From 7d7d3d94b46573fa9e50648a350434a7ce0e5b49 Mon Sep 17 00:00:00 2001 From: "andremonteiro@ua.pt" Date: Wed, 16 Apr 2014 11:29:05 +0200 Subject: [PATCH 001/122] Import initial files from http://wiki.ieeta.pt/wiki/index.php/OpenNebula --- SetupComplete.md | 3 +++ one-context.ps | Bin 0 -> 5019 bytes startup.vbs | 5 +++++ 3 files changed, 8 insertions(+) create mode 100644 SetupComplete.md create mode 100644 one-context.ps create mode 100644 startup.vbs diff --git a/SetupComplete.md b/SetupComplete.md new file mode 100644 index 00000000..cbb69ebc --- /dev/null +++ b/SetupComplete.md @@ -0,0 +1,3 @@ +cscript //b d:/startup.vbs +del /Q /F c:\windows\system32\sysprep\unattend.xml +del /Q /F c:\windows\panther\unattend.xml diff --git a/one-context.ps b/one-context.ps new file mode 100644 index 0000000000000000000000000000000000000000..6134bb14c420bf472c22da1047b8ffc43baddfd1 GIT binary patch literal 5019 zcmds5VQ=C_6aE||{=?KkilYloAiY+N6sZWf7O5c!a?J;VD#u>HJ!8AxC4^r4-}}t2 z*El&)b8o-BC<*cI?Ck8!GqcaQUOWD;pSn>&_fZn28%d*dBXYSEaZHmSk1|Cnr65h_ z(PEtoy3Ir~6p!oJr(bU*>D{dgqHZpHB|>`KlAnaRSfz;)QJ(&|_C09A7%BPat4J!p z7<;XP_|xm(4bBJs{#}PYCeafNib6jWgrCk6E2Q>CtEENxPt}V5;*WZ*UYiKj>_3ZO zt)es;rEwH&X`SRksyqt#Y|VL^2ZD|%NfjkRgcytFn1f>Zi(uCAfz)khq zlvgK`k7993pX;?FEYM?6^5f^fF(5aQ3YOH&#X>yeRFEVsuf>l}T<_iK zwZng%6Ek$wU<=P0Pky{+>l-T{8ibs-Jg+^2%A<0ZsTQ5Fke232-jsiHq1Jgq)}VR~ zgBA1rF#IJA{P?33xod^=8FZ)%jKT98T0^8>voL7zBU^}FOYKv~jykZg6z%jT1Bgxi zP)4)HYe%y^Ry3Ns-?&qjpIu$`pMhNI?vKKGX@GNjS{hvF(R1t$*5sKyakXvES-I|X zw=I_GVNVJ*@}=CQd02X5>SV=`GuyWY7#<|^)UC|H$M!_W)G4qk^l{E8So+CAkX5=9 z6|ocmk6p<|`Qa)`*mc?^J5Rg@a>W~a6nGiRfD~SoJf)w6>%d}rO6RN+yisQ|xxXFv zUYt|og>5<}tRuUS3)N7dSWy2ti;%Hq-~ZiWv(jTAeu({r^h)4sCwwu{d`xq?cy3+b zQ{CI^rmIz?y4uTiZ(>tUk$~;m)p;)OjO4McBHR`7A z*;(s5yMqySJm=lv1(#pD;M=cV@V>IZ-U?B+$A>?GRc!q2D@Xo6xvBmB+ai#M9f8mq z7B&egcWPzZu*<{to`Y)b6tVTd}AU`WXlat~{*^Tns$rFWM{x z*xl#GZ{A?kPyEN2nU45_oV)SIzC%r>ZZ2kTI$fj?3XMGdn+)=Hl_rS-U1`{g(k2F{ z#jM3X1S^_$*;dMFXoJYuHXXt{lfoLZ$vF%jyh3r zL*Q}>p`y0mzxV9#h0RHwVyqH3PO+mzY28$=*hX(SnTVX(D(7YEhfA+@`JLDLzU{Ry zxK!^(T3)+VguAM^R4@^K9xQM3kSS0(Dyy3nw)D1OJW&9du~?XU0|9kS*!IZZ53G?@ z#nX!!Zr$BR)0X8GUsSYQFvY@+rg`ih2-+!TAQpn%VG=5fZH*;4kda*eo|@10WWT>#t$7F!F+oo|Ra@_o20N3Q|^nL9!rdmj2E5}HS0s%NGbQZ|aA;Kav+$NN#sd@;a z)l>TcnXa{h!mzYFW&C#HINjXI9qW~DtAL6vK6aPawb&eIgdMA%HFS38%9Wq^3-GX1 z*B^7_#)tcxYmoM)8Kh>Au4oDG2J?kC->ep3^42*xKLzU?u~(GkDYqtt5o<8*;c}&+y*bkQJSp2a@S9je|`5Nk9LJ7ziqn%rc5_zVc z9hF=iajNjtkCXn`pwbx1S=~*uZF9iL?p-~M`<>oR-&4pZODdj_{>!E;5MGDnH zTXal=Ik;SmO2Az>cXenng-lKq5Q~JTK=<4fsd^1E=$qB9=iiHmq z{x(D;v~3Q|Dd(xFwi()NAUpv7+?vC{5Izsud@yV7j0H*aYCw;IvJvlkVADeR+K;0@ zMd+LscS*%UxTg^EN?S(?z;?WuXy;cO^6iI51B>NdXObCljG*MhhYm$?tfOluR!eZ^iqEdW}0l xyyp0dNEdwLEdeiU^vj4Fhg8P?HQ=!LfOl Date: Wed, 16 Apr 2014 11:41:35 +0200 Subject: [PATCH 002/122] Adds a README --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 00000000..95ed6c59 --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# OpenNebula Windows Contextualization + +## Description + +This addon produces a Windows Contextualization script to use in Windows Guest VMs running in an OpenNebula Cloud. + +## Authors + +* Leader: Jaime Melis jmelis@opennebula.org +* André Monteiro (Universidade de Aveiro) +* Tiago Batista (Universidade de Aveiro) + +## Acknowledgements + +This addon is largely based upon the work by André Monteiro and Tiago Batista in the [DETI/IEETA Universidade de Aveiro](http://www.ua.pt/). The original guide is available here: [OpenNebula - IEETA](http://wiki.ieeta.pt/wiki/index.php/OpenNebula) From 348851336cf42fd9694704973c977a8acffc2886 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Wed, 16 Apr 2014 14:15:11 +0200 Subject: [PATCH 003/122] Add Copyright --- one-context.ps | Bin 5019 -> 6225 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/one-context.ps b/one-context.ps index 6134bb14c420bf472c22da1047b8ffc43baddfd1..edf39bbeeab96e14b186991696af9a505ea05744 100644 GIT binary patch delta 1051 zcmb_b%Wl&^6crU}P#_X1th(VUSLVF9M7ePzC{?#}OqgKuD>2GRt=>xSDWQF!8Y>8oVJS`nPxie7cPWqPAs~ z3h;JqOYUwfA8n>o+-bGaG;NYxqH(PitqqW^zT542ey^cr7Cfb!|M%~NMJOc*e3ww6 zZ5%Iv#9C!Q##(zsQs4qeC{XtlH!h@tD#}6&B%i932sBd7%7>g#sRSJ->aR!&lR$fV z1z2i?PK7Y2IX<|44W2r_>sxEGE5cKE^kQ%_f>UQWbi9$<^I*5N?jeR;0Ji4gT70TccqdH#cseuN!3~f|QH5 zI>An*{P{z9wJg8d$-dqBxw@=;-MMdoy$cLH|W-=;FULtxQNd6X=+B{cm3nKufZW`7A From d3f0d89c643315cae50043fb97a934dc6fca1472 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Wed, 16 Apr 2014 14:19:35 +0200 Subject: [PATCH 004/122] Restructure the powershell script: - remove the readmin functionaly - execute scripts reference in INIT_SCRIPTS - use the new ETH0_IP context info - Improve the context regexp - miscellaneous formatting issues (remove unnecessary parentheses, etc) --- one-context.ps | Bin 6225 -> 7129 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/one-context.ps b/one-context.ps index edf39bbeeab96e14b186991696af9a505ea05744..d1f3f8ca4a2f552b0c989f2e3354c7e2a9ebc1ea 100644 GIT binary patch literal 7129 zcmcIpZExE~68>($|6xKAR~feGm%HKs7e=d-l|+aw38EZd;5a#oT1jjulI2pCb!q?m zJ+m()B|Fz#FD2SY;?B&@JoB=%;|8_9*+Y%}y#{sCY?DXxML}mLCugm*lheN)(I68^ zUrbhUK*K!!S%d{Ot9M?S&kv5Mb9(lQu7Zgq^C)@t$2a&?@~)y#BvMRil}trW#X?X! z3qpLDl_Pp9av7xwop~qJWCF)5IR`(`CSB1o*swZEUXm8Hk^+JvNwX*xBpySN6%-{D zrpqjjf+Q5Qj*5la%!u;noe`8yiU71$UI4CaL+PweO+mo~|Kszg;I}A>?ELt6yQ|r(m87 ztQ9GHX`M$!l+2Gvrn6!lXXr4ZZJb|T@iF_GJj&TWnr&dEH zFOHT`5fo~zN|7>ZE$!EQvb=9rU0N-+mn+NwLBP2AUB}|i9G+!Y^s_I2=uO%s7D}tz#i+}@$gD;upVwom|i1PHO zRp3DqV_wJ!P?kkt-tCG|0AF^;z2jcDJ8siW62W~kng&xr_^i-_ zK!Z~Hopa-NNB#D7*Qu%PW`UH*yXiLRuMKf~kz|-CZ}kH`zzeBQ^$rMAw&L1~=^l++sI$dWvrg-wUebB;>BgGxho0+(4e*nf1zwRqHuxoE6BoDZ7pIcOgviUgXt2-5%5wtROavI zMh${W9-E>Bco`~-6ke1(q@P67fyUM}2Z3od*)~ASX%L9XQggxU3ltsdK4v&er6$t5 z{1G*cem4O8WgN_j!P#C`^@F{E(k9RoQq!I18TSbIWR^1C5U*butq^dem=UhK z#e%oel1n(hP}z=I5hF(%%e=eK*K5TfsWSV#QoDk+k{;mwimd#yezi=oJJep`EB>n$ zG?Zz5+V(}kXZ_Qn<|a|t<63m`g9#9Rk-ZTcc5Zk4+Mz=-M2F;j>>@0$&P5 z1vY&5TTW`wNZ`mp5~w3=8Wcfg9rFxxF^e9b->i%#-q4MdR{RyzHCCuqYQ>9gB8p`o zKWQ7b39sA!8)JYXT?QeO@v|%Qy4|T$P80bh%FDiAr<|j4SqGcvwtv+gcW>M8>eNt{ zJ@XuOzdOc}!1~r8i!!Axt7{J7JB`eJjmRLdMO2|urvw1j`cj+*rA`IopHOK)>Qu(? ztz9cH>XgRlEy@ZAP}Xc=4Ph)kym5Myq4TaE9q5;uFRaJ6B99fe3lQL(egC~@|39gD z;J0e8QW$&WSz)}u+Q18Fbh0==cjmnJ?ml?;hb|5W$NMj$Rf?eP6Ti?2wYY_S;Tn9N zZdL>H%bT5U+fiA9v|H(>(Ut&pA*l#h7Z~yiJ?iasZ!l341+;{JJ^R?#5!s#w8T!kP zDItoVex-j^GE_+5pEWL6f5NA=T}NArMI;o;pSp!H1nf~@Ux{Ot zypf0n&fd${o#7RKsryi0So zU~FJ-dU$A#5o`0;93_yg#FzJuT=2 zmZ)72sHIwZEi}1A4%~CgmO<8(cis6FP|Dx0SU zPkV*4yX?k}Hf4w%>!|9BOa4y}rQRuBBg6D@>QP0J7n1?#St%JP&iyG96pUAUn3)J;-f`@N1P#pHII((8rG%m5@kWpyu^q?j6Y z!$ms61P;@J3%AHu5WkZnt3*##P`=E`jchjGu7J77>rtf#5mrew^o3M28CARt*PYYr z_r@Rn&ZsvW`_)ZUB~guKE03y1Ukg;devQ~uMX`yZ__R@W4NKL_XvMkZ)JqyvTM1c_ zF%W4D1I&UA$(A;j@-KFETL2)m6z1!b^o%&_c;vAP;^^OET8pA;YbQK^@1+>YCu$^* zNKq`P``b=J?tM|3fQQL3oMtlz2kc-~v|e&={X3he&YGtgK;`W^@dD`;DWXU;X;%nQPOQrX(z9s&$8O>@lG^f*-F6vtmE zQ~~436;HB?1xE0!rGruJxckqsL##5Us}m9L@7d73WGS{D?{p?_(|Cm$%dhk!eI|4i z_)~|7RXhL|T8@E?zVO)VgsVz~5Hp=}|lgqCR7C8#qm1G}s_6@x94IJnAjT1loeaQlSc lS$yV%)Ld0<*S~?=*7bHrPF|MCa-sa9;n8BAWT|rFe*oGotStZl delta 2004 zcmb_dU2oe|7}oe`=deh$9T#0yaX7VzO=>T3mTg4pw2&02An6njO(KbqWxr{xIkvG+ zmX%WF7a$?|cK-lPLh2Rbj(@-f7yJh<;Fc@i89ZfVhul9pE*6AHSl+xV2qj4^%R7|+(h@ns7lI(V#ss#-Cx$Zx#ETPy znPUk1RaMo7F(Nu%zJW;IC+_up*(*##2zVhKM*7uX*3$j@)HlL#<^>k6ZwkLH)*m!= z{n37}O@}9c3-4T6*(S7UO>EZ=SzuUR04K$_zP~a*0Ji5#$ib93J%S(pknl3q9{7%7 zfrJ?dt7piv&$oT0UEmFQ~n0!L9QJbL98JE$X?70N6Be`LT)x^rcuBO=O!?S$fJk{Q&%sifc(LML%rr?v!Ruv0>?YaTBE952F-Qp5!6M9_ z0GTt7fE!K&ATBWc(|F9ycF_ZzVZ{PCAsRfAF7H4$>2e7pkoQqB`g3W${0eSx&A#Sy XmS4sH)cYbiGh&xhHA5pwybb>VEgD#R From 23f47723e011fdd0b95006aee857fd14e9e6ded5 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Wed, 16 Apr 2014 14:23:17 +0200 Subject: [PATCH 005/122] rename context script --- one-context.ps => context.ps1 | Bin 1 file changed, 0 insertions(+), 0 deletions(-) rename one-context.ps => context.ps1 (100%) diff --git a/one-context.ps b/context.ps1 similarity index 100% rename from one-context.ps rename to context.ps1 From 41289192e8257ff4fe177854e2be41a9b7ecdc9e Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Mon, 21 Apr 2014 09:54:47 +0200 Subject: [PATCH 006/122] Discover the CONTEXT drive letter dynamically in the start.vbs script --- SetupComplete.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 SetupComplete.md diff --git a/SetupComplete.md b/SetupComplete.md deleted file mode 100644 index cbb69ebc..00000000 --- a/SetupComplete.md +++ /dev/null @@ -1,3 +0,0 @@ -cscript //b d:/startup.vbs -del /Q /F c:\windows\system32\sysprep\unattend.xml -del /Q /F c:\windows\panther\unattend.xml From e940513c87eb5452e012a54e13aaf3e88c04aad0 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Mon, 21 Apr 2014 09:54:52 +0200 Subject: [PATCH 007/122] Discover the CONTEXT drive letter dynamically in the start.vbs script --- startup.vbs | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/startup.vbs b/startup.vbs index ae46f572..dee33260 100644 --- a/startup.vbs +++ b/startup.vbs @@ -1,5 +1,19 @@ -Set objShell = CreateObject("Wscript.Shell") -objShell.Run("powershell -NonInteractive -NoProfile -NoLogo -ExecutionPolicy Unrestricted -file D:\one-context.ps1") -Dim objFSO, objFolder -Set objFSO = CreateObject("Scripting.FileSystemObject") -Set objFolder = objFSO.CreateFolder("C:\executedVBScript") +strComputer = "." + +Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") + +Set colItems = objWMIService.ExecQuery _ + ("Select * From Win32_LogicalDisk Where VolumeName = 'CONTEXT'") + +Dim driveLetter + +For Each objItem in colItems + driveLetter = objItem.Name + Exit For +Next + +If Len(driveLetter) Then + contextPath = driveLetter & "\context.ps1" + Set objShell = CreateObject("Wscript.Shell") + objShell.Run("powershell -NonInteractive -NoProfile -NoLogo -ExecutionPolicy Unrestricted -file " & contextPath) +End If From d28db3d4eb4df3c261d5673037f04f3e352fbca3 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Mon, 21 Apr 2014 11:56:01 +0200 Subject: [PATCH 008/122] Remove Tiago Batista from the addon authors --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 95ed6c59..7dfbbd55 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ This addon produces a Windows Contextualization script to use in Windows Guest V * Leader: Jaime Melis jmelis@opennebula.org * André Monteiro (Universidade de Aveiro) -* Tiago Batista (Universidade de Aveiro) ## Acknowledgements From cf23115e1021b55e34a4a5218d197a90a6220fe9 Mon Sep 17 00:00:00 2001 From: andremonteir Date: Mon, 21 Apr 2014 10:58:57 +0100 Subject: [PATCH 009/122] Update context.ps1 --- context.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/context.ps1 b/context.ps1 index d1f3f8ca..49a77c9e 100644 --- a/context.ps1 +++ b/context.ps1 @@ -61,6 +61,7 @@ function addLocalUser($context) { $admin.CommitChanges() # Add user to local Administrators + # ATTENTION - language/regional settings have influence on this group, "Administrators" fits for English $groups = "Administrators" foreach ($grp in $groups) { From af24ba437602c1b6213eb9e75289aaa2a4348313 Mon Sep 17 00:00:00 2001 From: andremonteir Date: Mon, 21 Apr 2014 11:57:51 +0100 Subject: [PATCH 010/122] Update context.ps1 Added the search for built-in Administrator account in system language --- context.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/context.ps1 b/context.ps1 index d1f3f8ca..a16968b1 100644 --- a/context.ps1 +++ b/context.ps1 @@ -62,6 +62,7 @@ function addLocalUser($context) { # Add user to local Administrators $groups = "Administrators" + $groups = (Get-WmiObject -Class "Win32_Group" | where { $_.SID -like "S-1-5-32-544" } | select -ExpandProperty Name) foreach ($grp in $groups) { if([ADSI]::Exists("WinNT://$computerName/$grp,group")) { From 1e6abb79cc2d59b7605b7f29b1286d2a6fa8c06b Mon Sep 17 00:00:00 2001 From: andremonteir Date: Tue, 29 Apr 2014 11:59:49 +0100 Subject: [PATCH 011/122] Update context.ps1 --- context.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/context.ps1 b/context.ps1 index 49a77c9e..5131f73c 100644 --- a/context.ps1 +++ b/context.ps1 @@ -63,6 +63,7 @@ function addLocalUser($context) { # Add user to local Administrators # ATTENTION - language/regional settings have influence on this group, "Administrators" fits for English $groups = "Administrators" + $groups = (Get-WmiObject -Class "Win32_Group" | where { $_.SID -like "S-1-5-32-544" } | select -ExpandProperty Name) foreach ($grp in $groups) { if([ADSI]::Exists("WinNT://$computerName/$grp,group")) { From dee457088d801d8e46db0a0bb6c229a763d1b55b Mon Sep 17 00:00:00 2001 From: Javi Fontan Date: Tue, 25 Nov 2014 09:45:39 +0100 Subject: [PATCH 012/122] gh-3: Make context compatible with vcenter drivers --- context.ps1 | 11 +++++++++-- startup.vbs | 20 +++++++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/context.ps1 b/context.ps1 index 5131f73c..d9f22627 100644 --- a/context.ps1 +++ b/context.ps1 @@ -193,8 +193,15 @@ $contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } # Return if no CONTEXT drive found if ($contextDrive -eq $null) { - Write-Host "No Context CDROM found." - exit 1 + $vmwareContext = & "c:\Program Files\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.opennebula.context" | Out-String + + if ($vmwareContext -eq "") { + Write-Host "No Context CDROM found." + exit 1 + } + + [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "C:\context.sh" "UTF8" + $contextDrive = "C:" } # At this point we can obtain the letter of the contextDrive diff --git a/startup.vbs b/startup.vbs index dee33260..5759d154 100644 --- a/startup.vbs +++ b/startup.vbs @@ -1,19 +1,25 @@ strComputer = "." - + Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") - +Set fso = CreateObject("Scripting.FileSystemObject") + Set colItems = objWMIService.ExecQuery _ ("Select * From Win32_LogicalDisk Where VolumeName = 'CONTEXT'") - + Dim driveLetter - + For Each objItem in colItems driveLetter = objItem.Name Exit For Next - -If Len(driveLetter) Then - contextPath = driveLetter & "\context.ps1" + +If NOT Len(driveLetter) Then + driveLetter = "C:" +End If + +contextPath = driveLetter & "\context.ps1" + +If fso.FileExists(contextPath) Then Set objShell = CreateObject("Wscript.Shell") objShell.Run("powershell -NonInteractive -NoProfile -NoLogo -ExecutionPolicy Unrestricted -file " & contextPath) End If From cb5837042fd8f7fd35352625706419bbb40a5c49 Mon Sep 17 00:00:00 2001 From: Nuno Taborda Date: Thu, 27 Nov 2014 16:22:00 +0000 Subject: [PATCH 013/122] Ensure idempotency and fixed volume detection error --- context.ps1 | 2 +- startup.vbs | 22 +++++++--------------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/context.ps1 b/context.ps1 index d9f22627..7fb1848e 100644 --- a/context.ps1 +++ b/context.ps1 @@ -174,7 +174,7 @@ function runScripts($context, $contextLetter) function isContextualized() { - Test-Path "c:\.opennebula-context" + return $FALSE } function setContextualized() diff --git a/startup.vbs b/startup.vbs index 5759d154..a76db4ff 100644 --- a/startup.vbs +++ b/startup.vbs @@ -1,24 +1,16 @@ strComputer = "." - Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set fso = CreateObject("Scripting.FileSystemObject") - -Set colItems = objWMIService.ExecQuery _ - ("Select * From Win32_LogicalDisk Where VolumeName = 'CONTEXT'") - -Dim driveLetter - -For Each objItem in colItems - driveLetter = objItem.Name + +Set colDisks = objWMIService.ExecQuery("Select * from Win32_LogicalDisk Where VolumeName = 'CONTEXT'") + +For Each objDisk in colDisks + driveLetter = objDisk.Name Exit For Next - -If NOT Len(driveLetter) Then - driveLetter = "C:" -End If - + contextPath = driveLetter & "\context.ps1" - + If fso.FileExists(contextPath) Then Set objShell = CreateObject("Wscript.Shell") objShell.Run("powershell -NonInteractive -NoProfile -NoLogo -ExecutionPolicy Unrestricted -file " & contextPath) From 444de57dd5007679b16bfcc0b15638dc89206866 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Fri, 15 Jan 2016 19:35:15 +0100 Subject: [PATCH 014/122] Make context.ps1 absolute-path safe --- context.ps1 | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/context.ps1 b/context.ps1 index d9f22627..4c3c690f 100644 --- a/context.ps1 +++ b/context.ps1 @@ -201,17 +201,16 @@ if ($contextDrive -eq $null) { } [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "C:\context.sh" "UTF8" - $contextDrive = "C:" + $contextScriptPath = "C:\context.sh" +} else { + # At this point we can obtain the letter of the contextDrive + $contextLetter = $contextDrive.Name + $contextScriptPath = $contextLetter + "context.sh" } -# At this point we can obtain the letter of the contextDrive -$contextLetter = $contextDrive.Name -$contextScriptPath = $contextLetter + "context.sh" - # Execute script if(Test-Path $contextScriptPath) { $context = getContext $contextScriptPath - addLocalUser $context renameComputer $context enableRemoteDesktop From 00c63e1cf82a7dd2ed8175d15a2437e760c91586 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Thu, 31 Mar 2016 17:01:27 +0200 Subject: [PATCH 015/122] Add support for START_SCRIPT and START_SCRIPT_BASE64 --- context.ps1 | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/context.ps1 b/context.ps1 index 4c3c690f..3c92a204 100644 --- a/context.ps1 +++ b/context.ps1 @@ -170,18 +170,36 @@ function runScripts($context, $contextLetter) } } } + + # Execute START_SCRIPT and START_SCRIPT_64 + $startScript = $context["START_SCRIPT"] + $startScript64 = $context["START_SCRIPT_BASE64"] + + if ($startScript64) { + $startScript = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($startScript64)) + } + + if ($startScript) { + $startScriptPS = "$env:SystemDrive\.opennebula-startscript.ps1" + $startScript | Out-File $startScriptPS "UTF8" + & $startScriptPS + } } function isContextualized() { - Test-Path "c:\.opennebula-context" + Test-Path "$env:SystemDrive\.opennebula-context" } function setContextualized() { - echo "contextualized" | Out-File "c:\.opennebula-context" + echo "contextualized" | Out-File "$env:SystemDrive\.opennebula-context" } +################################################################################ +# Main +################################################################################ + # Return if VM has already been contextualized if (isContextualized) { Write-Host "VM already contextualized." @@ -191,21 +209,22 @@ if (isContextualized) { # Get all drives and select only the one that has "CONTEXT" as a label $contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } -# Return if no CONTEXT drive found -if ($contextDrive -eq $null) { - $vmwareContext = & "c:\Program Files\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.opennebula.context" | Out-String +if ($contextDrive) { + # At this point we can obtain the letter of the contextDrive + $contextLetter = $contextDrive.Name + $contextScriptPath = $contextLetter + "context.sh" +} else { + + # Try the VMware API + $vmwareContext = & "$env:ProgramFiles\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.opennebula.context" | Out-String if ($vmwareContext -eq "") { Write-Host "No Context CDROM found." exit 1 } - [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "C:\context.sh" "UTF8" - $contextScriptPath = "C:\context.sh" -} else { - # At this point we can obtain the letter of the contextDrive - $contextLetter = $contextDrive.Name - $contextScriptPath = $contextLetter + "context.sh" + [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "$env:SystemDrive\context.sh" "UTF8" + $contextScriptPath = "$env:SystemDrive\context.sh" } # Execute script From ce143c10d9d2077df58c9dfb6872fa8658ca2d47 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Wed, 6 Apr 2016 17:04:26 +0200 Subject: [PATCH 016/122] Add unattend.xml example --- unattend.xml | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 unattend.xml diff --git a/unattend.xml b/unattend.xml new file mode 100644 index 00000000..b472c6a8 --- /dev/null +++ b/unattend.xml @@ -0,0 +1,116 @@ + + + + + + true + + + + + + en-US + + en-US + en-US + en-US + en-US + + + + + + ClearType + + + true + + 3 + Work + true + + true + true + + + + + + 4dm1n1str4t0r. + true</PlainText> + </AdministratorPassword> + <!-- The following is needed on a client OS --> + <!-- + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Description>Admin user</Description> + <DisplayName>Admin</DisplayName> + <Group>Administrators</Group> + <Name>Admin</Name> + </LocalAccount> + </LocalAccounts> + --> + </UserAccounts> + <AutoLogon> + <Password> + <Value>4dm1n1str4t0r.</Value> + <PlainText>true</PlainText> + </Password> + <Enabled>true</Enabled> + <LogonCount>50</LogonCount> + <Username>Administrator</Username> + </AutoLogon> + <ComputerName>*</ComputerName> + </component> + <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <InputLocale>en-US</InputLocale> + <UILanguage>en-US</UILanguage> + <UILanguageFallback>en-us</UILanguageFallback> + <SystemLocale>en-US</SystemLocale> + <UserLocale>en-US</UserLocale> + </component> + </settings> + <settings pass="specialize"> + <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <fDenyTSConnections>false</fDenyTSConnections> + </component> + <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <UserAuthentication>0</UserAuthentication> + </component> + <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <FirewallGroups> + <FirewallGroup wcm:action="add" wcm:keyValue="RemoteDesktop"> + <Active>true</Active> + <Profile>all</Profile> + <Group>@FirewallAPI.dll,-28752</Group> + </FirewallGroup> + </FirewallGroups> + </component> + <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <TimeZone>UTC</TimeZone> + <ComputerName>OpenNebulaVM</ComputerName> + <!-- + <ProductKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</ProductKey> + --> + </component> + <component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <CEIPEnabled>0</CEIPEnabled> + </component> + </settings> +</unattend> From a9b307a44d174a2538756eb2d5932555069f6293 Mon Sep 17 00:00:00 2001 From: Jaime Melis <jmelis@opennebula.org> Date: Wed, 6 Apr 2016 18:36:36 +0200 Subject: [PATCH 017/122] Remove hardcoded password --- unattend.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/unattend.xml b/unattend.xml index b472c6a8..8e1c7b7a 100644 --- a/unattend.xml +++ b/unattend.xml @@ -50,11 +50,11 @@ <!-- Password to be used only during initial provisioning. Must be reset with final Sysprep. - --> <AdministratorPassword> <Value>4dm1n1str4t0r.</Value> <PlainText>true</PlainText> </AdministratorPassword> + --> <!-- The following is needed on a client OS --> <!-- <LocalAccounts> @@ -67,6 +67,7 @@ </LocalAccounts> --> </UserAccounts> + <!-- <AutoLogon> <Password> <Value>4dm1n1str4t0r.</Value> @@ -76,6 +77,7 @@ <LogonCount>50</LogonCount> <Username>Administrator</Username> </AutoLogon> + --> <ComputerName>*</ComputerName> </component> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> From 54aed7ad13711d66b78c7201cf5f8d5ff2d141bc Mon Sep 17 00:00:00 2001 From: "Jan \"Yenya\" Kasprzak" <kas@fi.muni.cz> Date: Wed, 27 Apr 2016 11:39:55 +0200 Subject: [PATCH 018/122] startup.vbs: fix the drive letter lookup The startup.vbs script does not find the correct drive with the CONTEXT CD-ROM, and thus contextualization is not done at all. The problem is the incorrect test whether the lookup succeeded, and substituting "C:" in case it failed. The issue with the suggested fix is discussed here: https://forum.opennebula.org/t/windows-contextualization-problem/579/4 --- startup.vbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/startup.vbs b/startup.vbs index 5759d154..04357187 100644 --- a/startup.vbs +++ b/startup.vbs @@ -13,7 +13,7 @@ For Each objItem in colItems Exit For Next -If NOT Len(driveLetter) Then +If IsEmpty(driveLetter) Then driveLetter = "C:" End If From 0a351c44291538c60685ee2343f5b0fc7463d01d Mon Sep 17 00:00:00 2001 From: "Jan \"Yenya\" Kasprzak" <kas@fi.muni.cz> Date: Wed, 27 Apr 2016 11:55:44 +0200 Subject: [PATCH 019/122] README.md: Point back to the ONe documentation The Github project page should also provide pointer to the documentation on how to use Windows Contextualization. Since the documentation is not contained in the project itself, add link to the OpenNebula documentation. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 7dfbbd55..131b6a2e 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ This addon produces a Windows Contextualization script to use in Windows Guest VMs running in an OpenNebula Cloud. +The documentation on Windows Contextualization can be found in +the [OpenNebula User's Guide](http://docs.opennebula.org/4.14/user/virtual_machine_setup/windows_context.html). + ## Authors * Leader: Jaime Melis jmelis@opennebula.org From 30f81d4b18e562aeafab1e0be27c5318f3839ddc Mon Sep 17 00:00:00 2001 From: "Jan \"Yenya\" Kasprzak" <kas@fi.muni.cz> Date: Wed, 27 Apr 2016 15:11:05 +0200 Subject: [PATCH 020/122] context.ps1: IPv6 contextualization Set up the IPv6 address and gateway from contextualization data. Unfortunately, the same interface as used for IPv4 does not work for IPv6, so we have to use "netsh" command instead. TODO: The current version works for address/gateway only, and probably does not work for IPv6-addressed DNS servers. I don't have any myself. Tested on Windows 2008R2 Server. YMMV on other versions. --- context.ps1 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/context.ps1 b/context.ps1 index 3c92a204..1bf553e3 100644 --- a/context.ps1 +++ b/context.ps1 @@ -89,6 +89,9 @@ function configureNetwork($context) { $gatewayKey = $nicPrefix + "GATEWAY" $networkKey = $nicPrefix + "NETWORK" + $ip6Key = $nicPrefix + "IP6" + $gw6Key = $nicPrefix + "GATEWAY6" + $ip = $context[$ipKey] $netmask = $context[$netmaskKey] $mac = $context[$macKey] @@ -96,6 +99,9 @@ function configureNetwork($context) { $gateway = $context[$gatewayKey] $network = $context[$networkKey] + $ip6 = $context[$ip6Key] + $gw6 = $context[$gw6Key] + $mac = $mac.ToUpper() if (!$netmask) { $netmask = "255.255.255.0" @@ -123,6 +129,20 @@ function configureNetwork($context) { } } + if ($ip6) { + # We need the connection ID (i.e. "Local Area Connection", + # which can be discovered from the NetworkAdapter object + $na = Get-WMIObject Win32_NetworkAdapter | ` + where {$_.deviceId -eq $nic.index} + + netsh interface ipv6 add address $na.NetConnectionId $ip6 + + if ($gw6) { + netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 + } + # TODO: maybe IPv6-based DNS servers should be added here? + } + # Next NIC $nicId++; $nicIpKey = "ETH" + $nicId + "_IP" From 9cfac9aff2588c3f10d821cb0a402c70cb3144c6 Mon Sep 17 00:00:00 2001 From: kvaps <kvapss@gmail.com> Date: Thu, 28 Jul 2016 11:54:26 +0300 Subject: [PATCH 021/122] add: wait for nic --- context.ps1 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index a16968b1..507e4ef8 100644 --- a/context.ps1 +++ b/context.ps1 @@ -107,8 +107,11 @@ function configureNetwork($context) { } # Run the configuration - $nic = Get-WMIObject Win32_NetworkAdapterConfiguration | ` - where {$_.IPEnabled -eq "TRUE" -and $_.MACAddress -eq $mac} + while(!$nic) { + $nic = Get-WMIObject Win32_NetworkAdapterConfiguration | ` + where {$_.IPEnabled -eq "TRUE" -and $_.MACAddress -eq $mac} + Start-Sleep -s 1 + } $nic.ReleaseDHCPLease() $nic.EnableStatic($ip , $netmask) From 7f02dbd0b1626ecd99921597df926474f465e965 Mon Sep 17 00:00:00 2001 From: kvaps <kvapss@gmail.com> Date: Thu, 28 Jul 2016 15:03:45 +0300 Subject: [PATCH 022/122] fix: $nic variable cleanup before next nic lookup --- context.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/context.ps1 b/context.ps1 index 507e4ef8..9481f829 100644 --- a/context.ps1 +++ b/context.ps1 @@ -107,6 +107,7 @@ function configureNetwork($context) { } # Run the configuration + $nic = $false while(!$nic) { $nic = Get-WMIObject Win32_NetworkAdapterConfiguration | ` where {$_.IPEnabled -eq "TRUE" -and $_.MACAddress -eq $mac} From 501a5827e8ad2ac060008be33cda4ff231fad04e Mon Sep 17 00:00:00 2001 From: Javi Fontan <jfontan@opennebula.org> Date: Fri, 28 Oct 2016 12:34:42 +0200 Subject: [PATCH 023/122] Change link to contextualization guide --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 131b6a2e..4625c129 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ This addon produces a Windows Contextualization script to use in Windows Guest VMs running in an OpenNebula Cloud. The documentation on Windows Contextualization can be found in -the [OpenNebula User's Guide](http://docs.opennebula.org/4.14/user/virtual_machine_setup/windows_context.html). +the [OpenNebula User's Guide](http://docs.opennebula.org/5.2/operation/vm_setup/context_overview.html). ## Authors From 7ddbc6d00ac8fe47a7d9bfa62d1212722b9b0858 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Sat, 31 Dec 2016 19:36:24 +0100 Subject: [PATCH 024/122] Retry $nic.EnableStatic on failure during the write lock acquire Issue OpenNebula/addon-context-windows#5 --- context.ps1 | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index 2889d547..f2a516fe 100644 --- a/context.ps1 +++ b/context.ps1 @@ -121,8 +121,21 @@ function configureNetwork($context) { Start-Sleep -s 1 } - $nic.ReleaseDHCPLease() - $nic.EnableStatic($ip , $netmask) + # release DHCP lease only if adapter is DHCP configured + if ($nic.DHCPEnabled) { + $nic.ReleaseDHCPLease() | Out-Null + } + + # set static IP address and retry for few times if there was a problem + # with acquiring write lock (2147786788) for network configuration + # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx + $retry = 10 + do { + $retry-- + Start-Sleep -s 1 + $rtn = $nic.EnableStatic($ip , $netmask) + } while ($rtn.ReturnValue -eq 2147786788 -and $retry); + if ($gateway) { $nic.SetGateways($gateway) if ($dns) { @@ -262,3 +275,5 @@ if(Test-Path $contextScriptPath) { runScripts $context $contextLetter setContextualized } + +# vim: ai ts=4 sts=4 et sw=4 From a1ea1a82c79c43049d6558cb9579672519242435 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vlastimil.holer@gmail.com> Date: Sun, 11 Dec 2016 22:11:54 +0100 Subject: [PATCH 025/122] MSI package definition, updated README --- .gitignore | 2 ++ README.md | 31 +++++++++++++++++++ package.wxs | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+) create mode 100644 .gitignore create mode 100644 package.wxs diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..50a0d4f1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.msi +*.exe diff --git a/README.md b/README.md index 4625c129..7a0f192c 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,37 @@ This addon produces a Windows Contextualization script to use in Windows Guest V The documentation on Windows Contextualization can be found in the [OpenNebula User's Guide](http://docs.opennebula.org/5.2/operation/vm_setup/context_overview.html). +## MSI package + +Requirements for building: + +* latest [msitools](https://wiki.gnome.org/msitools) +* binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) + +`package.wxs` is a package definition in the WiX-like XML format. +Package is created by `wixl` command and package version must be specified +on command line. Package `package.msi` is then created. E.g.: + +```bash +$ wixl -D Version=0.0.1 package.wxs +``` + +Please ignore following assertion on package build, which is caused +by skipping the attribute `Start` in tag `ServiceControl`. The parameter +is optional in WiX specification, but the `msitools` still counts with it. +Despite that the package is built, command exit code is correct. + +``` +(wixl:22764): wixl-CRITICAL **: wixl_wix_builder_install_mode_to_event: assertion 'modeString != NULL' failed +``` + +### rhsrvany.exe + +On RHEL (CentOS) or Fedora systems the prebuilt binary +[rhsrvany.exe](https://github.com/rwmjones/rhsrvany) is distributed as part +of the package `virt-v2v` and placed into `/usr/share/virt-tools/rhsrvany.exe`. +Please copy the EXE into your local repository clone before creating the MSI. + ## Authors * Leader: Jaime Melis jmelis@opennebula.org diff --git a/package.wxs b/package.wxs new file mode 100644 index 00000000..f9f13c0a --- /dev/null +++ b/package.wxs @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="utf-8"?> +<?define UpgradeCode = "2056bd8a-bf03-11e6-a625-f0def1753696" ?> +<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"> + <Product Name="OpenNebula Contextualization" + Manufacturer="OpenNebula Systems" + Id="*" + UpgradeCode="$(var.UpgradeCode)" + Language="1033" Codepage="1252" + Version="$(var.Version)"> + + <Package Id="*" Keywords="Installer" + Description="OpenNebula Windows Contextualization package" + Comments="OpenNebula is a registered trademark of the OpenNebula Systems" + Manufacturer="OpenNebula Systems" + InstallerVersion="100" Languages="1033" Compressed="yes" SummaryCodepage="1252" /> + + <Media Id="1" Cabinet="cabinet.cab" EmbedCab="yes" /> + + <Property Id="ARPHELPLINK" Value="https://forum.opennebula.org/" /> + <Property Id="ARPURLINFOABOUT" Value="https://github.com/OpenNebula/addon-context-windows" /> + <Property Id="ARPNOMODIFY" Value="1"/> + <Property Id="ARPNOREPAIR" Value="1"/> + + <!-- Allow package upgrades only --> + <Upgrade Id="$(var.UpgradeCode)"> + <UpgradeVersion Minimum="$(var.Version)" OnlyDetect="yes" Property="NEWERVERSIONDETECTED"/> + <UpgradeVersion Minimum="0.0.0" Maximum="$(var.Version)" IncludeMinimum="yes" IncludeMaximum="no" Property="OLDERVERSIONBEINGUPGRADED"/> + </Upgrade> + <Condition Message="Contextualization package is already installed.">INSTALLED OR NOT NEWERVERSIONDETECTED</Condition> + + <!-- Check if we have PowerShell installed --> + <Property Id="PSEXE"> + <RegistrySearch Id="PSEXE" + Type="raw" + Root="HKLM" + Key="SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" + Name="Path" /> + </Property> + <Condition Message="Windows PowerShell not found.">INSTALLED OR PSEXE</Condition> + + <!-- Install files --> + <Directory Id="TARGETDIR" Name="SourceDir"> + <Directory Id="ProgramFilesFolder" Name="PFiles"> + <Directory Id="INSTALLDIR" Name="OpenNebula"> + <Component Id="Context" Guid="f5807056-bf0c-11e6-acbe-f0def1753696"> + <File Id="context" Name="context.ps1" DiskId="1" Source="context.ps1" KeyPath="yes" /> + </Component> + + <Component Id="Service" Guid="687050a4-c237-11e6-9fe4-54a050d65572"> + <File Id="rhsrvany" Name="rhsrvany.exe" DiskId="1" Source="rhsrvany.exe" KeyPath="yes" /> + + <ServiceInstall Id="ocInstall" Name="onecontext" + DisplayName="OpenNebula Contextualization Service" + Description="Contextualizes virtual machines running in the OpenNebula cloud" + Type="ownProcess" + Start="auto" + Account="[SYSTEM]" + Arguments="-s onecontext" + ErrorControl="normal" /> + + <ServiceControl Id="ocControl" Name="onecontext" + Remove="both" + Stop="both" + Wait="yes" /> + + <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\onecontext\Parameters"> + <RegistryValue Type="string" Name="CommandLine" Value="&quot;[PSEXE]&quot; -noExit -ExecutionPolicy Unrestricted -file &quot;[#context]&quot;" /> + <RegistryValue Type="string" Name="PWD" Value="[INSTALLDIR]" /> + </RegistryKey> + </Component> + </Directory> + </Directory> + </Directory> + + <!-- Features --> + <Feature Id="Complete" Level="1"> + <ComponentRef Id="Context"/> + <ComponentRef Id="Service"/> + </Feature> + + <InstallExecuteSequence> + <RemoveExistingProducts After="InstallValidate"/> + </InstallExecuteSequence> + </Product> +</Wix> From 2770ff3c811b41adb9004eb2a5fcf7a185e12055 Mon Sep 17 00:00:00 2001 From: Shane Lee <slee@saltstack.com> Date: Wed, 4 Jan 2017 07:48:41 -0700 Subject: [PATCH 026/122] Make improvements to functions in context.ps1 (#16) Make improvements to functions in context.ps1 by Shane Lee <slee@saltstack.com> --- context.ps1 | 80 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 32 deletions(-) diff --git a/context.ps1 b/context.ps1 index f2a516fe..3c19f585 100644 --- a/context.ps1 +++ b/context.ps1 @@ -27,6 +27,7 @@ Set-ExecutionPolicy unrestricted -force # not needed if already done once on the [string]$ConnectionString = "WinNT://$computerName" function getContext($file) { + Write-Host "Loading Context File" $context = @{} switch -regex -file $file { "^([^=]+)='(.+?)'$" { @@ -39,46 +40,55 @@ function getContext($file) { function addLocalUser($context) { # Create new user - $username = $context["USERNAME"] - $password = $context["PASSWORD"] + $username = $context["USERNAME"] + $password = $context["PASSWORD"] + + if ($username) { $ADSI = [adsi]$ConnectionString if(!([ADSI]::Exists("WinNT://$computerName/$username"))) { - $user = $ADSI.Create("user",$username) - $user.setPassword($password) - $user.SetInfo() + Write-Host "Creating account for $username" + $user = $ADSI.Create("user",$username) + $user.setPassword($password) + $user.SetInfo() } # Already exists, change password - else{ - $admin = [ADSI]"WinNT://$env:computername/$username" - $admin.psbase.invoke("SetPassword", $password) + else { + Write-Host "Setting password for $username" + $admin = [ADSI]"WinNT://$env:computername/$username" + $admin.psbase.invoke("SetPassword", $password) } - # Set Password to Never Expires - $admin = [ADSI]"WinNT://$env:computername/$username" - $admin.UserFlags.value = $admin.UserFlags.value -bor 0x10000 - $admin.CommitChanges() - - # Add user to local Administrators - # ATTENTION - language/regional settings have influence on this group, "Administrators" fits for English - $groups = "Administrators" - $groups = (Get-WmiObject -Class "Win32_Group" | where { $_.SID -like "S-1-5-32-544" } | select -ExpandProperty Name) - - foreach ($grp in $groups) { - if([ADSI]::Exists("WinNT://$computerName/$grp,group")) { - $group = [ADSI] "WinNT://$computerName/$grp,group" - if([ADSI]::Exists("WinNT://$computerName/$username")) { - $group.Add("WinNT://$computerName/$username") - } + # Set Password to Never Expires + Write-Host "Setting password to never expire" + $admin = [ADSI]"WinNT://$env:computername/$username" + $admin.UserFlags.value = $admin.UserFlags.value -bor 0x10000 + $admin.CommitChanges() + + # Add user to local Administrators + # ATTENTION - language/regional settings have influence on this group, "Administrators" fits for English + $groups = (Get-WmiObject -Class "Win32_Group" | where { $_.SID -like "S-1-5-32-544" } | select -ExpandProperty Name) + + foreach ($grp in $groups) { + if([ADSI]::Exists("WinNT://$computerName/$grp,group")) { + $group = [ADSI] "WinNT://$computerName/$grp,group" + if([ADSI]::Exists("WinNT://$computerName/$username")) { + Write-Host "Adding $username to $group" + $group.Add("WinNT://$computerName/$username") } + } } + } } function configureNetwork($context) { + Write-Host "Configuring Network Settings" $nicId = 0; $nicIpKey = "ETH" + $nicId + "_IP" while ($context[$nicIpKey]) { + Write-Host "Configuring Network Settings for $nicIPKey" + # Retrieve the data $nicPrefix = "ETH" + $nicId + "_" @@ -99,8 +109,8 @@ function configureNetwork($context) { $gateway = $context[$gatewayKey] $network = $context[$networkKey] - $ip6 = $context[$ip6Key] - $gw6 = $context[$gw6Key] + $ip6 = $context[$ip6Key] + $gw6 = $context[$gw6Key] $mac = $mac.ToUpper() if (!$netmask) { @@ -121,6 +131,8 @@ function configureNetwork($context) { Start-Sleep -s 1 } + Write-Host $nic.Description + # release DHCP lease only if adapter is DHCP configured if ($nic.DHCPEnabled) { $nic.ReleaseDHCPLease() | Out-Null @@ -147,15 +159,15 @@ function configureNetwork($context) { } if ($ip6) { - # We need the connection ID (i.e. "Local Area Connection", - # which can be discovered from the NetworkAdapter object - $na = Get-WMIObject Win32_NetworkAdapter | ` - where {$_.deviceId -eq $nic.index} + # We need the connection ID (i.e. "Local Area Connection", + # which can be discovered from the NetworkAdapter object + $na = Get-WMIObject Win32_NetworkAdapter | ` + where {$_.deviceId -eq $nic.index} netsh interface ipv6 add address $na.NetConnectionId $ip6 if ($gw6) { - netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 + netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 } # TODO: maybe IPv6-based DNS servers should be added here? } @@ -168,6 +180,7 @@ function configureNetwork($context) { function renameComputer($context) { $hostname = $context["SET_HOSTNAME"] + Write-Host "Changing Hostname to $hostname" if ($hostname) { $ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem $ComputerInfo.rename($hostname) @@ -176,6 +189,7 @@ function renameComputer($context) { function enableRemoteDesktop() { + Write-Host "Enabling Remote Desktop" # Windows 7 only - add firewall exception for RDP netsh advfirewall Firewall set rule group="Remote Desktop" new enable=yes @@ -186,6 +200,7 @@ function enableRemoteDesktop() function enablePing() { + Write-Host "Enabling Ping" #Create firewall manager object $FWM=new-object -com hnetcfg.fwmgr @@ -196,6 +211,7 @@ function enablePing() function runScripts($context, $contextLetter) { + Write-Host "Running Scripts" # Execute $initscripts = $context["INIT_SCRIPTS"] @@ -225,7 +241,7 @@ function runScripts($context, $contextLetter) function isContextualized() { - return $FALSE + return Test-Path "$env:SystemDrive\.opennebula-context" } function setContextualized() From ef8862a6444ae892c24f0397d3a191c7f589a961 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Wed, 4 Jan 2017 18:14:35 +0100 Subject: [PATCH 027/122] Add generate.sh, update documentation --- README.md | 18 ++++++++++++------ generate.sh | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 6 deletions(-) create mode 100755 generate.sh diff --git a/README.md b/README.md index 7a0f192c..bccf7632 100644 --- a/README.md +++ b/README.md @@ -14,18 +14,24 @@ Requirements for building: * latest [msitools](https://wiki.gnome.org/msitools) * binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) -`package.wxs` is a package definition in the WiX-like XML format. -Package is created by `wixl` command and package version must be specified -on command line. Package `package.msi` is then created. E.g.: +Script `generate.sh` builds the MSI package. It's a wrapper around +the `wixl` command from `msitools`. It reads the `package.wxs`, a package +definition in the WiX-like XML format. Package name or version can be +overridden by env. variables `NAME` and `VERSION`. For example: ```bash -$ wixl -D Version=0.0.1 package.wxs +$ ./generate.sh +$ NAME=one-context ./generate.sh +$ VERSION=1.0.0 ./generate.sh ``` +New package is created as `${NAME}-${VERSION}.msi`, +e.g. `one-context-1.0.0.msi`. + Please ignore following assertion on package build, which is caused by skipping the attribute `Start` in tag `ServiceControl`. The parameter is optional in WiX specification, but the `msitools` still counts with it. -Despite that the package is built, command exit code is correct. +Despite that, the package is built. ``` (wixl:22764): wixl-CRITICAL **: wixl_wix_builder_install_mode_to_event: assertion 'modeString != NULL' failed @@ -33,7 +39,7 @@ Despite that the package is built, command exit code is correct. ### rhsrvany.exe -On RHEL (CentOS) or Fedora systems the prebuilt binary +On RHEL (CentOS) or Fedora systems the required binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) is distributed as part of the package `virt-v2v` and placed into `/usr/share/virt-tools/rhsrvany.exe`. Please copy the EXE into your local repository clone before creating the MSI. diff --git a/generate.sh b/generate.sh new file mode 100755 index 00000000..e76968fa --- /dev/null +++ b/generate.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# -------------------------------------------------------------------------- # +# Copyright 2010-2017, OpenNebula Systems # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +NAME=${NAME:-one-context} +VERSION=${VERSION:-5.2.0} +FILENAME=${FILENAME:-${NAME}-${VERSION}.msi} + +if [ ! -f rhsrvany.exe ]; then + if [ -f /usr/share/virt-tools/rhsrvany.exe ]; then + cp /usr/share/virt-tools/rhsrvany.exe . + else + echo 'Missing rhsrvany.exe' >&2 + exit 1 + fi +fi + +set -e + +wixl -D Version="${VERSION}" -o "${FILENAME}" package.wxs +echo "${FILENAME}" From 6fece734c20ba269e496102fdbc3035cd646db07 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Thu, 5 Jan 2017 15:04:35 +0100 Subject: [PATCH 028/122] gh-19: Skip contextualization if $vmwareContext is NULL Closes #19 --- context.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 3c19f585..71a550b9 100644 --- a/context.ps1 +++ b/context.ps1 @@ -271,7 +271,7 @@ if ($contextDrive) { # Try the VMware API $vmwareContext = & "$env:ProgramFiles\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.opennebula.context" | Out-String - if ($vmwareContext -eq "") { + if ("$vmwareContext" -eq "") { Write-Host "No Context CDROM found." exit 1 } From e77d9993615e50d221b18e60560390cc0d918e06 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Thu, 5 Jan 2017 15:06:49 +0100 Subject: [PATCH 029/122] gh-20: Capture script output into $env:SystemDrive\.opennebula-context.out Closes #20 --- context.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/context.ps1 b/context.ps1 index 71a550b9..5031c645 100644 --- a/context.ps1 +++ b/context.ps1 @@ -22,6 +22,8 @@ ##### DETI/IEETA Universidade de Aveiro 2011 ##### ################################################################# +Start-Transcript -Append -Path "$env:SystemDrive\.opennebula-context.out" | Out-Null + Set-ExecutionPolicy unrestricted -force # not needed if already done once on the VM [string]$computerName = "$env:computername" [string]$ConnectionString = "WinNT://$computerName" @@ -292,4 +294,6 @@ if(Test-Path $contextScriptPath) { setContextualized } +Stop-Transcript | Out-Null + # vim: ai ts=4 sts=4 et sw=4 From 48e7a4a6dc78463440477a9a744778089243c19e Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Thu, 5 Jan 2017 16:07:31 +0100 Subject: [PATCH 030/122] gh-21: Go through the contextualization on each run Closes #21 --- context.ps1 | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/context.ps1 b/context.ps1 index 5031c645..5efa5295 100644 --- a/context.ps1 +++ b/context.ps1 @@ -241,26 +241,10 @@ function runScripts($context, $contextLetter) } } -function isContextualized() -{ - return Test-Path "$env:SystemDrive\.opennebula-context" -} - -function setContextualized() -{ - echo "contextualized" | Out-File "$env:SystemDrive\.opennebula-context" -} - ################################################################################ # Main ################################################################################ -# Return if VM has already been contextualized -if (isContextualized) { - Write-Host "VM already contextualized." - exit 0 -} - # Get all drives and select only the one that has "CONTEXT" as a label $contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } @@ -291,7 +275,6 @@ if(Test-Path $contextScriptPath) { enablePing configureNetwork $context runScripts $context $contextLetter - setContextualized } Stop-Transcript | Out-Null From 74785d895492607249d0a1b94a49e6bc6d8497cd Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Wed, 11 Jan 2017 17:38:50 +0100 Subject: [PATCH 031/122] "Get package" text --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bccf7632..9e176e01 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,12 @@ This addon produces a Windows Contextualization script to use in Windows Guest V The documentation on Windows Contextualization can be found in the [OpenNebula User's Guide](http://docs.opennebula.org/5.2/operation/vm_setup/context_overview.html). -## MSI package +## Get package + +Latest version can be downloaded from the +[release page](https://github.com/OpenNebula/addon-context-windows/releases). + +## Build own MSI package Requirements for building: From 7973db6e8726dad8a260d1271f48ed78f128cb88 Mon Sep 17 00:00:00 2001 From: Shane Lee <slee@saltstack.com> Date: Fri, 3 Feb 2017 09:28:04 -0700 Subject: [PATCH 032/122] Add additional context.ps1 improvements (#23) * Add additional DNS settings Improve logging Show Success and Failure * Add Rebooting text, exit after reboot * Add missing variable, missed in refactor * Add smarter checking for Computer Rename * Save rename errors in the transcript --- .gitignore | 2 + context.ps1 | 323 +++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 261 insertions(+), 64 deletions(-) diff --git a/.gitignore b/.gitignore index 50a0d4f1..94efa888 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ *.msi *.exe +*.un~ +.idea diff --git a/context.ps1 b/context.ps1 index 5efa5295..8ecde878 100644 --- a/context.ps1 +++ b/context.ps1 @@ -24,6 +24,10 @@ Start-Transcript -Append -Path "$env:SystemDrive\.opennebula-context.out" | Out-Null +Write-Output "Running Script: $($MyInvocation.InvocationName)" +Get-Date +Write-Output "" + Set-ExecutionPolicy unrestricted -force # not needed if already done once on the VM [string]$computerName = "$env:computername" [string]$ConnectionString = "WinNT://$computerName" @@ -47,72 +51,98 @@ function addLocalUser($context) { if ($username) { + Write-Output "Creating Account for $username" + $ADSI = [adsi]$ConnectionString if(!([ADSI]::Exists("WinNT://$computerName/$username"))) { - Write-Host "Creating account for $username" + # User does not exist, Create the User + Write-Output "- Creating account" $user = $ADSI.Create("user",$username) $user.setPassword($password) $user.SetInfo() - } - # Already exists, change password - else { - Write-Host "Setting password for $username" + } else { + # User exists, Set Password + Write-Output "- Setting Password" $admin = [ADSI]"WinNT://$env:computername/$username" $admin.psbase.invoke("SetPassword", $password) } - # Set Password to Never Expires - Write-Host "Setting password to never expire" + # Set Password to Never Expire + Write-Output "- Setting password to never expire" $admin = [ADSI]"WinNT://$env:computername/$username" $admin.UserFlags.value = $admin.UserFlags.value -bor 0x10000 $admin.CommitChanges() # Add user to local Administrators - # ATTENTION - language/regional settings have influence on this group, "Administrators" fits for English - $groups = (Get-WmiObject -Class "Win32_Group" | where { $_.SID -like "S-1-5-32-544" } | select -ExpandProperty Name) - - foreach ($grp in $groups) { - if([ADSI]::Exists("WinNT://$computerName/$grp,group")) { - $group = [ADSI] "WinNT://$computerName/$grp,group" - if([ADSI]::Exists("WinNT://$computerName/$username")) { - Write-Host "Adding $username to $group" - $group.Add("WinNT://$computerName/$username") + # ATTENTION - Language/Regional settings have influence on the naming + # of this group. Use the Group SID instead (S-1-5-32-544) + $groups = (Get-WmiObject -Class "Win32_Group" | + where { $_.SID -like "S-1-5-32-544" } | + select -ExpandProperty Name) + + ForEach ($grp in $groups) { + + # Make sure the Group exists + If([ADSI]::Exists("WinNT://$computerName/$grp,group")) { + + # Check if the user is a Member of the Group + $group = [ADSI] "WinNT://$computerName/$grp,group" + $members = @($group.psbase.Invoke("Members")) + + $memberNames = @() + $members | ForEach-Object { + $memberNames += $_.GetType().InvokeMember( + "Name", 'GetProperty', $null, $_, $null); + } + + If (-Not $memberNames.Contains($username)) { + + # Make sure the user exists, again + if([ADSI]::Exists("WinNT://$computerName/$username")) { + + # Add the user + Write-Output "- Adding to $grp" + $group.Add("WinNT://$computerName/$username") + } } } } } + Write-Output "" } function configureNetwork($context) { - Write-Host "Configuring Network Settings" + + # Get the NIC in the Context $nicId = 0; $nicIpKey = "ETH" + $nicId + "_IP" while ($context[$nicIpKey]) { - Write-Host "Configuring Network Settings for $nicIPKey" - # Retrieve the data + # Retrieve data from Context $nicPrefix = "ETH" + $nicId + "_" - $ipKey = $nicPrefix + "IP" - $netmaskKey = $nicPrefix + "MASK" - $macKey = $nicPrefix + "MAC" - $dnsKey = $nicPrefix + "DNS" - $gatewayKey = $nicPrefix + "GATEWAY" - $networkKey = $nicPrefix + "NETWORK" + $ipKey = $nicPrefix + "IP" + $netmaskKey = $nicPrefix + "MASK" + $macKey = $nicPrefix + "MAC" + $dnsKey = $nicPrefix + "DNS" + $dnsSuffixKey = $nicPrefix + "SEARCH_DOMAIN" + $gatewayKey = $nicPrefix + "GATEWAY" + $networkKey = $nicPrefix + "NETWORK" $ip6Key = $nicPrefix + "IP6" $gw6Key = $nicPrefix + "GATEWAY6" - $ip = $context[$ipKey] - $netmask = $context[$netmaskKey] - $mac = $context[$macKey] - $dns = $context[$dnsKey] - $gateway = $context[$gatewayKey] - $network = $context[$networkKey] + $ip = $context[$ipKey] + $netmask = $context[$netmaskKey] + $mac = $context[$macKey] + $dns = $context[$dnsKey] + $dnsSuffix = $context[$dnsSuffixKey] + $gateway = $context[$gatewayKey] + $network = $context[$networkKey] - $ip6 = $context[$ip6Key] - $gw6 = $context[$gw6Key] + $ip6 = $context[$ip6Key] + $gw6 = $context[$gw6Key] $mac = $mac.ToUpper() if (!$netmask) { @@ -125,7 +155,7 @@ function configureNetwork($context) { $gateway = $ip -replace "\.[^.]+$", ".1" } - # Run the configuration + # Load the NIC Configuration Object $nic = $false while(!$nic) { $nic = Get-WMIObject Win32_NetworkAdapterConfiguration | ` @@ -133,31 +163,95 @@ function configureNetwork($context) { Start-Sleep -s 1 } - Write-Host $nic.Description - - # release DHCP lease only if adapter is DHCP configured - if ($nic.DHCPEnabled) { - $nic.ReleaseDHCPLease() | Out-Null + Write-Output ("Configuring Network Settings: " + $nic.Description.ToString()) + + # Release the DHCP lease, will fail if adapter not DHCP Configured + Write-Output "- Release DHCP Lease" + $ret = $nic.ReleaseDHCPLease() + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" } # set static IP address and retry for few times if there was a problem # with acquiring write lock (2147786788) for network configuration # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx + Write-Output "- Enable Static IP" $retry = 10 do { $retry-- Start-Sleep -s 1 - $rtn = $nic.EnableStatic($ip , $netmask) - } while ($rtn.ReturnValue -eq 2147786788 -and $retry); + $ret = $nic.EnableStatic($ip , $netmask) + } while ($ret.ReturnValue -eq 2147786788 -and $retry); + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + if ($gateway) { - $nic.SetGateways($gateway) - if ($dns) { + + # Set the Gateway + Write-Output "- Set Gateway" + $ret = $nic.SetGateways($gateway) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + + If ($dns) { + + # DNS Servers $dnsServers = $dns -split " " - $nic.SetDNSServerSearchOrder($dnsServers) - $nic.SetDynamicDNSRegistration("TRUE") + + # DNS Server Search Order + Write-Output "- Set DNS Server Search Order" + $ret = $nic.SetDNSServerSearchOrder($dnsServers) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + + # Set Dynamic DNS Registration + Write-Output "- Set Dynamic DNS Registration" + $ret = $nic.SetDynamicDNSRegistration("TRUE") + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + + # WINS Addresses # $nic.SetWINSServer($DNSServers[0], $DNSServers[1]) } + + if ($dnsSuffix) { + + # DNS Suffixes + $dnsSuffixes = $dnsSuffix -split " " + + # Set DNS Suffix Search Order + Write-Output "- Set DNS Suffix Search Order" + $ret = ([WMIClass]"Win32_NetworkAdapterConfiguration").SetDNSSuffixSearchOrder(($dnsSuffixes)) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + + # Set Primary DNS Domain + Write-Output "- Set Primary DNS Domain" + $ret = $nic.SetDNSDomain($dnsSuffixes[0]) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + } } if ($ip6) { @@ -166,8 +260,11 @@ function configureNetwork($context) { $na = Get-WMIObject Win32_NetworkAdapter | ` where {$_.deviceId -eq $nic.index} + # Set IPv6 Address + Write-Output "- Set IPv6 Address" netsh interface ipv6 add address $na.NetConnectionId $ip6 + # Set IPv6 Gateway if ($gw6) { netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 } @@ -178,67 +275,166 @@ function configureNetwork($context) { $nicId++; $nicIpKey = "ETH" + $nicId + "_IP" } + Write-Output "" } function renameComputer($context) { - $hostname = $context["SET_HOSTNAME"] - Write-Host "Changing Hostname to $hostname" - if ($hostname) { + + # Initialize Variables + $current_hostname = hostname + $context_hostname = $context["SET_HOSTNAME"] + $logged_hostname = "Unknown" + + # Check for the .opennebula-renamed file + If (Test-Path "$env:SystemDrive\.opennebula-renamed") { + + # Grab the JSON content + $json = Get-Content -Path "$env:SystemDrive\.opennebula-renamed" ` + | Out-String + + # Convert to a Hash Table and set the Logged Hostname + try { + $status = $json | ConvertFrom-Json + $logged_hostname = $status.ComputerName + } + # Invalid JSON + catch [System.ArgumentException] { + Write-Output "Invalid JSON:" + Write-Output $json.ToString() + } + } + + If ((!(Test-Path "$env:SystemDrive\.opennebula-renamed")) -or ` + ($context_hostname.ToLower() -ne $logged_hostname.ToLower())) { + + # .opennebula-renamed not found or the logged_name does not match the + # context_name, rename the computer + + Write-Output "Changing Hostname to $context_hostname" + # Load the ComputerSystem Object $ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem - $ComputerInfo.rename($hostname) + + # Rename the computer + $ret = $ComputerInfo.rename($context_hostname) + + $contents = @{} + $contents["ComputerName"] = $context_hostname + ConvertTo-Json $contents | Out-File "$env:SystemDrive\.opennebula-renamed" + + # Check success + If ($ret.ReturnValue) { + + # Returned Non Zero, Failed, No restart + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + Write-Output " Check the computername." + Write-Output "Possible Issues: The name cannot include control" ` + "characters, leading or trailing spaces, or any of" ` + "the following characters: `" / \ [ ] : | < > + = ; , ?" + + } Else { + + # Returned Zero, Success + Write-Output "... Success" + + # Restart the Computer + Write-Output "... Rebooting" + Restart-Computer -Force + + # Exit here so the script doesn't continue to run + Exit 0 + } + } else { + If ($current_hostname -eq $context_hostname) { + Write-Output "Computer Name already set: $context_hostname" + } + ElseIf (($current_hostname -ne $context_hostname) -and ` + ($context_hostname -eq $logged_hostname)) { + Write-Output "Computer Rename Attempted but failed:" + Write-Output "- Current: $current_hostname" + Write-Output "- Context: $context_hostname" + } } + Write-Output "" } function enableRemoteDesktop() { - Write-Host "Enabling Remote Desktop" + Write-Output "Enabling Remote Desktop" # Windows 7 only - add firewall exception for RDP + Write-Output "- Enable Remote Desktop Rule Group" netsh advfirewall Firewall set rule group="Remote Desktop" new enable=yes # Enable RDP - $Terminal = (Get-WmiObject -Class "Win32_TerminalServiceSetting" -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1) - return $Terminal + Write-Output "- Enable Allow Terminal Services Connections" + $ret = (Get-WmiObject -Class "Win32_TerminalServiceSetting" -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + Write-Output "" } function enablePing() { - Write-Host "Enabling Ping" + Write-Output "Enabling Ping" #Create firewall manager object - $FWM=new-object -com hnetcfg.fwmgr + $fwm=new-object -com hnetcfg.fwmgr # Get current profile $pro=$fwm.LocalPolicy.CurrentProfile - $pro.IcmpSettings.AllowInboundEchoRequest=$true + + Write-Output "- Enable Allow Inbound Echo Requests" + $ret = $pro.IcmpSettings.AllowInboundEchoRequest=$true + If ($ret) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + + Write-Output "" } function runScripts($context, $contextLetter) { - Write-Host "Running Scripts" - # Execute + Write-Output "Running Scripts" + # Get list of scripts to run, " " delimited $initscripts = $context["INIT_SCRIPTS"] if ($initscripts) { - foreach ($script in $initscripts.split(" ")) { + + # Parse each script and run it + ForEach ($script in $initscripts.split(" ")) { + $script = $contextLetter + $script - if (Test-Path $script) { + If (Test-Path $script) { + Write-Output "- $script" & $script } + } } - # Execute START_SCRIPT and START_SCRIPT_64 + # Execute START_SCRIPT or START_SCRIPT_64 $startScript = $context["START_SCRIPT"] $startScript64 = $context["START_SCRIPT_BASE64"] - if ($startScript64) { + If ($startScript64) { $startScript = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($startScript64)) } - if ($startScript) { + If ($startScript) { + + # Save the script as .opennebula-startscript.ps1 $startScriptPS = "$env:SystemDrive\.opennebula-startscript.ps1" $startScript | Out-File $startScriptPS "UTF8" + + # Launch the Script + Write-Output "- $startScriptPS" & $startScriptPS + } + Write-Output "" } ################################################################################ @@ -269,8 +465,8 @@ if ($contextDrive) { # Execute script if(Test-Path $contextScriptPath) { $context = getContext $contextScriptPath - addLocalUser $context renameComputer $context + addLocalUser $context enableRemoteDesktop enablePing configureNetwork $context @@ -279,4 +475,3 @@ if(Test-Path $contextScriptPath) { Stop-Transcript | Out-Null -# vim: ai ts=4 sts=4 et sw=4 From aba1092e1de0addf578bfbbc0d1148bd11a1676f Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vlastimil.holer@gmail.com> Date: Tue, 21 Mar 2017 16:55:16 +0100 Subject: [PATCH 033/122] Improved IPv6 support for ON 5.4 (#26) --- context.ps1 | 47 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/context.ps1 b/context.ps1 index 8ecde878..75e1a4fd 100644 --- a/context.ps1 +++ b/context.ps1 @@ -130,8 +130,10 @@ function configureNetwork($context) { $gatewayKey = $nicPrefix + "GATEWAY" $networkKey = $nicPrefix + "NETWORK" - $ip6Key = $nicPrefix + "IP6" - $gw6Key = $nicPrefix + "GATEWAY6" + $ip6Key = $nicPrefix + "IP6" + $ip6ULAKey = $nicPrefix + "IP6_ULA" + $ip6PrefixKey = $nicPrefix + "IP6_PREFIX_LENGTH" + $gw6Key = $nicPrefix + "GATEWAY6" $ip = $context[$ipKey] $netmask = $context[$netmaskKey] @@ -142,12 +144,17 @@ function configureNetwork($context) { $network = $context[$networkKey] $ip6 = $context[$ip6Key] + $ip6ULA = $context[$ip6ULAKey] + $ip6Prefix = $context[$ip6PrefixKey] $gw6 = $context[$gw6Key] $mac = $mac.ToUpper() if (!$netmask) { $netmask = "255.255.255.0" } + if (!$ip6Prefix) { + $ip6Prefix = "64" + } if (!$network) { $network = $ip -replace "\.[^.]+$", ".0" } @@ -260,9 +267,43 @@ function configureNetwork($context) { $na = Get-WMIObject Win32_NetworkAdapter | ` where {$_.deviceId -eq $nic.index} + + # Disable router discovery + Write-Output "- Disable IPv6 router discovery" + netsh interface ipv6 set interface $na.NetConnectionId ` + advertise=disabled routerdiscover=disabled | Out-Null + + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + + # Remove old IPv6 addresses + Write-Output "- Removing old IPv6 addresses" + if (Get-Command Remove-NetIPAddress -errorAction SilentlyContinue) { + # Windows 8.1 and Server 2012 R2 and up + # we want to remove everything except the link-local address + Remove-NetIPAddress -InterfaceAlias $na.NetConnectionId ` + -AddressFamily IPv6 -Confirm:$false ` + -PrefixOrigin Other,Manual,Dhcp,RouterAdvertisement ` + -errorAction SilentlyContinue + + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Nothing to do" + } + } Else { + Write-Output " ... Not implemented" + } + # Set IPv6 Address Write-Output "- Set IPv6 Address" - netsh interface ipv6 add address $na.NetConnectionId $ip6 + netsh interface ipv6 add address $na.NetConnectionId $ip6/$ip6Prefix + if ($ip6ULA) { + netsh interface ipv6 add address $na.NetConnectionId $ip6ULA/64 + } # Set IPv6 Gateway if ($gw6) { From 372d05deec59d7562383989fc7e71a9e0ab3c870 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Tue, 21 Mar 2017 17:53:33 +0100 Subject: [PATCH 034/122] Detect vmtoolsd.exe location Closes #24 --- context.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 75e1a4fd..19382ed4 100644 --- a/context.ps1 +++ b/context.ps1 @@ -492,7 +492,15 @@ if ($contextDrive) { } else { # Try the VMware API - $vmwareContext = & "$env:ProgramFiles\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.opennebula.context" | Out-String + $vmtoolsd = "${env:ProgramFiles}\VMware\VMware Tools\vmtoolsd.exe" + if(-Not (Test-Path $vmtoolsd)) { + $vmtoolsd = "${env:ProgramFiles(x86)}\VMware\VMware Tools\vmtoolsd.exe" + } + + $vmwareContext = "" + if (Test-Path $vmtoolsd) { + $vmwareContext = & $vmtoolsd --cmd "info-get guestinfo.opennebula.context" | Out-String + } if ("$vmwareContext" -eq "") { Write-Host "No Context CDROM found." From 05832a20e2794fadee7dc0b1166f2509a0e2b8c3 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Wed, 22 Mar 2017 11:39:18 +0100 Subject: [PATCH 035/122] Skip renameComputer if not SET_HOSTNAME variable Change brought by #23 --- context.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/context.ps1 b/context.ps1 index 19382ed4..28aa7e8c 100644 --- a/context.ps1 +++ b/context.ps1 @@ -326,6 +326,10 @@ function renameComputer($context) { $context_hostname = $context["SET_HOSTNAME"] $logged_hostname = "Unknown" + if (! $context_hostname) { + return + } + # Check for the .opennebula-renamed file If (Test-Path "$env:SystemDrive\.opennebula-renamed") { From 14c1a2f1dc710df1a95bf7e0fdfc18a4e97cc2e7 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Wed, 22 Mar 2017 12:34:04 +0100 Subject: [PATCH 036/122] Allow IPv6 only interfaces to be configured Issue #15 --- context.ps1 | 120 +++++++++++++++++++++++++++------------------------- 1 file changed, 62 insertions(+), 58 deletions(-) diff --git a/context.ps1 b/context.ps1 index 28aa7e8c..6c109ed1 100644 --- a/context.ps1 +++ b/context.ps1 @@ -117,8 +117,9 @@ function configureNetwork($context) { # Get the NIC in the Context $nicId = 0; $nicIpKey = "ETH" + $nicId + "_IP" - while ($context[$nicIpKey]) { + $nicIp6Key = "ETH" + $nicId + "_IP6" + while ($context[$nicIpKey] -Or $context[$nicIp6Key]) { # Retrieve data from Context $nicPrefix = "ETH" + $nicId + "_" @@ -181,82 +182,84 @@ function configureNetwork($context) { Write-Output " ... Success" } - # set static IP address and retry for few times if there was a problem - # with acquiring write lock (2147786788) for network configuration - # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx - Write-Output "- Enable Static IP" - $retry = 10 - do { - $retry-- - Start-Sleep -s 1 - $ret = $nic.EnableStatic($ip , $netmask) - } while ($ret.ReturnValue -eq 2147786788 -and $retry); - If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { - Write-Output " ... Success" - } - - - if ($gateway) { - - # Set the Gateway - Write-Output "- Set Gateway" - $ret = $nic.SetGateways($gateway) + if ($ip) { + # set static IP address and retry for few times if there was a problem + # with acquiring write lock (2147786788) for network configuration + # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx + Write-Output "- Enable Static IP" + $retry = 10 + do { + $retry-- + Start-Sleep -s 1 + $ret = $nic.EnableStatic($ip , $netmask) + } while ($ret.ReturnValue -eq 2147786788 -and $retry); If ($ret.ReturnValue) { Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { Write-Output " ... Success" } - If ($dns) { - # DNS Servers - $dnsServers = $dns -split " " + if ($gateway) { - # DNS Server Search Order - Write-Output "- Set DNS Server Search Order" - $ret = $nic.SetDNSServerSearchOrder($dnsServers) + # Set the Gateway + Write-Output "- Set Gateway" + $ret = $nic.SetGateways($gateway) If ($ret.ReturnValue) { Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { Write-Output " ... Success" } - # Set Dynamic DNS Registration - Write-Output "- Set Dynamic DNS Registration" - $ret = $nic.SetDynamicDNSRegistration("TRUE") - If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { - Write-Output " ... Success" - } + If ($dns) { - # WINS Addresses - # $nic.SetWINSServer($DNSServers[0], $DNSServers[1]) - } + # DNS Servers + $dnsServers = $dns -split " " - if ($dnsSuffix) { + # DNS Server Search Order + Write-Output "- Set DNS Server Search Order" + $ret = $nic.SetDNSServerSearchOrder($dnsServers) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } - # DNS Suffixes - $dnsSuffixes = $dnsSuffix -split " " + # Set Dynamic DNS Registration + Write-Output "- Set Dynamic DNS Registration" + $ret = $nic.SetDynamicDNSRegistration("TRUE") + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } - # Set DNS Suffix Search Order - Write-Output "- Set DNS Suffix Search Order" - $ret = ([WMIClass]"Win32_NetworkAdapterConfiguration").SetDNSSuffixSearchOrder(($dnsSuffixes)) - If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { - Write-Output " ... Success" + # WINS Addresses + # $nic.SetWINSServer($DNSServers[0], $DNSServers[1]) } - # Set Primary DNS Domain - Write-Output "- Set Primary DNS Domain" - $ret = $nic.SetDNSDomain($dnsSuffixes[0]) - If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { - Write-Output " ... Success" + if ($dnsSuffix) { + + # DNS Suffixes + $dnsSuffixes = $dnsSuffix -split " " + + # Set DNS Suffix Search Order + Write-Output "- Set DNS Suffix Search Order" + $ret = ([WMIClass]"Win32_NetworkAdapterConfiguration").SetDNSSuffixSearchOrder(($dnsSuffixes)) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } + + # Set Primary DNS Domain + Write-Output "- Set Primary DNS Domain" + $ret = $nic.SetDNSDomain($dnsSuffixes[0]) + If ($ret.ReturnValue) { + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + Write-Output " ... Success" + } } } } @@ -315,6 +318,7 @@ function configureNetwork($context) { # Next NIC $nicId++; $nicIpKey = "ETH" + $nicId + "_IP" + $nicIp6Key = "ETH" + $nicId + "_IP6" } Write-Output "" } @@ -497,7 +501,7 @@ if ($contextDrive) { # Try the VMware API $vmtoolsd = "${env:ProgramFiles}\VMware\VMware Tools\vmtoolsd.exe" - if(-Not (Test-Path $vmtoolsd)) { + if (-Not (Test-Path $vmtoolsd)) { $vmtoolsd = "${env:ProgramFiles(x86)}\VMware\VMware Tools\vmtoolsd.exe" } From c26a61ef85780621b7db86e3ad174b1c4642bf94 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Mon, 27 Mar 2017 17:00:40 +0200 Subject: [PATCH 037/122] Export context variables into environment --- context.ps1 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/context.ps1 b/context.ps1 index 6c109ed1..3cbf0f14 100644 --- a/context.ps1 +++ b/context.ps1 @@ -44,6 +44,13 @@ function getContext($file) { return $context } +function envContext($context) { + ForEach ($h in $context.GetEnumerator()) { + $name = "Env:"+$h.Name + Set-Item $name $h.Value + } +} + function addLocalUser($context) { # Create new user $username = $context["USERNAME"] @@ -447,6 +454,7 @@ function enablePing() function runScripts($context, $contextLetter) { Write-Output "Running Scripts" + # Get list of scripts to run, " " delimited $initscripts = $context["INIT_SCRIPTS"] @@ -458,6 +466,7 @@ function runScripts($context, $contextLetter) $script = $contextLetter + $script If (Test-Path $script) { Write-Output "- $script" + envContext($context) & $script } @@ -480,6 +489,7 @@ function runScripts($context, $contextLetter) # Launch the Script Write-Output "- $startScriptPS" + envContext($context) & $startScriptPS } From 46608d96b46f790b2bfe853dcb8187a534b0e987 Mon Sep 17 00:00:00 2001 From: kvaps <kvapss@gmail.com> Date: Mon, 15 May 2017 17:27:22 +0200 Subject: [PATCH 038/122] add: IPv6 DNS configuration --- context.ps1 | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index 3cbf0f14..46e02a27 100644 --- a/context.ps1 +++ b/context.ps1 @@ -146,7 +146,8 @@ function configureNetwork($context) { $ip = $context[$ipKey] $netmask = $context[$netmaskKey] $mac = $context[$macKey] - $dns = $context[$dnsKey] + $dns = (($context[$dnsKey] -split " " | Where {$_ -match '^(([0-9]*).?){4}$'}) -join ' ') + $dns6 = (($context[$dnsKey] -split " " | Where {$_ -match '^(([0-9A-F]*):?)*$'}) -join ' ') $dnsSuffix = $context[$dnsSuffixKey] $gateway = $context[$gatewayKey] $network = $context[$networkKey] @@ -319,7 +320,21 @@ function configureNetwork($context) { if ($gw6) { netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 } - # TODO: maybe IPv6-based DNS servers should be added here? + + If ($dns6) { + # IPv6 DNS Servers + $dns6Servers = $dns6 -split " " + + # Remove old IPv6 DNS Servers + Write-Output "- Removing old IPv6 DNS Servers" + netsh interface ipv6 set dnsservers $na.NetConnectionId source=dhcp + + # Set IPv6 DNS Servers + Write-Output "- Set IPv6 DNS Servers" + foreach ($dns6Server in $dns6Servers) { + netsh interface ipv6 add dnsserver $na.NetConnectionId address=$dns6Server + } + } } # Next NIC From 23bc62d2fa3bb1ebbbe8e229c2c9ff3053e4d0aa Mon Sep 17 00:00:00 2001 From: kvaps <kvapss@gmail.com> Date: Tue, 16 May 2017 16:21:20 +0200 Subject: [PATCH 039/122] add: Check username if not set --- context.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 3cbf0f14..c66a39db 100644 --- a/context.ps1 +++ b/context.ps1 @@ -56,7 +56,15 @@ function addLocalUser($context) { $username = $context["USERNAME"] $password = $context["PASSWORD"] - if ($username) { + if ($username -Or $password) { + + if ($username -eq $null) { + # ATTENTION - Language/Regional settings have influence on the naming + # of this user. Use the User SID instead (S-1-5-21domain-500) + $username = (Get-WmiObject -Class "Win32_UserAccount" | + where { $_.SID -like "S-1-5-21[0-9-]*-500" } | + select -ExpandProperty Name) + } Write-Output "Creating Account for $username" From a3dc29f27ae7c190cbe8a56c662b27c03d291d45 Mon Sep 17 00:00:00 2001 From: kvaps <kvapss@gmail.com> Date: Tue, 30 May 2017 15:17:58 +0200 Subject: [PATCH 040/122] Feature grow rootfs (#31) --- context.ps1 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/context.ps1 b/context.ps1 index 3cbf0f14..c17f1dc3 100644 --- a/context.ps1 +++ b/context.ps1 @@ -496,6 +496,25 @@ function runScripts($context, $contextLetter) Write-Output "" } +function extendPartition($disk, $part) +{ + "select disk $disk","select partition $part","extend" | diskpart | Out-Null +} + +function extendPartitions() +{ + Write-Output "- Extend partitions" + + #$diskIds = ((wmic diskdrive get Index | Select-String "[0-9]+") -replace '\D','') + $diskId = 0 + + $partIds = ((wmic partition where DiskIndex=$diskId get Index | Select-String "[0-9]+") -replace '\D','' | %{[int]$_ + 1}) + + ForEach ($partId in $partIds) { + extendPartition $diskId $partId + } +} + ################################################################################ # Main ################################################################################ @@ -532,6 +551,7 @@ if ($contextDrive) { # Execute script if(Test-Path $contextScriptPath) { $context = getContext $contextScriptPath + extendPartitions renameComputer $context addLocalUser $context enableRemoteDesktop From 7d8e8fc09d495104beecb5f36a45ec3bf299d59d Mon Sep 17 00:00:00 2001 From: kvaps <kvapss@gmail.com> Date: Tue, 30 May 2017 17:38:36 +0200 Subject: [PATCH 041/122] Fix check for nics (#29) --- context.ps1 | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/context.ps1 b/context.ps1 index 522c511a..fb9d9b58 100644 --- a/context.ps1 +++ b/context.ps1 @@ -130,12 +130,14 @@ function addLocalUser($context) { function configureNetwork($context) { # Get the NIC in the Context + $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_IP6?$'} | ForEach-Object {$_ -replace '(^ETH|_IP$|_IP6$)',''} | Get-Unique) + $nicId = 0; - $nicIpKey = "ETH" + $nicId + "_IP" - $nicIp6Key = "ETH" + $nicId + "_IP6" - while ($context[$nicIpKey] -Or $context[$nicIp6Key]) { + foreach ($nicId in $nicIds) { # Retrieve data from Context + $nicIpKey = "ETH" + $nicId + "_IP" + $nicIp6Key = "ETH" + $nicId + "_IP6" $nicPrefix = "ETH" + $nicId + "_" $ipKey = $nicPrefix + "IP" @@ -329,11 +331,6 @@ function configureNetwork($context) { } # TODO: maybe IPv6-based DNS servers should be added here? } - - # Next NIC - $nicId++; - $nicIpKey = "ETH" + $nicId + "_IP" - $nicIp6Key = "ETH" + $nicId + "_IP6" } Write-Output "" } From df5c4deb3cde84220638fe69156c9b38c9815e8a Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Tue, 30 May 2017 19:02:56 +0200 Subject: [PATCH 042/122] Always remove IPv6 DNS if IPv6, use "... source=static address=" --- context.ps1 | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/context.ps1 b/context.ps1 index ddf5ceb4..c3aa3639 100644 --- a/context.ps1 +++ b/context.ps1 @@ -331,16 +331,14 @@ function configureNetwork($context) { netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 } - If ($dns6) { - # IPv6 DNS Servers - $dns6Servers = $dns6 -split " " - - # Remove old IPv6 DNS Servers - Write-Output "- Removing old IPv6 DNS Servers" - netsh interface ipv6 set dnsservers $na.NetConnectionId source=dhcp + # Remove old IPv6 DNS Servers + Write-Output "- Removing old IPv6 DNS Servers" + netsh interface ipv6 set dnsservers $na.NetConnectionId source=static address= + If ($dns6) { # Set IPv6 DNS Servers Write-Output "- Set IPv6 DNS Servers" + $dns6Servers = $dns6 -split " " foreach ($dns6Server in $dns6Servers) { netsh interface ipv6 add dnsserver $na.NetConnectionId address=$dns6Server } From 52067c6004515c3ffbc853595ef825550659f7f5 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Wed, 31 May 2017 17:16:58 +0200 Subject: [PATCH 043/122] Bump version to 5.3.80 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index e76968fa..3b52cac8 100755 --- a/generate.sh +++ b/generate.sh @@ -17,7 +17,7 @@ #--------------------------------------------------------------------------- # NAME=${NAME:-one-context} -VERSION=${VERSION:-5.2.0} +VERSION=${VERSION:-5.3.80} FILENAME=${FILENAME:-${NAME}-${VERSION}.msi} if [ ! -f rhsrvany.exe ]; then From a914988de649f49bc54dd5907f805ab405994c9e Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Mon, 17 Jul 2017 17:17:17 +0200 Subject: [PATCH 044/122] Bump version to 5.4.0 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 3b52cac8..96a486b6 100755 --- a/generate.sh +++ b/generate.sh @@ -17,7 +17,7 @@ #--------------------------------------------------------------------------- # NAME=${NAME:-one-context} -VERSION=${VERSION:-5.3.80} +VERSION=${VERSION:-5.4.0} FILENAME=${FILENAME:-${NAME}-${VERSION}.msi} if [ ! -f rhsrvany.exe ]; then From ba9d9fe2c98895c87f5085920fef77dc90bae2a1 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Fri, 1 Sep 2017 11:30:10 +0200 Subject: [PATCH 045/122] gh-34: Inspect ${env:ProgramW6432}, more debug messages Closes #34 --- context.ps1 | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/context.ps1 b/context.ps1 index c3aa3639..27a999da 100644 --- a/context.ps1 +++ b/context.ps1 @@ -537,19 +537,31 @@ function extendPartitions() # Main ################################################################################ +Write-Output "Detecting contextualization data" +Write-Output "- Looking for CONTEXT ISO" + # Get all drives and select only the one that has "CONTEXT" as a label $contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } if ($contextDrive) { + Write-Output " ... Found" + # At this point we can obtain the letter of the contextDrive $contextLetter = $contextDrive.Name $contextScriptPath = $contextLetter + "context.sh" } else { + Write-Output " ... Not found" + Write-Output "- Looking for VMware tools" # Try the VMware API - $vmtoolsd = "${env:ProgramFiles}\VMware\VMware Tools\vmtoolsd.exe" - if (-Not (Test-Path $vmtoolsd)) { - $vmtoolsd = "${env:ProgramFiles(x86)}\VMware\VMware Tools\vmtoolsd.exe" + foreach ($pf in ${env:ProgramFiles}, ${env:ProgramFiles(x86)}, ${env:ProgramW6432}) { + $vmtoolsd = "${pf}\VMware\VMware Tools\vmtoolsd.exe" + if (Test-Path $vmtoolsd) { + Write-Output " ... Found in ${vmtoolsd}" + break + } else { + Write-Output " ... Not found in ${vmtoolsd}" + } } $vmwareContext = "" @@ -558,7 +570,8 @@ if ($contextDrive) { } if ("$vmwareContext" -eq "") { - Write-Host "No Context CDROM found." + Write-Host "No contextualization data found" + Stop-Transcript | Out-Null exit 1 } From 3a46b7831c783bf224061519c5e37e44c12bd64f Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Thu, 21 Sep 2017 18:29:16 +0200 Subject: [PATCH 046/122] gh-35: Fail if WMI isn't ready, add basic service dependencies --- context.ps1 | 7 +++++++ package.wxs | 9 ++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 27a999da..aa87fe2d 100644 --- a/context.ps1 +++ b/context.ps1 @@ -537,6 +537,13 @@ function extendPartitions() # Main ################################################################################ +# Check the working WMI +if (-Not (Get-WMIObject -ErrorAction SilentlyContinue Win32_Volume)) { + Write-Output "WMI not ready, exiting" + Stop-Transcript | Out-Null + exit 1 +} + Write-Output "Detecting contextualization data" Write-Output "- Looking for CONTEXT ISO" diff --git a/package.wxs b/package.wxs index f9f13c0a..0985f93a 100644 --- a/package.wxs +++ b/package.wxs @@ -56,7 +56,14 @@ Start="auto" Account="[SYSTEM]" Arguments="-s onecontext" - ErrorControl="normal" /> + ErrorControl="normal"> + + <ServiceDependency Id="Winmgmt" /> + <ServiceDependency Id="PlugPlay" /> + <ServiceDependency Id="Tcpip" /> + <ServiceDependency Id="Dhcp" /> + <ServiceDependency Id="Dnscache" /> + </ServiceInstall> <ServiceControl Id="ocControl" Name="onecontext" Remove="both" From 871eae0484a4d9e185b2ec48eee024e65316535f Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Tue, 26 Sep 2017 13:55:54 +0200 Subject: [PATCH 047/122] Bump version to 5.4.1 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 96a486b6..0b04efce 100755 --- a/generate.sh +++ b/generate.sh @@ -17,7 +17,7 @@ #--------------------------------------------------------------------------- # NAME=${NAME:-one-context} -VERSION=${VERSION:-5.4.0} +VERSION=${VERSION:-5.4.1} FILENAME=${FILENAME:-${NAME}-${VERSION}.msi} if [ ! -f rhsrvany.exe ]; then From 596123074ca05a715e23861c275e20fc51715534 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Tue, 13 Mar 2018 17:20:10 +0100 Subject: [PATCH 048/122] gh-14: Generate ISO, git based revisions Closes #14 --- .gitignore | 1 + README.md | 8 +++--- generate-all.sh | 15 +++++++++++ generate.sh | 67 +++++++++++++++++++++++++++++++++++++++++-------- 4 files changed, 77 insertions(+), 14 deletions(-) create mode 100755 generate-all.sh diff --git a/.gitignore b/.gitignore index 94efa888..e4ba613a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +out/ *.msi *.exe *.un~ diff --git a/README.md b/README.md index 9e176e01..900baa9e 100644 --- a/README.md +++ b/README.md @@ -25,13 +25,13 @@ definition in the WiX-like XML format. Package name or version can be overridden by env. variables `NAME` and `VERSION`. For example: ```bash -$ ./generate.sh -$ NAME=one-context ./generate.sh -$ VERSION=1.0.0 ./generate.sh +$ TARGET=msi ./generate.sh +$ NAME=one-context TARGET=msi ./generate.sh +$ VERSION=1.0.0 TARGET=msi ./generate.sh ``` New package is created as `${NAME}-${VERSION}.msi`, -e.g. `one-context-1.0.0.msi`. +e.g. `one-context-1.0.0.msi` in the `out/` directory. Please ignore following assertion on package build, which is caused by skipping the attribute `Start` in tag `ServiceControl`. The parameter diff --git a/generate-all.sh b/generate-all.sh new file mode 100755 index 00000000..e2c04127 --- /dev/null +++ b/generate-all.