subtree updates:nanbield: Jan 11, 2024

poky: bf9f2f6f60..61a59d00a0:
  Adam Johnston (1):
        useradd_base: Fix sed command line for passwd-expire

  Alexander Kanavin (1):
        cmake: upgrade 3.27.5 -> 3.27.7

  Anuj Mittal (1):
        gstreamer1.0: upgrade 1.22.6 -> 1.22.7

  Bastian Krause (1):
        linux-firmware: add new fw file to ${PN}-rtl8821

  Bruce Ashfield (25):
        linux-yocto/6.1: update to v6.1.59
        linux-yocto/6.1: update to v6.1.60
        linux-yocto/6.5: update to v6.5.8
        linux-yocto/6.5: update to v6.5.9
        kern-tools: make lower context patches reproducible
        kern-tools: bump SRCREV for queue processing changes
        kern-tools: update SRCREV to include SECURITY.md file
        kernel-yocto: improve metadata patching
        linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
        linux-yocto/6.1: update to v6.1.61
        linux-yocto/6.1: update to v6.1.62
        linux-yocto/6.1: update to v6.1.65
        linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
        linux-yocto/6.5: update to v6.5.10
        linux-yocto/6.5: cfg: split runtime and symbol debug
        linux-yocto/6.5: update to v6.5.11
        linux-yocto/6.5: update to v6.5.12
        linux-yocto/6.5: update to v6.5.13
        linux-yocto/6.1: drop removed IMA option
        linux-yocto-rt/6.1: update to -rt18
        linux-yocto/6.1: update to v6.1.66
        linux-yocto/6.1: update to v6.1.67
        linux-yocto/6.1: update to v6.1.68
        linux-yocto/6.5: drop removed IMA option
        linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector

  Chen Qi (1):
        systemd: fix DynamicUser issue

  Deepthi Hemraj (1):
        rust: Fix CVE-2023-40030

  Dhairya Nagodra (2):
        cve-update-nvd2-native: faster requests with API keys
        cve-update-nvd2-native: increase the delay between subsequent request failures

  Dmitry Baryshkov (9):
        linux-firmware: upgrade 20230804 -> 20231030
        linux-firmware: add missing depenencies on license packages
        linux-firmware: add notice file to sdm845 modem firmware
        linux-firmware: add audio topology symlink to the X13's audio package
        linux-firmware: package firmware for Qualcomm Adreno a702
        linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
        linux-firmware: package Qualcomm Venus 6.0 firmware
        linux-firmware: package Robotics RB5 sensors DSP firmware
        meson: use correct targets for rust binaries

  Fahad Arslan (1):
        linux-firmware: create separate packages

  Javier Tia (1):
        kernel-arch: use ccache only for compiler

  Jermain Horsman (2):
        lib/oe/buildcfg.py: Include missing import
        lib/oe/buildcfg.py: Remove unused parameter

  Joakim Tjernlund (1):
        sed -i destroys symlinks

  Joshua Watt (1):
        bitbake: asyncrpc: Add context manager API

  Julien Stephan (2):
        devtool: fix update-recipe dry-run mode
        devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM

  Justin Bronder (1):
        contributor-guide: add License-Update tag

  Khem Raj (1):
        python3-urllib3: Upgrade to 2.0.7

  Lee Chee Yang (10):
        migration-guides: add release notes for 4.3.1
        migration-guide: add release notes for 4.2.4
        migration-guide: add release notes for 4.0.14
        migration-guides: reword fix in release-notes-4.3.1
        migration-guides: add release notes for 4.0.15
        avahi: add CVE-2023-38473.patch to SRC_URL
        grub: fix CVE-2023-4692 CVE-2023-4693
        curl: fix CVE-2023-46218
        perlcross: update to 1.5.2
        perl: 5.38.0 -> 5.38.2

