From 6f8f8aa46481edb18a320cc848b0f46790b262a1 Mon Sep 17 00:00:00 2001 From: Petr Ruzicka Date: Fri, 19 Jul 2019 13:14:21 +0200 Subject: [PATCH] Simplify the helm chart part + addes few screenshots + all outputs updated --- docs/part-01/README.md | 51 ++-- docs/part-02/README.md | 2 +- docs/part-03/README.md | 133 +++++------ docs/part-04/README.md | 122 +++++----- docs/part-06/README.md | 224 +++++++----------- docs/part-06/harbor_upload_chart_files.png | Bin 0 -> 41081 bytes docs/part-07/README.md | 36 +-- docs/part-08/README.md | 63 +++-- ...t_library_examples-bookinfo-reviews-v3.png | Bin 0 -> 112572 bytes docs/part-08/harbor_project_new_member.png | Bin 0 -> 43851 bytes .../harbor_project_repository_list.png | Bin 0 -> 75016 bytes docs/part-09/README.md | 9 +- tests/tests.sh | 1 - 13 files changed, 307 insertions(+), 334 deletions(-) create mode 100644 docs/part-06/harbor_upload_chart_files.png create mode 100644 docs/part-08/harbor_project_library_examples-bookinfo-reviews-v3.png create mode 100644 docs/part-08/harbor_project_new_member.png create mode 100644 docs/part-08/harbor_project_repository_list.png diff --git a/docs/part-01/README.md b/docs/part-01/README.md index c3138c97..47ddaa8b 100644 --- a/docs/part-01/README.md +++ b/docs/part-01/README.md @@ -187,30 +187,31 @@ Output: ```text [ℹ] using region eu-central-1 -[ℹ] setting availability zones to [eu-central-1a eu-central-1c eu-central-1b] -[ℹ] subnets for eu-central-1a - public:192.168.0.0/19 private:192.168.96.0/19 -[ℹ] subnets for eu-central-1c - public:192.168.32.0/19 private:192.168.128.0/19 -[ℹ] subnets for eu-central-1b - public:192.168.64.0/19 private:192.168.160.0/19 -[ℹ] nodegroup "ng-e5b7f19b" will use "ami-0d741ed58ca5b342e" [AmazonLinux2/1.12] -[ℹ] using SSH public key "/home/pruzicka/.ssh/id_rsa.pub" as "eksctl-pruzicka-k8s-harbor-nodegroup-ng-e5b7f19b-a3:84:e4:0d:af:5f:c8:40:da:71:68:8a:74:c7:ba:16" +[ℹ] setting availability zones to [eu-central-1c eu-central-1b eu-central-1a] +[ℹ] subnets for eu-central-1c - public:192.168.0.0/19 private:192.168.96.0/19 +[ℹ] subnets for eu-central-1b - public:192.168.32.0/19 private:192.168.128.0/19 +[ℹ] subnets for eu-central-1a - public:192.168.64.0/19 private:192.168.160.0/19 +[ℹ] nodegroup "ng-d1b535b2" will use "ami-0b7127e7a2a38802a" [AmazonLinux2/1.13] +[ℹ] using SSH public key "/home/pruzicka/.ssh/id_rsa.pub" as "eksctl-pruzicka-k8s-harbor-nodegroup-ng-d1b535b2-a3:84:e4:0d:af:5f:c8:40:da:71:68:8a:74:c7:ba:16" +[ℹ] using Kubernetes version 1.13 [ℹ] creating EKS cluster "pruzicka-k8s-harbor" in "eu-central-1" region [ℹ] will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup [ℹ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=eu-central-1 --name=pruzicka-k8s-harbor' -[ℹ] 2 sequential tasks: { create cluster control plane "pruzicka-k8s-harbor", create nodegroup "ng-e5b7f19b" } +[ℹ] 2 sequential tasks: { create cluster control plane "pruzicka-k8s-harbor", create nodegroup "ng-d1b535b2" } [ℹ] building cluster stack "eksctl-pruzicka-k8s-harbor-cluster" [ℹ] deploying stack "eksctl-pruzicka-k8s-harbor-cluster" -[ℹ] building nodegroup stack "eksctl-pruzicka-k8s-harbor-nodegroup-ng-e5b7f19b" -[ℹ] --nodes-min=2 was set automatically for nodegroup ng-e5b7f19b -[ℹ] --nodes-max=2 was set automatically for nodegroup ng-e5b7f19b -[ℹ] deploying stack "eksctl-pruzicka-k8s-harbor-nodegroup-ng-e5b7f19b" +[ℹ] building nodegroup stack "eksctl-pruzicka-k8s-harbor-nodegroup-ng-d1b535b2" +[ℹ] --nodes-min=2 was set automatically for nodegroup ng-d1b535b2 +[ℹ] --nodes-max=2 was set automatically for nodegroup ng-d1b535b2 +[ℹ] deploying stack "eksctl-pruzicka-k8s-harbor-nodegroup-ng-d1b535b2" [✔] all EKS cluster resource for "pruzicka-k8s-harbor" had been created [✔] saved kubeconfig as "kubeconfig.conf" -[ℹ] adding role "arn:aws:iam::822044714040:role/eksctl-pruzicka-k8s-harbor-nodegr-NodeInstanceRole-DRP0Z9AD52O7" to auth ConfigMap -[ℹ] nodegroup "ng-e5b7f19b" has 0 node(s) -[ℹ] waiting for at least 2 node(s) to become ready in "ng-e5b7f19b" -[ℹ] nodegroup "ng-e5b7f19b" has 2 node(s) -[ℹ] node "ip-192-168-31-245.eu-central-1.compute.internal" is ready -[ℹ] node "ip-192-168-83-237.eu-central-1.compute.internal" is ready +[ℹ] adding role "arn:aws:iam::822044714040:role/eksctl-pruzicka-k8s-harbor-nodegr-NodeInstanceRole-A4XWMWDV73D9" to auth ConfigMap +[ℹ] nodegroup "ng-d1b535b2" has 0 node(s) +[ℹ] waiting for at least 2 node(s) to become ready in "ng-d1b535b2" +[ℹ] nodegroup "ng-d1b535b2" has 2 node(s) +[ℹ] node "ip-192-168-56-161.eu-central-1.compute.internal" is ready +[ℹ] node "ip-192-168-9-2.eu-central-1.compute.internal" is ready [ℹ] kubectl command should work with "kubeconfig.conf", try 'kubectl --kubeconfig=kubeconfig.conf get nodes' [✔] EKS cluster "pruzicka-k8s-harbor" in "eu-central-1" region is ready ``` @@ -257,9 +258,9 @@ kubectl get nodes -o wide Output: ```text -NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-192-168-4-142.eu-central-1.compute.internal Ready 3h3m v1.12.7 192.168.4.142 3.121.162.89 Amazon Linux 2 4.14.123-111.109.amzn2.x86_64 docker://18.6.1 -ip-192-168-60-201.eu-central-1.compute.internal Ready 3h3m v1.12.7 192.168.60.201 18.196.144.15 Amazon Linux 2 4.14.123-111.109.amzn2.x86_64 docker://18.6.1 +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +ip-192-168-56-161.eu-central-1.compute.internal Ready 46m v1.13.7-eks-c57ff8 192.168.56.161 54.93.96.15 Amazon Linux 2 4.14.128-112.105.amzn2.x86_64 docker://18.6.1 +ip-192-168-9-2.eu-central-1.compute.internal Ready 46m v1.13.7-eks-c57ff8 192.168.9.2 18.196.16.153 Amazon Linux 2 4.14.128-112.105.amzn2.x86_64 docker://18.6.1 ``` ![EKS High Level](https://raw.githubusercontent.com/aws-samples/eks-workshop/3e7da75de884d9efeec8e8ba21161169d3e80da7/static/images/introduction/eks-high-level.svg?sanitize=true @@ -277,11 +278,11 @@ done Output: ```text -*** 3.121.162.89 - 07:51:26 up 3:04, 0 users, load average: 0.05, 0.09, 0.08 -*** 18.196.144.15 - 07:51:26 up 3:04, 0 users, load average: 0.05, 0.15, 0.11 -``` +*** 54.93.96.15 + 10:16:43 up 48 min, 0 users, load average: 1.03, 0.47, 0.25 +*** 18.196.16.153 + 10:16:43 up 48 min, 0 users, load average: 0.64, 0.91, 0.61 + ``` At the end of the output you should see 2 IP addresses which should be accessible by SSH using your public key `~/.ssh/id_rsa.pub`. diff --git a/docs/part-02/README.md b/docs/part-02/README.md index 46075398..7347e27f 100644 --- a/docs/part-02/README.md +++ b/docs/part-02/README.md @@ -60,7 +60,7 @@ Output: ```text NAME READY STATUS RESTARTS AGE -tiller-deploy-7b659b7fbd-rwqmr 1/1 Running 0 165m +tiller-deploy-845fb7cfc6-k47c2 1/1 Running 0 9s ``` Add [Helm plugin](https://github.com/chartmuseum/helm-push) to push chart diff --git a/docs/part-03/README.md b/docs/part-03/README.md index f6e321bb..69566aee 100644 --- a/docs/part-03/README.md +++ b/docs/part-03/README.md @@ -56,40 +56,40 @@ Output: ```text "jetstack" has been added to your repositories NAME: cert-manager -LAST DEPLOYED: Tue Jun 25 09:54:02 2019 +LAST DEPLOYED: Fri Jul 19 11:47:58 2019 NAMESPACE: cert-manager STATUS: DEPLOYED RESOURCES: ==> v1/ClusterRole NAME AGE -cert-manager-edit 7s -cert-manager-view 7s +cert-manager-edit 10s +cert-manager-view 10s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE -cert-manager-776cd4f499-jtpjr 1/1 Running 0 7s -cert-manager-cainjector-744b987848-7nmqp 1/1 Running 0 7s +cert-manager-578fc6ff6-qjvrr 1/1 Running 0 10s +cert-manager-cainjector-5975fd64c5-82c8x 1/1 Running 0 10s ==> v1/ServiceAccount NAME SECRETS AGE -cert-manager 1 7s -cert-manager-cainjector 1 7s +cert-manager 1 10s +cert-manager-cainjector 1 10s ==> v1beta1/ClusterRole NAME AGE -cert-manager 7s -cert-manager-cainjector 7s +cert-manager 10s +cert-manager-cainjector 10s ==> v1beta1/ClusterRoleBinding NAME AGE -cert-manager 7s -cert-manager-cainjector 7s +cert-manager 10s +cert-manager-cainjector 10s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE -cert-manager 1/1 1 1 7s -cert-manager-cainjector 1/1 1 1 7s +cert-manager 1/1 1 1 10s +cert-manager-cainjector 1/1 1 1 10s NOTES: @@ -277,44 +277,44 @@ Output: ```text NAME: kubed -LAST DEPLOYED: Tue Jun 25 09:57:48 2019 +LAST DEPLOYED: Fri Jul 19 11:48:10 2019 NAMESPACE: kube-system STATUS: DEPLOYED RESOURCES: ==> v1/ClusterRole NAME AGE -kubed-kubed 2s +kubed-kubed 4s ==> v1/ClusterRoleBinding NAME AGE -kubed-kubed 2s -kubed-kubed-apiserver-auth-delegator 2s +kubed-kubed 4s +kubed-kubed-apiserver-auth-delegator 4s ==> v1/Pod(related) -NAME READY STATUS RESTARTS AGE -kubed-kubed-76b4dcd9f-6g79p 0/1 ContainerCreating 0 2s +NAME READY STATUS RESTARTS AGE +kubed-kubed-75789b6cc6-6zrst 0/1 ContainerCreating 0 4s ==> v1/RoleBinding NAME AGE -kubed-kubed-apiserver-extension-server-authentication-reader 2s +kubed-kubed-apiserver-extension-server-authentication-reader 4s ==> v1/Secret NAME TYPE DATA AGE -kubed-kubed Opaque 1 2s -kubed-kubed-apiserver-cert Opaque 2 2s +kubed-kubed Opaque 1 4s +kubed-kubed-apiserver-cert Opaque 2 4s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -kubed-kubed ClusterIP 10.100.111.202 443/TCP 2s +kubed-kubed ClusterIP 10.100.193.123 443/TCP 4s ==> v1/ServiceAccount NAME SECRETS AGE -kubed-kubed 1 2s +kubed-kubed 1 4s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE -kubed-kubed 0/1 1 0 2s +kubed-kubed 0/1 1 0 4s NOTES: @@ -355,49 +355,49 @@ Output: ```text NAME: nginx-ingress -LAST DEPLOYED: Tue Jun 25 09:59:52 2019 +LAST DEPLOYED: Fri Jul 19 11:48:17 2019 NAMESPACE: nginx-ingress-system STATUS: DEPLOYED RESOURCES: ==> v1/ConfigMap NAME DATA AGE -nginx-ingress-controller 1 3s +nginx-ingress-controller 1 8s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE -nginx-ingress-controller-947555496-b8cdk 0/1 ContainerCreating 0 3s -nginx-ingress-default-backend-6694789b87-c2scz 1/1 Running 0 3s +nginx-ingress-controller-7b59c7c7bc-nhmq8 0/1 ContainerCreating 0 8s +nginx-ingress-default-backend-6d489448cb-d9brb 1/1 Running 0 8s ==> v1/Service -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -nginx-ingress-controller LoadBalancer 10.100.179.80 a36a632ee971f... 80:31754/TCP,443:32114/TCP 3s -nginx-ingress-default-backend ClusterIP 10.100.249.215 80/TCP 3s +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +nginx-ingress-controller LoadBalancer 10.100.37.102 a55fd2fadaa0a... 80:30958/TCP,443:31932/TCP 8s +nginx-ingress-default-backend ClusterIP 10.100.15.87 80/TCP 8s ==> v1/ServiceAccount NAME SECRETS AGE -nginx-ingress 1 3s +nginx-ingress 1 8s ==> v1beta1/ClusterRole NAME AGE -nginx-ingress 3s +nginx-ingress 8s ==> v1beta1/ClusterRoleBinding NAME AGE -nginx-ingress 3s +nginx-ingress 8s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE -nginx-ingress-controller 0/1 1 0 3s -nginx-ingress-default-backend 1/1 1 1 3s +nginx-ingress-controller 0/1 1 0 8s +nginx-ingress-default-backend 1/1 1 1 8s ==> v1beta1/Role NAME AGE -nginx-ingress 3s +nginx-ingress 8s ==> v1beta1/RoleBinding NAME AGE -nginx-ingress 3s +nginx-ingress 8s NOTES: @@ -454,9 +454,9 @@ kubectl get service -n nginx-ingress-system Output: ```text{2} -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -nginx-ingress-controller LoadBalancer 10.100.179.80 a36a632ee971f11e9867202d8c8e9254-1021705614.eu-central-1.elb.amazonaws.com 80:31754/TCP,443:32114/TCP 13s -nginx-ingress-default-backend ClusterIP 10.100.249.215 80/TCP 13s +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +nginx-ingress-controller LoadBalancer 10.100.37.102 a55fd2fadaa0a11e9bcf2026dca96845-1478956562.eu-central-1.elb.amazonaws.com 80:30958/TCP,443:31932/TCP 8s +nginx-ingress-default-backend ClusterIP 10.100.15.87 80/TCP 8s ``` Create DNS record `mylabs.dev` for the loadbalancer created by nginx-ingress: @@ -473,12 +473,12 @@ Output: ```json { - "ChangeInfo": { - "Id": "/change/C3MC53EPX1MZN0", - "Status": "PENDING", - "SubmittedAt": "2019-06-25T08:00:31.499Z", - "Comment": "A new record set for the zone." - } + "ChangeInfo": { + "Id": "/change/C2YV79SSX0CS95", + "Status": "PENDING", + "SubmittedAt": "2019-07-19T09:48:29.092Z", + "Comment": "A new record set for the zone." + } } ``` @@ -509,11 +509,11 @@ Annotations: kubectl.kubernetes.io/last-applied-configuration: API Version: certmanager.k8s.io/v1alpha1 Kind: Certificate Metadata: - Creation Timestamp: 2019-06-25T07:56:45Z - Generation: 1 - Resource Version: 17630 + Creation Timestamp: 2019-07-19T09:48:10Z + Generation: 4 + Resource Version: 2919 Self Link: /apis/certmanager.k8s.io/v1alpha1/namespaces/cert-manager/certificates/ingress-cert-production - UID: c6b7f758-971e-11e9-8672-02d8c8e92542 + UID: 5131721b-aa0a-11e9-bcf2-026dca968456 Spec: Acme: Config: @@ -530,20 +530,21 @@ Spec: Secret Name: ingress-cert-production Status: Conditions: - Last Transition Time: 2019-06-25T07:58:28Z + Last Transition Time: 2019-07-19T09:49:54Z Message: Certificate is up to date and has not expired Reason: Ready Status: True Type: Ready - Not After: 2019-09-23T06:58:27Z + Not After: 2019-10-17T08:49:53Z Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal Generated 4m cert-manager Generated new private key - Normal GenerateSelfSigned 4m cert-manager Generated temporary self signed certificate - Normal OrderCreated 4m cert-manager Created Order resource "ingress-cert-production-20059064" - Normal OrderComplete 2m17s cert-manager Order "ingress-cert-production-20059064" completed successfully - Normal CertIssued 2m17s cert-manager Certificate issued successfully + Type Reason Age From Message + ---- ------ ---- ---- ------- + Warning IssuerNotReady 105s (x2 over 105s) cert-manager Issuer letsencrypt-production-dns not ready + Normal Generated 105s cert-manager Generated new private key + Normal GenerateSelfSigned 105s cert-manager Generated temporary self signed certificate + Normal OrderCreated 105s cert-manager Created Order resource "ingress-cert-production-20059064" + Normal OrderComplete 1s cert-manager Order "ingress-cert-production-20059064" completed successfully + Normal CertIssued 1s cert-manager Certificate issued successfully ``` The Kubernetes "secret" in `cert-manager` namespace should contain the @@ -570,9 +571,9 @@ Type: kubernetes.io/tls Data ==== +ca.crt: 0 bytes tls.crt: 3550 bytes tls.key: 1675 bytes -ca.crt: 0 bytes ``` Check the SSL certificate: @@ -596,12 +597,12 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 03:6a:44:af:11:ed:3f:58:f1:1d:68:fc:9a:dd:13:d4:06:a0 + 03:cf:14:18:90:0e:c8:7f:c2:39:eb:e5:dc:42:d7:c6:7a:a6 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Validity - Not Before: Jun 25 06:58:27 2019 GMT - Not After : Sep 23 06:58:27 2019 GMT + Not Before: Jul 19 08:49:53 2019 GMT + Not After : Oct 17 08:49:53 2019 GMT Subject: CN = *.mylabs.dev Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -617,7 +618,7 @@ Certificate: X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: - 0A:72:0D:F1:B4:51:CB:1C:76:04:84:87:D5:76:71:E0:6D:26:D0:00 + 44:C9:D2:B1:71:D6:94:92:67:DB:8C:C9:7E:0C:68:10:C3:10:41:D9 X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 diff --git a/docs/part-04/README.md b/docs/part-04/README.md index e9cc0dd6..f8850424 100644 --- a/docs/part-04/README.md +++ b/docs/part-04/README.md @@ -40,7 +40,7 @@ Output: "certmanager.k8s.io/ip-sans": "", "certmanager.k8s.io/issuer-kind": "ClusterIssuer", "certmanager.k8s.io/issuer-name": "letsencrypt-production-dns", - "kubed.appscode.com/origin": "{\"namespace\":\"cert-manager\",\"name\":\"ingress-cert-production\",\"uid\":\"c6e141f7-971e-11e9-8672-02d8c8e92542\",\"resourceVersion\":\"17751\"}" + "kubed.appscode.com/origin": "{\"namespace\":\"cert-manager\",\"name\":\"ingress-cert-production\",\"uid\":\"51b889ad-aa0a-11e9-8d10-06a66d4e34ba\",\"resourceVersion\":\"2916\"}" } { "certmanager.k8s.io/certificate-name": "ingress-cert-production", @@ -79,75 +79,73 @@ Output: ```text NAME: harbor -LAST DEPLOYED: Tue Jun 25 11:24:31 2019 +LAST DEPLOYED: Fri Jul 19 11:49:59 2019 NAMESPACE: harbor-system STATUS: DEPLOYED RESOURCES: ==> v1/ConfigMap NAME DATA AGE -harbor-harbor-chartmuseum 23 1s -harbor-harbor-clair 1 1s -harbor-harbor-core 34 1s -harbor-harbor-jobservice 1 1s -harbor-harbor-notary-server 5 1s -harbor-harbor-registry 2 1s +harbor-harbor-chartmuseum 23 65s +harbor-harbor-clair 1 65s +harbor-harbor-core 34 65s +harbor-harbor-jobservice 1 65s +harbor-harbor-notary-server 5 65s +harbor-harbor-registry 2 65s ==> v1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE -harbor-harbor-chartmuseum 0/1 1 0 1s -harbor-harbor-clair 0/1 1 0 1s -harbor-harbor-core 0/1 1 0 1s -harbor-harbor-jobservice 0/1 1 0 1s -harbor-harbor-notary-server 0/1 1 0 1s -harbor-harbor-notary-signer 0/1 0 0 1s -harbor-harbor-portal 0/1 0 0 1s -harbor-harbor-registry 0/1 0 0 1s - -==> v1/PersistentVolumeClaim -NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE -harbor-harbor-chartmuseum Bound pvc-0afcf35c-972b-11e9-8199-063f437da27c 1Gi RWO gp2 1s -harbor-harbor-jobservice Bound pvc-0afdc358-972b-11e9-8199-063f437da27c 1Gi RWO gp2 1s -harbor-harbor-registry Bound pvc-0aff05c7-972b-11e9-8199-063f437da27c 1Gi RWO gp2 1s +harbor-harbor-chartmuseum 1/1 1 1 65s +harbor-harbor-clair 1/1 1 1 65s +harbor-harbor-core 1/1 1 1 65s +harbor-harbor-jobservice 1/1 1 1 65s +harbor-harbor-notary-server 1/1 1 1 65s +harbor-harbor-notary-signer 1/1 1 1 65s +harbor-harbor-portal 1/1 1 1 65s +harbor-harbor-registry 1/1 1 1 65s ==> v1/Pod(related) -NAME READY STATUS RESTARTS AGE -harbor-harbor-chartmuseum-d495cf79c-pn2xx 0/1 Pending 0 1s -harbor-harbor-clair-6f46474c5d-2bpl8 0/1 ContainerCreating 0 1s -harbor-harbor-core-5d54dbc867-hb9b9 0/1 ContainerCreating 0 1s -harbor-harbor-jobservice-9944fd86-gc2sc 0/1 Pending 0 1s -harbor-harbor-notary-server-c8f6557cc-rdvfs 0/1 ContainerCreating 0 1s -harbor-harbor-notary-signer-d8f96fd5-4twbh 0/1 ContainerCreating 0 1s -harbor-harbor-portal-76c496bd6c-mpdhp 0/1 ContainerCreating 0 1s -harbor-harbor-redis-0 0/1 Pending 0 1s -harbor-harbor-registry-54cc857d87-j7rqn 0/2 ContainerCreating 0 1s +NAME READY STATUS RESTARTS AGE +harbor-harbor-chartmuseum-8647f45994-8nvd7 1/1 Running 0 65s +harbor-harbor-clair-55c56ccf4-kjc67 1/1 Running 2 65s +harbor-harbor-core-8554f8c5cd-n5dks 1/1 Running 0 65s +harbor-harbor-database-0 1/1 Running 0 64s +harbor-harbor-jobservice-5989b8c6c4-nwxns 1/1 Running 0 65s +harbor-harbor-notary-server-694d84d7-vwgdm 1/1 Running 0 65s +harbor-harbor-notary-signer-749cbf5948-b7b6g 1/1 Running 0 65s +harbor-harbor-portal-64899d584-gtr4x 1/1 Running 0 64s +harbor-harbor-redis-0 1/1 Running 0 64s +harbor-harbor-registry-69bb76d7-8pcf9 2/2 Running 0 64s ==> v1/Secret NAME TYPE DATA AGE -harbor-harbor-chartmuseum Opaque 1 1s -harbor-harbor-core Opaque 7 1s -harbor-harbor-jobservice Opaque 1 1s -harbor-harbor-registry Opaque 2 1s +harbor-harbor-chartmuseum Opaque 1 65s +harbor-harbor-core Opaque 7 65s +harbor-harbor-database Opaque 1 65s +harbor-harbor-jobservice Opaque 1 65s +harbor-harbor-registry Opaque 2 65s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -harbor-harbor-chartmuseum ClusterIP 10.100.105.225 80/TCP 1s -harbor-harbor-clair ClusterIP 10.100.176.139 6060/TCP,6061/TCP 1s -harbor-harbor-core ClusterIP 10.100.162.127 80/TCP 1s -harbor-harbor-jobservice ClusterIP 10.100.119.204 80/TCP 1s -harbor-harbor-notary-server ClusterIP 10.100.233.82 4443/TCP 1s -harbor-harbor-notary-signer ClusterIP 10.100.3.202 7899/TCP 1s -harbor-harbor-portal ClusterIP 10.100.232.228 80/TCP 1s -harbor-harbor-redis ClusterIP 10.100.48.79 6379/TCP 1s -harbor-harbor-registry ClusterIP 10.100.153.160 5000/TCP,8080/TCP 1s +harbor-harbor-chartmuseum ClusterIP 10.100.188.79 80/TCP 65s +harbor-harbor-clair ClusterIP 10.100.157.91 6060/TCP,6061/TCP 65s +harbor-harbor-core ClusterIP 10.100.95.26 80/TCP 65s +harbor-harbor-database ClusterIP 10.100.126.163 5432/TCP 65s +harbor-harbor-jobservice ClusterIP 10.100.210.198 80/TCP 65s +harbor-harbor-notary-server ClusterIP 10.100.249.4 4443/TCP 65s +harbor-harbor-notary-signer ClusterIP 10.100.192.142 7899/TCP 65s +harbor-harbor-portal ClusterIP 10.100.154.171 80/TCP 65s +harbor-harbor-redis ClusterIP 10.100.156.84 6379/TCP 65s +harbor-harbor-registry ClusterIP 10.100.27.218 5000/TCP,8080/TCP 65s ==> v1/StatefulSet -NAME READY AGE -harbor-harbor-redis 0/1 1s +NAME READY AGE +harbor-harbor-database 1/1 65s +harbor-harbor-redis 1/1 64s ==> v1beta1/Ingress -NAME HOSTS ADDRESS PORTS AGE -harbor-harbor-ingress harbor.mylabs.dev,notary.mylabs.dev 80, 443 1s +NAME HOSTS ADDRESS PORTS AGE +harbor-harbor-ingress harbor.mylabs.dev,notary.mylabs.dev 54.93.96.15 80, 443 64s NOTES: @@ -172,7 +170,7 @@ Output: ```text{6-7,11,18} Name: harbor-harbor-ingress Namespace: harbor-system -Address: 18.196.144.15 +Address: 54.93.96.15 Default backend: default-http-backend:80 () TLS: ingress-cert-production terminates harbor.mylabs.dev @@ -181,24 +179,24 @@ Rules: Host Path Backends ---- ---- -------- harbor.mylabs.dev - / harbor-harbor-portal:80 (192.168.58.78:80) - /api/ harbor-harbor-core:80 (192.168.19.87:8080) - /service/ harbor-harbor-core:80 (192.168.19.87:8080) - /v2/ harbor-harbor-core:80 (192.168.19.87:8080) - /chartrepo/ harbor-harbor-core:80 (192.168.19.87:8080) - /c/ harbor-harbor-core:80 (192.168.19.87:8080) + / harbor-harbor-portal:80 (192.168.52.252:80) + /api/ harbor-harbor-core:80 (192.168.34.28:8080) + /service/ harbor-harbor-core:80 (192.168.34.28:8080) + /v2/ harbor-harbor-core:80 (192.168.34.28:8080) + /chartrepo/ harbor-harbor-core:80 (192.168.34.28:8080) + /c/ harbor-harbor-core:80 (192.168.34.28:8080) notary.mylabs.dev - / harbor-harbor-notary-server:4443 (192.168.22.110:4443) + / harbor-harbor-notary-server:4443 (192.168.47.135:4443) Annotations: - ingress.kubernetes.io/proxy-body-size: 0 ingress.kubernetes.io/ssl-redirect: true nginx.ingress.kubernetes.io/proxy-body-size: 0 nginx.ingress.kubernetes.io/ssl-redirect: true + ingress.kubernetes.io/proxy-body-size: 0 Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal CREATE 6m56s nginx-ingress-controller Ingress harbor-system/harbor-harbor-ingress - Normal UPDATE 6m56s nginx-ingress-controller Ingress harbor-system/harbor-harbor-ingress + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal CREATE 29m nginx-ingress-controller Ingress harbor-system/harbor-harbor-ingress + Normal UPDATE 29m nginx-ingress-controller Ingress harbor-system/harbor-harbor-ingress ``` Open the [https://harbor.mylabs.dev](https://harbor.mylabs.dev): diff --git a/docs/part-06/README.md b/docs/part-06/README.md index 1b2fa951..2adf68a7 100644 --- a/docs/part-06/README.md +++ b/docs/part-06/README.md @@ -9,7 +9,7 @@ YouTube video: [https://youtu.be/XSszSd-TTCQ](https://youtu.be/XSszSd-TTCQ) You can also use the API directly: -```bash +```bash{3} curl -u "admin:admin" -X POST -H "Content-Type: application/json" "https://harbor.${MY_DOMAIN}/api/projects" -d \ "{ \"project_name\": \"my_project\", @@ -23,133 +23,90 @@ Create namespace which will be used later: kubectl create namespace mytest ``` -## Upload Helm Chart using Web GUI +## Upload Helm Chart using CLI -Download the compressed Helm Chart of Rook: +Clone `harbor-helm` repository containing Helm chart of Harbor: ```bash -wget https://charts.rook.io/release/rook-ceph-v1.0.0.tgz -O rook-ceph-v1.0.0.tgz -``` - -Output: - -```text ---2019-06-25 10:12:31-- https://charts.rook.io/release/rook-ceph-v1.0.0.tgz -Resolving charts.rook.io (charts.rook.io)... 13.32.100.58, 13.32.100.161, 13.32.100.8, ... -Connecting to charts.rook.io (charts.rook.io)|13.32.100.58|:443... connected. -HTTP request sent, awaiting response... 200 OK -Length: 6246 (6.1K) [application/x-tar] -Saving to: ‘rook-ceph-v1.0.0.tgz’ - -rook-ceph-v1.0.0.tgz 100%[============================>] 6.10K --.-KB/s in 0s - -2019-06-25 10:12:31 (99.3 MB/s) - ‘rook-ceph-v1.0.0.tgz’ saved [6246/6246] -``` - -Upload manually the `rook-ceph-v1.0.0.tgz` to Harbor by clicking on - -Projects -> `library` -> Helm Chart -> UPLOAD -> `rook-ceph-v1.0.0.tgz` - -Here is the API call: - -```bash{3} -curl -s -X POST -u "admin:admin" "https://harbor.${MY_DOMAIN}/api/chartrepo/my_project/charts" \ - -H "Content-Type: multipart/form-data" \ - -F "chart=@rook-ceph-v1.0.0.tgz;type=application/x-yaml" \ -| jq "." -``` - -Output: - -```json -{ - "saved": true -} +git clone https://github.com/goharbor/harbor-helm.git +git -C harbor-helm checkout v1.1.1 ``` -## Upload Helm Chart using CLI - -Add helm repository as unprivileged user: +See the Helm chart content: ```bash -helm repo add --username aduser05 --password admin my_project_helm_repo https://harbor.mylabs.dev/chartrepo/my_project +ls ./harbor-helm/ ``` Output: ```text -"my_project_helm_repo" has been added to your repositories +cert Chart.yaml CONTRIBUTING.md docs LICENSE README.md templates values.yaml ``` -Check the list of Helm repositories: +Add the public "library" Helm Chart repository: ```bash -helm repo list +helm repo add library https://harbor.mylabs.dev/chartrepo/library ``` Output: -```text{7} -NAME URL -stable https://kubernetes-charts.storage.googleapis.com -local http://127.0.0.1:8879/charts -harbor https://helm.goharbor.io -jetstack https://charts.jetstack.io -appscode https://charts.appscode.com/stable/ -my_project_helm_repo https://harbor.mylabs.dev/chartrepo/my_project +```text +"library" has been added to your repositories ``` -Check the content of the `my_project_helm_repo` repository: +Push the `harbor-helm` to the `library` project in Harbor": ```bash -helm search -l my_project_helm_repo +helm push --username aduser05 --password admin ./harbor-helm/ library ``` Output: ```text -NAME CHART VERSION APP VERSION DESCRIPTION -my_project_helm_repo/rook-ceph v1.0.0 File, Block, and Object Storage Services for your Cloud-N... -``` - -Clone `harbor-helm` repository containing Helm chart of Harbor: - -```bash -git clone https://github.com/goharbor/harbor-helm.git -git -C harbor-helm checkout v1.1.1 +Pushing harbor-1.1.1.tgz to library... +Done. ``` -See the Helm chart content: +Check the Helm Repository list: ```bash -ls -l ./harbor-helm/ +helm repo list ``` Output: ```text -total 120 -drwxrwxr-x 2 pruzicka pruzicka 36 Jun 25 10:14 cert --rw-rw-r-- 1 pruzicka pruzicka 502 Jun 25 10:14 Chart.yaml --rw-rw-r-- 1 pruzicka pruzicka 577 Jun 25 10:14 CONTRIBUTING.md -drwxrwxr-x 3 pruzicka pruzicka 63 Jun 25 10:14 docs --rw-rw-r-- 1 pruzicka pruzicka 11357 Jun 25 10:14 LICENSE --rw-rw-r-- 1 pruzicka pruzicka 83718 Jun 25 10:14 README.md -drwxrwxr-x 13 pruzicka pruzicka 206 Jun 25 10:14 templates --rw-rw-r-- 1 pruzicka pruzicka 14092 Jun 25 10:14 values.yaml +NAME URL +stable https://kubernetes-charts.storage.googleapis.com +local http://127.0.0.1:8879/charts +jetstack https://charts.jetstack.io +appscode https://charts.appscode.com/stable/ +harbor https://helm.goharbor.io +library https://harbor.mylabs.dev/chartrepo/library ``` -Push the `harbor-helm` to the `my_project_helm_repo` project in Harbor": +Check the content of the `library` repository: ```bash -helm push --username aduser05 --password admin ./harbor-helm/ my_project_helm_repo +helm repo update +helm search -l library/ ``` Output: -```text -Pushing harbor-1.1.1.tgz to my_project_helm_repo... -Done. +```text{10} +Hang tight while we grab the latest from your chart repositories... +...Skip local chart repository +...Successfully got an update from the "harbor" chart repository +...Successfully got an update from the "appscode" chart repository +...Successfully got an update from the "library" chart repository +...Successfully got an update from the "jetstack" chart repository +...Successfully got an update from the "stable" chart repository +Update Complete. +NAME CHART VERSION APP VERSION DESCRIPTION +library/harbor 1.1.1 1.8.1 An open source trusted cloud native registry that stores,... ``` Harbor Project Helm Charts: @@ -188,24 +145,24 @@ gpg2 --verbose --batch --gen-key ${GNUPGHOME}/my_gpg_key Output: ```text{17} -gpg: keybox '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/pubring.kbx' created +gpg: keybox '/home/pruzicka/git/k8s-harbor/tmp/.gnupg/pubring.kbx' created gpg: Generating a basic OpenPGP key gpg: no running gpg-agent - starting '/usr/bin/gpg-agent' gpg: waiting for the agent to come up ... (5s) gpg: connection to agent established gpg: writing self signature -gpg: RSA/SHA256 signature from: "6CE5FBFC0ACEF9D1 [?]" +gpg: RSA/SHA256 signature from: "6733D8DA847797FE [?]" gpg: writing key binding signature -gpg: RSA/SHA256 signature from: "6CE5FBFC0ACEF9D1 [?]" -gpg: RSA/SHA256 signature from: "F4BBFED75D895C46 [?]" -gpg: writing public key to '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/pubring.kbx' -gpg: /home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/trustdb.gpg: trustdb created +gpg: RSA/SHA256 signature from: "6733D8DA847797FE [?]" +gpg: RSA/SHA256 signature from: "C8B680F790B62239 [?]" +gpg: writing public key to '/home/pruzicka/git/k8s-harbor/tmp/.gnupg/pubring.kbx' +gpg: /home/pruzicka/git/k8s-harbor/tmp/.gnupg/trustdb.gpg: trustdb created gpg: using pgp trust model -gpg: key 6CE5FBFC0ACEF9D1 marked as ultimately trusted -gpg: directory '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/openpgp-revocs.d' created -gpg: writing to '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/openpgp-revocs.d/CC11B974DC5DBB4AFD63D8F96CE5FBFC0ACEF9D1.rev' -gpg: RSA/SHA256 signature from: "6CE5FBFC0ACEF9D1 Helm User (User) " -gpg: revocation certificate stored as '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/openpgp-revocs.d/CC11B974DC5DBB4AFD63D8F96CE5FBFC0ACEF9D1.rev' +gpg: key 6733D8DA847797FE marked as ultimately trusted +gpg: directory '/home/pruzicka/git/k8s-harbor/tmp/.gnupg/openpgp-revocs.d' created +gpg: writing to '/home/pruzicka/git/k8s-harbor/tmp/.gnupg/openpgp-revocs.d/4DA54853FC984FF42EDD2C9B6733D8DA847797FE.rev' +gpg: RSA/SHA256 signature from: "6733D8DA847797FE Helm User (User) " +gpg: revocation certificate stored as '/home/pruzicka/git/k8s-harbor/tmp/.gnupg/openpgp-revocs.d/4DA54853FC984FF42EDD2C9B6733D8DA847797FE.rev' ``` List the GPG secret key: @@ -220,12 +177,12 @@ Output: gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u -/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/pubring.kbx ------------------------------------------------------------- -sec rsa2048 2019-06-25 [SCEA] - CC11B974DC5DBB4AFD63D8F96CE5FBFC0ACEF9D1 +/home/pruzicka/git/k8s-harbor/tmp/.gnupg/pubring.kbx +---------------------------------------------------- +sec rsa2048 2019-07-19 [SCEA] + 4DA54853FC984FF42EDD2C9B6733D8DA847797FE uid [ultimate] Helm User (User) -ssb rsa2048 2019-06-25 [SEA] +ssb rsa2048 2019-07-19 [SEA] ``` Export private GPG key into `.gnupg/secring.gpg`, because Helm doesn't @@ -239,7 +196,7 @@ Output: ```text gpg: starting migration from earlier GnuPG versions -gpg: porting secret keys from '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/secring.gpg' to gpg-agent +gpg: porting secret keys from '/home/pruzicka/git/k8s-harbor/tmp/.gnupg/secring.gpg' to gpg-agent gpg: migration succeeded ``` @@ -250,6 +207,16 @@ git clone --quiet https://github.com/jfelten/gitea-helm-chart gitea git -C ./gitea/ checkout --quiet 8c9adad ``` +```bash +ls ./gitea/ +``` + +Output: + +```text +Chart.yaml LICENSE postgres-values.yaml README.md templates values.yaml +``` + Create signed Helm package: ```bash @@ -259,7 +226,7 @@ helm package --sign --key "my_helm_user@${MY_DOMAIN}" --keyring ${GNUPGHOME}/sec Output: ```text -Successfully packaged chart and saved it to: /home/pruzicka/data/github/k8s-harbor/tmp/gitea-1.6.1.tgz +Successfully packaged chart and saved it to: /home/pruzicka/git/k8s-harbor/tmp/gitea-1.6.1.tgz ``` There should be 2 files in current directory - the archive with the Helm Chart @@ -272,8 +239,8 @@ ls -la gitea*tgz* Output: ```text --rw-rw-r-- 1 pruzicka pruzicka 20390 Jun 25 10:16 gitea-1.6.1.tgz --rwxr-xr-x 1 pruzicka pruzicka 966 Jun 25 10:16 gitea-1.6.1.tgz.prov +-rw-rw-r-- 1 pruzicka pruzicka 20391 Jul 19 12:27 gitea-1.6.1.tgz +-rwxr-xr-x 1 pruzicka pruzicka 966 Jul 19 12:27 gitea-1.6.1.tgz.prov ``` See the provenance file: @@ -309,7 +276,7 @@ version: 1.6.1 ... files: - gitea-1.6.1.tgz: sha256:9d897da1e11dd56a24a2fb18d235846f0c78a8359d8e21f666bcbcadebea434f + gitea-1.6.1.tgz: sha256:f2e1989577cea950226abe714103709dca8574d82b7a0035b32e97f8d956bcae -----BEGIN PGP SIGNATURE----- ... -----END PGP SIGNATURE----- @@ -322,6 +289,9 @@ Upload manually Gitea Helm Chart to Harbor by clicking on: Projects -> library -> Helm Chart -> UPLOAD -> `gitea-1.6.1.tgz` + `gitea-1.6.1.tgz.prov` +![Harbor Upload Chart Files](./harbor_upload_chart_files.png +"Harbor Upload Chart Files") + You can also do the same using the Harbor API: ```bash @@ -345,33 +315,10 @@ Output: ![ChartMuseum logo](https://raw.githubusercontent.com/helm/chartmuseum/0cfa25360682f66069d595fb0ede0fcc69bad41f/logo.png "ChartMuseum logo") -Add the public "library" Helm Chart repository: - -```bash -helm repo add library https://harbor.mylabs.dev/chartrepo/library -``` - -Output: - -```text -"library" has been added to your repositories -``` - -Check the Helm Repository list: - -```bash -helm repo list | grep library -``` - -Output: - -```text -library https://harbor.mylabs.dev/chartrepo/library -``` - Install Gitea using Helm Chart stored in Harbor: ```bash +helm repo update helm install --wait --name gitea --namespace gitea-system library/gitea \ --set ingress.enabled=true \ --set ingress.tls[0].secretName=ingress-cert-${LETSENCRYPT_ENVIRONMENT} \ @@ -382,10 +329,17 @@ helm install --wait --name gitea --namespace gitea-system library/gitea \ Output: -```text{31} +```text{38} +Hang tight while we grab the latest from your chart repositories... +...Skip local chart repository +...Successfully got an update from the "appscode" chart repository +...Successfully got an update from the "library" chart repository +...Successfully got an update from the "harbor" chart repository +...Successfully got an update from the "jetstack" chart repository +...Successfully got an update from the "stable" chart repository +Update Complete. NAME: gitea -E0625 10:17:15.488085 6412 portforward.go:372] error copying from remote stream to local connection: readfrom tcp4 127.0.0.1:38255->127.0.0.1:39576: write tcp4 127.0.0.1:38255->127.0.0.1:39576: write: broken pipe -LAST DEPLOYED: Tue Jun 25 10:17:13 2019 +LAST DEPLOYED: Fri Jul 19 12:34:25 2019 NAMESPACE: gitea-system STATUS: DEPLOYED @@ -395,17 +349,17 @@ NAME DATA AGE gitea-gitea 1 2s ==> v1/Pod(related) -NAME READY STATUS RESTARTS AGE -gitea-gitea-f9fd8cb4b-8p58m 0/3 Init:0/1 0 2s +NAME READY STATUS RESTARTS AGE +gitea-gitea-5fff4b9c-4k4xq 0/3 Init:0/1 0 2s ==> v1/Secret NAME TYPE DATA AGE gitea-db Opaque 1 2s ==> v1/Service -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -gitea-gitea-http ClusterIP 10.100.19.173 3000/TCP 2s -gitea-gitea-ssh ClusterIP 10.100.134.45 22/TCP 2s +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +gitea-gitea-http ClusterIP 10.100.121.156 3000/TCP 2s +gitea-gitea-ssh ClusterIP 10.100.181.96 22/TCP 2s ==> v1beta1/Deployment NAME READY UP-TO-DATE AVAILABLE AGE diff --git a/docs/part-06/harbor_upload_chart_files.png b/docs/part-06/harbor_upload_chart_files.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5c3f91244b84ebe3e1ab7a869c329b48281b4b GIT binary patch literal 41081 zcmb5WcT`hd*FB1l1rQJf5fBlhAiX2KXp|Ny5_%VD(xrD$K~$OuAqa$^K)_I?8@kej z2oXZ>(n3di6SzA*@B7_xzcKFk-TQ~*NZ8qDpS@R^bFOuG^H5uj?);VW6ciM68tV7q z6cndpC@B6Br1}SZBGvS{7+k2Is+)LGP+Vvx|2vf=aDknI;yQ)K{k!`9sO7N$gsokO z^05Q%u&!cDibmq})H{{4EVdW3Lbay;QGKV<^!(i?w)^_DFK%3W`z8Df&!_pX>OWt5 z+>QCtGI{xI)~UGb5Z>SSDy<_e^PKArHx(L`(J2pf$1I3rdWsejo1y8aa}Rgws?d20 zvlfJnfcakpSu|J_1qCfr`jned^Ui(e}3o)RZ-*`OpauMuzt?g-k%0uF8skh(_;}mbT-Tcspy-~?^yd>w$>vNO|N&AO+&uM z>tpK)M&1QQ*fVjCE*Y+Lwg2uE>KrGW9`$K>Zn`Sn@ufuJ1(S{&pA0X(J>#}}CBKwJ zh0VFL^1OnPe1pirXZIFUov`vBl}w#0vuri|9>rXf5qr#5=R=|Tk94O>R=7tP822n> z;(GKxWs$`;$59D<=GVdjoQWS|d-Np04cgal7`}RjmOR~I-t(9Gu!UhK?A}&Mpfg+k z#=u)-$jG7+WA47oKpxg7Yj(_$i#&3f`CPx4ETcb4_sHXB42$V4<}W+YvHT@9JokXG zQYRrWDsUg#L#mp^(E?!}CvPf6f z$geUs&<;VCbeT@ilHrwqC{_s9i<9Zr$o4(?A&(je%&(bq+;?M{Ww-5u&Og z109%hR-On^m;hSO`J;qS*nK_@YID5gl;lz~mLWmHo-Md`S-L5kNhIKcB-or=cu9VA z6KkPgrlxx4B@BY0=M6Kacd}qvHqK7!n}1lBS@bV?!*-uO!+eqY~7dJBNJV zzu`Et&iN{Uu5rtj)TREXZFL;iF4#hLY@8bK$?K&Ig ze%E66+<3G(@RKnZ9IHT(bwb5-v!wr!SAt+NBS+rmG%6NZyI{`)D>MIY{+$b-sK7~G z%iFm_;A1*%EMxc7a`|H4{10N1fj2_w_!HSmzp++mHI)@AD;tg&Ixqe*B~IRazMEZ< zMOn;|{%LQsXsgP%%kTLSti{h0;#BysW8CkOiEvJu>p-bsFEHvsJzk8#1WjW3cpL)G zOu+hO-q7a5*pKM8cxCHv`(C;=q(0e`K3yc>w9-{y_AY^BJO|A+I6Y9o@@Mhd+1Rb2DW*T1j6f8v_P z7pH&PkLxK$pY3Ae_GJio{>ee+36oF9`t%c(i?U8Rt7ma_GY|u-re1JY-M5pXy@ffkLs9rJqFfKZ_RmsWq?K?RE#FCB~pvghK!%4!m2c~ zz`NuJVbt9d0hNw2$f5cBF>u9K1~9uc)fT^Pt!#adR2uF?Z}ee=hHs;>iPaYLE9_eCcG7W{hEOcEk{2e-vh)$(8S4WOGILpjm?hF_>fRsZI3`hDn(Z$gk$V zibr_1ZM=X^4qGQ&XevHO@$8rvgLc)HmPfn7VH`vT_(FwVb%TaqD!)oc5eK_D|Lu{u zR($Bq7?Q<(1Lv2g=@CKQS4FXiyCk*=dxX7{4rv*(aL9V6SKyz})U_!UTJxZSncGb~ zThDHp6v^wc-0XZASBAv>@MAuryh7V04grDurGCAQD{G;G%x$w;5pSWgnL&xd&)@H$ zK!8pf@|EnHAIvGqSx!4AGQNMds1CT(NL-S&%`;3!&!Z3J13ips-W77~ZpY{-z|2&_`R{%EEcj$$(#krdyl&pm)ZF)uhy*_?d*O(kE zvh!5+!kSu}M|k3A>;}YS@Go7w4bIY;kCb(awgiZ#RC(;XKzE;u3`0zxO7 z)jP!#Bpnb%h3AN!+7|Ar@$W=6=u=tQiuY9B6yc;JUOt32-x!CT=OfkAh{-y)VUJ4) zAW`W4dA9JTyE<37Q)N9UQOrIKwPt?7*n8zLj@bd%j{BMtn$^zgrFl=};sY<;T8x-X znN~PFm4?k>2p*Qrhe5XctQE(LYkQ4_j)*5AA{g+JnOsD7f7Yxx$3>}T6U$&VU6?CT zREDTiyXPn_BTbhxv0(>&Tqi^!7~UQrd`35$gF8lSKsp_=;ako{2E;g%9Y!A#x6IoDu^DIF~v-+rtX&5&A`Tac9Q$%Y-5% zW!UNdXub~QnTs(zT~!kvC(+85?&xcdFYwnEwv~s8^MUk4SG%C<&aB(@-j%h&*H+YU zn}ct~(CCR2o#pn}f_*O4(X?H|_?vTZ7EcC6tc#kZ`TRs*$qz0j_Ev$IQZ6RS7z0*J zN_?dqmm_-iaq0LXI#Eu_D(=V29}$xKamgu!1tGH-d)9#r8RkgFQpZfwV5ch}_XQz8 zQfY{PWz(}LjxP%64Z$>JO&1u{U9)b0kpS)K3c>ei~3g7Y^f$Xk2h#(hJ&x``3 z=C$4}Qa1{B1J0LN)<)UycO06D2&`mw2te2)9=3^VhO;OenF!xZxd=7KmuqFI`&T;J z;$D}Q**rFcx}o# z0%o}x3y*@ss68|#x;*(XUvbVU)(IMX)ZA#-S!nrmL;^?jrRX$Km{9nd=ee^KjZndG zJNc6c57k3kc??&UCgWYI_Ls&_7B-FB*N)5CS`UnnH}VD{pO|>ExHIC7PyWeptMn0F zX~sG}t^ECn&qffhk~*6%5T{g%Z0RK^hnOEgC$0~a5yYHVxkduDv@ujR-s z{A6|U<3X2&Y@(o*^OZP9@B53gNd3J2VO>Uj_1lbJTDW0+=^JLcQ$vQSG>WK^sDzS) zT$*@4V1w#vm%S&5p@h&)G;lAi{KOF1?fQzpL+{;WRDz` z)iS@xoSU*{9J#uGJpz7(o6pJlbfcU9ACc_gK9}l!;YEYB`z8Y~o=*vR@BXfehpo9e zKE0K+yeg+vI%?q$36qDZ{zH(8ZVfiRaTcP z`7uiahL5i%&L#!HaMZJK>Q3S&7e0DGNLvDPjUHQixUHYJ=asAc{_wo|w*UK!@KV|0 zhdkQU9}l==dt9C^MN%@rU&hNl6uxvLH+3ay!tDEp#JSBm6-5=F1O`GSfBm$4f316r zVWzawQ`f!vdGBt(YL$jwulg7TKQE$DQZ8VjFfM(H zL5>uLmNgwd?hJNI-^U1Mjd|*6Qys2s^U?XKKlHsPI?l-Gc2&HX7D0-xYf6#@&b-O| z>O3*blh+!tvrhx1;tPtiN$nKvdN~uLB<8$r{-v~GUETwVExg3$VwZL*qSwVi-QrUq z!lrAp%Rag8v30_t@NQ$pgCYx;)Vx^%3Du!Z(nMv<@x&HNVxlA}jB!NVCDFY&*Op|C za+$M0m}aF28XQ?1VPpeEvc2J}9y~&zB_waZ*diuHt>SpKWH`VL4``XoTBA z=dH8?`6O%#jEOE!bE=UtUaEBA3#V=nCr`JF;o@UTS4$j&k_GaZ-w*}0%bX_9W92;H zD_71~`2^Z0JEx3Uc)_r|omppdFs6|gZ()zUkkM@?GPcmc*6C9O$-Qgy5X(0&C;*zn zGF%Y*9y}Ih`aYXpyDJV^`?6Z)&{<7G9(K*9d}f#_>CS}pYW(Ud4bg>e_W_!C-bQu7 zc*u|T=3-3_7rx~_x2QiW2IqRkxx-Qbw)L<;f3YMmXiWW$L{80mE9@Gk+&J>=1Ljt& zD=R>lbsXCTpJ>eGpDwE!U0iUB>0V7qhVtSEyYIELrOEq5O5DQm*S8&P1=C<@l?WWZ zoDPzj8x~T}7@)ihtB<5)MoQ%F!n_^iW=F$j6rbI{d$sfW2oj}aNt!T&b@RG! zNyN4`BUwB6yT%GH2%AlyZbz-OEn)`&TahOis5lx@qXOj<;Ic@^H2aK=7g^jQuu?7p zAExC!DPEM$a{cO9o+?jAM6V7?!rs%~to6y{EL8H_7ZO1WP17d1HTYr8_?$yvCdij{ zr3Tw$z9?~3Ji077Zt_AVj}PfVD{J4`pdjtfS~l4;eWt%EO})n5x?6s7IJUS<9S?Z~ zY?v#UI&10wxy@_^Ggxbm6wFt0NL#`f(|HwKp!I5FVF&baBD}RypNT zJ=7?dG$uB3fdgM~t_aQrcm%gYuXv34YpkjnFD?h}6zQ?6$*71^V!DCHz+oaJ!Ul>V zVeXrsAYO87_p{wo74_6vIDhMWoa_h0mNxqeqXW(%Eh1i%N;}2w!ZJ&SJ}mhHB*HkS zd#x`0Mx`|uKMU+i3=2(VkHW4iUW!h!bnbm5-09=QWThilfcB+dsP1&VD_hH#g4_OS zto8o&u9T#Cdl<&oCT@X$@2WQQCjW4|2PsEz+aK?-qYOJUa-Nz);%1I{(0vFV$LMie5KkeX6@D!|RXR__vB5kDmt@GIy=; zNz&DaW-lA73eUL6J4IZCG>dg&gg*!bbRE3ofNXzlAFBHVT?@@Wxzsae{nYJg&RPbw zu0oXK?~(-Nkv9oEbNUu<-Z0)sS`@Cn&({~E$pqa}Z9njf5WbF~(uLXKp86sU*VD%p z&(0w~ERK0ZB_!Ao(&xGx-ZvESV@Mx!po8*8Q%j8cEe3(N?!3>&^WHTOT}4;p`o2w&3y^Lgl^M*i#h7j>z^l zSm^ugSW#b1iKhh%hHX_sP<0-SHhic6EKxAuKhD8SqO%K{pM(5bCZwXDFblglBH4kK zATAdeCJ|@Zs1=~?%S_VO=Rx$)P+44QK{r%QPgA-KAJxn|y*mi!VsTu1VdrI0p}&4r zqt~`>Y`(b?aKlv>dDF?z&CfzMnYCFjhF#?O<(@x!zffPN_~!#OPycmyLUNI%mOaI@ zqlkF^PL;{QYDO>AECP;2#7Duexe znh*Ri{Uc>mJ>1Lh7G3d*?vXY>Bzydg>S?254l^_AVUM1=NEz)-N*)IeJeB$3hub$D zg`HNOR^ul5mjkpAr;nZ&>Bz_1H`ViZZUoBn<92A}^iEM28mG?c#rn2*-Qs^9FU}(0 zk-Yd12~{H64ovd5QndN^19)J~qhg8o@%#}eN4070w+!E8*@gBiic+xL1J{HC(q&w| zr`iKSIP7jTGZGpr^Kp8&D-sm9isg>z9oa0NJU5@S6jR_U08~U87&ef{NwwrFARtA` zskWI+xhV|BVK@dADu?nD#uX4u$KgYV`rvycC zJJs(Pb+g&H%^a>o7pu$~&sC={VY1;BNA~>ZfL>;KAC}Y+{55vYI*zN8zg~XL?e``; z%6sbQ)26>DO>TK(1wE_K(%U3By;k3LN78nd9i-1i{)eaTdU|6;$Oz19z0s!bLBU+9 zmJQKAX=SwS@u5pT&PZrBNoeDqqU)WZaKN_g;kE?L3g>&_)vf4;3j@ubr)&`nxqtc^zND@O&93!D*3z-|! z6SYQ#je^CZN*YV@>zz|o5nE~E-+9wNA^Y`TJib}X#bo9jdrFFVhvKh9Y>Ynj3ha&m z3|3^Z>@p{R8B-o~E>Bq0atGYIY=5VL54Y304l992F)(8Gn}|Nka`gju)z1P|bCzxJ z8}<*R6C?%6C9E)%+_cgK2gy)iR~uqm5(?j_Tph6K)B}LzBgf^ zM|Utoj9LSHf^}4imiWkP;E)Ewla^lR94$c}J{Tgv2(M7(S!`Z-(w^_%RlA)NRn(8W z1ljhL99w?$nUy@Ha`_AJ*a|D=O($oN#yYx_W22d`QbB>)nl(ws!aO zZe^pK%5$%{4oE#Hnl?S>fGFXZK7@YP1lpye@UU*e2P#qW*id(!h+ZhdR`*3Z|L)CC zGxXp?eA&{vAGiW3j`shr#Qt}eD4u-`|BpuB=HGEp(&u)%kwP@m&m7Eoc;Sx)C3)`u z8S;OW@nibj$g81P-bTQ~>mdKC{er~CGRIT@E)SWd{t1Q^#Jh}Ko9qhM)C z9%2721$@>NKs=;|^3$^O*`Y}-xd0l@@>i0VG1r%_)tz|$PzKX`^Q{77EAkyAqwI7@#0CqfX2;#>o8Hy z6{dxT&f_A5Rt=%6cmJ*07<<&O$;XxLZC?DhXw$+LX>HO!MQHmQG5)8h^SP8iDav)^ zLG_uYBd{il&!q|kvqf%IG)bWQ(lbRD4Imi+{#&H=6`|ycLN*)&;l4L2=ujS zA<`~INf=}Pgpc`um&|zYo)z`iv+mbClY9Rnlxkf|X_YOer^Wp6k>a>;CBUT4tb*)I-;E@bgl>(##Id!4I4>%fJ&WCti&}%a?J^e_i;k` z8xu63aBOfQJI!0X&Z{981RsQG559ebT6U)@h9NXvW-`KqacMzntX-{DS8`>_|C52oT zWg3xBX<2yP87q5)Z9(;3i`I!NYVW5s+~C!xek&62^#jUX}<3 zjJg0bjBmo$L%2zkQ~w}8B7UmmrM|APU{|Yolaw)k@2ZjxnEI~&a!Ffir+tPU+>5TB z$0ta>b7ng1ijeAnQi=4FSt>}6WS_j-sb#jJuVX!)hW#U`!u3wql^BLhDz@Dpj|(yw zzOjuNSKgAx>B~ZzZ>PA6E1vcd|B>5-Vt|+8oEf@4Ie(^PZ~x*vh?06N#_fqgxQf!> zJO(>+)qH@i=`(R*uyWtoKg;vlK1LsS| z>t6DaOE)cSW!(&!*i>k}ysX0({N4speQxR4Tg=FHq_S}DJ>1E}5UVfVsnVAuxK~e* zwX%e|R+z5%26d+1u6AN+M6=jGmirMBErQhsj@@Ya9KINUCIy%v!PJKNeNGiu+tx!S zO6L}=*)p%GwZ894hIepj^hk1Wa$3QsBx!F_yGqARs{ckS-0^a5U!z8Q^<|yFVMIxRB-lH@ zGC^mlG!x`Pk^RK(_REO)_I3??X=`h11VgOqO)b6F_tP?W8MYSU$Z70Z3x2bfxNu+h zK9$Ln(8b9hxHQrg`r6WO`3ipda!==qQ2XW;6TA+ z?L2tLrh+13;)!H7!p6oX@Bqph8LOH_T=1sfqJd=cdRkQJ^IwDpPh_Cc7n($=UZ`e$ zWo75&6!DFjMR|3BQ2Exuq*b<9pC19|<7Ons?#5DT$Tv~J$S?VQi^6y@I`QmCoTk^T z2{8MUhG~C(uW)36#a7-ejh?#TD6iGS&~?Xkj|8sjF#WK_0L!u=O=9_>;Q^61%3Hb= zgm#7-gv}do7S&R!#Ol|oMpoLc1!?Mt-uat_j4Qz*z_3fz^=l%YE#24e<$Zl^t!V9d zq8**b+r>(>$VI@3k|7f!s=xU#55_Rh7<%+xI&0i5)8`+mKz=$=i?$xdowCCQ^J6Lmk@$bAPC`01@p~?-6!f5<81!ofoHSp3hvlsPzySb zg@3$Ipm2?e(}@ep5B*--=2!MP467eC{lzdJSCo&4njRF5K|6HG?kb4THes=RO`-{0 z9}$Z$^{UMqx30Yx+x3sh#s148&7FJm?vq@4zz#=x@ivv0k5yS-9;(;RJEceOqYItTQ+mbIE;Utx&ayFMY>J|?Vsm@lk=?ISH zO&-hGQC1qLRWYvs_e0-AZ8}v{;|q&H*T}%>wc2z4Lg8;$CvRL`g?$_7q;#PC8m~U2yv}QHFR+nsA{vB@)_*@<((n+r zAp2U4Gi1xD3c#>Oj&Vu{PZVRXdG+mZQeh7-D$@Im(_H`)MVc_2G1e++xT`+)c7EF% zd=kX>2QpIp-xjX_@=Kc!q+n%;pXo{@7(%gpCGdZ>di{6Ye|hNtk!1b{eeXV$`)zjR zbi>WR(;D$&5ItNPui@d~k&}t&Nynb9-F&8(1?SgbBuXZ74XslEmScF5pN-Jd z(~Fx1srTz&T1sKq`v}lmi!|~wK3{EleFB^5{raj`fgnpVK{BiP4kZp-T~e`TT^#zS zeht8jw=@s{uaI`AO*ppqiKGlED=RA^UX)fo9dH=Z-_9-84>!Ae{<#5i`0mbwcU$Za(vlz~t z4nru(kfx`nbuYDejJj1#%Ut8&u=wcXKpy>>@mzyY-n2|0E}>F>^X_(3zHd#T+Da1K zniUSCYx>D;G%eHbaGAMy%Q5g)_Gfg~X>(gJq3FV=QfYHXDchX@7rMPH`QL%(zQjh5JVrmltV)*R&Z9aI63bVQ6Q zSapb5coztL?U)LX>KwFAIB&1F(sjTm{Q8rskqT3-;unli1m2FE^;1}p+*lUOXg zyD61^KUW-z4r{)sR=a3WT)oxvfW>QrQhDzy9lO+zLyS$FY$QXb(VfTiz-^70!!r`| zNY8|AN)U)rdFMsULH(LU>o?Ju>Gxiig@!%@f*5aa@A4s+9LK!314};X=eCw#$i(?j z=fSZNC85TU0ducT90`4xXH>W7m2o)Q+zG1|8sCq_)kX4ajRF{NTig3#D7%!n z>;r$SzNxRqsb?zHM>``EJC#+gL#4CeUgiXL2)Lp=(>FSs1xP^rUzuIXIoq!HK z(AxP&1Rbx`S>UiN(_Y7v$B|%#q(EZ$k>+7xYY+jc*|DU67q2W*l!pEw;Uw z7SsL4_frRI?Z>KpfUS#!?c>8X(?GfM=M%}}b+U;a!Z{N>S7f1x5t;dkTd;;^G7X_vu={7LAY@?49jU(fnY zgzUOig09`2fYVDFx3$WGzIb7DVffin%UT_(64x4i{sp#wK3Dng{d%P%zfzv7w2fU0 zAOrv8DJlE?RrT9{NXjQS zIrqQIkFUo~l>@R>H+Q=@p#6cR=Xwi^``~A5u$coEeq%INd*48g;sO2`>@m!Fve(9> zqadb{;MFBddVMo)us-C_sD2}f{0j$kfc;79gfDRL@xZ0q1LkFWnCA_LV{2e2N`j!U zSq64vYirA>;h>MDVXuWeJ>KegV+utdGJg+zAfgSPXR}M5P+CAH3qSwT$=gzpT|C z7Bw6nAD3i;Ho6y+TY){mj+mVc^(~X z1BX=KJwy&P9B&tgtT>bXY%Fl8@IW1DmnQAL6LK<_=B_mP?DW=G5Cr}3NTFm4Uz3y8 zla1sC+n99E4!-EHdaHw;WVhP&R^a+62Snf?hs{hn!6PH%zTc>ME=|*tPpD?