From 82c9ef1692e7c83708bd071707d201b104744549 Mon Sep 17 00:00:00 2001 From: Enderson Maia Date: Fri, 19 Apr 2024 12:06:21 +0100 Subject: [PATCH] feat(cli): use cruntime to build snapshot --- apps/cli/package.json | 1 + apps/cli/src/commands/build.ts | 217 +++++++++---- apps/cli/src/runc.ts | 159 ++++++++++ apps/cli/tsconfig.json | 3 +- packages/cruntime/check-config.sh | 419 +++++++++++++++++++++++++ packages/cruntime/crun.Dockerfile | 23 ++ packages/cruntime/xgenext2fs_amd64.deb | Bin 0 -> 86316 bytes pnpm-lock.yaml | 9 + 8 files changed, 773 insertions(+), 58 deletions(-) create mode 100644 apps/cli/src/runc.ts create mode 100755 packages/cruntime/check-config.sh create mode 100644 packages/cruntime/crun.Dockerfile create mode 100644 packages/cruntime/xgenext2fs_amd64.deb diff --git a/apps/cli/package.json b/apps/cli/package.json index bde4ed5a..f5a6b304 100644 --- a/apps/cli/package.json +++ b/apps/cli/package.json @@ -32,6 +32,7 @@ "fs-extra": "^11", "giget": "^1.2.3", "lookpath": "^1.2.2", + "nanotar": "^0.1.1", "open": "^10.1.0", "ora": "^8.0.1", "progress-stream": "^2.0", diff --git a/apps/cli/src/commands/build.ts b/apps/cli/src/commands/build.ts index abd2c114..ffbdb82f 100644 --- a/apps/cli/src/commands/build.ts +++ b/apps/cli/src/commands/build.ts @@ -2,17 +2,19 @@ import { Flags } from "@oclif/core"; import bytes from "bytes"; import { execa } from "execa"; import fs from "fs-extra"; +import { createTar } from "nanotar"; import semver from "semver"; import tmp from "tmp"; import { BaseCommand } from "../baseCommand.js"; +import { createConfig } from "../runc.js"; import { DEFAULT_TEMPLATES_BRANCH } from "./create.js"; type ImageBuildOptions = { target?: string; }; -type ImageInfo = { +export type ImageInfo = { cmd: string[]; dataSize: string; entrypoint: string[]; @@ -30,6 +32,9 @@ const CARTESI_DEFAULT_RAM_SIZE = "128Mi"; const CARTESI_LABEL_SDK_VERSION = `${CARTESI_LABEL_PREFIX}.sdk_version`; const CARTESI_DEFAULT_SDK_VERSION = "0.4.0"; +const CARTESI_CRUNTIME_VERSION = "0.4.0"; +const CARTESI_CRUNTIME_IMAGE = `cartesi/cruntime:${CARTESI_CRUNTIME_VERSION}`; + export default class BuildApplication extends BaseCommand< typeof BuildApplication > { @@ -166,17 +171,18 @@ Update your application Dockerfile using one of the templates at https://github. private async sdkRun( sdkImage: string, cmd: string[], - inputPath: string, + inputPath: string[], outputPath: string, ): Promise { - const { stdout: cid } = await execa("docker", [ - "container", - "create", - "--volume", - `./${inputPath}:/tmp/input`, - sdkImage, - ...cmd, - ]); + const volumes = inputPath.map( + (path, i) => `--volume=${path}:/tmp/input${i}`, + ); + + const createCmd = ["container", "create", ...volumes, sdkImage, ...cmd]; + + console.log(createCmd); + + const { stdout: cid } = await execa("docker", createCmd); await execa("docker", ["container", "start", "-a", cid], { stdio: "inherit", @@ -197,7 +203,7 @@ Update your application Dockerfile using one of the templates at https://github. private static createRootfsTarCommand(): string[] { const cmd = [ "cat", - "/tmp/input", + "/tmp/input0", "|", "crane", "export", @@ -222,7 +228,7 @@ Update your application Dockerfile using one of the templates at https://github. return [ "xgenext2fs", "--tarball", - "/tmp/input", + "/tmp/input0", "--block-size", blockSize.toString(), "--faketime", @@ -234,39 +240,143 @@ Update your application Dockerfile using one of the templates at https://github. private static createMachineSnapshotCommand(info: ImageInfo): string[] { const ramSize = info.ramSize; - const driveLabel = "root"; // XXX: does this need to be customizable? - - // list of environment variables of docker image - const envs = info.env.map( - (variable) => `--append-entrypoint=export ${variable}`, - ); - - // ENTRYPOINT and CMD as a space separated string - const entrypoint = [...info.entrypoint, ...info.cmd].join(" "); + const entrypoint = [ + "rollup-init", + "crun", + "run", + "--config", + "/crun/cruntime/config/config.json", + "--bundle", + "/crun/cruntime", + "app", + ].join(" "); + const cwd = "--append-init=WORKDIR=/run/cruntime"; + + const flashDriveArgs: string[] = [ + `--flash-drive=label:root,filename:/tmp/input0`, + `--flash-drive=label:root,filename:/tmp/input1,mount:/run/cruntime/config`, + `--flash-drive=label:dapp,filename:/tmp/input2,mount:/run/cruntime/rootfs`, + ]; - // command to change working directory if WORKDIR is defined - const cwd = info.workdir ? `--append-init=WORKDIR=${info.workdir}` : ""; - return [ + const result = [ "cartesi-machine", "--assert-rolling-template", `--ram-length=${ramSize}`, - `--flash-drive=label:${driveLabel},filename:/tmp/input`, + ...flashDriveArgs, "--final-hash", - `--store=/tmp/output`, + "--store=/tmp/output", "--append-bootargs=no4lvl", cwd, - ...envs, `--append-entrypoint=${entrypoint}`, ]; + + return result; + } + + private async createCruntimeDrive( + image: string, + imageInfo: ImageInfo, + sdkImage: string, + ): Promise { + const cruntimeTarPath = this.getContextPath("cruntime.tar"); + const cruntimeGnutarPath = this.getContextPath("cruntime.gnutar"); + const cruntimeDrivePath = this.getContextPath("cruntime.ext2"); + + try { + await this.createTarball(image, cruntimeTarPath); + + await this.sdkRun( + sdkImage, + BuildApplication.createRootfsTarCommand(), + [cruntimeTarPath], + cruntimeGnutarPath, + ); + + await this.sdkRun( + sdkImage, + BuildApplication.createExt2Command( + bytes.parse(imageInfo.dataSize), + ), + [cruntimeGnutarPath], + cruntimeDrivePath, + ); + } finally { + await fs.remove(cruntimeGnutarPath); + await fs.remove(cruntimeTarPath); + } + } + + private async createOCIConfigeDrive( + imageInfo: ImageInfo, + sdkImage: string, + ): Promise { + const ociConfigTarPath = this.getContextPath("ociconfig.tar"); + const ociConfigDrivePath = this.getContextPath("ociconfig.ext2"); + + try { + const configTar = createTar([ + { + name: "config.json", + data: JSON.stringify(createConfig(imageInfo)), + }, + ]); + fs.writeFileSync(ociConfigTarPath, configTar); + + await this.sdkRun( + sdkImage, + BuildApplication.createExt2Command( + bytes.parse(imageInfo.dataSize), + ), + [ociConfigTarPath], + ociConfigDrivePath, + ); + } finally { + await fs.remove(ociConfigTarPath); + } + } + + private async createAppDrive( + image: string, + imageInfo: ImageInfo, + sdkImage: string, + ): Promise { + const appTarPath = this.getContextPath("app.tar"); + const appGnutarPath = this.getContextPath("app.gnutar"); + const appDrivePath = this.getContextPath("app.ext2"); + try { + // create OCI Image tarball + await this.createTarball(image, appTarPath); + + // create rootfs tar + await this.sdkRun( + sdkImage, + BuildApplication.createRootfsTarCommand(), + [appTarPath], + appGnutarPath, + ); + + // create ext2 + await this.sdkRun( + sdkImage, + BuildApplication.createExt2Command( + bytes.parse(imageInfo.dataSize), + ), + [appGnutarPath], + appDrivePath, + ); + } finally { + await fs.remove(appGnutarPath); + await fs.remove(appTarPath); + } } public async run(): Promise { const { flags } = await this.parse(BuildApplication); const snapshotPath = this.getContextPath("image"); - const tarPath = this.getContextPath("image.tar"); - const gnuTarPath = this.getContextPath("image.gnutar"); - const ext2Path = this.getContextPath("image.ext2"); + const cruntimeDrivePath = this.getContextPath("cruntime.ext2"); + const ociConfigDrivePath = this.getContextPath("ociconfig.ext2"); + const appDrivePath = this.getContextPath("app.ext2"); // clean up temp files we create along the process tmp.setGracefulCleanup(); @@ -284,38 +394,31 @@ Update your application Dockerfile using one of the templates at https://github. const sdkImage = `cartesi/sdk:${imageInfo.sdkVersion}`; try { - // create OCI Image tarball for image specified - await this.createTarball(appImage, tarPath); - - // create rootfs tar - await this.sdkRun( + // create cruntime drive + await this.createCruntimeDrive( + CARTESI_CRUNTIME_IMAGE, + imageInfo, sdkImage, - BuildApplication.createRootfsTarCommand(), - tarPath, - gnuTarPath, ); - // create ext2 - await this.sdkRun( - sdkImage, - BuildApplication.createExt2Command( - bytes.parse(imageInfo.dataSize), - ), - gnuTarPath, - ext2Path, - ); + // create oci config drive + await this.createOCIConfigeDrive(imageInfo, sdkImage); + + // create app drive + await this.createAppDrive(appImage, imageInfo, sdkImage); // create machine snapshot - await this.sdkRun( - sdkImage, - BuildApplication.createMachineSnapshotCommand(imageInfo), - ext2Path, - snapshotPath, - ); - await fs.chmod(snapshotPath, 0o755); - } finally { - await fs.remove(gnuTarPath); - await fs.remove(tarPath); + if (!flags["skip-snapshot"]) { + await this.sdkRun( + sdkImage, + BuildApplication.createMachineSnapshotCommand(imageInfo), + [cruntimeDrivePath, ociConfigDrivePath, appDrivePath], + snapshotPath, + ); + await fs.chmod(snapshotPath, 0o755); + } + } catch (e: unknown) { + this.error(e as Error); } } } diff --git a/apps/cli/src/runc.ts b/apps/cli/src/runc.ts new file mode 100644 index 00000000..c0386364 --- /dev/null +++ b/apps/cli/src/runc.ts @@ -0,0 +1,159 @@ +import { ImageInfo } from "./commands/build.js"; + +export const createConfig = (imageInfo: ImageInfo) => { + return { + ociVersion: "1.0.0", + process: { + terminal: false, + args: [...imageInfo.entrypoint, ...imageInfo.cmd], + env: [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin,/opt/cartesi/sbin:/opt/cartesi/bin", + "TERM=xterm", + "ROLLUP_HTTP_SERVER_URL=http://127.0.0.1:5004", + ...imageInfo.env, + ], + cwd: imageInfo.workdir, + capabilities: { + bounding: [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + ], + effective: [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + ], + inheritable: [], + permitted: [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + ], + ambient: [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + ], + }, + rlimits: [ + { + type: "RLIMIT_NOFILE", + hard: 1024, + soft: 1024, + }, + ], + noNewPrivileges: true, + }, + root: { + path: "rootfs", + readonly: true, + }, + hostname: "dapp", + mounts: [ + { + destination: "/proc", + type: "proc", + source: "proc", + }, + { + destination: "/dev", + type: "tmpfs", + source: "tmpfs", + options: ["nosuid", "strictatime", "mode=755", "size=65536k"], + }, + { + destination: "/dev/pts", + type: "devpts", + source: "devpts", + options: [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5", + ], + }, + { + destination: "/dev/shm", + type: "tmpfs", + source: "shm", + options: [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k", + ], + }, + { + destination: "/dev/mqueue", + type: "mqueue", + source: "mqueue", + options: ["nosuid", "noexec", "nodev"], + }, + { + destination: "/sys", + type: "sysfs", + source: "sysfs", + options: ["nosuid", "noexec", "nodev", "ro"], + }, + { + destination: "/sys/fs/cgroup", + type: "cgroup", + source: "cgroup", + options: ["nosuid", "noexec", "nodev", "relatime", "ro"], + }, + ], + linux: { + resources: { + devices: [ + { + allow: false, + access: "rwm", + }, + ], + }, + namespaces: [ + { + type: "pid", + }, + { + type: "ipc", + }, + { + type: "uts", + }, + { + type: "cgroup", + }, + { + type: "mount", + }, + { + type: "user", + }, + ], + maskedPaths: [ + "/proc/acpi", + "/proc/asound", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/sys/firmware", + "/proc/scsi", + ], + readonlyPaths: [ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger", + ], + }, + }; +}; diff --git a/apps/cli/tsconfig.json b/apps/cli/tsconfig.json index 1dfaaee1..c5e5cc51 100644 --- a/apps/cli/tsconfig.json +++ b/apps/cli/tsconfig.json @@ -7,7 +7,8 @@ "importHelpers": true, "outDir": "dist", "rootDir": "src", - "target": "es2020" + "target": "es2020", + "resolveJsonModule": true }, "ts-node": { "esm": true diff --git a/packages/cruntime/check-config.sh b/packages/cruntime/check-config.sh new file mode 100755 index 00000000..b9cc6bf8 --- /dev/null +++ b/packages/cruntime/check-config.sh @@ -0,0 +1,419 @@ +#!