From e690655481e30aae1821959efc8680c0e30c8446 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Tue, 26 Jan 2021 12:48:09 +0200 Subject: [PATCH 1/7] add support for streams --- nginx/init.sls | 3 +++ nginx/map.jinja | 14 ++++++++++++++ nginx/passenger.sls | 3 +++ nginx/servers_config.sls | 1 + nginx/streams.sls | 31 +++++++++++++++++++++++++++++++ 5 files changed, 52 insertions(+) create mode 100644 nginx/streams.sls diff --git a/nginx/init.sls b/nginx/init.sls index 7ad31bd2..b278137d 100644 --- a/nginx/init.sls +++ b/nginx/init.sls @@ -13,6 +13,9 @@ include: {%- if nginx.snippets is defined %} - nginx.snippets {%- endif %} + {%- if nginx.streams is defined %} + - nginx.streams + {%- endif %} - nginx.servers - nginx.certificates diff --git a/nginx/map.jinja b/nginx/map.jinja index c2733492..2238a116 100644 --- a/nginx/map.jinja +++ b/nginx/map.jinja @@ -16,6 +16,7 @@ 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', 'snippets_dir': '/etc/nginx/snippets', + 'streams_dir': '/etc/nginx/streams', 'server_use_symlink': True, 'pid_file': '/run/nginx.pid', 'openssl_package': 'openssl', @@ -30,6 +31,7 @@ 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', 'snippets_dir': '/etc/nginx/snippets', + 'streams_dir': '/etc/nginx/streams', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'rh_os_releasever': '$releasever', @@ -47,6 +49,7 @@ 'server_available': '/etc/nginx/conf.d', 'server_enabled': '/etc/nginx/conf.d', 'snippets_dir': '/etc/nginx/snippets', + 'streams_dir': '/etc/nginx/streams', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'rh_os_releasever': '$releasever', @@ -67,6 +70,7 @@ 'server_available': '/etc/nginx/vhosts.d', 'server_enabled': '/etc/nginx/vhosts.d', 'snippets_dir': '/etc/nginx/snippets', + 'streams_dir': '/etc/nginx/streams', 'server_use_symlink': False, 'pid_file': '/run/nginx.pid', 'gpg_check': True, @@ -81,6 +85,7 @@ 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', 'snippets_dir': '/etc/nginx/snippets', + 'streams_dir': '/etc/nginx/streams', 'server_use_symlink': True, 'openssl_package': 'openssl', }, @@ -92,6 +97,7 @@ 'server_available': '/etc/nginx/sites-available', 'server_enabled': '/etc/nginx/sites-enabled', 'snippets_dir': '/etc/nginx/snippets', + 'streams_dir': '/etc/nginx/streams', 'server_use_symlink': True, 'openssl_package': 'dev-libs/openssl', }, @@ -104,6 +110,7 @@ 'server_available': '/usr/local/etc/nginx/sites-available', 'server_enabled': '/usr/local/etc/nginx/sites-enabled', 'snippets_dir': '/usr/local/etc/nginx/snippets', + 'streams_dir': '/usr/local/etc/nginx/streams', 'server_use_symlink': True, 'pid_file': '/var/run/nginx.pid', }, @@ -132,6 +139,9 @@ 'events': { 'worker_connections': 512, }, + 'stream' : { + 'include': '/etc/nginx/streams/*', + }, 'http': { 'sendfile': 'on', 'tcp_nopush': 'on', @@ -196,3 +206,7 @@ }) %} {% endif %} {% endif %} + +{% if salt['grains.get']('os_family') == 'FreeBSD' %} + {% do nginx.server.config.stream.update({'include' : nginx.lookup.streams_dir ~ '/*'}) %} +{% endif %} diff --git a/nginx/passenger.sls b/nginx/passenger.sls index 91808c0a..c6d55bdd 100644 --- a/nginx/passenger.sls +++ b/nginx/passenger.sls @@ -15,6 +15,9 @@ include: {%- if nginx.snippets is defined %} - nginx.snippets {%- endif %} + {%- if nginx.streams is defined %} + - nginx.streams + {%- endif %} - nginx.servers - nginx.certificates diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls index 3d86d1a1..aa7d84c3 100644 --- a/nginx/servers_config.sls +++ b/nginx/servers_config.sls @@ -11,6 +11,7 @@ {#- _nginx is a lightened copy of nginx map intended to passed in templates #} {%- set _nginx = nginx.copy() %} {%- do _nginx.pop('snippets') %} +{%- do _nginx.pop('streams') %} {%- do _nginx.pop('servers') %} # Simple path concatenation. diff --git a/nginx/streams.sls b/nginx/streams.sls new file mode 100644 index 00000000..dc61b961 --- /dev/null +++ b/nginx/streams.sls @@ -0,0 +1,31 @@ +# nginx.streams +# +# Manages creation of streams + +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %} +{%- from tplroot ~ '/libtofs.jinja' import files_switch with context %} + +{#- _nginx is a lightened copy of nginx map intended to passed in templates #} +{%- set _nginx = nginx.copy() %} +{%- do _nginx.pop('streams') %} +{%- do _nginx.pop('servers') %} + +nginx_streams_dir: + file.directory: + {{ sls_block(nginx.servers.dir_opts) }} + - name: {{ nginx.lookup.streams_dir }} + +{% for stream, config in nginx.streams.items() %} +nginx_streams_{{ stream }}: + file.managed: + - name: {{ nginx.lookup.streams_dir ~ '/' ~ stream }} + - source: {{ files_switch([ stream, 'server.conf' ], + 'nginx_stream_file_managed' + ) + }} + - template: jinja + - context: + config: {{ config|json() }} + nginx: {{ _nginx|json() }} +{% endfor %} From 96945ca48400a3c919d86986d5a8bb81cdda4493 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Tue, 26 Jan 2021 13:10:58 +0200 Subject: [PATCH 2/7] add pillar.example example --- pillar.example | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 3654979e..6e565882 100644 --- a/pillar.example +++ b/pillar.example @@ -94,7 +94,16 @@ nginx: - upstream netdata: - server: 127.0.0.1:19999 - keepalive: 64 - + + streams: + example_stream: + - upstream some_upstream: + - server: '10.0.0.1:8000' + - server: '10.0.0.2:8000' + - server: + - listen: 7000 + - proxy_pass: some_upstream + server: # this partially exposes file.managed parameters as they relate to the main # nginx.conf file From 3df82ac328b7f15de993cfb5f6ae2b6b427c8757 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Mon, 12 Jul 2021 15:23:18 +0200 Subject: [PATCH 3/7] add defined check in streams config --- nginx/streams.sls | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nginx/streams.sls b/nginx/streams.sls index dc61b961..3bf4d990 100644 --- a/nginx/streams.sls +++ b/nginx/streams.sls @@ -8,8 +8,10 @@ {#- _nginx is a lightened copy of nginx map intended to passed in templates #} {%- set _nginx = nginx.copy() %} -{%- do _nginx.pop('streams') %} -{%- do _nginx.pop('servers') %} + +{%- do _nginx.pop('streams') if nginx.snippets is defined %} +{%- do _nginx.pop('servers') if nginx.servers is defined %} + nginx_streams_dir: file.directory: From 0ffb4576d2940db29cc8c512f6320445ad87f71d Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Mon, 12 Jul 2021 15:26:53 +0200 Subject: [PATCH 4/7] bring formula up to date with master --- nginx/servers_config.sls | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls index 2b87f1df..7d77987d 100644 --- a/nginx/servers_config.sls +++ b/nginx/servers_config.sls @@ -10,14 +10,10 @@ {% set server_states = [] %} {#- _nginx is a lightened copy of nginx map intended to passed in templates #} {%- set _nginx = nginx.copy() %} -<<<<<<< HEAD {%- do _nginx.pop('snippets') %} -{%- do _nginx.pop('streams') %} -{%- do _nginx.pop('servers') %} -======= +{%- do _nginx.pop('streams') if nginx.streams is defined %} {%- do _nginx.pop('snippets') if nginx.snippets is defined %} {%- do _nginx.pop('servers') if nginx.servers is defined %} ->>>>>>> 6a42a9bdf84e764cb4b3313ad2b6d95688517dec # Simple path concatenation. # Needs work to make this function on windows. From 3b727d05ef53079c89bed51facbc534a138ebd84 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Mon, 12 Jul 2021 15:30:02 +0200 Subject: [PATCH 5/7] fix botched merge conflict resolution --- nginx/servers_config.sls | 1 - 1 file changed, 1 deletion(-) diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls index 7d77987d..0b1a4f1b 100644 --- a/nginx/servers_config.sls +++ b/nginx/servers_config.sls @@ -10,7 +10,6 @@ {% set server_states = [] %} {#- _nginx is a lightened copy of nginx map intended to passed in templates #} {%- set _nginx = nginx.copy() %} -{%- do _nginx.pop('snippets') %} {%- do _nginx.pop('streams') if nginx.streams is defined %} {%- do _nginx.pop('snippets') if nginx.snippets is defined %} {%- do _nginx.pop('servers') if nginx.servers is defined %} From 26d895f21d2ab89390ec4c2e3576e58d0c4a7156 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Thu, 21 Apr 2022 11:50:56 +0200 Subject: [PATCH 6/7] feat(streams): add support for nginx streams --- .github/workflows/kitchen.vagrant.yml | 38 + .gitignore | 12 + .gitlab-ci.yml | 140 +++- .pre-commit-config.yaml | 31 +- .rstcheck.cfg | 3 +- .rubocop.yml | 9 +- .travis.yml | 148 ++-- .yamllint | 16 +- AUTHORS.md | 149 ++-- CHANGELOG.md | 199 ++++++ CODEOWNERS | 6 + FORMULA | 2 +- Gemfile | 31 +- Gemfile.lock | 658 +++++++++++------- docs/AUTHORS.rst | 173 ++--- docs/CHANGELOG.rst | 242 +++++++ docs/README.apt.keyrings.rst | 34 + docs/README.rst | 62 ++ kitchen.vagrant.yml | 32 + kitchen.yml | 387 +++++++--- nginx/_mapdata/_mapdata.jinja | 13 + nginx/_mapdata/init.sls | 22 + nginx/certificates.sls | 1 + nginx/files/default/nginx-archive-keyring.gpg | Bin 0 -> 1067 bytes .../phusionpassenger-archive-keyring.gpg | Bin 0 -> 192863 bytes nginx/init.sls | 3 + nginx/map.jinja | 24 +- nginx/passenger.sls | 6 + nginx/pkg.sls | 98 ++- nginx/servers.sls | 28 +- nginx/servers_config.sls | 21 +- nginx/service.sls | 3 + nginx/snippets.sls | 11 +- nginx/streams.sls | 33 + pillar.example | 34 +- pre-commit_semantic-release.sh | 8 +- test/integration/default/controls/config.rb | 78 ++- test/integration/default/controls/file.rb | 9 + test/integration/default/controls/install.rb | 2 + test/integration/default/controls/service.rb | 3 + test/integration/default/inspec.yml | 9 + test/integration/passenger/README.md | 50 ++ test/integration/passenger/controls/config.rb | 58 ++ .../integration/passenger/controls/install.rb | 28 + .../passenger/controls/repository.rb | 37 + .../integration/passenger/controls/service.rb | 28 + test/integration/passenger/inspec.yml | 27 + test/integration/share/README.md | 22 + test/integration/share/inspec.yml | 24 + test/integration/share/libraries/system.rb | 134 ++++ test/salt/default/pillar/nginx.sls | 13 + .../test_dep/create_dependency_file.sls | 6 + test/salt/passenger/pillar/nginx.sls | 60 ++ 53 files changed, 2586 insertions(+), 679 deletions(-) create mode 100644 .github/workflows/kitchen.vagrant.yml create mode 100644 docs/README.apt.keyrings.rst create mode 100644 kitchen.vagrant.yml create mode 100644 nginx/_mapdata/_mapdata.jinja create mode 100644 nginx/_mapdata/init.sls create mode 100644 nginx/files/default/nginx-archive-keyring.gpg create mode 100644 nginx/files/default/phusionpassenger-archive-keyring.gpg create mode 100644 nginx/streams.sls create mode 100644 test/integration/default/controls/file.rb create mode 100644 test/integration/passenger/README.md create mode 100644 test/integration/passenger/controls/config.rb create mode 100644 test/integration/passenger/controls/install.rb create mode 100644 test/integration/passenger/controls/repository.rb create mode 100644 test/integration/passenger/controls/service.rb create mode 100644 test/integration/passenger/inspec.yml create mode 100644 test/integration/share/README.md create mode 100644 test/integration/share/inspec.yml create mode 100644 test/integration/share/libraries/system.rb create mode 100644 test/salt/default/states/test_dep/create_dependency_file.sls create mode 100644 test/salt/passenger/pillar/nginx.sls diff --git a/.github/workflows/kitchen.vagrant.yml b/.github/workflows/kitchen.vagrant.yml new file mode 100644 index 00000000..ee67a32c --- /dev/null +++ b/.github/workflows/kitchen.vagrant.yml @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: 'Kitchen Vagrant (FreeBSD)' +'on': ['push', 'pull_request'] + +env: + KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml' + +jobs: + test: + runs-on: 'macos-10.15' + strategy: + fail-fast: false + matrix: + instance: + - default-freebsd-130-master-py3 + # - freebsd-130-master-py3 + - default-freebsd-123-master-py3 + # - freebsd-123-master-py3 + # - default-freebsd-130-3004-0-py3 + # - default-freebsd-123-3004-0-py3 + steps: + - name: 'Check out code' + uses: 'actions/checkout@v2' + - name: 'Set up Bundler cache' + uses: 'actions/cache@v1' + with: + path: 'vendor/bundle' + key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}" + restore-keys: "${{ runner.os }}-gems-" + - name: 'Run Bundler' + run: | + ruby --version + bundle config path vendor/bundle + bundle install --jobs 4 --retry 3 + - name: 'Run Test Kitchen' + run: 'bundle exec kitchen verify ${{ matrix.instance }}' diff --git a/.gitignore b/.gitignore index 6995110e..39752a7a 100644 --- a/.gitignore +++ b/.gitignore @@ -91,6 +91,9 @@ celerybeat-schedule venv/ ENV/ +# visual studio +.vs/ + # Spyder project settings .spyderproject .spyproject @@ -120,3 +123,12 @@ docs/*.md Dockerfile.*_* ignore/ tmp/ + +# `salt-formula` -- Vagrant Specific files +.vagrant +top.sls +!test/salt/pillar/top.sls + +# `suricata-formula` -- Platform binaries +*.rpm +*.deb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2f263f1d..440bfff7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -46,7 +46,7 @@ variables: DOCKER_DRIVER: 'overlay2' ############################################################################### -# `lint` stage: `commitlint` & `pre-commit` +# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed) ############################################################################### commitlint: stage: *stage_lint @@ -102,7 +102,7 @@ rubocop: ############################################################################### # Define `test` template ############################################################################### -.test_instance: +.test_instance: &test_instance stage: *stage_test image: *image_dindruby services: *services_docker_dind @@ -117,41 +117,121 @@ rubocop: # Alternative value to consider: `${CI_JOB_NAME}` - 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"' +############################################################################### +# Define `test` template (`allow_failure: true`) +############################################################################### +.test_instance_failure_permitted: + <<: *test_instance + allow_failure: true + ############################################################################### # `test` stage: each instance below uses the `test` template above ############################################################################### ## Define the rest of the matrix based on Kitchen testing # Make sure the instances listed below match up with # the `platforms` defined in `kitchen.yml` -default-debian-10-master-py3: {extends: '.test_instance'} +# yamllint disable rule:line-length +# default-debian-11-tiamat-py3: {extends: '.test_instance'} +# default-debian-10-tiamat-py3: {extends: '.test_instance'} +# default-debian-9-tiamat-py3: {extends: '.test_instance'} +# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'} +# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'} +# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-tiamat-py3: {extends: '.test_instance'} +# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'} +# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'} +# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'} +# default-almalinux-8-tiamat-py3: {extends: '.test_instance'} +# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'} +# default-debian-11-master-py3: {extends: '.test_instance'} +# passenger-debian-11-master-py3: {extends: '.test_instance'} +debian-11-master-py3: {extends: '.test_instance_failure_permitted'} +# default-debian-10-master-py3: {extends: '.test_instance'} +# passenger-debian-10-master-py3: {extends: '.test_instance'} +debian-10-master-py3: {extends: '.test_instance'} +# default-debian-9-master-py3: {extends: '.test_instance'} +# passenger-debian-9-master-py3: {extends: '.test_instance'} +debian-9-master-py3: {extends: '.test_instance'} +# default-ubuntu-2004-master-py3: {extends: '.test_instance'} +# passenger-ubuntu-2004-master-py3: {extends: '.test_instance'} +ubuntu-2004-master-py3: {extends: '.test_instance'} # default-ubuntu-1804-master-py3: {extends: '.test_instance'} -# default-centos-8-master-py3: {extends: '.test_instance'} -# default-fedora-31-master-py3: {extends: '.test_instance'} -# default-opensuse-leap-151-master-py3: {extends: '.test_instance'} -# default-amazonlinux-2-master-py3: {extends: '.test_instance'} -# default-debian-10-2019-2-py3: {extends: '.test_instance'} -# default-debian-9-2019-2-py3: {extends: '.test_instance'} -default-ubuntu-1804-2019-2-py3: {extends: '.test_instance'} -default-centos-8-2019-2-py3: {extends: '.test_instance'} -# default-fedora-31-2019-2-py3: {extends: '.test_instance'} -# default-opensuse-leap-151-2019-2-py3: {extends: '.test_instance'} -# default-centos-7-2019-2-py2: {extends: '.test_instance'} -# default-amazonlinux-2-2019-2-py3: {extends: '.test_instance'} -default-arch-base-latest-2019-2-py2: {extends: '.test_instance'} -default-fedora-30-2018-3-py3: {extends: '.test_instance'} -# default-debian-9-2018-3-py2: {extends: '.test_instance'} -# default-ubuntu-1604-2018-3-py2: {extends: '.test_instance'} -# default-centos-7-2018-3-py2: {extends: '.test_instance'} -default-opensuse-leap-151-2018-3-py2: {extends: '.test_instance'} -# default-amazonlinux-1-2018-3-py2: {extends: '.test_instance'} -# default-arch-base-latest-2018-3-py2: {extends: '.test_instance'} -# default-debian-8-2017-7-py2: {extends: '.test_instance'} -# default-ubuntu-1604-2017-7-py2: {extends: '.test_instance'} -# default-centos-6-2017-7-py2: {extends: '.test_instance'} -# default-fedora-30-2017-7-py2: {extends: '.test_instance'} -# default-opensuse-leap-151-2017-7-py2: {extends: '.test_instance'} -# default-amazonlinux-1-2017-7-py2: {extends: '.test_instance'} -# default-arch-base-latest-2017-7-py2: {extends: '.test_instance'} +# passenger-ubuntu-1804-master-py3: {extends: '.test_instance'} +ubuntu-1804-master-py3: {extends: '.test_instance'} +# default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'} +# passenger-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'} +centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-master-py3: {extends: '.test_instance'} +# passenger-centos-7-master-py3: {extends: '.test_instance'} +centos-7-master-py3: {extends: '.test_instance'} +default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'} +# fedora-36-master-py3: {extends: '.test_instance_failure_permitted'} +default-fedora-35-master-py3: {extends: '.test_instance'} +# fedora-35-master-py3: {extends: '.test_instance'} +default-fedora-34-master-py3: {extends: '.test_instance'} +# fedora-34-master-py3: {extends: '.test_instance'} +default-opensuse-leap-153-master-py3: {extends: '.test_instance'} +# opensuse-leap-153-master-py3: {extends: '.test_instance'} +default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'} +# opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'} +default-amazonlinux-2-master-py3: {extends: '.test_instance'} +# amazonlinux-2-master-py3: {extends: '.test_instance'} +# default-oraclelinux-8-master-py3: {extends: '.test_instance'} +# passenger-oraclelinux-8-master-py3: {extends: '.test_instance'} +oraclelinux-8-master-py3: {extends: '.test_instance'} +default-oraclelinux-7-master-py3: {extends: '.test_instance'} +# oraclelinux-7-master-py3: {extends: '.test_instance'} +default-arch-base-latest-master-py3: {extends: '.test_instance'} +# arch-base-latest-master-py3: {extends: '.test_instance'} +# default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'} +# gentoo-stage3-latest-master-py3: {extends: '.test_instance'} +default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'} +# gentoo-stage3-systemd-master-py3: {extends: '.test_instance'} +# default-almalinux-8-master-py3: {extends: '.test_instance'} +# passenger-almalinux-8-master-py3: {extends: '.test_instance'} +almalinux-8-master-py3: {extends: '.test_instance'} +# default-rockylinux-8-master-py3: {extends: '.test_instance'} +# passenger-rockylinux-8-master-py3: {extends: '.test_instance'} +rockylinux-8-master-py3: {extends: '.test_instance'} +# default-debian-11-3004-1-py3: {extends: '.test_instance'} +# default-debian-10-3004-1-py3: {extends: '.test_instance'} +# default-debian-9-3004-1-py3: {extends: '.test_instance'} +# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'} +# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'} +# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-3004-1-py3: {extends: '.test_instance'} +# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'} +# default-fedora-35-3004-1-py3: {extends: '.test_instance'} +# default-fedora-34-3004-1-py3: {extends: '.test_instance'} +# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'} +# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'} +# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'} +# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'} +# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'} +# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'} +# default-almalinux-8-3004-1-py3: {extends: '.test_instance'} +# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'} +# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'} +# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'} +# default-debian-10-3003-4-py3: {extends: '.test_instance'} +# default-debian-9-3003-4-py3: {extends: '.test_instance'} +# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'} +# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'} +# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'} +# default-centos-7-3003-4-py3: {extends: '.test_instance'} +# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'} +# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'} +# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'} +# default-almalinux-8-3003-4-py3: {extends: '.test_instance'} +# default-debian-10-3002-8-py3: {extends: '.test_instance'} +# default-debian-9-3002-8-py3: {extends: '.test_instance'} +# default-ubuntu-2004-3002-8-py3: {extends: '.test_instance'} +# default-ubuntu-1804-3002-8-py3: {extends: '.test_instance'} +# default-centos-7-3002-8-py3: {extends: '.test_instance'} +# default-amazonlinux-2-3002-8-py3: {extends: '.test_instance'} +# default-oraclelinux-8-3002-8-py3: {extends: '.test_instance'} +# default-oraclelinux-7-3002-8-py3: {extends: '.test_instance'} +# yamllint enable rule:line-length ############################################################################### # `release` stage: `semantic-release` diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 136e470c..2cb381ed 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,16 +17,23 @@ repos: stages: [manual] additional_dependencies: ['@commitlint/config-conventional@8.3.4'] always_run: true - - repo: https://github.com/jumanjihouse/pre-commit-hooks - rev: 2.1.3 + - repo: https://github.com/rubocop-hq/rubocop + rev: v1.25.1 + hooks: + - id: rubocop + name: Check Ruby files with rubocop + args: [--debug] + always_run: true + pass_filenames: false + - repo: https://github.com/shellcheck-py/shellcheck-py + rev: v0.8.0.4 hooks: - id: shellcheck name: Check shell scripts with shellcheck files: ^.*\.(sh|bash|ksh)$ types: [] - args: [] - - repo: https://github.com/adrienverge/yamllint.git - rev: v1.23.0 + - repo: https://github.com/adrienverge/yamllint + rev: v1.26.3 hooks: - id: yamllint name: Check YAML syntax with yamllint @@ -34,7 +41,7 @@ repos: always_run: true pass_filenames: false - repo: https://github.com/warpnet/salt-lint - rev: v0.3.0 + rev: v0.8.0 hooks: - id: salt-lint name: Check Salt files using salt-lint @@ -45,4 +52,14 @@ repos: - id: rstcheck name: Check reST files using rstcheck exclude: 'docs/CHANGELOG.rst' - args: [--report=warning] + - repo: https://github.com/saltstack-formulas/mirrors-rst-lint + rev: v1.3.2 + hooks: + - id: rst-lint + name: Check reST files using rst-lint + exclude: | + (?x)^( + docs/CHANGELOG.rst| + docs/TOFS_pattern.rst| + )$ + additional_dependencies: [pygments==2.9.0] diff --git a/.rstcheck.cfg b/.rstcheck.cfg index 05856dc7..5383623e 100644 --- a/.rstcheck.cfg +++ b/.rstcheck.cfg @@ -1,3 +1,4 @@ [rstcheck] -report=error +report=info ignore_language=rst +ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$) diff --git a/.rubocop.yml b/.rubocop.yml index 7fd75ac0..bf4d107f 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -7,10 +7,17 @@ Layout/LineLength: # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) Max: 88 Metrics/BlockLength: - ExcludedMethods: + IgnoredMethods: - control - describe # Increase from default of `25` Max: 30 +Security/YAMLLoad: + Exclude: + - test/integration/**/_mapdata.rb + +# General settings across all cops in this formula +AllCops: + NewCops: enable # Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` diff --git a/.travis.yml b/.travis.yml index 0110ed05..f7cd207d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -36,17 +36,14 @@ stages: # - name: 'release' # if: 'branch = master AND type != pull_request' jobs: - allow_failures: - - env: Lint_rubocop - fast_finish: true include: ## Define the test stage that runs the linters (and testing matrix, if applicable) - # Run all of the linters in a single job (except `rubocop`) + # Run all of the linters in a single job - language: 'node_js' node_js: 'lts/*' env: 'Lint' - name: 'Lint: salt-lint, yamllint, shellcheck & commitlint' + name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint' before_install: 'skip' script: # Install and run `salt-lint` @@ -57,6 +54,9 @@ jobs: # Need at least `v1.17.0` for the `yaml-files` setting - pip install --user yamllint>=1.17.0 - yamllint -s . + # Install and run `rubocop` + - gem install rubocop + - rubocop -d # Run `shellcheck` (already pre-installed in Travis) - shellcheck --version - git ls-files -- '*.sh' '*.bash' '*.ksh' @@ -65,17 +65,6 @@ jobs: - npm i -D @commitlint/config-conventional @commitlint/travis-cli - commitlint-travis - # Run the `rubocop` linter in a separate job that is allowed to fail - # Once these lint errors are fixed, this can be merged into a single job - - language: node_js - node_js: lts/* - env: Lint_rubocop - name: 'Lint: rubocop' - before_install: skip - script: - # Install and run `rubocop` - - gem install rubocop - - rubocop -d # Run `pre-commit` linters in a single job - language: 'python' @@ -94,35 +83,106 @@ jobs: ## Define the rest of the matrix based on Kitchen testing # Make sure the instances listed below match up with # the `platforms` defined in `kitchen.yml` - - env: INSTANCE=default-debian-10-master-py3 + # - env: INSTANCE=default-debian-11-tiamat-py3 + # - env: INSTANCE=default-debian-10-tiamat-py3 + # - env: INSTANCE=default-debian-9-tiamat-py3 + # - env: INSTANCE=default-ubuntu-2004-tiamat-py3 + # - env: INSTANCE=default-ubuntu-1804-tiamat-py3 + # - env: INSTANCE=default-centos-stream8-tiamat-py3 + # - env: INSTANCE=default-centos-7-tiamat-py3 + # - env: INSTANCE=default-amazonlinux-2-tiamat-py3 + # - env: INSTANCE=default-oraclelinux-8-tiamat-py3 + # - env: INSTANCE=default-oraclelinux-7-tiamat-py3 + # - env: INSTANCE=default-almalinux-8-tiamat-py3 + # - env: INSTANCE=default-rockylinux-8-tiamat-py3 + # - env: INSTANCE=default-debian-11-master-py3 + # - env: INSTANCE=passenger-debian-11-master-py3 + - env: INSTANCE=debian-11-master-py3 + # - env: INSTANCE=default-debian-10-master-py3 + # - env: INSTANCE=passenger-debian-10-master-py3 + - env: INSTANCE=debian-10-master-py3 + # - env: INSTANCE=default-debian-9-master-py3 + # - env: INSTANCE=passenger-debian-9-master-py3 + - env: INSTANCE=debian-9-master-py3 + # - env: INSTANCE=default-ubuntu-2004-master-py3 + # - env: INSTANCE=passenger-ubuntu-2004-master-py3 + - env: INSTANCE=ubuntu-2004-master-py3 # - env: INSTANCE=default-ubuntu-1804-master-py3 - # - env: INSTANCE=default-centos-8-master-py3 - # - env: INSTANCE=default-fedora-31-master-py3 - # - env: INSTANCE=default-opensuse-leap-151-master-py3 - # - env: INSTANCE=default-amazonlinux-2-master-py3 - # - env: INSTANCE=default-debian-10-2019-2-py3 - # - env: INSTANCE=default-debian-9-2019-2-py3 - - env: INSTANCE=default-ubuntu-1804-2019-2-py3 - - env: INSTANCE=default-centos-8-2019-2-py3 - # - env: INSTANCE=default-fedora-31-2019-2-py3 - # - env: INSTANCE=default-opensuse-leap-151-2019-2-py3 - # - env: INSTANCE=default-centos-7-2019-2-py2 - # - env: INSTANCE=default-amazonlinux-2-2019-2-py3 - - env: INSTANCE=default-arch-base-latest-2019-2-py2 - - env: INSTANCE=default-fedora-30-2018-3-py3 - # - env: INSTANCE=default-debian-9-2018-3-py2 - # - env: INSTANCE=default-ubuntu-1604-2018-3-py2 - # - env: INSTANCE=default-centos-7-2018-3-py2 - - env: INSTANCE=default-opensuse-leap-151-2018-3-py2 - # - env: INSTANCE=default-amazonlinux-1-2018-3-py2 - # - env: INSTANCE=default-arch-base-latest-2018-3-py2 - # - env: INSTANCE=default-debian-8-2017-7-py2 - # - env: INSTANCE=default-ubuntu-1604-2017-7-py2 - # - env: INSTANCE=default-centos-6-2017-7-py2 - # - env: INSTANCE=default-fedora-30-2017-7-py2 - # - env: INSTANCE=default-opensuse-leap-151-2017-7-py2 - # - env: INSTANCE=default-amazonlinux-1-2017-7-py2 - # - env: INSTANCE=default-arch-base-latest-2017-7-py2 + # - env: INSTANCE=passenger-ubuntu-1804-master-py3 + - env: INSTANCE=ubuntu-1804-master-py3 + # - env: INSTANCE=default-centos-stream8-master-py3 + # - env: INSTANCE=passenger-centos-stream8-master-py3 + - env: INSTANCE=centos-stream8-master-py3 + # - env: INSTANCE=default-centos-7-master-py3 + # - env: INSTANCE=passenger-centos-7-master-py3 + - env: INSTANCE=centos-7-master-py3 + - env: INSTANCE=default-fedora-36-master-py3 + # - env: INSTANCE=fedora-36-master-py3 + - env: INSTANCE=default-fedora-35-master-py3 + # - env: INSTANCE=fedora-35-master-py3 + - env: INSTANCE=default-fedora-34-master-py3 + # - env: INSTANCE=fedora-34-master-py3 + - env: INSTANCE=default-opensuse-leap-153-master-py3 + # - env: INSTANCE=opensuse-leap-153-master-py3 + - env: INSTANCE=default-opensuse-tmbl-latest-master-py3 + # - env: INSTANCE=opensuse-tmbl-latest-master-py3 + - env: INSTANCE=default-amazonlinux-2-master-py3 + # - env: INSTANCE=amazonlinux-2-master-py3 + # - env: INSTANCE=default-oraclelinux-8-master-py3 + # - env: INSTANCE=passenger-oraclelinux-8-master-py3 + - env: INSTANCE=oraclelinux-8-master-py3 + - env: INSTANCE=default-oraclelinux-7-master-py3 + # - env: INSTANCE=oraclelinux-7-master-py3 + - env: INSTANCE=default-arch-base-latest-master-py3 + # - env: INSTANCE=arch-base-latest-master-py3 + # - env: INSTANCE=default-gentoo-stage3-latest-master-py3 + # - env: INSTANCE=gentoo-stage3-latest-master-py3 + - env: INSTANCE=default-gentoo-stage3-systemd-master-py3 + # - env: INSTANCE=gentoo-stage3-systemd-master-py3 + # - env: INSTANCE=default-almalinux-8-master-py3 + # - env: INSTANCE=passenger-almalinux-8-master-py3 + - env: INSTANCE=almalinux-8-master-py3 + # - env: INSTANCE=default-rockylinux-8-master-py3 + # - env: INSTANCE=passenger-rockylinux-8-master-py3 + - env: INSTANCE=rockylinux-8-master-py3 + # - env: INSTANCE=default-debian-11-3004-1-py3 + # - env: INSTANCE=default-debian-10-3004-1-py3 + # - env: INSTANCE=default-debian-9-3004-1-py3 + # - env: INSTANCE=default-ubuntu-2004-3004-1-py3 + # - env: INSTANCE=default-ubuntu-1804-3004-1-py3 + # - env: INSTANCE=default-centos-stream8-3004-1-py3 + # - env: INSTANCE=default-centos-7-3004-1-py3 + # - env: INSTANCE=default-fedora-36-3004-1-py3 + # - env: INSTANCE=default-fedora-35-3004-1-py3 + # - env: INSTANCE=default-fedora-34-3004-1-py3 + # - env: INSTANCE=default-amazonlinux-2-3004-1-py3 + # - env: INSTANCE=default-oraclelinux-8-3004-1-py3 + # - env: INSTANCE=default-oraclelinux-7-3004-1-py3 + # - env: INSTANCE=default-arch-base-latest-3004-1-py3 + # - env: INSTANCE=default-gentoo-stage3-latest-3004-1-py3 + # - env: INSTANCE=default-gentoo-stage3-systemd-3004-1-py3 + # - env: INSTANCE=default-almalinux-8-3004-1-py3 + # - env: INSTANCE=default-rockylinux-8-3004-1-py3 + # - env: INSTANCE=default-opensuse-leap-153-3004-0-py3 + # - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3 + # - env: INSTANCE=default-debian-10-3003-4-py3 + # - env: INSTANCE=default-debian-9-3003-4-py3 + # - env: INSTANCE=default-ubuntu-2004-3003-4-py3 + # - env: INSTANCE=default-ubuntu-1804-3003-4-py3 + # - env: INSTANCE=default-centos-stream8-3003-4-py3 + # - env: INSTANCE=default-centos-7-3003-4-py3 + # - env: INSTANCE=default-amazonlinux-2-3003-4-py3 + # - env: INSTANCE=default-oraclelinux-8-3003-4-py3 + # - env: INSTANCE=default-oraclelinux-7-3003-4-py3 + # - env: INSTANCE=default-almalinux-8-3003-4-py3 + # - env: INSTANCE=default-debian-10-3002-8-py3 + # - env: INSTANCE=default-debian-9-3002-8-py3 + # - env: INSTANCE=default-ubuntu-2004-3002-8-py3 + # - env: INSTANCE=default-ubuntu-1804-3002-8-py3 + # - env: INSTANCE=default-centos-7-3002-8-py3 + # - env: INSTANCE=default-amazonlinux-2-3002-8-py3 + # - env: INSTANCE=default-oraclelinux-8-3002-8-py3 + # - env: INSTANCE=default-oraclelinux-7-3002-8-py3 ## Define the release stage that runs `semantic-release` - stage: 'release' diff --git a/.yamllint b/.yamllint index 73bcbe2b..08644861 100644 --- a/.yamllint +++ b/.yamllint @@ -2,17 +2,25 @@ # vim: ft=yaml --- # Extend the `default` configuration provided by `yamllint` -extends: default +extends: 'default' # Files to ignore completely -# 1. All YAML files under directory `node_modules/`, introduced during the Travis run -# 2. Any SLS files under directory `test/`, which are actually state files -# 3. Any YAML files under directory `.kitchen/`, introduced during local testing +# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally +# 2. All YAML files under directory `.cache/`, introduced during the CI run +# 3. All YAML files under directory `.git/` +# 4. All YAML files under directory `node_modules/`, introduced during the CI run +# 5. Any SLS files under directory `test/`, which are actually state files +# 6. Any YAML files under directory `.kitchen/`, introduced during local testing +# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax ignore: | + .bundle/ .cache/ + .git/ node_modules/ test/**/states/**/*.sls .kitchen/ + kitchen.vagrant.yml + test/salt/passenger/pillar/nginx.sls yaml-files: # Default settings diff --git a/AUTHORS.md b/AUTHORS.md index 87a22dc7..7b56f653 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -4,79 +4,82 @@ This list is sorted by the number of commits per contributor in _descending_ ord Avatar|Contributor|Contributions :-:|---|:-: -@myii|[@myii](https://github.com/myii)|82 -@aboe76|[@aboe76](https://github.com/aboe76)|46 -@gravyboat|[@gravyboat](https://github.com/gravyboat)|27 -@nmadhok|[@nmadhok](https://github.com/nmadhok)|24 -@noelmcloughlin|[@noelmcloughlin](https://github.com/noelmcloughlin)|18 -@whiteinge|[@whiteinge](https://github.com/whiteinge)|17 -@ross-p|[@ross-p](https://github.com/ross-p)|13 -@daks|[@daks](https://github.com/daks)|11 -@techhat|[@techhat](https://github.com/techhat)|10 -@javierbertoli|[@javierbertoli](https://github.com/javierbertoli)|9 -@arthurlogilab|[@arthurlogilab](https://github.com/arthurlogilab)|8 -@cheuschober|[@cheuschober](https://github.com/cheuschober)|8 -@dseira|[@dseira](https://github.com/dseira)|8 -@amontalban|[@amontalban](https://github.com/amontalban)|7 -@puneetk|[@puneetk](https://github.com/puneetk)|7 -@TaiSHiNet|[@TaiSHiNet](https://github.com/TaiSHiNet)|6 -@EvaSDK|[@EvaSDK](https://github.com/EvaSDK)|6 -@cackovic|[@cackovic](https://github.com/cackovic)|5 -@auser|[@auser](https://github.com/auser)|5 -@stp-ip|[@stp-ip](https://github.com/stp-ip)|5 -@ahmadsherif|[@ahmadsherif](https://github.com/ahmadsherif)|4 -@n-rodriguez|[@n-rodriguez](https://github.com/n-rodriguez)|4 -@teepark|[@teepark](https://github.com/teepark)|4 -@alinefr|[@alinefr](https://github.com/alinefr)|3 -@devaos|[@devaos](https://github.com/devaos)|3 -@bmwiedemann|[@bmwiedemann](https://github.com/bmwiedemann)|3 -@terminalmage|[@terminalmage](https://github.com/terminalmage)|3 -@imran1008|[@imran1008](https://github.com/imran1008)|3 -@morsik|[@morsik](https://github.com/morsik)|3 -@msciciel|[@msciciel](https://github.com/msciciel)|3 -@rfairburn|[@rfairburn](https://github.com/rfairburn)|3 -@westurner|[@westurner](https://github.com/westurner)|3 -@chris-sanders|[@chris-sanders](https://github.com/chris-sanders)|2 -@dafyddj|[@dafyddj](https://github.com/dafyddj)|2 -@UtahDave|[@UtahDave](https://github.com/UtahDave)|2 -@ghtyrant|[@ghtyrant](https://github.com/ghtyrant)|2 -@pprkut|[@pprkut](https://github.com/pprkut)|2 -@jstrunk|[@jstrunk](https://github.com/jstrunk)|2 -@johnkeates|[@johnkeates](https://github.com/johnkeates)|2 -@kmshultz|[@kmshultz](https://github.com/kmshultz)|2 -@malept|[@malept](https://github.com/malept)|2 -@meganlkm|[@meganlkm](https://github.com/meganlkm)|2 -@garrettw|[@garrettw](https://github.com/garrettw)|2 -@ErisDS|[@ErisDS](https://github.com/ErisDS)|2 -@myoung34|[@myoung34](https://github.com/myoung34)|2 -@sticky-note|[@sticky-note](https://github.com/sticky-note)|2 -@bebosudo|[@bebosudo](https://github.com/bebosudo)|1 -@aanriot|[@aanriot](https://github.com/aanriot)|1 -@andrew-vant|[@andrew-vant](https://github.com/andrew-vant)|1 -@bemosior|[@bemosior](https://github.com/bemosior)|1 -@SuperTux88|[@SuperTux88](https://github.com/SuperTux88)|1 -@bogdanr|[@bogdanr](https://github.com/bogdanr)|1 -@blbradley|[@blbradley](https://github.com/blbradley)|1 -@CorwinTanner|[@CorwinTanner](https://github.com/CorwinTanner)|1 -@fayetted|[@fayetted](https://github.com/fayetted)|1 -@czarneckid|[@czarneckid](https://github.com/czarneckid)|1 -@statik|[@statik](https://github.com/statik)|1 -@ekristen|[@ekristen](https://github.com/ekristen)|1 -@jeduardo|[@jeduardo](https://github.com/jeduardo)|1 -@stromnet|[@stromnet](https://github.com/stromnet)|1 -@bsdlp|[@bsdlp](https://github.com/bsdlp)|1 -@MEschenbacher|[@MEschenbacher](https://github.com/MEschenbacher)|1 -@renich|[@renich](https://github.com/renich)|1 -@outime|[@outime](https://github.com/outime)|1 -@scub|[@scub](https://github.com/scub)|1 -@thatch45|[@thatch45](https://github.com/thatch45)|1 -@blarghmatey|[@blarghmatey](https://github.com/blarghmatey)|1 -@babilen5|[@babilen5](https://github.com/babilen5)|1 -@abednarik|[@abednarik](https://github.com/abednarik)|1 -@francesco-a|[@francesco-a](https://github.com/francesco-a)|1 -@oboyle|[@oboyle](https://github.com/oboyle)|1 -@bersace|[@bersace](https://github.com/bersace)|1 +@myii|[@myii](https://github.com/myii)|155 +@aboe76|[@aboe76](https://github.com/aboe76)|46 +@javierbertoli|[@javierbertoli](https://github.com/javierbertoli)|29 +@gravyboat|[@gravyboat](https://github.com/gravyboat)|27 +@nmadhok|[@nmadhok](https://github.com/nmadhok)|24 +@noelmcloughlin|[@noelmcloughlin](https://github.com/noelmcloughlin)|19 +@whiteinge|[@whiteinge](https://github.com/whiteinge)|17 +@ross-p|[@ross-p](https://github.com/ross-p)|13 +@daks|[@daks](https://github.com/daks)|11 +@techhat|[@techhat](https://github.com/techhat)|10 +@arthurlogilab|[@arthurlogilab](https://github.com/arthurlogilab)|8 +@cheuschober|[@cheuschober](https://github.com/cheuschober)|8 +@dseira|[@dseira](https://github.com/dseira)|8 +@amontalban|[@amontalban](https://github.com/amontalban)|7 +@puneetk|[@puneetk](https://github.com/puneetk)|7 +@TaiSHiNet|[@TaiSHiNet](https://github.com/TaiSHiNet)|6 +@EvaSDK|[@EvaSDK](https://github.com/EvaSDK)|6 +@cackovic|[@cackovic](https://github.com/cackovic)|5 +@auser|[@auser](https://github.com/auser)|5 +@stp-ip|[@stp-ip](https://github.com/stp-ip)|5 +@ahmadsherif|[@ahmadsherif](https://github.com/ahmadsherif)|4 +@n-rodriguez|[@n-rodriguez](https://github.com/n-rodriguez)|4 +@teepark|[@teepark](https://github.com/teepark)|4 +@alinefr|[@alinefr](https://github.com/alinefr)|3 +@devaos|[@devaos](https://github.com/devaos)|3 +@bmwiedemann|[@bmwiedemann](https://github.com/bmwiedemann)|3 +@dafyddj|[@dafyddj](https://github.com/dafyddj)|3 +@terminalmage|[@terminalmage](https://github.com/terminalmage)|3 +@imran1008|[@imran1008](https://github.com/imran1008)|3 +@morsik|[@morsik](https://github.com/morsik)|3 +@msciciel|[@msciciel](https://github.com/msciciel)|3 +@rfairburn|[@rfairburn](https://github.com/rfairburn)|3 +@westurner|[@westurner](https://github.com/westurner)|3 +@toanju|[@toanju](https://github.com/toanju)|3 +@chris-sanders|[@chris-sanders](https://github.com/chris-sanders)|2 +@UtahDave|[@UtahDave](https://github.com/UtahDave)|2 +@ghtyrant|[@ghtyrant](https://github.com/ghtyrant)|2 +@pprkut|[@pprkut](https://github.com/pprkut)|2 +@jstrunk|[@jstrunk](https://github.com/jstrunk)|2 +@johnkeates|[@johnkeates](https://github.com/johnkeates)|2 +@kmshultz|[@kmshultz](https://github.com/kmshultz)|2 +@malept|[@malept](https://github.com/malept)|2 +@meganlkm|[@meganlkm](https://github.com/meganlkm)|2 +@ErisDS|[@ErisDS](https://github.com/ErisDS)|2 +@myoung34|[@myoung34](https://github.com/myoung34)|2 +@sticky-note|[@sticky-note](https://github.com/sticky-note)|2 +@bebosudo|[@bebosudo](https://github.com/bebosudo)|1 +@aanriot|[@aanriot](https://github.com/aanriot)|1 +@andrew-vant|[@andrew-vant](https://github.com/andrew-vant)|1 +@bemosior|[@bemosior](https://github.com/bemosior)|1 +@SuperTux88|[@SuperTux88](https://github.com/SuperTux88)|1 +@bogdanr|[@bogdanr](https://github.com/bogdanr)|1 +@blbradley|[@blbradley](https://github.com/blbradley)|1 +@CorwinTanner|[@CorwinTanner](https://github.com/CorwinTanner)|1 +@fayetted|[@fayetted](https://github.com/fayetted)|1 +@baby-gnu|[@baby-gnu](https://github.com/baby-gnu)|1 +@czarneckid|[@czarneckid](https://github.com/czarneckid)|1 +@statik|[@statik](https://github.com/statik)|1 +@ekristen|[@ekristen](https://github.com/ekristen)|1 +@garrettw|[@garrettw](https://github.com/garrettw)|1 +@jeduardo|[@jeduardo](https://github.com/jeduardo)|1 +@stromnet|[@stromnet](https://github.com/stromnet)|1 +@bsdlp|[@bsdlp](https://github.com/bsdlp)|1 +@anderbubble|[@anderbubble](https://github.com/anderbubble)|1 +@MEschenbacher|[@MEschenbacher](https://github.com/MEschenbacher)|1 +@renich|[@renich](https://github.com/renich)|1 +@outime|[@outime](https://github.com/outime)|1 +@scub|[@scub](https://github.com/scub)|1 +@thatch45|[@thatch45](https://github.com/thatch45)|1 +@blarghmatey|[@blarghmatey](https://github.com/blarghmatey)|1 +@babilen|[@babilen](https://github.com/babilen)|1 +@abednarik|[@abednarik](https://github.com/abednarik)|1 +@francesco-a|[@francesco-a](https://github.com/francesco-a)|1 +@oboyle|[@oboyle](https://github.com/oboyle)|1 +@bersace|[@bersace](https://github.com/bersace)|1 --- -Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2021-01-04. +Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2022-03-02. diff --git a/CHANGELOG.md b/CHANGELOG.md index c1a27ac4..e3c2c5cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,204 @@ # Changelog +## [2.8.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.8.0...v2.8.1) (2022-03-02) + + +### Bug Fixes + +* **debian:** avoid adding repositories entries multiple times ([d1d3e55](https://github.com/saltstack-formulas/nginx-formula/commit/d1d3e552adf3bc17265ffcc1c27920d4b9a09c6d)), closes [/github.com/saltstack/salt/issues/59785#issuecomment-826590482](https://github.com//github.com/saltstack/salt/issues/59785/issues/issuecomment-826590482) + + +### Continuous Integration + +* update linters to latest versions [skip ci] ([512fe00](https://github.com/saltstack-formulas/nginx-formula/commit/512fe00a069f2fcabed119c36f9444c2a65e179c)) + + +### Tests + +* **repository:** use `system.platform[:codename]` [skip ci] ([0e51694](https://github.com/saltstack-formulas/nginx-formula/commit/0e51694c2a59b975be0fe4972c525b73f556a6db)) +* **system:** add `build_platform_codename` [skip ci] ([5f1a289](https://github.com/saltstack-formulas/nginx-formula/commit/5f1a289f11cdcbb2dac6021109cfc390068134d4)) + +# [2.8.