(PX{=y znM56>ok5!h^22)fXpB__wo0Hq+Bp0!NmzUHZiSoxhYKCTTUNf`Q2^swoCks03J{fr zW$0SnuG@I+{x=$t+L?q0QQ_{Pn`u=pL!SL64hw-7BI3c0b$Fmo4vJ4auc~Eub*r!( zt(_c;0Oqz_?_1L;YZWYZnUyhcEmu-2WWw*N10c_E?2i?v=2Ac7+vGq{eW*kYQRDFG z#UxuEYyxxrr9UvHH=8WgONgJ^gcTRD0(y zJ3?${h!E;)Z$AeD{d1+BCz5l>%#qV|wGC!5OTg#ie8oeI5y$gMr-E3RK}Wv7Oy{BwM~+Yknr*)_jW z55=nUFD85SbXF$(F}?77)vG?ex{7LBQwIQEmdo_GNKG8A`f+-GhXCAfRz;2)K?618 zNn9EP{zIa+yz6ez1(0W>*1AY*$E$0;0j@~9iNo<-vcv9Njff{H?c$UVy5DZ41e$(h zb3m=`-4nBJxZxLia&7sf}|#2Xc{_(^WJ zyw3j%XXGp4mm|5mx*|v2(+w~0(JOkdrqr(~FKFnbR&8{HD#6G~CHjTzz*kC61ps;q zzVA=5H25FylQM!g+Q}{ehDa+ahU|{{oowYQb6c1xE9^~%)AT)(TmIa1IZ$}`E+q#! z-0? zJ_m(ykA)0s$a1q+Ru5*>Mtkq;)P45}~Q31?cJ8+Ed7V zG^x58!;l#i^I%N?!Sx0KS4JJ@G2EcNSGU?<=}OpSwP|UG@ew6!blfDbv;gF1S7-5Vu0C zlsS&LEsV-Z8IJ-30|EN*Z;6^!1$7V#kScQ=eRrvL1}k0J!8-{D+hde0i*L+7CBoem z`qeys0ZpK0e7k73ez$HcyqhQ8y9fAawc3tf8`zf{e6!mFRt*80bI(WP88*7#h5}r3 zyz1Am6#5awXhD2wUSE-K*jA6o=;(UBw8S_GKnBy}VJNqQ%Ch3j+!uK&TFVq=4}!k}t0F zCgY*64f8R6S>6`OUT7|j40w{q)ul6Y0hX6kT0|rj6X8{$Gp)@7O+tC`*=2P zLPKyC-*-Xz&r|4kGE$b*B8NP* zS72xiz1;kVn$>FO@tULcw_)b{wF0VMb#ZNjRi+a%oMis2e`|UbiGSe|=UY*PD zx^`;;8vRnluF`EK_#tRV2((rmCnVR-L|grtI@+B$iIlGWCFCA}*ODG9H;tuyR)@I8 zA)Ew*cTD+-*l6w&Ji5ZK|4h?kgbo8=WGMF26G_Hfvz~`UX*0kUpd2?e66W2E$Qq)M zl+l0$pU+xO+~>e=A!N~Uaa?a~AirsAG?7Ij?87{*?^QJzmeWGI;z=1IK}?m;E@ok6 z-fy>MMF3y=(wBbaMA9eV;g}0yb4z^=dU6Kd!5h^vTUwvAR1Hj$m7FWX{!DZF6`$f) z0C;d>uT@&geSCCtY0}y1aCkHkc;YZ`RJBnliwp^%lR0v@9B`_@Ssm@QDJzMKXNvSH zU-JrkvW@EfCSbMSA-`6;8Fowx3)FV58fl5#4lxJ79zc8@!f>%02q_c7?mb#3sY|k- z5Q|n=Zv)oIbpRyi^74yJ7b6OVx+_T~m*sFZLq{2pb|q4)GQL&1 zLYkMC3$({;YDpanCz3TbyqNN^jA-rgv7-v|F1QCzvu6PCc(gKcyi&J2J`xfp3#CB?DqI z;@e)%w0Wy&2piJtJO(*Yj{x5ygBeiC9WAwsM#p}b4LAm<#z$;=ft;_EkBG_^K79rt z)~&X8njnGgWyk@%6|J%w?J?@n76QVgi{zCtN)bRB4%ZsO-uba|asr{s{LjtRIN;DB zv8vOt?!h)XRvU!?KrUdCFK1YSi;C=75U*Xg14ABe3Ij#1Vws~mi#ICsNg$8nFP}lx za#kBanf>?&mbOpDEp*}~J6oEUo;RWNS!wa5^_%HyC;*ViD#}7`MkrW_M_1U%;Y8Sq zvlTl#d(E#%_ALa$jf~SLj(4g6IBZZ_DJQUNcTZ1t^B-4A3{tU_Xgl+EP#|Q60-2%C4=;s zH<66*b^+=dD_kal+&<{`&i8c{yFfkM5)uUfYG^U^3OjzYo74H=hFtB9P)v$ld^ix(N(|60EC*#VQyug&$^;#~;Ek9IUv9 z1p%fM0$>~}HB}Dady(q-O!AJ`uk8jPvOx4inz`XNIs_WF3*AFNj43wECxBA{yKlu2 zv|KWlYvIwt40;~+42&#%Rw@SKVq$86?*IVKPS$B9U0AyVb#2u25)z7w%udW4d zc1l}$wsUhH{CqVfL#Dn25X}L^UCWFXHl5)BgyRK38#BO(+!@Yz<<49fJvj_JSp%}< zAWMCIfTmH;0L0#L5uc&Wh>+@iwN6{L2ajNsC7 z8y8F(CB-4DqI_AOlUQq%<}J*!w_MQ@S%IyzGm)D*a~DwNtuqvScKLl93OZqL#E>Lh zy_rscb{%cLgQ%8HX)mNtG{(LR>-F?%8v;Jy!_kHvSW=PrChBeBx7rShO~+RhNpM1N z5`1wg4Q_%NC4U|`NIvJ(bZ2iXOhsfSZAO`7r~u?)C|NA<$mD@4`t)BjA(?sOO+btpKU1= z54l|C{!}eM@uRB?3FA(`o5g#+>8GTYMezs!FKCB4&mPIxOm)K2itz0|(ruGZJ%&I# zPPnAlKgRtDs7aszmB9+}342a%k_f6uuHV9-yxKer>u5O(cok2c!=rwMl2tb2kic^< ztyvL0l3M@i>DW%m!TQ<$Ofw>PxA+5WRNu2L4n{s&`zE_4T=-1x|K+{i|1IV^H0B>B z!O2yfF4-!eDW1q=1-`$@ z4V0vogM$O;@PH@!5nfih9@aN7u7hTdM^;HWd?XZn_@r2tmVKl$+3(l&d;BB?+IygA zn(LS&W|a)S)G$AZBy01- z$AYlQi)leb;#SCeI7p)N{B?;e4EFAZ@L`s!foA={bW8-JnQ-4hzEt9~)896m#a=vX zT6+2lPKx$kn}_)TDB{@L-_l^5*d_ayyhZ}~cd{Tn=v2`m3zPvTCw{O>j_Mpo!+e9IyP)QjknK={D9XgJf5@PM z+}~x8k0UC^eie;@VKQ|@wY-9Z%`@CtRm+A1#g|5DD(uVJSwVs)ifGqazMUT2R2V~B zR5F1@KFW~%+?<8y2M0WDQDK^nM%%}Lw;DkS3HtiYn>Q~#^WgkZHxw(isn*F}4-S>` z%l1S65`MhT7&_imQ%8*U-rH`_&wN5E-0BTcg51}MSOF{|mza{8TIy;>ntO@b;he;1(Ms#fqW0|*g0*!tk)e~*?2RE5t&7PqVI zOhDt@cLM}maaD(^yNv&ED|;~jh4NAyEKIc9-N3GQ_StnRL44G-j7EY?94LlE zH=Uz-KW5EfuVrtCM-*#AW#>U_0#T1If+jF^RNL-&(; z=&lNc2aEzQ+ny_{&hS#&b&ZY7ZuzP3x8H$6kn!9Exn}l%|4D}b9oqlD*6IG|Z#w*c zo}kr9ntbQAouLVZEsWW<<7sb)3ii?$7dUq({D0(BDXum4xlt{v{VfC{*UB0K<{PfP z-=AY61TUsOsu(GKv5I!F+8`cY(mnZI8*W%5^tqw&DQKc>+z44f0wzCoZ)YU}MisD_ zI@u%=+MztL@!d)K%+AffU55DGwuLUGjE5DuMbtYhd~~8N|0y{B&x5d4$EVt*z?~}0 zPJIr;ZTFi2rn9Gk1$W9N$F$0Qqq(&AlE+To?t?IuHOEATyv+9`^eyCFO`d zrdK3%J=)IPA5;(kGvu~_=l8ia9PQXCfOB51hnS8PBb+3!fc}fw!9iAxKBtRRS^)ZQ zwBEW)!TN>V>|k0*E|mu)>*(mbjg939oc|aRuazbxCgtt^>=cEsS^`%D!$_r34dh;L zLXy;d$ZfoMS3renXK4%rV_ONsw@rls@P2#Vz>;I?&OQ&e&*?6MF|se@X<%SA9Q!^8 zH&sYEi01&>9Dv#GIP;y52GRp~2cS?VB_|nmhjDMSYBwp5HH&NH&A7~vt`M^XyYL_g zgVXgnb=n06Pp)575f6BOK@(03zifPoHos1Jl~Ut+tY^E(^QTX#&)G0WiHV(yi59fA zw!tSM0VzxCSa1bLK^(nhdDYGHkVCj%XC&&TUphzy65KRqBzUzf_7Jj z$|!9{iNrF`*^bkc7oJ{~_FJ7O%pDvV8R_o68yaP1YAUIf|K)+7pP!l<z?IowVRol8GlkHZ(dGL4hHiwIIco4zpzj!84roDC!oiE{`?F`pXRMZ0!c;Jyv&{s zsy?tiR^zu+-6g7d@7}$T5JkSt$*wVV>gO{Cx%jFp?jwWiv5AW}Gu?tt{=BL> z{*tBk>%CWUzeQM}m--_HsE@RpdJ^h`TZWa=Qf`KVz4^oiipY;q5z*d z(k?0!T!CW88ib~Fm7usP8Y4=l6S z+9ynp;=J1F7eGPmKu957yQ->6#G+asX=gFeZehH0G@;Bo4T^bWlJesErSoSKZXed= z)w%(q7$|s|OgI^!uCA`>>FKetu|-SAfC)LfxR}@amyiMuch}ljMJ#LmL3zrH)D_$E zmQft4%!4I}+WSgX2z-#!hol##UC%6nEKVID2Z zBf?gXaL1j5HQDuXEs?No87*6arSaj2E2V~d$YY1%A7WvnL-(MIoPImP#WVwI_alBL z=`0J%hK?BUZ2w=Zy$Lv!eb_hbZk1#y%P4CJF|s845|Jfjjj;>Ko_)zuvJ|pruaTV* zLdZ5M*_tGT5R-<+60$F2dC$@PJ;(Qa-|?=`JI8S!$DMS|%ys>j^Zaf9sR6As>y3>< zr11jDIzk_FnRLClGJEuQv90AOk+mQWn@_^jUfnnA__weV{%AW?FX4vnQ%=fC)Kr&F(m({+09dBS_X<5#v z;p@9@o!scVFji2&gG!-S!e9pa`&UhsMAKJfg&3%cG13!;6G!VRDiU%47|F=Yq-B-7 zPd76&L)9iIOnu3B{yR3yt)agD_NTN2HEud3*7mL}g+0KtR4Cab@BS#tjXmp28?L0d z%uitxo_!&u;7|mUalQOXF#g5+OUJ@98JR9B1iLCvSST1@p$sBTkJ<}mxD!~qJjE(5 zaN+klbBV1JdmGnzm8O1&S7)vh1H8^~t+cbr4L%cH=-;W!8|Mr|f9vracz^Xd#l7Cv zGqshz3|^O#ad-fQU2*H0!$f-9h*K_*$lPBi`DQCglP^*%A) zdJEMQqCdG4unc}>z<*e=D8o?qI{)-!JEBi)j{H~=HcJ;GsSQq`WA8g;#1i7O%L*K} zu-(EjE+gSeTqhsDLeAE^UQD$?@Z1^gob@E_!vZET1*8h4EX1Ut6@cZBHM~Eq7KgIbL__$!mMLsW2-QZiQz+R^Fx=>`V)vW zI@U$mZtu}s6$qNhqvdgcZH$h}$;rK=*JbEjggJlss2xiFd)-Y6YS+(QXXup5;+z=A z=c|}k<;HI`Bz5MDX6VoE>o3_^ zvnQC#rEdQ+u$W2yCjDf(20X180eVIOk%GNJiln*QKbL}K9%sD>% zdJwb?(bshjs26b$#6LzwSSz2U52I_7gf;AO`?74W(A!F9e~$B>jyBMcFD2$-g>WgL;3SR9u%FM{~U?kfru6ZNzuA zIHN0joowNA$rM3<~w9%NbdhY?) z%|@3FM{u8zlHA8yOPc$YaJg`xjUB|4fyR4M;un#5DjISUAOPyucpvbUcBIzq;Ht)wUe|q zs@wGSf<5epowiFrg9J8P291X^XJljykBpGv+A&y3Z4J*E8s3my{2(#rXERu4zD(@i zYm>mzKMMhM4ynBWYgJQanT~-zw zGp0zniN*K#8}cX9DOKI>8gB3vn(nV~$z(Y2HjRLo;YjV5t1FR^^yoi&#3f&y)W1K@g>~STS(~Y)K zIm)`+Zc5V6(Ma`znbU`Z@ZGkelw9hGYH^KavlYh99X@`dYA?1aSy;6$=JD~f$0aSi zw-qgRINkX|u}XnHP^lDQbj9Q@-~(l|Vp>iaM{-LK+Wz=)#jPWXQQ)(}USQal-$PYo zLJJF0r;?kcIeh$ge460@$&dfXHpkACYFAg+)v*;oM;l4=4G#-}{%#Lvw)nRG8e|^? zkW%m*q)kDhmNr3J0O0BtNFqEW%iW|iq&#nnXZCwPmz4v!P+D3V*oX6?4I!;jjFBTk zpqTgcTsC!UvdiFU5nf$gWyA}!wp+&l+8ZX4!tKzLqta66*qL~KZf;Jf@y~%aNmiQf zECmj(50$?^CJS`R@`vd_)ml9FOv)2*{uheF_Xc<#w{(%k4^)>s%F=J@ew$9{ZM z{|@oEQNk(VYlYv}KNiNK74;T=?bI#J?}pCZ?z%cBDtoolta^PrHVvM+d#O;OzPC9C z%1AK%p-NljsRD;Y@yoqU7QumH2bm*L>6$!!ZfAYX2iJp8DV}xDz~9B}QLJRhtaqY? z?hw~TJJX>D)`(tML&I$knQr=~*`XM(UVO72{|_H)yHxC@Pi`8$Z_lagiKcVU*0AqJ zXJ-8R{Cs3=O#TZkd-|$U5k@1}^-}sLxGN2IIHnkP(0%$7oo#FgcU=Qo8I4xhl7@}! z?TM4Amb+x})9ms*!Ve_J!{JjSEzxKDTkJ-Hkgt z_9G(K>|b-cZu}u>QE=3Uc>eKo6jHqW?8>#Jw+Y(uhqQFL(2A6;lNGcl3mh~Ozq%>+ zct3wV*(27qyq$-5Xe!86E&K3hV;vHgI3^KGIPw^im!I_M?pea2kGU?{I-I#T?qt-s zWO5rB8hX~TZVm#bIk*};NXMBQ*O?lsQrR};edBODtEcAK1YmlC7vVqmv{W;{@o+M| z51XNi?$_NNQdYoB@i~K9=;X*!nol70QkpzS@m9E4)&~Eo1}`M1Cobb??lf0Fuuhtd zi_)MCsmZ#b|AB4R1eX;&o7d*{e8o3wCH8sl&ca~Zv`Pg5~iet5S`r4(TQLEMr-(OsU z|9Z^SHpMVor^8kh0nUZXTE|mZd6N`6Bx7FWLnYb!{zeXlTYV?kR}^d&x8P><6}}%A zURgEr11^kAme0@6M+;$%`(7Ja_)h|9MrOH=O5=rNk_C(s z7qO>-2kHl2OgvR&6p<_h@J$S3gf+K1ChgMIfK5=mDrmQf+=@9R z+WzJ1vyN|WEOw}YcwDCDS(q}QC-!a%6x7473)IxIP^#!2+!+z3?sF4Bb}t7N*7b;) zSM*V%Vmu|i)6gcSrj|gF0u2}p%~-fnc6IeCnbBFA#2ux2K~_XT(W;?HcSzB=p=Ph( zaM%|R=1gbpZ4-|(AvXvdd*5o;eI&JEXX~0tLGkQ)|X3mRQ`VI-_9FF^tUY> z0&&|7FLSuU%#Y?};)AWlLiFRH3UEH056X;8Uh8mnuIyX7LKPlrhk7WKq?&SO=8TVA z_w~ZQ$rIK!E=lO1sGN_c*T6rFWV*^A_i=vrfnzA$*=X;S?tzT2n6mSL9i%0Z5%K#X z*%(LBbXMC5@GsSu(V}l1RpqHYbmJixhP6GJgSX3tTB}RPKkQ4w)I76FPvy&ZSNYq( z{qi89>}E3NIGH|q%iWuyNup@|-x@mixOC)vj zMTxqW#>uxu5O7E~&Jbj$9(Lb8h zh@l%uOKhO?@y6|qI>fjqM?jE$FJdIIM8ip`?#}9Ofmk=h)>n+O&lQkh86y)%H9G63 zFJHb)-4f3pf?rn^zKkxIz9VLWjXc%8%*}aI%$O?l3XcI>owpvnl5HQ>OS+UVid+31 zEp~x4G1*R7RIgCu2kY-!uc}+EQIE?GQ0R9two7P^t%wJG5o4nY-`Y8et6cPxP1ew5 zxco)xA)?3)#?JD3^h=^8AH&jSBPS&Q3uq|t_@WM0zq-l$*I=AB4% zyQv?>DbP5eiBhoye{>FCl6$i6-(RG7WH+RI77`3QcI8i*KNoo`{E6F9V($1~vo3|w z!YV11R`~EK%D+E&%eCVgPs8(JB5e#j74Rxx{P#L9X0BxJ$I`x~J2GtOy={0yD^~1| z`rqF&Jo@kTilqNykQ7(?_qjZ{0tW2k`v7bP&h`7`@JxAo8)ut=p18x{i{m*^VsE&Ncn`ON5*V@y5=>q(@3+=i#785 zsF)Uho$R-USIo6)uXX0=Rk8xF z{`EE#*Q6r`<@E!OyTml5_#wBkchGDYPuM5~0wFObBvk`|98 za-SIcx$obgh%gZ3>UV#p#+}1QHGPFQsR*`Xu3eOzcbJ$rYccE-2k9~Iq2zwhqP;7Xc2 zuwAxc$T!4F^IJ`qu%>_eg`(RNmX2b3#{X7ziiUl$^P(X|zn#dBt_0B41_CQ1g z;B*RiuCP9EoSu(UKCAen1kuNW^!n)jol`ei`IDEl3o2!S6ib-!kQ%8Wv2pR^fH1Bv zOY#-Y>V~n^%iFySh)?S)+3ri!=iWq7-#&luR(b&n30a=QO4(M32%!3U>U^56Y=PABTdt5#BW2Rc<*P>yUrP5=rG@aGVBEOBJbT>H8@S`P2%ghVZa(W4{`4c4 ze*ZFWt&8j9`Eee2H7e80{jsSjV93177ZvJ#jm!s86x2DUOB(Ln$tWu=eLiJE{*e_j zp}6-2)!*&sKQA>BJY*AMnpyDD&oPqt!brMUguHjJqZS`?Iofk`(UZ6StkvniOIpnL z8y4RiDlV;d_+Mup(4JJO^j(?4qwulx*q<8_kIRmyU3}5N0aruR!Ic`uSAG>g*P&NB z?$m!q+pRuix#5&Kz3`L2>)kb1``)yrW68$GCE9abCteI+@g-+yK(M%QTfSbWFf~Y6 zBaTJ3gmT8b5yMpqw=s@b(|i!7ZV~>N`W|E#g@uJbUk?wPfSM2&)q3k(nepoVzd;ki zulJuU26lN=3aHahK0c%s_ey^lq>;-JEP5mW8@P4N2gzt@;=@o*z(FfTOHPoN>Ht7% z7*$Yj?pojFPQ}fQHQfVjt_7KGj3oP!!0c;U^RlEQnz&i#N%ZmZg5v9oa7rIixD8}l z-^q59H_T)?&HVSe$o~3x?ZWl>(FW(C%9bW(sCL|8^`X}4<5pLqe4O)0q=4^Z%^cWT zpIlqs43uRr*Sb!NWi$LamQvx|FWz;!?`3UgKgDb1s2W zsR+Jbv`V7Z!!?scr`#Ss@&*$7dmSbz6c!)}$?R$)xOXr2PQNDa^+0W74cT_iT#g{` zmUK!*b#?x52gmQeS%`GNuggeF*EckXv_T_WS6BCwc?cfQ`tPBKBJIzUzF3pOGV1*dhES*SFkRby8VB7rWWlE zE9&VQ=7w>Wr8N5@+D|>fyTz@ZV)R^I^HA{AIfZ&Oh+h=|7rpH=JDI(zdrQyO2D(H8qlqEZQP7Gyyu~G zP-*JQm}8@hO}m6PChif?D$5*WTZCBlaGTHOCcZns?a2a}p)&~V|zRU_< zN^=jADS$oYy*q1LnwTbtq5(w(_8d)=>poYSM%}UjrJH<^m6I}D>49xma5;bZ2y`^;(XF6XJQSt_Od*JYY;1C8>q9`Jc>2s4W+98; z{$ubyB5eS^UR;>3b-4$e6}%oRzjuEIAmG)M$va{howk4xrV5%CU>vh`$h!6E!Gl&W zz05rwm2JI8NQHQ;|4u~h0_j7~#K!s!C#>J9^T={YZ7E5=IiPe7lXOe8R>CRxPqW4D z�kVbL?A>oy;t}=g+20i`^Obj1F|utF_t@n#B0651%d4ZFb*OMTUJl?~ryQV~Yrl&MheBR&Ra;-(n-J`uw$jsZz<&i9t)YKLtgOhSI5Np8SS*aPj zf#uldLGC3N@oC(pQPD*Zyri|Z`qW_{$`tAzPPV?4b?p zAse9i)ECkfLUuv1Jwe(+Dcvvk^+!B8{W34ULSLX(D~+ zh7E&X>F`a}kM;H{1s@(992AIx=@Vppeqpqswz&B5Hot*kby-;%{$yfj9??Hr=TS`R z>1~YJMWVljjmVWm@f0t?6{ctzj{v?%z z0MaaY`}?Dgrr=li>9*GT8oDjS2yK@#h<9%3D`EGNRJ)@)_ZCyN!@dk1cam7>UY!zG znu?PND3h`qDOvz8YvFxzs;Ab9c97q`#mC%Fy6;(0udO@0aC zS5Wyi#Hx$L@kb@%CZPv)$fz@m-Tuh05ShcLo*31dLy%0dJIql>uSDIV!!RkSz1fK- z4%IvXy>@3MvQLby{n)TRBoTOzdYiYqcf9Qr5mPfPIr=&;w4!HZqy&Q@`j6DQ?adf9 zN72>)%5Z9XwY_h!0dP`)W_O%6gznHg?@^J)9y}@?i<@Mo~h-i-0pAyYJBvUltjY@YvkaYx| zZ_3`y+GN}Y!hLf_(DqrnLk2*~R5TwepJ^A;&L$raej_E}c7?J|zRWNTZtmChFoij7 zo@gH@B}GaXKbh4p{?~EMTj7jV^8pSE>$>_jnkELh@^u26)2)}#BT3kGf~vw`La>L? z0&iUU;&=4dC-!1V%jMfvEei5mZB=fC@|7>vp0!@OtvbeW!+&O{TzKkB_i9A+AnPSh z6XdG2#`s-8|3q6ZAa0u^=tJcX-}QDC_u;c)*8?3#hKk*qRtL!9cD?tYbzcKO#IGgd#MLnn zk%Pzgd{XCAj!(9tWM2W;cpRc~K*}383VcJq`1^v7Jz`CMi$9GlgQ{V+uyUEt*`5@T z(&J-LJ2Ua8v(n7cQenfe5-DWzn$qTbPfrC<1$MZU)q9L>X|hn)>ptx-Fnn7&Ijeg~U#Xq%sjilc8T7{LNt1K%cH)==!Xg17| zMBBFq+vCcPAE)G^%3jCfY2R(^$PZO956D-P@N$2-emi33{rh&NEXrIBJrge{6@tNj?7 zh*MC20smN;UwU3em-@EZVVhZ0iXg{E8J|Y$Q?TMkRB;|-dB*{Zcb=~W@mK(|5Xz)#*9W5r~v!EvF0={AuyxwHxIXEDC$X)~} zk;<`KGvKZJS~~$Y-oilJad2t@tgY|u&{d*1 zPjh*F5@`qVX(L$MZGHBDlcDiF&!E)@nge{mtYDuQOGI&bc{yTR`F1P#c9-Zk6M^hn22mWW{bq+4H48 zv@YJqbZpK|>8D+G8c<<2Ujh5dLs=JRXKvbnd-vqJWoC+UL$9Y?G~WW7^GPnRPOxWy zLxyZq3ir6lt9XNl`xWkquTL+8sJRT}l^O5%lr%UTRC=UTRDI2VqAHoB9QJ=g zV0=~Gu289-QzwK)Tz%fm5bi2dHMwO!w!2$3hseETa#AAjjntd9tLttw>@6n^UPwcO zYLg2s)~CnpYFb(+T7*Hzbu6?4%$w?sl3+O�|s5CEIGi)?oX=I}M7P_u>6b!Dz^5aN=uBPp}VevO%uagq5yL53TA5LpG{C}Ch9Qc^HGUWK%gh!X2#Wr zF6{Ss3nW{7_)?dn9ZH+~BzB=tuQ)1*jbAyp2Pk`Z86(?-sW05MT^;ui7Q3LIn8*L! z0#3Dho93j&Clj#pxUALh+dlqYfVgw5)TDojmOzpxD~@5I)@1-V@yQD`5!%f@F?G|5 z1=2&YSnx_Dp4aMw0@ds8(Uv1{r|PcrF;HR8v9$xDzTaHaL_+s1$@)vOtg#{McW*Qu z)e-ji6CZ%eR?&rC5HQ9wj8unp85mU{lR};QWS;23(R#NE)jvA`|K7DVYYh18J6LNO z643X4xVW)uDwchxVRl5wMDAXWz=47U$798mTqjQj;US_6vfM_I&`@$;V2^_q8aGK( zawRIKgC?pTVhqkax#j>6pTK@c9F-GDX2&rYjl>Cm3;C>tktN5B0-)Uk;k#)7sH0Wb zXWMdy3|ErHFbPpFrM{Gs1brqJ*eF_Rpq2o%Jq_`t>FWO+@He1nQ)3J_2o(#3ck{uQ z6&JI-6S^5w;gCUY{Gvp_-U&U7MNX|!B<|W-`pVK<07pZD3TVrq zI_^-^V~|38*X?^9g`x474URr+#ro2?;#N)x#ajc<*2NR?V-yHaKnagUNt{@LjPUn%^h=?3M1gC_SW^w#!v2f^y0_8cPTh*dpE|3reEWQtk z8?IqPM$C|Quaq3UyTCPDLsKRH@OyyR{zvGe+hM0HPU`qED|(_VN@*q@r*a}h?m}<6 z1(JzTg{ve58g0?;PIp%GL4ZJ5s5NfiA>%)vCq051MvsRd(CW+KgOMuVl0XpCl8HU_ zlJ`rwqN|+F{>PhQ##K_c++{r)BF39gOb0fdd+WD;N&4Lrsxy$4Mo7{ zZeKw0@%w4~;$3ZuB5o?5eIUX!Yk2s&qC*DLQ^2gYnuOoj;7=GtHm+Xz`=lrg3R z0%#dkcuo(WQjred#PX&Zx9FGZX)hDHFn~G3bjXi!Iir9p42kduyJ5;+n0Coiq zvfZf~=Uar0*K|G!FhxUzCWvQ(e!v>$A82d&r%3T%V3m?h)=$_^^R&=W=}Tl)js`pE zT**db*%RSP;FX9uS}%V339JLq!0STyRf+VFO~nCYbMl&0EWoT;-RHuTbv3z9DpFS? zuj?`_0kNQ>8`b)g&tgULU(W09hr?_u6Cz}eDWQ-||7a%8#t+t)UDqonBki$-P@zTH zh5E7u663j}erO@4=)A!0Wis1hA7e2*F&cUg&~-FW6L zY!+^^<1IyuJO1LmlOX~${86DIkj{j#K@;szXa+%;A^Qk;+nE;O$x9`mpNoH}yiXnj z)>~1^pt9-`I5!fbQG_{7EzZXjJ*ib?=ycLxA6I`75HGd#j<7^HC-4QPSI!YypweLV zxhu&UV`~R%MA1_0JzS-63Y+MCrf3z>$>xv$!s!U53gb_=tH@15whmA~@9(iT##%s2x@kbQc0GbqtjG){$FB} z`oYT`2C8s=c+TeNO$HT3@Hkn*i4E_BsZpI|sgiTEwQgeG(lOEm6G+w$8frpA_le3@ z&@d-ZbH?_cf1g`_DB(?1ytK=|H>QY*F;~0r(*K|7EYtw1J?;1GWnD&S@@-Wf->Oin zdB>Jt!M{I^t)z?Uhjy?FFtK7paFu8xBvbNzynAzbW^V3;lAwyNYN9o><2~L`i|e!F)N8qH@Cu z%s>UibOsNKrq&ox78Nkh#U2N?3kP9hSiOvf|faI~Y2s#h_wnsJ;YSF9eNIU)2DEE3)<) z1~V&N+?>M)L1_CNp|G8SuG(r445p~LM$Ntz*&7ThmC>mSqzLPkhDjsHvr91d@;3K1 zmpJ{TSIh-7I`(Rxm)PlizK>#EUeeFixQ{r#>;eJ{NRDfLUKPf`dpc)A zg6Odf+wRv;lewEgdjWSBR8o9TlwEWgoE#lH1{}ew&?n}RVTT&OYiwxfak@nq)CxLK z#;`=Vv)UhsocT+d#$nPVRRT6Ir30PAcp{w)tU-<$`7R}_;l>$^`IC`2kOa%dDxc-n zfhvOXKstlUXKJ{YobbThS%=hWg+^-32Ty#|WeAVC@&cGLyNrU)gM;4cqC8u_%=ekq z?39A(yOJ;nUPYhoUY=|?D$U&XSL#>o|e*l=a9$yTowvKSyc~KV!dl~_(+W)r4s&&dWMwxM{fPx zj@`P0hP^d&OGX;vW7WuLLv3-a@{S6*?MgrhgDOa?qxE$Lv~MWm%>E9t(AZc7F}-+EWH^cB30MO zD(Y%D=q*Z%BvZC>8`qj34`bOsu}}~fn*Wmg?!uFXD!$DajBRA0V!@$=?EDsvSeD1i zFn=M%<{!|30Q5|f$5mD$j|#%U1saLU9{la@pec<UZ?2!1tC5(C*z}zq zXjT}ErLR9ij_21@$c=0LGD>@G7CwNhWRw3EAopM1o2*9kWdc(+e^(nz%J(g>RyyxY zi{Dw2Ib}{>DU&MCLqI>G^trl?$$5iY)}_*)#!no5;(q#|!SnjUbsXG&;amR;#iFKr zlDiP<-@VK#=7~Jh)xW}>w4XdS*ZGmZ_M3inie~#90nzmM+T%9AN%Gyx1b?`@s&$eA ze``I>18Cymy`z!Q1j&qo_T^CsEGba!x3SFU>aRrpC8eoCg?swRE7#jYpdPVCEbTom z!%aLCfxNHn1(}RzCgxn##>jfu5;gX9*_7FuJS~+ktr1WdR?4E2D_msA8S0F2?I4z( ztslSZCo6De?1?+}0$h{g%H^V*ct>(R>Arvm1lTJ~hqyAkAU6fY)Ml*vR8iwCB2^<_ zuXw_rT}2m+co^xQi*z7Y@G*M)O;x6^oM9TV_!P0= zipjU5nPZDqy|8)SKUWTSkS_|{SKt$kC!;;*!XP2RFu7n_uQ<iaqZY z>vA^}KKf;S2ZRr(n<~ehE~XMBKfAMv>YPIy7#SUXLI=+icv@1EHLEGHzP@xUwqr z{}d)Ak2d;$HCy_xXDG~V?M`>m1_rptS>vl5@S{R=g0zq1>UX}(9{r_~FJl=%9E;;H zci;S+=iak7vi8S5bbev+h{jqfryY+1iNZI)O;>(_|vqHAgY z?reT5!96i1Qa@|a_m!3T>O`z%;O$N@Z#-wCH~K_{Uw@n{kRiM<`r2(V=F3i&^snr} zhJX_dIbqAGUBh3{TjQ3}B&OYsSahM!s_eajD?3Vm&9=S8S^6%ns5k3KHB=RQnOFY|3|&+ zCdMu3Xb+7=2%4z=hByDo?LY1GtKZRHnm-kWO)h;omNJVceZ;z~Z{}sBv$9O2B-nQ%a2zp_ARwljFeDnIiC$_w| z2A%%5>=&k&RVBm7fCd7~KQm8j6@z;?Je4|E4chfn&osj-kvuj35r z(91VQ;+d0@7ZcPt!vgWVS9Om{Y;PHr!szTfPYUr}qxqT^K#X4ajZ265sr(bz|=^J$ShQbD)ndxos++mENr|TKBQj zBejJIjfsv*RCcX?>yjsyxfd97FS=%WtuJ3^90u!Qfmx1kOTjiXx*1*p`agM_ zzn^^O+3J46Q_Ov@zYtjIuv?Wqa=)~A znUg_w!})9m98`bi1L zliQ)*Jqm4k?`{SPZ-t+dG{uZseUn$|k3<2;(C!|3%%UZ|Ss`LI>&hjA-AE49M(dtG z0Y6yttluOFDZTDIEOB+b^VQeF5&ebRT@uYc2i7e-f0ozyj4s}?$H!