/usr/bin/env sh +set -e + +EXITCODE=0 + +# bits of this were adapted from lxc-checkconfig +# see also https://github.com/lxc/lxc/blob/lxc-1.0.2/src/lxc/lxc-checkconfig.in + +possibleConfigs=" + /proc/config.gz + /boot/config-$(uname -r) + /usr/src/linux-$(uname -r)/.config + /usr/src/linux/.config +" + +if [ $# -gt 0 ]; then + CONFIG="$1" +else + : "${CONFIG:=/proc/config.gz}" +fi + +if ! command -v zgrep > /dev/null 2>&1; then + zgrep() { + zcat "$2" | grep "$1" + } +fi + +useColor=true +if [ "$NO_COLOR" = "1" ] || [ ! -t 1 ]; then + useColor=false +fi +kernelVersion="$(uname -r)" +kernelMajor="${kernelVersion%%.*}" +kernelMinor="${kernelVersion#$kernelMajor.}" +kernelMinor="${kernelMinor%%.*}" + +is_set() { + zgrep "CONFIG_$1=[y|m]" "$CONFIG" > /dev/null +} +is_set_in_kernel() { + zgrep "CONFIG_$1=y" "$CONFIG" > /dev/null +} +is_set_as_module() { + zgrep "CONFIG_$1=m" "$CONFIG" > /dev/null +} + +color() { + # if stdout is not a terminal, then don't do color codes. + if [ "$useColor" = "false" ]; then + return 0 + fi + codes= + if [ "$1" = 'bold' ]; then + codes='1' + shift + fi + if [ "$#" -gt 0 ]; then + code= + case "$1" in + # see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors + black) code=30 ;; + red) code=31 ;; + green) code=32 ;; + yellow) code=33 ;; + blue) code=34 ;; + magenta) code=35 ;; + cyan) code=36 ;; + white) code=37 ;; + esac + if [ "$code" ]; then + codes="${codes:+$codes;}$code" + fi + fi + printf '\033[%sm' "$codes" +} +wrap_color() { + text="$1" + shift + color "$@" + printf '%s' "$text" + color reset + echo +} + +wrap_good() { + echo "$(wrap_color "$1" white): $(wrap_color "$2" green)" +} +wrap_bad() { + echo "$(wrap_color "$1" bold): $(wrap_color "$2" bold red)" +} +wrap_warning() { + wrap_color >&2 "$*" red +} + +check_flag() { + if is_set_in_kernel "$1"; then + wrap_good "CONFIG_$1" 'enabled' + elif is_set_as_module "$1"; then + wrap_good "CONFIG_$1" 'enabled (as module)' + else + wrap_bad "CONFIG_$1" 'missing' + EXITCODE=1 + fi +} + +check_flags() { + for flag in "$@"; do + printf -- '- ' + check_flag "$flag" + done +} + +check_command() { + if command -v "$1" > /dev/null 2>&1; then + wrap_good "$1 command" 'available' + else + wrap_bad "$1 command" 'missing' + EXITCODE=1 + fi +} + +check_device() { + if [ -c "$1" ]; then + wrap_good "$1" 'present' + else + wrap_bad "$1" 'missing' + EXITCODE=1 + fi +} + +check_distro_userns() { + if [ ! -e /etc/os-release ]; then + return + fi + . /etc/os-release 2> /dev/null || /bin/true + case "$ID" in + centos | rhel) + case "$VERSION_ID" in + 7*) + # this is a CentOS7 or RHEL7 system + grep -q 'user_namespace.enable=1' /proc/cmdline || { + # no user namespace support enabled + wrap_bad " (RHEL7/CentOS7" "User namespaces disabled; add 'user_namespace.enable=1' to boot command line)" + EXITCODE=1 + } + ;; + esac + ;; + esac +} + +if [ ! -e "$CONFIG" ]; then + wrap_warning "warning: $CONFIG does not exist, searching other paths for kernel config ..." + for tryConfig in $possibleConfigs; do + if [ -e "$tryConfig" ]; then + CONFIG="$tryConfig" + break + fi + done + if [ ! -e "$CONFIG" ]; then + wrap_warning "error: cannot find kernel config" + wrap_warning " try running this script again, specifying the kernel config:" + wrap_warning " CONFIG=/path/to/kernel/.config $0 or $0 /path/to/kernel/.config" + exit 1 + fi +fi + +wrap_color "info: reading kernel config from $CONFIG ..." white +echo + +echo 'Generally Necessary:' + +printf -- '- ' +if [ "$(stat -f -c %t /sys/fs/cgroup 2> /dev/null)" = '63677270' ]; then + wrap_good 'cgroup hierarchy' 'cgroupv2' + cgroupv2ControllerFile='/sys/fs/cgroup/cgroup.controllers' + if [ -f "$cgroupv2ControllerFile" ]; then + echo ' Controllers:' + for controller in cpu cpuset io memory pids; do + if grep -qE '(^| )'"$controller"'($| )' "$cgroupv2ControllerFile"; then + echo " - $(wrap_good "$controller" 'available')" + else + echo " - $(wrap_bad "$controller" 'missing')" + fi + done + else + wrap_bad "$cgroupv2ControllerFile" 'nonexistent??' + fi + # TODO find an efficient way to check if cgroup.freeze exists in subdir +else + cgroupSubsystemDir="$(sed -rne '/^[^ ]+ ([^ ]+) cgroup ([^ ]*,)?(cpu|cpuacct|cpuset|devices|freezer|memory)[, ].*$/ { s//\1/p; q }' /proc/mounts)" + cgroupDir="$(dirname "$cgroupSubsystemDir")" + if [ -d "$cgroupDir/cpu" ] || [ -d "$cgroupDir/cpuacct" ] || [ -d "$cgroupDir/cpuset" ] || [ -d "$cgroupDir/devices" ] || [ -d "$cgroupDir/freezer" ] || [ -d "$cgroupDir/memory" ]; then + echo "$(wrap_good 'cgroup hierarchy' 'properly mounted') [$cgroupDir]" + else + if [ "$cgroupSubsystemDir" ]; then + echo "$(wrap_bad 'cgroup hierarchy' 'single mountpoint!') [$cgroupSubsystemDir]" + else + wrap_bad 'cgroup hierarchy' 'nonexistent??' + fi + EXITCODE=1 + echo " $(wrap_color '(see https://github.com/tianon/cgroupfs-mount)' yellow)" + fi +fi + +if [ "$(cat /sys/module/apparmor/parameters/enabled 2> /dev/null)" = 'Y' ]; then + printf -- '- ' + if command -v apparmor_parser > /dev/null 2>&1; then + wrap_good 'apparmor' 'enabled and tools installed' + else + wrap_bad 'apparmor' 'enabled, but apparmor_parser missing' + printf ' ' + if command -v apt-get > /dev/null 2>&1; then + wrap_color '(use "apt-get install apparmor" to fix this)' + elif command -v yum > /dev/null 2>&1; then + wrap_color '(your best bet is "yum install apparmor-parser")' + else + wrap_color '(look for an "apparmor" package for your distribution)' + fi + EXITCODE=1 + fi +fi + +check_flags \ + NAMESPACES NET_NS PID_NS IPC_NS UTS_NS \ + CGROUPS CGROUP_CPUACCT CGROUP_DEVICE CGROUP_FREEZER CGROUP_SCHED CPUSETS MEMCG \ + KEYS \ + VETH BRIDGE BRIDGE_NETFILTER \ + IP_NF_FILTER IP_NF_MANGLE IP_NF_TARGET_MASQUERADE \ + NETFILTER_XT_MATCH_ADDRTYPE \ + NETFILTER_XT_MATCH_CONNTRACK \ + NETFILTER_XT_MATCH_IPVS \ + NETFILTER_XT_MARK \ + IP_NF_NAT NF_NAT \ + POSIX_MQUEUE +# (POSIX_MQUEUE is required for bind-mounting /dev/mqueue into containers) + +if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -lt 8 ]); then + check_flags DEVPTS_MULTIPLE_INSTANCES +fi + +if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 1 ]; then + check_flags NF_NAT_IPV4 +fi + +if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 2 ]; then + check_flags NF_NAT_NEEDED +fi +# check availability of BPF_CGROUP_DEVICE support +if [ "$kernelMajor" -ge 5 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -ge 15 ]); then + check_flags CGROUP_BPF +fi + +echo + +echo 'Optional Features:' +{ + check_flags USER_NS + check_distro_userns +} +{ + check_flags SECCOMP + check_flags SECCOMP_FILTER +} +{ + check_flags CGROUP_PIDS +} +{ + check_flags MEMCG_SWAP + # Kernel v5.8+ removes MEMCG_SWAP_ENABLED. + if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 8 ]; then + CODE=${EXITCODE} + check_flags MEMCG_SWAP_ENABLED + # FIXME this check is cgroupv1-specific + if [ -e /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes ]; then + echo " $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)" + EXITCODE=${CODE} + elif is_set MEMCG_SWAP && ! is_set MEMCG_SWAP_ENABLED; then + echo " $(wrap_color '(cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")' bold black)" + fi + else + # Kernel v5.8+ enables swap accounting by default. + echo " $(wrap_color '(cgroup swap accounting is currently enabled)' bold black)" + fi +} +{ + if is_set LEGACY_VSYSCALL_NATIVE; then + printf -- '- ' + wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled' + echo " $(wrap_color '(dangerous, provides an ASLR-bypassing target with usable ROP gadgets.)' bold black)" + elif is_set LEGACY_VSYSCALL_EMULATE; then + printf -- '- ' + wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled' + elif is_set LEGACY_VSYSCALL_NONE; then + printf -- '- ' + wrap_bad "CONFIG_LEGACY_VSYSCALL_NONE" 'enabled' + echo " $(wrap_color '(containers using eglibc <= 2.13 will not work. Switch to' bold black)" + echo " $(wrap_color ' "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"' bold black)" + echo " $(wrap_color ' on kernel command line. Note that this will disable ASLR for the,' bold black)" + echo " $(wrap_color ' VDSO which may assist in exploiting security vulnerabilities.)' bold black)" + # else Older kernels (prior to 3dc33bd30f3e, released in v4.40-rc1) do + # not have these LEGACY_VSYSCALL options and are effectively + # LEGACY_VSYSCALL_EMULATE. Even older kernels are presumably + # effectively LEGACY_VSYSCALL_NATIVE. + fi +} + +if [ "$kernelMajor" -lt 4 ] || ([ "$kernelMajor" -eq 4 ] && [ "$kernelMinor" -le 5 ]); then + check_flags MEMCG_KMEM +fi + +if [ "$kernelMajor" -lt 3 ] || ([ "$kernelMajor" -eq 3 ] && [ "$kernelMinor" -le 18 ]); then + check_flags RESOURCE_COUNTERS +fi + +if [ "$kernelMajor" -lt 3 ] || ([ "$kernelMajor" -eq 3 ] && [ "$kernelMinor" -le 13 ]); then + netprio=NETPRIO_CGROUP +else + netprio=CGROUP_NET_PRIO +fi + +if [ "$kernelMajor" -lt 5 ]; then + check_flags IOSCHED_CFQ CFQ_GROUP_IOSCHED +fi + +check_flags \ + BLK_CGROUP BLK_DEV_THROTTLING \ + CGROUP_PERF \ + CGROUP_HUGETLB \ + NET_CLS_CGROUP $netprio \ + CFS_BANDWIDTH FAIR_GROUP_SCHED \ + IP_NF_TARGET_REDIRECT \ + IP_VS \ + IP_VS_NFCT \ + IP_VS_PROTO_TCP \ + IP_VS_PROTO_UDP \ + IP_VS_RR \ + SECURITY_SELINUX \ + SECURITY_APPARMOR + +if ! is_set EXT4_USE_FOR_EXT2; then + check_flags EXT3_FS EXT3_FS_XATTR EXT3_FS_POSIX_ACL EXT3_FS_SECURITY + if ! is_set EXT3_FS || ! is_set EXT3_FS_XATTR || ! is_set EXT3_FS_POSIX_ACL || ! is_set EXT3_FS_SECURITY; then + echo " $(wrap_color '(enable these ext3 configs if you are using ext3 as backing filesystem)' bold black)" + fi +fi + +check_flags EXT4_FS EXT4_FS_POSIX_ACL EXT4_FS_SECURITY +if ! is_set EXT4_FS || ! is_set EXT4_FS_POSIX_ACL || ! is_set EXT4_FS_SECURITY; then + if is_set EXT4_USE_FOR_EXT2; then + echo " $(wrap_color 'enable these ext4 configs if you are using ext3 or ext4 as backing filesystem' bold black)" + else + echo " $(wrap_color 'enable these ext4 configs if you are using ext4 as backing filesystem' bold black)" + fi +fi + +echo '- Network Drivers:' +echo " - \"$(wrap_color 'overlay' blue)\":" +check_flags VXLAN BRIDGE_VLAN_FILTERING | sed 's/^/ /' +echo ' Optional (for encrypted networks):' +check_flags CRYPTO CRYPTO_AEAD CRYPTO_GCM CRYPTO_SEQIV CRYPTO_GHASH \ + XFRM XFRM_USER XFRM_ALGO INET_ESP NETFILTER_XT_MATCH_BPF | sed 's/^/ /' +if [ "$kernelMajor" -lt 5 ] || [ "$kernelMajor" -eq 5 -a "$kernelMinor" -le 3 ]; then + check_flags INET_XFRM_MODE_TRANSPORT | sed 's/^/ /' +fi +echo " - \"$(wrap_color 'ipvlan' blue)\":" +check_flags IPVLAN | sed 's/^/ /' +echo " - \"$(wrap_color 'macvlan' blue)\":" +check_flags MACVLAN DUMMY | sed 's/^/ /' +echo " - \"$(wrap_color 'ftp,tftp client in container' blue)\":" +check_flags NF_NAT_FTP NF_CONNTRACK_FTP NF_NAT_TFTP NF_CONNTRACK_TFTP | sed 's/^/ /' + +# only fail if no storage drivers available +CODE=${EXITCODE} +EXITCODE=0 +STORAGE=1 + +echo '- Storage Drivers:' +echo " - \"$(wrap_color 'btrfs' blue)\":" +check_flags BTRFS_FS | sed 's/^/ /' +check_flags BTRFS_FS_POSIX_ACL | sed 's/^/ /' +[ "$EXITCODE" = 0 ] && STORAGE=0 +EXITCODE=0 + +echo " - \"$(wrap_color 'overlay' blue)\":" +check_flags OVERLAY_FS | sed 's/^/ /' +[ "$EXITCODE" = 0 ] && STORAGE=0 +EXITCODE=0 + +echo " - \"$(wrap_color 'zfs' blue)\":" +printf ' - ' +check_device /dev/zfs +printf ' - ' +check_command zfs +printf ' - ' +check_command zpool +[ "$EXITCODE" = 0 ] && STORAGE=0 +EXITCODE=0 + +EXITCODE=$CODE +[ "$STORAGE" = 1 ] && EXITCODE=1 + +echo + +check_limit_over() { + if [ "$(cat "$1")" -le "$2" ]; then + wrap_bad "- $1" "$(cat "$1")" + wrap_color " This should be set to at least $2, for example set: sysctl -w kernel/keys/root_maxkeys=1000000" bold black + EXITCODE=1 + else + wrap_good "- $1" "$(cat "$1")" + fi +} + +echo 'Limits:' +check_limit_over /proc/sys/kernel/keys/root_maxkeys 10000 +echo + +exit $EXITCODE diff --git a/packages/cruntime/crun.Dockerfile b/packages/cruntime/crun.Dockerfile new file mode 100644 index 00000000..5762b872 --- /dev/null +++ b/packages/cruntime/crun.Dockerfile @@ -0,0 +1,23 @@ +FROM docker.io/riscv64/ubuntu:22.04 +ARG DEBIAN_FRONTEND=noninteractive +RUN <-vt45qtndw<)uZQHhO+qP}nwr$(C?fDO8l5=$?