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +export DATE=$(date +%Y%m%d) +TARGETS='msi iso' + +for TARGET in $TARGETS; do + TARGET="${TARGET}" ./generate.sh +done + +echo +echo "The packages are here:" +echo "--------------------------------------------------------------------------------" +find out -type f diff --git a/generate.sh b/generate.sh index 0b04efce..ef7ed9f9 100755 --- a/generate.sh +++ b/generate.sh @@ -16,20 +16,67 @@ # limitations under the License. # #--------------------------------------------------------------------------- # -NAME=${NAME:-one-context} -VERSION=${VERSION:-5.4.1} -FILENAME=${FILENAME:-${NAME}-${VERSION}.msi} +if [ -z "${TARGET}" ]; then + echo 'Error: env. variable TARGET not set' >&2 + exit 1 +fi -if [ ! -f rhsrvany.exe ]; then - if [ -f /usr/share/virt-tools/rhsrvany.exe ]; then - cp /usr/share/virt-tools/rhsrvany.exe . +### + +if [ -z "${RELEASE}" ]; then + if git describe --contains $(git rev-parse HEAD) &>/dev/null; then + RELEASE=1 else - echo 'Missing rhsrvany.exe' >&2 - exit 1 + DATE=${DATE:-$(date +%Y%m%d)} + GIT=$(git rev-parse --short HEAD) + RELEASE="${DATE}git${GIT}" fi fi +### + +NAME=${NAME:-one-context} +VERSION=${VERSION:-5.4.1} +RELEASE=${RELEASE:-1} +LABEL="${NAME}-${VERSION}" + +if [ "${RELEASE}" = '1' ]; then + FILENAME=${FILENAME:-${NAME}-${VERSION}.${TARGET}} +else + FILENAME=${FILENAME:-${NAME}-${VERSION}-${RELEASE}.${TARGET}} +fi + +# cleanup +if [ -z "${OUT}" ]; then + OUT="out/${FILENAME}" + mkdir -p $(dirname "${OUT}") + rm -rf "${OUT}" +fi + set -e -wixl -D Version="${VERSION}" -o "${FILENAME}" package.wxs -echo "${FILENAME}" +if [ "${TARGET}" = 'msi' ]; then + if [ ! -f rhsrvany.exe ]; then + if [ -f /usr/share/virt-tools/rhsrvany.exe ]; then + cp /usr/share/virt-tools/rhsrvany.exe . + else + echo 'Missing rhsrvany.exe' >&2 + exit 1 + fi + fi + + wixl -D Version="${VERSION}" -o "${OUT}" package.wxs + +elif [ "${TARGET}" = 'iso' ]; then + mkisofs -J -R -input-charset utf8 \ + -m '*.iso' \ + -V "${LABEL}" \ + -o "${OUT}" \ + $(dirname "${OUT}") + +else + echo "Error: Invalid target '${TARGET}'" >&2 + exit 1 +fi + +echo $(basename ${OUT}) From 39e2a747118ad35c4f3ba721c0ccef58117d50a9 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Wed, 14 Mar 2018 12:41:50 +0100 Subject: [PATCH 049/122] gh-37: Time limited wait loop for NIC Closes #37 --- context.ps1 | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index aa87fe2d..cef1a80b 100644 --- a/context.ps1 +++ b/context.ps1 @@ -183,10 +183,18 @@ function configureNetwork($context) { # Load the NIC Configuration Object $nic = $false - while(!$nic) { + $retry = 30 + do { + $retry-- + Start-Sleep -s 1 $nic = Get-WMIObject Win32_NetworkAdapterConfiguration | ` where {$_.IPEnabled -eq "TRUE" -and $_.MACAddress -eq $mac} - Start-Sleep -s 1 + } while (!$nic -and $retry) + + If (!$nic) { + Write-Output ("Configuring Network Settings: " + $mac) + Write-Output (" ... Failed: Interface with MAC not found") + Continue } Write-Output ("Configuring Network Settings: " + $nic.Description.ToString()) From b1816c57c1cf4776ef4cf1e9ca16fd57bd0a1107 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Wed, 14 Mar 2018 13:07:48 +0100 Subject: [PATCH 050/122] gh-38: Error creating user, replace Contains method with operator Closes #38 --- context.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index cef1a80b..cd060a0f 100644 --- a/context.ps1 +++ b/context.ps1 @@ -111,7 +111,7 @@ function addLocalUser($context) { "Name", 'GetProperty', $null, $_, $null); } - If (-Not $memberNames.Contains($username)) { + If (-Not $memberNames -Contains $username) { # Make sure the user exists, again if([ADSI]::Exists("WinNT://$computerName/$username")) { From 3d32a2968200947668ba226015a65b192510461c Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.org> Date: Mon, 18 Jun 2018 16:38:56 +0200 Subject: [PATCH 051/122] gh-39: Fix condition checking the user group membership Related gh-38, closes gh-39 --- context.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index cd060a0f..4eb408f6 100644 --- a/context.ps1 +++ b/context.ps1 @@ -111,7 +111,7 @@ function addLocalUser($context) { "Name", 'GetProperty', $null, $_, $null); } - If (-Not $memberNames -Contains $username) { + If (-Not ($memberNames -Contains $username)) { # Make sure the user exists, again if([ADSI]::Exists("WinNT://$computerName/$username")) { From 27ad9e37c446e32834be1dd983962594cc930396 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Thu, 21 Jun 2018 11:57:23 +0200 Subject: [PATCH 052/122] gh-43: Network not ready for custom scripts Change implements a wait loop with a self-ping to the assigned IPs. When interface isn't ready yet, the ping operation fails on: > Test-Connection : Generic Failure Retries until the IP is reachable with max. 20 checks. Closes #43. --- context.ps1 | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 4eb408f6..1ddcd421 100644 --- a/context.ps1 +++ b/context.ps1 @@ -130,7 +130,7 @@ function addLocalUser($context) { function configureNetwork($context) { # Get the NIC in the Context - $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_IP6?$'} | ForEach-Object {$_ -replace '(^ETH|_IP$|_IP6$)',''} | Get-Unique) + $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_IP6?$'} | ForEach-Object {$_ -replace '(^ETH|_IP$|_IP6$)',''} | Get-Unique | Sort-Object) $nicId = 0; @@ -351,6 +351,12 @@ function configureNetwork($context) { netsh interface ipv6 add dnsserver $na.NetConnectionId address=$dns6Server } } + + doPing($ip6) + } + + If ($ip) { + doPing($ip) } } Write-Output "" @@ -477,6 +483,25 @@ function enablePing() Write-Output "" } +function doPing($ip, $retries=20) +{ + Write-Output "- Ping Interface IP $ip" + + $ping = $false + $retry = 0 + do { + $retry++ + Start-Sleep -s 1 + $ping = Test-Connection -ComputerName $ip -Count 1 -Quiet -ErrorAction SilentlyContinue + } while (!$ping -and ($retry -lt $retries)) + + If ($ping) { + Write-Output " ... Success ($retry tries)" + } Else { + Write-Output " ... Failed ($retry tries)" + } +} + function runScripts($context, $contextLetter) { Write-Output "Running Scripts" From 8c403827d6fc9219bf6cc953275a20f9c530a580 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Tue, 10 Jul 2018 12:29:27 +0200 Subject: [PATCH 053/122] Bump version to 5.6.0 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index ef7ed9f9..71f9f1e1 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-5.4.1} +VERSION=${VERSION:-5.6.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" From 26da569f1bf690e401642c5fa94b4cd15e4347f6 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Thu, 30 Aug 2018 17:34:56 +0200 Subject: [PATCH 054/122] gh-46: Windows 2016 Core Server does not Add user to local Administrators Closes #46 --- context.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index 1ddcd421..ef3c2a8b 100644 --- a/context.ps1 +++ b/context.ps1 @@ -107,8 +107,8 @@ function addLocalUser($context) { $memberNames = @() $members | ForEach-Object { - $memberNames += $_.GetType().InvokeMember( - "Name", 'GetProperty', $null, $_, $null); + # https://p0w3rsh3ll.wordpress.com/2016/06/14/any-documented-adsi-changes-in-powershell-5-0/ + $memberNames += ([ADSI]$_).psbase.InvokeGet('Name') } If (-Not ($memberNames -Contains $username)) { From 744f1a4ea26ce72ca3cbac900082229d3f2cd37e Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Tue, 30 Oct 2018 14:19:40 +0100 Subject: [PATCH 055/122] gh-48: Configure interface MTUs (#50) * F#48 Configure interface MTU. * Fix interface index. * Move MTU after DHCP. * gh-48: Configure interface MTUs --- context.ps1 | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/context.ps1 b/context.ps1 index ef3c2a8b..229cb8c1 100644 --- a/context.ps1 +++ b/context.ps1 @@ -152,6 +152,7 @@ function configureNetwork($context) { $ip6ULAKey = $nicPrefix + "IP6_ULA" $ip6PrefixKey = $nicPrefix + "IP6_PREFIX_LENGTH" $gw6Key = $nicPrefix + "GATEWAY6" + $mtuKey = $nicPrefix + "MTU" $ip = $context[$ipKey] $netmask = $context[$netmaskKey] @@ -161,6 +162,7 @@ function configureNetwork($context) { $dnsSuffix = $context[$dnsSuffixKey] $gateway = $context[$gatewayKey] $network = $context[$networkKey] + $mtu = $context[$mtuKey] $ip6 = $context[$ip6Key] $ip6ULA = $context[$ip6ULAKey] @@ -225,6 +227,17 @@ function configureNetwork($context) { Write-Output " ... Success" } + # Set IPv4 MTU + if ($mtu) { + Write-Output "- Set MTU: ${mtu}" + netsh interface ipv4 set interface $nic.InterfaceIndex mtu=$mtu + + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + } if ($gateway) { @@ -336,7 +349,26 @@ function configureNetwork($context) { # Set IPv6 Gateway if ($gw6) { + Write-Output "- Set IPv6 Gateway" netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 + + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + } + + # Set IPv4 MTU + if ($mtu) { + Write-Output "- Set IPv6 MTU: ${mtu}" + netsh interface ipv6 set interface $nic.InterfaceIndex mtu=$mtu + + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } } # Remove old IPv6 DNS Servers @@ -359,6 +391,7 @@ function configureNetwork($context) { doPing($ip) } } + Write-Output "" } From d25022ac819812855f55d7e307465e95be904e7b Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Tue, 30 Oct 2018 21:11:52 +0100 Subject: [PATCH 056/122] gh-48: Wrong comment --- context.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 229cb8c1..a89bb7e8 100644 --- a/context.ps1 +++ b/context.ps1 @@ -359,7 +359,7 @@ function configureNetwork($context) { } } - # Set IPv4 MTU + # Set IPv6 MTU if ($mtu) { Write-Output "- Set IPv6 MTU: ${mtu}" netsh interface ipv6 set interface $nic.InterfaceIndex mtu=$mtu From cbeaecd902bddb1b6689a9946a5b40f639cfa3d3 Mon Sep 17 00:00:00 2001 From: Jan Meerkamp <42608682+meerkampdvv@users.noreply.github.com> Date: Wed, 28 Nov 2018 16:26:31 +0100 Subject: [PATCH 057/122] gh-33: Support REPORT_READY=yes --- context.ps1 | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/context.ps1 b/context.ps1 index a89bb7e8..1362b857 100644 --- a/context.ps1 +++ b/context.ps1 @@ -599,6 +599,26 @@ function extendPartitions() } } +function reportReady() +{ + Write-Output "Report Ready to onegate" + $reportReady = $context["REPORT_READY"] + if($reportReady){ + $body = "READY = YES" + $token= Get-Content d:\token.txt + $target= $context.ONEGATE_ENDPOINT+"/vm" + [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) + $webRequest.Method = "PUT" + $webRequest.Headers.Add("X-ONEGATE-TOKEN", $token) + $webRequest.Headers.Add("X-ONEGATE-VMID", $context.VMID) + $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) + $webRequest.ContentLength = $buffer.Length + $requestStream = $webRequest.GetRequestStream() + $requestStream.Write($buffer, 0, $buffer.Length) + $requestStream.Flush() + $requestStream.Close() + } +} ################################################################################ # Main ################################################################################ @@ -662,6 +682,7 @@ if(Test-Path $contextScriptPath) { enablePing configureNetwork $context runScripts $context $contextLetter + reportReady } Stop-Transcript | Out-Null From bad2f185a729595578fcdc9292bb7d288de283da Mon Sep 17 00:00:00 2001 From: Alejandro Huertas <ahuertas@opennebula.systems> Date: Wed, 28 Nov 2018 16:40:20 +0100 Subject: [PATCH 058/122] gh-33: Error handling of REPORT_READY=yes --- context.ps1 | 48 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/context.ps1 b/context.ps1 index 1362b857..9f15892f 100644 --- a/context.ps1 +++ b/context.ps1 @@ -601,22 +601,40 @@ function extendPartitions() function reportReady() { - Write-Output "Report Ready to onegate" $reportReady = $context["REPORT_READY"] - if($reportReady){ - $body = "READY = YES" - $token= Get-Content d:\token.txt - $target= $context.ONEGATE_ENDPOINT+"/vm" - [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) - $webRequest.Method = "PUT" - $webRequest.Headers.Add("X-ONEGATE-TOKEN", $token) - $webRequest.Headers.Add("X-ONEGATE-VMID", $context.VMID) - $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) - $webRequest.ContentLength = $buffer.Length - $requestStream = $webRequest.GetRequestStream() - $requestStream.Write($buffer, 0, $buffer.Length) - $requestStream.Flush() - $requestStream.Close() + + if ($reportReady) { + Write-Output "Report Ready to onegate" + + try { + $body = "READY = YES" + $token= Get-Content "${contextLetter}token.txt" + $target= $context.ONEGATE_ENDPOINT+"/vm" + [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) + $webRequest.Method = "PUT" + $webRequest.Headers.Add("X-ONEGATE-TOKEN", $token) + $webRequest.Headers.Add("X-ONEGATE-VMID", $context.VMID) + $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) + $webRequest.ContentLength = $buffer.Length + $requestStream = $webRequest.GetRequestStream() + $requestStream.Write($buffer, 0, $buffer.Length) + $response = $webRequest.getResponse() + $requestStream.Flush() + $requestStream.Close() + + if ($response.StatusCode -eq "OK") { + Write-Output " ... Success" + } else { + Write-Output " ... Failed" + Write-Output $response.StatusCode + } + } + catch { + $errorMessage = $_.Exception.Message + + Write-Output " ... Failed" + Write-Output $errorMessage + } } } ################################################################################ From 3a855362ef11e395a733055ced3cfa185b29c74d Mon Sep 17 00:00:00 2001 From: Alejandro Huertas <ahuertas@opennebula.systems> Date: Wed, 28 Nov 2018 17:09:27 +0100 Subject: [PATCH 059/122] gh-33: Minor changes in REPORT_READY=yes --- context.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 9f15892f..424a8b92 100644 --- a/context.ps1 +++ b/context.ps1 @@ -611,6 +611,7 @@ function reportReady() $token= Get-Content "${contextLetter}token.txt" $target= $context.ONEGATE_ENDPOINT+"/vm" [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) + $webRequest.Timeout = 10000 $webRequest.Method = "PUT" $webRequest.Headers.Add("X-ONEGATE-TOKEN", $token) $webRequest.Headers.Add("X-ONEGATE-VMID", $context.VMID) @@ -618,9 +619,9 @@ function reportReady() $webRequest.ContentLength = $buffer.Length $requestStream = $webRequest.GetRequestStream() $requestStream.Write($buffer, 0, $buffer.Length) - $response = $webRequest.getResponse() $requestStream.Flush() $requestStream.Close() + $response = $webRequest.getResponse() if ($response.StatusCode -eq "OK") { Write-Output " ... Success" From 90cbb939032d7b6cb63ca930f5b4b4ec31371152 Mon Sep 17 00:00:00 2001 From: Alejandro Huertas <ahuertas@opennebula.systems> Date: Thu, 3 Jan 2019 16:49:27 +0100 Subject: [PATCH 060/122] F #911: Add alias windows context. --- context.ps1 | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/context.ps1 b/context.ps1 index 424a8b92..c56132a3 100644 --- a/context.ps1 +++ b/context.ps1 @@ -387,6 +387,36 @@ function configureNetwork($context) { doPing($ip6) } + $aliasIds = ($context.Keys | Where {$_ -match "^ETH[0-9]_ALIAS[0-9]+_IP6?$"} | Get-Unique | Sort-Object) + + foreach ($aliasId in $aliasIds) { + $aliasId = $aliasId.split("_")[1] + $aliasIp4Key = "ETH" + $nicId + "_" + $aliasId + "_IP" + $aliasMaskKey = "ETH" + $nicId + "_" + $aliasId + "_MASK" + $aliasIp6Key = "ETH" + $nicId + "_" + $aliasId + "_IP6" + $aliasIp4 = $context[$aliasIp4Key] + $aliasMask = $context[$aliasMaskKey] + $aliasIp6 = $context[$aliasIp6Key] + + $message = "- Configuring " + $aliasId + " for " + "ETH" + $nicId + + Write-Output $message + + If ($aliasIp4) { + netsh interface ipv4 add address $nic.InterfaceIndex $aliasIp4 $aliasMask + } + + If ($aliasIp6) { + netsh interface ipv6 add address $nic.InterfaceIndex $aliasIp6 + } + + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + } + If ($ip) { doPing($ip) } From dd8b1b55a8e4757ac8ae2bd0162fefc46ae5df99 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Fri, 18 Jan 2019 17:22:18 +0100 Subject: [PATCH 061/122] Bump version to 5.7.80 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 71f9f1e1..2a81b98c 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-5.6.0} +VERSION=${VERSION:-5.7.80} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" From 5138584d4090f9b97b984d7ee403d6c7d8ddb215 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Mon, 21 Jan 2019 13:39:30 +0100 Subject: [PATCH 062/122] F #911: NIC aliases fixes --- context.ps1 | 69 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 45 insertions(+), 24 deletions(-) diff --git a/context.ps1 b/context.ps1 index c56132a3..a1f0b62f 100644 --- a/context.ps1 +++ b/context.ps1 @@ -130,7 +130,7 @@ function addLocalUser($context) { function configureNetwork($context) { # Get the NIC in the Context - $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_IP6?$'} | ForEach-Object {$_ -replace '(^ETH|_IP$|_IP6$)',''} | Get-Unique | Sort-Object) + $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_IP6?$'} | ForEach-Object {$_ -replace '(^ETH|_IP$|_IP6$)',''} | Sort-Object -Unique) $nicId = 0; @@ -214,7 +214,7 @@ function configureNetwork($context) { # set static IP address and retry for few times if there was a problem # with acquiring write lock (2147786788) for network configuration # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx - Write-Output "- Enable Static IP" + Write-Output "- Set Static IP" $retry = 10 do { $retry-- @@ -343,10 +343,16 @@ function configureNetwork($context) { # Set IPv6 Address Write-Output "- Set IPv6 Address" netsh interface ipv6 add address $na.NetConnectionId $ip6/$ip6Prefix - if ($ip6ULA) { + If ($? -And $ip6ULA) { netsh interface ipv6 add address $na.NetConnectionId $ip6ULA/64 } + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + # Set IPv6 Gateway if ($gw6) { Write-Output "- Set IPv6 Gateway" @@ -387,34 +393,49 @@ function configureNetwork($context) { doPing($ip6) } - $aliasIds = ($context.Keys | Where {$_ -match "^ETH[0-9]_ALIAS[0-9]+_IP6?$"} | Get-Unique | Sort-Object) + # Get the aliases for the NIC in the Context + $aliasIds = ($context.Keys | Where {$_ -match "^ETH${nicId}_ALIAS\d+_IP6?$"} | ForEach-Object {$_ -replace '(^ETH\d+_ALIAS|_IP$|_IP6$)',''} | Sort-Object -Unique) foreach ($aliasId in $aliasIds) { - $aliasId = $aliasId.split("_")[1] - $aliasIp4Key = "ETH" + $nicId + "_" + $aliasId + "_IP" - $aliasMaskKey = "ETH" + $nicId + "_" + $aliasId + "_MASK" - $aliasIp6Key = "ETH" + $nicId + "_" + $aliasId + "_IP6" - $aliasIp4 = $context[$aliasIp4Key] - $aliasMask = $context[$aliasMaskKey] - $aliasIp6 = $context[$aliasIp6Key] + $aliasPrefix = "ETH${nicId}_ALIAS${aliasId}" + $aliasIp = $context[$aliasPrefix + '_IP'] + $aliasNetmask = $context[$aliasPrefix + '_MASK'] + $aliasIp6 = $context[$aliasPrefix + '_IP6'] + $aliasIp6ULA = $context[$aliasPrefix + '_IP6_ULA'] + $aliasIp6Prefix = $context[$aliasPrefix + '_IP6_PREFIX_LENGTH'] + + if (!$aliasNetmask) { + $aliasNetmask = "255.255.255.0" + } - $message = "- Configuring " + $aliasId + " for " + "ETH" + $nicId + if (!$aliasIp6Prefix) { + $aliasIp6Prefix = "64" + } - Write-Output $message + if ($aliasIp) { + Write-Output "- Set Additional Static IP (${aliasPrefix})" + netsh interface ipv4 add address $nic.InterfaceIndex $aliasIp $aliasNetmask - If ($aliasIp4) { - netsh interface ipv4 add address $nic.InterfaceIndex $aliasIp4 $aliasMask - } + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + } - If ($aliasIp6) { - netsh interface ipv6 add address $nic.InterfaceIndex $aliasIp6 - } + if ($aliasIp6) { + Write-Output "- Set Additional IPv6 Address (${aliasPrefix})" + netsh interface ipv6 add address $nic.InterfaceIndex $aliasIp6/$aliasIp6Prefix + If ($? -And $aliasIp6ULA) { + netsh interface ipv6 add address $nic.InterfaceIndex $aliasIp6ULA/64 + } - If ($?) { - Write-Output " ... Success" - } Else { - Write-Output " ... Failed" - } + If ($?) { + Write-Output " ... Success" + } Else { + Write-Output " ... Failed" + } + } } If ($ip) { From 6ec42eb9496aa6a80223b6c719de5c6d82695382 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Mon, 21 Jan 2019 14:25:44 +0100 Subject: [PATCH 063/122] gh-33: More error handling in reportReady(), formatting --- context.ps1 | 49 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/context.ps1 b/context.ps1 index a1f0b62f..4a156ca0 100644 --- a/context.ps1 +++ b/context.ps1 @@ -652,39 +652,60 @@ function extendPartitions() function reportReady() { - $reportReady = $context["REPORT_READY"] + $reportReady = $context['REPORT_READY'] + $oneGateEndpoint = $context['ONEGATE_ENDPOINT'] + $vmId = $context['VMID'] - if ($reportReady) { - Write-Output "Report Ready to onegate" + if ($reportReady -and $reportReady.ToUpper() -eq 'YES') { + Write-Output 'Report Ready to OneGate' + + if (!$oneGateEndpoint) { + Write-Output ' ... Failed: ONEGATE_ENDPOINT not set' + return + } + + if (!$vmId) { + Write-Output ' ... Failed: VMID not set' + return + } try { - $body = "READY = YES" - $token= Get-Content "${contextLetter}token.txt" - $target= $context.ONEGATE_ENDPOINT+"/vm" + $tokenPath = $contextLetter + 'token.txt' + if (Test-Path $tokenPath) { + $token = Get-Content $tokenPath + } else { + Write-Output " ... Failed: Token file not found" + return + } + + $body = 'READY = YES' + $target= $oneGateEndpoint + '/vm' + [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) $webRequest.Timeout = 10000 - $webRequest.Method = "PUT" - $webRequest.Headers.Add("X-ONEGATE-TOKEN", $token) - $webRequest.Headers.Add("X-ONEGATE-VMID", $context.VMID) + $webRequest.Method = 'PUT' + $webRequest.Headers.Add('X-ONEGATE-TOKEN', $token) + $webRequest.Headers.Add('X-ONEGATE-VMID', $vmId) $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) $webRequest.ContentLength = $buffer.Length + $requestStream = $webRequest.GetRequestStream() $requestStream.Write($buffer, 0, $buffer.Length) $requestStream.Flush() $requestStream.Close() - $response = $webRequest.getResponse() - if ($response.StatusCode -eq "OK") { - Write-Output " ... Success" + $response = $webRequest.getResponse() + if ($response.StatusCode -eq 'OK') { + Write-Output ' ... Success' } else { - Write-Output " ... Failed" + Write-Output ' ... Failed' Write-Output $response.StatusCode } } catch { $errorMessage = $_.Exception.Message - Write-Output " ... Failed" + Write-Output ' ... Failed' Write-Output $errorMessage } } From 3500d472d1f4c4cbfabc7f00904baef3e1e39bab Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Wed, 6 Feb 2019 16:57:39 +0100 Subject: [PATCH 064/122] Update README.md --- README.md | 58 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 900baa9e..fd32fc6b 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,46 @@ -# OpenNebula Windows Contextualization +# OpenNebula Windows VM Contextualization ## Description -This addon produces a Windows Contextualization script to use in Windows Guest VMs running in an OpenNebula Cloud. +This addon provides contextualization package for the Windows +guest virtual machines running in the OpenNebula cloud. Based +on the provided contextualization parameters, the packages prepare the +networking in the running guest virt. machine, set +passwords, run custom start scripts, and many others. -The documentation on Windows Contextualization can be found in -the [OpenNebula User's Guide](http://docs.opennebula.org/5.2/operation/vm_setup/context_overview.html). +## Download -## Get package - -Latest version can be downloaded from the +Latest versions can be downloaded from the [release page](https://github.com/OpenNebula/addon-context-windows/releases). +Check the supported OpenNebula versions for each release. + +Documentation on packages installation and guest contextualization can +be found in the latest stable +[OpenNebula Operation Guide](http://docs.opennebula.org/stable/operation/vm_setup/context_overview.html). +For beta releases, refer to the latest +[development documentation](http://docs.opennebula.org/devel/operation/vm_setup/context_overview.html). -## Build own MSI package +## Build own package -Requirements for building: +### Requirements +* **Linux host** * latest [msitools](https://wiki.gnome.org/msitools) * binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) +On RHEL (CentOS) and Fedora systems, the required binary +[rhsrvany.exe](https://github.com/rwmjones/rhsrvany) is distributed as part +of the package `virt-v2v` and placed into `/usr/share/virt-tools/rhsrvany.exe`. +Please copy the EXE into your local repository clone before creating the MSI. + +### Steps + Script `generate.sh` builds the MSI package. It's a wrapper around the `wixl` command from `msitools`. It reads the `package.wxs`, a package definition in the WiX-like XML format. Package name or version can be overridden by env. variables `NAME` and `VERSION`. For example: -```bash +``` $ TARGET=msi ./generate.sh $ NAME=one-context TARGET=msi ./generate.sh $ VERSION=1.0.0 TARGET=msi ./generate.sh @@ -42,18 +58,20 @@ Despite that, the package is built. (wixl:22764): wixl-CRITICAL **: wixl_wix_builder_install_mode_to_event: assertion 'modeString != NULL' failed ``` -### rhsrvany.exe +## Acknowledgements -On RHEL (CentOS) or Fedora systems the required binary -[rhsrvany.exe](https://github.com/rwmjones/rhsrvany) is distributed as part -of the package `virt-v2v` and placed into `/usr/share/virt-tools/rhsrvany.exe`. -Please copy the EXE into your local repository clone before creating the MSI. +This addon is largely based upon the work by André Monteiro and Tiago Batista in the [DETI/IEETA Universidade de Aveiro](http://www.ua.pt/). The original guide is available here: [OpenNebula - IEETA](http://wiki.ieeta.pt/wiki/index.php/OpenNebula) -## Authors +## License -* Leader: Jaime Melis jmelis@opennebula.org -* André Monteiro (Universidade de Aveiro) +Copyright 2002-2019, OpenNebula Project, OpenNebula Systems (formerly C12G Labs) -## Acknowledgements +Licensed under the Apache License, Version 2.0 (the "License"); you may +not use this file except in compliance with the License. You may obtain +a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -This addon is largely based upon the work by André Monteiro and Tiago Batista in the [DETI/IEETA Universidade de Aveiro](http://www.ua.pt/). The original guide is available here: [OpenNebula - IEETA](http://wiki.ieeta.pt/wiki/index.php/OpenNebula) +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. From 17673039f084c6b87e57950422499e19cda2bf7a Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Wed, 6 Feb 2019 17:12:58 +0100 Subject: [PATCH 065/122] Separate documentation from download section --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index fd32fc6b..114eb1ec 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,8 @@ Latest versions can be downloaded from the [release page](https://github.com/OpenNebula/addon-context-windows/releases). Check the supported OpenNebula versions for each release. +## Install + Documentation on packages installation and guest contextualization can be found in the latest stable [OpenNebula Operation Guide](http://docs.opennebula.org/stable/operation/vm_setup/context_overview.html). From 5ef59228028858fef334302b3bc8f8aa1d367547 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Wed, 6 Feb 2019 17:14:14 +0100 Subject: [PATCH 066/122] Bump version to 5.7.90, update generate.sh shebang --- generate.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/generate.sh b/generate.sh index 2a81b98c..560cc7fb 100755 --- a/generate.sh +++ b/generate.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # -------------------------------------------------------------------------- # # Copyright 2010-2017, OpenNebula Systems # @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-5.7.80} +VERSION=${VERSION:-5.7.90} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" From 085092a9283880e6025c9f3d3ec8de1e711af2a7 Mon Sep 17 00:00:00 2001 From: Eric <47387975+Eric-N-Be@users.noreply.github.com> Date: Mon, 11 Feb 2019 18:20:52 +0100 Subject: [PATCH 067/122] gh-33: Fix REPORT_READY over https --- context.ps1 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/context.ps1 b/context.ps1 index 4a156ca0..b5c7f3d3 100644 --- a/context.ps1 +++ b/context.ps1 @@ -688,6 +688,14 @@ function reportReady() $webRequest.Headers.Add('X-ONEGATE-VMID', $vmId) $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) $webRequest.ContentLength = $buffer.Length + + if($oneGateEndpoint -ilike "https://*") + { #For reporting on HTTPS OneGateEndpoint + Write-Output "... Use HTTPS for OneGateEndpoint report: $oneGateEndpoint" + $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' + [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols + [System.Net.ServicePointManager]::Expect100Continue = $false + } $requestStream = $webRequest.GetRequestStream() $requestStream.Write($buffer, 0, $buffer.Length) @@ -710,6 +718,7 @@ function reportReady() } } } + ################################################################################ # Main ################################################################################ From 3c3ff14b39d7c5b3eb1c0f685a5b5b46258144a8 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Mon, 11 Feb 2019 18:22:18 +0100 Subject: [PATCH 068/122] gh-33: Fix indentation --- context.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/context.ps1 b/context.ps1 index b5c7f3d3..2586eacf 100644 --- a/context.ps1 +++ b/context.ps1 @@ -688,14 +688,14 @@ function reportReady() $webRequest.Headers.Add('X-ONEGATE-VMID', $vmId) $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) $webRequest.ContentLength = $buffer.Length - - if($oneGateEndpoint -ilike "https://*") - { #For reporting on HTTPS OneGateEndpoint + + if ($oneGateEndpoint -ilike "https://*") { + #For reporting on HTTPS OneGateEndpoint Write-Output "... Use HTTPS for OneGateEndpoint report: $oneGateEndpoint" $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols [System.Net.ServicePointManager]::Expect100Continue = $false - } + } $requestStream = $webRequest.GetRequestStream() $requestStream.Write($buffer, 0, $buffer.Length) From 03b4800dad85e076005d585d5820e835e0ebb41e Mon Sep 17 00:00:00 2001 From: Alejandro Huertas <ahuertas@opennebula.systems> Date: Thu, 14 Feb 2019 16:06:07 +0100 Subject: [PATCH 069/122] gh-33: Skip certificate validation --- context.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/context.ps1 b/context.ps1 index 2586eacf..8dc6da21 100644 --- a/context.ps1 +++ b/context.ps1 @@ -695,6 +695,7 @@ function reportReady() $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols [System.Net.ServicePointManager]::Expect100Continue = $false + [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} } $requestStream = $webRequest.GetRequestStream() From ad21f1d4f110f008c8ba03342efbaab2fc55a53d Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Mon, 18 Feb 2019 16:09:38 +0100 Subject: [PATCH 070/122] Bump version to 5.8.0 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 560cc7fb..ebef857c 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-5.7.90} +VERSION=${VERSION:-5.8.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" From 388acc2c50faf014e31ea2977a06613be5b2ff1d Mon Sep 17 00:00:00 2001 From: Alejandro Huertas <ahuertas@opennebula.systems> Date: Mon, 18 Feb 2019 14:55:53 +0100 Subject: [PATCH 071/122] gh-45: Add rescan operation to detect disk change and use diskpart --- context.ps1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 8dc6da21..3fa8de47 100644 --- a/context.ps1 +++ b/context.ps1 @@ -640,10 +640,13 @@ function extendPartitions() { Write-Output "- Extend partitions" + "rescan" | diskpart + #$diskIds = ((wmic diskdrive get Index | Select-String "[0-9]+") -replace '\D','') $diskId = 0 - $partIds = ((wmic partition where DiskIndex=$diskId get Index | Select-String "[0-9]+") -replace '\D','' | %{[int]$_ + 1}) + #$partIds = ((wmic partition where DiskIndex=$diskId get Index | Select-String "[0-9]+") -replace '\D','' | %{[int]$_ + 1}) + $partIds = "select disk $diskId", "list partition" | diskpart | Select-String -Pattern "^ Partition \d" -AllMatches | %{$_.matches} | %{$_.value.replace(" Partition ", "") } ForEach ($partId in $partIds) { extendPartition $diskId $partId From 6f3ffa2df4b373d05662de73d32701513ea05129 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Thu, 7 Mar 2019 12:42:09 +0100 Subject: [PATCH 072/122] Drop startup.vb This is not documented or supported way anymore. --- startup.vbs | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 startup.vbs diff --git a/startup.vbs b/startup.vbs deleted file mode 100644 index 6856fdfc..00000000 --- a/startup.vbs +++ /dev/null @@ -1,21 +0,0 @@ -strComputer = "." -Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") -Set fso = CreateObject("Scripting.FileSystemObject") - -Set colDisks = objWMIService.ExecQuery("Select * from Win32_LogicalDisk Where VolumeName = 'CONTEXT'") - -For Each objDisk in colDisks - driveLetter = objDisk.Name - Exit For -Next - -If IsEmpty(driveLetter) Then - driveLetter = "C:" -End If - -contextPath = driveLetter & "\context.ps1" - -If fso.FileExists(contextPath) Then - Set objShell = CreateObject("Wscript.Shell") - objShell.Run("powershell -NonInteractive -NoProfile -NoLogo -ExecutionPolicy Unrestricted -file " & contextPath) -End If From 4fbb7d17933bc7503a883026fa331aded25b80ed Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Mon, 18 Mar 2019 10:53:27 +0100 Subject: [PATCH 073/122] Configuration file for Probot: DCO --- .github/dco.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .github/dco.yml diff --git a/.github/dco.yml b/.github/dco.yml new file mode 100644 index 00000000..0c4b142e --- /dev/null +++ b/.github/dco.yml @@ -0,0 +1,2 @@ +require: + members: false From 76e71a021722355698a8fe9b9150e64d5dd67400 Mon Sep 17 00:00:00 2001 From: Alejandro Huertas Herrero <ahuertas@opennebula.systems> Date: Tue, 26 Mar 2019 17:15:33 +0100 Subject: [PATCH 074/122] Add support to use FQDN in SET_HOSTNAME (#62) * First part of FQDN is the name of the computer * The rest is the Domain --- context.ps1 | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 3fa8de47..69d1c823 100644 --- a/context.ps1 +++ b/context.ps1 @@ -451,12 +451,33 @@ function renameComputer($context) { # Initialize Variables $current_hostname = hostname $context_hostname = $context["SET_HOSTNAME"] - $logged_hostname = "Unknown" + $logged_hostname = "Unknown" if (! $context_hostname) { return } + $splitted_hostname = $context_hostname.split('.') + $context_hostname = $splitted_hostname[0] + $context_domain = $splitted_hostname[1..$splitted_hostname.length] -join '.' + + If ($context_domain) { + Write-Output "Changing Domain to $context_domain" + + $networkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'" + $ret = $networkConfig.SetDnsDomain($context_domain) + + If ($ret.ReturnValue) { + + # Returned Non Zero, Failed, No restart + Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + + # Returned Zero, Success + Write-Output " ... Success" + } + } + # Check for the .opennebula-renamed file If (Test-Path "$env:SystemDrive\.opennebula-renamed") { From 9b1cb241d83924ec6ecafaf925d969e662493816 Mon Sep 17 00:00:00 2001 From: Michael Kutzner <operations@virtion.de> Date: Mon, 4 Mar 2019 07:19:18 +0100 Subject: [PATCH 075/122] F #44: Use native PowerShell Signed-off-by: Michael Kutzner <operations@virtion.de> Signed-off-by: Vlastimil Holer <vholer@opennebula.systems> --- context.ps1 | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/context.ps1 b/context.ps1 index 69d1c823..d7843196 100644 --- a/context.ps1 +++ b/context.ps1 @@ -24,6 +24,26 @@ Start-Transcript -Append -Path "$env:SystemDrive\.opennebula-context.out" | Out-Null +## check if we are running powershell(x86) on a 64bit system, if so restart as 64bit +## initial code: http://cosmonautdreams.com/2013/09/03/Getting-Powershell-to-run-in-64-bit.html +If ($env:PROCESSOR_ARCHITEW6432 -eq "AMD64") { + # This is only set in a x86 Powershell running on a 64bit Windows + Write-Output "- Detected 32bit architecture" + + Write-Output "Restarting into a 64bit powershell" + + # Stop-Transcript here new - unlock logfile + Stop-Transcript | Out-Null + + If ($myInvocation.Line) { + &"$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile $myInvocation.Line + } Else { + &"$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile -file "$($myInvocation.InvocationName)" $args + } + + exit $lastexitcode +} + Write-Output "Running Script: $($MyInvocation.InvocationName)" Get-Date Write-Output "" From ff2685d8cdec57167452123f5de847bcfa325f53 Mon Sep 17 00:00:00 2001 From: Michael Kutzner <operations@virtion.de> Date: Mon, 4 Mar 2019 14:06:16 +0100 Subject: [PATCH 076/122] F #65: Dedicated dir. for state files Signed-off-by: Michael Kutzner <operations@virtion.de> Signed-off-by: Vlastimil Holer <vholer@opennebula.systems> --- context.ps1 | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/context.ps1 b/context.ps1 index d7843196..0b1d5307 100644 --- a/context.ps1 +++ b/context.ps1 @@ -22,7 +22,21 @@ ##### DETI/IEETA Universidade de Aveiro 2011 ##### ################################################################# -Start-Transcript -Append -Path "$env:SystemDrive\.opennebula-context.out" | Out-Null +# global variable pointing to the private .contextualization directory +$global:ctxDir="$env:SystemDrive\.contextualization" + +# Check, if above defined context directory exists +If ( !(Test-Path "$ctxDir") ) { + mkdir "$ctxDir" +} + +# Move old logfile away - so we have a current log containing the output of the last boot +If ( Test-Path "$ctxDir\opennebula-context.log" ) { + mv "$ctxDir\opennebula-context.log" "$ctxDir\opennebula-context-old.log" +} + +# Start now logging to logfile +Start-Transcript -Append -Path "$ctxDir\opennebula-context.log" | Out-Null ## check if we are running powershell(x86) on a 64bit system, if so restart as 64bit ## initial code: http://cosmonautdreams.com/2013/09/03/Getting-Powershell-to-run-in-64-bit.html @@ -499,10 +513,10 @@ function renameComputer($context) { } # Check for the .opennebula-renamed file - If (Test-Path "$env:SystemDrive\.opennebula-renamed") { + If (Test-Path "$ctxDir\.opennebula-renamed") { # Grab the JSON content - $json = Get-Content -Path "$env:SystemDrive\.opennebula-renamed" ` + $json = Get-Content -Path "$ctxDir\.opennebula-renamed" ` | Out-String # Convert to a Hash Table and set the Logged Hostname @@ -517,7 +531,7 @@ function renameComputer($context) { } } - If ((!(Test-Path "$env:SystemDrive\.opennebula-renamed")) -or ` + If ((!(Test-Path "$ctxDir\.opennebula-renamed")) -or ` ($context_hostname.ToLower() -ne $logged_hostname.ToLower())) { # .opennebula-renamed not found or the logged_name does not match the @@ -532,7 +546,7 @@ function renameComputer($context) { $contents = @{} $contents["ComputerName"] = $context_hostname - ConvertTo-Json $contents | Out-File "$env:SystemDrive\.opennebula-renamed" + ConvertTo-Json $contents | Out-File "$ctxDir\.opennebula-renamed" # Check success If ($ret.ReturnValue) { @@ -660,7 +674,7 @@ function runScripts($context, $contextLetter) If ($startScript) { # Save the script as .opennebula-startscript.ps1 - $startScriptPS = "$env:SystemDrive\.opennebula-startscript.ps1" + $startScriptPS = "$ctxDir\.opennebula-startscript.ps1" $startScript | Out-File $startScriptPS "UTF8" # Launch the Script @@ -813,8 +827,8 @@ if ($contextDrive) { exit 1 } - [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "$env:SystemDrive\context.sh" "UTF8" - $contextScriptPath = "$env:SystemDrive\context.sh" + [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "$ctxDir\context.sh" "UTF8" + $contextScriptPath = "$ctxDir\context.sh" } # Execute script From d902b2127bc8877d75162f868d975c6df3049e4c Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Wed, 12 Jun 2019 13:05:53 +0200 Subject: [PATCH 077/122] M #-: Add PR template --- .github/pull_request_template.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..544eaaca --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,10 @@ +<!--//////////////////////////////////////////////////////////--> +<!-- Please note the pull request can be merged only if all --> +<!-- commits are properly signed! Read the instructions here: --> +<!-- https://github.com/OpenNebula/one/wiki/Sign-Your-Work --> +<!--//////////////////////////////////////////////////////////--> + +Changes proposed in this pull request: +- +- +- From 392bd1c1a9e45c067f275123b9513f72822969c4 Mon Sep 17 00:00:00 2001 From: Alejandro Huertas <ahuertas@opennebula.systems> Date: Wed, 4 Sep 2019 11:26:30 +0200 Subject: [PATCH 078/122] B #66: add suport for ALIAS_DETACH --- context.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index 0b1d5307..1ee546d1 100644 --- a/context.ps1 +++ b/context.ps1 @@ -437,6 +437,7 @@ function configureNetwork($context) { $aliasIp6 = $context[$aliasPrefix + '_IP6'] $aliasIp6ULA = $context[$aliasPrefix + '_IP6_ULA'] $aliasIp6Prefix = $context[$aliasPrefix + '_IP6_PREFIX_LENGTH'] + $detach = $context[$aliasPrefix + '_DETACH'] if (!$aliasNetmask) { $aliasNetmask = "255.255.255.0" @@ -446,7 +447,7 @@ function configureNetwork($context) { $aliasIp6Prefix = "64" } - if ($aliasIp) { + if ($aliasIp -and !$detach) { Write-Output "- Set Additional Static IP (${aliasPrefix})" netsh interface ipv4 add address $nic.InterfaceIndex $aliasIp $aliasNetmask @@ -457,7 +458,7 @@ function configureNetwork($context) { } } - if ($aliasIp6) { + if ($aliasIp6 -and !$detach) { Write-Output "- Set Additional IPv6 Address (${aliasPrefix})" netsh interface ipv6 add address $nic.InterfaceIndex $aliasIp6/$aliasIp6Prefix If ($? -And $aliasIp6ULA) { From af5a6dea70675b2dc5c11faabe8204f4543521db Mon Sep 17 00:00:00 2001 From: vheathen <v.heathen@gmail.com> Date: Thu, 5 Sep 2019 15:26:35 +0500 Subject: [PATCH 079/122] Update extendPartitions() diskpart regex (#64) * Update extendPartitions() diskpart regex As of now `$partIds = ...` part works with English interface only. New regex support any locale. * Update extendPartitions() diskpart regex As of now `$partIds = ...` part works with English interface only. New regex support any locale. Signed-off-by: heathen <v.heathen@gmail.com> --- context.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 1ee546d1..7b34c5d2 100644 --- a/context.ps1 +++ b/context.ps1 @@ -702,7 +702,7 @@ function extendPartitions() $diskId = 0 #$partIds = ((wmic partition where DiskIndex=$diskId get Index | Select-String "[0-9]+") -replace '\D','' | %{[int]$_ + 1}) - $partIds = "select disk $diskId", "list partition" | diskpart | Select-String -Pattern "^ Partition \d" -AllMatches | %{$_.matches} | %{$_.value.replace(" Partition ", "") } + $partIds = "select disk $diskId", "list partition" | diskpart | Select-String -Pattern "^\s+\w+ (\d+)\s+" -AllMatches | %{$_.matches.groups[1].Value} ForEach ($partId in $partIds) { extendPartition $diskId $partId From a8538a1550cbe17cf7895f88773f4e9f1b4b175a Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Fri, 13 Sep 2019 10:15:05 +0200 Subject: [PATCH 080/122] F #70: Setup timezone Closes #70 --- context.ps1 | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index 7b34c5d2..c8e49bcc 100644 --- a/context.ps1 +++ b/context.ps1 @@ -23,7 +23,7 @@ ################################################################# # global variable pointing to the private .contextualization directory -$global:ctxDir="$env:SystemDrive\.contextualization" +$global:ctxDir="$env:SystemDrive\.onecontext" # Check, if above defined context directory exists If ( !(Test-Path "$ctxDir") ) { @@ -481,6 +481,22 @@ function configureNetwork($context) { Write-Output "" } +function setTimeZone($context) { + $timezone = $context['TIMEZONE'] + + If ($timezone) { + Write-Output "Configuring time zone '${timezone}'" + + tzutil /s "${timezone}" + + If ($?) { + Write-Output ' ... Success' + } Else { + Write-Output ' ... Failed' + } + } +} + function renameComputer($context) { # Initialize Variables @@ -835,7 +851,9 @@ if ($contextDrive) { # Execute script if(Test-Path $contextScriptPath) { $context = getContext $contextScriptPath + extendPartitions + setTimeZone $context renameComputer $context addLocalUser $context enableRemoteDesktop From 1ed99e77de45b6086ae994b25219cb2e15f10b47 Mon Sep 17 00:00:00 2001 From: Jan Meerkamp <meerkamp@dvv.de> Date: Thu, 7 Nov 2019 11:26:38 +0100 Subject: [PATCH 081/122] B #71: Report Ready and VMware Closes #71 Signed-off-by: Jan Meerkamp <meerkamp@dvv.de> --- context.ps1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index c8e49bcc..ff39c600 100644 --- a/context.ps1 +++ b/context.ps1 @@ -730,6 +730,7 @@ function reportReady() $reportReady = $context['REPORT_READY'] $oneGateEndpoint = $context['ONEGATE_ENDPOINT'] $vmId = $context['VMID'] + $token = $context['ONEGATE_TOKEN'] if ($reportReady -and $reportReady.ToUpper() -eq 'YES') { Write-Output 'Report Ready to OneGate' @@ -744,7 +745,8 @@ function reportReady() return } - try { + if (!$token) { + Write-Output " ... Token not set. Try file" $tokenPath = $contextLetter + 'token.txt' if (Test-Path $tokenPath) { $token = Get-Content $tokenPath @@ -752,6 +754,9 @@ function reportReady() Write-Output " ... Failed: Token file not found" return } + } + + try { $body = 'READY = YES' $target= $oneGateEndpoint + '/vm' @@ -864,4 +869,3 @@ if(Test-Path $contextScriptPath) { } Stop-Transcript | Out-Null - From 3713a5a7c1500ba78005bdd37a6b2040e34fbfd3 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Thu, 14 Nov 2019 14:17:35 +0100 Subject: [PATCH 082/122] M #-: Bump version to 5.10.0 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index ebef857c..2d0a7ead 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-5.8.0} +VERSION=${VERSION:-5.10.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" From d46422e8e7f6e522db8adf085c5f47866653f036 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.systems> Date: Thu, 14 Nov 2019 16:21:08 +0100 Subject: [PATCH 083/122] M #-: Package unattend.xml as component Examples --- package.wxs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/package.wxs b/package.wxs index 0985f93a..6023a036 100644 --- a/package.wxs +++ b/package.wxs @@ -42,6 +42,10 @@ <Directory Id="TARGETDIR" Name="SourceDir"> <Directory Id="ProgramFilesFolder" Name="PFiles"> <Directory Id="INSTALLDIR" Name="OpenNebula"> + <Component Id="Examples" Guid="fc1207c2-06e9-11ea-ad15-f0def1753696"> + <File Id="unattend" Name="unattend.xml" DiskId="1" Source="unattend.xml" KeyPath="yes" /> + </Component> + <Component Id="Context" Guid="f5807056-bf0c-11e6-acbe-f0def1753696"> <File Id="context" Name="context.ps1" DiskId="1" Source="context.ps1" KeyPath="yes" /> </Component> @@ -83,6 +87,7 @@ <Feature Id="Complete" Level="1"> <ComponentRef Id="Context"/> <ComponentRef Id="Service"/> + <ComponentRef Id="Examples"/> </Feature> <InstallExecuteSequence> From 15eee3dabce754b78c6caccaaf94d6083b5a5682 Mon Sep 17 00:00:00 2001 From: Alejandro Huertas <ahuertas@opennebula.io> Date: Mon, 13 Apr 2020 16:13:03 +0200 Subject: [PATCH 084/122] B #76: do not configure external alias --- context.ps1 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/context.ps1 b/context.ps1 index ff39c600..35a46106 100644 --- a/context.ps1 +++ b/context.ps1 @@ -438,6 +438,11 @@ function configureNetwork($context) { $aliasIp6ULA = $context[$aliasPrefix + '_IP6_ULA'] $aliasIp6Prefix = $context[$aliasPrefix + '_IP6_PREFIX_LENGTH'] $detach = $context[$aliasPrefix + '_DETACH'] + $external = $context[$aliasPrefix + '_EXTERNAL'] + + if ($external -and ($external -eq "YES")) { + continue + } if (!$aliasNetmask) { $aliasNetmask = "255.255.255.0" From c2bab2945b717626e03495780996cd118196c1a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Mon, 25 May 2020 14:16:40 +0200 Subject: [PATCH 085/122] F OpenNebula/addon-context-linux#83: Add metric MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- context.ps1 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/context.ps1 b/context.ps1 index 35a46106..1527cce5 100644 --- a/context.ps1 +++ b/context.ps1 @@ -187,6 +187,7 @@ function configureNetwork($context) { $ip6PrefixKey = $nicPrefix + "IP6_PREFIX_LENGTH" $gw6Key = $nicPrefix + "GATEWAY6" $mtuKey = $nicPrefix + "MTU" + $metricKey = $nicPrefix + "METRIC" $ip = $context[$ipKey] $netmask = $context[$netmaskKey] @@ -197,6 +198,7 @@ function configureNetwork($context) { $gateway = $context[$gatewayKey] $network = $context[$networkKey] $mtu = $context[$mtuKey] + $metric = $context[$metricKey] $ip6 = $context[$ip6Key] $ip6ULA = $context[$ip6ULAKey] @@ -276,8 +278,13 @@ function configureNetwork($context) { if ($gateway) { # Set the Gateway - Write-Output "- Set Gateway" - $ret = $nic.SetGateways($gateway) + if ($metric) { + Write-Output "- Set Gateway with metric" + $ret = $nic.SetGateways($gateway, $metric) + } Else { + Write-Output "- Set Gateway" + $ret = $nic.SetGateways($gateway) + } If ($ret.ReturnValue) { Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { From f4887bd4b58f977b0aa79a105ccfba11c980fa18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Thu, 28 May 2020 07:44:40 +0200 Subject: [PATCH 086/122] F #36: Add support for DNS_HOSTNAME MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit + skip unnecessary reboot when hostname is already set correctly Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- context.ps1 | 57 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 17 deletions(-) diff --git a/context.ps1 b/context.ps1 index 1527cce5..34258a5f 100644 --- a/context.ps1 +++ b/context.ps1 @@ -514,10 +514,26 @@ function renameComputer($context) { # Initialize Variables $current_hostname = hostname $context_hostname = $context["SET_HOSTNAME"] - $logged_hostname = "Unknown" + # SET_HOSTNAME was not set but maybe DNS_HOSTNAME was... if (! $context_hostname) { - return + $dns_hostname = $context["DNS_HOSTNAME"].ToLower() + + if ($dns_hostname -eq "yes") { + + # we will set our hostname based on the reverse dns lookup - the IP + # in question is the first one with a set default gateway + # (as is done by get_first_ip in addon-context-linux) + + Write-Output "Requested change of Hostname via reverse DNS lookup (DNS_HOSTNAME=YES)" + $first_ip = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration | where {$_.DefaultIPGateway -ne $null}).IPAddress | select-object -first 1 + $context_hostname = [System.Net.Dns]::GetHostbyAddress($first_ip).HostName + Write-Output "Resolved Hostname is: $context_hostname" + } Else { + + # no SET_HOSTNAME or DNS_HOSTNAME - skip setting hostname + return + } } $splitted_hostname = $context_hostname.split('.') @@ -542,6 +558,7 @@ function renameComputer($context) { } # Check for the .opennebula-renamed file + $logged_hostname = "" If (Test-Path "$ctxDir\.opennebula-renamed") { # Grab the JSON content @@ -558,13 +575,24 @@ function renameComputer($context) { Write-Output "Invalid JSON:" Write-Output $json.ToString() } + } Else { + + # no renaming was ever done - we fallback to our current Hostname + $logged_hostname = $current_hostname } - If ((!(Test-Path "$ctxDir\.opennebula-renamed")) -or ` - ($context_hostname.ToLower() -ne $logged_hostname.ToLower())) { + If (($current_hostname -ne $context_hostname) -and ` + ($context_hostname -eq $logged_hostname)) { - # .opennebula-renamed not found or the logged_name does not match the - # context_name, rename the computer + # avoid rename->reboot loop - if we detect that rename attempt was done + # but failed then we drop log message about it and finish... + + Write-Output "Computer Rename Attempted but failed:" + Write-Output "- Current: $current_hostname" + Write-Output "- Context: $context_hostname" + } ElseIf ($context_hostname -ne $current_hostname) { + + # the current_name does not match the context_name, rename the computer Write-Output "Changing Hostname to $context_hostname" # Load the ComputerSystem Object @@ -599,17 +627,12 @@ function renameComputer($context) { # Exit here so the script doesn't continue to run Exit 0 } - } else { - If ($current_hostname -eq $context_hostname) { - Write-Output "Computer Name already set: $context_hostname" - } - ElseIf (($current_hostname -ne $context_hostname) -and ` - ($context_hostname -eq $logged_hostname)) { - Write-Output "Computer Rename Attempted but failed:" - Write-Output "- Current: $current_hostname" - Write-Output "- Context: $context_hostname" - } + } Else { + + # Hostname is set and correct + Write-Output "Computer Name already set: $context_hostname" } + Write-Output "" } @@ -871,11 +894,11 @@ if(Test-Path $contextScriptPath) { extendPartitions setTimeZone $context - renameComputer $context addLocalUser $context enableRemoteDesktop enablePing configureNetwork $context + renameComputer $context runScripts $context $contextLetter reportReady } From 579406d2b863dc928cc3d2ef3afca6a7a26e847a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Fri, 29 May 2020 18:39:15 +0200 Subject: [PATCH 087/122] M #-: Add support for EJECT_CDROM context MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - recognize new EJECT_CDROM context variable: if set to 'YES' it will eject the CONTEXT CD-ROM Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- context.ps1 | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/context.ps1 b/context.ps1 index 34258a5f..0678fb64 100644 --- a/context.ps1 +++ b/context.ps1 @@ -835,6 +835,28 @@ function reportReady() } } +function ejectContextCD($cdrom_drive) +{ + $eject_cdrom = $context['EJECT_CDROM'] + + if ($eject_cdrom -ne $null -and $eject_cdrom.ToUpper() -eq 'YES') { + Write-Output 'Ejecting context CD' + try { + $disk_master = New-Object -ComObject IMAPI2.MsftDiscMaster2 + for ($cdrom_id = 0; $cdrom_id -lt $disk_master.Count; $cdrom_id++) { + $disk_recorder = New-Object -ComObject IMAPI2.MsftDiscRecorder2 + $disk_recorder.InitializeDiscRecorder($disk_master.Item($cdrom_id)) + if ($disk_recorder.VolumeName -eq $cdrom_drive.DeviceID) { + $disk_recorder.EjectMedia() + break + } + } + } catch { + Write-Error "Failed to eject the CD: $_" + } + } +} + ################################################################################ # Main ################################################################################ @@ -901,6 +923,7 @@ if(Test-Path $contextScriptPath) { renameComputer $context runScripts $context $contextLetter reportReady + ejectContextCD $contextDrive } Stop-Transcript | Out-Null From 9701c6deae0caa78e30fb9744b8f3c4f22c26054 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Fri, 29 May 2020 20:58:36 +0200 Subject: [PATCH 088/122] F #36: Fix context for DNS_HOSTNAME MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - fix error when no DNS_HOSTNAME is found in context Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- context.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/context.ps1 b/context.ps1 index 0678fb64..2e2a0f87 100644 --- a/context.ps1 +++ b/context.ps1 @@ -517,9 +517,9 @@ function renameComputer($context) { # SET_HOSTNAME was not set but maybe DNS_HOSTNAME was... if (! $context_hostname) { - $dns_hostname = $context["DNS_HOSTNAME"].ToLower() + $dns_hostname = $context["DNS_HOSTNAME"] - if ($dns_hostname -eq "yes") { + if ($dns_hostname -ne $null -and $dns_hostname.ToUpper() -eq "YES") { # we will set our hostname based on the reverse dns lookup - the IP # in question is the first one with a set default gateway @@ -531,7 +531,7 @@ function renameComputer($context) { Write-Output "Resolved Hostname is: $context_hostname" } Else { - # no SET_HOSTNAME or DNS_HOSTNAME - skip setting hostname + # no SET_HOSTNAME nor DNS_HOSTNAME - skip setting hostname return } } From be73efc3aa9416982b8a20934c5114d542848968 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Wed, 3 Jun 2020 05:05:41 +0200 Subject: [PATCH 089/122] F #67: Remove context.sh after contextualization MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- context.ps1 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/context.ps1 b/context.ps1 index 2e2a0f87..69c2013d 100644 --- a/context.ps1 +++ b/context.ps1 @@ -837,6 +837,10 @@ function reportReady() function ejectContextCD($cdrom_drive) { + if (-Not $cdrom_drive) { + return + } + $eject_cdrom = $context['EJECT_CDROM'] if ($eject_cdrom -ne $null -and $eject_cdrom.ToUpper() -eq 'YES') { @@ -857,6 +861,14 @@ function ejectContextCD($cdrom_drive) } } +function removeContextFile($context_file) +{ + if (Test-Path $context_file) { + Write-Output "Removing the 'context.sh' file" + Remove-Item $context_file + } +} + ################################################################################ # Main ################################################################################ @@ -924,6 +936,7 @@ if(Test-Path $contextScriptPath) { runScripts $context $contextLetter reportReady ejectContextCD $contextDrive + removeContextFile $contextScriptPath } Stop-Transcript | Out-Null From 244d811a494b4272664b53af952d30e1b46d041f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Mon, 1 Jun 2020 04:00:33 +0200 Subject: [PATCH 090/122] F #75: disable Windows FastBoot feature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - set system registry value 'HiberbootEnabled' to zero to disable FastBoot feature of the Windows NOTE: wixl from msitools (https://wiki.gnome.org/msitools) does not implement all features of the WiX - I had to find a way how to achieve the zeroing of the foreign registry key and avoid the deletion of this registry on the uninstall... It does not mean that the current way is the best approach available. Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- package.wxs | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/package.wxs b/package.wxs index 6023a036..80134c81 100644 --- a/package.wxs +++ b/package.wxs @@ -1,6 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <?define UpgradeCode = "2056bd8a-bf03-11e6-a625-f0def1753696" ?> <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"> + <Product Name="OpenNebula Contextualization" Manufacturer="OpenNebula Systems" Id="*" @@ -38,6 +39,38 @@ </Property> <Condition Message="Windows PowerShell not found.">INSTALLED OR PSEXE</Condition> + <!-- Register property FASTBOOT --> + <Property Id="FASTBOOT"> + <RegistrySearch Id="FASTBOOT" + Type="raw" + Root="HKLM" + Key="SYSTEM\CurrentControlSet\Control\Session Manager\Power" + Name="HiberbootEnabled" /> + </Property> + + <!-- + workaround for missing features in wixl implementation...there should be + a couple of ways how to achieve the same with WiX semantics but the wixl + support is limited and running an exe was the only properly working + solution for the time being: + 1. overwrite already existing registry + 2. do not delete the registry on uninstall... + --> + <Property Id="REG" Value="C:\Windows\System32\reg.exe" /> + + <!-- Register action DisableFastBoot --> + <!-- + wixl from msitools does not support all WiX features - like these: + <SetProperty Id="FASTBOOT" Value="#0" Before="InstallValidate" /> + <CustomAction Id="DisableFastBoot" Property="FASTBOOT" Value="#0" /> + --> + <CustomAction Id="DisableFastBoot" + Property="REG" + ExeCommand='add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v HiberbootEnabled /t REG_DWORD /d 0 /f' + Execute="deferred" + Impersonate="no" + /> + <!-- Install files --> <Directory Id="TARGETDIR" Name="SourceDir"> <Directory Id="ProgramFilesFolder" Name="PFiles"> @@ -91,7 +124,25 @@ </Feature> <InstallExecuteSequence> - <RemoveExistingProducts After="InstallValidate"/> + <!-- NOTE: + This works for msitools/wixl implementation (v0.98) but according to + WiX documentation: + https://wixtoolset.org/documentation/manual/v3/xsd/wix/custom.html + + it should not - 'Before' and 'After' are mutually exclusive... + *BUT* if we do not specify both of them like this the custom action + 'DisableFastBoot' will not get the right sequence number - another + fix could be to use only 'Sequence' and somehow figure out the + correct number for it - at the time of the writing it should be + somewhere between 'InstallInitialize' (1500) and 'InstallFinalize' + (6600). + + The reason why we need to be between these two stages is the fact + that we must run 'DisableFastBoot' as 'deffered' to get elevated + privileges... + --> + <Custom Action="DisableFastBoot" After="InstallInitialize" Before="InstallFinalize">NOT REMOVE AND FASTBOOT</Custom> + <RemoveExistingProducts After="InstallValidate" /> </InstallExecuteSequence> </Product> </Wix> From 6033c04b3991de4574fc25d0b0702fad8a3f6731 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Thu, 4 Jun 2020 15:06:13 +0200 Subject: [PATCH 091/122] M #-: Bump version to 5.12.0 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 2d0a7ead..57d0c916 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-5.10.0} +VERSION=${VERSION:-5.12.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" From 0011c73e24ad7533a9ebe4424936f0a48c2df059 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Thu, 4 Jun 2020 15:14:31 +0200 Subject: [PATCH 092/122] M #-: Bump year to 2020 --- README.md | 2 +- context.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 114eb1ec..26fd8a51 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ This addon is largely based upon the work by André Monteiro and Tiago Batista i ## License -Copyright 2002-2019, OpenNebula Project, OpenNebula Systems (formerly C12G Labs) +Copyright 2002-2020, OpenNebula Project, OpenNebula Systems (formerly C12G Labs) Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain diff --git a/context.ps1 b/context.ps1 index 69c2013d..f2295694 100644 --- a/context.ps1 +++ b/context.ps1 @@ -1,5 +1,5 @@ # -------------------------------------------------------------------------- # -# Copyright 2002-2014, OpenNebula Project (OpenNebula.org), C12G Labs # +# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. You may obtain # From 90d53615ace4f42fc86352c2ebe01f04d7d4545d Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Thu, 4 Jun 2020 15:15:32 +0200 Subject: [PATCH 093/122] M #-: Bump year to 2020 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 57d0c916..2967c705 100755 --- a/generate.sh +++ b/generate.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -------------------------------------------------------------------------- # -# Copyright 2010-2017, OpenNebula Systems # +# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. You may obtain # From db89813ef9bb387978825f8d5b923aa27ff82bfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Wed, 10 Jun 2020 14:19:16 +0200 Subject: [PATCH 094/122] M #-: Fix 'REPORT_READY' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit + improve cleanup Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- context.ps1 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/context.ps1 b/context.ps1 index f2295694..0539d89f 100644 --- a/context.ps1 +++ b/context.ps1 @@ -793,7 +793,7 @@ function reportReady() try { - $body = 'READY = YES' + $body = 'READY=YES' $target= $oneGateEndpoint + '/vm' [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) @@ -935,7 +935,14 @@ if(Test-Path $contextScriptPath) { renameComputer $context runScripts $context $contextLetter reportReady +} + +# Cleanup at the end +if ($contextDrive) { + # Eject CD with 'context.sh' if requested ejectContextCD $contextDrive +} else { + # Delete 'context.sh' if not on CD-ROM removeContextFile $contextScriptPath } From 31b7cc1bff28708b13c5ce14c6fbf3bbad222ce2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Tue, 2 Mar 2021 14:26:57 +0100 Subject: [PATCH 095/122] F #87: Add support for recontextualization (#89) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * F #87: Add support for recontextualization Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Refactor wait loop Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Fix contextPaths object Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Refactor log messages Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Fix subshell issue with termination - Reexecuting the powershell with 64bit version will break service stop and fail to terminate both powershell sessions (32bit and 64bit). It will also create orphaned process tree which will continue to hold file descriptors. - Disable subshell for the whole script and instead use new pswrapper function only where it is truly needed and where the subprocess is expected to terminate on its own. Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Add support for nssm - The problem with orphans was caused by rhsrvany itself which does not handle stop service correctly. The solution was better service manager: http://nssm.cc/ - If nssm directory is present then nssm will be used otherwise the wixl will fallback to rhsrvany again. Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Move context.ps1 to src dir Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Add nssm.exe binaries and remove src Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Add SRV_MANAGER parameter Do not check the existence of the nssm.exe vs rhsrvany.exe but enforce the service manager by env. variable SRV_MANAGER - defaults to 'nssm'. Usage: % env SRV_MANAGER=rhsrvany VERSION=5.13 ./generate-all.sh % env SRV_MANAGER=nssm VERSION=5.13 ./generate-all.sh Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Update comments Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Update README Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Update example prompt in README Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * M #-: Add support for PASSWORD_BASE64 Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * M #-: Fix newlines in older powershells (e.g.: 4) Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #87: Improve contextualization Create a copy instead of working directly on the context.sh. This way even when context changes during the contextualization - we will have the proper checksum of the actually applied file and we can still act subsequently on the waiting changed and unapplied context.sh. Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * M #-: Remove Start-Script copy after the use Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * B #52: Fix INIT_SCRIPTS in VMWare If any script inside the INIT_SCRIPTS variable is not an absolute path then its path will be prefixed either by the disk drive letter of the CD-ROM containing the 'context.sh' or simply by the system drive letter. Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- README.md | 24 +- generate.sh | 41 +- nssm | 1 + nssm-2.24/README.txt | 692 +++++++++++++++++++++++++++++++++ nssm-2.24/win32/nssm.exe | Bin 0 -> 294912 bytes nssm-2.24/win64/nssm.exe | Bin 0 -> 331264 bytes package.wxs | 39 +- context.ps1 => src/context.ps1 | 569 ++++++++++++++++----------- 8 files changed, 1121 insertions(+), 245 deletions(-) create mode 120000 nssm create mode 100644 nssm-2.24/README.txt create mode 100644 nssm-2.24/win32/nssm.exe create mode 100644 nssm-2.24/win64/nssm.exe rename context.ps1 => src/context.ps1 (62%) diff --git a/README.md b/README.md index 26fd8a51..c3407af5 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,17 @@ For beta releases, refer to the latest * **Linux host** * latest [msitools](https://wiki.gnome.org/msitools) -* binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) +* binary [nssm.exe](https://nssm.cc/) [present] +* binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) [optional] + +The service manager **NSSM** is the preferred tool to manage services because +it handles long running services better and more correctly (srvany/rhsrvany +fails to terminate its child processes on stop). NSSM is in public domain and +the binary is part of this repo. There are both 32bit and 64bit versions - +currently 32bit version is used because it covers broader set of systems. + +If you wish to use rhsrvany instead then you must set the shell variable +`SRV_MANAGER` to `rhsrvany` otherwise it will default to `nssm`. On RHEL (CentOS) and Fedora systems, the required binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) is distributed as part @@ -51,6 +61,18 @@ $ VERSION=1.0.0 TARGET=msi ./generate.sh New package is created as `${NAME}-${VERSION}.msi`, e.g. `one-context-1.0.0.msi` in the `out/` directory. +You can also built both the iso and msi targets like this: + +``` +$ ./generate-all.sh +``` + +Or with a different service manager and explicit version: + +``` +$ env SRV_MANAGER=rhsrvany VERSION=5.13 ./generate-all.sh +``` + Please ignore following assertion on package build, which is caused by skipping the attribute `Start` in tag `ServiceControl`. The parameter is optional in WiX specification, but the `msitools` still counts with it. diff --git a/generate.sh b/generate.sh index 2967c705..08345d22 100755 --- a/generate.sh +++ b/generate.sh @@ -39,6 +39,7 @@ NAME=${NAME:-one-context} VERSION=${VERSION:-5.12.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" +SRV_MANAGER="${SRV_MANAGER:-nssm}" if [ "${RELEASE}" = '1' ]; then FILENAME=${FILENAME:-${NAME}-${VERSION}.