From db1a28bbad242b876cb9a3f6621b93ff22c6c5f1 Mon Sep 17 00:00:00 2001 From: Thomas Roos Date: Tue, 8 Oct 2024 10:21:30 +0200 Subject: [PATCH] delete outdated stuff, add docs --- .vscode/settings.json | 23 -- README.md | 19 +- auto-upgrader/README.md | 2 + core/README.md | 140 ------- core/buildspec/ci_image.yml | 20 - core/buildspec/ci_image_ti.dunfell.yml | 20 - core/cfn/ci_checklayer.yml | 187 ---------- core/cfn/ci_container_poky.yml | 245 ------------- core/cfn/ci_container_ti.dunfell.yml | 245 ------------- core/cfn/ci_network.yml | 260 ------------- core/containers/ci_image/Dockerfile | 190 ---------- .../containers/ci_image/amazon-ssm-agent.json | 45 --- .../containers/ci_image/dockerd-entrypoint.sh | 23 -- .../ci_image/legal/THIRD_PARTY_LICENSES.txt | 5 - .../ci_image/legal/bill_of_material.txt | 281 -------------- core/containers/ci_image/runtimes.yml | 123 ------- core/containers/ci_image/ssh_config | 3 - .../ci_image/tools/android-accept-licenses.sh | 30 -- .../ci_image/tools/runtime_configs/php/7.3.19 | 19 - .../ci_image/tools/runtime_configs/php/7.4.7 | 17 - .../tools/runtime_configs/python/3.7.7 | 17 - .../tools/runtime_configs/python/3.8.3 | 17 - .../containers/ci_image_ti.dunfell/Dockerfile | 208 ----------- .../ci_image_ti.dunfell/amazon-ssm-agent.json | 45 --- .../ci_image_ti.dunfell/dockerd-entrypoint.sh | 23 -- .../legal/THIRD_PARTY_LICENSES.txt | 5 - .../legal/bill_of_material.txt | 281 -------------- .../ci_image_ti.dunfell/runtimes.yml | 123 ------- .../containers/ci_image_ti.dunfell/ssh_config | 3 - .../tools/android-accept-licenses.sh | 30 -- .../tools/runtime_configs/php/7.3.19 | 19 - .../tools/runtime_configs/php/7.4.7 | 17 - .../tools/runtime_configs/python/3.7.7 | 17 - .../tools/runtime_configs/python/3.8.3 | 17 - core/scripts/setup_build_demos_prod.sh | 58 --- core/scripts/setup_ci_checklayer.sh | 78 ---- core/scripts/setup_ci_container.sh | 75 ---- core/scripts/setup_ci_container_poky.sh | 5 - core/scripts/setup_ci_container_ti.dunfell.sh | 5 - core/scripts/setup_ci_network.sh | 35 -- core/scripts/setup_dockerhub_secret.sh | 35 -- dependabot.yml | 6 - docs/new_release_checklist.md | 3 + docs/next_to_release_branch.md | 64 ++++ docs/ptest.md | 51 +++ ff-merge/README.md | 13 + ff-merge/release.sh | 17 + graphics/core_ci_network.jpeg | Bin 133058 -> 0 bytes ref/README.md | 77 ---- ref/cfn/build_image_prod.yml | 344 ------------------ ref/cfn/build_image_qa.yml | 331 ----------------- ref/cfn/build_image_sdk.yml | 331 ----------------- ref/cfn/ci_build_containter.yml | 259 ------------- ref/cfn/ci_network.yml | 259 ------------- ref/layer/ci/cb-ci_container.yml | 23 -- ref/layer/ci/cb-ci_image_prod.yml | 35 -- ref/layer/ci/cb-ci_image_qa.yml | 39 -- ref/layer/ci/cb-ci_image_sdk.yml | 35 -- ref/layer/ci/cb-ci_sdk.yml | 30 -- ref/layer/ci/ci_container/Dockerfile | 189 ---------- .../ci/ci_container/amazon-ssm-agent.json | 45 --- .../ci/ci_container/dockerd-entrypoint.sh | 23 -- .../legal/THIRD_PARTY_LICENSES.txt | 6 - .../ci_container/legal/bill_of_material.txt | 282 -------------- ref/layer/ci/ci_container/runtimes.yml | 123 ------- ref/layer/ci/ci_container/ssh_config | 3 - .../tools/android-accept-licenses.sh | 30 -- .../tools/runtime_configs/php/7.3.19 | 20 - .../tools/runtime_configs/php/7.4.7 | 18 - .../tools/runtime_configs/python/3.7.7 | 19 - .../tools/runtime_configs/python/3.8.3 | 19 - ref/layer/ci/repo-ci.xml | 34 -- ref/layer/conf/layer.conf | 13 - .../image/you-connect-image_1.0.0.bb | 26 -- .../you-connect/you-connect_1.0.0.bb | 33 -- release-tests/meta-aws-release-tests.sh | 126 +++++++ workshop/00_home.md | 8 - workshop/01_introduction.md | 8 - workshop/02_setup.md | 23 -- workshop/03_01_hello_yocto.md | 169 --------- workshop/03_02_build_images.md | 120 ------ workshop/03_03_dev_experience.md | 5 - workshop/03_04_auto_testing.md | 6 - workshop/03_05_remote_update.md | 13 - workshop/03_modules.md | 5 - workshop/04_conclusion.md | 5 - .../images/01_hello_yocto_bitbaketimes.png | Bin 34074 -> 0 bytes .../static/images/01_hello_yocto_diskfull.png | Bin 17645 -> 0 bytes .../02_build_images_solution_architecture.png | Bin 86616 -> 0 bytes 89 files changed, 279 insertions(+), 6019 deletions(-) delete mode 100644 .vscode/settings.json delete mode 100644 core/README.md delete mode 100644 core/buildspec/ci_image.yml delete mode 100644 core/buildspec/ci_image_ti.dunfell.yml delete mode 100644 core/cfn/ci_checklayer.yml delete mode 100644 core/cfn/ci_container_poky.yml delete mode 100644 core/cfn/ci_container_ti.dunfell.yml delete mode 100644 core/cfn/ci_network.yml delete mode 100644 core/containers/ci_image/Dockerfile delete mode 100644 core/containers/ci_image/amazon-ssm-agent.json delete mode 100644 core/containers/ci_image/dockerd-entrypoint.sh delete mode 100644 core/containers/ci_image/legal/THIRD_PARTY_LICENSES.txt delete mode 100644 core/containers/ci_image/legal/bill_of_material.txt delete mode 100644 core/containers/ci_image/runtimes.yml delete mode 100644 core/containers/ci_image/ssh_config delete mode 100644 core/containers/ci_image/tools/android-accept-licenses.sh delete mode 100644 core/containers/ci_image/tools/runtime_configs/php/7.3.19 delete mode 100644 core/containers/ci_image/tools/runtime_configs/php/7.4.7 delete mode 100644 core/containers/ci_image/tools/runtime_configs/python/3.7.7 delete mode 100644 core/containers/ci_image/tools/runtime_configs/python/3.8.3 delete mode 100644 core/containers/ci_image_ti.dunfell/Dockerfile delete mode 100644 core/containers/ci_image_ti.dunfell/amazon-ssm-agent.json delete mode 100644 core/containers/ci_image_ti.dunfell/dockerd-entrypoint.sh delete mode 100644 core/containers/ci_image_ti.dunfell/legal/THIRD_PARTY_LICENSES.txt delete mode 100644 core/containers/ci_image_ti.dunfell/legal/bill_of_material.txt delete mode 100644 core/containers/ci_image_ti.dunfell/runtimes.yml delete mode 100644 core/containers/ci_image_ti.dunfell/ssh_config delete mode 100644 core/containers/ci_image_ti.dunfell/tools/android-accept-licenses.sh delete mode 100644 core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.3.19 delete mode 100644 core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.4.7 delete mode 100644 core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.7.7 delete mode 100644 core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.8.3 delete mode 100755 core/scripts/setup_build_demos_prod.sh delete mode 100755 core/scripts/setup_ci_checklayer.sh delete mode 100755 core/scripts/setup_ci_container.sh delete mode 100755 core/scripts/setup_ci_container_poky.sh delete mode 100755 core/scripts/setup_ci_container_ti.dunfell.sh delete mode 100755 core/scripts/setup_ci_network.sh delete mode 100755 core/scripts/setup_dockerhub_secret.sh delete mode 100644 dependabot.yml create mode 100644 docs/new_release_checklist.md create mode 100644 docs/next_to_release_branch.md create mode 100644 docs/ptest.md create mode 100644 ff-merge/README.md create mode 100644 ff-merge/release.sh delete mode 100644 graphics/core_ci_network.jpeg delete mode 100644 ref/README.md delete mode 100644 ref/cfn/build_image_prod.yml delete mode 100644 ref/cfn/build_image_qa.yml delete mode 100644 ref/cfn/build_image_sdk.yml delete mode 100644 ref/cfn/ci_build_containter.yml delete mode 100644 ref/cfn/ci_network.yml delete mode 100644 ref/layer/ci/cb-ci_container.yml delete mode 100644 ref/layer/ci/cb-ci_image_prod.yml delete mode 100644 ref/layer/ci/cb-ci_image_qa.yml delete mode 100644 ref/layer/ci/cb-ci_image_sdk.yml delete mode 100644 ref/layer/ci/cb-ci_sdk.yml delete mode 100644 ref/layer/ci/ci_container/Dockerfile delete mode 100644 ref/layer/ci/ci_container/amazon-ssm-agent.json delete mode 100644 ref/layer/ci/ci_container/dockerd-entrypoint.sh delete mode 100644 ref/layer/ci/ci_container/legal/THIRD_PARTY_LICENSES.txt delete mode 100644 ref/layer/ci/ci_container/legal/bill_of_material.txt delete mode 100644 ref/layer/ci/ci_container/runtimes.yml delete mode 100644 ref/layer/ci/ci_container/ssh_config delete mode 100644 ref/layer/ci/ci_container/tools/android-accept-licenses.sh delete mode 100644 ref/layer/ci/ci_container/tools/runtime_configs/php/7.3.19 delete mode 100644 ref/layer/ci/ci_container/tools/runtime_configs/php/7.4.7 delete mode 100644 ref/layer/ci/ci_container/tools/runtime_configs/python/3.7.7 delete mode 100644 ref/layer/ci/ci_container/tools/runtime_configs/python/3.8.3 delete mode 100644 ref/layer/ci/repo-ci.xml delete mode 100644 ref/layer/conf/layer.conf delete mode 100644 ref/layer/recipes-core/image/you-connect-image_1.0.0.bb delete mode 100644 ref/layer/recipes-core/you-connect/you-connect_1.0.0.bb create mode 100755 release-tests/meta-aws-release-tests.sh delete mode 100644 workshop/00_home.md delete mode 100644 workshop/01_introduction.md delete mode 100644 workshop/02_setup.md delete mode 100644 workshop/03_01_hello_yocto.md delete mode 100644 workshop/03_02_build_images.md delete mode 100644 workshop/03_03_dev_experience.md delete mode 100644 workshop/03_04_auto_testing.md delete mode 100644 workshop/03_05_remote_update.md delete mode 100644 workshop/03_modules.md delete mode 100644 workshop/04_conclusion.md delete mode 100644 workshop/static/images/01_hello_yocto_bitbaketimes.png delete mode 100644 workshop/static/images/01_hello_yocto_diskfull.png delete mode 100644 workshop/static/images/02_build_images_solution_architecture.png diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 1ad78ee..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,23 +0,0 @@ -{ - "yaml.customTags": [ - "!Base64 scalar", - "!Cidr scalar", - "!And sequence", - "!Equals sequence", - "!If sequence", - "!Not sequence", - "!Or sequence", - "!Condition scalar", - "!FindInMap sequence", - "!GetAtt scalar", - "!GetAtt sequence", - "!GetAZs scalar", - "!ImportValue scalar", - "!Join sequence", - "!Select sequence", - "!Split sequence", - "!Sub scalar", - "!Transform mapping", - "!Ref scalar" - ] -} diff --git a/README.md b/README.md index dd4b1e6..6189528 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,5 @@ ## meta-aws-ci: continuous integration for the meta-aws project -Subtopics: - -* Core CI -* Reference implementation - ## Goals This project has three goals: @@ -20,17 +15,9 @@ This project has three goals: ## How this repository is organized ```text - core/ <= mechanisms for meta-aws CI - cfn/ <= CI/CD pipeline - CFN - Standard (all recipe targets and QA checks) - conf/ <= bitbake local.conf configuration snippets - containers/ <= container definitions for distribution build environments - ref/ <= reference implementation - cfn/ <= Infrastructure using AWS CodeCommit - conf/ <= bitbake local configuration - layer/ <= Reference app layer, distribution definition - ci/ <= AWS CodeBuild buildspec file per target, repo config - verify/ <= mechanisms for meta-aws and meta-aws-demos pull requests - workshop/ <= workshop source for working on Yocto on AWS + auto-upgrader/ <= tool that is used in meta-aws to generate pull requests if an recipe upgrade is available + docs/ <= writeups of different topics + release-tests/ <= script to build and ptests all Yocto meta-aws releases ``` ## Repo Linting diff --git a/auto-upgrader/README.md b/auto-upgrader/README.md index 418be09..9faaa85 100644 --- a/auto-upgrader/README.md +++ b/auto-upgrader/README.md @@ -1,3 +1,5 @@ # Recipe Upgrade Helper A tool for automating recipe upgrades for meta-aws. + +#TODO: there should be an info how to just checkout this folder as this is used in CI it should be just this folder. diff --git a/core/README.md b/core/README.md deleted file mode 100644 index 6b6de57..0000000 --- a/core/README.md +++ /dev/null @@ -1,140 +0,0 @@ -**under construction** - -The **core** part of this repository contains the standard set of AWS -CloudFormation and other data for **meta-aws** Continuous Integration -and Continuous Delivery practices. Customers can reuse these -artifacts to build Linux distributions with Yocto Project. - -## How this is organized - - - **buildspec**: AWS CodeBuild files that are not meta-aws or - meta-aws-demos specific. For example, the buildspec file for - building containers used in AWS CodeBuild. - - **cfn**: AWS CloudFormation files that hydrate AWS cloud objects - in your AWS account to perform Yocto Project builds and - housekeeping activities. - - **containers**: Container definitions for specific build - activities. For example, there is a container definitions for - specific distributions like **Poky** (Yocto Project) and - **Arago** (Texas Instruments). - -## Working environment - -For simplicity, we assume you are operating in an AWS CloudShell -context. They will run on a Linux or Mac OS machine with AWS Command -Line Interface installed. Run on a Windows machine at your own risk. - -1. Login to the AWS Console. Open the AWS CloudShell service and wait - for the environment to run. -2. In AWS CloudShell, run the following command to clone this repository. - - ```bash - git clone https://github.com/aws4embeddedlinux/meta-aws-ci - cd ~/meta-aws-ci/core/scripts/ - export ACCOUNT_ID=123456789123 - export PREFIX=mod2-$ACCOUNT_ID - ``` -3. When building containers, you will need a secret setup in AWS Secret -Manager. Run this script and enter your Dockerhub username -and password. It will create a Secrets Manager entry and return an -ARN that you will use when doing setup for the container projects. - - ```bash - ./setup_dockerhub_secret.sh $PREFIX - ``` - -4. Once this process is complete, store the secret ARN in an environment variable for later use. - - ```bash - export SECRET_ARN=arn:aws:secretsmanager:eu-west-1:123456789123:secret:dockerhub_EXAMPLE - ``` - -## Baseline components - -Baseline components are required for all other automation areas. - -1. In AWS CloudShell, run the script to create the network layer. The - network layer is a Virtual Private Cloud (VPN) for AWS CodeBuild. - - ```bash - ./setup_ci_network.sh $PREFIX - ``` - -## Container components - -1. Install the container build layer to your target. The script - naming convention is - `setup_ci_container_[.].sh`. - - In the Poky case, you install the container build using the script - with the name `poky` in it. - - ```bash - ./setup_ci_container_poky.sh $PREFIX $SECRET_ARN - ``` - - In the TI (Arago) case, you will need to be more specific. - - ```bash - ./setup_ci_container_ti.dunfell.sh $PREFIX $SECRET_ARN - ``` - - If you have forked the meta-aws-ci repository and need to use the - repo from your own context, set the `GITHUB_REPO` variable. For - example: - - - ```bash - GITHUB_ORG=rpcme ./setup_ci_container_ti.dunfell.sh $PREFIX $SECRET_ARN - ``` -2. Once this process is complete, invoke the build process. The process takes about 15 minutes to complete. You can monitor it using the CLI or by logging into the AWS CodeBuild console. Make sure you select the right region. - - ```bash - aws codebuild start-build --project-name $PREFIX-el-ci-container-poky - ``` - -3. Finally, find out the image URI and store it in an environment variable for later use. - - ```bash - aws ecr describe-repositories --query repositories[].repositoryUri --output text - export CONTAINER_URI=123456789123.dkr.ecr.eu-west-1.amazonaws.com/yoctoproject/EXAMPLE/buildmachine-poky - ``` - -## Embedded Linux build components - -1. In AWS CloudShell, run the script to create the Linux build layer. This script installs an AWS CodeBuild project to construct the core-image-minimal image for the QEMU x86-64 MACHINE target that includes the AWS IoT Device Client. The AWS CodeBuild project file for this project is in the - [meta-aws-demos](https://github.com/aws-samples/meta-aws-demos) It also creates a new S3 bucket to store images it creates. - - ```bash - export VENDOR=rpi_foundation - export BOARD=rpi4-64 - export DEMO=aws-iot-greengrass-v2 - export YOCTO_RELEASE=dunfell - export COMPUTE_TYPE=BUILD_GENERAL1_LARGE - ./setup_build_demos_prod.sh $PREFIX $CONTAINER_URI $VENDOR $BOARD $DEMO $YOCTO_RELEASE $COMPUTE_TYPE - ``` - - If you are setting up this for a repo not in aws-samples, then you - can override the organization where your meta-aws-demos repo is running. - - ```bash - GITHUB_ORG=rpcme ./setup_build_demos_prod.sh $PREFIX $CONTAINER_URI $VENDOR $BOARD $DEMO $YOCTO_RELEASE $COMPUTE_TYPE - ``` - -2. Once the process complete, find out the name of the newly created S3 bucket and store in an environment variable for later use - - ```bash - aws s3 ls | grep $PREFIX-el-build- | awk '{print $3}' - export S3_BUCKET=EXAMPLE-el-build-rpi4-64-aws-iot-gre-buildbucket-EXAMPLE - ``` - -3. Invoke the build process. You can monitor it using the CLI or by logging into the AWS CodeBuild console. Make sure you select the right region. - - ```bash - aws codebuild start-build --project-name $PREFIX-el-build-$BOARD-$DEMO-$YOCTO_RELEASE - ``` - -4. Once the build process is complete you can review the contents of the S3 bucket - ```bash - aws s3 ls $S3_BUCKET --recursive - ``` diff --git a/core/buildspec/ci_image.yml b/core/buildspec/ci_image.yml deleted file mode 100644 index 54aa565..0000000 --- a/core/buildspec/ci_image.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: 0.2 -phases: - pre_build: - commands: - - echo Logging in to Amazon ECR... - - aws ecr get-login-password --region $AWS_DEFAULT_REGION | - docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com - - docker login --username $dockerhub_username --password $dockerhub_password - build: - commands: - - echo Build started on `date` - - echo Building the Docker image... - - cd core/containers/ci_image - - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG . - - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG - post_build: - commands: - - echo Build completed on `date` - - echo Pushing the Docker image... - - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG diff --git a/core/buildspec/ci_image_ti.dunfell.yml b/core/buildspec/ci_image_ti.dunfell.yml deleted file mode 100644 index 67514ea..0000000 --- a/core/buildspec/ci_image_ti.dunfell.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: 0.2 -phases: - pre_build: - commands: - - echo Logging in to Amazon ECR... - - aws ecr get-login-password --region $AWS_DEFAULT_REGION | - docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com - - docker login --username $dockerhub_username --password $dockerhub_password - build: - commands: - - echo Build started on `date` - - echo Building the Docker image... - - cd core/containers/ci_image_ti.dunfell - - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG . - - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG - post_build: - commands: - - echo Build completed on `date` - - echo Pushing the Docker image... - - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG diff --git a/core/cfn/ci_checklayer.yml b/core/cfn/ci_checklayer.yml deleted file mode 100644 index 8cf933c..0000000 --- a/core/cfn/ci_checklayer.yml +++ /dev/null @@ -1,187 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild project that - performs the layercheck. - -Parameters: - NetworkStackName: - Description: >- - An environment name that is prefixed to resource names - Type: String - ContainerRegistryUri: - Description: >- - The URI where the build machine image lives in REPOSITORY:TAG format. - Type: String - YoctoProjectRelease: - Description: >- - The Yocto release, i.e. zeus, dunfell, etc. - Type: String - GitHubOrg: - Description: >- - The GitHub organization or user to set the codebuild project for. - Type: String - Default: "aws" - -Resources: - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Type: NO_ARTIFACTS - BadgeEnabled: true - Description: Layercheck- check layer validity - Environment: - Type: LINUX_CONTAINER - ComputeType: BUILD_GENERAL1_LARGE - Image: !Ref ContainerRegistryUri - PrivilegedMode: true - ImagePullCredentialsType: CODEBUILD - EnvironmentVariables: - - Name: YP_RELEASE - Type: PLAINTEXT - Value: !Ref YoctoProjectRelease - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Triggers: - Webhook: true - FilterGroups: - - - Type: EVENT - Pattern: PULL_REQUEST_UPDATED, PULL_REQUEST_CREATED, PULL_REQUEST_REOPENED - - Type: BASE_REF - Pattern: !Join - - '' - - - '^refs/heads/' - - !Ref YoctoProjectRelease - ExcludeMatchedPattern: false - Source: - BuildSpec: qa/buildspec.checklayer.yml - Location: !Join - - '' - - - 'https://github.com/' - - !Ref GitHubOrg - - '/meta-aws' - Type: GITHUB - SourceIdentifier: meta_aws_layercheck - SourceVersion: !Join - - '' - - - refs/heads/ - - !Ref YoctoProjectRelease - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Join - - '' - - - !Ref AWS::StackName - - "_YPBuildImage" - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Join - - '' - - - !Ref AWS::StackName - - "_YPBuildImage" - - ':*' - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:GetDownloadUrlForLayer' - - 'ecr:BatchGetImage' - - 'ecr:BatchCheckLayerAvailability' - Effect: Allow - Resource: '*' diff --git a/core/cfn/ci_container_poky.yml b/core/cfn/ci_container_poky.yml deleted file mode 100644 index e8b0875..0000000 --- a/core/cfn/ci_container_poky.yml +++ /dev/null @@ -1,245 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild project that - builds the docker container used for YP builds. It depends on the - CI Network template. - -Parameters: - NetworkStackName: - Description: >- - An environment name that is prefixed to resource names - Type: String - - DockerhubSecretArn: - Description: >- - The secret you manually created to access DockerHub - Type: String - - Prefix: - Description: >- - A unique prefix for objects that might clash on multiple instances - Type: String - GitHubOrg: - Description: >- - The GitHub organization or user to set the codebuild project for. - Type: String - Default: "aws" - -Resources: - - CodeBuildImageRepository: - Type: AWS::ECR::Repository - Properties: - RepositoryName: !Sub 'yoctoproject/${Prefix}/buildmachine-poky' - RepositoryPolicyText: >- - { - "Version": "2008-10-17", - "Statement": [ - { - "Sid": "CodeBuildAccess", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - }, - "Action": [ - "ecr:BatchCheckLayerAvailability", - "ecr:BatchGetImage", - "ecr:GetDownloadUrlForLayer" - ] - } - ] - } - - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Type: NO_ARTIFACTS - BadgeEnabled: true - Description: >- - The build process for creating an image and propagating to - ECR for automated build processes. - Environment: - Type: LINUX_CONTAINER - ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:4.0 - PrivilegedMode: true - EnvironmentVariables: - - Name: IMAGE_REPO_NAME - Value: !Sub 'yoctoproject/${Prefix}/buildmachine-poky' - Type: PLAINTEXT - - Name: AWS_DEFAULT_REGION - Value: !Ref 'AWS::Region' - Type: PLAINTEXT - - Name: AWS_ACCOUNT_ID - Value: !Ref 'AWS::AccountId' - Type: PLAINTEXT - - Name: IMAGE_TAG - Value: latest - Type: PLAINTEXT - - Name: dockerhub_username - Value: !Sub "dockerhub_${Prefix}:username" - Type: SECRETS_MANAGER - - Name: dockerhub_password - Value: !Sub "dockerhub_${Prefix}:password" - Type: SECRETS_MANAGER - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Source: - BuildSpec: core/buildspec/ci_image.yml - Location: !Join - - '' - - - "https://github.com/" - - !Ref GitHubOrg - - "/meta-aws-ci" - Type: GITHUB - SourceIdentifier: meta_aws_ci - SourceVersion: master - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:BatchCheckLayerAvailability' - - 'ecr:CompleteLayerUpload' - - 'ecr:GetAuthorizationToken' - - 'ecr:InitiateLayerUpload' - - 'ecr:PutImage' - - 'ecr:UploadLayerPart' - Effect: Allow - Resource: '*' - - PolicyName: SecretManagerAccessDH - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'secretsmanager:GetSecretValue' - Effect: Allow - Resource: !Ref DockerhubSecretArn - - PolicyName: SecretManagerAccessCodebuild - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'secretsmanager:GetSecretValue' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:secretsmanager:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':secret:/CodeBuild/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - ':*' - - PolicyName: S3Access - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 's3:PutObject' - - 's3:GetObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: "arn:aws:s3:::codepipeline-us-east-1-*" diff --git a/core/cfn/ci_container_ti.dunfell.yml b/core/cfn/ci_container_ti.dunfell.yml deleted file mode 100644 index fa7c013..0000000 --- a/core/cfn/ci_container_ti.dunfell.yml +++ /dev/null @@ -1,245 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild project that - builds the docker container used for YP builds. It depends on the - CI Network template. - -Parameters: - NetworkStackName: - Description: >- - An environment name that is prefixed to resource names - Type: String - - DockerhubSecretArn: - Description: >- - The secret you manually created to access DockerHub - Type: String - - Prefix: - Description: >- - A unique prefix for objects that might clash on multiple instances - Type: String - GitHubOrg: - Description: >- - The GitHub organization or user to set the codebuild project for. - Type: String - Default: "aws" - -Resources: - - CodeBuildImageRepository: - Type: AWS::ECR::Repository - Properties: - RepositoryName: !Sub 'yoctoproject/${Prefix}/buildmachine-ti-dunfell' - RepositoryPolicyText: >- - { - "Version": "2008-10-17", - "Statement": [ - { - "Sid": "CodeBuildAccess", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - }, - "Action": [ - "ecr:BatchCheckLayerAvailability", - "ecr:BatchGetImage", - "ecr:GetDownloadUrlForLayer" - ] - } - ] - } - - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Type: NO_ARTIFACTS - BadgeEnabled: true - Description: >- - The build process for creating an image and propagating to - ECR for automated build processes. - Environment: - Type: LINUX_CONTAINER - ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:4.0 - PrivilegedMode: true - EnvironmentVariables: - - Name: IMAGE_REPO_NAME - Value: !Sub 'yoctoproject/${Prefix}/buildmachine-ti-dunfell' - Type: PLAINTEXT - - Name: AWS_DEFAULT_REGION - Value: !Ref 'AWS::Region' - Type: PLAINTEXT - - Name: AWS_ACCOUNT_ID - Value: !Ref 'AWS::AccountId' - Type: PLAINTEXT - - Name: IMAGE_TAG - Value: latest - Type: PLAINTEXT - - Name: dockerhub_username - Value: !Sub "dockerhub_${Prefix}:username" - Type: SECRETS_MANAGER - - Name: dockerhub_password - Value: !Sub "dockerhub_${Prefix}:password" - Type: SECRETS_MANAGER - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Source: - BuildSpec: core/buildspec/ci_image_ti.dunfell.yml - Location: !Join - - '' - - - "https://github.com/" - - !Ref GitHubOrg - - "/meta-aws-ci" - Type: GITHUB - SourceIdentifier: meta_aws_ci - SourceVersion: master - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:BatchCheckLayerAvailability' - - 'ecr:CompleteLayerUpload' - - 'ecr:GetAuthorizationToken' - - 'ecr:InitiateLayerUpload' - - 'ecr:PutImage' - - 'ecr:UploadLayerPart' - Effect: Allow - Resource: '*' - - PolicyName: SecretManagerAccessDH - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'secretsmanager:GetSecretValue' - Effect: Allow - Resource: !Ref DockerhubSecretArn - - PolicyName: SecretManagerAccessCodebuild - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'secretsmanager:GetSecretValue' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:secretsmanager:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':secret:/CodeBuild/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - ':*' - - PolicyName: S3Access - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 's3:PutObject' - - 's3:GetObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: "arn:aws:s3:::codepipeline-us-east-1-*" diff --git a/core/cfn/ci_network.yml b/core/cfn/ci_network.yml deleted file mode 100644 index 820d229..0000000 --- a/core/cfn/ci_network.yml +++ /dev/null @@ -1,260 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild ready VPC with - the CodeBuild project and ECS store for building storing the - resulting image. This is taken verbatim from the CodeBuild - documentation. - -Parameters: - VpcCIDR: - Description: >- - Please enter the IP range (CIDR notation) for this VPC - Type: String - Default: 10.192.0.0/16 - - PublicSubnet1CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - public subnet in the first Availability Zone - Type: String - Default: 10.192.10.0/24 - - PublicSubnet2CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - public subnet in the second Availability Zone - Type: String - Default: 10.192.11.0/24 - - PrivateSubnet1CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - private subnet in the first Availability Zone - Type: String - Default: 10.192.20.0/24 - - PrivateSubnet2CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - private subnet in the second Availability Zone - Type: String - Default: 10.192.21.0/24 - -Resources: - VPC: - Type: AWS::EC2::VPC - Properties: - CidrBlock: !Ref VpcCIDR - EnableDnsSupport: true - EnableDnsHostnames: true - Tags: - - Key: Name - Value: !Ref AWS::StackName - - InternetGateway: - Type: AWS::EC2::InternetGateway - Properties: - Tags: - - Key: Name - Value: !Ref AWS::StackName - - InternetGatewayAttachment: - Type: AWS::EC2::VPCGatewayAttachment - Properties: - InternetGatewayId: !Ref InternetGateway - VpcId: !Ref VPC - - PublicSubnet1: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 0, !GetAZs '' ] - CidrBlock: !Ref PublicSubnet1CIDR - MapPublicIpOnLaunch: true - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Public Subnet (AZ1) - - PublicSubnet2: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 1, !GetAZs '' ] - CidrBlock: !Ref PublicSubnet2CIDR - MapPublicIpOnLaunch: true - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Public Subnet (AZ2) - - PrivateSubnet1: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 0, !GetAZs '' ] - CidrBlock: !Ref PrivateSubnet1CIDR - MapPublicIpOnLaunch: false - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Subnet (AZ1) - - PrivateSubnet2: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 1, !GetAZs '' ] - CidrBlock: !Ref PrivateSubnet2CIDR - MapPublicIpOnLaunch: false - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Subnet (AZ2) - - NatGateway1EIP: - Type: AWS::EC2::EIP - DependsOn: InternetGatewayAttachment - Properties: - Domain: vpc - - NatGateway2EIP: - Type: AWS::EC2::EIP - DependsOn: InternetGatewayAttachment - Properties: - Domain: vpc - - NatGateway1: - Type: AWS::EC2::NatGateway - Properties: - AllocationId: !GetAtt NatGateway1EIP.AllocationId - SubnetId: !Ref PublicSubnet1 - - NatGateway2: - Type: AWS::EC2::NatGateway - Properties: - AllocationId: !GetAtt NatGateway2EIP.AllocationId - SubnetId: !Ref PublicSubnet2 - - PublicRouteTable: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref VPC - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Public Routes - - DefaultPublicRoute: - Type: AWS::EC2::Route - DependsOn: InternetGatewayAttachment - Properties: - RouteTableId: !Ref PublicRouteTable - DestinationCidrBlock: 0.0.0.0/0 - GatewayId: !Ref InternetGateway - - PublicSubnet1RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PublicRouteTable - SubnetId: !Ref PublicSubnet1 - - PublicSubnet2RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PublicRouteTable - SubnetId: !Ref PublicSubnet2 - - PrivateRouteTable1: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref VPC - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Routes (AZ1) - - DefaultPrivateRoute1: - Type: AWS::EC2::Route - Properties: - RouteTableId: !Ref PrivateRouteTable1 - DestinationCidrBlock: 0.0.0.0/0 - NatGatewayId: !Ref NatGateway1 - - PrivateSubnet1RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PrivateRouteTable1 - SubnetId: !Ref PrivateSubnet1 - - PrivateRouteTable2: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref VPC - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Routes (AZ2) - - DefaultPrivateRoute2: - Type: AWS::EC2::Route - Properties: - RouteTableId: !Ref PrivateRouteTable2 - DestinationCidrBlock: 0.0.0.0/0 - NatGatewayId: !Ref NatGateway2 - - PrivateSubnet2RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PrivateRouteTable2 - SubnetId: !Ref PrivateSubnet2 - - NoIngressSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupName: "no-ingress-sg" - GroupDescription: "Security group with no ingress rule" - VpcId: !Ref VPC - - -Outputs: - VPC: - Description: >- - A reference to the created VPC - Value: !Ref VPC - Export: - Name: !Sub "${AWS::StackName}-VPC" - - PublicSubnet1: - Description: >- - A reference to the public subnet in the 1st Availability Zone - Value: !Ref PublicSubnet1 - Export: - Name: !Sub "${AWS::StackName}-PublicSubnet1" - - PublicSubnet2: - Description: >- - A reference to the public subnet in the 2nd Availability Zone - Value: !Ref PublicSubnet2 - Export: - Name: !Sub "${AWS::StackName}-PublicSubnet2" - - PrivateSubnet1: - Description: >- - A reference to the private subnet in the 1st Availability Zone - Value: !Ref PrivateSubnet1 - Export: - Name: !Sub "${AWS::StackName}-PrivateSubnet1" - - PrivateSubnet2: - Description: >- - A reference to the private subnet in the 2nd Availability Zone - Value: !Ref PrivateSubnet2 - Export: - Name: !Sub "${AWS::StackName}-PrivateSubnet2" - - NoIngressSecurityGroup: - Description: >- - Security group with no ingress rule - Value: !Ref NoIngressSecurityGroup - Export: - Name: !Sub "${AWS::StackName}-NoIngressSecurityGroup" - - DefaultSecurityGroup: - Description: >- - Security group with no ingress rule - Value: !GetAtt VPC.DefaultSecurityGroup - Export: - Name: !Sub "${AWS::StackName}-DefaultSecurityGroup" diff --git a/core/containers/ci_image/Dockerfile b/core/containers/ci_image/Dockerfile deleted file mode 100644 index e130a36..0000000 --- a/core/containers/ci_image/Dockerfile +++ /dev/null @@ -1,190 +0,0 @@ -# Copyright 2020-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. -# A copy of the License is located at -# -# http://aws.amazon.com/asl/ -# -# or in the "license" file accompanying this file. -# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. -# See the License for the specific language governing permissions and limitations under the License. - -FROM ubuntu:18.04 AS core - -ENV DEBIAN_FRONTEND="noninteractive" - -# Install git, SSH, and other utilities -RUN set -ex \ - && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \ - && apt-get update \ - && apt install -y apt-transport-https gnupg ca-certificates \ - && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \ - && echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list \ - && apt-get install software-properties-common -y --no-install-recommends \ - && apt-add-repository -y ppa:git-core/ppa \ - && apt-get update \ - && apt-get install git=1:2.* -y --no-install-recommends \ - && git version \ - && apt-get install -y --no-install-recommends openssh-client \ - && mkdir ~/.ssh \ - && touch ~/.ssh/known_hosts \ - && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ - && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ - && chmod 600 ~/.ssh/known_hosts \ - && apt-get install -y --no-install-recommends \ - apt-utils asciidoc autoconf automake build-essential bzip2 \ - bzr curl cvs cvsps dirmngr docbook-xml docbook-xsl dpkg-dev \ - e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \ - groff gzip imagemagick iptables jq less libapr1 libaprutil1 \ - libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \ - libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ - libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \ - libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \ - libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \ - libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \ - libpq-dev libreadline-dev libserf-1-1 libsqlite3-dev libssl-dev \ - libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \ - libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \ - libyaml-dev libyaml-perl llvm locales make mercurial mlocate mono-devel \ - netbase openssl patch pkg-config procps python-bzrlib \ - python-configobj python-openssl rsync sgml-base sgml-data subversion \ - tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \ - libzip4 libzip-dev vim xvfb xz-utils zip zlib1g-dev iproute2 zstd \ - liblz4-1 liblz4-tool \ - && apt-get install -y --no-install-recommends \ - gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath \ - socat cpio python python3 python3-pip python3-pexpect xz-utils debianutils \ - iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3 xterm strace \ - && rm -rf /var/lib/apt/lists/* - -RUN useradd codebuild-user - -#=======================End of layer: core ================= - -FROM core AS tools - -# AWS Tools -# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html -RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator \ - && curl -sS -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/kubectl \ - && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \ - && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ - && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl - -# Configure SSM -RUN set -ex \ - && mkdir /tmp/ssm \ - && cd /tmp/ssm \ - && wget https://s3.eu-north-1.amazonaws.com/amazon-ssm-eu-north-1/latest/debian_amd64/amazon-ssm-agent.deb \ - && dpkg -i amazon-ssm-agent.deb - -# Install env tools for runtimes - -#python -RUN curl https://pyenv.run | bash -ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH" - -#=======================End of layer: tools ================= -FROM tools AS runtimes - -#**************** PYTHON ***************************************************** -ENV PYTHON_38_VERSION="3.8.3" \ - PYTHON_37_VERSION="3.7.7" - -ENV PYTHON_PIP_VERSION=19.3.1 - -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* -RUN pyenv global $PYTHON_37_VERSION -RUN set -ex \ - && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ - && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \ - && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv - - -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* -RUN pyenv global $PYTHON_38_VERSION -RUN set -ex \ - && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ - && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \ - && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv - -#**************** END PYTHON ***************************************************** - -#=======================End of layer: runtimes ================= - -#**************** DOCKER ********************************************* -ENV DOCKER_BUCKET="download.docker.com" \ - DOCKER_CHANNEL="stable" \ - DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ - DOCKER_COMPOSE_VERSION="1.26.0" \ - SRC_DIR="/usr/src" - -ENV DOCKER_SHA256="0f4336378f61ed73ed55a356ac19e46699a995f2aff34323ba5874d131548b9e" -ENV DOCKER_VERSION="19.03.11" - -# Install Docker -RUN set -ex \ - && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ - && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ - && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ - && rm docker.tgz \ - && docker -v \ - # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box - && addgroup dockremap \ - && useradd -g dockremap dockremap \ - && echo 'dockremap:165536:65536' >> /etc/subuid \ - && echo 'dockremap:165536:65536' >> /etc/subgid \ - && wget -nv "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ - && curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose \ - # Ensure docker-compose works - && docker-compose version - -VOLUME /var/lib/docker -#*********************** END DOCKER **************************** - -#=======================End of layer: corretto ================= - -RUN pyenv global $PYTHON_38_VERSION - -# Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ - -RUN which dash &> /dev/null && (\ - echo "dash dash/sh boolean false" | debconf-set-selections && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash) || \ - echo "Skipping dash reconfigure (not applicable)" - -RUN locale-gen en_US.UTF-8 -RUN dpkg-reconfigure locales -RUN update-locale LANG=en_US.UTF-8 -ENV LANG=en_US.UTF-8 - -# When we run in a CodeBuild context, we can integrate with CodeCommit -# only when run-as is root. Also, when run-as is aws-yocto-builder, -# HOME is still root. So, just give permission to aws-yocto-builder to -# root's home directory, which is a big bag of crazy. -# NOTE: the whole reason why we need to do this is bitbake requires -# we run from a non-root context, which is completely sane. -RUN mkdir /home/aws-yocto-builder && \ - groupadd -g 70 aws-yocto-builder && \ - useradd -N -m -u 70 -g 70 aws-yocto-builder && \ - chown -R aws-yocto-builder:aws-yocto-builder /home/aws-yocto-builder && \ - chown -R aws-yocto-builder:aws-yocto-builder /root - -# These are EFS mount points and must be permissioned so we can invoke the -# build and place outputs from a non-root context. -RUN mkdir /downloads && chown -R aws-yocto-builder:aws-yocto-builder /downloads -RUN mkdir /sstate-cache && chown -R aws-yocto-builder:aws-yocto-builder /sstate-cache -RUN mkdir /build-output && chown -R aws-yocto-builder:aws-yocto-builder /build-output - -USER aws-yocto-builder - -ENTRYPOINT ["dockerd-entrypoint.sh"] diff --git a/core/containers/ci_image/amazon-ssm-agent.json b/core/containers/ci_image/amazon-ssm-agent.json deleted file mode 100644 index acb8c83..0000000 --- a/core/containers/ci_image/amazon-ssm-agent.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "Profile":{ - "ShareCreds" : true, - "ShareProfile" : "" - }, - "Mds": { - "CommandWorkersLimit" : 5, - "StopTimeoutMillis" : 20000, - "Endpoint": "", - "CommandRetryLimit": 15 - }, - "Ssm": { - "Endpoint": "", - "HealthFrequencyMinutes": 5, - "CustomInventoryDefaultLocation" : "", - "AssociationLogsRetentionDurationHours" : 24, - "RunCommandLogsRetentionDurationHours" : 336, - "SessionLogsRetentionDurationHours" : 336 - }, - "Mgs": { - "Region": "", - "Endpoint": "", - "StopTimeoutMillis" : 20000, - "SessionWorkersLimit" : 1000 - }, - "Agent": { - "Region": "", - "OrchestrationRootDir": "", - "ContainerMode": true - }, - "Os": { - "Lang": "en-US", - "Name": "", - "Version": "1" - }, - "S3": { - "Endpoint": "", - "Region": "", - "LogBucket":"", - "LogKey":"" - }, - "Kms": { - "Endpoint": "" - } -} diff --git a/core/containers/ci_image/dockerd-entrypoint.sh b/core/containers/ci_image/dockerd-entrypoint.sh deleted file mode 100644 index 1591be4..0000000 --- a/core/containers/ci_image/dockerd-entrypoint.