(=;ntO?uO(NwZd80&W9G zBXeFTV-rIQ16vwH3tIz64}5%l1~vvp4n}qkCT4tm`v30#^JJi>XJ!5`_MiX1rVqtP zOAlpaXY1@}XHDyD;7IH4`M;6R!1}-Pf7m?LH30xXPFI^nLHhTA{N)J%(E$D*L)L@m z+9&%1RMP=KhwjGq0Zi$~k>vG29h@dD(#2ECLH8fjWeMW&XH~KwgxS-1%URGn*hx0T z#UL$x0t|@*yRObbzR_;j@TdgKn)$76jwBQ@b-aw=U77>8BH!UX;>XkKxLOm0lDhjx z!JV?Q9GrwZIB+p_&4ri5$({en^!c$yzEYEc9S#54>g>zTeBnBs{dCe4lx|4@!ToAV zhDz#z5_}N?&tk)&i!>qjvwO+&s)}}10=_%z@H=KqS#;Nt&*8(L2~g*JTEGRrN5QIM zRd2tU?@nB3P;dsJ!7hGDZWp#KX2h=!)IfwRH?0{b7e|G(Z~XJMmf|G(+#L;Zi*M&y9{`@{cF zy7^Axiih6*cfbGVY*DNOCcF-NIMjvLKF!9KEcN%@Up63yB2Mte`HhA6NT715_|eh% zpXhSe&lDYdh6Bw5b-~7#L0roYX}|nPt!N;(LJc38VOJ97GWQL3MX{8tpV^>;lz85t zOC8gHc4d|_^H(A=PFm+3u;;S%YVs}R_oY* z_qsq6X9}O^jZxvJ;>!>2wD)Y#mKfqeh*Mt2^v_CA04~Gh|0Km9aKyKd5#+8f_Y!_K zi6ExxfFgScfZkGIgElofFFED5^J@?ro_8m?`xdmNM=pJ_=Tc`I>ND;Mm2BWZiEbY{5L zptI|Zi?H3qJj1vDe6Ni<5U#4Zk~Y)W6M;PcHf!ZM@+*j|_3KxdZG!+$5RDg*^wwic zcrp92!dciCrRb#E5D19Td>Q0OY(YzTFjmSyX-jDDO)%gHylwYsB-uV|XF=?WjY{%F z3&auQMv(|xtLhb!Dq;zwQS9x2q)=M9bud7S)h1qB7A^xpxRILzz3bOS!3{qHl=2P# z;Hyv=G1y`HzbQ2Dkob;^(i|IHQ3A&VN^>?0aQY}scLO_`6P)dbrRbpMUOThlDXNm` z^x%pKExnuHQIS_3+4ohg$MIPCRbX4;S6(1WQQ3OfZIruQ?wn45YtpJRr9g&j%IaT5 zmtWHnJez!CqN-%u`@;;>3pt zG{v^QdZ*Zn_h(2rGAcoEr1gi;R+GoY!$?(VXX@N@_th(qh8$t%GH!Kn1|1LjmF2X) zNOp72-l%IL4K>widUf6zCEtVhZJ&l!{$SKM1Zc+tb%HXi_*4AAF^?5Z=G3spdK95+ zepiM<#c@lT+c~D&4fX<;>gAX$# za$zmAQn5kvSL`(mA$J&1L}>`7SmUEe8LP?*YwF+t(gj6)R`+P>lhT?l-~-`Zi$It& z5@h1;44Xk=%k~5NbWHCoWracBm$-iI#;~H5l33lp`hb%5bq`+;=%^qH>vSdd{Hv&y zL+ONKsB4n#a}oh8yelZkkrIJ4sdki#3fu~xT8g@FGlJ&Ht&cu?3tfu*OXJ+O{;&3Bb_Bj(`tGwk7Cm9fj+Z5Vu zt^r~C3Nn$p2Gz3twY%u|g&i~LH@X9evlZc-eCNCLSHSTYIxqVgN;)87c`YNE15EHw z0t3+h(avLJI5P@Q9%zw)oFQ`^o7>h$Y@#2HBJNxN4(t&5}I9DuV}1;f0g} zupxup|9amJ_yNEw7U*!d!5O*kxD5kr$dLkP^OwB0Rfko&?0=OvW=m!{y$`Uk9ox1E z@(PW9w*YP(gPnvSK0BhphP+2Gy0mgLTj<9um1===GT z=Qo5LBRd)svWk2WHORv^^_Dp5*?*qq`XooMaPJRk=IrRy*A*0#q+ocdf_Ndt zW1^ojS|EO>!fsY<<}TA6UHpn0j{ z*;?)2LbtdWvcS2!d~(NpdO6bM5~Omgcl0W$QvCFh3zSgxy;HKVprEvZf4ty1 zgSsfk9STZwVC(gGW;qS&cUl}|6#G#eAn9bDk2H;(KnZD_&jp-5AW)78%cG2tgk%mO zk^8k=ueZS`Ry2+r&2K7jq8PN5e>}hPpGvWj$7z=wePOz<-m)5dO*Aq+@f)2ivV`(NA^F1wg>WLiUhWrFxl)CPLk1Ro zxx_l@npv9hlhrGUTDWDf%f1kuQ)LZAe%vL)evwZMlxg6=CmO)S@`J~SjF-Lq2C=|I z6D}XFH>cCM$e7t`%Kqwu#RpuB(o4pFK&=sD!$#h`f(06%5+bKKFqw{@U%M^6Op zA}DZUs+$cycn8;~^}>Cs6C!^t+u!Od!35o;z}{*X@*Rw6o0lmyu>P&mR^X<6M;4A04b)Ah7ODby$uQyg;Z z%1v|)i~ds|jRlxZ-15nsz{!knkdZBN1|YO!-*e$0O{V^_!`vH#3jR9Au!Hy`EbFKQ zcQ}tZk5FAs^&`P-!}fP2<+;9;!31lTGo6T^;%8XP=*~ktLmc$4Q;n0J6vAqdnb}y( zZA)(juNpLOi)z}4o)OYTVjd!Mag`|#u8e~$lRX4S;WUJGTKm*mQ0mVD<_vUhRvPx# zKgYWIs5Ta=SCbl2o2aj;tlxCmAzK>368eVluyY&oC|T3Q9jAdAo!4QWPI)qmbJ=9> zaRSLC^zSc51X;?(FRF*u!AiA?31F(|QveYs!#aWuy>)@I)5)#jtS`%oR?Bm>5 zZ|q1O{ZMYl(h@ql`35jn*CL$Q)`1@s=XdsqTt<3?RmJf<84ev?pdz_GnIoIu#~2Pk zFz1Jz2PMs6AnF5*Hlrgh9z-ubIM*$u7pF)!oc&CdMYDuuU85+}`x-|}^@n)}!QoP2H|e5v5!DM7FeQ=R)e?XG9m=kIL$oWl zzETtceNV#_0V}A1M!yNZv@~b+Q^u3t#08ndV_q9gE9@5UAjcB?`w|$eCou9+iAolJ zgWl=k45{f{F>)gU2Dq2nKUzLr0}+1K(;ofYR08xGaDb`PZNt7L4TCS#)w=XH!83-Nr`eR$rWWMfe`13e zbxqpjJsz?>UZrBc30!ulTe~P!vNq~&B(6&!$;ugw-P_fFNOopRb5H0E9X$P1uRCUg zdv;Z#73*A*Jg?X|w1{~k(yhG9_e~4MY|pFo*Z2C&ziZT8A}Y?&YW1mJnIq+Mh;8`! zV6qfP<#Ko7vZO09=tJ6a=2diFo)kw2gPbj%+$W{ka7GvD;VWdsH2b5A=T7%Z3(JYV zHdoz4vI2%m8Nz>2+__`EIJ+3Y`-UGfTOIX#xSvId?`e9Fp08T_K20~aOvaT`RT(H% zTWZLUZ5LV&aV?Tvah8M;_T$iNHo4ei9TS#R=tom@<8WL90;(xTD06 z0V3H#M*0Nw7{DI92~*BFr6f|;p+X7BSs%;47xI|`Gb;Egq(PRZ74TVNYn{(R^uNBq zT0y5c2S&$1PZ&BHE=YIsD?QhWo9|jI2Is^O(Z|HM#<08hYn$+r4&?82lwzN*kBytR z;V!AP0U#h{7XCU?ie&Nzey%a2-#A0-RPA6zhmU2}{f?THaw)U2GONK0ZXTh?qZP5% z?jidbe{OBvE#%p!KRNGA8v!t1XHMgkR3Fe1Ty`{uZ>Apc5dfF>~0@KFEA3eHea>icruc$!+#!q#itj0QV`n z%0W&M0d5`Uc|G4L^C_Rq!f@3e-O0-c>`c1M+{j5X3*z|lsctz}IKW0^*G^>*uUro; zoxN0{i%l)~5+n4GDcxwQTdE`{aJ}8=sF!hFBYg|WT5O>w z68nS~Pcsc!X1k~S{7z(5^rJ6hNQb(ep4>-!!s1X-tZ8P0rSE&~Qwksi5Z26WX1DP| z61ej=7 zdwsIoCBEjH1?$PvTxU*CMWCf@^J*>Z*9=OfQk+LMx)$Sd_wFaF#HJ^Z z^ER}-tkSy~m;tnsdJm}*p(GAc1*p|Zr>?*KOF+4+79{Z)C~%*BvN z`SpuHirbr3zZZ2U%dn17G@r!g$nz>C(+JJ^AOk{L@t4@-5=y|5=ZpXskh;S?dhq!Z zdCZ~GYQ3f{WQs4rUuwM>63A>wWSeG1yJ*OyABN!pfs?6-1g8`=bt$WmaUZuvCrkK< zD$p4^qLh$u^#SwQGuklh$THnBk*@Ql$+-UgzUK73Oz3F%tb9F;^|Sg<>1CaLtKIpf zJhW1MHzziZErb zr}rG&6Ue?BKdnR)LCV_@yW*SfcH*5wWT>dnE8S0yBY_t&m^twat_d$gy%&6Ha6fOLq2@N| zC#-(&I-eG$p|(n2SzSlSng>^0r9NMC{025x60pSxI9mPN$~5I81QRdAv7`R<;0R#U zyUpx4@TNgL^+gGn7OL^ZS2Y;+6|`fM@Nw82>6#Py7rS@!&AkA#AnQl(-x^3epbHr$ zLxpEuo(G}wJ@ACU63__oR>yNNJ#u{Z7VN#;@5sYAYlM@j4#f(TM%rt0KR#&YN-CY$ ze!o_x4ng_GQzDP}eSfOI;pr**yN4IvTd;myHh-7(?@)GXfDS9a9B^dy1Lx>y5*Ei= zD#8;SvJ^Rt?eugEZhawbdjo~$VJEKEZ#WG-A%C;w!P0GswSZ(0uu6cgYG{a4=FpTR zg(#B`X~o*|JTmA|nkG{)UGZpSvlVHS(6GNBHX3zOQ=;qd!Y{=}X{knc+aQ*De2L~? z?$il_*($T|_r%C|j3_vfk|_Cr;PpKmP#FsvH002rkju(4X9*v2fpzsp3uC7&su4y; znqLKjcS{k^r@ybVfxS~!7AELrUOgkz5Hxi?kO-@fgBa8M@?eJt_9uqU%Fj5ZLh?~h zswu)Am#)lG0RGRURyEl%x#9xoB!HyIG#VdkT_%wzz87G4^}=9Om_-5_&G1dKiiYa< z@kBP7ErruZQ)v0bUT#{aFI54Y`{o-OPj)(?XvQbj2)Fe6(F^?887J!v)Aw*09Aab& z!&oX{h^a;10S%DcY~$_Yh|HsR;<5AksSX3P4N%`|D27 z@XyGu4_Tt(Na0BaR74^XnZOG})z7NNbRwoP0v_#ivm&dK_7SMTd0pv5Zed=}z%LFk zC~kn=+_#zBG)r|7k9(du_`Of%6kEO&OybSevlCB^S7)QIyLGlUuS(8psW*sv8Yf8x zMMHaj4)3(hoVMq=sF?r$y%8sihQjU^W*y*UPbEWe-^j+^yb7$&6 zTRGyUSpx&0>;p3fcIszkOqES^K)~S2>E`qjK4-H)j_DZ5zXG=F|bo?I&EHYQrOY-0VW2Mw>Q9TEN^zz$wzkp&AOTO z9SQ>G)fP^hjk}RkCNE19$R&%es_k4MuV%zHZ|pYIxDUR}Rt;z?*HL=OGP0IhP5sk0 z3(W^luSqdb3b!=rtZq8FiN?UDTEI70ZalphvvKat(-W{HxSKnf#PYxK+Fz4;&A6;G zztI@et##xclMV_T13#GA&w36z1C=Y{ihALH6Jc5*hWQ1FdDYshpyK4=dj^wEG+?Hi z0p5?DLX}yHUs4s)=G_kzRX)_ua7~7je53>$)%Tr>$J6$@iW$JTe6AjCvHf5y=tFSB z7P|Xapnn}4C?^PYTI+tZ((&}xwSGdhT>@K-?g2h+mr(IgJR#&8B|nG(E4Y~ z)<>Tz8O@9ggc+--r9=p2IF7vu(D(?7&847Wi8U5iEOiFK@3+>; z>{6U-iE;xH4}=e(sA1R6%`qkg==7q^l9jzEh!dbY+)+QqPPd+?*o2uNxmxK&ij zFX0Lc`#0WI75@U6;&m}sl+LOoXi1>bYBFX*rW!vZ=44gAY_(9i?IRl*Hqxo5+i-Ny zgX!J>VkFkyIqY2>Y6EsHf(ZWksHLdl<6>R*$6-j1_3D6f-e4Nw+*^C7gp^w~v(9=*H;W;}K$mPgJFna0{ zr=$a%C-7?H+-T)6Pmjl)HjmuEJUW=EH>1e~SZf9*#^nmC>Ymn9C%6(hN5%ENhs*R3 z&`eD5nO7$s=+PYQ$=B&7A06Wje3Fr{pPm(MQU(-llDayUQgl@sp*kP$Uq8mIe z#IihF`UWE0&3tL|_11*1S}fKc1XZ{gIL$=C1zYub%B10B8|6E}qmA|>od~xM(E?qu zh)4$#xIN`v{l0=;!nY$c+d*HO1E-#g4N2B7u7W6y7ZaF18V99CzXZK4Sc@BQHrP6q z9iGpcj*RO8Ld_c@v2GaZ-c0}ZIX^FX#ueF?rD{pqK})o-T`L)grG=TAk)wnG%t02U z_F>m~_>aK5L4^Y`DmLxLs{81|ot6FPyvHgJzee()7O9`y6%AAc!1i~0s!jD1$PN$+ zI_4d$VfFxSCV)u4>pL@2N$SL&twOsCGrl8-Kw)FLISOuQ!@FAoubSx`4$oi+ch$vG zH9|gviMHRA14B*y!_moQT{!x7uXoN%&LrA_J0iIUdtY1#;>u3=V~yqxbIR0s+1Axs9F{ zFlKt_U1pPo;XJ{LyIVy2Og!6}n0uN9Vt-n#7scl2s95 zL7n~WZM{7?(U6E@s1MdKAw%h%W+{4D0UH31tCgZo98A-Poqd_?OsxA8?EBkxh%3^; z*NYA+g9aX1*1wsn8VKA%!oC*YD%`EzMFo|(>okoqKcA3mC?v~G30>0TwN6B}4hHmr z!#^$$2&RGjfaS#{>1%Lq@XOU>@PB~%+jIvTp_r??_P`czoP) zL!90lovQav+jhP#lgKF7RB?G=O&`vIM}!M8Y=ee?kaEFNl`xO~5NvK76?O3|$iavt zoJFE}HfMTU>$Sej6Ppl2XuJvpu-GnQ6pdmRNOh0bL$OY_UCL_B+?9>+AGjBUYEN&= za%yKUYi~oEd&7-*A#%@f4((>XD^j0r%|^A3^WrsVlHGtfYi{Hcan)kU$(3_cDJnWT zjt{?`ml{fDbS$6gt?*YmM=pTTCjWR0m};;Ydauxt3F>2FL(Uy6v4=gDeKe79?-v6Z^- z&2MaeFtO&PmKIduKZ=A= zg4yz-*}#c>YNte`ah+g-c2cIqgPt4PLCy6>A&0?kCd>OuZ&xmHCj$F#D9Zm!qZdd- zxN=fFM^KTj+#_t@=iUtnmP;by?tK$v)>5k-k(r{X75Rhf5!c9R4}N2)@}V=4!6GMAHzBl zVtc0bb)Ql-dIw~6_|3q{7=-$j|8O-nTUcr0(S^=07AVj#InQpj8x!4-H20$9jUovm zblEk`{{X=(l&K#IaUDA6dilN=nBpZ{IugP4V1*=S#FTPCl*&H{<(xiK+=&+efde36 z3eFhfR;X>{3(nj=3%0omVxh5Db0|98k8U-*%Elf(4ybAqbU~8*=5Pl_YAM(~Jc3{( z_@=%v`YWqDp8a96B(r%XZb|_Trnpb^i}(KaO~kk4@=j%?GE1U7(;{bf>5`n|D}d4@ zrl;Zx@(aIOuED&pFwMbUipU;m)&@cN=K{9mb+X}D z;a=nLM&!4SMXw*4nMicZOpdk146Tao6>D4c{T&3|nb5sOUinb&6}v(W8NdR<4m~8f zgd{WL4o}@PWGhToX_VpWuMEcB?T8VSHSAu9Gba`APSxADF0yB81mYlXegl0X6Dc+HK#GDXo!#E8A2LCt`;VUZp|u zdd{pS+l1hyNwE<UKn{lBxQRL`-4>0Dpnz5n%^9;2crj$Pr(|F( z_lxi-d>x^3uxtcApRGnh5m?IMa}B+iRlrNM)(ZC>ZPbq zAEADy?%j8sWTK^yOZH(9F)ZaSH&obNRFsEoO7hycQwb zKYlyCH_t0g_gB9qaLjD@gYLjplIJqN`7#}v*?|PBS{UVvBE3XSuOJcz;1$W>T#OQz zzje6x++)6^B&VryG+0*4iXh8gcDw%dlFWclQZ`;+kwXpH-D*W5Ox?1i5jZ>0F4ZrI z1`+4v3ESg^Yyi802+5@L+4cY!nRJi^Mz*AH@&QYC<_8(JZUk@OqWwg7;Q~~6ln6a9 z*PsZ#%Bqp=xKb ztyF@J`1Pa$+UaBHvL9n@&Eb#!Qgej3dgb%$x|3B&Hd=?0tqnw$ODY_5s~xQw~UrLphE#8l_JQjnrHnv}HRK8X^tL2`KXg6HnVk`aY zZJ&ewEvWv196dLA>r%>YGAqENyg9pMa~3;^ujY$@HBBc)@8SZsUL*yk`M1355A`Lg!5eIVw82NC8hW-h)WMFKmT zWN1|9qP=3HZk7r!eeIbnW|JyRE4vkSa5!IQ8xE)XMjkFp`KscKMEuJZfBb8yu1pJ8 z4}{(iFJvToqnEF6$g9~R* zJr?OoM0b9g>`srFDkdu~n$SSk#(S@u6|4)PhT$;zNFOgk3X=C=4tODsx7jE7G63zI zuMz*z751FaFQ~>;04JJG=` z1K@Rr8;qW`BqOZb)no>o42gI?>JekkOQi_DsyrFFPSj7yZE_|v2_C4cEi}=MOqb3ct-n$ zp)PpR>GtUM^i(1dGd?(h*(!IE0s~B_@!}|WS_k=y`3*?AVv6tqSNwL5Mq+_mGy-j5(uxig+a zDwArkEXOa<(HYbz=a!(+8h9GQQgkKzeeGTB0ymeDLV9=#y-tQ?WCzu2IG>f@Tuc6J z<++I5Y`)v)Qd{9jmoc}~z|O&zDjw0SuGj<4eib5{L}=6=IJIRa0a`y`tEbvntd^-? z{M8OoQA0-I{cSX6OSZ&UROJ$GdDa7IuX$}yzqZBDm!5vceCJOCMy;$0yhy(Avj$*e z)-c9?J9ecm{is@3;P;K>H@#xc?u8!bysa4YL3u-a5u7wW6ZainY^9SP_czr?;{);L zuRbAHIOa5m%r`t!+W=VXMQ{84o25Vg_Msfezl1NKc&7tTsPgu`0INx9ww|f_>;KJJ zWnNRd!_HBX+>* zKx%6J_4)V-@M4&}I=j+p>39l-Cp}^++u?2=xg}hJQZmsWu%K5y+1~h-rXNSm7YC<} zPjzz#Fy?B_P+Yd}#ZO^9AWX%koqzyjVA7f2HmBm?B-d5uP@;rzynunL>{il+m;J`D znVK4#QWG)g5^!6bqv3(*G0}gNt(kWXGQavzoU$rxVYF^&EL2$zaZ!1QGQ|bf9%YC; zXRA;NNQ+>SIweYXIsLugu=Fu7Q}k&xBxzr?90xpeyHjSTY5Un)|4<>uRUEVug2c7x z7HSgBSc77+P+HhwRj0V|F*8#d9ww@)xs7=vDHbCVR?~fOv$JvT)62qAX8C~eQSgR8 zbc>-pkL~xN)5E~DSr{^AkCWeOHe0jh7UbY+ydoGQa;nHCya4DkX**tFl=7a@!+jpO zZ+!{vLN8n#pTAaiVJ6r|;ah8W<%gio-RJ+b41zh(S4|(Cxm!P(Y80chs9LM~T@oe{ zV4n3Np&Y%D%TkBgjZwaRace+((Kt9Oa1)QGAS!J`KhLB3rWwqE4DC%(Vs((#d#V2A`P9chc>06i8#y_ z<^_1SRB8#(eIu#BHtAus*U23~y(Cb87FB(ik`|3hL-|N@Rakq<0>9CFE3<0tEr`{- z&rbGz-xZ^n>NX#+w7lu8mMksUNiqMn%YT9?dZJbJ>YUq@DJs13ow7O3*NHXlUYIf3 z5L}o1Gt2qT{~5P{Mu+AUIG$6E)x$FtUGF5@1;faa(+nR{kXTc0q z2FnBIfqfcImIv>=%y+Yr&puRgNY!+T6#rg|5PS6R^VwsHh95C67Xy$>GV31j*kORs zG!jq*L^c&AUTnJa7Z)mQ%7s(6TZyaqq=H7h+Ldm=NG(@|iJ!4qt}i)Cp+!!+ zUT8rtztb!c32Q0^gaYqul*eoUT3kHX=co2cld<2|s3ivO&>SCUV)d|FNPYBpe>!XQ zBDf&Og`c!92yH$8-^(-tdOX~w6JciUEsv9!CQ?#V&1NIMsq&uyC}7^^<5jr!AQOsp z<&-1Bi8cexK@64h2Kk5%{pCZ&38M8mMDSnlofV*uTVgOwIc6@H`bW!XGfF- zN4y7g#vZ|kOzrR!YwQwOCQHd+?@X{ol()ep-OK=-x-MTqDoqAxUSWly+6;r`^!l~n zp=PAW%6-V8My^+EuP3FWvXUVB@p(36FIn)s&4HoNH^2ad5md3PW0ER{?!%0X2q_Cu zL*SYAPngH`2gKkCgiFI{BnzO^ZMObZ@BDeh#9s8$!R>B@a7~EQspPn$jrChDAT~MH zIk^f@PaOZS$je*G;4-MrAWHHZw;1db#6;WRiO@{>UZ|i(?q-6f$kd?{CNi^a%Tr81 zL}=U%qn0i%q#SvKMd=45Y^JrpEQ6Z_%YFP{If3GzpLBv{97vVwYCPH1jv0EMb*TXD zOy?)&5A>Nkt`5+evDaShl58VZn2;2cnf$>{MSI0AF=QuOOr{U=0bG02Bjm+5Gi96H z%py~-2$CR~{mQtBZOvW?w55VuD<_ubb zrk?!^a1o{YD>cxgR`L-01a7?IMRLmO_5i=O-C7@!J>9Y*w8yHdv5=S=gb0F1PQew8 z9QjcOj}%}i0gpv?IICJwnyV4x-XzC)>JT#lphyJ(q4>*cm5v95N+>gYs1KT?r;Y9i`LHzYOfPLego35?t3pN!T=`%!OzYgvOXTc46G zG!J&f=MJNU2hst$!$C0TMw*cM%6KaES^mJE(zRk6*7dc#=n`>y@c4xZz1)Gynjt8v zzLS35Cm@Ot&ns@M&iUm1;rfG^rxSI^4UdQAgba8fQMX&uT6ZM9sye|@B$tqE3S4Bd6Q z#l0R4m*rBsOqoQ5j)*N%ISFyteR44bohp0!P|nVi=#aK7U=mB*j@>RVTWJJ4@db=Z(qUnX7vIJT|R3^LIdw*wY7j4+T zUV>C^TrQLchE*xxV9AGW*0UN#)75{gAy_joA`_!5BYEC?mRn!6yzj9W)mTOYNT?l; zDot2%ahQTJkC;py5@~fPKf`RHq@aWW_&8r=S@+3c)$aPw@j{(qR*_lS@vv*M|KuOy zj46%%%}LREx)VI~ADmA_2j*@-S+i(aDI)bUC7(m*NaB$vFabzBui*PKpsFO4px)y7DzBfOKmD{DTe05Wc?