create credential from snapshot

issue 100 new url in qr for evidence instead of device
2024-11-06 14:10:02 +01:00 · 2024-10-31 16:30:45 +01:00
7 changed files with 136 additions and 163 deletions
--- a/9
+++ b/9
@ -44,15 +44,6 @@ boot_iso_uefi_secureboot:
 		-drive file=deploy/iso/workbench_debug.iso,cache=none,if=virtio,format=raw,index=0,media=disk \
 		-boot menu=on

-# when you change something, you need to refresh it this way
-regenerate_pxe_install:
-	./deploy-workbench.sh
-	pxe/install-pxe.sh
-
-es_gen:
-	$(MAKE) es_gen_po
-	$(MAKE) es_gen_mo
-
 es_gen_po:
 	cp locale/es/LC_MESSAGES/messages.po locale/es/LC_MESSAGES/messages.pot.bak
 	pygettext3 -p locale/es/LC_MESSAGES/ workbench-script.py
--- a/deploy-workbench.sh
+++ b/deploy-workbench.sh
@ -199,12 +199,12 @@ create_persistence_partition() {
                mkdir -p "${tmp_rw_mount}"
                ${SUDO} mount "$(pwd)/${rw_img_path}" "${tmp_rw_mount}"
                ${SUDO} mkdir -p "${tmp_rw_mount}"
-                if [ ! -f "settings.ini" ]; then
-                        ${SUDO} cp -v settings.ini.example settings.ini
-                        echo "WARNING: settings.ini was not there, settings.ini.example was copied, this only happens once"
+                if [ -f "settings.ini" ]; then
+                        ${SUDO} cp -v settings.ini "${tmp_rw_mount}/settings.ini"
+                else
+                        echo "ERROR: settings.ini does not exist yet, cannot read config from there. You can take inspiration with file settings.ini.example"
+                        exit 1
                fi
-                ${SUDO} cp -v settings.ini "${tmp_rw_mount}/settings.ini"
-
                ${SUDO} umount "${tmp_rw_mount}"

                uuid="$(blkid "${rw_img_path}" | awk '{ print $3; }')"
@ -253,27 +253,6 @@ END2
 END
 )"

-
-# thanks https://wiki.debian.org/Keyboard
-chroot_kbd_conf_str="$(cat<<END
-chroot_kbd_conf() {
-                  ###################
-                  # configure keyboard
-                  cat > /etc/default/keyboard <<END2
-# KEYBOARD CONFIGURATION FILE
-#   generated by deploy-workbench.sh
-
-# Consult the keyboard(5) manual page.
-
-XKBMODEL="pc105"
-XKBLAYOUT="\${CUSTOM_LANG}"
-
-BACKSPACE="guess"
-END2
-}
-END
-)"
-
 prepare_app() {
        # prepare app during prepare_chroot_env
        workbench_dir="${ISO_PATH}/chroot/opt/workbench"
@ -301,15 +280,13 @@ if [ "\${nfs_host}" ]; then
        mount --bind /run/live/medium /mnt
        # debian live nfs path is readonly, do a trick
        #   to make snapshots subdir readwrite
-        mount -v \${nfs_host}:/snapshots /run/live/medium/snapshots
+        mount \${nfs_host}:/snapshots /run/live/medium/snapshots
        # reload mounts on systemd
        systemctl daemon-reload
 fi
 # clearly specify the right working directory, used in the python script as os.getcwd()
 cd /mnt
-#pipenv run python /opt/workbench/workbench-script.py --config /mnt/settings.ini
-# works meanwhile this project is vanilla python
-python /opt/workbench/workbench-script.py --config /mnt/settings.ini
+pipenv run python /opt/workbench/workbench-script.py --config /mnt/settings.ini

 stty echo
 set +x
@ -325,7 +302,7 @@ echo 'Install requirements'

 # Install debian requirements
 apt-get install -y --no-install-recommends \
-  sudo locales keyboard-configuration console-setup qrencode \
+  sudo locales \
  python-is-python3 python3 python3-dev python3-pip pipenv \
  dmidecode smartmontools hwinfo pciutils lshw nfs-common < /dev/null