  Marco Felsch (1):
        json-c: fix icecc compilation

  Markus Volk (3):
        gtk: Add rdepend on printbackend for cups
        bluez5: fix connection for ps5/dualshock controllers
        cups: Add root,sys,wheel to system groups

  Marta Rybczynska (1):
        bitbake: toastergui: verify that an existing layer path is given

  Massimiliano Minella (1):
        systemd: update LICENSE statement

  Michael Opdenacker (14):
        migration-guides: release 3.5 is actually 4.0
        contributor-guide: fix command option
        dev-manual: layers: update link to YP Compatible form
        ref-manual: releases.svg: update nanbield release status
        manuals: fix URL
        test-manual: text and formatting fixes
        test-manual: resource updates
        test-manual: add links to python unittest
        test-manual: explicit or fix file paths
        test-manual: add or improve hyperlinks
        dev-manual: runtime-testing: fix test module name
        test-manual: use working example
        systemd-compat-units.bb: fix postinstall script
        ref-manual: update tested and supported distros

  Paul Barker (1):
        ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults

  Peter Kjellerstedt (3):
        oeqa/selftest/tinfoil: Add tests that parse virtual recipes
        dev-manual: Discourage the use of SRC_URI[md5sum]
        bitbake: command: Make parseRecipeFile() handle virtual recipes correctly

  Peter Marko (2):
        cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
        cve-update-nvd2-native: make number of fetch attemtps configurable

  Randy MacLeod (1):
        strace: backport fix for so_peerpidfd-test

  Rasmus Villemoes (1):
        perf: lift TARGET_CC_ARCH modification out of security_flags.inc

  Richard Purdie (7):
        qemu: Upgrade 8.1.0 -> 8.1.2
        sstate: Ensure sstate searches update file mtime
        testimage: Exclude wtmp from target-dumper commands
        bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
        linux/cve-exclusion6.1: Update to latest kernel point release
        package_ipk: Fix Source: field variable dependency
        testimage: Drop target_dumper and most of monitor_dumper

  Ross Burton (6):
        xwayland: upgrade to 23.2.2
        linux-yocto: update CVE exclusions
        linux-yocto: update CVE exclusions
        lib/oe/patch: ensure os.chdir restoring always happens
        tcl: skip timing-dependent tests in run-ptest
        tcl: skip async and event tests in run-ptest

  Shubham Kulkarni (1):
        tzdata: Upgrade to 2023d

  Simone Weiß (1):
        manuals: brief-yoctoprojectqs: align variable order with default local.conf

  Steve Sakoman (2):
        poky.conf: bump version for 4.3.2 release
        build-appliance-image: Update to nanbield head revision

  Sundeep KOKKONDA (2):
        glibc: stable 2.38 branch updates
        binutils: stable 2.41 branch updates

  Tim Orling (2):
        lsb-release: use https for UPSTREAM_CHECK_URI
        vim: upgrade 9.0.2068 -> 9.0.2130

  Trevor Gamblin (2):
        python3-ptest: skip test_storlines
        patchtest: shorten patch signed-off-by test output

  Vijay Anusuri (1):
        avahi: backport Debian patches to fix multiple CVE's

  Viswanath Kraleti (1):
        systemd-boot: Fix build issues on armv7a-linux

  Vyacheslav Yurkov (1):
        lib/oe/path: Deploy files can start only with a dot

  Wang Mingyu (16):
        base-passwd: upgrade 3.6.1 -> 3.6.2
        enchant2: upgrade 2.6.1 -> 2.6.2
        harfbuzz: upgrade 8.2.1 -> 8.2.2
        libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
        libnewt: upgrade 0.52.23 -> 0.52.24
        libnsl2: upgrade 2.0.0 -> 2.0.1
        msmtp: upgrade 1.8.24 -> 1.8.25
        glib-2.0: upgrade 2.78.0 -> 2.78.1
        xserver-xorg: upgrade 21.1.8 -> 21.1.9
        ghostscript: upgrade 10.02.0 -> 10.02.1
        libsolv: upgrade 0.7.25 -> 0.7.26
        bind: upgrade 9.18.19 -> 9.18.20
        ell: upgrade 0.59 -> 0.60
        libgcrypt: upgrade 1.10.2 -> 1.10.3
        libxslt: upgrade 1.1.38 -> 1.1.39
        log4cplus: upgrade 2.1.0 -> 2.1.1