@nGd5y^`%k}8a9k^uYkz394nPfoR3=EKQk zVQ#*`8)i7bUGr&ljgX@vm7i-)-rs8q>#?iDqMk}}s1@M-8Q9r=YSq@!ZL46+!R7qTpf{3_`tR{p zr!saTli@bxe2}(vgRQc}{sq9F6hmqx{!`a=!a*3pP%K>`^q6wFX0P^SX{HZ1@1b*2 z-~}L%uG=(SPrAKiAWSB3Degx!_X3JQll7~n!PjdhEK>M-#rI`ZiqcyoGV#7^wVp%yF;l}F^p%3L&>z9Wg^eD7SWQtl_bf3CzKOb=0213 zUaI&G0-E*7*pb(};etT;%Q{l>h7hE;b2O+9kb1^w~HXG6a zBHlZVGZ7M|?~7xJx%tXiCnW7f?lA8d;DvV)n;9rw;Cw#P_iy{n!_NgVCunlJl<}68 z4S0BoKTI!#XC?Nymon=KLg!YJfO$&2%ca6?1~xU|&IVMoRHK9|+VQNJ;2u<_XIGLV2ZWsQc~B#u93-GfN}f?eoR>E z?|vx?@lR=S4C1hms*l46I^nift)0tGVdKOi;sX<@f2`Hp^}}M$ST?-OdjJI=Ua>&; zw|7NoO>0>Qt(T?~2Mt>KpMW^8W_bwP{#=OH3U4R5%LT|H!j~h$!n=G}9^x2{-(>#% z4(W}ZYD(%5TL7OGiQ}h5(Hy$6c$C{VDK-d_SjNGBiX(gnR_aaRV8cl%%_hHYye7oK z?=#N!txWR$I4^3HMyZ^aK#M=z>G1zRMc&Z`-uL(iXY@J6IA^j!w^3B^WtZ&cx zscvHR=Ty+?kNg0-(Bbm`xm8nCC(l)EDNUdUaj70j94%df3#sPyS(u4<#UCVtiQ{pU z5Cg888S4#<6n2|i0zFut}?$p1Q`zFDN6|TfNr_;WDYiKO(s|v@qSKt z#20^B!DBatC!sblcL8u9<8HvD%;WLEMB>ry_@{oCPloY4{>&49v$h=J)e70fa`;Yu zBLjW^Adf!uL);!G(jCgvyX3vU2LjRSHt(CM{By|Is;NKc+4WH5wtfsb z*XGLR6imh%04zto$y+3SqMmmCymDnU(Y43`meg4}a{oO7)_7m@qle*$@QI9CkzgU0 zFN-oH=EZr4tk<*avq=!Jl$&^WL6nQ|H*PuUb-|@_cEk!vL^i^YW^?WFu3?vxt;*k#|!Y^+$d;;sN%FRe)|0bil~1({vL27r}Tt zIbPPG$ZsWYN0^k59d%7<(0Y(h_V#Uk@mU%^fLC@J&u{GE6STO;$4zy8u$l`*RCz#j zy_{G5UidxbaH%-TF=c2&zH3^|aveKjiyub?&DEkMNX(x45Kl6$9cbXRzRD}BFE+T*GBwJCmOht)*2g!$GFXaa&<&On58pHwjD zImB2MY<4ew;Ft1MJ?B~QbUj`lJ%9av-)N_FVmPe754G{$f2F<6+pbQZT4^X33Q@~> zxq}==9+rrN`EX`Ehd?Ln@U26GPd{mf_PGx6qR19o!XAyW?mZ+xnp2H+qL?hj=7Nf>StBmHKPlZ()@JW2h7K5Gcd>x~HXVwNaNQit z%%2o8Dy>aMirTXuOn`>yt~TJSrIOE7I?RSjXWO|9O;qBq?B~FFZ04ALs6A6As+m+XqiMZdk|8yClR?A%? z1+L|@Flmps+NFZrK_QMlY@5HDYH1yAV~=sG@bgou*`FqCYK4&x&SRK^tTLjlh3vvsi(&mNXgUD5Ql@|UciX~B zAS)sj^62@R8jg6?@a4^t(-h(E_n4c5?0!xz_dZwaOV}E#MgCxJT}2Y=+n%Z)6Y7}(b>)3k{V%CS34 zQ{fzfi`2u_**pFw9f4XG$7Qd-d>fr`2P~5^_Zg$sS2cylOmKc&9X=(fH3E zSmS`D8Bc+HuN7P_9a-IDfcr=>^sm?n6#|PG(W!4{lG!+drswaT+%stj_EA*R+l8%c;bvg_ z(zG=hmT_|B=P8Vi6?BJf(|~G3LNuqa@nFCq(1jyyV@N+1zdE+UZtcJO02Q9b1#caqS6>EQGw<1pg%Kg*`O%e8K-9ALh znTT-h%r6CtyeaP$We>b7DLI{1k4Ra~I^kpE&&aB>h*p~#yx7z-x082=A1sfbEU(SFHBi;mKP}9Sp zW+nT{j?GGplCU6eze>yl^ZwKwo9)-3y^ye#7vh zAowo6YWJ4p+9}SKxm*FR*-8F?I1Vm5Sbj{1HqM!SRr){5Z0Kz2*#iD8sNz_Z%gR)Q z>shxq0^G?T@>A3zkJXl2fUC(cdB||LYe3ZtSoB3qz0ne6L$gfmtWHtg5XHP$7eXab zy~dx}_Z@p!t}^VZ6y`+j;Hk-KeZKX&TLgGoPuY1cpK3ek6bmYetON%@>C|@SAPIVE zaSY6%_^_++QuQ%?r~n|XgR*>@md&#ncD+611@^A#wNoyF2IHP^1~pn}3AZqmcwR+V zbelp7S3v;DkHi*<%a+6A=tHvRO_=HS?-ZlaL&!Y%Cvpb{3`HJ(uyXZJYaCSbSQTRX zjUHNWB~#{SMRasvm5Q(Xg7g4GsfXlz4sz8l5N{+MeN z{S&lOx{cWR4kkvIX({_kjGE~~*Ami_AkeS1V>j}O6O@8Q`INc84fh|&VZ8ofAcpnb zd@6JmCd6oJ%o;^R#S?~}(}f?EhDg*)i?rK!objW>6=aVbDTj}lRN=GY*sGr^f> zkIFBR^IFPJlxcnpdLE8y)mIWqJ)6a~0Fu`!Zhd4Pt-(<+E7v7E?*rp{*(?yOk@(o; z_F{c(x?(H=hnLy7Sa#m5k$Enr^yh6bMxRM;d%tfTnP)HG^0V5e?$(AoA!n7IvbA(J!LOFzkcfvk7|3p3seaIjBB&wW!v|r!LL5*_8$TPJ0KII z^e|*Mlwe%17a@JEz{4+r$q~JqSX-1HwvCoU7da zZ{wgC;zH)Zws3L@_drOqQR(#VMTH2tNrQL4=u2GDooR5GT(a#g2J+Doy3?`+=>aw4 zKSPfFwl6^izcxdW&~>9xW@kfAwrt;X?n!z~%w&fz&Q29rZFZ3_N1^Bmrg= z_}Cd}^2r)af$wh1kPcj}a6xPgEUG_z9PFe^CZA$fKH~14D)tpP|76(5Ne4<&O7 zZl=p54ClTANMVHJD<1&u)4(;xYAx#TVjOt-hG1{HG>R@${J+BVo_XPuI}{n6{Gvf| zG!ZlW3AYTh&y>wBbXx{U#c8zfx7(m~NgaazDAMJom2T+o%S%bV2m~Q_Ht6`euZ~+{ zlu^2x#E3w5ht$%m#ndl4!nxo9igfWY!F9L$ak~@{7IGh`>&$kQsmkWQ|+s-0HWIw6Ypp;TrC+#69fZ0O^zSAUoQ^hbbw*usBUp{Lmy zp7}gtbyVD7TDDkgtV6F6Zz$GOl)0VF6GG|rftnFZ?U&B@^k%-ED_U)#IXtRgb*g4R ziBBe^0CMBwLcOCUt=hJzD|YGVJK|l*^S!M!RwV z&mxduXAMn@1T{sHS_(mX43FKY2O-y8k<2bt;{YlKEOE%)I>)#Ucu=6)*l~TC-G#S- zNjz*T(yYWWyXO?n-%0&YawQGY;D+SWxFZD1NB9V|2(t+J5=xBSsRiF6xkhm*o`$k+ zQstI+8iS8)b;MOr-=BGKLehJfX>LSzXzk}LCS1`qNJF=Ct+@a6>%}ZY zv>)wSj+nQfmi#x%#QN+y2jc=k)B1DS@|0U z!;Y~5<=RnnKhDFEwLogSOxfua8Vd+t;?S-PYcFs&k$Z8m7->N>YP#a@lg(2zr@WS{ zTbz~{&0;Gek(GAQtri~ZBLq~RmymaHVt&f#M>yvZlUvV;#|8r&3}!)O{kPtF+R%<* z;w5?ag?;=Etgqau)4s0WLtQQE8_F)2Fb}u)C$d^*23QP3|F)Lgao=;vjV{nE^W4@j zTapmkSd3Jpn7zCEitfoAk@W4@=I8HJ#Xuq>@J=xL>+S0}5sx zTrGHSL9_1pehQs+nH~yi`7PZ=0Mv=>X$o@7W-RS`fgLp6{6cNV*6cTwPm*O%Fe2ql zrcjPpJSJ>iHqBEes_{VGV)N5OOnkvtZUtR6=_ivSYykmAMZ-op#U>+){I^AT4?2{n zh&Z@88eJTg<3`&0nNhU3;5B5xfFmuHt|Ni*t(-!Cp7HU=FEjMpoZ z14mWmd-@DoV*Ryf!M;VYKD}~EdlHwhTb99UN#5D1dKLYEf6_1E`Vm^D1&?#`y!k}K zoIN}wUhkdnjH7rMXdG7F?uu{5kj3wN`MlUos$4tm6AxcIqI;BCq>wlRHm_<&g`8OR zA^_i#3>s3w*}S!3_(M36MAl!&MH`YN%}jX8(ub9nxzG`i?v;fFAj7)VIlE3 zJGNII-hl7>dKqps0!Yto^9@@0vv80}RU$g=3k>u-9y<949Q_(r<6TMI0Zv6EJz-P1 z(wiXq!9p?B_)rCg*hUra&>R5=iwN{U;9>%vEu2DgiGR0vCd12F{NGd7Ep^Cr0ylf# zz3(NU;%t~4I~~$F`wI$T{UTb)oJU#c_lxME7r>m{G>Uv9=gD;eS_2n%oZey=caRD) zRRK)L2AfcMaUBjt8&g$Z>pQmir%JY>oDYQY+Lq_}Fe$4qryp6k?ksM3ER1P(rnyL1 zBC~EXs8xR6w(q&Tf(oYA=I6vy;@&8Kn>EVurNRdAUeE-wo+Hu~q9&IfW zOQ1SoGKG~&_0F5zT+yGll{ly9wX0;*$O#7|^OlYt0uxrph67wF%ifHQgHI1QL^|Nw zpqMilp~zRVTT*lq0M@NF_CSvgY{fCi{A0eh*IOc$2)Hc~@p)n~X8bgcF{^YZ*j7T4 zn~(2Kt%gbGo5q{>&iwMrfac_0s z>a%S~g4KEsF%vxr-x>Nd`wJ-F6ksv~bR92Zd~L}7OFv}`e^wp#1H z^ULC6;WsS?Dx7fV~BJ{@I_j@C9$|6|k_EONzub8``dJw8zy6x5?Ib!zcvC*CkW| zRt68)?H)UsVl#R!GyQxkeSf+lK6T7Z)o;hF{(5`wz}KDoDN%eWpUhxzUGvO5<`g7C z0J~T20_Q(QA5Xw{zPc4Dof$WV*!pH^Vs2*lcw}Rdzt3aw8T>)KT>=gV)aU^!ZhpHG zr1{NjX;Z2nGbk54=%t)io8I&$1;Q(RkZSVt9{{hal;!E}oe^yQW*s~5_U8>$kd_!y zWfT)7E{EEbVWhd6Z`8rH!vyiQ0^JMi03AO@GHCp9c4C#R4f^)t(9@~>?aycQdFS+I zd!`7PJ#<<|&T%XkN^W2t`HnsahFI=1f64%eD%xkuKEW8l2d%pQO`uN7m*>r zr+l?T2ngbKpsjX9|3MeYZ7aqrGe>OB3<_a`LN=!@eo)3n*IJ`wev;@j{Ik6_>0z3d z;~#Df%}Y?L)@^PW`@Ep2O<{+UoUnd64tHxcJ*c?&aplRX4}rGta7coe;yi~;5eGH1 zE}vwutNF|k6ud#=MGn%D7wm@YwTbj^prB{vhpzRCT5ABv3gAztN%9-nsO$F|eqC_Q z2e?g2KBD*u(de1Ful04hX+iotF-u(BiHW5Fq=JrDqB=L9=OTsoQYpNX@tG<7Q;PX& zwH!*=$%BI|{ELCJ;435)yPZQKYo+ua14ZjmT8mMVD-QoO8g8V`+NFP~UVZh82oEAr z3aVT?C^wQWf*v#Df}-LHtU?S_eI?9t`VoCahz?MDw@ z!wStQqNkT~pq=X#z*Kk*m~krN=7;Ng#*SVXd+{a4k1l^{v|pQFB?X7`8(vqUmK_*x z)zF}SQDRrl)Vkg%LkX$NGX#A61*U(1m9NiX%VsdRj%BlMFrd+BZ*POb7Ce}fy%Yjb zC1Cazho!ll?`^sw*u?kFcil3ve(GyM;{u}^NrPIpu6xmuZGynx9R6WFtmnk1chp;e zW+Y^Z^lS5r{aC@wwcj|Wy&@T=xq~N4KU{`29?q7naV`5+verPN7-K^?xY$j7HyBsS z435*v!Dt&CAG~W+W_o0e;ZwANZ(T-FJ@owpLYdD`EDu{O6W4#MW;9}tvA8Tk6x3{b z4O_9Vc$2rr1ev!U(ds1U()5U%?r~&}jR=5-~-Hy@ssl*ZlAfj0SgZ#>deqm3Oh?vG2xrLXoR7+wJC2cliU$ z`JCG*0JdnkxG&}iGaw^WWUp_*AppcK6~OL{P*Ji_7?^{en-P{aggT@%A%}e&U+|`< zEjAm+!)k`$$wBX$g)6B37=ZR7a_C&&*5l60$_6rQC%g-s$6VvpnjOI?SdOGiEVC|5 z57pI{K4##EORh)KCxHnG_{bC!;Ok2cz~lBUPF%YOL=jA`1J=B5h3d7wFar^Zr~WvD zkV$TZvk;$60$OUX()jw;5R3U97HgH>83ZEVoTz61^n7wvStFnp_7DdA(eDfZsFy&_ z&ZlJbI4!&=#V$ZQ~t% z&hg=`&(E*W8fGyQ*m>4;TeB1P+#;nJ1=g#Yn446V6Wq+7eHdXFz=?y`1VcA$-G@wM z>z9p?;MY2z;eENVa+ord9NZOTrdWERtC@GR=vFJ+({FeaIQ%SjF4k`OT4_8mU0@0# z{XXV4pZl6|y`*;A+;mD?z5cr;2hBlH^bQL0IdLg6&d1*^7LKI%rTny~ZsNH2Vh$LY zwUWkyb^BhniB4S*q2Ng>4jpE|TH0HJ297C({B|soO$!=%sD!;|OWwRgpoz1LnlB&} zAVN}kPFYI707P7!?Aoxei`-Tmx4)n&{Zc7eq&Pb^b6m+e{e1((fcQn~`!MTHEWSR* z(?Io;qN@kqN#%w)wW&3!a6);{%TvT`#jYvXVNLzx3YGWLQ!_O{Nl*s0M*=xadEkgA zs2iktG%T)s-d%PVfuywvE3kk8?Szm)(@-foT-vaTU>&nd5-^om)IoN*;8j;0pRf5q zY9^6G`7|=khk1Vz(f8Hj7cHk)3HrR5$iHPKZ@SW{T(jyPc4lOPbc{agaB{xi4X>oM zaqYTTRwd+TyA`X*H&=cgj~z*w{j3Mq{IiNkdjz{XajmA&M$L(FwEhFY5ASQkqlC$4 ztMIC@y#rxadq6!*0viBDcP;CEb@lHL`X&{rL}x2sd=Y12gx++RYapj%dTX)a*}83N z=?|TbD`!rOlaTO5`=A_{;o30rNFyYiQDvw!{)io!eg9)|4#1Ei&O@9IcmC~OP*0oj zw=mo?LU|YAKqg$Y!LSJlag07!v4savv0u8ojb-lV{kQ1_C{WHGvq}v+bE2Bo0hFAU z*JJR~k!Y2MFxPK_MSLt+pTytj%pZGFCu)S#cbX{89%qY7hSvUKe*Rl3Oq_QG`kVic57`^+}d=gDN>r%rwSN&!Ylhx8?-ugqL3pQps zW9dL|4!cvU*=FvbvCEExi016Sy+C(e2rIYm6GEbkzIRlhT^AjqV_<U%xECRLb(e?kCASt;ny5i_`bJLhy0wt z^bm>63J@q+sedrpa+`fL2di4agWLj<9kessd|KhR+pkd9?~W~;n8jUH{Bz$#(=@iQ zV6gjl_-wrI5ERr5t?R1^O$C@%gsu%cmSO@#o9)zLe74Jd6G2vikG)nHSOYj21kR6! zP{9na%-z;T zXf(S*6QZJS;dxW=Al;@F_T`q_JcUg%3V!@hs*M6FS$N%8M1(a|Qj!`b(uP2mFmX_B zCS7cfjmyY|5w%Db&2L%Ms3T@x>e3M0aEbPHn}#Y+ZpE)sw80-SSD{j?0)r0unGh}UOKPQ@Gj)4N*qN(eK`Rg* zCB-Elr?(D!c-M8D_ZFQTJau)Ne5^OnmCjQ4Z^Nrb8~0-$l*4htY|9?m0kIaga*}6* zyy6quh3``ol#g#?wkM~USr0P9u$F&)se(kpmx)Q7?@X6_UeHe+9{#I2G|YjM$RE*n zo8hTNJP~qnNu{AEDD!sVM>d{gBZnse1bMVz(fX8_l zy5auX!e;|@Zyv2-&0BNwA@x|6763}8`RZK-ll=Tzr z{fO2^g8(|9Utumx&r`%`yQUR86U>cp6)4`HuqlUl{TBjO8TjJeoA;+H<_^ayA zCP@(NbG5$ZZomIO=VU*yqq2yGxR_~=v$r`n^S@GlxllMI(f9rGHl?*&35L*jf#B^X z@1N&| zzm){kyfyD8*#y%?E(>y3n*4*4?eI4C7x&-L{fn48bsw@5R z>updX`}|StSe}lEQClu?yDnFn0&NxBbFnyy)uLk!Gc=EMF7|kHEZXF9e@?0xCx#(~ z6yONkA<%X*nj^wY(tka&5~35**55|VD8#!Fu5#erLTT+|6T3ruIWg7E(T^WxeXW`Q z-r9PDhicV3TLg`|gI|0%NTeDT=Bxb#+a9Oo`A5D5OZ1HsH*4seD-5hk90fCFd&U^x zmp-bW(Ljx=q$TqpbP^0hbi!uFcf-}w zXhDNO{C%#V56gkeBS-H&ki8wX-rL$9d!4xIlxM>JBd9g)5-F5!u}UCGHM2FVL{?}{ zrTe=#IiCwLz7;aSLRq-KOQsRer-$Yd?>=|7$7Q;91j2sL;Sg)ui#pUGK8cXlCz3V$ z(eDL}+gyF;^t#%4K>x|Tlp8f9QJ-kS^&aUiEvVc7MrWAdO~Vxn@_RbaCgqjFVa>BC z8THsI>;Bfb$jD;!X#}%;r*EJpQgTE(f5}Qq#PGv>+Sf0p$>HxIaLn8GMCYAF(JTS>TKkVk0?okSdbl;mhjx30hbA zoV9J+wny!GZfv2rmJWZ`8fS40f`tOL-3EVQYJYE-)7^At>KlDDsj3lt5{gY2;HN0|^GUox&yG6_&Bz5# zNolWFdfr1g?wiU?32Z~h&d5~ph8$7FI_dxUA!JBD9EgpE@|dPO|9&8UA?Q8{&AFvOROrNpzb+Lny9{dpKzwrr@sh3~1{9U~ z7mDZ4C>BZZX$9`?8`B?29P;pL%Okf3gmQlDTcDOmm|s}7%)WFL&U?))Nxylev!eMC z>|ubld7M^-Q<& zKh>88;=#6N4S0tz;&bjh|@buOVKiB)}L(<#wYohms6Q= zZNwR(85{m^@naZ{i&oNbIX^ws2zuzj7gVl(QU#;!8>=L^Pr-QQbk+tn$ zf~uJXMaEe0WBq{*`gTloC)334dbu_=T5}Dn*1)wNN7niBn4xQ^D6#8*xLsm*T(>&I zIGcF2&eJI@G9M3tLE5{SV=9{W?=erIEVh+&0boqyb?}|Q^7D+PrbDi5oKGD@V%73T zdP>yV1E{dH$;wX|jkk;)4rYAQu>51zZTEZ zCBu3Ee5AD&F3kW!T(vOJv`K^hMwnMBt#-e8tGC(AZ}5(?Of?Iypk!p}3t|6JfGcID zR^!nd0|V=8hZ5P(WT){u=PS7&-irdPy90QT2qW40$V1?V(CGWlo5v*fDLGG3 zm?!pt(!Yf7+SnkG&z?o6F`c&f_FFBtU{mqkiEMIYTXE%+wW6O8_LSW=82MK}@Qmps zFF@KOa{d9X@z(SeA3OLzd#eZcWWNz=uQjjYMSM)iY)1hyzHsKR{#io`?y(#O6vK+3 zW15LP1u)ssgN+YvL!eH9i~uDA1$dlW|CJ+mw(WdohIeu%%<5t0+s;pFTIuBroBVYC zo!Gf(D`9^-#2RVda@bFSOK(@`omSdlw>NzS2eOD^dp)<_z6&U)w0nl`s}aauH~k|G zRkGG(dkX&R9wPyZXRq&4@T!*1OxO*(d?V_%`UA&6VA9BvT2q`2h@#RMDXO;hygh7O z%*4dL{G+P^DKH_Hf$oPG0nJ#;3f-=%mr#ghgU-WA3&_JGr{SPjt_1%&RdiL!U2vlc z<(oIV`mLCL8bSjbsHvUt4eGlAXTWLIBoowqJ|O*X@Eg%3Uj&S62)8D6oMQ_8iO>ji zJIz%Pv_N1kzOJJf4B;=>wOMP3peng9@U0z5%RdvF*enZ`$Qv(SZ>W+gQ%6M!w-tLZ z9=|MtT5rCo_*JXWxw^1qL2`-gxvrcVY6SYUaxhr!HQD4gfZmh7Zw4=E$jpX3q0&~^ z+(hV#p{g!<2S-m31=O8@VA$K7-_3D-{|g{jZ``^;R6PrZNmI^M%*wkJVQ(W7fT6rz zOQ-%eVTVciIt7)eFY-%`G96iNmaUxB4`nyZ7z*WP6d*?0)AaY{Brz;8 z^99*mLV9jYNM&C0_i>nrQBP+XaBOuBLZA&(>JsB2-k|S33^F!uV$1KxY5ztSlOLd+ z!8eraG}oJXJpN;`i|gi_P9dzEohHTT8tR>?GEa$=tn7m~o4uE0t0bR-s_rG0w!obiucq9^Oqu(M zv%?BaASBMW0Y_wRCknf&NZA4Ez#$)_A_@_nD9H2F1B8+i{Sx9g|No_SL3!Xxdl<~R zo8I79)EP61_D+|%d$AD5YI+0V-)?A#?Y$y&&-gETImGLm)pwvfSfSfH?>LRAOWj(u z2<<9T4#TYPAn`vmEIBFbsn>ZM#>l=geqXIGhN@3Kf1WA*rMjo|x4EixFW$tjc>fyt zmjM6Odl^fFTu!+)L|w>BXf?cv{$+Y zP)H)oX0W*~e{%c?JDcP^#%Z6Wo5*}7cR-@qBC}Ve;qN2xSj77M{YAX)xO{PO5|??TtMB&g+-*3XH^*qka_;b*8&8YOKVY8- z!7z&ems>wE> zJ%55}FBjy>Q>Ijc8?;!@3y@1Y00(63P5|n5t^&Sfv+W9S%z4ND!lfum$M~|yc-DB% zX&|!%i0s_;f%tM~efB$Ad(PCN6*)1vIew&Qo^OmP;$u%o2K5-f_81~JT8AGl!>r~M zXt5r2n6EW12W^|N{Zx8&#c@do=1yX^a&1a9Q}%r+R)^bdw#mI6@bAq%$n4&2uIp*4 zYvXY_@If*Aq*h);j^RZN8_iwp+12!jCAH+Wxi(Jo!(K%;0rjfEm-LI1P| zQ&#cK2wLVgs-TT0nd@Nd@cf0YK#jM>ERV^2`(LfJqvfnvYc#n-HPpf;Z0ps=tZz+J zCaG$vlkr9%$_VOcFQFAgMCJ0cqjv8<6|41lI zNo9`1_i`ujE)aD#?ym5h2mQ#7G(3y@Yx@#G^1~(URDCl5iG;C5-bZ=g62udEY}+p; zdUhlnUmgkay1vH;%vlKGGNr^e=B%&@m*8FBuTMr79NHil(t&oUO%rqs;ciUWqV<)q zDdS8kx{J1BY78;fWqTq>Ez$#rxjX3PL|d~U~-h!vQnjuQnT1Ix0%S=V2lf_xq? zRAt65R%<#jELZm26YqOAeV0`8{yUW_Rl5$eKq0Gc*V^WnN=Lb#OcVUrLYt0yLHtMa zS5~ucUr@ct@WG(2g(`S`uz@&O>wSJ}?|tle(I-g{qmo-;R9|S|;j4-;(J$)xkmiW0 z@)$U4E!U$rG=exFPSHSlYFAooS>L zZNjcp3aU;N!C*fJhA;AAkmRWBBx0~Ymmsw%F&r`astzO(KAU;jCNxsdv6w1N^$RI%EK$s@fq#dU2atLMiDa8Y19Wuj962qNEm}{Ma ztH}!j)WfC z7k{{@=vX-fY<*+p_)8wiDc2V6j70%ca z{fD1}{fud&PA&ydBl56ZnuF4xz${Mg%LLt2T!3^c$~3g6GDL@! zL|Z^|am9t<$B8=b`5fk9I>x>KM{h-ES#Rgo{j%?*thZV<6=VGFAmCq8rSSB9SqTE@ zkIvj8%A$iP*<`&1{%82GEp85gQ(&&R9{g#(c~lGO(YRwtY;mpXP`JN|^2>wQlEe~iiC5d%E4YpyGkrswJvIBKJ z1nk4(kcZea?