From 26d865079c7ecafb15116cad23fe7d3fff98e329 Mon Sep 17 00:00:00 2001 From: Jose Celano Date: Mon, 30 Oct 2023 17:07:17 +0000 Subject: [PATCH 1/3] feat: [#94] new blog article: containerizing Rust applications --- project-words.txt | 24 + .../+page.md | 1120 +++++++++++++++++ ...st-crab-carrying-a-shipping-container.jpeg | Bin 0 -> 168274 bytes 3 files changed, 1144 insertions(+) create mode 100644 src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md create mode 100644 static/images/posts/rust-crab-carrying-a-shipping-container.jpeg diff --git a/project-words.txt b/project-words.txt index 91dbb8e..81c4b54 100644 --- a/project-words.txt +++ b/project-words.txt @@ -1,26 +1,50 @@ +Ajeet +appuser +autoclean bencoded Bencoding +binstall +buildtime Callout +containerfile Dibert +distroless +Dockerfiles +Dockerizing Dsve fontsource +HEALTHCHECK +Heiko Histoire imdl indistinctively +johnthagen +Juggery Kimbatt libtorrent +libz mdsvex Metainfo nojekyll +nologin Nuxt pexels postbuild +println problably +proto +Raina +realpath rehype roboto +runtimes rustc +Seeberger signup Stackoverflow striptags +tlsv torrenting Tzou +Werror +WORKDIR diff --git a/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md b/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md new file mode 100644 index 0000000..63f6d2d --- /dev/null +++ b/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md @@ -0,0 +1,1120 @@ +--- +title: Containerizing Rust Applications +slug: containerizing-rust-applications-best-practices +coverImage: /images/posts/rust-crab-carrying-a-shipping-container.jpeg +date: 2023-11-09T12:08:04.295Z +excerpt: Torrust services (Tracker and Index)support docker, we want to ensure that contributors understand our containerfile and we also want to share good practices for containerizing Rust applications. +tags: + - Documentation + - Docker + - Containers + - Rust +hidden: false +--- + + + +## Table of Contents + +- [Introduction](#introduction) +- [Requirements](#requirements) +- [Why We Use Docker](#why-we-use-docker) +- [Basic Dockerized Rust Application](#basic-dockerized-rust-application) +- [Minimize Docker Image Size With Multi-stage Builds](#minimize-docker-image-size-with-multi-stage-builds) +- [Image Variants](#image-variants) +- [Introduction to Docker Layers Cache](#introduction-to-docker-layers-cache) +- [Caching Cargo Dependencies](#caching-cargo-dependencies) + - [Caching Cargo Dependencies With a Custom Solution](#caching-cargo-dependencies-with-a-custom-solution) + - [Caching Cargo Dependencies With Cargo Chef](#caching-cargo-dependencies-with-cargo-chef) +- [Installing Rust Binaries With Cargo Binstall](#installing-rust-binaries-with-cargo-binstall) +- [Archiving And Reusing Builds With Cargo Nextest](#archiving-and-reusing-builds-with-cargo-nextest) +- [Running Container Without Sudo](#running-container-without-sudo) + - [Use The `docker run --user` Argument](#use-the-docker-run---user-argument) + - [Create The User At Runtime](#create-the-user-at-runtime) +- [Decomposing the Torrust Tracker Containerfile](#decomposing-the-torrust-tracker-containerfile) +- [Other Good Practices](#other-good-practices) +- [Other Considerations](#other-considerations) +- [Links](links) +- [Conclusion](#conclusion) + +## Introduction + +BitTorrent, an age-old protocol, is a powerful way to share data over the internet. +In our journey to building robust BitTorrent projects, we've chosen the Rust +programming language for its memory safety and concurrency features. To streamline +the development and distribution of our projects, we've also employed Docker and +Podman. In this post, we'll dive deep into the best practices we've adopted for +dockerizing our Rust applications. + +We will explain step by step the [Containerfile](https://github.com/torrust/torrust-tracker/blob/develop/Containerfile) +file we use in the repositories where we are using Rust. Besides, we are going to +explain all of the patterns and best practices we have applied. + +You have all the examples in this article in the [Containerizing Rust Apps Examples](https://github.com/torrust/containerizing-rust-apps-examples) +GitHub repository. + +The actual `Containerfile` for the **Tracker** and **Index** services builds images for +both `debug` and `release` modes. For learning purposes we are using a simplified +version here which only builds the `release` mode: + + + +```dockerfile +## Base Builder Image +FROM rust:bookworm as chef +WORKDIR /tmp +RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash +RUN cargo binstall --no-confirm cargo-chef cargo-nextest + +## Tester Image +FROM rust:slim-bookworm as tester +WORKDIR /tmp +RUN apt-get update; apt-get install -y curl; apt-get autoclean +RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash +RUN cargo binstall --no-confirm cargo-nextest + +## Su Exe Compile +FROM docker.io/library/gcc:bookworm as gcc +COPY ./contrib/dev-tools/su-exec/ /usr/local/src/su-exec/ +RUN cc -Wall -Werror -g /usr/local/src/su-exec/su-exec.c -o /usr/local/bin/su-exec; chmod +x /usr/local/bin/su-exec + +## Chef Prepare (look at project and see wat we need) +FROM chef AS recipe +WORKDIR /build/src +COPY . /build/src +RUN cargo chef prepare --recipe-path /build/recipe.json + +## Cook (release) +FROM chef AS dependencies +WORKDIR /build/src +COPY --from=recipe /build/recipe.json /build/recipe.json +RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /build/recipe.json --release +RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/temp.tar.zst --release ; rm -f /build/temp.tar.zst + +## Build Archive (release) +FROM dependencies AS build +WORKDIR /build/src +COPY . /build/src +RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/full-example.tar.zst --release + +# Extract and Test (release) +FROM tester as test +WORKDIR /test +COPY . /test/src +COPY --from=build \ + /build/full-example.tar.zst \ + /test/full-example.tar.zst +RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/full-example.tar.zst +RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json + +RUN mkdir -p /app/bin/; cp -l /test/src/target/release/full-example /app/bin/full-example +RUN chown -R root:root /app; chmod -R u=rw,go=r,a+X /app; chmod -R a+x /app/bin + +## Runtime +FROM gcr.io/distroless/cc-debian12:debug as runtime +RUN ["/busybox/cp", "-sp", "/busybox/sh","/busybox/cat","/busybox/ls","/busybox/env", "/bin/"] +COPY --from=gcc --chmod=0555 /usr/local/bin/su-exec /bin/su-exec +ARG USER_ID=1000 +COPY --chmod=0555 ./share/container/entry_script_sh /usr/local/bin/entry.sh +ENTRYPOINT ["/usr/local/bin/entry.sh"] + +## Release Runtime +FROM runtime as release +COPY --from=test /app/ /usr/ +CMD ["/usr/bin/full-example"] +``` + + + +The real version in production contains some duplicate stages to build the `debug` +mode. Those stages are almost identical to the ones in this example. Only some +flags and names change. + +Don't be scared of the example, we will go through all the lines and explain what +they do, but before doing that, we will explain some basic concepts and the patterns +applied one by one. + +## Requirements + +In order to run some of the examples in this article you will need to install: + +- [Docker version 24.0.6, build ed223bc](https://docs.docker.com/get-docker/) + +## Why We Use Docker + +Docker containers are an excellent means of packaging, shipping, and running applications consistently across different environments. They eliminate the age-old problem of "it works on my machine." By using Docker, we ensure that our BitTorrent services can be deployed and run effortlessly, no matter where they're hosted. + +These are some of its advantages: + +- Reproducible Builds +- Dependency Management +- Portability +- Scalability +- DevOps Integration +- Cross-Platform Development + +## Basic Dockerized Rust Application + +The simplest Dockerfile for a Rust application is as follows: + + + +```dockerfile +# We start from full base defacto Debian image +FROM rust:1.73 +WORKDIR /app +RUN cargo init +RUN cargo build --release +CMD ["./target/release/app"] +``` + + + +And you can build the image and run it with: + + + +```console +docker build -t docker-rust-app-basic . +docker run --rm -it docker-rust-app-basic + +Hello, world! +``` + + + +That creates a docker image which is **1.39 GB**!. + + + +```console +$ docker image ls | grep docker-rust-app-basic +docker-rust-app-basic latest 7294f20bb52c 2 minutes ago 1.39GB +``` + + + +We are going to see how to improve +that and other things like common patters, good practices and other considerations. + +## Minimize Docker Image Size With Multi-stage Builds + +A common pattern to build smaller docker images is to use multi-stage Dockerfiles. + +You can compile your application with all of the Rust tooling and then use the +final binary in a slim operating system. This image does not contain the common +packages contained in the default tag and only contains the minimal packages +needed to run your compiled Rust application. + + + +```dockerfile +# This is the first stage. This image is used to compile the Rust application. +FROM rust:1.73 as builder +WORKDIR /app +RUN cargo init +# Install the package in the current directory +RUN cargo install --path . +CMD ["./target/release/app"] + +# This is the production stage. +# The slim image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run rust. +FROM debian:bookworm-slim +RUN apt-get update && apt-get install && rm -rf /var/lib/apt/lists/* +COPY --from=builder /usr/local/cargo/bin/app /usr/local/bin/app +CMD ["app"] +``` + + + +The example is very easy and you can build and run the image with: + + + +```console +docker build -t docker-rust-app-multi-stage . +docker run --rm -it docker-rust-app-multi-stage +Hello, world! +$ docker image ls | grep docker-rust-app-multi-stage +docker-rust-app-multi-stage latest bc3ae797b55e 11 seconds ago 84.7MB +``` + + + +As you can see this new image is only 84.7MB. That's a huge improvement! + +## Image Variants + +As you can see in our `Containerfile`, the images we are using are the followings: + +### rust:bookworm + +```Dockerfile +FROM rust:bookworm +``` + +At the time of writing this article the latest release is [Debian 12.2](https://www.debian.org/releases/bookworm/). +It is also (currently) known as stable or by its codename "Bookworm". You will +see that we use that one because it's the latest one. + +### rust:slim-bookworm + +```Dockerfile +FROM rust:slim-bookworm +``` + +Images with the `slim` suffix do not contain the common packages contained in the +default tag and only contain the minimal packages needed to run rust. We are using +it for the "tester" stage. + +### gcc:bookworm + +```Dockerfile +FROM docker.io/library/gcc:bookworm +``` + +The GCC image is used to compile an small C program which is a simple tool that +simply executes a program with different privileges. When we start the container +we run it with a USER ID passed by an environment variable and not with `root` +privileges. + +### cc-debian12:debug + +```Dockerfile +FROM gcr.io/gcr.io/distroless/cc-debian12:debug +``` + +And finally a "Distroless" container image is used for runtime. [Why should you use distroless images?](https://github.com/GoogleContainerTools/distroless#why-should-i-use-distroless-images). + +- They are small. +- The only have what you need to run your app. +- It reduces the risk of vulnerabilities. + + + +We use the `:debug` variant of the distroless cc, as it includes the busybox binary, +giving us a shell; that is needed to run the entry-script. We will explain this later. + + + +## Introduction To Docker Layers Cache + +Caching is a pivotal aspect of optimizing Docker builds, especially with Rust projects. Proper caching ensures faster builds, as unchanged dependencies don't have to be recompiled. By leveraging Docker's layer caching mechanism, we can effectively cache Rust dependencies and speed up our Docker builds. + +Docker uses a layered filesystem to store images. Each layer is a set of changes to the filesystem. When you create a new container, you add a new writable layer on top of the underlying layers. This layer is often called the "container layer". All changes made to the running container, such as writing new files, modifying existing files, and deleting files, are written to this thin writable container layer. + +## Caching cargo dependencies + +A common pattern used in all languages is to separate the dependencies installation from the application build. This is done to take advantage of the Docker layer caching mechanism. The dependencies installation is done in a separate layer, and the application build is done in a separate layer. This way, if the application code changes, the dependencies installation layer is not rebuilt, and only the application build layer is rebuilt. + +This improves build times because dependencies installation is usually a time-consuming process and it is something you normally do not change often. The application build, on the other hand, is something you change often, and it is usually a quick process. + +Docker build is executed in the order that you define instructions so you put things that change less frequently at the beginning of the Dockerfile and things that change more frequently at the end of the Dockerfile. + +There are two levels of dependencies: + +- System dependencies. For instance `SQLite`, `curl` and other libraries your application depends on. +- Rust dependencies. These are the Rust packages that you want to install using cargo. Rust packages are called `crates` and you can find them on + +### Caching Cargo Dependencies With A Custom Solution + +The first approach is to use a custom solution to cache the dependencies. + +We first create an **empty application configuration** which uses the same dependencies. +We build the application, downloading and building all the dependencies and creating a docker cache layer. + +Then we build the application. With these layers yo do not need to re-build the dependencies +when you change the application code. + + + +```dockerfile +FROM rust:1.73 as builder + +WORKDIR /app + +# Copy over the manifest files +COPY Cargo.toml Cargo.lock /app/ + +# Create a dummy main.rs to build dependencies +RUN mkdir src && echo "fn main() { println!(\"if you see this, the build broke\"); }" > src/main.rs + +# This build step will cache the dependencies as they're not changed +RUN cargo build --release + +# Now, remove the dummy main.rs and copy your source code +COPY . /app + +# You'll need to update the last modified of the main.rs file to inform cargo to rebuild it +RUN touch -a -m ./src/main.rs + +# Build the application for release. Since dependencies are cached, this will only build your code +RUN cargo build --release + +CMD ["./target/release/custom-dependencies-cache"] +``` + + + +This custom solution is not needed anymore since you can know use [cargo chef](https://github.com/LukeMathWalker/cargo-chef) which is a cargo-subcommand to speed up Rust Docker builds using Docker layer caching. + +### Caching Cargo Dependencies With Cargo Chef + +There is a cargo command called `cargo chef` which is a cargo-subcommand to speed up Rust Docker builds using Docker layer caching. + +Cargo Chef repo: + + + +```dockerfile +FROM rust:1.73 as chef + +WORKDIR /app + +# Install cargo-chef +RUN cargo install cargo-chef --locked + +# Examines your project and builds a recipe that captures the set of information required to build your dependencies +FROM chef AS planner + +COPY . . + +RUN cargo chef prepare --recipe-path recipe.json + +FROM chef AS builder + +COPY --from=planner /app/recipe.json recipe.json + +# Build dependencies - this is the caching Docker layer! +RUN cargo chef cook --release --recipe-path recipe.json + +COPY . . + +# Build the application for release. Since dependencies are cached, this will only build your code +RUN cargo build --release + +CMD ["./target/release/dependencies-cache-with-cargo-chef"] +``` + + + +It does more or less the same as the custom solution. It caches dependencies in a separate layer. +But with some more [benefits](https://github.com/LukeMathWalker/cargo-chef#benefits-of-cargo-chef). + +## Installing Rust Binaries With Cargo Binstall + +`cargo binstall` is a cargo subcommand that allows installing Rust binaries as an alternative to building from source (via cargo install) or manually downloading packages. + +Cargo Binstall repo: . + +We are using it to install `cargo chef` and `cargo nextest` packages easily. + + + +```dockerfile + +FROM rust:1.73 +WORKDIR /app +# Install `cargo binstall` +RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash +# Install Rust binaries with `cargo binstall` +RUN cargo binstall --no-confirm cargo-chef cargo-nextest +RUN cargo chef --version && cargo nextest --version +RUN cargo init +RUN cargo build --release +CMD ["./target/release/app"] + +``` + + + +## Archiving And Reusing Builds With Cargo Nextest + +[cargo-nextest](https://nexte.st/) is a Rust test runner. + +It has a subcommand `cargo nextest archive` that can archive builds artifacts. +This is useful to separate the "build" phase from the "run" phase. + +In the [official documentation](https://nexte.st/book/reusing-builds.html) they +describe some use cases like: + +- **Cross-compilation**. The build machine has a different architecture, or runs a different operating system, from the target machine. +- **Test partitioning**. Build once on the build machine, then partition test execution across multiple target machines. +- **Saving execution time** on more valuable machines. For example, build tests on a regular machine, then run them on a machine with a GPU attached to it. + +We are using it for two reasons: + +- **Test partitioning**. We build the application in a docker stage and then run + the tests in another stage. This way we can separate the build and test phases. +- **Passing the binary to the next stage**. After building the application we archive + the build artifacts and then we extract them in the next stage to run the tests. + Finally we copy the binary to the final "runtime" stage. + + + +```dockerfile +## First stage to install the nextest tool +FROM rust:1.73 as nextest +RUN cargo install cargo-nextest --locked + +## Second stage to build the application and package it with nextest +FROM nextest AS builder +WORKDIR /build/src +COPY . /build/src +RUN cargo build +# We archive the build artifacts to reuse them in the next stage +# NOTICE: the application must contains at least one integration test in order +# include the binary in the archive. +# See: https://github.com/nextest-rs/nextest/issues/423 +RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/archiving-and-reusing-builds.tar.zst +CMD ["/build/src/target/debug/archiving-and-reusing-builds"] + +## Third stage to test the application +FROM nextest AS tester +WORKDIR /test +COPY . /test/src/ +COPY --from=builder \ + /build/archiving-and-reusing-builds.tar.zst \ + /test/archiving-and-reusing-builds.tar.zst +# We extract the build artifacts from the archive +RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/archiving-and-reusing-builds.tar.zst +# We run the tests. We override the default target-dir to use the application binary, +# otherwise it would be created in a temporary directory and we wouldn't be able to +# copy it in the next stage. +RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json +RUN mkdir -p /app/bin/; cp -l /test/src/target/debug/archiving-and-reusing-builds /app/bin/archiving-and-reusing-builds +CMD ["/app/bin/archiving-and-reusing-builds"] + +## Fourth stage to run the application in production +FROM nextest AS runtime +WORKDIR /app +# We take the application binary from the tester stage to ensure the binary we +# use has passed the tests. +COPY --from=tester /app/bin/archiving-and-reusing-builds /app/ +CMD ["/app/archiving-and-reusing-builds"] +``` + + + + + +**NOTICE**: The application must contain at least one integration test in order +include the binary in the archive. See this [issue](https://github.com/nextest-rs/nextest/issues/423) +for more info. + + + +## Running Container Without Sudo + +By default docker is installed and runs containers as `root`. If you build this image: + + + +```dockerfile +FROM rust:1.73 +WORKDIR /app +RUN cargo init +RUN cargo build --release +CMD ["./target/release/app"] +``` + + + +And you run it with the following command: + + + +```console +docker build -t docker-rust-app-running-with-root . +docker run --rm -it docker-rust-app-running-with-root whoami +``` + + + +You will see it's executed as `root`. + +You should not execute containers as `root` because of: + +1. **The Principle of Least Privilege**: This is a security concept that encourages the minimal user permission level necessary to perform a task. Running containers as root goes against this principle because if a process inside the container can run with root privileges, it can execute any command inside the container, which could be dangerous if the container gets compromised. + +2. **Host System Vulnerability**: Containers are designed to be isolated from the host system. However, there are ways that a container could potentially interact with the host, particularly if there are misconfigurations or vulnerabilities in the container runtime or the host's kernel. A container running as root might be able to exploit such vulnerabilities to gain control over the host system. + +3. **Immutable Infrastructure**: Containers are often used as part of an immutable infrastructure, where container images are pre-built and should not change. Running as root makes it easier to make changes to the running container, which can lead to "configuration drift" and unexpected behavior. + +4. **Accidental Damage**: Even if an attacker does not compromise the container, running as root increases the risk of accidental damage by the container's own applications or administrators. For example, a poorly crafted command could delete critical files or disrupt important processes. + +There are some ways to avoid running the container as `root`. We will see all of them. + +### Use the `USER` instruction + + + +```dockerfile +FROM rust:1.73 + +WORKDIR /app + +RUN cargo init +RUN cargo build --release + +USER www-data + +CMD ["./target/release/app"] +``` + + + +You can add the `USER` instruction before the last command. In that example we +know that the base image already contains the user `www-data`. + + + +```console +docker run --rm -it docker-rust-app-running-with-root cat /etc/passwd | grep www-data +www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin +``` + + + +But you can also create a specific user for your application: + + + +```dockerfile +FROM rust:1.73 + +WORKDIR /app + +RUN cargo init +RUN cargo build --release + +RUN groupadd -r appuser +RUN useradd -r -u 1001 -g appuser appuser + +USER appuser + +CMD ["./target/release/app"] +``` + + + +Using the `USER` instruction is considered a good practice because by default the container +will not run as root. In that example, docker will run the container as the user with the ID `1001`. + + + +The Linux Standard Base Core Specification defines three different ranges for +user IDs, the value from 0 to 99, 100 to 999, and 1000 and above. The first two +ranges are reserved for system users. All the regular users start from 1000. +It's also important to note that the user ID 0 is reserved for the root user and +Linux kernel uses the user id and group id to handle the permissions. The host +machine and the docker container might have the same user ID but different usernames. + + + +If you run that container, `appuser` will have the same permissions as the user `1001` +in the host system, whatever it's the name of that user in the host machine. + +### Use The `docker run --user` Argument + +You can also overwrite the user running the container with the argument `--user`: + + + +```console +docker run --user www-data --rm -it docker-rust-app-running-with-root whoami +www-data +``` + + + +In this example, even though the image is execute as root by default, it will be +executed as the `www-data` user. + +Notice you can even use a non-existing user in both the host and the docker image. + + + +```console +$ docker run --user 1001 --rm -it docker-rust-app-running-with-root bash +I have no name!