  William Lyu (1):
        openssl: improve handshake test error reporting

  Zoltán Böszörményi (1):
        update_gtk_icon_cache: Fix for GTK4-only builds

meta-raspberrypi: 8231f97534..fde68b24f0:
  Lorenzo Arena (1):
        docs: fix syntax for overriding fs type for initramfs image

meta-openembedded: 1750c66ae8..2da6e1b0e4:
  Alexandre Belloni (1):
        poco: fix branch

  Christian Eggers (1):
        python3-gcovr: switch to main branch

  Dylan Turner (1):
        apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622

  Edi Feschiyan (1):
        libbytesize: update SRC_URI

  Fabio Estevam (3):
        openocd: Use https for github
        python3-piccata: Use https for github
        multipath-tools: Use https for github

  Jeffrey Pautler (1):
        apache2: add vendor to product name used for CVE checking

  Jonas Gorski (1):
        frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}

  Khem Raj (3):
        hwdata: upgrade 0.370 -> 0.375
        openvpn: upgrade 2.6.3 -> 2.6.6
        python3-scapy: upgrade to latest revision

  Ross Burton (1):
        yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460

  Wang Mingyu (3):
        hdf5: Fix install conflict when enable multilib.
        dnf-plugin-tui: Recover BBCLASSEXTEND variants
        strongswan: upgrade 5.9.11 -> 5.9.12

  Zoltán Böszörményi (3):
        python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
        python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
        geos: Fix packaging

meta-arm: 0bd7fece41..79c52afe74:
  Debbie Martin (2):
        arm-systemready: Add parted dependency and inherit testimage
        ci: Add Arm SystemReady firmware and IR ACS builds

  Harsimran Singh Tungal (1):
        arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions

Change-Id: I9e8e09b85674d653415c01932a5f7a3cbeca877e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