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -e - -/usr/local/bin/dockerd \ - --host=unix:///var/run/docker.sock \ - --host=tcp://127.0.0.1:2375 \ - --storage-driver=overlay2 &>/var/log/docker.log & - - -tries=0 -d_timeout=60 -until docker info >/dev/null 2>&1 -do - if [ "$tries" -gt "$d_timeout" ]; then - cat /var/log/docker.log - echo 'Timed out trying to connect to internal docker host.' >&2 - exit 1 - fi - tries=$(( $tries + 1 )) - sleep 1 -done - -eval "$@" diff --git a/core/containers/ci_image/legal/THIRD_PARTY_LICENSES.txt b/core/containers/ci_image/legal/THIRD_PARTY_LICENSES.txt deleted file mode 100644 index 6d6039d..0000000 --- a/core/containers/ci_image/legal/THIRD_PARTY_LICENSES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Third Party Licenses -==================== - -Stunnel: -We include unmodified version of stunnel softwares in the docker images. The source code for the current version can be downloaded from https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/stunnel-5.56.tar.gz diff --git a/core/containers/ci_image/legal/bill_of_material.txt b/core/containers/ci_image/legal/bill_of_material.txt deleted file mode 100644 index 840548a..0000000 --- a/core/containers/ci_image/legal/bill_of_material.txt +++ /dev/null @@ -1,281 +0,0 @@ -The Amazon CodeBuild Product includes the following third-party software/licensing: - ----------------- -apt-transport-https : /usr/share/doc/apt-transport-https/copyright ----------------- -apt-utils : /usr/share/doc/apt-utils/copyright ----------------- -asciidoc : /usr/share/doc/asciidoc/copyright ----------------- -autoconf : /usr/share/doc/autoconf/copyright ----------------- -automake : /usr/share/doc/automake/copyright ----------------- -build-essential : /usr/share/doc/build-essential/copyright ----------------- -bzip2 : /usr/share/doc/bzip2/copyright ----------------- -bzr : /usr/share/doc/bzr/copyright ----------------- -ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright ----------------- -curl : /usr/share/doc/curl/copyright ----------------- -cvs : /usr/share/doc/cvs/copyright ----------------- -cvsps : /usr/share/doc/cvsps/copyright ----------------- -dirmngr : /usr/share/doc/dirmngr/copyright ----------------- -docbook-xml : /usr/share/doc/docbook-xml/copyright ----------------- -docbook-xsl : /usr/share/doc/docbook-xsl/copyright ----------------- -dpkg-dev : /usr/share/doc/dpkg-dev/copyright ----------------- -e2fsprogs : /usr/share/doc/e2fsprogs/copyright ----------------- -expect : /usr/share/doc/expect/copyright ----------------- -fakeroot : /usr/share/doc/fakeroot/copyright ----------------- -file : /usr/share/doc/file/copyright ----------------- -g++ : /usr/share/doc/g++/copyright ----------------- -gcc : /usr/share/doc/gcc/copyright ----------------- -gettext : /usr/share/doc/gettext/copyright ----------------- -gettext-base : /usr/share/doc/gettext-base/copyright ----------------- -git : /usr/share/doc/git/copyright ----------------- -groff : /usr/share/doc/groff/copyright ----------------- -gzip : /usr/share/doc/gzip/copyright ----------------- -imagemagick : /usr/share/doc/imagemagick/copyright ----------------- -iptables : /usr/share/doc/iptables/copyright ----------------- -jq : /usr/share/doc/jq/copyright ----------------- -less : /usr/share/doc/less/copyright ----------------- -lib32gcc1 : /usr/share/doc/lib32gcc1/copyright ----------------- -lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright ----------------- -lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright ----------------- -lib32z1 : /usr/share/doc/lib32z1/copyright ----------------- -libapr1 : /usr/share/doc/libapr1/copyright ----------------- -libaprutil1 : /usr/share/doc/libaprutil1/copyright ----------------- -libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright ----------------- -libasound2 : /usr/share/doc/libasound2/copyright ----------------- -libbz2-dev : /usr/share/doc/libbz2-dev/copyright ----------------- -libc6-dev : /usr/share/doc/libc6-dev/copyright ----------------- -libc6-i386 : /usr/share/doc/libc6-i386/copyright ----------------- -libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright ----------------- -libdb-dev : /usr/share/doc/libdb-dev/copyright ----------------- -libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright ----------------- -libdbi-perl : /usr/share/doc/libdbi-perl/copyright ----------------- -libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright ----------------- -libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright ----------------- -libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright ----------------- -libedit-dev : /usr/share/doc/libedit-dev/copyright ----------------- -liberror-perl : /usr/share/doc/liberror-perl/copyright ----------------- -libevent-dev : /usr/share/doc/libevent-dev/copyright ----------------- -libffi-dev : /usr/share/doc/libffi-dev/copyright ----------------- -libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright ----------------- -libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright ----------------- -libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright ----------------- -libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright ----------------- -libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright ----------------- -libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright ----------------- -libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright ----------------- -libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright ----------------- -liblzma-dev : /usr/share/doc/liblzma-dev/copyright ----------------- -libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright ----------------- -libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright ----------------- -libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright ----------------- -libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright ----------------- -libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright ----------------- -libonig-dev : /usr/share/doc/libonig-dev/copyright ----------------- -libpq-dev : /usr/share/doc/libpq-dev/copyright ----------------- -libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright ----------------- -libreadline-dev : /usr/share/doc/libreadline-dev/copyright ----------------- -libserf-1-1 : /usr/share/doc/libserf-1-1/copyright ----------------- -libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright ----------------- -libssl-dev : /usr/share/doc/libssl-dev/copyright ----------------- -libsvn-perl : /usr/share/doc/libsvn-perl/copyright ----------------- -libsvn1 : /usr/share/doc/libsvn1/copyright ----------------- -libtcl8.6 : /usr/share/doc/libtcl8.6/copyright ----------------- -libtidy-dev : /usr/share/doc/libtidy-dev/copyright ----------------- -libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright ----------------- -libtool : /usr/share/doc/libtool/copyright ----------------- -libwebp-dev : /usr/share/doc/libwebp-dev/copyright ----------------- -libxml2-dev : /usr/share/doc/libxml2-dev/copyright ----------------- -libxml2-utils : /usr/share/doc/libxml2-utils/copyright ----------------- -libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright ----------------- -libyaml-dev : /usr/share/doc/libyaml-dev/copyright ----------------- -libyaml-perl : /usr/share/doc/libyaml-perl/copyright ----------------- -libzip-dev : /usr/share/doc/libzip-dev/copyright ----------------- -libzip4 : /usr/share/doc/libzip4/copyright ----------------- -llvm : /usr/share/doc/llvm/copyright ----------------- -locales : /usr/share/doc/locales/copyright ----------------- -make : /usr/share/doc/make/copyright ----------------- -mercurial : /usr/share/doc/mercurial/copyright ----------------- -mlocate : /usr/share/doc/mlocate/copyright ----------------- -mono-devel : /usr/share/doc/mono-devel/copyright ----------------- -netbase : /usr/share/doc/netbase/copyright ----------------- -openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright ----------------- -openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright ----------------- -openssh-client : /usr/share/doc/openssh-client/copyright ----------------- -openssl : /usr/share/doc/openssl/copyright ----------------- -patch : /usr/share/doc/patch/copyright ----------------- -pkg-config : /usr/share/doc/pkg-config/copyright ----------------- -procps : /usr/share/doc/procps/copyright ----------------- -python-bzrlib : /usr/share/doc/python-bzrlib/copyright ----------------- -python-configobj : /usr/share/doc/python-configobj/copyright ----------------- -python-openssl : /usr/share/doc/python-openssl/copyright ----------------- -python-setuptools : /usr/share/doc/python-setuptools/copyright ----------------- -rsync : /usr/share/doc/rsync/copyright ----------------- -sbt : /usr/share/doc/sbt/copyright ----------------- -sgml-base : /usr/share/doc/sgml-base/copyright ----------------- -sgml-data : /usr/share/doc/sgml-data/copyright ----------------- -software-properties-common : /usr/share/doc/software-properties-common/copyright ----------------- -subversion : /usr/share/doc/subversion/copyright ----------------- -tar : /usr/share/doc/tar/copyright ----------------- -tcl : /usr/share/doc/tcl/copyright ----------------- -tcl8.6 : /usr/share/doc/tcl8.6/copyright ----------------- -tk : /usr/share/doc/tk/copyright ----------------- -tk-dev : /usr/share/doc/tk-dev/copyright ----------------- -unzip : /usr/share/doc/unzip/copyright ----------------- -vim : /usr/share/doc/vim/copyright ----------------- -wget : /usr/share/doc/wget/copyright ----------------- -xfsprogs : /usr/share/doc/xfsprogs/copyright ----------------- -xml-core : /usr/share/doc/xml-core/copyright ----------------- -xmlto : /usr/share/doc/xmlto/copyright ----------------- -xsltproc : /usr/share/doc/xsltproc/copyright ----------------- -xvfb : /usr/share/doc/xvfb/copyright ----------------- -xz-utils : /usr/share/doc/xz-utils/copyright ----------------- -zip : /usr/share/doc/zip/copyright ----------------- -zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright ----------------- -ruby :https://www.ruby-lang.org/en/about/license.txt ----------------- -python :https://docs.python.org/3/license.html ----------------- -php :https://www.php.net/license/index.php ----------------- -nodejs :https://github.com/nodejs/node/blob/master/LICENSE ----------------- -golang :https://golang.org/LICENSE ----------------- -dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT ----------------- -Firefox :https://www.mozilla.org/en-US/MPL/ ----------------- -Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html ----------------- -stunnel : https://www.stunnel.org/gpl.html ----------------- -gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE ----------------- -docker : https://www.docker.com/legal/components-licenses ----------------- diff --git a/core/containers/ci_image/runtimes.yml b/core/containers/ci_image/runtimes.yml deleted file mode 100644 index 7a68a21..0000000 --- a/core/containers/ci_image/runtimes.yml +++ /dev/null @@ -1,123 +0,0 @@ -version: 0.1 - -runtimes: - android: - versions: - 28: - requires: - java: ["corretto8"] - commands: - - echo "Installing Android version 28 ..." - 29: - requires: - java: ["corretto8"] - commands: - - echo "Installing Android version 29 ..." - - java: - versions: - corretto11: - commands: - - echo "Installing Java version 11 ..." - - - export JAVA_HOME="$JAVA_11_HOME" - - - export JRE_HOME="$JRE_11_HOME" - - - export JDK_HOME="$JDK_11_HOME" - - - |- - for tool_path in "$JAVA_HOME"/bin/*; - do tool=`basename "$tool_path"`; - if [ $tool != 'java-rmi.cgi' ]; - then - update-alternatives --list "$tool" | grep -q "$tool_path" \ - && update-alternatives --set "$tool" "$tool_path"; - fi; - done - corretto8: - commands: - - echo "Installing Java version 8 ..." - - - export JAVA_HOME="$JAVA_8_HOME" - - - export JRE_HOME="$JRE_8_HOME" - - - export JDK_HOME="$JDK_8_HOME" - - - |- - for tool_path in "$JAVA_8_HOME"/bin/* "$JRE_8_HOME"/bin/*; - do tool=`basename "$tool_path"`; - if [ $tool != 'java-rmi.cgi' ]; - then - update-alternatives --list "$tool" | grep -q "$tool_path" \ - && update-alternatives --set "$tool" "$tool_path"; - fi; - done - golang: - versions: - 1.12: - commands: - - echo "Installing Go version 1.12 ..." - - goenv global $GOLANG_12_VERSION - 1.13: - commands: - - echo "Installing Go version 1.13 ..." - - goenv global $GOLANG_13_VERSION - 1.14: - commands: - - echo "Installing Go version 1.14 ..." - - goenv global $GOLANG_14_VERSION - python: - versions: - 3.8: - commands: - - echo "Installing Python version 3.8 ..." - - pyenv global $PYTHON_38_VERSION - 3.7: - commands: - - echo "Installing Python version 3.7 ..." - - pyenv global $PYTHON_37_VERSION - php: - versions: - 7.4: - commands: - - echo "Installing PHP version 7.4 ..." - - phpenv global $PHP_74_VERSION - 7.3: - commands: - - echo "Installing PHP version 7.3 ..." - - phpenv global $PHP_73_VERSION - ruby: - versions: - 2.6: - commands: - - echo "Installing Ruby version 2.6 ..." - - rbenv global $RUBY_26_VERSION - 2.7: - commands: - - echo "Installing Ruby version 2.7 ..." - - rbenv global $RUBY_27_VERSION - nodejs: - versions: - 10: - commands: - - echo "Installing Node.js version 10 ..." - - n $NODE_10_VERSION - 12: - commands: - - echo "Installing Node.js version 12 ..." - - n $NODE_12_VERSION - docker: - versions: - 18: - commands: - - echo "Using Docker 19" - 19: - commands: - - echo "Using Docker 19" - dotnet: - versions: - 3.1: - commands: - - echo "Installing .NET version 3.1 ..." diff --git a/core/containers/ci_image/ssh_config b/core/containers/ci_image/ssh_config deleted file mode 100644 index 710e275..0000000 --- a/core/containers/ci_image/ssh_config +++ /dev/null @@ -1,3 +0,0 @@ -Host * - ConnectTimeout 10 - ConnectionAttempts 10 diff --git a/core/containers/ci_image/tools/android-accept-licenses.sh b/core/containers/ci_image/tools/android-accept-licenses.sh deleted file mode 100644 index ebac067..0000000 --- a/core/containers/ci_image/tools/android-accept-licenses.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 1800 -set cmd [lindex $argv 0] -set licenses [lindex $argv 1] - -spawn {*}$cmd -expect { - "Do you accept the license '*'*" { - exp_send "y\r" - exp_continue - } - "Accept? (y/N): " { - exp_send "y\r" - exp_continue - } - "Review licenses that have not been accepted (y/N)? " { - exp_send "y\r" - exp_continue - } - eof -} - -lassign [wait] pid spawnid os_error waitvalue - -if {$os_error == 0} { - exit $waitvalue -} else { - exit 1 -} diff --git a/core/containers/ci_image/tools/runtime_configs/php/7.3.19 b/core/containers/ci_image/tools/runtime_configs/php/7.3.19 deleted file mode 100644 index 25fed15..0000000 --- a/core/containers/ci_image/tools/runtime_configs/php/7.3.19 +++ /dev/null @@ -1,19 +0,0 @@ -configure_option "--with-curl" -configure_option "--with-libedit" -configure_option "--with-password-argon2" -configure_option "--with-pdo-pgsql" - -PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" - -#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.3.19 -#Don't change beyond this line - -configure_option "--without-pear" -configure_option "--with-gd" -configure_option "--with-png-dir" "/usr" -configure_option "--with-jpeg-dir" "/usr" -configure_option "--enable-zip" - -install_package "https://secure.php.net/distributions/php-7.3.19.tar.bz2" -install_xdebug "2.9.6" -enable_builtin_opcache diff --git a/core/containers/ci_image/tools/runtime_configs/php/7.4.7 b/core/containers/ci_image/tools/runtime_configs/php/7.4.7 deleted file mode 100644 index 04d6a1a..0000000 --- a/core/containers/ci_image/tools/runtime_configs/php/7.4.7 +++ /dev/null @@ -1,17 +0,0 @@ -configure_option "--with-curl" -configure_option "--with-password-argon2" -configure_option "--with-pdo-pgsql" -configure_option "--with-libedit" - -PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" - -#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.4.7 -#Don't change beyond this line - -configure_option "--enable-gd" -configure_option "--with-jpeg" -configure_option "--with-zip" - -install_package "https://secure.php.net/distributions/php-7.4.7.tar.bz2" -install_xdebug "2.9.6" -enable_builtin_opcache diff --git a/core/containers/ci_image/tools/runtime_configs/python/3.7.7 b/core/containers/ci_image/tools/runtime_configs/python/3.7.7 deleted file mode 100644 index 165cb78..0000000 --- a/core/containers/ci_image/tools/runtime_configs/python/3.7.7 +++ /dev/null @@ -1,17 +0,0 @@ -export PYTHON_CONFIGURE_OPTS="\ - --enable-shared - --enable-loadable-sqlite-extensions" - -# Don't change below this line. -# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.7.7 - -#require_gcc -prefer_openssl11 -export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 -install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl -install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline -if has_tar_xz_support; then - install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz#06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" standard verify_py37 copy_python_gdb ensurepip -else - install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz#8c8be91cd2648a1a0c251f04ea0bb4c2a5570feb9c45eaaa2241c785585b475a" standard verify_py37 copy_python_gdb ensurepip -fi diff --git a/core/containers/ci_image/tools/runtime_configs/python/3.8.3 b/core/containers/ci_image/tools/runtime_configs/python/3.8.3 deleted file mode 100644 index 2ca94b2..0000000 --- a/core/containers/ci_image/tools/runtime_configs/python/3.8.3 +++ /dev/null @@ -1,17 +0,0 @@ -export PYTHON_CONFIGURE_OPTS="\ - --enable-shared - --enable-loadable-sqlite-extensions" - -# Don't change below this line. -# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.8.3 - -#require_gcc -prefer_openssl11 -export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 -install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl -install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline -if has_tar_xz_support; then - install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tar.xz#dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864" standard verify_py38 copy_python_gdb ensurepip -else - install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tgz#6af6d4d2e010f9655518d0fc6738c7ff7069f10a4d2fbd55509e467f092a8b90" standard verify_py38 copy_python_gdb ensurepip -fi diff --git a/core/containers/ci_image_ti.dunfell/Dockerfile b/core/containers/ci_image_ti.dunfell/Dockerfile deleted file mode 100644 index 3b15cca..0000000 --- a/core/containers/ci_image_ti.dunfell/Dockerfile +++ /dev/null @@ -1,208 +0,0 @@ -# Copyright 2020-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. -# A copy of the License is located at -# -# http://aws.amazon.com/asl/ -# -# or in the "license" file accompanying this file. -# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. -# See the License for the specific language governing permissions and limitations under the License. - -FROM ubuntu:18.04 AS core - -ENV DEBIAN_FRONTEND="noninteractive" - -# Install git, SSH, and other utilities -RUN set -ex \ - && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \ - && apt-get update \ - && apt install -y apt-transport-https gnupg ca-certificates \ - && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \ - && echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list \ - && apt-get install software-properties-common -y --no-install-recommends \ - && apt-add-repository -y ppa:git-core/ppa \ - && apt-get update \ - && apt-get install git=1:2.* -y --no-install-recommends \ - && git version \ - && apt-get install -y --no-install-recommends openssh-client \ - && mkdir ~/.ssh \ - && touch ~/.ssh/known_hosts \ - && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ - && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ - && chmod 600 ~/.ssh/known_hosts \ - && apt-get install -y --no-install-recommends \ - apt-utils asciidoc autoconf automake build-essential bzip2 \ - bzr curl cvs cvsps dirmngr docbook-xml docbook-xsl dpkg-dev \ - e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \ - groff gzip imagemagick iptables jq less libapr1 libaprutil1 \ - libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \ - libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ - libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \ - libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \ - libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \ - libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \ - libpq-dev libreadline-dev libserf-1-1 libsqlite3-dev libssl-dev \ - libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \ - libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \ - libyaml-dev libyaml-perl llvm locales make mercurial mlocate mono-devel \ - netbase openssl patch pkg-config procps python-bzrlib \ - python-configobj python-openssl rsync sgml-base sgml-data subversion \ - tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \ - libzip4 libzip-dev vim xvfb xz-utils zip zlib1g-dev iproute2 zstd \ - && apt-get install -y --no-install-recommends \ - gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath \ - socat cpio python python3 python3-pip python3-pexpect xz-utils debianutils \ - iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3 xterm strace \ - && rm -rf /var/lib/apt/lists/* - -RUN useradd codebuild-user - -#=======================End of layer: core ================= - -FROM core AS tools - -# AWS Tools -# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html -RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator \ - && curl -sS -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/kubectl \ - && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \ - && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ - && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl - -# Configure SSM -RUN set -ex \ - && mkdir /tmp/ssm \ - && cd /tmp/ssm \ - && wget https://s3.eu-north-1.amazonaws.com/amazon-ssm-eu-north-1/latest/debian_amd64/amazon-ssm-agent.deb \ - && dpkg -i amazon-ssm-agent.deb - -# Install env tools for runtimes - -#python -RUN curl https://pyenv.run | bash -ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH" - -#=======================End of layer: tools ================= -FROM tools AS runtimes - -#**************** PYTHON ***************************************************** -ENV PYTHON_38_VERSION="3.8.3" \ - PYTHON_37_VERSION="3.7.7" - -ENV PYTHON_PIP_VERSION=19.3.1 - -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* -RUN pyenv global $PYTHON_37_VERSION -RUN set -ex \ - && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ - && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \ - && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv - - -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* -RUN pyenv global $PYTHON_38_VERSION -RUN set -ex \ - && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ - && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \ - && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv - -#**************** END PYTHON ***************************************************** - -#=======================End of layer: runtimes ================= - -#**************** DOCKER ********************************************* -ENV DOCKER_BUCKET="download.docker.com" \ - DOCKER_CHANNEL="stable" \ - DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ - DOCKER_COMPOSE_VERSION="1.26.0" \ - SRC_DIR="/usr/src" - -ENV DOCKER_SHA256="0f4336378f61ed73ed55a356ac19e46699a995f2aff34323ba5874d131548b9e" -ENV DOCKER_VERSION="19.03.11" - -# Install Docker -RUN set -ex \ - && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ - && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ - && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ - && rm docker.tgz \ - && docker -v \ - # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box - && addgroup dockremap \ - && useradd -g dockremap dockremap \ - && echo 'dockremap:165536:65536' >> /etc/subuid \ - && echo 'dockremap:165536:65536' >> /etc/subgid \ - && wget -nv "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ - && curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose \ - # Ensure docker-compose works - && docker-compose version - -VOLUME /var/lib/docker -#*********************** END DOCKER **************************** - -#=======================End of layer: corretto ================= - -RUN pyenv global $PYTHON_38_VERSION - -# Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ - -RUN which dash &> /dev/null && (\ - echo "dash dash/sh boolean false" | debconf-set-selections && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash) || \ - echo "Skipping dash reconfigure (not applicable)" - -RUN locale-gen en_US.UTF-8 -RUN dpkg-reconfigure locales -RUN update-locale LANG=en_US.UTF-8 -ENV LANG=en_US.UTF-8 - -# Download and install ARM toolchains. The TI and Arago build process -# uses external toolchain. -# See: http://arago-project.org/wiki/index.php/Setting_Up_Build_Environment -# -# TI/Arago Dunfell release uses 9.2-2019.12 - -RUN wget --no-check-certificate https://developer.arm.com/-/media/Files/downloads/gnu-a/9.2-2019.12/binrel/gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf.tar.xz -RUN wget --no-check-certificate https://developer.arm.com/-/media/Files/downloads/gnu-a/9.2-2019.12/binrel/gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu.tar.xz -RUN tar -Jxvf gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf.tar.xz -C $HOME -RUN tar -Jxvf gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu.tar.xz -C $HOME -RUN rm gcc-arm-9.2-2019.12-x86_64-arm-none-linux-gnueabihf.tar.xz -RUN rm gcc-arm-9.2-2019.12-x86_64-aarch64-none-linux-gnu.tar.xz - -RUN dpkg --add-architecture i386 -RUN apt-get update -RUN apt-get install -y git build-essential diffstat texinfo gawk chrpath -RUN apt-get install -y libstdc++6:i386 libncurses5:i386 libz1:i386 libc6:i386 libc6-dev-i386 g++-multilib -RUN dpkg-reconfigure dash -fnoninteractive - -# When we run in a CodeBuild context, we can integrate with CodeCommit -# only when run-as is root. Also, when run-as is aws-yocto-builder, -# HOME is still root. So, just give permission to aws-yocto-builder to -# root's home directory, which is a big bag of crazy. -# NOTE: the whole reason why we need to do this is bitbake requires -# we run from a non-root context, which is completely sane. -RUN mkdir /home/aws-yocto-builder && \ - groupadd -g 70 aws-yocto-builder && \ - useradd -N -m -u 70 -g 70 aws-yocto-builder && \ - chown -R aws-yocto-builder:aws-yocto-builder /home/aws-yocto-builder && \ - chown -R aws-yocto-builder:aws-yocto-builder /root - -# These are EFS mount points and must be permissioned so we can invoke the -# build and place outputs from a non-root context. -RUN mkdir /downloads && chown -R aws-yocto-builder:aws-yocto-builder /downloads -RUN mkdir /sstate-cache && chown -R aws-yocto-builder:aws-yocto-builder /sstate-cache -RUN mkdir /build-output && chown -R aws-yocto-builder:aws-yocto-builder /build-output - -USER aws-yocto-builder - -ENTRYPOINT ["dockerd-entrypoint.sh"] diff --git a/core/containers/ci_image_ti.dunfell/amazon-ssm-agent.json b/core/containers/ci_image_ti.dunfell/amazon-ssm-agent.json deleted file mode 100644 index acb8c83..0000000 --- a/core/containers/ci_image_ti.dunfell/amazon-ssm-agent.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "Profile":{ - "ShareCreds" : true, - "ShareProfile" : "" - }, - "Mds": { - "CommandWorkersLimit" : 5, - "StopTimeoutMillis" : 20000, - "Endpoint": "", - "CommandRetryLimit": 15 - }, - "Ssm": { - "Endpoint": "", - "HealthFrequencyMinutes": 5, - "CustomInventoryDefaultLocation" : "", - "AssociationLogsRetentionDurationHours" : 24, - "RunCommandLogsRetentionDurationHours" : 336, - "SessionLogsRetentionDurationHours" : 336 - }, - "Mgs": { - "Region": "", - "Endpoint": "", - "StopTimeoutMillis" : 20000, - "SessionWorkersLimit" : 1000 - }, - "Agent": { - "Region": "", - "OrchestrationRootDir": "", - "ContainerMode": true - }, - "Os": { - "Lang": "en-US", - "Name": "", - "Version": "1" - }, - "S3": { - "Endpoint": "", - "Region": "", - "LogBucket":"", - "LogKey":"" - }, - "Kms": { - "Endpoint": "" - } -} diff --git a/core/containers/ci_image_ti.dunfell/dockerd-entrypoint.sh b/core/containers/ci_image_ti.dunfell/dockerd-entrypoint.sh deleted file mode 100644 index 1591be4..0000000 --- a/core/containers/ci_image_ti.dunfell/dockerd-entrypoint.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -e - -/usr/local/bin/dockerd \ - --host=unix:///var/run/docker.sock \ - --host=tcp://127.0.0.1:2375 \ - --storage-driver=overlay2 &>/var/log/docker.log & - - -tries=0 -d_timeout=60 -until docker info >/dev/null 2>&1 -do - if [ "$tries" -gt "$d_timeout" ]; then - cat /var/log/docker.log - echo 'Timed out trying to connect to internal docker host.' >&2 - exit 1 - fi - tries=$(( $tries + 1 )) - sleep 1 -done - -eval "$@" diff --git a/core/containers/ci_image_ti.dunfell/legal/THIRD_PARTY_LICENSES.txt b/core/containers/ci_image_ti.dunfell/legal/THIRD_PARTY_LICENSES.txt deleted file mode 100644 index 6d6039d..0000000 --- a/core/containers/ci_image_ti.dunfell/legal/THIRD_PARTY_LICENSES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Third Party Licenses -==================== - -Stunnel: -We include unmodified version of stunnel softwares in the docker images. The source code for the current version can be downloaded from https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/stunnel-5.56.tar.gz diff --git a/core/containers/ci_image_ti.dunfell/legal/bill_of_material.txt b/core/containers/ci_image_ti.dunfell/legal/bill_of_material.txt deleted file mode 100644 index 840548a..0000000 --- a/core/containers/ci_image_ti.dunfell/legal/bill_of_material.txt +++ /dev/null @@ -1,281 +0,0 @@ -The Amazon CodeBuild Product includes the following third-party software/licensing: - ----------------- -apt-transport-https : /usr/share/doc/apt-transport-https/copyright ----------------- -apt-utils : /usr/share/doc/apt-utils/copyright ----------------- -asciidoc : /usr/share/doc/asciidoc/copyright ----------------- -autoconf : /usr/share/doc/autoconf/copyright ----------------- -automake : /usr/share/doc/automake/copyright ----------------- -build-essential : /usr/share/doc/build-essential/copyright ----------------- -bzip2 : /usr/share/doc/bzip2/copyright ----------------- -bzr : /usr/share/doc/bzr/copyright ----------------- -ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright ----------------- -curl : /usr/share/doc/curl/copyright ----------------- -cvs : /usr/share/doc/cvs/copyright ----------------- -cvsps : /usr/share/doc/cvsps/copyright ----------------- -dirmngr : /usr/share/doc/dirmngr/copyright ----------------- -docbook-xml : /usr/share/doc/docbook-xml/copyright ----------------- -docbook-xsl : /usr/share/doc/docbook-xsl/copyright ----------------- -dpkg-dev : /usr/share/doc/dpkg-dev/copyright ----------------- -e2fsprogs : /usr/share/doc/e2fsprogs/copyright ----------------- -expect : /usr/share/doc/expect/copyright ----------------- -fakeroot : /usr/share/doc/fakeroot/copyright ----------------- -file : /usr/share/doc/file/copyright ----------------- -g++ : /usr/share/doc/g++/copyright ----------------- -gcc : /usr/share/doc/gcc/copyright ----------------- -gettext : /usr/share/doc/gettext/copyright ----------------- -gettext-base : /usr/share/doc/gettext-base/copyright ----------------- -git : /usr/share/doc/git/copyright ----------------- -groff : /usr/share/doc/groff/copyright ----------------- -gzip : /usr/share/doc/gzip/copyright ----------------- -imagemagick : /usr/share/doc/imagemagick/copyright ----------------- -iptables : /usr/share/doc/iptables/copyright ----------------- -jq : /usr/share/doc/jq/copyright ----------------- -less : /usr/share/doc/less/copyright ----------------- -lib32gcc1 : /usr/share/doc/lib32gcc1/copyright ----------------- -lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright ----------------- -lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright ----------------- -lib32z1 : /usr/share/doc/lib32z1/copyright ----------------- -libapr1 : /usr/share/doc/libapr1/copyright ----------------- -libaprutil1 : /usr/share/doc/libaprutil1/copyright ----------------- -libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright ----------------- -libasound2 : /usr/share/doc/libasound2/copyright ----------------- -libbz2-dev : /usr/share/doc/libbz2-dev/copyright ----------------- -libc6-dev : /usr/share/doc/libc6-dev/copyright ----------------- -libc6-i386 : /usr/share/doc/libc6-i386/copyright ----------------- -libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright ----------------- -libdb-dev : /usr/share/doc/libdb-dev/copyright ----------------- -libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright ----------------- -libdbi-perl : /usr/share/doc/libdbi-perl/copyright ----------------- -libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright ----------------- -libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright ----------------- -libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright ----------------- -libedit-dev : /usr/share/doc/libedit-dev/copyright ----------------- -liberror-perl : /usr/share/doc/liberror-perl/copyright ----------------- -libevent-dev : /usr/share/doc/libevent-dev/copyright ----------------- -libffi-dev : /usr/share/doc/libffi-dev/copyright ----------------- -libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright ----------------- -libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright ----------------- -libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright ----------------- -libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright ----------------- -libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright ----------------- -libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright ----------------- -libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright ----------------- -libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright ----------------- -liblzma-dev : /usr/share/doc/liblzma-dev/copyright ----------------- -libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright ----------------- -libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright ----------------- -libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright ----------------- -libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright ----------------- -libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright ----------------- -libonig-dev : /usr/share/doc/libonig-dev/copyright ----------------- -libpq-dev : /usr/share/doc/libpq-dev/copyright ----------------- -libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright ----------------- -libreadline-dev : /usr/share/doc/libreadline-dev/copyright ----------------- -libserf-1-1 : /usr/share/doc/libserf-1-1/copyright ----------------- -libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright ----------------- -libssl-dev : /usr/share/doc/libssl-dev/copyright ----------------- -libsvn-perl : /usr/share/doc/libsvn-perl/copyright ----------------- -libsvn1 : /usr/share/doc/libsvn1/copyright ----------------- -libtcl8.6 : /usr/share/doc/libtcl8.6/copyright ----------------- -libtidy-dev : /usr/share/doc/libtidy-dev/copyright ----------------- -libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright ----------------- -libtool : /usr/share/doc/libtool/copyright ----------------- -libwebp-dev : /usr/share/doc/libwebp-dev/copyright ----------------- -libxml2-dev : /usr/share/doc/libxml2-dev/copyright ----------------- -libxml2-utils : /usr/share/doc/libxml2-utils/copyright ----------------- -libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright ----------------- -libyaml-dev : /usr/share/doc/libyaml-dev/copyright ----------------- -libyaml-perl : /usr/share/doc/libyaml-perl/copyright ----------------- -libzip-dev : /usr/share/doc/libzip-dev/copyright ----------------- -libzip4 : /usr/share/doc/libzip4/copyright ----------------- -llvm : /usr/share/doc/llvm/copyright ----------------- -locales : /usr/share/doc/locales/copyright ----------------- -make : /usr/share/doc/make/copyright ----------------- -mercurial : /usr/share/doc/mercurial/copyright ----------------- -mlocate : /usr/share/doc/mlocate/copyright ----------------- -mono-devel : /usr/share/doc/mono-devel/copyright ----------------- -netbase : /usr/share/doc/netbase/copyright ----------------- -openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright ----------------- -openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright ----------------- -openssh-client : /usr/share/doc/openssh-client/copyright ----------------- -openssl : /usr/share/doc/openssl/copyright ----------------- -patch : /usr/share/doc/patch/copyright ----------------- -pkg-config : /usr/share/doc/pkg-config/copyright ----------------- -procps : /usr/share/doc/procps/copyright ----------------- -python-bzrlib : /usr/share/doc/python-bzrlib/copyright ----------------- -python-configobj : /usr/share/doc/python-configobj/copyright ----------------- -python-openssl : /usr/share/doc/python-openssl/copyright ----------------- -python-setuptools : /usr/share/doc/python-setuptools/copyright ----------------- -rsync : /usr/share/doc/rsync/copyright ----------------- -sbt : /usr/share/doc/sbt/copyright ----------------- -sgml-base : /usr/share/doc/sgml-base/copyright ----------------- -sgml-data : /usr/share/doc/sgml-data/copyright ----------------- -software-properties-common : /usr/share/doc/software-properties-common/copyright ----------------- -subversion : /usr/share/doc/subversion/copyright ----------------- -tar : /usr/share/doc/tar/copyright ----------------- -tcl : /usr/share/doc/tcl/copyright ----------------- -tcl8.6 : /usr/share/doc/tcl8.6/copyright ----------------- -tk : /usr/share/doc/tk/copyright ----------------- -tk-dev : /usr/share/doc/tk-dev/copyright ----------------- -unzip : /usr/share/doc/unzip/copyright ----------------- -vim : /usr/share/doc/vim/copyright ----------------- -wget : /usr/share/doc/wget/copyright ----------------- -xfsprogs : /usr/share/doc/xfsprogs/copyright ----------------- -xml-core : /usr/share/doc/xml-core/copyright ----------------- -xmlto : /usr/share/doc/xmlto/copyright ----------------- -xsltproc : /usr/share/doc/xsltproc/copyright ----------------- -xvfb : /usr/share/doc/xvfb/copyright ----------------- -xz-utils : /usr/share/doc/xz-utils/copyright ----------------- -zip : /usr/share/doc/zip/copyright ----------------- -zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright ----------------- -ruby :https://www.ruby-lang.org/en/about/license.txt ----------------- -python :https://docs.python.org/3/license.html ----------------- -php :https://www.php.net/license/index.php ----------------- -nodejs :https://github.com/nodejs/node/blob/master/LICENSE ----------------- -golang :https://golang.org/LICENSE ----------------- -dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT ----------------- -Firefox :https://www.mozilla.org/en-US/MPL/ ----------------- -Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html ----------------- -stunnel : https://www.stunnel.org/gpl.html ----------------- -gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE ----------------- -docker : https://www.docker.com/legal/components-licenses ----------------- diff --git a/core/containers/ci_image_ti.dunfell/runtimes.yml b/core/containers/ci_image_ti.dunfell/runtimes.yml deleted file mode 100644 index 7a68a21..0000000 --- a/core/containers/ci_image_ti.dunfell/runtimes.yml +++ /dev/null @@ -1,123 +0,0 @@ -version: 0.1 - -runtimes: - android: - versions: - 28: - requires: - java: ["corretto8"] - commands: - - echo "Installing Android version 28 ..." - 29: - requires: - java: ["corretto8"] - commands: - - echo "Installing Android version 29 ..." - - java: - versions: - corretto11: - commands: - - echo "Installing Java version 11 ..." - - - export JAVA_HOME="$JAVA_11_HOME" - - - export JRE_HOME="$JRE_11_HOME" - - - export JDK_HOME="$JDK_11_HOME" - - - |- - for tool_path in "$JAVA_HOME"/bin/*; - do tool=`basename "$tool_path"`; - if [ $tool != 'java-rmi.cgi' ]; - then - update-alternatives --list "$tool" | grep -q "$tool_path" \ - && update-alternatives --set "$tool" "$tool_path"; - fi; - done - corretto8: - commands: - - echo "Installing Java version 8 ..." - - - export JAVA_HOME="$JAVA_8_HOME" - - - export JRE_HOME="$JRE_8_HOME" - - - export JDK_HOME="$JDK_8_HOME" - - - |- - for tool_path in "$JAVA_8_HOME"/bin/* "$JRE_8_HOME"/bin/*; - do tool=`basename "$tool_path"`; - if [ $tool != 'java-rmi.cgi' ]; - then - update-alternatives --list "$tool" | grep -q "$tool_path" \ - && update-alternatives --set "$tool" "$tool_path"; - fi; - done - golang: - versions: - 1.12: - commands: - - echo "Installing Go version 1.12 ..." - - goenv global $GOLANG_12_VERSION - 1.13: - commands: - - echo "Installing Go version 1.13 ..." - - goenv global $GOLANG_13_VERSION - 1.14: - commands: - - echo "Installing Go version 1.14 ..." - - goenv global $GOLANG_14_VERSION - python: - versions: - 3.8: - commands: - - echo "Installing Python version 3.8 ..." - - pyenv global $PYTHON_38_VERSION - 3.7: - commands: - - echo "Installing Python version 3.7 ..." - - pyenv global $PYTHON_37_VERSION - php: - versions: - 7.4: - commands: - - echo "Installing PHP version 7.4 ..." - - phpenv global $PHP_74_VERSION - 7.3: - commands: - - echo "Installing PHP version 7.3 ..." - - phpenv global $PHP_73_VERSION - ruby: - versions: - 2.6: - commands: - - echo "Installing Ruby version 2.6 ..." - - rbenv global $RUBY_26_VERSION - 2.7: - commands: - - echo "Installing Ruby version 2.7 ..." - - rbenv global $RUBY_27_VERSION - nodejs: - versions: - 10: - commands: - - echo "Installing Node.js version 10 ..." - - n $NODE_10_VERSION - 12: - commands: - - echo "Installing Node.js version 12 ..." - - n $NODE_12_VERSION - docker: - versions: - 18: - commands: - - echo "Using Docker 19" - 19: - commands: - - echo "Using Docker 19" - dotnet: - versions: - 3.1: - commands: - - echo "Installing .NET version 3.1 ..." diff --git a/core/containers/ci_image_ti.dunfell/ssh_config b/core/containers/ci_image_ti.dunfell/ssh_config deleted file mode 100644 index 710e275..0000000 --- a/core/containers/ci_image_ti.dunfell/ssh_config +++ /dev/null @@ -1,3 +0,0 @@ -Host * - ConnectTimeout 10 - ConnectionAttempts 10 diff --git a/core/containers/ci_image_ti.dunfell/tools/android-accept-licenses.sh b/core/containers/ci_image_ti.dunfell/tools/android-accept-licenses.sh deleted file mode 100644 index ebac067..0000000 --- a/core/containers/ci_image_ti.dunfell/tools/android-accept-licenses.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 1800 -set cmd [lindex $argv 0] -set licenses [lindex $argv 1] - -spawn {*}$cmd -expect { - "Do you accept the license '*'*" { - exp_send "y\r" - exp_continue - } - "Accept? (y/N): " { - exp_send "y\r" - exp_continue - } - "Review licenses that have not been accepted (y/N)? " { - exp_send "y\r" - exp_continue - } - eof -} - -lassign [wait] pid spawnid os_error waitvalue - -if {$os_error == 0} { - exit $waitvalue -} else { - exit 1 -} diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.3.19 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.3.19 deleted file mode 100644 index 25fed15..0000000 --- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.3.19 +++ /dev/null @@ -1,19 +0,0 @@ -configure_option "--with-curl" -configure_option "--with-libedit" -configure_option "--with-password-argon2" -configure_option "--with-pdo-pgsql" - -PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" - -#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.3.19 -#Don't change beyond this line - -configure_option "--without-pear" -configure_option "--with-gd" -configure_option "--with-png-dir" "/usr" -configure_option "--with-jpeg-dir" "/usr" -configure_option "--enable-zip" - -install_package "https://secure.php.net/distributions/php-7.3.19.tar.bz2" -install_xdebug "2.9.6" -enable_builtin_opcache diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.4.7 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.4.7 deleted file mode 100644 index 04d6a1a..0000000 --- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/php/7.4.7 +++ /dev/null @@ -1,17 +0,0 @@ -configure_option "--with-curl" -configure_option "--with-password-argon2" -configure_option "--with-pdo-pgsql" -configure_option "--with-libedit" - -PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" - -#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.4.7 -#Don't change beyond this line - -configure_option "--enable-gd" -configure_option "--with-jpeg" -configure_option "--with-zip" - -install_package "https://secure.php.net/distributions/php-7.4.7.tar.bz2" -install_xdebug "2.9.6" -enable_builtin_opcache diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.7.7 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.7.7 deleted file mode 100644 index 165cb78..0000000 --- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.7.7 +++ /dev/null @@ -1,17 +0,0 @@ -export PYTHON_CONFIGURE_OPTS="\ - --enable-shared - --enable-loadable-sqlite-extensions" - -# Don't change below this line. -# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.7.7 - -#require_gcc -prefer_openssl11 -export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 -install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl -install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline -if has_tar_xz_support; then - install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz#06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" standard verify_py37 copy_python_gdb ensurepip -else - install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz#8c8be91cd2648a1a0c251f04ea0bb4c2a5570feb9c45eaaa2241c785585b475a" standard verify_py37 copy_python_gdb ensurepip -fi diff --git a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.8.3 b/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.8.3 deleted file mode 100644 index 2ca94b2..0000000 --- a/core/containers/ci_image_ti.dunfell/tools/runtime_configs/python/3.8.3 +++ /dev/null @@ -1,17 +0,0 @@ -export PYTHON_CONFIGURE_OPTS="\ - --enable-shared - --enable-loadable-sqlite-extensions" - -# Don't change below this line. -# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.8.3 - -#require_gcc -prefer_openssl11 -export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 -install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl -install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline -if has_tar_xz_support; then - install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tar.xz#dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864" standard verify_py38 copy_python_gdb ensurepip -else - install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tgz#6af6d4d2e010f9655518d0fc6738c7ff7069f10a4d2fbd55509e467f092a8b90" standard verify_py38 copy_python_gdb ensurepip -fi diff --git a/core/scripts/setup_build_demos_prod.sh b/core/scripts/setup_build_demos_prod.sh deleted file mode 100755 index 0387ec7..0000000 --- a/core/scripts/setup_build_demos_prod.sh +++ /dev/null @@ -1,58 +0,0 @@ -#! /bin/bash -prefix=$1 -container_uri=$2 -vendor=$3 -board=$4 -demo=$5 -release=$6 -compute_type=$7 -set +x -if test $# -ne 7; then - echo $0 [prefix] [container_uri] [vendor] [board] [demo] [yocto_release] [compute_type] - echo See online documentation for more details. - exit 1 -fi - -echo invoking the template. -GITHUB_ORG="${GITHUB_ORG:-aws-samples}" - -STACKNAME=${prefix}-el-build-${board}-${demo}-${release} -NETWORK_STACK_NAME=ParameterKey=NetworkStackName,ParameterValue=${prefix}-el-ci-network -CONTAINER_ARN=ParameterKey=ContainerRegistryUri,ParameterValue=${container_uri} -VENDOR=ParameterKey=DemoVendor,ParameterValue=${vendor} -BOARD=ParameterKey=DemoBoard,ParameterValue=${board} -DEMO=ParameterKey=DemoName,ParameterValue=${demo} -RELEASE=ParameterKey=YoctoProjectRelease,ParameterValue=${release} -COMPUTE_TYPE=ParameterKey=DemoComputeType,ParameterValue=${compute_type} -GITHUB_SOURCE_ORG=ParameterKey=GitHubOrg,ParameterValue=${GITHUB_ORG} - -PWD=$(pwd) -stack_id=$(aws cloudformation create-stack --output text --query StackId \ - --stack-name ${STACKNAME} \ - --template-body file://$PWD/../cfn/build_demos_prod.yml \ - --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \ - CAPABILITY_AUTO_EXPAND \ - --parameters ${NETWORK_STACK_NAME} ${CONTAINER_ARN} \ - ${VENDOR} ${BOARD} ${DEMO} ${RELEASE} ${COMPUTE_TYPE} \ - ${GITHUB_SOURCE_ORG} - ) - -echo stack_id is [${stack_id}] -deployment_status=CREATE_IN_PROGRESS - -while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do - echo deployment status: $deployment_status ... wait three seconds - sleep 3 - - deployment_status=$(aws cloudformation describe-stacks \ - --stack-name ${STACKNAME} \ - --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \ - --output text) -done - -echo deployment status: $deployment_status - -if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then - echo Cloudformation script did not complete successfully. - exit 1 -fi diff --git a/core/scripts/setup_ci_checklayer.sh b/core/scripts/setup_ci_checklayer.sh deleted file mode 100755 index 7539e36..0000000 --- a/core/scripts/setup_ci_checklayer.sh +++ /dev/null @@ -1,78 +0,0 @@ -#! /bin/bash -prefix=$1 -container_registry_uri=$2 -yocto_release=$3 -git_hub_user_org=$4 - -set +x - -function help() { - printf "$0 [prefix] [container_registry_uri] [yocto_release] [git_hub_user_org]\n" - printf "\n" - printf "prefix the word used for the prefix naming convention.