@ -383,14 +360,8 @@ ${install_app_str}
 # thanks src https://serverfault.com/questions/362903/how-do-you-set-a-locale-non-interactively-on-debian-ubuntu
 export LANG=${LANG}
 export LC_ALL=${LANG}
-echo "${MYLOCALE}" > /etc/locale.gen
-# Generate the locale
-locale-gen
-# feeds /etc/default/locale for the shell env var
-update-locale LANG=${LANG} LC_ALL=${LANG}
 # this is a high level command that does locale-gen and update-locale altogether
-#   but it is too interactive
-#dpkg-reconfigure --frontend=noninteractive locales
+dpkg-reconfigure --frontend=noninteractive locales
 # DEBUG
 locale -a

@ -416,9 +387,6 @@ apt-get install -y --no-install-recommends \
  < /dev/null

 ${chroot_netdns_conf_str}
-CUSTOM_LANG=${CUSTOM_LANG}
-${chroot_kbd_conf_str}
-chroot_kbd_conf

 # Set up root user
 #   this is the root password
@ -438,19 +406,7 @@ CHROOT
 }

 prepare_chroot_env() {
-        CUSTOM_LANG="${CUSTOM_LANG:-es}"
-        case "${CUSTOM_LANG}" in
-                es)
-                        export LANG="es_ES.UTF-8"
-                        export MYLOCALE="${LANG} UTF-8"
-                        ;;
-                en)
-                        export LANG="en_US.UTF-8"
-                        ;;
-                *)
-                        echo "ERROR: CUSTOM_LANG not supported. Available: es"
-                        exit 1
-        esac
+        LANG="${CUSTOM_LANG:-es_ES.UTF-8}"
        # version of debian the bootstrap is going to build
        #   if no VERSION_CODENAME is specified we assume that the bootstrap is going to
        #   be build with the same version of debian being executed because some files
@ -474,7 +430,6 @@ prepare_chroot_env() {
        prepare_app
 }

-
 # thanks https://willhaley.com/blog/custom-debian-live-environment/
 install_requirements() {
        # Install requirements
--- a/locale/es/LC_MESSAGES/messages.mo
+++ b/locale/es/LC_MESSAGES/messages.mo
--- a/locale/es/LC_MESSAGES/messages.po
+++ b/locale/es/LC_MESSAGES/messages.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-11-08 18:25+0100\n"
+"POT-Creation-Date: 2024-10-15 21:15+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -17,19 +17,19 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"

-#: workbench-script.py:49 workbench-script.py:54
+#: workbench-script.py:48 workbench-script.py:53
 msgid "Running command `%s`"
 msgstr "Ejecutando comando `%s`"

-#: workbench-script.py:279
+#: workbench-script.py:284
 msgid "Created snapshots directory at '%s'"
 msgstr "Creado directorio de snapshots en '%s'"

-#: workbench-script.py:282
+#: workbench-script.py:287
 msgid "Snapshot written in path '%s'"
 msgstr "Snapshot escrito en ruta '%s'"

-#: workbench-script.py:285
+#: workbench-script.py:290
 msgid ""
 "Attempting to save file in actual path. Reason: Failed to write in snapshots "
 "directory:\n"
@ -39,11 +39,11 @@ msgstr ""
 "escribir en el directorio de snapshots:\n"
 "    %s."

-#: workbench-script.py:292
+#: workbench-script.py:297
 msgid "Snapshot written in fallback path '%s'"
 msgstr "Snapshot escrito en ruta alternativa '%s'"

-#: workbench-script.py:294
+#: workbench-script.py:299
 msgid ""
 "Could not save snapshot locally. Reason: Failed to write in fallback path:\n"
 "    %s"
@ -52,53 +52,49 @@ msgstr ""
 "alternativa:\n"
 "    %s"

-#: workbench-script.py:317
+#: workbench-script.py:316
 msgid "Snapshot successfully sent to '%s'"
 msgstr "Snapshot enviado con éxito a '%s'"