1 files changed, 194 insertions, 0 deletions

diff --git a/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb
new file mode 100644
index 0000000000..87d12bc6c8
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-support/strongswan/strongswan_5.9.12.bb
@@ -0,0 +1,194 @@
+DESCRIPTION = "strongSwan is an OpenSource IPsec implementation for the \
+Linux operating system."
+SUMMARY = "strongSwan is an OpenSource IPsec implementation"
+HOMEPAGE = "http://www.strongswan.org"
+SECTION = "net"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
+DEPENDS = "flex-native flex bison-native"
+DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '  tpm2-tss', '', d)}"
+
+SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \
+          "
+
+SRC_URI[sha256sum] = "5e6018b07cbe9f72c044c129955a13be3e2f799ceb53f53a4459da6a922b95e5"
+
+UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
+
+EXTRA_OECONF = " \
+        --without-lib-prefix \
+        --with-dev-headers=${includedir}/strongswan \
+"
+
+EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}"
+
+PACKAGECONFIG ?= "curl gmp openssl sqlite3 swanctl curve25519\
+        ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imc imc-hcd imc-os imc-scanner imc-attestation', '', d)} \
+        ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imv imv-hcd imv-os imv-scanner imv-attestation', '', d)} \
+"
+
+PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni"
+PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils"
+PACKAGECONFIG[charon] = "--enable-charon,--disable-charon,"
+PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl,${PN}-plugin-curl"
+PACKAGECONFIG[eap-identity] = "--enable-eap-identity,--disable-eap-identity,,${PN}-plugin-eap-identity"
+PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${PN}-plugin-eap-mschapv2"
+PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp"
+PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap"
+PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql"
+PACKAGECONFIG[nm] = "--enable-nm,--disable-nm,networkmanager,${PN}-nm"
+PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl"
+PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup"
+PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite"
+PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke"
+PACKAGECONFIG[swanctl] = "--enable-swanctl,--disable-swanctl,,libgcc"
+PACKAGECONFIG[curve25519] = "--enable-curve25519,--disable-curve25519,, ${PN}-plugin-curve25519"
+
+# requires swanctl
+PACKAGECONFIG[systemd-charon] = "--enable-systemd,--disable-systemd,systemd,"
+
+# tpm needs meta-tpm layer
+PACKAGECONFIG[tpm2] = "--enable-tpm,--disable-tpm,,${PN}-plugin-tpm"
+
+
+# integraty configuration needs meta-integraty
+#imc 
+PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,,  ${PN}-plugin-tnc-imc ${PN}-plugin-tnc-tnccs"
+PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,,"
+PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,,"
+PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,,"
+PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,,"
+PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima, json-c,"
+PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,,"
+
+#imv set
+PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,, ${PN}-plugin-tnc-imv ${PN}-plugin-tnc-tnccs"
+PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,,"
+PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,,"
+PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,,"
+PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,,"
+PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima, json-c,"
+PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,,"
+
+PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap, libxml2, ${PN}-plugin-tnc-ifmap"
+PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,, ${PN}-plugin-tnc-pdp"
+
+PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2, ${PN}-plugin-tnccs-11"
+PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,, ${PN}-plugin-tnccs-20"
+PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,${PN}-plugin-tnccs-dynamic"
+
+inherit autotools systemd pkgconfig
+
+RRECOMMENDS:${PN} = "kernel-module-ah4 \
+                     kernel-module-esp4 \
+                     kernel-module-xfrm-user \
+                    "
+
+FILES:${PN} += "${libdir}/ipsec/lib*${SOLIBS}"