${TARGET}} @@ -56,16 +57,38 @@ fi set -e if [ "${TARGET}" = 'msi' ]; then - if [ ! -f rhsrvany.exe ]; then - if [ -f /usr/share/virt-tools/rhsrvany.exe ]; then - cp /usr/share/virt-tools/rhsrvany.exe . - else - echo 'Missing rhsrvany.exe' >&2 - exit 1 - fi - fi + case "${SRV_MANAGER}" in + nssm) + _SRV_BINARY_NAME='nssm.exe' + _SRV_BINARY_FILE='nssm/win32/nssm.exe' + _SRV_BINARY_ARGS='' + ;; + rhsrvany) + _SRV_BINARY_NAME='rhsrvany.exe' + _SRV_BINARY_FILE='rhsrvany.exe' + _SRV_BINARY_ARGS='-s onecontext' + + # in the rhsrvany case we might be able to use some os package + if [ ! -f rhsrvany.exe ]; then + if [ -f /usr/share/virt-tools/rhsrvany.exe ]; then + cp /usr/share/virt-tools/rhsrvany.exe . + fi + fi + ;; + esac + + if [ ! -f "${_SRV_BINARY_FILE}" ] ; then + echo "Error: The service binary is missing: ${_SRV_BINARY_FILE}" + exit 1 + else + echo "Info: Using the binary: ${_SRV_BINARY_FILE}" + fi >&2 - wixl -D Version="${VERSION}" -o "${OUT}" package.wxs + wixl -D Version="${VERSION}" \ + -D SrvBinaryName="${_SRV_BINARY_NAME}" \ + -D SrvBinaryFile="${_SRV_BINARY_FILE}" \ + -D SrvBinaryArgs="${_SRV_BINARY_ARGS}" \ + -o "${OUT}" package.wxs elif [ "${TARGET}" = 'iso' ]; then mkisofs -J -R -input-charset utf8 \ diff --git a/nssm b/nssm new file mode 120000 index 00000000..72217236 --- /dev/null +++ b/nssm @@ -0,0 +1 @@ +nssm-2.24 \ No newline at end of file diff --git a/nssm-2.24/README.txt b/nssm-2.24/README.txt new file mode 100644 index 00000000..7fcb85b6 --- /dev/null +++ b/nssm-2.24/README.txt @@ -0,0 +1,692 @@ +NSSM: The Non-Sucking Service Manager +Version 2.24, 2014-08-31 + +NSSM is a service helper program similar to srvany and cygrunsrv. It can +start any application as an NT service and will restart the service if it +fails for any reason. + +NSSM also has a graphical service installer and remover. + +Full documentation can be found online at + + http://nssm.cc/ + +Since version 2.0, the GUI can be bypassed by entering all appropriate +options on the command line. + +Since version 2.1, NSSM can be compiled for x64 platforms. +Thanks Benjamin Mayrargue. + +Since version 2.2, NSSM can be configured to take different actions +based on the exit code of the managed application. + +Since version 2.3, NSSM logs to the Windows event log more elegantly. + +Since version 2.5, NSSM respects environment variables in its parameters. + +Since version 2.8, NSSM tries harder to shut down the managed application +gracefully and throttles restart attempts if the application doesn't run +for a minimum amount of time. + +Since version 2.11, NSSM respects srvany's AppEnvironment parameter. + +Since version 2.13, NSSM is translated into French. +Thanks François-Régis Tardy. + +Since version 2.15, NSSM is translated into Italian. +Thanks Riccardo Gusmeroli. + +Since version 2.17, NSSM can try to shut down console applications by +simulating a Control-C keypress. If they have installed a handler routine +they can clean up and shut down gracefully on receipt of the event. + +Since version 2.17, NSSM can redirect the managed application's I/O streams +to an arbitrary path. + +Since version 2.18, NSSM can be configured to wait a user-specified amount +of time for the application to exit when shutting down. + +Since version 2.19, many more service options can be configured with the +GUI installer as well as via the registry. + +Since version 2.19, NSSM can add to the service's environment by setting +AppEnvironmentExtra in place of or in addition to the srvany-compatible +AppEnvironment. + +Since version 2.22, NSSM can set the managed application's process priority +and CPU affinity. + +Since version 2.22, NSSM can apply an unconditional delay before restarting +an application which has exited. + +Since version 2.22, NSSM can rotate existing output files when redirecting I/O. + +Since version 2.22, NSSM can set service display name, description, startup +type, log on details and dependencies. + +Since version 2.22, NSSM can manage existing services. + + +Usage +----- +In the usage notes below, arguments to the program may be written in angle +brackets and/or square brackets. <string> means you must insert the +appropriate string and [<string>] means the string is optional. See the +examples below... + +Note that everywhere <servicename> appears you may substitute the +service's display name. + + +Installation using the GUI +-------------------------- +To install a service, run + + nssm install <servicename> + +You will be prompted to enter the full path to the application you wish +to run and any command line options to pass to that application. + +Use the system service manager (services.msc) to control advanced service +properties such as startup method and desktop interaction. NSSM may +support these options at a later time... + + +Installation using the command line +----------------------------------- +To install a service, run + + nssm install <servicename> <application> [<options>] + +NSSM will then attempt to install a service which runs the named application +with the given options (if you specified any). + +Don't forget to enclose paths in "quotes" if they contain spaces! + +If you want to include quotes in the options you will need to """quote""" the +quotes. + + +Managing the service +-------------------- +NSSM will launch the application listed in the registry when you send it a +start signal and will terminate it when you send a stop signal. So far, so +much like srvany. But NSSM is the Non-Sucking service manager and can take +action if/when the application dies. + +With no configuration from you, NSSM will try to restart itself if it notices +that the application died but you didn't send it a stop signal. NSSM will +keep trying, pausing between each attempt, until the service is successfully +started or you send it a stop signal. + +NSSM will pause an increasingly longer time between subsequent restart attempts +if the service fails to start in a timely manner, up to a maximum of four +minutes. This is so it does not consume an excessive amount of CPU time trying +to start a failed application over and over again. If you identify the cause +of the failure and don't want to wait you can use the Windows service console +(where the service will be shown in Paused state) to send a continue signal to +NSSM and it will retry within a few seconds. + +By default, NSSM defines "a timely manner" to be within 1500 milliseconds. +You can change the threshold for the service by setting the number of +milliseconds as a REG_DWORD value in the registry at +HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters\AppThrottle. + +Alternatively, NSSM can pause for a configurable amount of time before +attempting to restart the application even if it successfully ran for the +amount of time specified by AppThrottle. NSSM will consult the REG_DWORD value +at HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters\AppRestartDelay +for the number of milliseconds to wait before attempting a restart. If +AppRestartDelay is set and the application is determined to be subject to +throttling, NSSM will pause the service for whichever is longer of the +configured restart delay and the calculated throttle period. + +If AppRestartDelay is missing or invalid, only throttling will be applied. + +NSSM will look in the registry under +HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters\AppExit for +string (REG_EXPAND_SZ) values corresponding to the exit code of the application. +If the application exited with code 1, for instance, NSSM will look for a +string value under AppExit called "1" or, if it does not find it, will +fall back to the AppExit (Default) value. You can find out the exit code +for the application by consulting the system event log. NSSM will log the +exit code when the application exits. + +Based on the data found in the registry, NSSM will take one of three actions: + +If the value data is "Restart" NSSM will try to restart the application as +described above. This is its default behaviour. + +If the value data is "Ignore" NSSM will not try to restart the application +but will continue running itself. This emulates the (usually undesirable) +behaviour of srvany. The Windows Services console would show the service +as still running even though the application has exited. + +If the value data is "Exit" NSSM will exit gracefully. The Windows Services +console would show the service as stopped. If you wish to provide +finer-grained control over service recovery you should use this code and +edit the failure action manually. Please note that Windows versions prior +to Vista will not consider such an exit to be a failure. On older versions +of Windows you should use "Suicide" instead. + +If the value data is "Suicide" NSSM will simulate a crash and exit without +informing the service manager. This option should only be used for +pre-Vista systems where you wish to apply a service recovery action. Note +that if the monitored application exits with code 0, NSSM will only honour a +request to suicide if you explicitly configure a registry key for exit code 0. +If only the default action is set to Suicide NSSM will instead exit gracefully. + + +Application priority +-------------------- +NSSM can set the priority class of the managed application. NSSM will look in +the registry under HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters +for the REG_DWORD entry AppPriority. Valid values correspond to arguments to +SetPriorityClass(). If AppPriority() is missing or invalid the +application will be launched with normal priority. + + +Processor affinity +------------------ +NSSM can set the CPU affinity of the managed application. NSSM will look in +the registry under HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters +for the REG_SZ entry AppAffinity. It should specify a comma-separated listed +of zero-indexed processor IDs. A range of processors may optionally be +specified with a dash. No other characters are allowed in the string. + +For example, to specify the first; second; third and fifth CPUs, an appropriate +AppAffinity would be 0-2,4. + +If AppAffinity is missing or invalid, NSSM will not attempt to restrict the +application to specific CPUs. + +Note that the 64-bit version of NSSM can configure a maximum of 64 CPUs in this +way and that the 32-bit version can configure a maxium of 32 CPUs even when +running on 64-bit Windows. + + +Stopping the service +-------------------- +When stopping a service NSSM will attempt several different methods of killing +the monitored application, each of which can be disabled if necessary. + +First NSSM will attempt to generate a Control-C event and send it to the +application's console. Batch scripts or console applications may intercept +the event and shut themselves down gracefully. GUI applications do not have +consoles and will not respond to this method. + +Secondly NSSM will enumerate all windows created by the application and send +them a WM_CLOSE message, requesting a graceful exit. + +Thirdly NSSM will enumerate all threads created by the application and send +them a WM_QUIT message, requesting a graceful exit. Not all applications' +threads have message queues; those which do not will not respond to this +method. + +Finally NSSM will call TerminateProcess() to request that the operating +system forcibly terminate the application. TerminateProcess() cannot be +trapped or ignored, so in most circumstances the application will be killed. +However, there is no guarantee that it will have a chance to perform any +tidyup operations before it exits. + +Any or all of the methods above may be disabled. NSSM will look for the +HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters\AppStopMethodSkip +registry value which should be of type REG_DWORD set to a bit field describing +which methods should not be applied. + + If AppStopMethodSkip includes 1, Control-C events will not be generated. + If AppStopMethodSkip includes 2, WM_CLOSE messages will not be posted. + If AppStopMethodSkip includes 4, WM_QUIT messages will not be posted. + If AppStopMethodSkip includes 8, TerminateProcess() will not be called. + +If, for example, you knew that an application did not respond to Control-C +events and did not have a thread message queue, you could set AppStopMethodSkip +to 5 and NSSM would not attempt to use those methods to stop the application. + +Take great care when including 8 in the value of AppStopMethodSkip. If NSSM +does not call TerminateProcess() it is possible that the application will not +exit when the service stops. + +By default NSSM will allow processes 1500ms to respond to each of the methods +described above before proceeding to the next one. The timeout can be +configured on a per-method basis by creating REG_DWORD entries in the +registry under HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters. + + AppStopMethodConsole + AppStopMethodWindow + AppStopMethodThreads + +Each value should be set to the number of milliseconds to wait. Please note +that the timeout applies to each process in the application's process tree, +so the actual time to shutdown may be longer than the sum of all configured +timeouts if the application spawns multiple subprocesses. + + +Console window +-------------- +By default, NSSM will create a console window so that applications which +are capable of reading user input can do so - subject to the service being +allowed to interact with the desktop. + +Creation of the console can be suppressed by setting the integer (REG_DWORD) +HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters\AppNoConsole +registry value to 1. + + +I/O redirection +--------------- +NSSM can redirect the managed application's I/O to any path capable of being +opened by CreateFile(). This enables, for example, capturing the log output +of an application which would otherwise only write to the console or accepting +input from a serial port. + +NSSM will look in the registry under +HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters for the keys +corresponding to arguments to CreateFile(). All are optional. If no path is +given for a particular stream it will not be redirected. If a path is given +but any of the other values are omitted they will be receive sensible defaults. + + AppStdin: Path to receive input. + AppStdout: Path to receive output. + AppStderr: Path to receive error output. + +Parameters for CreateFile() are providing with the "AppStdinShareMode", +"AppStdinCreationDisposition" and "AppStdinFlagsAndAttributes" values (and +analogously for stdout and stderr). + +In general, if you want the service to log its output, set AppStdout and +AppStderr to the same path, eg C:\Users\Public\service.log, and it should +work. Remember, however, that the path must be accessible to the user +running the service. + + +File rotation +------------- +When using I/O redirection, NSSM can rotate existing output files prior to +opening stdout and/or stderr. An existing file will be renamed with a +suffix based on the file's last write time, to millisecond precision. For +example, the file nssm.log might be rotated to nssm-20131221T113939.457.log. + +NSSM will look in the registry under +HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters for REG_DWORD +entries which control how rotation happens. + +If AppRotateFiles is missing or set to 0, rotation is disabled. Any non-zero +value enables rotation. + +If AppRotateSeconds is non-zero, a file will not be rotated if its last write +time is less than the given number of seconds in the past. + +If AppRotateBytes is non-zero, a file will not be rotated if it is smaller +than the given number of bytes. 64-bit file sizes can be handled by setting +a non-zero value of AppRotateBytesHigh. + +Rotation is independent of the CreateFile() parameters used to open the files. +They will be rotated regardless of whether NSSM would otherwise have appended +or replaced them. + +NSSM can also rotate files which hit the configured size threshold while the +service is running. Additionally, you can trigger an on-demand rotation by +running the command + + nssm rotate <servicename> + +On-demand rotations will happen after the next line of data is read from +the managed application, regardless of the value of AppRotateBytes. Be aware +that if the application is not particularly verbose the rotation may not +happen for some time. + +To enable online and on-demand rotation, set AppRotateOnline to a non-zero +value. + +Note that online rotation requires NSSM to intercept the application's I/O +and create the output files on its behalf. This is more complex and +error-prone than simply redirecting the I/O streams before launching the +application. Therefore online rotation is not enabled by default. + + +Environment variables +--------------------- +NSSM can replace or append to the managed application's environment. Two +multi-valued string (REG_MULTI_SZ) registry values are recognised under +HKLM\SYSTEM\CurrentControlSet\Services\<service>\Parameters. + +AppEnvironment defines a list of environment variables which will override +the service's environment. AppEnvironmentExtra defines a list of +environment variables which will be added to the service's environment. + +Each entry in the list should be of the form KEY=VALUE. It is possible to +omit the VALUE but the = symbol is mandatory. + +Environment variables listed in both AppEnvironment and AppEnvironmentExtra +are subject to normal expansion, so it is possible, for example, to update the +system path by setting "PATH=C:\bin;%PATH%" in AppEnvironmentExtra. Variables +are expanded in the order in which they appear, so if you want to include the +value of one variable in another variable you should declare the dependency +first. + +Because variables defined in AppEnvironment override the existing +environment it is not possible to refer to any variables which were previously +defined. + +For example, the following AppEnvironment block: + + PATH=C:\Windows\System32;C:\Windows + PATH=C:\bin;%PATH% + +Would result in a PATH of "C:\bin;C:\Windows\System32;C:\Windows" as expected. + +Whereas the following AppEnvironment block: + + PATH=C:\bin;%PATH% + +Would result in a path containing only C:\bin and probably cause the +application to fail to start. + +Most people will want to use AppEnvironmentExtra exclusively. srvany only +supports AppEnvironment. + + +Managing services using the GUI +------------------------------- +NSSM can edit the settings of existing services with the same GUI that is +used to install them. Run + + nssm edit <servicename> + +to bring up the GUI. + +NSSM offers limited editing capabilities for services other than those which +run NSSM itself. When NSSM is asked to edit a service which does not have +the App* registry settings described above, the GUI will allow editing only +system settings such as the service display name and description. + + +Managing services using the command line +---------------------------------------- +NSSM can retrieve or set individual service parameters from the command line. +In general the syntax is as follows, though see below for exceptions. + + nssm get <servicename> <parameter> + + nssm set <servicename> <parameter> <value> + +Parameters can also be reset to their default values. + + nssm reset <servicename> <parameter> + +The parameter names recognised by NSSM are the same as the registry entry +names described above, eg AppDirectory. + +NSSM offers limited editing capabilities for Services other than those which +run NSSM itself. The parameters recognised are as follows: + + Description: Service description. + DisplayName: Service display name. + ImagePath: Path to the service executable. + ObjectName: User account which runs the service. + Name: Service key name. + Start: Service startup type. + Type: Service type. + +These correspond to the registry values under the service's key +HKLM\SYSTEM\CurrentControlSet\Services\<service>. + + +Note that NSSM will concatenate all arguments passed on the command line +with spaces to form the value to set. Thus the following two invocations +would have the same effect. + + nssm set <servicename> Description "NSSM managed service" + + nssm set <servicename> Description NSSM managed service + + +Non-standard parameters +----------------------- +The AppEnvironment and AppEnvironmentExtra parameters recognise an +additional argument when querying the environment. The following syntax +will print all extra environment variables configured for a service + + nssm get <servicename> AppEnvironmentExtra + +whereas the syntax below will print only the value of the CLASSPATH +variable if it is configured in the environment block, or the empty string +if it is not configured. + + nssm get <servicename> AppEnvironmentExtra CLASSPATH + +When setting an environment block, each variable should be specified as a +KEY=VALUE pair in separate command line arguments. For example: + + nssm set <servicename> AppEnvironment CLASSPATH=C:\Classes TEMP=C:\Temp + + +The AppExit parameter requires an additional argument specifying the exit +code to get or set. The default action can be specified with the string +Default. + +For example, to get the default exit action for a service you should run + + nssm get <servicename> AppExit Default + +To get the exit action when the application exits with exit code 2, run + + nssm get <servicename> AppExit 2 + +Note that if no explicit action is configured for a specified exit code, +NSSM will print the default exit action. + +To set configure the service to stop when the application exits with an +exit code of 2, run + + nssm set <servicename> AppExit 2 Exit + + +The AppPriority parameter is used to set the priority class of the +managed application. Valid priorities are as follows: + + REALTIME_PRIORITY_CLASS + HIGH_PRIORITY_CLASS + ABOVE_NORMAL_PRIORITY_CLASS + NORMAL_PRIORITY_CLASS + BELOW_NORMAL_PRIORITY_CLASS + IDLE_PRIORITY_CLASS + + +The DependOnGroup and DependOnService parameters are used to query or set +the dependencies for the service. When setting dependencies, each service +or service group (preceded with the + symbol) should be specified in +separate command line arguments. For example: + + nssm set <servicename> DependOnService RpcSs LanmanWorkstation + + +The Name parameter can only be queried, not set. It returns the service's +registry key name. This may be useful to know if you take advantage of +the fact that you can substitute the service's display name anywhere where +the syntax calls for <servicename>. + + +The ObjectName parameter requires an additional argument only when setting +a username. The additional argument is the password of the user. + +To retrieve the username, run + + nssm get <servicename> ObjectName + +To set the username and password, run + + nssm set <servicename> ObjectName <username> <password> + +Note that the rules of argument concatenation still apply. The following +invocation is valid and will have the expected effect. + + nssm set <servicename> ObjectName <username> correct horse battery staple + +The following well-known usernames do not need a password. The password +parameter can be omitted when using them: + + "LocalSystem" aka "System" aka "NT Authority\System" + "LocalService" aka "Local Service" aka "NT Authority\Local Service" + "NetworkService" aka "Network Service" aka "NT Authority\Network Service" + + +The Start parameter is used to query or set the startup type of the service. +Valid service startup types are as follows: + + SERVICE_AUTO_START: Automatic startup at boot. + SERVICE_DELAYED_START: Delayed startup at boot. + SERVICE_DEMAND_START: Manual service startup. + SERVICE_DISABLED: The service is disabled. + +Note that SERVICE_DELAYED_START is not supported on versions of Windows prior +to Vista. NSSM will set the service to automatic startup if delayed start is +unavailable. + + +The Type parameter is used to query or set the service type. NSSM recognises +all currently documented service types but will only allow setting one of two +types: + + SERVICE_WIN32_OWN_PROCESS: A standalone service. This is the default. + SERVICE_INTERACTIVE_PROCESS: A service which can interact with the desktop. + +Note that a service may only be configured as interactive if it runs under +the LocalSystem account. The safe way to configure an interactive service +is in two stages as follows. + + nssm reset <servicename> ObjectName + nssm set <servicename> Type SERVICE_INTERACTIVE_PROCESS + + +Controlling services using the command line +------------------------------------------- +NSSM offers rudimentary service control features. + + nssm start <servicename> + + nssm restart <servicename> + + nssm stop <servicename> + + nssm status <servicename> + + +Removing services using the GUI +------------------------------- +NSSM can also remove services. Run + + nssm remove <servicename> + +to remove a service. You will prompted for confirmation before the service +is removed. Try not to remove essential system services... + + +Removing service using the command line +--------------------------------------- +To remove a service without confirmation from the GUI, run + + nssm remove <servicename> confirm + +Try not to remove essential system services... + + +Logging +------- +NSSM logs to the Windows event log. It registers itself as an event log source +and uses unique event IDs for each type of message it logs. New versions may +add event types but existing event IDs will never be changed. + +Because of the way NSSM registers itself you should be aware that you may not +be able to replace the NSSM binary if you have the event viewer open and that +running multiple instances of NSSM from different locations may be confusing if +they are not all the same version. + + +Example usage +------------- +To install an Unreal Tournament server: + + nssm install UT2004 c:\games\ut2004\system\ucc.exe server + +To run the server as the "games" user: + + nssm set UT2004 ObjectName games password + +To configure the server to log to a file: + + nssm set UT2004 AppStdout c:\games\ut2004\service.log + +To restrict the server to a single CPU: + + nssm set UT2004 AppAffinity 0 + +To remove the server: + + nssm remove UT2004 confirm + +To find out the service name of a service with a display name: + + nssm get "Background Intelligent Transfer Service" Name + + +Building NSSM from source +------------------------- +NSSM is known to compile with Visual Studio 2008 and later. Older Visual +Studio releases may or may not work if you install an appropriate SDK and +edit the nssm.vcproj and nssm.sln files to set a lower version number. +They are known not to work with default settings. + +NSSM will also compile with Visual Studio 2010 but the resulting executable +will not run on versions of Windows older than XP SP2. If you require +compatiblity with older Windows releases you should change the Platform +Toolset to v90 in the General section of the project's Configuration +Properties. + + +Credits +------- +Thanks to Bernard Loh for finding a bug with service recovery. +Thanks to Benjamin Mayrargue (www.softlion.com) for adding 64-bit support. +Thanks to Joel Reingold for spotting a command line truncation bug. +Thanks to Arve Knudsen for spotting that child processes of the monitored +application could be left running on service shutdown, and that a missing +registry value for AppDirectory confused NSSM. +Thanks to Peter Wagemans and Laszlo Keresztfalvi for suggesting throttling +restarts. +Thanks to Eugene Lifshitz for finding an edge case in CreateProcess() and for +advising how to build messages.mc correctly in paths containing spaces. +Thanks to Rob Sharp for pointing out that NSSM did not respect the +AppEnvironment registry value used by srvany. +Thanks to Szymon Nowak for help with Windows 2000 compatibility. +Thanks to François-Régis Tardy and Gildas le Nadan for French translation. +Thanks to Emilio Frini for spotting that French was inadvertently set as +the default language when the user's display language was not translated. +Thanks to Riccardo Gusmeroli and Marco Certelli for Italian translation. +Thanks to Eric Cheldelin for the inspiration to generate a Control-C event +on shutdown. +Thanks to Brian Baxter for suggesting how to escape quotes from the command +prompt. +Thanks to Russ Holmann for suggesting that the shutdown timeout be configurable. +Thanks to Paul Spause for spotting a bug with default registry entries. +Thanks to BUGHUNTER for spotting more GUI bugs. +Thanks to Doug Watson for suggesting file rotation. +Thanks to Арслан Сайдуганов for suggesting setting process priority. +Thanks to Robert Middleton for suggestion and draft implementation of process +affinity support. +Thanks to Andrew RedzMax for suggesting an unconditional restart delay. +Thanks to Bryan Senseman for noticing that applications with redirected stdout +and/or stderr which attempt to read from stdin would fail. +Thanks to Czenda Czendov for help with Visual Studio 2013 and Server 2012R2. +Thanks to Alessandro Gherardi for reporting and draft fix of the bug whereby +the second restart of the application would have a corrupted environment. +Thanks to Hadrien Kohl for suggesting to disable the console window's menu. +Thanks to Allen Vailliencourt for noticing bugs with configuring the service to +run under a local user account. +Thanks to Sam Townsend for noticing a regression with TerminateProcess(). + +Licence +------- +NSSM is public domain. You may unconditionally use it and/or its source code +for any purpose you wish. diff --git a/nssm-2.24/win32/nssm.exe b/nssm-2.24/win32/nssm.exe new file mode 100644 index 0000000000000000000000000000000000000000..8faee45b7a619de41f6463ecf170391467deb199 GIT binary patch literal 294912 zcmeFaeVkL(wFZ2W2}6KD0%S1NL8C?;Wz^9D3(lYs2gHh)WSB$?4A|;;nv2zHV(l&J zU}k{y5T&<TZL79a+uGY+uf5eWT7`i@5XBF~4|=iH_S*K~U`wmQP%U|%XYF&6%rGBz ze1E_9pBJ4ZXMe1<_S$Q$z4qE4=hDxw)ygzYbKx(a*R&3N^Iup#2mg2*+2f9Ta-8<q zs27g!aLjw*_yzixZVX<3!*$o(aOJhZFJAfOFJG4me&Ooi4e2ijzx3r`!)1-ZYp=WN z>NCcU9UZbjKX}e_SNu8g&}jSb(1^1}AHegW5vPn^gYV97zBT$?$^X&ldPxtCeoek> zM*m5^r^$EhOJCFpqc6pg*_t-b;nMC3mo2dK-qy+-V;rM2ZG!`UPDyS&55Il*`7*xQ zdj3Y%2z>FM{jGI^Q~1BUaRm9+Dg{}V7390{#YF9@a;LV2KbAVR$|VXHAOF>Vro&09 zivK|8Tz1?5|ISEVeRB$V6Q8o$#kPX((tklvb;b=>U75O4(_Xn4Ic)pq@Vyz|CI7-; z$Qi1bwxtFcLA1k<Z%^;`pj_t}H{5u`7m+1xMVr}fDUUS!Ul{Q0-~a#j|F;~-><iR( zW?i9dL&$|cH~u{M^Wo2LG=wT6dfw~Ra`Qs&Xi_tS6%MVvGj(Rf^x;>;ymgkQWwy8? zI;1>oRwFIb8IG7oH89!JK{3i~33SzV@^c6Ot#ePE1rTXRSKLU2+{sDt{L6qivg3nY z7ii60$)n==3RMJYohmJ0r5)UTOy^0fB~4)QBeQSrx}~Sg(rUMW;s#J0X)>0DE>9TC zLkqIYLjj~#w!fD?HMcC}F<yw8o_szJih**{5}|LgF)!3myTg3x7!bc@ZdYSG=}hR6 zS1-`aNs{D2*?GpcT*R5XDx|d-?o6k%rG0z)Lu2y1S1!<|Y~I<EYtWpLqy}7}{H{p8 zB7$^dfBS*dRRCTYO~lO)$(k*my)>`61)<7Vt|2r%vJDkzGx8M+Sc5o9;iGO5N7=Jk zJeO@pH}t}h{+vD)#OgtQ{KKJjnm?Lob;DZp4v>X1TYPozrbmN0{)l-Ua+?<}>3~{l zcH4Iyt=evYvdlJD0^L15s`~*knUBTIQ9^vc*qTj+s(aJO)|Yj*pygF)YE@>F69|1V zqe(*pD<dtS`D{R|i6$K}^Dh$|T0E&4J<@>7(PR|z*O?$~UdSIcUqya<K9v9&ftdLu zo<OoMVm^vr3G)GbModpw(@+|1az&#0NQ&L#$Plsn!37jIA6rLrZMW{j&seRS7xEd7 zOphZ~m+2XiI!B>tETFlVzvhL4QT<GUZMMN)46q&L0JygTOfxQU=lo$17BJ?za#Ozv zp47A-@U}e*VK?ILSia(}moI>Xd)t1+lsRt5!@Wo`dcNU3yvh5kohWf1o+C+ju^*R( zLfP3=i+KbbF*l4CQhZVKG5k^;>?w5c7Nkjo{~OG(8tg7<u*+)jH;yvqyAN;n{%Uh1 zny>f)iD=Ry!2gg?nAY<Zi$qe5*&s)W6?+9t2t>_uNdr66tii9i`5)&InJWScLlNCg z7S-8=oLnRX!)k%^Uk@nGpS`DhOzxo&ax^Gs$hcJV{_6cWXnL45ndcsN<0N3JF=n~r z;Fcu1vzKb!qlw>`<pOUGcb$9OO`AcPul7J@#)xz+vO<P4V*czSOQF-jlFnP_vskp| zd{XV%K*s=8AXi^NmXfQ>`D-i0#g>%kk19wC7%+p`!hkbXm0(0kMgty&|7QYt$4Ek+ z7g`D|1O-#lW`Uu70wy<dT}dqxH7^rdJ<1X?cgGHBz<$`^h<W2bY{N9FU^h{@QcSNX zRmAkF`Y=eNM1N^j0o)TuzAHvr0nQVF(gjg1C`#AvMJs5FXdK-U^NV~2K~eJx{EC|w z;WJ`BUavY=uVTNlj5Kh*^tq>ljz+VE&1GERX)!K#DJ^gtVOL9;XKilk+7@U(72Zeg z!bp18znq9c$}4ClZL8SRo=?w20Z+vI%{ZaN9W`IVFD2xQ3PS!C(u9WRW{QyKE*iB& zNbs(oWXy5JA_?;c=m+omaY<*{OZw%g7&Y&(I?B5~;zEuQcE=*Q1v8v6GsPSjBA}j^ z*%FFor<+$0|ALS^W?qJ0OKLj>yy}+1XOzQ~N9X7iH*aetDQ@uJEq&B{MOS7fM=LEo z0@bhR0{dN&xH<AL`x52SdpQtcluOheD2!_(=!$8Hd_^mye+dNeiV}g4QL+6%+8z)s z%p+{f=|2O98#o^Pr-dWs0_rXfrWj}L?-41A!^R4DW80GE66hQ+{f)*VjEQ^FBWpVs zX14fAbY;YR|DY{@qor*si^G=)U!(aS0-B?tatzFq#yT_+Ln+FJ`VwZPA^@c-!0uqw z%zMCF5g;knaXmT;!$si8@l-}qzZP%FLQm080m!f~3PBPAIL4fS)anF>%^-&Hy!kj_ z1JflDa|M1G`!k1~sq-wx0(&Sb>2dRo8A`ev^-&b>HWU`ox~@({t9eNWJ!7GdqFH-j zMk?gH=^QoQ`}eohfuMBIyMA8iXb4QD(XihYjYZ4@698umIkJq^=G39q4KGGajl=+b z(jlx(M9p%fB#ix5pTKg(%s-C-?FUlvxcLlzMa)`@Mtw9%{5{fy#2x37L=Q;hkfu0o zfq~*j&AU(#Gy&kZ@v9k9EM*#X7r}g2zyu>^yA8(5FUohmA`JCJ8-h7cC<-;Lhp6Lm ze7>Rq8Fj8ux;$So7e7TzqwtSD%vVgsa|_z&H}<!n?LKsoJH{^Z(*jI_g!vm2dM8MR z?=~HUMQR%p$snHV@!Y&nN&UY9FBu*J7+Uo&!5fM=!0Yfiotn871D)+=wuL-MN*GUt z0{G5s47wmZ-u6_jrZqN!z-qKkF%>o+oB}(O4t?o<jZf3%2?AWH!3datc?4s}e)^*a zQng@FAR=}<mvF`a>3TIxPt-N|9T8-QBIYts0(n4g3b`$r<$#o)oY@AS^)YBxG7kV% zI)O*cD0_d4AAM69(;uc~y;l`!3snQ6&iQ`CoFb(Hxiz6mBw|pmK?96w>|ylu>&8rW zpRv2Pv-TCh_D89n=;a3V^0JV>DH(}0=HCDge+<8q!A4^;`!~N!Dx0;PPte*)eu;cQ zP$DR;HRa!sVT*uctlm^o5#$W7B8RJCVWb)O*DH2RK(!|ZtUDqZ?%m80CC%)pEUilp z`KUn?V$dpoB-*#CtE8%6>^OA*k_WBY(NK!DRB@$a9DUI`O3;ccJV<Lr>j!SIqI%*$ zRQFT6w9Orp2PeFr>b+<W4qCmepXz0$O+T%)da<);0b>zpc_;FFH@z43(@U!#!Sx}r zPaU-Sh<>n_N}6K)Y{2MG!lV7vE@eFQm;+FMRR`DO4$e#luIuV6YNbd!7-Sl_?%-l7 zie=M$WMB2g+pD9F9~5s{-@3hIgbF!an$H-t?%;UgKMWf$Cv5}M?CeK2oTX|}F=+K6 z)#8}a>PPleKiGS9)(NH6kI<?iu~&V%>Suns>gNnveMplacH9>7BicSxbtpCC8pBX( z56K>|?%;|kN<GZFM}G>uA}0glb@o;2UJ`!Fr@$)`GEBS|4vKehnnkGx#5<I1bcj+9 zSba#f5~Ut~b<xV<R~NM!e)Z{tv%MdS)Js|h@3kRW$1!?f<r>NwL#Y{(8irDfzzkUT z6DajC>xxnjv+jxH)iCRx@+s<a8Eh!LoGx*8gPBdQ0Sj~SA?udRih9*$9CKj2pG>I- zW>-Ig-3vRFS_bG+5;)&i(}tm{i&76CyD0VWtBX<(SiPWDGRXz|{jubcN<CopPo~rZ zRxe;L>Gx9XP-^<o!&GY3WhDTLUDkKh>($-Dv65=&Wfk7}1hd3h6x0Fh4nA^?8MN*v z6Y>F357|><js~ngR8MuBGAQvwRu>^B_TG-L^!z87V#+LF_{7W5GwkY+QjQ_Rlv3l_ zek%?>?nq}1h;;C}(o@5%i^#DijV*Q)skb8mgQ}G{&jaH9Wa2$w^&!Pu9J2wd4=JBj zcEkJatRbt5cn^quNa97j2dq9Mb}>qJ^<vMdVB65~8_^EC`Vq6Op|C?cIC}TXw?RXp z9Yi^B-NA)igl#~)gNI*^{S<hoe2Ti#%Qnr$Zu&&Zb-|!`2OoFF4qmq(_oj4=Rx>7> z>?6cuNZA&}9I*P3W<eBl_|-)*2dq9M@#53k)sN`1p;V(oG|R4j1nY*X4$Y#=FkH<V zu<qcRCDJlr-N7|W`g*{+Bl`{?BTJ)g($T}LJB|`=*ZtSKNn!$a^&`4zNFkAs?10sW z3Si4pM}hbwun$>XBz!>ZLlQ3%K4A5sM6^Tf(ty>6#4ZXlVD+J}LqRwW3|B!0tUI`Z zU{8rQFy6uI3cH4hSA=}Px<eXL5%K}657|?)LN#FZ@_q)9@>1<SZBV8SSzUyDK<q;j zFG4<G^`XQ}neky)hm_K$4p&MCtUI`*9Y=-_vu^dLs4J`<Cf@L;!0R2f?kCfZfywSi zynBTdf`ejr^;5mqg5c?&ta?f0tygu?j^Pt8lfD6~e=_YDcJ*4>X6t)`*3D9pLKx>0 zOdm?B{VQP{SqU9x-80x(L)0yaw)K(|Z2B9rZb_`HSKaWZsLSox1JnG8v_ssgQW%A9 z8q)mA64ihl8&bezrD^!pMLPzpJ|yv?9RpS$l6diOhFu+F2MybB#}3x*?G6hh1l;<% z;=LqIq-8+7gHHiMl(Yfs4vzP%Pf=I8X_$Di-+9<Hj~}$|km4a;S?_LQ7uhiZy%XRE z*?J?IHDIfU#D3<dBVIIXK<q<mmN?P_Rv(gh(X3%thh|aChpSn3-J*8c(Y8S~OQglF zd&FFCaLqcJoi$+H!8J>?a+q}`o;=LDqS3>wE87nTtUIK5h-TT<i{11|HA_}t?dnJL z)R3}WGk9kWrPrca!^bX~HDL82Sts^z!0JP`T@-V`>O*0NVp2<}m`C*5;0~cEh+X%H zE*m^XDndTYy27pj>kh7%5(6K&?oe_fIx=AOA?F<;<O5b8vZHG#<aYHVI%~-4BII`U zBl>H|>LTO=Rv*%*6)7FC`X`W5@_rb@hYZ;R)*W10WV{|`U18TS>xz^PTz4ob<+kW2 z2CP10Pl;X+SbeCT>JT9xu=<c<CYE8q>O*1|9T~9t5ZL#3h>rAET@ERz>Tw)Y;MRpE z?#GGaq``#b%#BX)+&t-pd>&7;%}V~5nAA2#nEZ%(a&L6-DWaZEG%r#=YRvQ0kMqoF z>c>T9HGX8agaKld`SK2d<yR;+tEZzkmJ!xt>gfap`N!(%6qR?cdOB0(eM3E+W3Es? zW|}wShr%&ifxd=0ew*k+>S>Is{yp_{wD}+EN9D#5#NVc#PEmz!QctI<JY7B2ZXC&y zpT`ri`I9qM;fq!Ftc~0!VAiRpksDon`t9>VNrfu;l6snKZdE^yH=kBNPBR}<Kh7|J zh93(2RE7P!D(6CleGQ)~?4}({WRq|Zy#hZnTY}At7aD6qJfgD%=Po_J)3g;^_*6Xd zCg<sDJ8{0|790q~x$P9rac$@K*zU62#ag%}Q$I&b_uz2X9A}v4y5BRN4dY8r)iow^ zm0BZ?#vXBo5obYP<%yc7_|aXabtWC=qhLX1i+{;N9>{BqC(QgCa(D}e@D|#q@ZeSP z@c9`nndvjrRZlR?L1M;tm*>8R-#GN;M3$C5=v_b8DG!HcrhZ#&4-fCT6G<(pHRda- zcru44Do@7IA|B<9nEN2kJf+*HA67&iV-baeUtLYc={$=W&$-TrgOGm>wd|wn>Ek1M z_%*b}%@3<VZ$VVipytIqR@Rk>TPSg^acTkK*ZU&;PgMyAy#)ae6k7mr)N%2Wg~hh; z5E@VGyKw^n4mGySn5}u+ehMbw3{i-5CX9Sb<`x{0`Y<)gIzQZ!Id5jlo7oC3ou{S$ z#>ezk42_jf$MLCDEpl+)59cq99v-X8r;bhFND(M@<)QgtT%jvTShp|U?c^z>LJ13U z%4gxTF&%8l-0IYFUv_%izl5WQ=tlpN=7o#9*q=#9#GESk3b?y)=F6<IezSdX97n7K zCS!lx)Z|#G%iK)>JrK!JIK~xZX7Q9}+<cC?`vDh+bzj6G&xm=if>*W`Lez0N&UTsS z?9ocjqb)#E+;}Xs6yJLOHVn26p+)TA3Lk(c8xUg)Byk?B2DNZ@thN(_u`5QF<F9br zgB(9gYH^+C*(hL1Ui)w}?i;{ywfY8hOTNMnc+C*s6AgbTso^Af01367&_U7w70muG zRgg4xDT%Dzp6N+=@7k1`H!5#zDi&N?EJ!vL{*j;Yh&lUXGJ!pKAoZEJ`6tCW%9O2% zB3E5I)^*m-(s*k8<DFzOPR>@zxwd3DU!jq;Od8p7FQgiWWXDQroN;p@3#Sp)894NU zn?-S!&Y0}MFPvPCF;l~MBBC)3*I?vvmNAlu6cd99Jq57Iyvj5GuuHV1z4MlGWdfEg zgv9q2_Z`u=jTQX%fo{Q^0_K?t^RrR3QrEE5mwy9dd#S>V9>WQvII!CpQ<GuTraI$` zS{yH>CW4-=G$SPx$@yeT)skN4jWhegas5p;1FXFYM+)Vv_+>cS8G+T@o;nJcBbgrW zE#oqqUD<hUE@L#U<9mp`&JzLQy&#aa*tUkYN*XYrSc(+zR0lMCEyEX1R)-ZMNCEoy zLu#nizdTdxhN$_X@tFCY--wK&UJp97xvQfZhab&3yG!N03Q0y=Xga=NBA${T5%Y&d zkm=KsHR{0Q<*y5Ws&VXcNi(F6RUxK-fMH&-g`m4|?h&_lXyAGtO|6%{jG5C!Rs877 zvn^6=h^ED>z98=`f>h>=T_D$};9IUC!FLdUA^cV0uNr?fP%RJF^YaxSpt(rl3H};< z`_aI9(1klpJSY_4@l7OGLL_{6u53jmd<U<_H+bjfxlJ@u4t|q!Xlo6s)3Ttwe}BEu z-h!s7A23fMfiw4^l6QS)B%T}rQK0A@t2B7#QE&rz$b1QmTOl{~S1~aAQ499q50Doh zy3rHG4^J#Ac~xY3AMxJ-(TJL>#GuJN2$_9Bo*b`&rM@z5Oshm4aKIf&<X;EeOJN_8 zf?pS+kpUb}X6k2w#E%2-KHMd;a|$%W*g6G#jPYuUnkk#U!-M4N_g3{AjSK-y^AflW zeF%cGLEZL)i^kuKv2Vhd@UDyiN<ZvKyAQs8{Q5T6NXVhhHb^_@!`&k=etwk7)Q7ZG zIS6uR9X!#jV8CUtphlu+@3G;foWFEX{#6<8uXe?V%L6D-VIRIQHX37J1`Unhz<JxY zJzxlPy?1rO?u><5j`BP%OGa>Rwt^+SzuMENdyy5(zmCLpQd{>S0lZ=<1y3KZY9j^1 zR-rYdceg<4jOczTQc4fXtuskZ-1{rsf{=iX0`9n8F5urVCM!~Q8Dm*0u8$N5Z$$FD zj0%<FMoKKt6btRTcTiGBmvOY(R^wd&i;kUPjAeGBk#~c*B`tjttpm8`it!k9I9U@h zO<aSK^PG>aXfzkSN_$aRXi;XLn=XYPcmB9@vmJ{wTijhu=2i@ffKkZ-1xMSz;a+{I zW~{vnJ)6CopY#&_a%ws^+ZoZ{g9`(-w<tJXpCX9k=5;{aWL^Q?%ix+Bb%hQQw8BS$ z&%(xlM{JC@{r429vCpD8YDjLM)aKA4x(U$5#vP~QAa>YzJy{boC#cIk;3~>(2}1cg zssBEQ^v5T-%D`gY;RU`~q@9qnz^b#~I!ngQD_-EIy00amXiyy2_X&1fQ3U-?%~H_w z=L7oP{x+u;ll&s|<000S`svd6sCk22P~stdpg|M*jEWtF?$k#~Ut7R0G{!PZ@wD9u zCov)gifun09b2iNEzo18zX+Z46V>_>;G?D81>k~L7t(W1WJPrrfKJ+d#@^Oz1$e|< ze~7aMA-w?HqHhc<V<t#_y$G{BuqNBCwV{W5^6Amr<R|FSl(reuXc-F1t$PIN>r8mq z;cYt(07L`Dpoqpo3m<l*Mz6^E0TXVKX0*HT%b3QIyEb39Ej5O=4os&*W3+panSGi? zvQNA5i2^4ZIUj$$lp15?w`y8Av)7S6XyjNlTCAIWTGeG)W9+NNewpMFk)w1f;iOsE z-M+`$_87R4TX2kvx3rK1nG9e);cfdoa*PTB$z9@zCUn9maM#;Dk=f+%ITnYT)a4-b zukE%pnKe)gXdESmN3kr4p@mA0vuqYSG~3RGV!%0GK%QZNbSjX&YYW@LIgbYASM>^n zXN9o<Gera|^#<lKm-9m=Gf=Q!$PFi$o|Tf5BW~5X(TGKqEkviPzKYc5OSxR^8@UZ= z?|INE<8G$L%=4b4pt&$m2YCb3FDW=Za)nF6oOLd_!OLSpL%`iTldcSJ1H=5Mc;6U@ zwIP~*x-QM0$7ai2VBgsWq`Z=??EoqB^=|y#Y<$@(u|&jNu$|O-_HM?ELqyoJ7-}S8 zH>redyOJ;VqBW>66ZcSr(A1Q=mg#nK0}VYXVztzqjV-;Z@#8a36M~j@Q_dQJ&Jd93 zxY2qI`hM?w(2}~Il=XBbp27-iSttF9*Nw@PQw}nm`c5%&#75V^Qli>U;ewI}B_w(f z9O<5?Fj-&#pmtAI6t1o-9ZfWHY^4%XJrqnN;Xy&WU;6!ia!mIC8iXuV5Uu!!<ZfTl z5>Ck|4bdVa3mTNZxeq!is%UvW<z5{S9q&=*0QYN<44bCx{i5ghvx;P7OG!Hm90X}W zjwqcU6wF>x|4RBVlCXNv5_oU>9TZrxHpaHP=ToDNyiLj{qxWu-7PIITeT+1I0(x;# zP_ia!`ud~y?jmb==hIU!iJVfqj>3Q`BNU~E^<RD;2||7C9>}sZp}@=k7aOpol;fq= zB$xAG@*K_G?Z#KEF=2lBGE(b<S%fy6TaZw(bE2vHF+Z`S2zM%i{wDJuUuB&@FHJ4h z6z_umhPV9(kSOK8Dc3`vfCP+XwFlyHdn}8X$LIv-LK2<aY<ne0%Ra8jrwgA(1sy<r zBI-gsmE-Ge{|3sglMFvHpepgWv0GmYUBqQCGX5F-jVq1b5My^BeVlZ~LaQrg|J@S3 z+?)~3V)*O!-!fe;Rtnx)!zjZl1q*yRTJD>weZ_duJoZIR8`VzYM%_)~c%@Qs`OAt% zLCZ$y6-8nXyzJf3nR(lhZRb5a9s6O7<-!@`pXTupr;fidK|;I}`1p4|qPAw1@$r2= zN*MD4%1#CS|6Fc0Ji_P`A0W>hi&D9}*B~LLa-aB+$p?z1+t(s9^27lqza`0U3y@X; z@=qo|TS$g1FfK<<b2ye3DX*h~USqcXX4JAg5B}soqe1|-FBd#{0{kigLTU7OAU?VK zLuh$)!$IV1Wc0_p7evDbROzouc8zO<7TeIninlTclO%nM<ji%IYmp6ym~$0##EpkH zUF0+%(_K|!kqWhBo+dOc1<z<IDwDA-nL2r%2m1J|T>rkF(g^7?`a)kUK;PQF6m=Xj z#jxfSEHGZ=A=|DaGuwU@J{8DZZW(?@pWrOROhLeMcVCYLbPVSjPq>-9Sme&VZXZ&J z2aX2aLyQb1GYyU#-nJ_tfa-e9+`RK$(bDS}d0k%G7)v0ziyV=-z$kjIyg9N`pC+On zGe7@V5p~9<FcOLz*JMshiPlkx!7k<c<S?t}{Z4*f2)f`Bu?(msmcgzmki{|-1Iw`F z2mV6K@b--b%TNG{QLr#*VMdJ3^~a%+A#+zZ$>Mb9Y|%_bZq)o4K*2a#<i62lenX&& zmsWskRM-quo@|-)o-GDP150qp!tCQcNXO6&A!)AdRPG(5GW)n6DcM{ApJ0HMV@;st zK0FNDBf!`tU2${A4d?~(8_O4nn9o#p1LnQ`5cn21mwijq=As?AvD3TiIV9yn?e|?1 z)|8{Oy6E2}%$@J$^KtXn00{HhEJC!TOaI8h!69M(QgZK?Tx;%zT)7nsVk<?~N|Aq; zB7QXsLy@Ug?hTT=$OZt8XvqDnmAgQ4&$DyMN#stqa?g?6pq<Oncu7}o4yKyNvIK57 z^-GDvUm@{+#OjuG8TpQuu=Y0o4&(25wE2AeEykZ6i{N)}em2I<uLFcIbhes%H9H$+ zKFdH4Obpztkusm{zP3?6m&jcS^PYW_316nCJmrm>UlSr+%~-}@51saPy9dg=t5&HV zcvD9Y+)L*7>VeAuCvMJ=`hn(!eY>DWvX7Q*+|nxZXE3SGV$yh_0+(pY{1+MZRz?p* zId1;pdeInUE7lA9PGAwR?=>m1QHuB#<wpKoQ29mt-HyNS;qOR(#m#xBBJ4T}LhXw{ z1fNv;OcC6O)+QZs^RpRYfm?)-J`#lRoiBj}KR<#6^MsIdgpi^T_7byGrN~5!R=csb zn2nL#53f^=wc4uBuvqclyJW>1cCIBz^PN%sM2i#8ONqy&gc78+GePPW{9TQ|)%g3d z^+$f3J`?p)<1?lsRo?Lqn$y+swtPOtPu>@~2)_MN&D&N6<BrS!E{7RI;4NbQVY6*N zVNT?VI$0_3Urzqep3zH(DGJb6L;O)oh(NOHPgwP-P#Y3axAp+dG3QD!jyGeCit$U{ zBg*?16XtWKjAkKYcOycyt{VhO#7sQ}7+p}7++19m%=<=L+Fwb3IAzn$p2l3N+>w9H z*k&HfwG?>6MvuB4?+MPplldtxMgb^d))2-v1;bun>J5sJC>X}gu1u#3t?_}@_G<`M zZhv09L_eJ8a!H}Zh$LN)a#b+Amml0pe5o_^^T1@&!G_EWRY&xF;4PO8Fj&JN|C(F~ zAedXt@J;s#Ab45Ky3J3@M9fuE#?LaWq=yOb7k|#@fhi2@Xlw=RJY!vMw-!ZGL%!lE zMBPEcsTK)i0kkS+-iiYYEUvC=)-jz*dN8ih_dr^}n8x`Js<}DQLLa`)lBLhhxLtBl zA=n1_!S!BPkNR<EX?)&=B%=*CTRXJVeP96Brug7(dl)iAQ9BwI&R7#-K}4q)p!SL_ z1hm<Q7<5}GfS<Y56<7mGWDZq%S6z>4-d|;xT^EM?8Olw^w*=A<qf=20S~eAC!)B<M z$}@J;Q`OH0t8@yv&g=OhyunDLd9qxd8c<a@B1>Ei+XHx^B4}v;C&=y#P&N<XI_eoy zgo)s|&#qUYfq=cd0@?y3bd><mV6!APPf9@*1wsTF1XW^Mb2r)wIo#V05NCIq2lnRk zd%uR?k2=hE`TJV@F8EDcT%kucH6L=Ab<p>{^NCp;*5xc+&qr}oujS+Ed=v+@nUBZv zk=~-kz7j4-D({Z9$RzU+@a6@Q3G;6fp!DzkJv3FPJ9#AgjooOEKVs$D?3Z<-%4nnc z-wHwrU+8<5uze*#TPv7FFpATvsBpUbO5J*5_xA;NB>jrVXDRI6Sh=)=^A;mRj@1pg z9$qd~9Rn6YMHViBd{QKvYj?;vW<K(CiIlGGSQgfvyEd%-27f004&v{#Uk+>Q@fX4G z5Agjhe19K*Kf_-DGOKy;&*3cN7yh|Ml=EvO{@ncG@r?3}=GPb+X6ql;=j@9|u?h=y zoZHCw_Plr^(=*?@>L*}W>g<f^Or4l9$E8O$<tyHX3NLA1j1_w{s2=L|A*>wM-=JGi z>WX)e-Tf8-EnRW5`!~>o^efi%aWDEpR>D)A!l5w}#c>wnuz%eaIKy@Oy=~*M#mVrr zGcaw;Gyx1N%Lq>RA7@H(G=lv}2cW?I??YyG8td(S6LTyv1*tUD-`l<j2GqMAtJE|G zA%09eok4eR`~RS1lX)^ib=|dAWA;9PG-KL+;_7b7zn<yQ)8mtF{E9T0)e<FicaLf^ z*GUit9<R538ESw6wsr4P)|S}3_(4V5bgRL}ek|C*cjhhb(@_`(binnx2iY7luXQ?? z-vUr2Ej3b~1wH8=p<jS6^XNZ_S+0T*^}Z`#1z#b|0R%6nY}U^Me|PrKTb~XFE&$AP zwT>|4%6K7l#s+vvn)%{87&4}Dl?B7*gXD1jb&1+TfVq-@i8+jPw|B#rSo#MjErnFf z-<T}jGXfz2{X$aK`g;*=APiy9RQpYO4V_T*Kx}7E(t#p1Xk|cXMC{2TYeSM~W&jPz zVRRnT4;ANEadc(&<^h?p-yE;dVJOi*2R=c~^-D>{p|^z$US?va&u9AY?Q~}${W7L+ zx6{k)bP-S5Ji=^XnIEY#R@3@zlyjg){Tmx~)&HqRF|Nr*Nqo}-tF4dY2Y+Fp`~U(4 z^PB(&^x4FFdM~`#Pt-5!vVl<FNYr~FFytqr?LdvI<XdMz6CTDKLZ3q<&%RaKZ~bDR zYtnCzValPIt1Ju*=&*78?j1AI7XT6ZY_URB+GkB9VYZ!K?6bJE-%c;~S%T>mc6y=D z^vjw4&)->n@3Q++zk=z1w9`k}>FDD!-RfifcIbaYOC<86qCr-$YF%lN%GhnzpDY8V zPrn=DA@M1wDQ_IaW!tyTFzA3`wC@oI4B{S1mc`6d|Az+BkD;r94R2*lXe8=|>$ZZi z{^i><hl96#1*$tWiak(Vqz0Vu6uc%QHz)s{%pc0iHgD>2X3UYB-gZrC2u+3e>Mw)6 z&KzdPG~9B6NbEWV_({l;Hsy8ie{Vh&ut^Y5HRw(_Ib1mBe?Za$QS+|fy6J5n73F&t zO;*=gt56nG7`ua#+fg!E$h9I&FoLum`bA`N>u*cts2}|YExw&SptuUW2t<-2ME_yl zZT-Ivl$$dk^ORQx%kmYpF)B1x>?KCwV)<R`Si+e6F-m}~Z&IG=qcCzWEA53Ck<|{y z>bSx!VK}=6-548I5d-6RbWa72U6d}4@PT-XWf|nd>bO3aJXro_DG#{5QZjYu+y3&t z?f<g0AF|E%Gc0GfpTBJ~81o~=Op|CIIzjxD2nc|V9ol2*K+!HnN!su2^rDW%n7-Xk zFX~t$(|=*77j%rGW9y7DR?&nM#tb<KT+CWuSGCZ|90b<(YCqm&!x12y9Et3H&B-z{ zU^<kQ4B%S5Vu1cRf)4fqeS~~ri1SUsMlg<l?wvit+c3AGVfeEJ>{`O#4LK!zhV>MD z2@y)`#0seW2jT;(n5ASfE-2m4dXmDBAbJA(MW><9^h>1u|4Z(3=i8C(SN$JGo}~bz z`U(Ih?P$M6A7f;SKJgGydmbFGg>boU$81))T$z1UO>yt~RA?$AHT4Po2XF*IP#fgX zFfsehE(>|ES>a@R1Lu_AV9TF=8c1zwG7k%}*lDP?GE{XL)51_^ZZA0-?oaY8sK8|I z9O6O6tF2k+v(Pup*}P)QKrh@V`f#Y@VVyDj=&!UxZ!MOFNvb!d?Et8VI9*L<OleMX z1mIEWTQavfq1~MM<SufiE>_zn;9g-0Rew!-hW=NG9m>iK4G}(XTNMJ@$_bL*!5hsu zfXi>E`n`7qim<-!ZT|;?8wqjq)GinZGF?Qtea7i(-^pw2ucQMe!}2y;&(~6Z@sD!% z1lrK|%1P>;XjIU5%H7F57*R=tSST+kw~8Apu(3`_k5#*LI|K|XU7g&WBr<Amb5MRy zZk2?WW%q%|9!u(UhG21wJ2emi|5$VqG_o5q8(m1$Qn#u_XXRcLd<>Xv`WVJ47E)e_ zT9p>yvUIM=z5?0q^O{<zb;!E4EP%eI>R`m+dZTdWHH8RC+ykWQb<a}U6nZ;2ppeK9 zuCn(kq>iz`6~<q+2}x<*DlT?G(5{Bj@W+gMxabA#4o4#~^YL0LfDgGrNRm(2c4H9g zwb*syZt9`G`xJCyz1nIJwYC}TqVPd_3)>rIYs4z9TmfKJ#5_2U%;CrnCtEFhVYZKL z7>%WzHtyj<(wKX=kmPOK38t4i3m7{HK%`HMij1OEeKonZMpK71nnJ{0!=PBt0DdJr z!FQ;1Pz1IA?QDfhl;-=ySG)bh%_lxzw>j;?GOAnxs(&6T%~jdc-eAK$wR_C9letQM z>$ze*u>SSDc`WS4iK|HVi9+_6&FKk^5rD1K85yud=t47&nsvLEZ?)b&!G7x97_N|k zO8N;0R&fWLBYnC(u0oNd!D^J2GBQ#lT@BA{t8ph+!BiD{2#-oWG)IASrcbx(*$_E^ zgGOR4jLaOrEjhf0>u6S$n8YXG3Mg2v^ci*y8yJUps|hyc62wpvY^>tCn_VX&InWUW z&7D5Ru3|$|PJku2T${7U$B54HTGXpBV2kc@{jHDg8uxG!P6l@Dc$IOL&P)Xd!rYy* z3@3pVXfe&A+Rc_*#U(Qp6G3~JA)DZG_i*_wCXoy<jp><<vZw~?WhD->X?aEv2%8tJ z8@Xtvr5e?;SFwy*VN=~HBcQ`xQ)723fDUVmp7gLRn*oCwC7G1j$kjG2Ju0)2i*H)$ zXnWwb=qMd{@8oKnO$1)WCdOq~W@Ab~9A&KH;+)+Oyf93fu*+D*CK`8gwXkkex)KUK zI@9AyjmY#k)8lwNBXh`=Iwo_-nd19JeEK3$n<n%9U7|MKE~Z*oQa*jLmHn#9Hr8|1 z3Cl@t<NI8N>Yie(=lYcKeXdm@{g%Sgmer(^r7dJPi{mR+EZ%7T^$gpJRVoWsvMASN zUMVR3-KW8^sh1VUn7!C2y$`#FiGD95mf1*RwAAFxM$(DVicXQ<Y?%hH)d;lEnD#PE zF|CtqIIV(p2dl!y%vU))Ox}%8Ilm(22<P6ht}_94xDwilCR9S8-YnLi7pj5^qR38| zlF&jpDVZ%*DvB%TNwAB0IbPVa4PB1deZ|`_YFraZpQN0UcqBX0{MO6lKM$51>(W}2 zPIL24G2q75UK>iIz~ClOzre)HnxI_-`X+$Fx?=y6xBX6}@KrfHvXaavBtBRTUCWl4 z`yPd9Ul5wAPO4yl$hjtPC@4LvlKKqBj36rJ{G<3H#cFIQe+>0d+Bhcj(QPR#U^kk7 zcu5f)*N;;Kk5>evmu2;n5M^M&_{4K5*87NRJ0IK+b$;*ze)RC;V}59O%h!W0e(-%? z31G!rFYm*sW<GhCc-&HJBZBiV>E5<g_(s>bqWT(?iI{(sLLLE#e(=m#9&)A1a~EZn zT+y|T_|SLQ;d;Fk?yw3IF$#~9!fv%tbVZj@A>{@5<tQIBS6k&tBg#*f@<*wqBfOyu zsBX1hSO#p0@_JIP&ZD@csSvI!6v0(O!&D0<n_NPJEI5H=az~LIkm4h(;_B6%1rjJw zz-g0!86Y3AuBe!e7^gHI`<!>HfwT;AF2F$#e}AIhDDKYg=Y60{AuBos@^Z#amvX1? zB8ujsxc$N;Y~)H#<~*bd)Ao>g%nwD9xG;aq>3Y>~xZ&A45B1WEBJ$858L}B*<*P&Q z`Uz{y?Sd_3?79&wu0l-TaVnFs{FMr@2AoIDuJHw{2KP>Q+pfaUuKNX%8=vYOPRYqp zbL~2TAf%inq)0KFoN$pGDwz#@gay0_9TY^|{yRbkR(B73+xV7abmvHD=`y@kQGXk~ z7uS1ZJ^DzjEM{YU?u7yq*q=7mJAbU008R%QEzHN2VE#GE0&_Vqr?O>wM?Z+y{osh^ zvY3rHT0~5_vJp?R5n~HCUxdge|G0{f*yPl47SiR}a`b|VinG(+`jMiSU4x)+0o=Bd zbV|F8=D)3U^!WnR!7NV{%)G}+A241|iHlI;=Hd8`#c4!Wl9Tab)9*`zDQNIhmX?az zRXY@yMbMgol#%=?f-B5-K3>k(@_EqIe>(*R6Q_0HQp!<}kye@E&=c%M&%LGey!w1U z^nC9j(jV@E;c#Ooa>XK^AA(LC+`Z(OPAr^+&97M{ENbL^m<)NzVG$X2JecW2CIWb& z9$vhguXxrPd{W2a`gII`7$$Zg37eu)Bk}uX{N_6oaTdj%F(2Aa(p=ch_!*a+!>qDs z<uOdWLddC^<sideMrp$W9}W%~e@_^PFvg9|rEtDrD+Yrt04=Mz98>Yqz6%~;>pb9d z01n+_7^}SN=X<>C<D(567o9UM5y7WBip265Qk{4#M=SK*N{82k!dN~Mix4%p-jDI1 zEi@M?oI%Ws*1jUL(2_mMxGS^>1mR7)jpp}J%vcjzif0%U>CewT$Ym$CLI&&(9<(#h zL1M8z5hOJl_W_Ip!zvbAxw6P1sxp$rK&)C;`(BgG?~`Rs$&nm<h0#5A|Ma$1z$k#I zYIfnnU;;Ge1hhKLu{Bt`Cz8D{)C!2%pNE#?D_`*_%5;x2ejd6WkHC8~(Sbv(`d*5) zWS>(I-Y$#Mx1d$Pig)Xmu0do6>pMTizT=*W{|hXBmT!n;arh3z2J;miLV@?rgHS#T zI9QSb4xY+w-;?6IA?MX~d2fFWCDNm3K={44Z^v)6LEcu`fbMz<Q0#@lU~W<9D(o)Y zkJT;+iqXXd)J{Q@YNi8*b41VM@R>f%g(;fLG@oU;K=;i`!r+;vu5F5#-`u9;EUr)e zUs%mX{S+l`Pe}0~u!pIXL11UI_g<UFKk;!0VG88joDUF?{s6@l&DJA&B|$}PP+wM{ z&|aS9RA$DU27A0>3;P`sAm^ElIn!~@MEEVk<QvAEdNp9;SJ?WcUi>Mmg`Rlg*Du3n zVtoR<3xa}5G#h6^BgSmJcMq~37H*`^Q}p8OZ2sER`784OhjArUvmzfrWw_`s=DR%z zP5&H)<sGIgx;n;ywvY5#nzsB$-Q$&k?UKCiG88v1t<KDFq|Ze6hYplE(kF7S&c$27 zgeDhxfEN!#Va`^3{EF~5kQw8kf-hF5l!m0Ah9h6`YH#}YuQ>cil72?!@U^L$%;D=( z?iGjGi1bK{{!-HAusY};ZPA~3DX$22lHj;`?=v9yQWsvHOq!!Hy;c$2iH1N<GGm-P zW~T`5Sm1(wejA3gL_d+#C<k=$qjpc-`#73(p<{0j6dLmbO%Q}C9t5*g&jU9lm~F=Y zp>7YlYc8JW!8-|2qkXg<0g9O}5vy3dHV?H4;hl`trcazOKU8B)3f_jd9ZOVr19f#~ zx)X5xscK_>(1?e|Jm+n@87g19-FUg|wTYM<)Xfih*IbRH+eX#JgWlUe&)hxmV^>D- zt95zh($U^_ZYsdWy-Aec1nFH$Yu|J5tz+^B-@1sYpvosUBU1KOV>AxBrkeGNCcs)V z2Go=-gXqPpGuVxyZF2%5IN%aJ#oHzC3ti<xc=ci&1v2IYjL8&mavW3axGM*pKrYYS zS*lxws>UQt9@?ZHJH}GrQ_x}PnA-OcT&?QHAwo_xsD!f)fQ7E~nbgJ2T|h$!qKs`J z9nh6N0+6NJzuQ7UK^f^sp=x%H$C%?Y=6mp_?+D&PjQJhj16w7>i~QL+veju0S_N(} z?&WuYD^oV1^ZdqdF09+_z5P+J!+4=~&lqq$y}a(D^kgbxBVWo*c0zSW<i76g_J~M! zUzW)`)ANlu94hWxNjlN_)lnR^4Nc7-=A_CJ`%@s)Y+}TGZ!_SJ6V;l-7o<;BQ=duF z4jN8Bq=|;Ms;(<_s&p6#;7g{12;0TY+{bLNpWQTG3VGLTP?pt4p$o8kmE=XZa9wTQ z_mNb9%;na=yc+ZU$}n+HKpf-d8@x2YI;G6nmbk%t*8(PYpqAzsbF8X7>o7kM?Y>4e zihVVS&5Dc3h}on3Ec72p?FS461_1KAq~E$v?n8nRw-A9k$QhTnp@|ya0=_16IW!d8 z2X~mA-xH&Y$IY(N4VRomz?@=Ct1<Sg2{VSIDe&XdCu3%L0&gXlEPe~xy+d_rgHeuv zy8~wGStKND`o0sJQ|-ACeJO?lJ;D!by0H|kMhoEvbS}1z(?`rPo4^XJ8Ah6-`dP{j zO_y?*WUw5%(}#WzpiE_!uT>8wvXEEE8%|8kacASc?3Z0eSv(7Nk4M3&$eON4a$zkS z51@DhiO<dnX6J{pw^n82)o>p~(V_ciq6tdQ+B-=arobUZ!sDPSv&F~T4oW&(%wp+o zF?HVq*E>dVMWc(OnFqU}zr7l}xi>I?2B0k&gz+1VmDLEF8Fy6i^V=bOLJ+8LNr&Yn zW@k@_r*c|>roU}eG!^{7pb!QAiO?<XYRPPn-Rs6oMsFK)5Aey`wwN|<gNmx1V60^P z%D6*<SKnrc3w8xtO&jr!X*ojWH}073LImsE631FugWq_+lZH)Y$E!m?Pz$jG`yo>n zSZ`Z99x@vwx|X|xU#Xj-+h*4z6_AKAH@iM}M+1Q=+%bF;50tJdrjQ|p*kaKfzDMAg zN!*!xpq?oz#$qlN|E4OtGK@s9X0lPHj3^c2(t0RF_vmesNxYd2ET*NeOqM}9wOms@ z59&f9s;PjJUq+{+9>5gu`nYq0)$2T1p!@dV<7k(-+>Z<I0|+gN&MofRwo)1kJl*9A z7`V@Xr<PmEFSVc4YDvUA2^xqX3PUHYsH0kH^O$_VWWbTVV=g!aQZEfhv)^U}F}pH? z&uuFuT8Vlfyr~|>ln0IhtNr`v+Jb!SeA=R(haY-Te^A;b)N{(WxXTuYs{X}6S`gs| zWOEtLO+ZJDJ4lEjL>b7&IRy%ZYHP$Se_u-3qG19_K{Wn|hs*|PLGBKIdD~t=62v2n zuY!1lb9XEv*rIq4qa_~X1#*a&;z0&0@mRnVOFS+RQw{OB9Es@H@x8<&%n-QrdS(L) zXz8nM!3dWKh7yTzfvL-%DrM@&v|g4-{7~2}Oa(MBb(<h&o4W5ScG-$ctKr##13bS2 zpJfCeZkcYqfjT#PdU_uF9?V3qCJ%6}PxWqzTps+jMFh{o=(|gZm|P@+ll;Y9nOo|q zYrTNtE!X`3{h<w1g#ED+pwCL1rDdZO&}YKDrp5+}aBL*`LBBvRwSkHZt}Ow2V-e_R z0SaBBJul3h)eni+8eIu&EtB|f$@x%>NxmtYjhEtB#{Y`5u%CH+W|Orw`o*1xn(LlT zjgZ@XB8f(G+FjH-&%xctbS?=ie;fLb9dzmP4s?Si_8GGy#8-dFnJK)Ptizb(UGKDN zW!`p{2H!xUTmXS##GP}6U^&g7V-AFYq0kIuxs1*6-1UY1XKvZLy&YS(x9;p|PMzvq z@0rz-IkYG>0iS24JlGwW?ylY5lJ(5$f`2p$TXbg~J~!<MTWP%+q~5%)hiRK?_z~jA zhd2a+x|7W88nl?_VN>V`4wKMbgc7hI|1Fh(D*^%qVgWj{&u2UG4Ixis?H)Kl2!hK$ zJqV9B85FmyCc1j^Sj0+K!|BD}H2j@|zt7@t`qqZfj1l>Y1<D)X)XSx_EDlOmT+XqT zAoCTi{E5&A-H!{t#hwA%GW+Tq!Tz0wMfX!UVVtaozlQTNQL`Dv)JAl)L)>WDgYV<O z0xz+$1C57TPg4hGUsv`gJw<<rOj*v4e>k*G^F|wbGoS-)a|bv2V5@h1mjIQuSRcGM zwb|XRwuaMfIR=dhU;@Vdo^<aN<jVoM`ysfe979TXvd7J*(E(`hA_L9y_ud~lWpmTc z9$e^jLLzswBVC4f+Cvm>jhYX^70bv;rV0bQMi<=byeMYgX(y)N12cR%*R9<6UWG>2 zi~#Mm?_oX#dLYVWIsGb78H7CsE9}EkbQ?kR8%vC57IRa3z18WsKZ24An7mS@*D7y% zR7V(~F--AtFK8Q1nBwGN?e^LOaOgLsj^TNQIifgnm@#@c7IU|qxC@K8dpV;87I#-> zpWj@4D>kEOi0GLA$g*355%V_^d2`{11fAR}dyiy8TA#GDpH$iA)fno{2o3;1sz)ZT zGv`A+X&NdsA32)h3GW@Ra_YA%RBg<5<<c%a^(JQr8$V+AVw6n<GS9f1GF^wUlf)d= z$VPc0<|yj;I9*5CsQIma$~w&7#;mfxy$@w4>6fEy%)F*h_KaNG9nXFJa01t%{X&%m zw(^MiUntM3kIe7c5WYtU<@!9K?4$yOB4tkVI=k$3EIUr0E|eX@{IG8;%FGMxvKK1K zs)Vu^`YG!&kFv`irDzBU4eJVJkFmKU5i`?_T8%a#bRfemWT^Wv$jsW-nN(*j?QiNh z083+DB(o^==6Xu0#cA^^R}u_v^;$<Tlk|_FB{6e~jTPPsqzfGR0O=8PVljOc)5q!i zkRCNZlF25}rf&p{w*|(Z3u#MG|5d5KtB`gH>TZ#`8|^e){Q#IHWcQHlwbBV7TPr2| zyO&yIzx!P{Z;g3e(sWHd2znN6;VGTWp|bSxHmE?|ZgSxu!6|<O;C_LMxJ+u#t@YS{ znQGUJ7js|hZ+v=b=OL`<885cKk{Y$up<R%97x!F*>$;XdN3$3;zXUk>irp|O7P<#J zu?&?OVcvsb7_LFZRHgCfz()IP4@6)L<lZD&!nGQfA5#ddq(UJaO#%#X@Ip16nTgrH zmc~vZbAvDlBp?0`#5H0*@Jossra9Ou-iiDd9~1j%&iNy(@Kxq+mNH+#XJHV+eMZ3U zrUCJDEUboy7UZni!;s0F3h$`}_i3h$0LQF};97-1j0ge`yk4#<=>`lJ;tY>M5TK~F zoy@T?_J_|+d>DQE!S}-dSPio9{ZsJ!3ix=PQQF7#I_v_FY10u@oYsqq%)aX4_*g{~ zq&B)47X|7XLgCb;B?6nPC{-BOzQpl&OLdoVnLCcjoW!uO;0(6Ng7f7@!X49Fp<h@8 zL&zhE<2J@hR`DZbtEQf#ttMo;oQ>deFv>-D^6o5YO8{<pGj3i}_zrPo13qxjgYZT( z!Y>fpIFxp>3RpKUk;%VZe!Ep(Wg62MjF!&J89i`{WflF_qfiMFBTGYU)Lo@WR&;6D z#D*&nYPVwsa{ngKa&hMOBXIYfqUai{u+@JYN8G@`8?P$ru?K|q1V!DP8vE+T;r^qz z3wH}`foOB`>r3Q!jhf@u;hv$*$w}%F$BgN(E!pfYN}@uL*;m<=zy&4<YhRLq)|!}m zpI#8Z4UZ~ufSA?D77g-o?=P6>hnI+L0+m>;mBA3BtEUMcemW8OtHfUre<A#F*!5L{ z0Q2{^%PL=S%D4y^F#6U|i(=e6M+~bJ25b&wh|fj@BK&A+CtAwJPpvD*6a@h~iBw0E z6S!rs2dwhp*vE~6Cw1ytu&NSV8V@d^K0?~D<OH}QV|qZeFWO{&P7$=*m`3U0;gJa` z?8b(3Zf^Q-A#Hju()I~Q{1$1=3lYK)F4zh#@pm{rBZcA3UF*0-0H$Q5NCd7J#33SM zd@TPm(q<}=<+0kGnV#cPCu0(0UIMJd$crj<Y||n?zN(OlBx1?R2~OeyQH-Iyd8Xn6 zYR6=fp8(Jk;kKCN77#fDi@SLU<ZJ+uOIW+lU}SB-GBqdBH#1*<L?O-br07wqyp!eW zE1|FR6>|X|(1TL^CwB3;Go}YzvfX2sp!6FnS3?gX`fBKC+}tpm)jg2e5gR#k2Db_~ zo!au}A<O(=nL9Vffr|h=U6lDC!bzie23%5TH-fy8=xG2!7gyrWlZqZ`L2BFzEDe=G zyww1CU}YN!aAfIz;odlW^FBP;;h&m-PWMFPW<ses$huw?ccyB@0_d&l!r;wQXe?}; zU&Bt4m20Fu4@rCe(qOmev#O#ib*{iftR-eXD#JQQ{F988YfGxFx2vT+3zfZ-Rw)qf zloxl8$W57;(y{#uA@TA9ELySeE_AnTLfb-X@x-;f`|#a_CANp~-Tt1p?OuGx6IjAi zwy`aQLpB=C<FXZC`<l=eJVx!@yF#s!8#Cu4S0dzVkPykO3GpapG<PFp54*y-*!9tW zQ8dC$FvjCuJ}^g&vD}cr^)=(J&||1lFv@KqLL%b#TM0T2n4~qDyDPL*3SvVQ;XVks zMqB7jq(z!A*L)uyE8J|z*v+Dv5NxZ1N27y%?BI0sfebs>ozzli+2;Nj%pj>RaUfuu zW4xb~@;*xl4*(90NOzOo3D(Gg{+!}YB(6_ZvU`*it+b1tM*UEO$<sfxp|26>g~8+< zK?{3=olX;O1s{0VQ1P1GcDo)&FjDiFl=tub3wXv$-58mnH8OwQE+Pe?_D2$s)JkTW z&)*_;(qmcTz28Q)Ch#SIQ<6Vb7hi!>$6DM6A0I_6+B#er*l2DOUiyH-j~xJC6IiL) z5)a^NQUJlot4e^ZkuC%*0Rj@RWY%cjZULdAk}#(#f;yF<!6t6l$zx@XWPayAEgtC( z)z)XF@qUY)a<3-EQ+B?uZe!e>GOaw64i8p&%#}zj%D5Xz>gI*(e`}5On7o1maJax~ z*dy8TQmfBHwqC^#D<VE$VHVp9p(h}Wzud08Vha&*Cju8`bY4xuX+2~g+k3Dt58f_} zoU$n4lK%gxY8$xbi*PF@`_hyK`^63yu{?s|)54+_me+(l01IsDo?S?t8_&Jxw1y{y z%}w)wm$!H27HG~G%K1=^d+;^gg~q|Dz|iGNx<INYmUJQc9f&gB*B~Qj$R;W|idx%g zo?N6u><5V`<t^kyVc?2m0Gax|zXLSA2A|?pRa(408(p5^{-j&Z0ZI+o`a31O{)4c_ zuf{oH1HAYh=1*={Y(NKt*>0{1xiPga<v1LINN<i`P~`X}4_h3k+}Rwz$-)I{H69En zBY~@~hzsW0?M(Yyp9)p7P<k}n0#|JBYW&9GcLc+%`?E{qVUPvkI_`JHwWeS<LMB+B zP(py)Yi%RY@e@UoFiQVO3Bmt?PP!hDMl8-XppqJ%i`3l@+e(1|C)j^bWtKudld$^* zef96fB9;Ro@i8n0V=BU7uo7_y$ete&mc*~w*-@_MB8a7koC^wq+t^@j8^>2JVx~tj zFo^An#ReSwv1&j<|A!*}WMMK_K44Zgl%26C<Vl?c1H!XrLGU5LGXt&L2ookw0XP3D zjIb9>Pz|eDsc&*@Hp;BK!!h`I7!E4zo}9$EioH8CTSgBhqCX5_N?1ypEjRB`a2JD~ zGDQzfS)5xSaLP<epjWI0UsP<=34I$C1r%c<`=bQ^Vinw8qFSI<A3!)z36Bszb4#oy zh}c76ZHnPAnQxq^_SWwZ1+i?*yMouhM0qQS^>E2Agz8P^UvGo7VSxmLIAmYucR_AB z3xJ|X6#81lu7XQ~MKd;tw=Aa6IF2>wXdX;2SslxKguZND9-6A9zQ%nKXZ=Vdjt7U~ zDqB6dNKvyGeg$E}ZNPP-SbW5(W6X#i1z<c?Yw7V&5T7$W9z^)q=iMVEA$2O~^+)3H zn7=0D5aV8@L;$cjBkryQHw9GzAiCI9x9z6aid}KfLrT8l_NDS$K`J_;A7DyJNTm{Z zpyyJg>~kiweN+HUwPTQMKLf-I#aAm_;EH6=fbn5yji+||&YtN2n1fb(@7@$4Am0VB z!f~jn((N>Y(naF`_d%O@OS4BQ;w=Z>(o6dbByzFT4XC`=9RwzOMX-_QqV{@Vu0?NQ zu6bK+f0&o{#eApm(K4xuL6A?fM`Sc0a|q0*cqhA>6q0>3v6T4)ER0AM1FxeB@|ij8 zOnV^&L0qY5_hqs5Z~m~4X&9quKoH@u6Bi4^Bkep~?5-X3#BtH@a?J6LYu}R|0|NZn z0N^gfM34>lwePuUl6q;vXoTW%Ksn{ik3^K_hIb8b*>>KeWy_bS8MGtogjE>RoE>S! z0=h6Y-g8s9wzCQGpmSS{>iI3%>gj+vUrQekm^cj%$Nb!<$3l*oW1Nd6f~UDE!lw)H zQ1|=|TNgJARd&Z&-;}P*J`bA_*hWRr(2B8WMP)XCM$r8x-ep*$-E-4;zF%PZY;7!> z;9wK}7O(A0U>>sa5md}wa+n)}H&E|#mzE=P6v#E<4s@)q{}UTa{A&G0>Zg|yj&pSS zas)j>H(m!7^0j2n9h;s@dRj6wMyJoKd;iAq#`9BNH2&W5{*S<5-e4Wb0|Eas%b>kn z(3rPayF@-wvHFs^nRlI;zdGmVM`fTo&M;!)b26KqurPj-!%c8shj_AV#^E$ZaYKCH z4oG2=RE`c9i!DlOI1nbV3#Qb*;$7cxDUR~>j7@z8pQACZme=N6vh^5Hjq_Tvu5*Fz z0<as`MsxEltM=k}@Awb+JXK;ql$0>VXf6z;FPgAKI8LV~<N`zSUB&N$<p*|WY9Wl4 z$Aufqu){B6&t?$gNh11}Nr~~jN?f|?SiBMYVa%E9DBjiGoYGq^{kz|{_1!X|pOG@$ zbviHW#phHUSb%f!J28mWy_<vi7=4eTKjp%c<xg27JNkAqcGeW!Dcg1ZzZ=D!>OMNE zSG^^!7FsT@R@B@kd2*dRojzpiCjBjI$oc9INHT6~0tzAobzxA4J8|&P1@wM==lr3c z(ydJ`W{?B^BitEr9)f+GEyVO~Ui|I>#S3(Tr{HXjIuhF}Hy5yB8!kN(c*DTiikK9} zvF@K*gc+_7XnUwwdIx%n2F!(8QFEi%@?H`WZN!dL%>TvNk#KtM0dDMQOqS&y;ogoW zET669_KryI4t0WRHQ1AY1+0gvO*N;y%qE1u^>ctnwzgPTE=ASQzYQ@63Y2`B^FSMf zv>@wObXiEbiJ%ci`w{NjXaaWGx&frJmqNA!6p{Ywr6N-B0)s)oLTa67v5|sDn9aQ* zS9S_gCcyu&kaCG$kaB^(iMs)?f1xb0Vk=kZ<2ski1*ti^fRMNK*~sF(TPWttOcs$@ z&XiJ3b)+J*uf`T$I4bC!dg|kJTD-Y3$jsG010ljKR(EX@f432wuEcfdrW5l)zLLR% z(Pfg1E_k^P3=2B^mp75AHC<5J0Exi2--mBZi4(Q2v|#gLCHqDOM2=QmYr{h|_t|p9 zV!ZVx<sRdn{~K7g2_tr+IbV&fXn>7su7%1NS)%_{qW{;E2<p(c09IUWjQmYN)o7L< z0Y|goSS7K4o=C(g|6^LUM(mhc$@ArwIAsRYXil-%;AW6d*s!oGw@O{!zT@`{di_T3 zk!H{<D4K35%5*kVp|f@zq2ir9NF3E4m5M+3Bo(DkyK?vNRB}weODbOTNh;EsF6=Vo zm@J%i?#0ja1XJT9`f>p>O9APouMp5uZk3FqfpXr|xRb|LjhDylRIlI>gB`{DgfIwG zCOXs0p#^?pb56%~YsEGDXE3Yf{0iH$VA-xBCfgZGVJn$!h?>5u43U(ur&z7ulc5U^ zuU}@-CB8AI3L{j5q$Ln!^nB`gn3;lm!S&{1YZPj<h7qKL2*0xB3<<@}xw3J~Q!FdV zY&p+(;`HH-+$R?>T<uyAtMZ7A{CGdf^%$#o-cx~U5GMXp_IQ<ml4OG7nbMiO<AQjr zrSQvr3rjK!Glp6ytV!Vq`xcgD7G{95P<Z#-Y|%}93rjK!Gb~vs{BtRMao@s{oPW)` zeiaRFP7bcNpohKFq2J!N-QYVOQ{$sLO>x{bWsg%yqa~TxXtz0TPr}<HaO%M--?M|< z^K~DsByD18-m(`g&eHa0ddgT;P8TUuPxq}_l6RI}mE*_ER#3^xazaQ|ZtYvSB<};s z!|4q<jhnlZR=@u?b6Z>7<bA-9fTGMuGTY2OcoyN(W>wzR7k5dXdS4r)i9-*>t<Yvw zb^G&u*d=XNc{3H+#wre9z1yq`@cn4Lcr9&Kd0L^(9By)V^0WUob0EU|srt5AlG$dC zTcvGQ<$Zl|OPf_*o8+O*9QjJytg>Hwt`FJLW|eobU6rF}?>4If_x7zUZB}_6RoOlz zJppI()`%8dsBV@mcBmv5&OE1Ba+#F;Oy81{Og1b7LCPA;m6Ct`TOT2jWR|?XP_jx& zKGV0PB(o$pe=3-ol>A=bl9Eh1WrLj1`HraNSNfKeWWwZGXN&-9E<ek-lZTEmHH#!i z!bWdl<${g=EDY*v5%cl8*b*#sGuO7yZ{N*CfA>VC#~!<?9P?Vm<JBO1zHtwaGUF`* z3jBS&z+b4q$8GS;wZX4Y;H@!JMQj+`z~JQ3EigpYyFjnm2kxI-ge}_U$+(!uc6-`n z6SthV(2<wOH9N)SX*44+gnTU=-aL>#M%JGA_CRj=hL7{owRC|Att<0X=z4r>Nr(6D z&ZLIB0U5#wMAhN2l|^45Vc!29SyTx=gb)s=Q)0)sijdPq$QWjPeEFmn(+?w-lzW8k zL6f)#2{T%Ng|k9Ag{D#Rbe!#P#cby?uu&>981)5!g=5T-5fB{_{Z9y?=N_To&?J5X z-aoj{qAopJUar?pqiI35w`K9pQ5?v+hM!C1PL6=Qb1!|q0OSQOSYAN`N6sXIo3M?% zQNZ)WKcnSOeoLgpYQBUp_Wl{p2xznl;?@9C|4k{#B^CT9EB~05+#D5`AYnGzw0heo zf%h#laL~ZpHU>X)kMKeaI3#*g%v^>bDSHt2fWX7laU6Y$f?g}oeYRsho9>Xd_cv@X z7T)QV&P9Nz*M=@{+mpyP@G78d<w{gc>O;of6HTx*RQt+_o8cLU>-MHcb58GVyMv$_ za0~<4)v<`2xOov+ly`I)x;6|<I8Mb?@}T+4LRJvMBeen%l97rv>eY(o+x|oPhh5m$ zv0<IQPEq$bTvWJ{%*d{!x0d@h6+4z&NqtwUi-orD?!{jEJE)V<+_$NuF;OPuv?50w z^F_)hOqjPq<emnL(TM4F&!lV29N23-3xaA+d=}R;xU(yH>q_@g=rDSbjrwUWtnN9@ zXTB+&4ruiD#l$Ae8WCV00C5LNr3UR;y^{OtyGL%7Z}dA@6pV_YO_*At{G{4W^mk>- zmwiM>`RpUyJg%C{Us>7UjmnSE0ypV2vk7yPNDL17I#MI8Zf6mi-X@*)HDNx`e-YZ; zCY^>gVSc^;A~d#5IxT9#y!^-_xx3`N5bgkh`rx`$sEBd83!k}_a-C5AHJobD#6VM4 zalE%t$D25*FW*>8)?puqn2TJSI(U?SP5j-x|3!gcBWcn6Yx<cks17=serQamvx$CO z{TG-4T;0<ucdF%9()Cn6Co=yHnV74A&r>OF_1p_I71AZX@YB?a1mwH{fAh9Bgr<Oa zEA)OD9l6Vr+KgqPnpCA)pQEGPs8^B*r@8Y^LJo9Kv7P$XJD7k$Lsnj`Xv@!}l)rlf zpigwboKM95eEQ^=qUBSJtxi9<GkXV9^kAV4-=;^5H+-oE{se-dA799{mgwo@qJiIF z<_U$&JLvI7^`EQEYel5yqT$D|;q%b&#%(L<=JTKVJMrsrEm8XX+C4KS)7?)^>)@B+ z#vBvXaCgyhu!W-3DgT9;`umxy<y`We-rZfEeSqMs?vs!WhZziC3@T+&*BV9CK!usu zRE!FIcj{{pgqv!)>)3;BEx1eks}pgL_`YYtnz1Q^8(c@@BYif4nv1(SsFU4iGTo7S z59!?j{w`1bi3xAwTp*rYsa<^9m3cN_hZ%MH=*+gWSL8oH)!Qb3Jf6~2Skr4zWXa;L zcA&Z+e?P_Fdi;IUdM+JON!^NlT%ZJ#JVFOwsmn0b8VN&<Srg)-VtPy#uWhxmYCCJU zTl>v3&*ifVw)pXfd-WWdo!ZUs-G;ke!Z-X0fuIC;%GSPzBZ~-Ns{7#tgKU>Y2v0k) zEffOq6Yr9hlrfueH|+9#!F;MB7thaFurHKG6n0;zdtBxjN9GOe=i3*;Uof-Pk=do) z{1^}&4&U%!xrS@Y$~wzBBS|;#R2Jro5{_OIss;j3k;jslKkLA9Tcvl+Pr>fn+}LMv z`}gt7*fj<bjnqV=O$r<CC##X#lJ$S>A|v%?u#g<rd;U)Xeg3cU8p%H_q1<4ax;$Cd zV>G-Os@s}6t9JXGx~*7<C06X5$AU%9_3xQY)lq$))J<Zu;ZLO^7Gjq#Wkqb_?Q&#Z z)-ddFvlYnuH>l2S?z-Q4S6+!<D%@lDiUoRH-@(FO5nHU5-0b4ATxSR9IfE{iqitAd zl`DvZiicti?B~+$IKA4P_AJKnRg_fGNhKB-nHFo=#klUu+vbA^LJlN8ZVN-0GVpio zL_?Q&T4sF4+x81`n!Efw5$K&i7ByQD1cQCRlB)-&6Gy=wdD~xLDTLrq-J5v{57~x~ zvHk30zjwW3N>}O&8M8Wd1=PUXz6qHvGp=yvE^w;ttuTQes<a<lCr^_2S`jP`K5#n) z=7WwF;KE8qPqnuln-6&Tj4!+3;{cOg7xC-_h;45I-${AhN6XJfJoC*!UFyxs+m1Ju zzgbz7;HB5#?KQKtQBAHnbq8<#Gos(V3+vvx^<^wYE?I2zYsq49kxCvR8RWZg6S)!q zvL4~zzKwR3#Hhgw*GWv9$x}05Jtj3NV}?^>@R6P@lyu2Bf<=z5nOYcA<cTx2R(zEU zT(!5XODIr436G}eB$%S9&xN%Pg6--+6@0QLKEwRP2R?)R^r74&{8i%b4E&vdzbgDu zXoQBkXKxyJvC{9dPQI<~(3d)ST`^D+A1>Q_2YQ2{rv|1GcIN2mBe;P&g`o4hY61J| zEQc0sbuDSS$mEKBLGY{S>vK1NrI6e<RfR{n0%0nC@ZGRsd`IGqSS_hU|4qe<K!K9G zAX9S?ima<Uocb)}L`;7T))cnEbt4Dz71y&|Tc`o`Q2<+HAW2hWjFw_~zKWU8?0pp_ z?Tv*qL(repsoYqoud>F)<DA$AJ?Zn%1|B(a*lpT-AL;=+Z)ys1r?A{w5JDsq|CJ@{ zNCnvqDyo4f|N6{#@!)NL1)tzwWvQ<yMva>~PtkQSRS)w+4s|?mg@reZ!<BG2YCHFa zNH5SKu<p0)HCh$q5^4anRFaku99SVjAvb!!wh%Y#S!7`3JTL=mPdA;CyTyg|JLsn2 zjYQ2a%EX)d(i`SvwuSKGroat<fC`|lxBZ)>Ty|h~-+`TG1(QqzM2?-a(&898H@tT{ zmJy6KiuL{jM#J42RuHhIM7`t^`}=MtOSkv|3DMx9ftLd)!i6BXu$S)`?uE&?D^!o} zB%5RL?(yhdK7t`WCUIlc1F|Q|59GAhDq?It4)eTX3&jq?7{w0NAUdT<)=0rL?uNkH zEcT|#gc}p}o`3hYuVRB?U$Du!&w3~qZzrHF?5EXsXLZjYAJG?l$unSqi{UtydrKms zY9c+hT})(<ZdX+QnA_}sm9YAGoiNegyo3vNxF>2We&L&&PG4_BHH>Mj7E{%3v#TXl zHLKQ&eH?&``o(60QDg@Pa7&|V4?qv9pWgjP*;F5>!_7jS(C?NRpY^t_$B*O)bD}x} z!2zspYx-Du505$8M*1Pzk=eo>p?eoWZ@lZh>aBjzQ=hS|rS3&<+g1pxcm4J`I0ZHZ z<39M)J)#8{#Es&4vCMQWebBppu9FYA7vwkG?Z6HGh+pPV5rT}}MO^8C=X*WKw1V_p z&4L>?&30j*&RBvcWfq~J*%G(-`PF5VGN0_b*!wHA3LWal1*`xeS_8iv^CWb?9zi|X z8t!dh&yJ@~6?$)%VZzz=K}D<d04Z_vLsaymCJWV{&_6(xn_af|QX;~j1=zs|w*=N; zWETv$m5}FS>7m%<AHLlppA@KeegK&=e`o{#<-f5F)RbPr1ZneI`<2v${SEXl{r}lE z<c9`;JlBSN1t5bV61-Pa83idvf#IO561m82;1+B28rBF4y0D9fybTkEE`;Xb$ZIn@ z4d<tjKE>O<18H)<EY@YPZHYqhB39A0)Jb^5(V?v(JJ6A2%Zzf!!&b-xj@=)$f9z35 z;@D`MeWO*tO=46q^nBsXCcMN$GoN0e7?{xCA>Wb<tPc4)oKf~Y*C6&jNwdjKW^%uK zaqWXU`us2@jpiiCjC#Y2?68|Ful9(TFOykYg7Qii+#smra%vQ>T#A{sa?}LgqPJ}? zkWiF>0rxQ%;A7n`B>UH{cjR2>&^B{Mw-|d$e*(B=zr*-QE^@<IYP`Mw4Lbyw2xh1s z-uC~bHDxa-2H-mJKC-~^Cts0*Sfk%?4Ilpl@8rLH691tqD@AX-?cV{ZxaPpyR1j}D z_Ge4Yms>4)#9bd@vyunPIP#4YVe()W(*2cB(l;QLHyDy6)lHKuxK=lH@%$D6zp59z zse2L#Lv*co>tupf1DUjpxrtG6#TME)<ypX<V;+D#BIWdHuaFb3m0bGcF%nu)XbMLN z`y#`rwN>r|bf3f$=@nvlbmuNA!xRt|E|Sy#Gtt?!Qr@;&N)LC;M6}fDYmIUEHCMxo z<{^>%e7P|RRU|w8cRXDbu!^K#&6GQha!OcHZ`4bbxXZ3u|Cl=erfp2H&F<$sr$)Bi zBkb}a6bTvUax_{H;yJCOjB!RHfKV`8;xDLUe|s}1f)}A4+hkl9@UEXNOF!4aAD)sP zd0-QEsC8d(V3Q+NZ#)C>?Dalc01b+K-t2IkXN=Fe&d1#5^SCI<4amrx3IQ#9i(aq< z6jS4<-<fA1pV)YsJ^)-!KA|n&%$F}N-Jd7(619PkQVUofh^8AW=Xmsx_}Q}4z>oK( zBLQj+2Yx!Qm-M9Fuqhr6OsK^@R2ZLeLv%$z1UOX&kCGCic7JcYMTSL>8Wyo1C5-sY zySGw?)h4a39Z?J{eq0+Qe(e=q82$Z##KE5yn$`sW;YNyG3Z@MHJ>V#@TU#c1(5bLP zQnnqQsxSK!`fe&eWFYwaWmeDqR*?HBd~zivn{T-Vf(1=oXq1B)+z@dZkYMwN<rc-v zE9IP`?8>vZX99|H1~8haw<hCt2ONae8vy$j<Ay#vE&1=}_m?Ym1{IY;EiTKY%W<Ji z?iq?#z@nxtS9C?pBr1V0Kbb0(qN>t3yV4<W9SpY4P!(>1R8vmXpZ584BkanUW!^TN znUeQLeU1FE`heaD77Ml^OUx(TV*FRu*A@FEvO!N}=>%E4W_n_?^qN1T6ZRK+LZ5H- zM59pY!wvv+1=iJJ1GYIZHsd6t+_AFF2^%60U=F$nJM-g$9368q_sx!G?`(5G`;WNl zM$O>6=qoNy{XJrS7Mr-xr<nMHWj_EdvF^_>>y3z6i7Y0g;Q=Aj>VnQoEjoWDeS|%` z*37ZbgoztJ=zAyu#`Q3;XQ1$JG<$_$IY@+Aw`?HFTv$nUiYHRHM9h!Q69S;6*CQP^ zpk#!i_8a?i%g=F^YA>0KyCqTMH2r#VcM(5C&PUr+e<;m@g;H+;1kOuv<zB>m0qo}} z1o_OK&5&B(8xTN0?k7+etUl2SvY%w1WLI-dIJ=swq}kP6H++Ii@!MK?G=Mu*wzV>j z9h6^Ov}WIB*K!RyyOs;O+giCcOKX{3%f-%Ztz5U1=hY0aZfmtenAz0~Rc2SOkxvF6 zdvQFj`*8fPkHHqDuSD095ydwqI?P-DT~vYh87lEt_q*}3`~#rHSm^@&karry;s$K- zVW6hFjFlebqdSi`?(p#!yyLB!{epPO<Y=#o@_Kd@EvYP5BKJzM*7Qos+=T|B)<|nO zHdb~Zq0i-WD?5vY{D?ZXZg>X?T54?Wjve>`>+3_Rv2vd(hI?J#Fjl(3rX?2SAev{H zo?VN3A0Wf|R*GsBHcQ{)g>|mnAmWIPh(XG7H75Htuo4I?$+_t`hGU*etjS&H#6VC* z;V{*G9gM@fbJvySZaLh2ksPLun~yw2Xv`Tcp>gI-kwevS^FQpo^aMFl9XDI;l+>7~ z2^iZzVSo^pThj$C$2+J0>7+B}y(7vYAAxQo>aIPodQoU1cSy~cJU56K$I=dd8M{Gz zr7<SL{r=VF$u{Kl<T*Llhk&h3*_x?uXHmqS<vaa+cgVQV_pk#O@#P(<2@gB@!<icO zunX~@d|A4DD<kf+bADC-^-TTUQa^naaYgiTPMGf17h87Y#+&h?cjiOY@CL@t)L9a* zi|F%AIKo%j#csglcTUcuK)z_Wa#j^+_p7uyG;h)w66sH!fz^Ylw_E@fu8iqkB0S25 z<OD+C>Q%{@s80pDn0eB#?T$$D&a<mQ@pNOZ2Z4%8bR*UY(2eUpmVu=zDkGk;AFei* zcIj0&nk}D`N#_Fy|MRUH0a&~SHRZf#uGQe%zbYvBE)C~mA(^y-(&@%5Zn&<z<$lQ5 zQ$mOfR7w#Q&gw~xknv3+i!?TwX<29Zf0%n8_$aF@@q3a?k^u&0gaA>4MvRIEG#Jpt z5DkU|R6-LX86pL2)i_P9Qk((W5=fi`86F31tFG><m7=?JYrD2TfuMp3!33<ffd8;s zjV-G;9n`c^2pXB+_uTu;Btg5|eLwH#-8cEn^XESI@44rmd(OG%o|_R~XT}G6-VM8& zAj5*67!tkm2^F%JoZZ%g5_^8nKhqj3J-kkc(-v>=dRUCiq(H@B8Y%<c(wSS+g$+i4 z;ou7dK?mTf_Qzxv-Z|TD*_IX3vVkc;j}2W`WTS&Js(iQ>-K;l+i3oI=Desc6F0axQ zsLPYq2<SB^A{$+jSL8vVN%L8V*`y_y|31gTEsz{VrqVfDUt=lIa4(U^k|D`<XFe=l zwkLy0b+WkL0^Z=j45OCQnzz~RIM)+-OwRext8mro8z$YC+GT@+ZQ?8x#jc|ElB+sL zn}tdJ&o>Y``^ylQ`pU)|Q(xU7k&Wh%_XqVM@0F1?$v#zsWkG1qkgPUJUz?_*8ldwe zE2yH$icJG*=6f0;ZOp+vmKYW|f*0t@bfzT*CRFQHIG_KdboXz|?C#zX(A_Q39Ko?Q z^?vnF59^#LL7Qkp8PU5nu5~+t#f@+x1vcW@LSDMgwbIY3PKjC-&-EsqD>L$-G0iB< zWO>!oA{;F_;TE>s7*kZLl-I!QLqa^?4thuxDRmkk;Q>I3)+`rYm^t4U7;OM+JZ5c} z#nRSrGQy?W$ECWb(c+z9M;RDK18B0=8JQhp7xl_w&$jim{#3&8yO9EJR1aPznA$4r zzD>Al7BRN8rb~9E4N-bX1H}EOHXYU7V~f3m;6{#|)W9^YMv@V&i|)hjDL4`Y)LV>u z=Fmm3RMVgx*@J?oN-+Fh{@cf9dtKJ6o(FbcUGxfMe^P_&z$vht>m#d-{vdJQ6xE!R z+jXEXW%taKLq)Hwels%b%;dq+xn`tH8?W#m65iqE1Si!dkP}(&=ga8_-5L;Zpg~$| z74MMj{1~%TL@#f=ey!BX)afB>Z{%ArbO{$xR4F6(l>;ZNp2*xOoJPi473ZA_iXh5; zQN%plFr8-R9GmHN1ttjmpB)Kmur#(xlFr^ST)(-$A00`w482^yCW7zHE+y@>)nQ2? z2E#-b45dSg1f#^P9XBBd1~5u0D153%Hi8e*f(m*vjP3FG-=W%jB?GATD$kazu8GEq zoWG<8K~Ei#^Du{?i5~Gb?;~X=Xu<Q{C5}<=mpG!_apjW)`O+MmFe@@7QbnE6;X@HR z{6jMZIMEVhnK>ziSzUMD$IJA<<@}_ji#lqIhDi2iJ0Nx(MeQLewGD^tSw@ToWHyL9 zt>}>5zW7@Hxe!m}A+R*ZkV#p+&^pkX1%pC0@%*u#gy6}DvY6p>zW*E{1b57|>vV&u z(?C%g-W~RPjenxVo~dJJSE|W6wmY#Gr%J5--3B4496CRzY>e|VJ{XNg3J+cs7nWBC z&KC9b<+n>aZJ!97!y{t&O?T+FFZr^3=qzp|vy}y&ZH<}#Da4?q?=TBj&oeW2v_7q` zkLc@t`np<QZ`RlA<thSPY#&K}$M0=^@ALbR-|PH7;`b>(M^bW%Gd2Bx?Jv!i2S8Zo z9HD(vX=gXhZEfq3cHXbAetn&zuNnHPbUXJZ+W9MzZ0EO=UkAT^{C>ypb$(KWv479- zsm&)rQ+=kjYyxm18-Krk928VMdnLr>vnu`WKSPIlDJ#Bt<=OA(jzU=L@cFy>fXZ-0 zjd~3j>XFufHQSd{HJenz^~ZgONe(ZJruU<)RcTY?``c2zyfbW(zGa`CxG}lbq-=^w z)Sy1fV{i^O+~PO0{lsf&872R1-}=X1WL{=%cO>l+VI};SNH5kDH^V{n3E{`I1=3?T z6I#H|*T5Bc>Aj4ntl(vvT-jGUsw+3Sxm8xOcSN5jCcYu$5Fzn;@Qd377&)D=lS$Du zNfpSkHa<gMk#!GoWtZr>N4Sgl(6#Pqp2RPA?Dgux$DZdUFg5a^<f$1HKW7$6p0(s@ zZIsW}gCc!ZSK-O#2`w??M9;9z`Lt(`qb9*5T?woLYt$5GEnSNlrd%0@MV|*ocddJZ zoG|8cgm-P>De4YCCL!U+<jq>AYy6<pn1u{ZQit{#|A3(*Iq}6I_;MNSldW}oi5IC% z3O^_hBAr{5V_4_?D~4MyT{C1AxY|dDt`mzU>rheG%4F-k&}Zo@@JuSHT~x3-zVi$A zqaJ@*;VU&Ng?34Vq+m|rE=jzCQ(ho(EZqwH^Mq<R)f7x6z&h5`Y^$h7ESL}!Sg5FX zRjI4UiB#ee0OC|osi8L9sm+`I%0|!7p2>~HZt>+6@I)RI;T7F?4p<T`4DAx}6>sRc zvG2uB62qd%u3myvt;inse>mNUxxUJ<&lww=EpqRJ8kidenD}ni-A_hPLqWNCaTk-D zl;>;eRNSz6mD67!x>;m_Qx(lzysR$N3{y^rwM`4t#{y^8$B3IbB$CsP#MCK9K-w8n z4ja-{ROX#MIdNTsjFHfh+Xnj6FWRD2){D}ut5~#h4ORD4=kE5g<gqG6RK0_kD@`5_ zA;_Xf51hHcUjT{Vbe?LpA3tIA24^>{aq`*A>fw4??u+*?oP_M``I(7^$MKkF-5W%R zd^;&R(%28!Npe4Lie;l4T9NvK+zd>UcF6!r`sGtx?crs^SB95?FEzS;5I)^3o=XZT zZ%`c;N*&H4Ok>6@!3@9X+h#@X$+?G&G=f$7&ovnK8^55*9BZQtMcKJ7u!o<RP@D|X z2Tx0RujmooO3z&-tUpIbhF*z9UHKpBgR5lsea6y7U&VgV!ONE5jF4`cHB-QLo9-r| z|6<-N(`4S~QnYvXV29MuZ?zs_)atEK-PkEY!t`MaLc(L53zw3Rl;#;(xk_D8WO^lr zMy00yR#h93Y+XWrt!k%#7QHuL-T!kPNKMDrs0-LS#Od{FDFqQz$ibox{|S*w3JS?g z_|S7TT*#&MW?*KBg~l)A$qEHc(eZ@GA6JK^rQh>}TM6y;8d(@mU(LK?3U|5~whf1G z5Th7JbhJDP8xj@mzDs(yu5ec}-*DnAx8Uh|BpX@MmLjXK(9K+c7kI3|3U`V0iVOT- ziukJawF}hRNp>SWEnCU6aF;02IA3CysMVrgR2tciz_6W1am&SM$f7T@D%A}aNg}O; zjF9LB5k5k@L?(1-K_rmOniCR;wNd2zY9HR4h2s*8%C^ZwjD6+tH8sf;Pw+2(nIVm@ zQk;H^F0j(C7uC8hw*mg^Itg}*X8;kEme4VxrOv8SnFBSv2^5qPzAFC({?ue9+h2Uu zH@iWBvryF0GQ-bdzASE#-qLa_t1iJ1LaRvCj6S((Zw5dtqcSe<;ciOZ@PV$U$s+$? zXqR+yk}$5G`*(BxauxDO_TOa<vu-wx*F^q88G=b_js{4EFzQzdR4Z%L^t}>I6nW?R zC(tVO_+>VjEFIY;U`mUFsYWf(0=sj-`$3#vXgVS$L~)YXtj!VG4<IXuNn!+7z(Yee zmH6?`bj8GJd=6m@+eoo2ElP5hi58>KOjV=amXT@Lsi}tdPmfpZuexQJK(Nj@D3{p- zxrnueSg2@;rzzG*^;b^vY`eGluO%V^FXP7XHel+Q)>(3Mx8}$#wbjX}GQtGfE%vk3 zs26`vMUd8IrPITNAyP!7G)4Oz5(6DcVKr-OsRbf(Ir)xG%xiGanj-O`0I}DbVsfxX z(3u~Ljz9z9Wr6cS3Kaqs31If_eqDEjoV@)y>#@k->YAgJjcg1UuoKEPkQbZ38Jx2q zeRXu2-B<5{uGCR;4!~7xxS%vb5~o6*ZP@yh>zf+%OhM`+y=6%srZS__e?6p2U4Na7 zdsxWm^Vr<_)bFvGl%k3KLOiw{&1Yh-ikBT`7LVSg6&9hGGx&9YFpWmj4!u}NTh5k& z#QGM^v6T%yq!IOLThBbkS*5zeE(&&|pvteUNiyU4U#R1Hd(I}N_ycp<5SC1VG%nb* zmk^^dvQ+GirY~$re`I`lI0Cl=MKMGZI6v`f0?xWKsozAOdY7$B&>juy`Km46T(oDE zJ@>)jFHkSvXrSR!zt-EF0NnsEPB(R=J!^=J55ooOkwpBv;_-FIX;2sC+Z{Jol)QT~ zn!Y$6GT><`B6TR1ifKj+<<S)0$TF9k6?@^662~k2I{CfE?=61FTFLBZ_+R@=i4T76 zbO$=_SWW1}TF>2&F)BRU!bgwl@%9cke5LI6ia8qGb)}|;&uOr5iWTyS|M6&vW(3Wd z2~fyVqztpxT)or)K7L|C2*Aq3-YN@Kqz!AwdSPwr9@gIFREh4t?13`z2x#<;<)%=> zGBf-VY@{c$PS{6EmBRp|m)cxwaQM<zHpV-o^7;F!s;VOEgmtY7yTWsv)<)qa#a*bd ztD#-O*x+EvaH=x3SQ~}$R_DAST(2)xBo;qM9K&yiwFslO(>5bBFz_OAu|e~<EI(_A zfw{0SnA29Nu-UhksL)_&e#d+>M<pa_B^I_{>qHncKJt^~)z7QRmpo+vVFgyHrk;}T zebYZJaokF${fzr1{6ajxz)xg*N9zCDpK}npz1;dZERd>WQXiOe9ue&iHsf2k+uhN* zZjbaz=Q@#IlLELh5jR;95#pFZ>ZU!CQAhnOCRW&tN>xgrcHKFtss^ShPi6?{j4Y1j z@SDVMvf8DmO;Lwk4*eE6>WHzw{m;b)JL{8c)DFFAB70DQn=eZg=!?L}p}mV}?X}PU zgy#JtxSXRrzoQZMS?$Xc>L8BBuB>PMlNkQn<YIfj_}-whDs)*n+NYe|y2}O%t5FT~ zv8DGrLDH%AuuApP4SHa~P{OE~pj%B4#5@~OIs7jYL3o4fX(XEe_)Z)L1%t5m(F4IW z;{_9Xm|dmrzuyLcvqrVDhy!&ST&Ydd6A-v`-*GmY0DK(b{3^-P8>XxWWtWz=(;o34 zbj=Y+3GEgCZk&&#h0h1|_I~=wv#p((iF)C}5r}Ccg$x#dpdCvM>5$GGw@A0K(x?0A zucnV?ew~e8BE_l?e+*PM%8F{0dXBbhfgz<v#Xgo~d4nsin2&5+Vc=-b7Li?jAQcj; zUfT^nD4GT}4QE>hXz7^tr-x^YyQAz%wVI*;{V6bu7k(v$o3<0jwA|DDDD5(u3$no2 zU(E7he-*^WDz-PNdZ~>2T(h@rR*s9UFZ!92Xb9&x1(jjC)JW`8oJj0RssyO$(Z46d z<S)l4P1fR=I5H*GyR`;xy4Nq3{a49qxQ3+|b!9;ECP^)J$r8UUV16SZ8Q!0BA2qM{ z&R4FB!DW#<<AQ5*PP6{RflE__deeInw@R<9MDEXN<;Cc5&J#MBtRB$SpJjwsEjqHQ zFOuT|M95bS$+U2FEUJR}m4@^>$;1e;O<!o)GRG)2@Xh5l;%9CbRQpx-+u6z!5<oCS zIf66Bz!;-2(WG1mI2h`HXgt9K-qFN8-P@NYkReW!MD!Qe7pa)$F6qD$TwS{#D6^*O zWKDIV;bBX2DMy69i)j}A72XplyJcNf+}0ZJh<ag8yQ1-e&bHvgy&B|9uE#M>lE)!y zXFk@y9Ks7}RXb>Zd3?q^XQAmle~K`Pzq`mT^I6@e?)ZZ1BD0_<9=~eTMm+_{P)Bgl zQkT(l4~ndX05p|nNv7Y|nS$20oSG>FR?FXCq3>d6U-@Uigk@ckv1j@GeQ#<d6I`6A z7k&?Pm?uRdZR!+lUXA}_Gh*-6Et)LyGw7EM>8_nBq%o%hKt&8q5SYYi>SL0++TUx` zdR3%0{T|wrRnKvX*qZd0I4DFkm@xHu2K6T<c#ijK3<T*Dj%JrVd?R%YWIOX@IbTGO z;0;Zk<4U2>k-71Sh@<DUqr!!ayY%GaX%WU8Z_*z{c8QN`pP7`B2JhK~X_f({DM|i5 zmhagOYVWY1R^sqA?(8+-HDeZ2*aGb*&1F&%P5il1L+=KTZ4CcX*pcS9gD}(yU7pq& z-AUic5x04IpxL@uIaOZtfam#u6^tzky`~c>R6Cevs$;Da@<yfb$Bx|Cutgxmwo?gh ze%sUXDubjz>xezgT|85OKB01k&@EiC(L4EXs|Q<kGO+b3dl%v5t$G(>%<@7opmPk4 zH=!B~3y^V4Sz*>M<a@-aZ^5^s>DC`YU!<(OHJ0<}o|7e<lP;e@f?rCPFOY3ZIrDvT zs=c(vM?co6@3J@*+LKLwQ>_W2*b{q75N(0~6VthQy1O&{c|i!rt2L@bCt#WkzO|G? zE`Y}zQ0@a=t+}`g-{jO~+DIx5%)u|@aZ~1>7D#DXC`FADaUg>y6B$@zMIp{^3OzS4 z4ouQ5Boz!p5}8zmt3UjeC_?VZX#}95J(Hv|RAg}?AFWVlo}&iY)S%yF^9{)c8vscB zB;-hX>k_gdz3O83fFMYfszJ$f-`!u7IQsb&1IQMBaatz#YM=Vn?}^>Ve&M&cqlJ`V z`?i+myp}6rfZ#LgvH9xENm9uSF*q9KtFKd6d|wK6u|UTH-ueD#gmck0T-u_o;Cy0h z{g;N9SKJC1YeB2Zxqvf8ZTkl8K}b`^O10wxhhqn_trWwK$d8KNTC*f>zfEItM6*7! zFmXOkV!b%G<3Qg`c6w$+0%=LB-$3G<)O1qJ8CGQblairkPn~Di<)5zCRTi^MDP~c} zb8?dnk82hHw@fSJVI28z1kW{&!Pb17zk@X&rsne__uQc!7pY>ZN|mzbfXFEy7aeLC z^=vj-)rIfZ5z1s;H)HkB;|`MS#%>qx#xI@)YShaBs79qegw(5ka)PVXtH#q4U@~TJ z7`YDCM$3AX+Hr_}>XmacJ<T65bSa;X;<!6I_uEZREl}ST*vn#WLw2>lU;3qc5L-F1 zS_;Vk*Fg2c38GF9csf%>yPw3M<rYj^KS5q)SN$W5|M0rU^;H%^e34xb$;)hScy>m3 zb|$nI2|~~BUFou#*`*_=1B}5dC*j9L89lJF6Mjs{S6DCZK-ly=Cv$vJM{wZK#)2xT zDW;zvnQ6j5U*5ekOsIN&681(54g-@1g-waeS#Dp`Zjr=nW<feQ{GjN=4a-oVPa_Ik zWe7_(p70OC(ZMwR0G3~-E-%YK=TukMCok}+e<KV5R3=PS^hYUN+-i%?r$7TJFfOqe zG6TBPx$ZDAlcLj^%h6;M5ERzNeYENv0*t`>%}Ud%1^$u3uHpYdHxori77PK!3BRfy z>C>_7w!ZwbKRe1tHTD4sW+D$}`m=OMN+Kjpc6}t7J<=VrV&P`Rf|Uy6k8xoCgt1O7 zCy&%6;grR=oi7$kf{6Pv;j%eIY`~aa%*(z0JPMj0y?B9*Xf>6}lM~0V>1fjJRN6KR z>Z9XV8N=486YZhLRtnvBOW5qNxC3oCsKT*h36i9j$A!P*JEsLO+HvY1xXlvDr4IV% z#R#?)*+Vzp(_)cYlLWpH<D#Oy!ShAM&y1i?+a~P0vTx_MO7&NCP|^&+r1?=%jAqCT zcb!(`>odMW-6xlpQ0UO~QziZ6O7&|=Pcf1nB0N$k$_?k(%_`HKnXy#YT4efoi=-G* z8T)*c2=moNy1@8}Ut$m87JCR%LKm4$1p@4_z<3e;Z5n62TpJ$8b&|E4bDxG-7h@Z< z6gD9Zd;e4|b_hOXv0s8R#Y<P^zYCn=O<Phz{wQYH^BxCHylHP%3~E}9Y1-OsyJ_`b zlUy>S!xnYOrh|CXbf2|48!<iXgbc>nqUIb2K~{5)o15%8&El?oZF4t#u5s=n`~o=i zeJx34(NkyWGMEP?117+)lWWr+Cogh7iHmviVrFc<dkF#o^elP#KqRS9=v4oH+TUi0 z@$X0TuNR~E>yetgfVj*aO<g~<5h^&|9!*;lA*qZe)Var^atJIHR#*HefqnBqUe>Jw z%os90#7w6e{r^)`5?wOg>S?}2NFn_pXbv+x(MqSG7@OL(nyFh@;;w9IP)1La#5xwZ zA>K#T;u2Zxu}GRH#;mzMb<teiS$h9KmEBnf&$2sfCp{?{iGXFywm?2{QRvlkL0$(N zd&kEIFhHgB`RW=|x>S>74z~Um3%3=RVt6)0Jj45_^JD_m9NTwihi2@QNU&`B9y|n( zL%YVwuqcgJ=VGd}NurTT8`0wXTHDW_6OVBz^0wvNDx6li&N}!9>MgitSKOz|)D<5` zg|qN+lX;)r0|94z-B1eu(*7H_u9@C~BQE%0wUB|pe&dTcP!OlYhpq*pj66*lYW(hG zj(lsJU_<oVfE$RCO!}b*O&*G0V<V@XCbA?c%-YkM66SG!*|hjTK&iw?oJBk4$S9wY zz`=#G&7TUx{%5lGmQi#(u)xN|;(P6;1xsyA%uR$$tt-4TAm=4zFcO}L2M5Ltz$=f6 zT%ap5ts_FlKxK^0wpOd;Ur5$a$>49PjT}auJ%53E2bP1OWUP~Osc)9)?MYSY@^kIp z4vrD?2HGL{cj?e+vXoXL!TDxOyZR41JVD9L1Lx~#2jP>oXM|z8XG5Htqc^9Nh&edF zNkyM~nq?`u@N7?WGj}Sk&zO^qcSBqf1xJ7yz)q{^tjpC$Opmmv+8Xa)D6^C5kHi6Z zmF3YWS)~^4vcm$?)eHu<HGWRzeE<1^sSlrNcXKm1AUuV^J*gq}l7pbLqoV{WG&ftk zKL#rq?gcdn%;I_rJDJO5dYD?NemqAq&>K;vak7S<9*W|*pRaQl3uM7;$(=`Si<%{* z%{#xUQi@ZLJtvunNR);FG(-xt%%ZolsX`7_m}E`Sv+G~2&(G~W_e9ZOgDwHx-GIz` zW5k<5x7BN%uu&_Uj5Fs~<-aXi=cv+n*1@j>7S7s`^T)H*<V3Kzj}<rMvJtYR%5u%G z@}DOlT5*OAqHkQIhl$t+%E^qz>hN`9bDqY)Yk*4Yy`WEkh;YJ#`3-WPhJnOfN3u49 zE71cIos=1n<m3&^6uc@*GEVg4Wr!_>VVb7QHc+mKJ4ySx2K!*hQb<Wr^3V)`wq`Um z=!ak^=U2*%kR@9b>6@kC0IQP#3?Rui4~V`v->eoZ!2)Rz_iVWvzd&?;aDqlXNi<DG zj!FGobB-Tc#F?Rz8Q3YV=G{qwVT<AgP(@b#rwatd2$$1U4XZ^b6a6B8095whC>Je5 z9nG|R;62@XFDE71H3e910V2+YE0N?bd0a}@Qz=D=!vvkTpv;go(m0&UtE+V9i#lkA zI(MV)-JHbGSQ9VxTa-%QOrtfz;z@14oTIReZzN8S6r>Pz0tIt8kwta3#_{?LKG8_C z%|?!u9aJ%iEMP29<$u#))Vn}(>_XpMVsSE%fOK#NR!Q%9>Af_8iQbQzg*#nOb0#yc z<!w3WX&%KB&c<1Z)vLH7*bT<YPP*7tC1}a?UQ#)q4%V2f4*XOq0m1aNq)BE%c-14N z5{S-#c4P#mNZkh8-}<M^kSQH+ci6?{x*fvTNZn+|B?tIXkZ}fBg%n{=MsvUs7p4Ka zlv6U5SA+f+&(ft2bwgNNCV`qkqmXz$(!;0ZV;_P>Mc`O)qY!5UFBK9th3(k1O?pjp zxHbt}HO_9zO+!k752P$Q0x-DnC$F)5FV%2si9>iLee_Az`~|WAl_P%5C(E!=XFj59 zO9C<c7LGNQ1H{~NSc>*W<C<?0s2^!$7Oq|frj8@XF}X$@&^P}pd08Dp?XPH--Vko} z)fJ8k6lr<KhroP$7Htr!8cb&&@tWem6|x_m?N{iB;(Ou~o8x~gxro{2;BIA=U7z;m z?w|&Fk-2M<5g0eI$Vhjw7f(#-Wg*;<L_Iq6fu_3B(tI=4H6jm;5o8I;jhuYsL@sn) zCN_UK0h1|#D#-Xi722^#XQa_y%X4U&MPAUm6*C1W^roIO3K$5(1w8Kxcs|Dy$@EEZ zR)O4Bxk-C17BbYE>vVYlWNCS5##Z?TAE)oZcYXdd1c%qc3u?tpJy@|xq5#4nJlx`V zjN8#P!oy7_&HxW5GzynmZwID9nCjvM2F?e(S@G$UI{!d$Z$+iLex}B~OpSZd@){L_ zWB`ZkN|=;?dsOP{J$`8EnH&t(eR5F=O&^+1zT|UprE-&xJq>5Zr{QPD*iHG#)$)<a z!c@-m>JW0G@fo-{seSx(XE4(%g35PIEwI)L%&4a76LmMK4cn=xvqd08Pl&P2`d%r< z%|<;L>I7yXHr%NLT?CSKLOeuX$<RvV9HY<iVmu<Pt``HKOyS)!syI+|MVqd;kfM*# zWPnn6oNdq?mS=C#tDfeyJk=GR;b~qWL0We;Wd1Gsjhr8?TcRnQTPPh2K&FbCR!P>Y zB`pINr%wy=kNK<~d^~xY-OxVI_BMMzzHEFCB$Zn2vRwmws<Q_4Z^)yOxigbR{U&~+ z0OJ9{#oq`n8r8zAvy#kyeR!1Ygo;5Qx>$vA02AI^mI}<Qck(p5*Lq3-F!7D63QdvC z^nr>(+*Zi)tlp6+?<h)uFY|ncV2C&W?YhFV0`nQ~xq%U_EIgo^o3+?cYFHFq|AapY ztq-9ES0!sV5`cXvh!Y8{Nv1P}Vnn`PloWi%G=*}rKsnF44bnQgIc2XL?lGV@(R*5F znnv}?vFmy&zcAjYj8hv`qylbn&R{nRy4N!fSp#Gc-ZLZO99;<(y)v58m?sIEBtenu z=bc0%+D32)*MrH{->BGR`C6k7+?h=0In?YO8X*Nv(BW*d6@YrpzS*MQfHo4R;8!Jd zP(}3nAn3~bU}(#Gwy35wxH*}IW54I~6Q>y3?$)@)2$sj^uiJ~IB53lA{|m3(!|7M) z`jMM>AUkzW%Rq<zo$s2F#@B)Tk;f_Xkv@Lho{VH_VKwW5o%V1FzD<Br2J_l4%|E06 zSt7~&BOQ<_eLI-I8!Tf&;2<0_5iUKa#)m3q!x5lMj~SW|Stq4+XfSgmlGkAB4tj~E z3lh*pZ_&XW0MtGuB7Rnj45ZOAKH)-W5s(n#kX?nop;nu^(=VQuUg1;7iRWh4No)q_ z`#c#2XqklR)8*s(^iw$@ui=C=eE?VB0l}ZHhvT3)N16&qzO*~Y?j+q1&d1TiU5^jF zx=p21_TvKi)bUa2e@zDc!1x$8%0`K!Gc=B7{k=gi%RB>vesJj`GihHANXd_RG(55i z%EY~cRK99{WN!IMj!WT_3>i`1$b_4<pr(5MPT=EEncFlvQbG#G$t3zaBV|w(WF#cm zT0N3p6pxp7&)PnHng8{_9vz5Gr;d)wE2P}`=s4-NLD5sBL6JjdUj_LDBGOx5^<9sS z#F-=1^VIQ?1R@O`AL-9ZMZl>4YJB|l!8lU<&&Ef6&;Og_gOTRKzm=Y^X<J5(W>J#a z^iD%-P!@l#+ai!NDrMAbBQ^UMKcRMzvKIQ$>TCo9jzLf3YMkc5`b_Jd92XHzRcivN zQ<axLA&bGvOTDocQRp|iK9H5*Z^ehRD{!8cG;7p+CGbS4Nf{2xK-aQpAP>9XCFaBv zv@Wbn&lvcuX`iNlr@}+zBWZn_m4{kA**XqyJLq5IB3c$37de>CNE&-CAB>C3hugTg zxKM)KM$e7jY8;FG;nlk0w8*toOW8|01~lN(4SX^Dl#pL{r8@L0Frb&V4(R#k$q>bJ z3A~aI9eMeOI!mg0%9(JO1`PFoVER8GTli&WnyD8GiUu{1gMdzH<M?<RyDuBm#;7^u zTL>|`r%w|Wc=a&5)wdStRx{G%^OxG=`ik~w9zM~Y723wz^$)bikFj)#N{*NOk?sZ& zfNVCE@}0EV9N+~yWtp54N_oypLyYiZYfc(KEEUeK#>l^OR?Y~=b7HCwm@<rH&C?kg zU>TN*dWoq?m<~y{4%M(jCGy!xW5|I=I~0njp|kyxhfn?Z`*yDfj3;C3J?-u;IuqgK ze8~zkGHJ@?E*ppwbyLK@fuUGbO<X1oo`A$**fdAzcQLJw41SG<3SL07)f4|=7Z*H- z5j>ithQI9;cOD-n1&<HTw*X4p^kEEx+M!c6Ex;tcT8*bw5L%i)mCQz1FD7!S);9m@ zu5`Q7-_a;Cq|(4sT(>7s4D9lu60rwR$tfAeaV;=y5U#0-@%%@ADgRT_Gm_Zq=UK9t zv*?&k;>QLKjQ6j=$5p@l^7zUcGQK|elZNI$fRBR01M5?^s?5_|!9<B0HBa*_9-z5} z(=(8N0++PP&2ngum)~6#@3IV$GUba%nQ{-l6Lq#6YnW$^pYK0C87w(1%?5ZsaM~nM zpfW?G%}-M87!IU)q|Hp?#HGz8LXTM8>Xf}PV`Ohkx?b4F;@|1e7XOG<gQ=c8#~=&? zlkk*yNB!o~!5#Izc&Rt*{$n4nE=f)YOrl4aInfTLh}YBX#1;+P|F<|O0#hp0_s9|G zYtfeD!f7tc%unP?F*u_%dPy0k?5x*hCpBJXua2XMZDM>Iavsz2|5B}~bjvtxc`DK6 zfl{sAlhEI7l|sB<?q<{k6L2Y?Du51*DZ!J9?w#P@7;zazdzYshtz3uYj>re8J$R7K zIDG1T-Kk3!Ej0vb=z47eKfWW3CQDtO=9_q0;CCOv1Hn%CeTTYXh0cM&w_>N4kJZOt z6w^CT^Pl)iDJ)Q`ZLE>nGelsHRg<M@4xYzNQraWT?oWw7WPDrcI$m|9KMNo$@j;_C z7+Z9gW-MB4rY)k0mk{(_LAxfNmX#tBc{uxB5;n&Z-k}q^b#$|C^{x1)@1IWQd)&HV z=F`0Rr={kTUE0tZqIgRX4ug=84>?%WCLb5a(QsCt)Gf{n{uRz&H{}mgCD<Kr3U_<P zm5!@2`14{s^3x`=X|+u;z_Y~sCDSq6N3YS##DoU^Y`L^H3Gx{pF|^_-oRzimmcTq2 zT+`%oMo5hc-Y8V1RYP;W`r&&ToO%`8+nW6mAfB&Q4+%UfXfR*hIwbIU6F5H}I7P4` za7jpc17mgmttP_Mcmy3d#{^~#3DjsdU!}(bkp~CyLt4?2VU_E{_C&C|lAN@6UoJJS z`PR7kXk_=x+AXJF21~6pU!{MnV8n826lz0qT&%l=Wg=v>j?iyn);QmM{}_q#H65j- zQe81P%9?krQNAia=M$EwDe+7)2ggWIa`QlqTrCF;za)L3cL!2u=NzBxa$m@%{=OWX z0_U{!a<j_iaKWr_l2tCe{}u3h*}f`ko~z0lRmCFBez9c9Y>DAMWL))pKLTWl63wZ` zr5|1*{e?SO1eFdZ-RRrcJ3U6OiXWQ*9QbA%0zaWq0(-$5?|dxz9P_QpOgXSNvnqCw zf;wX79cEQ5cAnDLBl_B}uMUi0V&^@rpP$m#`}Fl5eO<4w&HB1pUsrK$?asN{(Xpwm z@@h7VWh{Y>OmAh0-4RVI>TF22IycJ~aS&g@I$Le+=I2YUhA;%rs(03er^`1rZODhz z`ZE?T>Bv90L-LKLZj$(6cXFsbJG9%`bmGPfu6C^cbN$IB#ONi4&)VJImx^ld@v9(# zpM^d=yZys7%b6|;Kvz*`0RADE9G*(@tD8<#o=4)}YQ9%_Sln(bo`L0*Bao^NQHR)c zDN9`?)xo*K0_#YP6?EzL74<Hk*mSalvR9sA{Wf=R`-#+0ySGYx?QG<Sd2W#eYNNwL zo!Jlx*=fB5)u&`&mAOKF84cq?ZP*V?B(hcJZkl7_6Q#^8_-c|2q|hxdYF~bKu`V#P z=|*>KZ7i1CPD6D@F_yh+7k8Mnvb8#%w!#%UkwLBvW9&4#lKcNo^hlYUTOA8##Dd;f z(9PPKIxZ~Fp3Fg}J{sX^i4Rz~tqQNz;Ii7S11X(FCs(+N`aE|%!GLKxA(O-MvqQ!A z(+iwv=Bo*P=m~w`DLT1iY0!lW=bqEClRU2FqTtx}p5)LUQ$i<P%P;!$$ym+<uT7fi zxX<d+PVhoK&gJe<cS_1$MvuBc22td&eCO_$dmmvrJj~&D?tu+y>(e)sC#|2Iw4pqi zeAmxT4t1u4x^(U@Cvs=ZB;x8=Nh~SgTvqDvuZdXqnK+!pAT{htlCSF%U&-S)l-bJf zX?|PyJ<jhTe)sWP&(E5*@o;$7y@$Cg?wrB1@d)=L+<UqAazD!bDEB_@IC9z8&%Hn5 zj4+lRDZMFuHaM)9H2Mg?K7Q^C$-4|V?(4WuT0HpKwB8P(jzb^<IO1_5fvNqG)rI|b zC*%xt!pJW^eX^f&mt90DvEy$6>1-a!E8Zt3OrPXRp9H9j?As*9ea$>?;kTdPhVqni z53HY^0-rBgf1;uH>p@vd-Rw96ef6=N46NZiDCT{G;?V+HX!qI2DWOlKXFYe-#A2~Q zDabpA3QguWjo%D@v-r*BcRjyb`2lOTDBjEd=Zze_a4!q!8#$QbUN*CD^m0eA+K2<S zd)?e!++EzA+?_-F#=xkN{MPe(h~HC^cf4=PQ-HvrzR>Tqc2GaiHsYADA$=Do7&X>k zI?LTcBX3gIvoSr)^fBkQ@F;7JKRnNAjVc;hnFm8S+8TM=C6LlN%Yy0Z6L#{1)0lvY zQkPxK$8j>}B)+@UO^m*9xs%XiCCie78KF7Lk|`u9I^1%RbBR+vV#vy_d|eF|+^Z27 zI7hlL==C(e0&-f5T}AH(C#uE^ktO7>%fYInL%Dc|M`j@?wzlU9iP+%gK!P`+E0Ky` zbw1%%S#RO8jNnzC?J2BG%v?T<>kTVYpkJQty`Jr?_YDawEuB3(R^eqiBXD&cl2&mY z+V76&Ws$PpO0r-ZO_3~i^qTkdO6BC8IdV|C;gT*@(!J!_zSpz8Gq=65p`YXCt%|<T zH<o?DWV+8L@vNZ~PTxBnac3>ewzPJgZiK7oWbkbDBkZULxAqL)<E@R}Xf1FTy%G5R zmz$sq#YgavcFmrB_0@K}hT|Mw>bE!0;n}|5v%NiccXV{k03BY5R7{Hymph6^%9IyO z{<Nd#0CwV<9#<jKICJ-&*>-&YxqGcW=Q(;~F$99)R(tLJmLu%U>6ju8Lt7lt9vvTk zK+Y_3Vxjo0{I(4+l+A6yaZR6Tsy!-BwNrau0gyiHMCdc;@~Ow)3ca5aaOWOapDv`3 z^DmBBd)vERDeZFea(f9P&cF<$efo1U9&Y0OS>jQ^QW2J%9rbR1WipfM!5OlV57fv% zhM)Zh+VG}7K~28^OAU=h8pLYn`5L$gZ_#T_Ur5Bjo8bnxPkp;D7OM>h`+aH~wPYbT zm}#aiUu=OZTy_{8m$<|T?aAsY>ldYhLOsLCJgokO;0`7@^)Hfz>2^RZQ=d$F{vEU7 zrm9In$J#TgIPBzXrNtS+Y;`ZSV!5Qc+D7>CiCXr&NC`48`m6@AM9wMtl=w?eiT~kw z@mBTxnD|{~N0=fV;h+i!yPGIAcGZeuU1gX?$JV0ncV0zX@Uays>ozT{q<Nr1xGbaS z)4+nFj@97M;Z?(}vhMYnv9j*yX~e{gw2#49TPs}8METAX!T0#bw-X;zt+I@$2jDI~ z%o^L8lb%Q0=FAxw4T(noGnF3P=!pZ3c*iu_<ttq54SH#^w{WpLIGWATZG54U=|TZM zU+Gl~NMwN4^8lYz8SgaBw5zDWyJCt}V3m1GSOVU48-2h=0QvxDeJ6w0sZ1%cU}Esw zY7|f5g6KD`OrITbArbTU5tT#c*PN92r-vHgVa`;4%rU8^t3y16GoxbC*3ocbG?~+q zIGKKwM9x&t@v+M>kxJ=Cs!~bDb_py%*s32#5v0H&+|gU6esLUWK!N8J-@cFmtHQ<5 z4vaBNs(}%8MajXmnKQ4xI;sfrY#*N6K8UGmJW+Dz*v1ptccyus-2G~IhqXVyt?~V{ zU;QI)z48y5;?0_K(1lm?#r;5ajDVYMj6FYq)mo97-&Pk+1Mh$|BPn|B(C)gEciPi4 zgSeUyA5o8DLui#9k^KlC(eA>98NoSZxgyJ|fd440^KA3hg~t_S2F{*YULLOKFRJh^ zKU}c5kM1lx8oF`W7gkw+&q-1a32X0(62xe#LBVDf-*%8aWW!?1oUu1qm2TNB-?Xk8 zm*Ro3Y8KV%a$tx6Eui{6KjaAnU<8HB`dL)GU_)B0qW_AHz*&)sBc5$-tPHqk3tl5O zrIr_*6*#B7aB+X|Ey~N)W0wX&HL<R;iws_`y6IJVW1yI%=oD$}FrS)UE^PW#S^D&u zT8@<pWALA)env8rW^nt26pfr?LMo09ojL3da@!pgOb42Qi=wIAR-UD5$*+Fg5{+Kr zJoU$Obca}-Juk;wPv>D57)TDEEyKOyi2D4v^iXC|nRf*|gqKy=*xD7tlt<?jtt3iS zC7oHL-uXh$4h;6-Szw021@$3CSh{z<ZJD}8zgfcPIg;UwP(x-cFj<3L?IdRX#6;c7 zP2C2!+v<#-PZgk~l~P>>4$E=6vgt#jmGuwM4jC*qNj8L4y`C5^ObE<B-VuAbx`V@H zYB>Hr+xV-Gzps_tuH!ee_;^Srj^ppAyt+u-6Nvm2I+9uKgGNUxlzQiwfCm8th=VK1 z;Q~-USM_EOMg3L0gZc%Fj|%4Y3g$9sL`s322i&2CjO5iXam`t~r^d7Wat0T2Ks1%d z*|Q^MisL<M)J_lu1r98jstcW*g4tR{W^y!*=iH!)DN{o}yL@JWQ6MJ-JcHF2N3`7V z0;>WZCjW&x9M!rbdNC11u|~n(;5m3<HVK2{;_=D6Z(%Tf_H11d@Gk%0@nA-HK_4o9 zHD6*&cVAdPb75Uk=Sr!{4J(F4%6~$#(^pQlA7FG~t5kNVZC_DY#+_$SZ5IP(`GvvM zqO!gf6M1(+C>_BZ@a$_}+u{mNl-EECKn>l}?}#pj7<m4pA|qul6hPM`+O$jXaEmi| z=9Z*jai|+#%}uaU2+u2r0ifK%VE>BqRXwupv9io0LsSC*tUng@5RzQ)Sjc>z(#Z&? z_s|bW&&h{C%JIehjSWYID>MBBg;^Ts%R<G%ld*3o!4w74{R?4yqvWXG(<5MDwifwS zxXsq1n%fMuK1BtS){GGr5jW;Ywt+I;r7WN{?&TX4!m}Npgx#(oe4))0+Jy&4!^&GD zODL7dGl{%d&Rrlkw(iAh5y3T*`d(0I6|vNl?TmbljXlakQ<sD`#cupF4sT=?<K3lp ze03c(O>%jNI>n|hgS}H{WA);XQL)&55YLY2KlBM1>fA^_*1wlmv<2^wJMXDd)P6gv zWXJxeSgkI98C31%dY5{dg?i3Ta;aBF%7d<Ljnx|+VWmkwP*$h2DCk<=8`oEe!ULZ( z9y-=*jlvUqa_oSP<6eFw9w$`%3~CZb;B>#-mE#&S1cvL9C8$<SnL}%CV+G28Jr}h} zLyJ7G_W#RT-hWQ}Tj%hl%b8Ot5pE(vsJK<Ktqq*%mj|_lJY;BzQxdv7HdaDqwyn?f zFB6t>?WLfHOT8>j6XeZ*yR>k^Ec7{^<`)5EctQ!!8_K*t6&+8g!R_$0h?zrd`csnq zFA-a6ITx(q5X)t&V$-)s;KMqwHynH?+;AB7EcCIH=c41weJaQ&c5Hpb%eAq~)E&Hv zFEMW6wAh<=rnNfM&TK9(^kreg;b3ZES$ANR<k@g2T-I$#30A|Q=uiBsX@2W6fx%LU zWv#zi-W%opYw{jvWf@&Gfq^?IteZ%?KN~><q}%%$3$$GiWEUUamk%B4$*FL?y2nMA zEfG63IgTS2p^Pn;`b9j{m?*19&3gy0*et7!_Nyg(cPG*4-WruL7q(aZ<T|+?M2}vh zn)UM?`s%wzLVD@r8ub=e|0RVqr{e;FM$Trzc1-SsxZ_{SEeOZSN`0x345PtI4t;QT z`v++ecix7XImvB4&$jP5J-gbPK5PU82l|>mca(s8mD~vkT+JOJCUCyolO2Jx<n9!Y z(bqT|t>KZmQ*$<)*7(P!#+Q=TpBBAfXy{#yFC|A+<2RgZqaz2tG@jGgB3z)TF)3nk z$MHjFww>o_b2w6^Xz<VLzfbTlb_viZa~JChU1<&|yu4UfCyyKMGA`ssr6#JmSmzr? zIR9<Ka0=KA!>NS==!`I?Bh^G5bC`oE<4-cpt#%cqK7>wf`AC&M@aZ{3uoJ0~84<1Y z>@^^>Jf2;1r#eILbDC<UdV;>FWpcC9kIl++;%VQWlkcKGYip4)q8_!CN_07-uu#R} zSRB{nUBsrFX&+*fOP!FcOqWql)B;*~TO}PYf3{fUNVF)LVwHHI7WHob(*meBP(Fz4 z$1wr}vR|PtTQmqp_G=eIcFloDuM^qNt%XF9{aikE$DgURmi?ZcLgfxc%Dk1r_xaRw zBN%`Pf7NORrF@0(_ZY#t6^}_CQm6e=r>k|HSP~7o;?n59Q3KN!Q=>};YP3|1!ycwS zdr?XU2l1$LBrB<pieU~ym^zngK}{lMZmE|`eQ1Ygnd+%G&AU%MNJQk8Q(@glaEJO8 zu~3Rg5tDTh2I!&UN+=iyC8*Ie&BU?vDtoq2F}Qk}i0U)^z0$6FGHR{3LF`OZ9bjg# zVABk4O|9}$$$S&MV8;k}p}NBLnezGcP-}qus1@G)eTC~4kDTrrt~eZZhHg0wg;2k! zpk<J5SACYcUFf(P1{Kf&UbR>Ud`hi^0IP%aCi|FO^=GOvQZH3c;?0i>WgR9@b7_XE zf_UgiF7>g<<Lb0)?SNtG4-!D3_e*MMKf0ZlBxuuQQf|)UQW=|`%`G-PQ}PN>0Z1$) zHPmpJeVCPM#ODb9mvV_-jBH@JtYP7bcd)?tW+}}8iEmL>**k;c|K&5{pGJJUM-ZFU zw<k+y9HyQ<PcmBSulIXXD9l4JTf!RpBV~^;3$JF5wG-8s)MqcLQMV;a8AV;5W>%7D zH^VkOT?TJty?BI;=5>}h9U)h&vm|wRc$KTOB*)QNa^CRHlJj{j=q$mgqOHUlDe0Qp zB?W5$FV__|aE#z^y38uuFL?`-U=>6bqL?fK^LOcpCs!w1C%ekJiROqdlKQB3dDenc zjaAVdacfc$P6}yik{!8E*XW`_H45G6ax~tU(-^N(=*9x7XX<oX${R(ymmiFkbr%*( zgH}HpO|$e<=$3A_J+Ao<1cN<9Ct?A7j-3otZAjUY6u1ulas*aOtAG@pIl~HeYf^8> zRmwC&@JYxNx*=tKxzqnR=6;cKjF0AnsZx1Q^FCS>D|b<JX{hY5v#_Ci^^f!4wmxN! zNSUt5Uz#XAMnFCTX^r!ojnU<u<<2JAtXqF<A^Ob@w)vdd7Haz&eKw7nu-L{C-lfd? zSHZH`b(<Ex@;m`7#*jhDr6f8`Jmx!jbPd$%d11o^FE6J?(cu!WD-8^Zm4-e~@!WGO zPchx$Y&)kU7^&0p+e!rKY(#;rS0fRB&A676q=i^4g}z#SwJi5vP?&l>c)j9mmXWk? zjCI087MVbtFUfK{Qou{H8fY_ql8H?3dimx(os&o||8QO%r{rbl^nbv9>Lit#Tv+A~ z{DU=XH@QJ&^JK`pBMd_j3$j2kRD2JJlM*b&6UgaK;3yQMM%B&Z5i|y<!?51JTV4}f z55yC$hk<=LV2TbWWh&s{csm+Az4=PWfZoLcF&d|OFtd~09mX*3Vcx=Nwd!#yAQN__ z)Mg$pBCH>V!aOJ$F+J9&EDbkw7ZuAwWP{H--u^+dUU5w6EX)kdvK+@s+#zh8)rp0~ z7eq^ml^qVnGFDI0(JW`05NvZckPeAWOH*IS9BURXv(jcqA3K%W57)IyQkM(Cuz4ZP z2$j37y^Zgu<iFi`A~{&{GZ#ZRP>9mrXI+`w$1t1hW8=b|LJ{$%b)(EA?xL=s$0~O> zw|&nO>i!~J?#9pJJa;y$-b+ass&fJdy*b6kIo%z>VK^HFxV6zsY7~Znn%IivW%TUh zEIpJ^ENX_~6ojQT<<uTORC{I{I<z*K)-(Le1e`JSoI(#_YTp5(v!pRlM{Ll7-9>t3 z*Aod*hz3N&`E+4HV2KUT8k+GAE*ffU^ABDfUeIsD@@WpsIo2KuTvE8e6+Ep{T`M&c zpq~ZMqo)@(xPlqS+LNU}SQXcwf+@qG=MDYJMM>q+W=^ILcH15CbdCB?T}Vf~1HcLp z%9RAQLgp=dM>Wz0I9>G%KENC#sk0?tKqbTKg@ug8(2T!556hYqJc}cZT6qc=Xo3*S z3w33xe=i}OPy}~*=w#07gADhj>>bI`F@*s9#fsr0OHPie*(IszNhr^l&>C2>ksR{o zQ~Udw!_Eh}I$cdC4^4u&zN2F<)iT;Ji5cXusaFTSe;_`N?bYSjv==2?Oj9UAvs@2J z-`sSb^v!HK2QBsl87e3}Un@XhI!jH&r=Auy)$YGY7l09wX}ZE}!f;w$(c9}Y)gq=u z7#cJz9<>pw+~sfsA{taxKU_|q)Ptw+EDmrKn(b4Y;79}z!SOzIQqro0iBycZ=!o!@ z(R82slYENzMx4?7JV!cVxSC|c-mII~L`>7f!NM38&*h_LJ5E#ESnjBeT{d*7oz1HF z(bqn4!)0!UMD3Qlg5%YJQ3)PbhQ;1kk8JkeQW6-cw&_n3X-xD_D88Ao#)X$Sx3B_q zH(}Uku!$)=iXla2q3%yYdy{!424v%Bvfm~+S;gMf9GmRUP@n4OlA_+=NQkI9<3=Dt zh0|+P=TaUSSTde{p5{i$o%OjZBXg2ie4Ce<+jmXT=dA6mnShNVNsGR&hc+6MXhmpm zHl@nY{GL_emKpX;nPJCS?V;|otpn|!rM7pcr8pmusSu~Rt3ZZhCC=;s`wyzCtJI}S z9FB8$vwk4M=sZf@P~lqdijD(0e33GjF7D+;@!|>_`f+z^;1qSi?CVJpV_sV?0yQi_ zx3h{pkY|w8r5=`+)$WKfch(iPWA8SK?PQ#T87DTqQH%@7$Q!G0E270hSH^0|0cm{g z2k|Ma=}3SH!B}#?sMSOmI4#D-1`IyhpZr)PvIV>ex9peeqle|XvsGXF^z}7;J*uzo z=<6PRJ;YT#2?;3NDM^F*ssk+c@n`sapSq5Bq>jd&&+uJNJ8XHH2hkY{rtCqbhxznA z&-QWn-P+mBr|`}r`ue<FA5dKDir(}zHxaWwd1=b=kdEaDZ*Aj~=bmp79=W<(bbBj3 zp6$CmyBaf(<DRtJBgE9RtGT^^*ZTDKK4)#X<q6UhwR`UV8zY02_NmpvLxdvIFk1gO zw{VMYS&MFQi*9R+hCz$8wdZ*fQVJTtz_lDX$+mZe>3VKgV5}TK+43l#LlKGZ>iJ>f z+1b;Qcuwm19?wlWj-Y8zJ+H%dN|K(XJl2IiyC^t0)ZsMUU@htoKPq)$<4feKL@v(b zI<RL7A(pP|x7&t$w!aja<=P+C?>(a>@{`gsM^9Qj<MW4REMFz#51{Qf6ncKov(+MB z24^YnJumP{8sB$K04pqipgh!fTY$x+m7bO-_+%O-Y;Vs4T-aT3TX1~JaXT2@tm(5J zklO~5x97IRb9N8xG1-fn_OjsFb)hxM(}J0(#_aR}%T8aQGw;hckuEino)iei*3y9* zF?z<BNH=?$hnc5u!Puuut@`fpH2=*!1wGAC^R&v-{Jwcw=xKhFr_hsvD?mc<dVXZ9 zpk|lG0Z0tGBj%KzUlLEl<7UsjmoPbdn%lUB`l>zmo=L30nvj|q@PZt*{9L(Ro)&Gr zyF0r}qnc!7Fx;R_Noc3;uE^GY3ezTD;jO(qhFfGvcp~?adzbE-G{KxBydKxcnJ18I z*-N0wDZA%+o(H~R1+Nh<+tMY#o(EH35O9GG$8-+agV0Ti^fbGWZsGAqY`S?WQ*w(0 zhMtsqI4oT$+<|Y*CeDVmW`u}wJQ*Tl7L~S7HnUYAsk}U<t6!+c_3HgSQAkmU$*cJ| z^#>@;_fyy0c8;=ysS_Z*L<Fo5s9XNA@_6;O%J8#EQ_CYf2d-Y<@-p{Gi;%8LOW!(M zUg5<Nd-^HzjOg!`krn}Gr8=UCF!qiOp72%~<k9rHu>NLZm^OyDN*jC1se>g|Fh#<D zTw%>|qOQ$1P!%lqyx<5&1TKNm59jV4K#rayY2lMnVMh;c@*IOeSgA(m0-2s}f<t}F zJomC461@2%*HGUro_l_)!*BI$>=FHY-?zkV)9rytg0wBa=9>XWV^@n1M(W@Qe8V0e z05iJ4%1=~TeSnTa<hwk&#)e|RU1zljCbKli?4uvUX<eG+2{!h$OU*T^l$au*t~MSy z8l|E?Cz_SQ`46EESI>vM1V=-$ZVldK@KQ2~`U*9Uu1O2)dy~ew&3su?Z1AtCYcUah zYT;j5OVA`9()>Kt0?b~!8#K0{NFQ!8mgLeOu5io!M6^o#!z~Z-VE2A(tI%%GuHCV% zGK5U0RmOB*Ms$iA^cp2#vKr53)><q=9~FXuI;-hVG|Uk=#~ysaOgqb(*z~y)|3g?> z;@8&Jg?0+iZw+QKEC$7zBeB}!u^O+O5<JcB5*k@<MsQ7!6XZ5ckzNZ&TFEM!6H<42 zns0@c$T-+Q6g`XVBVkvI#JGUCL%Lj6xIE4E#H`O-2>R|NlBJ`D+NyYeiTCi%cewV* z+1EC*lFHMf&%#cO_du4(x5U6Ikmh-zv_I<fY%lG9I6B_`2ABgW4>OS-G_ma9z?m%v z*N$J!lFOZ^9X}L0=s5oSffn0E-ba7^-s%ft6<|ZQ!955^&IoCOeOyzyq4;8Tjpzub zoulX8$kxvp2WC2o>1n#9ZEc#w2u!i`7<d>DUp`d<!yIbQ3!NwoKYE{lq|f^OnzR%R z<@KZHMR!J8B%|EUa=Utr7DH7{{{%$BNVk65SeO@>7t@2<($~(Uyprf;nhyFCbkNe& zaA3ekhkZ>BLJp*rlpxK2nyWt_=raX`b_%Tl{<qMpmL|6F#<@Qe%b<X>eoAx{Y_YRG zH=4#ttr_*%@m}rH03edX(sR9~kvaF>+()H%O;5Ok<6~R*^BU1Zxf-R^e`=Q@?$}m| zWofR=e2hc{SJY3?aht?07J|%^GdS8;U7u&-sm&&b(9T1|cLaki$JTt;+9`A{yj2E3 zEF#w-WH(N4AK?Rj74E8`H!!Gak*;WITXSJ-t9&tYshLXEC`w7$DG|)Da@4N<*JxHK zBGf4s9b=$hV^`_VsIqHq#&31DUFpD=+TO$3Bm#SA=ksL3hK|@)c~JX5CiqDmR%;oy zaXYk0TEXUgjz^EkRBvgv*V^CnAT?9{G6c2ZRDK&rcvV*RTuSg)aIuDnvZ#xj+*cN< zr{9Xj_H|$^*>~+s$M5H0SbEJ&$G7-x<F}jNFv3s2PRu}!5Vm;>i?B8~&!Hla_yIPZ zIRw&xE9AM6mUnoPT{J(YfJlpkhg&9r(vg-tnJG}wwoK+B+|n)Ah!`-0A2=k}M_-fc z*8Otb`7+nKdmiZ1x5yEFdvve9wd~QiC)@Px7teEh<ldHEZdREyQsL~<C1DQF$Werb zBS+=iHT~hpVICL`RBAlVv%y@R1areJhk1&PU5~C#@BSX!%u_^H9F<NZFUW7QugZnv z#|fZKtzU9Tc)Q9Z2Cx;#)*KSZYOt~V2hdc-NaE9hDT`y>B!71SuZw$r4cUtWH-BG| z^A(Z!17l`}PE1+;m&lxtLMKjJIjVl-LSXKE<sH5)?nuR*OssxXZ4vf<=eCF1ScFy` zh_2Kvt+nJLjPD8S&}+RqXqE|LlectYjY9s3vE0ou3F<B$YjIurJoj)O@)r@<i-`Ut z9PC5f665X)Z+lOAV&l2zj<h<@9rL_gYO=X3$*c3MP3QMDg4X&7TDz2>JL*cf++N9L z#f@CnEaStigsr`Uu(c}*Tf25yWLqO(kGvq)Yl53C%53Pj{?o2TR=D9P)sQu-#cr$P zVQVh}X#PvNFNNOs$n9aPFaNV#Ec`ukvku@%>spIt>feUmUmLDaMSls5$^A<W=doTu z>p(eDTNMhXXr;B-i-}gstGNfl3y!25%6%)mxYr6Eu^M`b@aYpoj8+%@E;t>N$96A^ zA8|+==39j;g#c17IE)yZTXwi|ewD)8oLxfnjCf=(!gx>er%z%Q`F@Jd)S@NQ#G}$g zRHCh-nb{|9PEdW;c_y`E^(S~3Jy(`0u-z$!7vd1_;t6s~;e<z9dn`*aw$elv=6*vK zrgK9_I76WtkvUv;G+fqK{m4RVFM7RfN9CiB+>m=9aCX(BNSQyCuZtCJ4_EZ+ok#>N zAWh$*<7HyW;S7vYU#Cf6E4D->BAQ}`p&lk^vl#SKlPOOy_5%|`${83RQX>QIIl6+a zPFS*zRt_=b>V$XbXgy7yMS*7Z`q`U;8Y)tr1=(Hox*VW_VXW02<{-5-uJ9Un`}^Jz z?U6O!pa1;lJLZ74^cs<KfBS+Y+>nv9-dpmu;PJ@13B2x-DQQE7i?DgJk<>t-=|~np z8z4&6zDSE=O{X%pf|Kj+VSv6M>4ek#oR;Rdt#3{h>(G*-uH{EJw0um|&K3#CZf*-) z9C`E;0zBLHdbXt$?Oi!8x4on?a{oyAUY|W*ZGBC5d+COhQtW3Bp@m-IhC3$-rE#o* z&WP1Jmd&5@QP|tngcAz=@g+X{NK~yJfgFVP%(5duh6W<|9Zdf^(n=jEN1%33nG|!Z zJt;7%ac<fK?}mF)CEMs}q7NM_LD>>SM(giM6L3Xcoz42eAx+&CtuavSYB@|kKcU9? z`!3Ya)&mj}X&xo1Quaq~$PRse`bu}>+)<QrpmBG0)D!yb^pzAliZTu~{yBTSH=5Gv zaLg?F-SXWswP^bHs?a}>{E#5|VOTo#5Zt-dw@DkR&t4Xo5L$biBQV}t>1RW^3tpi2 z9U(@Ys-MUm^&?dZE;;n708zrh!