save work

linux-distros/img/logo-and-typemark.svg

@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   sodipodi:docname="Logo and Typemark Distrust Black.svg"
+   inkscape:version="1.0 (4035a4fb49, 2020-05-01)"
+   id="svg1681"
+   version="1.1"
+   viewBox="0 0 715.534 416.74839"
+   height="416.74838mm"
+   width="715.534mm">
+  <defs
+     id="defs1675" />
+  <sodipodi:namedview
+     inkscape:window-maximized="1"
+     inkscape:window-y="-8"
+     inkscape:window-x="-8"
+     inkscape:window-height="1017"
+     inkscape:window-width="2560"
+     fit-margin-bottom="0"
+     fit-margin-right="0"
+     fit-margin-left="0"
+     fit-margin-top="0"
+     showgrid="false"
+     inkscape:document-rotation="0"
+     inkscape:current-layer="layer2"
+     inkscape:document-units="mm"
+     inkscape:cy="665.59708"
+     inkscape:cx="1940.0586"
+     inkscape:zoom="0.17037356"
+     inkscape:pageshadow="2"
+     inkscape:pageopacity="0.0"
+     borderopacity="1.0"
+     bordercolor="#666666"
+     pagecolor="#ffffff"
+     id="base" />
+  <metadata
+     id="metadata1678">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     transform="translate(-4.7070312e-6,2.2343751e-5)"
+     style="display:inline"
+     inkscape:label="Background"
+     id="layer3"
+     inkscape:groupmode="layer">
+    <rect
+       style="display:inline;opacity:1;fill:#f6f6fc;fill-opacity:1;stroke:none;stroke-width:4.44402;stroke-linecap:round;stroke-miterlimit:0.7;stroke-dasharray:none;stroke-opacity:1;stop-color:#000000"
+       id="rect2948-5-7-0"
+       width="715.534"
+       height="416.74838"
+       x="4.7070312e-06"
+       y="-2.2343751e-05"
+       ry="5.198699" />
+  </g>
+  <g
+     style="display:inline"
+     transform="translate(253.79218,-44.744439)"
+     id="layer1"
+     inkscape:groupmode="layer"
+     inkscape:label="Logomark">
+    <rect
+       ry="44.971153"
+       y="171.31633"
+       x="-210.81247"
+       height="163.02324"
+       width="163.02324"
+       id="rect2359-8-9-9-2-7-7-0-8-92-3-0-3-55-7-7-7-2-8-9"
+       style="display:inline;opacity:1;vector-effect:none;fill:#000000;fill-opacity:1;stroke:none;stroke-width:2.95808;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:0.7;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:stroke markers fill;stop-color:#000000;stop-opacity:1" />
+    <path
+       sodipodi:nodetypes="ccccscccccccccc"
+       transform="matrix(0.26458333,0,0,0.26458333,-253.79218,44.744461)"
+       d="m 357.625,630.07227 c -7.00702,0 -10.87983,-0.0735 -18.67578,7.72656 L 215.94727,760.80469 c -7.71292,7.70668 -7.72399,11.64251 -7.73438,18.63086 v 20.43359 c 0,6.98937 0.001,10.92122 7.69336,18.64453 l 76.07227,76.35352 37.32617,-37.32617 -67.58789,-67.83594 106.11132,-106.10938 67.58594,67.83594 37.33008,-37.32812 -75.96289,-76.24219 c -7.85828,-7.85095 -11.65705,-7.75552 -18.66406,-7.76172 z"
+       style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-variant-east-asian:normal;font-feature-settings:normal;font-variation-settings:normal;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;writing-mode:lr-tb;direction:ltr;text-orientation:mixed;dominant-baseline:auto;baseline-shift:baseline;text-anchor:start;white-space:normal;shape-padding:0;shape-margin:0;inline-size:0;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;vector-effect:none;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:52.7637;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:0.7;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate;stop-color:#000000;stop-opacity:1"