$-xq-(!xDd$MSXHj4vUIKh>Pp<-NZ7K9PGMFvqp)5WN%xJVbAHa5%x zSP(hA_1iou?bA1X$TvTq>JVSS=~Rd(!c1`ZGO(}B@V#fXN0n=z{QJHv)TLor{3JcV zbqVG+lGFRZyVsF%^4T|OmXSkJ=m71QR#?3(Z5NJZa9w+!e8Q(}POn#;_*U*|o8H(u zq9IhoB4Lc$F(zKt1DWG0558z%$hzPGjq7#9uIi>=1FUSIbz%xh$=+YTupVM00ra=-sw@TTI$`hSKt$H`|XeQb|XkC?Gu|{|b3FjNG@`b47?#{BG<^ZED<&cd)b!ewHxBMvt_) z)Y~yEywgg(qe3a=`Zkn#u_y8+^yEdC_Q%2dJ&;%W$IJ0kn&^5+<_a6QWjoT3%q*I9 z>c(16fcN!#JRl^6>DT07vxpiTz^JuoMMvc$r^uvRjM##ZuJ3zAf#=zSIGPZtb|Rm? z;|U?~lCZMhRK>i`ZbLgm?!)aX|LAy;xSwBj_@7n&`TcEZ+z3AA-G`h_ozfj%CiR} ze;<8Zs}L_rvTQ&W>kVChldr(RJ-=-Il39?bSHAHGibD*;9}tMY2<3F{&f!X|xW4;K znW{M5@?PY~2*e5Ykj2uff~_7t$1#qQI>1S}ZL{jyg%SRh20SGZD=%BcNdXS~+|9I7p=GF3VrBuI0NU=@t}g2{^bdS&5dSIOpB-pFk~ES9d*6t za;u_rP_pKOLfMTO9v*t?;PHQXnTh|Zz8?SnY-E@-oOdju2?L)IkDe+!Gfg30K?3yO z0)wy72Fe)g^DNR>nnz>%qJGU=+;nMqnq|eBwDAl(1@&)yA*3l&u*i-H+()c0o{yCq zO9eLmbZ8K^(l2CX9*Z2^SdpiIxh*hYWDO#_oXKe*A2bCa*GC{2l~M82m{Nx%`j|zk zbj`(vybkl`NHu`jymy&f#-A@vUAKJ{{@l|f`}lnC^=P9D(`P9?@seh0lT8Q_49mdE zin<)#-xLah1?J1gn#DPQf|x9GXq#JJYu?E9Kfs_{gI3tQNRS8+1$y&`BV^ry2GB$t zK;L&@pm228L`5UJ7p`VTIGVk3>vi)R?cb08N7se8r##BudXFGY1(j%&PCe*}=>yMv zM5J_1BzG%YkgmnOFwl)Em9l%TXx;5~PIuNc)CUM1Gpo|wFBs~=yd`jfH`|$r-nI_# zS@LpoBWX{8TWpQYM>7_=+0YLK>2KW&Q71PVr{ApRRQsKf6N8q_w-vR2|= z)pl&^bC)I}kR(2J!j`EzZY+qo$RLD=hKA_D-dG=|^zwNG z(=?)?^wc8gP9A`>cnu<6TSY+a!^rv@}`WLoV;As! z7%3QG4`f7E4hofLdku#ComB zk24|ARCq1Patt|IS1(X{`8kMQxy__@%BbLUvr97f{*bqZrdoV6wiTkMnzWWT*P-!Q za$Ri7H2QXZRusuXRbg6vnNsZbRG3~P(DmIpsNWvq(WdxfKFU)BSDarsbM3X1ro0#AD#Cg`nQ&!L$AHS3=#WT#6U>iM6A~{rAdJyGnz2E{x^Uw#67U zn^M%x|Mpa)xZ`@005PDomICT`%)ao_nNBWCl%?W46d4vvB<0E~!ou0k%QC^{9Re7% zQY-zEm!1oekD0UWnOG8tq40UCcBtl%HG$Zq)#bXlBa`2Po5<7%{fbu^Nm@rF-!NSv zCP28QnQ2DxF)-s$HP1rOT}J~L=JthWX4HFd;M5b6FFn zCdu(QCd^8?gy!XOZ|K{ka(`w5J^aq@!wLIS0Ay@s#`6Vj%T9S<*2;L>;1r5DK>TlE zJo_K2TXhod`*YvbpbmUSh^ZMs-b7Abk}4>UjcB-f#pAp08fdZddSSgj)DUPFflQ(I z_o=K=v->AupdlgX4&Y2M$y!d?yg_%qEv*xer#l@K3{|L{%q;_FcqKLM=Z2G0e_PAW z`_u-Z@efpp$qfow^B)vjFj6l`P))jP{kEyL970!>S`z0hE=teMn!7nz)?y?r=*Hr}gVzh?h(tPR3Fj>YSsir@pH2Z-&^ba~UEt*tHUK4P6OO`9k+`?P zkdUv<;P%2T{}szzn8oJsqNNGVNH_C_uL>87dIb>NA9wbg!q>|YO#n88x$NZxC@XKw znhvGtN=RGNIFenzEX5pgA9#ceQ&Sl)h3D$Yy?hFb^6i#3Z+LB^_Dw;iimi+EXA^U> zLxa+=?>nxS>r-g!WauPBQyZ1hx!ST2I_W4U#d$OId7jE6rj(>!I|Y3^85 z`yPxOp$rLi8?~S3bx+A*@x6RIdk}DBP_9TVTL$guEM;QJx(p&*wL8_VaRUav{O(Ekv7S<=^ls(k?5v?3Du&fz1`57z)gd?akVYf`gQ*VP`fdwN}Jb zo0@hroDP2=a|EB5U8XJ0!&ft!H3v`DX}}D=;qCkAel@kOU!KslT#?DXV;<7&DNkMj z58sQa@veV{{eye()Tss>ingueU-xp2X~j!oNfVzM4XATA$_(?nGp@6c?^;FpUaFB* z1%lSLK(b&+Ru>ny3EeM4=gig9(q4uB6B+oKg6l-ayH?ho`YF; z`Nk>!IYO@pwIcim74R{gxF*x&fhjv!XGTF)YO>WDa3RO3J8*-X+dk9vf~0%t;IHuV z9iJ+?$uu#?!mo!%OjNt{g+fhr5+}X*wD%;~F!^WD?_oq)F(ljVa1N+o4+2=Mrntz5M|6TBhpcJ}*Mk|+2YZiSigLzO zraFS&vpUG?s#$18gR8^^0=7_|5*l*%n%%vb&`YGUbLubmHyCy;kkpTsZyY0k3SJ;-yv1xnQ2tjBxR6`ssO7cXz62XXACD#PJPRrA2f73tz-Co8= z8^jkZ3>yR!QPawUcg&X6o1mB={}0aWwbd92hpe(sh2;lx4fFk6JSfVlj)uwyNNCVu zyEB6WoFEPkZR#k1c?6;wMBIuN3O{2m3nEb{B2eNIo4`F`7VCV~$YtOwJIN|3PUYQoWO4d6FNJ{3so->%t0+zXX(scmBzPu z$?4oq5gdAuOh6{Gz1e6-TtJp9*U#kA=LLZ5y& za9mje_kouGC#@|0Zl7QWcb2)YsQc-CYy@pK25`4!T(VZ@-qk-Y35hEA8>WktZ*n1H zNllK{h=jjvcflMOv0aI?-PHLjdPLsznfmIj@_JWxs(Xk@%F@r>xzCA!x1d7Pz1T1t zfgGrogkZCK_{ihl%}1#!q(Es13RqHx>L3nfQ09^j)n(A;g;=9}80{G*>7k*w zMK?Tu$AyR{Exo1HIjeDTJtPR*ju+3H?`2tbt~!y$VZ=DW;{@2hVM~H%h7g2|N6!kS ztZBR5=;f@4dS)nN@p+5!Dta}!Btkp!36V<*f@);}bUUD@VTH3rmRRLPq#6z|VCR`!L_m%qH(oLyu* z81{l{@pQ0C&C9T_UdJY7`F{E`M`M4!^uowZg(%Bne*0G4<#f&D2LFJwBwXMAROu4k zor*$hq{$GjqX)?5IPM_1V~~ov4`~Y<6W+}XSV{|Yw!T?Eu`V01Ttqf(o0ghnSL!0v zZsilM^#6m%(nJM08Pkzd7!;;%;T`U1^)1mQCba%&OeSHJktU5q_~GjFkwnQciQsrP zStsB)172O8w~>JV21*cLe_!;%j_)&yy56a`4tKaSV&NdcMol)_n4o$d=oEZjs~pck zjxYXJbL8N*&%i6(OdRwe&ex9KorGuXs1&mB)}#?c3cR;@?Q8x_q+!Fu^{RCulR+(H zRT*cF^qxE+J^_PSVOT7Bv5=thu}l~GaCibV3I+QYWt6EAeBS$NM?W$s?7sV&T7^5l z#p|2w>iSuDy+n`F=a336=M|Z#)#00*?gDL;jol`fQEdm`{#x&Wm~CsQt4~Co#V~i! z8hmEs0R_1YRtH3Yb} zh-zItT8sx11_u0qi#N|GueM(+;&jKU%%aN|R4$I}u9WQK^*#PNk(cxIx_?9os3vx` z`&RnW^sAp^&J{`J3CM2$+Wbrq_|M61&n5ntQyiKAe=-J^#u9Xp3FMenN|Up+10QM7 z%ig;@A1bT${Esc?zdCNU)bXw9VL>^8SIHRHJME?2ez9eo749x_;{Jf5!Q!R71ravv zWvlab1PYHzF|%JW5IozRqgug<;nCMEYAX-m1Pcv#pqW@M<#+k3P{}@kO$~! z_OG~lN$&JVlTqe_+34YLd~KH+zSS?fzRMpMdZepjg?Ga>cDHKU2|)l<{Vl=O<3PX@ zC=#5xc@%DX^h1Dqa6?4^?atq`wNPW>Kakt1*8s(hAWLvOjC~UtbO%-j4&+TaWx!ybX^zo@SrV0G!cW|hUlMP}W{CG@hSskUt4d0bi-M*;#WN33kI zOEJ*k(_Q8*H*0(M&hI@jI`Hr0N@hK7aGg&z^~m5(J1-w zio&de-JU_QU@`jk>%%pQVPIz~fYEn-IEAOlS4U>mtDduc!DCF%5HlRI1ElOB7pX>Z zma5Ai>|0^=q@`tv7_Rtw?|kb~kj7ch>y$n~kLkanLevwj%}3&Fn(a!PfuOq!P24!n zZ9weNp}2>0vrTNy3;Ti66Kv<6>M4_Y#3d!w9G^ZlS|2XHrG};5B5^dr1Wqlx76;Hr zcXcDeCNTrar5{CT=pE#sGCVnOnT6p)5D*nfzF=AH;$`*6nW@jM)ZT^ER$D?r3Jj;o zb%7N7ho=@wewCzTdO%_vp|6}y8o!yzYEaXx)NpiWg3Gf$7W=fz^| zK$kummHF@(0uDTn)h*CVa@?khH>rUxsU7W3CTRU=l}Y;ky!5(-P!;(9(Pgp&ohvoM zmSA?|#;Fn@vt0g4_ApURFOYc9NsW_HEY`on)2tr?ESJ`ovZJ-JLi2z*7uVbuloJSU zaNY!L$nH+)G*dW$AQPnH91nm-)nu5Y1#l6gz9xuXbGCM1w8>Aj ztJCQ#{6%J`&%+$1_@3JIT#`6kKy1Njy!xVJ#_+MfM;n4_MU$RsYy@yB>uSW1Y0#rh>c=7?k;rA{b?D72KPfuW2 z%BZPoZ3zi{tR{reYZP}D)?~_v0rmAOcxdz#{%_1b`E0r~os*V&{plP?lpQLq(=U!k z01re<+!s7Gd3cK5e~}iB>_o$nN8%7lv-SFGH)dg0TbzVQ&5v~A9zuB~ezX0uojZ5N z2~K=P%EJPzs%S_jP{o@6e_qi2=x<^|nk)>Q1p9}?5~+s0thWS4&d3?F>+Ot#vSJ%0 zVl#Z_%n}WoQkDHg=i6*Wm}D=1-vtRTmb#Pdv`Lf2tq&mMWpqN-Q32Y5_M7Mw#x8vg zdFc^~sl2AjX@l+%GaFao*_Y6Qh`Ivx|GIwgM@cZP*7@eu2N*QvWY(aqb%E zH`?1Lmiwf7WUN&cOMSKxFXC(rw3~rqv_jo};EEc-rdyZ)bXmxDAX0RBVR$Df50LH6 zYCYLo8Rcp0i61%>)W&%uFARMP=8oWZxVBI)+zTP+xUHni^gDQ&{Ip{KDT<*IcmTMY z2frxZyM!50%QOoc&bmqLC>Cjs7ty{DVp?vU5Xcn=lRe@h?8PXT62M-j9vI0Ry#xJe z1i&V_xS%i2^*+VKvS{n7}=W@%&BceqeN@up&b&4`L;fn*Pn%a(`Ql$`I0!~ zyk>^jn6pLezp0aW3(~zuO*F3uGK(orrwP`U_Oo@DDQ12xCviQg?0g7D4@%_jku5!LlJt-NuLlmy!#0uV$eepfCqhGp zgD;nCBAc5t{uMk$_`N`)M#1HLhllI7I+QX3oau;_mH&N0xCfc^Qkw`#Bzh)fIEJ+D zZnM+;iUd3r_r{r(4;g0o%(5Hn=W3vEOI!u>(w;+ z&xw{kdb(|zx$C2@6MwJt@v$nUi;&)&-Fb=6Nj??GkTGeQS}^J@_iAqHphV5(2UCmp z5cmR$G>zc5qZEZsEqc>GLU#rENL^@m=-gA=Er=_4J0dS0zlnp}=DI7*`yhx4D(Uzm zeoTyprx&23nHb>)^LeWCbj| zYq8p>0%ri-rLPo91LUcNhoIf%zMwj7#$n0t!g3fPcDH_05}%bQv{_A$!p>GTZ?YxY z7`2P2+7z44Etsc}dGajTkNgpijt(*=eB-sREBL*c;mCs1Q7a}>Tr4}hT1?PTewqDY zZ*3y|FD24E+4rGErLKoQHb8^TnrK1BUX+KcxUhlYBod0|=l!2I(>ShlQSvaf1ZCZk z+A{FC-{j>_IUQi0EpoBmBo!Ox>czi$e^OBDh(MwHcULe(b{6;qiuwy*=&9~QU z0rIB`-8Gk-=pj7>H`N6A!3=AizmfTQkkCnZ77=!v?QDGngT4TZ-$;RQ+`@N ziVUI`kk+z4XJFX=Z!+Sik?9k>l9g15dy~K+Rk<^!27uD|B;;9|bptY6-M?r}NORd1v?g>#?^9DC ztm^+i()-}pi{+ezdl<7Huroyg9G6u7{jy45se#^cp&cculR^JRV7mZW){}E!=SKdU z!knA^fb1*jI+|_pWxQ&%zrq$23DRWddt_&E=-dYRhqykr3iSa%5PrU*LY|W(#DkJ_ z=9o`|Rr1hCWkpGQ{W_Vu)`6z1wPqVCyaA)HN|Cd;E8~=o6AHE$m7x`=FLf6`FsaQQ zq(Yg^ufWD3+3X!wO9QMhFr0!{E^De!|GpR0&WtaMfAx80sTAtPr+C8gdq!@v=u9QJ zgzWza@e^q=)IaLQl1_E?`7uMN(&~M3xh&OdBuNmV;+p|#BCTQ&$W$$V;i5|AYeWcj zIpV4Y%6N`UJ0H1=Doz=MpJ(0wk ztAnqsAjHhY0082PTErk7#!9mU#NLAOk4(ZuAsPJqgypmN<&tR#uqd zcfWs)RlP<>A_ZGZ$C8|%gsw14fig34VU#QoIC||-$BD!*AAMoHoo zX(@@sSH)qr9g)zW_r9&Xj^?7Y!p>^DNW#jx0s~wa>}j9b8R=2VYfHf++gf<*s`5Mn9$B(Z8$_log1j@{Dzfim&e1e?Bxz<2jtEXpTLoh`C zdsD2-EREK`ib;jmq23s?V%}<)2tak3Hpn5K1@NZIBlTI=-R~*UDYeRLSi`z&(W=Y> zM>c;Rk4Yom{se>|h=)XKYVl)zk|!n#YbsiCh6;Te=B#9 zKN6bj1MoJ`5dg8lR+F#C0?5RO$uDQeYriU#2G4{w1quEH%ZTQj>U>urACqE0bZkxg zyTdmmmhshI6%U7b;7@_s&t63d$*oLvTpAquh~a;018{n`tZJw> znHS^$bM&#ca*l)r2(kOdaHzN9JfGHinIg#56MfTEgI-sUaL)%sw~|H7hZyCM@@gGv{J2-QwD9Vs}hCinhTr;v7T-UI~W-w8zk&VzI4Z^OVZ7C;3KSrVR$ir}l z)sQsEV|pcbP#V%%NcO-VIKcnzKVVjnCz6`#KL=j;X=qeDH7^Ar2F8PUmR{E-rV|T6RCd!~Y5G`SvJrWjl;(0FuFVuK1?{KblyGK5jNZ2)Fw`v`p@@#9}iAqlb8ElQ@-E(a2%pk^s{ znV{qXm?roy1tt(M@e|YHr>YGU1*O-*%y0YaI&(({ixSyL_(n$7nHAa~7H<^QW|tkU zQBB#)A!1b?4o36)a2srljr2}0f$=3_hXhI5C$(c6(~b@Ik525eFQq%`$CQ`sDReX9 zgf2}Cc_0*jPybphaP`!i?c{T1E2|d5^fVe|HQ4sE+XC7H`x2oO7jW`HqUTR=RlUK| z@N%ZuL4LLduOFn-45TD!i>6=b)qzsN?+#R*0p7$alK@Ip6nDPrlu#g4U(a|ucnt)@ zV~iohEyWC0&^F=BcnXz1;#vr}JjcTo<2oH5_kbxT9s~Stk@+zsOIUu{bPPadoz#;^ zBeQ@cxCRjmsEw@1^}8@jAFcoZta5K?CBUmpb++_+(bah29cZWsBGvO&$F!dLWH4S( z4rl^nW4}0d-xtioMwS9nj!iNI+PL2{B3R1YH%?hy$4pkH{GK4_l+(JMmRo(*PMNoy zDAr5noTlkKtQ06HcGRybkmswwXVgBb921 zX(iXiGesCMa1psnA3Tb`bcaO%sDqd;I-rpf(z*4k=F3=dEibTKcucoFi4(Y?kpl;f z9WVD<`I+J2ymW)-a;b~+TovFgioOXD+EHzj7)dCOk%Qtb1m;YTcu?3Y&MT%Su~gab zR6r^SiRtk5_jG?MWnj(@uWV;xOHK_T>$@;K)W#XZ=d%MvHfQ*c*6hE+*3M;$-cV{> z;5yQKSZ6}CZ57NVMQHKp9nc`Vu6Xgacab5(__+oZWTiFeCva5?WR=3}` z^7mqmIn5C=gs)KQkBnZI|59-M%*yUiK4N-Uf{y=&d_xs2jTD#K9vlsVR&_#xZ;+^RL)LX?-BJYw?Hy1?4IbHrIopv(o0X^g~0Fx%U19s)ia|3{( z#aWef@m1I1=uCc0_H6b5d&EcvrAFYB0h<ypeUAI+9smrmL66{F>&9318q)^moK3*c{a&dMM_ zHw5Xy7ZCXJy5PU1B{n1*8Wh?8&qbP8lIPUECYEk)nR$#IVgQ~zKmQo?BqNvj{#;iI z+*D|Z`hJ_OIL|X{OJ_-)L@12U!#!GdokG`R)A!i|VV=4O)Z=7iYBGkbTrJI*GxZry z6K62R$!z2~Noj!eT_-Y>aKC4-b>TnJgJQ0>CXbRp@HTieBcS8~v85P9UnC|cbM9q0 zDa~v)#!(CV0C^B=agkj2YK$-ag%osD{RueZYuL-5^gXlr z*3P8mcvD6!rXjH9$E;@`-Cw<509=2h{qmu9SR2kN68&He;U$^Up!sus2_s-^#XG!W z{Tfq-5!d^>9~bL|_b}%eaa;EI7x)EvFM%#VkTF~c<>Q7dJ&RM?K=ux8!}^F{zIk`m za^M@3uwo>wCOt?nUc_m0b8W7`og&d2H!Ko&hcTd!<31gS7hH<+B>}gw#%ICRTp`rb z$*;GLJdE;5h>J{Eev9-IFT?q`1moVNAc~tHs$BZwO*mMg*EQcFB!)`Vh^UC_+Re#bzi%b zI$o)RoKo~xHHEjk9fVY?)EF}f)1R08fH8nFN_%&@D>Wd|7WWnSGZC}aL4~_Sxqxp>Bt0F8&(EeAf~W z-x2O7ENA!_{%U75_YxtvzEE6*fZ{$mOPaGO?}*vGQLEuM+ndVxeJ1o}i@%Q_K+0sE61KcwF(Yzn40a!7%vqv85EoFm|%U<9nqGUy4a1+wJZP|Rzlv2;jHlW z?Vd3uIN-T(Tf!<%D}xkBEs(jS0Q3eE`jg$WW0BY{zXrfT9GA-HCs{?V|BAAq*riF` z_(w}B7nEh=7(aKe0<}&n!2Y8`>B!RZ)6+0AyE)6~i%u^Q4{l%?;|db>v2Hm=K%c#r zrhN+BE@Oz>)ZA`V7o}@;&MINf^H!$txQz#6CP8T&Xrz>bWvdnY)mYgfPCk`P+HvG5 z3v_IDsMwO4ldD2A$;vRWIJ!`7?p}v>;&C^`82)u4k zR$lz>G|d}T4+SeY)ur@qPS6O0w;IOP>&y-|O@uU8B?J&32?t0rLplcB1OgW^Y5~v1 zcwU60hBn{5)`1j`RYyU28g=tkCCyWJ5GR00j>#4;sTh2y-;L_WjA5}V4e0m^6$2fO z@|*IwKC0?G8K#=2Gpq`jQ931!i>zj59_)Kx9d+KLT>a{=cB*zY8j9+=e;q%&BZKHG z&GaS9l|)nB8Jj`Iw27@=O*$}gDY&Fz$H~Zw7cF%znupG=`r{TF>D1BEUTfoLU~3Y< zw>v7^mG_jp9gS9D%gQfbYf=M|-DT~iJFX6Ui}`{6JY6vqt@jxW1UH?^)+#!N^ws>Y z1H#vuKm}ojrR=l;MFph#IXpDndQE`nlcuMZu=90iU|jSLu<2TV!gII}3yj4CI6Wr# z{nari+tAbjeGzl}WUdxhJ!xZ8Cr27)v%F9|Cc;VW*;|H&oM?Fu>R!d`Y%wq&qaR2p zdYl;UgAp;vgW=C^!r#wP^5|)nY*`n7Vo_&`)RL|;h(lBB3|R}dyCUqY3`J=s z3d$K1XKY`jo;J45&ikneGA(6Q+Py9>B7xwzMI-C{N_5X>VE*FJqOZ`TS|VTFbx@4; zz-7S)Bmny85#|3_XakEI&&#&Vl0)$5{GS2FqUO)F1;6R!Byfx_nb(b_yNW8W8{U@s z0Z0s{vkHkIHf-ubpclspA-Kz^m!4t)cV>vtiOKflpTV((ojVG1s+X?EFi;RM-&>LS z;%0@EUG4Kemlnyt1=#wIaNVBS(xXFUVP0*SUN?!Q#v43bv57z!xMzHoAEWb5@9N{D z>Yde*zl62|P9Cw;w@?c37*D!+9QhQRqNY`p4R-aqGU|OL1+d+kCt+*wTT4e*?j$Nq zp6v!boMo;bc|>vO>p{yTH$M;kEHww+ofJflJccvTHgt9pUFqA|;H%LT=I>4n9C!Uz zw1$|J=~d(#f`U#!;^pNZSK$)a@js@jkD;|-2LDZ)ABzt3LCmy`7C@LI;Z1PhnZ z^m|A>Z>3`FW}2>^ur*yUhcokaNzFyng$MjkTy@8|76zBg^ntAu#GBWvE$L4ZMa;kb zkp|IYv+g}MkaPp+#o;60f{AbtOVghKf1=M@PR>s>eN;Ap0EHs5zv`){lQS+2X&}PQ z-LY{X*gw-4%tXB&YqzH_{jR;?8O(D`}T82AY_Af_%PZd*vIU1 zLi2&6mMWh>Meh9Z%-Ez1{v)@G??qd`6Ablg(D-p43bT^%RB?~WYc=G!LINT*4-Pc~ z_EE9P%`}@>$k$J)I4bgP7M@?|i&a&kXE4FUMhfIS0dl?NYPraK%DVrM#)aKgxO3>9 zv?;?7)u=k&=l*KspIfT7K1yT=+4M*Qd#xptl}#lL2{1_R?Ba&T$yr}B3+3~ma&Cw$ zY>-R%@MDJd>Srlhu1jS`j`nUgY?BhUelE*Tn{hE|y_ZFb1b$sHmXm!XLxyBV@hr4+ zb^>NX6vvcYIgM9%$=1qHoYNkz#wjja@yNnAmC7UxrlnkjV^agOffI5va|fLI1%bV& zW8qvAETU>WsXCU6_!>HTI#lijk%j&(nE8qs?pn`YG1(%JQJXwCg034CY1rt58!N{Q!ww8o$bh~|SJM9X ziQ{ecAWCiUGk93r6*IKp!;-oQL&3=Fg)hrLDaa}dub`73-{VrY4vXBal}gmg2&E-^ zJ3-O4p@IbteK4qVLFkMoPBmOh6K@20Z|;$y`im0sG^X8Svjf??TG??^Jo2qC0r3p< ze^iND9Uv@4G6~)-6ZC|R_mHC}K8}JZ7ELf57|E5Zs?fYq?)Im!TLnubf1>qWbGfNh z^NF8hKw7D4#(5EXfVIvuGm1L~-GD`UY!dME`BaR9&Wiid-aY8n%&;P^NcZzOGZ0kJSn} zW6=L=t@5KB~#)hSHq$1UnteR;<|X-*cGZ(TyASC@dfnZAYd3Yuw#;It69Vt4>yRefi#y+A*241{) z5)3WYEf#HBK;*5jYp9%l1*Z{~xU%lsmm{H(cq9Sz&xys(2FGx1rDMpf;7 zi)M{__z_JSO}OWX(3WQBbH3JLhj18Ytm)CII!EU2(O(F7EB=M08WqRIkhsM$~1-e%Wt*ReZqVtH19Sb3B#Tr8dje){Y?zDe_qQ?duSpgYH&*G$M7C{w{Y&=9)4*Lb(#O&_XnxZRMxydS<+4&V@<4 z+_^k^#kl>)*vJ7tt%A{+lDl$>V2^^)y9S`bnRH$&g}d_Sr&oJrivhg@18{!sfu(B6 z&tYaT5|M#IJQ8i9@f(j`uXjPwGeO&lzI(7UjI{sytp46zr`&1$j5~=@`{%;&%tcdZ3E=ZpnkGzm#J4K7^M0c^nYJ5PnZXZlB;xAjS9#!FO7 z?