$s4zCHrM89-P5)$o+;IdzwxPq6E;Y{S({IYd1-x z@NB=OW0Q=i_YpO&V+1)I(T!H{Fa_+@E5Mp6hOlp^d&Fd@Wk0lV!c&m!(8-g*v$|5{ z5m2C0eT0k(7WW6rY^(9;jL^w1f};mVd59>{w?ilU#a5^nL;8V_(LItD+onEkJ=vMC zY&w!X2w!a*2%ox{K7qm=W5FBC^HElZ+D>m`y7nlQp<yhFx2~eGo@TL{lvRkfyy9LS zmw(t4Q(p+<y^NSmu^#<=GtZvwUCd*CswntBpAa!{W7SK>g#_gjqz7rFG>g@j*AGzO z!K-Du{(&=mr@L^0@~rElh{lGG$^LgdMS`Df7}dPb)4ZD(&$e;~%f6m}<#|vx8_CA1 zI7~L*-j~N>K;&2JrIUh(qZhH^fpNz1UsocCM*&&)hQ<INU9*ZNkXzF1qP`V>W)><h zmvhk$&~GgKq4^FqbYqEgczKW2Mb)}WMU(1Kx560Jr-e)1ky39YyqbJ&sI#WdtPAJO zEGfA*_^I`&dXp$U+Zn%&b5kZbON!c893$^F!tt_KI2I{AYlqmhHo9CT*91>krA{@P z6l58$c12UdcVZ2tNtU5hKM+b4-BLJRaKzIhX2|FXWejNcstQzM5M<y&o<Z;)3_z%& zJErbM5hIpH?<nCstfhW5?kdRW4VSr!N}Zl&pL9buqh1|m%Xh7HNc_l@6S!kNbz?YK zpMUyf=v+s&s9ak~C<YwebYP26Z!7ptY=u8DLQb>F{l#XCRH{2ME3XYN@mE{LGAd$k z9xGp#>}mNk$&RJU$mC?JKk&lnXvX-!48Kz6=I3djRqEQ@rtj{}d${9Z9Hi?@ZSdAv zb4xK6c9%U(a7k3@FU3N$8%A!Jo0+wKy??TN=rJE;G&Ml6GKIpdU%zaMeER^yH##g) z?J;^JCo2A|03tj=qEyG;jE`nO#4<XS{Q`#ywH?v(WHmIq>2uTEYSk>M)Vmmp8tz!E z7`j<F?^geWqPHVd{B+6Hq7<nALe<cBwOy$aK&@no(}aQDr|7HKiGqrAb}=)(qqyKw z=#Af6_cUPyEGf(k-oPmj=50K0tWJ!e;Mg`vrT$P2qgRWA^C1!bEL@n0uu?~eZIk@e z!GZ8D9wlL$NjQs~ORRN!c$*?9TB-h(2-dondDa{h=ccG1>!AGv$y<xgtc^GIeI5~V zBD-GW%}Os`g?JbkU-*#JD#-fT;wos!<*J%!wY8Bom0e{n(b_ew?OO&`1WvQkY3c~7 zfC<LM5~*-$KU<DwI|qWtOK_+Q)xIm(Rij+;I$%8yAg2q;iIuYtze;yYbA=ricVKr5 z^b#*pr^HL!z)NIlqFO&N)f#4{*bzfNU^mZj#%uh&L)U|>rNOC^rT7_381qXt&<Qq& z_#jo2>EwT{T6mA?!Wfi=z{{zAevOsKD#IjSxIncFRx;zAS)=ge$ZCnBHprB>O8SH; zuU5vs)y4MMHkoTPosgMTXwTJTxHGHQ%(dmq;M3MH*Ji1)61?m-d%|4{2PPA)MGBIu z9|>^~UNlmEn^i2E%G9?glu<rpytNZGqUlobuo)yMpKd0$HNBrj$JiUR;har35+G|# z<I!Zv$JiUO{d{m)jeU%-=monPdszdG8?y#ETe}TzN(3a#Ir+pyW!trixo&Jfv=P2s zmYW^wZfa$(lmE|(7CHH=iY`kO{m6e+bZqRQ{m8|#C(bUH1C432_8NC)Y<e%`Pu(Jw z!z$8l_E;yF#a6nG1VqLGkv@r8Br&nM9VxJiZ4xL6#75Edn@JQJso~c163!dw+yd#` ze_`r41#+OlI+!gnnt)Vwm4AK9F_wu~>s=$Rb#e?atqB6m*sI}n0)4-<GR9oWyMQFT zW?ARDy^Ms?&UM%EUfNae7ZM6#U84szIH9MM!JO2U#0L`=O9TW)EFZ(=w;^!4HVNkN z99walN@9XbtnZE`g*uBCbWlC&O7>;6O^oo=4E-Qtf-%{MO&6eGQTszi0Q%2faCV;T z$QK*5F@J#Y^|HKtEN}&I*5I3dR6r_{J|Gn=l9Q8Ol;Kkw8+)UGbDlGX9vMrA+eu!_ zHb3SXfFeFWMLtn$DM**&s`sj!4iZPc)VusQ3gpj$98%|&W1eQ=fUNQy3V|4&Bbiy{ zlg*pdjJIj#E!DiuFmJ~-e_LK+-g?a2Ec5oZd7ES2UNLW9FP5&9LY|iZz}4H$T}G(2 z#t*ePLz+O-fV!tCW+pwKx>q8{M=WB8^wM@oNEn?<+S^Ebu1|dmpI=*~2YMi*DW-{v z8~-pt7UpAOR1(kREK=2|%Ozj61P)q8fbPC^?-A4?&u;a7^GpwZ8A1OOMhNQxA-GGZ zf;C;R(f=}72+j4k$$j$?`j3}q^oxunUY^n~(zCHQLd6n;v@)PJ%K!?D3l&R5oWh2R zB@!A+K#{Xa#^h%CvPs5KSE?lReUtM%G?M7FW+-pA$DF5GW>GVMnI?o4evSY&o`Dsc zF3Hsx*gz9O*HoqGcPUkuq=9M1^=6HUe*(BnxVkX)JcvNo-r~RRW(J<gu$T-$)y;82 zIVX<Y(|@19?rB4@d$>tLPG<^se<-g*uv>)nboC>`@$_p;#I5M$9M)cTC)E|Q$)Wk5 zX&8(n+ar#shdU^$;)qq1fo<`tL0kp6B6D7-3!OOK-i_N9{YFizFho{w9j38M?z}Kk zb_9u57|$)DxsXjUp6z8W%#z3_EMR2km@_Hb5&JG`xc>Si9Qa4jHgWt8Db-!@86i3D zNhd;qU)Dc(H&t9FGP=dhuFIh$Bb{;`>yYb&{>!*d?~`lsQLc6OjLqgl-8~~S^ld_~ z4op3wZ|5m}n{t@jBlo6e62&TWY<BCrbF-H_Mh}~_<h`Z4A2u;{AyGwZxJf>4cJtPi z>fky|RE4Qd{nb`5gtZQF)6Ex98LdP#s>98dM1o57&xG+qC!n>6{zIU$(IH~KO9Tgl zCP^KVIDW}{h!Sz1QN%fgu8IoIjS8;L^GRFOWjoNi5B-^F-DZ2`k}a1!xs=F7G;FhP zl*_WXZf*Zy#hO=>Yu8Zy8A|~(#GS)|&>z=^7aT2mDKI+sCHC9h3EGD^9i8cS!BMvL zmZhNe+KsMAEV%pFSoZ0^^DTPu@%Lc;!VSIJu-mHWm0;9qr1GZh&E1a^$ttx*=cN^K zGz=w}(MUo+YSb?f5-Zi;W(czkg0EK3JV(K8*_h9;rxN4zC-l3R)7+TfRuW6~VvL0i zjW)cQhni<bOHLsZ=v9vAWUF&9yITF*8;p-I{)~cSBIVe>uyH<|wlG|t$>#RxNb4%m zIb9iEl8FfqK0A_66Rv-0$s*gV&FBRhFm1U&EKkG^j(h{B*QiD4cAM(l`W(u-Ob5nV zp*okN7T(0)T|d)tb8I@J0RI9xUd~tdM)>7+bE3T#@~4*d=f7APzD32*1eW#N6c%u@ zGwJ5dlCA^b-5f?%1QJVOSb<ZO?MBWxo8fBfEbt;NJ0=iHr^}vjpOw~G7DLr>lmY9A z`~VxDlYx=eJZH-9^4$fhqn*J%591}5dH+B1UWNkzXPu{IoQ&}bZ)AZASNB_sFrilA ziX)-VPX?B<JP>hmki<GprdY?m<6i7@%lgoxW>{~kehf4zG^wR+b;;V<=r-`f!^VZ* zHa4)Nkz=I|twM=ig&JLjD^#AY!co&otn!XZtE2lso2J5>?)*-7@WN2>eJC6qIIxqu z+MFTe11cZzSPK|H977=Cf}j`_{e;TEhZHV!2S)o1L|(P_s-K!*ls4fx?o+Gui#7w5 zc$FTNciK3|MeC-M@>yX(3ai~HOn9)f{f(;NQ%@Elx-X8+c9$SV^jdEPE)T7BIf7Gx zY*Jb@56b}Lp-QVu{RXmLS}OKV!3=esSoRlO#HRDB`1CZNYOzCftlggwP);?1vMr#{ zKZp$!`|~1^XQ1=OHX!_{EDwcSp3+xYDmG>{W=R|3q(h$8S6L@hkMCqcIu@L+cB3>K zvT~&65TZ?>+K8x4pkys7ZUXf?lz6gjBRE>!O~iry9yQSyJ=-x=kQFgwl@Q)41`pw_ zTjUx!%oQgGp5_2K)F<DN@>!vYyHl@)-!q5c$jpRgRJ&(e<I@g$)>uYaI<IfH4fAYk z&f8CTy{lb0mxQ&=L{TT2D<Lg?>7Kj)fG~rt)Rn7-*h<NgSy<b0#Q|eLVn8Jz>3N!j zI9?E2sX1aRH7&O@fMfbVhF;`e$Jb$7C3?@@JQ}M5XU`83&q+OZ@N5>A8^Pk98zsd9 zI>iDWnN%+d=GsOYrng=rHzvZ!Wr<AUhEh3%3^J73H^@+Gm_&Y3%my4iU!Y*u`JOi< zU->BczRTyhozy{|2iZy4IZDi)?R=7kV<%N5c2Xq+c2bY<$zChxsVBmvE_Bsx!P8Pc zvx6atJu3({0P*(JC!Vu=mhf!0vtAZFy)LvC3#rkeu0a-3Ju`HM*hcBkmzvLdsXexq znoTgDv5K<oqp*sy?W3@YvhAa=in8sau!^$nqcGPI`>4>9f`PPK*0ih4QtrSyxGH>; zVb{}2MBRMMqVke?Zr;iDOJ-5KF^k%bS=4S%%Mn=MP<wWlw$Bq%Yp~n4MEUQ`q9WvO zObbN8($mAMS>-ooQTqrqIc4|k<ayxRKV%jqn5C`oWCh&QEM5u!JF}<>#4%=3V|X%T z#h67s4rugj{AIH!#j1`ri|VER0Hyf>skcg}GoY6OrA}h}J-aA_|Bp~bv5VTvJ<{?F zSL~wX*4eU;Yr-x{z9;OWUb~EP#KE`NMF~awuk50(rVfLK2Ghp>z%J?wlqGSys84ww zVi)xppsMY8N1}*b)G^S2^BcHoyQr6RICfDYkBVK?cf>9#N83gHl5fT)pfS8vsNz@J zL<xk{K^O@Ja&rx`gh`V9_iUmB5`v0DZK5Q5=<1hjqEg<qO8czp{)A1`iT{T-QL|oQ z2w9rAhqXx?ApRfQMCqQ7Z50~r+0`Dmi4q8WwM|qC77|EK|CLRY&Jy8C+eE$kk&drz zq68udo2Ym!Z4>p2c&xu?6XgQ2!`fi0OHZ^64u@?MRgdT(gWwdKD4C8gAeP<TthEsU z#ROFbY@+rPX6X!#P1Hf&!w<;x^pD#_39SBmn<$B8s#5a*7n>*nh_Q((oW|Js3Y#c_ z;s1v=Q7OB>$|g!i*Z<5WN_zDlwu#z9WMexdHc<yqmLONhZK4J~Mk11{vM}v2-T3!x zqV6?0e5Fm4Ks=@g>=2TBicQq*Q|XPbvWe2Q(Ttn=>~{k;QIhL_X%qFvQO4j`*+dOA zPul)EdD8aK&MlIm*hI;LdVU|lPwKE*OEZj?=6K;QSRmEI3NIL}t?upF1at~Dw}@6~ zr_BH9o|Z}i8+U$*p*_VK>Zi{bo1Ib1W;)VtXQ`LpkNLgFFUoJ~9WxzyeAE6(oyXfD z<j6Q1l0xmWh&j&$1jT5YY1BBnwr^I_v$2yW*QD$Z^~UmdhuWRk(<L<plr^)Tl$SOi z4&?j{wv`5RbHoD4(N`if<va>!ZhJ>$=E=m<7m25S`^gps;|?#nekJw_V(HRrh4+$~ zII1|$(I{)SgZ!P@rb%cgP~^xyjD+)wIs_N2&hzd}M{yKm_XaOl+=+9HwvftO+_A$e z+N1+@MY}zr`<ZZd+$efc{eIVvWcu5UE3@5qrW0R09PQ{G_<U#L^YZt1)WOEu$rcTS z@7wXgKzQju_^)=<F^$>ra|gm7-toae_?Ut4rX6+c6}01vorkHG=Ppss@2F$#&;It_ zpl{d6w+{xsbqxA8MW;h3x6}RGpl_$ix5`n8Z`Po1!VK-$AOE)e&UiikKzOLVQs=gO z@v|4PH%dTymnf`vlrTk@FQxJL;*?=WHwToN@Z5O#13I5P6FT<UGcuWyQlC9TZ@(eC z74lghIVGlFS`(=CfMqUR*q}y^-lCOzb%kZFJI@e}oHa7Q!eE`{oLP5nnVU|OJx3)7 zoT4rK_J4?Id?dCk1Mf-^TmhlkW6KbFz51j|RehC^42~HIrkqoTAD2Ef*S4o9(ein= zSGdn@kNZ=>jgQV$sd19&VppUzsaW)kD?L`3GA>!b+=bC#c(JR!!Q~P|1u#?ZKdMye zuvMBd9lfCpTfFsUed`yW=q&q8oUZ2YTfexkv+RUpCOL^CsCaFwB4vG4mas}SS!Nqi zLk7JCWrH09MKh$bwB2?@Q_&m3Jz!idSyhD??vlNLdgFId))&iIr3egTV_knJHh%fX zTs)zbw4**n^#BldD<*lGr<s8N%ig=dM^#;m|0kJA7$A_S0YMQ4MMY7J1T7(;2_z6C zfq{gCC=enUNJ2<rGQ-0Q7#Pwr3{kYUwY}PcXzOilYj1tERwY7th*c14QK_bt+Jj>? zR0=^N`F+<u=VVSoK(Ot-|NrNDk~RCBz1LoQ?X}l_zxIm-K{8tHW4Hzf*>|z(giPAU zuSw^<bS(q^&m~f@<i421XjXy#5S#PVAgiyJaSFjI2DRv(mpVazVG=lOe%&6EGkP55 zMxTwwWWW`r)zB$DLDQVks&)z-^QIPu>SGNW`T9tT$252xvv^d#ekC7)k5e7n%N@VU z7&DFoTOcxQCu4x~RGV9-lg>*%YOwJcbBD0OSlQ9iQt(*SyqeZ(2Ug!Sa2V!dSE3I= zfi$}_(k~38(gb&uR+<K-0)66GMJPO?{D`?ldw=S?w4P72`37;fqom@<&xIc6uGG*p zF7&kB$eHkOFzU}p5(_RI`XXkhME1Tue9V;(<j!%lO78x?r6O|uDsqRh@o^AuavFf- zl4%Upna8($PiFDeNiecpqg7wWx6C`G9*bWcfI{fqVed7JcLrLVHA@Qg41(dvhw;wB z)Rx+;XJyX?FVUeLjvcJHif4aZtN!RqhT{7BHcU*wHci>yW7_(zZ#)rA<Q`C))CxDt z!8B4pe}_4?U@V)9^7ZvH-L_c{ry(~K%21_>GV@pEPU_F&GN8tZEMCw^3q?U;GuRVT z-j9Qn8LgDNQ<zX(E7MxHgsEQt{0!JK$46K#A`07-FXb^o9n|N8xK(ci(-4#3^3f)n z>DdjOC4;&7&!$C>(_WCD0``h-uZ>q1C(F4)JDjN}YYwY9iTr1?1WSI-gvE8c4bKdv zG$NJ1{U;dQ!Irq#K-<t79Ww1hp~iWZYI$;w%RK3V73%63zVtDU##N)#DHoq`JakX8 z%>0zBe)0Fe6ne>a`kpzSia<kIV;r0gn$GQR@z2~5oBVnKBQO2xk1oEL0XH@yryj5A z9-8TLyp?*QrpLIzmZ7O{*09=zB<MiS7@sXaS^5|vHpYZEAx6!^+S<rKa0>&$?W4Yo z2s0KeNTr&Vrs-EBT4SJd27FyBb{@mUqg>?R_ta3@kVbvbu|0vND03j$K6b2zj<*`8 zUPL9ot`?K3sM`)8V6@&g+HCkJca`oG)wqr$PW1Otq)^&YLhGwEWKWnQ2h(g6^y8^y zr7Uo_mX2M;!9E|pCmJdR$W}8$aRb_ALWVh9V;NH@f7Yg1q^vB$2)&$}lH%(f+Q0Cf zxIkl^<L%VlH6JhB66bg+b!V+BCB^RyHHw<UK@UXFYGB4Q<k&-1t)GbT$H_qz@O0=y zgcmqLsroK2p(%5NIZRK)1*gnqE0mlOTrZ1ELcKf$92%P^zk40WQ~$7H$iiK5p_Q`& zB`Gc(l=CIxJkIeR45jW{{%2XZ%d~09*t=PX>+il}LW$)5@SL$5tnXFwJ!R~@*7q9u zzG>_?t?zpI9zM3g`d%&H1IONDeSclPdyl<OzPmwx9p7z>OE{`*Utw@%348d7<TS2& z%WNqOPMAxbep`{X2^am?oQ1eIXUmUAe)9M+XIDh4dx@~~Q#?*a%?~d;8t3qHeO_GZ z_L`4~x+BLmC$+IQMx2o|+jVac8u~-;l8#%;-KDxH!=()Nnw$IgQw0W2^t>yZgZ{Uc zM;8uj^j!+LfRbU2{tW#_CY#NZv^ZIqeY3?<R|$)o<R?70ZON?AK6O|O=T~fZg<`|E zhPDRuc;A?S9_t&H#Y&Z{nGWhWF8ze+)Fg&~_JXjtNq)k8UywL&lAmyo7bMo3<i}h` z?a|+2-j$Vch3uML(S&B~N31ECP5y4w3f-Qfqrkp@rq{nqsR<5koxll~uLqIi+Nl$q za2J}27QGRiI2U^sUrj9u=Iq%qv1C1D#AdjmO`Iqb>ZKH_k7$qM<&>NQEBc3W4v1nE z%nD|l$8jYG!tdzm!cMF;tKP??GN^4yNp9PWrowQ4B+D^ia>Rwt#X6TOnTsggs@ys< zc3vpc;wqM7V1g4%xL9i2U#zlOG-4KVh^WBk(vF`M>XU;oTrnhWCO(bwUrr6789_}- z6%fA8T!)SblXs1!^|>Yf{>D(F<o;DFq%|tX0D&*dC_1f4|5^uTsw1JZ%#RQKW?4)? zo{pCQ_sE;9G@s2vCX4AD7b|j8cjp%@zb&<w95Pdz8<G?6Lx-8_QwP0tGY^j0&J<RZ z?}osrHeZre#a}XPw=ZFm&o#+^L2mhxuq(IxA7Mvs`B4_}!fdEpATE|U@^Bx$@l{bY zspa%tyaxNBu&O*)jR7Pn(^>uWpW+s9Yx;fd=&D_<4!>G{sc|M(?L|zpHx1$>E^c5E z4rM2PqcG<mqE`s<Bz-!DYC)M{zRds{?I?(G4WwKXK*c;%(&QJ?)}VOYAyGco;fNel zy*bHYj>~@|2PM4q0>Y$Zl<$io$J1P*S~b!j=fnk0sIe3;NpivLgT6}?aqETzCDVqC zQE@Ckk}C_O(!T>HwsN`-M>zG+zx%vsqa~J8quP)WC4L9s*Gfam9&ObqHIsLBU}=Jb zb0*Ug$GT&_+27Y^>|il^kG)ikZez8y??(A!^t+DB+66gxyma+9WX60AO<J`WQ?A}- z%9myVZJCRtSb3ay&^sOLi<+3Px6no{Z17EpmOa_T`GeeY=fnbCr_&SK&-&O)<j5$h z4t1)D&!82~VAUD^LM;>7{ynzPcYS$uf&LU;@E|J-J^5@@xK6cxS?AzuZ$P)cY^2&& zXT!*qaxb0#X~r4}KtG?(bl`G%)mWgrBjyoWYLtFNp^y@rvQ^m7r7IS=TwXOv`GZEo zGoSVb?Tp|Bp~E}6i6@Rd@pWf1G?3|X2Crw+-lhHvKuF%j1=;sEmS38d7TQ}F?$_pE zA(V?Nxj4>v0tb$|($eNLJv)XQNp>?m<o2;i{djl(i(tjd(XCTXN@h=feSQi@TWlp9 zyx8#Y9{yWaR`_k@zWEeB+PblPEBW=XBQ0$lJk9bQQ=E-D`cjnN9gtCmUJY5Cb)Ism zs=Iq7?@De<;q=h^IY+E@?}y>|TZG;6S%r#Sn19{>H{k%5hosDC^>b@0JToJ7yu0rL zRx0%bJ;ua^wbgufQ%5(mS6dD$J;Z%K^h;f-FL9D+LR+`?ijm%0eu2?ZT1uId&soav z<j&t*rw$5AK(98*QDngzMv)FIW9=q4Q1|1qy_3?n&25<7lDvz_*}3E*8UTfbtLPuK z-CTPM^T?~v(zd&5Z*FiFI<`1=aW2<Lk3Q;Y5SwLD+Lc0}A@2M6(15}~p^({{Rk&FW zDJu-B6U!)k<NznD^-jKlp-?k>zz)lThdEp2HtgP{WQxmw+%Wz=Y<pU6T4+Cq+r2{N zWgHRJi#3#P@v83FBf@&s)o9hWI960&{>C00q;1S*0XoVWmtU32Dh9IY17y?9au5u8 zC0feew9RrLlbLe^A0?>e3IT76+MSeJ@ZyvY(w=*cR!Ljx4qvbOt-kKZ_H34=FX6fQ z(j}v(CWVH-HQC?N)+a-9ZL_iPPRzBqB{$RB1#i9JWgbb+Y))=YJ?8KB!c-`Sd)9yI z=XMxQlJD6ZRLdETy&1eg0+>@IeY&{PEGZVh_bxfddys%!sW&W#;U$-H4Ag#domv-{ zuR9sQ>8k(oLp*K;b)V#JqZE^+-GP%$@!!~lj^}b(wFj;PV?`)(JkC>xS$8>5cQjkQ z#LYjJf?<=0iLRx;Hz~~}31J7a^RO9|^TAlfnu}&gXR|M*RMdpPc5Xdsj+{^R2U*MS zA6_0eCne?y!twQye$@Ld$`7qGzw6L{KtSha4XG`LD5HpLi^810^cz9b6R@*R-!bZo zQW4B5+7=WQ$!)2xEgoLpG?U|k52t3vUA!fYTMG{Cu>8njC+scZn_7of^zSA6|2!uy zbU27akNF)OVxZ2%LNH6ptV6mc8}SITBanO+qvZZIggIA)NzYg!5n?3HF8CrShh`s4 zeb09u&gkqnejtIyrM~Ac&ZpI29@r%^5ADY?J7uhr2&X9TJEr6jUtfbP*kvcj+)1~` zi1wjOUgcb;I5=?92QA!+_g)Im7i-|KTjnWR7;@CtT9M8?K4@Ga``&V(&gY-w>(DEd zu}~qQ*nm~|OR;(eD>KsZ_21+}wRx42tmBIS7fFCbIahxU3nJVk+<l+On)*0Nwj4gh zu%|H=5+kP_-N0dhG%-Xx<en?psGddZJ36%8!!X!Eb<aVrz7Tql!}q<saVVsm6q`kw z#F8e6zC8_Oe8M>GOoV69ba$p%c7<Bz*Q94CVu@DeKO9bJ46{PTrl3&I=Waxc>>A0T zEo{djy=S|K^!F)l$TTYsvVybzMJSkQbq%9NM{#13vi@~SIlcC`G^$rL`70tvuMNbC zj(fOB{7Sz`pJE{SN{zG%-=R1;l>ugA^37~AGGBk;A1WZ<AW~!T@ACDZ$+sR2Eh{(Z zFR_khtNzJ0rp}h5Blz#D|B0^%GxzevIdB|m^}5lJ>E$CgZ(7RF!d;wl9X^j`MZ-LC zT!le7S<^kRC6U5C+}<jsTqKi)(i3D!SV8FIuw^7mYvU*Jq1VcGIinf(Umqm`XJcik z_ay2&cId^|@53RtVZimF3s_kf%5RlZyl1clGft{ZU*l)aTLPcmyx38G^R1!D&eX{+ z|2PU-tuFAHyS9Jm<$d9X>}cn)eS>E`n{l$c|1uaD+&?^^;g+U$mj|ESh6fyD#j(&S z8)kD|q1&8nMRMdE3Et|ID+&0W?qVMkY{@}Uwoqrc1m2Gd&OQ=fPmfd^#?rLeEsZCf z<u{`kljo$qyEr=Zu7mEh@`d-*H?es$^=%Gtqv*K9nR<uIpZbF0`GmXn!qD!0A0K;j zun&H-9ZvsXVe0zuMGcdil>L(ix8kJuy#qF(;tEZ2%7r$HVrY^pIK_pKIXsr`CZ~c^ zJiQ&irj9@uvS^6g8!80bCC6{!e+s`Yep9Eo{BzeKuC+PwCmYxDB0{{pZbiJt7P^;} zSoekDr+a_(uB4msY)1Ef;j0u<0%Emc6*~F;wM1;+hYf2K-`x|a%Y(7Oj3m~)H@7ja z@G0(_)~c%1=wgO?two{O??OH*)zUPr@lWxNthnc78YXud`(2c~@?z5N?s2J44$3tg z1COkgBsJ(_dopXhfsmC@w`{!T?;e=zJgICreXGsymE2n$*Y>8eYO9vZOl&72GORCZ zE<B><p+2JT!*(`gpZC$UhO9(Jc!%9D1ugfA#I-5Z)EL2C><lb&C92%9xlUq4zf$aj zV<moS1Y*+~-e{T&eVXR1&K${=WDB<>vdKY0X)mgzOyO)oS<AUJ5F@@43}2g7<~y3` zQ23?W(kW&;)DFQ3Q~<sm<<3&gt%k=EpxUPndK`oX$@AM5C$tAMlM*rfpMfc^HkNj- zbhgC^W1$HN9J3nQZY_zPHVq93r85>6x+9?=`JJ%Cv1L3fN{)xNmTghFcukVzV)Q?= z<<?-DE12eFPyH?aBjwJ}3DtsX{A;{pSzM{4sL2d<zTEhG=pj<A;X7J2g}{u~)X$cT z54}9>wZ=nn4EUx8vRc{#Yd>PPr>$W_D@HH@^An1&wAN<%^f-6a>Ac8CjI`7y`FDqA zplB^IvT>tfYFseO8BBLI+`@}1nC=Xed_P0&_V~^BMPJrU7{6}k$;LHXNUF6{#&a6t zQm0ZevgC)yULWjng|?baPFjUrQ?CTU-A-(rm%c~n55uNWqFvbdVSMQ2P9@rr(9~8M zGm}ye%e7&lLBX5^`ke81&w#O`TPfx;d0}Yu)A)N*d86oQJnp0nYzZ8{d2wv{&4n@` zSL94Ba{0#_<r^2CTqL=%r6D^?6>uA*fV)D9i~iw3fkq0rh~tABB!adwZmJ7vK?=L6 z&d^=1;4<bs6NbGSmD4JHkodbF1zT1<vv|7AIhB*YnW0gIY*A?Tk%j>$f*b;HoAN(9 zAz0`NPIgL(GTFs%YN5+tur9kBrN{+Riga@Z+T67R>Q-DJrO0cx@}Yl2#)gd0Yhkx? zOK6zdsqk2%n8w=5=W_4>l4-~o(He9Gv!hxm-)6AMJt{b^HJCA?McvRsyKEE^jBk*m z2`S63V*YJPRB&=@!>nYE5J+e|>6}9Cfkoh?iqf2;Z0(4zuahYITgBOOKsc#W+bfil zQlY#`wc(4k<lQ?`p-fQ~igGzc*i<OUdx<J+m$;xR<*lC{Jtsvde%b@fInoe!IJ8Ve zDZ7SApUM2X%$g0c##)7QtTO;Zh*cHNuS&b3Zr>+TIHxGFzA9qHjmS6I9G5v8OtDU} zi8V7J=m=)?Yo#%6SMbD5ssPAwQ6xEHq^JorUKsdOGZi%2nLCNDW`4nno`F}}_I(`4 zY2kJk)GqLHTk_F;A4)adOO<<X(Jsh!hEgw^(Q?^I&Y9>D*qX@1Wa|DJJ$1kTuFxey z_%t|gf%BICws2hFKUfzW@!5>e>rJ2CJGi}7(~OTk`bOrqLi-8F9P#ch%?N!o-O$3& z<OHq{9iJd$UVjN*qL>_?5K5rP34GSZ%Ix(@@j}ZtWL%abJio?LYC8QPLm#s;LMc{U zdbe>A$GvM1KI;;~f0fea)SREaAtSl%vRB#EZV-lOxx0vRbJxWBU6h+SM?!hWouMAX zX!jg8^^fenk~Ym8X3N&dUf|Fz&eU66{#oQDm4jAX5qeEBIJXdvLK}m#Ke}wz+KeD@ zGTxso+ev1-2KNkKL+&xq)~hPfz#iQHWIR6nJwXC>@MNdiP-r0>SLjY>aG8?;Lw8ES z5Wj|jcM2p+GjDMPL6{~8!D%j&uQ`Th_B`2$R<1=$S6o)NqNnEXsZ@_#^GWyAP((>v zyDwjxA&mx5dPNkp`+rEAtKl~Wt5cd(qiEm9-M>ab#sEjpV2@z-d6MZV3;oTGy^^o7 z8bP)`66)QsEGl?Y{VxASsh3DSi@0fPsm20}KQ9+6DOQ87hH=h_l1t(3qVDC0Upfl| z^iSvvt8Sh#ey%T(A*pSNJ-3F(9p&Uu-`Dc>@BWBU$k2X$!sRkUJYu74y;w9vIvujG zG6qU0^MnCZyFEPm%|Da|{K^5G&!H+0HAeZE^s0KvY8`G0U>1pMLI_=s&fmfHQxybh zgl_aVkI+vvM>*r*A<Y*j#28>qfWlU;j#wu_tZ2<w^IrB|q%5Wh{~q%B`rib}=(#_8 z@FMyVvG;Q8xGeKe{w+iIEc|CQHdsIMFEsI=8l`@d_~i;eHD7dyE*TdUT&e#VX6Re* z#4tx<`x1!mY3K3K3!pL{V2-{vj5LOuV~vqg$BuO~heW@#=S1+Sp^#tu(3Skwo!~hB zx)V|UBr2g}dujFiuh5r45ss4d*`0#=3w=n$acDf@sKZ&$lN(Kp#W-<H8<Pyuqm~Qn zq-(Y2Au@g__Gm^oXI=anIaX26rUM^JtKf|Oti*=;0dT<ZnkN+7HnLl=!ObTpj?+LA z&vU^CPucohYdA^3gAFI0;~siQNlOu6{-b^jK2tIi;=eu)xd-br_*_>n@#E0M`UT|S zbv;8W)?80^ya%I6!FmZS6zkX#Sjv%Neb#wKuAOmYZO%XBwD|JqhRh?L@MIQsdi3@0 zka~=vjt(_Qn8S8EauO)3Q+LLH{ZR;mTc3tKz2EMP;Ls2aw6K2p7fyDgwkbx!7neun z8b}`fFD&n|a2mjol?~-F4LL_-w^@S_;%cm?L@uUp&gYl-swv1>cwilYimivit0SIJ zy(DEwLwv?M0ukI*poLV>p$1VTM`OxUBA{TsC|CUYKDY;-m-uVOjhO8;WnD~!==RJb zy*d!y;}DNRDk^^cYkaiT3;i}l_mFgv$1sCECfYwZ{+VP(Is+#Wbt8L66f@DmrzCzx zGMk9g+mxODqrqs*{8S~$`1(=_M-h!S`Se}IQBt0ua@X(dfSjuMkeC_VFr1R2!i!&h zoY9g)SK=P(z3u{o%e8s&BSXD|8S$eI^~QmLQd9s{Mn7K^Wi@i4N(eNr{$=81Y8Ur- ze%*~1E(}nb6lxGb1RfP#(}pSCXsFNPgZt)cQ$pVo*EW?@>&{QF`>Y376Dw(L*LtNH ziopRu#>=Ybg-9FQ5;=!vzd>afr}8w^UxPg(x{9umOCrfUPVp-kQA$?aQ@4J!vXh{P zshDtMTKsA`<mr$b7b9bk<>Tx360sDCQV#Z!C<z~dN5%gsQJN6?mU1=HGX9zK)6+SU zvWLHKKt(IMyw`2>gZ<Ld0xHhYrZGR5ke0Se>C8!q-&1EFzuU=OAtixG{BBit!iOz> zH%t7|a8VIjE+`GBL`3pw*73HsIg&hMjJObqsHX(e@v4dn=aoqu9NVK*eldQDfn&Q7 zgU2ZLYF<n}nx9`fqZgf;hGy25OlxQmy2BbdoOExCC)CI#kaBX3nQ>VG6u;&>NV`2b zLtBS!_cW}zK|FVrfqij~rzBNV-@R*hIL_ErZfHI>vy6;w#NNozDvf&}gYeCS(I8%@ zu|}=!DJibnk}QQ`(pw2L@TlZMbV0IANBV*1#ZL2A1fEwozH7^4=A@_`%GNK>e@oq{ zCLCw-8cYh`Z06osd~zM3nJ-j%pT?N5(!jb=7pcDU5IsTpAAl(Ie!K?UY6>YXq!<~d zl&I)7S_#R&o1^aussm^eN_R?iJx3}HV?y&{{lG7jU%e62yz|HGyi$?xXuoD?u>MOB zIEmuB?RZ9&K3M#-0Bo0W_0WKhR}b}Uzk29JkA4-ii0X&{$5D0lP+t+NaY4oK7NNp! z!-L_z`i<>D=r^fAySjzw-R-m(q;{+osxrW<OWamtZN}{a{clg$<Md-h)#2)-i}Y98 z5scfH^7xj>>^bc{O1+(OkJ5IJK1&v0$(eNAqZG@u^Yy~Z9@ZzZ3awAIs&oB4O>HAq zGW9BRt^M_dgb~U)$f<i%+C%Ruf}j7^jNp9|lC^|JS~s+U7>}S}F36|7qu(ZrqF!SM z{|^6o`e!VoG?Fp2BlL&xE$WibRuoufW?q3Ue1dp^!5Q^%ca9jwPht2qbq7nxsTw)P zJaYrdROjY`PlhQu%19ky<cdYg1K^FWlH7;J-7SVH4bbm}4r-_`j_|NO^yZ;GBKMBE zv;YirDW@IL(52u1%n<+1GwTvfsw)fvah(X<ZxEp07J4aso5wirfc9j_)Htq~wOwle zUyM}C;&v{In9&rzNPhv}W{%v>Yj9K`=K$^6ChHC$od$`<?GT|EO?nXn$V&Z=u*k(s z9b+%D8Wz%%zlSwlSjK1&a<9OoIM<H!eln61K93J)LwX`kSW#bS3_%5oxsW3&GG8vM z4dV4{+BuSuXJe6pb@A5#y*IA*H3Z-OsS+O}Yh5frh<_m?${A=%W2#7vcv~}js?982 z2h|`ih_Anq0zY5Bf`P!o=j7G^+F!om`FbC*kX^i&=Ih;gXE{Q?xd1~y{!IdI8dNCj z9J;X>F|>7E+K?f4jfsw5qZ7S+eLo0zR)k(L-W8!OyxR#qaT-D_+4+GYbdQZtz(#0E zCqfHOAta3wu7%=Gi_9bCF&>$M)Gw#>R9zjPEOIAlW-~**qIqRf+Z5;0^Fy)gvd11- z>k9Rbe>y5X*gM=C8IC=|d1#M3M08Yqc1}!P(Y$<*ES3+u0~4Glm-Y(v=3_oLD#b>J zd&ydAJRD#>Hb*#F=YgfKk>c2xSlt;#qdaCkT{_x!vZh9+X-OQFBotSl`ufQIu?eFF zs#_<SpN^49Z}$Jn5?7VIoAtL=NvYQ?*VzstbeY8F^o8D_*^io|nH_#vA|C%VH)8F6 zO(KDEu8?icYh@8d;CR%^%c=F3yOUo}nau@gFHJ{a)ADV1;?{2gn|;SQ38~6UjeFFb zDBs1QI`L0n@oT))lJsh2x%8nz-t`4Pk!;0ev^q1-I`>Y7NJrx=S5C`SYb=1}aDnFX zsE(n<*9%hk*GeqXGqP%oH;l~NalK_eo9z>OZt)LgQ$zyqammbnnit6)W>@xBu9HpR z{Lt-UI`)Pq@;(b2xdxppX7?W2`_A4E_wMhx%YWq9r=e!Kd=`w1AqmGmaO|z=oeJI( zS515>xQn|_8HU5fc|$legEtp%amU`~VClED(95BHp|>QQIb2v9xV)NCAvyb!lqGc# z`T5+xuxivF|H%9@%g#RdHYw4bEfXVM+1z~28VemxxnzS30*uPdmD@Q=@8@QSQdvyG zTIW(#(fC}!v4RrrV-)LwmZkn4J7UC2iWlyrU3qCJhf_TgCUK9mD=l@m|7c(r8k0Dz zkz0ThS45?8jrb<P=c23lHIGA_=I@$EFlFI-z08mXXSbxxc9Tf4oMsrzbcb$`JCY^& zhU7APnMfLvIt|X>g3H1Jznl3D?um(Ca}O3P$Co!HzdrNWG3eKPts&!P*I12i(~=AH zUG(5X+tAnnJJ?Vo#iK``FJ&rL-FIjrBZk~LsZ^@aBPq;Ht+@$;Y<@pt6y|aW31LZ3 z?R`QH-5@f_mD_<qQ0v&<4DDnLDs{JUIN`C(I0@Q!Rm$uE@oS#IOKQ%5_<Lk0hj9nF z-RGeV;=X%jrosMUVV^<C?k4+v^&Z0h5prqyj#y!zWsKpAC?VeK90Lx8XN^3F>D0x{ z+_rOPrQxNyxp3rn=H`ZD4MqeJ$-0fEFBNybamXKj^`FxhlSQD13RTiDiP%g&GEygz zGqO4)l{8KAS*FK;%14yKY8YfN{!%mD@oU~8hPj-0nJBGXNjKdGD$~x$oHTfYbXEdI z+PE45l}5x?$Q(WN48B*64YV{Z8AUP~iP~2`LU|Wz<zDDN?&zkZvO`JbZq{COOjl-? zqiGwQ@I6Un*%q+yE~&x@qy-64RktUh5h7PBgfB-pEHvRxX-=#}IR20Htqk1A-KouR zeeB(fk6wm%y`h!B!WUVhgqT@$wDpk)g^<?~Uw4t^e5pt%dx&jZN@hP<37V^{wl{d2 z7++J3Xnp-kV^^3_JWEBA)2z>x`DOo5UfcXb6gTEA_C{#>P?%tUNmqNWrcH}v^iB7Z z^^Dwp9Knv3g)~g|=c~NV!k)QSHorj-!y|3kygYj5W@Q<ph^YMgnkX&#cL%1*zfudU z{M!!=>8A2;zexUdOa4tz`8O_-fBRYa_a~CXV^*~_v(#zHNPFJxg`#xMyFWf~N*c4& z#aGtgyxCLEuyt^SO5p+t5_OW?OGuQ7=ZS)0%Q{ktE(xBi?~;*kv^?zRMouz^VjlG# zkTTmA6Ove8!hs-CBdgBQ#8gsopeS_$O3h+KR`L7*1XdYu>qi!()ryMQG{QfCqt-+z zT5#ncwY+;pBX%@+KWb0@22#3x*Akqo<S)Kcl7EOwel)RT+V@p86w?}~?zfXByexuW zMJD7ZVEy0*=qz^W2b3A7zoE<o{S{><>f4mrPydaWH|kHRPq+S4We(9FRpwCrA!S~p ze@mH3dV?}Y>h;PTps!HoDBZ8jG5R9Rz_zru#cBHO$|^&@Rhe1(bY*7iw<y!2k5guz zK3bVG^%2UPrC+Vgx%#EbEYUAgW~qL@GAr~R%B<F-mFd$zyGLTWRR6m&m+K#53JdB4 zaQ%STKD`Eo)Ay>^weq@My{?zn=hUkd%K8)P^?rGMRJ}eRuisOz56bI3>UE>Mu2HX# z$m=ro`k1^{@*3E7jnyJH62*5zC^j`lo$X0EFc}oiadW1|j2XcyEo@Sh&0<!ar70U$ zzKBgHA}hHXEHx&>^b=!HNl1;!GHpJ+ThUESjmb7`{$$wnOO5fEHm?~r1GwhVw0YjJ zai_-2G;MyOY!(kmy<wKJVMt$WEN*CRuy{IO&MWQ4tZwRwB^T@aH?f?p@0?(g(d8}X zlP)jo*SLo>A@x(gb8Wxy+o3(9F7i3YP4!cQ`#xURdu@+#6Grd$Ii~tQ<?6SDwf*#a zh0LXeL09N-_$h1a3uPm#E7j&Qeq=&(lD00o2ffU|OHuJZaSq|$J7&jswPDY0*>$nX zX?s-sX6KOFkGZ;Ro7>vWpk^~@{?K?)Y$c@3j`N>y1|+%EijS*feC}lu!-&uC#jA7e z!0^kQJ;kYJ^13&$B9R3E{`hr0*1FQh5v74dDcryP(>0a*({mF2AB*Scwf%@~Nc?b_ zVrE>qXYH)mwwZ^PqNQsG>UR^AC4$vP>rO3JN8Y<5{FMq;MBaygVDXn^$-6)D-n%Y# zZ8S388j*2-{aRZ9jh2k<JDzB`I%(><j=jW4s>Z=x(W9gM!x8Egql=^bm-k?8ccY## zIz8IoAItMb7d!k3%<ctVa`rgrXXO(MsyAG`Wp7hpOVrk5FHsn2zJBYXNh`?wl?1}m zfnzU88`Ag4{16U8|5a?a3;o|h|M@^;ba<`B6X{<dT}iqJGHcSv&YJD1C&?@=@vEgV zx$3yITWi>WcfT}=eSHh^IkrFWL44}TIYk^RS2X)jcjA0(hl)-g&dm?}*}<NjnyWv3 zv~9?@4nCc(Z3yl7wYUZjIcvCm&*9j~DL*Ywu|#}G!x3@ETq>rEpOL^!;4%?!Hx8Lz zJ27hAglOolofsY1?g;Eq)L&_*j$XFoDy*o$_UOQlXyM_9?N}QOoWS-d;c!QkxUOw? zg~mICxf9p|JPSMlJO*q89soiacOML9+;b39$J8-D!u$xc8M7Jl2<8#Y7R(k*Rt4PC z+TfH4OwG~kXfeeRYLiH}0<LG$wE+NmeooP@ts5l9_ID%prj6uFyF?I&h1=k}o|)K` zRx=TXL=vIb=bt{>O1O2;5=z^#w~%xauh6p6<hYS0tXdsXzXo2w5abQ_^ZqQ*1gx9j zxNPs*iH^X>N_w9t>HW8jwD4x)MAGWx=)fl`71r7?H`wrq0Wmbw>|;mZ6G_?l)%j#q zn-6G@grPA&29OQp0keP-U<rV%2O#SKnEf#OVJ2cGVkThHt-L!9lMdtEE=(7u6O(I~ z?P+7kXan>f03HK=BebownczSIwzN>+#MYJ$#0?z7u0z^cnGN&o%G*$zDri~HV-&Q9 z8zxXhwwJUFHki$s`|gnDRzL2(=_lRAJ-4uUU-NZOPiJZVrwpnMdnwCk<I<wCT2HF` z(y5K}3d_$anxqGwNb%Hf#&plLX{D}Tx1Wh;w0yS(={A=HnR}*bmN6uWZGB*0liWX4 z9mkpb>}$*$GBWVlNuM+I?~8{wj9lC>>z4_ko*dp5_z$P%e?=WF&uQfPyUZT^N=h&J zXyzmQM9DoeV=UbmT5ww->pYh3WWGUrR+VzegvTyVSMpB%$(lAg=B52)*<5u(TXmv- z6FNgDWVXT~8o}sirNrSZMvB_dRc&_+XuG3d+Z{voJ|-f&RA%HC<c2<!odwCS%dYUY zy)28PPyb=)aHx?39#i2;x$eTft?dI+4k5{8Z|TpG%QXGE^E3@s<<66eA+G7u+I&M2 z^(R#mGH&)u>_{}nh0LV-YZW|FFRhS;bmvPOI+7yNeD0JYrf>GM7U)}<$CouAfw2$L znPAa%d_DUawbBhy?6K|hh-wDQ39VNnDf5KZH8^oXtMsuGvGwS^ps~X_#3%Nfg-qL< z9=+vJWjR+_ZZs|5H!L%h<s+u$t5~wFnJ*gtiKW*V<URV+%KkCzH^~ppmZ>S12%2xA zM^7Y7He~a~O*P&4U_`BjwfEPsH)N>lLiBIQX_;0oCz>+->uLJ~#AA<g3ZlRJsvJgM z-C8(hlkf%IB#*vL0t4l8IaIopmjRoEKO8x@{YR!FYbslnd)o~XP5mCzo-D(^>J1Bm z>`W!~%nkzMzA{$(>hghs<IyX*oYmn^+~i@;M|h|*g1ywo#d`Jw?IXBq?ZF%0QH=w} z#?T$6G=|Dx`_CEHWo5-|Sy}O(wX))TeA-u5e6QVSIM-UOKZ+IG+t(6FwM;#6pS)$V zOx@QrRNET(xVzlE;NU6+Ye~3dL|L?*z~G6wXf#i>p_#M6t6+lTnq`#@cV;;C`@aD- zc75vOmdT6Kug(`i9gV4@Q5u!cCZ8Vqwim$DANwtnxSal7-dF!IuZ0E*Lr%uba1)~% z|LR+y{2Wo?<N!oS+wOvTN>1borL~qb3oiFS8JAPZRaJVW^(7Nhw%e-8Ij&7Ei(<cK z8Ygz~W?Wun>`m)%JrvtYpP*}K?EhvZIoXcH`vZ-_+3b5*GEmQD$WJv2jfsx~-%{x= zD^n=}q+Q5<nB*<<gVEtPLNCiswqR6x`h*GdNj%47|HsK&*y*qjXT66IGMnMQG}@qy zK8K90U;d-RGF^LH)Si5)DrkEb<m<zj{!@e3o=vhjF>sRnakNf4T~Yp?fs@hx0Y}p^ zxbv9A)j%ze;`Hrf+wsE;lW#!29+r1zlb%F3SnS%v7>qDRa`N?wxSl$bRJfg~B#n$3 zSD>#TvW2L)k!O^iXNjKgU|S7UqRf0;tY?Zu-0XkHj7&>PIn`+@X#faJB}KR684_K` z6b0RYvzeB>PvT>nBw}ZXOW#e&E9;LqaP~)#GFf1ala*Oy;#O8J<-@g_2vTA(GJ*)2 z4&Y+}-@wOQzKf)1AH7PQ6?=?Ddu#z@**Is=PH<ZNG^*gpU=T$|$_;CzJ2y2jHZOUc zc9Q*&O9*e1e5mm|W459?pMeMKSmm}pSw?y+VCNE^qy2A3Mu}bvDuVg>tc_tsig8{G z<4W0hAtlw4m|luH_eejS-!P+jIx{3kJk#3xcobD%gG_Olv&pL$%23FT7zsvd)A0LB z@yv_1KcYa0T(sR^FJ&mr6dxBzE6xv%#hbcnd$Mx8REYeE3k5Hfd+Ft(ZD~q%x@a30 zskL&;qq%eYww_yA^lja?eeXOHTaF0kw(WZL-hSKm;|EDcw3I=enerOBZ95=A7`JUl zo40Kb+s(d%`Znvj?N^#ahnSRZ4Nozy+dedwDu|WDXMf#x9~R`xk;gAFiQ9hP_O%l3 zY$l2Ng)foCQLVJ6;zB2s)$CS1uRYup?%nPw_ih^r-YvBCa+#-!T)d6qm=i@TQ<L6% zV(N*-Y)p_Tpy(i%fT?9f#<zpD?`R>Tc#ALAUuT4i0!WPkurlp7K8;>;K5YpZ+5Gwf z$&E6l6kjjHDWremuLxW2^Im)-9q@QU>RFJRuRl|!#H8N^4P%~1_wgDsr+bX4AXPcy zYXoBu*QoKe@=M!8|09D#gs!HK&>q5Vk#lAbE#iGG8`~u|Z0HhQQ#c5r9j8C<4LNbs zatrcNYeuniSrN^-M21%5F_D3T`1(2GCC5d_{P|#1_*YiexHG;!0~gk+uOYq+M8|)< z2veffRH~wNXe!@Izh(BxYV}e=ELUx_#P)fcxJV8zkCn_*>ZHv<St92V5uTAd)wbgv z;;f$_J~Ahm{5w5~u-XR~M@9%SV-w0@Abvl>=Q_7NA&nXT0|<obB$)F`a79ya#T)GI zi(gX&vCs{2e^Wz_&YHJ3Lzl?(40Y|CzzRLeKT{4)k_L+mwN6%6nOqRGBl8WBYT%@5 z%k0;O{gTKw7fwh$w(_=BC!1x&H@6|<Msr~QI{jh^W*hauD08;v+5!gQ543UVnVbdB z!4$HUlU<~TWJQ!me^AO+(CsrhvKV5;K{mDd_BS|hltKK1dM(l?tD$@cJCK9fyF#;H zVe{Z663~EL!Qh2;JW^=kJU2MIDSTV#68TJ7@rFN9%KvsO#gA_cs-b^Cg{<yJf}LTY zcp^wFh@jAK(r2^hlA53?+%vG^K$|Znl(Q#Dv<~X&Qgnnen;N{*$}`ez`Fu$;TW5^d zX$|xchVA5HLPz7pyLvVj9x4Z`-L{)$n}@BTQ$38;o{Q*UNS6b8M$ce|>KeSVojx?W zc0Qe%*%GpxmEO58GeUK<vRdiO=w8*ANeFp{P7is8OxGFohOX<Bu8efhn7y3g;c%Ka z2*f<A-0YWm8Zw4BjZ?_M8Y=xV>5;YhMhBJ;xrP%aQ+-3OS$r)$vQXSFgV{sagAx~5 z{!98~7aD!Cj9<F+Ndz5|mm*%m&j{Nk#&PCmr!09(Nr+w%qe9D^!UMC))8azY<5H%% z{4uJVwl#O!b7|Ch;hyFTMA+@%3XXRM7skz)=9yVIyYM!8Uu}DgikCypWNMAE`H%G9 z-j0mPKmIsrF;E(EnU4P&{jK#KS49`|P1)1ooHEpRKZ>5RBGDH|Co6jSE`EpH#fj`6 z<*pk@Q=wsHRNz-K;~ll~Lb=W${%P(9@#sS(_i$P|o30Z=_wK|U2aYcr7if}M-<WlS zCWd#^ow$}m*K+zrhgm2*%<sUG+)dYN{ba(F>6$g;)XR|gds29z^18b2L=ssjGqDFG z!z0&q8?)5cYs^e#<r1sGxKY?}_(`B8!G8hh{@x19IcBEcIZ=Z6g|I_4Li^+OW6ah* zy*vJyxG6^)ojzCm3%dh{lEN2ra3SIOu3xvi?oe^v@&4Fz{lg)5pmA4fPGW6;n0BRP zw$@zfcc#9)crc&Nz={NojU$=;ratD9P5%j+PqyMqMNOt;Il#|nCpx%RvsI!Vq6^S= z*JGTg@>rCAY@jLH*L@X}BkcBA(w$fiOYyfZzCs@r;#kYfeo;F#X%_epRcl)~9vhZM z&!qd~*sd0Nvp}6R9VPZY$FbQR51M0VUbr8LuW*t&rLEeprg9%c)$QH5l$f2|;o<LA zI+Fv%!W<3v6M6+GhHQyvO|gUjQus+LJwRubjqMaSo2A9HRkh04`6kU_8fQLfz^dD< zHhGNZTEwRFaaEGn3-WUrE$z9>mm`hF6>-m`|MJ$S-7*GtMUR8)y7{hTwDmGZZWv}9 z{nwh<(eE#bj{acu4&Ju%wtaLHZT3S^{=Lb&MmPDo|4I_LCi>W0p~l-}6tH9Q^h(3H zw%fK^M^csyVMJmb;~=@A{f$j723yQ=WR`FDkTKxhzSq|5@=Y@bm%}~x7lgJpzMqia zbAPDEi*k-71H8wQcQYD!JaD*8j<kF&c{^jvtNtXXTKWfEt`4`{Cq|Utwdw;&Y5z91 z@yj_L<60T(zH!YK-zTHr_g%@!mw%O!>aD&$SRKGB7OOYH-=0%s@H~zIVpt#dxnZ=5 z(RTSvWNwe*Ce6+0K(CSfZhnLx*0T3X8qCN3A^aTRXDdv6_55Fv!1BJ)S_N<`Fafv` z7zo4yANPsY_5(YC{{|ie)&V}C1jqx@fDwQj=nXU{Mr&^XzX5&>d=FR+)Bv{vX~5M$ zZ=mG@!T{a{UI(@SPXG@CYk_JY56A$90|S9r;BI)6=ivE<`F5{p?L#2CceIuOTndZ? z(tzo}T%a1L10DpP1@-_R04+d|c>DmPf$2awupGD#_%ZMT@Fws9pe4WuFbePhuM+OI z{?Xc#!1sZ>fz`lbpahr>qyb5Q8;AowV@czOz#G6e;A!B8z<OXM@X>|vi#Zn<1q=lq zBb@EP24FQ%4a@|xfib{vU;q#YXu#j&qO~Sq5AYk{VPFGL2UGxaf$2a7a3e4fhy#xH zjMfeUdw{2b2Z7bVd>|hf2aEs`fulX5wLb%|051TK0~>+$KpjvGv=Wy;1ABnCNw;R; zB#^-OKp+Xo2Fihzz&hYz;Mc%5;C$jP&u`2$p90NMfIKgg{!apr0IPv&;C5gNFdDc5 z=nFW3qvs)WU_Y=8coKL7xDQwjR0FpI(}8ioHNXJC1$;(2ACR;Lo&_EQz75<7Y=E}) zH1AHgUbWSir)x6`(zPq+q-%#)rfb{25pgSdnN?v|M83t-6fIA4Yc%mRA4}J&v>L69 zw`JNaT)ez3QFaTpT)t|w#kkJn?M(i%@i9*;)+$c%V|Q7m)k58?ErM3AHc89Cyd1k( z>Q}>MDI2tlwMwmo_Yz#0Ma5mXsKkB|Z$*5UnQp`JDUbYCU|)=@a8U_2mDmaY9pfO} zEKsh~p|XJ3`@p+Rg+Cja2saYXT>f%+Gx!tJ3q_Gcjq)v=R4Tvo_^w8FMW?|i(r$-0 zk<LPGsCJc*(lTxF%<PhGF0>_8D&euV-Je}Prw>nLZ28sj9g(^l9&1z#YE)b+kghyq z;7@eHjX9rRiQOXJYw+vFM&3I56^vT`is8?z-2{zF^(`r@p<Sie8gwF9ZuF{@IL+f% z-iz_!2K>mcnlL1tOR(|r?pCSfR&;6<tulozZsK~oO1;4<w0~!KiwH+zV5EeEC(;$| z6gkRcd>itMd<(v&@T$Qz^tqClm+>VUrYSua%0^x@bX|1cZs*2_X!3mg)sP~^gk7d= zG+ZKjUd)$Z`oWb{wDO9CBb*42k~b?%O)_#+Bwve!CA}A8S~@CeA*F)#eYG|m*QG!z zi-(7k0>X{)J`dj#gW-U<$>QSCDld)ZP4bWtKTAi7_^u#@E!vZ63%nH-lPjy1ROXg} zI=;qR?DKZCE5^@a!mNg?WNieY2#pFwzo2-bcYIZ4Ntv&#sxrU0rmXn(3MsF0E4<$7 zQyj+Uil=m+uXtW5j<r<^cOfy8QpO9-&h#f>Cz@VMnJH<>?T`FP9=l!T8!Ju6W9L<J zF;Xc5j9OE-MV40DNhu>BPcAxMto-GW0-{-(%2Pg7mRa<?N(U-%EmE3OgCEI*QkvF4 z$&jR^>$&)|<S(HLZJ{P5=-Gv8`R3wdVw0qeL>6L>u$g(M*jO0Dl}ob16-h|!MgJxs zCE>-Q9+By(Zc?r;P|`B;qMh?1s2HwB-Yp__rDn`ZOzOFmR2jrLQ=87;RG>)9B6X)= zn~kkJ7S2>{2G}0;+ZoHknS{@-G0->Ctr}|f(!*|Nl^~+oBao#$qKDV2vQBC#jjtr_ zdfcwX9K~-kU-C>;X*ZtuF5=IqKeLgeXtO0p1IN%Yzml*e=_#fz8JLD9NKO-NFzjkb zB`H%Ro$O_Wge@+H-WhJzyJbrKAlzH!iTLSQCW*f)aEuVe-6*eo&^GdjQ3^`_sl-ll zh*5qTZ38P@p-`j368};w%VW?o>@O$YQsXUDI#!`{UCP&5utn$OiMUlOzNF<NWwJbx z^b+bhxESrH64F)tNr-vWnNsH0VrSKC61v1+o=m0XQcjD1p={KlR%!^2w;jjOVYia{ z0z#13NUbd8e<YU{sj?tK%PJ3YwL+!8nS?b<8xKEHYZ)yU(H7xCWN)<EeBk8b8fo!K z%PhigHkb>rF{DrdH&O>#rJB`-v)WEY<fcqCQ*zf#+Io4X@GP~7l!`@Anb%Io(pQng zzk+`$XJ?TsMK?N@nHI-Zx=O1|_=%LiBB@i`d<KVxUQ25<(%Q0k?<|8!Dix-a8X7V* zS_DNZCG2Tx`Tlpu+lp^4oJ$=qEfveI>(;19Mq*j~1$YrUQ;4UbVfMUbXwG!ptlT~h zU6#C2OSx;b$0Ibl#_QT$^wuaPN}$y>&QxM5S}UcZ6<>Q8Rt~iL7a4WV>(aV4@?OWV zy233`;gvvRNqd-G;hj!aMpz;*pIJg#G8CCvC0+(Gk`{`T3x<0-?S=U&Y|-e5y$8;v z6(YZOdugdioFpF_?f!@iyUIIOIGsxYPR26p&LZ;MbiSlkmE2!QJ|9o5%4Q(`G;JK^ zLN=}i*iTVdIk;u>b!LC(f}2h#Q?-0TI=3*g;CLb$`9-`)2`4<~fuEy7IWzCM;7o^~ zNk~F?%HS;*3ge)W$(KB*;z;Rjv`LC^&EtK#Dowk_6$uwAYDK(Bn`J5?o!Q^%@%-q8 z^jeH|X{3adbY4JC5?wLs&FPpCjg&V3JizE*T4v|kC0*%TnX2t1?vXx?QMX79ZSTuu zqA4?whQz0%B#rpx;VQZnDPyG-5~<Iu5_TGR;$L*KGo|s!YYMGU(ExewAPz!9diWiw zNlV%4okjXGQs0cG4<@EOVj49~#C8Gnq`g;d;s{--2RqXjsdv?XwBjLcJdwE-junE; zOUZNY^`}t|S*?Q3?SYByd{5;~xHH<_5>^GAN;%XOzv3RLFYPHJJ;AR1SaCd4`bZAS zB$ne<8RJp;P*U%U!mB0aqy(%+c1EAf2<?l*`l8%bgx-kuOjSH|rYGE<3x(6kERxSe zhYa33kCUBA2Ay#&SsP;nGFBz|PTG@;PSHvWS9%E2nwH#ewe34=u!Sr6Uv#pwJPMSw zq?c2K#0rp{QQ}Tj<)cwgOr`%*P6$#nSv?hro8&8@Dg8Dn6Z4R*JR*O2H+pmv+g*%& zEhV*-AqK8Tm5{=f@Ro(W^al-2gqD;lQ>l-vcdO*>9FGW{uFLR<yTngQF)8_{s1l|# zt<HR&>f=;7PKWa;{GE=b6_2x_6{#ss#qP|jMOWe^F;AkMDE<3UnDQ9qqg9%?)wkq# zd5oS-XN|GSRLhT{L6X*%E=9^*84)w|z$*7FQ|Jp`q&Ms)Jgenr?-O<oUt^YALc6rR z1eac*jEabFBj3rWQ)hn$cOA>`YZ(`f)LtFkq{mjQXj<`-F*A|PeC(xvE~R=Tj}>7r zb%v22MLNQdRqLdKFC$^ar?mPcu2Q!cedh)6ZIvlq;R?5cDdR9k45e1Gm(Wt*MQSgC zR5AQwKOJK){yOVYB;Tf!`z4<m?KWvq*~^2j{MySA$;XmUrG3@W@A5Al=FMI3dv;-- z8qdjaHl4gGHG$M$(mIxyPVXWNX@yA3P+BRGo_uFtkue8DHde1d<}r*Ouh>sg8YihQ z?Rgou&<NcapEUXo5$p`GPOT#aKT=mqZz`AXNbBlU_egue>M!IHvgnhHL!8~Hs?ndZ z`-_YSo_UnDt1!D7ZS9C>jKiHfZ-&1w$D85zi+Phge|DU8jFb2~Th8qA7JprFHNL7Q zb7`5+Q&Tn1TT3%{k<u2UFW|L}%tu8#oH4Q8T-|&0jO*1qKH<FcFG%du_riYtFS>ZZ zB?AY!2VZ*Gkjt;Qa_Ci854+~t;nyWyKO%YL4L5#mRLbboF=KDKIW2wM_>9a66SF4W zGC4bE%2dy^>A89A?3r13>us}U&ncQ)eEYl-@B9U&W#tPi7FAYN-%(TR^DkbqblIK% zv3$kKyR^*8c~vD|PgPl^&nqoed)_m~_+^|oTe63i;q8b!p`vy|jh8X!irQSSFTc3L zuihux-qR~8s^%%rH;&V00yX|hU)dtB+gnppRpVxAoCZo>_SD>5!$v-}+(}a=+CH_6 zsX6JBrr2$0)7+SpJhE4h^h$Seb#+DAykeQxaF-U>x)&9fc-_U=`+VL-)jqec%3V=a zT;leXdfnsQR`?ZVx7QTcEOVC;|C$=_JYU7K;XOPR-r`!XdtOx~6Ce1*hmHD`weDJf zb#+w@F5cor?)gMuQB{o>8oVx291K?xAP&M`a<3lOx|u|=*ziL;CwEdd0l?z?nyN(v zQC90NuC4Vhy1inVyTo5pR=L1k38}@x23Td4%-9rHl-;Sw_sA3cGNy5euos{1+x-jp zb}y^)*VuU-?w;gxgSx1y*5|G$Tj+(lM5o4E>#y*+tLD4s6<1V9U`R@Mx^`aGqUy2= zZ;5;8b@M7}u5!=!SI$#1ReTmln5wMx)%fT6h&=zwF{7d)r?{+A#a-e(LgHOn<#T&0 ztNaT}-L=)l^N26#C_`~Y2Z7n;b$us!wa49SB;NEqL*Bkpn69dv=N*3b@{n+Zw<HN; zJd}jLNB||K`-oBE?yr>DG0~g|hP%{TTy1a*oe^I<LmZcs**vOri}<_owEk*+C1>z= zgZQiVqiu`JYJC3Uibw)UN~!>aFY?4`WM5QO>7_)v4#mN6`y`6(d|jU+{vz?Ns`ge& zK9HF|cZqj#**qJrDI@RFYVr*lBa*S_PWZT9$;VHKCe9+%uFO};tYwL4!NSh?r<aTA zsifFf47<IIB)4TtmFa7|clf=v!i;G7bhD5l0V&lMm64%PI!SL)cYme7Rs^`D_+Oai ziF1;YVV8REtt8c|Di?VxeZ)a<l?=PYEv{MM7sOgCO_Nl9nol9-lMGueWp#T=BqXGG z^C}Hyj<9TAO;v5xe4jhNOvQ5iuwm`;$TkW+DUW-QABGPfu8pa#sajA&X;xWGsqC*@ zC^O6~R<J~vDdqIw9zCeY1Z}iiJoChGg&rr_s^=2ko#y+uZSM`d%VJ-7?zX+(V|(9V zd%xHAexL3Ao3{6%)VI?1uQ1n%46XE6RIp@(jk2+_-6BDA#A>n83C_&S%ourYNHTh- zL*1i1GrPI8uO%fFc)GE*(ydr?%`KhFqiIX4m-4v4(7I_Z7lw;J`TXiZ0`61(hSJ|O z{!Vo})h3ISIn&=7?bN@H_^Y(YUzB!se|8G1wa6c96VK|;^6&mi2Tn<US$Xt7tN~H0 z+W%OfeO8Z^f?}?Yiu^@Ko!y`1|5S}WSDP=&0TNOoe^!X{6?spPCF$qzbjCls*ha7t zw8*>h7DegGa`;uN18eHP{*AT4b)oeQci*$&-uu3J|F^#Vod>@Az5jghq3{1-<EDo< zKl11gfArXY{rD%3|MX`+f8rPa{mUnxdit4XfA#C<e)IebFK%gkY3sJ%Zr`zU*UP(K z`Q59p?b-YKzBhjV<{$RI_4Ydl{`l^DO@I3H`v?E>!C&=5ABI2r+sB_YAO8ENNB(j2 zSj+LxPPBf0vQ7JEJ4~nV5S>+r>3=)^|J&jJ)AIkK4(sXNRfqL|JN{W&qZch2Ej@b1 zB6+TH=kU1YWf_l_lXG23$#uN&cvv2r4$yC=f2X?F+LWrr?eA0RMTvE;x0*hpfspQB z;ICz1^A>-FqHzmtXrYx}T~j9GmpR2X^GY!%cyF)q(}5MYTZ${yE8z%z4Z1>8gO<<% zD)F~WXo!FDD}J=xVxPaJ1P7s4Q>NbXO8qsprd@%zq|$4C<k7qq>m1e)ijQ2sX%_p$ zuZBMjd<{Io5qBZ0#n#n*y>3+<4Kv5r>%P9aE-@yCmRWs$Jq^gDq&iRCT3T5{uN>tm zsH5FQ<ILk(i#PYsy0vxq(rBKQmX^9)-Ii8YFR8BX&@N-3!5m*Hpi5k}B-f`pTN?H= zYP~g6Z!f2RGAYtIPlq0E*~PWKbo#c78TP35vmgmO<J%yk<uGDXyudrIYALh6xtY_G zM-0!%W(b5h5jA2+M2RoaMuN~pmWUL|B4Ff<xRE--Ck;pnQbZDlXZ+MDQ)lE2kyl1w zzx*Q?ha^RFT{k3}%A+*bucNd#wyWa#6rybTl`YWP8>VS}Up8E%!L3xL{mxGAQ7IkW z_jGc<HMOIAXZr3jXLjG-$^8`@{XRFPYgYkw{@C-V;vxKgFD+gBK45q69R3IC9o;+g z|Kzxi?)LD7?oAnnyS(?{-I7!1aJFW4q+@sAlAo>}0OUEHfA_5&-8=K~@$8Q7cKSkh zPVt%DH_nUj{&U;=ew#dn&h6d^UZw55b9giF>KLA#PR~{8+8{t4E53I3*|-&Va^KR4 zk7w6(^lwkMton4V2(Z)d%wLYVufqzzvwOewXZHW+hK}y`@Fm=d_jGjcOn=XRc69IT zziIQC-5Ve2=-yc$ihkJ9y)*r(&!5@7bW6InQLf`MpAz=&Jn?#z_GGt+T?PASw(W`1 z9=GA`XJ5^4z<b<=*CKY{HOEH${!I1-VfTQ|@2l87hTpE9ulBorwcqWl{civKez%F5 zr`T6Ifp$>lQlGc7mf4U3P5Xheol$v*zsl#$m0|c=Y;&`+3(`H4hL==SXdgtGEh070 z$B8}BS&ZhYX&r5;xQ%CCz|Sb^6vhYf`;c-srgbih#@%dzi7#eQqr|7RW8}xmzn|%q zN(*gLiMG+8s)m-$2A6h0)P%B%3e(?IzmE{dmloGB3FECP(9S#6m06XVvfJT{W21$O zTwh66ab<~YQ+dh3WRyuNugq5=T=&)##};FnD=KqoHTap4aoJo5RxUt1d&R%a!P+cS zpiNe>vpKc<X_Pp1<)B^b%(F(IO-X6mcg)>8R^wIE{vrNzs!IG7UIgJaWt|l@LCq_f z?NQ=UDRGsyZH9M#F(c~P#gz*tv8?0<XP#{i?s#;z%(EDYq>U6eyczRzpBru}fsaQ* zHH1e9M{zGMneMG+LTMh-9EI#F+rKlH7HETQsh&Q6zRZv;%PFp1sA>PDQno{SYey74 zbKn{JZp(LiNePot^rNzsRIQ=u24_J{nNLYU`<;;zB~#~%P&Dm5`IguA>B_rINs48G zmZLOb8PfoZ@|a`P`Z{vxZ5eI}qC;M>&a29eplH)HQSjm#g{FLs*Tz>=)p|{Jy4o4R z&a1L$NEL@j<<r)`7`M#Q!NE?ouSzR*OlQJF&@^qc$!ngP1ktoZ5*x#VjfSS(YiUPW zHNM`^GW^E;ro~aUl5*9eMd)vKStaovAt`L8_SKerk*!3hR!eqFWirQ7zU!Sv_{k%t zc$d<7NoxO|P{!1-_PE7mRaHf)x1u_EL~dnqb!}-CxYG!^(p$r1ikXqd`)VpO7n8d+ z?MD(Do3#<K8tu2jt;~dvmuY5eHhhA^d^OlWFES!Fije|shoWd`Q%0Fg(N@(g1M@Kz z|5NQ(Nz9D`rPhxB0{!m_FFd1HOq*8ZLW$B*%XH4Dtnn@=LtSbLipz*YiBnASTrMR+ zh1cjmYM(@Bdy5yJ;$0iyB*x-FCelRIOrO8Sd^+Sh2c<Qj2er)VSZRMu;%17VV;-sj zGs076UZ!@`@bubtg?z$Hw+;*;ttX==Su@C|L}7B~^eLIy^lqgh&^Cx%4fz>tn*32@ zYp)S6iDr(s(m#ppMM)&sM%EBZtu-prYo5gXw4_&o)@HLUU=OjeYcYcf?WzS9mWOhF z5uC<EOK!DlgaJZ7!&|%1S5<A<t&MOv9rD_((YfBrl8lN4!cu!7=~g}s%Sou_UXyo= z${?FNYuRjHdE|%!ZJwgqPEK3Gx6cg3!0_8_B!nNyw?W=hMTvH^Honw5Z{hS}CUnR7 zeLj?pvFCQ_W>-}%Aim4Q*MzEhetbL|om*P9#NyB$4H@4wf0@tZLfeQAGwoir%tZMw zEu)NCb>F<w2%o=?&Z{Y|tgRq>THZKfb`p6(q#ePVBAm2;J{sZO<m;^{sR1S}Vgv*( zs|4FhXR63~a63rx*G@vaRDByt6R`~=cmE=T;aY1PMQK``jJQalB-(4%b>pYzWMogY zbn&UE?Aqcf)ar~-)#g<}#Au#8BlfB|t76T^GF2k^*bkfQzdhaWE3G1nGd5Kd714Rw zEIU=jp{!(52}M=e{4#G%1leP{WqT_Z_)4cUjg0D|@zYIvJLU0J%qwek$dtO2KxH59 zqr#EYra4~Lf-KX1Cg0grRSW&q5;LUr9kEeWil+TC;)?HD?IKn838DMNg*q{P-aH9q zdf9?fU#<3iu@y0@Qn#ZUYr3VL%JtUB?7UU;WGlW6JJFGf;$^0U|9}oz<((?DbB!uK z7(Lx9i&~T&DZYYlqXe>HVSgv_7X6=5Stct}v~hxG6s@XhLH%p!eO}c<ZzbYjK(n^A zj8@?wqxFSirdO79Od9Q_XcD=`XU0M*6ic(E<+oJAAe*QFr17C8i_Lho`FXN;nOI$| zY(x}TXr=Ns&F`&Q7V&eN*ooGdK5mk4gL7;O&|l@j<iSunP5U%TyyTA0DXt_dz>M~} z(r6Q{*1%&$woT%YGo}3x!?%$T_#N0G3@Xa`WfTIFkr+)lD-kVgRw8y`KcYYz&;=E& zwKvT=&g4z|wdCqf@tH|Wr;;*+3Q%bb$3u6JeSx;ZET2sT=&lk;sT$I>lLRuWc9DI0 zMm`-0E7x8al}nSMB6F#C9xZcm&&|rrwknv5967QEWZW_zO|XKp60fxIH770c$TB%S z(k3!8oAw8huBzph(Hu%q^`9t=zgiki>Do=y;)sxzKOLWW45U-FgH9!^X?>)IKCScK zXv#(}>!(Ou4^2^N#@r^MjrRy?Z3{IgWMr|57p<LF<CRqzoP1)pXJps1S0zUJc#o!C zAY4w(%#rtZ2t}0^s{Ml^Y01)BQ|<4MB(^ddZT7u>szNtfHb!YGb?*_e?btV9i081q zUCsAXr?2P9bh*`Km4-lDB}`jy=?AJmH(q5Z?x=F+8>@>He|Zj-FFf8F)^5?<oJYHl zvI)`7ml)=i&0A=u(j$t>bg$6}&9kVOZPGiPR&wW6wd;TuP_Z?Z7>T65W&0+&w0+Z~ zCRF%q>C{$u$NA^ar#R8HKSgJgBdd*`7x8}I{*A_tH8e!}a(QSB7-=1Cz|kcn)kRXR zcW~}=O!rmHs9Zu<NBg0QOK#bnaIo6wjhOA)bnUw~9?fnloUiYIMX6=xBViok=ky$S zpYy?hEx;3iJZmvMz!3R1?e_ecGx~vQAOna44*n?;+AF-vsNDX)MC|4|(=~StbkE>+ z{~6pKcsE^(QXCmStfJALfL@Y|;~4R0cN2`X?%bcyle2c-OJ{B;^2nN+jlJL{K3#k8 z3~mQ;b4I+Ww`xbamPS05cM;x(gmkU>Jmi7f>HMvQW@NO|Aa2R!kxvYNc6Teh3e!#I zT&%}(8)>@LSq_+%Tf#f14=?TvH1~XL@M4dLMe_mEt*h`_-#&eK)uz8L<8X%XTK{J7 z(p7j{4xC=rnwbs<Vj_aE;;_HT@Yj{w<7aTY<_t8~oBkr9Mbe?-3~pIxa2t9CH|-2= zO~}mBdC3=|^K;K9@AV;Xci~poH(lG)k35Z=;7h)>^3%rt=rypxbd&g5Zcki9ez=(Y zfSaYamfJ?`69#anjBe06vM)mO3G6oxr2OcDW;JdbfRZlUv_ZJJxud2FH}_!TaA~@* zciLx5+BoGVW|YOK*d(0lMdD*e>5L)nR-8M#ef9m71iF&Iln>IL`$hj3Gc333nCBK9 zV;ZupPBtI>6OW~<mT8f)zAf`~_NQ|{SA2_(Wm^9KH%;M1E)22qtkgmBF7+E%Z_0XN ztrs8{-f(e%Dm&varQ8%#?8KBLl5$nn9$RigSNw_@4+vc;PQ;EoYP9oB5c|P^*xvxi zce?pK-u$LHr~FJe?Q>0&W}~8Ch$&$+V5aCS!gK@GzyN@5hvHS@A^g+<!t*NAT#YGl z2>{~01`vK&`>a+pf8YGxgem+z0!Vm20tD|FK;rZ&Antzv#JwLv5%~y+T>iaJ!f78P zT=!|8e=lGEQ`Aqth|u8R^o!X3r#SrghjUsLFl+MDs(}07&)ffC2>(A<g{-S-hebPG zk5C}bUA=7eU{iEIe9w5<^r&I3`azSNd#<IetW)M=;5Tl5d$ZecKIM1SNy945G@m+4 z{B#rlY4Bfr_~64AX@7ZGfB3f3(_gts`ItrpGVSd-Z@aakx69uiaVq}4{qHs%*R<<b z8k{}&nX%q!yonigijRMdMfG*#IuQD2zlG1vyvo(D*7HD1y5|0zw*AR;ZRz#nw55bE z_+m<0OFKs%3t#Gxgrn)I&N%pwbX7M!iz#)M8&fj#kt6A<&e?`3b?HXT3ow0{Qg@HR z?2nm<$>rkOflt%5i!mR;lsa)a=0MC@n1e7|{tl0rTQCP>?mV2%X#$!y6jM$`NW^3q zUvpyKiFu@%`yw%$F@^Ca%(<*{IvYTZRC___N}MD<Nyi8ukVoY8J#=9wCk$-^wgA5Y zo&}x+o&X*LHUbX->w!98DNq5F0wus)U=}bF$OAk;Hjo8m0BOJ&U?eaUa0C4S!A}5O zfCe0COV>UEnt(TeJ-{o#7T|GUBhcL$(E&;0;rJYh4m`khZ(js=nUCm96#m4onARim z5}mM~IvO_O-h9~58BcDW<@BXYPsTsze<OT10d^g>zq@0;DXQ51$T~m)c|-?Ofm;F5 zhwlJS0dD}G0_PFYBwz}#2(bLf39W^|65!jwlfXXU??3{0*8w>|1@NzWNMfE?wZ=D% zW~8)_Ns2mY>osHc#&kt#b)wI1Ov#6%Ffr6)_;;$b^I$J&T8b&@TZbv`51fMEo6|8E z)5CrN=6=jlOcbK73}Yx}Ii?45A?8v{X$Nn_ly>k=%u38=%qq-&4o%cYOT)YavlLU> z#~UzfF}b6%4nsW#zfp?crY`KgV7Z)K<GW8|KdK9R$vYk+unysh{oK>oSD(gS3DIC* zGf*5VZ*Jft4%i4J08aqcW4s!8Tlf&XJ%Hdf0oG%@8hFio2%d%#2ws9HgZbF;+}I0V zl8Kjg8a$7QH`m0gJ`G--iMPST+t>x3u<?Y6x5dQUa~ixR6R+9CQ=Pp|@sQ61I!_W0 zH>Sil3DbJ4_{w*hiRUr#=AH(x+Qh3f@iugUC+WY@#CyWT+j1JbJtkh0iPwA@JgImj z9toHd4>zXuSn-f>lT5rc6Hm6MT91JjrSxj<Y3!>{V_%2;h6T}DDMSt$gtV50a$bJq zd*gDxFOPg@J<NR&R7DoP?_jic3+0;iz2z_5S77_T=C9G(T-*10oqHKz-op1C;*JQL z`|=Mt``_*!j@E9nxj*?4_bAxD<38^AUGfQcI@sKgP}tmO`(FF^j^6{0aQ}eKz2YC- zdtv+Dd6atwY~R<ka0iC%d%$PhSwP`w#b;zI_ZHaP-6y$A!S>zU7OlB#_$^Tm?G2mz zD-H*%JtFkh#5%NFD3mSwd%8QcS8VPN#yPZ~*}k*m9U4Kl<7c1m&|a{8$Mtb&kK4YV zz0jc@uzlZuk%QUch=0!|4poO);m;lD&_>(%eQ=ONyTbOp&F#>BY)ilD!4B<V+jrun z(6@c>;d`~sf8G#>_HEnuN0)c}UUQ{Gd)wxJ?ofvs>#+Dsy2_#b+2)>jwL?pzGPm6G z9(HJ>7)-Ig*C#u*ncs+fAN;jboyBjt4|&e1J!q51mgk)v^kXPtsX7)jN^|r3g^yIR zGDJhJQq8MNF=gn6Shqj&F3nMCPRnqR{gK=}1egg(HR%DQIW2UpNBmw7j02>JZF>?Y za3bR;nsz@;<-)(w`YpoI9zOKDrEpi63>`^zEm7?BTnt~|k*4-+K$?iwBc%xOnf!ZA zD?iNpO5iHXv7@<K{O1G1Onam(-Go6;unq<{pZH%4oW_6gpK;4I-9=s`Ltl;#cnrVw z#P5!eu)E!K$LRbN+5IE0c;d32qNm{)?`X^dDW+xsrwPB^|8=xHZlrbaCnM~{hw(%D z%zYoz;*ZzPkMb|{GwC7i)U+SN_tiW2hMq<mw9`LL_=<iBs~Bi*ir-nnZyI2x<s1qB zbo?W)a@^w{V1*KX*AwUNW#IP(M3&URa}Q!lQ}}AY{)qmeQ=uc8_I1)o<bB?^u^S9X z`s3bv3@54Sy!(N1fDAiY4^7ivQ#I|s@%Icc@EIH=452Fz{GWFlBcIS$`aK1+pEwxL z6%W#~Y}T{~@td<9JC2vI=aB&+TH?5ie&0qMV<jKh!#BwM5C2N<NZ@@WeeAEm4&WQW zcYq67SN%2mu}f$hA2Z-E=GLu-AMq!d&<&&kXIajG`PK841pdDwf$?bZ0-y*e>|oN5 zhRH(dPD`Jf_Z!qZt1NAH;@5Bc9xjOI@QiQw%Zmy}Oe<V=>7L?lh0kn^a$}^b1I{@F z4yqBp5&z``{9Th~Q3slQfNR8Ccrs+>#}xQigfFreSsJvg_#5Fy(!lzT@KS^o-c<Tc z=SAq8%VUqfk^UAv!!*J+=oVqsF^#&mKbP>wbf9U`7g@-=J^hV1itIbe!|sQs(K*In z^i}eJUH2u7h~61AD-}N$Pllb9{#+!gc(u~*?Bg%~&IF<lmY!R9h8&9c#7U*Q@FDTG z?9MHGL!Tx7_BaYXfk@sq!n5anLrzwDMDo(vhi@-aj5M(8poA~qqSsd3B(1vE8R5_1 z@$AF5{Mb!PrXB4%>Rd;@4Y^seI{VNCa}4p3d@pge%9kR7=CeJ{5nZ(NWZ+n7U{9BG z;oye$a3l00X<*q|;aX{J*hk9lhz=DA<7fR?bkAfO>0!yZV>)!@@2mq?h-X*-Mbg45 zFGWUO*PG`We%EoZ%3aZYd)gYhZ@07iH}cE5aA3tp((TOkU*~Y-+en*^{>~-zNSR^D z(<(!)_zPc#oQ?20=aEzWeYx-@oQU2>(z}RYBW1Lu|91Dz{?0A@uFJAW{b$A3(tqna zq7xnY6Iq?hGaP&=gCrkx1feVCoaJtPTc%~-+26T@{uS<568OI$0rJc#PixHM?|uG{ z58FP!aAVu&eg87(^FE{6KL5u(KWL4e`(j(`!JAKBzyHP0T~piI{_1<N_3GBUTDQM5 zsO@A?TWgGG(C0_~@ZRSa9x3`fF|X+JK5rC#{*Qw9TAiLjrvzeJ$T&q3Fc<hgJWe5F zXaWvE#>B+5?08l0(Wbq)%e%P$Gmk}IXj$~WEKT9JJ8%IY^W`$WET)VP_AyQQzQ}x+ zF-OJ>|EV~L93)JkB_QL05|1zQ#NtVK7j+y3q?vFtrhxT5mUkH+lrcmZBmA=Ai9g|4 z#@ep{1_Ls7FLC-Zj|)#CTSf&n#!9tfpaNJ7EHh1+VrQI`<Lr%iGXAaf4C9<0(Gi(1 za098pBw#ck%ONBUzRV;3L|0^PAOjFSYk_+J#+>E2U$qog#-}ALk(bEtT;(skOIRW+ zN!Qx}k&DPo=2t|YzQmJoBhv{vjAKv4v(OPeDF)U958?J>)GG*ik-Zx@4-h`!M_wf< z&IE#^@`~gckrU}0A0Rwva}2F9?tT@fq|29h5}sooh4$3tz%{@qU;;1|$OELUKLY4q z2yxLh(NmN6FXF$Qckv@SPH`W*fc6_B)&pMQThewm@Xzo+ANeg|r5AAZADK^r*ZDvx zkntC?>(42YzDZF;*isBhktD2~N#^1vybGSnC-Imv?~un7#RrHT+L!F(`#xX}@K5lM z@Al`sOG#d6&jzxAm=!n`0q`z5FH;+dz}d)M@h*8p%Bmqiwx(VAvZj3xx{m+@-^32N z{44o~ns(KzOl3ho`CUF10W*PXfSzZ^f4kh#F_kB!Y@uA}_Y+O~26T4-KePB3`Tvvp z1BDKc`vqg%;Of0tmjR@?N_+Cx*~nk`SNT=)xF{U+TNl9RVt9TY_&xAb;s15q8UQKp z{zdu&C9VHM=qU6D|CSH(n!4)7q<<lwXVRZ`-leP&#F3OWt0*eTuTMhrRbU?=^MIG^ z#9hjt0^ncB{{_n_=AqwbGjxUjX@Jzt$Y1!s01!Sq=U=f?Ixp=JalDqYW*$}4UyV7> z-O&6UuoHOT|FQSoQB8E~-bqM+gx-<fLApp21VRT<1Pi??DpI2qks7*yC4f={=_*P` zn$!R)V1a-LNDVf+L}{UaJNmw7oqO&%_nz<j?pf!bJ8S*clbPAG=Qq!O+U#rs0RMB) z#t+~W!2d9RiVy$#ZubJ{o04B70g(Tg|6jOM{1y1gFMl-$v0xme5YQLJ=HCL~0jdDv z0QgElJBofN{r@ZY=YxKM{=g3l{N_XRkNN-7JH=lq`GFrm9|EEH(H+3^1pr0wtpN7` zu7YQ}3?xqhXy*z5p7USEpVGexfCvEKPf4GDYd;j-|MFLAASnh0YK#L#5J<!yoGIKp z0a5|9yFkh2{yR2v=YY1(0RIC1s^DI16#Y~Br_>F?0D#}$@~3d8JkPJ3Oc{hjz+b~b z{saD62l}Ac48?W|0gR@A38KNXS%DG->~m&=_RawR0{(|V|I7)0^iSb01n@Wf|6=nL ze`N#!HcVMxV)70A`WLwV^&hAJ(s>O$CuJ<b_;8>2og+E^h5QeJdouo+d;bCdUp7zi zR}hze*%$B=h4+;2>VE5-5^pGL76Jgcqd*&qUjYB$GzGa49Ap0%@>c}?|5yC~gTL|t zUV5NLdIo_cfa^K{D0V~f*BAi4JaC>;KTzTlcwP?RPn7=u9sDWoNl8n8>#uA$@Tvni zH3Lw%|LL!az+Zo@8KTs06gvYO8{n_-Z{+`rJDfrUKnbYT9|Ca!{z}QOf6rfkwWG9$ z0)UMb@Tbg={yX$fDQEst56b|51wLss^Lt$n#oj4CTM6*j{z~!tKe<yb|9A5L_0CAK zV~Rb4I70DPN<B=e2`IY%d;a>@-2deNZ?PYczy3PE^45TLRe<xK`Lzvvjs@V)1MU9G zUnyqx*BeFuf8p-}&io7NhyN6Rgu#6%dZ#!r$giCDA&?Njl~NB=YRZ=Yl-l5L{guM~ zSAGWa&y5wt&tLI}l7A^V;a|j`>96CzIJgg`_y_rw1?1NYz+Wl(mBO83^A7=xi6Fm% zIQrNAN{O@oiT|-b_~(O@ZUB}5Aou;hzQ2Pj|HDS9pDFtJ3x6=)zvfmHfcZEBvj_RL z1e~YXJEgXH25=7KS5^uaii1<^4Enp4rf{c}(to|NngKO{Ykt+Ym%y1*0RO}MDgFQA z?*jU!j4ws6K&lQvAO+wYMduXVQ{p`(?sLb2^FjbffWP7X_xS(HzlEUfzli^@`Ulv_ zuRnot0TMu{_IGVS(K!Kt;<vW}L@K~}DF6llkYE3_c?$180Y3g^qm1tna2-bxICL4{ zG{FC${y9MZl=_n;67=f_a2<>_xYtc^jH2^l07|US2hf=U=YdcBdhvq)eeQp&e-7YR z+TdEwN8mbd0BZn{Oa7<qpBwZ~sc%{1L7y?8TfqJ5=5L#s0LR}0R07xmn@1XhHk6q3 zM~?c_U;orQMgFb-a)EKB%#Ts#BYv$}bplczfHKeW|GNR(<pFv(0R6M3g3i*xyT<Zw zJ0Anbh5#rw?+?Hc2+sdeQ~o`h|C9TF;1Bvg0Qxrr*K=2a>mvXtK5!U-3E=;B1O5G~ z2WWt#)WP7UJU4->g8mNx|56_RZ6_3a9{^|vpyVjNe9)E>Qz<(82R2XPPkF9iIUCs4 zuebz!gfH>;yd*c6xBNAK7yu+1fHJR3;X!Fjx$d9YC~YZz#|Iz*0OmV*@_x@B+D?GK zcmZ6W15kXGqW5F~#ct4!GTsz|pr&L4f}&%}?%(1UcS=m6G!g;;*Gcz+cnkUwcn9`# z0d4?L=77`y1OX_WP@dzTc?Me0juNv0?_ck^cA)=0@cW9O|5N~qkCp;Z;ys1C(LBfj z`k*Zb00IEq<L}x0pU?42my{jKSZM;719$%b)`Nq-<UfObkjEiO0KNdH0geC&0#L^F zpW#oj8A^L?fU{ueFkp%M`tO)dnd3+TxCIaeV7>}e;|kjSInMtLcM9!a{3*JZ126&r zbCFtWzsFZ;4D1I3_ybVls4W0RHxxUd_yVxY|8}E{6Xm6x(!UlM)4JbtpA`LI0ImXf z0Z{ybJsPy3j1|Qm{t52C_)~$li~xcFhrqC<{q|ia&>#9I2wTU&ah*S)0i*%|F91ca z|AhWot^?Zz@t!>jq>$;~YbH*EzU=@U{*Wd>@)UypD1<1_3-t0|*$k!GUjXcqIRxAT z#7zEz-}8DWK!22bm;%VQgYXOV!X5+ELdk&?yQKKzAGQfT{g)dH=tC4h0ze)>89)Vq zlD{Z(aFp*Ycqo2G@pH;}0-aEN^&k1`UwDHyzdm0BaT4?)3_!WhK>%3*IRF^|NdR#G zE&x`FeNo1XqIU}ZiH-R%xR1eq1`9a$Cn(+gCtm;TG4P<j`WN}fWd7vvk6Zljng7+m z|7zfWHSq7!!0+Wkzkfr4vi$EK?vp8Jz<F}S{tqDcz#KkB?&Bl&rz!ID{ywDwrO3!X zB=oo3`z2TQ_oyiQEBiZtNb(<&#P<6*>F{q!^rOg)ef%F1yYhP<`iG?YE%#`C%bh<Y znd$dFN$?M;^IH-leoOox61)Fve+BwmlBj-5A`PGp?hEAfFUhn|{3QkdkUGE5<8}5s zDaXO{V<RBo_fGbKD!~4)?f+gTSeP3#pm-=X1%s)H!Kpt}94$3C;&8S2A_O7?F*VRV z6O_I5;5trx`0TfcinQ{F8-{6i9s$;Gct^Y#7pIvxvkpXMx+Jt8r&m0WiJ{3N!4KET z>O)jJROy*VV)!!*<AfBc-zq6`M~PE+2C=B7$bBqss<oXTnoI)SoV{lKp~U*^@;gDb zzBj3o%kSP=FTC0K&Xs&`Q)%Vvo7W-B*ZMZUKbI61`S))(UIk7;@Y-Z;BHMX9qYL}2 zSeFKx_xqyQ*u~A`#t)h--HYCMehA#C+_}hW6T6LVyC2*4)V^+i%4q77(B~F>NFd}h z-lY2Uz0Fkbpz72qow3O6QG5T?y4yF4cST7I3?ni#{#cH@IrHa!oO@-BVJ#A*>+cCn zaKZ@9a%RlNB21!(4ePY1J-c-I>}LGe?BuAGSV&r=xC?aeI!E|9Msu<FtMvj2dEC#+ z<wJwHnge+<@b`3WpKs3_9T>9z5f)H1Z3~xkfo4$2cbZr4_j+8tKgc^$(5O_$p>qm) z>)`n5Oc65(PWvJC^kdOnwWxlt$T*x0qy~GLJXAuu!%zM$a~p1zYKW@U$_n*ud%oL^ zI%tFmaN#-#Mc0-O<UGr4$*Q=`{vpe%+P5bx`_%`!CwkTB(fZl>*2}ZJFy<9!2kd}C z<qxekt%^m>Q>SDawgsZKL`fUoLAxq5Jf+1Cx9`0n5X4*}E^#AWRj<>ZCvZ!a(T&!u zYjN!^KGm+jHNP7+jN<2Qw@v!|{j-2WwDYSEx2&p9R7aTc=y>Tsm9a+m;%8-)r>dNe z@7zN38rz)jX@oXuk`g#W{pfPKIDC?1S-zME`A6s*QHvS|xW0JS7ykXByw}5h&+(|R zB8G?rpAS7Q_vG+_Y>?s^R;9<yk~FtJ?q)f5e=58!KGricQ9|m!G|iyCbSZfdRcZi> z5*CeiaFp^Kzi^@TUO+x=VbK~@1LH6$OZ_t1=bZ;E>vpRUHn3yo(@Z>Svc9bt=5=9u zA>^b(w69nDwtT0;r`Hkv*^Gqm4<mgu9UH=CIiDOoDW$L?G8LjZAI0?a2bIGe&z%+j zmMEW2=a(P2<Y;|(wxS?B1m^9a%;p>C>9h`b%$<Aj%(tl&`aIrXVzd2%dH}=T<hX#? z{yZH%@{4o19`&u1&niY#-2H1V^b!1u`aaKp))%T>u=;Ap%$>$~Td#ZnZbroLba43P zoj2@FR9SJYLJ-WvXZ7#XJ#3W>b_$|B*Q;+n*&RwGt<h%+I#Y$ldc8f$LOWH9;^LY% z`?fHFiQ>XW6Z(f`J!hjm7;5sXupx0WU*bQyX%%of(iDAHJ~|~Qij@w~?E?SGv-y7M zg<SDS#)<rM2?%xUd-Zmez0EJrVzk-Meq=CoW=7L!PrcA;miVZ*m=n|XBk5e}z0V>_ zgy9u$>sViM!j~L_S1)%@zJEh1rz6$f^O{KZ#(pp(sAo7lm1d#OQz6XaXJ)3e(yv^Y zE1_xZN;hiLmt&i65+(NttrSLj({b#)L_J}f5?h+MFmBzOzNT~=VnsaYa_y=~2bBco ztj!iq?ir-+G*|M}l&;2VlP^zeAr*~AW!vXCvp}l%{2Mr<EAmvIG4Ak;IQ<YJ!R>1D zWe3G%oZgM&p$kqdJke>1)o=$YdFZ9-!+q`B*f$M9xa$rR$t+Rpy6@9MkW3|qk;>RN z<)2Ox6ESL)g6eQSY9}}!d_5(O_U1Bnfd|jM_#mbwWSV5oohwmB!{&w<t@SVr?!Lxi z9b`Qo*4F}=$s#%MrrDQ!EwxE9PvSE2xUe%=zn-nwFV!nWYv)e)GjXD+>3nu}sIx7u z(ps|wPLI~pGh9n^X!?W-{VKAU5yQLQ-XD#@octL}ef?SUTlU3RdOe0S(n)6;ias@$ zBP3^t3MQI~H$Ma+XHc^tb1!*{4<kzvJ&H1Bq@AM}B+q+{zYd=koMt1XmfKqk7jQ3F z2=SpKd26NeCwI0TmagYu$L^<|`7nEytQv_k3C}+sH{rdfp4a1+`AUUsTKy=wuA}i* zF_p|4#So61R+KdlCJ*}gs_Pu|g~Q-I*Sn==uC=iRFT?w`ih?zt+?c9?Y{)ew%51bf z-BaMa!jilN<;W~OyS{PwOHS5hN5bUzUAq@esa>U_bBzl{0!N=iWC}4Z^hOUEO*Xe* z_YB3dJTv*+hH{9xXH0x^B12r}?40Y-AM7>9h4gai_Z`jBN*bIZ4jqvfc=^aLSce&V zbmht^5oR@Wy7qP9`L$|U8AVN+lco4p{>l*9=arS++<QhIyp?5;y6JeH#=YK*BaDQ| zVTahhI!AHBt+p|HS@e0ymya&<^ENTXLB3R(CYw6qjFBH{y`E6j36$0lpUYsb(D3oc z_g@JR9%CWja7;hckSO_mTpx3;Cv)D4lUb$Bbd*qgMrgA0=;h8fJ&$!y7_PDE$*d%d znU%1_aSDXECX+42ERQ*>C`MUFKe5VdsP!?$^UexRLo4y!LIz^NV*0tm*g4hEcN}E) zS1Ii{ymGkknTT~Qf=2s!sJo>zF9!EvDh(5WRxtCpT-NcS1mnu;lZmyIW3?|KSl3-O z@0t+w!yjnC9LSNl2d@#3VhD|_$$xX{<KvKBnI1cPh@P9iJ|y^zq+-g@g%5@UG|yc) zPteM_To=f32oS?q97hQv*^}FC+BXevIom@6ovF$_+rPlF#g+&Bca5(g5_!TOn4+gH z9iF&wOW_IKK&J=W=x}$DKn+F=^OeV8ltF>Z(n8{ZE#13I(<&)~IbECHkEh)<IcEJI zvwMsWA6<}{C*O0MI(k`BqA*dPg;q?fS@FqGuU!L8VZ5oA3AWEa8$U;Lnv3WwF&+Pi zXvD&8L?<scd!Yzja&&@Or`CBx;u!l*BxiQRr=PU5EJfuUBtFao9-cuxXZNhAFcoaw z`h7Rveb^HTxA>jfs)r1%rY;^VoH>zM*V;=0rv<7V;5$EHKW+JbaAFRW%QbD|Lf8$R zw^#Ixf@6$>{Wf#Nt3BsK$5_0iw_+jwCo97C#0OZkCgOzbtr|PObB0zg2J`IsE9{WX zGe$D`_(bjf77>TGpYE_#*CpM3WTnI=xqeA7+AoR3{DdQ~t#OM_xjg!|@+?#mYR~1C z8-sA)APgf-_z4g2%9ShE$xXIFFSRp94D0GQ0^n)n^vE|pwANEoA|D09Zr_E!$R36> z5751coltu3Tsa|+Wzy(AmbE{MusJhEcd;#7lF9!$)jM&UNg8Kyc;09DYa__hMz}T? zeuhy>g4a3L+A;2AN&uC=cy~fnO9Ry|{b!i_?dZ~i@`Wh!Uh9_2TK-LWWmx=rr={sp z(eHV3ryT=JdYGCaM;TAnIOwNqfElP~>Q@O#flxj9k|8;N+5R*Zw2ln~cOiU?F6M?^ z-mX#qwHGL637_5$9j6#y4M_a8)LSf4&)}gtJX?~XT5V3AQ%Y4dcjWM8Gt<_lGUzyn zi3G!Cy1dej#~oEmF=1)j`F=;%a6)E~H$`{6&p38)rhfA{pqn9a**$&Qmy>Ak_NhfV zeD^Dk4o7}$ZDK4G11bMROGG$yrW+|hqcp(3mPR=1F?&OOkXs3m(2FT|6BNQb%e|+U zg)WS6R$hhfZ5ahEKu@JQq@r(JNK}SBzuvMW3UM6$+4M9p!kVtvAxcNmSE(+t*N|v9 z|5z3|yZ!XJjEmp{1FP+Eo$g_%F!F#AyP3;Fr1NvwNrm=zxLSf9oFF2OP4gs;?r_n$ z$lG2t<=7RkJ`Mj8Au}%;dUfDYfgmmVn%n(@Z~TummC-quLJr6{QClf=K2~UFa$uq< z5`Mi%XHRad`*{CSgv~x%D{CE#jQ0SI!o3otuTT423CVCrOV8c}J=T3zE-G9yl6tPR zn`>OY?D6Y^!AngsK5tGn2iuf|A<Shv-!<;kBA>i*-WFXcclCU8299RgH+a`}f00YK zPt|L;EtY4SU<)BepwCX&jRn5UO?g=I)Ct?Bh4Q^C<S8dPmV<uFXhxmSD^qZdw^~Ar z$-fNy#4u>)KttI*eh%E5Qb-9`{-I(qA;oFJ1GgpdX==>mGOKF0(Wd~29jPc|jiLH= zbs0^{64K=$Z@*+AdoUcmz5eOF@AZ^Er~Z?0qW+wIQ$kJ3(bUEv)|Mx+Dp-(529GvZ zWjZ+Ac|Vqef6U~rL_2}WMC3iw?yhBJRd1x#*@f@aJl}XL9t#(mBA0kj1)wd{D>f#I zX{(?QE>+*rQ|n0PP!~TU=>>l*4t-+M;4Nn|k8{c;$+|(qoZ!3WkbC`*+j=uk?lzar zslaYJL>tc#e~7Eg_daA)98T(!Ce2Yr-SjZdfs}qK>@n~dW^E3JPGVTXb4#U)Wv<#s z^r@~E#5rF(MW}osl<OPU``+g?k86^Fm{Z*0pNbFL$4pKx{H%?9SxT2@ihulR>_B^1 z(kL6Y4BnLzzgM)~@YI~GW9ra?#8o~nHN4S^3MolH(0jT4F%^4Hi|XKsFJHxj-iu^6 zpf;FkS%Wznv^PzcN=7H!ddu;_c^XttsNUcQWV8EwuS*S%vF==*f4|_8^L?CZ$H#u^ ze9_L`;Byk*vZG#}FuD^#d8X2g<a2m$^j5<qIemuD-~1}xz<sERPUC#DqIk3E^g#SA zu}$XgzMEfc9eiSN(xVHly4bz8+Xs`7XPN9U=61z_+g=Xwb?Yhej`OKQF#o=akbOHB z7bJujlm>51wl>3@dgU(U`*WMq@}>&XM#QF1De{eLrC>V!^u-KqMx8rmi6WcK{wAwZ z>a5sGlekME8H%aPv}x(n2UuWoNV06?7ry6l5^T;D&Ph4W79m{dthUxZWDzzka>&m| z<C68G4|=)Gk#{R;V>LY9G9H+IPV)qz+R*+OI$N8a1y71tJ378~T-8KM66N9NtP`zd zS^2#jTTx2&RUv*9Kd<CpbL>()?ge7;oA1fC3OPuNdyjE%8G`yXjKuIrpf4-(4Y~w5 z6OfTs4p)*nXuA1=P95Q%a7Js$@2vj!NGE$U*Kxm4zTtPvuO8lNK?WTR-4G_5pE5%i z*ffdSd_vLceac|k^*X?QD|fBh_tni;@*Qn9wY{k3`+Q^g<}CW+p5ghXTF)It2q!kL zo3#O<aVIl@TkaCIfYaHjWWDsc+>^R1P7S1E4bu`C4&vU#z_%mAY?~g5tFl&C>Nrk* z`6f2{WeEIFR{?<+x!5{K3DoF*m6x+lhn;G$4#&E9(^v_3lHI8~S&g}CwTB+hc#S+% zE!KjvXV&9nZj~!YUCgU}{1TQyB@q2hr~UIryWbR5g-3hF@k6Qf4^`c}_cH2u!>*L& zyBf+l$hHrv1T7bmZd*;R-p#qRX6x?GO6Yso%`r<ucF1sQlgvd%v@!UPDn2f2vncT{ zR(SGeLFB_uc|<Gaj_6iGm;o-&le%0C?joxC0%kH$7l`d$!F&~*PNr_wQ|dhy#o~<| znR+kr<%ZpMa715A;Iepv`jJM6Z^$?@+A1{VeN#Yy#VTZKcWgg8s!yQCdb)^_<=%=M zOGe*N-U4n}$0L5!6M{gb9nAdv@y?R?R~nDg7TRVolN6W^-N`BB$sB0T%jdKMS!2_p zSuq3ii0YBP0%Z5|RQ0ZXW}l-ZandMP`@$8a$mSDT=Wn`e;b-ozCJ9tpmKmmBw=_HY zh>@-;PERhttgq5z{ZiQv3o{XJcRC>gZ%yQfx&`Fb!0elw66bV{j%rXzE=N9Sn#L8$ z)ny*@FMO|}@A2m8k&4p(0262NCivUVJF3(DG9QJ6y<hmRVGCx?g`9d@wS?|wkgA61 z`9v@8pBm%W9D7Z@WY4PDq;IyQsK|+xi;X%pN8G_@i<W(K^1gJAc8^1Q8zQTd@P=9D zvS;Y|o>pSPp}uovuq@7NC}UWB<ax!la}8R|VuL60juh+a@%J@8<;W-<?ZeNA1sls; zx3aw#hTQBeair=eyMjeXPm|H{-!aS$lU1U(rmR^~mT%Nb9U13LcU^x*Qe*mjs<Rcx zhsAu}cuvz;wcU-5$a(Q`dwVVgpI_+Hfum<glub@zhqv`w7}4)S#&B<X%iNQ$Ve4{6 zAM>^?(HEt<YuHMisr4{})Lw&zUd+#P5zAYkv-_s@%*V|-9fJMFk+IDldQ~m-vHGXR zubUU?N4INqrPduno}Dh@P)fKQz6RSFIYO4((LG4e$KhUDHNb|vn3kS(B@QvmUTcvN zg=|x=YEkVB71CXX)aorEA+Kd>EA&h+&rKh>+-zsprL!OMRd#&sh<Y<!tJNLUtXpAg zLyX14jm*09-&Ww4aTZESB&rkYKVYG8DW>|3S8P&bgMG#v3zt@;MWIJ%`Zko)rZX?7 zix}j+nYhGK{D%H6heZgi*e>&(wFW<Ui9bs=N!2N4t>wguMYuz=V{|m&%OeQ2<Ee~v zag!eQR%ZV1c&x|j;ttAS5kVVaBomoh_cF=UBqrK5+^!xh-$+oS?-G>VAI6`T`j$q$ z;GM)A+@M&+vAIG@Z(-C$NEt#(Pn`7Sai-b%u_>Tw=LXB7y~>!edo+|Rrrbw#T5dGa zxDWZ5m#cIu&wa$=lIDX~EiQYC81_fb^WRYZQ$@$M=dR>SH9QDL7rz|YtvkLH*v-gv zH>{~_9IIrFXGU-E<b>6B;%y-LInp)GS=aN0g$*G?C=;i(-dR@JFrIL4rk%UtGuXFW zgzwn#ct+H~2AkdJmkB7p^mxp9YvR!3X)5;PJOh0O<)<GD346Aj=~p?rF&P=!sy?>; zCU9(jH&Sum6(Wlju`exl`(l%f$TR=2Wv|4SYX?my?wxG!5`^V+JdAS`;n;!;d*Uy# z%%Vj+5hgf-j{}atLi|c{>?soF7h}&>9z3b5ceV`DRPmOx{%b_4Ml=1%u_G-*{ED3D z**d-YGjxNKFh~TG#gOM^I=m4)*a#LXCNvbzW)lX}zAoA9CE5I{?&$V9$K~TnyVg8~ z*(EX+?6^9ZTjmRK7TZTzg<C_M*(al7LL+@1>gsI?lq`;UjcnfyI~&_hxR5@5Z~-<l z_whdc+oi$Q8Lq(`$W!IOsbT-5G{chioXm5h=W)%X0{(K?t%z7n#*X9%m>|>!W+TN) zI#R{4Ovc3&%@%pFFu|=Qw;X*afFb;ojL!hBuQpcufwCKKz{e|sk@s$)MixHiOqnkZ zz$4p!jD^+eFF8VreNc9%<;7r}&G*k5A}>ucNPfqU&k%PvbXSxyERvifI|LqvXJ>AS zv8SU468Q14)RQn{->CX&16?g=H1$EH3zMEWLSO@ID~MyespxDV=E4;6IiyiQmde`E zgLc=i)|<phbspMXXP8M_Oy|Jkg5O|sXSF$%%Zs;RGtyxY9Hr6`Eyu3PuDjYtI5@z( z5$^T)$MZewJ^}hkq|xg^yDt~B;*{EDMmb1YZA&QDpP4%sX4u2z2e?)np2!;<q!Er6 z@1n|oGkBlg<0Qnwi*a;!OEZui-O6SWv1EP04LzSwGgdV-J-8ozXE{pEoi#%w7v(?{ zrJ5ig@-%~spjvNy&pNZ;m0}hdu3($9u(z;#^s;-IfkiT0qXhGMot(B4P^|d%R!f=~ za7`&`|0x`9FNeKa9KyEC5hVe=K5Q`T5uuk5rSYHw7s)ilid!qTU5N9IrwPCjR2p`} zgFI!#rTKvgB?!1IdzYBvCr{t=(_7OGOWP0VmEI3lugqV+J|ES$P%8fG0if*9X@+1p zYRL&V-JW^XV&1gCi7rF-?6}U<o?fk@Wzp4kYG&JX^nT@SPOs11hO1aHZ6X1-)6q%N zL7t5C^<>2@c-Kq0Ti&DfdQQ_i)}NN6z)E1FVOGMgR*kv}(V|^=oBJ3D1bChdI)OSb zqBjLib@=Z7k)Zu>^4AB72QxJT({}{5WzeY*5B_QxWB=KMZCl4;P4&0xziOO~8?3v} zuE+U6TY!gw;7-hCEiY8pQr$<ZgmWvxu$aiPQv)i_YT;5JAd452<GZ`j>5%)1TYaSD z7EH+pDzQ_9$=vb=Z8P-uCjG!5i*9rmjaV@DIM0?WmGb4{?iQI!h$ij<(qkB5i8ZVT z$q*!YaxnR63w8-McCqPP!m$?U@VC-9wLs|iP34`h%AsvO<WHQl`}&=XO!I=P2>Lns zC$~hQYXS?oErPx8I`!QUy0#u_mrX>^yvjdcLMr0t>F3NFf(%{=P1=28m%k1dDlVWJ zS!q%c)Pb&&p8c%7_hsgOM*hxW(r|8c*0m1LRcv$4k=bVlYY_w?O(mk=v6m>Ekgzz) z{9R|ra(q3GDSCN9DE}$#b8PF+Hu{tN!uIO}<h5saJ)fM&r6c&>DNv%0gS=*z7IrRV z>JRDpS}TBi2E+cKnPy_dCm&Ro4aN&pmt*66+|EI7$mgv=cm;)KOmPI=#vjnGa(vmz z3scH99<5f}ruxDeaoLCW*H-u}$G$Dp`T);jK^FI$^~}Q3Ys;Bihzmc(gjNuZZ1MLo z-;+oSkMlOUeYQv{16AKdLIz&ZxUX~=Ap;M@dxhdpG??m}UUcO>Xw&qzLp$d6yJu~l zUv216)d517cPguFyYZ2Aki;Fmu-oiAQhSp%^S<IZjX@z9)NL4u%5NW#Km;nOX{0U} z-<p)mn|@FArC#Ow$7x+t1$kY)71B3}>{ghwn4s8Teq3tY5canGc{7+@P}$Y8TWu|6 z?RZ;A3*HKgGqqW>bIwwc7Bew9mEb6vsl6jRzG6#$5#8{jApMH0aKC}@JyV`G1v`QS z*9R*+T;A+P^L4V+@ppL5YwCqAT(={FU&}6z8TYi78R>2Y2<fmAMWaWr{SfCy!K7r+ zxqkI&dK)-wucZ1Nk;ty;iao^lFzz7gbp5>82%M9?T6nG*^D!O3n8s9+fj=NKb|d8? z=a6m^RkCdZtzlzdo?2+T1v8pO4>9FAy|5g1!imYE|G6V;h9>k{D6%(~TAuhQ+f;;w zKjYKkD*a&W@{&P{g&XVe0Mm5i9#?0HFIJ6sQe;3pvT+`&?eI9Uo}te~c=Lu3EBb`x zL!!pTF>8`%KSVkOf7ao#PKa74+Mqp2{jlyMrubD_UO|gN@=}3edsbw6XV!X0iOC9* z^CIg&TZNAPu0!P6pi#!nt$D+CagRHZV%Vp&?CXtk5I^rH=eH(c!x;X(an|fzzR+1+ zB68ep){qH&1tJ$oeO-h$Ir0Nl;HODte=Ye3Bj8;O=F9UMlsyc^qr~k<_|aK*mi=Id zb`95JB;+T;%QS!3bMEWCIq?^@^>Z(0uphaIkr8n^;W4Y;`YAppgD*r_D}%A#I~tGk z-kRKf+o1;Qa@peC7;?S-9+YoGBF`!fKU`fgk8=rn8^KL-#XD6w(c$B*(KGGJ)n}q& zYSy%=Z)!2@W7L}cPZ^?)oxg{1J#arNl&O>|R^v+{LO(T*k+_rMHbAiNZRe*Cy69Rv z$B$ag)~w`~hS74kgSUjW(fq2PF>oQlgBevr%kg&>%|s9nr<Y$QV}%B{<33Tj9n4Y| z^X2hq&zzZF?m2mP0lj9buf0l#q)mL$>Usqlmk0@^<yf^dMZ3r}#l!7_;(jhiZY)PS z=Nx;)G-iEgLGkRa=6!lE5f(G}R>V+hTnaYUo@=`QdJuD)IDvsR#dA>H#AHgwhzh&t zH?LMbDofu&P3*MejY!57g}yyyNs=cMI@K*ntaJ7zi-f$rTS{8^jaI1hss2L60KUmA zII@S7xACqsfItPCh18^4LQZRErcygH-GF1KP&Ory;(BkymUNqxyC`BtzH>J>{*KNu zEB3)B@uBxl^JFbQ6g8|6R_K;(&WakovoN(JZc^-Q;>wZpb947TGxY;V+$5sX#@97H zY`-LL1>?kicdm27d|Nj3XA-IUV9>4Jxw7eyVRWb8apLLK7vdQ&4y6RIU@R|AtFHQ9 zoPJ8n@<dy{P%%2u1cFSA$*T?3`NBoj%%|aeCF{cb_~ns>OzqMT2hGUt_2&HMr~$HN zE}aC!gnsxI#)yefZZdm)HB|uO>Um73@P)O#MLac1e+lLlL$dbwo)WqD{p&}^z%3Go zLlJR2ow&=Sw}KpBb=@ss;q8zvW)&3jK}(rPU0)#$CQS#P#NlqUmo60L4}404*<HOe zF(W*b!yI=Xl2~cQAoOKF{YKO}ut|NFI>e>rIHoW}P|6whL0?|!`z^EYsS-Qlx~_;- z3J%X-A`%XPY!DUG9E@%==Rw^)Uk=@VZARm|w#T-H_J`7|7ATjH+Zl)t3D=cBP#Lhl zeNOcZGcQjjvp4Iug@<zOx#U^ka4lUT9ZDB_N@ir-IP3INs>_D8y*3Cg-McHZR2Qms zmza_G=-Rtpvzmt6T4Ky^4+e2+Usq`M(qKV6-2Px{6y}57D=kEbZz8{}5Cbrd&BuA{ zt|qy0?$Jks*z<n({18X*j!I~m4hzyHm3e+Gtg+K9&u=u0J|U_QPu9nD$*Zd)>uHg* z*0&-f+|cW0pWplP!1iUjB~xm}I8Mk$Uekg5^(?%Kfh+qCDm}v_>reGWEKaZP84p5K zxeXn4O}J(u3i6zY3tOadBzbMyQ7_rYyq)u_t{zS)5r=kvm1iy@0=)0D1OtC`u5y8k zw<H79uQik|N2#WX`W43wcx9y2Q{l4+J?R@!&QY2I$Bd};3i4WV<LnHc%iPx}O-($8 zBe)Vd)dT6n<CIO@6B*u$)!ZwpL_H3j!=q^Cy#8DZ0Q{IgXK7T36;CaEhV3;^i<3`} z2S)W2N!ql5B%9sHwbxhJ;D0XVG@*6({Un`RJoTHD8{Od#48G8k&IP@@MY7t-j9o}E zEnav;Zu}8d-V)Qc5L*oOQj}g5i|z7>>^;w6*sg$ocbep_blF6SK1r(h+1N4B!7(d$ zDG?cAXac)Kl%QAp90(8Hx9PjBn+x)m_oq-==mnOof%~$4G%HPE<4&Fiun{!-=AL$p z^yZb>qu*7N4BD%Vr#Ck6EHWrmk>&PrA5D?G;lMNKZ*(`LihpLcoIlX}?zxGsmNYXv zVr_qdv{>>pv<{_Z1F1FihpIx)^6NXFNJ;Z+c3{t@y0{$AlpC{>a+)N)X`<_FeYS|k zoeO=Eht(1zII;TaeLa3#VjweG*V1BNBByp@5~ck1{1XeGTAxL213H&z%Ob>?$j8Gg zE$&5Q7t>u9#X|j=##IrinO-^bBC00E`djixC+OTy{bXQzEdn#7W0dPq(5BZh4==|$ zREM$fC`6gJQ6ul!_+F^Du)ii`2jPY1-Vj@;O^iDHvLNpZb4CmO<L{9=!SEoIT3CZe zL*)mmr}RvttDoxeGCpx*-81Z~kGSf`wpNVZaoKo!I?!DnKF|*v5h*>(o*miCcHL4@ z?ZZB7{5se8QRMz4_56ZuWb5qFG8%Sd)F>+Bl-gZ5Dr}iG+w>9B%&CNY1KrKCa5`3= zIBH*D{cJ3!5`tB(UE)KcwX57;#YVvP76sJR5fwvXkj-T1b`wK@PnXx2p<V59!Bzod zm|Q~uQs9ILqD+&}o@#!4f687Kb&<Znbzu{c3{i!)+@vN;H&+z&kxlVxN~HLZX^9?T zA%tv8*;^<n8S-Tfi&G&8YbxPpp|Tw`<{eD+KTQn{-`IrJ6$n)F7eYD*$-=DoxPs!y ziVMyVEB3by-^~;QVc~viJBw~2sMoqn3!ZFzwccwG=e~;iYsBpEwSnk4#704?TJkl7 z-Oqqrsp92_&W7!}`s`3Oq+vnc<nWuTvI?lzNBLP06|iT+#J3Y9&lG*)k)IWOD=+a2 zuY3)4d4;74^2As_8g6~+|BP8wA2(Nh>_U1Fy;Z+<Dde_RT|ez}ujrfkb&$I1tG0I& zqVjXTbNlBUpSX@$(wISs9f9w;q4ttE5M8DrSEewoS?9D|j&7D3bBmp_aEc#~@^y|m z%tb6DuVKAe5GC`6E_6{N^vxg_7$&&dTCGNM9;P3g?L4kxiCHWS86zYk$yS<SHs=sE zZMR0#SfC-fjs0UIkOK#Bp)+QrZ=BiYS82&c)LW+Pi+gv1wPv|JU<9+-kzfm}gir$_ z+pEy2tS1tv+uA6>vAL_X&3ZIQ(~J4Ik8)|)A$osSmI;f+>fGZEq&_Xk%(rRbp90+| zOZIUqdO7G#e1E|!9oX^b#lsASnGl<Y>4$S`r5X%|!UU;|1Y@Qq5IRSo@h?$?NBhN% z*geMyvI??W%fH(WI`H)I6)~X#qR38%D5>sYsPv&tYb!N7@I7_&uxIjz1D(<^RU=|? z_}8>JrPMCJDdpiOThT3vQSdr51Kp{y_!&FQx^}~7sC$m^gTs{u;na6_XKI`+)6SfU z(M@2#%XRB5zDktjv*Rn6X14J_N}ZnD3PyXM9DKAnd7^e&YJO8+EN|lgt5hiB`Azz9 zCbK)Aji~(@q0YsX;YMebPz#1vQBLu1gh{MqwRlHH=mQh6!vXCVS*2wPtHT!BE8U^` z3o!OIsdc_S>mf0gRcV+NN6ST09Nk!QbH8m6QJy?;nf!y_&9I%HY)tJHJy?$Ildcl0 zJ$B!w2BA}v{Z2TKDh59X9TPz@2J17qx+5Wp_E%i?jTjjrFRidUE*yuhJhEY5WNlx; zEYA@8B#1OiZ*_&?f=H}0Q{`S8zi@_?S`EEyhqs)1#6z)oyq#hDE!k{Wp;%W5?9+gk zjNEr^i|-MVI4q1{SG^=o!bDIPztLyMMl|yJ+>i0Cst`)|J^@oTM~A;pj0$e^GGmP7 za4>Hd&+zHk7Kl<)xZtez=zOYlQq%(f0g|mkXN;>j)`_>g;zz|yux`xT(SpS92}|iL zM-SYx7ZQ)MbXjB}7i#(R;;&?#q92%?m`uvxXbmASnA$_HHlMgQK*%>FKddM^0uOzD zq-nb2=UC+x24}@m3g85~(3aMdc}{A2`Z4$6p)+%@FgJaQ^1jS?CVMxXL*C4enHopx z973wy&?MlILCgXIF|sV=II6A>Rg6AvdAHsO<BIQAWW<l<L^3g(yA0O(pg-<U(P=1h zAzjFoX_L-F+SYl@XOC|b#8uP>EL*SgCc+I|*jT%1H|5krVA^$DlRnRoOG2Ku;HT)H z7x(d3_D8YGmx>_T>c3v4-SL(F#*7OoE}*$PjZnW%W%~+w?`7UOZX`rnbrLUy?i-%t zs8h1KLbZ6}o!c7ZfPlk`8_}RTNh1AlBo(F>T@E!ek%_+p*Kl)$E-9HrS6g9iXtukX zSBYKsNwfD-_+VM$C?h(d0xtGB$bue+XI?k`5H2S~LOk+pfDLV)CyR+{{y}o@L5EIn z;tS2O;?Okg_?=s<cSHIOgwkGWH>SotvL{8J7C!=i`i*_DoweJBgFnQ@1XMdzC*L@A z-f#`Zh)P>maJ0C%;aTytid*VCbLqrKmxCU1B7|#c;o2-k=`RYd-aaO#)H0&a2%Xw@ z{vt9LmUXWB19vjy=xk5Vl)(s!e*h+(c+Sv|+9<L=o_K8?fAVCftErd>!<aFQ=)2P@ zB)q_AQj~{sJgUl6uY+6`_C=gwMGWUr(VxDwY$%3>)I~$|()5yrXg9ZISr9MzyWOE; zA7jkhmzQF%nM+$@xGsy<i{<g=I#{G)TLooMb*Y}t#%j-c>J>Un#ZlDGy5$v3$@)>P zOS(p45UPo7$@dqTlpVL0PUxQf@X;8S?-!Pl&nqtruROl)%#U~ls`3rI;P<Hd5w-AR z7pe}yw6*Y$kz@m1Td~JP*5<GSz0SSgm~B#}+?V@YY(|5GMW9mTozdi<2O{m`a34!_ zxWcZ*4X}R}L4~icU?#*ur{LxdyuuuaB~6+`o|nm6_4)-aylOHgcj%R;X9SM>(b}AF ziA5E-u#`vl`ialb(}_Ug%-pcmmvFCxUWh3nOTsJKn_7s7FebjtDC;C~7q%PZl%(>n z-ugd3igE77zP}8D56;510b|G>eu4XV45;qCmVGx6<`ZXPj(>ED$1m<>lDg3n$=!vd z`0a7<=_MI%Ylh#uEfGgZG72robK^31h&)e6y4`i!lCZ#dhQ;tum;Q)P|20j;noY>- zyvA$J6}}s5{u8wwlBebZOf*Sy$fD056a?>C-+m|e+(4x52eWeSi?7T$>)RjQ`6Gv@ zuAXM;nPK3zPQu}Z8;`)9u2D57E63x-IQ(e6Fy{qq&V$0_%v0IAA2ahKYy|Z>1joyn z&zuQS!X+*eB{Z|i&?Uy3j?rDMkhT`O$?qXwx!L3C-e_%tnMxj)38-rk=gurDJ3?SD zO@K9Ne%pqLy6&sw4LCEpv+01wOK;yn%$WnBQPvgu=Zx3~!SrB{9*7{{pVMg{LR6$H zYik%m!0gJ{g@Qa^`=qFzF$-V&I6pt2$9IC0FABCY-N`6F?h_I11U761DeU}Yj3X9U zi^z|JsIvx#*yKy)pqYok<PHnMH%E1ue=rzJ-uj6(V3J}*gq0`QAT%6;Si<LJNP+ik zY82zKz9yB$m2vmraXAoKSZ`P+W2LK&S?BUu_L?@8R4zoj4HQ3enH(L~6G8)~I5&O< z235M&g%t?7A<^T|Ol{dC@cZWMp~IKS2Y-SZ@6nPdG)W}YXXJ)Uu>t;RY>D^}Q?6pp zpZoRR2KetXYzTcVZ#27uI0s_JvVe#r--^%QgxgvYz+{M6QSK$%Kvx!cEIjZNiYVc5 zu3r?xE8j#iA6V?Tnt42MTKZPRh+`C}Jrbp(&y1=#J#F$6RfbNuyn*9IywMR|lf#FO zb;cS;_IqN!CH<N=3L9f~n}CD~Ze34Hhzd^5jvDU2#X|d)dDiKeK|2oN!XgssT1g9D z?W9GNSL@{hif+PJwMnTKvB}U}sgb49+~|<yxRb{_7ak+;(A(4(ft5X_$P=)0Y0B^U zV5(K_AWq-J#y`xDXGRJ|_VKuruX#V;^tBv(=1uIz&O$}WhV5;vmKLXOZi^t+I_>UA zNr_UKnzzpx22Dki(yYS2xv0hCpAi~bN87Y(#3-?C0hMt_ILYN*Tdk!}Q~*M+E3q7U z#1eDlqqis`x`4>o(b6`#-s1DNeCaB#Tn6LL65cPy`R*&TlxU>4%FGr-UmWI9+OJmA z5<yb(EHgRVRxe<wI5_5^87$Fce}VMc2(@LPyIUtLgL=KMUNBT`!phph`9?1(Djrin zlp`gIlFX~YZ2}U?rECVf!&)aQfiIBh9HcLZIxB3&DTi<%%7knzd2#HYmBQ2uk?xij zpZwR7j9#P@I-~gmghK?iSDcNJ!A`n+T5{@PEPL7LbNzJqX{>+?UBHNm5G$5u)Bvm! zBx@$O7EAJ~DCKR?4R+)28|sqo(1SQO)s4^Cl$A)3teTxGcu_EOMGQ;R*t|C5tuQW! z7K1SP$8x`U)nt=AW`9yIeAj4mo0IpD5_89KC-%WRk1f~-lcOvg+3$vYFpGUruzZp= z$&RT=29*;ZCk|b@y&Bum^pfI-c>!D>lHYku-K$JXhVDL}Z9IJDzP1DR!D2_~U@PMu zOJw!kbJcA^RmB1Vi-}P)`Bw_J>gA5urttWi<@xS>T+%DXoShz{u2{ICUAs(VL#)jx zSz0I@*18eJbkNeGEoyvE;tQ|6)G^Fmue*8Sh)rRl5mB8_le#|DTrfvM2!*Pd6BLQm zHL8IeBbZp%Z7e^T_Km$>2}a7_*OLXY9C>GPUYC9KNr|Bq_Qb&<&vX6H=C9Qp{Jipm znjcilhIP&S1*aa{UaMLT-e0>-KeFr&n>|aJZef*QWJ9R<`<6OFcWrsv`uK6lk&m)e z$g>WSQpFMP)7DIW#<oh2oai91p_A!c4A8pn^C44tT$YMOh?r8CA?#rRu?4eYt`cVR zHgN2-rxv<y7)*5NTn?O;Xx<mwF_AHYXjHlD@7LAAgnU`(rQ^~dM$_Mv_H`8LZ(N#~ zSXaqjvY<)g2{mCay?TdXNCJgI+E`)={b;3FGn`_Wv?2SqFz5Q?`Vg~b?|o7gYea~& z<6gFc)pBF22Kih4^#Koyb+-+4TlnpY5bsu{P})cbG2Vm4-d7e9ZPebX1=w(Yl=KxG zDj*)0Ms0~8c-PhZ-Of#ME>fR!m&1xM;5D}0c*7K_T{MHYzyzQrZl@~8KsU45SpsEe zhEI$N+{ztK7vsD)*C`h?A+q!M(sW;UBb5xkxYf2~k13j2eHCtT25)y)n!I&?q1%f2 zRj^^Z$hC`y4RuS{M*6YR@{vW{z8z!tNjF##;{6uAFy`*{JbNe@6K$KU)?}S8&*;@2 zhI@$}DZK|*oLa!OJ$}cEShC|O@+s0*syqTebFP0Q7b|Fa1YwM=3pn)UzV-%&nFW~# zd3yDD>9@}YbuqN6s4Nww%H)E)lSMJ}(;aDffhl2Q1d&kE8EKR%mSbVVlg^!+)`i;; zf9%3jL%b<h;P+J2v5Es4mHZrUE?L^Vx2r4380D2iZ9QW0T)@j~>srik0=F>6+Gk4z z@k*b<(AXZbWb078NljmZu&{gd=u-8l#lx-sI|X?a!%X}#)zpg{>_g!CRfrt3ha-Mt z^iYUzlj$0kGxQp7?@>eqQg+m4`gUXa_^{A<8>A4;)D5gLP35i0joM>vA5Olg%t?-X z$BYmzrJ416osu}ZZ#f=$D9DUgAcXq+R6H*)`w2Z+9&aSQ5~w6x;JUfmHtx_>d(mN= z<!<a=uTfG|>KERS8*qPL{zk!&wh}!1@ukQyfv7318!L#_vD>2_nsyL<`VUm>Dm!+K z382dC7&XxC5he(MiasH#H5nRKVfCI=wJKK0bbAt}(<Zv9^`Oh*8%)Z%BJis{N9Qp} zyOaG;<Jc&4`<u+_-W~n(k0Lbp_!4=VE2gb$Jq*}GJHiGFT;kvc?Bi7RC-FtiQAbxN zb>FsHG*mJ@I%+GzAye~ESkG+`635rrakD6u@LD!<G+)r5y@{x=IeqDiiq5%UPfO-% zCcEJI+s})|q4pM6C&f1F6T6#ej8d{{4U}(i+rcW&InQPr`5Zpq8!Q(YzP?}LQexQt z>kaGkWpYJo!?C%n2Q=ZVgbnWr*pXpI;bWhN#R#_;QRAIL=fGRl4uaR?E15UMoJPuX z$FQqDNqtL~{V3f&22B0&IF(&moSmu^?i99EG=Tr)-@I}~*y=+ab7UXK0Rwt*=weih z>LWD+>Q^YKBx+d$9ee7Q6zt-An+hqi(0CQo-f%Bg%3YE{HwV7BYqJt@w#@q7Uft*= zS!|>VEG`8Sh#x+i`TZmQLodJl(=*FM;Ej{Rsl=JLEiXM8I)bspuybo6+p3s+a-&SI z(5&LJ6~spDyjypFI)*V!d|uf7ISCbxjP%~6KM1AuYM<|GEXl?AnR#7eZ9HC9^{#+8 zqN2|K`XKE`q~^M|{<lW<`#!Vx>1)h{(saLteWtpZFOC&?@4PO<S~*l?EMl|2yP6bh zF+@<)Wq)e}?Q7RkJw@19cYWU4QXh9jUZT}!XLP?_KC%IFg&TvheB$sDq1cWd+OI#Q z*H-hH;U#BcRACWtkH8L3@RgxzH%=ul0JbT7#8@pjmqV!Q#g3pqEB7&&l+x~3zr3Vj zev8hPdqm%|0Jpr?Ki;8rZbX?D5m_|DMiQf1w?A|RTt9X`z0xHtCp66xA{?pv3cVL0 z{3^T^`!;N^NcR257kNWlvfeuZu@yh!)&t%KepE{J@vy8+$kGnwPzxi23DST}?ZuFO zldMIpxemgG*^vGl3Ke-1T*gppCWg(^R!;{;yH=jdgmz-7Y)!Y&?DVbf@M<538=ay3 zLH?DGsE8qs8zMxk=%7bf@2)!;_cb|g(x&9&q_18FXHrxh!)*{2;th1)f@MXmA!)A^ z;4Yx&l#gt{DwK&CbziAw-1tt{+S{ic5h)&^VuY#MvU{a`pn8@2^SB^mLX`Hi<5Ql= z;zBd8Oz`c7g-~N}6KC4j@!2--h8~|{$Xhi^3E=NOmu1lYwgh6{*%f*OAs&ymEXrFJ z2;C?(#Jg5Ps2>ocNVTIlO-0o4c4##xzL7TX_B{_?1Kq6Cr0m{<QUye%>z0Ihn6R#* z7^4w`3)XVbV=erNtmtN^@P6CvrAA4wXHqugb=PilB;&n`$vQji;vF75<UE|`><r9g zX~B)R<s=O^kC%Rt%Vl%jsjRS4&gt{sg0>?t0XKS4sIt+t{nHmeJYX3yyDPRI^Dgn@ zt(tW^IE_%8-`MY_if^4fNynJ!y`^0<rZ(H6Lyv@x=nc;0gj#ChDz1oL9#s!hH-_BN z{Y<8=UACzB$TXX7(!QG@rEV&Xnvdh1pO!l?W*fJ@3yDtDt;aNT$5(K$N=2P{^u>@( zv)k&0MSM!rtGq4RFd<Y<ivkNG7n0KjCQ}VHo<H^uAETN0Jf?<V@c4*~>wsCfLvFU` zD6yTi2Y-6?eRT=Fg{#jw!_rEP*cCy2kF@_PF4*XG!A9|}G1^{ObiUbjcGs0mi;X7P z<+{g=)_IWB6~CrLjZph`B9+!2=AIzmGRVCVwSNt@7cFprROQz#&U~}DHjsseL*E#} zKn~V?FXQ%2#boMm{g^l+c|zFi3PJPc>k$u25|W&%plM0Emtxv&POQ{w#Tz?yp2~|h z$8g@dLJqdP8Mfanw<9Lb&4#}l(pSV;829q5tYM}Aaiz0tYI)4MfaY!LTR!+Vfw(Dc z=u9rYC1};-YQc-mv8k%c3p(@&O@Fu|a!UHZr7$)V#qAh~#KcwHQ7G96J`^6ku=!K9 z5X9E)=?#J7A_#?PZaow9V@UlAQSP)HXGLW=_?r$I;s~6NBfooVr@Blh>EIED#b{oV z@m(V|Azh|VPWdWCdsY)(r&ldRV-pv~j3zL{9IF!qW|$j}t2&IRh6^I`B=%1hmm#90 zFeN8heXQ^yllpJSY*-NYZSC(&qIb%%9jb{@=kX(mh7~%D|LBdVQx+xjTdKL(-6dUx zw~-PM`=F+2@2!AAVLE*IH6kq$a&tK@tD=L>jjhX_m3YW~JY}%tDMy%A*F5$FJHi<A zAk>IGlyA@f4lAMynG~geo;pO4eScfr-GRn;6lwfWX_f_IyG`o~H-@~&hr3Wa>1+Gl z4WMe2Y7C!Mqk-B>q2yB^v1Lj2Q(-^GPhT^~Z+7)0Mroj>zHrjh#YI6F@oxplMEUF^ z73W{6cy$hnLKCR*^n8<aU004)N3Y6RX`K*edM;qNJs&5>j<5#FT^=dh{_!*^L@CV1 z7-eTk_{Pb{DI%2=w-j<bczrHzJo0nMG~4#{h!5HU@?hQe+H~vEp=Z7*r!Bs0pNFRh zvKoLkQ=a`)>OFUZmaS}Z-PZ8JaMqh(W^LVwBIIy6{(~0j*6D_y!xj816V5c&xMz4< zqS#TL1y!yqd?E>ETq$9v*3*o)1gMN5PZc+AwMR_RL{u}~UTR<aG~l?+(|DhpDoX3U zvW%_LBCRDUMsNtUpT%;Pv-)=uF6CGGKG>fUvVjqJk>uWur77dv@X&O==hR$T7<VQ< zHrC36FBgM9I%fINt3p>>Xd9SX+sm*&*GZ!<F73x5gC^J)Ct^Lxbp(Anw>4<hjGXK7 zjxXUspP!K&`#K&ZVX6?h2V!5c*m#JE5lp3H1_v15=EQC<-fAn>d-<e^xwy)-fGAxq zJenPK{!WMSM#qWwq)#|Tu@&ks=e(%}!%jf9iD&WYl9<+zZijx4@)zIDR&!)E_S&Q} zoGX^<95gd|@d89c%&dCoKCBY%>nQxrUO}b$^X-5SPqK*MuSm|%JI^{OuWb{FHDKj| zvipWDD=v&j7?z!X%Dlb*G-<kpH2I*?xg++g!3mATQkoLxqqCP_?vVW}sF7QT*StAx z82B?P-UVDHYtW$Yy{hP|GW$fWcq`=mjk^6>rpkh$6XPS(v>2pQ_KunMp+*LOdEL)K z{=o-~7O&k+#!k|F*tcdA6LWSHv3Dyp!+d{3vTvGxkgE9P660-2=eyNhp9K6_!3`nq z$5ZZ;hG3*8>#8Qs+uL=P+rc}QI}B6d*Z8atJu+$Hzf3w8|2h~kBc+OAU0XRAQS)wC z%;+H@oqi1$fURhczs+GwwH_j14XLI&Qivb9(6BE+PSPTEiqOvAe%T0#{tnhiLPv6% z6QlU<Ke8Ug>r1rNipyOwVLD{KzBZsos|O)=pBs3fldvN6<!+iCoz>R}FfX~gzhDF( z;|E`i?oIosYapf`nL-AX(uF&8joVn!RPN;9prf84=G`&F6YVB0-fib+cIQ2NmbYG2 zt!<3C^%Q<?aM3Ame?wk7cNKZyk&i>iWvHQ8UatPc4fJ_BgLZo4QJA0>twLrTuc7nk ziDT3nMlQJi3OIx?o1vuONyaVZ2Yjym(U|{|i_5|Q5>@w6vbT9TgrCbcl-BwXS9h?Q zhLQO2qokcr8go=*VyKIykqVs^i?Pm`$5tVZ<q~?8@^@-4t*SsFqIH-44}0$dXIEL? z`>$Nka8pFI+S+!AM1qnKt|A7SVP-<2Nf<IiK!id_LI~t$5^joZKvcA7sbXteY^~B$ z+hWy96_3=$miA9i`CDqOe?0XPTYE~Z6))JLsGR4!e*2l{eb;60J;?+(|I_5NXV2`t z*84u!-*b82wbr{f{q}(`JM*_b@;C3h|E>>x{1som?brVE-VO5xmkfU8^7H=mh2Plq zhmSpYz=da@_S+Zz=lK_`c<8TR@T+T%c)`O*Z~VyI2mk!AU5DTP`1I?yKJ%VezUeJL zb?Vihf7t;~f4*HSaOmkD_~iSZdF_ff{nL?W{M5I`KK8NM@4M)c*FW^u-(Na%@2>B! zebv@~UGdM`4qo!UzkAN@FBzC|(DPsT{__t1z_xoX{_q>$cgZi^IcLF}o_)aCUpn*` zUv}VEjvIQz3-4HV;V19=t)Kb3hi884a|{3IBOko=Pha)w<L}t^=v~wAd&iA`d)J4) z^M%82zUuTx9=>_bz`HJg)=OXdqj$V~(?Ku2an_!JPapOBFMnW;?Y({d8L#=$MK{hn z?10~Wq4itdde>ubzu~w~|BWS`x8A<+?f-V|ukQKp#Z}kdcKZ82bl@ciobk*r{%HCw zZ~OFvOMddNPXF=^A6fC)^M7^qA07HPKm8Avul<KN{pCOGIAZfjFZ=w-M?CV0Bme2c z5B|%{d)|K9mp3e0Kl8Ltes$N97k}}pJ3fEkjz4+ET_5_ytiQkLj<;R>zveD|`fVp} zd+UpT@uHu6?QsuYa?WAjdD#IcKJ6<T9=&hoJ)b=E&A)l-;I|H%fA#xqweWRY5B;sD z{rJTBM?8AiXSRImj4yoo%`Z9n^uN4#=;P}@`O|-V+DpFr;tOZJ;2m$j_+x+a!+|T8 zuA8&{9Xsw^`OP0+|F+@}-nr<a`&NH+_|s2&<NMzG`5B)%z4)`w-t_T{U-Rty&j0gu z&$(dh!qI<u&Wt}9y7<{UZ~Xi>zHz~pzxl+UUU<#vA2{=<Pks7^3%_>pyMF1AWgk5F zk`spqzk5dUl7lWg{4K|R`V&w8>Uqcg#WgS3`HL?-=ym_|f!}z;`ui4N`^;tMJo55s z5B=5buiyPMFaNc#p1As|8=m`v@13#mv2R~L|Hcpf-DAfd{M#@1yH9`OT_?Qp?zcSl zi+6qJw}1bVpLpHfAG!I=S-<wE<!?9r?RUSm=et{{|K8s(d&l8#y6s)B|Muvnd2jfI z7Zulic=ml?zw@{gHooL71H<op=fis*e)ZwAp7n+={l}3<J@e5={-499-S@fT*H^uG z>=nPe?a&L4`}?yVu+`IFf5WGK<;&0g{bzjez}F32`o<spdhy7&?s?<~AN%%8|N2vh z{*OO?%|qLN<>XP@AaLf*hduK6`^PRg?$)<{<}Vif;I8-F`mYxpanw=Y`~9~aeDL#L z`LW+z`>&7xf1kS3P9ON~89)Ebzklm%|LFG)yy+)Dx#fmSuiW+Ye|-PHowMjG9~+<l zh0j0tZR0OmI{(P${NaDR>kppx;iCq=xpVoR7rp0}#doc{*=`i@1?~&5?717i`aiC` z<k*iHN2lNR<v;)4J8pgMTTl9h_k80|{@{R}>p%GuHyvC2)H5#m+joBDwxx^SH{<?y zerWtp?i@Y&4X^+92R?WFF)w}ofBVwvGk)nWFI)QFs~@^%`uTJI@z%SZIqxqn|I|s- z&i&!z-#h4~NB-T1Hr{v6vw!n5m%rqko&R+4;^_}wc=OM^cl|TYyx`{#zwZ-^PP_lu z%{za&xZ*9pFsJy^sptK_A3JR4-7`M*iI@G(m%nt@A)ornp+}xHec<0_pZUOH)0Y1D zXTN>)RsVePAD;27bAI}QBQ8Atv46b#Y4d;ezn#DJwMYEHe?0fqe|GrJT~GUmCGY>p z>L35kgSY<imw(~?|7_PczW0|mJU({tdro=fRrh{=*Vm`L`)@z{h08y_=-8KD`H_Ek z`^?Wj=UE>=;9I}`_ow{ro6q>ruYL7T-!}Ko2fq8!|NPyLzy3FFI_c3HZaL)-58Uyi z&%S2bYcII@n>X$FtB?QBgKjXC7~OdFV{hNGYR!k<`p1vG@q<VH-pyZL{qpC(=jg@H zzV;tKdf!Jb_?>6WJnUH?dDpDJyz26s-gMiQZ(dS7>si0>$Y)Qv;tP+y@QJzk!6`ra z_|JaouYdD{OSb(ocLpn#j;t8|qcbnLaddE3ao<ip;Ra52KdfnX<0t#K!fp;WW;a|N zup0`lvxj+HZ8zLnW4{g9`)2!Whuz3?qy6VQyF-~BIcDFD*{6KVZ+x?%yq#h>;3z+z zZvPLRc2Tis#+cotaJ${8f3-c-W5{ksw%JD9X73yA#&#!^C+NrY&UshZ4bx_o_rtic zGj>q4*+$u9^Km<^qS#s7P@c1>xZK7*r1<w4cJB}kR!l3VmEYZI-woPrx~AEPJMEDu zDMwX~b*j$$j-B^HJ8yb<-cZRcQn5WW_OB|-pX|soAAhxRx}oHFz-}gbwB3+!v&pL} zWtaaGE!!1F*(RfBt<hDbYHH+*T?~|#QypKDHV7(pl*@Y1q_o*+a*Hd9+-_agF1G=@ z!JFOUB-89_yLp@>j~&ZGu_Arihon2UI2AT5IYUQiUUW#x`)<dp8^)G|yUTZ@SvCJ$ zzT6<KD85qOaIqUMY%@RDWY%+a>G{2->Av_Ih6!hwPd#jYy3=k=8>6JM!OQ%gFkzP6 zmT&$fG2!Jl*LgNqU_$t8&gYof+E)7ySKICX)OoD)eT&huY=ZBYZ$pV?y?n%F@HCUb zVI5pdefOZmu8>{syDzc1FX&4Sxj(HmIiTZx@gwKIs&_`ds<fXCt(I%I1T1|p*M0xK z)J^~W#=mujjT;QZx0r48w(?>MF(VL5k$CUo-U+66#l4XZCvAQvocL#pd7Lx3nCD|p zo!^+Sr%;xuuT=TZeWm|A;;%dM>=og<<F7KRz+c&Ab9`HFR){rTX0J7d+j|w&_Jdrf zHm=pVtj0`5hVF9pxVB`b?C3y?A4e1iOtYJ#m;ZX@uy!NW3Hy7@9&g31*>+kMNtD>w zk-ukl8c|qvXmNOP@<f~(H7)Hhj|v+*%nn{`82)>ft3K3_t3GVEwtc4g-@lddalYZb z-IBQc=i|>V7EO#lW}~k*WZF^2FY>qzWei)>L9FXKGb_K)+ymv@#msu1{IK1|mbs_d zcRS0Ot8<@_@HS{Ot+#o}#mVQlH_Wx5xZC*r#sr_EgHNtLhD;Y^98@*APDV{9@0k*v ztSt7Jjm$UiTx)ajbC1o4mbTf?^%K!KbTVp3G55af1bbtaO~pf|5oI$~J{J^!^aSc8 za)*u?cVc=!elm4Bp?1SdsNFyYdCGwOc6C|nZmHSs)agWiLY*Z)+0ZaoyH1`yCAc+g zbAuEcjQi~sJUQHIC$F`K?TGCq!mYN7eZah=sn!O+@aqE;4Dnp;P<zzUi<0rkr`MS5 zH`u6-m$JyP|HU@b-FBPqgBr(MXb(?t`l@)h!>HUk;ZZZDPb)Edu}OGsacyz1jrYcq z+rXWvlINbj<mq|G8jIYUO1Ywklz+%O$K?6JDU|0qCeIIck>}zGd5(AF*Bh%`w&xi2 z8}_qokrCFqzKpaTb4_sL<rDNrEkI?z-J%hFDr)@K+HYj-Raw8%Wc|@e%Q{dj9gleW zN|W_RyU03f*74E@w%GAR=_c%P8QZopJEGZsrzVeCW|CQNG|-8I5@CYf_`dWXuz8iq z_>eLW;8?QFjdrB^c;F~qqt*5~mQ7EKoAmQ<MyH>%&c=A7jd5r>#-N?O(T=>v&WdbK zbq!ilpOJBiUSux=b}V(*<@OtKbh|wYm?O7p8bd{=b-*5cFspb*InTHqj~!HLlh(Xf z_)2>m@*kTGJk!p(p);Q2*YnHB?RY~xr5|vO&AiR%&^Yhy^c-Jlk4<Hq!y3m~Xb(d0 zan$o9Z{KE;a~q0rPAkWG*2Fl0S5u?!vrR`=mncl90eyMSo_0HkPXi`py1HoKHFl); zVM5-iZNL|}hUU;LUEUp*dl2jB`nlyu$ZfW9m7Rlp(VVKO-F7xPnp?#BQgZT{b!H#l zQ9RQqB+FTC@A?;Xrgo9i+1nOEFWvMz-yZtw`lV(;V#@focC5zxFkxE@?HE5Nw+Z-u z;_X5-U=3jh(s;=6@Zu7qSy(WbdAuXpSgARo0=ZS_U1Pc4w`Q22xzRX!1`&meb-iOt zYfQo*Q2$tv)9SK)qA{SZZ!}FkAd14)+A-juDaiqs+QUcAHVNV{X`QH^jl5_21pY@2 zOILlX`4{#*xAbq$-fUS}DpO*i*R}sSQSVuIzY`C<uKhumx;EwnuXfaCCDQC@oL4oi z-3)#L&tqQIw2!sUo7S`=CLPwLKuPBneQleV75fpd3(7kB`;BuRSJu&XllrWV_S$!9 z^trN8j|0Vs>3OV!hM~`86Sy-{`r9_EN`=|N`?Y3~M7ZF)S;rSy{&cIwyuH<N&@ooZ z8PD%dN3M03|3yYAbnLCpS4_wwr-L;*X?&eoTW>qK$f5vrJT>ef@>EvC@b~}n>&G9z z(R{-F8e41j?6e+zvVD88c?D~qpf#CAtRkaNkEi76zhZVgv&?<L1A3F>&z!l=DhM(v zJZy8B?dPaUmbcbyL}(Wh8YuhA%<i3nm~X(=>t_`Qbmnu)n2p@F>729dyX)+nr!|~& zO_{BW&uUemEPk8$AS=P*Ahl)k^lK)37~bKO98%RoRc_?9)EPl1)z8K<pTNthG>{1Y zb`IQ7#=%=GzyE3T?Wa%V<$Nnl{X?7og%k5bJsAoTb*bsN=NAi$*G(L^cXVEAT&=hN z;8IR$O6zI%0J1}hSq-%QnbB~>1Pzy(KFHNX=Tyfew~1H@a_d-AY8xJ0LSa{j7oRZt z!j9D|ktM^kEKAx;#~~jCugM@iq7g5YCsL7M-5z7YBUItk>5#3;zDLYfE-Up)cU`hq z@33xL%1Z0>VK3pYHyT}Aj8FLjeJkuGueQ9hsrm!fOFSZ1*FU$f`NcaYbQ|`yuJoC; zb_Viqqno<vTKgWa$mI%>TxIebDEp(tLXL}y(0$~iU3}!Ttv<4@#NcB(oVZWnE5Ej1 zd0B7r*iv#8oP-a3)H2#OANpTL+fPi;MqP^!?MV2DntiJBJNZ%?)3GxurHBt{lu!K$ zIm(~NZ>at0WT+EMuPhxybypr8)|HWgY%-0UpoU_KS8b>;=FQ^+>-)qmYWbK?O80Y! z4{tMCJwC)a-Y=I06J65Yk)$$Uy#{p(h<8HatCIZ+ZeZanY0QYZzzM3>oYDb{ryGjz z+o$Yuq1Q!sNp&hCyASMLoY>GI&S}fzME|s5(~9NIw6)vx{*MdK@2s2BmlJC4Fgd5u z+<l*1<}DNcHEi+*vsi;b|HO8!;Gm()?9<hzoBB#DN0TvtTbG$WBX;mfQ;h%3;;=Ht z|0t>BoTmS7G#xZS(<U2L|6*<U$l|f$#T_0Udqt;?ly0A4$NZu_o}4x08*L34?C|)g ztOV|^G(PEivO=k@Y%_<7Vyw3wRQeakr+I<<gXFf=jzJ!bt-0_=<tn}hljyqEMytl0 z?M4d~_gWj{8XLvyeeYBMvZ3E*iwpKpw$3^WT#M&-*wL|vvztE2NA%DA>92}YOPxI4 zpp$>GaqBvnD(rQ8Weu0LZEP@fHP?2q*6rA%nE1wy$z`N#Y(ka`a=SHp52m^<48GyR z8!e}4vv0H)xxgO#iyc~c6c)}bxhx;(V&4x>+P>4ZZ20kiz3rTiuIFjgDOe}j5AVJC zmTkg0vugdG^T=Pc&h61cIf`;Z<jh)pc))J69q@rOiECfCvr}()#AJ_5+xNq|?Z4e@ ze`^=pKVuR$;JYl`{vYUK{|`SQ_CIKHQH_ATQB}oCd9L#uw^!PcZtwLo6~CM8JI!%G zd#_-X*Kg@e>GGLM%&v3RY|ANy<m{erfD+ns(+_tCnf*F<pzY>zoe~QK#pMT#t#~KA zR!vLhp*TpEf(;+kvEld>?{CVIs<{2OF1CAXhTBzrDhtc)p`H)j+r@tWxrhBeV@i76 zW0lAy1M-{`o23tFkL|Sn>{+EAz!k6_Eof!JqvO2tq2n4sw(({=Ki2lfO*5bm^;xpE z-{~Q|zk|PzG{mw$Z^7T76EvGue7mG`tfZ3;?Rj?n#l=R|GVAY+S%&VBofT6sm1ym` zipS$O+fn_~{4-_z{az!@0}b&vtpVm61+$9plr)bTE!eWte2zUteyK%Kr<jb42(a4D z5ykG~@9)%=|ItXp{6-pr*ZDnp4H+*iUSafpx1@L6Xz}>s)<CSH-owvCqxVdv##RSy zd_^K`Ea=K@bdPCvj~xensf7};*4Yl8AsMLsl#PDeZ0kA3m+}zeHn~i)_o!o^pXp+s z|K5jv?wqjC5u@;Glhkz`8tYa{4$z+4I0H`qK%ext+v>mDeDz#0mGS)IeG|6YOn+D` z)GPBM(@Hy1?5XmcA-5JfDE`m+n%^g1>OD5u|G!&br8{2>?aGQKo0j!JJGE_U*G}pF zu<eLY`Tp66sghBf?Gq=3&#C28vDfWB$L2JT(Hwy<s{8gGmzS1yPafeYmm;%YH>dq9 zRdkk3<k;Me=5|~EbDO=pO{BP7r#b8#l)%!f$Q=ESsl(<vuVDl2xLmbe<%dxN&X|%M zLU=%KNBt1>#nq;1Wk8p9Pyoxi_plo#*3Q3K992wD`tT`F-!#9R(OC=0*K5e$F0-+z zI*FKAJ)OGh{H$Jag(f{8`Xkix^vj7?8|)fLyjwM?`|{MtV^xiBFi(|M(21wItoB|m z_5Odid9Vj`0zG>=GDL!NjS{Yy0PU($B9o<7q1sF3DalQ>Ev2&4%#t0uYgyev*W{l1 zH+fs4$4j0CN7N(K7<jRwZ9WGx^Ig^6<~GX6Wk=1t|K&uE8&@Ao8p23&_She?)a0hU z^wK?Or7Fkw2lyW4xW;0tb=ohjLq=QkH3v^5jf%A$155VOhD>8kfq1>H?0<nL*lX-$ z>qov^uea~l+KiUSm*(A`+hPl`uZrX7rt*{h;Iaen)66XnD}K)UG>04JzR}t5@K3G~ z;|v;dunxv*b23gbt;F@;v111fyPsWRxAwEv<51Ju=74QfomD)iJWrLSRvYlFv|@AO zA}5G7+aVj{T+@np8$9S&IyC)kalY+8Il{(%LwS1G`2Ns==ZO92VNZh|F4_w{OpKH0 z0eMOf<ED40ihMlJYPE;QbMT16sZLz)>cJ32v|38UpsPxr>B!uqn{%!9dUEyR{jq-Z zvb#YqV|$^OiE&!=LNA1Pq!qPXEAmy@d$Uf!BJE103qxkDnANXN<S)`nQS{?4)29Tp zSRc^N6%aHcnWC+)_+ziwma=ScfVC>$ArI&4?K9s^t-bc1zi^(i1zB~TE7+4~4GV6l zV8PVzHe~ZcRh2I~>`+8!ikt%Og4*q-J#rg9b&h<0IM-`z=wz}S!M`VtpL1;Xs7!+| zMM_zma|Y*heX(bcjnV?21h=jm<ySh|*UQOR^sgI_FR??uH?3IoeS6KCUKEen`@z$T zMdJq-#i90ovAsqQFRXW2EaG*?Nrm;Uibapw>k<3?hxYy>d!2e}Q9N$%ye@gU^*m-4 zi+Fv@em~gWdEK(Guxl5JMbEa^g42uQh4#+t`b9-C$KH7@87zvq_Wojf-8Ebk3+$cO zvL!`vvc2=V&whV+MzNFEu}cf<R~9>Yz1x02U}mxNY4*DO6@^{jRqW(-k6na&h`k?b zuj`i;b{$5slh;wUUGaJL&g*OT`wQ%Sw!N;mX!jy}=XLF?i{d5rKF?mCv)_-icV4&u zd{LZa@4ODVq$qwct=Pru&P#2s>BTNy->~2J%qVt!(_U-W6xO3GcJbP6@cw;!f6QL* zy{xeH%wiX>53Dz3%q(_Ix0gA#?WZVq@p^QF-P^|A546{{R}^;bNwJI9BX(n$BkcVr z?6uWE`T6$#Q}+7WYl`A1d*^kBnfcN7&g*OT`+R%nb(38{bG*HuXs?s(VulN!K5gQz zJg1qBfh<_z<`OyVk#lCfYi!Lp&?5Istc|Pp*4tUzibJh8u&Vqm?rky0#uzC0d2HvM zqsTJ+Dph8q=gGA`3vJ%Gg6|Cb<kj{WRo8kug1>dG@<rub2N}JrQ?P>EeAN$hYn4M+ zWD+ZciD#8P;?p|g4A>~?|DY%zLG*+dlQ;U+i)R!$Rn;@K;*!hHuRc;&Up~IMAV1XZ zeW!QwbS^Z$)4765q^xz{eV4EH_(P?lNxxF{^Pr`TPVB@rOh=j+O%2N~86q1wRE(34 zLe7lU=(<vBUUFukEn~4aVq=-bYnD{^{2uzpvZ?ah>EyfmY%W_o=+egT-CEk`hNt~C zH&oNzVgKDa^Q>NSKx+Gwo>bfI{tOj#TSWPQt*Wuo)7v}ZJZuL{$?YY)!?hx0$<N!r z9-PnBPGJ=#Qpu%w%<h9~Ce>R~LQ8hDcC-0j*1{+t`M!*SJf@Bs`j)EU+9lhID|)2t zJJ9-V_i+k4YMRyZYt3FkN9AW){S|hx@7Vhe)Gy!@nH`wMOY1<|XB9E5Nvrcq@3kz# zym@No3|y_-kk7Vtiss7gzJ0#;+I&;*l_}Qel(g%&$pedGiP1M=aRw_PHevr{2Ob-9 z#9>EOnmZjip~Gt{<7f}@Hj7qmBh4=JtJ#IdP{qOVV>W+OheJk@a*OrWvp&X9Q+XLy z&%f)RfO$`_naKsKvom*2?SS3kfg@)dmF^pOpX^`wzoGOJj;i9EBr#$g2Vy;40`3W^ z6-kZ8S>k-zB<F6Quduxm*r;;o%WPh<PURx>j@_d*g6IGz$zj<SOb!)xfIazG>TGBa zE_w20c0BnroRjAe)!IfHwsExU8k=NSD=Q~NQEVi3utv9g)W(F~pk=L%k=iypyxC6? znO|<*I&)~^sC5<XHre0Kgx}dF$?ClWnvf6cAS+yN)M6Xg7){8;cPoR`fuurQa&3AA zvVKRiqPW@SUu@^A6CG#8Sjbqq-CO$55qzX~G!Pvj>jg%~GUH;kX-x>i{ubR0>beHc zy`_b2ENY9@ZtUYC5<Bf<mN5<6-@bF1s0dDY4wTX(I?x3pG0qC33;WsLKuKZOC^pMb z5fE!3<HYi1v6ALwC|YWC(mD5$UTY(9W%$}gdUmzYqb@9!E$D(z$S1iv3;S_d?VX;b zOUZ7;=+)h;eCHQCv+3o?3Rl|vvfd_%E}XChGKsa8PxOB-xj^c(9@Cqnh<mKAPowI| z@wj{RxV<tL84PF}_yAsTe+4ob;Z9T^E`7Ji97`e+h{l!WNW&8|th1hj*D+1Fa=Fol z)ub__Ua!S0^G*K)oiP<*>PH9eDx)TTo^SJjoO#t5<7z)P(VXfY4{}6nt`Hp&h>hLH zRU{#PP}6c9iM$L9YnCZ<r}+m*vO_-geRx84-RE|Xp<|@TLRKRiQv{^y&i5RI=AB38 zNo`eCcUVtd1F2k_d5j}`7V(qLgQaN&LH&!VnrGbj!GDM{`!;68C+Z1oUo`LQxXKqm zKXuJ>9r>)}_*LKWD?=2=(2+W7p0CyYr}>N~A0p4F&R0bPzZ+NRw?3mE(=^AUHb-g$ zV6o@LT>B{7mDQ4EvC|O$h+0(fw3pS1s_{<7Q00QopR&Uk7m1RqveQPnmF|dyS4$(T z^5b9K@tG{Unqe2lLz8T^kKXU>=yKaz*<zzr{pG82*ex<9`_u|}x4H6TwKp9pfuD}N z*r<Fh@WO4e33D&Cxry&W-+K0ge9<?4OJCaW%H$~WP-niVtnek>Auf3Fss(H6jmL4G z^nA9RB`nYF27Au0R@W|lyqB8O^A=?@)jSic0^={WqoGf`frwYSR*cT7d%k)Jsh>be zij`rv@`pOkL9Kg<Q<n4NGIhL6Wg0q!Qq6|PxHqyg;r$b@wXREQ7UD5?WZZ1K$G~B) z$D3<K&$Y3nprXx>`XATxzkJ;7X0hrdVSn{mPBq$7*`wb)pK6xlXoGEr9Pt`;Py3Z& z_uAMq%Kk=MRHF_10O7dzf@*tNCUkl=vUWnF4@^`1Q$GZI(7ZXmcyBG=WrNo^ZhE$< ztjTBAiU_?MVUD_d@&?Cn{D-?;@J?O7+N?X>%ahNd@#Tq%kobT;^)+hrk<S6|RSxU( zMD&ovt}*^VQ)IH)C{vy3KF64O?hUfdD{0Z}D@ysVE7$0>mZo)<ZRID7gFFIX$mjg7 z1+1-uC%vge7J)A(nLd42jA}ZtiTi@mvx)mp*E5V}Y}LrCO5G@LZyzi20`G~qtb|we zSZ3Rvr+Idl@?-4^(|N@y_I|v5!q1cKJ9<Y;%gh!O6}2D-BXiGr>@!8$kX>qt%rK{n zHoYx`e4JQ^6zScaYnmprlDym-gp=Oumi2+3iiAjnnLrP>5*?!~$gf6nE!|}EHT6W= zdJFYv>iDl3U*p!h3aa3nkg%||nr0fJ2L&(ULbG^ODeNBB!~pDH{yc1&!guK{fx5(} z==dn3U?lH}5|{9eyr#;rmkzReBGG@!Ef1UunutsFG0|kbS4m98GW!`B?5~eYu9V+D zo3XG|q}GkjlWe@@B}TBCullH(Q8?$$9p@~yW7CYM*E!H#oku9n$_e`dkbycjO?eqR z)sIQ!du#&@ZMj?%z3c%)F3SC@9NPYmhVhBde&37Ozu;1_a}4X!crI_lSIOp-eM!Pi zUDyjvqT>^>L)J_tB)kN#=`^pkqm=1@)?C$3EKn8ls`41ETj*HFCeBrMRP7Ao1JZ+I zqcUM;QuiQoNxJJkl41{YbDTzCe<NK(MsizHoWmQ%$)!g1+9W>E4<4~mV%NX#_{VO8 zYjMS1eqx}IO_J42AhP=2&PQOpJ=nc?RdKp?dj_rNdanKD$k(oC$rX)nF5?uMcTIzr zbjosl<VcmHht3?e(Y6^+=nZ;_<sRjbkaWJb)HqxT<vknLo*2h0dU16cn3XYgX57nv z@3Zz{8!^vGUA{SoDRuNDp9tEBl?!aHl}4jyyb*zO`hKp1_Qcly^ZIs;xfk}*(;bEh z>3osn3z@M9Y@ZtENYmVap`_oxgIy&;@Mf92?VxQkT5J|?^xD>Yu&f~w|G)`lG@yXI z6gz|lU(aL=@*8}No)P=Gt}AUl(7@NPJ-2YHYol_7t#OQ(GZJINHld}x7sAYN59X+D z5FJ#&AS+k^szGm^XU>#O2p`<rs<Oa_=9*0mmh#j33z10uuI-j_ESSg>j<Vy(Ef^a# z2ldpgh@%F|vG7^44y`h!qfqm)(n3W9?NHu)Zx%mW9?#s(G{)R7uw%wbdALR8-{H&D zqfnL7#Cg!fPGR!KI7_nOJnRCjPw_B4jxk0}9&vSZe2Yw~SJB6}nq#D_xxg;(Qz(N? zk2}J~(LJi-Q*^huBWLUdO9}nOamcSZ&crd&U9~qC-!HN;21}budv^n7KS(I;B94_* zfWOBi(nLmhH)}=UeT-Zf-?A-M1hs~}Hv67@WTnj#-qU6|G3pXKN4a7uQ|L{vz6x)W z-2AG)7-!hVfg>;m|4lKA(a;o>5v|c6eut%`yf3sds4;YBB4Q=gDLF6qKEb2rS$r1i ztj^9XO4-0WGQ%^;5P~|}=WAmxvCmmyOFx%igCDA0H`{O8ahb~=y&$Ki?-=7un~!RO zJI=R_fo<YL*CZ5NZ`eO>G}V#bksBOKyVAmM-!F=W)kzJnQl?d}!qa+F_rfHX20N<R zziL;;fiAxqNbvyMWLAAAy`XQcq(f^OH}d|*fPFV&dMB%K%vD4X6}i<!Z-cprbh=WN zGogTWP>sZ_Xg;Nteu&S(`5yfvv!p(d?FWZ&LM{V#r`6hB`>dz#_rsRYL{}9JgpTk( z<c?+GJ@AIa;49aFtV1h!5xuoL@@SJG^WYu2ml^RxXTUcjD?i4IBfhC}V8sEsuu|?( zocYs!5;S3V9&s7FuIoBJs8R?^$IBFrp?I>A^UVFuebyPibxPUw;krcR;}KVKWY2-5 zAqxfFR26x*!;hD?^2j5(;{9Nn?_qUaE6%DSLW)s|a@WHX3=5qm>CQch&KiF9<mt<K zuE*NCmAkHHO`i%JOk>tOvsGn)Y0PTB&YhSBhF)2Emg~<gy)6UNE)n`D%IEaAFp^FV z`88GqJ~q{_F>A9mU^nvpZuX$)igf8A5HYLcj`Zn?-7ptge5SmP?#&(cogy-^Uo|5b z;Z|VRvlu1|jU!6a7m932cs0kmuk`v(u%E6g{2(eNzCF>tRkWC6UhK0_-@Vd4M`Io# zK+%YxJ~9*|eRVVIxFss&y<}agur#L6Rumt$`BvIU)o#9@;iy}u|M-qCD@x@Vnq~!e zVke0zJ7g_>VxOQSrE@%r<m-n)?+&APw3J7BKJsptG<v|^K}l&SG8AZ}56#XpWs+!L z`tezBD|KAeA9LnhI|V*hJ|0wvM|7{T2W@U>BIY?pg4xuWLTz99hN7^NqPTOv(bS~R z@I0&z3Y7^Xv)<HV(_?mCZvRsuKd-uStA3*AyW8SJ8-LBUu`J&0q-vA?d1^lkOwyN{ zof79A_pww~20ZtS^K!eaTHTToDe3=F|Er_xV`61hyQZV+{a9J0&&b(9PZc9lO!d9M z><I}ZNY^!(Roz%!jdX<_Nv4}x7*Ug2NPF{AE`808j0Fp=(h?R7&7hm^v?k=|ct=Rl zCv>5!6|43h1=R&&KY{1Bpc)dCq_y+ZuN|Zhgl7B>y`YdXr^qQ;`#`cG%Qjth!x(Ht z-bi&JjnZ41V{3unxPCunBG%k$e%UM5kRx!lhsS~DSmabyrLGthXd7I?dmt^*yC`mN zpl8%F?BS9J@Iv-hrJ+h=oCD_ej+2VS=rF86e&G?IDDE)YR+=0lPP(k!BhY%??vQ}n zP5pkkE>(>YSWi|MaRJK0eucm~gV+@`UfYVZ9E~k&6&(K)0?7iAAGHCNn$~sIIkl^6 ztsRMv#JumG#Jub$#=r3$EYc(L<mmA%L9%G0>jRUd>q?`I4hWc5wd7n<^oXeX-Nz-* zUh<>E!whI6mEUbv3y#>QXaOIs;(~0kPLrdjV@HmM-7=!oCY!7_G@na)?~ob4rDLxu z)iD68ZbDhvI_O12P{(SsRg~1TNGNi-h>x;Gs!C!=Kl=`mPJK=Ngo$4H{boBtFUFJy za(vk9iAISk4dE;6z{=XO9qEued4?W@$nJYp3v=XFo+^%3*htiAx;lcpE-=62pkj5~ zyy2f4XGHzV(d=Vk_Xm9p?fb`%usre8He!wrv46zZt%bFU1x;3!RwR-S{T`x#Ji-wb ziL2uYUDR(vX8L+Ae^rz9ops0tnIqlE9Y7bM@SthN&+_?PFXxrA@q5PB{jH7xSexz; zfb=wTRJY0`bOi;r!F<ix33%w*g?j8vTxd0b8V_{Q`A93ItV%LGmaB{8X?PF&60{pk z`gV&Y%WKy&a*r99&(YeksF@S*;)!Z(K)zG0<_7GWF&j0l2$+TVD=mvx{GCV`wQ%q$ z?8iDpDOx4632U0^qpDH_3a=!Zf#jM|-4Q?Ab3galHi?C=ktdAUERN-}!>H}B_WB-- zpr(on${)y&rVia^_8D)WHC+`7?PxEp<X-oaJm+abg3w}&iLF%EuIQVSD^ESXf6HVr z-tk5(FYOfjJ}T}x5RqMd7A#Ciovur;$HZ-h>@?pwzNVC-Y^<Bilt0L0JnqIGCCNZ} zQogf9p5R?C-{ZZ~?C>nRH}<gIBl~R2UCE-o!UD;#QEX9r?Sd~*BWC5Cd~cTXFMhF1 zJb6dil}Y&?n&8^^u;F>yMMS4g{8UjuF(T|kyoHs>$N8T5^YtusmQotRFRwShTv_rP z2qTF#d0ai;uKI#sheU<Z3l-Lub9;YX9B3bsKT9;a($a4?D{=Wp7l}Op>{(fCx+2bK z23ctpRVCl{@rjetDdT|qUJ0>7Ms?Z)HdnLWh&K3wES@aGsSQ0UOL8RktFV+?DAr2` zktb?iwC7$*<T$V7c876|Esu5RgzB@c=JW1>+g?b<_fMWUk?Y;vu?-(x-33;9;YAWt zY**}1X3<-QD~vLb9Sqe~&{ezk%qi8F$8$0TG9ShA@Br_0s9sK`GF5aBmhq5$!J~c5 zF63v;2g~wZB$AVNHL=HCtu~^S-iUZj@mChm-LK$0=<45NPc)f!9~t@|+;8zgQk~ii zTydIRc|<IHP1e~IdsBPvFAEPT%TC*J@22?GJ1QwJ_gD<hQki*&k<3Y*70+C|>91}D z9<@{KYQo8U_oL^~zLy0Q6CLFF?Vf*p=Xx*f7p#P<$YCWt{3awy-WjOiQD10@_fhW< zsqs5#pt?w}f5Oj3?6{`&J7g&&#^*Sjxa)}4&IK_|c<1!AX>qyjMqOrHF10*kthm6= z^9&<+a$cHyAM}pWd>NXF(5w_X`dn7ZkXYjOO1BEzZs&mx2O3yx=Mu+;O5XhrrtML| zI{=sONB@UIR^z!F0K3BRSP(Sry?GSyXt~|iem9s6=qN>oyi4fP^6ZrNru|O%|Gs$Y zpviut(Ls%_s2W~^r#f%BWy=bx-dGe5by-_akqVDVS1^&8Rzvb`uUG$AyXdUeo>;}X zCU@;&QzyPEZPrzF_PBAxjt``(?#pOtjow3$B`Ieob0*e9tFPaYn?xT1y)iR338v8L z(6{OfR6E<jjd&M=IOm+tIE<F(F3R7%excU)E*5%_^$;tV+dbBO-8rw)A|wh)IGR*- z-qgLxEfp^0ol8p!0xO^)?lObq70t-(xvM+<A|asXmHEj2sc^#k+LAPqYTqfLl_!^I zwI&D(k+t_i7*Cz4R6D|UUEAbQr!YQqoMS%+yTrn4rAyiTu%YU*Lc8wSmB*3GO5Q<o z^1R*%rh7e|RchI7cF@MrbLNmGcR4z~#GmfH(7X2|7Utcl$#o-zbRMg_M+3JE#}RZF zd%@5*7U0@IuZkFMLp)uD&NF>UqVm2V=y=C(_jj(7?px}G5nMq?ml;V!FQBc*QSB-| zS$Y#Hfc1XmSJQK6s%tfFH=GsSUU>3uE)s}+itWhpe}Wa*H6}@n{lCo);#oe;R^W(V z{Z{L|x+}J?i*PLR1C7aU{{Lz*7j|m*9W9l`Dw6;`PS5)kM@}!-l-sUW^=^yzT4Eht zc+-7HxcULghVa_xPb$KWnO4%Z1Vzz^+R8qa*|5T!Vx00rbWCjo29S$upI^l9B^Co$ z+IdyF^DIg0xBc@HIhXd5kVi<eWLuiuqeWmYd?<d=H;k*&)mdTn)9W|owc-rx^?dR= zvtMTL>-u}i&t-%}8Ao#JMT1xD>Ato5%(j~9Z`FN~YYTIwktW$R&5eYple%XDl4_n8 zQIT&i1}!5<CAz#b9=Vq8L+RCFQEc6BInm@|X}xj;p_GGCd4N;W1ChPAkD!NG^V!?@ zMvb+?=5>tJ+9uwCZ^ayG??XPSy^v(bx}%YM;Cn5Gon2OZ(KDyBLRX-TGgW17S$@?7 zmV;E7&+`V}xmUrs+2%aUiBGY=)LX!&sFJ+q0v{M5-Jj#RrQhG8x9y@e{14r1E9F6@ z!(7|UepUCRIk}{uYDqrKiYP~_e#Iw6C)MSpr9^~Oy7DEb7w$a=0&PTzbVTN>?}WL5 zp-#_yJA&&T{2EMk$)hI-wqiHX1c$M<0e|S<QBNAjUa8mU55b$qgIq^gR6kl`{N^f; z@zM@UE)(b4<GcFqlKXk46-jBaz0-LLMDV!AwRN&j_ct;MuIrJ_d#7qnX?x;?-~F2G zYg=$JwJB)pR_Ala4dk@4JPu6Xk=%7~#P$IM-G287#d=>8<D9^VAv=GY@jG1Vg|!O5 z!@;&L_2=;u>niL~KG(GBd4kJW)j8MP;gkMp)r+wf&&RiQ<W#+$*{|%aUeW9EUcTCP zckA?;@BZ}{`w;OE*I(QE8_^gZ1Ch0Y(*26|sw~K790`l!5|gWRjKAQ$tba9WZb>Oa z?bzF9*_<o@pRBKkh2Ac=@rTMYb*F})y`SE(=o~Scd=CWr289(vW0i>BbyF^o&etr7 z0h6eD8tGL4^sSjodzJkPci93lP3zB~lJ}p|yRLYTM7cnFf5koCo=eg~KUti5Y;}+I zRmCN?^LCkCO?zS4gYh-V$S=lQ#%4t7kKSFs>RN>E{n;e%$zV)<)b?>%!NtziTdT_= z?^4!BX8&drz4=<r_7Wvn`||5|mG9(zU%%?a`?hE~?WN0$((a}@3QhJ`)fQ_QO>|-d z`CWDEtKND2FqKpl1+`WaU16X3?CKJut$cN*dQ?;a(R&9KiLSEy{-t@s#EMz?)y@{W ztD}-#^h=w^-?~2Q6bw(x@pbCf)$3OUlfRKIfz9qKBW5@C^}I1ddh!tLlHM(M%$sAl z|0;Wp+xg2aCY){m$IH)W*ZR7-e&9)CdHiL?jXPB!A#x~1306V4=Z&td4P<WH2jEeP zeQ-^-w|BlvF6qcOb$-irT}?Fh<G1^VB744p)j3Txh2)#-9cAUCWz2ozVj?!>9f1+E zKP+&itpzW&>Q8qo;_8iyEmjZO=YwXWBc-jbEG<lN0ZXfTF&e0Q0JEuf!$!%flt+7| zp>9XFIODa8&c%}2>L?$x7bQ?Y&Y|6O<g=>C($2ZAW7piGv1$Jva_~KS^>y_$Rx)4Q zNy@z#3kiJiD#ZElYIeZ#j<&l=4VynS^+m=_&gzf0XGNYp5)0GZPgPdFp0D~6E?5oi ze=UE|IP|>%L)qEwba_Vg#R^@rpjbH|QftMRO4?%}Rk=qF&Dgdcge@_q>TPkz-%(8| zcNRX5mG+zS;MG>1v-jq#DDJ87M$JJ*<hwqU$#kbb_-v;d+lX<idn%m%k%=|3erO*x z+S4pNt+4Yt#p6_DFH}X<T#Wu=YJY1@uYTnnw&>mxexZs!)w=MAwLaFkSrd~_`^@T4 zxLv5%EL@@@l!k{Z^RBZyyo6n~OUAPxa^I8>w1V|J{ffVMkav;jAAv*s?RTZ{-b>0I z`v(W?KQ>skPT{%yAn(#d{E6y`eR9;zss6^3NZrn*qeW4?*UoQ>ciJ_D#>5|cJ)-j` zo#9c`e6ERh%N6QgW*X3$)K7kv%ZSlVny{ynJ6((qx6mhjs0ypD3Do=l^fLPGOrsa= zrjBd=`|nJ15632XI=!+R#a#9iAzh)B=T}6IT-x3Gtg`l%b`HpleQLEqH5h$d?#h+Q z7>z|&F}Je%E)R9=RFAmNR`sloXkPD$uGBI|jW+njD!mgyx2!0>(W2vaiQs2#c^G4+ z-BET8L@xvis`sZu2C4T(CpP4yE{0d?c*SNrCpxvR2XzNh6zz{!AGyif+PQTKa{Y>y z$;rU)y~*kTc7%m`zt}rC)Fytt>v<-{UOm~i=LbJ<NIXAy(R1SY!MC0f&ksK8=i>Rn zcMQezgP&*5_nl$S`Q`PX{qD~XzTckj>(39q;}!Az;5$|n6VDI6#h&Bq&kz3L%6NY8 zvFF9}gYUB6{rSPCo*&N-zR!O5=Lg^Os(60z?e^SXe}3>S7sm60@3}ahAAI*E$@7C( z$Mb_nH^uXVKWxAI^Mmi-8qW_tbz3|?c%waw*PkD}%YOIg2ajJJ&kz3GYvcLBcfKy3 zAAHE`&C%?6zSHe>zy0pd51zX-o*#UV{qD~XKIEo&e(?Ekj^_t|@h$QE;Nf42=Lg?x zzx(rpcia-s58n7Td!EWH?xi(m|Cg7Zzs$UcYftI6IAYOh)}D5)PgT8}{O&wEg3OQ= zWc~)N*vm&1q0Wu!816Z)y=q_~5t{oIs#Cnm{*wO-C+CzS@sln9@8HLnRp(@q?2c03 zluWtz(}&e<;>@P!5RXpK>k*2YA9~>6=wgpmGFn4M21l3ND(;gJr07moRh5u3v4iaM z{C`l6^kO_c;S}uKWECPKUToh&4S5%Rx_DM`P@az=+Ue_7so`((E%da;=Fna0bca0G z`Q#~HXybIFmnVrfuRi&ccB@xYO@*HJnDoFxkG*@R9r8Lxfrsu~Vxb3FP4Cw4^S5iG zx1{mLe&&X{SUY*h&LK*>bcrJ5>+>3q@u%kI_Q`sr`<7=(y(F-2RB*QH`E@0JO!m3P z-L<oCv{iN64^n`pYYjcvott|2z9R;@^?M`k9bPoi)o!O#gBm&2y=^JSr>X|ln`9Xg zlx{-0-o7Qw)jsrI)M)l@9zxE^bp`u65<E>cWmp{kKNZw@MT2$s!>gVvNp8XX?6Tfc z;;H^R+TudfI<yb~yCX({fXIc4QdLdl7`bn?+k>)i%eKmAh3-FkdZWHmLZ5yA(J?s> zcbe`pnj(TtZjAm=B8@BijtJ<JJq9CYAB?8FbGO+GnHy10_r=n^?1aeVXp_xyeLn;8 z$>*Y$*OOyd%h$a0b=MRRl@>2rsM`Y1bYH7paUh;6rrFOiZm{pkJ{y|#&ZjcXZO@gy z#puRAuq*iX{5Rx+Egfy&ftS=B>NYk-1Jw}e75v<nA5>?BksUYmc49}4P{!*H?P-`= zTHK=2u~m0ywO#h2yZ$N%lqG|k&_(}5e5?0P?7<f4YRA}1Ool^N%}~XuCrSlV&$j7U zfXwMASeuUoRxP)POV;7_ppf?}>tfO8P+g(EWS}$aJ=9O!eT4NMuL|Lg8q0YN-(gKf z_m1Hn;!7v~8nsX9bj8zRcGT>8cPRt;+BTcFmxqbFv>P^7(&&~JJu%gvMZp@p>>wf; z_PEUC;`iD2os`g#TkdT8girSvCwt1@^+aIyI_ht*37pWKFR^`e?dYsnn)|YNMyK?_ z>HcU>W?uE|J+;jgxm_$M<$><cHciugBYLoUxW;g*E<e`6&?y$8UVvY>hFxwk+SS9u z#;|83;7^zi8^KrUSj*}-L%5HuL|OeQRV$3fSglj{&$X(4dpliNx++Qbm@{i?$xdHb zJ+Y@ZjY}(|c6%E3=eo!Z8C`AmgYLu2s5%@es9<$R6DTJOL#umd6RCVhjDvh9&!FiY z`vrq{*t+fhdOr5`CXZ%6@cb*c|J)DV@3sCzE-+SV)ct<QIPm-T*KHVG<a5_^0Qo+v z3iQ4}YV^UV$Q>QfIr4bq_N#9=KK8S6EOuS(t5vZjqN2E4S&lMnKk*`bWR=ah(KM6x z`rQLqR}-$)y9hCIbG$|0vChvb8Y4k*TFvvf_^Z#rcljtf-?M+!a^!m4Go~Lpk)f&u zJeBOgvx4?ch~!ojU{pVIK%<Ymp>qWc2%~yMyl<G`nR&r9WB|XpMe>O%+CAmBl94p; zbY0#jUF1aA7Gs3eQ(fpgQM1P|LwA_+d5Cejeebr>WUm{IdUkWbOCU*Iqp8iLxX3v< z=W(RZe{IYB-iZZ?Co_Lj->*JvQQTznrk>9nc?Qw$x8P}aDRig8BRu=V`mw$4qvcr! zno_(~3<HHWm-z;IC3feY>YQM!VI5APav*R%?W`)N+*W+O^oV$BEs?Y8*(pL$Dfu|q zYBevAr$F(J&Kk6GAncHw)$i&hWNEXk$d&8#q|~H7(l0f(hBU3+U*O#%N!^|lh4+-c zMYI+dNSz!QO!Z8-UmtRA>RtwK(x{IOGGZxYDrB6pb*<Vvj!EmPAgC<5Marfpmq%Qw z>Z*y$up7tL?)vgE1Lc}V?Z>9rE40cafL);{*9Fm=xXn-H?9$PweG>Z+)LRSc>r`{q zV(++EovR<pi-I~i=B`IRyj<wb-VQQBkA~`)!)trKs@hZ0lj@I%CmATd;B$`L@&)0S z>&B06_symnp6jOKUdYr&{d)ja{aC3-))!Sp@San^C)hpOW|dP>+gD0-R#PnoCD@4H z@nE3DJVitFPNs$53fC^PSsgiVH$CNXRl60ibx`=a2`bPB-!W>M31XL6D74q34WG6n zNK?cJy<K9oNpHE7B2MNp1y0qaW(`!eD-u~_H25`d^uK(Dtu}speT5dTHg40ZFQ-G} zc#Vm6qaRey&~3l)l+5S#O+H_*=fAUeFW2+#Qg7g|+clcaYXV|H6VJ9zZ{tlyH(+3O z&8fGB(mqs9N1F|JrPa^aZePuQsLoW?uY@nDe<3wt)~1q2w=UhwVVU_4egW1Isf263 zQl|=DNRnc=<2^j%Tal0KDaV*&vh0>W`1R<TJ<TArQzxD|4@D`8ku#-NR*SZ3Uj&Q6 z?