+       id="path1927-7-5-9-8-2-7-6-3-3-4-5-3-2-2-0" />
+    <path
+       transform="matrix(0.26458333,0,0,0.26458333,-253.79218,44.744461)"
+       d="m 638.80859,673.91797 -37.29297,37.29297 77.88282,78.41015 -106.11328,106.10938 -77.87696,-78.41211 -37.31445,37.31445 86.24023,86.82031 c 7.80639,7.80942 11.65642,7.77859 18.67383,7.79102 l 20.37891,0.0332 c 7.01741,0.0113 10.96165,0.0122 18.69531,-7.72656 l 123.01172,-123.0039 c 7.70254,-7.70147 7.71227,-11.62919 7.72266,-18.61133 v -20.44922 c 0,-6.98211 -0.14446,-11.06909 -7.66016,-18.63672 z"
+       style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-variant-east-asian:normal;font-feature-settings:normal;font-variation-settings:normal;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;writing-mode:lr-tb;direction:ltr;text-orientation:mixed;dominant-baseline:auto;baseline-shift:baseline;text-anchor:start;white-space:normal;shape-padding:0;shape-margin:0;inline-size:0;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;vector-effect:none;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:52.7637;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:0.7;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate;stop-color:#000000;stop-opacity:1"
+       id="path1931-4-9-5-1-0-2-97-3-8-9-0-1-4-7-55" />
+    <g
+       style="opacity:1"
+       transform="rotate(45)"
+       id="g2384">
+      <path
+         id="path2388"
+         d="m 82.066806,195.4617 h 7.870719 c 1.312176,0 2.368548,1.05637 2.368548,2.36855 v 146.25237 c 0,1.31218 -1.056372,2.36855 -2.368548,2.36855 h -7.870719 c -1.312176,0 -2.368549,-1.05637 -2.368549,-2.36855 V 197.83025 c 0,-1.31218 1.056373,-2.36855 2.368549,-2.36855 z"
+         style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-variant-east-asian:normal;font-feature-settings:normal;font-variation-settings:normal;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;writing-mode:lr-tb;direction:ltr;text-orientation:mixed;dominant-baseline:auto;baseline-shift:baseline;text-anchor:start;white-space:normal;shape-padding:0;shape-margin:0;inline-size:0;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;vector-effect:none;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:10.9437;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:0.7;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:stroke markers fill;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate;stop-color:#000000;stop-opacity:1" />
+    </g>
+  </g>
+  <g
+     transform="translate(-4.7070312e-6,2.2343751e-5)"
+     style="display:inline"
+     inkscape:label="Typemark"
+     id="layer2"
+     inkscape:groupmode="layer">
+    <g
+       aria-label="Distrust"
+       id="text2555-4-2-6"
+       style="font-weight:bold;font-size:514.235px;line-height:1.25;font-family:'Degular Display';-inkscape-font-specification:'Degular Display Bold';letter-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+       transform="matrix(0.27465827,0,0,0.27465827,-27451.331,-5763.2276)">
+      <path
+         d="m 100923.38,21652.386 h -48.96 v 184.05 h 51.47 q 90.15,0 90.15,-95.665 0,-45.699 -22.1,-67.042 -22.1,-21.343 -70.56,-21.343 z m -123.03,246.321 v -308.591 h 132.32 q 79.1,0 117.76,39.421 38.92,39.421 38.92,111.234 0,70.807 -41.68,114.497 -41.43,43.439 -114.49,43.439 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2692-8-9-2" />
+      <path