\n" - printf "container_registry_uri The URI where the build machine image lives in REPOSITORY:TAG format.\n" - printf "yocto_release The Yocto release, i.e. zeus, dunfell, etc.\n" - printf "git_hub_user_org The GitHub organization or user to set the codebuild project for.\n" - printf "\n" - printf "See documentation for details.\n" -} - -if test $# -ne 4; then - printf "Error: not enough arguments.\n\n" - help - exit 1 -fi - -pushd $(dirname $0) -PWD=$(pwd) - -GITHUB_ORG="${git_hub_user_org:-aws4embeddedlinux}" - -echo invoking the template. - -STACKNAME=${prefix}-el-checklayer-$(echo ${yocto_release} | sed -e 's/\./-/') - -PREFIX_PARAM=ParameterKey=Prefix,ParameterValue=${prefix} -YOCTO_RELEASE=ParameterKey=YoctoProjectRelease,ParameterValue=${yocto_release} -CONTAINER_REGISTRY_URI=ParameterKey=ContainerRegistryUri,ParameterValue=${container_registry_uri} -NETWORK_STACK_NAME=ParameterKey=NetworkStackName,ParameterValue=${prefix}-el-ci-network -CFN_FILE=$PWD/../cfn/ci_checklayer.yml -GITHUB_SOURCE_ORG=ParameterKey=GitHubOrg,ParameterValue=${GITHUB_ORG} - -if test ! -f ${CFN_FILE}; then - echo CFN file ${CFN_FILE} not found. ensure that the container cfn exists and - echo there is not a typo in the distro name. - exit 1 -fi - -stack_id=$(aws cloudformation create-stack --output text --query StackId \ - --stack-name ${STACKNAME} \ - --template-body file://${CFN_FILE} \ - --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ - --parameters ${NETWORK_STACK_NAME} ${CONTAINER_REGISTRY_URI} ${YOCTO_RELEASE} ${GITHUB_SOURCE_ORG} - ) - -if test $? -ne 0; then - printf "Error: template invocation failed.\n" - exit 1 -fi - -echo stack_id is [${stack_id}] -deployment_status=CREATE_IN_PROGRESS - -while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do - echo deployment status: $deployment_status ... wait three seconds - sleep 3 - - deployment_status=$(aws cloudformation describe-stacks \ - --stack-name ${STACKNAME} \ - --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \ - --output text) -done - -echo deployment status: $deployment_status - -if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then - echo Cloudformation script did not complete successfully. - exit 1 -fi diff --git a/core/scripts/setup_ci_container.sh b/core/scripts/setup_ci_container.sh deleted file mode 100755 index ff0362e..0000000 --- a/core/scripts/setup_ci_container.sh +++ /dev/null @@ -1,75 +0,0 @@ -#! /bin/bash -prefix=$1 -dockerhub_secret_arn=$2 -distro=$3 - -set +x - -function help() { - printf "$0 [prefix] [dh_arn] [distro]\n" - printf "\n" - printf "prefix the word used for the prefix naming convention.\n" - printf "dh_arn the ARN for the dockerhub secret in AWS Secrets Manager.\n" - printf "distro the target distribution name.\n" - printf "\n" - printf "See documentation for details.\n" -} - -if test $# -ne 3; then - printf "Error: not enough arguments.\n\n" - help - exit 1 -fi - -pushd $(dirname $0) -PWD=$(pwd) - -GITHUB_ORG="${GITHUB_ORG:-aws}" - -echo invoking the template. - -STACKNAME=${prefix}-el-ci-container-$(echo ${distro} | sed -e 's/\./-/') - -PREFIX_PARAM=ParameterKey=Prefix,ParameterValue=${prefix} -NETWORK_STACK_NAME=ParameterKey=NetworkStackName,ParameterValue=${prefix}-el-ci-network -DOCKERHUB_SECRET_ARN=ParameterKey=DockerhubSecretArn,ParameterValue=${dockerhub_secret_arn} -CFN_FILE=$PWD/../cfn/ci_container_${distro}.yml -GITHUB_SOURCE_ORG=ParameterKey=GitHubOrg,ParameterValue=${GITHUB_ORG} - -if test ! -f $CFN_FILE; then - echo CFN file ${CFN_FILE} not found. ensure that the container cfn exists and - echo there is not a typo in the distro name. - exit 1 -fi - -stack_id=$(aws cloudformation create-stack --output text --query StackId \ - --stack-name ${STACKNAME} \ - --template-body file://$PWD/../cfn/ci_container_${distro}.yml \ - --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ - --parameters ${NETWORK_STACK_NAME} ${DOCKERHUB_SECRET_ARN} ${PREFIX_PARAM} ${GITHUB_SOURCE_ORG} - ) - -if test $? -ne 0; then - printf "Error: template invocation failed.\n" - exit 1 -fi - -echo stack_id is [${stack_id}] -deployment_status=CREATE_IN_PROGRESS - -while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do - echo deployment status: $deployment_status ... wait three seconds - sleep 3 - - deployment_status=$(aws cloudformation describe-stacks \ - --stack-name ${STACKNAME} \ - --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \ - --output text) -done - -echo deployment status: $deployment_status - -if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then - echo Cloudformation script did not complete successfully. - exit 1 -fi diff --git a/core/scripts/setup_ci_container_poky.sh b/core/scripts/setup_ci_container_poky.sh deleted file mode 100755 index 89a2a97..0000000 --- a/core/scripts/setup_ci_container_poky.sh +++ /dev/null @@ -1,5 +0,0 @@ -#! /bin/bash -prefix=$1 -dockerhub_secret_arn=$2 -GITHUB_ORG="${GITHUB_ORG:-aws}" -GITHUB_ORG=${GITHUB_ORG} $(dirname $0)/setup_ci_container.sh $1 $2 poky diff --git a/core/scripts/setup_ci_container_ti.dunfell.sh b/core/scripts/setup_ci_container_ti.dunfell.sh deleted file mode 100755 index b6264bc..0000000 --- a/core/scripts/setup_ci_container_ti.dunfell.sh +++ /dev/null @@ -1,5 +0,0 @@ -#! /bin/bash -prefix=$1 -dockerhub_secret_arn=$2 -GITHUB_ORG="${GITHUB_ORG:-aws}" -GITHUB_ORG=${GITHUB_ORG} $(dirname $0)/setup_ci_container.sh $1 $2 ti.dunfell diff --git a/core/scripts/setup_ci_network.sh b/core/scripts/setup_ci_network.sh deleted file mode 100755 index 8ddd104..0000000 --- a/core/scripts/setup_ci_network.sh +++ /dev/null @@ -1,35 +0,0 @@ -#! /bin/bash -prefix=$1 -if test $# -ne 1; then - echo you must pass in 1 argument: system prefix - exit 1 -fi - -echo invoking the template. -PWD=$(pwd) -STACKNAME=${prefix}-el-ci-network -stack_id=$(aws cloudformation create-stack --output text \ - --stack-name ${STACKNAME} \ - --template-body file://$PWD/../cfn/ci_network.yml \ - --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \ - --query StackId) - -echo stack_id is [${stack_id}] -deployment_status=CREATE_IN_PROGRESS - -while test "${deployment_status}" == "CREATE_IN_PROGRESS"; do - echo deployment status: $deployment_status ... wait three seconds - sleep 3 - - deployment_status=$(aws cloudformation describe-stacks \ - --stack-name ${STACKNAME} \ - --query "Stacks[?StackName=='${STACKNAME}'].StackStatus" \ - --output text) -done - -echo deployment status: $deployment_status - -if test "x${deployment_status}" != 'xCREATE_COMPLETE'; then - echo Cloudformation script did not complete successfully. - exit 1 -fi diff --git a/core/scripts/setup_dockerhub_secret.sh b/core/scripts/setup_dockerhub_secret.sh deleted file mode 100755 index 795f973..0000000 --- a/core/scripts/setup_dockerhub_secret.sh +++ /dev/null @@ -1,35 +0,0 @@ -#+ /bin/bash -prefix=$1 -if test $# -ne 1; then - echo you must pass in 1 argument: system prefix - exit 1 -fi - -printf "What is your dockerhub username (it will be used as part of the name)? " -read username -printf "\n" - -prompt="What is your dockerhub password?" -while IFS= read -p "$prompt" -r -s -n 1 char -do - if [[ $char == $'\0' ]] - then - break - fi - prompt='*' - password+="$char" -done -echo - -printf "This is your ARN:\n" -secret_string={\"username\":\"${username}\",\"password\":\"${password}\"} -secret_arn=$(aws secretsmanager create-secret \ - --name dockerhub_${prefix} \ - --description "DockerHub login" \ - --secret-string "${secret_string}" \ - --output text --query ARN) -unset prefix -unset userid -unset password - -echo ${secret_arn} diff --git a/dependabot.yml b/dependabot.yml deleted file mode 100644 index 833b522..0000000 --- a/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "npm" - directory: "/cdk/" - schedule: - interval: "daily" diff --git a/docs/new_release_checklist.md b/docs/new_release_checklist.md new file mode 100644 index 0000000..d1c1a2c --- /dev/null +++ b/docs/new_release_checklist.md @@ -0,0 +1,3 @@ +# Things to do when a new yocto release comes up +- Create a new branch and -next branch based on master-next. +- Add in GitHub backport action add new branch-next to backport to. diff --git a/docs/next_to_release_branch.md b/docs/next_to_release_branch.md new file mode 100644 index 0000000..0e2b005 --- /dev/null +++ b/docs/next_to_release_branch.md @@ -0,0 +1,64 @@ +# Backporting changes from master to releases +Clone and setup your fork: + +git clone https://github.com/[username]/meta-aws.git +cd meta-aws +git remote add upstream https://github.com/aws4embeddedlinux/meta-aws.git +git config remote.upstream.pushurl "you really didn't want to do that" +git fetch upstream +git checkout upstream/dunfell-next -b dunfell_master_backport_$(date "+%Y-%m-%d") +Find a commit to cherry pick in master: + +git cherry-pick -x +Or a range: + +git cherry-pick -x 3290ff3^..c22e729 +Fix errors and git add / rm +(vscode git code view helps) + +Build recipes and beware of patch changes. + +You can use this to find all recipes in a layer to build them: + +``` + +find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g' +e.g.: + +bitbake `find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` -k +for all supported architectures (qemux64, qemuarm, qemuarm64) + +e.g.: + +MACHINE=qemuarm64 bitbake `find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` -k +or to build all recipes for all MACHINES: + + for arch in qemuarm qemuarm64 qemux86 qemux86-64 ; do MACHINE=$arch bitbake `find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` -k ; done +then continue cherry picking: + +git cherry-pick --continue +push to your fork and create a pull request + +git push +``` + +# Testing +All recipes from meta-aws should build for supported architectures (arm arm64 x86-64) and all ptests should pass for all releases. +We use a script to do this. + +# Releasing +There is also a GitHub action available! +Releasing from A-next into A requires using Fast Forward Merges. The process is as follows: + +Clone the repository locally. +Checkout the target branch. +Merge the source branch using git merge --ff-only. +If this fails, some investigation is required. +This script to do this process can be found in ff-merge folder. + +Why not rebase/PR? +Using PRs to merge a staging branch into a release branch is limited to a number of methods that each have their own issues. + +Merge - This will accumulate merge commits in the release branch that are not in the staging branch. If a contribution is based on the release branch, but passes through staging branch, inevitably we will encounter merge conflicts which can be completely avoided by other methods. +Rebase - Rebasing rewrites the Committer Date which causes the SHA of each commit to change. This desyncs the staging branch to show being N commits behind and N commits ahead of master. These N commits will show up in future pull requests, including contributions if they are based on the release branch. To fix this requires deleting and recreating the staging branch on each release. +Squash - Squash merge destroys commit information. This can elide who actually did commits and creates even more desync issues with the staging branch than rebasing. diff --git a/docs/ptest.md b/docs/ptest.md new file mode 100644 index 0000000..fd2a26e --- /dev/null +++ b/docs/ptest.md @@ -0,0 +1,51 @@ +# PTest Setup +## Recipe Setup +The public docs can be found on the yocto wiki and note there is this about testimages (an image include ptest and oeqa tests) + +## Inherit ptest +Create an executable shell script called `run-ptest`. This will need to produce a specific output of described in the wiki. +For CTest, I found it easiest to process the JUnit XML with a simple python script. +Setup Image +In your local conf add the following: + +``` +MACHINE = "qemux86-64" + +DISTRO_FEATURES:append = " ptest" +EXTRA_IMAGE_FEATURES += "ptest-pkgs" +IMAGE_INSTALL:append = " ptest-runner [PACKAGE NAME] ssh" +IMAGE_CLASSES += "testimage" +# Required to disable KVM/hypervisor mode. +QEMU_USE_KVM = "" +# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. +TEST_SUITES = " ping ssh ptest" +# Increased memory is typically required. +QB_MEM = "-m 4096" +# enable slirp networking +QEMU_USE_SLIRP = "1" +TEST_SERVER_IP = "127.0.0.1" +minimal do this: + +# Required to disable KVM/hypervisor mode. +QEMU_USE_KVM = "" + +# use slirp networking instead of TAP interface (require root rights) +QEMU_USE_SLIRP = "1" +TEST_SERVER_IP = "127.0.0.1" + + +# aws-c-common-ptest = ptest package for aws-c-common +IMAGE_INSTALL:append = " ptest-runner ssh aws-c-common-ptest" + + +# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage +IMAGE_CLASSES += "testimage" + +# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: +# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. +TEST_SUITES = " ping ssh ptest" +``` + +## Executing +Option 1: Create the image, log into it and manually run `ptest-runner`. +Option 2: Run the command with `bitbake core-image-minimal -c testimage`. diff --git a/ff-merge/README.md b/ff-merge/README.md new file mode 100644 index 0000000..d4b858a --- /dev/null +++ b/ff-merge/README.md @@ -0,0 +1,13 @@ +## User Scripts + +These are intended to be run manually (for now). + +### Release + +This is for merging a staging branch into a release branch through a forced fast-forward merge. + +Usage: + +```shell +BRANCH=[Target Release Branch] ORG=[GitHub Org] bash release.sh +``` diff --git a/ff-merge/release.sh b/ff-merge/release.sh new file mode 100644 index 0000000..b11fe5c --- /dev/null +++ b/ff-merge/release.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +set -euxo pipefail + +BRANCH="${BRANCH:-master}" +ORG="${ORG:-aws4embeddedlinux}" +# For Linux and MacOS compat, avoid the -t option with mktemp! +WORKDIR=$(mktemp -d "${TMPDIR:-/tmp}/release.XXXXXXXXX") + +function cleanup() { + rm -fr $WORKDIR +} +trap cleanup EXIT + +git clone https://github.com/${ORG}/meta-aws -b $BRANCH $WORKDIR + +git -C $WORKDIR merge --ff-only origin/${BRANCH}-next +git -C $WORKDIR push -u origin $BRANCH diff --git a/graphics/core_ci_network.jpeg b/graphics/core_ci_network.jpeg deleted file mode 100644 index 6d99c1a510f2459e2242e842b5e8ca2e6b447c0b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 133058 zcmeFZ2UwF?_b-YC3${T(l%gY5sZv4}u+SkOkkHG}rGy@kJ~pH?l+cS(0tro8AfYK$ zA_OT3kPwjG1Jb)UI_fvyH|IIenS1}||J-}7p}i09yUV-wUhB8^+WWUY4}Shg^NYH& znljCiBS&anQom?ElW6YKoH}vhC>mro;iE@+_}r5*V(R% z{^QT*H#GF8j;Eja)#^fEDXh)ROo zAIHVN64SRz;Jl{`ecRNhXW%i;B@VEAnw?vr^5ppnucA^jx3bMM*w`l?YibiL)TXJ; z|E2vun>azeCry8Z=ID{5v`0=JJ9^^i*Qbsgr9XC&;kw9O9ns?)mR9bMWAEL6#rT$q zQ%tvPrDu#*{1cbQlg~t&v&X1K>5tLVD9~)J{CKsW7yoaTz|q7Bq_YHqaOU|)c&d#e zI9x53EoCfW{3&SIuF}CIuPH-^Hy`dl0oKfxWlg%~u)|j61cNv$7|%S^2h6O?*FLhN8KLMKl}LS^!O>qe@&yG^YObn{?wVDw&!mE^3#U@#F_5~ z;ycRT`-#`z{gt0S#dnMG)2I09Q#kRv6uc(S%U&h>5R9H2XuV<`DTIfwMC0UY zw{u^-`Jyzi@U?JgIj>uTPhk9v_0v^tsD5F{r zh@2#^p4xEaZPTl@aA(w0ug{*~q~o4|t(NydBy1K+@?sqM z)9I09idj5pBW4Pf60PXL8Slpd$5JQ=*~r_&S0|8s0BBWQcm8ZKco*2I6i#RSXe!3~ zvKbt{F%kiD(ObMNr8t?~yy>OzI_8jZo&AOBw~LT-cR>1%XTY?C@By&l;DVD!!Y6*y z+D9wdmbb5fx^+g`d!tP%Q7DbiG@9W&o!c;EvNcSHEh18A-JFj0cmA8M61#g*(1yf3 z?!s645_zGmS`gFl;t|C2k9A_vXFPH!2O8gS~KmRbGmKPCd#j>WC&!IH7S!daUW`Oj7xbSRNfc_mV6nLHz7);#y7> zH-TLR>{|-9an^p^o8nzQI-eV{YK%9({RnY&p}5$Bl~E>}#I>Ma98r#%XsQ+*^y7ez z)$H}Sldm^-Y)E83#{0=HpR?AH$hd1b84edd`k4ki`pMj4~Jk#t^ibNYwlnzt00q1a(*=HKSsLObgkwsDUfst!; zhF$nurL*Ei(`heITq9G8KE}3s!J7{{HkmA>yEX+#k8s@*==MRQ2M+8?p8A{YaSh67 zx0q?R$nJghWNm4wP-Q!lC`q?oV;+n~)urO%8V~~ZkC^@Km2>$ply-me2Rwr_dP*K1l4i{}$!rp@-C~wXN*MBJMHHIc)xbJTs=;GM$ zR(&BRdOg-8gl1};-;|fhdTRI#ZONL>gPkkv*~qx(y=^V|9)+d@*}=xZqOD(g-uuJj z7ILd1*x9_QR@Cl;HZ0OA$*5{dZ1jD1NOdm}Qn}9PJeZ#!#TkXh(chMH1cM$f0Kkdx zZh?z}j2q_>hC8jm7lo)K+hAl0Zjyp$h*B1pY1xJw_=>;QJ;*xQsK zJ|mu!fnlz;9^aBG5Y_|b^`18G_rScumh(CD!3iu=N?Jws1%#2xdib7w_<)6GY3}nb zFK25!67R^z!z8%^)~=(}4lZqB3=xGd4Mcf!V`U^Ul8Wmer_spp@XVv4>0(jn;fEW5 z>=<3*lBf2AIivgTx!5&Vga1+6ekJSc~`G4 z)~SSPcig^eXJ(|m;$$4bZ?8DrQ&50Nr%XKU79Nl(1h$(D80T8s+p^blCS7r2nbI$8 zXmLbtq^6o{3os53J7PN!R(|q)Y71Ne^l0XrA$(&&`-$Csn?rmQfaqPE`~<^wq!S)o zYOSNgz-|Il{%sofUQH;uA9ZT3q?#qUgh7oK1c08AltQqk$MFnwfk2vzV_r&v}j!Ghn;r%W~VdXQ3$`EQvC<@ z($E|Od^7GBuqyN9;18@baS9)TbOC+#_BIS%Kr!BY*eCVY_cl@30f2u2;>{4r*9gBk z4Tx}qm_jr;9kW$RM<$z-mi2x))2X;&AiDmUCI+azaYkjbUad-z0>r%}b*;$lNZn9Sct%%AiB0cdh~Kp0&n zDOhA1vWUN4Z#!LM;DDyVm-FCw5HKiuv4K0#o?(cc7-T2B>AZhKI=OMEV&xU_lty7n z#6g+@-T6QN@BOK7t$BI*5r`6{*ik=<_J{RA;BmZ+%NVUJ+m6lSE+>;#EaJ`nzMuTtSNVvPO54fc zRrwx7z6fLb{SO5@;KJ}MyAm?HA{tDxsUupWqhRZQa7{_<&SlP$)Z6%wRfSi<3<$A| zX{~S=9>1b1vS0obA2JDzz|DZ`;#NFWKcieyXpv+RpHOBxX#AA@7_V z1A=~`iytpqJdayF#8w-aT(0(3B-ZBaDtbb4-S zk5!`rrp0b%2hSL|_SkTabghZ48|xJ0DjlP&w*BT(KRH^5Rvgv2*C)WMfV~<#PuM>| zECCFlXo)^PB8j1}L90n^?GfB_%cktjM?nO}%ANj6s)?1g7tRnVT}33kfq~X%r*qJUPpuoU{grgnbMG34zF)X)oocR zl)c^ZrX&VyHR{wm%Cm=OgocjTr?ef)8jUm@Wg0QFOOlQoILBJhpeWz>?c{Kpx6d2&~K=p%n)$hh2+ETTr&x@2jTls`jS094*8i2UD<>>m>qNl;w z6n$H7&&KFm5Sl1WP28`jXeTD}Z5Y88Er{gCluHZ*l(=*3)EQjfdu{7`_+afbjehma zlD0$b_$~ebO&o`ZiH4V=OL7yM-E;e-g9&p}U{prdyl3rg`K}zn?$xlY-TFpcW*>Aj znjeVjUlgQvh%<5*PyUI`%Q%r%Mb$f!R|3(R%^KzJQ z9>x=62@DRLOQ0`~lQPr8@$>?lt>fkcl z);t;a+~^UMrItYd_`Ea7@G3aV| zM)J_KFKnXSNp@gcW8>p5T5zXo`VES5qHwL(fvl*cFErJRN5hm+E1TRU5T0hrAU#U% zaQZE9uK$7w>H3!ux_RMTB#+GY4EMV?Y11_=^m!33WC5`0?sA2_y0ITq{tSB;KTNc! zy90M9^)|OsW_m$W!^;_1vSZ?Kt!uodo&2Pg1_igi9C|Yk<%zL##YCy2#FXT8#otO22b0NSi9*q4URC{b2HN)$-gEj+Il^^PfJLqo zkx4#V<|+4C1}7fl*~THc!xFa|u1df4kbf(aQmOT8Ni;uze0zvr5z{fCsyj!^`tZ;| zstgGUz<*ICEvhOx8-GzHKR(&anWPuz(p|Mr2hrb>Nc7?82=)>gAZ zbJ?5rC0;=1#0ztu(%*|Q8pRiZ6Wq zS*TbVsw=;QUn-fcaoz|H%RnTV=Yi^DwC}uLDwQY!;c!0o!EU5aM*$*YQqi`R)r!h< zlcm+gtq}TRPb>9<=OpC-a!KimX!>WG8@``u3Q235`IY2PN2}X>RYZv<*_>W&zwoiU zZ!=Nyor6z#DsY$V)J@A>5$(~&o|M6Pq>h$VrWu091_&-P?eu2A`fQCkm*g!tQ&JuV zHMmhJ%Bv6I!D_6zXMCo4b>Ah)RIurINq#njqh1t(QeT&eXgni_TDkeng2yf8iKHcExQ8&!9P@5=a6ZL>l_ z7UGJ)wIfREo6e=O-PABj5p`rfnq8^=Q0~t1XYg6P&G$|1M>xf z)@%el7L?F;l5X5cQ>i-OE7QA?JU>c)Yg=FuY;!AsmhD1N?^@la6x7=9kw#DC=>|yc zFUpBjtr4gXH#1&{`Ambd{43s*3T*m6^|!9Dfx4+Nmiv*;6QzC|Fy<@J_NG7aU1A{B0BLK2&zOGySG_6!0rs6G zy-L){Ir=Ik(dB{f%$gVBAS!PNn}5Ef!h=y6&SOvCiAtOerDD!HrKT7bA#1&@lClGI z?V1sp?MRr}x!-+Y{KbgX((xlASE(padv(2yX~4&n(G^MRmiryvOD1J9@jeT(a`*>^{>7At9a@JI?XX`BoB*U}Dv?_D?#72hocS2f%J;ckXJ&!2LGTVgQ)7AS> ztRO|PHATSe4D4mMCr(6nE~FK^3l5b@R8M(^G5;Hi@aO+0il}@+5&eHhk+zeA!iaQ_ zQ2xAX`StgwyH{U)0el5Ve;}Cb0<6TMP%ZPz@vq|oMsB7b3<;=$vrZ~p53(l1_|uQsR`cIz!qN;88!*OT?tgs!v!WuASM%A^dd44`F< z8kYLj7duC%@W2u)qw9Hr!V+m3qSTQR5FaQXMPo;upd93}tviOSo$#cnJGHJYU0? zm-;)c>1n+-aXy-_>!?7U@&(BE=av9B7P8*Rst-0WEIKcKrqRn78ry_il6td8yCFth zrg))dMp7)LzxvGvU;SoeZE*)GMV~O3VYcdhQ9G?wEUT6~^#9mpiVZ2Z!!abP--0*I zh)JTs(Oz~B4XAlXk68ZhVWqy=BNgPDOuC_RsCw~SkM*+l1-8kY(kwF-6WvO$N?kp! z=xH6W1T2M|j+UG_F>vMTW0vGf>PjWiiK(+3qX+8nhXUEXPHVfvP1RUEpKDIsh^W6+ z3zNsqAt&nExXY2}^=jq$d@sfsJ8OvYb{JS+27jiRa!nqBk3+4>L;!QQqOMf7v|?H+ zs4)LMUY7s2c-i-Tjr=(XxtQjcf428>!qsB^#Li^QIz1Y&D_gz|+elX%I5_e(665mM zNX&;Lr~iyU-N6iq4mlx;W261ATh$wn@P!6>Dco~pk#<_&fO5-l=A|+NLJOaPEl%$& zZZvMci!}DHQ#dq{Eo6UckDOoZ!ZQ^kQ2kwe()8UBT>$fB{_!DG-%iUM0;uW&zWSu- zX;Xact%6pNMcfO!JS!-tJnx>A_>xGTvu_L~Y6#hwn`#CEq?&!DI@@mDlf?xGaFk&FC4v4j+Cf5ZPcX19#TA zIOZRop`J<0!K%k5ua_v%ebMuB5G-O-^E1u!^LUtst zvDs5PqR9Rg4tLW_8Pd9dLcv=%Ir>4+^C*-AcCsWOG76kLsL!#)8S9fzd!K@$hLG-6 zACHqZ8@wgqE1@H=E9-PBZF?Waj~Z%YXekkcH5&34`&@hO5SN#*)_k$_ol$C(LG`JE zNzIa}Zga+b`zFaVQv?ZfyS(sBJ5i}2HpgT`;?zzTcpRyzYiBPP3sDUXi}rQY(yYqf z;nJ)vpU}mILU7uLNl23iF z62=4&j82uZ;8QIqD`Sg@dIsDvZ#;iX!sKmheqt!27bb)+{GEecPEl^$E2a==@YVB6js5p+s3|*N1B8l zOcvhxZ;P$|y&+oGjpJwWXUmFoJ-c6Is7X3c1W}fCylidC^=lJuxXiX~vO1uvynF4X z%uDO=%>ChQ65EGH4qf@Ob^mLIp>)pSzr!%-j}#Jy>MLS$TdwpwP(kW(faq&2Pjk|8vFoGB~?WxH$qrhO0NBeP{&w7Yw&XttyneFBa?C`0(=gL3MOY>&Z4bAi9JzoM_+p4%YBC~}= z)8dOkdnGS1`kU>X1+a`H6^5HRL?w^0YYC=8Vlc{tpR2^n#!FP$jPkAUN7^4wTnHtV zF|bBj(%-VP?h}U&q}6TldwJxRSER(w!SvT4N=+NC9mvaK5kSxACBb|XYq@0GzKz~F zjl>MqUU>(-GUTn$_zDNMl=h8kXXL>iZV!62%O}q((dn64OcKTsJ0n-tczNd>(L+{x zqIUmW=-VK!F)dopi);SR<)Dps^^FKI4rM~`9lZyqRq;tTpJ~HT$eK2(%LBx}^WPg~1`KGN~!`W<(8H~A5dR4KjouJHG`l@yXuKo&+cVknmqH3)D8CtNd zU3;%bbu(Z$#elnM35rr(aPEK5^KOpEtJ`kNnO~=P2#j@|K;OEzeYJ6X9yvNlS*$KX z4wk2wVv$*|Q0%r+@$AeW+i$<07H?*W=nwUVvauy3_FSep^6TFf>%ZwgXBRdYBMI(< z{_M3Eo@UH=SLd@2?nRx@Tuk-zS$MQuw;u5R*J*V9o>9{>1)3_r+)sM%8tq)UwML#v z>dE*Q*vkL8?Q!v6=VMsowR38P!z_$igEh349{$q}ynnvUb`<%U#z?T?t(nn@ZrQU! z{@(F76Yj6|>y5AO7nZ!XQxV`y*}=KW0b z$7Z0Jlk&UH`{$eysJ^wvQzltPRZ&r41i5JGj}hsVHHPJZTHCR;{&t7BOq4xmqAkLJ zhoZoHx<90FJX-5Oa>sS&MJrdvuIuXP8oS<-e7D4CZ5FxxYR8fYFwHkG)A@qhc5Zy* zxkHmf%TH>&L9F}L`)yf-*{KCFmTTc0gV&|ghp%Eh8ZPC=Mp)Q{fuTcbCkW_Ajk8= zUR!~43IMuKH>b?GZsW^TpinQO$j*dUpS%w8%O! z9%#=R5G+tR{wZT5IK=12@?QM!%lmI02h)L|Y}L!77yp^R^v@58&;@Gf0j{Rkfb{CE zQ>9F&rKPgBwCZ`m0Po~iNJOknrYhcaW4yNib&bw__m`Q`fhCT1{MX8BOmD6^SHE?t zzJFi4s@p<+zPjIQZCn3{6SD z|AfQNo$jMnjggCfkvEj_b(O)XEy+pb7X9!k4l65nu9lYZJ2VJ``u0~|<7G%xjZZeT zmKeAh2H(S9$QbFn%eg^L$!Hns>Z7vP9_gCyQn}2~@ez?Q{ z^g&*et%pYh|L(f-v-E#XwVzV^Ia_{e$xrL>|3jO~`CR+t`G)K1REXI63K5=$4{M>c zi5hwElR9`^E0AF(B0)*>lNmN$N3X_DM5)M+(`(gdmu}u+zX@&ypq(XS7GPSd~69Wc_hQv z$zW>KXM>fNFT*Ow`=#xaFAnP*Kny62k2Nop*jkkfX==iXEJssaWSJn~m!0 z7@bv+Z)cr?#kS!+M+yj4QpnQdw@Y0&nz5VPTVoLT(g%a#%-zmnb}nILMnR2%NF!dG z4w=pF6L{Cm2j<&xiO+`2E}&7t2GKed1swHt_cCS|)-bSzJ0V^4lm{31OczDM(4@19 z6L^^U%y0sM-`I=-$qSe}uG+4~6&_yWq{shEi~pH4oJS;|-5)*u^-paP@k#c`VLQ?Q zY+~E&cr$MY=;?hbdgUR?nA4)6cp_-wWBurfHJl@YtYHKYgR#x#dNS!fK?r|y|IKNuD)2kL3ucYSiA zw;9OS5>biYF>+yYLp;-*@Huv)KYilt7S27So%6sYC>$j>w*DG(jc zx)*mXfNs$$eHy4()!D37FjJ}Hn2wImeq&cAgkPS`y zBR5df&sBH$ni%R~A%d(wdb})uJv5B0zgSDr?Q>StER|^EF}P@PgJe3d8s|HIMcfTL zXz3Zp?Z=mmc7LYHvoTMO>*^JWGLY6`34?*n-o40F$70VYMI(AO&Y5A?&Tgo-^LxbE zdNaQXD^E5bTS?de5FlV9u$l2BJhNPiQ~d=X%1H+-$+0|I%XTZ70vqpsE)_pE`=Fai zQKXB3#N`2CYp?Q%RvHP97?v&nZ83b;Xgz?wOH@hcKIcfg<_rKgJz-8)$AFOH)ghZe z7agMvD+qYeOY*12r5m0s_VO9C&O#$cYYJUd&D= zDFKPBQA-JzYLKs>ZAxCHNYzcVa`NC1*u40V0gf7QLm4ks)~9dtIZ^gJF)8zeGA@4r!-mIIrw1zPwbQWU9cmV#I zJOEiu30YMyR5tH>E?{f~*CUdnEZ^`77HYGWWI7ei5ABV0nIBq6#upS8DB3J};+YT^ zrQMRjZ7j)e1t}(G?S`hm#X&Pqh*)=)cyM62ObfwoHDGe)Y4oXy0Qy!xxSN2g z{bP$AZNUboLM?At*NVdNdTJWpo>`p!f*W9GFAwF(k)@2PCis*lhYR)+@snw)a;bl> zU_q~K%nX-5gxF5rwMp*pvUBedp`K%8zi3ocBr3;3TpuD0&iGd6`kQstIUnZ5^N$7M z)Q=l@erg%YsP%pi(~&$V)+@Pr zbJxraWUJW0M17~0C-H{aRa?(kFw6*#aHnL z1N{SF&H5xAMjaXOp!G#1P3ILbR_HLdiQR7m&8n^D=q%PX6qnt_e%o4ClBE9l2r=jw6WUj>AS7wKsDm|Wm!u$hW#XeOh1r{H*nO=UzY+jNzV$Yw$!65lUL0-LN9zp7sAH3HS4`EuR z1%9UucH{tv=$Kjrk{11=oi#T|7D>o1=&P!%W~Jo@vz>dAscc&&QlrermtA!$?5&P^ zF&jY;xUp(qo;by)S^}IUlWt@+M_=>xtz2z~!q?uj4-oe9*a=zXH}Y+ImiWP4^PutY zbe#Y??FG@)CrCOzzKyCbS~)M+FDeECs^Qx`6y=+C+Yfr=8r$=eyAEYGQ?rq5Q z^%9iBIc0$GOj=LWVpnZr-jh~!YMR~mrN#)_1)0d1K+K!%k_sjDX(hS`{pE~d;85h$ zdm?fQY-)e=NxDlQ)A-sfes~!qk#vVx{cb=D8H|7K^MbJQ zdIy;1*4d;cfLcc&w>rKPChVn#TZ=#~c81oj!N^%P(^ER)Rg&9T{G)8p{!?veY(Xam zV9Kk%YHyIlMKVa@+38lU0zcxgiE%9npK^VII!BH1aSl}`n+kiqZ)aC(!|dn)nvf@T zu&?{d;ug!rRf$V^jxJQ=2#X`Bc-_NKF0M0}bQM1@^i8u2paD?nUjKEUkJ(@SQrQFA zxgV~5D7Wn03p7<1F z%_4t|igei^DOQ_bi%Xunbk!7{U2L&y(l~%*j@=&B{Up`?P)|MHY-m|v`frTK_)^S~ zZ_Mtz_CF1UBQl=0 zW2SAL)A-+dgPE_rT25`xmel6;dAYyo8$_0>)4*=-w2m9>!pUMn@x$3F+INjN3PN6m zBJnChZiW2_>Y2H%Uy2Ms6~l3e70*S(QPy$NpaGx@G+g_sWvALg$U7JGsyOuoa>{rh z0A@~McDE#afM! z^(aue?~)tKo0!)T!qYTG&s+?4O9t*?{dN_Lb-6?lCS?4>7X8w`vY?K}l~+Uk0pI-fQJrNKm3sDH_#j?*9~PM% zOr1S-r2g|{Gd|2PCC_%EuDg<-hTPjzLg`5YR4bLz$G^a%#?V}e7(`?bS z0&krG1KyYUbB9yfGGO#$*kpgt=PRE+-YgbR_yE55u7XLkG*Q3aBidkp8SVf4cUEfz zN~XXcT+Pic$0w-E%@6Be<-XsmTAti&mY!|xEk)Z)NV;pJwF@;YWQtBHcfZL$d(=A?FoY{0HH`BbJtt|C%+q$&ggr#R-kY*s#%cMwR&jgtm zcMewQ*I~9` z`K`m=f9U*TKmr(aZ{#6o!Q+)KR-3RTeRQ;DPVA%XS47V^t1`A%4~tZ8*yZ$iKaAy6 z1~tHt(GdQ58?PH^oHvtOW6(H31ISh-*2Sf|1-kQx>VT_Latb--&{lvZTwmrM2Q2!J z+?+lMqD(=4R7L$K`xLeOfT-t8w+dRop!+3eyiOTT5)&}%La^8CwUTN4LhJ1Cgi|wF zGwI{ksq>uMC9QhkJ>&9XDBQ;3(l7%?QaWqMqsr%%D9JguQkNUR=)@+g2c#-{Q0UhE{Iej zYn1J!6!+BLq~CKt#Uz1s#LOFaT&~;TKwEk6!6oA9BFIYj;ZNG{I~5fb!lR4?t$Wsl zdXaon1|CpXkDd2-lm~HcQDy04MlNL^h_=YMIBsiXo{=pWY>J$D;VxOSe43W1Ose8g zo*(=b2DZ>X2Z{^>8w7VKku%3##P2{#HCde^Ew3gfvhW$sAts#N+WMU?kDLkx4LJBi zni?zcyibaC===0EXVWJsd{sUa@+NbmFIAb_cup5-T3Kpe%B*_plKQx^pmGg~0r|sl zu?EGag)ocrK6G*l_wVZsiRAWbmlrw17-YcK!R6#UQ{JJi$(m!309L25w4jKJ`Z{8( z!mSvU^5Yr%!!9@v!px}#JQraONjD$H>(_r@pdc#cgVy#A0Y0h1A;j!WnWHXAu-nvc z-F}Bcs3N0V70=^@hlrznowN8*MDz{x$G{JByL5C(;I{ZK-D%H&4aH^HyAdfRj}nGO z!MC#f1E)#mHTKLZ#?mkDm1(^$3ghH38Yzk*nHX8|jiJpI9OG?YKTzMT#z+<-^P-J{ zbeFvz4Yhktzj8h`WI_F=lj#z1DJhCW>f;8mq4B7jBW<0b$%_8efW*DFkZ@M$S#ht~ z;*d)@m&4Jfyw4I(hqq{1F))RuH~(?O_V@of2Z4r-(fBKN1;4DnQ5B=;lBq?_Vg%II zL?C99w4TkHRkxNF!9#JgTF*%V#=F>up}p((#1H7#E$w&B^H%}uQe-#&bW~{wF?vz^ z*`~afx9?KSNpq=0`D1|^_H3AY7!av8%gFwJa009)<3|jy?^_JdqIcl`9s&PrCMHgg z?|Byfk`L#b*TGx9I zRKN!Vz2S#eg?aHVr}YH9nM70CX-6!)RyHRR{mMvez@eGwu$M=p{u~TOndWR}i?1F) z&@%%21)OK)6OM}ZZ0YhnIc@k*ob>HquH~Z(KGVF; zwCqwjc(!&W_{Dx_WAmZ?^e;h~(>aGtzApgRHW@kh($boq32k*9|yET zy}_P98+Y*T;Mzaahz5n#VjRq5O|n$25yi%uifbt=>k2iK-E-}Zl9-&aSwwQOt5|30 z)h{$?DqWqf)5@(Lf)R_9+SAhHmBsRYWw0j6`0mE8YOgGc7ujJwO|i@11>D98Gb(Wq zXT6F`B^5_iT(b-PDCAz#{9gD5+rkdUDX6V?aZ2xnfe|D8@Y6ML6+pr}Wmoc=dq-Md zcmFanY3v;$=c)BBfJ(DBqSD=!V+x83!`i`!z@Bu=cOn2Wr%6Oo+1%_U_Nr+-Hf0F6 zxJb*nvS?nDv*&-)s;^OcvD_;!|CO;<>~Jqy zkFRq-eR(31DNnN7Fb27sn#P&i-BUF>EG%ZoGMGc(p%s&?0=!Rq*=!6%b+{_LtqJY#Kj^$D(T$1G(^(iA^u_$Mf z%g{dHB=*z1^t?#*6=;(wuR4n#uP&rioJzf{E|kR*YV)r&ed&)>%C3aT-U}Z6R-Pi0 zXyIGEqDhuMEr^VglEz9rl-_YE-Tr3Yma_Zr6TW{?dA25=8G^5MWMZ6lx&7c^k%7kA zc+`8I*U;85pOC0ZfBwocK8QUl=KV@Nc_`++6k!Xsl+_IS{dx?wtnQ4A$;*G^=yE#& z`y$8u=ba-b6qH-WG-265n}yt)(2&?l1^zEwum;Bo*1Z})?YnvjEwL_-4f|cCMlrkRbD=+UBqI26MUH8v%$KQ@%pm64T9F;S zsAULAA*AZO7K8M>sDaM{51B^;Bp&_hFBNpC8+c7f?Uwp4e(6u;WV`VsA;R;q&@CMa z>I;Ld;O^1I2g9rvA;5~r$-ahd+%2{%CjFSV)y&-4R65^R@?{k@vx1CZ@51w%JFxzB zU@l1uYKTa1HJ40`684df!NwPV?Z-P;$}#@Hczub92yyY4ydQkpo5qxM`*Xs9W$CsB zT5>8q;n_)Mf)E*S--kR&sS#geM1q~3(-$&*j}(LBQYKnC6TXe(kuT9Y+qw%hByMt3 ziS50ACAOc4hIm)~!EGi-r&km;14gDO+fP{sv)NQSOp7J&BV-0q)5{=Rou2Z(V{=y9D3s&S6p!sxuzEh|GL`bEj<$iPy{#TP{>_3QTmOQ})$clj?> zz5CMjk@ohopBih7F}@|9*Ixmzcis9le%#vodgembz9!u& zvJ{TRoaB^l`%*qqTzB;;t|A>?y$InUFiAl-(w^bYn5W6M957KkLA0Jf`t(7gPFX+o z2t=#qdNVbz!_}``bT!;+*oISZhFtD|wwJxgj{YtQ5>=sKw>UvzU3uUr>3B&{@{LHJ zf~@J59R6#9fpA4Tx86;X=>-4s>zSgawc+f*uWVMdi?^Orv}9tvgiqKme?B$+9$dcU z?%jecD#i3`t6w;#o04urZR>{|@tIQ$^Mo(FJ++d=S)7&p{HO^8wUn|aslsb&IwOwr zWc9yU6}@bvQ(!?|J8M`+pX{nW-~cw;vzzo4Y0$bRmmp`r_&#a#hrKsovYL-j{Tz{=UZZp z=60!@Oq~<_#KDq9!4JE)(zkA8=~wUc5uI;bLOi@lC}V+Xu=@799uJb7cpEp+H#EXK z3(qXsY2%ScShzPGv?}dv!9SEayEpA-x=X~_lK&*|;@0ZEi5AdDzS60JXC@4N?O3#` z_f#PilYw8dcHCshPM@=s9s z`ig+Wd;`I9+M24UqM<_==S~57UNBHDV>~F_VSYK?%6dN2Ef2CZpiH`o3Tc_|${kV* zauI7>7v2B(A_a0xUiKxF)6ODKMt);{4fo5xw zngUvkk9|!dAbNs`@0IOzP-(ZKbz3)rzgBTGA0w9hRL{U>fJ#=MilV7~%11^D}pw$wR`p%ze6ypM@r^OChz1P|d$P`MG<+`ObMMu8abuGWL z--z7{S{C8s3@jp=KnS!soevV`_iF6eS2)Ii-sWydhY`ux^U3k;o4g> zeEjupk8f(Erycw#27xFncMr?T@pc0nvU@`tB@hiI?5!l9@@m)25OwYISAJn_XHeoZ}y>*$$WzX6z*e2^MsmP`w z5P^ zJF!-5B{%qgQ!|cK|Gkz#{r>(TqWvs6ozV}vHPcSbWYJf)r`F{u=kO(Of{-m~I;(5K zm72+gJpZ*P`lP~i`M1w!d=+=AsQFiVsri0%8q4Ls=P3d1e`T33<)Orqvudf*K}mE5 zrXGuGKaaysL`z;a==TV1E37^Lc>55^=lYqZQ%QVlD|ELQfvBkL?x{PWt>GBvD%ySD zOe>+9C77rfS`e*uMRQrx=l0Dy0#lV;MVN`UZgt5#n&y|9zpM+6J&7<}r>4hPUT4m` z^ld}>CSnc-kh?hdA>#~co4U#0bA^2RL#-<{I0mF=F%MPF%9f85*x4S*r);w9vbp?G zV$yodRj{&XbbUZ9U3HUrddo8sdP&Z1H!;mxB=Q~x96rO4{$BQP$tSt~w(%c+m{?Ez z!MFTNH~*)Xb{jwPs9+F@cQ*YG*n}7lON+gokleZNXjs3+5_RT>;c*yip9A)hClW8LjdCCb{Z0H#K^q>(RBlC3 z6Z~T+bt(8Z@Nl|2+Q^MMBStd^1AnIj{7+@|UwHF3FyaFLlHsAYf?A5m0c3PFKbbsH z;0!0YrBKq7>bEAwF5Bkk|6kO-2Ut_t+BTdSb?gNJQHsuhf+UooHvtO)=|U1h2_S?b z2{oZe9}B&S^sbZu2}MeP5Q@3k=_DIlj;{89X&I1&O7fp?=}DVy>w+I+r9SQ zYpuP?^W69S6kXYBH@^CP$klJI{O@iiO{dZbM$p>?6|3ktUS@)@kTZk*;vhoU=7=Tg zhz?3ex0l!b(pzlS4tK-PRqWF)_M|z9p14E{8Bm&T@M7Z1r|sph@}$2JjK1k8fAjV- ztH&{-&x$&yZ(-BMCxB*)RKvfAJM?8_;rYugd_(i(Z147GtxvKXjWXgbi@KZtUZ4|> z2wx%WN9~5>*dPf!^?}pN_3`o5@l(+ji`F(aNVm)jWmPss9EFX{Z!E7Y7yk}+BC~r? zhrU%WqHonRZNK!$;?F%&Xm_;e!tl1}?R^%{KQ+~n`T7?&I`Q$VVM$Y5@C6&|MI=EI zap8DraD*jbBS-6#I~ zQ>p)Ra`F*5T*Iw7>Ba!TJUeu#Q7+HyW}Ht$d)Js@atEP^pv07HtC` zv#A=~a4c&PW4&1Xtci;`aonZUx!KLF{>^|Rfqc-{8GN{P&psHew#@=^0Z4$C;Hx0|emHCT$2L+sgg& zQH%2DRFvKf`-mwm3dCimB!YpjX!xITpzD@z_apgU7=>XY`!A-&>9>#33D-l zvsFmO=32({K(vKm!vshppZFBCTSp;E4b7Py=N}yPeyou<5s1?g1}D$0d0sH>fsNVO zX2v9A>=cwHv%}`h84r_ItTb4>rZCtpSvCHI+8oJj?|np!QjirLK+A8)@EB% zyJaRu)A5G0+m{AwtJ-E1>P^+D5oev1voEGud-@zV)K_=(1Z_@>@IzrOdX*Bkn^JS& z4lP$r_sp#OReI+xa@^k#c5e0$9FAVJv4ss~k-#EoE7G-_5#oW$7Y;10C3eHaQ%(~i z_?yS&L6Wc=36mGQMxSKd6Gv9o^}>kolSm{KgC8%i*KsWkAtoyap>#y}osR3n2cHnk zFbWY3VQ8a(V*l*Oc42ec2f#6{CQY!CS9biE_5zqKdu#v=nU?Lhm`Zi+!?4a8wsu$2 zWl0P0xkwkw!!M3`;!>;PUFYW)T+R{Z;3u(ctR>={JJAw?;2MXqN)<>&anIt>@*wK1 z9KC)r3YV6mDVZ z1@mx%l56xlM zSW3J!5t){BlAR44)mP09AXPSE&c2NuXmy>&+n4u0xZs8omTu!>Dgs3jt-UCB;5pC>ga3rW;LDIX6~)HS_568VE~WmMYLA1;$wW8 z$S}h01uSD8gvy#fUH+6O{z%j9X$Jq+H27iCQGKdkx3-)PME%y(IK%aT;>BG(sAf-x zRW^Y)gK$5UVsIL&qke0^D7YVuz)yf{qp%bbi|ftcUVW;=T{PeT+y6W&efb|E9X;-> zH8Lknciy{>cqfiEI=5fp=-R2#T&>icK+iakMJYLOTbbJ9AnITd)%bVg-iaf0t2$d| zMD;79$S?L(TqX|Mv#Of;#ks0r`J2mC!OHC?Rxkf8VQnfXsrib8!h=0us;!Orpj~?n ztpVFNB$lyn?R1f@lIemO)PsFVwzM{MG4ZZU#uoRfQEeN^;W5L@Iktnc17GxD6(_#T zabIDOU)VA5RpP&)IxF#YRrlG1`pv5Di-hVz=vN9aaH&TaVGS#`2Wji2Vp;PI2aIO> zGWolxj=LPk=IW!lfl|68wMn?MS2u0bP^_e0Pw%MitVw`T4;^`ice#6k6*De2@

6 zMt8u%l=QL=in4EN6Rg-jQc$QUy72Zv6!QMzPVbgN1l6P+4#d|n&$T=M*$iZ(wwF|ghyY* zNd9`M0Dy-z4*RgfapFmY7D3Fz`Fwr*(3K_GcKdO%<@pn{Uh1jHbK0f3MWG!}zB~HM zHw8<6HTAn`p+7N+_U^|g$3Y;S0!hDZ36g%>Cop8pJha;4nrT(OO>nLZTo3arFwkrR zImg&Z8s#9_wsDEAP2PChioln_eg(#w?Sv9I{Yb?)8`(E@WSeBWoEJUnZWsL*nOp9E z3v+9}{$NdXU^!DnyxzEu&BC;$>|HrNosN48Jw5D8($7jQ?dWDN%3aUthBQL5pGF@H zB5!)V2a}4sF99qe5poQrc6^p`PBVN|S$%o<)czgBww>EK$(Ng)0XQzGo|Fh1j zg`x!*eq?wN6da{Lp);;#N7mr3b8?z69y0bO6^%zD?&$ zb{@{mIyiC0HE1oe4sl3TiTL3rWwL~mdgMhOyrNHMDI4A=1$T@m_Pkejg^H7U*p!EF ztRO^Jpw*^_%%VO3214+YyZcvHx|Q2{Zd}yVoO?+@ZAOMI)9#M$crV($Rc>(hmf!M< zY<9V2E|cYDx&H&eS981C$Gd({bDFN%(tRlF$-7W`JP0&)oAU!eXvXhEiQkD8waJ+o zccnAo9!QW{aMW#FFS$4F9Pl~SPT$Oou+OT}D*SQIaoieCQRSIY$K-@U>F16{QZ&D5=! z(XfXm(aFiJEAvtqz~!EAhM4bOd;uIC?fPPgVCq?Ij!zD7{LPsdO#98l7$T^^rP+A_ zyl-``T35+)AyUDNy-%c|F?2WQy}Qqrz^x`#mpr@6%hWFKEw*e@eUM4D%+YGe4!C1) z!W=k_tpb!GmNbYY|5sTf_Om4&bCIzDAIo!75@8P2L0%3TYIT`$j_eKxsL<)M;6E8XY|)^+e4f@c^$c3Z4nHx?*G(S-x=O5 zgfB=+@u^Q%cBq8)MMXUbg0`;k@7sr28R}N?4aWhJ5G#UfIDhTPtaC5 zq%S<}9i=-?<84CE(>6`2h72p8y;@5~Hcz(~eE^JmKUy7cbwzCUdhgi1W8G%iqI>{U z#%_Cm02p{>jZhhtD!S{{Z!>Fm{Ny|F zaiKNZ=+5py-53n}#ItZ3a(#{Jcp4;L5Rwias&=#EWV6xCpb@uxOA4beXWW}Fp;#|8 zr;3S?rRE@~?b5PYax`2wOmZ_tD;k7OUYn?1FO@G8TsiOWI(q2?fJoX6_l{k?@p8Rm zEn{)}FN zpD+c*oP!}aJ@HRk<(_}{BM6mWvZa#Qt;`n|FA5G1zrM-rPwqyWvs`c$cwCrV6%{2~ zB(7@|ho+JP;#(E%bM%WO16&^9@i=K|DZF`y#4+3OeziOX;i?C*+&17VSP_}iV(de2 zYj8K~#-xJB`T>W(d&}2(Jw(q8&CssMNpgsS)$ma9p21x7hh-kQKdz;9;F7Av<0P$% z1K=7<$kDyieX5E63g8+Ct1TBNR$77#Wd}TI*i0BmPqFxHaS=EF^%;7h%P0 zz|D9+@8?R&h~@G66Vc>rxFylYN=MXh&79$0S3nnsU`tA;57$e^1?4`jYMs$8KhxO3 zNnkD%n^~|moWVnMqU-dLbGTf7f4Y|l@p<;xnfsiXT|ZAtF`;b%G7RCCsA_sJl3pqO z>0Hr-Ls@0UQAMG$t};`d9Ok3q{_~(G9ydgtP8EKFCyU3g3ur;g0~N~=Pl^pP^0Eh~ zOb4j+wp~+DA4LV%DXP^eLI9x4f{`1S@8EF08J)0|gwt5n!nP==A#pDcCgE~3L4hsx z%+!s(+P0_*)jz zhoT}M^>wzW-fAl|M-dmBaataiJzm}F9?UXL&j>R;6miTJW*^tVJaY9nL*f_IP0ZjG z*@4OAU>7AuTd8q^0^suJN$JLC#^Q-w`ewwE?w`;Y{=B_*xX)e(|ZfuB$ zvDC#}qR)9`UgWnq>wKbX7$`-$;{zaM??zgGb#MOe!sPk~z+PqYojXp|%2RJ|eE=*L zcd&BUb-7kR<+p8QTf7Mul=nJP^0#!hYRU)hL{AJ%PCw1e%tT4+;V@|ibjl1f4DQAF zTp&6iH?g+&4xV?8HP831VYDoReRj1Q&?$A9+iEr&<-8D;6BC~we=$@yF)mO6rhpKb z1XF9?pUhR#()=EbOfySttJ2foG>1~7!OrY-8)!o5UCB6GxPe5b zCbMVUYVoX=FjU^+QiKV|E?fC>*^mP>NAs9lYFQtoRmlgsyjI~6s&1;=~MKQ-Z5}1 z437;rhQ6bvPVz^iCp5#~N$FDKMKOdZ*arZY`ISREwi>fG)ZOaWg7-+J>n!WeeeyEs zu=6}lHmQMQa8(%Obh$pIEL2glvwv%k2 z&;*QByicsxm1D28w6ak_J^M-ukIaP&H0Lj=>n$yu1P} z1n3-G@JbW4-NyJ>dkCUk22@xfk;LD9rsT#Iq3iF{;uV{7L%}Ga#n)5Fsr-H}?Xvd- z8&K;GQ&E$afm@k27B2N9{pNT;G4Xhq35-O=5W*3at&_)(2cUb~G-AZ@I-DTmD78Fh zdx8&Lf&Bz&b?x}|MPQFG7>Rs*bK2byq$T8s7i`{!yUImJANdHlOuIQ2Lgq7d`pH0_ zTj;px>Y{-K)Cz2%X>6c}%t?!jI-T04DF-TL`-Tn?8wZT#6QMK0khMi=u}TPKgGuaLQx6`vu%UpB%AE3k4TTicE+8J zCfwwusML0Baz#XWWoJ#5C3|Gwz=T1_oAXXBr}fU$?9dZwg}d)*^tCp*1Z4U7} zKgGfudQgxAGX!Pb_J9@E%{w{?20qql$a62Jz}gTz4lDtgHu$Jwr^u{6EX+2%3)jc& z-QH+F8~x(OMd*TJ3*+pYo2Jpch(=<-u3@_2?0N)C=xh?(cx2(4V^pER9V96O0*kpb ze$OmrGDic0w9;PyMYvf8A|1+Z#y?6|jWU(6oCM)>P$*uj z5rT#s3h=YPaUJpkH#0l84U`VtbA{oj`3?H)Ebq&BtuFK0gQs{>sj&ElivT9nH&fJa z+0)sQ)iln>pVHwo`OqStO~N{RqF|fxvo^xJx2c7W2HJPC6BkH(z|}- z{C@YUV4qO@yFtfC+WJqTnX{7Et`H3_;|pbioMCt4S5iYmS&w*`?uS|oruZP1uu&~r z_@t6N3l93fb0|0Ipi3<(`rEuT)FrrV;iO`vvvY)tK4;#WBJCbkKIvv2wT*ff6Rb5H zNQ{HFGZMTRZ5)W*h(Q+lcCoiIwo;toy6XZ$kU! z=!r0f!`Vk_Xc|+Cn}T+yv?=;1D+0Im&norEbZj^oSiu4sdvUJZmfBpR5#Hjf++KLz zb*S5{-8nq2h8GD_Jz&EZNfAna^pb+^ue@WW->PG(uT#Vv8*NdDj*1@X@crpY8TE~B z|E3mxfHh7*i4+u_$HLB3Py&^uhSDunQ#1Y?&2K?W#q_^I#o7Gz z<+2g594D;>Y>=Qx#59H@q`PGGX>zz8SJ%@;k1jbdb^;4yW=4?T zr`|m@Hn_LTP+PjY1>%{u-b(Fb1L8Antg-2f(O`^JD@uwz}M{$amp|wS0kLz zrt*lm^9FLUeag8gal!I}%XiYwP14TI%(y`AdDWq;*^>BvcK;$NhyZ#evYq8Qox#Gt z^fQ=052wt99A!EUVs45;E#S>%0zLWj62|Nv#upYo)erHi3k-4N1afynumw>K8n)v7 zc@7sLs<#@rwY1MAo$nH4LI|vGtJYh9ey-3lEjqMimnL3)DU5Rc)jjLt7pM?qW^_j9 zLYjV)1(sT;ai|A2yusMg#SJ=V6fVT@2%vZSw^8TY%;zO{en@2dMfl-s3lI@ZGG zBi15Sq@3}o^C!aur)cG=5IU8OxyAB{(`2c+-(Gw#){2|DGcrXFJlmL4(~%M~=e1;# z|FmKD_!>wkxE*_BR-ZpnQHYQB8;$LY5cxNNa?j5+wk`dQ-_#|(xyyf<{Vw6FHtOe) zaQ~o<`UT^%uJlzBg8}W%@@#5h#IB$Oo-|!hP}G-5d$Dpg(&`4wi=7VB@hv$d+u3EL zgYh2-Z;KlemSm0(fGL|s3x9ytvro77z29e85Qjd!raI^*oTT#Kn~fSbyjs0o7CL`9 zp787ATqe3G5t3>S4SEYSLZO1KgiiYsS{Y4N1{8T_^y@uJ*K_FfzkV+T`nfB-c;*Ox%- zO#;LYWW)(H{(M$eg%;%EK0_dtU%a9wKEkj-U*X-m)$`vPy_4Pm^5DClR2_YU3ww^9eiOOZbml&#*N6o!Z8znASo?0_L4m|ooWu)KE^L?4OD1FCq zIHR^Y5A_>K~hJTE!Q*L#ON`wxm~X={orL|m-(YtEiIg` ze!cJf>I#v0zx1ev#;&g+7kE!xHeedV$!aeqlvJ3gdi6x0K2^Vevsoq9(sDi3O-lYo zMY}07@(JM7w^#a-=a2a1@N-t8W%~aIa0yV7%M;aZ8&%*sI<6#qL1t>hxga!e*3>jJ zJ^Ow4{cPSTeaG|xy%H7^mJ`FoTJApXttkHnnVNEVf^CPDrPIde5a$01Ols8j_gKv& zq-SzVsDZQbYoR}YhJqDfbV+~B1odW6WeMw+vuuIdFpfCmKQS8e9!8_1+C?exn5yKY zpo@jqrwRhAS>SA8&Mhi#po5e++*Z-OC`TqhaA?@#! zB9-F(p7GGHpGVfz%eer@&wc4gf9>-R(;&ctq74u>`{UUhVor{$qJ>b3O8?Uk;c2=F z%Ck+>aas9Fha#8_*5S6SpaFEv18ssUWllU!ZcSjZ8tUQ&9PN`XpUy;qx_dY>W5LurB!d#gIh!#%-` z?~>@G#VE(Mo`RmP<^hv%;l2V)pv!slz&(w8^_KLkLMWNt%dTK11sk!tnq?81dT82b z=6yO!Doo=@&5F$Q@R8Iw$6Q?8+5#%)bsMgLGQ<;U@7mFSB@}dJ{NJ;@KP5n% zwI)LQ_|Tl!SS$5|d=O3-&Y%-)*8@@O4Fx3@i(Jf@>}qz+pk1cYqsML7*{&>fN(EC9 z+|c=Moy}Z*x6r^$%jAH-&;bMvLugzQ3|w9rm9OO+4G8Vuga7yipUouw`$hg=@C}0r z<(EEbXynp0G(OP;zQ;k1#2xbQso_3Fcb;M`8~Mt-r|dec<$m|FGv~t==^-rcy!@uI z|3dbXwuAQ&_}8?Y-zfX`K5_h`?;?Ku$5X#AS%G2GGR=Cam**&Xtp%WUL~i4nhy3o? z)xra?v|F!?wDk7%N=JKj#X|?egZd&r0GRl%)?n`0C*$4tB^0W=VWhm6g?84U*UiBE ze&3Q#^!+yUecvQG1@(~yJ8bz-H7d4EeAL$!Odh_dprcJl3-dm(8Dd=1=h|^idTrVq zoq53<-#ghfzLAxSnOA*dXyKuC5j8W+YCbe|?xDi`{7{wS8^b%O;TxAiNd*l>kou$K z-Wq^8~A2tk$Ryk&t$cRgL`VG50hGw*+Lv0gwMt?siC<{x%3-w z3=GoY$BC7x37iETkxptWf@CvI&IXnp`hj7mPC=!eEYwDgx8ABhw?ywmp&^v7p~ zHUl%63>%-EchB~UwDuB^H=J}Nf(RmdIZB*7vdIs>J2C0}v=~z2w&h#PmKcosr~~la z@0ddC8zzt8MSCL~?5iH0mr>-TkVO|r!~*0}({7EM-n`>5>H|Ri=Crh6ktBxa0WdHH zl@KlaSh26*<&+dd8y0>!tMZQPUb@}$p;W3scq$h#s-USlaHmml4C~RT<5y{5)iF3n zbbaS`3NQiv$M&Ru`!bIFaqXTM(^IwM!F8;7b=@*WuVv={X6>#tcXoilRe(JKuM%)c zq7EgxAZY^cd`;G+8`1CcmD|?2tTu_8#-NY!iMq#x?XsDJZQkyrY1l~(Prv`mWcKdA zgUp^=1(zEz%gGDz->5xZ$x1tteST+R~R@g zq0U-xK08uvEyQVleM$E4@x*7+p$X@09lO-Vz=7}hnJ_)cDr3x7S>PFiTSjI z>J-aoT@UyQTg3kCz`Y2*zS{V(4fWBEqJBB{9`AD7JdUp^K*X`5c@UPb?@cG|J8v<0;Pd${DNjWt-+`~)*dy|{E))@CBCSUs=>QDEdnXkwK^RG zJ+;b3TyTO{FI{|bu6wJOJa)0Tx2uPe*V|%#)0tagPuv``)R9OWs7Bc(7V0h9&S`Gd zW$!6`04%w&^pa%{#3#f)&9uH*Ej5Igq~YIcqpx%|V)WbaY>_lXm2!NjQRPd*p1H(y z3I-bp%6Qj{Pta0H;O))olOpULe3Ep&Z!f3gRVh4tsF#-bWZ0qz)QjIg&75mUGv(5P zT-`P4i9aNI9W97>sKUvrIa{XA{s-mnS^c z;+)?Zqo^ma`S?D9k5R&_8TeN7hr5|@92}@N@U*0zQac{^k}^NyUp;vvQ*E}nWf$vo zd>65vcP5#ITRdD+Ksr82xvz0?VUmrxRFxx_Sv(`kIU<*#9Szx0wWzooJAba(8}jPv z!8kj}&w#7HAJ*}UV*w<`snp>QfMxlW6C=po;U4*ybSoUH`xh}(jZCCY#&EG={;+)x zbwIZox1C12i!s(CidC&#iR{EK!y4i|#ne28{F8>^Ce zrT>kAurhD;s@rw1Q5@$&;?E-1=~N!(D+i5Y^Wvv7FB5=?q4A2qO0Ay*Nzm77<+p@q zt+Sto)6hJo1&EQ$fgXB`om774DuZl?8UKKiOyE+-`14o9fpDQN zg~l9PswpXpEYKjFR6mkQ$FA&a&&xLyYF1-m@rajs;B4lyUu}$I3W|q2 z3Yv{Lti`(WNXjiSN%ghSg?uf|r)$8T7t8$hIx-;wNR%?k4DD9^M$K-SzMnE556L_e zN}MZR@wqgrW0dRGTX`Eh$IH7MmI>WFRHx8P+ayG7jxe=D94ZQpv+Pzq!7+qhXR&xa(AA!IVsyyts*YZav|?6)j4N(CSfy9V_V0M1opy_ z3~gKB{o8{vQZ$&x;TU^0eEtW(1TM)cBf&OcLXnH?>i~ zDtJduoQ(@;y=<#+Wv*wfXD7YG!LB*2wA4bv0oJUOxh*}(`^UD{k{mi ze{BBG_N&j#i57IqfUb8HU4N`q^-nnzj0msh+T9h+JyQ#Ap(v2spyWdD|H&R!QAc$c z?Rwq!RhXSgc|xMj0uJjlza65bvMaxD?FJnhmbmiM)MME}$!t0TaYN+hPYHyZXlXfXtJ#nCOw1XR+_Q5Jtgi8A z+E6&{SLV;qV-S+$j^DW6EQ32O(TlxFapO5&Rs1@k+oj*mBpDcMAbPq`cPI|sKY;<> zWj+K)bChqKlrUCnvQN3RbAGg-sZ#cb>l&IgohA-}l**P9FcvzIkF*UV$1Ep_)bvg# z747gh8~t)pUNaa4Ur4>C6VMkMF5mprO9-D-n0+x@M}Aa8 ziv!_(yRQ%Mq6#k)$d?*W4@=ODdgoA0SmMXnxhssHXX?sL zb6)z!JM_;b%>E|f)ISfDph^#vFnlo|J2KNJfSH85twmEFU4tm|iK(NXxWmqeA~-W2 zZa&4~(o+MEh>Jxos0rmFQh9!0wZ!jo-N^OJScwImnJ{@58r#7!2|!0Ix#a#csBnK%LHXHOM6x9;x@~^W?n8eiOFwv zCl$lCDc-QlqMq$<54@3J10cqmv$HDWIGBQ(H>_#0a`F_< zr~vie9eB2xQ0PBx;^3R<*rRU^(Vt7Y5<^JBNCmdr;uT5Rl`K{a3=*`)ktc{>{`84U zGypsR6eZa!O$U8wK{jZGZspzkY~{TfKfSJVVJY5wg}FQP10bk)PqE7H4D0ykA6Zd4 zpi+)8-;hO{fkpm1fVQ%4uJCWVV1pIbL^6S|u0|-g=5pd2i^)>8rQ`QXU&G5s?F?$s z(URM;=L*B9n+Eb0UR|}%?XvGAB8x#8%6SVN|ENg#1$U9;`ReHOWBFHKql)}Z?w}*G zU!9n~gB5fqCPJr4lbO8>CKaI3i+`EFS+<-adb+Cx%oM2+VwITEnWIYwsvp>JPjDCx z?O2hpEc_2&um3-~d;oyfIlFBaHCOlQ^&!i(NNp=WL-cKAbf0TRG;6e&1o&1CMrrs1gs14b^edb&mi#+B+a7vz|H7u?L*gGgFhcb}X)?ykjb6zGdPm^K#g=6ZHw9z|kiX|?umFTGV25^0x~=>!rg zI8sMJI@BI-VBG)co0sUD?AJx^N6nV6vtB@0530?W!><5a`VHIRM&E_PXCD9_-E^Z; zTtKk73bmx2_4&WS7-rG?N*Q(v&zN~YC-fQoaS(c z?$rJ%tD{&W3i`2FGtdMw$!lk5aJ;z@f@eWRRKI0wkFbl^*Un(f#7=HHI*iMj> zGOwkpmwUOJtlr4kY^CFNpT~a5Nc=emk@;_(414abxz2W_o@^_-vQ~~FR z&|i+l{r*hQ5=*=c$3FbLQPxnJZUeV5sPBP(5-NkeJat!-5kK9<%>NYa9My&o=}L1* z%<=GAn09ze7z*xj(^?^D2Y?V^)UkGuciJw-a0EzOt>}26Q${E$A+=*NIQtuf>RF^l zr@mLun^eDB^1@hg&4aPjie9}MbAmoB4x{YLt@$@Ikdz=lE<{jaWj*a|;IO)~(<_N1 zL3LtGLOHZl59njA2~29LH4!FM?PfprI65O6Rc#fIR~H@R%E&dBmNGXjzmwvNm&!#< zpLj#=yt=Au=Llm7Oh8~#dmsg&-py(Py?ssUo6XisYEDmuD5r#V>NeA?LpO8aoWNaw zlZD>7Gnf#3rpjfGOTv(rBP&+XQk{5`!4S*{)N7H$gfViQAj0$&RV&r8>5ef6VTygA zk|;(?Q1tlOZSpU4aXiU(Y{H=JhOO&ge-hTU#^Qu7m&xSvb~wB zXjcs+GWG)4LwP#M8hU6Ue4s1OS0Op-alxV+C!W|GJQNgZ+;dV1Il#rRfRQ4+(82`T zH=W~hj$J2J2veHRyDDM59v95X2wNtX-pqTVW{zm;+Y;5Fv6I_;6N-gvGww$0;~-o__VTSv7m9AXZJ-Z`p!#;#G1LEu_r=^7bf20lCN_IPrd2V&pE^Ko)Uhv< zFFKO7`wNm4*FQ#Eie_7^9~?Z+@WljR za=K_M#Z_euZR`K!e?3}qhtWq%p-(A)r`TL9-4gvrBO(BBtwL`mzhvMt=*{#`UM!fg zHt6dKqm1hzqDd|B3zn!se3$h?niiL`Q0;nb6CPlh*;$e;I&b|fy?D7$Aud93=jDJF zwzQZuQsp!E6XlNgLn#uC1wWVY@U*asTa=>Mk2-l?HyFerl4{dZHLR}=oVH32yCuGI zpeB`fA|#w5lxtD1(RcuZ#Ed&H+&#qCiP4rz1sQHt-M{~|9XpFulsZRjOu*puHdvn> z;BQgu8gd-8u2_Am&=zWI=G7CTg9i%0^Ihh^<#(tcTzqOFzru3;&5)auVQgq$0*gEf zIMD^TOru&HjnrAo%!>BK4Uy85nNT_2JZ!*FFc_7}4S9ZDotf2;*S4JuS9ZKNM}V%O z2-IvJi*|AS5t(r5o}OQ>Y+F3gn{RPy9%^j4VH<>Ui$cdY8HK_^`~w4$V$26d{GR;s zgVzTDZn|3d?!`*jH6;w_m+Wv@^uFjZT9?dq1ka$mlELXJFw?fM$3Z^B5oX%*x30Enx3JdpTzOCG ziEwWJnM|$(Q*9+Gs1D?saxLBA68EC=uP^zRV2fX0@-N8t{8{u@^~68c$DjZ5gWVs3 zEh_&3+0Hn?@m2B>I>#zyd*;ZTildS`p8%2peh6R1n6LIq9o-!Xh4Cx4u`#oUAW{Wj zcOTn{(Mt5@2nnn=XSm>L%npeh&TI+!XY}e%jTg*?VkKA=L>K59zLUkQ2*AmeZ7m| zCHeQH=ob7-10L&rZx^f=_DCH=`s?)D@j3Ycz%0MT^8t`A#`WKI-~VHs36Afcct38f zUgJ6E%zmsD$NAGsz{Aw0n|&lipY`-}kM+|Z0L8n9k^4;<=rw+n-gejejX$>6;1Bfn zqMv>6W235mgyu3ntERV>&!^UUMsKZ}kFCY>v9-is{C(&8sJD5YAojw&x(l9oklDpc z^a;Uh_GjwfEA}ZHZp$^@d%WNaF`@lBm!6&mG(4PYIU-1N8L8V;<$DeLYN+2eadyqXQ4N|pUgo% z`5WnoZ;e`twLLShzS8m`$mp)0cO!DQCO;C<(=5VvELgyu?pFRU_+w2xT(c*>LG6LbxN#Dl0>}r+Mrl520Ld(wP8tLaURS+ zvrR}>VJ*W;RoJZ9wzuE4Y|Zd>VU8wql(ZJ|9{~NR=TKTms6N+tfv9@Lme+=~;UrU683vAGGluuyhP7?GiqC z(?3iHzoal$uR7=#<|1XOA+Y3rR&V<7<2Y(wO`}vESv!?zpH;{`DPSMyv#;1F$$e-; z{|#IULx{06meRN0b=~IAuG>Akoq5ZcKSr5@gV|c7GP`)HVFAzMSP0B5_oCd1diScc zkfo9=fQ7kaV%?(C4QxF}f*@X_?)Yd!m}#I=AcxYJdo#~&_57Zz%V8O~L}1AxPsi#h?u{0G>6a_=^8N9C>3?6g;E z2V0~pjXpkwKAy&FP7#;1@X#LSP2ghB#lmJIp$H(0>hmWFO8q>^%9AB^vu2n|8ofM1 zl+h)tqP6LTD%_5H>^AO}aW0&<_Xx1xGK#GvH)H^+-jqT)Dx5l;$uA!72ffuXzSW0Gx}BPT z-%5+D(klZBU7CBSyz1$TOI4mKsoVT?AI6dN5MblOGK*A9r&X4IAnWC^DE%C`7+ew| zAd!FXXvaxAzR5%f7i`0s0U%FLufD$D3)%K~DWqXcL5Bj=Xw2?@C_!1505r?WDrvmf zC1XXS$41(?8-@F5U8&hhRHHvz`m51JIBTeBX!+rc8nQ`f^LV*_Wbdw+B@w!=e*Bn& zdSNaVm1kdR&_m)J#L`yPC6FU?S=l`$D4<_=4o$=*CAc-7ozQ8 zDDpxSRD(y|D59Vb+62+E4OLD@RMP9!SZeJCj<2^lx~KD%(y>Lbf;$Z3U*XpB0T5GK zrPs*fVl8kA|6A!+UrOh{l|kromY$0PqHH>wM1x`~VHmkSGCWKc9}L0_M*#o7`7hi~)kzr-x?W z@>ZY!05E>Q2y=PzWK#AWj8cE}9O`CbzB9x5!bL8x;V7`EXnAOdfp)W-LCBRNc^N+B zJHo?`r^hHZp@R;SVsBwxg^J23WHtP35XrmH-}io)$^icwJ*@dHC8oF2pDv0d z4{5)x9qf?Oxtl;j9!(K~!Lk-snKg0vvhI2jq2k8sBXMe(GgfJzUPba|&j@7fdy-y8}SH|>2FIh4J?!9p6e8wq#tv0eGkLPcLq3opd)d+OhrHeX-v0smJQg69jns2 zz?DcK2@^tEhGD!2%aNI`?E>1G2N-XSRePCQ4v|wLvG%5Q1L;pD@aT!3QvZ+1Qg2G? z29OxpP_SV${lPA6F?yz?$vaxT6MdDR!B5t3-c0BrwL>oLb2LgqQrD?(l*BMWF}B81-of05 zOFBAJ%F8`8`@#wj)V#GL=2#i)9ha9%3U%nGHnO|E3K(=wSt9aG{lqzqEE(Zo9pXJF z-Ix@TVK~rm*VF%+`pHb0zLQBKU6ir$k#<-$iwikeRO&~B9n+bNup<1M%xRH=b{RI^ z28ZeEUPlI#LWfmKiC8&R4hE|| zOd+~2NW%O?*ms$Q^!)oZp}A`_j(3xdbnAIc3De*k!9 z%L^TrP`y;X(&p?5;+ZNcC?>qa1}|@)`X&DJ1e!spZLCZrcnK`IoHZscx@)yTq0nZa z)6>&qj;X|k0T9acUYK)>j*W*kQcM27)HDKY~H5(K0Kgb2(iy&94bItl_3dZ0R|@A~GC7-QIPr4^XN=#-dCflTP<-Erf%qrYe;FJ!3rWQy6Y|D;N z5Pf!(5$`d0wlH#P3s#ev2{L_%o3xg`mKy4iId96lp{NHFRz$` z?0x8Yf-aA?93Yh&i_b<}vR3N=V{kmJ>UBff*K%0UAKK}G^uYLvYSGoxSK-P&{yKO+ zUz})8$k#&ds#F{9bT)SM4~}aenbd<89oA)lzOqOlK}UXYq9w4s=E*3F_L~GSXkvOb z`KpE>46VKAx+K$i7b+v9KBK&O&^gB2m$T5l-8AP@k-Ap8I;ZlLRYaD@ zC5wJ)6GFfJ9i~i8z*&l6o}KTxNT@b6bJ*K&p9;C2<2_!jTLK-{(P8D3^`x%ny0xZV zN4cr4@X3ogUmZv*UApJ=mLXVaUKp7_WGFY6r5;Cil_*fEa#%U&3$nf#PrPdcE6dI_ z>R{;?_Xlzh40kZt1KNqf&&EbGGixq5oS@>|7!djD_Tc2yXwR6QvP9sa&AYwglDw*Z z#cYE29cGX~-O>}?H8HYF|Iu#lVYA4nI5kO8EwAWt`E7i7k+)m*B zXy1NSsK^GokOV4)vau+M%EA_Obh7;|sku?%1+|>Ts_=sZPGDthK*iQh<7w7jc^!;hfM(S5QLelIu4 zbkU}^hV(-=TuTorG62besGx0i738JF-9B6fsISc>xVDw?_!l|YKsDXs@QcFcyAo{Q zF1>h}SJ@|>7%SXzN~Wy2n_VnnY7(|m7R|hGB8s=sx{tZBBYFCEZTXtj_{ch9XDt6< z6)-y!D6(%MI&^QV0VYR$QPpQAYM2`RbrUlPFGXs!kNIwQ za%zl{8eo3#q3!h;6viqJnJd7Qws1Qu06_a9o_I#p@6WOdeBRT_RBhDrKFtR%9rRjG zNT{R(w`<+qy)lMBy2@ZyDXzJP6jMWgI;n;JIV&e4t|h@`giADj5n^8uoqDE6HtK;B zz!ivIL5XlGiVx6r5b`#?KMvieBb|uI@S}V$wOa_!zW(m!07IhjPRVJt(E{XHk3>W( zqjn#E;QGpk4k$Y74mz9ExKIEL&~oJa<}DO~NiKdor^TmERaQx#cjj0L3CVb+I_F$y zT3F{6mT~;m?VU-R(e9w@3oShjkwQS8<69ulQS*HiewXAcAYhBoCj9oyT~Lu?(GK^; z<7VFSTp>*1TZFT@l6od@hPGj8rG7n%nc^ z`T7m`WWUps>BXqiJVtA|pQj)U!DTcxhsOZMTjixu2GJ4WLtv9>SiY?XR9JSSpYlhA zw=pp0OzZNhTQ%YqBagNb-V^suMy!{LA#-;;!}{)0+aQ<762@ckYAc+9C-rRsTC}v1 zeodTB8N_V&V;kAw&FHG-%Ek`RqTMF_5#;gK@1_%eX$2M+;3zeZ1YZFWPLTf}y;poD zG*0zHu1h~J%@O0*>l<%zVkCEfBE#JP)X|_0l)H+$@{%G;@#)?YFHT)p4%d0(v2;)z z?@lRx4s@b4zh53Zm76inVd6Q89+!c{dhul1O?Q#HC`@>pfS7qQeC4IdNT$U_!pVwI z-g)4+6(RdIiJb#{`w-Y2?%_K!JC>0?cX?CPwC2;I@W3{9%ziHDLhb|J6}cTmkdaKZ z3M#4U!j%^$a`fi%48iULH@4b=E2_1fRMet9aIC_MS)FWsCM0xxNyQYZia* zX+3-w0x~u`$0m0zHQDjf^XFOCKcoSf8=v?5QC6O_innDwKX^57rpy7cIXUa} zck@Mc%t_VAYnT=;-yM^9TWpIkt(x`f}I1jexy7s&{x?nk!K4$Z9!lfM6}?aaUQyuTdso;xL8Nc8Y57v-jlAoSpK zf|p{3RMn>-Yvg0Y`#1DN9qD4mo$YLixmP^a6TFUkiVoX?vC7hf2GVv`^6FN1%=~t3 zu+&GUgi4*>GU-P>t%$*0Cw#&bZ*}?mp zcOQwkAT8-ZJPgb7~PMeieX!EFol90v7LUFbk{~#io~)Hv(+%s!GxF- zAIJtyo~8Zc++Txq|Dv6LIaK_|yDO+}_#)~7=Aq}9o~}4LTd9nIP%L}i()d9--~My$ zQ+kiCRK?6*9F|mnb8Bu2v~-YVvIk(3=?2(Z1bZy0NKGun9bGAjnN`_vPHY1_>Fa;> zq(41BQ$k4MLD+Jkyf8bu7oNE~ca&Gqbf?lLn$5hn2gXo2*$n+M{np37Fc>7jNgtN( z;a`1Wemmf#DdHZ~X?(w#6b&=trb?k6!xw=~-13SsJy{8~KwTff zeej8qF!FW0;J%V8e<#n?g@5chV!G7yE84d_@c*I~;ET(89)CnYN14PAs(c;;SdIVb z>i>|>F9u}aAQYRB^Qm6G|uk@k#v#R|#W#X+I~7n@h`ot1H20JZ9+AE)EG&eApR zZ<&}L5Kvl8Mr*`4+)dmj}Aa^C7|vf}a1(n7Gj zOkh9e60l$CW_k;#2xd}JR6AhdFnlVMtjr{`~vB zCmu~4Ew^?|;^IMhKV{U{+Wr7OZ9@B7+E;}{a;rphk;4u6^ zlm0$ZVbwo@JBqH6&n4;cSokB88qDl!2DO)wr_`vBx2KtQT^*q9S|7)eDD?eY7*J1s`rz7y$Pew+{O(3T92JiOvrI3*BiL`+>KUTapML;OJEgOt{hRj|A! zj(*@-qUNkff|_E8A3Cb=tF3NX_XS>CnYr6Ppc>pR@`oB_euW4)Zw>-?)8UB5)zP#! z4PU~kZx^*qprtzjJ;t2fYHDg>#cJkmds;gyKhT}MDv%nZCiYJg?o}15NS%w+Z%^Rl zl!|(j_A0#E;@|^Ua#3^MeNVD^nrG(IVNTGFxHO!ykkCO)@D^0nb;2(n&LF0KOo?DrUCdWT zeTuO`0|yqGY=R#ksmpb_Lv!xsQJJ@bjNC(n#h%|uLkvtW#mo9=IzVZ%g)sIP6hXIw z@Rn|LL9`k`!R?+tJ(z2n)0SWIgTG@=4b>7?NQf_mRYqgpN__|SYZpu)8|b>Z@C-IQ zQfn{KBx=MMSl;oo3B|>*ePj}4NNO?hYX8j=|BKTzEU)$Txk4V#nkOpSIgG^Nrkvu0 zJ~I6f10>=u=W{krDo?>|tIbz-@MBemO%|uksrw;lvz(5-Ik4I8@1M}cF* zy>e}McyTOKsLttbt{KR+u*j(z9}^ekc#PWUG{RhBRcifV zZb^kh*z~e@mv_bkTp|FVsccX1_DFXbP4|0V<39-rWJN03;=KZ*ymb3@Zdq-GRRzSu z(aZUUE{y`0b?rnhv9Av5WK?Ej9B??JgzaxzuE*9;Z7{>5YRz0g^2_|Y z#&fAlFeE1-^BpBs7CY>p8XY!IXewJ>oNP~*@NpBsn6yG!Pq)?$kooii7)~+yp$|Mv z$=7xT?7vB$5+fIt5XU6MyrM(qI6=yO2z=CAX8|zVoA4G5cQ{?Gd!?=oo>)VPlB@AE zhQ3K0XibR5$X$G(Yhyp>0$1x+fxQoBsZBB(U3z$#ySKOg>`Nzx2Nr|C6V%>4CtnLo zmpGbMRTuIelNeM9oq0)Y(k?X6O^{LcLeMEB?$&G@X7VlM&7Mb=l?aL!-fL zCr=3v^LgH((c*UmbqR#>VTN)SXO!vG@rG%gWj@z(%10(yPetZ?p8u&8R`c_S)k|x2}d+4lp z_r&bfPV{h*(m~}%CVBpfJqFTXH+JHX9QZTQLSf;?hx6GSwtT*!?`(8Y2w zhmqaoZ*PGH-zN>+mHnPcDlsO{S!>#}KJ*84!dLEujFM39kw_n3fv2hl@de8>q!kza z)kWRnetI;kg_U2~fY~L=8|$!MTI(*zNyLcqvg=|@app&+(@W5?(2XigUv@>PO&*K37JFUo z*Bt^!U9i_Pf!d~C?1NMBnp;jCPZ^Ti3FN`x;U;%%QNMhuxSGkMey=UJ`ga3YEtDSU zd+^R?=UCEEGhEE%YF@*KniKbGdo2o$2$gHcXnYC! z1&PB8`iWcFb}md6Sg(3`bGp%1KyLaA5iYnu>|Vh#Ra%-Qs&%7O8gEwu)*TcOrk9-d zhPq{pEs^AxMP+wzsX75%&Ue^x*KD1#wr*x{5Y0qMWe~@+8C2DY{fuAc3+$dj`^^&- zaI2g;(t_+W>dCsU@Vz(Wx6DdbV7-te{e?F!NY&^{lzI?|Hg_q;xqVU>_bab<8>UC;V2{D-{k}wnilfsOw>HX<24>>gVlq!O z2vGU$$MF?SdV-41V0}1_`dW*M7f!+tvap{4Ih??E>E}due2H zg@B%1ZQY(ApKf#PKfLGN(xcHCz&8{ya8z7eSG0Qr+LFEM2?u+Fc?sMTC%yb4dlZYDLB(5Y}8wot%VUJ)XmWdXGIi56V%XR<#p_jgO%z7e<-e4 zdI-4N!yyrQ`S_=VmwnlIFegEG&3qNH<|Tj|kq99q={by;xj=t{I%H*mB}WwO%dxaOhBu@J*bL< z00|$Kp{9q1`xNiR<7Z>FDF8LxU;5(jkM92nY-BEJ3%@N<$CjF zc77F9O-H@!xuC8TS$kQ8PBJ7TJ+&83$e&FAAb)dt1Lk z_gz&|+?eQTvBj*fMmsK*DYT0XPG{TS)LSA~i_irGA^GcHn-B(Hd}Mm`ZIE9u-kpB< zhx9s*c5!`NAk&(}w?_SKT7oH(59&J6_Y0P%6k0iNP6nK@Em2)4%=W<09p7U;yx(V< zc${WifjvKAA4x+HUobhr(Ea!atp zW!m)=MYIgI4#n3mb}=%`6l9xJ*OyZENZ? z5fNEY#0wsehRUNVCz0OnZ7g;2yl5*H(Gu?H%v-tc+O1$tKTMwhC#`lud#GZg)rReC zN~h9IrbnH>{@qyq?fI$DcWAc;@Q)i@^9Nq_*lcbKF9UTd272GbbWon<^$F{K9Huk-U6+b@s zTU!Ku88C;ezgt`dX+e+Au?U-&IAJAJUN2`SqGZ}tX=1kz%)n(zuOw12D znd(38Lej#d!*^|A-ZPU4YaD)adc)3giY%coOVp`#oL9;e-pq=5V|>;Y#q$g0lZz~E zRL%-mc2m`fY&Qk&?JK@Nicp!n^J*gxaH0I`%NE@8DS8xa2QxqZ9p&R5_#SYnvi1^j zF{DkM2;OFWs?6HGtKk1U9ieHO2JLewG+Uh8^MHtlTqNxAjjoA!1-G5GURJau8`BO| zaGBeW58h#QiM->*6Es(kV&A!9pT6EO!a=v#Mg6!g zaNG|5@aa(+by@EeP9i06%J2;hy&4Vn7>S;hrW%kgsO9H}#D4wSfL$Og>}i=?4wU`Z z=ROZA4)n)Oy`CRG7@M4(;NUPHQ06F@gVc_=&wgY&$P#-27B9b0zG%W}O3uNUw@xj0 zV1l-kZm=EM6>X;{}j4(s#$wThZE>?9g6TZt9&ITQYXZfC4Ge@9gPcSiE<+!vJOQOG7FgbWC|9%#7l{85}jR5_F>2Xmla=Fb;DG=Wc&=# zt{hz95h{Fx;}dmq-JkrldIq{U+-}f+i z73)l%-Ieo*uAj7RZZyb>qW=!@zYHua%yaP zvyPWyj~Vi`tX9jWW~6I|w&x%>!VZ{hnR$#YCr z8s%UY?dLOGuUo3XOFK^R1-Z!m#S)=^AI4!-$Sq~YbT=@@G; zd515LD>QPhJfc`|HliY~I}taf5pSkP2v{Wlk2AP~Xq z3P2LnWp7_`FBqKUiNe1bTTZoX$LUehsmA7#kFCnG&?&@0I>tTY2gB;)Z-G zC{BfyWv!LewsMq4wACg3VbjHt7LKY*o=1A-@QMwva8aU$)9kI4sCq7tt7Yzio;bKW z9BbDP>l`E}KVYa6-Ac)`B(4zb6bn$^(OcZ%cmDZG4T}b2%vrBRYSij7H`y*NtpDs( zH1QS9sMz+jqC#K$tzt*h6r|*huJ)a^gYFE7=j@8U6Bj6z{J`kgJ3q@>(uNWqRvwSK z?