-#: workbench-script.py:335
-msgid "Snapshot %s could not be sent to URL '%s'"
-msgstr "Snapshot %s no se pudo enviar a la URL '%s'"
-
-#: workbench-script.py:338
+#: workbench-script.py:331
 msgid ""
-"Snapshot %s not remotely sent to URL '%s'. Do you have internet? Is your "
-"server up & running? Is the url token authorized?\n"
+"Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server "
+"up & running? Is the url token authorized?\n"
 "    %s"
 msgstr ""
-"Snapshot %s no enviado remotamente a la URL '%s'. Tienes internet? Está el "
+"Snapshot no enviado remotamente a la URL '%s'. Tienes internet? Está el "
 "servidor en marcha? Está autorizado el url token?\n"
 "    %s"

-#: workbench-script.py:350
+#: workbench-script.py:342
 msgid "Found config file in path: %s."
 msgstr "Encontrado fichero de configuración en ruta: %s."

-#: workbench-script.py:361
+#: workbench-script.py:353
 msgid "Config file '%s' not found. Using default values."
 msgstr ""
 "Fichero de configuración '%s' no encontrado. Utilizando valores por defecto."

-#: workbench-script.py:379
+#: workbench-script.py:373
 msgid "workbench-script.py [-h] [--config CONFIG]"
 msgstr ""

-#: workbench-script.py:380
+#: workbench-script.py:374
 msgid "Optional config loader for workbench."
 msgstr "Cargador opcional de configuración para workbench"

-#: workbench-script.py:383
+#: workbench-script.py:377
 msgid ""
 "path to the config file. Defaults to 'settings.ini' in the current directory."
 msgstr ""
 "ruta al fichero de configuración. Por defecto es 'settings.ini' en el "
 "directorio actual"

-#: workbench-script.py:416
+#: workbench-script.py:410
 msgid "START"
 msgstr "INICIO"

-#: workbench-script.py:430
+#: workbench-script.py:423
 msgid ""
 "This script must be run as root. Collected data will be incomplete or "
 "unusable"
@ -106,6 +102,6 @@ msgstr ""
 "Es conveniente que este script sea ejecutado como administrador (root). Los "
 "datos recopilados serán incompletos o no usables."

-#: workbench-script.py:448
+#: workbench-script.py:441
 msgid "END"
 msgstr "FIN"
--- a/pxe/install-pxe.sh
+++ b/pxe/install-pxe.sh
@ -37,7 +37,7 @@ backup_file() {

        if [ -f "${target}" ]; then
                if ! grep -q 'we should do a backup' "${target}"; then
-                        ${SUDO} cp -v -a "${target}" "${target}-bak_${ts}"
+                        ${SUDO} cp -a "${target}" "${target}-bak_${ts}"
                fi
        fi
 }
@ -69,14 +69,14 @@ END
        # reload nfs exports
        ${SUDO} exportfs -vra

-        if [ ! -f ./settings.ini ]; then
-                cp -v ./settings.ini.example ./settings.ini
-                echo "WARNING: settings.ini was not there, settings.ini.example was copied, this only happens once"
-        fi

        if [ ! -f "${nfs_path}/settings.ini" ]; then
-                ${SUDO} cp -v settings.ini "${nfs_path}/settings.ini"
-                echo "WARNING: ${nfs_path}/settings.ini was not there, ./settings.ini was copied, this only happens once"
+                if [ -f "settings.ini" ]; then
+                        ${SUDO} cp settings.ini "${nfs_path}/settings.ini"
+                else
+                        echo "ERROR: $(pwd)/settings.ini does not exist yet, cannot read config from there. You can take inspiration with file $(pwd)/settings.ini.example"
+                        exit 1
+                fi
        fi
 }

@ -93,7 +93,6 @@ pxe-service=x86PC,"Network Boot",pxelinux
 enable-tftp
 tftp-root=${tftp_path}
 END
-        sudo systemctl restart dnsmasq || true
 }

 install_netboot() {
@ -111,12 +110,8 @@ install_netboot() {
                ${SUDO} cp -fv "${PXE_DIR}/../iso/staging/live/vmlinuz" "${tftp_path}/"
                ${SUDO} cp -fv "${PXE_DIR}/../iso/staging/live/initrd" "${tftp_path}/"