@895b0f6a3dbb:/app$ +``` + + + +All this solutions work but they all have a drawback: you need to know the user +ID at build time (when you build the docker image). You usually want to run the +container in different environments and sometimes you want to use a different +user ID for each environment. For example: + +- **For development**: If you are using Ubuntu, your user ID is probably `1000`. When +you run the container locally you want to run it using that ID, so that you don't +have any problems with permissions. +- **For CI**: The servers you are using for continuous integration (for instance, GitHub runners) +might use an specif user. You could use some cache folders and maybe you need to +use the same user ID as the CI server. +- **For production**: You could create an specific user for your application and use that +user ID. + +With the proposed solutions you would need to rebuild the docker image so that the +user ID inside the container is the same as the host user ID. + +### Create The User At Runtime + +There is al alternative to the previous solutions that make it possible to **run the +container with different user IDs without rebuilding the image**. + + + +```dockerfile + +## Compile su-exec +FROM docker.io/library/gcc:bookworm as gcc +COPY ./contrib/dev-tools/su-exec/ /usr/local/src/su-exec/ +RUN cc -Wall -Werror -g /usr/local/src/su-exec/su-exec.c -o /usr/local/bin/su-exec; chmod +x /usr/local/bin/su-exec + +## Application +FROM rust:1.73 as builder +WORKDIR /app +RUN cargo init +RUN cargo build --release +CMD ["./target/release/app"] + +## Runtime +FROM gcr.io/distroless/cc-debian12:debug as runtime +RUN ["/busybox/cp", "-sp", "/busybox/sh","/busybox/cat","/busybox/ls","/busybox/env", "/bin/"] + +COPY --from=builder /app/target/release/app /usr/local/bin/app +COPY --from=gcc --chmod=0555 /usr/local/bin/su-exec /bin/su-exec +COPY --chmod=0555 ./share/container/entry_script_sh /usr/local/bin/entry.sh + +ENTRYPOINT ["/usr/local/bin/entry.sh"] +CMD ["/usr/local/bin/app"] + +``` + + + +This is the approach we use in Torrust. You run the docker as `root` but we always +use an entrypoint. That entrypoint creates a new user with an ID provided as an +environment variable. + +The `entry.sh` script is always called when you run the container because it's +defined as an `ENTRYPOINT`. This "middleware" script creates the user if it does +not exist, and then runs the application using the [su-exec](https://github.com/ncopa/su-exec) +program to change the user ID it's executed with. + +As you can read on the su-exec documentation: + + + +"su-exec" is a simple tool that will simply execute a program with different privileges. +The program will be executed directly and not run as a child, like su and sudo does, +which avoids TTY and signal issues (see below). + +Notice that su-exec depends on being run by the root user, non-root users do not +have permission to change uid/gid. + + + +The advantage of this approach is that you don't have to worry about the user ID +when you build the docker image. You can run the container as root and then use +the entrypoint to create the user and run the application with that user. + +The entrypoint also ensures that the application is executed with the correct +permissions. You cannot run the application as root unless you explicitly set +the environment variable `USER_ID` to `0`. + +If you want to contribute with Torrust we think that we could simplify the Containerfile +if the "su-exec" command were available in Rust. Because we could reuse one of the +Rust docker images we are using for other docker stages. + +## Decomposing the Torrust Tracker Containerfile + +Finally we can explain line by line what the [Torrust Tracker Containerfile](https://github.com/torrust/torrust-tracker/blob/develop/Containerfile) does. + +Rust apps can be build in `debug` or `release` mode. The `Containerfile` builds both +modes and then it runs the tests for both modes. We have removed the `debug` mode +to keep the example short. But it's almost the same code. For the `release` mode +the flag `--release` is added to some commands. + +This is the full example: + + + +```dockerfile +## Base Builder Image +FROM rust:bookworm as chef +WORKDIR /tmp +RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash +RUN cargo binstall --no-confirm cargo-chef cargo-nextest + +## Tester Image +FROM rust:slim-bookworm as tester +WORKDIR /tmp +RUN apt-get update; apt-get install -y curl; apt-get autoclean +RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash +RUN cargo binstall --no-confirm cargo-nextest + +## Su Exe Compile +FROM docker.io/library/gcc:bookworm as gcc +COPY ./contrib/dev-tools/su-exec/ /usr/local/src/su-exec/ +RUN cc -Wall -Werror -g /usr/local/src/su-exec/su-exec.c -o /usr/local/bin/su-exec; chmod +x /usr/local/bin/su-exec + +## Chef Prepare (look at project and see wat we need) +FROM chef AS recipe +WORKDIR /build/src +COPY . /build/src +RUN cargo chef prepare --recipe-path /build/recipe.json + +## Cook (release) +FROM chef AS dependencies +WORKDIR /build/src +COPY --from=recipe /build/recipe.json /build/recipe.json +RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /build/recipe.json --release +RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/temp.tar.zst --release ; rm -f /build/temp.tar.zst + +## Build Archive (release) +FROM dependencies AS build +WORKDIR /build/src +COPY . /build/src +RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/full-example.tar.zst --release + +# Extract and Test (release) +FROM tester as test +WORKDIR /test +COPY . /test/src +COPY --from=build \ + /build/full-example.tar.zst \ + /test/full-example.tar.zst +RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/full-example.tar.zst +RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json + +RUN mkdir -p /app/bin/; cp -l /test/src/target/release/full-example /app/bin/full-example +RUN chown -R root:root /app; chmod -R u=rw,go=r,a+X /app; chmod -R a+x /app/bin + +## Runtime +FROM gcr.io/distroless/cc-debian12:debug as runtime +RUN ["/busybox/cp", "-sp", "/busybox/sh","/busybox/cat","/busybox/ls","/busybox/env", "/bin/"] +COPY --from=gcc --chmod=0555 /usr/local/bin/su-exec /bin/su-exec +ARG USER_ID=1000 +COPY --chmod=0555 ./share/container/entry_script_sh /usr/local/bin/entry.sh +ENTRYPOINT ["/usr/local/bin/entry.sh"] + +## Release Runtime +FROM runtime as release +COPY --from=test /app/ /usr/ +CMD ["/usr/bin/full-example"] +``` + + + +We can abstract way the stages: + + + +```dockerfile +## Base Builder Image +FROM rust:bookworm as chef +# Install tools needed to build the application: cargo-chef cargo-nextest + +## Tester Image +FROM rust:slim-bookworm as tester +# Install tools needed to test the application: cargo-nextest + +## Su Exe Compile +FROM docker.io/library/gcc:bookworm as gcc +# Compiles the su-exec program which is used at runtime to change the user running the container. + +## Chef Prepare (look at project and see wat we need) +FROM chef AS recipe +# Prepare the info needed to build and cache cargo dependencies + +## Cook (release) +FROM chef AS dependencies +# Re-hydrate the minimum project skeleton identified by `cargo chef prepare` and build it to cache dependencies + +## Build Archive (release) +FROM dependencies AS build +# build and archive the application + +# Extract and Test (release) +FROM tester as test +# Extract the application from the archived artifacts and run the tests. +# And copy the binary to an specified location so it can be used in the `release` +# stage. + +## Runtime +FROM gcr.io/distroless/cc-debian12:debug as runtime +# Minimal image to run the app in production. +# Includes the entrypoint to setup and run the application with a different user Id. + +## Release Runtime +FROM runtime as release +# Runtime for release mode. It copies the binary from the `test` stage and runs it +# via the entrypoint added in the `runtime` stage. +``` + + + +Let's see each stage individually. + +First, we have a base builder image where we install basic tools to build the application. + + + +```dockerfile +## Base Builder Image +FROM rust:bookworm as chef +WORKDIR /tmp +RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash +RUN cargo binstall --no-confirm cargo-chef cargo-nextest +``` + + + +There is nothing really strange here. We use the latest Debian “bookworm” at the time +of writing this article. And we also use `binstall` to install the binaries, since +both of these binaries are written in Rust. + +The next stage is the base Tester Image. It only installs `cargo-nextest` to run the tests. +We also use the Debian “bookworm” but the `slim` variant, since we don't need too much +to only run the tests. + + + +```dockerfile +## Base Tester Image +FROM rust:slim-bookworm as tester +WORKDIR /tmp +RUN apt-get update; apt-get install -y curl; apt-get autoclean +RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash +RUN cargo binstall --no-confirm cargo-nextest +``` + + + +The following is another stage used just to compile the small program [su-exec](https://github.com/ncopa/su-exec) that we use to change the user ID when we run the container. The program is written +in C code, so we only need a C compiler. + + + +```dockerfile +## Su Exe Compile +FROM docker.io/library/gcc:bookworm as gcc +COPY ./contrib/dev-tools/su-exec/ /usr/local/src/su-exec/ +RUN cc -Wall -Werror -g /usr/local/src/su-exec/su-exec.c -o /usr/local/bin/su-exec; chmod +x /usr/local/bin/su-exec +``` + + + +From this point, we start building the application. First, we build the dependencies +and we cache them into an independent stage. + +The first stage it's only to "build the recipe" which is the name that `cargo chef` +gives to the process of collecting all the information needed to build the application +dependencies. + + + +```dockerfile +## Chef Prepare (look at project and see wat we need) +FROM chef AS recipe +WORKDIR /build/src +COPY . /build/src +RUN cargo chef prepare --recipe-path /build/recipe.json +``` + + + +Then, cargo dependencies are built using using the recipe created in the previous stage. +`cargo nextest` has a subcommand to generate and archive the artifact of the build. +We are using it to package and pass the application from one stage to another. + +Dependencies are archived but they are not used independently. That line just test +that the dependencies could be archived. + + + +```dockerfile +## Cook (release) +FROM chef AS dependencies +WORKDIR /build/src +COPY --from=recipe /build/recipe.json /build/recipe.json +RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /build/recipe.json --release +RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/temp.tar.zst --release ; rm -f /build/temp.tar.zst +``` + + + +In the following stage we build the application. The `cargo nextest archive` command builds +and archives the application. + + + +```dockerfile +## Build Archive (release) +FROM dependencies AS build +WORKDIR /build/src +COPY . /build/src +RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/full-example.tar.zst --release +``` + + + +Now, that we have successfully built the application, we can run the tests. We +extract the application from the archived artifacts and run the tests. + + + +```dockerfile +## Extract and Test (release) +FROM tester as test +WORKDIR /test +COPY . /test/src +COPY --from=build \ + /build/full-example.tar.zst \ + /test/full-example.tar.zst +# It compiles without running the tests to make sure there are no problems with +# the archive. +RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/full-example.tar.zst +# We actually run the tests +RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json +# We copy the application binary to an specified location so we can get it from +# there in the final runtime stage. +RUN mkdir -p /app/bin/; cp -l /test/src/target/release/full-example /app/bin/full-example +# Since we use su-exec. We need to run the container as root. +RUN chown -R root:root /app; chmod -R u=rw,go=r,a+X /app; chmod -R a+x /app/bin +``` + + + +Once the application has been built and tested we prepare the runtime. We start +from a minimum "distroless" image variant. We add an entrypoint to setup the application +and also to make sure we don't use the `root` user to run it. The entrypoint just +run the application provided as an argument, in our case, our application in `debug` or +`release` mode, depending of which one you want to run. + + + +```dockerfile +## Runtime +FROM gcr.io/"distroless/cc-debian12:debug as runtime +RUN ["/busybox/cp", "-sp", "/busybox/sh","/busybox/cat","/busybox/ls","/busybox/env", "/bin/"] +COPY --from=gcc --chmod=0555 /usr/local/bin/su-exec /bin/su-exec +ARG USER_ID=1000 +COPY --chmod=0555 ./share/container/entry_script_sh /usr/local/bin/entry.sh +ENTRYPOINT ["/usr/local/bin/entry.sh"] +``` + + + +Finally, we add the `CMD` instruction so we can execute the application. The +entrypoint script only runs the application you pass as the first argument. This +stage is not merge into the previous because in the final version there are two +final runtimes: `debug` and `release`. + + + +```dockerfile +## Release Runtime +FROM runtime as release +COPY --from=test /app/ /usr/ +CMD ["/usr/bin/full-example"] +``` + + + +## Other Good Practices + +- **Minimalism**: We strive to keep our Dockerfiles lean by only including essential components. +- **Explicit versions**: At least with the minor version number, so you do not get unexpected broken compatibility but you can apply security and bug patches. +- **Regular Updates**: Periodically updating the base image and dependencies to benefit from security patches and updates. +- **Health Checks**: Implementing Docker health checks to monitor the state and health of our containerized application. + +## Other Considerations + +- Since we are using `su-exec` we need to run the containers as root. We have not +check if this configuration work when you setup docker in [Rootless mode](https://docs.docker.com/engine/security/rootless/). +- Although we mostly mention docker in this article, the `Containerfile` works +with other tools to manage containers like [Podman](https://podman.io/). + +## Links + +Simple tutorials: + +- [Docker image for Rust backend: learn how to](https://tms-dev-blog.com/lean-docker-image-for-rust-backend/) +- [Getting Started with Rust and Docker](https://collabnix.com/getting-started-with-rust-and-docker/) by [Ajeet Raina](https://collabnix.com/author/ajeetraina/). +- [Rust Docker Tutorial](https://tutorialedge.net/rust/rust-docker-tutorial/). +- [Build your Rust image](https://docs.docker.com/language/rust/build-images/) + +Comprehensive articles like this: + +- [First steps with Docker + Rust](https://dev.to/rogertorres/first-steps-with-docker-rust-30oi) by [Roger Torres](https://dev.to/rogertorres). + +Demos: + +- [Simple dockerized Rust/Axum based HTTP server for demo purposes](https://github.com/hseeberger/hello-rs) by [ + Heiko Seeberger](https://github.com/hseeberger). + +Development using Docker: + +- [Rust Development with Docker](https://www.youtube.com/watch?v=kh1GMRFkzT4&t=2s). +- [Develop your Rust application](https://docs.docker.com/language/rust/develop/) + +Deployments using docker: + +- [How I deployed a Rust web-app using the Rocket framework with Docker](https://medium.com/@anirudhmurali/how-i-deployed-a-rust-web-app-using-the-rocket-framework-with-docker-424da99b1d8a) +- [Deploy a Rust Web App With Rocket](https://www.koyeb.com/tutorials/deploy-a-rust-web-app-with-rocket). + +Minimum sized container images: + +- [min-sized-rust](https://github.com/johnthagen/min-sized-rust#containers) by [johnthagen](https://github.com/johnthagen). + +Caching dependencies: + +- [Packaging a Rust web service using Docker](https://blog.logrocket.com/packaging-a-rust-web-service-using-docker/). +- [Plumbing the Deps of the Crate: Caching Rust Docker Builds](https://dev.to/mgattozzi/plumbing-the-deps-of-the-crate-caching-rust-docker-builds-2e48). +- [Cache Rust dependencies with Docker build](https://stackoverflow.com/questions/58473606/cache-rust-dependencies-with-docker-build). + +Don't run containers as root: + +- [Manage Docker as a non-root user](https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user). +- [Run the Docker daemon as a non-root user (Rootless mode)](https://docs.docker.com/engine/security/rootless/). +- [Docker daemon attack surface](https://docs.docker.com/engine/security/#docker-daemon-attack-surface). +- [Why Processes In Docker Containers Shouldn't Run as Root](https://www.howtogeek.com/devops/why-processes-in-docker-containers-shouldnt-run-as-root/). +- [The Ultimate Docker Security Best Practices for Your Node.js Application](https://www.clickittech.com/devops/docker-security-best-practices/). +- [Should I run things inside a docker container as non root for safety?](https://stackoverflow.com/questions/68155641/should-i-run-things-inside-a-docker-container-as-non-root-for-safety). +- [Docker Tips: Running a Container With a Non Root User](https://betterprogramming.pub/running-a-container-with-a-non-root-user-e35830d1f42a) by [Luc Juggery](https://lucjuggery.medium.com/). +- [Basic Setup and Use of Podman in a Rootless environment](https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md). +- [Understanding how uid and gid work in Docker containers](https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf). + +## Conclusion + +We hope you find this guide useful. Let us know what you think about it! + +We want this article to be a collective effort to document good practices about +Rust and Containers, so we would like to have reviews, comments, new sections, etcetera. + +If you see something wrong or you want to contribute by: + +- Adding new sections. +- Fixing typos. +- Making it clearer. +- Adding links. +- Or whatever you think it could be interesting to have, + +please open an [issue](https://github.com/torrust/torrust-website/issues) or a [PR](https://github.com/torrust/torrust-website/pulls). + +If you have any questions or issues please open an issue on the corresponding repository: + +- Torrust Tracker: +- Torrust Index: +- Torrust Website: +- Containerizing Rust Applications Examples: + +We very welcome any contributions to the projects or [this article](https://github.com/torrust/torrust-website/issues). diff --git a/static/images/posts/rust-crab-carrying-a-shipping-container.jpeg b/static/images/posts/rust-crab-carrying-a-shipping-container.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..29b9c2c0b7bc0d4c0f0ac710e5cd44337fb329b8 GIT binary patch literal 168274 zcmeFZbzBu+_b5DsQX*0ck^%yPbayCS($dm-ICQ6lAaFpsyGy!3X-NU;Qo6hIorCf9 zdG7D|z4zYF```OpoS9j(X79CE?VQJxyC3UniY%2EJ`*a%422v;ot87SusglqVz3V4r*gnZ*B3Mv{p2AH7y4%|{m zh{#AcZXhFrPd&ls05bLsoCho-H*pp9Q7CNjSbalNP$@-=KjSO)Z&R@u*u6wUzk82> z@cu(;8rny6>>Qk2+&sKbo{EV}NJ>d7tEj4}KiAMSG%_|ZH8Z!ccW`uac5!uk_4>_Q zzjyutAHu>TBBP>XVpG%7GcvQXb8<^c%gQS%tEy|7np;}i+B?2<4h()98Xg%P8~-so zH@~pBw7jyqv%9x{aCmflathZAuIF#~soB5jg$?S3h>VPci~`pS0nr(*I5zT)2P`*n zL=;i(+X8(JNz5Kt@?2lsq=rs=9 zLP7wYhlC9X0Y?_JsZ~9Q!QT{xZ{R6PA_mYVBe9zV&;qHyjvm6)0D$&CA209}#elyK za&+2Mpa1rte{-BSD+g_wCJ49!#3X&WFi2W5dx|u3s>u}BOT$H?)3P|u-&w7AMxF{-9ed{0}BTs5mAtvv*wuOr|EMB9#qC?OJDRwaS3XmUk*ndm# zdJuxvxkF}!pj}v$eep`Jx;7*!1Sk1)A8D_M(dBd?Hi#RM>np0f-v|;5l5NY?MFAHz=NGy2iPhGx zwh1mQ<9D3f_=5PfD>)t9PiqQ3k4l=HmYW4+lR1*sivQtbMAtsv%!$}!mhB+6TNl8@&2)r9<$&rsR~ z>>mDLoR!+y^1ZM>8Gha&o=I4~8eEsrhY3^3tn81&l|urrfQ)(iXq=OyGN3ezVIbCSF+|2~5$h%5-W?|;^ZJw?Ldhd=PIp-Rc z<%ZGhwd9=*AHW#xf-Y#-YBb;KqeH5$SCHPbrz;+aTQ1tW0^SN%`fWGXI>t^-%r}0I zL|gn=zDIl%EAYC|AHQec@`1h2J)2(7Jg2H8;_S#PK=w^(`FkXo-3{A?Vx^Y0OYhKC zlU+*`_L?!z4a%>Al;C3*S+lhs0ZM6P1RpkN-!YK`}Dhuod2}|A%%z3faHW;)& z^k0kZswfR+{wP9#ltngN^WG(Ld`!jA_k*WpEm^>ktAXu;tCd+^y`J~i&4$~3hc0zb zQu0jbi4Iwqj#R7LmvobKg|>NV67_IaP5EeQP}7gbg-#FF@mHiT6oPZ`3BNEDHU-e; zz-zk?IvvsbE-m&Md;41$YxHl(3K;5#>c^oKRRKnq`_=?r;p-^T=N^0BKW>zcCDETr zGx3p4jbC^Zt0ydPB6c=D(OsKs#PV)Z{5~ZijdWBZQNv`a9C0D$vG8Lus7XeyRsv#`PWlYvH}9ta5BYdiZ}P6eD0JsJJPRTW_`m}DHC|2*tp}?ldHqg z+CEl+_Iy5qgl9{~cq&!r5l+oI_t>ZJBM%D4`0qJ=oPg~w+Agr0B4a6UJlD5u%edzU zb-eKYEWqz|Z*2H^S;O51FTHtZPj^^b_HnA+CHl7lq6kCcR{{Y^m(_W?y2lYlJd}h2 ztd=ybVedS69MI0blb_4EMvD(q5ZCu9Fuyi^lO#AS81!{h^GJBGFfKB3oC}(x7~80k zNa9;i$ClAFcPp~^rNHfeO~-wx{hm*1z#~9W4DZul4ZpC*UXi5Hap^4U)HCt46<>Mx z*Oe~Q!WquKd!Ezv7uh>y-eZjfTSJ$s^%cRYf^~)`ubzqF<(Dvg(Lk`uZnxOkBglBS z7&$C4IsaktQ+B(jltGnN63aJQgpL!hE#2v%w$(?11+&!;LVyZkf;6Pa-rJsQWkI6k z=qVD(8ye$@al`}d-o$T-vTr^q+F?3UC@_3eaNki&dPGfEZ@Ar>@pbNCz;q91?Zjzg zN9@2ChB@TGQmi=2{rn4yOH-G!ARdp2vkL5|{$B{^IOH7V6x8bOTf-n68*`jJ#o|sm z2Zp0w5$jjLZ7;&CH!>DAW&X|u-F1zsue}|;+iE`^6WX6?UIDiACK|204pYQJEvJW9 zz)J@&)a@2s?Cp%qa6gY+j6Ry9dF$s_fI@QaC2if#)2PT(^|u?8{+XhC7S2d4pQ_t{ zOPa&N%(^qZ9k1ft;{ZMMV^;3*Q?lcWZx3Z#%~&Q%xxnCh0#o7&hlLni0Zlh%)ky7K zt^nmT1-(eBv7}61b+I2Vby5&Zfy#G_gts<`ju%EcvV)&D1Sqy=%UE4qpL+2k9yFXzXqepE#A) z$9Gw*k$e`VbS6X}{T`~U&Ni2X4?{B(ou!p)z36^9-8<>sC8Z#HcDwwgT+D=%HWf*5>I8>jxmDV2;@AW*_&AG{O zcvfqRcvU^NU_Y5n3$5EmRDt_h6~99d!%>q;zhY4xR<7=fdhyFHt3g8Y@Ka{1gVPZO zs@gCIHzDq&0++3pzPHZyt2i!k&59`1`f;@!bG=u9x%c>C;nt^VdO`ZHUn>=(M@W2T*8cZHmlD}Nc)(47036p8?#+t^&}Jft;XV87P(tbyrfaQ^K`{5sk7YK>IRl>9C0ED zi51$GS;DaCR=os97-^Vw5-wkBWfp)?MT`W@%2Lid;IFupUPyGWm%In5~Ph`z|`h?P<{dJ!zy z?qQo`|C|ih!xb_c(m>E(DA-RN#x%i5Nmi?h!Y8uT%R?G5L6sc8P{Q-5btv`?htrp` zvn$~K>V40GzVpW%?|N{!BH7FMFaW2p%1Y@Bd&aT`zU_}A=W@48tt+kWFnsju^2{m( zdc+8KXR!;Na(w^+78MQ|+#C(mt`p_9CP^dZPVQyPC9}nW!@LAWtwX_@#@kQExa1XL z+eLO@vpTKmIVmd&-ul@S@`Zc!5Gl$>i2|;ayBy1U=ygxBkNrN~bv`YZ@IpmC@W=GK0%eqwBscB)n_Go5AB_S39^0rLnlWPKGE@}CCvB>C<4H!N<7;P{>xonh@1N^jZ~ zpg(i+R7mMcxg~hhF^_?CWNmaG>YIpLtaID@&g5vz$UU}?<)+%vbGqDpvhkOq^&h}N zIt2-eNXfwWD?lBB-kzj{LbF$Je>J|aFV=eVhZvp;D%gSlmoqd$tK)=pE(8gm=bwbOAILK^EJi&R@yC5Y40eX%EV_9+mQ8jpX`esDNgmCNCY1@JsI^Zk zZi<70rnkqI+IuP3GM{y+`kr}uMRdV39(`7QyL@WpcaMl)Kq0gUGS}m#hqiKwGWbek zN{e2?**TuBcVL+L?={b(m)w9sIqh+vJr9FBxSv$t0OwbP4%+6T35j(F{-8B zr!RVH`492B-lf+1ZY%}qa;_2}DI*a2!(z@peX?qYYJa26>NYXf= zC+|A64auaJ^A}2XIK!t2N5Xn5;@-O!NBN%J@ucr7bl6Zd!o0|^4-CrcdaB<}X$a~2 zE~i;p^DQ}oQl^$?6Ax*j`~I+!XC>zAi~EI%q~&NigCDFGieR5-S85!UbrKpoT5C#b zwuAGWQ&x?rhF#4T6n!6iMyscu-`x(cbS^n=R}9Sk$THg2eC*!1PZnh7^*B+-=}5G8 zWZ$w1vMw2Ls`_H$I~DP!lASQ-V1XxDRvg|y0j6Jgr1(Q-WCESnm{sR2y4^gGjl1h7 zlWG)sug#>UB#OLRb7?n1#iTy{wMN1G*ZM@r4HTrDR@ZjeC2iJQsJg@e!|;)s@#K$S zN*~fVSW&sl>)6B6g4KIW`D^zUmpPr%*WV#rE)yfD8byrtKfzQg)y|U`TKB}-;nRz1 zZb0}}#1IGR%6@s5tf|*&X%&IGK~Iiub)3DnBqS!>V^v}LActdO?XwZX+frv+t8NUf zFE-jn4&2mbWqBDjgL5`s`psBRp3eV}ljdXV|MY_*w=+V|A7XlPM`Biwf?8_Wg&Jw| z*7w-P@5>KwTKbD%vM}0jNj*%*>3--EnvR6}Ou8LkHTzg$vD{-rFkxHmb2g5t-HR;6hUdav6e)^>Y50UBBHyvK zPP5KmG6}7{zXB+=ds;B4(`+_wb(IxurFOJ$h6M&Dc|{j`)Qh!Nl(Y7(%CiQ%H+SVD z5^tA?6? zLSNW0Of*|<58W03MK3B>8f zm_a_<-W@O7_#~?lzH|%cnsmWh9F>6kM%IQlR?{{^RoB2~{QVkQ0Om$E!c}G{xt&&E)YSOeH1iCpqSS=3#-pZX{*~Xl{&P{RSJx~bzPWeBM(-yn z4gIDIwEe=t@9F_V1%>B4o^4sluk~&M{+rE0Gf^<^2dk*7F_jagHmev)wOG%$2UT~Vkv^DYq9F`H~+n>&SS z{nVP->EjQ-4+)Yy=g0X^3OI(sKRxdi5#`G64CWi2>SmL1wJ$-<3S@p9s3OQ8zFh0LoS9%w~rkH z=Xz?^M$#j`nD-WcF~_OfuI0mjT&>z3*S49qe4B@-u(p|plyrNUhNh=>X~dsCj(LDg z=%PZLK*8Tz$H1+mFd}VPm$WKMPRpMWo5wJojGk&w(?4rvahLwg-T3_m5+)(BcODJ* zIUV;_!Q*{B^n$4}yZr0`l23wqn>BlK!<$s4-+I#-DPsp7z#gJ@B398%*E}Rp)*e>V zuF=r3bn2DqO_bWd!+ld29jt?Osc@=?kLW zRf`qrGHB<%6lBP4p98|M^_bt?^hWDoH|eV(BWwljtb*xA63<5LA|9i5 z%#0V#tX1A4eN@^Qh&s+4PjT>Ru0VB|qc*{y=?QP@iBi?GR~JQ><*ro$$FBW{Hc%-Y z*Mx7h!