml2")
+             (delete-file-recursively "src/external/googletest")
+             (copy-recursively (assoc-ref inputs "googletest-source")
+                               "src/external/googletest")
+             ;; This test warns about the build host hardware, disable
+             (substitute* "src/gromacs/hardware/tests/hardwaretopology.cpp"
+               (("TEST\\(HardwareTopologyTest, HwlocExecute\\)")
+                "void __guix_disabled()"))
+             #t)))))
+    (native-inputs
+     `(("doxygen" ,doxygen)
+       ("googletest-source" ,(package-source googletest))
+       ("graphviz" ,graphviz)
+       ("pkg-config" ,pkg-config)
+       ("python" ,python)
+       ("python-pygments" ,python-pygments)
+       ("python-sphinx" ,python-sphinx)))
+    (inputs
+     `(("fftwf" ,fftwf)
+       ("hwloc" ,hwloc-2 "lib")
+       ("lmfit" ,lmfit)
+       ("openblas" ,openblas)
+       ("perl" ,perl)
+       ("tinyxml2" ,tinyxml2)
+       ("tng" ,tng)))
+    (home-page "http://www.gromacs.org/")
+    (synopsis "Molecular dynamics software package")
+    (description "GROMACS is a versatile package to perform molecular dynamics,
+i.e. simulate the Newtonian equations of motion for systems with hundreds to
+millions of particles.  It is primarily designed for biochemical molecules like
+proteins, lipids and nucleic acids that have a lot of complicated bonded
+interactions, but since GROMACS is extremely fast at calculating the nonbonded
+interactions (that usually dominate simulations) many groups are also using it
+for research on non-biological systems, e.g. polymers.  GROMACS supports all the
+usual algorithms you expect from a modern molecular dynamics implementation.")
+    (license license:lgpl2.1+)))
+
 (define-public openbabel
   (package
     (name "openbabel")
diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm
index d318a05d71..9237a282b7 100644
--- a/gnu/packages/crates-io.scm
+++ b/gnu/packages/crates-io.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2019 Giacomo Leidi <goodoldpaul@autistici.org>
 ;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2019, 2020 John Soo <jsoo1@asu.edu>
+;;; Copyright © 2019, 2020 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
 ;;; Copyright © 2020 Leo Famulari <leo@famulari.name>
 ;;;
@@ -29,6 +30,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (gnu packages)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
@@ -36,9 +38,13 @@
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages jemalloc)
   #:use-module (gnu packages llvm)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages nettle)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
@@ -847,6 +853,59 @@ standard library.")
         ("rust-serde" ,rust-serde-1.0)
         ("rust-serde-test" ,rust-serde-test-1.0))))))
 
+(define-public rust-ascii-canvas-2
+  (package
+    (name "rust-ascii-canvas")
+    (version "2.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "ascii-canvas" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0a9s8vrbc5jr6ry5ygjyfqmbs9gyya1v6dsxzsczpai8z4nvg3pz"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t  ;; TODO: failes due to an unresolved import
+       #:cargo-inputs
+       (("rust-term" ,rust-term-0.5))))
+    (home-page "https://github.com/nikomatsakis/ascii-canvas")
+    (synopsis "Simple canvas for drawing lines and styled text and emitting to
+the terminal")
+    (description "@code{ASCII} canvas is a simple Rust library that allows you
+to draw lines and colored text and then write them to the terminal.  It uses
+the term library to handle the ANSI nonsense and hence it works on Windows,
+Mac, and Unix.")
+    (license (list license:asl2.0 license:expat))))
+
+(define-public rust-assert-cli-0.6
+  (package
+    (name "rust-assert-cli")
+    (version "0.6.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "assert-cli" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0jc1bh3cvnl66bl7s5gr1xnm0hl8d2l3gmil0pmhp5v2xp0bg6m2"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; requires `printenv`, but installing coreutils doesn't help
+       #:cargo-inputs
+       (("rust-colored" ,rust-colored-1.9)
+        ("rust-difference" ,rust-difference-2.0)
+        ("rust-environment" ,rust-environment-0.1)
+        ("rust-failure" ,rust-failure-0.1)
+        ("rust-failure-derive" ,rust-failure-derive-0.1)
+        ("rust-serde-json" ,rust-serde-json-1.0))
+       #:cargo-development-inputs
+       (("rust-docmatic" ,rust-docmatic-0.1))))
+    (home-page "https://github.com/assert-rs/assert_cli")
+    (synopsis "Test CLI Applications")
+    (description "This package helps testing CLI Applications.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-assert-matches-1.3
   (package
     (name "rust-assert-matches")
@@ -1098,6 +1157,25 @@ trace (backtrace) at runtime in a Rust program.")
        (("rust-criterion" ,rust-criterion-0.2)
         ("rust-rand" ,rust-rand-0.4))))))
 
+(define-public rust-base64-0.9
+  (package
+    (inherit rust-base64-0.11)
+    (name "rust-base64")
+    (version "0.9.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "base64" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0hs62r35bgxslawyrn1vp9rmvrkkm76fqv0vqcwd048vs876r7a8"))))
+    (arguments
+     `(#:cargo-inputs
+       (("rust-byteorder" ,rust-byteorder-1.3)
+        ("rust-safemem" ,rust-safemem-0.3))
+       #:cargo-development-inputs
+       (("rust-rand" ,rust-rand-0.4))))))
+
 (define-public rust-base-x-0.2
   (package
     (name "rust-base-x")
@@ -1386,6 +1464,40 @@ that uses Serde for transforming structs into bytes and vice versa!")
         ("rust-diff" ,rust-diff-0.1)
         ("rust-shlex" ,rust-shlex-0.1))))))
 
+(define-public rust-bindgen-0.49
+  (package/inherit rust-bindgen-0.50
+    (name "rust-bindgen")
+    (version "0.49.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "bindgen" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0vjacbvashvds5rbrlqvq5fy55wmp50iia3mnczvycap7mzhh1sc"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bitflags" ,rust-bitflags-1)
+        ("rust-cexpr" ,rust-cexpr-0.3)
+        ("rust-cfg-if" ,rust-cfg-if-0.1)
+        ("rust-clang-sys" ,rust-clang-sys-0.28)
+        ("rust-clap" ,rust-clap-2)
+        ("rust-env-logger" ,rust-env-logger-0.6)
+        ("rust-fxhash" ,rust-fxhash-0.2)
+        ("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-peeking-take-while" ,rust-peeking-take-while-0.1)
+        ("rust-proc-macro2" ,rust-proc-macro2-0.4)
+        ("rust-quote" ,rust-quote-0.6)
+        ("rust-regex" ,rust-regex-1.1)
+        ("rust-shlex" ,rust-shlex-0.1)
+        ("rust-which" ,rust-which-2.0))
+       #:cargo-development-inputs
+       (("rust-clap" ,rust-clap-2)
+        ("rust-diff" ,rust-diff-0.1)
+        ("rust-shlex" ,rust-shlex-0.1))))))
+
 (define-public rust-bindgen-0.33
   (package
     (inherit rust-bindgen-0.50)
@@ -1521,6 +1633,19 @@ behave like a set of bitflags.")
         (base32
          "0v8hh6wdkpk9my8z8442g4hqrqf05h0qj53dsay6mv18lqvqklda"))))))
 
+(define-public rust-bitflags-0.5
+  (package
+    (inherit rust-bitflags-1)
+    (name "rust-bitflags")
+    (version "0.5.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "bitflags" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "08qdq5w1nd3hzwsrxk0dxzqv4g8wbwj6v2193njskwzdd09r6rsg"))))))
+
 (define-public rust-bitstream-io-0.8
   (package
     (name "rust-bitstream-io")
@@ -1994,9 +2119,33 @@ little-endian.")
        (("rust-quickcheck" ,rust-quickcheck-0.2)
         ("rust-rand" ,rust-rand-0.3))))))
 
-(define-public rust-bytes-0.4
+(define-public rust-bytes-0.5
   (package
     (name "rust-bytes")
+    (version "0.5.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "bytes" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1q9r7si1l8vndg4n2ny2nv833ghp5vyqzk5indb9rmhd5ibaq2hk"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; FIXME requires Raus >= 1.39
+       #:cargo-inputs
+       (("rust-serde" ,rust-serde-1.0))
+       #:cargo-development-inputs
+       (("rust-loom" ,rust-loom-0.2)
+        ("rust-serde-test" ,rust-serde-test-1.0))))
+    (home-page "https://github.com/tokio-rs/bytes")
+    (synopsis "Types and traits for working with bytes")
+    (description "Types and traits for working with bytes.")
+    (license license:expat)))
+
+(define-public rust-bytes-0.4
+  (package/inherit rust-bytes-0.5
+    (name "rust-bytes")
     (version "0.4.12")
     (source
      (origin
@@ -2016,13 +2165,7 @@ little-endian.")
         ("rust-iovec" ,rust-iovec-0.1)
         ("rust-serde" ,rust-serde-1.0))
        #:cargo-development-inputs
-       (("rust-serde-test" ,rust-serde-test-1.0))))
-    (home-page "https://github.com/tokio-rs/bytes")
-    (synopsis
-     "Types and traits for working with bytes")
-    (description
-     "Types and traits for working with bytes.")
-    (license license:expat)))
+       (("rust-serde-test" ,rust-serde-test-1.0))))))
 
 (define-public rust-bytes-0.3
   (package
@@ -2262,6 +2405,101 @@ exposed as Reader/Writer streams.")
      "This package provides a callback-based event loop")
     (license license:expat)))
 
+(define-public rust-capnp-0.10
+  (package
+    (name "rust-capnp")
+    (version "0.10.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "capnp" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "17hsnmlcrzksjjpwpz51y8g36xzq8042i2cwns0lsg7rixfw2rxq"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-futures" ,rust-futures-0.1)
+        ("rust-quickcheck" ,rust-quickcheck-0.2))
+       #:cargo-development-inputs
+       (("rust-quickcheck" ,rust-quickcheck-0.2))))
+    (home-page "https://github.com/capnproto/capnproto-rust")
+    (synopsis "Runtime library for Cap'n Proto data encoding")
+    (description "This package provides a runtime library for Cap'n Proto data
+encoding.")
+    (license license:expat)))
+
+(define-public rust-capnp-futures-0.10
+  (package
+    (name "rust-capnp-futures")
+    (version "0.10.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "capnp-futures" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0qdiqkp9mh4acpa0dqhpzv2gwf949rj3m85mgwl1rih6gvgbh1zs"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-capnp" ,rust-capnp-0.10)
+        ("rust-futures" ,rust-futures-0.1))
+       #:cargo-development-inputs
+       (("rust-capnp" ,rust-capnp-0.10)
+        ("rust-quickcheck" ,rust-quickcheck-0.2))))
+    (home-page "https://github.com/capnproto/capnproto-rust")
+    (synopsis "Async serialization for Cap'n Proto messages")
+    (description "This package provides async serialization for Cap'n Proto
+messages.")
+    (license license:expat)))
+
+(define-public rust-capnp-rpc-0.10
+  (package
+    (name "rust-capnp-rpc")
+    (version "0.10.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "capnp-rpc" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1j6xg7yays1hlm1045wviyn1642yvvi2p4kba26yk07a0kafr3jn"))))
+    (build-system cargo-build-system)
+    (native-inputs
+     `(("capnproto" ,capnproto)))
+    (arguments
+     `(#:cargo-inputs
+       (("rust-capnp" ,rust-capnp-0.10)
+        ("rust-capnp-futures" ,rust-capnp-futures-0.10)
+        ("rust-futures" ,rust-futures-0.1))
+       #:cargo-development-inputs
+       (("rust-capnpc" ,rust-capnpc-0.10))))
+    (home-page "https://github.com/capnproto/capnproto-rust")
+    (synopsis "Cap'n Proto remote procedure call protocol implementation")
+    (description "This package provides an implementation of the Cap'n Proto
+remote procedure call protocol")
+    (license license:expat)))
+
+(define-public rust-capnpc-0.10
+  (package
+    (name "rust-capnpc")
+    (version "0.10.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "capnpc" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1zxbmdkr0xfzkfq9p8zn7pp9jjq275qhr8fh9a0cc0ab37yfvbyj"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs (("rust-capnp" ,rust-capnp-0.10))))
+    (home-page "https://github.com/capnproto/capnproto-rust")
+    (synopsis "Cap'n Proto code generation")
+    (description "Cap'n Proto code generation")
+    (license license:expat)))
+
 (define-public rust-caps-0.3
   (package
     (name "rust-caps")
@@ -3118,6 +3356,19 @@ CMAKE environmental variable is set.")
      "The most simple way to add colors in your terminal.")
     (license license:mpl2.0)))
 
+(define-public rust-colored-1.9.1
+  (package/inherit rust-colored-1.9
+    (name "rust-colored")
+    (version "1.9.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "colored" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0fildacm47g86acmx44yvxx6cka8fdym5qkgfm8x8gh2hsrghc7r"))))
+    (build-system cargo-build-system)))
+
 ;; This package requires features which are unavailable
 ;; on the stable releases of Rust.
 (define-public rust-compiler-builtins-0.1
@@ -4070,6 +4321,52 @@ intrinsics.")
        #:cargo-development-inputs
        (("rust-rand" ,rust-rand-0.4))))))
 
+(define-public rust-crossterm-0.13
+  (package
+    (name "rust-crossterm")
+    (version "0.13.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "crossterm" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1jw9s85mnhpkk38lihr4ildip4jhfhc3h86npncd92i4mdb257vm"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-crossterm-winapi" ,rust-crossterm-winapi-0.4)
+        ("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-mio" ,rust-mio-0.6)
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-winapi" ,rust-winapi-0.3))))
+    (home-page "https://github.com/crossterm-rs/crossterm")
+    (synopsis "Crossplatform terminal library for manipulating terminals")
+    (description "This package provides a crossplatform terminal library for
+manipulating terminals.")
+    (license license:expat)))
+
+(define-public rust-crossterm-winapi-0.4
+  (package
+    (name "rust-crossterm-winapi")
+    (version "0.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "crossterm-winapi" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1j3av8bba3f5y4n4w1vgn0iz28vdajxrli6lqxnvpddbphskmph2"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs (("rust-winapi" ,rust-winapi-0.3))))
+    (home-page "https://github.com/crossterm-rs/crossterm-winapi")
+    (synopsis "Basic simple abstractions around common WinAPI calls")
+    (description "WinAPI wrapper that provides some basic simple abstractions
+around common WinAPI calls.")
+    (license license:expat)))
+
 (define-public rust-crypto-mac-0.7
   (package
     (name "rust-crypto-mac")
@@ -4239,6 +4536,27 @@ Code} (MAC) algorithms.")
      "Bare bones CSV parsing with no_std support.")
     (license (list license:unlicense license:expat))))
 
+(define-public rust-ct-logs-0.3
+  (package
+    (name "rust-ct-logs")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "ct-logs" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1f0885ws3p49xh6dfgnhh7zjw9h4rhs9ljs8i9cnkhifzz98784f"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-sct" ,rust-sct-0.3))))
+    (home-page "https://github.com/ctz/ct-logs")
+    (synopsis "Google's list of Certificate Transparency logs")
+    (description "This package contains Google's list of Certificate
+Transparency logs for use with sct crate.")
+    (license (list license:asl2.0 license:isc license:expat))))
+
 (define-public rust-ctor-0.1
   (package
     (name "rust-ctor")
@@ -4607,6 +4925,85 @@ and arithmetic.")
     (description "Demo of proc-macro-hack.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-derive-builder-0.5
+  (package
+    (name "rust-derive-builder")
+    (version "0.5.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "derive_builder" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0fgl8dsigr7h70clxjq8xmsfc021w5ag262wfgcqv0ian1m8x6cc"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-compiletest-rs" ,rust-compiletest-rs-0.3)
+        ("rust-derive-builder-core" ,rust-derive-builder-core-0.2)
+        ("rust-env-logger" ,rust-env-logger-0.4)
+        ("rust-log" ,rust-log-0.3)
+        ("rust-quote" ,rust-quote-0.3)
+        ("rust-skeptic" ,rust-skeptic-0.9)
+        ("rust-syn" ,rust-syn-0.11))
+       #:cargo-development-inputs
+       (("rust-env-logger" ,rust-env-logger-0.4)
+        ("rust-log" ,rust-log-0.3)
+        ("rust-pretty-assertions" ,rust-pretty-assertions-0.2)
+        ("rust-skeptic" ,rust-skeptic-0.9))))
+    (home-page "https://github.com/colin-kiegel/rust-derive-builder")
+    (synopsis "Builder pattern for arbitrary structs")
+    (description "Rust macro to automatically implement the builder pattern
+for arbitrary structs.")
+    (license (list license:expat license:asl2.0))) )
+
+(define-public rust-derive-builder-core-0.2
+  (package
+    (name "rust-derive-builder-core")
+    (version "0.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "derive-builder-core" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0mxpl1ja3l60w1v5vr3733hr5mcpds2hfl6shrmy3a2zkvp28pkk"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-log" ,rust-log-0.3)
+        ("rust-quote" ,rust-quote-0.3)
+        ("rust-syn" ,rust-syn-0.11))
+       #:cargo-development-inputs
+       (("rust-pretty-assertions" ,rust-pretty-assertions-0.2))))
+    (home-page "https://github.com/colin-kiegel/rust-derive-builder")
+    (synopsis "Internal helper library for the derive_builder crate")
+    (description "Internal helper library for the derive_builder crate.")
+    (license (list license:expat license:asl2.0))))
+
+(define-public rust-derive-new-0.5
+  (package
+    (name "rust-derive-new")
+    (version "0.5.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "derive-new" version))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32 "1ncibp4jhpkym7namg3viqyw8hljd32n6abg64af8qjwrn91iwvi"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-proc-macro2" ,rust-proc-macro2-1.0)
+        ("rust-quote" ,rust-quote-1.0)
+        ("rust-syn" ,rust-syn-1.0))))
+    (home-page "https://github.com/nrc/derive-new")
+    (synopsis "Simple constructor functions for structs and enums")
+    (description "`#[derive(new)]` implements simple constructor functions for
+structs and enums.")
+  (license license:expat)))
+
 (define-public rust-diff-0.1
   (package
     (name "rust-diff")
@@ -4660,6 +5057,24 @@ and arithmetic.")
      "This package provides a Rust text diffing and assertion library.")
     (license license:expat)))
 
+(define-public rust-difference-1
+  (package/inherit rust-difference-2.0
+    (name "rust-difference")
+    (version "1.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "difference" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1a5v0b73z7vywbclll32wjsfkdgh6wn9prnq91z0d3lag4clsc5k"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-getopts" ,rust-getopts-0.2))
+       #:cargo-development-inputs
+       (("rust-term" ,rust-term-0.2))))))
+
 (define-public rust-digest-0.8
   (package
     (name "rust-digest")
@@ -4870,6 +5285,26 @@ system libraries.")
 from macros.")
     (license license:expat)))
 
+(define-public rust-docmatic-0.1
+  (package
+    (name "rust-docmatic")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "docmatic" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1hx85n266lxswqxrbbinqlhi1qcnjgd4cc7v42abg72kmz7fnn4d"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-which" ,rust-which-2.0))))
+    (home-page "https://github.com/assert-rs/docmatic")
+    (synopsis "Test Rust examples in your documentation")
+    (description "Test Rust examples in your documentation.")
+    (license license:expat)))
+
 (define-public rust-docopt-1.1
   (package
     (name "rust-docopt")
@@ -4895,6 +5330,25 @@ from macros.")
     (description "Command line argument parsing.")
     (license (list license:expat license:unlicense))))
 
+(define-public rust-docopt-0.8
+  (package/inherit rust-docopt-1.1
+    (name "rust-docopt")
+    (version "0.8.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "docopt" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0jha611mffc2qnxvdl3pmglz07akl99lk1vihhb3nl1cd69x7b6q"))))
+    (arguments
+     `(#:cargo-inputs
+       (("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-regex" ,rust-regex-0.2)
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-serde-derive" ,rust-serde-derive-1.0)
+        ("rust-strsim" ,rust-strsim-0.6))))))
+
 (define-public rust-docopt-0.7
   (package
     (inherit rust-docopt-1.1)
@@ -4958,6 +5412,31 @@ from macros.")
 parameters, associated types, and type constraints.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-dogged-0.2
+  (package
+    (name "rust-dogged")
+    (version "0.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "dogged" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0yk5l6qqidl5y935x15gi9kkd6niim1wb64r1l7kdzl9jw8dyf16"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t
+       #:cargo-development-inputs
+       (("rust-rand" ,rust-rand-0.3))))
+    (home-page "https://github.com/nikomatsakis/dogged")
+    (synopsis "Persistent vector, similar to Clojure")
+    (description "This package experimental persistent collections in Rust.
+Based on a digit-indexed trie, as in Clojure.  Supports @code{push()},
+@code{get()}, and @code{get_mut()} as its primitive operations for now.  All
+O(1)-in-practice, if not in theory, but obviously not as fast as a
+non-persistent vector.")
+    (license (list license:asl2.0 license:expat))))
+
 (define-public rust-draw-state-0.8
   (package
     (name "rust-draw-state")
@@ -5175,6 +5654,30 @@ floating-point primitives to an @code{io::Write}.")
 inclusion of Windows resources in the most resilient fashion imaginable.")
     (license license:expat)))
 
+(define-public rust-ena-0.13
+  (package
+    (name "rust-ena")
+    (version "0.13.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "ena" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0dkggq0qwv140y2kjfd4spp77zi3v7vnpm4bfy7s7r4cla7xqi49"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-dogged" ,rust-dogged-0.2)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-petgraph" ,rust-petgraph-0.4))))
+    (home-page "https://github.com/rust-lang/ena")
+    (synopsis "Union-find, congruence closure, and other unification code")
+    (description "This package provides an implementation of union-find /
+congruence-closure in Rust.  It was extracted from rustc for independent
+experimentation.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-encode-unicode-0.3
   (package
     (name "rust-encode-unicode")
@@ -5552,6 +6055,26 @@ is configured via an environment variable.")
        (("rust-regex" ,rust-regex-0.1)
         ("rust-log" ,rust-log-0.3))))))
 
+(define-public rust-environment-0.1
+  (package
+    (name "rust-environment")
+    (version "0.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "environment" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1vh32mcxf3z8xaibwv751zj14d08nh7iwk1vqdj90rkq17i18jqz"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f)) ;; 3/6 tests fail due to missing file
+    (home-page "https://github.com/Freyskeyd/environment")
+    (synopsis "Helper to deal with environment variables")
+    (description "This package provides helper to deal with environment
+variables.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-envmnt-0.6
   (package
     (name "rust-envmnt")
@@ -5804,6 +6327,27 @@ is configured via an environment variable.")
     (description "XML parser library written in C")
     (license license:expat)))
 
+(define-public rust-expectest-0.9
+  (package
+    (name "rust-expectest")
+    (version "0.9.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "expectest" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0f24q2a53x7sfmmrqjbwbk7pahzwkpd829fcr023kb7q5xnd6z4g"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-num-traits" ,rust-num-traits-0.1))))
+    (home-page "https://github.com/zummenix/expectest")
+    (synopsis "Matchers and matcher functions for unit testing")
+    (description "This crate provides matchers and matcher functions for unit
+testing.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-fake-simd-0.1
   (package
     (name "rust-fake-simd")
@@ -5900,6 +6444,23 @@ provides implementations for @code{HashMap} and @code{HashSet}.")
     (license (list license:asl2.0
                    license:expat))))
 
+(define-public rust-fallible-streaming-iterator-0.1
+  (package
+    (name "rust-fallible-streaming-iterator")
+    (version "0.1.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "fallible-streaming-iterator" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0nj6j26p71bjy8h42x6jahx1hn0ng6mc2miwpgwnp8vnwqf4jq3k"))))
+    (build-system cargo-build-system)
+    (home-page "https://github.com/sfackler/fallible-streaming-iterator")
+    (synopsis "Fallible streaming iteration")
+    (description "Fallible streaming iteration")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-fern-0.5
   (package
     (name "rust-fern")
@@ -6465,6 +7026,31 @@ values to other threads.")
      "This package provides low level binding for FreeType font library.")
     (license license:expat)))
 
+(define-public rust-fs2-0.4
+  (package
+    (name "rust-fs2")
+    (version "0.4.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "fs2" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "04v2hwk7035c088f19mfl5b1lz84gnvv2hv6m935n0hmirszqr4m"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; "#![feature] may not be used on stable release channel"
+       #:cargo-inputs
+       (("rust-libc" ,rust-libc-0.2)
+        ("rust-winapi" ,rust-winapi-0.3))
+       #:cargo-development-inputs
+       (("rust-tempdir" ,rust-tempdir-0.3))))
+    (home-page "https://github.com/danburkert/fs2-rs")
+    (synopsis "Cross-platform file locks and file duplication")
+    (description "This package provides cross-platform file locks and file
+duplication.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-fs-extra-1.1
   (package
     (name "rust-fs-extra")
@@ -7099,6 +7685,25 @@ futures-rs library.")
     (description "Tools for working with tasks.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-futures-timer-0.1
+  (package
+    (name "rust-futures-timer")
+    (version "0.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "futures-timer" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0hw0nlyrq5an6l6y8md1rg6r380zrddvmh9cg0h64xfwnvlxzkm5"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs (("rust-futures" ,rust-futures-0.1))))
+    (home-page "https://github.com/async-rs/futures-timer")
+    (synopsis "Timeouts for futures")
+    (description "Timeouts for futures.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-futures-util-0.3
   (package
     (name "rust-futures-util")
@@ -8716,6 +9321,49 @@ standard printing of search results, similar to grep itself.")
 of gzip files based on the gzip header implementation in the @code{flate2} crate.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-h2-0.1
+  (package
+    (name "rust-h2")
+    (version "0.1.26")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "h2" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0qn457y8xh03p7c7cpk76r22gqpyqxc58g5022j3iya7d0j4rcx5"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; TODO missing indirect dependency
+       #:cargo-inputs
+       (("rust-byteorder" ,rust-byteorder-1.3)
+        ("rust-bytes" ,rust-bytes-0.4)
+        ("rust-fnv" ,rust-fnv-1.0)
+        ("rust-futures" ,rust-futures-0.1)
+        ("rust-http" ,rust-http-0.1)
+        ("rust-indexmap" ,rust-indexmap-1.0)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-slab" ,rust-slab-0.4)
+        ("rust-string" ,rust-string-0.2)
+        ("rust-tokio-io" ,rust-tokio-io-0.1))
+       #:cargo-development-inputs
+       (("rust-env-logger" ,rust-env-logger-0.5)
+        ("rust-hex" ,rust-hex-0.2)
+        ("rust-quickcheck" ,rust-quickcheck-0.4)
+        ("rust-rand" ,rust-rand-0.3)
+        ;;("rust-rustls" ,rust-rustls-0.12) requires 0.5
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-serde-json" ,rust-serde-json-1.0)
+        ("rust-tokio" ,rust-tokio-0.1)
+        ("rust-tokio-rustls" ,rust-tokio-rustls-0.12)
+        ("rust-walkdir" ,rust-walkdir-1.0)
+        ("rust-webpki" ,rust-webpki-0.21)
+        ("rust-webpki-roots" ,rust-webpki-roots-0.17))))
+    (home-page "https://github.com/hyperium/h2")
+    (synopsis "HTTP/2.0 client and server")
+    (description "This packages provides a HTTP/2.0 client and server.")
+    (license license:expat)))
+
 (define-public rust-half-1.3
   (package
     (name "rust-half")
@@ -8966,6 +9614,19 @@ hexadecimal representation.")
          (base32
           "0xsdcjiik5j750j67zk42qdnmm4ahirk3gmkmcqgq7qls2jjcl40"))))))
 
+(define-public rust-hex-0.2
+  (package
+    (inherit rust-hex-0.4)
+    (name "rust-hex")
+    (version "0.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "hex" version))
+       (file-name (string-append name "-" version ".crate"))
+       (sha256
+        (base32 "1ajkw40qzn2ygnqjj9w584f6l31wi318258n84pn2hax8la2i8nn"))))))
+
 (define-public rust-hex-literal-0.2
   (package
     (name "rust-hex-literal")
@@ -9109,9 +9770,41 @@ compile time.")
      "High-performance browser-grade HTML5 parser.")
     (license (list license:asl2.0 license:expat))))
 
-(define-public rust-http-0.1
+(define-public rust-http-0.2
   (package
     (name "rust-http")
+    (version "0.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "http" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1y827q7j0gvs8z2x12biaik9db6nb902lpqv889cbcj84sbnkm98"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; FIXME requires Rust >= 1.39 for building
+       #:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.5)
+        ("rust-fnv" ,rust-fnv-1.0)
+        ("rust-itoa" ,rust-itoa-0.4))
+       #:cargo-development-inputs
+       (("rust-doc-comment" ,rust-doc-comment-0.3)
+        ("rust-indexmap" ,rust-indexmap-1.0)
+        ("rust-quickcheck" ,rust-quickcheck-0.9)
+        ("rust-rand" ,rust-rand-0.7)
+        ("rust-seahash" ,rust-seahash-3.0)
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-serde-json" ,rust-serde-json-1.0))))
+    (home-page "https://github.com/hyperium/http")
+    (synopsis "Set of types for representing HTTP requests and responses")
+    (description "This package provides a set of types for representing HTTP
+requests and responses.")
+    (license (list license:asl2.0 license:expat))))
+
+(define-public rust-http-0.1
+  (package/inherit rust-http-0.2
+    (name "rust-http")
     (version "0.1.17")
     (source
      (origin
@@ -9122,7 +9815,6 @@ compile time.")
        (sha256
         (base32
          "06icxvrd26r6s7dzjavja7r47hgjb9851wblqh8frxnsy3q29lzf"))))
-    (build-system cargo-build-system)
     (arguments
      `(#:skip-build? #t
        #:cargo-inputs
@@ -9135,13 +9827,49 @@ compile time.")
         ("rust-rand" ,rust-rand-0.4)
         ("rust-seahash" ,rust-seahash-3.0)
         ("rust-serde" ,rust-serde-1.0)
-        ("rust-serde-json" ,rust-serde-json-1.0))))
-    (home-page "https://github.com/hyperium/http")
-    (synopsis "Set of types for representing HTTP requests and responses")
-    (description
-     "This package provides a set of types for representing HTTP
-requests and responses.")
-    (license (list license:asl2.0 license:expat))))
+        ("rust-serde-json" ,rust-serde-json-1.0))))))
+
+(define-public rust-http-body-0.3
+  (package
+    (name "rust-http-body")
+    (version "0.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "http-body" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "06qi0ni45lb92w3ml260c0bxbq5zd4snjmz0a9k69xq6021zzm8k"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; FIXME requires Rust >= 1.39 for building
+       #:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.5)
+        ("rust-http" ,rust-http-0.2))))
+    (home-page "https://github.com/hyperium/http-body")
+    (synopsis "Asynchronous, streaming, HTTP request or response body")
+    (description "Trait representing an asynchronous, streaming, HTTP request
+or response body.")
+    (license license:expat)))
+
+(define-public rust-http-body-0.1
+  (package/inherit rust-http-body-0.3
+    (name "rust-http-body")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "http-body" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0b99404k4mw6a92hvyr0qwzkqv4f866ykg0x7913limjq5cwhhb7"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.4)
+        ("rust-futures" ,rust-futures-0.1)
+        ("rust-http" ,rust-http-0.1)
+        ("rust-tokio-buf" ,rust-tokio-buf-0.1))))))
 
 (define-public rust-http-req-0.5
   (package
@@ -9239,6 +9967,89 @@ SystemTime}}.")
         (base32
          "057ilhy6vc9iqhhby5ymh45m051pgxwq2z437gwkbnqhw7rfb9rw"))))))
 
+(define-public rust-hyper-0.12
+  (package
+    (name "rust-hyper")
+    (version "0.12.35")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "hyper" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1xnm8zi4bdjqhlnx3238kx8yjf29jjd1ww54apcql7wf8g8nxglx"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; fails due to some missing example file
+       #:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.4)
+        ("rust-futures" ,rust-futures-0.1)
+        ("rust-futures-cpupool" ,rust-futures-cpupool-0.1)
+        ("rust-h2" ,rust-h2-0.1)
+        ("rust-http" ,rust-http-0.1)
+        ("rust-http-body" ,rust-http-body-0.1)
+        ("rust-httparse" ,rust-httparse-1.3)
+        ("rust-iovec" ,rust-iovec-0.1)
+        ("rust-itoa" ,rust-itoa-0.4)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-net2" ,rust-net2-0.2)
+        ("rust-time" ,rust-time-0.1)
+        ("rust-tokio" ,rust-tokio-0.1)
+        ("rust-tokio-buf" ,rust-tokio-buf-0.1)
+        ("rust-tokio-executor" ,rust-tokio-executor-0.1)
+        ("rust-tokio-io" ,rust-tokio-io-0.1)
+        ("rust-tokio-reactor" ,rust-tokio-reactor-0.1)
+        ("rust-tokio-tcp" ,rust-tokio-tcp-0.1)
+        ("rust-tokio-threadpool" ,rust-tokio-threadpool-0.1)
+        ("rust-tokio-timer" ,rust-tokio-timer-0.2)
+        ("rust-want" ,rust-want-0.2))
+       #:cargo-development-inputs
+       (("rust-futures-timer" ,rust-futures-timer-0.1)
+        ("rust-num-cpus" ,rust-num-cpus-1.10)
+        ("rust-rustc-version" ,rust-rustc-version-0.2)
+        ("rust-pretty-env-logger" ,rust-pretty-env-logger-0.3)
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-serde-derive" ,rust-serde-derive-1.0)
+        ("rust-serde-json" ,rust-serde-json-1.0)
+        ("rust-spmc" ,rust-spmc-0.3)
+        ("rust-tokio-fs" ,rust-tokio-fs-0.1)
+        ("rust-tokio-mockstream" ,rust-tokio-mockstream-1)
+        ("rust-url" ,rust-url-1.7))))
+    (home-page "https://hyper.rs")
+    (synopsis "Fast and correct HTTP library")
+    (description "This package provides a fast and correct HTTP library.")
+    (license license:expat)) )
+
+(define-public rust-hyper-tls-0.3
+  (package
+    (name "rust-hyper-tls")
+    (version "0.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "hyper-tls" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0kqp4sz8613j6nv375wfj3gh95ff4nb6a3rb1f2vbx0almm0v01s"))))
+    (build-system cargo-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("openssl" ,openssl)))
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.4)
+        ("rust-futures" ,rust-futures-0.1)
+        ("rust-hyper" ,rust-hyper-0.12)
+        ("rust-native-tls" ,rust-native-tls-0.2)
+        ("rust-tokio-io" ,rust-tokio-io-0.1))
+       #:cargo-development-inputs
+       (("rust-tokio" ,rust-tokio-0.1))))
+    (home-page "https://hyper.rs")
+    (synopsis "Default TLS implementation for use with hyper")
+    (description "Default TLS implementation for use with hyper")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-idna-0.2
   (package
     (name "rust-idna")
@@ -10201,6 +11012,67 @@ currently supports parsing (fully conformant parser), formatting and comparing
 language tags.")
     (license license:expat)))
 
+(define-public rust-lalrpop-0.17
+  (package
+    (name "rust-lalrpop")
+    (version "0.17.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "lalrpop" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1nv7ma8cgw3r1fcma7gy06fwwlpl4fkz91mxv5kjhiaxwyc3dp34"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+      (("rust-ascii-canvas" ,rust-ascii-canvas-2)
+       ("rust-atty" ,rust-atty-0.2)
+       ("rust-bit-set" ,rust-bit-set-0.5)
+       ("rust-diff" ,rust-diff-0.1)
+       ("rust-docopt" ,rust-docopt-1.1)
+       ("rust-ena" ,rust-ena-0.13)
+       ("rust-itertools" ,rust-itertools-0.8)
+       ("rust-lalrpop-util" ,rust-lalrpop-util-0.17)
+       ("rust-petgraph" ,rust-petgraph-0.4)
+       ("rust-regex" ,rust-regex-1.3)
+       ("rust-regex-syntax" ,rust-regex-syntax-0.6)
+       ("rust-serde" ,rust-serde-1.0)
+       ("rust-serde-derive" ,rust-serde-derive-1.0)
+       ("rust-sha2" ,rust-sha2-0.8)
+       ("rust-string-cache" ,rust-string-cache-0.7)
+       ("rust-term" ,rust-term-0.5)
+       ("rust-unicode-xid" ,rust-unicode-xid-0.2))
+      #:cargo-development-inputs
+      (("rust-rand" ,rust-rand-0.6))))
+    (home-page "https://github.com/lalrpop/lalrpop")
+    (synopsis "Convenient LR(1) parser generator for Rust")
+    (description "LALRPOP is a Rust parser generator framework with usability
+as its primary goal.  You should be able to write compact, DRY, readable
+grammars.")
+    (license (list license:asl2.0 license:expat))))
+
+(define-public rust-lalrpop-util-0.17
+  (package
+    (name "rust-lalrpop-util")
+    (version "0.17.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "lalrpop-util" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0z4bjn3g9232n1im5p6mn9mwlvw5aj5iac6hbjmljqxkhf3d2xy2"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-regex" ,rust-regex-1.3))))
+  (home-page "https://github.com/lalrpop/lalrpop")
+  (synopsis "Runtime library for parsers generated by LALRPOP")
+  (description "THis package provides the runtime library for parsers
+generated by LALRPOP.")
+  (license (list license:asl2.0 license:expat))))
+
 (define-public rust-lazy-static-1.4
   (package
     (name "rust-lazy-static")
@@ -10372,6 +11244,26 @@ values of all the exported APIs match the platform that libc is compiled for.")
     (license (list license:expat
                    license:asl2.0))))
 
+(define-public rust-libc-print-0.1
+  (package
+    (name "rust-libc-print")
+    (version "0.1.11")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "libc-print" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1sh4l815w7zxg8w17fvwj63y421sjqxxrdamzwyvg90n6mr70phv"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs (("rust-libc" ,rust-libc-0.2))))
+    (home-page "https://github.com/mmastrac/rust-libc-print")
+    (synopsis "Println! and eprintln! without stdlib")
+    (description "This package provices @code{println!} and @code{eprintln!}
+macros on libc without stdlib.")
+    (license (list license:asl2.0 license:expat))))
+
 (define-public rust-libgit2-sys-0.10
   (package
     (name "rust-libgit2-sys")
@@ -10561,6 +11453,32 @@ functions and static variables these libraries contain.")
     (license (list license:asl2.0
                    license:expat))))
 
+(define-public rust-libsqlite3-sys-0.15
+  (package
+    (name "rust-libsqlite3-sys")
+    (version "0.15.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "libsqlite3-sys" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "104n0s4f46zprppjq6y82y0wjh1r2cgwzw26w914yj30rizy1cbj"))))
+    (build-system cargo-build-system)
+    (inputs
+     `(("sqlite" ,sqlite)))
+    (arguments
+     `(#:cargo-inputs
+       ;; build dependencies
+       (("rust-bindgen" ,rust-bindgen-0.49)
+        ("rust-cc" ,rust-cc-1.0)
+        ("rust-pkg-config" ,rust-pkg-config-0.3)
+        ("rust-vcpkg" ,rust-vcpkg-0.2))))
+    (home-page "https://github.com/rusqlite/rusqlite")
+    (synopsis "Native bindings to the libsqlite3 library")
+    (description "Native bindings to the libsqlite3 library")
+    (license license:expat)))
+
 (define-public rust-libz-sys-1.0
   (package
     (name "rust-libz-sys")
@@ -10917,9 +11835,57 @@ by inspecting the system for user preference.")
      `(#:cargo-inputs
        (("rust-log" ,rust-log-0.4))))))
 
-(define-public rust-loom-0.1
+(define-public rust-loom-0.3
   (package
     (name "rust-loom")
+    (version "0.3.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "loom" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "10z738ig6vgvwc2kxjhjdr5b29p3ribk5f6gg6ak0xjxhjb4cnkc"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; TODO fails due to unresolved import
+       #:cargo-inputs
+       (("rust-cfg-if" ,rust-cfg-if-0.1)
+        ("rust-futures-util" ,rust-futures-util-0.3)
+        ("rust-generator" ,rust-generator-0.6)
+        ("rust-scoped-tls" ,rust-scoped-tls-0.1)
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-serde-json" ,rust-serde-json-1.0))))
+    (home-page "https://github.com/tokio-rs/loom")
+    (synopsis "Permutation testing for concurrent code")
+    (description "Permutation testing for concurrent code")
+    (license license:expat)))
+
+(define-public rust-loom-0.2
+  (package/inherit rust-loom-0.3
+    (name "rust-loom")
+    (version "0.2.13")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "loom" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0qwvwbpnxff5m6647v9rc9i6ak8ral4jy0br5xx1s9a5zcd3xddh"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-cfg-if" ,rust-cfg-if-0.1)
+        ("rust-futures-util" ,rust-futures-util-0.3)
+        ("rust-generator" ,rust-generator-0.6)
+        ("rust-scoped-tls" ,rust-scoped-tls-0.1)
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-serde-test" ,rust-serde-test-1.0)
+        ("rust-serde-json" ,rust-serde-json-1.0))))))
+
+(define-public rust-loom-0.1
+  (package/inherit rust-loom-0.3
+    (name "rust-loom")
     (version "0.1.1")
     (source
      (origin
@@ -10930,7 +11896,6 @@ by inspecting the system for user preference.")
        (sha256
         (base32
          "1jmp5mffwwyqgp914cwz92ij2s6vk1hsnkvgndvzw74xrcfraibj"))))
-    (build-system cargo-build-system)
     (arguments
      `(#:cargo-inputs
        (("rust-cfg-if" ,rust-cfg-if-0.1)
@@ -10939,11 +11904,29 @@ by inspecting the system for user preference.")
         ("rust-scoped-tls" ,rust-scoped-tls-0.1)
         ("rust-serde" ,rust-serde-1.0)
         ("rust-serde-derive" ,rust-serde-derive-1.0)
-        ("rust-serde-json" ,rust-serde-json-1.0))))
-    (home-page "https://github.com/tokio-rs/loom")
-    (synopsis "Model checker for concurrent code")
-    (description "Model checker for concurrent code.")
-    (license license:expat)))
+        ("rust-serde-json" ,rust-serde-json-1.0))))))
+
+(define-public rust-lru-cache-0.1
+  (package
+    (name "rust-lru-cache")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "lru-cache" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "071viv6g2p3akwqmfb3c8vsycs5n7kr17b70l7la071jv0d4zqii"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-heapsize" ,rust-heapsize-0.4)
+        ("rust-linked-hash-map" ,rust-linked-hash-map-0.5))))
+    (home-page "https://github.com/contain-rs/lru-cache")
+    (synopsis "Cache that holds a limited number of key-value pairs")
+    (description "This package provides a cache that holds a limited number of
+key-value pairs.")
+    (license (list license:expat license:asl2.0))))
 
 (define-public rust-lscolors-0.6
   (package
@@ -11095,6 +12078,24 @@ implementation of LZMA and xz stream encoding/decoding.")
      "This package provides a collection of great and ubiqutitous macros.")
     (license (list license:asl2.0 license:expat))))
 
+(define-public rust-mach-o-sys-0.1
+  (package
+    (name "rust-mach-o-sys")
+    (version "0.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "mach-o-sys" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "09l8p7nmzq37450x2h6nb7dzg1sk6dk36a5rkcrcy81zm21lb19y"))))
+    (build-system cargo-build-system)
+    (home-page "https://github.com/fitzgen/mach_o_sys")
+    (synopsis "Bindings to the OSX mach-o system library")
+    (description "This package provides bindings to the OSX mach-o system
+library")
+  (license (list license:asl2.0 license:expat))))
+
 (define-public rust-make-cmd-0.1
   (package
     (name "rust-make-cmd")
@@ -11518,6 +12519,30 @@ for Rust structs.")
          "1cvm2z7dy138s302ii7wlzcxbka5a8yfl5pl5di7lbdnw9hw578g"))))
     (arguments `(#:skip-build? #t))))
 
+(define-public rust-memsec-0.5
+  (package
+    (name "rust-memsec")
+    (version "0.5.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "memsec" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "13ir50j549gdz94pds1i7ljnk14d66q5x91s11hncm1pih7jif8c"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-getrandom" ,rust-getrandom-0.1)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-mach-o-sys" ,rust-mach-o-sys-0.1)
+        ("rust-winapi" ,rust-winapi-0.3))))
+    (home-page "https://github.com/quininer/memsec")
+    (synopsis "Rust implementation of libsodium/utils")
+    (description "This package provides a Rust implementation of
+@code{libsodium/utils}.")
+    (license license:expat)))
+
 (define-public rust-metadeps-1.1
   (package
     (name "rust-metadeps")
@@ -12161,6 +13186,79 @@ types as proposed in RFC 1158.")
     (license (list license:asl2.0
                    license:expat))))
 
+(define-public rust-nettle-7
+  (package
+    (name "rust-nettle")
+    (version "7.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "nettle" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1n6dwy9zba8853bmxzhwaashd3np0wxpx0pj43brm0hb8n2sxbxi"))
+       (patches (search-patches "rust-nettle-disable-vendor.patch"))))
+    (build-system cargo-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("clang" ,clang)
+       ("gmp" ,gmp)
+       ("nettle" ,nettle)))
+    (arguments
+     `(#:skip-build? #t ;; provides nothing, has no tests
+       #:cargo-inputs
+       (("rust-getrandom" ,rust-getrandom-0.1)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-nettle-sys" ,rust-nettle-sys-2)
+        ("rust-thiserror" ,rust-thiserror-1.0))
+       #:cargo-development-inputs
+       (("rust-bindgen" ,rust-bindgen-0.51)
+        ("rust-pkg-config" ,rust-pkg-config-0.3))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'set-missing-env-vars
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; FIXME: why do we need to set this?
+             (setenv "LIBCLANG_PATH"
+                     (string-append (assoc-ref inputs "clang") "/lib"))
+             #t)))))
+    (home-page "https://gitlab.com/sequoia-pgp/nettle-rs")
+  (synopsis "Rust bindings for the Nettle cryptographic library")
+  (description "This package provides Rust bindings for the Nettle
+cryptographic library.")
+  (license (list license:lgpl3 license:gpl2 license:gpl3))))
+
+(define-public rust-nettle-sys-2
+  (package
+    (name "rust-nettle-sys")
+    (version "2.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "nettle-sys" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1yq1w6dlcmg89x529i7s20j29afdhgim7qnsa7978fszzwrr6qmq"))
+       (patches (search-patches "rust-nettle-sys-disable-vendor.patch"))))
+    (build-system cargo-build-system)
+    (native-inputs
+     `(("clang" ,clang)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("nettle", nettle)))
+    (arguments
+     `(#:skip-build? #t
+       #:cargo-development-inputs
+       (("rust-bindgen" ,rust-bindgen-0.51)
+        ("rust-pkg-config" ,rust-pkg-config-0.3))))
+    (home-page "https://gitlab.com/sequoia-pgp/nettle-sys")
+    (synopsis "Low-level Rust bindings for the Nettle cryptographic library")
+    (description "This package provides low-level Rust bindings for the Nettle
+cryptographic library.")
+    (license ;; licensed under either of these, at your option
+     (list license:lgpl3 license:gpl2 license:gpl3))))
+
 (define-public rust-new-debug-unreachable-1.0
   (package
     (name "rust-new-debug-unreachable")
@@ -13876,6 +14974,36 @@ normally prevent moving a type that has been borrowed from.")
     (description "This package provides FFI bindings to libgtk-3.")
     (license license:expat)))
 
+(define-public rust-parity-tokio-ipc-0.4
+  (package
+    (name "rust-parity-tokio-ipc")
+    (version "0.4.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "parity-tokio-ipc" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1gzifrrpiw78p6dq9ax64vhffc4h6mwg6jazpfgkz8zy0jjzwmqy"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.4)
+        ("rust-futures" ,rust-futures-0.1)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-mio-named-pipes" ,rust-mio-named-pipes-0.1)
+        ("rust-miow" ,rust-miow-0.3)
+        ("rust-rand" ,rust-rand-0.7)
+        ("rust-tokio" ,rust-tokio-0.1)
+        ("rust-tokio-named-pipes" ,rust-tokio-named-pipes-0.1)
+        ("rust-tokio-uds" ,rust-tokio-uds-0.2)
+        ("rust-winapi" ,rust-winapi-0.3))))
+    (home-page "https://github.com/nikvolf/parity-tokio-ipc")
+    (synopsis "Interprocess communication library for tokio")
+    (description "Interprocess communication library for tokio.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-parity-wasm-0.41
   (package
     (name "rust-parity-wasm")
@@ -15134,6 +16262,29 @@ interactive applications.")
      "This package provides a library for window abstraction.")
     (license license:expat)))
 
+(define-public rust-pin-project-lite-0.1
+  (package
+    (name "rust-pin-project-lite")
+    (version "0.1.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "pin-project-lite" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1bljczwz9yyb6jskjhbkilcbdg7v1mhfwzp2mxknzf7v1isl8y13"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-development-inputs
+       (("rust-rustversion" ,rust-rustversion-1.0)
+        ("rust-trybuild" ,rust-trybuild-1.0))))
+    (home-page "https://github.com/taiki-e/pin-project-lite")
+    (synopsis "Lightweight version of pin-project written with declarative
+macros")
+    (description "This package provides a lightweight version of pin-project
+written with declarative macros.")
+    (license (list license:asl2.0 license:expat))))
+
 (define-public rust-pkg-config-0.3
   (package
     (name "rust-pkg-config")
@@ -15498,6 +16649,27 @@ dependency to expose a precomputed hash.")
 replacements, adding colorful diffs.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-pretty-assertions-0.2
+  (package
+    (name "rust-pretty-assertions")
+    (version "0.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "pretty-assertions" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1b3nv70i16737w3qkk1q5vqswwnb19znz8r9v2kcg1qyhh3h0l8x"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-difference" ,rust-difference-1))))
+    (home-page "https://github.com/colin-kiegel/rust-pretty-assertions")
+    (synopsis "Colorful diffs for `assert_eq!` and `assert_ne!`")
+    (description "Overwrite `assert_eq!` and `assert_ne!` with drop-in
+replacements, adding colorful diffs.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-pretty-env-logger-0.3
   (package
     (name "rust-pretty-env-logger")
@@ -15523,6 +16695,32 @@ replacements, adding colorful diffs.")
     (description "This package provides a visually pretty env_logger.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-prettytable-rs-0.8
+  (package
+    (name "rust-prettytable-rs")
+    (version "0.8.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "prettytable-rs" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0bmcsxkcy94hi0jz5db0fz137w5aaf17z2j1ryn2vyh400blpl0g"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-atty" ,rust-atty-0.2)
+        ("rust-csv" ,rust-csv-1.1)
+        ("rust-encode-unicode" ,rust-encode-unicode-0.3)
+        ("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-term" ,rust-term-0.5)
+        ("rust-unicode-width" ,rust-unicode-width-0.1))))
+    (home-page "https://github.com/phsym/prettytable-rs")
+    (synopsis "Library for printing pretty formatted tables in terminal")
+    (description "This package provides a library for printing pretty
+formatted tables in terminal.")
+    (license license:bsd-3)))
+
 (define-public rust-proc-macro-error-0.4
   (package
     (name "rust-proc-macro-error")
@@ -15916,6 +17114,23 @@ stack pointer and inspect the properties of the stack.")
      "This package provides a pull parser for CommonMark.")
     (license license:expat)))
 
+(define-public rust-pulldown-cmark-0.0.8
+  (package/inherit rust-pulldown-cmark-0.4
+    (name "rust-pulldown-cmark")
+    (version "0.0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "pulldown-cmark" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0hbg68h1w48cp72n95hjmbm70jrb5khc9vipcmjng83wjaxxfn0h"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bitflags" ,rust-bitflags-0.5)
+        ("rust-getopts" ,rust-getopts-0.2))))))
+
 (define-public rust-quantiles-0.7
   (package
     (name "rust-quantiles")
@@ -17025,6 +18240,28 @@ accessors.")
         ("rust-serde" ,rust-serde-1.0)
         ("rust-serde-derive" ,rust-serde-derive-1.0))))))
 
+(define-public rust-rayon-0.8
+  (package/inherit rust-rayon-1.3
+    (name "rust-rayon")
+    (version "0.8.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "rayon" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1j2l9x98ma63qkh9w8zik0vcpwqf9cvc2ynh66ibjp36nq4gw55n"))))
+    (arguments
+     `(#:skip-build? #t
+       #:cargo-inputs
+       (("rust-rayon-core" ,rust-rayon-core-1.7))
+      #:cargo-development-inputs
+      (("rust-compiletest-rs" ,rust-compiletest-rs-0.2)
+       ("rust-docopt" ,rust-docopt-0.7)
+       ("rust-futures" ,rust-futures-0.1)
+       ("rust-rand" ,rust-rand-0.3)
+       ("rust-rustc-serialize" ,rust-rustc-serialize-0.3))))))
+
 (define-public rust-rayon-core-1.7
   (package
     (name "rust-rayon-core")
@@ -17620,6 +18857,56 @@ uses finite automata and guarantees linear time matching on all inputs.")
     (license (list license:asl2.0
                    license:expat))))
 
+(define-public rust-ring-0.16
+  (package
+    (name "rust-ring")
+    (version "0.16.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "ring" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "033sb54dlmiqdivc8v9ykkq3v08lzy0syjf5k1nag2gfcknai98v"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-lazy-static" ,rust-lazy-static-1.3)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-spin" ,rust-spin-0.5)
+        ("rust-untrusted" ,rust-untrusted-0.7)
+        ("rust-web-sys" ,rust-web-sys-0.3)
+        ("rust-winapi" ,rust-winapi-0.3)
+        ;; build dependencies
+        ("rust-cc" ,rust-cc-1.0))
+       #:cargo-development-inputs
+       (("rust-libc" ,rust-libc-0.2)
+        ("rust-wasm-bindgen-test" ,rust-wasm-bindgen-test-0.2))))
+    (home-page "https://github.com/briansmith/ring")
+    (synopsis "Safe, fast, small crypto using Rust")
+    (description "This package provided safe, fast, small crypto using Rust.")
+    (license (list license:isc license:openssl))))
+
+(define-public rust-ring-0.13
+  (package/inherit rust-ring-0.16
+    (name "rust-ring")
+    (version "0.13.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "ring" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "12j580by6a438i5mw3136cj3lxylywymdr5p8rqlkwrm5s5bck9c"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-untrusted" ,rust-untrusted-0.6)
+        ;; build dependencies
+        ("rust-cc" ,rust-cc-1.0))))))
+
 (define-public rust-ron-0.4
   (package
     (name "rust-ron")
@@ -17649,6 +18936,98 @@ uses finite automata and guarantees linear time matching on all inputs.")
     (license (list license:asl2.0
                    license:expat))))
 