##>a-}GnRMU|9o`RAh#bS7F2?p8g5NR@Vuip?ze(Y-A4-4gc7Z>4&Onn&84t})&$ z+zk~M;q2dCHd)2hax%Brck}=4v2zx;EQ(1`x&eb_9rBfbVjQcP$`M`qHjM@7945eI zYt*(YcOqx9hFt}Wqe0UkC_*;-lVsIQ)SP!=1T!=bHZaRcwptz(%EoE6rV{Mt4HF?g z=uADwza=tBUK>+-h`Y|zt=gliv*m=~89}Y95r`BYIl_GCqS&CXva|24PL{%p!baO$ zcUse>#0WNa169Q?ksdf)&f4A_S{Q7;TXS7Kd<Ft|N$!#n!yBkFVh>$h&4OOP!Q?f+$J%jrGRj&WbzzZFtW75_W7Ghu(teSk?77Y z^sjnsonwL*L*~iQJpbC(1m?HE#R#fLVzFOenqs)zu_r2cokM%*Pmpb%w_#%(?~Q3B zq_Jo8Etgv?Pq1}8v)IZ3*?vc-Ft?YNqDy0rWT9rTunkN$1AMJ-1)1%IWcpwT3M$5+ z;0qkfy#`J#*!-LWmBU({Ef2t3p&Zg&6DEDCnbafBAn(fz*j3igPV0QiJ~siaqu4!ki8e6Yu7u>B>e&M#R97N9V9eZPJho`8 z^K)MBOI<@b6ey5(X3S+>VQb{AMQegJ@egRuqAfW1a1NH1V_M>JVOaArH(+81GJ6U`8DOEy<|(vemZXoZ36H3!+&bA zQK`2j>q-dva$)-j+{1cG?`L-WN6hWHKRoyUtLu(nATQ7*-fstb%nw$c9o#681uhc^ zB6H?Uim1a;*rP5H8Qf{k_yI7yX#ePDHjd0}U`EhBJ2((^MpxPkvO&H^@i8l0C;S{v zed5J{9OHwc`I5Kkdr!8Xwgzx&)yzx+@62Mcyv*^r|R)~*gS zK+BD1BUxB);$}u@>ngGl_m+PWje-i)GtO00F}w?yo>`a85)|ZfWt@^mX?3E)QpdlT zwB(ytRuK8|LGMxW(;C{#hYmuy43tF*fTN58q#bX5Yz%~$Z#lO8{ispyHJV~70hGLc zrJ^@@$LzJfdJ6ou^!WDvSRB!Sk|K{ci#5{lEOP1R*ppMkBWECSF25NS*}ZYXDS<8X zTyf4MV{e-|;+Qd!))Uq8stDHJgE5Fz7+l1-X*jQ8D%~ zrY`n@38&gV<!A`*{*h z)F~K@Ww`7-3XMTnXgJ-s3mjGh3UWYo!IwW3O1PBH+qOz8Y;l_wAZRKv53-3hRZ`Jv(c{?tDQhjAGOv;Y6W+Vfmu1e!Du&KmfXzj;KHYJaT zv#wFvgT-cnrgdMim0B5+bspz^=^ANtt`G1=2wqD>`R|o}h(E-cEAl&XB~a?3?~4>g zkxkFwArd*0%vj!7GoSf+*n*ulhv8h3h>F-g=1*f6c?>eB^$z4C=G`+c_2$oCc^ZH@ z2fq8fEISXQYxP&OL%=5AoE5wXiAv=aPsDxo*0i%PNh#T|8J*EBb4-AZXPA{jmi6Ue zlz{5f27q!2cu6|*hHjKtzCZQ)Bj~5|pGu!YbL+$X^bdn_V_w&xljiJS*h+4{JyY%c zlwkQp_;ge5CKN%Dn_f0{9FdryRa7aS@S0?#6IGNP;l=*k_ug{zKjNPO=4u+S z$G?9+(sME_lm1bKY2x1KHuq?5f$X&+jz($-iJQ0RS8T#=$i4HB zjH!?dpyf+`BRcgLQ7gOP!Jjq3suL!Ts_b;Yihr;{=aW0iUnJJYV0ke&1-#ju3YzcH zC0OuZ_I8+oTYeDugm$WTcs1%lw1(=}T4v<^0g-fkscsk+6?o#LHV-K@q#9(VLvz+M zG8=BR0GcAxreo5PR0z=Y`(_kL$nE5iVIbhhx6o6;Y^m?Ne`ffjmkOn~yG?U{=WpVW zCkAMICKO+5Mof z877h@!Zss5EDWl=gsiZ>&_|89D#lqyK-SmmPEyOpT8VlWOnm5hoxP0Rk9K+~4@$*S zfedfM1oUc};q79?BF}kDoC(k#bB7>avR0W^Pt$;j znG=y-X&n$fq15|t7n4AcLEeRC7y2bQla-6sb3_^_xtg?_zs7AiJ1zkw#6nOq!;)FV zI^D4=1~x5RJx7rh>AyVNlgL=G;)_w{>=u}oH&>#qjG6G$z> z!kHIm^GVU+Inb=Z$KWl9l6?C3rqt_G;*PtuLDVt?lT zGM3G#IJMn&0*_u4ohhASb^NN_zl=dVZSyT)*G>H-LaFQ$VUiKnEcuU${pL@>NtOnd0F>ZwokK`jh17TWq$HY%?>4mTo<$K`7b_UD+SC!{S zm2qUZ4R_^XiWrecHQtzJyw1s|yLi`R2X;p0eue%(L)C}#1^>oX;7_a}k(}sBql;+# z!fNq5ZdcqS10-J>E$>SMlUEfj9ogVx5tRT_Z?68xK5<$*UR?C&Elv)H^S#_2&l6R3 zVAi*UcOlUz6riBVU{ylW8vAKayKuckfcRl7F*9s>IU^3PBhVx(nH^5kJ<=FTZcbbp zEVASsgC|4O(giXCzjeCa#54Wy_LaF`mn7|naGcu8ci(Vm8z#P;EEm2Esp+H9LUcQ` ze?0oSS0R|o|MKha(o=Bs?G)b!#x4&pZ#Vr9b$Ro=SOJGl3@xJr%ZHKw2k~>Aw)1GZ z**kGzp^5DJocCstm!OT*vvi;v@Z__(NWSdOed^2Yus7lJ&ab$MU1N>NzgizeDCK*K zkDIKntW;NkQZA~!{g&x{U%xGA?Xa5-WiX>h#Yc5v9ufgmw_b5(Zl%mF8q8%)az4Yy zV#mI3?&+>fP7Z-UTUY5;M*|h%3p(5Ulm%taNMVl7a2OqhqlmjZ=uAaoz(Tnd2HG+< z9Rgd19yxr=D@$C{gE*$nYFMkT?*!ukM{xwMynIuTa_>u507iqiC#_7CTxtJAYAn^=64)_Q{&rL4&dNdMfSX=CAwx}E1a z?cVXkN`|kV{yGqZ*Ri(x`j07)BcNr#XxIT+ciGY|c3x>&TsrsIL($Si1MoLtuLyG1 zvI;UozggD0ayTOG^KFz8e3(SNEaHDa*B&}yjUZJ5fOJL`)73ofdq;yP`#qCkEN7y} zk>W^g7)MU|S-5xKJ4X4mBcSNCs*cqQe!oEKu{Twr=wNt^vkOG5YXQ6hbXb)%6S)sx z2c+NcR8zkfv+Yb7L9Ll{e#r3x0@-}&O)NXGosyI zLHXte!#%3t>6kV8)n=N;&Wo&w*}F>-ER!9fKr9c9vbl4@szS~m4r@RWYv#Ua^xTyW1nrN2#@Mh1qiiy40Uo#?4T z7rq4Rq&@Md(T6*IJ$nqsH#=uj_)r(2b1k^xbK&g0e2t;mI;^-Q1ywN-;-5|UOw3ie zODSF^G3gD83)5Huup@HS&;ib68;g7t4B9wtZn}zIKQvfKRD}W{&d`5{UnzQ!jf!Hk z8y$J6?WwUh%+(_Hw?ZALn|zzSWB4!EMdtDHQw)iK7Rk_)bh)dz-*wijc~BOeZ2s)< zC~;J%h+)n-yB-{Ca`tCC6lUkWOa*Sn(4&Fx8v}(>$I9_Bt&&lP2@!RLn$=wgWd;r& znso$1{(yer*|OaAFPymo+}PUN#RF}nd54=I69Rh7>$9;Oi^4(LS+fyr1`rE?`8D|U z5^`L>!tBIsj{s~b!(R*W3m$oC3m84$C5q->kU&U$3n>sz;!~T3;I$Aes&7+!u{F_2 zlfv;eHC)#s6&S;AC?6C{H2>27pkf?MbdL>?DP%h!Owu1OJ*_J4DEVq*W(;xS#s)SXWZe=lim69-e*;U$>aJ83RH8nIZy5v-LJQqA? zKU%{u5#jp4TI=?Pm(W4lsEX-fDIuoG#XxC{FNvR{KEi`0$-V2_k{UsC^u`@Bu(CBV z0@OLkD#iJ!UjmfwsL5u9 zDxl`cz*wl>%t6}F#NujR1)}|{q_C;$bkq(eh-eGXO$|u`+VlGv9mvZjuV`_&ZhTa; z+)-Eb?EkxyGpViHg+QJ=m?QIo)Pn_wAZ*WHTPJkJLKg?fAJVUV0&ts&F^36D_+T6P zWt(v&ZsjG8GGgd1KQOY0Ivry~o|8_pWoGJVq(D zO%cs4dWPlo=#MWsh`|doDk<`aIswP9CfVd|t=-c)FYFaXJO~BecF7pb2DTZh{gLta z+Hfxwk7=MA_aM(*{D9L}rI(AdRQ}_K#5=0LccAV|#ZHs$_6hG^;^R^%jF+)8G8JX5 zgTZVOsYQ0@ifydH%raBELg;l`;||_<<20Z?J+o^iO%E%)D`4l5hq6AIc8MJxG$_Xf zyQjQ_e)1!)aj;m1<?NUfEpg8Chzid2 z-}zx_O>(7pb+E4>;3VJlwIu_XEzt!ejm9}c_D@;q8@Ta)z1MN6=L3ShAl}t!g^5HZ z;v1xU?=~u&k^D}0mcIOj2WVBQnpwlpAXpE<~j9dfeSFek_=Gy04! z*w6a;(@#3?LPZdMQT}V7CR|R9K!6VP!Cc zjZ5jvb6Iwi34LAzb#vn`K5+RxIQ7g#9=I&SG?HQN{|MGcY%NbQ?A}*T2cQ}yTlWkf zvTq`CW}KGuc>}mcA}FL~AygWyw+gdr=Tc2?4sTs{?=9OJ(RYX}#mJv?r5Muav8b8kg$ed7IAz%C*Q;@_oQ@M`-aCNwBG2&<`XQE#~T%RVF zDYeG#6z#>{wCH`Y2L$PsFG$p-{7!LII}ge#SGE$uX}GIA00_Zhof~Pmf4g8nu^o`} zHWBB|hWcijeMaKqoj;f)pQUo`WCn& zTnD1XTPq&%O&RFbTFO9SSoHergYt2@%w_uut3s}Wd+6)kl0<5*9LMQci~b%(bTOoK@GT^RDu!_eoX-7(wjqZ_ zq#Yqu4g9~@cmqegT91W|OcxWt9?GE-RMk3k=sy!y5;S6QhaSj&A!9OHy!rl*y+*%? z_@_;BqDQ(2k7*=L;@e}VhbBf-gz4I(6FbR=WJ8~9}1CZ0f?vV#cIx(yX znS3rCz$a-~q3T7eM=~+OwRtrP#LPXumN3qX2ux9&^@QB~ib-h@%IhewX$527IF3KC zyudd8dw$%aR-`j&43dg-uX5$i&Ur?|auV(~{TV+^FV#|n#x4uLODeWj`4;cXP%v>L zP-VVHVCvr29s+Udh6WV9d*~dIs5XqK`O+~5;~hN{fBec!FX^}7RGnjk;!x$L8knR; z#?9lL_T$_5evjyNfMk@Cp#~>>o?sc3BTfksXv$0f10garM;@DvqjCrNhCn<8`09W6 z3T_}NUPIPJ9WCx1%VoOr*iFLbSAMRTA;JExAbmc7_UBT@xe0jc^%KeV-7Q`!v|Yc< ztU^WY=EfC`=Z2Pvss>*aEQayUjkLWzUW+M{R`p7iU6IQ(VY#)Qc={K;(;KA^V9p`d zn#)U17Ec2?5(%W50l#FFtQ=UG(@aY;3e>dRp}-~G?HKvB&*_%M{v!W{s^7|{mmI&K zzEy&Mz!Gk;0BvwVaSd1@go6|(n9P0TxMRxRetMSJK0v7g5QrU$$SU~F`zA!Wi37#H zNiW7U)UaXN{ePhD2L7U-eX`UWBdOcJnRG+V>{@SUbJ#o8}<0X>rtbZ zR|V|;EWzSI(p$OiGQKPc3iAX6bL4MJs_RpCnmQ>1D#>EjgSOOk?QldOsYs(<%*I6y zdZNjJK}7T}Gh8(6FD(G(n!8`YI~!B_a8j$Y*Ufc?R2UOyf_sD+J+-Iq{qFcS=MA5n zP*NW_#ojZP%b?2~Chn&I-Nv)~RMlNYQi&P!*&jm`4zBz9Vb zM@-1I3fmW(@>ADn)P)4+(b`E5D3j5d7woXwoFJ#_c3Bj3KZm$}Q8R2m`M6S} zi=k)b0IW6q)GQRMfKv@z3WK7=2mHPQ%9iDNA4nMWEVngR6U)^sBzIlHoP7MnaRf3z znfDu4%x#ny*n^YmRY5cA5?RY|V}x@h2~22OC_)0-uTHdh>zGv*ILTW60myVgqeS&x zXmshPzcu#e6Q)4gOCS_~sAz;cvAFVb<~H3^Eh`3rx)umoPmd8JF?R&a)XO3(^_){r z>fvTjO9r%lt`Tm-Ms@sxH;}`6*>$Y~{Z2vc)-28Vu7NyC(jrK;Z=jxFX->`^pdi7EA~AkHNNg&eB)DuJExb@yXY)x?wESXdhlfU=I36XzyT^o2t_gc0{yrK;^noE(VQed^U*2pWcTCRZ= z$tj73F8W_BzU`!CzFrVQ_t%93xF{utv2;BB4mXkFss!Qlkcs_Sr=Uh!QV3O1ksCmz z`WD$(Oh^YR3TBewcpcY!%}`iX&`+R^n({=6^J93zu-^uNP$EgX+&s99l6oKw@WWn2 zIP_Ci7h>}ec5|4$9JH%*T*+qH5UntJF}l2Um@W3_<5>+Y35khcZXQrKm3E`9+h=eW zoaQ#qVwR%Z+GnvpvQYaxun{^_t9$cG;75?9U68l{An{RN@^@O?y7i-M8jtjKiVXWj zCNP@-oZza-%2BUuw%grHy#EmE7W3pl+Q@6#_?|QQCU2pU{>)3%6H^xB4ND1XK{4Vrk`0rdv`aFeB|oNZOI*pqy~=HK{#})W2zYtmU4N z5*Tv9V9@=>zvO+{fQ!D|&}q&lMdcr`&?yXrV^Xvf%FpWWGnHpy&D6rxAOEjgUGSCS zQjlR{x)sQBza3@RN%jF*Q}x_Gq6~djgI;xB26jT2k;5nK0}WW8yjk=Gusn8>JY~d; z&;pbHO0t_--^kiF?{!oOxiXS@K!h!5N@0dthXcubeEULW~w zoEII?`k5>_iC`pg2%VUb{!M`#Gr^;?m2pt9ld6u#zsM8MLD8PEgK@&frg;rF-xxHgBmiwSPLqip8RyyTsn?_+kX;Jfor@U!x zD8=e{x$(0O8Gkimj1jL7q3(hq2KD=xfONt0^;J<@mz#1sLqSTvEg(|;T48hWp{}Uy zjqzPo68+h19ZD&-KaHHEKU^a}qsco^=fp2$Ud@4uP zh!~gVRSVRDJkc)G=1tfzpe{R zN~%wjq3nqlX?YgtVb9jInK1+5M0)cVLZ<$eiw zsoTMMMNz5S%VIeFP}zxQ7zOavgO`Pg15?{B9S39J&_Hh44T149D}1+ehN{zRE(4UK zjHAu@>~$Di5CZb$uLkC$X3Cb!xaTdjk3*(X7m4STYlGlyy9Lt6y^($s${TVJ^)*{= zv0d5x4W&iiAn6sQ^+;K})IsXurw^J94|o zQ$IZ`0f)|co#Q2KJp_T4LZHMOs+PS2S&Kp2_j51wd~=(kgXnUeh(h_$Tt4`-4eZ=) z)}LciU%RI)9EjFK*CS4y)0J-eXS(EZ6-g73r$bIEcZ#UCcgklg5-Eu-x zp(=!7xuHwb2#{p{!l;D4IOf*+Lf#?HjRh(M6S=8q1(ACN=v(~77A!X-yHP`mg>IoD z2lku?$W&JE4vGpsAKVT}{}P`(iW^yA&d+Oq0heoiv_@pq#jqmE&*ddxYnEint>zaH zI+zMae5jMdZ(0ct305ebqL~;5THqD7o>njKM&ED?PXE!u5Y#3Pv!uMJ>fcMZ@eY># z0dUHPmBKzY?xmG8uJVLcQwQ2+j;i%KBbh+YAPl+yurlEOlv-AtPXsTJpGbto3fd_` z5&dAc05$}*mxlk*tJEfhD!|e$YH`TeWun_Nnwx?J2LwIvr{%7f@OHW3 zYX>k{xL^t?NLrdjt&)2yP>OyTV??zgu;(K_pAXn~#_}gvTelF}W3FgfZRc=vA+Ncd z7e-~)U)btC?OLk=xzCcp91j8~7)YADRAp~dz^Cj6+9svoB{uj!sVA1-(6r!=PLNAD zpGfthHF6-HpT8#IW6!pd2q5;f7mz6TE)d83$fgpcO$rBX(*vd;hg_1hxtvM-<*tke zMUvLs?xe=Z%&J-CL_+izF-xyimL;~SXdRtP?<&*IB0<&fhMfHFX=%76A*Z@cCmG&w z+u#Gh$mU5)!e*PH!PN{1uzm-Mul18D5Y2I0tdtoC+*5(30FdSFqq!1@WNJRnKlSaC z$0%`FloSA}ED8|HlBp4Q6+9X_?$RE2Uw&OE5g?ufz)#^Pv9mKAbW7)$fWvZHMX0hb z|ER_CAK$mnn{u0n2ere_Y?u&`94tB++vv*qGy0#_MCL-7TUZ6%;EjtU>+LqD^_?vW z1IQ`$zKPZ9D;iISlmK~^YGEvvFO0}-sCrr$G-LEWH~hK&eI0_QqEjbW)cyE@X4nT1c}D?R zZ~S*^m=CJ6@P)&Ggpx`nWMfC@VR@*>m7_h8(+r<-1`Nn}4dDo}E3qVJ+81*@0PykF z{6v==9%xM;zst;tQRWFaeFHxNwSqs$a}%iy(t~dzY9&(77Mo*{S%mN)N=prKlAhrD zS!m}#utu3%_82L0prK_pkES3j-lF?jvPxUsqDVOa!5z4w(eKaB`qXf-=w+0#-onc` z${{|=fnTsrNfjPN)lnxFKyO~TAuW1Ggi#Y%TMaBh?#|Hp*j!X>@_NJv+%1%Szi`(e z!AnJ?bzP%3asUkdbAJMIbv_%E4jw@Gn@XRWPJFwV6ttz!vLMO{*)t2*I*`N+H%V>g z86axKcy)MHa!+&Bg`JoAX|DQ{g_7uoAB0FuN9E?EOa)q0+$Ql%AUX6t0w9eljQoo=!w$bMtm91I&do=KzkIesb%d0r3(NnCaClAT(GVJ``Nj@ql~e! z8bu-6a?0*l#hH-`;3wMPW8=zNk%G$$Akzj`_&RBCT-0HFV*vMADVvU_EoOlWYb!fG z0SkB#)u%RZ?knsrM;Sj1oRgPT8iQn)wl-R2a2-@toYa*pmK=KZF!5iH z38Rv~t-M95lbOM;h)77+Z2x60b;|Xc;*TGvvw&;?e1ah_YkdqNsoo&VINsWs?tdwN zWK%<904~3;mH)Wz(l}iO}!CM1^z~9r>qC0P{pLAV~Y%bbfk66u`KPs zX9RXsBPz!7{7z0FxJPvw30*yUZ9z8kQ0C9vBsg6$`b@*Ie)R<_9PK%_Y0_h+{aVzhL&m~ z`T#dsJjs&Uld=Ii)k%WG@;1V^pKOl>8freLBUtunWh;evNGmlNZz$6YGF^`o5%k|{0v3tE&h6UG_1vBvXC{7WNQJbVxMy|2Q_$2 zMt@gsvDi!q3UjqC2iT)7Nh%$RHY|`ujTgrDy>n@~819@l<5lFt=84kB73}b82dW;U zEsjJ%T=?L|&z9+C?aiGuY}u+7&lG@*h|w>-z>>G)*`$Y?Rx0c-@(Gjzz%$sb@NiLv zf3t}p2+q8|RD8z9FFggQE1S@KL_@ucN8bBS{MmB!bqT?ZpT1DXUq4~e?Vg4fIrdw7 z+m>MfC^eWkk2+N>Y7Ceu)<@)_f+tVI{n9XEWmSQEIIOeL;p8^m;wJZ5&R#?Qq0@r1 zY62HhLy@HsSfLY2=b9xlzTwa zv0Y@D*L5qMc(#&Ue78t%N2hB0Q~h!LJ!&gpnDO_=JJztImo-P(_fbQEY+>xTLKtj7 zmb!9Bb`Mc?>E3i(kEb|KEG%LDpQ{Q84?HQYR2>tyvYUYJ=&A{;4(p#m?6l9Jd4j4l z%5=p=pl2BTPRUIi=4mabp%*_t4U~V)m42Po|A+IpV8nrh{O;pgE-_e?xhyAg-@A1c zM3lHd(ttH4W2V9soCG`i+jECf0%Z{@yOgQ7%K3tRxW~5i0*>b~5#TT}e&9R+Gt?%t zU!tu?5J$ZXDFk6*k}`q^u*#Mfn6nr=L7ni|ik?zbtV{iwzhT7zNz}!!2#F!n0mRs? z2=Ur@8#)`Q%t^gd&m0roG7fKAuKN?KEiR+z->Rt$vQt}hlMR{DtQpp(Cv~`E zBoEBTvd>FGL72v;CHbvI3fC=Slp3>$foAlCT^xNhQFv1cT1L&`&PD2|u(}WDF3n;D zO#EQ`9{Jb7S|w%%AL-!%B`EnD8BlM&y%INTQrNgoy#y90I;P8APQ+AcwvT#Z=GD=q zjyC}rRP~S`mk87glvRltBTcpm*UR($0h}||->BwCnX+92xhTenW9)8oO8nApg67bg zgX_aW5RjMlbwXrS!u*ajAP`n)9*eEsy}ozhA9@84mVDvVMhC+RVq={$?p$^vK6?j8 zn8+8t#$8Max4IWcwo71Yo;a|vEa%0t1&w|z{*sBmVA<1_S`!f}P~yPA8JX?XH@Zi) z*>5m)0T*#k8ZMU?H$!EFoyq0%tQBSgZCd0w<1g^wv~(y)a?X`NBq_XzELE{*bHkBR zsXI)>B;Mi}6RQx3N({~gP&?;4H;hie4GJ$*zrS|R!;dJcKj)p*L6J8NFDQNS5WbM2 zadQE9+9ne3rd>OccWprzU(uHOx#duwjn* zH~cz{NdwSJvks?rbC714f^ z>o=$=a)tdj$Mv7Qx>4VZNUiE1!=6O(Fk^lKZFR|$pVOpq!S}0uC(IA4r-0~yLh!{` zU`b}Bt*7n{;yF6;G-Q;ObQRf}5C0YRw!OhLJW=_`VAYDl9?`;bvC!kOOxsjuRjn)_ zL!1Ocs^24d@mq)b<`kf}7{l!^Pv7$)%J4g1SX7kAiaz6CPz;h?zAe=J35Q1+Lhq&pcq_vxTqw}+H) zHjAvyC`$ku4}TwQmWkAyLYVL2Bgm31{Zn5qVl3a{S!*I5IsWgRqzIE{jH6WE1>jGz zT`PKtK6Cq_q+?N03{@BIk)*FiP|?n*Ya2|%>9j*S#ot{s=$=_Iv@jz?FKwTLTF^Sv zhy-DjS^8`9p=O0!rq^DsNn;70#3yx7oKqDAF+Q5#z4!)|siHTY6&u)haZIH>4}76u zxl1tidwf_RvlwVEst{QC;A$+D8J=Ph+2B*|3Ou;&miS^Nf1>-*Te9iH1P~0`jnyQe z%ciLECleS2*<=%(xY%h&-yfmYzNmE8P7G%Py0Cw)@?z1SXWOY5;J>Uo1}-7p7i6$Q z|3%hil>)$qat6=b!W{~N!64@HVhMiC!JabEYrPcHY=0Qt9<@LfaeqO)1PO`L8DD_G z<34+8pIV#BQ0%)(s9e>JQv@?m?sfimj3EplU~<+P<$b9N6R6;yg$h^Faph5Sldsf(F(-q^yW zz^+mEs4AWb7|bIf)X&Zf8)QG>w|^osR+8@3ilC1HXBo( zqBCfz7B>a(4kvN$9KGu6@?LHs^`CQFnZhPLx`1zv`h^&ONnOFZk%hXIQT7% zYCHd%fgu|~sx?G#!EU*1a$m|jHogR$v%&B{+|$w;k+9 zC>n;|JG6+u_XZa+aL^^$H;fQfpk@w8Y-|^0oCMzZD2an>a2PpsafmuZ7=Ks=OZ0A7 zgF0`v?o3m57Q?zXq(xRwkD;1IFh52fDfxQoc9=1ekfTS$I_JNDKXQUTMg~mL@`ETB zCoLQnpBE1Ts;CJW2zs^j6^mQV4a+XAavMMDkIoEG*rG_P;eZFR#_y7Q{I<|JXc=#O1`-gPE_WhQ zl%eZJs5o+P$P2LBtXw4Wp?05lA}A}vL!<7iJGl?SYnY8fFtn!2WU4FcYZ?9;C8E}- z*1o=BR~nc8)PMN!_hy9IUvs^29BxNgK`lP*GYSjP1Y^QimGUDsm~=0jjYWQ=JNQzG z4DJ3a6f(*DIjiGz)1;B_4c(m#cW8YO!bq40VoNz(f;wySlE^jmpP1ODtIR+kDPRL3 z?k~x)cf_1DCOVYsnG8b2y>A)IenUiQbTdfGTvecX=PE+2LrCb%^LCj*Pf<_&qQRMb zW)EjZ3nzs}GKHPXeobV2hFG{f)Y8_`z*zwda5u|pwE16I+98a%EVK>#Y4DS}FhPrW zwU1q!n4NK{_`4iWVnP)^HBA6as3SS-w|G-rMKR;V-O)1(bddDVUs_48kjiR4mH;ax z8QZ1|zr8h^PFOt(;PtIMdCo|+TYpo6jEU0YARBtSl&np1EXaoG+db?2RxrT6ANu4bOWkpFyhIr$Tkx_w6U8Q@7X|Hk0kkUvfsuU zW1+XcQUTi3Uzw&mYP?