$GP%4|7X-VAxkcd(u0F3m&oaj6zE3D$e1GP2Llk^SsiX#~mLncf$6F2u88= z7fnwBhPOvPli*wdPX-+^rWBOoHaLsBzn=K2%FuEX5VmuSMJcN?A4bM`i74Oy7~xvr zKC{PPsWB{{_L$eMrzIHKS7Cd^lJo-y2|mu3^C0mr$m0&h@w}30d=ka&3fk&PmZ!Aa zOaA4S+$v#Nx(P8n)Rdh|+pW&JWZx9Rp!OK&{UM#+idqJ92f9*9V*=hqPm0j5fU*aQ zD#z(%`&WQp^~N;j4!TQLQ{?@UIgkF?XF_k^V&%@ z9JkEP5W1$Dp|d$r01FS-Hkv&W5yMlW`fKqEpkIQ$S0Zen&kYN`nQ-5CCDQQ1a@p-< zaJGW{xR|d)G;dV=dy+`#1tyt^uAlDB8I3n*@u>;Z)cuCv-z4>tUje0k`-Ne8_1F`2 zA1bFGMkn=F6QO0swcdveHmz7baP%F0A&7tsYZ*!+p0<+Q@Li~ZSvUUB<}j0XiB*}g zynK9W!5#esOAnjGv2rqM)!c8VSQaz3*cOb*lb}u_x*My< zkR0f_>-OUILBEUmvqX%N*SD}(H3&{W*q(zQ{Q%lR778PoG`<>tw;1KbTwXU3HY z+gxtMrW^->v8|~{Z%x~e)Xy!K5~$}kG$R}BTDGDTql%LGy(0SkqlT7iLV{vGN6pgB z?Vtx~xYw@C8#feFh}dRKJuj$Rq{eW0!vQ(6O8vnyd{(e$*V1kWFCv^shb7(J^MDbk(u z9D|R_c|=TW;*HAhu>!O1Ie}x7qFuh6a&F4Xfj6zQbnU^U@_1H45z0|5Zn{wZ+9V+t z^afG(81DA%R~m=YcXsGm%kDGz?O#qT8q)h7qmRHojjxZLnFb_MQIhJsDQSfr-_zWi z`|vHSE@^IQK4#?cc(@l?*Cjz7V>SN=&H9QUZ;F=NIzxuap~3m~r|LY}$K$)xGG_|K zV@=-|>eh-ARY-v~oqWApWp+<=r!AcG`T88%g(A$gTrir3>oWb#mWEaKg!UhgK!{@l z^%_l&u7IRv+iyLYmn4E)yZqb7B|OtKVS0h`$_oKaU(y|WSy}DSGPA}H?x>N_w;bg@ z4_mAp>-XRCvDIycnp&FqG8Ck|kw7pEq`jbXTY0M`O62u^SF*`9LBm`9ybq(F9b(yf zzbz}>+)b)PLXmiPs`t!*zKS@}nJg}=+>TtPK48&)Gax`>_Tb~Yrc$R@m?PpW*& zLx#oLnmA8t={8odo;*4teX*-qp1}QCllpd9t|jGCpZ{Th^N#W}ois>Kx}8w<%K006 zQuM}~=IeVA+Tnef-hE3tOf3iX!wvLZmKj=QgEHpCw8EcA>{zSgkwLM zxA(;9Gv8Jj39V6~By|rzkG<`XUXUj}oqfo_6INj77HDw(w?|0z( zI>8&f>-Vnkcdx>zW8+S9PTW1NMFE$jW5-GAmERoA3Q5h>y9BjtDU3p}Dx}WW2A1>Q zNMLi=e`=sJr<5=GT23$HO^3;=N1I!SNNGrxePJ0@{uNSZn7?{y*>NM|-3MI4OMV=- zjaE;TS%up{ZoRVu3m)Kz(DDH{{eGcDQzMq)wu5sVRpR%_JA?~>zJ!PtZIdd#)@nqM zVL&+ZK=VF?t&^X_u5sI+7G*Jz_0s4H2y&c31KU_u24$^KdDFO#cZtjOw#Qch-JFL^ zhW0VNQbUEy#2M#&S>%VJsig$Judj5AzhfAeZIi<87fyXeLp?G89n9N~_0}QxTij~z zc^Aq3V`=u;L(TItUfvyp{UcmmJm?ESy6wZ{ z;9F!CqVg_;v-P9jjMt*D@OlF;)!VoRI;3e+YZdN*&Al+5qBMe`51QaNAYAp`y0y{S z$I4k2b&7s!Yhy=|jW0R&0aM|rV^J~z%lZS5w6jhlp$*mam$VJ@W{n~mHESsrVXJm4 zmh=f-7`ST{r3Y9Dqib$K^%s}%VG2MKyI-IwfAGPy; zJT->NuYY$qzi?rE-OYZ+IrMIoU=e(S0Q0g<-@N##EkCazw70XUj43pHRL?$L-i&rw zi~dGi`9K1o{jRPcW|7y?Gblj|F(uItyFB3_u7L0}-5OrssfjQ$>UiPyO2-plck1w7 ziB2EV@FnJC4-YT?kMasvr1H9s7IFI_)TQkU%Wn+(XX%x}Y{bDGDKhwNHoPMmVocVj z6!Y-~-CKsSI;LOxH5DL!^EMZTebMaV5>Kwew6?0o`m2&|D zsTo6Yt4gn>b27(i&Pz}(HZ7XOLjx)3VEO@$__yUYm85=udjKwG|9(;b_i}dCtPf6r z6KyLwkr*GIfe(=wZ{RZ|vn+#v7o7i)qcKwx0$3z(_RF^tB>#tVCX!i(z@wk_#MsPS(#_6T*-c)>(9P12$B05mkeuIz*9Bq&F?P@=cY#=0+w-~z zP+T+T1#vi;iGut(iG!s8#dGk}q$f~2V{&#zc1C6f@DnK~Rtk`ZoskKz(o^wY9KbsP zieI8SJ3BKvvoS*LOqp1CczBqYS(#W_8Nd___O8|r`YsIC_LRRlJT_u7b5jkfCA2m*9dB8Zp3?yGVAm3u(0#+FmUP{7%{LL7#lL^ z^Ki2$4acaB}|6uV7~mhLOJ2-}1ou7{U3lGaK`87;-b{v%}@k=QL*E zF<@n8;9_It;$UNDVKL%nqaZgj-L$IzJm#vR)9j*+}hFQ7gfa^Vyx_-54Ri(Cl9D28z(3~Co4Ax%dZq_#&-5#yuevq ze=&D0Jns`bV|@pxoeC6cB|!1#gSwy3*$$Tc$q=D zKwWv|pho5hYJ{?}?JvyAocuZ-dG!t9(Jeq>ukU1RMDdGg zXr^y%Y7Ev>FjjshGygAKr_W}Aq&s% z{Ps{22WNddV-Zs@jz9~5QFQ%DAvx`}bszms=WJ#SHyvmL24-&Xr^3R{%f`&h#`((z zO#dIsZ_Eis44VlXg9$eaC_fh$D+3Q32OAhSEQT!lpbkbH`oHD+zmT7WnSqt#w-34h zlAj6Ql>BrB)4zM^`q^L24yf)m32e*Y=%1!hkoNZ=XK1l&@zn*{)v z8UTR%6#&q+e%cLu27eBujR1fOXe-$s0EmeN0BTc^xAuR~8@?~;kKO*;G{5Y3y)_33 z5fT0a0U7+=K!tB|xq*&?auf9y`mI|S=olE7w{h-Z-p0O-fpO>V9c)}Ye0=;{Soa9- z;t}BB;p1Iz%|Qb5Am2c{aRUtx69W_P{}`^Cz^ysRzzuNA3b-rf_tqQ|Fz`Xq;1%gN zAl$rxf{2WYga+<#Ap#$OTX%jxf?t2_aJl-mP2>*J9gw!aS+aed=pKa`#S27Xasap! zf`A+%2_TRogEmD35QWiRsTA}&CX~;fz5XeC;l7J8R0}0X~36&Z^ehD)2c}NbRQlX-T`+$#x z!80hv19I^E8)8$WubB%|0pRZ^{6_A8!6N*Vg!~5q_j&yrP-iQ>_5o>Nad6SE;WvT| z-i7=mA^d|N3jZYiIiuy`rI3S-1%N05APR$-sKBy82myT|4E&PgZ=<8Z8ULFoKji>Z zfe%4Zz}&*{L~wqfSRf7;?m8cMg~QK6sD9r3I$zrZELG&!J;>u)2)InY<%9G71Blo1 zh5WgPBR|!-^IMDG0$nrsr5zRUw>ltixZMB31o$ON$hFLf!eCH=7DWE34%{R^O$ApL z8N`37^Op~PbNeODPaA+GU3&`d?Q7Mp^IhZMtuWjq*UaEr|Ep5KwLsu=xH|ANT%f-J z%<&t3Y4^+Yzp3CA?xWY>^=BD~!qpOg^9X8-{2`r!2hl=W`_T}>ej z60V*3_k(Na|DzXZbg+X!L%de%x^DcH_}b6N*96cuKMR20!u1x0`wQ;7YY3sl)#|Oz zC28+2p3vJ6A1^B%Pow~ZC9lo*FJ?ltctiV>49^eh1Ohx2oIA)4?%-cQg}OsMl)0Pa ze(!R4N+$AngzPDV2z$lKY<#qoc^37*;r+`T2;?BI*FM)m!o%7*?vLr1elM&Fb2`(E?-*SP(y!T&}nRKD0nrKC5;=Pow zf;Z`xWT&bANH;${;4*v&UjqF@mV;q?d3op^D!}JwE(CHgm~c?R9s}72K*NDC>dxh5J1u3CWe~~A*Up*c|xL>K0)zn5$3W!<2{3%{xz>}%8iUR2ZdpgJDY9O)8!IX9Ofyw|BZlD0J%rTyk}V7 ziG6fi?ee9bqrnpIq&Vj^{!<0{_{1O{e)^)kP;tL~81d=+s`nEc!rF(ZlAvh9;Bg(7 z*GLEg_S>5C;wD_zoHFp4eXt$_f7>YAF3@lFW=3& zZAI34c2>R0vZOD#*PxIS~zpF8k2TolY|fyvBK_e+M5gUzz=HAm1**9a)? zJVRVx^?UK8{89dPXTRRBtC!8a0{TU10|d%IjF+c1br8oEjN>q{t@1@cOV8c-V0T<` z$JoWlgGtvJU*|}Mih|3Rmf8i$RODa){td`O=+EF)1|%a>w#88g^=Op|P@n#A-#o}J zH#RFJa%vjn$+!w`x@C^hdWeHcY~k^6ESVe?-XeiL z7~-$ioeIdEhV_x8Mby>Dbh!m3iIsF1PJf*an-}0ukRK@~t!U9=nRhv|_{zgpS;eGW zV_z>j_)JbSY6Gr_87JpVumE8OO9ZcD?s$X;fSFd`DecY*XZYf25nA< zES^v8Zr&MN#KG-LM$f^h3EO~yw)KzuQ7I?)qz{Yslhg_M2*0HIKb~USxJYdXQ^R+3YS| zd&~!k=yKDO5Q-R@62e`Bc#^(v3PpprGGKR0?gO5|MqLv3X-C@Lo~f=WhNJhA0PcgJ zFw4b5Tl}XVYh_7n$85?j+VR&ftf05l3L8nWC)EuH_qA$!E)2{IZ-~&wnve0_rrGeu zeSR?67+V?JXSQbO{G%JJCJ5vp`#*r(@f7h|Q{mmsPX5*iKFWxV!>xOh3wDmx-3bC@ zIwKBaN^dx*UdsfS=|~XexkFhGNQvF-F+1NPt|{ud$_TvA1e=)neRs|{SJ%%?dkSeM zke4jpPaO-@LRrC96D;XZ)d`VZ*3RX3Eh(HyTQATIE`8u1YPM9-5zWk35Ak-*9KN`h zU|a3Cd`rgNWJ-{DY^ul7nQyK~;H_B!0&+mkRxg&*A%0QO9u(K{e$W;0Ug0ChJ20>j zg~2lZ09wd9uuLid2xM43UmG7HsKpXJX)HM0-sP6ld#LxQ4zB|dxvVesL{%Nyd3K~j zghlE&{iI2Yns@%tc6al>b=&8hmD1R{_ixJ!>T$a`NM{tb60{6wQ;mN1R>&^_WFOE| z2;?!ln~s8p-FYwU8+>C&wrY>7?gOO}UA;apfOZ-4qJ) z;umYx1wMW;nA~uh)>_!ii#fP?>(pBptgrCC5*bk#3^)KhW0T5_@vlVjp~UQaG?31e znjF-|PRij^$2)n(7Kvq$SRV7vW$ZNuximlUE8RzlKI5WSzY~xakQ2Qm$0q9;xuKahMtfm$A{Pp53Rb$p%Cc|fq@UE;978H}rZK8{9isX=U$ zJE744W@8Z&^0O!(cn<*98vv2A^Nc38Wbq2wgx#?kX|SvqBhGSFp0RWp5sMS6=vv(kc>M^Fl3(WO5m**fDBnq= zWM4Te_sEOu<5}jZ_ZHR+*Kp7hbeQS<66H!rioP)ZV`I~9_iGxe{B6Kg%WI2vh+gCSdx@Wbs<0GlZhjLc;G%t>1n6#$b zMlW^>CwY1rdn*mT9qyG~TJ0Cnb;vjFhdmQT6b6ez1tX3eG$i;#;61z$M4C`f7=ac| zZY94b4KoZMUN|pQ?on?#i1m|7ZMJgMaa%Xut|+@0q4XKGA7+q0g4#?cg?#RQqisST z7kF#4lB+z3)pOWkDfuLU(zDa+&1#ek>h-V~Eb9-zU3DEA3ip@Krza&8?wKzuupJ5p z9q2h0u0PN1Ngumd*O5&I2OYTiXSZ>+4=z0q-dAs!oGztrEXMlv9>B^2^KOReM-Q9Q zJ^0q!`ZY0Z&Xw+9CY?9c|GE?(@O(W2L8M&J+JiZAzt`ZSjN4DDuM4bbG&ET{l=4^$ zq#i*kwXmEBf}$@gt7AmwOeAvFmMm?$k=9zDTmc#QwzlJ1}7)J{_=YQ>4uUpi&KBJ2B#4F?R zdYO7B@|_RRQ{zPdF9tQc>W_t(+uC zjGqW@w^gohINE{=z`+NB9KdBo7kMT|9tz|cNh}2q^Jw&qd9H!4^SdvS#`q^K}WpKY-kg>VI8D-fd4W^$HtE}v(_`avJBCFLLPebDrVVEHzGPRjK1z*KmVz`M zld5z;wj(p%akOBFRpY^jvN_c2SrBq~m8|O-FaKB^zQtOI9NTy*m*=|!K}w-uY*y4Z zaB!WFpqjg>Q>N1jQ)pDxHC0ba7+Rd=B&foyAQ_AwcU;Yqc4G>6veKEDl*l}?u{Vkp z6~X6jf(`GUrhVK^I0zzb9l`#O8X~ZfC7xvn4x1*|HIJWhR|8K|&5LyhE}$CuFZQKm z@lj;xv83Iw!hTd}y0^Wm@3VBCk&Hh~GW^i|zO3Uy9W+K8d~q2aYyB8)jJ8%DBFB> zNRm-aP3a5?3;fV#GP|Zb=$i?3@iw$v^7sMPUU1wTEC10Zx}pHEG(xJ;0VoWROG zt+d}sA*;+ewaZ_Syua6QSO|zm?~~ExZt-{w-#y&xJ4La?*@#js-83*VEVZ?(S+DX_ zXY6asZrb38eO0-um(i^Nj?OEIQ_xV=w(3+%g6thlQz{`0;lkv7G3ikHP^f;I$}490Ln1ta-QdgJ%)=BXQ#?S=i-mG)XMD9pd=X3UYuRK-0B zJ0N9ortyyeN1{@RkDkI3Z2cxI%Oy+~p9{c*R&R0dAF@JHLz!jkZj>u;N#t$Et&tp* zJ-xvOt0gt>O+3JoeL)V6HW44{Hs0mKix8#~zOBkV;1hyCylU<-x>EtsL9LD*vEI-u zETZu*UQm@*%Hzr%T|D5K6y|vnAklPzpRk!kmQXNsp%A?ur&hn@E8DNF1a^|woyl)+ z{v17l4Uh1G@}8c<@|+dd6%gaDZqPdYXhHUAp1|F#jF_TR$^~&qU&Q2Yrl{dFHX7hCf3QJ1El zD!Oloi^1gLWv@K_?L#y z2u56nsG8hdxsM@jHGcgz2Mq0$29*l++bgA-Ip*N{AJzQBfgGKJhi{{tK1AJtFE;_v z0oG4?32n2AdT-8RWzc&@?v(6{v(XzpAP3OUbA~ijPPP~er0fdI)Lr|JVtTCi*5pny zrdzA0n;Z8l?HBB3p70T+g_+Q0y-_QNDK5I^G+$tUPOCQgkII2FZPab*m7_QyuA3N;Y zniKU>lvXUVIb|Q|QXCklr3=H?iccX|%JAII6H zqKc49n@p(`Ea7WR?j}}$hKbIBVe#+qYhE9MAnVd@H*n8#qE4t_@+9$PY2Bxm^@9qz z+cPW$UH-vbv`b>G0_+vasz5jWTX z09&P=ly*!G<3UJDxk20;_VWd?n4vxOrr3&%?8D&txDs$J4$*+W|09gvih9OEz*DZE z6w>+VgLz&SlYo&zgthi@zu?r!U_~+A9kBOADB4X#9#id|7XPx~NyC*tvA?@+Q)~88 zI+IN69yr6`tXipCGMFgcdQ5mW{^&X|{#NsP30W9G6h`D9OWe(bsBc>KSNP#hcog;r zb+>n|*|`qtHEq;cx3yU+Mu2beqHr-PM}Aard-GKtcouOfPwbLmRGslQk3YA>{NN9^ zQs8nC@&*B4=yIOQ>DvG{l_p~UfZX!B1h0BB4xIvpx`VQX^=@QeDssy@zn7fF&;ZXB zllXJR-q?8@WRCKqS6ez~nqIG0$Ieh=00i=P!5ocTT=+lMJlBoaZ(G)sSnvuZsB9Nb z%6a4zZCG#ELwhX?<9gYOO{b&ZtG;~w)Cc%C`0Ya=$TECeci5^XIM2eCG$v|TPu4%c zXin8GLpB-kw+pbWo$`d*ri=(MC3r9z9Q{}&e!j0ubpd$^x`X)Pch7Xox_1W|oEHzQ zgB|+llq54#_Hy})!_=d4Yin5^9TrwRd)>YPk9FBR$Sr5;nAW>en*yq)Vm|; zzHaq$H%)3M@lLX!!>v};qa#zQD$F-dc#@OQ+7x@o1C)SL{IxX$0x|>|V z5nMRU8*pMDrd)99&9!2@d{iElReYBod?5=6-&battq->zE8WmGI~#~DKnn>_ruFO9 z#p*6n71KQ$st_ksNsoP@)S~TWy{UD-MqtX2tkL>>;FBu*$@>=8{Y>d+9u}}(tF`D! zi$+ODXn7g350x*=yxgn4mANGp$-|HXOW`msAQEWy42qR^nYq z>JFDW_1Wd?L3ZX35Xb>kq!xFR(y#h zyaTA&OA{dh&fItth@jTD+GCAI-U7o4-sv}!j2Y(^;%k0i^3V2eShYU_CuGPkL0SF< z{fHgRt)Q&ya&g-sQse{cw4| z-V1L(@hhM?*GyCxbehWf^b~6p?a`!xsg0eN(l)iR<^ZEX;%GEE(-PaZ!GbTST9YezvT9bB_c>pqef5d1bm?ep3P zfHxe#-|+i25rAj`yR%`cFqM1J=Z50eHaO>uwI;Uyw$XI5SkIJnYapO1iKq;0^gRkS zqMdE_4%AH-5@Zv&mfIQvFJi+}$k6~F-|d`}xEcsy`G!oDYk`;Px81v{x^{)LF&`D7 z`%bNeD|Bx;FF>cwt1>g4HA{pZlt%K%m3IjdRh^bn@TZl*kj25uu$`EBrz_kF23i{T^Z)AAQu%5c}IUwFM%i$s#ia%-Iq4Tt|dJ@htwF{ zyT-};zF|)~b0Xx>8p%~Z#3uwkssESp3UIxWfCwP_0Mc}>iYG@UML%E>r6(}CQ_U~x z!fzhPNj=0@?hL3sy$CXdc3V#8^>RgW2zE8gg}nA9M;7)&kCkDWV|ZmM*Jw5Mc~6cf zcD%=Jx29%~PFZIEc25Efn|-Lw{IjWn3*(~W|3llG$FsR@apUNq!|AB1s%U9xDXNN^ z^_1#hXicfP<{?PUB!Vy?TCff)R}cX>vISu#S#o$#o4Z=Wqn+`cSm1XUSFq@ zb1Ad4wX?rdt5L*Ork17avC{gUFnXeI_48FVbiT9;?jkTe0&4jm1DZeA9(lC6_9f|f zIyS4M1eGdfDWtG-dX@C7Bq*nuZ=-IQOaWQTf_5ngl#!=N#MU*wnAL+XD*7%0cO5(4 zBWNT$b0VwYmjT+we*E*_T!1Jo&xz07C+f=eCOhy-t=7faE(X~WE?V>ycrl}^fzJZve!}%P`pZkneU?`>zdcJbwM>fT=n72J37sC55vo%^E|`#_>rx?pQdwx1 z=RJU*;}c8Cp@(f}B`BnGn`__e%uI?{?j;v8YTk9qgNeUW*J53YUb573Z~|ALl-93x zzN6Mi*uKW;VNf)>S9}XLx}y{!Mm+84S)nC9>`781+_-!k*6VES>{Y~7p2;WRHNx%YX{Z>^?j+fsy4(MQN_a?O{T4HlOAHC`A?LB z92Y1a4P6;!AsB;J@B&kPbCBPx=8z#~CX~pZRJ0^}NCvj=TlHkNL5t>p??=ujW6m|SJ@`n*RE=!Gjj_dq=zizXnn?1a$Mlc$<{;9bs(`M{n=j`-YTo!Q}&v0w;S_ z%E^CQwGGjV9j4R_RUn^!Wz;3yD}otatsZXT*tARE9X_3Xe*dXxkGb)ZL9q8C4bG~d z?4Ru6;}Si{SzS>oQyqAAeF$5uHmp?0TJZ*5W*(UF%q(5#IYo7~Y248B{)5Xh{x66IFu~E@QkVUF@|Fa>_zK18EHpE=z4zo2J^`Lm zPjh*!)a$jEg7s#-WkW92&#Xjr6C8>5pN$)BLUuWIXBgpPeR07S(a`MfIbnfzc zawfU)g30clGx3Fn8oSCyJ*?vG4y6>Wkab?@gA$wjE!l%E5jJ046f-IY!|Xg{2C>zL zkYpdT^)?Y{65&^(_moF`fuDJ1g@D>*b*M0r+Q@*YRhK|;0jOaa%+kQ2=*)|X6_w!8*!ea9;`Q-? zs_m{}%ckbfK8l;Bfak=_n4wZU=_Zyfw`?U{fX5ki~jZ9us?Sr(-9oWNI)V-;p$Qlmx2 z>By_C=~xCdCN;8hEH?gRP;bY>Ff_)BT^Eq>r58#$oS^HNihTX#$#(hw+g-SC_mh2F z9VYj#AHG`GD;Dh$NJl@Bq{PqEhyH5^SiOy%nSEh0!<0c+(GtAY6^>?wa_>O{S9SZ+ z__yN}_)K6W|0LkLsg_LE>o9gXUdUsU>Ej|%UENgRpIs-e_Mi(NbpUqF$@xQ&AR(MF zr8|qtstA)9wpk37sGGiSQ}6|OKFpP1~OR>#w)2<(zg)3S>D`BHjyV~!u(!Vt9B|>d#?;1a~}85N1il*-0}a) zDZ?;a=%furRHe+F0UwZ%(N}#{wZIs&&mXn71@S*jCJz9G*zAw1SlC)3$lXW8cb%31PbhmzuuG|3dUa7=4pZAt5ICih1#{VL&v zI8oJcQwaX@CH4EdH;wPw$3mF7EFGsN+bgp!(R1fr*uj=ffjQ=B?|4f7lx8oB!l9}H znU<1X7X|zb$2xvxU%J5KAfXvxteM;!WxV1%8g{Xo)EJug;LJqMzz^?me7lSqI-))# z);v8nLj!7=Z)TVh-7dNADD?L9TzAxrWF) ztmh~o?cpnu;6G7=HXXQel>fHA&$HsFjKXa8w5plY=zG%m{?{4t9x&|lTD+X}3R6*& zr{8801H|NhU8}+$5WP|VUFl3OqZvs}PgII_0We_yf|~uie1CO*z|0$%GfUX+8MsxA z#)qe2E8U^A!)cC5^=+>acPEx^6yX2hI=?c2{ZMUmvwy%YpmksR+YBy;itAM!uMXwv zR>TA}n$A@lsY)g4eBt8RU3mP$Ji!H5*#+W2jb74JJT>C5ce;ZfV^?_g7x4Txl1L$V zporvtf0!mqV>qSN$70z69_UZ=RcTZ&?DdnoGbw^^Vc+_MIp^h83Wi$OoutOq{_rce z+St|LI+HB+m&5c4_t}3JhU?!8m0N(Mqu0XygPZN`9GcAACp6T~Jx%kVFDV!p>vy5? zhea&|!o!jqsa~6WWX+1JD)%ltPh#WlkN8SB#+jUGHxuWsq;O`e0gr*p`F-aB(--~Y zczUwfqvU!3ueV=R=-ZiQ5yxzu5{Y5bH1siL8vuLED3mvh$z0rQKjQXcXN9$L`K zRf{42@_JmSwX@>qD5USwMI8WL$D{q{%I&{d|8uGc^u$|}$X%m>2_z=UEV{4*InAn_ z1?P}wd{+nhjHK*s2nGWyWYOP8)hZTBEYYbw#Z!KksKOwl9Mkicjw1G_k!nQ5RWPG(J|LY2`JLGMcNu*wZyore@+OwcBYC) zG(9iQOE`y)aGJ*n(pXoi&VqjDfUIlPCVE1>IAtHYDf|zvvxv*9IXQDA4rd4kBayXz zt&*O7uV-FSOO5K4@^P-?ySa3YGoh7pt171+*4F;w5?;xdQPSiJ zme07Zak<1UC3yXPY#d_dB+J1KUH?4kSv&S+$LCQ2--lVhaPVFZWXMcS$KvzD;|l?w zf}5+yu*v-!rzkzG&z?yD6Ek4^vqk@y4s5$wws435o#)b7mwT`>jzbh%k6)>vcu58< z<}qn0lQ1CL)8qzeKknmf=pojH$hfXMulgO9e5RQr zWA*2c?@ND?cv0t#8NZ%T>S|D_&&sLvnc82>UGM^MRFey1E~ADOH=~tJUDXvtNa6ac z?VFHvehzbhMMLuW*7Yi~$kFd%XTr0sKQQJ?szCV9o>!zTmi>QWoI044So#4wT^Rr; zJr{!6t)4>_(%g=69Y4Em*tmdxYpX1O(#~S>4h9|Q*q!q4O{klF!0#*bShX5frp*^F zM&2uBjf}N_?os#1H(na@yF2U?WW(zfF^(@8Dw0k_zNF` zp5dmfnj|k@7P`?D>|;SKF?7KTr#<~ijH}o4cp2Rh*yg{)9Awh6-E*cJ#hFFlIu2HVk57@TD{s<eZE4sLAy-@ayt%`p15D|Fmc#wu)d&>%PYiG4K+!^^pPjKswE3Wx)#I+k zuSjV$sf97Wb`7+EaD&SUmB8c_E8XyiUbZb|Y$$zBM+4?ovx(%m>zsCS55J!Arlyu8 zFMk&5Go2x?k~w4UjTOkkFhB|XR;oC}Ck88K>uzKc2?UN~C7Ff~O;WVRGSmNU_`RJ6%2&+EiSU|TjjGu1BL8SK$G*afNrAJA6m6iW8xJ1-QpV&YrU*6X3aGU z_+v-DEv}^EIz=Yj1v=otL|>qt#BbJY?ouKlNx%n6a1Z6n7JHjTcR}GO^UW$lRDRPZL%LY}Rcj-eOw-e{Hr+?4Lhw>+BCL zSm~(BKD{`qH$?GUsZ|P(jqTmbnfjfnmg+mMcRK%JfTsJmFZF%d&F`$LS!rs;eeYCy zAat`<0A!r`-hb1v50@C#hV3RgI*p*K1Td?y?ZPE-mueeICLCvEWP9YJGVJ=k-w&)( zQvmta$EDoubL>%&ui)fLp94#qumXT2F({Vs$+rDaf(G%MmAstAm4!*GGY7r*v<1rQ z88b1s=scE^vIN;t?26eSU3aEV_zy0evUiR8z=W*JL0M*lk%B%&$#h&^YPJvASr^s9 zVjV1bHyf}DsvTKa?I6*{@cLsG?`Ku+ZZ_EI_B*ok;&ATMzeoitMv3ug|0R{b{%&`j z+dp`;xx{uWrkd2Rxp#n-E11g8oI)0_bLY2;^)wPv)Z=PN4LV5+H4F+IShRC*U78ED z5>00V01%&4ipxG}wGttv{HrO%@nQ|F%z*&>>G(DQS2raU563+?%JfFzc`DLzDp1KL z-0r4C9JrDab`j|^)R~;}=BDvFKk%Nw z%sL&mOYJMgVS?bvFmHnxi?qIc$x?x<)U{ggMv$||k0PSHuC$+7vvHhn_P;DbkxwvK%Q279k!wH57=j^?CIy`XtM&<11ooz@dDyfq1##&aiLPPLi)Wo zsxKhz>T*Cx8acRQgD&jFo7X$3b$g^Pd9dRLOIFnoTnhjx0`hQ>2=C+dhd zQCEG!DCi=Wk>kLi;y-8`)Uwst+&;^rFXKNQnsSvrnlxCLb)lL_bqj6Ioo7_L!9s_K zL4&19{J-Cx8gm4rlSttLKCorHkas?+gR!)c#ZL<%4D_6Ta&bdc*m$byFd11T&CyJ> zS-U~_IHOqV^Q5KW%R>URo_LG;gQi$5U|`mv+`~YflpS>skiy{NV5I^~)!JH4rF5z8 zGGfBd%I^m>c5kSqB1nZ_xZq?vue3)~w?gJ>*{Kp2cY{C~1D0Z=G7Rw5b&eIogTD6n zWjB5^kd6Rrlpqx%?J_j%V%WS{i#306<&)hYx5kv@6elfg0vQ0vu2MIPgH=Z$OgUnM z2@x$TK~+CsizA!QJqBak{yAL&1hvz=fQj{sXGaSZYmpy9IO` z`c)lnMAQhLaGW*E`GmpvW}p0&WtjH|mqT|-P2o}=hLK=)6XxAnRGn0hCY0kovHNfW zt4ovl{-?pffAp(XAAKaPrE$WlKDPsT1o6p zl4f(9dCk)00QAF=rd6515}Q_s369cwZ_-q?s69hGY()FTlfPnL{!*oXHL}}hlig~+ zEGRkk_=<*xA~$33E%sg#(aUCrTH-b))cNJG!kAbSDmJaOI`=knbZidsCSB?U_cikI zcCZ3=)$838-@-k-MWfPTk_Q*DK{%Jkl_mZ1S4;b^5B`#gSjl8{;44sp-N;;In}hS} z&5kuuEvUey$plTt#kGJo6Fn(2I7)>XW;0{CDyX!oJdJZN(-gRb_L3P?S+9OoHFeq3 zHoVRsbZ5A)%pL7i>Ow59Y?^N zk2cTwg}qI=SLmSr=1wNHrE$Uo4L#i5hMcnh)hWPN9#?sfE_yJ1-d2S*)Qp-6?l@xz zjMy_)sdz8CvZxivS9yRq2w#&X`NDw=hcobZ71ifV9tZiQjNle_EQIx_4xwbBSmb6hOI0hl7_Z zH^E=)D#|1f031Q%UX_{fuqe4YUaha6CZ5T*E5Luf3&i`}UVRXxTtsSP1Rl>Z)j469 zAB*z0)>0Fgsj|pi^D7!P{aHw^Jm~m}n2`0EnDwy_9RFMoTkX{}_gytYZj~r7eMFJ5 z=)ytewu4%ur))%I@(m*JapruQ+j7&(=plIEYOs%Y)2jL6LFDeY_ME`SrYy#CIuN)6leM= zOCrA*@3tl;_K1u7&LvD#_BU6$qSax4Gx-ySS@9+Qp<3O8>l1s1;Rg@n#Zv0Xi&*~b zc998L^PUN)u-&%>nq2Y#L}XXN{8GtW_-_j$&E~Vn{`Dyrgq?1JYp)UP z30`!i;oFFF@}Q;~#YpE*_o3kjofmB4IPi!ZXx!m?9C!#yap*q(zj3R;T%In+&78_J zivY0Zk;(N`iN0mK#$F9jmYCSMfQ)V6AU#O9L+ef~u4~-`hgv0Fjp>?0xK~Z#)o$e$ z+>1KP^-d!A#nR7(%b6N!jv`EW2lgS83>wykEVGni(YMx$z-cNc37{Un79{osd`lcp|b(gshp&WS{QP&rd~jdFL$^23%KjnW8^D0U@p&-4cCw;5DrweuS1#&nd{RDU*~%C zY2}14j9E|P)#A^W#<;jGKok*H#Dfnd-XYM5wa8V=DuS+p{nG(l1ooh8rGjWke<{qz zC(JO4eOUU@f|bqiC;uG##c<^wO^bepZE7b*4Rd|QuJS25J5^(-qg7Sl;*=G}b|no~ zt|9ki+Q|y_bMU2j3`3C!ie%&rlftn^$yKaBxO#*m4yFV zuO1&Y8TE}0XC%I7E^m~6fp#pU4d^RrF1?s90ympMMmArA-ODVr0h|91+H!0F2Q(E# z;k1|GS2;%VQxPzby-uSwxDrz%%PW|HY;l-bO)FKgLOT0yY|t{NVGjYcmg%Xm91#pt zol{ydE|vs{kqe9Ez_FhU=~xY(yktD%dkoKQj~9d z;Tg%M!K9*>Mi3#7Dbw&Trqr9K*CB=KSZpsrCf9b!)`x=!x7DWkIE)4f4xqfhENb%Q z7(^5KdT2GI2uxCf<&U)kMgn9;IEIg+LCg-5P|t6Mo?M-(q7^pSBs};e)v&M@XH(Dd zk6TQzSgH$}D)e7tr?mI;6?Z$BnTV211`>qb+k>di$R_)>XJVY#N6 zrt;F{9?1hbI~8btNRPiUpk}xW}H98oTL8D$xj_M#5AbgLkrw+X+?eL zr7dPjO@tqz%Jv363_I9|e;z%h9C4^SB!(P3tiKZEh*I^8unp1->Z^vdW`n}OqZKwt zzA{1t=_<@qHI1)(P!%2YBgFyRz&Q~wiKGa-h@xQ_m5HKOYu7xgf0~l3S*vr+Ax$F% z(Q_XDOSzoPJVGRDji|BwdBrth7GfO_Ib+2}jc2neCR`6=6re=G$szH4GOgW4aKP6} zFMV-8&R2?G{}!Lt9b?+O@EJnDbBnKbD+#*Q3t4vMmZYY}8WL-T~fyUEz`A zXI$V39ZI?QJb7pL(!%Q2}w0G3+ntITn8(}GOs>_!EB3)Nsm||x{lH5d^`@t zAj`f5YhRUIR93d!1Jlk=ts_qJ4^ps+ad=1hr@0j>wh1~x*@4aDm1@nerqmmzYaxZT z_|jguk`{U`S8c{RzfC>C*=IsY;1DZwYG@vQkRL3nz&=ztWqrg>`gAoQ;c#hW@1U(H z8jn#~)zvf^A&51%kB=*|$u)$)1$I17zjvJ8r$Felrk>ug&fLJOC1i*Ryw}A&L6Qx% zCBu6uX$`pwP|S{q*J^F}hke!fve>qg#vDyGNt2hPZniJ(>#y0H_}_?rn$N*qUihjs z3HSD~skyi5kQjHJLQ&yYHSmD~b+wUxdM)h|7S-=I*yc;gDz;ZysE zAFf~nP8QgQ#vJ~{&T(AyR_n2~>H~`)00V2MGBaj{9z@qWntlc!Lr*q|I>wsh)vm;I85izExf7F7rO4`)0)armSgA$W!l~iRS z`+ciC+if?CTnj_9x{9;hNDOc1pY--2Ow+3J>#2ZnI^RvG=;7!u>AK$jJ@vMJLVhvT z&uQ4CvTDff_UQ@>rn#$>c0> z4Tm}qQ^D`We?WUnr$R{!ksxGMIMK>uja2prm!4ScVakEh%8A8U5Iy%Es1D>a5mn|< znI^;gAiH;FEqEncD%-GOZ`N18D(ej;Nd*(YSK$DBOET_5`*&8^GAuMlsTm6qhYLun zY1+{v(pRkr{b;hJeH^rlS-Ru{tMr`{xZ-;f!e;3@IwNScL3e7eA5Lo5#5O}AZLmZ3 z-})D4z33W9&NQEI$H}$5m3ge~U+6wfZH16aoeWo*NKGf8 zbYeB>Nrf50gt}XIE5ud4BZ{Pu5dZ z?r0Vqvt4@9Nse3PFYzh(-=gN)H!n-3(7rjB99s>QZutH>R;CI`5X`W)DB#Us+%8`7<0O{~@C$ zTcqLUtM;CC*%5==QRBK{(O1<{uWs@?_FqA)^%Ihs@!A87>uq@V$7C;tMa@j1tjo9Y zn!$4eK5EkGRBsmVyM-eqKATzdn++E13PQ-h3UP=jVmJz84iYAmfS|-~6Vo21TOD{X z0EwQP4u^f1|GB?@qJP#Mi?f3VX0~p&&YlVc_bIj`eyR?}``yUu{Zg1#gAJ#bxl~bX zWHlQmAjOEZTAV$ZlG>Onzlsr@I()F0tZ|ZfCurShDhCnHd3}R-Vsq+iW$xo1j=#)O zt_4mQC@`~xYCwb?k(?}&2{J3#5O1062R^6Ra|q0I{=djq;{DIPWWCtItPZG=8YuW} z^bx&}jt~z5v5|e64rh~4Drcn7_$tci!ea)^YtO-V-;c9Kovrzh&Kqb2IN{1-uwE-wOZwB4=8J< z&b8+vZAer!!Vaqfx!viZY%VNI$$UFhF}semgoI$a1|6E?|IBbmB^JWp14; z&3+*~=9vC5-(JkLdiUsayZ6^+S&1V;^m`p$ zI;&2A>AmEQG^0-9!AiKx8)4XkYQG1GVs#!Z$eJkudAu9hLd2(2z%Bj{AaPE{M=0aH<=0}>W$tOls9~TUv@B(BAW^^t)!}!gA694sC?KQ4WvV|# zjpKp#^pZj}6yqsGZ+LBK2;DdBG~@l}zHE}-U8d^ndrAPy(Xs5xVx(CCTVM~(SZQ_e z0d-!q(6UHPOb3Ym6v*_G>a(Wg&!Ibjh_uU4bo@g5lKEyt5T_D!0xV1E3>bd!Df}5& zpxtTr6RyA0&LZl0F62-G30~V55O!hoCao~%VzbkCMov*j5JbL~_;V=bbsUC-n6vuD zdhe)FlQ-B9(_Rzwp|TUciioS0Sw?Ye*$D|dDfehZf&Uo-sBmG^+}ohd6rQ@*xN(!rPcJR=0eQMSE~{w1K%Uh6 zgDa}v8a*2LQ$sRc!|@G!I6a_-5@z1=HI-$&l*&}ig3sI%u!jhzd6NsiOgS~$`M5AU zhsWZ)zKwdyx=O?OjiJB5G&5(z8v~drX#U0+kl#UUGld|FpN(@N;3z$neGg}1!{HB7 znu!_pE$t4jjE*I(@NTd0a%Tn_ld>UCHj)N}t23bv!P=~BE&=ZQuc~rdjpNf5MhcTl zny!T{jIt__Dh=};*J(wsTk2K1b(Kf^@524lg~`3^p|jqLzyM43MnL7gUY~R^0`_Zn zWv%AS4-KAvQXo+fUvK6b@_y1~^t+PfX~~-(sf$988zGc}QIAfHm;2IQ#re-=$_r*j$B)L3|H9fkEB6$Kn}Wv3ruk5t2!_K8md)i0hyATP zAGv_$OUnY044cY?FF74bo~J@mH_Us?*ihlhCdd-#VAo0{xmwgPB+{Z}Y0i%}ME~Ur)%Zh|l*_W)9xWv4^?!Z1f>vqv@VGTd+ z^y9rNCxXSnX2g5_mcVyZg|zP6m|WlND4wd&6Q4Y(Au=QdwrzMuv4P~Q(M$n(yv!~9!7c3Gz(K;bD&UbtGA@ArzJt0 z9GLd>b-Aw^#w&o?eZqbAZ_4}U;@0V1s<~(Bpdk7h{_x(lSQDwqLEeMUNL{N3+cgph zFUzBlLhvZdArFKQ`c`qxn92iC`E@2!FO59}SIOmX#poiYhf9&FopQ^=y%Q6@$yfb* zlCPHcq?^&(qds`38qn#s1x;IX2@KTx=EKFIh@6i@HrF)bc16_t`!4pw1TdC1Y0^P% zYF@U#HV)Vt#14rBWZ5O5Ru74EjjPI_zOchX+1@vMHf_irn{QbyKOba%S02WUOQhT12+w1c1@zs*d^|rnIgAXX~ibY2Gc#lB-^>*k`;DyLt z5(Icu55ZfyP(tNW+sPM}$w6jr1!IP5rQp8nM^K36&&3zGH4aRzcMUZ8?aHrRAS?pl z<8MLMo}Y(8hSpqt!aAvq8@j_GURn`f!ryoZt^x7CyPy0`u3S3`%T3px4$Xqw%;wJe zRSBW5j3Mp(ZDBDj^=!#>n4T-2jDp?3^iP=PE(D_{gFLViqr_rApV(6_FSox7tRvEWQL&<>~f#9e@4(5^TAmMNSzkm-80HTe0`JXKe*!itvSuM zkWx+12S$I@uvBsT$e3$Dbw<1Tz-FaV3#NrMGO%I>IRtIF#W? zSBiekGA%vnUf5pg8hv>@C)!s}%Kdergnvidikp|!$;~;CFWExcY~0f()9F{}V$TY^ zI<{i(=32+9NZr)>=&`J#7yXK1vVGqPY8N7t^1~FG>jbHy-C_6OAI<|frN7hG00BrV znT^eF>0h)9VXdh=tr`&{czs(bvPIfHUpN9@8+H2CgRu8)K5=|XX!DfSB23iyrv`y< z7ixt9xG0MWB3UnKr;9N2#9I%W7Q=VH=Q50I&u_9iy(E_lCCugy2IOsOsn)s#5+^GG zz;#QVvV2vZG%lx5!@y+-fj3V@KsgL7SOK$Y)2QY8w7(i$9Rq}P%;0iO@;kq~T3yQ$ z+Iu)G<^bmwIZSot`@)ASuwMX49maoXMtOdi16B}Z?-ySy!CBQRn=VGd<9g^Rf7hf&SF-avO#Iz#Qh);~~g)pCEO_>&#dz|1y1i@X-F z5WVm)Bv2#Jyz%Rd|1hYC=(Z%NuckPdbHUF(#94cCX4)GCm*su4G@qF)*F7oi{mobhK-2<@HUM@fX;#-_ zz%v#ey=FeGQ=D>RZ&_=8{hC@X%tGs6g;JejuAhC+h&3ZKzNDkFVYL@E6I!46euMvG zkwSuH^52TTwfkpZswiuqd71`-bOj2oAC9!~xAp53KO$~&%wuzYA;PU=8tWtUiw%VO z*tCOwTEfv~UW3yzs)mUJ1-BM;O|E7rDds+yfbC^f_CMsP2K0PG#Pgdd9ux7aPRq}i z3=K&uo50bGk12Kx;rTx_zMs9mS~nWMgu5G+y!-<=D0YZecIR_C!Y{ond0WBW@&YlYF!1T#@b+bf z(nNMP<0SSs1S`bo!FL*a;_`bGuqyQr+HsK|6Dvw_UBG+!U5LUmI*9SNh-8kZJ8elZ zOi(TVDM!di3s>*;7$*svIHmFGwSi1-GgP8+Of3R#wm3_B&xW3n4bOYp9YQJU%L*TS z&9ysZf@S`?NHTb(xwJ1p=;^)&ru<_eFE2IN7m%`gB*BZZnRw<`uH8@1KjQ`pzX(j!*RoS5zS( z1+phCVdQc)bq4=UuNd{PpWU}$HWMdqZrC-dVe-h=Mgsv0t`L5p?kNI3b}S?<$fEKrW1P*Nwsd-(TBhvTu~HkoyQaGB{% zR(Xc^WGvYbA}+?Cq5{AkXeQWvVZp;d0lJhSm?j%hN3#|UGMQwbjsSx3 zwI9UXC-{MMnK7-avZN7Ma1_RSu}>JC^)MjEvBKMa^=+>lkcTVX!>V!}XKvUzs-bM} z8}>#g6!O4mvV3&`u@IYT8%bq5_?U1544mIF0{>$Fjm{eYz{o9m2^lBP3lm{>?vmos z-e&Y)n{5~%moRjyXvRlVz|BOzaQ8cub@j-->JSt}x1vhU1PNL3a;Jn8m6n!X0S%dF zw_!Afm?U1}YXs)2`_vlCF!3ue&MV?|?DF2H&0}wjw~LWf9n7Cu63B%bUr=arfA7C) z0HUmzf2_tV;!eFO+yal@KD*5UfT`XlZn67Ye@#HWuZ%lpHid_4&HocWvD27;z23%` z1QrOV+!_~EeQ(NVz1%zDtki4XF}h*3zjR_s{*2pYJ7wD--?EwBCq%f5f*2{2glq{a!`9TLx^&)j>|CoD!V8)%yVS1N;bCRfqWa~N z6{eeM28f#BOH}2>&G)#-CKn#A<3}#rwvkO;Jkg*YEVYB=Xpz!r2Kt?jGjbfaT8)L= z=!*IH^vX`ijyBiU=yyva0OGlGg1nT69_ORsf^Y_5c<;uV>YfMZOk0!n_dR(7T)K1F zpWB_FejaVEyAB2L$e0#ft7}V$Ahb6--jobQiuR>mIX)M+z8bG--Z8$RCx`5JP&&=D zp{#)N)2&G4c>c3zx%4w9@O3)KtF(fd3O&go*G0kL8N?+UJq461@d{h!)EX<+_Ue-- zT)UreadV|_2U7qq=RUhX)3i|fOCLtsh3-HOLwJW3ALrWr2Ds**90DcUN^`o!_`a9- zoFn6j;KcZhg*`JhW%R=0&qQjO;vvS6b&*mFVv05J2bW(|dk>=y*%9VtDBFh9J6-(b z3HQ|tqgMR^2UYOOZ`o_ZGTlEf4%#Uo0cVEvu&Lv!7{K2%peX_GJ{_P>3ggAZzst*s+QlvfQKd~gTUApb@&UQ~iQ12LsG zj9wIb1ibFgCd0*bDaHTyb0AePvp+iyUwu$<2{kajz1H_%Aq)U>f8yeSs1M;CR~k>Wrnk($}Q4`Xfx7>5MoDQvmql zziHc9zGbz}bDe(y3j5^HHGK36a0b9V8c#m$?E-=3+j96oh{F{bsIn_!5^kaOnL0IC$G`umsrK2o zQkizaNSqGG%Z!Etxd5hUdQBRLXahLj!gm8LY+Gpn-PpJL3GlFg(T+{s>fr!QFYZOe zy6D!1(ZZxFHqCmrZ{N@3;7}4~<}rom-!q8-g!q}>vr|h?|pd~Lh+1=AI__< zkVrUeV*FND`yEhzfGGfNz13{Cv;rv4{}MFt!kr+9T|dl(t&$fR`6yoiU9~K#mN>5` zSoDTAb_T-0VL%vwAWgNkkMfvjui`)L^FwTgm_&`A_0j;1Sc_=7eVp00c0w zBdne6*45j`xwiS=5%PaN0{8&I$JaZV{I>7fs*$aN0C>kIz_q}`w-PA<2mgH3*1@fJ z{RjPdPXJfhVJT9VK0{z+7{74Q7bQsdR(2BAN= zqGv5fJd+^~aqNZEUrLFHt48`!P7fKp?t0F3#U|KD*B>R*>UIuftJZ?F!ddx>#}P+i zRHeSzai6E2n`^v-3|}umuS(Drkw+8+jzJ%d zIb9lmy}DLvXwddb8+YeT9FKm;p4VOnVIoaOepJE&Y<77EH(cy@jGfWzUu9w-Z&u-s4MtkUbV%6=qkj!)Y(LMGVos~tG_(UU*old_29t72E9L}y9GjlE3^(zsUPpd%k{LywMK9gU&ICs!4kb)@v=tcb^>T!?3o#VI~gStclokW_p30!DU5d=8Wt{ggkpF-r>hQ`8yd^s zHLB?B#vp6og?@VAk?Xo>&Ouf-s6TY^m1)E5!)LRyJ-pQ!pETkMqNX87HH6D6`*1FE z-~EhSZpD9UUiEECE(sWaRM8P`?b?u7Xs2dd=lCXeb2nXF=(EPScW1IG1bcCJ-w&ZP zpj#-nQlTD+lxGLlo!Vgf(TIUdM?G^dIkzA%7f^AY+`Zb1)?*F_?mLB5y4HB@5sV&9 z<}o?JbK@`}_nEfPd4)XH6HiYiw%q&7h%N$WUAD>OmA%sN6N5EZ_LnohR;l+Xsp;`A z`5g`o<+YZ--3}CNP#e|<=YFipty%MZ3qVy8gcEg+6}Oy}c2tm{o&C`4V~vdNtp=sG z$$gB>KAS&Ruo~|xk9Xy-<>|BSv(!94b=2TD)+Ox6HM>*Z>lPUXqW#Zee~U>~bSOKs zdb8g82YIx(LettcZg7|4Rkj>r=>AxV9~0Nnrx>J+3%2l^986k148*}m;7s+Z5>QVV z`>*_d^(g;PYsR5po*C{l_Cj{PP?gWi?ja1PUb;O$-{%~XF$o9hzh}$hr+w4{L3r`{ z%h?x`4SQ$zW2_pIRl35vmww9#abSQ0CH?Xf>i3yc)zUE>*T|1=#4g^kxFiX3Jy}2E zQC)(sXeJxpd~N1ZD%lQV1>{8ciQo3W!*7!1Y_+rk3^@6m>tvffn=T38G*6jJZ`SBS z?3OSB3ts4)ie^>$EayiZno(9MJAT;}PoQcT6$YAeB!N_%-rkj#OU1%Ga_Q%9%Ft%klvz(UPj!qK2-nP z7`8zvQsE1e7(RMvsZ#OoX6!g+fG`;M*60K|@npd3ThC7V+#-7_IT?;eS(0M;9;RpP zhd2olmj@mM=%T)LI~*0=axQ0dtM8SoOx`6; zV<{O2g6KzP?HNgs-~zB)p~Bd)W6<7)pS+~nu;*tALioh11?;2(lkRJ!_HTAIU9YdiNA#TOV|cU=WTuvBK{qW-ts z;gYb0n2I{@4F#L1aRyT}NNQp&tf`NcxbkfOp+xEQ!?y!K-}Ockg{ZG3^0Do~_nnKD zCMgwkrqD*jJDmD^Ij5Zaq8lYlJ>ScL83m_H$0NyB``{0+IePwBmTSd71F4>=?>HhU zr{iBHJ(|=gdUi9ca#6ke4=#@|X6KDEmLE#y2XFfwp-}mbgo)EXRH83pq+Yv8z~XSj zF{c#8e*+Qj(YjR5QscjHPm+9xX(vJDZ2ejM+6|qay{u}o`KO3iOZ<1vXbdJE?6WnB za10aM9F3BQvP9V$I%r@S>bpB!?#4qd7{31?JfL(oqeZw!DS+Xe8Kb6{Kwxo1V#!z# zZ;aXy6A9Gah8^;Z=A~n*l4{DFW~n8<+X)jD#PYdk3H9*gGAOQaR`!-;^ks3i{_)%K z`_|9hj_&#W*B@#rrD|dm6|!rhKH-~dmkR`*K3J-gH~3ksU~)uzZ4f&>kDT7nf%rD@ zKGQO0>4CL|_n!@kOJb_&N<*d&^ERpbUEFuPyx~jaPum!>hMuCxOH6arCo6Z6Yq7od z%i2aZB&OH%^*e8FPDn%%o~;cFItS4vYPAkm4lyGvQZ8+RicekK8#^QSekrhmV`NG? zN?!3WT0#3B!Y*0f9ala%`3g0%akWJA0(gF2_=VNp)%AzH>hIbS8Q<~Amuyttyp|{n z9%6xdY9-`w9@4_e9p%v);!H zb9%C5jwr2W`T2QN9}GB&*CRvi#+i=wUi4#cCv@e)ZGX>Ndc`XMJ%@`hYu4L*y0=%o z#CIW?;dL(&u4&g<;zf1x`^l37Ul()Vr0j&sEk4s>THXwWtq%*e@T2%^uRSL4f~4tp z!mC=wlurRFZY9!7)HacAHJ+~XsWWJ;ksOf@$15FQV3J$NGF}B7@s$QJBC7PshVfkr zgbJ-Y4^8H^E!^h4aaLCdpsee7vW#xP&JKCM7 zAvmiZD?*CixEP)j`AB+iIpYmoHX6eNj~q2aiqxB1~;6#XA9USjBE(~U7t&V zvj*!%wWXQEJz7S+1J>dWh}+>5PXQS9V!^XQr#`Bg-tJJopWGbC7CFlIS{ucb#w*{h z*Ckaa-!1OeQM*CARal&WXQFMtOxbGUm^>3yH?w@vN0 zi}ewgs69#l06ax}a!QtI#S(WD)Y)Qq6MhRrFUJ{cyWJimLF%gX$r8HdwV#R0NYx3m z*~bGSht}BmUkdVmx2eF@G*?2>xa=0B0(gv=s!rwucpvqW$-X5&XW~&tvKz z-xnoG^6g6!^#PFM$1$$Pjji?W>3r%uY9~?8dJU7>xU+|jpO29DdOqlmXv3$F1}y4hOfBYo!W#P2HO9Fj|w zT4lw~N8sJDQFtpqq}~$U#Y+l#wNJ{6xs+10-S#%jKY7LKrHylyCg{Ewv)tTF@gJNg z*8H3wzj1aafwTVrx&w6NAn-IP=k_9?oy zsTWs;?sh$z9y(DlTGP zL-$-u-jp1*-C}ObD_Y^zWeZw})aNQ7W(#QHEO{-R0QIs!az!?Ux;JKp?)RDm*fsYx zTHuvL`q{{4JZS7zs(Q%9c3RDBF{<@lBUXORY7npj`}Y~(_eRPic8#v?Lj|X5RyV6r z7~C^e!-@wqp5n*zVFQ(&qwOs8-g>RbL z+L(1A^)7X)>)`GDGL=S|s_hbWdkU*a_b`3N^|Ge5M)EkX)wQGSwlvhy=-~SMmYW}G zg<$~IlPYY_O<_fF8|trg_q1cVkU5sv6F3fmaKk6DQCOMbXN8CyMm4!