+(define-public rust-rspec-1
+  (package
+    (name "rust-rspec")
+    (version "1.0.0-beta.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "rspec" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1abfzwkbxlwahb243k8d3fp6i135lx1aqmbfl79w9zlpng182ndk"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; TODO unpackaged dev-dependencies
+       #:cargo-inputs
+       (("rust-colored" ,rust-colored-1.9)
+        ("rust-derive-new" ,rust-derive-new-0.5)
+        ("rust-derive-builder" ,rust-derive-builder-0.5)
+        ("rust-expectest" ,rust-expectest-0.9)
+        ("rust-rayon" ,rust-rayon-0.8))
+       #:cargo-development-inputs
+       (("rust-clippy" ,rust-clippy-0.0)))) ;; requires 0.0.153
+    (home-page "https://github.com/rust-rspec/rspec")
+    (synopsis "Write Rspec-like tests with stable rust")
+    (description "This package helps writing Rspec-like tests with stable
+rust.")
+    (license license:mpl2.0)))
+
+(define-public rust-rpassword-4
+  (package
+    (name "rust-rpassword")
+    (version "4.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "rpassword" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0jnl8wzmdazkpzqs0vsw0n0vm0v4b8chqifd6s84nl9w2ybhx7ym"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-libc" ,rust-libc-0.2)
+        ("rust-winapi" ,rust-winapi-0.3))))
+    (home-page "https://github.com/conradkleinespel/rpassword")
+    (synopsis "Read passwords in Rust console applications")
+    (description "This package provides a crate for reading passwords in
+console applications.")
+  (license license:asl2.0)))
+
+(define-public rust-rusqlite-0.19
+  (package
+    (name "rust-rusqlite")
+    (version "0.19.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "rusqlite" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "19xq7s0kzhlljm3hqx0vidr91ia8hl49r4m5gwdj9dyywgks5g3f"))))
+    (build-system cargo-build-system)
+    (inputs
+     `(("sqlite" ,sqlite)))
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bitflags" ,rust-bitflags-1)
+        ("rust-byteorder" ,rust-byteorder-1.3)
+        ("rust-chrono" ,rust-chrono-0.4)
+        ("rust-csv" ,rust-csv-1.1)
+        ("rust-fallible-iterator" ,rust-fallible-iterator-0.2)
+        ("rust-fallible-streaming-iterator"
+         ,rust-fallible-streaming-iterator-0.1)
+        ("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-libsqlite3-sys" ,rust-libsqlite3-sys-0.15)
+        ("rust-lru-cache" ,rust-lru-cache-0.1)
+        ("rust-memchr" ,rust-memchr-2.2)
+        ("rust-serde-json" ,rust-serde-json-1.0)
+        ("rust-time" ,rust-time-0.1)
+        ("rust-url" ,rust-url-1.7)
+        ("rust-uuid" ,rust-uuid-0.7))
+       #:cargo-development-inputs
+       (("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-regex" ,rust-regex-1.1)
+        ("rust-tempdir" ,rust-tempdir-0.3)
+        ("rust-unicase" ,rust-unicase-2.4)
+        ("rust-uuid" ,rust-uuid-0.7))))
+    (home-page "https://github.com/rusqlite/rusqlite")
+    (synopsis "Wrapper for SQLite")
+    (description "This prackage provides a wrapper for SQLite.")
+    (license license:expat)))
+
 (define-public rust-rust-argon2-0.7
   (package
     (name "rust-rust-argon2")
@@ -18107,6 +19486,69 @@ rustc compiler.")
      "Automatically apply the suggestions made by rustc.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-rustls-0.16
+  (package
+    (name "rust-rustls")
+    (version "0.16.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "rustls" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "17n0fx3fpkg4fhpdplrdhkissnl003kj90vzbqag11vkpyqihnmj"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; 1/114 tests fail (test file not found)
+       #:cargo-inputs
+       (("rust-base64" ,rust-base64-0.10)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-ring" ,rust-ring-0.16)
+        ("rust-sct" ,rust-sct-0.6)
+        ("rust-webpki" ,rust-webpki-0.21))
+       #:cargo-development-inputs
+       (("rust-criterion" ,rust-criterion-0.2)
+        ("rust-env-logger" ,rust-env-logger-0.6)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-tempfile" ,rust-tempfile-3.0)
+        ("rust-webpki-roots" ,rust-webpki-roots-0.17))))
+    (home-page "https://github.com/ctz/rustls")
+  (synopsis "Modern TLS library written in Rust")
+  (description "This package provides a modern TLS library written in Rust.")
+  (license (list license:asl2.0 license:isc license:expat))))
+
+(define-public rust-rustls-0.12
+  (package/inherit rust-rustls-0.16
+    (name "rust-rustls")
+    (version "0.12.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "rustls" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1k8b8cc0pjkv5cxdgs43jif7nslzsxair9b2sifgvjag7a4f8wmb"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; 1/45 tests fails due to some missing file
+       #:cargo-inputs
+       (("rust-base64" ,rust-base64-0.9)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-ring" ,rust-ring-0.13)
+        ("rust-sct" ,rust-sct-0.3)
+        ("rust-untrusted" ,rust-untrusted-0.6)
+        ("rust-webpki" ,rust-webpki-0.18))
+       #:cargo-development-inputs
+       (("rust-ct-logs" ,rust-ct-logs-0.3)
+        ("rust-docopt" ,rust-docopt-0.8)
+        ("rust-env-logger" ,rust-env-logger-0.4)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-mio" ,rust-mio-0.6)
+        ("rust-regex" ,rust-regex-0.2)
+        ("rust-serde" ,rust-serde-1.0)
+        ("rust-serde-derive" ,rust-serde-derive-1.0)
+        ("rust-webpki-roots" ,rust-webpki-roots-0.14))))))
+
 (define-public rust-rusttype-0.8
   (package
     (name "rust-rusttype")
@@ -18606,6 +20048,49 @@ Pwrite traits from the scroll crate.")
 Pwrite traits from the scroll crate.")
     (license license:expat)))
 
+(define-public rust-sct-0.6
+  (package
+    (name "rust-sct")
+    (version "0.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "sct" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0g4dz7las43kcpi9vqv9c6l1afjkdv3g3w3s7d2w7a7w77wjl173"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-ring" ,rust-ring-0.16)
+        ("rust-untrusted" ,rust-untrusted-0.7))
+       #:cargo-development-inputs
+       (("rust-cc" ,rust-cc-1.0))))
+    (home-page "https://github.com/ctz/sct.rs")
+    (synopsis "Certificate transparency SCT verification library")
+    (description "Certificate transparency SCT verification library")
+    (license (list license:asl2.0 license:isc license:expat))))
+
+(define-public rust-sct-0.3
+  (package/inherit rust-sct-0.6
+    (name "rust-sct")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "sct" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0z090j3lvy0lqbhmpswm4vb2n4i8dqswy0l93abdx9biipnhlm5l"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-ring" ,rust-ring-0.13)
+        ("rust-untrusted" ,rust-untrusted-0.6))
+       #:cargo-development-inputs
+       (("rust-cc" ,rust-cc-1.0))))))
+
+
 (define-public rust-seahash-3.0
   (package
     (name "rust-seahash")
@@ -19479,6 +20964,56 @@ for the serde framework.")
      "Assembly implementation of SHA-1 compression function.")
     (license license:expat)))
 
+(define-public rust-sha2-0.8
+  (package
+    (name "rust-sha2")
+    (version "0.8.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "sha2" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1827pplynq0ahxid1xq281kiv56kj2afp7gm97v7gw71sbgll117"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-block-buffer" ,rust-block-buffer-0.7)
+        ("rust-digest" ,rust-digest-0.8)
+        ("rust-fake-simd" ,rust-fake-simd-0.1)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-opaque-debug" ,rust-opaque-debug-0.2)
+        ("rust-sha2-asm" ,rust-sha2-asm-0.5))
+       #:cargo-development-inputs
+       (("rust-cc" ,rust-cc-1.0) ;; FIXME for rust-sha2-asm, why again?
+        ("rust-digest" ,rust-digest-0.8)
+        ("rust-hex-literal" ,rust-hex-literal-0.1))))
+    (home-page "https://github.com/RustCrypto/hashes")
+    (synopsis "SHA-2 hash functions")
+    (description "SHA-2 hash functions")
+    (license (list license:expat license:asl2.0))))
+
+(define-public rust-sha2-asm-0.5
+  (package
+    (name "rust-sha2-asm")
+    (version "0.5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "sha2-asm" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0k3qwv2yl8fyi2i6cprfb8d874ii5kmcmckgnjkwnz2ac9fayyl1"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-cc" ,rust-cc-1.0)))) ;; build dependency
+    (home-page "https://github.com/RustCrypto/asm-hashes")
+    (synopsis "Assembly implementation of SHA-2")
+    (description "This package provides an assembly implementations of hash
+functions core functionality.")
+    (license license:expat)))
+
 (define-public rust-shader-version-0.6
   (package
     (name "rust-shader-version")
@@ -19794,6 +21329,27 @@ variants in pure Rust.")
      "SipHash functions from rust-core < 1.13.")
     (license (list license:asl2.0 license:expat))))
 
+(define-public rust-skeptic-0.9
+  (package
+    (name "rust-skeptic")
+    (version "0.9.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "skeptic" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0savk91xy74izw9z6vn6ialkaqrp81w7dayha801b52h670qszfx"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-pulldown-cmark" ,rust-pulldown-cmark-0.0.8)
+        ("rust-tempdir" ,rust-tempdir-0.3))))
+    (home-page "https://github.com/budziq/rust-skeptic")
+    (synopsis "Test your Rust markdown documentation via Cargo")
+    (description "Test your Rust markdown documentation via Cargo")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-skeptic-0.13
   (package
     (name "rust-skeptic")
@@ -20184,6 +21740,27 @@ initializers are available.")
          "07ywqn1vrpi3c43fmvsx7pawk9h3rb77yyqbnhap2micl454kb6f"))))
     (arguments '(#:skip-build? #t))))
 
+(define-public rust-spmc-0.3
+  (package
+    (name "rust-spmc")
+    (version "0.3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "spmc" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1rgcqgj6b3d0cshi7277akr2xk0cx11rkmviaahy7a3pla6l5a02"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; tests hang
+       #:cargo-development-inputs
+       (("rust-loom" ,rust-loom-0.2))))
+    (home-page "https://github.com/seanmonstar/spmc")
+    (synopsis "Simple SPMC channel")
+    (description "Simple SPMC channel")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-spsc-buffer-0.1
   (package
     (name "rust-spsc-buffer")
@@ -20525,6 +22102,26 @@ crate.")
     (license (list license:unlicense
                    license:expat))))
 
+(define-public rust-string-0.2
+  (package
+    (name "rust-string")
+    (version "0.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "string" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0vaxz85ja52fn66akgvggb29wqa5bpj3y38syykpr1pbrjzi8hfj"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs (("rust-bytes" ,rust-bytes-0.4))))
+    (home-page "https://github.com/carllerche/string")
+    (synopsis "UTF-8 encoded string with configurable byte storage")
+    (description "This package provides a UTF-8 encoded string with
+configurable byte storage.")
+    (license license:expat)))
+
 (define-public rust-string-cache-0.7
   (package
     (name "rust-string-cache")
@@ -21592,6 +23189,22 @@ directories.")
        (("rust-kernel32-sys" ,rust-kernel32-sys-0.2)
         ("rust-winapi" ,rust-winapi-0.2))))))
 
+(define-public rust-term-0.2
+  (package/inherit rust-term-0.4
+    (name "rust-term")
+    (version "0.2.14")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (crate-uri "term" version))
+        (file-name (string-append name "-" version ".crate"))
+        (sha256
+         (base32 "109jmzddq1kz6wm2ndgddy7yrlqcw2i36ygxl0fcymc0sda7w1zj"))))
+    (arguments
+     `(#:cargo-inputs
+       (("rust-kernel32-sys" ,rust-kernel32-sys-0.2)
+        ("rust-winapi" ,rust-winapi-0.2))))))
+
 (define-public rust-term-grid-0.1
   (package
     (name "rust-term-grid")
@@ -22131,6 +23744,51 @@ in Rust.")
      "Simple, lightweight template engine.")
     (license (list license:asl2.0 license:expat))))
 
+(define-public rust-tokio-0.2
+  (package
+    (name "rust-tokio")
+    (version "0.2.18")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "tokio" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "04v7rfkrlr8cx30ygy0n45skf6pdbif0zisn9a5xrdnjfb81dvrl"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t
+       #:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.5)
+        ("rust-fnv" ,rust-fnv-1.0)
+        ("rust-futures-core" ,rust-futures-core-0.3)
+        ("rust-iovec" ,rust-iovec-0.1)
+        ("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-memchr" ,rust-memchr-2.2)
+        ("rust-mio" ,rust-mio-0.6)
+        ("rust-mio-named-pipes" ,rust-mio-named-pipes-0.1)
+        ("rust-mio-uds" ,rust-mio-uds-0.6)
+        ("rust-num-cpus" ,rust-num-cpus-1.10)
+        ("rust-parking-lot" ,rust-parking-lot-0.10)
+        ("rust-pin-project-lite" ,rust-pin-project-lite-0.1)
+        ("rust-signal-hook-registry" ,rust-signal-hook-registry-1.2)
+        ("rust-slab" ,rust-slab-0.4)
+        ("rust-tokio-macros" ,rust-tokio-macros-0.2)
+        ("rust-winapi" ,rust-winapi-0.3))
+      #:cargo-development-inputs
+      (("rust-futures" ,rust-futures-0.3)
+       ("rust-loom" ,rust-loom-0.3)
+       ("rust-proptest" ,rust-proptest-0.9)
+       ("rust-tempfile" ,rust-tempfile-3.1)
+       ("rust-tokio-test" ,rust-tokio-test-0.2))))
+    (home-page "https://tokio.rs")
+    (synopsis "Event-driven, non-blocking I/O platform")
+    (description
+     "An event-driven, non-blocking I/O platform for writing asynchronous I/O
+backed applications.")
+    (license license:expat)))
+
 (define-public rust-tokio-0.1
   (package
     (name "rust-tokio")
@@ -22185,6 +23843,30 @@ in Rust.")
 backed applications.")
     (license license:expat)))
 
+(define-public rust-tokio-buf-0.1
+  (package
+    (name "rust-tokio-buf")
+    (version "0.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "tokio-buf" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0inwrkh8knqy44mr9h2i305zyy4pxhfy90y0gr5rm1akdks21clg"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.4)
+        ("rust-either" ,rust-either-1.5)
+        ("rust-futures" ,rust-futures-0.1))
+       #:cargo-development-inputs
+       (("rust-tokio-mock-task" ,rust-tokio-mock-task-0.1))))
+    (home-page "https://tokio.rs")
+    (synopsis "Asynchronous stream of byte buffers")
+    (description "Asynchronous stream of byte buffers")
+    (license license:expat)))
+
 ;; Cyclic dependency with tokio-io
 (define-public rust-tokio-codec-0.1
   (package
@@ -22407,6 +24089,31 @@ the current thread.")
 futures efficiently")
     (license (list license:asl2.0 license:expat))))
 
+(define-public rust-tokio-macros-0.2
+  (package
+    (name "rust-tokio-macros")
+    (version "0.2.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "tokio-macros" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1283aq0l7rnh79zzqk4r34dgimvwcymrzmg1yah9ai2nmb3arhzh"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; FIXME tests use bytes-0.5, require Rust >= 1.39
+       #:cargo-inputs
+       (("rust-proc-macro2" ,rust-proc-macro2-1.0)
+        ("rust-quote" ,rust-quote-1.0)
+        ("rust-syn" ,rust-syn-1.0))
+       #:cargo-development-inputs
+       (("rust-tokio" ,rust-tokio-0.2))))
+    (home-page "https://tokio.rs")
+    (synopsis "Tokio's proc macros")
+    (description "This package provides Tokio's proc macros.")
+    (license license:expat)))
+
 (define-public rust-tokio-mock-task-0.1
   (package
     (name "rust-tokio-mock-task")
@@ -22428,6 +24135,56 @@ futures efficiently")
     (description "Mock a Tokio task.")
     (license license:expat)))
 
+(define-public rust-tokio-mockstream-1
+  (package
+    (name "rust-tokio-mockstream")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "tokio-mockstream" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0mg1i39cl8x32wxwbn74hlirks8a6f3g0gfzkb0n0zwbxwvc9gs1"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-futures" ,rust-futures-0.1)
+        ("rust-tokio-io" ,rust-tokio-io-0.1))
+       #:cargo-development-inputs
+       (("rust-bytes" ,rust-bytes-0.4))))
+    (home-page "https://github.com/aatxe/tokio-mockstream")
+    (synopsis "Fake stream for testing network applications backed by
+buffers")
+    (description "This package provides a fake stream for testing network
+applications backed by buffers.")
+    (license (list license:expat license:asl2.0))))
+
+(define-public rust-tokio-named-pipes-0.1
+  (package
+    (name "rust-tokio-named-pipes")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "tokio-named-pipes" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1bjy59wdl2anl22w6qyzkff1afv7ynayfpms10iqna2j6142sa4x"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.4)
+        ("rust-futures" ,rust-futures-0.1)
+        ("rust-mio" ,rust-mio-0.6)
+        ("rust-mio-named-pipes" ,rust-mio-named-pipes-0.1)
+        ("rust-tokio" ,rust-tokio-0.1))))
+    (home-page "https://github.com/nikvolf/tokio-named-pipes")
+    (synopsis "Windows named pipe bindings for tokio")
+    (description "This package provides bindings for Windows named pipe for
+Tokio.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-tokio-process-0.2
   (package
     (name "rust-tokio-process")
@@ -22507,6 +24264,37 @@ futures.")
      "Event loop that drives Tokio I/O resources.")
     (license license:expat)))
 
+(define-public rust-tokio-rustls-0.12
+  (package
+    (name "rust-tokio-rustls")
+    (version "0.12.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "tokio-rustls" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1k6rpw4nmgsamh8vbf8xqrf4rr5sqs18i93561bydflajz0gw6hl"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; FIXME requires Rust >= 1.39 for building
+       #:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.5)
+        ("rust-futures-core" ,rust-futures-core-0.3)
+        ("rust-rustls" ,rust-rustls-0.16)
+        ("rust-tokio" ,rust-tokio-0.2)
+        ("rust-webpki" ,rust-webpki-0.21))
+       #:cargo-development-inputs
+       (("rust-futures-util" ,rust-futures-util-0.3)
+        ("rust-lazy-static" ,rust-lazy-static-1)
+        ("rust-tokio" ,rust-tokio-0.2)
+        ("rust-webpki-roots" ,rust-webpki-roots-0.18))))
+    (home-page "https://github.com/quininer/tokio-rustls")
+    (synopsis "Asynchronous TLS/SSL streams for Tokio using Rustls")
+    (description "This package provides asynchronous TLS/SSL streams for Tokio
+using Rustls.")
+    (license (list license:expat license:asl2.0))))
+
 (define-public rust-tokio-signal-0.2
   (package
     (name "rust-tokio-signal")
@@ -22572,6 +24360,32 @@ futures.")
     (description "Synchronization utilities.")
     (license license:expat)))
 
+(define-public rust-tokio-test-0.2
+  (package
+    (name "rust-tokio-test")
+    (version "0.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "tokio-test" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0v81p2n853b1kzyla3dbfmnazirn6s3n8p3z8k20bmdn370lj07d"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; FIXME requires Rust >= 1.39 for building
+       #:cargo-inputs
+       (("rust-bytes" ,rust-bytes-0.5)
+        ("rust-futures-core" ,rust-futures-core-0.3)
+        ("rust-tokio" ,rust-tokio-0.2))
+       #:cargo-development-inputs
+       (("rust-futures-util" ,rust-futures-util-0.3)
+        ("rust-tokio" ,rust-tokio-0.2))))
+    (home-page "https://tokio.rs")
+    (synopsis "Testing utilities for Tokio- and futures-based code")
+    (description "Testing utilities for Tokio- and futures-based code")
+    (license license:expat)))
+
 (define-public rust-tokio-tcp-0.1
   (package
     (name "rust-tokio-tcp")
@@ -23202,7 +25016,7 @@ with the Unicode character database.")
 (define-public rust-unicode-normalization-0.1
   (package
     (name "rust-unicode-normalization")
-    (version "0.1.8")
+    (version "0.1.9")
     (source
      (origin
        (method url-fetch)
@@ -23210,8 +25024,7 @@ with the Unicode character database.")
        (file-name
         (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32
-         "09i49va90rvia1agvgni4gicnqv50y5zy1naw8mr8bcqifh3j4ql"))))
+        (base32 "1kviyqg3bmds4p5hgwf9qgihw8xxvq7ljgyrrk7ygxa2k450gj09"))))
     (build-system cargo-build-system)
     (arguments
      `(#:skip-build? #t
@@ -23447,6 +25260,18 @@ whitespace from a string.")
 untrusted inputs in Rust.")
     (license license:isc)))
 
+(define-public rust-untrusted-0.6
+  (package/inherit rust-untrusted-0.7
+    (name "rust-untrusted")
+    (version "0.6.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "untrusted" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0byf88b7ca1kb5aap8f6npp6xncvg95dnma8ipmnmd4n9r5izkam"))))))
+
 (define-public rust-url-2.1
   (package
     (name "rust-url")
@@ -24115,6 +25940,29 @@ specified across Unix and Windows platforms.")
         ("rust-rand" ,rust-rand-0.3)
         ("rust-rustc-serialize" ,rust-rustc-serialize-0.3))))))
 
+(define-public rust-want-0.2
+  (package
+    (name "rust-want")
+    (version "0.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "want" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0c52g7b4hhj033jc56sx9z3krivyciz0hlblixq2gc448zx5wfdn"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; 2/5 tests fail
+       #:cargo-inputs
+       (("rust-futures" ,rust-futures-0.1)
+        ("rust-log" ,rust-log-0.4)
+        ("rust-try-lock" ,rust-try-lock-0.2))))
+    (home-page "https://github.com/seanmonstar/want")
+    (synopsis "Detect when another Future wants a result")
+    (description "Detect when another Future wants a result.")
+    (license license:expat)))
+
 (define-public rust-wasi-0.9
   (package
     (name "rust-wasi")
@@ -24261,7 +26109,7 @@ in Rust.")
   (package
     (inherit rust-wasm-bindgen-futures-0.4)
     (name "rust-wasm-bindgen-futures")
-    (version "0.3.24")
+    (version "0.3.27")
     (source
      (origin
        (method url-fetch)
@@ -24269,8 +26117,7 @@ in Rust.")
        (file-name
         (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32
-         "0bf9x6qfjczspc4zs605z1n4j15cdd8kk2z7rah0yggw8b6zl5nc"))))
+        (base32 "073p71skp91d9v2wczl6k7z9p0w25vn43br2v2g1ncbc6hvhnhl3"))))
     (arguments
      `(#:skip-build? #t
        #:cargo-inputs
@@ -24397,7 +26244,7 @@ attribute that is not in the shared backend crate.")
   (package
     (inherit rust-wasm-bindgen-test-0.3)
     (name "rust-wasm-bindgen-test")
-    (version "0.2.48")
+    (version "0.2.50")
     (source
      (origin
        (method url-fetch)
@@ -24405,8 +26252,7 @@ attribute that is not in the shared backend crate.")
        (file-name
         (string-append name "-" version ".tar.gz"))
        (sha256
-        (base32
-         "0gwslc2sfkghzzb3r0gvd8i5rig2nlqgpl1rn43y2w4mr1ci494k"))))
+        (base32 "1h96phc1dmwwqn46k05j2y1mc3ljazh8f1gqqy0x8hm7ccxnknd2"))))
     (arguments
      `(#:skip-build? #t
        #:cargo-inputs
@@ -24872,6 +26718,97 @@ protocol extensions.  Look at the crate wayland-client for usable bindings.")
      "Bindings for all Web APIs, a procedurally generated crate from WebIDL.")
     (license (list license:expat license:asl2.0))))
 
+(define-public rust-webpki-0.21
+  (package
+    (name "rust-webpki")
+    (version "0.21.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "webpki" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "1vv3x2alvczfy6jhx79c9h00d1nliqf7s5jlvcd6npc6f8chxxgi"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:tests? #f ;; tests fail to build "missing file tests/ed25519/ee.der"
+       #:cargo-inputs
+       (("rust-ring" ,rust-ring-0.16)
+        ("rust-untrusted" ,rust-untrusted-0.7))
+       #:cargo-development-inputs
+       (("rust-base64" ,rust-base64-0.9))))
+    (home-page "https://github.com/briansmith/webpki")
+    (synopsis "Web PKI X.509 Certificate Verification")
+    (description "This packge provides Web PKI X.509 Certificate
+Verification.")
+    (license license:isc)))
+
+(define-public rust-webpki-0.18
+  (package/inherit rust-webpki-0.21
+    (name "rust-webpki")
+    (version "0.18.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "webpki" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0zx1v8afa4ig97dyqfrnlj5i7pib6dnfw88qn2iiqhfq2rrrdmqp"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs
+       (("rust-ring" ,rust-ring-0.13)
+        ("rust-untrusted" ,rust-untrusted-0.6))
+       #:cargo-development-inputs
+       (("rust-base64" ,rust-base64-0.9))))))
+
+(define-public rust-webpki-roots-0.18
+  (package
+    (name "rust-webpki-roots")
+    (version "0.18.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "webpki-roots" version))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32 "1d4ss607rgi9pj01zzqa13c1p3m35z314yh6lmjaj4kzvwv5gkci"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:cargo-inputs (("rust-webpki" ,rust-webpki-0.21))))
+    (home-page "https://github.com/ctz/webpki-roots")
+    (synopsis "Mozilla's CA root certificates for use with webpki")
+    (description "Mozilla's CA root certificates for use with webpki")
+    (license license:mpl2.0)))
+
+(define-public rust-webpki-roots-0.17
+  (package/inherit rust-webpki-roots-0.18
+    (name "rust-webpki-roots")
+    (version "0.17.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "webpki-roots" version))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32 "12vi8dh0yik0h4f0b9dnlw5i3gxyky7iblbksh6zcq4xvlvswqm2"))))))
+
+(define-public rust-webpki-roots-0.14
+  (package/inherit rust-webpki-roots-0.18
+    (name "rust-webpki-roots")
+    (version "0.14.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "webpki-roots" version))
+      (file-name (string-append name "-" version ".tar.gz"))
+      (sha256
+       (base32 "05zw919077i3jadbvdsvl69wv2siijg2pjbykl6fyi7hmgb7bggd"))))
+    (arguments
+     `(#:cargo-inputs
+       (("rust-untrusted" ,rust-untrusted-0.6)
+        ("rust-webpki" ,rust-webpki-0.18))))))
+
 (define-public rust-weedle-0.10
   (package
     (name "rust-weedle")
@@ -25581,6 +27518,29 @@ to XDG Base Directory specification")
        (("rust-clippy" ,rust-clippy-0.0)
         ("rust-linked-hash-map" ,rust-linked-hash-map-0.3))))))
 
+(define-public rust-zbase32-0.1
+  (package
+    (name "rust-zbase32")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (crate-uri "zbase32" version))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32 "0gz3nmiaidscb5c85rh3qxi8i584gz5xm3amlxqminl8jq27k40g"))))
+    (build-system cargo-build-system)
+    (arguments
+     `(#:skip-build? #t ;; dependency cypthon not yet availalbe
+       #:cargo-development-inputs
+       (;; ("rust-cpython" ,rust-cpython-0.2)  TODO
+        ("rust-quickcheck" ,rust-quickcheck-0.7)
+        ("rust-rand" ,rust-rand-0.6))))
+    (home-page "https://gitlab.com/pgerber/zbase32-rust")
+    (synopsis "Implementation of zbase32")
+    (description "This package provides an implementation of zbase32.")
+    (license license:lgpl3+)))
+
 (define-public rust-zip-0.5
   (package
     (name "rust-zip")
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index a79eb65745..9de089e1bd 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -3472,7 +3472,8 @@ The drivers officially supported by @code{libdbi} are:
        ("sqlite" ,sqlite)
        ("odbc" ,unixodbc)
        ("boost" ,boost)
-       ("mysql" ,mysql)))
+       ("mariadb:dev" ,mariadb "dev")
+       ("mariadb:lib" ,mariadb "lib")))
     (arguments
      `(#:tests? #f ; Tests may require running database management systems.
        #:phases
@@ -3480,7 +3481,8 @@ The drivers officially supported by @code{libdbi} are:
          (add-after 'unpack 'fix-lib-path
            (lambda _
              (substitute* "CMakeLists.txt"
-               (("set\\(SOCI_LIBDIR \"lib64\"\\)") "")))))))
+               (("set\\(SOCI_LIBDIR \"lib64\"\\)") ""))
+             #t)))))
     (synopsis "C++ Database Access Library")
     (description
      "SOCI is an abstraction layer for several database backends, including
diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index af62e571a5..b1a1852368 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -1003,13 +1003,13 @@ in certain cases.  It also enables recursion for anonymous functions.")
 (define-public emacs-xr
   (package
     (name "emacs-xr")
-    (version "1.18")
+    (version "1.19")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://elpa.gnu.org/packages/xr-" version ".tar"))
        (sha256
-        (base32 "1nq9pj47sxgpkw97c2xrkhgcwh3zsfd2a22qiqbl4i9zf2l9yy91"))))
+        (base32 "1aa3iqh0r635jw8k89zh8y4am9d4hfrqpk9mrdh2b51invjn8llq"))))
     (build-system emacs-build-system)
     (home-page "https://elpa.gnu.org/packages/xr.html")
     (synopsis "Convert string regexp to rx notation")
@@ -1107,14 +1107,14 @@ optional minor mode which can apply this command automatically on save.")
 (define-public emacs-relint
   (package
     (name "emacs-relint")
-    (version "1.15")
+    (version "1.16")
     (source
      (origin
        (method url-fetch)
        (uri (string-append
              "https://elpa.gnu.org/packages/relint-" version ".tar"))
        (sha256
-        (base32 "0sxmdsacj8my942k8j76m2y68nzab7190acv7cwgflc5n4f07yxa"))))
+        (base32 "0cwk806g2kq60sql8sic2zdn63l1g2pzdiklcv0w8l2k9wssknnx"))))
     (build-system emacs-build-system)
     (propagated-inputs `(("emacs-xr" ,emacs-xr)))
     (home-page "https://github.com/mattiase/relint")
@@ -21142,14 +21142,14 @@ Emacs that integrate with major modes like Org-mode.")
 (define-public emacs-modus-operandi-theme
   (package
     (name "emacs-modus-operandi-theme")
-    (version "0.8.0")
+    (version "0.8.1")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://elpa.gnu.org/packages/"
                            "modus-operandi-theme-" version ".el"))
        (sha256
-        (base32 "09lw556jphrxrmwxkwzfgd4r7ylz99m8awxka4sfj5sa8fbjb3g8"))))
+        (base32 "0i8s6blkhx53m1jk1bblqs7fwlbn57xkxxhsp9famcj5m0xyfimb"))))
     (build-system emacs-build-system)
     (home-page "https://gitlab.com/protesilaos/modus-themes")
     (synopsis "Accessible light theme (WCAG AAA)")
@@ -21163,14 +21163,14 @@ standard.  This is the highest standard of its kind.")
 (define-public emacs-modus-vivendi-theme
   (package
     (name "emacs-modus-vivendi-theme")
-    (version "0.8.0")
+    (version "0.8.1")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://elpa.gnu.org/packages/"
                            "modus-vivendi-theme-" version ".el"))
        (sha256
-        (base32 "0hwkzbx7a9scdr589sb7hw90lsm8yxcn3y5xr3bpyxf8rkr2zl4c"))))
+        (base32 "121nlr5w58j4q47rh9xjjf9wzb97yl2m1n2l6g58ck4vnarwndl1"))))
     (build-system emacs-build-system)
     (home-page "https://gitlab.com/protesilaos/modus-themes")
     (synopsis "Accessible dark theme (WCAG AAA)")
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 322afde1c4..e4413230ba 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015 Daniel Pimentel <d4n1@member.fsf.org>
-;;; Copyright © 2015, 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 ng0 <ng0@n0.is>
 ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Timo Eisenmann <eisenmann@fn.de>
@@ -69,7 +69,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.23.3")
+    (version "1.24.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -77,7 +77,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "00b9lp3h65254kdb1ys15fv7p3ln7qsvf15jkw4kli5ymagadkjk"))))
+                "1yhck2g4rwlzgnzqa4wjxw3lf6k6rd730hz4bwzajdjy7i26xfdk"))))
     (build-system meson-build-system)
     (native-inputs
      `(("check" ,check)
@@ -93,6 +93,7 @@
        ("libraw" ,libraw)
        ("librsvg" ,librsvg)
        ("libspectre" ,libspectre)
+       ("libtiff" ,libtiff)
        ("libxau" ,libxau)
        ("libxcomposite" ,libxcomposite)
        ("libxcursor" ,libxcursor)
@@ -102,18 +103,18 @@
        ("libxi" ,libxi)
        ("libxfixes" ,libxfixes)
        ("libxinerama" ,libxinerama)
-       ("libxp" ,libxp)
        ("libxrandr" ,libxrandr)
        ("libxrender" ,libxrender)
        ("libxss" ,libxscrnsaver)
        ("libxtst" ,libxtst)
+       ("libwebp" ,libwebp)
+       ("openjpeg" ,openjpeg)
        ("poppler" ,poppler)
        ("wayland-protocols" ,wayland-protocols)))
     (propagated-inputs
      ;; All these inputs are in package config files in section
      ;; Requires.private.
      `(("avahi" ,avahi)
-       ("bullet" ,bullet)
        ("dbus" ,dbus)
        ("elogind" ,elogind)
        ("eudev" ,eudev)
@@ -122,15 +123,13 @@
        ("fribidi" ,fribidi)
        ("glib" ,glib)
        ("harfbuzz" ,harfbuzz)
-       ("luajit" ,luajit)
        ("libinput" ,libinput-minimal)
        ("libjpeg" ,libjpeg-turbo)
-       ("libpng" ,libpng)
        ("libsndfile" ,libsndfile)
-       ("libtiff" ,libtiff)
-       ("libwebp" ,libwebp)
+       ("libpng" ,libpng)
        ("libx11" ,libx11)
        ("libxkbcommon" ,libxkbcommon)
+       ("luajit" ,luajit)
        ("lz4" ,lz4)
        ("openssl" ,openssl)
        ("pulseaudio" ,pulseaudio)
@@ -139,13 +138,18 @@
        ("zlib" ,zlib)))
     (arguments
      `(#:configure-flags '("-Dsystemd=false"
+                           "-Delogind=true"
                            "-Dembedded-lz4=false"
                            "-Devas-loaders-disabler=json"
                            "-Dbuild-examples=false"
+                           "-Decore-imf-loaders-disabler=scim"
+                           "-Davahi=true"
+                           "-Dglib=true"
+                           "-Dmount-path=/run/setuid-programs/mount"
+                           "-Dunmount-path=/run/setuid-programs/umount"
                            ;(string-append "-Ddictionaries-hyphen-dir="
                            ;               (assoc-ref %build-inputs "hyphen")
                            ;               "/share/hyphen")
-                           "-Delogind=true"
                            "-Dnetwork-backend=connman"
                            ,@(match (%current-system)
                                ("armhf-linux"
@@ -153,8 +157,8 @@
                                (_
                                 '("-Dopengl=full")))
                            ;; for wayland
-                           "-Dwl-deprecated=true" ; ecore_wayland
-                           "-Ddrm-deprecated=true" ; ecore_drm
+                           "-Dwl-deprecated=true"   ; ecore_wayland
+                           "-Ddrm-deprecated=true"  ; ecore_drm
                            "-Dwl=true"
                            "-Ddrm=true")
        #:tests? #f ; Many tests fail due to timeouts and network requests.
@@ -336,8 +340,8 @@ Libraries with some extra bells and whistles.")
                (substitute* "src/modules/everything/evry_plug_calc.c"
                  (("bc -l") (string-append bc "/bin/bc -l")))
                (substitute* "data/etc/meson.build"
-                 (("/bin/mount") (string-append utils "/bin/mount"))
-                 (("/bin/umount") (string-append utils "/bin/umount"))
+                 (("/bin/mount") "/run/setuid-programs/mount")
+                 (("/bin/umount") "/run/setuid-programs/umount")
                  (("/usr/bin/eject") (string-append utils "/bin/eject"))
                  (("/usr/bin/l2ping") (string-append bluez "/bin/l2ling"))
                  (("/bin/rfkill") (string-append utils "/sbin/rfkill"))
@@ -389,7 +393,7 @@ embedded systems.")
 (define-public python-efl
   (package
     (name "python-efl")
-    (version "1.23.0")
+    (version "1.24.0")
     (source
       (origin
         (method url-fetch)
@@ -397,7 +401,7 @@ embedded systems.")
                             "python/python-efl-" version ".tar.xz"))
         (sha256
          (base32
-          "16yn6a1b9167nfmryyi44ma40m20ansfpwgrvqzfvwix7qaz9pib"))
+          "1vk1cdd959gia4a9qzyq56a9zw3lqf9ck66k8c9g3c631mp5cfpy"))
         (modules '((guix build utils)))
         ;; Remove files generated by Cython
         (snippet
@@ -449,25 +453,32 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).")
 (define-public edi
   (package
     (name "edi")
-    (version "0.6.0")
+    (version "0.8.0")
     (source
       (origin
         (method url-fetch)
-        (uri (string-append "https://download.enlightenment.org/rel/apps/edi/"
-                            name "-" version ".tar.xz"))
+        (uri (string-append "https://github.com/Enlightenment/edi/releases/"
+                            "download/v" version "/edi-" version ".tar.xz"))
         (sha256
          (base32
-          "0iqkah327ms5m7k054hcik2l9v68i4mg9yy52brprfqpd5jk7pw8"))))
-    (build-system gnu-build-system)
+          "01k8gp8r2wa6pyg3dkbm35m6hdsbss06hybghg0qjmd4mzswcd3a"))))
+    (build-system meson-build-system)
     (arguments
      '(#:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'fix-clang-header
+           (lambda _
+             (substitute* "scripts/clang_include_dir.sh"
+               (("grep clang") "grep clang | head -n1"))
+             #t))
          (add-after 'unpack 'set-home-directory
            ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
            (lambda _ (setenv "HOME" "/tmp") #t)))
        #:tests? #f)) ; tests require running dbus service
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("check" ,check)
+       ("gettext" ,gettext-minimal)
+       ("pkg-config" ,pkg-config)))
     (inputs
      `(("clang" ,clang)
        ("efl" ,efl)))
@@ -478,7 +489,8 @@ the EFL.  It's aim is to create a new, native development environment for Linux
 that tries to lower the barrier to getting involved in Enlightenment development
 and in creating applications based on the Enlightenment Foundation Library suite.")
     (license (list license:public-domain ; data/extra/skeleton
-                   license:gpl2))))      ; edi
+                   license:gpl2          ; edi
+                   license:gpl3))))      ; data/extra/examples/images/mono-runtime.png
 
 (define-public lekha
   (package
@@ -560,7 +572,7 @@ directories.
 (define-public evisum
   (package
     (name "evisum")
-    (version "0.2.6")
+    (version "0.4.0")
     (source
       (origin
         (method url-fetch)
@@ -568,22 +580,14 @@ directories.
                             "evisum/evisum-" version ".tar.xz"))
         (sha256
          (base32
-          "1rg3kri6j8nmab0kdljnmcc096c8ibgwzvbhqr0b25xpmrq8bcac"))))
-    (build-system gnu-build-system)
+          "0gh3y2348pgf683sljnfry9k545h42dx75idyigcspsjsk7khisz"))))
+    (build-system meson-build-system)
     (arguments
-     '(#:tests? #f   ; no tests
-       #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure) ; no configure phase
-         (add-after 'unpack 'set-environmental-variables
-           (lambda _ (setenv "CC" (which "gcc")) #t)))))
+     '(#:tests? #f))    ; no tests
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("alsa-lib" ,alsa-lib)
-       ("efl" ,efl)
-       ("perl" ,perl)))
+     `(("efl" ,efl)))
     (home-page "https://www.enlightenment.org")
     (synopsis "EFL process viewer")
     (description
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2c0a862c93..b07c2dbb05 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -6623,6 +6623,7 @@ Compatible with Cisco VPN concentrators configured to use IPsec.")
        ("kmod" ,kmod)
        ("libsecret" ,libsecret)
        ("libxml2" ,libxml2)
+       ("lz4" ,lz4)
        ("network-manager" ,network-manager)
        ("openconnect" ,openconnect)))
     (home-page "https://wiki.gnome.org/Projects/NetworkManager/VPN")
diff --git a/gnu/packages/heads.scm b/gnu/packages/heads.scm
new file mode 100644
index 0000000000..b28433431c
--- /dev/null
+++ b/gnu/packages/heads.scm
@@ -0,0 +1,163 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Danny Milosavljevic <dannym@scratchpost.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages heads)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix utils)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages algebra)
+  #:use-module (gnu packages assembly)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bash)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages elf)
+  #:use-module (gnu packages m4)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages cpio)
+  #:use-module (gnu packages file)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages version-control)
+  #:use-module (gnu packages virtualization)
+  #:use-module ((guix build utils) #:select (alist-replace)))
+
+(define-public musl-cross
+  (let ((revision "3")
+        (commit "a8a66490dae7f23a2cf5e256f3a596d1ccfe1a03"))
+  (package
+    (name "musl-cross")
+    (version (git-version "0.1" revision commit))
+    (source
+     (origin
+        (method git-fetch)
+        (uri (git-reference
+              (url "https://github.com/GregorR/musl-cross")
+              (commit commit)))
+        (file-name "musl-cross-checkout")
+        (sha256
+         (base32
+          "1xvl9y017wb2qaphy9zqh3vrhm8hklr8acvzzcjc35d1jjhyl58y"))
+        (patches (search-patches "musl-cross-locale.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests in main project.
+       #:modules
+       ((guix build utils)
+        (guix build gnu-build-system)
+        (srfi srfi-1)) ; drop
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (setenv "SHELL" "bash")
+             (setenv "CONFIG_SHELL" "bash")
+             #t))
+         (add-after 'unpack 'unpack-dependencies
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (define (install-file* source-key destination-directory
+                                    destination-suffix)
+               (let* ((source-file (assoc-ref inputs source-key))
+                      (source-basename (basename source-file))
+                      (source-parts (string-split source-basename #\-))
+                      (destination-file
+                       (string-join (drop source-parts 1) "-")))
+                 (copy-file source-file
+                  (string-append destination-directory "/"
+                                 destination-file destination-suffix))))
+             (for-each (lambda (name)
+                         (install-file* name "tarballs" ""))
+                       '("binutils" "target-gcc-5" "linux-headers" "musl"))
+             (copy-file (string-append (assoc-ref inputs "config.sub")
+                                       "/share/automake-1.16/config.sub")
+                        "tarballs/config.sub;hb=3d5db9ebe860")
+             (copy-file (string-append (assoc-ref inputs "config.sub")
+                                       "/share/automake-1.16/config.guess")
+                        "tarballs/config.guess;hb=3d5db9ebe860")
+             (substitute* "config.sh"
+              (("^CC_BASE_PREFIX=.*")
+               (string-append "CC_BASE_PREFIX=" (assoc-ref outputs "out")
+                              "/crossgcc\n")))
+             ;; Note: Important: source/gcc-5.3.0/gcc/exec-tool.in
+             ;; Note: Important: source/kernel-headers-3.12.6-5/tools/install.sh
+             ;; Note: Important: move-if-change (twice)
+             ;; Make sure that shebangs are patched after new extractions.
+             (substitute* "defs.sh"
+              (("touch \"[$]2/extracted\"")
+               (string-append "touch \"$2/extracted\"
+for s in mkinstalldirs move-if-change compile depcomp callprocs configure \\
+mkdep compile libtool-ldflags config.guess install-sh missing config.sub \\
+config.rpath progtest.m4 lib-ld.m4 acx.m4 gen-fixed.sh mkheader.sh ylwrap \\
+merge.sh godeps.sh lock-and-run.sh print-sysroot-suffix.sh mkconfig.sh \\
+genmultilib exec-tool.in install.sh
+do
+  find . -name $s -exec sed -i -e 's;!/bin/sh;!" (assoc-ref inputs "bash")
+"/bin/sh;' '{}' ';'
+  find . -name $s -exec sed -i -e 's; /bin/sh; " (assoc-ref inputs "bash")
+"/bin/sh;' '{}' ';'
+done
+" )))
+             #t))
+         (replace 'build
+           (lambda* (#:key outputs #:allow-other-keys)
+             (invoke "./build.sh")))
+         (delete 'install))))
+    (native-inputs
+     `(("config.sub" ,automake)
+       ("bash" ,bash)
+       ("flex" ,flex)
+       ("gmp" ,gmp)
+       ("mpfr" ,mpfr)
+       ("mpc" ,mpc)
+       ("binutils"
+        ,(origin
+           (method url-fetch)
+           (uri "https://ftpmirror.gnu.org/gnu/binutils/binutils-2.27.tar.bz2")
+           (sha256
+            (base32 "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn"))))
+       ("target-gcc-5"
+        ,(origin
+           (method url-fetch)
+           (uri "https://ftpmirror.gnu.org/gnu/gcc/gcc-5.3.0/gcc-5.3.0.tar.bz2")
+           (sha256
+            (base32 "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))))
+       ("linux-headers"
+        ,(origin
+           (method url-fetch)
+           (uri "http://ftp.barfooze.de/pub/sabotage/tarballs/linux-headers-4.19.88.tar.xz")
+           (sha256
+            (base32 "1srgi2nqw892jb6yd4kzacf2xzwfvzhsv2957xfh1nvbs7varwyk"))))
+       ("musl"
+        ,(origin
+           (method url-fetch)
+           (uri "http://www.musl-libc.org/releases/musl-1.1.24.tar.gz")
+           (sha256
+            (base32 "18r2a00k82hz0mqdvgm7crzc7305l36109c0j9yjmkxj2alcjw0k"))))))
+    (home-page "https://github.com/osresearch/heads")
+    (synopsis "Musl-cross gcc 5 toolchain")
+    (description "Musl-cross toolchain: binutils, gcc 5 and musl.")
+    (license license:isc))))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 96e207e940..c6fc26f9b8 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -603,10 +603,8 @@ collection of tools for doing simple manipulations of TIFF images.")
        ("libjpeg" ,libjpeg-turbo)
        ("libpng" ,libpng)
        ("libtiff" ,libtiff)
-       ("libwebp" ,libwebp)))
-    (propagated-inputs
-     ;; Linking a program with leptonica also requires these.
-     `(("openjpeg" ,openjpeg)
+       ("libwebp" ,libwebp)
+       ("openjpeg" ,openjpeg)
        ("zlib" ,zlib)))
     (arguments
      '(#:phases
@@ -618,7 +616,16 @@ collection of tools for doing simple manipulations of TIFF images.")
                 (string-append " " (which "sh") " "))
                (("which gnuplot")
                 "true"))
-             #t)))))
+             #t))
+         (add-after 'install 'provide-absolute-giflib-reference
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (giflib (assoc-ref inputs "giflib")))
+               ;; Add an absolute reference to giflib to avoid propagation.
+               (with-directory-excursion (string-append out "/lib")
+                 (substitute* '("liblept.la" "pkgconfig/lept.pc")
+                   (("-lgif") (string-append "-L" giflib "/lib -lgif"))))
+               #t))))))
     (home-page "http://www.leptonica.com/")
     (synopsis "Library and tools for image processing and analysis")
     (description
diff --git a/gnu/packages/less.scm b/gnu/packages/less.scm
index d01a423d28..d449e0729e 100644
--- a/gnu/packages/less.scm
+++ b/gnu/packages/less.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2020 Michael Rohleder <mike@rohleder.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -22,8 +23,11 @@
   #:use-module (guix licenses)
   #:use-module (gnu packages)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages file)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu))
 
 (define-public less
@@ -51,3 +55,43 @@ backwards and forwards movement through the document.  It also does not have
 to read the entire input file before starting, so it starts faster than most
 text editors.")
     (license gpl3+))) ; some files are under GPLv2+
+
+(define-public lesspipe
+  (package
+    (name "lesspipe")
+    (version "1.84")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/wofr06/lesspipe.git")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "124ffhzrikr88ab14rk6753n8adxijpmg7q3zx7nmqc52wpkfd8q"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f                      ; no tests
+       #:phases (modify-phases %standard-phases
+                  (replace 'configure
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let ((out (assoc-ref outputs "out")))
+                        (delete-file "Makefile") ; force generating
+                        (invoke "./configure"
+                                (string-append "--prefix=" out)
+                                "--yes")
+                        #t))))))
+    (inputs
+     `(("file" ,file)
+       ("ncurses" ,ncurses)))  ; for tput
+    (native-inputs `(("perl" ,perl)))
+    (home-page "https://github.com/wofr06/lesspipe")
+    (synopsis "Input filter for less")
+    (description "To browse files, the excellent viewer @code{less} can be
+used.  By setting the environment variable @code{LESSOPEN}, less can be
+enhanced by external filters to become more powerful.  The input filter for
+less described here is called @code{lesspipe.sh}.  It is able to process a
+wide variety of file formats.  It enables users to inspect archives and
+display their contents without having to unpack them before.  The filter is
+easily extensible for new formats.")
+    (license gpl2+)))
diff --git a/gnu/packages/libusb.scm b/gnu/packages/libusb.scm
index 1bd96e16bd..3842f3fead 100644
--- a/gnu/packages/libusb.scm
+++ b/gnu/packages/libusb.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Vagrant Cascadian <vagrant@debian.org>
 ;;; Copyright © 2020 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2020 Christopher Howard <christopher@librehacker.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -114,7 +115,8 @@ version of libusb to run with newer libusb.")
       (sha256
        (base32
         "0i4bacxkyr7xyqxbmb00ypkrv4swkgm0mghbzjsnw6blvvczgxip"))
-      (patches (search-patches "libusb-0.1-disable-tests.patch"))))))
+      (patches (search-patches "libusb-0.1-disable-tests.patch"))))
+    (arguments `(#:configure-flags (list "CFLAGS=-Wno-error")))))
 
 (define-public libusb4java
   ;; There is no public release so we take the latest version from git.
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 8eaf79d89f..8a0068add0 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -200,9 +200,9 @@ defconfig.  Return the appropriate make target if applicable, otherwise return
 
 (define deblob-scripts-5.4
   (linux-libre-deblob-scripts
-   "5.4.28"
+   "5.4.37"
    (base32 "0ckxn7k5zgcqk30dq943bnamr6a6zjbw2aqjl3x30f4kvh5f6k25")
-   (base32 "08ls4gx5vanyiq9rn0869nfq4piw4lx1dl8hh9w9xgkr4ypc1j4k")))
+   (base32 "10qb890is4z58vr8czh3xx69q62l3b3j38y410kgiw8nii3zx5lr")))
 
 (define deblob-scripts-4.19
   (linux-libre-deblob-scripts
@@ -369,50 +369,50 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
     (sha256 hash)))
 
 
-(define-public linux-libre-5.6-version "5.6.8")
+(define-public linux-libre-5.6-version "5.6.10")
 (define-public linux-libre-5.6-pristine-source
   (let ((version linux-libre-5.6-version)
-        (hash (base32 "1pw2q9509jzp84b6qasaais2ws25v2wrjh072q0x3j520zzl5q8r")))
+        (hash (base32 "1f81b0icn0r9gww95rckyxs5d4g8bwf4mmqkrmwxxf4xga19dp3v")))
    (make-linux-libre-source version
                             (%upstream-linux-source version hash)
                             deblob-scripts-5.6)))
 
-(define-public linux-libre-5.4-version "5.4.36")
+(define-public linux-libre-5.4-version "5.4.38")
 (define-public linux-libre-5.4-pristine-source
   (let ((version linux-libre-5.4-version)
-        (hash (base32 "13avfvimjyg4lhj9micgib9bb5qpx11cja5liypid0rf2acfmymr")))
+        (hash (base32 "03pks3jx5kk0wnhjkm92wxdbgw8qbdg93sfwchnx88m2wfj9yaz7")))
    (make-linux-libre-source version
                             (%upstream-linux-source version hash)
                             deblob-scripts-5.4)))
 
-(define-public linux-libre-4.19-version "4.19.119")
+(define-public linux-libre-4.19-version "4.19.120")
 (define-public linux-libre-4.19-pristine-source
   (let ((version linux-libre-4.19-version)
-        (hash (base32 "1klvdzz8sndg2zsr1anfy9p5fc1aapjqvc249myrbndyf55bk91b")))
+        (hash (base32 "03mjng5ws9y56id99619ysarz73qqyylgc3mlknga1yphbhh16qb")))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
                              deblob-scripts-4.19)))
 
-(define-public linux-libre-4.14-version "4.14.177")
+(define-public linux-libre-4.14-version "4.14.178")
 (define-public linux-libre-4.14-pristine-source
   (let ((version linux-libre-4.14-version)
-        (hash (base32 "04hq0i06mg2yc09jj2xk0vhf5q9yigzjzm55a5bvfy2a6j43r9rk")))
+        (hash (base32 "1pcqxmq9ir4f963aiw5bab9w2mp4vfiwaq2bk7nksbl2bs3k6b7x")))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
                              deblob-scripts-4.14)))
 
-(define-public linux-libre-4.9-version "4.9.220")
+(define-public linux-libre-4.9-version "4.9.221")
 (define-public linux-libre-4.9-pristine-source
   (let ((version linux-libre-4.9-version)
-        (hash (base32 "0bhbkybzbdsbmrjmb5m7hxxl8b3v6n79zhh86cbr95kzg1hcgnfs")))
+        (hash (base32 "1gh1x73xblxkb927igc3shrqnn49lcscwrq2fixmk9n7jb7q2hp6")))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
                              deblob-scripts-4.9)))
 
-(define-public linux-libre-4.4-version "4.4.220")
+(define-public linux-libre-4.4-version "4.4.221")
 (define-public linux-libre-4.4-pristine-source
   (let ((version linux-libre-4.4-version)
-        (hash (base32 "1knj3qsl7x3fysdz1h0s980ddbafs3658z2y67w6sn79wp7d8blg")))
+        (hash (base32 "06rpjnvrdp71flz948mfmx7jv8x2vmdg54zz1xpkb2458mwh5hbq")))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
                              deblob-scripts-4.4)))
@@ -4707,11 +4707,50 @@ disks and SD cards.  This package provides the userland utilities.")
              (append-to-file "mkfs/Makefile.am" "\nmkfs_f2fs_LDFLAGS = -all-static\n")
              (append-to-file "fsck/Makefile.am" "\nfsck_f2fs_LDFLAGS = -all-static\n")
              (append-to-file "tools/Makefile.am" "\nf2fscrypt_LDFLAGS = -all-static -luuid\n")
-             #t)))))
+             #t))
+          (add-after 'install 'remove-store-references
+            (lambda* (#:key outputs #:allow-other-keys)
+              ;; Work around bug in our util-linux.
+              ;; <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=41019>.
+              (remove-store-references (string-append (assoc-ref outputs "out")
+                                                      "/sbin/mkfs.f2fs"))
+              #t)))))
      (inputs
       `(("libuuid:static" ,util-linux "static")
         ("libuuid" ,util-linux "lib")))))) ; for include files
 
+(define-public f2fs-fsck/static
+  (package
+    (name "f2fs-fsck-static")
+    (version (package-version f2fs-tools/static))
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils)
+                      (ice-9 ftw)
+                      (srfi srfi-26))
+         (let* ((f2fs-tools (assoc-ref %build-inputs "f2fs-tools-static"))
+                (fsck "fsck.f2fs")
+                (out (assoc-ref %outputs "out"))
+                (sbin (string-append out "/sbin")))
+           (mkdir-p sbin)
+           (with-directory-excursion sbin
+             (install-file (string-append f2fs-tools "/sbin/" fsck)
+                           ".")
+             (remove-store-references fsck)
+             (chmod fsck #o555))
+           #t))))
+    (inputs
+     `(("f2fs-tools-static" ,f2fs-tools/static)))
+    (home-page (package-home-page f2fs-tools/static))
+    (synopsis "Statically-linked fsck.f2fs command from f2fs-tools")
+    (description "This package provides statically-linked fsck.f2fs command taken
+from the f2fs-tools package. It is meant to be used in initrds.")
+    (license (package-license f2fs-tools/static))))
+
 (define-public freefall
   (package
     (name "freefall")
diff --git a/gnu/packages/lisp-xyz.scm b/gnu/packages/lisp-xyz.scm
index 6818cf3a62..280826545c 100644
--- a/gnu/packages/lisp-xyz.scm
+++ b/gnu/packages/lisp-xyz.scm
@@ -3143,10 +3143,10 @@ is a library for creating graphical user interfaces.")
   (sbcl-package->cl-source-package sbcl-cl-cffi-gtk))
 
 (define-public sbcl-cl-webkit
-  (let ((commit "d97115ca601838dfa60ea7afbb88641d7a526dba"))
+  (let ((commit "f93cb9697e8813068795fe4dc39ac950d814102d"))
     (package
       (name "sbcl-cl-webkit")
-      (version (git-version "2.4" "2" commit))
+      (version (git-version "2.4" "3" commit))
       (source
        (origin
          (method git-fetch)
@@ -3156,7 +3156,7 @@ is a library for creating graphical user interfaces.")
          (file-name (git-file-name "cl-webkit" version))
          (sha256
           (base32
-           "0sdb2l2h5xv5c1m2mfq31i9yl6zjf512fvwwzlvk9nvisyhc4xi3"))))
+           "1sjcw08kjpd5h83sms7zcq2nymddjygk9hm2rpgzrl524an9ziwc"))))
       (build-system asdf-build-system/sbcl)
       (inputs
        `(("cffi" ,sbcl-cffi)
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index da2c76b275..1930eb63aa 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -266,6 +266,51 @@ access to servers running the Discord protocol.")
     (home-page "https://github.com/sm00th/bitlbee-discord/")
     (license license:gpl2+)))
 
+(define-public purple-mattermost
+  (package
+    (name "purple-mattermost")
+    (version "1.2")
+    (home-page "https://github.com/EionRobb/purple-mattermost")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference (url home-page)
+                                  (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0fm49iv58l09qpy8vkca3am642fxiwcrrh6ykimyc2mas210b5g2"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (replace 'configure
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      ;; Adjust the makefile to install files in the right
+                      ;; place.
+                      (let ((out (assoc-ref outputs "out")))
+                        (substitute* "Makefile"
+                          (("MATTERMOST_DEST = .*")
+                           (string-append "MATTERMOST_DEST = " out
+                                          "/lib/purple-2\n")) ;XXX: hardcoded
+                          (("MATTERMOST_ICONS_DEST = .*")
+                           (string-append "MATTERMOST_ICONS_DEST = "
+                                          out
+                                          "/share/pixmaps/pidgin/protocols\n")))
+                        #t))))
+       #:make-flags (list "CC=gcc"
+                          ,(string-append "PLUGIN_VERSION=" version))
+       #:tests? #f))
+    (inputs `(("glib" ,glib)
+              ("json-glib" ,json-glib)
+              ("discount" ,discount)
+              ("pidgin" ,pidgin)))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (synopsis "Purple plug-in to access Mattermost instant messaging")
+    (description
+     "Purple-Mattermost is a plug-in for Purple, the instant messaging library
+used by Pidgin and Bitlbee, among others, to access
+@uref{https://mattermost.com/, Mattermost} servers.")
+    (license license:gpl3+)))
+
 (define-public hexchat
   (package
     (name "hexchat")
@@ -505,14 +550,14 @@ compromised.")
 (define-public znc
   (package
     (name "znc")
-    (version "1.7.5")
+    (version "1.8.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://znc.in/releases/archive/znc-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "08a7yb2xs85hyyz8dpzfbsfjwj2r6kcii022lj3l4rf8hl9ix558"))))
+                "0m5xf60r40pgbg9lyk56dafxj2hj149pn2wf8vzsp8xgq4kv5zcl"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm
index 8da31d6a84..d88bbc3aa3 100644
--- a/gnu/packages/monitoring.scm
+++ b/gnu/packages/monitoring.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
 ;;; Copyright © 2018, 2019 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2020 Alex ter Weele <alex.ter.weele@gmail.com>
+;;; Copyright © 2020 Lars-Dominik Braun <ldb@leibniz-psychology.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,6 +33,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system go)
   #:use-module (guix utils)
+  #:use-module (gnu packages)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
@@ -48,11 +50,14 @@
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-web)
   #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages rrdtool)
   #:use-module (gnu packages time)
-  #:use-module (gnu packages tls))
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages web))
 