-                ${SUDO} cp -v /usr/lib/syslinux/memdisk "${tftp_path}/"
-                ${SUDO} cp -v /usr/lib/syslinux/modules/bios/* "${tftp_path}/"
-                if [ ! -f ./pxe-menu.cfg ]; then
-                        ${SUDO} cp -v ./pxe-menu.cfg.example pxe-menu.cfg
-                        echo "WARNING: pxe-menu.cfg was not there, pxe-menu.cfg.example was copied, this only happens once"
-                fi
+                ${SUDO} cp /usr/lib/syslinux/memdisk "${tftp_path}/"
+                ${SUDO} cp /usr/lib/syslinux/modules/bios/* "${tftp_path}/"
                envsubst < ./pxe-menu.cfg | ${SUDO} tee "${tftp_path}/pxelinux.cfg/default"
        fi

@ -133,11 +128,11 @@ init_config() {

        PXE_DIR="$(pwd)"

-        if [ ! -f ./.env ]; then
-                cp -v ./.env.example ./.env
-                echo "WARNING: .env was not there, .env.example was copied, this only happens once"
+        if [ -f ./.env ]; then
+                . ./.env
+        else
+                echo "PXE: WARNING: $(pwd)/.env does not exist yet, cannot read config from there. You can take inspiration with file $(pwd)/.env.example"
        fi
-        . ./.env
        VERSION_CODENAME="${VERSION_CODENAME:-bookworm}"
        tftp_path="${tftp_path:-/srv/pxe-tftp}"
        # vars used in envsubst require to be exported:
--- a/settings.ini.example
+++ b/settings.ini.example
@ -1,10 +1,9 @@
 [settings]
-url = http://localhost:8000/api/v1/snapshot/
-#url = https://demo.ereuse.org/api/v1/snapshot/
-# sample token that works with default deployment such as the previous two urls
-token = 5018dd65-9abd-4a62-8896-80f34ac66150
-
+url = http://localhost:8000/api/snapshot/
+token = '1234'
+# wb_sign_token = "27de6ad7-cee2-4fe8-84d4-c7eea9c969c8"
+# url_wallet = "http://localhost"
 # path = /path/to/save
 # device = your_device_name
 # # erase = basic
-# legacy = True
+# legacy = true
--- a/workbench-script.py
+++ b/workbench-script.py
@ -13,22 +13,39 @@ import gettext
 import locale
 import logging

+from pathlib import Path
+from string import Template
 from datetime import datetime


+BASE_DIR = Path(__file__).resolve().parent
+
+
+SNAPSHOT_BASE = {
+    'timestamp': str(datetime.now()),
+    'type': 'Snapshot',
+    'uuid': str(uuid.uuid4()),
+    'software': "workbench-script",
+    'version': "0.0.1",
+    'token_hash': "",
+    'data': {},
+    'erase': []
+}
+
+
 ## Legacy Functions ##

 def convert_to_legacy_snapshot(snapshot):
-    snapshot["sid"] = str(uuid.uuid4()).split("-")[0]
+    snapshot["sid"] = str(uuid.uuid4()).split("-")[1]
    snapshot["software"] = "workbench-script"
    snapshot["version"] = "dev"
    snapshot["schema_api"] = "1.0.0"
    snapshot["settings_version"] = "No Settings Version (NaN)"
    snapshot["timestamp"] = snapshot["timestamp"].replace(" ", "T")
    snapshot["data"]["smart"] = snapshot["data"]["disks"]
-    snapshot["data"]["lshw"] = json.loads(snapshot["data"]["lshw"])
    snapshot["data"].pop("disks")
    snapshot.pop("erase")
+    snapshot.pop("token_hash")

 ## End Legacy Functions ##

@ -59,17 +76,16 @@ def exec_cmd_erase(cmd):
 ## End Utility functions ##


-SNAPSHOT_BASE = {
-    'timestamp': str(datetime.now()),
-    'type': 'Snapshot',
-    'uuid': str(uuid.uuid4()),
-    'software': "workbench-script",
-    'version': "0.0.1",
-    'data': {},
-    'erase': []
-}
-
+def convert_to_credential(snapshot):
+    snapshot["data"] = json.dumps(snapshot["data"])
+    file_path = os.path.join(BASE_DIR, "templates", "snapshot.json")
+    with open(file_path) as f:
+        ff = f.read()
+        template = Template(ff)
+        cred = template.substitute(**snapshot)
+    return cred