+pzy_*qD3a6hR~6aKr*dB5KyubMkKIXR|NIwAvPD{<)O00&!NJ$jze#E}#(g5Gs=soss)mHs zCG}x5)52`>qT)C6efloZkJqV?`%oUigsff?a=*Q-FeE?D<(I{nE19*=_!>}_d<7?h z^^@aJJWs$rsf&xE4u%AEQgH&FhUiFei)i?!BCShY3!AWOt!R^O;Ms{z%Kpa%rR0Ba z0Du1$7}bAsug&pdf`<~04KwlFtYU%!*gDN!LF18PLww0sszIAyUBHPGcDAaf4XD%(W{WmECSWeHjb!#g8t^|b;E+J>+&Z^c+~{g9unN~( z%rkXlXovOw*3cd!J9$&|P=j~CtWUWIr?Aj7_4Tj=Q8hA^_LCrAMcZH>sc=j!q52w8 zkjw(5B0AjgFGpUWU|Q@j+YNA!r8AmFnSpxy*b5;B_Y-^`R>}06ET$c!_(}$maP;A%y(I z2Gb1Q!_gp-C!I@v4iEQ~`>ES!r&E=l_**6$mB<4O6_dLcEgDb&W!vuU{Eg{dZ6zId zs%bs9DVGBt@8v|+^N~9Q;cfiz0s^k@vHRS}y!XzL8m+g)*%bVFRep0_@v~t&oz>ny ze;%0WwEckT?B5$709z9!1l!&}-UE8JRH5`|^pP(LnZ9U)uI*OJiH%PKT?udm3Gmz9 ziT6((sR-3EWu$--L`QZYbHOtjBI9QI<^C-;HP$lM>j-By9v2IfXy6X}m)@OHBzXwS z2J8xddIQ?$g3)N$sH#k=K;MXRe0GGrory_L2brZ}y89zj>5VLRd6r#1ko(wjRXqW{KKMFtjc|!6n=oj^GpZK z*mfnp;qo^RKsbbX4A?Plj@O4bue3a@vSW%Q8cU3W>C|J6~I z%OdXrgB`5fUFxK#zLS8K#5s2x9D8ovEY;U4`sTY*`x2z&_TIpZ%Er_d$i?qGS+@^v zzRX2>?+m$!Y!R4p;7+kvAdTJx-FrTeH^-B+YTULK*<2*fn^WW!=1PrssiI=p(}&SA z${ZF9gY#Pl7k+e1yZ&$%uMn-9jopIZ3fc9DyNk9zO{uw=VZv!8(<8{n2@6hxlmULF zg;cBT#9)DE)H`W(&qCt}Rcj9^Wd(uWvAMyUR_(_XPv^7;uV#`)WYnpnqa_qwUuAUQ z!k7{?#wij2!16FpQB$LUE;C#oI!|dEwUnn=+bdmM#w*}5CQ!D@8zLfH;OhB(JJN`u zA-O(M5P?5`C$(~Tp26+0J{ZG&KS+(yV7@oD-S<|KGIps6QXXx zH}VxuLsGtT2KzeYV37RllJi#cE_cNUK94-dbMuxVR86v2RD9Am32Lse(gyDty@lv% zdU~DECthJr)9_fcry13KKc*RWoT9hxT12()rYKz~6u)aM${=pL0~rR+>a+Ufv$zU; zcsRNC(p0?CSGlAG9lmkf#F`O~*pkcK_%=y;F&uHKys}tjf*icbx)V(YLYspa0DPc4 z9T{M;V7VQn@;KYdm*vV|E`Xr=j}EFnGToSPuvquW^QQs8!b#)&Tz<$p ztNpORch~(tU+|DoXs`?LQ8xwV`Ft+ybNT-${rq#zXHgO+J{2_iXW?JAeg6IbAW@kE zoePU&jX~lAi`9#Zi@gGl_x2t>$EQ%RD?FubAe1NV6vNMDLPN~kHvD34RJYsAIBpK1 z$VfG8dzfHlc>Xw@aGj0(og`Nm;OqjZySgqh4S%lG zr^@~1^VHAZP*``CP>KCI4k@oX%mnErMmb5MWzVxjIoYHc2Q|NpWuDBm$$7QFOj~`t z-MF$ywG}{&XrwJpy?Ug(TFgHgGkSCR3JkKO@xf-7rB3JE+p%RYr=kMYz<|3&qQZj1 zMs-NEJ3wio@XpJT$CE{W_n|V=L!S>fo8uV+sH_zi$+?*0yrduW{s@_m1*6ONKyJMrNoW&JUz=lOpWi1e&qT z1sk>r#k}Qh!ik*QD-NNn;oQQY+*BSZx_~551Zq)-+_)4Xg@xl_1S=leWW#5dBcH+qp zakWM~esxXcALTVPBQwuH#GUcz;*cnWC3UP@FbHj52zfKr*{o|+dwjM-^mDP_?Wr_a z5c(~yt!&CUJRGNLi6zQY88RmDF>7CtQjN!jIeDD3KSO17Xzo5{!v|GozzAzbWCf&Pmzwve^g{t9qH{L6Dogi zBklJ_f}Dv5o{w93C$=UodsL|yzBDzNS{%>gpuy~|8oo?a$we!4BgSVMLBS6geXr!i zx+bsXWeij*U{qr%3+x%HmLB(k3@8c~Ssc`)Fu1fbnDqKG%=?UJ-S&x%{ru{Y-tU$y z>4lKRiJ$gxL?uTSGI%;zNvdQXUOmeDfe&$!R z(~dO$ve^|l5KhAt!<)i@X#avrE4(I>vGXSRP3DQ@Wim-lg$cgGGLwdabQyL)?q4bS zuN3qQ0J`Rr@*44*-h+Pkq zmEAT>Ai<`YfIK9^;oWSwHXnA;63|S^Tg4!P7a|d1lZj96AQ34?OSL2F>;BEA#O6cg zZ=MxNc_$D0KsgQ+Cy(MzoM@Z*h5rWM8we*0bl1C;h(b|(Gh~XlF-D5Q*j*xtB9f)z zULd{y9_zbIrFw4EaG8q<CeW<y zH0PtxS;|eYip4EfFYHKe7oJ25719{XP$Fqj{@hTS>B4M+0+b@rRjT0$Hhh)_$gbnMw0`Id5KWf4jWX zpbKz@=O2jMmcsCgqCOjR$0?X709nDFVoNeB>%TK+$PVO5I-s`C;23kLrVj8*GCN2{KJ{ z@}0Ih$Ia=5DHLR*0_B4+|HV4_2VVD}bIcK4QG-LeL(g`)Jq!@NH44^)f3t0JCZP#gRh^UG7 zE_fMhV@_-1fa^5}8C;k1D?V)x)a8zBPbi{KOTSHFLev+Jg-3VnqWo=tv+oh5e7;Yb ze#o$E8rN~%z#N?80<91o#>Beb(jQtE6XKGiH5Z1WqpCa7BO>Q`s@&*3P`1nI!uA)U zp(NGv02a4bclGxv`%jC`8}lTp<8kpwFM@Qki_b2rys$St!b)U^f~vmA9jUC*y44it zu;PKv&?ze(qpAa&ows`(AaI#37NJ`0&K^h{sPiKew60m7C0cA(z+u&kv!c?poly~n zG~q?f-$&lRvNHFPX{6+_Lz|}Rqq~k79%?zx^Z2ODN$KF;h4Qu!8KbD6TJ~bY!XGy> zbP7eh>g#XL6HE|cQRrpeiOHVrIMV2NhA*Z6A!?tY5=f&rxR}Mqvv(L6fbLscI*&-8 zy+FZ;2HJryVj+VmwJ;7lD&9To3a3eX7|@5cpf?I=mU%s=H$RAQHj>gCZgX&#!}=Y> zBpbcp8$JArLpuVkXwpQ(^7r%1T|b#%lNlPC^PnjJE?kSWL6mn^sMAT$e|C9kLZ`#( z$6&y^?}RsdH1^+0OGEfeRECR1I(b}1e&s^ApS_%4c`_7C#(iYkp<6sp*BZDKC`Ji<2JfWE)o6ou z1BO6S&q~%v@{&W3$6^ezXsOV8$ak2C zN&!p6snhDLEL5jM>`CY{Vd+81P#Ag_!RgoBY;!|(Cvol5dgi|wx0x>21;6F_XBg8z zo!g&q!weqye5SAc;_EpJ&dL#}g_vdOuPy$V=i&IU(e_OTlA2Ftla+p3rD$5kz?}2?aEDbRm zJ$ZE}!4MOpIW?l|3^_|c97t#RWm#RMo7Ht6TO0TWm@ZiELiWOxrd&TVrB(E-RnEv`#zTmbX%Mq!H7EEZENDCDwQx8&=%ZKX`nJ}n|xwsSU(yDgE(xzKV@ zHRGRtAtu6Ee0(lgN~Bg<+_S_#h!w;LL9SIfSH5KZ~A;s@5yIW zUa}1z(H=6?a8~k8psW%R2={kuIC)xc6vQYcCEe?_%q4TC^Wgu+KK}C4DPSUtX4(kS zb*&^Luw|gddC|ap*SqrNn&d^2E=TE(V^p zo65)$DDSRV!etryXo)+UTb4Dy%842DoR|TlKEHgt-(l?XzNCzaI=054MoE56O)e+o z>TG)V8!dKMhhd}&1A%~Lk9ZKxoR`!t5^^=om|K{o<-pcHuv)RU7~Vwwi}ZhKC3%09 zl*6A=>s`1Q5VxHC{8)g2E7>mGHmJ{*(k57y|LiNB;wA%gF(X12tVKiY-LeCzO6tvr zvcgCOc?pCYZcO;_Q;ScoJLmb2uFeYWJ~1fQ(5hOqBRsV%ir)&;(7-Lc%d_Q%-EKC* zm$s9H=qQqkwG!n*0I(&(i+UX7UfMZDcM>*AD#P&44^74r87D`&4 zA!Z!eXul-~DB+K;HG9RtvzcAmXas8BCWzq&o+SVvwp)XBQa|l&UUqLv+uN|GSjnOC zV-Co9b~JCg^ozeV_UFU@dXM*}G;hwx#i?8n?*Kzf8+Ui2v;p#w2}BB-vZ4kkoh1Ab zc?X40=2)Q>4B1*!h_J|aJr5(wUAYazE$VRA_EHjugnk&$F}3k%n(=8mH#g8e0eC7? zhv9Q4p31v#W&lrRyZHxY)KSN%63gADtLkZ_rc)QSgmM##00hMuBapxk^_7`pn#4ev zZg#1z8Ml9#LayIjU6)bq$WQ#n|LQi+!=s`1X{BwD7?=LH?O&%=-jU&L7t9Tdv58}* zsSAKa8!C;gYY#em4#mA*{$;{hcjsK(0y+IgX-}-SmT@alnt-s*7U1RBzKx+xXC40V zk!g|tonQBF)7HuDZ`Ut86J*G|JKvU61`*2`8H=8kY7?n;n9t4c_pY|HZWHpvfEnof zrUlJvYLKI{a?{OK8L_cbW@97veFwPCPSo1g1$FU6!Pne+WVaE&*=cNGB)9OH@bGWL4Eh zflG@T7qmskANA}QJyPel{m9(Z}(EzzosKKq8gk=@Ofm ziPiTiASVRpzzyoSrv}4Wk=O+wh|k}`aLRE;O+eU4lzo=W7vPg`3JUKQ%8W?Pi}pP`^~IOj%19tyD#$~dmb7Aw`4c3^gc=+#hy~ z!v)^D+iO64vlw9^4xH7ABq5QQ%emSZvwldxF|`7+fwOGI`+ z5X!qOF!?5&s$SBi>vcFbMY8PG499t4#=pu-3O+Uzz9lTu;WndA1XfgOG=uM_rG-YQ z32gElJ*gL)tH;Rc=8w`R6u6)p7>lA5;f%hE^!y#zBNB=?*_*Pisya%A19TW`h{@(H zJ=VOG+=@=4qsn%}x$8t}ku#dr-7?hY&%<`?i)`3Bm&AW$!vA{m6gxv9@w7mdX{YA- zd6$DnT+=;DKQcMjyD7h3?`}J)+-rmI?~KfyTK@m;*NtcmH@H=)!HW~|PG0|k*R*Ec z?E|PEW{Cm#=21sc#Ti9j_AEaWT0B13b?LdylJZi>W@j128NV|FDm2_}cP};S{k2%j zF02z(=VR-iZ<$`DF?u->MYcU%T1M&{ zc(0IW!t(?r#fe~(8l)CB5hO5qHRE2KJA|@bcWoZ8Svy$2h9VF*HbOs~yRJIiy<$>@y3{})Nns}XHqS7{`s=N6r?68{Nfpm;h0POzT#j(mU|JVg6k2FadgItmgtyp zV@{lknEmwBEyXBAHvvCI;mhvVLde3YZi@9)DHzjXHl&@L0xbIIgXOiaJHwC`dbcr( zc)R8}?Kd{`cg4rEnE20kGsHi=mY8z`93_R|$MZ4-nVPmhHnEEY0Z zYCqJ&wF)X)pH$Nf42SV9@V69-J>bNNS=)paWNN;t&24gk%X>W z-zxejq;0eUMv*c0#(MiJIWk$+({pRBo`x_ic$3P! zOdpvPpdXp4UpW2x&u0H$oY|EqQbIa>Z3(72p?YTTw4c~sm8OuHXIy+--)H{3GF;>| zsFU=%C>7{!72i+l!~xF7;#+b|*RNEcrL*RfwOJd|0cmUekIn7zm;NX+i#Kr0lhB2p|{{7rk# zFS{;Dn?4=(?DO2>nkTXj;Js?@Q63>%`+BJ2IZ zvi;Hwu)e_psPn-7x8*A(?r0xs?`z1r*fSkGmh-uLy?CrQvN4?__ECN#msqo+@@vj+ zY+8A-b0GmAx|ncYHL7~pZw=v%t_?O{T(0zw%B;+bAsbk@VA$?O7aM71`L? zh+#N`s8+wMR-v;TN{CmBIg_Hmf(eE7n!TMa5KW4tD__8|nUixdygO5jCaCf@kXdfLbm`!AndLJmSX@Z5 zpdjFGYjZ~~23nBGiMTazgcl=*+W*RJ8)Ix$Hj3o)|b z7W^F7NXx$IK&-1kz|$i#b;7i$;-aE#-iv%EsdaC85&-x19&dTm@789`M04=Wt(PnS z8>t1@$yVqaqRgv>8Tf=Cx&EsakqxeyM(D2##-Q^47lZ9~V0nH)468r}Z<}`r`u#X=RE7OZKll!*0(piXqnOr50n2 zUMu3izS&H2;FC*#Q8uy0cfm%yB-6;lzmn9VyL*!-&8sZDUz4sA2q1GY5b$W(CMYuO z_D7~XyI_yt{TZ;00DdW-!POGxlDOzcd?w0&tE)JD>gJ|Ma>&>>d4lHH%qkGTxXx;& zm2>lQ{QZm3A<<)B-npZ7TGnbPMAjzY&6Be5vcrnhvJsnQ=iK6_CXX1kPEI1{Y=VON zwuFA`d0$xhmVA)tGO;R)HvYl$`FI|H6FPTmrzMB4aNf+n!5lSlRU6;@CY?Hr0s#vr z0hiI|VLv>}HCKW_pDM-^h!t=eZ#*E5# z*OsQ@#kd>sd)LMg-3%91jT~?H-AvaPL`37r3x}L42Rb<(?g*mkw)60qC6R`#B@m0x z3-He~?mavfEmAQf1=%RQUe~+7Ki08%d4;x?t=oHOt9oO7P<{jTr2V6#ZFSIJ&`?X~W8-@m{0^Wqni%Zm~$ z=EP(a25lcNMkw8k6sAYTq4_Hv;5g~0Mh9Om&@a5o3x|D#`= zR|AQ0nX9IGcFV;20bBUB%Y)_w5%Ix25w{ejs@-9ysQ}p*liL$pV}l<&ux>3r2}>O( zZY?~`3eVvZlD)wS0+HKf;9g`HcdD1oozwM~26>5N^-@`H{wU$x;;|0*0I5CAh#|^} z24VsPBvyoOrRcW{8S{bsjg0)ShTW|apm%9mJ&7@!b{-qB$hE-Ls?D{3`;XLz&-9AV zx5vM4;D-g1(nsuyh+#!O&tDg#RN0JR%2lt1unZZ?q8sR~Q_USRY~7lCxsU+tDt_lQ zd*p>Mu`Q^G(2cTBn4IqJfVV-W#O&i{xWda;zBX>%6W!hZ__zBV@23vD52Tx_($>PB ze$i0;e=q#&?3`*WR@~Pt$a@N5wwR_j$VZ|plG^cDskj$?4^BGk3@;ZYO!D0MU`5~0 zqs4pc5W>~3XgRQkFp3Hu^*@l76BiN?j3zv{m<`v!`Rp4206D-{8N#74k+zY|$*(&m zc8Qi~g|fj_!^B*Ceys+)!Cf?^qzj|66fJx)-+q%hTCTr6jw+@XzXc(Jb=B)FL+H`wcPByh zhSqf)c>^Zxlt4)l-C?pvXUn!q7oENfO7n)XuPyI0#L6q@wE>n!@k4mWquAsGm0M@{ z+#5462C%mzl@p6!WA4!NYZ1I!`j(JeckpqMIo}Xqu?8F(P$05PvfyM0cD$H$DZzY! zRC3Eu#_|%{qZF2Q1s6?@3eTpyhq16gKnqAh zWHw?*rwb?ESM%_0|F{#{B;6mB<5DeW)dJ!pwUYxgwWnmCp3U&#%%Ne$w)aJg7`Xfb zds$ILDS_RgFq_|jTh29D&030cmI~#Q>~_9ob#%hyJ%%)H(?{%?#kPRmrg$%yR@cWxK_EJ?+{)}r|V|K zB%7FMZuwl$%n?lk)Q$W}2fqID{RKkuH~QFhnF%7Z38Y1`OInZr>XBCWuDbdxX%?(k z%u0QEMJZFVa6O@~Z&JcYrzV-Q!v*|cfO8l;6GGnGJ3*SL%kf14@}P++4hP~~#Nx2_B(y1|Qg#>x=y>~Y zG30+bo4Z-|w5Y%B#}A|0cNaJ}Df9Nd{Ys2dzV=$oF5{*|Ugb}%8NH5%zT}KTEEZt)BpG9&Oye#&?oYeqpfMH$?80?il&+?G?tL+aYXdKa&L{mnhT2p6| z7rryiuu%^8QnhhPgth(T3X|?^jUQXEmk*+#Xc4UYPSJSJx2*Uro`gxrFs(B33@WC* zME_2+qD-SOp^Di;$iwConQb5`qsN|h>w?N=tb~__yTaU?!G*|T&+|{#lhf{_V^=gc zGp*uX2BhwHJ?hx@Umsa%IsaVj=dZ)xxz^+!ov$*ct-6KUb&kk|jEPX;g+NmwGK z7Xr0mPfvdq?Zx+Y41c0fX74e~ynNLsmQWal!rz;=yKF-CvzP@ZhHfD+w0rE=4cYWn zykCh5glp!eU31ftZG8bqe}cXmGjhKAWLzcl=;3D0?^~uPWL2fH|ARAfTH+m8nProm z=B?r4f(6*{rzz}4v>SudW%g-ECVctB`gp>V=*Q{vehTj<$=Me?>YLAP$-N()+0{%2 z2nhaJ)|&qRg18IYDwTq;k*L=jv$-DNmPuW)Nm!l3Y4=ZgB$KaqWx2ca3PmnlnW-xDd+3sG zJZG0sI|_rv5n`XkPuY4^bB~Wqh8e7?~GJmRU_ z51Cw)qoYfV3*`B^DfC6!Jv;xaiq@sgJ&rYyF~MSrRkoQ}e4fig;lV3>8W#9mxfBW5 zQR#Z~8x^Dh0_2|TU#f$fFEm%#x>OaAo9lhoi{B`q56087k3ww;(97=hB2bG$L0-Lx z5H9qUdVwA-nRC{S64SvCJIC2^MT2`auakw$^Rbc7?1r6Z&Bg_L*qRskJSQnNR!+gJ z=QGT6EurK)gT?aP26r!BF|xvOx?3D*Zw?_P`HcUB+_WA4x^=PTWjuT9Wt-I8fPc2BXM>;^xWOgQBCfFk&NmZ_LmE9ed!N=x(W%7Mu zVl^oXg8g_bWDEAzcJhwnUKDwL)H|2bb_?PbwiHq- z+S}inn6G5UJVW@2et$bBQf1+s+g7)CEu8qnz=O|&R4(oC0_DC;?KdW2i?HG*Nx%=` z9|2;=eq=iK4Q^ZxGw7p4cAC!`D|dTFnl~$7Ruq6N)K(1CzlI2~kv+ZkoQurw3GxF7Y+7#IqMzVRqRQJfHIjG22^ zeVsH6ewb|lXniBT%qzdzXC~*((zg%`U^nbj(}HXVSV{HfnzP??Ogy}3OEr0QbxJNU zb&R{YI#l&=Z7)s-`5KTxV<@P zo){RcUwjj>0cn0e!jCwDWhw!oQ`vx`o~0OeRPfI zc1HsJN$O>9^gJ#0Y~B)`(b59|9$Dno5AOn@y?q73H~NWs5~ND80X?F3ve~qY@xcp9 z00U~dPkn5J!=Zw}ve#2Ta768_e!mEMf(z4owo!^vR?zd8s=6Tl;m2(K6&`i}8bzB* z*sxuW!;fTG5t=);VJ3Xl{p|-fgG1$e`E~D`%q@S6MQE8-*rM%Byjv4W*xHi7&~Au& zLx6c|OQl1XGiD6helDro2$x}}uzYNl>0f2eeeQ7o{;b`oaCzYwl}v;7%+E)%E5fRRbiUA{?Voif4J9KJ0-;Q(;Lc9;* z>T&1Ch1y>$Pc7gb{1-yh`gcj4{vF)rQCY*L|0|J}`$!bI!a<{t$kdPNjllRxxB*NAVmSQG1{R2+z@euFER^&oX6#-J# z?RZx`xM5H;Qo(E4tuD`4h$Z@c@KT#B>$uU|O`lZ_%?*`q`FHg0t+$*f-l)C%MbrSP z;I6Yql1XMk&RtmE{>Y>hs7q8jyuB;*!4G62jkl~ryIrdOT>LH-7>TRkLBIjT~XcDHP$V2h+*jcxLoCe{DE~GS~4CY%@emc zD28-a4IC=$7kSmj>PpS9K|x$SGfLQGoCk0zB}8;I44K;Gy zc=KZUZq?}78Qsg{H5S3)N;48wx{sD_8fq--ljqUPX(n69`y~pZx~>^B>aeXFJIyju zn+~hS%Pkh3_rv3pD9m*NdTYMEhuFfIP@mZ-bDxDP`XUul86`tzzIclQU6)G+x%8t5 zE8s3E4)quEP0;_TQcz%mQ?757)c+bs&Tw0i{i&XHym=VOX|=u9KU3H;E-*-}?oJ*S z&eS3wUaW7D5oZSX zg%p5`6W|_=-AlTK5yAlJtDt8E=MtxrMIgE+R$?6kZh+luDGQ?N z;rUHVj^XhGfg+`)c%;JQpjM?W>GI6ia7dqAqN^f66)~#4H{tS@S+jsr=^~=^=}X~o zUacvqj)o{(28Y_<6eh<-K7AqLl9qkZQ;|6sOQNe1jM|$ouP|{RflImz zapw9kBRCXto<+GzErML>-OK{iL#gx7Ebt(mNM6;wcB43dp6YZL=uB|cAgPDvxNFv& zf6~DRTq;=L>L$RXqkGz$j}+R-Z@dt)QWmaZLRxa;HMgV+1!%6twr1bw1xw0dbfvL= z@2gj)qB*_eUgW!0ct@Al%4^DmOT@a~BmXJ@Q#}JIidlf+(=?HDcA?z%bU_c#UluWw zp^kAmH#WEZ)Aq^&9_kykrzW(p$xICîuS1JpP%=G1I5rq`Kte?LhHSk2>GBehj zkESYsy40kSaW^k z_o^&rX-c?1}RojJV#3P?=O!9(*Obb`@QSKsnOMd&wo@hZqnaX@f(NS(l zjx9Cl7>~>bxyO6lLe8^R{Ymb^?ybGr`tB^M-)RzdxOo`uo?qi#WApCv?ps4PCp~Z@MZE`Scrs?Hy`S&9qXx#Sl{X|in#`I7jL?IhMri%8uW8~Zlm>H+2^e>kn5oK` z4{zAN6UQJPGhnB zS0cch{@wn1!7Q#FCM&*5L*xkf^NeMghswprb@xe~mGhmgneYls{#4n}(TPHl%dh8( zK2?W3dye(@>bT-)-4#Dn3YL%~Czp)X)1$I-P(lx8fs55F#j=Sk$S?J-K`s~7)+~&wbDOR;Xr-l+Ukn{SEE78R|Rr-w()$__zV z8%Ex=9bWbV3k(YFDjq|t7s69%eddDU&k1Gp7A9&lnbd^iFR=u!{rQj z&bVFY&ep89dRh3fKryaH>PcL#s;YQmCRH8gyEJr}jx~qa`J!AloP@e|+cFMEq+fi= z#;u!8i52`z*QcUPeKTeP0C&gAsxvfT!(=79%=4X`af9&|?AL;~EP8gIM zSL&6GB@A0R@xHR8C4S%I^?1uUG*cD3It6(tf-646QJ>wG%XMKj9(Ckz{4`djPl57ir1@+gJ*|UlM9AUxzCk0 zm)VI71v5yuMEk8qyVJ3Cifx{8r^JKx`=T|ZvB_=SOG&6XoDOGLt|n1Oli|Sg$~vq$ zh~ri4AAQI#C=%uR+ao_{D|HWaW53uSC*D0e49z{gdQC;{de&9NHnnP$ad__YJ_4i* zsL@;alxOxy51kWtM>3}Fkwh!Sc-7l^X=}ipp3bATzp|A7!Ar?czw(gt7I0q%4i(k# zIt8NKqFtXj=!;i$FQw=kst%VHoyyp5*l=WUnT}__XxbRd2}XQs6h(nA9iyyqXfi;Z zoUmKWr54xMiPZ7Lo>Uj<@>ZD0yg!lONeQCvzHnV7bqCgJ{Uj>axxj2fagKiOtS;=_ zob@S_`vts(S!DGKT6&!>8!A24JVoo)Q32Emy zvPkl|(6VI&2|cpA7qq_eXBA?-c{R;-Q4z()JvS}&k}5&&bj>G)fVoj`UC&=d&qITNAvCpuXe%gKI|Fh=P+2dpu!cWpvR`Ck zx)&LIe3^Hh?IY7;XV-XC z)VX%#uSu;5kc4tp3%W;Vwm;}$!}F^wHrFhTmk5^KI(rc&q<|V?O6{mQooJ$rRom_(mW|tpkaYAuVvlKCB z9bX5Uhq)Okry5FgWU`)XUipbg@JlC;<&$t|XF&pfI53mE0mHYrh)n?5r#mIc<=$`0Dh_-h;q~s$wWR+H6J(!H z8In)B=jx<>czR%Lx~X(BGi)*gNvLs-gqw<3GC?-A=Y0UGTZ-#1hh_&MXPx*fFBjGRPgge@3I%q*<_2HbueCfThKB);Xln zgsHei%a{YETLPVY|p`oT=h?PKC}@e4sfN9G9vsdi>?x8RNgr@^ol_`F5AO2O+#}en(4Rs5Kd9)sjPooCnXesH493{hgC8^0$0( zLUBD^+_-`(rav|TE=V;~S+hecSHa%g8bIJD3(7avFLv-~=sbBYt!SP`gI$lds_n=e z8H>a^gGYrWb}ZqR-gys6C2mwIXh3s_V2k3D#bp(_?X#Rk2XgQV>@_FI<@6g_^Rn?t zY{q1)sObhq)NkEUJu^k%x>`UjAAlt#&#^m(^=Esai$Zs>~aVQ9YWJ_S>eK{OJp(Ucz8Gv`=wV{ zgv~SU&%p{O!$Fz}s$3O?X;8g)W03`ki+JU*9t{FjpUx1m+O>wjAn>wl#iM>ZLUL8m z<;kfPWrm4TYdPa_snx`YgKN|GXuA-qHE(;P_t(Y|Sp}o`} zI#-*RSz_GaqL1{);DTp{?4Q=Wuf{JsJLTXIj!PE>bzTP=S+c^NnFle-DGg6uo!1AW zphb~0J~{dEOUb48=}l0^6#VfcM#91^HZIT{vB2R5MwwOVZY~db!((;In>Mb}VkkFb ziIcU2i23bjba*CbX$?YG730YsgZzHn7zG2>dvCwp;>nq@o5jB~G~>S0yppc3f0ord z=ApbQyAAv4S0fugFMCX`v9X_c8omM+umzEwM()rOMVjQiGqCJJ;|*KR<*Pvgo_V=| zPF+vupsQW1G^O(@<@v}eJ%DEBlKU_npInn&k{^CUs~R@O1_@Y*Jy`$IG9f&9t=)={ zzF^3vH;@^3P8k_k&;qP@d$AIzYg$Bfp&;-+Rlhct0|ft zLj#Jhcp4+8;21%xOV%LiX?l)U2mcJrd)BMEqxK&Dow%secg4BM3C}Pd?c*txpfvE? zXB#(f0sfMa324l>8mV?(gh$=?NbmP^?<&tFk4(F*J?i~R^XX?B))^kVKCXhq`d(j0 zgRoH*1i&I)`E8d1V3GPrj7$#=LV(DvPXSz-OmZ%t&tcky0!*pRQ^1Hn_K3OZm8(g5 z`fOC@JU@KZ)n(0&pkTp!Su|(DWq`JFL8eFE8KdRuvJRbj)N_7HA(KK8si9QtAec^B z{Fd3jaGWV*lByWp3fdWj>WZ3B&99YjK8Z0*nD_7-Vxy0Qtbfg3UKx3RUzK~Pp^JNpJttepvPQ;q86ztaTKr*Su)1a1%a;7tI4yP8g zl=5Xi-4oU58?<-<2%;5#*Op%(M8UHic?OrH7mt!4!Hu@X!B#whzA9rIi2;1-;(DPF z;Z*R1L0d$F0wEm8d2dWE1Y>;SsWF#Ksh@$V5r2niJ13HpkwS5T))yX3e@44uFPYD zZQ(AeE**E(lMkn&VVr4D%MrC}v>Pma{WQhI4PQ29y_oqF*95^3T}+E23cI@gazr)p zb@6@chso!_`uqfQ$nnj%T%@unQlm#c%rb8T*6s$uXB#)k>Wg_9nLxBm@JSnb&AIj# z4y;~yGEBNKG9u$##amCOxsX%x5?u(9i(}6#a30YIx3%Lit{|2HGvy!OoRl;fBNY!^R#kQ? zLU4!@7b`1Sk0=VP1o2y! zrg~K(6*ctMzIEGao5ELbYgWgmPhCn7XJcdK5_55ec-wcd!N$DN<9pu)=xtr6%0{X5 zHC1dk(*pady;IJikdb(X#>%xU!_Xr9Kmbx>Y_K#ZS%;D-W?agKlD&#wZG8fSry%fY z~D= zt7qoXN##zKx2#%?N^=pjqcLrdv?Py%TeebOMj-KI%dP=G6yaLyYaPk3%ZiMAW`0xK&DUZv5_7S3rHsp>s@;agvZ~3#7iL*O75A2X zEn8W|?xq8BOy7f7y0Rc>n#hL-s|)?#lpN!dov4VipeLA3RA8DwrNS8zPw<==3(vvv zVa6<@Y|PnhkG{EWFiSR1rweMPjwFO;?D%_)<%YbK{hJ6R2!skk1qe|8phL;jd_hL> z-KhOGMqMNLN;LsgcjIZEPDDbclUy@`~2^(5im$CH!{pBCs?-^$*&@1Z)7t2YhSk;-<{o3OM3Q@M1?L# z(j(TKK#(>grPeuZ*7J1OM3sKqn2@$ZUdo+Y0se|39xs>urY40P;Gz^tLg!a;n8X#J zHyL6{HN8|?wWX1kwndoG3n~_76G;Q<>T^3k0&6rMt+VYz zYnjf}C=2kgF=qT8yO)wqUo=c{sQ;cK-r(yd&cqQI9{G$!Y4a%{R-2=+8rqY$AYFOG zdV>8nkjDrcolNrrU>%hS9ThJx4stePp4AhJLz~YhhyuJ(y&YhK^;^aSSNg z9ajx)(mbp|=%nW-T;a}OBUNqN{`VikS%t%irw(mXG+X|cun3*G_gbdC?p>GO(sE+9h&bVb118yE?+nPXa zGKX|a3l)6BXCsZvY_EQW2QKwLU0q|r`Wot;B}A)ze8!=!Vqs2CyB|!tioxeDw8RPT zcT%>O&dKdR4lsq;tBEI&H49np+MOYfRn<+F9o+Yl}3Tbzwva1(tXD{2V>20 z1}g6f5EvbIdgB(`wHroS8u1lrxI<2GOvb(I)}hsv(=EtdOxehFCZo@eAWUCBHr>=* znq3F*r@*b#bGfcGv!*3S-cTs?>2hx-bHzRKRuaHB>I5)HeGkrIe(U7IWPc4(mH{C0 zl%vGs`iYD56xwbB`JRO{RilA@lHu}UF6F{O*Y4Wm-Y*Vn|9E%&^Z(zRFnFdzD}{pH zW31uQ-bPcNW#v_HB;gdk-V=2?;`N-l=3=U?^9{XU5ePb0ezRHOJ8?1T+f7J?@wM^N ztgN!ArqTtt$xy#>odN^!_qTkX9(9sC5>MG7HD-;EH+noiF=H}5VpvAK607IC99irB z+@*i02c=`>`fDH5`*y-yh#xntS*l(^l(-#8RCdDMedetgRRb-G4p5BZN?%(f)O$^_ zs}881Jw;26wlUid=&E%1C2Q0_eEiO@jnF~0b+L`obPfCBpJ8xui!H_&W?<3WvaM`9 zK~x{|U2$cdLbCR53wd$K<|=*;3WJS@SvaUDY)bviN#%Z?wtX+H+tdVNDO$Li+$Qct z6+io2TcuxAu{M>umuk6OH5Jn`D$ag<-pDEQy?Z~Dw0W4YHZ^&7Q|=>^=gVnBM+KG% zQyAIeX`Z$@_*&eJ?na(;N;$G{Bk^X-AESg3Tqr5rg7t| z7$vYQ*ZIZba4Oi)Qq~8cpY&t()ZnV!7M=|b{z5-re<*u@Ub}bhiFSMko6K0VC@lu& z%tcW!IAsq!)i$X;9>pbNcdMYJtMhWQE-v6*F*mEIM>CB97`un$IzBrdggFpaypStV zi_r>5SYa#0-Xl28IL|nzb^o}HpJHPhZstyFAhBHv)3Pg$DfjC7dac7hp~AExeyq`A zXiBEhYvwTm$jiSy<4W3sSlDtK+>>HajV1794gRVHBC*(ydaV{)dw2WXK}^az9QPg} zom%#n(-y=Pd*{Zi>9@Zg^#e@dU%NrvPRE!vpYAOh^&;&WSsJ3!w)cFqiciItT&K`H zfxtIb(H*wIZ`4lna1s44>&v%il@c&V@vWKn0`P#}sNlE#+~_E;h7G+@MK31MzcD5G z1+x^A-8$4e-DnZg-FUcRcw`4D#h9Dw?dVlh{Voa9v>yE7gC>X5(rS-dS@Lrrkj_>X zeL}~2l|9PUp-vesmY~HZ>w-CLJXCpRu$U(g&_wx#xl)u=5x_jhT1bL+6&Ap>T&iJg zYziQdjZu*B)1TgiufW<5kMGFlyXyHZSuLZGie2Gi1oIRLxeSumf|uZRZ^!T%OOHl3ucxKi4^pz~oe$vXa#l_%FL@3?`H5udIC!;KD?+}pg;IjviPSvz*&7IUzc zUj$mOx?WAFuLL8Ak?l7~r51L0td%beEpC@l7(1Tq=KuJyiN9f$+4{R>9ZN&^+}vc6 zj#^VuWrxx#p1&gAOi(JT2p>G!)%$gL7Z1Y>G+%r3)^TH-=f>1xg(5dKlTjM06D%P9 zI*G3@qCbIi+hP%Dm@-I; zNoE&~FOj|!6IH9Q?uGlxC##^S&k`>#TRN_NNm(*WF_Rx}MWcf?8eDQSBFYKqnMbNB zUoF(sqOZSqJ_qYb&8r!;Jo{GkYN>oyOl!=@SQ=fAu}oiS*1!B~d7C2@`s=_)rXdG# zA;Bxh;cmd1vbrrvZB`k-Ii6Fubz*`PmS{rFHRiBd0LeJOAm_TJBdfb*<|Q7y`NOAd z3H&=p?hJss)Hl?q@c}3tbpVCqhUHyeB5TJ$5^Ag8mofdMCgM_WSrsA}m^+=^u{HX58d>B1^2&usbIBn$ z-iWNl5Ba5sep4UP7?`&wkNxqHKhDA)eD&aukHmdBYpMSK^Nc%?f`iPy5EM6>&CNE4 zOg;~`mGnOqkzFtRXC&UguXHNB<*&gA0iKG~FHc2JGgVbt?lPJp@#mNhT3eFFTL4se ziRR;JsJUI2xdf=qJc7PuA6J%&UG-~W^$QeaI`ccL{LVkE@GJlEIh}g6J`%?`OuznB z*-xJ@;tAjBHx&eZ{Q#}*4Hm+-T!mi=Ekoi$6kE>}MppKf?R@q2nkdVt=>)FjbQVv8 z8fh`Jr)_*u$w&Pb@pIoB-y5Od}8?=cIS?0s@HkB#F}56 zlnc)`{`%!rj>o+U?UH7#|5eBGzxJqq`tKVq?eSYNd5mWqzeqmyEYBQJ0Nkn1zDnu+ z^!HpI<7p?y=dvDOd+<-^{-0ksy8$foOtoxQt+OvE_iSV+Fh*K_snPh0+9oMe{lK!| zz3isK^G~}aADKRHmr#vMEUVVf-f(wz>v3}a;iT)!zm&oKAH_OJZQ2O+G;gWL7e8xW zEjACUl@xzwX1BU^w_l!D6uGvM%zbW4Jj1K`drJ`5JEGembLjA^y8HZx$KCYRVpr<~ zf{_<}0Szw6tlI#2k}L6d4X&n8U8^-mrbiF{QosK>`5#1zC&Dy$eaOuU!wa>&iY!3L zFG=~aNlfHzA9S6f>AY$Q{*x;AL@hYKp+eO4_*UYY_ni`}wWRi`3mAt6=KLDYWmnQ& zd%9b{&ApieW=7UksSYuqcPlPDdh?a$%g4$U};*3v1J zJYdxuvCm3dmpM;a5K#>jNi@W7bPPj-cVc2)Ya&r;95(~vx5`xNZY%od z6ksC4S7!VstUH3>%KqL*9KE{Ly>+ABg*gFhN~hT{rp^6GufwGmPuxw5nr*_ceF`a0 z-&^mSXOFP&#%ZXm1GF0Y*imbJXTbN<`__B?JBLw+SD3z$`CVh~f9fxS#sBz6%KhGfcSW+gJ_r2H3Iy?3c6uL%837ct^7+iNg=Xd` z^Jk?aYMee|={07_AkFr%Qq?4|PpTCtO~YV%ozIUNvKkvYg{Xb8W|v`^-Pp)@g&lsf zlmGc}=Nwy?O|6+4r@dZyg-8OZ`SqBzejdyvb@`L4Jp6v9h|6FA?%t^CtxafXDRTJn z0_67uvcwRMeBJ}^W!k*@;D2i1Z|?_d@#lJhBn+`vJE?Xo_4q??DLa;_S>vc@I3S|+JD;ue=- znE2kazL+6?k84@4Tjt6v7HwPodI9q<8Yyc3&Pef>s{c*$?$%$l0RPYNma6gNM5b?l z{hYxGwR~)Hnf?%!+FYuCO~Uy~1}yNgRbpP&V_m>WzqzD`i;cT!Itnc~?mX&3h7Ku4 z@!jOCw_!h1wX7yqDL5g1V{0|W&ZUd437Ufh6!2Enxt8&iwy;ejRo<2|UHaX+{h#p6 z&WKy~i54VM05f{*WAh-ujPA%LoeFK$(8RJ_53AhAs3|%$eq@pf3AE`kn^z$Pt*9T# z?_MxaX+ig7B0n-U10tgJC80#?{gEC3K7AOd(mU!DBkA*W;D#*Pqv_IF%SzFLyGCq; zn2{dDmBgFG07Lo6#{fE{po~yMEfwO3xW}pN%&n{G`B*jIT7CHD!9d8{HNpL(h70q# zJCQ36Ip>l&ptYS($}PcQe~#-0lg^!eEvk44G;Wf)(D9X3q)>3Q;v2Z~RO*!425M zMciQ2%b20@G9Tp9M<((+J@-+Cy^l;wSQ@A8l64^gzr+`5dX?g8(%p&YhbWh2E--89cGH$<5tp#d{I zZC#j`1=^Qca_Y~qFAV9_6>L!6llPtSteOTXqZ_uso}_~Cn539^E-t|Z?kz97fGHLh zRY4=fjC8-Rc#SQ)ELvMjXD=+=DZXm=+Y+m}_8Bjst3vk|^n%UrE2J;4#Mmw8X_E0} z%CmfW5tK$s9M9aie!IEYPOCNltXB#7hT|L@L^#rHzsK@nEVCb}TW)wb`($YSI*s>Y z*Ck_mZ6NB8LTkU7MLZKKhEkm^i5Pm&yf&`w)5Y(9qWSA(U zXu8VT=SIpGw=zd{XrYLlb*LVnB+qEdy%>pIA-b~7B2zO!PjFqH((baDe;CgnE7(6E zry6Fm;M5KX+3meM@Sz0={l^36!mW ztyImi@3JPCdDet)U7wg_5j@N#%nq!dIikef#4>ev~W4rTum9PFh9Sm(A^cQi;)ANEyNvUnXVaDxB zigAGK11zo`^-ZIJ;Wx2=RHDL9cw(nn_x%W8J>vggg1w-EzUab!S zLK!b#nXMQtlD|U0XN&9o3Kr!BRmV9~AIka*Dm{M$R^;=Y7pEqo&Khe$j2!C+wXIEJ z^YJ)eX)S3oM+w@1J22G(tH5112lFB2{QS&*HX3QH;n;X2yQ_|yVz24=!s1?0XoRzp8gW~*DubP2o7gQPSopI0zj|;)0wcl z1wJdHfr2+iv=s4}jrxagLCRY7!B)KUwmZ?weE6wz>`q(v5q^VxHE-fKqBIgDm7|f| zQslVh*?P+TZlU+}6r5sY&z$?seA06#OxLyehQtB2Z!{)aWBlStenVR&gBg0{{x-|I zJ|gDKb_?kQ&I-+1?k81NXY%id-doH929bxkADMh_rx6M5N?JRD&ZzgX@rMK7EEaxb zvhOLm&|UC*>U_2hV{$mKE)qub^CN5*pow;9QUF!^d1O@BuDQa@P{LxX>2k4nrS=H{ z{An9RL|<74tTd9qUj;-YM~npO>1ilSIz>DQFXhNB3`@Ml4@|Slhf2I6GY5=i`{z#N zjEnmkOv+sD9t12_cs{p%Xcx6_z)S*RJTxNdZ3L=bO99EQl$B#@`q=#0(vx${YzB># zkafZoW{hn$tf(F9k!k)Rse&X*%|0s4Cwp3D0Q10R% z?rKH1f1uB4gvg<#GuT7V#w(R&giZk7jos?&$eiqp9o*m6nOO~LHWM-yBv=YFV0yLb z$pNFjC+5uoES5CIO~XuvH6G4A(ZDd6U)z;*|JIm>KsgZvU9Rgi+2wi1Q$R1+MW2Thk9SJ#W_dO+h|3R)xU=ouQN}tOwrU?W@MM9H?}PlhcxR^lkf?ZV_SsuEJ;|?2 zO5W$fN@b;=#CfxeTSzE~*tir1l6j8gJLh7BUJ{)%lWfIq6CN$M&k}u=4PnkWx(Ni{ zc%mUWV&7s-N40NCJ}3!nvD=$;e@Q|HpBhHMz&ENy;LY%8&yvv3AC)vz0zz7i%-il)hym0mG#>fYq@guVS9 z?35Ex)4u~!a>Z7B!zb1a?MOeElL>n(1UF$0>}1h(#wFYy-f21>Yg;W%v_$I_c@#77|2v^oxRnGms(fH5FKAtgv);}b>C9u+@a98_#Supt)k2Zv zob5K)pzO>=QvfX9Ra&%h*6Q6)I&Y5`eJcT6FBW6>7|^G1uVi<3xuN*BShcH3gGVADW<85aw3IOpV8kvH=?)DK=Xq*Ed_5n9%JU-FRH zvl?~Kl5^F+Ep*K-)ZTht_1pJ{#fMITR*gr|N4)M@B6U)<`P%GHC#-I?PfWrl+&yWJ$ib2D0&rs#V&_5m8{R znShO0*qx!Tu(36ipuILaGmGYFZ#x%hoin8r(Z>7z<5JG{GL4rcBNg*p@WZnvxmPF7 z-vzj&VJ`(GUF?LX`jHASLtskJ?qu>TL6nO-K}(swgoub%H41^#DQ%nO&y9>*^z}Kl z&bp4+vEt6Z(V!!fh?j~CY}p`7%ZjL3T&xb>Nx%{pc=cIdUR1P$5j%(4V56Hk>drL@ z`*WcR<0;iw9EPyB*^>M>N z5GRVSSZ`}{=lsj+a1lZ8G|n9a%>q~tY=>2G6|^-LJQAei%(cvPV*F)ImUuv}p74WJ z|MO`smo9=0Ub~d2WnBvwu|;?1BE-d6y5lEzbOO~&xlV-u$T2jJ$ zSKWa{L9p91?khJYjNX>0X|eDFCfHAZH;ACMn}A)hOTYcOyhskn&z9IFZ1ZY$)Y%?} zdktErbg?D=KEJ97_n|tq-$wzGM&W>-8XSDG(-Y8dJxWxLm(M!EFMsfnsqqzcA++Z} zM&GNX%Nu6YWsy^0jKR_n<`-9>1$Z4a&NLy#>9Sg|8JSFOK^Aj+Q+`ff3)#vDy5P~1 zs6K4!#{&eNJXHIdG_qRPzMvQ(lNl3jhg_G;uc__~-K$GpUI6&lD=G_s1hv;(w*@Zv zud^%5;)(qp>w~hxu;i!MtVI2#VU%rxh!L90sFmiND2)e51aFPeMNO`$ADOC=2)d|C z%VCFHNMzi$-u|}-%fBa!i!T+3+BHAYr0l{fB_<_7WH`C#Q6h%|Ct)L z<{^D=7j1Qgq1S6wvyouC;i_gM$je(Hsbn?I)@1fo6Yros?^u{$!yEx^0c@8zwDLKb zEnJVtM`kpT;tYF@U=?_|&RsiHg+MY=l@Ik!laDm3kPlF))qmMdoyh#T+nXbRBzNQ& z_(J!NX8Q-=2P&^WYG%^bujtXHIDfN8Io&0#yI)2DEQZ4UM9fb}$KFWzB#_NcJpV?| zgg?QyggdEkDe`1>#wr@k(mV@T(v5dY@EK}4B=)P^2_Uf~nCyz_c6&l?;fPT}brG8N zp=x23pY#jeZ+|NfqONDoYY6^EUesJ8_BLBWHR?*@&{J>aWQ|`fn>6^v%rf5H;&f!bo zA$cwrxIzLD&}qjij62&M=foZZy9t;sx4k_6<{YA|X8_e@!}GW#BuHglz1w4kg1mZu ziS>*6u5FFaN2YgvUp6RzljOD2*J<*bd2zk3mPk>}Co*wV{;|BRB5lF(wZ7RolK zSohjh{YJg$9Fm!~lO8L0e=lrxFn*ZAL%HzFr)fq3&+vZCg=4|`W0m)g*!o9%fav`{ z=m=jnu(bclXwG&h9{A@};IH-l@6uf>M-L`d;*TE63)XA-SzoLxivU9EpUU@K3w;{X zR@^t9^18TaI*^}&VEX>M&l#N=ojba2!%t<=!Rsv|o6J!L+IYGidHO9JxTt<#9n(_!TC1sx-Sy~yq z>YU{^Bu^&C{04g!a#lO+}g@BusI_B#fy*~9Ls-g-xkK`puNuEZMJ+|Wm+ zSaN{n)cA8N$~%uEhoipH6D#%X7v`+|PDI@(ViRBXk*NhS?zS=USIgC@ z!ODkx!B4zAS5Tgk^36PZoEG8=Snmf+_QU^OPx$ja0b|e5G4OB4&o*#oKwVSuq^os` z!5)HMBSctSE+`00JhNzT0xIwpE?89it=%r4+MRNEX+a7J9AD3iy$u<55B^a6xz*>^ z>w)N-&U$)a%jX6tR)pHr*-rLP9(IK4hwiBGR&Y&*0D{$Nq2&=Ua~NXQ*HUlm0?LNx zM&y zpSbk@yMf{qJL2Tn8tjHdKyxBM^wMa@2J}RUlPd!CRgYaW<6`zRT26&c5E|E&e8u(3 z1KjFzvcR#9Q{JhY(^2C}o0%3{bgPG0EI8r*75qXmn*}b&{BEE_tn=$;#i@Ht!oPLq zuWtRLBAvnbKe~(C?bqK`r))dEJlXYIXSjr*EbIk2T*v+TBu0{w0CfvKnW3a5DP0oc?mT|J&r(Fd_EC*T$cZ z<~g+GWF{FDj)_D1Z%$G|EiWxP+2io&l3Sb(Jzk6-Z3U6vD#u3R=?LN7_L|h6klXnI zvg(j;U<7wW0&!Ex7Twnn^_ZqApX2XENzVu*jJ+DyYNH@S?I$H5G^oV?!`yoZG?ixk zkbI&(GfGa-Hw)44EC^ zJ~cNVxTd-8=uG^J?~BCZQXm%+o3Is;xA&Hz%CkeHa09u!a@CBPFGoluSx^at0{?!A5E zcl9&R#69_i5J^ofi&aQ8F}*0kk6fotD28bS1=VK#JzCyRQ~gtSAF<9Y_H9mMba;QC zUzI&D;Gi&uX!Nnvnb@z4-j(mFxsSdOQC3cv>T&B~VEijWkAG!$7cKZBBdgk;D#w}) zw$zRIx;KcW+|MS%PT@ZQ2Nv8P9UlFN<@us=0wUUR~aWZh3b$#A%5d-Gg-u zn_v90)BmS1{~KS}bN)`d`MbBiN&0=A;QN(v-T9Mo{j*VPT^&>Sndaw*#WVV5Spw;4 z=)?qEy#tk%@$P`g5^~}7>rO}ap9oEuIB>n{*yU~m6%i5FNZHbGhf^?j1Y>a6On16% zq$8hmB%<`42Z}r;3diP}_!PWoy<;0TJ!Z|h^!k6@zr%r-mRD&Q#;m0H(8s)8F%2+x zc}#yYciGeAyvrv7c3d&*FCbTPwwiZ7Fg%O@e39u@R1CTPP5NK{Zax0Pn}6JD-8(@i z|NOo7y+0)3X4c_SV$zdrk5KD&AFco~<5JPMeSK%GM;dz8nHagnAGLNm9&tCi7)IAR}FEXZLpUezCl@uGzw~mU_1!4d25^+k4Gmki@NJ@*ThbE^>U&u%wFVXL+=J&g7XpvEVI*N`7-bXc(#Q?TSx0WG6X| zn0ZCY^9OY$G4+?c`psT0FbhU#IenypKJ_F^F9M8JHMxogGC z^wB6=_Nrs`5^*{lPwEktebax(!aaY0TP6)W{?-pMj9eCHhP5VVU($`zXr}Ox>kG@} zUlhN+Uo6`d6mrwOK?e*i2&|X+zqDUCTJ)=7S9{Z8L*(@NL1oSos2<>(t*4`*e&&n= zTBtAH8d(a_`^GZ6Ou+p;*6UOX==I#e@vIhLV-~}B=M8b{l+3sPM+3)^M!fJ1>|+Q- zn}7T-pAI4~nEmxZr1{yEn}l5BJE?cd&FG3~J1-(9|84BC+Rs~q&aBT1fX^#|d%3Uy z{7($+zuEo&(5C*;4UP0Mz^D}hp;X>I-2y;hOH7!yPVHwNknfxL@;Ji0n{egiGV0B(7-hXHLfdTM)iEldb zwEZ7FyZ%D$#FS(8hSvv%-MHNsv^P7Ie*0ScH-0&JPBMiCz>fn0-dnDm8t_{LTpqT> zwgOH_U2nwXKrOHu`xjEHkYTaQd{dTANUPdED?MHv4e}*fvfVbq>|P zqY!^<-3GPh-1>o`BAmFE>1DQmjG9Rz!!S)YlNf%KABO~KW2#jfA#tNF$@zs6erPe0 z2Q0+WUSIuSw=Q=ST`~3K+$k-SqAPAGO>qs9`c1v1EPl;|-P!e-I%?kx=m#3nOuSp+ zRO~1jCF&WYG=Ca~wU+*=w8qJ8D&Va-r*;58l$rfiUtmuj=^;cn<4Ob7@5J5fLpKZL z=ioCuUkHV0ge$Y!JGW>|5ca5`yoF->vrU zBCz8?I;g3phmyxd?`-oF>j({hSwB}%vH7gi&k{SXF)!X*sgBO+#gr$rFwR~*R~xZA z5XBhgMxD^6PFz-w>R&_KCmDHZXtsJOn>}(XdrcP_Q1-cUBeYdb8qVUDJ#snj?RPqR zK5rrfo;J+2sH3ZpGwH=$7pXW$BED{NlqGxUiU_xLS5=15T70;0Pn2Yk*DvQAc+q|1 z?wo;>rPJ+$EG`cE(uV&2ylr0-9ew2R2>?+vKzizM?r?jqU8WT^QzL%e&*h#YAEvoD1EP& zv4s*7yzN}3GWAH{uIu2M&TIgc{6@N}`;vevrzb~dB5aFH*(VDCTXdzy4R8oglyaIzjBceq{HJ-v;-*aW-v2#|rK!v*m}iHTLf)O*~>grs6A0+70zN zC3|x_rcQq9Cu+=Cf2}oBD{w$#`P%_a+8+;Sh@TEi{rr$WtPUPXiO+gC5fa z`NYeEy+z3JP&ZsWY)jM9!C@$M9^1z3q$u_Cx1skwmh+6l-$vdn{4H-I0ocbKZ0AB4 z96s&;pxI@79tRT#<#eQ%K~mugw>P~g(+ zg2D6QM9XJZV(Z?Xs)87t;H^BCR7{_I}@lPB67O(U2r=sQO98G!@RgVm6%^Wx;7OK9d^6lTF0kZhtlI zkfY8c>^Z7k=tJH1ia={OgH42} zk5Xp5aEnxQF}pD3R+u|7ZOrS`_?1?Qp1EG5_Qu&=vZ6P}+Cs3TQMQ#lCD7+_YtGbQ zC0hxfC%519l3<5@gui!M!sM?T!ofF@sC&nru@_yR+_wDafIaxu_xnai#~YGE@*>`g z^);X3UgBOeWMBI#^}lq0^!xeIZy}%BJ}iq_wB4WjIJf;C%1DIPd#UOX@%i#_{~j+(y($iz(H1VSb6)SbZY9S&1P zq^{j zAHg2TN`q(LJHr3+9skc?wW!}N8I=(?oF3;_C6s6e_9owN>KdQ5{B~*23+Hp1WJKn^ z?<8uxC{=20pwq-_3Jmg0o}0jV=q;O~o8g-#Gj6o%_%f(J6xy#L{=&~NisU=7NW2-4 zDW-ci190SK&8e;Hx2DGQGK%D=(>p9q)X!uwf*2CYrdv&!~;Ca?96LpUoH6VzOJr^=s+>^}g<+O8hUh<{k z@tY5fw3wqryg9?5dfz_jTtL!`aty$M6K$<$D*=qQ>)zVkX_d@=;zDmwuX_b^yL!Qt ze$)=Px7(C*Bk8%s;;|SwunJCk>efa>S#y@|vWyuYG3$J(bDWTB1m!Rk^&Sj`=rNLl zD$(_Ns?W=uSmE837y}z8WZDwZl3rfbDI#W9mGM5jEYBnkQ__{Kb@~}?>S7#wj(EfQ zwNNU6D;DHcaXfX@HS?lK=em)h;&FYRm8epM!Agx0UG7{H^Ndx$=VGQY4ZC|CW@Iw8 zLp@b-d$1C{A>iprDBF(Clta45zf&OPf>efh6iV0PA$@4mVvOP7n#bovFVn??1i#_d|#;mG-JT&;W9TaHF3A^6B_SJQe`16%{w9 zxFDYO=0(X0_Tp`2-}@jg5Z5SECW$Xi90%B zLpG0+9usU#^rH90u=I)Hst2`fs2$zRx6DdaN0XZGeV6j}1pE0_e>eTKx+E+nM>Cqn2|Dy0ONb+IXiRr6Z<7Dr7tH53U$C!w z)2FQhZa?PVd#mr;;Dr;t zid?p5M6GQT`K;lyS%KL@b-I9=X4v5vL% z4uE}_{oY5733`S@oKkgx=&)`8`NH8K{(j(Ztw7p9z&;SS-*S$j|LMm>-v%Q*G-t*a zfk1!WCp~X~K>x(U+5{E}5Qy|p`$wPs$+j>P7rv~;CO?{0 zXb1|`89pJ{&Aq-J_kP1~L9Pugm(j6Uj`+D=gu146QChr67HW{=CZX-gTO#(zYmF(E z{9rNK>r~h~bKVRi)AUpXd6!t81huS0tQo4NQ?ZHOwH}CBVskN4rq|Gsz$9yn!9y(G z!dbbD!Ha0+DeV~%A+>cG6kSdrr44G7&##6{x|*UnzEb$ETV_EAs;A{gqC6p+Dv=b_ z^>p(pjmd$ljpW7twbIgbj+d~E4x7jH&$eAL9I1!PwKKs8wH=}DI>P= zEl!z*SrsH@$55@Dp>!ZJWv_3iE3>y7WONGvDDzTbBN8IQbZOZU`giM^!|JayT>jjJ zzyADNYmk%IlFV;LpjAtQo#mwv2>^;W)yMAl7WG?dIl-dO4a@6`i$`K=f}vr%Xv!C_ z(UdQ)q@c{{hX?lB$G&(Y)aJZ$2re8LFKC;eX5v=u=0so0_9A#p<@`%qRVhm2!qoBZ z5Nkh=PV4WtlkPY!@1|?{RhGAjrGFK|^vSRDtG@inF9Wx3|KFGy;cv1tijA|;e^JW; z{5FctC*`Mf=IWZ+mfLS@&a?+z%z?X!|1>yZi1B?hVUxW@$9d{bw|}|ft)UdkY=uP0+aa;UrG5E*HmgCsfU}Rk4gL9Jo&TvVzxnMF z5%M3ne8)a<`5Ko}eGa&MbDV#}^WsK$=uRE+FI~8DHVA)9O=E4onHujQb1z)|jvVC89Tbk5EzScx`UR_q8`f$VOXNxSTj%H3V z93d0dZ#V1|15QXkdxS3Sv=E8jV3f@sNh#NXYXdx9cLmFXKy7ClS8+zl#wBjjugbxL z79*TmI)~mvFT7Ug9mRAxd4u3#brQG=R<0MgM5GrT+u8m6%#tdHeq*h>xqqWAtJ^!C zOWseiD!SJt*iA&W=s7;ZZv@w4jXKXRVfHD|FgoA;%l9) z4I_9W&Is}=O%2jhnn(Pe2k(TsA?u=;iIX3@Ymk=@S_pKKhFGo<%y$9Gk>cm;c@ryGSOtkEA|ho`vPBD{ zvD9m)AKN*3CE_`1V}qdttrQ1wnn?t|gMMw;NSNCP1`|VH@#h*|zS{#6(wEB;H8sg5 zDTkp-I9y((l2EDP@t5D95PA07pzzgyQvn9%d(x;jjjVO)hnVv(x0Y5a01Dd|VGGH( z6*IRUrpD42eAR{h@xV0G8+hfutD6ze^zb*{S@i3izj&f5MY2R0A%3 zDkYap@U3mXJSE--t=XG0ilL;A5^kYpGo}P0aJd+eM5)E(m}g@EIHn9AfKcX5!PSFV zK>DnuQInmHxOT^Y2PyA7t`*x-BlOJxH{PQu9Xr_tT<@D44+!G!ea7GUa|CgB$vgyB zuR{<>jnn1Bzo84bLH`C_pxs#pSmQiOm`W;YNvF}UWY-$IM=r^_LqpMT%m=(F3V(C# z$hf9c#>;S$?VncWA08ee>x%6JW_rtMhiH~%_g?`5N0&*m zi<_9i6SYLOspfUbBF}z%8H|2bL`MARj!tr9j3SiYmZ7M zPaT!~{)Xkv;%f!bp(YB~p3T@trWzxXwDVd+;f=#%2hJ=_FG-T|<0^UbIJPXL$J+$BRmXU>eN4WNTy#E+v(5yl$dyp>OF26TD5j z55%Z^&*$*rE6GzGkPtUXbhylfcEKW>L?%9921RP$;AnJ*2e;B^yBF2vUoB)l62_Ho zk$PY1W}mdaRdigM^Svqni)T#EUP1Q7aIx;IDfOAHw(!;K&>GtG&S>{dPO2|l?MC6# zX>qyOS+%n1Mlc}(pGSc#y;KXmIuXu+&VOk&wE#5>Nw8kNbSkKbZ;Y`KmkrR7W4L(m z7_Gs1yrODXO@Rt06Ga4h-av4s-#VakE4`%pc zin4a0w9G`yg{5@3^_HTda2OPd!t)zGy9~s_m^LHq6_*i1O5F|>7nK4T3w$8B~Qq0 z9KBrohwkqjcGrY&J{I~LI&^o)l%Gcl z6bL`cd3zr8Z^1(o{~NX;4YF+{m$+*z8#ia@{l?xrI14M6<|Cu9M3dE&Lj{dnwjL;| z_aGHMTmjcY(yyYYCo-~b4oVau*Cz}GtInw05+p5ji5nOcSRIWz;RJU{{s;&AsJO~_ zK2>zFPv?I;_#I?;yaI3+27=!=z7Bq0h2-oLhqV;OL-UJ|ZwMJDYiWeklrWVa-vlyLSO{OhTM{+-lTexF1$7a(Y9_vHagK41Uc_1@)q zhxz@|wn60j!5jQz>0i?Sq3E@LqUitGi+@hdr@!nssCb}?D^+p>%r0qO5t8SSMe%Xh z8PcIw`871d;V_Kkh>G_yzv6ASg;?(c#T@ga`~LDYZjU%E&d>Mdd+(0lgwfS0n;)&vyG1VDNKsuSDM`$soe4^;oR8Gik}7|73ZJ?*ar{IeVTZ>AMLmXpa! z|I*6_-%~|B2;a`U$9Ky)WoXFkkTsXH-J5E?>gGEt4fiAGUHj=MQOVv~D{ZY`HRq-O zDmD0H$$ro6AAJAVo`b{%AIJ1*?RTznJ*-|(z4Z6LTh{-ZuOoKQ^#53YKz!MyAen={ z1Gu@b?wu}~0a2j{yYt`Bbn+vU8NLraCtnpe^U(;deET;{5+dK4*jLV)+YDz=Uk~2@ z3Z$6Y7ep}#04N3mT&vPql+E?(lFyLzB@8M29WQ9*j3t=8R5qCsaEjd%&zWM|NBfCA z?)Loj-Qh{eu>9IL2JLe7w-A~I=Kb$3{-1KzJmXc3#~!#c&j7B>#Rq7WB@|6~dQ!oi zs=9s)Y-(Lyn}vJ%k(O`uGf!9^Sy2uy*y9!t4Y@5|QuWT=NinZ~|K|L<_J20E&H?z^ zn8d`@@V~~_Ry@Gh?mdN0G#My*`sIN7xo>)8)pJXYvsc7a|tA|N$v6f`smCwyCFyQG7jNi8iVBGN;d*k5|bj9T4 z<@(Sn$Nv7d6I;l@ z3q^X8?$x0f$VIQ9`1oWEQ%IeaS#oqFD*KFqitLaOa$O!dnG+NZ8+(X5K9oPhn~tXh zV2fmu`+ziyK@_~?Pk~)Itvp8RN8|?$TF4GA&6}B}of2w5vg}U5tP&W=r1)y1qgQXY zocXu;0XyhY-D$zOCy6j8dQn&--bs5u%j6jFdNGAaNhZNrAwsu|oIoU-lSgx`Eckr4 zmn}KiAF4PlMk|k=JIvz2tQkr-%Ii17`oZ|ow?aliB#mUqipk-fZ>fy9P(9nsth>yE zr1V(nes9iQVKJA$pwwTJEQ;pjOo@GN@Yin^5bR-AVO7U6YXENd#JjAQp?&eU&L?Vg@xACvm9j^9}+WiiHUYRWbyDuvH%lifUQO@ zx>d3T^^HE9}pbv0JBoh$Owtth4EsK>x7#L zjitoXt>5@-697~t9qGatc>CsXCDN;_3FI76)UXW{^q z&mYQKN2L?jLRcytXOi#bP^;(*1sNdMjONBqpvd%U}>XI+Ap&yH1QK}IUF zJqt`ozI?MClwiya<&ZY_UqqXFX2RV@K^Jsp&255mdULK*=A5-BUV-P{o!v30iz)iG zb0wi~iYqk7wLax&O0luRVpm%H!$#uBmXnhp&pDPJhAc3mjw<4S#S!y?=6~Fmv-yc1|qXSqO6)=Gsj38K>?$TLFOwS z%^p0^=kexRHQS%IzeqGw=j9K|R~vUf9|-KRVfqK68GF`>HJYCOkiF<(R5HNl3A-jf zm){-H2elaejy8A1homZg3`e&XKU^eaQro!1^-~**HmK!z`|{N;cg|r(Tmtk8zG_O{ z!Jm&x3OhQu5bY8C5MJlHEd*j#dSYJ)xoL<^jy5m0-`_FtMV);OgBl)ke*wUUEU1gO zn72YlGFn6|^8C?W0~r(aM;8=!Vz~0ZZ!y*91eFd5PEkP!#*)1=xeH~_DxA8~5+8u= zr+zRsh)LESy)DOerdu3tn1B0%L&Vi2ZEu8NmS@kPkVxU~p3U;}v-;)EX8edOD|i25 zHOYSPqP#&kZBO+LO0W5HPb`_S@g~er^EUvW36{gzx8{DUhtea1YLwi}VnYfPHXm>X z2KDYenlNIt{^mO1;;IF_!BGk^`I4iik*lQth=LI6aSp*2Dn*H9B>>?e`q#E{sD#G^ zPbjQ8;H?3ZOqIGSp~ZW zz6&|lOpvA++5e&2DQ*Vn@B#>*lCN)bxWQoGCa^@l@wcYD_9kSES@S>98-KVw)xWr@p3Dd9AQKgI6 zLlA8;iJ6%*^H!m@?I5GdK+eaS6nJemO^qniWRIV+X0>hN$PcWnxk(Fbt|{uuB!YzM z8a z$Ef9=2+$*!p!nh5fsoqTF{5Be-Hp}HQfv9InJ;X>qn@J1vL=^{TgnyX0rXmfk8<-! zTDm+&45M(6L*dP9e%*M05dPSGwhc< zT90W};_BEDNVO;NbtMiLT)QA45pZrRo^!ko;bz@Zm_68d{!!@5H8e|n;Bwn+)8&=h zNqXAvw^ivl;>#YTWtTILDu+j{jY-l|CbEQXQ|UMod+SoX0k--)KVRWlh|Wl5)wr?y$Zwr#7dcd;gI?MokRjq$;Yk+$sOTv5b9s!KoF( z`z~f?arq#l?qD^3me?k)vgUk|!{EP6xfbVVSF_c#ERk&7T<=Rt%144(LLib&PgbYA zMpw$|x(nv7^CuS#$vU2o3^DhyREv)0e1OBZpxS(7{k$Fb227P^}FpUgM z=ODQhzPK!=do)<*PVFe#fVQRvKf5PwR|H$vVL8r|WNS+6HXHRSCOI)Ls01eI5GCco z#yM7b{wx+zdA+a(LqlgEAG1o}l`Q2qt`Ho0%A(2XkHdr#ae?dP3DE6jgONMI&NT5< z&83;-F^Q?H^z06d!fb*t%5hmkDmbpvJ!Vhq#e+QiT)AWsR8M=b8m!O@+2oXM3l}-$ zs@ptY$>Np(h0ZMs$JrfquNv3XO1lF22 z?L|YxrVEQ=-ypcmfh_dSV=TIX!J2D$>{q`{(g%ii)xA3;k+QzJI{@HB^4o+i10#F1 zNF8Mj4g)nQE*GxB8%IIRxg~+-$wJ13J?_j8=|zQB?J<1(QF*Vs>J4?Aaq{VAc{9nx zSqo22&Y;49kR25d!s&amz}U6YABz z*U{%(8o=A+m7cHX$!&m{;g=WV`kw8yJ&`G@G>kTi$tCP#B&SY58^xG*&j!lk$Mx?nd5CS zU~_ens_(YYG$nPe<^=a;N3<7FkOH>UzJYMh8*m1*4+^oVN~eTon)lb;_6fYSz^m&? zKNvM`$qL+i8zk-xvEpMUY9u$SnXR!DYw?x6&%^kD1ttsf3bWt4hb-;@hE*w(m^5G zZgz%OW?I)?PGJkni9}pvqQdQSAvpf@b6q2WNfD=(w1*GMW3JHIdG1mvecGvO;X&2+ zZOrDhP|U~do{{0}5y0E9rVMvpnv@55s|zOc&^-$$+nJ^_GXnrhPSouVIcujT_GFOa zBY4e#hG*tHs?StP@#?}Omqz9zOp@}AJ66_Q3FEJ~-78)13@wOeO^-az3`<7XkpY1w|-xg(IQH5PjFASAS z+Yb(IeP@sVRt&Y8e72K9lw^ZEev(P+kcf@sfBBtcer+o=IOgrB;bMLmL>5&tkHKzcZ}^2>?a` zS)GCph_p%&Js}`?r^caq^_O6HIBE%I-uURwb7sk80vL2|z76w9^Bo=i=qH7pWsFBT z4(Vd(MWw?f5FoPb+aIOgHUkZ4LNW$TM7E+qr^vY5v!n@PLf~|!Ro;R{A*_ZNpJ5LA z)P5j`EWS+QhiRQxZrul>s%hs27mCnuEEObKJ%1SrRf0=(bT-#|7~~nR=dMKACBpaAeZ-+SERa5@;jr|_~FzPuzU_g zh0i|8MUABf6r0l+$%Mk+?X**XgI0EYz2OMq{MP1V?OkS6s zcjrt%M=_>;w{YrEbMvGjOCYe2*~_pm8bv<>-m&md25D*8&F(zmWI~m+B1MB8Zj~87gr|3dqE5eDqQ$ZkaM8>F0rsHf# z+2aSow~|hPBn0X4=yP3Y!+D5e>#3_qUIvB>U#)+?dH$I=;&{hrtiLl|tBr}NK^|WM zXhRksPMd#3jSCDFgYfFLbE`4k-F52R@IDDdSJ|S57G~}^Qf_`=Aj&7%pMO#1j76WD zU5qsYQ0Zmrtk3y-kXVNP@4?c?!Cqe2wtCAcUZuhH9kAgMCgKc=0fbu905JVc@a^1E-?GyqTP`e!UPL_;G~b@`96YECvp|y=3KWc zyzv>KzBed&rRLdxM2qy5qQ1J6lb}}{6>HK$IUutDsKu)~-gOYDq;*&H14DGYHdg1- zlv1YOK$&TyC+nTZ4H^bIEO9rU1 zbT>E( zmMis6J~`%b(@M^@?Jd}C>G5Al(ECk-?d0PU%ZuwXqT-a&>x7`Nh)C%j14Y5Gnh6l8 z8q0j?LioIT!pj};TiDnwQlT`-Q?H$PU0^4`@8PQ~_*)VJ7o2|_A zit{XM#ouFeAgiLG^HAh%5PV7AC97A_ULQb@aC2sM6l`uy(+f$ikOZpcQ^D<2f3Kwn zGni6|Ic1i71^7JDgA~&#Ozna9g@VNMvkO*Y5aHjVbFUR^-IWC*kk$KAqFNT5x5`cB z7uQbG&8nN`mZRbV)W0fhMTbIVVy19=mtJOKLW_EyB`x0UtuM2$KGwPfgQWHf4BkjD zyQ0|(>!4_h{vsG!g9o$9H{#`4g~BT9uu)FG&W4{)t?;MlfbEB^O5*G9q>k5G-BG^4 z;41i4L-{9{ryc{4!9TAUxe*NwF9cs9%%X0fV?YZr?qNB2ahIwSr2gd?kG1XcWzuRSmD}_2U>~mw9!F36m#s}C=2$dhuYv1ZuQmG z3t!%(7syNcZ|OGjSj#P@teeKvpj#UIUFJGv}(gC{+B+?6>=>rkhx{&KuK2dF}PthH_;g;R|Y_rUQ7_h=cjYTQgxeH0f zuz1rG+=_D4@WsO9;2xfB!yUh7puxQP(n`K=FpX~kM9@e=8K&qR@xF~avRrV3*ZpCu zYs^p&g1#8XQdWP-9T&r`EYVdvEfc{WI1aVKFT?22*2T(N=xSan_lkhniK#kx?}o}j zoh9__!)EO>LeYgoI#Qx;Je3_(*WQOl{D|k#QgK?9O`~@N9bFB`ot=Ez)D*LF69kVq zNZj8%6`X8$KXQVns91#SCe<3lac#W`0F#@*m9+hGpAc=2LV~60d?n%om)7`8IlEwU z+G*-$mU(u&f*4Mw=6}+FK0o@i6NoTMGiE}QF@u<3-w}Z>NIF6nqYS`9I*Sua=RSSgzY^&?)I; zf5Y8)5O3?dlC9Ye?C85sioos;F6ZgbH;S@?2M4t(%v6s50k?H7Z}2m2YwAbb)=zK= z$0rAstYeMGDzv9k4}5&@eXRCBLfddk*3y9@-nrsMvhQ9X^y! zD@#~Z(-Fo?V$hWY#Z2% zr|v6u%kr;G&RkNi+d`r0(vEagc1x7PRbYYfp&-c=z;*rHV8C}p)2hP|?q-4Q^e;Cf>iWK{u&sqSJ0W72^7)#-CV!pb%gjYC9&ob1WDHx*CD z2QrZ9^~BsC;q+Cu?W@0hELqPjb5-cg2l*(iLaacSGLyy_%!ts6;E2KQX2Rd}JbYs- zMFBZXaS#HE5^B@Cbxn%DfmAfyLBDIE|-9n$hJ8QF5{ zh3PSaTDBbB^M|%->|Sid3rz3$RFU!Q=AL?L0D_K{39?uA`18I9S>maqik83ZjbGZW z@gsXF6n1u1yz#SqSQy{rdMhKh(EiT&{LL0jiVZ3Df*X&59TnrA>@=9{6Vrm;mm%HOfoie9x7>k|I1}s z3$yhTw<2@h$+`*W!*1ekq>b_E1+UW^5l0T%*b5K;vMNF7OaIkGAj~#gDW`Cz4$9iE=&CNHwKP!LtHT(xVnXcp?|=B^%Ksa!a7YiXZt-*~6OGK`hs ze`8{ptjMZqOd=!^qm%{ElOq1CE{f(!3bUtl6r52-8Qg^)RQ z%mEg`yy5v1t>i&9g*PWHDxKWN6>Z_!FsmdsWq!{_ErzMu(R@Q$>;1txVZl8-wXc@rWvF&%rs$gM8+bfcybzVOFRmTwBbIq`*HCAIBjqGYHy%XT1 zSNv$$V`hLT>*jvF6xKb!Q@m2dxdZY(4*|TZ(+!X32fx3|CZbRl#Vl^WOO(j1vUlXN zn(Xj8{*b(;y&~!z0c=JQ@^BEdV##SfjO}2NjMQfhnB;IMLDO zd<;b-L$ru1Y{1h;DVtT5!_GUY^<}bSF=Kf_n4I}c$=k?HQ=Qvg9?KKFI3w|_?5?ng zAIb`Q)qz{g9q!59e3i>xiZ}E*cw^GqOA*@*`PmPMQBD!4@bhmht~jozh+HjfbKcUu zqt$WmNb0|`-~?tQISWR&gYC<*4~TfN*PGANr$;`m@BLfx(*C+evG3o(8{?vphFWHh zhCLnqiv|}ZFNzWo^8i;4#Jq7_r+*GOk;1w`KQLG!wlux6EN3*>SVU&kOWEs&gp(&M zjt1_{dYx~lkj%9p+V5XzBs7U=5ekd6*Pbf8!~~$^B29R`^CzIKjneFEja1fSBZ>D|5}ac8f2JkK&O`^1f^P@pR`4|cOH-*= zGuNinvZEV?d8n>ovp?n+nwcx}u_#;9oSZXkI@R;DNYN1Z=)*T%a5{fjl0I;(hiP_g zI6hp`3gUsn!R+*SnxlMpcx`h*uenHu2;5$K$Mf!ryOvVO{Y9)SlP$|)BVnQG1$abo ztu-m1?%=_C{E9^=$qQHrxkoe`E%3Y>?Q+OojPBXHVrZ!{FoUMFXG*r?NWAS96?8wQ z^ay<=emm1n9rcFwRAQF;h2}o>q8WeGil4M^E4OR={B~T5=459ZKpOyQ>ap63QXReW zbnel*_Q%<;H8tnnH~(Ng^wsS@i31Q)8_QUX?#sQk>CIBO+fi(fS@E9*xTDMLUpF`S zk)0}VuRS?aZB(-6*b78P$f$^+tucS-@o%h)&G|HlBW=U#q0baBl?NI(_U8$R3RHX)cixVZU${(E9(L06*q%RSs5qy-X}xjex?92AT`Pzl`h~D$X2;JJwHp zzi(5kg0MuvwMD~8uw^$O^Xgg4A;vTyv3nmU0oxP4RKIxomo4pgncSn{gSnzo{T z*jm^z5carCT+&!f8BDr1_#?TZ7oo4E8RI66>_<}IW~GRu6aV<~ zo0=uVDF2biw_B4+P$Jwc@Z%oc@XKZ9M8zaukiK}SJ`0Pi>*bZ=g{uhwncih0;H*Es zq1hz;)_fMz1skBAS%x&oz{5fVL*Z{8Ho@WILk7KHYUnh=04$SGflxI;%Po#duV+H) zQ7ozt^gJ+oBvlV#KT$o8si*SV?2Vt$t1Nk!8&II&-zX4spg{3cihfgQkd z0{Tr3&`2_WYZ{qnGk{9CaZ==XVK-cXW=<$i@@0XGSHeLc*=2*BFYm>e-SXCaCcv=U zO!UnA+ASIV&@gFrVdt9BtgQG&Awsf|2=i5{Z@!wMvXfMQXjX+j=ybtoaA93}Ss<~0 zLhCR8SRG%U{7Dy@Gp9Qn_ik`)@pf6(e=;^kUN(qQ~`jMr!G8#r(~fwPZxWe}~@oWXJtD zMO&Q{;qGjbEV#*Kh~ZefQ&>BSSX{fI{A;l-=OVaTbxgf$jj3ZM>EY7V=?R-t?iSqu z3#o1;uc7kI*e6+}n2zSnZnF&l-xt8-ew6&aiL*C2#Jy(qf5UoU*m?)puoo8=N2~S( zu3ER0>PGxJEY+MZ&t9jyA>Z^I#C0Avy{@{J4xBn1N03(xUR;#*=CTG0gSaivfEhIc z*WtPF!DKj`IqWtUvSvW{sm#^0Pl|=N(uw}fq!{*IQIPr5FvwsRe6+h_r}T}~P{Zme z&-W22K`?qW#7ndTFAuPj#KV9G@X4@IzV)~>Aztd|>DKmrP`BLv=$)>_P6K`c=BANU zC&~@S07Y-^Lu({=tgPPUh^|T&?qpkLxzQN6TmyCzPsFNID4+3!2Wr?&O1lUyN5Hzi zsi+%tGV;nE#A^D$wN6C5Xi=-@wLwdicT1GVU~O-Y{$ye}8!Y9XKGD_HDVgYiK9B4| z5Lp-B#4Nh-(7mESjebl)K{YIAR!rv0p0u~=D^5>FSlxYR!WHe0OMov?b@#-iFM9ff zY-XpIHfZ-}L{erKeaa&&(u54d=AB?yC~-O$Bg}8aZfRY>vT@EZCqw$x#m{A>x%p;j z3OBJ_Xv^}Y*sSRgkVtzQBfrZphl3w#%lAWuD_oEs3*svC`+Rc7Xq2!Way-XlEtJxK z^;Z9(MW>r^^ORWpC>)O6WPWBcgd#5_UM4?zr*3pfjhu^engUhJOLnJBy3t1MvrF}R zWf7ecsN4Tvd*>O}RJ!i{*|t$pM+8I!bOfY?qLct3V5RqvCS9e31VRf0X}V<#QsV>& zN>yor1cH==CMX?(1nDIdkzU0?P(a=90?W+oJ?C8KJ@1!uu6Mq0E!JYKgy;D`_x)e% zdDicSu<(i`ldSc2ZQJI_u{FNT>VDdT542Tzm3Kv*@|sURCS(jfwT~Z(%&ipJJ7&+z z$EW_m;BF5?NM3CNghC?B1e|y#DW?-Vol*32cB?i{BDs}*JMIJieeM=8|8Qs1q|S`% z3I*ZKL>=?)7LHlk)la=lcv!kU&ec9)%K+s%`7p0QuRwS**QXn{pzddNv#En!-bIV>a z!B=Csjsk^Ex3bWP?p9dIG_@Jc@QQv@15D^XJJKJqIFMC*zb%9-pcDM|WgCipuq5N| z=Qy!Sd9zs&5`p4Z?iu-T0P2%>Fmm;Vp$sNCpX3N56jf+X!vs_M(IAFWE@j^S$xL->40ql_$l>-`P;RaL>){oqe!o9>Au zww+Pbq`o~Lf87Z~o6RzimbJD<)H^w8Vs}am#1KGYbg~+arl7{q+$DO^5?Ed!L(83? zlYbYFPt(WR79|@_uA8o#pvA=f#4tDgjxf}QA)Xo35Tj2ZIb|KCXLzMa2Qs&-E=06< zjJhO1N1M^aGAPSLl_BnfiC8(>_#u;4iVet5N9E12Hq2WIu%{e&Eqpz~(a?X))Lpj< zwyEGgsi*L9?8e)c)UNp4JvkLcA=pv3i0Ft}IR+Uj4k5D3(IF1!1kMTh7j|_LMNd$v zAqg5P*%9IS$e5OLiNV+OX!o&RU8c>VDor5$9@;`qh9~iegd47K{!`E@!@KeWjeHy( zo(69pldh-Qip9?6%F3KX!*;2}%g0JYBJUk3xBs;V23OamiVhiPKc&ZxJ@Wa47_f9g zLFRI!E0b*sMk-s`bKHZD9h~7S&7g!-8JuLyi_b~tWXs_PiAbb?x|87{a|RI?195#+ z(pv|`rp4&$e#&y?ePH}K>~p)3mn{3%g1qRpdDzXChs%%qed{(QZ`IztR-DvEK1uOov-ww3(S(#gTC@{~FCXtB#Sd3~c#iduu;d7RM zc3!?1vJY;aX-Z2hl;|uvw)QOVy~6SCW!k+t@U!9baX#yqo8LZT`2(}FYRPZqNMK{h zPu~tZR{zQ2*a}wK@MW-*O@3I~9@z=<(D88RbBc0{4mioIin>b+Zhb}<#jhglc$g%f zv{#=qtUq*?#<>*fssA=M7 znVEBoNsVnjk(SxR&bo_yW`GvFk()aL3*fFWb@mSN>km{PuYb9^v|;&sXpt- zk5;o^{(9`KYgXXUn<4P2%K}zyv7OSHSbx_1HH_)m>D} zi>HGa`mPTP`SY|1ylO#NHXnyT3PwhuL8`5Ili*9`SE&(Q=dUSM${RDFmEq%a?Q;)X zDuS}JCw3o1(Mvika}=1$`s{$ULTnNl@~eJkx)zklUF-}8T8^)$*_ zRI`Mjhv=1uCgqBqpBk?XdZ}Y1zz^$CRmsNP(j_}!P8<-}s7&`e|K&Z|gWK=PR*w>Z z@&couorj1n|D}gCTL>@=P?_KxTJGm>Xt_WANBr{}*OvuBJzYV9gfc=xb7G+fb=qb$ zfle{bKKw2NV&;$=Ws9;G`G86Ykc5N7=`50K5iK{`;mwZF=yF^>-l6hz5@X<^n;XN2 zSw_O5bjOZI19dfweOE!t^HG^t_tI3IV0vEFkVV+Ae`5T*4o;;4g1Gh!(#osqIW(r0 zmf&2HPolNRzwP-cbg`hq#8Oa&R_5^b4iTodG{?Sip{{e-J$^%@FXy3G9=Sx&U-$|s zb;&?xSh6-F?z}8!Vq8-r2FYR2#@V9jT?R-MM7O6#b!j5mYJeB*tO|jXK7Fv0Cia)4 z#3v~+Y6!7HN3yyWH3X2_ZX~3!6JG#^6XX(e#`6grW#XS3mOY6mEbP2A4I;n_kJYo& z6>dy=_3p8o^~_3rpO{GVpiq{Z-)qk!ytA|<`Q#nQIeFghwKT@N_T3{v_8^IFD~C%q zIBKq2j~d9uNk5ywi$ucg!iTO6xWihil*$z32PHS%nFwq%J^yY0RNy*0OnZqPZ_qh;YB28ERw%H%Ib*NL42b41!o znF1|UifNgf2EH2spO)Js(^*LFfWM(#13k?7eBqRPZ(j>gSvlvK2YS@YDeIY%VPw=~ zux7#ieWLObH^TU}NAE&ZQ|MzhH-6aYIjV{?0b65zqKZG2DE&Q@M?OtU1k8~u- zR7e{!XgYU>y60y0XaR#i)_R&zc-c(ZmY?ETgiJh^8_kRg%cx!!pWBP~Bf8AY&W;7s zXjw2aI6Qi4m}mKcsqoW!>FnH+*+ql&`LtQ7EEZ?ejX_+WrI2)~A5H9IpJh*+;bx*D zMHP)MN?^@glHGOU2$?z#WZ)?e95jugM?SRT8n)%icT|KBJBP6pRFWSk-K|{Jt_gSo z&t?Xu8jS6nH?iQ3rk70m`j~?{%p2qgM$wl)9d{bA6Rv3Pjmg)ecUfF$D(W-QFX=AQ zN|v>lhAISLZq@=E510~-cCiX8yJ{EL)oUdq&%pCIST)aOlEqVB;KZ$ewZ5+mLFzQ^ zNm#qnyIA&|OZOSax5SgBJAKG}JTa*SaZM+Q7kd8wr-S)lcdi&Mj=!=)Kc;=q7_(Jku#2}P35-ish7HTUtcOU4iP&3%GjWkj~xx~8-A*C%ocT(48+rqbQOIkYkxkM<89 zRlcNL|I6-=^cwneT^G)I$d;CJ=qmt~X?glN_CmAEMnzI`b&ivcc4rY!aw4B&K)JX( z+ui+!)a?V{Un{Z;;!H3DzHrmRQTqcn3z3Tn5@e8K`KyR$emk8P&*vZqFvt74(b>W<+bR^tC7=ilYw4VPapEqs^MKR z-66NC8=y*v-Fb#D(ORpq-P)pQn93;C4}YSEqDyo@^C1l*Qw4X!UMJA?hlSj_C`Sh? zT+R@!P|u@4ke9|OgWxtBk4CsOu%=8?J`dG8qy|c+ERBm4n+Q9QNMyVCWibULOyrqN zYvm+J?CspnH>lZn-5c(--q;mygS*|C#IV}@m0 zzQ)2rx@WD!v9YoO!@=a6zjRmVPK#BuxE>U&6LG0I3#CvOSCPL?9~y4*&%T-9Bamb% zZ7+O}5;vOSmQDk@MV9UB>8*LEMF z=7H}V^UENVm%mP4PWAM#GBQV9Q5j~C*UH6N4JVy0Us;FbPBF6m43Ju4f zksGcE`nkS}_^cl)%j~y#4@q%v>|Jm?c=lfh-=F;cU#Y~Q)B9T~4qHcTz|URp^g8V3 z0&ye4&_uIkQseOjDx`R}>B#e1vxhN*x5Vu)$BdY)%0?6B_hape{{PcTaTKMeC6O#? zDZS4dCzrgPcr~Tk4w`^%`Qe>f1=Ij167HIS=B|VA198}>XwSxV37^{&fw zy*jz$rlb6CtH1E^X~22{>8!QJwt=N4pSQ&EgyTQ_P51eBGw+wbn%Jpk6Kwf8MB$FN zLKKUR6x;xtjJ}l#h69h=R7zG9MfvkkTJ+u?W6-g^J|lTuW1FS}WEKg%7T|^;yVAH=ZCJ5IoP;>%ousyubTxBVs(L_=B17G;3o;JJjePio@h)2S$gEMDsfQ4Tt zk){4!BOtnb3;;%;jOH$v*&G(JJ2GC#O;;)$e|7ivq9z()+?_rXEnb}NE zE5kj{H)Hxq&E=S{3}pbT2Pj*)RJ=W#>6{g-YCr#o`pA{c33(Vv3+~_SL5tS1x|31Y zWi@-MGY5-#EvGtXZVa`Fy6H&@TxSPI(sDOs(lume$1}4d(~gRZN8~hu)y2fF9bTGO z%OdukVv6Ih3oMmccm6sk5PPm2g%?-7iE8KGD|xc~Aa`aCO;HEMra4g!O(@CNh`gSQ zTpK0)jifo0__4Gn?S?D(0aEP$sM={e#_UB|!!TQAyP2`;Rn7G}Hc|xjb9l5gqqpDn zl>?W*Z4jp)PBQs08VU#MG3#$^?hckPNc=`glS*ltS+w>j9ZWB=mGBisg32S~z%T(N zdQ&buY{hDJsVg!3Mg2d2I21Uy&=bjxH`d~pITAT$;6Ykh)V*edJb)JbU%BWq{IDO(Rg(rpLlH|U+&8HCj5Ic=3`6*Wev4r>dNq&QEViqB&WNQI zn-AhwdCbuEyOhPm=qEmc#Fizjm*Ua-!>0jWO<`2gwC+Os8BaWb4b!$OR&Q5%3Gc=Q z%FADVl{RT2QpjlSpB{q+-kHShUCspZ#qmWIxcr5{08qL|! zTus;l;u%4yy-5pkb(!B~SKMjA*?+~?gyf%iz|RoVA`Y~+mJ*GA=aO$Qhcv+BoR_o3 zg1WQCf~sYl*Wt6)ehpmSK~d%(IXPJX^K38yZZU+NOk5vuI1x#|)Bbp$AWuVeZ{eCR z0`YN*2x)R~J;u?TQRS*PDF-_%ry0y0&U^ICY6+glk9=tY0^8)rY-8mF`na|%AAl;h z*9ovm7XVx#+kK!5#yEU7YvSm zYO+bcR&u*?VR^M*YI{q6BOz^S{}MnQdY}2Rev98Exk@Sm@JVcTz;R%r{YCR5chyYq zubih3%r8x^foa}?odq}{(R;VqSSIs)5tNpeL)DW2k*gTht#`nkSgWB^3mQY8Oef3u zil(u$;=4=t`#awxUTI3FjVaFnUkcFU7b4vZ|81|Q){8cy7-Ykbzv0V7eFW!i*}fr> z75lPu>6APoT6DB$57$9`!h=DaPHNjhp}e2}-VYh%0-~VkXoqR5@9R1%7riseYiDz4;z_EN z*K8WtVq=0QX$Jx5Qj^#jO8_8fJhxk}BD-lsU5q8fPqU055!gz>kTb`llDF5uG2p`ue?}r_eh;4{7O_znJ&K#F7XXH zV>v5xA#<^!1^|V%U1}_XD6k6}gB*9hh{UiX&_$-WO8l%*w_7vpuH-XZr7Hi`JZ+|s1;#yDi+$rc83;5Q7U8-N(} zGfP^$h+}mV1Sl^rEAVoEA`0^KZjYG=8;oYc-~VyZ_fZ9SDV-Mi_*f3<%5aLzajL~Y z&YZm&%!?Z7tRT{)#k;L~$F0aaQMz9{z0AS}yS@P#Pm`k)`^$}~upPEYhe&keW|pj7 zldKJZcoa~76gi0D-SstCU)>JY#z%^N3)X@E608?^C-SM0F}R7unA<|EBGA&n5+%PU zL9psLHy=d5zc)h61NJ3MuTox$^`bkuxv4ND^i+fZuia{`uhyM{aITD^@yw$?Fzi(mlq(O0IAf&2COg-?- zl1O4S@iSuH8=|U6sB+q;ncM~*by;AQiZF85i`XC4uoAdQ0q9o|vQJCA+7@d7K(*rp z3rYR5N4@7;fei6mKC3M<3|{Od1J#aDMWfOJ^#hjh3vKi%uB&b;D- z_$LTBz}9p!l6h6u)vDZg(7`T}W>8S^(h8{j)uUs252>3+YD8>_)6uS2C}JYz=?+iO zjPGvRc55^lcCC(qwYc3F!*p`~_wiO$i}u`M@tRE!3c+MZbJKwZ`- zzTLR&TLE-}HoiVYmcwOda-T7N!Mo`I6BLm zwOMZyS5scQ0}AAb0fJIis<@y>Vx?KB&`Hi3yPXI1qbe~KDB|$dH%zH1K>7g}H7Gy{ zy%2eTz;{rVhWkT$3=Oi%Zqj@a22E9-*s>toNfC&!E8CWWJuz|D-aCVJX@HIs4^x9) z6BQd1@TA}C(2obGqt;)kqvxS=4jn*9c=t2FT~wdg3h8OCKKn0}jmWPtJc?#`C6lZv|O1m7$O%Jlr9~uTGwm7~44MFj!#B zgn8y&|FOr;BQJiFJZ86?#+RPRQl20; z_cBi;B9XPHG`3Nd#VCZ{uHPlbi0`^@*sY_GQQX^Il$0=TCfCksJ@yW1BN@C`zsyd4 zjd`z_mQI~kF62OkuQYm1U;M7*8*{SK9=+e8w`f_1?G(8?c%u)W`tx?%=S%<#=*BBI zq`7Y6B5kXUgcj$+w>_R(FGWdR?a_g?je8^$fmby#FERtF^f2jLE#H_XlNgh&^#Q@g zyv)ECM-$ZggxXJ+odS@Azat}Vc@wem)k_Bk|2-uF%KIkjT~>yJxH(jJmvPHgBGD1I z-2pJe$)4Ur0GabTz_rZe%e^wKR0$Cy;+4$TJTy6tQ|lwZgtdbZC-8x6rF+*W04@0k zYch!2?}tFVXnyRjng#@F^uCQ>P671R>1}$e97$I(=UpoWy*FHp_29)tAnr<{rT^Oo z12B3;#2RbcT}pIfM-g;?Zk6(e%=@hdq>GvNG?*8DX~4R3PQvm)l&>!5rn&BnrXZ~% zJ1$#n;OL>6a7Flcs~7jxW8lQoR4biqk5BS?rQFO>9TeY+-OAx<*z(;fTkZKK%sN&1 zbPT(RX_tsgAA=d~*BHcYZ2P-w-~AmRA7vnHDu>5sgxq5-eu0d(7Go3c7W+>T)zmmE zi&u z+XpMc6jsUui;1NO-YJ6%s;$t8;N9Xs`-F$D0t`q~5hLRR+h+~fEH#0_Hy;!agHW`h zFo?6anCuXpqCHk)pxUZ)Fk7nOqH(i$AS)$?v%2&~?uTJ)G=|KdXSzUuA+f>&PR100 zqcampdU!21K%abbq%maJz%9!Vr!IUznwHZzy)R9oL4A(T)%dz&BuYwAWZ=C^zUKS# zH!N+2_as_jq}qE>VQDL?Bb(-cv6|LMj z8(P&MVJnxwZ2~Wc{sG=sywkThWkuYyP}r-*4By2{Ho4So4r@9<>$zSIbjX-jRnT67 zS64#v)5Ww35+uu&$O|9}6Oq6SAT42h`(#x#aIU3WA=j-H^wOe8;J$DmsPb)!m;HY7 zybm*B5`Eg%c9*y5M?6rhvrJq2RaO0^H$VP%<{mEYamn);X)Je_8IhaRV>^Gx_|4|w z+pvrUF!+cWm?hOJPI==EtZzlK3r@@i?Xv2CL`<2;Dn^j>eNBjLra@k_>IWRWwMaU)?5KFV(;s+U zwXaL00${wex3{=}x!m2sQ0E8+SGN)hP{@W~Ay0K+t>t&y`1-{2HfZ_}1R}i?jr{^6 zZEqh1D2M)hRLj&Zk)HcTq7`r3{spTzR|+sHvmfK6rN_gNxI!BMG3r@1QoT#z>{&JI zW9{Njgi4X__o5J&O2lcMU=f00jIMYJJw*~Ne7}~8FKWUU6Q2FpS#-z`=#FQy+jv;a z?b};OPhr{A{;ACTPL_434aL`ow^j4OAi&`)1HM?eG0Q3kud);pk_yyf#M7-)w|Zk) zjPH4}l>?tm~)@`<1 zTPSZsj-Us=yORc6qI@yT$m<-=uDfFScGhK#u3nyIlm5?Vwfm zsC$W_uuxH71O=@6VIoPVHH}to-~AMb&MEaPl9UJaO%lSvEK-kA|2uQlV?+v99@&U4 z@VEX0YWHjS-(w0$m?M#7;lL-#i=DydN^|vg={FzmalMjQE4C^inlU@{hFN!yIns5B zP_L6O3J8}gL<*06*=2H}#6p{tjUu=nUmj>YizwB>PH7c56-f}#(&fa-m826teEIwK zE0@cxa}|8(CYC#$Ly-bk7RCTpq^(hA9>P}8IG;EAS1HqCXf}kd zKooWwds|&ij?+*nc5~2-p>P%m z@S&}qfB`)LYgOf~bVqXd=-#Qlt@0HwTZAtfHe2ZE1c1>2)I+C#5zYrvz;WM*VG>TG zO3EQWH#R$als`_tJP@c6R_z^JF`(xPITs6tpa%7~sa!#cJfYoVV zhDb1DEn$^krN_rKBTXXc5DwhI@XSfoF21drI4@zr!W~I0jfNgcd(dxY!lXjXsB7ajW;W+yPDI=y(B!2A^*kv1M%>ks~N0Tiuql#)YqFTB}!A-C2Y*XZE-|1hkkS?3CJhE`vap#FesyLx4u(BB$ zpxa;xKW(B@0g)tg&Ae%o=*s#k^&zp|2#$Z8;fw1Iv7)=HV+Zu(OFUJN!H}>R4xi=? zihGBZ|F4jx?+KW2@fWdPl9xnh+_48UF`~OwRAh8S^amX=s$}ZH6o=he~)z zws-j2k&2LnaqT&)9Ba9s8oLBT#$fPOZO~Xp?{WX}G+8&31U2#g3FJ^txz20*?XYdI zMHk&G2t^(oOnrjxV!0#%AlTw^&)n3J-4>!pDMc^81QmEw>U}0!Cceq9EUSMjQ%I3D zd=rNi+bn$wxdkG9n9ib`u25maXHx3zKNTLL6H`j8a7WWaNa{`~xf>v< zK)kR17Vk6iJA18Ttmo!t#AE#xOTGY{L*Dc5W3?g=W~aV1ztHax$QtSekl}pL&-GHb zRkx7XyoU8l;Zu(u>hfa+Iyqq>NnCxlmA*B<9H*5Ry^q3v zyPSJ=9}_@v>ZZCv!ZCq*06BDv-09KJpX>hNe4=T?RC$`mO;yEc|8Ijr_J4sha_>rr zGBMnCMr^oF_ zabNo7>;x|Q88daAmr_!^XdcRoIuc>#-p&g3=;y2_0%2tjz z-vl0bm-jG<)7V+i!cneUxJ(|qj6C=5R9Wp zDJ8>mN75@|;tYEi0Ao{LzU?_v6DmbnoNeyCrQ#Rv{Yj>g=7EE2z+J<({}**nC>p|z zqR|&c;#y*;GzRcQB1Nz)+~k|H*;6Mx%$h2N0;N7i*G_3}sa3fd@bf-;;9VQ%>fkVm z73*}LB8c64PyriwvFhzof{zM+@1U+l=cWF~fVGJ%GiIRgg&O?bBwsNC@FA8jE<*>; z0SM`Het||epJy5Q)qG_C&SVl6`^?(?!dW9zl`HxVo$CuU!p-fsjuD;()+7IN zUf9@G5(95Oxy$#<2hbzgA3Y_mY^P!{3M9rZqdZ&)me* z!a8<7db}-l_wQWd14+6K^60mjSsJlyYxOD{(L?Z$p#@`%f;iO=uWMPhJWvb^YuN!@h+o}bc8#e;0p z2CUZTNbDL}u#AD!Spo6&FZF!8J^xQ``~PrghZa%=ToPx2P?QLB)_@#)DgrD}^pF3Q z9W2c7aa*~ZrQp*;EUmI*I=etZS5sY9N=HNir`^4Hg1Fg4eRVY@<3Bp$SoZ=7+%Dw~YA(LN>*!sz z3e`)kemnc&n9$jkLx1uqH}~u@)~o}>zLA>28NET&lO2VZ_;cT!czFAE++QE^ubuK& zbN!{RzsAX5Vdbv?`By&qv&8IJ*Fx<`8okne@kCw)++uM2CN~%BRWfN-sQ8}7fZolu v=(?