 (define-public nagios
   (package
@@ -445,3 +450,47 @@ written in Go with pluggable metric collectors.")
     (description "This package provides a file system monitor.")
     (home-page "https://github.com/emcrisostomo/fswatch")
     (license license:gpl3+)))
+
+(define-public collectd
+  (package
+    (name "collectd")
+    (version "5.11.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://storage.googleapis.com/collectd-tarballs/collectd-"
+                    version
+                    ".tar.bz2"))
+              (sha256
+               (base32
+                "1cjxksxdqcqdccz1nbnc2fp6yy84qq361ynaq5q8bailds00mc9p"))
+              (patches (search-patches "collectd-5.11.0-noinstallvar.patch"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags (list "--localstatedir=/var" "--sysconfdir=/etc")
+       #:phases (modify-phases %standard-phases
+                  (add-before 'configure 'autoreconf
+                    (lambda _
+                      ;; Required because of patched sources.
+                      (invoke "autoreconf" "-vfi"))))))
+    (inputs
+     `(("rrdtool" ,rrdtool)
+       ("curl" ,curl)
+       ("libyajl" ,libyajl)))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://collectd.org/")
+    (synopsis "Collect system and application performance metrics periodically")
+    (description
+     "collectd gathers metrics from various sources such as the operating system,
+applications, log files and external devices, and stores this information or
+makes it available over the network.  Those statistics can be used to monitor
+systems, find performance bottlenecks (i.e., performance analysis) and predict
+future system load (i.e., capacity planning).")
+    ;; license:expat for the daemon in src/daemon/ and some plugins,
+    ;; license:gpl2 for other plugins
+    (license (list license:expat license:gpl2))))
+
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 8738c1eeeb..e0b6f6c0c1 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1162,6 +1162,28 @@ complete studio.")
 with a selectable pattern matrix size.")
     (license license:gpl3+)))
 
+(define-public bchoppr
+  (package
+    (inherit bsequencer)
+    (name "bchoppr")
+    (version "1.4.2")
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://github.com/sjaehn/BChoppr.git")
+               (commit version)))
+        (file-name (git-file-name name version))
+        (sha256
+          (base32
+            "1ympx0kyn3mkb23xgd44rlrf4qnngnlkmikz9syhayklgax7ijgm"))))
+    (synopsis "Audio stream-chopping LV2 plugin")
+    (description "B.Choppr cuts the audio input stream into a repeated
+sequence of up to 16 chops.  Each chop can be leveled up or down (gating).
+B.Choppr is the successor of B.Slizr.")
+    (home-page "https://github.com/sjaehn/BChoppr")
+    (license license:gpl3+)))
+
 (define-public solfege
   (package
     (name "solfege")
diff --git a/gnu/packages/patches/collectd-5.11.0-noinstallvar.patch b/gnu/packages/patches/collectd-5.11.0-noinstallvar.patch
new file mode 100644
index 0000000000..39cd9c763e
--- /dev/null
+++ b/gnu/packages/patches/collectd-5.11.0-noinstallvar.patch
@@ -0,0 +1,21 @@
+Disable creation of /var and /etc
+
+--- a/Makefile.am	2020-03-08 16:57:09.511535600 +0100
++++ b/Makefile.am	2020-04-21 11:36:49.827182272 +0200
+@@ -2376,16 +2376,6 @@
+ endif
+ 
+ install-exec-hook:
+-	$(mkinstalldirs) $(DESTDIR)$(localstatedir)/run
+-	$(mkinstalldirs) $(DESTDIR)$(localstatedir)/lib/$(PACKAGE_NAME)
+-	$(mkinstalldirs) $(DESTDIR)$(localstatedir)/log
+-	$(mkinstalldirs) $(DESTDIR)$(sysconfdir)
+-	if test -e $(DESTDIR)$(sysconfdir)/collectd.conf; \
+-	then \
+-		$(INSTALL) -m 0640 $(builddir)/src/collectd.conf $(DESTDIR)$(sysconfdir)/collectd.conf.pkg-orig; \
+-	else \
+-		$(INSTALL) -m 0640 $(builddir)/src/collectd.conf $(DESTDIR)$(sysconfdir)/collectd.conf; \
+-	fi; \
+ 	$(mkinstalldirs) $(DESTDIR)$(cpkgdatadir)
+ 	$(INSTALL) -m 0644 $(srcdir)/src/types.db $(DESTDIR)$(cpkgdatadir)/types.db;
+ 	$(INSTALL) -m 0644 $(srcdir)/src/postgresql_default.conf \
diff --git a/gnu/packages/patches/grocsvs-dont-use-admiral.patch b/gnu/packages/patches/grocsvs-dont-use-admiral.patch
new file mode 100644
index 0000000000..cb976e19b0
--- /dev/null
+++ b/gnu/packages/patches/grocsvs-dont-use-admiral.patch
@@ -0,0 +1,69 @@
+python-admiral doesn't have a license
+https://github.com/nspies/admiral/issues/3
+
+diff --git a/setup.py b/setup.py
+index 692b6a0..568f381 100755
+--- a/setup.py
++++ b/setup.py
+@@ -20,7 +20,7 @@ setup(
+         'console_scripts' : ["grocsvs = grocsvs.main:main"]
+     },
+ 
+-    install_requires = ["admiral", "h5py", "networkx>=2.0", "pandas", "pybedtools", 
++    install_requires = ["h5py", "networkx>=2.0", "pandas", "pybedtools", 
+                         "pyfaidx", "pysam>=0.10.0", "scipy", "ipython-cluster-helper",
+                         "pygraphviz", "psutil"],
+ 
+diff --git a/src/grocsvs/jobmanagers.py b/src/grocsvs/jobmanagers.py
+index 6da0b58..112d7ff 100755
+--- a/src/grocsvs/jobmanagers.py
++++ b/src/grocsvs/jobmanagers.py
+@@ -41,34 +41,3 @@ class MultiprocessingCluster(Cluster):
+         pool = multiprocessing.Pool(processes=self.processes)
+         return pool.map_async(fn, args).get(999999)
+ 
+-
+-class AdmiralCluster(Cluster):
+-    def map(self, fn, args):
+-        from admiral import jobmanagers, remote
+-
+-        cluster_options = self.cluster_settings.cluster_options.copy()
+-        
+-        scheduler = cluster_options.pop("scheduler")
+-
+-        jobmanager_class = jobmanagers.get_jobmanager(scheduler)
+-        jobmanager = jobmanager_class(
+-            batch_dir=self.batch_dir, log_dir=self.batch_dir)
+-
+-
+-        if not "mem" in cluster_options:
+-            cluster_options["mem"] = "16g"
+-        if not "time" in cluster_options:
+-            cluster_options["time"] = "12h"
+-
+-        jobs = []
+-        #for i, arg in enumerate(args):
+-
+-        job_name = args[0].__class__.__name__
+-        args = [[arg] for arg in args]
+-        job = remote.run_remote(fn, jobmanager, job_name, args=args,
+-                                array=True, overwrite=True, **cluster_options)
+-
+-        result = jobmanagers.wait_for_jobs([job], wait=5, progress=True)
+-
+-        if not result:
+-            raise Exception("Some chunks failed to complete")
+diff --git a/src/grocsvs/pipeline.py b/src/grocsvs/pipeline.py
+index ab1bb2d..350976f 100755
+--- a/src/grocsvs/pipeline.py
++++ b/src/grocsvs/pipeline.py
+@@ -8,8 +8,7 @@ from grocsvs import utilities
+ def make_jobmanager(jobmanager_settings, processes, batch_dir):
+     jobmanager_classes = {"IPCluster":jobmanagers.IPCluster,
+                           "local":    jobmanagers.LocalCluster,
+-                          "multiprocessing": jobmanagers.MultiprocessingCluster,
+-                          "admiral": jobmanagers.AdmiralCluster}
++                          "multiprocessing": jobmanagers.MultiprocessingCluster}
+ 
+     cls = jobmanager_classes[jobmanager_settings.cluster_type]
+     return cls(processes, jobmanager_settings, batch_dir)
diff --git a/gnu/packages/patches/gromacs-tinyxml2.patch b/gnu/packages/patches/gromacs-tinyxml2.patch
new file mode 100644
index 0000000000..cc7d7459a8
--- /dev/null
+++ b/gnu/packages/patches/gromacs-tinyxml2.patch
@@ -0,0 +1,67 @@
+Unbundling tinyxml2 from gromacs and using our own, which is newer, broke gromacs
+build.
+
+This patch fixes three issues:
+
+- cmake now errors out if using multiple target_link_libraries with mixed styles
+  of signatures.
+
+- Error handling API changed, fix the testutils/refdata_xml.cpp code by using the
+  new API: document.ErrorStr() & tinyxml2::XML_SUCCESS.
+
+Those fixes will be submitted for inclusion to upstream, but may not be suitable
+there as long as they still keep the old version bundled.
+
+First hunk has already been requested for merging. Third is in discussion. Second
+will only be sent if third is OK'ed.
+
+diff -ruN gromacs-2020.2/src/testutils/CMakeLists.txt gromacs-2020.2-fixed/src/testutils/CMakeLists.txt
+--- gromacs-2020.2/src/testutils/CMakeLists.txt 2020-04-30 18:33:44.000000000 +0200
++++ gromacs-2020.2-fixed/src/testutils/CMakeLists.txt   2020-05-01 22:52:16.356000000 +0200
+@@ -73,7 +73,7 @@
+ 
+ if(HAVE_TINYXML2)
+     include_directories(SYSTEM ${TinyXML2_INCLUDE_DIR})
+-    target_link_libraries(testutils ${TinyXML2_LIBRARIES})
++    target_link_libraries(testutils PRIVATE ${TinyXML2_LIBRARIES})
+ else()
+     include_directories(BEFORE SYSTEM "../external/tinyxml2")
+ endif()
+diff -ruN gromacs-2020.2/src/testutils/refdata_xml.cpp gromacs-2020.2-fixed/src/testutils/refdata_xml.cpp
+--- gromacs-2020.2/src/testutils/refdata_xml.cpp        2020-04-30 18:33:44.000000000 +0200
++++ gromacs-2020.2-fixed/src/testutils/refdata_xml.cpp  2020-05-01 23:17:09.556000000 +0200
+@@ -206,21 +206,12 @@
+     document.LoadFile(path.c_str());
+     if (document.Error())
+     {
+-        const char* errorStr1 = document.GetErrorStr1();
+-        const char* errorStr2 = document.GetErrorStr2();
++        const char* errorStr = document.ErrorStr();
+         std::string errorString("Error was ");
+-        if (errorStr1)
+-        {
+-            errorString += errorStr1;
+-        }
+-        if (errorStr2)
+-        {
+-            errorString += errorStr2;
+-        }
+-        if (!errorStr1 && !errorStr2)
+-        {
++        if (errorStr)
++            errorString += errorStr;
++        else
+             errorString += "not specified.";
+-        }
+         GMX_THROW(TestException("Reference data not parsed successfully: " + path + "\n."
+                                 + errorString + "\n"));
+     }
+@@ -371,7 +362,7 @@
+     XMLElementPtr rootElement = createRootElement(&document);
+     createChildElements(rootElement, rootEntry);
+ 
+-    if (document.SaveFile(path.c_str()) != tinyxml2::XML_NO_ERROR)
++    if (document.SaveFile(path.c_str()) != tinyxml2::XML_SUCCESS)
+     {
+         GMX_THROW(TestException("Reference data saving failed in " + path));
+     }
diff --git a/gnu/packages/patches/musl-cross-locale.patch b/gnu/packages/patches/musl-cross-locale.patch
new file mode 100644
index 0000000000..7634eda381
--- /dev/null
+++ b/gnu/packages/patches/musl-cross-locale.patch
@@ -0,0 +1,20 @@
+Disable locales other than C and POSIX because of a compilation error.
+By Danny Milosavljevic <dannym@scratchpost.org>
+This patch is distributed under BSD-3 license.
+See https://github.com/osresearch/heads/pull/610
+diff -ruN b/source/patches/gcc-5.3.0-locale.diff guix-build-musl-cross-0.1-3.a8a6649.drv-12/source/patches/gcc-5.3.0-locale.diff
+--- a/patches/gcc-5.3.0-locale.diff	1970-01-01 01:00:00.000000000 +0100
++++ b/patches/gcc-5.3.0-locale.diff	2020-05-02 14:20:47.213564509 +0200
+@@ -0,0 +1,12 @@
++--- gcc-5.3.0/libstdc++-v3/config/locale/gnu/ctype_members.cc.orig	2020-05-02 14:16:31.376147000 +0200
+++++ gcc-5.3.0/libstdc++-v3/config/locale/gnu/ctype_members.cc	2020-05-02 14:16:56.716279576 +0200
++@@ -47,7 +47,8 @@
++ 	this->_S_create_c_locale(this->_M_c_locale_ctype, __s); 
++ 	this->_M_toupper = this->_M_c_locale_ctype->__ctype_toupper;
++ 	this->_M_tolower = this->_M_c_locale_ctype->__ctype_tolower;
++-	this->_M_table = this->_M_c_locale_ctype->__ctype_b;
+++	//this->_M_table = this->_M_c_locale_ctype->__ctype_b;
+++	throw 3;
++       }
++   }
++ 
diff --git a/gnu/packages/patches/rust-nettle-disable-vendor.patch b/gnu/packages/patches/rust-nettle-disable-vendor.patch
new file mode 100644
index 0000000000..5b52821cdb
--- /dev/null
+++ b/gnu/packages/patches/rust-nettle-disable-vendor.patch
@@ -0,0 +1,13 @@
+Subject: nettle: clear out "vendored" feature cruft from build.rs
+From: Daniel Kahn Gillmor's avatarDaniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+https://salsa.debian.org/rust-team/debcargo-conf/-/commit/b608e6beaa1d38c14fc16ad53780d94954a91900
+https://sources.debian.org/src/rust-nettle/7.0.0-1/debian/patches/disable-vendor.diff/
+--- a/Cargo.toml	1969-12-31 19:00:00.000000000 -0500
++++ b/Cargo.toml	2019-10-23 19:12:01.076181971 -0400
+@@ -35,4 +35,4 @@
+ version = "1"
+ 
+ [features]
+-vendored = ["nettle-sys/vendored"]
++vendored = []
diff --git a/gnu/packages/patches/rust-nettle-sys-disable-vendor.patch b/gnu/packages/patches/rust-nettle-sys-disable-vendor.patch
new file mode 100644
index 0000000000..ae5ef5ebe0
--- /dev/null
+++ b/gnu/packages/patches/rust-nettle-sys-disable-vendor.patch
@@ -0,0 +1,48 @@
+Subject: nettle-sys: clear out "vendored" feature cruft from build.rs
+From: Daniel Kahn Gillmor's avatarDaniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+https://salsa.debian.org/rust-team/debcargo-conf/-/commit/0c71150ad26bb66a8396dcdab055181af232ddc5
+https://sources.debian.org/src/rust-nettle-sys/2.0.4-3/debian/patches/disable-vendor.diff/
+--- a/Cargo.toml	2019-10-23 13:08:07.000000000 -0400
++++ b/Cargo.toml	2019-10-23 14:08:46.644064014 -0400
+@@ -29,12 +29,9 @@
+ version = "0.51.1"
+ default-features = false
+ 
+-[build-dependencies.nettle-src]
+-version = "3.5.1-0"
+-optional = true
+-
+ [build-dependencies.pkg-config]
+ version = "0.3"
+ 
+ [features]
+ vendored = ["nettle-src"]
++nettle-src = []
+diff --git a/build.rs b/build.rs
+index 44f7af3..ede4b2f 100644
+--- a/build.rs
++++ b/build.rs
+@@ -1,7 +1,5 @@
+ extern crate bindgen;
+ extern crate pkg_config;
+-#[cfg(feature = "vendored")]
+-extern crate nettle_src;
+ 
+ use std::env;
+ use std::fs;
+@@ -36,14 +34,6 @@ fn main() {
+     println!("cargo:rerun-if-env-changed=NETTLE_STATIC");
+     println!("cargo:rerun-if-env-changed={}", NETTLE_PREGENERATED_BINDINGS);
+ 
+-    #[cfg(feature = "vendored")]
+-    {
+-        let artifacts = nettle_src::Build::new().build();
+-        println!("cargo:vendored=1");
+-        env::set_var("PKG_CONFIG_PATH",
+-                     artifacts.lib_dir().join("pkgconfig"));
+-    }
+-
+     let nettle = pkg_config::probe_library("nettle hogweed").unwrap();
+ 
+     let mode = match env::var_os("NETTLE_STATIC") {
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index 642bf1ec9d..e953dc456a 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -13186,7 +13186,7 @@ Features:
 (define-public python-dulwich
   (package
     (name "python-dulwich")
-    (version "0.18.6")
+    (version "0.19.16")
     (source
       (origin
         (method url-fetch)
@@ -13195,7 +13195,7 @@ Features:
                    (pypi-uri "dulwich" version)))
         (sha256
           (base32
-           "1aa1xfrxkc3j9s4xi0llhf5gndyi9ryprcxsqfa5fcb8ph34981q"))))
+           "0l589jl0lxx59yq0p6vmgw0q0hmfh48iqwyy0x6g1dmz93262igp"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -13215,7 +13215,8 @@ Features:
              (setenv "PYTHONHASHSEED" "random")
              #t)))))
     (propagated-inputs
-     `(("python-fastimport" ,python-fastimport)))
+     `(("python-fastimport" ,python-fastimport)
+       ("python-urllib3" ,python-urllib3)))
     (native-inputs
      `(("python-mock" ,python-mock)
        ("python-geventhttpclient" ,python-geventhttpclient)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index c5cbb758da..10e69237ca 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -167,6 +167,34 @@ the low-level development kit for the Yubico YubiKey authentication device.")
     (home-page "https://developers.yubico.com/yubico-c/")
     (license license:bsd-2)))
 
+(define-public softhsm
+  (package
+    (name "softhsm")
+    (version "2.6.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://dist.opendnssec.org/source/"
+                    "softhsm-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags '("--disable-gost"))) ; TODO Missing the OpenSSL
+                                               ; engine for GOST
+    (inputs
+     `(("openssl" ,openssl)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("cppunit" ,cppunit)))
+    (synopsis "Software implementation of a generic cryptographic device")
+    (description
+     "SoftHSM 2 is a software implementation of a generic cryptographic device
+with a PKCS #11 Cryptographic Token Interface.")
+    (home-page "https://www.opendnssec.org/softhsm/")
+    (license license:bsd-2)))
+
 (define-public pcsc-lite
   (package
     (name "pcsc-lite")
diff --git a/gnu/packages/sequoia.scm b/gnu/packages/sequoia.scm
new file mode 100644
index 0000000000..1c21c9c893
--- /dev/null
+++ b/gnu/packages/sequoia.scm
@@ -0,0 +1,162 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019, 2020 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages sequoia)
+  #:use-module (guix build-system cargo)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages check) ;; python-pytest
+  #:use-module (gnu packages crates-io)
+  #:use-module (gnu packages libffi) ;; python-cffi
+  #:use-module (gnu packages llvm)
+  #:use-module (gnu packages multiprecision)
+  #:use-module (gnu packages nettle)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-xyz) ;; python-setuptools
+  #:use-module (gnu packages serialization)
+  #:use-module (gnu packages sqlite)
+  #:use-module (gnu packages tls))
+
+(define-public sequoia
+  (package
+    (name "sequoia")
+    (version "0.16.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://gitlab.com/sequoia-pgp/sequoia.git")
+             (commit (string-append "v" version))))
+       (sha256
+        (base32 "0iwzi2ylrwz56s77cd4vcf89ig6ipy4w6kp2pfwqvd2d00x54dhk"))
+       (file-name (git-file-name name version))))
+    (build-system cargo-build-system)
+    (outputs '("out" "python"))
+    (native-inputs
+     `(("clang" ,clang)
+       ("pkg-config" ,pkg-config)
+       ("python-pytest" ,python-pytest)
+       ("python-pytest-runner" ,python-pytest-runner)))
+    (inputs
+     `(("capnproto" ,capnproto)
+       ("gmp" ,gmp)
+       ("nettle" ,nettle)
+       ("openssl" ,openssl)
+       ("python" ,python)
+       ("python-cffi" ,python-cffi)
+       ("sqlite" ,sqlite)))
+    (arguments
+     `(#:tests? #f ;; building the tests requires 9.7GB total
+       #:cargo-inputs
+       (("rust-assert-cli" ,rust-assert-cli-0.6)
+        ("rust-anyhow" ,rust-anyhow-1.0)
+        ("rust-base64", rust-base64-0.11)
+        ;;("rust-buffered-reader" included
+        ("rust-bzip2", rust-bzip2-0.3)
+        ("rust-capnp" ,rust-capnp-0.10)
+        ("rust-capnp-rpc" ,rust-capnp-rpc-0.10)
+        ("rust-capnpc" ,rust-capnpc-0.10)
+        ("rust-chrono" ,rust-chrono-0.4)
+        ("rust-clap" ,rust-clap-2)
+        ("rust-clap" ,rust-clap-2)
+        ("rust-colored" ,rust-colored-1.9.1)
+        ("rust-crossterm" ,rust-crossterm-0.13)
+        ("rust-ctor", rust-ctor-0.1)
+        ("rust-dirs" ,rust-dirs-2.0)
+        ;;("rust-failure" included
+        ("rust-filetime" ,rust-filetime-0.2)
+        ("rust-flate2", rust-flate2-1.0)
+        ("rust-fs2" ,rust-fs2-0.4)
+        ("rust-futures" ,rust-futures-0.1)
+        ("rust-http" ,rust-http-0.1)
+        ("rust-hyper" ,rust-hyper-0.12)
+        ("rust-hyper-tls" ,rust-hyper-tls-0.3)
+        ("rust-idna", rust-idna-0.2)
+        ("rust-itertools" ,rust-itertools-0.8)
+        ("rust-lalrpop-util", rust-lalrpop-util-0.17)
+        ("rust-lazy-static", rust-lazy-static-1.3)
+        ("rust-libc" ,rust-libc-0.2)
+        ("rust-memsec", rust-memsec-0.5)
+        ("rust-native-tls" ,rust-native-tls-0.2)
+        ("rust-nettle", rust-nettle-7)
+        ("rust-parity-tokio-ipc" ,rust-parity-tokio-ipc-0.4)
+        ("rust-percent-encoding" ,rust-percent-encoding-2.1)
+        ("rust-prettytable-rs" ,rust-prettytable-rs-0.8)
+        ("rust-proc-macro2" ,rust-proc-macro2-1.0)
+        ("rust-quickcheck", rust-quickcheck-0.9)
+        ("rust-rand", rust-rand-0.7)
+        ("rust-regex", rust-regex-1.3)
+        ("rust-rusqlite" ,rust-rusqlite-0.19)
+        ("rust-tempfile" ,rust-tempfile-3.1)
+        ("rust-thiserror" ,rust-thiserror-1.0)
+        ("rust-tokio" ,rust-tokio-0.1)
+        ("rust-tokio-core" ,rust-tokio-core-0.1)
+        ("rust-unicode-normalization", rust-unicode-normalization-0.1)
+        ("rust-url" ,rust-url-2.1)
+        ("rust-zbase32" ,rust-zbase32-0.1))
+       #:cargo-development-inputs
+       (("rust-bindgen" ,rust-bindgen-0.51) ;; FIXME for nettle-sys and rusqlite
+        ("rust-lalrpop" ,rust-lalrpop-0.17)
+        ("rust-rpassword" ,rust-rpassword-4))
+       #:phases
+       (modify-phases %standard-phases
+         ;; Run make instead of using the rust build system, as
+         ;; suggested by the installation instructions
+         (replace 'build (lambda _ (invoke "make" "build-release") #t))
+         (replace 'check
+           (lambda* (#:key tests?  #:allow-other-keys)
+             (if tests?
+                 (invoke "make" "check")
+                 #t)))
+         (replace 'install (lambda _ (invoke "make" "install") #t))
+         (add-after 'unpack 'adjust-prefix
+           (lambda* (#:key outputs #:allow-other-keys)
+             (setenv "PREFIX" (assoc-ref outputs "out"))
+             #t))
+         (add-after 'unpack 'fix-fo-python-output
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (pyout (assoc-ref outputs "python")))
+               (substitute* "ffi/lang/python/Makefile"
+                 ;; adjust prefix for python package
+                 (("PREFIX\\s*\\??=.*")
+                  (string-append "PREFIX = " pyout "\n"))
+                 ;; fix rpath to include the main package
+                 (("\\WLDFLAGS=" text)
+                  (string-append text "'-Wl,-rpath=" out "/lib '"))
+                 ;; make setuptools install into the prefix, see
+                 ;; guix/build/python-build-system.scm for explanation
+                 (("\\ssetup.py\\s+install\\s")
+                  " setup.py install --root=/ --single-version-externally-managed "))
+               #t)))
+         (add-after 'unpack 'set-missing-env-vars
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; FIXME: why do we need to set this here?
+             (setenv "LIBCLANG_PATH"
+                     (string-append (assoc-ref inputs "clang") "/lib"))
+             #t)))))
+    (home-page "https://sequoia-pgp.org")
+    (synopsis "New OpenPGP implementation")
+    (description "Sequoia is a new OpenPGP implementation.  It consists of
+several crates, providing both a low-level and a high-level API for dealing
+with OpenPGP data.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index b1b53962aa..29a024c8a9 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -21,6 +21,7 @@
 
 (define-module (gnu packages spice)
   #:use-module (gnu packages)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages gl)
@@ -31,9 +32,11 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
+  #:use-module (gnu packages nss)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages security-token)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages xdisorg)
@@ -219,6 +222,7 @@ which allows users to view a desktop computing environment.")
       `(("cyrus-sasl" ,cyrus-sasl)
         ("glib" ,glib)
         ("libjpeg-turbo" ,libjpeg-turbo)
+        ("libcacard" ,libcacard)        ; smartcard support
         ("lz4" ,lz4)
         ("opus" ,opus)
         ("orc" ,orc)
@@ -297,6 +301,51 @@ resolution scaling on graphical console window resize.")
     (home-page "https://www.spice-space.org")
     (license license:gpl3+)))
 
+(define-public libcacard
+  (package
+    (name "libcacard")
+    (version "2.7.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://gitlab.freedesktop.org/spice/libcacard/uploads/"
+                    "56cb2499198e78e560a1d4c716cd8ab1"
+                    "/libcacard-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0vyvkk4b6xjwq1ccggql13c1x7g4y90clpkqw28257azgn2a1c8n"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:tests? #f                      ; TODO Tests require gnutls built with
+                                        ; p11-kit
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-tests
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "tests/setup-softhsm2.sh"
+               (("\\/usr\\/lib64\\/pkcs11\\/libsofthsm2\\.so")
+                (string-append (assoc-ref inputs "softhsm")
+                               "/lib/softhsm/libsofthsm2.so")))
+             #t)))))
+    (propagated-inputs
+     `(("glib" ,glib)                   ; Requires: in the pkg-config file
+       ("nss" ,nss)))                   ; Requires.private: in the pkg-config
+                                        ; file
+    (native-inputs
+     `(("openssl" ,openssl)
+       ("nss" ,nss "bin")
+       ("opensc" ,opensc)
+       ("softhsm" ,softhsm)
+       ("gnutls" ,gnutls)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)))
+    (synopsis "Emulate and share smart cards with virtual machines")
+    (description
+     "The @acronym{CAC,Common Access Card} library can be used to emulate and
+share smart cards from client system to local or remote virtual machines.")
+    (home-page "https://gitlab.freedesktop.org/spice/libcacard")
+    (license license:lgpl2.1+)))
+
 (define-public virt-viewer
   (package
     (name "virt-viewer")
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index fe8c731a1a..60c54f9401 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2018 Alex Branham <alex.branham@gmail.com>
+;;; Copyright © 2020 Tim Howes <timhowes@lavabit.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -5786,42 +5787,51 @@ Java package that provides routines for various statistical distributions.")
 (define-public emacs-ess
   (package
     (name "emacs-ess")
-    (version "17.11")
+    (version "18.10.2")
     (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/emacs-ess/ESS/archive/v"
-                                  version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/emacs-ess/ESS")
+                    (commit (string-append "v" version))))
               (sha256
                (base32
-                "0cbilbsiwvcyf6d5y24mymp57m3ana5dkzab3knfs83w4a3a4c5c"))
-              (file-name (string-append name "-" version ".tar.gz"))
+                "1yq41l2bicwjrc0b731iic20cpcnz6ppigri1jn621qv2qv22vy3"))
+              (file-name (git-file-name name version))
               (modules '((guix build utils)))
               (snippet
                '(begin
                   ;; Stop ESS from trying to bundle an external julia-mode.el.
                   (substitute* "lisp/Makefile"
-                    (("^\tjulia-mode.elc\\\\\n") "")
-                    (("^dist: all julia-mode.el")
-                     "dist: all"))
-                  ;; No need to build docs in so many formats.  Also, skipping
-                  ;; pdf lets us not pull in texlive.
+                    (("^ess-julia.elc: julia-mode.elc") "")
+                    (("^all: julia-mode.el")
+                     "all:"))
+                  ;; Include *.el files in install target.
+                  (substitute* "lisp/Makefile"
+                    (("\t\\$\\(INSTALL) \\$\\(ELC\\) \\$\\(LISPDIR\\)" elc)
+                     (string-append "\t$(INSTALL) $(ELS) ess-autoloads.el "
+                                    "$(LISPDIR)\n" elc)))
+                  ;; Only build docs in info format.
                   (substitute* "doc/Makefile"
-                    (("all  : info text html pdf")
+                    (("all  : info text")
                      "all  : info")
                     (("install: install-info install-other-docs")
                      "install: install-info"))
-                  ;; Test fails upstream
+                  ;; Stop install-info from trying to update the info directory.
+                  (substitute* "doc/Makefile"
+                    ((".*\\$\\(INFODIR\\)/dir.*") ""))
+                  ;; Fix roxygen preview test.
                   (substitute* "test/ess-r-tests.el"
-                    (("ert-deftest ess-r-namespaced-eval-no-srcref-in-errors ()")
-                     "ert-deftest ess-r-namespaced-eval-no-srcref-in-errors () :expected-result :failed"))
+                               (("Add together two numbers.\n")
+                                "Add together two numbers. ")
+                               (("##' add\\(10, 1\\)") "add(10, 1)"))
                   #t))))
     (build-system gnu-build-system)
     (arguments
      (let ((base-directory "/share/emacs/site-lisp"))
        `(#:make-flags (list (string-append "PREFIX=" %output)
-                            (string-append "ETCDIR=" %output "/"
+                            (string-append "ETCDIR=" %output
                                            ,base-directory "/etc")
-                            (string-append "LISPDIR=" %output "/"
+                            (string-append "LISPDIR=" %output
                                            ,base-directory))
          #:phases
          (modify-phases %standard-phases
@@ -5840,6 +5850,7 @@ Java package that provides routines for various statistical distributions.")
        ("r-minimal" ,r-minimal)))
     (native-inputs
      `(("perl" ,perl)
+       ("r-roxygen2" ,r-roxygen2)
        ("texinfo" ,texinfo)))
     (propagated-inputs
      `(("emacs-julia-mode" ,emacs-julia-mode)))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 41fba872c6..8b4d0479b6 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1610,7 +1610,7 @@ To load this plugin, specify the following option when starting mpv:
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2020.03.24")
+    (version "2020.05.03")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/ytdl-org/youtube-dl/"
@@ -1618,7 +1618,7 @@ To load this plugin, specify the following option when starting mpv:
                                   version ".tar.gz"))
               (sha256
                (base32
-                "05l4asakakxn53wrvxn6c03fd80zdizdbj6r2cj8c1ja3sj9i8s5"))))
+                "0qigk1bml6vkck4rs0wnmr46j5gkz04zn30jvnw1r4czjs7vnpal"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 2254d5adc1..b098ef36e0 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -244,6 +244,7 @@ exec smbd $@")))
        ("gtk+" ,gtk+)
        ("libaio" ,libaio)
        ("libattr" ,attr)
+       ("libcacard" ,libcacard)     ; smartcard support
        ("libcap" ,libcap)           ; virtfs support requires libcap & libattr
        ("libdrm" ,libdrm)
        ("libepoxy" ,libepoxy)
@@ -310,7 +311,8 @@ server and embedded PowerPC, and S390 guests.")
                   '("gettext")))
     (inputs (fold alist-delete (package-inputs qemu)
                   '("libusb" "mesa" "sdl2" "spice" "virglrenderer" "gtk+"
-                    "usbredir" "libdrm" "libepoxy" "pulseaudio" "vde2")))))
+                    "usbredir" "libdrm" "libepoxy" "pulseaudio" "vde2"
+                    "libcacard")))))
 
 (define-public libosinfo
   (package
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 3e0c2d33ac..ebae1c43f7 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
 ;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
@@ -245,20 +245,21 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer
 (define-public openconnect
   (package
    (name "openconnect")
-   (version "8.08")
+   (version "8.09")
    (source (origin
             (method url-fetch)
             (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
                                 "openconnect-" version ".tar.gz"))
             (sha256
-             (base32 "1s3rjdazx1n5izpcgz05p1sirm7kf4z3gh26dq2h2j5xmgmk0jxp"))))
+             (base32 "19p91hs6j348qp0v9c7abl3rb8d9ncc37k743qhrn29s9jz0567k"))))
    (build-system gnu-build-system)
    (propagated-inputs
     `(("libxml2" ,libxml2)
       ("gnutls" ,gnutls-3.6.13)
       ("zlib" ,zlib)))
    (inputs
-    `(("vpnc-scripts" ,vpnc-scripts)))
+    `(("lz4" ,lz4)
+      ("vpnc-scripts" ,vpnc-scripts)))
    (native-inputs
     `(("gettext" ,gettext-minimal)
       ("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 1a7f944f59..f839560bfb 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -36,6 +36,7 @@
 ;;; Copyright © 2020 Damien Cassou <damien@cassou.me>
 ;;; Copyright © 2020 John Soo <jsoo1@asu.edu>
 ;;; Copyright © 2020 Boris A. Dekshteyn <boris.dekshteyn@gmail.com>
+;;; Copyright © 2020 Alex McGrath <amk@amk.ie>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2326,3 +2327,34 @@ some kind of chat (in native language).
 @command{kbdd} also supports D-Bus signals, which makes it possible to
 create layout indicator widgets.")
     (license license:bsd-2)))
+
+(define-public j4-dmenu-desktop
+  (package
+    (name "j4-dmenu-desktop")
+    (version "2.17")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/enkore/j4-dmenu-desktop.git")
+                    (commit (string-append "r" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0v23fimkn83dcm5p53y2ymhklff3kwppxhf75sm8xmswrzkixpgc"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("catch2" ,catch-framework2)))
+    (arguments
+     `(#:configure-flags '("-DWITH_GIT_CATCH=off")
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (invoke "./j4-dmenu-tests" "exclude:SearchPath/XDG_DATA_HOME"))))))
+    (synopsis "Fast desktop menu")
+    (description
+     "j4-dmenu-desktop is a replacement for i3-dmenu-desktop.  Its purpose
+is to find @file{.desktop} files and offer you a menu to start an application
+using @command{dmenu}.")
+    (home-page "https://github.com/enkore/j4-dmenu-desktop")
+    (license license:gpl3+)))
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 7d427d8da7..cef22cd400 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -25,6 +25,7 @@
 ;;; Copyright © 2020 Florian Pelz <pelzflorian@pelzflorian.de>
 ;;; Copyright © 2020 Michael Rohleder <mike@rohleder.de>
 ;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2020 Jean-Baptiste Note <jean-baptiste.note@m4x.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -6714,3 +6715,24 @@ Thai).")
 a configuration file reusable by xcursorgen.")
     (home-page "https://github.com/eworm-de/xcur2png")
     (license license:gpl3+)))
+
+(define-public gccmakedep
+  (package
+    (name "gccmakedep")
+    (version "1.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://xorg/individual/util/gccmakedep-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32 "1r1fpy5ni8chbgx7j5sz0008fpb6vbazpy1nifgdhgijyzqxqxdj"))))
+    (build-system gnu-build-system)
+    (synopsis "Create dependencies in makefiles using 'gcc -M'")
+    (description
+     "@command{gccmakedep} is a deprecated program which calls @code{gcc -M}
+to output Makefile rules describing the dependencies of each source file, so
+that Make knows which object files must be recompiled when a dependency has
+changed.")
+    (home-page "https://gitlab.freedesktop.org/xorg/util/gccmakedep")
+    (license license:x11)))
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index d93796c5d8..6ed1f1dbf7 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1379,7 +1379,7 @@ information on the configuration file syntax."
                               (module "pam_limits.so")
                               (arguments '("conf=/etc/security/limits.conf")))))
              (if (member (pam-service-name pam)
-                         '("login" "su" "slim" "gdm-password"))
+                         '("login" "su" "slim" "gdm-password" "sddm"))
                  (pam-service
                   (inherit pam)
                   (session (cons pam-limits
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d2dbb8f80d..ced21c0742 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020 pinoaffe <pinoaffe@airmail.cc>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -45,7 +46,11 @@
             dropbear-configuration
             dropbear-configuration?
             dropbear-service-type
-            dropbear-service))
+            dropbear-service
+
+            autossh-configuration
+            autossh-configuration?
+            autossh-service-type))
 
 ;;; Commentary:
 ;;;
@@ -628,4 +633,103 @@ daemon} with the given @var{config}, a @code{<dropbear-configuration>}
 object."
   (service dropbear-service-type config))
 
+
+;;;
+;;; AutoSSH.
+;;;
+
+
+(define-record-type* <autossh-configuration>
+  autossh-configuration make-autossh-configuration
+  autossh-configuration?
+  (user            autossh-configuration-user
+                   (default "autossh"))
+  (poll            autossh-configuration-poll
+                   (default 600))
+  (first-poll      autossh-configuration-first-poll
+                   (default #f))
+  (gate-time       autossh-configuration-gate-time
+                   (default 30))
+  (log-level       autossh-configuration-log-level
+                   (default 1))
+  (max-start       autossh-configuration-max-start
+                   (default #f))
+  (message         autossh-configuration-message
+                   (default ""))
+  (port            autossh-configuration-port
+                   (default "0"))
+  (ssh-options     autossh-configuration-ssh-options
+                   (default '())))
+
+(define (autossh-file-name config file)
+  "Return a path in /var/run/autossh/ that is writable
+   by @code{user} from @code{config}."
+  (string-append "/var/run/autossh/"
+                 (autossh-configuration-user config)
+                 "/" file))
+
+(define (autossh-shepherd-service config)
+  (shepherd-service
+   (documentation "Automatically set up ssh connections (and keep them alive).")
+   (provision '(autossh))
+   (start #~(make-forkexec-constructor
+             (list #$(file-append autossh "/bin/autossh")
+                   #$@(autossh-configuration-ssh-options config))
+             #:user #$(autossh-configuration-user config)
+             #:group (passwd:gid (getpw #$(autossh-configuration-user config)))
+             #:pid-file #$(autossh-file-name config "pid")
+             #:log-file #$(autossh-file-name config "log")
+             #:environment-variables
+             '(#$(string-append "AUTOSSH_PIDFILE="
+                                (autossh-file-name config "pid"))
+               #$(string-append "AUTOSSH_LOGFILE="
+                                (autossh-file-name config "log"))
+               #$(string-append "AUTOSSH_POLL="
+                                (number->string
+                                 (autossh-configuration-poll config)))
+               #$(string-append "AUTOSSH_FIRST_POLL="
+                                (number->string
+                                 (or
+                                  (autossh-configuration-first-poll config)
+                                  (autossh-configuration-poll config))))
+               #$(string-append "AUTOSSH_GATETIME="
+                                (number->string
+                                 (autossh-configuration-gate-time config)))
+               #$(string-append "AUTOSSH_LOGLEVEL="
+                                (number->string
+                                 (autossh-configuration-log-level config)))
+               #$(string-append "AUTOSSH_MAXSTART="
+                                (number->string
+                                 (or (autossh-configuration-max-start config)
+                                     -1)))
+               #$(string-append "AUTOSSH_MESSAGE="
+                                (autossh-configuration-message config))
+               #$(string-append "AUTOSSH_PORT="
+                                (autossh-configuration-port config)))))
+   (stop #~(make-kill-destructor))))
+
+(define (autossh-service-activation config)
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+        (define %user
+          (getpw #$(autossh-configuration-user config)))
+        (let* ((directory #$(autossh-file-name config ""))
+               (log (string-append directory "/log")))
+          (mkdir-p directory)
+          (chown directory (passwd:uid %user) (passwd:gid %user))
+          (call-with-output-file log (const #t))
+          (chown log (passwd:uid %user) (passwd:gid %user))))))
+
+(define autossh-service-type
+  (service-type
+   (name 'autossh)
+   (description "Automatically set up ssh connections (and keep them alive).")
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             (compose list autossh-shepherd-service))
+          (service-extension activation-service-type
+                             autossh-service-activation)))
+   (default-value (autossh-configuration))))
+
 ;;; ssh.scm ends here
diff --git a/gnu/system.scm b/gnu/system.scm
index 99ce66aa4f..cd75e4d4ba 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -120,6 +120,7 @@
             operating-system-etc-directory
             operating-system-locale-directory
             operating-system-boot-script
+            operating-system-uuid
 
             system-linux-image-file-name
             operating-system-with-gc-roots
@@ -984,6 +985,55 @@ we're running in the final root."
                #:mapped-devices mapped-devices
                #:keyboard-layout (operating-system-keyboard-layout os)))
 
+(define* (operating-system-uuid os #:optional (type 'dce))
+  "Compute UUID object with a deterministic \"UUID\" for OS, of the given
+TYPE (one of 'iso9660 or 'dce).  Return a UUID object."
+  ;; Note: For this to be deterministic, we must not hash things that contains
+  ;; (directly or indirectly) procedures, for example.  That rules out
+  ;; anything that contains gexps, thunk or delayed record fields, etc.
+
+  (define service-name
+    (compose service-type-name service-kind))
+
+  (define (file-system-digest fs)
+    ;; Return a hashable digest that does not contain 'dependencies' since
+    ;; this field can contain procedures.
+    (let ((device (file-system-device fs)))
+      (list (file-system-mount-point fs)
+            (file-system-type fs)
+            (file-system-device->string device)
+            (file-system-options fs))))
+
+  (if (eq? type 'iso9660)
+      (let ((pad (compose (cut string-pad <> 2 #\0)
+                          number->string))
+            (h   (hash (map service-name (operating-system-services os))
+                       3600)))
+        (bytevector->uuid
+         (string->iso9660-uuid
+          (string-append "1970-01-01-"
+                         (pad (hash (operating-system-host-name os) 24)) "-"
+                         (pad (quotient h 60)) "-"
+                         (pad (modulo h 60)) "-"
+                         (pad (hash (map file-system-digest
+                                         (operating-system-file-systems os))
+                                    100))))
+         'iso9660))
+      (bytevector->uuid
+       (uint-list->bytevector
+        (list (hash (map file-system-digest
+                         (operating-system-file-systems os))
+                    (- (expt 2 32) 1))
+              (hash (operating-system-host-name os)
+                    (- (expt 2 32) 1))
+              (hash (map service-name (operating-system-services os))
+                    (- (expt 2 32) 1))
+              (hash (map file-system-digest (operating-system-file-systems os))
+                    (- (expt 2 32) 1)))
+        (endianness little)
+        4)
+       type)))
+
 (define (locale-name->definition* name)
   "Variant of 'locale-name->definition' that raises an error upon failure."
   (match (locale-name->definition name)
diff --git a/gnu/system/image.scm b/gnu/system/image.scm
new file mode 100644
index 0000000000..571b7af5f3
--- /dev/null
+++ b/gnu/system/image.scm
@@ -0,0 +1,532 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu system image)
+  #:use-module (guix gexp)
+  #:use-module (guix modules)
+  #:use-module (guix monads)
+  #:use-module (guix records)
+  #:use-module (guix store)
+  #:use-module (guix ui)
+  #:use-module (guix utils)
+  #:use-module ((guix self) #:select (make-config.scm))
+  #:use-module (gnu bootloader)
+  #:use-module (gnu bootloader grub)
+  #:use-module (gnu image)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu system)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system uuid)
+  #:use-module (gnu system vm)
+  #:use-module (guix packages)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bootloaders)
+  #:use-module (gnu packages cdrom)
+  #:use-module (gnu packages disk)
+  #:use-module (gnu packages gawk)
+  #:use-module (gnu packages genimage)
+  #:use-module (gnu packages guile)
+  #:autoload   (gnu packages gnupg) (guile-gcrypt)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages mtools)
+  #:use-module ((srfi srfi-1) #:prefix srfi-1:)
+  #:use-module (srfi srfi-11)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-35)
+  #:use-module (rnrs bytevectors)
+  #:use-module (ice-9 match)
+  #:export (esp-partition
+            root-partition
+
+            efi-disk-image
+            iso9660-image
+
+            find-image
+            system-image))
+
+
+;;;
+;;; Images definitions.
+;;;
+
+(define esp-partition
+  (partition
+   (size (* 40 (expt 2 20)))
+   (label "GNU-ESP") ;cosmetic only
+   ;; Use "vfat" here since this property is used when mounting.  The actual
+   ;; FAT-ness is based on file system size (16 in this case).
+   (file-system "vfat")
+   (flags '(esp))
+   (initializer (gexp initialize-efi-partition))))
+
+(define root-partition
+  (partition
+   (size 'guess)
+   (label "Guix_image")
+   (file-system "ext4")
+   (flags '(boot))
+   (initializer (gexp initialize-root-partition))))
+
+(define efi-disk-image
+  (image
+   (format 'disk-image)
+   (partitions (list esp-partition root-partition))))
+
+(define iso9660-image
+  (image
+   (format 'iso9660)
+   (partitions
+    (list (partition
+           (size 'guess)
+           (label "GUIX_IMAGE")
+           (flags '(boot)))))
+   ;; XXX: Temporarily disable compression to speed-up the tests.
+   (compression? #f)))
+
+
+;;
+;; Helpers.
+;;
+
+(define not-config?
+  ;; Select (guix …) and (gnu …) modules, except (guix config).
+  (match-lambda
+    (('guix 'config) #f)
+    (('guix rest ...) #t)
+    (('gnu rest ...) #t)
+    (rest #f)))
+
+(define (partition->gexp partition)
+  "Turn PARTITION, a <partition> object, into a list-valued gexp suitable for
+'make-partition-image'."
+  #~'(#$@(list (partition-size partition))
+      #$(partition-file-system partition)
+      #$(partition-label partition)
+      #$(and=> (partition-uuid partition)
+               uuid-bytevector)))
+
+(define gcrypt-sqlite3&co
+  ;; Guile-Gcrypt, Guile-SQLite3, and their propagated inputs.
+  (srfi-1:append-map
+   (lambda (package)
+     (cons package
+           (match (package-transitive-propagated-inputs package)
+             (((labels packages) ...)
+              packages))))
+   (list guile-gcrypt guile-sqlite3)))
+
+(define-syntax-rule (with-imported-modules* gexp* ...)
+  (with-extensions gcrypt-sqlite3&co
+    (with-imported-modules `(,@(source-module-closure
+                                '((gnu build vm)
+                                  (gnu build image)
+                                  (guix store database))
+                                #:select? not-config?)
+                             ((guix config) => ,(make-config.scm)))
+      #~(begin
+          (use-modules (gnu build vm)
+                       (gnu build image)
+                       (guix store database)
+                       (guix build utils))
+          gexp* ...))))
+
+
+;;
+;; Disk image.
+;;
+
+(define* (system-disk-image image
+                            #:key
+                            (name "disk-image")
+                            bootcfg
+                            bootloader
+                            register-closures?
+                            (inputs '()))
+  "Return as a file-like object, the disk-image described by IMAGE.  Said
+image can be copied on a USB stick as is.  BOOTLOADER is the bootloader that
+will be installed and configured according to BOOTCFG parameter.
+
+Raw images of the IMAGE partitions are first created.  Then, genimage is used
+to assemble the partition images into a disk-image without resorting to a
+virtual machine.
+
+INPUTS is a list of inputs (as for packages).  When REGISTER-CLOSURES? is
+true, register INPUTS in the store database of the image so that Guix can be
+used in the image."
+
+  (define genimage-name "image")
+
+  (define (image->genimage-cfg image)
+    ;; Return as a file-like object, the genimage configuration file
+    ;; describing the given IMAGE.
+    (define (format->image-type format)
+      ;; Return the genimage format corresponding to FORMAT.  For now, only
+      ;; the hdimage format (raw disk-image) is supported.
+      (case format
+        ((disk-image) "hdimage")
+        (else
+         (raise (condition
+                 (&message
+                  (message
+                   (format #f (G_ "Unsupported image type ~a~%.") format))))))))
+
+    (define (partition->dos-type partition)
+      ;; Return the MBR partition type corresponding to the given PARTITION.
+      ;; See: https://en.wikipedia.org/wiki/Partition_type.
+      (let ((flags (partition-flags partition)))
+        (cond
+         ((member 'esp flags) "0xEF")
+         (else "0x83"))))
+
+    (define (partition-image partition)
+      ;; Return as a file-like object, an image of the given PARTITION.  A
+      ;; directory, filled by calling the PARTITION initializer procedure, is
+      ;; first created within the store.  Then, an image of this directory is
+      ;; created using tools such as 'mke2fs' or 'mkdosfs', depending on the
+      ;; partition file-system type.
+      (let* ((os (image-operating-system image))
+             (schema (local-file (search-path %load-path
+                                              "guix/store/schema.sql")))
+             (graph (match inputs
+                      (((names . _) ...)
+                       names)))
+             (root-builder
+              (with-imported-modules*
+               (let* ((initializer #$(partition-initializer partition)))
+                 (sql-schema #$schema)
+
+                 ;; Allow non-ASCII file names--e.g., 'nss-certs'--to be
+                 ;; decoded.
+                 (setenv "GUIX_LOCPATH"
+                         #+(file-append glibc-utf8-locales "/lib/locale"))
+                 (setlocale LC_ALL "en_US.utf8")
+
+                 (initializer #$output
+                              #:references-graphs '#$graph
+                              #:deduplicate? #f
+                              #:system-directory #$os
+                              #:bootloader-package
+                              #$(bootloader-package bootloader)
+                              #:bootcfg #$bootcfg
+                              #:bootcfg-location
+                              #$(bootloader-configuration-file bootloader)))))
+             (image-root
+              (computed-file "partition-image-root" root-builder
+                             #:options `(#:references-graphs ,inputs)))
+             (type (partition-file-system partition))
+             (image-builder
+              (with-imported-modules*
+               (let ((inputs '#$(list e2fsprogs dosfstools mtools)))
+                 (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
+                 (make-partition-image #$(partition->gexp partition)
+                                       #$output
+                                       #$image-root)))))
+        (computed-file "partition.img" image-builder)))
+
+    (define (partition->config partition)
+      ;; Return the genimage partition configuration for PARTITION.
+      (let ((label (partition-label partition))
+            (dos-type (partition->dos-type partition))
+            (image (partition-image partition)))
+        #~(format #f "~/partition ~a {
+                                      ~/~/partition-type = ~a
+                                      ~/~/image = \"~a\"
+                                      ~/}"  #$label #$dos-type #$image)))
+
+    (let* ((format (image-format image))
+           (image-type (format->image-type format))
+           (partitions (image-partitions image))
+           (partitions-config (map partition->config partitions))
+           (builder
+            #~(begin
+                (let ((format (@ (ice-9 format) format)))
+                  (call-with-output-file #$output
+                    (lambda (port)
+                      (format port
+                              "\
+image ~a {
+~/~a {}
+~{~a~^~%~}
+}~%" #$genimage-name #$image-type (list #$@partitions-config))))))))
+      (computed-file "genimage.cfg" builder)))
+
+  (let* ((substitutable? (image-substitutable? image))
+         (builder
+          (with-imported-modules*
+           (let ((inputs '#$(list genimage coreutils findutils)))
+             (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
+             (genimage #$(image->genimage-cfg image) #$output))))
+         (image-dir (computed-file "image-dir" builder)))
+    (computed-file name
+                   #~(symlink
+                      (string-append #$image-dir "/" #$genimage-name)
+                      #$output)
+                   #:options `(#:substitutable? ,substitutable?))))
+
+
+;;
+;; ISO9660 image.
+;;
+
+(define (has-guix-service-type? os)
+  "Return true if OS contains a service of the type GUIX-SERVICE-TYPE."
+  (not (not (srfi-1:find (lambda (service)
+                           (eq? (service-kind service) guix-service-type))
+                         (operating-system-services os)))))
+
+(define* (system-iso9660-image image
+                               #:key
+                               (name "iso9660-image")
+                               bootcfg
+                               bootloader
+                               register-closures?
+                               (inputs '())
+                               (grub-mkrescue-environment '()))
+  "Return as a file-like object a bootable, stand-alone iso9660 image.
+
+INPUTS is a list of inputs (as for packages).  When REGISTER-CLOSURES? is
+true, register INPUTS in the store database of the image so that Guix can be
+used in the image. "
+  (define root-label
+    (match (image-partitions image)
+      ((partition)
+       (partition-label partition))))
+
+  (define root-uuid
+    (match (image-partitions image)
+      ((partition)
+       (uuid-bytevector (partition-uuid partition)))))
+
+  (let* ((os (image-operating-system image))
+         (bootloader (bootloader-package bootloader))
+         (compression? (image-compression? image))
+         (substitutable? (image-substitutable? image))
+         (schema (local-file (search-path %load-path
+                                          "guix/store/schema.sql")))
+         (graph (match inputs
+                  (((names . _) ...)
+                   names)))
+         (root-builder
+          (with-imported-modules*
+           (sql-schema #$schema)
+
+           ;; Allow non-ASCII file names--e.g., 'nss-certs'--to be decoded.
+           (setenv "GUIX_LOCPATH"
+                   #+(file-append glibc-utf8-locales "/lib/locale"))
+           (setlocale LC_ALL "en_US.utf8")
+
+           (initialize-root-partition #$output
+                                      #:references-graphs '#$graph
+                                      #:deduplicate? #f
+                                      #:system-directory #$os)))
+         (image-root
+          (computed-file "image-root" root-builder
+                         #:options `(#:references-graphs ,inputs)))
+         (builder
+          (with-imported-modules*
+           (let* ((inputs '#$(list parted e2fsprogs dosfstools xorriso
+                                   sed grep coreutils findutils gawk)))
+             (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
+             (make-iso9660-image #$xorriso
+                                 '#$grub-mkrescue-environment
+                                 #$bootloader
+                                 #$bootcfg
+                                 #$os
+                                 #$image-root
+                                 #$output
+                                 #:references-graphs '#$graph
+                                 #:register-closures? #$register-closures?
+                                 #:compression? #$compression?
+                                 #:volume-id #$root-label
+                                 #:volume-uuid #$root-uuid)))))
+    (computed-file name builder
+                   #:options `(#:references-graphs ,inputs
+                               #:substitutable? ,substitutable?))))
+
+
+;;
+;; Image creation.
+;;
+
+(define (root-partition? partition)
+  "Return true if PARTITION is the root partition, false otherwise."
+  (member 'boot (partition-flags partition)))
+
+(define (find-root-partition image)
+  "Return the root partition of the given IMAGE."
+  (srfi-1:find root-partition? (image-partitions image)))
+
+(define (image->root-file-system image)
+  "Return the IMAGE root partition file-system type."
+  (let ((format (image-format image)))
+    (if (eq? format 'iso9660)
+        "iso9660"
+        (partition-file-system (find-root-partition image)))))
+
+(define (root-size image)
+  "Return the root partition size of IMAGE."
+  (let* ((image-size (image-size image))
+         (root-partition (find-root-partition image))
+         (root-size (partition-size root-partition)))
+    (cond
+     ((and (eq? root-size 'guess) image-size)
+      image-size)
+     (else root-size))))
+
+(define* (image-with-os base-image os)
+  "Return an image based on BASE-IMAGE but with the operating-system field set
+to OS.  Also set the UUID and the size of the root partition."
+  (define root-file-system
+    (srfi-1:find
+     (lambda (fs)
+       (string=? (file-system-mount-point fs) "/"))
+     (operating-system-file-systems os)))
+
+  (let*-values (((partitions) (image-partitions base-image))
+                ((root-partition other-partitions)
+                 (srfi-1:partition root-partition? partitions)))
+    (image
+     (inherit base-image)
+     (operating-system os)
+     (partitions
+      (cons (partition
+             (inherit (car root-partition))
+             (uuid (file-system-device root-file-system))
+             (size (root-size base-image)))
+            other-partitions)))))
+
+(define (operating-system-for-image image)
+  "Return an operating-system based on the one specified in IMAGE, but
+suitable for image creation.  Assign an UUID to the root file-system, so that
+it can be used for bootloading."
+  (define volatile-root? (image-volatile-root? image))
+
+  (define (root-uuid os)
+    ;; UUID of the root file system, computed in a deterministic fashion.
+    ;; This is what we use to locate the root file system so it has to be
+    ;; different from the user's own file system UUIDs.
+    (let ((type (if (eq? (image-format image) 'iso9660)
+                    'iso9660
+                    'dce)))
+      (operating-system-uuid os type)))
+
+  (let* ((root-file-system-type (image->root-file-system image))
+         (base-os (image-operating-system image))
+         (file-systems-to-keep
+          (srfi-1:remove
+           (lambda (fs)
+             (string=? (file-system-mount-point fs) "/"))
+           (operating-system-file-systems base-os)))
+         (format (image-format image))
+         (os
+          (operating-system
+            (inherit base-os)
+            (initrd (lambda (file-systems . rest)
+                      (apply (operating-system-initrd base-os)
+                             file-systems
+                             #:volatile-root? volatile-root?
+                             rest)))
+            (bootloader (if (eq? format 'iso9660)
+                            (bootloader-configuration
+                             (inherit
+                              (operating-system-bootloader base-os))
+                             (bootloader grub-mkrescue-bootloader))
+                            (operating-system-bootloader base-os)))
+            (file-systems (cons (file-system
+                                  (mount-point "/")
+                                  (device "/dev/placeholder")
+                                  (type root-file-system-type))
+                                file-systems-to-keep))))
+         (uuid (root-uuid os)))
+    (operating-system
+      (inherit os)
+      (file-systems (cons (file-system
+                            (mount-point "/")
+                            (device uuid)
+                            (type root-file-system-type))
+                          file-systems-to-keep)))))
+
+(define* (make-system-image image)
+  "Return the derivation of IMAGE.  It can be a raw disk-image or an ISO9660
+image, depending on IMAGE format."
+  (define substitutable? (image-substitutable? image))
+
+  (let* ((os (operating-system-for-image image))
+         (image* (image-with-os image os))
+         (register-closures? (has-guix-service-type? os))
+         (bootcfg (operating-system-bootcfg os))
+         (bootloader (bootloader-configuration-bootloader
+                      (operating-system-bootloader os))))
+    (case (image-format image)
+      ((disk-image)
+       (system-disk-image image*
+                          #:bootcfg bootcfg
+                          #:bootloader bootloader
+                          #:register-closures? register-closures?
+                          #:inputs `(("system" ,os)
+                                     ("bootcfg" ,bootcfg))))
+      ((iso9660)
+       (system-iso9660-image image*
+                             #:bootcfg bootcfg
+                             #:bootloader bootloader
+                             #:register-closures? register-closures?
+                             #:inputs `(("system" ,os)
+                                        ("bootcfg" ,bootcfg))
+                             #:grub-mkrescue-environment
+                             '(("MKRESCUE_SED_MODE" . "mbr_hfs")))))))
+
+(define (find-image file-system-type)
+  "Find and return an image that could match the given FILE-SYSTEM-TYPE.  This
+is useful to adapt to interfaces written before the addition of the <image>
+record."
+  ;; XXX: Add support for system and target here, or in the caller.
+  (match file-system-type
+    ("iso9660" iso9660-image)
+    (_ efi-disk-image)))
+
+(define (system-image image)
+  "Wrap 'make-system-image' call, so that it is used only if the given IMAGE
+is supported.  Otherwise, fallback to image creation in a VM.  This is
+temporary and should be removed once 'make-system-image' is able to deal with
+all types of images."
+  (define substitutable? (image-substitutable? image))
+  (define volatile-root? (image-volatile-root? image))
+
+  (let* ((image-os (image-operating-system image))
+         (image-root-filesystem-type (image->root-file-system image))
+         (bootloader (bootloader-configuration-bootloader
+                      (operating-system-bootloader image-os)))
+         (bootloader-name (bootloader-name bootloader))
+         (size (image-size image))
+         (format (image-format image)))
+    (mbegin %store-monad
+      (if (and (or (eq? bootloader-name 'grub)
+                   (eq? bootloader-name 'extlinux))
+               (eq? format 'disk-image))
+          ;; Fallback to image creation in a VM when it is not yet supported
+          ;; by this module.
+          (system-disk-image-in-vm image-os
+                                   #:disk-image-size size
+                                   #:file-system-type image-root-filesystem-type
+                                   #:volatile? volatile-root?
+                                   #:substitutable? substitutable?)
+          (lower-object
+           (make-system-image image))))))
+
+;;; image.scm ends here
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 7166c12bcc..fe49ffdb94 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -523,6 +523,7 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m
                      mdadm
                      dosfstools         ;mkfs.fat, for the UEFI boot partition
                      btrfs-progs
+                     f2fs-tools
                      jfsutils
                      openssh    ;we already have sshd, having ssh/scp can help
                      wireless-tools iw wpa-supplicant-minimal iproute
diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm
index d84f352663..c43d53a210 100644
--- a/gnu/system/linux-initrd.scm
+++ b/gnu/system/linux-initrd.scm
@@ -245,6 +245,9 @@ FILE-SYSTEMS."
           '())
     ,@(if (find (file-system-type-predicate "jfs") file-systems)
           (list jfs_fsck/static)
+          '())
+    ,@(if (find (file-system-type-predicate "f2fs") file-systems)
+          (list f2fs-fsck/static)
           '())))
 