^*fBLUfJ#LuD@`=z>b&jOaj8L~`=6c1ieA!~~5l?9vW$zaOtg;3vM$amo?=FEWVg zbyqHxRdzgUHahmTb{zT>Mv5nOjo95J1lHIdv2uBG54`G=>w8I5wv1(jjEZ9IG<=Fr z^BL3~t!gFjV#+Qe;^N6f#pb9_G{SqaqI53)u4cya4rRNJ<yf=t$|Nhp8+$$5eypp_ zphIR-ZHm;@H<AYUhP^y`CW3T=6=5rU<GV*hSL$t0HOG$dct<^j%;~kQvh$cX&8-wa zsO69zM@ok3Wa8<>EN10*ENoBdKSUlrmE9@BhQ3ES*2zdt1NmoL++hsHr1wvk8V)_e z%1*h8zFTe-wx|3^oj~_PVmf`{Ep|mZGmMoI=Ncv7Y3bb;-IJ;to$Nr`Q_|>}iFY00 zHgIs*_)YuST%(NS=}t4RM{&CEMBP1|s)|vtRPV72+IPqWxkr|W#N<!jDRZ0lK8N=n z_Lxq=v#RGfrSurmIr7y2`H7FIoQBRONBJrOS5ZoL>AFq7^Iuq*zn)F)EoVh>s*SzE zq$}$|X4q(S^r^Hqml!IKbD1pcab6u?{LI3x9%6l_IXhPzN@vtwW^5bJzpS(?e2o2Z zF(!PpkJ(Pmv3B0LjqI4wexzhIY<}mlCZ1v0jHgcB=cYZ?)}w}u3*G$!tA~5;r0Bg3 zya-FcmdSKkj|26tu-~u;Rb|38?Un@l$cI%qt}4A1gj7W5H|0w^40QvaciZP!8#o)4 z8rf31a;Iy~jx9Z&V?Em9V|cu31<nA2p&Jb`o@kS|vNKa>3n##1*ST^~`j7Dm^K3F& z6~(+hbfngOo0oMeAMk}NP5VT>8&Q{^dlqtnR*zE9izMjqf78Cv-)VJMjjBV2)gyL| z!0DYU^hWF+4J#+&2);RNQuJ(v*>ufxvz?}XbgP})8{5;^lVhxGe$;qCzNxmQm3bzs zjm9l9zoNhb(4wNNs<ZTt4n=Wq4|<3+>&sZ`(NNY#M+$58-GzKA>tJT@DtYc5u~9i= z6HnwR%_}7JYAEM{o<}#CK5;zgTA$!#LuubGxq7^eyz%Ec5%=~ky!alL-nB9K!|Kik zvk=zXK^(dW?zeU8@%pNpwLD}v+fB|?C(>YdzK=9|1}x%J^MXz5?72nr3<<#x?8viz zuX6B)$T6G?^+Z8Catn2)&@|txgTlB%6tXQ4AW)exnOQj~o*Y-4tSk4Kht*K2w9x`W zlKlz+0-Kf_e=7_%Mhr>FrRLfZAXr<E^_b3_>@eOl;XiOd?m;XUn$dkEQq!fPauWUG zp1+CPI!oTjtm;oGLsq69nv%4%8tLde*KBaG)TGw#BXVuG%zVK_Zg`X(x6-JU^yr@{ zMx{rwCt$p!0nK`~k>_ve@k{LZrN#w3$_|i#P$NGJo!7HI&s(9bnTO!u1$NAsjS|+C ze+R~sPlBi^jRSVxknyB=L`~1{aV~RnuEz(rj_MfozHyB4ypn!w6bp~f$*0ow7U6EX z;u6OmVaJXX#~F|D8F}1FqZhs+ACax(@=d9=YjVo5(ksr1qi*jpzU1DtiV(*Pmpn8b z!!94}-|r-r=A?V9Vu>-(-SX1!s0ueG-xOvql0PV*4h}ma;@m~{{YpD4_cWn2k_5x5 zmLF#qrrWe$AtUm6<l%EoF8<`k^oiCf{Tjpd>seMF7m)_p6f=0YJ{@D3(E+mYlrj9e zs!v_1!gchFM7FlhaCViQp?n}63%!lo_f#g>l#n!+D>k{r=0S7o5_ysjDdtf(Q<DkR z2g>|IhyxDk$`X7zq=_D>kD9(?T(Cej$>hd`)-#P(VnI6JyDf$-vrp==*y9RWWV%X6 zbkVcc*4S^ZkF?j(+$ZwvSP1J#4W?}<5j3xcp@=aR0U7aJ!<dML@d@M7({-#zTZ*F* zrP99OeEWW+#8b4kt(?0#nrU1;Re~eQimN@I=E&jpi<UQ;_bOHe%^>v}qZ*tcLV>9q z6TKO5DeVF1-lA~EifG!2WwqKXzoK|xAN2`ENU&b>3t7<%l!8ROM@JZ*wK79&R^D-( zjfE}aiHu7$lE%H}BPKMj7cqLSTaD?o<@pO4fb_|Z4e3+&G}&7AMHD;H{VJmkuLRwd z86Z#5R_#G54m8U`ktDYWmrlAag}1<mc0B8vIi#1OQ&UE-$W4wp75<rWh6Krigz#83 z)nxAo7=Cq%UG+ZC>>4iIW`|6QUgP(tjob#PpwUuv{#8jsrCVjn1@?HNUCW=+QP(a~ zlzzQuCFDu1xj)`h&!2id&z!#RdR8yEtvle|0L4Y$S(?UURSif?Jqxg@Z8XO{);B%t zaTLSL_T3tw!`Fbq5@aF0>Dz5IDAIbS09ABQK;2&6hlk)3R2o7K&|kKMzc}~8Y&u%X zbc7e$;kwz5bGvPqq<as&W%5&^Tx0`9ahrWc?p*C4fUv|y=GHu{5^zT~-QObhaICeO zN$Ktu(8nDz)M3L<l<8C}7)FgdGT&6jrpVQFR}A7Alz?TD9w@Au7H<<>`d)X{h#njg zi~7|^snZ;HwA@{x0ZpJOaiUq8&!^J%{yqHWxoX-MNXO(zp70XA3-Rdp&B6zq$8-$u zBVYlHAlw!D5G|u(%WF>bF5GXP2Tk|Z@d<X+_A)A~(-AVxvpDFI?ZUI~{D7YmC%Sw^ zabHOjno6TS^zAWE(P~t?<m>dd&kEhx4*S|tD#*x{FA+W2Q{lD`-D&;eoi=fmTCd%^ z;YsJCy9L6PY!|E%$MA=wv2VT)-B&p$Q$=RsuMa%w{I*-Ns=46S{iVv)p2Q9xdJ6NC zdYkf5UBx48L~|fH`z;<aJ@Gg7s(hTEzBhn)aLWuZpsfOTwCUz??bOJ|lmjZ7wt3?M zll*}FAMKzYUgo=^S>^Ek{fd+P-A=J=H<gQei#jJo6(TGiu2n#&6&?sf^Ln&;m*9~E zRpkvtBF{~8^ukZ*CaAt6FNhjb@lduI{Z_YC9jmwu?`T*k&&n&;Z>=dmVMMs$>7x9; z+g_d*q_m_NX}azneGK&@hs#`JP1zp}6aaytsLn4LLcZQ6t;qs7zRnv_(c?RO<=qO; z_e9TVC#H$Z=6<(g1d;>2@d0H9LTTv1`ckc`G9x~E?@8SG+-_&7%?Rt$iZjJYX|vtR zrI|U!$wm!P8vi<F0(Ev7=FoeQgt>22x*97VlovN;J<`0>2k%fuhM68cudGS6FEcdT zY=yeJx1Knqalwv=+^3iHpIGLsV96s!|KNm9ea}p<oGto1`CWU}J<F+=^@9x3al1^K zMm?e2f01@vVjL{B-wZL$R~|H;hfOL%TuCWp)toKVD{<_AymP?*FEj3xA#;^7^+j66 zORrc+o};9m-JGR3rf6)cXRKYjQ;7I<K72JoHGv{(6`TCNf{e4S_}9{kt9CC5$lvJH z#Lgf+&r4Z!nt@=c%BzKMoa;L_oT^#VJYU_PG&N<`er1p}wC|afc*GL%LElfc+w`7B z5u_M)<x<eKl2fl6EJ7ONnnFc>P_wQpcBgSHd4)ecHO-ywH9d`#IN%*vkKdk2t7_J4 z^vJMus^7Y$SEH9(hhJHxYmz(?w&yACTTKy3`60f_Q)!vOdjWXjYNJg%u{bxS$GJg| zv4<_?g4{@Z1F%^3yAunQt?_qr%wrbc%iTS1;{46!I3R^AWT@P8(ciTq%*55u@Jl@M z-DvjwQ^U3Jba)cxNW!Y@;e-7Rsu$dPuv*ZFd_+|O(JqZO{ng=q$I?+7g(#3-L(j~T zC_ZyVNjq~z|4cboPND2g^tm@}o#B`Qf4&kU4QZ8!U1YMl_R*v<k0z0&Hd&jbN(KS` zdR9UPg#}_u`fQU?!})0p;k&R6Bpmm-kS4V<U-c}`LsGgA?125IoIlRyTX`jU>gHre zldzoq+|<g^g=&goI)<kb;qjiaUSV`@FaJ8aqymiVl>x)MXVbZkksLO!^)&5X1*h;+ z?^Ve@Q>)d=3dg8A(ynl>okl7rm7k{8oZ3pRT~;8#N;-VfG?v$0=Ps9Amtayej!Wjm z*YphUH^2p17_kA3_}n_H8XNVukW85@E3?RNgZ)(GuAbvLo{%wJQ&(n<?Gm*d0o8YF z_Ye0rTRSTHiw&$JYt3f8{ibJ8`E0UN`7!IQ8yfQDDo4t%=&nu$KEf|!*&6+{ed7mv zY|^nZZE=paQv7T~m2UPF-CZJ(tf9$@y!P3fSfY+A7PWR_SF_9M)N<{CdDHb3*C^cP z>sd$`uZBka(lgXl64ljQ{LnKC-n9<xb11`Pr4ZajrtR56bOJmpqEgjLq-V*pd8{zq zPZ~Qx<&D0}GVY;2Z1?NrX#~SYfoe9eM&rW~=;r$<K|V47G~OgPI$3Bl_5><+q|~Mo zbA(s^=4g&3kCn6#Ye9I)=sNQimm_=EWfRSa<x$P8E46849Z^d()U}c4LXH?W8(wI} zHZ<&}#lXI*KS?|N;}+`?D@`)h6-@j$-^1hfmiGuWQ$Jperja7(n)k+UH5!(ht{Fv< z&R5vPO;tjS!WjMb@g?)+rLSRe%6i~Kxd?uk?gFLW?`92JcPC=h<7N1XVvXl;aP2uZ zPxAB1!DF1{h+eDNG=3lsR@%3YCdlAC`v#w1Tw3;6Nsac`o^6>5Ju~8B_p39!%kgN* zGdM=AAQXWXWbbqGyUV?)n#4D-87gp&>}?gE3lAC^L@mPIqTGjlojWX^x|@uYyYr^m zvT~zTuH-WtjgHi3<;U)Yst1<Ycux-BjsW$2kM3<L?VcxvEXb7U8sazT%&jk9`JsoU zbsMyzv!ib*Kk`ft9g~3y+mu&fub`3SzAu^5m{CfO%PieF;|MUx?_lM)cA}l#Pd@g; zY54Hu<8tcJUiWM)tr;AT{YcP&os+A|#*l40Wzwhj<k5mEe5zB%2hoTnKBwb?=5E#* z2-aV%m0trMIa40N(z;96aNy;8N<C;EUtv;g>XrkLv+;yi??GTabmH8un=0+RHVG?l z%9XGT#)|cn@M)gO&@G<mnm5T@eF(<MdnBGO3XK(;$R6ZpJPnLzBO#Tzw;!0rdE4yU zV~o1q_*Z?N3V1-IX!Z|%!!;Dx%%1W{uVl0~PDeo<WY?4<f?}2WG#mv-)Riu^A5P%E z%R(7g;IKT9UNZ3${LpMr5Yp;DDue8d1==7h?|hMY)Ge#}geKY7ke%<<bQ|4aM`>5j zvt6+9UgLelxIyab?RXS%YgKNi8IUkM`(Ew*7}+qMDbMZ42Bd?<<^0vB{B)1rUWM3w z3HB22ntV&P1V%OAV-Y*#$}jGksJ#z-;yt_Sh<vAfUU^^SJ}x<R;5-BMoeBMQ)5rlQ zV@FY?U_p7_k@Hl~JgS_z?_55kd%oy4uDlZq!OD;eJs14U?{7pj0b{&>K{ZibDUu(? zn$ih&w9in_Ih*Hf+dH$uW{cg^saKy^&JtJ2vtxyP!0-5?o$l<OS4VEV{9aL#Zq7Pe z15bI8U5h$6;$A6aji5Sym`aJAY(!hP7h<QXVC1NC@_5-KH<yv*jrHy+EAdq3lgSrO zGI}^(BdI=3S78<HR0&HjNWpc>dv0%hQnd#xyNc*OpL-4SIF2tZ<*%3!xEFiDl_}C8 z%PTA&OR|)O3CUuW3(cgfIL+5K(AyBt&6!J3m1bJxA<XB!Vd+TN9xE`^%p<1p!0Fv~ z9uWzTQgun+l<(bEgxtfH3of(Ih)&w?z0A(x4&lp6SzyWB|F}Q2<ywieN-o`|2W=$v zHmG0cmh+GS$Uds85Y&3=vK7VGrtMvxDmg~Jh$NcuS{~LdFO{B%ZOCdvDLMShS4Oan zx@C6jPI&ahCy%xlp35GKuiI~Ft{^*$SU=RUbzfJVXMLK$HnhsBEEcx+h~HEbcyvMr zzB|Y5XJ7JEj}I@{%O2tXX*woeVE<mHo@ZB8U2HmBW_`gi^W4xSR>}V0>rCQ`7v2r5 zuG07lH8$va(td`fE35v?HmGAZl<`tn{#5b*X4^Q&D#WFBt=NBAMyv!lY81sK7H7uH zr*@d{q!pLvWvk57s7bv7Ropq<qK|e2wM8HA`DrgGNA<n}4fF-iz2l~SrRP+{a^iQ| zpBEogv~4}7$OU}mFDh)}S-M(B_Tek<pg)y1*$mf5F@y3yzjG8<0)!mTpNO&hlh3*w zp^FGjgjHQhu9@GrOBrANzEC<|E6VNn=JFj|-K3mL5h`QN!cn)kTokL*ozX?{MYGRt zeHP*=+KHVZXi@n9lF-^YQfiihGEAxl^7##Atmwa<&NDPcra?nS?@*I>EHA0JvdsI` zGxf}D<AlxR8k8LHhH6(_>w5b$W~co@C_ui*5wG)@+bu8K+pLLPHLsMLWRhl()e1zl z1d`W|C~B7Q&y!|&4ou&~uXw~N=moh%H<Z<fuRmbNUJ1FK(XCe1mDUm*<y}>9#`kX` zIXX}0TKrjTSHc}{J66db_*^x(EY))w&y0z%SYuQg;ZMq?r4u2N{22T8dWS1v@QU~b zo_%E$`=S!0>gOn~5#);NGcAW&UUn75dDIk=qbfhgW7WTx+Du;Oi5m447?H8-J1yxe zB18BSg`x)f>wG({+Be6wv^qLn=R3jX;!N$s(wuZ&Sgj)J3$dYy{;=<K(F!;8p%F<H z>tP%y14m*Nj+xQ0?nI>h8?r#}DyCgfsAgnkNqfplY;Wx)%}K?3b5)#6Tpd~=iFhOW z<I&P(KhIhnH|$+*e5ZF`!orA=!Z`A9W&&RWHRqJ}l<p^sI|^~#)L)k}*8Y2^uub=9 z25W3WgC>OJj(uRsN~39gC$m{)Bk0)yTzNqKEgaT0#ZCKA&|Yf4sWgQ%=w9A~oruOA z#Xog8LmJpO84EjX6rbDBMu@TAMvPrzlYe%p^g3qR0IheFyvMZzL-xrwqjT8kp@s(^ zuypLadq*Ok>rE^kGSsN{rae!}*VXrqD|JqUG;xO=&`$S&lcj+h`Q4-fCy3=BC;p(A z-~NoYh!1;j>vV@xTR)-jtNpJvd5xCZNOzftE@dS3*y<f_w55*Io|2RBE_riP#By%f zSJmue*mc!wJky5@sFE#n%_!DeU7N|RRObj;(|fk^2{DoRh_J#fjW7R+o*!e>W3YIU z7h|!EwXMabxyJ|dAen7e$H>RqJ7aFq^!k<>x*^-#c13BL`zRjtzw#vd@fMB6`AD9K zTwOWmI*43f$RnM-cjiUBTV~@6dAMUH`I`4SRY{SXfu$a?Se=XYd}$t?dpC5bq*$4R zcOlWF?gH8_U$6bJ|C}$`SMOeGul*rQidP!9%Zm%kE~pScI-WcBdftAcOm$7QF#Bxd zb&p9j&*f4-+xr=df@_{eY;3nHG)SHo2&0u$uF=9n=*i>N;kC>TZJxvF%%jbY(q2Hd zqpGnSDfXTN?7o}-)z{FKeR!@79rX5)CzLBArJlt`$@9qm;1|rn^Mb$Xb=}RfQ{6*m z*NjrC6sq>8Ytfo<g*->kogxDks(@QhCHh&bPW^Vbao@fI0)}vXfg`Z=(X5ShkBH(} ztT7Tto9wqA9h@++XV$TYJhRQV()G~LKpVwW8f%QUoYLO$xK7iZ7MHa)&<o!bXPRqi z)(`LlY7}UeWg|QOuIB~5|82PQJ$`^^ZLxccdhLV9H=_jO5;LkuftI`D1ow)ZV-fpR z_8K>wT5dV{+4g_D{Cu{J$+)1SUq92Ne~$6m+j~4jq(CxX{h_w2-xotz+Z;<>UV#pt zK^4X4y4VlrO%|Kj$AG`H9{6P864wv3`$Rh~MO_2sb4~gwFUQztPX@{s#j+VWPIc3D zJ;M}slQ&I$<|Hq#=g>nP8z7tQC!>mfw0BX{Jd*pQtt`E2rLBQ2wfoYovL4zp`)%0% z9<|?fujG-^|5lcIB9eK}sauQ}wty0OJeALC?<QX5ScI4M&I{-kflwYJ@Q7-U)BDYN zx5=*);B0nCf=cziQ+Gs4Y0uZOJ&RCh4s4CPKeVknXw?>*bJ~z?bb(Uo2r**sL7p?M zG(DbW8msO<^Zg3sHFy~ERVJc*0py&TJ4EXq{%OpYFP&xc?x<MmxJgGVZR(`ZZ6RK1 zx54d(G0I8FM8SC0_}P_CSB)zxwdNw;$Vq({o9<H76v6ziLW9XzR910z_YQ{l+jm!J z!<L}V=^`(qSD5EBaN)FRR@LSkt)Dw&-=TlBqmBb(N=vMXbmL~MoIU5myEJ)4+aGsn zJs{byFKGcW6fq_J?mPsqa1#9^M@zJfRZtUX-0E&Z=V4?*F8$I!Z2CzNa<OTKtfu+= z=G>e0%wf|bt4$ls>fn4`c^6R6PuoV*%I1J+^$gRS);B$~_pGvMALnj6S~=31(k4Mf ztw2cXUU7MzLcT`crh8|451h!FX3_jjhNZh0Ms?q$mHIA1ukh2n$E$kX4>pzacoNT> zrQ>pNFE5I3n4H^liS$`F+QsKGBBFo?X$A*6A~j(IcIELQU#n3Uqj$#Zcp-$&GtBDQ z)p=QcbZ$@XVA`Wycy(k?cjbwLwtSpACtb}UD&_G2v`^Q;t2EOM?Y^$5JXQ#k=NbL4 zPTI3Fr?u<27vHR0U21%gFK#v6l9`h!ro6y8QliU9Rl?DVJMyPo`%PWK6qS^7P0qfk zH;G8zAA<sU7__+;L37?8gd6b0BXYX(<s-z^FX`&I_XXir*fiRa4xZ<oLB&$~xNSZL zrM{x$zBM^{X?08;qO^yk8j4<#x~{B_(aVo(r_!}JxYhMRO?R4fWOA(&G143f-&Ai5 ze)2UvNor*&r?s|v8nGakQc)b$MNYA<B>S42Wnqtz)k0$(FTB2<j6AV&Aw1C`Ry9*O z5gC+8L{2H)ct>3l>SradC|+XMAbf9HvFQ8unl-&B9<%p@rx%OvKcpxQwfBqd_0SP^ z4cClf5wDX@D~j*h`=j={#eV;xz5mEwcb`!dkJ~%1S!Wi-jG4tEUU%E?2irTZ_YM`s zVfOxPd)+i#6fd-QUe_-viaGYqYwc27ceD2w+v~n%_6$6G=Qa17qBz;!dEI5dKRlz@ z$!o#NqWHGG^V(&<A274n`80byI93z~**mY>&Mk^V?EO%C-Mp$Oo@wvAcD|}8o@ej8 zMlZ1EeA@eLdkwt0C|+dmymqfM8QJ?hdo8=HD2}stUJExA#Yy(g>%J?B;s?`;UA%T~ zvbm-gyLdfdzwen*?E0p?F5g@f-?4XIH@~JRzHjf3+3WgkMe$>M=XL*fQ^w3<*K~U= z++n}kJFi=>E{dny`+@d4>YAc>hQ0He`&zsAsJ;J$y}ogMQ9R$?f687*?KIox-Cp<K zP!vboJFlZ|EQ<N|&g*OT`|<XEqP^~YLs4v<#r@02?Emr-ZSX2q%JW=rd1>`pbs!q6 zv&z0n;UHG4HBH&zs`7mAFXJb3O8e#~_`y4vcCNi|Dd#13=jzIVVxeIGl@WdhvXFhf z+CHW4x4!&Fez2kZM%U0@RE~C#RVIqHtcZgn?&I1Cp*16R+j6fCy4?8l2Kz~^Ojn9( zd71sZz&<(KJ{z&`LKd&JW1$wx53+Ca|G@$E16YYfkS5gYN<QS}lGSKu6jj=*v``It zjb1%lc*H&ia?Ic-m*C_n?nW;f%6A-y6DoiwLRZU8GsC8z#r7I9U8V80Uk$O3i8Wz( zY1fSO>^60l=>Z#AYF(7j2swdP)~FrHHr%GvRoPz}qn7JMKit*na~<J%RJ-hStMU+5 zncFz=+x-;I_Adp{uS}Tw73=Edc^tL>>B{Y5vRJdyEC?IkH;jQ(_Ti8tO%`E9!MR4m zDzoI&n)jEr=G1ocIqw6JSJB_kW!>z9`-^H}ID2RM!HI63A}`ywQDoahm8qeKYC~(H z-SpAh<Gg;y4ttH{_d--Wju^Sxo)e`N97a)0Zo^Mvop%OQ9V*sSUr{~MKlU-S<AHdr z>O~zYp@}jT%e=~G&Z}C~b8oauk6w|F^JLHhpV0H<N#+9u`<0YYiJGfAh=VQeYfh5J zk}5ugN3+^MZb^rk$Q3;`M+ZGGbi}-Z=qt*=Waw5OL3-46qGRRfQH$r9t?$$-3V5%M zN!CbwA#zd!lie|P(Byr-TxXg&c+$7=By!Dqj(H<AUzcQ@%r|7Sc{eF~0?MC@;=@l# zI!~}J4>`VfFr3<=xXI`Z9aJTOO{hQm(1d*{1K^H+dH>wcWgbb8onCa0*b5k|L3n;t z9Qga_q-m(@E@suU=9iY4KA9A&p|S~fe1J&m{ChV8E;xI@)|6QLz-o0r75X+H4ONa? z;^ju`S@t=YR<D5gEWIWzwL7d7X|~P5`isxv&)ii`fv;oNs$+a_FBOw2FMMDAMdd`L zMm9QX@9-XDLVNB*ba&`;<#b~8c%(kn`Ds5o>;-?Q`+)X#P-%%Otwza96-#DYRj1CL ztc!jrvP)|R#-44TpcO?X=}pxl$U^VOKg0Lw;8Ro5l|d$G)uYO-#=F}D{7o%Q)LPVg zy{HLYEHHYO8GWlQ>qAPLO<%0E5leLqvbt#QskfB$=X;hEU)`SYOQ9{FQzx^|>^i`f zo8%*kL<u_a=ZUYd(b84K)MMY>g%-tjEC)QshF-f5bS*WxP#4B%>x?h3r*3sc(X?O9 zWh8HpOhS?ZN8I~a-NDDE#%@!&ju;o*jT5`WM%G!COzdK%30qxhv#vK!WrebduZ0t~ zqHD}2b2fIL`#jxA=x{Gl%xucEn&YJ7fmXvnnj8<h$Hxcypyy~C6Wj4SN2KUPh8b}l z%+y+qXNKrCb}R(8>%0_SG-@^KuPo0WE@vT9th1U7OC}d+(#=}q2c)g`9O6m59zoN% z$$DY+EFwxAv!T=1B0lyr2XS_t*$+KFqOHrrGi6qLh=w_xfk)T&<O3WI`V{*?EPnIo zlgH(OG7f>=@?mI#vNTp--*aA<pZrt&hz`##6;sf#uH5JPB{Yp!fgf5E!1H(_M#S>1 z4Yr6Dlp{p0T9;c`4LmjbNgU%+W)E`J7n#qWPfzzpzKKMux{C28J7?;V8o%yQ`#z&b zT3eSiKJg>00Zq7s_LV2)_{fX8N8^UZV}A5HnB_F84Tyip+C8M3k8;1o0s9~0<o?Ms zQ>exHM_x5<qp~^#RnjSFA6ZnYJ-6u8n>3q7$!7{Am^rQ4euyMqk<|4IK0*hykx8m! z5xJ9VC-+^BcKL|5rREn+_$jU8TiePzV6zrU9z-6>r_}AlKE)epX~<+o1nM3=s9LHO z3s_i{b;_aB9F@ytrCb=*U^=n_VUXBv<6LVjj<TtIn&xu*sgD!%q&9@lbobNX44U$e zi%=1}Leg{s(mYt7P_@g;i4xb8ysa%9o7j65a&5PTCSH++M*!td?dMDXV>Y`YM}DN& z?o|$m7|fw{ey^hx@9;A?B=dx8<ycrAR_~}lom<7;Y92%v%rk7fq>7UGWfjBp8MAus zm~#}-rYO!g8pcWrn{h$)9WyJ#Q8j^gYyDq4^}?52ci<g$pUa0kJ9*xlcf*^tqj9_r z2@0F5JG;-^l+5Q@aX#O6lMoV6FSPFe7xtk?>>MAdck7xXwaan5hkkra?>P0=OmCf6 z^X`6ijxDtzvd0&$AN!8UBKH%x5K{1tq*EKc%VNwjs}%jop{l=jmzGawB=C=MBxlDW zRp}8o0xQTJ)frKDg>#wN?`rJbUitv!ZNv`FNbl4D4Mcvw&j+)CJRHyO^h!93xxfo~ zelsuB-HKLt6FPt*)v8bh<+7D}J%QGRvYeCi?&yYOkTEE9to^QYKxyqn(q~-VtGe9x z<7u}m5u%xUr#ko}{}`UurZaX?QyHW=Fk?q7aa+l=d)LcY<$O_`Mlj^>cr2Nzp45(9 zX=HY>z;<nNZw#J#%pDevw@>(avQa`7wY1C;!S9q(X+?P+c{{XLtvU4M`NTju+Z-FQ zAA9lmu+jVpsnT_k9m~4hN3bt-usBN5M%IsviA%B@u-o<RJ0?<lL|??BHoV5axc&!C zE2=SGuU?MZI(D6QamGxZT+dR+(Is7JU~Z?NIyd|~VhZ2L=J01_e6n4htfo<r+;I6l z5r2J23;VPb<&=;5j!y4(>ApuR>`d^Wn%%Tz*kPB#g}Utr(h)~SjRtjx(_S!rGUla^ zz`c$lmb$Mrc~y+8-fc>|BvRcilUCCl(KPDn2}z%1^sX@ZHRX56ovR@DiL_lir*=8V zc}ZpF=M8scljezj<%Q1z!XagJ;nItlZBJI?81-3$L+yJG9?6l=J$4e<%$)U6Li+GL zT<T9d7t<WBeqPMZy?%P-hiC~T$Jcp+VLG;K60fdy-!C+J&nYPqqTt`LG6wEeF@}1} zBVt4+X7{6!i(+HC3ILL7?SjlU(1ZA<y<3iLk+0JmA;#<Y{A^}Zx1FovRMjc^q7z91 zs>J(MrN8h^WT<q2$j7k|x2~eN)pVq|%#}jvDh6vxT&=UtKG*JKMNVojDoAQoQ7Rok zJDpQ_ZHqobc6Gs0tK->QaeC(pES^y^GEp1IX0!)db8I%<!dW+q5g+Y14xNsn-STcK z#4W}xD`Xs(N)HXt&D?G8@Tw>i)j|5i3O!%Cjh+oQZp10cP_+v*szS%A`AqsutLpC6 zoisaA`e{?o7A(zsA@Cw!;+pR*rV0LgKZRQO$>XCau!o!*mlv_P%FWMB(2ZTU(cOO? z*3BN=9s>u+I@;{v?rH7xklkVvXrh;u4w%=V!N|=d4{~2Tj|?1dVI01Zl{(rfOTvTk zZO!F*GG{B^rkE&ei@cs}IX|Dd$nTo1x=Bl(lQCmz*(+@QZAGcUdf#eGnY+WcpOH(- zu}R$)IslAL1SSsqvGOKXfZ(6_r3{&I^9t2HV6NHGpm7}6NO`2$U^(i7340r`<A%z4 zm=h~lmwnGT<0WpBS0gR$kLS4U$&m}~xRv&8<eqUH(rTh)U5AQxT60>UH7b4aQ{{!Y ztsVzYu*rEns^pb82F|NW<gauVjv2P|u%8sitMkaiqLNL&e}RoLnAq`_L{8#0bU~LY z`pGfM5jMus;yAOc`0QBwY^7-*yYLaPmc>SIRd2{@&}<`(jWLq#DKEdTc3D$Ob-n0d zCuS=zN55F#T%({{NBEe8YTJu%b1k<suwRfSl{fN0-c%imUCQS1{FGj|FP|5z!0X#A zD?N9K%~8#z=a!rh&&c1?41K$44vg7sYv?&2%SxH0_*6%7WTSozasq#}_k+469c__~ zMP;?gWFlWC*Q9rGc`0A8YMoWOt4i6R@$_uzZ`_VhL<S$p6mr=<ucViitksz;iA`fR zuP{;_YGE3vM|@y!Lv=LiaYf6wjJed#)l=O29}^nSw7Kxcl**gSxYLZnL@w+wU$0QC z(C6C6rg&2A|0oKC=YpY(r#Qr4WX6&j*@UujGAQJNoP4z-R^-vOK1Bo6t)q4wgd&dW zK=ma&!<1zZ<J55?TVHPDgY#Nx6gB7o8mjq%M<TK@cEk}`u~>AM#s)I(6e*f$R31f# zCuHJLq_Eweb>DIBpbCC{26f{iN8dF?Iz;M7hIgMU^Z*J7DMO2%<1}?Iktfn3A~7Od zDAwX9=#ii5u_+4~u-#hRUs~Rd#}Qd#MOf=J&G`-1<G7b*<;v!nKiz2nZPYL56+ObG z(8TAHU3e~ywbng>QNs$FW#<yZB0wqLkqR<!?LV-W`U~pFR~S(gAu;iUgz3mg-k=~l zfDXlD@T^HgiV(^h$oaMY<34{%*&F1T9md0eRm{38o%HHDbemw^5dC`H8snX4ea3lZ zG}1Ve(JUHl)-9Gbm72vP>T>I*&tf_ly>FOGE|+H&@CAY@FDK9SI36gK$5>?KI!mMN zu{H|+qO0VYiH?*kUi~}nU_^zvy3`Na*B+?m*{hURZ2~&_w+bi_&ckis1AlRs6462z zvm2V%GX|H2B6$;<_p_IYW13~--fY(w8kP&YBRe|ZJ{#=ha?%o=X0BiNEAhbv^8RMK z(e?L=A?aPcZ?kd9Psk+rHqTfUhrA+-xZ|^GJY<XwD6+Rx0JV<PiiJL>I#w=$uNh6M zQP7gSUpPx18F`(wOl+%bOVUBZ)r>OdkgCG@Vr*5n?R+UKi90&t1%Aakm>7LKtzIyC z8rz*m<Srj?9uZkNKDSHsgwA}qH1iA#561K15}MNL8>?`NisDYANxix>diSQ{__B7+ z=MmPVHIw87c90jw%vhhtb?w=5q>?tGeo5{2i%$xz-EApW8nGYYpXV;viAyr&%VTcJ z+q<6>-W*-<s#I@bA9p<Ibmev)RvI+kX|c1~dk_}1cQ@RFvCEWm#YKENx9tV?iQ=Cs z+n~cOHy=g50G7rMwyGB_EwLl+$wfs`9~~=c$9OPU_mxjO>dMz5Z$!W8iX4A~4CGbo z?Z5gme5$@%;3W}MykNmtwpQb@cKW(RNMTyN4q{aR<k@Xwa6Eqtk#e01yBN=F+sMX2 z^U-n~D6aQ3Bi2Jb=c!tSD>7EFhg_`M8?Vc`3BBBVg~qu>G#!tXP@!U7C)-bGnqw>C zVXGfDe**ow#a_|2(J~i~V+_rusNs=IV-pQ>D(iYs&H(jwyKdqFoJOzwd#De3tM}$4 zzPcs%!-Z28cld-WEXG%(dgmD@+Ohbu&cfD_gG(;AxA5K2OH=;g6_7gI-rYj({YV_k zm1kg;<ihwW-b2;sl&Q+3S_+>N-IAeV2)%0}O`H`yYsN}FjS=BpomPCyxg^H4`KoM0 zd$93wtn6x=RlbQu#(ma;dTEZR2M4P7$c*qhuMQ$Yf-|b>QmTsLo+pGZ?>pe1^cU2f zA+Ls?D%Ei`(R#NX(M<i_driBlraEG|j+<mlHySTyjhdBV*H4xDkh%8A!>c%TTlmJb z`g%B6ukq;yusedY!dswBR*8kiHxVNu#yEl_+sS!L9lz?j*w?rfy*|8>(X_7Ps0>F! zlIRyhg~uoOm!#Aysb&jJsOntMagwh{7eiJ><IQ9j>W1Lwd<tG*bz}C@`YK*IR9b*E zq#e|GY+v2kxsFW;#li5@znKR_6yK^6(JWjmZc(E_BWMM7VRIgXpvC+9{nurFm!?rW zTf2OT%E+Dl6yCw57ELWjI#34GMw44~QLLTe_@)}uXQ=jq;j?WtY#jN!jI_?A9+~VI zT-#$uNTT$`I9@W!yLIADwT!&ak5iVAc6AlKG)n4yLMLWGpTv}9<;qHaE}3H>6n5${ z1YR|2pfsPkzH@KmbG|*#eyTpd#w<XzMIXg^flhUS6nUW`9}fw*-B<ODhv^Jm?V&CK z{1QFL>qG<e$VRI=0hJv^wMyX{7Z=^_23#W2DXZ5R%5gn1NQ#PTL7imR%qx<{ezBia z@6sDuysV@+$5c3EW<Lk1@wd9OaV1Bfx+Fp6%x{c~+}$gi*K^gIQ2t%#9P4WLitw>- z8J3I~b$GE`S#_U%_(N*RInR;ZV2MOCIIbVlWKnqD6NQ~ircEWk^s=J2(WGNV*mkZx zr>y%K*b{aKO5-2(T@Qh<{w%8fAA#&%b5^5k&l~tDTNg&j`t!9Gp&dA&yjM2vc|?6D zrF*I@k6fB6Fvgd?W3hM@a`CYogFM2@0)_6(@8|`>;cdi3JW}>2uc_~9!=k03pn=s4 ztsSv9jr&c<bLv%%gC2MmQI{jr*rU2!Xcu%S!sI(o`OLY~>U9-!$O^_xI=Zv8)=rVj zb(UMW?ATE(9=lfzDJG?e=TXN|HkJMCa;IzLQnNcVQE%R2_@Wt+L+UNvJtMDyyxOOZ zLFyi{JTCNyb=Mm$D@_krUlTHcZdx<bxLohO!)D{BEZDP1#V^-NH=A>$?Y7q}l}z*! z`|TdPR;jM@s3!dI+z=a&U3<?n9K>eweSXS;kT%&x?CSK$O?K^3g3)uoAitH(<F}ln zBdY!L=mOwrF4?@M7gx<lw$kSHm0UPD&#1!Q7u#q&(~6ndk+jZs^jun8Vei}#7Y}I5 ztfN0dJe(Y^p{Ep8$Uxj)J(~Bn6wjyA?lfp$$Aa)s{6O8YG^?a@BH35FCgFW<l|^y? zlgw|v9}c^b?**+w99Gupy~3F?Dcx@)UHf=s0&9fT=~a8OY)~I>BS*wnu)c0~>UvWR z!_oaCPBZGIogKH5HdI5CZFP-nkh*_z_Ns0Um<DdePJLwW{I*48A>F=IV`K}8q4b~B z`(R$TWT8u%&-xkNP!{ByeBGvMSA8|FQrDH$O6t$jc(-UTU92*`7;(4B(X$*ZMll|A z6E3(7$)3sQbpHcnfNkRSV4}3|*ToS_4>4UYoj?~j_B|RzXC&w7>~mu2P!*c(CPlxh zM}3B+MwdG9`?uHWvJPCsBNYv(N|0J`>URHt`TDSZ?%8L(vn5GZ_fL3)lT_NJK}O+} zff{XAP=Ce<)}4BJUis$zJI_0d0)9qJQ|)z_XvIR5(~$`Yk)rleXMjGC@)-B$c0RjT zUW-es@*b6s+bxoMkLvop#wF~azxn_TW8dJo^rK#n>rGzhh$4;4ue73(?)}EUwcA@G zX>TQQLg#mrV70Djvz4e1=pR&fdRIA#s==)ve&r=(T5uUi6Iad`#n-y*J&HKkmLmui zJvyqJBJT6`9K0gW_|TinQGU9@X!N=u5Z2MneOGggmq?}9!br_ebc&9Qa8t1yeDf}( z?}*ClLd6&GLfs8%HIFSso%D+7h$>+X${9p4ehBjRSO2o=i_GMsX(vV24sN*Ray7kV zNq$nday}D6y1deQ20xW`cs=09#~zK)kLm{OoX7>%e!qOr<q37MVj}5jU9-JA1?|L; zdNvkV51yer_F|!RY&vv2XrD8e^AT%bH`nlzJ&gD`vLhM{SbX4a<XGGBg?7pgb##UP zBz2BkX0uX{FEd&$EzjjHlKr5Zu6u1B^(><%p7k_n<7-`?j9t&hImYIW6&C2pBQP=l z&S`s_-}R59`QER#j1zBHEt&Q)WCNk4h)7L(7y6`oGmkcz>$zz<6H8V0lCMwB?yQq| z*PCZW&9-CRW4guY9CyczkG3qWnv)61Jr~28>uV^Ukrc&4PpGbt)RU_#tuTS>szSBy z!`%wbvmN#qn}(KI1wLkZ4Vuz!7;xm8Qs-EKRwL92>W(H)B|U%b|2jQ;C6MYFe|1ft zQ|{Rx@90_4CVi$Q`LnXr_N$1VTE4u|;!88GtJ6BtK`k<d&1Du!Y+Y4i3zevzr6`;~ zy<F>SLwnz|NhGS@L529J48x<K_sdd`hz_z>6iZtouh&27@DcITEZOr8yi^s0_Am#= zU1+wiv5B!-&-Uu5H}$d^y6jc#_A3zBwGYqA1vIbbBW7cNWPFU%ZGPo`+PRhQDC2yx z30(`Mj0}8FXR7Bbl3HXf-knM_7V;=Xu5Oh1dWA=plagLJ>-uf=J^qtte9FO?5zCQu zuoQA2KG6(yois_B<NL1_^UOx*KWLdubmy)suR+{iTv=vO>eP8<XlnvyLwnb=>OZF; zRx3WzFO<bp`)yc}s-X5b>bnQhELW1(8og{a)&PZbZMn~}He>3y{Zxvq?&MwJCO%XL zIHzH$-VsQzI*Kg1DDJjeksS#6S_fPszcx>3%C^q6igvMGD{{Q;kCZ)n{*T>8<&jp| z<PPWtDW-QGj$8nIO%XvO>yA5A3(|$;c&TOW%r&q498J*qg4Q(4cJ4=vYpk9b;%*Kg zpS(zw7Z?(IGw2a0y5$`4nP~8pZ!%@CLu6xGTMSBs5?F&v3uzMr=pKP|(9gFy4YFFa z6YEu2M80C<Ru&^MwxWru!*s_PHWpP^)hct%$~F`ogeBy}tPFV#iZon?u6v=9cP%sn zV`#VXHnTR@OMlN_8#Sz4Zs)u8fMCcOS=H~f66iL^j&QH%cfW#CdntY8Chx7bTPd?D zI!kMA1z4r8P)Uc(rRr{F`Q4cPRKB2l6?5->D$e{a;)Na4o`+B|QtvWWx}OY7*x0$! zTWh5r7rNE7@hs8@yTl>k3H>wGg4_=TeG4ygO1RFJ96@*3+18Qus8N@C9MV<47fbif z1vB{0Xt-n!MJSF}9^leu2ZZAvu^rEHY)IEU_ugh$;|ni#o4KirobX54KDxp8!~wi$ z#|CurnS8-B3cS1jNL-lJwAqL3%(ETVMVqW-NvWZ=W-ol}R+uAZ^d-VZ=)bh(D$WbM z!nx<1%zzx)B8#tq4w)4o742=}EG&kx+SdG<{kBR+`^<E~2kgHxO~r(6*N6Fat+GTY zbmS&Jq`B)*W5;QzJcHw!yPOdv(yoxNQiBQYvRAYeMU&}JE-7AVnZWYm!ct$=P89V} z+ngzmBZtY%ifvTq+S+9<kFQ!`nTpv8^S5^1&@dR9_q-;9`*r?Ub8nMneH~9304TcE zXt~@x!SB&6M8P*4DfvV=1>N<17xiZeO!jI_VIR4S_9E}<!V9<_&ry&?P6f?KAJ6gK z-H~}<58X3x)p<exeO>5B;$XD<($OY;S%R`3A-B*%8bDWykkxBw>XP4kE*vMRTcrg( z7p%>ua#^_^K;e{jVs9Juy(7{I6J8uNZJajQI&W(C(kwOmV<l9X@v+8Tj!gL~0I|<K zeZ<ZL$?>h|?u?Zq;a}^`yXIOCV~+hFD_&)<af_YHZFkw(_J6$me0I6ts9JrXb$KWl zkB@o=0J6~|)4GIqTA?|5&YVStB~5|_T4(caPxoi3OcqnP$0k<d*A9}&c;(Y<$5mc( zi}Sjmw|7<}K~d}tzC4xazt`&PHou%~e)81JP69J{7A79B(t7_qg?CjkXc+}hHM-cY z`5d&*2hB%DN?%!N7L7fS3$tPyH9#Fzg-jdlNbh_o!=jfG{?Tt8Mz3$csOVMws|Qh~ zPSsAVM^dwZj_k&u9>;IBiYYIrKGiNq<+1wKqY!(1_%^?XW}a25r>G9E_d9&YaeeoR zM<3Ne!Yb{!N@bPa?YZ~;HZQao*__8Vbpppt3aZiisW$Jmu}2JTJi~W1gb$F9Iy!c^ z6QRIC$8pdZ>+pDtHMDiDB=crI22E$+E;dB<5u<kF!E>O)EY9UTq_UPq()Io(JoL47 z*Kn+Uk}<WdexhHmI5@6b*RC7?)P_4MoDbP2^bzt3u^)NN>M9R7MLyKQbxGiL!8`hH z<6WKEkbv@<y_Eo#>{JoGaw~9IjFi1Ox)uG%fx4pE-qQMSvH1)3s}ViZ%5zUu(9Kn$ zTVc0ez_8`vad%4iOSP(*=b5avUNvAHRGt+|mVAu8H_sb+9x;0F?H{`Z<IpuP-+|(H z&GIg1ntQV=(yMiHsHR=)-T{qXc*I)}TK>Qui}U-^(|D2<b<=+INV?@N+>e?{&U+-- zecpq2zJ0yVEu(uEgL**w6`C^7e2jF4lP2=_lP7A5-6of|+@+3cUL}#M_P-jXj&$53 zh_iDloAoR03AaYe=;1YR|0_|{CzIvR*W0jC=nQJ>9lyFxyRWN=r)6dnbn0atb%ad& z{>qi;ov*iZw8G&1)U?j4%Mj~OhSJ<AsC$ocue3An5k<8Es507-3jX1}x=w}KMb?V) z#09sZsxNe}>5nZf7F*C2lZ+Gjgscg=$%%Y_w{k4yR%k^zTQ1K)4(~dVC4f<qoOcmc z+Njh@DUw&XFXndP-$ze-T9cE2XTqs%KwWrAzmg$-vPY6tQ*tpRqu==HmR4PFLfT{> zbjcjiLhhoXzjd9$FlT0Q*kQcez3FC_?*sbl1NQ0kV!?vWUvr9L2Jl@T`QkGRJ8yLG z_UR|tC#$R?zu10Kk?=eW?isC`WU>9uzdxP%@Q*q3c{buJ>~DY9h>XRz`M>Yj2V6C! z&OKcK*Z5N7oSeESK2sjE!0z$0pm>?RPO>|$8o_pt^26+0vI^EJRPAiH&v}X{*O;AV z_a8paMqy=Rlj)5$$K%TH2kbnbXV}hkYuRe&=^l=DnAKFC<&(Y6v!htIyt1@Zuptlt zoD@RG%1lwbxHur0XO$hJl^sUoAGUOYal^kGjWRkr%FQ>HTy3?rSFl{qMJ)^oc!H%? z2HA-T-(01&xp=wFt~(vm%Vb4hY3CbyX4o5Es{71uwr@```7N+c7f+;FVBKQTaB6Xg z(IDifC&3k7E9`7!%fA(-r!lKG2kgwa!(?Gxz-NA5mD`lpWj5Bd&b}VkLTJ0Nt3?j6 zBgTzhtbe<4ERS)y9XRvDGY_%XVfI?Mdi(Zun=ajW-N3b*Hg4X2`s}N=Z9Z-Ln#<R1 zTD^VVrVVShZP~u%vK{l*Y}s_$>g}86Uw!=SflaG7Z@6sT_8qI%ZQH(K%jVN(A3uM= z>@yBMXkcLBj%`<M-?4P_Wn20j?L?htXKr7&=BjNQc3k(r2R26m2yBW{3rm5vq^1NE zWtL^;q^749!zGcWT`PcEOMnjXNi9pwQOE(2wn~Y`o_S^Y*{MZJ3Z<Ej$;qk3K)<CW z<`kzY+1cpB%|_J>Hy=p_hV3@`C~mdUhkF{R-9{f4o^}C_0gf&%o__8T5m3f(<O2Yw C2?#R) literal 0 HcmV?d00001 diff --git a/nssm-2.24/win64/nssm.exe b/nssm-2.24/win64/nssm.exe new file mode 100644 index 0000000000000000000000000000000000000000..6ccfe3cfb85f0f7126648dceb7ac93d58b025a0f GIT binary patch literal 331264 zcmeFad3;nw7B<}3AS|&FxyUGLt5KsUMxrB#Xt#8rBaKF7bAz}cIxeUkS5&YQG;?Wn z#@%tjaUErJW^^P32tguAKt#X=#09tU#<(CV22t+!Jg4g3+qV;f-~0ai^81mlTXpKG zQ>RXyI<?%oW6!!fkP`?5a`E4`1A$un@?Ti~cKv4)l6Tv$ZnwZIJyz{sn-yQR|F~(F zToamp^_3T2ect7v3(mXZiYpVL^DhcrU3o?5k}E>dQ_l!pe&vN14K66?S*W3R#KyGM z9ePl$^Z%)vo~iv1&rjX-uiBUK`{;L*Yv)UPVeLf{|3vK_^84@Fh4TA~{GNWv1=EO; z$#HpUAaLRAyg*erXPlF^IdEX0S9T9nIy(^P#@Yu0b8E5!fj$xpBc#Ge&I{lV{yD#a z@;njNW1r_yZZn-sIxi>{i1Wj|I)=f(9oJ?D<}k21J1}qxu;0oKd_I5?|Cj$l*@4<_ zJI5HDxaj%>l8?wnnPiA{XQQY63k3odgRj2uyu^8dz-yNy0hoa+@SBg{w0~i!$6!Sk zc<KZs+>P{o@r$~p{|g5K4TGmELa8I_8rTaI_jaHQ55D@Et1m#3$ON(pRN()M9qH2X z|6ln3UIKCRgIMzGNhJ+&v!yI`MsuXr4h91yEoC($oALiG{9lj%oABSl|IOA_XJ-Yf z8xq6K=2*=+h2_@Scs84@aZ>_;n7Q7XfycPHES8E@)OE`agsp{8rkDxJT6U{gvT@R~ zk_P#Cga5*3p!iVC%)952Y|w3p0eeDSe~{X5Ay^Pg<!$Salw@P*>}7R(62e?*8yA6E zC;#0`W<QeTQC{*GH(81Wij?d837-)eADIxF_4U6bZ{9!?g_ShMYN`rnBBsn-A2+we z&DOEi4VC-EQt`rYEOky{*lOHi+hCxl)T*@yOhGJF@G{DZ)KY27%y(inuN2NjFjlju z@Im}qW6u}Km64AYyUhG;>Xw&cKd(vU_Na*#7Mtz1(S46>2(PJRZOm-8jVwIH%*~X@ zrBM?k1cj)#os$)4ttWD7TwyVJs%SzgJGE`R-8VasUI6o<keJ<)v(#*7L9ra$HXa2T zN&;NTTHAO4PpYKK6Ro;4(SoUhl?EtMdGqiijrmJfpuzf<t&CE`vElDm_KcYjhjlgR zrOvHCpoLAaRF*2u1;TmEiV}-rsc2zES+d!VnQt;8WbJ^KPzd0(CQ&#kX6}fi8nHMC z%PAH74y_Y?0qe{G{-@@&Os$C{J-IZSfzxAVFYCKW&^}0R)$Xj%a$TSI_{3%^8@|zD zb0sLN?L>@B$E<(jiJ_s^vqV^J-OHb5D|HSkXtrDb#bexD&6<xjU$5&<P5yo|hDTWc zKx<F1Cb`Y5WP4U(Sh77YakK)S<N}|9kaao!06-*oBthm8gm$|1b++IIk^C4$7K_(B zRd_ceQoX}5^Q8QEs<3%%_2<E=Z&6ek80}*lHxy9kgH`W3QL&nNh0h_AZA?W{%(Q~9 z=I>Z)8x?q>P-^=)ja-*6WG^A2tfm_@s`5I;?ms3va(Emes~&&Qa;vF_sk{fNfb7W9 z_FK*c=fsJbs@S-xc{a78n@Z7R=A6Qrq$_#D+NT2evl`jCB9kNMp1myi>dmS?;T=u3 zQQsR3nY+czx1zyU@%$>D!Q8pFF%Yb>4nGF7A;50BVRzt3F}`_%!}$LYLIbWli=4Gv z+wqvzau~Y8*0E$A<9(ntY}<Bth&^>`aK9=%Q?|Q>gRlN<zH1v16b=&>KJMngHG7E6 z89NBEW`0etHmEza(v0QS^aAgsy7o1RDzTG8^D2vgWDVYK+m!C!Rsw8LbJ*yVq4hE} zYe`R(sQ52-`9GNaH?=+kgCeRBGgnxB-PC-9tV8g}r$ti%R@)t5t=A!&W6StkTGG&3 z1TLJo@EPN2-)ULV!-`|(S5}W-#B}wpl@11jjAmiagDDwTI288N`qH7GDWk0hg;bTi z7spd`3h!V7IwtC-3?%`=s>@0bKYu)GwH~HxEY*SJ)(Av7x?vSFeWkSzf10iSXHqWf ztrPI*j2=a7xtq^MMd_irTxi{b*_a-ynNe7dE;JyPIzAjTs}xt}^!(ubNdDBE+#OSs z4Y|Sj>uuvj^a$db&AKN%Egfb(+v-%8!AHiWF?bgqtQYYI{b30^QYvo~e!TwhsVE%T zFu_J@WDm_^G&nzZ2U>CmdUmrFM~@25@4X|IG9G32oRw;Tuu7!o-CH;lm17QMI|(^X z?}K(4kZtvoWJl2F1}yuGH0HL*gHtx`y|fV;U5}?JW0`c74c1Nb0vsuOIjxNWFqRxq zcpsX!GGB5s#%cM*zfm_TzvPHLG*#Z8B8JkeEWw!ZJ>0eh)EO9|(rq%%)}woI6d{p} z&`$Xr$XhBodJiWbk_HhB#)H-R0wF3tQ^OaOASQ(-JZ`9E)~7$SLx|3z1;?SJ7+O%3 z;%GPOI|1rl9y7mZc?zL?GU^jAoMwf9kY05pP)(<?;Oj9KS+*iDSj;r*AE)bq422M* z<}#?ac^OGpS>wnJ!1hwKH-naGVMjTc0RtN4H8hqQv1&INhVfLyk*xxQ8jFUmyo1pg z!*vA=k?oCYA!k%OK;a(=e3W)3H0YPp&_&vl?b(SjV8k{~#$cp~+L^N2+AyA-r`^gz z9&PzB6xQ`%{~0lfY2-<mrNggkhZ<MVfs2)FtZqp}V&-<3#ApBj@xtlB`51Dio-`~s zSh)}MGFk|(#uXNwY{rB6)@+RTVC_00*r;?<pWz#>ZYD?5t+T+9@W#r9BBCv*vW{Ox zgKokrRO}A}F-GLEs6v0%q}dAUnjDKqdM6xvda@eVPJ|iY(A##b$Y7KPnQmF-x<u<M zgxdOB+wsHdV}3)!TWlSNywGzfbj*{45(3l++EZj3*Fsoq-9oLC@V=70#KY`s8|NW$ zILu>ZH`_RugvrJt*NLPI^QkJK2@@mZfL3gNzu+gdZK?T5Bsjl4IRAayutj+-@q?x! z!=$NDjI+Seq*AjnIR9PLDQd11N5?kaCo#lVQ5Qmm5f2&==+s7mf;-Iyod#BlBj-$+ z?6QOYS35l$ovaGZSZvTHIMyf61fKF}!$?Uk2<Ji#Fdzi0$DM)zoQOLRPj~fh`Nb%X zUwS0d<ab_Sh5Wu!I7xmN6_(@IHvRxsY-6}EByMCFZB<VLQCG2<B{WCP<+d>dvF4jl z`Jn-%Sqnd9Qah#n$5`r&Y<7>KGI}6`ZN$-TFb;j$gTp0jBeek-DytjZsF=ChHjY8^ z)Z~o9aG>(QSZXA47d(%K5^8#wbu2?fWj#z?gdD@5xmIZA6ovuDRJf#hrz1|XaM?p; zxmdC&GWY}NXwsCnaRP!R-_S2_C*;vn(cs1WGX#xT98Hy?IaYg3xF@?P=^{&{4Urx( z-(xylN)C^<@hdb~gMWgc223bGrx*gW&@|{p)O<oSEfe%v4|I+Ls+emR54~jVRFp0} z3x*H*{H~D4ddNc@WD$qhKR;>*apZS}{6n5Ai1i3Y7Sl$FI2<WVjiw7aLmu;xXQ%Rb zz{8$_paP043Zn#o*Y?G4J*^7)FJ?=sMl;`r;`(GW$|*%jTqWz49O4zSCxVgsfkYIZ z(`t}V1w_oZOEDctZ_%%y(z;x#h)UMj?;=fW$wHEu?e${9MYk3oDy&0ifGPz_9Wr_U zvmf8b`?Vha*$CES00^M@vM3$Z4&dA0x+u%X{vZdQ`7#x<zlXm)2eMhjnNMoM3>QCI zb75uyz{&HK(1M&!6X#`?@Cp*OgdSp$T&n^&M;ubShsY?sd86i1AN-|c%zRIkV6I#! z0%ilj1CXwInpeah5u^bhqU*4amX}|FeDJ-H#o@k#e73@nYVJ28h(?4bl_np^BF8U& zANEVg<6!4xO6Fk?`&I;j>a^@(j!dMDf#@&7vty^G;dkKuI1hh6h0j(!!iVh#7J0Ht z$`abfcUfKV|2`76Y?dIX_=je+*B<RFqYM7;O2hA<IX8OvQy9$DoKmM0*Dz#iPH`H1 zZl?J6_TU2uibY#YV}lw<o4LbBX=-$FhE;nPqn;2kEfaYu618BSAsr;bX}Rd23o5x6 zhY=5m&z072O-eNSx-|IDGvUwo;722f?4NMmslB$JQ;2wCU5I@^8vG}j@Hrm5WoJ?4 zVPZNLOr&1(4-oiBX`|q)$mz(ZLkUkHQOjpGOW^3SSmuzZ#QvxR&_q~i4eK|_6CHSw zm#RTj%(iWe^w5ilPD5WD@mIhduqeDt-hbKA1@B)VQS-h6K|zOkNA25d2ZMER;b+|^ zmd73Fbe46Sn;!CX1Q!ouYx+ki)`T+YjO(ZatrGpt%#j{;KLi!5He+0NL7q>$VB7jF z%eBBH^*KuGkf<e6i=YqNP}rYzfjtL#cB(1YdD!P57+JD+N1=#Grc}fLjauvz_+SS; zQXfLrXlm4AG?tJ5J-jm7e?=LK4*;Q-jrbm-K&*l1ml4NT&T{0GT69*zzmcdVbU#a| zFX~W2hf!Rc;!%qoQ+%OQLTbVXEW}rbQ@s+7M$nZ+d+m`ZN~FIln~>WT{&(Bm8oZ65 z!e2t2|Ksn)e+v0TLW=(-KK}3W@Dm75rO8Qa0@QbjzX5#0FLR)!jZ5Ks{g%<jM|$}E zNNl#3G>BA$BdF|!s&Se3<P1~ahQ(E_ph(OBeiw<lX%`}>kW%BjQ#8FH8Uk*Yl3ZKn zWBtx_@a-AkH+bNaGr?)=cLjb_SKtFZ@T^R5ZUOEJ{OxUNV#(xu2@<tfo<dM;La`@i zNJpu{`0gy`SD#33N(cTmLnKo@;4uhB79T?WllF5!RbgTf6#RA{{J?bhOuoB&@L#uQ zG$(tKaN9+5E<q+&S2B5j9*J5gcV&W){2k!uJK!P{M{s)d80&!#aluLR8&#1uzODg( zy5K#>ftOqva{u;cm-lrDDv6U2!fmgmnco%sQ^@9uCR6TrdGHAZ4>!A`zDR*mkgrM0 zx`IC1gZ_hprmb~*yrVTcf&O-@=Gv9{b`dzrw~Y-*)D2pXV1`g=8FwX=yBv5aK11d= zdhk;atRKqu^Q$`Tq;d$*i#iIX*nv-t|B@yA>NC1~dHD8E9oVNvy4sQ|zggPOC-$|- zq`R@8Z}*`uLaG+d6FzkG_V!wz@182ZsUvy<nZUNIGJf7Cd*~w(j4a|_3uZ2R0vx7Y zq~vlh7#UXGKrV-Q=JW9$@X){b(UFX{>g-C$(CkO|31$KEq+w%~Ep1)tDI{vS)MR4Q zsP6*%+^(==9`+HL*tF>#vB?^z9HP%zU15KX^-9h68U&SywM-7|6x%10r@7n-6+9Yk zN;Z5lx!c38RM=d->(ED08ngOv$2z!?#Uaf_#C*qxKEy-cQ=wzD*PIvcn)9|Tnsb(& ziTy4TwNw@&7+HKA05dwN_>UrG6w2P}Rl+t>4ti&Dx!yxRm*|VQJ&D{a*oCO^Qc}kH zPe(IwsK1OAKI!!H%GmaOmZ*qEP<CDPTndBS`H<!XyG!Ct$hp(j{SOkgj2=J`Jj1w0 zmXLqP`bwO$RNLIK1{ZgQf4YZ%tip#?{JqEpT_Lw`b~*nLLB*wNJ>~fdr(IZrmym0x za(UQ8zm@1T=AIy&3ZS@_jsltB2X65-X~Y9Qn7|bH5Qptu+x1_*>w@Vokf<AT1?e1H z?v#NeAbKsYQ>*@%AKTA&jfZ^&f{`U$H38qQQAaggcoA!cQ4jmk{YHI|hu#N4B^7N3 zeuq*290xsi+LWu2sHO4>f;(x-&g@spft9(7cmUE;u2D{S&}R}_1g+UVNy*2PxiILn zk4HH8)T0as;}0J6j&HI8b-k2D5h;(;>+RZ8NA4A(g+4`l3%R67CTD;zLYfxI6A1d1 z@b@^3*Q9|rXMj)fz@rF8mgv!~h59IKZDM5n=Bi^a>Vv#ky5X=y@%ZZY>(?&-pCDMz zi3W+>5~REO>|w_OUP8_^rSX^WuvfyZ2m;)(eCg9_)}{-~JJw%<e_S2vm9P(jvc#EQ z2VvMRB%ktZZtH^mjY!lD+<>62e41<LE_!++hKz!qsBPoUu1dJUD`7H%$hRjuyfb%~ zSxpzB8REzGTZ4T(>}&+xuBqlqVr9Az%zIz?1ml<bYe>|Bc@{y@{NhdwO`2HJmrieT zu-&~$cpd)byb7;`QkFnftfviwa75i0Bk*p$($;48atffvWkTn9&|kH(XAP%OAe@UW zT}#ie3E@+j#mJPV@qWoXheR!z6oU0!ApwH8Gh|=c&0X}Vv;8Iby_r#734;(Md#+;A z=t#rvN^!PXUDV-oB<eb}Aczv2;kmt5Rwp_B?W%+a{3ZD9!fjp&7b6J$LG!X4njVU2 zSKW44SLlTvdJhDB67m-Flrrtq-+S-NE+q6C5*__V&}Vgi5BoPFlQZ*UwS8v!A`kpz z1bystIQ(4=JODX&s-!ty3D*BI8rYq-?y7-bMb5Mm{B?K&iCRFj5kv!HLV}toKS!Mb z@OHa>-D|QR*KgCxJlw%9Zkpi{*|6gZXA~>F42lqC*haP=+uwD+`NHLSErP12?qr6> z*{*|b8!v!d3e+p`r7JTA^S^q~*AZG!HQW25Ny(s}bszp12cL8q(8qev12drq?HYRX z=bH6Spg%yGZp5Vsik2@90~5VeRRNoF^eoi+%%}}Mrtf!<OH-pZWH5c3hkP-D^$~z7 zMArn<B52(Ax%ZbQ?&BTg)c8#Rf8W=84)LISBe=Mr6KK81l$vlWv-_|&edcKOgpWI5 zuSB92$iEQO%{bv!S}nB?G-^W^%~<8f-r(c=N)LM+=>X~4S`o6AICNX_z0t>akso`b z4|@*}yZuw)8^ZPQ9GQ29`xfY>_>{=QkGl|wS{`#1E|(pYJZNay@?FRy;m7vNV~U3z zRoI;`m~_&H1O2#u{pjxDe*KA(vupA?m9t+z8kk2Gc{<UL7m%psaW{gIMVxLx2t|<a z?^?1u-;ZA8YsIl1`Va&i?ZW|8HD>NY+THxverbQd$>scA1f{EYrXV&7`M{@mFM&Kw zARqWxe%OP(m9S#>)JmqK;He3=Uq$4oVOnoLC9ME}t7I|jwsD+?zn{W~Vn^yJc1NjE zrsF71z=22{V@$)|^0CK!CiX{2(~Y?d!N{WBlqK=|i8wkWej?Q{!%w^~4V;NS$;|Z7 zFG5gpsk@FcC8bS%x%e0#mWHi{I7lW{ieu0i<qAFQ9+}t!MI%dBc7grjN1jlCxzfjX zGZM8_{)wQE??ZQuJ*zA1%RKDUGO?98=~5;K`LUaPeE0FNfBI1PR^~+OhNCTF0yEli z73g98M9Dj}V=WT3JRT)3hb>R#{IF~tGDVjJ=Y2u$b(~T^yXSeZqX;WXtkr|&ihOj@ zgnRk1{i>JeVSn`j6kFyf0PGKL#Y#aYe(a1js71(?#(96Apr1ve7RVd~9nRCNREI{S zJd|kg-jE;LFO@MKc5x>5@k%OPb(-9+u)o{r^8Ge~J8ei<K<Q>)L;e%wA`ZPbU)q%6 z?cD1@-#}<u!A_I}z|K4?O-)X9(3zY8Jlq2gDPS~R$H`y^e^^(+HnzO4S!YZJ_(w={ z>>q-vAwl;B)TEY&4&6E0P8|9B(!k%y0H5W7PwfECvw^z;AKC?Yp$Far!FrkVNe^=R zqqMH_E=!xVz|v&Caf74a<M*Isd<woCiCQi%APBj*mc)Tqh*WD`hF(ChjahzVf5*Jc zLq1I*qd8GNa;L31$#B!zcH%(}wmJyJjEZrd-BLEEr&q#v>#5{8mIgZ2^ShjtHG|x- zfc-Pi7rl%`Es_Tv*wpwEvd!5rMd&vuK0|nU8gx@8^dt{@1nB^|A0P!z_>nq@Ovab6 zARlz!uAqN=&*l141O-TQefX}qo{ub!Kss>!cMtk@LhJKY`mDaACJ~uT;k21P=#8B> z-A-qD;G>skilo#7KWyjVge745kdxCD?6>c_;#h~E%Vd2}<PF}%1n5cGXlKzWt=l}s zY-$4(-Db33x$pAe69`5YtF<b?IwdJ7sU9<WdB<K^>W5$M>y^bGyn&$B?9sBI6hZ}d zWlyYke7yTtGu9zd>vt`JK5!m3-W9mn75KFt_}KzZ4}u+&l5k|h*6b*e5<jkABKvx{ zImFf51s#DqF@W#Ct)<~E(EgOUin;_OS|(2+C>&!A;U{qXJB~iw;1s|tna~${&}D>{ zSpx`10=uN4OEa~<gR3wllXfp`qqm3q{W>fS&^9S>N6f5+_UC)@G|3OX?$d}&y2~Re zlj|3ess(Znf(ke_0k7<;6TgDjg&CaMC3?AseoQ7h59RI(J-<uzEo)ug-$T&H`-tCx z{yZ{49-eS~ee+%q{RS6Zi?_Wt%vL}fiQLV%1j8rxvB={gXNvt;4}2hkktKbICo1E% zs=J)eLVxPmkJ{EaoqxhtLgHip9i-}ptwRvlovuVkg*sy2<zTDR8$y+N#NrySgh{Fd ztfOeC_F5j+Wwsw(DJdCgy#}wgai~*@5N6`<;o-Nx<utEQQaO3*PYTPxPaip2kj-s_ zA2ab^Myi(3gT&X9AXLI{!_aFw3h0V-X!I)o$(BhT^aunai)FJWvw3x|t<QF<q7;bl z87ar7hf_#uJQtLGFChK2+U5Rz1YO<Pi5VlH3t<~CA&W>RvM7Yo@oJKrsLQ_3!@p7C zi(5AeFTC!`oSp7~W7#F5piwi8JHo>~fVf&M0iG^(?PHAEqD11l7(c)1w&<uWnb4mi zQ8#E4f)EMLv*2$Aw!8@D_!yqBA90{N5yl-J^5qED7eZzV7}9Xva;<8kwm9Ir$|pI< zkVglmkMN-TBDnadbZ9|LGw%b5;4?G-Th)a?)*w*}<W&U0vFr4w3)}JN9B62>=KPMX z(68~(Cm|SFbYe%=Wzxv9RMq{C-C+)TYQnEfhYEUnVtDAkyn#CE4b;fu-Q7}DeKdL} zeRKu$iDxJHKlt$fi$pD(hY?h*sl@yH&dpxtNB46-(L+Bz9UVinGL5@3UAy_w{k(5m z>GJ*&f-diZ{(B7LzmRLElKGp5J~JI1iud~tSDo%h_e*Akhkighy6}EH+IClx`Ef-T zynl>D-KvcU`X%G8m{VmsJq7ikgY8U4M{DN2$>_~q3FoU4a4ZLoZWz+pg`0Pri>{}( z%%+smHV*P|d%C!(2?Hr~H60!OeHTOBM=e?^!2CXQ?$v@sEtMA$RQ(2j!FjqJKxxSR zqtCv~PQ%3r>VHG$Di3#p!Udw{nFoK!OBXyJmWJJdXT!t(r5QZy(K&<V`mioWj}y+4 z!D?h-o3Zzk3t!i-L!uVP<AfGLkczVAaiYw(+<X#AAd8EeDUm52bd=EA;AU{W7_Zv% ze3SSpd_7JL_j@_W3RS%~r_;K5z->)wJWHqK>)5;MHj9zVVH<;xzagJPqLxU?MHfVh zgmc~wug_7U+Ly!nrvu&z=W!4FC<G(*Jd~_t4sc-!PnbSZ6{Sp7ai;+6e>>>)A!HTS zeX{v#xy$`(1Q+w{a7F=a2Q^TP{$AHBZ3*BB<Z@*5eTHaK9{AM=`jv%ibh{FKv<vWJ z58Obo{`hpxMdcN<RAbG)fB66Mb<KHd{AOsd-_))}qHfjs2!eIBf}5d@)clSzN%@ie zJ?MH5`CNqzOqNe|*|nKH%E49>b^7$nR1f8JOmzmsE8>?%VIFG$q}&~4?84BlK?dEP zpwFCpEkvpo%UlwIWg06nRE|38^@h~=KEj;O09=!fzAO{{To3&u1S3mmP#}6Brl~s| zQ?_TP_<K0`(x$Fxv|N5$=5qfjf^MT`tdMAA+_ROY=L?WQYN)(^EIe+`^r0W~;FAho z#9q3YV&XWoD|H|5l+hV_*h4>vbikzTQsVKC6v*C*OZW3@Zp)Tp*2P&1YN$o?DH3(V zHX#U9wXKyQ8Zy>V-ycmw?jV&rJmkxXtj+rG0*-bCe542555dSHz3LC-G;Pt_wVgBm z`BE(sQJ2!qK9Q_Oq87<32s)!^N5;2wl!)mE_S=?gJ>atmED8<=WenZ51vt`=?YAy_ zdDwOXgtC}A0@wTqh(xyfz`kEuGPe5GAeZR5h-B0eK9MX!q87;$2rACeU8sy|(PGp` zeso_Ss!YQcy#qLS`v^oB2R-ak1S5;-jB9LH(KB8P(V5AkvV41_mB2(F_dAxj+<%6k zG-y4cU3GD$yJ7)^FAusFS<(dKhknw7zC%O9;1c2Y_58ED0w3jp4?-}auNT4891WnC z(VQxv&`qL_zMB79&(nvSg?&=^62C;EZqzprtXJOWsE^6J2wqG93Q`U)$J34q|1ff< zN#|o<3DsT+mm;W)iz6NuA$U|AuLz&w9PdZ>%l;4#y|+Tg2my4r0=q*02tMUbd2d0Y zmd=X^iuuyjcf^y<wxchqc2MhCesDkQmwDi)5nQ~C|388`uq*W4khqZIO^q)oO`U=^ zS+<}7kJjRsZ5s~@X=_qrZep6b&UzNHOL%h)p3&`bA#6#D^;aQnlDAe;V=<zi@{#$T zH3P9=bF+?t=W1PoDDxdzdy3R6lvCd~SCyK}ty7ScnowApI`w@#;##{A5^;nVaX9hJ z<*5nZ2|K60Z|#Mc#e8*8MQk+RAyO_glHpT7Akw?m5C0)_zRpFGPZ;Bpz{9XsBL>Sd z5lBP9nafMTM6D(?v1x|ukycsH3f6(ltSIhxp*FI#byhVZQ1+qlphY;9cvcrXr6yn! z_6Fh!G#Swdn(yKPvDPWXnUF1)K1Izpk;K@ciV7TRvO`FA#^*=|5h?mh#J3CiQW^A0 z=L;});xTyA`M&!%BaV}NtC{a3M1ai?5o4}XExr;_OY~d>*(4I8d4*ZW_fS}h@(GD5 zNRPTxqHySgB`T_$Bx<kpsA&=vLKN6nRO2P;NJOPhz8N*JqKHreRN8g4Jdgg4aU#(J z5fR6YuDt6ljvHR(?l;{0DtE!*=2zYg7vqhu@~iKTL%Q50XYvj;q~iwIy?dfd&uZkQ zbi8_5?x)1on%obm?rSW@t+4a=C~3i<SiLrJDE}Dl{j4#&!CpEwdHl#g<&RU%aU-); zMD^Or_spgCQrsf9kXHzYaRDS20%Eb8t+vsyK&}A9eR90qxDHRW$+%VSnAGSj+y?g` z^bgm0-hiLFwwypia6ay`o>3UGPQ~?9F%xLKC@?0MV}d!kS9l#S^Sm{OP?C<lZWfnp z1c7%OCGHc%ZHh%xlfy<-9#G5Oo2lTiXN*@CCx-<pw@x)9+3Kl%MB=lUxzv}L_YtBp zeJ1iALEPj@hv0kLc&?T=K!X3_wvmh4fRitBcva)_x*cFYZZ?Aeoa2tY5Por;XtPz7 zr*1vOm4;+;3NEw4eaJEM<5<o{+jtBa)P1Ow(1Uow?W;;cBPpT(EfNVmiyu!y=RiV7 z0G3xNhIyl+iwzTnD|~UIChoPH&)Xp@$JxeN<ht1!zAH}O$Hhz7AM|n5UpUGvMwN(r zxyXR3mB?!VZeEP=n%hum$v3!2_)|zNg6p-14GUJSreLJ%@OEQU?~a)tO^ps4oY*tC z-%QGCYI699M88;aSvH~vRc_{Uu$oC20tS^<eV!<1B5%b#Pj2Y7cyl2Rm8$CIsp@9i zxV*Rw;W+J)Tx56#p4twInNS>v<-=D+EQa0GwmS(BwL(Q9t5bTSH~4cn*$RIClpRZ5 zlO3!c&AUQz-(yT_PGKi-0c5f<6gd~SKl)VYKUuA<=~n`mtZm(p{w()ZQonEtZYVea zujm|BDXw6phOa_N)C4=xOI*QyK%xXL7rZJp%9s4;!`6$!*h&E8YJeFMgGpfys?`|s zGY9>~{gj&nxLNn}xhPxir+oeh8Vb2_eG^jTrs8`GH=zY^7yYf!;uf6O`)^hNV#A$~ z)1#@ArdeC_@Z1nfDLQ(b<@_^=e=6uel$VyYpabza#^>oJEeu0#(MhIH12`XtQX0jG zDdLrwh=5S`Kv8I6%+GPxID1D=mfg_S-!|?*2zR{Jv9l%HCkCS{c$M57@CvqJ>WaY? zOdadz8U=M9ua(D(p{0u@uol{E{TFRw8+!uK>xTQ|i86EZ(yqAe6*jk-1#ceDD>uWh zP)yQak4?qGb-ch5_iTExxIHs3DQ1rsg(e%rQ<j+pe??xXt!?ZMLe!Jws5+OKFs5M? zSP+1Rg6m$JDG+rjCb~TC{e4+<_bithvh^}#5H~8~BVa@}pc8u+Y?>>@#OChc<-a!+ z(0;hg@nT=^iPd)hiTuLm2HQ9v$Sw<HlkGYQ&J#Jusbh~3X~*G;k%UmW`GobI<mjPt zoMaofB2=;#niiI>d_5jfpC11DG(&en)S^k&k-tf$)NmG7cV$na+|OQCGp?{t97F@+ zxQ;M%#zcH+U_AsLoWBj%As+%ns`rU6ISrb)797TLr#5s5!fR-cm}|<+SU!UJ99niy z{t~>ockF`K?AKy7@y7DDPl+2w1hgH&#&Xeqm@ComC=xMI!`;17d=$#sE~UR`8*5)= zq1eA(!@#UYvNgr0du)Ub{Nujd7*uhEb-tKGYGL9JyuY<vY~pHb-&~FRmwzLWY%KDD za+;)NF=1lu-M9?S+VBYI#1uS!sA~#l@(wwg@n-XV>t``8?Hr)?i{egS4Bq#$v!sm6 zVPz@7|DuW1jrx#Xv)n(YE(*tm$es?ehg%1CqdMPkh}gGp{v`w5D24VCtX*UQdjv7h z17=%7nH{_!cT%}^YZgmmrzr=GZ9I$I9I%H%6~y+0o$JskeHfm+Z`jKaF0bBLxjQmW znu(0m#)^v=fI%y^jQ|P)HzuyRJ{O4W3}l|Nc*ELA<1(v}lA1CZs)eHDzTrMBcz}2c zW#+ard?&*E3bqsH@>wNwSsg}dFw2f&8{bmFAU#}lybQ@B_Jkvw$c0rKL3KkHYKf#y z%d?H;iZ1a5+L9uu*U#_7%{MW$Nvya^xcB!zWLkU*8JN_F1V_W|x)K0>YYeu|iG>me ztE#{nzxx4Y9mjK4;QDPS3p8mO^pa|W;JHi;O9z~<634(KA0Nd{)I)I-e|*r=sJWrk zToD~~4&JXG1W7(L2n&TPX$OEGSkoS54~?1)ppHcby@up9?KFVbE5$57`-f$oeZ@74 z4N&ZuS@7>;abfZMU_64M3M=(*vAsfs#QqktK9^OQ|MR;2AFs{rt|cH2ma3s^uZzuJ z%r!u}0BA1Okd0|r8_*Ik(g6SlUtMOt7c9kSQcwc=;HyxDzf%?Hb}A{ejF^4Uy@+*W z$zQj;P|3!smf)+b!1_OC2kHtiq6P0=20zTfv5kocBE6RBL2<iAF!4PRGW7<De`8`F zNep?3`>4cQn7F$n<~WIDPdNu*?<XisI(zy)_~5H}KdoRob9a;6uY*o1XB)3k$IOB= znAlwspYsx*R*8RPV!kArPNEEzDDpN$ctxi7j~Rsn<Vx-kx(2kSJZ^r1f<8Tl_q}c? z<7MP0ATJsRwiEh~&rqPN?9CFPekU>q$X^CICQP`F9N%X_8hTM-s=PRk2_^5Q4wqq? zcL+vz_M)|8a~jZ*t%(>9lvv=j;p+7n;;x1w=PZLf#`DH{WV2!>UT?y^^=m78rB2G? za4}iFv#`P%{UGvJf0O7Je6=)iM^4PFZl<o)B>5A^wbymuz^jfd;2<Hs<P|XCVC-Np z7O5Qst`KYe1z&NX-`e9LT%OL;IZhEXhXZRyVMQD}DMN$R+n5CZ;Anp2;K{?PXanhZ zjWrwVER<s#K?T3Jz#p#RhX7t~e{MY$Z|4BuGyzB+oSOrH9{^Ct4@_Zv`KK^PmtY5l zn=(lvR+&`fB4mC26EIYYbw^zAvVd3jwJ>l$ATrwN8bq<3PC&`;m5}vhQI*aB{!e7d z6IIEIZ@8HvmK(Q$Z!i{UeE{z#BKH%>UDrcc9o(^;UTNiAr^?BOFeQU(0o-FdPim;j z8KTSS%W`OhTaQ%b3}ZPxrJUu+kWrr}5#`h;sLKJZWN_+pdwMybk@`H}?v&Gn7v52y zHQ=DG7xKorz;7F8x`jc(>qbLoaF4pgeN&SRRMD5UE4xQ)USJscA3}aGSJxX5$^;T9 zWE(}u1Y1>gvZ!6bRho{L#zz+rx<t=eW)TpTk}k|AIOY}oY$NnMM=0krM~C4lW-c6n z^mxq+B*RZ1O?_a@G(!lNH2m<qZG8C;W=xV4RiShK4P$Cv(3wez3T!$G0_dO1dY=12 z2SFc)D10l2U(z`Y^ZnHI+44msQ?N0$YSy0!xeXC&-5^-?U$i5DZwGKRH8v}5Hfa2x zz&wzuF9d<~4j8I1J6}J1FTytd=z@~jupq9quD=f*k~d+u_JQ9D+(XE)GRX4)n4uXp z6i`i4i3H!4k#Yv>a^`JC>kC#RZg0Zkh(nn=9@T&KIgzv$*1zzCWYrQ4l>=g_f{V~0 z(JyHS;ZGKZT0e(wM@>@-GYjr4=HgF-<}F_;TRGA;CJU}0>FMr;h^eFJ6seU@-oRh* zHKv7y8O`Y4WYjdthPCQ%w49ru_`#~h$PJgSr?gMA_1b7U)rmp2vH4kPc4p9}ZDouP zzcrWcsC-hY%=}e-Su0kf>XACW2i_AG5VkLy;%PjkiDHn|_$~A<RWKfw4&LRybcx+B zAGQDJuwH?^Lnt7nQ^tGHn_=*+OTI@-R*Q>Ta4ssZN6$|ok&KpHLLqVZMA2GT4@U;o zP8qcKfL7G+o5bLld7o;uwTS~9$vrtr#M3uE>;*zq_CV(fR_*weHeZ2bKv24ZMiiZ# z>DJ>xT>BCm-k#V;H<?2**`>Ia6rxSSsA$u)XV?yo2+zk8`VpFr>r!z^OV^0gnVu@h zf&J7?B^rh>#Rpl}z)ZAVhpsOr@T+9qeFbC@phop}6mlv0|I=i^Sz-AePqwj6;*?UW zw%vdj6#QqvcV2KiG)z~V%YW>y7yaNg@y&3J(E)Vxq%dl*11N{6JG2HWS?r}>F6pmp zpXf_)Ol$BrYO;gz8!gunKF*INhsxyn>|1wLmo)oUz!;x>vyD%lq7>3a{Uu^_g<wg- zsF1F>7Pd8ei&MSFU@MSWRqq~E(kg2Rd;oUAB^c8)RALOWx=hAQsm&DO0Mh~KOPAoO zv)T+(e5TdrM8;&)W)DS`*17+ns2HR9R|f7g*w}c=<XQ~|`w)KQgsQczLV7~nHkzKK zWSoIz4W6I}x4~*b+dhNwm8yvrLPU{THoo<z@0FMI*<FrNz6s^n#!Wt~YCJ`U4hmME zqeg;iI9YXl(UWcC7qF}PF65zy*LM+zC+p6er49qYD@baR$0GoHKbpDsKyKf#*@8?M zUaKDy?I}2bME#_Q2Yf}`jo}wI(>A8N(RC)`;EBRuV7y0kwO#p#)I>OgXY0OSwHf;h zqw`uH1K{xXn@3bP+%gQGAT%xT1(DU=t^nZwA~*ezzHnr*JOM>sw<*>m$tuLSRQXL- zC5kDiI!rkUMrJK?kY85FP&fE)Ti*)SHzz;IsxkT58M>o?hC<cR9gWm}4+2JA$0z_H zYKxA#kWsKfi26ZCohF)C&=)0hy<r+Sulo^cwsAXKXV_(h(-Pfkl8a<oR?vpE1efe5 zA*)CyYfxm3>111lY*;#3qau4co$NOu>zhvYiXyuOWL%R6PoMq0qgpIMTupKwXdRb} zVMudSI=n6UUk0sPr+<MAIv=G7Q${|_kaE$X#+;k}j2u=rOc-d&bMr{^HcXL^rkyk& zL4=@5<aQ&?+)SEnq^VP4URI<U7)AQk^Z+pSToyJtqQhQbVTqni$#DQ=lQNFrjJqB@ zGY-|ePGjX|V!iu>@+ecFTb{fZIkG?=)8w2g`g+K-LZ0Z?lzfDw$kdd4P=}DO5AwN9 zuBMWgBZn)+xgZ5u>mg}mYEn5Wo$M(^wgO~z*<b<dv`AK6+?^)=IF~(KyvQ;z;&_pz zkBbGOC7|-!#_@<yUL?PSS5OI1$AeVZF9V3Cmm=V|kfyN)*DK4m-#LzD`{uE9%l0## zVA-DI;E*c#HyWff%l4PAm1XN;>W^o&J|QeU;lp}?SeT(+FW-~G<n=5|zMA$&Jq}>{ z8|DZ(5@`7Ds>-V^|CN$=rS<HebqQ@Jp^kq!SZPj9X7gE)1vDoZt6A6wYE|>X;rQED zfX8Ba9E!jE5G`gc<ftNUVt(pOTJ;n^EGu4IsKNK%dZZ$pH#@sq){+{kn=DE8=juN< zX;xb`Fnt`A&qq7a+C20U8m1ZF><r$16r)nc&(}jz51MmsJLe8O=d7?l!P4EyFl3PK z*|cZMu~p83I;Ulov?=MnAZ215Oc_hzM$>Q4qUcsz`I>a5ODg?BNKrxyG(hLzf&z2A z`;`Je#m#}9$@x2~s!1_97Sb0q>47dO#O^1>ijt7d)THgKC715hrTyusLpAAmO}fe@ z<s3sX5KoQC=9jtl)wG9d+9yD(mi5DmaL?NVf${i16aW8%{~zLiK8U>48teyk(Vkr4 zj9FhHmu}Qi@l-flO}b?T1fsHys~=?ts@%<8`)FMQR>`CuQjXJn&T6&oWP7(tEXb_1 z#@&N?uZ78M3y39fw+bXK;3r)NJC!^@XO1E>^DPo?WZ4tUp}OhP!w!oGdQVM!mycL| zZ6}?6xTgOST~4j?aZlCxq@dT<jv_4)x|P<keq2wRptcKPtDsa*;iogTouMIqoUL_0 zHdWJfH@$HXW*eye=$N@hce~x#?Y!MzF1dxRkpigtp6r-Q-z)e=^}YSk(f)%>E3ICS za=`(D-$;44=LD<hEhpP^6Zl%^cBEWatoa_MrPK1I5`DyBS=_-i2AsA!P-l2hXXxW( zpjJY#zP57u&!05$XVp%pkpAP*Lzss^#WH&6(K_2aH=FcOFB_U7hK`NgfAIRZ&w_ma zKUJ?w0HGQ{EvLJjvMFY@jzFyvMsizLA|IHC0}P+H%nRw?A7N9|m)vE2{Z42^)ZJ*& zAGqem4?bj#&sod11A8!*83Weymh7Ds^T9T%9^`NUzg~TL4}LHsWH*DOR4*D#d@&Gt zFc$}n*i;;!c%^U?qWICkxA1F?2SF?~udoQ|C0k=Pj}&f3G(UyCp1;Z0+x7l?)VwGk zkNKti*f9iwrP(*E?w?aK@xmAv3Gqqft8m0Yec2D+h<)u70?4<c@zF~8gmx?k2R5;j zwci79dXT?Kwx*C@GNB1(|BVA?@2g^i-W5n32SJrW*0nB{3)Ffk#yK8r5k^hTI1aY3 z$}t>-*@Rzy`k3{^cS%ts1+l|sD%Ow3AcEi(bfPZ^);(1if(-JnDOqp=8qzxaGgY+; za5W9XC)ugvYO7-C3!uZJo5qFFwu3<P#>43}W^)|<F=W+iGG<&5Chpsx0+-uK{Brpn zV9l(Of(vr<^8<*Yb+e7x_s~`*4)fURNjX<o#<8pvLKrs7u(X{j?`<1>*!1|=Vl0rr z?)RnlLz}skqSs)q#xqkZBsH#6D|G5Orp{_?N3s0yGj>|kzwpG`FqFpnd?wP>{(nKX zv;SX=lv!W(fxKX8f>i_2rINp7CA#CA#(N=L8l3-DBz2pCHI8I^QSkO(q2?I9hh2rL zL&GK^ckIF7t5w<k{)+m~xoy*5kj~Luma%297>m}SgH^12V<!RQ3*O^p%W*?0vVeUK z%H4;ItmKwW5$eH)37tq`KL8HWQMk@6@c%=t`FYCXK(KlOxJxJEQo0Z=rD)hx*5k)$ z5?Lvi#Cwt0x;L_VQ4b+19Y~iZJXZ>q@J#h`I;8L%BF|PE_9j|aK%_WAxcUo(>k<BU zmbHvw?BUU|RZe!q#KDx+X&Y2S36AyPfqEi(v|WguDoCn367=p(E`qIp0*p+>BG?!H z1)aC`OvZ55#Tbh*qZz{q7GvIJ%rT7N)I}=(@_o*PMe2&$Nm?sc1?xC@5vmlZ(q*9& zL>8AIO}8IgNgTj5L41m}jr6RX><H#j$mcZL6DTd6$St_HQ*fP|uk~K6UtQxpe~)LS zR&EVk+EqyFg11rNt*vP1E%73<Q})f)JTZ-0*=5vVD|5q`orfF7&wq;NS&i&vQ<mNR z#hq9fK<7Uj|1Zb?Tk-#C{Ewh-JcK2WIr#kwzgzJ?8}YB;InW#bva)mdgMYbs-T2cT z|MMB>-MdHcp8V;BE*(B&0?#ze6(;gN>f!d~nTSb#m0gA%E_`aX>SL^QC%@Va{+0wz z2v!}5z^t!c16i=DnZ&<f?V|ya_-t<TpcRQz@xNr&Htuu<t2sE)dsu}}>(ZB}h2sYG zK`>}BR}8I9(xw;*41fGfh_8beP8SaQ?MO_vPpce~Dt}HQzWXas(9zAetlsiT=*mF^ zZ)UUyeyIYtZootv4re||p7xWBW;x_Ijxmx0h;3{XYzz#4MWC)#Vc13^p5n548m#Jp zNS@wUBv!h#1lBBC7>2b8qlaK1AMxb?h*id5{7F0MG_+fy--459k>2@$b(2x8yshto z2;-Kf#i;?4^UE+sI&_V?6L2yZpQ6SmsIl%p2{s@5GT<pX^n^qlE8ydxkvP1z;3{xn z9lOc4#jeL{^8N%~Y@<MGRWKP3dXMmjzi=RwA#gK-`0#K9iEVoWD_>(>LaerrX|3}L znKKU&lH(TSSTK@I_a@UA-Gx=BMmQO|<)vsUoYfiEmm)6;c@o=gWcX4RG8=_B48OJ~ z86GG+75o<uvNvWMC$Y>p%0wyFeH(Ec7E(DG5{FTMzkzd7Bp6Gku0yIMMMN8rDu!b- zR^k?%LV^h%0Zca<RuQZw!KoxT#v?#uy96(SKrJlPouW#%jfa^j%1i-d+NmtEJCns^ z<b^CAz?L9o@h8gS#*aK%)c2<>`hW^{{oi<yO+K7$$&Q*U@SW<rc)rDY4$@mtN)B#$ zzY7j>I^*C2K!5{7b8rngX#ddTASxW(2`XyZF<$rLS!38Ah(`4snzWgCrb&D6L;TKa zoQp@EfmtvLyv5MNXg1<-J!u`RwHp+#5%q~&-5Er6M486oLW-Z)D4x@levo4LLiGDc z>Xa)WHY=9K?;{2!_R*apvAgh~SABDlZNWJ50qvQHqBFH;9kMJKPazItYHHMPqCt*o zyuxI-2w`h4mAu23d>@l1GI{%Y$*uIy$$c%8Co%a0B%@}&%#)aUCR6KG<}6?GFeHN? zaNOc)T_GalJfT;|6<xes@EewAAy$t6{V0M#Ai%>MJm^*FEQztKGmDvFRBz&8lmyi( zb2HBIr09&>)mv|gPMzwW=cd04xAq3wXIP`_;c4c|!N9h6(3Xs$AZIEVe7^=DcGK`3 zGn$e+LctWxK8Mk1D8rd+;QTU(qF5_Rpi<F67ZzUjQ1a89)bZI%?d)XJwxwU@4w_Lo zEoVmI^vLk7H}9+a8|KI4)HV)d?m=54!Izdt2W^7YEzU+CR#dbhtN1EN5qY$Y|ILAv zwC|6TRd3c|UV$Y_{0T&se$q$q-Ukf?b-^AGl&tZ~86PE0k+5xitVqHnQ7ioaMU1wd z|3PrUXtrM9y)JrRUT3{;GV-$jV;hhC|4R0Y8_|ayTlj8Y>Hn(u7Ch8(jXu(m!x4() z8IZ79xy&A^{Q&mbHon4M1L|ioHy7|b$!#l=X*##~fjaj*l{A*Qxz^uF?xl+4Fr8a` zMxFZ#l@w%dZVPmhI|-5nF^X^LJ6(vcTW8|i4|yTJNf_WMzAGrc;pm=@_#WS#;#>1) z5x`&ZK-q9Nz>&?HD(N~T>1}`y5VN2h?9fge363)D#0w-ijr{J8ROzVxQRdGiIGqHW z-*ySoN101Va0Urhdjw$09c5x5&{}_rXgyZVjz%0>aaA9w1esFX4!sFhMzGre*7@k; zi0(jf9WX9;7x&?l8j;>!vVX8{!DW=*Z%|=JdY7Oq+qef*3r=PM`|q>>K<4`kkpgC_ z0v5=Q-MR&rvw%m^3g{yR3;`8tmZNGW=goYb?|ha1S<tPy+A8R);#Yd{YH#3|J7iES zfgUUvL%uIrw==<j?;f4--3$b%RhH&^I{E(mT~9C-DAG1=Bo)>dl&h--H*a`s{Qx6s zWY!IRHsGK^uo{cK%9&L8xYlrkZsJ~a?C8Io20(gH7vw#=TQ)ZR5+}t{$IL^J4bpqL zZRC^Sg4K06j{(Bocqd^iwgF}HPTb;<008MdMAwWs4_VU~IvWhx#ylipdVUHX=nvng z9#6!hp6`#JAZPHV$1lL)yDf2Z1tigg4u(aO;QTkN!`VsIDFU4IICwTDmd#f8HB9Hm zWOJkz+kIi{b;z9GrB60akDN34TpWXaL<F^92ziHbp2jmu6}IsK5EdMTNbZEL#zRR9 z=k~u<u?u_?NsYe<ulHghk{2ZMZC`EJ{|QP8u^)<*0Z2rG(V;ggv;gO-&_J^YjroZ{ zCtT>i1G?@aM8l1G1gOOJfX8WIqi!ZhWc*$Q!dbTQAEfYzotl=QsG~?~uCg|;7c18o zu@@i~+iF*2$5W%S6KCsnZzNobgh=w&iz`RheTUvIW6u==!A00$)$Dv{6syDc$B~YP zJOSxiO|m5pv!TNf*Lo(10X8jIeJVp3VxN;mT$J;0HR{JXjg-(E)Y74CqX&Ydd`J?0 z0GX8WJOa_7gA;qB6Q0nUTWzxsuY$I!qlB*@we1f`I#4C?xS>vZNDvBossx@9)CUM> zs)X-*37C7z&o(Yr37b>`YoyQdouU$&bOJmYeemuWmGB}G^fX{NVxs2k09b@%Py_La z@O}j1<HKI$DTH9v%V<0Bd@Hg=7VJj2-uP3BH_(igs6gDDO*&AVOJH@9YXuSzGlnrd zB4-<KAx6t?l}a4!k-v->-SyB=|5WL_F<qTKxyP5DQt99JM7lbUdyOysay+$-Lh)~q zg3P*3{$5B5);&`MhV!q%`MQFCkVFpg`TPJm@^=h~&HL4ni-X>Rg~ZEwiI{mOPhZ4S zbCk!9BlmM5AZz*wvR%19{JTn+4&U|z+_ej_aQWM6EOeB_u{g;bDEw#^uFmQ`l;nAy zoZBc*CtVJh<Ri+wlV>OJ2E<^i^=!$R&73@f5xW2#Jb}zOf{P~9J}rb;&bVPO^5_B< zAXIs8V1+{aToELLgF3`8n>vp{pI44M!gAvLo+5d`%hVe&UNd#WlWoj|yUKSqq)K=v z={YG13|xr>F1JEpa()7@3mvG*hA&O*p#^jn3>^FYCvWoY*bl892T_c-92MLz%8Jfr z*7yZ0<H0AJuil-;soELDuY_RiW!CyaoatCU<L&6M7kS7c5kjp#&sVil=QG?|!JZ(` z*4aF}o>e&lgv&IcID+Ex>(idcfe`6WB3&P|=z|!ozXb@Q*XXkrw`vS^8lz>FQ$n_s zaGp*TXED8m^&mtE5tcw7(KcR0j4t5?1W|%Mrm>I4P-GXoCFDv8c6U`-aVXPExK@?$ zG16u25$Dvr63SEw`h>?qjiJtf<hdo}S5lmh>Qr$$(@W^5K%Da*noOM#X+ZNM?<Fi< z9SV69F{l(zefW&cGb*0PJdk0iMo}KwjS6KDB4J8-1Vk1_ZQ~M^&{rk!D2A+)Lhn_= zwr-Mx=P_iF(l(AoLb6^CYgDr5e+-H`0A~2n(({LdHahf0p2-MSB~|BniS%-aqobwh zr3#%x5_QJ^lUvif%0@h)$jg|n9ImCl^o1%t&UEE?J>g6L8=j!xJnm810|A}@Nw5-o zIVJih15$}=naP~34}NUUQ);4$KR^LKN5Fv~(#JklY9htMZ@0ko%%;T5J9(gG_|nRO z=+Qm7UzwL|&#v4JCTXAKw%o*k<hE?LOP`~=^lmHh{`s&MS%#Z-u1?#s0<T&=#xoDq z8xuWZW<3u<v<)>M<EaQd@`yzB#$Xjr?^AHY!B?Fespu&CyTBztuFkZ`T%%uYZ5ZmB z<=JSY&dl;u@ZvMet8!7AI-rsbaND?SMhCNe6{1i%vYQx)0ITBGa<Z;vZy?KN2lO4b zi)U|7yO~h%)_BMRGkN97L8>PO_fw1H;!q3$8J1c5OKz+`;86#QoS=vK8+ZZnQtVHK zT_=$qsD2;B+r<6_?_4x-`h-d?xsf_acd7D7+xW*#bUtgkTX!tSP65_b_RS5<gvVA( zYT|^jFl`NLro+0-+pbr;%F5eid6yN+t63raYSw1Fd=hD5c_?s{6xdGxta_0~4co?% zD4BJ`8!D?rNHyJL8wL)xZQZzzek0zM9FrQjH_nv-0s|c!70U8Mw+4y*xjBb7suT>? zvd7|O6mD4w%F#eEcS~-&HF2=@-0Q60vbz1!>qkm5$vTd1LLH${IIEvf#c88_ixelP zA8-s<zxTyA9o_f7@NP>Hw%fUl7E2Y3;uunscY8Kw4mEjlH9$>Xje7dC`Z3kd9QBjJ zj}_zgZB5>3jG`yY0|IJGC1rdLdyBeT_bQqZil%aRZo1u?=&9N&*;oVt74$)(lWz|4 zSyNOd#<R`cOc;Bxm8mjqgtP2qI+2+UQ<*+PJTo1jO4{2w%~7<B5x1adjLI5C*M1Xv zn{^WphS%iHQP~qy9qbpxUN&1Red!)g-CQ)Y;M6ppE+FXrD$|rqp1M1k9G+wv!J5fQ zl_I?FChu<+{DhN6e4n(NZ9IP+C0fwt#XN`@(AVUxW?W6)Tk2<x`dO=f)~TPj)z3Tp zVL5!iNxhCg>+3tnjhWZ-9SSJH3*LD1nyb5(M9-5qQSsg)R|LoM%`EiH4KciL8p4|3 zzVIQ}=w4B5tzJqCcEjNdDPpAD4jJ&!DvwhH=cn!Q-Ps76x~z2r9V9k_-j2h{ueox0 z6uY?i6Uwrl#RQR7T(qV21yD~-o`7KvYag;9k9l%$7Lh9W34;XL5zE7~Fh!hfhO7}w zg`*=Jjz~w7(Sf61mto>MGP`w@!xC&3W_{qtnuWP*vVBLe>L8>+vwFen-GmB8YH|xH z6mW40VN(TH?u3i^4Sp_2*C`j*3KzMppjUzsE^vT*rL`Th5H7gxpt;zLV5Fwhk;Pn$ z0N|n(Kb^_qD4?Qs4s&Edx=y*+{2FD^t!;#~4Ooctl~TM9qgY7vMe#i$gaG7$((!ug z9`cdbw%&5$r!7zQIUG}%&Rv0}ucI=v8mVP+4+7twbM_-=A`+^1$~T_sm6_`))d)8v zx6z!VDLrND4W^}$t@D>ibq-wuE?Di;r8>)W(|Y^k*8ZrD+0@oYYNKwowvNDBI8Rgv zgCWHrdEvH&3=uMpaL1If;Bem89*2BSya?|lO5^Lk00yqYaOcY1T2?RY9a7Tb%A3O> zU*1XU5?0kx_Jp=Ql_ln`=Zfj*)h)26_b$ae#Nly9BiVRF%~@tOk}KaUyfS`rC<|kB zna=S9HDs1;WR~xjhsJU-<uy6djq|S8fEjfJ6TOckrwnMaGEjsx9DJs;1AYz=N*PG? z9R*nbNpJ|Zx-a1X)l~O~+@0KR@=OB<VT_4l)^NRnGyKZ?l@n|4fH|^eO$IA+#AI}v z7IIbLbfn;Y=?GuH+ya9$7RN}@f;jmSOW`bwZCrCTXz@JVIn%Swx&vnrBnt17fx+PX zQ+Er_pV%840Hb^2&#C$NGqD@~Ovy&ogY&ynXp<nCawu3V3PFV_sG(6j7W1X#BDCr? z@K|E0IbbO5fDcGR)+g``_#Qb^N=r7<ZWhTM7RYtcO~_@wqcr4ACWUZM$==pKna3m= z>@fPq)34!~eS>d}vtKy>T>BiE5SduZ^IO)L=K@pYwBJ_<(Nc4g%1+$MYL`bGdD+JJ ztH{$<^xcxRJc`8Iy}GMY=tVQp*z_Ven%YJQDDjp;Y3i0N8N_+clFC>is_+h!5xsqH z#^8zuDdeMwxg%nJi+y(_wsnV6hO!_V^9{U*PV#RO6(kP}Io^*(9CR`o<*7LcB2LM| zbBrMpuilgJl9rj5Tx`d3ma5J3rB(=P&oG-qa1vNY6IOzE4WSjbD|6xZRKf_&1i!<V z1#jCM(UlhtTU1zuh~RC#@z^%rHfErD@c)BV+Yt?w9k&Q73xN#9oAN9H-cR0UcuQl= z*Xs^}8e_2&2Zv?+U>kq27z*sx-8SC2lG?yGjv)&$^&y_Q8;0k5(H5|9au*5@V(-PV zU&rFvHWq*uquJpLFp&d@T3`ShEc%$-KsY$Rg`C0MvE)CY<hC-~Scqz)0*MpA`~wR+ zFt1Pm!CX+kyk4kGT1^NQVkOKu;E!s9`%fA~>8MnZDLnOs%V~Vd2PIVZp>U)(%gVI} zvgr!sH^)rUk89Lpg?@aEk4fiR6#CZ#u%ygGjS+Qr7|mV*2ci^RS{8!YuUqTif-e*i z8y+*qhQ^w2l$x)X;kIJO&&7J~<&;~n+JxBfejuc1wkO*!Pn3-K3@V&BWW)eKV3xPi zZtF!k9|}ey=Et*^*J2TP){bc>1p+gkY|BSfTMmd&OgK7hSmkgY5}XOlXw?aogE0RZ zR!3_#Ha~8b2I_`5x&S_kKm^N8QNDu~i1s)E7CRdzP0fo?E&ABg>0UeXob2^v)uaE< z<Wba_JRZ{WxD8y{#@|p|bNvWjG?lo9VmUn7K0VP}3k4gyN+|u12@gJ@JO+8JhCGxQ zwsy;g7*<+C7Nm)xq;oO62~j0?%f_hsd&Lkw17@r_7iR3Qlb|PJ#wLA1eN<))DO5IC z`FxyOZv7S2f##tvzz<~_P7iG6FZx~ukEgcdfroc$@oO7{FB3BrWQ$CSHI0<9uWfH_ z9?)`e1Zfx$jFAY22O)KMMfXwcI@GEodn>tR-5{l+&Eq&8I~Q4bfZ<<=gks06ebBj6 zmDy0sJATIC8BN`s6<K8O;E*4z{ug3m=EyLNSU5Q}JF!>HJfj%*2L!8@!Yaj5xxv`* z*Mf6i!2?b7=kW`E;%ysEcy{;SPnx+%O6?h}#!v>MT3KkW!4NGQY%fg{OVV5XV$+J7 zo7=iY%<smUKTEZ8eqzO<WqdhBKI1{v9h>t%>pE~vmit4xG|6I~V2v<L#B$onvNB)M z8l1f!lh1BC$vPc-M0hH)jZK%bkq}RbAshDD5d)Kkh2k;jHaTL{kigFCbsF&oF<liS zXWdhaJtMpAGQ1!8CuP~rV|#?RHsw~1gpGUoRjQwY0}R$gfQJgeP{Y;{91k>f2UK=2 zbjJcaxjI)01n<()lWIoxGe-`Hnq&HzXJF@lOg^MYfmkhg(>Yc%vPg!#XCP#@m$^Ki zV-0$f<Bq+&%x)b1eekyFm|51NO>to^o0u=~RzHGAG|J&#qwICD$YOW%+qS*asN3Em zELx{+TJpE-$_pq;X&xCy;Eu`_mgQ;oZows@%*SBe1LB29=Kj|eN!`&{3&4Q}zl5z5 z=EI9bF>Se0hZ%)Y%oz_CWr&(f)3iZZu`9O=c{G-@jq1=Hb??|8yxyQYfXaK|FQP*= zdq9^^mym6=KpR;r@QaXbw1R(c<>LoDL8zwcQQSCXC*r|vc3~PH>DQcZ;+gYKc4--| z_>19c)&j6MtC7Ydf;)<E&mJM0t(sRTmXZ15esbLAuAMV%Sc9NP@B@9kT#P5hv*GgG z3n5XM)=6A|F$Sp|dLiW)H^*maURBEt2-Tto1zHbA2JNtk|Lra+shjTHkq?#n7u6V* z<t(Vw{Jzv|kDH&uace3?L?9q@gjn^~#E2MXxRu9JK6fLYH!&O*OP(00EJP=T=Eisn z3<kNXi$vST$IKwE)-u<@KSB)F|4<!yr49Q?VR7Nkm#T6ttMUwZrX}#3v9&u8Kkh78 zy2CFJCw7Q`K&iG-icApk!7uaF(i`+pj>1U5IlR!msc4%(3&T1WKk=F)<24uO!y{!) z5&0Z`qBXbnLCh;EW~Rhk*RN*ufSB10JXqV<0Y`^oAm^+WcR<C=d_EBaEl@MMm`}BM ziq)K21S`c2+gQz&xDakM4_=0l0&Xw9kZrS>RXo}@YS2F5{nG#N5JyX0AsEN2;o#lc z6Kv!DKcr*U0^x9F?hI*HEIjC8d>UUt@r~s&YYDsi<L0OOHkjV(HW+WCn+?X3LlxG( zlUcUC7#)k7!u8w@NL+5tj$`p3OW0BTkg%Ah%$yy=V=Q$iiNLV=4n>UpT(oByg7Cf? zDv!cG^i-+VJ^zN*>-`1JyMpsqLGR_jl65Sa3%lm6{jey-L2|AzG*8-suH`iH!VQRE z6&F*YL+iP1kN^u@`Hq@*a&6sNhfke?TMh3gwKVyka2CLvJt?;v>13fDY2C;-NgSJ6 ziL(<Jj$&wawy2oaBfX-6Ra6VWa(f^;?6_c+P+`6`X)FgD4Gk6)_U!2>qAZ138uhMR z@fl0iS0EY@*mRTK0I-UuFh>Z%Q*1NKP{lHPC*HW2ff-%RiHHta@n5NXv!}5NGQlx} zI9GWA^{5xlS0K>VJzi7K^!PCOsk{mM@}g+i#ykcA=wC6-z*r2nlVI@ZwPIZw8p=<6 zpare-#E>5kJdi^r-+PH|SHN);>VFA5*}A=QRTGjo)wixj11p0x6r)|Vrk=85!*PQs zSoJ457rKI}I~iw%K?gft^)#4Kl0z=;yVT51;IG;jshQ1v5haeA*)tHvzNgd|)tQPw znTb|lojB65P8G_Cr&VZAsZg-`OSGtM?5`@7ttz#hb`$r#!5!_SQjh-2x!B+Wi0t<$ z9&08owFR$*n!+%&L+WrpYX!w4iKBSGeoMu(cByz2OGm}4(9lpkg+2Rj(3NqeAx-h( zsaIzr8eHvM@yL@_Jj$3lS1hx-u{9@1b=HZ|n|%ipsd#1PZg}4Zf`uiwjhhh=#bY`Y zk3Uqr*M$HrwFrT9#bYChqnECDS59#h@8<JG@h1OM6mKG|I@)MGyyZ^XXd7+`t;JL- z(8}qUR-wo&+~tOeB7|1YP3vIwTs({&HlwgSSbZCaG2a493*bw^9l%!nLWk47no~!e zuxSFD%Zt*|H0pJ%{Xh!nBI`hoF7nDe;dB*kbSke~=bWBOPV>pBp_!TFF!M+SnEA<J zX0XFdHKNmX8~wE-GeccwMk!_vQOp!8W=?~@+KJd+gKXtn6|EfGDVd7OTX8OhjQr>@ z@-&|0<(FU4H0g|>{W>!85>|R3m0`BA82KQT$6gSrJb)npQke_;(Fr5N$OzAfaZ(n? zC^n7Wlo(ui6LXQk1w<L7;Bi-Ax~hgQ@nGcr-ca0ZQEwn%>5XsNVXgn?HSttL4jAfJ z@9dVc;mwu1mzgcrfiLmx4wxQUs!XO|BkQh5hOnMX9L((0`>3?ULMq<OI_vp5Ov}2* zFnhodTpXOAKlSGgdp9IE;r`_`K<<ZdOD1gnoia^g3qyNe>W3W-uEQF|J_^*_CR?)- z$6&uQI6wE~smb<p5(Dt}NZgu%gvzgQ>bxfRWKIb4mvI@R7v3*AdB<^;IWZecuZUFy zC`#5tig^R#7A{v}(sPV8^ckAsf(>H%3SOhDh<QT@E%Xe-yqD;wEF6lffEr;Z5X%F& z7cy1w4@G|)e(2-GIh!e{!c(M{<br|I{WqrN!hWT@O>@Azz}DL|^x7-96g4ffAjE+I zCI)M*|KV`Ra2WrG;=ec=IQ1ApIJ7+Pz5k)xV2foM|6Ia9m-5e__~$bIxg2*)4mpcT znAk6daiIcrdJ>s<bnpPgb6L6qewPl)D*F5XMEPo&AM(=gBda%#A~@Y>Zn5$)Kv62V zMtv+48kGm<ys>k-wThWjdAmUh>>bmotmGf-8|Vw-jH{_B-p@e<(_%EA$67Bx1*a=j zut=G<6rEl7LZ~mFM~}Et6#o_FMb2tuKbW%2S*FA7nLMIMf73Q<&!Go>81ePJ5Nd7N zHujY`*?>L~=P~h={)S~AJX?blA4e-bK7`5e_?QAdQX{Wy<yNw7Y&es>xZq)Q?J{h1 zsJBXS9+7Qh&7n@2Cnz<B4&$Ed1Ni!nxvercmTbxn&hLGb^}>7(_=$mO=k<g0<2T{X z^(N~sNvr%0%M3S(d?C+@JQPg)@)G#Jhl1Veh6NWQE*RZr8^cg-sgCxDBO-<aB^Jy6 z;w2w}CmJdxDo$j?DR;z)_D27NoX%#|(14uWVhsUjtM)(?8mcE=Cj}4ew^W|ul7_8I zv#`T}tE+-fF1`Ba%pOhq(MN7z<of>w8?5c8VUK<J-+_UPWvyXY>WAIH1)$AXlf#*| zc`BvC+Al3-AyZz1r)L#>!dYvgmpW=+f~;>Ow`b94ln3uz&7NbPf^`k!BD9;eS*Ey& z{y53mCw0aS^u;UAgJ;!jZO2R$m+A=RAW|+@l(<({DCNY56;Z@*rV)P&!)-mJh)aCL z{Xh)H@`3&+Gk9hGQXysDo(4nvZ=Ie|CYZ<lY>N1-G~&}qd{724{Z(tOB0eIG*dTE` zTodr()&_26z`8~e2hxbwV`gHl%pjgg;!%ot9hAe7)89z^m?A!A=7@7X&B8kUfJp6D znmY4cEI6*=Y6QkO$&{MVCpBh=_1jfa`9G%tokXDV0u-!%0;TDOIDqjZbUe>n>-cQO zA0+XWl{)StxUAOhD(*ZTSI4;Du*d~1#nms;xc4)zRpNqGG!8RIJo$-cyxnDdfMWa$ z^td--n(^GTh4D3vOO3$>z=VA3?on``%=NfLq4J=aBhC__fy38R3O{QwoG(C2K?)Bt zBSyyRjkgRz_jcC<Pd584cgMCen=jg_(HSoW#&TNX!<YT={EYV_5a$FU;68xyS>XDc zP2jpF?*#lL@~rEyATFMoZS><REJp5XTnR%b8pgL3J(U(CB$fyfcU;Z+EPFHlVCICe z1pRrO^ygFH{{vzK_DlkmeU;*`hrm#UcU}bp_-(~VEeV*^@@_V~Q;FGXi}jbM&>;tY zj6|9s>lu=xk3Gg;1$37Jn!_0VPu(xht5{)Prg23}Yzzh_a3u`e#@&jwBj8U@6u0SO za3CuynghJUBkKS`a3BLR?*QkDazwmI?r}$<S!%N~Z8Hu$?4<mmEWbjR-^VS#n=1dy zCps_xt|z_naRQ_Q62#Aify!RaxtNZOy)f6u7{^yRx>SM9>EN4aIpq>eqE?vSM~9sh z(nnodEl4?Po|L~JfVQH?@krrJMA^o)GmuRktD0nv&c~Q^Ev5@8tdc^!Lpe5~$wSt* z$4Oi=K}6aQRl;r6sWV_a;km>y^_C{U`r8T~L~9UPSpS6Nah#&<Vu}}wIQYH<7Exhb zumX!c<@+HiSwiF4XFSiwb1ZddMII(a%z%A6k>xGjWhUGfLgF+paS9T#vcpjgDjbvR z{Z*wnwoKxpVVu5(UT?$LQjxaxEE?tcr=n9bT45|a1`P);k27<IL9Z%@M9q=8P#zr5 z!;MmXY-1ltp{_s5l|zgTJx1okeQA@oOtX=M=UQ|)l<a!BT7RWHE?>!^Gr14E9NS+g zyku+Yl-!cF)^mSjK3S*3YEL7o2&p~&IH$F*^Q0wQ`ep^rrswgm7~7&j=0NPgBIwoZ zuXLdXf(?X^X0OHn<ME%~Aa}WA)*n$8%-wOeagHiygf0iy>vk+>(_GH&@G{cJr$g=y ztxo}31ay2QJ`_HZYtBO<BuJ>QZET0#!2*!x##;WcjBmweuVI)-c0#`r^u0X#`-Q&p zE!;N^?M$}!O$@e;`3OQ74?d=Z;bRhY4S^px_|4X_4x@hrqdZJ>4*Djx=G-;Ca#syp z{{qU1yPdtsiQGOj8BR)G%|<9CJcKYEO+yrsbAm8oHI>=ZehZ1$!k!AZ-4YX$?fWH; z2eWOD>b{Q=J)19U((?FLsB0i|0Ypbh!&D|9qadwS{?f&?VTa%5^6#=!#V!xR`X?)o z^-nM$W#iPoQ#NW7vUW$gshe`zhVj)M+qlimSgtZ2<z(D5Bjb9=e+fGs-qSfvO2cW) zy;Y`PAJL@^$W1$pncg@LBRAGp7IEPtW%T1L3cKW0r>Wi&TYxo7_U6)U^fOt}WMi?n zjVkTM{xiU}e7Fg|Rn08)&Y?Qm*ZK*7O3{gVWq0ChY9g8pOXmMLMf!HnSpd&LFRgrQ zYqA#HWKk+WE(Etl$Q!^%MUW}P;ozO$#A-dGD6<pCsuavOF!tL<H&h;$yC{&@H)<y3 z41CIva~jC|k8-I{)l^Wb{J9AXT4S)R3Uuo$Ab?9|l%wq_BP6qomDY5f@d!6#exiVz zd8kBTITnay)0IjH-G&uOz~n(#u5Q!haJO+LygeTC!`yKIf>7!IH9_iX$2EW$oUWmj z$GH(XXdwq}^jWLjF&a#R)6b(XbKzoIKRl$)+#$YP$8SPB4m|A+*@diiNGCBPW6<bG z9Y&k<oj{oxD=>NkI5Z#TpuzDXX59?+!Cn|X5wd%3AL!SrIQt&I6a$s0It;BvMp5?L z;-t(eY;ek^Mo&c9s(+?#!f>Qg<xLMzapw`|vBPOwX3WzIC30$uHRn}wC~T$mpfq;n z6g7yTk;-wd7L1^ks5IrGG!fO5`H8W(#|T{qJuUDspd96Kij{Ftx-GUf$O9J78m#;N z#!@jxEdgh!CoZWDw2IT3%8RgSfGMU9a#;xV=SJsgP%<HB&Da)o`=F1>ITa4iCpnP# zJ_*p;PQX2z&~)%M?IG=e@!~CqFL+>ToOT!%My+2_2PvdvEsjDAypQVQj738g+#diZ z^F+Sxl{QL1nl!$3Kxo~<Hi!36!Mm1*f>-N@M;RmMiB_Y?3W;pKS9J|KpOUCs;NYLd z4eu9)h{9-`Y4{KtyWwE8j00j-OXkEVy2q}6oQ|>yi;=L(9Z)RH1YML91*H;S3pf)} z<3Izi;}irTxFa8QYMPZ^Q?MTb!_+A24G2TV#Fb;vYUZ3m_9r?X>##G7We|2a9;$IJ zR8sy%?euI+EbcxQS>y!7ghqr^f2=?X8v8=@Z>afiXYvVhq}tcn6ce-|WL<tgTsTzj zhQm@*_yMq|L5H=OYw_dl=25*52Y)zW8$i!dV;KC@NviSyg2#+?X^h$Q{F|1don}%U zcsVGIA^e<}s6BSmhNA;OBm*CChch%H-&1MO<C%;piy^Vp$gI}8$!Y3de0>h4!Tl`M z6v&89bqmD5NYXF@JUj_2UgGa#E<-+kUX#kjkwbJ2rTA5flJ&NYdq+bcOr!r_j_kuF zJ8cZ|l6eO4Th0}15teOCK_&pBbws*oonyqwg0Dzv^J{m!e24au?K42x%IV-8wzBRu zkT`9F+5}(aB33MQ#6xTw*gWjlh)pX9F~Zka*6Yx&l8w?%H?f^w2e)Xa$MEAGP(_I$ zs|s>8n_7Pnxj9Wlj}z4nOI;}%)nxQ3Ga3sJxL<gb(^z+&ERA*Ledx?+c@*h2mTZqp znSD?uzOdI?4GN52ld>!G!c}(SGG~6d0}UeCRjWkJ)g^0n)09io&;hlLELAMdDeS3= zZNHb@=JmSmq8wg%bMIG159V}nDJB@BvvHXy+7i$I#Iw^vkUCoE9*!eeXQH8#7LtAh ze+=h@CgsO!ron-p?tV!w%#HGys7INJV=$kpTa02g*S{4{#n$6RV%7l1FwHlb!t1FR z@tSE^lR6Tm!l;MiHG`uyN6PU)bjbkvf0^q4sE9aMtj#Z|4g5B0y9{(|AzbvVd}M&| zin}KcQ!vUz^9v-e^UYEkXqDj!W@u`C55-4^9T}{81A&;iuYPf3A$l72aAb)S`#g9u z_rrZfDps$)J&vas-Zg<yJ0vxU`g9QHDJ)2zV@EAiS;wF(&buy`8M0e@c6YVCh;`kl zR31kQD_B^w6}hL2+I|jE*hYV0r<-Oc#3vD5YGjV%j8ym>?QrH7@5KJ4&42Wl0C6w| zUwGM!cW-bO0`C=~!>V0JZp}X@eO^YPgH^RBV2+hmZDkW9U=a-h=gAS|o7T+_K*msh ze1ZyBm5>g%b}3a@1tW1ilq-O~AbY}4<$Xu;{j*Kbi3*$#K(TxmeScvF&Zw+_4#E@O zyvCbkIGIH=hrL)1Ul^SNf9+I&-dU8#Az@laEIS5}oBKoop037}Y93$_HIq@Y3UGaP zWna-fuy=i1cc|F)*@>bkj%#72!m}UN6DZv_lIVSK613i=@Pu>t=in>|7S#lKFV#JB zhcCN!4g459p{>XN#bve0`6wkc+hg@d)CK3eL5+F~zHJoaNzYMs+R9k}jRjwYWbXi@ z3`|F$2wMqwjU%uF{Xf|l6GKa5i+^f7L@s=xX9EpSY4FuGB@M8AI9SgCp$eBDypJ&< z61;CIj8DW~T82;40h8-cAvC6K%#2WzEAa)ybJTQU3JwRE=-a61Wp_I!5HC>CAW0Wa zdn=$9Dk>S_XeBe8XYd#Kca|Io5@zv-^X38k78X2s3^EZp#0xH*k%!EZG2FWn7OuJx zmEQrwY{NEwLZ<^)@7}cwt}4+!V91&OcxzC)|LFJQWMnADkhFpNeYEJeBNq%(U<&8N zWH>D5uWgI~Q}SujJz)4*ZFky$L-~9^vVYaa%D(I&{v?e5it~ZsyksL@7jaf0#4f@U zB4Z(IF~ltsk))lCuUVx=?odcce$$XL^twJJ5>nrLii*XC>Bja(Y0dul!cxzYwPiJZ zTIYdj0vBTj7sA(9VZf&*hXyKpPEDfgCUPP+u9#@R4k0%2{ueR-ARkM;3Y}OP4}GWi zG(?aM^zu^KZ0}LBwx&N$?X;a%TK#$AWPAt8Z2bR-d-wRLs_XARR|uCdL5ZS>M2U(5 z8bxhlL}xU}1SS>lsHmyfNWGQn45EdaI7EquQCe+lpIWuG-`2KP?N=)pZwVklQMp(Z zZxyT3la31BxM`W+`?L0$NrJV%=fB67<jmP;U)Nr1?X}ikd+oZ^l+wD?>BQG;K(Oo2 zejttDZ?%6@@&=mPJBl}OG`WmxN84frjA|0T7;VF7dKv$^3hIeToY1K)R53O@;?gzc zd6?wVPp*;5{U?9^i1st8Cv0ti;mv#l>rbTZNX8thZ(}=z64j9l<%TT)H8Su~4BT6t zyZ^MhwC}h-@?O=k(@lU%XZG<jKqSF-4t`!hih#V-*c`iqG4JhI>Z~H+$=q1#yEtE6 zSrFsq)kw0oG;uAD`FR5q->+R4N{Tnpc8Ij&N)t199A7ywab{iZ@@t3&p@`?J>%B~5 z?5cY2)27e<hgE#mgsn|&TwXYPS2XDtCA$lf>4MDjk<6-ke$*#F;@^k-`xpN<7eq1x ztP@C1vogyfnT~qyQLRrt%fA);TgJbxg4&luH+}~;q{F9U6kHr0q2VO+3nE^P-2&7K z>D$ivs$j0?kx=iJ$YDz*`e+&&dw|Mmf#YDF-j@M9Lrc!$Fxk%1_`dudm>5v+^=oQ7 zIzLT_9DWP~y*ioSXZg1|Ke1l(+o!r0@CTDu`)mZoAJd)*iW1+vZd=ZlNgh0!U39HF zW+-*CqRiIjCIpEZX=X_kf3M@kH$n@rwi@ow3O3tJJV}x$X`?9q?RuvOua<^PBh{vX ziv~|)Ir8qXjk(AZnt5@mYIJNw61x>pyozLMhf(<hQyehBxOSdc1NK=@0AHCEcN`2U zQK1sjc-~l)$+Ur!Gh|K+tgM@Eqc;2q&~$p?x{w}!f|d^hNqY8@06<Qnm(2zgJ6OlM zax(N=XkNR?&@Jf2=}}oB`w5iL-7++i!2--MSVZl^t<MNYv&kAu71#5a@Ma()1$?TU zL14jTV<B%_m(-p3Wt`j*M-Ox(tt5a41qr^<M?r$3#)#Jum$KF*sP7{;oM^Div<Y_3 zI@??14jR1|(6Tt=Zk=rhky?o1gn63|_O*|*TKC~x%?VcPAE;F<*VUW;oyZTi%`t4o z8}+2r@I+*8Bz9<4RL)KVC%w2*cn&MCV?o~_KTkt0ZUz|9)Z_9^jHdo#&WIAAy?=Fu zSE0oM$~JRYOtr{EQMR_W*&S$LZA=;N=v`rBGyWert&9M57~@KL%9#zf+}6LXUmJH~ z6zBPyQb7o9GZcVbVb}N*@+*v{9ywDF0A0-|BM<J8ktbl!eHlk1d(x;K(Ghm4gZ>e& z=|ik(xg+*%S~d8Wt7%b1`ubk&nvYiM5xJG^-mV<MdhX!(Eppn|+FimiR)*}_mFHLA zc2$G_*&^CiFSCL&EaM79QuZdANrif*?Jg@D{g~k{`5_sLs~!#L2W1Y*VTT7E6S_ll zP>N<9S-KC1tczn=fVv|K^ZgrS=x`f5C6YTa!ALc(5?|zbbeS6F3{_a}ErFhSv}p{Y z0wVw?F5{G7s@^VHEWFi>6|2_{z2KJ|O^@^X2i#~P(;`MB3e`44g})r_5~BRA?eDCl zNDQXIsVi)JQG%%K2Y*kOApi1(Y2#a?Q2D2xfn@I2&LfE)G5um`v_nM_#6pkh08zWB zSlrqlAR|$)Q7<eJ?zSp&k?aLxFz~t2W*mwiLeebM)_?{x<%8T1Gv)j8!w{u=va3LW zjL7|l7%tNOKfZ92PSPR0D|r4``;LDHKWxUk`?(4fB8lAB1r_|dr-DuBo4FpeWh=N- z6-aLDeiogz&TCajok((fg$&c>`v%oqMm6d3@Pe)Esin$`Tq^Rf)snI}Hc-;^$Wyi& z>VS#3o+fyjzdsnjTGP5fDV~nA1%cXkPO``b+FcIJF(z}{30zva33S8%g(g6SDeymd z7BI~$fd8e6XUWWyF=?AsM{da`>-qQIB%NY?jc~wNm?>0m@UEMV-oo&&_~g^_;_Tc$ zkj)h+Hjnb&Gs=FnU<ma;$4FsomH9rhZLO^R0!;?lUsH7I=e<GG?NYImP{?a_*ZLG) zL)@#i7~JmrEoD*-?7$3L%boNq{ZBuVDY{iLUb6LmU-L}8+wg(z>CCw<HB&y^b>>lZ zre(XLFIsO72ugMKDK#it>K{kj5VRlCyVMgx3EJ}dl=>f+3Vd8CZ8h{RbwN<-tUjeC zXG_g-rL@n`yVN$QR&9;yQ|eup$~}mbf`G)!na{i?bgcp4TWG<@pbc*}$|Q_Yb*%oh zH*BtSshRSxCTNr?asP-SuM7uIrXz7MThg;t@{>+Vju0Z_aZ_CDK8_1M#+PX}Qd*TL zUufkwvg%TPK#=7xeabI)A3rn=cC~-BE3d^Z(z2tOj$0K8muqE^>#9CgOm`pu5PVes z0E5<*ZwA9%$e$X_icflj;U<@g{&$ptK`T*i7^k^rE)Gimi?h-_U^v=+oD_V#l0E<i zt&fx^iVcu@9Weng92jKzW1sR*x{t-d$MLSbmf7B5xXR^vM=+=Jm-eaRH1}~?@KOB( z3|i*C84UA-%unI8-9sstx>WABKGMLTg)s+)DXy85gOcw((;E!q-N%E2k4^LeFlf2X zfnohb14Chu<-R`U|LQ(&5;Pg$!LGbk{oY`>)aB|3ay9m;Vv75CU+_`=YkukuYRHQZ z1N^tcT{yC;+Ba<OJ?QJRY-b1SZt|%+b0s1@C4SeZ#F%V}E=s_H6b>oNg5F0BR~zv@ zC0=r=#B+2dbQ&UC;wM3gllqjHmn|{VmC(VDY>DciL|LB_2WCqgY2%O+xEpyl>UA*k zzvF%1Gu>-V@5ZeobA&pbQiLRerQ=^a-D_1CqPo<n{Q=!V@)ct8=|Es`iU1>IpO#WE zmk8&{U>+<l_x{M1mvhPf^~L4n=H5*olWlr|Yg)0I)bM#;tHK`9X!;~=JIEINADTWq z*L0n0`XJZzV-)&&)2nXi-Skh$WBngsO*4?ShdbGZRak0MqqC4EIVH@A>z=J`6VQY6 z{!1S&VuR@WBdN+Zh>rOqzuYFoy?l|C$=lH`dCx?iy;$gisGKD__%oJqVRNg>*J0Hy z6o{pknEca<l2fkvjXbU!P{N^~u2h_DZxy-6<b@X^<@x9S%LJP}5zp{vpzltIS;PA5 z>P+1nh(c?CG8Nq*;emjG?&w}mO^T4O!+m~#YMk(99h<Vu=eJ_1Q`v<q{)wiM;AG8k z5suo=K*g7k>0b}1qp91}go)AA?myO&Yx|)<ike_;Z(<O%&A~J^o9_m2C)YX29@rGA zxqyQTZ1phy(xX_NC8f6Ot`<ai*IMNd?ZscQE|anRiCDWTB}1nC_Y9sM_n)YgITN0i z1QqoDQDFjs$=LmRNu96om(AB4Q0m=r2sEb@cHfEs5ahl|xrwsYd#s4C+&7uYEJVSy zO<5{ua>kN1VlG-##<wy2tMH%Y8Yl^Bd(efZn!76RC39#2u%*b)O~y+tvPA!UWKH^f zux%1se<v5Tj}4mkN2-%;_ozhoi+m-123RUxb+#lzv<$XIW*PQ}7MS(TyV<HoFh^n8 z5*__Xw028q!H+4c0<$#sS^ldG6^LJCQYGdUrB3rZT<Qd;u#&_$T`#5Tj!`lmd~|PI z4l>dhuA7%ZO#GAjB{4A&03YEU{uZRp3Q~W?dz$ziHlk?iW^t8R>Nas2Q0xd>JWoZY zd&Sv0p8h}_<Q}mAa)~LB>s?!0ELY5C@=nWDS2=^}c$DQt+i<8VEnqSCT_uk3`wzgv z604jsx|0(SC2hA!E>9~2(oN*H5gmr3K^Cto{NMjj&6<K$emQ*#Dy#}B4Ao$52>rBU z;mul3()||Rqi43jzC8spAhsc4?aIV~Dij~mw&X7Iwk^@JlHRxN9(%jT-Uj!6i=}SX zGQx;{!*GKRJVbr9E4hU89(^N=J4IK1QBRgdxh(od7A+LiGOQ=d_i|bEjVxLk$g++F zGid0PTo(834m-hZx7Oo#KGsxf?knd<RQ@e%{Ighkz~W;BOzLPK;V8|&;QD~b<{e62 zVH2wm^2A|qDX=ZCdmq_Ca_O&<&P2QGIEx>q&rz5UZJ_;*Iie`9+2*_YLru?Zk6Q1G zukM?RSgg(Du8=tI4<V<lH;qz~qm1#Vs3i`WNu4fR4u%jMS){e`Y}C_GZ_-g8v5t)~ zeljys+ZDeURVP}c!`a1iSx`ZqdZ|1jhy7?Wi#)7{qKWTb#}b2=)nDN)tb{+i)>gv3 zDG}J;G3=pbiB%k@tVO6WA9vlnlp#S(nMn&iiVudErf*x@W{C_}3J2JKhKV&fpj7l8 z?x?f@MoI=b^ZVvJpm)wMKxOKbVnNQ|W5VnO=mUG_Tx~fCOCX-tEbuTR*yHb!KIWI& zyeFncz0aaGBSSyOUHQaV>Y#r7sP|SV-k^t;yT}SgmdbwN|L%HYczZ-MD>KXMlgEF~ zdA*{~6R)O0Yj<5MJh|ZzEx{JeOsgTA#aftj3SFzCjA*v3VtE+Bf`AcC>+gREhvN3D zdNwg!=(OaA73^GU2Xig+KgoNSy({9p9Bi|F$%L)3)cCr7gaIEF&hySGN`6^<?cNb@ z(XXbn+h1S!V&>iC&H`?X+gX&j3iIH%yk+bq#J|vP%!OvkOs+htW!LBM`Wr^b_3JdD zzP11v*ICv^;t#BA5-q|KEpP{mOOszw;S5TuuV4JHu&(&M>A`v{ivL`1zoAs5_HT)0 z>0d2=Wk+7#d;FU~pCbHwCwLE^h5a^chQ@#CSQW7j1}h*p7Z#C7U~gO|L(#Sd8E<lF zcot7n5rmKFJo$tq(8#Z*#a(qPjuuAptkP2lKa$(SSN~J~i<;liea~ORI)U)Qmc#Z; zVqjbBtD_@rgSV&m<@{Mq-B(8^`Y9<rh*K`vZ#t%x+!4OIGn$%lL!l&*YFd-<qf@NW z&i4wiZv(bI+d_ilgg15DopyyXp@n$tAd+4)PUr7&OdvJ0oK2qibldK!^RD>3Dll^$ z1u0<WD&mg1=?WfR;lG8CJPY(fPQoFw*L{9;^v-DEhDo*0#wSi#uT8@-5x`bg+o5_P z_V*!?&`+1CK2;Jad^K>mEB1eERn4ul8o=sk?Y7XZvw)RDU>g~TYa`<+2+JC55C^dZ z=iF2fKNy}9qs?H!yn@$g*CcuwxXPvfguhtdJkj2H%w&19GamDo4ZD^P)ihof*dP<7 zI{e<ULMiNX$qFyLP!z0vg&M=e5nWpETo1TjGs_k2VS3Wzztt5k5?XW_+hT8z%Lf0I zpXe4UjiF*MEmW%DS5wVCp#|?zR&l^8qbWp3(U-W2K_YcWWt43G4;32|`c@(<$^dPn zv>pgCc?&E9$QMdh@E%$+R2FJEOeU!|`LA*D*>=a(S84>qqP4i0m#?+4H*MtVmROZ- zkUE>#;$SCn=eSU-qLK%#w)I!~{+VZ^$(0PTi+`O3=^=gJ)nMybpb?w-V(Uk9>uh{8 z>)xuUtF3#h@`iC9f9t(r{96?n+rhEE{HDcjzlJNop@>0iZCCQc`nF+}pmKff>p$wy zd^k|bV@80CayT@LLz=suc{1B$dX2MMyRfS1&KxGVA4@lO=JmeNvgKVRB)h}$YW*4C z(%sCc;|I2M=bb2hv1LbIm}ft$boo-+%Uf>kuy?xLI=|c&^6dTvI@?h?yLpKI?8mNR zd}xxZHTx~Cu#(h8c~!~ZX8q-lelwv~1qNcACg2O@x3E~s&w1Yipa6u`QPss8{>=JP zZmqI(xBtuhl~(!Ne;`_efpWIg^f6F=p&;WG|M@NoJ3VYRDQxV?-rgtz56deIPk!E~ zXUgvarJNBueuj+Xr$lRa#Um0M!cN-O?w>@3u)3NlFQQj<P|8|rRW3G(&Q$nKd;qx6 zW=3TleBY{E-YrZ<KCa}{O(pV$tfhDJf>?0F_l4^l{NG<L`s7FpCr?KeaPoAMji{Tu zoXleX5&|u>H%-zRJ+IbFG<907UaIsGt4l=+^)`mlOyge#-H3Ys&XoUcl*I7E)%d@F zbf~qE?z8g5*bf+;Ww3JE`HZ(fB^~4Mr4FTvFRdm=sx-`_=TPJn*SG6c4=vN^nSJ~@ z=|FoeO~vQ|J)yIRUYxc-+_A$yvC5c!p-$+`Lk0IT&_#aLF~_C&$IuV!Y9cz}O=RZi z97L}9C81FZs8e%Fu&7u4VghcGzbV7<+^(uxvR(awwtA-{rPVRYPO{RwGrO-4cPbxZ zLwz>jsl#~#ulUOxe0imtgVC4u%mHK;_Aj0-tm^)WYP!SbIhrau-x&l7I{?d%S<7ub z@amqWU%^4p<Q3vu*Bz88{{>tt=4Bhbk2nA6?-^XzV2JO&k3By8d-`Ph5pUX4!S3*K z8n-QZ1j&Uc%*;!ur7wB@KDJ*%EJ9%i63{-ZKQIAd{MWW$vhq*g_{>6Bkf}rPz?bRH zk%GrS+D>l2KJf#v0}sD9LGV7y?|RXp+osvq|6-N~QhGN75uWg9-<hA+k^Z)NJI(5M zw}WTOkE3>`3L0DJstjh~C%oYw%3o$7!90l)enq|QUvaq3JXTf<>w0{g)?Q_F?&PMp zIcwlNFX;&pil^i$tTcW6=_O;A1R--Ru20K{iv>5Y_$PNV9>*G*Ng?b@;Lw&DznSq& z^0qZ-TYoqt+cc@BDzrfNQbbax7W>mV0U$_#w6n#TM);d9rQ2WXOduWh$Iwr0-~ELG zp(R5aynjXs7p0vX0wd=|GAo;sJH{r8iQbqlCOJM(J~2cJsZMNd@}jsd@WxvFYJ=|V zT?3to#2aCWn=y$*9+wqKnoFNu=)wD$@LI#Yd$1iKI{I>Ta=Sm3t}#WAQj{8gWshhh zzU}@8Ey2!ew_>pi?P#M;Dt@f;3S%Y|m_Y#=Grtu4{6?siQ0v<w3WAGg${&SzokNG1 z$b<H_Q9v2%uWK?K(S8XXSk0q{i4;S15gIG(UWCB%4Q+3vh_!u**u+t;ZM!Rk^G~$I zC?{U#M)_UW)`PCCE^Ev7K@5Y~Ppj~^HXGlj97dA{Z-x3h#NHS<_`Yv;^KK`Tgw&xe z)2;hkE3bXewUYU+jVS6``HpMl4J?j5tt_S$8xH4ray8y>7-!AINhA(u=RZqum@$`_ zt7)T;OU(By!3QC@#WT+I6FhlrsMR)al0U-r;Y9Q9VKI9vel!PF(T`XApFiacPT0y2 zwF=`y1Amz)ema~*&r590{o;`6E@%=PTtJB>GzhLK9Qg<K0oa&fX)|w+6G|}8e+79~ z*!1s9gpK8|vMr)9gGLal|4UkR>ipBf)?iQ4E{`T~h$2zc4Zy$Y+Xeow3>!<&hU%k% zS|}FkE}u4Y;>qL?DbG$HChHU6WTTuekO((iZCsE>{5?5q3Z8`)e4%fy$<&jT&Ae$B z6me2NX&l3A3`fMNso4BHf27(k%qSdne2C;T<T>C&=q}*neuY{W!I=YiyaHJnt{6Pt z;mu6NL-rA75|DHr%#J@%{Rv0tg}k|{^;X3SJZVs8WY9XjVJig(xleVtF~b`sp|Sw( zIaYmk9-4XMTo-@A?3tH3h<h{XF=B;e18%Dc`_F@nfGmAB_f7OE9?_ed#{KO>b{fa< zX5BuA*1N|tx}f=OkW>#E<daR}CO{Xyva&pb7$9{(LJlj87-u$6X4Z3v_>l6BBdqf4 zxW~aU6N4iNwi3o7#AL=<Ix$E-sM&YG6E>G;oV**_#!PBE)IWEJM(T@cl*@IjA~mT{ zdT}^c$cqx}k6`MM#G#2{_RTUnp-=4)g#-XkBg42z{7|pZ{TSM`I8*51XF6$&5~4)8 zqUMG%!S}>#$-)A!)~N79=&}zLzDGjfn1-|YSikUMqy4YU_EY={51W#mta|>ppbo=P z^Awg>AE%QpscgjWxKPJgX!I=PomCBm9sVz&p!5%^Q7#&+TZu8DCH=H1+ZfV)G)>9v zV-qEjtt$!=CFv@j`HCawZey2!zo=l_y8J=7y9J0nB{g`KKZ#mng_{kpSx&Mz-Q=AD z=y?OS|D&<fBz{mf)-2Wyv^Tn}xd(<l;LXCnw+g{r%gM+2?_?y2Bv({tg?}>Idh6oG zddu)R0wdx>;8)doapH0z8>9zEQ>C|J29^*w?HNd!)q!-t<Gsed^DtY-O4XU%dY&o2 z5`u#$zI_SG6^_9i8VT<nIPlZ&3XLcOvGhm*X8KXYe0iQ&VCpUAwEnIFQ|}QWW~s(& z=kR1c(gjDh2(s>QE|!l7vB*PO4k6#O=^gPjAtNNEP%Abk$<i!?e<sOEOIlWb&s!iW z9qK=Sks;0mS;AArpR+~LgE+hBGt|-jAyClSsab9TW`u%^HE!+xeNTf5VGar*llVwP zuRV>ZUv&Z~`!VG6`-7wDvcOkojj(Mz@>Hfg<a!ry^?i85ZbfveZF^g<gY<mTAICVC z=l}C!fpUW%a$OGxeTEUX|64+i*)30^?@rY`l9_olDDu{YHrmqvSR|w(j+YCjeE=UI zS<Y0Kz29SpQ`5v*h8bs}6l9Y-I~no9MM=LfwBQ0jhLtR|pq3wzE&&i8?Gz`bvQQ$E z+v#8c2Gxb^&Sc8>00=glt0=&1BKy9xSMS+;owr~%Yy7V+u<;$k_?XR)$M>GiDzG!~ zw-0M@y}PN|ou=8HCj3R_p-Q%0tRH#wgIOKTG9B;N)n7f&l%MbV5X{YYd1KCgi+zY+ z$?fyvp8)g|zvJfVQaWXm0$vQFOX&*bSVNAHL5@kia?}K!j&Tk})9KHh8O&sN1eFBP zse6J}-y!t8lZB-~S$YU9H-9;QFDR~pgFW?f6MsYV=QMXm*H(9OMa6~7A;kD50_3*A zZV6?+K2GTBDR#gE*XT<stD9=_<8%E5C8qFwKkEIEFjV4)&etiLx(-8j<pARUl=oh$ zD|vH<!j8lk|CAXvYh765nYH_Q^w8k-V6NFU(yT0JRDtBMBL8#nINElCpuk!#XJ(xA z#E^PAZX;%03N5%7V05+U#y45GyIQorRAIm5KO<0ewa61jaP4Z5PfN4?l3R&OlY@u| zqpL-(9`0)#1H1b=mtXFyJRsax?S5#FqpKymY0%Z8EdrOOEdcjRCVu@24m7%WSnydm zin(A%md-6^he-Q~TSyBK{b2MLkZC15JOFG7OGICP+}1{6UJx5AnED=g;3}1;GZz(F zl&hlN<0T7(?}UlYNa|^(9oE_awQsRjpBSzzd><Y4yb69#==ki9*vl<z(muNLJm<UY z6@WOX?#MpX)w=K6Q4GEh?el$v`|cbJtUI4Tem&j!k~g}r3b5JKo8ZCy<{?You4IWK znetnPT1tta=TfT6I1}_ln1np+(J5~@zpyiqN`=#U@=bFkXZNJ+Wt?c1btHSF>}quc z3dtQsb@0XPT*k^-!a=OFW#<BE@Xv~QpVoQr&fn{CF%Q50Bg~Eq=|z}$%)CSq$%YRR zgXLhAVx=-Uv!dQ{62}@Re1uqk8}feSDd8M;0ZFXWy|=}qstK7r$@{l|+h5FXN=WuE zQWxZ>>nU<3Mab;O-KT+eIe6;AU1_W~<%a|x&#{k*JxMAGlImQ3!e4*EoqTn*n?j3j zqVLIF4CRB+t!@0S_r6_r)cQK_BMe#Wx}7wimdu1yGyYh9$7h-R&K`$Xf-3EQ`mk|` zgV|<4!Wc%52<F*T(GAhgjYYbn01jLgtr?Se;i&cLaS`kk``w>U`1vpM<9pm+pdSVC z0rwZhLy_8d68-)+KeIC3kDLWZt*@W?EIUHW=Fxs?aG0n)^)*+#n3p);-+T^ig^H@$ zxw<thmg0}QP=qn@r^*aAkM~!ThjAZmyBQ|N`&Y<dqrTN$nHMeWsQ2b!Kf<l|<)xav z?oHs&g7sV+u%Pl@-fLIRKhST@wZvVvuBBxcz_+ZxUnx-U{b+dPnIcV{Xf8dy-W!aK zu>7~|4OskA7MNiSky9(=lxv5}R~59P)Y_GnHh({dMV$b&`&{adlILNonW6gaSU+G5 zw?jt~K4PiaD4<(}CSiF9RGThWA1rQu{9Hm8!G7}m1GSOp#QgpIzn<OOV6tt7tO1h> zy3_cqL~Kyc2n!p$mm;+rTzuBL(4?-M^0yat5e3$Wl!c|tyg#lRgpAnL{d?-b_Cyc- zjJAJuY5_IzSJdYbSyf#6{<6gRns-#F&xiCT{$0FrnWX9^-Wv5;#TESU3+XY#-j9t* zO|<TW&zLNP!r~vx0G!v&q1O7(R6{IvYaWfkTGW@(+l+Q<)Go)f=k;m#rrz!TWnj?m z{rqrh#mhjD>dI7ID!2>vHPxCz3ub1swI1B3)~epMo}aDtbk(XE>7LKusMjSvFOHPD zRpzOv7q$>Wfl7{m;y*0pOD%FZkouW&F?>MN<?zB;#4jEo*iB};_ttUN&(hh{Dim>% z@+9l{-=(Td`3<E8bQT>+%Wb?xy)4LdDIO=#PZUbO<WIy=it!yJs8!@<<~EwLnYoD{ zc6X84+IlK+7pmT*MMAYq#!vR^wbW;839A<HJg@t58rQP)l3)2o274eowxjvjRP&&` zu@XnF?3b^e9O{2@29U}P^ir{SSW`t7Gj>U=I^aB7eKSE^G`Q@m{^@vAo24yMO*E9m zabfQ8JtjA#CriMwd#JU+D}rt@t)xoJsJ6WfdiP&FH%sf!K^Jr()Jpz5sz{79uQH9Y z^TjN-)8@&A-FK5!n?@pCYm=ipVpcgYEwVF52t1TFQPjWtbQB2SOfF40QQYVc@{n-N z<#>{~FPOJEUKdbFAsun(bU5vat(E}lDHzb^*e#Ci7Wdbk9YHwoRJrWFFzC^2NkEv< z(4@8g=&OVk--FCz*?bN)t|Ey+cI%=ejPU9YMHgea_cvc@<L|zkPsuL}6Q#OxLK(X6 z1~So^j(OJAZtwMlIn0Y}h4HgsyxlN!GiOwnBL(A%QJ+~JtMwI-SIgb}!(y~{Kb0-6 z_l{rRBX4Gw$)H3e)xy=W!p{2Ib@Setnwpo#ZuJ9Dm9rlRrGIB{ScrpB!=tMGPC&=3 z{;w?lsp4PC)GwpXPFWDXI7f3Afb`*hfRth7b-zi6W3^b6qTbt~R0l}`yH=Q35+ATm zW>#^mB-kIB;+^>sVuLdnWP_=ijEo7cJ~jA!f8R3!PvJXtwY%m|cEHdDx~`*-m(qk8 z3fp4SzsjW!B(;f@UFq^%T7`15->&5P%(Ib9S3~W`^Gjoxi)<FIL6wl27S5(j_$Zc| zQ_vJ?8+U#)_O_Gk0EqB*!0H^{9uuu`9f@<C>Rc!<iw}XUc%dj28qMqORP$NnZk|^; zoN(y>f7m_k+rV!_`oRB&-{UM#H2I{BB2WET2Zry~k5@@*ee=2lH4t|m{H`LVGdqEs zd2v^&jqJ&BeeWDE@*?*DBri#sFbD}`yv~)qt(n2;=;ZX?LY$Mb!?LzP!WR2#fXo+3 zg<G;ER;%}Pzx^LMa30_{oZ5Sxz3nU%)X6N@s@lpa4xCKLTp9rvhapQmoR(W>A5>jE z>+JrvT{P4NLN=?%mc49cwp)6WEhA=^Ha}5q-~_v-FBJ;+Ef<C<x0Fz4Pll0X$boTV zfnM0#gM5zkZ)9fL4}cqrYWx*vYLskVC9OoRH$o2A8~gfQzWPy0DxwwztJ)6~KfTFH zXA3z!);ab{jV?3$m6@ibw0Lb=%~R(T%1#vq#$oglx<;??@Ol|ym9|}p()iG65{*tS z&|TMGvrnCVhI-6s)V<sul{?#T?OBLw>)zd!@j63~EhxAbgS@xs#%3PT!sj#ZBK^kM zsbGV+So<D&9v?g_gJ)6je4jG<{(_!t(NE&pz`qOl_g(&7$-lGsm*C%g{^jKt6c!ct z|9|#hzuw9tzcbGzcl5h<D&SbQ5pXQJWg!F00^#Ohkf#REy@Tgw2BJYf6g;mDo~P;w z5b#r)Le|sycOL&P=HF%fyPAL3^RIUoH2>&IJ^Q7fc+Y!p_-A1>4<yOfUxQ-AONR>T zQj_-zIMbs>6c+Ph0!Q`X^M_G0e7=xJkM69EsCuv@uqDU>Y}nu=>C%;S7$U?~X|UPY zjs<gBZO58OOr5XtojNtnT%AU&bjkl@8jgh3PjF>>I6Ww`b;F1^Tb6Toeb^YL+o|zh z*2(`|iDxL$@}&wSP|LeToH@1pGovfBc;tEspaS^h;voj{K;Q+huWT7A)fak^PR#vC z#5w5Z-xiA^9%pZV?|fQlyHB6%+U}F<D~~&QM4l4ehVgp*HhRz$&J-nx?p?g*D&@aK zE*PG<!)tLS{TZdp(#AWMBHSL@xe;6ryjW``W^Ot)lL<eTpC&%eR;>%(78;4BZePoz zEBQD6O1<d9v#x)hE;8f(6)p%0T2akvwL<mP)!dgycjE`Ob2WL`Pf;;}-;@;fZkIJc zCPr_yKMZ{~Jx~|9hy7V(`d>`PtNp9?)~L3|PjZbyZd`#E-=iz}7A5gH&TD&OBfru^ zfP<2F=)G@;Gv#akEwHjD7OW8N2&yML_wI*KEgpO$FnZ)VP-z0ecQ846EyJwCJ5tl~ z+kULy(uf|UJDSe9PpDt=*lOlk`|_MYsVSMlH!VoRcJF36<9_c=AAr>^_dW|v-jdwe zf6l<Jn^jE-1p?IlOj10oy$a+VU^{u&O+_+$M%nTc<7)0vJ#)Auh$5VhW*O2#P}R<H zVOS;W&J5=5@NWafQ@xvI+zRUbCH1OG)$LBG9zeZz^JNr%T-8$-)jZceuqdxtb&YX| z@OA^IekR`C#t7pfPANE(%tK6ex+a=@Mn;*u_z_X>HZ#wpem<Q9&R2Y|W6K7+g$ARs ztBl@7+mQ2wCuDc{^mD_fn}ttOABew#?^*N2BdocDX)a22a`@*#q%`)E7Yay0FZNL{ zMrGT^gfuAmJRTuCne23l97l&|+_WPTxVe!DW12SR4xYxBq@tt7ytm8_w2}6i^{1{4 zX5C%nQ{Q%eMSa^fetp{yH)<(EE^KI<xq*|&6FM5&E?<icb&|J{BjXZlQ$N79ao&I; z?B6up!wFuuH{H?`9}N$>5n~`CL!sseUS*qkeyX0i-kxa)o%(SwZ|@<xo9hpgH&n9u z26|X0veGdV=_LMi3UQH|yd3ae&0AUlw@Y0G;TX9_ysrX^9lNWCW^1>HCU4Iq-v{LR zPl$Xo<$uBbwUyJ2&D0Sz-eiq0vWPuu-|(?Jn)`lA(79RmQB3&-K8i6`QwjaXze)&X z&Q&->5c^SFCYoAcRkCMl=w-;<KH6ch|AVRG>z<f`cCwBF7XaD*6A={%5mdO%#uusm zJapr}$j0f?<cpl7p70TOf3epo7iR&*F4D3m7jLO6q_48)qm^szc~>RECmX%CfqV=& zgf1Q|LMQU3BW(`Y+R43NML?J@8hEy>*vM<7&j}{t<xE&l44=;K19vLsK)~O7*1u1^ z*ZnSz14uT+0bnpciOIob==~6<pyAS6jH$zQ1$(m^_%}?JPF65~KQzb3FSTCxSxCB1 z!5=>ALUx}#90~2%Uzvi={VZ$zeK{Y^lkKO6X$u=Oj4v$tI9MwE>*^2$cgXf4LGXzw z%AU=#^b)mZOR8Jd!)Iizq;~AwZYnI5*zC-sY#q1!S|%acFuWGoYm#kxFH8E&xzn%Y z!rDw0Eedmm@3UnaZH(_Jr|kYuNmEM?wiPU0Y}V6Q>JO5E+4h{z)E^K{MFgnt&_)hM z*cKdzI^&eU_XyVkhXVKu#cH0AttWnL)O(_YA9809b_hPVe6&l(i~$iH!akp7Vm0?w zDD%jecb^R9>0w%O;C2&7iGc*Q3L6Z;poLlfUpMbUQaz@hY|OS6P<ey5sjlV;nNFnS zDX(|CKmkshIZK*>Kwy*+ZU{}<MwCaL%5we=&ikRq)#12p!v9d~pVV*ecU6T_r*8aG zSf0BpOdAh3lY||JzX;KnouUcd;Q!<#<wLB?IzFIyXPl*>k;%%A$3KsuXb52`oW0uF z_v`J9BFR6_>g{ST&Z-jE<?0n-^{(PIILmHbeT$?3O7T%KFKPP_-t7WV6gJ^6dR>?t zYDL%wz)4xN@E)sHq&^+^@0D}?M*KLQ5XOn)se*{tMRW*xE8h#OY?BZJf_`Vp-~U3; zOjKpcFQx}lI1U0<Crk<yjzi%=*@z?NYNE(58-Zk9b#3CPaOg4l&iLPd+Q@8Q|JVri zkIVvK?qmRq-7+stG^N%44o-wiHw90mpyJdD+KUf0lO=0&kb2tKLqs_d+TFL73n4T9 z2f6iV8mNkYcD?5lKFa%Ke#lvw&;LJ|#jZfQ&<2GZr2<v<$;w&0)O*!__sfP5(gH{L z^TPD}%PjFf%?Od!y7!~J^AdtB9+BLYA3u;kbH*lj70xMZ*`<yr_9p}Lo8Bw3w2t@m zkjT<XJ^MwL4&xd4EOJa^mC46s^&hg9O{gCVWQeE7ETkqEc0WMZSaMp~6aqn>jd*{f z81n7sVDJ{s4Q&^oR(n44MpDbab<1m_2wq>Jg=(=i$Liw3Xu>23qko23?_hhG@`ot{ zj}4Rh_9w7FMGAxUzRSFbFs?gMy_L%Zq!II0w;!U3gd<h>4}uSFPhcQD<P6-%lbK7R z_^<MBrzUsYFID=EZ8UZGe>zY5Y~6on6s9eIOZ|V*_fJwGHF=>5(PY1#Cd+>#p5a<{ zjs6M~ziafTRFvFRl(<X{RT)Sw;a)<G=>c(rH{+u;7=Le#Bvo2rJ7a78O4p5ZC@uP@ zb))|ia>Fd&G&t9$e|WAr{BI2qRq_l&5P87PQsB?}sk|w!s63j`fULu`98AVJbf(v2 z3^38-#_VhmLW8NmAhpU2QZ^L_QG#w)lY07=o~bxHfXl}dbA8->Dn{3_#$OLK{|}q$ zisQ7(FQbO+6wJUjPB>+M45MLV|7?T*5;{(aSyn>u|NCYKi<^4dDL>F`_12t&|H$bY z)xmI@#K7dP;`qbD|35jE5mBHKOpsB@IUzc-67v*2N;G(55>JIxg@k5&Jsy<B&f_Ex z4qkQMbII*Dgl_(W@Fi7xz`9)-tQGlNs<2kv(XxR@v~XSKAI_YD?-%?q@^F5{Tj&3d zk#p5Ls_P=QL3C<!42Y{Z=JJ)V;J!~rE&@N3^#K|KSTo`0#vxF!6nDDPP82@p4+1?* zXkktzw{#_QyWSSa+jhMzGPi#DF=p!P9TMQeHXrn=uI-mnQtGNlUaM_I7EVucd!~FE zuj!LwHNTW{kSJR^7fg}OD=Yy+<GWqz!h{aHavtpfHm;m>*t}M4V8?4<$tNTfGCfX? z)#i&0t;SQsbN2LZ*E91xc8WqS^5Ou^b`u#+wzHIj;O*b*kOJ0b3ad$-;_qy5LMgp< z+f4ayIq+hA>^*2XGcgMlV3Qj}(Er^0^y5qN32EZ_>ZE>v4tdEZq@!Dsekdth?U#q= z=e027i;l?8`;6be<hR~sPs%I)fA(Kd_?)HF5J>&^-v$nL6#tKx<(8l-zC@Fc+hpK9 zx3Z-Su;)3u1(F=BP{Gd;rc?MpGFUB1vna#qg;~;%qpJChlMD)32UDz<3oP?2E5Mme z$#sqTGt2+`Gq&I!`80rmRoU5C4xqPx$jKEyaw3b@+4-FOd`SUpB-`ChJce#jGDoA` znf-fY_ds}DAobemAd4&@l#?Wz)kzRdqUvn*uIP9eR>yTG1}&D3qa0*c%wxhwfz61m z9Bo>5p76Ey_gDLF-)N2h7h^tlHd_u3#eQS0@Xd~4yM)chiJ{$L!&mojyTyik>h8lG z0qy#y(_HeIFydui0{4k)KG7&0oc&W;kW>OVxcKwb_T!J}%uvwY`?(xyj_L@t|F-f; z09g`xY?U<;I_agBe{AfeqU19=^-hGz<nu+L$DY&jNW|%z6?;HlhfxVtzzP`XH7rP0 z3kp@ZQ;cytcXt?A9r5bi(Pdi%$;1r&V)z9|TF3CsZo!iKsU1BsKn9kEYbFX7!Fc90 z8>D7~UjBI$OPy7i9iHH{gnjAmZ$VB{=%;&N3Pu9EM5XOEA!pmoGBCy3ep?yVoGv9u zHxmC4Y!NprSKG~(@Hf}k02-@#NPrbwN6=X&$(nwL`Ed~iYaSAOLJNKm4EU->1f$uu z9AUSBYtRBABsjzr9ql3%0Ges(Z$*QE0zeGUxDUt(C{|Lj9eo~Oq=3opFtc##%HuU~ z1*US1a8K_?2F8Pl58}$+k}Z3<adf*|!|?G)D;uk9M9!j6o%eg0fg&wm$u1DO=|;L9 zsQ1zrH2gBiN*cVG75o7;xeQG~24G<sB+;oB{{!@UY4Q4C^B>Su@o(YN&M4)oZ9mAg z`ruH{&zQr=ld2&Y7ZM-q18$qV_p$|f8@kLI1S+zA4ClmE%a^A9kN19VgQ@-79F$^% ze`G9Glu||Q^2Cs~hqMB41lpdubz3uE^N@^Y@gX&q$~oF4$^{E%Sr@fySr>njeMr1X z%ewJ6mi0o!CzkbTB<D68kkZXQh#heU6r2e5k7i%A{Bg((fIMmulKpE}X%_8X=5hYO zV|q*6G2;Pi{9$i^)oiKI@?sTLFiAU3+N`(KJ#qoa29nq9q41}Ld?8*NQ;T+?Z75Kx zQGbkMPSY=^T8g7tBtdb_XzHAT$m5y(5TkpEc^sovNb^}{)!pT*-#4571+^Z_`4<`h zMMqa_3>*BZM>Da38d->-><j;>ig?l8!KsCGgX|}3{IxJVs9+=$r22?MugaBme`Pfd z=|F$y1cxc@`#b%q%CFAWxQ+a7b~M)PPF`Oa<uoPtLu0jDg_x6KyT{nsY#TAx`A6Ux zujs$I;Gw@k9F3+hgqqz7Ao#<M4TNuZS42|F1+qc=$1o__v&PU7yBok?4?u8_d0ah9 zCB+#n7P2x`DN{fRx`@Nm+JpA0%G$SJ(#EoCvSxM~{Z@mn8Nd;jWYA}kX{Hv$I<-2S zpPD4JU`(3l06r$?Tf|3C+vMDIEW({8GBCMQKlaA<PYN;KW;?C^RQUT@Lk@WaTG)ex z)`Myte0y*&fGhS;v-sRk<v{e$7ef_-s59I(KW;0&GX;fOj{xg2jSj~Y>T@2!$piUy zZGVuo!$WdVw54+v!)s{!AzIAOm|!F>u}>l>=_GlbR>I@NMmh1B`6mR=0YtV=^2AIn zBVwW|@UOmIcxOq(Hvl3!Dpwb4`;%&Ou3Oj$5>x9mZdUx?Y!&Z12Y2~cWmJsM9|J0z zX|mT`w|~L(DENfzQo&N>16`}!yIt!@q-DE0G$~X^k9E#+eSA=z_dN2mf9o&E+4d*p zqU}&?Kjx&a`cK-&!6r+gV6)a%D25o-g(NIX8-Q*Ehrl6!7R4kk5nik!tzO=IAH{0M z7oUYBJxK@p@3dJy=JPY<va@or#e;}(@2Lw0@eBAd_&rp?AfBzSIesg#AhssnNEdkj zR<H*Z7PC{`ocLexK2HMsh8EoAe#Fm8!Wmj8(^Dq<e%ernS?$?_{p#z0S#yku8PE?) zRGm45ul5i7fNSk0%{Jw(&R;v3yX&ay%szE(|9V}?K6Rnz2%dj`pM^c3FcaJ)Vpx|P zb$P{~pP@d|y=_624$Y6DHjMM!69fvSucrgcl~Ki`sVAHam>t;GTuF>=uK3oYg<Grr z2fs89cHGmVt&q->7^*;8n;|VN)YMqvcai<^s)X3_qniXe;*(j)#9A#qnqAp@*7B4+ z`d)jw==oY=7V0}hc<;A(wye0HSL~>c0K-Jfj%fcp9P@U@W`5#x#}!?}cD%)3yWX8V z!XO$gsQ3DV<PGoxC&_9Gjp9!_65PTMbpBp=O+DVEwvsEtI(Kwo_mJ;US?kus;ePyZ zjjeP(t1FymuaC(kL!mj-+|Td`te-2!Mcb20wA#-S6GP^?)d9404GXljp1FbAFl{0e ziueR}za6d^c~XExM{KCwRPX(*-b*)lAJ0Fv*Li3BgI?RsKPXoCdVTGy^FC<6a8Oy_ z@}+#)=8W){jb|OrcWXwYUql}x-iq$OQa_bz8EE7{-~96<nU{Lsk3+nGcfQG;2NCEh zacX}uU5yrQo>aSOe%aCrK`irZQ`>^84(201I+4tZ`r5bWJsM5j6b$@T*biXPB4FcJ zh%E>G6-VU0_>Fk1vHba~(AjxnkJz6Xl(D@LuR-S$FL+{VF-xKDhjtUyb08>uhLC|x z+ns*PIu+i4njczlE^y^2H#0buuBZ=L|G9#|@lehg*p{dJN6{lR8se`%1CD6YH(*F- z(*MFE&}i^8Q7E#_N2&#t#CRzWm+Fg9(~}c_bR{KW$jOQG?AL&m#U4M18osjlMx{*H z%G#1D4<P`w+4eBzji30!{^easZSqOd>`HFnSAY7@_Q+fOYI{U`wQY}RFREuNIokG! z7<$_yVyc<)OWqY^lO`j=DY<mzH!v~eljIS>l>&i%<0I23*6iN>?hzW3v!qN|?=W-v zJ20!H<Vn^O)m*GS>|nDjV*3%!QUGh$-ejiy)_1g)%+G|YkGbOtIP-Z?ul(XuSsJO> zY!#POHu`_LlWN!a*JC8cpPFfkA0ADeArpi}3tVL&zKgH$3x*^S$$#-Jxk+-O^eb8r zN;J|$m73Tq=K%i$KoDMNe(~urt;yVpUf=*T4JgU*a|rhT_Y5$X9WLDh4q1wBp)Gh! zXKs4Ssw7PO;~zpD^}uwTCx{CyGj-MOkaIX_=N&4T+tuuiNv2wTqb*tclk~79t@f9? zq(M42tLq;s&UcY5+|RxOn+Vl-NtyaI+@vCRxGd(q>j;%#LiIZH@@a5Fg-94QoG8XZ zl%A&@R<@DnGl(8{!D}@n3xXdfoO5ZlcrrJ28d+%Y;@M-z85tnpMyzbVV9#$VZ+_FE zMi|@vtzDcIJ)H1vkPO;N7n?OO*e1IIF&p}TNCG#o-WML^#>dbgDf5Kl*qj}WCx&4+ z2XsOUQerVkFO5QyQ}Dl+5Ojispr}8{0rN@;AYApGi4Ux+?PBoWtJ>?fZHQTS(W~d3 zbq{7RiF-iPbry>W6MGWF4YeMn6WHUSlk>+J*YJ~L1hE&L<#}a$sTe79QQ^0PFB)TT zxn8&r9`ra`1=CpXb;x6XOw@ZG#Kup&`#gHnGsmiP_*sEh3x|O=x+`uJI%f}YDKS6r z!a_k3O$itovzaYKn65xXAP`Q0gE`d{T5yN>Rojqgay93PpNn510hVhRc4QHQz$nwB z-jI51b4R1ZGwga+nW)^3=e;E`gcjUR6$*jl?yOnm$HodA+x_?<nrZ_FGai6r9^m-X zc&K=Jx{(c9SC`-Ye*#OYV7)pAYZ}?x8tH-c=EGd&dw)~q-=^{$taB*T7bZQh)Gxy) zY;w(D>9prT8?(vng{?mj%fo!J%_W}otPbAu3R($&uS3fTVpYCuF)H~}K|J`M8=#8S zjWWxH(H^k+7k{PBFRHW(kxmM<lA$0sssR*X9w@>tUZ)dLW+7%RIy>lz)KGG-%2TOF zD?4~j$TZmTwV1T!H{&|)(#qzW8f*QLagifQx-3Y#+9mDZR8t$@N3;M(TJ3*jsd3>> z_hJ^2sP|49Vwl0^4+<sAvu?RUc>k?!)%)}B&NAObiHaabn-tiX4F_)SOuA7jUIC{V z0`W&uXJN7?(283{0g|6#{?a$7&u5~08-E`6hQRxR;+%c*I;fRl)-$58HU5q<Zq^St zNGP?&QP}ccC^a3N>s~H^baX$%L%s+5t2KJCNNilKOCxn5I$LPH&fDy5j(Xd0%G((Q z!Zi~=;}Jh<aUlO!XXSt6YM}+UQLRE}5hsFtoQ<hDeoHh}v?alQccpk6_PTb$;e^#Y zzsvA+<h`nyL5}sC$iq~u`9eIxwv7G$C#psc+!SA@Y~Frs<Gq=9MZIRVfIJ+;rBT|& z!!Oel2z!<UO$(!<QF3BQfW>?Nj(M7J4xwy@h>_Ic;~Y)=^dYx}Csjg`23{u6Ky>Dd z2$A@T6z5sPMO?W8889#0myBr5)E!T}AxIDIHvbR@`~Ml;2lj&t(B5rF@2x|F1-6!= z-6yaB+H{WRE#f`ftrf8k!HM3=f_NtgUNEQPKcGn%v56sr;*!^;RNc!{C{FadE!^To zb9mam2|rJj-|hCy{JVc>Xg-0YWRT>!qza+=2%$Mn8>{_t0}qF&pvuz(n@VXtps2B0 zjt{)({{z%!q31#yOVhQe{)5|b&w^{|z8><AaaaN0@|zDcNM#o;bRTIPhmTd)?{XSQ z*7>c^o|WxCN6upC)B7;*A@q#too*p~#klXPY-aqb>|Q<bl8`My7))dwf<e5*HkEwr zbyp8w$9P#xAQ%ikum?jxhLN`7**50~Bng$Ob)umTyD&ea-XMQIqBCr_bpv$FJ8=9V zYQ2BT^)9(Hn+&(`Py1gb#>e=x;2E&^A0HrWE+ptO*oJO%FzD~U0K#}HyI-?{F?fvD znVa;My2HRCoqHi8@jrdYsw4UVu@Rj4!yMnOn=B#G(L17eQ!Thz!^i8gL`FgSjl#(~ zuE9tB2d$38rAi88B2#MEztg4G`kO1<sKYUa9;L5YA-=KwAa!;Woz0a0Sm0vKr2;$e z^9$a&=RQb{269Z&An3-Rb@C-t2FMB$GqE4?;_?-dm*>a}>vRQ(!v5|nhAF3NoSYue z*yUz2!s>VLK@%0$@PYh=@(L>n^1;garIWi6GBr5X&w~Wu^mUr88mH^3x)&h0nAfMe zbtHLR=~Gp%DqU=k?DGB8->g$dN{SgrYd;<B==`Zs->__d?wU0rCaY;X6qO@}qC;j; zw-33)Sdc;`rJ+4;*HL){m7&6Q*05$kK|#C(k#wLsu8_j?AyzcTO%$`OA9KaN?2bCd z`Lf9yiLp`d4o4BG;#IObvQXsVnUz_!ZNmt1_pTkPP7!x2oS(Q!>}NKs+g$ENdQGKP z!H;z!<_^8lG9n>{K>x4%i-byVrDim_@2i2F`rggVXoZ~pwPENG{alF$`RoY09`}+A zPP<JApZJ~-JSvQx=I?sYXy72f9Ik~i_yjd8!L%+lwHHxcON(hPZ~y13!RG*BHuJ99 zrWr~2_dZ~?9j#k0qG&jo^2c^7@HFq%YkJ=oM%HQ;rUK?8pQ%UegJr7-sN;v$rUNfa znc(2&(9OF5jA)KVpo1Xc-g0?j&!Fi>iNLcc6}}MvQ0?fz+ov^1a_96SYy2Medj!96 zQ9BM(pVZr|@}fgSLX_!ZaaGVA_mr=z_qgzxbEW==KM@Q<ttu?gRQb1zGN=H)`=LaQ zvnl}J!@T>e_rvUQOm^iig%0RtH>#fEvrTsq-NC;?=2OanA*bpHR?IWkIqI%KycWdk zc55TXJNJL`7b-gfdo$?dzpot&=o+GSijS63?U=uGfRkS@%~tmXblSVi|K{C_^e7~s zVg`dP=M<9X8LuSpPe-WeZVHJc@Iw#mB_soQr!(|SNgo0xUMs6~z0Sq1PYlomvaGQ_ z0ecI?RV{mXHPABZsqi1LE!M=VOzSL4NL^KSW};e?hOrSw>z}e%bCP&i+`$l0Tu~D^ z7ZoM6;BmbLXT)4k8H5>OR-^d=pPOl_=^w8Nnf*{W$i%GiKR!@!Nc3+?9)HoqcvP3| z#Ro0cU3zx!9!qBM3v0mLa1nvEI>3bA@h%>t7GP&|NnHuLen(|9{h{L*v7Lm!%oYd( zG4;G`9RXon%scG1o%>C)UxM1B!FyQrrMgtj8B_zER&jlz@Mdr}Pf%tU@75L1Zfy)Y zqj;&2vjPidHKGwQjqr{(1z>%m%uP>qHU<(>ga(v_v9*lQ$U=IojFe6XY=BU7y=~U~ zSjCMB-aFoA<in~HBpHu9lt;WO8?Osx8gcWWs~wpw(r5^B$T<>nnOwX9xp+h3HUH{; z1ml(M`(|nDFNT;S-<as6Vrr~|{-%-*vExxpomtWN!wITXqVa>u+e<WdjDyLk>NQuG z(Q+eJe5tc+k$cH+`GFDsDTv2*QuetQ`x45p_Y<LP@Shu=lWlcsx<_-*qr-qS-G&2H zD^u3-CrP)etj_E3Pg=y+zE*<n85!l^Y&Xj5d9Jx*w8U0H{6_`No%c=6{dj+Ct{Wbp zz>fR!$m*xiAi@Mz4)o7uP-47EbX08?f|tQR{}^><dxqmF9q}VXZ2s~;YIH0zFs<0k z4uJWc<MZ>r?G<(S8$NOinCzhy3Q$NcGxn_ZpX&Qb2nA6D8O0cMV^i7L;Gpi|Gl{e> z`VoZ-lwdwCfVU&+3F$=mm#D+DBIXuB2xQpM#gE$bm>T&D39t|ctPD1Am-8h?<Xy$P ztp#Tn_N)t2_#LbZC-RffEF9oL9!4fpOO0x2Hj4y7gVA|x!PolWuLDMar!q>^&RL?l zJJ+aHx)spey}Tp4ex;>@4WkZq2DUg`r;;X-Q&%t(sVcN!Bsp^TXKo)GFUTxYFOY9u zqFq{z6+YLHDvCBmJiFcK4J~ax)upE7^NAZjD;uY#jwdKgxpe^&UlrUpIhceX*jUs* zVlM%&w3<x_mW?(Rksc{zrqGFz%+^R=ddZDsb}*7xdADJ9m(o>f?_#jBf6nGoiv23% zXGfkwRUv*h&cEX-;{ymweZ>W$WD{-cy{{OD$VkU76u<_#HWj-d&z}$S0{eOM3i29K zm(1hH;*8q-M0@X30cr^hyo9J9p___n9&&9g++k774z_-3xRSXl)JveI_4)xy`6rfZ zprujqf>iO5taUx(y=H{N=h@NPe@Wnd6Y^p{f&qWPoA8);m+J+Pr|c_u5PW}D-(k12 zOf0%5_?n&g-}BC?8g$MMx*=<i5Kp?-!#uUo*R1#6xGnSHC2DaNgJ~%2@MrE#9i-_) zBfy%xi`1z1ia&)9=|W<JKw=!=#+u^yH$hF>&TKUHt*AK~(E#gJHtfuv>alV}Ykhr9 zztDTUU-0I>g3*lkMf=(_-dFTJH{OSWui5b~;XMMT4}`_2mRS?tly|&nWt#p(^(QO| z$5!1c7bg&|rgUWU8L}1Z?6UQCD)*mJ9X#l?y;a+G|GGWZQ`mRbF@EVj4poilM(@^_ zvAn}(x^LRmE7Pvks-lN7`;iHjcrkhUNGJG<$o~`hWP>LDEYUw=3H{dQK1?Og|I#Ug z$7!lWhBs;^cN0gJ+-#g-RHnQ&XgDhvq<D9$>a_EbRZU5}qq5oRSnc2DI~n=Zpj0?O z>~nbM9*S&TL286|q!pwJHhsLn-;2QJ!?TGR8s|YQB)V(jQyJ|MqeALK%L*mp14~a* zi_A=7Of@&uGB?zh#YsEJnmt-!9Q5~4Vpg*LCBNYVSZ#mIFWg)m3tbJNXZa_qhFBTg zel|?N1Z;n?fhlo~=NdNxS3A83d=e(qo_&K8d2<AwnCV|UluxPB``A2yxX*;u_Yn8b zggVH)#?11qjvibdpjvXc{N8hYQ6tT}x4ipm22ux5@7K6{k>v{@W0349)0jj+p8kV; zmAR9at=FvWtZ>fs^b|Gb`7`bpY8a`7CZz*Py~z5IrPS~7)|(b1K@YRMr(WN4{U05C z&C=pn-aR`LbuaC8|IzwynD0nZD>$<NNd`A)LXxuG@&`)9$N+J&?hwZ_Q-0|RBgy(q z`P(osNb>1D9Z7BqxoOFf<UxD!A=jtd$laUVe$G1>N2HBhmMeD466alOg*!LX8#ntB z=zpV61MvCA3lsm9KKEXbrOyvwI_hbbK0o69o9T1&`;I;z3QC0oN?gJ_@vpOW1*yO0 zJxhw;NS|<<F``I`Es*jUD7nrt%?jiVm@%AwID)Ky`=71PrOJm01t^sn`(?Sp-Nr+? z9WVFAX&>%)ZwMN*J!ffEGr0KhUqB?=pO_=be1f?RRq#bCRU=P{AoR_woX3imD{yhc z&g}opI+OTkQw?k}zK7UGg}mNai&npfZDByP3rWh&=%Pxi5^H87;)kl9t|qvXfk$sw zJ?m!nJnu4d*~_Vj*mTr$6sfz+N~3|JIE>(#079>0@Zs|`hvG7aAQG|Q$STPnup48m z{?N-+ZuMdRwbQWsX#AL-HSFG4ChXqemy`-A%&hK0&`vhAr+GI?>P+oBy7$~RV!roX z%?$qX!avPTV8C!w5WHmP!0pev^(CwSvj6Ig4JY1b<Rz1l*>6oTL8jJH5yrmiq;G%L zKO7p4q1!#o@hINJd8!QOC}T~^KMWjeq{W!Gp4kixpztsW*1|BvjuLHX&cJJ)RlC0J zWX{i?ypew!__vmStN7PZ-!^q=cHw?LQ$DrBptoP9yb~?~Z}?5fLGSrNSR)j<Hyy-3 z#3Fb8a{mz}4-IrTA@rw1O+5jR`J4rhTYoFQ0Y0OC^IzaomV;09T?d~MI@SZ9J$U;% zd_;f#-s)RrR<Ara*D>x_P^AR>?TB$lgSV>tqm8>s3}TsO!mN^WOodqpP$3(ffkZhr zi|*uQ<RWQC3!EgFQ%N4EY^H!zY7SanqJx%LvIr%>bxg9aGHstnQ{yMEbTfsgrms3W zRK`>f&z`v0Zb|Rm`wIu#^d%aaM1dFm#~#~-9{E<xd|U~ClPdq*uw|A1z{U6|g&zCJ z&S$iC)O#OCQ^&lsfyFO0shcz7==J;i+XfgQ+ec(UbS#ttEp#6P%J(s>NWMQe6D@o* zxki^dC9qO2s=Sx()_bq{jrVG^Px5)9JRo3hu37!rA63=A$mCUr+P9Tt%1>P;*&-{} zpUaz$3*S!;HmMRd8qt}I2ndW<Jq&i2h>e>3n058pp3{yVXsP;dp|n8E>W9iE^F-J@ zpoH@JQKg_yYd~<ljL{!t(x#^j$*cSHmiPp44lw@V!G@0hh7yNoxz%uQ*JgU3-FgQ^ zBB480;0L8WIedtiaT#UiN>ym4gFPw&a}SFYHVJWZ<niC>BXjqEp^vH@eT@0LqYuBs z_1kGrpYrx~`XJsl79yx*wsDYuuyH2Dwq+=}Vz#!I#JwJH+=O9B!{HXD(1LcujrnM{ z3m(!>l=pl2ru&T0o4mgpesd=G)3LJ2?7}eQ^D90cugPBiX4*gX8aU_CXiWA;*m1Zi zrsim3I~DCpyz9^CuQ5!@Yu_h}oByX&Kp6Q;RSR+)<kye|jQ<TtowW$Paey###?}(; z!Lo$BDaH=(MEP>P)FwouX2qCfZlJAi&P{o%b<0b+Zh0w*SlB8Ztt?__I$Eh^PZ*X( zGxm@4TJ2UQHcpTTk*$=*f`r{7Q=b2XA=%-X@@v^`2Ct^0M`;~u?w9MaTZf(j;e^Yl zp=Wt335ym>Eij)^j?vojSt@7i>rVQB-&K2F-V*>`M$E(5AEIs@qa8&9+XiSa=-GC* z_i%M~ClX{rxn~gdF7N&nwa71Yjptalf0ALlgNVSD14<8a@=MF`@SMHALWW-51xom) z^*MWeSXL07ZYLV9Tlh}7D~q`C?@7+!{`C%%CtmX3{GCJA+NXOX>m=Tox8qs&Yf2wJ z6ugmZ!tePZgI2PmL>F#V=OsRuY**WP&7Lu@2$8}T&=>tf-b6+z4CWlVkaF77r9R^c zpXFj{H<~#H%c$v3gB<`G38DQT_Exop+98x@OHJFAkLq`-{7769L<J)1r_1=`A3;b< z*?;b_6mo^yH<jpIr?4)R9AI^z;p6}P%PfFG3)tSK>L{k~@rQQ^k6-aOVJMW<V>#tA z<z;X!*1f<~u`h4_G2o~6D`8O$-V5#fG4akd_6l%~!N}lZs1E+Ce_}+<da^pZLE2{S z5KKn?bwOjNf`$HDAUqYf@0}&T5me}}RBEdDoxtM4;44*fCfiZ|AKkanY)h&;d@Iqn z$$X<D-Ru;zhuZLD?;)JSn-fkj&0|G?xU{pzABfA03c&`-7*k$cqyhG4mShQQe<}d) zGyNQ49b%pCCEztd5NiAjFyF+u?zCtiQ((R5p@9>~mjz946zD-2i&qBPbC@J2yc(Kg z_4F^o{T#y90_fzsz!ZAna#m}&A|f99CvE*1KRiLq%CY8ic&qb9MUr1uTzkC!#>YpJ z>HPTq_BTYzki-Pw{r#6=LMQWM6TB{c96$c7A4l@z3jG)pX-RAAD?XeeW$^)|$CQp= zQSr-cSf+7NF202yZm&_jp-b6Lc5iu&?nB=tVq7k0m{G;<#I5x;shD34-n0sg1@VZK znnq0(3oAl+gBLAp@Ho!7-rE2y%KV?vsrGV*LRIO}KibphBt~BQux!duJj#5I*5|eF z8Q@tAcWN9e{@h;>r9r_;WNhvBOo#EK|Lgt|TfGFKB7}*34iO!T;u8qw7!RxQ&mjia zrdb*Gpc{VGe{7se$|7y~jC~AaPwbKIs3(P3-$6?J;r|Ma>;9bnN$>vSOx(b=jnovV zh}Db~Xac_;fMU3hWKJK$=&P4!4hla87dYr7`&(y!FSNgn_P717`uc$Vy~_SJ+TYXd zZ=L-;-2PVZ7d!ti2p_)O=`CLIlN>O4Vi>?+-uf@ap$mIQ?eb7;d32^TIky%6f-HW~ z0hDbkZarPAa7UstHLU~zt!?Byef(#IeVi41?7wthDooGSu6_AfT8p*~!<&5>+XS5@ zQ6V~B5XHxlJN<#S?zu~zOp{X4LT;9erOJIgdlAv2o!g6(?~bY$r@#EU=`n8@9;G`o z@j?9E6))Cg^y?~st~2$z)NvV?C3fd0o}@xku~@sL3uHzsq|pOmkc}gtZ5oDG`t)gZ z3WdA7hW9`QL+gyDO6N(;sD1rvj>Ht_9iiVFu032!*U~@z(f&IuI(A)j+rOfnI}7pk zi*|OOn2HT8^B+A(-2U?6A!1OZrV{32kbvzv;$WTJF^r{iekj>l=HJvi_Y`u!{b(+? z>o-98<S;e={MFy0D+!J$M{8GIJ2uq*gW;j**ynroXIuB~ojIfu@N<nuCpBN=YDV=j zc+iXap-}tP!>u2?0FFAWE=<W~bp4&=4X3{`@3~0wz3q{$c||dAU3^cGRKv_^McX#S z3fF-nvC-@5XD*-O4MVIuxy*}}L<^^uY>gC#;)6qvMGBJ}w?yxZ6|Ra+c)s4_XgIoW zw?YhCUmCm!?1&HR{5EFM>Dw}cKriUI4Q*2^n8ND%)X8H|Shv(CXZm^mAt(gY)BDbj z7hdSO&oRa<j$IeJ@owh3KDoW*>hEmr>>odNYiE9Z&@Dv+>ocns=5tr!*3N=>sL3ON zI5|zk?dLkgt(`^jQkPU@DMbwgR_*LAPMqd`6vmmsqJdHSSW=&PE<v9*_Se+_CH3BN z!t{mnXu}$yp~PoO)L{tz%f>h5=VJb^=UzgH=9-gKAwCWRp^MInXj^1stnD;Jth#~h z+nzaaJB^UIg~aWNztPyJZZ<75z3W>XZP}TJ^l|lHmr`L~Xn4`U(D1r}Va|Ou^G-KD zjB*(wIhKZbk9mV#d$G{+0sK3y1mCBDWom3Vuk~e08?LkprNM$a!