- - This template deploys an AWS CodeBuild project that - builds the docker container used for YP builds. It depends on the - CI Network template. - -Parameters: - NetworkStackName: - Description: >- - An environment name that is prefixed to resource names - Type: String - ContainerRegistryUri: - Description: >- - The URI where the build machine image lives in REPOSITORY:TAG format. - Type: String - -Resources: - BuildBucket: - Type: 'AWS::S3::Bucket' - DeletionPolicy: Retain - UpdateReplacePolicy: Retain - - BuildSStateCacheFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - sstate-cache - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - BuildSStateCacheMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildSStateCacheMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - download - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - - BuildDownloadMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Location: !Ref BuildBucket - Packaging: NONE - NamespaceType: BUILD_ID - Type: S3 - BadgeEnabled: true - Description: The build process for a full Yocto image. - Environment: - Type: LINUX_CONTAINER - ComputeType: BUILD_GENERAL1_2XLARGE - Image: !Ref ContainerRegistryUri - PrivilegedMode: true - ImagePullCredentialsType: CODEBUILD - EnvironmentVariables: - - Name: DISTRIBUTION_S3 - Type: PLAINTEXT - Value: !Ref BuildBucket - FileSystemLocations: - - Identifier: sstate - Location: !Join - - '' - - - !Ref BuildSStateCacheFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /sstate-cache - Type: EFS - - Identifier: downloads - Location: !Join - - '' - - - !Ref BuildDownloadFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /downloads - Type: EFS - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Source: - BuildSpec: ci-cd/buildspec/cb-ci_image_prod.yml - Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - Type: CODECOMMIT - SourceIdentifier: meta_you - SecondarySources: - - Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/you-connect - Type: CODECOMMIT - SourceIdentifier: you_connect - SourceVersion: refs/heads/master - SecondarySourceVersions: - - SourceIdentifier: you_connect - SourceVersion: refs/heads/master - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Join - - '' - - - !Ref AWS::StackName - - "_YPBuildImage" - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Join - - '' - - - !Ref AWS::StackName - - "_YPBuildImage" - - ':*' - - PolicyName: S3Access - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 's3:PutObject' - - 's3:GetObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: "arn:aws:s3:::codepipeline-us-east-1-*" - - PolicyName: CodeCommitAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'codecommit:GitPull' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':meta-you' - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':you-connect' - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:GetDownloadUrlForLayer' - - 'ecr:BatchGetImage' - - 'ecr:BatchCheckLayerAvailability' - Effect: Allow - Resource: '*' - BuildBucketPolicy: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: !Ref BuildBucket - PolicyDocument: - Statement: - - Action: - - 's3:ListBucket' - - 's3:GetObject' - - 's3:PutObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - /* - Principal: - AWS: !GetAtt CodeBuildRole.Arn diff --git a/ref/cfn/build_image_qa.yml b/ref/cfn/build_image_qa.yml deleted file mode 100644 index 908d6d2..0000000 --- a/ref/cfn/build_image_qa.yml +++ /dev/null @@ -1,331 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild project that - builds the docker container used for YP builds. It depends on the - CI Network template. - -Parameters: - NetworkStackName: - Description: >- - An environment name that is prefixed to resource names - Type: String - ContainerRegistryUri: - Description: >- - The URI where the build machine image lives. - Type: String - -Resources: - BuildBucket: - Type: 'AWS::S3::Bucket' - DeletionPolicy: Retain - UpdateReplacePolicy: Retain - - BuildSStateCacheFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - sstate-cache - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - BuildSStateCacheMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildSStateCacheMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - download - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - - BuildDownloadMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Location: !Ref BuildBucket - Packaging: NONE - NamespaceType: BUILD_ID - Type: S3 - BadgeEnabled: true - Description: The build process for a Yocto QA image. - Environment: - Type: LINUX_CONTAINER - ComputeType: BUILD_GENERAL1_2XLARGE - Image: !Ref ContainerRegistryUri - PrivilegedMode: true - ImagePullCredentialsType: CODEBUILD - EnvironmentVariables: - - Name: DISTRIBUTION_S3 - Type: PLAINTEXT - Value: !Ref BuildBucket - FileSystemLocations: - - Identifier: sstate - Location: !Join - - '' - - - !Ref BuildSStateCacheFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /sstate-cache - Type: EFS - - Identifier: downloads - Location: !Join - - '' - - - !Ref BuildDownloadFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /downloads - Type: EFS - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Source: - BuildSpec: ci-cd/buildspec/cb-ci_image_qa.yml - Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - Type: CODECOMMIT - SourceIdentifier: meta_you - SourceVersion: master - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - ':*' - - PolicyName: S3Access - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 's3:PutObject' - - 's3:GetObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: "arn:aws:s3:::codepipeline-us-east-1-*" - - PolicyName: CodeCommitAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'codecommit:GitPull' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':meta-you' - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':you-connect' - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:GetDownloadUrlForLayer' - - 'ecr:BatchGetImage' - - 'ecr:BatchCheckLayerAvailability' - Effect: Allow - Resource: '*' - BuildBucketPolicy: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: !Ref BuildBucket - PolicyDocument: - Statement: - - Action: - - 's3:ListBucket' - - 's3:GetObject' - - 's3:PutObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - /* - Principal: - AWS: !GetAtt CodeBuildRole.Arn diff --git a/ref/cfn/build_image_sdk.yml b/ref/cfn/build_image_sdk.yml deleted file mode 100644 index c047007..0000000 --- a/ref/cfn/build_image_sdk.yml +++ /dev/null @@ -1,331 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild project that - builds the docker container used for YP builds. It depends on the - CI Network template. - -Parameters: - NetworkStackName: - Description: >- - An environment name that is prefixed to resource names - Type: String - ContainerRegistryUri: - Description: >- - The URI where the build machine image lives. - Type: String - -Resources: - BuildBucket: - Type: 'AWS::S3::Bucket' - DeletionPolicy: Retain - UpdateReplacePolicy: Retain - - BuildSStateCacheFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - sstate-cache - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - BuildSStateCacheMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildSStateCacheMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildSStateCacheFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadFilesystem: - Type: AWS::EFS::FileSystem - Properties: - BackupPolicy: - Status: ENABLED - Encrypted: False - FileSystemTags: - - Key: Name - Value: !Join - - '' - - - !Ref AWS::StackName - - "/" - - download - LifecyclePolicies: - - TransitionToIA: AFTER_30_DAYS - PerformanceMode: generalPurpose - ThroughputMode: bursting - - - BuildDownloadMountTarget1: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - BuildDownloadMountTarget2: - Type: AWS::EFS::MountTarget - Properties: - FileSystemId: !Ref BuildDownloadFilesystem - SubnetId: - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroups: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Location: !Ref BuildBucket - Packaging: NONE - NamespaceType: BUILD_ID - Type: S3 - BadgeEnabled: true - Description: The build process for the Yocto SDK installer. - Environment: - Type: LINUX_CONTAINER - ComputeType: BUILD_GENERAL1_2XLARGE - Image: !Ref ContainerRegistryUri - PrivilegedMode: true - ImagePullCredentialsType: CODEBUILD - EnvironmentVariables: - - Name: DISTRIBUTION_S3 - Type: PLAINTEXT - Value: !Ref BuildBucket - FileSystemLocations: - - Identifier: sstate - Location: !Join - - '' - - - !Ref BuildSStateCacheFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /sstate-cache - Type: EFS - - Identifier: downloads - Location: !Join - - '' - - - !Ref BuildDownloadFilesystem - - '.efs.' - - !Ref AWS::Region - - '.amazonaws.com:/' - MountPoint: /downloads - Type: EFS - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Source: - BuildSpec: ci-cd/buildspec/cb-ci_image_sdk.yml - Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - Type: CODECOMMIT - SourceIdentifier: meta_you - SourceVersion: master - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-DefaultSecurityGroup" - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Ref AWS::StackName - - ':*' - - PolicyName: S3Access - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 's3:PutObject' - - 's3:GetObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: "arn:aws:s3:::codepipeline-us-east-1-*" - - PolicyName: CodeCommitAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'codecommit:GitPull' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':meta-you' - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':you-connect' - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:GetDownloadUrlForLayer' - - 'ecr:BatchGetImage' - - 'ecr:BatchCheckLayerAvailability' - Effect: Allow - Resource: '*' - BuildBucketPolicy: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: !Ref BuildBucket - PolicyDocument: - Statement: - - Action: - - 's3:ListBucket' - - 's3:GetObject' - - 's3:PutObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - !Join - - '' - - - 'arn:aws:s3:::' - - !Ref BuildBucket - - /* - Principal: - AWS: !GetAtt CodeBuildRole.Arn diff --git a/ref/cfn/ci_build_containter.yml b/ref/cfn/ci_build_containter.yml deleted file mode 100644 index c391858..0000000 --- a/ref/cfn/ci_build_containter.yml +++ /dev/null @@ -1,259 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild project that - builds the docker container used for YP builds. It depends on the - CI Network template. - -Parameters: - NetworkStackName: - Description: >- - An environment name that is prefixed to resource names - Type: String - - DockerhubSecretArn: - Description: >- - The secret you manually created to access DockerHub - Type: String - -Resources: - - CodeBuildImageRepository: - Type: AWS::ECR::Repository - Properties: - RepositoryName: yoctoproject/buildmachine - RepositoryPolicyText: >- - { - "Version": "2008-10-17", - "Statement": [ - { - "Sid": "CodeBuildAccess", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - }, - "Action": [ - "ecr:BatchCheckLayerAvailability", - "ecr:BatchGetImage", - "ecr:GetDownloadUrlForLayer" - ] - } - ] - } - - CodeBuildProject: - Type: AWS::CodeBuild::Project - Properties: - Artifacts: - Type: NO_ARTIFACTS - BadgeEnabled: true - Description: >- - The build process for creating an image and propagating to - ECR for automated build processes. - Environment: - Type: LINUX_CONTAINER - ComputeType: BUILD_GENERAL1_SMALL - Image: aws/codebuild/standard:4.0 - PrivilegedMode: true - EnvironmentVariables: - - Name: IMAGE_REPO_NAME - Value: yoctoproject/buildmachine - Type: PLAINTEXT - - Name: AWS_DEFAULT_REGION - Value: !Ref 'AWS::Region' - Type: PLAINTEXT - - Name: AWS_ACCOUNT_ID - Value: !Ref 'AWS::AccountId' - Type: PLAINTEXT - - Name: IMAGE_TAG - Value: Latest - Type: PLAINTEXT - - Name: dockerhub_username - Value: dh:username - Type: SECRETS_MANAGER - - Name: dockerhub_password - Value: dh:password - Type: SECRETS_MANAGER - Name: !Ref AWS::StackName - ServiceRole: !Ref CodeBuildRole - Source: - BuildSpec: ci-cd/buildspec/cb-ci_container.yml - Location: https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - Type: CODECOMMIT - SourceIdentifier: meta_you - SourceVersion: master - VpcConfig: - VpcId: - Fn::ImportValue: - !Sub "${NetworkStackName}-VPC" - Subnets: - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet1" - - Fn::ImportValue: - !Sub "${NetworkStackName}-PrivateSubnet2" - SecurityGroupIds: - - Fn::ImportValue: - !Sub "${NetworkStackName}-NoIngressSecurityGroup" - - CodeBuildRole: - Type: AWS::IAM::Role - Properties: - AssumeRolePolicyDocument: - Statement: - - Action: ['sts:AssumeRole'] - Effect: Allow - Principal: - Service: [codebuild.amazonaws.com] - Version: '2012-10-17' - Path: / - Policies: - - PolicyName: CodeBuildAccessBase - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:*' - - 'ec2:CreateNetworkInterface' - - 'ec2:DescribeNetworkInterfaces' - - 'ec2:DeleteNetworkInterface' - - 'ec2:DescribeSubnets' - - 'ec2:DescribeSecurityGroups' - - 'ec2:DescribeDhcpOptions' - - 'ec2:DescribeVpcs' - - 'ec2:CreateNetworkInterfacePermission' - Effect: Allow - Resource: '*' - - PolicyName: CodeBuildAccessNetwork - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ec2:CreateNetworkInterfacePermission' - Condition: - StringEquals: - 'ec2:Subnet': - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet1" - - !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface:subnet/' - - Fn::ImportValue: !Sub "${NetworkStackName}-PrivateSubnet2" - 'ec2:AuthorizedService': 'codebuild.amazonaws.com' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:ec2:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':network-interface/*' - - PolicyName: ECRAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'ecr:BatchCheckLayerAvailability' - - 'ecr:CompleteLayerUpload' - - 'ecr:GetAuthorizationToken' - - 'ecr:InitiateLayerUpload' - - 'ecr:PutImage' - - 'ecr:UploadLayerPart' - Effect: Allow - Resource: '*' - - PolicyName: SecretManagerAccessDH - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'secretsmanager:GetSecretValue' - Effect: Allow - Resource: !Ref DockerhubSecretArn - - PolicyName: SecretManagerAccessCodebuild - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'secretsmanager:GetSecretValue' - Effect: Allow - Resource: !Join - - '' - - - 'arn:aws:secretsmanager:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':secret:/CodeBuild/*' - - PolicyName: LogsAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'logs:CreateLogGroup' - - 'logs:CreateLogStream' - - 'logs:PutLogEvents' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Join - - '' - - - !Ref AWS::StackName - - "_YPBuildImage" - - !Join - - '' - - - 'arn:aws:logs:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':log-group:/aws/codebuild/' - - !Join - - '' - - - !Ref AWS::StackName - - "_YPBuildImage" - - ':*' - - PolicyName: S3Access - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 's3:PutObject' - - 's3:GetObject' - - 's3:GetObjectVersion' - - 's3:GetBucketAcl' - - 's3:GetBucketLocation' - Effect: Allow - Resource: "arn:aws:s3:::codepipeline-us-east-1-*" - - PolicyName: CodeCommitAccess - PolicyDocument: - Version: '2012-10-17' - Statement: - - Action: - - 'codecommit:GitPull' - Effect: Allow - Resource: - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':meta-you' - - !Join - - '' - - - 'arn:aws:codecommit:' - - !Ref 'AWS::Region' - - ':' - - !Ref 'AWS::AccountId' - - ':you-connect' diff --git a/ref/cfn/ci_network.yml b/ref/cfn/ci_network.yml deleted file mode 100644 index 5e2fd91..0000000 --- a/ref/cfn/ci_network.yml +++ /dev/null @@ -1,259 +0,0 @@ -Description: >- - This template deploys an AWS CodeBuild ready VPC with - the CodeBuild project and ECS store for building storing the - resulting image. This is taken verbatim from the CodeBuild - documentation. - -Parameters: - VpcCIDR: - Description: >- - Please enter the IP range (CIDR notation) for this VPC - Type: String - Default: 10.192.0.0/16 - - PublicSubnet1CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - public subnet in the first Availability Zone - Type: String - Default: 10.192.10.0/24 - - PublicSubnet2CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - public subnet in the second Availability Zone - Type: String - Default: 10.192.11.0/24 - - PrivateSubnet1CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - private subnet in the first Availability Zone - Type: String - Default: 10.192.20.0/24 - - PrivateSubnet2CIDR: - Description: >- - Please enter the IP range (CIDR notation) for the - private subnet in the second Availability Zone - Type: String - Default: 10.192.21.0/24 - -Resources: - VPC: - Type: AWS::EC2::VPC - Properties: - CidrBlock: !Ref VpcCIDR - EnableDnsSupport: true - EnableDnsHostnames: true - Tags: - - Key: Name - Value: !Ref AWS::StackName - - InternetGateway: - Type: AWS::EC2::InternetGateway - Properties: - Tags: - - Key: Name - Value: !Ref AWS::StackName - - InternetGatewayAttachment: - Type: AWS::EC2::VPCGatewayAttachment - Properties: - InternetGatewayId: !Ref InternetGateway - VpcId: !Ref VPC - - PublicSubnet1: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 0, !GetAZs '' ] - CidrBlock: !Ref PublicSubnet1CIDR - MapPublicIpOnLaunch: true - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Public Subnet (AZ1) - - PublicSubnet2: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 1, !GetAZs '' ] - CidrBlock: !Ref PublicSubnet2CIDR - MapPublicIpOnLaunch: true - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Public Subnet (AZ2) - - PrivateSubnet1: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 0, !GetAZs '' ] - CidrBlock: !Ref PrivateSubnet1CIDR - MapPublicIpOnLaunch: false - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Subnet (AZ1) - - PrivateSubnet2: - Type: AWS::EC2::Subnet - Properties: - VpcId: !Ref VPC - AvailabilityZone: !Select [ 1, !GetAZs '' ] - CidrBlock: !Ref PrivateSubnet2CIDR - MapPublicIpOnLaunch: false - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Subnet (AZ2) - - NatGateway1EIP: - Type: AWS::EC2::EIP - DependsOn: InternetGatewayAttachment - Properties: - Domain: vpc - - NatGateway2EIP: - Type: AWS::EC2::EIP - DependsOn: InternetGatewayAttachment - Properties: - Domain: vpc - - NatGateway1: - Type: AWS::EC2::NatGateway - Properties: - AllocationId: !GetAtt NatGateway1EIP.AllocationId - SubnetId: !Ref PublicSubnet1 - - NatGateway2: - Type: AWS::EC2::NatGateway - Properties: - AllocationId: !GetAtt NatGateway2EIP.AllocationId - SubnetId: !Ref PublicSubnet2 - - PublicRouteTable: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref VPC - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Public Routes - - DefaultPublicRoute: - Type: AWS::EC2::Route - DependsOn: InternetGatewayAttachment - Properties: - RouteTableId: !Ref PublicRouteTable - DestinationCidrBlock: 0.0.0.0/0 - GatewayId: !Ref InternetGateway - - PublicSubnet1RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PublicRouteTable - SubnetId: !Ref PublicSubnet1 - - PublicSubnet2RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PublicRouteTable - SubnetId: !Ref PublicSubnet2 - - PrivateRouteTable1: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref VPC - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Routes (AZ1) - - DefaultPrivateRoute1: - Type: AWS::EC2::Route - Properties: - RouteTableId: !Ref PrivateRouteTable1 - DestinationCidrBlock: 0.0.0.0/0 - NatGatewayId: !Ref NatGateway1 - - PrivateSubnet1RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PrivateRouteTable1 - SubnetId: !Ref PrivateSubnet1 - - PrivateRouteTable2: - Type: AWS::EC2::RouteTable - Properties: - VpcId: !Ref VPC - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} Private Routes (AZ2) - - DefaultPrivateRoute2: - Type: AWS::EC2::Route - Properties: - RouteTableId: !Ref PrivateRouteTable2 - DestinationCidrBlock: 0.0.0.0/0 - NatGatewayId: !Ref NatGateway2 - - PrivateSubnet2RouteTableAssociation: - Type: AWS::EC2::SubnetRouteTableAssociation - Properties: - RouteTableId: !Ref PrivateRouteTable2 - SubnetId: !Ref PrivateSubnet2 - - NoIngressSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupName: "no-ingress-sg" - GroupDescription: "Security group with no ingress rule" - VpcId: !Ref VPC - -Outputs: - VPC: - Description: >- - A reference to the created VPC - Value: !Ref VPC - Export: - Name: !Sub "${AWS::StackName}-VPC" - - PublicSubnet1: - Description: >- - A reference to the public subnet in the 1st Availability Zone - Value: !Ref PublicSubnet1 - Export: - Name: !Sub "${AWS::StackName}-PublicSubnet1" - - PublicSubnet2: - Description: >- - A reference to the public subnet in the 2nd Availability Zone - Value: !Ref PublicSubnet2 - Export: - Name: !Sub "${AWS::StackName}-PublicSubnet2" - - PrivateSubnet1: - Description: >- - A reference to the private subnet in the 1st Availability Zone - Value: !Ref PrivateSubnet1 - Export: - Name: !Sub "${AWS::StackName}-PrivateSubnet1" - - PrivateSubnet2: - Description: >- - A reference to the private subnet in the 2nd Availability Zone - Value: !Ref PrivateSubnet2 - Export: - Name: !Sub "${AWS::StackName}-PrivateSubnet2" - - DefaultSecurityGroup: - Description: >- - Security group with no ingress rule - Value: !GetAtt VPC.DefaultSecurityGroup - Export: - Name: !Sub "${AWS::StackName}-DefaultSecurityGroup" - NoIngressSecurityGroup: - Description: >- - Security group with no ingress rule - Value: !Ref NoIngressSecurityGroup - Export: - Name: !Sub "${AWS::StackName}-NoIngressSecurityGroup" - diff --git a/ref/layer/ci/cb-ci_container.yml b/ref/layer/ci/cb-ci_container.yml deleted file mode 100644 index c98277c..0000000 --- a/ref/layer/ci/cb-ci_container.yml +++ /dev/null @@ -1,23 +0,0 @@ -version: 0.2 -phases: - pre_build: - commands: - - cd ${CODEBUILD_SRC_DIR}/ci-cd/buildspec/ci_container - - echo Logging in to Amazon ECR... - - aws ecr get-login-password --region $AWS_DEFAULT_REGION | - docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com - - docker login --username $dockerhub_username --password $dockerhub_password - build: - commands: - - cd ${CODEBUILD_SRC_DIR}/ci-cd/buildspec/ci_container - - echo Build started on `date` - - echo Building the Docker image... - - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG . - - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG - post_build: - commands: - - cd ${CODEBUILD_SRC_DIR}/ci-cd/buildspec/ci_container - - echo Build completed on `date` - - echo Pushing the Docker image... - - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG - diff --git a/ref/layer/ci/cb-ci_image_prod.yml b/ref/layer/ci/cb-ci_image_prod.yml deleted file mode 100644 index 7c5ab05..0000000 --- a/ref/layer/ci/cb-ci_image_prod.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: 0.2 -run-as: aws-yocto-builder -env: - git-credential-helper: yes -phases: - pre_build: - run-as: root - commands: - - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo - - chmod +x $HOME/repo - - mkdir $HOME/dist - - cd $HOME/dist - - $HOME/repo init -u - https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - -m ci-cd/repo/repo-ci.xml - - $HOME/repo sync - - env - - chown aws-yocto-builder:aws-yocto-builder /downloads - - chown aws-yocto-builder:aws-yocto-builder /sstate-cache - - chmod 777 /downloads - - chmod 777 /sstate-cache - - git config --global user.name "Cloudy Builder" - - git config --global user.email "email@example.com" - build: - commands: - - export PATH=$HOME/dist/poky/scripts:$HOME/dist/poky/bitbake/bin:$PATH - - export BUILDDIR=/build-output - - export BBPATH=${CODEBUILD_SRC_DIR}/ci-cd - - export BB_ENV_EXTRAWHITE=ALL_PROXY BBPATH_EXTRA BB_LOGCONFIG BB_NO_NETWORK BB_NUMBER_THREADS BB_SETSCENE_ENFORCE BB_SRCREV_POLICY DISTRO FTPS_PROXY FTP_PROXY GIT_PROXY_COMMAND HTTPS_PROXY HTTP_PROXY MACHINE NO_PROXY PARALLEL_MAKE SCREENDIR SDKMACHINE SOCKS5_PASSWD SOCKS5_USER SSH_AGENT_PID SSH_AUTH_SOCK STAMPS_DIR TCLIBC TCMODE all_proxy ftp_proxy ftps_proxy http_proxy https_proxy no_proxy - - sed -i -e "s,DIST,$HOME/dist," -e "s,CODEBUILD_SRC_DIR,${CODEBUILD_SRC_DIR}," ${CODEBUILD_SRC_DIR}/ci-cd/conf/bblayers.conf - - bitbake core-image-minimal -artifacts: - s3-prefix: images - files: $BUILDDIR/deploy/images/qemux86-64/* - diff --git a/ref/layer/ci/cb-ci_image_qa.yml b/ref/layer/ci/cb-ci_image_qa.yml deleted file mode 100644 index cae096f..0000000 --- a/ref/layer/ci/cb-ci_image_qa.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: 0.2 -run-as: aws-yocto-builder -env: - git-credential-helper: yes -phases: - install: - run-as: root - commands: - - apt-get install --reinstall git - - apt -y install iproute2 - pre_build: - run-as: root - commands: - - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo - - chmod +x $HOME/repo - - mkdir $HOME/dist - - cd $HOME/dist - - $HOME/repo init -u - https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - -m ci-cd/repo/repo-ci.xml - - $HOME/repo sync - - env - - chown aws-yocto-builder:aws-yocto-builder /downloads - - chown aws-yocto-builder:aws-yocto-builder /sstate-cache - - chmod 777 /downloads - - chmod 777 /sstate-cache - build: - commands: - - export PATH=$HOME/dist/poky/scripts:$HOME/dist/poky/bitbake/bin:$PATH - - export BUILDDIR=/build-output - - export BBPATH=${CODEBUILD_SRC_DIR}/ci-cd - - echo IMAGE_CLASSES += \"testimage\" >> ${CODEBUILD_SRC_DIR}/ci-cd/conf/local.conf - - echo INHERIT += \"testimage\" >> ${CODEBUILD_SRC_DIR}/ci-cd/conf/local.conf - - export BB_ENV_EXTRAWHITE=ALL_PROXY BBPATH_EXTRA BB_LOGCONFIG BB_NO_NETWORK BB_NUMBER_THREADS BB_SETSCENE_ENFORCE BB_SRCREV_POLICY DISTRO FTPS_PROXY FTP_PROXY GIT_PROXY_COMMAND HTTPS_PROXY HTTP_PROXY MACHINE NO_PROXY PARALLEL_MAKE SCREENDIR SDKMACHINE SOCKS5_PASSWD SOCKS5_USER SSH_AGENT_PID SSH_AUTH_SOCK STAMPS_DIR TCLIBC TCMODE all_proxy ftp_proxy ftps_proxy http_proxy https_proxy no_proxy - - sed -i -e "s,DIST,$HOME/dist," -e "s,CODEBUILD_SRC_DIR,${CODEBUILD_SRC_DIR}," ${CODEBUILD_SRC_DIR}/ci-cd/conf/bblayers.conf - - bitbake core-image-minimal -artifacts: - s3-prefix: images - files: $BUILDDIR/deploy/images/qemux86-64/* diff --git a/ref/layer/ci/cb-ci_image_sdk.yml b/ref/layer/ci/cb-ci_image_sdk.yml deleted file mode 100644 index f730520..0000000 --- a/ref/layer/ci/cb-ci_image_sdk.yml +++ /dev/null @@ -1,35 +0,0 @@ -version: 0.2 -run-as: aws-yocto-builder -env: - git-credential-helper: yes -phases: - pre_build: - run-as: root - commands: - - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo - - chmod +x $HOME/repo - - mkdir $HOME/dist - - cd $HOME/dist - - $HOME/repo init -u - https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - -m ci-cd/repo/repo-ci.xml - - $HOME/repo sync - - env - - chown aws-yocto-builder:aws-yocto-builder /downloads - - chown aws-yocto-builder:aws-yocto-builder /sstate-cache - - chown aws-yocto-builder:aws-yocto-builder /build-output - - chmod 777 /downloads - - chmod 777 /sstate-cache - - chmod 777 /build-output - - apt-get install --reinstall git - build: - commands: - - export PATH=$HOME/dist/poky/scripts:$HOME/dist/poky/bitbake/bin:$PATH - - export BUILDDIR=/build-output - - export BBPATH=${CODEBUILD_SRC_DIR}/ci-cd - - export BB_ENV_EXTRAWHITE=ALL_PROXY BBPATH_EXTRA BB_LOGCONFIG BB_NO_NETWORK BB_NUMBER_THREADS BB_SETSCENE_ENFORCE BB_SRCREV_POLICY DISTRO FTPS_PROXY FTP_PROXY GIT_PROXY_COMMAND HTTPS_PROXY HTTP_PROXY MACHINE NO_PROXY PARALLEL_MAKE SCREENDIR SDKMACHINE SOCKS5_PASSWD SOCKS5_USER SSH_AGENT_PID SSH_AUTH_SOCK STAMPS_DIR TCLIBC TCMODE all_proxy ftp_proxy ftps_proxy http_proxy https_proxy no_proxy - - sed -i -e "s,DIST,$HOME/dist," -e "s,CODEBUILD_SRC_DIR,${CODEBUILD_SRC_DIR}," ${CODEBUILD_SRC_DIR}/ci-cd/conf/bblayers.conf - - bitbake core-image-minimal -c populate_sdk -artifacts: - s3-prefix: installers - files: $BUILDDIR/deploy/sdk/* diff --git a/ref/layer/ci/cb-ci_sdk.yml b/ref/layer/ci/cb-ci_sdk.yml deleted file mode 100644 index ed8908b..0000000 --- a/ref/layer/ci/cb-ci_sdk.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: 0.2 -run-as: aws-yocto-builder -env: - git-credential-helper: yes -phases: - pre_build: - run-as: root - commands: - - curl https://storage.googleapis.com/git-repo-downloads/repo > $HOME/repo - - chmod +x $HOME/repo - - mkdir $HOME/dist - - cd $HOME/dist - - $HOME/repo init -u https://git-codecommit.us-east-1.amazonaws.com/v1/repos/meta-you - - $HOME/repo sync - - echo trying to create directory under downloads - - mkdir -p /downloads/test - - echo trying to create directory under sstate-cache - - mkdir -p /sstate-cache/test - - echo trying to create directory under build-output - - mkdir -p /build-output/test - - env - - chown aws-yocto-builder:aws-yocto-builder /downloads - - chown aws-yocto-builder:aws-yocto-builder /sstate-cache - - chown aws-yocto-builder:aws-yocto-builder /build-output - - chmod 777 /downloads - - chmod 777 /sstate-cache - - chmod 777 /build-output - build: - commands: - - ${CODEBUILD_SRC_DIR}/scripts/bb-image-prod.sh diff --git a/ref/layer/ci/ci_container/Dockerfile b/ref/layer/ci/ci_container/Dockerfile deleted file mode 100644 index eef98e3..0000000 --- a/ref/layer/ci/ci_container/Dockerfile +++ /dev/null @@ -1,189 +0,0 @@ -# Copyright 2020-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. -# A copy of the License is located at -# -# http://aws.amazon.com/asl/ -# -# or in the "license" file accompanying this file. -# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. -# See the License for the specific language governing permissions and limitations under the License. - -FROM ubuntu:18.04 AS core - -ENV DEBIAN_FRONTEND="noninteractive" - -# Install git, SSH, and other utilities -RUN set -ex \ - && echo 'Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/99use-gzip-compression \ - && apt-get update \ - && apt install -y apt-transport-https gnupg ca-certificates \ - && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF \ - && echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic main" | tee /etc/apt/sources.list.d/mono-official-stable.list \ - && apt-get install software-properties-common -y --no-install-recommends \ - && apt-add-repository -y ppa:git-core/ppa \ - && apt-get update \ - && apt-get install git=1:2.* -y --no-install-recommends \ - && git version \ - && apt-get install -y --no-install-recommends openssh-client \ - && mkdir ~/.ssh \ - && touch ~/.ssh/known_hosts \ - && ssh-keyscan -t rsa,dsa -H github.com >> ~/.ssh/known_hosts \ - && ssh-keyscan -t rsa,dsa -H bitbucket.org >> ~/.ssh/known_hosts \ - && chmod 600 ~/.ssh/known_hosts \ - && apt-get install -y --no-install-recommends \ - apt-utils asciidoc autoconf automake build-essential bzip2 \ - bzr curl cvs cvsps dirmngr docbook-xml docbook-xsl dpkg-dev \ - e2fsprogs expect fakeroot file g++ gcc gettext gettext-base \ - groff gzip imagemagick iptables jq less libapr1 libaprutil1 \ - libargon2-0-dev libbz2-dev libc6-dev libcurl4-openssl-dev \ - libdb-dev libdbd-sqlite3-perl libdbi-perl libdpkg-perl \ - libedit-dev liberror-perl libevent-dev libffi-dev libgeoip-dev \ - libglib2.0-dev libhttp-date-perl libio-pty-perl libjpeg-dev \ - libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev \ - libmysqlclient-dev libncurses5-dev libncursesw5-dev libonig-dev \ - libpq-dev libreadline-dev libserf-1-1 libsqlite3-dev libssl-dev \ - libsvn1 libsvn-perl libtcl8.6 libtidy-dev libtimedate-perl \ - libtool libwebp-dev libxml2-dev libxml2-utils libxslt1-dev \ - libyaml-dev libyaml-perl llvm locales make mercurial mlocate mono-devel \ - netbase openssl patch pkg-config procps python-bzrlib \ - python-configobj python-openssl rsync sgml-base sgml-data subversion \ - tar tcl tcl8.6 tk tk-dev unzip wget xfsprogs xml-core xmlto xsltproc \ - libzip4 libzip-dev vim xvfb xz-utils zip zlib1g-dev iproute2 \ - && apt-get install -y --no-install-recommends \ - gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential chrpath \ - socat cpio python python3 python3-pip python3-pexpect xz-utils debianutils \ - iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3 xterm strace \ - && rm -rf /var/lib/apt/lists/* - -RUN useradd codebuild-user - -#=======================End of layer: core ================= - -FROM core AS tools - -# AWS Tools -# https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI_installation.html -RUN curl -sS -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator \ - && curl -sS -o /usr/local/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/kubectl \ - && curl -sS -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest \ - && curl -sS -L https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_Linux_amd64.tar.gz | tar xz -C /usr/local/bin \ - && chmod +x /usr/local/bin/kubectl /usr/local/bin/aws-iam-authenticator /usr/local/bin/ecs-cli /usr/local/bin/eksctl - -# Configure SSM -RUN set -ex \ - && mkdir /tmp/ssm \ - && cd /tmp/ssm \ - && wget https://s3.eu-north-1.amazonaws.com/amazon-ssm-eu-north-1/latest/debian_amd64/amazon-ssm-agent.deb \ - && dpkg -i amazon-ssm-agent.deb - -# Install env tools for runtimes - -#python -RUN curl https://pyenv.run | bash -ENV PATH="/root/.pyenv/shims:/root/.pyenv/bin:$PATH" - -#=======================End of layer: tools ================= -FROM tools AS runtimes - -#**************** PYTHON ***************************************************** -ENV PYTHON_38_VERSION="3.8.3" \ - PYTHON_37_VERSION="3.7.7" - -ENV PYTHON_PIP_VERSION=19.3.1 - -COPY tools/runtime_configs/python/$PYTHON_37_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_37_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_37_VERSION; rm -rf /tmp/* -RUN pyenv global $PYTHON_37_VERSION -RUN set -ex \ - && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ - && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \ - && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv - - -COPY tools/runtime_configs/python/$PYTHON_38_VERSION /root/.pyenv/plugins/python-build/share/python-build/$PYTHON_38_VERSION -RUN env PYTHON_CONFIGURE_OPTS="--enable-shared" pyenv install $PYTHON_38_VERSION; rm -rf /tmp/* -RUN pyenv global $PYTHON_38_VERSION -RUN set -ex \ - && pip3 install --no-cache-dir --upgrade --force-reinstall "pip==$PYTHON_PIP_VERSION" \ - && pip3 install --no-cache-dir --upgrade "PyYAML==5.3.1" \ - && pip3 install --no-cache-dir --upgrade setuptools wheel aws-sam-cli awscli boto3 pipenv virtualenv - -#**************** END PYTHON ***************************************************** - -#=======================End of layer: runtimes ================= - -#**************** DOCKER ********************************************* -ENV DOCKER_BUCKET="download.docker.com" \ - DOCKER_CHANNEL="stable" \ - DIND_COMMIT="3b5fac462d21ca164b3778647420016315289034" \ - DOCKER_COMPOSE_VERSION="1.26.0" \ - SRC_DIR="/usr/src" - -ENV DOCKER_SHA256="0f4336378f61ed73ed55a356ac19e46699a995f2aff34323ba5874d131548b9e" -ENV DOCKER_VERSION="19.03.11" - -# Install Docker -RUN set -ex \ - && curl -fSL "https://${DOCKER_BUCKET}/linux/static/${DOCKER_CHANNEL}/x86_64/docker-${DOCKER_VERSION}.tgz" -o docker.tgz \ - && echo "${DOCKER_SHA256} *docker.tgz" | sha256sum -c - \ - && tar --extract --file docker.tgz --strip-components 1 --directory /usr/local/bin/ \ - && rm docker.tgz \ - && docker -v \ - # set up subuid/subgid so that "--userns-remap=default" works out-of-the-box - && addgroup dockremap \ - && useradd -g dockremap dockremap \ - && echo 'dockremap:165536:65536' >> /etc/subuid \ - && echo 'dockremap:165536:65536' >> /etc/subgid \ - && wget -nv "https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind" -O /usr/local/bin/dind \ - && curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose \ - && chmod +x /usr/local/bin/dind /usr/local/bin/docker-compose \ - # Ensure docker-compose works - && docker-compose version - -VOLUME /var/lib/docker -#*********************** END DOCKER **************************** - -#=======================End of layer: corretto ================= - -RUN pyenv global $PYTHON_38_VERSION - -# Configure SSH -COPY ssh_config /root/.ssh/config -COPY runtimes.yml /codebuild/image/config/runtimes.yml -COPY dockerd-entrypoint.sh /usr/local/bin/ -COPY legal/THIRD_PARTY_LICENSES.txt /usr/share/doc -COPY legal/bill_of_material.txt /usr/share/doc -COPY amazon-ssm-agent.json /etc/amazon/ssm/ - -RUN which dash &> /dev/null && (\ - echo "dash dash/sh boolean false" | debconf-set-selections && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash) || \ - echo "Skipping dash reconfigure (not applicable)" - -RUN locale-gen en_US.UTF-8 -RUN dpkg-reconfigure locales -RUN update-locale LANG=en_US.UTF-8 -ENV LANG=en_US.UTF-8 - -# When we run in a CodeBuild context, we can integrate with CodeCommit -# only when run-as is root. Also, when run-as is aws-yocto-builder, -# HOME is still root. So, just give permission to aws-yocto-builder to -# root's home directory, which is a big bag of crazy. -# NOTE: the whole reason why we need to do this is bitbake requires -# we run from a non-root context, which is completely sane. -RUN mkdir /home/aws-yocto-builder && \ - groupadd -g 70 aws-yocto-builder && \ - useradd -N -m -u 70 -g 70 aws-yocto-builder && \ - chown -R aws-yocto-builder:aws-yocto-builder /home/aws-yocto-builder && \ - chown -R aws-yocto-builder:aws-yocto-builder /root - -# These are EFS mount points and must be permissioned so we can invoke the -# build and place outputs from a non-root context. -RUN mkdir /downloads && chown -R aws-yocto-builder:aws-yocto-builder /downloads -RUN mkdir /sstate-cache && chown -R aws-yocto-builder:aws-yocto-builder /sstate-cache -RUN mkdir /build-output && chown -R aws-yocto-builder:aws-yocto-builder /build-output - -USER aws-yocto-builder - -ENTRYPOINT ["dockerd-entrypoint.sh"] diff --git a/ref/layer/ci/ci_container/amazon-ssm-agent.json b/ref/layer/ci/ci_container/amazon-ssm-agent.json deleted file mode 100644 index acb8c83..0000000 --- a/ref/layer/ci/ci_container/amazon-ssm-agent.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "Profile":{ - "ShareCreds" : true, - "ShareProfile" : "" - }, - "Mds": { - "CommandWorkersLimit" : 5, - "StopTimeoutMillis" : 20000, - "Endpoint": "", - "CommandRetryLimit": 15 - }, - "Ssm": { - "Endpoint": "", - "HealthFrequencyMinutes": 5, - "CustomInventoryDefaultLocation" : "", - "AssociationLogsRetentionDurationHours" : 24, - "RunCommandLogsRetentionDurationHours" : 336, - "SessionLogsRetentionDurationHours" : 336 - }, - "Mgs": { - "Region": "", - "Endpoint": "", - "StopTimeoutMillis" : 20000, - "SessionWorkersLimit" : 1000 - }, - "Agent": { - "Region": "", - "OrchestrationRootDir": "", - "ContainerMode": true - }, - "Os": { - "Lang": "en-US", - "Name": "", - "Version": "1" - }, - "S3": { - "Endpoint": "", - "Region": "", - "LogBucket":"", - "LogKey":"" - }, - "Kms": { - "Endpoint": "" - } -} diff --git a/ref/layer/ci/ci_container/dockerd-entrypoint.sh b/ref/layer/ci/ci_container/dockerd-entrypoint.sh deleted file mode 100644 index 1591be4..0000000 --- a/ref/layer/ci/ci_container/dockerd-entrypoint.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -e - -/usr/local/bin/dockerd \ - --host=unix:///var/run/docker.sock \ - --host=tcp://127.0.0.1:2375 \ - --storage-driver=overlay2 &>/var/log/docker.log & - - -tries=0 -d_timeout=60 -until docker info >/dev/null 2>&1 -do - if [ "$tries" -gt "$d_timeout" ]; then - cat /var/log/docker.log - echo 'Timed out trying to connect to internal docker host.' >&2 - exit 1 - fi - tries=$(( $tries + 1 )) - sleep 1 -done - -eval "$@" diff --git a/ref/layer/ci/ci_container/legal/THIRD_PARTY_LICENSES.txt b/ref/layer/ci/ci_container/legal/THIRD_PARTY_LICENSES.txt deleted file mode 100644 index 1435019..0000000 --- a/ref/layer/ci/ci_container/legal/THIRD_PARTY_LICENSES.txt +++ /dev/null @@ -1,6 +0,0 @@ -Third Party Licenses -==================== - -Stunnel: -We include unmodified version of stunnel softwares in the docker images. The source code for the current version can be downloaded from https://www.usenix.org.uk/mirrors/stunnel/archive/5.x/stunnel-5.56.tar.gz - diff --git a/ref/layer/ci/ci_container/legal/bill_of_material.txt b/ref/layer/ci/ci_container/legal/bill_of_material.txt deleted file mode 100644 index b8363cf..0000000 --- a/ref/layer/ci/ci_container/legal/bill_of_material.txt +++ /dev/null @@ -1,282 +0,0 @@ -The Amazon CodeBuild Product includes the following third-party software/licensing: - ----------------- -apt-transport-https : /usr/share/doc/apt-transport-https/copyright ----------------- -apt-utils : /usr/share/doc/apt-utils/copyright ----------------- -asciidoc : /usr/share/doc/asciidoc/copyright ----------------- -autoconf : /usr/share/doc/autoconf/copyright ----------------- -automake : /usr/share/doc/automake/copyright ----------------- -build-essential : /usr/share/doc/build-essential/copyright ----------------- -bzip2 : /usr/share/doc/bzip2/copyright ----------------- -bzr : /usr/share/doc/bzr/copyright ----------------- -ca-certificates-java : /usr/share/doc/ca-certificates-java/copyright ----------------- -curl : /usr/share/doc/curl/copyright ----------------- -cvs : /usr/share/doc/cvs/copyright ----------------- -cvsps : /usr/share/doc/cvsps/copyright ----------------- -dirmngr : /usr/share/doc/dirmngr/copyright ----------------- -docbook-xml : /usr/share/doc/docbook-xml/copyright ----------------- -docbook-xsl : /usr/share/doc/docbook-xsl/copyright ----------------- -dpkg-dev : /usr/share/doc/dpkg-dev/copyright ----------------- -e2fsprogs : /usr/share/doc/e2fsprogs/copyright ----------------- -expect : /usr/share/doc/expect/copyright ----------------- -fakeroot : /usr/share/doc/fakeroot/copyright ----------------- -file : /usr/share/doc/file/copyright ----------------- -g++ : /usr/share/doc/g++/copyright ----------------- -gcc : /usr/share/doc/gcc/copyright ----------------- -gettext : /usr/share/doc/gettext/copyright ----------------- -gettext-base : /usr/share/doc/gettext-base/copyright ----------------- -git : /usr/share/doc/git/copyright ----------------- -groff : /usr/share/doc/groff/copyright ----------------- -gzip : /usr/share/doc/gzip/copyright ----------------- -imagemagick : /usr/share/doc/imagemagick/copyright ----------------- -iptables : /usr/share/doc/iptables/copyright ----------------- -jq : /usr/share/doc/jq/copyright ----------------- -less : /usr/share/doc/less/copyright ----------------- -lib32gcc1 : /usr/share/doc/lib32gcc1/copyright ----------------- -lib32ncurses5 : /usr/share/doc/lib32ncurses5/copyright ----------------- -lib32stdc++6 : /usr/share/doc/lib32stdc++6/copyright ----------------- -lib32z1 : /usr/share/doc/lib32z1/copyright ----------------- -libapr1 : /usr/share/doc/libapr1/copyright ----------------- -libaprutil1 : /usr/share/doc/libaprutil1/copyright ----------------- -libargon2-0-dev : /usr/share/doc/libargon2-0-dev/copyright ----------------- -libasound2 : /usr/share/doc/libasound2/copyright ----------------- -libbz2-dev : /usr/share/doc/libbz2-dev/copyright ----------------- -libc6-dev : /usr/share/doc/libc6-dev/copyright ----------------- -libc6-i386 : /usr/share/doc/libc6-i386/copyright ----------------- -libcurl4-openssl-dev : /usr/share/doc/libcurl4-openssl-dev/copyright ----------------- -libdb-dev : /usr/share/doc/libdb-dev/copyright ----------------- -libdbd-sqlite3-perl : /usr/share/doc/libdbd-sqlite3-perl/copyright ----------------- -libdbi-perl : /usr/share/doc/libdbi-perl/copyright ----------------- -libdbus-1-3 : /usr/share/doc/libdbus-1-3/copyright ----------------- -libdbus-glib-1-2 : /usr/share/doc/libdbus-glib-1-2/copyright ----------------- -libdpkg-perl : /usr/share/doc/libdpkg-perl/copyright ----------------- -libedit-dev : /usr/share/doc/libedit-dev/copyright ----------------- -liberror-perl : /usr/share/doc/liberror-perl/copyright ----------------- -libevent-dev : /usr/share/doc/libevent-dev/copyright ----------------- -libffi-dev : /usr/share/doc/libffi-dev/copyright ----------------- -libgeoip-dev : /usr/share/doc/libgeoip-dev/copyright ----------------- -libglib2.0-0 : /usr/share/doc/libglib2.0-0/copyright ----------------- -libglib2.0-dev : /usr/share/doc/libglib2.0-dev/copyright ----------------- -libgtk-3-0 : /usr/share/doc/libgtk-3-0/copyright ----------------- -libhttp-date-perl : /usr/share/doc/libhttp-date-perl/copyright ----------------- -libio-pty-perl : /usr/share/doc/libio-pty-perl/copyright ----------------- -libjpeg-dev : /usr/share/doc/libjpeg-dev/copyright ----------------- -libkrb5-dev : /usr/share/doc/libkrb5-dev/copyright ----------------- -liblzma-dev : /usr/share/doc/liblzma-dev/copyright ----------------- -libmagickcore-dev : /usr/share/doc/libmagickcore-dev/copyright ----------------- -libmagickwand-dev : /usr/share/doc/libmagickwand-dev/copyright ----------------- -libmysqlclient-dev : /usr/share/doc/libmysqlclient-dev/copyright ----------------- -libncurses5-dev : /usr/share/doc/libncurses5-dev/copyright ----------------- -libncursesw5-dev : /usr/share/doc/libncursesw5-dev/copyright ----------------- -libonig-dev : /usr/share/doc/libonig-dev/copyright ----------------- -libpq-dev : /usr/share/doc/libpq-dev/copyright ----------------- -libqt5widgets5 : /usr/share/doc/libqt5widgets5/copyright ----------------- -libreadline-dev : /usr/share/doc/libreadline-dev/copyright ----------------- -libserf-1-1 : /usr/share/doc/libserf-1-1/copyright ----------------- -libsqlite3-dev : /usr/share/doc/libsqlite3-dev/copyright ----------------- -libssl-dev : /usr/share/doc/libssl-dev/copyright ----------------- -libsvn-perl : /usr/share/doc/libsvn-perl/copyright ----------------- -libsvn1 : /usr/share/doc/libsvn1/copyright ----------------- -libtcl8.6 : /usr/share/doc/libtcl8.6/copyright ----------------- -libtidy-dev : /usr/share/doc/libtidy-dev/copyright ----------------- -libtimedate-perl : /usr/share/doc/libtimedate-perl/copyright ----------------- -libtool : /usr/share/doc/libtool/copyright ----------------- -libwebp-dev : /usr/share/doc/libwebp-dev/copyright ----------------- -libxml2-dev : /usr/share/doc/libxml2-dev/copyright ----------------- -libxml2-utils : /usr/share/doc/libxml2-utils/copyright ----------------- -libxslt1-dev : /usr/share/doc/libxslt1-dev/copyright ----------------- -libyaml-dev : /usr/share/doc/libyaml-dev/copyright ----------------- -libyaml-perl : /usr/share/doc/libyaml-perl/copyright ----------------- -libzip-dev : /usr/share/doc/libzip-dev/copyright ----------------- -libzip4 : /usr/share/doc/libzip4/copyright ----------------- -llvm : /usr/share/doc/llvm/copyright ----------------- -locales : /usr/share/doc/locales/copyright ----------------- -make : /usr/share/doc/make/copyright ----------------- -mercurial : /usr/share/doc/mercurial/copyright ----------------- -mlocate : /usr/share/doc/mlocate/copyright ----------------- -mono-devel : /usr/share/doc/mono-devel/copyright ----------------- -netbase : /usr/share/doc/netbase/copyright ----------------- -openjdk-8-jdk : /usr/share/doc/openjdk-8-jdk/copyright ----------------- -openjdk-11-jdk : /usr/share/doc/openjdk-11-jre-headless/copyright ----------------- -openssh-client : /usr/share/doc/openssh-client/copyright ----------------- -openssl : /usr/share/doc/openssl/copyright ----------------- -patch : /usr/share/doc/patch/copyright ----------------- -pkg-config : /usr/share/doc/pkg-config/copyright ----------------- -procps : /usr/share/doc/procps/copyright ----------------- -python-bzrlib : /usr/share/doc/python-bzrlib/copyright ----------------- -python-configobj : /usr/share/doc/python-configobj/copyright ----------------- -python-openssl : /usr/share/doc/python-openssl/copyright ----------------- -python-setuptools : /usr/share/doc/python-setuptools/copyright ----------------- -rsync : /usr/share/doc/rsync/copyright ----------------- -sbt : /usr/share/doc/sbt/copyright ----------------- -sgml-base : /usr/share/doc/sgml-base/copyright ----------------- -sgml-data : /usr/share/doc/sgml-data/copyright ----------------- -software-properties-common : /usr/share/doc/software-properties-common/copyright ----------------- -subversion : /usr/share/doc/subversion/copyright ----------------- -tar : /usr/share/doc/tar/copyright ----------------- -tcl : /usr/share/doc/tcl/copyright ----------------- -tcl8.6 : /usr/share/doc/tcl8.6/copyright ----------------- -tk : /usr/share/doc/tk/copyright ----------------- -tk-dev : /usr/share/doc/tk-dev/copyright ----------------- -unzip : /usr/share/doc/unzip/copyright ----------------- -vim : /usr/share/doc/vim/copyright ----------------- -wget : /usr/share/doc/wget/copyright ----------------- -xfsprogs : /usr/share/doc/xfsprogs/copyright ----------------- -xml-core : /usr/share/doc/xml-core/copyright ----------------- -xmlto : /usr/share/doc/xmlto/copyright ----------------- -xsltproc : /usr/share/doc/xsltproc/copyright ----------------- -xvfb : /usr/share/doc/xvfb/copyright ----------------- -xz-utils : /usr/share/doc/xz-utils/copyright ----------------- -zip : /usr/share/doc/zip/copyright ----------------- -zlib1g-dev : /usr/share/doc/zlib1g-dev/copyright ----------------- -ruby :https://www.ruby-lang.org/en/about/license.txt ----------------- -python :https://docs.python.org/3/license.html ----------------- -php :https://www.php.net/license/index.php ----------------- -nodejs :https://github.com/nodejs/node/blob/master/LICENSE ----------------- -golang :https://golang.org/LICENSE ----------------- -dotnet :https://github.com/dotnet/core/blob/master/LICENSE.TXT ----------------- -Firefox :https://www.mozilla.org/en-US/MPL/ ----------------- -Chrome : https://www.google.com/intl/en_pk/chrome/privacy/eula_text.html ----------------- -stunnel : https://www.stunnel.org/gpl.html ----------------- -gitversion :https://github.com/GitTools/GitVersion/blob/master/LICENSE ----------------- -docker : https://www.docker.com/legal/components-licenses ----------------- - diff --git a/ref/layer/ci/ci_container/runtimes.yml b/ref/layer/ci/ci_container/runtimes.yml deleted file mode 100644 index 7a68a21..0000000 --- a/ref/layer/ci/ci_container/runtimes.yml +++ /dev/null @@ -1,123 +0,0 @@ -version: 0.1 - -runtimes: - android: - versions: - 28: - requires: - java: ["corretto8"] - commands: - - echo "Installing Android version 28 ..." - 29: - requires: - java: ["corretto8"] - commands: - - echo "Installing Android version 29 ..." - - java: - versions: - corretto11: - commands: - - echo "Installing Java version 11 ..." - - - export JAVA_HOME="$JAVA_11_HOME" - - - export JRE_HOME="$JRE_11_HOME" - - - export JDK_HOME="$JDK_11_HOME" - - - |- - for tool_path in "$JAVA_HOME"/bin/*; - do tool=`basename "$tool_path"`; - if [ $tool != 'java-rmi.cgi' ]; - then - update-alternatives --list "$tool" | grep -q "$tool_path" \ - && update-alternatives --set "$tool" "$tool_path"; - fi; - done - corretto8: - commands: - - echo "Installing Java version 8 ..." - - - export JAVA_HOME="$JAVA_8_HOME" - - - export JRE_HOME="$JRE_8_HOME" - - - export JDK_HOME="$JDK_8_HOME" - - - |- - for tool_path in "$JAVA_8_HOME"/bin/* "$JRE_8_HOME"/bin/*; - do tool=`basename "$tool_path"`; - if [ $tool != 'java-rmi.cgi' ]; - then - update-alternatives --list "$tool" | grep -q "$tool_path" \ - && update-alternatives --set "$tool" "$tool_path"; - fi; - done - golang: - versions: - 1.12: - commands: - - echo "Installing Go version 1.12 ..." - - goenv global $GOLANG_12_VERSION - 1.13: - commands: - - echo "Installing Go version 1.13 ..." - - goenv global $GOLANG_13_VERSION - 1.14: - commands: - - echo "Installing Go version 1.14 ..." - - goenv global $GOLANG_14_VERSION - python: - versions: - 3.8: - commands: - - echo "Installing Python version 3.8 ..." - - pyenv global $PYTHON_38_VERSION - 3.7: - commands: - - echo "Installing Python version 3.7 ..." - - pyenv global $PYTHON_37_VERSION - php: - versions: - 7.4: - commands: - - echo "Installing PHP version 7.4 ..." - - phpenv global $PHP_74_VERSION - 7.3: - commands: - - echo "Installing PHP version 7.3 ..." - - phpenv global $PHP_73_VERSION - ruby: - versions: - 2.6: - commands: - - echo "Installing Ruby version 2.6 ..." - - rbenv global $RUBY_26_VERSION - 2.7: - commands: - - echo "Installing Ruby version 2.7 ..." - - rbenv global $RUBY_27_VERSION - nodejs: - versions: - 10: - commands: - - echo "Installing Node.js version 10 ..." - - n $NODE_10_VERSION - 12: - commands: - - echo "Installing Node.js version 12 ..." - - n $NODE_12_VERSION - docker: - versions: - 18: - commands: - - echo "Using Docker 19" - 19: - commands: - - echo "Using Docker 19" - dotnet: - versions: - 3.1: - commands: - - echo "Installing .NET version 3.1 ..." diff --git a/ref/layer/ci/ci_container/ssh_config b/ref/layer/ci/ci_container/ssh_config deleted file mode 100644 index 710e275..0000000 --- a/ref/layer/ci/ci_container/ssh_config +++ /dev/null @@ -1,3 +0,0 @@ -Host * - ConnectTimeout 10 - ConnectionAttempts 10 diff --git a/ref/layer/ci/ci_container/tools/android-accept-licenses.sh b/ref/layer/ci/ci_container/tools/android-accept-licenses.sh deleted file mode 100644 index ebac067..0000000 --- a/ref/layer/ci/ci_container/tools/android-accept-licenses.