 (define-syntax vhash                              ;TODO: factorize
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 1d5ee39497..4ea82cfd50 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -77,7 +77,7 @@
 
             system-qemu-image/shared-store
             system-qemu-image/shared-store-script
-            system-disk-image
+            system-disk-image-in-vm
             system-docker-image
 
             virtual-machine
@@ -269,95 +269,6 @@ substitutable."
                      (eq? (service-kind service) guix-service-type))
                    (operating-system-services os)))))
 
-(define* (iso9660-image #:key
-                        (name "iso9660-image")
-                        file-system-label
-                        file-system-uuid
-                        (system (%current-system))
-                        (target (%current-target-system))
-                        (qemu qemu-minimal)
-                        os
-                        bootcfg-drv
-                        bootloader
-                        (register-closures? (has-guix-service-type? os))
-                        (inputs '())
-                        (grub-mkrescue-environment '())
-                        (substitutable? #t))
-  "Return a bootable, stand-alone iso9660 image.
-
-INPUTS is a list of inputs (as for packages)."
-  (define schema
-    (and register-closures?
-         (local-file (search-path %load-path
-                                  "guix/store/schema.sql"))))
-
-  (expression->derivation-in-linux-vm
-   name
-   (with-extensions gcrypt-sqlite3&co
-     (with-imported-modules `(,@(source-module-closure '((gnu build vm)
-                                                         (guix store database)
-                                                         (guix build utils))
-                                                       #:select? not-config?)
-                              ((guix config) => ,(make-config.scm)))
-       #~(begin
-           (use-modules (gnu build vm)
-                        (guix store database)
-                        (guix build utils))
-
-           (sql-schema #$schema)
-
-           ;; Allow non-ASCII file names--e.g., 'nss-certs'--to be decoded.
-           (setenv "GUIX_LOCPATH"
-                   #+(file-append glibc-utf8-locales "/lib/locale"))
-           (setlocale LC_ALL "en_US.utf8")
-
-           (let ((inputs
-                  '#$(append (list parted e2fsprogs dosfstools xorriso)
-                             (map canonical-package
-                                  (list sed grep coreutils findutils gawk))))
-
-
-                 (graphs     '#$(match inputs
-                                  (((names . _) ...)
-                                   names)))
-                 ;; This variable is unused but allows us to add INPUTS-TO-COPY
-                 ;; as inputs.
-                 (to-register
-                  '#$(map (match-lambda
-                            ((name thing) thing)
-                            ((name thing output) `(,thing ,output)))
-                          inputs)))
-
-             (set-path-environment-variable "PATH" '("bin" "sbin") inputs)
-             (make-iso9660-image #$xorriso
-                                 '#$grub-mkrescue-environment
-                                 #$(bootloader-package bootloader)
-                                 #$bootcfg-drv
-                                 #$os
-                                 "/xchg/guixsd.iso"
-                                 #:register-closures? #$register-closures?
-                                 #:closures graphs
-                                 #:volume-id #$file-system-label
-                                 #:volume-uuid #$(and=> file-system-uuid
-                                                        uuid-bytevector))))))
-   #:system system
-   #:target target
-
-   ;; Keep a local file system for /tmp so that we can populate it directly as
-   ;; root and have files owned by root.  See <https://bugs.gnu.org/31752>.
-   #:file-systems (remove (lambda (file-system)
-                            (string=? (file-system-mount-point file-system)
-                                      "/tmp"))
-                          %linux-vm-file-systems)
-
-   #:make-disk-image? #f
-   #:single-file-output? #t
-   #:references-graphs inputs
-   #:substitutable? substitutable?
-
-   ;; Xorriso seems to be quite memory-hungry, so increase the VM's RAM size.
-   #:memory-size 512))
-
 (define* (qemu-image #:key
                      (name "qemu-image")
                      (system (%current-system))
@@ -624,62 +535,13 @@ system."
 ;;; VM and disk images.
 ;;;
 
-(define* (operating-system-uuid os #:optional (type 'dce))
-  "Compute UUID object with a deterministic \"UUID\" for OS, of the given
-TYPE (one of 'iso9660 or 'dce).  Return a UUID object."
-  ;; Note: For this to be deterministic, we must not hash things that contains
-  ;; (directly or indirectly) procedures, for example.  That rules out
-  ;; anything that contains gexps, thunk or delayed record fields, etc.
-
-  (define service-name
-    (compose service-type-name service-kind))
-
-  (define (file-system-digest fs)
-    ;; Return a hashable digest that does not contain 'dependencies' since
-    ;; this field can contain procedures.
-    (let ((device (file-system-device fs)))
-      (list (file-system-mount-point fs)
-            (file-system-type fs)
-            (file-system-device->string device)
-            (file-system-options fs))))
-
-  (if (eq? type 'iso9660)
-      (let ((pad (compose (cut string-pad <> 2 #\0)
-                          number->string))
-            (h   (hash (map service-name (operating-system-services os))
-                       3600)))
-        (bytevector->uuid
-         (string->iso9660-uuid
-          (string-append "1970-01-01-"
-                         (pad (hash (operating-system-host-name os) 24)) "-"
-                         (pad (quotient h 60)) "-"
-                         (pad (modulo h 60)) "-"
-                         (pad (hash (map file-system-digest
-                                         (operating-system-file-systems os))
-                                    100))))
-         'iso9660))
-      (bytevector->uuid
-       (uint-list->bytevector
-        (list (hash (map file-system-digest
-                         (operating-system-file-systems os))
-                    (- (expt 2 32) 1))
-              (hash (operating-system-host-name os)
-                    (- (expt 2 32) 1))
-              (hash (map service-name (operating-system-services os))
-                    (- (expt 2 32) 1))
-              (hash (map file-system-digest (operating-system-file-systems os))
-                    (- (expt 2 32) 1)))
-        (endianness little)
-        4)
-       type)))
-
-(define* (system-disk-image os
-                            #:key
-                            (name "disk-image")
-                            (file-system-type "ext4")
-                            (disk-image-size (* 900 (expt 2 20)))
-                            (volatile? #t)
-                            (substitutable? #t))
+(define* (system-disk-image-in-vm os
+                                  #:key
+                                  (name "disk-image")
+                                  (file-system-type "ext4")
+                                  (disk-image-size (* 900 (expt 2 20)))
+                                  (volatile? #t)
+                                  (substitutable? #t))
   "Return the derivation of a disk image of DISK-IMAGE-SIZE bytes of the
 system described by OS.  Said image can be copied on a USB stick as is.  When
 VOLATILE? is true, the root file system is made volatile; this is useful
@@ -687,25 +549,14 @@ to USB sticks meant to be read-only.
 
 SUBSTITUTABLE? determines whether the returned derivation should be marked as
 substitutable."
-  (define normalize-label
-    ;; ISO labels are all-caps (case-insensitive), but since
-    ;; 'find-partition-by-label' is case-sensitive, make it all-caps here.
-    (if (string=? "iso9660" file-system-type)
-        string-upcase
-        identity))
-
   (define root-label
-    ;; Volume name of the root file system.
-    (normalize-label "Guix_image"))
+    "Guix_image")
 
   (define (root-uuid os)
     ;; UUID of the root file system, computed in a deterministic fashion.
     ;; This is what we use to locate the root file system so it has to be
     ;; different from the user's own file system UUIDs.
-    (operating-system-uuid os
-                           (if (string=? file-system-type "iso9660")
-                               'iso9660
-                               'dce)))
+    (operating-system-uuid os 'dce))
 
   (define file-systems-to-keep
     (remove (lambda (fs)
@@ -722,11 +573,7 @@ substitutable."
                                 #:volatile-root? volatile?
                                 rest)))
 
-               (bootloader (if (string=? "iso9660" file-system-type)
-                               (bootloader-configuration
-                                 (inherit (operating-system-bootloader os))
-                                 (bootloader grub-mkrescue-bootloader))
-                               (operating-system-bootloader os)))
+               (bootloader (operating-system-bootloader os))
 
                ;; Force our own root file system.  (We need a "/" file system
                ;; to call 'root-uuid'.)
@@ -744,33 +591,20 @@ substitutable."
                                      (type file-system-type))
                                    file-systems-to-keep))))
         (bootcfg (operating-system-bootcfg os)))
-    (if (string=? "iso9660" file-system-type)
-        (iso9660-image #:name name
-                       #:file-system-label root-label
-                       #:file-system-uuid uuid
-                       #:os os
-                       #:bootcfg-drv bootcfg
-                       #:bootloader (bootloader-configuration-bootloader
-                                     (operating-system-bootloader os))
-                       #:inputs `(("system" ,os)
-                                  ("bootcfg" ,bootcfg))
-                       #:grub-mkrescue-environment
-                       '(("MKRESCUE_SED_MODE" . "mbr_hfs"))
-                       #:substitutable? substitutable?)
-        (qemu-image #:name name
-                    #:os os
-                    #:bootcfg-drv bootcfg
-                    #:bootloader (bootloader-configuration-bootloader
-                                  (operating-system-bootloader os))
-                    #:disk-image-size disk-image-size
-                    #:disk-image-format "raw"
-                    #:file-system-type file-system-type
-                    #:file-system-label root-label
-                    #:file-system-uuid uuid
-                    #:copy-inputs? #t
-                    #:inputs `(("system" ,os)
-                               ("bootcfg" ,bootcfg))
-                    #:substitutable? substitutable?))))
+    (qemu-image #:name name
+                #:os os
+                #:bootcfg-drv bootcfg
+                #:bootloader (bootloader-configuration-bootloader
+                              (operating-system-bootloader os))
+                #:disk-image-size disk-image-size
+                #:disk-image-format "raw"
+                #:file-system-type file-system-type
+                #:file-system-label root-label
+                #:file-system-uuid uuid
+                #:copy-inputs? #t
+                #:inputs `(("system" ,os)
+                           ("bootcfg" ,bootcfg))
+                #:substitutable? substitutable?)))
 
 (define* (system-qemu-image os
                             #:key
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index 343fdc67f6..94d970e1cc 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2020 Danny Milosavljevic <dannym@scratchpost.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,9 +22,11 @@
 (define-module (gnu tests install)
   #:use-module (gnu)
   #:use-module (gnu bootloader extlinux)
+  #:use-module (gnu image)
   #:use-module (gnu tests)
   #:use-module (gnu tests base)
   #:use-module (gnu system)
+  #:use-module (gnu system image)
   #:use-module (gnu system install)
   #:use-module (gnu system vm)
   #:use-module ((gnu build vm) #:select (qemu-command))
@@ -59,6 +62,7 @@
             %test-encrypted-root-os
             %test-btrfs-root-os
             %test-jfs-root-os
+            %test-f2fs-root-os
 
             %test-gui-installed-os
             %test-gui-installed-os-encrypted
@@ -229,14 +233,18 @@ packages defined in installation-os."
                        ;; roots.  This way, we know 'guix system init' will
                        ;; succeed.  Also add guile-final, which is pulled in
                        ;; through provenance.drv and may not always be present.
-                       (image  (system-disk-image
-                                (operating-system-with-gc-roots
-                                 os (list target guile-final))
-                                #:disk-image-size install-size
-                                #:file-system-type
-                                installation-disk-image-file-system-type
-                                ;; Don't provide substitutes; too big.
-                                #:substitutable? #f)))
+                       (image
+                        (system-image
+                         (image
+                          (inherit
+                           (find-image
+                            installation-disk-image-file-system-type))
+                          (size install-size)
+                          (operating-system
+                            (operating-system-with-gc-roots
+                             os (list target guile-final)))
+                          ;; Don't provide substitutes; too big.
+                          (substitutable? #f)))))
     (define install
       (with-imported-modules '((guix build utils)
                                (gnu build marionette))
@@ -930,6 +938,79 @@ build (current-guix) and then store a couple of full system images.")
 
 
 ;;;
+;;; F2FS root file system.
+;;;
+
+(define-os-with-source (%f2fs-root-os %f2fs-root-os-source)
+  ;; The OS we want to install.
+  (use-modules (gnu) (gnu tests) (srfi srfi-1))
+
+  (operating-system
+    (host-name "liberigilo")
+    (timezone "Europe/Paris")
+    (locale "en_US.UTF-8")
+
+    (bootloader (bootloader-configuration
+                 (bootloader grub-bootloader)
+                 (target "/dev/vdb")))
+    (kernel-arguments '("console=ttyS0"))
+    (file-systems (cons (file-system
+                          (device (file-system-label "my-root"))
+                          (mount-point "/")
+                          (type "f2fs"))
+                        %base-file-systems))
+    (users (cons (user-account
+                  (name "charlie")
+                  (group "users")
+                  (supplementary-groups '("wheel" "audio" "video")))
+                 %base-user-accounts))
+    (services (cons (service marionette-service-type
+                             (marionette-configuration
+                              (imported-modules '((gnu services herd)
+                                                  (guix combinators)))))
+                    %base-services))))
+
+(define %f2fs-root-installation-script
+  ;; Shell script of a simple installation.
+  "\
+. /etc/profile
+set -e -x
+guix --version
+
+export GUIX_BUILD_OPTIONS=--no-grafts
+ls -l /run/current-system/gc-roots
+parted --script /dev/vdb mklabel gpt \\
+  mkpart primary ext2 1M 3M \\
+  mkpart primary ext2 3M 2G \\
+  set 1 boot on \\
+  set 1 bios_grub on
+mkfs.f2fs -l my-root -q /dev/vdb2
+mount /dev/vdb2 /mnt
+herd start cow-store /mnt
+mkdir /mnt/etc
+cp /etc/target-config.scm /mnt/etc/config.scm
+guix system build /mnt/etc/config.scm
+guix system init /mnt/etc/config.scm /mnt --no-substitutes
+sync
+reboot\n")
+
+(define %test-f2fs-root-os
+  (system-test
+   (name "f2fs-root-os")
+   (description
+    "Test basic functionality of an OS installed like one would do by hand.
+This test is expensive in terms of CPU and storage usage since we need to
+build (current-guix) and then store a couple of full system images.")
+   (value
+    (mlet* %store-monad ((image   (run-install %f2fs-root-os
+                                               %f2fs-root-os-source
+                                               #:script
+                                               %f2fs-root-installation-script))
+                         (command (qemu-command/writable-image image)))
+      (run-basic-test %f2fs-root-os command "f2fs-root-os")))))
+
+
+;;;
 ;;; Installation through the graphical interface.
 ;;;
 
diff --git a/guix/build/store-copy.scm b/guix/build/store-copy.scm
index 549aa4f28b..ad551bca98 100644
--- a/guix/build/store-copy.scm
+++ b/guix/build/store-copy.scm
@@ -35,6 +35,7 @@
 
             read-reference-graph
 
+            file-size
             closure-size
             populate-store))
 
diff --git a/guix/openpgp.scm b/guix/openpgp.scm
new file mode 100644
index 0000000000..b74f8ff5bf
--- /dev/null
+++ b/guix/openpgp.scm
@@ -0,0 +1,1108 @@
+;; -*- mode: scheme; coding: utf-8 -*-
+;; Copyright © 2010, 2012 Göran Weinholt <goran@weinholt.se>
+;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+
+;; Permission is hereby granted, free of charge, to any person obtaining a
+;; copy of this software and associated documentation files (the "Software"),
+;; to deal in the Software without restriction, including without limitation
+;; the rights to use, copy, modify, merge, publish, distribute, sublicense,
+;; and/or sell copies of the Software, and to permit persons to whom the
+;; Software is furnished to do so, subject to the following conditions:
+
+;; The above copyright notice and this permission notice shall be included in
+;; all copies or substantial portions of the Software.
+
+;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+;; DEALINGS IN THE SOFTWARE.
+
+;;; This code was originally written by Göran Weinholt for Industria and
+;;; released under the Expat license shown above.  It was then modified by
+;;; Ludovic Courtès for use in GNU Guix: turned into a native Guile module,
+;;; ported to Guile-Gcrypt, and extended and simplified in other ways.
+
+(define-module (guix openpgp)
+  #:export (get-openpgp-detached-signature/ascii
+            (get-packet . get-openpgp-packet)
+            verify-openpgp-signature
+            port-ascii-armored?
+
+            openpgp-error?
+            openpgp-unrecognized-packet-error?
+            openpgp-unrecognized-packet-error-port
+            openpgp-invalid-signature-error?
+            openpgp-invalid-signature-error-port
+
+            openpgp-signature?
+            openpgp-signature-issuer-key-id
+            openpgp-signature-issuer-fingerprint
+            openpgp-signature-public-key-algorithm
+            openpgp-signature-hash-algorithm
+            openpgp-signature-creation-time
+            openpgp-signature-expiration-time
+
+            openpgp-user-id?
+            openpgp-user-id-value
+            openpgp-user-attribute?
+
+            openpgp-public-key?
+            openpgp-public-key-subkey?
+            openpgp-public-key-value
+            openpgp-public-key-fingerprint openpgp-format-fingerprint
+            openpgp-public-key-id
+
+            openpgp-keyring?
+            %empty-keyring
+            lookup-key-by-id
+            lookup-key-by-fingerprint
+            get-openpgp-keyring
+
+            read-radix-64
+            string->openpgp-packet)
+  #:use-module (rnrs bytevectors)
+  #:use-module (rnrs io ports)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-9)
+  #:use-module (srfi srfi-11)
+  #:use-module (srfi srfi-19)
+  #:use-module (srfi srfi-26)
+  #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-35)
+  #:use-module (srfi srfi-60)
+  #:use-module (ice-9 match)
+  #:use-module ((ice-9 rdelim) #:select (read-line))
+  #:use-module (ice-9 vlist)
+  #:use-module (gcrypt hash)
+  #:use-module (gcrypt pk-crypto)
+  #:use-module (gcrypt base64)
+  #:use-module (gcrypt base16)
+  #:use-module ((guix build utils) #:select (dump-port)))
+
+;;; Commentary:
+;;;
+;;; This module contains code to read OpenPGP messages as described in
+;;; <https://tools.ietf.org/html/rfc4880>, with extensions from
+;;; <https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-06> (notably
+;;; EdDSA support and extra signature sub-packets).
+;;;
+;;; Currently this module does enough to verify detached signatures of binary
+;;; data.  It does _not_ perform sanity checks on self-signatures, subkey
+;;; binding signatures, etc., among others.  Use only in a context where this
+;;; limitations are acceptable!
+;;;
+;;; Code:
+
+(define-syntax print
+  (syntax-rules ()
+    ;; ((_ args ...) (pk 'openpgp args))
+    ((_ args ...) (values))))
+
+(define-syntax-rule (define-alias new old)
+  (define-syntax new (identifier-syntax old)))
+
+(define-alias fx+ +)
+(define-alias fx- -)
+(define-alias fx* *)
+(define-alias fx/ /)
+(define-alias fxdiv quotient)
+(define-alias fxand logand)
+(define-alias fxbit-set? bit-set?)
+(define-alias fxbit-field bit-field)
+(define-alias bitwise-bit-field bit-field)
+(define-alias fxarithmetic-shift-left ash)
+(define-inlinable (fxarithmetic-shift-right i n) (ash i (- n)))
+(define-inlinable (port-eof? port) (eof-object? (lookahead-u8 port)))
+
+(define (string-hex-pad str)
+  (if (odd? (string-length str))
+      (string-append "0" str)
+      str))
+
+(define (unixtime n)
+  (time-monotonic->date (make-time 'time-monotonic 0 n)))
+
+;; Root of the error hierarchy.
+(define-condition-type &openpgp-error &error
+  openpgp-error?)
+
+;; Error raised when reading an unsupported or unrecognized packet tag.
+(define-condition-type &openpgp-unrecognized-packet-error &openpgp-error
+  openpgp-unrecognized-packet-error?
+  (port openpgp-unrecognized-packet-error-port))
+
+;; Error raised when reading an invalid signature packet.
+(define-condition-type &openpgp-invalid-signature-error &openpgp-error
+  openpgp-invalid-signature-error?
+  (port openpgp-invalid-signature-error-port))
+
+
+;;;
+;;; Bitwise I/O.
+;;;
+;;; TODO: Use Bytestructures instead.
+;;;
+
+(define-syntax-rule (integer-read size)
+  (lambda (port)
+    "Read from PORT a big-endian integer of SIZE bytes.  Return the EOF object
+on end-of-file."
+    (let ((buf (make-bytevector size)))
+      (match (get-bytevector-n! port buf 0 size)
+        (size (bytevector-uint-ref buf 0 (endianness big) size))
+        (_    (eof-object))))))
+
+(define get-u16 (integer-read 2))
+(define get-u32 (integer-read 4))
+(define get-u64 (integer-read 8))
+
+(define-syntax get-integers
+  (syntax-rules ()
+    "Read from PORT integers of the given TYPE, in big endian encoding.  Each
+TYPE must be one of u8, u16, u32, u64, or _, as in this example:
+
+  (get-integers port u8 _ _ _ u32 u16)
+
+In the case of _ (wildcard), one byte is read and discarded.  Return as many
+values as there are TYPEs."
+    ((_ port type ...)
+     (letrec-syntax ((get-integer (syntax-rules (u8 u16 u32 u64)
+                                    ((x u8) (get-u8 port))
+                                    ((x u16) (get-u16 port))
+                                    ((x u32) (get-u32 port))
+                                    ((x u64) (get-u64 port))))
+                     (values*     (syntax-rules (_)
+                                    ((x (result (... ...)))
+                                     (values result (... ...)))
+                                    ((x (result (... ...)) _ rest (... ...))
+                                     (let ((x (get-u8 port)))
+                                       (values* (result (... ...))
+                                                rest (... ...))))
+                                    ((x (result (... ...)) t rest (... ...))
+                                     (let ((x (get-integer t)))
+                                       (values* (result (... ...) x)
+                                                rest (... ...)))))))
+       (values* () type ...)))))
+
+(define (bytevector->uint bv)
+  (bytevector-uint-ref bv 0 (endianness big)
+                       (bytevector-length bv)))
+
+(define-syntax-rule (integer-write size)
+  (lambda (port integer)
+    "Write INTEGER to PORT as a SIZE-byte integer and as big endian."
+    (let ((bv (make-bytevector size)))
+      (bytevector-uint-set! bv 0 integer (endianness big) size)
+      (put-bytevector port bv))))
+
+(define put-u16 (integer-write 2))
+(define put-u32 (integer-write 4))
+(define put-u64 (integer-write 8))
+
+(define-syntax put-integers
+  (syntax-rules ()
+    "Write the given integers as big endian to PORT.  For example:
+
+  (put-integers port u8 42 u32 #x7777)
+
+writes to PORT the value 42 as an 8-bit integer and the value #x7777 as a
+32-bit integer."
+    ((_ port)
+     #t)
+    ((_ port type value rest ...)
+     (let-syntax ((put (syntax-rules (u8 u16 u32 u64)
+                         ((_ u8 port integer)
+                          (put-u8 port integer))
+                         ((_ u16 port integer)
+                          (put-u16 port integer))
+                         ((_ u32 port integer)
+                          (put-u32 port integer))
+                         ((_ u64 port integer)
+                          (put-u64 port integer)))))
+       (begin
+         (put type port value)
+         (put-integers port rest ...))))))
+
+(define-syntax-rule (integers->bytevector type value rest ...)
+  "Return the the TYPE/VALUE integers representation as a bytevector."
+  (let-values (((port get) (open-bytevector-output-port)))
+    (put-integers port type value rest ...)
+    (force-output port)
+    (get)))
+
+
+(define (bytevector->bitnames bv names)
+  (define (bit-set? bv i)
+    (let ((idx (fxarithmetic-shift-right i 3))
+          (bit (fxand i #b111)))
+      (and (< idx (bytevector-length bv))
+           (fxbit-set? (bytevector-u8-ref bv idx) bit))))
+  (do ((names names (cdr names))
+       (i 0 (fx+ i 1))
+       (bits '()
+             (if (bit-set? bv i)
+                 (cons (car names) bits)
+                 bits)))
+      ((null? names) (reverse bits))))
+
+(define (openpgp-format-fingerprint bv)
+  "Return a string representing BV, a bytevector, in the conventional OpenPGP
+hexadecimal format for fingerprints."
+  (define (h i)
+    (string-pad (string-upcase
+                 (number->string
+                  (bytevector-u16-ref bv (* i 2) (endianness big))
+                  16))
+                4 #\0))
+  (string-append (h 0) " " (h 1) " " (h 2) " " (h 3) " " (h 4)
+                 "  "
+                 (h 5) " " (h 6) " " (h 7) " " (h 8) " " (h 9)))
+
+;;; Constants
+
+
+(define PACKET-SESSION-KEY 1)
+(define PACKET-SIGNATURE 2)
+(define PACKET-SYMMETRIC-SESSION-KEY 3)
+(define PACKET-ONE-PASS-SIGNATURE 4)
+(define PACKET-SECRET-KEY 5)
+(define PACKET-PUBLIC-KEY 6)
+(define PACKET-SECRET-SUBKEY 7)
+(define PACKET-COMPRESSED-DATA 8)
+(define PACKET-SYMMETRIC-ENCRYPTED-DATA 9)
+(define PACKET-MARKER 10)
+(define PACKET-LITERAL-DATA 11)
+(define PACKET-TRUST 12)
+(define PACKET-USER-ID 13)
+(define PACKET-PUBLIC-SUBKEY 14)
+(define PACKET-USER-ATTRIBUTE 17)
+(define PACKET-SYMMETRIC-ENCRYPTED/PROTECTED-DATA 18)
+(define PACKET-MDC 19)
+
+(define PUBLIC-KEY-RSA 1)
+(define PUBLIC-KEY-RSA-ENCRYPT-ONLY 2)
+(define PUBLIC-KEY-RSA-SIGN-ONLY 3)
+(define PUBLIC-KEY-ELGAMAL-ENCRYPT-ONLY 16)
+(define PUBLIC-KEY-DSA 17)
+(define PUBLIC-KEY-ECDH 18)                       ;RFC-6637
+(define PUBLIC-KEY-ECDSA 19)                      ;RFC-6639
+(define PUBLIC-KEY-ELGAMAL 20)                    ;encrypt + sign (legacy)
+(define PUBLIC-KEY-EDDSA 22)                      ;"not yet assigned" says GPG
+
+(define (public-key-algorithm id)
+  (cond ((= id PUBLIC-KEY-RSA) 'rsa)
+        ((= id PUBLIC-KEY-DSA) 'dsa)
+        ((= id PUBLIC-KEY-ELGAMAL-ENCRYPT-ONLY) 'elgamal)
+        ((= id PUBLIC-KEY-EDDSA) 'eddsa)
+        (else id)))
+
+(define SYMMETRIC-KEY-PLAINTEXT 0)
+(define SYMMETRIC-KEY-IDEA 1)
+(define SYMMETRIC-KEY-TRIPLE-DES 2)
+(define SYMMETRIC-KEY-CAST5-128 3)
+(define SYMMETRIC-KEY-BLOWFISH-128 4)
+(define SYMMETRIC-KEY-AES-128 7)
+(define SYMMETRIC-KEY-AES-192 8)
+(define SYMMETRIC-KEY-AES-256 9)
+(define SYMMETRIC-KEY-TWOFISH-256 10)
+(define SYMMETRIC-KEY-CAMELLIA-128 11)            ;RFC-5581
+(define SYMMETRIC-KEY-CAMELLIA-192 12)
+(define SYMMETRIC-KEY-CAMELLIA-256 13)
+
+(define (symmetric-key-algorithm id)
+  (cond ((= id SYMMETRIC-KEY-PLAINTEXT) 'plaintext)
+        ((= id SYMMETRIC-KEY-IDEA) 'idea)
+        ((= id SYMMETRIC-KEY-TRIPLE-DES) 'tdea)
+        ((= id SYMMETRIC-KEY-CAST5-128) 'cast5-128)
+        ((= id SYMMETRIC-KEY-BLOWFISH-128) 'blowfish-128)
+        ((= id SYMMETRIC-KEY-AES-128) 'aes-128)
+        ((= id SYMMETRIC-KEY-AES-192) 'aes-192)
+        ((= id SYMMETRIC-KEY-AES-256) 'aes-256)
+        ((= id SYMMETRIC-KEY-TWOFISH-256) 'twofish-256)
+        (else id)))
+
+(define HASH-MD5 1)
+(define HASH-SHA-1 2)
+(define HASH-RIPE-MD160 3)
+(define HASH-SHA-256 8)
+(define HASH-SHA-384 9)
+(define HASH-SHA-512 10)
+(define HASH-SHA-224 11)
+
+(define (openpgp-hash-algorithm id signature-port)
+  (cond ((= id HASH-MD5) 'md5)
+        ((= id HASH-SHA-1) 'sha1)
+        ((= id HASH-RIPE-MD160) 'rmd160)
+        ((= id HASH-SHA-256) 'sha256)
+        ((= id HASH-SHA-384) 'sha384)
+        ((= id HASH-SHA-512) 'sha512)
+        ((= id HASH-SHA-224) 'sha224)
+        (else
+         (raise (condition
+                 (&openpgp-invalid-signature-error (port signature-port)))))))
+
+(define COMPRESSION-UNCOMPRESSED 0)
+(define COMPRESSION-ZIP 1)                      ;deflate
+
+(define COMPRESSION-ZLIB 2)
+(define COMPRESSION-BZIP2 3)
+
+(define (compression-algorithm id)
+  (cond ((= id COMPRESSION-UNCOMPRESSED) 'uncompressed)
+        ((= id COMPRESSION-ZIP) 'deflate)
+        ((= id COMPRESSION-ZLIB) 'zlib)
+        ((= id COMPRESSION-BZIP2) 'bzip2)
+        (else id)))
+
+(define SUBPACKET-SIGNATURE-CTIME 2)
+(define SUBPACKET-SIGNATURE-ETIME 3)
+  ;;  4 = Exportable Certification
+
+(define SUBPACKET-TRUST-SIGNATURE 5)
+  ;;  6 = Regular Expression
+
+(define SUBPACKET-REVOCABLE 7)
+(define SUBPACKET-KEY-ETIME 9)
+(define SUBPACKET-PREFERRED-SYMMETRIC-ALGORITHMS 11)
+  ;; 12 = Revocation Key
+
+(define SUBPACKET-ISSUER 16)
+(define SUBPACKET-NOTATION-DATA 20)
+(define SUBPACKET-PREFERRED-HASH-ALGORITHMS 21)
+(define SUBPACKET-PREFERRED-COMPRESSION-ALGORITHMS 22)
+(define SUBPACKET-KEY-SERVER-PREFERENCES 23)
+(define SUBPACKET-PREFERRED-KEY-SERVER 24)
+(define SUBPACKET-PRIMARY-USER-ID 25)
+(define SUBPACKET-POLICY-URI 26)
+(define SUBPACKET-KEY-FLAGS 27)
+(define SUBPACKET-SIGNER-USER-ID 28)
+(define SUBPACKET-REASON-FOR-REVOCATION 29)
+(define SUBPACKET-FEATURES 30)
+  ;; 31 = Signature Target
+(define SUBPACKET-EMBEDDED-SIGNATURE 32)
+(define SUBPACKET-ISSUER-FINGERPRINT 33)          ;defined in RFC4880bis
+
+(define SIGNATURE-BINARY #x00)
+(define SIGNATURE-TEXT #x01)
+(define SIGNATURE-STANDALONE #x02)
+(define SIGNATURE-GENERIC-CERT #x10)
+(define SIGNATURE-PERSONA-CERT #x11)
+(define SIGNATURE-CASUAL-CERT #x12)
+(define SIGNATURE-POSITIVE-CERT #x13)
+(define SIGNATURE-SUBKEY-BINDING #x18)
+(define SIGNATURE-PRIMARY-KEY-BINDING #x19)
+(define SIGNATURE-DIRECT #x1f)
+(define SIGNATURE-KEY-REVOCATION #x20)
+(define SIGNATURE-SUBKEY-REVOCATION #x28)
+(define SIGNATURE-CERT-REVOCATION #x30)
+(define SIGNATURE-TIMESTAMP #x40)
+(define SIGNATURE-THIRD-PARTY #x50)
+
+;;; Parsing
+
+  ;; Look at the tag byte and see if it looks reasonable, if it does
+  ;; then the file is likely not armored. Does not move the port
+  ;; position.
+
+(define (port-ascii-armored? p)
+  (let ((tag (lookahead-u8 p)))
+    (cond ((eof-object? tag) #f)
+          ((not (fxbit-set? tag 7)) #t)
+          (else
+           (let ((type (if (fxbit-set? tag 6)
+                           (fxbit-field tag 0 6)
+                           (fxbit-field tag 2 6))))
+             (not (<= PACKET-SESSION-KEY type PACKET-MDC)))))))
+
+(define (get-mpi/bytevector p)
+  (let* ((bitlen  (get-u16 p))
+         (bytelen (fxdiv (fx+ bitlen 7) 8)))
+    (get-bytevector-n p bytelen)))
+
+(define (get-mpi p)
+  (bytevector->uint (get-mpi/bytevector p)))
+
+(define (get-v4-length p)
+  ;; TODO: indeterminate length (only for data packets)
+  (let ((o1 (get-u8 p)))
+    (cond ((< o1 192) o1)
+          ((< o1 255)
+           (+ (fxarithmetic-shift-left (fx- o1 192) 8)
+              (get-u8 p)
+              192))
+          ((= o1 255)
+           (get-u32 p)))))
+
+(define (get-packet p)
+  (if (port-eof? p)
+      (eof-object)
+      (get-packet* p get-data)))
+
+(define (get-packet* p get-data)
+  (let ((tag (get-u8 p)))
+    ;; (unless (fxbit-set? tag 7) (error 'get-packet "Invalid tag" tag))
+    (cond ((fxbit-set? tag 6)                     ;New packet format
+           (let ((tag (fxbit-field tag 0 6))
+                 (len (get-v4-length p)))
+             (get-data p tag len)))
+          (else                                   ;Old packet format
+           (let ((tag (fxbit-field tag 2 6))
+                 (len (case (fxbit-field tag 0 2)
+                        ((0) (get-u8 p))
+                        ((1) (get-u16 p))
+                        ((2) (get-u32 p))
+                        ((3) #f))))
+             (get-data p tag len))))))
+
+(define (get-data p tag len)
+  (let ((pp (if len
+                (open-bytevector-input-port (get-bytevector-n p len))
+                p)))                              ;indeterminate length
+    (cond
+     ((= tag PACKET-SIGNATURE)
+      (get-signature pp))
+     ((= tag PACKET-PUBLIC-KEY)
+      (get-public-key pp #f))
+     ((= tag PACKET-TRUST)
+      'openpgp-trust)                             ;XXX: non-standard format?
+     ((= tag PACKET-USER-ID)
+      (get-user-id pp len))
+     ((= tag PACKET-PUBLIC-SUBKEY)
+      (get-public-key pp #t))
+     ((= tag PACKET-USER-ATTRIBUTE)
+      (get-user-attribute pp len))
+     ((= tag PACKET-ONE-PASS-SIGNATURE)
+      'one-pass-signature)                        ;TODO: implement
+     (else
+      (raise (condition (&openpgp-unrecognized-packet-error (port p))))))))
+
+(define-record-type <openpgp-public-key>
+  (make-openpgp-public-key version subkey? time value fingerprint)
+  openpgp-public-key?
+  (version      openpgp-public-key-version)
+  (subkey?      openpgp-public-key-subkey?)
+  (time         openpgp-public-key-time)
+  (value        openpgp-public-key-value)
+  (fingerprint  openpgp-public-key-fingerprint))
+
+;;; Signatures
+
+(define-record-type <openpgp-signature>
+  (make-openpgp-signature version type pk-algorithm hash-algorithm hashl16
+                          append-data hashed-subpackets unhashed-subpackets
+                          value issuer issuer-fingerprint)
+  openpgp-signature?
+  (version               openpgp-signature-version)
+  (type                  openpgp-signature-type)
+  (pk-algorithm          openpgp-signature-public-key-algorithm)
+  (hash-algorithm        openpgp-signature-hash-algorithm)
+  (hashl16               openpgp-signature-hashl16) ;left 16 bits of signed hash
+  (append-data           openpgp-signature-append-data) ;append to data when hashing
+  (hashed-subpackets     openpgp-signature-hashed-subpackets)
+  (unhashed-subpackets   openpgp-signature-unhashed-subpackets)
+  (value                 openpgp-signature-value)
+  (issuer                openpgp-signature-issuer-key-id)       ;integer | #f
+  (issuer-fingerprint    openpgp-signature-issuer-fingerprint)) ;bytevector | #f
+
+(define (openpgp-signature-creation-time sig)
+  (cond ((assq 'signature-ctime (openpgp-signature-hashed-subpackets sig))
+         => (lambda (x) (unixtime (cdr x))))
+        ;; XXX: should be an error?
+        (else #f)))
+
+(define (openpgp-signature-expiration-time sig)
+  (cond ((assq 'signature-etime (openpgp-signature-hashed-subpackets sig))
+         => (lambda (x)
+              (unixtime (+ (cdr x)
+                           (openpgp-signature-creation-time sig)))))
+        (else #f)))
+
+
+(define (get-openpgp-detached-signature/ascii port)
+  "Read from PORT an ASCII-armored detached signature.  Return an
+<openpgp-signature> record or the end-of-file object.  Raise an error if the
+data read from PORT does is invalid or does not correspond to a detached
+signature."
+  (let-values (((data type) (read-radix-64 port)))
+    (cond ((eof-object? data) data)
+          ((string=? type "PGP SIGNATURE")
+           (get-packet (open-bytevector-input-port data)))
+          (else
+           (print "expected PGP SIGNATURE" type)
+           (raise (condition
+                   (&openpgp-invalid-signature-error (port port))))))))
+
+(define (hash-algorithm-name algorithm)        ;XXX: should be in Guile-Gcrypt
+  "Return the name of ALGORITHM, a 'hash-algorithm' integer, as a symbol."
+  (letrec-syntax ((->name (syntax-rules ()
+                            ((_) #f)
+                            ((_ name rest ...)
+                             (if (= algorithm (hash-algorithm name))
+                                 'name
+                                 (->name rest ...))))))
+    (->name sha1 sha256 sha384 sha512 sha224
+            sha3-224 sha3-256 sha3-384 sha3-512)))
+
+(define (verify-openpgp-signature sig keyring dataport)
+  "Verify that the data read from DATAPORT matches SIG, an
+<openpgp-signature>.  Fetch the public key of the issuer of SIG from KEYRING,
+a keyring as returned by 'get-openpgp-keyring'.  Return two values: a status
+symbol, such as 'bad-signature or 'missing-key, and additional info, such as
+the issuer's OpenPGP public key extracted from KEYRING."
+  (define (check key sig)
+    (let*-values (((hash-algorithm) (lookup-hash-algorithm
+                                     (openpgp-signature-hash-algorithm sig)))
+                  ((port get-hash) (open-hash-port hash-algorithm)))
+      (dump-port dataport port)
+
+      ;; As per RFC4880 Section 5.2.4 ("Computing Signatures"), hash some of
+      ;; the fields from the signature packet.
+      (for-each (cut put-bytevector port <>)
+                (openpgp-signature-append-data sig))
+      (close-port port)
+
+      (let* ((signature  (openpgp-signature-value sig))
+             (public-key (openpgp-public-key-value key))
+             (hash       (get-hash))
+             (key-type   (key-type public-key))
+             (data
+              ;; See "(gcrypt) Cryptographic Functions".
+              (sexp->canonical-sexp
+               (if (eq? key-type 'ecc)
+                   `(data
+                     (flags eddsa)
+                     (hash-algo sha512)
+                     (value ,hash))
+                   `(data
+                     (flags ,(match key-type
+                               ('rsa 'pkcs1)
+                               ('dsa 'rfc6979)))
+                     (hash ,(hash-algorithm-name hash-algorithm)
+                           ,hash))))))
+        (values (if (verify signature data public-key)
+                    'good-signature
+                    'bad-signature)
+                key))))
+
+  ;; TODO: Support SIGNATURE-TEXT.
+  (if (= (openpgp-signature-type sig) SIGNATURE-BINARY)
+      (let* ((id          (openpgp-signature-issuer-key-id sig))
+             (fingerprint (openpgp-signature-issuer-fingerprint sig))
+             (key         (if fingerprint
+                              (lookup-key-by-fingerprint keyring fingerprint)
+                              (lookup-key-by-id keyring id))))
+        (if key
+            (check key sig)
+            (values 'missing-key (or fingerprint id))))
+      (values 'unsupported-signature sig)))
+
+(define (key-id-matches-fingerprint? key-id fingerprint)
+  "Return true if KEY-ID, a number, corresponds to the low 8 bytes of
+FINGERPRINT, a bytevector."
+  (let* ((len (bytevector-length fingerprint))
+         (low (make-bytevector 8)))
+    (bytevector-copy! fingerprint (- len 8) low 0 8)
+    (= (bytevector->uint low) key-id)))
+
+(define (get-signature p)
+  (define (->hex n)
+    (string-hex-pad (number->string n 16)))
+
+  (define (get-sig p pkalg)
+    (cond ((= pkalg PUBLIC-KEY-RSA)
+           (print "RSA signature")
+           (string->canonical-sexp
+            (format #f "(sig-val (rsa (s #~a#)))"
+                    (->hex (get-mpi p)))))
+          ((= pkalg PUBLIC-KEY-DSA)
+           (print "DSA signature")
+           (let ((r (get-mpi p)) (s (get-mpi p)))
+             (string->canonical-sexp
+              (format #f "(sig-val (dsa (r #~a#) (s #~a#)))"
+                      (->hex r) (->hex s)))))
+          ((= pkalg PUBLIC-KEY-EDDSA)
+           (print "EdDSA signature")
+           (let ((r (get-mpi/bytevector p))
+                 (s (get-mpi/bytevector p)))
+             ;; XXX: 'verify' fails down the road with GPG_ERR_INV_LENGTH if
+             ;; we provide a 31-byte R or S below, hence the second argument
+             ;; to '->hex' ensuring the MPIs are represented as two-byte
+             ;; multiples, with leading zeros.
+             (define (bytevector->hex bv)
+               (let ((str (bytevector->base16-string bv)))
+                 (if (odd? (bytevector-length bv))
+                     (string-append "00" str)
+                     str)))
+
+             (string->canonical-sexp
+              (format #f "(sig-val (eddsa (r #~a#) (s #~a#)))"
+                      (bytevector->hex r) (bytevector->hex s)))))
+          (else
+           (list 'unsupported-algorithm
+                 (public-key-algorithm pkalg)
+                 (get-bytevector-all p)))))
+  (let ((version (get-u8 p)))
+    (case version
+      ((3)
+       (let-values (((hmlen type ctime keyid pkalg halg hashl16)
+                     (get-integers p u8 u8 u32 u64 u8 u8 u16)))
+         (unless (= hmlen 5)
+           (raise (condition
+                   (&openpgp-invalid-signature-error (port p)))))
+
+         (print "Signature type: " type " creation time: " (unixtime ctime))
+         (print "Hash algorithm: " (openpgp-hash-algorithm halg p))
+         (let ((value (get-sig p pkalg)))
+           (unless (port-eof? p)
+             (print "Trailing data in signature: " (get-bytevector-all p)))
+           (make-openpgp-signature version type
+                                   (public-key-algorithm pkalg)
+                                   (openpgp-hash-algorithm halg p) hashl16
+                                   (list (integers->bytevector u8 type
+                                                               u32 ctime))
+                                   ;; Emulate hashed subpackets
+                                   (list (cons 'signature-ctime ctime))
+                                   ;; Unhashed subpackets
+                                   (list (cons 'issuer keyid))
+                                   value
+                                   keyid #f))))
+      ((4)
+       (let*-values (((type pkalg halg) (get-integers p u8 u8 u8))
+                     ((hashed-subpackets)
+                      (get-bytevector-n p (get-u16 p)))
+                     ((unhashed-subpackets)
+                      (get-bytevector-n p (get-u16 p)))
+                     ((hashl16) (get-u16 p)))
+         (print "Signature type: " type)
+         (print "Hash algorithm: " (openpgp-hash-algorithm halg p))
+         (let ((value (get-sig p pkalg)))
+           (unless (port-eof? p)
+             (print "Trailing data in signature: " (get-bytevector-all p)))
+           (let* ((subpacket-len (bytevector-length hashed-subpackets))
+                  (append-data
+                   (list
+                    (integers->bytevector u8 version
+                                          u8 type
+                                          u8 pkalg
+                                          u8 halg
+                                          u16 subpacket-len)
+                    hashed-subpackets
+                    ;; http://www.rfc-editor.org/errata_search.php?rfc=4880
+                    ;; Errata ID: 2214.
+                    (integers->bytevector u8 #x04
+                                          u8 #xff
+                                          u32 (+ 6 subpacket-len))))
+                  (unhashed-subpackets
+                   (parse-subpackets unhashed-subpackets p))
+                  (hashed-subpackets (parse-subpackets hashed-subpackets p))
+                  (subpackets        (append hashed-subpackets
+                                             unhashed-subpackets))
+                  (issuer-key-id     (assoc-ref subpackets 'issuer))
+                  (issuer            (assoc-ref subpackets
+                                                'issuer-fingerprint)))
+             (unless (or (not issuer) (not issuer-key-id)
+                         (key-id-matches-fingerprint? issuer-key-id issuer))
+               (print "issuer key id does not match fingerprint"
+                      issuer-key-id issuer)
+               (raise (condition
+                       (&openpgp-invalid-signature-error (port p)))))
+
+             (make-openpgp-signature version type
+                                     (public-key-algorithm pkalg)
+                                     (openpgp-hash-algorithm halg p)
+                                     hashl16
+                                     append-data
+                                     hashed-subpackets
+                                     unhashed-subpackets
+                                     value
+                                     issuer-key-id issuer)))))
+      (else
+       (print "Unsupported signature version: " version)
+       'unsupported-signature-version))))
+
+(define (parse-subpackets bv signature-port)
+  (define (parse tag data)
+    (let ((type (fxbit-field tag 0 7))
+          (critical? (fxbit-set? tag 7)))
+      (cond
+       ((= type SUBPACKET-SIGNATURE-CTIME)
+        (cons 'signature-ctime
+              (bytevector-u32-ref data 0 (endianness big))))
+       ((= type SUBPACKET-SIGNATURE-ETIME)
+        (cons 'signature-etime
+              (bytevector-u32-ref data 0 (endianness big))))
+       ((= type SUBPACKET-TRUST-SIGNATURE)
+        (cons 'trust-signature
+              (bytevector-u8-ref data 0)))
+       ((= type SUBPACKET-REVOCABLE)
+        (cons 'revocable
+              (= (bytevector-u8-ref data 0) 1)))
+       ((= type SUBPACKET-KEY-ETIME)
+        (cons 'key-etime
+              (bytevector-u32-ref data 0 (endianness big))))
+       ((= type SUBPACKET-PREFERRED-SYMMETRIC-ALGORITHMS)
+        (cons 'preferred-symmetric-algorithms
+              (map symmetric-key-algorithm (bytevector->u8-list data))))
+       ((= type SUBPACKET-ISSUER)
+        (cons 'issuer
+              (bytevector-u64-ref data 0 (endianness big))))
+       ((= type SUBPACKET-ISSUER-FINGERPRINT)     ;v4+ only, RFC4880bis
+        (cons 'issuer-fingerprint
+              (let* ((version     (bytevector-u8-ref data 0))
+                     (len         (match version (4 20) (5 32)) )
+                     (fingerprint (make-bytevector len)))
+                (bytevector-copy! data 1 fingerprint 0 len)
+                fingerprint)))
+       ((= type SUBPACKET-NOTATION-DATA)
+        (let ((p (open-bytevector-input-port data)))
+          (let-values (((f1 nlen vlen)
+                        (get-integers p u8 _ _ _ u16 u16)))
+            (let* ((name (get-bytevector-n p nlen))
+                   (value (get-bytevector-n p vlen)))
+              (cons 'notation-data
+                    (list (utf8->string name)
+                          (if (fxbit-set? f1 7)
+                              (utf8->string value)
+                              value)))))))
+       ((= type SUBPACKET-PREFERRED-HASH-ALGORITHMS)
+        (cons 'preferred-hash-algorithms
+              (map (cut openpgp-hash-algorithm <> signature-port)
+                   (bytevector->u8-list data))))
+       ((= type SUBPACKET-PREFERRED-COMPRESSION-ALGORITHMS)
+        (cons 'preferred-compression-algorithms
+              (map compression-algorithm (bytevector->u8-list data))))
+       ((= type SUBPACKET-KEY-SERVER-PREFERENCES)
+        (cons 'key-server-preferences
+              (if (and (>= (bytevector-length data) 1)
+                       (fxbit-set? (bytevector-u8-ref data 0) 7))
+                  (list 'no-modify)
+                  (list))))
+       ((= type SUBPACKET-PREFERRED-KEY-SERVER)
+        (cons 'preferred-key-server (utf8->string data)))
+       ((= type SUBPACKET-PRIMARY-USER-ID)
+        (cons 'primary-user-id (not (zero? (bytevector-u8-ref data 0)))))
+       ((= type SUBPACKET-POLICY-URI)
+        (cons 'policy-uri (utf8->string data)))
+       ((= type SUBPACKET-KEY-FLAGS)
+        (cons 'key-flags (bytevector->bitnames
+                          data
+                          '(certification sign-data
+                                          communications-encryption
+                                          storage-encryption
+                                          split-key authentication
+                                          group-key))))
+       ((= type SUBPACKET-SIGNER-USER-ID)
+        (cons 'signer-user-id (utf8->string data)))
+       ((= type SUBPACKET-REASON-FOR-REVOCATION)
+        (let* ((p (open-bytevector-input-port data))
+               (revocation-code (get-u8 p)))
+          (cons 'reason-for-revocation
+                (list revocation-code
+                      (if (port-eof? p)
+                          ""
+                          (utf8->string (get-bytevector-all p)))))))
+       ((= type SUBPACKET-FEATURES)
+        (cons 'features (bytevector->bitnames
+                         data '(modification-detection))))
+       ((= type SUBPACKET-EMBEDDED-SIGNATURE)
+        (cons 'embedded-signature
+              (get-signature (open-bytevector-input-port data))))
+       (else
+        ;; Unknown subpacket type.  If it is critical, then the signature
+        ;; should be considered invalid.
+        (print "Unknown subpacket type: " type)
+        (if critical?
+            (raise (condition
+                    (&openpgp-unrecognized-packet-error
+                     (port signature-port))))
+            (list 'unsupported-subpacket type data))))))
+
+  (let ((p (open-bytevector-input-port bv)))
+    (let lp ((subpackets '()))
+      ;; In case of multiple subpackets of the same type, the last
+      ;; one should be used. Therefore the list is not reversed
+      ;; here.
+      (if (port-eof? p)
+          (reverse subpackets)
+          (let* ((len (- (get-v4-length p) 1))
+                 (tag (get-u8 p))
+                 (sp (parse tag (get-bytevector-n p len))))
+            (print "#;Subpacket " sp)
+            (lp (cons sp subpackets)))))))
+
+;;; Public keys
+
+
+(define (openpgp-public-key-id k)
+  (let ((bv (openpgp-public-key-fingerprint k)))
+    (bytevector-u64-ref bv
+                        (- (bytevector-length bv) 8)
+                        (endianness big))))
+
+(define (get-public-key p subkey?)
+  (define (fingerprint p)
+    (let ((len (port-position p)))
+      (set-port-position! p 0)
+      (let-values (((sha1-port get)
+                    (open-hash-port (hash-algorithm sha1))))
+        (put-u8 sha1-port #x99)
+        (put-u16 sha1-port len)
+        (dump-port p sha1-port)
+        (close-port sha1-port)
+        (get))))
+  (define (get-key p alg)
+    (define (->hex n)
+      (string-hex-pad (number->string n 16)))
+
+    (cond ((= alg PUBLIC-KEY-RSA)
+           (print "Public RSA key")
+           (let* ((n (get-mpi p)) (e (get-mpi p)))
+             (string->canonical-sexp
+              (format #f "(public-key (rsa (n #~a#) (e #~a#)))"
+                      (->hex n) (->hex e)))))
+          ((= alg PUBLIC-KEY-DSA)
+           (print "Public DSA key")
+           (let* ((p* (get-mpi p)) (q (get-mpi p))
+                  (g (get-mpi p)) (y (get-mpi p)))
+             (string->canonical-sexp
+              (format #f "(public-key (dsa (p #~a#)(q #~a#)(g #~a#)(y #~a#)))"
+                      (->hex p*) (->hex q) (->hex g) (->hex y)))))
+          #;
+          ((= alg PUBLIC-KEY-ELGAMAL-ENCRYPT-ONLY) ; ; ; ;
+          (print "Public El-Gamal Key")         ; ; ; ;
+          (let* ((p* (get-mpi p)) (g (get-mpi p)) (y (get-mpi p))) ; ; ; ;
+          (make-public-elgamal-key p* g y)))
+          ((= alg PUBLIC-KEY-EDDSA)
+           ;; See
+           ;; <https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04>
+           ;; and openpgp-oid.c in GnuPG.
+           (print "Public EdDSA key")
+           (let* ((len     (get-u8 p))
+                  (oid     (bytevector->uint (get-bytevector-n p len)))
+                  (q (get-mpi p)))
+             (define curve
+               (match oid
+                 (#x2b06010401da470f01   'Ed25519)
+                 (#x2b060104019755010501 'Curve25519)))
+
+             (string->canonical-sexp
+              (format #f "(public-key (ecc (curve ~a)(flags ~a)(q #~a#)))"
+                      curve
+                      (if (eq? curve 'Curve25519) 'djb-tweak 'eddsa)
+                      (->hex q)))))
+          (else
+           (list 'unsupported-algorithm           ;FIXME: throw
+                 (public-key-algorithm alg)
+                 (get-bytevector-all p)))))
+  (let ((version (get-u8 p)))
+    (case version
+      ((4)
+       (let-values (((ctime alg) (get-integers p u32 u8)))
+         (print "Key creation time: " (unixtime ctime))
+         (let ((key (get-key p alg)))
+           (unless (port-eof? p)
+             ;; Probably an error? Gonna cause trouble anyway.
+             (print "Trailing data in public key: " (get-bytevector-all p)))
+           (let ((digest (fingerprint p)))
+             (make-openpgp-public-key version subkey? ctime key
+                                      digest)))))
+      (else
+       (print "Unsupported public key version: " version)
+       'unsupported-public-key-version))))
+
+(define (openpgp-public-key-primary? key)
+  (and (openpgp-public-key? key)
+       (not (openpgp-public-key-subkey? key))))
+
+;;; User IDs and User attributes
+
+
+(define-record-type <openpgp-user-id>
+  (make-openpgp-user-id value unparsed)
+  openpgp-user-id?
+  (value     openpgp-user-id-value)
+  (unparsed  openpgp-user-id-unparsed))
+
+(define (get-user-id p len)
+  (let ((unparsed (get-bytevector-n p len)))
+    (make-openpgp-user-id (utf8->string unparsed) unparsed)))
+
+(define-record-type <openpgp-user-attribute>
+  (make-openpgp-user-attribute unparsed)
+  openpgp-user-attribute?
+  (unparsed   openpgp-user-attribute-unparsed))
+
+(define (get-user-attribute p len)
+  (let ((bv (get-bytevector-n p len)))
+    ;; TODO: bv contains subpackets. Type 1 is JFIF.
+    (make-openpgp-user-attribute bv)))
+
+
+;;; Keyring management
+
+(define-record-type <openpgp-keyring>
+  (openpgp-keyring ids fingerprints)
+  openpgp-keyring?
+  (ids            openpgp-keyring-ids)        ;vhash mapping key id to packets
+  (fingerprints   openpgp-keyring-fingerprints)) ;mapping fingerprint to packets
+
+(define* (keyring-insert key keyring #:optional (packets '()))
+  "Insert the KEY/PACKETS association into KEYRING and return the resulting
+keyring.  PACKETS typically contains KEY, an <openpgp-public-key>, alongside
+with additional <openpgp-public-key> records for sub-keys, <openpgp-user-id>
+records, and so on."
+  (openpgp-keyring (vhash-consv (openpgp-public-key-id key)
+                                (cons key packets)
+                                (openpgp-keyring-ids keyring))
+                   (vhash-cons (openpgp-public-key-fingerprint key)
+                               (cons key packets)
+                               (openpgp-keyring-fingerprints keyring))))
+
+(define (lookup-key-by-id keyring id)
+  "Return two values: the first key with ID in KEYRING, and a list of
+associated packets (user IDs, signatures, etc.).  Return #f and the empty list
+of ID was not found.  ID must be the 64-bit key ID of the key, an integer."
+  (match (vhash-assv id (openpgp-keyring-ids keyring))
+    ((_ key packets ...) (values key packets))
+    (#f (values #f '()))))
+
+(define (lookup-key-by-fingerprint keyring fingerprint)
+  "Return two values: the key with FINGERPRINT in KEYRING, and a list of
+associated packets (user IDs, signatures, etc.).  Return #f and the empty list
+of FINGERPRINT was not found.  FINGERPRINT must be a bytevector."
+  (match (vhash-assoc fingerprint (openpgp-keyring-fingerprints keyring))
+    ((_ key packets ...) (values key packets))
+    (#f (values #f '()))))
+
+;; Reads a keyring from the binary input port p. It must not be
+;; ASCII armored.
+
+(define %empty-keyring
+  ;; The empty keyring.
+  (openpgp-keyring vlist-null vlist-null))
+
+(define* (get-openpgp-keyring port
+                              #:optional (keyring %empty-keyring)
+                              #:key (limit -1))
+  "Read from PORT an OpenPGP keyring in binary format; return a keyring based
+on all the OpenPGP primary keys that were read.  The returned keyring
+complements KEYRING.  LIMIT is the maximum number of keys to read, or -1 if
+there is no limit."
+  (let lp ((pkt (get-packet port))
+           (limit limit)
+           (keyring keyring))
+    (print "#;key " pkt)
+    (cond ((or (zero? limit) (eof-object? pkt))
+           keyring)
+          ((openpgp-public-key-primary? pkt)
+           ;; Read signatures, user id's, subkeys
+           (let lp* ((pkt  (get-packet port))
+                     (pkts (list pkt))
+                     (keys (list pkt)))
+             (print "#;keydata " pkt)
+             (cond ((or (eof-object? pkt)
+                        (eq? pkt 'unsupported-public-key-version)
+                        (openpgp-public-key-primary? pkt))
+                    ;; KEYRING is indexed by key-id.  Key ids for both the
+                    ;; primary key and subkeys all point to the list of
+                    ;; packets.
+                    (lp pkt
+                        (- limit 1)
+                        (fold (cute keyring-insert <> <> (reverse pkts))
+                              keyring keys)))
+                   ((openpgp-public-key? pkt)     ;subkey
+                    (lp* (get-packet port) (cons pkt pkts)
+                         (cons pkt keys)))
+                   (else
+                    (lp* (get-packet port) (cons pkt pkts) keys)))))
+          (else
+           ;; Skip until there's a primary key. Ignore errors...
+           (lp (get-packet port) limit keyring)))))
+
+
+;;;
+;;; Radix-64 (RFC4880).
+;;;
+
+(define (crc24 bv)
+  "Compute a CRC24 as described in RFC4880, Section 6.1."
+  (define poly #x1864cfb)
+
+  (let loop ((crc #xb704ce)
+             (index 0))
+    (if (= index (bytevector-length bv))
+        (logand crc #xffffff)
+        (let ((crc (logxor (ash (bytevector-u8-ref bv index) 16)
+                           crc)))
+          (let inner ((i 0)
+                      (crc crc))
+            (if (< i 8)
+                (let ((crc (ash crc 1)))
+                  (inner (+ i 1)
+                         (if (zero? (logand crc #x1000000))
+                             crc
+                             (logxor crc poly))))
+                (loop crc (+ index 1))))))))
+
+(define %begin-block-prefix "-----BEGIN ")
+(define %begin-block-suffix "-----")
+
+(define %end-block-prefix "-----END ")
+(define %end-block-suffix "-----")
+
+(define (read-radix-64 port)
+  "Read from PORT an ASCII-armored Radix-64 stream, decode it, and return the
+result as a bytevector as well as the type, a string such as \"PGP MESSAGE\".
+Return #f if PORT does not contain a valid Radix-64 stream, and the
+end-of-file object if the Radix-64 sequence was truncated."
+  ;; This is the same as 'get-delimited-base64', except that it implements the
+  ;; CRC24 check.
+  (define (skip-headers port)
+    ;; Skip the Radix-64 "armor headers".
+    (match (read-line port)
+      ((? eof-object? eof) eof)
+      ((= string-trim-both "") "")
+      (_  (skip-headers port))))
+
+  (let ((line (string-trim-right (read-line port))))
+    (if (and (string-prefix? %begin-block-prefix line)
+             (string-suffix? %begin-block-suffix line))
+        (let* ((kind (string-drop-right
+                      (string-drop line (string-length %begin-block-prefix))
+                      (string-length %begin-block-suffix)))
+               (end  (string-append %end-block-prefix kind
+                                    %end-block-suffix)))
+          (skip-headers port)
+          (let loop ((lines '()))
+            (let ((line (read-line port)))
+              (match line
+                ((? eof-object? eof)
+                 (values eof kind))
+                ((= string-trim-both "")
+                 (loop lines))
+                ((= string-trim-both str)
+                 (if (string=? str end)
+                     (match lines
+                       ((crc lines ...)
+                        ;; The last line should be the CRC, starting with an
+                        ;; "=" sign.
+                        (let ((crc  (and (string-prefix? "=" crc)
+                                         (base64-decode (string-drop crc 1))))
+                              (data (base64-decode
+                                     (string-concatenate-reverse lines))))
+                          (if (and crc (= (bytevector->uint crc) (crc24 data)))
+                              (values data kind)
+                              (values #f kind))))
+                       (_
+                        (values #f kind)))
+                     (loop (cons str lines))))))))
+        (values #f #f))))
+
+(define (string->openpgp-packet str)
+  "Read STR, an ASCII-armored OpenPGP packet, and return the corresponding
+OpenPGP record."
+  (get-packet
+   (open-bytevector-input-port (call-with-input-string str read-radix-64))))
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index 2664c66a30..3c8691a08c 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -54,9 +54,11 @@
   #:autoload   (gnu build linux-modules)
                  (device-module-aliases matching-modules)
   #:use-module (gnu system linux-initrd)
+  #:use-module (gnu image)
   #:use-module (gnu system)
   #:use-module (gnu bootloader)
   #:use-module (gnu system file-systems)
+  #:use-module (gnu system image)
   #:use-module (gnu system mapped-devices)
   #:use-module (gnu system linux-container)
   #:use-module (gnu system uuid)
@@ -692,12 +694,11 @@ checking this by themselves in their 'check' procedure."
                                                 (* 70 (expt 2 20)))
                                             #:mappings mappings))
     ((disk-image)
-     (system-disk-image os
-                        #:name (match file-system-type
-                                 ("iso9660" "image.iso")
-                                 (_         "disk-image"))
-                        #:disk-image-size image-size
-                        #:file-system-type file-system-type))
+     (system-image
+      (image
+       (inherit (find-image file-system-type))
+       (size image-size)
+       (operating-system os))))
     ((docker-image)
      (system-docker-image os))))
 