`4-PL>Iupiwn5t9$8i#VQDXy$MaNtF~`)uu<%s6w{6ex&4<=HwU&P=-3gq zz+2)pKzE_B&%kh0^|F;?@N$-oph!_P_WFJ*RX>IF>U!_cdlxKbm4s6wu+;IQa)txI zP$l%OYNWSc+`1sGN)xf|I@0H0%_pa~y_!VSJbqwSv|2by;M&vph{bdRRr1zRu0u*x zJgV~x>f@o_QY;BlaQmj{cG~^sN4Rfxuc(`Ut|Fdm6&P55L5rz~NRr2K8y(bHFLF1L zpih<4@!1X>kjk##9unxD5>y>fM)RsQ8iXyAxpJLB0lP0cVH(gCuh*U!z*{?QUZn9l z?n}mDHjBh?R^JRdb#EJ8+E3T9^O$ZV97bg-clUx1vRlRhkFjk?HkRAAqO7CiZ;%aY zn#rQ?ot8tBucOY@Z~t5xH`R=j8RMve>UabLF<@p(Q-CO%a6H}tY9^$GDrR7n5Pehr z_eFw=?Y`Le#KDDKuCOnUm5aqIS|%A=Sgb(9FXEn0@IbH$y4+dS~AJ{Y#B1fei@uTaTnc7kR=v$1mJNt*)p|>F8VuzFVr&X21|?J@uSKp?!IiQ+9Upe>-neLJVJuf1f5L_ ztanpfIbC_OW%724=!QPl7u)p~F3*jL;xQ~gpNxp)C_vNVJ&K|9VRjoY6TQkJ!|=+o zs5LEgWIe}&mLu7ErB8sH-HsgdZI@oo$i-AKxFj>1Ik;+k<2+7%4Kb=VAwlLC#h(l# z9iky}1bY~3mG+X@)SYWqkEJpe2`LzDJ-bY&OZsxmvWOl4z!Wx;>1<&sFH|qDg`&aX zC+-k)iZoK{x&m{^>;)6l!RQ8;oa<9`51;!(!XO?_Z5l61_1m(o>~kTf`8xR)*&oEU z3r>Qod2+1T>wYePCanuwK;2L!PUxhn;)+-wl?KsB<>N8@^tZRw$Npxu>D(OsaI2dM z^%55g2y)~ueQ^w7r^a0U9v%%)#Do_#!qr-#CjGaSwI+7a2Y0E%$sPARSJ zbnM+{9zZXRbK_<=T_j@?w)i;Ki~t-k_lcew{0A#*!7qTi@mwhrD4>I30NgW3(2|-q)eZd&|#UbVyoLF`w*1e-rV;1Sn69LnaS0+NsO9OW$ywGsx28R$HXlM{d%KM&#=*Du3V=pB#Q6$ z$Ynnb6$=@eSM5BbvAw<9!ox2D^COxLR)f6T`*-wv6CFPjaN*T-;ni9FEu!Evj06NZ z&58N%Wd9wlDVB_I&vc#PrjSv}b)tpB1g!BO+RA@+;p>DxKWfp?W?*yi!~bCv{%A5% zFyXdO*(KNz(qc{jIsb-wIItZDRNk)*jY5s>>qIW^~DMYwD^>B z$c!WF<^5)N56Ofd-RsMK#^;&qp_u2@`XC*MpdcUY0I}NY@)S?WH!ereF4)V19YThy z-_^O}i_@o;O3F+4zD%2LT*)c)b?_kty)0TQ?Iov$|p3=+lJCb%2F5p(XK1gk+ z9NH$Q-jX48qA2qooNU{EQc!z0g?+J`9kU}0+d5kmc>R>x9x=L5Q8SapszL`@Y(Ij0nXRgom$XQdvr^=lO{E0n^ z3WL7Zw54HKw1}jjkxr*jgMMF=UE?thKg?EYF-;>7I;@XeKtKw2){!$KVvc62AIOWN zgU@70^TqH0RG4*le<_ERh74ur9S7)4_L=}t@-cG8B?wb`)kR|F$QMDE8IB-jI}wkx z;?=)s015z`^~DiY9BDwv>S&SAmT|qWrcqG%OA{B9z!sR(Dfx zkJfuKE1QB^oNyT0~gaKUYh>FXSWFZ01-ibzh4=ZRoukMZ>CQ| zN&j4z9`9kyCOMLC_-k6L%9^a+G+^2z|LUBx#>_6|?iNg1|y|SN%`ams>t(P~A%z4GX&?9c0BPnsCuR zv8kd$H!j)v=-@y)u5nhj31}lHUrebZ#(wxlF8OaFB>o&@bs#X=838xB7iru(imL<{ z(yi`XRE<(vv&r?PqCKXyFvooE|L!>K#qZ{c!pm9j=01_CtAFEyCM48NrAzLYG0NGW z?7sn`qIGj2elNFkU@O?(t%`y>)5TXijb9Kh&c6@rt{>|C;+y38LRboZnLEt_1zX^_ z@#J*fNfw<^0!J{!LZocYFs#ZzrFn{B3Nu{J7-E4{pDpZGyW78&*$VE{_%r(5$nmG_ zx&}Z1eJo4Pr2hfJQLE5yoa(2dV2JG_UDnpN-jbS|v^m31BcsI}i>~xMVF(3vLBT^D zLEjD(j3f~KzcVq~taRv0hCcbGTCHAO{Zlq`EvH97;SBT2pKZ{x*fv2zMXvn43@DaZ zZl5uzBylMtuD>SMnbMFv=yFUS18VSp*sRGhI)T;W%nOysO1TUWr^w8#o;Dc2`qK>i z=;HQH*%|6iN9BMgXc7Yl^lf%2$Emc35Q}AbvbM8rn>G?#0oJt*qYWXjnMRNW^u52O z7p6o!Xaxx5IUl&TPb)mm;-6$NIoVBITt~}l*MGTq+g}AcRJfc0l9tV#n*V~IgJato16XM-1m)dK0T*cEktgkA4{r|O zGJQTs;90w{>z$GR;~N5EsuB-Nj3jP;=3BVc7v?-C&haj$@!I$7A#?a(@u`h8x2vwa zDkqC`PVh`gA@(liL!!@ce*`S2S0)k@zl25_l!9e#Qr&C5)id3ehT;D0E*q6FkN-SS zTdb4n%#PamsQEBotRc=AwdA@-Cuu|N?@iV$C!H^V_6_HIRh!#n3GWS+(tzVTj7eec z_@n$`CbWXBYr~^)1|WV8qbw*^uYehB1X^+vp@e!Xi zy01FmfZ-d~T@Nl-=v&Q^-Us-L>#DN&fmv$P;w13+aesPD zzSw=}+zxn(<}$nDKR3|Yak1r`q930gcdo|y_?UitK-SLD<+;#SRGfc5w@mYe9?W;Q zhpG3a2-F5&SfpTIEvW8ZaRh*v$VwmvVkhJyyl6Yp$SL8#rs_1CpZ*om%3891xuMrZ z8>X-x0}7IFSq9Oqx~~6;ui)t{+W^UyV zz4*I-5AHGqoeiMd)!ukugz=29W=p#JyPT}pn&Xp$9u-4jy!}&__|=s?E7)QWt$DE) z0R4?z5ZP{xG5m&)Yf4@aeA2S;q$SB?RzQS>k?rV*j02yCIM3xipH-wfe=jTqUs{63 zC)zAzaC zQ4|Rp)ASM4CA(jFNFF`GX742121E8dlTG~M^8}MuY=QPF7Zk0N^8l4wNWx0j)VG!4 zjmIM7-ETRChdyvOD~fz>>3tIqav<;^rdHWuY07w1hD2UNa`+stsZ7^F)4kc(xl1yzmo(^{Fo~g}j#cBxgmz;nGfS1r!eLa*m0cBS@Z20)^&t zXh{osP!4b{h^K9LqY!hEoel`yyBa!4OaF!`W!S&VFxN;%;hQ}TSp@Mll8<>l`8a^) zX@(jJ&gKE)wThI{*aM`JE7I#7lx)Wx@A{CC!C63VeqW(w>G(7dy{r#9C*m#~K-D;M zlov=tYw~bbQ{p$e_s;8YMhquAcH!r`nqLSQ^Y)&LXCXa=fL}qJmbiszzErZr??KARksRH$D!eL9U@HMG=~?5ihMR=g+f; zUoDL26X6DeS#nv+tht5AK>BGFTL{v7@jyc#=IQ54{jrmBkFgGXBrM6+7RansSUIMb z_U`5Wcjn@zT6~7NJrB_8x{ywLRB5;^r-n`a99{tXx03|O10dJ^`Zm(prx0I-0A}); z+Fob|wt+)_UVQ*+i^pAL+hjgx%|g|;F0;zf9^W}+gpOVa7MwBmdi|H< z2?^IS!JmVs=d7O%KRy+S>Ly9zS}5XH)zQqG^}E%v*kjj&FCWmNvm3SEMiz&u6)b+2 z!VFRB4y{dLDImXlbKyStcTM{)z>f1U4N@O{FD4Ga$T0w zHBi6AaEs1^$IhuHMJFNx)H8;hI^QXsTnKwA10!$^h?}zAU@ht+3!bV2Fm?XGLOB z@MFt@N`3sTdFlphv?;usYqFiQ>&$Tl$^7lNy~XYkr0qPMQoS#u1VU(RCb-s(G(mYM z9P%>Q)1r#y?rEQ4P-JzM`*c6_r$$4pkBJKMlk;ErxJWpxT@c&XX)PFtEp4BSvaU!} zFX%ilcJ)<-LC4hQ_=&g?D@7NKju28A9$$~O4`^Q~y;%TSvc ziHAueC{%m+=`1}rtk+#g6|6LlcPDAGY@Qnw%UM)-kKL7lyFA&{6n1&#>tuD$%ojNu zAC-PZ@~B4@l;XiaotsKsbCOOc`h}T5@U7XtlW`|Q`fCFpPy{aHj^}w;`0r(ELR0r|X@(iZ;1#$e74Fj+*SOe_iJ017OW+~7?11pm7u=m3G8WIG=)ULjYDVh>si z(8C!*8X_U9a`eSo``4pqPnt|=sR2SGr3_>irnr=@VJ(a!+f=m7zD#3Fu&J5cfXRU zQql4aKup7u#!!-6a)H(x(d>ZF-&x~y&RrEEZ~ei#gqRg0y-)u`B`c`&-n1hxH8H3& zW^8SWniJrlv6a1`2i{ z#0(gA`(*xM%Bzp`3Z<=l8pP4ID6zqg=wI1wn%!P<(>Q8ZXPa#=0w*6TjzDbTZ(fpz zTdxnCmx9{mbqqO{Hc%(UWhgJwRx$n=LHUu3K8dH<0|GyRa!vZ{EJsx0VnzYCwuD4?G`x7K$>?o zy@it&SRsi>Ejj(enwG^6m<$@OWi!ds2T zI7msh3YfCVdxcxJk|77A3)QcfqK2WVd+9%pDC6vsq;4d(%ng?emo9@DPsBC;<{{TV z5b;YfyTUChoe)N=;Hrz+SA^j$>q7iSeMz%HcXCZNL zR}^f>u|ocpz^yXGe~%etnPHT5&_AzF%18Z6g%E9Sat}K{zfz@8r;Td=DvDowmL6dt z*h&Nz^AvWL5La1>u$Y*f+9O6aXX%Ms2DqyLbqD8_+E;Q4d?Lg+S!WhXd?eCOBM07U z?d6C^4+VOLi_PYS%1`5?DYfJTxtmy>Bv<(c*<$qtv>xcr?aREN;^fAV{u^F|LIm9m z6zmD3p-hhTPQdPbbQiYM1lCc&@_3zyDQ=3YLIQr;@>LH+IY^jiLCwAe>5GLzcq_-l zx7_|~fxdOa2?tNa%t>hIe84sWleYW3M2L|%8RzIvJ#A71*)}_2=i1XmC`u-`$rlqP zpi~n7ML`}Q()>cWK8{a5h{vbar^_5Wh}}Gb%TPk9V_BE_m_`NU1C7g)Dq`xtYIN z3dwVKN9HO9xG5UWg)n(qTt`?Z?bHJ{vHiZp!r)u1bVIZ3mmB3fnnnofNaS0zlc}!~ z)oZgX5;Pm;2q`{002O)4Ce?*3B8%y1cAHhPgU36CWE#M26Zs)_S0EKwBDw0rIHU_tVTdYiOmSk`VvZklykbV}(j}iVM5taL za5LC?5^w@lKWrflm(2=c4>C0(Hl`!YG8T@W@6+F|?J&(G-s1`&p^9)vcZ1225&Lmwu1abff_}B1apI8kNZjE+!VZlbI}3XvyQnSWYnbi zOChV)!+G0D65vDq4vXJ{eL$bN_nq28bLwJfl+2eRNngf%)Lff3@YqO(xam1}~ z{+cbIi<^k6fQoc!Off&O<_Pji&5PKzNth4x>ja5>Y_{EwXagKH``QeAu$678l+T~p zdu^OWJs8WZH|~b#)1Zp#e%3w74O;y$Z!H(0NtXg z&y_7oZom~s^K-!dv3j29$nFJwMIxL2IE{>+RE++9-G!&A>A7^p7YDLn48G4aWP`!X#iO|8Z6SqO>)=ZD6(m%ja zng8n=8$%U+u-K{BMdO>hL7cNrxHn2fZ*zAm#QXIA-y1tDS^k@3%`$C}LkxYU$yy*h zC`UFWs9cqr%>%tXHb$p>hNZnf$_Enp%%oJMBBz>rsh3eDnvK5iL6r}4KYeSmxq1rW zp||>zThaMY3*<$(^BNE%fGbRts0J3P&Te+`j58K_U|vZmo7GDPh!-&s6Hub4vgXQO zDiYsljJ#ibjK7|fKDl!{$XMRTYcrT~^*N&l3IW;{5S9eAbh&k9*#$3DJMo(hsN1-1tTPFhpBymHdc zU)ihQ4hEHlq+Wg?*K(8RX4LKmw7JKLwHks~iFxC8e0OGFA2u5EP6=ZD#W)nyq`>xH zW10vqDK&c6f$Kne<$$t=Kg=xCnWf=T4hiD3q=Db+YPaKow_z!=Cj zyU;)U%OMZ7#;B z##77`YH`g&uL;@ano3&WA z(N#bkPc5?ez!>RS20S!z{WqQTK(9$zU%HS<%3i2p)w3CT5?_nlz;1)3r(447YTAv% z0US1_T<`&S83xZ1E*ugqf^FWbNE!{X72W>KmUdj0n@|7qOc4V(BsTcd1BLJ>m%Dp)SM1uLEm_b=h zpSh*zwPr1}R7w54uB) zkFJN2#U|_Qk`B(_m~)(0Q|F|&i5Kj^r<;(Ts;m;N9D1g-#mZyPvm@3xj&ik)$m(t} zYgOb6*WuP|g&Yojr`7TPc5;5BhpPSL9|pVbz6Hf>`u*JYOx#}>=_xpUR_?cqV8#s6 z$d{&=G)gM$5Q*Yo@vZcB$8FVHDc8|+6JgxiBrYve#WWCg9aLW?Y3=WID`{xPgaoH| zb!MW^{421!uM3#Xl^6aW$982ahyRn;YK4ojNX3lPrFmli=DtA;-@(LS3){~&@BUx~ zSA#L@m|-bsXT|L3f5{Xu5$803z+Y3<-3?VH?Ty5W-clazemjzB~C(QGKd+IB>Q_>77qa-VlAq*Lyyp$AIn8_Q! zV4IWqDjJu#V!7vgnIGA^JqA}$c)?xjs!qM?PUebj2v*E~`6z zza3T87KoLSYwc0f);O9XI0+6OIl|1u>EbdP31d+XO(i22a zZHgvA=Q(4;WTna$1sDw`Yc(AKTO!fBz5=m5ds%~1wx-AJmcd&LGSt7e*knt_|%^Y6+nlU z6zw}Nt_KO!G2gKl<>AqRZ)#R7cp3lS7fa2a#a{cP8=%(q!AHcJPW8G`{cxy^x}dhb zMaMa{eH-=L3R;T4pXL%FnP9^B5mSw4RwQF!wZo$7?@R%oZ8;2k8mAZ62s0j7skTWK zyweU0Y@l*unJAbrJ$&%FqiNA?JKItG6#NX2ds{)^2EE8HSVD>8j+R_wcugDgUc;N> z1|pOKkuX57wR6WMk5PRcEZf1%G2f4e%xGWdV2*S)8s@b@BbWgXlQA*rXjERPssXdB1GG78znyAww6J9N1G1{is&Zln{Vt z=&4(pL;v8 zqV&rBfg&dPr_N*i@&&Cq-1O--cu|*5U$O9_JysHJ;)a?}m#I?fEJTTTE>yBZdBjR3 zEPBJ}1#cA+o7o8Vj3>`B1*(>7uO!!WKBmg0eY_`k6*pQ^K(!|j^LGht<8nbKR}YQr z_nS=L387W(&skCq?fk6AVM>$PJ^85m=I>*`x_kSYe8fxR0Rc^bJA_ISudXal$iLYv zJ}Y)rvmR2rs~`AChS9RgBkZY@RaxWXEO`ILr;`4lMIPnn*)PN`PPPXD4%xA}beAiC zCWbbrig4vRYjqU|r_Ac6reBEaFZXY4`zXibK#jf)-t}ADOlqz;aF9%`?TDM|jeM4~ z4Z8%=HA$f(X)EOMquiSXo`vm5*Eb>wim`lQb9w#mV19Y~VcE89|Cn1>^ z8LP3Pbm;0X)@i!L@7K=R?4enE^cB!`J}HxV^Ib;$ zk1Z%k281adzB?LgDvhwRE_+@uObgRT)S5>Jt}>xvh8h}*6n~Rwx8?#Z{hiY4(jNs0RrDEE5r`K2LCJS_0x3>5 zbybIgP=fQhepXGT@VRz}E&IB7LT@f02%*IT2m$KtjpKf_dfo#x4U`%_Mx}jPU<0}` z+nlJoE3%@g*!JjN z|8TD*bgT$sEjh&Jj)JGA{K=4HQTP{aU8%h>F9;czE^m2`JETES{VV`n694VWKkW{~JlYEmbWR*QTNl8nXQQCV4<#MXQ%MZ06D`h#0Q!Q-R&Rwu% zmrn?Gqsqk`wqC>G!Pa0z!9?s8NB9dZA_kOIEx9@jEa=q&|F1dpi zCvLWk50?84KrGH{Z#C{zYJFI2Fg2zKSb(l1JU%<*I}mjwld@a=4(p5olWlCM5qmz` zno~83>f`F9jDA?lM<>h|*myflz-bopoL!%q3wiXY1V4ts zv(lRu^mcY?8ROU5c!vv4q_-1BRko#gz?`v|#r}~>C<|^YO&~ZaI#G*8Ms%<<03dv4 zw;ufs|En!CHy7EKA^9B$pG(G+n{NAie=6vL-lgwGvZgWe1fL$Yc%*+jpmcPImHF}> z^wc2HpgZvK8<5eHOga_K3pV+Z#V0OXa`vvRXANx+DrnyDAr5y{{!k9{<)w~g+)ept zm?SMxVWRsaSG!mmqk^>FK)3cD$^i{Ns@+FyDOYNW@HTS9p~;P`a|Qn*aR1-5>lM@Y z5*%5TFfS3pp--mnKMn^^MFMl0e!`GEbN~MZZxLe4EjAD+2@<^f_u*H5`sFy^bD)SR zjvJKFK9l__ViMu1HRy}H_<8I!XSNv4ViikjUi}qKNeF}U*iW-B%kkFeJ3g20a0smt z$Jcaoous$H)it6jYh`>fI=hcpPU_M?jn!i_1G`{pd17o8~1?TvB*2 zw_`O@(9x4t$}u+1Hoqj^f-s@`FYh|78Iq>Hk~~ z)~#ep+#x_~XXR$W8xHDGCD|QA?b6M29o}*YKlB5w6?f=+A0$i7qA36S5XQRH- zha_B8af67mb$Lw?4EnB+e{|4b&BxDR(UxXPJp7*S>>SkJk-+=FV( zSaQKAtz7ubBAGkGu?FE=9(S#$&+BlBMR2dSCMc@|*AqDB0kX$ztrT^2HOu+xibC`6 zfk8Hfqj$tdfgnSw;}cZv@@gPV9bJVMXA8(&rTqFqX-#QNH*H4BWLqqB{80uE4Hi;( zCfv_x-mo_A#DkD#SU7TpexvQyy0P^ZcdYR}K2-~JBIDp=n~ku$$$;DMbSD;~~Xq)o@rtlMovV%0%O z&;Ux(sX(EA4*~mWShZyi}XooiPpqW85+sp~`gg8+$E4gS;>tzyh}K0zWtZU_a1Mbr^D_Q-db2lrfCS z>$C19;c4+b6lXY1tgYeNc>Q9}Rq7BR;M(7AMYr54Z`X;+K6)qH&l&tg(5K^&(4ZsgkyYy52kN*A)m3hPOXPn&3>QD z&g}zTNyF0&0o)Xq_=ZPRfu_V_0Vn@bpE`34W5+*u zDy%Xk8rB*PN5UwQ%tpMr{+2jSs7d4RHZzMiHQyvO_Z$>{p1M7JaL?^0&2z1?o{m#a zx=zBJp=)#`0s5J8WD%oAbJ-9-Eq2@lKP2L5-M={uNI0EFKsXAU>W(E7!?A1@5$w zn7~4heOfC70(h0gLKv$lx5q0&PFfIZf*_b~@Y;DsC}1#({7ID;cyb23NZFE&;zW04 zsyUSOGExdS^zyHG-_rll*p=OtM8vY7^$D$z%zwC$*r(CD3D~LP9UPRJ)4VlIZo|*& zxC7=93Uwhob=q}Tt52$V#a3!XzL{L@=NCSEUxOPYdW!Sz5)uqiUkew_oYP1FEqOId zSks$V;>E`t*Kl>qFvjcv8JoY&L&IUs)G@zq%IbGgj+Lz_-5>h3%jR|_u=?OL(~5W) zWaG(y9qT@T_Oc94W1rIfy$pPR=2Ao>)XLt#??{N?!XHUGp9(?bfu0rRG-08;w_8h$ z#hdO^K`US`nMt)a<9+B^>9^gVqZTl5`^4#G6L!jMm2ZTXB1AWLCAgJU1dzn$fVaoo zE-{z%&2=2$B-;T^t0*P<{#s&n762j!PgaX5;!VZy@&yq_O2v9*SV;D1%eEnc_y^;F zL9tG<_X2kN*TgW;!UybRAzo{9dMge49P!e1oh2!m_V$Jl`h;NitweX=11g zO-gWVW2PlyPrq-(^KW+oDlu@_bnvNufK(mt%GTp(xirH$_Z-!w?y`gMG`ZCOr9F+G z*1?jqXd@-W+M)+8Jo{XZXi08nKiW5~$j1(xv0tx>RMnv{{XNhQ%IuH_$}(LvC2HLA zM(m5H=M>B-Lks8@-7(U36s1LCh#815$o$NXAb|vA^zYDKTs6AzeT{e zMDX5R6#9vUHA->e;u&X9S!{T)y$wINBE|2FZLG+=FueB~+P)N6HpA`qzWZ-?|zm1`W z8-4-Us{9t0Kq6zLj|+Y0XGbhTY?qI_MsVd6ORDFH9gz^$C}tV!$^8)ZUti5(n(_m( zNl)TuwIq0Bdi1-?+!{+d15y-4%%y{WdoLb5)-*84DxPQ|F6~6t@F63SyspnROd|;o z1(95d%m8U(Wx8Z2rYoClK?g2M2veVjziOWu%hPuVAO>91sIt%mb;yKlYMGU1dgNqx z=B&1RV?=vBBDYumpP)*>27(waHEw=G(|TYfv$IkjBEM zFtVZurm1I>E?Wxz@X`w-3)o`hTRwi ztjJ&-r0TnoLZ_8Lq134U(jop@kc|t&Odf37%wGZ&h z79e|o$X&Wc1M3K6>;cqC(MH)z(H`mp7Tco=_GTi)8)4+alP}G}&lY6u*N=q>p)Egu zqk%>SPNKGA)Z&C>O>nP8$waY?5aJ6t2&atdF$?A;2HExqlyQG4mr zGutQ{LZA&Wcec^0kV z%~v^EN_STi=j}&)RC-rhnW9w2H2!w2Uw_*BrU61t8ixAkG1cY=t!YH>_0NvSTBzh4 zsYaEHb?6VT5ZqIHSm9C89xH-h$?u_pC@9ebrJuv5d4@ z&yp+~*^QMY*sadwSGil*u=04SXoeXC?21>aH&Q`&L>GDlu;q#& z6GQ;klLV9b7VvFZ$#x8+R3=Yx&bEl(j6q4sP?9-ZJ+_BQA!4!eSPJv!_g>DHkUjJr zTyVQ0XUx?R9=_MQ&zXx7!NK?UxJ8we#u6mL-bUpb0%YA&LR8!>M<|i0`hN%xZ#m7Y zDQ9q9iILN@SIVzITK(4>4wen8B)7W{c(HHYIgyIJ)G6_x82JpC$h2%O133pbQek><)8XJcNoe<6&DF*=E_s%<*OXV98uQ2B~Hh@+u3= zzatizr#y_VKfKy!yg3D+Ifz4G-;nMjxX1-QD0`6X7*Td2t+YskeTj`H5nRw6Z(;2| zB%<$`F{ZnoI-Mg}_ZR6o4cL(pg1~S4J`_!d6cB_?b3;Q3Oy_=2`?4!ul20+h&cESW ztRkDuL3e=(?dx$T(EGi6Zq!s2itf&4J_lG;} zZsyrUEx9?k7r)@nVxRQd9@^Gw@KoJKnx}8;JVy)DYaeoPuh@n{Czvm8rFcpv ze_YsHPEO4a^Q$|ZPwd}GsnV<^UDFC5{x`K9?ADyVNpNv&~(6uJoY& z>J|_|f+Kp}l(!NXhQKPzemIBPg0>~5E!i4EF_W1XkqxC82T3#}(IE4&?n^^CV=` z+3|2Uo8xnkn4K^dZI#*yEl-yBs>5JRWMaO-r++HCI_7)sGm(ScrZW)P-$D%`-r<7# z3n7}u(N6Zrt?83lB6XJ^({2w6cgzjxARXKSdGZ;IFbT)#fxdO#jiHO^Fs}f6r=>1; z4`htt5grp>zBd=}c0B!T0hCFpN;?