~vPCe*G?!Fxr z^0w9BuoQd9DqB*$2BW%gw0Uza4r#2*G4`B)?9ZnWqvw8K6<%|99IJ`0`bCOHTt~9K z?lD1g1U@d%F-}Y4h#D>a3FCWbXA>v1F_&q6csW|&cF0UxI`7_k!IEd9ip--|jE7PN z#!Bkq+{f1Flq6(FcDGaGc3Oz3mV2K@?p?~i>{-o$uKO`)+7P;Uk^{|=#YWGJUkoL% zZ4JnUpmqjhvrO6b{3G=Iuh~u+R-Kb5a~axpollUcZ`%ed2?Yfs=6v4SFpd0^sIsga zz|9O64aqu`A`lkeAaTV88iU>{y8DnL_aMDNB0(}L2Oy@- zNA+b#-#sO6DrH}h5A;K;igQkx9!S4zH&Vk%i6DRh_bJFe9catGsXJ58DpUYlxTY(z zIPm0N*`|Kx+bi#rUPqjy zx~Psl$4mPoEtkh7_Yx$^6q+_43zdE0c6Ble9(@SHC!JjFgO&=}Tz)D?mp~)tqD*Ng zxE^-Ta(68`ub)qei0RI9?tdKz*d=N5~b)^)-kaK45s=Z2UcF2(JPLg#5Yo;={<>|#+ zyAP3y=P8xGsHrb;)Ln;IBn$bpY%sNWWeDT5T)U@r<1&~ zuswvep8J*}b%A<0d>OyFENM`Xq1EjMr%9xddoMB)q1~kNp`;7pvwl?n&b1d&CVCI^ z$uUciHZB{t;-s3Zn>Z5johjKC8+-$#^2j}d?4MTt*IhO*QcT)`1`?kde1GJ}y0XkpTYyU!PJ6TRW_AHZvE z45l~Uq{|N-*BbF{dcUJg0(iFN6J%tK)X04r&rGqq5Tz%d5~nFSJ;HGYX$VYCp{JYR zzXeVz959XG z)FqQrAee_ESrS7#hinntEyC%V5igm;L&o{v(PbQIU*K@3yz$MuYL628^&A{XNWO({$&2WTbPR@u1;PQjNg9dyc>Ut9Kb-E+ z0BHjG{(}4uPdw}x`_0I~++s|tiyMMBx^qF_7b{axt08W6tQ&h_2U$Vcs)A8$Bru1~SmF9GIkmPDqJY4QXE2X%=p?4Ls21w=~~# zn2RxHptXb;2v(xiLJ6&`XZ5+Nd-Gds(KoxUzAeE)F_n|4Ptq6Y((0To8BTD&^to6Q8s4E^Xle*3I<>Nw~;+ zqWsF%=RA=fZx-ItW0N`kRppXcYf0V^($(dlnBc9M2J?FFJb{~rGX~@DlUMOFO%A|^ zlDEbjat?EkHwEF{vMkx2V%i+MqdZ9V(nvakq|FX-d&$S*#@Vu28qdg3ILqhq&&k79 zKN96IS1Uf-H`Wly7%ilVp=YrTtJB()h-21#aBNYJi;$HUq< z#ZH%@4Ke7Q#Jzb-9j@u8*p02XbTUtwv@w|?Svaw&BrK4;&FxVZ#EGxp^3MI1{@FaermEY#1no22|t=_(+RNTxUk?pSb1xBDOPHa}w% zVJ+MiW-Xc3o&R*r+$Ls64Y~nzr1c$Mu9YCSk;gfAWXa2A(&`5;c%K@Vxek&r^~jvK zR-dZ8SxMO}G{M$78bfs$pGN@xVK5m5pbm*8xF2xBuX~$cztDbpSCNiErDA06W94gJ zh53sxO8zvW{oYt!=oiy6G;9%uWGFGM_Wm8q!UYl%_f(IUmltwK)D1NJJv=Ink+R(a zIFBX^+7>JPO#Nrq0K>s*xu24sH#h6%JiC?yn=JaWVCxXJyTPiL{}d>NGAEgjdmUl? zVXtQMe=XN7kQC`yeLg~*O~g2uA}^+z%(~+R^1luZL1v#n+Nm_0t_@M@&Dsv5*qwDm zy(|t1stSs3;xsW&0}k7p6sC@2ovd{}2MP)(*GJzRDRIb{^O^NW&(@1~#HLoE;8wt? zpCfZAI5_Ur4s}G)N+zJ)fn0p071(z=>V4!@FH)lHUIrp$q-J(?SX-gGJqQnMWm_5s z6C*N6WCZncgf%&=6<9LK*oLx_**47d3g6-PcGpuc9-_D(SrO9s z?HN(aeHTtlX!JUYf7JBgv>wp5qy~_8gKc;dE(cP6}z?fx&4ZBNYs;#CDgm(*Vj4( z?ujGMs8YNwu?=Yw$Tu6DbeDCb;#xgXu}6z}+MCtnrE=r3r76W9{^IVbt3ghb#csF_ z;a5f}Iq?<;@c8LOF*-Tj2JFJK_k}hsnwO0Tap!I0dvmcs>z6 zhDEJ<*jI8kWB)3_Wh8ieqX)4(cfB4G{1Uk}cE)952++QhmR+XFjx^s)W#F(ZoknZs zdKN2@xp1fvR?TqTy-60o9(PLseuMpE(DZ>YIwcL3c6U^Y4M!dzgfL5)qr>TPkT~o@ zpIEh9zqk1y9JD0sJONTnt-eZR^?=^T)?4F}u|Y7F$rJc4tG#$8BRFhX!8ZpEfAL79wQ>0%kx0~!{Q;j-$nGSUAtinLVt;?~Kmc{19puz(yr2fzltLx?0vv^heIw=SQ z4;eHquSQ*6-uW_ny1Q3cl*88@1a7=+RwVDH;p&$Ln1y~a1){=&`P88=kk?7Q2z|qT z=7&ELHUnL4fCDsfYRK#4G3Z{-dx|D@5tnoL+DeeA*9X1l3e5(q-}U&Uifdh}VLkL9 z2tq8yw4!r1erlpd3S6`TX^IJjGxanre-wRTlK%10%;(+zem)IaiOL$N!Rp!i8rr2@ zn#j>)y&B7!g?l6G{yVQl&?e@CbL%8)gfpVLWK~e+>f6docb|J71hl-Ie8ZX-0|{Gg9wsfLm=>?rK{G&{5d8z%drrBewhz=@8{BYZD{WdddCuC zT6PFX!`Zu2%`T=RpIhd&ARwEZS@NI)Vs-B~XhAiu_@a7j&c~gV;5cdFFq|+{5 z&-l#P*q2LX7HT?Xjcv9#E}1zwqo!FVMP_O)WMm?aPKp~kW8}VkDy}IssTqQ=5N4p{AEtf&Rn0 zFragu@$4H|qs0=}GyRJ`>fsR)fwo2kNEJXZR`^{H35J%IRrSfr;Hen0)`PlfW*vZ} zO6381P9A%Rdda|u#gZDZOE_Ynmvfq80?m~)PDN}fyUvR)3<~9qiA0-ZwaNscMb^>1 z>PZ&o>g74t>cone{GaXQAsTZ$;<<$T@ZN)i&dt#9}0A8gA7gh}3=zs^>4NiBcO~%-q4|=-n z=o5{~hcK5cyXcTwQ!{gf(O-df#%igdH7wP5ls3?h*{P{p*nT}UMtgkGX{^Q0=hbx+ zVDgmBW{*eNAd;ksDvvjynPk*=toDgk;InYWqV*xjEd7ytwUO-c;ELf9E1MqbgKvSE z&DQp!YjCZm9Lp4wdRsz6*P-hqDmjE3>5$rXv9#PVHhSXk23%K$qc zspGN{jJ|tMvZ9LQu`NsakQ?b+v?tB?ed5TDXx>W^=iJapHp+JB&3R$-9jT1iS@MPR zZn!1h@`CmSS4d(x$cX}r1z~zbT>wA%FW8_Jd(K; zCF$x{CWK|uL+)W&fRW6SS_2tQRNzfOR*}fa1!0y5;~(`Q(G92*P@9h%s@R>9K8e%cVH}!M>U6gVx!dNAztC zic~o<s-f`OlbTDiT!k-_Mkz&ZaesYqLwVhp17BsRw@B5|_u7M=mkSax0>r^$=73+U4 zj_gfQ4M_j;@-w1=f5hiH%>VUAm|P7q2`;)m-ov6tu6&@0w3mPhPII?7$%uO~{B@TXC*Q z752#r<*_m+|Ib*B7=_{;o||iLo+K#tYmzCtGVDx=4d#i(F}bwH8&CH$-S-`c(P_}CSFPslMR8Ms@Y|JN71{mujcaHmYlUFY+-Fs-|RCc$6?PEsFd!2hs zcIh3prtOK6V0F_Z;mk>4ZZ@fJ&?ar1)@aLYHkmy36KPxjT#Crqbd#~Z8HrSvhspKE zj}^xeRI1-VZr?YoPN$`0lzSzCQf9vAJ!-VR&;6+U;F?9eIq_*K z-wz);oJP@I%MwksTcWBlX?X9xplZyEfZw+T-@hD$$;?f}(r1?aiR&x$3ygxL6;@Z> z&UojeW6;krXT&i?_MJa#hW6ZK{QlSc;ZEz_mk^76549a`1_W|!a#(Xe4(1QK*jIlq zemH`E6X12b(;N}X^Gn9PBM=z$|5P}sn{_+Bv!PrRhngzobp`OflT``D{9W0gjXzaj zG^t+4m#(e{a?k8ECN^kP617}=DY`5z2bXZlfKydv+z`6%aGwDGX1u6lJHMm9oi05d zRi4qc9ck_GyDcxr?n!NO{`Z*}NvZJ?=@VMdmwU(Z#_YObRM>$JDJ5dtg~Uaiw)I-p zue)I37;yp{YWq=Cb>dYu`$L~#QQXf8@sn%*xJR@~+Js$7XO{Muo+4*uJfxJtoLR!B z#py6zQ&CDqM4Z`OTIGRB4~KTa!1&K3opsOK68~6q%W?xX89y(zyKkAv$|z$Fb)QyR z6$ZKO z;Oum)ON#ibY&U|q@$dD!+KJ%bQvNFycC4r8D7nlv&d}UTT8!x9<=sD+k%71S`Sc56 zB*^s72V=jTNP_c|(((c_l9shzg~7odJ=69pNq;>^=U5ZQZV4V=zK0sE{);>F3XM58|D^u`Fqfc4 literal 0 HcmV?d00001 diff --git a/docs/part-07/README.md b/docs/part-07/README.md index 01308f63..31c096b0 100644 --- a/docs/part-07/README.md +++ b/docs/part-07/README.md @@ -52,8 +52,8 @@ Output: ```text{3} REPOSITORY TAG IMAGE ID CREATED SIZE -gcr.io/kuar-demo/kuard-amd64 blue 1db936caa6ac 2 months ago 23MB -harbor.mylabs.dev/my_project/kuard-amd64 blue 1db936caa6ac 2 months ago 23MB +gcr.io/kuar-demo/kuard-amd64 blue 1db936caa6ac 3 months ago 23MB +harbor.mylabs.dev/my_project/kuard-amd64 blue 1db936caa6ac 3 months ago 23MB ``` Push docker image to Harbor: @@ -97,6 +97,7 @@ export DOCKER_CONTENT_TRUST_SERVER=https://notary.${MY_DOMAIN} export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="mypassphrase123" export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="rootpassphrase123" docker push harbor.${MY_DOMAIN}/library/kuard-amd64:blue +unset DOCKER_CONTENT_TRUST ``` Output: @@ -158,7 +159,7 @@ while ! kubectl logs -n harbor-system ${CLAIR_POD} | grep "update finished"; do Output: ```json -{"Event":"update finished","Level":"info","Location":"updater.go:223","Time":"2019-06-25 06:52:08.402571"} +{"Event":"update finished","Level":"info","Location":"updater.go:223","Time":"2019-07-19 10:15:24.517724"} ``` See if "Vulnerability database" was successfully updated using API: @@ -171,27 +172,27 @@ Output: ```json { - "overall_last_update": 1561445528, + "overall_last_update": 1563531324, "details": [ { - "namespace": "oracle", - "last_update": 1561445528 + "namespace": "debian", + "last_update": 1563531324 }, { - "namespace": "centos", - "last_update": 1561445528 + "namespace": "alpine", + "last_update": 1563531324 }, { - "namespace": "alpine", - "last_update": 1561445528 + "namespace": "ubuntu", + "last_update": 1563531324 }, { - "namespace": "debian", - "last_update": 1561445528 + "namespace": "oracle", + "last_update": 1563531324 }, { - "namespace": "ubuntu", - "last_update": 1561445528 + "namespace": "centos", + "last_update": 1563531324 } ] } @@ -213,7 +214,6 @@ Stretch from Docker Hub. The image is is one year old: [https://hub.docker.com/_/nginx?tab=tags&page=5](https://hub.docker.com/_/nginx?tab=tags&page=5) ```bash -unset DOCKER_CONTENT_TRUST docker pull nginx:1.13.12 ``` @@ -244,9 +244,9 @@ Output: ```text{6} REPOSITORY TAG IMAGE ID CREATED SIZE -gcr.io/kuar-demo/kuard-amd64 blue 1db936caa6ac 2 months ago 23MB -harbor.mylabs.dev/library/kuard-amd64 blue 1db936caa6ac 2 months ago 23MB -harbor.mylabs.dev/my_project/kuard-amd64 blue 1db936caa6ac 2 months ago 23MB +gcr.io/kuar-demo/kuard-amd64 blue 1db936caa6ac 3 months ago 23MB +harbor.mylabs.dev/library/kuard-amd64 blue 1db936caa6ac 3 months ago 23MB +harbor.mylabs.dev/my_project/kuard-amd64 blue 1db936caa6ac 3 months ago 23MB nginx 1.13.12 ae513a47849c 14 months ago 109MB harbor.mylabs.dev/my_project/nginx 1.13.12 ae513a47849c 14 months ago 109MB ``` diff --git a/docs/part-08/README.md b/docs/part-08/README.md index ec8d256d..7f127454 100644 --- a/docs/part-08/README.md +++ b/docs/part-08/README.md @@ -89,11 +89,28 @@ for DOCKER_HUB_REPOSITORY in istio/examples-bookinfo-details-v1 istio/examples-b done ``` +Output: + +```text +Replicating (1): istio/examples-bookinfo-details-v1 +Replicating (2): istio/examples-bookinfo-ratings-v1 +Replicating (3): istio/examples-bookinfo-productpage-v1 +Replicating (4): istio/examples-bookinfo-reviews-v1 +Replicating (5): istio/examples-bookinfo-reviews-v2 +Replicating (6): istio/examples-bookinfo-reviews-v3 +``` + ![DockerHub Replication](./DockerHub_Replication.svg "DockerHub Replication") After a while all images used by "bookinfo" application should be replicated into `library` project and all should be automatically scanned. +![Harbor Project Repository list](./harbor_project_repository_list.png +"Harbor Project Repository list") + +![Harbor Project library image list](./harbor_project_library_examples-bookinfo-reviews-v3.png +"Harbor Project library image list") + ## Prevent vulnerable images from running Now there are two container images in the `library` repository: @@ -175,8 +192,8 @@ kubectl -n mytest get pods --selector=app=nginx Output: ```text -NAME READY STATUS RESTARTS AGE -nginx-74469d5d6f-ztc6w 0/1 ImagePullBackOff 0 13s +NAME READY STATUS RESTARTS AGE +nginx-d879bd8db-nmzc8 0/1 ImagePullBackOff 0 25s ``` The details of one of the pods looks like: @@ -189,18 +206,18 @@ kubectl -n mytest describe pod $POD_NAME Output: ```text{49} -Name: nginx-74469d5d6f-ztc6w +Name: nginx-d879bd8db-nmzc8 Namespace: mytest Priority: 0 PriorityClassName: -Node: ip-192-168-4-142.eu-central-1.compute.internal/192.168.4.142 -Start Time: Tue, 25 Jun 2019 10:31:30 +0200 +Node: ip-192-168-56-161.eu-central-1.compute.internal/192.168.56.161 +Start Time: Fri, 19 Jul 2019 12:52:21 +0200 Labels: app=nginx - pod-template-hash=74469d5d6f -Annotations: + pod-template-hash=d879bd8db +Annotations: kubernetes.io/psp: eks.privileged Status: Pending -IP: 192.168.17.1 -Controlled By: ReplicaSet/nginx-74469d5d6f +IP: 192.168.61.206 +Controlled By: ReplicaSet/nginx-d879bd8db Containers: nginx: Container ID: @@ -214,7 +231,7 @@ Containers: Restart Count: 0 Environment: Mounts: - /var/run/secrets/kubernetes.io/serviceaccount from default-token-86xhr (ro) + /var/run/secrets/kubernetes.io/serviceaccount from default-token-5lzmk (ro) Conditions: Type Status Initialized True @@ -222,23 +239,23 @@ Conditions: ContainersReady False PodScheduled True Volumes: - default-token-86xhr: + default-token-5lzmk: Type: Secret (a volume populated by a Secret) - SecretName: default-token-86xhr + SecretName: default-token-5lzmk Optional: false QoS Class: BestEffort Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: - Type Reason Age From Message - ---- ------ ---- ---- ------- - Normal Scheduled 20s default-scheduler Successfully assigned mytest/nginx-74469d5d6f-ztc6w to ip-192-168-4-142.eu-central-1.compute.internal - Normal BackOff 18s (x2 over 19s) kubelet, ip-192-168-4-142.eu-central-1.compute.internal Back-off pulling image "harbor.mylabs.dev/library/nginx:1.13.12" - Warning Failed 18s (x2 over 19s) kubelet, ip-192-168-4-142.eu-central-1.compute.internal Error: ImagePullBackOff - Normal Pulling 7s (x2 over 20s) kubelet, ip-192-168-4-142.eu-central-1.compute.internal pulling image "harbor.mylabs.dev/library/nginx:1.13.12" - Warning Failed 7s (x2 over 19s) kubelet, ip-192-168-4-142.eu-central-1.compute.internal Failed to pull image "harbor.mylabs.dev/library/nginx:1.13.12": rpc error: code = Unknown desc = Error response from daemon: unknown: The severity of vulnerability of the image: "high" is equal or higher than the threshold in project setting: "high". - Warning Failed 7s (x2 over 19s) kubelet, ip-192-168-4-142.eu-central-1.compute.internal Error: ErrImagePull + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal Scheduled 47s default-scheduler Successfully assigned mytest/nginx-d879bd8db-nmzc8 to ip-192-168-56-161.eu-central-1.compute.internal + Normal BackOff 16s (x3 over 45s) kubelet, ip-192-168-56-161.eu-central-1.compute.internal Back-off pulling image "harbor.mylabs.dev/library/nginx:1.13.12" + Warning Failed 16s (x3 over 45s) kubelet, ip-192-168-56-161.eu-central-1.compute.internal Error: ImagePullBackOff + Normal Pulling 2s (x3 over 46s) kubelet, ip-192-168-56-161.eu-central-1.compute.internal pulling image "harbor.mylabs.dev/library/nginx:1.13.12" + Warning Failed 2s (x3 over 46s) kubelet, ip-192-168-56-161.eu-central-1.compute.internal Failed to pull image "harbor.mylabs.dev/library/nginx:1.13.12": rpc error: code = Unknown desc = Error response from daemon: unknown: The severity of vulnerability of the image: "high" is equal or higher than the threshold in project setting: "high". + Warning Failed 2s (x3 over 46s) kubelet, ip-192-168-56-161.eu-central-1.compute.internal Error: ErrImagePull ``` You are not able to run docker images with "High" security issues. You can see @@ -297,7 +314,11 @@ curl -u "admin:admin" -X POST "https://harbor.${MY_DOMAIN}/api/projects/${PROJEC }" ``` -![Harbor - Project members](./harbor_project_members.png "Harbor - Project members") +![Harbor - Project add new member](./harbor_project_new_member.png +"Harbor - Project add new member") + +![Harbor - Project members](./harbor_project_members.png +"Harbor - Project members") Push the container image again: diff --git a/docs/part-08/harbor_project_library_examples-bookinfo-reviews-v3.png b/docs/part-08/harbor_project_library_examples-bookinfo-reviews-v3.png new file mode 100644 index 0000000000000000000000000000000000000000..d051c3f1049dc4e6e0789271c0d52835d9840c60 GIT binary patch literal 112572 zcma%jWmuG58!fK|NGbx-4oFK%rwmAUH_|Y4H>i}f(jC&>T_OU~-Q5h`9cQE8`+euf z`Ej00FUMh?XZGIrz1O|gy0-?%N{gU9#ea%`fPf|@DkP79@MsqS;XxnL1Mto_qwWpx z2eP%OnjHcH`mg)n|3uNE6CfbGLJ$)YP;^e*o^{ex7@tSnj}U-9@M%1YL}Pw|ORt%O z+V;#1WcbgY*Qp5tR49MnokfMJ{e87z zgxPgJas-5T?5*4T&l}Bqp$}(>dQdGwPRyl_dyk!$F8u=Ir=AK}$i0`ccb|e!{6fUL zAoA4SprNR1_%80LGXD4exmOjT>cJg-LSF49+TR{}Y)heO$JUm7Zr*Y4!MGDrL4HqU z>$m~^&uCI39Ntmocj|ianoj)O7l26$C!nv4kKMRmPhF;~(86FkW#|LG{~6mmO1DW_ zM|b}Iki9VW(Piq)BeN~}Ly3qZapu6TNth%Vk(7c~vVTZ!TvL^NpKTMPd)w)j46}9? z{{Qs|GcPKM?7^{~mq+k(NMOJud6d5uAD8ouuB2^MSGsE~LFm52E#qt1QW9Iibo<+A zvILnq6CJ5kGf3p)`}O%KJ=P~1-L1@h-gf-KOT|UpQEXMEUV0}eG@^3J`biR-g-LOy zRY(QP$Tvz$Ubm~p5U=VrYv;mO|K8sID)b))&W3?iGEk`x+cXFV&G^(0lU z+In%p1~@8`Pq$6K=ab7EJCv-HsNs@iRaEi~RI+fI3nbO#oBfTW)z?#>GX6$(OLu+- zSbbBP&2=7;Mt?ht`1C+>UV2My+1f)ZZoAB5&!Q^dsOy@FhAL&`I?VqBe8b?likPve zc>S&&J+*4<^+{{f<%y~!R0CzQmNCziP~yVS(#OBjR0HMF{iG2-vWrYZ)zBQqqVJ?4 zn-edFKjkCCEqGV^9?PZuvl~dQvOGLa*dS{0cH@``h0K&iT_fnvYJnRcl}pv$v9rmh zWD8i_xo)mCZE!?Q{(Qg_+WsqlrqWJeq~ev=MR)!IT;h(0fG9;6iD`U1j_X$#=F--O zi35x27pAKmW^TylbPw)YR9I$dmMbEE|#_S52&{ znQn_%@C!>mr>Lt6BiXR9G7hh^iW_F{krUMt%@0uRY{DEL?v7DByJ_q_sYHfctd9Cy z@<{%s-`o^;NM@6~IyU|F^@A5K%x#fGWbgGlOD~y~JrR7%efM_wdl&u%y$himE1yUE zWpnf{cY=~UWIjK=1#fz~cXDV#C`JTHHX=o}`7V zA9H(=f;84H%E0o&(Nuleeeo5UN(v80tmtJ5R}NrNGH&w!+AoYX_{``+`@Rix|}kjt+;9I&+2Vj#B5pRBB!+}$<@n0 zXG6J&?&D>TZ!D3{K#3Y6);H;KkqnVp_8z=xnzEz#JuOE;7DJp_l#J7GvC=EwWWD)e zevY>wdawDb`hJ#>p@m^yhX$`lk4nAFdW=#hmW9-Da{%GNWGGgf5-T0y)t#_ewnrJ` zK-!Wj^mizVlg`VI=TLhVPL(nD)by5vs<$L7@DJSj7sn@8IUHcZd+A?)AQJF*&XhX0 zx-HTezdfyb>%{Wb{D|PQrKPKE@lV^^Dess_@HA0(n%z&e1gD zGuL=c=qS?J+i;nl$po=0!yj@*Z>&bQkCoK-y2OL(5r$9XFDsnAlz9a~-2i^!*2 zuXo3?kSBfJihmU*<6MuuO4-S)TegVB&dY97qQC2C)-Lk{ab1mZx_-e}{5h`4(Iv#T z6$6s-J!?!