(big49;=YcS zP4xY8fEwjz-}sAN=^algNzl-Z)xP?B`j&K`ECQLuT!jKfjEzr)0|pFC2>r|6(KC11 z-?Ln&wRmx%wkVN3bx!2sKM$HVXAJhgLfQL{CEj{pV{28;(Dmlf)O(&PYH4L(oFKjO z^ZnNnu00j2;9|J#b9+~=N3uL@9>loafD4PTM@%Njog~_xPJD8Tf@Z}tR@I{F@PB|D z4U-<)3#%-m7r{86(*kyrk=4x{H@*Jogh8>-?sb%}Flh11D7xnf=1t0degz0U-xY6G zvV%Bnt9n{%7>sAQa}n+09md;YMF-@PZ z!eF@1IWuA6lkX{Wgb`E2iTQA-t{(MKHm3I=SjnrApl>O(NA)35zibKC{HU#oNo)ePKzTWO zCl}k+4sfyE+IP5=Uji(Wc(N-S-7_oO{kJ)-!o^{5kzCBMH-i`AyeO>myD#u=CF@H` zb@0lWNhBl^je20y@gtQnvk2Tv2WO;n(kqUhMaPxz=F~6{T{8B=!)M1hRj;j$$GjujCT!eLuB{uFxp-_;7TTG``!gi=aTj1@VwLA7 zJ|7vz)47zL@7+p;+F>`oS`o^E{7*b37~(yxkbeci@p~3@*%IKDo*6iCYL&Y#ac-f` zPf`RTSk11AkYQm6gKM0xcN1*9_Q;5?U1|rS=sm{t?%hi%oBm!$PJ%Q>9YPkzZG?o$ zMe&UeE9T0pgv#3Q;QUI`y)XquYQvc5q=_w(#^GY8Pg$c^V+M(qR&9hL5lZ-RNjg@s zL_K<+-72F~Wa52wHeYSlTNC+G&-7)mNYf9CwQej=QLR_ISFc*Ff0UBpihvaPD>7{e zd}}0jHQv|Cc@wU8u6Jiu&5|dVoX5CN)OHqZH51?l&K}jMO4j7^00|(xI?$a+m`M$0 zJ?cfjw-pUcgT7JG%GK9+u{H)$Z8f_9{eCOo4h0@khof8VR;Nbfg7{3hlh_>LO+TO5 zKZNlUhu$VCbjZ@58St%#B|bUWnc*gQS>Yxl5iwO5lkXTTDO_h|O^fPmtLBcz7rEJY z+TCq7E%MW1Tx(U!U#-ZNyB?-$SlPo(gVL1t5JhJXXVxU^Q+e>$NF>Q=$kKXp;zin3 z&}OF_+MJWB=Uzf{SVz0L*ERlr8{63JQ)Di+V_jeiIED!13d@D{6J9P5!)xgE+Rb&o zY53x~{ESh?4)eCI$vX?E+6DsqFh+PEtnp%8463?^c^}lXvJFHF>w{leglcDiND)SF zaj|kqyjR%B@#Lm((wEU1-|(&9hK#dWF^dTOdSq*3$H8nYTxHBxXQiU!?&7lzv1E$_ zNnAu%sVkf~*}@B-HC5}{+(e{{v~f;dra8*@WoEx3#rppM4vbvCi?V9kLZ$~CVD!dHugHV%CU4Jqmzg%c6d(J|(6IZc`x=$k&kU5?ajQa-XG zLxso^d=$q$7=w_~^VsS-FT*vxs%Et#UfZkoA$qqL@F+vJ?-F)bE^4)`EroTgYXR)M zIIg|TgG{m4iIuj}>E!A>PmOAby~)dpTW6%EWjtPqkQwdCrtNKX`Lon|m4_P1xkh$Gy+Zj;GCyeT%H^GPS8x8ze1;KdotN7Md>Mxu0e} zP(bcCs%Chjj~!UNp2Q<9=~N_C>5O}X>YgN9)+AmpfykUzsOck%uvnIyQni}d5=$t# zUs$GE*7#WX{-{ID})n(H-g{qHOw8+ucOVW^-%0{LNyduDXUZDd* z)yv@cRuRmx&jLbAh0e;-Eks?ri8Ajw3{ErY^-j1Uuq>*mQVxBjlya|JQfGE5<@FDC zd@>}%!96b)BmuSi)h&_^WOE~oHYDA$p1Ce~vNoliw7ZEJTUw^bEdKAhlN}DpwTv>J zsG`R;QF-*hSD5({q+sO%zm6Q^KqQIfnrfQ@!^lCsnSA<->w+d;N_`C-L8DE5HU&R1)&q6jnit{6C5`{*%_SAv`0ewK6fBPj+{6c&VN;;-J(&f#c>|0%_R(a!ud2CWvp8m^zjV@Mh{$w!+%V?_4VSF0$C+Pl59jO8mJ^!(5@{kgwI0A#!!<5N)}@T z!6q?^_XvI)Hpi+Fu2!uz^Gx2prR}R?fql8I0ZU`a>}e2?5pnTI%vP#%MylZ9z4#C` zC_^+@$Dtd^7Y0RRsCERFlOhUqZRbfYw<{|rcuW4Vg>cg@C3ZJ8S^{iW5o0nWf8sn~ zrt&|)GrJ?w~xOn98d^+g@! zP=TRtTUMovbAj>5j_HtZL2g6QqCG9=BU#z&FFb6T%;EpMaZ`n?fz!e)3(&Yd~F z1Lh(D(VNe%4gE7-yz`B*uLYz%zgIS~W$?z#V@Bd zwN8pBsNMp2!ehH0)$VU1F$l{zOA1Umrhy^vaURAi-AhD(Z?7sxfYwbSITxy72!dct zhHo|Yz-#v)-$=70?NvQi%P$mOZ0~S0m#7}h~o)ElO_eC#^ zJR`dp+3Vl_xuWG-8SvRs3yB#{8Zs&kZhFiqPoh7 zU5>~`?oNF=rR_4tcf$iI;8@oEaf**@BKEu7xNUwlsMPfaH7klW6Tjf~^;}`IA8QbJ z{f-kbn^02;wiR%@6w>0_%W{tPX!0h|RB&bl?d8`7?wPDvA>(m!kIh$SOyRDN;HU9^ zEo+`~4kNo(1fMb&$xyx&_R4QJF$mkbC5XQcRa3k-HQlPmcQ>0@uUC!2=O$B;@lK^r zR7Fs{##1}rb;rmXG4}AsgxO)U3AQr{wMbkh!7!Nn2?WI}ot<$yt_HGPmHv>mY+6W+ zn`L|>!kn-yB?aSnl^m_XS;+pOdtWuFYcEw}Z@EHo;YKY{y*Sj&z?Z&S~f^Ql$CwB*(3&zr3ND&v2qAQ;q z9t(Z)y{*U3jy!$jCS&$^t-@`s!fjF)34bt{NyjcLm2<8&u6{NMJr6UfT?k9U6J>>tibN^BqLj^TVXhTS2ZQ@ z!pJEvU9y6|iHZw3F|a#ih9!)q%#z1;J73tK-o*Yf#NAudReY-KJQsEDMm^ww(~F?FTOs1<0%1A=`=ylM`=(R-KSrMc>Ao94(EB;n~mFS4Cod0m)U8nkC(K17NwQe10O8&GUM#z7s=@Et2%RSh%TYUaJs89rPdUsoFI48M(;qAX$KApn7io&jCf$VEWjhOX zEV%h3ek-%%fq^PQ#?h~3U^rQJTyG0J945W0S7b-(X`j_KRk=Tj(_Eq7EROF-T-`>q zth1~%9fQDFk@cJWwc(twG%_sp$yMA;X@>1*UD?v(K(wh^?V{3=@wkf?$Yj;%uGwM3 z`H}HbbwOZn_Rw%VMT27725M6VXl;3_>F&l@^!s_*?Iw9rPO-1X#crn&N4L|!!*N1q zMX@xyUCPQti(QMo+Vph(`=y2?Tb?RZR^-kx*p*j`m+G;2y>bh{%JAu4ovRr zh}Cj}ntZj5!@K!dE)rZS4~EfN=IVN!CG)yHVt-#j34^!aOAY4Dw6&>uF<$_bHd!}^ zUNB`>PNX$Y5U0VxA6MIQ+lBH%*D}jql~=_BBOOt#ZE11C`zq|M+3jdw7l;-20-d8* zT8?EMjVUTPfn!~gwoQ8MHi3ett7V)sgZjQ>S4_RJPyBHN3FvK7w-;pAVB@%)fJr<{ zxjq|Yxtys}YdJxtP9_sl^6rPJ!EnW|SBEwRv=?z=*4zVoIGhGOSo=Gvw5{$+yJ!fc3ULH+`kgcp}4_(A@N@TrC zn($WIb&XC`?e=ub4}O7iD_vTWb7xl?q}5x^m3B?pVB9g(GN&4^O21}*Kv@~9qEf@e zE}K`2zth3PaawLj;tkxab%o82GhDQlgVJRyVCumk1FBaG1yu|^%_h3lmRik)L#nqM3bjl6ZID+~bbDq;bNmuQVOU(sgQ z`-Z#dckk1&5zol=1uj+6gU16J%>MuwLae-eLK6J$Gv~v)2IHm^Um%M3<8MMX%xw6^?O&NTpciV)c&1{9dG%v%@oy&*_1J zLu6PD1~ob$nchV9C#$x77O!l z30cH5`8v^rFm=flmbP!S)nQ85#sJ+9h*nX+UB2>eEIX?O7MWmNexjg!Z8{HNwaW2i zs8PWhwSBoGQ7s2`aM(k2J8Ea zU9V)iMh*TnmX)#!_qo;Ago!2%vtN0(!wX;@oxY8zAEavaCM;X{dVI6p*s-P9fl~-g zVst+%FP|Uea)Y#`zel(-vsOi+0B6^)F^OZB)kX?Z9m@9=jvs z-c)A^Zcrt0jAd;&M zD4>`7m7kS9a&ofy@sp@fPF%4PvMorwSEP2POdC=qN`H~cSJ$`l<>$|?`b@a_bw3Q1 z^wqyqFP2}G{{ZuSd0zb5pQ6pL_YH5*@BaX%f41ASVlBC!kB~>_UVS;Dt9fw#!Fk-=x()aBg3(((Ffo?;=!;G2hO{rs2swsuE%V}5!?Oi1iZ zxN0PrUrm<(07XmrvS-rN{QgqDy`PsaKBB+rGT-IZd@@^A(W+>tl+8|!B6l)2parpY zEKrC2-u&91qRp%K4R_G*{{W@(9C8yGQg>usf5&)rxMD`tMP_*j`1-hy!|PEDmRjMV zHyY(*wYx^!(tZ1hTeqTuzTAZg(q0g>EOSxqogd2_B~X!%?r(bH$YT-Kpl&+scw!+5 z$|2S{Mno$;(+J_LdHw6^ZNEpU{@~odUDm6aE}k7}r_7NKL2lxbsed+2_C%`r{H1+(M)Eb4Qizv- zS6atDG(CCGNi>mKI1vIi$pHKX$P4~IDBjsd`Csn$=G6TbZ9ljmr))j@^u+kbf)Tgj ziS1ay^5Tpi8SeZp_DxFsvKX`J804S4&VEV zs+so(Mm>f!^PF_|kQNQQM%x}8{OpzcpZ>OeLVPmc>S28@TzwrU#B5SNUcV%_6&YY9LiTm*1)CFgsvm&zBj=hjMr-sN9LOSFyPD?P6?G-D*jPGG*`1sroG1 ze_wNZV{iWernmDC@?>WICa-dHAsQy%S}XApT)OtW!S70kDHSvbVHF$N?2X)j?Tful;D$n)lq}^X9>2iZ{E1GvH1$z zsEORZq@y$eceQeuu>&YK$tY^>xz{@4t~n9Sy`}Pw&b_N&Y3%s>!Ii>rXSMmZJ+6nS z{^H#~Ua6q;m11@7Y@)EXRt~Y5tVI=s=+dNATHfpgxD_*+=o=U7JUjV;`IEnNf6_0i z2g%DPBXN>N+KP_J{{T%0Xiye1!?Bt4kbgGK^D;;3g86RvUw)%k?XAtOiPIuhS4o8* zCH*}g*C)XL03=_l^1S)=KS!HC?g>9bzy6%h%+JYzf2glS%ainAnc_YOP_u$nUBC@MAJKc1xGv+=OaU07xP8d(do|HDx^$t}?bs8bA;#86*Sh zwk0kOQwyDW%{x_=6`h&Wrzlo#1_;bMedXWC)IV`;BsW_#fnp^^RA6KCkHW zX8pk@=y&hanfaUfc_Ce%D&o0U9`qY*596Axo%197{2P1R){?yY-9vUQYdAl9;Y$0* z6>j|*uVp-cR^DHGvsihBSR;~s^ z!05K^CL*Gzy1e-shwdHE_4<1%^{u9Y`SUE+Y%48}U!AqmUX~5`9Xf>u=3Jv3sh58`ujw;r{lO#Xx9`)L`P=z<{1Q!| z!;&SwLgg>jF?(K%>}$JSF2S;cs!2l&Y^hpn+KU&|*+i1bk-qQ5+mA|Y?Qe3$7lIyh zWO-mYd!0#Kwi5(26C`&lS>A-4)=CV>{#5Y}vCPBwH@O|j#A7km5!;Jx8zsqyB?#1N z@{Kf+mOZe`h~#p6i_ej$e&O9eU$3EAwBaEF^|U!;T-YU?-FCGt=0YrpHoF!70HuRX z97e9Z>FI7A{K5WtiT?oQEAoZ)Vfi_HCpv5hQXLiz1KjCt=^8nk90riGWytFraIsWgu8YcVNdE)FG*Py{o&8|S1n=9;^k62dBVG2NNXQM7i~tCC!(&g|Gl`0~8n@y}o}VXVqrbJgDCt_E2`pu53N z3B7yIk*I#*-9KN}_D@7YqnZ#}Z7{>>JLn9ou@DUB!JbGq8y)zsTUAtX!JOy5Uk?8O zIR5}V@7-VYhwB6Ka(EfyqI)vVK;pvm>+Rf&?N|5KLHyeUR~#7Fgq3W>?P~lly|$YD zC?!}XzN6|W?T`r9quUqe$vYS?_j&Vb{*N}V+z0wS^YqVG zwN<%W9g-Yocx8Z34pvvcnq`o^JEbqNcsXO>T>aaNHeOR%%3*XLIR)@S_jfLrO1GE0 zJeIK@xz{CpuI#-|v9Y9c5q-Fc*CFfjreu9UZ9(g>S)PZ4n6(hsBw_o#hf6;Ph%K^p^+g*8-lAq(#eM(~`6bTZ_TjsgS{#Tziujun>{lb5y z-#<=jcPMx}W=4yG@-jCDV6!1`&W0Xr8uU`@Sy2AjHsS0#FHD4g9ylN2l^2p`vTmz$ z8_HSf6MY}GecOz79yPu|ABPv6(Yr*M!g|DsSw2e2kgJQ6pV6Ii z<5=FEMUUy%l;LuCm{c`5UxueEG2nYWPPo|wW;V)0azxU}O+)tv?fU+^NGlq#$016` zIyvm8lFDYNh)J;QNmpyIY#y3QkJE2Gmb^Rs?fldK0Ca!QFR2H~&5?+_1iZVxnxL&I4BVCU^#1@= zi;%vzmEX^-`aIhGn-QPgAAbEjUobx>nzbI=*q%b-6Z<6C1ILcO%%_vsT!>Eba;=f& zrtg99Hdv+d@<2}%A9dem`Tevl?jsYmyzNQiN)Xh9K{k_CdgoqKAKYBHclJ3&miTXt zwHcWYU<{mWmK8ek>X@a%ui^C^#=Qwt0_5mSjJ*0TD^)X3{lU8azpCs}>mupIXQ%fF zB3q5BDB)a0fO&;iIfgu!NKJHMkzaM}wBgsxPmJ%~AM^|A0rJ1r#^3#&OqapPR$-dS zuI-Bj$=PDaa#=N~z|{3gAh?tq{-Bf6UEK0mE8JdJUsDI^a_8jKeoU40)gM)h@P+lf zuD*R|(dOU#hMGgX9rb_12hR`6^*Eyo%5AJ(jsv^JVIROd9ISj(q<}ytX*qlsdUuUy zn&G^~2i*wt5ayX=%&upAzHVODmEGji;QB*g*<|;~a{E^v?#8P1T)QtS+Ok-yoyfH=D7x4A>L)Nq%dFF_;vFW<3IOG z{E__jTg70Bu*F2acZoVD(Mv&dm^>CZqRFo>!CCa+$qkbFhDh6F6cvvc_@zX$#78`$vks z5^=n9jlIvNgps0=$TrA$q%zi%!R23MvGE>`PhQG@jJZ*-zFtR+D6HqTexIm*;oU!8 zfv)-LX1QALNl5W7Ed47dR)Cgs>*dR=w%N8%PO_J$qpyEh;m^!ZjgRh?`6BuKGp1bq zOh2Z}f1;-4H|c5qqm+-YPljE6OdqAopOH`bSEF)$j8K9u$pRUT#3+o(972%%cFQ@> zHN4pv(4InyhIz1BeAnV>Xx2q%N&8Jy$rl@7UJCeL*^K<2rx)V*y5>|ntZcE3;2o}3 zx*^g;crWe`ExY5KI$pYW-8hne15L_A_Vc=bNcpBSvJ2O%xlMn0vesXMKliNHy2{o} zHH1>N9@BwGopS051^HPcxxLxno+@XI%=1D_S>Q~YX4egUxYu^5?&S{wv>mw@VG;3? z*z8B5=GFRq38k)=Wnf!LbYd|DAGOl$#}zCtV79(cobbLKfnd(quETkh^vY;f3iX@A zkInx8?P2?){-ON-S3gw?>2lxbslGWo=_)>>KhgfZJ`W=XmsXJc!*^=j<{weRR&TW{t};nH-|e(A-+_G+0*pWEkp z@5lc2#`slB$?oiGuT?1!Op;|ebA+{M^ID(GO(HGPXLXn5{U)nn9ZvL3nOJ3E&; z=U!-?Rz9^VLswFii7K8%O!#CAR|f`O=H3y+gRUG=Y!>6wCmd-=N=pXS*jN--msev^ zSyE1pDNl|W7MC=Js8|+KYab-uW=9S){{Y%|?w|UZ^Z8tTR3D|wZ=$96<&=RABum&3 z%5C<%StE#!!|gK4Q*0J8F<&A=kOdDW3FO98O(SWeB&#rMqYfo_#D$ex8w<73$HQ?7 z0P;r>jO;$|YHU5!**M}k>*{OVIJ3S6sl(`6!987=K4V_WRsQB$zobkH{4zy1;^nqG z`}v{|!qk50#z*$iWjcS2&gFW_PmN-BR`Q(w(B;gpZa3qlgV9=h-Pacv4f9vwDLP4G z97hU*$k@#??3g|s>;=K_vtWJ?gf~vc@N!VXMxzNs6U|t3#a@`MMBP&99FDS|mW9LOT99LChwE6kzP;YZQ?L0scK-lpDzkUS1G~kWL;I)Y06eWH-8jy_ z`n;(6UUtjYV?HrGkvUkusR~38%0($MAiQ}NJs{A%c`g}xmnAP*JSPu}wfein{{Tno zxu}Peo7ElEYLCs1xf;1yC&dfq#~N5kif&<$NX~(}$^tZWTNY2#=RkFg`KKLmV0lSu zB|fip=*Pv7=?i3L$JwND5;`F^qbrTK+8GUDE>M-OZ3Uedg1*{4ipp;HB9H|Jiyq_3tg&8YgUv@eS* zl|%YI1G<57=)N_DWM!9PCiV~RoM`l+jiqzD zWmYftr5z*3BfH-?s%>hYkRA*aV(Z%W?{%G@G%4?EQ|;k_mZZZRS7{^C|u@Wwb+ z00&ebGF8tJ*<(`<)OOr3YUPy_>X+wVVP_87D#qS;d};UeGZyFN2r4p6Qh6Pv`&5sxR1a` zYYemOIRn)21taSA_{+oG>S)-U1Nr*;SZ@P4DfuKTYTh25{^D*pgy zC(THsbGzMv`IYYOiISb#35M_^FUOXcpXCwVSCxbR02W=F+5oyiso*xQual$+nCl>> zI@P(w*~=*D@uNY*bA4hlhGoAGYpgQgNwTTMYPC_yn6Fj! z1qwm(HlJ@RBk<19xgUjTk@#&=ERU*G#lb`X6aGM$*QlTY$jG8*bm{AHB3G5u@r6;Q zXgZ7bI~FmcXBG$9w*%({sTdRFth3ibEsWZF)>PJg*NRd6eLpDO?UyaFMsqmtjTn;; zaaQ_i!ugdh>lZ8?(066%-gw9>MclBdrLy>4ttPtG!MsePVoR ze@*8-y$zSY5q!x103+Pm>b17%VZ!4z;Nfh?WPTRJZb#55qvU!T=(xeLpI}8)QCO6C z8RIr}$4C<~)+uB{69>Ut#_{p3n)zzPO z+oL4CYyHBOu^%Q&q&z}-iKS{SqYn|s*|Rs}M*gGA4~?-rNqqGjUPgCdvef<*Y~ihM zm#Ou*rk~$Tp|6M9^?w*sse|%<<<(c!ksXqOKZWE|)^NZfe0ZXU9$ZRdw_xR= zX;0augiHXw>DQ)6vi6tz?Y^viMW#cBX~)#`!BI1=aY!93vWVQLyQ9qh^7GXforAgy zEzjb}iyiXh*TifHKDQLd{fyR$)(<(Y>I}PHvTIr5*f-eUzV6z)@1wt6vtf1q9Y~P) zfMfwfo#L7kb+y4@ps~cCBH1O+%D zsJt7MkFAs6n+Z8<;qtV*=say}DV_M@8^jhBdy8;h`BiY%!o)*Bi`OX7qOppwr&p7( z)$%-0@-w>zU&6jj$@Y&?-1NKh2}4P&k^f< zrQ2QFu+FI8IQ7V{aTzP+OkUXE?}cpqUvy|5{B3zx8&e{bo5fI{L{GaCRc#1k3(E^KuXd01D1)+O$RInS_wRY>V zxp5YWXIJH1zT6Z0(&hcI^M_&Z^`CO6j&9vZw3h-RiS_e)+Q%c>{{YKionvPT$^GxP zA}ZkE75F;FrZ5Z_@b@tu(^jfu#O5!otw*zS)}2LQi_vT5_^EVm_GXwr4_fzIl>%PX zIjYB3O!B0IE2b_=Z*yJjUK+~qb`P{7E3uG@{AF6>APJa^Yk!I=BeC#={94B1)w?|w zO!R4S(A+*&b)dI}uikFn%1GDc+5^ zYmv?S8$$QvD~jx8T4NyznAW3zjw<%F^PW}bV_P2DE&l)y=2t!O499CaT)SBeVhNt@ z>}f~2YA>WdSK0U&!nBOL2SR3-Yw21a`OS_;<7P>Zq9I z_r?h1hi%deRP2j6@tkV_%#EBgu~1q60LVeP*w{vPHn5A0t8O+3Ta6PN{G9PwAq@zE z{{V~Za%{Xk9L1XgMRB=s>bR0_{{Z0js^epk*w_YkC0p^eY{Y;T<3Kk5052qQmmgS| z_yuk_PiOo&wb87FJBBb0==>}TNnKkWsxP_eh$p)n49kgJRmRo360NwE;Y>)vZX;1Y zoVWviIsjK4R@_>*V%C=y36mBnQ#=Qzb}n@HosL}a2)K~UxRvHyO2T4Qt|eP>D}{*& zDTy3S#A+x101D`t*xc}$o(S{69(V)K0D0gKJQin$-0e*1{{Z*k|HJ@05dZ-L0t5sD z2mu5F0s;d8000330|XHT5+N}V6Cyz%GBXAgBQQcxQD8I`KvH2OaYJxokrsiVu>aZs z2mu2D0Y3r%0Q{V-ZWc2C0O{3e$Q+`@VC|548IrONSy_R|j=L0^hO#u!c4n`{ z7b>Sox#j-=(?96J>sFR)9TKI`eKumF4P?G#DzH~KSjRQd=%_cV^@|oQ`T{MC7O5&> z$@t){xcF{W&@y!DDzND(*8PUAe>rRDFY1;oShwgnMN-mDZ^+%az8u?B!Dn9OHV-RZ*5TM)Ix_A;rZ%IN!s+++J0p<7 z=Skp1@Hs9?4fI13!SB|=G+eJ9mi;vlYPz?^9mQ>l zW4dZ$G>ZedtrOxU#NOYe(onihRHeg_y13h6Wn*_6GCR19xs*iXkJobILOf{+@P148Y$n4wkju9xc)#5P z@$%zF5u&P-!jiJZeJiORw>L|#j{=i48BY9BEKf|5k;lu>nm%ETQZ4zYd6MFwpQ7P7 zYSggyP4NeQTV;!mI&t&n~RVnCXs7sSVu&!16 zZ`4BE@>rvfmcfbCCmNO`nqo0~yXRW@Ex%EJ(BY3e zxn>Dcag`J&_uR|`wc`*{!TqFI-S=4Rz zzUCC$HvAyp!BSr?g=G>>g!E2;PB>@sS~qVW)H_wM=yF%93dZD_&HV=XOa_l4bC-?2 zLXTXnRV!rABB;A~5i{sfVTrnor({K~!ZajJ3dUu7*nWQ2h8O6HMx%JlnsKO)I~1Ni zT#98yHZb4hpx-KZZDW28LDcK-xy)U;XJ621Aoqz;r8H?2NWsrU5@ZwPFOR$qCh94I(M`cpqx2tVY4b_VQSR(HL?C_BkNDdgl#g(R(-6jU`gELesljWqB)$Ng{66IC#{ecqi4jWrZPojy;rj+=OgvQ;I~0G=@8PC(<=5^_hOzPbNnWlQlkO z6xVcDaSM(3D%j`UNh8jKn~+7g)g)$ewu6_cY^q>2IcLgkuN8!2ZN*aOv|7*l2ea{K zmg~n(7x_NZF0DJ5N@tr<5vj1PRq#g=sDkmWc370Db>&~Rw^S2FFlwC5<-F!yd1xm| z6Rw;UE-X1zX2g*rhewdLi?jW2aD2y;|sH`B-1$6b1#zq?}qj?rJ|dq?V_+`@ft z3tOCxnLIeWsMyqc_5HSzZbS2w(j`kXprmiGo(l@m)Wh4!F*=TPrIF6DfKx0@x{JS! z%a>CWT-9p7e@#^k9z3+^^Lw7r`p9=MpI5+x8<0i6flO|G!fUVFRWG51)+}EQL|gER zOZXC7h`ce1w1uPH%yER_&Z(BXu{GCW zh@%xrpOK2=6rI&FWkU|aA5!ekDQTNb+^O<$dF>jY<-7j>07jRQq)BMo;oVG5q42k$ z!sU`gT>dJGmeRKFF>1ejsL({v!eO*|xLAfO2zGDxeT8CzE)aAD$MzZ8_*z89iRrtvDL65m#RFOuvDyLeR7XJV? z<^IVWnKeR(6KuLjBBPB^+(#M2QZ2k_SdsY$Gmk;g(FQS5>TS zx)hZwGj$<-m%zIis%5BBD>=whQ?-rh6*+5lAzPbp+lrz%nnZ-e>(-I!lov2U_i zV&y4uN5iCq7=tGjQ?YIcMDLKVu{61qs*{w@b$Fq8>%OUt8zy35RNp7 zG$TyQ;r4==W0#&a`rN^45}||RyNKhrhV~?%{{W*F#L>&kj9d84LbpWl$sTcAlx%9^7;^Y=DnzS=SX4vF zRYM7^T3IrYyE_s77syF9j7t<-a^n?$`}?i9=rQ?L<{dKBHp6&qHfsq|d%_D-ab#69 z7P&L|QLKejt2~PD&|%VKD4m)V;Vbf>lZ<|D7BcwpY$+<+RK0gp(_7aq?DHsyG%1O6 zkWNDHP4LirNuf6hMLH6?AYADQ1PBm1C_RKC!9o$`2!s*>0)n)lQWA=Yf{23PxjFAU z?ikn^iV8=IhewUkkH?IaelK-lVn%bnc z4Q&vp*&MMN@4b2(l>1=LP6@@UZD;lXYh3=eu{WO%?|LOP401Z!Q5>(c_zIwkCZ3923{1rg6)S7uWk9 zP97q$FaI7?^5bg#8Mou$A~o5Yqx}2y^tIie@P97#BA2qT@1$pvt*1s`!N?{k8_qq8 zf)sPVnf$Rjsgq2_IzxGdRk`y64>W$O`%m`Ln(!ro2z+Ovnh?IK|XL)`@aUH@( zpX<@s$*{9r$@A zYg76y&{RZ^$0n+S&VM`sF#LLv`$A~&#<$6hdutd%(R$&UD28h zu5zQwQeN~gDX4N)#@SFSC&^?1(3DgbbOU>n&xZ!>l-Ld z(zoVX-L6Z&7p07YT|?WW8Fp%37q3u10BJ>PEwlL1`$xs>ONhwnlXV3)iI14CL!;VR z9-A6V$%)yfcyDU>8-6ua7h<+=M5_%hhWDMa#dBLxoX~tj%>xzz-)oIT z6#NJ=xaIS9k8iV*G;8zRwrr_o_>tZZKmx)zz5bU{UMtGCV)n@d!>&V%IVuANedoJ; zDfG68COc1@e4RtqTW!Q6CbR)OUv6`0RAsByFf<-W$h}(-80ANH?Gci_5*UT0Y0WlY z&8B;PJv8XypNuNHwd)5QTF9+Puk4r|S~hzqjI_5b88Y#0{bLe8GyLs&RR>93*Go|q zgh;!cSA}!+le%kIg4C1V<34|@(yq0URuVILD@V-`9+cVH80;^)kGDUdOT*sAVv3J{ zCxBWn*27XwqC{Cn4=l2cXR+$L##%J}^7C8$0~1GxmRRc*wQOc`S-IuW&fFlEgIPzP zg^~T%+cHR=<#7}D+0tD@+)uU z$?v!+{l)>_X2vdsQhI^fd z0wSaJ8m7FIB+JQ{+68~e>{`~OrRK-s5;2vX8`5LGhp(1@=S;FxCl#2lLI-XSG!R=K71xR@aL$-;&Quf3Wrq_XvS`O)YnQ@$&$4D(Z#3I;>%Aef$D2 za&K%_zr|OqSu?4L{6EXa35@$P%+jg<%ssW3Xohr!Yx-0KtYlzS^q?cOV}2p^>@ zqomct(yI%+5&Ty|rB2IoD+_K^ebWP)$QKiFV~h|FN&(wlmbSS?QXxHD zF0bT>gBac%-0*!~{Ul4`W4gDlI{$NLQ`*h`l(wZeA-WOWxkUSB=$IdWcEzQ^bj9cE zNS%dAEW0u@O;*i_n|Ip^I1MRzm0QNMVNS3R$y5~tv=>0{-+gC^U+*@^t+T;QF=wRA znyg(-GW!qg3ww7{!%Xtqn#Dpt;q3-~U-&gULEZR6*YPY<#nHROm)JJ%${RgtL6BWP z-r*YCo{%6_h7=w?w`4fvbdbZ$CMNe4y0xgL3@lCWJ^IsO{{yoK+M+)T*@6K2mT&{( z3+zyA@P{}+zUKX9c6pXCP$hhR)&7I-BOLR5C~4BSEk(bA3B~mAdc48f6%5zxE#R+E z@M<&7SwP_`G;)X@nwSG>!uw=p0n?lG0*jGrug!W7od4QZoN3COZEiZ(9K72;M5ly?R(q4hgB=Mu?Z&k zXzPi74Uh~kPJgE++!&hmOY=pODMzio&Ld{5(yPo!(0egF$vGsWNZ}0saqP3)3l;Qh z_hqw1xOj2*FX4(JvL8Q`v>-s6wQPH2+Yk8lR-IzLRiQ3^rR?2sU(ZA6ACU0S1b?Si}9NhXrFMhs^diECA0jCzk6NI}I(9olfk^?nsmKGDAC z^D|(Z<#|JgzWTF=15J{}Y6-&B6%hJPWwf6tDKK9$&Vo8jr*~z>d_&~jKV?^vm3gu$ zTfIMx!WRbsq==fTmQM_ zy4&bAKkY>hfR(g>?5#Dz!wP@pZ8F=hrW!#Oux#V@x|S! zaCD{43ZEoe65a7}QDV=O@4GwW-ZdGo;Uy$;TRx}m4;`}S;>I4q1@{|~K5xp-^X{W0 z<29S<>_*s7g&_nPiJTJ^_JZ;SH1k7kcLGgTv^5dLXlBp=i@|$dU*%zSGo*H`h|A^pd*@K* z2PPMfTkbG=>~|)3dj*_%^!Pj^{->Cm`k%UYy0+6WCpF?9kJfRT^wsAv4^nEG9)F@mv-rzkbxv@MMMFYy_MuEN7nBnFZ z)27N&4-K(-SS=o_L5cR1#t$=%HvVE?0H3?BkM33L zbJhIrb*uhDbxV~oQ>zR7V-ICK063od3q8qUjUN8q^faYT z$bL3NJZP_3Y0O})a7zCrM@ws}ugcHP4d1*2ZB7jH>`*2`5*#+C<4&*d9a$~CqWngX zkVL3{7)%NngroZ2j{rLI^?@QNYEL!Ncd#F?C-7!58O#EK%jBmB|dr(dYh z{j*4F34AG{Gq)8b3e_ur2!SO}O=km&hU>c)pVwP12na_Qto-JIk=L^96q4#h;!jyi z7Np8!2hvxi4M$>KzN4{|U3{PNZ6rw0PpxkpgZqTjfY4ycK(4XNIQ3 zvRTT5nFo3=$r-k#N}J`|i6uW1URKlv4)0YhZGZHu(Vk0_HpytH*t|#TqG&SD{#BFp z=D%^eLE&!_7E`5JBf%Q&7Hnph{Hy6co5W4S5v%)43S;F5X*aJ<8_LT|h z9n)ja+~-QV{qJKQ0?+5%loj75q}g4M%eO;;fJ|woOaAXn)w#Sk9N5pUH&}!j;to&E zo$PL))jEoH){ldg+C?0sE{6j9mTq=Qzf@b77B7E+kfGJV|iKO)IbrjD7pHerOLHJQxoW+y77qahh^(&VQtClpXLA}qfaoAXGjB$*6d>f#?F?7=f zzhYq}Yqx45PeO2~EKJ%JoMFKy|j%Oo*78(ejG6eEoB0sVJMbhrh(T9B=? zgsp$AL3Jxv__$-``BF?|^=3)5ew4~GUsQP*!qGGh`uqy2m1L^qY0uU*MQMg~s8v|V z3Y(ltdBcFmI;!1P^?)Ul=InC%ng7Sx&py26Qy8w=MY ziIH<*uEYp~Jk^gZk!;ijCb-wcDyNqtKH6zT063zP)C?`V9(HYBYsy%I(f}Qo&0aBk zuE&4>Lmj)rh7D3MyITPdb21cAYWV?3+HaN^jpi0iwU1totFCy=L-e4Fz{hS<+gf=y zi)|Zbb6)g0Vo)ohM_Um&(Nb~4!P^N`y_D_ak4Hk;=4p_jY>6w&%+Fhiv3jF4J)6oy z2zygjU5WFKYJaJQ5Q!RfeG8jt>oOxms57z>;@MMtjV(1&lf#%ERVoc*`HT+T^sLXd zCMvGgIVYNubpQ!*VgF>i~Z z$Kb3EEw_+L8LatL_)gR#OUmtX%D7F!$C9C5yYn~NMvkW34KwyUVJ2@zlHt4RJQ122 ziU_mtoDUzz3nI6iOl^vti9JTKFoc4=vvk%5@A%ey;4ottWaH}+{7>rM^rVc$M8EVG z$RNK)2w%&k-+Z&XY3CRrW?NGb)AG+H?jX=2QHzc3IM^#)uc~#hu9?JinILRpKYq=1 z+1B{c+7=mR-DS81r5nLxW>w-qY*+o*qr)7Ob$@PJ=#3l+=;obj4_>+dcw)ft-F+6{ zKmGi*MI|aPEaBnmk7O+!7K*J zed-v`und+)TPDC`=B5Q!cR6llU;g)D=}wl|#-sM6o2!H<+^%4ts;ARjjK;@fCT?qR zK+P66Qef;xwnn^`2|FRwZx77aMLSY>+;3Fp1|y0wQG9N1`;u_uH9E`}*QWs~MG7gC z``AbQy$xs2SbRT@n*isa=q5LA2MGlNTow2Qd|}M*M2>BkkcoytOFPh%PI*YjgB4#- zseeaiq$CruMUcXrSC6Jx^mQ8ZxV+HvvQl-$zA!2$;cN|wA>0X0VFu27GBo|y0zL*G z%Q6`{ALrc9my1oDvPMcG7pOw5cG+*jb9Qe=jNkmDlYIoQTR4yqLo}-ytO!b{Z`5J8+UWUg38|h8Hj!wJf{XJ=xuqHlExo@ z#6>cIR+?J2Lt98t4|=diV%w2~-1vytsRSy9-f;p1?m+v$tfpPxM5RjG>W?>rwj_UWrIX|N>vg8HVnoDUAUM`m zXO}<~^p)ZbhS>~+gInF(`+*7zjzBt13HTaJt8<=;VZyJY$HZcxVcf0rILK(L~F3yAjDP2NAb zvA?em)kdC3;H`E`knWr8ynE|TT^I8awA+sz8p+-y%}9l2f`3)c)|oxYrBP`!9ux;K z`uAV}WhcT%F4UBrSdv?!@`1LazW)8?loJ~+?efn6ZvTh8nRy`?*8zI5wp#Gdm4wqG zN!ElSmZL+XBY)%0=K&rZ;p5--vYT_P9HiLZXJ|(M)nlfz5BtCiK9D?+Ws-?@QoA+M zMaiWE7t7EVcjXQ>F<~3vtoi0g+9I)=4D~EHNwcJ(s*L-;&yR3iJ$gWFgVan|gqNd5 zd&GRHKUM?e?^%Tt92mMEVpLO5P(8WG`H9`>h9;tUI4=24seUFe)taa(_fU9aeYr2KUf&mnJU&-!)c4Qk`_{F@d;8|W% ztk}!F3`cS+(xZOQS2FvbODYjGi{{4KSgxjH)9!q7j*HuzTor$klQ^>AK;?~AJnIv= ze-~cRT_VKUcFj5uG<#-R^7Ssh`rg8C$B1xN75N3H1l{)Pnh zSB2eG72aM#+hC&Q`YbE@r@icNl>)fg-lvl_*85Irwxb5N?WqRWiq0-}9Z@|{EQ(Db z@y2<`_RoX`E8*_j<;?E=X$yd6(ur_wnzgntQ8 z<0NgTH;EyUcmlo=zl2khqZxlbF8MKM*2gTjtRc8nytP?dk$r|o1SeYGkBzZ5-!}dJ zLFvM}f}0GhUkd3frptp*--ncRqGo|F=!$t#_x`y==b++`=ZmKYKs3_~>v1gWfD@|W zn$i(JZW5uxqZcdIpQqx`#xMkNd*YUT^}=Y3x?31R!LI^8pi+9y8w1(BtISfnbzn}L zuEg%^=S!aBUv zzKiGljpJ%#ia_Tsef?QQQ|V1CqHof;^~;}~kGU~7QN;HnhXhNxb$m8F$2ML*Wub+X z`+u2iHIxOUK*OLerxwm0mOmf6~S`4v1LWv;m@U1QcSf0LF z0lB_6S7#`xfS1^&hQ`h`ZTM<>qF^q=(rZR)(PzjSI#l|te69wk0s@#PLE&<5^73HCPE zyeLjk$t%s#ufdp48)u%Q&(Rxw!fJOdy0-7~kHvw$1rzw7!vB?f*B-%b|FMzbRy?x0 z(87JRQewOO!q}6el_0=X^aeA^0^9jWN=Dosr7&Ml5WTVBF?4G z`k0nW;BPW?p&OxaHcR2Q9d=_5Qf&lOJpkK2C&3xv6l!b54Ti%-X~DwwW&Uz1pF++Z6!EBuDRar7Tq~*CSN#=r%kAz=f3Ts>-o`pL5yEvieHY!&3K~vR0 zT5kO<4@z(w60N#pCDCu%XMP-7x-nT=PxG=*0-$s4vm_pg*vk6;J170Tr|{H@1em5S zv$Vrx?98h%fNR>{FC;2(f<&wJu#Tr_H0b8MUHpx)3+}&8%Z#%M3M&h!l@E*eT8?uv zhU$&Mab2@l!z>1Gurj=ivLjZzJfE3Ufc>v=1Xpz3OuP+6ra^K)yp`>{tgx|?KWDHr zwe9o7@bNRr72NPE_!ni3Xdeuz6&Vl|~gln~m1CtletT((CxanrttK z!K4&BT*-~g?VAho64v9V-e!Hci|o(WaWSUqmC#-#abouE8&$SK=J{I)P=`r0N#gkt z2*#U;k$26*DVUO+oQy4!A(Iuca)H0(T=c$!GSD{Xv#(I+gxi#Qz@IcA;Ptn;`xeIQ z&~Y=uKFmr(=_$)o`G`XS%J-u6!ht_neyScoG7}r-y;X@{trukT=W@mJ84;AwaF%Z%%@T=hASqdmsi{P5kv z{5q+O$gyRPVW`VVuF=}kg-vifF8fPs(=c(ze?nqY}(I_CJ?c(|zhkC8f-@Gh-u`gx; zeib8>HC2x3RxRacRJUGa}BGc-1ThK zm^FRGab+;toB!MT4@4*N-okGm3j0Zro$7J>_GI;9<^E0j+}y!RfwQuUO7K; zeHgR(MJ?pxOMDjV8s~Xb*@|$>nM!#FD~BB~#-y`e9Q9r*d_3)I`Qs3&>VweTAb0EJ0OdiQeW7 zw_JSI7=ru>*7Jw49g~h28GaSJ8ORke(r@kvSE#0miP7>E4>rkEsRh-Z-hDHSNS-!h z3p9EaK1f=K5z{ydLxy;(bJnb4hWrn-nZ5V4*-#C^bwLBoxey_XMNKU}z`pLu1JVdk z(9U_chj;7Fv~rAU&{sZonFfia=Gb4q?OvuF)bp#w z2|e<%?%C8Yey(*4l)fY<3h_{|{)SjXr?VKkYndG6zbTl^T%Q?Pfcw%^+W|#i*8fm!~WF%J}!QF8UZ(EPLTQ z>6T7GP3lD}=#eBcAs{qHB5A|eB9Jj7ZyU=_(<0JPZ_a&)+%Y1Ou)eP|&r;-h%|=sM ztk9MXZL(4K%Zj>9sZX;=68mW|hj6sz%FjJD9oMzIeWL}I*`pBlR2p23JUw)H_A)R>{w*RQz25F(K$^t#jy=#NQn1(#KC#A zKps8n#s(|+uqU@K{Rv5*e;-ezeaaFr44Q3-HRU=%E!KXFhcxrFko||yAQr4`%pYB$7)?)WxI?gQy6ArYzy~!4+xWpi^h40Z*S5%FBOi5FzR!@6t za%8+wmR$hx0c+XO-hmQ$R3}bRVxJMNH^WzKOC&PS*uTnJhbnE}%Q$Gbx3t=S&4$+@ z+|=@d@wgHrY@CRnk6##0s>+n&u~at!%YSnNkJdT=xrleF@~)0Hg3;r+hvOw zS1C|P7pIu$R`;cTfz)d=reC9oF7Mi{1iytsZUE#DXBro{#y;z+9u@lB{%|i?FD&3C zdS#>~0&1}x7XkPa19JZMxQd7I7>#G2IOKEeI`waln0q5Vf@MM-c_9yU5v59=(|2ze z_2+%BGdd50V(T^ za37YQd^2=2Q`vSr$NV^peOeX#C?T=?!8Q{T*x<-`TKMq*>U33&eWrGe$V=Imj}aI5W(6$Fi37p_b}bHMXvo=ed09 zCJpaq0>xCUiY4gFe+L&YWV;Vqu#H2&2mDlgdvKf)0e**X->kFmv>dGB@8`p^B= zA5I1a2({TlPW>Ps>hoi>^s}FSZV|-EVkLw1pBipWzuVHZr(gQ~;=@(8`tr8#wzqr+ z=}Hngk7ALW!6`SsSq!sODfC&^L<^@l*G#aGRIWy~dN=TwNpeiw3emJ5{f|NEhpRk0 zXlH#*;{v{~Cu%uwcn|j8_^I7caJ6G@b&wc6r;9=cHf|2THb7{CSL^|bX{r&X`)J3vadp#BS-Q0R4a&VQ zo{f)Uh$Z7vfhLTqKJ_90x%2>Xu#wL-6-9OJD{M{${R9PCIa&nB`;^vL?0qiEJ#wuF zrOnr$OG`Y>u;JC(ao)9W=#lyzFj=-4)A+gK72Hc z*s7{|ZLOHqY6t#%3(m;xBc(FO!VuT~xg=t?W@WhSCzr>gt}OJYl8FAGt>oE@R^9aM zdkO%4!S=yPjOa(!@M~xuEJlSq7#~~GT)}4wR3reyr+5o-eNK+W`(^7XH`K22=W#zG z(E28I?<$P@tKHxV#X?6yc1m~bpxqI2gG!sisn1l}&DWG}mY(5{rz%+A(<;Vw;+OUV zbP?wMibD)OlY8{kuZE1osJEv*{2Qn6$0MiiAa+WHdik2($MUqt$A1pakrnLO3g$O1 zG8qXlK6UhdosX1=8#SLDW) zD4up#pG@?nXe*C_O2+*e9VG``^bb9AB?Wc-8AFcxl`Eum{IQ3DO345INvp7J8cZMu z{QHx!+J)o*wF=v2DA~=n`QIV|Y66Tl{-+YPiqvC{b7zJBDF6fcD`fp|fznexWd=#C zjX@IA{a=z8(|;N76N&M*Z)!& zSsH3}cIw5DEq`wupQmPuFhoYcPe32gQ6{}&{zyyluFXP3qpc;wmw5Ng=b;k z{3BJ+3YkxN?3b(#<%{Oq7Bh1zdjBS2Pg!+RL`p^LFJ?P>M+-czx7w5(HRk9xRz^WJ zyZUkMlp)gz@sv*0X@wo#Sc>C9G%tuZTU_2Ig-tlomgI#rtpoxKDq=oifG>av9{IdB zRX^dc#-6PChEFcF)-u4mJak@Yrw6D{-GHx))O$?HlAsi`Rzpn1F1U4r-_taDxFZa% zHVs}536#wHA|LAEK)gl%!QCSu5Xy7QsdwBx=eF4`E~38&AnM2+yk^EXms3wnSrsyG zLU~OF%Rkj=jmuP+V%Ciq$~Gmf*WZ`Fm^W};bi~i@*CxsAvjvg^{rWs&MM`|8bDW7Bh{7>U3r zy%>2g&lQG6>DDpr6RB+YP%38V+u?G(#dQY5?E(#24d=)h49+r{KyS24ocZRDj^Hdw zUFdw9f}jh-`5XzJj>3w?DD9w^-@ZA1RK47pR@6KInuh@#R!#+gZpbWqKQ%zX#Xz$c zL;gzn;}Uf%xDdOhi#~f^acUMY@9)l|MFu}%p_$6GT6rKQqntjNf+XqF={!^B1rV26 z;dox-#4tFyZQd7`e1OxIj$DD~88@Bqxd82-Cj63%2Z;^&^C4;y5Wxu+_c#8z^sLF- zmZbKFmU%$bd+=uwwCWF3K;Uvl$mwN!H{roj|6G#2n*BuO)$lybmw1<_c37wc3)KKi zO*eiH1n|%bGfxYVtZ5hZS9lQ}W=m}+zgquNUG}t4is_51_-0F6OHrGjk z*w0n2o-BDtIFkoU&*^OlTeM}Sepp8OWZ~nVuBDHY(an1X8ep+l?l4E2B%wO+gXYV- z;G|yrG9xOWDYh&R>VJ`d^DO%R!W|gI5n3hr)CtrvshP6UB47}x5Yw_Q4 zJ)GN-oVy0dX8I2^<+$Ub$&l)Y5xo$*7&1W$i9U z>`3?+sa3d5ko#>pm2figigc>rWvd$bpHKfb@K6WwF2DwG_+2E5hYDVf#BL4o9Ob01 zM%^^!ZFG?eau)8hn13*)(>tg| zb%Hj~C)yA{0PcMdjj}!+g~Yrs%v}}hdU;XLG;iE75He$;Ug*MYgSGUhqz8(~orX2t z>M{N~L#PYu$H6-v4t;sU{BFmdI^g1W^(33;;*cxEEz_pk-2MPj@(!6%(J56UXn8(# z|GZoxsG%_Ws15=tckxPSIOa9$b5RO7hO``Tom^k~ev-ipHP01wk|OFW%`L-?F#RZt zcSw*fXV;=6$%fM?pU7c0NjKpwILWzc1HqU8# zyzuF;N8VmxT_uW-WrN8M`i!ID7YPr`YG&W;_DvIh+fnOnSYkU z8C+hg8F6BrExxOaBuU09`m1XHS!~`V^_L@3#{X@iu!Y_0=R0~`+HXd3>G;+8i=wFt zD%^xUFEGb?@O$@JSZ%MTOk>CNoU=j%S8M)GnCDV2KHVE{=5m2GkOKLQXAYD%E7Ud6ws_?IFsjS4NG(bt=F4B#2?P!lhW9l5c zZMz6@`)g<)Ul8qCh>If4$FAeZu$b9l6{soiVh^r3D%i@tX4Z?4&^B!b%kc^xEd&;yY(?Zcj4`HT`45r97 zVWeBhVPOr6qLM_Yei5-MD@j5;a$ljE@Bo7m6qk8j-D7+j z@#<*!cWxyMU@q;3QK0Uaj`c%nGvz2Zq~*S>$RyW5@5#3D{b^Y`puc9V_`YJO5hRBfjUT=?T?s7-*GKVpY&6(vJt_lE z9v6{wX1(SO?cEfXCx3Vrg}$KPL0I)^B)^`^s&KNbm^32mJ^=SHFzjkWI|^x(WTV5Y zngBC1H6DxaH@$3@iXd9br7 zXVnTY2@v}^dZ3MHS%pT%zq4VEIz`;PuhWW%f>f2rS8{(2#PN3QYs34TSL;HRIeyi5 zoLNe^`~-Y!U=prBgRnS8x9b^sf{-*E0~)cMJ#jSS*IrLi8kB_o{IPGLIhp@is>w{M z*}1|=r`1X9k$YZ&D!ZE?tT~>2*Vx6?=e2g!OW?KN0nn7~=7(YFRk8f5jN{7dg5SB3j5*2{) zdZJx|56wb4qlmtJZ!ZSw?(0?vU6jru;hG9(`tam{C_wTvExCr*%_D6;-!q0C8P@JV zJ$^TZGcDSY-_JDtP|2E^1vl1J$Cd2LTjw~-vSd-+{`(Rs$K9j}D!cguXa;e4hoFW9 z=vpI7$R69B4U)ZuC~kj+v?b@qMD*Lz{I2D!adb!v5~$EMAUuC>4-N?``K8U#;3FBl zk|v??YJ9b3#Ezzc%=dZSys0I%FTZ-XtnZ5Md@QR3uewAPN6`?O5Xrz&xAp0PG1$&8 zs;m)r_MCWd=Ccx*mQZF33Y0auUOHQjp!@`}p$hkxus~3e`FD2mUMNK#!R;*9iJ^Sz z0yEQ@D@}!D@bx@+4<(Z-FAycw^`ZVl&`8G9+@nV$aAg+i1JpO zml=1@4Na3s>o94u^-l&q@G~^7Y>>&!Sf|t&9CP<-uS?k}t7@4L5R=Ea5=38t173}p z8L(Y0lN#Q`1t_|>+DO#0TQolmD_OM%Q(_bL-BN8k#>c;0gJ<;0< zOub~J2^NZx3C}hr1UMHy@AR_Tj7*PoXKfIC5+%eSU^kF6_w^vtgOgC1s%yHkmY*;R6!0d$tvdQ3&-*iM` z`0$+tU<^vZ#xg(XmzQ7}^6Qa@C_+xHX&k0j#q;I+W23c^er-(N>)u7kxNeW3@Ro3T z5t7qL*!k0(*RPu&z_l6F$RND!Bk4v<+gDPRy``QRntVI~CL7fmu^}|cIDg^KoP|!x zzl7NkKfxPx8Q-=}=w5oA)ir$gzP#r%zAulL zscYkV+$43S&s7>YvvXh@LbLZ}0N9VFI7%)O;vvX&AabqK=ERtj`B!WkTt_s5D>q%r ze*>^vLF=EtyY*IaP|G4zzmOiNMpzM*t$7w`UT=@M80n}}mei-4bv}|I>wl)>|CrmP zZ~&Dg*_)|wZ`Bqi=~LB+1n^5!D&Z@LyCPP;^8LP1Jjis4Ny_KVX3^*fc3bA*oq7L7 zW#or8w!or^2WVC^Cra~f$^G1;g)3%~Swqr=cj~oGlwN1@%?gEOF#L^?#!hcUPW|J_ zn>3!g5`b9i#XZ&K74@^tRAV%F$uF8CJX>yqfr*x2TFiv*C}m8}TR65G9erozk7%?d z8Z0e*40f0bU0Q0Fak-x4Cp)qk8EoZT)LFmNf@IO{*?df>)|AZs{i(iu^W7odE ztOcYO*79Qo^OHJvWWMz^L0PskzQ!=jH?;$`g1l&sUTTOZf=3@DdC)lhE}dr&X4Yy? z!Gk3J@Zcre)%*+L8r~c3T9aMpYDP=R*?*I@Ik4uwsmnk~KOuk7-yF4j5w^3u@847N zd40We;ETkX^cn-`P9q$H@Y-+y*wkG<#jC!b>0x8dETIultQbEJlBdCmaeqYUR56;R zOiUz0xy+BfldfGl!2Kcj%xA7y+>LBpN-Wx!Y_y+!@@JCj?3s*cVdLtuV{Hv{ZHw)N zlFAzc>x0tgoz9gJx(ZS`^{#{L_|VPF6~j6%e7mt;liPurtSX*y=T#g-Y{ar>nCI5P zJjc0;dE83JwPboA3n0;v=beekqd>0!TJPXRgD@!4y_aF*F$zk5%D0Fb~zJg?zlX;m8bBytq%bcpe{OXQgn)lb8P z_Ye3?Wn-zPr2B>4?;U>Fe~N2M z${ws*Ccu~Dxy_(pMruc$TC{i9N}jeb~8p+Xjh2m=JqhCtfRn@QS;rai{`eny2R_cF6p zIW?MD1G&^%rna<%Ta)asHe%Iewfv5MrNXviT5>9(Xp_qC9L()uObL*LE-anmo zBbslpWRKPzcHDS%^}X`LIbHg2&Esu4jM% zlj8bJ8`$8vGrI84B|orxiz+%WxS~astEdem_4(%bfk7!(|Gm&Pq0UU{NKJ(>H4|jB z&|ysCd)hJ40yve8Cn#^I=x6%7O7MN4M-7Wdg?QxfS$mUyX|A1k5%T zP$bUcH8<;p4zub!dW$sa2vY7%^t@EXHK{>X)+gDCfT@ZeBlpD!hfI=I!#9fr-Ycmm zu=Q)A1T{lwkinX6HA1s`EFhAwt!W=pQPSJ!(Djq*VB!KYb1wSHI`F1|0tRx?xSYu5 z)4oD#`4F=52H5z3A<|S)0mt?jQF{3O$D07lD-re5C@HebhVF6Dlc}|#59N~6dN>7T zmQ6a3Suy57vU(N_ux>I0IiMkd_Xurc&l)>p4Yz=F8G9;t zLoFAdiRpdZAiT2{Be&N#)kSia8w-?*RAtRMl0(&4yN0F7F}%8SD`ve-^mwOIB~X>- zQ8qQk*|DYMB$=w(*NccYsA6rdR@`ka14&zhIX~q)qdODm0eq2_%TfghVRzS2Kg(LC z(bWqcKl?;Qk0vh{+7RV{=ZZOwdkdn;PbKS>?nZs6jCZr7M>E0~a69YXr+^u-9HyHS zGWn~Wv$tWjqH*des;Z{G*=h5^|K;i}!`cd)ZeeOr+}(;h#a)UMJi)EFLvSflTAa|J z!L0;$cPs7`FHX^-L5f?yJn!?p=eo|>zxI#h$354~?0aU`tmR1;slUco60R$5BdaDk z%tR4eP_xGoBu)u=SEkKd#l9TZcCemq6OU$mcYqUMaHd(qp1?bQT?