+    
 ## Command Functions ##
 ## Erase Functions ##
 ## Xavier Functions ##
@ -266,20 +282,20 @@ def gen_snapshot(all_disks):
    return snapshot


-def save_snapshot_in_disk(snapshot, path):
+def save_snapshot_in_disk(snapshot, path, snap_uuid):
    snapshot_path = os.path.join(path, 'snapshots')

    filename = "{}/{}_{}.json".format(
        snapshot_path,
        datetime.now().strftime("%Y%m%d-%H_%M_%S"),
-        snapshot['uuid'])
+        snap_uuid)

    try:
        if not os.path.exists(snapshot_path):
            os.makedirs(snapshot_path)
            logger.info(_("Created snapshots directory at '%s'"), snapshot_path)
        with open(filename, "w") as f:
-            f.write(json.dumps(snapshot))
+            f.write(snapshot)
        logger.info(_("Snapshot written in path '%s'"), filename)
    except Exception as e:
        try:
@ -287,21 +303,48 @@ def save_snapshot_in_disk(snapshot, path):
            fallback_filename = "{}/{}_{}.json".format(
                path,
                datetime.now().strftime("%Y%m%d-%H_%M_%S"),
-                snapshot['uuid'])
+                snap_uuid)
            with open(fallback_filename, "w") as f:
-                f.write(json.dumps(snapshot))
+                f.write(snapshot)
                logger.warning(_("Snapshot written in fallback path '%s'"), fallback_filename)
        except Exception as e:
            logger.error(_("Could not save snapshot locally. Reason: Failed to write in fallback path:\n    %s"), e)

+
+def send_to_sign_credential(cred, token, url):
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Content-Type": "application/json"
+    }
+    
+    try:
+        data = json.dumps(cred).encode('utf-8')
+        request = urllib.request.Request(url, data=data, headers=headers)
+        with urllib.request.urlopen(request) as response:
+            status_code = response.getcode()
+            #response_text = response.read().decode('utf-8')
+
+        if 200 <= status_code < 300:
+            logger.info(_("Credential successfully signed"))
+        else:
+            logger.error(_("Credential cannot signed in '%s'"), url)
+
+    except Exception as e:
+        logger.error(_("Credential not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n    %s"), url, e)
+
+    
+    
 # TODO sanitize url, if url is like this, it fails
 #   url = 'http://127.0.0.1:8000/api/snapshot/'
-def send_snapshot_to_devicehub(snapshot, token, url, legacy):
+def send_snapshot_to_devicehub(snapshot, token, url):
    url_components = urllib.parse.urlparse(url)
    ev_path = "evidence/{}".format(snapshot["uuid"])
-    components = (url_components.scheme, url_components.netloc, ev_path, '', '', '')
+    components = (url_components.schema, url_components.netloc, ev_path, '', '', '')
    ev_url = urllib.parse.urlunparse(components)
    # apt install qrencode
+    qr = "echo {} | qrencode -t ANSI".format(ev_url)
+    print(exec_cmd(qr))
+    print(ev_url)

    headers = {
        "Authorization": f"Bearer {token}",
@ -312,38 +355,15 @@ def send_snapshot_to_devicehub(snapshot, token, url, legacy):
        request = urllib.request.Request(url, data=data, headers=headers)
        with urllib.request.urlopen(request) as response:
            status_code = response.getcode()
-            response_text = response.read().decode('utf-8')
+            #response_text = response.read().decode('utf-8')