-rapo;LPJ@J8q?uWOl(VVGP&Qoe+bsn8ho9FHvyCMphJUxi7AW=^Ik0q za^if$x=El+{=#KCP6opjr$rfMtEfF2lroy`0MA56g9C0Zd_w4#piGKMS|@pUsL>PtCW4{)(IRoG zDG&Hu;6vO^Y~k-`cBN`OE~*Ta`S{6jLayIxn3$ppnM z3;pD*w7MqlI3;Za^~vmT`$*S2|4su%l>5qPE1n-un=yR6tE)twBhkkoCrLQneIl%9 z6m#A3@P1Puqe~Q~Y6j$6nV73DT&9l$XyC324`W8*s`{bgucKj{*I^c4l-nmy*f+_EKJPx$ zX`E5P7Fo$MlF7DI{#2t64}alyCsOXJXhuQOJ@%UnYfqIhR9V-Hog4b4JX4MqL+)4V z@W|aX_9uZm8Ge|Z$4=r<-fsuDJRb)#ch^K!=JIuaej^9vV9*P%cDxs#u;_HwdM!EXv*M+&vB&d74X zIN^fS#_loH?zp1nZ1_k!mM*_Wv%1r+Mmsc`kZsFV&nPKlPF1A4d#pf?rki1JfrR5e zB~1`Duo^!fZYG9{W0+w;`WSl@J?n{BZJU&x zGV*&v_tjPDo|8&`bdvM_opW7n>3BkASGl&(AgA|Bu27^T>4brPvyTaM5iK=Qkx}6~ zTm!9^J886m{tT!n4RMhUl$;_#t;w7PG5Jx*I*LyGbaxX;k93oKFn=1Bu7&Q75BD{Q ztGa=ZxaHOoIe1LbK@8Ud_G`#gqbHEQDM){Y-1~WBkx^b$*k66U>9((C{ zQDMv`(S?vcbc^3ITaQxOt9wDq|GFXU3W2>o9~m#*J&7C*jdGWQuaCyvN!1F>y`gNA zZe8zbS3WXCN0LxonQq3Fo&wzP&gp9SEd2A0X3b_nJvC=N{j9>p>+gaUT#>8;X>46) zQ*R?;L%z*jmwbwPnog2V!mr_%T~{TY>%zv_yrM>BHkhnD`Tm(8&U;i-Nb3b6^*Tw0 z?6hfi*OQt_X_8Hb6zZUl}OkA}?k2&%=sLTEB zyx1dRNRYTTY*3)X*S*+yit4J9;vh1DLj$pDnsHxmwrzrwDaJ>;R8z7c5uJzK`6Naw z3f@0NF1R`}*EI+>RbQHr)F!<{8XRA8or;H>+HCzg$$e}{-G9}Xuw~{p8E>Q7b8YLX zsjlszKYc4ZswT-!i}jY5IHHBB_}QF9Z$7pJ5~K+|`hgr#h_D^Y+nO7egiGHgo6#FW zItNzH2j9+Zly!C6%I6peqvOHQ0_bIEA`D{`e;H%T@BJK-?U)i}Z!DP^ZfD7^5MRCf zLlKi&`&64#KQow`@Yr$-$OKJ~xB1m|lllaoI(_T>4R`Brx47U|*9wp+e*Ogs;v2D6o8eS;3_#Jy?HSA8me1z%Fwh)A^xDoZD&Jj!+!<&vqZVI!w+)PLI=lfEd#8`?84*c2(AywxS(*NC@*MQQJjbaSy?C zPzFDipR9`Hj?i-}crS_HW{Q|r>IHBGiKP!-6TTrfTmhAH?Q+T^u`qpk7-+oF*x)qn zP=KG5`dD%HVB@K!)_d5y$4d$$L3l#zBH|VS8QfI2H+lkuNRffrca{BX0iLi{WzN0` z(j2TK4s)7Fy1a#H{H@%cD(6GSHW!n-hUZQfHuw-B&G~)fV~;rSC{DbDDwx=ce% z&F8C^Wg7!N|L>34xg%`a^8+;(BfXb??c3qv#wh8@j%$Hw<}iUtUw`TpnU`hT#YgsB zJLO*>xWri%ZYQZ@er1Pzb>Xg~JJP6J_bTDyVnf*&g$ybxR{62*`s{@oIW|G4)~xk5 z4XZs{L74x^QBIVeet~iNzG0>ui3GuFjMBW=MSpy?q%V3q5Bk+m*O`8@kx0Ru5^Yg6 z(^vut*Smuj!C^|;!)C79nIRfM3&50oKS@iQD&2UgSW7d|43DnBO4OjGLWZ9P61T&j za%0^@A2DvQfLgvyp^u=aVC!~PV#~-%Rj{%iqk^k4D!Z5%QLC%2>*6Rz4#`N9dw#^? z<|Bha6IqBk(zPxo4b;-A0Xc@@QCI$om*Sk`+JTy{BJwJ0SK(O^vt&9+ zPf<{BTej7F6KqLg$f@yC2?>@98;@v@UD4V3O?_|I9TezQMD1wN%4~2+2eUB9$@?h4j;e%aD8U z^U56T%E?k@Svnaq%hMG^oTX-5PTNj&EoPKRzbO`Wk)m_B!A`1ADQN#78*?nI*Is+o zxzmVHh;E2NdjaIG59V7B?A9Pq+jsbQog}?7f00!$S@HM6;^XkSxV^f+2@srU>okjY_hGg`4LafHjbZ1v@U1pnBPkeAr70XC~R4=*DO0=>%-XOP(Mwoh}_`ORc-v{!P5jDzOMv3d(mIDChR-6!(lC;wv$=VVQJBk zxCII4ZnsCErm5=v7+$a$B}!o+e~+Y_&!i^l2eL&cXv@O5Z#ho_A3x8B6n$&HxngM@ z4bFlur4!^v#uULKr!xP_V=h^THadqDek3VIP1XH|Mnw{D8~)D1S`~2K-jE7bg3KZD zG*Jq&&3-|(OkxIRJZd>rl7gIYD+>cDB&Lxu#l%$&3NjZ%CE+P`MJf$#G9kiy6Rp@g zaY+0EnlM`FaLKdkBD3O5c#^k%5FS#xJIphR5+8ZsOE<&R#cM{8{w#N!KPW&vp@1%r zioDr=k)*?IDh{!3I&Krzmbrf9>%b;8mEzyX|e zLTU3B2=-a#h&L&%I23~oGvwojDq$@s#UHy+?|~E5RWSY7a7lIOQkJbe=krrTix4ID z_*_k$Z1{TNYc4)IF20ZgO5J~m?+exA3)OynF6ZJ5$?3e>HY_}Iz9I-(Orm(D+ zTd>DhwZH54t|k%yacQiEzk;l6-xzR(@VOcMVCe7YDvJ$%tov!?_40u7D0Gm&n%L_F z{`pSIx?)k~vVrBx=L@&+s%09Cm`+g}B`F)F-t?XaI*2G31jC@(;6cL5pGK~EN5jw$NT$tKXqZopo#EQJXqXA)IhHv%uw}V{?ytxdSZehq6M*}Uh)$iZCQy7Jm12p zqQqH8CcSyLSNW;v?i%>qs%i2C(w`lgt897s-SczpT%Z^hdELIQW7TiMY**hl;KR(i z4DO`QVX1|>mZ?$(E2i23g{8N(SJVt%r#}PnwWNyltR`^jqvYoYoY~3OEyep9m~Jk9 z)o zp740nmaIB;rp`&Agtv@>IjwIXqZj4EuRXnv(vnapK(>U=xshzs0z zRs6z%wU(8XY1BfMB4RX9saT#iqO)2n}X{#)h0s z`ZIkZx{FjZ1zzn;;QidYalCudl1N}}a4x5iC*KokD1m@|jEU5e&rIt(bgDQmVPYK{ zT^b+jeYvTlq#*+6^h)@;2fstj=1(p$XOghbhcJsGu9!mM*+SOL^cJQCQ<^N6qyg0; z9Nr9PF{~ z`k-U?FsZ(ClAC^}ldg~^7iR#@@{kTqLXb#Cqdcqwt&bu9@-3G%A2%v_c12hB*c&cB ztv9AG;p^sk9e_`XB5~fmA|IIbJpKJ~xKwNke^c(EN1a4<)0lr*zaIt2KCME@=XQ~M zQH?u2{7=zQ;m(hA-z?ur8S^NtH{ zKy_^@VY%KmnX)WL*$=mjeQ)SIn;Y&N9pY%rNfgWGjwkrCMG#>d zbWur)<`C`2C80_wr_an|A(@bm!HQnhl*ZJYSX`L4t7l3WG4szBO{am+y(!S$%}|^* z_$47q3kzO!yp zd+-Yl`kRU$mn$SOP>R&22LsQVoAXNA7Tv$_w3Qp;6mIuo{GD9It2eUL@0(P!#OoPm z6P}HjwH6FqwzvOETxzW*zT#HT>!FV7lAd?tYM*xi?TkvjPQYag)#%FXP|s{U-M-9^ z`W)}w){>rEH8*S8C|RnF7G}I5KJ#38m(upF)k&w$X|bi5*ZD3uG~wAwv#YvwQpRG} zaz(+CaX->i+VlAvJ93%4^vYYZxzkge}DC`^`Z#!K(Baxp5=1=u; zf4MlGdGN6#eK7upZiEebGjF;4k`)K35N@^3EbHI51d+tcpI^vdgO)#B3Czh7B z+-eXaO$Bz6^xM(lD&~>F(Ur9rrPWB~POsmDl4yJ>FORo!6KqWH__haRjce8M6EYTNiNR*f3-pk~t(9S5jK!E~0wlAhkK6=iwlDA|>*57d|eKu?s%rr&7N z^GJF$y$oBiQU27`=4>lYLt>0gMc;0>ESANi@wIw6sssL+t2Cw%FQO&2Nc(GyK1^55 zuAlo}5OW1SNvMRW?=Khpv{>I`#5*Q2@+$y}w&XJdh9R&4_=(s}7OR%!bInhGBe2s( z^gAWXb8ZyOzC`8n7LH(H@q1DOJTfmWrN&2FThza&O+iYy(RU<;NVw{*eQTmu@IT+J zu|8XBMc+ufafMk>Ng#>MpR%&n1HPU+T%aWGhUmhfN&wdmk-^wnX5u$bt^Bsz7vvN+ z7s@}@ZaJ_X-ON9ejR?s|{XXTsImAYUqP2wWTSjMB#dv9d{WV2K(=AeNpfelDAcT*n zHdQQ_wm%1G!-h|_YxgXSafYTn;5zGmXWIhV-|WsJVuV9DY`GzP`3r>teBL~S$|Mc1 zb&L;IL2JOoB(mKYn~g;r_+%7_rBy;*f3c>7sMSsBfD-6p!9te%6x(r)UPRF$5kzXMjx~CEgE=A0 zsT#WLihE8@Xj|UQnltcIlN6(?2e4ablt9y>>+&fs1j2iJ0y*po}VPPz2L9jhP z9>2lKJnpJn>!q_h7VFZ+&N&h8ZqMC~s47X=V_k0m0^dWl2f7Z^pIpk?yn(EAkPUv( zU-ShEwJET+<$fs_Msu+xfJD72&c`S~btt@Vn%Nur@N`o1VV$wmXFM;LV-ul?kW=_t z#mpa;KbK|HW|@svSmuMt`h@o+tQg#Y3<1W3T##4uHHT7DOneOoP>Yfj(=G?QG95*5 z6WbT#3Z?=i#tHdm>$yyLKA4|G%{h0b@8-vE?jq>TqyF^&oCS~VNg^T~!2$IHHRH?gUfu^?FX!f+sb_b8lEROo$BL%4ujphLBN?ArO08FWoT~>JNnFNBaAV|yZ zJ1!mC_UC1@FaO(lCc^BJM|HtRX+>;&%kx822PC^?7ufAt*ot){yh+Y@Nw5iI-Bg@zgYfn zY?LhcX#cN)>N@^AlLaY=+pghLz^5w$0|P_zuzuuc<>pR~-m_|eNRHw1_yj2wlvkIR zO_FjZe|IFpM-^#`2(iqe%gamGfR$B=R@MKU0dZb6V2-OOE!8G{79hl+gAY~PcrZFT zdU0`a7(-4@ZfIzzrAqSW$cn|8gIP^qU*E&yrW@B+7KaNvr5^(sIgZEWa3og&G{Y}0^xK2g8k`TlJR_^CgZ+8- zexSpz(r2sn#EtX(ITT5t^>6xAV1p%k z%|jd(XaxFYEN<852MY@y0)#&Q2QyNoFuS1Z-$cswN}cB#TohR(D!WMI|DGZl6Qn{( z3Jf&z_V%u~O699_AYH>9Sf78U*JTO-(GfORfEaBfh@mR3?xQDErp z?d?zEri>D=uTuUq-hmJ>L;BRh`-{%Y)WBfGH|mf7|IrdrBID0Tz^R`9=C3vx2oZ=U z-THse0Tq99*cxkVZ?8&3{9nSwo+AIfSDOKvR#H)+xJoZ5DERr`ZJ^EWk3quceqPe0 zg@{i0>fe2|;DGhw#me5^JoL%G*}m_}^!Dx1>8T~;VV1|=jq%a)N#WlOjavjW`tbf{ho!R`M$kg3TMU2plW(R`I^i)o_|ANB`DNaU#hJ9Jj^ z=K)m~(~dWnCm%n4oGdpsGcl2c|M$lZk;%!o!!rCzii$n)th7{AqBgkyo}Y4V{B2MM zBD6DI-QUw=-W$(~gM%ZE_rDqW^sigZHC!yV`nUR_C9qk<$H%J=^ZfVOtcRVHDT*p8 zTU%Qaufq#9s%dt>yy*WIA#AYr;DU;JdV1RZ-z&A+6~)jaxaZ^gH&_Vvul}9xKrf?% zgF}5CIzpk6j?VnQsGzddios9FZaI@G;JvxE1!B0dvXW6)D1}t(d2`v~jp%iIVf#b@q;ycz)z|NVKa^ppZWHiYc z{V*(gT82_FX4+fo)fU4;k5hnNW_APb%ZQ%d%;6@0*^4TvAWmYGj9H4vF+{3S$J-p6 z9tS7;e4W=r$vR_^Gp;%fn3##6PER@(;f6N{2HuDH2f^dCH}A@WSyd10ZgO|d^%iSx zkX7an*oO6*_kW1(3NLG-PT3cgn_>%^J7{2aX-gLOmH$Hd3X7OHWx=T66 z&L|MK@@Bg6x|3MA5W~=m5dOm`l@jTGF&k9X)YM=wnv{M@pBFD)>^t*7MNLg}c^*R5 zJ}MtDj_to4cU62XN{4&nS^Ps*aK}=+cNIPt!aNy+`xu~ zMIW0TV?ELpt2SNxqI$&HB8t-cu03lSIm4uoE;uRn_9)5UJW1*>x@G)%D+y~G%qZI^ z*lZ2Rtna9O9W&a;8AlrN4EnoaZf#i$4H+VjcR^WdaOF+vWjBY|*rTmF+R+A8pgT?b zH8ihx1kBF}X$_u%tT1vwOX~TIIEu%2) zcD8E~{|^XVzL2rEXPfTDscXM9h`BZ;p})CBQt}$m1INWJ#|~Dk zo=iH&nLLM9%`#ly8ui6|8WX47OzrsI_BS7rc(CJ+xMUA zdUz{VkryopMIr_XkonZ$+a@GC6-2bG;|?ze`7Y8wQEWKN5Xwnw-!RRa)Fh-WhFLmj z@zd_KM$CX5xLOJ#dGSGT_}_Rh|CoZ6X#>NFoR z(zR1V`f4i<8R(79V_}6aVf8e>i%NvAkCLuO$L)+R;{A>pWoZPoNBikB-oouM^wGfi z3gNZ$gyt=?sik`JDrFWZnU6cR$xTrh{9vW*tH;4SY8l+H#mvxj#KFY1aDyeDBFJUY z!YXr^I*IC6t%Y~U{TLVS&`MQ%jG8}8;T|tNG~vgRimnbA+uWKQ>DJj@Gb?*p^wgUt z+bzM}g<4_e6}eA_$`{L3Wi062(c7yHN&Kku8dX(o4H+a|rj4JM#%RegZ)pfJ%dBx* zQ$#qEWr|auOI1$fdvD(o?u9GTXr5dLOVJUSyHQkLOB1JH9#+M4`o%VU#%F?L2+ugP zz$d9(Y`l-_6FB=1b$Zd^X~l~9u{^h>*{c8_44G|dGG}DHS-Z!#y|vfI?eehu+w=w= zhqsSuB4!4y8Gb*wDKy5eiPct9C9}K`y5FMv!Y+G_XO6owaVaVD&}7G|E@}Q3DN5Ag z%@w1oyI-uWbmT0QG&KRoSx!xTrQVIEfsmx9VG;(Sa6IXnB1~4~H{*?UcjRAE61I9) zmiS`_Llw1-BH=(Ol@+oAMiC-EnM#B)DH+cfQ_1#QIwhZNa&{vrT_%hoiYRtL`Aq@F zB zcK=Co%H&347}*ReE=Gmv1sByM(QerW)b+<0$CD7F^zO&i<_GpJk(ViN0vCK@o(j>^&o$%uvx+-8ksn^HwQ!Yx5av^VOgFRt1!*P-kbZlrae_4A7V4LJPOgKD=(Hi99a0!&y>( zettU~gsH4^x0Gw>PM~JI=x!iYf4IE_)w-swdD?=XhK3lrl#;@UN>TX&mIG25Se+` zEug`qfRB*G-Ji&L1Q=UfY%Ew-VjgEkF0Q(&sxk2BsS49WDt0C&o4ebaxVShTVylS~ zT_6j*t`9oef^d-`M{B)yHa2Q?_NKbJi(`cv3i9&y_V(`X?qKeKRwd+f-tQW4hOVin zrw0X>ex}C88*>Q`7bCBtj5HiD#WlXfg3@P14I?4j4p`{`TYV54yPv|u!rWZ5+$iMJ zr%#oY4lXViF*=@V8XD8}PFAI=?iYuv*)l0b>Xm`5i&W7iro&lanv>Jh+}zw99UTlB zRpx*_PEAc=5c8r-Il$Do*;B2n1ukY+6fw?3n^O;XD<`FrA08dU%{`1d2 ztgNiK4BDuus6zj78TPqyii?{8=?8%YjE)6(n`i`V;4Z8PV}-aX&PX~O(QxrcBaZgM zk3%piZYCvv7751-#}_C^D<~+~?Jo#Gzce_N3XviMImf8`0J2g&@40+*k>Yjh(x1$W z3;}{>s?qHXl>Ck`5(WkcCFMF;!-r2$zXS(^rczWComSoPQd`h+d&qRDzQ3PedmuI~ zkXS&}tEt6-IQaUu0lF|eJPb&0ZfRLAQ6zLXBLlh1K~*MA@O0tZLC z#u~!KrB3x?YI?dq?rpYCvnSX=fi6>oUD~2_Zt64{>U#dv6&>25wEgQr^M`B}7yCXw zkJ>s@P|?sjLWv|ShD|EIe#L}w^YP8~^@RrNBSTtRS`aaaB}GMLQ4K-xks#y6;ITJ# zJWRa2jRge-H8sva?zXqLE0*?39kRHe?}Lo)N#>oNo^}KB#nRHUu<`z%hk$Dz)|0}Y z(x!K^HEsp&>FtdiS(6=84YK&&rkvOmE6)&BX%we|hK80$W6m}WvU4Oy4j&(XgdQXs z+tuVp4g4Mc{6})r;wYW+4E|^Y6k*QD5OsC+LN5k|EXjkz!#bCvwb^7rnz6Al zWxgE+6dqn)2CX_k`$a;sc^x(*MPGkk(~P!rbfoYxFffozU<13Wugxku0@z(3 z`N=pqCVu@AqKLr8#*T}R4__ZF79vd(7nP8(b8tA>-;d>T*zAdWyEoSuB#V>E3ABG` zXlQhFw3wKfJy&CX{{4AWggdLph=|RMGG==sC}zK?4S#N^HLlzxM?Xb5cj(P**6bA% z67s34I>q3>F41lEt27(movk0AnQ;dT7U>e2%jVkK}sJQeiAS5K@;NT!DE6b|+hOP2LSWL_~*mxj@ zRqlUJS{WOQAmM==X>RtCmX_AlO)Dze?I7_gNKePY!iq>pARr{cg`Ou z1iOuboP4&~ONa01lmPk$=MGFulm1?SYiZ#+D+qz5!p0_l{kp+`QwP+*!_{uM{Us=x zL4kpKdU{+LuElBWr-q>2nhskw${#ATbnq_6U-LW0r}~|oew>!gXc?r8^K<8PAlWA;Dk|JaE_#k8d7Cs zp?G&Roq{+M3yWrrweE1@$;pWi<`ZuLq_ko9az~g-B8qrlZ?6SdZ1Dg96e;e90oR5A zxUf4WA2i4UGzEq4=c08E{gzc|^WANIMTPxXftqT`Q?6c6x1K+L-X215#_TJaIRt9n z#Pl@3^Zq+6t;W*Q()7GDd{=$1)Rpk?@HvmO*@+2NoS;>3t*rrv@EI;HE*4ffNL`Ra zX!tBS`CCA0T97>t=u6~WUR=}#YhRIHnO1-owqupncq|{!lUZCDnv0WwIi%_8pI=l2 z92aXzNmT#V!C{4Dr>CiQ!Nk0E`S}Bn*{tRyk-qUie7Nxlq$s!;)I{avzKOnmiiDJU zc_JGoa7W_y)+?0?Bm*cSSV)f~qTj@EI~85?ed=HLI-7Oc8Y@IWK?w>9DzC2In{s`C z@J__E6}6q4jAtrxZZR)E-)g3&#ejJp%hY`WTNzS+xbAXNY?O&w9LqBv3u z!XA6eYIh7Cs<6F%MM_GF9#>e0Mw2^dP@6ii3Gd5{<;;W<>m!7Zp`%H+PSs^)Qvk1` z=``*I;;6$X_L$7f%prrR`((+Ij9c2+_`Q6fsikGy8y^)LJHe8$G{f`Y(*h`)$f&3+ z?Cdhq($VW+n*QiS@yv#S<>lo7Q~=W{F5UwhL9vg)5C#*UZ3Kp=en+UUj}M5J)pS(| z=5u1=KE2YVr6qM|1&_<)McZ0mUtgLtd8slI_kDq3E#TRm?aqRgDhD_>ICyY;oXBc6 z2F%XLGHe_ibyd~agoJ#a_W}Z+K*^1ZQv)ybTw$ z6tU3huJy#d!J%bfU;v~8%$1Fe4HR-PP+H}JoZQ^BL!?KaNj%S6#>Z8F+tt-Y!^~V} z%G>Ehc>r6@p8Tw=O;Ri9j}G85AwC|YEGTp$!otK{_FwRo2GK!*2jv?H35gMua#mI} zRMeR&3yp592jmnKeF^OSqoYcoZp+9N114)WUgWVDX|&##6cij>QB}2OTMNJeRJ(g+ z4*XUH3ty=2hYzoU+NMf$A4VOHX#i$Y@clcfOEL!E`NuXr5TAgyC8-3q$B!OuY;7gP z#y)!dcxS#@C-(4%oj6%{N) zj?LGH00+4ow_ieDv$LOV6*r$A9GG6B=0xcPgOn(n+{S^)YiO8#`0&Bhl=?2bV*jB7 zV1!~36ek;l-W|)FoSeS?{waJO>Nd0W4GlbO39~c7-@x?-XA3~HloP-V|293~#Yr%g z=HzTd$ne?N*)1P91J(<+pH`WH*j6#j#f3Ah!_MA5gIGAn{%B1KCy3Q%NoaFbgv28< zF|pu9M;E}+1kA%j!Qy`q7ET6}fG!`O8OoFZuBY?OrGt~x8Srcw<9f8}9WTz$D+ZAE zK_bsJy7i~LJg&#TdwWARMc9q|2%*0La*t^eEiErEFD^idM$h=J)vRU{YXGW0e#s669*S1ZtnV4e~h!e`8&V}O?S&GmWR#HP9Q$O zBn4&p{rmT`jc(OWdvnj8Jv%);HSS9c2n;;j-#6*Fagvvp2O;IVyS4+7fQ?XDS?!&l zpL5!+9dC^@@bfpDdd5js*{+I{kfZ?YwXU7{`t|FNA3r{S{tRe)eSJMB)%iRqDg7xd zrb82@`e7vemd3`o&z>#9;doeBM}6FTs4p2`fdNKU7Ut&@fL?;6WKTG`#9DvKyzScI z;o-dl3PgZ8n_EvTQ={ui9T?}dRWlJDUM|OrvEgAm5P=8^aHfQVi>uE$^r_{lbTW@v zZ=tN59FzUV07!-b_;GInyPJzkqvX--!E#4qLqpTuts8v|xAnriHm$-tJwSv+C?ak^ za8WMla)XzMlq4J&26vJq6V z<=x#|cy>yatP&?^%z$!cWNfUku4D?}-{Huc?0N6|B z_e#dJ1*idDgZwxK^SWF6`j0(HxU{i_g@u(>ajc%X`AoV9M%xRRdVF!yWni10#Y~MH z)r&5tBo3ROzkh$hEHfRZXcGiN>>W}Zr(G7vp_CLINlD3J1)y!VK?((CioFg8&Np!F z`T6+)?!*=WAcw;_J+GYs6}h=O3lbu|pf6S3URn9IXdM_7q|_t=d$bLvp}2dqnO}?q zxled;P!-02(i|I`Yw~c@(n{jtWoM6x53tyosucHsqgwJ2v&?*wx$PI&S<#q>Er=vk zhM{3$cPkMx@(K#rSSU}Q=Cq}NdFI9PIczFIzce-7uBUj>V+7fyNaCaDc;KU0q!|UN;WE zze2$1!pG8@)B%Ant*Y7u;zCdF`_d?A4d6q5&CNBHmC3_@RL{8vVSYch0Q-El%7P%Q zL!a@b*WFF^(EZa!6IHPD!{H1tG3aK;uQl~Xb_w3P0PI6nvFt`A;q?`=1BbK;S;LI`3yqu$tY!#6(vW;$Jebn zz;Xl*#?Jr&@($@@w|*~v7qmdZ1_ZDf=rn5k;M0$ZiP+Y~7ueX;SwU@jUS3}GG5O3$ zxIt}zeyrNoihs(Hr8+)3(r1nvFVaevFVaq2hy(2Y@Ba(X*k!=X%gdWkuV6((O)Um= z766~X07WW-XV20i)u>)@ad8cqumAyieeIsvXf{>=@o@)D&A@=2bCv|ZvYi?}kWUbw zjEszm>r=|Je1lU=u)9-=>Fvk248WA7j^-QPV(u}j zD0bo)F%bWE>hbk^ORzD0z5)prMLUFY@|1a^?Qsy{$z( z@-ASFn504sBsbi?t}CSyaE@otv0|P1pNkJZy#jq|kV#-@Ech0k;p7ZD<#%^6Y6Xd*iw%BS;Nr<$}SBpt#MCmnyq%CHzEcO5X!>BG`)D9fSgQBOuP@m0X%?( zH&8hJ=6pE}NO+KWN|GuH3e)Ar82+tsTn;esrjpVqs4BgBrKh{I-A2`pQ+94{R}ewJ zU+wK|TIAvQDB1SypjdYslmTA?;CE&tXke!fngF1%a*cL$j}M%(@yIC+1>J1A7t^lt zx%R+Ip();sXEg&l*lBwL^5SW3B+yb;O&7vICEhQ6%pQeLO-+sYOwG6cbq4JQ)nwkUS$AVq<2(-BBBwr{Q$WJ2MoS{pBXzp9+s)qERz5J z=~D~v@VdLYZin}Bz?|ux2eolKZi7a#d0kA$^3BD13Miq2-``sh6`AYm4%+*24iz!9 zZ%>xvp|%6MAHSCU9J_v;O-V`V1W-S8VxAhf4&rKh7@w`ZePqnu!otGZ8nB}|+tT`; z2dsbt1Hg_1c=Fl@c#=Y;KEQ1GdUr~{`-9;K$iz%}`037c!tPX+MFJ?GCol7aom{#(gt+Et8lvHmUeaunHvE>`(S2vw#G*!C3);j zu>t}H_z`tpL|pOqf*-%<~5K6=yY4oh#^#lfL zoT4HKkAlkw023V{1i1M4Q$VN^5ha222OOvQBn;TMsTwA&dOQdN4`gKe*Bs#+8yp-Q z8QIyinbjo?Y2c(Au$X|FTahw;0jz_{b*fA(=o>mZwKvLkk3r>e0`&Jjh68DWs{wF0 z9BeQGZpVTpcL`gk-I-daJ#8RdhLPofcc}VijD6mHcm|GiU$=pNk{SlFb_a6>qTv}7 zfGluV(hm0{BO}k|-1gRb6U5;o=IuhG*s`_4F~H@ut4D&o!I4-Mss}h9MKeFP_15$H z9PDf(V26OBi;j*SK`E29wkF3#!^^9+syGB{U=}?%k0yhZ_FeNrqsD2E7?QF2<%@JS z;*%%4ljZA!=^`NEQ$xQGn$VG~f^#c|h9`i40Y5W~q~(66bTc%g;xXTo2n%(c!rDE~ zDEe=r>Iz7#*=JuNg6e&22EV_8O$CmPguZ0@{FhI?39nu{+l~p`s2tbuOfWmezz$*cECo?m14*DoaX`qNXTn-I@28~+$ z{f!L32(b4?60|B|N|u)NqmfdN8$puE!6AtX8&Ol&BT}R0F>H=G{d7-p8z>TdxI5WaQUAj6dhfs!5U1GipSXE=Q(d zL8_H~c|?w~gJVjSC#8Iamo*|9m6neY)hS77a(*kbb!kIC`a~UEEqf;D5F`B`>fSso z=XHJmZ!J@%WJ)xUAxQ%fiONc*q(T~`B8euEOqDW3GG%B$k|a$kNhPUFA!!sc6%s`e z4JhgNdS~r@{64?o_#WRszt6Fcwb!=u^gQ?bzOU=N&hxykTXf&dhW6I+FJEr>obi3H zms{b_)9l>b!vmBDYOBvW^e}o~?%PY3E~)1HDy^*SxV5J@B~^k8Qb?TOU3j|oNw@T& zU~nG$^XJQQyM`*~l;^>&Y@sqfkdm@--aK&PEQ5s$$B!SsV8H^M8e75NP@GqsudYgY z<}&C;ZfOK=)E#U_L8cy4uciW?P@*lc-Ygy-psMvwii}Qmj9G0%FtMein!yDb#nJnZ=FoE0?m$SoWho(j{5Kilg)oob3pSiE?8Iq9UnezzWchB_knVX zoO7rZ7f;Y(+xlfmTh*sq>F|U)et*x2%}xsUZgns?QCWclAq1T~QLZT<%L$Qaf4aH{5%zkJ|Yb(LQ~y zT)I@AI9ss%=bVlZKh*K;&HNNo~nV9PJ}&6^Vw66%*%-6fWW1qL?Z7D=?p`3*kU z-!3w4acmPC7A8f1Ro&;W`^_4ce)JR9jV$TjPxd;1mLkN*r$g||94fDWI_GDej@JI_ z_7^?+4$~8LaCvXO-$e1y!Gm_m=6pxj4%4AShmwimd<#CGgQw{`RP7y4Q79!f-D`&X z{3_WzEaBmC21d@`H5wYI&xW zTDQ9xpSCfRKQ5!O{>Gg<=PmBMkS#MBp!{OzUm`PS$L4t+_^Zjg-uZD|fBw=L?d{h} z)8X1n%gg629QI7sB+|l3MmzSVYuJqy6SRN6I}Rf%r=;Zku`HIbXE#AopTMfFUjHi7 zY}TyE)a-jGf-@jpe112E>-_!^Icv3O@7^zvg?xJs1Y^z-&DcE&Yd5vt!ZBH?VsV0maCZk zUT~A@<4S63KN-y{UO(NoEpeHIetkbb-?O9rdu;MO-y?W7sRlqXn*c@$tDRe`Lu~BS zEb^sOOzcNFt`}CVd*5MA&(?(VtWu?e+FQ-d&AWE(`tsVQ@oH+{h~tZ|8E)R(f~c*m zr1V^Nz)SD2?1?eicRJd?_zc(ac3!n=BS46K5iApG>G2_Ki#EkH0AhP{!1C_nsI+ z6e3s(SeN?Y+_`gVlO~xZEPJf>y$xK^t5>f%0kW^2d&h)teQuc6LqtTeEA~yRDhQ}D z$wGT*MbjkAZ*G?P1703WO;vY@%33h;D7=yTwIhPIg5Hl#hq$0>lMN=-`+3!3HVUz# zii)rU-hMZm4O=*TqU{|Fx9_xMLt{aO9%B_B{?+hZ15gX?Mh+X66L&^d^rU%Rz)aQ8R z+i+fRnmVv}j`DW1S>=%QDkvWrP4^h2J9t6%ri^BR88wnlY(l_S>^(@Q@)(4qb7ZwYSeiH8o8V2ccB5&)s)<$3tDLmoLBgLvQ@Y zm+c0k7FX6T!e794A~r`~xbWng*%VR=oCRcLn{uPuB6!P_r%%s-a!z}3gyXpfJA2JA z5r1Hkr<#7y?DRO&(Qc^$*bmqsi$wuy1w5m=afub z_=yveFf1I21tBW)qZa>s(5+iHll{*Ri}m|m6B$5`;^2n{2g}=-TU%@6zXi2J#wS{& z%-PV+vatyoG1jpB=NGpvj``~`+b{_OeU6V$%DTra?S@U8tjO7?r)?Y*c@w~dGmpfuEj5#Ejz&j+pa_LK+}mfUTT7iq?x}$N`-fqxpo+=<^({Y9 zCiGQFkGX{9XG=chDW?hEFXgjEG+2nxRaq`~AsR{{ws0vXCF?J_V7nZFRErppQxO(sr6)4 z)T?JW=&6}_LYDGYf0&2>b0vYs_44KU#SUN&H@9#2 zj19xJUp+S&UZ1@6>)Sv4aoMd~x*HVdWpM5(Ia+`I%$qw~akaCvw2X`vavTEb%eloJu8d2A2Z{HZbWf@ z{wI8P2$}Wc8YowN*aDc#p;VQvuV0-twoOs!bvX3y*X!N=AbYfC%%H;LXqA?ho-lY% z{JJ({%+k5Tr3G5%ns>X$vSrWXmc~D?G&YESBm^brXO~G;4@S**yuS{`8TXA)o?ceH zmXni1AoKSAP3gO=rNxIN!;Usvy!f(h?