+         d="m 101181.76,21629.286 h -73.07 v -45.699 h 73.07 z m -1.01,269.421 h -70.56 v -243.81 h 70.56 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2694-4-8-6" />
+      <path
+         d="m 101312.57,21905.989 q -24.1,0 -42.93,-4.52 -18.58,-4.269 -30.89,-11.55 -12.3,-7.282 -21.09,-18.079 -8.54,-10.797 -13.06,-22.347 -4.51,-11.55 -6.77,-25.862 l 65.28,-12.806 q 5.27,21.343 17.32,32.391 12.06,10.797 33.65,10.797 33.65,0 34.4,-23.101 0,-10.545 -10.8,-17.074 -10.79,-6.528 -42.18,-12.805 -50.22,-10.546 -70.81,-28.625 -20.59,-18.078 -20.59,-48.963 0,-35.404 25.61,-55.24 25.87,-19.836 76.08,-19.836 50.22,0 75.33,19.083 25.11,18.832 32.64,54.989 l -66.79,14.814 q -4.52,-20.087 -14.31,-29.377 -9.54,-9.291 -27.37,-9.291 -15.31,0 -23.6,5.775 -8.29,5.775 -8.29,15.819 0,7.533 3.27,12.304 3.51,4.77 15.57,9.792 12.3,5.022 35.15,9.291 49.97,9.792 70.05,28.624 20.09,18.832 20.09,47.958 0,36.911 -25.86,57.5 -25.86,20.339 -79.1,20.339 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2696-0-2-4" />
+      <path
+         d="m 101451.68,21822.124 v -108.471 h -28.37 v -58.756 h 28.37 v -61.015 h 69.8 v 61.015 h 64.28 v 58.756 h -64.28 v 95.163 q 0,15.066 6.28,21.845 6.53,6.78 22.1,6.78 7.78,0 31.88,-5.524 l 7.79,64.781 q -16.32,5.022 -27.87,7.031 -11.55,2.26 -29.88,2.26 -40.18,0 -60.27,-23.352 -19.83,-23.351 -19.83,-60.513 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2698-80-9-7" />
+      <path
+         d="m 101674.9,21898.707 h -70.56 v -243.81 h 70.56 v 86.878 h 1 q 4.27,-27.369 10.3,-44.694 6.02,-17.577 14.56,-26.616 8.54,-9.039 17.83,-12.303 9.29,-3.265 23.1,-3.265 h 11.8 v 80.35 h -26.62 q -29.88,0 -40.92,10.043 -11.05,10.044 -11.05,37.162 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2700-6-5-4" />
+      <path
+         d="m 101922.47,21898.707 v -67.795 h -1 q -8.03,39.924 -28.37,57.5 -20.09,17.577 -50.97,17.577 -38.42,0 -57,-23.352 -18.58,-23.351 -18.58,-64.781 v -162.959 h 70.55 v 143.122 q 0,20.339 9.8,32.642 10.04,12.053 30.88,12.053 21.34,0 32.89,-11.551 11.8,-11.801 11.8,-33.144 v -143.122 h 69.81 v 243.81 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2702-9-9-3" />
+      <path
+         d="m 102123.1,21905.989 q -24.11,0 -42.94,-4.52 -18.58,-4.269 -30.88,-11.55 -12.31,-7.282 -21.1,-18.079 -8.53,-10.797 -13.05,-22.347 -4.52,-11.55 -6.78,-25.862 l 65.28,-12.806 q 5.27,21.343 17.33,32.391 12.05,10.797 33.64,10.797 33.65,0 34.4,-23.101 0,-10.545 -10.79,-17.074 -10.8,-6.528 -42.19,-12.805 -50.22,-10.546 -70.81,-28.625 -20.58,-18.078 -20.58,-48.963 0,-35.404 25.61,-55.24 25.86,-19.836 76.08,-19.836 50.22,0 75.32,19.083 25.11,18.832 32.65,54.989 l -66.79,14.814 q -4.52,-20.087 -14.32,-29.377 -9.54,-9.291 -27.36,-9.291 -15.32,0 -23.61,5.775 -8.28,5.775 -8.28,15.819 0,7.533 3.26,12.304 3.52,4.77 15.57,9.792 12.3,5.022 35.15,9.291 49.97,9.792 70.06,28.624 20.08,18.832 20.08,47.958 0,36.911 -25.86,57.5 -25.86,20.339 -79.09,20.339 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2704-7-46-3" />
+      <path
+         d="m 102262.2,21822.124 v -108.471 h -28.37 v -58.756 h 28.37 v -61.015 h 69.8 v 61.015 h 64.28 v 58.756 h -64.28 v 95.163 q 0,15.066 6.28,21.845 6.53,6.78 22.1,6.78 7.78,0 31.89,-5.524 l 7.78,64.781 q -16.32,5.022 -27.87,7.031 -11.55,2.26 -29.88,2.26 -40.18,0 -60.26,-23.352 -19.84,-23.351 -19.84,-60.513 z"
+         style="font-size:514.235px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:3.57108"
+         id="path2706-2-4-1" />
+    </g>
+  </g>
+</svg>