        if 200 <= status_code < 300:
            logger.info(_("Snapshot successfully sent to '%s'"), url)
-            if legacy:
-                try:
-                    response = json.loads(response_text)
-                    public_url = response.get('public_url')
-                    dhid = response.get('dhid')
-                    if public_url:
-                        # apt install qrencode
-                        qr = "echo {} | qrencode -t ANSI".format(public_url)
-                        print(exec_cmd(qr))
-                        print("url: {}".format(public_url))
-                    if dhid:
-                        print("dhid: {}".format(dhid))
-                except Exception:
-                    logger.error(response_text)
-            else:
-                qr = "echo {} | qrencode -t ANSI".format(ev_url)
-                print(exec_cmd(qr))
-                print(f"url: {ev_url}")
        else:
-            logger.error(_("Snapshot %s could not be sent to URL '%s'"), snapshot["uuid"], url)
-    # TODO review all the try-except thing here; maybe the try inside legacy does not make sense anymore
-    except urllib.error.HTTPError as e:
-        error_details = e.read().decode('utf-8')  # Get the error response body
-        logger.error(_("Snapshot %s not remotely sent to URL '%s'. Server responded with error:\n  %s"),
-                 snapshot["uuid"], url, error_details)
+            logger.error(_("Snapshot cannot sent to '%s'"), url)

    except Exception as e:
-        logger.error(_("Snapshot %s not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n    %s"), snapshot["uuid"], url, e)
+        logger.error(_("Snapshot not remotely sent to URL '%s'. Do you have internet? Is your server up & running? Is the url token authorized?\n    %s"), url, e)


 def load_config(config_file="settings.ini"):
@ -365,6 +385,8 @@ def load_config(config_file="settings.ini"):
        device = config.get('settings', 'device', fallback=None)
        erase = config.get('settings', 'erase', fallback=None)
        legacy = config.get('settings', 'legacy', fallback=None)
+        url_wallet = config.get('settings', 'url_wallet', fallback=None)
+        wb_sign_token = config.get('settings', 'wb_sign_token', fallback=None)
    else:
        logger.error(_("Config file '%s' not found. Using default values."), config_file)
        path = os.path.join(os.getcwd())
@ -376,7 +398,9 @@ def load_config(config_file="settings.ini"):
        'token': token,
        'device': device,
        'erase': erase,
-        'legacy': legacy
+        'legacy': legacy,
+        'wb_sign_token': wb_sign_token,
+        'url_wallet': url_wallet
    }

 def parse_args():
@ -430,7 +454,6 @@ def main():
    config_file = args.config

    config = load_config(config_file)
-    legacy = config.get("legacy")

    # TODO show warning if non root, means data is not complete
    #   if annotate as potentially invalid snapshot (pending the new API to be done)
@ -439,19 +462,33 @@ def main():

    all_disks = get_disks()
    snapshot = gen_snapshot(all_disks)
+    snap_uuid = snapshot["uuid"]

    if config['erase'] and config['device'] and not config.get("legacy"):
        snapshot['erase'] = gen_erase(all_disks, config['erase'], user_disk=config['device'])
    elif config['erase'] and not config.get("legacy"):
        snapshot['erase'] = gen_erase(all_disks, config['erase'])

-    if legacy:
-        convert_to_legacy_snapshot(snapshot)

-    save_snapshot_in_disk(snapshot, config['path'])
+    if config.get("wb_sign_token"):
+        tk = config.get("wb_sign_token").encode("utf8")
+        snapshot["token_hash"] = hashlib.hash256(tk).hexdigest()
+
+    if config.get("legacy"):
+        convert_to_legacy_snapshot(snapshot)
+        snapshot = json.dumps(snapshot)
+    else:
+        snapshot = convert_to_credential(snapshot)
+        url_wallet = config.get("url_wallet")
+        wb_sign_token = config.get("wb_sign_token")
+        if url_wallet and wb_sign_token:
+            snapshot = send_to_sign_credential(snapshot, wb_sign_token, url_wallet)
+
+
+    save_snapshot_in_disk(snapshot, config['path'], snap_uuid)

    if config['url']:
-        send_snapshot_to_devicehub(snapshot, config['token'], config['url'], legacy)
+        send_snapshot_to_devicehub(snapshot, config['token'], config['url'])

    logger.info(_("END"))
Author	SHA1	Message	Date
Cayo Puigdefabregas	468b6f63c4	create credential from snapshot	2024-11-06 14:10:02 +01:00
Cayo Puigdefabregas	7ebff00e2e	issue 100 new url in qr for evidence instead of device	2024-10-31 16:30:45 +01:00