*8Dpq=(@QDZPp>39#t@z)wly01knTZf-IC z(l-Y$@9%fJr>47%sWX##*1Lixo0DpyfadH?>sZo~v_ZR-)@JP!d$yn5zO zmxJ|G+GN~M3b`J;T4kjUOFnYsE=RwE2M&C?lm12!w&dmI6%=9!Ly$csB_$?04`X5! zqBh=03l9kB7u4{cC}Vo6!2uf2m${e&!EKydw8e4?BJ?B=wsuof6SjU5W)wBPm=6Hz zqeO)uS@R)t%NHR}UAnZMccFPgW})SC zha_+H7dARbHmJJ~3kwBF1>IM2_;5kVxpL(S)zTb2J*c+ifz?~w-LFIBLL}a?{mRy6 z&3Id z54?Q&65KOdULMj+Q29V$^#^e*_32)P+%s8Ct(B@b=Ay}~_dE#<9oDIiK_~;zPPi#X zAJ5ZnZ+e8L_B3!=M*Gw`lMu5mr=^)b&q{MCyR>Wime1FDG>{ZvUQ8wDy)*FeaG)0E z2mB2W66LY@`LF4=cSL1mWQHBOF!}qj%uG+tBGF!p6pXe?UbM;Fyl}~qNuVt`xrkYj zc7v6dUnQPTn?5~%>~)vC+qbKJx3>wf1PU?sWc;z?$9XpaeUMfXhc)&Q5y|RWkDjMx z)qO|H#{!3Nllz1xdVDAqm+hU*hvR(ltDs%1)U}OM4Z^kCLA?BV!G-irKe5^9qw|J+ z{N&{57}ssrwY}X{Rg=t~Nzt%Yp+u3!-Z-VP;aus3X^vuNIM6vKH*~i2#PssA>{ioe zr#4jGYQM3)c~`c404qNZG3*oVRVuh>!nt#oaMniDxm(m(=% z3C8s3JWZJg`e$^$JT!lXP4)cw(F+#j^G`>AcBY@-+!vNTyY3Qn=zI5&Yo~>2pjim7 z7?o}DO1ll$B%3cjdC*-mFi8LCfBJ^5bqOA;5E7y{(6he&F_C`#8F{g z-LQWhVG_<7IS6GBXw^?z)%&xu+Tje*#avwKjda@Gsa*I(xp(fA zm6aVFroLZ)@+KHH4olecxJ#E9Y7G?PqoM{68gxD} z(Qs4K7+)AH!;lfm$_wR>ACj3KoM$&c_v-S*oSY5{N(hYL@NgqhfR$+K1@uz7jAEY( zeHugdCwT{QsuerX>~dY zR}V)-ydh@*+p#Qdd2?$I0Ru+-@XZzOi5ySibyin%n&}hlj>W~s6%x<^FKP$CQJ1d0 zLP*q@J{>k3D);{Vc^DhnOgJ=j@AIK5J-=w_&ch#rJuq!RuRR2Nig)Y?4*}osOV-Pl zIojHm*4qC0Ej!|Byt=Pa2?-4gTc`{>lb)RHP?YB2;E>ba68g)C^(UyKY%a&C3vwYY z#Ky)#W)UIjrxILrJp3f9OjC37n23m@r%x-nZpi|M&|?M2#?p&(d7AWL(%#s@e@~Q& zA)9qds1}5?u4vGq*jZiw-Z^u`kq!>?JkgVwj6eYt1h_5n*6}E}!$|0g`rZEdtFfp9 zgCU|PP7a^nzxcNCv9bMikDJcJ$~XGqbtPBj2yrfaWA+=5(CW@3e{&BTet=TBwAy!TZB{jo+Sr z@uKsM9e-IZit7L>raM17mzYR?mmAtHmbmq(wF{QBC?QO6=P`yJS~uO?gUZW!JHUKNj`MAnAD>7l{I z#K-$ke>zXej6Tr0d5hPSc(TjlR&ulfEG|hKX{TfB3AWrdRpr<}+P~$iYMFO_k{wU! zaGe=KzbOgZ!^1<%N?iE!9ol02@jZl|cesXep+CC@DUx7GE{v@PDJzU0k8AiI;UIPl zUNF8tN~i_QB$$4flvHL$44dNxY>fsq8wMScjSWr?;2Dr)i<{f2DK5*FE*+e@Y{LdL zy8~FV@kYxVow<18X+5&Y`VAX^7__OnA<17)wU9sVQgQtmEa|1Se zj~w97;fzX3>S%syqiS*aJkSOuVR7u0&;uR_18mx{W5)1%w{bQE@J*Hi$HXNi4W|V) z;kJEBeO=wT$Vm3tXO6M7w1Kh?1&bLl_=`_RCRhdO4e%B81;hy?_{R6d;MQA0X)6Tt z9$h&(JET8W9WnwfzO<|icIA~V_(CY)?4~BlU?Be}YdrVWM(a4H3!IQV-+Z z#kuETYfHc-odSeV5Jlxc^;ST3(7-h5LjK8iHcGHrvg@XLNx0V|0!zDIcWjxW+&*jG^G(Ow&cTT7zTbv>y4amXqc9qTzhlmxG_iP zVWNbyFRFGM+GlT8R@RI=D9>cvV@ccET3kNv2?;TyZJk!=gM;t44M=%bC&*6_lTgM2 zPct=Kn0WVRMXyUx7qElyBVpS?Jl5D;cY+E9^k)oY`TMhk{`>YxB5bT)9YsN^y*`tH-JxPj?mAt1iFVz$c^?V&w!$0&F;EIqBmHr7b@i-i%og ze9RZ;*0SafBb{YFxaSMoECM^f3W!|Lx~5j=F}9PGvzs{Q=eN;>VB2 z_g?);QB=#ycj{piMIJ)+*R7xni)^oL zn3#-0@bWUm#GNIoSkZrTcTOZYSOo-z9ceqs6gPs%6#L)>AWGbKnF0(Z?v@j~yGp0h~H@YWLkG)wzG#vPIS| z^qXZ7YjSPn?d~TH-oJh=PI1>#_lyKDfBdIrucwO`0$_Az#!zi9jYD%hgEn2$!|w;F zg5_hP&%yor1_pJtBb&y>7zv;DNMl38)?6)jjlhNT=B-G1Mraz``~eJ!W8%Z7Pi_0F z*Ule3U^`1r-GvhF@IjtPgx&7Uo;|Y(=GLpjR4`0$`Sxypvbn%gJ@pu|b)j{8?MK5y zaVDJ!WQW<~H&=|{@2GOV>A*YSi=Td_hriypf~l2C>=X`>jF!iXIR_;tuDsP16k=vE z7XK}HhI*{NrX-WZ!28L6VA{{BE&-PGJX{fZx@$;Xe5 zy7Np-Oy&kuOyRw-9j4v;oVF%RQmhPk^SF$D*2+m6C(KEP_9UStizEX-7JKqK+Qr~{6sWHB{aKVD^U9DOm#2|Ehxzr4&y zd6tIH;7esr2jP=mC+N5%fq|2WZfxDg4@FBNHcjHINc7snlST)Gjad&Bo-$ZWMl&!h zjP|sdh&rJA2M_eAQ=lpb=<-_z-McC~&26-*YEebS86le!uBhob2xMgF>K4HhHsw5i zkq(v*CARVFR}6yG)Cd{QKGWJnJUu+6fam;S2q#D1$TfB#MIEcFcnv4+d@$zp!9L^C$m zlX@(#u8*L5L+B0E339UROG9)Y# zsF4^q*i1o5Y4U^#C$zU~h86%1OG-;e`u35Xp`oI(?)8nGxYC1?99FEjwDqekSYDT& zz5?JHmaW}4aRbd@J>j2r{M99J-8|8wd3M;IpO%)kVsyb%gUf=wOJQ3<*WQvPk6Hp# z`eAay&brRgQFD9iWH~z!)VpvE!FbELNtzx3Gs&xIj7;yC^2INxRl$he#eU|@8zh8Pwzll1e?;^0^BkOPo2B@_;esQGHE0oBODwpM%{$4 z9|(zzZ5ICqAIqtN?z)T_zKC48HnNnQvIx*fsEPZ9H|>^hPk0EPc$Dt5kl++ozBJ?y z($$c`1wby`wiUN;uLAz!J2CxR@z=+TW(Vcj6$C?% zKE^>nwa5X${u)jz?AE5>F%Frh zw|5USw7In6CQ?Dn+9!NmvaY*_pJzsAA#g(~F>8@8tUa3n1RT9E)Smh&vcyj9ncy;B zy0rT3+X2$jzc7@-Dx=LLnJ4RxJgV?2j}t5^M^LAohF6)$Q|!(>5Z!%r2_dz5duyk< zAjwK54436W~tM@A%U1ovV zdBA8XOHw503fZ?$RCgbSe5Yyg6^CxFP_n*G4856~yP7Za>WDslNW5Clw4{0QSg29w|f!?!CmaDCf@APYdj)P6ZNRR$M3@X&|7f;uj` z=ax!%T=Yq_3A&^9+^fQTiv=#vPEB#srJXzf>LfYPl#pOHq$K?C()PQ(t*Pc{WF%8` zv>soZ=ioAH*r65-%g(STwDu8#(L5k^8=ISngMi7Kt@7$s4Jt^?dgJ>piYa!-KeE3!mBkOQ-|S$$kw;Tgo2eW! zmVc&jA$r;uoq1JzIn|E}7<9CC27=Ram=ZQV3L%4X)znT+cEG@ZdlhWwkQRiRvuPIq zIn%wi6f?^^*VJTg>iLARVcpubKS0q)lH^g!!mKALpQ>R=u3hT#r?vLF!&;YUrDF_X z`GIIfm+hb--Fx&9N_leF{+C;4oH0>^T3C8oQQ~ax4H+-bsQf`OO_%oV+t;#}>0syyKllRfK1$xbyAo0u59X5Qa5g4!=U;IpeJI0Kl;Bm55$0NjZl{~-hZdq z#Q%(InVI{a!A~NC|2tR5pG$``D%#Nc9&~jVb`CUbfH#xrYn&Gc^8Lfl!5@9Sk zU;xb7e9`^~a?x}YR8+8ti1q4q?oo;9zsyg<$IoXcju|t1?%c7XM~_CWv$AT3DFVF# zff^edEpck`D=0psLg}lHsO}YSn(*M^Lq^yOvkQT>*5@;4S#;mMXz}8a$Mf(gVLH6~ zW29;8bOZn19GF~s@nVXk0)QZ^o z2ZKS%Ws%Spe>#x+)~EfG4G73U{`m8kB$-@W`qKqI#mc?(&yGnlV@*&yVxIQtJ}X&g>_e-oZdjA+4H zIv3g?`O)PWbA)cXgNLAaYU}IUaS1duG=LB(KPN~YOw?R$JdOEUv;qJP3+%tUTUbYu zegyt=o@e%eEV)gkz2B(CN-R&>tUG(tGQT)65t9Q3^5cP1j*e$!F0~Y^fiBHaKNJJUscRWiOZzO^~B@-0!Sl;x8+MluH+J3YjhKxg3Zi`1hd5DKkJ@Niu-G5g#n+`_0|^oDWNVaSE5Ij6eb<}e=cPN zOS$yu$&)0alGCTzo-*+4Gz3xt0V&&l{AhA7@rYg5cQv$)s*ejZlFCOqIy?XR^>d?u z1`oY;EcnsZMq}0&WD+#(&CM#=3{KVV5L z_^DI0k#H{Qj$-vuJ$U4_8zFOONQ(hCf&5o#2*M@qV2 z(D30&lTSpKti=qj*fg$Z@q*XMe{&Y8kVxKXbQ&Ma-Fo) zsb-!&4G}*^$un@^Dx4x~*TyuZ#P;JqZ>_L*Wk3p^C%I#fz3e{PSNs*9|w z7!lawvGwBfS)&K^*TuS@U)={I%}kNA-?vika9m$l-@`A$VgEL6-gGjZAaO(3ts6Rl zfgcc;ZEbBr2R?`s!1nphZ_oYv4+V9r*>lHsVo3hd=O((*j~4O)4GajHcWgK04+gms zF`>y(Jzz}EoRLkvj!|>cB+9~Lb0TX$eR}cyIfctlQ*tfP6j9~4UjeOQX!F3wmoHB* z`_@!TV@RyVMz???`ce8iVK`8qpU7<^(9)Dk5y_ngDxPAtXNT;WTT^=+R@fgI;UCDqv7>V=#J#%4f*LY!_vs{SFQxA zKD>Ybto$fB1UMzC$&YRbhtc>4)@i%f7;{Ra+M?|>R8>{iOpwH#B79Wa@AhF^>6aEz zfT*0irf}Tz^5#RfZJ4%azwh8r!M3YckLj4;u&v7xpSz|Qd+8IC4S2f1WBOQm`D+;& zr9K9%3V|@(q^-VPPFZM zXwDLk!J1xaB4!KaVZa$-yBgB!s=TB*K|ULM6j?f^UF@B0{s7 z0Om0XsNf(bb0t$EdCHe+3K(c|tI*epZAfuKWkkYy^~!4WfYoc(kaT&|aVkmi@e624 zPe=&r*md^8g(;Z%b?5ObNY5KLZbX#f1<>f#yEot+xHV_a-h>2~6pdh-_HB7~j8-r< zZfJNjix%PFH-c3cwR`vOE+P2|iHRh=vPX|1mp!kZ8!}|CIKnd{3ui#)06I-f^x7kd zMx@VCzH}6#5}opz%jlw z{|hm}?lN^8gJcBj+YE-)EIHV9kWY6_ zCrbAD*s<&Srl{(r+|8=jHhi0An9A`y%`H&EfzXPI+nrFK!d|R#J*#gMAz~uTG@+_~ zQ4?=rW_EAI1mqSArC@41KffNSGsce>NKmH0P?4RQt1rvVmprcKrY8Di@WGv`=OJlO zC~O#X?E%yepNLKs_87e^bLXysJi-K35DfhF^zblUx)fbjH(QzG0N*Ri9Lo6qo4JHHqg=WLHk5Q8;vx8BHc zDk_^dY@ia_9}+6~vvHxOZtT8WE@}R@G5PV=)Twfq|C(#NA!9kxw6^rUV?Lj!iupYv zt{@qAXzM9Q8&}3i_SyRjf5ypg)#rnx&c?*dQ1!LEhDW`BuP zh?}@x2>HE+MNdddif$dgNmpN=v}*Vvt-ipdcKo23U*LbSc!XN#lM}o>q69b ze6~PHHutI)9r9LYmIT)R{N7UtsE#`DI|AR0?|;ICny^MshOHV`tr|xjg1stim?3L4 z@dl^#_@B;X;VlbK?hiC|l>+RL&;Un&W^uf&7DVm86=O{t*Q^=qbBE~kE@XGnhsoDst+|U*`?vBjZdeWF?0T8S4Y-dm}A#lS0;Cd>4FT9<%D64+zO; ziqXD+fU&*|5I8%lXKyMe&R2X~T+Abr))VO$+Na7z&Ej#iO0p*b3im@N2QrxH0%}II z&&L6xU0IPY?ThysOT1p1{LI;Lq=n!M4v_6Dt#OGsF>zuE&CRk|0QoC*rE{VmK~%B) z@P~0wmG&_g4NYvL5v=L9k`0KC zkGC{2Ie%sNJWwwnnT|m@J;fl}tC_ZzTUo9leHb$js05;^^q+_l3*a+?2oW4QoOgBtSS%32l8fSx{$H$kESNt0zb%q=u)TXV6UN>nr3iRH?S~15gCehjCn!CQZtnqa$(Pap6bD z`tHSKM75*H_&z>9x}vFut|0pbV|+&X!s58ctW1lD_-BOp{jtl})=xBxn>AIg_C84> zTbQOMjKqSP8KPufeAz{4QNaH!$?S|apM_2i#BsQ67r)E2$iT4BfnM9R=-P04Y*kh` zJD&~-Swn<(c2+u`hh@q3ce-F!XWeplM5qB(idytm zzc?l=#6ic&NJ{vI&g_{de|(&^*iR!V{CGDNaPId zd6yN-2XBO(W(D<0q*u?A(!I`1p=&Eb=yvj1;b_k(!Iac0);`$;{s7E z%CY00aGjKZIfpJXV8CGHQ3kG1tFj81m2xlTRIf7p{oQ-XwIkP+<_>cBE<9aFy!f<1 zPnXsn>&^R%@H277TH*xSD+Y5{hj zy_;pihAG7S81t~a{3@FLYQ<5UZc=ulPSLsu9BuF43qbYg(VMo(l)`>#K@m()XoIAVU7{JF<{%mLM(Y$)$ff>`q&-pa_7!F-tSva2lm;!FKH9|8c0nQ zQ8yh)XpxiqM@a$zyh!;*QnQ}5{^$Yf`HjrquK)b`OkiNyoB^vSm4*(Tzwqv=b?Xu} zDlBVPag#myOHuKh1WU4bXnMz@ggGI%i+{9o+FzNq6dtllWZMKc~Jxv}bYXrZw^hDHOyu zy%YD>16i^!_S?KBzXEU>W#h4}i^FuIwDwJlZEV7iAFryb6FmFQ<(GoT8xLF|#!$1{ ztGDmo^mDaiY&~=J^`cokwjq!B0%TF19(rra64C{GeW=MvnZA`;7=&xNzBvCA3TzEA}o{CrD#X#iqr> zXO@=U$ZfxWZR0D#jCgL7ZquZv=l+s2I|SE8R)md$!k&9^vz9qYcz4k`^4D2c(ym2@ zTQwswo;gDTLWGf;e!Xlq(ay|c1ZGN0pbhu`DkPC{`GY(9xfHt#!qDNv-z0c zmSokTs1n~0GpR`x-&=pwrMVA*Q9mU9iC3JfD2)Ut6W66>#{;;JqpS)pR_Ai&_1Ay+ z@YG+6Qi9<(1|!7TgjeF?ph2B5*v7SupYr>|U+!Z7saQnV=DcKwD?X9xGhF+6^Z}9L zrvibobrp{gu9Ctt`+*_goJ5uxH&07c=r1M&xNcq5X-B>;_U+E^hHnm;e^nR&gUL!- zR{K926JHDaD7YH_PwMoyK%K^uQx(?O*};T8{g5+_dV*xWsL?UIOltAiEOC|NjyIbf z$C{W#Z;JVdK&EJLw@cjl>0_(pdeHc(gYq|1iz}D^2CmqzLEDo2PuM{o|XR`5|Ug zLlKrIjyAb&o`He%gcUQTJmEVq4Fj%Kl$BSfJcDY5c44sA$FwDX-f+j6$FJ(c`*e?_ zznRY1@^WXU&E0;(fG~t^G)U1sx;tl{jf#4F_dR7TwB096Ok)?GxZlZ3fc`*3-r!9UUwn3m5j?eUk>*riO+Q!aOe$1U@G$=nS^NFT&{0?9U(n z2yr`tuT2juAT;Vn0hCcIfa}=6MjqXFbH%<~TMDEB!t}*uPA4c^=oB%WH&1l%y$6dn zC_z2EW5gl^17l?d_S!>NMk89G&>BVh=2yB@X17D%uJu$(G*=QPV@-9H4Y=n?ClpGO zgz_@7WFx#hg(EFnT#v%o2he~@>>pE!NKMST`W0S89gJ>kaf@Tj76uqxhO`nmY@6)m zib2`UPb`5H=(rioQ!OoEFyb@kG=Kk|%^xrwg#4;vla=W*LT1Iyze$gpVcxh{XpZmJ zy*poutXqiVH7#ul%1^y6xMSRs3zV0Fh+WO~B#G8p`l7LMaWMB~rKNAbZpB2vA+}m7 z+$F`USnkzxMd0?dEuWVwih||w36%&IHFm)^PfyAiUYgUU(auu9Y=J0GDVh)kug5#6 z;A8qxWx71xDWMCq42_J2Pjfr(wLMN}BZ!N!Pg0rGzZAm9J21*ik!eJ~Ha8#g_qRxO ze9R&h~VN%(-zmUn3h+SRUS9kMk#sW`V0B^4=u zwB8*mj}syU1Y14JKv`LNu+%(=nb;vb76>#~mwsQaH;RQBcAy&p*C@>xyiBbc9v0?8 z!Q@s=%oj}G0Es`r5~B9elP4|TzA-9p`gB6eyXxxx0zX1_R;koqxUimMRe1kC5hv59 z!<+vfBXdtV`T{et(h%2yOooPsz3!|0Sr_+|&xI>~?MEbC6TW>jZV@s&(*=kkP!DYL zaWWYX-mJ&j6H3wIOZQ>GVN;&26P(fv5Xv&F#1 zrURKP;?|e{w|)^TRV4N2BmCBR4)=VmBZgDrgDv6h`RR14F@1q6Me2UvQaJZMi0EVE znI>60OeN&SquHH*ZHKHx|NbSD5-vj|;l5rhU8Nsc!bmgE^Aki8V(H^jRdp3~kX@ZW z-PDb9CXWl>Ml~v?z7hH{U-~!<7)nNtiRX) zQs3WUjpHjR`atokiW^JhHJrAFRXp_Yo>VmKY{0fj!{1G9yqMYRKUc#1f7=BjpFHX& zV!TZ_DGm-O7l$^Hv?);#y{{#hbbh1lT$Q!M>=+lsz*u%RT7^w9g=PSOjq)Aw=l-Cr zn{b#m=p$>;bXLAudVwfdeW=Fz737caft}V-EVBx|8}z&WeRDyTxxfa!2s`q^0SV%t zj!*1_r0f^gWD9I}&N#)1v^43?GBgzHG@#&AU1Bt(UcFbpejzs1q$T`F*{R%*GvCzn(hKU8Fwf^y%xE=$Q@a)$(i&4Vk#-H?}SEdMJ2p5XClG4b5b*!;HlFgvHsS z7#j?XjJB*_zjjptUY(sYCot|{o#IfDD@EW2#(Y8G@I9`=+H*1?-Fa=cHQOKXlTZ#3 zd+pk#hGBAn-Hay+WPfll4wz9wID&l{sEZYg;Rv(=Q|r90u2v`4;PWL4foTx$7;m`7 z-kvw)DW`1gF<7)KWR89%6=KPgC!d>YuPkBe3{D`BvAI$(&N01_a=y$j6Q+mN6h}bQ zaLA*caC$pnaDd4|hu87rD0AY{(sl3OKk?t)^21`F?g<0=!MW(aq&5=&R!>hpr=x5SB)Cz+8a=#XUW{XJ-*#=bz9smRzkR&KO{ z!dh$%90N}(2Kqfaffucd_ps7sEMK?9v}(b)?HAsCh=EpU>SD*R5(D`qqX*FFg|51* zbsn8CWgq&576{J5u?8n*iegl%NLgb9p9_RKbZB9}@Pxll8f+%Fpn+>69Mkh`qVNI~ z@hus8gh@N2eHrQjSnC+=JFjz=CWwh?!9JWglZQTk(gqQho|vLj>IYiwPH=u`zYayAiN&pRw0N;F2@C z1e28-x5hl_`0I6%v;8Vb+dh}A7TjMvZn0d%y!p#YtiPM4tGo)f%y{l@`7TW~NPm;- z^kx1EmIp?!vp6@%;#ghV3j2p&0vg*2w`8Zi9FX^+-R~)*qt1MoHmUI2w4w_U5sQ{C z-2@HFv|9P&wdm;#z)DP1YmcvzU70`K`j)sZrK(wybwW%`aaq}N#t^KXEgEo7a4o|- zgc%AppxwJ?b<`E*^yqu=uOG6n*I&htN8S1cZM)#XgKOmA?c1|xslzBtn;~*v8xT)* zz70NU27%1(LDjT++_k zU)X;MD>`QESYedW-MjB;1;QE4RNNgiN8B(yyl>xx zsZ$vPqBp#5kjQR*fE-Pfj9u|vz(#IR-|P``}0}6}z-9DpE8(l}k z?S3rCiez&ttbokSwvg>(Y-WGIX96u`HddHBDLlV1V}=er`R$vVY(U7dV|a88PiyQH zr)I%LC5d%|?8&|rNI_p?YwL>iM?PGm;Z2l<`OdRrg2+#@Hlqi_5;2g(n9$HX{y^@n z;7iY(FV<#4{~>?tuG??Kb#L99 zQ@ZId3t%a1A&Tpbsu_$HcN zMHx!Xl$+bF{lmy~+7`&Tw&U@M6%}3^{(YF7Ui2fJL}t=rW5!8{JTpq(kh|7~C1uUOaOi zH%+EIp!(8Z*HxdvXHmGZ{aB{(?~>I{pMIbC_`d6|?eU^=j7*hYlZ%2|-Zac<^MTuM z`0$s;+#1qOh*42jAMB*CPZ=3};NHvOGcICnY?zHUpJ|lbcTZ)}3dvlN9o`WD_%UM! z4;`9eUofn0AI#=W*(K*XPFGCV>S+7r`m;BdOb1f#om5vy#j=2vQf#(&7J&sdJrX2k@oG5E^p!8v&FAqgpo zp}|#m`%T4ObpEmqpT>9%3yWugZ>1h%+cbeq0M}PnQ+{st`=sf4Chr9Xf*{Yo+AaE3J&Pn?D zn~8Z?%$W7MSYZ&T@{O)G6)PDk1rHYI$~U+`6#V@)6S}m`+3dWHb%z zEqim5&BXEY@=u;WZ^al#h*1oJC-8u>pk3PFv_`Vki&w6C9K9l=5qcw0gSoP3GcXD{ zi-M6E4uf@xwKX)c67u-sFe#PyLynv{p&&1xwmM&;&IJ< zr_B?GT>v@|3uGqaoES&Vzwom0(Gig>6YYA7z7Hap$GiLe@yIduffmn<%*@`qCzs{^ z%y~4>``+#4eCPS|Yaxy>eF67@??Be}OW|SLzJCsz&{bxNvw4x~N`M*!nQ$QuIY3t1 zYwfC4qgt;j!$xRnZD;Ha8-2zMX-~(OPup57vi%qI7J1!!A-zlm_QJPxcOMFmgd?KtNyo>Wy!k9 z-wca7!p<~Imwmr=h7dEj@CNio*NRoLZ7%No)~!7QmcKrobxg@$?-VonLdNd#@C?a0b2H;%A zMjOA&G+7fxP>+Z^v|!(8tuVK=WP0h1q9P*}pKw>WYaDzj}VB*GJ zs~jAjwWsl*Y`Cu?x*Ee5>{b`2_hTB=VJ;azPfPmcwzX-{+}J-}{m|;<5JYwqJ&KNS zM$2N;;sB%kn4Jj|XXoVf2_PXu$1VLM^ksay;ISFr5{T0YMc%!$gLt7RK2zquscBC^ z)awoEGdp50LVm_0SlFwhzY@A)p8X-*&zdzkD7<+2QZS@(#aDIpY7&rxgMZ&HR-Bh3 zM;e$)#_k;`>U(%&sy`0-a^FRQUE9$Su)=nMS|b5bVQOn12G#SkS6B+pIAPgtGt zoigJRS1~+*Sp4$7y?V8p^;{flq8%O}E{tVDUBU(w7-)iEN>dtbRQK)N7@8U$K3rlO z;TqD#x?InqhBL=<(668&jq1?%KolK+f+L#waVxu20YdnCT#VN>UP9ud@Xfl3?2vuy zmccxoxeQl>k7OAK4j6#d_4>-&dw;78;j0w8V)zl}8~GaZtBE*7uyKQW(FT&7yi-5& z<^`X<+ks+CZB5&~`!)fxzb?mVu#4-<9)V-L)SfO)bp7UD7YZ zcmM|i#PU6Y(oSk2<~>u1#ewC#c`JUYh4%ZzZ@u4muj=b9|5rFRNEpu(V_w<4a^Opt-le}>+)aA*9tSzBb zue`oZ7%PB5`l8uv;4G{WND&4nd8i&CWQX=BlCQGzA@N&PUpY3=r+T6&tso833uCvD z6p-|y&!5N6&QueCO4Rl1FX`-NE|h2l5RA#@Oz-E|Gp*uQLtU3;K8AN^MJ*<2UmBuS z`4Mie{8tsLL`JmEI+crCbamV7zUlw*0>FB(8+w{Kxw!DJvqc%%y}!`up?yknOWrvO z017}9pGJbbrML;n8xfiEL;Edx)` z#Qs#KC(xPy`R69!ACQ#%ek`z*O^j6prjRWUJ5Qy}`TlcHA!P`5-cQj5DOs#tKjpqcuL(*Jp77qhWZlIN_>y zX5KZwJnq1XUaxU_=7_cFm$+PAPHrVbe#`Z2`9AEeTwM#EgmWNMmbT&Qz}-lLFp(P1 zj_tsIXz8D$ukQ%iM;IcJ%oatr@cQ+mznlrPNBGI`a8+*GxL1Wy@{;jpJ{*_^5OJ0C zh(Wm1#VU+aLrdkTauA=S+Xy$ZH#k6}V@@G*u`?((d9jrIAsRS!A-|26sGOJ|lhV07 zskpMbTe!pPJ(qcVbD3PIp2Bb)u2h*nLYxnRa?JspKIN#Hu`y+0?z-pVx||N&H8RI@ z->j#`=0!y2Olk#8%gk$CAYA3CrIjU^uspwueM(jp7o`s{x~Ob|`GLVDPs?pq&QMzZ zPgA!R2Ym1+PMG7vr>X*z`6~M*t0#}$am#()=m9OdKkf)(+>a-(zy8?#bb4JqJi}hD z8Bm75Yd6(y$bJ6Q$lFC)EPBTEW`~OM*KS~a$*c);9B{$Y#2)mi|yO2nGB10$Uq*$$f`A$ z4AJv2C|PBBq*DChi(%rL%^BeW?Bc1g{5&nxrbWw_OG`<$aU-DfC8-HBn;jA^(iyZz z_Zesuu7iP<ele;AX>V)$IGnE)DU({FAgy)obG<;&%!rY+QWv{6ZFc}%{O%=Zvp6V^As zxMXCa`1rwtIJ0Y8HwEZMFa;Pw>%zs02XC%8C^Z$wz-Om5of-^3|N7I=t)nD6EH$JH zJI~U!oZkNq+YmXsrKwr;Zs)u5j~hdF8UH&JO5}z}7Z`{?uN{AN|Bs|3BGN_hS^fL! zE-6&Vd;8p)cDctJl~LtR4eEUhzib2jid3Gwxot$h!mQ8A|CtjaA|koszfG$m6K-I- z`1fsA?AZB#`@OU3zWgoHP_GZ#|1$F5pU~vGb`dLz;r2gML_|cgrxGJ<&WQ41+~;%g zVa|a+KYHW4yt;aG{=l8t|MOG+`$l~x{O^98|G#B0@Y#D=TI>TLix1MibO-SjT5*&w zDM&B@s2W{LFa6g(AyVAeHs>7`$94u~1P4oW>$ZoOLHinBECQ3!x~tTxK$AN4J-UoG zfaSDhR*AVRf)2Q=re*}1=6BsFpy6Peau0;(vg6BA9pB5ud)z^{ zG$iCka}^Y&;mRa}I`Qi|xe!*sa4JC++$}0cjv{}ec)q7SunEP}eHFj)tY%JvX!<#q%8h;lORp?^H>5uRQ7Ms<#V#g62eR+J_J9cWQ{@cG) zXbH+~<#6kzxqeH0rmSwi?do`=|GuqidlGf@y?=U~3v~Ax(pRKmVf@95PT=;!a9 zD==UT`oAdq?|7{H|BVAa+oFL=I~k=RO(_zoG-RZ*Ns6|Xkcsf zV_^z9KdQpkwl+TQ<%<`|@a%6Bnj&dyk4GkunAjPewBgMKI+FQlmFPrpYG z7wDg;G;g_;aoYP<<9NO_5(!Tep6bi?$p;sk3^b`d&Scp%Fn0Ix(T>NR7v-tF==` z9*02d1nI~V`;?N(N|fHMUZxuGzLW^KgkmzbRGy__XgvpxoPF=dL}wQlP#+t(Hd*LEeo!Mj?GF+ zzT(s(ef#&H^51Y8bU0N1y-nZH3Gf3%f=SMlj8jb_tg#{y3FdqXWp4~HCR-zxIti%Y z*DTc-o+xHZRYhxRw07+dywUC(p3SmbuX}<|j_;$;B#7S7W5xoiO&}%oN)%p5{@|8~ z&FdqpXwQWEzOGz3*_4D^7EQdIa1MpJJw5>bqKr!TZiXR(D^Y-dH zP#4Wq3Z2As3U2B(lTF7hofjcDgMXp=m-YPV(8hVAt_j2nY1_7w;?%hK^DPizPzSme zDwjGNofIGg)|odAAz3jEHPvTo_SWC>nesE##(j{ioLp>73?Re$ty_y~r<+RSkJi-Cpe2IQ24ph= z0aZ0MCl|5z=Que+4=XLL?)w=W9U&$4;aB#?v8Wl>SXg{QL(%?ZY?p8XkxjuG*fEw2 zOfK1pDO~7^OS0HFCfQaU%`6v6djn_BF8ke@qPj*}TACV_5e3gTARmN0m<&!{dCQlxTJcQPlnGXiY*i)Z(H{(tu0gw%BkTUS6AF=X0o zhPR!V?sU|M3+b*yk0tH<%`S|!4z|Lk8<+ve9Tr8{%%qk;c6o(1`66eV;u1(zOW#XZ zpQ2@2Ei*`)R^aXsegtxg=ElZR=r|dBF#6F$bIG3m1(`nQEFRo=XkM#fx#Y6;>Eb~O z@%0vF%Z7MA$ynXGazT4=irALRQ|C=hFWMlpSVq=U%Fpoiq^~IS#m;Y-Q5QdFy6x2W^h~?H_+sQw=Xj)tm|n7?t9Sa z<#01RyuVBgKCAPyhq~%NvX!2Hr7`bG^P*Y4Lu8NYgh|f{D4%DvC1u06Qwv-MF>Zb3 z)Ts!v0aW5lZmP51(c{ONy^=eV4lGdL*a-Ho;Fl)!sUhJfP}O)EFgQm8gj^czzYVnOW3^V<@K5`h&Z(wMFTkHoKB<0?KD1b3K;TPyrUSZ9{RUtrAUsY6A z9(T(bty6U0U1-@uG)5;oq~ir(5bp3?So&9RWiGF$vJZ72(TX~d{+BPs)yjfg`ftV$ zoe7-(avdEoUq;8+1QMwb4&%Xp3C5M^STo|o9o#r=e2y{A6C6wi5M$YQsD_a=Jk01F z;nRhbnSsHx`+nrkyM*{SR{-1sjgz!