~V21uX2{`z}~@7ET!GXB>I zzLX)g!juuR(`*JgsJ;DXUU^xDE^WEQq}O_Y(UAQ@#%M-g&$y`YnAS-Ep^TMNGpzz< zv#c7u;0a^T&OLy2Csc_pDRnMfh|bqgQIuvZj{3Gw$Ek`7nY7ZDK=4pX)^dkGxvLfxEg|FKH1 zK>4+Oc$`9D6--H}INdv&GIwTJY?rh}k)u!!%~9y5lj5Cm4lQGnp=NAvQSrS6o=Hy@ z^U|3bFqwGl!)IrQ0pWb6DZQJ?cn=7colTU3Tn2x_!Cfggd$)PbDnPfIX-US?OJ+~Hig zot9XAWG#hypbp|W9!E@Y?HzJ8#Qs&rjf4myL=r(;!(cW9=Mjg3dR|v zd`NFBN>~v9Q)+Ft2u!YmUq`n=d+EU2_U7O|hviIi!h61dC_Cf1OXs}x!-sxHN z{jC9bUVlH4rai4Hsq9`zrB5vC%MU#DGkA+%G8T0=<);*7#o>3w5z}W2GJXF`5Df&X zZj=%`d*0YfrHBID?$RsRh3cxZgWY0?Vl~c1wQ;{g0VQRI6=1p`Z2^Dm^a=#%(}CG) ze)fm;IfBND>upM1t*5k)wSD_6nVtQ9@(!!{c~%Ug;aI#E^8+}#B|(vpv1pV%@h6y%_TSz-xsmKvt9jX0dnFSwP_& zn3w=8j2-^E7%K5Lq4=u@RsZv3pu^5>f)kzGR`sH%onOO6w{e_?nSTP4L}p3D_{SN= zpQM)fzjkl%oa5&RElz@)3d>4;==-%D-rV{ZF!rVT&F%eEg~$J@`?z^IHBocVX1*ZE zP-$=pb6Vje)M{MLODq$d`g-KL4$4npH|$H7p*ZBL%8}}EXOn_a3tD$ZF;QD*9}1(J zm2SK3XSSX-B*bU~NE2==uol6b)h7%_sL`56|2g>9ir( ze@)wf_6Snr%W{*+7I%0568H0)rYFm1umun$l1s4O8znCREX%*yzFRopQ08FUIbkf0 zEfi$xEr>HP@#Jt2zoHwYXp_Y317##x*thk=rK;k(L7afZ{Y%CO(Ik+X=*a>TLuC#& zGkq1rQiWL~o3TNV=e=AMN3lZvl+}#&JbDTFB^09g-u>KtXtiLzA#M$I3tMA>mX`0j zM(@|yjxDtg;tzTRy|0LxRPG_4wmg@MxDY96>=WZ+=EY^~Kp7R6_34^Yrw8Oj;T=n7 zzwB2RwFo-tCzUj!UunARN93pjigW^P0+86kr+x$72N;-^P>3Op-riKl%a@uM+KmI{ zrqg=Bu+xj5-y@KB%fN}QW`ftAje=%v=45>h^B0gtni^h-_qZYxZqc3n%P{3FKW@ju zMx+NB4NLPnUSOis)mASEGbq=0uN&fSW-N>iT2@8U0iTziHNr9)f009!Czxf~7n!G0 zLfD~^7PGTX6sxw(`(9}gbrjI(l1%0j4@U=*gHlZ(WA?tf#z+!!(}HI3y-I@GuoPTP zru?_jm9LZH1n4AwXKrM*`1TJsf)Fci6q;XTyIoZ9%|tId<6T<0zBS7r&HMr506X3+;opU;#>JfliI}v4N!j9Cb=n|o-m;>}sJbRri(5Cy zbvsEiow2me_!8sl{4}=En?$K`vJwQmta5rhD)jKqdCvK4a{4yVgGIR|5Ne7WRbIFn zN2z&DN9;w+@H@hEXj7}aYKHxzYE>K|M>G49%JVriKiVHRPLD+vr=lduHutKEQXTZX zEA?Unl>3G>iHR{F#!zh{e1J|p+TDTh$Kyu}cl4Yl(L_-+_Os#>W(3Ku;3(|(`i1vC zf7bNmQ-ZDNC{R+T;zl09v$0LQG31-1)z)W80F6q6K_p7M&C7_KT=)c1-%pXM~p&M~JffVLT&sSiP;_Hr!u@ zMCH!sO6k?)G;|D}CPhk;*>WXmH;%CV9aZqHhqJ+;sZ5ETqC)~VHq5>kZQnnn!I&kJ#`b}}hYh&DS&iWP_^^@Pu< zGD3bqD?9E?)XJ$!E*JZ0vNB6rD%3+61LB8EH9b^*?aiwl!2(jYU=M^~V_BlP5_RnO zXm1vIdH(P9-q^t(?j}888vE?o3x2Ff^2m1@b$RJ&Q8Hgg+UJn0yc*GS`uwoaHW=v3 z|9eQ47?UWYq;Ke>_s?^E($}P~X~V{72GGQ)iPq4y&nQh|DWi$QObV*&2@ zkxjn=m0rut+G~$^v(Gy_c^;CV#0jvrV^sa^k!v-g!?=oDdRv{0wm!&sJj^w%z>4wH zOJf`Rnb-6&lD0T#m%4HY$ljtNAk%OxJ1)B)DTue1H!gd)GpA^P9B{t!5K*;ZOef>Z zqw*zoGgXf{8<#JMB}3#0x*KZ;Cqk50;+)c44|;+IIGzf5<~!b~6WVx>rbs9IHPZ!t z3pZun#at0Egq4PFQQCk$T6^6fv2i)7`2+p<)x(=*>7D{l@||x5{imXX5Ac32*zVK5 z*E&eqWti70HCvT}$F)?S5PD>;v0qD^#Vt{tKB8Mjx2EYb>&NP|xXU6rBJ|>XLpf%9 zFv^Cbm?&4TOZw|@<}z_Y6q76(&imU4z*@vz2Ulsn=Xm|WuO3xZFzyY#K5O$W33!T%M1E76%+MFqxWxUW?j1wO4NhOvy$42Q7(u~%>gzmt1^1p`ohhkn?<^`gESKs(;g1OHI zqGxN{?_w!@J$k!4oKEep+foB$=14KkQ~&OesP-dB1=B2V`{o_}|S zMK63}o#)hf2=OHf8VI(}gsmUwHQ-WD)mw~LmnXd4=NTT4{w49_x#z(GHK769Ky?2lphBv zuDrPm=Gicq`t_72^BRt!o;4K(rF(ykv^nFT{In(Qcy|6+&*ab3%L1v~mM6Nb*X$I# zrm@CIj7*|bKHfN#!8)mHSlfc10ihb^nZQq0`4Y6kc14s)M@Y~QRmHKnWMxYb1Y*Jo zM5Ef1aV=}T8H{!46XuJed%QS!(bK|OzWoILuNm0MQZICVh|l?2CW5*9$7a|KSHVgY zt!h$9%w>|p{T%L8orN@XnJo%RIQDx_C#XVw8?X$ME%#`T4uu1fQI3QXO=C(SrU9Bv z0!xBmOTFRZA>{#9j=Sj6w2yE&R$=AELo{0gfMKlf%_*pRSsQl&8+|)h7@%`$?c;$b zS|@+$NaoUo{1g)=ms)n7#wLlY;WS=h>-e?QG2Cg8(|0yG+{e_S`hNepnR~+bM-|_^ zDjCfG651YbaW)wG+vb`iJ!KJ0i+!&(XkVZ)^L5fimJVY-^gc&yWTSCAZ{uThw|*ojL6sFawW=#?cO zJz!XL^+>8(deCR%s7+F1a@i7Hju3KMV%)CGh%uJLPO|Q2YLr{HQY|5(EXMq_dG8~a zDSyY^T0Z1U;2noR18@RAn+Ogg<_Q(p4JTY8XDbC&@VPGH7N2C=HB0iB-Zn8VHWf(C zQ1{QF(?wfcG+P*tp3;A8kY1e5#9gdh(kuaesl3sw=nIBK&^;#eNbOQD=C??~=`4Hc z6vqg-bvTerZ5CJLULdr+IgsAdE+H`5n$Z`)@K+oHwYAK^YJ=pL(|1J*r)3cIP^}@A zt4eZ~n8X@}J2Rr{4qZ+3J&*FtX07rj}{Zzpn#*pqwrjqeJNZ&;@)T-M|xmM(Ocs@V~} zl;QJVOm#>r=6RE4hB(G?TN?DUDPCZ#PrqQDEKtATz+!^Ew6f$jVW{sNQhX=MwpJZf zzG^#B+j5Hls9KEcos9)2DYTj$llht`Yf`Q-E$b*R@K-Ob+M)e~BIpIo3)9oAx!1qcCj%GTsnhYq}NlhelPT8`a}=9_2CFo^b7B2EyU zu8QoFEDgX2e_@Eo1&04aA;vh}Y5CDU7i<~ZjF}!bz9r_%MkPe-tQ%nU03aCac?wb_ zm%LZb5=r2MKdlSJO{1@Qa}`tgm?{dh6E{*dC8Yy&4wr`^s4IiowY{Ky~qp9)NeWfr+dIaSIEE(ulN z1LQ(FseR)cDQ9#>6MD;}@@$gdb~eQ=4&68)sUzM^L<^BMc_jN7s&ksh9Zr2DgCmtx z391If*5F`3vY`_(el5KzI-xGB%1^KRZ|`qQ^n;lOU#;i2qkVvDm%t$T_F%sBN&)b| zm`TMkX+t(=hd5|Jyp_B4Rduh|LmhtMoP*AZ$gxR*O}I%B8($fu%#V)3qMFnaE(nAn zKw<(HLPA9Y*}pqu8YXkF^(_ZtH|LNPBzm-%@rRopBZL2A4CDpEl*2Y?GzBoW&vVCQ zt+_|^_wQCKdm|@AiZPLrPF3U31+YF+FeZk#>%`Y=bwz85|KB7@w}$a~9ovya1Lw24 znr*dEn9~FFolc6-qQ8wcX`xZXJ|{?Ug$SrzTGKz;bMWBEZ?dm#0WEgX;*vd^O~m^fFMj^)P~ zj9SZ>Llp|YS(EGZdlmEi+)i#>jf7JzlrdyUk~8=#Zz_{p^I{>TBx6Ij=<8sxV4QNx zMw6wve2)rsX`s*d$;Su>jimwZXu(dWBQPr|eI)iU`$X%wD8J zAPeH|ExIWAtO0GLI;Cf%PwXZ4jySGrjj!sc19xbWs6=2hF;|=Wk{Z+9vPcr55{a`> z*%$xJsoDV*!x*x0&}RA-Lz&)3SRfmo!sSs`OHUrtw4)0g+tFhfg@`ADXtDk?F88@) zkAf5sSs9NpS6H*nsecPTPqg$DA8z!lPQpkwrHcwsvB>CECA@2vt(|~KdeeI{L0$3` zC=^I^c;!7U)e7cuAlX$shZ~S_2$zmytBI16Y4M>{KjnIu88TetkITIos-r9GN`-he zQ-=98Jd=%d9zvP*+C386Y(Q;g7B;#*yV5Os0hT^zb~WPRv=+d1Kh|ar5jg~Lb%#y% z6LcCt>&MCHy548Mo9tzw6gkH$MEeE6ez^61R@B=wD$hkgNaoUW9x!e@h)&9GhtW)Z zPy~D+29yGrU`R!b?Uw7sgeIW;>W^QA3QP|b0XZ0rQ-24uxi>-MyrP^TRW{oytG!qn za8$!)n#YRPD2*z=#nl3n#Zi^MZIvubIR2JMi#V-k&zX0g$=r3{A$b~nNjMir04JnY0tb{X&D)gftB*6yS334=;h zk+fJ_7$$IL9nz8{T zN9`xuo_;-W!YZ?rQF*^2Tmq+97VguesvJfx>g#YH*ZB4U8DMq~3dhu|pV)j@Zg5NT z5ggYNu&x7x7z;umXEnq1kYk&Ga!xluPC<-chx+RTKO$dRz3he!6&=gC^jU~{9(8t> zzh^u=SL;zRyGv=Cr>O6IUOoP^AYWYnuJ0U|>dw+@Na4e~RrWIV(Le$puDM;iIJRfv zYVT2h)`NDepQKY^9Mu^85=3C+SjiC5L`kEDF8~B|9id?i5JE9<7W>ye#YvE*lBLKB z?SYs*hPX!mT-mU5#*u=Attrx%L9GTy*g)g79lBA6gd)Xs3a^ZJe?Bn{(A%$CgbCJk z7z1i08FbOVE3!o@*(KGE_Qluwlx7olR6^%DhX-o0Tni%^8rdpplkvOO*zG*&+hA7! zK7+)!cJtd5b7~dR!0S9(fBb(a$eW!#qG#>#|Jdn4v40non100F-{Lj%?Fq?~5_5T} zzNTC=O#XeD!siyB&FV~vA@J=Zd~^^|-2b6VrT8LWSAnTNr&_0VJpBR5H}`phJZwSQ z=i8GsM?1{!;JVl|!W=fzhL!iVT|gPhRHj%9cXT$@@+u`roczP0S;q7$+>!=^`H&l; zk}6x7KQqd_hnh{F6ts{TZo73d7*`W)Vboj#gu_ZpyTXa|h!UK`wQm^b{RV2*hJD^! ziIGq3WzA+=yq$=rX|rRf5oN>Ew=meZ6~u;-WWeO?$4^0L$0lbAE6k1bYSg@g(qFKcIQ zjH7l>wJy09JR`N9ML8_JYefmPa>veN!9N1&P4HX)jCIJhtFu<1>`+Eo}zEYMOtP^q==0 z4Y5>XYl`~7q^v}7C<73UnVvPkAN29KkEaQ4*yolZZ(N41jwyi&#IibP_qvd#h;GLn$~uYvEG!&O3sE~Qxh>uJ z?JNiiVsP`1mcaV)v2&FF^6|5YQV6K|$1=P9^VbR}VIC^{Zu64_deK%s(Se+Vtrve@ z+PI?)u<%y2nA2bYiP6i;SE&tv=q)vG>#SiE)JNRP;erj&j=BG#co%INwzSi{o#l(K z>t7+3x`=7r`6{Nu>~^N#Hk~x$j`~d%*_XmETvdV-vUX)ylPd7qbaa>lr_Df220OBB zq6z70QO>ra`5z7R@&sS=BcyS2u+2dchPyZ4E~HE;PvxfaaL!nUeSF1J^6jm(W=t@=l3PH*lIruY?#EQlIVkF=`06z z`0_k?J%xWZV-m2yCHvV&{rBu%IHPFT zRH|k18ZaP&X;nUhXuQttUQK=Bn-AQrNVW8Lk5boD)2B;}s4`%C zL93_m8zkVxW9z83sn6Ku?Ut9PtsL=W{GL2P)2Htvu!87MteW8!`}~*Nfi1Q#Fu?p6 z#dcpCrt7WoOP?^4UwguI1UIvBEXl|Bin`C{72FQcq#gtDnBl}mu=w3MT_i_=e6y_e zRJFPqeXdZMOCJ5xGV!KiUI6Tz0|rgUla;OIV%sU!s7p`v%fcJ@rK!N+(i@#ZQvh)^ z)G!<&As|`w8Du!ECPvVEFZF&gi-*vsa&myJU9S#CBO*LSCy9^#p)lzxctFne!*ADj z(5v6r^iL&hA+yDUFV%cW$^fS*p5N|617>eWghao)$AEV~Bk${{*%7sD8$#|=MV^kp zc%cc()eqy9NR1MGQF|M?_n1&BOPc$8Hj*va%f}eE*38)d-^V}$EvC{tYeb_EF?_39 zs}x3d57b`8F}Id7b`u?XS@3uv7ro$J%o3W|q3Gv*I9}5z9j8PuS*v9U9GSz7OTy_* zRrHo5$%e=>)B6HcZ0+1Sxqf#Q#qu&fA=rV{7&MqS;{Np*T@mL2k>ZGU=r<>4x&Vx$ za~U-NJS_lRz-D{T8!O<_k~^(D-j@AHI=4;+|9nc!mNH5w8xnI&FhAY6j4g>(jweii)vRMBqR3kmVh7~r+xB8N2Vk()SPcK zi;;V@gbT_t*87R?lqEWbt0}{0=>$G0;}s#K;@VaxIsZr)D!|$@&YH0?gYNs??}@Pr zTROQ_R`Mi7ag0QYH1aZpLmpv7l~LvX4M?dhQx((xlZT)&$hi%P4G9vY31TBe?goN( zZwH&@MznD(rgvBq5!CR&rn7{Oeh#)O4o>+dP=YsM^T{s~pe_GK_=GezAS}MsRbeot z)deGscmV6u8|n*~g%g`DsX$q{ma7UZrevVq@BQM*{!|+#PhHHr^4sihy()}7MbPk$cqfdZj0G72AjtqXoKHOeF8IYT(ozR z^UxDES$^lz!Wg2)xTPHP4+V9VKRq01dU03csbx6zCx#VChs9mwsu(`|SIY8x5^GYl z=!9qyGElOy_DwPK{`+`wM_6-53hZTVXL(M3n$XTDvJ!s&IyF06ihR7ei){Eyv(*mm zwE0qzs58}S_t4=Q26qf@}dmbIYrOs5o4m_ zwa&P)e<;j_g)`Dhh4W5n(w-bG;fpBnn)eqK{rv!yV6mRS7hgZC;|+g&yk?u zS=i1e+Q+oS0DtzpBHY+V^0KMh>zz=hBCD1q`w7*zEbBH2L6mE1+lb7tKZ6^E^1}6w zoB^s-!c>%4I}5;vSkdMLSx3>(r@aUDJ?RT0Ky%Kl)#oB9wR;r`9`KZsK~5 zXQN6X*rl$21s%kM4zd%68pZ72>#7NVP192^Er1O$__^+dfg1!TD5e9}84$5at7Ow1 zJ5hrA{ln5DVJm8w z;GmX4nzn1vZn8G4t&2~q%wsFbfC+1B<(f63ba$4ZOZQMNHyGGG}SlcTz|6^ z*iJorVHm;-iG|DFlbhySey%uw@PT9c>*3V#Z{efS3l)jG50_u_Er$uBB`svSP#Xs% zLJw6OQ%F?$oM)NC_e2fAzpzJt);qyT60!o7R=b*-+-Xq*GwhUP3!S({UMwYCEh{y{<^%xU!+OpCs-XW{ZLi^Tqu<)k!0_$(^#LCpK0#<^+bb$ z3u`?&$B#e8<9K-haVAUgb-xMC%<_o7rrf;41N#~MOs#i>%vlDgJ1efJNS$-`8(#5c z=e%OW>y*~R3^1J`NNh~~zV0U?TT-nmL*K-8P7kxcKrTrPrFUcBM7RmzQ5Pb{0iT9r&GCxlOogFpDJ-cX{( z!0s?Y67hXUk36(MvYf-2;9y5}L(v9zp~s(Z1Z`y6cSLc$-1>|iG@zpx!*Om$xS!g4 zAw?_>N*r<-0mNQaq(=;NlCjIPmifUizaE>yH;oo3N3keVr*|iQxUS=8Fh7rpwg=*3 zNyYJ3>#CLo6Z+D&RHf*@-8OH}@?`<>Bn%8}R%t8d#{b%<&)`Iu2-=U3&F2s(+zlQzAdCrT?N_k_l&Ong{||N3^U!pMZbPq&h~ zYeHA3II}4u`Wc}J=*i+^NrV?PJPA&XbGSy3g z@Ji`dXR+&MpKeLRj*ei$u|xgJsjxo;{$DrzJnFfYWW=p&Y78AuB;5I;?iyl#eryc! z^kr6Fs}z#~&AoDGRQKJD$Zh4}IvS5j7`PE&m6_HhwcuAh9=fhwBwAA-Z9`kO7wck zCjEKCRosp^vq%=USMNB@{#HyD_zz`b_gl3(7ZWSpCGi}BOOvW!p&vOOijS+}VU!~E zGF_j{CHQ-?BVI2_#A1C9_)%6kERgfp*TVQ#Rr4PTC*7Yz3gKq@Y})#FTDo5w?6a_W zg}nvByOeluUP?uNy~F-=a)%|A^lqM#XC}dZ;O`Y@RDj{8@eB@S5TSIHm~Jw#=eLI4 zhy+r~MW;QQf(xXpE3KiQn;L?`!CYEudeW?)5vWPxsSYV9N1bp&qM1mtOGIqnwmdNB z;I2>Ho8R1-i(@Mk`*X3?$=@h3_=pzuGxy9)+{+t_?cGF5u~+$jGUf!K?#Blz;yr%+ zzE8=lroM_j9UmZu#9Ac5&P_aNUFY=1)}ovDeBTJF4XFT3OjN9`9M}??trUf53b#E4 z-SWQ0NS+)~kN^1!Go0sh?BAea`#U#mlRUVS6d_}mS;G7Tsk&n~c93q;y13m2Q{`ivvrx-+z3O6pTkx8^i& z`_oeQ_aAfZ4kKMPIpoFd(QQS=w1>l#cSStTP9Mlr-+FHsQM}5zvhlUmD|tnE-kVXq z9JRPPLnMEe+@1Hpl8>A&2AfcZieBSJFcso|GkF5W#msG=vpXo&GML_dN6`O60grG@ zqz$GLl$Fyq=_iVU)xNnfBT2BVWXJ#ft_<+J(r!Q7R7&pGkH5pB<zM>C}}v`B?|Y?0FpHGp`{lAr73swOrzz0GjjOvZkt?s0J%5pO(a| zQA<_}@$~gO_#MpwjZZ3N`I~}(p_-4r<;I+18vKZtae~u{ZdtgwO9DyH2xD3as#W9g z2xWrmp_=n<6hGD-hZcrf@5)?rhO^D-SR`z2I+zBn(o2C1wB$FT9d%_j2DJ0v_7K=18yubv9)vBL~lRbtG zu?M|t`;!ZKjCNxY!uqH^Xg<=ZI5E$!KCiy_8H`ER*V+EuB&*}RrEUC!v%SY4q{+aY zL*744k%avF#}xs0L#qIbBH!a(Gy_$ka7t~?Ue<2a?VU^zL^!`<} z@0)lMS;d_zt7sh3H>CAKpVPcQkDb>obA|?>rBIVeKl(i9g1y3i)wgw`{uQ+-Yz_UT zF!o~kmCqG;parI{SpT&4K6OdUD-*S#PgcX~75Q2%$%-w?>5pbeQ?yKZXiK?>rE%vF ziXY~EI!}JwT6q4&gGWlnKNM5JpLAh~{(FHU!u2-W-F5#^dU*n`=Zm9q`BRs41;D4G z%@)5;M$VN5KK5DS`K^YobmP8iZnVQJuel?(!{owW1LLHxnAXn`_9&kczyA0Lb=^x_ zf4Kn$YHu8F&D>>?Z|7Fo^?f_Sul16-|BB9;C96ZZuN+V{d!Kmb}nPe zyNlCz#i9zYEiaURPZ4u52+9B0&^|b{jNJCam^@GkzT*%sWP4n*@ng44{p}~cgSq~D zp_vb`n2n~uqch5Pl)Xl~MyfkM^6tjfHjaBZk=%@M@S2i&V20tKCg6cay6vc>$T`$+ zech^2knv87gp$@*kmd=E7MrLwPVVPf^53x z#j>Q8SXr*E57sY`L$210H)C}38+Ad0sf?nbvYQVl8OuTuzy4F*5auToR)giKN4M!i zk=(2S;u^2!R`2LFX0m@+hZ<*QITKUAM{J|~eekKj{rRL5IQz-Rd99F-oEDB_UBo9$ zK(+Fx6$h=J^%3y>m6NZ^Xv=lKa^kK(wU_B{)^!y z#FunUb^H|lV|%rd167?lm&4A8e<)t$l$4Z;Kc>MW5oILmK&?#T3@%>J!us za1y4Y2Cm#+d46VDz*Fd1#_*OW;u+%atXV~hC{vUf%Y8(HMNjDrS|+#4kQp2ahpbrr zxc0(LEos$f`+3%zhVQp|S$(l|edYEK1v#TCvlHmsT)I$C6ej5``VAec$lg;rXT_!Y zX@FY(w|Av?#-VZkI%m>8Vn;Z6ZqVB|M+8NND8Y`S8*UA3;1j|Wz+S7@Cqfh?>|LO6 zV@ws=!m3Wy5a<6;_&uB@^b4zs?L=QTKWStlRl7;^$|5wwf8VcRq@BD&jIQO0ZblTP zdR0)0ZYM#elm0;G;{qD{&-6v!M)HRxpSl*5iFLny2q-Y__5EDhF)J=iDZ3Pr*>tTM zRGSHOAfZD8%S?#U{3PtLb;gHqWlrMH%nI$?WVhx+ViRAior(v<(Hed#j(s2fgG0QK zE%JG*-d_Vr1%==kknjlPMtg)F{-L(rH_U`^?%!rA(RO%eMVD4)d~_Y747K_lIek<( zO*1wb|2S)PVB{3siF=JK=~pD|0yKW=TcxoM4+i0Ue{gq}Qcfe|u-vBENc7?#+%E(# zwAk{TQ^#@$Rfbz{WUN?hMh7&#{zF};Jw5cC-x&9zQ{lDj^x)K#)cOJbskG`Io*WKi zggJ52hm&+m5||5>Zgzr^@I-q`P2GB(<8nim^GnV+=Fcrks;cCPN}oTn%8!ZV zEseeJ2+}S{K8Y3DGubvLgzqmtXCj54w03?z zX5guK8h2=cwO9VrFWbg@#dm>Z`uPWMO(()hG2FF!x){6+Il<6A&+r=jj*JY#CKj4g z#^o~6*9q-=xUUX3rilogj&t-7j|@0v$r+*DY>RWhhI{mNyOf|=AvGk_p;YHW29pad zredF?CFR@wL)RpdzL!F$Rn{uq)Kgf}c9886VeTRiN;AA)G`Cxl*5@w{@+sW^z70)y zi{FYwRNne$qh<~Vb5hK_Er>DF50+nCoLUetc+q}xk5MCD#VLaOvU; zk|DL!mNXz#wn6%W9U&}&wm3VDT`wNY$hNSL1!^XPd4RL15)+Ba@Y&gfgOJhU87DM9kuN~e~_CHD}r3YPS_!=?abjD`=d^u%BqFZKHl$3u(KtU`y~z}W@07LXfx|SD2l9JwO^XIl zN6LMiToT+9F1|xV|Q5&o!fdP{-M%;ka+;=Sd368xR zI8uK61xMQ*h)LG9W54?t7YvQ${RIQ8z3}dmzJ2ZXYn3GDr%3;FOQ-5L@AK^>_XRMM z;xU9s?tQV@aHFrxu0$vw)LwmDpLNTG@Awq-X-G%8TzNKDH8j#hcmH~+xSK;!E%du_ z5tk{Giqv}y^gg53JM)J*+W`Z&)a(t9Umn&6DZ3!+_SMh7M+n=i9UOE8s)ze8=6<=c zN^mua5X`yO&yy0VNTABR-Gt64pFr(f)iVpSFO`FR#Q!{SSH))6p8GZgKG{uMc^8(8 zNo0287LBj;px3{+&PL+aD1>l9M#nv)!)cMn$rRJK?wCxk)?Fo}AR1P|;HrXuD23!6 z0c-2-tvdIX=Y0pJyR|fa2YR|nn&;wz$nr$XRg%zV0i>g(HOcAyz-<-2ylF{n%2GFU zc%jqiEW|TRmCoQJnb$Y34SWT|nvs~q-tshzpXw7KpHx`e3>6JZD%xh-MsA}c#sjh4jvjCJLTC6fa^)_g z_Fn0$EJ*0*@9#$nCzq?MZP4p`qy^I>W`pk+8U%*!R4!q7;z?1uMAEW{SU+B#J?sXG z$rcB#kUatagobKFGcfchFCS!stbbV#Et8=i*ai|b2Ve+X3E3&j3x2sC!e0t02rgNn zv_(5u}S>|^B^7tUED9}aj(I5ADsxs?O zF-P29n-o2_*aX9F4)>Ih&z4STA=6RLiT%2GVHX*C$ssM~(5r+!eCsa?reweDXz`bl zi>)$kw9#7WXv(VNW~9H%v*xGxDBcA?-J4Q~=BDCrv;`s)`VoT}O$=6qRe_3U`N`>x zCpctlUI91h)ZxOR>(bKNoH^U*pzifgY-u956~h=OV~I;{+5NkbGjHb#ZBx^SgN6k0 zh2|QKCeFkMskN`eH@_I`&8K0uwU@gYwq&Ws?)*Wl=0kW3ZrT;{K)~iF)*lj2&bjEC z(orRW44)q3SxtYK*-R37O}B^{82OKZyN(@>EQEO5dHY>4*tUhOp*S=_Uqq5;7@mIa zf5#=YNNA=ZmAe+R-R%idkVekIkkruseY-W%-s%3)^H>J2gD_Cl8l0>}D$kz2siuXu zMYqWdiOAT6|3VhPhn`o)T!GK_i2xP{$=Dd~l}n%Jw3Sb$lsFHqi@;|V$&JTOO=UnY z;g=sQ8y;NO+7RbJei5N+O2zO4-|{YPU~tUBRcO*6tK)>Q^QP3p~Sb#eZpu z$t(*sjwz;2hykcR-cY7eKgB}1ml>LeuesX*8wleIAZ|ZiD+?p#0O=~x4C0V+zr42J zgWb_?^p6sQvy6trG9OTIaC#1>!!~JP6*fjra>zvV z*KQA7Ux-O`ewkM&xxYnW zaz0Jta3Qi(LCXGVa*4(Se)bcyoRrd{nc#fwv%O@|BEsTo!lLXpcV$jl zVTVN64fCt3f!h8)##kY2`&N$UypPkDzp#;jB_HW7a$DWeoI33_iu`q-UB(&8E+tZe zujF`{q{__)@ekW9afoUq&@b^oI~Lscz<(&3uPGpvs}ww5X)nU(o7-^w!489MMR84f8tRYG=_Nct)etgVAPo0^8S{-g)2>~P^&Jv3Y$1GCGF z&Z)uRk8f))u81~TW9a@2VZQLf{Aw=#rkjj+DvM(d`IF2ozCWp)*E-yS#7z$l8!5*=6KH(GnNz@!Tq|$U2hPk(_RMHx;V5vl{$X>C3PM<@$=c_JQe>)NWUE zK1yt{Q{L+3z8!QL*(P=CUDl_V=a368iX(g^E>5Zqw;;v^!&V!Eer9G|o|{J!<{Etxh6yTE7$R8MW)R zld&Jg{f}9*HpC_$CpBF=)-lA&>>>xxFU~YVikQa;n<8JE$>`37K4-zV_bQo8#VLpQ zGCBVo%t9}Gl@d`5UevsaZ(B(r(3z7^BC^~`X41Z}^AQTD{D57kMDujp&ar`+{naMA zG|D=l51W;`7_@bx`{Q9Jrf?ODz`3E zQ6qF;m(A#M&!ySblb}=;qd`4WZ~M|8u!a@-bvaXg#z>&i_|;SDKNK4`FwSG}0c^5U z0&NEWL>#B#&fGNO%QCR}(~^a{s;g2En-pHC5hn$w)SeMsk~}Cqvw;Pmu~9S&Jzkbb za9TFlY>8bT!(laW5QhX>yP!{qLyB4(JnvaPU2mw%IJR|$ulGr}@h_+y6r3;eT)NEP zK&;SlKF@5ozMw=AU+cs#EO>r_*EiqXV>ZJyY+IrqH3@4Izx)vjH2{y9~v z*V^5^o__l2G?<1P;Ih{6PoX3)INCy?KLL@npfM_9cP^jVcuPY1sb%ghL>{R0*Ie6V z$r88V^vugHph3cLQ^oeGF~2huZ+^bO*EO&FnqmgqR6BEr_K50lMIk_*Tgxs^_`kUIEBAh0?CnF7TpmemdH>k=lg3&lzO1co-7EU^Z-*8_@CP8XxP=6(5`zr+>+X zagV){$^avQEh6M)@S#OVL$RFGR&D-HQqNdV*W$29e*|e%3 zlJz*3&G6r~+Slvw6gT%`)K_86kyd^Dq7_HVd5Q_b2_hyh1wB@S4q#+ccLJT}<9dPG z41aY3FOpRPjV=h!$`Sz|14g}L1B_;0+MD*(A8N8W%JCiRZulI>&A+bV$l2jzYfz?g zZwv~;r3}QiJ4#sCGonW;Joz9AST`YfGD4qkhVy-4+6aDCR)3Xl{MB{%F&mE^StpU4 zq$c%I%O8b5U>e*5!o0Lg_igHXRz$um63RjwBZbyK0)o`FWJFcb3hUNA@r8_6o1sRp3tdD%J3<#PSh^likWg@ zQ?uKW#cgpO*V>Rb9ElnVd>wLdTK*IKEHlQHsDmyh8htN2IgJ*q&Fq@J#K#U=X%F59 zKTXDE%%*wbF=kIca5qju`>$we%kYcQ2P0gV+H>3-M+g3gdZzqM)OFjYN@^-EU2@;S z58L1^5$>qKvpK|!CFL053xbJevRwJ$j2v%sf5j@Z5e?fq&^pYf@Lm0GhkrIn!OkP6hh^a*UN$2aDQvCM0`DF(`!6fS47F)}DSV=# z$qz!KZ&oOLt=-7x17nX!HcmzGllx$zImvdk^7@xod$>Ky1B?aXl^qYUmmBq^;orYB zD22Y(9r%*fgIK^Z(U@so40$GDmA1(2c+{rH;6V!i#Ar;`9$fWQbR93ZT;g*Gjn2@! zC75pGF0t6gGBIW!xOpq1H?}<}oOo^q>@<+vbV9cKn=A|nlCYq0z(8%#duR}qOBzbN z2~A^Vo|&gLeLQ2`sL$RByJ@9!t6kf2rybW=e&*tb($)D7!0|9}CoI?Vn4?9m zm~CF-xokF#l79k?EDf!25b34eCE%Qa+U_2+5$aOFcpqy@+1!lc4lJ>_Q0EZ}Gi+Q9 zZp8gHMgC&E*xvS&hG;OLZRx9V-n=zEVP_>tmH&vf)a+q>W|u4@wG+HDajJHOwZ@W8 z{8H-hq}ka{EOmT?>RfjMTzsC43Wgju<>44?0jF`a>wCEbmkx4><(VNUl*QBorEYc{cZSq2HCZQr8 z`*x8*CHd~IMd$oFVLO{4QB!A%rhj7$gP7phRm?WdcOn%Y#%n(KAa~Q2G~=QZ+$$cl z4N@T|trdC?yV~A^7U!H6!VcBTwYMlAn)VwD9q)7;7A^Vz=H_O;r)WH*6W-sCT?0CA;$cv=W;`gB)mS1YAwcR5#n_jS=ClreELqJh+Sex)1 z-L!B4dkqA%=#ox@K7n}>t*~*5R#z{}wIt@KME<$g`CC7x;2vrF!GoAk)*nv5mIByx z%~W9rw~+YT5^wprSZ3+?#1@v@7W$N3QF)XS0nY}8#qa!s4f=CYj`?rHx(o5f2TO}S zKc9fHchyF4*w-E4g{yB?GaF3WQfly|uk8y|*)osS5B?=Fu2`*!gY;4G;_e*<{sG|a zIX%yk^0S^_h4`0?Ns+fT?z3B^hO9Kntv2TU%u;>0ZN!ps2_-*b z@?XjO1QQrT5A7e2Bt#2TXQC(QgZ5^MZA z3)98eD;(YaZ2XB3P2K}$r(H4Tx(7uJ*!CXZ z4h?EDqOifbxfU7T8R+?mScUOeiQds`h`7?&d!HlM+4u+%4PwMIwYfPdF2ZBcx%;RR zyMA)XdkKZ;vR8&;a5q{Vv$0?T%Hytjw0i?$h1Y4DdR+9oHWz$FzGLXyE*CL{p4{U? zb7)`vnPmolY)7ZF#8Fjs!Ljxgz8?0FNwGU@cOBW^%B1wF!9qzWQN@6|`T`r#8gj&-$hAVg~$h-*EZ6LxpB zyyqa}qog=4F|#`pEeKbe;3scEix0ds9GK`@0|T6YfHnBJx^Kh%Cghb-vr@j56+fi1 zR&g$(E#C@Z#0IXO%$oOE=9)DB9IUpKM~`du814<^kE7=Neyk*87rz?K)#mmY)y@Up z8fZ&WR+7i0f$CcKD=`UfouVpAh^BW@Fc0IiGW@8^73c4BfO)L0ZyE}M)^^r5orDZY z(L@i6C2eHMIL{+Y4J8&QENCsLXS`}kv3SJomK;z%2Sc%6Qr}q{XK|I?wnl+T z;w90{=P_HpL>&_v!eW78Zkaoxs!2{}qui5ToJPY!d<+HY39p;laOct_w$kXmOmJ(f zpHvqL-R@KV+O0P0)MMahV(RaO`%ZG_$4ZB`&+t;jE~Aij`Y!6aHKGAr^4I5QKC4a> ztb`u3ZbPk5sI(*BC%=Ag#@ zoc=B{$B~2XDv#k-@BWp5GuU-WZGl&%-=Y7}OPYAknm%QPpD8j^PJi|?Z~4m{7sgWS zkPJ4VNAwj+ej0lrK8Rp`z<0(cn$sF;ti0T_Tl3CNCl;1%m67Uj-NrSwSFd;+ZLfw} zC>l}Wf*6~r%)T6viBnIOMrR?+Vm)KFAjC3WB4E!2N({+}Xd;*_ed!-y=XoO7I_>PU z1h$R3gg{ig!SWOzKYEuz$yZ2zf$eju_k|j_Fsm>_`&Nk+pYXy%q;Wwhdtjy$E5wPg zUp4PkBRmYU(R68Ugg-X2fYesjcc)RG`U5TJdi+*GMgwl78)?y^Fdhc6LTDA%OF6R& z#u~g2r!XG`?cRuMx8ffL2FO?BlMomOvoZHuDSC=hDh=ojLM%~<&JkRh%kAnatnb9= zvBufU!@X-7MaRYR)L40zUV?7y4y0b3X@%%C<^7JH5IlgOJdy_#GnVvb*{S6)er z2O6L(Xh{Q@Zv+f_X1dzSbgtXl^W3>w^`(tt?u2FOWBTJ?i=}UPtW?B=k~B@L+p(PF z`s|EE8uZ$~gm0S{H^W1i-DsQUN!~ckqMtt+>j&)(4*G}B5QmU6OtVS3C4{KHCSla> zWFRee{beOcqBXS-mQ@E(8aWbde`uDwYmIkfoRo2 zUjezD_xMQ3?6`r3<6n*G(kz*a^Sk3Y98L4Cwe}n6Qbsl1n#^?R9}Gle-+pGq`Ae!v zs!zd?RjSBS=yQ&G;r(rJ==<{rxZg_~(ToOA;hW#5Z z$`!uJA_pNv$5i>F%%`16iaj9lN#Sv6Bo4x`yLwF}TYH*xTbz*d;HRmbyb3Hb;jas| zH8P70O_^#7mZ5HAxyB#0MshAl`}<^{Ha3tyX9UDMX1Ad@Z;)T@nI^F-4yNIuvZh{I z`62J8$K3szl5S;;P};>5>dAY)w$}P}W~0>+dX3}7y?$^mA%v>65cy2@%bDt087pWI2dEu;;^1Bs=Ez31Zw!*eS(`O+XPd*6`ZHAcfIlY1?kS0;aR+~@YSBKdfdKO zFbDflB0zyiFB_j}OJyHTY}`tzV)b9RdgVqoAK@Br4>itx5ePhz11jZbuY2lBP?38UGsWeapX{oP z{JB~!rJh${(i#%@UVcngCG0va7RF3Ai*e*=t%Wk|r;bD4DfYf6V7pXCO5RkK|B8t> zL%)MV4xs7cXPeXm1tO9b+R=*xZEUagb`7>W$s_aEu`=vu@q=Eur25wQ7%7*3c!8)h zHM~pfBz8yf!2H}1%UF8S#YD%OH(;@b8Uf@D-*++8Np+9FJRy$bHr5BWaPimlnzz;^6GTKC7x zCkCp%_(lHUf!B-#K{hl6rSua8xF%|oAX2TbLL#)rdGipelsD9x(vsLYB~v4svjnDP z)p%0JHA&6x6VoX<1=4R3Sn71I7m!9aR|ZO>T7oI4rV0qFotKN`FXP> zFq@RzeEJygr-r=u1#iO<#{jg~r`{oxdUd?fl+>)}#~8B?7}@Iqr&*+;s&iiL$0M7J zN|U&AzzZZx{NZ)JjG*M0JVgzBg~&3l_INgV@5dxy z`D=g5{U*#>em}})*vekXaoA5vDl{KTvA}r6=lsT1>S*L4LFp952^v8_?(?-dgI^6Y z#}=ijQ+u=atWU(WbVeU0%GmO>d^7*JLwt~=zKlw_zr#nLDP>R`9XQ|!ya^iYAD zwEqA@pXH;TyF64*I;euQFKY}Gx`{qDF}un})P1VDefAWeGKw)cFH}ZK z`#H~F!uEOqYq40`Qtf$#WPtXcc$HQwb^Ue1-TDg{lDXw-rm*9wa8kFKgJN|7^zbf?pKQSGUdkpr#o~Ep#Kv$HnH8@` z&=e88+-e*)x;dRE3BWbIFIp-?G}0N0C;IC9N?CV^;XlCMKY-eP*g*RV+vaIZGE9oH zQ=j5*Pq4ytD5{fOZ#G)OH^7ss{VRPx6FU#dA3f`XxMi+7N7VJeZrJ};^4~7yeNypO zQks_q+tuTl51K*>%AVrhYR%X0H;P0(W9ZK>Ne%;c;&6Y1fpZvaiSHF|g#Q5cSyB1^ z7vMU<&1cHzvmX(?crJ*Fk3Cc> zNGTMbAfK}_Y{l|}uBdpyK?`%4pk;8c1Rj&Z zJ|XKY(XrgU(GuT$@Gpy7#Ra=594^$uOg|jSQFgd!Bav$;}X^`NFB?OUo}By_l3yri17G3 z$~f?PnV7JFjbHpvzaAU4G%oOG363{e5&Hs;@5K5sOxet4tf zUk!e5b#M=^q*FVt7B0G;%wlYyY$w6iYXB|%C)G73^Ybj18Z z8B|Wa9o=O`!~sT&93U_zLD4y|6>-IPSnwd>~+f6)>q&wc5;UC+IM=sy6)*H7Cw+fID=N)81l9cQ7d zFzqX*@$kXwa!YXj6Kv>V3_Vn9dk&^s>Dg$3QJMiZmG{l23wj;0yxOk1{O80?={t@A zsX2`Z;Hyb8eq?53wFkri{HiQQ48k0)Zt0+)9TMq}Rjs_|MZs_wRl4eMwRciX>YL?w z^C2PCDNW9Ogy^}j0{cnRH2#GshZd0x0>)A4QRLsEBin*3>EqCJ{sD%|V!kA9{he6j zsJItk#~^wWMe!^ngvEL**O#A`^NH>+u6UCZ#=y9Wu-6D(vKp1hzB=j97?GUup*6)m zKvPEM7FF9WU8tg7{~>XPgtRHR>Ql{W44n`YR9flZbfMJS9&51~EOFWE+yu4LVpOn_ zX(y{!z(~a%6iflCltUyG23RcODYyl|7b0*|C&#t%ixL$RN5krzErR(=@YO5}8NtD|yp~oqow9A9E zvgoRJV8Klagq~DB#t(7_VM`rnsGCaJU*Yv#+=J3?x< zbg1yY(BiSxJD1&E>n!K5X_rqbSmamx(BUZ)3Rm3Elr}&d=?V$75c{lL3s*IeolTwK zP2-#2pK z8sIL8n1Q^_DKLK(ls!r$gCvRk(UU$(K<;BV>(nUv-5*6BA*mpt?)a|HU|_sNkR`~! zPpMsMX}i7n0PGxCz`gviN!)rIM}EwnCI0d=Vq-#tC)XjSp}wTn`L~|BDIng@4cR6m);g89D26{YI#lGG#q)JL`9` z1CRFmCNjl&eB#3(3o^#iJ60H2Gv2w)RC8?G_w=B0)6q6uRfHDNWHl8<##_lZ3+V zWTfj~M%#8NJ2g>|V5a?%lW)N4e`d)Z{rL`gulf&w2kRwqZlGB=N3Rs%tUblwF3&y4 z44F+SJI6pAI1K$`&y!Z)_;%y5Q%&bl6xYcodUBd_5E9WuS@DzOlA!TU-x!p>&K*aV zBu_uAFY))d(jLe%2d7p$LM)|%5U(_X-(fHatV-7$eb44x5=D26^t0M5`SE5@gv8n7 z-j?+=l;`J%F?T5}I9H<>2N(sWdaJfNAy=|e*C?z?BR9Yd6{a53|JqKfrKOO54i|W4 z;P4@u6I_>`U`Oq9T3&yz-rgc*M|ayovfU?>sXEdzG zI^W;rUtYq1-0-H;x3Z_CU+3uMq@6UD9d}!yYS9%aI;%e*!RW#0upSk~$%w5@ zt^AX(n3$uGJV0X=X9b;y=Cu_TYqizZew1?#+Wb7^j(q*j_vo7-S{Q@mU=;WpOCMFr zegwOoF1FMODj)J1Z8w4>Q=wMUZ()N(jMGRJ=WdYwI0k!ZrA@W_#FJLF5GC(qx>6h4`#jC zGeZH=_4&DK$HJ%dj4BLZ*R`U^^})F=kI{nAXliXf|BqHOoPB=K5!+C|6*bFsdJ%N& zCR9~E>f-SP-vpByNqX!VU3Z8PHJGkkb}RQBcA7e3cxfuh;KNR!US4tKQi>eZIoMh) zOOCfwv&BKvIT&q$Vq@E?Q_=D+yQ=t++XHhBFFgfj^!EwM2x_wLDuUxOl4eZge>V%R z+oGWl@?^=NLgGIqpQNuvKIHX$0b^$2D8e_e*E}JxptP&B*}XqXqgN8lVUnX)!qf8? z8Xe~rZCNT89qo5YkKeY#RckNjTIK)P7!G8?J#%DvXqs@B*Isxv#3h#p{|Ywy2Z)D$ zH8R6mY}B+lUr+z4g(SMEK{s2|3dx@)2;r-rJd!uGtnwL$jehds?bUR?h2bGbfHpfV>dX^xvx)yZyDovxzTmK%4 zp2=R?s_1H5G$0MhevLWpPU6~?hgOQ!!sd(B)^%38)kW_~eSA*1&pLAEmcFiLFnONo z%>duJ%m=bVvcHKYlke)N?Wb`%JJ|t+T|>Qia)t&e3Ot#`rDktyc)v@GqMM z2Ikjng)2LMM)*@w8dE{sY@X9ywDA83zl@t^&D0}H=ZTWIz~^0?-?kb02G2o&Sg*`W zEX_hej44O>Ekd)paJTec{sC&yU`R~^Y!YxP>pb}1dfi#FLo)s*v-x<`$HyciJSRr7 zo09m7$#Xs>Clqz*kF?!8NPU9WtuW-wr7iDa^vJVCMX!SUL6}&t!(P?k>UMgyTr1t$D3zu*$&2Ggfw!PG~IYOZ!DW- zIYaOj@pGg5rK{F|8WS(EG;m`O&1p*XvB{U(IYIi`o_>R3w>-oZ5;cy^3TnLJ^HwmD zU&0?PtdPW18zr(*+^eSG*_{G^GkhukeKX)o?r>;5Xw&rj2Ni#)8<)J{d}3e=_-Od2 zj!XXF9=xhW0sUnmcBicV9`k8hj=r(qmD8NI92fPzTu|b;k7dhz*hrfulw< z_!*HNdoWpqgxA>%ALaR1Q?tSCsLlP*9=nQAF1l`Hdm#_ixa=f_eisa|y%+qbaC?-S z^p-l_+Ukff5uo|Q#y!rx0GqT4kqI|(%}bhbdVCTSMbfGj`2@q{H0WvD7!Lx zGK_-0CCH+B*e&IL7n4|pZAqY{x0!*SBuv)kh=b|du^AdT-geDpUZf5(*ZMX5q{~%F zqp#(=7U2`3*|MSLB$);dcky?F-Ec9<$hXQyREbfz_B5$<(37i`5~IwdrpK0m=k>^; z;BQ)mz+^k0Y_>pec>4jPvSq$l@xIJga)F2}YDAJF(4Z-X&8J!h(CWT1ipcs* zF6_FYT3qVsT^)XAR+4zYt}aDF2vVb5B8ng1&n2w5I0(^T`7LB@V^m+qQvwATeity%+|%y39j{4 z{P~F|Eout~E+MRbPWi`H>I1X)yI;MB*|4A8*fRpH1)=@fd=i%XdS;!?61V3a5CeBp z{f;O0elejYXOnkE3|jED_)}=RVLE)X??9)pTfz@HO&LLQY{idÐ}BYD%c1qw_pC(_CN44=M%D+i8%>kzZPxlucGer@IjL z6ob<(W`6cj&O3JVj+AA^qHTdV*W;ad#ZjD9xh2Sf4WcR$%x4bkMH&B88}I2!tDY;4 z%6z>0B$$^U6N2JN^gc`S);t_4&@JfBwXX5=O*!6G>Om1%#0PDRE+9s}G=|jgX494} z+KUPVb=r3V?;9&M*!!KB4Aq}%pV;Nkli&j!!K77ss-;A6C&6s3`D^U-5K9@-jpf1% z!4T0}JbXE>F@E*PK)7}w^}N3H_X!HxG&Yx zKNU&Zs}sPLGQ&fxrTS4X?IL83hfbq+va^{vf%jYe(0J~b^oqj&@a_}30{1(HyQ39w zje9+FDrd|Q<~2;`UH z)kN=yk#OUt<_a^aQR*{wd_l6}E+hB{DALikn7TJ9AZsG+rv_7-!D9)hu=;1mWPO*- z+PY$k0GT`Dlo-D+5**iaN|S{O7N%>9ja4Fd5h0oZb_QanE}8~8%N}Lb;hNJn)wR}R zPu154TWAY`z+0`(O89wo387SzJKA?f`kC3*E!4Vu)f>raj)zxBuw`Vzi6_TnjAvD3 zKIIK|z}j80*o7sb%#&VT%iX<|byL)nH=SO*G?KTK5*!&}FW6k}znpu+?iB=S$gbik zMNo+%1Uz}@N`%}=zm?o6^S_azm2TK-LL`DA{>C=$e}E2uIsTi|^kzTA!~AE*Hh08e z99=gK{#_p@Fd5Hi8P!~M#NeR5akloxJLVvmUx{+s=W^ek}aa$^{3eGj@< zRpEQFY0Nhf1uxoaWOaLK!%I87;2<7Mn^^KkUDl6?$8!2LqVxAfPd&bVL7m9F)_}Pk zzNQ<{An9UgO=%0(Pf2j6dwiQhdI_1b$b|)6w5YlShdQ^5WW&B`Cw-p(1I)uj3E{4U z^K3!iDLM6yUS2oNqB=0ABKQb zA$rYycV{n{ht565Od@*{a=1y0TomMv61m+;(H-`S>9p;+^Lg=4trk9G!J_~Hn^1y! zAx40so9vt*PHWrQ{IaLSVD-}EpuXe^=v=BAl5%X>XL^!$JYG5x*TEKC7U+u zp#zD1k1V}ZZpg;bCO-<;rC>ow`5vdJc;-Es02Dkoa|=WCrSy}<*@BifvwlfG8jCAxgZ{sV}| zTIk*F*Hb*wbU}vjw`1?JgtMn8y^}8zwE>pjZuZrVPqiPf|B`hws!(#o3!<7n zApPBQx_9~6{Gwitw<&rKAC>I2H>lHc34^e2KWR%Ht0mzxHVTBjvZg@d9I%Z}DxQ=5 zNOWnKP02IdX&!X%rkLyZ7hc%35XW7>f8O@`m7Cl$8$g6V4f-I(#sStaHQs6~$VYSj z6&UJ4JXT!*oDRo4(;{~bWx(#v2LEsm)eC2JyzT*Bj>9Z+TTh+0B5izor-pq)?TFjhY4?eR(Sb8KMp&CT6jpjVJmLR!w`LXhF2PBI5 zb4KiQ{jIh(H_D<0(j5e1^&jQtPbgqey}!b$ubLk)TrrFqC2sb+;z zVBekk-oH5BoD1PQa$8*5$kuhRH<*rhxB$)_9J6yM(XWBf>2@KOv=9#y*NH7 zZl3$Kg4}==n3pcQBmWmXYD%c>F~UT3uMC*E)Mz2p*>dxy!Fae5I`!Se-c8~HUcYfj z5TdmbPBVaS(=Ed=`$@6(u0Kw=G$!=x0$9~+)&qo2W%6N7bfyVR(TQdx_~P6`rc~;% zP>ky%xxlHoF~Z`^9o^q*_#iy}B=Q!zX27_@F4_HKZyex3)Z2SBDD3aH%y)@YF0FkeM*rQn(j5MG z$ptY~-FvcO^u&2{zF#{J$v*63kTL%?xOM&yT}-cWa1en6^5LH+C)NA@56OU3d?!RK zqTHLzXe>1p!U|7Vk4p4SJBs3L1iFGJvJb^IPnP$;ZtF`+ztcZO?CGhHo1G0`n08nE ztoo&oda4V4Oe-p8bM6?|n%0UCcU=p8AG*d;`}sDTsO=VP!mqXzyAlreh!YY&B@|O1 z^gQsA5WCa9)o}%ZsvQ3A^cN6s&puYk(Hjyh*}pK1(zjp=kW_e+gVy7nky3DbL>YupeI(n7~d(bo&R;MUWiDYRze3 z_#M}@$oRO16nnVU;EYE;=pL~OE)E7hF=U&rbfx9CIkw-5FPw9zzD2tI&Lt%1SYHE# zdm@)5bX^kRM2w_+TD~o9uJbk%$qu3p?4Ukv?!CO`AsOzg#swZ5RN`KXOoGr&?eD(A zt~jJ8W1hb=3YqOQHR+@+yS^~0$F#mOVZ+^|KZ7Mu_)M#?!R@x#HR!Um?a0Uo0IF%? zG{e3SKls;XXk-xCQq(_ynD)*uHc~(IM(8c2H6%0+4C9Y;6W@fovvxacEwIX8-TRU- za$D-}jb_S(5xwj7N&V?bYo7e+Z(y>j8@Eqfgs_}sE0|0AyTblAJhzyD(FvWp72laQ zm&eZH=*9E$8*OW;YwOD+2oIOHBKzteumi)G78yJ{us=9DM#W18}Z)tY^B-9 z2)!c4L7Xx&7exXIvI1mrz~m;s(C8D~<=Uj#HkLi5yZxj|@9o=G#Ui*PC~ehGmNV{C zvApzmUGo6hsb@j)H3;*l!g&=Oyirsn$fNxHs@wczThwpiqODnnkXwsl~(GFGtq z_?HyvseiY;RPDajwMV}&hAllQj=B@x>h(1tr-2sJhezGVHZ>eghAP3}Gg%YU@ymbD z9{A6;;xD=O+kyY*hoEempe#70f4TmjxEmu1Sj-LL%h&(Ox`Bn+000O8Dk-Z7ijt9I zU|eqPH3`elUSY%89fzBM|Et{wAw>F)58a z@Z(S3q7$vPUd-oUJMOozOnoum+5Z8)NPoe;33wtCvGL2t7mN14O`_0^Z}~cDM9XhB zEc=s?Bdgx(;->-WQ(BOTi?qQK{arx=9Y*bsFo-V!04s|LrUNqU9hLYLv^$c(C~pLQ z&y2qoJ#+~LY5Zl#LZLSgohgWEjFz4@{<~sT`U!S>gJ<`u z5rvI;ulZ_AGx%pBUnadn=tzpW%-;inU#Y=)0Gmx=LFn)|23tb zkDSi_3_t_dfq#Bl6_n=xd{QDFjdl8x-J9_d*K)X-Es=oEM35yhozL`{CFL@oa<`4U zXYR*^gIc9R4x<+`1ahVBE;xY%SgW)QIP{mLOrED3JK{%Cwj`T8@cB#4G(#l0CDGXO z_+@Oy&8w|=I#E>|k*KJD}PvGxnZ<&^`M1<9$1Z7#Kk)%ToY0-zX~(n`klN8qjGGT7Lmu})b}l^ z6z#5}@%94o((?Z43RU&2!