%E+%bYJPNW0_S- z-J;a(i9go2_-diPWxF1sq&m5!d2nT3H`l(aySt4a7%Z+YT($cI5t%kSM>au(a4YCF zNj5>G73C%=J3-TWCMekrW70$excr_8>hC6qEv#G<|CjSqHxTXr%z;~ISQ9jyxd7Me z1_HQYu9*lj-q6G=Ha*w4>FF7-%@2F|*Sh&(E;KE<X>#+^*=v4cL3@JlcEJ~b#|8rW zGY4uC>V2hcRN4lmt)*W!Lz=$Rn8=vxnVX;z5{Le``Dtf<9KFN;Rz`-y-Pea&Z={QU z@d;2`+sO=eaR=|wHckXCTx!3j0^`z8juuZ^7vIZkUPWqa@vI5N<t*`EuT^HaWAUj+ zk)!715*#hX92Q!((ulGR@Y|2F>Z$4EvaMD_L83fqc?wn%RV!WcS?K!(pM`GV^nrFo zoCPfEVbz?D1TYIL&1^K2xfOPN0jJ0JO*#1#Ln8`#L+y&tg16~beeDa0L;Z#$>@pQr z8wKq!Yd}}tUVQdv9u8$NX*YB~WV!zqCwu}XMscP008UKu(xjT1!xEh37}b>gGIBN7 ztA2UjwM9+I<v8W^Yf5gnr0tf}0n6$t(49rm<VX4Olba&7Z^b7z)ozG)rjHFR!P8l; zlD7a_Zq~DxCN#tA1?t}A23fgcm3tn?pU{%!V>|1rFR6^i2WxXGocy(5`ESWcjZ$@H z^>s^eCn9WK6=2X?S2J=fyZfQmW=h3sm&dP-)~-$*>>tbEbw0*{MY3Q;0G8PJ04(Y0 z(b|{euP}Iqy~9Sj!$#W4;BlSlJNWwKG6ue^0JfUXHMF&><BVZdyfd_<Bedl8u^aI0 zFQGyI7$D1>5{0CfY}E6!hhIc%OaFk=S7K<iv$L#eTW2PdDEMr7wDY;L?g&5&iuB6w zbsASWBlOt%`p5Hw|LQ{zts^;n_5RUquP5K_AMY0%+Zk;uixzT|9&BjiiSYS;i5mCP zpBHYR6RTbvZ5s*;G-m%fj6ObaA!j{1#of0WzgMP!pYI1huTuWD)4)%d1gw+i2L5d{ zb_8Q@J8cX9wkI~E?|?<rG3(GL|0p5qwIcl3pf@YT)7Q%u{n?&a>$vKfAgt5PO%{d> zuv%vC2Itg=T%z$m#khks1VR6_gEi_PfATm^ff?FIlb2Lh^qP8q##pzd!x;~TnJuu_ zHy0Qi6d*ME^L{&rm=<fd;8*M>$TA(PoZSGWn&(v{^NM=&nz!0NJxoY)<=Y3pVvikl zZ77>*23&BrhclyE^cCiU6$l+43uNh!_BTBBZA01?|3GiKLdM#x2PwxKwGrv#Mv52^ z1H%vT&!n6G8N)9-%qghYQH&&th39M7ERCK-iXh7DL98rlK>I{OhN78@QKU;wP8H=z zPmN&=y;H@r)_2D^)<-fgV-~IbEZ$VReBK$!D=Mq==W-gfuCi(&G8GTqLQVx$X-=8Z z1O%~kgv>da_(AsF6)9RcJUuj<;pahyB7Dd~_;pk_wavI{SLj#EQz!3=rC<Z~-uY$q z-sQvVy=%}{-^0kbJB+fYf;cK(?{#NgFLyN5z8G3S_z2E%KAR}7uYEDGPkrqxq1Jau zVpDx54-&b_(|)`Xx@o2TSUYE$zx7ZCucNA|(#tjTHoCd;DwJ-hq0E-*sk!v0K=R4$ zyAreg4oW4f4-B>5MMeJq^42!Id$E51j^ETZin^$z&Z|%r)Q4H=YxV8?H<ATzDHrWh zt@}okyE2J={7YQji8}v0e$};Aq>qc#K0CjfoJT0%IR7NlyYddCx%43a7<<t|(1Rq- zkTP|Qp+|tCSLk$&Oo+SVsXEx`dS@i%-|RS><Ws6_sO?PbqX^DR^5N*6@jaVr3lbct z>dbM;#QS`MxsL5b5Bv{no80*z2s!mLW4Z<1d%fP<RbTs3e2<3Ol?g@tc>rN|P7y;q zl7qWk7j+SR?>!!DfdN}j9HNB=%gA*U$*pr=LXC!Z^|gNwEg<3sAp&O)OPpF?yLHaK zCxsp>I;5$s@RaJK4~ZWjzdNqv<aX(+H`P_6sFMT;!pVDWK}zrG5_emry1Hfi@}fmi z_7PwVsdEP64exBG<}7k0``Xbv>uXnrTAyPwGUdmUz^!KSq5e<ka#tS2n#TYqq;IM7 zKCbsZjMQ$$Xp(uct~!wyuM9obz-Y9x*41NSuU(0TnR(W}J;RSlwI8QB-2%Zy#(qfi zbVSx{Y%nkO>O=P*f<7c-={5tvK$+^MM8TBfcJI4<)G&US!S~@@!7~5-gR{Nuep{H3 zS@j<PB6^($y+Ws#vl(>_!p09drSl$_9btb5+54Q)Jf{~5G>C4uI}>aKKrr3?!Gicv z>0%z&9^zj@`%m=6=Qc!ES%a@b>BJgb#mIr=QNp0YSlf|Nyg|go3>*9{_{eA3S**4z z7Mk4U7~l<aj`90{bLIO{xf|(SeemH{nSU7{$7NRgBOqDs)5s*ofoO3d>;(T2^~x1> z2M&A7H{D5fEYqRv7e;Hl=CJqaP8Ve2VJjY|_!A=L9(>P^w+$`Wx)fSa4Bzfk@8_Bu zuj{F4l%$^c$q>|5_U7CA{fFryO6b=o%qEL1K-MY^7|w7B!AcyftL@<d!CbOD_rAm# zdgjI}TibxnB>Cz3e&TZlnaecPZjKi<v?XB2+Y&YY?Tn&lY!(|cpyfZHyw_FZ$}gF) zhXmmVOPJzGwf~F{<^s=xc~A1U@`lHd;Es)Wnfla)1y7YQ>~#MoZ-Qu9yZu$(D@0fD z4+qyH9C!U7*!XEm?i!D~z>5WG#N1tDah`TXs626m3VinzE5OdllLJ*}1m}ghT$q`x zovt)%XME&IltN-6d{ve>K!vJYp~NuDOwF~^6D3XFHSomcMHAM;o+8^muk*Iod7mnK zKG}sdW0yuWTcEi*bKaZ*sZ;Jj{@mx<!-F58B`dEjO!^hcj^`q^E3Vl)`C>_=Hgom3 zL@^v;&Oyl+iyB%#N{r40=18Us!dss$N$g8<eQ46(CuGv+MM4jKRk%GEX1e)lE%;<A zN{r-hK5i(_CN~zuOIk8?rTJQ{i-|*Ocg-2?e+Uk`RYmzYNVbLu$>Cd`tt=preP-J` zg}Z1ZUR2+9K^_?j;sx8@;oumjF#2#x?U4o!5x9Y6y_R)Xt?(>4@w+14Njj7w!AOo> zyz2^&ROvNH$($j6&cDToOa>B@|HH|NN2pYE=Ie<vbg~iT3oR*{p4?bM)JBN2V#0cV z=O-cus!J{%Oy2w-?PV??=5q?&zRV2Naq|e}n`KC=3oY4iI%c5~hQP(BhJIDS3J@`6 zEiA#_>6MDV3{$3>J15f(ue6)97k(Jc<8cAeG`nbKBXVChKcjhZg%*KJ@8df{H^))S z|3nJr^Gx}HL1GaBO;LUWy)awWU&4$j)amHons)HGP_TQiJ@n#!55&(58MF5JYsMRK z>hKYA#!lJ)*ioUm0@b^`1fP(rxw|bemuKZE%Z^m-3Q)`5-~gJjwuUIVE?cs@cga9j zcTFWH9**03p7(luI3pd+Z-35I8DQfj>i8Z?`12G-n<}64KYEl-=HdT{fzi}?yr08Y zzreDL+|#m5+>b|k$bT9@a$*;%Umor)snVzU<qvR;g{1X8$FWzA^Z$-?jcK>B+P**? zqStWKEwYhO2)XXPQRnS2c>3)S_u}Nl(=nV9*ybz1-Bo;oUiekF@Sq9&WCN{L(j${! zsUDn+TA}z{)XV|EV8e`$nOZ&`Y#+B9CyjaRE^DDhs3&uEG`SgtXC7`p$RC6K%?S6= zn*ND`^d=?DAR>qVPo<$!zpN))FE}xkKBRhIavylTQ?JkP8ms+`YwYo#Mbr39$biUd z&#GL5EVeXUk#1!+N<b-q*bM^uPm0P?<;5;(tCIde(qclg#s@mU{CWtq+WLOt;I87M zFy#s!5$LVNU&x0DO3+{m@MNF(*Px`JkF+fBfusvVl2wRIJ@3AZMMW}Y2UC{cJ%cxk zKbkrzzx!1C^n%GWge3Krbx%}^qY3}H!vv940?OIn*3Z@ckl=YNI;-BdHn``e;CaGS z_kJ;itM4c1nJT>j6!foFb#29?hhy7u)MsQAo7ovnjT~RCOH5ZquvFG}?kH}!ykq(l zZ}94qZmG+!J|*<njQo;<j!4UU&BBe)(`zH^c4EB@gPqfPk{Xva6Hvv+=*eC26?zgG zFnUsREWf0AidVGyq~=TVs#|!^tIkhX?UsI{r5B`!lPkaEhICo>JDnh<x_J`Y%xrYf zRyq{f_Qr^ggYr7^@`}|7%|Ho!OXESMMrLw;K+a*Jihb{yJLnEMt(#O44+q_?cHN9u z=}EW8_-_K*Z_u^3NR>kde<hD+W>;cQ|3S+<K<}ip!JEfE^TMC-tev>*SQvKlCVq1s zJ?8zhzVoYMwu+aNoZK`jdimDrQ@y$m@<LC?`jsT#%}32|%+>ZaH9z5+PG11}{gugH zY-P9B^()E8_Wd%cM}Rr7`XT<lxmwsS<HO<L4Cb5Betz!5*Q(#kRWCp`3YBMpA$|3F zxFkJ%ntZz#4y2lw_cb7-3%$sGl$IW4deJl#{V0akFw$(a;*7J!ORKQ;$-wbk)?U#> zz25-z9|rZ#?qd--=9>#l2@0GTO`-VtuYC}hINA>f4wyJzf)wR}fMU4Df4h{#EzZbs zCAP-JN<4a#894yKMHXMm#=#Cr+qAOWI5dpvK4bU|?S8`;mT(pd1W8|}6YA6bD%@A2 zscBW_>*fDU9rX9Jv}l#Tr*+dG%sY4I1byWoD4(j-+3o%(cy_8d^sO;1_BRFzuD+M3 z4|#+sAPAAsgxexs+Hf9HSWWRiu0`QKJ36zteC{slDP7My*OazYPn!f`luURNDhj7- zAIEi&?9t)5q%p~*3&7?f*JktVJ>kuoJGYa>b#_*$pDSz!r-9=lq;yuk1CtYr56aKu zs#AYX1nB`Z%=7Co6__01??j39|2!s}^^HoGb*i#T{`B|BWnH7Jii5k@U&|MwGYxzk zM9A}}=tDWp!Qd{&8P1=7s{Ou+%KR1xz_LoD@JA`@-SA0E66yMbNus+$u@|wJ_s2nD zrv>*Z4pBVTR$Rt|z(w7oi8o#P8h`y;Po%_lEimFr6d1abS}XaJ-rL)bb9ESlI?4S= z`Ty8^_xLD_>+yecg9Q>dAi;3cRf3{XjHYUEq3*&)cV&Z7P_ZHx11VO-G}#5LToN}} zmWNe7t!=HfE$!F#V{2Rev{nHxB;2opXc6ytX?@~)L8~FiWq<E8^E|to5L)|r{l5SF zUcc~SXP&v9nK^Uj%$YN1cA7)@T`4T0+`tg5lDQ#goKFjs9Gtb?pcaCZ9HEXmvw-<B z-ECb8)K{_;*Ox3B_%k|S?PMVL$8QxQ59S#;B6r!(CM3uvK+dPz?q>ApjO&r)`%p$I z_=bq|^BjF-@!a1qu5#Jk&S11p(zkhBuillhyYmUC;A2#8elC}gYC=N6=mw@qo+~qR z{RX4p9~bdBr60xqTV2gT7D(YiXH&O+1U(d=og1hr3+8<JjDtQORqP5CE1dA`aK+=m zjkejdl%U!m@J|C+;HQA_ZNXUXaU*Xj(Y~CGvAl(Nf^kCw{%V8o1i*cbH5HBBL(U2G z@l>1ZHyL>sQW$~|gnP{imoe1Mr>I(7BH?VYcz}2DV$A3y!?*K$JUq+SUg^jRPZh_B z^v5`b`{X~>8>e8X=7S(|AI`dc(f7}&y8ZphRXHU{MtjhJ65sMlhi@5AQU+lh3fHc3 zfo0!<8E20c?&(YVOY#$Hlw>7IZs8e24j!DIBMa}TWSuZz>E90A{`%xV&d?vR1qehv zNqF_B=XkhB<9KIdV#(%l&L$tbza)3!w?$jOTn)M=+1t7N@Y&x%C?HIlNF}e9F0EAT z_v-{p^_K-=<*uh%P_2kaY2HMyXh%*Y7q628a0}KyK?)>sUUFQ1Lav`CMoL<=$wAa4 zcHNXXDVgJ1p;X`s_Hp9QeIcsgN~I`th2nZUq=h972utopyj`P&B^WyK-NF<&LCz@* zz1&j$j2CLS`e24w=qxpz5u@@pyR#hg+`@J(__3h=FU2ys-!t@2g!_ymuB(oDjz!>> zklM-;=CxE&%9vp4GGsS0I=e!4^liTAPImDvO7y+UjHRnSZ&coRsroFb`q+;$t1j17 z`&?HY^?8m)$ega6O=2bla<Y?}-(AkY+~{J;wnV|8RDO1utJ45nDAufiV$&H43e3XJ zS5W-I>VQ8I?lb-g6kqVlPvrT30|ougj^{GbMu&Yyo4UYp0lNt9?Mc5vuTL{y;ra|6 zpDdb72xM#t-y95Tt}!)k=pLyfyt4B4_=GI;JGqdh_|zO$0=H-A5HIii-4?2O5Axvz ziLZ{1KHvyf!&Dw<_Z3IOg{HhQCpg+8xfzzNBzmO(LS$NbuY*dG3Rx@44cGrrASu|a z1K%-ypkK%s`V`;eqb2V-lCto)6Zh+-?*r(FKArFi3MgWmmdjbXQf|XnEFJ!8NzUl( z$Q6ft#ZD+#_)=q3>0O0OlZ!7<>p{SnSm-yl(D>Tx;pVnPT*kQK=9ar$(F4a~<BAhK zqvMO+>T>G%!f1_CRV!v&V%R-N@5b!CvFuS{pn95@FyRyDo8O@sEH&yv$LX%MHN~ei z@WSa1^9M|1syycgheOO=DBEH-uO1eCuZ1PBATvvft#tub%5Qwe5vm>nY5&Udq-?Z& z2r@ile$0ImS6q0|Pz`30@)o0x!bq5o@OM!CFx$s664P1w`n{=`q`avTZ{(Y5h%Uhz zW>%!XIZCEH#9%n{UMyahBnDTa{yl(1*^J{L9qn`Z56PB~g|b+c(*HvW_EB(hivZL% z7oQ#`Py?yb@hq}@A;TqFx~RBKR(AYkfz$$&4Jvh8Hu*AfPCB7jA)Y%FAHJ~<xZBRc zXS@-;+X)vPsM)OOtr&I6Z$t&>2SXsC@%*g}jk(V&7>>3&_MW&w%bvdwxwvQlLd)=; z8am*Cg0O}Q!VCJ;Y?0T}qa_=Ky1kx)CG!l+%^qqLpm0f`UJ5pj1dPkXEZgAd5?FKw zmub6fr6BVQ=E9>eaM5$9eoJA%b8I1&*OU|@U$p>R>eD14um!N5$pjL7N>dg^&UOZB zP}0iV+?%?1y1}4%=$lD4<^y;FuIqjhm2o#RBy~X>LzJhUOXoAiKe~)t%M*s0&w`Pf z53BzKsDL{M;(fs#6da5$JjTSx#VXC+Yv9kg(+?wK5oDM7XBM?Bj(o!Dm2a)-EeUG* zS*i0yE>y!HSUnvEPUwpG8;`&!%}-}-PoR=F<(Px3O2pnuEG&4zeN@kSa=$&DX@93d z5oKT6spT>?=zooQmV*keI|QPm-{#QS6a`YMbjAaH%?s4s_x!ih6O+Cwp=?c$>8RQ4 z8tdF_Q*?m_Hi};}dx)Ww@x_6fgYB*N&|~XQk@l*+o=kmsEc7TG?XBK$f%#h%cNVQr zyjz|WrKN$fyPfT=g|6lpfubrAedjpJ6|wQf&=KOI2R@B%&4!ZvP6T(63(dj%1u0s} zz{c<?W`X{i&R3)lC{v}0kW)J8<4I75af)hblZXaJb0!v+-d-3$s6ZvgxRT^n&!@3* z&cy?HDvRvDhBY=i5;sP-xq+bV3Z@jtZsB3k<Hy51u8YkhW=qkC5o}H0IYW3FQQQmU z<gZWkWQX8@K(_mw?(k{ldyN-(lp@=_Xrf?f2d0sE1q+-QU%1@QDQQ+>fVy6(&U8p> zY%<SLReO%PmTn@Y>nW1SKrq9&`C(IO7HIf^rF$2LEd1>>x3nEd<2BdQZTdDR#yOKa z%rDPm0l6X>&RzQYk`KC{C3>zFXNvHfK5Aj1f)@7f3C5JGyLL|yB1`|Pa)D^Jti`Zx z3o!UlWgLdd4;v=G)qdrOSV<1Kr}N)$-t~sa{`UqwuSI<3Dkeku>uI6CwHuTb%6t;e zyF&9sy!67k^D^+l61@s8UCR6kdcF#;MMis$&-mOg=h&6T=RO1DtNNg)w$k%12fkpS z2%8@z{~Fl@_|}N_r$6r7>W|;FU$jwtp3miq@G2r*E7p^qBZQ5$zS5RjPwV_5kq14c z!;n2V4@BQ_C31Y=e9d}ARQhj)u-rll*Yo|eTffQ$keSAIpNAW3XTZ&)tLbVUOrgs2 zf*rEN_S|NB2HKvUJxP2RbJ-;pC~IZ{nWxot|3OgS)tmz#hdPR@c^9A2j&XWR5$&jS zH9w<5u5va1S$QU6a*V9ej>)d(sWdv;@vZP_(T*9e=GRmiHLm7?By8J7BJ4Z|qg$Lo z&w4C`8k6z77QV!__V0bxT|jKZK-W6@?AtH@R8};9>G~HrwK&-J3!?n4b)4+HD+Azf zixa>lmd$;IrXz1Fl|!Aq+}}#fIkc&a7DjS>eaxWfgdamDcx*K@Yl+L>AyxaDO;>XR z@K7})8F2ZBE~Xrx2UhQ&i%0k?284&Xo>Iz03rs)KQ%d#$ZVs1Wd@Ntd&3@0Jh5Mm= zUOzXK{0eaYs7WQ$T}$WXIpjRT>uSCl+@)DgSCsd3c`bcm$rQEM!V_w{h@cEO!2{JP zzGs1ov=~BC%?Hx3XPLhQtBoAn`<G2Bxjt0WD1=E)0T;+@o)n1dcl^wYnfe;iMJ~xb zJ>kUWv%YT>*OnD3jW60J&=cA$NNr`#0XcT9Ya6A;Y?f=q`9!J*8o`45xU%3_a~lBh z(cF$3?U?IoUX5qXomS{WDzq+qYqX;Qng=0S6S1PUO1cI5W9iGp#C?w^f^@lVr1W}W zAy4VZFvE~1@{_ySxuSFrv1O)w75Ow!x*?#4{~@ybo-3p<*V>O=tHE1Q7YX~69D-MZ z@0wW~ZMl|n$0;RKeDP~PmmZv&nCMe-V~O{ZuUF!mLE{QR0Q1vp?XGe)zs1s486WGG zzRs(SU6#m>UB*GsbQy`ZKMMNp!tSW7qR6H~jHs)=2fz6Zy{a@OCoZs%D%@X2KHRg) zweG5p#A%hTr*R5ZSdXe2{JE9JRUPU(zsj?IQP1F^{lMi^W%iOX>vJlNmP*fui=5iL zXTqg4$fJKh<oB3<*EJ?M7Zy!!#`AGTCm{RGVcQ{&A)m2}(|ez1`w|YW*N4x5_8Bcf zn2|%DaaSllwk+B)YH@bX=4D{<j>L<Cyn%SLDn*_xkiJfC0ES*nH&?VoB<U2>%U?0r z)jWVNa)JB)WrN$CeEG>=mq6zLN8t;d1l$7G6ZDji=lp0w54?#9kyC2@o_8YSttNf5 z($iMyx~9$7bnO2SuPR?W(iea37J58Tv)f!OXJ^(eEjc~v31?#*;sxvHQt6=~FeCp3 zL#Mjl_59I54F?<A8i9EUyCStvpb{Yq2L=pRXzLBa)V`!N4WwFka*uJWyrt=bM&Jk! zrHdoQ6nh=TnxApNCDUsG)Frv6yhSxqwPTQ{BZBTx!7xd-y;Cwp2)sP7*i(j8%rrro zZaxRhu}KA;%M@+f4bFiFS=>s8aH$DDrA-i#!0hm;O7U25cuIW1J3=oKy<mGoDp=mJ ztCr<?c4g@&{?bp$ksslLIXaATjJero{LKs@FjFDY3sVT>Zs~(aL4|pqO$PKw`OS?K zsYGka0D<*ea`q!9@0WQFM84zq99%pLzSGB%kx(Ct;)K`^XcEMRIQfG4EW1Uayfp_{ z1s9(!0^HfIrzI6~5U<&Wgq7%E4jb{$mpr8)NN^hkK-i=~e7uQ43JL|lKIyPebQb9| z@+>?{Kn)Mkpt{qbep`ftq@i@_lYmckkF4NGJ0R`rUCrN+DZ;kx5!8jna>6Pi1XgR^ z);Zd+BC8hSXh$#{igwHnU$JHm2~jROO|9e6j`{i_3<kAN+cB`Tc9cuSL<(e8Cpf?D z9|T8t6{@EbS$NuB<eLZ=rqC{xbNMCN-%zP@C9v%;Qb_cQavgKA9rLBD?We@3H*2xD z=4v+NODM4VS|ndWdDYjQ@+HJJ9(Yd$)DRH&xs_j@P6SF<^8`GyV$M_pqsD~AW+w#B zPmIG17HjOJTiQN?%3^Ei=y{P5mBxiKvs5dY*J_fw;-bjpLk6Ti+x|)Zaq-X}Rp<HR za{_yG_&&lb4f0GX3AAnFLzfBjq}Dji8+q1)-qo)7pNL0~;Lv{gY+J<_xK_;uQCOq6 zKd?uIM+uhzpQj~!X|!WlxO9!o8-{4;8sQr7=n?VpcG6VT6cRU4XyTgauB^n>^mxyN zUvw_6(7<D2MSz<wKh^RB@zhO}4}St8pm7CUo~gMw-!n2v6zH{n;~d5DEj<^ZfWJap z#T4Fgh2|Z#Cb5tj7G~CYu~U2R%YuOqmlVPtaBW#Q-ArW!C37qIAD6yI)b!B-lA-=m zr^r|s?ql@>RBzT%ifGQ%3FT((BzlE%<pITjFu>Kxq7BW0^beOf1^J<1Ugi|?Gjr2i zz9FX`IVY+hi9|skrduRZrYwh=&`V4eTg9S!z_%MEh$eDlo`l(DN)sTpy8QI_qXLf= z4|>&|#%o@<VL>xV--yfmRzO$2O+;8n7*wf0kSsFsvMJ0*X3xej+kAh#Bz@=}uCqxg zN=*6%U-X>xjHp6%C!=Klf|5YNcTN$p8#;X*=&hO~3dl#Z2cg@~kc&+*1pW}3T_FaW zB_J_;4L#*B@1#=EP4ALM_6W0?7_yJ?%H9a+p~yw7<AR-7*cr%fTrB#$=#P7yp5Eb7 z^s93AL_031|2*#dINH&7evj2a;n>jB>W9BtJph07@F_mml`R_r5Bdy$Yc4WKId_<* zfffCeywc<JIQo4ph17*56N$efBi?1l_gC>LeT~5xX%axD%IF^}HnWM~GT2LmNr&Wy z;?;$aTaWOAyj5ul5xd*xVX^=V3T@BJ{0Ey@P*8Ds??u^Ry&i}!D)hz2_h5Q%@W*b+ z<-e2v`L+LijNSiSsjT$a^4v3o@1PN%WJNv?#N$ILNxkc_Ja?43-lHD5MBLk*NJXEO ziR=W!woM;33IZB=?{(nlZDO4Y`OFCB3c@o7wltx{=AaJIg&2d&CX$%CW!dNnC)ay6 z)PKpg_y%mn*16^A?}o&=uBUF4mls+4*3Tc{E8PS4bagzGTgR?C>(6fU%RQg~#D00t z=9b7y#+CVM5(z!6W7?G&SLT9R_?SD*C3QKpj#|NVrR-o%gWn{B*FiethJ4ahsC1-Z z=9WpK5wgJ5`7w^WjUcx<f_1gKEZ}PAEI!2|TDd;2k}-Z*K@dQU1nFqc$qMH;_9|T7 z+`o?c5`~0hhx;}5a!UxsEo+jV;^`CRat_l<7jeJ@N+hx(>k?ORPnx3Wh+q2RUbiTS zIVlg8Ie|VLU#C!3eC&ZP<s{crlINv*X4{GqHA2wA#k+-qJzOGV$Pq*r-D-6n>Nekm z*~W^MeZA#Yz>~LHR=3cj4)zDegRAi*=B@#u9j1X4X=T9prGyFcBB&X94vJ7=UgCN^ zJmg?BCkek6&wKAHDOI>Z?oZ^ID={So79C?2@m!qBY~+2az8KGgQF(-$!gL+yd_-bJ zoyNP(d9O)Mcsmi6D50O4dtRgz454U$9o>N#XSh<)jUG838NMa&HKbsI5a{79aX7S= z*F*)4b@3!o89j0=(r-)N6RDKFNtt*#dgN$?TXKFhj`JR{;tX$Y;+bw##Q+LT7cn=1 zzD3&RyO(zU^-J0*vqex3vKVC6m%nawuwE93=ra$|XPa0vN5*)VNo(u~7>OV+S*soC zs0wW<*q5_2nDdcH!=i`t>f4%<CP`h*xiqaQ*{1x=O4Q*vk-2#>>+%Ly^9M36Og?o& zG|~#(tO6$tk)=(jiut2mytK18H#RljKWZkndGC#@6#kO4E2fm39loGqa#nbR>!}LY zQ-Lhc;rT_SJWDX?vY`Of*gH3v^K!6sXXH!SIaU-$UJAsoJbevA>1cF1gE<>joG~G{ zsqGOaW_Sb_-oitoZ3W>%pJyjx)D4M2t9cC5kvMg=Y}FI_t8)<`@J32szG7GA`(w4v zL{4lf=WvS)A#-bFUjuz>JAgZCXf{$f*V3n1BSc;#+z-<w-LhwPf-dnnchIv#e{z(_ zoR59#Nz<yh|Kma~==v&(!xvTDlodYT^;BQ(cxHL_%pV9fxOk{<d5$mVWuG%kLaTCi zdiKnt^INkk21a%VvEfja^F~$a%aLd3xTa5~Z31byB>HJ?xH$T00qUw8ehqp?x9u6- zwr6zPo>6U^%42dj6b9o9Kh9N+LJT29u2z<V_1V&I=<6XDN4zXzIP6XcGqVQt77n9P znhL@xwJI^XA26)5yv%cQ7OpaGkij;ZJP^bbJZKh*oZa|^OgfGtp6APN9Po_G<=F>t zVT~I!G#7~Ogt4DvM>)M-NO-{bv7V+|VcaFjj7{JS*JWPfAl=lvQj^3>(F!2(eUkWK zG%Lwf2K~XQ#9N3lxWI-WcO`lpa>hJ-2SI_D0tQ-<)qbxCF0x%qnQM;ry!VfwJ>^=; zxH&W_7}6#>1LJaId8hY4?O>cUmN!s&@?&}Z#q)}=6_^P)72Sd8S9yyD25Pu*<{w{J z>x(r94zO)cu9qZ<cXiUHuVex&I*nw@{R4-LUDlk{`0G?6+5Wjvj+G>X*c~r#9w=+4 zq+0oZNTrT&5^piX%b{<Ott2<QjDoZIkap&ok4itrh8C&VoGjgl8$Y1&rJ@6THa)Nn z+7RScof2Y8zngcmx6(q=L|!?A^C?eDSPW2D7$A%=$eGY&Mjve?#hXOO{OVKyi}YWE zcpzzh#_yIqgCGKB`Bgj&bV;9qSn~WP1ltT1XK*dyyO4kW61p9LnZF}oL=}Ha_zW>q zf+nKjmb9FZ4v3DDlZ4$E`65(GFxQ2o7y}Ku%oKmjNO8SRA%&Vh$_S4sf3!^HYzbc_ zm2rpIK<y58vrUMIIZLMx5VWq5fI#VP^I9ENEy?&Ct3Ra}^HS}fEK%5xfGWz0Gbp-d zIw1o2n?ZsMLlT(1Bys%i$<GT-A^D=iIHRsQ819GerL?xUv^LLt2a{ca=#mcgjN~=S z9GMlfMa67!E8glk*fWcXl5-hZo!Wj&f}J~=39M*M(gBM5(<@w)?o_xz>sxnW`rGap z9Uu2imRD*7(xR83^np>;2Sr=CkUMcwL^k)n7XTwm3g!&bVJ+?;_ZK6ahc!v74@MiM zFR~OLF9u*9q)0IUbkLv0@}2>tKMSPH08)Rafz;n=Amuv~$dM-k>CfUKe-|KCSXUtZ zS<3{<fYB;&YW`X-iYR*>jLhhe(KqDT8@^DkC~{{{gp^{;0|N`&&EdjTV@jXd7|&aM zh;`MohuQd*qI?@N&W|mf(l%Aoew*i+OAfS|ZJy^8bDN5Pu!W9Fl&;CgF@FFBTgjtp z62{@~Uudd%1Jyz`b%O88)VH~o7T9&+T0jZCe@YH-orjhzENXK2)8b=Kl^p(8@yTAp zD7c3Lqlc5>f@G14&}cy&0U#l2Q9lH0?LC+^m6f`8Jnz`U026Ck1x#Cf9Pr{a2|*R# z<|f$;j@#UHNF4g5`ZJYyHF26Qtpj3sxu}E)Lh8`pQJZejFI9Z(nHJ*Zi4s(Q@}8lq z0<owHGE`@ng%F>WI>#MqG748HbAf?W`x^ywvS<Y26QkfE3K0A9>-n+{QPJwlTDw)& zm|Nad9V%0%+$gwH>N55ui+ZTEI|v;BzbBVpc!w@bWOTeU8OurZG|S#n3>J*g*apd@ z_(cl}Ys|l^2aB?0+goT3l|6<%M9h6xGpgRSjR$<JPDY_Vh^;kwdwq`rY<xg}t=C_Z z_1Ba7YqtLSt^TUhUk~c91^R2b`Z5|-e@d};>3~%d5YM|1jW*3L&mdfn#$bAsF*0O~ zwCDhMhN^}3G_oxGlwh09?qQxwzLh%TyO;*lgR&orL=pBdhB+qPZT=JSXTUS&BNn6Z zAPS0pA$50zPvKpG2vlLW`P|{uu>P2`L{_-{4RKS9cxs-S*YYr>IsI*=%`u&o<&SEJ zK42(fdB39yQE&;UA=au7k=Lalu{;#M$SC+eDbzThP6mQbXA4AaqF;_3=6WLaIIkA8 zX0UfKt<@T*=T<F36DN~sHm6Q-ik_{UGN=wkNNc{mPBdi@Ciskr{V}<6f$M2@rtz`s z)YTg<!LN72+E2DFvQ%69gIaXZAEFEqt=6&SqhjtqZf(GH5n@)g*)&^ERbrH$a2p8c zSu%-Hg$ImfvUqXtuy3N$2lJx#nzCE*+FQ{^%0^lvl$23rJIaS!KFo1ft8KKD8Fsp! zZZ2sgv>OPSV6)ZylD0Q}w2V~r`!1HhWYL9m8QMXsSx!Y%HCgnz*b+<^M44=sPSJHD zRDrQ@U=4}NE67g)+#VKi5aH7p1sJHYK-N@3QIp~=7BNpdS;Se>kyE{TGXrv#$e|Pf zu{=L@%3fQ2!ZV|L`J!Yu^3Ic(Sl-WsCnx<%sV|oIFp*pG>Iv*60<63__*ADDdEYf9 zg<lS$^X{<xb;+X3zbi=f2I({^ojpo6{>h?2gwq3w|B@ca<0CreDH1s%y>+_dG?Djq z??hH0RVgXgDRt!0W(}n;ZGKwoL5QAnr+Xt+#$C=T<IJG(-HNKx588dXwY*QK-zRh} zeS@mto@0Tn=tl1u^-b5kikify<{RTWLY@Pzd;Xgg#<-*6k2296(Ytfm%mJ<=>OoOL ztf9$v858O`TatSar7UYEZgGRJX_2F*;f@255$LVl&S|{^U4?kTt@zAir>O~Zio!_s zEW>z$jq$nc^T@0U+ikuQknR7KUSnczRZW%ZR5TH<91+ZU1+#kr!!}TM8d68|H4>{! zvW1>+Hhf1td4^(3ZP2*O&Asc=<fxJJI0T(qXpH|N<aww5o4R=omj*nC>+_)?4L#8l z&2>jE6f?lRXca_dm{<elbcdGxPgamiiu6NO&K6&CkEncZDD;f1e?kE);#Mz`3T|B9 zj@uBBTct`-602{*7pV0_>3?a}C%9R2CWM@0hl|S9%xV4!4L4u@D+ETXkwkKV|5S6m z4w){hB=c2e$-LeyFsP6y)sq@n^QpoR*Kle*`lusPx<;&;m{a#*pedGnRMrhHJdJZJ zn<B9sWoj`tt_1ax#K54De{{>Z63MV-oKu`YY&;q@eVWD>XZPjgKt{uUB9k#*sJTVa zhD6_ETewWAA-dMyS`2&lS_9(0?Pk^fWU{HIIEg+|w59|aIE?=_h5U57GludSJ+)sn zW4~7j@9IlB5(CT!E@pmca@fiZ$UeN!nar_rT7B3_x5U@(m0}KaM_cS8wuSS9(FLlw ztiFlSXrxrQp01K(D}=e|oHWT=8r_tQ-brMT`S^!`SaBYkkt=AXPGn9c2^uL|E&e#A z5eoE-q`+XyOw_%srjPcp{b#Cw?|mFCXcW0Uq)Y3g)G2+G6(x;Sky1&St#nbksHDt< zX!y;4(0n-xQz|J1KzK5hlr!04qLT6;<!Y6bmH0ALQkHgBN!g1IL#44^PPJB%kiDf> zYov@-ax{G+%VAr5!cG48)HD6@2^VQ)l)a*i@+etcEAmMy2P`O~Y_OG4*8g0Gxt{8z zjKZy?d=8ddF!cc`{yB*do91TuT1{lXoSP#Obh?^VftZq(W4KvPz!&Y5$-OL3AKSCe zj{2SLx!LwqAuLeZDYuYVU`uJI90qq?&Ha#fDD9Med@Ajfkn*6NvQc@ivei`3PFX8G zDB3CChN%<nlnF{Z<%lW+?G)iuJL_`HM3;k|4u_9kS92BOO3ud7<tW0}MVI3n1Z60- zAYRi-Ef<o*Qfe8{ol;BU!Ay;o#B$VG4t*jRw?o<Fl7mV#UuwbHw5A9mxikEpPfk#1 zNod`iv_i`tDM>4|xb7Q95h%5|nnfd2DYiUN(nyDxv*}r?IZ?Oe#Wv9%%cz$AKZ$}$ zA}sp!D5z-0ptFvOo*c5&D>aoCsnjU5E7fW$GqswE#0BCHmxwEBDh&XTQd4<P&g|#3 zU8@EUHI-|LOsT0{NN7q;MHX14rXnMrQd4<Yh1zN=t0i}YAkk}iLDDVIA4^Ao4=1Xr z-1f0Z*1m?C$~ySNE@~=TMManfU;Hk&sG{7iR8<h`Oo`vPS1YPaNh_)ZIIZlJ7;7u4 zTzR40Sv=AOItoiy8UGf_DhW|m>4~yRPne~dps%BCr(m<Ktg?=7PHC*9byYARjhe}4 zT4N;<9w_(U7YLHuYAZvu+DefM%TQZMC;Z>)uK4B9-%?&#$C#a5c?B7IH_9u>Lbqt` zl|3PfLi?$?M9NX8&ZV8yS1y7dSL!P$W4M}!$);PWuXvYv+KTuRy_GpyePxcqBdunm zbXd5dVWHv4Rah)-oRg}sJo5rIa^|^;F_0|<+A7_vu)Odgv?Gd2T3UtW3G$frqOlOy z(<f7lMIt$VJGmB%TeMgPBLQ4N$!4i4M$dNWN@qoup(wHpB;~gxWmeae-RiR3&-w?! zK#L`jr?uWh|E+B&@?r3$vpUP`I`HeNv(%kjon_JAPE=>vhJ=zTyVYb-Ixqn;X-$?o z(PX*Z)@0FSDrEJoaJZfISw2FsKuB+fK1*GOK8x5{BHGetc|y*D>qMUghquXO?M>;k z0EW_MIbCOg-9(>d@50*wJ2yNlQ=dfv{1XoMl_HB!<Y(LrwB!)Fx(dJ2XBi{22FCJb z4ogHw;ZY(4R%_*FjaQYZ%x&1BXG!C{S{Ii1tE{2_QpZKDtD@s_5OUIuj?1eAi;j!v zw)pxa+GLqMxsJ<krI2oQTvia1)^S-ZU$@Z`rMOZjUu=o=7q(D4>$u!NK-}k6Nw3DQ zbX<IRltPEF^mQldxXk)ejal2<(0#3oa(4InEgjU0H5}HOK-)+7yVGvjO?XPXWxW8Z zG-kTjZjl{UTD#?^d_lmwYPTeo$jG3%^6ykzS|i^Q)t2i;wPn1hwp^)HTfCy$;*k!R zBR@0cC#}|^n<HU<jAL0y1E#3Qd3;LutBYF8+tOX={`G*9>lwLHG+b;}bcNa_TOtWD znX#foSYkO8dgOluCm$|x!ws>672Y|uPvUII9P;+b8D5c<os8k-lEZ^+NxJ-XvQLKz zy1?(?7U7m_S1vEayiN1o@U%yJVvlll^0@k297G*J{WT%2=0ZJNF=r@ed*IOCVEK!| zVK0SEMAjYTySBMKd{v<J!$SO{@Ly>8&%}S44({FD9$6EJ`?FAJ;P<%tJ*Iw-s^25( z_bc^#Sp9Zr`@r@YvH98`rMHk^z&pQ=c*Y9~kHw0}O~W0HO1h%0fUy0xI-8vm2fOq_ z*R$r8|I3or3V%@R+3vb0D)T6M`0|DxuBTf|*Kb%`sDxJAUD2C~SvwuJL#30i_*iTZ zZmr+9_MjbFnGS7PTMI*}(q5Pj{e8T8o(dbB4*RhkCc*=&%zNyxe*%~ebKN8NvFz~I zGs3SUd~Gdaa8+_^ModLUj^Aa3yEDQ?#9`Oql#;4XQ6<&iZHJ15e_e0=x9zaERM?f& zSU=GY+fLY8Z=udT#twZ_LJuGbk+kR7p}$c1&z7)L3FCZukR=_whdUo~cr4?qWQVf( zp00$4uBTt4!y~=Rx78Z0Z3cjA*&m`mY^3D9^)4j%Y2tYMaM*^#TqV<EGiu(&)0s-j zs01;{{Q4_h6%`LRS|(CJzp))J8Y^gbDsh_GaG8j%FtOIlXca&fB=Ty((ghW)l3@-x zAYRr!R0S&|lsks;l7N1qMxHf5#$cNd#JYolN-$DJf#`$Zv%bZrW%-(ph(L||4iv}w zrf?tBzpL$+w9Ysry9ICSai`by)C=Zjm^IY`5yE<xY1{kWWzUwxNV~bYWH}Dk1+LCY zoGPKqbf`o^$hj>f63$8T60Q~i8ovJ0c*BRHkQRQb*4OFQiz*>9l>rsV6SWN<yS2z` z1}UlPuua`aK1D_}y|bmj47m{3#piJCPi)TdBEcnGgK}VG;dNf|@HoSLL?^1HFnZ*) z`p@`rMPH_C*1*T}He-eCWY{&!*|!clpCAA%h>kh-5>iQ5^9-VzlCtM<H9v$OjjPdY zR(#L(rwGoVuZar7uv=b0c<>@6m@DdPCBj6D7gn=qsN`FnOCjakHs|$Y`-pJz{%@%Y z#XkN=_ek*t?W~JykHA`(SDmcD%T<8|J4tCyg$WefjM0wK^R6WO(-Ihzz<AMbKUFZ^ zuL=%Tyya7k#MrdiAKJu#p9t&Qh`xYjGFg-bwB6<{7oH^PlajP%gHBeJ({hdB-|RF; zo-FxNk^|GeCh3JjB;Ru2u=N|r$ST)hMhvn4WAuf7TQ7XEy2E{bpyqXMwgrvQTTU~= z*+kHo^cG_OnI&%eK2#D=Z**_~^glOAPNhDm4$kLT2j^3j{E)LYJ-QPvRRfOJu^xXu z8SJ6aF@<{>Y-Cw7&gLWRG4;K`hww4;u<otTlaz6(_|?Vc@75E+5{G@70h|#c)J{TE zaSn>ZfnZ*oi?X~FJxm|Wt3wM*2A8^@sGdCrXOXdgX7+qa9oQ5+O#$XU4&g$^0d@|n z<Z}z3R29TN@IAsO&_}`2qoMen*fBWfbluZTnAj3ncZtLu40<*-Oj@f1lAiSe*VsLQ zoIL^0p8CF$rUA%NDMTr05VA>h3vX}-Jp1ael(-wERWM1T0<8!R<3l=x6TVa`kL8^K zAVCyW&QYJlj(3`ab=1+%CF(6H&J6ukKvgGkUSZh-N|Ql^kd~o9=r2tkVXC`xa?$tD z{v@n|^s(w6eGC^L`U-@YxwZ$VdmB-VwsqFmDc|Ed-=qI&zWHyUdeB>SZXc~{Ah*7; zs1^M*E0WLxO)bXc%%F9RHYnl@=U^x^P!kx9sE%t6qr{F#Bwt?2fp5OHm^X3$xnXCh z#y6UqalCyN%4vlW_4Y>qFu4c1kB(wY`-D$7uFdC^yS}&KbLOn)6uaK#lec49M^t)t z)W0h==mT<#LzDjF_Bv{@{mSJ{t!?(5>a(g!TUiGrWEt~Gw#6>PThfZ*k3G=?S=Ny_ zJ#CG_E1Wa3I_!~FBaqHbzL>z~R5@RIJg5hP!l`!BEaN;8EVwCQMXr}KY~;Bd_GB(d zZWP~)!{%3{7R6P;S@hGE3*9u9t)iY#P2O#A8CZfFb$R$y5miLj7Y14n<YI<Ja1>LK zJfdKKHsq3u7ZzR$dR}rhkE587G1gfnWnxN*ZGA^xq#zXgmJ_YXqiw@=P*z0QmpDyT z`j~9s0<ph{V_cmZJ?wNXH5D91e|wFff|vO9<!rAqw);IVE;=vR`c5vV<Eu#G6BW(Y z!m8MmtPZ2#za@3vZ}`pGO3H<=HC=w6!_i_q^8`sF`CFpmvKBZJ^O`PSNsJxVBw@EU zT@FW-3X=(&n9y|j4>Q7+O4#L1m&Y^0Ai|Es*-e+<pAmMig!OB>{09=&Th}XVwDCiM zKwZb;j3uVvLi<WO2itHl)e&v)!3BwQUFHrOR|KhH7z7)yV+B~<r?(33(N0u5%{U5Y zjDqjtZL4@&aDgLp&4-AIUfawXuOP}5{JQdX<HhKQ*{)_$@lu{&1Dx_S+8#QIkR1IO zVD!V>a8>lf9^vz&UuA`-nbjOFTX#s$4D%pp%HX$I3qFb#plp#jzIlbwgih|kvG4xX zsTW5@?@Y&S>=ehSNxuKqajP=p5)soYZ9_iAvY@c&c7;VNSCNVH8L;=U{U{{flq=e@ zt*91S$hw{*{Ce&}W_&i}NiwV(hT=0gLOj1DaR$}8b+rRCt2IA(Q^>suG0#%Aaoed) z%s%$^#jA46=l+Z)2xc&xoV{j2p;tzaIML8L(kI+EdL%cTFOs?neOv6Jkn#MZ(muuj z)ui8w-$C-osea=rL60r>%I^yPC-PJli5z7VY<mR+dJ%TC%*boSpR-ja1Nw66hW)*( z$iS+*)u|Qh%CJXAqQpz)nLsW^UjVNs;N9AiOv-tK!}E5e!1%G$W$eb5b|TN<YTMs< zu(G$nod?{JexaCxm83oWF$G<Di+vV|v6KeyiRXX?y*>aHLD0UPT+C4=i$-2645?gl zaVG|iIZb9qA2l1Wt4I{&NbWAWeM<X7J;gyeul|Gb^x7^*PDa620?ZrV00|(Tg-W1@ zr)T;skGUe7#5C<w3)a$Y3mQBHJD42}w_|YtQwXof+%b+s-{Vesk~`&?v@!h09PNHC zue1A&jxNR=Y;?>|wh7~LF4VV}^P6x!$1#z?iXBSiuR%(XOysR;#}OMP{%R?bLITnJ z9Hucxe&?d>tuN-A-^3eri><AU>8)lq>qSNM@bO5IIY_55KSy|~vn6f;^ou+Ng#!Ay zff}(~K16}OKKib89eyvM=eD-{3xT``-a@Q+?4bl|GanT(tm4PgQ`7?JIT4`=I8iL3 zrOw&A=&g!<hLG`|Wgza?Obh8TdTYE9{=1&h(S_ytj!1d@nqFr1IzfN+J&^51xn;8F z2y7ax#NJ_FCH>|3+8o0x&v6u)3>S_!LVt&m2n{Su7L`r_A34ob)Xz4mAX=6IA%V&; zkM4m%z`-MKU3!303K4w_f4PcSSsRV4rV4dRUm9IdoEsT#c->>%c|RN&E*f*DIH!y` zOPro#9NwR1MS7Uu?_ee?C6?40Om`#If%m<J!L_1NebvQQ4kUZ%6ObQlp7@NTsFT9E zLJ0RT%TR0?gC$Sew!^&S0>Fz;8JF#PItK-ojgfcbS7j;AHBhtF{Pbxda2>4W7f=)| zW%wD2y$L^8gNKD@O9}rxUrO|hiP!NOM4;xAwb?TNja}xSC3CE&<XWJf2E#=1R?|yz z>IwHxqkwv?!u;WO!GJAJ?2^Duj*|)^zofPV#6#-2ll^xnHvA1fL$PzV<OxlN-m3H8 z&R2mTaat1=lO#q#0~ySVb>?s5S8t{<Cv9C08^>m|CzKsJR(gWQtG-ydZ;L1b!$j<b z=MA$sX7l)i)7a;G{w(Q4|EP;1r+W4oo8j9;3EbENx3)QPhA){D!eDhDWf46F+tI=k zFX&;mW@FhmJOqQ*8yNt1Sl-p>6<Mv)qKaI1TrLK+WgEwR&rOl?M_r^3!)l|WRN_&+ zB5V;_vlE}FsJ{qk0#}uWE1Ba{YAnV+*-5l!C)Wevx#2GqoR|BWUyPiAT`ZpG@MRNJ z7Rh5U68WCv#%90q0!=VFUi>i8FS%Xdan@GGMhM`v1$aM{rVu>Rb3Br-U@sBa!>9YP zuwAG#_;gFjAeFb(fu(i?&sM3D+Rjyh`{2=H7n2TdqF5Myx6H9Zd0=#ePu^G5=l;wY zl#IqKdWRAISZ{>6;ELEKcENYwlf7_FNbq9l!_eSBY|L-|hU0mYL%30;^1$-jB1PfO zEBZ(%Hz{>7EmX*bsR`7`jWJL{{hbl;9Bh~!s1dCtR07oB611KhI3vw}0*f}Xtg&KO zn&Bt)bnt8nBf`k#V9KsT8Kc^vYxp$;#!r)~0qd=og*Dv4!AET9X8hJ8j$%DBDpnIM z`z&4f;$)H7-4m9WM;10H^^{QUs58((7GxS#964lrJ}KQoP@u+?3HP_Z2zUo&Q`R>m zYCEsUgxm2W2}L8Fo$oain^Ju|fu$3D(;o%k)h%_o5%iqe8H)DQ`$6gFykm@qtaigh zd{yRKgIF1pSkxoRYBKZD+a#r00%;=m<YYY6vWIwV-FkAf0F*fb>n{HF+ZX(_ly591 z<p&PIb>=-vbYh-}g36LbJAgz{-(=B&tJP{9EPp*&lur{_xs~55Fp(ODMh9F*fXv~F z5S?d@FCoMB2UeF`)rCB7hg|;sq1e!isV#WuC46N97TLT)*)83ZPI~dL2BL=#%wMQ@ zMm9eISLI<S%V!73hP5iUx#d%Y0H@P>^G6@s;(+nI14^QuBtqdumgI|QhQ%(PKPvAC z5n&W&cbLCBq|_n{5|5epZjrS%UrM?=<;CbsqMsQhm06n#OflxRUb)R@NMEBJwO_Ph z;1n)qbhr$L*#SDbp~NhqgcH|bRpY45!tW<;3Ai3VtOsyuGJuT^S!t37<}+Cfjw3DO zWjq>`EV@;CAJ+E*>^;*K2Ue_+(YyfzLf{U$?Dgj@IZ|-q_wvz0f7tyj#vLub$hJ2o z%G}0b>CxVz-ZYPyiX~7~GJBf!u(fDVM!z~Re;i=U2Mi0s*MV@q>fn$VmmYpqs*mp+ zmG=|Ug{!5HD-~F1wnmQ}m?v8KW;r3|0Ge#uW>Ux|R7vaUZ!iyYpM_m%vS=l!$V~c` z+;7QA{LMUIN6gm|%T$C6(=%zgL>Y#~)K!XYkzwYaB*&R>l<8GZZ&=KY8<WXCTM}0) zOJbLschOLw!+NQ4j<jTl`QN`&%4;*v7V*<v%I-Rn=J6wBaC@6K$uUo~W`rYJQ*5y- zg2l>orh<ii7Yd*XDS!r;7){%rY>7DlxU8L17rx9a1u&jsIUB&d;U3W$#g0U=`RDtU z;Aw|h1eufzy*tbcS4ukRJYkHq%}(K+Gi(X1E*lI&e~y4MP<j9|u=;s?T7%0?O!>#< z$x6eNr$1_5MMB`M1cBt)j}Ll~j`1I9-Ul#eR+!($37pB2aY8pP+MqXjPm(2M91(NZ z@w~>jnBlF*F+BOf8CYxMl{x5s)$Pg2zU5(8g*Ut1yXUyK@pyK)2fta7UfilVwCB;R z@Je61--Q{c0?at=P-dL=I>CS)=BLPf<O=I&*#H*Lb5lMBn-7w_r?U~`Is}`Kv*i>~ znKGQatOfihW&4}55$rEOpb6-5J+OiK<JW~fLN4Y<FK=_ZtNAB<K&OeKnIVj|u|=6& zDbG{SCq{N*lb<V~Oi8>{PKxA=wR(9UUQcN}+?%b$3Th(kZ>VTJu-O+~cp3`4Zr^hM zX`yAIl3Voq&nO5@@kM76C16fT1YOT>Gt2+3sL(gKWQg&RV9rK_s#&i4c1s=5SijDS zrh~Z)0F+6qc@mf0kQibslXBCKl;$7o1lLOf5R2>Wis~c(pDc^!6j?p|nqev5%hEA| zQ%WgHt)R)G8^_Vzru4MjVN&NDnr6WPKZfirVB{mw!pe$*UwRY^TFIjQWRpx|$%LVd z(xW*GOT44zU?pb74$4;@hebZ#_m<i??m)wNCemT=vN<JFD7u=WRk8kf<rh*%s`zBl zLaS`p4F_t`p{#{>W1iHT+>)3j$fHmwJ8~LqG(!P<)LT@E{4xj#2D3Ag@JO2U(fh;T z@jN7PEk&^7;Fcedq2#-(mKoqTH`&pV1w0^5MaBkSDTmUVT=!%_7nyA#dGfoOMclhI z=~^o9c*`@+-@}a_$#X58g~z<C)!w?9A-udow4Vc<<vA*Aa?905=u0ub>Iz+L`0;J= z_pGMt98!AXH_4(0$Kl_f__6x_6=-}R(m26kH9tW3?ck&woqVLwQT7%JRgV%JpI9K+ z>J7x7EOGZF*)}e(sunbyy}XjK-ZZ**q|dSe+JKX~<lMTfhdgiIbU1k`&pqx@^fJIn zk!1J7r<S$=!XFT-iT0USwL!`C1Mvq`8hdu}-n~x{A$$qrAFxXZlpYiwFA(4jo)uzZ zjrYW5CfVIO0gBe9uO+M+EA4JuMIs>&uBC8px@Bk4GL`FOZM(?zG>t>?RZt+}s*Mfs zsi*SfxjcCjiCsVp{+!RI!^fqWo4Rl2rdPj4Gfl6?_p1T@q)mMdcC<@VuaKs$CtQt| zm?ZHjg9tKv>!5k|K#lCwn0)LxseO#xMV0^7v!YnEe-x@)k6=DM(`A;|mGamvj?C}t z>1rh5awqwxrR&T0iXEw~si6@$OtNUk6*A5TWd=6_oY)>sP0>Kj3k-9<ph6}3R`G&I z*o4|-AmA_EEJPq#w2vYf_&zxtCip$=OP)(OlSMDmO~!scUH5MV{f%R~wa^D2=JxLC zA-(Z95mJO&T@+ST8k>T~%gG|HyQm`BsRYVjZ@Zs_$)d%o$hLc=xE*HU^OUfd6DRO9 zAGlI$f;Zg9*EqUlkgItlvF4-C$#fh7GMUfejk+Ce0m4g<$@;mXMAkx4-DqQx71fPp z^4+vi7SBx84J}X7@>I39XUJ4B$aWyaA#csAa?yQ=c>~oTWUVkSP*wM$YLNm6K9?sw zZ@X6f3ZG}_73_;$(I4T*;u>qGESjPC7%#z5+XR2^A*|q)DGU6i=J98tCKcu@I9h-s z8uuBivib2dYCTTeLHAtn2~5LyBll3dzYM8R-%4X6$ACn<3`>i(#Uk_mR5|7&s$}>S z;vXg>EXcVkp6X_&l69?av93<I5QGvae+es+>NF*fmVJnH*9~0RP@Bt|!}@K4eyLKW zYnXTHZGt~Z$Ba39pLEQxRmZ%|^8^9aF~iRx*b+TqJNpYdrr3I#U=x5?J))MDG^1j^ zwpMq^_u!HTu}xShS+$6-l%S~CG?4dS#*P+*i}X$w6@OFFUyjP)4~onfWn(ww)>IYx z-GX_PrQR(FrXuvRmQnXqUAOelbk#Lerg7S-_;0;8t9jKYavsj+>GzHVpvY}x?1Pfg zZV%S2Z-m=m>+3HWEn1KQ?IfUO`c_EtQ<Fur#;DoS3wHS{vL?7<$^}?-Zi@a1(pfKF zBNkLIUN_EkI(g!g+?w~+yRWa0-$TuL)S>XZsuP@Q6g7hXM#gdIR4R8xMd7Oxf=?s3 zI|M)997=g$Tss1R?h!nn7!g<|zDtLVr^7NZyk82#<qj&lc!aNiNR?!^;*GJ%P&mF? z`WhrZ&-}d#HlwM8U6K5!>}ZvY^ki7BWz)&LNgJh|uj=b5>;4b9<ds|KVgbgOoz^v! z#HoCscQMXQ0LvP?dwB|XoU+o4aa7Pmgx5?JB@ZqzKcsry7m4eT1CR6+IA1~ze0D%A z>=yOM&&gw^SyV>Z^}OGS30H68Eb}o1{Y==cG+yfB%oZetN}P$LUC9eX9^$qps+SGJ z_y0`cvSIL-l*x4#_O`C4KjTIKOP6dFqYu-@_yvt5<Jcs&mr><D;U%&kolO+)B8ErE z$IX%s#I4yMXg!i=hWJEuz(Y^irGFi}^h4fAz#F~kTRyI$WXWhwq(mP|GM=SMv5G9p zEYjJz$iqMTmqnr@@}xq--R5pm3X~T~`RmokaaJup{>n!Nl)vTEFr$A*(*5z|V9xn( zv{yPC!;6JCEs+%)owcW5@U0dO+8lejFk}dTdeYnMych70rhD-f*t@`R_*KrNywd4{ z{ldnN(bM%5Ht|{z(I!rDJzqsTUorbVN?lv!mhn26@#H2C*%xlEWoJ8*?8g@jC3|h` zqC~#>!p2t5+877xJrQwkPV}J!dCzR<An7!@s>WhABqohfFaOLzttq<E%SA1rJx0O* zJOQvRf#|lZz^H;h>}G~O!09z~y309nwLIr}P~;h$x_JH;?iWG;SK#G75u&?Y;hfso zxfG*F8|-k3{#Q?f>;Q#4bo|v)IW$AK>l<}@e{5ePDeU2T3gC0R6{zHD?IN$GOQp|m z{^WYfdd&F6SCUB>@8*Zq$Wfx-h{=sGALlQN%Y2^C7M5b_h;5VSP2Ooi7O_^=S#WiP zGzP||uEOdN-XHB3sA-bS2p#K3cq{JA3ZG@D00js(@?bBNo|L6%*fxv+b1s?^`i;nL z;FV?Tm||%4j!MIU-A$3xC@>(gWeOHvc}y0)a~ULYlWS=fB_|%?e4h!~)=UA>;pZ|6 zoN-;B!BR{Y<nab#w^RpWk;#GBqUlV?c9zFL`KCauve<7Fb?kCDo);3r<9@tL8>=ex z$0}jvK961RWX$~Wxk<n0mB=-y3dN=g1Gh`rn!-lXLg^zo2kh{mjv|u4O5<<-*ag3( z#Khoa(EvcDf}iji?O5P<`S<x_MKQiY#w~?@qY7Q}-HR{r8QXaM+*i8GTTv129n9I} z*&X=|^94SmwY1e&x`~HL7xngYhuj~ls!MRWaBHlRocmnOQ-B)KT+I{lRLY~UjS^z~ zW*Mz9u=4pqq-Vg$@f*`~5B+>4VO7*)>>Ru|1$p#cr!VJk$)XjP0#r?h--D^=(UcK* z1`U4sbNQZslRdfbIR~=R#W!nlT=38#7TE0i(D-=hib7tWoj(%EybG!Ge1zBNpdC19 zu6I)k@)GP}dAVHgYW_QDv!&<Gopep1Ia#e69YWPP5oHcyB3%--kVrZvWK<R^O+CQ% zr=UfSOFxTBp{sd3DUItL@I;IOWW=a)RvNpNXz%fIdV@JtbI|8G=xRPwm3ciPg|+YY zZtxgO8|evb|7rS2iu<884)SYct6ZSV!6dV_pPxo~ZR{P%ba3%>TO!%6y5L$S>7}X* z&O4zC)}3K>0kYX3_P)>9lB1e`s(I6gqBO#+M`^_Ffem29^@!LJeoErGsRjWEJ4Smp z?!8#|K==yX5Wu1N$dF%9@9;9eQMl}r>Xt---73`>x-(hyG(|v>;^Pm>DNvsI($AT+ z@oTKFO?(-f+jh}w`b8_u6GtG9piy0ae~brjo)h%KUIGWCImUuqAF5Ih7t6Sr!bXYc zYbBXO#v%^RDhtKn&S<`Q=saFkXYAo&S$WA#Xp6aqY?jQQchQKwo@^}?m`ai?YD4fA zs@V$i=lXdwx~FlZt&rmIYt&qPD@s5?k#OI{2DOl#si5loZ(wE)jC^%|?=&t4qVGY7 zH<)L$&IC%|<K$3q^Y!p>YhVh^7G=jvUEJ4rDWg)AD{5}J<*z5ARW+@2I6PB%R8~q1 z)M=<0EID#VS820FH7^G2SY<A(a4rv5j?{xi59BgTG9<<;*w|I?g_?gkjqzAS!~wJd zxIXRgu*YVEc^M0I;!K^}s!MXyMJjKyXnPr%I}q9No;BnO+gs!adEN^bRC$huoucdZ zPg#Q5qg53L%6FN;dxS(o4-M#{0X>Y*a@%{2%=cO>xprOZA=GL)SVXitX9>kMm#hW} z{Ot2uaAl?9k^tQaa1}(dHp&uG7Qp`~ex%!ie<S!@#iu;Ev5#-JdCgbJBucQeEdvG9 zt#w1$rR1V?A<7Y$b(80^p#x0wOxo@h+Rn;w3-mn_fVR`7yg|PM97Wrmexty>)zX!b z$Hx!))tl?_`B{QUV;BqoFZwI`lmZV2Otlw6#W#eVu`%Wr$ke6m4;V#?d6iF1!C&yl z3U=_t;i0SfY>kJmW-+1!Eq5&yy)7d$n}-W~28~LGQI~t@mIaL4<SJwHV65s3jzDu2 zj^w<OEb6b2`+(o`o~A~==Y-lWo*h_i(cdK?#Qd9}v#20hn0<*&XnLnoxfIF0Mt0nq z<YJcYh^zUpbajg4{v8RaK9UP#gKUJ5+yvD6h)QXYvdY*fxV^h7r^TGqDCn)gR%93> z|6EyQ)~eNRDmX_!6@`qd>3$S}1efW)b4Jqm{hE@T3thSUry$CPHlY@NV^$q?(as1c zDXZ)B{+;_ttZv=VU$MUG$nbiOY)cp-={bl-nj)CZq_P_F3U^uqMkPR~bUpzD9vs9< z7X9i1py4?2h)j#!<|hvdSz{77WfJ(oVJ3l>Nf2NXR5J+*Gbe!z5Tj(xf$6C^fSHX~ zF$HSQUa024D%G@y6^hFo@X8#h5X1-3A0$$6Ugm%-zS>$Sx40DIk36OjzpG^qi`mrA zOimZHmv?+z%?Cg%b%|cMNF(SpPp3WdAcI+?J;i3e_PEU)?HOTy^%Iq*%=}DwFeI!4 zyygMz37D^FPqq1i_DnW6Y0q@?S?!r^{zZE#%-?HIo%t*6Sztb>JVqnUGgoN847b^+ z{nBhRto_m*=4|a>CH^VeFXX|j)_x%yreFJozL*u--y;6=wVxU7Fx}d}NBsS@f4}&h z+J8X&M}I7>H%###)c%9we_#7M#J^wrMHR!`sr^pzw`jjCH0G1qUo8GdwcjoNhqYgs z3|p!FWfI=3{T1S0p#5I)&(VIdonlVc{%Y}062IQAsyCa)rpLKgz*F!l+d@p~j8r+s z^XzTGZXGg2hZGXBNr&`Km85V+CUv^3U@-|F(FxyCr|RQThc0+XhwRoNBM4ckL!Q$i zP?Casb;x5nq=JxzI^?H1#7juM4*9+gK~7yTTZcp>#A=?_EiVfh+vNPOK#X5Gt5_n> z_b<yb0~{5qx6!-Ge~=nYk)0ik<;Jp`H#CkCvz?+f{GphC<%BKIx2$hsoo~4#m~2t@ zUz=Od-je8qM7xMKKcs|b&Z0*Wt2ib8EAvXp8+fj4e-&r8rvQ-r?2WjIzCyq|O~C6X zk$L`Qy%J^$&|gYX11PE+K>zaJX+T59i@XF4Ym$r<V|+1~+~8Z59ZaqVy7Pl#!R*5X zPsnu&$1H`(X-p6Wxybucbx!57-c;;bS_?C-it6KE=I@(C3%EM*;AU*3^tBt-b_YpP z?dqn3KLECq!F}YnnQ(8@ed$}46->6KI`c#6o>S<{Ur0f!FaJtsZKux8e;N1bO6h{_ z?X5k-gO_KGUEaUf<?DHrQk8jQ;7}{_a7W}HE7RBMu8#NbRonD#(pB5^RflUn!nZ75 zuwojlkE{!>wXffWa`pzI2f?aVXRv&IaOsBdmV_%Xn9cb9<OX!eYiny)a^dbAF4+yU zF5C^43wM^E=O@B_^yRx;F5elVb#7(W?dSwQn%B<yv!n_Axeu6id2a8>`LrOI+)7yF zlPY6tu(d5Gat5OmcIo(h9Uu8DK+%I+1ge!J$_`&fdjcLxxH*6Ve8A)H?Tm!*GKc-W z3nOFjGE4oviz6dxoI9A@7TFc#v0kf^@Xzf0gH_v!{)FhBiKu+0{u}vy1Fo$B7kWRf zy7tb)voqa30Xo7Z83rjm2-4Ow^l;G-M(jo!8=e3jTy2lpJ6#6q#f*W%<PGBzHJ#}J zo7Y#yi(#{dt2L1?U1Rt9*B`58l8x4+^xw4Jph$tMtwlPp-{Mm@hJ}Y&QPK#Km4EE_ z>{@&}TWXm1<knhr%lZIjHX@DB5J31#xB8OXtaTa&9b1~#!Y!+r@q)!t+%TM@Yg^*N zYH#1B>`r)-+2!f}#+225b|+QkEmh@MbDoLODXGa^*cWQjv{B-udHmJ7&hQfk&kG+i zsifFXy29X=RyS&v38$52Wjb*)fa=Vhc^7YrcR?Rm@h*R8Kvr@jxk%X!5}Q|ben_kF zio9Jmv&3Q96V6vMu#6VMTyuOcBCxdX3-=*J&M8Xqi~!6LY7igF6`wC2M<%K?z(x&y z^jTzMOJ%9%;LDgS8Uhij(Yi#gX1Tu&8-6PhN+kb|#K|dIgG3;SUqx9YxJV^nDDrNk zz+}-HRmN7cNk@NmqokH-uZn)iioR7xKa+|+S4H1#MUNwzH%ZBMCgCEFIFq^}IyL;i zm28NV63gSIQ=}K{GCmTI*b96Q54OnO#}QSq8Wgm`Qw8ede<FubutOp+Qu`^Na?OcT zau%1C@a4&U;_yVBw)5{(w(OKzni6Lq|N4?*e94zd)w7*l6<W1i&@M{w%u&HDs=D3b zi_M=%H6$6q#Rr;!?{wlTt@wWCd@CLv7=sOx#3(q8SaYfs!Txp^R<eT1x&Zd;vqdb? zN#Mydo=WH`vUDWp?&#s{#RbvBIgtTIUjIMR4;LAE`M9xy9`ZHJT=FYm>T-T$=?guu z3f!~xq$y8U-LuUJC(lqr26a%;Pd{SmS<7Tb8||?(>DQ=we_9#bZyO0m4_#>b=ut$; z?RouvkA5vry`%EtFrP<H$~^Z4-BZ2S$kJ_|&1ZXFg56?vc$$oYAZW7arD2o{CtoJE zq#u-oL8gn^#!{}#S+p4faX5TY87zVxDB2)r!3x7=HYbbjuu5SY@-4jj3f_SxwLGWK zt;)n4@ov~4&nxqsAs(MBtBs8^eY9Au(&>W+we5lny5W~<k!E<j!U|2>03(IkuGZ4^ z#j?1=gPQIZi}(3E<;ofUDDxBY>Gk?C*6Vc;56(JVPZugZOxE--0;R3IjTA_3RkT(1 zKGwO~VRlZB?vWut)_)WDo>)V35D@Y*Ix0ur=GCk5M|yh>M~1e0r)PyvGw&j~(&Yu& z%sG;mt>WpFGhO_0==QkVJ|dL2-B8ish>-XPcFPobTh0!6n_iAJn2C2&U%<%UE+-sg zH~R-VMcF7H0nE2(6PRS<D<VWueiYhQEc>?3Z^Nfflyk|YPTXGqg?$`EA?jTbec<+E zn&TPzF|Be%m*ZClZnn<;Cj_Ss-1MXF_L1^ql*fr%bE?>`$6pU2Rugz<0Q+mS)PCAs z&XoHQb}tfaj@nK!eW@b!5!>~2n>t1g=qk=k#dodZGF^prmJsGF0VGkA*Shy1T6*js z!)M`fhOxpHEHw9V!hspKLr2sh76)gXqha$+x>KK@&1Td${e+&-Cs@_dF>8NI$H;|l zZ@3n6()iy*%B72Z^CG4jA#-&I@?1ubIF>o3ndFyKAFo!oN*3)IDrn$Z8Y4|~%q$8; zS4Gy_WYL>QPLa1n7Db0wNoCA;5=%iTT`bfuP=^tM$$MI?6i|hfCKi*BnJ47~%sUhS zc*!s*(g~0Nq6_Ayf+BpXTtW9H`fka4^*35GKk@NuIfRmBuv(6S`rawi0IQVN`Z}ki z*gE5L`;B)v$CKA2S2r?P6V+>y>+gvSG{Xqv^f944B&!N+lZ|2fdT+SEyg|h(M*0Bn zNv^lvlU&bxk{b6o&U{zBCpqzC?@8{MB~aP#Nj|5)rrYmH9^=-dJQXey%b(*<y(hVX z4$FK`GF!hV88x#zJt%qYTM8*}jBa<wCKk7iPJ+WHJ}CJLa;D6aQ~N>5$A3gaJ3lCS z;DCTD4@%1OKyqG-T8=w0<T)WJf*ma3D8msrvm{{deN(EJM<t&pHI#0n;I>z;^HmFi zT4!-WugD?N!5f5bO_vilv^zi7CvK5bIdPkJiX66O%UN67BT|<fy+wN^gH0VYYRSA3 zbK65F(A^lMWDY{gx0E0&ac98LM)8!W$DH{cp;y2or*f{PyC_u*n#!V~u2f_BZeA$h z`4Yu<&#`$0O3POSv>kI;jc%qkeI#a9<24jtsq6%RZYi$o;gUv5qp8!CvOQ&uqpbO( z%^?D;AWnLbuz|e@V1-G=JY9gMDg3nxY`csA)YRnsa7&I%8Y|%kYB19F7~1wp0Bf2| z$Jif~<HPKxtaTOAC)gg)Ew$&KKBIx|CW|I>fXWf)fKfW1YpF}Xpw1tletciDNK}ZT z9p7^;JtUQ!*gyMkr++-O;v@~MM!aRg{q3%BV<jK_g0E0h-Fycj8@<P!ED7U%jvvsQ znvU^83RJ?U9x7OyTZsJ!UWb6td~2XuoYb4mXrzKv=FdP*>BbR426_XXDsrdy`iVC4 z>ywvcq_6a8qmlQ3sz^>45qA9b2^lEkOnJT-{_9X|5qE$%W#pMC6vlbs2D>TEr%EO9 z>x=2X!So-8Cch+CbWt(y1u&0P947|JqES|KqZJ+b-WHy(=L5?@$?$ZpOL35PAAF5G zf0vRFFX0Y|>-#^H(0Hg<N|rq5WU}NOxE&=+mifk#JK8!TnINQOAA~HvAS?0XN@FLx zCF`JWcg8v0XmG&j5b6%qL_4DGG9WZ>W!<y5)Kj)NMA9wRQDym;DqaoMaM6JBMF9QM zZ8EtkIn&$Oxp;LX{U(D{SuW32yPCJrrYg^&Fb8|Wi>Ujc@>3?P7<xVc2rnmREebo= zo+jsb<ohoY2aWbNS$_PZ7C9p4r?X~cQ>TyCS<7Pb8XfXT_Kks>SJbLwE{Cgw!4DER zw%Y=9uYhaGqHpTD^&2U-a1ImXB|=`kVca-Nt13i6kwdwrQPMNW&pqm-Mr79LBJ46( z&ZegLtbi@2o;LMnbzXx7H4MPCEd_zP?u!Gl1@6@LtU6@xkhfME?^GG4`D>O7F5iZ8 zt6~vu;kHN4GdCz{-AoqjG-a`P_x%qjiFLry*2Z8~E`6UDL83>q7w+J<WXUGq@{wXY z8KyQEpPJ>1t`<Fkti`;?M<C``cBy-L=GkjyU<pd}3mT0g7?n6Iws3^uWc%XuE-w|W z?B|UqmDJqZc<cf!yuOf~K+XMFX{3jar+U}2iR7ko)KY@lSK_+=3VcLHMv%HJ?DRb= zJAgz*qh~?5pwTl~LYxwEw(nUcJ<qdHKw+d<Qb+npsytFffZ}$vMK@$u87l?G^1bkG zzC&Md_%7gL)FAh2Uwca~dhf31cSYOE5`%n)T7;yA&yQFBQUXU0oSzeIb4OdZ@h(im zfanWOA0~v)isX8>&l?hbAy;la55kb3w|%oSGLWyJtMV<53UBhc9zU9M*y@J=dXD+C zgfzL4q5Nh=E;lwu4`hd(yyC%DeLh_lIfvzCnAwZr+2W8jLDF&Ycy}^U;9b7CB)fh8 z;N+pVbB?K@4#sYg1li&2LvM5N7O)Q9Y*_}J=IJSv@K%tZvv!HTx6D!C&2DVejNo{# zENI-#9p?8^MlXccmbX;O`;qc2pIZzd<c<FoD9uA;1>a$PWX5kZug##%0ioAr@<P=J zlzDS#11X;f$Ryv!hR?ydikd(_I+d7M-YGv9%CRw^^t(7;DNyeO2#<%A;KRqmysbW7 z9TFA1@vx-KjJQ}LqGE$1IeZ`cx8(5s>h~*()>0K@F9=_nsa8^cR2Yi&=P77-j4C<8 zMidh&-BaZn`_inCF=V*lP?hJUh5@y{rgt3&tKvU%9E4TboFk!;gCT>w@Cd?B7qYqX z%0umC7}aJ{Pd5L2i&{&{Zb4^-aC+*)=yQ!yFFRMkQuC-#m*_^fmBPwdZ7%4XQ^L)b zn<Xu*ps`1jrpG!blHx^vXuN1R&C=&O6)bTX^ekPY%2ZQ@gXFAexG2sT{kNOdx@h3C z`^;)vx*%U?&{aW3!O!44lSPX}+|{`fZPh>j#7x@A|36`@yUp=hD#C&!)s;Hq+Ejch z!u)||<?UY8pk<YBYpP(?YjHi$YVa?kHtF8zqB@7V_<x%&Fmur8Rqot3RY2ZbxHEx{ zjT}{E7O&+HBRj)lji%T9y&AcVc99ZpR8^ZduUBpE96a6hr-Ef4pLci>eHqI;Yl#d^ z-o(Y~E4LAv)k3i6UiCd1X9EcJ|Ns4es|Sjgv+DEbwA}WX{(jeT_gd~+%l)<GF1OsU z<<7L+36@)7xo2B$q2)R(_uw*J&l{Heg5^GIxxcsE6_(3ei3-limV2e;UTV3gTka{A z+x~s4e9PTzxxcsE2P}8F<$lj{=UVO*%MDrXH!Zisa`P?s;Jvz@1D3npa@Sh!uPygH ztAAA^_-VAl?eF>~UCuq0`;g^6YPoAIcc<m<x7-gcx5ILs_vmtpE%zIiTWz_sEqAfy zuC&}=TkcxR-D|lYT5fh!m)qZR&$HaImV1Nc&b8ddmiwUPK4rOkEZ4N$S_|$c<GTDu zEcZUkU2M7amOI^YCs^)i%RS$6hgh!Da@$wva{pnudn|Xo<^I`nAGF-%mK(O*nU*`+ za?iKieTFV~fc5RPT(8xhsg^s!atB$i({c|s>iq9p?#q_D*>az>+(#_;LCalkxeF|J zw&hN;+{-O@gyj}nZm#8aEYbCTXt{4#?hBUtl;u8Rx%XM_Ld%_Pxf3k+8<soBa*r?8 z<$q$iuUYPP%l(7p-e<Yrv)q}MdxPcrEw{pQODwn8a-Ej@4{IEDTJH0fJI|VLD=haR z%l(7puC?5qmTOvW4=ev5%N=RC0n43Yxw9>|-f|aP?n=vDWw}pS?orFN=lf)<KKuJ0 zi*&#3v0OX6)}j+$%RS$6Pq*COmU~ooZ~U2-`?BS>Sni)J_ZODC+;SINZk^>$vD}d5 zj<($MEO(IQIxY9BW(%Jz_chDiXt_^X?kdauf#rrRx7Kp2E!S(gBQ3X|9dEVM?w6F? zFI%=(C;aWdJxhhZ{Cn+A+OFM4U)Jsk8C<%YXXl(G-pVk+G0EX}_#6>O*fHC2r=#9+ z8@{_7Qydc<v+&JVVYfRb@>TDcM{Er~2eBv17a~WEV}@hS33;T-%-Fje4b(8paR=cO z9YKd5cQ|2F)UTv=5WB!pM`?2%Gx5*Vf&4~DClJjg?hbs@_`c1GA4v)FC%<zDpFylZ zG#AL`su-znRu}jLvTv&t*HO~9>5VXHCy;8Qqsq#~<JbzeTj(=^RKqKgvnW}5r(TsH z5Y1KjYxu6CKc}4}#WcsQz$iU-yJLjo+*Cc48SSp@w(N<NFQYXVSQ}D#GyCi0bxOb6 zd3BWyz-W(#8(8aAOX^iS=g`~s-)LYJTyf*p@+&R91AjgF-Gqp*bACzDz`q&5Im^Kn zIQ2JIg~`Zw{+mR<&$7x*=W>IGvuSG$zv7=kZa4oU^lcq=3NFkfB#hs!M$xUxsaIv) zrcz6s#NMh#_e`tW|9kb_K|Rs}JwkSU(#L|y(!cVjzjdFcza@|UleBgG*Z4n|9=MG! z!94vZb3<y;^E5p_x`w;SDcE02{(44i25{V_LUcJ@=f@1vOO6P6WVG#hX4fka3hXk^ z=cKSt+S8d%$Os62%)`yZZy7J4G<Mi|j*+BTz<-ZJ{I@CywZDcEq-7)dFLCGLUascf z<qDkPDpq+FR1Kt`M%WxM!7e}8aO12wbH>lTbN<|kw^7)*`dKr=vpR=K2{XtykKa0= zD|cK>ZBou0T{yot&bWQnxI5?0ye)j&opW!PQGeTvTjvNpoH%FJthy5-#!a*{`oiHE zHM2?3aHmRtJ1rIJHH)&ltLI9>WyUl>n`P{M^p&2ox2pMP<G?sdnWg$lkES2E8>~4Y z{cDf0P%HUw|4n3m%uso&7#+bf{U>uYtmvg(?kt5fa|oYCxspdyT%p|cl&E`H#{ECZ zXOD~2EM-e+LZ!c6t#)pQ;{sY$=J*DEBJRZ*?xYh!>=YwaOu0&H_lWd@;OLd~n80J# zknZ0T<D|!gc7L0H(iifV*@9`QSWN?_(aPCY3ujt2Ok^GP)ACBkb^N=A|I-`+MtcIG zAwumxJKZ&o>&a2Ae!EL)rwdZT$x|UEW-RMi**a6B&f#gQ<WMu=V*1(syA=Ngik8YM zDe+~Fi&R*dqk@=nzU1#JdM4}`M=#yMKfR8J=wrcryN}c9G%iNe2-qVr!NND4T4RgM zP{EjV3H6Mo&?tL6GwF_$FR>a&<qPu$<j(xI{TlyeJ=gR}r*<fa)AUaA-w6a73Q42m z!qlT7(9~Au-(14%+2v3(Nb@ebWDSRuR8M)j9N`%3KV7blld$3RjjYDED?FW}=8Vww z2H+9Awg1xbbqZGD+GL%u|I*_xwN(+T`M;Uqgygj$n8dm+>rVsW_G&B8NdL%RrJ6Oe zMo1ay726&?yS`bebb7|P)d+l>nxuuoJ?OvA^QSZKVAC4AOmQbVZsPwW;HZM%8wZTC zvTE*2uudS8vC`aVm^2fKO>?rsZKm6xdB7>w?3e>|vM$<GG?Op2`NC<;*h;WmX7FTq z*hv;}o!cQRn^5Cvlva}}FO9wF7X81`p5gTA6lVX4v^w1aJ^sRF3S16F!2~|(xfA)= zG^F<Wphr#9wRCKnU$*-ts7B{HMoIq(wn-h+)F@?+zb@tfZu>jaH-X;%v-_jF)=Mu5 z7R?~>ze*=%>G%m?oW{Pc^HRrON4!lv#)A7YpBkY1df$;Qr~7o>#|vI-sxy<a?7tK1 zyM|T^W(x(j;mxeap1HaVoqr+_cBK=-Im=8Fj;U*X-KD=#)j5-L=BMiIF5SQCH(jUn zUD%>_cKf9NY%1ypD&d}lrs#MdJWQ>sU$8wLUQG*xLz3UjaN(k)Z8BH&-llVZb~m?l z3SD1U%E7_9wVqF7US7wStn@-HZek{kW2N^oPbN~tSm;QI*c%C-pi)&47vk$*=lf66 z3Zy=2y2fz>wf$%H1c3S~F!kTTBUDk~o<#a8Rm;DIe<EqF1D+tgAu##zO;k_{7v$HS z%kPQlgz{^CX&SMU@L!jr!riBr-o8ndIt`!jQ`b;q=e%9(IeEGWxFWkU%|oXtss=d- zWfi%DV3Yh^hnvP!S<h?uulLusE9ttfQa*)?x2aWB;?w&zy+#Qqkhw=o(^=tc((9c~ zt1H2->*+aZcjunh{V<7G!N+THC0_8fYszu-+XOgf!3g{ByR=2>6NyLXnuWW!ccAHg znXFZpv%eHq{>0U*RA#8GPqK;&2cpwS*|J`BtwTnkyZy4=Zs9$p|Lwob`b9C~KVN?| zy|THCuKdMSDY&n}C(!AAf?fX{pcQ)69n6v@z20VyqU>(F&ttdqUyYT_u1Z=uj&Th_ zS7eULNdCL}8W=&Ll$`tWD`RQbrn0J^e_!vvn|;%OMzHFdZp#zM|C16<)_>_aC^(gF zM_0L`-LjLF(>1+al9r2zTu<hu@WmpN=!~s)TB$>JG{V{29K5~%I9VQ{6&hbV&)yqV z?}<cV8a;R;J*g@6HHxn4HAd>YhP~T&s7+Qldxs_AG9RQ|*^3G-70z1zWK6`bcd1vU zVl)j93=(>x(@OekMOg(K^xs6*4574s3o0uZEEMWnZGWooObXr=pVH;(HR0s((r%%0 zvXV?lQK+uzyTadnt`pah>uAjc{@G=BE!S?>*DWu-`gEV;WaUd6r6<bZQANH{fh&KS z*4k7_OaFvs*nfH#))l*K8g1uGW2oRo`pYg~cq)-5YP_*2w(Uw?0!Mo1@6O;nH6-bI z*cBEXf0n|?vr;RB>}Ew$B>bz+E7G~HdDD<~o^cl-f6iPbyUHu4DH(;7ZI>XjM){Mz zt7VRgY(iF#^n9I0xU5ZjeoN0uetU)UkzS;SGfv<@rBq$NaI-qkv=qHRS$ct9Qj4rg zw^~-g%+)~Xa(cDYwK!C(|9!sBy(M|O;$4~!_@F2<?==r8++9~1(_Q{d`Xn?#=DP5E zo%1jJU)Otu)!?phf4zE7Z0~rWyN-D-tB$OjvSLb$uRBRS!VL+>D%?_9GI3%~Tdrai zLuz~XqC+xivV;T`X38ogdk>M-=s#QDtM@zUTz*oXxL%{!OSsKz$WCw~-)Zjf#P~G- zqU%fV2L<Ou*7Efv)hFf~N8Ya^xjtFF-Ak}D>(TPd{~SJ@?|%=U&j0V>lR5wOptJX} zf+ZrCoXgz%dcBv~ACj+os5lR~v%Ye{ZQ<(rJ8Nb&z+&H_ut)D(W@Vg$WM${%=Jn|5 z?A5zZe!(fO!oK}Z?O!zDwBmt-1`io}`Wfys&-#DZ`wp<Ej;QUq?9$uPq}bNp6%h?F z7NiM^ihyE40bvD{vVldhuh?V5uF)vAsIj3@V~egOiN=O48cRea(Wps?-H7_X=N7n& znrO<G?|;5rbMl^<IWu$SOucvSJ=CaKt9G5b_3Afh*r;(6&!%3@yqmXp$LHOa@3m^( zrmb%~KmUNhp!UHb9Xf_~>f9x)Yj{K?K2qt?vsdrvK7C_i<NC!XX!<86B@Y;wlA4yT zeLo{pmo;c`_K=~&hL0FIimCI3-?a@QW@M%5l2bKmO-4p~hMF;3I=tYD4DAvTA;j`g z5h0!1%YrPROQ&`ro#in?zVH^F&Ae@`+NG)EwAz&9_&EBVN1YUxsZNbc(5T}OuhVH# zwK}yfU7eC1m!Q@qY1IB|NspA|ei?BYL)6J>@#z^Ens{Bxkj7SFDVn%UjXFL(4L<@Q zCvwP2ual|H%+hMpGmxT*OI7zrLsHW-G$;dXDz8Cfsa>RBGh3@hYW$!isgZ@UJ4J+q zq5`PcKO;RARU~Js<1#Zfsr^!hs1vd>lG75^X((zCsR60vH2i`Umy$e`FWxGW<dgBU z78<NUPIbSmM1<8t(z7z;x;9pa=+qERP0!S+Q<4X2P&zdyLz9`6qEn~$SI5Vtq)=tB z6zS9`K0Q^NoT5ok*KHD?l2K3HKPxSsw<)h@T$xg7nYxUucpVy#|M<j!l$1_!$!UDs zsoh@G?zD8BT9cNZm6)W?)W*f5y%0}HN3})<liRClIeV41T_bc}c%)!&T@sW|Pm9+y zesg=s>+z&|{81X|SXM~_$v}TEA4<<kqhAbZ^pr`clQeN!p(K)f=XcsUI9ZmF@4K>m zEnb^1Q<v~N`I=KcZ5Bq{pyUi)R$NM1CsA+m6_8$-7q78@OnRCIt49+I9)Ma$O)S-` z>ARG#tljBaO&ZMw`XyAIpc#}LFUrykL_JMKJ881Dm_HafWS#OemE?FkWuazKE)_#C zS(k)gb`xks43y^~`PbV=%#;wPixboq76bg>Ru~Gh>B=t#8JhRAG?}Cvjs9?P5kjZx zG#RPMm}nS`GzMrIWTj<gl2Hf8{f$cj+T+RF^_BBMlZKv5PfOLL>BRPsJa5-m%Ex6S zW|44aY3oUzpKtxK$mwW8Ytxg{bfqg56+_FPh9BK{<v%$-BRw;{zfRpfnQyIsg9fE` z2^AJaGO88kLgU7bSu1TudSV7vyR<m0-dSk_>6dxD93q)Akk<2RR#w=MNUWurGUGDE z8|Bsl%m2SJ!b({fpDP=Mry@)r4oKIua^dOa!nx(b_$bOK|IBjXS>?iYvB%OqLW=k< zPu;Yvl$5g9dYBo*e;mUfXjPaoGZU3EFfh=RuI8S?U2t8sPgoCg3-*quXH*#6!Kl@| z`WCTCvA7t^)@I|ffCMvV78U>t{G;H17c8KD>0e#k%L)HpPJ1~f7(MfQ|HiVH{~61V zW@Z04_GbU&CFHQOe<tkB{z>`O|BZo{`k&qe`yU<w-00GO+#6m}4-)2ZW&cdLH~S~$ ze|bc|ZOk9d0IJCu|D+lzRK}~=8#Y)JD=+_Mtu2#Mu`*uZ_`mX3IuG=tbH<DvH-5sz zNgqs}GIiSY+!-@x&7L!N-uwk0E?o4{;w5=Ymn~nh^5a#j*L<>e-TDn1^EYk&bj#Ll zpKaf<bJy<A_v|(7+kfET7hisL=<wG^jvhOHqTuAI(`U|pbME}N7cO49{N0tptJkg< zegDIan?K&Vednj2e<}X;?!EgD9zJ^f<hQ3K@Z!w=>J8KDZ;0OLhUwpK|G!=TU$*}r z-LSqsoxfrIx7!~a+%h$_CEd{rR|2kv>Q1=S#0<g3Cv@u6Bq5=R5D3HT&h0>S1!&@N z52-2r(W-O$Afs>>+_6z|ghq?|Q9-a>R$^8r9+Gy*O5qFdfHOLk)lQp{OwU3)#bv}N zQ3S3aO}~sR+%O9v<cUk;gQ%CGE{5`{Y=$zaJWv|)523QC9Li65SVWvID<c63RAxr9 z$l*CaQdUN0X$bFcY7){kvWQ3=<0-il-sz;=5m_R}>8KpaPk9*RNQTlSRe3bi>&NRy z>v5n{jMtCP(L0-(;zT!Y+&COmJw5ed`iVH5)ve<b7Ny5|4Trk0u!+d1uB)G@M=pkA zT~bn#g@t*xRy$a$ed#>cUL!q|iNfu9`rrs1f78bh-z`&<(WT!2+#`jQJt%00GU-Bk zXk4bQ9qzRUX~NRAS=!QgAx<ccb;8r0xI~R#dbW_WTSQ=ZGq1)0p`n62+KXnR^)Lc# z0h7SeNP^8_dh`G~0{ww*LGPfG&{ya(^c-~{F8?l_yL2O`VSjK{qjVMgJb*4mnXqc6 zCd||uHw&^j4u8JEd>Q_f8l9pKI^v^XCp?&UW(*(C_5$VhKt7n;C@m5nGaIF&o^oNz zI{`&y^Z5mSHx*4`3lnC6GAP|B4)q)5Qz@AW`dF0H$Gxg4v*ju<vqEKoi6>({(m1Av z3e_0yT6Ab%f*mV_il4y;*LkYXO3ADcZ(1&%GgqMPiZCjJi&U~m9c~}IOguR=6CSHs znlVdnOO%OwhDZx$aAVBFoiX2@DAQ8OEMFB*HZCX2mp9WSmUFaVj*+&^5q;noZfCI3 zTE|i!6~NgB2Y)5=sazjB=5xP;uV+z5-@0c)ebom$`MT*Md{qhIz7~;PedV(5)fCL0 z>+CDpz}E!%c^g3I1Pi7efbVfZ^Rp0dqhvNZOW2@XJWj*R+k)i|g!_4rvKM6eabg_D zkqr|pnN_%%mUK2?(J2D?kUXVDqHL5SkLT>nm|cPuv-7elurQcu1%0ciC4CDSPV%lw z=E_xMDy_XI=d57Pe#9~6-q4hJaE`vVTANtw(mpm}oSg}?n`!0A>x248AI`;sx#&QV z=FG+0jJbF@7)VDgUW&Se_2<0QrZZ+naoh|GHshc<o1(K}78%M|8VS`zd*tI==C42j zz02%j6i0T3J;-)gkJvmAFDu%KY$1>5$3VCVY$w=T{Q>4NNN#VVI2sr5t=nu0W2;FA zKP%>^tH@e<S79{{da#NKl`w}Y8_950l&lI@mAMwW6bSWLtF^c}{|a=6${?G_!!!@Q zjb(&BvQV37g?Z(PKB9cSxJi$i#n>YJIS2~xz(awZ@Uq}dVJZhY8O71uEyCQ5bZ1*2 zOKG8eUfAtE)|oREUn-Nz{{S>mDid-q#g)tFUfGmcbIweuRm4i;N)P==$JoVK13-mT zo~s#iJ!8Whb+%};lTjK+bNQ610VRZS_GZi;{c4Z?vk$lC$9mWrcuNOq<57+{H{@}g zl4D9gjM=IdOvO1c%K~$Qsa6<Iv^K$%%-uuDtnUh1mc~_5GFxvKW_#C6E5!-p+KO3a zV7}BeV~(7IuW?x>m>X7@8?I{GV(Y^4b>-2Vs&2!oqn)naXm6w)tu@6qh5Q_htww)2 zw`i`KotdX*2j{DqZi$*DELO9~kJN^3j6DK1>?`!KQFxXOn}vKMk*5~&Rz^M*@>!J2 z=Uzj}9JmE)WwD7TwJ8s_;VRj%N?3a<VeP8~ohpU96;~*9E^succ>C%<XRPTS^gGq- zg85ry%T#Avn1#-n$<w$-7Oc^I8&=obv8=y@wOY$jzvwvTUcrQ!qYp~$x!Ig;_O8He z6I`)pI5RVJ1~<Tr4Zwb2<!w!NhE1>~9>@L*QpP|BeqP}IOBUzuPV1iov)U~5RS)Fh z=NQ(Vu#@;x5FlU5%j;nrC-f=5cE)nf7R))pnmI>WF=y;8&fzMpdo45O#Kkk(53Is0 zdAl(M#!M|!=HwlwcH%m#NpEUXtO?p!%^c%1lGc7^p*4>+3zO2&Ha9Eg23xzq)^4!1 zTZUj~evIZIy|t3HhR#?wJ*nM>LdNcbN+jK}e#+y7wbhcjVBg@^SAK298m6;hhO6+h z0!oM##tZS4ui-rv3e$YM51XAaWu^zsc)8Lv-bTjxIV)3U)ek#5zX}WUH}^VYKZE8| zdHlSyW%4+8>>U=T_&F6uwxK?8*P1e|cLcM9ZKO2}*_peWDYLvL%_PxYkS80kAF+<z z0>(-Gho_;kIL^s}Il-Pzu%}bFeSxh(*tZLRWvt0vtTU7k*@^!U6iQ*tcaQr^)D~wx zQX9q7*eY7AmgjY^ZO)vzx$3f2L(q?(JA8klPqDwcVNG)LlID#S=5Y|#(e~(zP;^2^ zG@=93{>In}&?V9#*NWvrW+G%fAftkeML8MHQUO~9GZTy<{+y=^Kv{t}?@)QcOkcv- zVo<AoC@;{01tR@Dq+7fyou4<xd4%$Vn27;>P{oYda9x?y3;Z0VzNu%8wW=4+0pUzl zY*%PgU}cbxYdvJhzKNC`y9YW-x*$xvhZV=RQ<%mF*6o+#4q6-MGdE-AnEUJu_Mu1% zRtQi0_9(}V)^^&{UlmV#I^yYECzt0e6wJa;SxEa1*WQA)_qJlTk=D#M+|ppK71k9` zTaM*|_`QRnA?QP+IDT9k#|e9oHM2*b(;mcyTd{DQQ#$FeH&GnQu=f(iU@`uBz;jS8 zo$>g2Wya)jT)K*--?wHx&e*Up><JyQHUvf5vv%Hi#)Ng!w$R!@w!Bk`V=q9;1hE{f zO-6D2xf1gN>sA=#Qb55ZTS3VxAdcy*jpKP;jN`;JP^@e{)C%jB3gg=z;~VSNOlf>$ zzpc)(C7?xAkE4<~Ca7@6v^R=(cfnbGvkAX{VhE!TVdKb(EVd@cMuP58-jD3qNB1kR zT*Rx-xH8v+Za53O<G#X!DZQ&1$+}ljV2oB`riH>BT+Nrsn7$6jX5g<d)YORf!5$@# z<9ge%-uG=-_cL~^>p^=Ks#CE5+~Zim#&j|v8yDB-Sp5d*D=GtF;s-S1ST==e?wkoV zj&o5m7hNaJ*=|O8-K&^F$IeVRu?TvGiF3rzm}7IBaKf3NY@x%MTpq{wOSw4cqHW5t z&p~1R1>J~G^x~M07$*KbZ?vDnr0c=D>X+go8>@}-IV-W()l*w|<EKzr`NA2qe%Tq5 z!x^)>8LJ-YfVQfz{y4JS793j#nl05=E{-2dr|3M*m>SMbkAn=7EXt9`@q0JU3|6Ov zy*n0pD4+ISjx7bHBnoXN{!~lYKnxTA1E`f4CjJ?yE`|AZ+=)*&io<!=C?9XDihMn# zWj8Qm4RE%#ID>Pm&cjF#cbwsEI2UFbtK`oCxUJxIEpElJI&C<%g6gI|#9kzi;||-f z!)MIcUaS+#b#`nq_A8uiim^JyQd=2Z*1ZGrO%mD~=*zK{p!-sJ2W^;99NoL2JchFh z&3WVeSSMc<&)@r4W1TdX=kK%oDYX1L>4CE=)(Q{Y7kXeV^T1l>5njPyd@jNn3FjiN zwH3}P)~p%bL!!NQ;rtmkOgI<WsGK+}m2@uh)svlQ{l@wBpbN_l<XG(>j#(rN?JXas zG=I>2vIp4{`HbTDelsq|y^=Yz-EUcJUMTHg!rbG}9d!2hc3`TRWxE&cZ^1A<7huf- zimX^$og-_4@ol}#yg-_}!hM<@iw))2FQBocFW<k$ar~Nz^^eY<TuTeqQfGy|z!rOf z4YSXny#Q_3*`r_Vm>PfaWhCf6-*)t&7|$SUl-AUYHAS2w(&^cVJWYIN5yqE`G|HRb zm1CDdx&dTU3zSRa18LCX<#fi&T7+{fn&fG0K;9IxREAMJ%AoNqFQ2o)8rRRF*o>a> z7+^!n?`_7cyy*D@>Mg=Lfi;}rZ0{L~IzV9qMZKi7NViv{!-oZAXM$Ss@{H$QyJ2k; z!^9VXR21gNfdhLf4rNmrrTO@0RoGLYk5T!QANt63<Qz<KkA(H8*rLEJR+!(pJvrvs z8~rcU8R^XAaa^Pso=;U^Hh1}vBRr#;DLt=HGS5C73j(S8KxcmZ7{>{7#u{_RtaQ$( z`8k6<0{gCSUyk(xDO05U#&P_3z&<P7^O!Mp4Av7+F+E?S`p~!XIF8!AS?MXs`^IuC z3M7}8$8j+#7E@%yBG1^eE(h&chXi{T7^z~dVNd>?QcU;aw4a%=*m#Z&2Fc4ZisR1! zj;sJO4?xOP=t$!g<ue_|Dm_n(ESFAm3hB*|-Vo^)<<j}_cgn0lX~6Tr<`%3u^e{e) zksVd6pg+#2pw)bx7^i3OtONIrFQ;L?zA_%?TIBaj#5sY=AUmQAqd0FR^G06UE9Ld^ z&oMS*d}vL=s+lWs&c$;}Z|IPWaSAG=^7ye~9LM*q7oJaAbIiIQ=9;?|bH|$Cj(O>h z`Rb0j=|0oNz~4inISy{P4@tnir8n+N!iDo%!!5Ya$6D6_e{VPfly47v;NtU8na*_I zi!*1WJ??w$nDb_=@BF<D%89f#D(e+z!a~Oa$dg{)j-*SmQ=vnFy@7u^h-WrRtb^ze zFKewsB`Z8@u*Y)-Ja5P-d(I%~S0{&Ko?|$6NYanD2ge*-EtqS9@XW+D+^N99V6T<( z6pq6)^6?xia1h$$K=*dx6|^p~&YqHt-2|MKK)0lF&2TOaHwklaS1|W}E?Q?#JXaBI zv=MT*K_)7pJWGCU6P~R~GFK*YZ0IEH`H&&BRNFH3L3gIsxiK}KWvDSP)L28@i|J`! zS=nbGTL_}Q7(NBa_oXHJ(gJ;H4*QugcQ5p%l?kn-o(?KA+!tD6@525SZex(@A3P2F z5y)TE(Sgc2h;e}Z*d6<^d$`aCBu}kqmdmjrplDJ4x9K>CB0NP5mp-FSD0@chAU(G& ziz|@oA2yR?yFe?Y{CxjdGS^7-leal@^>V`ap>YU8yWG$&+#73!d&y<Emz@8~d&zuE zJK>&mH{;JE{J6xk7@S3%VFUi$!N-9|xy~rp*$dBTYMSHzV+)?$e~M>v`OI1??EQG$ zz#RDgGw1gvN&oIEIkpkBPt>1(Hi-GE$}m13_`r68ZDCjJ>F($Ycjy88mfGTrH5?oD zNm*GAG`8?Ng;ZCU4II;eE{Jsr`Urca)IZfXa;y>Po+#r7J{jaBjcF$(o^O~lCof^# zQ=fjBk23^F%44|+=SPr~hqJ`E+z)%&nBdInz&JI|7g(3nShv-ff9i}%#U6!j1r-d= zT8_q<&K%<m=w)NzEKQiDm#L@FUn|gGAHK4`4AfuL-VCg}G-fxOc?$Q(Dy+Zu%ziWO zk7*p8v1Tr?p9^f~67Enau4$Nmu&LaxUM__+yCvK0{F-CKj&Q7@Xa`I2S+10R<0zgn z97DU2PFOzuUBtBp(R?FxaJ9lZqQV%pXRaAe#SVr1^CGQOUSR>pGEZ_WPF`QXviW-- zX^K-E8-a8}zO5LCrRy6%4>3k`7$cZB;(RV0D_2hAJ|470EMJ)a;+(}87sr-?bHOt` zJezaT;T|(V0lS$nmqO}GJfp#SZxb#&f#L9c#KI5p{20e`L!7?^`^$9V*I(gTh1AYw zmthysc2N)aCf2O7_xp;<Tz|!@p7E&h8<;~yEBvlu$0~Z;vWnrZ#X?V&t;0#*b8G?V zhFGS9gBf#xt`6aNBB!;AmFgb$1IPA)O4sW@D7V8+*c&93>t2n1r?bag$FuVc;deSZ z%VP-__c82W*cY8qxARP_4UKFAtKwO8#RMnxyCZY*x7&=fT_Jy32rIis5bWlFzQou) zWvz8@YTLYqPQ|KXzp9A3T$`ab=}EnqkJbkvAI3Ul`0-A^fqCIKFkz4J<jm=r_d-z) z&yBDz<DNjvRj|Ud8GBX%`6^^M7ODz_wg~cDe|OK@r7&TIAjyXAPB=$lu9F?08WVoY z#P67xZ;oDKxsLd~0&R2LY^Sx2wF%?%U~E&Ky2#^R$2!p6Up&o~{c_<+&mKueOXXI! zVU=|btTN_MW$0cRx>ug*Ug%ojV#phA0tw+Nfe*xqwM<xEc3GTqEaIw}u<bHA-FV1A zE>|Wu8*$l?a~oWix5EeE)sU0r9e}uO<bB=spI=<THvjp>73}bzUtGZs|M|rg?C_so zT)__i`Nb9N@V~_`ZhICMr%MXLyKjNnI!#(8zQ&7UYzZIRE$#iRbe$%GJ_E}{Y(#Kq zRJ*W{#tA7Y><3PK1CIZYgt4V2!T5?OC_|%RYzU?K<GZvhe67<N-=84wM|^s_6nr<t zYM3Bh{1TFK;n#MKa!TGC*Yf$Z@OfXFBo>mumI|fvpEZdu*WqbUP;yF&n6FEg4mJ8G z#bw|lKutyz?#*6G#aDe9$^D=g-h?A9B6JDCacK$UGV&`$1ZmBeADOI6A+7Bgud$>U zejN?W)<Qn8?E9Yx6quF>^L#`3WeJk=$|x4fw@#K+nrA<?=~W4=sWMXf(y8>D(fOiR zO)&!cJ)r!Z(i5^$G-#?uv~>s<#DCW)zIzC{G-@lo&lsTTABV5FLgUgBLjo9kR~ea- z3AMY&rQrR`dnTduouAN2%!ksDO-Oqrr12g6q^wrKc&MQm>2V3+noNAq7!PZ{3)`oa zh6A&sST$L%x9i`ZzRnxcDK2v$W1sLnYt-NDXTCh~!zPrkmU6dCNWjOCnRv^Ux2p8% z(+p))MzW5#0y`!2L_(MTWE4E=qcE{y^obR{YpWM6Ns&>k6F(A$;B&LoNPO#xS4}(N zEnFeZfyR)Aq9fBI%0%F|hX#0D1~10v@@M`j>6sdFI5k$5Nk^tjWiWP<+Dbv$JEeX@ zq%l}a$@@8F{S@K&$d1GqTQ2Gv$$xmq*iY0NA%m<8Jh_%eN3s^V&a!|k;rm)iqxX3$ zr>CZ3{Dvl{q1`R0hsEBmFWDEirRHR^Mv5-@kWd<Y&6Ps^&Ad8mvhjkdcWF2%8J`fd zb&{6p=_yH?6m2uFh_pCuW>Pw2!%=gZCIcVsi4)0Rmyr@U2(z29b<`SJw9v2&_9bac zUrhVsYg$PO=Bp4{K@E(HHf1rqB2nxpU!pLY0+Q(y;q;6lkX*yJ|K<46)N)}#$&}0Q z#k<)l8t9C1h0k_VB2W@mM;4;&mX@JOOvZ4@h>A-_8<LcSm~#<W2~sq|JHzZplTc0E zpqH{UwGu6+4D=BvnHuBq0t=*pS-vVZ0plPOUk*xr|CHJ$n!tDtr9iSwr}DaVF&^RV zGD`<!zSwU@3c*@iOhTkDm|to_$H4H;fuVSdnKlA8o9rssPf%0T4@)*Xfp$?dJ89Cg zLNLAXJ1a>GQ-dNIGbwvRIt1TGQ-4J<g)BA-KEVZV!U6c8Iz3U63d1^|3Qa9dXtqi_ zLKP}MK$AI8m#&rKrj%(Ij^bHglL$>(LO@C)sZ_d1R_AjHks%nGCq><*QmV<)8LKG^ zMPf!ou|&Sq(&E?%gmq#ig2XUc4Aroa!b0(3=~&U)GXEq^{J`)yd`#?@rPE=sF@s4& zQu<&?hf$OxC_O$4(&Nfn6`G!w7^cIHmxnQn&%D!zh#6{{pkQ6stYn?27hA&ulJQ-) zE<UMD)5|828F6WuDVU&=82g+H!E7LVm&t`ujiteLW!jh4f0?6QAS4xUyrXCM6-Vl8 zY?JZOx(2UNX(6mO9~K5qS?q1tJ}XsdL?#p8nde8F4ZV3!3loiCaliBL(kURcy)+)T za-o@Vow2jyi-pX{bQB^SQ9h%1eo0G*-+>{lE42o`sw1-cwad~arDK}o{oo9)Y}}J0 z>n@^HNCK9t<o?N;j51-~9uNxEq$TQ-!tu#6hA&1vt#{>1_D{z*%uElfVn0QtD4MM# zjc7;hq=7$zA#4MML(|g-W@)Kqu+}_^;kOmWJ}pZ{?o7P(Nm;3&*_48Pv0Z#T)e@eZ zn54^Oiz$}O$gjM{Y4A-(dsT!cgT4-zcArpQZy}CGNlM%h(Zc62uB0`OU$`TLZGMtT zxP}}n@Nwwz5eN&bkW32kL(y)U1KrY+$vXn`BROGt<&PKGgN3mlnLbdH26Ny;m&~MO zoD8c9Col}nc4-O5UBmX9pp!FnVk>A<k;XQi{<5hKOc%ZaI)Jcd6ywi3Chw>jLQ(bk z7%~MSSQ3T0W@$2pl;!D7aWrbg9Bn8pXpWdDR^5cpAnG6tI{a$KQI-h*PH}0N3Q&eU z<43e8mMO@=dzj4PC{DEY10lE25y)G`s19tF{gV@;SVve4$2h4IrD%Avc}2We6sz=# zQV`9)5%)P!H@1`Jb-DKRz-cE9>k2kOe#GEg0wdc;u@T}LEefFA(PSxpmlWfugT(Ef zY~L=RJ8mYVS?kJ0;MkB7n5~J&>73Fdf&)XPO~zT#iF^<E4bkBk7L}Z!p;JCH#c90E zrOKVMbCEFF*m<%pztauDk?38152OK;rKN)tJal3whY4}|$IVYXKCr^}4srg3=uW%z zYm<+dV0F~MhX*=0498JA%FI)Q>r%Q44j#It4aVsgU(8UPFr$M+zZ}@;>1(V>l;R(! z#aC5yDuQ1J_)aE${liE(7D0SFe>@F!BE7o=b|U^P>gCrD{#1mah29H<Clnl!#G~zY z^rk%AmJ5=d;(aM3%?Z|qLi~xom~2PiGl_R|8+c8Gvy!kj({A3H<i+#iT+&}?W?(kE zPx8k1A?@g|F4Arwp3o8A`uZ~kCU=B3IZf<1vc2riY$bp1h&ZG3?h-!MpP$a~i>%=1 zVVEWZ{z`DfjfYjS7UFQ#pX?Wz96wMjd<CB`Tq87Oq*5AAk?EyljE&{nFWd`~-RH`} zXeQ3rey~MWCT^TlG=5qA`(wFc?4n61X1rFoyF+^~%fpxvt%VUt_luDjk&y5;j)BZg zs)@f1<L?k4^RdwS<e{i_yl|I;0YlC`+OZF1dWpBc&^FgdDhj?r1uK!VDDW>`c|In- z97@O)Q7@uaM5*v#F{~1?@EsxFb`d4HiDEcb#JVCrZXw7UM4T_8lutsv7%x0k!S^vO zg?v(azQ6eQc>)EDeM@=Yx0J8jOsJo1RQ|#n81yb0Z$E9YfGV;4SIJX;ZHTCMsEFP| z`BYZ<3vacsu+D-U-rwTu@p(&my(q6NU$_{~_Y=y^742I05A?@-T)ZB65ds!B7xaJA z^3|d~Qva4$t9<{e0*%WrpRc_B=L3x8@u`K;RbD=?oV?yhnz8cozD<Pk%j+R!E3bcc zx$^%=AD?paN~vHG%j?6+$?N|>zV2J<f8PJ?>^Z-j{2%EbTTcED^>1pdPr2s4)L*O1 zjn7M_#yQH{Q~#FoVQ(pa{w?J_%gGyS|MK`$y`}ukw_G0%y`_BKTgv;2<DvX|Nb4!B zhj`bLUw;fe1XTZlJl?b9<zu4-v=HT`^;z0qq%hvK6xKHpi~WT0CZ$XEm%@0rl9$K( zkvyIk<;$-Rl6<Zx=Nl`?*KKWFeqJ5paIq+dcOd!l5B-5Y`J#M*h}-`_9`8}|<+A<) zuKpu=Q4a4N3i%|1ydmc85!xq-OJPnj5GAOj)Yl`~SDxkdl0pi}6a9DnXMz7L@aHYy zwd_ix1q~QG)<=D+|Ctvra>oekfHW6hh?gFpiTsn7RG(Bw`LGl(Vfpm(VM$KH^67sR zmhwqhUS5iquzdO-g{6EF{*iq7bSdBebtJn~07?6SLgeY3>IS0YA-*D@uTYpJh|VGS zvVcE(5K<f=4R1=r7gVKbR4(Nu#Me4}9ki8E9KI4@c)gw{s=FG9;+umg+)fPpi(%aM z^LfI>_y`fBfK+}@5Y>$zZ1{3gfohNz1a~9wb}Z;h?I3wQh;$w;Vh)hnG6qEHV?m_P z3{X7~Tr2S5r9jee1&Hcf1tPi6K-4CDM$f0815&yhj6(JyqVw86d#PS~3H7R9d;PO| z{ZEztdS_>X2JK$!J^Fu2!+*Y>*A4;k6#3dAp#JA|`xk2X|9nWq=85+|CQ5$!Sb+sP zHfKmqHPMtGUlEw4D+L_Aq!1nq81o%T-VE@(5c2z$Us$fDz$>oN&xJ@|5x2gfd^=Ho z8{|(cD_Z8kzF&58S?`x>C@p{FQa(plY$#nX^u3^FF&740@OoMP^!e`!pTI}TNFk>( zOlbdeoTEtCzg!NkT=<^~=B+foPb*)~znxBY_&r+~K6#D)orU<^Z~;}30{X5IFkfu9 zRJIhB#w8tZ<+h-`k*?s5LVjt_a}&d~$I^APgOE;pFkN9{SX`u-n;51&m9Cp1g1n;; zWCk(pB!+XvFr8WG>LG^Rg&^}3!yaPzaj;MxKE>cKgBYf>0$uaPa1|lQvc+&!F{~29 zYB7Aiy-;2?F<clVgsY2TUoo65hU<!9{8YwYZen<-7`70@{3ND0F)SIoI8Z2G$^E^E z>CB(w@_^JgQh(%z3iaqkWa79n5$7jF`75@&AQvrS4-q3p3==U_#9$G9Mf4HTQ$)3h zDiM_;KJF&eb6><_5$}k2Q^X<>3q`yn;&~Czh*%)vQ4tS`Xb>@9#1$eg5>YCDwiuow z;#d*0MbwHID`J?4!6F8T=p&+9M3sne+hsJrrTN)dGQ5cSp9ppd-u3t3DDjfk4_XJP zPH8=$@gmK6QbDg3(u#i-)`hT$NQ(Z`S6IMb%)eH!L#~MB*Q@ej+GpsJka$`H-UIal z(fpkU+6p=Yx(9NAF+4$?L8+o)q<k%rPWL8*L32S{K&L@>K`O{L0d)eUi1`rx-}P@= z01KYvLzEDotg%DzCrUUBv>m)2cn?J1<jZ}5%KdrD{e6<(&-a|M$3dRZALI+3FaqQW zo=^)?gD0Ho0waJYgo_VWgnH$EKFQx_xGUbDgACy@&}#4nz%JMXi@=8gw}MDdxj#?x z>)8?15I#5wAA_916F$QR`55vH8>0`1d@T3^zXAnAM(&f7{CIX7fU%2s!Zc7cc)2gm z1Bk0J5N$v_VE||yc)1Tw^2HgL0zDB=xDIp)JmFrEm;2fzU!0%f244+dmxKpFD)7ZX z&otb-4=~{oZhd)P3+$N={UH+zoC6}8<N;@Cp+DM~2aJ6m>sJP3fDRdG3*^<n{-7lA za2d?<GchK>6Nc-crxx+R7oaJK#~*Kik72wu3O)?DMdS^@h(UrrvA{1uq(cEPeK2Er zR6bDh;Ym1eJlckM!Zn~R;PZi!uTH{l6EIHT?~+gtx&s-)%_2{DS>y>VCJHiy%|xCs zTI30JBCiKZzCH<qCSlB=F2X?|XYhoJMV|1u$P+qzAjqhJlK)S_gP>UCCA<p?1y5Lg zvcMDe6nVl$B3}TMe1sCVnF@O%FJbaD=nY;Alze~^?w$dksE8*l1RVlT*m@@H3105& zQ|^D0d~?p2i!$L)lW+kj0X*Rr5Ccyr`T8W3e1sCVT!8Tj8N&4+VSIuo?6p|PEBDt) zemiql!!D2^yad_;z7QC^2K@zI?t_#3bGG~h&y+B32|IvFNCx=JT4Bx>1H;w{JmHBA zjMasF0dU|(%tP>6pi4fM8SrZ0S0I`T1;87du-Abv2Er8p%O!c>IuMQ9eBh?7m=B0I z0Jm=wd7$K1lkk_F@G}WtmxNZk7`qR7!UdqC;PZeZ;1kmqGIIZy<RdfiAoM{zVQ)}0 z_*md-&?4~pz$YM@@9Yb_Nd}_zN(~$dT0vz3pM%IRF#D3R4WM<D7r6Kk#s~O3;P)WP zTMT@1l(7QDvt#Ig5UmM%pzU#im;1^jKbmz;z$TC<^aB-w4+HK1k!}WH$Vv1UbddYc zBtM#SK@H)LlJFMD4LsosktcLMCBzdx7I`{E)H;Lt0(np1&U2Vk;0?g&Z_#()V}a}< z`VKtdwo7O`$p9C9C-8Z|FF*$oUjXcPMOeG^z{jAYl(!Ie0<DJr2H;%~`OqW`x{7-< z@Pyky=fN9*w?X79ld$qNj79K-itG5c0z9EFs3v&A=^zz&xz9`ThdH$fHbgw(GLQ~@ zKCs>o(4X=GuiZeK;rp%_c>gBaf_S-4OY(QQ_gBm##1ozdT>>xnODXqTNq#LmJ%OHa zCOmcnUlTlGCde7Q9!UNthl7{<p(KBlO>on;9r1*NL9<C7DEXEoJP4}W4{IPW<vG@6 z@Pzc#<0j-iaif<GqA{rjW}3ji7G(6mECqc1VZQ5um*BG?7V&aljpXAo0L0+uk&t{z z-h_<Yr=;9>B>9z`30eUe!u6op;0X_c#)2;Z{s3x~20H_X!G8|zae81qTlkYgU2<QK zxrno{gO3!%6K)0tgC{Hk`G7A5UbKflbMU!13>SfDp2~eXlE23<all>;8NxtE$bb(6 zc7R{T-Neg$G?K5zB_MB%2SW1eSP8t`za#m645<vCO2|t%6jTVFa2<&JLgoYAtKj>8 z;;VA(m|C!T0Wh&T+J$(z&qngy*a<!u$0DAPd@}056H2}r3H#KB?>@v6&H=3hpAQ^b zN9<Fe<a?2DPks32(wOjg13UvS_pK=Rt4RJ8$2aC!0%Qp1f+E2aZUzN_m-|N~--#DN zM-fjr+7mu3z!Q=W!`0yBz6|C54(0w3$yZ_^{1>YFW32}E0pYb&9#g>=qa4EVphEC+ ze~0Av@F$QS@`MiXZI}RF?$eO`9d?Gl!gYuzOa?6iFZXFE_h%^gNhtSYNWKgG-s6}v z`~VVm04c!}Zf^zuFDR3+08|8?@D}I{c)9;U@=f?HC>MDNAA$7X<$eRn|6mTNZjuR) z<Zn;~Uha30d=mZ&DnwpFT|3kbo^Tk*0A3H=58}^?z*T-63q?72PmAUF!&bxt?*_oP zCU_RevFV^(@Nz$Za({p13vhmW)C(EHJWv66!kr)kc*6K#i~;a?my`7m!5oK=J-n~U z!b3Uc3tsNWkNo*{!i}sJ@q`wgF-O1?b`W{IyUCowpc~@l{`bg#U$w3rJCAt6aL{h> zgd0FBz{~yR$$jdPZ@ulH0PM4bCqUld3Bx1M*Wd{kgGx{i-qU0aBQZ}AFZWX?_hTpb zbtm_QM}G3UcSkwMOXw7ZISZb!2IvxaLLbmk@Pu3sj9c)8n?SkX@vat|(i7_^{NKs_ z-jPqd*&r?A3B#kYj)2FzTC8CoL0<0rj(p&yf$||kI1#i6JmGAS&jU8?i*+3Fa=&-v z|Lz8;81aPG@NahsJfWM&%YEFD|GOxV8b0#~CxdLj<NYo6PAqH=-WMqOy(1h93PU{M zT2L$Scpr<M0P$xnVE1^8VZ_UQ+L6Dzd7wpzCp-e02wv{vj(pvHmw<VSc)~*(v=Kbv zJy1S)yu-x~fK>1WC-)sE_b*4j=k|hzLx%7?C<Q!WU=r3(@PtP}KHv!-f@*@7`<f%4 zbMJtTBA&1iv;{ojxB<f2o(l{dDDYvx91!iN=Ycy@ggL$&cpXIcDFXVZ3h@EJ_eEX@ z{2D|uM}hZ5{ys1&O^_!aGg%;#$p(H1x(R)X-sjlV3_&IrxFZuh;&%h%bi)3-C<}EB zg598-4mb})dd>&#8jQIHemBs42>g(PuLNufBAFDRZWwGh2zi0(5g5;iCu{>E8DHSU zQ6TVyyFe7b8`x5hwG`*=R={Kst$QiJl_I|yxJTsA1Fc76{X$+FU?7O*bujRe$Ug?= zjKLhF@_{wR3T4&=-UVGk{C!}^c#I|Rp}-sv=`$ACVFK)sj(DK?M8t!)04|<{xd}cG zxEVxt-U3`Y1v(&p1yD5=b>aB{;VjT@#Lou0PZRh`z@DHph>r%^Oou+;3CDp{I@kwz z0>rQXz=OHivruLMu-6Rq1^8&-6%f_+7+5$H{Q{n_<}AS`gqvoANBkC`=^XSmcnhFQ z9_#~N4Gdh0y#RbL@EC}mZ@4YP*auM?344e<;bIW!mIw4&F6iJ5bX^HO-$!2H8IT%0 zVZz5k{}NtY4gC>+33%oc*pp;{B_OJcaL_uz4%^qmclidPE){SbC>Qc8fQLaOe-t=! zBj!Hh^+095(00PQAkvet&nEOWWMY9=K@?vE{BASWK8(FWVErv96Fm9ZI<^)0!509R zZiCL?R{*~SMS{Nsboxvv#~C<}c-U<|(E9-PLC8D?wmvAd-4{4P<kerommO##l>_|# zE3^yzO`z@97~9}gzz7hvF%mczL^{t0eslz52{L)W&p;%z9as#axj<O=sK68U75PG7 zwPRR|khdnVJ;){#{SHh3Q8`J#7AJ(ZBmmEz#6AR>VqmRPXcu@-U_TJ)lK@nm##)Ma z!r362M}#fUV9!H*0&pdW%3lpMh&<uLvuF!s9s_gFVN8H0)Sri*;0Z0i74&fi#)3)^ zPv~?3{f+tJ4E!2IbLS{<*hT1p`;_6pE|-M(FyOZ!ioXO5zYKjK9|_!Cg#HD;1^E5< z97_U!6ZrH8%op$_z!^6Ld(H+PxrsI){wT2OkAfZ4!08}rdoFPBZNx(+7s&ktJL4Y5 z8QAqM>IEMOyafsde+St80p=L^9>A+0J@_Kv@kg)=_yVBYV`1GOTo0o7eBirJgf+Ys z(BU_McLt6V`Nt*L3!Vu&<O9!u@{rg0IrIe4J$^PYg<%|lCxrJ%VSNVTZzS@(3b+YW z0GTbo<|gQ8*fSESQef@G*dwf~#Qp{u!Wa;ZlUSh6)PyN%j{qvnQ9pPkp(SL&^9Y`7 zSQj`9<b(L(K=Q#D3|<ACX$Kv_&jua@kv!oG3e&R-dpvUo(RhmmZU9+8hJ3b?UsUgO z0m+x?7R&`g@>NRlgmpxoko<#^3?cdcB%Uxw<jMah`S7H8Lh^@6JR$k3B%bh|$P?N) z2=U}+lKe7~3?cboB%YA`ClXIcz7k0{Lh^e^@r2}ika$A!V@EQC<mZog!sjB-{=5Fr z0!m)Oj46P=c<g5i)B>%6#Xvit1*WD7s0QL^7Uly4@RyKZ$#5sk!Vr&<$dZ6mo*qc) z^Iwv;WBn12ElQsVJP%9)V%q7G0d;``fMLLaz-(X&Fb|jtJOoSw76a3PZVLYASmq0S zAK@fm1~3<hpD);UAb`IFeX%|vRQQT`4dN}7ua;N8Cf?^2@$@@(m{6Hfy%Zn&nt1JN z;&~(TrQjJekNEp8U~)nD6L9!@On9aU$_Gi8zzT8(1W2v`L~?~7=@M8$t{4H5V;BS^ zr=r0iUUE4#;z`a^l=FR!T$m^qE6R~yUFnjSrx)dNMY+6J$Wgw0QO+RB6}(2SP?Rec z<@lF+#fqhRDG2wqd^^-YYOg0yy5w@cqFk6L7yBAHtth7#<#JykNBx#3%H@l4hS$gy zh;oIZT=8q<n7Pmn6_DDY21=LI4yxBvl=Btk=+CB0mmo*Ja4|k#6R&+uydLqnk8qAc z-XftO_V_8zJy<lPaGs5Vt*%uT4)#*8`hI0$olXJoVP#=MmV$p*K+4~6u!6<P(x+rA z*bh)%O4kihFf&>D@SzI!P@X<af$!wY<hKl0upY9o%}C>L!YBosCQHAsSFo9~@WdSB zaHX*d{=EoEpOkS5)=MUTXuN{;lZ6{jRIs0A;YuGUSOqMeQhx6#3U*7DuAZh~1+sAQ zbo`wnnf&7!3WlR)Y5t?L6l}XJee7J=7mKn~e!&6-J1R?Gv`E1=$iksZ6zsV?yiCFN z$ig-&6>Oa>ynU5|U6O@of1-c~in98`)+_k;K&1L(Hz-(3nZAoQDp+k<_+Y+*;b*>5 zeYKkuY?&<Vycy-o!UYKD$nr;SQQ&L;vix`O!lyhu_A>>%HI=2uVw1p6T&4AS?ohC6 zvas_`1@p}=OONzYGM^b`;VB1{tjC11a8U<S)<%}UW=B)DNM;X1CsU*GQ5UlO9t*^2 z8UO#oi?&z?5M~wss#0~JEeNeHy@<C0If5)pV+Dq0b4^eW5N(rTpo$<WSGp)~Q;;91 zk`yVRa}YcO{eoY8@T*PFpYS$a4C3YWqkQvs;Xw|+)G^wwsfp#TiqLBw^0Pjm#<E0O zMbMs(XBivtEBKM1da`sGn?w1#gBpmDurhOp$C-S*J%KbG<sSrkP5!uRNQ)5D$zJG& z3e)i`Ao7kw``*8UxPD?fp!^jh&kuXqqb*ag^h|vO9wR1^mZ@%_*VJE{zX?trEwK7t z73y|ghCJw>*y}(^Kd|L5K0lQoh`;D|2wwQ0cm1yrMtKZ<P+I<L>gUT(z%S(ZrJM3b zlfJ$nu`l~l{jbv>_8Ne6oB8m9guGMGX3J#AR{)VMu>;2z0egY!gX9;DKa8o#_u&r% zeMI(ln2We-AnJdl+qJ?U@Vf~<3*-l~0ZEq~RP2H`K#=b<P?gV+Ky^^LbU}ZI-uP7& z<@4jaGti9^gsb)<oGgp+3o-I``Vw)KL6%}7pweXgs)=+O-@VaBGnxnT`pZQB2RVA% zkmx!r{pbehE6@bcJdi7658uIW!-H`)ek9PZzyk+_Jd}?np&H~1dc$=FlK)-*S>S(* z1^h9J6G1Vco<@jwQK4i{dL<Qeg!tw>k2lz4ag;Yp7H&*}Z*lpT<^{voLnzgYx0GH= zm+Hq?cYGS&rZAFui^?G?)GxGuI4WKsmKkGICIXNZ+D$qMHp>DM{T=m_?a7uxSyKCj zddvDi3YX~;gD7O<`!5^}mGd^2y!}G|OXUeD)Gd@7gDB%ZdUgEU)ZfaeOsRab1@ZF! z7ura+H@1g74~|A}*?t<YGza8kpXw+ZcS4zIygrgnLY&n9llio=zI*fbOS-=fsZ42{ zOEQ8TVh}_U-|wUcwOfjNyZVLkOzoGqk;)?~o7+Nt^0_bAN$QWXx%B4s%hwd459DKz z>ZdS`YpHG2SFav3q@SSUo7XSpk)vc&<2d6nXRNniH_29SUOP#)LVIZ5Q(L9=B?eU^ zSlZ^Yu_)I`kdgX8-Y;*XLG#jj%gQV311V0bSL$mazHIF-8$&Uq_#0nRxxa@(e@Heq z?uS?9d*jM^!8hCg%KAcDFUdx)-Z$U2{#Um_T6bye%llRs`|>z>eqp}6jRsPCsNa5n z|0`b)g@wK`&i6L8m#rC+J&pH2p?ty4LVe}u$jkZuT>aGkvT<M5-!Z7xc+V5`5aI>> zjPt!+{jXlj%Jx60z0&xX!ewK^SU<AW+gyzyPiqj(17i}}N$Z1<E`=qO;>+iIo7(@A z{m%mb7c77|^U_sfy6(!e2e)24bIp74titzIpSk$Fc=llWk`lAny)R0N+CFc3e(y7j zE-zl((Csa$UoxuX%ZpWCJdb%%Vj5QU+5K}@p1IzSdFC7$^UUQ;%(DkkS4xy&RbQ$^ zjG*Tfo}gIJ|KaBp^bCzi0itJOgi;(>o;MNWDV=yq|0|bNK9wbv_h-u_ed(E+69~^_ z`RB`o^nB1oL<)O|JUw&7GsC~s2C@UyNo5hy^FV6HpSjGCiFBvo=mYW<sV$I53bzJN z&j;xlB0VGgv-MFv(wUyM*9KJs(X)GM)1SF4kcn)Ir-BU6N?9Bz1vCgWL`3?D9nVQw z5Qy4|=imG|1H9EmV}yP$P=nqBg@9Uus(`2u{>(-BXspn00|6k?GZQo&glEod8i;=C zr{~jD7uk#K_qO&Y-Kj3J74>UB5ZQ%nM!&Dfo(m)N#+RxE%-IRgvD+gHl|$ns4m1Vy z5z;=v@S23;$@XfH1Bmp1KEzU2{2q}EKUZkZke$%a_G3^V%4RvBUZ8p)>X$!psdnLa z6r87Off|B*KtZ4`phys%^}RsuJyAG~H5#X)?ti3zsqU1A#yFOHvqapd;)!*oqX<*q z_5uAB{rkgygYhL3sQzXAo&;U{gOWf2-($LN#F8`%OA+d(Wr&s}Qswt-PHCh&$?@~V z9!S4CMB*okA7FNrUHLS^GeLbpe?fobF1;M8qkB<yA5bXBbOe%OK+v7WJpHuc40;p0 z^SaX<p|z?eC=_4!ea+a1D0c;@$~TCEUH(q}Q5vgv96x2D{AS-FkP7MnY6!A^GyO~L zjxom1Nm^U5F1W2_Yy!&t3baAepX~n^#}7&{y3~7w=LYppB03p_KIi)$^XpCQPx|xo zmF74NIQ+il1U&~q=g&cBLF-BXQ%IW%qV?`?8b2tBxqpN)it?*{fdJ+j3kQkiyMq0_ z@l&chtu-X*jkRVpmP*XmEhzIi=ro9a2dsPu>9qbtf&NDQorYtXNBJ(xQ7-A<6-0X$ z>`(eTfk@Bt^OxcrLHvBB#70<a;;}{D5PtJKf-;YR4uR%_D(`?yCP-!<g#PkH`qLcd zf7{idIND$8fGl6Hf2r;?UolVk`Pv!fT*4NDvS`d71sOn_K;uD`)<KT!L*@U?_UH9q zigIB;{P7Y&AM@Ai&)c2mEA0=JLH>-<Jem$Y4}!?<dq8tQ8E8{7&|?|o;y`HUKc+vG z9}KDvg8sC9mLET4dw#x}0cn8YjN!h5u~DMVr27HTEKr-TaAZpo)@HZGkc|QT1Nyf> zT~1_wDxb~`)j-g%y#Ay+wTIu6sS}!FzK+EHhxxh<Wzd+Rv9lZ$bOl4u7j5f~BMQP5 z7C}A+^bhFY4CSjPiRF|2YEU`-OUJwdX?7rtVS2wL_y>51K>n{q+6at!fOb+}qJP{v z3G>V4AJo4o>a>&g-q+~Qk9nG}SeN+mg?ZBCH2qd5*qqiIdS@XE<dy>&nirTK6+*B# zBF_0A)Ste%{yqJT=4&PB<%cuUr}#@Z$hRLv<A&zzSWu-rq|^C<)+Myp1@no@|2Oof z=}FsC`T6RUi(4J&v>QaaOY_we^Ob*Rh|X^`&Tu(F|0e&U{=Du=QUv4$v+5X&#eAjx z^;Pqgmm_%&gv$~7)AP}P!~S%fDLoH2z<kA=47wq_*F)o-=4?JlK3{3xOS)6`e^Y<{ zo{`2ejc2SQG+*gFOlJbJ{j27yTz5(Te`Wk&|B~;o6}RBMD(EcjuY19d169t0oNT_* zFq2<o|5E*9k@63mA6{C2s-YgTJ56BhuN6Lo2P)`F=V3ZiegUGhLHYSgy7T)pP`Vtk ze)8)N?Z31q{6qTN%h&%}sD}>!*k2v6ziKdFX@4c%Y0R$#wJ*f}igi>zUum6vN&gO_ z{!5XV0O|_D-uGwk-;vYkqVp%&r&NFRH~(y<35HJ$hCTMzwMeJ&PG_4>LH)45I+89l z!D*av!daShr=zs|a_k5*AP;}OO+-pK=x^4a%IEcuMcLH9WLIE|Q}CREG_pC_p4NL> z_ua-JT@A7XmDBxI`t$qma>)Ke`t#=>j1&G7m{=f4y;V3Hkj)D~G;gPYs&7PkU63sZ z`>QnONpFe3mR{7q?;@Ye3PdG?B0ztm{asK#oj)B$qufl;5cD<bnu0j8`8g1+^-Do* zuOJ<Bg1_-nzFPP4_IJU&YJ<ELK1RM&P!tGz$=@~p-B3QAZyhI~%&{mIx@SBQ#>{2J zp9bZFdST34wucO@N#Y(Q%~#3pgyrY2EBck5kJ0l8{+-pnz{VhY&hl3;j9m}dJpko9 z&O%}HaIf);FwQR`?i&z|c^$}Q5Yojn<*UZLq`Q&+DBm6BcSL@-O~^kAM021S$R6~z z7s}($1Li<F2cuGtDVVA#-yQSI`;stDXuO{S?E}#sRcR??X-y@Yy=Kgl{?smh&&Jr| z*Cou6N*@T%CEf7cl7D`f1@r}ZfJhILrF?I4ku1%-N}$>xJn!(x6P_RTyo@hipz970 z%~i7d43Os`$Wecjf;dw;0m#M_EKj`dv?h^|8iaiHk7K<>IaQ7!yaY56M9+ZU0aXQ2 zA=HjHX@dpiXw8P+{C#dOlz#$$!xiPv0?`~@2cq?!bPu|PJ-{EbE+A77>Uh<dm)gPG zk^<CM?}0jFx}U}S;3%u{b%e2xv&o=zPz2~*P*o81>zn9LV}|70fV!dUw0On+p|GaY zGmgoish}KC=ld{C9OR^a{sY}fZC-z}eIrm12+ty0KM?xY>mtHKK{^nvqdh@n8yW{R z7cegW@S=XAn{q0@HTra$@a&W9qXlJvQb05xoX0?h`ijQG8|cpKuYjx_s4A!_x^1p7 zcl)9|-@910LJ{9qq?W)Ypo$=}>l@hLVF<=9)_dn1Y#~>LcP1iGb}vx0h`~UQ<tUF7 zqV~crzc*$`tduY=Rl`sR*38Pwgy(vlP#)D00&2Jq%P;KWJQil5J&?vF%|~%;g8SXe z0cF$x)dn>Nd4rmRX#b*TSoFJv2hB5@=hUCD3C-2l&DT=BA;a^7u}-3lY9Oko9;hLx z5vT#E4yYE$734_ci~5V~PV@$ssu}7Dc$pj!ClM9%l3s5bhlcXySAV@Sk`Awz_%G!@ z3;bt+|19utSwMJQh`w*4>v!<6nErUwi(eu49MA9xUl>NcxJr2a#S1!t5{?#;6Yx2Y z_g*|#Q25@95)mJZSnMRk7dI2IFq81n3xkOIdqS8KQ6b=Sa{)_4d~7d-i>r#*R=~nh z0vbfrzu?37I01_l0v4J>b<_*I%A@^@LLRG%*j7k4w0&`a;?aKnDEK#JFJKCU`Rna* zQdsBqwpJc=rmzhO4hWaFI14kxL}#q-&zPEp1hk9HUi8yPLvm}K>-NK_jdM4wd=xmh z*MO|3BNfl5*xk8mUtytp&VtxU`$BCz<F#YW7Zxj<ZENVyTI_FOqdGsf^8CQ@YEQGH zUY>3_wagA=JG7YD=-bu1w)VXB&3BVgOt-;NXV*q``{h{GcTOCcRp*yuN26{ZdGxdE zj5$xd?tOpc>tVkPKJnz|9d)Wz|M#znUk<v$3~e5_DRhcA*u^^Etoc<---<uqsd=&g zlhF1b?dqDe;>f_WgC6CV^sm@s+*AGD567MOr1!QLSAwowQ(ynwFl-RJZV28SG3Uvw z)a=c(uC%>4`ssz<x>?(%O<Db{MzO8!`35(1dY8N(JMYM>@O=Hw5uevC9&)<CURiM7 z{Fen|AKfvjeb`Cg_fDIeKP7j2GU5A0Gji^YV{=E>ishaUaT(dqu5--^8J|^|l;`&8 zhQ`B(y6zt2G2bw!UC$j)Zw0x3)BD#ESu3vgR5ps`<|`T>=)C#G@c|hho~d|#*-o!* zE^WiPsr4>JEU4a*<+fRAc6C*aCGX^%Oc^~sw+GvzPk#K(+T!VzAOGB7nzH+>K&!2- z7Y<L~yW`m*t9n7&tXS82obT2Rrxt&@;PZtWr#YWp*nM;Q;Sr0zJZrtiZ?o@(&u-q@ zlYFzHiRxZVwEk3+{9jw|ZN2f%d*R^?wm+>hrge?tN2%G*n&0qPw|eE%IY$Z#YQ~OA zbhC_WF~lamz^%@D>kC^Rwsw7X=aV*{O}+JO#5t?V75DX=eEsL^Riekle0g?i_syL) zkLu{rHl;1+tq+<r;bsHxE1UX;mQ3}n*uF>n;ho&B_lhS~7@ldp_$!yR$qgNfg4McF z{y}Cn0<+={etKf$&np|Jtb8%>QqG7KwxcGcojn{or;%Zh6I*@5(QDQ2I_A^9eYUXA zp=-;h)w+22#^treCljyQ`uvnQ<BZk10F#_*HO55usXOqJMzd#5)>4b*D;_Ae+np<3 z=#%W5c5Hyj!fAWd`a%0kuHBem_1$NCSDU10uHGKjC3;MH%D$(K4>Y;<^{A7J><WHf zIXZnopY0=VR#?-jOWh{-s$UuQ-mM(_PkvQIPajxvPxpCF+JTra&bl_TNb~qDhj|pJ zo@OuDJu%+8wfle{`yKo=eb+i}$Ao~(PxfhivTUD!cd1Iv7q_epql;oT_?b<edA)g% z!tLaPSesFmJ^j;m-2H6%JDTp__fomdwVUR5=*8^$qt0C&Ix@NBi1RMR!ts05Ondpd z&(Bv6JLTK<YEt9ykj+!pJp1N@;s-Vhs>UdWk4rh)%E98wRx4N6s~vy1eOa61svlEu z@?67#H^&UH-LiC(e%Sa1MH9YFXuYgLAM+JId$+pMsD{3NR=cm@u6_51>oiMhjkdeI zwBICCAN^^cea)XgDf)D58|QA{+6Km`e9hZjIoNu4?Qi|=EFQb}*UA0X&ADFPtKi(d z)TnXkk0%u^4*2qmXI)MoDc)dRylqa(<r%5^vmFb3=0|^0-@zuYdBIJ?jT=`N&U;_; z<685bU(E~J>)*)f)~*_l53BDjADwFLQu2k>8mB8Yf4Z!>6m@*w1FvbUdttrU!5P8( z6}7e9di<8#=u@^W!ga=#EA3j|-<9sMXSu?>W&Yml<2w#goUZ&RH|YJwitE}W<^1vf z!wL%$GG-)4d(O!9n;1I$c3%gNF>^oItc+GP<`S<qJF)Mn{>b+1+#%7IXE@|MY<GI@ zFiZQj%`Cn3M>bsRQuu-Po&2gk%1UN^m6enaXO6d+@{9hqhr#X6M`J%9cD1;(+mhPr z&7BfVFKitUIP}n9hp6nROCwHv&TcF$j;=Vj_lA_8_SR8-mpebtRewXDdHA<+MVs%f zc+fB6q<sZnGwZaH60=2N85U6vgRWlq%*J-`+~{4`tcHJI{m%Tc6(8<9IYz7Pa(A5B zkWY6Xb-pvs#?Lmg{^ZE*E3WO{U|Q!!VUytZKA3Vg+wz9h&0#-&;jy}z<vP>Do((z{ zm$cGadYsnk+E!|<G=DU6t6OU8+^ji6)uw0n&-m?L{$004z4X?H>+OGb?eMJ;y&V>A zsU10K$G4%u73cWm9Zp#AW%I`&n?IhhZU4@xs}&87cn)(}yvHiaLz~B4&xrexI~aXt zPTcHu9pko+TlU4s6Tht(`rev}SGKT6jdp#|;L+Yso;RuRzQc^)IF|+Mx;=c<tZ4DV z<UR%8U7FqN;I3I;t*i0l&f6=hwA#TMEZ4@`1g*3Se)9C|!{3Z^_%!(XUaRP_bJ`ak z=`_DqgKj^@wffb0OQ_m!iOq{X9p|py-gi{fcN<sv;^WMrZB_bK_udb$u6n1l^}dJI zZavuCuz}}$=3Ukq_EgRv)^JCD{vo&LK?5r0uZJt~2_8G2AD{oOUBT#c(c?~R>r<;> z>fVdJ8~VoA`Qqc`$`yCnkB85`kQpI;a@$*eYmu@>v8~FwErmN8Xx}%lRC&V5_p_>9 zba*_m&%CDFKdAHbC4X(d!wYV8ub^taH{?RW)=2et2U;Z`*y}go;XsqzotxI&tYe~b zEcnSK9827;;NLtK4*0Qqj$Ok(nKknVTRpt!86VT6?>F}*98w3=99q+V$vORxEruU+ zdF=e<%ze2A?~&CaM?Gv^&~jfqm((?;qBi&JmATq1-zFUgB(L9pcC9wfF>QgqYa_?r zYYU>bWpw`Pa@9<O`*yAS;@WeRTdLHx9X@)?(j$rAt{V2N!Qo!LnO}mxKN}iZ$8+X4 znzMnY%y-0A=w#6-c1V@Q(OEUMVWC!4EuClV>#^@i;MADj+@Ki6hJpKvOcvGr<&^GO z`}a*h@EG|~i0_reW|uWno2;=ubzp$gg>#2iRN11fsr}v~`hsl}*REl;-FsReOT5~A zX4S=CJxN`4HQ_y%o4Qrb11_Cwb-Tf>$8!>{v`Vg1d-(_c4i+_A@Ah2t&GBB_&6iII zNeR}U&@D3jXddBOm|pwpgpUh@9NdDe8`r$4S>e03)n!%Ntuc>kcW^ElU18DoYj-Vf zI;_~>Qd~*<k%z|_znG+jIU}0uw>|tYq2ddZHMJ8alx*F!(soZs>;Q)fi$^aUyl?HG zt5r5fD@%Sgx!beSuNAcJ8yf9;nmf!nFy`q!zo4OG+YilrvbfgffwzWVbV#ZH+c>7{ zvT?-oTBjUZUmmaS-F@eQpDPUCd}pY~b6t~?$DQY&Ur?!1joz7eOq)Laq{M0Sw#l<U z?(XGO=V4;iF`1K#Rcl=G_U`<xlJ|x&)4XqTb-3QH2}{PBCOs-RXBk|%;3I=~{=FfO zclFHvqRssCf!jWNl%<^ec;4tEX%<meu2lcF%7|&Rl?NA{Q>so`9~^ht>vT;1<;HsZ zmWMhld~w0FN90B8{(BeIvDfWT9IMsiJM)-Y%Dn5!uY=epJC$u*4L9uS)~*;cE~?M? zE;F+fx>|=O<$S(f@yzDBNz$}2>y~Y}o%8tlp5J00ES=KW+hoGS16@N})%ZEDQAD3X zYY*G+X07bHY>D=t*Ah>lKK02cm^_H{YrOWGM!JS4=Q{Yd?ZI+2BQIKyo!BeyS<uPB z2dz}K(~j?N+jnewOEzKftf>xlKUEHI>+xHi;jQ=f9eBlSllk;UhV?hDMujx+9nXSm z+a_D*t$Va;|E8bDj+py&Y392Ra@8H#krmTZBm3;HFzbf_?(OE+PEMM4HN8S%?}Tfg zdyjnfeXe!x<5f|??bT!1hHDmurqKuH1vTMvTKa@Vna233Qn@tC-zKr){b$ae)MVs= z4XIauQESdu$j{)O{}z;en+u;6J<E5Z<^yk&9Ya3<sRrwF;qI<a291icJ|3OZwoba& zw$aA}3j=ShYG`@$=_flH#8&+%p!?HHZ4aH}s#&@RId_a*X&JM_q)U^1$8xt8_$dpj z*V4}&SbU+x)jGCu&;B7U&uVRsP!^49aI41fj8h*kt7_ppIN`&3M|AJ*T5lb*j=4AJ zYu3HVfmKcR*+<)(uc-F*9qZnYcW(Rk!^BZNUO4S>+~&|A^^|#&IcqJ`)As$iwm7h) zwO{XG-;0O3HOd)TXSCUm>kheIYP^2c*Y$?}v}<hIk?`F^d#oQ}+PUF@V>?T>TCO<~ z^R&jj4RHgHL@Iq9UIZN5`{5neb|+e-Jli|Y<7q)pRyfMH+vQ#t2Ys<*=E}97^wsZe zZIwP-J+M)oi;I1a+I2KrTCu^h!4)^xZf&nyuU`|GeZzhG`Z<+da*wQIYh9N%U0qY{ zd9~o9gr90%HPe3gi(`vJLD#Zaui_Q+AJ}gGdh>eonLk;^)~k53&T{9WO5djsuboaG zGV?^=lU<aB{y+NfnzUtRt64k0ar}JExaNB7BWGIe-n1Y(div>$iw&#nle{c0YZsX2 zecI;GR!2vlofd7MDNDBOcyzSZIHmf^<Fx}6S-xH8ZG3cjwZ$gxqr}bA{odI>!^Nl8 zyLD2Ot7>s;g14tO3ci)wcS&)>1a3rM<+ILg&Pg`S@5Y+hyVw8N++<4hnD#dcf34-y z`1ndY&vTPc)Gz)~kuzmL`^9YCwdIEc2Ap%;J(T-S>o9W3y1J_yWb__&qQ(7X<6{Pg z7vvvQFG(MN{B&A`N8IFqntjJNyX(1f-^JiAx9@Hp{lz-#yb!~xYZu-3jhKAFNxxqC z)yxUcS3KSRNoS}1SDN0gol(j49YfH)=Eal!2c`b9Z<WIN@aHYgbSnD3R`%)Yi?&-m zQdu|-t+2h#laQa*UifbB@ePKdc`X%d6h{oF8ZJ6{d`R6h7adD7Zk@gzyZGlzijuV6 zSK?Qc%pTgWc51^5DFaQcJ7wpE)VF)w&yec-+xEmp{<hbD$lQ2DnPyhl_fn;sH4GiE z&KqQyTJwqO(1|HUJ)_gc=GMP(drv$4^S#sRO}6Z2-%H!M*Xlt}Q=%tqdpNUkpIfuO zG0~maIP68Q*jP(em_1jyb4FB0ZTOc->h!x$D|DUG+_FdY9w)p;ABoGaI?v{6|M_j~ z+D`BILG>ppUGV+7K92hQ;PHvW=6lZi#bWNftL_dajVvEG99>jt$N1V#F&kqhFOCTt z=IXm}@17HuEA(?mf0LQkGBN7ovwlldqi5$^jB7dIsGa-O9p-CHTWsIAio3aW(L&|q zQ4d;O`Yp6YaNRmq12SXUj`8Z6|MLd@#&wGCn@qT1xaFnW(jjp|?m^Q#KcsiryRi}b zJn3-z<Lgb$zBVbg{kY1Bg`<!7uC=_8HGl2~rB{P`Ax{ok`<Nz8ifsK&W;g$zNB8aB zG44|4@Ji>7{qp6?sh?YB*Bkz*+T+gQ9etPe*j1y)H7g6hYxC`&rMNp!UGiXa`j=C_ zY`lMOkFCe8c7IsuqG9(!o7IQU-P*NvV2LNIpwBzxxZSkn^aYdL8YP-l>D%qf48M6l zF6q+lUf=D-9kySsJwLiuYT=-x=g&Dk8SugVhTY%a=F+9;hng3Pz6s3MRjG1tiGEw3 z+Ey1{Y)Xk~yT4b9p>16r*4lM(En4#I%C?3re;mBE>8cwk=U28^-I{Y=@L6tysT-Qq z?Vq=G)fXo76;;Ok(01STNBc6bC^in*H$SxLESr@rk`6tezpdhk_t!6t3v3kKaNn8c z*}p6=p4R=l`?D7(KIoa0<XCWG<sp}w=8vQ2_uX4(iRGxhwz><RtJd!gTbsJN$(kd# ztDh~|FlrCg=)0$2L_ludK(h@sm9aHi95e|&wQZ38_&x3SRj<x4+wJFdyhDyds^$4B zr)w8Y?Dcf$s1u(L`lZ$+pLch%^kJ7Q$8;Y)^YpH)tg!p+%Cn0v#^ju+vL)*33Ok26 z_Zm6OKk-f8?c8754w!IZATu?cTW`VjZ>RrM>wEJ75n*jQngq`@X=~l(ie;C@+~O~G zSe#mT@oJ5QV^7^O-F*JUGRs3dX8C;eLY3C4xK{B6*L}C&_Zq#sQ|tICNv#bxKD<A< zN`BY%f%ArR?bzyLJL^s3{TgL;Jdr=(VdDB<!#Y-XOR`oMRNON9?6%vM8G{y0c~ZMy zyP#Gr75|UDH;;$1`~SzU8OAcm5?Z9JB_wH4iR=-HR%t=0$Xd~2YpAHSSlTy|%H2i_ zS}cPW?X*Z_yW0qvipY}hdChTkjiu#%-@V_T-ygr}ak-|M>pJIkUd!{foO7KSRv&WY zdSzt7h|~j9eUCpGYqH|r=?O_^3;Zk`Rj>2k&)qeyvOwd7f}-aQ-$qvayTt)B?q8@g z%o9_)NH_M{Sl=<DL|(7tu0Y*<DedbfR(0CivaAuCLuXW1w6PB>pL?;$bNOPSZ!!k0 zgy!U}_arpj+yj@~$*hPU^=R=q`XSl1%qjHnkR{rUi?8TQs63q(HzCo;SpLzq(=z+d z7C&OYQ}Lgov3}0HJwd`>AD&srSJ3Q?79pLEG7SIVBXOndg7S{?xsuWKTT;{}yp-MN z{N)lySNzqC+|0;9ET30RR|T(KXw5U+aP-ED*4FB1_Oat$Igz4b+ccvhr1`TR+M0{D z6D5)N9-ecJSj$R1T6{__t4=f_#&zO6wOJ`EtcaAgw7_M@;+$0CYD65~>R$44nY)i* zy_MPDDjm2=H}KT>zpuUdx=ggV^|F!LmjwZrW+uq!Y;_B6q_-7KXdcmKG(6uVGV<n} zEA&DS@w!X5w-riguFcR;CRzm=^!eHfkBhhwDaLie#9fV)Bx6gr>dFaj=?)IJCwBzA z(R|rBVSKts=A2#3DwpG#S2o$6XgZL(<n3pEw@6zZ9S+~L@gM1dVbPW**H+p`Yx;YY zEIeNKSzVbnLGV%2n7x$;mX234jk{O6Tr%;V=x!O?0D7Xsfd_LZ%A+KHcC$sy<V2|y zS(eHMSK8rClPB`m7cq3LWBQ1Mm93aR$IAD?z_}%<VZ$|8jCD;x91D#U*K@;SBE*Fn zBioJX$IORJe6*Y<?Ms)Bi@7g2KK{YbYJStiu?y3a)QoG2ofO6poPFEMyazf8wtf6M zSkJ+Qen@ClpZ)EV0-IIFJgQh!f6ZdzLE=SRtj>-&*CN~HdPi<$IDOOhkv{48{w>qD zJi*$adgU>-D@Xhd6K@u^r&`yo$?GG&JLvkkmn@yRYzf1rfk%T<a@qF8v7_pj9S^NP zrl@E}6f!LqH9oA8(hM3H>?z*1JNO;ze!u(=te4?^n2($KIuySyrOB(m+_YqFMd7JR zK56TLj~|(ypLt3_(LG~U!PrSnWg&r?<4aoattshf57F*$CNx<}^Uo%_yta>G#MwM+ znXfY_)`7OK;@kA>+e7F_b54XURFY}oS9E7Dm#i{Wa%WgX=6fxO%$KZq!&!JIK~Y{s z`tX>i(~XR0pChg(-Iq;!vms_;y6E(h2^od*+OmdKsm5uuM4pz>i4Eemh3;-5Y;%5p zb9$hPLSb-U`yjf(`eErF!_sf1PHO!k<7TbXK6l{p!)G*-q$5-5E(dO?O3piZ=y*$^ z?BVI5n*u|;P8b=t3_ep^;!)JPJ81Ui?EIzsDu>t5i>hB76un>fH1l1*r$>p?W7d>E z_l?+Vb|(AifyKp3BGWnX^5^M0Hf+}GlM{8sXC1T2rzv`lddS#?=QNxw4f}>HJHFK= zBlf)EC_k~_zcsubM?Ol~Y;a_Zi=5w!l|w@I>|hqvyf|8JQ~Q`dB<o{IP>M<2LL$+N z=`d4Eg)W<ZaJHH7@-neuAJ{M7RkSx5eIDZ@IZU>wEq|ccrCB>vr1u#<-YU=DEKo+D z;vJe+X=<eJXecmTXK9&xWd52f^p<rpt=AJ~ukl%0E_{`^HdvEy?!py9?W<EfIkJ39 zXnCn-2ZRzu77TP^H}!RuvY!zv$F}clK3Qx?G2dk6^Q;EVFV6EfELcGIWVoiWPrbkM z#mmnmf>XSHUHi@2Lt#4E8pSdk{j55s)TaY&OW#QcX+7@OaOE#8)8T@O;i|X!j@^5D zP;|v~^vfH4irZWC)<_#>_O;zmH+QLv;rp$ZOD?>teA=;bSAD3itJHp_SmuHXWxmqp zQSMg!O3chH9}dmxxE*a35<GI=(VA~H?UUSG&zagr@lQPCbN5U0-ZsBP?Ke9z_NpM$ zR8#jYkBt0wRQjSS(YIYDbSQ28bJOQ5HW+UWop>ZEGDN&kDzY(gUQL*HxS(HT{@5$+ z!Ry>LRMq8?3T++iRPTAll3g})&uZgFqoBPVeh<|<{KqFB`?CIh=%bpms@wt4q^}AV z(jx_imAV++c|R^uZtt4X+h)>-!*XNpJk(F9S8m7_keIj6up@b=tjDW7vj&!mK}9~j zEhm>VS$KMgx4Tqijc1ygtKA+UkE?>2B?Wtrj+DypD=4AEZn#kFtRQ6QB$xh3EI*$= zPQ!4kK-`9h(T04ZcXv!!*Ad+O=7{$21A1%rwGA=QFpMEq$X}%QDVRMxt7YnDOOuwg zHxp-vJxx6*Z7h4lVDLb(eAkLtsq@Fj>yPU&92?wUo6hnHDVgzjtfOwQ+B2ed>6q}m zJi~p&LG6}DoTv<+Gtc-`X5^Q}p1)#XW%%K`$(nVxd4{(IRs31j16wrt#<(TsWoRT5 zdXYzjS3GCfvCPttGel0l*}wU82CI%<vh4cety42-&)=R6(_KUR@O4bvn=ye|Ud?~Y zR&|)<_7Q(Sq=6w?t@YOqWm@Cln%ImX4<F>3xG;?7t<ZI|P@Z+`*pf4x1o?plvT=pP z)1`qC?SDBO`@*k~7|&Pq`TE!)lW7f{OP^Bqync6Z|FO2woaeC{53S8{Z(yY#oltdY zcnTw5K~JY*_0*fpNCibzrp<%gfco&XNb!yJH44X03teSpe##P^F0VNM%j4$8OS|3w znieaP@4YKtM<9&2E1|CFcwD?7;Le+r!I78ftdD|~;(gdr!^dm-vj<;1&kFN$Sxnoa z71v0}4N-V!8JTZ%?IZ2>dG@*KOUuVxUXeMc)zU<9f7s#C9gUv{*_FJlN%2CKB`KU( zV0EX8zAxpxL`Fr;Cl!UyjB9<v5BhwF;MAOo``X{Dg){c?g||upk8cUOe$Fu$UNa!v zBal7qilvF=GH1Er_Sf&{7;L)x;8K?R8+#GvMLz|f2V)!hwugtL65HC0gLX={seLQE z{N7tNa^h134dzZdLgo8MI0%8xT)rl7UbUrcL|o+)zSn7E*T1MVvK*;pWc-=)cIe?u zx}(Yvm8ZwTV!{epJGGWr(H+*ETXk+nR>rw(_B<kkJ%<%(Y2WDJcxbG;iiO3DtqYY8 z7_@1={5-Gu#>Oi*;`go8R4g!6++#T~YotT|(0<S6u=%yDwxq9bR<nM<)>}LNxKqEK z8~pET)|O1UlX=eE=&PT?WT^_}jm2v}s`h8n)iexaSEubYZi-|*95#NJQpoMfq;HH5 zLH*YW>@$hmydiRtiEePLmBiG^h+;v@VPf)r2R1iFFOw}air|ZycSXqT+M_t#z-(Iy zLrG&sxqD?zebBT;;<g1>7fS8dqpb}Tei$pDRdMpLrIMul{=Y|GF!5*A*O^A!x=1~L zEM9r-Tff{h-YngU=}M1PL$1B287w%pEluo^h2qyO3Q~sC>`qinTvjrd<6c0hN3&-y zI5jyyH_*^DJ7WB3qm$y{4MK85Y@asQ#hYax3fY%?=u6HSi_gNc%cLG>B~3PIUl1~T zU2&hUE$_{;Rafi^QDL1HlKygS1hLxluO%&|^yfbE-(E@`ZXXm_WmF;j(yGc#98H0Y z2oYGXBor0$jBm}~Wn+BxwT={_T#W8L@Gc5_#1e}uT0{6JRY^;B_%Fzw=$t4_d}4T5 z9((Ry{bo<K>W!4N>YMLaFZxx4YzUhiys5#{B-+d3=?x{RWPg@t+r(3G_bqnc&(Wpd zc50DrDs*1|1ch&fN|%z&o~`<96Xvw;{)YY>XZE5Ci$vJra}D2RkGVK2bkpTV1A*=O zVjVuZ>Ao|}m{XVR@o^q-Ff>s7EZ^pdua7fKV#4}Vv_-o-&Y%A<TV8bCGUt?Pd1k|5 zz2yGtbRij6lqED4AG`2r6TiZc;rlNX)`#z^wNhf7sI0#k#Zq|M8umAz%kV>ERJ;eS z$Ug9{vi{EW-8F`dmL>)bBEmx3Ze%*Iq=juG0)=E694rl;G_Hs9JFE-)R3Fk*AL4j) z>PhjExw~q#XSeGe6!lP&wBm2sP#6;y&DuP_UuD7ibrM;s`C?Mh?oU-MEXp;^`B=59 z-|Jp1))dVUsK|AY+Yl9*5O{xv9Y?D<KX<$xN2+?hMQwiEw;ekA?50eb<BWpi+J1w| z4)F`$;lwpP$o0$TqgN4^W9*2T1_xpU7K(4-XO%PU&k%`eo{SdtEHzhU#yhRt_So=U zlc&y+e)?B<;GUTS57nPgHcL_*nWve4DD?TRn({hTi$q5YXPKj)zP2Bf5I91Fl`)d- zy`A?3b)1R&?6XLEcXe*5O{-?$rwGo);p=uhtUgy6@Z2zWwROeJh8wE;Z;Xoe|LkM8 zta4m~_p-{<LXv+OXdTzyxXpqP-nJ<&C2;cVethYJCOWP>wDd`MeNoK;gR=n(^g{B! zq#sKUecWspD>789)FimY$6P%ByhYXehM2*Gv-{M^$8XG?ZyPSaG^wL|Y~sxI^(<G~ z^Wn{lg=<<kG7AzaUhb=C7dQSa{IbEhJzi2SM?Fz$h=P})nuXf>&zz?bm20L)M(&h8 zTa$3?@!xyt4y$&RzEdnbDiL;&*p@s;OyPCMzAd3&kWQL7r81V+hlvL<)<w^fe(Ei! zelVlz3E#Gyu-hwDl7~Ehzq}%U6!He4o6`Lavup-3cP}|lYrShF=-l|NZ=<0vO>|uR zm^01UVihOy*N=I|XDWUFD&Hla_gc-((&<K7!GZn0ImOvVMrPbr%F$VN=gd0|7ui&k z=!@r`8+bJ3JLR>1uHsvI(Wp*Bn7uJ&w?~zpS*yN^#QovxWDVAjO!t^5$vDya%+fr_ zi}mg7afa$w;n$xl{CpOsTMu+t72zWLO>`r|o+s@~3T6D;#s;37EGg_1Bk{g5=vuB- z-0I>W(XFA!+07<Cx3$KP7furru9~|eWP^+07pqrKya&=dH1dW;r>MwG(+pWVnSb@2 znp>Or$9O;0x#SaNQhsMcZDqr^DNl)U{mm8{S@f$SMrz42mbP$S3O6^lE;NqvvdNZx zV`Lnuvn|rl^;VpXk`l7MS3||*H^z>Mck&!2Mq8a3C~{Qi@^yh*GF$kQL)1<y&Sn^^ zZwYk_)f+t3T);R!E+aO~!St%e!HH*MwoQ%9cdn2fzeY4TY>b8LHnICEm-i$jGfxFp zvzda`9^_g8WXJMH>xvbm*aC{P`raLwvB>Mr3ZHQ^IO>*HIGTsA_51ed_!Zy9(KGWi z+n<z)xP%Mbi{6qKe8lv%5NGka2Rk@(+74{4iMC9vIoW*eW9a#eO<6UY6KNjW>J2KJ zZ+nG2Tq0wZJ(B%kCdX69%|b^sLM`!9$yDX1C39TWlr$7+TcsC-4)MsYM(~igQ#5aG zdVE}cM>$j9utu`w@j=bif}gJky<FsON-r{${`$>ells?{Rg*r9i!jZ;Fr~7oi7lzY zWG2|PT6^g!#XVm$%kZtp7PZ7rhccE7c=+I|g^|9xgfyeEqm)y7=2KuQQ{SFQG4rL3 zqs^8#ahw*tcXj##>BD@>>chojH+_zt$x;7mVdOY>c7mX5Kf~z*rR;o$ls5eRB#qrV z^zng>Ms~IxLyxAEmNCcNU-Fl&SBh7yfvJeoM!N*YtdLXBKWDfmlq}olRI3u`EB<mE zBj$j|(f3N@ED}vxv?i5`xX$<_CVp3mZYI)aM9xS9(aAQ!=UEFb21yPa8ETUyAiT%k zduf{O{Iv=WgdBhD7L}TmZK0!Y#>c&u*q<SK>O;t6fBtn$-JmNgt|UL>J1r_+-0*iA zTf-}?B=4Pc!^wVWB`u%LAM~?#cV8gl_IyAAy-4ZoZ0W-x5BsjS)7E{~L4Ucv-^)qD z9c2RVYvzSyR!ur5C@maX%-laicQ-#Xs9x%@<w@~(GqxTxHTrrkSVU@In1DCZ{=Skk zw)&4<yL^zap}_^$Tbnn~zts*NKc10Ps6u>=qP1QZ^YgmxQDWwhVm%~t@D%!pD}KU* zrztVc>E&m~*jRUz&(~xw6ODJS`O1hQ#?dmi3pA^zC&fQ%wq)z-aKZyBhu%?CU}$EX zyHDdpp<f(gMUKr^)YFNqqG{#`+T@6*eX=w&yJsJi8b3H${y35Qv{_M#9TuM$lC;#3 zm?M4v$_Fd$HT2-sx^1;CO3b@Pbv5pN2c>v65{{3O($-cS4sLwBv6|5oAEO(!mf`Tp zFIFwF{)D4hwvmZ6O;^|~KCbNfy;YhcnRh42OEQw^m!4PLFXgyLn^a8rlr-q`O?J&K zZ!;q~MYZ@i6{#0yEq@oh@~IvF(q`N#C(e<LEoqI*19s}C76@JS*tq>zDv^3|)x6zX zLysN((BJo{b?JJax{2?YDiip>xiG&)$S`hO2COXiaXz$I-)Yj<vs3!3%&=V){xa0t zantC26~~(!S)P)NGw(+&y)D2nu_Bg=mG;ZZoKtl4#J;Ijxz=Otd}_}Il;lSVH_y=v zvR}-&oVBBPuOuxX_F6$n5iwvuWZ*k1&Rf~THmii1%>`O4rE9<K^4G8Gzk;4`RaN9~ zJ7;U4X+_^#f#rw(8p_;hz#LLiy-FzESWwt<*|EqMBlfZiMSZ0tOKoc}##&$DJklrL zy{%OIG&qlGC;f7c=m^?&c0v5D$#m<hiO<E%4iNSy_Kl8BQM+PV7&L^>e8{HqQpV&7 zwD6nE{F5Dt*I3^cmNt(S&eQkJbD%vweQKqOLVSf%TaGd(^+cfhsIPP9=sKWz>h$OC zQO^eCs?*1rS0o0%*&C)4b9;69nCE}BY|Pje%AaawYE)hl{?5VYi@}vwG}ohwM@A=` z1`F(Je|Oo@ZttvFn~b(f@9wwbKKp_)$E(eI$X=_aBWmMC`_G{Z9c=cWlpa-@QmOX- ztBFcn(*P;8K*rVWqA$g*cD*te@a;o$OiT_opRL2JF<Zr46n;;UBh{=MzOWDNh=s~% zzwBjF>Kex{2GwLIyV6W*=+cd9Uj{vzTc{%0piZA7ld+5wCQ=fWUNCQ6g;sN^Tk}VG z7qe{n<|zUm8=szMJyO4*k}~z6{bk1F%ZDE*#_?@pSJO(An0@?B#GPG*iEZ;&I(3-$ z=|kL{!)kMq8MX4Hy>zWq_Gh2^cNLF@RtVPJH&WyuBFu6WPyUuAueg7X?qyNU9M2Ks zH=IxjXFHf>@6bH#tgzX6DC@M}%|88i&r95sA0cCFPG99QbUIy$x$Ldz;msSa$$1^z z<b5GYVV~zT`ZycI;3wNc{j)r*`h>_Vu*p{4@0HU!I8=A!Qb*mBOJdX`LTls)aORE7 z-Q=vwS|oQq>0{D6f1^$Ji{rO_*jl$wa?*eu^A%J>?VM^Qn~&>zJ!G#uG(+@pS!r3s zewoaGd@;-Uv{mWT);`WZX4ZTnDPaPC;MED&D|0@TB(D^6)IJLbf4)dyM&|UmMY_f& zn-1~^zN^0Fv)wBp?)5wOD9`JQg|{ExRQ^(U@+e{5EqeKE;dK&&2XE4pY!2hQ{p>;? zFPFF-_Y@-&cPH%+FF6__E@9*JG}X)SMMt^FMD2dUPR+@C%Nz?0=Eh0Pwr+|KOG@*r zpW7g}jo;L%uT-AU*Ae3b=mx3%%DgTK*D1KqLtD{bO?)JuTo5XybykUymG)+pP@A{< zTZzbk#CXBom5lN0`R3gc-g7f<aerY#eOwt^&G6ClYME4>IV<^Ur#*0KM8DO%;Kr7X zC_0JYd|b#m9+Th}Xl|hqzKegN%R*Y6j>X1{b6EC*t$FDU6}Jy^s`f+=q90Oanu{pJ z_mi$BYK&#v<MKocBaa3QRSlW#XD<}zE@?6D*zo3u!x!XwR@~4lNetY}dbw+d)b4-+ zQ-!@Z4X(w6ot)1JnW;K~|MXkw+H9#jdl~rvCkqtq@J+wBD0hpqzmKx|+$5O{Cl|I9 zTS&WQd|UOtij!{ZPRKG8Q-t^pBop@Ch+nmHs)|lVkx3s~d57a`rRtzVi!VOwA4N>6 zx^t)8w1_GHn6AEUvDs<?^N@n@inU+Z)2HV;TdF9Dl}w>mc(-LLDAx3`NQh%DoHR~6 zZL)B^qBmof6ytdupXkix^=2w8B6TBSyw^BNLFj9%rX=I0e4Z;!<;5nO?E1RRYi-o+ zeEPX5r>Vrr#V)XoVPy`{V5Y{nJ5JHPbSG_Oj-@J7z|rV@()B2l(9Aj`a}|QGv~}2% zW#VHNw$x2Cn*Hp>6#B8%LHm!%X=(B&TYqtsXWT+jc@ulchtRYl-QcN9FN~ra=(A4= zH=7#GQ#n;3l^!(Uq2t516814_uJw<c?2FeaD$&%M+lr$;4G5VZ7Wv}L<bFYG!yZe& zQep;w`Rr4w5?Ib}b45;3hEb;{ILh6vxh2gc-bqeZ!(x}{n96s9tyc@#PjlMLjCYbe zzwzN})pw#IN;H0n{`7{M{2s$S8089f`L~3&>oYb4i4QsuIyXYqsqdEN=!o-gJWW2m zP?2rl{KO4`Po%B$6(2L{;HCYoH=*d>qu#rTVN*J5ll6;5;q2OP2RM0#L!<JJbHZC+ zqIWl&`R7@&zwI0vmLFjr7$4`-&t^f$5)sbM+cWL*Yx>NRG#ho>q{ypat)BMfuf*NB zYik{oyqg+*OH*=&&8YUX(Bq5{PI&cf<d8jccRm<#)l@0#qr{ll8*d~c=k9#rDj!nF zw`!*3op)mW=SD=b6|YU;U$mAlJ!(uiTSaEIkcZEb!S+i~U^45pX6nax?~D58k56UD z+<f;+c5A5O8K<FV1goNGb$zxk+;}^a$jT5Y`w;M^zjV0BJ^in!QaRA6l;)fu+g8Oq zykYRSy@RD9-nZI|3#7gowuN89F!%a^i8npHpZd%i5Ewc)$z-v)^ixzGykm?I<ik}F zgHep6ePawJniHtHQnEBY&U=1D=$#T<@A+Y?S0g??7*cj4zU6>xGjnzSX&bWh`?8Wa zK}*UuEo32WQTn(wbhhcJzFKET&<>17#T`k8_tA0n@=yI)%`Kl;rs8T+jG*&d?HLmn ztdk6WufbWf$NsW*ILq52IWakG4}aKELX-Y5=s=%jXM3yM`q|Q#v&P2sV`SUY*hOy5 z8-wly2%-{a)2B7-lATk7;uTzk4PVj@7-&x5KWHNz_}r~|_$L(Oovc%)MJUC16>V`! zG-aROd`9)7Wxqt(PaSEVrtA+IeHkYDo`%v3RAm_N?BXkgn|FjC`^rDhE*}*`R1#vB z&s*ax$-kL@&EL$5p$irlDEr81UFX<5uFY9>z<N!k`i>1n3qw)tu}yvBtm3hYPG4WG zJcd^4bdR5{<Y~C!cG>e$Q*$>@2`O;*c^kp48wHg}xReq>Lt57F-5Tm2bvX2S!465G zHxgBgrkZ9)GMprpLY$L@P->^HG^QbKgkQpT{sse1jP2$qTC7@8-PzcU0rg?it#fNm z3GWiMPfI{6d(H|^qc7e&=E)%XxC^cbr?<1hPaF%E5LO6zG|;tqt>@LR-gZwfc~<1H zs%Xm1X4zR%cD6INw<<9ja~*c6sVVbW+GJOott;Qi**hort&?sz`%?au%;GGA%PN3v zHO&3H6eFA-WTn`7h59j!Z*MzKn_%ZN;f1F%V`F?ppPY=WvM(84_s`d@iaf93<0=_k zpd$O=jf9$Vi09aMErf|GeZ|=V-OCvpI6Cg<EM{k=4Yt#MTCzgVf9Uo3OF4JVnJuP9 z?Wu|y%)1@q;|niZNJ(YL-ZPE}4flz!7{S@5%(1zMy7Ak3Ud{e#UQlLfGO~qckp=2Y zl^sX6gpCQ1VVqO2x08#Mex(yM{<yHKo$cSgjS=QI_T}epl=o8%7-I0*af-12BBO8m zBgO|wemiWqxIlzm$r|h=;#Xv$AjJ|aHbtuhoAshH6Nkx-)ro5od78&QXlBIOC5mvY zJdeHqtLD(H!!A@+$KQy5w^D^AcrCs0o#)7xBMemtao^4T@7=m?A5}7cx^Zy3`PWui zxluY2Io6A$pYA$kEB!Po)OMlt?to`jn{UL|PnU{t5Kqux9t{surPb|h*qn3yCfH$| zU%zKj4_1`#N!}YpYrk4`ZS<^z1`GNRPh3cQn%U=@WXQ$ci!Wv=Tu2-|xOQ9UyJIVl zx1^1jFfV$buT`9P+lxBmM4#D}B?3t`TMSa_EBZ1T-|5)djvTGOB~*O4oo!a=%Wp$p z%gtAt>a*KpcU&;zt73(D#rQ#b0%<WeLyitrU@|XP4^av+GQUhr&9|7F+Eo8nrT6Cb z$w*SZ-tLl&`jB0<?~SAz{yJkehc#_@q5I;3OYhfS9{%d{M*(>hEt{pL%g4_+HE->O zdjF2bouWncuJo$eP;QaZs_n}d>+5}XA+3Ghz^q5|kx?Nh4~=cES`ea^xZ%m(MvG6I zGu4Zx<>dD@j1qA&H8gU4A5b3G&rUmmvFR+`jD8}%BE#pi&DbFO`)f*Gx$7IIK1YR) z$!=>Zho*O^v{`6a5fd-CnslV5(iOZVMb*Rh66Td}bvh<%i*8w7TKZ+|;W}Hvh=G9? z(q~ug5-S|aWD48c`5a#@q$ah0(I#;NqGN~8;)1Y8j4G=qUNPF2l`4c@ddwSgaYRXj z>9LlAG`|yxMy;ks8S)MZj0X*BOatKsDssaUJy+Ijv)8?^>t`?fVwm@k!uSenb!Lka zL+*>Nugl_c*;;|ct|M4VV(f{nE^<NI0#17VEvNu!7uj~<sHxF`bjP7g2P^ir&^0Zw zFZZd)?y1flv9469?bPzhM|s!yG}wum^Uiz|-zYJ@f!}r(+hMnQbIZY+yg3rL{LQkJ z)-D@uW^|@+Q2|R`D<q-6cTUMc&K4<#YJu%Tx<uZWxcM|B69fB0nNgEpUlP?l5$vHd z;p`rM?edz)tWyu97<CQ<6TA`(bdo3V&stp26w4Z7H-RyQmFhR@^+AIs9|=j}IO6mw z>$7iPnWk<M8pk{|Rwp?sK5lx#ruUUOd*jwb2bJV21#)JoGsm%HYMR_dT>A?-^*3Wr zU3%J#ZP{<lhZyG6qyZC?<z?<Ix3hoZka}i+vD^q|%Smzf8n%{!k?lKKWEN9c^AD@7 zlT)AJBRFrAUEdt-?E<1_7`6^4PcFY$Y<r@mU{`!x(sOZnjf(=cP11$v{sv-%#EOON zrs7cn-q$S~S+ap^<sMFAY!KEgwy)fI?flE<3QO#T6$Hz-u%-wm?<i|ZnVR)%`i<nH zQ6Uc`7>Z{Ft5)BQ-d5aU_cCPEIxD%s0RkV&!{y|prx|Mw^b{7=L6L+Lzfr7#y(_I@ zzVdVX`aIURhvpHXF|XwUw($FU%U>H3kadPFZCw{qGB~tcf6He^L&?tK6?zVYiRd#v z>9K7N*S4Z4GpE?p=#FB(0*dIjhGs_5f|BMu;aq4?NfzH(MxUIe{8j(RZQHkWHOHhi zZ|2M7P9?Gz%`d!GQcP=otI_anm&uZo8}z;n+BPsfsd8@03RCI8oS>)iPGS6}(l7ba zrn3{$Lnk$q8Qsscy^<_`a?(5{8I8*)6pdY;5@Ca`<!n!g$-k=^QhaQPY4-IB6TQmi zug6Ya?C)+TaZ%jC|NYLZiK?{uwyVlizNT%<yDn%ReJI6r%$EKR^yI~kRfo;JMlX5j zKO!XfOUD_fGiKS`4C|F!b5hKesnv&$2nI{#H+h!QCp_<?IQ7+YmHZujm@jh`7Ne}H zjUl(<O|x8pji8!)o7wHOi195((vw6wd{F6c;G%QOYpcqW6>}Bsv`zUx$$wqBQgP0+ zREdyBG6PISRcW=M8RJgsnhM-vsznHBnogcCkP*$QePW-a)~xXIg7~-R4_Rui!^Dh^ z^4GT8f8H?r+}sD>Qj3>svO>nv!=i~b?B}x&e0afr_E28y^sM?qlyS-|I^!sp6}K;n zR^(&nBi&zLIO~GAS8S-|O2LN6!y{FS96U4IKP?OrD}7bd{;7<n7!u;yE;^hh<dOaU z(X}(NKC7)fmP=i;K6l|kd_~dN@$z?v3%wB5`(j}7_L}rTud0Khm#q}`8odpA#kc*K zDog2!;};F7<idn0O7<P?4H27d3-fi2r0?6)9%bu~n~~r2#rbMxMq1bet)ZD-ZN(jF zS|L}6mHmBu?EYGClcAk$SlE#^!#L~mE3uoh+d_{gAoEz0<Bp~b$K^$iMZeelRdK=; zUH@1ah1)mUhWJYLpGsHLX@9diF5<boZSLni72fCkT;lG2d|)_vOQ>Z+g`{3k(YDac z)@Qf<)=yosFWD*RXy9HuLNUbXmf^PzinoF@S@(m!C1^f*aU-s<Mbop*Z*$VeurGf1 z*Sye)@mgV*y!DVlpp0%%Gb)h!9Wba3D6lwGt6!ayzqBf#V9Us)xYB-8XaeG5UuVua z{kZt{=c^ilxh%eUmMw<TqM5Gz7rh7<5wrQj<v+h*ZYY%5qEx|Be!3#)VY_Q{<eR9l zGW#<x%DjzpWFtaT#dacC2sbslkCqi>2JF2xlHUon9Q~p%(uy$^`%~ZWy>l5fGiCn# zy%UrYAM^F0kDDj$5&ewsR_rJ1A$_)n8eFn2caKt4cz4T!oo#lUHpSDzQRr^?VfzP# zr)G%7HJC^H$>%LTWSV{d3}KUdJ8%L+HQdlHA+COKVAEMMwsSHeaHJxXlTsY1r_Hp^ zrd^a}UlWSkxo3r(snMaCoWl=?tHoF7thdX5PggY3R_S9d=ESmlx}q`oFHPmIxr!ZG zJL|3u^SGpD-~7cn&qlb<o}{u=2UhK_fox(4|G?Sr=oWP~E^-;u1^W;5FiCK7voR_^ z6m(X$a*5}Vc}4WWE~3h`G3J%?Pv7{sg1&!K`{#Kt;+D&^=cF6u$eJ@{-%9U}QEiz% zU8K(e&lZErCAw7^lSPGTMaEC7j|ST5M<%UQb}JqqG=2)P%ji|JKuW!B(hKpbeHPj6 zTh+!}sx#k*$-S=}F`#5#*q3%<<2Iu-pY;CWNitGup|eiDHtVaGH|K_Jc=YvKaV<hY z3e2M!BPAKJ#L?TRm})lh>M76Q62a0}CAti;6)%Lta_F|M#P;l?I(?_lM~_~8Xs9!6 ziA*~>OEOb{(XPb&5HkOb>X2(5OYOCHPcfXYsQf<NxvJf{S%|ff;}Gk*sW^27XT0{C z=+Gho?_6P>#uKsAns=DSZVByJ%lx)+@Bq$*)p@EC+Y?jPND9iBOd-UY{q>$`xV#-} zQ9e4YM3oU$s%W(`UvK-}q7`-=;pUi;dUl*W(Uy5O70LRU>?w<KXT)u^@sZuJvf1Bm zdr(LEh&C0~{(afI10E&F9uK=YThr{o;EK<==gR9#=Ee)&kGVgH|Lx$gas%4CSa!y` zh83&gZ+tB&zmU9ivM58(mtR}BTz$aupuQH`t(%CUrK=(*(VETq3xhY-eEl@;IKtM} z%BI2AN{o?}{f#XQPZ4Q1l>6^J>Zm=2A3f6{SW(13Nak2xOWVbBlOu*t5UbrN$C<L* zTvx$J{O?7_##YRivXEPJE2CnHg;SsX*HMLe^W=4?!hFSg+=8NU!9#@E9O=Jp-3Vn) zkj^4a6PDsAi?p}Ghw1D3?=<)zuDt6!D`(uc&?W35#+A<^KEB0ULTA{XdEYWFmepQo zH1dAPP-6bN>y@4@eoqxe*yq<)2vrc<>%$Hu<%qcSz3nPhG0OF2^wTq^WrFl?zh_O8 zW=!!p5@;?RIOv=2E-A)s;fPR^B?1B3(jBd;t_uXci-o70(5aFn=Cukr^G_k3u!Efh z7MU2V-tEVCP3>B6m98Ldz8X_2=49VP!wUFVFTyL=+OWUgzOyZKqM_PrSy7R&P@)g} z{@~^ct-}+NmfRZak^5AcwpD;FI;c$K_R2{YH#Urzqd!ei{OVw{*7so}q#1LObJr5q z%ziPG6QC1hKZWUFm;Y9FkgSqgL|9#bwf~puu$LjP0xJ8qRu*{~E+CG4nYXqwvu@NS zZ|0(wL5ICg%zS+43gTw;rB6B!7jF^jd#>!uJhP?G58d;ZFfiJXApHD1`<Xsx$IL6A zo+rtFE_D=~8+nO6uR>+g<eG8)Rt{3yYSk|~XvUYlQ(6Y|O(9NeH|@yYP%gOPqWI3b z?8d(zFKiun?O=0^vXJNJde#MfPGf}j2ARRxvstp|rF?Vqmmj;}eWasY!JeKkC*1t7 zsjhs=PX54sgRTnnJLKakKB%u$^6;Cr{x23DS}i(`){r4|MLaY69P85;PVtT99bv-j zN~LQ{H@i2d=9`GPG}11-8{ur7^E!Clt4o}Pk8+Mg_*`Jb4%mEC(td@CO1`D~rl*hl z+&{XxwRT5VqVdhYu1h3du#B%zKd)GPICROboGDE?)1Gktj_jlIS>W|zPk|vp(}>oJ z+3bD8d@=*_78I;Ff8&Ey!%@wN-?G&9J0{hoF3>w5#~xf^=2JC3u!Ek=@4Zm*!Tgb9 zFTUF8_w27j73e9FCGQ=p7K~|Zt*E$+RvwITZJH+)88lFle)!l7o9u#_oXQMN*^y+& zoXu}cr%l{;R`86(q^jj~SE6GjvuMZYMo(FLG5P&T5B%JkCkh(wxs~+jg4N#w+B*W4 zY)S1%5l@aUoc6M)QpiVm(cv~LgHhMSe6@^TDfs#iFt1&^JBn2%_^e}YUlkR{g-Y{X zj$8SBxW}1)z4Azm_Fv2U>>TE}`(nSp2m4B)4hdK5=!2X>I_Ix1<18FoTT|^?{oCx? z#L9!$4w^gaq{Vf4H_qblyZ(%KYU6yQ8b1%;aQVS=74sAM`$QWf{a8ua;X7sK@qGyx zJeRo0H{m$DXz7)X!Oao+oLnWL_d9Q1BQ}0OYb0q!N7J{34mx;p?o+nO(5w{I5i2dk zN7;O7d~7UaOjP78etcx|*3SyBckgu&ne%1?s!O(a)R^;^$fJqTZ<Su-Co;-US`v?S z_9^BVP05ln<a2HIUpL7;z$S0g^U`b!C(o=U@7mwH->Gl8b)m7T#O2QMS67@SpU=M6 z+_-p^@PLzE3v%3OW-4*9CZ$^pmx!2ViwaMo578GIc_2*A%&~adRDp@+PLTyk{6v1$ zew~r-&5?D-{9dJeymstnzkar+L}==ZVGq;m1LXV73ly3=s$ZVJ?nHCd=O-iD{+?LP zSE9mPb~a>WZc^=L#{*Lvh=u2e8YgS*N?G18mPRP2F5lxBD?GvY=!JXn_b(@<O)cBK zujz){2qO!la@V;T%C+n>twoFl(<jC*Y_fN-sk$?0?