diff --git a/tests/civodul.key b/tests/civodul.key
new file mode 100644
index 0000000000..272600ac93
--- /dev/null
+++ b/tests/civodul.key
@@ -0,0 +1,1345 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----

+

+mQINBFPo4hABEAC6adMaPpwpJiqG/Ggk0YoOdUeRX5GOOpzR2XA/SoFZu0XWuhgJ

+InAARRKI6K9IO3eHCWIjeKvY+lyrxmNFlXx0Y7OH/BVK9GeL65f7996R2dCqSuhj

+5K6dxUzqFSHnpSDkM3t4v8L7vU8XKlW99DTBJT45RKyIVlSj7Ye6nsCxrMIRShbE

+eF5ksXAihBfXGxW5mozjvAlJCTQPoXPGb+jR3l8CRY4JiyvqU9IszBvkRbywC1MQ

+sCoEOGcJsKbHnSiy+dt6QaZKvCr5qSwcEqKzfNAEKRyGouQTwwAak7FvZXw8GcVL

+U/MYGlQ1ISAzwdYxGCIM4l/4VyI38c6TbspIETR713IMsXQAn5HSxo1SZWe2wuQq

+BgjGES7UpphzV4DIpBTwv0Z8oXG9LclxkLM/ndkvMs4RX4aPqRPrJ0raJ6awfT3D

+bAwIMi9iqqbaRPIeVKgUtlB4IF8Lg8kyy3QuimmZjRZJD9l8MCYznwa1n/LbQi4V

+w0Yvbd6R/6avaLqynU5K7SmiLYLamzOdDJR0kFEGD6nB6tjg6/kV81vV50qf8XIh

+4wEpW0Hu7U+q1IBA4baaVRb2JrV0gsMcE2ym6RA94OAi8a1Q+0dZ4V70yvwsDDR5

+2yRmh7w3e+TEEAsXLA2frcBo0QeBdttSmg8jyKAn8XwnzAKc6XrVg+GJfQARAQAB

+tB9MdWRvdmljIENvdXJ0w6hzIDxsdWRvQGdudS5vcmc+iQJZBBMBAgBDAhsDBwsJ

+CAcDAgEGFQgCCQoLBBYCAwECHgECF4ACGQEWIQQ85GRVioT9xp20DPsJCxGZPZrr

+tQUCXMa8zAUJCTojvAAKCRAJCxGZPZrrtSScEACtLtIhNsCHPvD3zFo7Jajp/5rd

+7a0hwyJSpwW7pq3VCKkwvIzQ90Ce50FyE7CX7Qvkg6v9axcmgtXA7MLGcRpaTOjW

+IRnjIMp1GzO8r3PPMtLvQ+EPbW08BBkTIoO8R+raINL15TbvRZGuzWi9eLRcnEoU

+erD+EbMeooNRSchBi7PRcow09GrrFQvrMrAqRj49xhu9mNXoM8+ULyrKJ7z40LkP

+E4EgoRlbK2r1w2s3ANUmnOyBX9qOXQ9sBbHvxGXHIQprLynfvLtfts9FI8XdmuIe

+UfZhdwbgQgFrkHH4NuJIQVB/qhWepPAfgmzMS4jm7VUIE/BLeX8nqcTGh6MdJdaf

+5M+pUMGcXDi3iez++WLXCMUivPNMDR6IwOno0NfgtoNtlD2JtPyMHAeZGMlQYkoX

+E2zcvPlBKuOdyx6ekVT+bq65G5263j424j6WfMhHBn1PgXl1pDn5npYUKxhbw2Qq

+AXK1xifT6sVn4P6Tv/GKfWgIwOROObj6qxRxbDj5QxXS35UMPKjS0+hpbEkIADz/

+IPOxmZ1C7rirzIzlaTtq8hElaCF9dfkoAL6PS3VYmG7Vn/sjihUAuv27xJwNgtAO

+IJTIY8l5+fEVr2nS+FHh3XqeLNRtPubzvCV0nQ5KWdO3tXKsUuyeXubEGUJQkTJ7

+zCNusvi1uZDUmQ5TU4hGBBARAgAGBQJT6ONIAAoJEHfdleLqUuz0T7kAoJQEMldt

+hy+34Tre+WZw0an6P9WsAJ9cMnrJrOwMuF+awipij9hfX9usxYkCHAQQAQoABgUC

+U++ZtwAKCRDcaGontDSBsHC9D/9+Q6F/cgrnt5xE/DTVW48F9OvpbngRzZ9rt0ZP

+P/uzR4rOPHuu18ykPgQdn9HdyxrQhmh4cg1iiiYB2YdVlW2UJ8wbPBIsN5zs0IQa

+qWqB6hB5VTm0K6hjjGhoxGtoE+aaLVLylvUXTCtlMo5yHsu27Lpgwl27AWl1+EpC

+bNBpwHXPPJm9O6a5I14s4v1+XIM0zxlIkX3tL/eefp15maDfzF4Eh0MQwMietzrC

+1yXr2fHkqEsrcxX2Rl0SAIPxOojoE5zFhx/UUOfzCRzyklBP940y/+wQYmNeZH9g

+HDHL+rruZp5pLhB0KUEEa1HwrjNkydDoPrfM/DAj9zZ4PtLOUHt8s89ycC/HS4Cj

+H6R1EWZWov5oKEhCp2TfrUfvBi4iL0cKVNg1ZZaE/rViUqShVW/036PzNmbsXLNs

+hNs8aYeeJ51BUU7L/GO7XlP5nEtk2vHbWta+T4Jyeap661+6AYfZG9/DE3T1fuQ/

+fylFUVBlyEMh8ZtbRv2UDif6cKhvcLbOX5vEFYxXPhvAmgb3Wdc7xKHHXCCt6lB2

+4eKXYr0IbW4rJUUZPkRDEXARVaqHudi5Pwxg+LnVB5qjKmOtDo3Ipe+qL1muhw7B

+tE0OacOOv7fDR3xKdfzQ3AazyQlZY45lDKicfamOyRBWud/HgJ1H7JippXVQ7QEa

+PY1qS4kCHAQQAQgABgUCU+9bQgAKCRDdwPU1iBL48kLnD/0R+CLb5XDz6qwzcw0U

+uma3015zIcduR0xzElvqNaFNpx0c5QBcVd/OXlpgXGcIlQFDN6KNZ06Eey86eeXx

+BQpNfXbCSv8PCeYwsT+e6fWNqZfKgADsh8P/T5NuM6f9VPf+yq4T9zM93r2BAJAb

+61StLGlhJLE9hMeZd30ue2ZfF+ePm1Fb/DmbFZI8OROAHkIzfpVI0oQDOPU0Y+ZY

+/oFYjVZ4l9tkbUR2bN5nXCmEFJwIIoxz/vvO0NhOvReFipGdMXFEtN8o+FoXC1ml

+uFkicyz8yXsRVAbeuHxHo82Qigv27dzu6r0nMPUghW5YVHHGyEtFtpnM/AXHoG+u

+npK7PucBr802Gq5C2T2pDnJbnpKIiwo0oCLsxeGh0Q9aKc8XR/Mu9rtYJRYdvswR

+C8BkIMB10saVKQ/H8H9SIiT3e7uCrktW7BA5P12pNQgD+DFkDqqQq0kRRQlLSOFn

+lbkQHGGSlWP7GPGFD7/5UdB0K5MpTyYqAb5UxcTQuqsJLR+IajfyuIDNub3dXoQo

+3NJOuXivYRISIRqGhaPz62EAKnNJCq8gb0kgvjo+O+N0Sy7at5H6uKM2NwSqWIDh

+XYbdThkumaKj6JVnHAn41crkvIbSt9de7XOAiVHUaiy2uBT9VkUNujno25VITk5P

+FXVqIWMinpOuZe6oM8GyIysvL4kBHAQTAQIABgUCU/DHMgAKCRDMedgKW7f8USHC

+B/97iZc3FzDHP6tav6jYL9m5lF6n7udiHKBhU0htfT1v8P2u/5BIQwaObRi9mRqX

+qaHsd1qt7zCEKSOBwbGyJlaDI8MDMVXItA8KxxD5m8c/O0IOU+6vzK9L/NiPvWIa

+6vlCDl6OURI+OlAeSBdXDuY8d4hiHO1eX1VCeCL42PH0iDYnThZAGfED4dp8ORfD

+YrWjxoHhukJXZWemBLwtlM1Mim+NAbjrgoHAyf4JNqotA0kfo/TIoDlxPE6pO5/v

+3KbtCraoH/h1tHpCuFRnXqk9dJmDzSZFobEjhS4yR1gk7KDJLOg5EcvoDOAfVTFj

+zEePvpCUuAuOc2f4hcfYOP7ciEYEExECAAYFAlPx/IIACgkQvzOavibF0obc4ACf

+YNmKPZU/mG/mV12EIgxfgWVMRukAn2N0Fw1fKOvl/TvUDQuuvLnPHI8SiF4EEBEI

+AAYFAlPyVK4ACgkQ99XJv3ZcYeNu4wD/alzBpG0B1tvh3HO4n65YzZTWjdSIW2Nv

+k32AN2eD8M4A/0A3EEObGkf8/bs+472F/rmy0IErTpubsT6ftBYILNX3iQEcBBAB

+AgAGBQJT86eWAAoJEI/xy26NiQWflzoH/jZ6tGQp8PB/7fZh6TmyArb9vlrNi/1a

+MktVWBEMKPV0OETsCzQ0iJPh4EjkiqzArwsQnz6/eNUkNh4+mgIKnfbJLBvaOCVY

+vBeuW0oJ7TUkQ4f0/TeEEabVP6TZOsQCFOnBwN+Kavv4kaGnx4zvcFel8GHKt5QT

+8lQ0G/aDAGmMQQn3VMteNf5OatPLHgaqg211vJ4Jmlf1B8Gug6aYIsKoqzSN8nbp

+8hjukaSgbLJdYm1VqfaXl/gyVrO80QE2/wwdla8y7Mt/CLWG4n71CteN7qaiw071

+hr8BAAZzUeL2mLetm1XX+2O4LcYoc/QoyhG+DeOkJn9DvC6w4ZihSAaJARwEEgEC

+AAYFAlP0ecEACgkQBG7e5ut6t02iVQgAkvn05vn7OXvUIxJEj5+V7wU1PFQdv9ND

+YnMReCwjwzjWEoyyhpkFIQOgd29bZKMouMTJ6y3sbXUCNhkU+VO6NmUl8cBXJVjt

+0S4XAC8FW3gUmKz3P/klMU/S19j1lrgeyF04balyewv7k48CkJYzg8eY6SGepTKc

+ixcYA4/Q87JurrXAcDuam80LnJNxqy2PDbgXiPsmLTq1IZWXk63AatNcB1W6JTxt

+pVpI+eInOdOll8cvk04JNNZH2AhJ9GyllYXalbKGahApGmfxUCblVAUlmcR2sS6T

+4LgijtSr3RCzDpn2GOgoPMPfqRctMCF2IwgoIQkD/AJyEI40cJkD64hGBBMRAgAG

+BQJT8b8nAAoJEL9gcItIQmx+HE8AoLVnkoAJ4jmGVbYuNQIWD6RjqcvcAKCVsck8

+2G7r/WxcERUyeOcnmueESIkCHAQQAQIABgUCU/SVKgAKCRA++QUjswSvCPTWD/0d

+pwmceNoQFwKd2iSrgKL1rdj1MaAAoUswuXJEGiLwnT1NzbnCEl2BUUKXNwoE4fsY

+VvNkV5AZv8Xj+G5QF6zpWCgwWRZnUzSt4dKUOVrY41ODbVjDZl/VDSbjR3JNYH8G

+REThd3tCmjnsch5wUxP4y22gAy/bsVhcmPgeDY7o1kSdRvJKgiPXcu2t5AUxokiO

+p+WPv1kIjSOf1Jzl9A4rN7ILZyPe3sQT9P/k7zKjodrIsCjbAK5ZO6/acF6WWUFs

+qiRllJu+4DfIL8tXAwN2/76TI1nzyhysTmJpIznsLC8l4obMkQKsPyabGWcQF5eM

+Apcpl0b7I2/LTRd+x1cHDW55sTl5RI2YBWTpHMmxAJJchs/xcICrGeXGhIu2ZZA1

+P8fnZOzGaOtELg3e5O8PIBzB4d0zALXVIklGOdM1/J8sQ2j2YaD+bKDMCotCeMPt

+n7ik3/2plSnYCNAFaIHq/LgMgs0sSDVyWb5qT1IC5TS7bWmQlWQLBsCmgmzuTZQ4

+vBcsGuFRdQDcY5fTdbgo6Qnft0n3cnq5MfrnAys8UJT386qnR5QU5fXEyvBF8D/a

+oZksOiR6CyenD5ey58xXzGeJRRdiT02//jWk4dpwqmegOx/8jBzrMvg/W8k4SQQP

+iF0AfZuT24pdsCipRgTcnq3tfSx5dJ9HhH69o3XnFYkCHAQQAQoABgUCVANUWQAK

+CRDQF4x2fQae5vGQEADHXQY//PSGWa1xaOpWuwokUPTBGslQailq4tvNRc194/0w

+XNw9iOkgQ48kXe9Cg+YvvoZBHX6cnPZBh5tlJdq8LuASeBpevtN2ztB5AaCfdRUL

+X9FcvFwWLy7MdUueDn5GKht37v24Uc0uJ+YPfNBF19zM0mq+8xhHVcZLNMPuySDb

+CQ5nxLxO89W9uqflASAnlg96XNpsBrbLXKG5sd+XKiCTHTQp2yw5vRUlTrRs6cxy

+1ev76sMOMoeKHWCaZO955JGJub3h/G4VkbTkjvvXMga7d9P28mAKc+QaM6X6LET/

+EnFgqsP4VvmhQwSlLWgH0paCF2TkCvGVl/vaER+sZwy98tYfQBiW89JSR+CCDYEX

+WgCjQjMZSHDc4xbtwny2HE4kzFz3fRcP3kDtHvTskh8ENeHv787Yy3W9w0SjXDlU

+wlRh7gdETeY5PNtra9bHl8vLnTO+BRBGjxVImujzGt72JxWHIPIx4oPEwI9s95u4

+BCTGxLs8YbjhCUVkLLNXAF5R1+OEEsdm12y5d07DuZahKyrLJHmlisBeSyys6NXa

+kHGICN4ubZfqt+1bhAbIFCviyB4Iac2C6tZ1WNDDbmQPUmjNSkdYQTqEXE/tJmJ5

+8DtZT06G/O6DRKaB5NgeZsCZQj8cQLgEyiuxFVE/N8yQXS/zhqdQPx6vpt8wP4kC

+HAQQAQIABgUCVAxV0AAKCRCnFVVnMnGZSOwLD/974JpXLU2iliqxkiTYH9u82Kb6

+0LXBlAkMoNydVcygjZSwMG9+7w03T6t4GwP89LSyX2qxx+hsQQtuFqhzE8YckUGs

+B1UYikmpAbHIOpiqiXSXt2Th4RlgRo59KuQflXgve7myPncyGU3CZi6n4qpEj5aM

+P5lM+QPPL+GBfhOBfXKqKsqGNgK05r0+9bYw1pAyTflyTkYcjiBWhjqYOV/GIfpz

+GvLebwHJG+IwQlED3qtDxs2EJwNd6Q/b9VP4XpTpvUNSvC5Zch0MmqA0hpfawr93

+XBI+fJwak5aMgEif2oi/QumASi2MhukmWmbxGevJ+Qy9kwhGliN6w5czem0Ae9n6

+3KS5FygvOwg3ZpXaCvPUrb/f49Y9Hewe2QAECzsjBbNxgb5DrFfLhNOfWZbuS8o4

+7QMt5aXm0v7BvMAADZdLkV61EpzgcKmP0mJzkmAfHkHKeeErsuPy7ZRFifUHmpMd

+iaJqqNYQg4BOZ48fNPTXBK6NbkTLcnFr86RPLVosTDEJnM0ADA6AuhG+1jKcBXzV

+qitKYPePgP29FAOlRwQTd/eBflNMGuRi9+WTHKlAflFQiNTVctEJZVpmdSe2MVVw

+zoinxnlGcc5Rv9+a4dHmE9oYIhjB3abU6qqCD5TxUVLM2yQUf8MDjHAZKvBUqrI+

+S2UfthMWuQZZ3+Yn54kCHAQQAQoABgUCVH3nVQAKCRDyhGsaDTLEQokjD/0RdkO8

+hZowKLzf6zhQhWqyYO4CPHBSfBKpRA3sZ5hGzOWA9ZZ0dzfyd80cjaSmmFWuiTqC

+Gz55GCYGIQyqqT4CLrONF9J0SPiPIwTDAe8KPjT1cTdpNcii+3ykk9kynFVw7B4/

+e+ksAYJDQ3kfuiNyLZS9ejb3tUIiTkYH7F9DAakacnEOchre6T75F6JLR6QZ9zyA

+guQDsaxjdn6jhZjQTFjBmAZcRNq81Nt2TTX7X/iqu7UAs7vmT4gaPKvCodwtCO/5

+Va+/GYFEAjiCfH+lgwRj5YdKU4wpbQfUMhEzampkZJKfrKfhqVw3Dtx++WjkcWdo

+D+z1oYiAxnxeue7b39v3yEky5+ipO0EWFLZ5Fdbp60lOp1d3+LjUm2+B7qonByn8

+WVPpKWgKhes/2kVHenFfDVveHSd7xPp7vFrz5Hm8I6MkWnGcjSnpfOH4Wgrp1+NM

+aOmP9px5Rs3Hn4ZBLWe5w6JyoFBl8YArMGfFfaZd5vaDQvX+rGPShbS85mAmnSKt

+Kj5ZpTMxiOr6hRBMNISHEqR7plQBgICgqfPKTPx57/7FLz4eO60jUbih2i5wortw

++STsvHEFy3TWe/Lu2W6yl+Lbts8Zd9FJ1qwWCkwbTL8XGjQnb/uhc2xk7i5FWBiF

+scyEaBkimmQPbwzsDoUFOVkoHOsKhU1ELlmz/okBHAQTAQgABgUCVeJ8DAAKCRAZ

+eliII1+srE+SB/4w0pyr7OMioN7lvao/AQxClncUtFQpD6VcejExVXPH+7JxOjmM

+Av/G5sBWRT5BV/StsRxO+kgMBk9a9UHqucwMKr3g/NYEiedqgkEK818waXYYMobF

+bTEw518E0T4I39hKlAjX4rKbR4q7Td3tOkGxjUqQ6Kvk/C/eHAnK92msRnFnlQly

+RaqxAyMX+z0ei4uM6yYJmNw5ObwPaA06OA7Fq7/6EqPxV8qEu2An/0VOxe/Nhf/8

+mhttOHY0dyM7rcIV3RbvGpTGEgdqBaCmX39EN+Gcs8hyVAC2/Wr+22zwWsNMfNTw

+rb3qunsRetHam48KG9Tjgwk9TLx07Kx/cKhTiQIcBBMBCAAGBQJWDbPkAAoJEJOe

+a+Hin8PM1j4P/1zzyzL4dM1rkUc5R8032j3Oa1mxb7SxL2RJQ7VXXucOnsKwmuQs

+6khWQjwPWf3jCSt4cK3pa7Aen8DmF35i7J1pNfxQjsTuBIdOVgyrkDtIed5NdYTT

+UEl/jezySHWX2Uf4ctkVTsu6HAQ1Ndtpy5A1/snm/O4p6bCD2eBDqqkuOlXB3c+k

+PKayzA/lDz5sWZAcYN9yP9Ye3Yk9f4RcZoJAhm4A10iLrDRSz4JNyUZzv6ThRzI6

+Is6O2L4p/S5p6dkmSHq6DhpLq1/Bm5sqsA5GuvwXdrs+TWMcWTpLN00Z8aNXFK/8

+5zMSPO/oVlcgTn+eR7nQ7CGLDKudeEBy6jqxhYX6yAukR/oDk5Oi7+ou2rW1CXeM

+chqdUgZKjh4z4CsKuNsVBlU5oyyBAhitL6tkgVqLrmUTXhVkx4Ake6+vQY726zRk

+uhTzdnRootek6MsU/s9bsNgFcziLySZp+5SRn2H0vqLnUl8vOAjTDDU1N6JlvLPL

+8NCJWkOOJoQHwq4nIlulUFFPx3x0PkL1C2iu94UPSCneKNHrgV7jQxeDkWkF1bk8

+2At58OVrBnVi5UyiGho0Mu49r3YfVtJE+6wNwChFfABk4hgZCx/hMARUwB72nVLX

+kw5rkmeulMG03kMbT0CvcPIYY/rXTF5e74MPL6JtefSNDvwpJ/KxiTMdiQI8BBMB

+AgAmAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AFAlPo4wgCGQEACgkQCQsR

+mT2a67XfzBAAm0xpjRc8KiJoz+V6BsGHMV1Tku8/ceb/TOnQ6ESxpNtajnFgIXHz

+CwDJGE/1+NT7id66m36J2T5zhFKeLUk8PfkTGpK6vbDCeDgrDVhRwjb1Mm5Xj1aR

+AOTYyKKY54btHrF4q3wMYW40CbKfPWkRY7kM9m1w86QIeN8B4IJb/QrcuPHN3q7d

+DNfGvMGU+Y4HZsTBVac66lr/73ZWMBzz6joassOdmR1xbyIlMIDNj1w4d/8vA/pU

+d9ViRWahkNW10zLVH/7ufqLIbfAHukawD4UyALEILNfTLxrACrg3aHSxYmEmx+Ig

+dOsGDlbtbMHdBhU1F7ssOIRpRmag4pNmGgtYyD6eZCqZhFSHtypM2THDrRe+V8B6

+OjbEcT4yV22m2ZRrJExUGZ+yGvorj3nSWezfAFJImnFt//ab+W41bdrQ8wLPLxM8

+ez/2QZHBmoUSf5BXnLEt+VOVENh40OUMP265tVk3lWkLNRPj72kRWFSsId3hbw12

+Ou4b9pNm0m1uGrAuun2AKif0WrAdkB7+9cyGfGIJxTppgQOsyjppMBkQatqK5nqI

+Ra0+aCGOQ1JZfeXP20ugsnX442yV0blQDVFhVMBMcsq8MEDon/kUdbooZTRcnf86

+LcrIF0i+G34ZKox+N73WScMH53pn4Ti1wGnuzbcd+gTV5M7joqMB87iJAhwEEwEI

+AAYFAlZgIu8ACgkQMnwe8431TDLhmQ//TzchUKTJYaM2CfygNfM8dSs+msQ5OMjA

+QE+/F+fD+fxCICJ+Ey3C40u+VA8KO5gtFR9wU9cFxSkPv9FsrrQfdfd9U6benr5b

+8YfyLOww9OZ+YUU815DquYWyQfjJax3jQD5Go02d353bpGbOmvd2rm1xfYocdPgU

+JJ+1AuhQSC9MOxPnIAr+9qKWaQxVEgPlmQAkrwYI38NUjFH2hPNX5zITdZohOPva

+l9V4LZRLL8ZMhrRForycfA5q2kt1B5vFJyUsDz9oufwqfKGs3YR9OD3Myvj+nsnT

+euI690Wkj7Da7hTCkS1dJCuGp4BAbTj33GJUt5tvd9S/1JL3dB8HSKbaaEyxwKnl

+8vZ78syw92eFbC2Szb+RDLb1Wo3W0dEBpOiBXu1SDfhj6jLQ4plx5mlhEVG6AcKT

+ly0VGm8vO+KxuWkeC9q2WE7EdQIE5/+UWi+cKvBQiwb2+bbudrBhTZ2Cw10nOW4e

+4CdqYKhx8O6yGO6kfr72xcIesPlSeZ+o6qlbn2HPgDMhmO4xmvCQA4aKu0DA9yoA

+iDOtFfU4FidZNtX2eNZVSQZS7HcXGYAISGlUIvVRknTuHojYxhPhx5NUjCOPSsS+

+7hf1NMfJPuetT0jpJunes0dU6Xiuo1rJfGDgY57nEMogbBmLRVsudMmyqtobRwCX

+vQnxDPUoIs6IRgQQEQIABgUCVmRPVQAKCRBh2FHZpoIhUytQAKCpaJrM+URAovUV

+iYnfctINhepx3gCfSBGA0fLauxqXlbSM+s3RgSaSHQ6JAhwEEAEKAAYFAlZjl+YA

+CgkQ/BtUfI2BcshMbxAAk/KEhbz/eILWx0TSZlqunCWkUdbNgQMpNDQSdYJ5auIM

+1/Aaemc4dYWtV3OAS4JqXtRxHG4CEGms41e+dpmnL+Hcb2U6jq13Brtg9oEks4Zy

+zJUw+XRbW+J67NdmMgYMXBr5nNg8C6vtYV4jXCzvWvMcdTmzQJm7TD1lyzCG2nO9

+XD8Ktq53QGPZf1c4f3u6uKWgq6MfsJH+ecuZT1t0VN4ZFJUCENmpvReV0QFPHjpR

+Rm8hyn5CWB1MkLkBwQxpYK9/akr0V/e0gdkFRrDS2ooTunwBQ/N3FKcgqbS8Nt6A

+sStPcvTICc6m0pO+Dd1ZHxc/Rpj1/hVvOpfZ3zGBTze68XJ0GNeGhskh48DqDjRb

+OIB8QslLo3yKl2gogY8y3wZrKk3gr61e3eQ+HLYuyGGB3loGc/AgYSbQcNFxwooO

+MFVxDKVpEcLsyO4/ggb1Afw76a7wWeKC5FNgccmS8evrCx06dHnFgG0Map18kEPv

+/FOuIf7OGuPlwULzhi8eZPOZv/glC1l1GvigTGk5CL+391J7Eyb0bmIAZnr57gWt

+YSkTww5pyxzFiwxFfv8+J+eqdNjfxO7uzrOwuRn0slE8gQ+nScGWL+7nyodT2aEO

+q18rz44DsimQeV5z3T+obrak/molcZJrE+h6ClJ/cAj9fPBjwqtBI46Gohwdc8SJ

+AkoEEgEKADQFAlZkocwFgwWjmoAnGmdpdDovL2dpdGh1Yi5jb20vaW5maW5pdHkw

+L3B1YmtleXMuZ2l0AAoJEBMY76xfu9vOtqcP/RSSLNEQ/hlEy54grVLRhvO8z3z4

+ucXmLtvtLQV3cfknsCZiXdfNfCNmSoQgUFxiH2EcmSZBoJ52hTl7GiSVDBWjp25F

+DcEnNcKYg2S4+0h4sZsc1ozdVcKlmTOJXZ5zcDU3WVvFXr5lowVW4lgbZTNq5JGo

+tX7pRrd6DHpP3LWm/VrpFI+cz3ImLgfXtJ70yr0kiyZErw9tayNweyHrVrvU+64N

+B0w92/e7pGYn82HQPkEoBOSxyJrLAwPMCfVcarILB/LpmaPs3g0hMZOppXcarGZ4

+ZX3zxwlS8vL/Tt8LyR20DpJeCkr9Jc08uLwrM0JdgK/bQNU1GCdGwBpUCLbwSOJV

+QW/ov7lWLkpT3jVNR+f9BP7CHp+iO5Uvn77ILhx14qnw5q9IoTLlzCRtTeX4akRs

+lTxbe25fPeXaruNBk7LXaScuv42xOj44fg64J9tFZIEFucPGUJIetMkaHURj9LTr

+qvEDQrrcYbY4D2de54xJVMgJyx3/ZOKG3Cco5315wbTEFs9TCXLCL+5coXqN0CAe

+/dIQn1UtKjgZknIxjnnOaoQGUmdiP4GCZyzT++Zf92zc4qA9ZHySeYc70y/xF9h6

+mhnwT/ao0QZpQ4Hsotcf5VtnNEtmJXXLlPzXlsMSYS5yhjjXXhcFX2vQ6N6w0lKx

+xAQeqg0oP/Ql7bKsiQIcBBABAgAGBQJWafPgAAoJECBnABsbZ4pj4qwQAJXAiKyn

+LnMeLJWLmQcWeBYAT/CBAB351pikLNdDXulhKJI1nmZgmU9CSUNlZtg4gXRxS0cy

+tyNJbFgdNO1UvdbyOWsDbm/rsy1jgUTbyEaRTHQLwVqsnfYCpYw9mHhTEmySloAC

+saCKzazkzRX9hAeuYdlkEVjOVMcNKw8PjLukESl1qhg8vg4Ee725f3TXBBIERGjr

+rSe7Oj1IKc4FYVMtTXYLICAODU/fAOHZYZMvuqXtc6NB0mmlZsSJqU1ep/6uceFg

+jERuiBl0Tvt1WZhtt4SGei6XA/pJE5PCUPlsaKEXIo+3vzZvyuOl6wtcZPSzdutm

+Fqi8s8DOEq333oFOKvg5j36djQdM8e8iIwki8uF/2ku67wG5EqBs62scnhjz2ZdP

+JFuARGi4p8SU2DuEuDE0E4NfNQZ4X9ncPtmVw4n5NZQ/g9MnMH2HiArshY93Ts9f

+HDv2PnyMqldtFU4B//Q0KHkKGYCvtx+T1Sy9N4K1xUjARVwaBGCTeE2xKZn2cLnI

+ifVBydd8BFVGIr7UYLSxQXbknWlIKLV/r1qiN2aBkVFiNgpGRDju4R1u+qboq8aF

+TOLv4SnVVeyNbeliLjQqFC7pdAggHBfdxcp0whgrQTQCoyMAkq2EvBFNuQRNPKUL

+Me1LY5qrmgxZnHBF5GP51wduw5Q7NkmWJTmJiQIcBBABAgAGBQJWdaVxAAoJEE+k

+V6GFFMxjZhcP+gLWELu+sxcT19+KnaWlmXzquhQb8LTwlpYX/R5lHeHKUBV1ObWL

+P9DiL8Qcpo4iL/q3rpqN4mLOJJKCGeod5RE12VhFh2RGyeIl4iAW4vuamLvWr6+n

+8hSJ4r/BZlGGt8KkxSBf63x7xvhsjBKF8mBm3cPQeDGCL44nbFIRyqi9p3mLix9/

+3PSDiWJG2jjiV6K6hzK08xYHRsCDwrw1csblJ9RfWqwpVMMXSYio8Ixmas19VQJx

+cYNDPZu6ZXaQsagydE4Prl7mJus/s78+VdqLMLrCTKZt2yYZAhyeNIvRNVwx6d2K

+1inq5DjckuByve2p3vbH6onELkdtdn5oi6BXoAvzfnkxrZpaylbUAahzGgleO8Gr

+T6jrRR1TMkbLAq21GVWlGmXEfKIbKTgzNrfse/qloXqsNdGUAGmfY4hWpCfX8x3z

+N8uie9fA/ADHAHQ/u9BRolUUaCJpDhFINDOauJWl5Ok6nL5AoU9CQMgQa0NBWOv0

+1ZxOumjmi6HaTdGD8b+E3pDh5/hpKY6J0SwqpSKI5HzP+iX9ywCcVKUhVabvtVqX

+VGlUCy56WFJo4pqagNuSNqfDN3NTafcOCoibzqRTZNfu9KjsfewlJbPPvNuY//yN

+IfU/MgabUhG4V8gyD45oAHFN1H2yRF7djPI9GPxH25du4rKbW+qGaMPUiQIcBBAB

+CAAGBQJWdsNUAAoJEKch2gVTdKpP67EQAL4A+xjOVZMKDiVpVbh83ks6EttOITf4

+TVBgKnbqtDER+F9PV1vdln7pHZVHhyk8wrxscY6azPGvejNDstwYULKTKNLdFr3x

+9r/qmYZNs3f+UHWdb/TMG5DbhQkWVmapNKpsD+tS/vPVGWMA8QzVKCqyxVxBRxFb

+H4lxSm9DByVQJ7789uzT0SsG80NcKgwJzuDGXGqB76rxurQYyHdz9EG9VX+4YQ6N

+h6dvLzvrvaMJc7q1ma57odeYD0ccqDlrWfF7DDVqvPsOI+ebBXwr3GSKvM2qqk1h

+ajn1X02pQRmfAFSN4KyIrRsg9gX2SVEPUl/C7TRYLAle/4Ktl5maafKIlbYfVmnI

+a/Y72f+lS30vUVdI2HdUtpg0MEenCRHMhKc+xUYuAXgbaxcdWDKz0CcH7sF9/c4s

+R3fHv3qYjbc5460+S/CFkfZGTMbDNSPeRqLs8uGDB3JMn5B7goXY1ol+R15Y9YRR

+rfYnyva4WbfLCWYo8Wmh47xhN29ZNt3Qy1d7P7IihV395TxHNWCKCRbiOiGsC80o

+08pJRzxhLPyyNzYk1fKexULwgkZXnaV4moEHlMLA0iRUbX1uMK1FnJvVZINkAWCY

+m6gNtEXwgnu6pbjYTt/HXiWvA0aAvGhjCP5Zs7XjJIUViQ802TqzIJktVyJJj0sS

+JUzVRuLzlAuGiF4EEBEIAAYFAlayIasACgkQ99XJv3ZcYeN1SgD6As9CFYZPEnBj

+8SXpKe0xzOywqHy9223hjAWMxgiCDrMBAJV7Aa6x3i6qVBwFn91zn2p3vm+3F1gf

+ntUP+vsfSgSqiQIcBBABAgAGBQJW9mqfAAoJEIOCyVwpAj35Z5YP/2ty5YSvGzRS

+CbLvNZkoUT7M3uQzItfGr+JQfePWl8vUrqYas5b1CCeHAU+h7Cq4U9hiucw5Ush2

+PDqg63RsqMKupIKjNY6BVCD/ZzB9X5RCaijyGoghyKDZDlJEIwaMh8sGJYSln25Y

++s2/1jW0eyZczV9EIVpNhJxlIUKyZ7b+wdz9bzZFi5jeoLQwj+dOjMk+GNCqTO37

+tXyk/TyBOaDYxcFjkQt6ouMRFS/BesubHjs2PCZWMs4ipvkWU+9aRiTsr81cEp88

+9yRKM/4CsOC3mwyRX1BvsKzzn5fHugtU0IzCbb0dSps00kKPOsYDu1OL38Onpuge

+49XphE93JFR/JmFrUO8wRu6f78m+MF9xVq1lfvHbpI0bvBbEDMAenf0CiNC+QFeV

+X3MG4t5eI+c6GFBp9Iod/W3BVtHCTgzFCllmjoyWRNRGwWxuWMMICj32ikW9HS09

+UTnbov3fA2oOHER8LhEONcCOBPV+dzjIyQYxaAlAusnkAMAGemS1I3xlamLl2qi+

+fDSY3ABAGTjW8PXvhhuPurrXR+durH8pU+vJtsIsQytF0NZQD5w04NfJYvIPMBuK

+b6kh9Kpzz0QbA+Iill4H9Tf+zotfbCrLM7kKK9/4+4GHk26no6sPsxLB8OK9AlFC

+9QVTtf0maK+hQCDiJhQjqYSrbILz6nC2iQIcBBMBCAAGBQJXJRIsAAoJEAkauFYG

+mqocJsoP/i1Macl1D58zaGoMA80gEKWn3eTkiemwNdnyCC2YqzLnCNXqR+LJGcXr

+WMeUpcu0xJTfPbZdZOkBHvppuwVyk3MJzF9I3nN6ZPXdyrep6e79h9HVIc9ZLudL

+mi+LRty52uXi800ro9xKGZ3xRqh+fa7SqC/eMTedj7pr8SPT52t454no5iIENd4/

+++lWUX+WTBHi+g3maNF5O2xTKJ+n9IIU+yxWvZI4mC4+MeJ9JHo47wi6f9DbvtJr

+GmEvXlIddIdEDnHacQZULlpaTyQHG1PWSaEQly/Uv7duivH2gqKIQUN79f+1tbtl

+jY0UksaGUPCPJ496SrspXw5cb4QogusvzU8YRfoGD3YnMTb99hvMHlRtgvUWO8BQ

+a/R5K9JmFK2nX57ASE1DWNFEHRu66DECuBjdk698zNtqUZY5ceLPaLzLJnaeTfvi

+LjsSMevFhBEwRLNfA2UtFyBemb6UmXWK6V3ceufwCQXU7Od/yW/LeI3LkrCmZCLE

+yAK/eM2yTsjteiGlRntDYzUsyDBh2JpH92+ftFHxWE42aNkZzlh8EeJBuqJSB9Xx

+b+91+IEq3k4KYAopwxBwhzdPQLx8VSBLM9+nGPMQdqQXDDPemAzO6xQ8M0FmQila

+zq2JIS8IPBJtvrGBHkFJCD7+Ej1ptTlqK9Hn4388BkXa2DQQil6uiQJCBBMBAgAs

+AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4ACGQEFAlYiFEoFCQm+ADoACgkQ

+CQsRmT2a67WlVA//QXwugaeaBPXOI0lQx2E9EiqnQCGmcB0SftalGyvp58SY5bt3

+Rr9qT4GObzZWnqKp69F97n8oJzaEroLVdfXfdh74rjQGgt+lLk55WSme5+wQSYPH

+wvNkT2qMkbFyjHFH9jB0B2jM/VU/gTenc8oiBY0tVfi7Xwoq/uercfSdoy2R7cO6

+qTE/XWzoPZpwr295vRXbDnG0q2z5dbHrENGFGyPbPx+k8IQ2WvRt76I0Iycx6BH8

+Cc1tWvrP6faJO7+qwXRb7wWMo9Am7SSAo5p31BCuoWNZbCC9OY24JPF8NbxPegCT

+cX3hM4UazN52VYgN8bAcCgW1wexUDNIhQLTkfkk3iZpOg1LOIHtNuOXuYh68AXhi

+1Wqdq4cVvpFZmzj3xSiszMXkhrXrivjuPLA8f7qj6cWH+XjSBUBMDF7crnQ7MaV+

+cOoHY413KgGbFsCdFr6YuAxN36hA2c7ZEMTvmKMnJeeUjzBFMGHIS7vrlMQPlgvK

+BK1NPgqRNj9O9kd4BrlvT5v+Xa1ryJoQ5UK6jUuITpns45d4BNbFdMaJxemKWYeF

+SXQW4laFGiy4j+sX2YVMt7AiPkNWy8S7GoZMt7zBmpXWfQz/ccXBgWnGLPKnAveK

+KImCJwQUW7cEu6o3O8JxFX1HMrQQpRrF0FJrPfH+sgId54WGdrwr+XOuF66JAhwE

+EAEKAAYFAle2DbIACgkQKhdD7akaNba/Vw/+PNgINOB9/IK+PX1DMY/O/mu8D1+a

+7Z2woA9UB5nE6QBFFlqEqsSBZDHgerP7GToDQbZZgrsTLKGBUIARzC/NfXZlAMW7

+WD1ovSGo1A9W4WDMlz/BIu4V/KWatXULv3PxPS4BCFlt2lK1fzAZGGGRIo2Sjg+7

+Ja503Pp+TPg7UpIr6PkfYzgPn1HqTB4A+1YDmYgMkLuNwFICaxjXMbUMVjnAmier

+jMIkePJxuY6N0J2WpzVvBHUE/kJfdjCoZPzF6oOQoKz8MMfoUvCzoteoswGHzJmj

+H3KsKacP79jwArEwdpoMYLxyQPddJGe3BSjQf1IxRBMgWu673wU9W4ZKf4Fu+cFT

+9dmstPt73dH6/zO1me4oITZz+HvzLUGu4/N5IxLEzLNm0f8FKMUM8XzA+6yLEjAl

+NfjjnuZW0c1lldyd0tVDoYdPvjb2NJx2++GpgWYZ/ceQ0EQcVF8mfJGslumXyKCP

+2p0dk6Ynv+/Rr1UlH5Xk32Auh/zUJRKPXohebz9F1pQidOrCePxj13B95SsKJ3Nj

+vJazso+IB3FnNU2LwgjEKXSfGeRjp9tQV5bR0bFYAoxWbC/mEnvhdEeFswuETAPg

+rI3V4jtdeMich8nUyG+QZ9CWIU50VW16pVb9V8eSYay8RWXrszhRdoCSw13A0lN9

+tysqajQeyCRzKbeIXgQQEQgABgUCV96HKgAKCRAN5KqcVEbr9CjSAQCfOkNiOWor

+y1Cd+PlhkUFBkUpn/W7f6ciE5oY0OcxvRgD/akJbAUduvv3l6HSYrW9mZIxXRRbr

+zMx7K4nnqD7rlB6JAhwEEAEKAAYFAlfNJzwACgkQQarn3Mo9g1FN/g/+MbZQC3VD

+Bp59cQcCRXsBRZhmbtEEKBFuVozDZ0ouhB6OB1Xcu0j9/z1ra8SAG8oB0HHyFiZE

+VTNs4oBVnVHBDcCO31JpkMK6p5916lMtspus5Zv1ERpsO+WL3KJaYLW+8oFsH0AD

+7fZUkwLbmeNHDqivahI/i0mEgUD8gw4mB3MYFsskoFYG1OIlRs0K27H8KDoFPmCg

+nS3fLigz265PCe9RBYaOHiq28bb9ZUsOsR3fiaTTx3s2IvMiIbhjfq13IsqGoia1

+OApdL1/QE/odrulkuVSsA9Fs4Rc3qIpELYRNU8CeSOtGKRezxdwq/ALTpGGPGdGe

+w8+HfE4q6C8Lz8SCqmHYM6ytjzX2ZsfA2ghCZjmDTV8jetBNN0XjrZE/SzKA1OLL

+03UUR6uOj2sZvDlqJEEnyksT54tMsB3mw8OJEpzSBlHw2jWbylWlPUuHoLNeP14P

+vASEXic4s0j5M0SJCx97S7mXDZ0yBQEpwsT9n5N21Wlzkr+lcgbbhibdbhKOE6Q/

+zS5+oLcvUyEUUrM0fK1tOp62X3W5YmXRRWsEECfeXBWoykRmffgQqh0uxHldDEvD

+2L+PEicSJh0uncXxyhwV8+lpbVJ+xdc9WllLcFKQEumAwer+I3BfUdnM8iTKeOxi

+JR9A8HsxsrE0tug3Psi4ecUT9W30R4PIrsSJAjMEEwEIAB0WIQRPcW+aj6LIDvG1

+4bpeNfIx3hrF4AUCWJ+6cwAKCRBeNfIx3hrF4NDiD/9uqaVABbGfNvZktLOHCK1N

+FacIaovF1iuX5uYWSRtOBqjKnqMbIJLsQitT8OOxLAwDlA7ir+aJ08N6nKLbmQ8a

+RNIxnKdigFnJsEL5dIF80lqV0TdEAXS01Ax6OWU2SIpIUQ/QFd+TnQfCrxzpdHHE

+v78czK+moOwgD/eAm5ASbkfAnXH8RnDZYgnHQ+b2D3u5WWye/Q1OCKD009N77Wvq

+w4gnnSll0imMfZOHczac/lk98gFO7V8OmeMcygijLBj8iHzST2lqnAR1SLqONsec

+s+d+QQr+A7VPXSMOVkYp0FWSf4mllEnqwSB35KktD7bCrQzi70nN5se8XuBVQjJa

+s1ewvGRRRBC/WIXrTKbtAHzwYRLasST+sF8Nek4Vs78dnCyoMIZLUzQrl0uJHymN

+PgvE2kVYtattJ6ASS30uShMTwST5TnKmAfyGvAL4u2MkL+BwZz1kARlvx/UJxGAF

+QxWWi/0OUccEwlVqt08Cam0bEZVmwqrpg5Plfn6fXmF7zoGsCgedzO5zMy5B7TzH

+rnGrXaCwzzoAQ3touDVzkN061KJFxHW26DDsQpaiX8nqNoa8WEVl23VlEdhwXj8H

+XYZkFtrSVazmo6ZqnoalzWNAAPzPseu3ibPYNPsF8h1c/HCfgnOL61kTXsDN+tGf

+Icfju04zmAyYEBN57PoTy4kCQgQTAQIALAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMB