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/expect -f - -set timeout 1800 -set cmd [lindex $argv 0] -set licenses [lindex $argv 1] - -spawn {*}$cmd -expect { - "Do you accept the license '*'*" { - exp_send "y\r" - exp_continue - } - "Accept? (y/N): " { - exp_send "y\r" - exp_continue - } - "Review licenses that have not been accepted (y/N)? " { - exp_send "y\r" - exp_continue - } - eof -} - -lassign [wait] pid spawnid os_error waitvalue - -if {$os_error == 0} { - exit $waitvalue -} else { - exit 1 -} diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.3.19 b/ref/layer/ci/ci_container/tools/runtime_configs/php/7.3.19 deleted file mode 100644 index 339dd8c..0000000 --- a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.3.19 +++ /dev/null @@ -1,20 +0,0 @@ -configure_option "--with-curl" -configure_option "--with-libedit" -configure_option "--with-password-argon2" -configure_option "--with-pdo-pgsql" - -PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" - -#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.3.19 -#Don't change beyond this line - -configure_option "--without-pear" -configure_option "--with-gd" -configure_option "--with-png-dir" "/usr" -configure_option "--with-jpeg-dir" "/usr" -configure_option "--enable-zip" - -install_package "https://secure.php.net/distributions/php-7.3.19.tar.bz2" -install_xdebug "2.9.6" -enable_builtin_opcache - diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.4.7 b/ref/layer/ci/ci_container/tools/runtime_configs/php/7.4.7 deleted file mode 100644 index 07cb0b0..0000000 --- a/ref/layer/ci/ci_container/tools/runtime_configs/php/7.4.7 +++ /dev/null @@ -1,18 +0,0 @@ -configure_option "--with-curl" -configure_option "--with-password-argon2" -configure_option "--with-pdo-pgsql" -configure_option "--with-libedit" - -PHP_BUILD_EXTRA_MAKE_ARGUMENTS="-j4" - -#https://github.com/php-build/php-build/blob/master/share/php-build/definitions/7.4.7 -#Don't change beyond this line - -configure_option "--enable-gd" -configure_option "--with-jpeg" -configure_option "--with-zip" - -install_package "https://secure.php.net/distributions/php-7.4.7.tar.bz2" -install_xdebug "2.9.6" -enable_builtin_opcache - diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.7.7 b/ref/layer/ci/ci_container/tools/runtime_configs/python/3.7.7 deleted file mode 100644 index b475586..0000000 --- a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.7.7 +++ /dev/null @@ -1,19 +0,0 @@ -export PYTHON_CONFIGURE_OPTS="\ - --enable-shared - --enable-loadable-sqlite-extensions" - -# Don't change below this line. -# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.7.7 - -#require_gcc -prefer_openssl11 -export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 -install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl -install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline -if has_tar_xz_support; then - install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tar.xz#06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136" ldflags_dirs standard verify_py37 copy_python_gdb ensurepip -else - install_package "Python-3.7.7" "https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz#8c8be91cd2648a1a0c251f04ea0bb4c2a5570feb9c45eaaa2241c785585b475a" ldflags_dirs standard verify_py37 copy_python_gdb ensurepip -fi - - diff --git a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.8.3 b/ref/layer/ci/ci_container/tools/runtime_configs/python/3.8.3 deleted file mode 100644 index 239fdde..0000000 --- a/ref/layer/ci/ci_container/tools/runtime_configs/python/3.8.3 +++ /dev/null @@ -1,19 +0,0 @@ -export PYTHON_CONFIGURE_OPTS="\ - --enable-shared - --enable-loadable-sqlite-extensions" - -# Don't change below this line. -# https://github.com/pyenv/pyenv/blob/master/plugins/python-build/share/python-build/3.8.3 - -#require_gcc -prefer_openssl11 -export PYTHON_BUILD_CONFIGURE_WITH_OPENSSL=1 -install_package "openssl-1.1.0j" "https://www.openssl.org/source/old/1.1.0/openssl-1.1.0j.tar.gz#31bec6c203ce1a8e93d5994f4ed304c63ccf07676118b6634edded12ad1b3246" mac_openssl --if has_broken_mac_openssl -install_package "readline-8.0" "https://ftpmirror.gnu.org/readline/readline-8.0.tar.gz#e339f51971478d369f8a053a330a190781acb9864cf4c541060f12078948e461" mac_readline --if has_broken_mac_readline -if has_tar_xz_support; then - install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tar.xz#dfab5ec723c218082fe3d5d7ae17ecbdebffa9a1aea4d64aa3a2ecdd2e795864" ldflags_dirs standard verify_py38 copy_python_gdb ensurepip -else - install_package "Python-3.8.3" "https://www.python.org/ftp/python/3.8.3/Python-3.8.3.tgz#6af6d4d2e010f9655518d0fc6738c7ff7069f10a4d2fbd55509e467f092a8b90" ldflags_dirs standard verify_py38 copy_python_gdb ensurepip -fi - - diff --git a/ref/layer/ci/repo-ci.xml b/ref/layer/ci/repo-ci.xml deleted file mode 100644 index ff85e5f..0000000 --- a/ref/layer/ci/repo-ci.xml +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - - - - - - - - - - - - - diff --git a/ref/layer/conf/layer.conf b/ref/layer/conf/layer.conf deleted file mode 100644 index 7c589f1..0000000 --- a/ref/layer/conf/layer.conf +++ /dev/null @@ -1,13 +0,0 @@ -# We have a conf and classes directory, add to BBPATH -BBPATH .= ":${LAYERDIR}" - -# We have recipes-* directories, add to BBFILES -BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ - ${LAYERDIR}/recipes-*/*/*.bbappend" - -BBFILE_COLLECTIONS += "meta-you" -BBFILE_PATTERN_meta-you = "^${LAYERDIR}/" -BBFILE_PRIORITY_meta-you = "6" - -LAYERDEPENDS_meta-aws = "core" -LAYERSERIES_COMPAT_meta-aws = "gatesgarth" diff --git a/ref/layer/recipes-core/image/you-connect-image_1.0.0.bb b/ref/layer/recipes-core/image/you-connect-image_1.0.0.bb deleted file mode 100644 index 68c085b..0000000 --- a/ref/layer/recipes-core/image/you-connect-image_1.0.0.bb +++ /dev/null @@ -1,26 +0,0 @@ -SUMMARY = "You Connect Distribution Image" -DESCRIPTION = "The distribution image definition for the You Connect demonstration product." -LICENSE = "MIT" -inherit core-image - -MACHINE ?= "genericx86-64" -IMAGE_INSTALL_append=" wget \ - cloud-init \ - packagegroup-core-full-cmdline \ - grub \ - connman \ - kernel-module-xen-acpi-processor \ - you-connect" -IMAGE_FEATURES += " ssh-server-openssh" -export IMAGE_BASENAME = "you-connect" -IMAGE_NAME = "${MACHINE_NAME}_${IMAGE_BASENAME}" -# Ensure extra space for guest images -IMAGE_ROOTFS_EXTRA_SPACE = "1000000" -DISTRO_FEATURES_append = " systemd virtualization xen " -VIRTUAL-RUNTIME_init_manager = "systemd" -DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit" - -IMAGE_LINGUAS = "en-us" -ROOTFS_PKGMANAGE_PKGS ?= '${@oe.utils.conditional("ONLINE_PACKAGE_MANAGEMENT", "none", "", "${ROOTFS_PKGMANAGE}", d)}' - - diff --git a/ref/layer/recipes-core/you-connect/you-connect_1.0.0.bb b/ref/layer/recipes-core/you-connect/you-connect_1.0.0.bb deleted file mode 100644 index eae7745..0000000 --- a/ref/layer/recipes-core/you-connect/you-connect_1.0.0.bb +++ /dev/null @@ -1,33 +0,0 @@ -SUMMARY = "You Connect" -DESCRIPTION = "Connecting you to AWS IoT with the AWS IoT Device SDK for C++" -HOMEPAGE = "https://somewhere.com/out/there/you/connect" -LICENSE = "Apache-2.0" -PROVIDES += "you-connect" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" - -BRANCH ?= "master" -SRC_URI = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/you-connect;branch=${BRANCH}" -SRCREV = "16b73b81da29149581a433cf7b6e69fcdd11176a" - -S= "${WORKDIR}/git" -PACKAGES = "${PN}" -DEPENDS = "openssl aws-iot-device-sdk-cpp-v2 googletest" -RDEPENDS_${PN} = "openssl aws-iot-device-sdk-cpp-v2" - -inherit cmake - -OECMAKE_BUILDPATH += "${WORKDIR}/build" -OECMAKE_SOURCEPATH += "${S}" -EXTRA_OECMAKE += "-DBUILD_SDK=OFF" -EXTRA_OECMAKE += "-DBUILD_TEST_DEPS=OFF" -EXTRA_OECMAKE += "-DBUILD_TESTING=OFF" -EXTRA_OECMAKE += "-DCMAKE_BUILD_TYPE=Release" -EXTRA_OECMAKE += "-DCMAKE_CXX_FLAGS_RELEASE=-s" - -INSANE_SKIP_${PN}_append = "already-stripped" - -inherit systemd -SYSTEMD_AUTO_ENABLE = "enable" -SYSTEMD_SERVICE_${PN} = "aws-iot-device-client.service" - - diff --git a/release-tests/meta-aws-release-tests.sh b/release-tests/meta-aws-release-tests.sh new file mode 100755 index 0000000..9af72c4 --- /dev/null +++ b/release-tests/meta-aws-release-tests.sh @@ -0,0 +1,126 @@ +#!/bin/bash + +RELEASES=${1:-"master scarthgap styhead kirkstone"} +echo "RELEASES=$RELEASES" + +ARCHS=${2:-"qemuarm64 qemux86-64"} +echo "ARCHS=$ARCHS" + +setup_config() { +# keep indent! +cat <>$BUILDDIR/conf/local.conf +# Required to disable KVM/hypervisor mode. +QEMU_USE_KVM = "" + +# use slirp networking instead of TAP interface (require root rights) +QEMU_USE_SLIRP = "1" +TEST_SERVER_IP = "127.0.0.1" + +# this will specify what test should run when running testimage cmd - oeqa layer tests + ptests: +# Ping and SSH are not required, but do help in debugging. ptest will discover all ptest packages. +TEST_SUITES = " ping ssh ptest" + +# this will allow - running testimage cmd: bitbake core-image-minimal -c testimage +IMAGE_CLASSES += "testimage" + +# PUT = package under test / this is set in auto.conf +PUT ?= "" +IMAGE_INSTALL:append = " ptest-runner ssh \${PUT}" + +# INHERIT += "cve-check" +# include cve-extra-exclusions.inc + +# INHERIT += "create-spdx" +# SPDX_PRETTY = "1" + +INHERIT += "rm_work" + +# BB_ENV_PASSTHROUGH_ADDITIONS="SSTATE_DIR $BB_ENV_PASSTHROUGH_ADDITIONS" SSTATE_DIR="/sstate" ./meta-aws-release-tests.sh +SSTATE_DIR ?= "\${TOPDIR}/../../sstate-cache" +DL_DIR ?= "\${TOPDIR}/../../downloads" +EOF +} + +set +exuo pipefail + +for RELEASE in $RELEASES ; do + + # always delete old files, rebuilding from sstate will be fast enough + if [ -d yocto_$RELEASE ] + then + echo "deleting $PWD/yocto_$RELEASE" + tmp_del_dir=delme_$RANDOM + mkdir $tmp_del_dir + mv yocto_$RELEASE $tmp_del_dir + rm -rf $tmp_del_dir & + fi + + mkdir yocto_$RELEASE + + cd yocto_$RELEASE/ +writeups of different topics + git clone git://git.yoctoproject.org/poky -b $RELEASE + git clone https://github.com/aws4embeddedlinux/meta-aws.git -b $RELEASE-next + git clone https://github.com/openembedded/meta-openembedded.git -b $RELEASE + + source poky/oe-init-build-env build + + # add necessary layers + bitbake-layers add-layer ../meta-openembedded/meta-oe + bitbake-layers add-layer ../meta-openembedded/meta-python + bitbake-layers add-layer ../meta-openembedded/meta-networking + bitbake-layers add-layer ../meta-openembedded/meta-multimedia + bitbake-layers add-layer ../meta-aws + + # setup build/local.conf + setup_config + + # find all recipes in meta-aws + ALL_RECIPES=`find ../meta-aws -name *.bb -type f | sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` + + # find all recipes having a ptest in meta-aws + ptest_recipes=`find ../meta-aws -name *.bb -type f -print | xargs grep -l 'inherit.*ptest.*'| sed 's!.*/!!' | sed 's!.bb!!' | sed 's!_.*!!' | sort | uniq | sed -z 's/\n/ /g'` + + # make array out of string + ptest_recipes_array=($(echo "$ptest_recipes" | tr ',' '\n')) + + # add -ptest suffix + ptest_recipes_names_array_with_ptest=("${ptest_recipes_array[@]/%/-ptest}") + + # make string again + PTEST_RECIPE_NAMES_WITH_PTEST_SUFFIX="${ptest_recipes_names_array_with_ptest[@]}" + + for ARCH in $ARCHS ; do + + # build everything in meta-aws layer and save errors + MACHINE=$ARCH bitbake $ALL_RECIPES -k | tee -a ../../$RELEASE-$ARCH-build.log + + # do ptests for all recipes having a ptest in meta-aws + + echo PUT = \"${PTEST_RECIPE_NAMES_WITH_PTEST_SUFFIX}\" > $BUILDDIR/conf/auto.conf + + MACHINE=$ARCH bitbake core-image-minimal + +# cp $BUILDDIR/tmp/log/cve/cve-summary.json ../../$RELEASE-$ARCH-cve-summary.json + + MACHINE=$ARCH bitbake core-image-minimal -c testimage + + rm $BUILDDIR/conf/auto.conf + + cp $BUILDDIR/tmp/log/oeqa/testresults.json ../../$RELEASE-$ARCH-testresults.json + + # show results + resulttool report ../../$RELEASE-$ARCH-testresults.json + + done + # cd ../build + cd ../ + + # cd ../yocto_$RELEASE/ + cd ../ +done + +# search for build errors +echo "manually check (if found) build errors: " +grep -A3 " failed" *.log +grep -A3 " ERROR:" *.log diff --git a/workshop/00_home.md b/workshop/00_home.md deleted file mode 100644 index 98bf039..0000000 --- a/workshop/00_home.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: "Welcome" -weight: 10 ---- - -# meta-aws-workshop - -Test123 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean tincidunt eros non enim rhoncus dictum mollis at nulla. In quis nunc urna. Quisque id justo malesuada, fermentum libero quis, consectetur libero. Vivamus faucibus ex at turpis facilisis, et molestie felis vestibulum. Donec tellus velit, iaculis vitae ex vitae, cursus congue felis. Nullam interdum feugiat nisi eu mollis. Nullam nec arcu faucibus, tempor elit sit amet, tempor nibh. Mauris posuere risus vitae nibh placerat blandit. Quisque a dapibus arcu. \ No newline at end of file diff --git a/workshop/01_introduction.md b/workshop/01_introduction.md deleted file mode 100644 index cd3fd65..0000000 --- a/workshop/01_introduction.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: "Introduction" -weight: 10 ---- -In this section, you will learn how CI/CD fits into the iot product life cycle and the roles participating at each phase during the iot product life cycle. The introduction roughly mirrors the first module in the original training. The introduction has three sections: -- High level overview of the iot product life cycle visualized by a SIPOC diagram -- High level overview of role-based deliverables across the life cycle visualized by a lightweight flowchart categorized by roles -- A workshop roadmap that draws parallels between the iot product life cycle the each module in the workshop, visualized by an execution architecture. \ No newline at end of file diff --git a/workshop/02_setup.md b/workshop/02_setup.md deleted file mode 100644 index aca0759..0000000 --- a/workshop/02_setup.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: "Setup" -weight: 20 ---- -In this section, learners will invoke mechanisms to setup artifacts for the modules although some artifacts may be setup by the workshop harness. The section will walk the learner through all the created artifacts and tools so a baseline understanding of the toolchain can be set prior to progressing to Module 1 - -## Launch Workshop Resources with CloudFormation -Before starting the Embedded Linux workshop, you need to create the required AWS resources. To do this, we provide an AWS CloudFormation template to create a stack that contains the resources. When you create the stack, -AWS creates a number of resources in your account. - - - -Choose an AWS region from the below list where you want to launch your CloudFormation stack. It is recommended to choose the closest region. The required AWS resource for the workshop are provisioned with AWS CloudFormation. Simply click the AWS region where you want to launch your stack. - -By choosing one of the links below you will be automatically redirected to the CloudFormation section of the AWS Console where your stack will be launched. -* [Launch CloudFormation stack in eu-central-1](https://console.aws.amazon.com/cloudformation/home?region=eu-central-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Frankfurt) -* [Launch CloudFormation stack in eu-west-1](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Ireland) -* [Launch CloudFormation stack in us-east-1](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (N. Virginia) -* [Launch CloudFormation stack in us-west-2](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Oregon) -* [Launch CloudFormation stack in ap-southeast-1](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-1#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Singapore) -* [Launch CloudFormation stack in ap-southeast-2](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/create/review?templateURL=https://aws-iot-workshop-artifacts.s3.amazonaws.com/4f74bcdb2e45dbf5/2021-07-29/cfn/cfn-iot-c9-v2-generic.json&stackName=EmbeddedLinux¶m_C9InstanceType=c5.9xlarge¶m_C9UserDataScript=c9-ub1804-embeddedlinux.sh¶m_C9ImageId=ubuntu-18.04-x86_64) (Sydney) - - diff --git a/workshop/03_01_hello_yocto.md b/workshop/03_01_hello_yocto.md deleted file mode 100644 index 2f1b3b8..0000000 --- a/workshop/03_01_hello_yocto.md +++ /dev/null @@ -1,169 +0,0 @@ ---- -title: "1 – Hello Yocto! - Build your own Linux image" -weight: 10 ---- -Developing a project that use embedded devices requires engineering effort for selecting the right Operating System, building Board Support Package extensions and actually developing the application. In this module we tackle the first one. Choosing the right OS is a critical step in the path to production as it is, after all, the beating heart of your device: it needs to be secure, resilient, updateable, maintainable and may need to be compatible with different hardware architectures. - -The Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems by providing flexible set of tools and a space where embedded developers can share technologies, software stack configurations, and best practices that can be used to create tailored Linux images based on your project needs. In this module, you’ll learn what the process is of creating an embedded OS image using the Yocto Project in the Cloud. - -### What you will learn in this module - -Learn how to setup a cloud development environment to make development easier and manually bake a ready-to-work image using a provided Yocto Recipe and Layers. - -### What you will need - -A Cloud9 Instance with 100GB available: the higher the number of vCPU available, the faster you'll be able to complete this module. (more info can be found here: https://www.yoctoproject.org/docs/latest/ref-manual/ref-manual.html#var-PARALLEL_MAKE ) - -The bitbake process is CPU-intensive and scales automatically with the number of vCPUs available. - -![Graph that shows the time it takes to bitbake the base image based on the Cloud9 CPU instance](/images/01_hello_yocto_bitbaketimes.png) - -We recommend at least a c5.9xlarge. - -### Step 1 - Prepare your development environment - -```bash -sudo apt update -sudo apt upgrade -y -``` - -Now install all the required packages: -```bash -sudo apt install gawk wget git-core \ - diffstat unzip texinfo gcc-multilib \ - chrpath socat cpio build-essential \ - python3 python3-pip python3-pexpect \ - xz-utils debianutils iputils-ping \ - python3-git python3-jinja2 libegl1-mesa \ - libsdl1.2-dev xterm pylint3 -y -``` - -Let's set up our work folder: -``` -mkdir -p $HOME/environment/src/mydev-proto -DEVHOME=$HOME/environment/src/mydev-proto -``` - -And clone Poky, Yocto's reference distribution that will help us build our own custom Linux Distribution. - -``` -git clone -b hardknott git://git.yoctoproject.org/poky $DEVHOME -cd $DEVHOME -``` - -Let's finish up by __sourcing__ the init script, while specifying __build__ as the build folder. - -``` -source ./oe-init-build-env build -``` - -### Step 2 - Bake the minimum image - -While we go through the rest of the module, let's start baking the minimum core image, let's run this command. -This might take some time (17m 53s on c5.9xlarge Cloud9 instance). - -``` -MACHINE=qemux86-64 \ - bitbake \ - core-image-minimal -``` - -{{% notice note %}} - If you receive an error like this: - ![](/images/01_hello_yocto_diskfull.png) - Increase your disk space following this guide: https://docs.aws.amazon.com/cloud9/latest/user-guide/move-environment.html - After you've resized the Cloud9's EBS from the AWS console or via CLI, if you are using Ubuntu, the main commands are: - `sudo growpart /dev/nvme0n1 1` and `sudo resize2fs /dev/nvme0n1p1` -{{% /notice %}} -While we wait, we can create a new shell and proceed to the next step - -### Step 3 - Integrate layers and your application layer - -Let's initialize the shell and download our layers: -``` -DEVHOME=$HOME/environment/src/mydev-proto -cd $DEVHOME -git clone -b hardknott git://git.openembedded.org/meta-openembedded -git clone -b hardknott https://git.yoctoproject.org/git/meta-virtualization -git clone -b hardknott https://github.com/aws4embeddedlinux/meta-aws -``` - -Then modify the `$DEVHOME/build/conf/bblayers.conf` file by adding the layers we downloaded previously to our new custom layer (substitute $DEVHOME with the $DEVHOME path, e.g. `home/ubuntu/environment/src/mydev-proto`) -``` -$DEVHOME/meta-openembedded/meta-oe -$DEVHOME/meta-openembedded/meta-python -$DEVHOME/meta-openembedded/meta-networking -$DEVHOME/meta-aws -``` - -It should look like this: - -``` -BBLAYERS ?= " \ - /home/ubuntu/environment/src/mydev-proto/meta \ - /home/ubuntu/environment/src/mydev-proto/meta-poky \ - /home/ubuntu/environment/src/mydev-proto/meta-yocto-bsp \ - /home/ubuntu/environment/src/mydev-proto/meta-openembedded/meta-oe \ - /home/ubuntu/environment/src/mydev-proto/meta-openembedded/meta-python \ - /home/ubuntu/environment/src/mydev-proto/meta-openembedded/meta-networking \ - /home/ubuntu/environment/src/mydev-proto/meta-aws \ - " -``` -This basically enables the layers in the build system. - -Before baking the image, let's add the aws-ioto-device-client to the image. -Let's modify `$DEVHOME/build/conf/local.conf` and add the following line at the end of the file. -``` -IMAGE_INSTALL_append = "aws-iot-device-client" -``` - -Wonder what this does? Check https://github.com/aws4embeddedlinux/meta-aws/blob/hardknott/recipes-iot/aws-iot-device-client/aws-iot-device-client_1.2.0.bb - -Now let's bake the image again. - -``` -MACHINE=qemux86-64 \ - bitbake \ - core-image-minimal -``` - -Notice how this time, it take less time because it only needs to bake the incremental layers we just added. - -### Step 4 - Test the image - - -``` -runqemu \ - qemux86-64 \ - core-image-minimal \ - ext4 \ - qemuparams="-m 2048" \ - nographic -``` - -provide user __root__ and test that the aws-device-client-sdk is installed by running the following command: -``` -/sbin/aws-iot-device-client --help -``` - -{{% notice note %}} - You can fix the name lookup by modifying the /etc/resolv.conf and adding your preferred nameservers (e.g. 1.1.1.1 and 1.0.0.1). - Wonder how to do it the "Yocto" way? Head over to: https://www.yoctoproject.org/docs/1.6/dev-manual/dev-manual.html#using-bbappend-files -{{% /notice %}} - - -If you want to exit the simulation, just run Ctrl+A and then press X - -### Checkpoint - -1. You have successfully logged onto the Cloud9 instance and set up the prerequisites -1. You have baked the image without any additional layer -1. You have modified the configuration to include the cloned layers -1. You have run the non graphical simulation of the firmware you just baked and ensured that the aws-iot-device-client sdk is present - -### Considerations -Whew, this is fine if you are a single developer and are not maintaining a plethora of architectures, branches and distributions. - -What if we had an automation that the bitbake process would kick-off everytime our team did a pull request/committed to the code repository and generate and archive the different layers to further speed up the bitbake times for every set of PCBs, Firmware versions, Architectures? - -Follow along in the next module to discover more! diff --git a/workshop/03_02_build_images.md b/workshop/03_02_build_images.md deleted file mode 100644 index 404219f..0000000 --- a/workshop/03_02_build_images.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: "2 – Build images in a fast and repeatable way" -weight: 10 ---- - -### Introduction - -In this module we use AWS CloudFormation, AWS CodePipelines and the Yocto project to define and deploy a solution that constructs a Linux image compatible with a Raspberry Pi 4. - -Here is a high-level diagram of how the solution works and the services used: - -![Solution Architecture](/images/02_build_images_solution_architecture.png) - -### Prerequisites -- An AWS Account -- A Dockerhub Account -- Experience building images using Yocto -- Familiarity AWS CloudFormation, the AWS CLI and shell scripts -- (Optional) A Raspberry Pi 4 and an SD card to test the produced image - -### Expected Environment -If you are continuing from Module 1, you can continue to use Cloud9. Otherwise you can use AWS CloudShell which is a browser-based shell that makes it easy to securely manage, explore, and interact with your AWS resources. CloudShell is pre-authenticated with your console credentials. Common development and operations tools are pre-installed, so no local installation or configuration is required. - - -### Step 1 - Setup your environment - -Open the AWS CloudShell service and run the following command to clone this repository and set `$PREFIX` to something unique like "mod2-YOUR_AWS_ACCOUNT_NUMBER". - -```bash -cd ~/ -git clone https://github.com/aws4embeddedlinux/meta-aws-ci -cd ~/meta-aws-ci/core/scripts/ - -export PREFIX=mod2-<> -``` - -### Step 2 – Securely store your Dockerhub credentials - -When building containers, you will need to setup a secret that contains your Dockerhub username and password in AWS Secrets Manager. This is used to authenticate the CodePipeline with Dockerhub and used when composing images. - -In AWS CloudShell, run this script without arguments and enter your Dockerhub username and password. It will create a Secrets Manager entry and return an ARN that you will use when doing setup for the container projects. - -```bash -./setup_dockerhub_secret.sh $PREFIX -``` -Once this process is complete, store the secret ARN in an environment variable for later use. - -```bash -export SECRET_ARN=arn:aws:secretsmanager:eu-west-1:123456789123:secret:dockerhub_EXAMPLE -``` - -### Step 3 – Create the baseline components -Baseline components are required for all other automation areas. - -In AWS CloudShell, run the script to create the network layer. The network layer is a Virtual Private Cloud (VPC) for AWS CodeBuild. - -```bash -./setup_ci_network.sh $PREFIX -``` - -### Step 4 – Install the container build layer and invoke the build process - -In AWS CloudShell, run the script to create the container build layer. This script installs an AWS CodeBuild project to construct a custom container that is used to build Linux compatible images for the reference distribution named ‘Poky’. - -```bash -./setup_ci_container_poky.sh $PREFIX $SECRET_ARN -``` - -Once this process is complete, invoke the build process. The process takes about 15 minutes to complete. You can monitor it using the CLI or by logging into the [AWS CodeBuild console](https://console.aws.amazon.com/codesuite/codebuild/projects). Make sure you select the right region. - - -```bash -aws codebuild start-build --project-name $PREFIX-el-ci-container-poky -``` - -Finally, find out the image URI and store it in an environment variable for later use. - -```bash -aws ecr describe-repositories --query repositories[].repositoryUri --output text -export CONTAINER_URI=123456789123.dkr.ecr.eu-west-1.amazonaws.com/yoctoproject/EXAMPLE/buildmachine-poky -``` - -### Step 5 – Install the Linux build layer and invoke the build process - -In AWS CloudShell, run the script to create the Linux build layer. This script installs an AWS CodeBuild project to construct the core-image-minimal image for the QEMU x86-64 MACHINE target that includes the AWS IoT Device Client. The AWS CodeBuild project file for this project is in the [meta-aws-demos](https://github.com/aws-samples/meta-aws-demos) repository. It also creates a new S3 bucket to store images it creates. - -```bash -export VENDOR=rpi_foundation -export BOARD=rpi4-64 -export DEMO=aws-iot-greengrass-v2 -export YOCTO_RELEASE=dunfell -export COMPUTE_TYPE=BUILD_GENERAL1_LARGE -./setup_build_demos_prod.sh $PREFIX $CONTAINER_URI $VENDOR $BOARD $DEMO $YOCTO_RELEASE $COMPUTE_TYPE -``` -Once the process is complete, find out the name of the newly created S3 bucket and store in an environment variable for later use - -```bash -aws s3 ls | grep $PREFIX-el-build- | awk '{print $3}' -export S3_BUCKET=EXAMPLE-el-build-rpi4-64-aws-iot-gre-buildbucket-EXAMPLE -``` - -Invoke the build process. The process takes about 90 minutes to complete using `BUILD_GENERAL1_LARGE`. You can monitor it using the CLI or by logging into the [AWS CodeBuild console](https://console.aws.amazon.com/codesuite/codebuild/projects). Make sure you select the right region. - -```bash -aws codebuild start-build --project-name $PREFIX-el-build-$BOARD-$DEMO-$YOCTO_RELEASE -``` -Once the build process is complete you can review the contents of the S3 bucket - -```bash -aws s3 ls $S3_BUCKET --recursive -``` - -### Step 6 (Optional) - Download the image from S3 and test it - -Download the image using the CLI or the AWS console and then use your favorite software to write the downloaded image to the SD card. Make sure you choose the right device. This process will overwrite the card. - -```bash -dd if=image.bin of=/dev/ bs=4M status=progress -``` - diff --git a/workshop/03_03_dev_experience.md b/workshop/03_03_dev_experience.md deleted file mode 100644 index 3cfabf8..0000000 --- a/workshop/03_03_dev_experience.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "3 - How to integrate the dev experience" -weight: 10 ---- -Delivering an integrated developer experience is key to adopt a sustainable CI/CD practice. \ No newline at end of file diff --git a/workshop/03_04_auto_testing.md b/workshop/03_04_auto_testing.md deleted file mode 100644 index 9ba2611..0000000 --- a/workshop/03_04_auto_testing.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "4 – Automate build and test processes" -weight: 10 ---- -In this module participants will learn about various methods for device on-boarding at scale and device fleet provisioning/fleet management. Needless to say that an IoT device that don’t have a strong root-of-trust and robust update capabilities will be eventually compromised or become dysfunctional. -While AWS IoT Greengrass allows for reliable management and orchestration of components, {TBC} \ No newline at end of file diff --git a/workshop/03_05_remote_update.md b/workshop/03_05_remote_update.md deleted file mode 100644 index 59284f7..0000000 --- a/workshop/03_05_remote_update.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: "5 – Remotely update devices" -weight: 10 ---- - -In this module participants will learn about different update options for updating a device -- File level vs. Block level -- As well as different options for tooling to achieve device updates --- block level options: Mender, swupdate --- file level options: OSTree, swupd -- We will introduce the supporting AWS IoT functions that can be used to trigger and process to update jobs, e.g. CodeBuild, IoT Jobs, CloudFront -- During the hands-on section the particpants will use iot-jobs and meta-swupdate to update a device/image - diff --git a/workshop/03_modules.md b/workshop/03_modules.md deleted file mode 100644 index ca9f697..0000000 --- a/workshop/03_modules.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Modules" -weight: 30 ---- -TBD \ No newline at end of file diff --git a/workshop/04_conclusion.md b/workshop/04_conclusion.md deleted file mode 100644 index c8e099c..0000000 --- a/workshop/04_conclusion.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: "Conclusion" -weight: 40 ---- -TBD \ No newline at end of file diff --git a/workshop/static/images/01_hello_yocto_bitbaketimes.png b/workshop/static/images/01_hello_yocto_bitbaketimes.png deleted file mode 100644 index 3ec3e56f072be372a96580a0185219fdea947c58..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 34074 zcmeFZWmJ{h_xCM`(v3>Prn{wELPA0iDM3I$LP=rM0-J7WflY%*H%Ll{lF|rL(%t>6 z?K$Un_>JeyGsbh@_qbpDUpN@TzOFs5wdOU~nxFZdD@aX69vg!c03p8DyC{N6E3fI0m* zJm%JrTL2z1dUw3}tGM#ztr>Rb?Vms0Qjd@8oSpj<6M2^te>z<4_lY=2571E~p+A;H zCWw5GLPzagMLWPbaZrkmo_s~zhZ=>G5 z;``SMaHq6Gv{#j`*Q5FHhaV7z{paQ^_-b9xX%;_Z$8y08A*s?P~x zzJ1e8gLEU`OE=yjYiCjTXAlwQ699|orMKd5*e;1lpw?CWGE~Ou!sP1taQ_$JLpV{dL`-w zA8y+I|93FC((bIk0^jXT?!CLv8Nk_iLZkd}L^Iv6$+NcM=YA0lu$a7o`6(Q5PtT&y=!8uK(?7}ua&ND8Iq8B@@MjtJ5&}T1x3y7$07@$9< z219l(8!0J3n80Nuee%l}x8-11m5L$By6j7MRWC;!%x@8PI6?MCDI*1K4Bs~j`( z@=@WOgRqy$J(itgNpHU}C%bLcmac_xHbN6TjwUd32URw;KRFW49JD!iRjt$;rMmo1 zwEdlE-XY^2u$=03)yG@&9GL(O!=(v@;FIL9L3t|d>Yq+}2To?uD%|ZvM*bvbXlRUA ziW8kwUgSp;=BYd2pPy-*4#P&%^;PzVXVdxs8viWS0x;H_CeD%sb-^JxSg+9BTQwFV{@7dV>kx zejtT>4^7|WaAYos5zdsfR@TdbiOE@SJ8lvo*7A+FUq5Cm_PIe24Lppq>B4?cTs)M7 zmq8R5knVMTWi%-JAgq{z;BXFmWGAn!rh1|7`s%#3Zo838)uD1kYkf0!ihX%3sp-+k zh5viqH(%abyf4O}&oW!hj>o|jJ5a;AH|2T0*}535I+GGmVU1oPhQwG`x*P5M`fAkt9?8h>o>tdZ@U~6u zQk?A%b$P$p%PnX10q4g9odTMzxdaO{;X6lDHk`>cvrh`0kQ+`#G{4)R8IR=Tr@Vb5 zr1j$6NP>6xofOR{$OJ3N?Ae`o)y(JuY@TO_l<1C?+8VIb!{vm#uz2 zZ+x`m`N(B{B&T=Ts%?2G-cTHiT#(Bj7Dg^Kq);68-jbx@BlvEEpY?EkXF~0l-gjE= zl3A+>D(CHxIB5~=`XO7oKicpp6nG)}LhPPZ#J~n~ek}KfaJlRFQ-i|gZ;A|+zZDM6 z{33{)Q$!Oj3>%8w1p@1A?&Zg0pAsZl_Gf?GR(n2~uP^4hR;RUf^5W-A7r${kz421% z^~JJ;cdRuCl4+tyVtY#yHS);M@TnacbeQd+J6}-)1~cV5O_7?;e{OeVwT;X=&wAKB zOo}-MvxWn`TS{V{%zZKcpy_d4uz|$sVzg~HeS917kgCKbAIHd1n2kGaLEY9D?!{cD z-7MU!rqka^t-iS8#0KuW?eFov3f?8O&C@s{pYKz-in^{CR>4#iJJcjkc^Ts~0DDEg z4tLuM>YT4pxtngv@IeOdc#+lnm!!2j6Nt8gl>!Zl_rCp6E=KJ&j2_H-?* zqGa}9f7A9ZXq~p>9fQO%Q|u~O^6>O4J2<^jz9`<>jV_3}Q{V18@Nz>S?A)B2I7 zIkr^%Mq%}gqD_dw?g^D`Gm`qN9Ev~}(egkI6wDTS662Uyd%PbmZr7K`nazwihcye~ zn8PX}Z^RV>`k~kIp~Uzi_!}~O*d#o3IjzI0#P}5c1s(^3@^ht~lp$WTXQS0EDk7UP zKVR&56uK*NtK7*wGHTho^FSYO#(n>L1#7tSz$$dBcDV%-Ku)kMghvw_>OeDV<8?mu z9xuH$rqZ>KB;9Q#JwPr!kv+sIiv#MnO8(5``f}R~v-_zC5x?f{UDY+jR$&WRmhl5x zHrGKl8}ZX=s*tPGw>x09PEnkJ(JbtgCQl44?BwdWiE26U)o@7)PlAYaE<{I6v^!}s zLFFzom&^QVW8>A?dfthOp+-u1lLil8S;NyimX{RK#ajF$SN@-$#IG4xi9K!9on&I2 zJ`FFf{rxeI*pMD9Jm6&zqV|lDWJiIb;r3=3LE*cSS|(&~YmD@DH@g{A+1dmbO5q?l z8#|%cGb_;$;W9(SM5!_6e8y!eelg2yXJ0s?;q3-;YVmy?Zg)M}Za6lmIT%v9opGn1 z+Mt%|;umT*j!p%(D%*1C+~D;{vFEd$90TZ_-yQs>Up|=r-}$H5T!--35ih98^1|%( zm9w^GUN(#U=Xh0hQwJ(-D+*tVmRnBH_T8$owcdWuqw+31BZY*XX@`D_I~>R`+h|0P zDkY3%uYx=HBh46x2FzHObu-v?iwWb6={r0bBoEyv-P=yoPLZx9?(P;xVM(o;UIv@D zV(R(TE|2r6+3@I^Q_q1s;)j-+X}(`y4}w*KI0vkJCF8~+?IwfhX})sAIPk+)%x0_Oiz;Cj+gN%6@!RO!bI;j}i({b}?(4jYYNn#>rgIlHp_3| zt`@IUvw0Xjug(JHw&^Hl%9Cghul9S-VIZXNznzy0L3JC|F%L^Mih}X%-}MBe_MpC` zVCzu|`aNlPg8Q0zt;6@kCxn-0TYd3@`Ocb`Gb6->8GI=+2>L}1+gJ2A8;)nxzwL=4 z!7K>ihj3oPEbd8ofEzvjH_{z<)IC)XlB$hB&u6wElNtQ)u9vUxZ9=@I;e zlh=_4zdj4Adzpo>n`%-H|J3WuuwWU{(@&^I+}&jm4ILzv$Ip2v3u16ddNG`bOeM^F z^Wx2g`HL^^A5B^n`v*aLtTo-#waRq8I>TN@hyRQnllzhRk>7YrkyOD*=5h3U6tG4& zPQ|G%Q=&h9N#GqOFeB)?xI5zsRyc0HJ99qNG;BUKvmVDktEaTFDTFH?2j<-7h7jV4 zNe7P~+sieqzK`S}BakAu6>7~?+~C$yY%3Qd8&;iQ7CZkiH`4y;HbubGee|c3ThR7% zxEy!c67A>LN+@JA-Swsm@5)oEUHcOUh~Pw_mmpfFrg!f;=1`)FZx z_o8@4muPj)mM^3hVV1?#DIl&1_&hl}Ic&6%5&Qgxw&-CXR4(PDw=ers_0{iaNgI%) zY=;%D3B4op-uBpb^HU3S#Djg??WCe=7e$U!BhjK-wRl7X$*4UYEKLBh!uTHEYC(&S zKp3Mo1E+Q6q0$^#mi&R4-y0U%_KUql=$c}jj7PSkSSi)Ep?REW*(o3Je&qOVtaRoQ z`d6zxti_@5Yxe5tvK1+lQxh`@bNPpB_(FMC?y8Dm<5?zy3X)y9eXN`PpYEnm%H@vB z%Li^7V&ofnel0O-&4|n;uRl_DWPq`{Xz$}bRyu@uG|Z-3%JT}!RgQi-`g{b<_5`!7 zvAHXvG#2QpIVHF1+{turRt)Uqn4W;l>tl!>z1l;hxXV_J{x$_H?qMuQL^ZEX;E74N z5CcY01@2t1?W1OHpU8VK<|jw*5Zl?Ar=pi^&Ruj9VEGhI%6k36RWu=mq_a=_UUhjz zVLfNveJ}RqP%g+8rOiVc%7};3ehR&?;u7g^U^zF~{W1JBn{LCJC`Vr^kJqmxLuIMp z$8m54tetw1TbSY7$m4ynIBnw~Vu5~`F#{nZBo({0+kZq&u0gbWDh2UKRpHstYK$a! z0cuL?t3yXk4Ff~^fhiCV-P|zUJjJBn@A$r&AXA$hB`jwCfgEA5*HNzJOrVEm&(LVL z?g}=)_u8J<3iCw8N1?^NY)guWWDFOr+n_ekt-mDBZ+f*b&>K6oHC5-@2X#GFN}&~g zzaw_|L&Ic6k>3Bsy**_?y2U$o{^N3v@nu9RZO$xYExvdX=NsiF_fdprIkkemu5^8X z-wP&opn?{(-j4fAX-g>T*%*)<783Z_Q%aFIUS*2F4cB?)zV;e?g1Xdu zyRqT1KO=1WRopK?*w^Qi;x9CK1mDu-C?W;H*!lQeE`=AuqTKRC)l7DWpy+9LnY4rm zdiB%Bid3$=R}<);EXa!8a}#d+K;{EOROLLSUvr7>DrC|A8rHu(pU&MEG*IMd;9?_c zLE0W&_GNhO&EIcOFd~N9uaZ8CU<-M=jla7p9DfOqS6t^uKX`|1Xc&7gjNWgE{EmQ{ zBLy$$mGXT4XqmwXU4n3L?^7=}^n?h9e#+Dm|5x4lvMYCuS*)M~(Iq`^IgjBAiL8Yc zPp6+G?<+8-XrlFY7ag>GJXmGWFDkIC9_z`Sv?q%ynsMN`clVJztDeC_%Et^_Io)+^ zvO3H%EM9#I*5xTtN!H^sioGAASL?JarL74T7fn6vLbI8M2~sB1lfY(@^`4&n>EOnx zz@CVv;Oi6{(h-A+*0D2@EsP{fuSX+U>xyD!%Z95SaV~3YT0IM%=m*b`{YMW*;*RUr zY2H8QcA>}T6n*%?^kN7_ygnuyMYYz~^wB--;iL;#2UlKbw@-Gc+8va$FY85QV(V^N02U&`gJ#DWP+o(#%(emx#)iDy+;B$2y0eI>XlxzDDUKg|*_4|EB zh|F&PyMWF24YnV6`?%$DmLN3bQ)>D{hjwf=mG{VckO z^{@->mVG>dpJVBT8QbI7gyPByfQ!u=o&J11G{>rscWEw~Z{rrYQrNOQ*5_`a!1o_- zp9<$r)>rH*rz4wT8KvT^ynE_2_2xNrh-In7U(^Rls)g|0u*SWKfNXk{>*KsVuX-ot zAB%HR1vT~yVFGt4+1d#eohL1FZ8u6gJC@jk&KYtVW4`9;f;^`Zi~)tgzHWb_C|4(~ zTMIg4n`H@m9ZTnZJ!^ICM|Drd%BA6`4@PJf^H5W`)}-Y5^l~@s@Mo@%y{@0{l$jsf zT^w9Knc638Krin0*V`5K{z0PR0xb+M=l621w{djK79RaC=NPJezWsaJfiqZ+OThzx0? zvt{ww=sJUkXRTx#w`!cJ*j@oQQQxp$d1>JW<2A^|shlQE;}b+jxRV6l^p26?k|0MW z3CE4fbPnU(mhs4QL3TtAye9Om=+soug&G&P)wuAyUQo4j&i$#i z#1!74%beesIP0`akF8LCtT{_=xr4F=OG6w>=HO=g!`u0X&dPAtzf-V=L#FoleHK$e zDlX5YSS=V!?CcwY6(yAU6zEXN){cTeG%v9@JH5;q0bc(z&V> ztm^H+&-IuX)9p*FfR(6mASX20&qi!;mu=5UcZQdJIuFFB6^8b)rg*VLlzqaT#TV_E zPz#C4nP$ECrM*=bxz_B=*4`h_%39Z;3(vdg^E8>TS86EMl%t)@&u?0=Zpb%{-qSq8 z9{I?TU0g*Ody=!a(?Mn51=*#gP$0)gIEwQ7S{FmHu{kzBcWyEX1h9O~iu_HZX6wtk zaSHyS4z7z{N?>ekGad3W-0f}6*;+nrh}iLTd5(}ga*U)QB=X)K2t%=2$D$zhGEjJL z`&;!M$fvJ4N(-HhkGQg?>N-MZYp9_puu}f{y-_c?n`qgabo@$XES9q2=WA zr0`dz1S{gm?#_uyt@@~OVwG6K|`c2IGL$#Us^lTzg z<0d_QLJMdxsVgqqP0V@**70?7bCsJ{^M!#&u~-o+xd~6#7y-FWO%eJpY|ID9ZBF`e z^G%CBrGl$HoqosMgu%lAB`5jM-2N{}>j|#@A0z*a-N65`k;M8WkuOBACg#m;(gCZU zab-myY@@0PvwZPP<|LKoDl1pQAJ34c3OTIVqq?iCg3LbE5>)AZ@6u&>BvPG1c^Y?0 zdbkxFN+ls4N+wX`ocfAWOk}D^jBM1&s^2MdwCaUhRm$cld~5ICy`yBCAM1Ts-DUS zxv!f8Sj&H^JCY%IYF*}}#s@2db3dJDzgt^uR^y7FyoBy`GuCB)aQ^x3IrQpuxh~rp z^TuT>!rpNhg{Po$(h5+@=v+Y#+;xo$u%&n729~XDL4>Wm{i1{&VPp?}r#R1W{d63T zRn)Sd0_zd-{K*duRc!L|*iDd&qjgd^>ubAhR<;_4u#cvHwgnhbpp`(04L>KrI2h-A z?f|5curWg~v9gaKd22z&WK(k|$I&d& zG|qNDh|vjQ)DwZ9L@E-O2Q}+;vzKoH$6{Bcw>p0V?(HEO@a*}E$`$>_llc$?$A;w> zHwt6y(uNDtd;`Ek)&g(aQ5Oy>JsF#B8>RBvpl-5I^-N2Lp89vH=h4_<@N}muTL>4q?-B(n2xp%kotK`%@=(CpqB^D3g>7%8~hjVvLY7pvQJZCUBSE%yhZF?<1R*;`E62 z?yxjQ{WYBx{N4`?pb-C#qwQG<;XQvG3f;1n?WSu_1d&B9mJ#FfF$}vrZo0-!^*GWA z$UPMhvFg3dGP45J6POF^#CARmEKr-i_*rXukdaa12Z1$-`#>o3Z@V^Z5Ho zHjOSdpr#c3!9lqZ3c&GZ7X3jZoRrJ#TfzV+?y5uta9x4=KnoV{H#{>?cgwH`!?(W! zW~762TV%VQkjVzv!Xey&O686xezuaywGhhN;gEByPi*A2k;*5mDKqeR8GA||%}OdB zqlR9W(j-|3VBGQ^>2}LkR4VcxI=E8~p(s-@&53E4l^B zP$d9mK6qDvk?2nQcfgWV!h-@1+maqYNeW6y*F+VC^oFR_y5o57(#wk9Umvu*Vb#Z|Lw!A{=V(Bb>TJ2u=t zcHqWE!gm{|EgFFTAVr-4JjcscztckT0pGHvbnJ!m&z5-GAD`6cN?LI+l{gz5$GxsE zMHau3dF-}7K!rieKoNs)RG@w4dWq932*T3pkBtetYXr(CR=;@XFZ#W%9MYVVtGB(b z&j)E$nDEoNU~Ml$#W$*^-j=GIimviH+$yCK*L z6+94rU;AEg2k_-oKPlh4eqh4cf7P6y&t6kLRH-FwwhID;$6j64bl5KR)e9jxme#Q~ zw1ZEPO?y48CRn1}Q)p|5`ink@A#>=qCYh}*9K*S$xKJRcJBJXth56bF?8+mi^oXVY*vs{OqFQe>m#(YKb;-74C7 zbd9f8sr74&sqXd#nCa3NYJy%Zh6!n3fP>zhpY8|lRs!Y&bxr=8a0)&{DcrUNoud9a zFFemAl8WNJj(G>}&d75^Y-Q{0&|J7H3!Y^wIqcqZ{Zh4U&AYT{#FXxS?iurc%M5^c zfUW6b4~Y}{#hH*Mq)!;Qbt?!!26%gd{M_UTN*uMX+`YOW0c}yPGS{kJXTuqTR|(X| z5$)WK`zhOtRi2ln_?;(T_-5b9rFFtY=V%c~lzh@C5Y;FYvZ8^@i9U#6($taMEe4I3 zn>G(%4$}$e&LBL>;MZRsP02%ED0UH|Hi9{jjS77)@3`=W0V`Kuey+Od@{M{Iwoeiy zn=Y$-r1^FPqc{nK{~+|au0^)CSCvM9#Kj!$?lk^zOa!WD)8$bJ#RE@RL0oIZ7D&h< z-YG4a8V;i&rTFV&4dPh!op;ejgu-0}d7s(?EarC`M=*_vQv4ke-X7TP|D|RqRJwH; zX=um!vr~hKv(o%4CY#9T2!=;L2s3)GvO@Ym$yV~91!Ur6{#Yag`_J}^<4iO);1)fE zE8Gy(3&Gt*HuOXp(Gf)mOTBq43GAVd^Tv4Tp9)i}D0K7GXRf`E%;z-q`ojExhxSB- z7sdl$KHqMVaP0`{UxqG)3VO(J7>NX$uc>NdbbgxxZ-HI~^W|&7?N@EZCdpKUl7SBL z1H4Zo*@DdG_j*Zu$n&3d@v7cZniI)mROwHQLXwU^kp51-3#Fy%;mI?Z21+iN7e;|E>L&ubKzW`~{Nz(iB;$qOzykMhT_d5f7uu+GC