|Z4BN#Uy|03U5&>y`a*5f*Vt52C=L8A-o5FfsXO|D+p< zg6@^3ozO_Q{5SV};4WlhOTS7gmKFq>oyqpTBnlN3aO=yLS;vjGC%?9L+k{!{%-ls| z#M*j%@*Hshqb`cs)))$GluV$G3W0`?Qx{Xm_$!YD9s*xpq z?!u3MfZDyT%DCtuc#EPgyxv3>F5+V&s0A7%$36ADlB3yX2PROEH-)aDYa^A-n2gO86n{{?v^UcPpu(+eTr;7eL(D9n`Z<;b5{UtY zi~sKFsF1oqKJ8$?F*%jnEGwCPSwU+!EeXMV7W4ekcrwMB*MK@pik$-~DX;HXvoB-= zzWF$=;B+h+bYY8TyC0jTX64P%x5}$&aLmL>FR5rQC^(vM1|ZY(5PZE%f;%p z1Hq&J7>C(N*x5M0&-8CMUppp2)mH8wMwBu$R`LMjSVjLK+Yi=-8gHWO6ct_RKRc4K zPU5BNJ;v;`y(fv$WF2@z?B^^y0k?OvFc1CghG@KwtreQVXkH{?$AO+-_Hc6MoYFoT zbRn77Z$kWYkTLXnHy+n2)J{mP+G^^=wnzdsaYfYuWwtCCaaF(oThsjZjFpjoF2uHh zaClKviv?H0d_uFILdRZ10LJgo=h$OJRpwjAl=e%F!{p-`t%_c}!lqbpAkHb++3%tS zbeEK$v=%jX!aDQ?;uluPG(}d82m-&K(rbS?@kpRl-O`mBU|REu=S7E(tWT{Zlo;sa zK?*uXV`e!Lm+;E|W=ItEw#z-7ef>wE?ftIF0kM|maiY&XCT zV2a!I=lm}9mK1>njobfF{-gJ8y%w7%tyE3~N}gQbVg^79f|3nHi!0fBU4ZC(G12*HWHKnf$g# zAKmfo453T`YF?&f&EiNy7ttqX#BZ;n&dp2yGwv^o#*ajNHPNbqp-mHRR=2@!a-nQ; zOGsl4_pQLLUfS~Mpwcr8{=!pG>On;E1z2XUYRz=zSpL9M2Cs=-QOY6rSH-R2L=m*y z>}1D+WRv_cCqWR3dIcKCrZO;9#R}Mjx=)2574X-P%nl)RSL+$9xmY^E^%gSL8XT7I zkuX;;dGoV#7 zL&)YG{rzhLu>s_O731RShS{)nEejbW0p?O|`8iU2oK4`{L$LM*zm9klEJ;=ML>nsI z>EyN(RZZ;q7xA`^TqS10udBjbAfrY^oT3iAcZAgr$+2#j(-4=;0DXPVQ=|j z2{h5WsJUNR8`=L5Sd;UV?Yy=`wS3rtSEvGdJF=;{Dm#GEt6KMHm2(Ew!pH+ zW0yz9`<20~o~9RN)(xVJq1@8dP6ZOurr+^bgYIJhfCY-+OSEp}8b$A54>|#;7|d&R z;jFI2v8M4!G)1j<__N;XgGd-o2vn2M7So}?g?0TwU&oYK6+|7_qtfCyTWt!K}~uM2K3->jexY^w)5 zxNFJ)DYpFT=Sc9R)#qBg!5J!uqx&=mO0=oyInc-~hI=E#o^taj>Sg)8;ug&HrIvd! ziT@PA5jzpWunJmUgGlZaT4G^6%*<9)52x*R4p4xcHs0t6v1s4n2>}jpQm^gULV_bP z;^_v*dQXgrNX?2!G}~DC_UAo9%LuTC_o@LkNzbI!EYFrBxlh;9Ez(~?8w1JKsbGxB zH{UQ5geXxcwjOQtZHA7MrZ;ls(sMn(D>1aVF*NR-S1CYG@67=2aeDzi2}1W0?zePa z1_Z&9ZccEL)UX(P8@ce2L)_gFD)i>N=|WWG^Jvc^@! zH~Hz2_dRJjJ7L`hL-)ej6Qu{4X;|}ZlEiA!$L^pqg|%~ua7&1w>y3`9~3{lV_`9%2;8$#lv2GZ?mIcoljGIp9F~*3COmQ643^*QoD~0mn<|@+OJd4Q!ggkls zgl-fR30TzvgsRUko)Sm@ownE9=DBX?{fLsjHIuj4c z**8su9+DM(^m2sS33Ys@G{Jfm;rbGkK&%D#uWa9iNDVTI7v_{#1x5I|0w@*ClZ!qL}sKDZg~_Gr%IU;?C`m zr9_AN&;VaW1dfqv#3SvbwD0_^1`FR~)`UnCY_N;yub@&vVe{1xq9?76P6W(rJsw{x z;9F@FK}?`iow3#qZ9%U8dm3V$2>oaaW4WQ)p< zldHmf67DzZIjp;>sO<(*%>Hcm2X8|XFzL4Bqz%^(Bn2Eh5c~4~G}WkLO`646a1dXfp-AGF&w)%@ivQOvI zZ2)-DY6<%~|A+}=wTo1hCd53LwkblElY4 z-_i4{U=O0Y9E}CbG^T&|1$j{tQRr2=O&8@MRgm-E@)JzDj6M-~t@ogHtf(p7RDGGz z;bz7*`1V@s$~Zy7xFJ4f9^t;JH!v@56=m_Z(w81a6I(?~+&hEz{p2OXQM9#CENY-;0q zEF*pBMq1G?dZG8PWm@7R)T{9T46S#@#A$Y}o9B_t6n6%0pb zJ#`Jhz>_<71$pGO%2W-M+y~}33U62H%4lt%`UFlAziA}u{j!tkle6eNuR@;v85(r~ zd(;1yr*a*Jq@#E++|*e`bS02rNBF^5|7U|2i-paiuhfWTCF}WdFKmiDx`nyK<_y#2 z5pDHa<;&v2XBdmi((9Xi+a_@E*d*byye#x{ zTn;b>X?FwQ6`%p3suECWPO@6`*8dh2E;gh69er)4dgnJdn3|cfaso0_g}&ag34lJG zg*p(>k@Yob^W$Hl*VsQQ5VxJZueH>^O^r|FvHoRTH&il_T1r|>$U48Ee}}V;GYUr) zYqF_{DI;wli`qyx!DOjYVf@4qh4h2^qWf4h`2L$RVIRGMT`hzw%;LWMcbxTG&m1>8 z6e5^e2L%BtpH|tJNDG0XE|!fNc` z`?h93X@D( z+9gSY&IiUILZ~q6r4vvO*PddA(8P~nJb#J_Zs(^(shpY+_3 zE+>kO6}SalyilG6z4;=*=m+UHc$WV^0HZ)$zriW4w4U?cDMi{HT7bTV*VV7JQlo%I zuf8#oqiR0Uk#o>{%EH}0Sjzji#Wo9mks5bqh>RHLjtI@SQN0Et+iqUG9Tr+CB^0@l z@PITf9D&vU05IbA>#;Q+{{U*@2mmP(#wgB3RGoA}owPu&bXa3mkkTMAR~qvs{sN7Y z9<}7kxlYdnBlo5!w8ARu2!>E!evvb@wgb(D2A)@xKBbYM6~X(56?-w}f~1GhboI#9Tc> zvpl!?#<6K0#t!M&fY_xR@(zbDv{3?(4yzHRg7n^-z^_Ue?q&0c8ud!`;%FyCqsnVZ zBdvO-Bgia2O`b5|m7>J&!oJo4R0AsQ4&yCq?sL6kgo{F*;9Fb3m1!5M!l>QUe25Dp zlDJh?)USgV6FRUyI&gXYfwJYGlT$fvJ@0LP<;-Do)<5}8A@{dj$l%C};QdtsZvn`4 zaC)pO8RvMukl_Av0M(nDgA7HK>T9{cNY#WOw}%`qxDx$dTOr*B&kFkla)}n&Ih^_VO;|ZLVA1t=dP8bU zvKNp*APfLdeE`#FF!{_QM^n*TM%uMN!yQ&>M)IsIX!I|0?AIF!IjcIA;zCNrBeNGe zR6TzVX_PR>a&W0qpiLn0Vv0_&vz$h}++W~q>toe`x#v&}2M6)*-rZyU5KnFx=CcAC z3zVC(YCv62AVZF{4jP(_O7Mecf3Z+^Dd407n*bB|Z5KT?UKffO+BqHGx=go0i|38s zw0DCM=m+iCj&0h#5Nr|CH3HS;E9nc-^=;Y%2&^Lab$*r^rU6}GW+9p27&@DsW}PCh zaF_lh*@jBgHCv-(;P9zjNGh|ln9qREdW=P7txl{&1|VaV-W5RzGWS<_627E@B4%&Y z82bu$snRGQhatM?lTcE(BdOW?&!A8;tpF`&MqxTtDhXgkq|>)XU80fPirS;e7v@f9 zkb~Q{@Vpvy(GU}@UE=g+bE-~I!w|#E)p36w{pG0!4>o--g{0u(Tqa?6!r}HVUjQM> zhD{a^SiM!%;D~appZPE>Qu+G#?FqDD0mwMt)@D#zfEKXTk$Z}3UV6NsKm}HS-W;M) zSUHYzj1VP#CWsSJ(rKYpp}BjU7#m&$<8ZLzOY23I)fxFcg0im;J`4x z1PwE6xpbuI5w$No3$e~9Y{*>y0Ep@R1c$Q+l2i&G1qU9J=V2b#l0hvSg2q}!oThV8 zqWy=1gMjml&Z}%rd!j1Dq?5usWoKCW!J~Cl-&NK332VMN9Qp8g@C{cwu^@Ca{58Uteo+1j1y%2hgJ1K*jv_Zfb zO@*&ER|N&zQ|mc6xdG=0HRxmJeMO`byt7q&@6UBen9O zw{1Gq7cZ5<1zZE?AJIe!vG1u~CLxrfk=d3q1|Z1T@D%mZQx~RXkOxQV0c%HCdVZA3 zS0iE~qgX+?#DSTC8{6CWxP8WjbPI~btvX;r#*BIo@i1LSfdCw8SUX}V-Dn#MZCY0a z92TAfppXk$HwW73x6)nO81HzD!BuBV$JcyCj%CW>+{CoE0i5SqaUE|ne# zfKfXs+_OW5DfOIf&SYqdDB_LF%RXeB-oy zS*CadSJpTMq*iK{yrNrbuE@zo2I|oTj3VbtUp^1pN)1Hxjkzi79NnY7AGrLAC|Ps> zw~@i0K9%MxyBEQWghae^qCs%GHwBR3%eNs2d=z}cDv<`!qR1R*31!7fG#_CNmEivX zCguB&@;Zwg$t>1h_{JiMRvS~n&2U#lSFsSzred~=jagcrP^jSKEjeL+v12u&)#J0; zW$oK=aKqp5hC8dBC?OYtRUMVarF|?TOz8%B5gwn@_3q5rY=Po3DYGKi6XgLLl%6i&=w4n@;Tdp%Ap7=Ep#y z`^CPm+3-8)gtFX}B`c(^Db2bx9d%t`M8w@4RzG0mzy#I00{f%h}cublvWC zmW}&Ga^z#e#F9cf1Qmj5o4NIRK&@rz*^E+;_=PH0)P-URa^Y9HSDywz*8~&>?CC&oH(KZsb93jk-dWpwCNw{2aDSr@Iom6> z=3l6dLM9Q~2ugAl{1oE zeUP|!z||4z(l1pwWe%-lSSbr&HH)mb9fBZwJT`XVR)7dx?mu1-E~sx^;*Jt$h~)I+ zQRJ>H?9-79(iNWfaz$4;SzHWY!n$kZc@H6)Ry4DY0>2LfS{_tPSKEB+a7k1XycX-jL#BM{PRx;wt?X_r8#NAQc+p~ z3#y8DZvOyMt{q4lNam0!LMEfMZ`vsShYCJ26Mr$^$gQ~^o>iiCe zgcB`VnqvuE+Ua0z%Y(b!kx8=uW}kC+%O945|}r64T+?DC`#x4E&2U{o>mLN8mubu74i3n zh}Mf&ybEFaR}`MX007mq{s<_h$JOwT7xl)u=02lrHGn5_%p~eJad!QEL1YBbmny<-K_1-ur&svk zt2Nok`$xwJh#|_kN)~M3CsJOW*jA3bqlm(??-xR7k@UesP5VO-0>IduNODnl<@PvP z4qRRY$om{K=R2V&O0Xj@!OL>U`RU^i;DBr#AL1XC7=U76*ZWOG06bk|SUgrw2acRB z7V8dE<{-tct7se*#p^ZFL5Z%{FOl>5loFsBRnlWeusJ%rx)BzK7Qx6g4goDU1q9Qe zM+2b?gfba;%Mg~C=WcIToIy)!tC!aY0Mi3PQfo75i#U0lp0Nl3U8LlnxX0-YS75n$ z2CFh+^4$LCNu)|(yc5^yVuI4lZnHpmTn()0AlYWP>T@Ex3DJ*IEO4GA!EB4v?93o; z0FNf4ZigzrxZ9Bve{95xEaL9}03skONj`H}0SAy^$|xeBHk;TasU<)JqWF(TF}SYS^y(P#CW&h2pf_Wwa;s4FY;=mQVa{{X8$b5ydt5o^G?)WPaRT_%wPbj~?P^&ZTuD&Ik(Vv-c{6ZUf#rbz?jU zqJ5adss5vd`dh&b39M8E9A5AP02Yb2*dSa-qax)1t9Ba8m#M`m2d@j41jb9d0Vr|2 z%n&(g%3Tqs^G+;I(zxoY0f;{J6_0LA(1LPE6u`yL-*Pcz*`B2QL91m86-Py)tV6_QHclE6NWN%U~;m{8RHgQH*C`^5N5WF#!q$;GhK?1g`GHP!YQ;OJrm!sB#7VxD!sQ zH`MCs8g-SmfUOy2`08g^J_$e(XiJ!zqWwBfeGrv;Izpf{(AGB3;;S*;9tw$`U; z>kx&x;%_i-4RuWVFr@{RhmrA7?15`jyaEcX0R#`#A%FnDA65N@-owsOl<=AQDhRHj ziAXYPp&yTc5e&MKiJ}ZZJTA<5=E@Re5y_$@F^$lP8MQ5s!72lG5LDNBbd@SpsZ4c& z?nSkT4I&1Bb|r8LjIzT{4sz^=0*q7yBVsy31frK``w2>5o~KwuBGShzxh^U%4o@xw zOLQ=EV=rm8AOUL78_Jgfd7p~$f2bDFkDX6wh>Av$+A`FQkWI~(91Yh5jRnSU1v{j{ z@e8%gmSLN@EU4p!O4RQGITQpP3R-Ogm(hG&8R+yO$Dau(Ig8~3EjBVm(c&TO(!^OeMl zF|xA2(lVq1!;_f`5|);Bd?F-to%+OTk+N?*Vab|jNtZT`uQ*35r4+{BgIE9oLH$n% ziDQJ1cdM%#hl9f^^~^Iaf5+$$aN6h60%(mR!i0C26n%k>ToC034aQMb007viu`rWS zmC?$Bd;(OdQl(0XE9gw~s4ga2@cBk`4z#n8It($;MG}*qb(h9h8~V`fp+vshubfMA zN_y}eAR+)GVAxF(Ujh*W_H`OCT|=>m%P*ueg90=DNR=`@VC=(eFCoyGBMGFV8;hVq z-$S{)x~~`di88p_46eRf#y0epOp=2=7`>(0011)L9+P-`FJ1++7fH;QDA~5r+Vdq* zB1tTF`koIAaYV&$F5-m>6=Nc8zs~zeMCV|ipU~*>eNX$$mO8muy{XklsrR4ywy9f9Dv-4&dGf*faD)Y zleM&^G|T&!E?l{M8R2ry)72D9uL?ITEV?;)-%w0vTyqk1xdAP!z4D&`+Kjfu$`q2& z25OfE%hqWKv{WurNU#j_V>N%|xLKlU(NSr4ocTcF{{SHT*&4_?##4U|3`o;=aBeYB z>oy6^%`j$prOSj01JF%LVGiY)P15;A70-p)l&+(2&D{DgjXMN-m3feidq}By#F;^N z&TYo#uvnMZc#g5;Z6CXF2Ca9Qe(q-RIb}5p_8_julMCAJ*DbW&u%7fusa?w+sdkX$ zE)-7l5nVQG1Ee0>jjK6IInJ((l4jiosY9qQ8)Sa3ipTQ7Ql~Nj0>15_e!jzyl!x zQF)&v(j5;)j)e( z?t)QX1hNFtS?d~YBB_1hru3rpjucP z_gUD6RD21$lbFkeodVa97DjlYp0zp|Ks!pou2)yS^IeHK9(jv2ArTMhm0ECupDEUV z#UE(Mp@w}%IOVbI+RU&OCa07aTfl_yq@E5TBizJLrI22tSm;X6qdZo@A&tIH4sVff zsVH}_FX|hr(`6nEFarU+xmT{-~2j@t2i}HA!N(dVv zX6u1FQYPIc(#Q!KNLUo+O%M+!5K_-N2VXKCA-0TXw~Dxh0b?nR6IvpiYb+ekpfYGW z&s>u)tS(H;4=<>htmMl}4@l8j%LtwKC|7u18D5Z5Cr|JpA_mC%%4!Ykv%s2E8XF#I zG<)ho{7K#L3GkJjnEwDl7IKQS(mDjvaCk}(OxfB^rM4z>SB&R`smHT3VHRIk((yGj z!D7D5$_~gO;BdrgN)6Xo*PxK#daWQq$}_dpmfsq*?Mx_rDfX(eEp?U|;?h?i%{{hJ zty?erF~Q=a&L6Ykti`NM1Fv)p?PZhF0AJlh-r?o#$ofwzSUgmg6)ggulLs`+p_=M! zq$AP7i>Xg7D3@l@K{i?$4a?w(TbfG?pSVD}*(lKGG)rnUUg&+YTf+Jaks>_uHohdq zas=G>)PuaPz)ltXGxMx!ng!>3&1L!7)z=Hn#3;Qym=3v}-LzqmNJZEG*opOIN?By=qX3@)r)QbpHU7RMNUW`pxy~+g?#-w*j8B zJPl62qaH~Eb@;F>`vv?J%2pT3Ue)1hJjn4|oxEkk1zo$|9YKp&k7SuWc(^!*_&5T#x<4eMD<{c zdnWhbN`Q0={^e>LG(7@b2(~PF$})SDzbTp%a(kj8F8N+WJCK&(_hFo)B?qJkSU11A z38A1+V3^zZS4RBhE|GQus$oz<`IBUbCWDY^1gI5xK$I@(JlH9Zb()Cb&LJ|SDIl59 z%cr1_0fagsWBfz%^(*MG5WBD!5h8WA7#>l;)oL;WOxYM;?8Lcs6*|Iwpdqg7Q-w!H zg4m?p=?uz4tCm>Yjv>ItF`!(w4KS+fXp>(Wvg+cGJUY=~>k=5+lc8{s@F+{ppkV1K zSCk!!fs3%p?Q#_dh$lK;UGTV3xzm1mm!WWl^kqrzjSpx>sKT!_D=Cd~AJZy^=>Vrw zMkv)3cE0Ul0GTUQ?Yv;5*3;cU?Nl~9n?%~wWgT`x60S^Y>S|47l)gpegAFu0`!$J? z2oC3l&`t@~f9WunZs2!<7AA&oxfC^Wjd-zZ)+V1qY7EdT?vZTaoP*V6M=-2qu=d}i zTuAJOF1;g7Q0xfXdxh!g8UekT?!*QH(61fJ+9f>|rvVDqUIG#Tm#!02K?INn*8LzTHkVXTr-i^192|hmuP$4w z#M#CE0r|wET?aX5(&b`aBLpE{gG`R|o_fFHDNr>NfF%jI%GzHvykpTIofE4X#|*)? z0ga`6+fd<|g4uxL`fhE7+C}d=cu6i6>mIrN!Mv{{Z)nwibyVgr>hYzrJlQ zF%qSCvQ+h-Y4Ub~jvoI2-WqWVK|1Z$EY^37_P^sOE{|z}eBx;Li8Us{y>Au>w`yhG ztPEam7=f^@#$P*f$SK233l|DCu=v2^#Zg?wR$dQ)pB?`Ir!&|A&VVM+x!DDzt2kF{ z*fo}(1FT|z_Tg;S8XHNoO;fH_0nmu8bV<2qHFc@`F5dpD6CpxcX4Bs<^e( zEZFR8l?!y$hiIamZ$$Q)U>bwjEa#&n{-KTwOGllfV2Kfp2j7;3>B(olxUKcfb?Q=f1-qZIA|8^YYDj7CyX_6qU-2P`!gz3 zZ(;62$1?zXF%%Bz`K3%I@nc6Rv@thKxP2ECv=-SP4D1k2k+R;vKuzsb8i`fz<_ZHq zudB@dkk-@uGtB=0M9E%oX`N<@#k`DWv3V}BMB}0tm^DyAU#xAu)Vr@J2gyTUM=U zZk#$IvJAU@Ae{qrU_z?9PZ`4R&(>q`=>_+`%vbT~hqn#bjR)#xQ$VKo zFCcP?V7N*ysnat2L2dONW-moU=K)A4kO{2|7IzpF=Ql-4OPGtgnlj!)NY^ZPgvBkI zRfSBUYg#M{pf;7fGD3X5u=#ES$V_`j0{H2%jVU}Jn>(@Bt1EE9cgDokt(AZ+`@zC| z9+O9hhCd?_*mG;rB|~MKkq%~yl294CLc2s;dF+H>2ZUp4(!$@ zX?>;2YD@NW7pnjkPT}b*F&Jbzbm5sYU6(`2vxEHuG4d{N+oWv*#ujn{E#?ZeQnrKe za}atHp}-1Lxe{T_hYnjKp}`8-^o3U-vOi5qmBE6)L+ki`C#-uh+VlNTj11mhn&Ma= z59yt*9%_N2!=rO(Ww>#y63cQ|`7J=vN;QZ*HczpDQ7* z+uC}EwADUvOrbqr-g?L0I!{&XC&F@vCok3x5{F=A#MEHuMPfGARIZZIPbpWVQwy=- z&s;oKht9u%enZj%zB5|$e|9RBZE~*i#$RX%FPPdGBIdx!+>6Gc2C^8GZSRema=MZG zP9E<#3h?@UN8#l?YubEXh`%AFTJm9h*d_~Oi94@S(sYc%0-I?GQx^rNG{V8O6gzsr znkLr{A%;1~72t*oljm}=4Fgmjh#MexbcV}I{iST%!fFEdl#mbg2bAIS+~=ln_2@J2 z{X>cR1A?&Yo|lKh=`DbE+8vk%DxeME!pO!d&TOl00WzIfmlLdX5H7#u9Z03uXq3Cp zTlb!!_l}c4fr3AYwD_GkWzsF=#LR$oW2tv~C?KoLRbn6Nt;1kffrQ;vi^>Xe)L|l2 zaBYZelUuFwkOS8K`S}W(!){k&tI{PZs3{YI2(9k2fY5v)w_V${LI9QhEK zpgj1}2Fu!Q3_=#Gv_(#ic%`cKcoy1qGn`7k8ILxu=pte#+YnNK*=9#ahOqn`rXBaR z_+2BT5(3P^ZOV%m5ekOkeDXqaAK-$8E6^__9V-Pbh}62e0@0Rf5}{Dofrm|WpEb@6 z`Oi-GCH(qNk=KQYzD{x9=uGmCf=kPR&6*ByuOnNc4+ZC3%5>FO+E&B4_ahArbUIAa zq`)8|B;3siO&h=r!kqEwonCk8E*h*?lpGO+HlTa(>DaKs4Hb`^st)RCl~XS7-g@73 zbc+6V2u(4S9;fXzJI_X!Dz_rUG8!<)3y#u*L!8i}>JEe;7Of`FQoSl<-F%RQS`8v- z#hQuI^7SDzdKMvL!TV?9o6+8&3t3mjQs8&)>j?tYpoA>kUq@FQ#h5Z{l&)~HyT?R2 zX{ezqp>+QMxucVzh&5YFR4Cxr{$f%$xHiyZ35mR&alg+ZhY{R4blhyJy=9uz1aQy$QAAF)gs%&QhQapwP{pYcker;J0KGe8d|0_KsB-C&I78 zndA3Q$1bLUWSu--hYm#;A3#kq(F2rFpk7;5Gt4QYNHy zD>)ng0LYL*SYR}5h5LdFGCE58WGH^+S>J6aJ1&n&>t4*qx9pg2V5<<7pd7PW%1Gt2 zswX*{4Ha`GX~MQK7uaUOjJXZ2_b|p>4vj=Ed3zJ#Iq*y1=0i_!wE0d+>Hgd>&2$1Z z2f?-pXdNT2+ujDHX&BAAa^{>z zsX!PiEFsA)ef+@f425i5E}l^_1Wl2+jF@V4vF31pE&|_1z_ulgId%&J%4@8u1Jn*A zd?+oCR|mkG32{Dn^Ma5t6SD|S^}5Zu=4&$HbVKE7TS0G zC$IZ4-^HYO=7D1|Bq~%er<9=h0ISTf+XDK+4~2$oVV0vyE>`uH!y08eklM9TNdY^xGz64dpi0}P6MAN#_6l-BTt zpO#7JUei~!+H!s4qq$CuAhX*K!7oIHe&sbmy--JKfamU$MtsL9>ReBq_nxu$j*$63 zVlR)fdiS*TMD*`y!ww*dyYCm}<-v&x4b}>koJM(~xatd(?y8ALk%BtH($~?HgN9?+ zDqRkPxt|UX<@Q3la%O(Vj|-`N08aW5y8=67uYJ}E0V;xC%G@$UX0wVw2;J>6pIe#E zYlU)U8$6&?s^mpoVKI$r=600e(b7~Tr7F+UFi=EvP33)(d>)h4J*UFyDZo*3E^}Gd zRw-ncS(HNHohJ8`n^0;HK&9OTu!atbjcv84AR_W3pDB~pUggi6=P*%U#iBnR)8RQM zru#=plI;4=OPUa|;5ReHPC_{ZB!kA=8G3!zA>tY3Qav<$m!nQK_Tclt_Kk z$``z}%gQVHwBTzBJ%qXZEZ`_S{fK{b(RD?5f7w93t{af04 zPh{C=jRT~;)YU|f=1zSL)VLO*%!eI9>c-L9)JG~D`$1)fPCOexH0l*bvNC|c0|fZq zaOWsLj3>w1ADyy#Z?^!85G;3qtY#WYC1vGz2t@^H-VW_T#G8h>7lJFs;r5<~25*KV zG%Mtj(mkeX3P)GoV{9do^0KTb~yyA$9~{v_rJ2T@d07^g2OHy!AhM z>mPXOJx{Qo70W$$+B&(#lE}n2n_28Lc|8h@v#cwcvNfFxEWP!w)D{s3ExFrS8tQ`rB;aCTF z!O=8YX)4MV!s(L*(Fnb|^=0s;XN3}(X=3q=MJT_)m9(9M1afexQlLzJ4JWF5M}3cE zyKbjmGQ!HU3yey>whGBJ6d7hODH-%q4u-gZ5PY{UHvm?$ol9Hgs`^s51~qY(VEKE@ z6vyGzkI%GU17!4{ZVSsU`>cixRyYy+jJm^e9`$*$g7t+(yED<_%0@$4V`a?U)sl-R zL4cZ_rED}`bfu9tk67~m02tYuOK8AHALNRK0@d168j;vTebmJ6_t47lJjiO)yWKUk z8nJD6XRrIuSo_CGr|aw?@O`9yf7^~_%Yn;l0|yGrXkd+_StZ`lgEc0<+=GZQLaa4h z?;-Mr(|ed$s^0$q_`Dy*A8x9L!p9?qG0TJK7Wv10qBz~Q%L-g}AwvKV*a{8<3a*S@ zqPG?Ss1C70B8s~by6Mn_6kC{(a_#1ftB)2xT@iE2cOt|l!sYUH(6ut^R}(>rT~OtA zN<*sQD{Oi$d#FJj5$wR2{CZ6Lzi4ab(q5$pR@b0kIS?feiWH@yc@6Jn=(P>R{Il$kmlHK zC1HZ11U$)TcOuJ}$0lm)>m`z}SX|=UB1z`$rR01P6I)T9?W`y2Y<{P(0KO zT{lvXCS!O1vj?RWKP^A%vEGvGIN(KvS+HJz(^u$0- zuQKe~{`pmZH#M0H=g9_YcaclNEev(&H*^W`9H8^ini#zA?hZIVH}5^~ymW`e`$z&J zDQ9HBepNI1S)VD$`UndZ9T=|_j_Gz!021V95@eSNT3zByna&I#$F-m*V}>0SD0q=V zXm@~N=_7nW{r)WbL2S?v_R0EAzJgF20UkBsx6D0er4+Qk;Xz5<;A%Bnxa3WlEcf;)ud&2xN#G!iEh>pPSyoo}me;7oCQZ;J)YHd(U{sb^K8up$tlNOL~vchR2zD zAffnC^b-LEx~WgJx*YBXq(Yt&9V!jn1nX2eGSO%;-WtMPgIIh20FMAop3^`F9jCzVr$ZMC+{k zL?8@~4G26ct58i^B5M=_L_;v&$--mV`+YP^QgsnM=91>}sbU`JiBy>r^|F%LhDM3N zVev!OYb^YykW=;ckHyu^H6E!)yfl`-K<2Vj#%jt~7AK#|j@xQQ8CW%bgjh(r1+ur& z@!B~HRT8!e3)WkW5NI_Zg_YNL!;CSJlzgCMu(3CnE?ilB6bo7+tpwUNnFFp~umHf= z%fz2Aq&MIDqxm^Z(<6KwrM?E`GRsIZDqz6&h~6u)Hi}gcXiMpBT*0LgX3KKr19BQC zdW>k0jjP^z7r8V(bc4wI%($n~czh>0kA#H5`sSy6I4?ak`x53~9=s8P`x%`(Btc+0 zwH2^nCiIv#h^4f!8QDOW!TT(u3#n`|6LT9__Lf8)?G;s=>PAXFt;BLsOcQki1$At? zisuQ$G;Dx^k3V5C?7g_WDx%!ZK&}^%Z7zZ!A*5_&%h5xurds2}d8_EdS=d4OTUb&D z$ARFW`aVijHJe#&&YCof!jw40!!vd^Cp5Id(HWQsVk(mudb2_~9c3)1$ZXAHDz787 z#(Q3I-SeVa%<8<^u>2!y#}14|X-ynH!B)d71Whjd6|1eLb*c? zvcZ>_gqil<%C7r^1=cZTr6I9fOTCnN_A z;=$52M(%&g+L!fK{-HAb+WIZzlf!V)$}3(5u7ct&<+dyI3yQv1PDH#*z>TT9Ifg;l zj@Ansk*Yg239W2&V|7ZG#azj$dC^Vi^OF4MbiN8eTH=USl(O|M133^nfNU(3zDX5R zp`A!KDOikfmrD$>lVE66qvwumfgbfQURDj6=^x_qA6bGD3W=`yj+7u(;KfP>>MX#+ z2qQu&yi*U7(_{udg*E!=!or3UR}^5`-ZJh%d%`+pFPK;N`Cj_IP7pFAsIHQ`$w8V9Qoa(GC(2sr?oZs)I~n_xH`_^DSJv@! zp6NhbxNcCYUb3n!WDui3gRPImm_)cQ(UAQ{MM<*_GT_eXpYhrx$Q8+X%@nQN#>m5+ zPr#_zo)fPdBKNFfFaZR3x4PQsP33gT5*@0m^JVULVF#ovhqtCG zDfJaAnq6CnuJDaLpH&H4pU*a64sr-I_#zbYgGkCW@0{soG+xrbtrH5F<2IK}xdwKq z^p2|zwlP<)d3+tTorT3rwv^>sFzzu*mAPj$Eg#W&^x|oigHw9t4M_%|4ZgmNZ&Vcd zB2bQM8cHwoTnUgfMC+t1ufB-_@0v_6R>y)rl&hFoAoc!^!lTj)??chOsPLeg(BIHRD2@35Q9E zTsk}~DkTA<&Ru3!1aP(5F2B&s6~V}A=7$12*#Hj z7!=sA&N*s&(eHRDImXMp)+MfksMweIX-GvZ?#C*LE#wq2t89;?Z#?pHjR%?uNQdJX zHrtiT8)r1i3*L539J&%4b$e9ymt{j_i!q&)8E6f%&)QgvHX4xqv^;jCYPMm_gU z7qlXUNT54S6}^KrRPv30Tb@ri03suzeFD$pOf~Z}Jre^H3~veov}NJT5oE7(Ck9uu z1Huy)pzbaSxD0p|AF_Tdd<~GA9sEI)L6w}61ju?P#&V2jEe4MXPdUw-O{Mr*MevsM za7S>m@Yqf2`{yk|x&$vEYE$(u=^HE6mt*@N zCA}`qq?FFs2-@CjWJfBwuMkxQyoi8b>1?S)HU)fOvZZk6Q{X@hZi{Eu zQHJDaw7dE)U(pJ8z(P5^f>2QIH z4S6~dG{0t7gapGVdb-1bWl=A?s~uxP`lpO^c`<o@#HbFmJ9G&X)QCD4@(Iztwf zPKwlKIRFOQ+>F{h01e)=M$sFEAE>BpQQSJglKx101i1n3iFa7-Ph?2m>vJ;eE-beb zlRnb2f!+O*wOz^+z?6xbsY+Yjz!^;0o2&{dbVB`L3IWJh({kng+KpFWB{NaiFO<}} z>T3M}!&k4uzjE!qa)M0@nU;3WtO<$THe_^o>kQ(6dm3!9-v=ejl_v80y-_F)aCc+0@ZM3n1u?Q^U1H0Z2W7l4 zr%b<5Gz3l6q7k*-=x5i0fodJ*nLKW3a)S1PKEN;=-nd=JTw+7$P2yQPDGaUoqBaEj z0(2xXm%`=2ga;|SGLoY__q2MzY+gE%nuAd(BQ}ee)YkiljUy)0rZP8 z)^zWJh-(|R@R)teCrI_U{Z;cL>ov~Y#CY4vwZp{5b)Y>+D0zDk`&TcG{TKKLP@UOd zKxjok{QHHX!JPS+Ayjouoozpt;s+}V@l&Ajy zmkUtY(ikWJ>cEPOS3*BirZiWS-d%IPj>SicN{yG$5YXgQe$~tTXv>crI22WME-I=u zLQgnJpxqxgktlO(1Uxs4U>glT>x1@>#I7)*Jtc5TVy`T9AVkx!M|o>3-gnr%C^Fkl zL}DJt7Oy4Y;2V`?*?3&J zsYJE_L)O=OUVSbc0OV{1N9z=AZ^Won)hEXjq_CBVvD}w%osx>vWco*EcnlgL@ag#~ z`l?hGfqP9<$LwH4>*Fp7Gg|T4ygq4g0YC>&$DeTrQv1zR#-t9)M_mF-C>^nR%j_*7 zmw5flqB-wxvkLWK0w^WEZXg4pj{=~yT|nzs8vsJ^l($1sL}|G#1=8h9>6R<|re(m7 zOb74nQdTAQrWnpO8;-wMQV-b`F4Be@dQ;uzk7Dz&y|VM$s89=s?@ayrjFgK|V4Q5Xks+1?P9 z4yQTOb{;Xz8fHm)3;RoYyarQemjOlf{mHmM6KGR_3zpq8rM zks<0ZI=7m`T~pFH{+10DEO~U|W<^V%j6?C)LM0h_@0Xj%KjLD&DV%vB}(vrwcGp8abRuEe4JVcwpH|S3k z;K%Vw(k?+WZG6>Cg7gX@SY2yB)7t?x7~@IfdCD?9Nm9};5+25pqA?MYjvneDH%SJB zd+dRuxl$7cRr<~Sk`Mq^(96%o9|F`F5^FBd{lRH`+^Lw%EvS%G>j9R7dZtbce+g2e zlqJxb8yxVOf;tPDlYLN{?T7V1C=-%RO3rGd{b0GUZskY*s}s`DRrjfAb-vJoW1Zf~ z7@FCbKiCN=IY&%@qHOk#!A-NmKV*YZEr!L_7cdguivwGM{{Yq(MTyFzG1rM0ed8ry z2bjh`+UrExVd^+08wf^%bwtDqFa z)ZS$0)s?}2q3k&X38?_sI6r8zpf(YfpCExOTc_i z5Ao}bN`Sju)(?c%yOuxc6JHmrG>hRh)B0olOw&pO1UkTE*qR&oO>lQZ zJs7wTN-A#-mYsYdnL$PqWp2baLyp1EvxuXYT^M~gg>zS?}38MB8 zoey&1wH?ZV)549=_DQRGG1Ui(C$-?kn?6#dN|nZ?aRtzPp}u@j(@C;j=Ad2SdY6pZ zuFxG*u~1sRH0I9hG)3VwV(f9R{2GU7wxh}|tO|dcfAAkqImiR2+`V;NRNL1-J~T*! z64GtZDBUO_WnH>cl%ZqjF6jnAP_dAZ9AfB3N>Fm>28p3_@OK9Edhh+*M}5BE=lTBe zdu^E6XYaM%>%G@rXP1y-x7(t+uii&%Z4XWQkcNYIR3I&Bcl|$kB<~Av!2b{ zD7xPexDx|-FaTxq3hKc>P5ArQue`1UMS9=sK_V z+P;F$l>>{~v;md&@88wp-L2WVm3VM&>h3EaSD;M#gcw*=k^lo(gc5`SEIvsBEK2!j zs{N6L!og6u&)GJRIhpth0*cDc3XZ@hKk|Uk(f5iU`u~~xUj_eRZWW;OjrUn0iu#YV z`e&>DtrlqH-=u%&{afz;ktx8}CqNINK7l>~quh;R^P?rFeTAw5+J^f4WfT7A5upG!C>+*k= z{m-KU4F1xKsI5Q$P+ZS8znevM_0PNee-sX7|J33tK%)!=4g8@T`7H+&mHqJBkq=7v zo4^0*xU=p56+pm!6RW4xzR^Mv{L^FKDF5Jd@(UlHI{kMby=uQT>KA}0sZ)M`_YPp^ zo38+Oq99OAfj^&Tdk=k3I^Uf2gZY2v{yVTQCYD;HeiIc%2l)SM`sS8zBvCxiYM*(& z^_l?kXN~x)#y|6`r>#7NJwl#-{a2XpY942Dq11l`ii*Ee=K-R@UqKn)bWTa0Mgg$P zpISmyltfJ34oChsKz9Raj0VIRpegQQruiHvV)V zLiy#i`lQe2D+rhwl5Aq32(NyN4^;l&643Nh+?CBY)jSLUQB?XjSaZ$21}W^RQ!Bp( ziUQiT47#{*2e^~&2kI#wRFDFM%M}@FyPsw1?D8f3gtBVQN!OsaNJSYUE(%e z0kMf+Vx9IP($ZODDacbJSntJ!Gs9fLoHwalrUzob1VpvAN_iCy#?!sF@pc7Rr0WQ1F)DrABhKa-%N~*0 z`y&rhq|aR;Mpb?nIurf-=a~z`_cP&aK@@u_H`{?rP2c7J2D;`LqFObHCEF}{9$@i9 z=@P2l|0go1Q-$I`?Y z#r0RH(202!FLpq)SD@#Ke>d>9gdgby)zBj_&>o~bt^Fi*hXuIcBg&`02Az^RP6GJ! zW(`GCh0F4!sl~<-#qC{Hon#tDys6C?? zYL>a@3{u4hmgNua7AZ511qY#{z<&pCUkrTtkddb-MD?Oe{#Ot@VGRd0ru*#C2SJT} zkeMIl2{&T7E_eJ6J(SG}E$b`<=$+}3EU!P$Np{`q%Ti~pe&@Hh_6k4=Ti+>dioFu@ zZv7X#<+oUdyR#PdqQw?$fRV3!*7Jm*8?`7vWY!sMEdW_tz4tIM=0?o!uON>A;jf^v z@;@-9^HjQYs4(k+g1JBUa#ZEs1nbZlGIE7LOz_FOW`*B4Hk{%Pd1{y5;KIJ!@!TQ@ z@Zn(t8rB&S>N6^nh6j*3f?QNbQw=Ck{|!)7)E!6&a2T`s6TeoMm_WfGRpJoeK`V=B zIB0mzwhmMUi)86EzgPY2`!t#tNp4@TXDzCI`0@0}@)eXQ<9gHbObvO=rQj%WmVb7_ z##pv}YWioGsJc^JYkm0^Le`ROUWg&8Y@6-POV*_`&ClGRINon#|2qQ4%`UClUqSu} zyU62Vb%V8JN*`D!7L~T#t%R=f0Q$)ENmhTh*0a)rB*ipeti7|1pMRc_#XhMkWqotc zO6pAb`8(;@8y5`Kk9<^u@3ADD6~1d-)a_kAnK&I-e+GIA2`rjxuTTuW!U7CuXQ`0) z#V51aj~}(~f+dx$f!93&q>+3W-NZh>i;3j96H|RvsZIAg1F9Lz@qL=*8B~NuzzlU-IQSfp@o_rC*Fvr+C1tQfeLs2Qe9(p^xl!KnvsnJiuKrtiNA?-TxBM;F0#|*z``hi8P5VA^6}G&SdPDWld+i=9@q2So z-@gI`ru--|q?r5VysWzkSBE?s^+278?Nqs$*BTN$Vs{t@x9H_+QLX|1CKk}(9&;pm zHFvqvae1>c{HZ8y{1Yn7-3>ODs~;LGSjv76Y-05^22<65ZYX9QAB(&l6I`S6hgvCm zkCH^`F&_gvy}t-*dIvP%>|pTMcKTBTzLk!P6$QAHVtcQ;ix|WzohRb z%&1>~umB7=zlnG1jT2zcC^{(h!*n!feV!)e0tdfnlp^+5@ht`O*Q^JyeO*8moPj~~f^h3NMVm@8B~~F9pVtW+jSIHF4|h6)1mKcY zx!qc8MhHuEpi;L%amv;^k=d;K;TkWJnte_Qp=MjqUvT>lhC{-9XTeL?;0i&KsM5>0 z4s(nLeD{j($46Z$0j~3-(y!6Zu1o=@(`v8uTCHf|g^}JwC%rE%IzDACWKp?vLqdo} z>Xg~{=so(j^>3~N`t_9l$x+Tagnr#(3q%9%_myOx>w@PML2bCMqkmWuG|v zQ^4j&lgkm@?Zq{0GQuR7vK>sea%*w3VGPj(uvCQmFj|UUc?PPql zch}(1O31K%b3Iz>@6x}!1#Q@-4%R2ZPmB+@=dPe40IQKdd!(Nnt1)5y$bm*{-t~8Z z{_Fy$vJmfij$lKN`$ITWB9^c3o4>WhLaNJAb(`X?LSTm@e;dMn4u87edj0Q6%=C3b`{YL67*x2J`Zac z=;0~`AJk4;_0)X@>8n^84L&<1`5TCU$T~M8IpxajYao#3Z6Qg`pvPWCi-EnJclvHz z58$*L_L|wfAs<@=Scd*=??%xDz)q;go-tPEm4HBMwL)2>A~>rl+2F?fBW=d*D6BU~ zX#MQ{%k681zX65<+)c+2i()1+0)d$H?wIj8Wuv|QAmes5A@`$No_qM%@$*qycIf!; zqP^Al01{{dM@WO%fYTz61PS~6kN}?#$@L&;n%*kkX!G;Q-ev?8W%!p(1x}0ZOtf*n zS&Jg9J7yc7&LSraV4=oi z9ih~J;m=Xo!_kzI#cZI7IsCG9UsxbbDq26+=ihYyUWOW)PHM+%k&Zr3>ey!4Cz?Uq zMT|P>*S{D~Q7B2)d*a?ZIFXRvsb5)_0gePePbjbvqGPfB0j&2xJjAJkW2R-e9;XY@ zqb)r5R_K4L@VIx!fEB%0VV>)k+>U(qN;wXuO~y}}v1z)dmG^OP`?@bDyy?ZihManlNb`bg3DU z-fXs8Yum`%b~+FI86*Jqw5-CI`90Q-oo0UFY+n(GXhoxmdF7#OX}oOgyN7;5Z==70 zWJg+`_e=c@=!_XK;}sm0Y-4&nt{?mCqleNUE`eL8tBU)CWf(y7;uHw%JtUFKT}!sWyJ#zj!&%?d{v7LjZIN?I zK>FdU@^sr6-6dL^2uZEOwE4n~M!jnVnW<`^B1>Xqv~XGWYpE0XFJk04pMR`w<)xS+ z!bje;Y;*n6aEf*jm18si8brdEthc_!MExr$Q+OE{in_${-TuFS@4mIU{BgrMJEE;N z$$Ms{giye>Hrt(BoziEiH{3_lT+TdCsepC%WIkp)Ds9qR4igKW)!TnCaO{%y z8DdcycE`}}RDW~1P4!!Nzc$k=GMjpzdM*rn5LMq{ z_U9EQ_<|U4G%8B+(flpQ{aHGJ!tS`R^%h8tUx5${$}INC@t0=p3AoR94kr`)>a2;E z{@_RZEzGTE(NdsdRM$}^QH4F0nnKg|AH?#M`o=|UH9O5Fee?gCE$ zngMTv`&BxNf{Eh^U^oADIvKnRTfWX*$1HQoDfrgPqhBliRU!#!_V1)EETBkwegADyMn0~Hggf?5b?n+abjS@S$!17e>TTgsfLrr7;nZP>@D+b?A zt^Qf}_w8NPX?g1i+jID}sB*cW^(yZe=A~Vs9Nd;QoWe-=)sB&I~jxCy*>e^`MH7xryC>(fca~;Op9v421f3 zoWIt6FZ<{B8Gc)BteNnQt7nxbWt#MVvG8{d)-RY|-^Bh)nZIj%KW{{4;6mJYqs}Vd z5N)~t7y83BFeRz~zKIjK&xxMRtb*p5>U`Kj9NCVoeqoEkUh0=ruReVKXczDEbPKh$?Z-YEOSo)lhvG)rfNp=Q{(?9xG2TdQx3Ij zAtkQ6aB$`=Srxb#a?5rVIHkycvu*}h{XIe9zz&1*Q0-ay={2*HZxAzhiG??Dt$cwy+*yH}$NbcjNRe z?HFiiQoy~mJ0cdwCXMFNUqOUfgyrocvYl(5z|VFBLQIq(8};mni+V;KMcR(9(ttvI z?~jfIWx*t`S9Ch=UK7t$aN??-OvVV6X#A^h5jNa06nn_AY%Pj`O2ni#m zlU46Uy0rzum+y?Gy6$+DO~K3a_d{hpf{kcKxNwy3iYr!sjNi7=NhU3=&tcM9U4~V| z6fb`~R=-}s;NBsA!%LI%fa>FDvH`zjFK4;=pr_Z3^zJID7rSmDw2s$k`IsMeHhgK5 zWO5rqYnZtVj_bkUWB7x-Ka)C02(qa|&SM^16-we>vqNTjc*%gxi6g>z&;R@Yj(=y| zQ4C|{9ef9b^Nw=_^%|RL(z$XAZ}P;Do(fFv@{MGZ-Mr6xT=Wb?wKu5Ca79cr4QlsB zsiu-mMw>cF{{1A6=8};RJAa9Uy?kxYK&Bq*1m<$4n`8DSSmi7 z!z8HJj+4L)*C6UFuG`?C?R3)R+LMsdWG0>6dO*!`bOXDOws=x3Vy9g^nvq}Ey4WR# z*V!lUkRF|z*SD@>5Bx4l>*h|f+VZkC5mW4Lh1nmP@EyA;Y5Ow1&ybuVZKHo9wRpPh)ua6SSt><`&*3-1so4tZZ;;KJ-F%Q{cvCBEc*sLVH@ zb6o;LOduTjLZAK77Yur4v5iQ)yd>ckCyAangNwAuv>wsnH$eNgHYZ%&mSBYZMA=lU zAEU7eP8vnE+zm`*TCz>8l7(n&1h9-cWZd|rRrb}S&2)7=YjN@8GO5Qy<L*iFRI(5Cf~4-DWQz8SvZ7DWOmyipdBe}Q`+O$XCMQTs$YHG`cqyrl4)&_Ta9Mvf4`FbRXt>d46^-*gux*Knu~dWXe5BW#^r1M$ty{aT+_>lDgI z-FoTrlAOXr{OwNMTFJF>pc})=p_3|+>BRn4$?U_9Jr^M%gW3U4BOCpNqs)#NB~;dD zw)X`hWdg4TbtcUfT{SDjkff+hM)KnL)A(fuwc8Ph8D-v`3Kn#(=Npmsc)D3OOzXJ~ z-mG3@_>wysW@$m3va6QD@xp{dLtU~87yQmdstfM9TFYQ?UWhg*`IfA`^PF!>x>{mo zcPOs5Ky8ef=15OXWhbBX`jhPqe*DFh;KEH~DfD{nuFr07qqkfp0=#e8brPEQ5hR)t zrA=5Wb9}#0z!8_a?QppF!B#vA7v| zpVo<#&oCy(Kr&0p3#-K|XO2Ineg$D!>X_X=9$nj*kvt%_D~4&N9{YW!O$t(oTi(9m z<$8v;aaVC%p*dQ7VtOIdgB97<<^_3UUS1|#zDb#~GhDFGMGQOM$V4cZk~xlBh~Y)_ z$-I;7!JrY4lzg$yZeE^wkJGL-;7e`Wt7C>^PccEcC))L~8wxndIdsAnggx&CpIcRK zBw?mPxBO){4YUuV^jZTw6Em!@bb4(KH4zh#J3bs7MGkOsjg9U^3#J|d_j6oTIPzq6 zemXDRS-O8Wgmp1BX4S57Pub@90SPu?hsHxlpTIWP!GT#*+hBQ*9bTxECJtBW0xND7 zmA=R2wFfZ{4#iT29y2+kd^sRQFdnTZOTIwE{G>YDlWK*>IM~yxCT7Pv*E63;7qzpS zXU;IBO?p3=Er;qz;v4!U>7x^~UUWdBku{iRmcrTX39LmRMumv^A%v0Mmf-W}$^2aD zeic6W)KAym%*r&c$wy#~MRC&U_4&>I09@hX z*$B@Vi6OPE8P3A}49{`84opNl`KQLwavm4uDoNLE_I1ij?0gQ|rEN5jG0gZ`G=Eu3w7a7!~I+^x% z1*-l-o|7uPW*x!z86duH7TzAwlc`M=h${1f@qy$O!$QmDZa=%!zI9{T4yz3Ww|ZJA z)Xm6>YKHusYm=HJm5&@LtvvQ|5__9q8=exrprxf^muhmhA_4*+O^t)SDFfJw(Efd>AYy^3ow*=N69sh!k04l;1$tVDRgp;(fOG;Zv&PYQQm0PTu$@*c%3F zbF1loN|K<&RCOlT*FyT&Tt{Wn0>4us$Pn-ps?wUNIE5c1d-RPnR^nY3Q2jL z*&6m;p$7R5`1Vkf3PBzp(3V-VedcJSQu`$$W!lFxDWe1x?B_@9uSw6-RfrfDnLrpq z`bjh_n7`1oHQLzu*H5M*DH}VJ1@g4d;VWZ)5VI=)77z+u3W8>$tF=4AYvVtY=i=F0 zZVgRXNcNu4?r~2qSQvnqUO(y6(4E5mL@m*Pwirb#^8slXQKs| z0%2%mBT1qgOINkhy{E5wss~(Tnv+|bB^N*DQTbZ)R+@Fv8@UcqJ7!U=7^1_@r0mpq#VpSn z%^K0KfC~@`hKr*`4=ppU;}W$K(Dpg@8_lB;Xwe-g_b{sWf`01H9ugbbd z`D`l^vp+Dq9!;7<9cAGW?AR0=g0|T4KESb~0wL1U)0-6k;T~x%+sj9ECc5$X*DrPm zSRL)6KTW16;x~#ILO!G81b&B&A$4+`gcMO6knxHaXW#j9cq3e8nP14(Ur^eS{ws)r z7>9i~EFGVnFm@k!Ufzf)or!a!BaABh$P%5gz31}IxG~MJZ4m1s3!v9vpj#b zwJnMZUk&N{QmeCCL^S^;n{x0O{5fJ2_n1FdkCm;1ATiU{drvW+n&}JzL=iGsEcjFxec++IFE2Ez=Z3oj$&Suj$3;ilerg2SY4^tB>A04WuI<@&4U-QzxP}roFopZ%8 z7;AhqO9ntacvEc4iSs z_(PoB;GQ#&T9Td`j~0kU_VAFcln7^#C+K$VPPLosokyw!e2yBV1lCRo6GSM-iP$FL z6bV-*&g+ozHn%%EBIc&OZ#ObR8Lu#V_SY9L@>`l(@}gS{Uz&NJ*f!Ey=TiStq(@Pu zaSO}xF!^femDG7cH8$nZJ;X%cOO^YqRUgdCYwqYcUrZK6uaBHNcf+;L)jpHR)($I{ zEJb;w?x1``(Sx&Et9UM&YHn=q6OpwGIdy8unh;lS%n4@x5tXm{ImcP3)T<&m=0!(s z+B<2^llO*&lcI$-SYjwiOW>Dvb#S`dj{2`AxEQuZRjAWz z@`i^k5Vx9COqVCEb5)UBG~qqMVX4lMSmnLdlQ>oesm$zK5+KA?wh=CwVb7q3*mTZi z?Un}+JGCW~cqE0?PZWq(6&G$H^0UUUZ$3Hjm};z${Dd5R_7wyRSFtp2U9~asc4;2| zv^OvqaHNk%WW^U!NAE)e<=7C&w!ph2m#^r zY(#Z4f4!uSD(O567oP{Lgas!dZFbc&P^J8+_A0lFeXr@7Tt!z%-IB%|AvN}8?cD6PkDyHbWN|QX0uKC; zrCdz>HjvPjQHsQ$A#bIJRh#aJf}}oPm)F!ru2V_000Hk?NEgCstYI*9!9X@Wv>|*6*rb4=H<#9msJbDraw&TydKsLUEj1(b}7vw+{JHCs)rg{_`lu zz3zPL&&cSb>T|(6red~#lws*?9hzR3Fg<)wA(x({6(dk=K^Gm4w?;W?nugDb$f%J# z=9c5q(%W%RUsH4?%yN1)fjt9DkjPB!`J=H^Uw@cWn#Euhw~TrJPC23tIS||ror!Di zV4Q`1>eMq9&3Aa-Fx82X*bOTc(zOzw0u5a31|AXsu69lHinWi%8z=W&gA5a`yK)w{ z&=3Yi*DguJjl!lH-$$1}5r+hH-|177Gnxvag}qy|QnwiF z&$KZ-QuHn**)6ZsHJ>=H6V?)sEgy~5pGuf2aJ4*IQ-9USy9d@|f=73TKV3+g4#gbR z)w`TV{KSXkIC^cq?kmWZUSH!=$`^Xxl_J=d3-4%b6cx#kajQ6sANC`oJ$5UBo<3V$ zzHt3jw&tc9S{v5M{b1Omm*HfW7cqk#!-~WU+IH;Kk@K?@-Fi5qPdfsXXiW}`Xu2ZP zed|c5%i+$e9S^;k$vFzuM#r#O^rAlV)=#(K->Z9KU#uVyvSmkWYX&?urT6s2S})Y| z#&%0-U6zB|Sb)u3;yg|~Q8?2yiJXzE9)3cENKka$$ySq~-J`3E+|$FUwoB*4UViz2 zfAtRDB~HhvbLDK~RyJ&*DjM6(a`50ALFPZ8-3#n5P?!