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.5...v2.8.0) (2022-02-03) + + +### Code Refactoring + +* **pkgs:** readbility ([b76e8cc](https://github.com/saltstack-formulas/nginx-formula/commit/b76e8cc6640943d97bc778948555ae3f45a71552)) + + +### Continuous Integration + +* **kitchen+gitlab:** update for new pre-salted images [skip ci] ([7fcb960](https://github.com/saltstack-formulas/nginx-formula/commit/7fcb9608cd838469e7c1faf2126ea8d5673d0481)) + + +### Features + +* **debian:** use keyrings instead of key_ids ([037c13a](https://github.com/saltstack-formulas/nginx-formula/commit/037c13a674d9e2850a808bcb0fe8600e4ec8b177)) + + +### Reverts + +* **pkg:** use grains.osfinger in a format suitable for all platforms ([8fee9f0](https://github.com/saltstack-formulas/nginx-formula/commit/8fee9f05bd86c549a050a5b4c555fa0d532493d3)) + + +### Styles + +* **map.jinja:** remove empty line ([ae52641](https://github.com/saltstack-formulas/nginx-formula/commit/ae52641cfc87ad576f22f0675eff436ebccf3d34)) + + +### Tests + +* **repository:** favor `platform` over `os` ([c16ecf8](https://github.com/saltstack-formulas/nginx-formula/commit/c16ecf82f52b0236a8b54b5ad984c08902b79534)) + +## [2.7.5](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.4...v2.7.5) (2022-02-02) + + +### Bug Fixes + +* **snippets:** make sure they're deployed before being used ([9dfc1c1](https://github.com/saltstack-formulas/nginx-formula/commit/9dfc1c1b2f4a0cd17221b303c95af1d7a9aba781)) + + +### Continuous Integration + +* **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([6a42a9b](https://github.com/saltstack-formulas/nginx-formula/commit/6a42a9bdf84e764cb4b3313ad2b6d95688517dec)) +* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] ([860fabe](https://github.com/saltstack-formulas/nginx-formula/commit/860fabe327cfa9512152b0f278897311f35449bf)) +* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] ([1557473](https://github.com/saltstack-formulas/nginx-formula/commit/155747346c5b0fe7e1af5214734581e992832b45)) +* **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([a11da83](https://github.com/saltstack-formulas/nginx-formula/commit/a11da83d03fad1c50a93ba06c1c5af21f1c79e7a)) +* **gitlab-ci:** enable instance after upstream issue resolved [skip ci] ([79499e8](https://github.com/saltstack-formulas/nginx-formula/commit/79499e841be74162dd5ec869de267366b6048af1)) +* **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([6b65017](https://github.com/saltstack-formulas/nginx-formula/commit/6b650177aaa9800151f2e7f628551856f0c28c54)) +* **kitchen+ci:** update with `3004` pre-salted images/boxes [skip ci] ([30f87cc](https://github.com/saltstack-formulas/nginx-formula/commit/30f87cc84b2991c7f0ed1f0066f9241a3754e8df)) +* **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([70a1f31](https://github.com/saltstack-formulas/nginx-formula/commit/70a1f3135ccfde09f6016a46eee3fc55b2ca9840)) +* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([e041418](https://github.com/saltstack-formulas/nginx-formula/commit/e0414181a724076176cb37f6402f013f4e498109)) +* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] ([7deb74f](https://github.com/saltstack-formulas/nginx-formula/commit/7deb74fdbccad7e8590b9ddf7d0630e9a2ba56e1)) +* add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([fa8a5db](https://github.com/saltstack-formulas/nginx-formula/commit/fa8a5db5079b1e41eeac5d4ee25c06d976a24f3e)) +* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([d15f3de](https://github.com/saltstack-formulas/nginx-formula/commit/d15f3decb3fb1d8d1d04934c8d909913380d53f1)) + +## [2.7.4](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.3...v2.7.4) (2021-06-15) + + +### Bug Fixes + +* **servers:** include main config file watch in extend ([00387e7](https://github.com/saltstack-formulas/nginx-formula/commit/00387e7cbd90ceb5496df5cf9bce8f7dae25b056)) + +## [2.7.3](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.2...v2.7.3) (2021-06-14) + + +### Tests + +* **snippets:** add tests for snippets includes ([1c83b6d](https://github.com/saltstack-formulas/nginx-formula/commit/1c83b6d5fa93079476ca9e8baa1ccd9d44e5237f)), closes [#275](https://github.com/saltstack-formulas/nginx-formula/issues/275) [#274](https://github.com/saltstack-formulas/nginx-formula/issues/274) + +## [2.7.2](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.1...v2.7.2) (2021-06-14) + + +### Bug Fixes + +* **certificates:** ensure `openssl` installed before `cmd.run` ([0cd7c7b](https://github.com/saltstack-formulas/nginx-formula/commit/0cd7c7b20528ce9fbd4f8991a365415a3093546d)), closes [/gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819#L2830](https://github.com//gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819/issues/L2830) +* **snippets:** ignore servers or snippets when undefined ([6cb486d](https://github.com/saltstack-formulas/nginx-formula/commit/6cb486dbd290c91bbdbf00fd0061efaedbef4dea)), closes [#274](https://github.com/saltstack-formulas/nginx-formula/issues/274) + +## [2.7.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.0...v2.7.1) (2021-05-12) + + +### Bug Fixes + +* **servers:** wrong conditional specification ([494b2fb](https://github.com/saltstack-formulas/nginx-formula/commit/494b2fbea490fded02cecd4d3e3e0372476548fb)) + + +### Continuous Integration + +* add `arch-master` to matrix and update `.travis.yml` [skip ci] ([4697152](https://github.com/saltstack-formulas/nginx-formula/commit/46971528d7a7e23241564da146ee8d28b7d2eecc)) + +# [2.7.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.3...v2.7.0) (2021-04-28) + + +### Continuous Integration + +* **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([46faf4e](https://github.com/saltstack-formulas/nginx-formula/commit/46faf4e24b39f7d4fd138126dbe5eb6a06eb5b67)) +* **vagrant:** add FreeBSD 13.0 [skip ci] ([b41062e](https://github.com/saltstack-formulas/nginx-formula/commit/b41062e3b19c4c109198bd95c53158d871bbff85)) +* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] ([b9e9cd3](https://github.com/saltstack-formulas/nginx-formula/commit/b9e9cd38e6d29b7eb4cd8ae74a1bdf901959dee3)) + + +### Documentation + +* **readme:** add `Testing with Vagrant` section [skip ci] ([5727848](https://github.com/saltstack-formulas/nginx-formula/commit/57278481de489441a5c04aee544962212e91c5af)) + + +### Features + +* **servers_config:** add require statement to manage dependencies ([622d22f](https://github.com/saltstack-formulas/nginx-formula/commit/622d22f9711085aeca19f3907e22e87c6b21b8d0)) + + +### Tests + +* **requires:** verify dependencies in vhosts ([6478143](https://github.com/saltstack-formulas/nginx-formula/commit/64781431b9187d392f56ce5461c3b1a9c2944f90)) + +## [2.6.3](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.2...v2.6.3) (2021-04-03) + + +### Bug Fixes + +* **freebsd:** add `openssl` pkg and update all `default` tests ([4cd351a](https://github.com/saltstack-formulas/nginx-formula/commit/4cd351adbc184b938b0d0cf587419bab5b39a7d3)) + + +### Continuous Integration + +* enable Vagrant-based testing using GitHub Actions ([c79ce9a](https://github.com/saltstack-formulas/nginx-formula/commit/c79ce9a9ae30e889ab925bb0398008b434bc9b0a)) + +## [2.6.2](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.1...v2.6.2) (2021-03-30) + + +### Bug Fixes + +* **servers_config:** fixup 05994e1 ([c03729a](https://github.com/saltstack-formulas/nginx-formula/commit/c03729ae326876a20cb22c346f9d4cd96418af9a)) + +## [2.6.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.0...v2.6.1) (2021-03-29) + + +### Bug Fixes + +* **servers_config:** remove service depedency ([05994e1](https://github.com/saltstack-formulas/nginx-formula/commit/05994e1b174ccdf3ff4a444f81314ad925fa478d)) + + +### Code Refactoring + +* **servers_config:** remove unused loop ([3825557](https://github.com/saltstack-formulas/nginx-formula/commit/3825557070a18db4828cc634dd036a428f8a9836)) + + +### Continuous Integration + +* **kitchen+ci:** include `passenger` suite [skip ci] ([0bbe686](https://github.com/saltstack-formulas/nginx-formula/commit/0bbe68619fdf3791e6202ce3f17ca03efc4441c1)) + + +### Tests + +* standardise use of `share` suite & `_mapdata` state [skip ci] ([8ea3c82](https://github.com/saltstack-formulas/nginx-formula/commit/8ea3c82be3fccb2bad8bac566f210454549d141e)) + +# [2.6.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.5.0...v2.6.0) (2021-03-11) + + +### Bug Fixes + +* **passenger:** various fixes ([7271c9d](https://github.com/saltstack-formulas/nginx-formula/commit/7271c9d16c8218244ae5ef0b188b7f9f4a414074)) +* **pkg:** add inline EPEL repo configuration for Amazon Linux 2 ([ae6375c](https://github.com/saltstack-formulas/nginx-formula/commit/ae6375ccccd56a506ee28babbeabf351112a06de)) + + +### Continuous Integration + +* **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([123d13e](https://github.com/saltstack-formulas/nginx-formula/commit/123d13e2f483c203cbfc1366b36a30e1732603e1)) +* **kitchen+ci:** make rubocop happy [skip ci] ([eedfc56](https://github.com/saltstack-formulas/nginx-formula/commit/eedfc56b41b673e196029274048670e89e55a694)) +* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([63d32a4](https://github.com/saltstack-formulas/nginx-formula/commit/63d32a40b13ca2c77bb83cceba620218617aab6a)) +* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([b4411c6](https://github.com/saltstack-formulas/nginx-formula/commit/b4411c61d3352ecb9775197f991f5f33996730dc)) +* **pre-commit:** update hook for `rubocop` [skip ci] ([2a23743](https://github.com/saltstack-formulas/nginx-formula/commit/2a23743fca8fd54b2a18dc2a07d0daa8142c0289)) + + +### Features + +* **config:** validate config before applying ([b396b24](https://github.com/saltstack-formulas/nginx-formula/commit/b396b24fe456de7001b2cc013814ada189351e6f)) + + +### Tests + +* **config:** fix for Amazon Linux 2 & Oracle Linux 7/8 ([ab39c8f](https://github.com/saltstack-formulas/nginx-formula/commit/ab39c8f7c3c9bf5dbd4436cad8ccce21263fe646)) + # [2.5.