QtIS)Q|r7XWBdTG%37MV$9%QLaK5oNHnRaFSjbk3@jYJ zMtw~7+~|@B3GfJ=&!iu~e$DlpY5vm%s6JAqsy}Mf4VQ8)^!zh}w}PQ&g8uY0(US55 zG#^Q3Ajx-CokqdZ1wY}&zK)E4s7%5@vw7Tj+)x5mZPW5L0~)*E2a=~sO8PVhK{n<- zccZ0t4pPA?%6*jo>AeEgj>^KWS<2CYB%OcK&>GL_!D&C%Bm7|BWw-pos^HQi1;OYz z2+LYTbN^mfyv7=@%PNGn%L;!F?H$7@k76@HTtTz%E?hle6M&ze=6;%y=k|q4WtJ6=11ZWy7UC4LB(Wx9$pKDo-!r`XaR?sl|9Hf~lcg#J=RLy3 zzNon24SIb^L3PSS?4~guV0rB*$=vW{0BLY3A0+<7Z4K$sZ&a>Y;+%_@LgLGqtAP~~ztFlm`?BBJ?VF!9}W2ik=mreInU{CzHfit>4oR9EhS`)LBK7vrHL`Ob7X zHYEAD$9(@){@0TGv{;U4E4BlV7%1WRcSqyQ&p~ySv>cDNzw1_qo%Sg6tWc0h(^scxFdLbH@JD@tqIK?BM2WfI7PLy?UC|hR2qP^6_|1_*-V0{ zRgFd8^f%FD;HSIqa)m3XJ|sJDcM6v$4e#{4DkFT^E${KtR~}Sm6evQTx-dQ1jmS-^ z)X_l0oWh@UWPz?|IPEE{QU8iv7EB?*Isz5!6JJtpV;OZ1k>2>9@qHouOe4%08aqj| z7Yr(B42?zka;hm*XAPMh{$A623eQ7$|5nbWJtx$5ScS|*Qrs^(BfmZ@_G+*7cr^}P z2*bot6JK~pCGHNbpCvT=X2~CVmYGZ3&B%kaEgIfY&`5)u-V!>`S^4AX;8g#Lgo>2h zIr=Qb41O8`+uunhFNiZ~!+LTR&!?!m`l|^3_Vad@eczgTg!^Yfni_qq`!rw5`%qfM z&*_y+e;e)_CzvqoraVcyx9L83+DqzE#@e;m%M=@Mkw-2afY*cdY}aqu!n}JOE~cWp z#$8u9?M7Sxlm~V%JUv4T8a48l`dL#YzCY=5;@`8l_y;0MTH#4f)AttpcRIBM57Mqs z!u3@@@%qz7*ZRWd77w58l`t|gx%v*C5y?tkffywsuFsPHz*6Y0>FYzn*TM3QS8G+O zD)lGde#zCFhvD3fR^20XEVuaV(myGG8^gF3p#>nGAy|LjN) zIFO-pI(9i9qQaZ%)9p^yzkL>yGdHa%=JC#fjcOKYZ7Y0jdv^7uwa1U~;k-6hti?Z9 z0=QSGl;*Xr_5I^b!K5Ve5&&YoQFe9zY+Mi*=q3QN%|0#IP-@v4M?%0)an!`vbJVfF z9=3eYy`nmw^+{?Nheh{mo&em+MwoG`&_i#y%BsK0%CQccJgvA=tO;FA&&toee{XAF zexZdAIvGxAekPi5|L%ZI%X==fo-3n)AJG#|?9(czpC{hB&}{BcR9U4~^^E>->K)qg zP{l8)8`H=V3%_X;DME88nQ))}U%W!?4F@vLZRR0L`F}x$Br-N4@26G{`7c?jDiE+9 z6In$3lk6Z?LhrkPrU>BW$le^1v|KPEZow6ue`kz;M7ol<0sSCD8_xI-5eZ ze6o@m@dx7E2fOqS%RF}TZC&e!V}`g39buRb-?-%wLRE|T4SVZXwcKd!H z6K^Of6lkagqP>OH0)X%QhQEL!Qp@RbDiwmuwNxPx1js5F*~+?T{N4mQ3$yo&pIaM| z*&G4YGIH_1JT9YNmgM55@}3Wwoqn-1f{IFN1Lz6|^WmSA0SH`u6YyNL*Xy*`Fe7jl zaL3y%M}7|s&~j6pbcym2+U^5o=dSS%GHt0v0F`itp9s8&61W=Gv%yZ@2B_}AF=S&K z&?wsu5_1?r7Y66fr0gVjP==mwR=3KLy&=*va9QF4nW7x$6+*|HhAa=e0K_CCl2dIL zjMl&w3bD640&XeuekZyQwwoElE&yf;V;3iTU7faSYCL%s!+1W|bbV=a0#wLlN%QAm zUtZkWwc^k(_F((j<=G+TMt^vq6H_xb!a;iQUI#}mOP~EtvXLu3Ehz7sOt%Cw4YS+_ zz1IFf1TJK|E7SZIv`^TLA*6yk!iIM3_q?@jP*^(`kwrFv3RhQpdp!>cmSGFo+?fB? zehFA$5Ct;FmCpIae*bMFG1xqKU=i;dm>zb(>XsHODhWaX2(-phRTzzX;WWXtxZ7s}UaNPa zM?l@6S2G??`jCa(Y23&NA!`SK!i(R{Jwo7YK7!Iw6QL@yxiJT^h~Rm%YQC<_m#b>%j4vT!V~@vlrhzIK^LJY0l&%)Vq8>HO2lH7?n%x%R|T%`fvKRW;oK7nqE?HMX+td0aObR0{Z6 ztmvKlI9(i+k~BrJf(~dN-P^3s&{h$cE@tvxbz#Mjq8*0@>75Rv7LPgb5(Q`WVw{$( zOhb^+W2ix{3?IOeet~8pw9|Y$lPgCY?QF4Ivfcz}u-_1+)iYiK9=GXZYo<4fD0~p# zcK}jrd82QBN0-O55k3iydDipIwNTm*_&b4b>%X^+#IG}5991{5W7I<21JZ{9!aHn^ z_6eW|2#;;HOE&4uXEX}Gvy;zfex1`}# zT#(30;xRckvf!>|P`u&g`V2_=xj*EQe@PyT(s8Y|u{3?D?sMJVxH<6Zq}dPvoY&tT z4Yh{}%xu1zu*IvVN3-InGU*J*ju1Q2K0#pOh9d+RJuuF7UyUvEyjY+L0Bt(-u6#pI zJLDU@RN^590ELQ;suy0k@hbYs{gc+3mHF>- zGH?*bcE8HQGGll+VxVwz6R9==8lPMe^^XnBAL2u}ksq|O8g3!?dJYXrJ^lmvxX#Nv z8Vl6DT6_Y{&F$~C7Q(*UdbX)CP@)}Od`Oz+6Ao#A6@%Pb2Nyp?+0RCk5`fu za^d78HcZy?Y33$7iCCf47^)tlD{U`VAJ+9BBUS`g5u_HT+TS(+u25{<6ND4Ld%`+v zi~DObG#<{Suq8!|L(4Ey#`A=y=rk0Ek#?37tcK%8kEalC4V@acHzna7l&s|G%tjx} z$NJ;d3~dhf)w10XG!3>FuUu52xCZ7NAJJZlvLHGG6gx6_)nh7Gnd5PgaJ8gi=B?&T z<;inzI-?^xQ%pN{LJ3=1CyzoE>H0-7;O}OvN)Jj{>SX~>a+@e{WLR0``Wo`gr%S%m zPX$F(BjEku?U`J4m?rg-$tu*M?vI~>r;&SE8)5qsQRom(-a=@hD#8>hLf_hlExGp4 zX~kW&d+!6k6Xys>=J^GsQI0-`w4|cq+ozramHpDIF_iA-z;#&=jBob?Eu6%OT+G!G zQh!$}8Cy2AaDI9Ts|wt3gxGa9)z_4&N~M*Q>?`bhA8ni$-6Em*f<>K?y2ePf#6x* zGs?H*acS#A?Q>40WBUZ2yrieVq%YZ^qpb^kx8-1QJ&^wBwpVwJz-|GqR}P)0Yg=T=q~Ud@8K_XX^??osAwdLH=`5}v7o&9WpXLvx_%$HkBL zF+VLk?*8V@=x!(~S2r!XW`n&iNBdfg$Z$W!Nk*W%uvCCn5m`v+KqKg*Fs9hWC@$?F z-IbCH901b#%pFObHeMxJo+!R{AI1ndjM{WOjt^`)iJ`XlrM1h}kq8ZZ0+I(3H1Fn* zlY5@b*)em$+%ed{I`q-$`-`s%{;D-6TUu(^n-E<+sUM1Z3G>E5qQIGF3kooYc~>q? zG_K|(b+EN5@$kI2BcEU0SCZ;TF}zfwMNz(MR!JUu01bzJV5M{lElU_UYo)p>*-2v( zR&%smi9ysKxhZx}99_#OP~QqiNL)en9b8^_I1urk{5=5gGhylz8-dnWjwDD+y1@%D zt2d(y@S(k1EOLQ%zq0UTf7{zNs2oFv2s9%0gHM&LIRzfD#;zlZSKcydR5lFQ=h&%q z(|wZlG+cF4XtyD3FigE0I4?w(pvOYOZVPR1LpIXm+ZE$Xq$o6Vzk|D0?KjokmfadO z2hpSb_>@~p;%m3bdX{+OgzsnXl~5sQ9^+v)-u)^=L@HpG5+FXPpb#gF23=Abk;q=S zcNaXHdA(gIF?YtN#*NIzA0ha`n*G+EGr9X2*kvghG2!XI5WSh)d_kyA??zUv?H<)R z{}|ti(7USsq5Hg-58%B40rY~}gGk#h9LzDtJwZ3y61<)+H*)cBQ7ziKJZ=BA;D!!sjVsZo(0$k%-(?~d|ytF zPNtj2)T#8hqU*~E1*2=%I%QS z=ZS8Lfne7|k191!_lfgKj z>;8;DemE47me_aO)a`ed&7xCKn;R{SC-;|QC7eDcMQ&Oz4xi{C+`SI(B?>`+LKzSy zG;k3FYpY7bqcn>0r!$4?uIO>y>~ZWU%!qiyitNebQWx{)ChXA)Wp;A!kUZ{eSZ9FL(g276iT2MyBn|k+_T+B zwsQ5?YQFLGY9_TiA{GwaxLcX&BgDvXD^?ZwVkC1cuBs^Qm(|sI{ryuD86r+mgHyVr z^3&QJo)0};w{W*JZ-1R;M^q#v#Q-BZRLiHqeXxsA+ZS=PqG(|iixN63y_n8tDq})_ z;5nMxA3%AJeys%+zSpyp#(+Re#rRAQ*OJU71sS|t7AE@*=^r)cs=rsX_=#w?P9q19 zNQeh}vhOAVME?&v1gr7?G6IOK`jV1wGcDs@vg<)VWb-E1Q~Lm{qq{Gl zc(V_@5aPB>o(&0F-c8!^*r*)Gud%VCfca6=z8^vh4ZE z4miI6017C?{bVk{2sB({V6s=JCD`{cn+R)PY}$Aw5#j!nC}=!equBc*^>0u~J4JDo z=~`G42dT3Xd=o%5%292Tun*@$9p=?thd+5%;tKgi3(T=U&B zpPz!S!Z!3gHPwDM@=WAqEs#WI25y&_4EaAdaG`H@M4Vv|K;eW22HOh?glO|s2z3<# z#}4vFBrFrd$iDORvSkO`Cm{m#7c|=jvo>3xc4G}i$?=hkprnx38eTr=Suw619FJi* z57zKkp9Zj4G+faBdoSr&KOjp@bL|fdLo-_hx%X6}tX*dj`rFsC$k-3|puy-<37`X2 zSU(NjnS|e3`w96KP(gIsKG<6l+s&f}`?tmN2bOELBhQ}unZsQeTw`m6u!y(w3#B32-8{eIG~;Qtfb4Qxj@?a;jrs%JvcQYv)TiIroOk~$XCIvMS&?ffa$W$d@4gHuKaZu zwI2a>x6b;U8wmjo|1yr0F)VwzVhdSZ#d-tsj0qa|KidNiOLkeM0=~ z8!2sIDDm$ws|AVc)BcO!WvOG z+IQ}YeyjHaKU?tS$?@B*8r_9&1GV04Yb&k8i-Qq3hk%?2 z=&#;&y{hVk0f42>$yn3XGoqFcJ%T_KY3wP7t0I27cuOL*51Gal0W{Yf+dx8*+1iX9 zNT#>Om30YT8mD?GM5}zM*wE2|A{zG5JRK*I4}5{UHrBNt2uSbXto~LcZ}_vr%15a& zqi|hG-*xq+^<4*z>ku#f@^Teya=H=HzI$@SN+e@qMW;WOQ6)~Kv=M5gR@6Z+P!Mh# zXaNi;re}>Gv6i#Tr$ImhdjvuN#g4vBFdFiYFb- z-nT{kJ~Tu+f8?s(2h*TB%>y{Q?DjE2bqHzzUN8h_0uAy&EXFjC{~Z=jZM}a4G{phx znR0$Wugk|)^UKG3@UEzApsha)e{h+UAuR~`Ig!SHK96+A; zJ`y3AHKDB6m{$AM$uCR=P785JZWacujsYo7lgv52*O}#Q-#H|(lyhNRB*JP4;4H3p zfwd1#k`WL^NU^>*o_@EH<9tBDDa_Q3=y(_OkxKs00RE==1=6zIquq zar9Bwxn)F+DbrP$j7Dugay{*RNFIRR;o(#ANc0LpxyON`q+I7OS2acFlj(ApqjmJV zXNdQ09EcsC1v=1W-Rb9?`MHSBfNc-~kRE4={S#Vj)!s+AVnleEh~_~y*UQ7P2qPM_ z@u+A9JDv)qZ>Hv~KM+z)zo67SPc%J$>)I9bhB-$;&%=Dfdnk@yT)47&*Mtyi(+$C9 zYQG9KTwzqS6>R=-YD%9oP*^D{4Tp}PJ9Lw=4!zWY^nVt|(kcJkAE);=vH$6bvL3nn z&evVD;GJdMDd1+(o{h*$g!i)$o6;2)q&99G%pwc4(;`y4Bg9bytw23WRRxq#(snRh z`!E9_)|@BLYY8u&;X)3|R_`q4?_B4R7H@hjJ-PiSC)J`GP^TYNSCV1xc$Ho-ciO(w z@(Ut0O>p)Vj{)d3g#x3jvj)?tHSdrC*~Zt**6$0Q5?6K`YIsGD#=ijt^Cb;8ycpHM za!o}H$dz_&fyUO4E+a^ypOkemX3xjmkBdh5GAdpLTWF)vRb^Z5r0N*fKuG;C0i{rz<#p_x@x;b$G7> z<;Bre{26<7bTgALVKac*%)Au+!KRw{)37L1acWnQcl8h)X%jlf)xDpx2inj1{0F%z zg46o8Rab{t59f0v6R`YCR9Sbj_*P^0$~t%w(e@GLJC!Q>4yxU6i$5HBm8KKaKKA!3 za!;Qql4Oz*FNfgwJYo|!5((wO8;*dS)Ryj&{BCO|{L=awg%GyeLVE@ZH(z(acyi;7 z_17aYu$bgs9FPk9#aaXi9?!)*Fm$(@bM1W?5!Hcc)v|pBPyNcom6_75P3~QyC?nb; z`dv)%++`_|1h%m=PzQXBFZ@eRl-7}3gRc*WH5HiN#)mrQg~KR{D5j%I(>iv6#xiu2 z2SnyGI%kUKc;kVCK(xz)vHUdJ8oxk)yjJ~}MdM0FNbr2ie&@?F78-a7`CA&;n!eZN zAvcUZmH#@?v>$Jytzm&Z06+RO5Pa52KNX!Ph6oj`XcR(5OZkuz0)z)wf8j#l0#&8T zO9=ffu|eAv;@}W~ZC-yIpcFOyA%cGTWAJfjZ~VGBB9eigJwck%&1ov)(^rinh~3Yh zBW$=nRxEOiCt$sQu#~p{sUVE*CJ4mQP29lZ~y4!2Nt*& zL&DXTb5lr0a%6%%ExJYfeV8Z>Wv_qFVno#Cw-U}y<3(>Wm6-*V$%93mIF|z1u3X43 zx(eoNut>ZMz`<`FYV$>uvh2i>JC$d0DwG+fN*oO=>`5qS{S#_eW64NP3{|fGEcxW# zi;L+pTiA$FAQaRWjl1X^l0QWDQ{i`Fjj@q41bT(8bIFN{jp=O3$MkqG@BqhKg=c(JBQTy1QedQv!ek_rLH7VV z6g?XFqLBP!8bSPUP;X{RGx2cfX`6~r$9YtQRXH!)q4&*pjly{v|2R6;grSu++}R&h z2I8J*E!*j+bl3yc{z2DMsB(>m1@lwLspTB=FY9b{?YBt)1tc^kDfrc2t$I zDdqfvQM~c*T8O<#ex*ii_`;uXB!~YvJf^SbQGp3`3#hiDtxipr$|`D*$3qq7-b zE-$-gUp69=Uc~+he-AcHt&RW7;vq5$zY!gpHb-3Gz9x@vZZn7E4I;WPIK~*dk>f* zvY9k~?yoAKUKf-SF&N1@dO}}n@$_UmL~G3}>?4<@ypI_L)Ejg_%Dx{Q=2J`x=e8fh zFdPT1G^M!O25oeI4KR%H+kl}%K%aTeZH>o)&OWRt$m`I!a633FXgD?8akp}N~ z_K=$RI(~VuGKNKW0LIcjf|F_-lral-;n~tA<0@{p2IQQnzY+3uiaYb`y+1F?4)YEu{X^TPMJ%mPI@ybS zG=l!0_P#Q#tL<$Q6qS;Y2I+2)6zT5nMv#_xvky)4 zTXAApf2%<##Q$=%cr||(Uz`Z;8QG^Ls=+b|v=iRs7&GHyPA^*H^u0HCQQ*(0YfCp- z)500<2*Oi3rhFCOvl9@eO|)L~7z=*oP}Y~hOgQ6WH8cDh9u&RI4+Jr@TpVxBnDrXp z9e%l8*@@DkP|a#89sOgkoYFl_vnsP0vxDUz=YzHVlxWva1X%QKyWeR2*~nqw&1|&Y zMI_mzl?qr>zbUeG7sX)gXUy-boc$`9Y%ysd@jtO!cCiNF%<=CYc}mw0z*i`IJNNz0A{?QfH&`SVi$=*;~%s z_*=o|0MBR1o~}b!Mhcq((M9`t9kUq_LoyCk?)0HPy^YHcg6s?o#kE;k<;;Z=V8Wvz zy?*PD2n@m)A{%={6gwesFKqqE19SealO8?)l|vmQGw5Cz82C-bDK$)~fCY1ycjmhDeMSk`CAJh8TfLlet~W4yNe>)6BO z!-za_0^ex#6zuWE0m12 z)S%lsKk6?~rsgjD;}Il3e*}%~N#7~?69H4C22e!u><=i$|Esk=rV#lrx}hC{9{wW2 z2quHGoqgG$4dvg*0>&iijO;m)&Of_!=-!GQBM7}O{{-L6slaX6)?U5*=Ps}azaT{J z|2Ois@BV*J{ynHD{+olAYe56BVY(OUhf25 zUs=~KmkV!6Fpm690<>c8e|$SP`W?WOVjQ8UuND3a2CP*m)kv9&t3TiL*y;3|vPlWM zI``V)Gw72AqeO6q#L!%B#@wt=`JegrIS!)lmfk;d`eR<6--ivj)Y#$$#5>5tGN{D3 zy;82b5s;_mAOaf1{u9}_1kRrj0g5q%zzkmYe}M+yM?ws|{}VI_hz?4?dk&{5h}at! z(rgy@3nK;4W+j!Hj9<1v%GAsKxJG2i{_YeoQQ~K&qEZ0RbZNJe>>3DpCwcR#SV%v^I?JU6~62L2B?m4C^tpk?Sc+}7Uh z1u(E!-VKm+=F103TgsD+P>9`kE3^W_IBZCySPbx@EWLn{TcO;`GW|t}5eT?i&lo@i z72p&zJqu953&_zGY+Ep}fu$ZKFAap?!%5&?`690Yuyg_-NGT$`oTUffdiOV=2jLPi(P}bs>8PZRHz^>b|ut(YQ0$?v2vjwF7#-qhX9QK!BZ%){(*P+pcpKMczliNPdB>9)5`ijZ4@Ba!nabj_7z!#Sqcyd}Y3wgX;0Vd!b^&_h^cNK$#ZO=a zrWUuUh-oV9^F#7j)*XmhV+v42O)g>eeL}!UJflE6kUvwAWfhYh8Eb@;fx~71Lk#PL zD3sp}hF515s{o!;RUF=nNpz+vFfgdEq35jT1~x2+L~cB~@a}Ne;GM)U4g-#iATjxy zyR-cws1JXn%#F7?7qBhV_+exa<$b_uM+pmrKq!3`^kcx4HLfd625h>c#{<03NaC6@OGi12%{a}gQZtoJ3AC~AItKigKgHi4xE6;l-^neia8H#_Uovi<5%JpHE z9YmsoP#3W|{v04%<|bcmC-(+i$OorJzX;LmfrT-qGtYc)(X~C%q$c{6me41;<_icn zvl#~}Tg2M<@Q9S?h%Li(|IWd-q`M%xU!8#4hA_BWaEm5kup;9zmME|9B?JXN#$${t z{B(=qGTu=yal0?nfM+)u!mk^bAog-P^uC1zLB8Tv=nVP2 zyyxZz_#1236#$9C_a?{Oj#K?Vq7DJ#Oz*6-Hz21y=i4P?`_Xle@Mq`)3t)`+*7qDZ z5Qk(q8Vk3OCm^)az5u%cC&-HO@bVG@Ymre^sK_2ihG)ck*t|?aT>;2ncM!Ncdtg2T z$WY8d;XAmFmaIaSF<|q)+ri7t#PC`11iV~Sh>w8mYIJ7cX(X!EM&Y}j7B#;@bSrB&DYL^6gH?!(# zT>t#|Ezz&)K5J;)#|SL-R-w<2;vmT=H==iwGYh|2tK0Rdo9ijLZXg=&{AhHrX?1&k z$-2y=y|FF$x$<&y!mvXLd>dh0-cpgFmQ6?5uo$YGHh)0F*=UQy*l#I%#3ntp_b!Ib zCY7Zr5S5q+vaLu>m+EkwruEFB@gasj!6xu5S#PbF$v&YqI|zTGbhN*mot0F#)*m3h zE}M%D@pX7O2px9F0YL#$lcpkU`y^!>)qOl0`AUY=s2trYrY9>0>gSM^g#_v|jHi1| z7F>Z1MXWYaJ7Tn})4%Yuh&l%zh}x$>nhzeJX5 z{t|%cp%{|YYyCeB9q5t~8SKe1X;M;Ro-4Og>oD!$O?}&yjCs-};`#a@afU&*xF?I8 zIa(j0vg7ioz7wMps9)~hEd$}ck0{K8yYyql*+Llz`?}#}?{R)b#VxSD>pT#)a|5G* zaL?nWEai$JtjmS-&d2rj+r8Sf@Mlf0VR!XT9hv;+Pnqo-%tcv!35x6xD>}1sj@g>9 z$TN0o)Jgo_SJDq`RC#3c2;E~2-HgVkogj%x9A`)$ zM{T_l5AQ-1RoZnY1mq2pivdKJK@otUK zUeiwWs%3+Bq+zq+(*9OT_qht)9Ax%h;D#uE#3T>@EXwUT$FyWm&6ybSh__G5lUl(Y zu`>tTWgj;ygIJ{jb4IQM{tJt&a_d1KoJx~B+LC|E2LdTc`bv_;kC$&Vo(!^f)jQl> z(3~_`6$fL0|aw`R3)~ z;4WTCpWH_j$?8ZS<+Dk!bvu;16YLzaL;}#KFW#3|V8qirrOu^yuYO(p4tM0F+*12^ zv;j&T_a{OL1dN~_fWnFU{YK%0BNd|{T`qr246dUnAL|w&~}eSR|?6uwWBKwCrhF2QHDIr$V|1UB(A<-Rmq) zyzz_gG!l68?Nqvg-B;FplJ25P&tCy@xjLOikaZIMbN+|K3jy=L0l7X=)nVKA0|lBN zWbYXsjhMBm^qySWe%i+~ldo{^Y@bZMWMk7re<-t* zwQxaq8*E{K*Gipq|NA?b_6=Xs`v~Mh-ySiCW%qbkXx>eJ@9OaxeU1sf(-ZeWvS0Zx z@}&l_P|X2j?0YpXmTdb*z6*AP8+w-10NDR^K9mffZIG_Ef z-NP0B7E6m;vS@=Sl%6wmtKYLDuc>y!xQ={I3Um!U--x55;q8Ucvg{Jz2v9ku_dIdi z4Q|dyKBRBbH(~ej8}U8%;~0J`*B2Y3-qVR_Gwf;>fWw3CcIr-N$caj1^~touPmYEy zpuAY!Ga*SvQkI`sm{2L~gpa^aA;|9mUxty1eDLLDfA#~`onHYpSqKG7^7voEBFqq~ z*h`RM74&w8sgKVt)8*Cz!FaAknAH;4$S->*|D>Q?OcP1C;X}rT z^|i+b^^SQDjb7;`vE2pP?|YH4c+1+I@T)ghGdIpPh+5SPUm*u4!Dkre@evAWXp2k8 zuzdzkW#+$5UQ16@@5Uv*)X9B0a0|MH$ILGbR(jT4t~lLodf%#Iq(vJP?chspSfXZayG5x2-uIxATLnfVP&}Ux;4xef9;!&N$N|)Sw^gHU$ z4cEH!(Q}`8p6+gD)=Xn~vjHHI+bC{sS(^to2Bm}I1rHH{ZJm8a`fZhuep(-g=gC%@ zl=N{pW(eK5x9O;J9)QDedEMm%7#dCaN2hKRJsWLgB(7TsExunFHFUkpq9oyA8hk~5 z`e4k$M^Ja-mP!N76c@lZ8ULu3?1%emxNL`syuoQTJxG^heAP*Hfzj&Fo)My({s%Jp z>~ZJjRg3x2nj9@S^)F-zBzIsy1CZE#)&4pV`jcP*9CATUO#E7{sNv`nk*3UM-NXhN zv{&2*)M)~571$w0-RbTpBL2FdylBB{7Xog<8@Xi3p4-GUB-7O?l=5&5KtuP-A{+%< z=(uFPMufXf@w68~LMjR#JSEm6oCN?KlT*=Bx<$t@`Z-j%c-a2MLvx4FG2@-cf1zVs zptV!0KmNroTLv3$uJC$^f1zVj5IUB|_AfGCf&@Uvc#nx7UgqCOnls?tjfD1w{PEKx zb0Tn?gV9$efA-Wb$cp&?$wr<>Is&_+W@`B)w>GCiIUG|Ejn^Q7zU@NC<+9P8c5QN8zd3^FK(KLyxP37oueTIqEmkOH1SZxyZ4dd zkr;{vhBgk>Np} z+AOV@Dj($HTy6{09QbAY3Q0zq}K z%@72G!hbr;0$SK^4V4f13Ro|Q7YDYGjeT(!UEU%W4nJhMJ@-LH9w9jLui8HWUUhS+ zF2KX?{=f_CP>x}EfwNA9)Z#vyldBOpx{@oN7x4e0y?q3gQ>w?N#CA3;qP4r2c{GVH zZVRCR*(S3m@bL>^BL-sN)3H8pYzQE0;++0=7$w7m00|ps&s~5kGlWGo(#TymgH0mN zt=~V_76H4t;wa#OG=bPIinCRNXGgd8ps^mx4?{FRF^h}yAZ>39NCfxtE{}Mpx!+%~ zoQ2BRh;(B{VXVRNw|XZD*Bh$bA)=wojY3n!4p*EpeZ_6SB*YcF1Z}{BzG-iQb^)dV zkE7?LbeIoudiEId$}os^T3V{g}}O8Nz>`4STp$GqL*6d zd|rLSV3Qqa&A9?#IXp2>7oF;pqjD)mXfzs(dIRxq0K~8adO#jn`}Um$a5ZF5)?@}a zGbbquep|&PoP>-%q2fM>XHC8G(~|%kFanbW6=dA?<85lz?vMq}aEzGnY;~^I5d#f1 zMEMMBtcRTaJVN#s*}5{ZFu-X1zIwk=j>io0IoovO`xhiQ?giS#Ch0~nu)77gZjWv8!A4&~utOt}DLm`%@i_zD zt`F(;tx^<#3+VTz`J2){0ogIGuaFy3^Y!J6&_o0>@97)coyq6vG&S7%NWrOYjSTeS ziU(p`ZAdL*u=hTY#Nkp1et^S7Mz0ek78MB&W^RiYYb8H^TYWcX|A-u{UnKZalS{n&Q7p&Q#;+s;+dYh)X8tXcoH=6x0R6sM=k zsQEsZ%cdsR^Oj&^@p;CS$$KWnt3iEHnV};EIxACmSr$X3H>}}x=)WkPR#=UAjD##N zo1OsFW;Ca6LfKh4_p&a=baD1BD(@`&1|`lDO1`?@Pka*uo9ELy0;46yL9X_LoAJo@ zQ)VIqb?ygsu(s}$uO=$38w9LGi*>4EDQ!JIN1zMX&x>-o@0)aQPi;6n^Xx!}-@-_k zil~j+cIQ-iYBR}wBbXudE*r(6iJW+RT}En2BDd>DyY%r}#R+nD1In0zfdhK2yQQ@h zuy~$NR-K~R$n_uoT&?q5N=!)btQ9`6$kj*_#m`ViWW-76Lt09qCJ_;`=>II_ZFO@W z zmos+dQ$QPh$|(C2Ro1+^-}5JN7gI<*LtJ5i%e<0?#)$MMeiac9lwj-F*cDET51R1-t5QL{Z& z`$~f#`a@A)z#-@Zb<_zE-Tb7U_hR~W4Bw+6MQ~5#dezlO0sRhss76;6zCmDMCVE9S zJ$nlFtB1t=lL}liHc%g&6{;MWu)fu5ki;`35y$x^er8_s$tIXwBJ7ad!$p3ueSagS zRxXOdK(z;ZRfv>dCqmQ)yIWeJJC^a_r|+V$5=})$tuPNlj6t@3*t13=(Z`^Q;*e!J zzrWn2x5bNcO*Pc@SaxF`ivfy>Bk|f0_v#Ld_{gsqSyUq?^&`YJBYDaP-zK1*w8h_&{wy{Ch;77vU)y zrJ+K24MJxvn{Xba!QdppM6TM`iYaPy(*=pBbz0Df=H&yy|3W zFD{O^9A#n|_Qc9zxYi5R-aX#0M2mQzaOrSF9=r3UhZ}29k2Tr9tIA`vlInBN^Uz64 z`yAw2Wfky1OGo`w%|dB!CaP>tz8GNbiQmse7J8qViuS!`rVC41>Zd)XlEnKHYz9rk z`O!9b%ngjL+@lBkFK`Tcd@UCBPbz?>`56~C`i^79VFub+iA?XMP4)RdgO|qh_u#F} zF_e4Q9xd*~QIkhI-|uOU_hm`=pmoX2-Qb5we0!)n!Q1eQg7-0*eoGE%V!F%i`b>c} zD2yIzb(^4U;R^P<7#Z*3#cT!eam;Jj=@d8zMBu~M14ZHn70j>up6A5Ncab(~PFV<0 z-<>vOFSkvv))55>B8`L;>Jj(*28jMr+^u~>pg*Q7kLpw^oc`R zp-bVjW{Tq5o8N;&d_-R5w)dPkP(jHuQ}&}WO3BAq(h)>4%7K}t0HkoEFUBA%<^nPtGps94pBa-W zVp6IGLLUDTcHk?w#Mj$VD|Y2nO+CvML7mRiDC)(Fd@{`Ot<-9S=|<5kEr9ctWm!(l z*H48EWd;0SDlLjdq}T{Kkup21Ys~2K)Ad6}vJ{9@+OJ~<;>O8m){Q2FKPP#S{hnon zM!z4apx7UOYp_RZ@GGZuUSg-UP2_G?+zOATtUHWpdD;)z{G`u={4C>(+l!wA~J+Zmo?q`fTT6iraFqI5Be9_qn;1P$u@cm|oug z(uyW7>=9|TM6fM8ZEVHiDWD=P5)IGSApMl0-A_9*yDG!(9`hRlq}|1H9JfJx_^i__ zss)d(_b8;~W$Z4SHng#`A&BH4R>;&)6;`k5H+42f>t z2bmAg_esZazSct4A(nzZS7E=WhhMfZuI0}~P*TUYJD^L#LIS}YQ&DAWAX(i1P$UiK zV@Jmz=BvqwIM{65c9ksoBj)m_bU91W)A)46I*j>cKRxS1#AlHBSj_F?y^*&r$c#nO zeBT8X;;u-09HbK=s)@hWrpXNY76DJhs1ccbV_h=jrR@>%DebjKM{L8ZF5b(-z~q}^WKoN1Mrp22gr>O>cmk$MTA z(5^|H4~RrMk!T1V4Yjq2-y~*VWQqHydC6a~l@|qe^~Jg%R#i@Vkxj1%TZi|12Ivel zu$6W?H9n2vHx+I0LS|Evwn6id9-0^|SClr;3_YF%F;amzh4B8EYWmeEyrE>Z^8O29 zTG-HEo1K?u2UCEFyM$ww6HL}B8_)863P7#}6diKX0`li2w3t$DPBi;nHYTaM`t|P?+Tm+ufk6kI>|KjO`MWh~>9u?xmXj;EjIicMe zABU7k^y7$6yX1L5U*2xCc7zs#OMPGb_t#&%=D|Mt_^$So%OmAyGVff-2;<)etTA~s zme*DGjKm2qC5GhNc27~u+77R@ROOA*Tw^&&*f6k#g=8}hh1bjdd~qcsd=dVr-#ibQ z-%B9XU_b4tHh)EoLYmwrUpYcY}JVU>Pt-!KlBDwVtx4uBs(q@kGTM zb;SA6JRyOBg%^amgZ2gnjzsa^9boTy)NhVOmxcKEuh0P`PhpYI7Lg7Qpuf%Yi$q9NQq%YPb_%>x>qOP(eC z=h+mXJt;|~kN$2o^z6={;c61{0e_w?3EIQ|RD|NM4uUTFc^x!7FDwa>^si?IXGbJ~ z_BaGeLcRFc&w@js;TnWbv4sEAz0e>2+jV3OrjK5&OLf(Z_rw+0@anDCyw}?V+KyGQ zpCohz>a6Eu+z+4!Q-kwJ&*fmh4_=*M48rDA?Ff+NDTrA?^|SPf^y?=xYk*mJ=-vb*U3O zc#&blFh?RVck~jz#WLzlf;zm4+tKFOpcFCgzMhn$E7E~y60U|Ebu;yH~ zyvd@*>vhwFUP$PpB=bpRjr?cjBK^%bzi zoi+K9=QaNtWR_L)nczTM(N-D2czO1o>MIHuJI(OG9fav*M$O>fkih8x+hmf?O>{TC zAFCxhPzWVXM|}8_k3MgX&*xF@T2f;C>UeXnkZ}rB4&T?YwXtz=c6OG(kcPs-#+&Qf zX8<}0k9_fDaXhV*&K1w^ZovJ@ETF_sxh;N{W6p%C$GUZ1Q82#FovIMdJ=@J4%n zUFk_&0c8qSz*}5?`Fek`(`KbNxiBZE6X&PM_sMF!#k_*I@~4kP{j zvnHF@An&>jYPTLJnPti+uZLSt*Nrh7^6j-?Oo8-&WL3Su<*r}&`lFLj1*lWk$v8Zi zG;n*=v#o9G_5#gVzz%$78UR&HC&kK}NhZlap;;&qPP7fC%^(v3G$q!-VvwcZ$_|#c z)gN%ZJR1xr0QK@P)=&Ehy~c^g*Nus+#^N?``bK2X&K(r7c60@_u+w|V+U2=Q=b%E$ z>GDH-_Kuzej_#C1ey^JF=|{FFV0(4-fW7}$Ufg#3vxJ;ehUPeccF~2F$(qKvrAMM&S{ZCc@(eR zC_|O$Ef(FurLK2?#MS}CQOD%lro|Vsk*~428X`z%K3TEuZ87G#K(LZGyIv^+`wHNX z&2hdQoi(G%4|~4C5I&xXhh+SseGFRvB*|gL7YDP|#^JzJ*1CheMl}vo{hsC{!F#-Q z2bmJbSOfm!J+Vp`c~p4mn@fyJB9cXISr^ZV=~4&kf#<^jxv0sIiQ{Rl8`*3D(Z-5i zC}MKid4Y9h#llNyAx@73Ga0`^I*|m%M-@Yn0w?3_V5JsP=zc9Y-lrC;Udxw4C0J+= zKjA;{P}%5;p`QYpx&@~CLuKOn%+aS6okR}#1<4i3x;S73_W^Dd6`7AQBVnNh{~g?q zp&FT=)-W(|SyG}xs^YAJGE&P;#%(sVFX&@V0F-18*e6;xmEXk&u%sbGe>;%C#!j0g zU-3h0@7nnX1*->;MA5hGQHOv!$h24Pin7jX?-4?8%1WR5Q$47I| zkdjqinY46Ybzt|p#Bw?iLQ{lJ417|RO(KzC;Z366=r5ZztSZ60yH})YZsqPgy+6wO zO6Y?%)^lZ2I_MdyEC#8n>=(pS)ZXi1-OE&r(rwkg0n2#(9>aoW=XzN|%!v18yq=%+ zR-LsBZC+iy$I-snk0OKjrWJ2A>1*VoP$sQ&eum=*@?wQZ`sAh^($?iIZi%pg8*e(gs7?$y`8ar`n-ACU_KV9CzQ8*Kla&V5L)o^KZ#8af?cC49CR zq%RXynoF)9KCY^xV-+`Ssk55oJ-Vn3uu~kPmMXF~6fpHn?<}1yNwblT--kY#VsMMz zY|mTZceIU}HKj!k0PcNP0K)-bs2N|LmO~+wAQ~7aek_rp z`1q3m5!O`Z?kz7*b^#H}7$t~m^ri+Kz?IYB78Pb1U*D)!=(9aMCl>-Uu;US|u2pHe z^*AE9HTXXm8zd3Pa+Fg^_E-y-^=DlNe0_V+>HsVw2aVkjQN4)?nm(C;KN z;4@kFe`)gs!_8%mH^&wd5);#cPLcn40nk$L=*|OFqC*Xb)7`o2=?DR*)&5wUDee0! zTPD=i>P&b4=_2sbg3+^ca>kU6+Y=HJ&L_+&|LA+rtt%9Y1_n3Dg_}19ySYDhJ}5Q9 PfPYeA@}h;phQ9v;nzSbe diff --git a/workshop/static/images/01_hello_yocto_diskfull.png b/workshop/static/images/01_hello_yocto_diskfull.png deleted file mode 100644 index 86d5293f23458dcca2255e27fc6ef69e9ea7911d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17645 zcmZsCWmFu^*6sj7f=hw~4em0yySux)%K(GB26qOR;O-%~y9alN;KBXoJ?Gr>eQVv@ zKYCSftE#04Nb_QBfsn zQBe{l7e@FS)2vdrldf3?5$Y^+ijt0>MtP&9stzzUq+TGLL+udh0n3t2T zr?-WRz6GP!3n*0XX|Y9)CV8r79IgzoRZZ19@iuI|ADF@deuTzL|E&zrl(BIJ#=pVz zOOL>cQy?Qpe-vtV@sx&&Scf)?`UFJ?Yc>U_oBMjoPU4Ok;tQyxBp=2b?u0f&BDW+j z1}rNE*kzNGU%8TV{4zk_Vg|ObA%Hn4w$x^YrESDNMz~KhmC}#OO;Ia5eF#%353)3< z&xs962u%1214G^ZwOnu$5KdNz3ok;Cfy)>s^v*&g5@9aM%zS!nZnU*48ez@B!hGp( zVZ=qC8?Tj&00!)GrtYwrk|AVz^TNQKG`_zJhO;u)+5(whI^N#jFV5cI-}MK(yM3Yp zx4St3VkAawK1+z3f4!Myt)}IwB`?Qg>S)hsZ02ZU&gfz9^w-+}0G|iX-=@8}t1*d( zy`2My$Ah2rUlKfj+y9W6NJ;)B;%duJswJ;PBI@X3PQuQ}#>h-6fJj0@!slXU!J{H3 z@gMcSPyD1-uC7izOiW-fm=Vm%=;&g}#KO(Z&BP330sFY~twV%1=uAPe=c~{yk1}59|Nw$pQ4AY5kob(?1+07Di^K z|Jwem%J&bIN6Fg5+)hi(+TPp&^tTTIZXgTazvTZP&j0lIzcjV~N0XKPe=Ghk#(xy~ znEo06|C-Ogo%Jv3UvCK@@-h9_^8$#zBgFgwfDk}hOjykW>MR>Ji*WvS$g$qRSuui& zT*!$ggJeLr(kfoWxn!w}YXG|OlT4sWrB+_g`nNXT5cHi+X^#3f?Wy3wt*4u*cjR=sC;e@mRZbz*T?cRBOxqsL zz0A7FzytdUm(wogI9Yem=Jkb%BP*qD#cri*_LRBtv8bs^9-iUR&xKVp^GtUOqU$1O z+fa4utqIA2ZL$R+IB&{#ci)N9%Eel7hkbyPkXEdmlhfZDLOQvv=4gx6+kYvV6E=O) zfNX@G<)$fYScERy37IEJAEqgI!!Dl;AxJQEa?|MLW95(Qr)ESnP$=dC2J_3dF2<>__(&a?P*+0WvpyZ>h5wORg! z(feoau}b>SSBM}OT)n%}igwGQXt=SCdy|7AE-A;~+MmQxqarZWkXt#izsfn|5VNtE2o8P&uJ z54l_Eo=D}Cc{ko624{`BW=ITXf!o@iC*sd9&KLJctY|4PL)Z?tXoM4IsqPxA zXMwnyz(T;G(FMXes~=~Zw<_STL0$p5wm!~x7xOAK9uFZcBM!1m?l$WfKaB)@3>M{} zWj~>@+J*OP3}ROgw?&S-i}T9!sBH6pLhLG?)$RPv7%Qy2fV(SK|-Ev!`aA5 zuteQ7E4p|3z6ry#m@(I4n{8pY95v8pM8%TmD{YSV@QuBZoW~-Gq-0kiLa{idXF5_2(T^ACNn@JIMm+)XA!cYuNq4R zbEc8}zz=p7S&m+%URBee#f+cpIjt3L_IwHs6WIykP0N&*Fw2A)I)GsLs~R!>;2pT! z1&^?53bq$t{*V}gyPsqWKTo#Ycq<=mf3`1zbbVjA`JHv-{fyEuk!OHsq2VkV%4x7@ z=w(LLU}v7)`nat!*P$xO>LL^@xr6Zq7N>Km>g~xgPTOeGv$zeSm!zmxu3pMFSbSg+qcS%a5?P!(e0qh z+Ouk2{JT5vSm1gi9v(E$WA=xAQ$w8edHYYQtw%);_6wTiqK;|vIf>1mV2rGGiozrsTNBQzufZ=K+fkm&VO_qQQh3@igf8f3+eVYx8_mF* ztr*#fhRwswpXiUX3qS;)>KK9bi-hP&Sl-n1lg-ne_6u1*eG`R;c^S}rh5lOF<2f;H z7V5Eq=|*~vZL>NyJuUiahs!pdnc?Tg<%hRt(;O@zK`8|--QL(fO$hfGaH9P)$|h?HeD3533)oM~EH)lX zM#g@blSIK=U*4^jngBD#O=xu?(-R?rC%JUpf;?s~uEeD^}A13(wqV@>^|jb>n}Nj9y@b8h!e_bKiV{i_;)MdA7&g1R5G{OW!So}aap2JU0*2Xi;Rt*XC87v zq)yDLQ~j4JKw--kuj~oV`@wV*sHQFiRM$;RwBv3`m?51r(;=Xi_QpwqX44!(~Gc@2PQ7IUT54oQM6<*q>k2C!_ zZa3vo0Zea>E;cfB__1YgCX1*TIHc7G+q!p#J6VuR9n0&v#1E*k8zx2CKY)Fa(2i9{ zw?1dNcV=ke$GuO;yobO2V)P40hv*XJzb9E?ML%>~MjpNd52}#4EV*RM%*iH99g3CS z`|0fAp8F1%SzgqRBcCao(hgJ-kB_soL_$@~$t7o5ehq@;cC28KYm_B8^V;h^Rk}L4 zFG`9Z*wfTe3yE2F-Hyq{uJ~I@IQZuB4c&S(seiAY{6xd!A5Lo8M4Ey{tY|h=*f_zv zEUCPTWO%f)^@o`U;mcG)W?DwReg%rT%@m^Js#wMs~QehF*)=0e$@B(YE0(hUqzw%$n zcLw+2_ziR3`zCIYkv^5kKuju)#3S4lALgN)C5)V zh%C*kXtP<_-UIJ!T-vFM39ujLNaMjma>UQII%Q6nqdROAb^hC6D?9|ru#jow+$aw| z20n}bMm(P^yd{Zfb5L~|*4~~*|Ce;52(h7z#?El6rd#~_bPvI;lj0Cj0C<~)NvKPZ zanhw;GsYQMlkh_MAVKn=f>Ujk+v!JV8T`k^u0*hFcAkEk1M$O%n3=z`wd8ey8IMzM zjYj$fxnrI7mSFUY&WL|;xlbP8wo8E8<@Ae_&n=NG;c9{m^v(O3%csiI@U#&HsCH3X z@D;DzW_RY{2;PcNVAj+@nU2y!m_Vh#-dnLy{2Q-dMT!FS0YjS4cV9ESi?vxptz7&_ z&JJk;+J{<(y7vGUFCtnx1SRbb{9lwsg;6rB1W)@Jtu6-Mh`9jQ$4G)jiXHr?0iu3X zH(tnOXpVp5$TOdctL+)XUL&!P>P!BrvddvtN;X_w(l=DqCwFbo54k3pa#>36P*ly4^&y|784G0T znG0m-Sr3kk-1G*V<5|3){gF$^>R>7<8O5}v;3D$2OyM?3Q~TBJ?KpiQ?N|-m1=A?q z^IxPcw)l2U*_2J4yx0lTF|y0PT@ za0QIy8h_mGV|wAx_NkENyRKlZXLlXTs)j^=jT6eC3+fjBsi;7RzF@i3>WZfDivZ^F z{{8q^EEN3<_Rq1py%$1acVJrk+Qf^_H8?D)3{d-isTr!!e|SUH#{2C=h&uqAc@}qZ zzQ&CuTwtjpF#p}(1v7$_@Lo!BXiGr-M+n9&)VJtiT8XFDDKKZ@ueUepcBY!6qpd#z zczK&NKR-B3`TTT-5FXHs$73;1+zQ~Tq7#P1gx~*A5_fY$OK}3D%W(?w06{#HwlAs$MzdMs`p8 znT}?IE#m4z-!~wsrl{>*E!?_4w6s=~dOmCi9JWh@VT8f#c4$dtssCv975pb{9Rfp~ z4k`br`pSA9-&#f&q1k&$*p;M#ZIKiZ&GWkq{O10 zdb~DMuUEmVXI$r=Se&afZ_%fG36@3L>QO`uzj_h;_Gkh)h`{HTHe>DyYT(8DEspG7KEVcS~n_ zUC18<*xGvDv7^H6esim#DwpZDPM4FrS2$gIX^#Hd!Q!1&Fm;%E~bz%=*iI$NISC z5l9}v$$H!|_(nwCDxess%gKD0fXoTCo^56;TG(KIAGGNjpt`PXfD%Y|8WQuYo>7ui zpZbh5tO4~-u5|ufX%)jkEZ~#ixls6dlDI_5y$3=}v^2=_pf z1#3!&yDBB9`VQ(u&F?|9=~2o*x%e(g^*C(g{oMYXx2wW)yATm{Cx}lw25-Q?32&uf z>E}=z;L>7#pX*iAi?_H?sH&i8;0~Wu;;xZOg|Pid*OpoK`+1^^ZCoka=WhvL@4sf9 zX_Ih$3KPwgw!_1BmD`%V%Y8+v6##c$I;>!`#0z6LIwYoZF-(gOtq752O zrT%!>_qPa3L&XqNc9JuaB8}fbz>G!2@Xtw;!b|uXV0S|G6q84i!Kypj%OB~FMkAT^ z*(tc7HxC{iU{=z7Cbf;)msC$n5b7$_in>cC!!8OT0e)RYRzPq~{_>*|^P?)Zk#lCX zym!tIxWFLEPP=sJZJ&Q-o975E%>04no*z5h%BRZCmu)Cx6Cm1mMAe&{-O!;BaDm4= z1`12usC}b%jobU6bVdnFXF2^>nW-;dx9W8~LSYyTI@nGehT7s1`m%svau!6?pi2cY zH#!=ZdVy|KQ4I*E-hRK>;aE9OSZcV?7*`lqO7aOhAraY%pBNnOP@evSwR!$y#7{bgu?Q-QfW+OEYl&|i}hnh@cjj9rDy;r3NG1nV2Isf~N3L}D*H+oK#G zMz)!Ar~;teYx8Ay>KlhR# zGCi!Ly)ox?Lzyz-Ff4&hYVHg9bJ8p&1xQ$zz`Xdvz?o*qdG^vt`zjIa$7dtRMj`RT zNZvvL|7w?E?p+q~)OGb%R9!sdJSc&}ri*2Z3TtjXu9IXe67(nGwCOgrK{;|J^qQ*h;l4bWSNX2*X7e5q7;_4V&m7q?>9=F5tHCD{;ovn8%%pzy zo_J~om)R~5cIF#_=XSB|{q4E$-sn&-yKC3tk-CD@h=Mb%QZ0TL^H;iW5fDYC2d*i@a?E_w&jsfSaj_nieJ327X z(k+N%rQUJOpzmK(2TDc7;=_0z$x9eQ&hQc7Td>&tzVxy5)qeTk3z-Oh(z_g_A8 zTi*(K@UQ{UTKz*PX)oTP+V$;|cKkfL+T8beg{`UT7Lf;v=M8S|Eh3&sqk zav$lxV2HsV4+aMWaF!>%D3@$nm$yXf;8dscZKRc^#?D6`^-+rh_Te>7_zSbAEn_C7H(m|YBhzmS zz$sWC@17`_$)wNk?tZkxhaFVWjKNMq_)K(t;xzcR*Aa*%Vh~@MQkF)9e!$im^dF*q z1XPB%5RHj5>ESnK9uhhU^s(ndjpp-C<}b{>>swUeb64%pe)j?t>#TdYTIo4!CHzRn zKr63A#?}SAikvETsKVJDc$lF-p>0znD)#7ER3Vn7RqeU znj%~i_Sp>a)}rN3G|S&D%>c~4UpFdZJ1HH#k{=3*sSUw;P+(3icduQ5$`v-xqge{) zMx|X_)uhomBsA}8=~`HqQ@_^nEI99^W5`>|A8Xj^WB13d+YW^TpA=8UFJ03Fg*F7X zNn-Y!ij>7|i&Z!p!`q+}`J?Q5eIts)y-P`0aGS#`r-+M9v8+Pkt1V;5aTjqED+&_B zc7KvQRc)M}xq;m;BUV(dixm_)ihEvKrSV=Z{ z<;Y*9JPMBRxBTkYc%?UABq2g}%C_EHc?oR7hv-U1lcd6md18S8utfR?w8<+TeU)9x zW3l+KQASMWXNgK9SDwp9oB`B7tyRk5-Ml~RoARMPPwFL84=wr0HDjM@J1A_FOxv;3 zuC~AHo5YfXn6=HQG@B)kX*)h&4Jh#3O`nv(LOXcKu^$XH9h`&OGUo1RnEm}o)D6N_ zG9GkVxqUZ(5e$~1Nnzj2M5#voaoXHlX1AD2(6;Ch);^f^)=YQva%I!4S)49ibM0`G z7gtYtbohN!s$bL*dw3aaPC6)q7mMps1?7jTsg-MdI2(foHKiwAPXs?=#4kyqCs*7o zbX){m&!lmARz(jrE;GX1{lOtK`|Ix*ry?~oYtO#>klo-b`Qq<&qp)AiWFwD~fVn9= z3z+B@%&;@UszX??@RdjR%>^qPQuGP*w&a&<8`R8@3IlOB1&Ktk4Bj6*@y-!7EIFen ztmBTj=AfJ;5Lb;~x&kK=X+*MGc48KijIPipf{>U)6g<=9;=~>jueBw+nzSKifRe{_ zEyKxIP}rY(bPgi#81NX#1V3!#TdjNWrGlW@5aNxWV0xUkd)J@% zp^L%O1Flc+{lMR2S!!M?9wRqT1@~R{xPFJ{Qu9sySdS8)#=hD2?wL<#xjU zNp*+WyUE%JU*hX;e}3^G zT2I{l*0x;PYTr=yqv0OjK6r&Po<|KMBU?&*V|YRXXLEEB+; z;whE}iI0x$z+sLbE=!S@(JHM{FqYU}DN#0$0|DVveTJLbWuNyaUTXd4=}67Z9~aw? zTCQbHUn%5&&1DVD0-z)8M%TVvA1Bk6kf+EUP^SzgQna6hy0D(F4NPvfWPrF8=(@bN z6I$rTZyuWt%&Hhq^dl^HY%Apa3`8cD)ZW~N+&HMtvm<_9)QMML<9*gha_iGI)XXT- z0U*@guRqBZ#J=91c%_duj-C$oEfS33-)~wFwZFN5RjZoctD|{juuHe$wX%BgVI7Yr z|5aT&5SSVFuu@QuR|)0)FqSja;H+{RC8N%-PY?iypquvVs{nRYi@QnDlhpw}<*-Jm zaOQ4e1$KB;_mU%0enrSgpaQ3Or<|iX{_tPNc^}`=&7!yEC(>+@+1&V!orKupfP$k2 z9hboc;p0&Q5np-i5B-1Ckim@d5>}jjO8I8gPA13FOTFAbv!`bo;4x z*Jv)X@+n1YL1tM3ieSMQD6;JaAZh}E`;LJ6tJ5SP!ztyD znAiGe=?T2J@}}lWR94OTDwds?6zv?mLR;8NiGp;qHvY8x3KR@9i070V>_=t zh#)1U$2t0UW9TwqGvbcgHk1+S0KNAR_d&UvhrC_3&GDj-#8L*1CltAo_t~+=?Oe4u zXwxB}*~!nod&IYz=2=Z!X&G8cBes)lX`=|4)Vs4}HZVgh^hgom{arE*Uw7 zvR}_n8~g1JPT1!D2dER|QbFDh)WRpp4Ja-dZ$j_h?#2%qe8YReDI6H5w%FBGIbR zdsb>Hey|pdDBtAqvJ#F}=6v5_-!!F1Qt$fCleYv37N_~;t%96{!+zF)r#wjbuOlM+ zh73X^Yi3J8@L2VY`9&f5Z8J=2x}5oNXG%{@EmY2XPN;G!qz#SMoj@RcNk8#0xvDhz z?oAZO+5}w8s(9Q#gjumy-%Fd6?a%vjd_>KN%izUik)3qf9oc=%lFzC9e1Wr#)+}ps zo{v+b%a-v)A&QFcN?zEk$oARxw+C}=pHppAbihb&LyX$W+Y)9G{NnwwZeHb=CrAiq z(JD52HFXbs2v|eC?a%x#nNUT)Oh?8A#85HYe8?aGF;I$&?qSE{g}s%)Z^;AwQf{>C zbpIEwUGA}yQ4P|{>;;=RW_X!eYHN>!(XH@-%+@E+o0B-Z=Uwfr=^iSbm|-P1u9%&& z*fg`x3;_wLSGLAO=*Cz@3d3jOs#$CUsg9;CqM*yz#9jUdn-b#MMCPK|X_)0|TlO$& zK$oh@5Gi{y+I~c{Rx7S4XEbAB<7+)OeV*A}*U01YT~4?FlT$q^{a^^xE{EU6OaY%| z#ZQxh&ip|iO@TwuVtD9nQI@f*(JI=?>{J(ptkW8$O(3UJHfq5o-~QM*i^*r10|ox? z>LU=Q{y+DX9FcW_7=5E@*s~*fxu4S8%)9!-o1DYW)*hMP3eTw9FB?a@aOpN94zNVg zY})BLIE2|kUIy_@4U$4#8;9J?;;gW^Lohre*z7SRnyjAYX#iu{N z-eiH2rUbE(cdzM=NP;--hu;9DoxN`XUD&dmdn2h38i;u|Qf@IRF==gQT(J*dsUss} z;;v10;xNhwz2VWG-97Rh`jyA`OO7W}Wa`Csr$fvujk*SpFL?ZWKBfWlyK!^nb(Mc6 zL}a)Eji2HMx*j%2g*9C%{-7N4(zesA#$1>so((>>blbGGvv&4nPekBL~S`wUsna~b|}MG44*3sf*;cISPt5GF+OpBJb|Rpc?r zr%CfwFKWI}tj3&TFR_^sD8HlDw3xTQ=fP@@sjVX3=(FpoZ9e4|^fjGIsNCY?vavsk z@48x|=8(6IE7U&2lKwJH);F%JV_E*#Jg5VgEUlPwk`iGQ`Ktvs-q3f#l3ybo#D}|u}LF3+!FRR!ORH~h73I0syUsh9}y$T*1kv3>r?HFsR zp-|~JVUeJ%0v>hckJ0#y8Zovdn#GI8^6H$jTA6TdeQXAihM_dZk$0^3u-KZv(<__o zcXZWtIr|~_)gpeS7~xWh2`v7@7o~1Y(6(=^hS%RA?6MU1{^gp_Z&9Q{?78C)H{#i2 zQ`)%}X!GNlA@xw$K=7$0Y{76|YHQwkL;F4MWbNf_kz;1d*6*h_++isQmkkEO$AMC!2h9l=Gs9-GnucA{^qA z-a~SkRr&8n@ZsU#Snf+I?cS%+a({oUw>)**U;rlAk%8ztgl0nonGCojYU|a2o8FVn zft}kmt-=BsD&D%OMV;ZRM9P_kXg6o=CY}{&C_JZhUN^mWJM4q#pBHr1 z9m3Q&^m6!rcU-yAAhTg#l=1otc-scQ>(o#2UBUjLHq=GzSiYZ=z0v;OH3;pqnEd=@ zHSXC9xx#>bp0bdIZjl22DF3;=-XyAi)~gjL0klvu|ILbZ?zj8;ZzNYE74lzbk~6es zGEU7E*hJo>^>{};5=61`_QNK!wbiDm?j(WVptb$26R!e0bBHbt0>v2q$Et}%a;W5Y zXANCyhWu~L$%zBE`P+L2jZMR&m#dMtjBlkKX({O~o$o6I^=8h#SZ$SB7CCQM&rh3z zE!lzUDF<1wAYIobe?8_Y+j#$zN@bG z9F}&P6Oh(0<>l7u1w9_H1}G!O^+LIz4`pm@@kc7l_L^kqt88jU_DVNREKg4EiJP#; zyXcij!^{*pb5r4w(Pkn=V2zRerJ?NIvZ}(oq2&Z~#|=uo9Jl#toKDJ92wq_3s>O@h zc{ay@Tn5kb8n#Ka(Zxe!gi&)WK7NhqTar+bsSna!!g7VHex7vh)_S-K{#R>YlX_U~OB_|J# zsSH(umSC<8Y~bV_j^n>EeetL;D1uIq_NNk5yn}@CUz`U5$LT-qyoQiLiW1e!4b`Ir z>Z-;$Bf~6Amft%)J%u#_m(AR&xRnlLYiKyr%syurKlz%fmuY{;+eR}xfCvspwo57; zQ+k$BoEWO(6PM@q+0ad>&lg#!SX66U2toBlR1UL8`lAAH62%PLe|UlwzjP-6+0JuFtlbZPgs2=Hm9V*5yU0{u zjpkR8#l#lovP{;rzwHZ?>-ldz@Mr<-!Eip=_)DeTkOm%&BzM?<;FMV`@qdW)6|aK`%h^~rq9ea3P9b}>?u5&6jXCus8q@Wstvr5v_#b7 zk1lMSs@QYALoUozrBk16{DTN)vu(@AO{FElyE9}H*_wJrM83!DtlP2ArwsY4iR1LF z?3|0I%{~y%>ah%BTnXtciv4-r(Pw;`_=@K$Q)~i3C$3Oid2e^NAV= z|D0WQa~HZn^-))>cK#vYWh0UwXMqE*m)lEFw@kjet4Y)Fx*VC1*}Ii=%n`>OSmUbT zLjt+yVxU_5X!HGqRktTL31@{}Va+rAezavU?y z)=KSR2-;E7)|f2Nra**;ha^$adNpX=4s_n#b338(tt0pi;qtVUHVAx6^uE#N_{#gS zPZ)jU1Rrgw)oFtO&(~am<3sz^$dqN9D=QkMb=>NmdRRRDLUa}Z$TZjQfU1Kvugq7a z7hLCouk-%B)+q+ql4Qo^kVG#pV7jH$z{X19!lD#6qqUSOeXx;t)!k)~NARL@>uh@A zcktZaKUCPU_`@Im%E$3)KZKig{24fy@NxQ6BRhX&Fj)%TisI17kI4iW_ri@uOW3l{ zh%|G&qRWZ-i4?NrhBYUvhGD+>s+bXaYqIr}sy@$+PN)~fpzAmshp;jRf=()ONw8k) zn)3_ency_bwCB0tadtJ+3rWLU`CGiF5Dzy&2)JGxUbgcFgRyjn%i>BT+>uG{&tELX zjcnU6UH$wt7x31K8_qa%`q<1BooUOA#FA%B8mfll+Uq7BqgbS#2w_KXGJ%^{Z7PF- z>Ih|op#o>?IMYHt>HPQh7}6R(oUt$5jDeQ7@gXjq$3wq(cq&})`7S{U;36WoveIAK zy?bUL>I)Y{FT7ezA*&P|MI<&@0wd!!qptoGHl^|N@OF=X)#|;X9Xj04+EiPj`1;TR z4dQ$~etb|?y-v_E%6)_F3abb`{{<`7=WoSg@)t1uz->yBU&g1%tOAj&kGx~rG-u31 zhaX`U5Spa8R38e9)fU8ie*Udzxqj^igyCV<=HL|%`*bPl!Yeg8B|_E2TV6eQN;>qZ z_P#zhH`7!C4d3qR?sw1BZ~zGOC? z_bn%kD?X7k)_Z7NGSeeHZcW@Mcp5Jqns7YvE~RfUROq3{VJtwkh=Sr^({N-?&5@51 zAB~MJ@6A=9u9||pKclRJ)^8_Rcw(VEJnCJO5l)U>KGpo@>^=qBz<`QYN~hD?155^_ ze;P;-pi&0ZX&2hwFM`^|3ntlM*CmE8W76#V}jBMo!`o}(oXN9ru9~mKthq}66Qgu{xjXmP&%sai2 z@HMB&{B-&j`-MkkvcKHRGODxB2|eWA)ilg6pZgD-Wd!H)yJAc7H~{T(dqy-ov$dcj zSbzUU{_Gks0u4hlq;P$iIsKr1bDyBdm0 z6H2`HdBswrTHsEx3feV}qI=64#8|dJ!XA9WiJM3@^_<<>w$O~RG`S}_VA?S~7=ub? zd(($P4-$B$e!iB3{Zx4)G3Zdl-D-*a#YADYfmD$>V@_CcMAWP=cVBI1i&PQGJYcsL zhU+3~Kbe>u@3jD$Z1{5y+F!s}7FsXwu4?U^x$=8ebo_T75jbHyZ=Nx%kWpLbu0 z+`_9O+Bd6pE1qtAch`Bj%nW&v*EIP-hINRugL##)fV=-F0OrO*apJqPqADke_ zpcEFU?CLYT)J+lZ!ZXW_gd}iN?C{d@E;_Suhl@yD;S4*$P+vG(s&Gksx|?lnAb^?C z7m%=k_c1HetfyBl9EuKnWab>ZA{kZuv`mQCJenZay;e!Usx}ylKg^RP-c#Byb;)yZ zZoB?`!zvxd^*|!hu01=9;zeaZaqbZ1ne3X6*byf?CrPe&%+bI zVON&kG31aoY_;cW%GXIIxx%l>f&hPf>9BgY8szWPsH1y1Dj-n-dpB&uh&`1wv91&d zmB;O?f^qe|-swX?JeB!xEQO|STziT1@QMrt>lxAAg21%Zy=AKfg*c@KhL)Bgr`5T97nJ148k35_kCj@*H z2>L;rYCyj!ah%kgV4KVxga$M}Udv&|llK;G7ivol8yRhw%Eb?QaLjVuC`n}EqEyo& zQ5>RCwfh=@bNX0ouav87HC3ZOD$_&e@$3g z=sMF3>lCg4Vj2`JevyDxJcryBVv)P@7TpP4U=yZMWWv41CABsYD6Ar-AgC2_HC7;g zx7{ab!}%N5s#RNO2eWO%8b}|&aVip7Lbyd;_ttMTfzU{5$U>3;FPPU|SlY^XZ= zKJz+^NGL}1$xQtAj9qT%wMybQ#}|Ec%quOeI`^A1(mZ3VaUa{nVh_uB?kj%&_JXM) zhw#%SBWjm&*jfA{Dp}Y3Wmz_!@tO>)uNX@Y;%A`OQ8799{|)=xpsX8BS|5|#q;q7T zZ(2+#+s}2UTF-_di2_eWX!J>2>#MnyW_6#IxOAQ?eLEe6V(aXp3UXml*07pe0+je5 zM(A~YvOg#Q7TFpK8--%yR`*-~7RW{iAJ0&cP@g4($v(d5fl%c(On zleO$}x%F#7A1X;6!=eJ;J+|jGrM96s5!i48%LM~bZfeNp1?U<@+qpj0Asynwgd2>D zu*FfzaPQl^7iYQ^ILwcJr?BSX#OVGC6BljlyGY779le@gKp#JA6|E0`H}*X^f;hi? z6lx?7xgBAZbDODTz=)akS3M4BE@|`lNcJt!9$+ef0Iz&`&Ndt3pPaW%0*D@B?4QdL z_(-7bV?ts&EeQ*(F~d|;lfc@&!G^VP(xX?}ky};c+aebWbmc>9nULyC6L;Cby*3&l zAM|as@>IN)-a_{5<;M3op<6x}djBZdI0|vEy&e6)1lp8aY+IZX3K)9WT?d>d;Ync6 ztu&Ia*P}6dk!KrJqa^la*&>P^C%LZ|Why^?OqwxnM=v_dv-Q9R=3~d}!^>W1BkaI> zchao7HZCS}w8Dp9W1C+%B%zvw9?7b|{>cf__)ybp6bem|>em|Uy9c&UT;RHMP)<;N z@(m;qZLvGlLsz2Irw@-i{^%r4b-XZ>2-Dnt%YW?iM%^I*e$%`5Ht(!aX2Dsg!=CigO{6PGjDs6eqYvvc$3XEsBOFRJOemJ+B$R@iCutPKad#S-By>K3lQdtq<2kYp64MlERbD&pe)XOghx zUt{rsYuh*nZzfv3aoE%ezEaD|2Rn)Db^9)NKGPi0ha(^*Mp=yy@Zmye*M#}(dvhKs zVZmqz%jaEeO$9WlA97)?pkENrI!dnU0;FYoTt+Ykzky_}SpkM*Z47Mc8cu>KBpX?Z z$pWp5bcBc`9^PDc3&6U(c!4u8vtvk7a)t!x(f zH)e*Tp%*n?Vu7P(@dDcx#t_90h|Fkw;Rlv=U%Q$=T28HQ^>XgjPd!(S3dJ4RonB&m zrv@Y55RcG%>C3d+&s#JXe0E1C4(d$NhAO9(K}doUfoVx6Fk-D7os|DRy0Z_2s>yMC zGE<<8x>)M6-%UOGEow3e2T$(xuhR(B1cW zGf>!56UP&jom_7G`yt|0*P@dqaT`=XpoWBB&AZnA`ZqP7nhvgtCbS^9j`rPYNTpON++Y4qN$4BBlb=ZinmP?!SDxj72&stC9WvH?ZG&-A)GW?gn=sUXrl z;z{J|z;=*KrD$&zwKBGDT{kPHIJ}mbrJsAMYPsoDLs3XXJtwl*0hxA7fE?X(vP9hu z(KTyfH`;IbqKO@TE^ENGKLB67m?BH_;I!$}R{Ksr@FJ$3Iny4&o66XCN}Uo;GNowe z3>07(<)0;U;0x3YTWHb71nAq=8_7(uXR7;hUPq<)$``FTFnxm!7{JLZCAh(D9Tap=>!u9 zJj_{KpT1sFwzCP}4D1+Of_Nf&ug#&)XvYA|I0vj*F5gMJzt-k4TK#549{{%Z46wbi9Wha*JpySf9> zVweM7R>Q=4H7ifFrt6GiWH$Kp&bn&ac&#kNx7>34Gut_^tmKLqL3$jExejk>C@l8YX3RpSwVvH5j7hh;cI1V^0`Ci{&MlN zJ_XsYIF`RGaRH|B+i8srK2JXNWM)cayE5wj)l>3_VWYo>djceHAOv;MQKOV!qw7`e zpwLB$DPh+ukzmGuc$*$&IE)Q0aLP7k^Wy+g^!yBhhlWkNbWvvVj?$mr@`{PjcbPzA zE`jgkFhwQndk^h2;^AL4X?^N;7~ljY)}irIH@LNoUsZWVf#)qY%hz_?=bAUVL(bnL z2o$Hw%j4u;g%Mj9+8KkVCZT$|jr`!v#i>uMGin}xMvDvnP~VpthvC+mQ9VdaDC%1_ z7WgDFTh;OWu--h#l4bFCAa>{ULo?(JvT$K3)PnJ>-gztDDx2tIzf3ry2}MgO0EJi3 z6E#rqTlZ`XPB0-INwt3Y+fnL2T|?`;=+8wy@EBenP7-k~Y4aUVc?n>{^nNr_pobK{ zt9oKhb@S|KK;3e2&W}tN{+9rBAH1d0&{;)LfVWEwQjQ<6&bN&Fi*{5ffdcgFnhq*gF-c?(`SYgA>~z}Vx1lRb z{SEW?6Tudm)|Ozg&Y?}+cOwsgDJ zZyEN^RmQ?EWoE1EqO`)D>RbYhYPX}`e72kY*>8d1yYJcNIWaGPseF!9_*3<=zdUTo zh3@XpICc)wUK$+{T+OzLLv9QUR?mZN_dPM(zsJN9~NF3Y9@ zwnD$kWz!gbJvI)un10VE-+RmZ>u$i3NM-R`i9;0!<1XLOwVA)TAuib{srT*S+FF6P zJJ)BPsw++rC^=~pzg{lul*OVu%{*@3b#s@TYfYZv?R{aT<|g}7Hy&j}d$}nc=NALd zY}f=k3t$>(?r5{Fyv{pq*c4QdM1l3pm5V>dq0TogcxrgTE~rcQe@tOFWOS;-@WCO5 z?lW6lPA*w}vcepuA7aac?naBrFT1DxNI*3PY5%_oD|4aRX3dE1_noK*10W{27~^^V zD9!P?Hsi(p*ws5zx1LE7-Z#TbE@pfBR>>Qxf0wfyy2W9AeDj6lI}(5W@z#4CckDut z#EDZ8xn^(UGs`4y?K!V)Fz?#3=4n-Fw@#jo$=#OUn4WjiaP8S`*WR!7zbJAUlpBZ*Qoe}U3rds=>bu?L4?#BasQdjQ4_GjPZKUJZBoDM|b zf}hv;Xzjll{tcV-4kfBQHjpAC;#=?n8XQr#_!eV9!ZU<4X>J;+avIq2(Hq2gvE*HR zO4Nuh3~9BKA2KtON=z(FEG7mpK^&qNSF-k;Eb2{U-<0)Om|pKQF)_U(|Hgv&`n9VX zTstq?+X9C~e<7L_e?tW!AtNQSCD`y)&Ctp4ucX#rs0{4y9-p3a68!z~cIN%`pPrt& zAD*6$Z=OFt5ajWkg@aLW)T#?MD0hL7)W}p*%1llUh8EIBhJk~{f`Ny$U?G2DLM&hq zez##@s31RKVBlkdVUQp{u^|5xv*7;jMexaj|GN$M8ahx&MMO#p@>9jw(bUw|>4TlK zx>(IG2pjn=R5hJ7!~tXbxcJ;^G1@u>e?D7$74UoIGru4c!@Royh;S$lvRTnmQRfTG%^V z*x8ao*EKYOLT^N*fCW9<@*{C6ui2TgFfdA{WzsBxyMf4L^m81&do-t@7kz*)9cES?%=nCMe`4>XNU( z?KUevmYQ#y&qjZwxg9kd-Vg-(BS?PyZx3l6a$tz6-5fp^DeQlJ$OZG!0SN!K3kz8Y zPW3i$EvrU`LJ;o1J^ARB|9#c}o%$!e{+CQp`TAdJ`a^~OS0w)b6$uO}gughYh~=-Y z`z*nEFRtHCm;E?ywj1>yW|lM##a(`v^(J>0eA&+$?$H<_1>OnZSbQAm^w7B^maTs9 zvL&F)4L*;@v3ft;8z~2l9HRz2EnjA)v5A@e09xOXBV8qU*>(K51a$nu^jnZ1X#%#m zNYko{_j-O|u~-k>7<$cNmKWY>qWZ;DHnUwZ!}AoLheY#x?^7BD-HdI6dt-PzQVb{o zpHp;84px{zS4h)dW|a|U7g(sdL#PpNyC(mGymrs1x+y^uj|*nZDZl?XMw(w zbPl=g;WRw!gQKQq(o~t!M&4pdRFwUMX%);rx8c7Il?fGZR(zS?1YAReW6)+xoTcU? z-^U$`!4Z&41H zM@X4NKs+5P^N1GBgmO)WCy#r(nB-(i304-+eXYdniRun-45qS}G>!@<_6s{$Xz$OA;Q2Rm|J8^W>2i|JlzK(2DnF(vUH{hp zdO&ILC*J5D0WQ5ZHHi;E&KrOA422)>Em`Be@0f1IKm5m;90`pAv)jN)+=Jvl=m90BCE>% zoq+bU{7n!@!*!fK5+Q;dgOHH!>S0g)=A=AvGuBNn+RL_eJk#v<$|=t$bw;^Uj}L#Y zvGK=^ga18~U-h{XqT*9WyUCNkNR2nhGWm9-k;QmRCmFnO#&VI%0V>$r6A4 zpKr9wyocycOj?>wHq|x=G&obP4f>hg1K!`S>`ZukxEp32<5kIaq)S0L6lypA9$x$b z^M}MAJYHjl3N`QjnA97QZ(HukUHd8>2|vn=CrW_i0FJY`hQo0FbWn=SSajg^oQf7Y zngAa{8zVf)^+n}ojSOR4e}=dE(c>Y>X75-h3)9VwM~&;D=X|?)=K21j$g>wagZX6dHOVWPC8u!Gx3DH2727RnQ}TQDTuAijl><&nCL#=oittR@>doiHf*$A*4itMDU*t&0v8HA4Auyu z)ERWc&3E{CNr|P^xKFiu-+)!r`O*GVYR-135&)}R&vq%h7UbW-%C<}Mq}jR{v|3M# zO9`axRm%@jmzj;OU+Va9vah=mOnX zd^{ShS5=Ax=7$WYqB_85XCVpoGzDjzu$9AI{tuqT`J=Ko4l8h}383}x(C~(3K*ysz zBZ*V=)Xc74QVqM`xHA4+XXA4c7R8Q~$Mn>thNPK`RjJBBy4clNJ-!xPZjJE(4Sk>K zOm_R#uYnUtzZUH}U2?7OMmSanc#hkQ{RAG)RkEFI7i!1&wP(tJzh@rW!f&`v!#u7+eoR7*-7p*FyAu_lUCy9jqhF8fogZdw4(h>7By@n+fmA@m_ z^+jf;TF|H=m*1w~jr$(aFfk@3qu=AjMU6Y?+0EK8FeWq8t}{p9ukWU$?X{6bmZ%3f z=*r|KWhACF0T%gCiz6QCs7;z+x{@waHkG_mF4^o<@u!a0v4F|Yncu`avS{#kq}74* zc{GrLV@i6Z8mr#3%Of&3Jr41nUYS{^44UK2On144gE{i!r{gj8_i@aPeAj`3%@?z) zOQd|Q4Yk*PkLES>deuUYXN|4-78|!UvA6f!S3+)KkZ4@sh(xABz?~YgAV;)yalJ*rs{z zSTw_;+fM!RKpK1QXopYBu&Ua%?2~PRtnVrQjc~c=$+BLpYdV|Vgr?&()=nW}Sh)v> zo>%<&(Y#!tXL)pBpnLOC$*{>f>l4pzL1AIx@ZE8zojO}8hg|~4s<+DH&6uCGsAyp4 z0UDr9@u+z_VMAbOKUArzEh6@VtS3*`Wg(GWeB61h4*|ERL zpt4n5vH*SjekG?uMbn3-&8@A$W9kkH{n2Zw@B8knE*oR@^EaNnV=3r;1FIRHatReH zG`*ucZ_!t{^hQbe1>alGQ$AgRB@znE6I~}d&8ZhjoK_4xb{MY_zQo}>;SIND`qF)= z$J$JsjfifoKcITCm+WXVqmZuvq>))^`NEDk!(L%JetwLX(u4GZYrWQBq3AHMr%*pK zVnVqv-G|S~|3^lnPB8i&gJ1L0v*v@IT9c9QHsEU~JG`2O>QMymF2|kfCodUXMty(? z(q&Yu9Rb}k59Q!31CMFV?WvGvqeqC%Vx6s#wl9K!zn61bJJB1jbph}}o<_d$-TN9f z9084G`@*G@;XBhKbhNVhvn@be$m4wy?`avU8iz!Dd}rGeX7k2M$a(7q4d3e1HEVKV zhp*OqJ6iTv=dHK<5}WlLt9-k*BER7K#;#8{KsCdRvCFM)X!P!I@CBwWJ3ociBF#ZV z@sBFCW+O4U3|f*VCV2?7AI(P7idQFjxsKb;WG%wIk!=>@DylBd_XZDAvlx9t_Bd|8x_6jszB_7V zSg{dU*YkUD!RKIb3?|Yl@n2Ho6CJ)ARe1 zPBK+lTBg$oOxQW6DVv(+FHR;o+QEd+v&g+I5WF#bl-`{y2;%j=0_4dbrX)~RyE5Di zzp5O1rWTdvBCg=q(M2rVODnVD*|LBEM<2buVRSzu^O+|{Wg4Tvn}4!FBLd%6TXUE6 zT%9gUZ#k`#xb>>^Y&XCRQEgVEfD-lEeLokUo6n{-jkT_l_B)XnOu|{mp}!v*n7nM3 zU##dtITcq9-qDdG3B{l#BT*#b_NV8~MGr0`YX@CbjDL(dn1=*=Pk7BEO;T;YlVc@A znMTf(sO@sWsvya~2T7$o!{-v%jSZl&hJ!Ejfn4F{GyJ-(uJOb?u5-=|vXfeMAEJMx z^UPxNRXq=kBt_U1dd=fn#(Ozu3_hP!NbMW-xmqryOXPCw#)<>~x*hV5SM-3#HVZ&P ze=ml!$8)vhB$s`0)%mo%aNmcguNmFydKh!uad*_j->Zc(M6dbot@ru3gyXWyY%)7; zSqcG%Ej>-xpO_D69Wuo0gddI)zt|7N1z9enzDOma!=_=#IuV+ybBVMuMBJeDzI-Da zom(=nJ692uu3aP(Mc&1HdZ+JgcX$1HRxJSIl0;SwEhX3zRHJLT1DI00CJhV;84T2q zm@HN#G(Eb}_c%6xZwNY`=GjykaI!4^ z=PID{Ub$+0mTNmrWy@&XPPX%Iue9>sCjbW{O@;N(pd;`l?ASXW+hissevjnN_rX1s zTk?DaxCXlL!`OjuA6oBPn+!Kx7wu+Snt?wL=KTh|@4atb3{8=-#KgoUU#LAh)DXkO z=B~EVtbF4BW34vWLA9$qxOxW-qNwBO;V>) z-ewp+2rG`=VJ~$9D_!qdK01-A-}SV$Pc&9D*c@>ZTjIs8vG13a8~5NJ+BFN0;xCUF zu2#H(Uk?3qJ}gGGZ=oZ1c!i=Ri3hhV+?3^q%Jep^k*}HJ&s8cYa6P4Af|t-LO9e92 zs9!V&(V9X+5Xv(=`glW;(I~=-jUwSc@sfkHg$Ip}rt^#_VA2OK z!E}l}|1+-17J~*gKOsiZ3m#G7Yapk^WKGv;Wj%GqxUqSa2Bf|9wu*JFf&^Vs~Aq`FSwu|JY`dSY*bzaaXqz>P#O@BW^+5Jys z$kI3nn$K`voS>ag$N-X+Q6_V;XgqhaLpHw?+Qo6Zgf^-Nk&s?v_6+HN`SL|9jQ--a z2Zn(K_Uk3%EAO@Dm`jaHJ)6SY^Ic=q%a{q~j6bk!(rXmO-B6dJ(kN z4QRW?FV0jXaH#!#t=E!XXZt9leF^*8kQhZd{64AIyzCs&j|ZamA>U_pT`P1-BBD5~ zmrXqu8fZ^U13*788Sm!pzkH3T@hJnlu(3`SBzDsxLA=+CcQSg|I}LX{F0x;DO^ip0 ztyN0bL_N16N5i(7!qCdRAFpoBYp&Mbo`GU9ND7BbubBJCprIr^uvv-WlQ{O`n^~pv zXQmq!whdOtuucchN%%#OToW%kcAeI~3&ItKbq!5hZT1XT##{C4zm0r6g}t!Bp+1{Z zHeb0Hs}UZvS!vO|JQN@eLFWl2)m(zy+|owrq87_J&2?6(6z1p03?idDb{#&C_hWv; z9IK--{g1bw+mwaON6)s$8uO=KO}#t+gcu=Wk%*)|^hp`1)Ps_evUz+f7fCu3o&UP4 z%)_?n*E1fZAi1lfWx3rAS~DF#{>LA%JSUa#Bm!u7jB&e@g^O%-vkNq&$%n#92>Iyu z$L9yYHoxi|k0oQb1srUkd4@*;A%iC7^KQOl0i_}Nv#kgKyT*-*v~mX79}xtyBQ$Pp zJGr*|MD#8d9j-zkQ&1)?y%jy_IO7O*I8G$H*5QotEIuH<8e{F){BeREyq5bE>+i!o zd{1d*dJ$Ycp0cFeIvU%G zPMea!-j^fjt{vtuNPf>&U()9pFw{97;@(_6txR`t!~!}W1`}*L_iB{P`VeGtHS0A$ zj89dI(`Y@542TtElC=wB-Nw`N6c0V25c!&byiheFN6lIMPTkaF+sv&kwZ z#C>$X>wu@Fo$*{75`K@LRBm5fMU8G}A;Gh;eAX|#9Z}SjT#3lg{k&!hI+8dqi03yH zLgM>DnrzD7!Z;tXZuo_ws9Z8j-#tb%Ds5Uo4hrlx=2Ee71c1kWGHUEci$N*&@cKRrmR#T~h-TS*T+XW<9zJ;3J>TkP0zu&~;vt1VB z$OczXO{x%+wEp67(|P+U(@O()cZ#M=FaJ1z#Yhp*Y_WuBRvh3QaOV=+XL)lrau9?? zNN6gZi8jhVS@3a0w@P_y=N!PP+p%3B11iR=4zH~>`l>B4ZUa2)X=cM_NWNvcI~x~y z=<5oFNHAT0_({Lv_Esrl)Laq`u*xKz_hB8$^<{$m)v{x=v*m1w;zAD6hr5ljj&fYl z;REywz0w4EO)#IX2I^vEM_5aPoei#p*cmtpK_1DUyoL96KX$tC>m$3>jOgv<9^-P0 zbBsEJwxq7h1Q8*jajBRg?OgDPw#lz`)2-g^pV@K3BLR-NIWi5s3Zsz7%SNW$*t9(7 zS4n9FtvW=PoR*3W6nmPw)ou;)=`^@DGkR4SuaEs>^0gan9oM>GYnS{piRisvN(@sX z#)a+bC*i(#-ci&RCY~HxlNhLP@mDeX_Et~`L4XIH_vGV}$9DSr_~#vAOz~)k!kxeD z2`+m4FnfxWa;?MKG#7}6h-t!n?@uMd`jO(SAr53DSKiTVWo9@bhdk5r%iZ5N>E9_q z;V{7@ervq@xE=ovxyKJJ_Vcdj&jXQCqKfIX50~8}Q`pMr#yfVk{6~gHMq=SxLe+ih zJG$AJIP!|Xl-hpNwu+VB{H#$=Cg7Hf#JV6CGj$#eD@Kj?X4bwnkDl2B=@E zFL^>d+kA+_RUqlWdc52^o50l197k=Raqx^r+<*&V_{}Uc>!=~>oZsUaiN$hDeQMn| zhO&q%xH+l|~%zLuw&%5Pv*1}d7j2s%F@J5=F*8Y9y@ zZi1bW{~R!Ziu#7e#h@>sBa5D<&3?agzoK;$f}q63#bL)+k2{`?aHPVap_01gGdIfG zO8rg1l7y~6lvkUl{UntO;#HSf6c7k`tdE1YXS($hSlK8SGLSX^f`Dhu#`DK_w~?6& zX2a1D()b!Esl3VLw)Ii`X1&-jlE&RCpS$cdx9)9iZEX;DDB=(>-I%pw@iVL2VH-0# zEzLT#?DB9C&6_wL+i`mS;rmxYIUr&m`foTJ>MefcfLw(eBMvCR>K?Y98cc%5g#X%N z2?s3a=cComCn=$i!bqd(GN^s;yrXa)@VZ{)}0{M@X=s$KC z)wN5$#w9TdNq6x3w42L89W@9jdiS!xy+lkyhckRQz|&H6?)5)lcp4tqG2m@n`>w3i zA6V+2S!_itsK%nhV;MM&XZRwKID_fyu)2kD*Z?BcTX&qioVZH#8yQ zZz;3(tH0@!VLh?8YuZ0vPn!%K8NVce`zI>=$4RDRVB-0w9p~mP{y~AijJdxeG~EHs zI`K^<*ZM(;r$`1lC)W50!auhp$n`sMF?z}Rd+&cnCx5jCnW1b=z8^m~N*SbqzOCpD zLPi=}zNd3sJH;P&Kct5f1Rd*fw}D^SHd*$Y^=;Ay-_!c^YzP*`{>c*z6X;kJ7GG<| ze{Sh-DS%{`AT(I!rt-kTCj33QFraIoyInzoy)57lYGtKhXhI@!QE_o;NS0>%NvqLT zS56#s?!pQ_S5s?9dE;}kRYPe)3*9;mx&QgOGne~`0ltccO-=Ro%P5=01~nUUI7q;|A^D&{Wbgaae#g^3yb#66h~uHT zYGY6@x&ZH^DDw9@n??2a)^ix2_|R4ue|gx>RT;7v2RG^#6Y+a%rm$P#wq@}xI6{Pl zcj(Iq#A!k{g459R$p4Wkpl@Vs9MFWPHhErG$Ck|PVmYn)#-x60b5qjDD5p%PnWac8 zg86%;WxMA^%sZ7G$+n#}o7E28XDlW0FG!I z@;}6&$P9sZd(wQhJI?Yw!omN8x2pV5t)cAllFukbEj?k9zGO^w&Qgz27!Gls&b5;EN5^arK`R zHn=?qD$IYQF8q&?6d1R^W%;^VDqA6)4=U*XSjfB=>qwMohQG6)f9guyZ_Nf-@vFrC zExvztL)zF9AEh(biHKPn=C+xQ+{mJ$l2Lx~csr)F|H z(rE@IXy++p@(T?cUF=PRr&JUWZ6J}`U#Bm!hOV*Xb!HmBERpcrItqyx+*9U$Dk!(6 zfh@9vxieK9d%iyl_`rh;`BP_O-uu^$wx$YA@NTO*$C&8#Qv<|kK=Awf z-zi>uBe>$?;!hTV*Ya!A8lt3wem~N|&`lTK>l(cLi;A2N z2rr2^N%=g_qn4JIgyWI;i=20U{^B$h%KpZCLgWu|jCSX13!n0*Yz)?#)vapNbPqp3jqd)lr9+ z(+i&ngU#)>QPRJ761`EY1w0dgXW2aCDe4qk%UGmHOXQI;jLU^c7o{k1aP z)AF$|H6|uze!(v(JIs&5+Y45e4E0K{X9px7ZPjThGAR6wkk>#@5O9rgOIAn~k|zP( z?pFdnuVoaX7|7bSU(6^kUatk9OG6y5Vhi`0TdX7|L*Xyd#56&+oe!6LXoWGJN04hW z7kx=bO4peAHzU0f^xW?`x@UJRm)0lZxJ{K%)r_4pjyx@-(`#sgc$c}}M&9# zYn4o#lRRBZ6mOR{-IR5_hRc8FGL(Z&TOcW}Mh;g|ui&6t5U=2%Iz+O~m9Nk!F9kYA zbb`v7;Ae~vs-5zm&+|N;bJ_ajEl{)fgs9!UfGI}X(GqWdp;?@~WY9i>h06!t{T%9t zhgbEdiYu7&So25v08)W1m}Zc1nBlJj7q^u{)qA%VPhIa=6AP-02>6g&o|KTu#@1md zeIib%d$xCPeto^nC+m63QOkY_HO6HM0&TRQ)bIJC1BJ~+|LQz!Sd@2?(bQ$aqLJ?w zq01a1l!6#&Na0Dq&_1!uZ%au^E{Oly1ioN|LB3lhjg02nQ@veVC#@d6+`Ht8y?aID zjXz{9$PPWcOLOx6)x;skY;$==>k+B~hiEre(gA|#t|}i^!{5egNP<*xP$dnk$UC38 zUIQ6H3wmI>+#c6JRR0|49#I~nU({V@$19vfZtormW#v#S!aBDsVuoIL$nQ>8=^4>D znq@+5UzRMy=I80xviO5Fa|Fc{vfu`cM@*cCq)2}*gsAg_0{b^9?BU@2p^I|CmXUH1 ze>jAklN6sVlKs`tnP_Y8uVpOYQLHx(iHiRTxW1^$qma3OK=2|aS8%uoo{Fw$~ zG)kyptTL}w{q!N!xiD4&GJLEbGtcx9*XNH%tV@Z9x5~t4HH&Ks^kVN-vRJ-==<0+g z?kB{<2Q@SlG$(G{qs80zkM85hc@C4!+DfU69ObFA6FHoD{qITTlC0pjc<_#RE)%!6 zP?ogb!h#Tq?&tsnc<$lvvH3dec#QCW(?rVrH5zd?Rz=V7{F#kUzacFKgSbMl z@fa4D#nLrX=34KJXf^|4Sf7vJnib+jIvgIM}Lzh!tY?`e(3 z{GB;#_r1QIuRP0UH_4-fjBMlV=8sg>>a2cw-45O+uC2QXpyzU9PG|#4b&C3==8YD5 z&94?w!DMx^mk#g^#?j4BTgEA{v>@Zf2AhdW{mu<#=fj0*l8`e94t7Q2wCxV3cJ+W7 zYbLUq@Z`Iyn~~X`x>~srvXy6a`%oMk`bt7iXf#Pwl`FO~e=i%6r}EC0TjO!gLtjq< zm)jx=Wt*O7RK(94pDMb1ANJh*EC6 zi?U;Ua?rAl9{m=XCOuW*R$*=hH`4n9&Di~`zCcnkj1ZXYoyf6CpG-y9Gc7H-SHZk< z&+^8PQ&Ai^zNYr;XQWcw@0U(OAPG5C_s&E)_9v zyiMoSC%HfI7+6^dU&C`y`Is^zqRf#R=!6T{a~cOmi*&u-E3zbLzj>$sjg-%wtTB^$ z^aJmAl-pH6Ef)NIc-u+x9)pr@ZYeMc!|N8hYeI5pm8kP+fRUC6t*wXLyjJ-Icl zzu6OiHEx8mLmg^NlP2RlpLfrfjMUbDY)6CwC) z567~*J%VoIE?%*cx+Cf`edB5vsj22Y)zEn_wK*7aQlf?OzN$rcV-vIqA=ml06)?kL zRxnb|n-_B;!T40#>Bb`#RKp(VJw^sns z0ty@FFSDM`!_%iOg->%+yBgGRxf7iBQ1af$MYFf64_@te#ENNe4bQ-9Q?gQvtmkgz zn=Y$Qa1?hwKjakV<~Sr{H?~T@eHLW@0%9J^G+Vg>9W;bzN$2Wb4;XclJ?p`4 z5F|h#y4$#zuj>gVVHkeX2tO>s=Xrptt>J#RxW=>1Hkz_wMMJQ~bIG9^Ssi)ZRSv-C z=zqoOxcS+7r45+CsB1|LaZTPqN^q2O#lLR6Vx{_ktoTfQRB?Xz3o5x6lUlZN$$Gz3 z-g==Uwm_7jhn9Lit?$Ra1)ylvGt^&0LfiAo2Q!LlfP$uACWK%T4OBf_`__pER61XJ zH^aWj8UG0%H=VJFpjm=TNDWW1Xg+$GcNVr0O*%}ce*PKCOzmisu=;Ms%B$=oF5OU) zM*dDXDShm$AO4@6a72$b(~I8Nk1K z-hqF8y0YH0Srk7sHA$?cq+$`TajY@1TX=J0J=hQKn@}*d?xZu3U6slANXMOip^|?w z3%Mbs_kqZ`f#$mR1}KIfgmr>+Eka31?I(Zfc4I~mXefn|FjOkz2z($#cu(+U?Fh*> zo%Q}XX;geXCB%t~1q~+-*I7(%2B7m-)f)Fl#5;}gX|zBBtrvvv4cK3DG7bSJL=NM^{KqQ{b*TvLo1Oj=}3}tVK{k(VS`>z`$H#;WT0MJ?LNx~V;y4) zBf(wSHK-u>i(u%_mkVwojmux|56UNB<84%a_BIaGM)_2##bptOK!*Z?7pTCl>(}rN z!WI}sUSKaYO{Pq_7=O3gyut0WX17@P-6S^x{Yz$gp$O^ zMU=4_7EfEz$$l0d6$;+-u)#h0(3IcoAg_{MM{w8)(3aLGIe4_DW_Qb4r_OuE#Ku$m z@KgO})opC3E?!@9bp{@Ee}pI58hm(2FfcN5ai_1{XkPB!e8B4Aa!E0t*`Q#He=1|4 zUg+^bn5(ZHoHk*;loVaqG~BK0?SU;oEAv)BE~>=4&JEEzyScb%9qC-YbR7wYQ9WytlnR+P}*e&vr zrONSpiQuo?$ROHlQuMbkWa_TFEnY>Xh?7XtiJj((rEs+j>LZ)*F0EH2kKG%MQ!Xmw8m!Vx_jQXS$s)FU!_ zzfSx4xlH1+PNQ)xx2Z?qDkg`LEVZ2ZbbiXUc@BvIGU6GJN4#VTDpRPoo$(ns(p*X@ zNVsT@0qza?x%Wf-F)} zQ%gV~4QtdlY#5=WWm?ceh2iZ?KSoFqUo4?*lhEFD>Go`rhKI!5$5&Wc&w1bGuuxWQ z^FP5`bOpTA8@oWM)+7;7uiZDf8Zx`_YzYXJUd;| z+NltQJ8@#rWwhI1OS{$PU~%NIfA5|3t$OZ)oQc~IBe2@In0|>{-`D3cz;V0C%Vay- zhQ(^6(a~&Ch(+<~_0Vr11kB!fn;-o8J^sFzZ4gWY=T~}*lEl&?h{q*NJl26zeeE#Z z>r}T<+tVzisa;2W1b`X+3c7ZZNAfl{Pv`3HICgefww|vM>v+7isyzVKnteT3Zq?v+ z-XX=)bI%Tc!>6@SXJPyy_yr-AzVA&w1gV7q_9TF$APUW?zzXE-@%$Jm=*|^8%=`EP}M_tyJ$kTl&+=lwqROgymjT8f7 z#cNw_gw@kZzZL7LqX-PiLfqwkHMn>#Cw7H_V~rv`819-Vm+Q)_Uhq3#wpS+UgId&; z#Csu~L^A73DyP0{m4&GEzGb#;&zap*1S=DKHZL*Vq+(k}C^!T(9&djgUl5GM-iYYHT;g6+oIqmu}qJyH3wuf`Ts1*TE8-v58N5 zM-i$a&kL-Te(l8;Pxr1DazD35@mXqiD*Tbm+KsWgIDHlDhOc#@ z@y^M02|{@Bf`F~6lTo*20OEH8AjPXu^R?!~kkVVz@f`j1k_|ueS2}ifwFG*g5o#tR zqdQ!pR{G=J86knAh-c?Pun9!-&HbC2qs)t2^D-e$ zD--bx?-{he!2^Iz9$Tf(5Fo^M8<`?%D5xMpK)k9|1e%UN2OmLn%Pl) zCv&X+5Xv_;Q1dElqVS-sgrAav!z6=zk#s#x18ce^&Rh+!DZ&}OPF*JcNtE&;?nK>u zr`M`s(>4>}v8W;Kd;4pnEZo`>zYOGKBeIbevi7mOa`Qo%l=3bI}5D_>vxcxWM1vIrE9xd$We;7s=u>xCzLtG4VAskm zB-8j_3?K7zsaHn9xN3=t)s|*3%^gn+qsRcNKIjH zrij{QeP8Mj>D2!sfGi&2>`BZTGRT$qZ{1^>^h~Jt-d;5fw^7$KS8SrUFp^;EhOuAxOP7BZ<#>^aUp~v(l)*lXvs&Ua9Hz$uBH?U`M4D zqyRY0;XD5O7YD7!9kGzgD3OlaJ-SrJXZiw(I*woDa70od`Fbf;Rn^b2FC&hWATB#6 zPT8hIO(+SDct=S5klOtR0X4xHq=?-mM6sY@g4lyGIq0~&HG(nN5Z2zHaFc{b-J;#9%%HZRoNpK0Gxh0x zi7zXP3SDp%`n_+^CdMLzILSbm)=<*@WNbtaQRKmBFVB(KQHkCcl=^&^2lbe#ta9!- zn|E?9#Rr}!FDRuu(apMJV=3`Vehf}^(jSlvSGmXGR&Ld6WiI|Kr#JqRg$73Owc}ekAhtjU86`cL4jBPk%+Araq)AAv z7@0AJ-67lHJm)O!XX|;59-i>HA~SdjqhqW=T>%mBdxp6C@aLsJ-*l;+Zk#QfU1&o* z3LN$Ormtwf7|QJRd@j_wRT()g#5o~3eo(`r?W=nuAmmFDj&$B|4njZ#62T;}%MB=T z_-sr700Es?K@;c#_oPYhT_MGygFy3ioTRUJYNAj#xoZ)=OabGT#7K>F-l~D0b6tbt zD$#~-YV8}&{zgAeQ%6B^cyDh3>ibozRxRzl%G7FRtO8Udt^_&{AP_4ek!EC{zfFrc zWel5Zpt5;nPofbcDdFXW&Tx4YBvAb6(S!}!yl*@WU>QB);ZJz|or(Q)cdy3L<>;r z3P_mtQkS$851piH4HOPe64TGIk?n!h>Y`&fE1P2~Q*!Q6aFvhFL6^1bFr z_EmItC<~{V?_vF{b;~rwpDl|$nRl92(-`~+3y+{uX*pHo(6g&!nhozKV1FJCRys;z zHn#racKz~pGgje;9Y#TvuGeAx1QZ?(3!{^%mUTi!mi=9zaw!di)@&Rz{%+WV##y%W zkev{)cof!P6FvHcPVRK0$nr#{Xo%A%>#L=zhLLA|?7*cQWsV+$+HFzaQZ>;aPgFtZ zX?je%bMEG$0_!j9&bpkJIG=s{B2mSiPQn{3dE})}RZ!;IbOM);y^Srec$W+gf)KCp z%uNU=#D}X`Et7k;N6@c^*VT4!_gU3fdvHFo&3)`V(vIuf=~$^gm^;#WbV^XzK*JUq z*xnS%@g50zXEdPGB&&ZzqdFO6m7{g~i>1vjJe-S8@75(WuG~w&!lU)?{|msW-e%|1 zB=;tun-?87dvne)|OT8_7O3;{;?I#Uw_aALE8Z$tI*7;>TR4o&io5t zCtiHXwNf|XbaCXj9Xvn|5Z#9h2Fh~;&mDT~aSA@C~VOUXZV_n&{;Oz5Ww zQt`R^x0xZl59$QL> zi;X>T)aSIS4E%|>9KYQk8@QDF!y}=3UmK`Z3}x5`?dsXDEY(|SXd^x!BH{ED*G>TF zGiowepKXnp;RH5xy>o`7j!-nna}{v>8wE0i@)an%`rtpm(~u4R<=^8`&Cf+5pcR42 z$h#8U*C%-o;O^82NoZe?+>9E3 zkPIw%UDc3=+NVHif98nUM8dUoKPm^8dD-KSBu`8b?w0GRG|>VKr&mVH?4ye;dP06c z>Cuy9V-FtFbGNryOEg?{$zJr#e5 zSd0U(9eeV%k|s%|)jBo$L`B`HFT|<}vML&sh!?|PPkD7EK0su?F`$Y)*CK>=t$ zeS0_T`Or7#Dn1J@)5DDV8k2r93mvN#XUhrQQEOJ=?^m57DOA3Ule6B%9Umh&O}VFU zh8*@#4v*_t(yQI~mx6;6g$g7Wr%`m7evi!*l$6P5 zW}4e;c+sHwwfSav^3Q zPjl#xAGt+KS$`g z?i>g!mhczM@GWz+xB{C{@wOvO1|7CPfg+Dns#CFtW`Ee~()2T^NJxy~(D<^&XY@9` zjjv>s0mS&S>Ax)8mMSN}+*^bjalH-XUh;|C*SOC@eul-#fN=f5&5)$vL`l^s%P%Z1 zO!ih#?>0hBak^Ydf^o;A`rLv~kzf0^;|GvO#kKGt+FJ9Rw7#G(w#ZZnf1t!v%Oau6 z?Xb!8b|~bz^S7dmS*J((50PVd2xYESIU0_hHQa9U@#P^6Lwn1^rtWu6pac2Dq{z%- zIsvgDtrFVUvWt!q%(__Y3_YWJeVQoelWMPkH9`<($; zofw>#cdCZ&io*kwIP3R_yNI85KfkbKE3$9SP8o*)(ze90!tob_SHsl$YTuK)%9GZq z^~ta-CGXdUDGH9`$xdB1=h`$tb1`F6ZJwF(GWJC8go9H|ruC^0v$fFSaRjKoO*8Uw zsH6j^j$_+iI8nBJrS-ejp~l?iE0HF>xT!rSR(aek&NaF+^9N9ZTR7krb7-gV>?;II zth}R;mR=ip1B$$U@Ja>_t9$ z8h`KX&nAbB%~77?I-HIJQ|f_!vezjJ_?p1nOK80+nU(6ZQE$nSQFc3 zW3#c{*tRuEzIooYzJD;YX74@szRu%3u4nf}SFf|M<^A4-_xgukb1Th;d|lps3LDi1 z9(ppR(ntQ6#l1s3U%|{sxwCiA*|$>}%X;k~ZhJ{ZE{2|1Ii68QiA|Gb(?#WL^^5=h zk6*VZH%a#Mmjo4s?RN(r-E`asa_p9+M@5 zGC#9DL=#~gwS3{HeB2Hy7^il(WKOU2(^h&F3_!Vx+RI&`Xd^z=j-T3#OJ9#Fe52?s zX19?*0NGnwN?1SQZM&Iel8QzzcWHw+$w;t`6I3WlirjD`HJ57lf6x!O{%tN6Y^A2D z{a#+0!xD<@djZ-(4T$%9drXfbr1EFtucX^aqq$_#JM-vy%a+@MbZI1}q#Opp8A-3q z70Xon%2Ebz5y?Kh9xw(_|JQmx2*uK8I{3aCY37ih6vVFRrGZK-qmzE<37Hf)%vvrP zO-g#vq~CBhP=@exSsDg%N;K1-^ZM3KB7EM&=cJk5+HDuX7gR>d_pqaKwloXu@=q<| zD;>KHre5OPM_%U13wM;(Fe<5M_URZKO6{&!YcF8Hq59*U#q8ECx*#1Nj)_brJHKzO z+x_|_$Ps`u7{^W)0=Rt$?e%wHcr}iEgE>CI{uj$Uqcp=T)>(K?ox3|c#tR)u_~WFf zPn-NT&_?BRCu2dLYdNoWBitB_s|o$us+|{VLpWvPE}Mh?{BxC<7|%&T{J^D=x<0i? z-jG>ta-i+RPA*1oZ+LM`rJ*Wrg}dKGD3c}f-9$ZUh&QxQaBE}QAWS7U*#zU%i~nf4 zfL9Cy;I3?Dtm_)YCS_ZUke3{5K-hx2|K~C9y}QECDZGvl3T;}k_$x{ow0sHAi#S&a zZO4VQ66qIw%IME&Zv&Drw}_{sp7%J=>4VNe=ud-0f>XBj%N;T87{1y`FR2oSH{I73 zeii$rzkw zttUgv`o)@~dMbZoAdh5!nL$OvEHMwgO%$I01;^-0rz*W0OE!6Mll7auYD7 zKyO>0Dc~~bNY~S*%@V*&=u7BSz~`HR%5!hv9r(ht?DkHf*D-%^JDD3)hw%ZA`%OPT z-j@idT$w@cU5HWYBjF(1pSeWXv-2hdn=-Cyjwm6yX{ss-SB2Q zxfUyCCPWSR;R+5=`7Rh92Ny22r@F@98>u=BR&8P|egNF(@7%DR)w6Yu8L6jKSsH&V zli33w9d!wqWOYuy`o;;qDxY4ed1K_z#&0oBBacdP!fDhNLJS8tIcyQ!UMLpF%5$rY z=PX34;>@1#MZ`(Pj{-VL#ur+SnAN^!+Yh29@r&>xrT*!vO`u@U951kIczA#W;O;f+ zwW5Oa-dX=_Ha1Mhxv%1`1mvvha%$ug;wm2#T5nww_5hVBOHR!Kl7jsT)>>w>J((>4 zqerK2As@#j{7K1&pK*b)T{5S}7dD@FSuf|)J)TFeQxog#360!(WE=MS$NclEbGkOW z1wCi=;cwpfrK13WwfC z`A?R8CxPffIW7CtYv^AjY>RZ(k`KVB=5yQYfmBPFoaV(pWTE+XGvfYT--A5a1s{?q z!oP)2EwW*ELq$~n0Txkn;R01QaDA7+De=kx{OF|7T~1NZCctg{R_`@Ka&s9WkA z(-hMf4*JB?e6w9|RYD;Yu=V#a+-Pt+Q@?9SOiQB*co{d4mxPQh$X`$AaRY~)|7)Mt z5^!1lHnHS#8ag#hq>y8=A$oo~nJo+x{1#$JOY^*{p*~*log)%{OlsaygqB&C1fcwY_ZJC6#Pak-C9MJG(nfAPNODI>sn=^F2PP zgUrzy{`$?$`bAyo1X~>=2+SPJ-J9Xix)c-g(&=SBCJonkil^A>5N%bxDj%N2wQ2&_ zOjAc^##)~H5G4_tSa28oTca%j+PI7MC5(6J&Rn!|sgcWsiGJC2K3?GAoZ8=vMNBYo z*YQUd?T$93K!b>bCheOGE@e}0-;7`II=gIA#=ls{j4xh9=nJhxDji;rR zUJpr8-g>(l=Xgq?rmgxOZJs6bZywIC#G}_*XvO6P=uX#}k-z+oEC_h_CBFTa*?{4V zHp%Z^nu5JgXSsL!kT~{1>mIpFQTTE7nB+#UL4;dZw&hNj{OIaEF?eq$a@;HzTBB-| zlaJ#h_7JZYUWz%4xjL96bW=2cJTjfB{U=ZrWvfI{I_3Le*C~MQdZ~fAb}HCJwHsc2 z>Tv|AMbAQ5l_Hj#oo%|VvtrK2GsIqCG~EoGMwEmHI>V(1DDEeb_c~jEM}#F@K_sv$ z4NMz0V5ru7vB6@RAf4IdcfcYOSE@L;zO9nNlXkd({_iN0!PVLZ{(bHyK79Ed9Ron) zL2|YLOoMSFr-KYa34;54AVh&`j<1Bntfjc(wmL!I=!ORBc=P6~P`RKMN!y?9pws)a zq}s)&q58+4%XN^utU@L($FB~X(c9YsT?SxZlJW${(5SEhxL`=om5f@l|xkA0CsXvH%Ym*~=eG|-q@zo}w zS!SG3=tdFo9b_MTkVppLzRz6BYl(rhPr zt&Ne#PuQ=lKcv=v!-aX4na8cN+|_bHiHH4?;$0hcmV8%7=R?gWWh9aHqd=XA+xc$W zNA09=%Ac6V?;uI+#-$>n9#sFW48uU@l^j_$K#6~`ol+bFz&QG84$AHJIUG-~c#epQ zOtgW~V|-J7I&MonSX8sPoZFUAh>iubdLtWL@d} zN+!TG0mG;8p=@MoC!PSgx*o zE@ubPNVPf!?b{kKgi&rWYGtaI*9`~PAeeXdSt?P8Z17PHP>)e-#BH#(TL`adbg37V zHX@NZC5xx1lgfG((w2%o@aYt|vNJ|h(t640r)H&3OX`mi)52L@H}5f`+Bw~|>lkFW zmt%gJugvod#6U^n`!D#e?u3S&(bCd_G(-Nura9KdhM2XmpsG`jsLo%l(}GEr$k4hC z32tcQ`M#c%mdFZgQ9*H9R-GmTcc011G4obNt;O=#1{HJ@f6pCv%M_Q?^r~qQ-*v43 zLHn@4u!A+V8H|UU;Kg2*+z-JX9~y|o#*uXGlCgsQ0pQJ;YsBX=GJ3I0S7sbxa%jnO zpyR`+pDiN6YBsD_3xULqiWdKkJvXH{vzq0Sr(=Dd&e2D~`8}TTxWkP}A~gHwD6RjD zzR^$%s@8v* zFs5{0GE6Xvsb37rj36k zhR>ppGn6U2bJ&y+b4n`Kt#m7K>@7a(Y=?clj1GDZB;3fl9=6p3l`TDol@1YM81LXX zCg(W$cSIuz1Nzp>Ss*o)XjQ74cHPmIWUa&jJ0j}6|&x4e1FBKgA;~}hbAj;A6{kfH}tz0tHMt!dnCxS*;mjLdCc;s{8pAO@h5y`&gDkO zIM~%eskmv_j+GNY5StBS|55l{=ANVFN~=7Xk|~B`NNRMb#{i)+T2X2FPEZsY@`TdHlXU7G0*qVah8(Z(`of zyDX+JuR32~J>V8%a#LH&Jyuk$bV;|joRd54IL)Uq|-65~nCBnP9dCoI{>azYmw@QFF$7k&)*tl~l($mR5c$cr=iZ)Dds5&pnC(dJK7fkwnG`aj4ez|nF?k^8IC&)eGm|6bTjYi|K z^hs)}pjK7zNLtf2x<+|ksQ_lZY;rUu>*|xVt)pcXs%6x^G-64$G@#w)osKbYTOl_- zp6I{wKHvNOJO?sjw(L>Ha5WGBZv>?U@po8)ij5?uU*tt17Rv04=roIaOivY07mb%i zq#|>L2d{hK_VHFpM|1fZtr`Hp=gVO7oAaA?zUZ3WdfODTfP6%>W5x+L@hz%v?C4Te zc;G=L4Qv&WbmUq><#pfEB>+vTRpZ6<`=iQSq8!0ucy;wIi|!S7eC0^gRE1e<&2f|A zp08G&RbcJY^No7Ixmr|?X48a}BJ9kpwHZNi3YKEho_ElqLQ2hgQbMwoOx=Jv`j;oU zALq2%9&W`V*yfxxdy4=iKSLd|#V*j2tGH}6rh=Ab@w;>R%lz_9M^@;y`i1%f= za*HD7PHpS2lR%`<|GJ_LPlEMq6$Yh_v|grPWmQlU&cEBE`MW3nJ`cVYq1ozA>@zL6 z+bQW=k}^jfc-}$(hFN-aJzmO22jJh?=&;p|mLnF0nGPTVzcbMoY3MqI zR->gPBpAtOGy5S)7ypNyru-gW_#@!=nnrpg41JR)4PT|%@Sl;jVvZw3^x!f$-+f3l zjbJZ-POX323F{X2%k6Yf%@hV^q4PL_pdSl-TjMWZ%?;D?mG)7+qNQ8ctsm#|_HUwX z>N!`Wb@D!fZrX(`@&_%oNFz5{`)u5xmQnP@f_xtLOIoF)r{sU)5zgm>R=_Ujs4<(y z7BJo;$SUl-e2HlIdvk^B>*d=I0E(X!Zx*S~qxoyBE?$ZX>OHi`m7ip=(U@AZ&tqTK zI(IJc@UMkM<@`vJ?n=kB7gv)(+Iu;qN8MFQj55L_qC30%=dfs)OpNCOf{WJ1s#`_r zy>}h0@ch5z)7R(OB=9ebr^l@^m+DUm-xVhF?u07YD1S0GJ(|sw6MiexURsbUD@@@4U%QD)1!jNl#BVhaM!Eag!Xoo?B`eQ zOQQ#N*MC#okp#3WxmXx&?