-J=j^}{?as1@Z%u%!-n&;xzM z)2+g`%8g%BIDsKJ06i-prk{8{UVNQR*x!l<a-5l|sY>w+8-l8~{bgx(gZ<TIp3gg* zSF1!U;tOOBYbfwB2Phw(E0wq^-7$G{yi>$kRqe38jOnFf8zu;sk2Kk+oM64+dfw5& z1@-)#r<2ZKI2V~QZ~mx+Rn3>_dC{SdE+>6@A+^O%zoCAMs=^*uNnPFcXgyD+Zm3YT zLbl3Zdikno?QM|3%F>0QBP19nlu^B9+vV1sAtSTzp`bJJ@T8qJ>-JV(BmCCw)<2#k z?8Gn-f7wpoz9YNHV&E<PvXBclkL~w5pBK9)|IF3pS=h~IzS3S}CKQg9Zn&!WcXH7i z{`8#_%iIi?^H029$+l2`>6cKL=bO^!a?(|yCkqpHIKEZ06x=;})i(7F3kUj-EON4w z_%wkrTA<vmIgda6x>)$3@kSh`)|%sJwlKg)?5M!E(OS~Y5)ZvI4PKOmYYfxB>1dL+ z{JQ+bi5iva3xozm?{rK}X;W~wT&lV{+V|{?58ncJ5T|1d7v?!%GR+p)93NN6_fVh6 zdb}ykab@2;`<$gR4nC7?-^lQ#m^k)jg%;M<I(Xl^nz3N5exk8TW_HMe*N%H4M6J(> zIE^+n`fNaGFqcVf)y%#sSUGoO?%F}D4Z6&L;{1afm*<(U6SuZ&(4$q|QhI-7u-?AP z(awG$vMr4UlUhFpYK0~hv}%gP4l2mLx<_a8m94ECE`N&s%c)<$l?z*ph4wY0_-)gp z&z$PdKJ-&htfQsEcJB%LXzMv*WAIR7eX>&C`?Di;JT$f{n8w7^SJ%&%5|Z3l`bAMi zyt(1F1TF6=abS-6%&8|<i7goUWJ*4oJw327GpbDXuRiC50~8i-ZaF|SaMBxEQa|e6 z$rQVLab?x&sIj(afq?NAiH45jGaW`oZhM%k-E#Rz<U0px6_v)nc8G}dw@N+a@~-1~ z=2>*RLM-1R@h98-&z}<BH1N82$YOW4V9D_sJHztSSz0d&Wp~UPYN@3tbLPvQ(*nsV z3LjY0s)rugZhm>`7PL{o3)mOHTGpfTuDg?FDjJdg?y{W5=t$XZV}g&=rkrN5mS69; zNt2N4<Mb$|e7B`xJm3A8q**CvZO3j5`k451)NtJaCrh0TB5p3Tj9XK+mTs?F5_wsC zM6PS*7~1T%jz*@gVnLEeo?YKV4_!6vSbsa3(~A~t863B~kFmodsl2O(6Ypz!v33zF zwg#&brQ_#5NR?n+;mf=_;aFMe6w%CbF~u=-g&HN}d<mN6w;>;g`Mq*HV<2fK?;yQk zRBOo<0j<3!?S1^EPk)h}pC!d&3p}$pe!=<Mv7*R}Wx>Z^q30XpcDZ%T6ge`^%I`)Y z`#o*{qsK2?(+o9r-7h@b$zLcVna1E8crxx$xIxms%8VUqXY)T_YC4e?ba2y{=8)~< z&ItRqKVC`mci8e_lkcsxVrB?J30sdftvkKvEJ@mSv32t~#Zz0#ob?7A8D`#hUCE`q z3l7Kn@JmQu*duh)&vjGSZuf8tLQ*og;qkZ?FPfGAH=7@f8`v=<^Uk4j7OQr_&R~S4 znT_drW2aDCBQ}x8f=^%rC$t|H4Q>2{UN&fRu$gGXRRy%6;8OHs9&6BsTT9S81$6d8 zpZTJVJU!4q_zvw*hOV56zMF|Yg>T^<eB;L5PLbQ7E&LTk|HNnuiE6%?Xp_R#Xrq2- z^rIdoXfrY|)Z!|1_COok>2Pnrf9Rd}tw0;5332zs2<>c}qR0!i;)(i$?X(DjMTBtg zF(h13+oD7rAKE(vH%8D18uz=i=sP2{O&1Nd$U;Af!aJhwBgVJl`#z!jl+k^3?tLcQ z(E?Y{8XENK&dY(FyzJV(Ga9KIcf<;4GtpsaLqadaukKtX`TxJ>tqr2g6Vc;>=;}_@ zpW!d)g#uS|y0?!xjUb3CqprL*LR|7fG?5xd5MA|_<Tc4R1+>8%+Tx^(WS!CGahUU< z$5=x_i}0tv!Rbz2{1ZBi`3!VWlE-vlF8_NycJ8HZ%;BH&*8^!ayh#4S25AIQ&fReF zXSlEm*?}k0o;6&{|1~#BTRey`!2sD*J+f04+M1SXg_k#AW#kKEf)Lu4PwPL#1U=N( zT+|nZ36#xt9p_A>Yd+{7jA}Ld_vb8@9QSrai}m+$Q~kMdvFukiLh?WW@j#*z7kO=$ z$)i`myRNpYf%<m%Ek1O$rx}P3Ame{yN96ds%N<(w<LZyw4>cEU3COj<uCo7qTl$&& zf7kylMcC+uFx(sI#;>)U_=A{1Ar|(;|IF{{Ah~0|XVy8AAK4kkiC4(y!9D+(&m-IZ zb9RH6{Rer;Yb)Ky-_=%rKaRN5$<JSTxS!)Mj;JX7#d_Jhf18H15VUa_I+h^Z{zqQz zzrfc&>(_dYvb)d3p5f<wCH<NOKh`5*<Ugbd1`TbF&VBtVhD95xe%HTN^z&A*H5&^> zk>DjfI{8mVcDO~1Rbqq`G4{KkvPDwzMHWTrm;}1m9AWq=6suPC606put!>4T{nc>& zqZYz@v?Ve3MYgX*7=CYmCTiUoA(JoHe?c7Q#`R%KIuUDqXU{mkz<n!l`zH8%#>w?) z8(Zj`hQ4EQd+y%14$s((P*2NIzYvQ<Jioe^zO;!eXq>g*$7yTye=83YBnyZ*Agk#r z6I&#cBY#9DGl*)WBU;EhT~J@}w;J^bQd))nF8}VGDVf-!tDx_HFB8x==*5$$LK4Bz zO!skW6X*YjGNEFJPBrfI>Azzqe@-TlyMdKJ?gq$!EkyynTf@zDy?f~HpOXo;6Uei$ zow)VV*N<f)_(yQd6!i^A;f6-Px*MKIq1=hgwN23#tGNj0j52lwWF@`j+JIkR*TOs) zLdI%h=%<#3^0Wu>^b*8-H`FSLmsley{WnKFT|wJ)Gka}s68iB3lD_VE=ZmQH`EF5s zbQ%}4%@K!Ph;@VrYHu@lv=r|ADSlS}7C*_jV+r!yo?O0y9C*hM<k=y9p8JFRv_t$n z_Y;1af9L0{PX7HGt4QA3A?n@!%e)01fwnH^dfHBP<-rZT@AOl-0A%*7kvD=m73BE- z=p97u-Fa<=czx+V<~4<4yzPNMwL-kU^b=lFIqNL04S1vL!AtjsJtU9OvNCi<@A~^^ z;uvehndOKEsKfy!7!%OO_gwn{Y@UO7EXs`o;97__J<yf7jt4jjRU>EgIcPT2v|y8d zc=2`CbC#kuHlsGgxNR7ryFJjAYtda)G>7vVkP@ylLc8F-AbL?i*FxUqir#@AU5$PU z7_Rie-5^vXX;nZ!d>};h;r25NT@QNDoi;2rvQ}t?eh&E}(gAUFPe^BbBz_IxdTtVL zz@I`rU@hu-6`}*T6W3XDv_e0d3hhYr+Rh~OLkMI$xaJ9Q`zpjaQirH^CUV=6{N4_Q zSARy{(~*qUa8Vd44InQvX6LPTfPYdzT!yMHNMI$plB~l}{N~jS7#H9gNDd?mRbF2d zdw{QlsvoI2n8`oV4L@`b@E0V9v#APnH^gY9Ml9!Y4%^I9q#tBO(HKz(QI0b@;}=CI zuU_!d`D<OE<nlB5YM~$fCFKh_3vdiad_J98L)Kv^-I|21A@Av`6EN=oy<T7%KpQAM zz!InUC`C9SnlTm_b+LF7$!2mThfx7yD@yLTEmH12T`&Rn4H5@A10rHv>?wE9r6q{N zfIz>G1zl++dHcV{fS&RONkcw>DWY`k#~8r;BQc;Q`tgzJh=X7+ym=z7*<kCTf5(3+ zhlQ%T53(=NZ#Axc!`)seD&yrT_(C$TZTg<?q3V98KOpnkmY?LcRG)xXzCC&cPvhHb zzc{Bwo56p_bE;pQ)3*MwU*4S73~>kMr2r+#v4Xr-eeV_Y2ai>on@4}`wa<~<JQ{6M z-zASGbKgHB&l$bSQGqZ+a-P|VhLk+5zvGS>*WOm4tQ2E5#(Ni}k>KH|arZ9cg(!ZC zL_Y7I%9x^KCYR4(`9G(ltJF#UFGQ3A9sgA3HsATtl@6Gr!xCSLwC&e=un>6xpyU4= zdO*dgFdGK;{{P!`M@J~K3DT}X*Lt^X-hA}`+P2M+RlwXQpfyAm)GRW{lk}$$r$-?@ z=I6$~fCo^Ug!mcmT#7OXh^WBAytvVRS5$>4&jslSMmvf_3f%fK^iEa^sQwhte7z9C z=<JWA40?muwzqqxpzqeBdjxv9XDv5c$K&jt72qg-6|zB?3C1Jf)n$m&*M7HQ7(0v< zVo01lbmtqywUB2}bVByy!Hp-t$|2JLj=+nh5W@9?+fjTkk8E4;dt46RVoW`Q`d9wm zKTr=53UHL<8oq7-F^LHHe%(K#b1@p#a`X>ysVk+tv`$1nKqg8E^+IbFqCxsQ4U3UH zAXdY4{%M~?>I5|tL~6$puC!qcB!?)yk|M4m`Y1idwGyn!FlMY-SbDteKs*R|4G|>i z(ZFBeI1w@u&~DPlP!@qRoSt-GUB&ushIC~aSFTW9$Gpe2!=Ac@qtc%Afxb}o8j9%h zM&rb`0Cg+Sm#*0snb~x=2hd*dM-Z#y7pY%bM9g>DQu?)&YcnqB4&eWf=!U#$9r_-u zqAOnkN&FE16u9+K@P%+4l@XFQa_J{F^7w}~vXqO#!#hVp+7#HzzW?f2mLq<6b4Nvu zgtDPaD5Cw54ZTIQ_4`g6<h5W!zC7cga`rzJ-(g$g_35BzkSS6Af!E9P+7s{*+Y`h$ zko!X=16N|9R>s=~&bzvLhoxN40MR6`=LFQiK84KMK!jAkUHt>h?}P7xT%PI=3!S_N z{KF1JE9oDod&qh@)?n~1ytO0D6$Mmlz?A~<cNm5Jc-AYB3P#xqug{?R0-S)XwJW6x z$e+3qU(u(q$^~j&P+h`#Dzr@6z(4a7Zk@!Dv~~3pzfT+JH1_4a)AnPX{_p#R0iE-v zP?y7~>5KTx>&;2qhgfFocl$C${07W|IS7zH_;x&l0}@(>K6OU2={XY%S3|@AxU~$) zlky$#NpC*>5Fx?!@$Ec$97)qPL=*EnO`fP#{G#TD6^T|ty>pBt_F_8ml~}fY&@~&- z&y&L(awwWZ2J9gHBaTX7bna-JQ1yfvN?eugeT3MH!F(%|YhQ3ZZ(Kmy1Lm6#x(4_G zZR5Vc9&xNfuE7NF>VjJ9?sHZnS|H<gL2ax>t&sUXS*PBG(9a9`1@xnAo%1X(YCPs> zbTzex^Jnsecm%&ld%8u8=gOp`7n!_4?e>((pTb^JUttax=C(lxDOstZ6|6n=nDk<J z+@Qx0%V1f9PGHRi<R-O|tig1j7Y2L-8}>jk&5!gOq({X9)#!h)LJKSkG#q;A%FFzp z=y&~ptlzwI*)SgR^=mzciY^(aL7oEI3DFOne?4xjn=o?d70=(peGtFkd2Z5M;1~tR zgurK*i>EB00_hIm1KbII?LE4i*BTlS?}4X3UJpy^{!XO(K0ncYga1GW$W<1k{^$Qh z|LgxJ`fr5zf^!7WH^{1}newhO?~2<q(3PaV_q-GP@80yAH^u?9Co@<a*L!z%N%H4U zVs_7w^{&gj6hh2S#v6bVc+Ji4jE;%)mmD3StrvHm5;PD{9NPi3jr|?QYn;<U<bnMl zL@A)d%uXGqJ_YOVElTQ++dF=uyOCXRySqGb6xLNAdd5RHexkpxexbj8{z$ERW;f4; z6^M*EL1&>3iGH>d)n})0<p8(>SPxRbGZUnD9Krq3aohsdjc{~7HMchlNe0jd@-v>f z{mvS~@lO10=*5@i`~ZI`Iswguh>u)4XL9L;3hi9<{DmW;${N-8W}*n4^z1NW3YZGs znv7LQe;kgk`hA)QbNz2)uQV(4;(vK_04+p;5b=pivn`?pbeW{t4*iI{CGw&q#SoE! z2XIFBV2Vi_Ki-*Fe(9A4tzK!M#;Wzpu~IyqL`+5We&*6U3(-RQ7g8I*S3$l9c7|yr zYbJk2SB+5n*b{+{QFL|H(P|{wYIGgY$E%^>v6iA0JSJE{(O;~iX-KzZ(713M0)87} z8J@LAo%;FkC;D0U8~VxmuAgRz!ZnCf>pN-esihDD{5ZBD2SC!V@SF7iSXb*%e?4PG zULI=^@!xf|cls%f1?q9+1(6nSMGDqbkugJ8ZGj33`69=q^_%0uwa4D{zYf(^em<^A z=*f!SbQ)_9&<?pRuU?as{x@`+@=#sZ&r&`W^XNyq4}KEkGq2`D#@<u!yJ9nM9E1Cy z@CE06{~nhuxq1(A1c`FI$V@&rhu5=oM`x@PU9tIRH2+xFb5QR;*9l%+?nyJH=YSHR z>D`f;s(1W3Z0<Q$N(X+7%iVPs$A?r7$oEHL2#g01+d=+7<riy^q;UkaxDy3Hvu;R) ze4ji2K&TLOo;p15m_8u8<m;RZ={jEn(c3cAHe{XPF+uC0QrEqIn7x80G@<4L^%2PB zp<WLD$_+gO3D%8sQqq?H3_s@d7&l-Z&a@~x!BR<H{d2zbtpES4AJ7Mo3D8sB$wT0v z8lnWAm;kiv&LxOsAy<KHkC&gAbAMWwczK6=#=L{owJ^H_vWD0bzy5Pwf*LQxSui5V zM<B-lE5_coYah@veAivy)OzI+$veoI|NDG`7?*nb7;^(-B*g60`VdRRH@ub}%O21Q zXF25h0CJ5o^^C=zmg(=(YJzC%{h5RRC5_nEb}AUpT3U*y)SLqN>!sZK7vKr#E47mC zclZm>>;3y@ZEU&7#~XK(u`TEVwXO=TgK8@Lh4tWA56C)=8X-YUMs*q~gt?o^;dhQ7 zVg;%lBZM3<4+gW%JnaxPF0LO#*BT-0?#sn)yq>kEAL?yxQvoeh6(VG~_u<SE&o+Q% z@n&o!aa2q|&DoluHfAHK;ISDoqdI9CLfE7AC(@|xjojNQ9sh60fQ%7;M-J7!$YJ3> zki++Oc;o>5#B!L0<PKC(@p#v$7O&wUV{pn3^U8#jJFdZi7s0co;4z@83UMZh%)QBG zHp;#JZ{<SP$9_jH6}`x1=0A|j_jZ0D7pR4RKf*I=U8RC;73+KNG65{Yt5Tr~1CcfM zS-&e2Y%f?U1o1oeLjNO}1@i-V<q9Au<;k$OC1?CWUqQEUlnpolb5-ODc^LU}^clID z8n3k{;}^IOM+;c1yT%IWmuC?cgmlA#KQlHH)GtugeOyps2a2FF1u+GTj-qxok{-l1 z@F_VWa(y^Fui@4i$-))z`rnPm4)soDrqsBwr^FgZjtoW)RbS9&(l=r$z$esbN!j4| z3SUjmmqWyYUq2h82D+q?Mi_oYhY+10TG3gAP8iM-AqX*ac0`A*6oG1&gdrRWV+d5c zA`F|+(SY8!p>sPr#*Zh64s?dYNe|UL_z6QeIOx3yI>WJj5`mswAPoDWLtCF9l+hWE zKtqC1MQ1oHj0i#voz>BC*_0r((HRbF3xXJn&T!<R_w{@P3l2?70@W)C799K0dj>zj z5<rLRR02KUMX=yVM-SnOqO%w}0<8)390tLHLj^5Y?2pcHyhiT_p|cV?0+F{Hiq3GX zn@<oL=sW@)Ptp64=nTi<MFcSho#7C5B8V0m!G`1PV$>I%V8c<1-dFPx><{R0Swf&1 zCBcTH0>S%NbZ$jQ+%f{qXA*2U5|<-k@Dpr0I*?(b^%Mjfj%GKsw+%WAqhs9)0zG>| zu;FMx8^cJWb3b(WAW$BF&T{B@y^<hQ&>4;dq~^oW8IITJy%svdu?amuGYXwYqhkzu zm|=k+?fb4g6OoPqvVazPaghW4<Q&r8C1}o=LW{0;3EBov?=44nts=xwZD0=f9ksWG zDr!T4fWMlZXSfQY4Du;e=nZO~@T|`y)Gze}p8@)0KKcx@uI1<o_&<JDc_FtiCZZSS zDPRV<_ose<Zam9@pU4DXfiZCkw?;g%vmFK03hzIPqOL7qdMGP~xRHE%(SYbmRrfpb zj7wMkkxw7tsy?=HF9PC2yn3Ic_dlm|5*jyeUlf(VWjycu@A-?@_yd*LoBS?U$@_qo zAJGYVLP{7a(%_>ZhlN!#;MpLCqT1=&3dGEyHTbzw$ax`V#%K#|!P*E9ZWNDu;gvnS zr{oWs4O#w=>4fik_D1p+ENF4B-;>(%<Gx``|E<1(YN+nO`n#pbvVO$};M#wa9$snx z*q(t3sJ39r70|32%=G-)I;i_VcK}nm>I-EZq*O4nbiMDtYr$Rn`Z0ywQG%Cqym$<& z54uNEzvdK1OIXeNGoAmHwm>U@<o~7(;K!e%2I`hLhx;*Se>Ezok;1wIJb(N1b_jG8 z4dwDKNM8XRaeRhne=&B!x?{5L0Qn2x6GV1^X>j0qAiU0s@?pJ6Rf}uAD2hPV{Ac>4 zaJ8onk-ho+p}xB6{g3;LL;d}EtK`M{u9W;(zP(u>L0BOA%#fb}Edk#I`VY|o=^MKu z4y>r+jhz&~%Wz${cJLbFRmfZYs3j$Ce5FL-HgLuP*Uv=#Q`w;jq6o(p%TdjGI6_Sv zmx0#9EAW5NuMX-NV!`gcL*HGgRX{sDz?DjfO42sK`mp|E{CDG830&13=P)PCP{jd! zJyZ!`Pe?o?iCcra@W`$I!@hsqAA#0NfR5rAdKu~$qD~x(K<${cXxsv(18@>zSXdVf zF%+c-pig95xUzxQ;6j|d3|$ZLGmISK9PnyCYRMF}gI8UHPQt2Im^lG23OYiqV5O?v zwx~^@m!ic5wZW^~u)-VGQ&5p#SMA1kntZ=%X*cQirhhD+@hTxscHcXoH{=8DfT(ae zq84;xEusl{LatT@q^6J*BQC_+P%FUNPofz?Y(f2-qx*3sn!1Z>3wVrW`%mcu8NoPs zcQn9sP`uVgbXcQNI3uZH1cCJ}csHo^y;$z{AJ7dN<&APTSjPpPn52CsikM8%|H+lh z;1vNU$QX#19!v+w0$PH0Y!F?bKdXD8gh0<I_Rd4>0YO_J;snjd8jHF4pHO6p=!D8S z*^)nM37!mh>6IS#59q;FSjcPvUBD)=O~TVzpg$z9{+XPyEHUrQ5WRT!Dstr)tjva5 z4%WgMsDG@zy>WEXcU^!;!Ue?>zke^p0=za$`t;tt2x+nS`83FSy5jNAy~p8heL(~R zXiMP(;05fj0FeyF9V+`Exld|jS1h4C0j6;Vw<Xi>JuF2v2QrW84Od(dZJ;&0KBH&8 zM)jhF<gd`#CiXBrucmMpN7Udy?NL8~oL#d{s$IMu8@xGW_h3OJqV=93l86Al@#pPg zPXhh}a$0zf1X~$kSnoWAzIo#hxDr;#^V&X)33&JOzDbLLiV^lK5Y=EE!yXW_?yhSN zD9Mv!gnoE+6=&U)_VknhFJF5fBXtGY3my+|KcH!N1_9SE{!~A+(0IUpz{~u*HYxuE z`2^@brupBti{k}AKU_8MDkHL2i1EAI4*6sV_G2I;Tu~$AwVw9V`yIX65X2eX`|FMd z<ZfJ)e0%mtUejA2&8QDv9RMsQ<6?OB5$i72T8Oe>r6Je{m5XA3`YWx&RL$y)7`l%F zDt|aSq}m0JLaYiaZE$RbcSHiK#u9;9ez32f<1<9r-6L!QjiEQ*;&t@o&W<GC{wZ%k zN4v|f>#Q8;E$|qkPdo$uv%b1si`S+DmjFLW<OLnYwnpIvsf)c~?qbw8_;-xHJ)<As zFUTA07V6UEu1q9~RCV@8WmaHIc!xM@EM(RK+VpEYrtZUXo{sLqSl(4{K%cult&Uge zgY`nrNyaTWn&}>Af>r^>FGg1beRwqx_$&OZ7*tkC%g40@UONFwc(IbwTWk+KaSo^@ zt%Rhk>v%|>l6c9>Q%Z(FDees{hO|bQnIP*YWUjTICuaeF3_CJ<q19u6!(=|*d#*^v z+Mr1k6+g10-*1<U|GKuj8fh%9B!T|*>}5QnotO6@->&gg?|iiFMK>uvg4N*a>F@IJ z=eaQ%QT|?QhCOHl{Q!i6y%%t9k2MqMB(o8h?-I?YVgHBgA)pVq->&#V*4DbNvH`0h zag&TTanwZijAulkc7rhoSNX6tkQfg31G`<o8S;8(q}{x0dAjz3+sBrOJtWuw{*;`f z26=St1IFHcggyJAya(pkS~NaDQ{aggq73Jmq|HH_U1M)Rwh>%faPKx;{x9Xu(c!r? zJkPR<`w6rI{Gjj!;yH5H0+?F|Joz=1zzYgr#vpl;t733Y2iOGrf<n!P+JCxdgwZ>; z;+E%dWrO4PAGbxt1!PTx<Q2v%sIe%aHBTeZF6El&3DXh8ICLI`K7qeu(RWZgvgAg# zfTEaMKn`db_M8X(<V9MFcf6ViJ*aZM&95~C;&JeGz(uIt%|?=j$O`j|v<8fmWUU)( zAK)kUguoH#3DASo5_}Dgg2<<lNGWYX{q<H8`B815r#B_>ALsbE-JVqioWb{ogan$a z>753u1_fimqrkn8UWGt=Sc4A${m1rfiX;WL3$-OcUGPs-#Ro?e&=Oe_1-}Hg(KV;) zioH-l#x)VD{?t|T0H-LLz%TV|6C~NQRtY{8H1l^_2JG+IF2qV*_s@p5KvRKhKcjOD zYHu1BBVaZk=SSTm3UcJ+=-?hpbS-bh^Q(J+?(Y3y6o;7;SQh|1z!jU`;xbsNKAeZY zn!V8QqgbvtdSMM1@CC>I-A9PlfArEm_-At83u^rW$rW@D!a81mj;#%B6{0yDePIsw zR)t-FI6CXQ@4(s&kr2j9z-y>9yP&IZqyuOTPxXT@z*)#V?lpMc0$)pF6WoiVqwbYq zumLOw5*u+O3_aoM0ToL^b)9Sp`yS{UuEQ<B`bMZ4LQAABVLu1fh)1#*QSHLxAD|v= zhFYOk{gW&HL2s#1<59s{e(-@9*)V5uPk_j{?oEz^!g%z<?!-JoA60vdP|bBV`X7mW zKbAA*D@fdn>!(2Sq@)2ap;FdW9$k^DD|+BNZBc8h(3n7OKri@m(#rvdu*_Y!5{FS? zlqaKMye5XkEU3lxqyc(`Hu0U*UjF|)YBxnKc8y6%{&pQ9FLh9p{9n)pzET_YH3QK| zM!b{<?n>X}PP7N#`ulPHk0nN0;jiSBfG~l#KPtw@$P5|*x(_*yB9fc}LP>J}4p>!! z5xjSvlez=ahKLq)7OauXZOIxe%prmQ1DwDS4WIzFQqV)7ft=5THXyzM8-tn=tmj(K z)pZID$oXqBwjj0cM^xINIgVM}9>K>_x(T%WxE2CE!{`BXaNdCFfD9Or6|ewM4e0GT zX1EjU1jYx_+Pd=sbVv>9gb|m2c>V=E5w3TwMiGbh_c%cXT?erRv<+wusE4Z+)Kv=H zw!mf~>cF#1ysbda2Qw{@5drN$dGC9(kauH?hrWBKk?MO8x@IPqAEZWg{SIsy@=>6Q zmnOImXo8i(5I0hHVcx)fpcjDkym-ia9kgMK_(470OnnPH>HZWw^)2qhjGJ=-c9C@o z9KrHlCym;{dsI=Mg6zyY`3(93nnKBsx(@i)yPu)1!LsXKo1?xrL~R&xb&j`or-1Ya zIK*2;oXMpE@OL;5H-SfB-7r@Kcu%!VpmAf}f*C<Phwakkdx%G7pk65J`H|*Oty-Xa zaIDD7Q=pgk=_|^bFyF|h{-}0LQ9Cdqz!<P!Ud)2lKvF;%cx#X#*d1sJ@7O1yHXz5q zI}?GggzOYzUfBBtENTSu&lq)_yWB}|c>`kyo`GdTgg{Y;*7>5gEzsvM!^ZnLwrju- zoV$9VcX-8RSKfnMfKR=B2W=Rm{vexx9p``42IwZ(&{`e}0ulDlLNxV6dJ?$-$9SvK z7{AH&q99>hNu{g`M_N6zaNc|q?}Z7mG+;;f=pW~<&<@Z=J`IHZ0q7?5ioe5h0eRz@ zbfA^jZ*;A1D4_4mklZ1vAu$(w1WZL&t)Xfg&=+_*{G=+}2^7FQC~gUQ1<CW$3iS}O z54fN7{#0ZM`2p5_YJ@Nnh-Cn~d9$_4|5{Ez-wzwx3{_PH2~aWu`vbm%W`Xs<*nnd& zuC5Zm+JR^ADDRC|M-D?ggnqy}@Lp!%KkyweZfF_D$6&>jf5Vvr%s2pFV5Xe(;?O^D zJqc(6y(2v?wB1wIJ@El&3Y4aUm0@oT6#u83BO~{-|5|2XTjRJ@A9yYi_(OVJ%tu&r zfVqJ+6wnQ4MP#*uydF!dtLMRd1?vY)BiFE!vc`TEXGFk7DieiW4|Nb0k~Cr2kroA& zHL$b)J9&{~?&)iLYB?z@A^M-dL0+FV0_iG_0C|1ZkDqe~p9UD}&b2I3ex#=VC<4Q) zM4*m><2n3)jFC{uf%qD<2=KAD{FUmpcWnT@!M6W1eZbxoxC=D|@R;4(HTz9V{2Ar~ zEo4t!^XOlX4)mKBk-_)loDndB)B^N83&LcK#*~+ax)2pDVZ2gB)mNzX>7c))tiTSa zObNanjlRX+LKRst*$d=%R_Jq(80jGZMJW$TwhR;l_i;6|CvIUXu=PUJg)=PNCfOT7 zB%}Ujpq9E<^T|6%)a^<Cs7_nPUaD(^hI<9vp;nUM%no>s$3v|X#GJzSkY1$g{2@iJ zFQV6$%MafBf!{yoG{^z;9Z(WWh>B2vMyNx>$}${Dg7mR`$X<7IW&HozJDV82uJgWM zN=oZEN^77g>Y`apS+SB+(W1T#*Oe5FXGY>ALux!TqU1z{Oi?3=GCvfOk|kFK)YL#- zR0Xu~!V535@FEK@yzoK`7tq2B7Z3_9yzs&cqA*Y~Fp@M)fuwQMKEL~)|2*g1ulJqd zP*Offyz|by@4e?dpa19MoO^Fqf6Q5PZ3;YBJswnuM|7{T7h`T{BIX$*!EEYGp|)4P zp(w4SX})vAXd2RIdLC8>h027H*=%aD>CHH=w*P~WpR2Cgsz2!Y-j4V%#@}#lEQ`0D zbZyd~m-cfkB>ha-DRJJokEOCQ;M_CMtL?IDb;nzzr2j|#ua2(A#LBvMO-I%JSXrfK z<m{xUixDNJdM_}0LJ|qebq!`!H&$08y%<N5>6R8o)T9>D-n^1aui25YV4+=F(t@EG zbkm*Ig!~+DgcN;37rI)xYVRnhE)e?(oZo_KNKlg2&Qo7INFNBz_zu0GkTR#tDOvkK zvMI|kT~1*PHX?7Nx{yZcEggxqKyX~Ye`Yt<ycK>qE7p)BaJ7fyz;G-wRb8no1|`}i zSMZ)lOZ0A<Zw=719vSv>%L8~Jd+XBBr7_O|b7#j%MPhWARv^D{1ZbLX2W=Z6hm4b! zwLJo@_w5b|*lzmw%e7QBMq)i#Va5e0OZyc9>kML7()j8q&T=%itW|LQPY5InM1Ir; zSZZ0<b?4Nsu4m&&d?e@n<{su{KQaD|?_iOR$a|y5S%PFSM%VA}k*+TXZFE4uw5}!B zlA=dM)o&k{JZH&|4i7V+jZ%K!h+1$ZK1B=oXcre`i+!4mp2m(E52rGs(k6$jHZ@;M zdVk1_-_o&Hm1+#Ys)tZkwhnp`5!A7|5EUi$EE39GF5{zYk*bmyGS9w4q|;whzh}2s z{%+Wg(2FtUfgGRqdT&soN<;X{I<T^KY)3lePM)a;A+mk1Yhgxi<*DN6WQ;_ermG{k z>jLu|2NkQw=1u=RcXQUS9L+u!c7M>v(7u2C2+I>cV<Xn+ko!lxZY``;EEuw?vLcau z==Tr><Pk<xB(9DpbWy(vnd$3U{;DSXJL`}QGDo_ZJAf`i;l<F5&+>fM%M-0^e9zdv zzx6QyYttP9ke+7F>Q<SAuAsm+m~S{c0S~QRsK?I4g;oQo@jw@ykF-+CswC56xw=T6 zhWD^9LA$}EZ(A%`-ngETd(OaoMr&iyFemQfiE3;>zSFJd7UG-D7`3bjn1%Q&EsIzD zok*CqaPlea$2vqQS|zdxYli8gs!{|>uOym*<eE|45ufec&ptaQvGg_agq4`ZSS~xv z+74^)@4-lFx~QQ1f&A#;(CwBv;|;Wyt3s(A?WL96`+idAJVQv3TFf!AmG0UVeRFc< zgU9zj4jF9icq5iqc8a}^ihB-ZWLKXB3lmb8>k{lSvCWX3);q_~v{ICfP0398gFMD@ zH}@z>2FjD_oh9-FcfGvFdn4@d(YQDEa@-^PvB+J?qFrHuWY{RSsJ(W{7pRf5a!$QB z%lwO9EE7+@(spG^zL$2n_8vAoPrHcd)QO)i3MfXTeTcWT68SjaGk?9FrOr}GL;B_G z;g=gNzlkuC*pSEd^X;xL_&Ovij9IAgY&*C6>*7HBko+vs>`F_&Q&wX6XBUY*0PI<L zBy>fb(G0TEE~-kt<Kq)2rBlWM_gx9GLq>JldokCr-iS8%f-Iga!_=l8l_eR8eHE5+ z3&ncLAoE1ci}viLM2;s~Zm$H_*z)EMolyN))O_w9*!EH~-amQoZm#$Cj%|2!br)Fa zg%?Rov0br4nZ;}wo(#%Bb}&>|L3i!inNz7T$8$0TG9ShA^Z<7{R4<oOIVidp+jvO6 z;Ao$-3;9{|!Lq!IL~?Rh6MKAT)JC+@n-Om){>lQT{R+;LuK7Lo-jM0^$k6}e8x|iV z)q~Bz6{p#iN5sO{WSv8?x3uT^vhb9$>~t*m9*SSHqmuG+$6|1n%FG=`GADIboViZv zuWtp8+9h@k;bgu0(K)pDvVdZugFJuS^Y7ld-V6H$E8!}0SV<4RNr{qoCMr1U3oY?J z>K!6Aeg_Ry7v=R&_}NMvH?)3-EQQ4Q9A^`EjcDUs5YvQrre{oxCt^41T5!1<dB$e* zTXCK<jO59@4EH|h9hLbqG!vm&DKz>#*UFGsVtb`qg>8@XK!*bjJQC*;$Cg^&eFxL= zsNfF33pddJ;gHpM?gqfFa6A?SEqiZ{0*;oKW9|2B*no~wWT?A@mX@<q-iP)(;s4j; zsf!`|b3q3+x}s`&37%@+YRi@tbiJ`@-k(@oFOdq5DOWI&nN~yUZm+9<tX*_=Yfr4= z@sPXru&EQ@l{V|DI(sWPV#f#4Rrh7RwMO?4WJ$`|$()Jx(CYO&a+B;spf_g5CczXs z9r{*%fo^9zxe@O|5OdD?jKgSk?xOtN^$WGWyIAN!)<djdZhNeK-JEx65fY^&j3!;3 z4|Q*9ON9%0=W0tqVg)qhU1pHHq8XVzcXg*<Bm{I`S&!^bg%j>;OVUVce5Zs~o-EOB zO^_5KYxhDJPo1e!JHmEd+vKRz1fMm|v7duoV(GQgrEGpVP<5@*u6uUnapYRdJ4jBR zHygopuct>_E!$=nV;nta4q0-Sqq|%DneK(YeFL$u?oREk8!4o7te%brwhZG4y34&_ z=o<^LHqfgghHZ$atI&C-FG*Cs9t7Rm@!K1n>y-PJW?=+Z5YlBv64?tF>v43uiXWEV zgbHB2ulyQ%?o4;B#&*M5+3kfVcXN?I?o%8`j=u_45Z9O#G4^ko9ptlohONMe-~CqW zyt*s4*F`uM`GLk{H-B9%=Bb_9{mMvXaVjK0kJEXd;>d&Tn)2Ays_wS9*OKe#!kg(G z;pzt{8^UX|KdA`28CogV5)?%<YAgFxX2S|^iE+vg(J{3V7(gzreSR6gk4FsLi1WI1 z*IAO*Z|CPFb1v;AA&-z`$+k4RqeWsad?<d=H_WTj)mdTn)AgJ3T5*Q;I-h(k?3WpQ zUH>fkSw={daU`c%G`M0f_pSXfY-_0gR^6AmwlG&38IsM=+(?KzX*v^-RO`Hmiu`i3 z7#Tq+(Gxr4k!$Hbl&%h&=A|2!6YVXQ_A5saN;xQ%2RJ1?5ZPz@2ztmhpZ&%+YOIqn zuQ5_<n|KGlm2;H65BaF}LXsWpjz;#t--{UbSX=RB&z#N*U4b#qRF&DXeANV&gH)K$ zc?0j<t6(c^^JwJ6pNYTJTfnBMl3a6v4~$Um&v9<)`&-PmU9^V(p_@ysJg9V->r&XS z>Yg$umlRYj$%k1H<w(`9_@wBhx_qXUh>%KGzSQ)>y>lSYMwCcLWWM@Nn41`CdOjUT zaNUEi!Bm$#dxBsqb^}dtm}?vGhyIOv(m3`?y+(fs-W(5V9br-PXo>NMt31XlJ1n(K z%(dgY`tFkZ6QLDJ>5+J+^OT6-xW=`0vQPUP83ot%$mZRtI?~#nIN^6+ll|%lE|xY0 zZBunVciccu8|`sm`jz6YgDbHQAnEqqBNXesCdN655leCYrQmnD)eCDCzQe(#iTd;I z-E|fAC_f%rb)H}ut2*bJJABfgcD)#DaXx-&M^4@AnSEt%_ljP}d->|v-L1=OzUS9p z?nA^wtiQ4KH=;2-CL(JEW%`Qtt}MuBjD$_|rI4$1jKAQ$tbYw@?szLh?by2%*_<o@ zpX{%PrQTkM@t4{&b*F};eV*R2=v)b!yaxh(gTjiTxk^OudMFnt=Np#9LP%6Sjq)l0 z`qs>)y~@7AUA90>)A}>0<o;86*A@3jlnadaSM2feT#^y`$>P*w>wBzM6_3Zx+qJlw z_Nlf9<2A|5FSbU;W<=_b*<HWxT7>TXIVA7BU`&71@o`zf#m?1R>&v3<Quaq?|K<?A z^;*s47A08w^7XsQcj~^cuR3wx7A=>(ba_$P-Bd?m$o{(8Vhv-6PHdpQt8RbQyRIJ& zlB%Ym)*7NK?X#X;U1GFVudZ~D$|@jx@1P>lRdzqWH1FA6F-yOCV}$PRsAL!O(&qTv z*Jq!C<wG^T9^ATm|Egf}H?k$L*}k$8cGF+a+YF>955X?!-EzmgBZ2#0jMrA2e<EVS zWAT5h{rqsRuUqQ}o-~%@FDq``sR9X+Ln%tI3c@{abZu=S^VmKBM=AEf4cXrQe3x9( z$aipl%XM8tG|uC<H-@5kzCqMELo}u2hwB|><?C(C{orCEHsy}MO4uJ3xDji?t5N;w zZbe+Z@pQ!M#rS+NY;>iy)s5D|6c@0xt{0<$z6UUyYBy|@tV(&bD-Cr!rs9li7oCeG zjnz>ea~35~K+d7vbmX(D$jZ*Su4C8SqH$>d9&+%Wz5cp-87rAD?<8d}#zGPwT!okq zSF;O|cZ}UlYB~I2s4ub=a#nwIJS%ecNGvRKKUG=vdcNvQxL`GO{<ZwY;Lv*mma4PI z>2gN(lMY?7pj<g1QftMRO4>1ys@#!7GmfnXVM~mudRrXwcUDu%orRB^t^L+KxZ0|7 z_Su{@&G$RJQFBlcdDn+BnQ8iy&vB};jU2bTr^58F?5>f`L;HHrUS{ECg<aPvj#HVv zP!)A^G5U+8{XH9c^_6$nqP->kLKS_fb>R_feXMb_CMKWu%<53sF4SulE>RIm!^@p{ zx8n{kX;<TtaTY}GTk?Tcuzu68_=^X*i$wnj9O7@^mBPK3k~{VfF2sLquxp*dbNNBt zrOEh{)f4;VsGCduZ55GvoJ*rc)BIkXKNRn@YYL5tKlXZL=TADrqp10;iE+yn>OL15 z(3#XvKFcy<wEK4L>HeKA#&<{PlRi|1b=L&?{eOBH^LD1ui*{4zHUIN>rn!gXkUUMV z>_#z{{X|GtXyyEh$Wcpss?REG--vTSX6#d|4XVND<8oK7QpRX3yNb1y^>=xwW2bt= zKHJr^I-+&GC%Q_@To2md7prt9f^J#U{A@(W;}XHo#_}-6EW4xZ8pvJ<6m;)ThYU*Z z%}#8}NnH$A>UhP4I43)`)`PkOC5q0+t4AL4wsCGvL9JiWvNsv{-kYorU`JS}`^E0y zP@DLA*C#@XvwE^)&kug@)_i{O!~Za!AN<xs`TXG9em$Qb{OzTDe()#b`Mx*DbAEaK zIDYr@gWrwk`}+C8-~Nq!e(<+XHoMOcelwoq>*ojmd?TM9eCHGS{NV4!?|y#pXP?aH z2mdgB_w$3l|HXWM@VDZ*zkYu3n@{EQgTMcDK0o;FFBQ)ZKAq1GUO%7D5B_fa?&k-; z`%*qX__LSt`N8MnS-gIJ@H_FlpC7#SN<KgMM_<k72Y=_^<nx1X{kP$0@jTy~;`MI) z?&k;J@kTyB`1|p@pC5ed*Yf$nPyUB|e(+EJV?IB4`9J0JgTEfX`}x6F-puC*pZm}8 zJe7}eFRjh^f1>sLweTLUJ*C@X#G=!zJ?&bb>UuZ%-4k&HnIS94{0&;Mmyaq!og39L z+;d!e)xbg`H1{i1r}$L-CI1&r9%)D7CtU#E!H><T&dDU%9i_f0neyzX53Ae6nM2PZ zUf-qH5sI20df?#p=2}!TT0=$#x3}CX?voLe=uTGEm5?&AkH_cr|D+u0<#>9+DcE;D zDnv$nI=+P(@-F&x`K;okydFce)7R}%!{6jv=;=(%p}W-S4tdu3-YI?{#+jm*Cy5TP zKKV(z-K(h%LQmI1dSIbr@BXwyUdJf#FwG?v`thjgZT+5qTpP0`jW^CSH`L|Y$@_5* zQQFcaijc1#9X!TQ&8_W|^+@}cv!q!PxIQX4TlM^QiywP^uJN>Xu8+2^Zs$P?(Dd0r z4|eC49)A6Zfo^?o#QovL5MASTdN8O_Q$5?3YJBQy;Q5d&BZAUHNH^QJgt^*>K8qU7 zKII|goLpCMy(7WXK~sjs;r|Cgohurwdmdi(TuE{Z=4Y4n#THNX*X<D(hSs5l0N5Qd z3Is$hRFtY}GRLTWYup}`eMh#{J}dOb(K8$MO$mMW8%M|9Jlr&WFKEgLwzo0nLy0o3 zTt6b9PxctBgnclY^3JPaFJx{+J>3^e_p%crlcVi5%k_Q+<WtW@Ew3lXu$HfR>Fb_p z-ft~lv{1Jtp6R|;v*JKLS4^{iA-KW5_xfyT);mASG><)3`puvl|G=)`+xc(G1zWm3 zz5_3*JJf9)iUz77$}9M}FF&Zx3L`si=<Vc=9HETs4((|;SXyjR<=Cn_wAwCv(OrL) z1Im)YP3WS3BEHpoC-z{AbhUHr;~~SPsAj0*)DxwG>1W$?EI{UR6s*l7fmJ6W;*xc^ z9u)Gv99=B>9I7kSmrQhKy@&dVyN|Hm<EjwusIkmz`VMO<x_1os5MSN>Ydt=t)0Iz) zxze-itE~*=YnNi)Sso_t%5K<ZOQS6<dt$0Tn}#)b*+E7!>~SsR;`{7-Cna>$mU}op z;nQou$+h-(JrS6_j`|yH0w;9mOKcxq8=VzPYhM=6=#)M<-5>4AtgD{=Q#(wN?c!J~ z4|M-nXqxUD(Sy~)Gl5fm`LPa$PO%X60({*Xc6l*qR}T*x!=90VpD>*^g0IrCmep~F za35KTvi?)5P6my+TBq)xwW@ymI9*t}DoOU3GizzdrZ26Y*fX2P)y}9>Ps9GvgxrwP zD`7wAKD~^p!$?5|t2>%NIawH5-JeaA@?8lI>YY4`p?B;T489WUwm0he*sq5?hW)_# zS8e~bAKLG={zERX*=p2&zZ4w!{{4L$Mi=$m{Tx8P&#D5wFOV92Fe-9K2Xu}ck8HpC zhU0TTE5~Bj-M(5ETQVw&yNz~~<@kvg;UlMF#&e;Wve$19U|mhP*6$+Z$iwj#edjtq zt7wb_#bq_m-{P-71K-u7=zM4Ys^!S_xM$2fbRt7l3wSEofwO|~PKe~zG+@*`b3mg< zKD%=T3<#roMZBNg<(YZGG-Lq3wMFuYD%xx9w~~=GZ@ONXlP+>1Y>P2c>ZLC9ov67M zn4vpNc^+b1ZQoa8G}-I9pq||v@RCT<*Jx=oB`$JK&3PW_`ClEG-<?>HcrWu0_5J#@ zHqF;!-qQ1#qs}14{T4i(mcld@j_~Xco5%L1N2{|8G^Kc}7zPSmX!8y9O6;yZ)tq3f zX&t6eIS@Esc2<>BUTXfJ^@x0GEs?Y9*(E|yDR~@hwVM~nQ=s_D&Kk6GAncHw)pzw0 zvW!_)=E{9~N@_|UnU|VaLpn6>FYxY2(zho?;cKmL5v|1qQYQxnQ=JLV>qF+I?`7~N zje2a55lbOcA>)*-Yt`O3CatT2pt6{XltWK0&$!an)ex6yH^$a!eR<48xuH?#u_^Wn zoeBwHSLn&QAbJzG`Kg>;I$DoUavy?vYe{{dYOY$G9T&TE%|m(9P$%cy{m6%x3%%Lf zK_=*EsE#?jj_0eYJrzBv{)l*zf#M53XXKVI2*0cwA3g4yLp40tP366isg36M0IK@U zR*$SNs*2#frhredd$i3er=qr3N_5sxEe0jni0^o?&|;pVA$lj%!f%CZ&&8}p&ToaD z>bR=i3fMX*{Ms%R=!5SVwaf&uODq)H`_YC^#}Q;GVx-=_6tqciwUjbW)-eT6)um<) zRJAJ-ITJManm77ip5dh!f4sgz3$FyXWz|>Hp>bSeqTTEV^)vL?FMJ^LxxT6AoAvy6 z_U_eszS`;y{Iy-9*}5hm77Xzm>+~_+UUUNncGsL{YpCo))pU&6fGe$e#<qP8`=L5h zUB42(l>UX(gjwfX9&KH^m&0244}JmG5vhc0Ua3<BFC;0k+jtMp_*Uj4*V-|Tge<4> z2Vak_*~<(<J9YAz^H5Zx7&%jUWwmJQ_C>H5{GOG6EJW9+zu)#Uk}jwe&WH{qMI<L5 z8<&KSA|_~bVV8E0`+mF{fuHy~$0<kfUt|#7>#i)7Q*k_NHahmJaUA*+Mv5nOjo95J z1lHJ&ShYO42VVEd^|K@@TgEa{MoshVA$*EY>lxG??P{g&V#+Qu;^N6f#o?$=G{Sqa zqH-?&?q<gF4rRN>a;(|AGReyD##zs{-<-4=bjVDqO_93#M$!P^u$M>AM37FfB5Z|k zyn94+mEHzbN8$*_JL)N9POt4$oX5OnZl(A^Er;|tQZiI06Hg~*F)P1gVb@y!A@cC4 z>`oar^!@3MbuyA^ApabTJB-1Y^#18m!=WRr?3AnMr*fmTJ>^I01lkXY>GXv!#ue$z zu-QtSYm~gx(%l!`lWK}ib|77AX>?}dt|Qzg4lW13Wj~v1l#x8$Y36klr~6LSy|z<T zF$$LI9?N2Uhg^_*W{F5l{^U-XZQ6Yf_a3f=PQkOT=a^D@4CNg4YJmL2V=AYiv&m6j zMc^t*>8@P2nRouDI`j9lsr_=+G@p&JPlj}5J;)3j&5k~m)`b>B<#CqD12fL+<BQL1 z;_4yRXNI$L#i4RW?PbQc@%-mnyTZrVAD3go$M~4z)Z7{8ZN<pOjPWBStL5-J$C`YG z<uIO_x*r|-sI5mW1sA&e1y&FD+)2^B4ZH|Tz?R8$S&swtUX0(c2UTUlHSLxJ`^bk? zIi7006@*ko=Qrg`R|0htpRdN}SQ|K-l^WSnxpJp#&hBhIo?{(t@i9DJwE|~=!O)F{ z7*DjxTiKbZvxO7jv30H-l>TFW!aV1LRz)$_hem4Mw|Q-+@&RAS(zH+1-H5*Y>{-YO zS{<dJ7fI0J|HJr3f0xx=H>xfLR<Fc00uSz7p|=wEXxP||BlzZWNYU8}v+0`YVLL7T z=&d++Hnx|sr^Z;>{Ce<!d`oRhD@Q|C=Ym^g{$hg#phZPjRcGZL9h&9`Gw31GJm1Dr zM?+Z~9Vx8Uy9@bL*1^o~DmnMg*r=Rwh$r%t;T4j8HB|FJ&tpoa9~=+5)+aeR+uFA! z*N>N(H~#ug#QoL;FW$p4yEX=YSlu}r7Q%Wvh(i~_e%rSm*H=^4@_yj#l$@zfq`_&v z|7p;(5D}l67i`*&=N26eBm_UOBWL}ta`1-CG0cT}qM#kQg*sDcn(x&?VO${!*%k<p zsLYtmtQ-_i&MQu~+kNI~HB>5Nw1ALgze0e-rW3*6$v};jKoWAPJK_isY^=xnshv65 zVSH`Zf8c=JgIF#!qx(ptrb|WTB>KfYe-pQLmb{T!)t^#^tV}&MC246j(&&3f*x+KT zNv+*y<hmT0`LW&H@U}Q^BdC@1=$|P@l}E8BV5_A8&AQsC^SAQ&<8l0IZ~>3910*2S zsLw*@{jAS<E3^&skR1GK9J3jtq;=Kbf$`*%AZkhDLY%i0JSiSg)AM_t%iNsn_+abk zj?wQM=NO-C>BmN~@cf*7s$6do?v^VqdF-#mu`A78!DD_#9=8$n!dK=avXxrCCAD!) zPCHh4#W``*_MYQQ?nA2xdCYRl!_YD8^1=RnC$Taoy%rTqj)Cq@w0=ibc&_-S344+J zK>>Ae*b$NEJ{;d~#96hc38j%F7}mA?Ji7_qmh}o5k>`<z-w|^0lN-w?T9@=|4C~if zRvj0S2H6xdxLaS2u@-cIY&>NQzwYW&SE_IwJtL8=Z3oVtiZhfClw+Z{t@xhG1e+3) z)^f!rkH<V{Zo7~t`H*5Bbu%@YP<^4zKZH2okghDjms6VPk@{%pJH`bIRFmv&Txk7# z&`K;Q=lf>Fu(kN4AB!DV$Rf*CI--l7wRR?cvp&jR$8ev>*|8ATNDZc)Z4tDthM|Zt z6#*IX@xYjjh4~5N($h88qb<eJj8bJ^@YC`AN{gpx?NU4Ua5U4nda49Rk`;G*Jj0R0 z_KTL!hxaO0CCwo9nV=e+Awq$v9Fx5naH;G8=-#4m#)@d!iDk9gm0#1mcb)o#A|%+a z`Gu_L1xi68-m@bN&sv!wHY@MAE5^c>@kGWY8cE}>`G^U_>qU%S>sDi$wmN?y1CT!1 zu_1lxo+dA~eG$b@bbl&n!z)2|Wd_Jov~_!siUY&4P$a1>!qO?%rSKN`(2i$aGl%p_ zbQ;R&6}ibV55hl7&X6EkkPsfLrkb1`0n@KO6IZ<-4ZDU5+w4+E(KY^j+Nf=S3K}hC z=U<gHRN5*_F0jXY<68cbj=px0qV(&Ym5`^j=J|LpJ^$eKe9KMOuV?jw$GQXV1}H9i zXK5LaRW%?n^(?@qvC)istZzE&F^b`3*KZBb;WePN1X;*z`mP2IinPuYpo$I(s5{I1 z@DO~0N<+v2`pcH^7jrMnrlX}yM|hzft{37s+wHg{?LG9C$xn%LnGH0}H{vsL=WYi9 zge5jIx8`A$fIF(`{uZT&W3AmxN_V$_KJJjA4jX==Os8AHFlyeB`D<-#%3Mu%#UP$R z30NlSfx@b3@ix(=?{!y=?7<<itY1A!pXR)y<<$-iXaY@%6U{PwK9#on_wZZis%2lG z9Frq?!b|op#G~(<g%6m=at!woumDC7?h1W~mRYgYH79x(?hns{rf2K;o;d1q8<o}R zNEz2z9CXQc;n_Ps;OE}mE??99u%!u2l~Eu1u7#&)HELY)eR{`dg>GzzeQhNbWaP@1 zh@R}Ju<b*4S--f`Cay~Bje9qI=zL6DAY93I!5VQ4e@Ghp=KIurmvb^zWS0K=-iOZb zxFxHaOK$BiU9PSbcKH5Bn4i+yl#l8v9$_Pz1IgKM@qXxuzo}Q{<NWmA0OG-$H-iCV z6}Zu6%HzhVk&P(_R5Ts)#$zG*h4{a|gMN6KcSW<x;r;!Jll(nSv23@Li+YPXr$iMZ zEFP{^K&TZS2t(_7w0oD}l>$}e4MZa6rZsxuCv+23-;oz&jj4Dj+suBeZB@rAF2g$- z7Rs~o%Jo}k+D{k}Zg{#Vzh8})^MaC=G9xY5-LsFOe&lkSYn*BOqlp3_FckIqB}1s! z+oUyF0LS-vBPu$+!&lv{aK0yc)^}o>xE$_xD@GtW&>J66W+0S?9;~m_swy+$qkB){ z&U4$&N}CbZmlbD;lhWq6l}j^6n)`zqqBQ>XnO)R*CoqTJizLi_qsrA-`JlXbDC?2t zO&`2N85w4I^wG8^)xONs?64K;?%sOhl*R=+GIBrI(tmH8vw|gm8uTyj>ePE?X60<z z=c(`7tL|A%y{sQ(kdDV?GBoNv?f#3h<C5cGsq<!tWxn#`;CVTuBE*%HQdYy+LcbEn z4#+zf;{RH3rwo~^l&LSuDqecULh2l)^z7j*#h9Y8sh+WR?M@-$)A{gfglYms)Gjvp zzJiRi-TaT%io13%3CQ2*)a1?}J<m&7beVx*smiN`Z=CBL8>Z@Ghn%n8NScN+YhM{8 z4PAd`B_6Rve9-%;u7=*rD1sEzt}F#zD|zs`!6KwFt|?UH2Q~Y;Vs{$Hl2`cYsb%i; zgV57Tiv#Y!I(|EoR@JQ8=#gRRRKI;o??x|Mhp(*CHA#+y<9UjGYbYWqKg3sgDlId( z7l0?84%)O6i*rkQ%nf?XJ!~Zx<VM;XfW@-komi-BjlYLu9<z8a_jKOG`4`%8KnhvN zQoHA3zH3F8iL0UEmw4peXz~2hz_s*rcoODF!m8}ygZ&Mv7i>LPEoekOqAG!CSH_z8 z>Tut&bUj8P3Y6E-GqWU$&%D^u&Rp3)Q_fXWD0>rq_NJF^Hm1OzS7M|gt@5yoOjb8O znl$EUl3D7IwMnXE5a6$~5;7<(5L?n`=Ytx~FJlPbrEMVLyw8O+sg?PzXK@~q(tThT z;y2~|c{bn5E6GzY6g!%P<?QFCR?aTeP!!WKJe3HKcgFf+(0RH2>-LrkFm6@`4DZgS zYaJswY+mbW+Pw-+;iv9Z$v#V~)yfLTs5;WFaIT$3D)+UYmeyR_O08X1AizpGe9|<Q zH?4EarPd{wG>qetIq|hT!~F)hAPXZlpb^ilv%0ZSe+$W!$+9ww{LaQtMego7&hdnd z<(j%OYiyUOWdu~;ZQMWXZLxOL%oiJ2N7kCn^YNRWMdjIKr}AUgTh9*U$z6_=U(sDX z2z-QJ#)>uiL)XU-_Bf<tW!mB#ZI$>rhALC`l-*q-kgQ?Iid_5bCzhz=ibXxUyQ|r9 z`fR)Qz`W)9iZu$i^?DW(#;c(bzjTILN}{`(iyu0(;9cv`o<kWXD}~@LG9AwrvJ>E} zh)Pu}k<OB3^H^cIpEP%Z${W4QGVh_k9QW(wX#~qbfoe9eM&rW~=;nQtARie38XuAy zoh-DOdjb_ZN@`1q8R3<`8O^ce&6XBoEeJ0ey%xS=IkI<MHZhD?j%v29(x#DhMlI3M z*G8QS88N;dc%d1`&~QqNiG5vvl6L0DE!HD8LNeVIO#HXr!()4^djy(k9xq1IND*|c zd*g2f4XdGRMp2~m3Y)m;N{CSyW8OZ#WPYOcH7rh94}2&W!4Jz_pw#<Q)}VEFB1S)6 zrk^O*IERC4=h!^S&y|B?oaBgJyV*2;APzR-TcZgwcp|>R=O1Y;d$XlR`)ePIOog5q zadG<U40k#HtmPRTqgD`#Knt?>ocwON4^@-+1~x+l&XKdN!nyEbph4Cm+%3vJ>~-$6 zc<OF4Qtr-MX3NTrO1YBHoC`WipOqim3sn!S#dseM-$sD`zDIjoNxSo;lm(eGT|@i^ zo!R>8l^=RoTDL(fIy?K8@*`(*=$H&t*rvP+dj*Xo_v^`&HiJ@fTxOZ(j3dA#-@(eb zc5j?LPd@hZL-_FC<8tZIu6xe4)(np4ek5qX&dF6}W5{-#GU?Mjd9<JkpX!wHK{R5C z=QJ*8?qQvQVDr^l^)=v`Gu08Sth;m#2VQ=y)r02o3X@{fR1QGS#uHxMgTQ*|#M!Qg zD($*9Nh=@9m9PxP%Jr1=X`ab26;E`{n`Ev&1mn~_66cFTW5p)22l*LK1LN69NG0#> z2WD~JrTF$!LEUWp>po8fJRnjG`-i^a8VYRYT6?4`8Lf@eQBVijnld6NR;f?JQE)_E zX{r5u7ym5_WnhWJ@<4jY#82=;vq3>hYyPMVvNINFgRI>7BJ=25R`&@_vah8$-_`UO z-DyW<SI^ll*!Y9seI>X->gw${ir89}+i3<Q4A0)HT^}PG#xv!)^VooN@JKs<_bETq z(c4u>+?QaVcsJx*vL!HT_#TVcAy<BJ*F^1o;1l=kx+C(P@_FTbnfq9B>cBYz_0EL( zx@qKqd$FUeQm~*p@2Gj|XC7V7>^m>qJe@Dv#+7$sAy^r5q3431`Tj;k6EMd83#y6k zN|F39*Ocywqdh}E=Nz7MZ12p;m@RitmtK8uJ4;?A&yE%H0pIaOJKfnmua4YS`@Nzh z-JI=M121`zU5h$6;$A6aji5SySW1bVY(!hz3$asGFmlv6b-Wysn`I<<W4+hfO1zZ$ zUh;+ef*y|7NUBfERaiwkRl?E>Qm}4$ukDRby7qu&cM;w5*=v}`IKJA-UojzZFZY5g zQ=~&yS6CiPvXq4h$#Rto&6KM+!`C*@+YrygnM+btW?JMS%;(;)bR=xg6&PyfmC$(N z^wl_zh=fO}x}<N)_qG)w_j2TdYw;P;N&CIm;vDV}zShbDOXmK^^Pw%*N<7+fX`5b* zk<{Cue!ZiehYUdW(Ore0)>D_QX?}WWe|f6pnE4`-7{Y6L*i>FBJrUcG)!9~Z_?K5k zu#LWDPIV_7J@Lug<Avw4$Kns-w=!3don@?F+Oc)7s~(L$O=25bWmOgn+dtwD)dY@C z$iTaEY(LkNr#e3T>OOmff7NtMyukilr#=x^RXrU#T#LToW_WJu602l?@M|G)#S3=> zyQ?%_p~eQSC+%k#y0YqTZG$@IY#T3y<sTLQAGVDzM1{B-*NXkEW#meLQKM<T6me!V zeCkU0PFZm|FFO^UMosDpRB`9Qh(6j8G!}i_^V42Xj+%W18t4n2yW^&QrE@A`Iq|#f z&x;Q#+OeKf<^o>%%L<!#R<72OeR$;^^rzA$o8kH>W>Eg;J4bOPK+5sS-57f#`RvOP zx`@z3Sk;x}n)Q9Vl=1cN3#H?=qC9?YF7Mcyl5#CYsLVABqwZ|EC{~v{qnqX@VV_fd z7UC(|$(<o+QTYIp(Aqgt8kT}GOsWR*`Lk`Tn7^K`Gc-k}#Xv@PsL4A{v{Zb#&HL0d zb!K*M*Jf%BN)C8Kw=1r7y&D;`%l;q~AYbH&*E!}+<z@TLn#fh_N_j{oWd_-;KvYX0 zdF_azW=a3N?`G$~^i6!lBUV8#$Pzu<Rv%t}z>ZxB+0N)ztLiFi3664C6`b+@O(aL> z>G6m^kHnR5cgK!Z@&`Uw4K7P{PUFm&2#YmlrIG%mTv|F2BFT@jZ`V6q34>SUH}LG0 zQS6IKkgA`fxJHmGu0J0+)QPsMD9*E{kQ`O{8IM)}J`*#!&J#82D=;Es_jg*-S44*J zCkjOk^!NETt=c!owX{0AT<5zd=Hg84!_u5|URbRn>I<=<i2ks5x@d(P`p}4^iuEuK zlz}6;3dhW7Sa%}Q{ta26yNYEO6sj3nS<<z(65Fr6lsTz*AFhgPiK{~^BoS{!e>_^c zoab4qTY<eNg75O~OIR2&QW!@b&P?EIqUMp-p341Xc}F3xoBFS<jJ5yX6pra0&0vi~ zXfTA3+_4WV*$A4R-^pxF#Rz(K09PJRe+!3oP4Un^6tq{`Zz)aT47!*1U?-ySO7q`$ zI71rPHyH~%Y!siz&_;;ye2kd8#P<H|Qt5Rwv;kUQX?f3U2bSWKOF`#y&_fLmK49tC z`E*AjpX*I5UJBIc_NJXD)$8i}<4T<qAx++42ei{Y;ACmwMtwJ_#0g?K$caBF=8r$4 zE#t%fZJq9LY3uhizS{rQkk@*vjdGWX=u$?~kFD--qb+ruuC<(`cgdTFB9^&fU)8XW zVb@)+ai$L!P$gUDno+E`yEao>sm>9ymiKJs6JjFs5n+W}8ejgCJwL|i$6)ayFUDdS z>(Yo#bB_<^K{A)3j**X#cgAed^!io<-H>f<yP~wreH0JoUwIP!c#Fp3d?Zgq?yj73 z9Yn1!<WbH(JM$vmt;P649`2Y)zUE%1Dk*X^u+$NY)wx{Hm*&yAyP-=h#mXeyg+!CO z3+T9fUHf7GHD9u?*}c?R`$LX5zZu+~Xr5}jphEoYcwX7}yz@qx?wV>7_BqDuwUB6? z%awk%{~4QxYo1nOY}*wYB+pBP(Ml@UXyGCB<nikCT4skf=Wsgn_OPR}7trmfYAhqg z{yD(zr~I$KhOX?xxi)mr+e4mEu8fp=78@ncBm0A2FbB^|{<_z756ez<51HLCN~u!l z+MljP8^#s#96fi63|OcFZhe&KXRW&Q+pEF-_zDOZ!u174VCiF68|5Am#j#vtB#sW* z?>suVXLrx6v4=c!%(lw)(A2;f#Z($+g0`B{+3~nf({~~+Yi(c_zA4TO*V3#X;0M$w z&@9VFcKqGX3%vhrdFOll0MEJ@_ZD^SgU1h}1mhAjx=4YRr*VRNMIMQW{l$1~1x}ra zocyu)ztw(zIL2gL(9ze=4C$X^Tzk96Lqtj>^Xd<^UH`rq!rI|jYI!9(ID=}MA5GW~ z=j|1n*vEjsvmW?i;S$#mjQhkmE@fQ<<#&YiOI|(|pM4l8+cax8*Elt$>wbnQ>?UtI z_{>RO-p`?zc5HxbcAktX`_b;AmU$%iN!w_>Y9rRbR^z^Or=o|p7QZdW-|O+a?v=dK z`rk&YCnA}9PE#>n*aAw_@l-ymy_<NIu?R1nofpt80-+ou@Q7}Y)BWbU+vMv6IGY`k zpi;l@G>u3l?e#jgvj}zOz}CF`!`P~WR&B94(}rxb3sg!+h>?2_>YQmK^!R9Kth@ir z`xVG*@G#`7Ohowt$aye#h}J#)%a|`;dNk&}(y`R7kd9W`)JdV+LcG#$gKq`KC?_Qo z1>;%cXIDC1HLk4Gnu~ZNC-p8i-KA(Kg88mOi^W(}R(bYx2gCjLs~y^~C8#r9<Yn{< z>wE?-Oq*s^ZGJBLxl8dK`bRtJI54KP#G1$yH=FJ3H6QNM)D`V~+?Dl!WdD3i3y7hJ zDd|u1ki5c4_K%E~Xc?=ZCeXOu-Gt_0Wmhiq(!U(~DG~CK&<t74@cF~JH|v?pp+{Dm z&W6>&`F493Q0J#(qiJPxA+-8X=uPXJ&g`944(;Q-8b>QfI@8)Dh^Q3^N!=Bf^Az$m z@;2Q&(>-t^Ynes!HyM`hVwlzakXHJ;2wmZqd5^1l-4C{u^HvehhoxgV*vp&dXCdeD zT%vr|jdt-_Mnn|wpv>SvN2Df<z^)u0>a`kmF=l7H#tR{Iondy*?#|2Vqq)6*2h;v+ zf>$GZxhqc`jOF9hIpt~&QK^mxpnbUx-ldst==8d#@>n5EooCFyIvLN(JT$K3S$wl{ z^-S<VzW7q;mdu<?vE&8LkrG`-suGS?+>t-k+8^o?mZ+qhYj5^Ny-7rJe+&xbVbEqT zg66tE2shw~BXYU&<q`7gmvVL7eL=VtHm&bS2hVe7P_dLg?wF53saJIDTYHn2R>#yK zDtkz(q39K<>&ogFz5Kj(s$7eMTU{SCbf-xpleJF7D03uyQ@t_xsn_%*sf|`n&&KL$ z#)4W(O>^6XoN`@B_O&<5!X7iLg~mQ!xW3+tJh5^iJkcRnHA^`W8I(z6PAT2Eqb>=} zvy#^||01qI_}_<`hyOfYAG@h({vzIg>89r4cW-T)Uyk>u<MsZp#5G(uHxKi=?{iJ_ zzvBJR;`L_y{_}YMzwvtep{DtN@y_dGpKqF*Z)qOp^>+OJOYzR@_m-OG6Y>5J;`O!V zruk>_&g=E#O>-pPc|E%t>u&M>Yw`NwT08?U-g({eg{HYb-g$j5e*dGJn>TnJ+i05q z8SlK_iQj+WmgbGW6R#g{HqFQ5o!2)WZ<<@<{g>nQ^;1pr_v4+{8((aiPsTg1_1}u; ze8&6XcrE;P)BN*z=XG^EWEAg5<F)o&)7%yBydF5)H21|juOGhHH2>#N^A4{!&c|Fg zHSh3xFMhvvbMww0#_NR(P4g%5&g<*H(=>k`?|%`m*Dp2AU&cGHcQ1!BZfV}RDP9j; ziC^QL*ITbN&EJjpUyRpnUul}Z7w^38_-fpHG~WMFyngn2)BNLj|0nUf?TxT~-sAP| zziXP?<DJ)SzuPpQj(1)^jo<H%_j}{@gMZ&NFMW*rmv6@Z6D``{RjicPx!#G^>b2@X zG*)MoeUrjLtX6B9vcXgB`R*^{Cr4WQ<|p{UJDB!(ykBhRC3olQ%7x~EzyK;E{0w9v z`}*zpl)m5d?Kkp+v+Xy!hW1~#qkTLo6UACq#K95!xOPHl&4}H$+^d5wH~xG!eo`yb zm7-c+i=V$0pF9?yt;BaJi?7D9Pz&WBk8kS#$pQ5PScycCCe-UnKICP|YP5%%F6~`f zs0Ll5ch43cv5$cqGx@0{xOa-D=tV>IjstN*1@J-W>O^Q}IrQ^Lyp}>&Wqh4iL+oQ> zO&DIrH6uOSrXCGFU?Z#1MM;g26KG|P+L3I-Hl?o0jnWvk+${Rxu1}wJgy&K1veT{0 zLt15R<HT?KDV*I{3ZP$^F!d|eHOuoj>c-Pm+r?h7W+N;J8@@h_fm8P3kR$CCVMM{> zLBpxA<kFgNl(p8>PWhbsK;%{Q_iI@X`{0eDS{TmWnR#$x%2VWJ*Efo6o2YUy6j5zx zO>{~hvpvrBJ9ap0B;N~B@i=4T>3B|*R&W?aF?kF>iFNJ_s5(@vr@o?kq<`!&wBvzz ztm;J_DxrxomB_r>XU?ly)N^mNOOIZW$N4a5flui9@Fes54f~apQHh$DcMu0#yxyFo zj3r%sNRMW<f!vY~Gm$HMYDNb=FLWimg6J#Cz+~uFA3=K5b)uW?=UI!_nXPwfH4VIX z$0Tbcz7RR7fywR|J85#CuhyAnPM-8_K8akjej&UOnqMn2PUc&R+1yRao`CY_rupti zlFoag%R`Ru4u+|1ny&@Dse`U0unF}?-`}+_WdPjKukN4wT;`Dk+37|1h`oTh8ieO( z#eu)C@0o_a?s8T=YksxO^vR@H4V6u>;{!xe=il87xZv!CSW{x{1FO~jROs7)G*mgZ z#213rN8@uatzQB0S$R!bX?IvD(j1$E^%u|LXYMMez}K;B)iK`NOU0zh3*VQ2Q8`hm zk&Uj$JG|$Z&|dox-5vT|HJw;J9;r`te%X&sd%++2KA^oFR9d1+t5Nb&#gfBO)v2>5 z>!M$Z?8@4Ku@A>5Xho4pdQ-Isve5hSXZSuHd}>O%GROq2I;y-CyxS(=?_g=7)}r2< zMNR7BSkSW;^qr2Z4=G&;eX-I;EY&s0>Y~|G-)!lx_be&C+Me)Bp)H?NC$r9M9bn5t z@)1R%1fBSK;wNLYauu=k*l$kIqS%h*fXCR-SFeMv)sPEyVUD&Pe1ScEt81E}{c4tx zygf4sNeUdX_p`c#j~$HNmU3MQF1Q;fc885@N0m(MVx<XN-H2JA4^L%<a)_@7c5Ox1 znD6Cm?7sGSx|7ghFHy`K%Cv^#r13zjVIWP72h;KKy*cQ)J;ua#eCLP~oyagV&V!j+ zt8r$CUUSDnV!O^O@kOI{qy9#F{&G7DkzzY)GAx-~U`RL520tKex95;g;&lWq<0k8c z-Lr@&dCb|Jz83Luo;irK+hITS_=vWahcjhXdx(ZLory=U&g26ePWlx4K`efA^r_?W zLK}y`Zuu}YL0K8AU!OUz<tP6XKcd6grD6&i)|LBQzl5goD)2*V0(c%z#K>6w(ts_Z z1?32ttM=uVRs&DNev-#n%Irbz`XclB`Sf&u<eNyetE(JuuXC0jsqy<Bb^S9s(#E=E z@QEK`4QRp=x?Y}?<0CKX9*vtC&-u~oVwKaVHX!~XYkSC)k8;1oh4`Q2)c(mcQ>exH zM_#oRqp~^#RnjSFpIKC?JzI3?O`1)k)H5X#+;V8xeuyNlNc#E(AE5)<$RyRV$lS@= zsePBDEg#Xg8h$Z^pVBJ6b*a4rHfxdOLFA!)O5INEQ@oLumO^Gkpy}vA)zYn4z{0Mq zOAbwQRxW#$auZa8>BtI%L1I^fbFHx$WlQ-C&1L)PkCXJ2HiXYi`)P6pO?AgbsEA!5 zX*vOA9;{EO+U4a$iLbQ0J=++Y*n5?79k+!cUXg_(fbysD^QHgIm|c;hKGL;&mjfaO zb7-C4b(G>Aeg=nRo^Y)k3(LdmjSAGcUF_}VL3F{KVdEuTl*BK)7^csd)wyHMQAV4l zc`|6&Y$+VZ1=V-VtPDrh1m3Onf9=#uU$XANJL*2mhdVnt@2$Jx!`jg}u0xW-;p#5# zGj|~KIV-N`yBrci0_uhK{r{;s^oX6~BmHjOaHO^zw`S<aW4hxsTQjqD-p#w`)j75_ zhRBXDTtD_FA&c5i;6g~jJCZJK^m`Fw)}m7MlS5U1U2QF&&Pd`P<4DfNB30=bHxetz z9n~38cZGAA*>^Q|x0gNuc^k2VGs-(PKm(EA_xWHpkcZ>>on8rNF&B6t&mZQ6x?9l- zZ$bx9q*@iKpj@`nuP4yDP?mFQ-i>ZZ1{s4wcgF8J2b9)MBz?x!y{gN-A5Xhoi4eow zo9g6`{A2mhn9kTmO=VE#z>J--#I{mr_twj1=X_CIMlj@WJeJH<PijZ5G;+8(7P~gN zHwI5V<_-&Y$0z)}KPVxKT5WSg@Vlf`T2Y=y-VUu@Yfe2mpIB&TI}#(#V=s;m=fa<m zDqR=Zv8>BJf_<rj#ZihjvVLStT$0^@-PX5vOqBMBzKBI*c#VH?{STT}RAanZy&T&* zc3pOHHbb6V&(g=y<C8Qnw<+k(4gW?=;Tzc;{;Z5ow#$>%GzyYiZoenuKi|^AJ}pH# z<)hxw>28<qdvr3+1P{8|%~*z=b}3xw+kPS)ab!JcP<OcO1=A;EUit{!>nLNXePzh2 za%A;xOWGxo?rxc~n&yb1QBUtm`o5s|WXNwQzeDa^1;J0GZS8z^;vDl*%FO32@5rXi z6Mf}{X93}mGP<zza^~2RH8@6p*5pw8o|8v%By^9RBsMc=f0UFyJTJHU)6T^*hwGo0 zvvaSXS@|Ja0?F}po?uvxEt|xvyWRJvg5EE*6bVuA?_3!Jce@xvz2%6Q(TUl8G;&dF zELQ<QQmtK(*(Q1r-?Vqj*p~S^y%A!(j<3&VHg(&%Do$0MqAxm;B%n&Xzufu@-(-eL z2Z($e3$b-I&0C=(#bvG(DpxUBQ{rl!?f6`~lNC9sy{I6mRYj?E0PS>6;dLzfEXCCY zt5L_Zx8lK_E3kM*$;xhRAe+%1Xw7jUbPH!w79&2!aU430p;LJ`72?I<mK8FNE2W19 z=w@DxcX(Bl$?BkdVuhYBJx0&j7&qgTWT@H&8dafV)qEy>mR0q1btlcPw0=6&vjt1* zUI@I%m$>HpVrYW@?x#=-e|UT}4farTV|fvayWITxF5TGm7~S*NVN>>CdrTZ4>lm|# zw-1feLw1Wzpov*lx)5H21~WI4Jji|VJTh>+g>m>sR%*0UmV^i6+nURHGG{B^mY67O z%e<a!xjvt{$nS=&dPqyo$(XUU?31zncCyuAzi)N1&E4VKXVj81HmTb}2Y}Iuz{Fu6 zD{o>22>yv*%8(hiu2Ag(cZ3}+2FH1glq1dA$Wf2&+S@`Lx75zVoLIqj^*!TkwYW`Q zjkL5sp5rbTM?Mh8ZN#^kd**RSYlxEV9V*6Yt!aVQtn|fCmlxu;dK^5#rsnmwmRI5! zIIk*^zsgxSW;xEoeo7qg&La=YO1Av|S7VID!j3N%auTnp3%XR<PtH+(CB|57?h4Dw z&+d%RHbVQ@g-5_z9tnE8dP7!=VH;&^%#mVGdHa30%UV*Z>qQrLVz%;f^o#Y~5fn^y zgg;eK9eeR(t`l(v_6yRK@<txWo2o;xOW8c0U(##)^1NULUO#48<+;aWj&3e}N6QKE zjQqXK&@YGPz?ciMhF<fr*2=8Jr#_M+8}(z56ZoUOAJi@7Xb;C&R95FhCh}!+O?nqE zwDJY3wxiNL)yf8qmuE|VTXBRUGWbZQP|Nm{ExoK{ovvg_Y}$-@g^}t|3)4V7;sbjd zx}!;tCr7?z%+)woPjR1rOlbUk%!N0WRDQjUJHseU<iZZ?^$NubeXf0MiYMLvkD@?& zE*Q#qibMQGW-O_ZO(+{DgF-II$*Uc?B9E^1DH@<|U61P^6me7ssxRRTQ<g!DQ^$#H z{X~op&TFMn)Sv@s=;jNKL}X*^h$FIMvFNUh4P@LUQVh|kJc<ra%EVEmiQS)l-!XSk z1;3s_-MGxr-#H*1B6TFgyXQ(hfC56w)S`2oq3$K}L|Q~7MuZE+TKoh(@>4xFWg!c( zTZ{Wk%iHldB1^6aYn^5|zrlKpdu3LxY@Yecod(cG{eoW6BU}niJfG~sxir?=_XI{w zD;SoYC5A<SQoJJ-WMJ*Tw@>{gb>u6ID2kAnctXN-WF&7;5FJ2=;xTwOq#;EJ<qhQg zTK}=nf2QpXa?F+BVIeAJ-IY#ywGM3)tQ(?V*R46;z0qep+D0Rdvlq>x!C~EESqG_E zJfbhRDSb9Kfzj88spN8XRsmlisPc01T*vW5sXE3YBkQb;ws*!T_=~QRXC^vQvUv6H zxPuWD=IK^HXkUAvhG*|m+O-MjnBOX(KsXP#i4Xk6T}ng?UCb#o?`I5_h9db8n$NSB ziDQOkV{eY@3j@oA-I*Od8J{ig<Z{vyoo23I_m%kI0(t+i-RSyz#gOu@-rtCE$xp~6 z__oei6^C4rW!&+s8V?y`1B&e96hN(!TCvb`s$*pd{4{7%je?fs{lZ!D$js}cWnx=j zTapeM?q-xVhg22ji?LPRj`O9gB=6{m7x;>GFfsdfTD@TOGPavX<Sri{9uZj?pT{M7 z&(3_cH0ult561K15}L~D8>=uyP4k_gNxix<de5ff?zVQW=MmPFHIw87c90k5%vhh} zy7p`tsicjpUrM|E$%jJgv@PXIBlaWwbMAtjSdt}Qj=3do-~3Q`GrHharQXs$zWt%o zRoi)5Y0~(eh@IWugRo${yI~K;E=$f87xC%ZwvWXpihrtXlMY*MJ&Jq*EX^HkT`yQ| zu_N!vMMcpc9V;2fcraM^l`lK$%GWY)M8D;V9Djoh<W<kdfAwYfRDHL^OCqRv!Gf`D zt;S>R^mU1l!nA%J#Hs+ub2Y}`c>We5)jAb+F`jGN%*H|U^>!R6?)Nk^)<Zq#sal0A zGFGsMT&&w0@5^}zz3jb0<JuyIj>k%<P_eH2<0mv7i52m*)$fKsfqql5SG1jr%!T6^ zLvtx=IC5!hqCrh%Uk}O|puTU{LtKE<=#_u(&p~hZ-kii&Tk<?yn6kXXCtP7MUX7Za zXWSdd;>$V<TSpF-Ty1aZyQ!C<{KFNHI^6DVA@_MCj^)ZTuu5`ad=>AZYBXi4GO3o* z=R~(;s2D=;nn;spWzU+iN>5`%cvq(t-!hlPm@!|Kjc5-xK8}^W60^!TvB<p7T2e2~ z5%u6e6(5-qUgzo{BP2MZs;;D}X}<q~(B-}Z{z-p9-5K&~_~}xeM-#2D#u3BRzrAnT zRW<by%Q_yCE!}9mm^ErvhOM72^(k}hk%w1tYFqf(q5gU}Sg-Nv2CzGVv(j6jOje17 z<~JE5GR7Fek?r2RrH@~IU0iS6%3dE{$!J>FF)G86kR<!XP~rFl|B{q?CEaXc2vyAm z9VhvUbg>jwG~P^hp>7C%&Zpo7R<{{1t*_#hORWV+L)t-I$M(}ZJJ+!Zp*R>``Zx1{ zh~isSBASJ3#Vu+yXaudmE^N**2wL3VpT92iU7FV8Z0+(TDkFFHQ@DdmEm~TRbf64q zj3!%j(>!~#@l7?RXXy5V;d5*>Y#jMpMp|c5k4$z9u3d{GBvJZe94{Hw-8ylnT1MXI z<CG<oU0p>ljZ%7_(1{t)CoyHMU0JEmC38%K!cHAS;8mk0O7ofZU3(j!^X(JyQ}y{* z!U9BF_EF3WbgB!a$O{eicu2r@-_<i7rZaT4hq?stOY|VG6AjQK8|~@@R5prgmBJbq z7t?kFE)nUJ)$0u9xQ+~xqM}+-C)o}2ilnh$?5EVb^oACnYbmZV6%Lu%=O8uyR(Ce9 z<VaMPB&eMEjd78?y>fUxSG@`4-+j)pu5qtOAN%9Ll9iwiFSeC+_t~dEl$KocoY@VQ zNHl}v{xL%qh39=x*m?ZWLGnv4D|;J5I#z@o=h``C-_O9Fv^!85|LE^}NQCvXsBU}& zihIpPjjla!;HPX|7$xhk*II;j;DGX8*|_tF{!U7Jsw|IOnkq2Im%U@LcolN-SjHen zSXrRZo%xMkAROLCOvEE)fAX6Ct~M-M8cG^i&CuErd(*hzbUvqE)i~&ZXAyNdvWz{d z%Y}AHhayb9^OVobomQ{Am_t^u8Pd_6rL}g7TwaUZ!m?vWv3Q)W7)nek5zkS_C|k<@ zaJ$nrbE(5SGf{888Tg_ZkwfV%)1Fb+K(6+wW01NdmgB;FSoeC+vJrZ~`i77Rbkmxd z#^rkND=`~CWx>uO6~C;NDVsCWPVF@-C6m3xdArBfD%Euz)r23;4YBduwfD)uL2Rbp z=cgP9X_H;#u1-g8vTH{PMz8&X{8l!P-*S$Q==RUE3xKCtvUN=_u7;6pBj)u=E*v}& zRAKLr#ArOzikaDwv>iKoo@ri;ckYOb2aILb*&iVu?hV(_Q;8~MAhuUW^Vyc-e7fvT zgZ6zaNDsvi)Ez6cN;)T!eYb0p-e;?9ns+~Be(U{k*o}NIX%*tIvQF<6&Xh^%ejDZ5 z$Di(Ejj+1BYEPC8>f>$Xi1-TDH)W^Rn`#)2o*!|BQLpUm*h<Dw4NZ>KHP#??|K99X z-5f9t+{&H$$lm;pMPwn}^;BbI3yPuipVa$cUR$!zrOao2#uUnee0#6kRPCy-<|=i& ztyW5Zmd2-|y>xLZ_+rGXAxCF9Sd3yk=q6mS4auI#=XC!AWPokr^<bj3@9W}-rMHHz zS9j3`j=e{N=#1oy&YlxXhpN=<loWkckNOO&L6<u4H@4SlStqXHk%|UXB}gqfwcWoL zzP=ovJNxW+wj{~!{s~7oNo8CbWE7?h)EKjZ{xe3f?$XQa%D3*{Iqz&5_*n@}jn`qK z6$?>LM<ygh%Gyhv0s277W9-l4d`?$hkF-|h9+k(PilpvQy}oZ;!Vc!E570374US7c z>h)M}@<JnuG%ml=iblEj8~@gBZ;hnAmBb01KPAC#T`^`WSs&0p=<f9Ha*|bptsj2n zC1hG~nMjjY&Nt0ZC-xp?930CLgo=)i>ZXYMdOZiPs53tFW;x1FPX>*y3ld?CZuVWx zvDG4#VhbY;KhY^WGQv&8a`4SvNbiWM>q5mB@Iu`UX|;|mM4j@A>5M9A4aylrF@6a0 z&R74k>Wj?eqh%*W)(&pia=DsbvLrw0TREQzAuX@6p21IL9j*s_eD2Xm{itrh&WT)L z?Vq>rwLGCNS4<>5t!s{Vr=Xn}($B^c>%lX0$6hS7j!mbI7vpp0G9S72_4OWJvWF2L zM|MPmg@_N_jT~#cyU|YBr5#<NKS`bA)?!xb@wK4knf6@nA~_Gr>AKh9Q6CLz@>x%d zF}~LI$=LO5oKMBvxxxZHbp$5nf9KGC^Sk+RwBGwQmT}_kswK-lhHN0Ulo4r2??Rt) zZ|3bGb3HdrXJV<!Uh4J9!#nFF?t1gAsKarrJ!UFK*SNbGe2isj-JDEF?pzFO?ysRZ zBWarVKTusEsSj6IT44g$RfTHZhr1O#5j*Uk4h^kE1-==14Vuz!7;xk(t<JFmtwyL5 zG>s-7B|ZQ2Z=9Z836y%qU#;mcw0riqcJ!=hQ$Ev@{8?G*_*Fz7Enhwt@nsm-)oESX zK`k<d3vCukY(3Rt3zevzr6`<#uwCmLLwoPpBog)SphA39hT$maep%@e*+F(iu{siY zUH_=VN5n6)Wak}tsVWHVVNQ&DDr{e46JxcW?doVY^|Bed>|N~k6$tFwhiByinpg7? zv#~!iKE|1vU%8)lZq+-=IG=1n*8(Xc1K-P;`uU2amRXCtQ)R|N9;L`NMVZ$t99ixw zdgZL^kJb11Po4282V+JoN7BJk$btAoGxT*bBx#PHzgDa>8=?PVWHQ;Ed#$|&@pAL! zHj7fH&Xr-T34{&puV*!XPD89#e579}i|O{;up(7K<8jox2g)p0lGhr&Y&F*ag>z%M z&z&)2>9_M#imdL`UEv`<R0o*Tv{ZKl%Bzkti*A~?qgG@GLcP`j*T`?o6Na*_$D^Ws zB(4>?JN8G)9-aSVw^@0VRW`W;x<QKNorg0Q0AEW)(8#*u4%LEmAvr!1SvzwbZ9hj7 zbiSaq%(Bh>N^p(UGeh3Z0pybxsqz9ta&HDb0!6o)BR&%iUil_db{!%c)7oNEB9y=y zEG?u>44``i(m_Ap)-=d!(N3;cVG;F;jjb$4Vr)edRfpw{Gi)rYuC7(qnw4!RItWY1 ziCGzP4T>}@L+f6s<gSHgU<~b6z7*DGz0CLgwe`Tt6LG$+2LwaT$f|#*l|;8AafH2| z-+cw8_ELJ~rtYndTPd?DI!kM|0<6+2RMH`Hsk+-}zuSzT$`^F6V(z_9#aZ7)yoqDR z^AIXV>RrYv_mg1>=XS32)>^6K!c<M0&m#TtL>v;H&_7cx$o)XjxA3B-gzId{5p;*0 zOFOb&59&&fL%QnsV(IQ&FoSnS!zFVlLUFwE085)45XL`ZJDz21DAzpqZ!@g%r5D>~ zzBVBz{86@#Zty*E0596H0iAp%UvNf&ch4V*o3NTO`;eVE+hJXF$V!g48hSSDg>P+z zHDYF8B5j2J%UG^rUf>nZopUk+au|y&UISeUD?lpR+r(K|3}cP0`3?JRmyYq7>4GoB ze`T7A2~*dH`MOqFA`}|Ai4SG&x-{5vT58YWxZy5mMv1a3<W*`gVO;i#mZE4c9m?a) zZ$>6?qIs&-SGN;IJv26FiQ~v&FSBAB-ML<xn9K21D=Y^wTNC~^&KnvAL+hT`UU0w9 zA8YPovh1(pDFXmSUkX}Y2v6`mx`inChLMs_gj3Mn-*?e}mcU-G#uWCE%V;n1I}^Ns z>-ii7S>!>`jP&sw@9xgb1ACaxz*XlZ{Xd+bABls}_NCiH`mzLNKSFMyg*1S!6d}9U z(DWt0e=dxZ)UDEjo(nc+Q?;zD2T-`Ao!C1@{p^Tz&#o6IP3I2nwaz=(y)>&~f2@Qm zGrlvptC6W*1t9j>(^uk5kR0F2?#^aA68`mkc-I}#!#EQEH=8fUYb#>siP&BCSp45= zKR?{=H|ka&Xk8u(#^a;T06;c+WLlTdPAfD=&zZBxu%t<_K<jMo_DnxZWv`gRJvOlt zUpq)9<H~2)j=Q|n7U#NPws&?TLDTF9Up`9o{~+q?F~8hve)7@GP7*VC7A79B5xsw& z!h5P&jEsV(8a*A?d@jc4i{T?Ht*>l^MPm=-!mQY44bVqbA=BA7(wz@wSoBiTKjy8& z==CiG6|<^;^&q;`soKf)NNN_)k=+>7<M^#sG3Djdr`qMHJXYU23bDtBZ|i$#)>)-` zit6yX-{Bp{{oN;yKB|L+RoZb?%BsBE^X&U=J{2)?IFB9b1a5^CRHMyPZT=v}UJ0~u zhHo^450H;KI(N7ep};}oIOvRZI38mSV_hrBe3*~L&>6Uk4N-mMs8c*R2l_<BxtfPk z*3wA1-amwgUR$?@bM=#qX>9cq{kr1dxT&t)6#vwQS2~<8#V7O;>I!ild3<bA9&n0$ zsDt~G!0VEC^gYJAI<qMO<u&`20G4d3h+ef7SQaa7Z;o!oJaV9}7`C^v{(B_+1^d;A z&a~>>Qx)`ZRcI@m>IE!E9-eonguha&n)ztRTI*E{(Lv=|p=8OQiud7pGtVPN@8ABh zTQCk?^YRW9-!;o!&NBCASEQ?Ta;TwQ?CyYOFFfNd2rYkLkHwR7>1nITil(%mJ(8*1 zh5J!c$+<^@-Pb*M^X>IMTgG%3gL**w6^1g;dW>?0`*!p9`*&-Kt09-M+@+6du9C=A z=U<IdM>_8j#Mw2K!}^u>gj?%v^l%M4|4J0~$zJ*MdK*>>ok?xK<JZ^e^ty_8S__+? zQ!nf2BV^h4SFS|w{P{RXD-7<ZmUUiVhFFI(l;KW6-+PpMm7Q@%6x9l#%KDB}@DKOu zb}G~fSu4sD7i>daUzo1x?`$m=ThJAgjFb6<tO>fwiM+pCIhJxOw4$7?mS-Y|yG~>Y zV3Z{1F2Y8PO085Pd58PvjtTxfdfC(3n*^K*m$m_Q=_T_@hWN=INmfnC#gL4C<EJgH zyWWJf$v)_k8PQViqGG;vohC5nmgW<m;63h5cT4-epuc`UKE0_qc5LUbBTaKN@ZBEy zYoBl8y!FLz-E?1kaw;nFr{gCT3D3jep3$mF9*N)i_g`-Lqrc?LPsWJ95r6w#BQh4> z*8lz_KH#b;b?)f`SmUd~IXQLH{I~X)V{wn4W6i&e*L`uv)gU<TQT~ZIm#l)d3ROFo z<8z)O$~9)6i~A4X6{E1SaX$3Mn&VyV_X}~J=UI+3Z7nawdAf&V92PZ|vwX7Gqj41L zmS1iy6>LZZ04IgexiZr<zt;RhG0&+uMk_mv#y@Q7p5TUmzZ;a%*->tOuI1{bSbGJ_ z^<2~@kboyxYGsg}nDEV2S{Iss6|?J3$MiB;5m?>%hMpPrhL`F-^B3aVdqRH4qSM6_ zX^us=STuaLxix4I^3#*x3a^uKHnQd4$<WhgRGSO28qHH|s4=g^=bvu*tk3ImTk^UV z=N#JE*JCZDwwt(G<kmQ1E9k}gF9*l+7|ZP!Z~5*mx5n!e@p|C&<;&aWpE>v1!mH=c zUAX+<;g>I6_}t|)FKnMbefjA5vu7?{ynOMwD@V^<JpZ}Vm(PFtmAelwoIicx>~q_f zubkSxbouPX3lAQ?`_sn`KlIBVUs!nH%B7btUs=8I+{HOZyI1GMnU}ZEynN~GmDk#F z7UJInm$rZB<(Osr+4W0jUpaej`}yt5yI+=Hue=(kUI{|hwqMykw{VW14<0^!dG*38 z7r(rH>F~nKXBW?$*}fdSJ$L%t<?X`{J#g3V*!9V~;}=KtW`E$Wiq;42+GRRUf8Z|5 Y^P%;{^~L4o)sv4t`Q*+oe;xn+|BrYad;kCd literal 0 HcmV?d00001 diff --git a/package.wxs b/package.wxs index 80134c81..02d8c975 100644 --- a/package.wxs +++ b/package.wxs @@ -1,5 +1,18 @@ <?xml version="1.0" encoding="utf-8"?> <?define UpgradeCode = "2056bd8a-bf03-11e6-a625-f0def1753696" ?> + +<?ifndef var.SrvBinaryName ?> + <?define var.SrvBinaryName = "nssm.exe" ?> +<?endif?> + +<?ifndef var.SrvBinaryFile ?> + <?define var.SrvBinaryFile = "nssm/win32/nssm.exe" ?> +<?endif?> + +<?ifndef var.SrvBinaryArgs ?> + <?define var.SrvBinaryArgs = "" ?> +<?endif?> + <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"> <Product Name="OpenNebula Contextualization" @@ -80,11 +93,11 @@ </Component> <Component Id="Context" Guid="f5807056-bf0c-11e6-acbe-f0def1753696"> - <File Id="context" Name="context.ps1" DiskId="1" Source="context.ps1" KeyPath="yes" /> + <File Id="context" Name="context.ps1" DiskId="1" Source="src/context.ps1" KeyPath="yes" /> </Component> <Component Id="Service" Guid="687050a4-c237-11e6-9fe4-54a050d65572"> - <File Id="rhsrvany" Name="rhsrvany.exe" DiskId="1" Source="rhsrvany.exe" KeyPath="yes" /> + <File Id="$(var.SrvBinaryName)" Name="$(var.SrvBinaryName)" DiskId="1" Source="$(var.SrvBinaryFile)" KeyPath="yes" /> <ServiceInstall Id="ocInstall" Name="onecontext" DisplayName="OpenNebula Contextualization Service" @@ -92,7 +105,7 @@ Type="ownProcess" Start="auto" Account="[SYSTEM]" - Arguments="-s onecontext" + Arguments="$(var.SrvBinaryArgs)" ErrorControl="normal"> <ServiceDependency Id="Winmgmt" /> @@ -107,10 +120,22 @@ Stop="both" Wait="yes" /> - <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\onecontext\Parameters"> - <RegistryValue Type="string" Name="CommandLine" Value="&quot;[PSEXE]&quot; -noExit -ExecutionPolicy Unrestricted -file &quot;[#context]&quot;" /> - <RegistryValue Type="string" Name="PWD" Value="[INSTALLDIR]" /> - </RegistryKey> + <?if $(var.SrvBinaryName) = "nssm.exe" ?> + <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\onecontext\Parameters"> + <RegistryValue Type="string" Name="Application" Value="[PSEXE]" /> + <RegistryValue Type="string" Name="AppDirectory" Value="[INSTALLDIR]" /> + <RegistryValue Type="string" Name="AppParameters" Value="-NonInteractive -NoProfile -ExecutionPolicy Unrestricted -file &quot;[#context]&quot;" /> + </RegistryKey> + <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\onecontext\Parameters\AppExit"> + <!-- You can change this to "Restart" but "Ignore" is compatible behavior with srvany and it will prevent unwanted recontextualization --> + <RegistryValue Type="string" Value="Ignore" /> + </RegistryKey> + <?else?> + <RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\onecontext\Parameters"> + <RegistryValue Type="string" Name="CommandLine" Value="&quot;[PSEXE]&quot; -NonInteractive -NoProfile -ExecutionPolicy Unrestricted -file &quot;[#context]&quot;" /> + <RegistryValue Type="string" Name="PWD" Value="[INSTALLDIR]" /> + </RegistryKey> + <?endif?> </Component> </Directory> </Directory> diff --git a/context.ps1 b/src/context.ps1 similarity index 62% rename from context.ps1 rename to src/context.ps1 index 0539d89f..e6080991 100644 --- a/context.ps1 +++ b/src/context.ps1 @@ -1,5 +1,5 @@ # -------------------------------------------------------------------------- # -# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems # +# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. You may obtain # @@ -22,52 +22,21 @@ ##### DETI/IEETA Universidade de Aveiro 2011 ##### ################################################################# -# global variable pointing to the private .contextualization directory -$global:ctxDir="$env:SystemDrive\.onecontext" - -# Check, if above defined context directory exists -If ( !(Test-Path "$ctxDir") ) { - mkdir "$ctxDir" -} - -# Move old logfile away - so we have a current log containing the output of the last boot -If ( Test-Path "$ctxDir\opennebula-context.log" ) { - mv "$ctxDir\opennebula-context.log" "$ctxDir\opennebula-context-old.log" -} - -# Start now logging to logfile -Start-Transcript -Append -Path "$ctxDir\opennebula-context.log" | Out-Null - -## check if we are running powershell(x86) on a 64bit system, if so restart as 64bit -## initial code: http://cosmonautdreams.com/2013/09/03/Getting-Powershell-to-run-in-64-bit.html -If ($env:PROCESSOR_ARCHITEW6432 -eq "AMD64") { - # This is only set in a x86 Powershell running on a 64bit Windows - Write-Output "- Detected 32bit architecture" - - Write-Output "Restarting into a 64bit powershell" - - # Stop-Transcript here new - unlock logfile - Stop-Transcript | Out-Null - - If ($myInvocation.Line) { - &"$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile $myInvocation.Line - } Else { - &"$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile -file "$($myInvocation.InvocationName)" $args - } +################################################################################ +# Functions +################################################################################ - exit $lastexitcode +function logmsg($message) +{ + # powershell 4 does not automatically add newline in the transcript so we + # workaround it by adding it explicitly and using the NoNewline argument + # we ensure that it will not be added twice + Write-Host "[$(Get-Date -Format 'yyyy-MM-dd HH:mm K')] $message`r`n" -NoNewline } -Write-Output "Running Script: $($MyInvocation.InvocationName)" -Get-Date -Write-Output "" - -Set-ExecutionPolicy unrestricted -force # not needed if already done once on the VM -[string]$computerName = "$env:computername" -[string]$ConnectionString = "WinNT://$computerName" - -function getContext($file) { - Write-Host "Loading Context File" +function getContext($file) +{ + logmsg "* Loading Context File" $context = @{} switch -regex -file $file { "^([^=]+)='(.+?)'$" { @@ -78,17 +47,135 @@ function getContext($file) { return $context } -function envContext($context) { +function envContext($context) +{ ForEach ($h in $context.GetEnumerator()) { $name = "Env:"+$h.Name Set-Item $name $h.Value } } -function addLocalUser($context) { +function contextChanged($file, $last_checksum) +{ + $new_checksum = Get-FileHash -Algorithm SHA256 $file + $ret = $last_checksum.Hash -ne $new_checksum.Hash + return $ret +} + +function waitForContext($checksum) +{ + # This object will be set and returned at the end + $contextPaths = New-Object PsObject -Property @{ + contextScriptPath=$null ; + contextPath=$null ; + contextDrive=$null ; + contextLetter=$null + } + + # How long to wait before another poll (in seconds) + $sleep = 30 + + logmsg "* Starting a wait-loop with the interval of $sleep seconds..." + + Write-Host "`r`n" -NoNewline + Write-Host "***********************`r`n" -NoNewline + Write-Host "*** WAIT-LOOP START ***`r`n" -NoNewline + Write-Host "***********************`r`n" -NoNewline + Write-Host "`r`n" -NoNewline + + do { + logmsg "* Detecting contextualization data" + logmsg "- Looking for CONTEXT ISO" + + # Reset the contextPath + $contextPath = "" + + # Get all drives and select only the one that has "CONTEXT" as a label + $contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } + + if ($contextDrive) { + logmsg " ... Found" + + # At this point we can obtain the letter of the contextDrive + $contextLetter = $contextDrive.Name + $contextPath = $contextLetter + "context.sh" + } else { + logmsg " ... Not found" + logmsg "- Looking for VMware tools" + + # Try the VMware API + foreach ($pf in ${env:ProgramFiles}, ${env:ProgramFiles(x86)}, ${env:ProgramW6432}) { + $vmtoolsd = "${pf}\VMware\VMware Tools\vmtoolsd.exe" + if (Test-Path $vmtoolsd) { + logmsg " ... Found in ${vmtoolsd}" + break + } else { + logmsg " ... Not found in ${vmtoolsd}" + } + } + + $vmwareContext = "" + if (Test-Path $vmtoolsd) { + $vmwareContext = & $vmtoolsd --cmd "info-get guestinfo.opennebula.context" | Out-String + } + + if ("$vmwareContext" -ne "") { + [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "$ctxDir\context.sh" "UTF8" + $contextLetter = $env:SystemDrive + "\" + $contextPath = "$ctxDir\context.sh" + } + + } + + # Terminate the wait-loop only when context.sh is found and changed + if ([string]$contextPath -ne "" -and (Test-Path $contextPath)) { + logmsg "- Found contextualization data: $contextPath" + + # Context must differ + if (contextChanged $contextPath $checksum) { + Break + } else { + logmsg "- Contextualization data were not changed" + } + } else { + logmsg "- No contextualization data found" + } + + logmsg " ... Sleep for $($sleep)s ..." + Write-Host "`r`n" -NoNewline + Start-Sleep -Seconds $sleep + } while ($true) + + Write-Host "`r`n" -NoNewline + Write-Host "***********************`r`n" -NoNewline + Write-Host "*** WAIT-LOOP END ***`r`n" -NoNewline + Write-Host "***********************`r`n" -NoNewline + Write-Host "`r`n" -NoNewline + + # make a copy of the context.sh in the case another event would happen and + # trigger a new context.sh while still working on the previous one which + # would result in a mismatched checksum... + $contextScriptPath = "$ctxDir\.opennebula-context.sh" + Copy-Item -Path $contextPath -Destination $contextScriptPath -Force + + $contextPaths.contextScriptPath = [string]$contextScriptPath + $contextPaths.contextPath = [string]$contextPath + $contextPaths.contextDrive = $contextDrive + $contextPaths.contextLetter = [string]$contextLetter + + return $contextPaths +} + +function addLocalUser($context) +{ # Create new user $username = $context["USERNAME"] $password = $context["PASSWORD"] + $password64 = $context["PASSWORD_BASE64"] + + If ($password64) { + $password = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($password64)) + } if ($username -Or $password) { @@ -100,25 +187,25 @@ function addLocalUser($context) { select -ExpandProperty Name) } - Write-Output "Creating Account for $username" + logmsg "* Creating Account for $username" $ADSI = [adsi]$ConnectionString if(!([ADSI]::Exists("WinNT://$computerName/$username"))) { # User does not exist, Create the User - Write-Output "- Creating account" + logmsg "- Creating account" $user = $ADSI.Create("user",$username) $user.setPassword($password) $user.SetInfo() } else { # User exists, Set Password - Write-Output "- Setting Password" + logmsg "- Setting Password" $admin = [ADSI]"WinNT://$env:computername/$username" $admin.psbase.invoke("SetPassword", $password) } # Set Password to Never Expire - Write-Output "- Setting password to never expire" + logmsg "- Setting password to never expire" $admin = [ADSI]"WinNT://$env:computername/$username" $admin.UserFlags.value = $admin.UserFlags.value -bor 0x10000 $admin.CommitChanges() @@ -151,17 +238,18 @@ function addLocalUser($context) { if([ADSI]::Exists("WinNT://$computerName/$username")) { # Add the user - Write-Output "- Adding to $grp" + logmsg "- Adding to $grp" $group.Add("WinNT://$computerName/$username") } } } } } - Write-Output "" + Write-Host "`r`n" -NoNewline } -function configureNetwork($context) { +function configureNetwork($context) +{ # Get the NIC in the Context $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_IP6?$'} | ForEach-Object {$_ -replace '(^ETH|_IP$|_IP6$)',''} | Sort-Object -Unique) @@ -230,27 +318,27 @@ function configureNetwork($context) { } while (!$nic -and $retry) If (!$nic) { - Write-Output ("Configuring Network Settings: " + $mac) - Write-Output (" ... Failed: Interface with MAC not found") + logmsg ("* Configuring Network Settings: " + $mac) + logmsg (" ... Failed: Interface with MAC not found") Continue } - Write-Output ("Configuring Network Settings: " + $nic.Description.ToString()) + logmsg ("* Configuring Network Settings: " + $nic.Description.ToString()) # Release the DHCP lease, will fail if adapter not DHCP Configured - Write-Output "- Release DHCP Lease" + logmsg "- Release DHCP Lease" $ret = $nic.ReleaseDHCPLease() If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } if ($ip) { # set static IP address and retry for few times if there was a problem # with acquiring write lock (2147786788) for network configuration # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx - Write-Output "- Set Static IP" + logmsg "- Set Static IP" $retry = 10 do { $retry-- @@ -258,20 +346,20 @@ function configureNetwork($context) { $ret = $nic.EnableStatic($ip , $netmask) } while ($ret.ReturnValue -eq 2147786788 -and $retry); If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } # Set IPv4 MTU if ($mtu) { - Write-Output "- Set MTU: ${mtu}" + logmsg "- Set MTU: ${mtu}" netsh interface ipv4 set interface $nic.InterfaceIndex mtu=$mtu If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } } @@ -279,16 +367,16 @@ function configureNetwork($context) { # Set the Gateway if ($metric) { - Write-Output "- Set Gateway with metric" + logmsg "- Set Gateway with metric" $ret = $nic.SetGateways($gateway, $metric) } Else { - Write-Output "- Set Gateway" + logmsg "- Set Gateway" $ret = $nic.SetGateways($gateway) } If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } If ($dns) { @@ -297,21 +385,21 @@ function configureNetwork($context) { $dnsServers = $dns -split " " # DNS Server Search Order - Write-Output "- Set DNS Server Search Order" + logmsg "- Set DNS Server Search Order" $ret = $nic.SetDNSServerSearchOrder($dnsServers) If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } # Set Dynamic DNS Registration - Write-Output "- Set Dynamic DNS Registration" + logmsg "- Set Dynamic DNS Registration" $ret = $nic.SetDynamicDNSRegistration("TRUE") If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } # WINS Addresses @@ -324,21 +412,21 @@ function configureNetwork($context) { $dnsSuffixes = $dnsSuffix -split " " # Set DNS Suffix Search Order - Write-Output "- Set DNS Suffix Search Order" + logmsg "- Set DNS Suffix Search Order" $ret = ([WMIClass]"Win32_NetworkAdapterConfiguration").SetDNSSuffixSearchOrder(($dnsSuffixes)) If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } # Set Primary DNS Domain - Write-Output "- Set Primary DNS Domain" + logmsg "- Set Primary DNS Domain" $ret = $nic.SetDNSDomain($dnsSuffixes[0]) If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } } } @@ -352,18 +440,18 @@ function configureNetwork($context) { # Disable router discovery - Write-Output "- Disable IPv6 router discovery" + logmsg "- Disable IPv6 router discovery" netsh interface ipv6 set interface $na.NetConnectionId ` advertise=disabled routerdiscover=disabled | Out-Null If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } # Remove old IPv6 addresses - Write-Output "- Removing old IPv6 addresses" + logmsg "- Removing old IPv6 addresses" if (Get-Command Remove-NetIPAddress -errorAction SilentlyContinue) { # Windows 8.1 and Server 2012 R2 and up # we want to remove everything except the link-local address @@ -373,58 +461,58 @@ function configureNetwork($context) { -errorAction SilentlyContinue If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Nothing to do" + logmsg " ... Nothing to do" } } Else { - Write-Output " ... Not implemented" + logmsg " ... Not implemented" } # Set IPv6 Address - Write-Output "- Set IPv6 Address" + logmsg "- Set IPv6 Address" netsh interface ipv6 add address $na.NetConnectionId $ip6/$ip6Prefix If ($? -And $ip6ULA) { netsh interface ipv6 add address $na.NetConnectionId $ip6ULA/64 } If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } # Set IPv6 Gateway if ($gw6) { - Write-Output "- Set IPv6 Gateway" + logmsg "- Set IPv6 Gateway" netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } } # Set IPv6 MTU if ($mtu) { - Write-Output "- Set IPv6 MTU: ${mtu}" + logmsg "- Set IPv6 MTU: ${mtu}" netsh interface ipv6 set interface $nic.InterfaceIndex mtu=$mtu If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } } # Remove old IPv6 DNS Servers - Write-Output "- Removing old IPv6 DNS Servers" + logmsg "- Removing old IPv6 DNS Servers" netsh interface ipv6 set dnsservers $na.NetConnectionId source=static address= If ($dns6) { # Set IPv6 DNS Servers - Write-Output "- Set IPv6 DNS Servers" + logmsg "- Set IPv6 DNS Servers" $dns6Servers = $dns6 -split " " foreach ($dns6Server in $dns6Servers) { netsh interface ipv6 add dnsserver $na.NetConnectionId address=$dns6Server @@ -460,27 +548,27 @@ function configureNetwork($context) { } if ($aliasIp -and !$detach) { - Write-Output "- Set Additional Static IP (${aliasPrefix})" + logmsg "- Set Additional Static IP (${aliasPrefix})" netsh interface ipv4 add address $nic.InterfaceIndex $aliasIp $aliasNetmask If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } } if ($aliasIp6 -and !$detach) { - Write-Output "- Set Additional IPv6 Address (${aliasPrefix})" + logmsg "- Set Additional IPv6 Address (${aliasPrefix})" netsh interface ipv6 add address $nic.InterfaceIndex $aliasIp6/$aliasIp6Prefix If ($? -And $aliasIp6ULA) { netsh interface ipv6 add address $nic.InterfaceIndex $aliasIp6ULA/64 } If ($?) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } } } @@ -490,27 +578,28 @@ function configureNetwork($context) { } } - Write-Output "" + Write-Host "`r`n" -NoNewline } -function setTimeZone($context) { +function setTimeZone($context) +{ $timezone = $context['TIMEZONE'] If ($timezone) { - Write-Output "Configuring time zone '${timezone}'" + logmsg "* Configuring time zone '${timezone}'" tzutil /s "${timezone}" If ($?) { - Write-Output ' ... Success' + logmsg ' ... Success' } Else { - Write-Output ' ... Failed' + logmsg ' ... Failed' } } } -function renameComputer($context) { - +function renameComputer($context) +{ # Initialize Variables $current_hostname = hostname $context_hostname = $context["SET_HOSTNAME"] @@ -525,10 +614,10 @@ function renameComputer($context) { # in question is the first one with a set default gateway # (as is done by get_first_ip in addon-context-linux) - Write-Output "Requested change of Hostname via reverse DNS lookup (DNS_HOSTNAME=YES)" + logmsg "* Requested change of Hostname via reverse DNS lookup (DNS_HOSTNAME=YES)" $first_ip = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration | where {$_.DefaultIPGateway -ne $null}).IPAddress | select-object -first 1 $context_hostname = [System.Net.Dns]::GetHostbyAddress($first_ip).HostName - Write-Output "Resolved Hostname is: $context_hostname" + logmsg "- Resolved Hostname is: $context_hostname" } Else { # no SET_HOSTNAME nor DNS_HOSTNAME - skip setting hostname @@ -541,7 +630,7 @@ function renameComputer($context) { $context_domain = $splitted_hostname[1..$splitted_hostname.length] -join '.' If ($context_domain) { - Write-Output "Changing Domain to $context_domain" + logmsg "* Changing Domain to $context_domain" $networkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'" $ret = $networkConfig.SetDnsDomain($context_domain) @@ -549,17 +638,18 @@ function renameComputer($context) { If ($ret.ReturnValue) { # Returned Non Zero, Failed, No restart - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { # Returned Zero, Success - Write-Output " ... Success" + logmsg " ... Success" } } # Check for the .opennebula-renamed file $logged_hostname = "" If (Test-Path "$ctxDir\.opennebula-renamed") { + logmsg "- Using the JSON file: $ctxDir\.opennebula-renamed" # Grab the JSON content $json = Get-Content -Path "$ctxDir\.opennebula-renamed" ` @@ -572,8 +662,8 @@ function renameComputer($context) { } # Invalid JSON catch [System.ArgumentException] { - Write-Output "Invalid JSON:" - Write-Output $json.ToString() + logmsg " [!] Invalid JSON:" + Write-Host $json.ToString() } } Else { @@ -587,14 +677,14 @@ function renameComputer($context) { # avoid rename->reboot loop - if we detect that rename attempt was done # but failed then we drop log message about it and finish... - Write-Output "Computer Rename Attempted but failed:" - Write-Output "- Current: $current_hostname" - Write-Output "- Context: $context_hostname" + logmsg "* Computer Rename Attempted but failed:" + logmsg "- Current: $current_hostname" + logmsg "- Context: $context_hostname" } ElseIf ($context_hostname -ne $current_hostname) { # the current_name does not match the context_name, rename the computer - Write-Output "Changing Hostname to $context_hostname" + logmsg "* Changing Hostname to $context_hostname" # Load the ComputerSystem Object $ComputerInfo = Get-WmiObject -Class Win32_ComputerSystem @@ -609,19 +699,19 @@ function renameComputer($context) { If ($ret.ReturnValue) { # Returned Non Zero, Failed, No restart - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) - Write-Output " Check the computername." - Write-Output "Possible Issues: The name cannot include control" ` - "characters, leading or trailing spaces, or any of" ` - "the following characters: `" / \ [ ] : | < > + = ; , ?" + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + Write-Host " Check the computername. " + Write-Host "Possible Issues: The name cannot include control " ` + "characters, leading or trailing spaces, or any of " ` + "the following characters: `" / \ [ ] : | < > + = ; , ?" } Else { # Returned Zero, Success - Write-Output "... Success" + logmsg " ... Success" # Restart the Computer - Write-Output "... Rebooting" + logmsg " ... Rebooting" Restart-Computer -Force # Exit here so the script doesn't continue to run @@ -630,53 +720,53 @@ function renameComputer($context) { } Else { # Hostname is set and correct - Write-Output "Computer Name already set: $context_hostname" + logmsg "* Computer Name already set: $context_hostname" } - Write-Output "" + Write-Host "`r`n" -NoNewline } function enableRemoteDesktop() { - Write-Output "Enabling Remote Desktop" + logmsg "* Enabling Remote Desktop" # Windows 7 only - add firewall exception for RDP - Write-Output "- Enable Remote Desktop Rule Group" + logmsg "- Enable Remote Desktop Rule Group" netsh advfirewall Firewall set rule group="Remote Desktop" new enable=yes # Enable RDP - Write-Output "- Enable Allow Terminal Services Connections" + logmsg "- Enable Allow Terminal Services Connections" $ret = (Get-WmiObject -Class "Win32_TerminalServiceSetting" -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1) If ($ret.ReturnValue) { - Write-Output (" ... Failed: " + $ret.ReturnValue.ToString()) + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - Write-Output " ... Success" + logmsg " ... Success" } - Write-Output "" + Write-Host "`r`n" -NoNewline } function enablePing() { - Write-Output "Enabling Ping" + logmsg "* Enabling Ping" #Create firewall manager object $fwm=new-object -com hnetcfg.fwmgr # Get current profile $pro=$fwm.LocalPolicy.CurrentProfile - Write-Output "- Enable Allow Inbound Echo Requests" + logmsg "- Enable Allow Inbound Echo Requests" $ret = $pro.IcmpSettings.AllowInboundEchoRequest=$true If ($ret) { - Write-Output " ... Success" + logmsg " ... Success" } Else { - Write-Output " ... Failed" + logmsg " ... Failed" } - Write-Output "" + Write-Host "`r`n" -NoNewline } function doPing($ip, $retries=20) { - Write-Output "- Ping Interface IP $ip" + logmsg "- Ping Interface IP $ip" $ping = $false $retry = 0 @@ -687,15 +777,15 @@ function doPing($ip, $retries=20) } while (!$ping -and ($retry -lt $retries)) If ($ping) { - Write-Output " ... Success ($retry tries)" + logmsg " ... Success ($retry tries)" } Else { - Write-Output " ... Failed ($retry tries)" + logmsg " ... Failed ($retry tries)" } } function runScripts($context, $contextLetter) { - Write-Output "Running Scripts" + logmsg "* Running Scripts" # Get list of scripts to run, " " delimited $initscripts = $context["INIT_SCRIPTS"] @@ -705,11 +795,15 @@ function runScripts($context, $contextLetter) # Parse each script and run it ForEach ($script in $initscripts.split(" ")) { - $script = $contextLetter + $script - If (Test-Path $script) { - Write-Output "- $script" + # If it is not an absolute path then try to assemble it + if (![System.IO.Path]::IsPathRooted($script)) { + $script = $contextLetter + $script + } + + if (Test-Path $script) { + logmsg "- $script" envContext($context) - & $script + pswrapper "$script" } } @@ -719,23 +813,23 @@ function runScripts($context, $contextLetter) $startScript = $context["START_SCRIPT"] $startScript64 = $context["START_SCRIPT_BASE64"] - If ($startScript64) { + if ($startScript64) { $startScript = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($startScript64)) } - If ($startScript) { + if ($startScript) { # Save the script as .opennebula-startscript.ps1 $startScriptPS = "$ctxDir\.opennebula-startscript.ps1" $startScript | Out-File $startScriptPS "UTF8" # Launch the Script - Write-Output "- $startScriptPS" + logmsg "- $startScriptPS" envContext($context) - & $startScriptPS - + pswrapper "$startScriptPS" + removeFile "$startScriptPS" } - Write-Output "" + Write-Host "`r`n" -NoNewline } function extendPartition($disk, $part) @@ -745,7 +839,7 @@ function extendPartition($disk, $part) function extendPartitions() { - Write-Output "- Extend partitions" + logmsg "* Extend partitions" "rescan" | diskpart @@ -768,25 +862,25 @@ function reportReady() $token = $context['ONEGATE_TOKEN'] if ($reportReady -and $reportReady.ToUpper() -eq 'YES') { - Write-Output 'Report Ready to OneGate' + logmsg '* Report Ready to OneGate' if (!$oneGateEndpoint) { - Write-Output ' ... Failed: ONEGATE_ENDPOINT not set' + logmsg ' ... Failed: ONEGATE_ENDPOINT not set' return } if (!$vmId) { - Write-Output ' ... Failed: VMID not set' + logmsg ' ... Failed: VMID not set' return } if (!$token) { - Write-Output " ... Token not set. Try file" + logmsg " ... Token not set. Try file" $tokenPath = $contextLetter + 'token.txt' if (Test-Path $tokenPath) { $token = Get-Content $tokenPath } else { - Write-Output " ... Failed: Token file not found" + logmsg " ... Failed: Token file not found" return } } @@ -806,7 +900,7 @@ function reportReady() if ($oneGateEndpoint -ilike "https://*") { #For reporting on HTTPS OneGateEndpoint - Write-Output "... Use HTTPS for OneGateEndpoint report: $oneGateEndpoint" + logmsg " ... Use HTTPS for OneGateEndpoint report: $oneGateEndpoint" $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols [System.Net.ServicePointManager]::Expect100Continue = $false @@ -820,17 +914,15 @@ function reportReady() $response = $webRequest.getResponse() if ($response.StatusCode -eq 'OK') { - Write-Output ' ... Success' + logmsg ' ... Success' } else { - Write-Output ' ... Failed' - Write-Output $response.StatusCode + logmsg " ... Failed: $($response.StatusCode)" } } catch { $errorMessage = $_.Exception.Message - Write-Output ' ... Failed' - Write-Output $errorMessage + logmsg " ... Failed:`r`n$errorMessage" } } } @@ -844,7 +936,7 @@ function ejectContextCD($cdrom_drive) $eject_cdrom = $context['EJECT_CDROM'] if ($eject_cdrom -ne $null -and $eject_cdrom.ToUpper() -eq 'YES') { - Write-Output 'Ejecting context CD' + logmsg '* Ejecting context CD' try { $disk_master = New-Object -ComObject IMAPI2.MsftDiscMaster2 for ($cdrom_id = 0; $cdrom_id -lt $disk_master.Count; $cdrom_id++) { @@ -856,16 +948,35 @@ function ejectContextCD($cdrom_drive) } } } catch { - Write-Error "Failed to eject the CD: $_" + logmsg " ... Failed to eject the CD: $_" } } } -function removeContextFile($context_file) +function removeFile($file) { - if (Test-Path $context_file) { - Write-Output "Removing the 'context.sh' file" - Remove-Item $context_file + if ($file -ne "" -and (Test-Path $file)) { + logmsg "* Removing the file: ${file}" + Remove-Item $file -Force + } +} + +function pswrapper($path) +{ + # source: + # - http://cosmonautdreams.com/2013/09/03/Getting-Powershell-to-run-in-64-bit.html + # - https://ss64.com/nt/syntax-64bit.html + If ($env:PROCESSOR_ARCHITEW6432 -eq "AMD64") { + # This is only set in a x86 Powershell running on a 64bit Windows + + $realpath = [string]$(Resolve-Path "$path") + + # Run 64bit powershell as a subprocess and there execute the command + # + # NOTE: virtual subdir 'sysnative' exists only when running 32bit binary under 64bit system + & "$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile -Command "$realpath" + } Else { + & "$path" } } @@ -873,59 +984,51 @@ function removeContextFile($context_file) # Main ################################################################################ -# Check the working WMI -if (-Not (Get-WMIObject -ErrorAction SilentlyContinue Win32_Volume)) { - Write-Output "WMI not ready, exiting" - Stop-Transcript | Out-Null - exit 1 -} +# global variable pointing to the private .contextualization directory +$global:ctxDir="$env:SystemDrive\.onecontext" -Write-Output "Detecting contextualization data" -Write-Output "- Looking for CONTEXT ISO" +# Check, if above defined context directory exists +If ( !(Test-Path "$ctxDir") ) { + mkdir "$ctxDir" +} -# Get all drives and select only the one that has "CONTEXT" as a label -$contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } +# Move old logfile away - so we have a current log containing the output of the last boot +If ( Test-Path "$ctxDir\opennebula-context.log" ) { + mv "$ctxDir\opennebula-context.log" "$ctxDir\opennebula-context-old.log" +} -if ($contextDrive) { - Write-Output " ... Found" +# Start now logging to logfile +Start-Transcript -Append -Path "$ctxDir\opennebula-context.log" | Out-Null - # At this point we can obtain the letter of the contextDrive - $contextLetter = $contextDrive.Name - $contextScriptPath = $contextLetter + "context.sh" -} else { - Write-Output " ... Not found" - Write-Output "- Looking for VMware tools" +logmsg "* Running Script: $($MyInvocation.MyCommand.Path)" - # Try the VMware API - foreach ($pf in ${env:ProgramFiles}, ${env:ProgramFiles(x86)}, ${env:ProgramW6432}) { - $vmtoolsd = "${pf}\VMware\VMware Tools\vmtoolsd.exe" - if (Test-Path $vmtoolsd) { - Write-Output " ... Found in ${vmtoolsd}" - break - } else { - Write-Output " ... Not found in ${vmtoolsd}" - } - } +Set-ExecutionPolicy unrestricted -force # not needed if already done once on the VM +[string]$computerName = "$env:computername" +[string]$ConnectionString = "WinNT://$computerName" - $vmwareContext = "" - if (Test-Path $vmtoolsd) { - $vmwareContext = & $vmtoolsd --cmd "info-get guestinfo.opennebula.context" | Out-String - } +# Check the working WMI +if (-Not (Get-WMIObject -ErrorAction SilentlyContinue Win32_Volume)) { + logmsg "- WMI not ready, exiting" + Stop-Transcript | Out-Null + exit 1 +} - if ("$vmwareContext" -eq "") { - Write-Host "No contextualization data found" - Stop-Transcript | Out-Null - exit 1 - } +Write-Host "`r`n" -NoNewline +Write-Host "*********************************`r`n" -NoNewline +Write-Host "*** ENTERING THE SERVICE LOOP ***`r`n" -NoNewline +Write-Host "*********************************`r`n" -NoNewline +Write-Host "`r`n" -NoNewline - [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "$ctxDir\context.sh" "UTF8" - $contextScriptPath = "$ctxDir\context.sh" -} +# infinite loop +$checksum = "" +do { + # Stay in this wait-loop until context.sh emerges and its path is stored + $contextPaths = waitForContext($checksum) -# Execute script -if(Test-Path $contextScriptPath) { - $context = getContext $contextScriptPath + # Parse context file + $context = getContext $contextPaths.contextScriptPath + # Execute the contextualization actions extendPartitions setTimeZone $context addLocalUser $context @@ -933,17 +1036,27 @@ if(Test-Path $contextScriptPath) { enablePing configureNetwork $context renameComputer $context - runScripts $context $contextLetter + runScripts $context $contextPaths.contextLetter reportReady -} -# Cleanup at the end -if ($contextDrive) { - # Eject CD with 'context.sh' if requested - ejectContextCD $contextDrive -} else { - # Delete 'context.sh' if not on CD-ROM - removeContextFile $contextScriptPath -} + # Save the 'applied' context.sh checksum for the next recontextualization + logmsg "* Calculating the checksum of the file: $($contextPaths.contextScriptPath)" + $checksum = Get-FileHash -Algorithm SHA256 $contextPaths.contextScriptPath + logmsg " ... $($checksum.Hash)" + # and remove the file itself + removeFile $contextPaths.contextScriptPath + + # Cleanup at the end + if ($contextPaths.contextDrive) { + # Eject CD with 'context.sh' if requested + ejectContextCD $contextPaths.contextDrive + } else { + # Delete 'context.sh' if not on CD-ROM + removeFile $contextPaths.contextPath + } + + Write-Host "`r`n" -NoNewline + +} while ($true) Stop-Transcript | Out-Null From d95c65e966c732295f4649fe94eba43861758f1e Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Tue, 2 Mar 2021 15:00:28 +0100 Subject: [PATCH 096/122] F #88: Get unique Administrator user account name. Closes #88. --- src/context.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/context.ps1 b/src/context.ps1 index e6080991..d916a29f 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -184,7 +184,8 @@ function addLocalUser($context) # of this user. Use the User SID instead (S-1-5-21domain-500) $username = (Get-WmiObject -Class "Win32_UserAccount" | where { $_.SID -like "S-1-5-21[0-9-]*-500" } | - select -ExpandProperty Name) + select -ExpandProperty Name | + get-Unique -AsString) } logmsg "* Creating Account for $username" From 67884235bca0d4d3ffea86bbb9d0f030023fe611 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Tue, 2 Mar 2021 15:03:55 +0100 Subject: [PATCH 097/122] M #-: Ignore only rhsrvany.exe, not other *.exe --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index e4ba613a..6620fa1b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ out/ *.msi -*.exe +rhsrvany.exe *.un~ .idea From e318207ef2e695ea5fa63891c1d924aa0fe64b05 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Tue, 2 Mar 2021 15:06:01 +0100 Subject: [PATCH 098/122] M #-: Bump year and version --- README.md | 2 +- generate.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c3407af5..bbf69075 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ This addon is largely based upon the work by André Monteiro and Tiago Batista i ## License -Copyright 2002-2020, OpenNebula Project, OpenNebula Systems (formerly C12G Labs) +Copyright 2002-2021, OpenNebula Project, OpenNebula Systems (formerly C12G Labs) Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain diff --git a/generate.sh b/generate.sh index 08345d22..14d5ff4d 100755 --- a/generate.sh +++ b/generate.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # -------------------------------------------------------------------------- # -# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems # +# Copyright 2002-2021, OpenNebula Project, OpenNebula Systems # # # # Licensed under the Apache License, Version 2.0 (the "License"); you may # # not use this file except in compliance with the License. You may obtain # @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-5.12.0} +VERSION=${VERSION:-6.0.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" SRV_MANAGER="${SRV_MANAGER:-nssm}" From 725dc4125a70439d7f8c52fcc3fbf9c3610a3949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Wed, 3 Mar 2021 10:45:13 +0100 Subject: [PATCH 099/122] F #87: Fix REPORT_READY MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- src/context.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index d916a29f..d1bf3b3a 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -855,7 +855,7 @@ function extendPartitions() } } -function reportReady() +function reportReady($context, $contextLetter) { $reportReady = $context['REPORT_READY'] $oneGateEndpoint = $context['ONEGATE_ENDPOINT'] @@ -1038,7 +1038,7 @@ do { configureNetwork $context renameComputer $context runScripts $context $contextPaths.contextLetter - reportReady + reportReady $context $contextPaths.contextLetter # Save the 'applied' context.sh checksum for the next recontextualization logmsg "* Calculating the checksum of the file: $($contextPaths.contextScriptPath)" From 3a76947f1a6eb78bf55ecdac1598646f2104833d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Thu, 1 Apr 2021 17:57:52 +0200 Subject: [PATCH 100/122] F #52: Add support for INIT_SCRIPTS (#91) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * F #52: Add support for INIT_SCRIPTS Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #52: Sanitize init script filenames Signed-off-by: Petr Ospalý <pospaly@opennebula.io> * F #52: Refactor cleanup Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- src/context.ps1 | 115 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 82 insertions(+), 33 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index d1bf3b3a..b0d3999f 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -69,7 +69,8 @@ function waitForContext($checksum) contextScriptPath=$null ; contextPath=$null ; contextDrive=$null ; - contextLetter=$null + contextLetter=$null ; + contextInitScriptPath=$null } # How long to wait before another poll (in seconds) @@ -88,17 +89,18 @@ function waitForContext($checksum) logmsg "- Looking for CONTEXT ISO" # Reset the contextPath - $contextPath = "" + $contextPaths.contextPath = "" # Get all drives and select only the one that has "CONTEXT" as a label - $contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } + $contextPaths.contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } - if ($contextDrive) { + if ($contextPaths.contextDrive) { logmsg " ... Found" # At this point we can obtain the letter of the contextDrive - $contextLetter = $contextDrive.Name - $contextPath = $contextLetter + "context.sh" + $contextPaths.contextLetter = $contextPaths.contextDrive.Name + $contextPaths.contextPath = $contextPaths.contextLetter + "context.sh" + $contextPaths.contextInitScriptPath = $contextPaths.contextLetter } else { logmsg " ... Not found" logmsg "- Looking for VMware tools" @@ -121,18 +123,45 @@ function waitForContext($checksum) if ("$vmwareContext" -ne "") { [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareContext)) | Out-File "$ctxDir\context.sh" "UTF8" - $contextLetter = $env:SystemDrive + "\" - $contextPath = "$ctxDir\context.sh" + $contextPaths.contextLetter = $env:SystemDrive + "\" + $contextPaths.contextPath = "$ctxDir\context.sh" + $contextPaths.contextInitScriptPath = "$ctxDir\.init-scripts\" + + if (!(Test-Path $contextPaths.contextInitScriptPath)) { + mkdir $contextPaths.contextInitScriptPath + } + + # Look for INIT_SCRIPTS + $fileId = 0 + while ($true) { + $vmwareInitFilename = & $vmtoolsd --cmd "info-get guestinfo.opennebula.file.${fileId}" | Select-Object -First 1 | Out-String + + $vmwareInitFilename = $vmwareInitFilename.Trim() + + if ($vmwareInitFilename -eq "") { + # no file found + break + } + + $vmwareInitFileContent64 = & $vmtoolsd --cmd "info-get guestinfo.opennebula.file.