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.4.1...v2.5.0) (2021-01-04) diff --git a/CODEOWNERS b/CODEOWNERS index 05c8e5d3..a3076444 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -15,10 +15,14 @@ /docs/AUTHORS.rst @saltstack-formulas/ssf /docs/CHANGELOG.rst @saltstack-formulas/ssf /docs/TOFS_pattern.rst @saltstack-formulas/ssf +/*/_mapdata/ @saltstack-formulas/ssf /*/libsaltcli.jinja @saltstack-formulas/ssf /*/libtofs.jinja @saltstack-formulas/ssf +/test/integration/**/_mapdata.rb @saltstack-formulas/ssf +/test/integration/**/libraries/system.rb @saltstack-formulas/ssf /test/integration/**/inspec.yml @saltstack-formulas/ssf /test/integration/**/README.md @saltstack-formulas/ssf +/test/salt/pillar/top.sls @saltstack-formulas/ssf /.gitignore @saltstack-formulas/ssf /.cirrus.yml @saltstack-formulas/ssf /.gitlab-ci.yml @saltstack-formulas/ssf @@ -36,6 +40,8 @@ /Gemfile @saltstack-formulas/ssf /Gemfile.lock @saltstack-formulas/ssf /kitchen.yml @saltstack-formulas/ssf +/kitchen.vagrant.yml @saltstack-formulas/ssf +/kitchen.windows.yml @saltstack-formulas/ssf /pre-commit_semantic-release.sh @saltstack-formulas/ssf /release-rules.js @saltstack-formulas/ssf /release.config.js @saltstack-formulas/ssf diff --git a/FORMULA b/FORMULA index 0dc428b8..f10cee26 100644 --- a/FORMULA +++ b/FORMULA @@ -1,7 +1,7 @@ name: nginx os: Debian, Ubuntu, RedHat, Fedora, CentOS, Suse, openSUSE os_family: Debian, RedHat, Suse -version: 2.5.0 +version: 2.8.1 release: 1 minimum_version: 2017.3 summary: nginx formula diff --git a/Gemfile b/Gemfile index 82c4a312..8020f666 100644 --- a/Gemfile +++ b/Gemfile @@ -1,12 +1,23 @@ # frozen_string_literal: true -source 'https://rubygems.org' - -# Use the latest version of `inspec` prior to `4.23.4`, which introduces a -# regression where the diff isn't displayed when comparing using `eq`. -gem 'inspec', '~> 4.22.22' -# Install the `kitchen-docker` gem from GitHub because the latest version -# currently available (`2.10.0`) doesn't include a recent fix for Gentoo. -gem 'kitchen-docker', github: 'test-kitchen/kitchen-docker', ref: '41e80fe' -gem 'kitchen-inspec', '>= 2.2.1' -gem 'kitchen-salt', '>= 0.6.3' +source ENV['PROXY_RUBYGEMSORG'] || 'https://rubygems.org' + +# Install the `inspec` gem using `git` because versions after `4.22.22` +# suppress diff output; this version fixes this for our uses. +# rubocop:disable Layout/LineLength +gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf' +# rubocop:enable Layout/LineLength + +# Install the `kitchen-docker` gem using `git` in order to gain a performance +# improvement: avoid package installations which are already covered by the +# `salt-image-builder` (i.e. the pre-salted images that we're using) +# rubocop:disable Layout/LineLength +gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf' +# rubocop:enable Layout/LineLength + +gem 'kitchen-inspec', '>= 2.5.0' +gem 'kitchen-salt', '>= 0.7.2' + +group :vagrant do + gem 'kitchen-vagrant' +end diff --git a/Gemfile.lock b/Gemfile.lock index 19bf26d4..b6702420 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,321 +1,420 @@ GIT - remote: https://github.com/test-kitchen/kitchen-docker.git - revision: 41e80fed3a7cc86323e19c16a5a340cebf7e5848 - ref: 41e80fe + remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec + revision: 1821d2dfd3365e8f05b8439845c58fa4d069806b + branch: ssf specs: - kitchen-docker (2.10.0) + inspec (5.12.2) + cookstyle + faraday_middleware (>= 0.12.2, < 1.1) + inspec-core (= 5.12.2) + mongo (= 2.13.2) + progress_bar (~> 1.3.3) + rake + train (~> 3.0) + train-aws (~> 0.2) + train-habitat (~> 0.1) + train-winrm (~> 0.2) + inspec-core (5.12.2) + addressable (~> 2.4) + chef-telemetry (~> 1.0, >= 1.0.8) + faraday (>= 0.9.0, < 1.5) + faraday_middleware (~> 1.0) + hashie (>= 3.4, < 5.0) + license-acceptance (>= 0.2.13, < 3.0) + method_source (>= 0.8, < 2.0) + mixlib-log (~> 3.0) + multipart-post (~> 2.0) + parallel (~> 1.9) + parslet (>= 1.5, < 2.0) + pry (~> 0.13) + rspec (>= 3.9, <= 3.11) + rspec-its (~> 1.2) + rubyzip (>= 1.2.2, < 3.0) + semverse (~> 3.0) + sslshake (~> 1.2) + thor (>= 0.20, < 2.0) + tomlrb (>= 1.2, < 2.1) + train-core (~> 3.0) + tty-prompt (~> 0.17) + tty-table (~> 0.10) + +GIT + remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker + revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82 + branch: ssf + specs: + kitchen-docker (2.12.0) test-kitchen (>= 1.0.0) GEM remote: https://rubygems.org/ specs: - activesupport (5.2.4.4) + activesupport (7.0.2.3) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - addressable (2.7.0) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) - aws-eventstream (1.1.0) - aws-partitions (1.386.0) - aws-sdk-apigateway (1.55.0) - aws-sdk-core (~> 3, >= 3.109.0) + ast (2.4.2) + aws-eventstream (1.2.0) + aws-partitions (1.577.0) + aws-sdk-alexaforbusiness (1.56.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-amplify (1.32.0) + aws-sdk-core (~> 3, >= 3.120.0) + aws-sigv4 (~> 1.1) + aws-sdk-apigateway (1.76.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-apigatewayv2 (1.42.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-applicationautoscaling (1.51.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-athena (1.53.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-apigatewayv2 (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-autoscaling (1.63.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-athena (1.33.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-batch (1.47.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-autoscaling (1.22.0) - aws-sdk-core (~> 3, >= 3.52.1) + aws-sdk-budgets (1.49.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-budgets (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudformation (1.68.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudformation (1.44.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudfront (1.63.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudfront (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudhsm (1.39.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudhsm (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudhsmv2 (1.42.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudhsmv2 (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudtrail (1.48.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudtrail (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatch (1.64.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatch (1.45.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatchevents (1.46.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatchlogs (1.38.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cloudwatchlogs (1.52.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-codecommit (1.40.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codecommit (1.51.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-codedeploy (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codedeploy (1.49.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-codepipeline (1.37.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-codepipeline (1.53.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-configservice (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-cognitoidentity (1.31.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.109.1) + aws-sdk-cognitoidentityprovider (1.53.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-configservice (1.77.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-core (3.130.1) aws-eventstream (~> 1, >= 1.0.2) - aws-partitions (~> 1, >= 1.239.0) + aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-costandusagereportservice (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-costandusagereportservice (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-databasemigrationservice (1.53.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-dynamodb (1.74.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ec2 (1.307.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecr (1.56.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecrpublic (1.12.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecs (1.99.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-dynamodb (1.55.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-efs (1.54.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-ec2 (1.202.