{kv$GFKI4(fQKw=Q3-B<0WT7Lb$P}rK5oZr=>GkOni#3 zMpaNE{A%~xs9#cyR5X042^l;U(AAXg*ANM*m*yy$0%rYmb6c0N5&m;#xr~QI{8wsa zv?P8)_(lark#`r6V;vVsW9t2Evj?1M{S_$)d`YdB;zu~T$jpx!7spDA_wC+W7KV(Hlhl!L5kYcf(rcxjj(&UwaQs5sv@YDUP7bVUo!Q z^Uf+DFh#oT3)Po8&AzNl3KmVJt~Q-~_R1`;fX%`MNL3+Um~pVKA<9U^4syHXGk0Ot z1dr@$pW?Z_8M@_I%el)cLntYZaePdfghCAX;~2CVCCup`_$PQ!tI^b_L@El81B1O~ z3?ELrM~&nPAt%*1lEKGfHT}mWe&8Ljrn|+q;qQi1plA#}SsTv-tw-uB{cL=xS+ePk z3B2&@fRWW0%e@NWF?itlbVo+16QDOWn(9z`mCCuP5w_xe9vy7|BkPVR9DA~I_*snS zKr(jy^GQygg$mTD``2M3nS5G)$;utq@jw%DJ@cCAw0UM2VCSttQ16b^5#S=?FqQR?EGhLmfAdquB`nVo3S zU-x5L_SYC-@RfYhITY_;(=<&|I&3l8_EY5#u0B76C$5XYN}|3ce@~{iJ;{ZI!q$W0&(LI!GU99PX`4$r`_ zulE?nC!iD_ZKlU48vpHkPNnP@`+ptE@2|(s7x5e2JQrd^31zWCrD@I3PlnI|XFHx= zkL_CZ2ixK&>#dbYr(9LK+1gz;p|Ux56?AKD{}?h4+FvzH^pKIhJo$zcNRvh_p!!hE z*dQ!#Jc_KXTiPf8*V4sH2EuRiET3sI9tXjSzzK=+U~x~K7zuu>TNk<>*6}ys#&s~( zJa9?}gTk&he`QP)InY_JX(A+X$zH--87?hQ$NwBOG@?Hg=FN8&XuGABvDzyFuo*UZzE(Ym^qC8fuC|wD4V9N8CR5jJ{BMD`9z!Y1p=~xmq zhZy1*zU*EGzfUu@mm?oIEz&_Jh|S#cd(zW+#9tD*bY+q~YJY!RJGdQZOa=S5-u5Cg zzW&FR@*f$^trR%KPV}91kg^hcpk0qd1thrHNZW2bq8DRwd_e4!;kdY(F%&u7@r)5r zwiLUWRTHH7ioClEv%V43jTb#Dc@flX-I-LFMtTO+h{pY-NZ?;Mb%s(X$iV(=Z~9noY?5ET@kYpU`q3S%Rqx_aa(}EV!_%aY*z|Mmq4N28rT~zj zzk+cCd(6Mg%*@aUVo%^>gESdgtevJ@_{*i7H=y4~R4FQV;a*ir?UVaDJLrV-1!#*i zR`J}YT8k31I*Lzvm00w8vA;)tHS&hIwMfm&V}}&uNLFsIN^t6A6`8B~aH2xXp@dR~ zN;GcG2p=D3FHqVET*X9(!ivszwD+E?G$Z6LydYXBj_tl8e2=G}*3Y@bo8+NM=eD*w z^obZmuy5rU|5?9~z$WtL3ymLw=GQ@j5W;R1FbwifrRo80bqXRBVVAC_7Vik{H3N*M z@0_Mm);qaGoVeGBx^+n2F31Et>Sm8MU8`h|C7attTFxl$PIc?_uf@c7ZjA5$(+F6y zf^S%eiIb0*@jlQ0`S2E`Q~Dsa7pVejwW@r>j3m^&?yZ1bg3xq-2Rq(U!S+Wx{M^wNi^dbDE#Y-nTps z!3xJNKZmD_`i^ct-iEi!Y~F*3byk<@32^*5W#2(<5}wjq#<$8H7O46cqBMj@2T7jk zTT!E=MM5+uKwwVi{zaHts}52bN_-VcXe^o{*g^saGlSrU4T+GCSodx>b6x3FjzRKY zJkZK5NSa6hn(g}qu6h^Kmt{PJ>Emaq+A84K3vJQGYqeqBQ+(sPExg?T8C<|utSE5F zrD+B+u2CO6_`4l9_)va*y!d%XKcQ)~2_V?BxOjDbxlR;rd+zLZ?!)QYe^+Rh+*zV& zaD?z*yeZLd{PwxM3>{9dHvb2e2?DEY-iB|Y(8zNM?e~14?oWz&#n6*t2p4`i@28RY zKZP#EMYgc6ud0F$9!>qr-C#!LXAmS_L)xsMM?}A%`4`vKrZcKF0WYz7nAmt%7VjDE ziu|)u+mBMi&Bu6-i$Yi7?G8FUCXuDhPsGu!C+rjN(?zZz`H1eN9eKdJYZH?9B>VD+ zL%^F3|119c;pJQ8kfb%=*?NYliq(&Dq<3s7NsCV2lVy%HyHemr;D$TYJnUW!g{U!k zo1_8+!tlNs!Fb3Q?Bho(+F);_6u&pZBDU*m;^8qKs{40O<|=LB(^A~w-uM9`_IOUX zTt}+K#MI>4v3yQUpWz_I^cfV>T>_+cZ7edF&a`MkmBIjs!-_JKk}{6Rw{ z67Pi}5u9FXfgLE?Tf5(?Qw{vJ=7DYVl^TpqU&ZkS8euq0N6@nO4-OB9vd&*Zxu&0D zzj$;uIc5A}lfYWv{5qRU1=%@A5J!;yvsRNWMPmd7l%_yA;*I*IhMUm#g>~e41*KA_ zm~cXAG{Kt6RNZ@Mlb&nK%OfK^R(CC(>-#dqzo;sQBQZjM{Vj+>pHh2M`n7 zb_I(-kNWX`6|lTl`JbT}?-14Tgjw|Y0~6~n-A`Gp4^53ufC+2TX6g9zK*#7;D%YtI z$;2Ff79n0S4or2Uf48_>0cxRn3j1qc^)$h&s_G5T;+!n-dR>+~WF#ato8=POe?~7z zshLTp)Kma908|OwGX3u%Ct9S4DQFl-*&5As2TGE_5w(ZAJ>LGmXj|s=X<_$pEKPI ziS(zXHZ-Vg2uj$@BRxKb_$eJ8oRJ^0Tn3G^&nBbuzBxK#3N^a^Z zlaX8NAKJp7sK0QE=~$_&*nl-5!)1FtTA3xr_}I2=HO3k0!l{HW&>f>#;}%4|%o80B zK`2BD2&l<7!v_$)EOG6Et7X;_#Y(%;TuVap6eG_Op|Ds>NZ5k8wZpI=I@gj4R6~MIBMU(? z=7<6bI(LjR1QnT?$vozDk^2CsjDI&jTvYY|#~2NO7czOv1wqn`J87dXR$3QCi%|6M z^MuQ2;w!H#f&jZNCdldif2?@^a}aMAuxF#bQ)0%3pYKnpvxO3sH8~Gw%a!mR(oZw} zSU7;<;^N!++z(a%&$q40lcyRzBds!ygiFcm%TXgDb|whz@4L;!WzpH1s~uiKGSNsE z#P6fW3;Olmt_d89hq4kdF)tc~px@gka)lGDroz4Z3_@Ot3%q5uqd#SBh)&qQmM9<0 zEdpbmSKUMHv6RI%k5*B#`SS~u+}!kI7uaULS_pXOwt0oyIjb5D`Rx|%X4i*gAOeW^ccyD@mzmV z9&%#w)nUk`*;z0O5h3rfC#J^7{mR3U(7hGh^YEBrZT{O@>bu~$%hTCezSRO94Z4gGvhlCb9OE^{r%1+Pfy z^z7V886p|foPaB_W;k{B-Jh!WwYVEJ;3I4{4Teps)XqW}6RZ^}{;)#Gf}(|86fShJ zrJ(O&+*`NupV5^Hyf=nRJ8hS00;62V)rLo7^eLx!w-&E~x!+ql9gK>l+73;5*$@w89mpx2=}Rj; zM<(Lx!>=2I=%}1f%GhbLxD1XjLkcv_CNiF-{d00GKG65qy>{!(`W1hAbr8%AD1HRb zJO7ke!N^SM1L`DKt<-CG>%WlS1B^t*qoTUM%YQ4Hrjr#|KA=Nl!Q$-0O>;3qBEz3Q zx;fgyv}opE7yKp=cdR9j5RsSPm12n-R2IlVdgu9)mV<D9;j(kLpG#sKuA)7h1 zL1y!LM_%p6NgZ&NtNdqMB+Udhx7>6kdO`qETshux7t}4i8=v&rFzMnp-tzdniGVb9KXNmha(u{_z!aX_Qu@c0?0{v z^wdfK6g*drIWtcx)bjv_B>KA5VqWBtJWmQi1_8J)pOGeh=3KBWwPGt2AZF}<5_;_Y zP*(iHgi@0Z4iR_lVn|&S>-Y>bk~<4-o3L;oPAx@jWc`)!6aJ z+gOg_hwQ&k^-wY|#0+kvy zX(~s^SPuU3pN8@%3IT?pDugA)hM#tym(Z4HeBDw)KLmrZ4Cp>}mmIp(5^JGVEMSi> zzvuGNc&)q$z?~ja{|>rB#ga>ft~@G0{qvC7A8PuLqNb>i^n9!_MV?P`L}}nT%&8kp-b{j&3=BsS*miYnY|4${h+$-ndU%_~cSS#SfZabZxX8tyg8 zd^)Gv+n1sH*%;4cBz~AMK)3jpeftT;%cO&UVf!zz>} zW<^V~b+Q{|joX(+2_8SrZdzk-A=X{(wg&#pDc^OwM2@$GRGfTbfqd!T6iWbs-@Vew z!chw_GtPupDVi|Y0RIc}W?(KH1=>xd==v|BShr}Bp}I4)ew6TLdPq0f{y{-uw(TM( z!~UY#=P$ovuWyE}nbsL)MA}kMkZmd0=hA&USL?COjE2lWL<5Nm0_6Zy)x@pCsq9LL z`Hapy?;nbKs&Mc8jC*BXgrh&5>WYk((-@#iRy($_#zX4_>2hu=sse6NR+O|D^rk@N zuDF0NOJWUV7IE*zXW-jY?(;42N4IAW+?+f2`!FsRVhVEQ6_|#%OykLdcaPdVP(Gp)$mn-$jHeI~vkGpTZO)`t*=d=#H0cQ1^xPUgO z`+U|Smahn_UY)eH5Wi(;%oO{WPS(8g zWV7$8e4EczsPl0gb>!(H2$$ePa)6gTZyQ&(W-6!hCDUL7_r|tIfq(6gd-jaM6z{dL z7G=X4J99y-GPkV@=;8@F@@Mk6c~GvlVXz8;z~t-uKxSmWFk z^TxsRMD~YNQ)D>_e&D0FaamqHy_a<2aczc8Um#PT{5KL+sKtOAgrPPMUr4ja6GZD6 z0X@4JiFDM>*w8r!aoRZ~+|JC&)A6Jqx7g!Z2p0wOck}gkHn=c@^ln-C_$g|bk@fs~ zbM&|W*6)Djq}AqY7T`S$nC<^5{=j!dr}p)3K@d71x&vI#JO~4T@>xQ`Dn6b9i4x_j zO>+-+oXqp~vl^8{4VI!1$#*BlS2v)cs6%;`<-v^r?nGz65D(TNBP_d zi4)5p57#_Y?T-ADr>VAincUKD5-IfBU9GM?B>jxQO>$xxhxonSq=~}cG-0J~eVV)t z>FMdtqvWY0F`S!JdkWc=7ozK@5J4HMq2=(mY0SP*+msX0#5KoUbr2Sz3VmsXL5%4e{=N5oOu*8r&tvvzw=QHTAOg4Y6K{A4{xrKxKcrpdu z)>jarP^aS(2n}PUMSl26rZ0^pMYzMP7pyuJ5Ig*=6dA_X$k*Zd?yS{r)Hb30T83R+GQa$PNp5EPdb__|ky zPzQSbYY2+(-t@hje6=A%qQFS|PqlE_x))nip&|hXr_1q3Q@)?j1;c$2=;UJEa`&pY zF6u;5Une!g&|$^d4OZm1_DK!j;|O>P&Jk0m)0k2Mi8`e3lbl3wqvQH~f4JA|!ZBW~cC zIYMVS8IkbxG#}oC#fK`k&1eATKiurKw(C*5savc{wU1>Ltg4~_x9EE=r{+xGz+^50 zC~W^fdA0US!L51!c0o-!HUJjS@z?dy`jm;`x)7-cL3nT;cKG1)pRe)X4SDqWor|}S zbEAVye*^WsJjkun4vmdvZ#+J{?&PF`-3HDByWE%!{&*IL7?SEzc4S~&$E&+Nd0r<; z`xsuBY8eR)ONt9gjILVLnG&)q&)vEdfo@Ken|x!ICc_UiBbqmq%--qtj=<|zzJDn9 zC9Hg}p5Z1l*wdq@nB~}S?OkkQVz-jjo)pZ2zMGB9H5>YC47v|KsQw;%OyYu>JUX1~ zFo444Z1~HBw*mKef@G_H?w??y?Nj6NAH8GZNuidLftDSS$$vwIZ|og~y)c3w+j&0_`asOWWywaYyxHv*o2^SbzK7^L}Iw(=r41;t8A`L05kQ?YD;|*ne*(ryuh0*Hh>_I zEF8RvCurm}mNGc~_s&vWhZ%?|Dsv5E{a}F0EXCNI{fb z`7O}yZ?^O0kRMnZO;bLwhrUjn-&6yZY{17UW_cZ^dv``9VlYHE+i%e1`oESl0t3$f z43B~B&1_p>Zx7Xfu^>q-?@1VeciE+S2?vGF;~KZ0K+L@V??aqb37Xfw>}$FmYmgv!f?_llBI zv20%Fdsx43W6Qt~q6%#R7Sr^!Ey&+|EpccTW;X==aPaa<|? z+=JcL?u;5dzcG*=MmkMniYEN6)3`MB{D(BDe+Oc4XvrUf5r)`M{YHk?AURn#g(&O7 zWbeB3Xoip5bL+9*(TY1s@poPt3$h0k4Z&U*A{md1Xce-rr+MhN8ntVXtO;49F|$AR z+Uq(>+NmDw-Kh@1Q@{Q#F8)$ullTA;FpyBy5i-YZHG|P#s2?==+f8+~ipSTnNQT_E z_u9&1JAxfsfWr?rwss#0m%7W}x3;R&uHZ-4-Pcu`uj1dZ0ZdT26;mue)@k+T1de%wQM zqG7)275PruszKlptSPlt>#*%nHf1msZyk1fd{QV(ddf0z?>o17gA{B!&w92#Q~5qd zMV$KrQ^yoyU%X;GvEsR4fUzfuo{Ksb(&!Fg7!3+qx_{>;ok_nl9X>OnSlP~$B?R58 zv-7Lr&Y&^K@wFV~#Eu6uJOKJCb<_eR{KZU{ga2yC=_v~p=GSCp+(=c&mre;O(7*NS z9r?sT1HXsl9FZIjJ6y-;K~tT(i24gp*I<%=Y&{=fjkpa6ob8c=O>xz3%+boiplp{Z zZs7zJ_=uEKc8DgDz2U-Go-Y(u#;?sA zJkpzKeZbiPg3x=*yf7*OyDf-pK2#TpEQR0FB~5`J*$kTuSh8;OO(zTT^%9pfc5h!j zYJzYBkv3EdhLNfSy^>XHAsUXFv=mQ4)vC4hMO=i|vdyB;db`a2a3#e&+Sr}P1yQ?c z)|?JzSOo4y(nz?SX`bV~LQF$H7*UjL$(vJRS#53bmJ7}?ps?ldPJ>|&M%)o1S*tuW zoe`kR*j3x1;Ori3TC|I1zG75t^Dfe}RH)52hauBn3WLtfZKXrsXs*RsV1? z+)FkVUvpHlv>W8g#LzG-68Y9`eIJ_yzl|+XFvL+pne%tr-Pa(LX-%MR_%i;!PYIw% zO)6!5OEY-C9j{N#J+GQlLySMHL7t;eP^5BuG}}$I7e-W(&*+L@6tLv50fA_+Ww@D1 zEaDRzZ_(}fBPEk#AVQ@dY@N|ztFCdK1@d)|BFK#JelXSIcMcT$|IMarSFD0RXEjw`EcdzC~ zzvPw4zhClU8zR2e0XCsZL^QpbgAPr8+)Vv&U}GWWyVIVnel_XtMHbh{^9`^$@@JeC zc%y{aX6OSw!!LQh8_^Y;+ODJs5%NlKDMw9DKy~|Z-DMg+&aN8l;bG_jIX7(&vQ8}Q z4HW9~J&J80EgJ-MvBZ{rO?ISac0H?Z8S{U;IKl=`*Wps}JZU1;wQg-Xj4iwP`{-urNy*l?#D=Q=|j4f@;xbcyip=dM{Peu8ZKUAX3sbcmXhsI+ zCNpw#9gY+YW$}V%Rz*GC24BudEz{}Yrim6Fj6jyj@wu5PZA?3Qs?A!PI$Ux~c6yad zon_l?2ojw9`alVBsV6BLB`Y0Hh27GFX7#hO7uz)Jfa|U|GEPJyZM@k-9xl$gP@B8fNs+lD;{Ai~UhN6BW*Sa-*vTk^X*Z=D-a<+m*s zaGr9;87ddVx$9H%m8#f=z=<@WK@_iXDw7K)jp^ejDW+AjqIWvF8Hh>|wOPZqsKD&+ zAC$39BgpBMMs0?ETmE;l>wj!+%>Hx}sy!-Fr0D|lr3$H?oqWmbE8uFQS<8mIiWC8h z)5yfjFyJHqaCNy_hf;#juaRJxRB)N2VmzY#P#~Yvuf1IheLP{m{9TbOI|Sq(Ok83ylutWUnB zD|giZ(I#1-tEhWMG&V49P*U>HPlcrTV6C{5MefqiG+Ecn-yz-8n)3ukDz697%^|!S zHt58uC&7z|O8j63`e)tp`|WY^r|CRvKuQ6sLHxPi6EFt=YM8$MbERM|d-R=Q7`9mt z!N6ZoeZwi@hwk-Ht*4pE^KV1{U7cQ--L~DLm+A3jr*4b6W*0s7z)1&?L>U^7+Isjm z(oNLWYLxxjl90vzt&WyPKV7&Y#-D}mOA2Cu={aAdB7LobWfw&qf=o+pQFnO{v1^cQD77)WgDC(S7dggS>h2s}eT^zWHge<_RUZ66#l1zZra*-&FxuRX;or53;Ihi)@f?wyZ7cC;;LW9ABuSwD zHWZg#i`xrRG^gpXIp&F(3{zaPQaCJiIKrCO`@>w!u9f0(ZpMLQ1exoVT5sC0sMPJ} zWLO9JVbZe|y*)U`u6NuK&evMX7YQ2!z1*3B>)$jNBERL|9?={&n&r}BrL(OfOx9bS zyceRN^#5Du2ztKhCpAtw&Hsyv1K=Ba@Y8;0JcNTUnP$7841=RYHcfsA z`e~5~+DSv*Q{|3RrYzcFO@ms$u!WL}VUv}Xs-e3v)~Ap9iV`?9O{)w&c28Ln{Y7>w zq~>s&4AV;!^Ul-Jb)MxJWg^NVG`11^%u=T<&fW!=fU82wyLm~s&s&e!p&ZTe1gSPX z0e2z#&JRU;`)g`u&f~eMWA({q6{TU5y-2e2Js!=`*cps2SShEo3@Dn4C#1B*H!er- zv1Aa}=f7t^yaCA zdx^!qH%Cs1C8i zKcKUdXGp6jRu5rm2JnVNqDdH$d*8^RJX2HpV<%ioDs+X-=v_(n8DA4}`wTnpTlg^R ziQ99Ras#!>LA5jM-TnmgQAJa$hDA@fPd;A55xjGMnTl(USOg;rgx9^p$LY)M>UpZ! zWyOkf|7Ph3j>!}dPcoQWBjA5|$8c(n`e%zJIk)5t($2sJsXgv*L2~zAsJ%&Oqw7;+ z@vBW1Ncg0I+ONQnx&5XWIzAR--yB4czSB+zr-R*ETjqYQW40*@K;GR}lWuT&9a}zF zHe?z?q<)7pZU_n+{8*IjU+4iQh(zg;xvCz5z`NS0pu*7wUBSDgT2ZVUyT!`!Gb9MP z9P^~1wa$P1_%Y%%j9(fzYP>kUG`aD8xVIXRo8)Pn$|3+G>CvfW1RhGJCJx(6Zatql z|D&RAy(K$Ffj`~(mhSS`4RXa;k|2u#f0|p>#oj=L>g@9wu)<-}4I9Cf^pEy75!^+1*=jD*#V$eZ*E2)#32C)F|aR;*-zPOhA#)y5|2OF!GD zAE|2NgBEV7&33P&3idj&ykiY+VorErP5M+@3qwBzzsQ{JBmc#dNHX#0%+(2xo^fvLL;k^3tO*%crya9+pG4@PN2QyGyA=>V7%#d!!Lfj`Q0y%=} zoqVjsIM?LpMZq{)x3SLDn28}`AOc-2Y=w)rGfTj5%}sdtZ`8M_)LZ2h+n+GhWba$4 zUfT2&IX{fI$0=zdN)I|vZ)3krOJRJ&VV%0eZ3|zv2QvA*JVZYCL1%fC^9=L9ZGyVK z#|O@HBPzubVfs>^_M_T;MJBI!PS?k#gKEkP<7f`@Fj9O<Dc9X|_jwH6&a8%v~h~IV38eieguf$#=eCX9k?abb6$c8mN;oRiFmGqIkwIL z5nMaNSrGs%1Y;-4P~2$zt41?afSH*Y&4I|lgezFhpK^M%^Q{Ivo}(TJ3(k8NGbxdX zBXI7A2UkMgHPySO!26H2+MJ7LDzF|P-7eR)+@RT$sh^Ht+m70qnS4inwSRB>;btu8 z!6-y!V*-ko5By5)*N+8vMwD6PxtgkcskJ`G&b{|%?Qf$QqK4$_!n7a-@ojgpC=I7l zc~NOmjwtd@C$RT~Ox;9^joD}szP!tZ1i3QmW*{lclG1r0%1UL0`Zvb3Ez6vc?l;Mv z>E|!)Z9nZ`Bnvi+?r!=)&weeqgU3LKCD7Py9FKsE%F*52x~fl~xj&rY%}mD+k1hk#AA8EUpFn;?oX4K2^a_)0sKIWs#|YMP zvV^WG_jdX#G8<3D;gS)EN2$NfLvfg;VP>~WCUNYC3*^=iid%g%U2RZHP?KnMfaW-W z-SCS$uQB65}5mae;ZKe zgKHhJV;9T}=Kzyhv7rmLw+`a{v*?gr(m%Qy9_qt_hI+ zUVk~WmeKu9?;!V>{gEJ2BzirSpNU7Qj;ZnGKa))_-3n|CUK4EJhhLPNyo-k#{Ix?J zF;xt%w06)i{SnZ2CeRdihnI-eE*Hi{hEM`j%OoqAT^lDBn<^6+@Vv{bxdx7e=xEQVB zYz%^LChuvRZHL3Z3Ik)p?!Y)lpE6U-|Izi9QB_52xUh6chxDeqyGxL6kdl-x>4uFo zNO$L^ySr;s(t?C^BMnM>7w6pg?ik-4a}0j)2i971zVnSIw1S!()-|@`%;kwHGm&|4 zamdkD??&hwj=rn%@{s8f)<`d_aiec+$zv?b|DIBKsx#pt!T}O(1dWG*RIa!1J(iQ9 zM;Iog=DeeKv-_rq7%GH+1@-~?*2-+>ORKBRU(|c+;uuNB8!s_k&;5vUM}6>Z&^w|T zex&OJKL*eBuMp$n(dZEq@cJ7&i9GuZpxA35!4utZnsD(x?PiS^;k0qvG|Ow{t+*kk?D5~92?r&G=}|t1x0Z}+|t|g zTuwL%ccwi+#VO%ktZ8JW1*xuL*O%o|dQ%2DxMWiH(I?mmw-8?9;+SD8?fyL<5RG=! zjud-?uSgsF&IL4li|u~DYt`&JnJZ(f(70_+V-f?iKQe~NgP4vN3UejDf>i1mhrEhX zO%9D@h5IP};nS~}n`>($sSEsM%L)|!^xV4S%cOPfD@-vxA>&75o6gmKji(!S^LbGM zxjj$jbc3iScQtt*Tyu!ifi#B2pm*(7ZyXnx2l3iPeD1AW0tpfulL;80AzEDRjx|_* zC&oA4JDIH*0r~zem?US??YS6un=&h9lVjBFBi{>tz8PHttmrBx2}_C-54>um!ZBQS z6J#qsvL7QC#*(LcznZtdI)+$~&Q=NMVG3-%L68c=JQ;GUqCPn`xHjvX?HlPAEK7x* z8~k)}wLC+QYc__4%V{uw8AyW~B{Om|G#9UkNj#sKy~*ljidcg(obpc>p{3ID(t! zuzn#*Ix^O>e>vBnk%FSEb$cX8{NK8>1jFcnRyJkq2y_lt3E8u|C_?tRxKMkg1CLzz<-C%?ax(W zu7K;)GyyTC8x6S!*G^{c{ZO*nq@rJB5p{MeZ6JpF^xYJ^U7DQ;H=niONI>Csu1@q| zYSBLn&9Xl=3F?*&&z-Ba3pm(f_72`NLJ2hIQ$`@M*=oNod?3KY!t!>9$Ym0(0)r@#kyazD_MVU3Z9?mJ3k&IyrG3d02 zVx>8-v;Tou5IF#8AnS@$|1Bbm%unJ#fe&~oACZA-9{_io-DFLbgd`Oqc^^RB|M9%H z*TDV9$BN{8K+reMvFBbU<9+h)0*l&m%~I412?9g61TI?!Y`kgg^W+=B-*t5#Yk@BM z7$6mV(?*z~z;mmTbg^5aDR~2E0hOipTMK1$goI&|vsq<3hb`uuZ)OilC=Ps`BV=p2 zEOo*Exfd;PJPe;1F*K^gP|brr&q=;Bc6aIdE+MfdtiY(5soSMZ_UDp&A+7;ux z5M^=L>1A;oTUm~N9PT-2TiQUd0gH`XUZ8c}L;TFWRvx4XxnrpGyU z&FhpR!^zTdSxcAJv8z?`;buH-*0(vWJ*s7FfHpad2M+I21Pe!EN#z(_pE!~HpJl!N ztw!C7j)49#C3|Yc)R6bB6yT4nRPy}c6F%4lyVfv=*W2w@S6-$6nVwulK7@ROd$w$ z7_dAgHXB_g_Im0=F5XSF?&}-id6wU?_&2ST; z)Kx^cM*5qs_@l-aYgYMu+R*hJT3?L1XXlI~H7jmy$e*fGR}44|I9`s;bTMAF#4ecB zi^PW?!*|P9FK>nJZTSC)9D%>XX{2^HL0jZpQ z>N~gck?>!|z42mVh|?x@OpN7IkyTSli{V=u&wt#sW;cR3LFL_7p8uFq-dZ{^%jgxuu44~hqgnOd3pcI*H7ALChMQV3{ zwdZs5O}1+E>y|S!lT$8-Y0wKICa7vMbER&;C0M)LE8FgDt$p0Q<9EY^`LyWYg)8xg zL+T7Zhs?=zPAS%iQ(&m>Bl3Gj3iG4r`zm2m!6gwwhQqmfZ&ZbQjo(9w_Fprj$rZoK zt=vI&esQ@ZOAcitS4CY0y5Cxk*1J8WYiQn$BT})>b%vuq zY~gVOZXI9+8j}f17nr`H2WrwMGcRg62vD_tut_99Us^Yhtgl{Oh>HIFO>0`F;*&`THgmHObSqYfBVM zoevbw%FJl3&LI}7O#zByRs6-a*D^F$bPf3>bnIM6TRvU~A&aF2a&~kLC8T*+S+aw7 zfhxg#r$P#Uu;dWQJc{L1WXqqP7#SZgoOSOCM@up&KIQ9MJc8O9-!NYWmnJ(Umrz11 z(+oY-_c7vJmGi_58TmMBC*3Q$;fN5Uh6=%u_%$W21iThN1gg-=_uj(E>jj@46LLzo&) zjfKk5P}Y_{*L+c(+0G11UL=c>JBNBX$vnnTVhcv!VOa@`{WTV$@W-pGPczgofmuDG zuIB${$t>=_ab<}1%3U*r@#aZ<=2kWWTS4Y5wL=f-;l}J798Cv1R*VqE$rI9_19#j2 zP@TCen=@LG6jz|-s^{0s#`}~((MamWf;OtRLCv|N>1t>oDM8iS#0itur((Rk( z$w~qPe2i_kOVhbo38lXn{^puvGK`^A8*U=9$u<*8WlN+XF=J`LWN1(d0NQ-*_u6e(iY5pIOz)mr~OyJW|ukzog?9AAS!na@(@f z=x)Y3SZ}9RcyEJTtD=-rRw(gLr8nGoEyd&-+k0VJ7__>(FDCRpcByt{dlpAqs zjvGA$Yq31Qx*x!&FlyXT^Hs@gtypbFLQRuQ{5|F~;lU{EDHoa?oX@)1p0*IbUw zYcr6`d0U#Yv9twZcFVe2>`8bh20(eb=18jQz7KJIyA1X!$=CE3%FJ~eRgz=X99DSJ zeSe_JkuW{OB|&L({k7g;XBhvV81ow^&&OJ0J^4H#pPBL@Tn|lS{)5c(d2^ zL*u6ZTBF`R*6e}io4ALz&>zQnXXW0Tf#$f5^NGze1jCbwyX7Vah`!qKY<;QudsZp@ zm#51KNT8qppLY`%^`1C9Wb{99kCxE7tpA}NSj_R+I1~}MJ^1x}4)YN0q_aWZDMjFo zsjL{3Xf&k&TJxG9FJh~`X=^_Crm`RjdUWg|VmSCjQqLR-mpMXE-ZKwPp~n-O9*@p= z>OX~*Q~&rT@m>2PuRpc4=c~){Pu|i@+ALppRVgEQc#J79Bbx*5>LCcrNbf4Z$};5S zoDAk}=P)*fmxt3I!i(!3wxip?1 zoNuv1lAjn$R3jpUKX%i@BrhX-@z;KH9dvP;97`TLeI@xmhh*Hz;o#BTjsqCf~8S@Ma2RtL^$l7w?U|P@7be}zk>d0Sz zQwmvCh2U{Ml8;P36e`=wm+KseRp^_@A{3bi?+}d9nI!r#d0`1#6#4EX8Y;%WI}x|Z zKd?e9{;JT60^R*SF`lH-{>%Kw{yAPr>;~sJJVV@#-B<~Zkr4A(av|%H(S)fE#b1TjlSwJ&Sf5)B2w7 zWhz?nVZ`VwQ_~B%Sd!v$Axjt_nk%B54!Qj^YTEM|MW?FDEUhVjIH8byaqD3X{1hv` z(07DxHyK+O*1xXr7dB5Brq%ca635$Fgh8QKI77nROt$C2{ zKtKh+AVKM}b2#N9BHenU^fbnL3&4B$6(E>O$+Q8^HMN)}x?8 z{II9&lJb?SQty!2kH#8r1k(h!=5=~f{F`hin&GiwjrI+5Yakc?HB(z?a`SpZSVQy&6!RCwaKk@~>jU z-AO(vvLA+>5T_TU&louB%g(3E(Ko;r4B z(?N#|3#Q2FNgF$>c}-bi(0J_eiQa5>eUE~nb!_`8!=zqSJA@f&j!z@Tr|PSsaNtLC ziXmX+B16iSGyNQ#?0=h?48CvCs?vvj`>B{Aq<=`64Ue}L_!K>4JDMBx;wlFW>X*8<@ePocvntDH%`yW!5 zQOb(zgAiPmcqqtM$vXFWFU>gh{`%l#wz6?r?34ABsJf!Q7OZlmv8w28GKlh1gL$Mr zCN@o(an|5t<33Om3US*X%u{J1N}a=K8{8}Y>I|gyzpNU$=5KLn~&WuUm(NR!G|Y#DPB!cIpGBmmSdAG2ni@iFFLa z?3?NbTB=%FlF;P?_Hq2WpO1qOFw6N=z^DDHJL2ek-iq_mqAsnYlvvxRvY+nA>t;_s zg(tXo@I_4n5LpI1#!n~=h24T}&cF>DHAv$H=&bU%icIyqk+S^`PLzUOOB zN`V9SifZ(n8673=DCIy*hDAg!z){0;T03!FcsnLoqll2qq|^1}IF|ERuzT)`hsRFN zvfN1yKQgVwnDy9Gv}GVdrm9zOy&+ltN!$4Fl*l=KH(KnYa$TCrV`=h~*GG4FMpGoe z+76j^S5ZRo7SfqJ?VYm9QlK-_0PG66^Y!lAzgywt#|iAmk9yrc%`*#+fG#e}4m2)J zG8nO3{*NwlVWelKZ@~3;{@b#juTELO3z4y*0__PM<_9Nl4PN0`Pz*CcLwV5=rv$wX z=HGm=Q1jnMVZhFynvKr;R!F7y{N$$hZ@;upN$4Q?c+`useNNtTD92U%#U?)uG>u$$ zA!V^w7mFN839o-dlJjKCrY8Mlr+?cQ{^4ax@yR+AujaD&>IX^WaXSYuL|v|dtA6G% z9)*sd|5)LkHo!8*-qmjHU2W+98K(&SrW>AWew$|Tq^DJ)4#a2(GJ{s zJFd%Wz=R&kp1Vg!lY2yywjM+__|0?ab$qE;fWd#~m{@J`sko|8YrK-F;I3Vx<@_hc z&ma0|2h9%il1QtTa_{h}4os9K?M%q7gydmV5N=M^j1k>dm3<`QrjJ>f_X4;<3H+8) z#NADDHnkQC>c`>H%u-UgNq4iTZBc_?2PNQN%a)y+d+8?CA-Hfe9B~}`6MA$jU4J5R z)HlpoJfzMHh8=25+U#j-2;_?EMmw~gdAPK`7l9hx-pxg==a$EPu+1}Wy0F3^C{c&} zs!Dh9=YBViNF(6HT;r$m(~r;))H#S|G=p%&S;9Xw%gEB9x!*;T@T;USYxXzrmc9Vi zX_YD_t=Rv-o>x?L@S;VXh))2i0^(g`JQoUU=WGC(_*Db`SDTh&VZ>HpVs6l zS#kJ}OL-Wq`^fBrHr)b_dF%HCdk()VuB-mLvCz+lO64o+2+W2g=35=!SI55zEc%bz z8{D2V;*nw+*G z+n0;|i%4SK>4~03k6*$rIuUET+GsYfTUAl8MEH0MBSH<^GVEnO&KSr!Ihozh_?yvl zWAgVrN?`?TOz4BtxT2T7IJ~u>QM%a^7H6a|m(}YGigIutfYrwX0!lKzB-x3uE9Q=R_01v(bFU$lH)Cfg}~E0piR((T(Kw zW!*c`t~vkieCd5wmf6s#KPVwTqAqdwl^MIVx{I2>Cr^UlG;VM8r+nMbEBBf{irVU< z2Q47(C`%EF7wKeui|TvIpd@F{W;9&!3^7;XU+Yvz>zbOwmTg+uS`zE*-ZhtKCA+b1 z4m2eI$?n(h+RDA)nf#=m1XR9kBZWynPm#iH!C ztW717+7^rteyj-I_e{3Ei39nmFY`2_^v2`w2K=ZLs&(siTY6kD2_*$N0w0>S91P&T zU=Il>Thgv{%rv;0KgZ8Pwlb@FqRBC}Dtm6vH;mc3Z!|u3Jps+r@mI2s+;f`&EAYPJR5_ zaiBKw!*__q8a3~bX2wS^OjmlNXz`L*pisv1w44Ku%$)$pQxwk(8!odyuMnGnYu_mM zA*bu_mQTM8T(Gg|$cF`7$GfB6_LKZ!wSl2t@>&5IZ{$WCe?Y>mB(Xd)~e+4s_%r9qtDD3(Bez6t7(@hJIshC zS9k$DxFx=Hp7IT=>**22vj46DT10nhunfW^sJ5I8!Ur5PD;)Vv@F7DgsPYcU-UGrf zZrk$Yhv~g=-wr}(!EeIf1~6ZmMW*It<7^bgxGOvnGL0r@g00-1>L#^3#(z^yDKj6n z6`n`+*RqXF@3Z1Jc-s|Y$dJbU1e7rldh5rFL8sIudy|Djcmqw76$GqYbLX7krZ0hh za*prB?G1O4urxJAxMPDU(>@el90KxVn&KhiL897PGKywQV!39CI zCVjNSqIkEr(qk&9f*N801rJ_?K`RyE=J+=D-Zr3SN#OABK zlXsH&vT;px7yQYWQW70{utEf+j`Dxx-k_tyKT{iOb-YC_vtVw%J(hfkkf7mPKD^9L zfZ9(|$Q?0Em}(@^btuJ6p4hejCov&>&0X7X50VC&U3=uvzV;x{XN6ho2Oa;CM@~t1 z+4?FvWCEH~os;`oZ*!M#`e#Z&Gg|yj$j*1^MI5_cw!kh)ubBQj$&cAl18*_}0W@t& zESa!Eo|wN@0e8~x<|QL8lfE~+{h*X#(H06c0pg!tF~v#mv5Gf~;_+%2iNtBjv|R=j zY#F|P5MZ>fjwT$=~LGkS1uP}f8dEpX!!>N)bg9?V{ zlmi_4IvCJ*+oS@nIluylnIDj&biP$vtiC`$L=d4I1*$sAl@85M1Un&^QBjY0Svvop zrZYEy*T`&kqx=RlBTDN+6ZD2~3a7Ra{R znLhm-;~*lCGd3Pk-7#VFE(n2&ZepF5Lr;jE78IduEl7`{Y(CMw@`U2{nip=bR9Uex z=Wf0c)vK1UO1%oxK7hlpSh(+>T#WW!DmSt?%QTW4o(X+70w-fcu|p zQO3*3%2#hR&kjMTq!CPuUIr{uKpIco%K(mYd|ex)Jy|$o>9Nc3D!a(Dbs?)OG%a8OsNay zAW6(lNYhw6X3WHdgTB$rG<&iYvGnbHpKwy?`wz~Dm=6+e_g3JoWUC~Q!Z5%0ou`r|< zKzH_{A=6fWs5KF(x6-F*Zq8d&&`h!;F_O!@VW;J=bEf)uZR|5jBs|>-od}UXzg|iF zDqsp-@dHeguS1%VS)PA0SV09^pDXa@ai%VQ?cZKw;m!Madza30oPXIN`jWx1{_@@NIk(m=B0hu2X5?gBV% zC9*`53nSW2Q~wHv{)L0_JZKR~xnB&0!rbL#1ij;I)7tgAYfSR({K|o$a@u-c7Mp!Lm~Kzq9{$S*bZwY$lEHONtN<6chdV>Fed^I2}sKblprpzPRp_ z0ZDROE^B+@eJ$9NUqnV4<@E_T;>dH{?Ol%DqN5@*={`s7w9}Mft}5 z^&Cm2-46C>zJ2XO*);~h6srx;( zmJ&YP_@-mZA|tBJHhvCZ#W*?Pqu&B!a)?B_MW*|dq?X$}Svn>xBbYWN1ru$be2#xP z7+L;(E+N$9m$vr6wHd&RMzJbV{X}&3`X0Z=1r}-UKK14B-=(|zY%1R4-PC=q@zNg#GL%YLggQ}`q#hl|5y@H{e2{kU6cd{PLdjne*qqPN?~DPQPn3Y<`key z&4?-TYsS<0o)qzQ>5CwK>H5Xk=y(}(Xw(Pvp8n6uM=;$SCNS1g>=XIbztI;6w+A3% zlL6@({;^Mh&$KLn_Nk`}G$fb-=1tQ9I{Fe~+Y!{ev$Etr?4#bXCJthX8@xO$^)4cm zd>Ez&^hyBb1Z#Cj#bsQdb8|MzPCoZr!*zhmrkM0*b;RJ%I8 z4=HN_|DIhYSX&n|Yl~$tNcfaCk~BnLbsqu2-tphdjTV6B*%iRK83XKc^p7itt2_a$ z`sc+t1R>zk`F|}QB1D;JLdwVAjd2D5S=?nilKugQuaF`-$fb1_x>12}o$>P}IEM$+r_dW*TRf6UUq>uyw`m#A-B>?{A`THm3 zl96xq&G8S#R}4z;(;j=MshfzA`?5uv&Dv&v@ZPIikCwLfx6ntx0do8faGPtI2k!n6 zr_^UaVEf+UQh;c%=lRbk^c~>~QB1*ItoDC!@dv#Qr_u#GB zp9FkdR~1kis+aruYsA{*nE6kBMA6i)^nbrz47iw(KtRKI3?O}!MuUQiB=fkZMKt5g zfxY4nSTom-;;M=iKzm>7!DT>qB1GeTa=Oh@O%9i}*uN)N@7o_bDfLoeQ?DhVl#4as z3dm(Kjwg6r2H6FgLQ7nF>#E=@-0#BPSLW@2Jq+*J?UM1|Ee&$43BiX$h+RkyVCy^1 zLxl_N0O%y*nO}fmcfI6G4vrWgh177~^N32Dt9!1T#dm*Mz9}zsVtA0_BF(h7-DxO1-V)H%-V7rJ^m?M@8e&&tuG9bNx8Xf|L&mT z$&uWq1Mtf|{+;%}IzEP>5m6zLxy3JTCUi>V0)EmMzM1jUCK3CNE#Dqg)atD1*k*b2}Qg`%!A4in4?#s@;&%V#QrsRQ5v63|KbqkgKSu*aeh+(g17}lL%K?6(kue&f~SgGXSvzK6X-76$?p@%U=K_ zo$Yq1%ouL|_x*o2Smfu;29h%+o^r*5|7^hjZo~h%8LbHg_L4Psk;Lx;Aqh!Z zF!ECv$rm+4Q9yVbPhspey9Z|w82i;%={3r{T&4AvVdRTHAE|;3W~4??<8%@da3`?Y z;v&@@v4{k;=)Rlj{2>sj!DkNOsPg@L<}xQwe}vrx9EslJ^Ofexydu>+v8xl~fBLM+ zdLyai89}+gzg$ESYv)g!YeoaT0is2WoF{<2DPwFW;SrBROKpY;%h zV_lZZyLa=NIER1_Ql7%%PXQ3VncyoamdUmRRDi1@Aj!qWbrZ1!1Wgw9-lv9(vUf{E zudWc^GiP$X<(KzmKnKdwJ9vemH}|=pdNoT`D$1V##eqaY*L`aTua@}z%TeUQ)SIvl zS&+B%S93=b19S*VYh1J2NI+dZtxrW-*BZ_T#`LX`t?kmmmr z_VZ^sBql@yo==QP(2dMswqaA>svme@z}5JBVg!t(XZd&>j&|JxD$-@J@aA1lH>Kh! z!%+l^X>5i!cLbquhofZ$-mY9B4E<)+PBt`bO>M&v?S-^K5fL#H=A(R*9ETOv4Z>QGs^tG@Kyk?KdERy@ap7!yc}wOQ=XXF7G4llEf$_-=tW@I z#ca3}pT@}}5c(eT`_UIg1Qdya^m=E2(?t*@;~4{`AcftU=>km5eUafQLb!9lMhDJ> za_(qVztqyTYOQT#UA0gh1dF%@qR4_6zhfb8(3QhZnCq#rm0cA4R?Q=_ z48Z#5kl28WfSOcB8KD%;;e6F7QKf&>O@1NjE3oLqVuu=zj@8R*qQMIv8eag!@>a%g z6)@Za7>f~ZFr1tKDwqB4bl8!o@S)(<1del_&x0bCI^+Sk(|?-u@_Q923It&V*=)&F zN?rJVev~k^MSc(q?2C-EWkmt0eM-3->7n~bk!j!tl`?>g zxNuy8^c&3OtIC811su22`)=**Jb_~j)W&aa;uiNf^in?oa#A0r*L_Y{+jnAx7nE{% z8UF(DkLe&uf7pg9E?ei@^yM1$hog}=@>(mFa)BrVT^Amr5nlkE_wo83xRxvB5Fj$s z`iV&jXClgTfy+gfcgF({0AIJH(68zwK^DX)QX4szGjOo1YO8cmgYx0F4;e@4>L$mF zE@|!430v32`?1N%B@O6;&R$MlFL#Z3l}f`#sKaBBFlBrl&QTz{um%}Y zIYl_0-JM4l!M;l=zm7sLJJ6A@ zn=QNMo%06W_sLkUb+PgeG&{;^wEOo?gXNiZO$vvqVB`GNUFcJ(4PyzQH_4!F^#O(x7kk5^EN_4+0HWL%m)r9E3 zr|XXc;cFj-TtsG_rPRLQ2Tg%)cf8W`)_oWpq~wWDbP;JI=v1<;gWn6h6yH0i&S5s@ zZeq|+ygh3&yDGWou$kGdVxNCHbqr`+zMbOILrfQW5b^zEuZ*;xns?R*hl%zo6hNu8 zc=KE!%OD*|{?cbKmqR4(jN|RpMFnIy8{y{|r?-?5lD6o;2g2I@hO1`i|eA%8Hc$86YgI7p96`uZ3UXj3Z3tR3L z_6D!eylW?sK9b>x@zYH%gm2W(V~l|vagA{M1Gt{(h(89X&4uHH)sr3(Twi=bk}~v+ zt-3)sT?g3ROyzRrN-Q4DAhbcwUs$vxrnK*A)B2Ki80jK7!dXs-x0#!O)W=q!STEu& zhl|wH2w-uq`YaQUNe+4ynt4z9mLm`)5PMgLJC}#S^H&6>0;;oYp1W1MN9!t5T~cmI z>Wyhmb+F2t;c&8mpDmrIEuSL1AR&xO4YnEzxd8B^xc~+Zv5bcmN_0{eh!bS9j74k2 z-hDHNb!5UqK#Ejv?S@lZACHIs=e33TC{bQIqNbmw(JTJAJbfc*^~ZSXZJn-;?koWZyBn!_+v#H@IJo(T9bf}PnU21Ag#_STH$c4~PH;|D z`TPt2mL%R#DmTPl^UTpJ1TN8)lb!oEYz$)t+(|vZICV)Cx5_UaF&s$|hnT$+GN$w& zvdm*OI$)_^Np(^cK5d!-pthAbJIONNFd*>Qv|~XUVWf>!=Ge6UbqU95AI8+@d`YoU z>hoOI(XS`L0H%lGXlI4reYI6^-#q4)%n4)Ak#K*8l6j*)ameFb`!OO`^Lb#K0Ct-#PO##7KJAze$%~ zb|+syswQsw0~+X!mmqQ%jS`|j8VEy~{Q05x-=nxO>PY754x4n7;*f~3TkiRFhLB8I zKxAjynkbcQ2Ju1GMEz;~OfnGARPeKA-L@TCf0dvv9&3gJO>U9YhHhZuywMAsBB1!-v()LCS$!4!h-f|*y$dF5WeLyBjI+- zBmlSa$Lk!PEfkr!5i@m4f$fTpFowMdgnXr35j|S&jIVPZJkI0i@pDN$k7GVg^hD7f zDf=`c3L+O>LWH|lK*Bx&)E1thaqXe6Ix-5f472w@VNf=Vq9CN#@jh~#{P|GUXDYiy zlhIU8CyR$+dae)LWo|A0PHNieb5s!~pwFAM5W)!*Eydi~QCP-{2_v{-N0_S#52A9{ zwsxNeXsZ!%fdGrpC|5XG27!C4P@KjRb(43)4fup#+VgXS^MauA@RN=(+)?U`CkBrt z9*=ac(Bcs3_Q&Y+7DUqB?k*Q`S&s&PnV$JvOm@1jk;%|wsQXZ_Ab1L7 z&@mhZ4@d1c3Rkb4S`sTfIF-hNkH;y}2$GJln(COnNOk4}6d3fZX#J6c&u{%trt5Ai zPE^Pgus+3QL?@yQ!O(?MvaGl*C3ZyJ#kyU(5jg9_-Fv;Hu;~v-!gWso7_lN7Mii_G z=K~@ArKDf?en3U6_3axDR&wShTebr(N8)>3U0adjh&E<^_hT(qs??e?ug-w_==R_4e>f$~TD3)U08pN+( zLLGyrjv4DWPzD+N2MhyxF~76?FD(F}Gs`6HPXy1b+}S)o6ofB`-lk#^V&6PWoyD3Z z;1(v+lU3;)3Mb_1%i2(K_}$j?+05wPZvO21bvfdu%z7jxkF9X6_K(bl##z}=R#J9N zPhR)zFnAVXhFT0KS6W5g)A#!it%Bf}ghjozRktoAXupZLd3KT)?K@i`<|C;w&Eq#k zMeNeoQXV}fuF|ap2YlHOwR6;4VO^_YZaI1ZkD$QH4NEosp%Qe3hoR%w*w+u1{+Wyl z2bp;X5&9-zTu`YRa0NqixFyUJszTm^Qj9Oyy8Bl;Cq@#*RXeVUkKr`}etTg{Cs5FI zk5ve0QptM-O-$@|HMX=gI|Xlisp6QkR=}N6hmCg2@`9KJQ2nClZhF}Moh~y**&|$> zr2#}eC~$w@Y88KeTzSb-@L%j!yaoo4H2$a^ZbSUX23T;(yZLx%w1I7%it-dnscr{v zp$KkELC$L*A-Uvdw)5jYHM$|WuC3aIK!n70>B1Tme|YZfCR?>#+&EY70Ilek1R zr^#$nCvxyl+RS3)JC92@Rj@p-+UDOc>F(d#>nZymsNgp*yDoun31BpJ)ng1=*<2P_j7epe z+c^rF%jZ+Rz$mWkhrZjQuZg7YIRWs~3z^8YUWanEPBe1v!+J;LVLJk8CXzK8l%$?= zm50c|b=DRk;!1_?lLMdCcW}GmSL3{crmH_}H}e@d|2`o7xv_dl5S1?gC@&QW&9E6 zY*!ABuPI+<=a>)Rn{QXWHZ-e*5r%I`ZgPdQ}W>R zMRhC8gYo1ubMJ+$jN_?h$BNcEU-9t32eW)IclN_zt!FIKSy#cjw+3zSM=|U3KizGc zBW%sz@Le0Ea6RxG58xw0$U6Icn!dhu!6?b*m`z~p|M2EU@~|E*OnoTNn*yeA{IPA6 ziknK{(o{%jk-CG8uEc}eBb%_VAzCHgN#zrP3Lp7!=@`QnHa7^jFrAhDm&cnptK8{* z)e_;=H#porYr(Rp3^>Yrjf>7O{hq~b4}hj>RU3_FY!VX)Vdry*thB&U;UU+DnUfvl zyti|&lkJoK7O0?y;X)$J=otF&jAPfO%ts9LNLX@_lrNh0nUjUOvHnr#vYLxO^)wS~ zGXahtu1ZN;nR#!>6oZ5CMOi4+SXV|Qy?)%;l$X=#gdIoNQit1W0-aKMAhuCrpn57T zzd?MCmu;Y`@g+a8PghBIpY}WDe11d6#<m zvm+xq*W%dFb#HV^+M7a0VB4iQErY^(^Q7FQ$;y>ItqaB4#fNA~!H`~4NEWtPe7cIj zvPpebpEWZRlH01Nha=|M6j0pnb=P)gp)t0P51=26+o9z5wEyK5u2qv)QtT~oCY6`W zwK59-ZOO=wy#+gN|MHF!$_OfM+5pi=Q8~Rwn2p)<>f$l#mgBdUpw{-Sf7(A(jk(Qz zhjB95P8=uhqI5u-RMP?`0a7fEV9z-YUlv|M74e-z!VN+PMN29u{8VLI!I+@VOajV~ znRhnxGJ2SaAJc>3W69^r4o?@tpMtL#6srTHQj3F<1w?}B#ko{}61KCksx3A|B*ino z{+sL=?I?bZq*7c(l|N%9`8!hwT)M-beLB;F1Zq_b0NZ=og-?>A1Zyyndu^Qv!$V*# zCmnRzhNc>AajarDUC*;gNk4tha+Ivw{#lBGkVtp)_w`~1Ue2YFxbBNlu}Z9GPOgbc z{`hN@yJt!bLMoYUX3^B-K72V!iMp{JF~8ZkHX=Ka+Y}upg#bO~EapLZ_N6A`wM$ z{?0(|24+UFc|_g$B3-?l3=+YcC%Uma8tROjgxC!Vf;@AtL{mjNRsz&Wf&HDoGBQlX z^ciu9e#t}jXtMf|)Yu)!h4|8QA5KQii>ZxtJ>uVSck$V%jg$sa?*yA6;yp5*?&`{| zNbQ4m806n~)%~hABQM0GCXh&#l#u6SgB|OlmI`c2;>mspBA%}oU9QzM1foi|`dqrh zh;w9?h%Bjdh(gkk9s87EiE>tn_Of+Ba`d~{wB!=n!9Z6Mg(j}(NzoPyv-Xt->#w5IW_)8%A;3LwFeZ%kti>j}w{ljn%9GbtyL(g+6mkm6fxPEY(JvgsEqp0*3*Vjq596*Ss z`{6C2n|`=z;#o_N$o5=b|3+upUOBa^eJaju7ON0}RPNb2z+AlW1)Wq9JidN@7YNVBC|wuE?3A!3LXx2n^wc9x%FoR!~t~?L5+3 zjb;OQx*&bbAPuu0>dsG>P&*?IVJ$1{oqIMDpHPbOQs??($sEk5DUx~KViodZsU6=- zsAovXSA7L)qr8t{wm~ z=)X5Kc=8bRd`)QP&~Dq}*?3!2$ib>lVL`Fafd2&<)L|p) zto5>o9!y|QAonlqE~ozV&R@?^q$nmk4NGi(i%^fj+L_O2RVKi(%CU+gY}FfemE-X4 zJ3_T5!Vbu56Q)|V;^@Zt)J|XU<7#XBzIngn@VzD+Tuf`CBaI(T7S6nkPxU*@FgSNJ zL0#k7VKiln?KU+f+PRpI+L{AfpOaBz)7Xt`JXN&IlQY>ChlaTP38zCrDF!YDPy|vU zrg$e*QzT7#N-b~<89(nwg*8|8{twPG^#*K-g3Eymscfj}@1Q8}%|&MYIF+R}ml^1x zuKSa-p{(<|B{+cM;e*qxJi=@h0lvs*ohkObBwLmD^(O=a810!0!<^hXc-Q{O|A6TU zy7rIzlfXc8NZxkiV>M}wo9i|xL(m6$)!Xc%+p72*qXlRqLJ;Srq9#@!R`)q_I{W$ZyzH|a{{ zZ9IfrK0~ooQ+UPu&cdKj)912PXs&zfEd>imGXHIu`fipGjhEl6NMxPab}6KW;oIVM zI_Sf?cS!X1%0guS4to`xyWs1;rG|E)ixeOU1%ESKHHkl_k3vQk`AMxFn2*fvj?6oB zc}U12&P!vL1z163_pZ#qi>XV8Hzv>O7R#Rm?1qnJ2a(&%;w8#yu>yKyk2MiutQd2$7 zk2tVKB!Ic)D`dXSV+ug_4iV;KAph1ahy8e*gskFG(|IPe#eSH+C{)=Q@jzp3^H$?M zp8~$K<^d)VuNyGvS#l{P=mN%~f89k)`PJ~PTs17nh`65W(f$W}Z^4%3)`SfUf`m#V zAl)g5bVw-O(hZW5(p@)-bV*ApCEY0qTA@O^)`|D|$}lwa6TvOaF`gp8^hj>xA==Z2#R3l$`6TCAb^ zIqg=~-9>463m20(C^nELs_zqG`vmQ?R=`1OEISV~cU%&Fnl+zwv5odpyd(`qffx^M z7s9H^@bP>#!Pol?*3U%Q<{QG#G7J)?mTa~XgC1?n7n*0g_VVou6g*)O z)#{9%4;ObxOH;~{NqCRJTx~D9KgB*Nd3?4}l!ut?l3=Fe|G+3oTIb%6d*|`2hKk3C zQ5U^XmeLZ3!!Y#hoBzF{|6K%X%r!NxXcNbNSia&;U-EpvoIUC^D)mAnt*PoeucGCC z&1y;%$Ojxw7@>Yej9I>h{n<6~j9MV}7K z*_{Xq2uM2k)$NsV6wZdMb=z7{GL@rVJd2?z&6ZCk$?KBD6+_Wmk31J33U6xuG=BV| zoRLkE730Es{Zkp##TEsd<};PS`-ZT**uSETQHD?oknGi0dhI32Sy0+@V*M1DuRrTCx*5f1XpGN6ej;H!C1r=dZ~H)5%_Gmv zX`_cHdk8Zd9@`idCE^xJwco91euZyj0!RynqdXUL)k{NMy?{ zs+4ulAcjC%1)*enva0BFRN}KR!K!@ag4l|mTn*f?Cn(!o{m3{f>dx!j`>%pFo|LHP zIfat)*oj;V!Wwsw3$;N^;sq_=I=6$*-n)uZ2h4C$|cFbt7H( zSJq5703(FWa>P*o!j&nhzmUV)0JSCJ=ffJ5L!RJx{}ZBjzNuIwaBX&P2{HW;B%1gT zez}{{5urr$2V~#sCa!i(XtF?F`eL^%B}j&V_D&Q-PRln2qYyKgTw%9BH(M_GAPe~z z!v$;PInBD@RNdLZ8fCb^*=K=flp+PP`n|7&XIeatOI51O8XL%#Z+0Yo5G2UBkof`l zepZGGr(xSdEI?b(WrkqTVM2mRF6DtTXVeU_tPkz2*@0lCStfjg0y524Dcn6dEc&md zN6F4J{j@X--BF;PW4$r+CfU93>G#b^S6bQZ3l&1w5JF687( zX8%0p!&*V)T!Y%d=nsbX8q<}ekPtAumfJS8{`f7OD(n`#k$n7PVNjl)-blAOQ~%}4 zj#b&RSe>6MkdRu70uGA|HbpzfE1g&q(s?88%m``t@$LVsM z8}`AD_qCSV?TutMMms(j8D)aM$;GL7)M#eQzGa!{T@oMb}Kyzyu^+0qxe&k zn##r~#189!$HAJCZMY&ch? zmR&Ba<@)(gzKKePTk{V`OAN((KRRtqXqE)p655u=a~>P+JzR6~?G^vLhoIF8GlXN| zKi3al#p!acp0u8-eo;hDM;xmEy$3}H))(6OM$Mxna1|q!G2lhOwRFM4kYFp_6o)~< zVE3rYN@49fLo>;3khb3Q^knYMSs7e**8C+1*=FF*?vfxMIb)@2(7jnj@uuC|e71&e z>*iG76KhBb6Tz}c9>_MR83-h5%${f=6}P0?MIxZ-8f#h-nG;8EUim7wE6=FizUvSA zeP6}v4}42i0#xXUGL(>*s$(>9bt$yzx9;_@_5JLV9lDG6z>?WUlbkcNm|vJ=sa@&U?s<}4UZ!5yb+a_cDsnIy)0GDfGiZh*{0@ny46VaU5{dOcynK5l#24x8v z*$-3-7*imbigzY@`r(_FAJzqDNFUzZwG1Iwuo;sqW)+6{v9<)EEn~`?fm9~9C}d|F zx))>$z6%)&>KHJ;gm9>rUXefO5iPyidQCvcY58MR;j2ODoC3;4ADo3@byWiXy8zRG zbA^$)8ecnPB;|MkVKYRv@0?Z>KhKi95-wZ>N&5c>yo#>~#O4blo1E&; zNcxCI*5m~*Gg5EA^=O)vp%dCW#_VGin8iqB8k?2eZC)j~;xuU3bH=iN-9QG3PFKt# z1?(-h0x77h;4<~t%)O#|ZaPHDm8!`taESh{@k_YiRkfTFDp{)Ci`|^pN*Bk`d2tQd z4Vg#ucr2a;4U&V$!<~8!fRIC1FYmSZ!P8~DLcPe(4Y*)23CcP0i z_?^9{C=otva8;gnazkV6O`|TtCPYq#vWBvwhXov$s^u>!^TabaiO$&Mt$tdHf4(X? z3?+Fwk$vSld_0`>BRk*QgTX|k^5Xi~`#O6=H4)uY50U6_R_(z?EL^tK{GH=Vy*Yj8>G)g`DI+l%dOCXc#hv;6FH2wU=@Z0mM?u%ZX&bhhO(x!r`$bGCNr6eFP7n1dSD+hrUY0RcRT19LY6f8&Jy}>bJm? zfu|mdAHsX)Mg&q_4)Lr&?%B0BQs%|bag0{YbwkbLEe@-RA%9n2x^5!U6g=b<`g}}E zmzCX%u!kH{eW{A^r_sOK1*_sIjfEH3JQcgxl@2o0j4PIv^y1eXqGoyD4P;86EBAO6e0UE`()Tm8B=&f$9MmgJLw_lpcBfl~c_V0BC5 zI=-7$`*!ToeTrgg1B%ar>%6LnGPEzH!d}PhZQW^*6tzs%FTt7#QE%O z5-%-*-?h|f^htc$mOlpu`_+lq-Py0g7V_k9SOF=w1aGIC;+aW;ezT~zQj=|1d=B9o zbSkkA(epXY{BfxTXk!d?v}nm#n4EUE%5{iP55+aK5Su9Atf|F@XjHVgo9^F2zh>>;OxiLkrrZ( zY?k1Cyp^ZxzK8h}OXhi`738S3UrSZ6(z(pB3rDMT6t*P38r9zBO40W{_5T9swC0!% zm|ptEG(Y9HFUIk0>LQ3$bEynLd@|*eZ;(uA;l@2`vr!&&`1DH9H<2$Ne^)~vVGpZ> zWKYA8Hr_sD`T%c4S~b}0%aanRvLjMQ%~`%)aqdN79VZL?HJI-zvK8$1mA4<`gB2Fd z=7&P0do|{?%_*!=g0vQGL-WgO8@$cj1v_spliB+y@@wF!lT5ja@6ATtLJ<*ba+FH_ zR@*nF3jg?Jhd(_h^RBCZAUi_C(r#<}i|v!=$a)@>C#&!VS7yEhY**vYE@0s1H($oQ z!gvmnbFv3z2$Dt+?HwJ(}YAg?)TG{5rS|BB;?4Uvbn&)}Cso&zbmh`?$o)oCEIj zfsafr51(yfGB(;SejPUs*LY}vK7UPqf&P}I*XC_CX7Mu_$~KAeDD`~NFK+f9R@h1B zLy)W{3+5F(TTCh7KO~xxp33HDDH!*99-!-~-f=&QbG3tC)`xS~pLW@jL4e*~`haq}vkufhVpttH8BFI7XySHX-fTnX>1mxjJ$W+S)K1JFNdBOlO< zpWO2^&OAlJyHr})tK~Ns)_?9R%g+>oae_PRKxwV1U)=wyBPL{dw+b|D!s}7cCWF}DztO@;H8&vq&Dlqprle>3nL($%Sm<4x9+MrD0h&Y;KON-r@AxIW|=KTo4EFr|P@+Ytu=7zUCz&&uh_wWnHy9$D8)sJLdIr`I8 zulk>LaJ5W`3uza>{iIl9j!2B%P=QXv{R-Zfn_T}EBYrvTTBQj|ID<6~*m-wVdnJ!| zr&`WXOUm>?sc7*+tG(6ARmL+`2_FM^DH?US76!&$4Y5ruA_6o<8af{t1#|Y~Zx#5R z3U7MFiy_-jEXQmMsd|1K>3N&6ZworA3Z2N_rVq88LYpZZ)A}Ytp8%80ZpdP=Y(8Au zL9;~+g9^L560_IEh8&iM9w3#cFa;@-|Hqzyjl71pz8JuLYdT3#o-ct1yTb^I?<$tY;A`N+bxG@O)S`h;x&N?Q#@BA zg>|UP>q^@?R~1>&JOa35YIwz8X@q?h(SCA^{lxRa=n%0ABO1l;LMT+pXn&?0p`%x% zTkpV6a3Jcrwy2c&Dpk?#%r{h$-qK;VxeIxrO8u0v+enAhfb%0U?yd3cXq8%Ru(_UH z1GHK)q{j96d8i>QzMz8+cDOX+z(`-|yuZtfuCDKI?tSlT?)aM{U8%u&TrTKo52I^}FK9NPV~`(;x-27S%)5FbwnV zU5gj=XzccFal$gxnG&PNtmt#0bt?&u>#4+)7T!v0n)FeQmP{c$y9r8q?_Q5V4sYcMII}+s!i{=36H<7$)QOFd7Vy=>`o;4G+QH zCGBYhU#5aP7^mP%vh+Rm&u(u}6P<@O#8-3Km?;rzSS7GLkaJ8(M`6C?bOQ%yCEL;)9=87*{@~wd; z0k_{p&4h3lh~~@VZmKG9{i0HANk;zy9mL2GxP9cfr+kd$7EjgFUk#pV+z)0`S8IOu zNWoyZvB~Z9iW{cyO?#iRTGT+-R&xRLlLu*Bm>+(cj?TJZX}er{mr}+1W^8@hnEEns zZYr_z8BX$UG%+pYEhS;hnd-~^6xAJR^DbdDtJ3h%3X9Tj#Vl+=a%_s}xQj|kOHv}` zPpHjppmGA7PsXn?-wOG0&}>GfqsfkvRRCJ|X}TdT+IOG_c}g?s>t^{^;Qr>YWEVAa z-w6ZkJ^84l(XG{nA9saynpcRA7s=(iNQiX87r$c06EdfFDaxh*rdmrKi381^k?K~$ z>{Db@{^pV5=k}GI^WP~)KC8^X>GG}N`I_rpnQZdONw1Xv!Hpu?%~Wue>IadFf4fH|1Wy$qf^b3*FA~*W_+AJNnM@AFK%Xou zvgD#u*pX>n5uUsEE)b@gc8}*~zPBI0SE=JnF-rC~+T=n@g2fQx2o$$y)jH&;zN1-G zA2Y?0;Dj$MJCNk`*<^vhuD?DaQu?63LF9v%S5#C!=~H`)xO)>Wbx&A2AEPCm1d{?- zOlSeJ0JC2geGklTdH{hyP1FeQ&}Ez@<;U(rcEZ0Om=Sq{>%Wwn<9|Y~^KB=(61XQQD&`%O`2(a-o(+!_RWZp2+q{qi?*z!LY zm(pPeAU9b8JZTA#?FVF4GqV9Qy3Veypj!UB@4+$%IEucByxLrq;%Bv^}i_xC)3M^s3ER7KTLPBE*=oKAdOz z{zU5cO!c2PImUvPUPf5|t~a#mLd@8o^%@)4&4(ncLFZMo$;twV{N(uOh}P?vNJ{ab z7b{Q!iE5GVqeohm(TbT;l0b1T1JEi`@cKe&Rj<-A;T|!sau~_e+}TD@RHK+JM@+9) zn3R#7-3{QO3(Djt#zE}=g(`uT7d4=7qw#2=&J&Ll8?&+Ek3GqJqp7KQf9=RPO10b? zoBKua=F=rUXhS8);V|$3NB#|msT57CK)s&rh2-E=P(j`!85Cx{Q?sgjd*9IHGJM8c#peX&dLI3#^ z9(l@TF;ubI=H=;nUQxLPp20r;+CXM-69bYjzR+Z)RTQh?R|$Y@I6REzFKWE1y+^{Y z-pJKRBNLxyhybxu&^DX@1e`>%h8+`NR?tb8D#RS{EGYas{biwc%p&5`RZ*lyn+D7>Fjeb9Xeuqy9*p9 z)fpy5m#d+D#||p!w|>nBHrrqT(c+=GWszpk9<;_S5YYUF`)M#9OKc)wNY1F$sxYU9 zoYWHUTIU^Rkj*<3D~LQYl_g8)x%1JV$zc@mmpW zL03NuKGX=7*MM#a? z;ksh6zHpREy#o%%d_k>VNNZg4qI}If7Ut z@6%(xW|IHR=&vs>zCIgrJMbz*8vO1TkMEz1_vAeB9_Ko%H6FY(z)~OFP)TADf{$+# z*u=GD(yIK?lD?COLui$lpF*j0grtgWedJ^2!OwUazT?ffncHG(=O-MT>5a-vYMM0P zlW1S}eJC2-7|vyAMIsJoH7ZC4ck%m?{CP>ocmcj)*y7LLHKQyvbxsXjovbjIP{P|~ zrEH6prS=b<%QqJ|tQq+>Jha9W1dzh`FfC}_+iH!5I3{atfF_Y)go{DPALh&8yRJRN z+Rin2W*&O~wTb`EPv|?!(jI-MD@Q);_xdyiBiy-%PX;VjU808_BG8@`(iA&xsG1FA z1a8hY>YsFfRB#NQSdxiWk^gM` zzwd|cOJ8J#wJ5S5mcUB-=XU<@FIbX3QmG;XCR%^U#D7eU2r_u(Gb&{EL`YHp?*~Bk zX#=#8<>L?j6qSF5LKSc;MgRrA*W|xn`R{kKNQBP^l2lfeqQCY2f8P4f7ZeJiOnG0S zGJ^lpyTKX#e^dYe-}NPV1wOFp{Nnn%0WzJMUnIlxbPIBycqr61$nB((e>o!gG3x2= z7+Y>~pW33AhJgRcU>_8YJ3ITI186;KA0W813tLkxavHXDRHoCCdLn+GJ15MVSW_xI z%q+~YN2^vF9B-Z3s*#t(!8wMjDVGE8O?2LZUri3;f|jMa+YzxWqU4z}=>zq-<@aT>1ftSW_|r)L$1g{*JsnKkjaRgET!Z zc@zYkg_j5?f*LIf?uF!P44&1($5XuB!*I=Aw?{Z}uq5ulE10yFc0X$IemwOAdlLyV zaxsCB51S+{Qp4t;U$qga+WrMHX(mEvycU@AFpFY?%ZWe=v+8Ik?tEaiwoAm>m^Uq1~STrCC7{$|O} z%_q)zLT?4z+I2p})AAO~XBj~U6Pq`besHWTK}pFZpNQ_pbUdKxMDdsld5HH+NRo*m z{0zdUjL4@Ugq?ObbRMO={`ZjorFF6x(ZZJ}*-*4P{Oq7-@k7xl63odGdsTUO`_B*i8UDOsI zcSbJh*k<$?&b?0`Y4~G|dJW?4k=ErLSzfUH8q+(J-oZMT()fLc{rfN>DJcHf5n8r8 z**t4J_7mkj&%6$o6N|N{+iJSJ(M3j$?;dU04?7C4vbfwnv5SCGlbbULAch;I_pEh% zMewD+{c{$JT0u;ongIHRhlEv9^S+472TF`o;{L>L1T5VswG=@a>t*xB zLk91s8df9Xhgzj>E*`XnB*cRhDKU*#XIe+ZC$d);`z$<8oADRLr>5iO#$OsqQu}BH zugaAg^sduuclNWjSSl~-l;$)ayc+)1UF5$sS&`^CQfe&K)t~OI8QeKf>HRHthYR(W zD1)4Fc&@EJzc`cC<>B!j>zyO?LN$Lc!K8w<)T$i;))B+;f#>z(WjlDM*3%|%eYYD) zqIK3i4|B66XX;!_aUBi(WPZ*TH4>Y`Mpb656fXG|Si&0$mCca6cz(*4>FT4gdgtLP zDTN<4)Py;OWO*>@PHzUi`WiQQD)dxtKUu2p-F&Co&4rYpfj^xd8BcaUl5V%lq+B0a z=u<}Kt zYx|`3Qq$|AGf!ZgFUK-lWh}<@mc!>9``l~%wLD&;WITEF)NZjt?Q`fZ^XU#@nNjcA zqhD2u?8`6QB0mg&k0#{H>~vjCD%h|)!_8%imXN<(OEt=9eYDIdL`5&=Q>!dTM+VwXRk^>*5RteUF8?K5qbf)9FW1)f)zvsDf$PHNf| zZ?@N&btWq#9J`3kd)_(|6$C0^GWk7=d8D68ekkMVTq3vO z;b?EQ%)W9s{_A|6^4E{#=_S}?QIuV#)VC?b)b8`U4L?pdy_zRpeGXD9w_bd(<|cc$ z<~$ZnF<03(;qj$m@-&_2vyx{f>MKHK$Nr@w8V74qnL}ojqdC0Id;KpKjkYgXGW_jk zzZ_S}F;vOdUu##v^j^!HD_nYHXm@sPT&0sLT* zyN_w!pfo>TTq?742(HXP%dnewv`f6t29xKfm-W_*wwdyi<-wp`^p*oIW9dkDAK#G# zwlN~xT$uHQ=-TM4S6q?G*{t_fF zb|%Y@A3BoVAMGD$>`$v!@r}>` zqo+P%nc0TZ)-#9a*{W9>lb;93MytL|kw&d_V4G#9stR|^pDM-padZx_lwK^Ok@Dmg zIqzJGHWmtgRLFg4YhSz6V!xC>$k^p9ctJNfqea!2%gy=ah$x~r_sT#N)xr;5yPWg& z^n4K>UN3Vl%Y3xx%!L$zU$uaZ-v?Ib9HB@>dHR$F&3d#d<6Lt*JJ0j(Lq;Yeh8Pw~ zilbR3uc%nUJ%nbR*ZWYH?fhydD+IQ``}Nq6ziE1UFIK)d4b^`bomO4P z*6ew~t}rp7H~;s!7JG|RTmkNxbLUL_JjWw~ZxnZzC0Kg3ciT}sR1-*c9Fiw1RRZ5Gzqr3a=O>J*v#?9*{i-{z3%6S`hK=FWLL)oh1|zz9A|bo8 zj#_Wyz!S+UCXg-c%aeqV;wu;hf`@N!?kD)#<#l9Aiq*mVJ1+?!e$_=Xhs~`wy+^;tyFS zk#}sb=G(qjdQF>OX^dC9eo<{nN{?m|o3lHNvZKtk`#waNq0 z?b4htnp0ZogP#~j53FVre_2irk2S+9w-{jVXI7}@+Ny8owN~IVZbxX&(b8CdTk@f+ z*W$<1r{#*sLG;z4^&Ex`{Cjf+m6x6N3(AEHaD}f@8Amw-Y}-*&hvhZ*?ijzvOm`{% z?kCCC<$Fmh_lx1P0i(upFs{YHo&aR(!EmL7USk6rhS?GajH3u&bO%)*-jGlrSZK(t294$fd0TEXR!AUVTlv7 z(gT)})JK9lXn9OeV(2}C1g?m-)gC44l2J?J>}x&oEH|ndQh6Xyd;pvKxofJMz(mT# zJL5kX?KkMdR~Yxn?{0V34%bhmZ<}XIg_iU>B-w$@iYV|FpXhg(hDJGZNmudE7^^Lt zpJa>0c(1@YS}WLkN#!*S8OycNKWpC@j@*oRs1mLvn(SrHb9vRR(h5c-8_lbqQ%S+*ig1!p(! zg@~7DPRnHb81ZZ7H}zbyM+%q@dx(w)kqg+SJxa|m@BW}j#BSABcR$QLE$rWx69gf8 z&^ZsCc%;OA;xj%E-e+z$1(6=TqtME)JXtt|+zne!67I;c~V$mDm<9E4(Cg8>Y98?nm}2~ripOS#$J%>d1&-*) zeRWSn&D8{zQn5^?azotJxbtHt+XT)uh+l_~Jr(2e6PSB-bU(2Y#aAVc$5v{bnqlmy zgCVTbB1$k~nt>B*fR?cx8%KdV@Lq|>HxeoK#-@C%&kH6>fgDVE)UX2k*y8y(o6PE)sAaDN2wueDN=@UUHH7Fvt)SV{fk9 zpRHD(C0FAMpVda+zBE#(W**1f)_Xd;RC9KaU!HaUM+ni`Wq?=3Ij-dR6DjiB!ga*h zgIVhRi>$%s40jXu$qQj{2DWBhmOg&8wU8X85kE}70OGue5IDg|nZT{jU}?Y8B2 z7;uMd558S@wK-?H#SA*wSY$NUB4eR38p5fxVx7O*m+vU}WUk3n=(IIW8&G4UBBt$P zExVR|7OAEoTb~*2#ZoUIEfvQ^?&+?R_eL)ry*~`oc+r>#Gl!Al>^)s)=if_*#UXEb z1FG{uSdb(Ow`=Cv9>wlcrT9!J?ng;xOM%!CwAvS^M{H~TI@4aLJqbn_hq4{g&}@K+ znk|LfWu(OIH@K4&eP87oI22uB)8~kZc0^GmVQGTMXgawfwvBfalxh_6le+v88fvK?5_3+R{*phU+%t>9HU4boa#WT`ovVV z&_>aX8-<6SF!u_uDv3<793U|(&r8s$&JSTSp@#*aQ}>6kDkt|(g#$_Zz-jkI=JV;% zSy?3E1!iN=Z^-n&UF8z8h@owrl3Pu@b@KmL|2^Y4n@~9SQHx7Bmu@Wfp}9(^^QeY5 zD%Q`DkH)BBAD-WUngfs^r_m`Vy^)?O;vRxsD=sTRb#XWk<=i3n3!e1Wf&U%^_#TM? z+*I24-`QAD-ahw<#hzC%Ai3#3k--%K)$u#>sB74>xAX+&q9OMKmo<)dB)zw4ho>!_ za4YT<`I!I@!tV9iiWE|Ye0p5Y2T%_9e}CrX)(`*T0sz~90S&%%WVd<&q1UsE z{dsp_bb>ir^i7*Wq6q>mQkyAV>ne@CT-FTW9Yh`WmZ)q;0YoIfFjKa1W0uwwzz7LX zoGWIb!UzEn$D987`d26b*5#e}#3cUbu@{0LhfvP@NV6`He_;kc+lSwu8-A#AaNTzH zefr1v;jnfQpfQ_-ldhl?6TNjuZtJ%5EezOBFl0G2I>;NWXD15#D^l_w(~=DDH{KD< zG*&K-^24qr9lQJG|KhC()R5f-pe|phcrHmYMF4XIMC0$T(!hXivtqJunfT|bG(Cp^ zbto`}KEJF`C*xBXpqny1MK}p;=bBM&ts8Q(ivtatUo`HGEh3zzT(!Z&F_b^I25b`y z0fJDn0d|fe*0fS5M+PL&LG<9Pt224;K1pN(-~BR`8^6@|TT(#Kr%!mrr%n=#VkT*H zibQ2(Lbhfau~PoewVuO-fE<^%jQ;Z!5RTJtRLpo|>%fmFlu$6+?K zjuH7!;^PI+yG6J6(q-yA$5Cv=kwvh>^x;Am$lcAc@o#wT-Qt>vJ#uExf87lo(APGel? zl!BYsle}*CV{a4f@@PkZy=9-VWGGG4p;p%R|zI)idcLem9eOx??fbOSr6+C zEDk_v2oQv}3J_$N=aM_tH%uU>OUR^mY2$_JHC3>uC=zcxb(aBp>I%#G*Svfl=5Wk3 z#!nqIL)5JV0(8^VPhWD~5R&)F&_;HmMPE9TLPy}W+!*D}y&!{~{Bs2MNIA45=>MLa z)T8vb_c`mm#abo|p5I&!8c19l5140YzW2Mn1M21}TTJ1@Z-wL0wt_dl}vN@lM=(YH6u5lipAMX7s0^eL86MySNPg zA5&w$Dg{coGAu?56-x|6rI~gASCZd?`$swz)mYkZooz>40$lhuagr*5amykMwG<@0 z4iZp-4HViAA$h9l1UO~I!%1Q~qi8oq)$>b0q_`6#z!c^AQul-8&}C4}7zg+>UsT}* zb53b@08o8;>giGFpXz}u5DJ0mUDtU(ymFO0`D}D0 zlo95I0jXYRIR|Tl;w0V|wi=CI^%sB&@F5LOP;nPbT9wIYs@j&e#-aJcPrywYIaBZ6 z{ei>6pg+W7BffEyaP%mY_{KSuV1_ge6<$Nq@zJ+P%3mO%qYKncKYDZL{(I0iXr)e3 z`o5mWo?lPOQ>}Ms#0*@s9%ZUm7ocf#EYVD3##&kgACMa zb-yqSKreUQH|gM&O?yN~X?3B;dhKLpfXTUd5zStGtVv7Xr9wJ3%QA{qz^-IH>3ajffi~%4teh62uJ@ zdvQxZedj>&%jc78?<)F0<~AVn6)34Em7^FD)UHmVl275cYrW4U(cp2KRO&)e5AMtq zd?X}LnD*ay0SH|Gj(UHgKh9~ZK_cX`j&|R!5#MgS_BsWv*UH+T3E#tRlj_VN3qxP{ z)I{CEFqYK%o&u!tK+QirdEXxj6t&VqTejRC7YBHPds4lx%o0rp zG9*i1w%(a^pQkan9p+Olx6KJ&5NAG|i!x3gF^dV0(?OIRJKfGd$EPql!T zo+jK7hRuaBh*}sb2iNg(nayTSs53E+RO6%iFM&VR(=8Ny_`*qH$BiEY2fbxQpt)E> zx%Kpftw-?yU}=?UBQ#a|Sh6At0q!bxT~3?NNqM= znkn#U`h#`h{3pNkspRNT8ojv8uE`+9V-{ph$cF{LxuIAk_#v(8 z<{%@@@2CB050HDtDarA)mn?(TO zY{q59KxDE?^Wgy;e#E%%kV&opx#OJ&jvnDrHFFPE9BPRSPM~zCuw~abf1XWn%QmGz zcMr%isM^WtQ0(Jgya!P)3&9!E+Vp)8@T`Thyqv1uWLb@uieiwqOJXEuO2-Wa54jiIcCoBB1n5O7DKqMTXAg;Y++f^Z5lO;4%)=!A_CQ1BRAq z$5+@54Nnyd5(om9lM5<9&6zYHIVLW!p4%=pXh($z$cc3H@^KBYFF}$bf@5B@7_o4Y zlH`IhPb34FvBh#}H#0T@we$NoNazrWce3?HywcqVOg75q&q@&T%9Z4w4ws;@%zV=< z>kMvPh`%{q7&Ki&wzF0EcT*Nns!r^KN175actlIS5}=W{7Aic?ohHvmM5^CB(yspT zA$sefR2HD4Wz^DSsDmzw+-eHmf=GaybOUnoIR`DRUv;3S^cNr#9$Oi&b+k~(V<$pK zmrhmY%ktd)CZnY*bJMbfDv0FPluD93ZN?;!Vwq0C@IS{01cWb8b;mx6ieXgi((}Gt zjuzE|myLf+{y7F+yHhHbX-(ZfbTV`|Tf+ZRbLHxxd|yo2y>dAU1LJ;sb`g-mL?u9=Hw68MvVnwF*! zWcx|BzNHpbRgFzQSId-&DZi@$N)F^15>ZhgMaQ8gl3nqhMNhygW)X*s$T|?ZsmWGw z5K24%5%somax|zs=5<_Oa!I{u-2wq@`RzB=Yv#CXvvSs&CfUAQ?6I1u)1Z-0N!k*~ zr(NkwWdV7t_LUABiJ)jRBYzly8@R6&xH^~x8(nVqo%2CWFG_ybCV~Z?@K^8CWjq2v z2#WU0G7f#2&uNn`JK5>O^j5TlJEy(5R7ljD8v+*~2x-@M=u+X=pLHf$=(Ce3*4Ea- z2u&Rb2~8|^wbW0V20G}!v2iW}Z54w>EmiF>)Hzw8>?m5E$Vya%7RQ9(Zy(>J-l5Q!&c$B)}*gkP{hP1sWf8@Ild zjJLlSE#8Hdnt~8_WpnZi{6d4Vw|FeNQB^2yeGR5xvgv_<+ra>1cYTC8#+AFuO|lPbTIi4j*~$#um#;eCQ-`SvC_Eg_QyI5?wJSu@T(10!y=vR(UU6|FUL5zjS5BpGYTQV`b zYcwo_#}q~4)oW1X)UWDh%DxAOi3`Q#D6@G z1_p4LiFq9&0L9C9r>zw2X9t?-t8L5(OtX#NjaK!=K9gUZiyF@m?><2GdM``Us|%ur zjZ+-c?lW+E#?&luL&IA8zTkJ zNjj`Y$<>dWRI-F%@J>~iW@AE&$R~hkKub$u?hgC{Gq7P-2{yR{1nVD zWww#!^*nGh>#F)y?iemK$N)xIsd0A~Xc$2bdUb_b@Z~4{K5|Wy&}heNOhJYu-q``k zYx&@xvRmV(sgFjr?L+H8K02+H&706hz<0}AC{@f~4T{@2Pr9B@1ewPDBb6`x;j_K3ub#a6k(PG(?$;ewAM=rX0`}CJKsT-OS05j_M0lx)M4iwKG5!HZD`!ddn&If8|7tznRtD+G@`cMAa|HQxFl z3;pclk5bK?CBFlg&L6^8`Vse$rZVtmXe!KyQNNIJ_B&5I#_3}dN$rLsOnuozprsmb zmo4c|%r$cmy(h2_bzDHBAz{MPZU&+17&&g=!%(4Bs3crev^$UE+D!4Q0qJ<>iDt&2*1a-@I!#clq zio<*jXG+MkxdB@9iH*>H72JHWpjF4nh~oXAPEa)34eni|QvXBLs)GGKK|LE^yy#e) zr>I=|uIl%f?6TY{lEdrzmJ3T<|MazCRFoJKL{y!3mMXRvejb*Wv%~V#=$coKL7xBJ zm|kyE)Kt&}ay_cyB5)o45Gr4I$ax^X}B$oWAesm(P&3Dses3r6A`skbOgArUuA|`-J$vF z2Oy8F5{l|yfI@#6zZ*%a3(QL|?NvsS44M6qPZV~-|HK|%{6>a?SY2wrl^Avy^?wrm z?d;ha-1c0{jFSp|$kD=^HC>4nP75x^5^R1zq1D~StDuqiM)*|W?aNgDij~)C8 z=x*%ogtJai?vX^UHLlzMXF;m|TWBd-kuq0}_){2y^{au8S_5hT25hyt9XEXMGN;9a zQ+_;|2AHE$WdILi6>~KuuOu+<5wrVWB%v4;OfPvvIsdnb0DUKe|D8kl!@19Ny3Vz% zCy7TX?V=>gZn?{hF%?v205@*}1p?i#6`ML=vzhcnpbMM`&Aop`OD!E64crhZV5n_b zv)#a5peKL*t;2UxF&D{cOdYvD5GVcwqC1XutHcANBO7=zmB$Gu=zqc3d)$U}u8@5L zDqb9w6;^r^)u8JZ)S+anObAL39_4EJ$5yWWpN#pX@N%KL{hbMSvKd(_(aXDd%+bIB z;!W{E$O{C-oG1oo3U>YwAXX%wKM1UI&?Sb)fDcnaLD!*QbO3O+q&zm2rgJv{Nw?$J zCt-gWQDB8W{f6zL7k8CQfQirz4(8S?4w$S%z1v|1z!y>;I@jF+0h*JD%dM)}CD24F z8XzP*wGJPbp*};Prp^R#+DLiuE|h3GZ;!J8ocU<%GdIznX9+e1;Kbv?hI-!BJ4mDD zHRi(%Py+}ALUUTE9BIn)cv>+-0yCRQrV0aK<|4VZ6lWd+plIwp0EHfBv>-h&1LJuQ zJWx%Ow{gwL5dJ=9HFE=yB7+q}rE|0e8m+~AJDDM45-b{}A`tWh>Rs;fmV^6A5x68r15l+rZTnu1FjtpFBlzN^_@`cDom}x)oNz=PXrkx~ z$D3m%ltw&BKMseKfB2rn}#IqQ}!(YfV8})f4L}ZqGB!uzEBa z$RrW)JVWSiaYvzwkSYv-*oZDb--4I@pjYrGs5}Ssz>0etlbTS9ji1;r=ng-7(`6Hi zM$pC^r0ue$(kTHfbKSu5bhsc$Gg4Lhn1{@fM+3h;E?YLn-&AhKinE0x63mCCiZ|Xi z1bIH;qlQII2JnJfRo3@&H=7kfr|QoKKl`7b9q+K%BzzPRhe8`RqB7Jqpd>s~BoJ%- zU6P=;m)TTx2?(YOCrZaK#B2%7ipb4@WOGWEHmpCOJOJxKWrb3ti2`m6YoLA(HD|Ng z2T<}q0!=iAIt*Hae6gMatXrh-yJjhXccDg3$;tq4*=jk2I+y|axh3Gi+n2+ajx<~R zIes8pur^E^9kNwZwrnW?+yzob%*C1yeI_5(aZU#8{^OO)fW}%1Gy*Z+ooiMs(Bzop zmk9~E#Y79htl)eM`&5xMiAV~~HKlxYRx?mEHv}$S02R6@3eYTtfbdCBx=|hz|kYMJE6pjQdiaUe&-#kx)N^3QI{~kD77J(=N{3EdqW^q<;mv z7u_D^V-E$l3kK8P8*4=WJ7Ziq4P83$;K1SZxbgat*!Y{K?**C_?*S~E1@HSdEHW1R z|7-8dk+RD+V^^XqEy$833{7R>=5O zY+15=?{|I9=Qy3$@9*C~pYvB|USpPLp67n<`?{|Cx~bnb)%_Wup{?{+B^RT~S%}i~ zENRWRGwA`m_I?1VYYt@m?+U6|aunewGx$Q(U*Q**$P!Pv=fr&! zR!;ffwI44||5v5`^O>ri-JatE#}RrD0c`5rJuqIoa1h-nQ@%_7bFINLgG_y%oliAG>>{%NIMi-2zc10WJ9}LeC_3TZchjHFkOx`E7jnZ|B$ouM zwUN-ZfmfGtt+)B*#_S-#8j~zTa`G;v#&Ntk8erbq6e)v$WhV{4atZfy zk3fGHdcp+6hcPk2 zfM|U;EWXytAD<7+opPS5L9kdV5r7MTG&jzEE^&SaE_T`wgfgcW4HKmx zljVoxrtK^MT#t}R&s$qRZ*Fq$MI&B!$l(DbS;2iKuggik7dnd{X&rC)QB=z`7m~I2qPWblty`#+$P`TB^rO!O@ z=o)7nI2>NFvQjfK{V_NA(#(RWEZYXdBdX}%KJ$HK#z@btAd1XQyK)7jZo-&LPzmH4 z5O08;THSrF=^*41=*hQ>MMilnz~G#Ez{td4N=qc9rnYLx96y3tJ_7k5R|Eik7n@IR zd-}MW#(7L-+=j7F)46cDO?tWs^Xc^OKkk6$_L$%kgOF)(U=xTm<0ty1Znq`}D=P9C zsyV!25~34(VRp2XnK5FR7ccMp5E&|$E>iQd=WCFVs%+2ce}*)iAaBG;>h*mqQXF^j zkfvPE3Pg|{fTASmIF3cYcQF7`C%15gFP#qiCalRFuJz^=G`;t|^I$g^BVoi(Mc6(46lQVPL#wKw&(_8f$FcM7BM(m3jxXAX z?-%uqpgiKW?({^)?x~MiIdnpMggx? zF4PY8d=CiZHb^}0Lhf#RPOnlZ_q9fbX#YIRDSMHM0LkUMt|kIRg>M=M#6k$cRUxr! zsMuOQ=;LGVKFW$f)RobKii&0oekeTM{6#~vRM~Q(L1iH8tPpJP(l{W5))9ZZ5m!T_ zGLO968$Eg&(FcTJl;fw-djWJZS>1&Lo{LSl*C*4@LD{;2b4iLT1|ZRygKz*^cyszH zb~KpJ==ouUC)#1=p7{3WoX;p^%O7LdyK`%XNj3p!d7SUtU2ro2D_}2E2Ll?PAf52o zvxmJm+$zNBII4fb=%v$Ia-%F}BBsu~CtPPcX85m3HC{G-WbTpS3EN_Q3x32z$@In; z$t+2Qx_j);+nJZek(lhF)=#wX>vyQ3^T@8Gp(Ke8>v!q1TYz0iHGH-VK5lO+ZRkFN za-k_QG0eluBCLw;8!UL*3zh@=^*&rp&Sn$hENJK~kA@VVR%SZ_j6Tm0dxF|%t&+N{8Y}>mDjVoft@68&$Ur#; zS#?K$;u5}+bP`ssWaN(f%3xh(~RCb29A>}>?wBF# zn{qtg@h4O<2fNP zQz)H473P;jDtuOoyVi%ShMQh?t;qqiHDR&?FFuncNvLfTEG6m5g|rsI>Cr3bT=GSj zcAL>9ZYt5#fb9h5Mf;vyoJmQY_aAA8;4h>EDZy#{9cPDFhdRGQPt}7yVsK^P{&bE2@d+MNuX{tQ_JuD3 z+HV&6E4Px_GKsPfjanMcUQVMg+ML>JSR3a+tm~sDKusu&y*;E@`v|W>L31X{l5yTS z@w~qk$M8>H;phiC^Dc=xriBhk`GH4Y-TA=yEp1OBi}AFw3Gr%;Bl%taEM!Qq{PAOi z>GNL5H=BJl@HX4*@}GD5!+VttR}X-R3&w?whO6)dANH_mI?!ceI#FnbbjnbU+Amds zdkv0)!+c1gd!cL<4aF_bL@H%ZUQtzsdvZ~{_Zck5v3_@%!|qjPQ|x6UzCfQ(1nohr zNsoEb3uT7uQ9-1Xu~q^GT^vjAwdXL7wlGSsVH^FoMmpkHzC$Ne}tV$1-c=gEXNS{$2@FdKr87JgP z{IYu4L7SZ6eS*+~?I5T#{TkwSEcoss!1FW&6jlw}Z|q>qCR6M%t-@?ZT&Zk6eT6SK7D>q1>@0OFyI=Rr@c#N6L z(5z)$V5v)v^cmSroZ36^Ar|{(bSz12uP|}c^5^6Er-m1rqXO=*5mG|;N@o7NN~$1m ziC++I6#Lt1=TWEIDLUCDd>LA(TS$fSQQ$*Vo3GOO2OJgg8nqy57&3D5>v3E=rQriG zuANHEuOiT@I8)D`Mu@J@1gsZx4z_s6gJPPZ@Q(5;%QS{}*Hq_8-}8tlmuN|y5M^#; zrC71x(@)i4{ak+G1a6Y*OxW$?Z3E(Mpd<+Cy7k@MqW0D)txCITn$G*|?E0tFlp-a5 zaes0m4nW?_0O?gB3YA2LrtfxS>W_`_D@))T($Iiq(%qZGAFLb696-NL-Nhb9u{Wfe zax`%SH(blHpJOrtqBc30B!x%5-!rSMQdB*pL~!}md(zx*^X5p4WB|RS$hUF-j6Z4= z_}>9Ubw*!4niheUp#BD+Pz+2dXw)=3&wT*YkBIJcJuw^mb)m@7Q%4Z*C$0IYk`{hs*M zfKX-RU?A@_qJZkiHZgnys6Zeu)fj?<0G`KE^D9mHfLvI}h-jFA{_fH{xM?NX%$y$V zG4KXEAKE&KTO7|Tu=k`ues@n-lklg$@Y8SB-*mFDg<1v&rs^-|LC2L5&eUS_+<^RX?m&a<2VOD6_V8>GBIG9H8Vewa*q#JYKZHUVsziWOia_-m(0J@@&yY|dsT z`8OCv6%zH?!CJ?l9!&x%?h!8@5emf6+*sG?9hd7ht8+j$=IKqqw7e*=sZl4EBNMLy z`Tl5y3=-Mgzck&Yo&J0PmKy`^LA=OFR8hz8G~|)-h}RK}@s)B14Pc7ybM7UV70F{M)CcDmHE-COb|OACjawC~D3&RUy$>%u;N9H9tbPU@k07ukk)=gLFxxOSv5zw7u3 z{!v_S@(&mgCNAt{-CFOUFfK?Uh-}!*7gipxW_8vtnY|DxtXVBN9O5}+&$a*2t=cT} zlI8=`tO@dmo71C0dhEq*IWGZB@1@c6yxnJgQbh4xxZ;n;E%tOV2QD_Qd{m`ho7Ra@ zEeA=-#0p{uJpMjb_T~1o*LCw^Ru8qsu6q_r>7@j}1XbbIPh<+fM$3cOybJMAYAB7W zk5=4lQ~-!jDK(==DEI9DI0dNY41g?h}!X)<8yPct39!4c;%np z>KxBwN}sH;#@y+bV_> z3Y7F;GdcZeX(jgZ0v+5cB?8(xmegGjflmqT9s0|btJPk#o-zwnSW~GvhLk!YBz#;JkA3bL5y)hz)x0GIisZ%q+v;1HzyeT8YGWRT4HXm`S9;`0i-~ZRC%sh zja6mu6S|?XHyUtr*|Lix4bS`hQ|UWpP4kA-uhyDAmn_674`oIJDuUD$6}x9Md@#%O z5;nxweXMYX63k`^5GqyRu#wX4E= z)5FK-i+SKyGF{1G^){_Sck6JTz4iuU|AN^Q5$1!sw{KtnDILQ?U$lMMvH|Y>x%uI@ zd9iFVUct*GT@m1`rlGDL*c?PR2b$A7TB_ktbdn`XgSM7c*Fzz@77bZf_eeDtxzsTo zi7G`3JciF9Px*w-#JzooRS^Bnh3susDKVW1QSsenjB0m4RnsALusce1DETN1C-zc= z(%(yu(bO#Qif$*p{6SMM25YKh3H98cbp3q@pyj}hucn9{MT(0RHS659WeBJ?sSjRH zeT;RfRl&XA6NTyaeg1OaB3w68a4_5E81GWd`0<$rC0^6%WAnt@6Ln=@D9)q_f>j9H1aH_Pc#1@gtGetib(?kCdsUT z*gPa})rj?~*=*b>1vsL2W-7a2piScfp$z6WRPmV9cidc|85Km?Jz4+W3&=5v02NEz z1FE{5 z*oB>tzpbb;mL#d)$SIClG&m89Pn58n;YDZ1_k%b~zK+T=jW>;UK@$c!+#7y(qmnTT zg&!(yENwth={Q9i)Zr%687`%UL%E%Z7?{alUuj^%J$y$+IF9Wh zn`RQ_VGt*86vAjL8=;l7Ml#DHa^WB5EdrwN_1^6#eD zrpwLPv#3#_sL*T7q1>4AcyN%E|3S|Z(=?Gf8f39~dP)q68(=iL}YD3#j} z&tcdmL|7z(X_tVDpGy3gXWO->*N!k*9YAZVCT7XRt|rjQ*^5_UJd96F#IthM`6*G* zNHir1_JSG&0q(c=tB{b73KE7ABm7lZG^D@ha$d%ky>i>WF{VHHXh3N1#aDa&K+afx zjm-Gs*T$?Qq;n5VJS>g3b-W&awnqJk2&pRzl@Lmv1BZ?Y$NjkC4YE3}>>IupDM*(s{lc0QQJijZ z5&<3zPHsu^V$@wacxApTT2XjBCFdQ~>e~kG<8ss@C&(Se+UW|v8pQhF28zW=l9t!mYhqn z7u8F2@V~>V)rL3O8+8ct{;?rJTlBQK+ZS>(E|v`9hzfgY@*rkfN1{5O$(E{-mDTXw zT+X$1TvuheGLDR#vGMX}l{Np!qQp|=!2!3gbasbPqja-hqm(WLMU!>PbywLj?>$Q; zN{3t6dpWR;Wf>=3M+a$AIeX2e#YdZ8Gudmd8?pWq#6#0C1t++xF;yMQIpnbDOG<&a zWsQ@QdVa|MAd&w_I>p;ezIN-v$SV0-s{7qCQu;a{_bGp1Dr~H5+8x8x9n4wvpf~u- ztI+z!O3ZJ zWB8(jMTKR3E?bu2L5vopp=vY|Iz#qUv}^*zt##l`va@d=YSF1iM^JW}7~s@mFJg-> zvx=%?C9g)wICvey7c(YMJELtvR@9U5m)pNoQ@-ad)ZxJK(@6PX?gUe(kP63|;F-&0 zZgeL~-a4PKDXVRY#_bb5@Hp3n$FD65=9(DWTwXwj`0?Zhjen>mJF@>CId>;FO9a;D z8G8rG-J^ul1jCU4X;z6yUaiX=vj4Gx+)+K6{sQf*1da%`b}H$(R30D?rN6;%v59|9 z{1kH5LX$m;U6hiR0)xT6VLu)vW;rsY|gsa!~B?M z?;#hw^W}@Hm_-Bx?<`p7ux%CFKKq1>iMTbSH74jXLq4YV(;y&xS*eb`>kXP(rmnKI zwftsJu5zxL(Z3k;*Nn$!w;xD~xei{*R`e#-R=8u~yof%bqktwMvqF)wWL=KUi>B$n zQq9;w=_&-{K)6t|l4*2{p&rDBTKd|C8MVROjU#K4XV;G$`dnH80+bYBc8tG}3GMCo z?qFQ*9VW{;?C@OK9210IBctUk{9IW^K98-e?qKZ}9#CbZ7$qGp^JQ*S`EXowgDs`% z2$kKilQ5NpIBz{IIkT3o>P9q3hP6$I6R~HP#9JF1+@9l@-hR+6?Q6_lPwIcW@78*p zi4Zr9M#25)KYNgZ58@OWXZT9CPkZ*!8r=b^OVAwWsw#cIvetne$6phNV#&O>tYm7Q z_|aEdz0h*}2a~s^ zq}2}HjnMguz9E3&czcIzmV6~gN5VY;HLSL)(a7p#G?^_n8--oj<=6CSex)%mjqPBY7(&y{j4b zi}8f;4&9Ux?B7!BGq_9J(s}D{vgDlp?ArX%k%4FNarQ^!QOW!t=jPc)dPL?zGH)o* z%m6Ph)uOGi-YEY|q-Tp_pb!6xxcV*dg>qSrUAr+_ZOAI_wc1$)T$oAz`>wmzBIOqO z6E>t6L&ZB%u1)(a!X8IQk3QWZ3LxJn;yQ}q;KRROs1<2_y;uG7#}BveIS}3W zW#YPq1L^#2_Irk9Ri|r8%teOsoz*T_zI=K7{_mdV--i&Sj;3t&MJv9#=3`B-+=J2f z#rz&r0zph@>}utbFH8AO$-?UPk6G!?X0b4`)!VeULi%(Hl9_rx22Y8IDHVF6&!?Wc zqO#AJn&(=oW^BwU9o-p9&Hjhn90h5XEY2bRGJ+Zrx=B)MdZ#|>X_%^1e;^ddS<6Vy z$d7-!taxYJ<#yWmx3V843Cni|&L7z}vb7^cQ7vgF7Jp3lY5y)os(KJBKKwD(wMOJV zciw#8Y_Ubo*csnlB=9T-UbHXz4!OV5%(C6jPYF<*EP=8lf76lQ2VG*IHIg07jiNBY z_RucJjUVlHbX5G$-ynY+XaMhEUDcnVD$cOl4wH4tqUcvjmOD*;D&B=o25CvN-ku=F z0^3pl?BLDvnbLV})YxF&h_?AM(_e3myiC41yv#ekW|P5E0J;?v7wQFUhHJMHNRTmF zsn7y*b2Eryzs=~W$~3Vj|NYR&KPV)0%qHGUv^HB2z-N1N5>PWO*Zy0l<$rWvZU^b_({VN_)5rJar(Wdt*_TMSoCKjp(;{T< zUd50fw!c4E(Z3O2;0^|KVq6ZDBsL@U4=L z^z}_7AK=5sz-?V}%za^G38rVI$~lguKn0i%k4XZgCM9X~S`g6!PXg9qgHHm1k+7NP z{9Da^pzbGhw6{k#%TE)QfLc5DMXP)O80Og6t3cyTPNpZ==M>H4_sNjx>~RBjDavUo zBRy@SAKGW0?STY;tZc2Qv}_t_)-yD{rN*J;xf(Ix*?RJWLG1(=3~_$u9?xFhnUQ_q z@83UO5>~&xr=QbW)@yx9xVFK^3p!{fGt!?;#k%ad3M6f$@V-WEFpXWafx2E3>~FOo z>-TaD)HZL3G@LpgzrMW~4iG`t5-_JQp3uBCk_SpY+kBtV!Nu{Bi;BSe*>Am>dr;sy z%Bsp{?q)IQ82{rOY|HM@ZX4IoHDvStwILGUpfdXgq&=>n`>?q z$9eF`5#+`mUw&FCayA9vpy|aH{7EI>y&D zHpL@z17lp~;XHT_7#&S!hS6~o9`JcKd?P;rd92pSjqj?1El|wI0}q^Vbpon)SJ!yzJVfpna0;xGG~F=M-S(G8wG zrL152(A;Np*{PaZBn3d?qN2JtElROSAIK6gY0`5o;z0|1EdUH%T_5tJ_jYX3TB~Uc z(V9$g-?1JLO+wJlNiDS*j_0Q6>~>7dO0B)(G+MrAj2spstt< z7Px=Lb->-a_)8$?(>Gq;CuJ(~;YUvcG25Fp*`TxTcMX-uM1z#w-|8rp%H0%ukGtSK zBEMjy3>co%Q#f^V2YVQOAi|s~uv7aM9LrZJ*v#pp=X)S}XLv*5ruN)6FYs1H6_9*- zTw&l9Ev6M1Lb z$1a-0R{#B448cM=pEVL9!+AK*5fgh$volvD;_(G`E)(QzrV$I_?_$V%^KK_|=JVSd zby58t6Ck*~xR_WRt&}ye?EE%wKtgx=^=5Xm=~69X}B}+oAbv5w-JzSQkJ7O~P3>dR&D{Vq^jT7V9%5$LGGPai6JoM$;JI zkJdy%vvgzR%Mn>$^~MBA-DrLOUZv}$+m4Sog}k{@v4e}E{DDcT|2$W~K72~}6-44s zpHg^tJlT>)pKZPNioSCbsex8UKUW^(j+o<%Ed$srI4ArqSQ@WAg6#4s<`&O#M?%)aI zJJb#DxjX;G^grJdwzEn?WL;RuP+A?D6ylSGxMgB2uTBO;Cu;p{J?g)Y;|n9?hF++3 zy#7Ov6Q@LC!uV5k<47=RmcdK*+N>g$9jp8qxl7xdnhve}pu)(tavK^7?f6K$aK%XI z+1hF`a=x1(6^G;o-J$zt4XAX#M?X4GrJK&b^KCD|+opRTVP)zT#fm4NNa7+D;W?Sl z^~hOs$I=$-peNb`H0ScgOypYaxWW|&VOw+EAp*^0leOU5(5%(k?S+}ig)a3UUXtS>8F6-dvoT7 zo2+?XV~G8?V!0i^6T~lgjSq5)#VWl1zS+Tiy(~HPskGKXSw>Ym_F9J+tkwmQ$V{pm z2Ozgf6MnYibHMrbK;^$okJ1z`N*%vsvlbfNL^~dKQf%`pAu@K*g#KewmgK_rs`-!V ziuR3?m}4*JN>;cttOs((R-VW%r(DdEwP&9$Q&;+$>ioV1Uv#0JSTXZtuVS%;r1uT? z#qw5x(u;za~e-)rVMPmmM?RNgmFfCRCJasbCgMM zw@Mq2fA$DVdghvCHdpF%v!KX*1?Ysu+3Z&~L%dt3ZMTi*iaOnw1{~Ke2NnBdubAH4 zHnwe+UhXZtc_DMAylFFI^srrT-L_J8D)-LokLXO=w=wP$p3QlE=Vto7QfL;EzLI1o zjrbi4_iJzBNJ)~kNn(=z^|&ahN`h#-p2&`U`Rh4}X!OJdUn|i+ALkAA{V1Z5-f{LH z(FOiQl!0NL1