linux-distros/index.md

@@ -0,0 +1,301 @@
+---
+_class: lead
+paginate: true
+backgroundColor: #fff
+---
+
+<style>
+  /* Changed in Marp 4.0.0. Re-center. */
+    section.lead {
+        display: flex;
+    }
+
+    div.two-columns {
+        column-count: 2;
+    }
+</style>
+
+
+![](img/logo-and-typemark.svg)
+
+---
+
+# Anton Livaja
+
+Co-Founder & Security Engineer at Distrust (https://distrust.co)
+
+* Firm specializing in high assurance security consulting and engineering.
+
+* Clients: blockchain labs and companies, fin-tech, hedge funds, exchanges, 
+electrical grid operators, healthcare providers, etc.
+
+---
+
+# Trends in Supply Chain Security
+
+"[Supply chain threats increased by 1300% between 2020 and 2023]"
+
+- 2025 Software Supply Chain Security Report by ReversingLabs. 
+
+---
+
+# Linux Usage Statistics
+
+* 70%+ servers run Linux
+
+* ~5% desktop / laptop users use Linux
+
+* ~12 widely used Linux distributions
+
+---
+
+# Open Source vs Proprietary
+
+* High risk environments require verifiability
+
+* Proprietary software = security through obscurity 
+
+---
+
+# What is a "Linux Distribution"
+
+* Linux kernel
+
+* Software "packages"
+
+* Package manager
+
+* But they are not all equal...
+
+---
+
+# Linux Distribution Security 
+
+* What machine are packages built on?
+
+* Who maintains your Linux packages?
+
+* How are the packages delivered?
+
+---
+
+# Anatomy of a Package
+
+* Mainainer creates a "package"
+
+* The package is reviewed
+
+* A centralized server builds the binary and signs it
+
+---
+
+# Underutilized Strategies
+
+* Reproducible / deterministic builds
+
+* Full source bootstrapping
+
+* Cryptographic signing
+
+---
+
+# Reproducibility / Determinism
+
+---
+
+![](img/SolarWinds-logo.png)
+
+---
+
+![no-tamper-evidence](https://antonlivaja.com/images/binary-exploit-2.png)
+
+---
+
+![height:600px](https://antonlivaja.com/images/expanded-3-hashes.png)
+
+---
+
+# How Deep Do We Have to Go?
+
+* Compiler
+
+* Build and Runtime Environment
+  
+  * Operating System + Packages
+  
+  * Additional CLI / Tools
+
+* Software Application
+
+  * First Party Code
+
+  * Third Party Code
+
+---
+
+# Full Source Bootstrapping
+
+---
+
+![](img/xcodeghost.jpg)
+
+---
+
+# Who Compiles the Compiler?
+
+* Mostly downloaded as a binary
+
+* Even if the compiler is built from source, usually another compiler is used to do so
+
+* This means there is no clear providence to how we went from nothing to having a usable compiler
+
+---
+
+# Bootstrapping Compilers
+
+* Consists of "stages", and hundreds of steps of starting from a human auditable rudimentary compiler and building up all the way up to a modern compiler
+
+* Bootstrapping programming languages
+
+---
+
+# Cryptographic Signing
+
+* Code signing
+
+* Artifact signing
+
+* Multi-person signing
+
+---
+
+![](img/xzbackdoor.png)
+
+
+---
+
+# [Stageˣ]
+
+Open source Linux Distribution
+
+* Minimal, bootstrapped, hermetic, and deterministic 
+
+---
+
+![](img/stagex-chart-0.png)
+
+---
+
+![](img/stagex-chart-1.png)