@pH36|!w!wIhAo}jo! z7(}a9MT-%9hR zB6)F2e)y&ElUH9sWO_{g*u3J@Z-5m&r8gLonfwaH!^^X)zA*fNinUZn|aT$&2y0a2l6eAT%x*W>ojJxb78{X~rkYNqfLar~N1=tg0jAg&%Lg zMT=CO+Y-h;;4uSOGWNOG(b`?6qvk>p;FDtk1TNtCNs zg(FyI-6+}(5x{#^>$cc9RERG-ReZPBHk|T)dPFqAu~fq~TWd2{{_$k2Ta8QueJY+F zWnU)kbVJ_8hq88<(ei>im8{5f>_5e#M-wQgv`-{B<X@6R%McTlpL>5W=@vT%M$= zYAN8qe1luY(77|!?zlBYd`L)p!)0S&)jbTy{z+J;t`TFedxduIfcChp5G-9nl?$;m zGl8{I`y8<#x)`d0>Cis-$b-r1yg#K5&AS{+;Cp_cV9;t_d*3fpY6m&jSX-8Nc1brKRm=B9lU zYz8#T4Rs{`>l5VQe$<)=)0JJ>I6A5^qsGq3if9dfrwA|S2{MqvuuYov#VkLEh@-09 z8^+f}q?(&%Sd7Usnp=F9r(62T=AMf%aDe@xCN!TuTpZ|0$XfBx#0v93J=a#tcaEYV zgF{m{sx@Suws|;%$YG|l$6<60V|-@Yf8e8>jH&VC@wN44WXC(v%n>Cix4AY|{lb9U zAu15}-fk}L+RhC8L(g;)aCKqO$7bpHMtk9wwg8WS#!&>(d2!{|l>079@AJJk6Ycet zIRY^YE2U@5OjEQ}lj_VcUUcB52$_@gmhO>b@RN}iN-9%tuHUQ;2G{{Ix)o)76{}wyv>`ygiqRkxG^}$yL=J~UwaC!3sBaI z6AA_C`q@(N z{PCEpkdox0pi&0k=FR@;tK`YP71_C!IE;s*2_ZRobh_uic#KJ<vieL@_=)n# z)qGY7YacIhJJ#9cpvNNGpOq-cCOOAxgJqUt*M#Ld4`F<-i;)RbW?PcU6wf~{cf?Y; zl^ah(DilDBV&-d1lmemq6~HXcfzHuVjy~kDWX%R5#D`-k+aQbWqP-fAkoJfM7mOKj z2(Z1@{UaR~u@G5-#;$uwpmN{Y+h!d9Nb|PJusV3cu1)Kvy?P07ce+J8+Nw!t0?QbT z>?mk3L2^EcD=c8#Ug{A?vE|nJXkN8kJXZpaReDnY0TN=g!X6S)N1Gq)5`o$ z27PrS!X|u+f~DINF@mSr2)X&}>{qk{B5U9fKME=T=_faC3ottP5xeOzK3=9~klHfb z(BA_?55xsC9nAJF6RmhTno+vPP2sL(p5#Rjc=(yu5^LfRQKnR}uHc(k_BsZWilt}4 zy-l2Gub10(+9`F?4$nL*qN+0?AGw+5Q6dq#DkoaWR{a>K{FvgRQ)FK!x5D|Bp_H1< zDf>=ZZ|*_Og}Re!B&;OPiM4ae*FoHhR$u!3O{Hhk+f=s~0`*8Aic}Nsk$FlCkU4o? zSk`F}R!-UY3JRuL@E4O5XW=^Hns0nQO^80tu1qhX7O?(Beu|iV+Ii3bE5;HliYYj@ zzbB@nrE4r_tq{rT=O`-l^5J9!g0N^n&%IQEj=L_!L|!D7{)Ol*-sjju%Vn>_?a}KD z7M*Ia@B9tIKkX2d`V~uiR;B`9!)#Vrnqj#?x9rf8NG zYJD@_2q!O(hS8aDBV28;cle2Qr0(?$C{Rp=#A~*qC%cZBV->-R zb6F^sip$9tZ*eFaPiyluKduo-440y`+3&f>yIrC0Aoj2m3!4RR&TcB4iS{vWi&_vr zc87!Dab1gVysC3r&X)7Ya~Apm*%)kva46?7xff>!&S6IWIL;k({90e8S$GMIBKq!A zyV~ks&7vga2SgXOun=Oafj*i+^#EHon%5=;{iX5diIO10@;J&b9PaNqn6cd&A%oR-*0k_hx(Ftl23E9GSQ}^UJ@vvlAOZXfSSCH{W%)Uj0#uw=QG7ppLQi zjqdZbtgNJ%p>pwot9daSEbWM$eSb;1_XY&KOf4V|I=AD17b4Zt3=#GU`7c zjljX{xg0whTao-c`F64mGp1bhIyO2EBaUHE+KY~8(DioS0J(?5QP_s?orEquakT|J zccYp5)Tzn!pbKjDtSVd57`0f&ad+)*M{CY@JmDDX@aXXP(C_u(D84j7go0I#pxDT( z&45+$)`m&$zQ9Gr1d5G&5PgJYB!#E1z-2I}sry%uBx9idx&h`|yGOMgayY}LAT zQ-F+B6dN!TBQr43V_jowpq}{zOS_2vnKK}1RK$h^or^I3(>m}f&-q?BUFwPqWUS!} zP0EL=qNBhp`}D~k+Bv~;8Hf11xM8I&T465fOip^r2SxLiQXb-A@l$BQvI=}NgGnaa zj3bJBbb4f521*;xgEAO$1Grn3rhH(8NDv6Po&ZbZOcoby`nX-{kh z`3{SOilm_1_EBm_c%6*G(KTTLh_DV$6t*L}Z_Z;_#0v_uoWtZb)SbAFpVXvh0O=wUWFJkit) z{$ZsYXU*^L$0C00@Jc$-g0Bzq__y|`#Bn`I-BO1vq4y# zmrYvh)7(V#^0@EOZ8vG~SXVZAsk_!e^qUsgU~_qFA@jWci0BgPXaj?^R3hf{6?WVQ zu)G?UvA#9!%n@}W%C|{Eg_C$1iLq?^gIXzOsOB$UZmnYwtp8As zsiBh;uKRXhA<8=O{cvjL_@ER!A*bYRIpvrUCMTG;pHoTnyN6l=a9RJbL7)xz-p{H}{Ls~JHX{y4VVtHk@ zViUCf#lRUMmhdc3h1@~}uo!aP<4X$JQ#Q366pEMkVlkFK$aEHzWtP0@6FW?qv6t;i z;T5;8kTOiirx**N8a`s%b#a^sXz51wj(S1ZigXk@g%3m|aa<=uh>Q9;2=0%L0g5gI zA1Ic0HI`3*KrGiY-NvFS%uVEIgCKO%yAbK39n94VzB^JYPFMB0%R& z=Ge9rYRVG3YC8!j!*mdCQ+Ch}^3czkvkNYc4<=Eik{f2tK1#S2!0@~ftkYmzv~TAt zrIgZu+-*3i}7N6BLWm%mQSw{}sE;d#_`5+f3P|0xF;5?Eqc zQd^QyTD_BhUjt8sqM0hitRwz7F_X|(OXZS1U!mpF?vll*_`D92fRqqkgBz_&a9Q~7 zCycwZUqLKXpYPcj#o&@~ZFET8UQvOkB?|)2oHgdWtuywT!kIg=jn_?cS%n9YylmXD z7&10Oyo%n(sr}HXcd}tr3rclTMrdZg;P+#t-w%VeSt5TUz_RV7oRO;0iltalqZj|3ELVC9{Dox7SV-PD*lT}dWCn#ZjANu zC|a=Byj;5vJ4};0*h?a7m)np zD4d@5CANij^ja`Gq7d=+3KfNH;f9$9CuLP4_sNT%We-oy*|A}sY_VmZ%RUeu`xP0P zc@^)x=;rWFyQd<8^olL>#?aV$%ICCFcPzJ;rBy3ot8rqKTuX%nFdceGy(U(S(h7{t zvEDLK>>*rTP#qqB9*k=gLr_hOvFtA1#4jUkGv#!!1dTB7B0^VlYzThcOvE^=w{ZEB z{Nzwyee%-ENumY?x3SA(=ZNR7%C7bA{YW@mRA(}Z0e-r6(xz&p)(VCgGISJ$`-wQ~ z67fW=jA~pf^%Alp6hZX>gO`L3k`DZ~*#>X4GTJ3LS%(9q>*64Y{7$68sA)=rMt~?m z5EEg$=}h^@V(>HG*B%vR9b|W@Z{S~wd@>64lF00RQGSpi>w@Pw8EL4Sn;xj((ge)-dqhTQZKX{vn-HjIw&{G4K#F93tk#CIggFaqn$Z}oNN(D( zfgf2Ixp5Eap%urD#XjiZtZ=B(e{DA!ZIRUU$98=9jfysL^OjwRTdKY3^SlK23U26{ z@I+9`2lrYjZiltm9=uOWxhEkvOh}=(4LBhl?akNPWr|!HSe~<#1i%<~&;)N5b3(r` z2>TzUSXbXFS^h$Vydoy=DLYJ%~=tWnG+Dczi(-T*Cs>L`=c)QBKtURjxr%5;0c+v9az453YF zc)AqFsGPSozuqko?JeV{Bynplp#Ek(TTEf0^LyJquF4}TQ4C~mMhMPl4WsGUl05YJ z6JhM?{*c_&*l=aF2g32twMCoPOVqr5k> zdMK5H_u>4sM;i950;Q*Ftg)DodXVr6(gxQw9FhG1aUEAgw_vkC`R2eX;5e)1tjX)T z@kCP`oT~k&@aT~=A&`N#M#EQ~Qx@5kxyLO6V#1a?! zRbd3;vqRK>ENnZKQFAaWyj&Xfk9^%jPg|~%Ef!8X7rMlWN#Eh*nIh*#g-_}_R;y|` zUp=asSD|xIO;aO=kf;R-wk3Oe&eJLT0{wY7NADWaWDz&y^~|)j$#QnHgZ#(|TS=UB#9Yc>Y~yj^ABvdss&5*!MmTFA--fglNx>oDXgWh-uy9|?fV0B_(S!RMW+6TN) zhXF(Emv0!khHxkx5u37nF==Y}ah+{AkC9JfpPIiVoX4`vEa41EOl$5$RAh=HX5|-ROAfj<_Vd7&wTYja zn9VX=j%Dd|4$XIqr$mC%?0wTfCMpl~Z|3W*4R0mWbM{1x$5^?Zcxccs#WfvYLUpZg0(xo136*}3&_<8ZTQL`^M%1bP~fmr`iIrXmn z_;P}dwM5(+d5;u!|5Rv7=P+JUb&oI4z1xh6H+1E~@snqWG{Tcc0~?RrUd8ofX0OM_ zQqI&8Fl5^gA7`wny}6sLD)BOyK#f=0GFC~}g}i;*P(MYMu-Up3h}tKJo`>_gg!S<) zF_}DAyVXrngmbUz3XWlEaRx6>W$EBuCFvGwnY!gQsL1=HM_N~ncdUeO9e4y9 zP;?m)lq-r4j_azeu&*g>?$A75ipjpxB2zx*DO12DI@B=Wqi#8$o1^-UD}^amC+dZO z!xP5{Pvx}Gl>KsvL@Is4Na(Gk5DiQ6l{NhXalJg^$DG5K9)+e=#6o#?2RxjGk1lah zdqJ+37Tge=CS68z*bw)uapN}04Q1EbSM)Kb}&hLn{ge;Pih=2kN+C~CaC$wfYi z2E7qr7;T{j5xqOa$rWXvu5+AqDX<318zYPffe_|kh)?UZi)S0o44VE@t#eUZOHT66 z=Qb<+$L;83qsg#Y96z=xTop#?jwEgGjGivhqB)Y_1tyyz9i_bp=c}cu8=G!1(@KVM zQ?Zb>W8Xo>xyuPf9SgPSqJ<&k3=wmI8KMQ~!)E=e~)*B_M zi*H?7iHYP|!~{5N0q+EEaNpt1n8y=-8IVbGzW?HhBt>jEx9h$9f}(Bkf!=CRu`-*(s*)tPm_~RCEk%jsg*qpioBVb`3?k+ zQffD9kr;-y7PC?uHynm6#!{e#kv3?Gia=8jJbNDRwQ-8GM7T~9Q>n&Vn6@!{&wP>C zw^mv}X!OxWXFd^2ki` zX|>U{6A4Q*Y?fC~Q^Q`+B!P>Ed-}Bxkae5fIk=Ss+40~)#Iv#+==RyU9d01`DDk{tW{jvw?lo?8=kc47?fQgUZ!YnEMD9 zh?ZH!5Gz{KXe>t9qV5O7KPXdRu#Ns)Z?|gEwCcYF3dzit*um?Nm?7JYcW>j zpdPiySH3%}fv%(5QLdNNj>d_MqwNl(b{!((S__yoa%26R^?3-dKip=bbnN9T-&KUZ zii??=iUU@kTyt)7C$58O=M2TRY_j03`;g?Imq5FaMC6<0VHm-(jn`k}+=hF=N?mZm zj3=W&M#My6l((9oQm zxeaOo#Kz*Fp2491=e0TGHMyJ+WkUzL!leRAs_yc1e3RY(vHJac1r*J8nZ6JyUkgt+uU(ap+zUY6L|X1+<|VUwOgNt9i%O+>qv>Y5NqnV)>wFqtMX^Z5fv!7$P63pV_--;_TJGUeyr^HFb|46)K0_ zhss)&Iqh zzwVto;|_y6LyY~-7>ts}5-M>q7*a;7N;S5q5R$a%&KQhR4XKotAr-A?m6oxlsHD9p zq_j$#7WDqk=llKR_s8#X|DEOac-?beuXCQ~oagi1q12bvyEaZA)pzE7jBZQ)ZQPRl z*7ED!SGtKczbpz4ndl8}&l(K6xN#ZPrFsqB7rx`^GR;Hvb&=a=dOYh+hWm$4{|?jK zHy^B-|6-b7Lx1Ypri^CUUF$my44=pKj{9HyeF1SlxfD{(`Havt`r!DqoFSTN*&tk7KdyM`21KWr4gRV(GSXA%wqkex#bx>~T6>Z+sZ)2iCY{dh&h6f*bs#Zt$cP+4`ulURi^G&h7 z3w3lBj>R5+@HN3M$1*8&1L~9G_PWaR-=?5S;}VM_&AGjHcZzLJ)H^k| zhSdJa&BPv2ce-!x&52b7tt+{)OOdg_CS^u`4ZDARv#n>8uSN{+{S@`k85TnmPt@G| zkiKT^_LA8~&$_xaCzie$k)euhZ@|Oj^A3(-EVeX6Y5dm%XZ!BeJiFdGc5$`Pd%@96cA$$za_v(0 zSxGTfZ3{1XPG0k2x)Jk2H6HG3CK0wxdi-oG)Z3Wm(!_ov8~;>fJ9EGB6TO$L$?tPB zA~%pWrL}+DAMU(?*cImPULZqN6k8}SF$>ef09 z>AoCzOMymjI(Qdf)yk6JPa0UYQuc>-s}$~=u`l-T3-8Jqw)(W4EXS_dy+>~V4Po0s z%a;!l61HBNvi8b_=%j{>p>^!Gz}B{P=Wcq9O!_2$cO~dirCwZ|!QS-6kBKyYlfS$B zZ<37{y6)ZkZXW+G;_~c&ntmn6hr`wa&7kv`{E5QyM$YHvX}2cSVZYZOYCXvI2wL~G z_>ZEzFUe%m>2rSz94ex8&$wu(jZea{}A)N1(^0(3Z zWb_PQ(V_$Qwi-lQ={p-&>Wk0q`7`m=v}+A>PL?bhZe>s=dY#^2U3RAF8g0q9ezz;- z1L$??a7xNM*7TbSb;gCSvr}7N%cpw3efMk4fm5_ezw+O>b(Iv&^e(Rn-EQ?I<+i4+>fsaBz}Hl4_uEx4SOd%XqL&j^y|2EUuww9#?dWf`*p*MH9EV~Zn?;79XBqR$hqwI=qq`B zuCy^fAb)><#JW3j-GX<~E~j*RSK9B%+fw&p%gD&g*BfOG{Vv5HE}7jM>F(#9ql|3% zvucqLf2QP$UC0|tRS1D7A3$`ng7ax2^ z+H7?WOFV0Q*7RWT#ig-zc80HBO*+r_?B8|AS_1Rv1{>!*0$DE4q zdK~>F`$$Pv{d*t|)#D8Lltf!KeeLng80!|kc^xam%-x2M*x#{hD*E~AY3*vpE9H)q zy~cTetiHX?)|7XS&*1*7>y9Z)(U6+9t1jNxJ7wn;>lE9(PQ!Y=U?hv0_Tu@WX+NiV zS1vQin~6YGD`MW8xMsp4rzcr;d!m?*bHuVYkN?>Wzjy2Y*2VCa znQ22^NB8G$Q>Bg@X^y}7)g{gpn2 zox1K#QNL&W2b%Hp@3O%Y8=j0b`7NCj5FIqKJ%7{EnJ?e>nnYTCigCZj$sYa~m1ea# zcL&t6e~@ck4!iGj`4IB2;AmYY+o0_JAxpR~;@<2pkv-~_&t6Aw*nVKi_H(p=o!LL% z1eK(wf4($qh$N@PUH>)x-WTW9g6Ef%qCRD}Ch%UBa4o!e)t>!DpWZYqNjYvF{2%C~ zty%x<&;EdKcFs^!bn{imfamQ?q6X_6bqbqFdU2ZzuZCk%2kjwC3`&jm(06llU5lUoC$h6 zH0|7zL+)XnSu+Xi>)otdiPz$!)I(3E&Aid9mMmXn^_-Tmt}7&>@a=_Fhuf3vlOtX; zkD1pxIQ%fESpAZC%u8>%JL6z+UB7m+@~c22z3BO%@95dw1>ix7o~ygZE%JTJ;#ZBb z-onVXsVlyvO&aMf9(dH?x2{kWw|RAgnZf;JhLlMa10&)Ln|VZatp1`>dO5@9mC`wXmKx znjH6O;pII-ngy$>HA_pdAYQbWa(0~g=0djjSkv9lxt~P;5(<~U$%s8ZY3Kc+57U=@ z+_z+Zy0GdL)lZcE&*AFX*G-IqW@X^f${^xR0b;d9@P5lSn%?X|%KTs0M2CRy$;bxe zx9a?XbuTaHverz!uE|2DEWAk6{@F->IqK~8@I`1-{o-?9tE^XA*=1LG8XQ&Z*d$(C z{w{EA)l~!iPP6nE{y#!`oQ4lys(ajY#aKaj^&N{vd^0N+BK9tL7`Ag zUuen}W3APF$s9@yEz8+)>nw`g^;DA190kkKG`C{4`=qOr-`_}{ILUFB?_F8Ks>y4w zWa#bvT~%-x+J%H{mr5E!E*mQJDetDO<1cl1i{E^IYP9~83-a8J{pYr$8FiqE9B40_ zViB5RF{+-HE1)@LJ0@i=)iR6Z{n*JjJht-p2yuQP+k51zWXrmd>y5Ae100=JR@kGQ zYwFSJpa1UvYrpz9&(mdcq0`R3Sx%$E#|+vbTcIqbvn0uaqa*+0d;gDe->0Yk$1O_c zsSZqAV+=)^EX!S>PP@@OK>_0KdFa!)dpYBc?wO^okK~$hw*5aqj3V(eFB|V!0%wax(AqiV5S5{+dnS zc)Bv%Zhdxc<%E|{^m^9+{0}5?-~JmpJAC75ccsp>c8XD$`if0mf$j7~xi9aHIJS-D zz3)j|@*lX+wq@VooSP;SYa?qMEOn#L41PWI(!x_~#;BF-bN9CO`jnx|-`1Yp-qp3| zW5r`7>RNk!|Gl=RH#yI2V>~N+bp0;Z8f&BR($)bjQaAfziHT&8o^VFh7x+Gp(sta@DS<4!D8~lBUfP=*3Uz99EP76^+r-`pa!H5u zw)EYXC%(c?&bu_O{MV0`%w_J*GI!b9dj*a*mImCy{rl99J&HGOACkABU+?b>sjzQ5 zFrD-BaKes=@IQ`i+b$oQa68y#Tnc+^wR_C8|3I|GGuo4iskS#e9Czx6e%|upbz0Yo z*6xqcfwDsn`o>htUK?+b{}`HjrWK1|egH;G8)_HQV{SCYZ;4N8@_#xj>V4nTw%>0; zB@Z5$#Hr83-hOj-c71lU)05t%y1B!uHQ+70G9PF?9^sdul($(j~yFRmiaTXmGe(kPVARFDb zGktMTY@OpD{m7|rr%Vs3U#n@DSTlO0D#+tBG5GAoZ^>%R;re0C>p$M|zApA)(DXoy zMQRR1#Yz?Ih0 z+_PHR=LD}C2GoIH40q`4t@0h2@!gbu^DSqs%coOI2d?_3c!!#O=+EpF_+Q%eeaBpx z&bA5qziM<+pS{%V?D?S5Gfn{s^2zx)5X>3fu7@T zyqVU~b~blz>6NBlIhMX>9dnJtLXxgX~m#9D8dF`nh?C8}OUems7hPHaTm+Lm)YBN82F0AKHLH@yK zUZeW+Bx?ixueax9-pmP{-`sxL=>8V0wBh-5E5jhI%YmO-zHC%pYYln7Y}se4!Qb8P z=$Dl3RqOY9IYV8)c56?<%4U934X@e!(W7?kUeIdwu60+UYty=&&nf(SzdmSMd*xM5 zTBG*`FH5_<`NN++JMBm-N^v-``MN&ZU>CfX&|^x*sOisc#4Pq}|h{0{`&-pm+Lof|hA zF?;aluCw4#O7|<{Rbwy%dE3U zeKeN?Q!}JebVky&I3zLm+-Su7Bq@@+rd4yfICM;Hh?_CVINkGFxLZIAgPI(znUeF4TC6JEH z>7$FfT%r6uc}LUFJ-B@(>ss};n>kZo-hb7d_&u~*LkhxQm+rb?WK9Cc@6e5BhlisV zOwpgTDf6<<)~$iIw179#pDW~7emYKblm@T<4|w+(QIo6JAO7n3a0|8JT-B#+c zn&V~AnQ`9IjwbNpXHFnFVaAhtC${!@ss8V(El*jNzT-}bSZ{M@cRjv%!;d<}JUh_X zQo#1~6x_Z3YhHKzw`IwBA8njHu3?^9)3<0Eq0edm3C-O6)i?jjgrv!%Ldl}$TRtk+ zyB{Pj*1QJaD__4|UGLwSUFzL*MD`zWPj_Cp_ZPm-q;c2Cma(etGuN{k6`i+xcZY}a zYvZKL+W-8F)JvjGnSV)2t9sot%`sL}bp78kz0H5qC?%(R;vc^QAr~B9x^~ZKNzeG3 zl-8N~X>7zTA;d8-X4b5(*4s(#O*OMW(BGMdKiI`C|0B<>G|pevmz?Z=(lGKh`-PY$ zJ#mi{_#Zg%T>sALyorxfno~9uopI~`ez@EF{I-h&Rm69#VeW<{3CqU4Ke?@I;L@Kf zS#eM5>=t|4Z=jBAdQocCT)%7CrCn|f_Xo8UtKE9zCJ%;unEBh{%Z&1|kle;wD^Hi4 zb1b|$eanov{vW@KVlxKLc(C6Ny9Kdby6bFtsjsx+cAgoSUlO|JSK^C9bN$?*!>iDq z9V_r=^UStD)FM$;VKV)37q$1v>@M+?fiL#WSpKs0$dp1GRogFF!eP`!Cn?&yuP3>- zs^)jP_3@FG4UVPGg9a|QYmdHE6m7ZvW_`<$*%714x(AUD)Sq5VAGR39R~DV0mH1-0 z(9H@-`gOE((+ro^Cw)_#6m8?5{BL)IzTDm6f1tBveQ~0CR(jy`Wd`r-laS-RV(aXC zed{-zPny}_ws|n&ccJldLCr9+p=yU+5u-WX-=k%5`7D0>o>!FS@ApEJSO4%HMy*On z6ZZ$n6OxvM{)%;ST;KQR@Q5t+nFZPF`)&)%^4N8|{+f)q#!Un5v1Hz+gMOPf$Gp5_ zhQ5xKyam7d^yptSr`n-i0~?+1S9#-f_fFsXskO(q zK6-lf_gx1;LwI}W_J<{reTD}-o$sETefQ1MTPGJAzJ9kO^!b#rzG=sYxAk6%Na9ag zd3M&4+Ep*&UL~cs3z`@Av^ks`kQ)h4wlzIar-1wM_dH$Kxo&@h#~D8``Q!QEmhN-o z;LH4*InOSB7DwmqcpQGMY3;7l2`_DZyPQ8cT0L|#!=EO7p(Nkajy34d^a_ugb19Nt zpXRL)t1pa%XEb&Y- zbLBwZm~~?h`|I-Juhu7*XC$G6cxOO}>t0Te_ERgd0B!J_aPsZC^v^rJz-W%IwcCp! z>50xKIn>+_{RW2(LMuY$9_Na?pB%ih|~k`@AUg?`$$KyBzxPS@h?~A(l&zIQwu$+t>*rp}(U@nyY7B0+{7x_K`?!-{{_Vi`hHLkpJc&!r@(zi6 zU7tOrz{LyBOZ=KfJrM|-B=&S)=6`7y-L?CAJ*+%swY2G5zGP44b=jKaU`>GDYFM+w z$arw{;^uD^r_Bp8cI{HL`q;l)?&!06bS}TB`Gb7BOrM7u+$nn)7~iw+?>>rSVv>WX zbtH#A`z34H@pIn-VPDDSS9>hexFel91tr>cyBZTKmPAG;gzfj6q>L!wyzpx7yuYJZ z&^|UJh?muc?6cYX%lcRJ%FgDLE1E_o_gx8z@(7+ol(ofk;bjlmbGI(P>4&a|eRA{f z)S(Ll?M<%OX6~KZ z8Dz72;_fY96aHKjfSeM`P|GGS-{{LswC&el&RrzFi)}i!^UNX1knW}L(;Xl&Lt_IX;(cbv}vh% zE(0KmnEY<5D{tG(BH8jBHhIby1*V6CR^+JwSLKB|`UFi~Qg`kzPClwY7gFBV|sdn153R#g&36 zwuq4XzzJsqNe!RWZECac0cM^-KeqcQ7?fUU@&4tpxWQ#@vc-3Unnp*p3`sx$7_Gtr z4C6K(xnk+RR>TpBCj)>O0z!G@bHF=_HUlejhPkloEN4Few%zRX74KH?C{P7NGR$kY zC^hw(Z5_t-`Hq6%+t5D#yZs3&ME+CK1oW^U6>?MlLq(gZEgvwpFDmc`@4wgR8lzaH`0Bz6q&*}%p_09}w4%n!q@bD%^(~digfFgzbbBCKBX8fFUgf01rsgKa2SvC6aX;?Sw}l7ltINAo~Wkg^iD)D!vsn zoBtnB1*`K2La72%$nAc>v}-3a%EDQUpv5n(V_b-s$tFWe;3byKSTBVHis>k)^W+TR@4E+-BnN&>TOeD<7a$T^D{?(g z%TGMMn6yE}_NOGw$9VQGB7AcPl?Iw@S!cphctW*EH6N8>kk7ugtZ#i&<13^pxYb#q zrC%k?@BcLBmxezt#O2o1XGjaCN?xQddhmsp^}qbdvPn4MW42 zZ9kl^`ZU`@EDVG;pt#UUjz&TU1&>*wAhtU&rhss(roe_YSO;F%ZVx=wrE|4Nilm;* zLd!RZ7nK3Zp~rv$+I8-GxP9O8c0;j5EBtRhQq9-e`2Z5%cAc8tk)`XvX#HR%0vrEf zy$V1ygOr*=8jAym-3?|dWT{mXJ_R@K{LB9?ip8ds@zEtaAeXAZu61xe4a_x57gB{H zU*6ie4FLApu6UJwE)T-Z@uq0o9{t8K1*{qp&OtAz_XOu(SbCp)I7ArYNwf6iUS z*-*v_BSlPbr3uV6#><%j#lVmcclfWRq71x>==uuXQ4>m^iH~k=$vh(~@5y$Mo%dx{ zg?@b1F-}{qg1NrrRogHPwrC_o;@z5E@wLhX)OUYr6M?TWoOV&G*0MLouyImWA-eg7!Q{_XE`A)BB0xF5K zAyq7ULZ3cnO(lVGK&b=Ar*S!o@9I0Mga{sS(sjmUG@unQwyF9ud}l`xr_46vxOTWm zkDyi%Fc*XJBgP4cDWrl%K`{2I_^AV^cL-tooF+p#ib~zUzEKqWqlP^N} z_<)9~u!>0qI3XYqKTqtIveP!~`9+c&B9?^NiN@eyqQ` zTt$$fK;P*Hom5bo|4rDw{xN|HR=oAafrZbwhcHlR6Edxu7GHcHuXG}YGp;t&)#WV6 zgnnSC%!nXj%(KLU<)SIe4qZEZQNg04!QBOE_`txiRt$WU3$ziO_DVAC0Us$)l|@Xm z$J|h|>VU4ajwht44#@vuXv#%^;p862VYz6jR-VqKs_w<__VOGP9}00FN(+ye!BL+P_)?)lZ6O zneA(`jpK~Xyu%e{#aN5Xc5}oohK7oGproIZVE9s5K{blPxRBIF0FYBCMFOCY%B2QO z@Q5YH$R2`LUkG{hfWy5E;~Ph>L8bOe-`R!)463NI%BQYE@yUoi(<>tlOb*$H?u7~H z#_8TwQu2*NS2lqgZ=KJ+>z7!$NY<}Y%p`8rIUGqe1u~`@V(crM#|^i5K0Se}Z)gp$ zXE)ngjpWHJBLWesjZpHL4}lA*z^&g|QRB0fpCwaBiH*wyQ^T#r=^e!RI3dm;n85x1 z1xB$%T869T_UNr!u6jH`@R&d*by|p4#E6{74+nDcd}{69fk!y>l-vRD`g^xEN?K?( zfpEo4CLPwC(uXIXP~tKIZGcwLeBF~VCLB<7%am5J74o6${_y{CN|{NjA)ZosEILo+ z;Htwv5IIAPJ|-pLsXzp>&Zj#NFhQCMWz-mfQ|vKkJsPU6vazk8+$<)o>6i{5#&#Wg zzJUhX4bUk;(CkSunQ})Fun~bxiZY6{vYNh%Fj)@IHMz`q90E`RE~U6usgBUKt~P{I z&mO^bD8(F@lKjg&3oz^f$x#g4w@DCS7{Fr00OkUY$PllU0{0xfLG91=+OnPvVddJT z4oSapRNDU)pHm(q{@!Bc12X6as<&k%jZIA67|tN#;|z6+=PA)VN`MaLyx}g%M&&2o zZ3O^UhY{6)ID+H2A@D^&Fv^z7Nrew6=!SMTQ^27+#yF0!L}R0$17;)=oOZ~9L$vmz)=7Ol6szE$`8Id z(s#eu-FS*2g0unWQTD}&C}D4|X3#Y^G(sp`5=`pawKxP)33xJFfc=XNDgz000X?V+zW+a5w}AJtGwy=-xyH z$RMp4_~eeY0dh|Of+l`^8YG4rN<>UwEisUre9)o1ry4FiRA>3ih*V4 zt_;`1Mmp~3k7Zj(o`v5A{7wBSy9|^S1y>IXWrhUM0BFaE;EsOxf9DutozDC9`Ftw+k z4uYM(uiAg8T+5Wm$+{|h-NzOcWV~1rkPKuIwnnQqiup#x(=S!^$k-;fa#jFU3Ed;a zYG72r2~a>9jj94%j|J;;NM05?)I>jMWd`$Mw^O6|k_swIhMdv{h{Y~hz;SIKXnQ0H z+}wy`s21YGVHpPPFA~!k{^UU#vftitjkmwN8ovVo6_5{^5QutxF{csMYP$o!1->Se zOZ&lAwC|rYV{4@J@|T%nL5N7Zek}{ZuTAEHhZ10H2nCY+Ri*$W03hW8o(g^~2P&Pd zZdYhtJu<|UOdj;LCne=-2-cshxi+{E5Q0)1lEhksKqwWfK%F3blVjqy(mE}RwnBWvVeZ$DGrKgw%i0XaI7v)@HO#^7s)(F=$pr<6=F6tLENTd?S%ybDfx$V4RYjCn3 z>EwWtW(VmAq01cQ0xeB7(g0A8TQ7fn;q$Al;&33SKLL;c1qM_kDF9YMVggJeab8$G zWb{1w<7Aw~>V@slgy(%KCs@WIm+jCF1B81$0&70adU(PHqylVQ5O6zhKWWH^M1R0F zSTZoid{?P7b}44o_!2|Ph*W?ise$kzyBV<1Eb71Eol=<@N0T)|B8^orDk_lx5>nz( z&v@dk9Oy)p?tj4l`G*-OjzFWUOWy3htwVr#id;$hT#S+leF3WZA`iK$OORPG#E*gm z1WCVEi8ukc4F`9W6~)>NLR*yOBSo?gN`7PbDb#x5%9!GZmsNHWF`OaP`y!a{!?R!;3HU)6!!kj)YHo zCkMRkyLUI&9)S!Au#znaPy=uapOD6bRRrl6>%+$pF96EF}H-*4qd` zxe*pZyvWoIQ;nA@jsE&5tZ@@m<)G>f8k+}Jc=zL|#W;*oecWE#MKXM`9IKdu?7rsN1c@V?N zbn|m2(63UM9s~3_K&RKV9Ky{_ReHYHcb=FF5G#HH8Ey!4I($Z6Z=L&&$Fl(fj&P&B z@pP6t9+qMzBPc~c;Mmke>21ZohDLjtc8r`-8xP8P`DZdz7vEiKYhcDw$`L^$<^y=r zG8kpR$i;C&u&J7Oj{ApHNLi|h-<~)LOju>$TM=94;lOt21X{WF3_}MJVS%+eI5coU zMkd3u$25{|17{iX#T2%x+*uhgMZ(irffX*F$x^|<7t`2@SQP{5nx>I{I35>c*Lv+} zRUvPxkE*HRSR+xj?~c8#f3fv<8gfFJ=3)Jcfw5-HR;rY(QMV;g!5;k7#j%kHT#kx; z{SaXs#zFCS`vvQZbLO&a3lUKsD)oN1iYUZL1XNh2@suwG`Y@uKzi&+r9ra1s@U1-F z5aTM14$s5*S|!wd;FIVS~H;J#PXOI;0tnlQO>#K(XJ>$OT61Avji@D4MPkI8sS zPifMWSZ)Q(j^wlD!l8YReo>_Zjk>NBQ=Cfw3J=Ek1}i~9nR5)pF-YSaX;ZR7t;aKc zW@%669zcMSMQD0$M3StSV305eP+n6zSB)oJw6|87R9xw>He_t6X(e2&=0s4jA`X#W z-QjB>Ynu#9fs}QdnG?kFEeIBCr8NLVMF3K#eZ5^hHq*FouJZf%$Y5&6Y|)1Jj#@iC znci(FY-j8H{jyD#5#^v$fWE|VNvlM+O2RDfSwwk3JVgw>=;fyfF>sptqpb`|KEh?s zA_Jgo0EF6FIQaYYyli_52Rbi@vSMfoY1(A%?)N+SOkn)`;xi!hCheQ0WTgaTkmKa6 z2?J%@{ru%AL^E4uzGqw^@O9M|Vz&2V+@?R-3v-$EfYs`IDK6EFs)&;yqYn=gKGc!7FgC{RoKXEqSPy=#lhvW8g z5G$7~-=;aL=ioFYH`woGetidIzj15>0RRpNiv}QD7@(qtRZ%#Awjk_Ag0ES>e36q- z+j*%b+OS1-p+^nZ{T8vAiWw^XEsZm3c5PgcZL0>RY@|b3zJY4U@@^tb9mmiwN%iTZEU8{DRmO49);fRh@q9s^QBt-q%Clh~b6^|+ zu&p%|RmrZps9^i+PwkKa*F8SaK8AG&p_I{qnMU*#jmHFlw502R@*Rldm0lwtqh;qs z<}?ey6E+f-HD2$s{Y(|=7G*=(4x#tMj;+Mu3h9bX)q>*y`o8Lp%*^mkHezA~xv5(LKImNtkk%D1`3cTwV2>C(a_*= zvj|^v9y@@vE)@d>jhoSY7B=PshxPyPVpR0ERa*mUW^v{sm6XXhOSfYk0aSt(3jtec z=(HN}Xj1R`hOg5W@BOI&UM5@b>ji(nq*-(CYvL?@;^BVrr|DzjB|AMMMfcGt@NYlehZX zyD2fpZT=Js|FGIaboOEoG+=FKt@L@bG4&ow^gvf&-XcNvFN=I56e(<_qXrp5PCi1> z<}!X0$=W=OtY`s~5~_=gBH`_*4Gf8dN|bDMJjwv2r(6XY#&@8AaHHZmR~gRr=B|Es zNLa1?o+dc;`KP{uYTRE32uVhG{24QBMLsN0zM+M98ry2GC|Y+Vtl#pP7}%gA){C03cENshF{{9_|?@q`i>?0gJ`9 zWQrz&xCEYpMY(3e1f`&Ub4$6G{HryKJfY#;M_sOuBb{}!^)$WQ9i2YhXl>zB9Fdd= zDRXr{2w*A?&O>YgpAIu@FM~q+0vB_9vdZS^gc>1uw>9$TPZk5%5}*eI)OK+shB{b- zb~5$88>C2Yvo)=BoloB8&j!R$Lk{VW>N74qZPr=^)N6i6GE7m4weK$Lcfyv#@>w{H z$0y0ORXrW*2IbQP;sF9E6oSJa5tMQNL?Rcx*Xi7Cw3Yj1o6 ziBSm#-1C&#MDWUPf|fjKsYtr+yeYR&r9grh8FXG{7eeAxxQ%@F5*j-4Z?_vE0q3z{E;AOHA7L zVU~DA8O;>}+OGnOaRC!E`s2qHC@AsLmk2)#)KJaU%y@~lk5Vul@cI|>yQ-LP*!*~H zsM)QG39N_t_Z%)8!b@nFh@`8f#B{nLwHz@1_|`Y}i*=j}0Z38_LC$jD9kcai= z*$T>Xgic2(3djV&h4@wujYK0aEp;)4%29Jj#Q=srpH(Vjm_|%{*eao^fKo?Vn6>E5 z?pBMtWw1)SMUR)Q-faG`l3;V8!wf>_D4U|gKOs3h_O{EZoFXR=rTJ*m7(k-4tGhv4 zmUih!1}8)V8~;?LUe00xN)+iEJ6Fsar-M?R)#PCz!0vCt%qQ(V1A>|4FnBCU@u1ZtU|v<=R$LaK4C2pm>as4{)7Dfte!Axi=A zT5WED{RE(glWPS!5dK`?vlTaGm%ljj94Jo!;HphZyJwc(3QZi3%Bocdp09XkN^&vO z$Cen+*wMM*%S!&u)M36>>huSKa8AU&d@KK9HLSf2V3O3H<7*B`|B9E0rBZM_St1Zm z7W)~Bv&I$V_SB?cQr-YbeU1TAgL-qrnP-#=H6pzS)GefPiU`qXow-IR`$q zqWM|nW=k!>%iFZ|gegl3gcwnCZ3hwVSW3n{s^n8M%ldKk+ImUkqG1!Ah@gI~Iv1Q=;B z2L`&AIf4N$l8z{S(kuO9o|=>)uqR17fe7*WTzb)Es*4>T)FU^iEfhWmm^Xcf2|cJB3%8Yza1^0zvYd}Pj)4uH|H>Pujz z-wjfkr8c%F>7!f^%32}i`dHQzAHY@XBG~}83E%^5h)J*4>32|z3u+>A>lysb&x8Ck zSYWQ&dcCm7aelnT*agINh~`MuI?m99Sz1*sfxTH!wu;Og#B*bwYbDo%>uJ~kj!!l4 z!AMU%%u3xz=c3_uY6g>)Snn@1V^nRsz3jz*;C9bx>s(T?kPm+aBEPMsU9de#Q24QG z%A_3F5s$}aVeRMyyoncx&s#DMY@*>tKvX41O`aIy=tq)Nuuf6O(>K-3A>~g;oCS`k zgj)*`LeDH&h!EotsNMh{{FOj8F!lXWp`L*n;E0-8 zWYQxxpxJy>If*a|p_t0!qa6U)JcL#6fz8v+WhJ#4q@e+^{D6ARKAug&GO6$)Tq12$vQ z%&W&KF^Q32rwVZGxzo6^EX<3rDuxoF3EtbIi%{cjHa8vydt_!EKD5&0M{G3+_;y6m zuE31qKQh*nxDjj~Pr@A?7_wT0YcCI1`TWjh3Kz1G$=VbR5{SxkVp)Lp?`jaP%!g)k zG7aO~T-s3o-D~U`yw6se&N6kAE#u zsc;b!R9Q7fpWgA!+Tq@({QM&p+aI!LTZ}pK=4xku z!`v$b!%H7lBT7Cy3c000;Iu!FrKegFeY{J_)u`v9sA>4JIIY ze7re7cDFpkIg*6%bHis;fRBwbdu2Sxa&x)P_YNj8x7CkMx9e-#?MmRoa}wra2vF@~ zODd<|F8WcbEurx7KH-HP^?@)n#jp$<5WH8NBB!lQkiwGMaw~X#z;+p-zd|leqS+Vb z@_K9DLF3-glv+nD_B=KZuP4K-1+E2_w@9I~juoN~niBBtO{-s904;vfY##_{AwO1< z0;$1DFovTrq`OA3B%YI}BMJ`EIjtLSM36Z&iTAlrc^87CSQZLg0MX|_(EJJmKhg&` zs3PR&)zFIuXRRwxPQA?4%~!H;mcipmATr7~-B)qW&y=QdQf11KdOeV3A<&x*sI$f9 zX>2zXqD#SeFwTitv=s@DjNG8E@UcTyv#05BmPy1*5aaZmf4eWuxs6kJ&w`Qw}WlX^7nkMC&Ksp0$umvE?PQAF9UTLQLn@0umdC8+9#_GWBP{ zG9uk|z0L}glS{la)DoQIOA>hEL!3=+vlo&Vr9{wCQ1e)dAS;6aOxZ)3`G$E$Gc*;J z!{Ta?+DaxLVZV`rtMu83AKhy{U8VG^Q)f?WfIDPrpY`QOp<8IAoLrL4kYpcmf(S*7)9>vPyP<`W4dk^~(!<$*hqb*ZOErR_jqe9~#go;`OW zwDM;Z`O-*NFokK52J=&?JwSWCN;~RQT)0petU!unbiPyo2xkI}48%W^XYuppY}S>|Ni~Y zA&=yL+b117cDykcSyUPwW&!Xu>bU&STV> zLfyp!S*&(!)91EWB@Kvh=X=Fjm)AZwMNc*yX@j%$?u$|BSl;EEsqCpiqgC8CU%R@` z(+&~KryO_e>OhOh8<{OSCxMkHaOd^o^EOQV^v+x9%&Nu^sqI8xoRzrj+rYkrV@EkJ zYTR(mdWg1~wRyx&Ms6COs8DNVbydt5uU)5$=P*f=I(I}I8s9#^ZmkRNsj&RKUj~^W z-{^D1h>yFgk6N*1MCwrv&QGB$gO(qPsfj2!c{)Ap$DyNP3dhcvz&rbL8HXwS&&Qi_ zWEFnXe}tEiq;3T4?mafEa+#a!)qFQ{c3y>TyGWHy;-8nf%l~M8r~Wz~*jUhkM|u6! zUUh54v9xnAD2M2}QVY_T18g5fMHB_JR~HiTQwUP+Z#8y^m>Yg+V_5^m&^$IG)r5Zf z+N(xlYn~xvLTBuVWn8Lq4>ea5&=?343oes3QbksC@`Jc_<7c^%xvWGI5OjEZM2S~^ zYh`WN)6d4A{aQexCo8+u5`b?1Qcq<%(E9WJ$NQ|P&a0(;O)NJduu6uK|lH0_x4`MlXrJ=l(SU*FPCHHE_hKPG4b+41) zT#{yDZ?~eD@+capKx5DVku0BhF1$;5n^*3`QZ22^mGw9ituts^sj z;$bIxM;=dnMimAmtGk=_JNX0$a;f4<dwq#A7=j}t1WD3JNwA}AvK@`8YlM0Hr>>aM=Qyl4?KDA#;Q&t2j zf9x-mP;TCoNgHWLmQWpzHqbI8qDl9JZC(jjMf*Cc(D193wf}CElL3kJq&F&nu)@UGq^#mVN)g=L6Q-3ePAN%jj6R9` z`(QK;`P0m-Mkq+2Om1vBY@81<>NPx_G1^9$fa1p>u^m@tER(rrNz-FvTxL=Kfa;!O4_%CyRxH7qPUYn~Z1niXC z{mlXj(WwJ$B2d_t+A0N0n6M>-22u>1oB6fi%nbo9<*~}@VnwMQ(;~N#@Y=x2bS~ac zORBD;_14B>LdJ`qAIeTpINIp_m+t1yC#6mxW!v8tSFL5~?&zl9svgZNck$%J)?O*c ziOn7_ol{@Wc|B~6li){$g31}b*}|F!@#41=G`UV7knb{L^?q6bmT_)j2{j1HD#3RM zU}`6%rLZ;L1cy0hQDwmnjwDPmIo7oNqh_eF(al>)YFYjk3HRNK4Q+W`K0Mk0@Ie07 z&M=qgw(7PcSxsHoI5mCBqexe6l>=mrtc)X=x$?B3Cw(vnD`gN&2aeA4QC))KxndI6 zVGX)`TvW@3K7pHVxY82l8sw||12PkMl&H0La6&Sdmz zy^@j2EP6O?!FnfPsE$Unsn&iu&b*9VI4zzMMA6>r{5VBdaa!{@$|;5wgUMnMedA_ndN~ zK1o2COhL)&cGjda8`|dJWqcbO#g$|e16M_96X?{Xg- zx1-)V##n)gxchw}0Xf|GQrYK?j4Vt)t=Fb@t?png7AHX(2oeM$;g4)f^II*94}|vK zgZWV;IHzr2nBEHcOw20%2M;G3>2MdBb7*?T$9avh7wP0YVRON}KmFh@TV&j-VGzZ_ zS5Yb7M>Ajy@8;0u@6{1L4>WsH(|3h%AVij4A$6`C`C7JT_mEO~@{Q+du4be$2qq-VQZQc^;6)AJA3BE8wmK*q|Z{6)RSdv4qb~7l4Jd{G> zXJ#2~I9~+lPFRG^2p1-G^z%n~VoeafTArB)TOYJj9ZMU$`RG-Zz%HVBsv?3`>N#*D z%ra1bz@ia_30!269&*z(3*Jq)2T%AXmC-rzp1&Cw3$NIunWAdguExM|8#m2T1ITow z3v66asUbYb=0Ol~(O9s2md~`xuIzvEy8%xP8$vdfbezNSpI@(YJ9NFX6@OjCa@mhk z@;hIo%xvM39&7R)gB($!B8btImf;Dm%U=eB6eci$(Br+~2xnAs&yfLJd@9tg2nUqt z^v@}Mw)xd<$;@0cNs$4N{QP<@=C-LBM`KCC%!a9(`pvv1hRQM6Ezyg?