%To4~63Xj!ZriXg_=_T=}5>nbSJE{Kj^{q<4c zdws2|AZK7sfaeasza83hO3tB76`C)lCZ88{bq?5GBg!!uQ4ac{K5Sk$3Okkt#RH0P zKNGbL$VsZCBPMlVZnI5(j+^iZO@Hbgd>6IY{&9R*x41G7ju%v`Goz~})t4xFoRD)Y zeZ7)`AyV5pja}riLmlx@k0J4O#1Lc#wyl7|R%mg$5tl68bz=eQl=i$xrYP?8$1|(R?u%#Ea6tj*?PPscTnISMH zx|l4Y5E^O8+U3>)8d#3%K_IP)4k;`Ezvo%Ai6%vz}jMx z_yn1&*f;gTJyzxj*_AU|6GdmRkHIQn`9t>2`Qys(_@3OPZq8l?cOTC}CI^G8-W8%o znlYPNIAH$nHXAD74#1xs1fw=(zp-2-lI80icPCi8%xQL^%`?sxdF@YiqkgRgU?(~h zH+FJ2ZR~N=D+|3cgax8p1TY+7iYEnZeJh$TQl#+vs4G}O2oAs9wkd#r{55hOK)G$A zc(Ad=eej*?+z$>hAXi$p*@u81iIZRzGu@)sEdqs-fg-i%cRsL?k_VQPRG_zXR{}2N zWw3Q3O-+cFb5+MS%k=@nMu7CdKRuQA*W&qCB8C)PXGTi5+MJW!F5Rf@9cB6eP4NeG zOfksgGRtV1$tgVBr)p_m!ShE{0>;&+`-G;agrjP_x^%L6-Y=u(4%YSGkf|wdgP0&4 zi4|Ls#nCb@91WdO2B3D$0^F2;*Je}5 zt<_C+i%%p6ToBybrYvPJEg29ZBoWlghHV>OVfHE#g_O@kHxGkk z@hV9~Hvehp(I+B@%HlXx(FhZcc<6CZdD$zH#-!1tfmvog*u7u zV7e0m8pGY%p@)URUd3@z8lVh9{A@2FB4uSXLHsb++wLB>wW6)A z<8Q?jBVJgA`jjDGqp6_Yz4pMjrsc#2s0Xeu48AiEmwFp2oyMp*+EY5xI4sh~mkDCg z$Om>KI;WBP7)!RASO$C>{G>CK+4RumPDg^t;GU>n~#RkmR)nhDv5rY6Q=Z z^)R!ju?&>u=|3l)>n4^RN2ZM$LgI&B9rf@F_(djVw z4g{j*kvC9m6xmh`fbGZ}!!%0I7zjjYmC`?p5oT-*(F8gJ$RO{dfT>xZpOBI%cmg-b(05P_6-~{^vA`w1n4md%butN~M|7H@p^<5?p^X?Gh-#L4LFty!^Nsii}aZ@*#r%EWg3h+M;JBhsx~g_&hfJ z+-R>B=~_t74f;U;V+64J1044{re}5{j-05xpOsIXdWPdDDRr=#dJey1%ex7DEE67b z?0X!Rs!6%h&Lm4Sm{p5Wq$MWoSJahr5kvG4R4rN^}p@>Nk;^0WtasFf`A>{6BLOT zu@)#_!Y+M^3c3lM_zW=Pou*19Jk(IWVl}oK2d;KWVRi7VYm~+24@e7hkT*kS<{fX) zHBa`+uI?DkaG3%lC5uhdA6|SDv!$L(bw_7BJ31yi;THQqBkyz}7)RUpxJL zx&jO=fAdH2IG#Fp>Wn=Pcd^5=?Mzs%to2=ndOU1o0aWy{Vpi@UJ(ghSx4k1^K#E}5 zYfr!9(JHKZ7(MakmGcYdaP2w%|K1GMh5mopW2XfLTB~Pp;_i+Ot>sn-fd_gCNo@Xy zZqqd{j|moDBLIM%)=z0b99DEmw3txIRl)6|qSZ@B8r<5sGm=$Ijef zYVciNpbLwlIDRy&)64{9qo;$B?)_87OhvZ1SFMSEJitgU^tj?%-PoX-(|hI%jj9phsbs$~WWNZe+|c z{i?*Rm-fi;y|1>QF|=?@EdtBocs#0a^))QyW>38ZtSlMlY|^VRcroSu^ZH}y@Bah+ zUx1Sb-R1mkqj_Rbdh@o8N;D32X~zH;h1g-lx6KTLQX8r`+mMz$wG!oSW{;!+EB>g z(T~^$-fS_2^n)>n;qYWYiV&QLXI`i^W`aU!;(saKGt#tnamVkP8XRAOCp!h+E#;cL zqu`5l7pvbC$*($uRH*=Pe1ug_dbMr0BkUm7--w_XU}Cpl0B$ixOXj1cs4cElFdr(D z4q-K+3}Vy zls*U|=_Tt;9LmA1k-1!EL19N0-Rc1CmD%UyC7Z-;QI=xI*9uHhZF#^%9WOQQdSK>_ zDmKK!y7>9mXD`F|GJ5=3!!lZfXqrZUVoZ{+F3(88;ULFbQkF`(j>!BNf@57UH>tj- zLuW%0Kh2%JNL2~D2?>IHDW)}tKE791bVv?o^wXyXKx(8g0c4*q3_pm5jAew!;hA4~ z^;Eq4+e@7uBy=2}nqCSk`wZe94^<~;sAoJ zIj14}muc|ublK##l&0~Pw6}z>b7x00crHRLKp2zN9PkJ4bs)8Zoba{;k z3vAG}J)2M{0!qia3VCizne`yr%Okn%;x$t*2h$Lq9#Lp>G4=Dc+`KOyNlR8!iqbfY zWGJ2#oov--#|NKkG{yyW**tYnr#J`7A&cRgK@iWKw&nfF0Zr-KZApB>rq#BUa*BpO z$rk#bj_b7@xux_=OUZi0vZ|v z%i}17gB4FHD>N)KXk@9qyV1?5jsBKjY(Nz`HR(HNUN5p4_32ilM9LxiGvD!ek?10y zM;VJ-hD2ZFTJDJv&(Jw?qRQ6)C1`U)lne zwPA4EH0y8thG0zcZaSz8iOu08NucCmCm_tIg1Gz+LBG*VO?g{>w4S$+;1>5zRXO$V zAs`jbUoZ>Axu2!&>Y1%;*tI5A#3yh`(Z zG-YkG48wOWQ*s0$RpjE*9o!4Wd}$7e!cwVRF5o}TC^@97i1Qx)3>MNT=~_q4N`{`P zW(nbuNDvBSBln|`8{0+C+@Z8%mD6nO2%`VWWI>Qz`U>HmUDA1>-!H4BK~|FtdRqN=gj zy_G%4?e?_@=CVwJYULhhMEof!`)~zt{X~rUa}rrGj4gUGrxtu#Ieq_94>xac)3^vv zMJn1ngHrV!&P7P(dy$`ydxn z?3W?AIcN&?e$in6f?iC!oRe9^Z&3x-UdbbL57A3QqKIJURh+;kzN*=}@x5dB!E_Sb z_mKcRrM#wo=yEalLFKa_?SAJrCn9oE(EV>9=h(hxL08jDYV~-MApXSxalIr`1G%N< z`AJ$BK*fcUihXxx(nzt+28Pb;_|-|zQ4P4%TqWt~FPp}EA3^*>d=rsKALm?0rG|M= zHlk#Nb?ez`F9IPIlWtwp>rr}D446!p+s1sRfa2dse807CI8E}q|CLexX=0`JhUgG% zuk`p}(5VKDeepdqiXj^vd zB|T0ZFhYzeeIRp^l>0sKi2#aON_63~z+#0vlWnWFZBQJm>NdG2d=7W zZEE*<%DHsb{nU(>pyl9DZ@Kml(Q>#axf^FciN8Pa{`S4Ax%1hbI_hjGVsYmmw0J($ zApu}57`lBpW0YgUQf(cSX;R~NLxjM6LW1U+t`i2FBIq^nV>kWSNW4Hp7bS;XTGir@ zlnXaqH|fs+C~8w1lmhzU&-d0M(a_P>hcvJpVaQiTh!qTY=qa^wq;hAHzY~a5P2@ku zR2aCzw!ew%ke~&qL10JvtdyY3d*6Ig6zpj)El-rFNiOvB4#x0VFH`UkH?DY~tVH{bV^TM4!ifsxXkQ>Hr#=>mXqCnR@Pz zJ3LC5j|5e1azXL8PugX0P@>i+)*6GT$y94I6jj%nI>fH?E@63r``>a3!s6f?rWO#{ zO1p&@4t6ZHr*DdSQ|`S^D#Cu@@ft`IVO$6Vm5~|&cJm5k%uV&ACZyGfvoWM1sDk+R z3TK&IN34Il$0f=P(DJZ&b~x{*qm!oXBPRbFh&l)J5rJlW#iI$y3@uo!eyN}A3X9@!ang%j^${;H)0 z@6FY-O}7a!+xm>wW!)8LN50rlEZC3IeJM(Cd7`=7KPb1|F z?rsDBbR0v+2F&pMGD~YM4$Jw_)hqKraWe|x4z?}=7UOy3{#RD{8wXlT7)PPUD3Xc*MSpc!CL$uAvn4QR_ZQT(e-sbCtxFBFG95)l)Vc zQczn6W$cI}P?PkKsGw%Csbbc{ihXQZo00C;fO>xmEe}4hhW$5Uj2Uf!ciKUrPCPpM z0TV$buC4PCQc`H)l?G2LV{e0#BpuTSI-NE8ql>t>&Z(8_W0NolIW1PA$$k>N5u&H; zKQP*kyHb3GhfKNnfh2VkyuX<2ggZ4!7=uJk{*?=Xn9fc&DAPqQmLaY8L-W}mL!~yi zs!+dM6Ww#FD)oT8A&-d)ae?o<;%sM$zmB2{iR^Br-!?plsk4lF5&B{*dp_EhNh5#Z zIiQMJ`)f3viwYB1JAS%toZiHvm2z8K`=8nF^%WAC1(xeW&2xD>G+FlrEzqH z)afJ|5ekrwqmHAYR-;RRtrZE;B>J7F#oY`WSRps3aYk&K+KMZ~?&8IlQq&@}za^Z_ z%XT=qZ%%u{o=(TsB*M2lL;|xYTA^8vwfELcB5J9IJolOPASVh?w-9rce?^&&rUa}e zKDXm~2b^WNNlcas(UUpOiO?3YyHe?S9ck-k5V~kl71&$Nsl~SuV{S6A=RY3f;l@II zUK91pi-?}V)sj3Or$MWG|1((v@Os)5hy;vu2gj1z3%SK>8_YMp7H;#59|5`wzqmP zSQ{9~2yjVs2)rZVz_(r`OLjNwLkhRYtE;J;8Vk!w?(TxdNOU~uF88@rJKVXk=SKGl z2npuHfHU(N+DLauzH4Mdx!9NwTVYlcD7eeKU%iL&0cHf_SA)WOf;*KW`q2eMWPWr? z*pC)ybDcMomVKpp+ne2;G9p`x9ExVg-71W9)Wap`c>SYE$D6;A8c=g^NiMpsE38Jl zM$V#rbeEV(SkpyveZZ)p861BOY?MBqHksd@0;}ZH7_0#T4?{GyNR)^P1qW=6+OD>09_t&IilPy_p`FlvQK!X`e z-Js6H?qwB-Y+eC`H#!vzx0el29P@RI$8PewNAOTh;2>JOX?Kb=|=?__WoAnu(79(Hz`70D^Kk-J_BJ(R&forr1E zTHK=h$q4wHPsxtNKaRWPXCB|b9d{u#QfVP#zi7ro;*Y{vyDFg^#_s^c3!@e$(1>Nx zd?-MNTNr*hg;~C=UpK5@x=dN>VOe&C+Da9qfr+WgaG%3Drn={mJ`;EdwM!>PZ1dDs zFXVyMe_mU629s)Zn0g5Vb^!pG-JmX4`nyG_x5)8^aK!NP|By%e zx;37UC8*EkB7%8g#Sm= z9NZ(i$C`-C%$e}&9kGqZ|0cv)0eqUj%L@iYh$tmCffWXybYPI1q6X4nGx@7ml%Q)Y zIY{o^|6X@S7!PaXwJQ2nQqntWwDk}BOqvV${6fs+cq&ignl+?8)!>9Japyeqqsb() zxR+s4q8x1y{&N5s_ER}-wvYi$T<-li*qnLsp(+YdH~-SI>;pKloY7k#4x@gG0GIi>qat_HM59d9K-jtP(^?lvy zi9%L2h6HEG+}?(lD+jZJprA(JRF5E$J0jrmmU)8m6oI`3am+ju&)v2fc0{yrTn4E% z`*eljq4%9S6R;|3^;49mSkSUurUI5}=AD7&^Xfk3aJcqcME_7r*t@GM6jg}iGP$K{ zE;nx-q+IBG0y@&BX4lWcv7y56=q@;hRx@S>WiLJ98i~el8|#r-F+W(yCi-64LGapa z$EeB_w2V%T-{{p{FD2~o+h3IR{3L^Je2jew9Yux7sC?t6qeU!N-A}6S0t-D4d@``n zxR{$Qs^8&E81Kwfo_+e>)9=hAF2@xbAS!bLYals^jPeN>&Kg__%dWi|gc^tqgsU~r zg?Z;|$fSw2zFKr^doRwHsNx~EUV*gQZ@I&ppK378Z2s5xjPk}jH`MersO;j2CtK*4 zKRa&}h0le!52oLh(fy`5hV$!8DD(uv3TAEdrt%d>V^&@MCyD!dT;9(3$W0*K3U>Qb3EcW#|+x7WWBbZC;`pb}segmLO@ zkIcXkq?MXNB;a|81dN0U@BT!vUfh}@>9!rPTHg##FnB4@@Y7DCDTdWgHi*_N{2osu zpg@z?W{=ya{GN_A4$=C7A;7&DWq>k!Y*3P*@XshV!yttwDIkM*8e;@HUo(3a7Z zEo&{h zokM*4{%T>GRyUD$hrM;cPy#!MY3Q(Js-5QV9KhD{1%(@kt_i1o<}+EYl8}|@RUwP; zN%^Zyx%1gcH?^(=Y3fNv{hc}ny+NQPy+)33F0?Zy&O^sh{{`@@D4lpOuxCV4*0u=F zlpmk676>JV?0OE)&_Q8f?QmWUV_{Gqg_i7}KW*)kt?8aFql!|?hI|Y*8aqE^c`&Bk z{N0*3C1iW`Z`*s%YL^v|CdfTkSPcCR{I(tRbO)QQ{qr*pgA>{VIH6mF z(!(|$)Er0brLs;c9(j}CkZY{+=LGOnNN~i~tBGP?}zRu0-1G`g|jI zIJa*QmmzORUV8Q}^_Crp{krzM&PEYY?n&2Y2m zD#qWUk^IgD+po+}fOZGX&qXqsz`g0H@5LG)*;TY-p1WM+58{N;Cl>xX0TH)x;}ir##`qXOzl zn@BopAWm3GDi8WN2r|y2b2tmr8q+x7!v&U8bhUcoAmD7&SLl>;(q~L$56k#96p7H$ zr~%U?YW0mO97Mgl$KLs_u>ge*0aPou;&{HY1+Eb_ybhc!iS)ZT#!j^$=IlRS#wc6t zK$;dZrCiehtdfeu<0t55)9p*c4arN;{B&T2ag$g9clX4a)N)OksUuw87ooe_Mi0*3SM5XwwfT;-K{Tez^TxNEIYD+fJ3QJXr z{}8YDv%iZKRN_>evAJJ~d1Mx(qE(kS+j_O;g?s#VON$0X$59H}3PZ=11u4MvgTHnJ z&<7FC3Y%TtINEaeg4wy{o#g39K-*m+)3S$zR%cY2BeRpptW&w5&oC_w@0ZEPOX z2zRW;z`!S~F3TnqSjxFhK9}_Ipaonf=PN6B-3x*_Q!a-jH>l3wdvP-|tVAw|4_Yk| z1~%eHwIcr$h4%dzJ&xc;;IT!t66IH;66WvkzR+L(*`hbR%g~_mrzW%uL&W>|;Q=)6 z$rr?&oHmu!`(sd#>}Ia!ubYuOfqEk&d0N){$|5ch%`eP~#pmdW?j@J!`Oy^$EUF(; z3R`VHr&mt1{~yc{@u{vc$yK()eCTzIVrqO2oap?mYAdLK(aC zgqkAq;;?sjg(cn>y4FDH}&wAkynaqjydc zmAXF}`hQVfD%s*UE`;DmzPF2FPY_@3MQMH(Yr3@$scK*+t zOi7O^Oddd^jo{XA1PZM$za~;GOwCKwp!+%%aE(9DyvX9@|G=;R3&2o5^zA6{X-`L; zgIJ;CfQOiMGdbX|-d)FVyD$i26^fNxYi`YtvZOWY&haZ)$Qh~g_RoSG^or1H(>5&5 z+YWf+%I7Ix0xwyV?7oGL{73LW$E$!$7y&Y)1fWgApi`1Y^v9EzXMRN!e7y%MvK7@h zvJLgYg-;t-OZe(#Q!s@tbJEgr9@2JI$lev@jFF8bFAN(8`H}4%co9$L?@;#95_%~A&BgfZK z;l=9G32R8{iSn2#iZEBx0O$KwIuDu?HsohW&h@ayPLr{{NT-l%qzsAv?70g=@+UEU zYNvh+Q` z<%HxTPq=dIKC$5u2C*hLxb&pYS#bwVN;Y8qz42eVpFi0#ZBNGDaM&^iG?G~+slL+zmK z-ZccT_;`Mxeyg`q3R5g9Jik7Zs_BKph)9gQ@kF4fb5|G_>sj1_J%o`6uc#7U-X0wA zgO!;-|D-yd&G@8&?h-p|>-wLyV4l6&g-K&k*5jh)Jj-J@0iQgdoo#6<#O=k`ci}K5 zgxpIV#pR>3}nf!w3%?*(Y@4ulYI=<(7TzoIIr z2Xa=*4f!^yZQ$3JGC%|=sAMOyb+;N9Eqz&V#LIM5hLmMOT;VG#W206!zYpI?!U}}S2r^I?io0fV94Cs~#v$0X- z@2QH9g|YBadXk;kfWWQkQf8u+l2*k19h8RMaNi2QRKod*2bx01%%^p3G+=gCP=%~m zvK;$$fSitu81Q)e@2r{`>Y^MDNuEmqc(MvnS4_tA1CDHqgLi)gLw}<_V1(1J>ubco z!U-u92s#4_!0Y_OjP9JUaeT~39_?ih)Og)IS;!d%R2BVBRY;r5s7~2;x{EK@(fnEc zO$Exiiwok`Ss4>OvWS5=yan)!WyDvsn>HHm);##24wtm9DGOt2^3Q=c1_dmxFV=bn z*f*d5j4^@H4bpSRa?6_@PPrtDOr+3VKAe#hoV36Yf)G!~OmxdSBD=M^_DUR>?Mtv^1XnYJj3%w0Na z8y`49@j&#*4B+anlnT&D^DNvCY2$3?IXcHvV~5z0Qh=@nj11Dx&@Y8?RkDgB(Qa4t zzxtEfzN}abX*t<<$4|J2`}H^@s>+bbJhcS(68@^^<67P&P-h$>5Bhvub6yQotXWvE z(#2@JR6Sv1WF`k=){J5aFL=V@peZ;l{*OnvhS2meZev9W&aJFHU}QG@)_K`!u|f(` z6o_@l;8R1pk?|~SPb!IB;S2Tn%CJwe@o+w%>Mr06ddSsA!bJ%e+43_%WQQ4Ut`;YG z+pDuIr@iq7=3@u?G|loZQfz7JshxVJlVjPojMtbathBVBaga%+hEmd%`wj_q{vvXs z;sg&noqp>KhkI&!byKStshQq+$C={k6lo2n>$0-YU(@w#`q;=RPw}R*E;=#ig5&+c zekl8gDH!sCJfSY28=ROhT8Ek(XlOk`;|EpFlzY}1gpTT((cQTTAlGGT0G-+a=$`XK zRF6wGM^W7R(e28!gy{^f1M?Pc{?`f_+wa}x&1<#UvK5pj4C7}bz=qs;T{EuVg5j0N zoAm|5-ABqd!)P%3;iV!-skO}R;MSxX)sS>i$pFC8Ip^yLJ@e#)EPXI%{%O&Q1==Hy zU+Ybr*RDuLKX#!Sg+vI?$y+x#&sPP|cwfec<-E{@_x+Ba3@tfm>yg4o-dndfJ%c>m-? z=~i=~e#~Re;=)&E^Ic81!%tMQ&w1j52#tXH&AL!#bUTThymY5J9hNod;&ih;DeNb{ zbvKxg979w2ac3zwYiu!4(U7H6+=+pTA?z|HHH@q3h9}KnXv)t@v2ri&byVZywe3joR@JD@N%{f7ji)KS0|`rwmnzzP{YB>GD? z=|O*87Q5kK92R&~B#50$`vf^c0f-dF6K3JLDi?%Uj-23r_f^I8y&87R|Cq7ZF??cL zny8?k#VF{J;O=?=w4FL8v!&mZwr|J1QY9>1O{wOECxxd#_Agmpsv@H)Gb~Yf@-K1z zlhKBn-(m8oYnowc=p;9_`DTQfL7f9?rK%*<7_HcQAR4hh@R9}#4=jjBOFN@RPrr~b z$w`B3*MEd)gpC;BpoIrCzZY_Ek^hRsTf4SmcUP{#wBzUa?tLVXETW|>X~^?8>F ziiafpW2~@EPX?UrZ>>d>FkYwZAbc#rx?1r!k*i_$Msb{2ydIS}QTg@J=p-W=!Q z@s(;qNG54gx6#M3POOW2sn?kn4t@465YzZahk_<~>GPyvn{oOQlEXk|`yri)fzw(3 zxxK4~-tH+ueDt~k9uw;xiep}{lelVD&994ekAzmFKr8%Ok<^?agS)_wzcQP=be_suhSr4v5SD$M1t4_p%YwQDHkDtgGeg3EIt;u}Pd=Dz zl6I=oB7(EPXg{qhG+!{u*17{@|K069_Ur2g44Z53SxxV#{IA7rV|XPd702-=SG^l^ zHKB&rP|I7l{HuL1qV8o0Q1_}+u4RLu=3$ZqTgtJHViLd6#l zQSTCMe;hisjTq<(Sm~C4LougrfPy)LbUtkI>oQNj2F^t{AJpN zTHJbG*$odZvF^R}y=W(MhrrtTwA=T15BXp^VDbz+iaXK^&ODU%VbFC zwxx0el&0RH4Kc??*Il463${4EM?pz_6F~I_PfYN~d*B~*v02uF<8_icBpafo47N}) za>rqB96o~n!i*HE0?}gEG_&)+N^pa~?mtcIs;#+v3or0RTd^G0Y9Og;~lH`Sn9 zo%~?)RZ*rH?gxSC$ByIUM<2t*!#)<9p-qZzvYD3D#m`>_+tQ;0rW1UXvqQdsiZR>% z?f1JWxIWSM2ysER<|fm2iGmoEp++4)U*3tkTSABwHn_H=rVv%yqW@BM{UV*o&MRL{%By1F*WcS%pDcz}}@xl)vQA?(enCunTC1DiN*`Gyjf7}2P{e#&1raG$=a2pHlxgiC}BF^ONu zIJ7#kNKt6l9Ww#6SC1YPM80PdMcGBqzNZrGc)dBkS!g+KeDf&TsOmIkR8-$lNUPR< zQ2_YC7YEj8&GvJBTZ3OmfrD(6DlGn{=n91ewrS}(1rhR95jMK*6QK3L{hW)4?UDCp`nS9=C5*YClL z*}bhHq}guQPCPM+bN@7>`W;aA%s&T;lyW>QqKP{M3qowbJtgAg>4VQ?$Aach3mRre z<&Ks(wYNzDYN3c6;cOs-^G$fT=9@5&$3G*NQbI}Fh85}u65aZkU`y=ufF^j?e*7E% z4PuoexcT%Pv4I?qEK}R}K9AzA)`!a}nFgaSh%q6?8{C+;; z(ObOXRAJwY`lU?pN+|apz@&FBCw(CZ(j-RjYI;Ur37R6lNm5@nPjT_jnevZU;=`Q= zm`8U%mbEaQe|??Gp2M=Sbb6D6N}rY=UVg4_`)*GAxpYQb{R<(=WWa>--5<1uFfk?S zmijh8gP;LOUa0wD64$6TY#ECb$Z5iiHbIf8V9R=E7!I?Rf(qhe6p+eFb$mJx&QKo-bkPUUH~Y=hYhqO2nw8$HPH}Ui2nwmJ+IaSY?lIcUZQAG@wk}6 z=tKpcBf{B{X4j8Df1lmf$lSoZ_o`9IUeKpn0n+C!$M`1lXf}Au_a+q&OH8faFYP&? zV^OK0e!(VTRL(shI%xmCk=}J70`Nhyo`9XXLQ>f6&Nf=~6F& zbzH&_HWXF(+UDS+f9y#|lV39_-;4muWm$u5S6n!4%{d7FOY|dU95^5Z7K{d@H({Jv zAO5FD#(fdZZAZ|Nc^Pqg>bRqz!iA^QQxAfxO#lD@002^qZHS{quyFtZrJV(UfDcL8 R#on>RXZr#G00004Sy~iCS0MlZ literal 0 HcmV?d00001 diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 51e97892..cd0d4105 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -65,6 +65,9 @@ importers: lookpath: specifier: ^1.2.2 version: 1.2.2 + nanotar: + specifier: ^0.1.1 + version: 0.1.1 open: specifier: ^10.1.0 version: 10.1.0 @@ -163,6 +166,8 @@ importers: specifier: ^1.4.0 version: 1.4.0(@types/node@20.11.30) + packages/cruntime: {} + packages/devnet: dependencies: '@openzeppelin/contracts': @@ -8484,6 +8489,10 @@ packages: hasBin: true dev: true + /nanotar@0.1.1: + resolution: {integrity: sha512-AiJsGsSF3O0havL1BydvI4+wR76sKT+okKRwWIaK96cZUnXqH0uNBOsHlbwZq3+m2BR1VKqHDVudl3gO4mYjpQ==} + dev: false + /natural-compare-lite@1.4.0: resolution: {integrity: sha512-Tj+HTDSJJKaZnfiuw+iaF9skdPpTo2GtEly5JHnWV/hfv2Qj/9RKsGISQtLh2ox3l5EAGw487hnBee0sIJ6v2g==} dev: true