+FILES:${PN}-dbg += "${bindir}/.debug ${sbindir}/.debug ${libdir}/ipsec/.debug ${libexecdir}/ipsec/.debug"
+FILES:${PN}-dev += "${libdir}/ipsec/lib*${SOLIBSDEV} ${libdir}/ipsec/*.la ${libdir}/ipsec/include/config.h"
+FILES:${PN}-staticdev += "${libdir}/ipsec/*.a"
+
+CONFFILES:${PN} = "${sysconfdir}/*.conf ${sysconfdir}/ipsec.d/*.conf ${sysconfdir}/strongswan.d/*.conf"
+
+PACKAGES += "${PN}-plugins"
+ALLOW_EMPTY:${PN}-plugins = "1"
+
+PACKAGE_BEFORE_PN = "${PN}-imcvs ${PN}-imcvs-dbg"
+ALLOW_EMPTY:${PN}-imcvs = "1"
+
+FILES:${PN}-imcvs = "${libdir}/ipsec/imcvs/*.so"
+FILES:${PN}-imcvs-dbg += "${libdir}/ipsec/imcvs/.debug"
+
+PACKAGES =+ "${PN}-nm ${PN}-nm-dbg"
+FILES:${PN}-nm = "${libexecdir}/ipsec/charon-nm ${datadir}/dbus-1/system.d/nm-strongswan-service.conf"
+FILES:${PN}-nm-dbg = "${libexecdir}/ipsec/.debug/charon-nm"
+
+PACKAGES_DYNAMIC += "^${PN}-plugin-.*$"
+NOAUTOPACKAGEDEBUG = "1"
+
+python split_strongswan_plugins () {
+    sysconfdir = d.expand('${sysconfdir}/strongswan.d/charon')
+    libdir = d.expand('${libdir}/ipsec/plugins')
+    dbglibdir = os.path.join(libdir, '.debug')
+
+    def add_plugin_conf(f, pkg, file_regex, output_pattern, modulename):
+        dvar = d.getVar('PKGD')
+        oldfiles = d.getVar('CONFFILES:' + pkg)
+        newfile = '/' + os.path.relpath(f, dvar)
+
+        if not oldfiles:
+            d.setVar('CONFFILES:' + pkg, newfile)
+        else:
+            d.setVar('CONFFILES:' + pkg, oldfiles + " " + newfile)
+
+    split_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True)
+    do_split_packages(d, sysconfdir, r'(.*)\.conf', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True, hook=add_plugin_conf)
+
+    split_dbg_packages = do_split_packages(d, dbglibdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s-dbg', 'strongSwan %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg')
+    split_dev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.la', '${PN}-plugin-%s-dev', 'strongSwan %s plugin - Development files', prepend=True, extra_depends='${PN}-dev')
+    split_staticdev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.a', '${PN}-plugin-%s-staticdev', 'strongSwan %s plugin - Development files (Static Libraries)', prepend=True, extra_depends='${PN}-staticdev')
+
+    if split_packages:
+        pn = d.getVar('PN')
+        d.setVar('RRECOMMENDS:' + pn + '-plugins', ' '.join(split_packages))
+        d.appendVar('RRECOMMENDS:' + pn + '-dbg', ' ' + ' '.join(split_dbg_packages))
+        d.appendVar('RRECOMMENDS:' + pn + '-dev', ' ' + ' '.join(split_dev_packages))
+        d.appendVar('RRECOMMENDS:' + pn + '-staticdev', ' ' + ' '.join(split_staticdev_packages))
+}
+
+PACKAGESPLITFUNCS:prepend = "split_strongswan_plugins "
+
+# Install some default plugins based on default strongSwan ./configure options
+# See https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist
+RDEPENDS:${PN} += "\
+    ${PN}-plugin-aes \
+    ${PN}-plugin-attr \
+    ${PN}-plugin-cmac \
+    ${PN}-plugin-constraints \
+    ${PN}-plugin-des \
+    ${PN}-plugin-dnskey \
+    ${PN}-plugin-drbg \
+    ${PN}-plugin-fips-prf \
+    ${PN}-plugin-gcm \
+    ${PN}-plugin-hmac \
+    ${PN}-plugin-kdf \
+    ${PN}-plugin-kernel-netlink \
+    ${PN}-plugin-md5 \
+    ${PN}-plugin-mgf1 \
+    ${PN}-plugin-nonce \
+    ${PN}-plugin-pem \
+    ${PN}-plugin-pgp \
+    ${PN}-plugin-pkcs1 \
+    ${PN}-plugin-pkcs7 \
+    ${PN}-plugin-pkcs8 \
+    ${PN}-plugin-pkcs12 \
+    ${PN}-plugin-pubkey \
+    ${PN}-plugin-random \
+    ${PN}-plugin-rc2 \
+    ${PN}-plugin-resolve \
+    ${PN}-plugin-revocation \
+    ${PN}-plugin-sha1 \
+    ${PN}-plugin-sha2 \
+    ${PN}-plugin-socket-default \
+    ${PN}-plugin-sshkey \
+    ${PN}-plugin-updown \
+    ${PN}-plugin-vici \
+    ${PN}-plugin-x509 \
+    ${PN}-plugin-xauth-generic \
+    ${PN}-plugin-xcbc \
+    "
+
+RPROVIDES:${PN} += "${PN}-systemd"
+RREPLACES:${PN} += "${PN}-systemd"
+RCONFLICTS:${PN} += "${PN}-systemd"
+
+# The deprecated legacy 'strongswan-starter' service should only be used when charon and
+# stroke are enabled. When swanctl is in use, 'strongswan.service' is needed.
+# See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
+SYSTEMD_SERVICE:${PN} = " \
+    ${@bb.utils.contains('PACKAGECONFIG', 'swanctl', '${BPN}.service', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'charon', '${BPN}-starter.service', '', d)} \
+"