+Ah4BAheAAhkBBQJXPCu6BQkFNH0qAAoJEAkLEZk9muu13ygP/A62hHrznluVCRK3

+apWjnHSVJHljEpBAet/qABXsPAa5l/yVUdVGMv86fWzMPb2IlbV0+fxkKAsH9lzB

+l4m7+D15iHdV+lH0ZNR4HoY2AzWYocrFYDayjzdVaFss98E3i7KDU3aTX4q/2XDV

+ItkTzVbE5w62sMT/zs0c3Edyn3B+TLLb6cZBWCqBtxVZ+xwlafCqaBYbKSgHqIAD

+pryhGMteCOEzS5wnMnwJE3YYW5osFHJZt+S4/8AaBkuo8nDQF88fPs2TFpqUvms1

+9CKv4OdAT5jkuT5yT2Os3yXEHis0n4ZJ+pyq/jpV9dj8L3KDOlsmoqVsw104meon

+atRdnvST/O6gjUwYRjHV1mWrUifxouXFJOGoKBNCVDog6WNDDqRETwA2Oj21YLjg

+Umh+V10po0FFBdmNSFfus+pr/uJCyVejdAvh1M+mYz+06Zh4tcJl8ekrda/wJynA

+QJnPnjfEyxVyql5tveUXIbPdGaofpc+N7QnMBAtz725g65GTzW9sRn15tcs9Z/Ug

+N77rQNdBx09rcJSEG6f0mknytyLoi2FHFFFa866CEbgokNqDHRFwgPm9TxtHYj/2

+JC6YqyX/+eRt0++zF9Z1MBPdoeFebgt445mvjcbwhE/iL40bXXdLuhTRATkxk0AT

+B/IpccxL71GnN39ioiTADrz1qrBxiQIzBBMBCgAdFiEEHLJ9vJhhSy1YQWRtCDAt

+tqJnBCgFAlmmi3cACgkQCDAttqJnBCghXQ//X0rOutJse7EawSttbc4rZI/oaOLO

+3RZ3uV7cuVv49b6KfIOpxkUx2O+Je1+XOTBxju8ue0ysnLmuDYixv9kOjgPtkwiA

+lt1PBFv+/hgD8ZCIEXral4uLgMK4DOqbJcXrhh1DIrHyV6tuiaRdvy+E54LNfc//

+Se9X9jG19UtXQK186VllB2THQledZk7cqgylQa22xgZr+azC/c35gBWS4NWBiGvJ

+pMob5CWSVXUdAYm0y7F03iiAAc+7LNg+urJywAG1fqsgs6P8bkmnyiZV6fGMTEad

+EXhGbG/UY/RsC2wfKvhRfnX3t3MTAt3hnaMqCPa/NhfOBIgYn9ekXo4sDkzSNTLT

+V9A/FI3sccyiSemzRK4xyVejSfaJ5gV9HrzmWotJ1doXP2Cl/BTjhlsxFEo0tOlX

+bX716+4fVakMNeQiteJoaKYriwYNYuKvdgPBwWDFlwWJqRi/S/CGBqV6UfQ8xmP3

+flewDmxGxFMTjYLpNfOLhVoye6V+SlACz6Rc+MGSxNTF9I/88si06xHgH4ChpTq3

+/3hTQjM4hwEb0/sIMnrdRBx5bmLlnmuMRbEXtd1AAZnq4znwBP4raxBO6iZtYg/5

+eoXrlu4n9+ctxzF4x+WsVGeiAptln/c0/16JSykb8xSFBH/FsJ/eer6KqCKV+Xm+

+WDS9oBOwRk1rLMOIXgQTEQgABgUCWarMDAAKCRCtzJZHPPm3gkaYAQDWkNgInmgo

+5yEzqmEOcvsUJv4UcNRPIqqYqx47ncKeRgEA+amgkRMSVsWoU3pNdll/4GgtX2ta

+m6O2H4uyuaslFfWJAjMEEAEKAB0WIQQ+ie7nRY5yDZdU4LJeKKM7C4T1dwUCWbwf

+fQAKCRBeKKM7C4T1dyB0EACmxq/gHPABbXUdZ6jFWsYDACJZw5lEwFiiVEVU0Or+

+HDD15x/5q+W7llOwiTnqSAYHYYiBLHqVnwm1uRn7RYg2bGsWRfSzDgfX0r6HjbHn

+23MvigSTIZLrOq1FkKxi4o2Ax5zJXg4MsQkaR79OszfJkxuGYipSpCFQkXdjppXi

+YBr8l2i5CiZubibzO3A9UM0kDJErch0GjUvVhkK+CWvUXLDaooEZmMrLT2AXrYEB

+Hobxag5E21JBbq9Px+zVXle44I060xoUzzGWMFWDjF4doLhiAMFd2LuXXiqUCdAH

+TRqeCznurFaxHT43KhlrK7ZOcpBYgC+2JZMiwaUqd0NEEDT36mBpZCtCw7Cfqkkl

+Y0raEtA3zd90Zg6YAKku4zsQm+zigtUfkOKS6ls3O9H0SEppwbxJuIs1TKxoSzn+

+2CIGBJGmr64blk+YV1U8q9Ql8GVKugjm7byENmJmNry9gYIQ+7g95k2bPqZD59sZ

+B0+0vjZaZmEAINSdVCE6ccGMJJm+xKVtXbwWDUhtNcR4MnlgHI3xj1QTGjVJTcJU

+3Q09s+47tg06WmdWYDcwF2oXhnVQ5+w4qgnxaIH63LyhpcwkZmwL2KdQoZ0oQboG

+zlRRlngeCVVmk+Pjk6xG+nr3GutPbsXypkQyh0Q3F7xEbEmhWSgjcwHwzsYHRnvd

+GokCOQQTAQIAIwUCU+jiEAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJ

+EAkLEZk9muu1AAUQAJVggkL1OO5xusj3/WVlWEFDKhuXyIVog+nWEO2h057xtpRm

+juQLYn9KQcOMaFf6QOK3jZWHuZuDVnNxNVrcCB58I8AWb+oTARjukhiknJPo4hTf

+4JgjfXl1Qpa12OXQ349lUCdxaeEa4WEBnGBhyh+MmWrh0poQbBbjuafpU/Fm1s+2

+FoMxcIvkAW7f0evLhofD44k4bBeiX8xFBCLLy4IPeK857mX5FnLJUfSmpDqwmdJZ

+kZ74EFaVaOE6F0QDPqrK3ZvEAqmyQfNCmFWXcwtNNotsKyGHJbUeyhfr8MkteY29

+QR3y0uLtFw8NZvvymjuPdJvU94SrqtVUMPumCgbF/FfXddydoPUEtt936344LIpk

+qa6Z24kOEDHlrIxV4gG4nCvP0Bbp5zTOwLoimEv1S7F11zZlG4L8UZtVBkS2j1x2

+UQH+E3jgbZ4GHMqv5hc84CRu0coPqizonoB/0Ta5MZTkVLiV33RiaILoqO6jQi2j

+nVNAF2qKxgVi28VrEELhqztl5Q36RTf7NmmNkrevwCw1YLsTLCJObRy0BG6ZNkeQ

+7nz0bkpwn3oX6D+9ufsFMJzaS6VTWqzozGgsAP9J60CtxFYxDuL/VxK7df0wxWcX

+xyI5Wh5OOTzZnn5TpNrBSIXxEiCnmCKLNXM+4WP/+J3oNcTnSDAIIN+5uAD5iEYE

+EBECAAYFAlm1FrMACgkQimdxnC3oJ7Mp7wCcDF5VrsJWFVhLdlKGUDm6ahz45HUA

+oIlnO4wSJnjvjbAfSrFeTINggI8liEYEEBECAAYFAlm+L6oACgkQimdxnC3oJ7MC

+mACcDjbe2GVWn+OT5lO1b/a37BKs/sIAnRTuz3S9ZkhzTbg3Q42w8ru82QlMiQEz

+BBMBCAAdFiEEvKaJtjZVOAHDxiFQGXpYiCNfrKwFAlnFdY0ACgkQGXpYiCNfrKw4

+uggArWLET7jhgpvHbCSUVI6FrAF476NvkogQC2PTRo0WcR+c7hBzkCaf9YBS0hVl

+//C25k9KJgFKxRY1ddjjJiBL2FkDgI0SRo9wsKmfsX6HM1PC4NR48rz8jJ8X4GlH

+Gn/U+A3Z22DVPyuMhskXB+xgmccEuDtZJQJjCEib2LmjDpMaz+RU9GT5NqPEVrdI

+lSu18pEGBoEVkIN4GLQ8dk6BYR9Xbis9HLlZt1imq/KGDtNnmXT3sQBnE05o3+/d

+6e2Di03VAaGo8Lj/D1KSPPASFzuII6Oj+CCrYl0/kGPByxeSmZE28sVfOxU0rVBc

+1gw+qs6Iu6MMrL758zIOm7FpSYheBBARCAAGBQJZ42uvAAoJEMjW4VIB7p2hPhAA

+/2Uh07qlk42ITS3nr7ZfqCPoF0gSc0R1FHohomX+B/FcAQC0ffiMq2SbnVYApbhp

+r2QUYg49riiNg32X4RrgeJ2DeokCWQQTAQIAQwIbAwcLCQgHAwIBBhUIAgkKCwQW

+AgMBAh4BAheAAhkBFiEEPORkVYqE/cadtAz7CQsRmT2a67UFAlkHORMFCQYLpQMA

+CgkQCQsRmT2a67Xq+A//VuF+/+ev1McShbY/bcxJiT7+XNQzD6w0xPF+b0I5H+go

+rOPcQfNI10aDFZMRzLLDqB/Mf9rsHDM6xo6t7/q7SEtyU4JY/buyYk+Nckwl+OW8

+IoyBhPEekZWC2vBJpB7dvOtv/DGVwucfSibqJwjWC6WV6bv5E2ZJFT/mzBZgerhb

+cu5m9QoKVj6l9WAARjQn66F4lJqKnG97QeIAWVBMT+9z+04UjpKyfpcwgJfk5ozz

+FRmrg6VzAuLNvdI9AxrXU2J5MQqbndn17bNNyJQi7zI/HruBmv5Vjhv/miBruOGn

+fekHFW5EkMwE/AEbEOItp2WuW60ypNzwe5DqYD83123pTFyJQHkOC4jiptxHCScN

+3RS5hm6lO/ccM80lDKiUdTG2Uv+NZi8KCvWAx6e6ReKNOZNpJ6i1WRhXpUbNHhP5

+wOh5q9zD4fVUwHsR3v8R4Q8YfbIlpGdwXdLNyu/ONO23FlUin0e5Jd0o6p/CBd/s

+q3kDHm2kBrzjKsnZnbqMVjvNnDGNjIGMwMIhCOeUTFYLKhaGFXkCUc7sAS59EXwk

+5D2ZlUaWzb1fcauMTny+INEWKp9ZR0t9jDiFL76hHU+fS9ZXuLd3Y5ZCFTehTDZN

+C+I3uUNQR38mb2s+kYLsACdDAqRnTbxXuSm+eJuKYG3uzUgAekpOy9NGbAFvreWJ

+AjMEEwEIAB0WIQTL9ZdVy+fn7+8YP7HdQJoV2CJGnQUCWni3GwAKCRDdQJoV2CJG

+nZHID/9kvOrnWCM9k/ocWIJuN3ZSqy1xcYAcxlHEpyktiU70GUSuPeJl5XQFHbgu

+vNydOgP+hQx4Kemj6cH46LN4q/OYlIVeCWGdO/qWYzua4KIjNxoRp5bVi2UW3+gv

+RY/ErT6qItrXPIKsFpRKypn+esjA4edzwutjul5gggMRhFP/JicQsls2EZJqtKmL

+D5K1HnJnNF1NN4fpeXVp8k8kU8STnpJsiG9CDxC0rrX9ombuQtVJrUXYP1pNCvxI

+BBJxe46NZC+AQNLTVZZRlCvOYVdIo5S1ElnHYNVcCqNjPHWk+WSl9CTScE+HP4V3

+fK/C28F6KmEtJdNmCasAkZqVH3ufwwGo8PIXZtFTKkn+fzu+tYmtJoGH2POHy18I

+ovyYIn9gwGwFTy+An5xZaPnXvxnzX42lidW9jqRRklyvs0PV9oW5SJiuq5GG7gCr

+FmOId6Hpoev12dt3tPEbuDh5ycT9hVVnWYIMVCxbuDAr+YB224L8omWHSy/CJRmC

+emb2JohzKDwkAnhc3y+kKXcqxW9cFkCYog6dfi2PgUzEenTK0LxMz3xiVEwqQRs4

+JBz+1p+775phPzdlqyXyCuEIxACUQUsOSHoONhGskuCTdlVK0Ayw8wQR6l6I2aRz

+CzIoQ93zEQ6DfCItkWYInf6kCW7Z0wPMfO0QDn8UJCr+eAYDbIkBMwQTAQgAHRYh

+BA44PyE9ajJdesVQ287oV9uxZcCiBQJaeNu+AAoJEM7oV9uxZcCiIs8IAIKORxvU

+Q9ZipmO6nlnX8xlOt8n649IvujkJzS30AckFM3JaowsFSEtyoPHssadlJv5Awf/b

+jdLgNWV+JC/FfO3SKJBFljdEIn1J6DpkhmKoRYzbGB4TfDpe8R5McZO9zatoCSnL

+nSUyz8W89NKphKKI8fsLrdbHzvnZTTNqr/oxQFDaj9K4YIZkIsyIppSO21Ybx8wQ

+GQlhR4efh7rAnhaIQzKh02cdtXG0sot7Z/fLTsKDmVKjCqm4Kge35URuHMAw3NOf

+VElrEQ0p7TwCf5zjxLj5n9SRGXcRfznfc+tM+I9P/Ad1fOPx4sSFqsy8cP+jP7ll

+r9Z2emPBx8R0ZhyJAhwEEwEIAAYFAlqJL2sACgkQJQapbM9jCyER1Q//UhRef2M4

+P7yecyhtoNPvtr5XnR65o+FSkSzS63bV8ZkqjCtjVlkp7jUye6EQiAsXkqt/a401

+lRC31+JDV7jG8kTMCmSQoeicyOhOa1kZ3LWjonVMc9pHJ4n10pEWt1shd3hbOF6S

+2bU2qvW+WjvBo8+qt1O+Dryvz7nVuV7dPELxBD+sBa9wGs3hJ1jGmOen1WDA6h58

+NLOw/iiYK3SCSh49CMPz3n3BiczdUi5p+IYF+y7bVJpbecG69DpPsKOht6FYh4dF

+WsjrFObW5L5dsRRajYpQTwBrosNwJn1p/2IreumMrU4saITKMKevlLAfgpqOEiXb

+TSQiqgQ+bpXCZ6sK17RsCNe2n8avtpTLq3dg1dByZ2jVZvc4gFVsHAzai8K/LOcR

+5DYfgQZV5P7MaVbX9FqnNVKrHOOPFkv4Z+Uj7SPxNznQEuk9PLC3xZ9mMRnQyyht

+t5BKVuyrTvOdx9XbTW5gxpB52EVc3htktnJiJPamMmXnl9D1LmhhDcwyZkU30gUo

+883DA9dCka/Dmyzj3P51wB6+GURPX9NesxJ9ShFVScAxoMEBpj2ZqMEnh08yW3o/

+1yGhbRFFOqdmSz6JSKKdmEjW74LPiWzl+M1G6H9r1bXjPq7v8JZpCGk1Gu7T+jLx

+DbMmWEhi7cNadB6DcH/L6pGPV1wO1LkDm52JATMEEAEIAB0WIQQpWvmRb0b4oTSw

+KdqAhjhC8P7YOwUCWpbg8wAKCRCAhjhC8P7YO1tXB/9uStyMqAPFK08Sc2Ts8fvZ

+JPQg2lfmgEuQJWtazBP2umKY/uozN5P4kOuH4YAoYRPB4+AW+h1AZl+hDBseEiL8

+rV1Eps9FpBEdQAeI48g1wubhJDKKuMnWyo5+sLZ3oyOh/KqKXE1x4W+0iqz0oBwX

+n/S/LPfCK0oYLh/71gPFIK2JzXCvWFUwcIZRMJT25/wrfDB+Xpld+nKlssX7cOLD

+D+ig+/B4TxlSWm9TWeIxa1TsTDbnslvMlOVUq7Jnmox/X/0TfLkXhvyzqs3OBPsg

+OaKp3cB3SfWmdte5THmsiGTixaQd1vHef03ol6nAelc0f/qEkC/HJReaWOS27/46

+iQIzBBMBCAAdFiEEIGkd/MLJjEeVKYTuAAGMIjgadZQFAlrbnL8ACgkQAAGMIjga

+dZQlsBAAi6o23zyO6bd6l/yWIFOx24t9q9NUEoZm/Iw2BOp857VSIOJhALr1byG2

+VqRgNKXHI1sVPOdJLrb+CVq9nKiAaKATYngSMutfl2HXP3na5DgjPOgIYxusn8jE

+wmGRYVgmwB799GVEsA7ZRycXMuO7uxZ6Yq0cWnK90IdCUB7infJ6DWMFLrpKdDQe

+Wk9EH61MoJGWVuFx0BjJo1Ej0S0YPocg1TIACcczooHCH9N0omSjk9B5tjVuVo7+

+rfcA4w2l4rQApd2XLpmKV0wuJTGIfcxSxdK9pWrm18LFAmXItTiwm2zhQeFvFEHi

+IEGEL6hjCVp1G1oRvFj4NnMoqFTcd2cj1CsQ3KdVVGZDER88/Pg/WMBM+mYAt1he

+AMGJcM1gRWcpZ6eOUtjwyDICgpFPQgSW/wxUmPFofF8m53sTX623gd6auGfOVATN

+hU/glRnTQDtHvZUSEpXP81KamZNXHcv45aE46DIByYim4GxByma4RjCscJqxKfrs

+LWr9AjcXyS2VAirHrSkUJhwdR9XAZy52e9LirPOUX9uYfjN1epRp/a3dNWt9cjSW

+TcwzMBIzLiwsmjUUNUPAa83P3VTSMJZh423xRE+rvvvDwMmZChkXdqInmrw5WMWz

+2Gq50ZecWvZ8v+NuBTSQWj7PWV2XEV81v3IgygywWymSWnK9xpWJAlkEEwECAEMC

+GwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAIZARYhBDzkZFWKhP3GnbQM+wkL

+EZk9muu1BQJZ8MKdBQkG9S6NAAoJEAkLEZk9muu1LiIP/3RmE7/D+qUvUl9B51CD

+11NXP1tr1JralTQj9HrtBtzSO1YRNOAbE4a5FBGs/4eRJArGPv4n+duN01oWvKb2

+XYRmo+4Jdzt4X9pANHCEVtWxz4nBDk1f22hxIO9juuc11XlqToBRem2ajHRHJemW

+D7jw/jI+CuBZGv+6OBut28MK2D5WKkWUWR+I3NjJQ7N3knpPDLtCWQfrESaUvY4W

+c5nmPRVrbZFnBBB38tBf3RxUaapEEgg6rh1yTfsOanPQ2JqvT7vqG0Sx0i4G1UQm

+3rsybDLMW0+o+8+DkokaeTmx7t2RXQNyH1gxUPoNeH2tfWgJ31MVkap0lkJXEkj5

+jMFiKz7MA2NeTO5kYFGVCfCzz7JEUVMSujUHNc7gVx7JVWckEdWP3Hs2hhImx+Ro

+lj+5wsWhhXfw61iHGDcwKERbXVRRjCK/893w4CUj9Y8NlfDCqt1Ygb9jxl8xlfGS

+rMt9X5sJmMEkTrtvCOb6L3nC+CP43/BdwcGwsr1FCabrxBEXGHTXlSKCn3iR04PE

+n+VnbJHLdkLr/bndO6ukC5e5LDSqhjC012vA+i7cnZSCHBukIYSJrxa4l2nv/vp0

+12LNoBnYDoCGTqig3UheIJBNDRD+uZaiFuF5ILKx/cHPYaNHX+P90T7hhLbIyWGa

+hn2YfRZu4mV0wUT0kfgqKyvQiHUEExYKAB0WIQTck4iltADvsyxsIHHh9++BT5Kh

+DgUCW8d1ewAKCRDh9++BT5KhDjijAP9N6DAsVqrSePeuPK7eDwyJ3W9VYmXQ+Y65

+UYKASaB91QD/cSF1Dcbvet1HFcIf1R7dVIeOx8rc9XRpiK2xltE0EgyJAlkEEwEC

+AEMCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAIZARYhBDzkZFWKhP3GnbQM

++wkLEZk9muu1BQJaxcaFBQkHoqV1AAoJEAkLEZk9muu1W9QQAK4cjijD0BFF4C9y

+Kj9/hy4hns9FLTy/CI2Mr3Q+dOWuQHR91xQbEfoqdZjxz5d93DrLWNhsetICKvRQ

+R7mZJdUq9Ok7BLl0w+pp7j+c5wBM96No3MZRPxtDNH/cDrLI85n0lZTc3Sf1GGoS

+UpW2sIisw41R4d6QC7stme/WjjUdiG7HHs6ERx+Wjf7WOWf/eP5ymb8f+MktVbK8

+4UM9+ysuDzA8WK+CsqF/S0wnjLhhXus068l3yVzah7dRAa7KgbV3bpDervEoWI0k

+MZsXZ+u8Xjx8kKawkcbem0Pqoz1oD2K5yS5lORZQDdsVjfvKq9SOGHWjYsUjE0J5

+7F2Z4qb/mwr/Kyktwu7CP6PA6RZancIlBTt48y6ZLVtzqSz4rwbcevpjO4Y1Zenx

+thL+uCfR5pDJouwuJFvhDu+EKIovwBdL6pSVU18RzzS68mDUto8WgXbFqtAHIRK/

+vQI16iCl79r55ffy7IQuA5ozM9HSOazf3xOKbPwwnFlJgSkHIEW+6RYXfjnwD8zu

+6Q1dymMd3VVX1oXLZ1avgITcEeDJToBe89xM8WZdpcREM8oOb53G+uC/P0eqc0Td

+ezOHV26QQp1mgwhf3WFGrnAfSDaH1nfS8DBNP3fF0oCAcS4MKufvxkGtnY7K9j5w

+wjregupUR9M9sEWs0EDYMwvHCx7DtCNMdWRvdmljIENvdXJ0w6hzIDxsdWRvQGNo

+Ym91aWIub3JnPokCVgQTAQIAQAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA

+FiEEPORkVYqE/cadtAz7CQsRmT2a67UFAlzGvMwFCQk6I7wACgkQCQsRmT2a67XJ

+IxAAthvCKyHBw+DI+Oop8m9vJDZuuGyrVfWqH3E6G9svexxQHKecTLw8vA4GHaaq

+JtdqcKLEm9Hw0SMmdOnYn6d9p/ZASp5Gb9QCbComrsr5Nu4zFiMaE31EHUTb3Ebq

+P8vnv1BsvP+HSvDPl3+blR2xavxNrHSfoC8m8ZU19X8z/S9J8Ghh5ecAFltSEc4z

+uU7+LTV+RzEdcnTlTPQqG7ZLPE2jKxB7c4XtdwxqSlbG9Sg4bXNo5a/69UvJGvYG

+pZXSAwweTzEfHFisuFZftU5JZ2QRjaj+2EZ6mpND+McuD1NoEQ1/0yDK7AmsDPkR

+Pw7K06nKbnqVA2oalwl82NPexCu98jmCEKbztbqoyYJyM+jTkkrQ09ss/NxsFjN1

+yxFWtq5Cv7Fa13SmyGqkO78biO1r/2CjDfnqhD25j4M+FeeY21OvnfaH7KbFM44c

+SbHYPKioQqfiAJUkudf6pZMTE2rfITSpDkLbx7a735cEmAwM+aLNkF2AILeYUAnX

+9AMjsW9xrWJUQ3MBSQyXaPcZBwqjXlfQxTcJ7kE7EWKUEWQfCVyxt0fb72Z7Aq6O

+o5ox0t0YLAYHDCCjYuVd8teke1vFgaiEvgCVSBSwGHVhLR+SPTN6JwI3TYOs/Uxg

+vISvVGaWy67gKKvUa9NNu0hAZ4nHohKsqZKNdK/EHJZV73mIRgQQEQIABgUCU+jj

+SAAKCRB33ZXi6lLs9ANVAJwOzBsbf5cDHPi9m+4fb1pCjEeqewCgnOaYXEWiNE5L

+hFuQo328Z5OUiMKJAhwEEAEIAAYFAlPvW0IACgkQ3cD1NYgS+PIuOhAAkjOgjjEN

+uySghD5mQ2EWSYWyUM0guTQgCLLkyQqFuqpYcNWuiZKQEEgny/DQnq8uCN7KVi7q

+nOkvVoZDXMEbHk1O5jgbrR8yVYSN8JyyHftWpgwWEUUGdtoC4T1OBa9imSuI3V9I

+K4HtbQDTFY/VT6oyoJ03zGkRsDWJa2MIHHXYrDnFLbsSl5oDagA5KRTU6NFzXkvj

+/aLot1Gdxrja6fBu39u+qYW7X8G9/b085y58FMIBDSDaHTJVFrn5UhN2kAPWqDMQ

+Sxb9T+VlT6vCF6yDA+1F5TMCoQkQDqQSmzhX1dw6a0kdHpaPXqra7kjMzWE1UGZ6

+IXjdrrtjQqWnK3F1klKRa5mTbfn6I572Ev33xTAGVEFjFd5Q/ZWm5GgqkJwf/udy

+G2lB85xEwg/8Y4yV05xifEsTu16J1fCg8B8hMq6/PCrAOKZyPUk8AAL9i7OD7jie

+pu7PXRwNeNuB8yVDG4i0n8nD1iUrgUUhnapLnTjMpHmxeruoW9GZkiNpbE79AeBa

+VmZh90yYQ5p7D1MJZPqgRC3cLXrL4j/DNtmzKs63HvYJsVGIOgzvjjP1nYjoJhKn

+oNaANPA0OoTVGMC7zB164OOfgSEyd2ixONlpqrZTPLhMhfXyjkuewobpEv1PVpiE

+PeO885HciZYig4R2U9CRy14EvN7dqGxrE3SJARwEEwECAAYFAlPwxzIACgkQzHnY

+Clu3/FF1FQf9FaG9Lez/ji3GfQIcTEuWwiAPis/2wK519d0u/70UbsfqlO2xKonp

+Z5AIba29z6epyi9Y4c+D6kpQwzPggt6gLxFU3ZKfgszCdjmxZ3VEow4XM2jZLeTm

+/RkCgb+GQUN9Ile+MMEp5/ImZO8W/9ku5hJUYMFysPsSVZHEqWQGgB/uYtO7pAdh

+y0bliJD8eAyJqh0De1k79uOkYPqhlgugQDIIjuo0llZ/bsc5nKkbdnA5TPlNe2tW

+KeLWs0b/omLx49oysE4+1Vn/IzzU60NDJgJQ1qmpeL9l7hSbPTB93Rr9n5i136iL

+8KFTVC/j/YQW9IYTSJHgTpfZJ2rnMDXoB4hGBBMRAgAGBQJT8fyEAAoJEL8zmr4m

+xdKGt3oAn1VpqgYUSwNim5ieck5ZgZAqSGLHAKCjTieHt2VCpft/7wq6WD4Q2yGn

+GoheBBARCAAGBQJT8lSwAAoJEPfVyb92XGHjxAkA/3VUoRB/sO8vzASVs/6ma88E

+ILD6RXRFv/Wuq480YShCAP9GCyKRchFhZI+sNdz+Ixg6T73Z+4sO3DocDJR2AuWD

+aokBHAQSAQIABgUCU/R5xAAKCRAEbt7m63q3TUWHCADGXQeTD1TjNHC3ae/4xhmo

+yLaJ9AxNfHtpsJwjOmB9YF0rrDU4H8+1YX2JiQ7VxYkmZ+3xMhsN+ZQ/5FTcynAX

+6sTBgd5HdtOVS4DaXouHK+aJSvVUGIdHAR1iVNtxm6uMKFvcVdzn6vqdGXQ2bgAT

+6tKvcugJSYTqJNJeKfdlRfoeGmhpkV+JuZTgNvNi4CIdfn+JtXrK3ZagHm2KKUBJ

+FBKT2JGXjGRqQSFwwQ8X+kUGf58/1QOK+sWhX/XCAJVd0Q1QU4NGIfvv92x7nquV

+rayrUfBP6hVTsUKVeeIY3htg9AKm5wLhdasJ1HcRQ6gKEv1/myMJks4APK/uygno

+iQIcBBABCgAGBQJT75m3AAoJENxoaie0NIGwVC8QAKXJROjBvAwjAZghx+RrSjnu

+PDvzTdZpuim9UBhoV+ZSd5lPZxdQiC/4EKeA/WINsE16FMbUggKnQiF/FVk0cyui

+O8ytdAfIt9K9nKf16r4C2Y99/+I2HQYgdoWMoWuZl6NVX71cP0+Nnwx4F75EBAx9

+7eW0TXQVtcJuEGRpnCcuK6+JYEEld84gYlkL1jof4ICM1ZriHt9Jmg6Oj+iZoKor

+UeWF8jHmezxliw+8jHj6Ek+cHzzbCDe1j2YGK8Kcg7FkL6VGWsPVbr8elngGFdhU

+ZMNeUNvGam87RDPNSScIV/ON+UHY68ANJhODrxLenxzCUy829V9998cfqJJtJTFa

+qYe3aTIFrwn3thGwnQjv2nJ+uwr0Fc/Oplg0ZKlUPztLuEMfZUJpDtsMjiIB6NTL

+ZGkkcftF5yTnS1QOproRBcRL3UZf9+tqEA3WkiO/NUIrKc13SQPFOCsuY1PtvevS

+5JJJpX1K3dcOAY5DvZqkomKM7SQpxTMZDQNzOt5uDoN+AVScT47O9zSfQU3W0U86

+E3pt6PqgKzDAvwo3oQgErE6V6hjlrMPEBUUeJeVrd7SJ7/X77v1WBiqk8jomFamd

+ySIafTny8HSsK0YwWpdvEza6CJ0IAy3wIFrtYc9YYPXKgebDAVlzJL6Gb5pfEVIK

+Wac5pgXHWH/qJuJ9acfiiQEcBBABAgAGBQJT86eWAAoJEI/xy26NiQWfNA8H/iP4

+MToS3kJdRJ3LGShbmWyffYajIYhYSpOVjKfFRUDwa/JjkJNoviFoA3H/vmcDInE9

+7GBHxxcy0tDojHOxrMCIH39tlHh0uDLyQIYo6t9T8h77IO+QimMxRhhDc29bafzL

+Fi7jTP3AnsArn00Yq7+O8yiF32WyBNY9wcPYPKJB+O5vJ0eZYdMThF/UPkVF1EaV

+dcpfSpKdp5xLBCqkvIvq6YbvWCt+rBuYcrNcCB6/+3hK54Yjrhc6X55/fFL9wMee

+19R5OKowgQ+q6Luo5OyNn/2MDda6W+/f/obRC55IFWJQmFBkEHD3saEf9qiscvdl

+mpPK5Xj2Q8H8zvfBL2eIRgQTEQIABgUCU/G/JwAKCRC/YHCLSEJsfhoiAJ9ha7Q7

+5Li+xqohb/seZ3HL3xGyaACfWC408npj2g+OhDKjnoNJ/HIIKjWJAhwEEAECAAYF

+AlP0lSoACgkQPvkFI7MErwiAIg/9FaOQK0yi76ZaoyLgLNRgjQOajtzFCB9Qbz2M

+yppVuc6GmwowMCoMklk3CsdjSpc0ZaT0eMHxtri57m/1iBPJivhyi2th/gs8VCRt

+Cj1lcFy9qWlSamxNlb0pBfqReUn9sKz/FQY1tnUk0Kd/yTUCLfSwFBi8o6lwmMEE

+d2UWyg13ahGo/kl+Yo7Dz1HIji5o/xEHHKM/cP0MAtaKR2yH9gfv+g5p/GLdvha4

+DypKKFTxZSzjKVsOkuW1tAEqYdSBnlvQMJgNyOLf8sg1WOLLVqU2aMxaV/eLlIDe

+wjY3WKn1TvPBitK9Ao8t2PM4Rl7KwEFwKimZsWDu2C2+XP/joU7SSu7VdEt2UKYR

+manYcWC5NQjJMgk9+mdJYdUTih/ng/RKXoshwb6Gshd1jxGhPnvgw98ukwjz3X8j

+Ti1Su+/e5KMI7x1xMURgzRV8giwzqvHcCjnDoIqEpG/Uf98oLFcO5OjK7q1G4eWt

+lDTJo/usjyRcoRjOftZsnVqIaBUfBCE1oNgRMKoDozYF5WWRNovIiE6J0E8Q95FG

++3ma2ADqZHRdhiB01+c2ueknn5HAdTrQ8MgI5eRntlsNa9lAWfCS2Qbo8XioXmHi

+9wXQelu5dwmxQcqsHxSmGwe9L2RZVivyY+FeQbqEFyhfQZNx3g2bykZTE2DolBv1

+NzsMHvSJAhwEEAEKAAYFAlQDVFkACgkQ0BeMdn0Gnua7hRAAvYo+7vgkSDvxbh22

+dI9YijMWN1Gyg631Yp8bk+E7obpwJmib2QtoEVVXyO4wUexzKrwZ3t5nxwuFeKET

+NVz4U0hX8G/zerqKyUbVQiXo5juTbDV7MreJPcDaMbPT7HhXIZjh4HuylydESAgY

+B6b+tzp/Nad+yeeKaIGEz3Z5lRJx+JVKGiNis2HWqZkW3uBattJTSOFhsOv1OtV9

+ddtKpLClVeFqlrAWTP0HQTD4MUFDbgozzv/sD7GplY7gkXalz03PNZn1kA35K8LK

+mGIFV1N2fHuYBIpOBrEgCY5l7yHtt2Kn2cI6v28sSFnwGak5TmJfaci5xNnZJtg4

+dKnOxkdZvbkm0vNJal1wZb2dER5hsfpPL3XY7O2sQl5xFyJOBCG5iA1TWINDSgR5

+h1WP5bKl/mY6tNDV73p054BKLiIwcKcy31IE0pE+1egIMmhc5YOK8J6KzsDgjRph

+4+lYwy0uq8pAxIv0a+K2M7QxGmx688qeESDLuswaO1ELt5lX+UZ+jc6Ain7OPZAI

+66XD0ICowosJJpMU0mX9kqoN0XLp31q6owmDRiSFfZxU2eno5cfL4C/tVHqxIJ0N

+prQ7aOmj+U58Zpx+2Z2FKls9Uj8f52jtdJ85xy9nqo3oOJlQFF47pr+2IiWN4rJw

+2oMmmN6j5rMBRw+HVHyw8JnVXmSJAhwEEAECAAYFAlQMVdAACgkQpxVVZzJxmUjl

+dRAAraj/Rv+kFYgTMEl1+kYWK++3wPoqkmL5Azae6CwZDkuh0m4EFGITzvOo93gy

+fiTblNQHErF1WAVGzB1m8jW+aXca3x5ARYKKHY8m4jQcsazZpL/srNk8IH+0APLC

+dw5fmWoJmZB8AgxhgJOYRB4xxBeUh/65Cx2df4WlnmFtvYe0TAVU06s8oXgiIyLH

+CQxAFjOIqT2kIyRnZ/I2vdK9Wl6/w7P1ThhasgC4GTkcCaALO5rjBTu60logMVao

+OnSCoXIx4GGhgsePkjujsg0544VLmEOczK7KmtIFn95SVQn96KZWluBCXav8txB8

+GsQ2IbA6CrOQgAGfwejewmUG9w+DpSV2jhx/L8DkcaGiubkbkwko5rDCa3jL+e3m

+VRt2LuQavWGjpL1O1a5Xw9IM/Hrla51XHi7bodwFfeooBtF5Tp5CYaXkorRCHbMR

+sH9s52xEXDFFaWbDVL7ofPNCe9YbPSm8hYBh3s5R4SwRPnWt3IivoTlqk8FUWpFB

+aw/wYpnpW7vMt/u6PqRlodcEjt8yx2MHHWv4ceyrUQs4pA3xF3/OFxJOqvvDRpxl

+HGEgj9/SJ3eNz+ZkPJA9F0hELGQn+kFWTz2A3WEsQCK3IEg+KVmo5wpHN5+ni+rE

+LH355AwXhRlIJhtCX/M2C+WfxzOnziDj3nrITySRT+Ebja6JAhwEEAEKAAYFAlR9

+51kACgkQ8oRrGg0yxEIT9g//Rys8e9K26rBtIB5tnTEWF5tBb+EYWcjTqrGYNzfV

+uiKqPNaUXi21JbRHSsizZ2dqI/G6kU9/jThDuw45kNMTbZ9vbjT3L1yCbyDmtdhZ

+l5j1GA0jMdwyjvvCeioT9ON7eZOil1GO2j9oJEdc5E812FWNblQJEsX+VQDCNOAN

+/O05ZROCj5+smBSFzS4CRcRG8Z7+jREVe6hvNxuAOBbM0KQNteqYo8xeo3pRXYCP

+L02YXskF66aRwCqW04uQNjVPrnD1DZnldwGu7gxOnP9PUVc0EzxAD9mS0SqaWhQ+

+nhRfc2ThEDaFaxBpqPzQM9oKTvfJwdnXCqVFlAcOD8qqxNxfrRzAiEyiNXoBsCRk

+lvCCBIWLa0AkezAH4hCr8a4Q9UtORwmk5Sgc62rHmFaUBeTl6XwL/nFAWjo77nxl

+tBpvHwRpp6FhdWdURV3eMLuMRsS3nv5ry2EtT5FAV3AVPWvsEabdBH9iLxOeK6tb

+LYU9/ih5t33phdsu/+wSq2kdJlnuVS9UBJ1L4cBFbQ63ChV5kcFJvV55RhyRXkOZ

+9/xyAHcYEW5YiGAgKjZHfV9C5ZVhYMJ+D1WJkoKtW63qM3QrAXDse/ah1dgHDdOF

+sjaVDdDC0SMmqi2hdJEAeV/zcloJWyef9sa4jssiR/ba8MBZfq2l3BNkEtY+pzVb

+KImJARwEEwEIAAYFAlXifBAACgkQGXpYiCNfrKwLwgf9HgeAYyuKPx0rbw82hykj

+OYyH98prgOFENQZFOCc/nTHs0Y/Kat++VNMGungL4N5kV1aFCdbAKQdKBcv93KHE

+gULTkGu3S+8E9kxyewCbmqHTq3zyPLCCHuLwxKOxsGSSsDbabfUDNaLMvpWXqbsf

+uzNtF2dhxviPjzoUKoE13mTuAb6igfk15WOUfbhuZaL7Jr4PNwRbUKMICfP2O1Ob

+Xbt5v6vJ9/VV2C4R1fYqqNNdL2JXmEyJiu9KpSyLJIk0h/M60rZNldEQzS1jDyzT

+u5CKiNarg0qX0+FjAplrHr0k9+sUUGduqbInMflQ8Y5tQ3ONFa2EBDFPRc5sR6fn

+tYkCHAQTAQgABgUCVg2z5wAKCRCTnmvh4p/DzFJZEACLTGuPqJtL+ni4QQvPT1g5

+QN761hJ52J16pEissbVjeZWktoJZBnXd1enhBxN/7/kMuQ6W/Z5q0ZRHZnxQYZp1

+OR0vx6aGq5EXteWJFCJ4Wv36nGTBEz5AguCQl6BfcgW0gIOYfnS1uKUivl3RL5gb

+vpJNPq6DH8CkZz50tE+HR7rqaJvII83gAiubO4kOR2ieNzyyPfgng0OCYEvsApDg

+JzXGRRTF/FH1qKRii1uldBW73hNCwS7508F7TPJFA5GOhiGyrw4J/x8TGPZOnoEQ

+cJZImGFwPXrdTGjFlSLSgobVqNdIEPgrHXaLKtJRErIOAr8wstLOq+z2JJyZB+p7

+K/tEws5y/V3tMuIFA+GYu2rADMoQzbtxk5BPgwaUuO/EK/KGArBNcUsBFVpv+CeH

+X/U6tx75uInG3azu7xmKDHZlc16hUIqKc4LyDA3Vw/6sHD5r7f3pLXzvbY0WTMor

+ZJPHJlItZcNKg1wbXtVFo9DR8b8hFXaLLu2liOAq/H6ZkewqYoEn+bio8UkGnzH/

+7yvGnr94WOmPZprybM0+ggsM3WZOBGQ13h/8Et05VZXB3qSS+4wSYMdBNqooaunG

+HbmhqMGE5JDYy/kia8xIqhavvJh8SQJ1XBMHVs8vo137NX8dfEE3jygghnz/v0oe

+hVYo/T0VZCoLGpVsKzbZ+YkCOQQTAQIAIwUCU+jihAIbAwcLCQgHAwIBBhUIAgkK

+CwQWAgMBAh4BAheAAAoJEAkLEZk9muu1Bf0P/RiTWsMR8p+B2I8J3FDtSZh4T4h+

+w+5Ys2Wpp8GYsVNgSC1LMOrA1bwe+X843uM5VUHA5u+HL8HSwndXRXjTEfTHPxJ2

+fdjsnCo2CUZZBMEX46puJYSoemnzyBGCvDbTdZCeP4qi+OF26Si4lWfA6I1Tm/5l

+OAUUCY5oCqDMkRowEiq/3mBFKKxZswUXrL3kEV3MQzST2ZAHvwRFEeGLIDYVl8sx

+ALm3d2D31CcxYJ8XdGZEOVZscaNhlx141MnI1aDci+D+zGSiPa6RDTaErJyC++FB

+venJA6wZSsdT54OBlVAmEEV4CHlAwdvEsJntF0uyhQ3zPYus7J3NTwJyvidh+vOl

+yZ/qdNQqDeAtYQqGAfKN/7xQEE34nV8TGzlvu/u5JI2VS++Jv4NCNJ0xhwCb3d0+

+LfqddZ6rKIaK3MwPTi0xNlZwgdlULyfZ/ZcjpjVClI41e+KXoPIGXyt7Vsxy+8VR

+QH7gBwTWsElnoWRHKW1uzRNBfKA9d/cAzpKx1NY3p2KJ438KplNRAi38szeAeCEz

+84Htlv8J/XuOe4jDmjRYOsTC8jEUTvmCMsoQqE9AJlvkBx8btnFwGMjcQNv62TVR

+DBO8tw+0QXTKGz6tbcB41COqWT5ROkXbDguM5qcTjsc+MUytWIaauHiOynG2DY74

+6p/KRKt+lxtSaheLiQIcBBMBCAAGBQJWYCLyAAoJEDJ8HvON9Uwyh9sP/0GVC4Ea

+iQEPu6wsZpNT0KaFQErTDpExFwNvEv49tl1XsM9jQxi9SmY8UL43ZxIPQvb5Zyth

+Ud+82f2tCGYSVLQUf8e4cwhjwJ58C1AUitqxuJ85GLAiintt1Dicaev06l6VMJFI

+GXIIhdetqqw6voR6087HUTcxd+QHbQuoZLcY7UlITEonPwqwC+wjFRevbwGYzijF

+9eNT6S9W1Gn9c0JYTfw0oPn4DD/kUczOodIgKvVk6RDSKfV9GdxPr3hWOUTKWI0W

+uLWDZYUxIpTkVSgPXfgZxyatlmc6fDLGovbglOR/h6J1rKV+17m64iscB9kK20NB

+8zWKNEatnFLZSBZuRgoU2R2DGhBD4i7AEfx3Uma0L9HG0z0TaksLHK62UBr/6fwQ

+Q6JOQcVwx9d2fYft5ncCiLqtnh67K1mSlA34vLt8uFaqJdR6FWrPbOZeAh3t5UmX

+XZuq5wex5t50NQa2gN889ho4/rNM+fdNt7+Dkt8h4ZzOZKl54D/GjDwpXo10gA2L

+HsA0IgEZBecTH9dat99nWzyV51XG/WnUZt++BGo6N1mwS+zM/lmDE+oLMk0vcCuO

+2YlnAiHdQjsoM+2N0Tr+HjqPkHHdOKHJrLcD3JJgcmOLXwQryzp37jxRBniRQDdc

+GFSa5XQy5sfSOJJ6DY4XH86AFS68PXEGJbI8iQIcBBABCgAGBQJWY5f3AAoJEPwb

+VHyNgXLIFE8P/20risLStOXihqKgnj683YhIKd/3PprnkeEOnuc4+iB7gMJsaBG7

+FO6r7mFvw68CxF8pH4rXcxDvOuZ8NjDJ5jzUt3iAY/h9UYRGWarV1Nn/A27v3Msq

+SNjtkiH3FACRkPFQq6JlNxhWG+9CMrFRR7LtMJCaDbHJOI6ki8aFMwWmu+yRrAJ2

+Ulb0Nb1+K1EpW3MHggPMVWz1ZE0g6tAblC5BPqajGTD6vqWnR64nTtges9v693V6

+O0eUO04QqB2B2Di1sAfZ9uiCwpWOfH/305KYD/z8Szm5dQyxaE6Dq5LuFiANc2A9

+EH4uGzr8XKcKhmYRGW8iytpK9FV6SiLv9WP6P5C/pcDTkiiTj4mtpnQ4m4r//QWq

+7UWiRBiZIO+2g65kfXLbLEjPyQYxSW0Pr7wcRWIy2X64HzsXOTFhFovQEnUtJGnN

+K6W4ofXlNcQl/0N9JTYTj+ijRTGG40EQxqezmAuYRR2PV7UP8AZT3fCfmR2620Pf

+61pEC/yHZyeAOJWRbJn5iHZExF7qPL4fvwWVte/XJnuz5RiNooMQc72OHtqhVnVz

+kXGuyLevIxpSSKMQrOhGyzsa9UtJLPyJImKCDs82fV0XGQfX4XhgWSVITknYz5VZ

+ae27h40YHYiBRRAiU1rGofMQ4xuyCpNHnx73CtkUVH7yXwcq6WXC5/8xiEYEEBEC

+AAYFAlZkT1UACgkQYdhR2aaCIVMrnACfUFY5tWooobw/w7Jeo/72MMBrtmcAniKy

+QVeBQtTZfoN4NCfRugrGupuoiQJKBBIBCgA0BQJWZKHMBYMFo5qAJxpnaXQ6Ly9n

+aXRodWIuY29tL2luZmluaXR5MC9wdWJrZXlzLmdpdAAKCRATGO+sX7vbzh+KEACc

+bBW+fwJ8eBCPhq/wMnOcMU+1doJ5O4Dn8ogcTMmJ/YQhbuK3vsOL9cqFgUaYA0Y6

+rPMKNxcJ7kjH/tMntDdaAicqvtlr4sFw3xnYoflLpKlV4uC6MGxaRP0LNbXzEH2F

+tdE4ZLyLMRDlVyOD6r/Xuzn71HEwPMRCqrkQ9KXJKzWFnqzoNpz6bHxHopMAMeOA

+lWqwDb2IDT2yKXKKNDRr4QdgziaU8HPNYybSUc3P0IXaJnoD++XXUp/nZHGzQTnN

+HWuS1qPPcnLQ5om9ACG5qf4ghpkNjJRjVd5fd1lOkIBA2kYSslaRLvqjSrKLM05m

+iK/AOsPXI0R5wPQ6TDJHBE4B95Rvaoi7H6j+y31yEWorOhNjWNxF25fNAVEbzOIK

+bEEi5D6Ep5t298EppbNBpLM1huk4/YeVrm0msQsAbhuAhYCkTV5tlKgbP+Jh8bA6

+OEOiVNtgZ+98a5tKevpCDGOMiuXoZ8R81pgjeePPRpBoZh3PTfc437b+/R2g3JDG

+8yGwO4sk1oQHYO0y5Udphwxtr1myXZ4Z+2kTR7UjuVVP5Ij1A/Nro8vB+Va9w3Iy

+4DJniv+Mq8tPigFeu2lW9X9FtXnncnNNtspG4tlf3A0iUhbdkrQwnyTu+ssL7pcn

+0oFmn1cvWW8TqSv0+xXJ78/df8ipbWHz6Sgqln/pfokCHAQQAQIABgUCVmnz4AAK

+CRAgZwAbG2eKY15PD/9Opx/JD9Q9ACZCgZhAZvdxlfCaiAOXD8VB8gGJUgf1X3TL

+8ZRE6B4Oy7imzjBQYDcBUQQSVqKI4+qG1eOfTEVjRSVOpoqgfNmf2tOr/S3+tDDz

+0cw9B3fU/jM4gn4U6o5pVhSF2pyUtKEmjEbDmkzM2rLAj/vTafhIWSwQ/jvj3r98

+LUGl6nRaNT5AsRRaygwdUky2bE5KkSSyjTES2uL4fLhn2hn5FQnYOMZEP1jefjsY

+2mU4qAWWihQOgFQaa64r1kNK+CcJ2uT63l/mWHW0igTYC4BkGCDCjQ8GnJXUVUM7

+jRmeNnolMQ3l34qxLp3M/91BbrsxOMpId2RsKSqMSc1rG3XFFf51iI5x2Vby+t90

+CmDprbsrkOYlMJrptPl5dZ4+U9itgzbLb1u5OAacDBk0ygn2g7kgXz1DCo/dzLMT

+tav3M5R65KexKs6K6nqyURsERDylPx76IJKVYTXiPDD4T4SDk7FmX84V/TTbY5m6

+2+p1R4qrxRlpENh1KAzB7+xwJLhYbPCgiK4tCnhcgFV9jEp+734lmoZjvcI9NLnf

+rObQWiX137/5mg8bY3a1owOlXzEz/1ePfZJTJF4Z6JaI96YpdACTwT3BWHpBQ/zU

+6/zn9t3z6FlMW09k4CQlaNdiiU/9112HAi0cbsStcJH2wMb0VaSFqGiHis12+4kC

+HAQQAQIABgUCVnWlcQAKCRBPpFehhRTMY47CD/0TPxsW1YcKRkGmEonbmL05c0mX

+1Cyu7RWX+Bc10SqNNdsIq1AVQ593PFi1pdOuPTpoz4lPVpAw+6bfS1DVTTc+OvMe

+9zWp836oqZ5kZdfZXP5S48/ZfvDqIpr9DQjQU2+EN1PZ7LyCAsNqani5S4rLyIRT

+1JaEvljBheMCHvL+1sl6slQw3DG1XjhofFrW655pRBS+3avAJnQAB08AObt4Sq21

+BwhPYSzPX6Jhv+zio2fw6c2xd4EylARfmeOXK7vrGt6TqaQJCtXHUXvWgWtC3RMP

+bjYoUVwYcm/jMhZwcFLob4TOcb/H+riEA/O71BL7z61JFhjAxo6lFQHRwULi3+DT

+5ya6pRgldIICMdGDGavRAq1Uv07xdMJvIt+0ePZgFh8/wTSkOOOrk2BaaHQphJms

+gx4YRJy2srA94bpekTPBvp6CjqkpPRooeZYRl/aq5IDYRSH04uR9NxhrBmoJb9S4

+2lvqt/i/UfMKJ0mcGGH7mk7l9LGLFfxdKwrdggHBOhUv4AznYUqPuJzl5PPFQqVu

+M5gNZwpCdnyhTQGrpq5N+A/y4TLZZ0+gELQPGr7l2AuFDfeuIclgdEekOn+xfi8Y

+tnkpmaQU/mEG1pp5i+OCWw/fiJ7w/xDlZXHCsmW+MCiabFDhMp9BoRgBEzCoCQg8

+Q87X3JezGM3xnKROw4kCHAQQAQgABgUCVnbDXAAKCRCnIdoFU3SqTzNIEACiW8If

+IfNIGRzLyTZ9aoomg+86jY1Zg94Z+Q0NN2tm8phmVv2rFdju7T2mRGwHgt6te4xX

+gUDNAGClMQSXtoDmdglBCpZ3uPExSzsWbmbTVtwjuI9bzUcu/VyjSoxa3VPYXlLT

+1wJ1sKsIgM9F7RO4hsOR+DF8d0hOGV9AGQlrl0OVDpc28LakerSoSIivb33x36tt

+gIsYdchqS95zBlXE3cER0DSBOnY6ViyIdafBO0CH7fmIwfxaqnWwFCc21qUTXhXw

+9X7Kpq4UKO8TauXksE2lK//KxJllvf/YUcGRXgLB0pKgcLlkeQ5dEICldnRUF+xR

+0RSK/7Bwhro8A6JTFIHHdbZgfTVKV0hjZ8CWwFNUEd9YRavqPHDcEnvO6pXrcNXe

+4c8MyfBARrEMj3XbSBXrmRpbbkWTwqsC0WIvt/DQooiuJsZC0QfrONQC96CDSxOa

+uqteUrheK9vsIULh5EaDOSlD+kjo9YNw/9WtJJkQ30bHAa44aCRjXdCzyZ+BunoK

+NtwHeSxuZ46ofDQW/45QDQiICtF+MwnEJA6XoZPNdFK9nSo75voEgK/1Qsbqw6ZT

+DTJ2gzAwR8iLmBw29YaEIT1C7qetNoIJ9YVZPGZ2hHQ5KQquO6dhWgUqrHSlABxm

+9sUuv6QlJAOm0dYlbQyOgNW9NroKYNa4gP19U4heBBARCAAGBQJWsiGsAAoJEPfV

+yb92XGHj8ZsA/36Ymb57hJGdnM7H1UufMrQ4+wKFyVM22IG0nCu2eR/MAP4ulvCA

+9uEQOOKOZhDqE/bTHY3h0dC/wmS6UgRFvz6HCIkCHAQQAQIABgUCVvZqrAAKCRCD

+gslcKQI9+ScNEAC5FoGcJ/X8FuYCIh+V2vLWy93EnXpYTxQcAOa6BXJAWqlwxCGm

+YscNaOEkp6hHuHoP9VSJMkHPv22LhWwGFBt91BEFLHAsa18LLLT29drDjotWrACb

+19RT1Je8O9/PV1dv9G/CbObKWskRJV/nCGHe+O5BG48IUL3AuGX3vHZbYiqf7QkT

+7SLwF+KNDUSLMXNCLi9ge0xl5vKMveqASQfe70kcK7AlItyYMRuiiaoKAUXAwK1w

+As9omUbLmLaSQiRtZE/0YCY37hMa0A6xJtJaffdD5cidFak235NshOvfohO9YFTO

+4FL2R5CpDA+DIICajzwPhVN9h4HW85KL9ANvGGEAxYELCil6oelJXwIg4mLdClWO

+ImAShAvrl0bECz41KGCtn07lncIIe0hkz/x1eaNpQ5H+yTDANaYcPCIXwMKrlDuF

+cDTfD8ARKKcnWYznLVuf4kS01eRtS1Roz+1kvXm26UgTksXDVH2OFCBAJjrrTxvG

+FAnxXGS6orBnxyD+lhhdRZJuaQlZbN0Qz7gBvzBgvVGpz7MyjkKUykO2jo5ePRdO

+i3Lmo1y7hdv6kF8kT/K0Zefc4+7UIiZyVv+PAm5yQeQRAIMmO5/IjN2ftNDNZFfg

+eKQUZGvf3DilF6Z2gUJO4v5vB/LzA9ERteiIhOfT7g7mIfWTEd35zMf3KIkCHAQT

+AQgABgUCVyUSLQAKCRAJGrhWBpqqHBL2D/9UXBfFfPdv+MDZfYezcfUojyZAc8Ar

+WzBzsNmTeA+hdj8Klqm/oJKULufROesu6xIQCQOcjhGdMcdnz6TusZ2BLwlZiiWX

+AXPZD8uOcRGHvbHHL1cMDIxbU1beb5Uk7LUicvCkZx0mszRbQNdlcj8A2m/6+q5d

+iZtKh3JdwdyTwgUkPw01/j2NnDyVZn9Zh5gxREIlrFCaxD8S33X5z72Q+gK/BygN

+vMLlx9LTNUyInPhbpZet4pD31C1xWKHLoqc+/qeCcD0DjKiPEFFLjgcz1tkvYaBc

+nyn2nygIIbz8EIuj0cl/3zeVpPKf0EB4p4ufLE/ZWdpZq+IO1lE9lKkFJaSIwVcF

+9qmsOH/SVvgMK5hRVVnOilGzkHj5x/nobavLZGQeuzdfM35630c+7bfECGWX5muN

+tL+0ZG6Sh+zTS8FE1GfJ1ghOk8WVNR2M47iocN8Iriyc23fOzJ1AdEQA5ykbo9Z1

+MeCFbmpSVyBJ7iDqLwPKirkCddi2Mk5vv/+/4IKvXyOaUOrDCK5oL16/fz3lUuFO

+z/ItCBPamFxnvvXc+XE8Duzh1XZf+jHRnTM2io1vT7MhRZZMUraF/hN8mcYynhVj

+1f13W3pm3MMzHXhmPkN+wVloWYvl6HlPaOeDWJmzaLK7gFnC639iVgb9+8zQa13b

+vi6Mpedqxb9plokCPwQTAQIAKQIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA

+BQJWIhROBQkJvgA6AAoJEAkLEZk9muu11zUP/3gaJAJTKjdl5Q8KOUWySG12xta/

+fWq3sC5hbA0vJhQcVx11cCvtlQ1AAzQ3aa7TQcT6+a0fBaw1iz/zKTNyRvoFXa+0

+FL7QtvvroILSiY7i97rCFgeME2UypbEWHgtYA9+EgTAzn3xujKih1npZmzbqXQLh

+sRMfHJUsHRNKsXSDGbWfLTNIdND7YRR2GWlGbPxu2csgIXqWzAau08YCrHmLWbR6

+FuWR10r9D2EwfpOb4da3T1omPP0x1A+xRmcw3rvy6VqObGiRiRt2/K44hv1oGUCu

+1OxxtkpO4Wx51Ut44PCoWNwj/TItYKAKla9gJtpaWGj/hGeXNDEQaeAlEX4Ul7Yo

+el5UES1wbwaqf5Xw1NY3OfPfB9Z1T1SAXeyTS+EMcUwGsmyfSSopD5yF14Y33cme

+ouQC1hmk8bF5cpKY8TOHXCcxn2xaI9m1NeF1hky4xx9eq24xXFCESXPc48UsXFHJ

+O/axqFO5JzedalwQDyj8R/SaUf3300eCBeO6MifIWNxiHGIAfhcIFyz/5vzr8PIY

+4tdtkS9rzLi/HnrGiDtsXIemhIgOOHboYalplN4eQIpDMAVcjhD+UCiFyvw393zk

+2p8KEoAcEO9s3rmNJO747HRK7FX7aI8k18wvWrCVly3WJSQPTONTBZx1X61C2yCx

+qNsmm71NbQC/Sf7EiQIcBBABCgAGBQJXtg2yAAoJECoXQ+2pGjW2Z3UP/i0XjdCI

+C+06gVpCWADZ9MXa4QIrm+OLdi/e8f4+qhWBKk9TBCBjPeex0alHaWbdqS+819Wk

+E8rv/068+tyK9TMhx02L5bhluOG1l//uFlrpyEJpPPzflN/u0ndKER5fZoFd6t/y

+r5K0rmv/QW8WSfOhyv38HLIITvhzPbHX1uO/E5sI7BD1ve9EHfpMQ2+ePAYt7kM7

+0xvRF+abnOvOqln1SQU3ihKlWRK2nEyF0Ekh84IMPJLDcvhUalJ7U5tVFQU8l8Xt

+ImRBJdMoJ63Bha4sY5OvZI9Gi7/ov+xZUrgiRrK1XjQoU1cosSqxofQSF1xr0Rsq

+++VctOZH6pevYuC0T+9rB1aryDDIRd94M/kACyF24OpRIj6I1+Vx8cAmqAeNnNcu

+oRyKFuT452uFQLyLq9hQD++IzwL98PxQeAY5nxp/5Q/9MyNir4tDyxC2BnaQ+TGt

+WUzJKGo7Xp8QEHvuV3eE+gvByudIfe6j7AaLKeHVFel7wegejZOppC6gXx6/Rd0w

+7H4lNnGSZ0SN/ecowzwfjtRhIIy0gVIaJ0gdmc3n07wRl4v+n+AbgSi87cBx6RLO

+wZJOgLlIcbweWVJHIzQ4dnUCUW+WPbSBKG2Zq1q4Zle8/x4PwEbXrsaizzA7WsM2

+vnz7g4+sQKbP19ojfJ9Rn4eU1SFJk4wVG+gkiF4EEBEIAAYFAlfehyoACgkQDeSq

+nFRG6/SZCAD+NBgHeg4/R4mhco5LxNsBRjVbqL4V0XL721rM9p5RwT4A/2r8jXtw

+XZJzOQi6+qdKC5eb65vc15LTSYGxaMsDHxYziQIcBBABCgAGBQJXzSc8AAoJEEGq

+59zKPYNRfuoQAL0Ifh6EinJDN5h2FJh6WaHJh4I1FGGT03bZe/LwbSklHKI0OKM2

+U+QJOqIMIveT/XT7v2NbIMUZ0Wl9XeCwVicvxmUNEnDm5dxLeOKJQsty3JeUIjEu

+SnZtEbIKeEmx4RXGZ/NHBZuUqTl2MgRt10/ADQjYBqQFvZ76ou5692bbgwBGiPLJ

+ovJjHKOlmGjCBIEoNS6WbSUAkt5CWCozqupu6d+h1DKrj0tqfhD7Nnodjf7s6ESS

+TfVsF1kCnEmzv4rDScROMW7ICd/XEepBXJ86Ft6bEutGldixmqX8IxOj5A0asOpG

+vcxiPPA0b9CJcTT4sKx/xhXrFol2w/PSixt4WqI9qvxGHrRGzdhaC7iKFzuPYgLz

+FyfRuniz8JMswjwBpdeiIFRW4TCeGpAYKs6887Y24yAVoIz8bbcirjK00EtEJzBQ

+37Bxcpy5K67PZPpVoxJkTus2LXhbJA6+08ED3Kgi0NfcLpiCMFvxgU4kKXXGdPiR

+df/kAC7qgU2y6qko5qYNNEE7WYDkVZTfxeh4iXKsftRQEGuJSEYScdUD+sA+1eX+

+Wfy71xISqXLEnVOc6I1xZ0/8Xkn1kbBwuJmXyjPn8QWTBUrPCWraOZxcBScwabHY

+MtC5rJqCDSePtaPFi9tz7uE73bvrNsaetohlYJP/1w9aNDUj9E34xYv3iQIzBBMB

+CAAdFiEET3Fvmo+iyA7xteG6XjXyMd4axeAFAlifunMACgkQXjXyMd4axeCMMBAA

+tCtG4aZY7tzAblp5JfAGDoY042JxsD2SzLiteKfJDXTGrpDLtY6MqnTrMPD9zPJ3

+rEItWkm2bBkZcUJyQuT2v5zgczAiIVJ6bpw4KgIeAg7R4S0WMyfS5e7oD1nsZkg8

+GbgrvEUUVfUIrt/i2BTrSL6R9BTK2KWzJsLWxA+dlOVwQNVvZ332BHihFEVq0B2x

+DX8wBHUYZw8Jb2LMubgwol7N1wx9cyW2SSUu7V7/3gcgtb+Mk0Xo250iQKTMTuzq

+Rc1Lb/TRUFOo7qgu0aBAz1aRm/X68/Hvdr7UtUqwThQzOh4jASlotMKqoaxC3gaa

+dfSv21UhhgKzkMlW0T9YXkqFzwYUgcQCKk9jj0n/46Ba1g+XgbQClcqozd+el4kb

+hfAG2DzM5Cky6mKCsszNibJnocsAy2PRSszgEI8BcqoDlu+rmbaYO4lowkM4YwJB

+Z5eidjqXN05vFpgnMeaoPE0HOzr+vph6Bvq3PfPtYRQ25cf6wkhs7tTcqeDBciSL

+8x4RJgRE997E39MWZPPz42sz3YRO6eJrBTiwq3pQ6UKwdpmWkW9WIqRPjePw7ogo

+SI+YhXlnMh95EjVKz1ohZPwpx4IljpOOBAmDNDPt4rjxPOWnF/8ZuKwMcDVYYwgS

+SJrorgyxQua8DPT8x+NKvR+TWb/n50iLl/8/RbW2Zh6JAj8EEwECACkCGwMHCwkI

+BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCVzwrvgUJBTR9KgAKCRAJCxGZPZrrtUHU