${fileId}" | Select-Object -Skip 1 | Out-String + + # Sanitize the filenames (drop any path from them and instead use our directory) + $vmwareInitFilename = $contextPaths.contextInitScriptPath + [System.IO.Path]::GetFileName("$vmwareInitFilename") + + [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($vmwareInitFileContent64)) | Out-File "${vmwareInitFilename}" "UTF8" + + $fileId++ + } } } # Terminate the wait-loop only when context.sh is found and changed - if ([string]$contextPath -ne "" -and (Test-Path $contextPath)) { - logmsg "- Found contextualization data: $contextPath" + if ([string]$contextPaths.contextPath -ne "" -and (Test-Path $contextPaths.contextPath)) { + logmsg "- Found contextualization data: $($contextPaths.contextPath)" # Context must differ - if (contextChanged $contextPath $checksum) { + if (contextChanged $contextPaths.contextPath $checksum) { Break } else { logmsg "- Contextualization data were not changed" @@ -141,6 +170,9 @@ function waitForContext($checksum) logmsg "- No contextualization data found" } + logmsg " ... Cleanup for the next iteration ..." + cleanup $contextPaths + logmsg " ... Sleep for $($sleep)s ..." Write-Host "`r`n" -NoNewline Start-Sleep -Seconds $sleep @@ -155,13 +187,8 @@ function waitForContext($checksum) # make a copy of the context.sh in the case another event would happen and # trigger a new context.sh while still working on the previous one which # would result in a mismatched checksum... - $contextScriptPath = "$ctxDir\.opennebula-context.sh" - Copy-Item -Path $contextPath -Destination $contextScriptPath -Force - - $contextPaths.contextScriptPath = [string]$contextScriptPath - $contextPaths.contextPath = [string]$contextPath - $contextPaths.contextDrive = $contextDrive - $contextPaths.contextLetter = [string]$contextLetter + $contextPaths.contextScriptPath = "$ctxDir\.opennebula-context.sh" + Copy-Item -Path $contextPaths.contextPath -Destination $contextPaths.contextScriptPath -Force return $contextPaths } @@ -784,7 +811,7 @@ function doPing($ip, $retries=20) } } -function runScripts($context, $contextLetter) +function runScripts($context, $contextPaths) { logmsg "* Running Scripts" @@ -792,14 +819,11 @@ function runScripts($context, $contextLetter) $initscripts = $context["INIT_SCRIPTS"] if ($initscripts) { - # Parse each script and run it ForEach ($script in $initscripts.split(" ")) { - # If it is not an absolute path then try to assemble it - if (![System.IO.Path]::IsPathRooted($script)) { - $script = $contextLetter + $script - } + # Sanitize the filename (drop any path from them and instead use our directory) + $script = $contextPaths.contextInitScriptPath + [System.IO.Path]::GetFileName($script.Trim()) if (Test-Path $script) { logmsg "- $script" @@ -808,6 +832,15 @@ function runScripts($context, $contextLetter) } } + } else { + # Emulate the init.sh fallback behavior from Linux + $script = $contextPaths.contextInitScriptPath + "init.ps1" + + if (Test-Path $script) { + logmsg "- $script" + envContext($context) + pswrapper "$script" + } } # Execute START_SCRIPT or START_SCRIPT_64 @@ -958,7 +991,29 @@ function removeFile($file) { if ($file -ne "" -and (Test-Path $file)) { logmsg "* Removing the file: ${file}" - Remove-Item $file -Force + Remove-Item -Path $file -Force + } +} + +function removeDir($dir) +{ + if ($dir -ne "" -and (Test-Path $dir)) { + logmsg "* Removing the directory: ${dir}" + Remove-Item -Path $dir -Recurse -Force + } +} + +function cleanup($contextPaths) +{ + if ($contextPaths.contextDrive) { + # Eject CD with 'context.sh' if requested + ejectContextCD $contextPaths.contextDrive + } else { + # Delete 'context.sh' if not on CD-ROM + removeFile $contextPaths.contextPath + + # and downloaded init scripts + removeDir $contextPaths.contextInitScriptPath } } @@ -1037,7 +1092,7 @@ do { enablePing configureNetwork $context renameComputer $context - runScripts $context $contextPaths.contextLetter + runScripts $context $contextPaths reportReady $context $contextPaths.contextLetter # Save the 'applied' context.sh checksum for the next recontextualization @@ -1048,13 +1103,7 @@ do { removeFile $contextPaths.contextScriptPath # Cleanup at the end - if ($contextPaths.contextDrive) { - # Eject CD with 'context.sh' if requested - ejectContextCD $contextPaths.contextDrive - } else { - # Delete 'context.sh' if not on CD-ROM - removeFile $contextPaths.contextPath - } + cleanup $contextPaths Write-Host "`r`n" -NoNewline From 76e4f86676bdcdffd10400bbc265717d1f13ed21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Tue, 6 Apr 2021 14:51:41 +0200 Subject: [PATCH 101/122] F #85: Retry report READY=YES MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- src/context.ps1 | 80 +++++++++++++++++++++++++++++-------------------- 1 file changed, 47 insertions(+), 33 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index b0d3999f..20af053c 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -894,6 +894,8 @@ function reportReady($context, $contextLetter) $oneGateEndpoint = $context['ONEGATE_ENDPOINT'] $vmId = $context['VMID'] $token = $context['ONEGATE_TOKEN'] + $retryCount = 3 + $retryWaitPeriod = 10 if ($reportReady -and $reportReady.ToUpper() -eq 'YES') { logmsg '* Report Ready to OneGate' @@ -919,45 +921,57 @@ function reportReady($context, $contextLetter) } } - try { + $retryNumber = 1 + while ($true) { + try { + $body = 'READY=YES' + $target= $oneGateEndpoint + '/vm' + + [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) + $webRequest.Timeout = 10000 + $webRequest.Method = 'PUT' + $webRequest.Headers.Add('X-ONEGATE-TOKEN', $token) + $webRequest.Headers.Add('X-ONEGATE-VMID', $vmId) + $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) + $webRequest.ContentLength = $buffer.Length + + if ($oneGateEndpoint -ilike "https://*") { + #For reporting on HTTPS OneGateEndpoint + logmsg " ... Use HTTPS for OneGateEndpoint report: $oneGateEndpoint" + $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' + [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols + [System.Net.ServicePointManager]::Expect100Continue = $false + [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} + } - $body = 'READY=YES' - $target= $oneGateEndpoint + '/vm' - - [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) - $webRequest.Timeout = 10000 - $webRequest.Method = 'PUT' - $webRequest.Headers.Add('X-ONEGATE-TOKEN', $token) - $webRequest.Headers.Add('X-ONEGATE-VMID', $vmId) - $buffer = [System.Text.Encoding]::UTF8.GetBytes($body) - $webRequest.ContentLength = $buffer.Length - - if ($oneGateEndpoint -ilike "https://*") { - #For reporting on HTTPS OneGateEndpoint - logmsg " ... Use HTTPS for OneGateEndpoint report: $oneGateEndpoint" - $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' - [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols - [System.Net.ServicePointManager]::Expect100Continue = $false - [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} - } + $requestStream = $webRequest.GetRequestStream() + $requestStream.Write($buffer, 0, $buffer.Length) + $requestStream.Flush() + $requestStream.Close() - $requestStream = $webRequest.GetRequestStream() - $requestStream.Write($buffer, 0, $buffer.Length) - $requestStream.Flush() - $requestStream.Close() + $response = $webRequest.getResponse() + if ($response.StatusCode -eq 'OK') { + logmsg ' ... Success' + break + } else { + logmsg " ... Failed: $($response.StatusCode)" + } + } + catch { + $errorMessage = $_.Exception.Message + logmsg " ... Failed: $errorMessage" + } - $response = $webRequest.getResponse() - if ($response.StatusCode -eq 'OK') { - logmsg ' ... Success' + logmsg " ... Report ready failed (${retryNumber}. try out of ${retryCount})" + $retryNumber++ + if ($retryNumber -le $retryCount) { + logmsg " ... sleep for ${retryWaitPeriod} seconds and try again..." + Start-Sleep -Seconds $retryWaitPeriod } else { - logmsg " ... Failed: $($response.StatusCode)" + logmsg " ... All retries failed!" + break } } - catch { - $errorMessage = $_.Exception.Message - - logmsg " ... Failed:`r`n$errorMessage" - } } } From ebca687339118040d8cc89facf8c57f1d59daeb2 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Mon, 26 Apr 2021 13:25:38 +0200 Subject: [PATCH 102/122] M #-: GH Action for PowerShell linting --- .github/workflows/powershell.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/powershell.yml diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml new file mode 100644 index 00000000..144e729a --- /dev/null +++ b/.github/workflows/powershell.yml @@ -0,0 +1,27 @@ +name: PowerShell Linting + +on: [push, pull_request] + +jobs: + # https://docs.github.com/en/actions/guides/building-and-testing-powershell#using-psscriptanalyzer-to-lint-code + lint-with-PSScriptAnalyzer: + name: Install and run PSScriptAnalyzer + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Install PSScriptAnalyzer module + shell: pwsh + run: | + Set-PSRepository PSGallery -InstallationPolicy Trusted + Install-Module PSScriptAnalyzer -ErrorAction Stop + - name: Lint with PSScriptAnalyzer + shell: pwsh + run: | + Invoke-ScriptAnalyzer -Path *.ps1 -Recurse -Outvariable issues + $errors = $issues.Where({$_.Severity -eq 'Error'}) + $warnings = $issues.Where({$_.Severity -eq 'Warning'}) + if ($errors) { + Write-Error "There were $($errors.Count) errors and $($warnings.Count) warnings total." -ErrorAction Stop + } else { + Write-Output "There were $($errors.Count) errors and $($warnings.Count) warnings total." + } From 7d69f58992ea364386b734947e59bbae24196012 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Mon, 26 Apr 2021 13:29:09 +0200 Subject: [PATCH 103/122] M #-: Update GH Action source path --- .github/workflows/powershell.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml index 144e729a..d241bde4 100644 --- a/.github/workflows/powershell.yml +++ b/.github/workflows/powershell.yml @@ -17,7 +17,7 @@ jobs: - name: Lint with PSScriptAnalyzer shell: pwsh run: | - Invoke-ScriptAnalyzer -Path *.ps1 -Recurse -Outvariable issues + Invoke-ScriptAnalyzer -Path src/*.ps1 -Recurse -Outvariable issues $errors = $issues.Where({$_.Severity -eq 'Error'}) $warnings = $issues.Where({$_.Severity -eq 'Warning'}) if ($errors) { From 3a19759d59385276a7ebf34e336a17570cb54b56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Ospal=C3=BD?= <pospaly@opennebula.io> Date: Mon, 17 May 2021 14:31:53 +0200 Subject: [PATCH 104/122] F OpenNebula/one#4257: Add support for other disk resize (#94) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit New context variable 'GROW_FS' which can contain other paths defined by drive letters (colon and slash is optional, e.g.: F, G:, H:\) - disk C is added by default as 'C:'. To match the behavior on the Linux another context variable is added: 'GROW_ROOTFS' which will default to 'YES' and it means that disk C is by default always extended. Signed-off-by: Petr Ospalý <pospaly@opennebula.io> --- src/context.ps1 | 57 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 49 insertions(+), 8 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index 20af053c..c8b511e9 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -871,20 +871,61 @@ function extendPartition($disk, $part) "select disk $disk","select partition $part","extend" | diskpart | Out-Null } -function extendPartitions() +function extendPartitions($context) { logmsg "* Extend partitions" "rescan" | diskpart - #$diskIds = ((wmic diskdrive get Index | Select-String "[0-9]+") -replace '\D','') - $diskId = 0 + $disks = @() - #$partIds = ((wmic partition where DiskIndex=$diskId get Index | Select-String "[0-9]+") -replace '\D','' | %{[int]$_ + 1}) - $partIds = "select disk $diskId", "list partition" | diskpart | Select-String -Pattern "^\s+\w+ (\d+)\s+" -AllMatches | %{$_.matches.groups[1].Value} + # Cmdlet 'Get-Partition' is not in older Windows/Powershell versions + if (Get-Command -errorAction SilentlyContinue -Name Get-Partition) { + if ([string]$context['GROW_ROOTFS'] -eq '' -or $context['GROW_ROOTFS'].ToUpper() -eq 'YES') { + # Add at least C: + $drives = "C: $($context['GROW_FS'])" + } else { + $drives = "$($context['GROW_FS'])" + } - ForEach ($partId in $partIds) { - extendPartition $diskId $partId + $driveLetters = (-split $drives | Select-String -Pattern "^(\w):?[\/]?$" -AllMatches | %{$_.matches.groups[1].Value} | Sort-Object -Unique) + + ForEach ($driveLetter in $driveLetters) { + $disk = New-Object PsObject -Property @{ + name=$null; + diskId=$null ; + partIds=@() + } + # TODO: in the future an AccessPath can be used instead of just DriveLetter + $drive = (Get-Partition -DriveLetter $driveLetter) + $disk.name = "$driveLetter" + ':' + $disk.diskId = $drive.DiskNumber + $disk.partIds += $drive.PartitionNumber + $disks += $disk + } + } Else { + # always resize at least the disk 0 + $disk = New-Object PsObject -Property @{ + name=$null; + diskId=0 ; + partIds=@() + } + + # select all parts - preserve old behavior for disk 0 + $disk.partIds = "select disk $($disk.diskId)", "list partition" | diskpart | Select-String -Pattern "^\s+\w+ (\d+)\s+" -AllMatches | %{$_.matches.groups[1].Value} + $disks += $disk + } + + # extend all requested disk/part + ForEach ($disk in $disks) { + ForEach ($partId in $disk.partIds) { + if ($disk.name) { + logmsg "- Extend ($($disk.name)) Disk: $($disk.diskId) / Part: $partId" + } Else { + logmsg "- Extend Disk: $($disk.diskId) / Part: $partId" + } + extendPartition $disk.diskId $partId + } } } @@ -1099,7 +1140,7 @@ do { $context = getContext $contextPaths.contextScriptPath # Execute the contextualization actions - extendPartitions + extendPartitions $context setTimeZone $context addLocalUser $context enableRemoteDesktop From 9a24213d40c21219c53cca05140d42facfe999e0 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Mon, 17 May 2021 17:06:07 +0200 Subject: [PATCH 105/122] M #-: Bump version to 6.1.80 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 14d5ff4d..b6a5d7b2 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-6.0.0} +VERSION=${VERSION:-6.1.80} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" SRV_MANAGER="${SRV_MANAGER:-nssm}" From 9e7f541aac1b445960c9b75f1bf024c933d9fc5d Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Mon, 13 Sep 2021 14:34:02 +0200 Subject: [PATCH 106/122] F OpenNebula/addon-context-linux#86: Update GATEWAY6 to IP6_GATEWAY --- README.md | 1 + src/context.ps1 | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bbf69075..2e040d9b 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ For beta releases, refer to the latest * latest [msitools](https://wiki.gnome.org/msitools) * binary [nssm.exe](https://nssm.cc/) [present] * binary [rhsrvany.exe](https://github.com/rwmjones/rhsrvany) [optional] +* `mkisofs` The service manager **NSSM** is the preferred tool to manage services because it handles long running services better and more correctly (srvany/rhsrvany diff --git a/src/context.ps1 b/src/context.ps1 index c8b511e9..aebc66eb 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -301,7 +301,8 @@ function configureNetwork($context) $ip6Key = $nicPrefix + "IP6" $ip6ULAKey = $nicPrefix + "IP6_ULA" $ip6PrefixKey = $nicPrefix + "IP6_PREFIX_LENGTH" - $gw6Key = $nicPrefix + "GATEWAY6" + $ip6GwKey = $nicPrefix + "IP6_GATEWAY" + $gw6Key = $nicPrefix + "GATEWAY6" # backward compatibility $mtuKey = $nicPrefix + "MTU" $metricKey = $nicPrefix + "METRIC" @@ -319,7 +320,7 @@ function configureNetwork($context) $ip6 = $context[$ip6Key] $ip6ULA = $context[$ip6ULAKey] $ip6Prefix = $context[$ip6PrefixKey] - $gw6 = $context[$gw6Key] + $ip6Gw = $context[$ip6GwKey] $mac = $mac.ToUpper() if (!$netmask) { @@ -328,6 +329,9 @@ function configureNetwork($context) if (!$ip6Prefix) { $ip6Prefix = "64" } + if (!$ip6Gw) { + $ip6Gw = $context[$gw6Key] + } if (!$network) { $network = $ip -replace "\.[^.]+$", ".0" } @@ -511,9 +515,9 @@ function configureNetwork($context) } # Set IPv6 Gateway - if ($gw6) { + if ($ip6Gw) { logmsg "- Set IPv6 Gateway" - netsh interface ipv6 add route ::/0 $na.NetConnectionId $gw6 + netsh interface ipv6 add route ::/0 $na.NetConnectionId $ip6Gw If ($?) { logmsg " ... Success" From a37502d66492f97db8e20e987c96c4714dcb1942 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Thu, 30 Sep 2021 16:20:08 +0200 Subject: [PATCH 107/122] F OpenNebula/addon-context-linux#86: Support IP conf. methods, IP6_METRIC --- src/context.ps1 | 548 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 362 insertions(+), 186 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index aebc66eb..4f74ea2c 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -280,47 +280,31 @@ function configureNetwork($context) { # Get the NIC in the Context - $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_IP6?$'} | ForEach-Object {$_ -replace '(^ETH|_IP$|_IP6$)',''} | Sort-Object -Unique) + $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_MAC$'} | ForEach-Object {$_ -replace '(^ETH|_MAC$)',''} | Sort-Object -Unique) $nicId = 0; foreach ($nicId in $nicIds) { - # Retrieve data from Context - $nicIpKey = "ETH" + $nicId + "_IP" - $nicIp6Key = "ETH" + $nicId + "_IP6" $nicPrefix = "ETH" + $nicId + "_" - $ipKey = $nicPrefix + "IP" - $netmaskKey = $nicPrefix + "MASK" - $macKey = $nicPrefix + "MAC" - $dnsKey = $nicPrefix + "DNS" - $dnsSuffixKey = $nicPrefix + "SEARCH_DOMAIN" - $gatewayKey = $nicPrefix + "GATEWAY" - $networkKey = $nicPrefix + "NETWORK" - - $ip6Key = $nicPrefix + "IP6" - $ip6ULAKey = $nicPrefix + "IP6_ULA" - $ip6PrefixKey = $nicPrefix + "IP6_PREFIX_LENGTH" - $ip6GwKey = $nicPrefix + "IP6_GATEWAY" - $gw6Key = $nicPrefix + "GATEWAY6" # backward compatibility - $mtuKey = $nicPrefix + "MTU" - $metricKey = $nicPrefix + "METRIC" - - $ip = $context[$ipKey] - $netmask = $context[$netmaskKey] - $mac = $context[$macKey] - $dns = (($context[$dnsKey] -split " " | Where {$_ -match '^(([0-9]*).?){4}$'}) -join ' ') - $dns6 = (($context[$dnsKey] -split " " | Where {$_ -match '^(([0-9A-F]*):?)*$'}) -join ' ') - $dnsSuffix = $context[$dnsSuffixKey] - $gateway = $context[$gatewayKey] - $network = $context[$networkKey] - $mtu = $context[$mtuKey] - $metric = $context[$metricKey] - - $ip6 = $context[$ip6Key] - $ip6ULA = $context[$ip6ULAKey] - $ip6Prefix = $context[$ip6PrefixKey] - $ip6Gw = $context[$ip6GwKey] + $method = $context[$nicPrefix + 'METHOD'] + $ip = $context[$nicPrefix + 'IP'] + $netmask = $context[$nicPrefix + 'MASK'] + $mac = $context[$nicPrefix + 'MAC'] + $dns = (($context[$nicPrefix + 'DNS'] -split " " | Where {$_ -match '^(([0-9]*).?){4}$'}) -join ' ') + $dns6 = (($context[$nicPrefix + 'DNS'] -split " " | Where {$_ -match '^(([0-9A-F]*):?)*$'}) -join ' ') + $dnsSuffix = $context[$nicPrefix + 'SEARCH_DOMAIN'] + $gateway = $context[$nicPrefix + 'GATEWAY'] + $network = $context[$nicPrefix + 'NETWORK'] + $mtu = $context[$nicPrefix + 'MTU'] + $metric = $context[$nicPrefix + 'METRIC'] + + $ip6Method = $context[$nicPrefix + 'IP6_METHOD'] + $ip6 = $context[$nicPrefix + 'IP6'] + $ip6ULA = $context[$nicPrefix + 'IP6_ULA'] + $ip6Prefix = $context[$nicPrefix + 'IP6_PREFIX_LENGTH'] + $ip6Gw = $context[$nicPrefix + 'IP6_GATEWAY'] + $ip6Metric = $context[$nicPrefix + 'IP6_METRIC'] $mac = $mac.ToUpper() if (!$netmask) { @@ -330,7 +314,12 @@ function configureNetwork($context) $ip6Prefix = "64" } if (!$ip6Gw) { - $ip6Gw = $context[$gw6Key] + # Backward compatibility, new context parameter + # ETHx_IP6_GATEWAY introduced since 6.2 + $ip6Gw = $context[$nicPrefix + 'GATEWAY6'] + } + if (!$ip6Metric) { + $ip6Metric = $metric } if (!$network) { $network = $ip -replace "\.[^.]+$", ".0" @@ -339,6 +328,14 @@ function configureNetwork($context) $gateway = $ip -replace "\.[^.]+$", ".1" } + # default NIC configuration methods + if (!$method) { + $method = 'static' + } + if (!$ip6Method) { + $ip6Method = $method + } + # Load the NIC Configuration Object $nic = $false $retry = 30 @@ -355,203 +352,333 @@ function configureNetwork($context) Continue } - logmsg ("* Configuring Network Settings: " + $nic.Description.ToString()) + # We need the connection ID (i.e. "Local Area Connection", + # which can be discovered from the NetworkAdapter object + $na = Get-WMIObject Win32_NetworkAdapter | ` + where {$_.deviceId -eq $nic.index} - # Release the DHCP lease, will fail if adapter not DHCP Configured - logmsg "- Release DHCP Lease" - $ret = $nic.ReleaseDHCPLease() - If ($ret.ReturnValue) { - logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { - logmsg " ... Success" + If (!$na) { + logmsg ("* Configuring Network Settings: " + $mac) + logmsg (" ... Failed: Network Adapter not found") + Continue } - if ($ip) { - # set static IP address and retry for few times if there was a problem - # with acquiring write lock (2147786788) for network configuration - # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx - logmsg "- Set Static IP" - $retry = 10 - do { - $retry-- - Start-Sleep -s 1 - $ret = $nic.EnableStatic($ip , $netmask) - } while ($ret.ReturnValue -eq 2147786788 -and $retry); - If ($ret.ReturnValue) { - logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { - logmsg " ... Success" - } + logmsg ("* Configuring Network Settings: " + $nic.Description.ToString()) + + # Flag to indicate if any IPv4/6 configuration was placed + $set_ip_conf = $false + + # IPv4 Configuration Methods + Switch -Regex ($method) + { + '^\s*static\s*$' { + if ($ip) { + # Release the DHCP lease, will fail if adapter not DHCP Configured + logmsg "- Release DHCP Lease" + $ret = $nic.ReleaseDHCPLease() + If ($ret.ReturnValue) { + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + logmsg " ... Success" + } - # Set IPv4 MTU - if ($mtu) { - logmsg "- Set MTU: ${mtu}" - netsh interface ipv4 set interface $nic.InterfaceIndex mtu=$mtu + # set static IP address and retry for few times if there was a problem + # with acquiring write lock (2147786788) for network configuration + # https://msdn.microsoft.com/en-us/library/aa390383(v=vs.85).aspx + logmsg "- Set Static IP" + $retry = 10 + do { + $retry-- + Start-Sleep -s 1 + $ret = $nic.EnableStatic($ip , $netmask) + } while ($ret.ReturnValue -eq 2147786788 -and $retry); + If ($ret.ReturnValue) { + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + logmsg " ... Success" + } - If ($?) { - logmsg " ... Success" - } Else { - logmsg " ... Failed" - } - } + # Set IPv4 MTU + if ($mtu) { + logmsg "- Set MTU: ${mtu}" + netsh interface ipv4 set interface $nic.InterfaceIndex mtu=$mtu - if ($gateway) { + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } + } - # Set the Gateway - if ($metric) { - logmsg "- Set Gateway with metric" - $ret = $nic.SetGateways($gateway, $metric) - } Else { - logmsg "- Set Gateway" - $ret = $nic.SetGateways($gateway) + # Set the Gateway + if ($gateway) { + if ($metric) { + logmsg "- Set Gateway with metric" + $ret = $nic.SetGateways($gateway, $metric) + } Else { + logmsg "- Set Gateway" + $ret = $nic.SetGateways($gateway) + } + + If ($ret.ReturnValue) { + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + logmsg " ... Success" + } + } + + # Set DNS servers + If ($dns) { + $dnsServers = $dns -split " " + + # DNS Server Search Order + logmsg "- Set DNS Server Search Order" + $ret = $nic.SetDNSServerSearchOrder($dnsServers) + If ($ret.ReturnValue) { + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + logmsg " ... Success" + } + + # Set Dynamic DNS Registration + logmsg "- Set Dynamic DNS Registration" + $ret = $nic.SetDynamicDNSRegistration("TRUE") + If ($ret.ReturnValue) { + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + logmsg " ... Success" + } + + # WINS Addresses + # $nic.SetWINSServer($DNSServers[0], $DNSServers[1]) + } + + # Set DNS domain/search order + if ($dnsSuffix) { + $dnsSuffixes = $dnsSuffix -split " " + + # Set DNS Suffix Search Order + logmsg "- Set DNS Suffix Search Order" + $ret = ([WMIClass]"Win32_NetworkAdapterConfiguration").SetDNSSuffixSearchOrder(($dnsSuffixes)) + If ($ret.ReturnValue) { + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + logmsg " ... Success" + } + + # Set Primary DNS Domain + logmsg "- Set Primary DNS Domain" + $ret = $nic.SetDNSDomain($dnsSuffixes[0]) + If ($ret.ReturnValue) { + logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + } Else { + logmsg " ... Success" + } + } + + $set_ip_conf = $true + } else { + logmsg "- No static IPv4 configuration provided, skipping" } + } + + '^\s*dhcp\s*$' { + # Enable DHCP + logmsg "- Enable DHCP" + $ret = $nic.EnableDHCP() + # TODO: 1 ... Successful completion, reboot required If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { logmsg " ... Success" } - If ($dns) { - - # DNS Servers - $dnsServers = $dns -split " " + # Set IPv4 MTU + if ($mtu) { + logmsg "- Set MTU: ${mtu}" + netsh interface ipv4 set interface $nic.InterfaceIndex mtu=$mtu - # DNS Server Search Order - logmsg "- Set DNS Server Search Order" - $ret = $nic.SetDNSServerSearchOrder($dnsServers) - If ($ret.ReturnValue) { - logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + If ($?) { logmsg " ... Success" - } - - # Set Dynamic DNS Registration - logmsg "- Set Dynamic DNS Registration" - $ret = $nic.SetDynamicDNSRegistration("TRUE") - If ($ret.ReturnValue) { - logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) } Else { - logmsg " ... Success" + logmsg " ... Failed" } - - # WINS Addresses - # $nic.SetWINSServer($DNSServers[0], $DNSServers[1]) } - if ($dnsSuffix) { + $set_ip_conf = $true + } - # DNS Suffixes - $dnsSuffixes = $dnsSuffix -split " " + '\s*skip\s*$' { + logmsg "- Skipped IPv4 configuration as requested in method (${nicPrefix}METHOD=${method})" + } - # Set DNS Suffix Search Order - logmsg "- Set DNS Suffix Search Order" - $ret = ([WMIClass]"Win32_NetworkAdapterConfiguration").SetDNSSuffixSearchOrder(($dnsSuffixes)) - If ($ret.ReturnValue) { - logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + Default { + logmsg "- Unknown IPv4 method (${nicPrefix}METHOD=${method}), skipping configuration" + } + } + + # IPv6 Configuration Methods + Switch -Regex ($ip6Method) + { + '^\s*static\s*$' { + if ($ip6) { + enableIPv6 + disableIPv6Privacy + + # Disable router discovery + logmsg "- Disable IPv6 router discovery" + netsh interface ipv6 set interface $na.NetConnectionId ` + advertise=disabled routerdiscover=disabled | Out-Null + + If ($?) { logmsg " ... Success" + } Else { + logmsg " ... Failed" } - # Set Primary DNS Domain - logmsg "- Set Primary DNS Domain" - $ret = $nic.SetDNSDomain($dnsSuffixes[0]) - If ($ret.ReturnValue) { - logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) + # Remove old IPv6 addresses + logmsg "- Removing old IPv6 addresses" + if (Get-Command Remove-NetIPAddress -errorAction SilentlyContinue) { + # Windows 8.1 and Server 2012 R2 and up + # we want to remove everything except the link-local address + Remove-NetIPAddress -InterfaceAlias $na.NetConnectionId ` + -AddressFamily IPv6 -Confirm:$false ` + -PrefixOrigin Other,Manual,Dhcp,RouterAdvertisement ` + -errorAction SilentlyContinue + + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Nothing to do" + } } Else { + logmsg " ... Not implemented" + } + + # Set IPv6 Address + logmsg "- Set IPv6 Address" + netsh interface ipv6 add address $na.NetConnectionId $ip6/$ip6Prefix + If ($? -And $ip6ULA) { + netsh interface ipv6 add address $na.NetConnectionId $ip6ULA/64 + } + + If ($?) { logmsg " ... Success" + } Else { + logmsg " ... Failed" } - } - } - } - if ($ip6) { - # We need the connection ID (i.e. "Local Area Connection", - # which can be discovered from the NetworkAdapter object - $na = Get-WMIObject Win32_NetworkAdapter | ` - where {$_.deviceId -eq $nic.index} + # Set IPv6 Gateway + if ($ip6Gw) { + if ($ip6Metric) { + logmsg "- Set IPv6 Gateway with metric" + netsh interface ipv6 add route ::/0 $na.NetConnectionId $ip6Gw metric="${ip6Metric}" + } else { + logmsg "- Set IPv6 Gateway" + netsh interface ipv6 add route ::/0 $na.NetConnectionId $ip6Gw + } + + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } + } + # Set IPv6 MTU + if ($mtu) { + logmsg "- Set IPv6 MTU: ${mtu}" + netsh interface ipv6 set interface $nic.InterfaceIndex mtu=$mtu - # Disable router discovery - logmsg "- Disable IPv6 router discovery" - netsh interface ipv6 set interface $na.NetConnectionId ` - advertise=disabled routerdiscover=disabled | Out-Null + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } + } - If ($?) { - logmsg " ... Success" - } Else { - logmsg " ... Failed" - } + # Remove old IPv6 DNS Servers + logmsg "- Removing old IPv6 DNS Servers" + netsh interface ipv6 set dnsservers $na.NetConnectionId source=static address= + + If ($dns6) { + # Set IPv6 DNS Servers + logmsg "- Set IPv6 DNS Servers" + $dns6Servers = $dns6 -split " " + foreach ($dns6Server in $dns6Servers) { + netsh interface ipv6 add dnsserver $na.NetConnectionId address=$dns6Server + } + } - # Remove old IPv6 addresses - logmsg "- Removing old IPv6 addresses" - if (Get-Command Remove-NetIPAddress -errorAction SilentlyContinue) { - # Windows 8.1 and Server 2012 R2 and up - # we want to remove everything except the link-local address - Remove-NetIPAddress -InterfaceAlias $na.NetConnectionId ` - -AddressFamily IPv6 -Confirm:$false ` - -PrefixOrigin Other,Manual,Dhcp,RouterAdvertisement ` - -errorAction SilentlyContinue + $set_ip_conf = $true - If ($?) { - logmsg " ... Success" - } Else { - logmsg " ... Nothing to do" + doPing($ip6) + } else { + logmsg "- No static IPv6 configuration provided, skipping" } - } Else { - logmsg " ... Not implemented" - } - - # Set IPv6 Address - logmsg "- Set IPv6 Address" - netsh interface ipv6 add address $na.NetConnectionId $ip6/$ip6Prefix - If ($? -And $ip6ULA) { - netsh interface ipv6 add address $na.NetConnectionId $ip6ULA/64 } - If ($?) { - logmsg " ... Success" - } Else { - logmsg " ... Failed" - } + '^\s*(auto|dhcp)\s*$' { + enableIPv6 + disableIPv6Privacy + + # Enable router discovery + logmsg "- Enable IPv6 router discovery" + netsh interface ipv6 set interface $na.NetConnectionId ` + advertise=disabled routerdiscover=enabled | Out-Null + + # Run of DHCPv6 client is controlled by RA managed/other + # flags, we can't we can't independently enable/disable DHCPv6 + # client. So at least we release the address allocated + # through DHCPv6 in auto mode. See + # https://serverfault.com/questions/692291/disable-dhcpv6-client-in-windows + if ($ip6Method -match '^\s*auto\s*$') { + logmsg "- Release DHCPv6 Lease (selected method auto, not dhcp!)" + ipconfig /release6 $na.NetConnectionId + + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } + } - # Set IPv6 Gateway - if ($ip6Gw) { - logmsg "- Set IPv6 Gateway" - netsh interface ipv6 add route ::/0 $na.NetConnectionId $ip6Gw + # Set IPv6 MTU + if ($mtu) { + logmsg "- Set IPv6 MTU: ${mtu}" + logmsg "WARNING: MTU will be overwritten if announced as part of RA!" + netsh interface ipv6 set interface $nic.InterfaceIndex mtu=$mtu - If ($?) { - logmsg " ... Success" - } Else { - logmsg " ... Failed" + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } } - } - # Set IPv6 MTU - if ($mtu) { - logmsg "- Set IPv6 MTU: ${mtu}" - netsh interface ipv6 set interface $nic.InterfaceIndex mtu=$mtu + $set_ip_conf = $true + } - If ($?) { - logmsg " ... Success" - } Else { - logmsg " ... Failed" - } + '^\s*disable\s*$' { + disableIPv6 } - # Remove old IPv6 DNS Servers - logmsg "- Removing old IPv6 DNS Servers" - netsh interface ipv6 set dnsservers $na.NetConnectionId source=static address= + '\s*skip\s*$' { + logmsg "- Skipped IPv6 configuration as requested in method (${nicPrefix}IP6_METHOD=${ip6Method})" + } - If ($dns6) { - # Set IPv6 DNS Servers - logmsg "- Set IPv6 DNS Servers" - $dns6Servers = $dns6 -split " " - foreach ($dns6Server in $dns6Servers) { - netsh interface ipv6 add dnsserver $na.NetConnectionId address=$dns6Server - } + Default { + logmsg "- Unknown IPv6 method (${nicPrefix}IP6_METHOD=${ip6Method}), skipping configuration" } + } + + ### - doPing($ip6) + # If no IP configuration happened, we skip + # configuring additional IP addresses (aliases) + If ($set_ip_conf -eq $false) { + logmsg "- Skipped IP aliases configuration due to missing main IP" + Continue } # Get the aliases for the NIC in the Context @@ -815,6 +942,55 @@ function doPing($ip, $retries=20) } } +function disableIPv6Privacy() +{ + # Disable Randomization of IPv6 addresses (use EUI-64) + logmsg "- Globally disable IPv6 Identifiers Randomization" + netsh interface ipv6 set global randomizeidentifiers=disable + + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } + + # Disable IPv6 Privacy Extensions (temporary addresses) + logmsg "- Globally disable IPv6 Privacy Extensions" + netsh interface ipv6 set privacy state=disabled + + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } +} + +function enableIPv6() +{ + logmsg '- Enabling IPv6' + + Enable-NetAdapterBinding -Name $na.NetConnectionId -ComponentID ms_tcpip6 + + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } +} + +function disableIPv6() +{ + logmsg '- Disabling IPv6' + + Disable-NetAdapterBinding -Name $na.NetConnectionId -ComponentID ms_tcpip6 + + If ($?) { + logmsg " ... Success" + } Else { + logmsg " ... Failed" + } +} + function runScripts($context, $contextPaths) { logmsg "* Running Scripts" From f134c26f522b7fbd53df668da023f979d40b47e6 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Fri, 8 Oct 2021 16:42:56 +0200 Subject: [PATCH 108/122] M #-: Typo in comment --- src/context.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/context.ps1 b/src/context.ps1 index 4f74ea2c..7ac55f7e 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -628,7 +628,7 @@ function configureNetwork($context) advertise=disabled routerdiscover=enabled | Out-Null # Run of DHCPv6 client is controlled by RA managed/other - # flags, we can't we can't independently enable/disable DHCPv6 + # flags, we can't independently enable/disable DHCPv6 # client. So at least we release the address allocated # through DHCPv6 in auto mode. See # https://serverfault.com/questions/692291/disable-dhcpv6-client-in-windows From d6c362e9ef746378d245a6d2c09b797355bddd7c Mon Sep 17 00:00:00 2001 From: Vlastimil Holer <vholer@opennebula.io> Date: Thu, 21 Oct 2021 11:05:14 +0200 Subject: [PATCH 109/122] M #-: Bump version to 6.2.0 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index b6a5d7b2..1171308b 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-6.1.80} +VERSION=${VERSION:-6.2.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" SRV_MANAGER="${SRV_MANAGER:-nssm}" From b73381f885a92e001c0c9211d0d9a2a5e5cf193b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C4=81nis=20Veinbergs?= <j.veinbergs@gmail.com> Date: Thu, 27 Oct 2022 13:47:06 +0000 Subject: [PATCH 110/122] Fix #97 where EJECT_CDROM won't work on Core edition. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jānis Veinbergs <j.veinbergs@gmail.com> --- src/context.ps1 | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index 7ac55f7e..2fabde4c 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -1207,14 +1207,12 @@ function ejectContextCD($cdrom_drive) if ($eject_cdrom -ne $null -and $eject_cdrom.ToUpper() -eq 'YES') { logmsg '* Ejecting context CD' try { - $disk_master = New-Object -ComObject IMAPI2.MsftDiscMaster2 - for ($cdrom_id = 0; $cdrom_id -lt $disk_master.Count; $cdrom_id++) { - $disk_recorder = New-Object -ComObject IMAPI2.MsftDiscRecorder2 - $disk_recorder.InitializeDiscRecorder($disk_master.Item($cdrom_id)) - if ($disk_recorder.VolumeName -eq $cdrom_drive.DeviceID) { - $disk_recorder.EjectMedia() - break - } + #https://learn.microsoft.com/en-us/windows/win32/api/shldisp/ne-shldisp-shellspecialfolderconstants + $ssfDRIVES = 0x11 + $sh = New-Object -ComObject "Shell.Application" + $sh.Namespace($ssfDRIVES).Items() | Where-Object { $_.Type -eq "CD Drive" -and $_.Path -eq $cdrom_drive.Name } | ForEach-Object { + $_.InvokeVerb("Eject") + logmsg " ... Ejected $($cdrom_drive.Name)" } } catch { logmsg " ... Failed to eject the CD: $_" From 9e891a7736ae316ab216e3a0ea8c8cdd9591e963 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Fri, 25 Nov 2022 13:28:50 -0600 Subject: [PATCH 111/122] F OpenNebula/addon-context-windows#99: Remove irrelevant logging --- src/context.ps1 | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index 7ac55f7e..53c2c568 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -85,8 +85,6 @@ function waitForContext($checksum) Write-Host "`r`n" -NoNewline do { - logmsg "* Detecting contextualization data" - logmsg "- Looking for CONTEXT ISO" # Reset the contextPath $contextPaths.contextPath = "" @@ -95,24 +93,18 @@ function waitForContext($checksum) $contextPaths.contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } if ($contextPaths.contextDrive) { - logmsg " ... Found" # At this point we can obtain the letter of the contextDrive $contextPaths.contextLetter = $contextPaths.contextDrive.Name $contextPaths.contextPath = $contextPaths.contextLetter + "context.sh" $contextPaths.contextInitScriptPath = $contextPaths.contextLetter } else { - logmsg " ... Not found" - logmsg "- Looking for VMware tools" # Try the VMware API foreach ($pf in ${env:ProgramFiles}, ${env:ProgramFiles(x86)}, ${env:ProgramW6432}) { $vmtoolsd = "${pf}\VMware\VMware Tools\vmtoolsd.exe" if (Test-Path $vmtoolsd) { - logmsg " ... Found in ${vmtoolsd}" break - } else { - logmsg " ... Not found in ${vmtoolsd}" } } @@ -158,22 +150,15 @@ function waitForContext($checksum) # Terminate the wait-loop only when context.sh is found and changed if ([string]$contextPaths.contextPath -ne "" -and (Test-Path $contextPaths.contextPath)) { - logmsg "- Found contextualization data: $($contextPaths.contextPath)" # Context must differ if (contextChanged $contextPaths.contextPath $checksum) { Break - } else { - logmsg "- Contextualization data were not changed" } - } else { - logmsg "- No contextualization data found" } - logmsg " ... Cleanup for the next iteration ..." cleanup $contextPaths - logmsg " ... Sleep for $($sleep)s ..." Write-Host "`r`n" -NoNewline Start-Sleep -Seconds $sleep } while ($true) From 3dfd6d8ba38e85f7feac1ac6b3fd1e8cf424a441 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Tue, 29 Nov 2022 08:29:51 -0600 Subject: [PATCH 112/122] F OpenNebula/addon-context-windows#99: Remove irrelevant logging --- src/context.ps1 | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index 53c2c568..bae5f0ec 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -36,7 +36,6 @@ function logmsg($message) function getContext($file) { - logmsg "* Loading Context File" $context = @{} switch -regex -file $file { "^([^=]+)='(.+?)'$" { @@ -76,14 +75,6 @@ function waitForContext($checksum) # How long to wait before another poll (in seconds) $sleep = 30 - logmsg "* Starting a wait-loop with the interval of $sleep seconds..." - - Write-Host "`r`n" -NoNewline - Write-Host "***********************`r`n" -NoNewline - Write-Host "*** WAIT-LOOP START ***`r`n" -NoNewline - Write-Host "***********************`r`n" -NoNewline - Write-Host "`r`n" -NoNewline - do { # Reset the contextPath @@ -163,12 +154,6 @@ function waitForContext($checksum) Start-Sleep -Seconds $sleep } while ($true) - Write-Host "`r`n" -NoNewline - Write-Host "***********************`r`n" -NoNewline - Write-Host "*** WAIT-LOOP END ***`r`n" -NoNewline - Write-Host "***********************`r`n" -NoNewline - Write-Host "`r`n" -NoNewline - # make a copy of the context.sh in the case another event would happen and # trigger a new context.sh while still working on the previous one which # would result in a mismatched checksum... From f537d3d968c2c81d9e15f62184dac3645acb1f88 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Fri, 2 Dec 2022 08:53:20 -0600 Subject: [PATCH 113/122] F OpenNebula/addon-context-windows#102: Check nulls --- src/context.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index bae5f0ec..ea8cb75b 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -140,7 +140,7 @@ function waitForContext($checksum) } # Terminate the wait-loop only when context.sh is found and changed - if ([string]$contextPaths.contextPath -ne "" -and (Test-Path $contextPaths.contextPath)) { + if (![string]::IsNullOrEmpty($contextPaths.contextPath) -and (Test-Path $contextPaths.contextPath)) { # Context must differ if (contextChanged $contextPaths.contextPath $checksum) { @@ -1194,7 +1194,7 @@ function ejectContextCD($cdrom_drive) function removeFile($file) { - if ($file -ne "" -and (Test-Path $file)) { + if (![string]::IsNullOrEmpty($file) -and (Test-Path $file)) { logmsg "* Removing the file: ${file}" Remove-Item -Path $file -Force } @@ -1202,7 +1202,7 @@ function removeFile($file) function removeDir($dir) { - if ($dir -ne "" -and (Test-Path $dir)) { + if (![string]::IsNullOrEmpty($dir) -and (Test-Path $dir)) { logmsg "* Removing the directory: ${dir}" Remove-Item -Path $dir -Recurse -Force } From 1341a123a8b7a16ea5dd3af149d469e3687862fa Mon Sep 17 00:00:00 2001 From: Jan Orel <jorel@opennebula.systems> Date: Fri, 20 Jan 2023 15:30:56 +0100 Subject: [PATCH 114/122] M #-: Bump version to 6.6.0 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 1171308b..2b1c2356 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-6.2.0} +VERSION=${VERSION:-6.6.0} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" SRV_MANAGER="${SRV_MANAGER:-nssm}" From a2f4a24f4b8c6b412ad956d462205f92a446b5c3 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Mon, 30 Jan 2023 12:23:04 -0600 Subject: [PATCH 115/122] F OpenNebula/one-context-windows#78: Add Public SSH key support --- src/context.ps1 | 54 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index 11764da6..c2f33821 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -34,6 +34,13 @@ function logmsg($message) Write-Host "[$(Get-Date -Format 'yyyy-MM-dd HH:mm K')] $message`r`n" -NoNewline } +function logsuccess { + logmsg " ... Success" +} +function logfail { + logmsg " ... Failed" +} + function getContext($file) { $context = @{} @@ -880,7 +887,7 @@ function enablePing() $fwm=new-object -com hnetcfg.fwmgr # Get current profile - $pro=$fwm.LocalPolicy.CurrentProfile + $pro=$fwmgcalPolicy.CurrentProfile logmsg "- Enable Allow Inbound Echo Requests" $ret = $pro.IcmpSettings.AllowInboundEchoRequest=$true @@ -1239,6 +1246,48 @@ function pswrapper($path) } } +function authorizeSSHKeyAdmin { + param ( + $authorizedKeys + ) + + $authorizedKeysPath = "$env:ProgramData\ssh\administrators_authorized_keys" + + logmsg "* Authorizing SSH_PUBLIC_KEY: ${authorizedKeys}" + + # whitelisting + Set-Content $authorizedKeysPath $authorizedKeys; + + if ($?) { + # permissions + icacls.exe $authorizedKeysPath /inheritance:r /grant Administrators:F /grant SYSTEM:F + + logsuccess + } else { + logfail + } + +} + +function authorizeSSHKeyStandard { + param ( + $authorizedKeys + ) + + $authorizedKeysPath = "$env:USERPROFILE\.ssh" + + logmsg "* Authorizing SSH_PUBLIC_KEY: ${authorizedKeys}" + + New-Item -Force -ItemType Directory -Path $authorizedKeysPath + Set-Content $authorized_keys_path $authorizedKeys; + + if ($?) { + logsuccess + } else { + logfail + } +} + ################################################################################ # Main ################################################################################ @@ -1255,7 +1304,7 @@ If ( !(Test-Path "$ctxDir") ) { If ( Test-Path "$ctxDir\opennebula-context.log" ) { mv "$ctxDir\opennebula-context.log" "$ctxDir\opennebula-context-old.log" } - +m # Start now logging to logfile Start-Transcript -Append -Path "$ctxDir\opennebula-context.log" | Out-Null @@ -1296,6 +1345,7 @@ do { configureNetwork $context renameComputer $context runScripts $context $contextPaths + authorizeSSHKeyAdmin $context["SSH_PUBLIC_KEY"] reportReady $context $contextPaths.contextLetter # Save the 'applied' context.sh checksum for the next recontextualization From 27ca7dbe1a910e21bc5484843360205e03fbdf41 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Fri, 3 Feb 2023 09:26:58 -0600 Subject: [PATCH 116/122] F OpenNebula/one-context-windows#78: Comment limitation --- src/context.ps1 | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/context.ps1 b/src/context.ps1 index c2f33821..1f8ecefd 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -43,6 +43,8 @@ function logfail { function getContext($file) { + + # TODO: Improve regexp for multiple SSH keys on SSH_PUBLIC_KEY $context = @{} switch -regex -file $file { "^([^=]+)='(.+?)'$" { @@ -1288,6 +1290,21 @@ function authorizeSSHKeyStandard { } } +function authorizeSSHKey { + param ( + $authorizedKeys, + $winadmin + ) + + if (($winadmin -eq "NO") -or ($winadmin -eq "no")) { + authorizeSSHKeyStandard $authorizedKeys + } + else { + authorizeSSHKeyAdmin $authorizedKeys + } + +} + ################################################################################ # Main ################################################################################ @@ -1345,7 +1362,7 @@ do { configureNetwork $context renameComputer $context runScripts $context $contextPaths - authorizeSSHKeyAdmin $context["SSH_PUBLIC_KEY"] + authorizeSSHKey $context["SSH_PUBLIC_KEY"] $context["WINADMIN"] reportReady $context $contextPaths.contextLetter # Save the 'applied' context.sh checksum for the next recontextualization From 439a2dba35034b75a78be99c8040e9be5a36e6a2 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Fri, 3 Feb 2023 09:30:50 -0600 Subject: [PATCH 117/122] F OpenNebula/one-context-windows#78: Improve casing comparsin --- src/context.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/context.ps1 b/src/context.ps1 index 1f8ecefd..fc13407a 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -1296,7 +1296,7 @@ function authorizeSSHKey { $winadmin ) - if (($winadmin -eq "NO") -or ($winadmin -eq "no")) { + if ($winadmin -ieq "no") { authorizeSSHKeyStandard $authorizedKeys } else { From 35a0bf516520df1dadc1e49adfa83c9e9d5d27b5 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Fri, 3 Feb 2023 09:33:41 -0600 Subject: [PATCH 118/122] F OpenNebula/one-context-windows#78: Remove duplicate logging --- src/context.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index fc13407a..6491dd99 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -1255,7 +1255,7 @@ function authorizeSSHKeyAdmin { $authorizedKeysPath = "$env:ProgramData\ssh\administrators_authorized_keys" - logmsg "* Authorizing SSH_PUBLIC_KEY: ${authorizedKeys}" + # whitelisting Set-Content $authorizedKeysPath $authorizedKeys; @@ -1278,8 +1278,6 @@ function authorizeSSHKeyStandard { $authorizedKeysPath = "$env:USERPROFILE\.ssh" - logmsg "* Authorizing SSH_PUBLIC_KEY: ${authorizedKeys}" - New-Item -Force -ItemType Directory -Path $authorizedKeysPath Set-Content $authorized_keys_path $authorizedKeys; @@ -1296,6 +1294,8 @@ function authorizeSSHKey { $winadmin ) + logmsg "* Authorizing SSH_PUBLIC_KEY: ${authorizedKeys}" + if ($winadmin -ieq "no") { authorizeSSHKeyStandard $authorizedKeys } From 43d2fa9dfa0aa09974e8a8c5813ff211951a3be1 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Fri, 3 Feb 2023 09:40:07 -0600 Subject: [PATCH 119/122] M #: Lint --- src/context.ps1 | 414 +++++++++++++++++++++++++----------------------- 1 file changed, 220 insertions(+), 194 deletions(-) diff --git a/src/context.ps1 b/src/context.ps1 index 6491dd99..0dd55141 100644 --- a/src/context.ps1 +++ b/src/context.ps1 @@ -26,8 +26,7 @@ # Functions ################################################################################ -function logmsg($message) -{ +function logmsg($message) { # powershell 4 does not automatically add newline in the transcript so we # workaround it by adding it explicitly and using the NoNewline argument # we ensure that it will not be added twice @@ -41,8 +40,7 @@ function logfail { logmsg " ... Failed" } -function getContext($file) -{ +function getContext($file) { # TODO: Improve regexp for multiple SSH keys on SSH_PUBLIC_KEY $context = @{} @@ -55,31 +53,28 @@ function getContext($file) return $context } -function envContext($context) -{ +function envContext($context) { ForEach ($h in $context.GetEnumerator()) { - $name = "Env:"+$h.Name + $name = "Env:" + $h.Name Set-Item $name $h.Value } } -function contextChanged($file, $last_checksum) -{ +function contextChanged($file, $last_checksum) { $new_checksum = Get-FileHash -Algorithm SHA256 $file $ret = $last_checksum.Hash -ne $new_checksum.Hash return $ret } -function waitForContext($checksum) -{ +function waitForContext($checksum) { # This object will be set and returned at the end $contextPaths = New-Object PsObject -Property @{ - contextScriptPath=$null ; - contextPath=$null ; - contextDrive=$null ; - contextLetter=$null ; - contextInitScriptPath=$null - } + contextScriptPath = $null + contextPath = $null + contextDrive = $null + contextLetter = $null + contextInitScriptPath = $null + } # How long to wait before another poll (in seconds) $sleep = 30 @@ -90,7 +85,7 @@ function waitForContext($checksum) $contextPaths.contextPath = "" # Get all drives and select only the one that has "CONTEXT" as a label - $contextPaths.contextDrive = Get-WMIObject Win32_Volume | ? { $_.Label -eq "CONTEXT" } + $contextPaths.contextDrive = Get-WMIObject Win32_Volume | Where-Object { $_.Label -eq "CONTEXT" } if ($contextPaths.contextDrive) { @@ -98,7 +93,8 @@ function waitForContext($checksum) $contextPaths.contextLetter = $contextPaths.contextDrive.Name $contextPaths.contextPath = $contextPaths.contextLetter + "context.sh" $contextPaths.contextInitScriptPath = $contextPaths.contextLetter - } else { + } + else { # Try the VMware API foreach ($pf in ${env:ProgramFiles}, ${env:ProgramFiles(x86)}, ${env:ProgramW6432}) { @@ -172,11 +168,10 @@ function waitForContext($checksum) return $contextPaths } -function addLocalUser($context) -{ +function addLocalUser($context) { # Create new user - $username = $context["USERNAME"] - $password = $context["PASSWORD"] + $username = $context["USERNAME"] + $password = $context["PASSWORD"] $password64 = $context["PASSWORD_BASE64"] If ($password64) { @@ -185,26 +180,27 @@ function addLocalUser($context) if ($username -Or $password) { - if ($username -eq $null) { + if ($null -eq $username) { # ATTENTION - Language/Regional settings have influence on the naming # of this user. Use the User SID instead (S-1-5-21domain-500) $username = (Get-WmiObject -Class "Win32_UserAccount" | - where { $_.SID -like "S-1-5-21[0-9-]*-500" } | - select -ExpandProperty Name | - get-Unique -AsString) + Where-Object { $_.SID -like "S-1-5-21[0-9-]*-500" } | + Select-Object -ExpandProperty Name | + Get-Unique -AsString) } logmsg "* Creating Account for $username" $ADSI = [adsi]$ConnectionString - if(!([ADSI]::Exists("WinNT://$computerName/$username"))) { + if (!([ADSI]::Exists("WinNT://$computerName/$username"))) { # User does not exist, Create the User logmsg "- Creating account" - $user = $ADSI.Create("user",$username) + $user = $ADSI.Create("user", $username) $user.setPassword($password) $user.SetInfo() - } else { + } + else { # User exists, Set Password logmsg "- Setting Password" $admin = [ADSI]"WinNT://$env:computername/$username" @@ -221,13 +217,13 @@ function addLocalUser($context) # ATTENTION - Language/Regional settings have influence on the naming # of this group. Use the Group SID instead (S-1-5-32-544) $groups = (Get-WmiObject -Class "Win32_Group" | - where { $_.SID -like "S-1-5-32-544" } | - select -ExpandProperty Name) + Where-Object { $_.SID -like "S-1-5-32-544" } | + Select-Object -ExpandProperty Name) ForEach ($grp in $groups) { # Make sure the Group exists - If([ADSI]::Exists("WinNT://$computerName/$grp,group")) { + If ([ADSI]::Exists("WinNT://$computerName/$grp,group")) { # Check if the user is a Member of the Group $group = [ADSI] "WinNT://$computerName/$grp,group" @@ -235,14 +231,14 @@ function addLocalUser($context) $memberNames = @() $members | ForEach-Object { - # https://p0w3rsh3ll.wordpress.com/2016/06/14/any-documented-adsi-changes-in-powershell-5-0/ - $memberNames += ([ADSI]$_).psbase.InvokeGet('Name') - } + # https://p0w3rsh3ll.wordpress.com/2016/06/14/any-documented-adsi-changes-in-powershell-5-0/ + $memberNames += ([ADSI]$_).psbase.InvokeGet('Name') + } If (-Not ($memberNames -Contains $username)) { # Make sure the user exists, again - if([ADSI]::Exists("WinNT://$computerName/$username")) { + if ([ADSI]::Exists("WinNT://$computerName/$username")) { # Add the user logmsg "- Adding to $grp" @@ -255,34 +251,33 @@ function addLocalUser($context) Write-Host "`r`n" -NoNewline } -function configureNetwork($context) -{ +function configureNetwork($context) { # Get the NIC in the Context - $nicIds = ($context.Keys | Where {$_ -match '^ETH\d+_MAC$'} | ForEach-Object {$_ -replace '(^ETH|_MAC$)',''} | Sort-Object -Unique) + $nicIds = ($context.Keys | Where-Object { $_ -match '^ETH\d+_MAC$' } | ForEach-Object { $_ -replace '(^ETH|_MAC$)', '' } | Sort-Object -Unique) - $nicId = 0; + $nicId = 0 foreach ($nicId in $nicIds) { $nicPrefix = "ETH" + $nicId + "_" - $method = $context[$nicPrefix + 'METHOD'] - $ip = $context[$nicPrefix + 'IP'] - $netmask = $context[$nicPrefix + 'MASK'] - $mac = $context[$nicPrefix + 'MAC'] - $dns = (($context[$nicPrefix + 'DNS'] -split " " | Where {$_ -match '^(([0-9]*).?){4}$'}) -join ' ') - $dns6 = (($context[$nicPrefix + 'DNS'] -split " " | Where {$_ -match '^(([0-9A-F]*):?)*$'}) -join ' ') + $method = $context[$nicPrefix + 'METHOD'] + $ip = $context[$nicPrefix + 'IP'] + $netmask = $context[$nicPrefix + 'MASK'] + $mac = $context[$nicPrefix + 'MAC'] + $dns = (($context[$nicPrefix + 'DNS'] -split " " | Where-Object { $_ -match '^(([0-9]*).?){4}$' }) -join ' ') + $dns6 = (($context[$nicPrefix + 'DNS'] -split " " | Where-Object { $_ -match '^(([0-9A-F]*):?)*$' }) -join ' ') $dnsSuffix = $context[$nicPrefix + 'SEARCH_DOMAIN'] - $gateway = $context[$nicPrefix + 'GATEWAY'] - $network = $context[$nicPrefix + 'NETWORK'] - $mtu = $context[$nicPrefix + 'MTU'] - $metric = $context[$nicPrefix + 'METRIC'] + $gateway = $context[$nicPrefix + 'GATEWAY'] + $network = $context[$nicPrefix + 'NETWORK'] + $mtu = $context[$nicPrefix + 'MTU'] + $metric = $context[$nicPrefix + 'METRIC'] $ip6Method = $context[$nicPrefix + 'IP6_METHOD'] - $ip6 = $context[$nicPrefix + 'IP6'] - $ip6ULA = $context[$nicPrefix + 'IP6_ULA'] + $ip6 = $context[$nicPrefix + 'IP6'] + $ip6ULA = $context[$nicPrefix + 'IP6_ULA'] $ip6Prefix = $context[$nicPrefix + 'IP6_PREFIX_LENGTH'] - $ip6Gw = $context[$nicPrefix + 'IP6_GATEWAY'] + $ip6Gw = $context[$nicPrefix + 'IP6_GATEWAY'] $ip6Metric = $context[$nicPrefix + 'IP6_METRIC'] $mac = $mac.ToUpper() @@ -322,7 +317,7 @@ function configureNetwork($context) $retry-- Start-Sleep -s 1 $nic = Get-WMIObject Win32_NetworkAdapterConfiguration | ` - where {$_.IPEnabled -eq "TRUE" -and $_.MACAddress -eq $mac} + Where-Object { $_.IPEnabled -eq "TRUE" -and $_.MACAddress -eq $mac } } while (!$nic -and $retry) If (!$nic) { @@ -334,7 +329,7 @@ function configureNetwork($context) # We need the connection ID (i.e. "Local Area Connection", # which can be discovered from the NetworkAdapter object $na = Get-WMIObject Win32_NetworkAdapter | ` - where {$_.deviceId -eq $nic.index} + Where-Object { $_.deviceId -eq $nic.index } If (!$na) { logmsg ("* Configuring Network Settings: " + $mac) @@ -348,8 +343,7 @@ function configureNetwork($context) $set_ip_conf = $false # IPv4 Configuration Methods - Switch -Regex ($method) - { + Switch -Regex ($method) { '^\s*static\s*$' { if ($ip) { # Release the DHCP lease, will fail if adapter not DHCP Configured @@ -357,7 +351,8 @@ function configureNetwork($context) $ret = $nic.ReleaseDHCPLease() If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } @@ -370,10 +365,11 @@ function configureNetwork($context) $retry-- Start-Sleep -s 1 $ret = $nic.EnableStatic($ip , $netmask) - } while ($ret.ReturnValue -eq 2147786788 -and $retry); + } while ($ret.ReturnValue -eq 2147786788 -and $retry) If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } @@ -384,7 +380,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -394,14 +391,16 @@ function configureNetwork($context) if ($metric) { logmsg "- Set Gateway with metric" $ret = $nic.SetGateways($gateway, $metric) - } Else { + } + Else { logmsg "- Set Gateway" $ret = $nic.SetGateways($gateway) } If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } } @@ -415,7 +414,8 @@ function configureNetwork($context) $ret = $nic.SetDNSServerSearchOrder($dnsServers) If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } @@ -424,7 +424,8 @@ function configureNetwork($context) $ret = $nic.SetDynamicDNSRegistration("TRUE") If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } @@ -441,7 +442,8 @@ function configureNetwork($context) $ret = ([WMIClass]"Win32_NetworkAdapterConfiguration").SetDNSSuffixSearchOrder(($dnsSuffixes)) If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } @@ -450,13 +452,15 @@ function configureNetwork($context) $ret = $nic.SetDNSDomain($dnsSuffixes[0]) If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } } $set_ip_conf = $true - } else { + } + else { logmsg "- No static IPv4 configuration provided, skipping" } } @@ -468,7 +472,8 @@ function configureNetwork($context) # TODO: 1 ... Successful completion, reboot required If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } @@ -479,7 +484,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -497,8 +503,7 @@ function configureNetwork($context) } # IPv6 Configuration Methods - Switch -Regex ($ip6Method) - { + Switch -Regex ($ip6Method) { '^\s*static\s*$' { if ($ip6) { enableIPv6 @@ -511,26 +516,29 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } # Remove old IPv6 addresses logmsg "- Removing old IPv6 addresses" - if (Get-Command Remove-NetIPAddress -errorAction SilentlyContinue) { + if (Get-Command Remove-NetIPAddress -ErrorAction SilentlyContinue) { # Windows 8.1 and Server 2012 R2 and up # we want to remove everything except the link-local address Remove-NetIPAddress -InterfaceAlias $na.NetConnectionId ` -AddressFamily IPv6 -Confirm:$false ` - -PrefixOrigin Other,Manual,Dhcp,RouterAdvertisement ` + -PrefixOrigin Other, Manual, Dhcp, RouterAdvertisement ` -errorAction SilentlyContinue If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Nothing to do" } - } Else { + } + Else { logmsg " ... Not implemented" } @@ -543,7 +551,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } @@ -552,14 +561,16 @@ function configureNetwork($context) if ($ip6Metric) { logmsg "- Set IPv6 Gateway with metric" netsh interface ipv6 add route ::/0 $na.NetConnectionId $ip6Gw metric="${ip6Metric}" - } else { + } + else { logmsg "- Set IPv6 Gateway" netsh interface ipv6 add route ::/0 $na.NetConnectionId $ip6Gw } If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -571,7 +582,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -592,7 +604,8 @@ function configureNetwork($context) $set_ip_conf = $true doPing($ip6) - } else { + } + else { logmsg "- No static IPv6 configuration provided, skipping" } } @@ -617,7 +630,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -630,7 +644,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -661,17 +676,17 @@ function configureNetwork($context) } # Get the aliases for the NIC in the Context - $aliasIds = ($context.Keys | Where {$_ -match "^ETH${nicId}_ALIAS\d+_IP6?$"} | ForEach-Object {$_ -replace '(^ETH\d+_ALIAS|_IP$|_IP6$)',''} | Sort-Object -Unique) + $aliasIds = ($context.Keys | Where-Object { $_ -match "^ETH${nicId}_ALIAS\d+_IP6?$" } | ForEach-Object { $_ -replace '(^ETH\d+_ALIAS|_IP$|_IP6$)', '' } | Sort-Object -Unique) foreach ($aliasId in $aliasIds) { - $aliasPrefix = "ETH${nicId}_ALIAS${aliasId}" - $aliasIp = $context[$aliasPrefix + '_IP'] - $aliasNetmask = $context[$aliasPrefix + '_MASK'] - $aliasIp6 = $context[$aliasPrefix + '_IP6'] - $aliasIp6ULA = $context[$aliasPrefix + '_IP6_ULA'] + $aliasPrefix = "ETH${nicId}_ALIAS${aliasId}" + $aliasIp = $context[$aliasPrefix + '_IP'] + $aliasNetmask = $context[$aliasPrefix + '_MASK'] + $aliasIp6 = $context[$aliasPrefix + '_IP6'] + $aliasIp6ULA = $context[$aliasPrefix + '_IP6_ULA'] $aliasIp6Prefix = $context[$aliasPrefix + '_IP6_PREFIX_LENGTH'] - $detach = $context[$aliasPrefix + '_DETACH'] - $external = $context[$aliasPrefix + '_EXTERNAL'] + $detach = $context[$aliasPrefix + '_DETACH'] + $external = $context[$aliasPrefix + '_EXTERNAL'] if ($external -and ($external -eq "YES")) { continue @@ -691,7 +706,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -705,7 +721,8 @@ function configureNetwork($context) If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } @@ -719,8 +736,7 @@ function configureNetwork($context) Write-Host "`r`n" -NoNewline } -function setTimeZone($context) -{ +function setTimeZone($context) { $timezone = $context['TIMEZONE'] If ($timezone) { @@ -730,14 +746,14 @@ function setTimeZone($context) If ($?) { logmsg ' ... Success' - } Else { + } + Else { logmsg ' ... Failed' } } } -function renameComputer($context) -{ +function renameComputer($context) { # Initialize Variables $current_hostname = hostname $context_hostname = $context["SET_HOSTNAME"] @@ -746,17 +762,18 @@ function renameComputer($context) if (! $context_hostname) { $dns_hostname = $context["DNS_HOSTNAME"] - if ($dns_hostname -ne $null -and $dns_hostname.ToUpper() -eq "YES") { + if ($null -ne $dns_hostname -and $dns_hostname.ToUpper() -eq "YES") { # we will set our hostname based on the reverse dns lookup - the IP # in question is the first one with a set default gateway # (as is done by get_first_ip in addon-context-linux) logmsg "* Requested change of Hostname via reverse DNS lookup (DNS_HOSTNAME=YES)" - $first_ip = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration | where {$_.DefaultIPGateway -ne $null}).IPAddress | select-object -first 1 + $first_ip = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration | Where-Object { $null -ne $_.DefaultIPGateway }).IPAddress | Select-Object -First 1 $context_hostname = [System.Net.Dns]::GetHostbyAddress($first_ip).HostName logmsg "- Resolved Hostname is: $context_hostname" - } Else { + } + Else { # no SET_HOSTNAME nor DNS_HOSTNAME - skip setting hostname return @@ -764,8 +781,8 @@ function renameComputer($context) } $splitted_hostname = $context_hostname.split('.') - $context_hostname = $splitted_hostname[0] - $context_domain = $splitted_hostname[1..$splitted_hostname.length] -join '.' + $context_hostname = $splitted_hostname[0] + $context_domain = $splitted_hostname[1..$splitted_hostname.length] -join '.' If ($context_domain) { logmsg "* Changing Domain to $context_domain" @@ -777,7 +794,8 @@ function renameComputer($context) # Returned Non Zero, Failed, No restart logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { # Returned Zero, Success logmsg " ... Success" @@ -785,13 +803,13 @@ function renameComputer($context) } # Check for the .opennebula-renamed file - $logged_hostname = "" + $logged_hostname = "" If (Test-Path "$ctxDir\.opennebula-renamed") { logmsg "- Using the JSON file: $ctxDir\.opennebula-renamed" # Grab the JSON content $json = Get-Content -Path "$ctxDir\.opennebula-renamed" ` - | Out-String + | Out-String # Convert to a Hash Table and set the Logged Hostname try { @@ -803,14 +821,15 @@ function renameComputer($context) logmsg " [!] Invalid JSON:" Write-Host $json.ToString() } - } Else { + } + Else { # no renaming was ever done - we fallback to our current Hostname - $logged_hostname = $current_hostname + $logged_hostname = $current_hostname } If (($current_hostname -ne $context_hostname) -and ` - ($context_hostname -eq $logged_hostname)) { + ($context_hostname -eq $logged_hostname)) { # avoid rename->reboot loop - if we detect that rename attempt was done # but failed then we drop log message about it and finish... @@ -818,7 +837,8 @@ function renameComputer($context) logmsg "* Computer Rename Attempted but failed:" logmsg "- Current: $current_hostname" logmsg "- Context: $context_hostname" - } ElseIf ($context_hostname -ne $current_hostname) { + } + ElseIf ($context_hostname -ne $current_hostname) { # the current_name does not match the context_name, rename the computer @@ -840,10 +860,11 @@ function renameComputer($context) logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) Write-Host " Check the computername. " Write-Host "Possible Issues: The name cannot include control " ` - "characters, leading or trailing spaces, or any of " ` - "the following characters: `" / \ [ ] : | < > + = ; , ?" + "characters, leading or trailing spaces, or any of " ` + "the following characters: `" / \ [ ] : | < > + = ; , ?" - } Else { + } + Else { # Returned Zero, Success logmsg " ... Success" @@ -855,7 +876,8 @@ function renameComputer($context) # Exit here so the script doesn't continue to run Exit 0 } - } Else { + } + Else { # Hostname is set and correct logmsg "* Computer Name already set: $context_hostname" @@ -864,8 +886,7 @@ function renameComputer($context) Write-Host "`r`n" -NoNewline } -function enableRemoteDesktop() -{ +function enableRemoteDesktop() { logmsg "* Enabling Remote Desktop" # Windows 7 only - add firewall exception for RDP logmsg "- Enable Remote Desktop Rule Group" @@ -876,34 +897,34 @@ function enableRemoteDesktop() $ret = (Get-WmiObject -Class "Win32_TerminalServiceSetting" -Namespace root\cimv2\terminalservices).SetAllowTsConnections(1) If ($ret.ReturnValue) { logmsg (" ... Failed: " + $ret.ReturnValue.ToString()) - } Else { + } + Else { logmsg " ... Success" } Write-Host "`r`n" -NoNewline } -function enablePing() -{ +function enablePing() { logmsg "* Enabling Ping" #Create firewall manager object - $fwm=new-object -com hnetcfg.fwmgr + New-Object -com hnetcfg.fwmgr # Get current profile - $pro=$fwmgcalPolicy.CurrentProfile + $pro = $fwmgcalPolicy.CurrentProfile logmsg "- Enable Allow Inbound Echo Requests" - $ret = $pro.IcmpSettings.AllowInboundEchoRequest=$true + $ret = $pro.IcmpSettings.AllowInboundEchoRequest = $true If ($ret) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } Write-Host "`r`n" -NoNewline } -function doPing($ip, $retries=20) -{ +function doPing($ip, $retries = 20) { logmsg "- Ping Interface IP $ip" $ping = $false @@ -916,20 +937,21 @@ function doPing($ip, $retries=20) If ($ping) { logmsg " ... Success ($retry tries)" - } Else { + } + Else { logmsg " ... Failed ($retry tries)" } } -function disableIPv6Privacy() -{ +function disableIPv6Privacy() { # Disable Randomization of IPv6 addresses (use EUI-64) logmsg "- Globally disable IPv6 Identifiers Randomization" netsh interface ipv6 set global randomizeidentifiers=disable If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } @@ -939,39 +961,39 @@ function disableIPv6Privacy() If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } -function enableIPv6() -{ +function enableIPv6() { logmsg '- Enabling IPv6' Enable-NetAdapterBinding -Name $na.NetConnectionId -ComponentID ms_tcpip6 If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } -function disableIPv6() -{ +function disableIPv6() { logmsg '- Disabling IPv6' Disable-NetAdapterBinding -Name $na.NetConnectionId -ComponentID ms_tcpip6 If ($?) { logmsg " ... Success" - } Else { + } + Else { logmsg " ... Failed" } } -function runScripts($context, $contextPaths) -{ +function runScripts($context, $contextPaths) { logmsg "* Running Scripts" # Get list of scripts to run, " " delimited @@ -991,7 +1013,8 @@ function runScripts($context, $contextPaths) } } - } else { + } + else { # Emulate the init.sh fallback behavior from Linux $script = $contextPaths.contextInitScriptPath + "init.ps1" @@ -1003,7 +1026,7 @@ function runScripts($context, $contextPaths) } # Execute START_SCRIPT or START_SCRIPT_64 - $startScript = $context["START_SCRIPT"] + $startScript = $context["START_SCRIPT"] $startScript64 = $context["START_SCRIPT_BASE64"] if ($startScript64) { @@ -1025,13 +1048,11 @@ function runScripts($context, $contextPaths) Write-Host "`r`n" -NoNewline } -function extendPartition($disk, $part) -{ - "select disk $disk","select partition $part","extend" | diskpart | Out-Null +function extendPartition($disk, $part) { + "select disk $disk", "select partition $part", "extend" | diskpart | Out-Null } -function extendPartitions($context) -{ +function extendPartitions($context) { logmsg "* Extend partitions" "rescan" | diskpart @@ -1039,22 +1060,23 @@ function extendPartitions($context) $disks = @() # Cmdlet 'Get-Partition' is not in older Windows/Powershell versions - if (Get-Command -errorAction SilentlyContinue -Name Get-Partition) { + if (Get-Command -ErrorAction SilentlyContinue -Name Get-Partition) { if ([string]$context['GROW_ROOTFS'] -eq '' -or $context['GROW_ROOTFS'].ToUpper() -eq 'YES') { # Add at least C: $drives = "C: $($context['GROW_FS'])" - } else { + } + else { $drives = "$($context['GROW_FS'])" } - $driveLetters = (-split $drives | Select-String -Pattern "^(\w):?[\/]?$" -AllMatches | %{$_.matches.groups[1].Value} | Sort-Object -Unique) + $driveLetters = (-split $drives | Select-String -Pattern "^(\w):?[\/]?$" -AllMatches | ForEach-Object { $_.matches.groups[1].Value } | Sort-Object -Unique) ForEach ($driveLetter in $driveLetters) { $disk = New-Object PsObject -Property @{ - name=$null; - diskId=$null ; - partIds=@() - } + name = $null + diskId = $null + partIds = @() + } # TODO: in the future an AccessPath can be used instead of just DriveLetter $drive = (Get-Partition -DriveLetter $driveLetter) $disk.name = "$driveLetter" + ':' @@ -1062,16 +1084,17 @@ function extendPartitions($context) $disk.partIds += $drive.PartitionNumber $disks += $disk } - } Else { + } + Else { # always resize at least the disk 0 $disk = New-Object PsObject -Property @{ - name=$null; - diskId=0 ; - partIds=@() - } + name = $null + diskId = 0 + partIds = @() + } # select all parts - preserve old behavior for disk 0 - $disk.partIds = "select disk $($disk.diskId)", "list partition" | diskpart | Select-String -Pattern "^\s+\w+ (\d+)\s+" -AllMatches | %{$_.matches.groups[1].Value} + $disk.partIds = "select disk $($disk.diskId)", "list partition" | diskpart | Select-String -Pattern "^\s+\w+ (\d+)\s+" -AllMatches | ForEach-Object { $_.matches.groups[1].Value } $disks += $disk } @@ -1080,7 +1103,8 @@ function extendPartitions($context) ForEach ($partId in $disk.partIds) { if ($disk.name) { logmsg "- Extend ($($disk.name)) Disk: $($disk.diskId) / Part: $partId" - } Else { + } + Else { logmsg "- Extend Disk: $($disk.diskId) / Part: $partId" } extendPartition $disk.diskId $partId @@ -1088,13 +1112,12 @@ function extendPartitions($context) } } -function reportReady($context, $contextLetter) -{ - $reportReady = $context['REPORT_READY'] +function reportReady($context, $contextLetter) { + $reportReady = $context['REPORT_READY'] $oneGateEndpoint = $context['ONEGATE_ENDPOINT'] - $vmId = $context['VMID'] - $token = $context['ONEGATE_TOKEN'] - $retryCount = 3 + $vmId = $context['VMID'] + $token = $context['ONEGATE_TOKEN'] + $retryCount = 3 $retryWaitPeriod = 10 if ($reportReady -and $reportReady.ToUpper() -eq 'YES') { @@ -1115,7 +1138,8 @@ function reportReady($context, $contextLetter) $tokenPath = $contextLetter + 'token.txt' if (Test-Path $tokenPath) { $token = Get-Content $tokenPath - } else { + } + else { logmsg " ... Failed: Token file not found" return } @@ -1125,7 +1149,7 @@ function reportReady($context, $contextLetter) while ($true) { try { $body = 'READY=YES' - $target= $oneGateEndpoint + '/vm' + $target = $oneGateEndpoint + '/vm' [System.Net.HttpWebRequest] $webRequest = [System.Net.WebRequest]::Create($target) $webRequest.Timeout = 10000 @@ -1141,7 +1165,7 @@ function reportReady($context, $contextLetter) $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols [System.Net.ServicePointManager]::Expect100Continue = $false - [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} + [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } } $requestStream = $webRequest.GetRequestStream() @@ -1153,7 +1177,8 @@ function reportReady($context, $contextLetter) if ($response.StatusCode -eq 'OK') { logmsg ' ... Success' break - } else { + } + else { logmsg " ... Failed: $($response.StatusCode)" } } @@ -1167,7 +1192,8 @@ function reportReady($context, $contextLetter) if ($retryNumber -le $retryCount) { logmsg " ... sleep for ${retryWaitPeriod} seconds and try again..." Start-Sleep -Seconds $retryWaitPeriod - } else { + } + else { logmsg " ... All retries failed!" break } @@ -1175,15 +1201,14 @@ function reportReady($context, $contextLetter) } } -function ejectContextCD($cdrom_drive) -{ +function ejectContextCD($cdrom_drive) { if (-Not $cdrom_drive) { return } $eject_cdrom = $context['EJECT_CDROM'] - if ($eject_cdrom -ne $null -and $eject_cdrom.ToUpper() -eq 'YES') { + if ($null -ne $eject_cdrom -and $eject_cdrom.ToUpper() -eq 'YES') { logmsg '* Ejecting context CD' try { #https://learn.microsoft.com/en-us/windows/win32/api/shldisp/ne-shldisp-shellspecialfolderconstants @@ -1193,34 +1218,33 @@ function ejectContextCD($cdrom_drive) $_.InvokeVerb("Eject") logmsg " ... Ejected $($cdrom_drive.Name)" } - } catch { + } + catch { logmsg " ... Failed to eject the CD: $_" } } } -function removeFile($file) -{ +function removeFile($file) { if (![string]::IsNullOrEmpty($file) -and (Test-Path $file)) { logmsg "* Removing the file: ${file}" Remove-Item -Path $file -Force } } -function removeDir($dir) -{ +function removeDir($dir) { if (![string]::IsNullOrEmpty($dir) -and (Test-Path $dir)) { logmsg "* Removing the directory: ${dir}" Remove-Item -Path $dir -Recurse -Force } } -function cleanup($contextPaths) -{ +function cleanup($contextPaths) { if ($contextPaths.contextDrive) { # Eject CD with 'context.sh' if requested ejectContextCD $contextPaths.contextDrive - } else { + } + else { # Delete 'context.sh' if not on CD-ROM removeFile $contextPaths.contextPath @@ -1229,8 +1253,7 @@ function cleanup($contextPaths) } } -function pswrapper($path) -{ +function pswrapper($path) { # source: # - http://cosmonautdreams.com/2013/09/03/Getting-Powershell-to-run-in-64-bit.html # - https://ss64.com/nt/syntax-64bit.html @@ -1243,7 +1266,8 @@ function pswrapper($path) # # NOTE: virtual subdir 'sysnative' exists only when running 32bit binary under 64bit system & "$env:WINDIR\sysnative\windowspowershell\v1.0\powershell.exe" -NonInteractive -NoProfile -Command "$realpath" - } Else { + } + Else { & "$path" } } @@ -1258,14 +1282,15 @@ function authorizeSSHKeyAdmin { # whitelisting - Set-Content $authorizedKeysPath $authorizedKeys; + Set-Content $authorizedKeysPath $authorizedKeys if ($?) { # permissions icacls.exe $authorizedKeysPath /inheritance:r /grant Administrators:F /grant SYSTEM:F logsuccess - } else { + } + else { logfail } @@ -1279,11 +1304,12 @@ function authorizeSSHKeyStandard { $authorizedKeysPath = "$env:USERPROFILE\.ssh" New-Item -Force -ItemType Directory -Path $authorizedKeysPath - Set-Content $authorized_keys_path $authorizedKeys; + Set-Content $authorized_keys_path $authorizedKeys if ($?) { logsuccess - } else { + } + else { logfail } } @@ -1310,16 +1336,16 @@ function authorizeSSHKey { ################################################################################ # global variable pointing to the private .contextualization directory -$global:ctxDir="$env:SystemDrive\.onecontext" +$global:ctxDir = "$env:SystemDrive\.onecontext" # Check, if above defined context directory exists If ( !(Test-Path "$ctxDir") ) { - mkdir "$ctxDir" + mkdir "$ctxDir" } # Move old logfile away - so we have a current log containing the output of the last boot If ( Test-Path "$ctxDir\opennebula-context.log" ) { - mv "$ctxDir\opennebula-context.log" "$ctxDir\opennebula-context-old.log" + mv "$ctxDir\opennebula-context.log" "$ctxDir\opennebula-context-old.log" } m # Start now logging to logfile @@ -1327,7 +1353,7 @@ Start-Transcript -Append -Path "$ctxDir\opennebula-context.log" | Out-Null logmsg "* Running Script: $($MyInvocation.MyCommand.Path)" -Set-ExecutionPolicy unrestricted -force # not needed if already done once on the VM +Set-ExecutionPolicy unrestricted -Force # not needed if already done once on the VM [string]$computerName = "$env:computername" [string]$ConnectionString = "WinNT://$computerName" From a0f79be330aa0b4f728e86533881982c551cd2cc Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dann1telecom@gmail.com> Date: Tue, 21 Mar 2023 11:27:27 -0600 Subject: [PATCH 120/122] Update issue templates --- .github/ISSUE_TEMPLATE/bug_report.md | 30 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 22 +++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..7222e003 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,30 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: 'Type: Bug' +assignees: '' + +--- + +**Description** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Details:** +- Windows Version: [ e.g. Windows 10 ] +- Context release version: [ e.g. 6.6.0 ] +- OpenNebula version: [ e.g. 6.6.1 ] + +**Additional context** +Add any other context about the problem here. + +## Progress Status +- [ ] Code committed +- [ ] Testing - QA +- [ ] Documentation (Release notes - resolved issues, compatibility, known issues) diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..f94532d8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,22 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: 'Type: Feature' +assignees: '' + +--- + +**Description** +Brief description of the new functionality + +**Use case** +How are you going to use this new feature? Why do you need it? + +**Additional Context** +Please feel free to add any other context or screenshots about the feature request here. Or any other alternative you have considered to address this new feature. + +## Progress Status +- [ ] Code committed +- [ ] Testing - QA +- [ ] Documentation (Release notes - resolved issues, compatibility, known issues) From fdb3031c8ce8f4e06149258702f706f1d76cc7b4 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dann1telecom@gmail.com> Date: Tue, 21 Mar 2023 11:30:47 -0600 Subject: [PATCH 121/122] Update issue templates --- .github/ISSUE_TEMPLATE/support-windows-version.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/support-windows-version.md diff --git a/.github/ISSUE_TEMPLATE/support-windows-version.md b/.github/ISSUE_TEMPLATE/support-windows-version.md new file mode 100644 index 00000000..546e0306 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/support-windows-version.md @@ -0,0 +1,14 @@ +--- +name: Support Windows version +about: Support a Windows version officially supported by Microsoft +title: Support Windows <version> +labels: 'Type: Feature' +assignees: '' + +--- + +Progress +- [ ] Image Built and operational +- [ ] Testing - QA +- [ ] [Platform notes](https://docs.opennebula.io/6.6/intro_release_notes/release_notes/platform_notes.html#windows-contextualization-packages) +- [ ] [Windows KB](https://support.opennebula.pro/hc/en-us/articles/360042898271-How-to-Build-an-Image-for-Windows-Virtual-Machines) From 45cd4eba178d86f004e1135b7166c4ec91234cf2 Mon Sep 17 00:00:00 2001 From: Daniel Clavijo Coca <dclavijo@opennebula.io> Date: Mon, 24 Apr 2023 16:20:16 -0600 Subject: [PATCH 122/122] M #: Bump version to 6.6.1 --- generate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate.sh b/generate.sh index 2b1c2356..31fedcfe 100755 --- a/generate.sh +++ b/generate.sh @@ -36,7 +36,7 @@ fi ### NAME=${NAME:-one-context} -VERSION=${VERSION:-6.6.0} +VERSION=${VERSION:-6.6.1} RELEASE=${RELEASE:-1} LABEL="${NAME}-${VERSION}" SRV_MANAGER="${SRV_MANAGER:-nssm}"