#phJ<9qo`GBV}C9z04>zR9zk;~q8i=Hv(j^N z2AZSdx8J(;M2AMd(W>vWvz5k=?_DJjNu236G$YZaDdY3!gwH8FVE`-t^fI=ZkRz#C zQ4SqC)V<_!;&m#F$U?+L-vQ=W^ePaecLw`;-dW-0>D}KiZIEU5kKa%BDNceqRq7`y zD%|{onH@j{g)+k{YL>cK`R=s{Zr>O=XB3-8Il8W({>-6~u?9B>_tG3Jwa-yrS1#7P zAwDEstvRdo+^vUEnX31tkqK+>Il5^}w0Gvz{+ZP;LYjxJD=;-P8zC)SS61fP`A5PK zMjIn1M}OgIZEPIuPQlKwH;X36xk`<{JoZASkDuQKG*Xc!mbRXk2x0I@Tr2ut8WZ#k zln&6+YrxX(5r=1V*cJHc-5$qV?$cVL{O}4&=^8z^x zh?gyU@SQaG+*2APiXa*pD$GAkO+$Q7+`e`#0^xY?!@}7&g2!*_jT*g)fwj(|=9VC@ z5fSy^sSc_gd=m%(a@CJt&R8|7qB(&{<^Xe3QPaBBx^IJ-y|;Pd!wor*iwkapNa z3Fqpyej)@LwB7pe4v+C~*D~^4g>3f=%Yve!c3W9pWyO6&c0I+8Fm#=GLE~IZAx6AH zgyzHoR5l(n$Vt=5ri*OMfQb^&uzV0OBR|T1KR=u@KnBR*)Vusg$gGHHI0{k`fHPZm zn0)R^Z4{;F8a>)a*#&nFsT!L>jNI5}46cry2Cj&D%=++mqS0H0On!_>su7^R=ZWo~LM{w``g8VGGNRfBeQs%yY`XC&_lvpz!uouUNf^*d|}tR4(>? zt$T@vrLo@A-%EnaeZm_gyMFsW?fLj=WUT)3Ke*Ms07JTk4;5i*&JN=LnSMQ&>9^_ZB|W@f_WJt+#SENwTywNriafc22ja3E`3F82la**n2I zH8LXNr-}003uM4AsmGr4t=Dhd_$M~ANAKh3Piy^JX;-lI#oD-yPt0!rbw7G9tYOOw zhpcA?+a5pq^(bm`XxoF69e}AY=Id&VSvHAVdN0M-&*q~%zlv(zxCr^=ppi${VFe%L z`X0+SVeOonwt@@IXB7#?fsSjZc#%SY58})aSK5FC4ms}Hm>PDVI)zWS-Lz@Kh;CF9 z>!)t8wFQg-gh1+c5iJUFUtNj2g+%@(eN<$g=dPn{IiYsKTlwQ&)hdTHHG4n?Ckjb~ zXo^QJu|^!_6!a}IbBrH}Tp5#sHEXs%oXY50W+u2^_?CHVJeOZXZo8TnKcv4ASy=rA|f1e+X0$=hNi3=apC1eo*3S#7BB6ydCFLQgQDi*98Gi1LYQMbEL1M_iuIWL_zHN z$CVXUX{FdW7~Ed{c76KCk1oVP0u3yv$pcAjjqLASme3-cCcjJ>J!8XCC}86rb9%g4 z7$CdW^p1}H+Y#^bM57!cH@=7s(OF()zMEun|dFPl|lc(A#Vi%HR<0YhTr;t+G3 zT`^uvUyV_u_;|C%gZ8ZDu1~)ZM(_N)^)K)W1~)Vq>%Co#hnMVpM7;zJc3dl%w@b=m znV8ra$(qSU1qIIVd=U|#JU^_u#<+x`q37WT&Q2XPL{bt5t~V-+yBE*z=9jkbw_%IX zigiCDl0u??Tz>fLk(q-1o2IV)>7`|MeVylxiuAY@Rks8M-s(w1w#MqnOOm>U2CZB2 zCROLwN`DfQzP)O~Sx28t)e(I8oB$n671u>FqgY63=Ji7s+SF&-JAYUqSkuRk_W@ng zVJ(*asew-@VgZaUm*3ny=L!NVSx=6|Pt}x+lVA%7v29A*SYq-J^c(5~zgRn>v z|M2AW(i>DMEMd`yjf7-L`JNmynRHM`Rv<{wB7|guxgo@sW3xcXb<}2??kT%30YWY; zG<9B+K*k%m)Omo|e zV2YXMG9AIS$?GoN+&krI?!*@&!A9;QALxoV#fLalEh-T;(s*^x@73+i-}@E~Tbnf@ zHt%dj(6{DEynD+LlpCnJy7%bewQ2)$aRwnj;h5k&k4+&+$Fr`gkK7OE+|D{5_E0%o z9*bCh)+_=ePAegi-c=0 zf49=Q2(bed#Ryu@wfJ))hoUU z({Zov$?PzxN0r8`Drp`=n`+ZCQVGST4x&|2QBUIuD~yE|{?0imBX^7%;N8(?z`-86Y6bAsoZSyS3an z9e@7Nh-?$v+m4whW}Azy4O%|Y-Ne90_obZ0+QrAeZMiY+$G6|sKS~NjUJhOBy3~B8 zRR5i*(gt8bLFY*V1Ab)?IU;mDjIYq4kp-(yg4M_f_*SReMZ>s9NSp-OIMnnSU*R(V z$Iy%HEQG7Y9K%aXh-znL;W4(^c=)l);D|)FCzWpx5EO+Aql;r2x?dYwvQ&PaSH^?8 zGShB|YxxYn{djU_2jh;;+VO*WVWN;Pro)(B1jRsyicg}YG`c>4>7cb7Cm{kq* zZR%D#OP9+N#7=th6qEqLP+f7DmllVFX~ojtt(F}t=&|`OaJlraTxSxdgr2ud2BW>$ zBI62WVeu5w1;j07%V~WY{RAxK5wQ?_II6%h@t|h^wAr6tzC5yG{Q4RnztL)OHZMda zk2ydlz;54nzehYo@{Fbm>tQ%n$z!;If4;BXsKaFQj*l^YPv{YBK&R+~yi-fqB7*{L z(H~V@MghHqtuK$^=XcN~14F});0&7%?4$sD`=r*9bKkvt_YW9TTTfH6ditvLSH$%D zly*djrlz7CU6J1R6YXo{<{f9n%eU;i4MlTpRfaY?q|AETW*r7oRl9pYFj-V1)Q-Q^wyJ@ssHI>s5odZEGO0*ksuXd2LE(`_ zvN)LHBWg6~!96%P7J%|92_a})DSwVxs&o%En1HxzOaAgz7)|QvP{r!tP0XK|481g_nPZ5f(l3t~183d&)# zRm$=cdKmV=u3R0u0wiGMqBvyuUCsm)Qa^7~txd7zg9r$w+Ims8Xry98?3B z-(*aQ()&+Yk){Zv4%`Io#fy1S<|akpHQ3irefo)+RyYq^`XzXLfEMm0u1D34X~b}J zN1qWUb99k2C2yDk@sD8ho%x_8m@of~OGhORAm8l_t}b+?7W@R#M1@@jS7FYn%2`Y>;_W9JyDZ-*9i zziW4eU+tv@Xxs4XS1W}`@T7Y}ikDyh%Xwb+g9p+|`TrJAo|&|Zu_NFc$?c}C4?K?? z!9A=42(8OeI3UgwJT^O~X9tdwv3EDBtK*H)+ToWx&82Zu$@iE*U?kbI-9~4AF5e-5N3R#Irv=Yc~s8WQm$XMS61j zNUIfg%6w5If641Nzp1;nT&hv^QpN9aX{H`?+#+Pl`XxQ?E3@d@yNcc~<1Y+~-{Ra4 zn%;G;P*h-uQcnDOcR}x&At$Tf=TABeUl? zccKLq*ZMP+GM@0Fls?xMzxyLvT>NjcoA33Ie=IEg?psW}@(7z|E)P5cR^<$4>TN7W zm&|R8j*YDuZ%fHQIwJDFf4_R$F<>GL0=*_L($;o78I;?8J=dMFZ zjrWz-QC4$o-6~u!5!3L2@_@MZ=@V3n3w?k03(4#t&&}za)7G{njnRr@iU^RQOny+fsK&H$PxIO_GNBXmE##JCGHjJD~ zFY`5DtgX#V1`__9?EK_p8RmWp3tOXC33_yIJckT+0oxBEOH;58W)q6OeWpz$JW`@o zFrU4j5~LtO4o}|FB_uoW1$Gj(oNk;rIDbsw=T4;_0`TmSp_s@1Dc`uZBtNU#(tGiAfZjcAo9dUg~>l>-k_ zMd9`BW_kc9wAt;}zfUBXcCBgeg#A>JR1eVGOf$i!aX;idk#&KR&4&($5(0#tGiQ#& z87(RyULG6+r5T(o95l`wET#T&j$se9uM3QgFZ^dM%b={gm8!b2xw%kv0Yq=Tqka7U zIj0C(t~TzS0IQ5*P-v*k9W2p8Tf!et##~GYIw}E}Cc+HjSNHX+a1xrr8mf(Ny?@_6 zK#ZKpeh{({dg5AiEkXV%Ln|+=_&*(xwPsb7fg{`rSUHXHKUD%rWUxq2V$MI&Dr6H2 ztQV^U;IO`MtT-ml{=%7N_Bpdk&&t>sG>r7a4}is8B)f~%B>X*e05XVnZiIvw;zwGN z+K0Xq793qHx|eXXahNjK6fKdLByJ)J;0bZKCA3J>(7$kUEPn-r;5|SQ(ft#;u?{xH zhuR1`sIy3MXlAYVhJ#{24T&DqWcHGPQ$rL%9*roF55z@fb`;?mfaXHGm%$ytqKoGz>9Di?G$~7q?irm#R3K3oQhFROk5mMiRtkN z<_`z>rO9~`sA;&vZ`^1^q=|UfS~(I7oZn{=v&o+;w&@Vx2x8ARk}p@IC4!+5y`WGM z`?+p(P!4_4Q`%V28!dczPQI`q2XLP`u@ovUOuNv}z@2|aLCJ}ZJk)pZ+D@J=A(zQ- z@?d&?zL3?xlWT34;OpA|FG9AZ#kwz%C3SpF?!jsMPZ(7X`ojOdH#?8k2h|flhWR>T z3>$4Bu-1!GXRn@gF3Zm8vO6D&C{2flHR+5?kZIdDZ31sfoewx2f>*uPQlblrI%-)F z8O7z#OMlgbWN<^svaD!ku!KKKpiX1OU3d4P6k{fha}>EWfcmkZ08AU60OA&V@%;RJ zv6-Bx8nZ=CYuyQ3ijFtmZenbR1~f=<;Qw7;*9UF)jigR|YH>|uu(o6;u9>qAFkQOc zIKOR20tuT`)N-E1F~f&b7>eHQc`LUf#Sarel(Z_#STGMdB$kOKHOl(=rh@JVnG)3y zDQ5h|BEdyjL1D>?72B9hn=|TuT%3`X*0<+jnH|RE|F^#DK=QphEmKcK zVu1kxMJNv>w1oaGlwN3D&{6ZMzGnxX5QnN^d(FYXK+DhofJY+STD&$h%a1FinaS}4 zLT}v?9m<-x|CqM$oC%?a4yAA>JP+Q~9E*^pfAeMS>&LPK8A^GxS(Jy1dW{Tn&0qp@ zXa=Fr=$_pl`S<_cNWEKCu7Q+H<9{{+VxHnY+Ix2Gf?Ld_QV`COj1~V+xa{2cbEQf^ z&c*3HAiG;y=5g?Gcwvm3CI>GnRtkLl$R27I(B9)n!uT;>M$LdlPTNT>D%x+qTG-Xb zAY%D$q+#&F5q=b&yZ7t?loZ#Zh{ms`ZdNZ)e!FNo0C6qX`5N=)Squ~8Zkjd5k3HY- z?myTw^}O`|ed@#=ZtBAao?8w#4Dv&tE!0Qu+OXt4#8xEtHRNMF_4T11F(h-7+Ob} z=Q53Ar3g+LHjxldHM488Tv4l6~C|DFC~ zVb9`rMK}!&s7}AbuC&KUl?by4r`W6dmw?Pn?uQR?ewn#GXhJck8!L`qGh${rjfAuQQ`OC(_e>r5@QY?Jj)@@_hwJ<-H#)e2y?Zt{5N>2$bx@l?}D`xhJ zhu)gZcg6vf;O67wgAx-jYy7CI>a_l+O4SUj8#(O62$ln>6b*Hta3biU!{9;UsGOSG zqblov0^MuHO&ce)Ps!!(=jYee86G$&gSe6zEjqS)aAZn1d< z*f`J5-e~l%mUedIwM0Vx`K$>NMK^D^;o?!d*mU96fXMD0e#a(#To{&M_{zNzi1(j(<#c)( zQC}}$Hq8E>IakV==W+f<*Q2e20daA+Rn*i{Mhg?8(}7jHCkKNr;rd8m1z;E(n;~n z>BjH+4)ETC9uUE!{{3a+&%kIcx;dc5qhI~G_e;Fi^pZYnnz+CvUG?dso?2ny!S{c? zP52gcD^t;Ys{PFCNn!;#2wjAZCG2rPpWzt&5xWw0oF3}``WI`GaGY^#ozRw&I{-S( ze<=rwV@$$R*I&o)O3ZFNbE@vny^Z9c8ZDOjvmDb3;%{v1I*G?dR)v zJa$cfeaiTIhU8TDS=$C(OYr-WlXQOMeErbR7B9?ehdvFrPprC=DLM4XEDnf;sj*ghjS*95I*I><9_z7d}508V(wdHvEeg2_m^Hhb!x0?2^$&D zV~pOcs-lu#T+EKMHFGK)q=l;>GBbH9f6FeDvMJcaGh{t4r!ANBEGUY%O1=5}#iPKr zH|KTSt-LVF)4;8z{K)eO95hY&rx_7KZEa6YJlng&+dxN%mngv4NQ zj34p5pn=K%c?@=8Cdw+h6U-%yS&kwY|=Gb^eHksBb|*C*{+7dY(FwxJ_?d zT3v;=#=X^T8;lc0;b;Kfs^cdhps}+%PwgS=k70@l=uKtbz+^be1l?NY%$9(h7V0xRp4< z)_`1ezsjbHMqD`$uPAB-5g9N6_w>=O(k(-z?{=!*aaGbr8kds$qTH#slv3Qy0JD;t z-VPS)rftFm0*H;gDl|Cp_m{b{XgZdHAt8(%p+4)vhX%O_UJnSTsJgkKOGH53Db$ep z8!lL|jt$p1=HPseyGMKb`iaN~FbTeI7JCPiMNT%YI;rRLY8C&bH&Fe9QUa73>+26x zJJvxvz$Ir>oAtC|D2Quf#7;71o1zxk6ej!! zWU7b^-x&%J;sc918Bbbe=$ls8`99hK8Xk$*Z2rIWa466qRWM1U(?bza?a;=rp+JPq zrfVX|hvyz0$D5;Kp#Y^SbYg$~}{XtHqJeuz>sKxHa^WsGmprBPf{ za)<VuaL?Aqyt7yS0oNbEn(1 zu%)N__HCMG{-ReOxd(#t>ZyWjYaM%Cc=W_Om`>{5KW@@|J}5C8gB zdnk9PObQnXE%ui> z+iG$D)#(k#?oHgkJm%V9!=qCE?`&?{_dU0~JyEynb)DazA5MvTiagIYJndBdJ-=>G z_8z;7-{;o(BnuAE=5meBdkj8Ch$SHtCM%!4dbRZ3hs!}hUEi}tR%#M=c(=$h{4ekz zN6*@1K>jnodgg@aDuvj^)~ z&E?B8*yeTS%x~1*@_xMz@I1(un7y!Ea-XwvjK?`FTamU@7etoc{X8BbW+npCcm)(B%(8M8|eV4#Q-*bX?VB+t#_~8(yG`}KQ!LO}P{}C|^MzatWux?e| zZxy!{?-jlvjv;L_rbORQeyOUcz~lzd`YTsXM`k9tkI0YvMyY`32c0|R?Zc*Z9V`y}TfMynczCtW zZtP|&e(6{NtVWpJL)p!2o#QjkE>PIhJeI zC{y$?V2d}Lf&z1#?m$0*u0de|)^`=P5>~C$UAVTh>u;aB%$%n24=yL%xcGL$xK}T% zWXHX-e7&jqc#C@!EeFd>?_!DzT$Se)i@X~InfmJ4ix=bd*`Sr>+H|Peu$`xOSPEMk+jY7Lr%$vi9bfG z2fxlqXt$}>Q>!e$Yd9szjOdLY@FwMX?rg|p=u z;vW@cWL8>P4G?gp0#P+>zC#KNn6pbZ-T!hPmSL-mjaj8~5JL5J}O}JhM~fd zYr+unX!u~xk-i}u%WzDTxdNxQyzkkKmXug%1nv>NPt+{o*ZC#D97oWZ7Z&=z4Q58y zxwXL-cT?uj0`>ICnP}276|h0^!O4Ln7KCyx+H!j@w0?O;-hpu;+r`=y#z;s6U%$Ta zh%*zH)C`v{2d-o1i~ROgn14o^lx#CSny7HZEH99F~5mLJ_g^%qn1Q zf6p4a1fdPUT=~49r+EYKc3kurGycpza3s{KhS!aSqt=zh7pO|ult3yHAp2m{xfX$E zZqx&Ju=0v4pBnnHjf%(l633kim_EIS5fNik4;f57aGTS0Mqb0%eQ%Hb%NFP!mhbYA zH10b;JOA;T>T#`Wnj~ElO13VbJzu!+`n`LvbA*5V90Ya>6DBNmUn|Mz?xxrWnBA=* z&7yC*Ey=Q~(9k7K%dixjSfRIq<)%!o*6@8&QvAE7PX3=3AZ7i_lbf3-A9TC7jiGy> zCcvL^@nmqP z&u~*>x4-2m+wM$j@~>a5A1pjF^OTQJ-oO73y7C1y5df{_3uDf!e5n*Z54x1zzEE=gkJd`8!{$4E5Cqksmw=pI1Ew?SyV6~3kogfLC z==O0`szQtGIQG%JQp>TP*3!~~QDu2qnVIiK`=-=NDJGA&J&5oru5MtFr#N@+rH;B8 zzYrSJJ5nO#ZsMDar`f?-*XVa1lJq;P7S05!cZM7!D7QCNUATI+wxnc1XfB1B>YrN% z53fb)FFW*Rs&B%>^c_x^n}?q~w(f_OhO*K5 zA>SWgTJ0bgT;F-RtNqs1UFw_LZ@6c@%+TATbM0kD_h(<;tQdbH?|NEBcgEjF@CDl^*iNQkJ^_j$2D!P+tX>f?8oc!-=yk&9pFYZ7FgAW7Qn+&mJnWJ%UakkFMs2X75^Fck0Me=E9*C#tI#E-C;_`lT z5vOeX-VY#;a|*4}{9_NTKVueKKSU1*9^?7)#p2QuTch)5F6>R;k+jWX!umSdD(9J9 zZ;ZTcf3p@SUPa5(K;PKXk}dJkygb1vfB(50^olNqMRx%^BjfFJfNP1>c+6f&*m|r+ zXaEJm;r*jW#|D;h%DKt$l}2y$e-$+~F9^G^@3d8C{i@q(PrnDQe>`WCyLPIhx1Dc% zqm90s_-gNNEL$xd$^^^5>nUKZ;iZren`k8yQX|9*$By~MQMg-C zrIYC`VY4>nU%YG$tQ=q2ae3PG!PM7Tysv@U;ntJ z-q8o0=1Vpvo_YEX4bu}fLr?KGKgaW?TI#(zZ!P%geQJ#q-iog z|20HSymD-Cp;$|r{^X`P#=G(lo2Cf_s#7)m8h&}d6m=`B+`22w(&i~Wo_22W z&n5lG%p106wdb3AzUaPG{Rzl9Kul%!Ue%C4O|P2wFUUfOr@Gau)6 zxg(7uQo0bf1YUnjNdqDgXa70FYOaDp8V(EC8`E7`4pwPP-^p%x5gAYScrZb0r}>_5 z{*ZSt8sD-v-WyOhP{ZR(Vc|aZSb{`>E!+^s6J+4k$~3xZHYJJ<38J?EbNTueAX!%e z1B-%;1n3BE1_vjj)-y18W7LZ+c?t>-k-^fG7|KqW;)a%Ml9Mj_TpgW3;^IG#?_6n| zyjqGMqGh=bdY&Wsvvz{GmOAQsT|AxOFWd7>6s3H$<%<4+!i;y6-AqbK!XyA*C#V15 zy;D}$vSr5Uc}`C8XPIloZwbXu)Ovavl<6+;u6QK~keDXOGskC9EQACewGelnxYxp*7Rdx!%kcM1g?9S_7b( z`3=g1xaxQ*vIqI2;WbyV;4?2VUcyHkwgZrBdwU+)y^X$w8SI8~k?*n*=G_Hf z7pi-HcvhwAY$=wfc=2_g_0F0nq+iyjB)D6z>X$z$Ud_nUKmiiL^=>)ESonF|()~W# z<*cu%sZmpz_C7&%WA9ROE&^KVxeMtV!E&L%gp-~?{}k`tG+B;J=-{K`oAv1No?te^CQu&@Hl zNG@;X#JFS0_I)?mBwsST7}(!?`PhgNy92Hr>U%J6XIM|Wjj4r(*4;;)>Zw!R(_-SGJ^!{wgaM>|BopKndcZ0MVX}Fw9`n~O6TFZAuTRG4dprY zs$gtFDPRR#xi`Z&Z`smz_>Y$=$9Sf)^5~g%{r1n+X(*u6fL#A3=*``&378@Xc=1(7 z?sewDGdJH9m<4JdD7`stYMILo(^=HHr?UXip271kUTh1Fd@)VdQ+!KM z&(V6#-NuW3_?}$U<$GBDZ6Dt*r$n!Zd#(Kku8_J?D|R}(V-%F@Td)M-K)~*NT%y>O z5wu>?U1G(HvymEQ*?=D>n zi@(6>C_uPSup$r(uq_&ri`az6a!3A(Fmkgy7TcAepd6b>WH&tS5qNqd>jbC3b)Vgh z{y+TD0U**Q=KzFkm{^94g7)GM-QbPbW||e`6)B$07g!3-ud7A-Hg!#u&h9VfB@kF-${gFCU!?kI^#G}m2;F{;v76LwXI$dJ zSs^rHAqR6I#kN4zj7i1EkD0xFH8&O)D6{j@st!NX^l9jX+FvT^)6Y?WZ3I|DIu-Wd zL04sD;LTO`W#*U%zQW#-PiyJ1+0$T&tG*O!3#OwaMvr!*ftAi#-whK7pBFYAXz?MK zhcSHKZZj}Q!{aKnEsr7po+%c!3#ZskW@W(k?Nea%SZXN*H(*M@E(l#j5-57+oRyeE zO@3w&ij2qv1tXvV!$v%k6FDPGdndkhbxYz^G3&?@fIQ(U3uWatk+gh*ue@*4Q}sEx2QC%AHXv}3kx|_J z`@RY357{Pr#q%prHm2uHC?8IC#tm_JYcBzA#Q0#Al(Z(L-+KJ$5heQ4{m$k~x*hQI z^CLtc=LA1t05`{7j;4%>Bi`_Y6EE<;X{q!yQv4nPzA4kDI2WMDZBZQ?E!b`-qJK3x= z#jgWaoT>#rio<~SAG*rXuvjyq`wHmtz+?B*FA%rO#*ll!>5*77e}Fvi_>jr3YI+<1 zeC4xH6Mvk0{5?(I@cFLJfG5$`09E`MiF3WPTwuY>Rz5Ny6>o!>gX%`CfB)^K3e%=V z09vtO>EAj#Dm)6V+Is?Vtt^LG*T0sOq-SN-ymGSTCz|J0NuWTOa=|-r8r68;L17o( zzdlI71n2C%UspoHANh>IRHmH5l2jSY;m=whabe4&esr*c;MtEOJLXTjDJ#& z(j=MOj*f_6!V*x3DJ6VUht1hJR{5FG%zkwi5tx|4TB|2=8aZZn!oupY9$Qq&Q=H_%I4AX*U>bcBYL3(Xk`SlVWoOQxXJhmes$l{Q zl`XEEOl?v`L49=QT^BqnE>5x?(_X6bZUqSgU13~aMmU>yH*JCvL}Uo~ot2jMqpB)% z{&?S=j*e_?85pRC;WvFNip+9~8#T$kT0hksW}Pel@dM+aJ7FztyGvQvJG#1xHc5mY zg@gWe>vn_Hy`o!tt0A<}G>cfkE8b#+pNnbF)rrw9tnMVJ~%vC;s0+Hj=!2N8%; zOkv-5=9aL(`mjw>(UF7A=nsFWpFx;}U8ISL(60lXDSEZf)nh6g+9*r#qF^&K=E8tC zj_@(0H|9dHS?sRaz9iOlqv|j10=$?wI==7a>!R7!$(nHio8hnuBbM3a5%dKI(l-d> zFYD@G@0HLB{5i61AKBzezlNT z$U{K{LujFj!CKq8SjYCp*&UYZwClpS_0PS9a zIa5TmG=>Z?UBnlCGu3B9M8>0|zecVvU=Ll2{C(be7DSHQS&_-yug=`|lagcm{ny+fBS6%q&+#_@* zldbW6%j{Lp?Aaq02dD-DRR6YnsE@m{Q0Kr>$i?SKSXl6!KC+6<3___Db9@SU%&%{` z-3+?9b0@2$1E#I(uI$-#cS*;|k*yLp)UR|5;#<`;-W}_i*jK6I7)LsIt=ZE4vm&2q zMw}bskY`b;06m^&f}t%l9_oo z@>kLKtAM0MSoh)uOyXPOGeUX$$63fH9FOc`#-Nz2$c(B0#34X;Z9f6^7yf31xvLCk z@K4JX}Gp_nWx9eKhMUgyxK3lq4zoN(wDDEB)t$lNuyE%1&6{ZxCcI*DutT@LsfigJRwKX8=_)?#{a{R9r_Y2*lk_0d+*HrS z*>51B)2G)IsJ*{Ruo-^_(B=`2AY?5@WT^jY)AUb>w@DOCI$;p7T*v&L^-*!Hu*~Tu zJCjCy7frF>716dM=Tph2YjPNm9vf=ax$)Du>NA4r1M2U3esnBqO-W6qQ4pI%l4+AZc0R!wq+wYz`mj`==WG6K_nNH3Y zEzHG>udI^UGQlwb^20X;5`_{i)Fs9}4~GC@EM#(N;6VIxh8faWR+N{=Zb+Bpki-pm z>fYgkcNtX;Wt=RWJWQFmcm!S47K=!xkq8k3r037Ges+L_#NS}nBRZ&rU{1A@b^0|A z?>xOSnqHLS*k?m>`6OG%?2)4aeV?*aLl$RI$anf@RLSzcE&UfHg>C(+KjZx*v&_6y z@iyDOqN0w4u~26DQ5%PH_M{ubQ+1CWv=E=vXV!?3p`R7XT7beZ9O-n5g! zWGa}TaP68kD`w%u>4fHcbgqyJW!8R>gha`=Z?d|7grgWok0O%)etMjaYU_LtozWHh zd|l2X3!rfZ*`QRo6&0rNA8_arU#A0m5-wt*qv_b=-qZsRr+oLYQ90fxTj!vnLV;9r z-h&4T^#PKD2ai&*zrqkTVFkC~qI<0m`&2}YM96}3%!ZFsXc2{4wl7Z$@k+|u9AfYz zWp&&ix>6|+ZgO>4pGPJG{yG%M_IB@hcDvswonYIolNAo!9JWoo*MJeDrY6seQzyA{ za@S8AhBHjv<9&(_B|cPtcEBjKThQu^lZX!*Ggy`5zE;^sd+6@fYO;{{cb0_bl8sXxroi2HG3FPKpbj(SGruaRm`p zaL141yYPsLi#S*7TlMfjcvQl`I0SRz%rr`79JqbSdSdTP&t!|3)-R&tuT1R`Y8aMM zoDdd$6Gbu;O-_SFg1ZjG!V*+nPEV2=HR<4>o7WTsljha;8Cst^_U0I?{N&Wi2d|A! z@-XtB{R3^)^{0rr-hKA)&XZD2ItX2}d&<7ToXl?(>G%kQ{qKLuyic{BbmIU1MVNPT zWRyrp81hT7SM))Sl|tLHi4%Q>O%KTo`S-WOhNiBT3YI=i#d+q;Ok9VjPmgrGgHZS- zi*`)zAt7}%-S+Q?HyK^bkZoKD1D|v`tveDE5TB2nA>nUtn(s4i@nd7X_wot$cW#I5 z+WBsub1!Y*Go4#UhK4yic^?t4^kPRL9!`m{h_wTH?wtvm+$KW{wKi*gUw&z`nvBz@ z!)H^HYUNdb4p1JG>o;jb)K}+4ZC}0)42sh~H>jl7fzy|dgby?v^K|NsZm-vzR}EHK zees7zSGoC^cWS8okmg}xhV~m(NA9avhzO`nxR1brly~5)#Vlt-!T-MNZ)-GaGonS$ zo;~fdE(0_#z5cd9ABCM0qm$^o2-=K!bAlQ7kJ%f1-YY!R{Ou2)StzBcs6GMQg32Z|bdAWpq+ix}Z$AC=xPq{ljD-DoY zC)jjHajKZua;sb8o~(QL=;}(RK1anX*Wi2#s{t0Vtl>fj6*JWgC@lIm3V1docN1{y z$%A}G2gF0%9jV|k-@o0xcQEOZSf1^9hErQX4=(w|Vhhl{W znU)@O5?Rb{Zr{H#e(qqFqz*I##;|;5_GB=y#@y5#H8r03Ll>FdNAZzheaYTa+WKez zrv*3yg3s?pGUxO3##I5 z+unWeK7NY5*JN|KMqjl2!n3G#{ywtBTWw{!rFMi=xOV-CIJ|J_q7>_6Vdt&l^S0Qz z1(wY_V=p>L=DiN2!KJptL&l6jo+vwh{C8BLp}G6^b^TH71R^;_ZI58u#_Un3kofrmR9pzJFxx*N|*>7HjD(^=)cyR$_zA`SbQoS^~}MZz(%4%@URz%lXjUaI^j< zT3R+Jyg(;4D*A60JCok?0IJ5lzxJ-&@y_5>!2Z^jdbO3+`xLzv8Z1ptp0YVv{_RB7 zE2rJejWp?-Z9JOUc)ZQduD1XPi7A#@Dk=))j8{fKe5i0KoW(JyRcLAmv$>YjuPYrm z@oVh+)T0f%cfT>;_k2Qj&Wp~5iqLN_CUsR9NAJARSUT`U&8T-<4K{D2c{4G&h|#G4 zIppbiQUV+Wsj$b%%L~TJ$Q)cfmeL=g#AVj9SN5f0gx*I4%t&|M2d|^R=uFRHKP*7Q zi$lfx4@9}w*+EdSAr-wN)Z8-Ngn~+TeB(${8sO5PW~wkbIUOk zD-DIUPu*%0%c)adWm(Bic{S+I&5$SGDr^vc(B~k){5KMBTl`|f3}7@N8>D>~?`%SC zl(9JG_hFmLeK1(iA@YD9#KtP;t-BpArh8@1FRCIso1huC$5}QMeS0GOTi&P)>uEqc zw?O>+KI}+PvUnt%0r$TQ0FsZDc;T;WS3{H(R_*-Mb@l5j`?zIR^DW(TCXO*}{j;@S zpP=6|<%jN!=%w-?X5NQaB57}AJrlJ+PjIRh0RJr&s-&n+%)+1UD%GY+V#X2Z1Dr(< zvCm29^3GE|#SKfMz_zx$`{d3ClxGW=oUUmavcU0ry2GphbW2QpJr zqmlU;$|@>an3+u)J63Zv!^Ptj6+bmxA;Q{k*|L1a3U;hMjEGS3J_nWVDwWjZ)MZbSy2uaaj;T7Qy zewBZ+HP)A^6TjM~21@4}zoeRM)UO@hg@~Hk%%gb?qcFmr_&kprwD|6|YXSjiIx9oE z3+P)IH_%X%_jG^$dV%Ca$%Xsf1Gw2?KH#Hdd@>M3v1~LYwU}*E- zRCKjBL$mK|Z5X$geH^V&q5&PhuIs%@PM*#JPG}BV7)PZ=Cz;?S01$|Pif*;dekeb7 zEHUE>@m~6|t!I3<6L}_WLDR)voAtKTJo?11U-Wm4DKg~VXEuAc?*ts5FlUa*!i9(3 z`W}cod*MQoTf0=BjAj?h3mGq8yny0~F#9_l33vfgr%MOQhCauK?!klNZLxr4Sx80w zYvOiWd&X<)E&iPO+UP@zX^8Bql|_%_e!A^-TV-o`##VF2RE5vhCdG~fIN^xJ_M&Dc zN(F4PaIgQGOrazI1m8}~01X6(-58X!lkN@3%DwY1k}GJ+c}%bHh|;fM5V{!@K(Ldc zG6tu6A5ON3Bv2yuXP)=X2d@G)zN|Jfas-pC>B$QBKkTI7Ic2*mh_^l7WMSc8m3ZrT zm)oV)3eOYPD(`<|S{H0AeWT9Ge2mnhjDSg*b9;Jiwn*5sVLlxT^cC_|;kaeEDBbAO z|IBqQZEeeebhvHW+6BxaDagw^th*6bbxP854|ZU68|0tkyC@jG5+L*MWA zI>}mA2OW8l*ugD{_3q1)Ezd+|WuQ&bfBimg{!)JpsR4pL=i29+DEn^Mxqb9IwSL2A zY~T=+VkuAnJ`oo(#7lRrs)}~oDxS-5Q|HDlx*c$=w&t2Aq><5^g4VJ*{>__H zt3~?t<8`V`n+DZ-n2d_WAUro$l4H%uLG_MEO2xVUE6y~b<;w-t>uoX503+QWG{MtF z)V=(z*TehEyP8x4WpkuQlsTO6xF{;CdirLNLW(LbK13I-H*bIkjAq{o)C=BvX)OPQxG1gWc=F7kH2Ld# z-xC}L7q;l=)=rJ>GA|#OV|L=B)Q=zWaho<|t}mK