+D/46hJEa7Zk9NLP5/wvMUqwmQTb7IIRXjUqsL2Dzyu01RrVLJEdRTq3TLDc7vsMu

+yJPJTXcXj8B61BNJy+LBxUk6ZvlAvj6jyct4sZz5VRqr/Wd1DDpw5/lfY8SNaYzM

+cSbvzXZr7pVYtMiJy4rN93E7ZEMaFi/BRZ8XF/JQcvkI1eJW7IjMTGIJPFlN1Px9

+0UXgwIga6sM3jtapQtn6P0AIY9ZfFQY10VtwXtRdOf8D0P8ZrlptQibQeAYtZuAr

+7WzIWVuPSgC05Uc4Z8MUnEVXAXcOQK+qMPs11iW5gz4hWerMfFPPLlNeOiXAZt/C

+ebEdlSl5WRDHZmSr7QdHRnmW/4txnwGq+u4M+e2KPllhkZacrwDUvzvAlupW5K1v

+kpMg8+xa/VhfY5NE3gKU769c80HOU+hpPOhbC6zODlF3cXWENotm9x2zTSGKf9Vd

+89YzVDrCxySTU/nyTrUo2IEUc7X6m3Lrp68AJn+I8flzYlwEbhquXpU79xup83cA

+hTW8UewlVVFz4al3VQnN14vjFRwvCcO/nBF5wAmFgqbwc9OLzPKOT8X3yV5qCJey

+poGQTRP8Ao9Wz078bMmdrnr7psUZ0E/+xO3Ctld8M2CaMogFKJBEkM5dXOw+iTVs

+Hh9VtJ2LEkuZp0z4AfoT9QroR1n0hDofv4TKlCRASKDwl4heBBMRCAAGBQJZqswP

+AAoJEK3Mlkc8+beClE4BAK1abwUIylSeTGVtqhrP8ZS+8zAaaC6fObNDi73xA3oR

+AP420a74TmUJJiDrDIqszzAZH1yptCh8OMqALoi0Juo834kCMwQQAQoAHRYhBD6J

+7udFjnINl1Tgsl4oozsLhPV3BQJZvB99AAoJEF4oozsLhPV3N9sP/AufjQbff/bx

+rZ+40PGxTKxVpL7sAPV6253N0oCHjeXdWYLw4IFxaQlGSgag2Fusw3C5ipfRyuGU

+jx4GCsGSB14WyruHtPn8Kwyxc4o6hYjQRDP15bWNjjVxWRTUyMb0n6IBjQr39V57

+cdQWqSoUoRBlcG9wLVewSFRtd2Hf1mhAXJBBaKs420H24ftvVUi3NOANqQMHeCle

+cWS04mmwnKIqw9KmkBEw6wvpTD+GSRzleHtnKElNlnRHSrwVoyJJK/2w4Je3GViW

+jHWB2jf8kVOo0WueMqbTTSqVkrCzjvXNAWdJm5b9s4vUANpPRam/CiD4DfNPGzr8

+/6xTqiBgCIBkmN0tbDLu1HWo5wiTxeH1ZLgOjMAmW/ZZM+gNMa3mqydTSDDLWHMt

+EM2pGhkxcb9SdYASbNwRsjx5JB/oe8+1f8cfSqo+4Y4FRV1f847j4eRKYeOcVZXv

+2h4a9HmmTF2eApc0zXfs0H0E60HpoWu8muppH0xqC8285T+oXK9Vyi3Y6eSkfZdI

+Qy/vpkqVa8FanF4IH0foJd1ntAQ8sX2PrvVYynbAbzxdFVYq6ApaZ2eoen72OQH3

+IQK2I68YD2uxYrxKp6sWSDBzVjwEl4OpTDCzYL46SkfOsQ/GKwVMXRwuJ3cXUyCM

+IAZxYTy3KKj8mfkHqPwb1MgmCS8+zEq7iEYEEBECAAYFAlm1FrMACgkQimdxnC3o

+J7PNTACePoGBoO6/XhOeyxrQ+zr+uPP6fuYAn1PZZiaMvoXITE2GljptKSj1Rtth

+iEYEEBECAAYFAlm+L6oACgkQimdxnC3oJ7MREgCfa9daxMJvXh2ocKwBzEHEri9Q

+JT0AnA9RuktkOnp5T8gfgrKLROT57runiQEzBBMBCAAdFiEEvKaJtjZVOAHDxiFQ

+GXpYiCNfrKwFAlnFdZAACgkQGXpYiCNfrKwveggAlSTePBmYX8p2DSkT7Izs/4pm

+spf0TG0yBpLrv5oMgCaPF25HzC5V/uHJM6430VOs6ZatZggi3Eb4uBpkIOjJjv/j

+vd8MaiNdEyh3oP+kAIn07GMgQN7bxkjOnFVkEaC2We5H/Pa+I+8zAGeL8NYhHWYs

+5goXEIn2VPkYYzS0s3HZtjSmAtGlmPsrHlK16ds9ZXPshDUt65yYZ1C4kZyCRIUM

+bN16o7miHOhOhQUxapAhxzOge9Xmqr1tVA5nGFZV3y2rQ9Q9g3gQkrpHtsnLMomo

+AaFjxtD+CU1dsd3ANn9wEdAgWrb3Qwr6VwSZWwFZGIioSfjkQkdTZ87WJ6B6oohe

+BBARCAAGBQJZ42uvAAoJEMjW4VIB7p2hsiQA/RbRCGomagp7jDqoYGErJmVr8iuE

+KSsHIFynVe9GwpqXAQDt+4600O5sIjxNfCPC4MqFOxLl6Oo+1zlHR9JQB2VdgIkC

+VgQTAQIAQAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAFiEEPORkVYqE/cad

+tAz7CQsRmT2a67UFAlkHORMFCQYLpQMACgkQCQsRmT2a67WUxRAAh4YoRsUgVDHZ

+g7J+RYzA7RM5cFbr/GTxYSmUEC3sFuLdK4T/JGBsYOckVOVUYsYRpY9Kgnb+SRcD

+7zKFKeFTOJdX3RlEWTFjbNDk4ax2EiMy/Xap9RPzCU0HYUZG0dOit36/YdywUhze

+kzH0OD+oEYyUT4f0LUXAMfDZgkerX+SKW+HJKrznyZs1vMc2RVuWVyM4u1GSgfIq

+YYK9HbkYGrTUBLHXHjixclktu6gzydL5Qni3PBimJXc1PtaTv9oBfFmM1ZpJhMvQ

+kGEAj2860IradRaygq8KcapNGzsiPguKHWPBCxkkAwbGB9tEUQyNAQGAcxloPxct

+hFRnHVY4OIDVYMog1muHVMujEbbT4lCjK3FzV2siVednOw/Hrk1Pwl75OYUoxxBu

+o7BpwDxMb9XxRYmyTVMx26m9n4WDj7P0tlR0Kv8baM7zm4qm0/V4FEj963sVwEuL

+lheeYA8hOTDXOUKa4GGkjUW9sRonTAE43Zp3wLNwlsky5lSHYQXhcQYcGkTN5jKM

+kWYR4zxYDL7QlRPIl34boAMKWDIYmIQURfvSdWHYF81TrHbSe2x+ti2aJVb8UL6Q

+w5o0w0ezY1pNodGe0JalXN3nLvlDpcEA+j1laEKsYYmwxoM/exmXlZqf40UK4p+C

+RleY9vw6EHpYhQ8IHegFsg9m/HNGWimJATMEEwEIAB0WIQQOOD8hPWoyXXrFUNvO

+6FfbsWXAogUCWnjbyAAKCRDO6FfbsWXAoq8RB/46FEroSfCiNOzZisoo5koCnaWJ

+Kb+iiU+Ba4KOgDQE6nOoDkoCpY6r7i4LO++hqM76pXeSMQZnzGeqOoKU+SShrGoQ

+iHwEkfCYLSn7wN1tsbVldBADXWoYmGlf8d9yWSRbn2i0JvsCv24Es7AXRwAw/t07

+FN+ouPHx2pjQJxth1No+P638W99RQUl33mFdpWmF17B4S1HClfVea3N4qTYYaW/S

+YmTDN6JGADxLU9AxXZ6tp2c3QKqS2WOc4lhbxO2LoRlxYV0r/fgxl6qk7T8E006X

+Iu6G5jiK6CiKP8ocEzaGL8OKic3DYO5MNQGxL1C3YOrFCp8jBgL5TSxOw51viQIz

+BBMBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlp4uTwACgkQ3UCaFdgiRp0L

+ORAAw7w5GIoxRFQGNrxPR0n/4d5ifZx62+nR6HEKOsNdLlgWs6WpDIVVZrWuhTkO

+aGFcdui9q07yrDtMnE4EyFRJJaWALaXoS+CiV6lTf4fmJRcb+VtusR6dkqBugEEd

+HRJFPuQ1oHnW/oOSe/eQay3fvZFt/bpU/OtfGK9b4+vyjejUfY0PFoBEJ/oc2ltO

+Gj04fPBhjpKUFMDEBuq5kMVpkkVRLugPrXJhHtU4SDvxk0PGTQa0kjbc5KhSB6Po

+nuHvkHOaYqq/xt2qjH45Uv6mXIwRx7GMLGjAbxSlH+gT9Oost26zmOFQ1SGegKS8

+5rh1kk5Q6uq4NI1diQUigDB6xYWpI/F+WqVLSom4TUC6lp7YL+wGqXAacWSRSKWy

+T6SGOZhx6S5f6GbOcQ4mbigJtPjeMB5DAihr5u2f8U73Z1SWbr12zozntZRQea2x

+HwTJ43LiMsuFnyvvQX5XnbSu9Ji2Pivo9Qsp3e1et5AkLq70gip2EQ5VAoEQxZYw

+bf2Dbs30jmFA7mHG22igODBYxJajej4TBi71IZKyjU1t5KGanVYwwoQnGoYbT5lc

+LWJDjbjM3kDD/K4uVt2hLl8D+PyGa4+YcCe4cRSXQwmFu9/cfG2OmHZvJXwYQoBt

+lCql5rixYpJUwJoLPoQkBGK5bRFSQbRYBN7nSuu8lk4fP0uJATMEEAEIAB0WIQQp

+WvmRb0b4oTSwKdqAhjhC8P7YOwUCWpbg8wAKCRCAhjhC8P7YOzfcCAC6IhsPCUk5

+DJM7Xof0xwGr73iGCMsqwq18+afbNo3PzYhNSd1PWzXHlsDsYBzjJqXZLf0wZeiS

+uh0E/0HlZjzstm5Q2NwQPqM7Q8oBfoIBEKOo9PpRQWkkDPg+3fVniBhZCJX0qj/s

+R3XSGknWWdCcWZ4YYWw5MGfuyr16HVReescgI2ZjNTN5E0FPqGaW1xRcle45TNgW

+VkXBdkWt5FxpTKiPYXkqzaprEWLD4t+HJf3ghNRbNIRqKqH83ly0D1pVxM09SU7L

+XnpWJgZ0lbCzMdZyJY7XGOqI2YcLxwXyR+7iuO7K0TM3Lalha2CL8Bwp0f/0n8FF

+Pri1RhD1QMWkiQIzBBMBCAAdFiEEIGkd/MLJjEeVKYTuAAGMIjgadZQFAlrbnL8A

+CgkQAAGMIjgadZS0zg/9Gc72Ie3odgzEdTHKdaNUAxKrlgbdk9TyD4FHPBRQfCdp

+PKuLahGifxB4tlrABAe6LtYnH5pA5PnfC0cn5MM86CCN0iDrH7LhdllhyiSqa17X

+N+/ouz+Br5mHW4ieSKgknoUYvlF/BSXmgMOmTwHW6MGE6WRu4N1xaGVrwP41y7+g

+FPTUzoflYPDFIq89FS9nmWw3ogE8Xxgx2dJ1UYm6zUV0JVHZnq2gwqs6CnGhCjAe

+SrZKJG7qJQs14iO4ZtJcAN/Lj4Ug/YkXDjTf9i490U1Do7liHOydK0B7KmV5QEmj

+VALbl8wnRAhuIlkVIIFStYl5xHGud/aUStVsUVRgOmtxHNMIJaA5PceiTIeyOWb8

+Ss4xrESfSZc+cFpdJ7sYYv8+vGBuU41ZwmOt7Mh1K5C5IavT45pUBdcH/sivRcUC

+ky6EeT3IET8CYYiWPbvokQpFdcs9vZW0AJvDlcXGfd0tT1RcSDCp0IZFlHT/pmUU

+ZL6wbuhuhyVJhJxuPTi9tvD1BxWyk1VAl4CDWR6yS4gk2l2kWyunKv2P49uI4SQ+

+sBMy4ofsK+A+bZbD4nGx2hO5AqW7h6skcSfP6bRmAuml/IH+aQ7ycXNx1qIjlZPb

+nXVaAFBAj58MsD1eSlOxG6f6kAOyl5oD4bfu2kn9kfoFfHqUqg/26wewUf84tz+J

+AlYEEwECAEACGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgBYhBDzkZFWKhP3G

+nbQM+wkLEZk9muu1BQJZ8MKhBQkG9S6NAAoJEAkLEZk9muu1ekIQAJnbn3GzWJTa

+/WVwFVglNnbCVfep6dTZiYbhSQCVq0+lOuLELm9k+DIWFU48ZT3SiewJMtcQekLf

+nChO8cTHbVa3Msqo3QPPTdjjOdHKBXrWLDg83mBjXIP3jaMFgM9/Z+GCd1LBn+kV

+CMSX1M0wmY6MOYYPgKT8UjdWleQ/iPYcJYvVmPQEWwab+Bkc7vKktHxG7cQQSwst

+EehHZGCjBxaCPJEnlfQPHCXJBU9xHHuJ4ejiLFPqE6BvERzVosJeBznz44KGzqHg

+lzU8hkGho1HVAOgl7/u3nfSLZ9sWQt8yJN6dNU9n+y8SHvpGbxCq1u1hEMA++ELI

+DK8p+nqPrW1erTHsT4wq+TuKr29Jg4/C+zmSsL/VKn94F43bizFNI5Ff0DgsV1JU

+Q5EyZN5Qhzu/1Ax0SNRhoOnja8sfA2RMFxrVkqF07e+NZk6vXG6jbcfYCBg6tyB6

+pRzI0lE/XxEhUbk3QVTGdT8/Eul7HFHx54RfMQE7F0LQvDDI1Ofu1Xmqw6YrKbFm

+MhFzEu8X2+BFC02TCHz+RAml9Z1e09aZ/OJ8WPZXApm/3q3cf/+amB3PbG1uDKsD

+i7EVdGzNM4eHvg4ZnS1VM2AtWXW9VJaRa+64Ha9fGylWDKyDViUHSqvQM5XVktvI

+lJxfL2YvQvW1M26fZuW28eDCUVqhkupEiHUEExYKAB0WIQTck4iltADvsyxsIHHh

+9++BT5KhDgUCW8d1ewAKCRDh9++BT5KhDuNcAP0b9SOU8wZEVmoCgpr0EkvZTg59

+jP9deTb6h1kFebrEgwD9FfAhke10769gWkE0SzHSSkNdJlv/UAda1ERzcnYZcQSJ

+AlYEEwECAEACGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgBYhBDzkZFWKhP3G

+nbQM+wkLEZk9muu1BQJaxcaJBQkHoqV1AAoJEAkLEZk9muu1kWsP/3+Kl4/RB6iQ

+7J+YZOd1DRb23KKgUYx1mLAarBcHvlzwzqp45SoH28mR9LvwdOCO+xqwxqUPqGbk

+HOB9cDO1Zp9en6tk8VWHOGtNV26z69lttqnZzm3CevFfW550rrNTPMXzJhKaO4ZD

+pstOoT/dahpT3DqGxvm/tSf8mBg5egrte2I5crPQqS01pjY83gVVOqarEJQPYINO

+chf2+1myWTu+UsRJdNv4tJOyLz9bKPaGCawZFPR4qn0eMcFPPQfRrBwJ5X1Tuwxd

+S16V0O9IJg2dQ/c624RO6c1jhvkRg8eREh1Tg4kBZDNOosV9+rou05Ro8sfxk6CB

++trOe+X42K4Nyt2c7lgBp/aZD263ccCoGdSPjAJvtewdn2JijGabGsX+W2RonmUK

+l6fqD/0jBFAzXhDYRSKnLB37xHUIrrI9dcr/JN1P0pbiLsPsObd9yXt0trzN7nd1

++V/aiNIPM1InEKIKnAZkx5OJSNGNk7ZZzFLeZsGfjZ4D10UiNw1s+BdF3WhJGRfR

+F2jRucJPkNYhahipoxlNXCQiLXDjHj10x7vLosPcRgtecBUIgoLt+TG1CWDZLvDQ

+2Akk1bB3Rhii59Ew6ybk24lo8Tra8TnA2k5Mf3U/aDBOBPVHxsvO7Ucmpn5/6DiF

+5O4iJ5FZnJTwxx6h3LA3ii42/NeQw6KftDNMdWRvdmljIENvdXJ0w6hzIChJbnJp

+YSkgPGx1ZG92aWMuY291cnRlc0BpbnJpYS5mcj6JAlYEEwECAEACGwMHCwkIBwMC

+AQYVCAIJCgsEFgIDAQIeAQIXgBYhBDzkZFWKhP3GnbQM+wkLEZk9muu1BQJcxrzM

+BQkJOiO8AAoJEAkLEZk9muu1jMEP/0pwutkoDwXI07eQRKOfhFp6I/zH94iqg+qk

+O5vDZUeqhGLbhEalF7tpiyGMeaKt/1zRhUXaeWeTEzWyKNQWJJaIBhn2t6AzRqF0

+ZxX6w1GoS7VZgsuNkVxpcyh7q/QwQkevHvnFlKX08dn4Exg79WjTMEFBKDywYD8N

+6enQRTiQag4wbbd4I7amqHGkqghM+HjsCJeEHsBUdnIWaMGqBp9bMQsSA9DYVCHv

+3i+5gYaXOCEGNopE3gW4Da0Tzye2bo2xXUnBVKBWnuAD6KZaF/zyUgKZoO6hYvtL

+1j13yAao3ugYSUHo1bo7lX+SZo6rFSIZQnywYZKd1SZ0sW+7LTGIQyTvZWcTxZB8

+aJO6D3/kEwij6aLo6lPi2hGnoBGkmgLk8xUmtZGlGDuEjKsle3Rgt9JFSLekAPek

+5cVfnQfBxT0CdDq1rOj4FGYPgyIzSHJ4H2j39AFFNOMFePuqiZKerceGi9WqG9Ct

+V/vHtO62HmfTaL8/1ezzjW/0GHLmjitNy37OwH3Vji/IAsYjjLroDWy5awIdsPLy

+dlWIwsKiT6z7VTx/BCK1VDYR16oL4lfvrijdNxx6aOuF0DzMbpke/JKCBML8GJcM

+iaYhIY9QkX00PFkgyE1VYX1+U+MC0pMnnnUGrRNUSJXdracGigayUeJVcHioRVEJ

+zeFFSkNSiEYEEBECAAYFAlPo40gACgkQd92V4upS7PRpqgCdHdDTJNfNFpIKeHof

+bkCkVMxYs2kAn33F3/b+XzBCSAsS/25mK9h+9DuEiQIcBBABCAAGBQJT71tCAAoJ

+EN3A9TWIEvjyCCcP/2kVbS+Bt2USLynhwRqyT4RZBHE6RAMakA9McElHfA53tx57

+HNEd3jyoy7VsiOePnuztjbtiTVJ0OclaTJkKhYAPWBH1f7nUQHBfQB/jRF0pAKTz

+AktwQng4GVa2kC20gBG/FWc9scaUvbzxt5rcbXd35jXeBFsXJtjV3D/Urpph1lOF

+CyeNj9csuIczn5C5YzYI9in+Pbcyc0w8nHNE5VMhwBQAFgkd65OeUzj1pq4oPEYM

+1V+E1/kIRuztlgIm3akg2XNWnFCP3QGnTZhu4B5ZMiGWrzycaxuV21/lYGEhf57a

+BCIf57Tzc/g6WHg9dtNqOI9Hb5NBqRn/gNF6dUL6whUSRqBKLRpWg6kyoNo37UiV

+Fc1S811rqIR8XzvIxX/9JIki3ZYa75KAyTz+Q+cgckOtT98D1B3ZGSgoS8XoDUjQ

+mza+hy5KWJ3XTmq6IdRXysoaiD0akr5jM2pFgX2UvP0I2Cxdu7mLUbT9eNK4Z054

+vNDFsUz3rMrzpedqXL7ItHDTpq1eFoGL0Hmd1ORcOx/NPYt06lK1zl7lG++099Am

+96iwbuP5qcfdJvesmrZnZZYz0K/XjzT4VAV/RChBouBrNVQKByiidVknmOmh/8mj

+YBxtHAZr3HZlNiqFt1FaT5nyCuxvzG9/AOMQzSFbjNQ6+njW5DfnRLiETHGdiQEc

+BBMBAgAGBQJT8McyAAoJEMx52Apbt/xR8hsH/2HpK/iPnRuHcIZiQwDVxM5zH4Vy

+lQ+VptcQjFzMGngIqLuB2G+Q632VRZHgDQCsSLtDocdOLA3c62wJdrL/4alA9YBr

+axMTaKyMHDVZ9QNUFnmCFnLc4TXw86AIl2nnInNt5qPFlDA9IHHnH+MdJEgK5jTZ

+2IFHtre8idPiYeQIdvf24+Hecs4Y75LmlWuBQcY558NV4Th5CCdvfXD1KRZ1sAQ1

+oTT2gFbe4Deq1tojHsVTBHHGXQyZtzDgfumEpfhe06QWKpQq9V6U+Y2nuBPjZZIc

+vhEK5bd7CnyLSiW0wequEF62guG811AuQacoiNP9nMiyQTPAJ7pPXnikdCCJAhwE

+EAEKAAYFAlPvmbcACgkQ3GhqJ7Q0gbByMQ//YV8E6uSlVoKCa5kfrJDEWg4mhgmi

+G9V3c9Iz1Tsl9RlOpSFWjJPcJUjVpmJJ0wBuMbHXOb5yGxNJ0JonRwN2enJ3X/38

+cEFY4j0atbvMFCrIs56dMsZS97jQPZLj6PQUCpMSM14ysYR7G/q3HOH7xJvGObKC

+deTXoSe+V+5ZjIMoCWk9OUzjznP+6YQfh/oAVh5Kyuz4zXo407wuX/0kbcQtdzY6

+CEZVESAcZkTX9iYFVSWll8DRGZuFZ6kvze4Ldo7X4dRG68+49OEvseTW0n5OPrwR

+1syn0/EVtPOgu7vPcMW2FuoO8RxvH50mpgCKzZXUttwqBKx7u1DTsSoz21MS1wxv

+P+wZ+R3Mv4JM3++zF+EV6ceivIt/3kRbdW0ZUqT/SVrhT/mgtSL68FgjrLnlosNn

+cv0OHOZaxcWLAuhonvJa+I/uahMWQ0aWdo/AcTPeKmmEI6gGedcBMl+8jWMrI+9T

+3ko09oBQbb7svjJTkrk4N8w9Bv58KhOpO7vtXiMQ8N3TMNrTVgJeUg9KO3bDNxG+

+eyHtxe5d2938xdTt8C9gxxUKr1WujMPC8ik7Yuxj9eYrVOhzuHAIjp1uqR4IDL4t

+pJoUTCTqvZtWDqB6nls7/CUGxC4ofn5H6H/0bt+PSOj7yjHDepd7yNsoQMsfLi1O

+PRxtGaKRF8j4EJeJARwEEAECAAYFAlPzp5YACgkQj/HLbo2JBZ+/Lgf/dklSFotm

+qlCsviJHIEq3fB1fdj4Oa1G1X7knZ/Fnhiyql0cTW71vtwMa/lo28NWt+0WCtCso

+HY73KzWnV3CLTkdOxSiRVFoKSrJzbM8LLy0ojTCwiou5WriAhj9jv95iL4ii4sqn

+hUMEpA9MqedogTOtKW+5ELiygiYTh1u5QhRF73GS2Wrd1USnpOxoZJrpBBWwt6fb

+f+2GBjKR8iQOVc7aBPUvbzjJUD16+0kWXTf/1mb6UvnS3tKVDjHNo2FFLGAg9kI+

+y6HU/K+SbjThKBz31KBysLisRDvK2L65IFyUoLIdVZy2YFuc3MKD+7ySTGYgUYgz

+hTHPmsAwvsOAyIhGBBMRAgAGBQJT8fyFAAoJEL8zmr4mxdKGFQ4AoKVe7NAGmJPS

+SFMy3NcvFVsWoha4AKCRcVoy9yBgM5UcNZQCBH6+9KuA+4heBBARCAAGBQJT8lSy

+AAoJEPfVyb92XGHjlhgA/1iY/hHViepXECMcGS0E6FBFjlFol9Jt647XUyp8l+2N

+AP4x4pvt9GFzrCjxQMfObZrM9rOZ+KQt4sBznJc+0m+c34kBHAQSAQIABgUCU/R5

+xgAKCRAEbt7m63q3TXVeB/9rnXeRG2YWwyDVhE5TUIwSCvYhU+vxqBXLzd/r+hOI

+cUeErLZQ0mBiJb3WJKdOS6MWATEi89urDdfkEXNhj2gylhiAV0/onFlErMwuWFaJ

+m+to8Z7mwdn8ckm8C35I3Mk8qUGjc/xPDAh4oL/5F4NpTN/7vpmd5gZKE58fxGlt

+OwTppIkYdSCi4Q346Ggs11xt5lxNEqUpv89N/tvx07E9PRUt/JYCW3GZ2S7+CfEU

+R6Lq8pXmJN8yx1LziNWRmtWrUaqNUxc/xGuhJqx6d5gLghwxDyt7ClHWJEa1v+LT

+O5gnSTzjmWmVFVYGxttHmoQfIcJSpRQYMgOK6Sw79Am7iEYEExECAAYFAlPxvycA

+CgkQv2Bwi0hCbH7TEQCfQ/uuroqOkNrcbO2AVRAglRtnQtEAn3ZcsdptSytQqXg2

+P+kt2oukG0COiQIcBBABAgAGBQJT9JUqAAoJED75BSOzBK8I184QAKN1nQOTvKHb

+fboQY6IxW0if6D5qc0l9qVi7wSI98sf38phSf4QJRWxhUhhw2pNjM+V7tgaiGp0e

+clrg5I0nZf2La0VlnBdnHgSQV8x0CuPR8gfB2wCmpEOTd6bB+D9avtQbOqhiD4zr

+l9pqn2udbCK3SxzsYLIDYU9MHrSQ/4yWO1eq4UDYpVf26CjpGwjBqV0PS4azxrqt

+CsctGm5CbPtz8J/YJlniI+GADCalEcAvTuoUcz0kPvX1nqXovSS8o/NjB3iwYx9I

+3hcQBCKMI6GoaHNPiLHL29Tiue06mPnjn6KpMwkG2JW36GemSjPBlHrU4JjzXavA

+AyUACRO6YGEopndeqAnm6iyWZNXziy+r8IWM7QWgsEVtqg09JwIDRpxTzvYEf1LJ

+ZVTgVy5NChK2X/ESAgdZ0MRc7XUW556z8K1k+74h3Hn0b5Pri57PdRTDukERYzOz

+AibOppPC2V0hkzRI3hQ6IDBdVETkwQkNfVZ/gW10Q/ZOpB9q45qAqd7NwrHBKlgH

+DuuxPYnEWteEVAN9S94pcztXWaWVMAKdXHDVOcLHUR47wfbUSX7KphddAskeD/VD

+A2/ghP0oVuHsyRI92Gmi0/63MvPG2LZDusMJunuTJwdtybaGvDbr8bHMCOfeENMS

+Q/66Cz62mHeIA+6tSQoVePHvAI0DmwnmiQIcBBABCgAGBQJUA1RZAAoJENAXjHZ9

+Bp7ms2oQAJyan6fSiXp2Cn+jIu2aPrhhztE/9OHBfo8ABQb+s+xh7oIgOlMR6BX6

++4c6zmJAYFSWPF8lBPq25Amnx263EKOGrnWg9qSAiPGuoFpJDXdjGlsOBAr9xJkx

+mNA6WZCyJEKi4hXSGD0C/O0mfteO2nY6qAQw2IZA+/Vsgx8z1wxvFqUGXH8s8nTA

+tU0HRyqPYtV+LeuUcYUUFWJXpsGiKe8T3/8bdlPHYpgpMh1lKlGDvNjdesZn7fMX

+a2wTD7ZjPE6wFykCgsJ5E0kLW4YoXUwObTDijxO/Znr4Tjyr8Np0vyOjErsmWg9v

+Xr5aDxTkRkMGC63ghkMvOuY7mSxr+c+MtBeUgrDeQam2jNLlQxxXircra/+FI2sT

+KPYaG/BQhL01y0kj1vMKCZn5hkmewsWFw3kUsFpPsds13dicjgGOVbpjJ5j0UZtP

+ZNTjD7gzvKPybJG4/7KG4auvvTwIs8HFzdlXmyOf+1H4c/WCx8jci1+TvuKsbl/K

+owQa267N/6IQ67nXg5U3itMCrJbPrHctSs4pUOiy2LQiwxVm17YkK32mNmoaQc2h

+pEN6RgcX4khesnzMnzBNoAj54D8pQir3eMxP1JfItO5PdXNJStE5a94GQMy2Yf0a

+CLkHNmxi4V/wusZlZCLdDFpJhpFlmWrOHrqZp11IYPRtgSH7a640iQIcBBABAgAG

+BQJUDFXQAAoJEKcVVWcycZlIU/8P/jysec8NQGffxymSyDs62EpRATnI08vOw/Jj

+zbtNR2l1BcYjJgcgbBWzcF7n3hnD8ekXEN3eTdKCj/HBMT7jxZNLhwN45DLGQxAu

+ZsVLSbDy5x/Jny6atzty1iYblrjr8XQO/NmCtvRByQUgYOWDycjOMYf9Qi3jYyNH

+pCsHarDyvQRYqhS6mSyFgBDh5ZcshBsx+lapLrweQpxh0uzZok7dh/IDzEIL7UYn

++wFk/eyJPW+2g5lNGe3v9tJTTLLfpLXw7lGSVrdvCkrrWkAyTbtgbe2JLBtZI7lX

+r+c4wqP0akLumGFngiXs83AgCq9PQcs3kx4CB9y9/PFbm5TZN+VhGwTavsPMCgcG

+/2VkR5f7prmDUhfDypkHI5St0MyT0fIsOo+tM/TedYZUNPClAgbhu7HWh5993zsz

+4KwF4snekRiGLnGsdMxWfDHg0oHHqIh3wZcx7tPWVFFLNYOK2F/+IlwQWZNhdp7l

+NDoQvXfgwxoqstcVr2UF6YbBILPCLtG+UUxB5sBkGgtuO5gch2Xi++jqUMbpZBTz

+4zXsdwydDs1rn60nY2gYShtMs4H7VfuoGJD/dcgcwhI7Tw6cD7rOhU/evh33/PjG

+RXgngQZTt5he6FY/mr6xgro8FfhVFrjrs3chTN52seVkAxfyoKruAGKCNdxE1u48

+eIreC7HeiQIcBBABCgAGBQJUfedZAAoJEPKEaxoNMsRCMa0P/R2SOx/QHuipuBu0

+HBqiwp1Jzms0althG907o9PD92H3K1WNNWZ28YbQkSuiyuBwFL6L2yJrPFti3f8v

+3V5qWp+j31jUTGvCWuafktQDzij2HbxVMitoL9XuUHS3dsvY47MFdtEoc1F//tpw

+5LZ4r4FmVAjfolA5il/wjx4q05d8Jo1TtQZZAhROWUTSHQeZTvVziwMpj0fJuDFm

+UZWSAa0vZ+V/ifemgngHfQNh7KlhOJJEbq8+HWZ3uOXs4Jsqx3UirwcriPAUk+lK

+fgefaS/4TbvRtzrLgatOwDKTf0wOmLft9ceMpp+Sg8Jg65KJ/byVIK39vYYCEfF+

+fHaqjlgzyxY0LRv9jmR0PVghmgxzAR94+GkLyD+FoN5lHUSVVHWrQ4/kxeujO0YY

+HHps/J46IoADEjVjsuZlsDIrvz4tnhmY7utUaq7zBG/Yyr/kl7sX6StYqa6curTp

+Oo7bTYbOnTqfIdnI6hsXjjBdPQWcU3isqTPEqbe8tVzxtNU7RiY3xZ4HJJSs04EL

+Od9bwCoKB732DtPQnYBMhm4JP5vjb5xiiLUw/00O8qcRGpvBnhFZOCwPBj90XO/I

+usl3RZN1alUBLOhuJ8Aq0st8/kEZNrlgqoXRrSkWQuU6n+fpJCQf5xRgO4odE6q7

+uZtnorx1fAoqtj9A5hgjTTkf/0SfiQEcBBMBCAAGBQJV4nwUAAoJEBl6WIgjX6ys

+EOAH/ihHL2NLHWHMbrCcV0AoAGnLocwi8m7A9MSweqTVapKj1nz2NoyJRHcAvMop

+Ik6H9vGJIM6bpPPjBhFzZPK9ROvULG3pTM3I8Q3UNxsC+29v3rU77BgIwfkDYsu1

+1kAb97cpRa74+gzUrShrnp0NYoirpXU5ePwf7T+epc2mJOfeX9aaTT0nyZvxYfjr

+HnsIBwoWSgk/eV0WThat/7N2aXwHPMJwjLc8EvtCqTLxUKrClhEHPBcCMjogh8As

+VvFkVYR2Hpm8aaO+hGtkdH3N7F4YwBVpzs/XqIk4ayqzWRL3pXQ7WGfqVgTY/PNt

+uNI1bdqQ6u5HB3A1RUHB80Mg4h+JAhsEEwEIAAYFAlYNs+cACgkQk55r4eKfw8yc

+4Q/0DC4osIxhwkfz+t6Ly4wCatnccCDXoCxk5ZIMQhzmwyEujU9rjNSuayEb5dZ1

++FXzuqmFqu4PKy2yRGdOIVpdvZZiQ0L9cqPwZK4weJDOJOKbrQeqov813rqN1Ep/

+pYIS6AD5hu9JG6f2oJucdGca6NV+2DzO0yWUlt64LZ1pjKEjrm36fu0tc0Y0cFnF

+W8o+FHtDQcbWBZTR7LEYF4aY9dqvRO4x2HhBwWsIUmTSO2uUAE6c5RPMbc46IKRm

+c8vkUcU5bX4fDonpb6zr6q2XaDUY1R2MDEex1XYvA73aSlNw/DXYPl4/LPEENE/M

+IGqjstdb+P8iQNSHvRQ2CgKQ8ff1RPPdB0d7e6CAyi6dcEouU4fwqX055CZUR5C+

+KdSM7UDe3IIrSNpxa3hodMu8/rhay3C7sVUqy1jMoAZDVkrYatvh/EgPjFPh/toj

+szQAJM1tnEHUcT9xNsXGD2JJYsCrxxnLg4bJM3Y5uNCq/7zI4cC8OWEap6FqFNwF

+zSlrI3LKj2M2/DgQC7/82lLYdb2Hf5Pk620b9ousRR4N5rYCNk+YgQ5g2y2R1la7

+0ziss3+kSwY/xe1SZf3HkhOrJIekJtR1nKv5SdcZcB4+P1JxRz/2MPghnHfA7DAG

+JLEroLGsoH1CmFHxf2fzv2X2OYJRlt5gQbdc7kPHW3elL4kCOQQTAQIAIwUCU+ji

+cwIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEAkLEZk9muu1wLcP/REy

+UVsCaatwpPTxGV5QgpViQLQoSM6+Sg3ipVui8D4zyimCoGAckFmjNoM32SF/zNC5

+/Vvg7P1oEUBjroffQKCEVVuSL3z6+MmegMm3fXStpjc7aiAxpAqVw2o4k4laD/wz

+OIVkx3v0fmdFFChMDt9zVlPYfPGm9PlV34nJBwAro8896mkddrJT/O6/8Wd71DCa

+ZFusdbpvskuAXaBeYawqSb29FfwQ6HPcj0+/OqyVzoxkEmpMtgVi7Isc3BWNOOSm

+ilgOk2mWEcCzlbCZ7HqUB7rVmQrDlvgxDcyU+9mRw3tF94VCW97CuURDeuz+sew0

+YwahobgzBmE4dmwgQoVWPe3KDYDjpYSuEw7UPmiSgZdpHoX2jHRJ0oWHfruJbTJ/

+xgUFfCw1jpVA+dt4guFjlFbDH+qOa7kAZq90tdWWZWUdmWo0wmMS8f7eJdVtH6uv

+AISTVafqXY4cWWj8C3xuO8nFfwWZEHhwr2RrlIJfpKdXPSSuUo8ip/oKA+FP4ZkG

++o+IP3InvfefymGloBP2tewdhDsFnCDLxwTH26tqdyhLkUga2SuowjI6HrWyCDqW

+t1c1jDX2L8hTx5YhAeRzdE/7ApjYgbhrkQOO4DAarEpUodHmdecNZq5Ho7buKQ2A

+lyH9/0lvNUkk+lunfQajJ160YN7VIOVhCj0nu20JiQIcBBMBCAAGBQJWYCL1AAoJ

+EDJ8HvON9UwyufEP/jjhaTtmvMzKLvkKgNLGXSGvmeRB3Hua3VSc4sODK1iwtw9L

+Mp9XDsOUKoRYQkQlhntFoHy8Y7GD3jTrspCfDvf2fnS3qhkv335FMgSb6thdmyvg

+rVA3jpWwbozdNwzUTZh9P1fqyoUWFA87n8jLEUH6j8eMdRmfEciblRYNB40Pelh6

+JOWyfyA8p9SaO9GW6cKR2rX5eVDtXfV8l7fbf/dQbWczoG11kdyIsWzlP3NY94Ct

+fYztteA+N8zjNyN3O+tzlaJ5VSxBBP1IMgDvIW35vIEeIxzBdAc/ZTZcMrpLQnr6

+5zVwv5i7xlIXsog/bzr1FSecdqRm6plXJv29UtNqpyYVB0HjtO4GLPl75iu3LG8b

+HpINi7KhuObKY4iI8NaD1tUg/0TDUUwUIRLB6i+fXPVwH+O5roSQ808PHgzh9ZFN

+EKC0H/VnM4mf4AGZkiKchCI0ycIS42lDE3DsIIPNKDMW6gE0hWXV8zglzFA6Gp/z

+xnRdLXNCWKXoASEja1ReRBI0H6YK4X+DbCmO3U1KMZ6a08lDWrI8ba/zqP4tSC7A

+7C4ZKqwusqYNW+zxqtF3LbBXZLlIbbef+BEPoSzVIIzhKgaLy8D7UXtOSGq+NGz1

+4wfvZe2wCnzJswX+sZImNDQ5CRvCd9XcS8fdlo5kM3FQqi+3Vdq5DfHQidSIiQIc

+BBABCgAGBQJWY5f/AAoJEPwbVHyNgXLICIgP/j/3xcUKk2y3OHzeEIAHUOCrWb63

++oyaSHh9qu5KwbdXDPHbmOVUOw5ziBzp6myx3AoThZ2AvDY3+PElIjsNl3hjH7vB

+hns8/O/WY9zsLx5X6/Y2SKKJh6WjgpMwXdoH5i80Mf6i7eK2OB7M3twdX9jcsNYX

+RElmTMIXJPVENXbuwXcTyQRUSn1FqHlhBSaOBmZROQulH7Yf1hMJmTzt2aZHut0u

+BGFe+rVQh4olfFiTIT9T0OEk1UZDbIiXW4hEwraHlVVYypMD8brZ7zWcmqNHaeSy

++VJuGaQ2ByeUkcxHtQkzDHOZA8HK6mfpZxS+jcNLsNrQJvYAM99KGtyGRtMsiyR8

+dqot7vwO6X30Bty3Z21TrnG15fBy/ka7nvFnancZHEWBXdijJxVvuSeQnNyP/5Ff

+rjOIUGkyGwNFnp6TsFqWoOnUgwTiRRgw1pO3pG8qTMAfAFUGdT0jyV3w/LXwp26i

++rZt9KkRs6sPR5FQDJ6d6ZcgKlqCQVCJnDbDeE9K508/vakmqYwtdWf3aSu5/J9M

+3fPXaHC1+U/SBL9a5G48Xb3VXFntBUNY1kksaxjDN6iHOLTjuzl81CKPDOqpTjUR

+HFuzS0o4guZRNqwqZdVVu7OOi3hJHaQ/xnGDSm2pPuzNRGagAjjMsiS/Rd8E8gF+

+piDtYu2sYS+hrrc/iEYEEBECAAYFAlZkT1UACgkQYdhR2aaCIVP+0gCfaLVPaBXI

+YgtH6sEqd9GWqaqdJqkAoIMKo7gHv3erpwrx+/4OCjmmdSGUiQJKBBIBCgA0BQJW

+ZKHNBYMFo5qAJxpnaXQ6Ly9naXRodWIuY29tL2luZmluaXR5MC9wdWJrZXlzLmdp

+dAAKCRATGO+sX7vbziIIEACr36EFtmGtNlNYS1cCx9q5oaaH2r0Uh8ensIpogwqP

+0gt+jBwroaPtekAz981jZwoEydR6iuoZEBz8R0wG7aXhP4PXY0DUdFd0K07I18oa

+u9O8HPYm5Cj2fVKNPsCJ8bASoObVjTMd91IRDaEKz9W0Z9baXzkflxpheeLh4Vud

+0ZrUEqD6AO/45h8zy2+GMhxckpr1DIfdiTVsA3UjFC2mUVBEf0iTB4bgqHj1uRFd

+iBrhV0osfKO1xeh6+PSN9/uJedxqQm/la/D7UBiqeUC2Bb+C2HVag+gfRLTAX3Gn

+AmnMHJKz0pgyCIKMSp+Kyxu2O0lcUNuQrbUyxG0Rj8RsMGAPDa3X2ZDVFiRt5xVO

+397T76yDDcK6NJcaGLWWodiWulGrZ/hNFhoSR3z7HxtBG/BOKjuQOAAY8Pm4xQ1v

+L1as8YDmS55zKDMARwjR88Z05lexjrDHQkXrT4vpxgpKV+a0syxPVbaz6ooNdqpQ

+t3nsebU2O1eKRqqsJZ7qyYHrWeDXzbKRTd2FBk0lO8aZgNVHGvzsZmAUbd/Y0RIJ

+NxetydTcGO3O6sO0AJImMmm0T0R+NQFP0x+7rvN3vcpq9MH3MOJnESrEB1JuVvLx

+0vUFho65rgfcdzl8xQnZWVOgvBcVnZYHICML3voYgcj9b14B/BP1biykLCik57BB

+a4kCHAQQAQIABgUCVmnz4AAKCRAgZwAbG2eKYz5lD/9z3JwnujMkt2cfrI2by+Dd

+jRnw0mnLJ+G3BpiHDYPLe/IrBXthIIs0K+IFffoEQFWpLId1RrM6pjnLWETONOQF

+TTkui9VngcrAJ0SjOiL0FfJkI1R0CIkPlPzY8g85r7TD54uGPOhCafZWusABn44S

+xmTx5Aty6d7bR4dgUdT4omT8kAIrvli5WEBXj+SN1Zjyd4LqZ/7Rf91ffnXEppTZ

+xKaXCslrkhtAcVoCDlQyJ++FhTx4gw4uCF760COQ2r/Dgg+oZLjzi7m+JW9BAg9C

+H+ZQ9Ratuw4jjoGUaaW/6uglzXoaD+0UCp8rw0kZliudpeFGQkvKJHcyOnpV/GWB

+LbiwUZG/bIVXVdgQHI/7LE2x8deLqp6eIX/EflRrtzERsbkIAmqVoK7czXIjVKj4

+17Q7pAsm2SNQXkMk2ySLObI9098u7eNCAd8Bc3qmmwilZozJAjmvotcnnhyXk0c5

+a+Ao8YIbpo04CPgvc8jij8ZYNgS6o1oq8DyY6dGKrh/Zug9ZVt14Sj/yecpsJJeu

+tEyD6smj7pqoE1piUoFKnELMWZUSp1qEMFx/Zicfgn+qPGd+dfLBvOBhY1RIEvQG

+wGEJXHXlWGeVHiuIZvOV4QKXzcO9i8VQNHJCdiLnNZBlvh1u8KsVwGpRFCF3sPfS

+rkzV9McXzFJxYFH/FaL17IkCHAQQAQIABgUCVnWlcQAKCRBPpFehhRTMYwuDEAC1

+QDFUIS1k7r3K+bEPYmIYtSU2X6mlJvgHj0NfmWj+pZ8XX0yVgOUR7MridQVYBxpV

+C7NsJNwl8MS03K+RTD43/0HZYfr0HCY68jGPws2CbN77xJR8mWXMF2qOPw25saVd

+jpcYqXk6kMG7Gm3ppJZtD18I/ifq6tvTXCuXCAx5uNx+2oiAqjt7Q60z6QvsETN6

+N/M1hz9TNe591KnepBo1OOmYEmenCIaRNYwVl7sbh7fQUfXlxOd/k8MbZ8e0VLld

+yEhPX3fKXjlVOPhAe4hGuDONr3raDJXpouzQ/NHfbMBW2Nc2XiOP+8colFrmYQiK

+ib2RIVzi//2vfvqctI8r9CLNh1u2FRmSQyjtKZqL7GYLJpQ+maRbCmGRiIPwaH4a

+f5pgQzoJnc7QDf0Gp+/ytX47ZHNGQGeubMqGKp7z4ya06CAJA/2QwUBsP21YbLBA

+cI/RVdFoOqr5b8LdviotYC/hpyJKdntz0TPWoIKohP/LgPcEp99jc2atr2OwnNCn

+H4LLUEHbdgQslmDbvR1S1oIOAABuQe//+8ewGNiFUmHScMwCZ9Gvya+QzRVrTUvg

+OMyXswX9yigJsZR3HfBLh5u1P5CaDdb0/GwChR+8zWsvv6v8dHZBnZDzdElKiKp8

+qC+4V+pVAStkkp2TzsmprGNKoK+hE47z26cKH3I7rIkCHAQQAQgABgUCVnbDXAAK

+CRCnIdoFU3SqT/rbD/982hhJDcIUrSyOyPswwJsgu3ygC06i3Cnkfx6uJoMP8GUH

+0iKf/3nFODFSMTFhfRWW+w6sdFLtBx2zXbFLLB8Ht8o9xeDAMlpvAS3v85zoptqC

+FiHIaJ0Ak2YGPT2hhhzm8lBz6IDuAIibSTdWMOiiWDW4MMKWAdVl1aI9coS/gl3h

+goPHM43Dwa1MoBqsSjSOreGV//nW9LOaoyu4X09yDDsBWSc5Pd6bDVeeubyKz3nW

+RPzorFrDsh46q8erjHX/8YFXwRbZUZBx8Cq6ni7lEyf/UELlhetxky7WnuhBizcm

+jZBq344MjasTEes6q0xSp2qpKL1JSw9s2234FCszcM9fnr0B+UfhEA+jPKFifh2h

+ayww9GF+XZORYn30W3GlDObBEEegtI00Kas3h6fAEVUqb+KO5CSARGyPGW6tSlzS

+LMCsN3CDSKG59Bn7wNrVpRnJVJd9GJPSjaWiJjPHaIiaACGGe792z02c6l108QJn

+XuS3Q484KJlcUaIcP+kEl65ga/fcApHhGSJvpOARYfcn0b+d6Xo8i9BccQ67JOnA

+q8BBLcwj75qSVzG441O8SEc9JYOW+kI1r97mtoF008xStQwsYM9FGNWotMkEe26+

+5UjwietCC4biTPV0l6QfkbA9oki4WrEBiwo8XjTo5fNd9mozi4l6KV8nCq4Ylohe

+BBARCAAGBQJWsiGsAAoJEPfVyb92XGHjOOMA/1dWX0Bp/4PmBTQMxRs180wkeEZH

+ZoKBtd+V9tjAFTFvAP0fBMBvmBIlKMJB2eQNeCWTQ4sGVZVqnhaykmfYPhs2pIkC

+HAQQAQIABgUCVvZqrQAKCRCDgslcKQI9+b5OD/48///lpB8a7EW1Srx3I+soJh3P

+1byu2rm4diE4tAIYVybsufL76O1C2EkjXamn04n1Nb18be/8NnpIbFQFrasG5gbr

+szxjKMny3WvDMA/OzFeUbjl0qjfGez45aOy2iR9FChi5Atx9OqdF2gStyXiw5xgc

+aUVlTQsRVTieEyX45Oh2/1gOAzfYdxc+VxrNeLTv2du5Cq+obklSUtYJVW2Xd/Kj

+zeA80qGtKVocuohjG4Na7wKE6kezG6l5Z3pqNExDNlRU7kJgLh1ATNDfBwm+A2/O

+HCItGmn3iqRhFSQjv/VME2u3ss2mf024/5I0VADq4kLkyr8OByFrkrN+W0ko0veR

+qmGysImyGyxao0c9ApMFB/SSWNkJDGbU/YNoio2CzL7tPGltJfRKNNbAs5fXv9ch

+HgA3QeuYEH+gZNB/+30ESdBhRSI/8tFXZJLP+vEi46Ocffn/TZB8SCyDLFA1Vmus

+2kOmMnnKktlqHbDOG1KCwepsYFJoImChAZI2XsLNAogh37u3uXLZg0JN3AWhLXb3

+56a41kNPBH3Yj9Pfvpce5GBZgV1SxbyKqWs8ZtIHuTfwljb7k78HYC7jg6wymjLD

+w4g4RpVzrXjuDZ+hWFVLoQAJas43YesVthwT3wWtT4VVF8hUfLTrKO6b85Caf5oL

+g74crfW6Jq3lluittokCHAQTAQgABgUCVyUSLQAKCRAJGrhWBpqqHEWhD/477FmS

+ehCu2Ah444QCymN2L28yT76clQGAgpPlmjdPHvKKLUIgj4Hn6tOIYjE6StaYm8OJ

+blqnTlSa/ZerqLj4F2Jbl/BBJEv9lh+3IUKHR9OmzxDgQHMX5xlh4avowwY2h0Kh

+fgS+8jNVFr6qqvqFl1zNEq9Rpu/9ETuORpEncfMrTrDvk+GW8qdaAgFE6myGiV60

+TUSyrGVYZhgeH4D8mIVT6eWsGstbNdNTYWCW5ypaWof98A81jQEhVvUyJC/rHYrs

+Oi4BEiGFtyA5GWQ4kk2/B8NOSBVah4MNx9WUMjBx3amGugvK81si7G1JYyqOF0Jb

+YDDX+7dFix5k/giHvFBH/Ijj/zNa+R56jlsrViUFRLeAmdVTE5mjA8pp3otB4R8Z

+kysYs9QnTY2p2NxgicjuEnWEsLZed4znOYQ7lAKexp4UCVY0KBw9AP0RdNEEiUiW

+SPl1jV5ttVeHsnWgR1cEuilTOsmURMP4hGoOMKFJYFSdlWBualHHUWE6XQ6c775H

+U73aIZSNNWBs013zUbtASC0ddMD9gx7keBafkhfskyQsfrNVanoT8h0mLPQq5fxw

+ci/XA5by7sjhsSxWoD7bvl1JgOzCReSbY/xki0cYJA5mrPGKrdlRxoKbkY9fdjxp

+UH7JmMFw0i5uUL/UvVvFu6YiA2k5T3CNZzQ+GokCPwQTAQIAKQIbAwcLCQgHAwIB

+BhUIAgkKCwQWAgMBAh4BAheABQJWIhROBQkJvgA6AAoJEAkLEZk9muu1OloP/R98

+y25Cz5QmB6yQovFvi7S0YqmbqAKqPtYw0eaKNualskCA0jY/L5rjbZ9cw2Cv6CuV

+fwTFeZT4b/bTfSIRlgItFzKKRRaE//UnvFymipp03erA6d6mDc62qQsC8U9wsUxy

+pcivDw+Ui8fiRuL3+wcCETlJ266RNp+mPtG4YIHdKRTDnc45wzs1yf6nst6SMVEW

+P/r06XKaNHA7X8DULHkzn5jRKlOe+6ovE7hwgH4c5CtS7yVlQNLR1w+Vrkok3Qff

+BjB8jr+z8WRleD5u8nkK/+IXKPF1tHmnCzV3dZ4QYQ1RZ3CyIdkfxKsxBmuFFA/t

+MXiVCVPVLE7W01VN4KuhsOLdm4dHabXZz8eSRE1XxDnfOMOdheHjlFLZEuJXzp+W

+nj3AqvRPhXDwSLKfjggh6WFLid1baYmlSDl3J65JkNfSCpPS9yv6ZDDeulcaUtvf

+u+rwMO0G+CO4El5bvAvyECkKpJFLaEzykeuQWe6YFWGtBnqDDCTTZpGBZW9HnR1s

+W4+4Nr/pnJER/26zj4UWpk3Bo/kDTvT85hD4mHI2pd31UT+EOK0eXvz28lcfyej0

+FLVwRTgJ5/8/KVcqhszenhNvhEOJ0oKT0jGVvSBhwUIKxrI+MZ27Bwvn2SSG/yvq

+FU5840Qs8UhV5hVy2lT4wkPzANZbuSlZVcw3qnUoiQIcBBABCgAGBQJXtg2yAAoJ

+ECoXQ+2pGjW2IasQALPJj2NrH13Rw04Fxw7mGwScQsefK1aj5mo4pY2wt5sIrH1W

+O50CCuNZEStBO/im4uj1Cx19Q+Tjj1Tnq5/yGWob3VEOiKu9c039a24vR0cEOY/y

+X9Zljh1CDODDXdqmy6s3MBB5jmFzFSYoTBcKSGd2QdsNCtW5lAwpiR7gkO59leD6

+VfSeXSwJ0AhZZU3FYUMoT/oqtaWX+NLrTleJbeKl2cLwuOIb3AATVjhqh0Ewc+Iu

+M+KNY5GvozJ/0mQS7l70MMSZrvo3ld7CDyD7m+7Rz4OaLPnvjwhWdFiC6eBeaRzL

+Eqi0yPgehrAzwUuBwfIk/bakPJ5Oz+p4W9PjJoElZQrq8Dd8He6cUnRxc02Fk1lj

+jZCKWEuhDxDx43pdr2TeCjJ6UXT5BC2yaOLpz21GVn7tLlU7rLK/E1b5B6Inh8QS

+TNZKA6/Gg8zVbypq5djXhg2VIHUu7eQAC3JHb6YsR5p9M6+ayT5rvZGYK3kU4HHW

+/ACjjp2bLIHZSk6xctuxRLGuWv6We0Z6QovNkziDMPMCyX4yYxl2CFDioe02wH9E

+iXNjXy+RgLhYlTTOwyVIVyp/7WYbpvk1GCkBk9TAl+FBDv1AQ2vY1HsnJOsTDWoo

+7IDSYJq1lZjZ85Vb+uzyWnY6GXZGTVGeBed/VNGaPHO1Ws2WkKUTJqz7PQ9+iF4E

+EBEIAAYFAlfehyoACgkQDeSqnFRG6/QDkAD/ahSoG95IpBdHtEhw8RMupMG/4cMA

+nrNU1ZJE/mbfrGwA/jA2bts9BQiY696hGONKSjhdQn0VVXERVRVOAeSPptxfiQIc

+BBABCgAGBQJXzSc8AAoJEEGq59zKPYNRsJEP/2o9u2tPMPwiTbm5uXZYrcSxreuI

+qc5eo0Dv5uloSEMMIGdo+I/DhcnRBFQ92ppOs077MgI/oVvpt0CLA1+SOWUdaQhk

+SEk4dPu1xD2Z0tkKqRWLcQcyjflnkxKxvZsnZ1oWm67UUX4DqMcy0CcuYtMysdMX

+hSIuCre6JIuS1yu/bRGgoy3BbbhlYgBINB9md67D0YTwx/Bp3nPvaLbj/t+JzVMS

+npQljgrApKO9FvHw8bf2Uhj7naDr5Cxh+OlPFLmzDAu2v3tD4Zog7QnG2iThK7ni

+HtbVgFgEZBAmrubOraewDfz6lOOLfWGk/CijxBqg0h7dGWAR2ypwJahpcn0mXuYg

+ED+uRi/ByjT8zVwsnljX8pOE9IKmLNH1UUYiuu/3et1Z0bWR/OW1XKBRx/TdQ6Sc

+MsoANfSUFpSpWDiyA9g3v1+aJkefyMqApYxNeCX7hHo5YfLgfB5B2kBW3ePKe1we

+LBojKZRsq4GqfEA/ZxfHVjPntXNG3/SW5qSMzEcEidrnR3CEKsKzCCnsb1rT5pMt

+UQLxX6oyb9LBTFvk0wN+Rx7AmTsSFtrt16140pIB5OLMQjZlE7HQWtingFzJLrXm

+WciWAxRAtxxC97JUwaW0Xb/iADDcZgYiC2w/2V1Xfd35r4/edho/MyhR4qPb+bbt

+Mix1jc+fplfs36/CiQIzBBMBCAAdFiEET3Fvmo+iyA7xteG6XjXyMd4axeAFAlif

+unQACgkQXjXyMd4axeBVtBAAuQ0jsKG0nqRsity5CY5t9I8pVK3AKnHtERXkp/gi

+4ZaA3G4W7jzBae0qcwV6mvwIiig12bgNUc7As4qSWzNuWxx4vG/QteiXHiT80qLv

+X8qG7Fq0zxA2x5c4PevnNDEuvhd+rdLqEnb7ZeBNe41UHf3VQbGnbEEQCBLVRci2

+w1XZ8bUmIiU+be46ku1gz/RG/j/QuZ8TCFipci4YDgJ8CS+jehhu8Y8N9RMTOWoQ

+FldDh9S0qK4xWig2GtHyNsrLRLLdkGi9fascXkGlSp+17uhVi+ig+saokY9E1CJV

+VI+B+UtEE/cbj+ZZNM3bjKyV5bmCHcwsCeVQe0NBuDZQMSEcaotEbfVwkEyGKMGj

+6Q/r9GWpRoY26VVPcjxWPGTfHOvIWd85wM/CEr3pkrEU9qzsPsAN5sn4ow4mEzqx

+yyR10+FGUPKAQnNQAeaCBQsBM8oI1Rzz7dRS1cSZ9ekEZ3N34dcb2rHqWd5ZciN5

+xbOBWMDZcAgyfHkF3G4MXoHYUNH3pqiLg6BcuZ6/HJ69i/C5AFHa2HNNj07dAluq

+AJgY0m8OUHgTKKUPvshdIL8vTJdd+rBPgR2IoYs6QtXm1rU/X3V4CDtp7n0iiMmo

+NFjxd+O7dyEKCPuwCSug33Hup0Xy+ClgZRGykiXjKB5rqCsrUtLXOXKIbatKpxAk

+jQCJAj8EEwECACkCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCVzwrvgUJ

+BTR9KgAKCRAJCxGZPZrrtYwSD/9Bc6v0cYLlESy5gicgpgxmEHHiGCzNQ3Cv0OhB

+PdkXyecjbEbE4oQhkEDEmT+PGzDltT4vzFomlLmZZnB3RFe/qOGDnar+u+tZS2W9

+OGi9OLg+vLE25K+7RgV3IPLFqgOaCHz7KmOX3YPKgTiEHxLbD2hWIv/5OLgvBKDC

+4yg4yt1Qav5Nof1iwhnriOxhiY/wctvcN6PH5/FwQEU0IKQR5n0uHPNyu/VWEHgk

+1IpM/iPvqTQj1TY+unJAXfkcuJkjWBvuvl0YeYzHjQ/YNR3s5QsYVjbvNKowy67Q

+TyyQDkH0Ew6s1Dz2isO8EzLom2b1tHEaPLEoZld5+3mnW7HdpIx1V1OFmGBDXh39

+zLjYb/CbCmSeXlvDDvQzIb6IqKZ8xFXQn66yL6SFgj+w8tD9tRdhFOdQBkSkroiv

+xeVpqjOcy1ToQ9GMtmK2m5QWsceFY8eACp8x5fgkjAR5JRIyVwF/FACUkcRs8+as

+m3CQwfCKKCjPwqox9w7qeIVGGi+bOTg8FB9+icM92HMf1arrtuNb1nv0BEhda3Sb

+IPZ1kSexsJzijfvmHnOJMaOsKRxqAY9EwX1XLXtG4efARj4D0K6FtZItddxexn6B

+Fe2S+87BNVG9SpR8M9O+oCTBQ8KzTy+4ZMYeitgFRwXumYzxazwSy18gKQ5nURTN

+UJsP04kCMwQTAQoAHRYhBByyfbyYYUstWEFkbQgwLbaiZwQoBQJZpot3AAoJEAgw

+LbaiZwQoZoQP/R2x5/mZ9x0o8D4Z8hZRuj/5l/OOF03g+cB6g9MsB7HMUJz3SAns

+UFGC7EbuWtHgSDGBIN+CB5HXLpUutFgt9JvGfNxLhnHaiwP8vtJfhd9kEjHCDW+1

+Flet1ry6ljHaZIyMqB3nC/t0QyGAjkOnePn4dN/pQ6W/VQWtsHw7yXmwartn+nsd

+FcIZoeJMbI4+Gno7LEW8Jm5D02vorjRguDa1FvYOvw11x+EJxvYzHhGyHF7cGzuB

+yUge7aRML5oS+ZKGnGQmWhT9gbUi20fVuu5LENBq6GkAnMTAHOhSvEI7zb/yurAp

+CV8c4/wi0bumkJmSl/nCz1DskRclmDueqamYoes6KdFpYaIp+BrVUD72Axy8LhVK

+ggHveqoHnUFcl2h20S7CE4U8o57uR1Ug6crZnIJ8uZElGn7Sba1FjcdOC0zDGE4c

+Mlez2PBUox+UELbp0KT5kP5eaEZfMwNqJVFPG4z0IePo6Rr7lNYsWchsShIqTx6u

+jKkYsG7O24bVC4ii80v7Ds7BcXuW3n7l1S6hPCOQmXrXHR/4wB2FJOWIFx5qM1gF

+TDrxzpa/APn8SjHlxaDkkCTKO0w6FyJ1tvsMswRgo6b7Rsm9SAF2r8g6P+RjZli6

+xV6WQlG7wrhLo+AIgViNRukrPriRwtgDi5Vqpx/aES1kh2iFz4BtAK8viF4EExEI

+AAYFAlmqzBEACgkQrcyWRzz5t4KIuAEAtr6UqnJvePpWZ+01A+f7B9KZtITibVSx

+E78UkMv5VE4BAKqO6w4jBA5EkSY+0UddW6TQVKcf6GQSiDhyReQmvPxSiEYEEBEC

+AAYFAlm1FrMACgkQimdxnC3oJ7MMxQCfXk8hl158R+ZQ8mBuYaiA2WJ1msMAoIFx

+ywafs88/p6F5TaNCz2xSLdQqiQIzBBABCgAdFiEEPonu50WOcg2XVOCyXiijOwuE

+9XcFAlm8H30ACgkQXiijOwuE9Xdn5g//duqyyJh/P+uGTHXv5AVuI2u1cDYk3sAm

+e6BS0baniAdmbgN5eOVb8syKGQ2wiBex1AFxUJ7eDY75R0n1hPexlP9MMvL6/eOT

+LXfh3SdpSM55am/NZtA+0yyq9PmJzoQPmbiGSU7JnNJMnw9GKyT5P8unJv103sHV

+s3pK1sNOuketzb1N9qQbCb6URTE+bIWmutKUk5jRPOTMzESTeVvQvE+5lNw0mXwg

+x1ef8VKwOZi+UHi1iv/K/kibSFIJr4q6xIBuzn9nNgMuxx0yL7li+QBP2yo9by2m

+QNrJFn8vEvGTWNLBFvqmoItBVs+t4oq4GEz6EFvo/Kx2QT7+FCT8V3vkZaYtMdVV

+KPO9duDxku21rZyQ7dgjOoOZj5o1UfkcGleLJyAFjvTvyGF0R+sedshPtq/Kfujt

+M7aCnm888eQ//a1Zibfe0gm7CI8V6vbOETI6S/vw7NgkLTMilIcx/QE9LwDDWNOT

+FkTT7ri9TQAU3XuZhdiODgyFntDRT1VSP9WVNTeGOw9O0sbcmJhyuzHjUGJDbGsJ

++LxLq7M0y0Jb2ESpewOJzrp9AADWL8Rn/nGY+5tCXGYc8vc38WlGXrxVwsRrC7vd

+Ii8MSP8BTnIGwilylfNzhX+OpQyICFuVdWfQoWRxxEwY3oPsicKdQlQofuwGBSSu

+ryiOpyjO3C+IRgQQEQIABgUCWb4vqgAKCRCKZ3GcLegns4goAJ9quXauMc8Ethhe

+e7eeQwXhQ6ShGwCdFMK+aadwZ6LjIMIaHmnkVrmNRcmJATMEEwEIAB0WIQS8pom2

+NlU4AcPGIVAZeliII1+srAUCWcV1kwAKCRAZeliII1+srFnvB/9UqXDYR/NhyvjN

+/2U5Yt85Vr0cUSG3gpR2nFnmgafMRmMcO28ph798FEdv1Qyxf5Sa2KFi0BGVyywY

+6JNJaRcx7so8qoAwYf0nAvn60CtfvhukVdBTMypRhj8KK9aoc1cU2Fr83DOtEgiQ

+ycCG5zvNPtYrpIzxwSsWXMqTrd0RalfimcOBga+tRUP1WDuDPUMnPCw+6ascymc0

+3CWE2ZCW8pFt3mK3d48N1qSK8rwynTLqwo8UAiKPZvUvbubFJi/ZlVA/mDYn4Ydb

+aYQ/Gt3jWvZNypPXIRheQjCBfoSkZtbgQ+3mk4Bj1V1M3c9ELo0g7R9GZXGjeImz

+aADZTOh+iF4EEBEIAAYFAlnja68ACgkQyNbhUgHunaHcrAEAzM8ou3/3xbXDug2K

+AjThHemBjVRladCPC7BdTD/AYwoA/RSZEzqnyDSvGhF4WHd+Ti4g5E73acqKRXul

+zvBoQKgriQJWBBMBAgBAAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AWIQQ8

+5GRVioT9xp20DPsJCxGZPZrrtQUCWQc5EwUJBgulAwAKCRAJCxGZPZrrtZozEAC5

+4328/ponofHhWCuXwhWaqOr5Pw9HIuuxKwHPZcgS8CCrKD9yks/niP4AKE65T2LJ

+gie3BPIKL9CyQwhH8cQ5DkYIkvRu6dzpI06HDny/7NG8XBEYPk99/92N2W32eduW

+zRFanvb/CmrmDtIOB0q53yW4sRViDopihkNnfDJ+h2SVTLRIkitxfnXv4Ng76atn

+0cDDnxMglkZj84Dyj+EU/IQTOm51Ih7HKAhWritYyaJzC6RDeH8v1yL5WDMZ7lf4

+ezBhQauQWSQ5HtSG4GE7Hsy+qRvhh+w8m8U4gdouvyxCt2b48DdD6p37DDdejg9Z

+0qa4BF5TlQ0kw1wJ2i1+rpn3+9NcYYrm1C/cuIOJZywHE+oSSXANdWGkJqII3Fxh

+w1hGlAXcdqpmp05QB0Pr2tAWfn5GHppt3j6kYh79ii0fEg37OJlx+jvuhmMPT9BT

+XPkqsjOw0a6sA6WlGix+K5LVg0awrgLlTLiwVoLcyo8Q/MAaMOI1JSF9ryiCJCOD

+2hI+fN5qXdYeOmi0WTTwtvUGNCCDA2mw6WB2NncysV398eRa+z+Et822MdZFKPyn

+w4wNXYll1sP4KONZWCM6gwg9COoi22MVG8g/zQR2i+C58lP3+HCKVcnG8pgL5aBo

+t4FSDW0NOFeqErRvcWpKYhhQS0GseXgu21WfeAQ/w4kBMwQTAQgAHRYhBA44PyE9

+ajJdesVQ287oV9uxZcCiBQJaeNvIAAoJEM7oV9uxZcCipsUIAJJYLPJV7XHEkRUV

+iNzeBXWSykquqmD5SxxntTJruDXWYPs72WeuH1UONMrWCG1z2Mp1LA+p4cguoZVb

+PImbvpYnCwN1uFVpSULADVnUIZW5dptWuLvpezQudx/QWPGMVGSbdr21VFHvQ0EM

+d5WrG7UlKaJxnstHcxAMbyySlT1ug87ng6v971dsp94E2cmQ3JnBRvqeD2wRlRZV

++IMW6uNyaKqqAeqzlUpCsk2r5hBG9QeSg4d4KEd5AzQD5SFIs0nta/g8wFCTYwWy

+m+TEFr4ROflg2kqRsUyfI0BY6vP3HYlM67+7o6yJWe4WdlYjcJOIeeYi6KYNFM6Q

+G3o0pH+JAjMEEwEIAB0WIQTL9ZdVy+fn7+8YP7HdQJoV2CJGnQUCWni5pAAKCRDd

+QJoV2CJGnbG0EADPbviaJJYt1eVQFJcoTKxz35F3EaF1BtPGepMghBKPuRkcN5e6

+7VzwlqB8MF0V99fG0y0BHxhnEAar31MHtHaY12uyLoT1eq4KAMf4fCfPyucPyvo+

+ODZ87HYoJEEjVDBdGZc+HzA4fotLIdrSpQwQMyu3CyqrITk5GAzlJQYE7uTvy41K

+stSv8RXygMPy8Y9fDuXbBoZDLRkXPhBtEC9bdRYycScF7+qvIHeN6SQCQ7PVzbaZ

+7DvmTZ5yKOMLPA5JC/G55n+OQ0lxF9Ti7+tV+xZou/5SBXkCrCSNZoMKdaM4jQOR

+3cEo3x/Yvx49lXi7MvqkXcm3RnZ3h1ZDOhwZo3spcuSRqESJNV7oMVddy+GFocWB

+ofGBBjqoRcEJgXQWbWqrzLnIlaKk+EDMnhEa3uQRmqUdFA2S6mcX/MRnPmFdiZtO

+7G8em5z2vy38OLEbqbieVIGkZxq9gAnnfgoWjkexzNUdel+N6TJjZiPsagVpBNmt

+Og4rL7S0Njbscq1z3BCWthAdZCuCUe1nJko5fl3zpO8ToSFmqvBVjst9O8FJj6yZ

+0v7PEslZmUqTtZ4A7r6J0ZlceRjq6rIVIkDg/qJP5C/XY7qqClWfC2pOIW5SIaVE

+fU+Gm3cxXitskUAl00vHCow89Yb7y5k37RNfl9oeJ3Y/YNLiArkiPwuwk4kCMwQQ

+AQgAHRYhBLX65ihbQTcosqD67UMRH0UgCGoMBQJaf1GrAAoJEEMRH0UgCGoMNQ8P

+/3sY126CEryXtsGXlUo89wqsCwQjhFF+7B+3irUUdF5S1rlFyEzmItLSbpMj9IXa

+Rz1hDZr5CBorkdJOFY+Tgo0jfXwVx9hUC4LUWHbYna1aqzPSGH1taCwVdOlkR3l+

+/oWZJAdv0w0rXYbRZRdN6o6TcRAYr//cq/Glgr6ZZh3uEna5evrw67ndxEU3VX9Y

+wvGHAw/YPxOPL8gsMm62NLTjDXC5CdZfq9ISUDjSbjJ2v30SA76/meNIz1HxlMWS

+qNExTPdrZcn4GZ0aJUEI3tqeD2wL9NziHWbfc4ACPbKOXVFdinthb5x7j87/Zpro

++1EpkuW1iCc+OdSCYo9umrByVVC9cu+ab1VcRQ6Acqouvs6tHIrzzzflviHg9oPZ

+Jz21cw7X6S3ruzB4rq6kxoN0xIBT9jp7JKIPO6Bxb+gsvuYCht5JdwCptL7gRKnv

+9/ZgHv6lnuzuy7HjvJQUjU+LDE7zU6QBGEdQH+nxCcMwqMEOpXo5ED+u005t9615

+5fCxTRF56nFfVuEZf+A9JeHw4gfhtsaalYzlMxk/TVdzxLNibur7JWTgk/0v1B7s

+UAuz8jYIpRXf5sMAIsZSwIh0d7es0HS/wGtEIZBPYHs8FaSE1mKJYAZHI45XiXUR

+aPga5g5/ljNcFRcbnL6m1KBdn/DQUBPE6BOjVY5tYABiiQEzBBABCAAdFiEEKVr5

+kW9G+KE0sCnagIY4QvD+2DsFAlqW4PMACgkQgIY4QvD+2Du+kQf/TS0KQriL3pEX

+oL9njLr6ZTLbz2R5hUXWtz2pxKZhGi7A+IjT3EflErlNaeWEaJAvd63c72f+xg03

+tNzfHbJn3ypYd/zBlJfJoNgdGnCnu9LA6vFTcCGP+1BV388bhWMJ5awJWnAFzPem

+uWstEEmwBDgq2aI3iXBUWaGesondCfjymloBrz316VTh08rR+9K+ee/6BRtdkn8n

+adsNb5A1rnC4Capmejxd4IEdUVBY1QojpRMF3278y9emZ3HTRt1e0E2QbhUTLxf+

+uIn5hUvSTRvob74r8ZB17wkqOdhZBuPAw2L2VsnN0UodqYVxKNrgJzz6exv0kgDI

+N56Hdhsi5IkCMwQTAQgAHRYhBCBpHfzCyYxHlSmE7gABjCI4GnWUBQJa25y/AAoJ

+EAABjCI4GnWUAp8P/0ALQ++GJyId44CGFpA92MqAGaUNdqVyRESqLa+aRNHlYYuD

+c5EjZWhUx3SYjbmhsVMHHzzmBp0wBVjxG9j/j2jkqnZUJjMwpzHdltxS7NwzyNJD

+9T1EEzA6yV8G+bg7MHYDczNKtBMuhBs5WeqeZ2TuaVOdHouylM+exsA58KzPF6As

+mPFkdQJo2jjG7u6EwbSgfslda9RISkYaxzMpNjJvLe8FJbnl3EctUP0uK232WWTi

+BJUg/jHqOvYuxnj287qDyQ8csYIZFC0SOdzmoZbE1BtX63joHiiIoPpjUsoTsS1G

+DzotmyYNAt/lKJW/pIuPzffUwvDM4M5HJxZlCBVWWo3D92lNGkvtrNCZ5EktgjmJ

+6ycFPNPKgcSJOnwZNSnRuICW3eSYiWBAw8Pm/i/GVvU7leXrv4M+IyOXg8sSm9vH

+sD+1I5MxJfg7tVSw05/sOJHr/pLa5T6GO0BT3iPWk5T0+/DLWASKBFtObFy5GhBv

+SFtixWv30xlSl4SU/0NEcQ7anDYZw9St1Z/7RP3vqPw4clK1G7SMsMJNXoaAnAAX

+YAa+7HVVuWJe02lO6pFRhkjXW7OEkQ/dn3g1JvkofeOhIJJoDPFIoIWoiVr3yiWl

+BUp9S9jOLxXmv7yv7ZGlBOqw2TR5PBaW2NV8NCWHAxZKYssl5dRLYjiKkPXHiQJW

+BBMBAgBAAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AWIQQ85GRVioT9xp20

+DPsJCxGZPZrrtQUCWfDCoQUJBvUujQAKCRAJCxGZPZrrtTTeD/9mRSNchhQibsk+

+vrXAlphebmBsfhrjdvpwiZEI2SdVZnOUW7iqMUIdABAirkSOcRLmB8bkQx/jBdLx

+9Nnoy8FuCgFderhsAX4SWyGqi7sv6vX8ZMmqEgRagmC3X5/HaYWgbgNSFRd1V5yg

+t/s3cODWN1Ak8NW3vaOzVsdKpM47XlzSGeStX2dTIQTpLc5POEqe0GKl/d79RxAu

+KrcBUaIK30c2ZplJjYOdBKfUQUQYwRRnUMu0CLnIkGJoio8wRpkJAgZmZ/pv2TOQ

+UEEZsydb67oIGKu64ir6j1qs6n6knSZh21LSrzm2v/45Dm7EBw9TmTH8krpLSgwR

+/loP4rz5tay5WjVPpvrNS2KnpGAWEdfyvEUA8U4JdyiGMWRiqadjABp9zQVfF4nW

+D4ElsQg/OidA31kFJKpGuFvV4usS+3ceyi8lUG3sPG0RPBW7S5eXrzpNIQe8yG4+

+aEoGhfre9DOG7dIs/iJymZQFfBUPiL+mEm84NxyGutu5/43M2St31+OHHohBE/DK

+XcH9qwp2PwDzMMzI53N/v1ktYS8EQUUKRWTPZ2z8EafN0sewxM7n8DMN5ftG2txb

+QhKeg2aNeB/R7Unk8ODh7faVyeiTBPAc65LDbrTMmW8nclOHLs+gGvsDmRtvKzk1

+sh9t42buP63UPbvnNvk6Ss6G8ZBGW4h1BBMWCgAdFiEE3JOIpbQA77MsbCBx4ffv

+gU+SoQ4FAlvHdXsACgkQ4ffvgU+SoQ5EuAD6AmC4dV2EoGMXKctKuL2B0Y7Ptwd2

+x3pL+JR/onnX7DgA/iWFMhBAp/iw9RZrV9pYtzPKPe+k4okWLP+xZ4C9qm0GiQJW

+BBMBAgBAAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AWIQQ85GRVioT9xp20

+DPsJCxGZPZrrtQUCWsXGiQUJB6KldQAKCRAJCxGZPZrrtfQCD/9l+i+0MWXPypa7

+2lU4owqoAvoOwBCnL61yJNR0b+aYpR00ia0JfZuLcSvj68p71QSeNa75sihIfT0t

+v1eDbYPIdUiFwxq9SIKrArJGeHzGOQOXlCcMPlJ74HXuvlsBsf9sAagrkBNyHcOr

+mEl1F+KYOV3m7m2m5WWDKXYNbH4fnrM/WqfBZF8X147DxDqdgvKkQ3eDXAHOJpV5

+8i7GUofSPsQGQRnhcIKEeapiiqZwTer5A7W0nI0Cc0zVODFdmXbo5OPBUJgPvvH2

+7WYhGcihl+zo53RLX2Qdvu5ovj2Kv7nLIpe3RN7LJ32VTpKhsVE4CxB71Q+ad2wC

+dBliOxhzWTyaSkFXS97Cz9Ld9AZlzybGHXkHea57GcXyLm6qEPhwRch7Ll4i/mkF

+UG0/pWljPNbAhjFgdq2ipAw42B4v1Ti4Q1ZrtucQ39Kkc7u88qd3N3vRnk2IrQ8T

+pmPCaJLeUCfu7rWA8czS/I30o9Omjv96NOpXEDHIApZ1ojNBQFDG+erRZORfcMqc

+0fk2ONIJZEHI/+G19UkkrTF7mISjQ3d39b3DQfwDLaDjhNT/iz+KesWkv8BW3s72

+mJ250ZxcHzXakaNCHHKiJ6B46jdJDD8VZmwgyrk5pdT0p3ujeccBJKJHef9TO433

+l6eefmjd77LT/p3XmFLt81A5yGPrZbkCDQRT6OIQARAAz1g6++SVx6RB4ZqZCdgO

+r7kXVSV51YKW3ETqK6Wq3pnqNBvv8zy0+8LBAVYewuhiOhGlUI0HSjT0aVuBTSod

+N64mpWc96E2SwiRl48iZcIMyNTc6dAShOaeNn48O2O73cH14jUsbQAnjtuazKYfl

+26ulqD1oiH+9idRD9HJHCegv9AlJMeaPH3z+xjO6yLA7HcVU3S1aJYXtwZgNttxS

+kGZToNgmbLXkU3a30wfdAte3/MNCrXn2DfJ27bZwNfnQSmOcCleV+x5MrEn9AloD

+3fYV/jP1umC7R1p5sbNuOlsTeX8qJXeWbIr1cb8gRhajFhCpcO6PN4arUJ6Qkolb

+jY6lRzxLgicmDvMbg3IN2yvk+139E9ypift1Zu4KG5abuqudLoRe/0/upt8Rgrqr

+BJDODLVuBqhCAGTg3/WHCm3uzsHSiqq54UbOe2PSRfGWLDTA2nWKludTSsobtjsP

+6ZE++b2nPuEVXTROK8KdwkyBjWF5EjOgTLPG0QIU2GGk/s0V6+dOwmggYwJuCQnm

+AF8Rn0GU4F/kocHJmSDmK294r0wUsyKPM8hqeo1EwilN7UpyNyk9YjbMKMyOMzzR

+inmlihHAGYtw8xgfaUkw1WahWtfIT58dj1Kssx8StgdpfRrxJ25XGvG9S4Ke11eX

+pozJcg+TZwLQxcgWnjEJRVcAEQEAAYkCHwQYAQIACQUCU+jiEAIbDAAKCRAJCxGZ

+PZrrtQ+ID/97m2sq1Txn9Nsl8oK+oxJ5w2K9KbeUmaptjvtSmyGYXywwMYpxFbe5

+ioU639KCfPNTT8wxaJNRdAHdNHCo5joUwIbOZDdMAMVU5Zp2LGdjXgwRvFC1oenx

+R79I0aJMT1vHbfRgX61Fu2tv8BT2eLc/qmV+e3neSZH3EBXZgEGnGEIWgPc95fEr

+07w3tq0EUritV3+oYhgVg+dHABiEpiigSIPRT+3SWKtJinpMlp7wrW7seGe8fygU

+pPVB/a8Jncpt+eKuoquiM/DF/UHOgWGCWk62hGOd4n67fuxsuyD9Ejx1oD784Rw4

+FYHLJzVCIDwjeq9g9hLizM6Y3WA1kHG8o5ZwymxpIquA8zA5mg8f3nA21JJIk8zh

+r0eirUEmK3mq17n0NInMtSPGtwMS0MmWjdObGn/fWdRDrMUpg/xbJbt1AwUHvGYe

+V1DEm7WauV6VZMHz9dmx/UqLHg4A2yCssyqPx8q9NWFEtra+3aXrfUW+WBpPAWJZ

+i1EQSBpz8i1cynexOOr4wnt7jHlVsag4b8Dbg8vVT33Kh5YMcemwIVgB+lr1vlmg

+yw2UZ85wWgRlwzcoNnqdX88YBG7EwOsLOnj7gmP2GBaNTvNvwKZL+9+fZoScQVoq

+V1fnE2X7Z4O562lqF2emRjBYn+8g/BrdPTD9OUAMufM+0SDlZujhrJkCDQRT6OIQ

+ARAAumnTGj6cKSYqhvxoJNGKDnVHkV+Rjjqc0dlwP0qBWbtF1roYCSJwAEUSiOiv

+SDt3hwliI3ir2Ppcq8ZjRZV8dGOzh/wVSvRni+uX+/fekdnQqkroY+SuncVM6hUh

+56Ug5DN7eL/C+71PFypVvfQ0wSU+OUSsiFZUo+2Hup7AsazCEUoWxHheZLFwIoQX

+1xsVuZqM47wJSQk0D6Fzxm/o0d5fAkWOCYsr6lPSLMwb5EW8sAtTELAqBDhnCbCm

+x50osvnbekGmSrwq+aksHBKis3zQBCkchqLkE8MAGpOxb2V8PBnFS1PzGBpUNSEg

+M8HWMRgiDOJf+FciN/HOk27KSBE0e9dyDLF0AJ+R0saNUmVntsLkKgYIxhEu1KaY

+c1eAyKQU8L9GfKFxvS3JcZCzP53ZLzLOEV+Gj6kT6ydK2iemsH09w2wMCDIvYqqm

+2kTyHlSoFLZQeCBfC4PJMst0LoppmY0WSQ/ZfDAmM58GtZ/y20IuFcNGL23ekf+m

+r2i6sp1OSu0poi2C2psznQyUdJBRBg+pwerY4Ov5FfNb1edKn/FyIeMBKVtB7u1P

+qtSAQOG2mlUW9ia1dILDHBNspukQPeDgIvGtUPtHWeFe9Mr8LAw0edskZoe8N3vk

+xBALFywNn63AaNEHgXbbUpoPI8igJ/F8J8wCnOl61YPhiX0AEQEAAbQfTHVkb3Zp

+YyBDb3VydMOocyA8bHVkb0BnbnUub3JnPokCOQQTAQIAIwUCU+jiEAIbAwcLCQgH

+AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEAkLEZk9muu1AAUQAJVggkL1OO5xusj3

+/WVlWEFDKhuXyIVog+nWEO2h057xtpRmjuQLYn9KQcOMaFf6QOK3jZWHuZuDVnNx

+NVrcCB58I8AWb+oTARjukhiknJPo4hTf4JgjfXl1Qpa12OXQ349lUCdxaeEa4WEB

+nGBhyh+MmWrh0poQbBbjuafpU/Fm1s+2FoMxcIvkAW7f0evLhofD44k4bBeiX8xF

+BCLLy4IPeK857mX5FnLJUfSmpDqwmdJZkZ74EFaVaOE6F0QDPqrK3ZvEAqmyQfNC

+mFWXcwtNNotsKyGHJbUeyhfr8MkteY29QR3y0uLtFw8NZvvymjuPdJvU94SrqtVU

+MPumCgbF/FfXddydoPUEtt936344LIpkqa6Z24kOEDHlrIxV4gG4nCvP0Bbp5zTO

+wLoimEv1S7F11zZlG4L8UZtVBkS2j1x2UQH+E3jgbZ4GHMqv5hc84CRu0coPqizo

+noB/0Ta5MZTkVLiV33RiaILoqO6jQi2jnVNAF2qKxgVi28VrEELhqztl5Q36RTf7

+NmmNkrevwCw1YLsTLCJObRy0BG6ZNkeQ7nz0bkpwn3oX6D+9ufsFMJzaS6VTWqzo

+zGgsAP9J60CtxFYxDuL/VxK7df0wxWcXxyI5Wh5OOTzZnn5TpNrBSIXxEiCnmCKL

+NXM+4WP/+J3oNcTnSDAIIN+5uAD5tDNMdWRvdmljIENvdXJ0w6hzIChJbnJpYSkg

+PGx1ZG92aWMuY291cnRlc0BpbnJpYS5mcj6JAjkEEwECACMFAlPo4nMCGwMHCwkI

+BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRAJCxGZPZrrtcC3D/0RMlFbAmmrcKT0

+8RleUIKVYkC0KEjOvkoN4qVbovA+M8opgqBgHJBZozaDN9khf8zQuf1b4Oz9aBFA

+Y66H30CghFVbki98+vjJnoDJt310raY3O2ogMaQKlcNqOJOJWg/8MziFZMd79H5n

+RRQoTA7fc1ZT2HzxpvT5Vd+JyQcAK6PPPeppHXayU/zuv/Fne9QwmmRbrHW6b7JL

+gF2gXmGsKkm9vRX8EOhz3I9Pvzqslc6MZBJqTLYFYuyLHNwVjTjkpopYDpNplhHA

+s5Wwmex6lAe61ZkKw5b4MQ3MlPvZkcN7RfeFQlvewrlEQ3rs/rHsNGMGoaG4MwZh

+OHZsIEKFVj3tyg2A46WErhMO1D5okoGXaR6F9ox0SdKFh367iW0yf8YFBXwsNY6V

+QPnbeILhY5RWwx/qjmu5AGavdLXVlmVlHZlqNMJjEvH+3iXVbR+rrwCEk1Wn6l2O

+HFlo/At8bjvJxX8FmRB4cK9ka5SCX6SnVz0krlKPIqf6CgPhT+GZBvqPiD9yJ733

+n8phpaAT9rXsHYQ7BZwgy8cEx9urancoS5FIGtkrqMIyOh61sgg6lrdXNYw19i/I

+U8eWIQHkc3RP+wKY2IG4a5EDjuAwGqxKVKHR5nXnDWauR6O27ikNgJch/f9JbzVJ

+JPpbp30GoydetGDe1SDlYQo9J7ttCbQjTHVkb3ZpYyBDb3VydMOocyA8bHVkb0Bj

+aGJvdWliLm9yZz6JAjkEEwECACMFAlPo4oQCGwMHCwkIBwMCAQYVCAIJCgsEFgID

+AQIeAQIXgAAKCRAJCxGZPZrrtQX9D/0Yk1rDEfKfgdiPCdxQ7UmYeE+IfsPuWLNl

+qafBmLFTYEgtSzDqwNW8Hvl/ON7jOVVBwObvhy/B0sJ3V0V40xH0xz8Sdn3Y7Jwq

+NglGWQTBF+OqbiWEqHpp88gRgrw203WQnj+KovjhdukouJVnwOiNU5v+ZTgFFAmO

+aAqgzJEaMBIqv95gRSisWbMFF6y95BFdzEM0k9mQB78ERRHhiyA2FZfLMQC5t3dg

+99QnMWCfF3RmRDlWbHGjYZcdeNTJyNWg3Ivg/sxkoj2ukQ02hKycgvvhQb3pyQOs

+GUrHU+eDgZVQJhBFeAh5QMHbxLCZ7RdLsoUN8z2LrOydzU8Ccr4nYfrzpcmf6nTU

+Kg3gLWEKhgHyjf+8UBBN+J1fExs5b7v7uSSNlUvvib+DQjSdMYcAm93dPi36nXWe

+qyiGitzMD04tMTZWcIHZVC8n2f2XI6Y1QpSONXvil6DyBl8re1bMcvvFUUB+4AcE

+1rBJZ6FkRyltbs0TQXygPXf3AM6SsdTWN6diieN/CqZTUQIt/LM3gHghM/OB7Zb/

+Cf17jnuIw5o0WDrEwvIxFE75gjLKEKhPQCZb5AcfG7ZxcBjI3EDb+tk1UQwTvLcP

+tEF0yhs+rW3AeNQjqlk+UTpF2w4LjOanE47HPjFMrViGmrh4jspxtg2O+OqfykSr

+fpcbUmoXi7kCDQRT6OIQARAAz1g6++SVx6RB4ZqZCdgOr7kXVSV51YKW3ETqK6Wq

+3pnqNBvv8zy0+8LBAVYewuhiOhGlUI0HSjT0aVuBTSodN64mpWc96E2SwiRl48iZ

+cIMyNTc6dAShOaeNn48O2O73cH14jUsbQAnjtuazKYfl26ulqD1oiH+9idRD9HJH

+Cegv9AlJMeaPH3z+xjO6yLA7HcVU3S1aJYXtwZgNttxSkGZToNgmbLXkU3a30wfd

+Ate3/MNCrXn2DfJ27bZwNfnQSmOcCleV+x5MrEn9AloD3fYV/jP1umC7R1p5sbNu

+OlsTeX8qJXeWbIr1cb8gRhajFhCpcO6PN4arUJ6QkolbjY6lRzxLgicmDvMbg3IN

+2yvk+139E9ypift1Zu4KG5abuqudLoRe/0/upt8RgrqrBJDODLVuBqhCAGTg3/WH

+Cm3uzsHSiqq54UbOe2PSRfGWLDTA2nWKludTSsobtjsP6ZE++b2nPuEVXTROK8Kd

+wkyBjWF5EjOgTLPG0QIU2GGk/s0V6+dOwmggYwJuCQnmAF8Rn0GU4F/kocHJmSDm

+K294r0wUsyKPM8hqeo1EwilN7UpyNyk9YjbMKMyOMzzRinmlihHAGYtw8xgfaUkw

+1WahWtfIT58dj1Kssx8StgdpfRrxJ25XGvG9S4Ke11eXpozJcg+TZwLQxcgWnjEJ

+RVcAEQEAAYkCHwQYAQIACQUCU+jiEAIbDAAKCRAJCxGZPZrrtQ+ID/97m2sq1Txn

+9Nsl8oK+oxJ5w2K9KbeUmaptjvtSmyGYXywwMYpxFbe5ioU639KCfPNTT8wxaJNR

+dAHdNHCo5joUwIbOZDdMAMVU5Zp2LGdjXgwRvFC1oenxR79I0aJMT1vHbfRgX61F

+u2tv8BT2eLc/qmV+e3neSZH3EBXZgEGnGEIWgPc95fEr07w3tq0EUritV3+oYhgV

+g+dHABiEpiigSIPRT+3SWKtJinpMlp7wrW7seGe8fygUpPVB/a8Jncpt+eKuoqui

+M/DF/UHOgWGCWk62hGOd4n67fuxsuyD9Ejx1oD784Rw4FYHLJzVCIDwjeq9g9hLi

+zM6Y3WA1kHG8o5ZwymxpIquA8zA5mg8f3nA21JJIk8zhr0eirUEmK3mq17n0NInM

+tSPGtwMS0MmWjdObGn/fWdRDrMUpg/xbJbt1AwUHvGYeV1DEm7WauV6VZMHz9dmx

+/UqLHg4A2yCssyqPx8q9NWFEtra+3aXrfUW+WBpPAWJZi1EQSBpz8i1cynexOOr4

+wnt7jHlVsag4b8Dbg8vVT33Kh5YMcemwIVgB+lr1vlmgyw2UZ85wWgRlwzcoNnqd

+X88YBG7EwOsLOnj7gmP2GBaNTvNvwKZL+9+fZoScQVoqV1fnE2X7Z4O562lqF2em

+RjBYn+8g/BrdPTD9OUAMufM+0SDlZujhrA==

+=+/gj

+-----END PGP PUBLIC KEY BLOCK-----

diff --git a/tests/dsa.key b/tests/dsa.key
new file mode 100644
index 0000000000..4727975c63
--- /dev/null
+++ b/tests/dsa.key
@@ -0,0 +1,25 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQMuBF4SQfARCACb/C7qcwKhOdaej1z8dK02iMJlw/C868VEeAuSvXHBE5OULm1+
+SlwPCgsLIhe8AIsW0F8zgWlNdOKbcmU1NdzUfo0PIRA8ASerZ3EFd7cloRjk1X3c
+XbklFQ8D37thgFXYBOkkjzKwCvc+ebcQQsRSvJLhQODSRzknIQBYLoYjKh8skEwY
+uK+rFs7fEHTrCwnriF7QCZnGqoScS56MrgEtHHwBDpKt8CruSekEHAfI5INMhb6R
+fdVNTj7TL9gCOlYA6IPK6pfYKjghQ79IGMcGnaEPUdiEuAbc1AVQtfRi4e/IbbN6
+/CDmfSQ/fCYm9hQ5sAMzUCqDreqqYrpEYmVHAQC3uXiV7qjDe2vlfz4GNSFOqvHC
+xHp9UYWE6IQFzVutMwgAgldl3Ql6zxIoiU76bXRDP+W+g67uW1Fnd6ltOVYb4rxp
+wIRlQpwZeNPzFeZHZ1mJA1rvdD3mORnnnIIwW9Cr5Kn/e63PBJJcYJZZ6bnWYh5O
+1MDzyn0CYu4btP0tj7PNxKfxvIxDX3sqfkBFsGgquwa/AwWrdWXD99//PK0iNGN4
+WewwXmC2S2SmcuHL0nB4eV6uuQZOK6u3/end1/FqAMEJAW4jC7x7UvbeFs1dwiJv
+psjluTpP1QDh7ySDfBOANlxOxAM6oCfvUqZ+pifNFw7t3p1eiK3wtjB8fer7bZg3
+OT4Pl4gImmCjXs0cse0+FLpUA/gzPHxYR/rUyD/nQwf8CfFRGu+bGFju3YHbZ2T0
+cHF/9c3sCdQU7nVnYleySnv1OMDSYoZ7geqgC2q0pnHeezII7hcJB8tKx3BV+J7A
+WYUL31K4gybK9VkFQC8h+BzPjnzjXEHgL5GY621cPSLJzOyFhY9lKrWUD/DVGXtu
+xFjissXG2h6jgf+BAqDCKFVYyu/7TQuDA/FKPhx/8Hn9LX4A3CTFswnsRtABGt6t
+U4yUfQWhnDqLDYWrjvXOEHbMQuBOAU3rPpTLLyQzyKVsQZlMBR5UrSXXY1lN76yl
+J0NAyeOmgvDT75QAVHPxp9lidRTQJHXU1Ah+N/fzPYamKmgheCXZE8r5cPY3Mkvp
+w7QbPGx1ZG8rdGVzdC1kc2FAY2hib3VpYi5vcmc+iJYEExEIAD4WIQQohKmAQiMw
+pPM92X9YeRgEe+i9LAUCXhJB8AIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIe
+AQIXgAAKCRBYeRgEe+i9LOyvAP0a2DIMruGZSHeWcQaNiRWb2/UEq4ClRw67rA7f
+39sD5AD+PKeovYJkTSV+F00QKHibMhoGurxABnEUeqmetGITVSU=
+=YZip
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/ed25519.key b/tests/ed25519.key
new file mode 100644
index 0000000000..f6bf906783
--- /dev/null
+++ b/tests/ed25519.key
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEXqNaoBYJKwYBBAHaRw8BAQdArviKtelb4g0I3zx9xyDS40Oz8i1/LRXqppG6
+b23Hdim0KEVkIFR3by1GaWZ0eSA8bHVkbyt0ZXN0LWVjY0BjaGJvdWliLm9yZz6I
+lgQTFggAPhYhBETTHiGvcTj5tjIoCncfScv6rgctBQJeo1qgAhsDBQkDwmcABQsJ
+CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHcfScv6rgctq4MA/1R9G0roEwrHwmTd
+DHxt211eLqupwXE0Z7xY2FH6DHk9AP4owEefBU7jQprSAzBS+c6gdS3SCCKKqAh6
+ToZ4LmbKAw==
+=FXMK
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/ed25519.sec b/tests/ed25519.sec
new file mode 100644
index 0000000000..068738dfab
--- /dev/null
+++ b/tests/ed25519.sec
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEXqNaoBYJKwYBBAHaRw8BAQdArviKtelb4g0I3zx9xyDS40Oz8i1/LRXqppG6
+b23HdikAAQDGgjcUcvqR+nGYcf5UHzy9xlO/dBZX4f9QV1ILDIGt0hAYtChFZCBU
+d28tRmlmdHkgPGx1ZG8rdGVzdC1lY2NAY2hib3VpYi5vcmc+iJYEExYIAD4WIQRE
+0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqNaoAIbAwUJA8JnAAULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRB3H0nL+q4HLauDAP9UfRtK6BMKx8Jk3Qx8bdtdXi6rqcFx
+NGe8WNhR+gx5PQD+KMBHnwVO40Ka0gMwUvnOoHUt0ggiiqgIek6GeC5mygM=
+=VjjI
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp.scm b/tests/openpgp.scm
new file mode 100644
index 0000000000..0beab6f88b
--- /dev/null
+++ b/tests/openpgp.scm
@@ -0,0 +1,253 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (tests-openpgp)
+  #:use-module (guix openpgp)
+  #:use-module (gcrypt base16)
+  #:use-module (gcrypt hash)
+  #:use-module (gcrypt pk-crypto)
+  #:use-module (ice-9 binary-ports)
+  #:use-module (ice-9 match)
+  #:use-module (rnrs bytevectors)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-11)
+  #:use-module (srfi srfi-64)
+  #:use-module (srfi srfi-71))
+
+(define %radix-64-sample
+  ;; Example of Radix-64 encoding from Section 6.6 of RFC4880.
+  "\
+-----BEGIN PGP MESSAGE-----
+Version: OpenPrivacy 0.99
+
+yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
+vBSFjNSiVHsuAA==
+=njUN
+-----END PGP MESSAGE-----\n")
+
+(define %radix-64-sample/crc-mismatch
+  ;; This time with a wrong CRC24 value.
+  "\
+-----BEGIN PGP MESSAGE-----
+
+yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
+vBSFjNSiVHsuAA==
+=AAAA
+-----END PGP MESSAGE-----\n")
+
+(define %civodul-fingerprint
+  "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5")
+
+(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.key
+
+;; Test keys.  They were generated in a container along these lines:
+;;    guix environment -CP --ad-hoc gnupg pinentry
+;; then, within the container:
+;;    mkdir ~/.gnupg
+;;    echo pinentry-program ~/.guix-profile/bin/pinentry-tty > ~/.gnupg/gpg-agent.conf
+;;    gpg --quick-gen-key '<ludo+test-rsa@chbouib.org>' rsa
+;; or similar.
+(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.key
+(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.key
+(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.key
+
+(define %rsa-key-fingerprint
+  (base16-string->bytevector
+   (string-downcase "385F86CFC86B665A5C165E6BAE25DA2A70DEED59")))
+(define %dsa-key-fingerprint
+  (base16-string->bytevector
+   (string-downcase "2884A980422330A4F33DD97F587918047BE8BD2C")))
+(define %ed25519-key-fingerprint
+  (base16-string->bytevector
+   (string-downcase "44D31E21AF7138F9B632280A771F49CBFAAE072D")))
+
+
+;;; The following are detached signatures created commands like:
+;;;    echo 'Hello!' | gpg -sba --digest-algo sha512
+;;; They are detached (no PACKET-ONE-PASS-SIGNATURE) and uncompressed.
+
+(define %hello-signature/rsa
+  ;; Signature of the ASCII string "Hello!\n".
+  "\
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEOF+Gz8hrZlpcFl5rriXaKnDe7VkFAl4SRF0ACgkQriXaKnDe
+7VlIyQf/TU5rGUK42/C1ULoWvvm25Mjwh6xxoPPkuBxvos8bE6yKr/vJZePU3aSE
+mjbVFcO7DioxHMqLd49j803bUtdllJVU18ex9MkKbKjapkgEGkJsuTTzqyONprgk
+7xtZGBWuxkP1M6hJICJkA3Ys+sTdKalux/pzr5OWAe+gxytTF/vr/EyJzdmBxbJv
+/fhd1SeVIXSw4c5gf2Wcvcgfy4N5CiLaUb7j4646KBTvDvmUMcDZ+vmKqC/XdQeQ
+PrjArGKt40ErVd98fwvNHZnw7VQMx0A3nL3joL5g7/RckDOUb4mqKoqLsLd0wPHP
+y32DiDUY9s3sy5OMzX4Y49em8vxvlg==
+=ASEm
+-----END PGP SIGNATURE-----")
+
+
+(define %hello-signature/dsa
+  "\
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABEIAB0WIQQohKmAQiMwpPM92X9YeRgEe+i9LAUCXhJFpQAKCRBYeRgEe+i9
+LDAaAQC0lXPQepvZBANAUtRLMZuOwL9NQPkfhIwUXtLEBBzyFQD/So8DcybXpRBi
+JKOiyAQQjMs/GJ6qMEQpRAhyyJRAock=
+=iAEc
+-----END PGP SIGNATURE-----")
+
+
+(define %hello-signature/ed25519/sha256           ;digest-algo: sha256
+  "\
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYIAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRADAAKCRB3H0nL+q4H
+LUImAP9/foaSjPFC/MSr52LNV5ROSL9haea4jPpUP+N6ViFGowEA+AE/xpXPIqsz
+R6CdxMevURuqUpqQ7rHeiMmdUepeewU=
+=tLXy
+-----END PGP SIGNATURE-----")
+
+(define %hello-signature/ed25519/sha512           ;digest-algo: sha512
+  "\
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRAGgAKCRB3H0nL+q4H
+LTeKAP0S8LiiosJXOARlYNdhfGw9j26lHrbwJh5CORGlaqqIJAEAoMYcmtNa2b6O
+inlEwB/KQM88O9RwA8xH7X5a0rodOw4=
+=68r/
+-----END PGP SIGNATURE-----")
+
+(define %hello-signature/ed25519/sha1             ;digest-algo: sha1
+  "\
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYCAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRALQAKCRB3H0nL+q4H
+LdhEAQCfkdYhIVRa43oTNw9EL/TDFGQjXSHNRFVU0ktjkWbkQwEAjIXhvj2sqy79
+Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
+=AE4G
+-----END PGP SIGNATURE-----")
+
+
+(test-begin "openpgp")
+
+(test-equal "read-radix-64"
+  '(#t "PGP MESSAGE")
+  (let-values (((data type)
+                (call-with-input-string %radix-64-sample read-radix-64)))
+    (list (bytevector? data) type)))
+
+(test-equal "read-radix-64, CRC mismatch"
+  '(#f "PGP MESSAGE")
+  (call-with-values
+      (lambda ()
+        (call-with-input-string %radix-64-sample/crc-mismatch
+          read-radix-64))
+    list))
+
+(test-assert "get-openpgp-keyring"
+  (let* ((key (search-path %load-path "tests/civodul.key"))
+         (keyring (get-openpgp-keyring
+                   (open-bytevector-input-port
+                    (call-with-input-file key read-radix-64)))))
+    (let-values (((primary packets)
+                  (lookup-key-by-id keyring %civodul-key-id)))
+      (let ((fingerprint (openpgp-public-key-fingerprint primary)))
+        (and (= (openpgp-public-key-id primary) %civodul-key-id)
+             (not (openpgp-public-key-subkey? primary))
+             (string=? (openpgp-format-fingerprint fingerprint)
+                       %civodul-fingerprint)
+             (string=? (openpgp-user-id-value (find openpgp-user-id? packets))
+                       "Ludovic Courtès <ludo@gnu.org>")
+             (eq? (lookup-key-by-fingerprint keyring fingerprint)
+                  primary))))))
+
+(test-equal "get-openpgp-detached-signature/ascii"
+  (list `(,%dsa-key-id ,%dsa-key-fingerprint dsa sha256)
+        `(,%rsa-key-id ,%rsa-key-fingerprint rsa sha256)
+        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha256)
+        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha512)
+        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1))
+  (map (lambda (str)
+         (let ((signature (get-openpgp-detached-signature/ascii
+                           (open-input-string str))))
+           (list (openpgp-signature-issuer-key-id signature)
+                 (openpgp-signature-issuer-fingerprint signature)
+                 (openpgp-signature-public-key-algorithm signature)
+                 (openpgp-signature-hash-algorithm signature))))
+       (list %hello-signature/dsa
+             %hello-signature/rsa
+             %hello-signature/ed25519/sha256
+             %hello-signature/ed25519/sha512
+             %hello-signature/ed25519/sha1)))
+
+(test-equal "verify-openpgp-signature, missing key"
+  `(missing-key ,%rsa-key-fingerprint)
+  (let* ((keyring   (get-openpgp-keyring (%make-void-port "r")))
+         (signature (string->openpgp-packet %hello-signature/rsa)))
+    (let-values (((status key)
+                  (verify-openpgp-signature signature keyring
+                                            (open-input-string "Hello!\n"))))
+      (list status key))))
+
+(test-equal "verify-openpgp-signature, good signatures"
+  `((good-signature ,%rsa-key-id)
+    (good-signature ,%dsa-key-id)
+    (good-signature ,%ed25519-key-id)
+    (good-signature ,%ed25519-key-id)
+    (good-signature ,%ed25519-key-id))
+  (map (lambda (key signature)
+         (let* ((key       (search-path %load-path key))
+                (keyring   (get-openpgp-keyring
+                            (open-bytevector-input-port
+                             (call-with-input-file key read-radix-64))))
+                (signature (string->openpgp-packet signature)))
+           (let-values (((status key)
+                         (verify-openpgp-signature signature keyring
+                                                   (open-input-string "Hello!\n"))))
+             (list status (openpgp-public-key-id key)))))
+       (list "tests/rsa.key" "tests/dsa.key"
+             "tests/ed25519.key" "tests/ed25519.key" "tests/ed25519.key")
+       (list %hello-signature/rsa %hello-signature/dsa
+             %hello-signature/ed25519/sha256
+             %hello-signature/ed25519/sha512
+             %hello-signature/ed25519/sha1)))
+
+(test-equal "verify-openpgp-signature, bad signature"
+  `((bad-signature ,%rsa-key-id)
+    (bad-signature ,%dsa-key-id)
+    (bad-signature ,%ed25519-key-id)
+    (bad-signature ,%ed25519-key-id)
+    (bad-signature ,%ed25519-key-id))
+  (let ((keyring (fold (lambda (key keyring)
+                         (let ((key (search-path %load-path key)))
+                           (get-openpgp-keyring
+                            (open-bytevector-input-port
+                             (call-with-input-file key read-radix-64))
+                            keyring)))
+                       %empty-keyring
+                       '("tests/rsa.key" "tests/dsa.key"
+                         "tests/ed25519.key" "tests/ed25519.key"
+                         "tests/ed25519.key"))))
+    (map (lambda (signature)
+           (let ((signature (string->openpgp-packet signature)))
+             (let-values (((status key)
+                           (verify-openpgp-signature signature keyring
+                                                     (open-input-string "What?!"))))
+               (list status (openpgp-public-key-id key)))))
+         (list %hello-signature/rsa %hello-signature/dsa
+               %hello-signature/ed25519/sha256
+               %hello-signature/ed25519/sha512
+               %hello-signature/ed25519/sha1))))
+
+(test-end "openpgp")
diff --git a/tests/rsa.key b/tests/rsa.key
new file mode 100644
index 0000000000..0ef9145ef0
--- /dev/null
+++ b/tests/rsa.key
@@ -0,0 +1,18 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF4SRCYBCAC6eVyonmey9Lsa1QpWIcumkExZWmAsTNhNNrdhasU4rC0DGRnw
+lJtey4h/5NRcGmur4cwwnHUyh9RhQOZgc4MkWfUECfgY98dhjq6+wSavSMwYJyKM
+7yGuJgKQBBhdkfjYONP4eHbucifGNhsNRSURUREVCarOYa1AhmH4cmTPe7cUA8mH
+EfQ2SOsmAUBNjn/Ba2Us8ydiZWGpJXYdzsXQ3HZl1vV2UtPEepPjAkJZa/7hm06z
+9WrlOUxoro/R2R7COMWpzuhmY1Ak2VB4H6OMqPAEOk+/H5Pda1yCI9oRROawC24h
+4yZYTpcRKV0EQ4cd4Z/DKA4gJdjufyRrmk0fABEBAAG0GzxsdWRvK3Rlc3QtcnNh
+QGNoYm91aWIub3JnPokBVAQTAQgAPhYhBDhfhs/Ia2ZaXBZea64l2ipw3u1ZBQJe
+EkQmAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK4l2ipw3u1Z
+c70IAI+eBLJzXGXNlugNE5rl5YplrLQem9otL7OKIpR+ye3Wg/DRZvN9x+lvUftq
+rG0+wqxo/WQTy6ZLDUI83OY13zLXDKjRgPdqPYBAYxCY8CMayjDUv8axZVEfC7IX
+IYgqzZg0E0dfF3m9S+6WUfOYCS5qR2go7TxbrnDyhDiswd5r3TRX5U+asHm0iXTy
+Pmb0WY301mm1UPToOHSpweMuCw/n5as15o9CWeUJa/I0J6puM66ZRqGt8+7BSCu6
+ata0BYLBCUD8aqhgNQpcMAkTRUSr8LNgfgdxr2Ozr+FF39NXGfLihL18AQEvh3SI
+K/5YAnXV2oMRhOQttDJROOXByoY=
+=N6XF
+-----END PGP PUBLIC KEY BLOCK-----