+
+---
+# Full source bootstrapped from Stage 0
+
+From a <190 byte compiler written in machine code, StageX bootstraps all the 
+compiler tools necessary to build the distribution, 100% deterministically.
+
+- Stage 0: Getting a basic C compiler on x86 from hex0
+- Stage 1: Building GCC for x86
+- Stage 2: Upgrading GCC for x86_64
+- Stage 3: Building up-to-date toolchains
+- Stage X: Shipping the software you know and love
+
+---
+
+# A Rust Example
+
+```dockerfile
+FROM stagex/pallet-rust@sha256:b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c AS build
+ADD . /src
+WORKDIR /src
+ARG TARGET x86_64-unknown-linux-musl
+RUN cargo build --release --target ${TARGET}
+
+FROM scratch
+COPY --from=build /app/target/${TARGET}/release/hello /usr/bin/hello
+CMD ["/usr/bin/hello"]
+```
+
+---
+
+# All packages in StageX are:
+
+* Built using hash-locked sources
+
+* Confirmed reproducible by multiple developers
+
+* Signed by multiple release maintainers
+
+---
+
+# Pallets
+
+StageX offers prebuilt containers including all the packages necessary to run some of our most used software, such as:
+
+- `rust`
+- `go`
+- `nodejs`
+- `nginx`
+- `redis`
+- `postgres`
+
+---
+
+![](img/airgap-os.png)
+
+---
+
+# QubesOS
+
+---
+
+# Key Takeaways
+
+* Full-source bootstrap
+
+* Use bit for bit determinism
+
+* Leverage cryptographic signing 
+
+---
+
+# What's Next?
+
+* Adding SBOM
+
+* Packaging more software
+
+* Fully automating software updates
+
+* Additional container runtimes like Podman and Kaniko
+
+* Additional chip architecture support such as ARM and RISC-V
+
+---
+
+# How You Can Help
+
+* Provide feedback
+
+* Support with development efforts
+
+* Become a sponsor
+
+---
+
+# Links
+
+**Email**: anton@distrust.co / sales@distrust.co
+
+**Matrix Chat**: #stagex:matrix.org
+
+**Docker Hub**: https://hub.docker.com/u/stagex
+
+**Git Repo**: https://codeberg.org/stagex/stagex
+
+**AirgapOS**: https://git.distrust.co/public/airgap
+
+**EnclaveOS**: https://git.distrust.co/public/enclaveos
+
+
+

linux-distros/scripts/alpine.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+apk add cargo
+printf "DEPS (Alpine): %s\n" $(apk list --installed | tail -n +2 | wc -l)

linux-distros/scripts/archlinux.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+pacman -Syu --noconfirm rust
+printf "DEPS (Arch Linux): %s\n" $(pacman -Q | wc -l)

linux-distros/scripts/debian.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+apt-get update
+apt-get install -y cargo rustc
+printf "DEPS (Debian): %s\n" $(dpkg --get-selections | wc -l)

linux-distros/scripts/fedora.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+yum install -y cargo
+printf "DEPS (Fedora): %s\n" $(yum list installed | tail -n +2 | wc -l)

linux-distros/scripts/rust-deps.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+SCRIPTDIR="$(cd "$(dirname $0)"; pwd)"
+
+for distro in debian archlinux fedora alpine; do
+  docker run --rm -v "$SCRIPTDIR:/scripts:ro" $distro /bin/sh /scripts/$distro.sh | grep --color "^DEPS"
+done