_5$9xn^~3m z2$QN2be5S-SSY946_hX}L21_MBIf*EBp3}sg85jmb9`{BW!0kR5zkXLkFB|SY0;^H z%_$FiUx3iJKP!klRdDKN Date: Tue, 7 Nov 2023 19:23:46 +0100 Subject: [PATCH 2/3] squash: some edits by cam --- .../+page.md | 155 +++++------------- 1 file changed, 42 insertions(+), 113 deletions(-) diff --git a/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md b/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md index 63f6d2d..7895cf3 100644 --- a/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md +++ b/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md @@ -22,13 +22,13 @@ hidden: false - [Introduction](#introduction) - [Requirements](#requirements) -- [Why We Use Docker](#why-we-use-docker) +- [We Use Docker (OCI) Containers](#we-use-docker-(oci)-containers) - [Basic Dockerized Rust Application](#basic-dockerized-rust-application) -- [Minimize Docker Image Size With Multi-stage Builds](#minimize-docker-image-size-with-multi-stage-builds) +- [Use Multi-Stage Builds to Minimize the Image Size](#use-multi-stage-builds-to-minimize-the-image-size) - [Image Variants](#image-variants) - [Introduction to Docker Layers Cache](#introduction-to-docker-layers-cache) - [Caching Cargo Dependencies](#caching-cargo-dependencies) - - [Caching Cargo Dependencies With a Custom Solution](#caching-cargo-dependencies-with-a-custom-solution) + - [Demonstration of Caching Cargo Dependencies using a Custom Solution](#demonstration-of-caching-cargocdependencies-using-a-custom-solution) - [Caching Cargo Dependencies With Cargo Chef](#caching-cargo-dependencies-with-cargo-chef) - [Installing Rust Binaries With Cargo Binstall](#installing-rust-binaries-with-cargo-binstall) - [Archiving And Reusing Builds With Cargo Nextest](#archiving-and-reusing-builds-with-cargo-nextest) @@ -47,23 +47,28 @@ BitTorrent, an age-old protocol, is a powerful way to share data over the intern In our journey to building robust BitTorrent projects, we've chosen the Rust programming language for its memory safety and concurrency features. To streamline the development and distribution of our projects, we've also employed Docker and -Podman. In this post, we'll dive deep into the best practices we've adopted for +Podman. + +In this post, we'll dive deep into the best practices we've adopted for dockerizing our Rust applications. -We will explain step by step the [Containerfile](https://github.com/torrust/torrust-tracker/blob/develop/Containerfile) -file we use in the repositories where we are using Rust. Besides, we are going to -explain all of the patterns and best practices we have applied. +Our [Containerfiles](https://docs.docker.com/engine/reference/builder/), _commonly called a `"Dockerfile"`_, are stored in the roots of the our two main rust repositories, for reference: +- Torrust-Tracker [Containerfile](https://github.com/torrust/torrust-tracker/blob/develop/Containerfile). +- Torrust-Index [Containerfile](https://github.com/torrust/torrust-index/blob/develop/Containerfile). -You have all the examples in this article in the [Containerizing Rust Apps Examples](https://github.com/torrust/containerizing-rust-apps-examples) -GitHub repository. +### Example: +All of the examples included in this blog post are publicly available in our "[Containerizing Rust Apps Examples](https://github.com/torrust/containerizing-rust-apps-examples)" +GitHub Repository. -The actual `Containerfile` for the **Tracker** and **Index** services builds images for +> ___Please Note:___ The actual `Containerfile` for the **Tracker** and **Index** services builds images for both `debug` and `release` modes. For learning purposes we are using a simplified version here which only builds the `release` mode: ```dockerfile +# Extracted example of our Containerfile. + ## Base Builder Image FROM rust:bookworm as chef WORKDIR /tmp @@ -131,10 +136,9 @@ CMD ["/usr/bin/full-example"] The real version in production contains some duplicate stages to build the `debug` -mode. Those stages are almost identical to the ones in this example. Only some -flags and names change. +mode. Those stages are almost identical to the ones in this example and are therefore omitted. Only some flags and names change. -Don't be scared of the example, we will go through all the lines and explain what +Don't be scared of the example, next we will go through all the lines and explain what they do, but before doing that, we will explain some basic concepts and the patterns applied one by one. @@ -144,18 +148,14 @@ In order to run some of the examples in this article you will need to install: - [Docker version 24.0.6, build ed223bc](https://docs.docker.com/get-docker/) -## Why We Use Docker +## We Use Docker (OCI) Containers + +The standardized [Open Container Initiative (OCI)](https://opencontainers.org/) Containers allows Torrust possibility of reliable and cross-platform distribution and deployment of our Software. -Docker containers are an excellent means of packaging, shipping, and running applications consistently across different environments. They eliminate the age-old problem of "it works on my machine." By using Docker, we ensure that our BitTorrent services can be deployed and run effortlessly, no matter where they're hosted. +This allows in turn allows for administrators who may be interested in our software to to quickly and easily test-out our software and see if it suits their needs. It also allows administrators to more easily deploy our software, as most of the web-hosting systems have great support for OCI Containers. -These are some of its advantages: +In addition, our End-to-End testing infrastructure is made easier by using a [docker-compose](https://docs.docker.com/compose/) configuration, that is taking advantage of our docker containers. -- Reproducible Builds -- Dependency Management -- Portability -- Scalability -- DevOps Integration -- Cross-Platform Development ## Basic Dockerized Rust Application @@ -165,7 +165,7 @@ The simplest Dockerfile for a Rust application is as follows: ```dockerfile # We start from full base defacto Debian image -FROM rust:1.73 +FROM rust:latest WORKDIR /app RUN cargo init RUN cargo build --release @@ -201,7 +201,7 @@ docker-rust-app-basic latest 7294f20bb52c We are going to see how to improve that and other things like common patters, good practices and other considerations. -## Minimize Docker Image Size With Multi-stage Builds +## Use Multi-Stage Builds to Minimize the Image Size A common pattern to build smaller docker images is to use multi-stage Dockerfiles. @@ -214,7 +214,7 @@ needed to run your compiled Rust application. ```dockerfile # This is the first stage. This image is used to compile the Rust application. -FROM rust:1.73 as builder +FROM rust:bookworm as builder WORKDIR /app RUN cargo init # Install the package in the current directory @@ -224,7 +224,6 @@ CMD ["./target/release/app"] # This is the production stage. # The slim image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run rust. FROM debian:bookworm-slim -RUN apt-get update && apt-get install && rm -rf /var/lib/apt/lists/* COPY --from=builder /usr/local/cargo/bin/app /usr/local/bin/app CMD ["app"] ``` @@ -320,9 +319,9 @@ There are two levels of dependencies: - System dependencies. For instance `SQLite`, `curl` and other libraries your application depends on. - Rust dependencies. These are the Rust packages that you want to install using cargo. Rust packages are called `crates` and you can find them on -### Caching Cargo Dependencies With A Custom Solution +### Demonstration of Caching Cargo Dependencies using a Custom Solution -The first approach is to use a custom solution to cache the dependencies. +First we demonstrate how cargo dependencies caching works but showing a custom solution: We first create an **empty application configuration** which uses the same dependencies. We build the application, downloading and building all the dependencies and creating a docker cache layer. @@ -333,7 +332,7 @@ when you change the application code. ```dockerfile -FROM rust:1.73 as builder +FROM rust:latest as builder WORKDIR /app @@ -360,18 +359,17 @@ CMD ["./target/release/custom-dependencies-cache"] -This custom solution is not needed anymore since you can know use [cargo chef](https://github.com/LukeMathWalker/cargo-chef) which is a cargo-subcommand to speed up Rust Docker builds using Docker layer caching. +Instead of this custom solution, we use and recommend [cargo chef](https://github.com/LukeMathWalker/cargo-chef) which is a cargo-subcommand that specializes in speeding up Rust Docker builds using Docker layer caching. -### Caching Cargo Dependencies With Cargo Chef -There is a cargo command called `cargo chef` which is a cargo-subcommand to speed up Rust Docker builds using Docker layer caching. +### Caching Cargo Dependencies With Cargo Chef -Cargo Chef repo: +In this example, we show how to use [cargo chef](https://github.com/LukeMathWalker/cargo-chef), that we prefer to use. ```dockerfile -FROM rust:1.73 as chef +FROM rust:latest as chef WORKDIR /app @@ -402,8 +400,8 @@ CMD ["./target/release/dependencies-cache-with-cargo-chef"] -It does more or less the same as the custom solution. It caches dependencies in a separate layer. -But with some more [benefits](https://github.com/LukeMathWalker/cargo-chef#benefits-of-cargo-chef). +While it does more or less the same as the custom solution. It caches dependencies in a separate layer and has some other [benefits](https://github.com/LukeMathWalker/cargo-chef#benefits-of-cargo-chef). + ## Installing Rust Binaries With Cargo Binstall @@ -417,7 +415,7 @@ We are using it to install `cargo chef` and `cargo nextest` packages easily. ```dockerfile -FROM rust:1.73 +FROM rust:latest WORKDIR /app # Install `cargo binstall` RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash @@ -458,7 +456,7 @@ We are using it for two reasons: ```dockerfile ## First stage to install the nextest tool -FROM rust:1.73 as nextest +FROM rust:latest as nextest RUN cargo install cargo-nextest --locked ## Second stage to build the application and package it with nextest @@ -515,7 +513,7 @@ By default docker is installed and runs containers as `root`. If you build this ```dockerfile -FROM rust:1.73 +FROM rust:latest WORKDIR /app RUN cargo init RUN cargo build --release @@ -554,7 +552,7 @@ There are some ways to avoid running the container as `root`. We will see all of ```dockerfile -FROM rust:1.73 +FROM rust:latest WORKDIR /app @@ -585,7 +583,7 @@ But you can also create a specific user for your application: ```dockerfile -FROM rust:1.73 +FROM rust:latest WORKDIR /app @@ -678,7 +676,7 @@ COPY ./contrib/dev-tools/su-exec/ /usr/local/src/su-exec/ RUN cc -Wall -Werror -g /usr/local/src/su-exec/su-exec.c -o /usr/local/bin/su-exec; chmod +x /usr/local/bin/su-exec ## Application -FROM rust:1.73 as builder +FROM rust:bookworm as builder WORKDIR /app RUN cargo init RUN cargo build --release @@ -708,6 +706,8 @@ defined as an `ENTRYPOINT`. This "middleware" script creates the user if it does not exist, and then runs the application using the [su-exec](https://github.com/ncopa/su-exec) program to change the user ID it's executed with. +__For those who are interested here is our: [entry script](https://github.com/torrust/torrust-tracker/blob/develop/share/container/entry_script_sh).__ + As you can read on the su-exec documentation: @@ -742,77 +742,6 @@ modes and then it runs the tests for both modes. We have removed the `debug` mod to keep the example short. But it's almost the same code. For the `release` mode the flag `--release` is added to some commands. -This is the full example: - - - -```dockerfile -## Base Builder Image -FROM rust:bookworm as chef -WORKDIR /tmp -RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash -RUN cargo binstall --no-confirm cargo-chef cargo-nextest - -## Tester Image -FROM rust:slim-bookworm as tester -WORKDIR /tmp -RUN apt-get update; apt-get install -y curl; apt-get autoclean -RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash -RUN cargo binstall --no-confirm cargo-nextest - -## Su Exe Compile -FROM docker.io/library/gcc:bookworm as gcc -COPY ./contrib/dev-tools/su-exec/ /usr/local/src/su-exec/ -RUN cc -Wall -Werror -g /usr/local/src/su-exec/su-exec.c -o /usr/local/bin/su-exec; chmod +x /usr/local/bin/su-exec - -## Chef Prepare (look at project and see wat we need) -FROM chef AS recipe -WORKDIR /build/src -COPY . /build/src -RUN cargo chef prepare --recipe-path /build/recipe.json - -## Cook (release) -FROM chef AS dependencies -WORKDIR /build/src -COPY --from=recipe /build/recipe.json /build/recipe.json -RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /build/recipe.json --release -RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/temp.tar.zst --release ; rm -f /build/temp.tar.zst - -## Build Archive (release) -FROM dependencies AS build -WORKDIR /build/src -COPY . /build/src -RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/full-example.tar.zst --release - -# Extract and Test (release) -FROM tester as test -WORKDIR /test -COPY . /test/src -COPY --from=build \ - /build/full-example.tar.zst \ - /test/full-example.tar.zst -RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/full-example.tar.zst -RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json - -RUN mkdir -p /app/bin/; cp -l /test/src/target/release/full-example /app/bin/full-example -RUN chown -R root:root /app; chmod -R u=rw,go=r,a+X /app; chmod -R a+x /app/bin - -## Runtime -FROM gcr.io/distroless/cc-debian12:debug as runtime -RUN ["/busybox/cp", "-sp", "/busybox/sh","/busybox/cat","/busybox/ls","/busybox/env", "/bin/"] -COPY --from=gcc --chmod=0555 /usr/local/bin/su-exec /bin/su-exec -ARG USER_ID=1000 -COPY --chmod=0555 ./share/container/entry_script_sh /usr/local/bin/entry.sh -ENTRYPOINT ["/usr/local/bin/entry.sh"] - -## Release Runtime -FROM runtime as release -COPY --from=test /app/ /usr/ -CMD ["/usr/bin/full-example"] -``` - - - We can abstract way the stages: From 519dac44900451670decb289f5273039a755e120 Mon Sep 17 00:00:00 2001 From: cgbosse Date: Wed, 8 Nov 2023 11:14:32 +0000 Subject: [PATCH 3/3] fix: grammar and typos --- .../+page.md | 74 +++++++++---------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md b/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md index 7895cf3..e58f369 100644 --- a/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md +++ b/src/routes/(blog-article)/containerizing-rust-applications-best-practices/+page.md @@ -52,7 +52,7 @@ Podman. In this post, we'll dive deep into the best practices we've adopted for dockerizing our Rust applications. -Our [Containerfiles](https://docs.docker.com/engine/reference/builder/), _commonly called a `"Dockerfile"`_, are stored in the roots of the our two main rust repositories, for reference: +Our [Containerfiles](https://docs.docker.com/engine/reference/builder/), _commonly called a `"Dockerfile"`_, are stored in the roots of our two main rust repositories, for reference: - Torrust-Tracker [Containerfile](https://github.com/torrust/torrust-tracker/blob/develop/Containerfile). - Torrust-Index [Containerfile](https://github.com/torrust/torrust-index/blob/develop/Containerfile). @@ -150,9 +150,9 @@ In order to run some of the examples in this article you will need to install: ## We Use Docker (OCI) Containers -The standardized [Open Container Initiative (OCI)](https://opencontainers.org/) Containers allows Torrust possibility of reliable and cross-platform distribution and deployment of our Software. +The standardized [Open Container Initiative (OCI)](https://opencontainers.org/) allows Torrust the possibility of reliable and cross-platform distribution and deployment of our Software. -This allows in turn allows for administrators who may be interested in our software to to quickly and easily test-out our software and see if it suits their needs. It also allows administrators to more easily deploy our software, as most of the web-hosting systems have great support for OCI Containers. +This allows for administrators who may be interested in our software to quickly and easily test-out our software and see if it suits their needs. It also allows administrators to more easily deploy our software, as most of the web-hosting systems have great support for OCI Containers. In addition, our End-to-End testing infrastructure is made easier by using a [docker-compose](https://docs.docker.com/compose/) configuration, that is taking advantage of our docker containers. @@ -248,7 +248,7 @@ As you can see this new image is only 84.7MB. That's a huge improvement! ## Image Variants -As you can see in our `Containerfile`, the images we are using are the followings: +As you can see in our `Containerfile`, the images we are using are the following: ### rust:bookworm @@ -258,7 +258,7 @@ FROM rust:bookworm At the time of writing this article the latest release is [Debian 12.2](https://www.debian.org/releases/bookworm/). It is also (currently) known as stable or by its codename "Bookworm". You will -see that we use that one because it's the latest one. +see that we use that one because it is the latest one. ### rust:slim-bookworm @@ -277,8 +277,8 @@ FROM docker.io/library/gcc:bookworm ``` The GCC image is used to compile an small C program which is a simple tool that -simply executes a program with different privileges. When we start the container -we run it with a USER ID passed by an environment variable and not with `root` +just executes a program with different privileges. When we start the container +we run it with a USER ID passed by an environment variable and not with `root` privileges. ### cc-debian12:debug @@ -290,13 +290,13 @@ FROM gcr.io/gcr.io/distroless/cc-debian12:debug And finally a "Distroless" container image is used for runtime. [Why should you use distroless images?](https://github.com/GoogleContainerTools/distroless#why-should-i-use-distroless-images). - They are small. -- The only have what you need to run your app. -- It reduces the risk of vulnerabilities. +- They only have what you need to run your app. +- They reduce the risk of vulnerabilities. We use the `:debug` variant of the distroless cc, as it includes the busybox binary, -giving us a shell; that is needed to run the entry-script. We will explain this later. +giving us a shell that is needed to run the entry-script. We will explain this later. @@ -533,7 +533,7 @@ docker run --rm -it docker-rust-app-running-with-root whoami -You will see it's executed as `root`. +You will see it is executed as `root`. You should not execute containers as `root` because of: @@ -615,7 +615,7 @@ machine and the docker container might have the same user ID but different usern If you run that container, `appuser` will have the same permissions as the user `1001` -in the host system, whatever it's the name of that user in the host machine. +in the host system, whatever it is the name of that user in the host machine. ### Use The `docker run --user` Argument @@ -630,7 +630,7 @@ www-data -In this example, even though the image is execute as root by default, it will be +In this example, even though the image is executed as root by default, it will be executed as the `www-data` user. Notice you can even use a non-existing user in both the host and the docker image. @@ -644,18 +644,18 @@ I have no name!@895b0f6a3dbb:/app$ -All this solutions work but they all have a drawback: you need to know the user +All these solutions work but they all have a drawback: you need to know the user ID at build time (when you build the docker image). You usually want to run the container in different environments and sometimes you want to use a different user ID for each environment. For example: -- **For development**: If you are using Ubuntu, your user ID is probably `1000`. When +- __For development__: If you are using Ubuntu, your user ID is probably `1000`. When you run the container locally you want to run it using that ID, so that you don't have any problems with permissions. -- **For CI**: The servers you are using for continuous integration (for instance, GitHub runners) +- __For CI__: The servers you are using for continuous integration (for instance, GitHub runners) might use an specif user. You could use some cache folders and maybe you need to use the same user ID as the CI server. -- **For production**: You could create an specific user for your application and use that +- __For production__: You could create a specific user for your application and use that user ID. With the proposed solutions you would need to rebuild the docker image so that the @@ -663,8 +663,8 @@ user ID inside the container is the same as the host user ID. ### Create The User At Runtime -There is al alternative to the previous solutions that make it possible to **run the -container with different user IDs without rebuilding the image**. +There is al alternative to the previous solutions that makes it possible to __run the +container with different user IDs without rebuilding the image__. @@ -701,10 +701,10 @@ This is the approach we use in Torrust. You run the docker as `root` but we alwa use an entrypoint. That entrypoint creates a new user with an ID provided as an environment variable. -The `entry.sh` script is always called when you run the container because it's +The `entry.sh` script is always called when you run the container because it is defined as an `ENTRYPOINT`. This "middleware" script creates the user if it does not exist, and then runs the application using the [su-exec](https://github.com/ncopa/su-exec) -program to change the user ID it's executed with. +program to change the user ID it is executed with. __For those who are interested here is our: [entry script](https://github.com/torrust/torrust-tracker/blob/develop/share/container/entry_script_sh).__ @@ -729,7 +729,7 @@ The entrypoint also ensures that the application is executed with the correct permissions. You cannot run the application as root unless you explicitly set the environment variable `USER_ID` to `0`. -If you want to contribute with Torrust we think that we could simplify the Containerfile +If you want to contribute to Torrust we think that we could simplify the Containerfile if the "su-exec" command were available in Rust. Because we could reuse one of the Rust docker images we are using for other docker stages. @@ -737,12 +737,12 @@ Rust docker images we are using for other docker stages. Finally we can explain line by line what the [Torrust Tracker Containerfile](https://github.com/torrust/torrust-tracker/blob/develop/Containerfile) does. -Rust apps can be build in `debug` or `release` mode. The `Containerfile` builds both +Rust apps can be built in `debug` or `release` mode. The `Containerfile` builds both modes and then it runs the tests for both modes. We have removed the `debug` mode -to keep the example short. But it's almost the same code. For the `release` mode +to keep the example short. But it is almost the same code. For the `release` mode the flag `--release` is added to some commands. -We can abstract way the stages: +We can abstract away the stages: @@ -757,7 +757,7 @@ FROM rust:slim-bookworm as tester ## Su Exe Compile FROM docker.io/library/gcc:bookworm as gcc -# Compiles the su-exec program which is used at runtime to change the user running the container. +# Compile the su-exec program which is used at runtime to change the user running the container. ## Chef Prepare (look at project and see wat we need) FROM chef AS recipe @@ -844,7 +844,7 @@ RUN cc -Wall -Werror -g /usr/local/src/su-exec/su-exec.c -o /usr/local/bin/su-ex From this point, we start building the application. First, we build the dependencies and we cache them into an independent stage. -The first stage it's only to "build the recipe" which is the name that `cargo chef` +The first stage is only to "build the recipe" which is the name that `cargo chef` gives to the process of collecting all the information needed to build the application dependencies. @@ -864,7 +864,7 @@ Then, cargo dependencies are built using using the recipe created in the previou `cargo nextest` has a subcommand to generate and archive the artifact of the build. We are using it to package and pass the application from one stage to another. -Dependencies are archived but they are not used independently. That line just test +Dependencies are archived but they are not used independently. That line just tests that the dependencies could be archived. @@ -913,7 +913,7 @@ COPY --from=build \ RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/full-example.tar.zst # We actually run the tests RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json -# We copy the application binary to an specified location so we can get it from +# We copy the application binary to a specified location so we can get it from # there in the final runtime stage. RUN mkdir -p /app/bin/; cp -l /test/src/target/release/full-example /app/bin/full-example # Since we use su-exec. We need to run the container as root. @@ -925,7 +925,7 @@ RUN chown -R root:root /app; chmod -R u=rw,go=r,a+X /app; chmod -R a+x /app/bin Once the application has been built and tested we prepare the runtime. We start from a minimum "distroless" image variant. We add an entrypoint to setup the application and also to make sure we don't use the `root` user to run it. The entrypoint just -run the application provided as an argument, in our case, our application in `debug` or +runs the application provided as an argument, in our case, our application in `debug` or `release` mode, depending of which one you want to run. @@ -960,16 +960,16 @@ CMD ["/usr/bin/full-example"] ## Other Good Practices -- **Minimalism**: We strive to keep our Dockerfiles lean by only including essential components. -- **Explicit versions**: At least with the minor version number, so you do not get unexpected broken compatibility but you can apply security and bug patches. -- **Regular Updates**: Periodically updating the base image and dependencies to benefit from security patches and updates. -- **Health Checks**: Implementing Docker health checks to monitor the state and health of our containerized application. +- __Minimalism__: We strive to keep our Dockerfiles lean by only including essential components. +- __Explicit versions__: At least with the minor version number, so you do not get unexpected broken compatibility but you can apply security and bug patches. +- __Regular Updates__: Periodically updating the base image and dependencies to benefit from security patches and updates. +- __Health Checks__: Implementing Docker health checks to monitor the state and health of our containerized application. ## Other Considerations -- Since we are using `su-exec` we need to run the containers as root. We have not -check if this configuration work when you setup docker in [Rootless mode](https://docs.docker.com/engine/security/rootless/). -- Although we mostly mention docker in this article, the `Containerfile` works +- Since we are using `su-exec` we need to run the containers as root. We have not +checked if this configuration works when you setup docker in [Rootless mode](https://docs.docker.com/engine/security/rootless/). +- Also, although we mostly mention docker in this article, the `Containerfile` works with other tools to manage containers like [Podman](https://podman.io/). ## Links