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-eks (1.74.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-ecr (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticache (1.76.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-ecs (1.70.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticbeanstalk (1.51.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-efs (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticloadbalancing (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-eks (1.45.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticloadbalancingv2 (1.77.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-elasticache (1.44.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-elasticsearchservice (1.65.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-elasticbeanstalk (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-emr (1.53.0) + aws-sdk-core (~> 3, >= 3.121.2) aws-sigv4 (~> 1.1) - aws-sdk-elasticloadbalancing (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-eventbridge (1.24.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-elasticloadbalancingv2 (1.53.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-firehose (1.48.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-elasticsearchservice (1.43.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-glue (1.88.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-firehose (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-guardduty (1.56.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-guardduty (1.42.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-iam (1.68.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.46.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kafka (1.49.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-kafka (1.29.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kinesis (1.41.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-kinesis (1.30.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-kms (1.55.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.39.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-lambda (1.83.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-lambda (1.51.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-mq (1.40.0) + aws-sdk-core (~> 3, >= 3.120.0) aws-sigv4 (~> 1.1) - aws-sdk-organizations (1.17.0) - aws-sdk-core (~> 3, >= 3.39.0) - aws-sigv4 (~> 1.0) - aws-sdk-rds (1.104.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-networkfirewall (1.15.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-redshift (1.50.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-networkmanager (1.22.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-route53 (1.44.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-organizations (1.59.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-route53domains (1.28.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ram (1.26.0) + aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-route53resolver (1.21.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-rds (1.143.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.83.1) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-redshift (1.80.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53 (1.62.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53domains (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53resolver (1.37.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.113.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.4) + aws-sdk-s3control (1.43.0) + aws-sdk-core (~> 3, >= 3.122.0) + aws-sigv4 (~> 1.1) + aws-sdk-secretsmanager (1.46.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-securityhub (1.63.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-servicecatalog (1.60.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-ses (1.41.0) + aws-sdk-core (~> 3, >= 3.120.0) aws-sigv4 (~> 1.1) - aws-sdk-securityhub (1.35.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-shield (1.48.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-ses (1.36.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-signer (1.32.0) + aws-sdk-core (~> 3, >= 3.120.0) aws-sigv4 (~> 1.1) - aws-sdk-sms (1.27.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-simpledb (1.29.0) + aws-sdk-core (~> 3, >= 3.120.0) + aws-sigv2 (~> 1.0) + aws-sdk-sms (1.40.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-sns (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sns (1.53.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-sqs (1.34.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-sqs (1.51.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-ssm (1.95.0) - aws-sdk-core (~> 3, >= 3.109.0) + aws-sdk-ssm (1.134.0) + aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.2) + aws-sdk-states (1.39.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-synthetics (1.19.0) + aws-sdk-core (~> 3, >= 3.121.2) + aws-sigv4 (~> 1.1) + aws-sdk-transfer (1.34.0) + aws-sdk-core (~> 3, >= 3.112.0) + aws-sigv4 (~> 1.1) + aws-sdk-waf (1.43.0) + aws-sdk-core (~> 3, >= 3.122.0) + aws-sigv4 (~> 1.1) + aws-sigv2 (1.1.0) + aws-sigv4 (1.4.0) aws-eventstream (~> 1, >= 1.0.2) azure_graph_rbac (0.17.2) ms_rest_azure (~> 0.12.0) - azure_mgmt_key_vault (0.17.6) + azure_mgmt_key_vault (0.17.7) ms_rest_azure (~> 0.12.0) - azure_mgmt_resources (0.18.0) + azure_mgmt_resources (0.18.2) ms_rest_azure (~> 0.12.0) - azure_mgmt_security (0.18.2) + azure_mgmt_security (0.19.0) ms_rest_azure (~> 0.12.0) - azure_mgmt_storage (0.22.0) + azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) - bcrypt_pbkdf (1.0.1) + bcrypt_pbkdf (1.1.0) + bson (4.14.1) builder (3.2.4) - chef-config (16.6.14) + chef-config (17.10.0) addressable - chef-utils (= 16.6.14) + chef-utils (= 17.10.0) fuzzyurl mixlib-config (>= 2.2.12, < 4.0) mixlib-shellout (>= 2.0, < 4.0) tomlrb (~> 1.2) - chef-telemetry (1.0.14) + chef-telemetry (1.1.1) chef-config concurrent-ruby (~> 1.0) - ffi-yajl (~> 2.2) - chef-utils (16.6.14) + chef-utils (17.10.0) + concurrent-ruby coderay (1.1.3) - concurrent-ruby (1.1.7) + concurrent-ruby (1.1.10) + cookstyle (7.32.1) + rubocop (= 1.25.1) declarative (0.0.20) - declarative-option (0.1.0) - diff-lcs (1.4.4) - docker-api (2.0.0) + diff-lcs (1.5.0) + docker-api (2.2.0) excon (>= 0.47.0) multi_json domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - ecma-re-validator (0.2.1) - regexp_parser (~> 1.2) - ed25519 (1.2.4) - erubi (1.9.0) - excon (0.78.0) - faraday (0.17.3) + ed25519 (1.3.0) + erubi (1.10.0) + excon (0.92.2) + faraday (1.4.3) + faraday-em_http (~> 1.0) + faraday-em_synchrony (~> 1.0) + faraday-excon (~> 1.1) + faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.1) multipart-post (>= 1.2, < 3) + ruby2_keywords (>= 0.0.4) faraday-cookie_jar (0.0.7) faraday (>= 0.8.0) http-cookie (~> 1.0.0) - faraday_middleware (0.12.2) - faraday (>= 0.7.4, < 1.0) - ffi (1.13.1) - ffi-yajl (2.3.4) - libyajl2 (~> 1.2) + faraday-em_http (1.0.0) + faraday-em_synchrony (1.0.0) + faraday-excon (1.1.0) + faraday-net_http (1.0.1) + faraday-net_http_persistent (1.2.0) + faraday_middleware (1.0.0) + faraday (~> 1.0) + ffi (1.15.5) fuzzyurl (0.9.0) - google-api-client (0.44.0) + google-api-client (0.52.0) addressable (~> 2.5, >= 2.5.1) googleauth (~> 0.9) httpclient (>= 2.8.1, < 3.0) mini_mime (~> 1.0) representable (~> 3.0) retriable (>= 2.0, < 4.0) + rexml signet (~> 0.12) - googleauth (0.13.0) + googleauth (0.14.0) faraday (>= 0.17.3, < 2.0) jwt (>= 1.4, < 3.0) memoist (~> 0.16) multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (~> 0.14) - gssapi (1.3.0) + gssapi (1.3.1) ffi (>= 1.0.1) - gyoku (1.3.1) + gyoku (1.4.0) builder (>= 2.1.2) - hana (1.3.6) - hashie (3.6.0) - http-cookie (1.0.3) + rexml (~> 3.0) + hashie (4.1.0) + highline (2.0.3) + http-cookie (1.0.4) domain_name (~> 0.5) httpclient (2.8.3) - i18n (1.8.5) + i18n (1.10.0) concurrent-ruby (~> 1.0) inifile (3.0.0) - inspec (4.22.22) - faraday_middleware (~> 0.12.2) - inspec-core (= 4.22.22) - train (~> 3.0) - train-aws (~> 0.1) - train-habitat (~> 0.1) - train-winrm (~> 0.2) - inspec-core (4.22.22) - addressable (~> 2.4) - chef-telemetry (~> 1.0) - faraday (>= 0.9.0) - hashie (~> 3.4) - json_schemer (>= 0.2.1, < 0.2.12) - license-acceptance (>= 0.2.13, < 2.0) - method_source (>= 0.8, < 2.0) - mixlib-log (~> 3.0) - multipart-post (~> 2.0) - parallel (~> 1.9) - parslet (~> 1.5) - pry (~> 0.13) - rspec (~> 3.9) - rspec-its (~> 1.2) - rubyzip (~> 1.2, >= 1.2.2) - semverse (~> 3.0) - sslshake (~> 1.2) - thor (>= 0.20, < 2.0) - tomlrb (~> 1.2.0) - train-core (~> 3.0) - tty-prompt (~> 0.17) - tty-table (~> 0.10) - jmespath (1.4.0) - json (2.3.1) - json_schemer (0.2.11) - ecma-re-validator (~> 0.2) - hana (~> 1.3) - regexp_parser (~> 1.5) - uri_template (~> 0.7) - jwt (2.2.2) - kitchen-inspec (2.2.1) - hashie (~> 3.4) - inspec (>= 2.2.64, < 5.0) - test-kitchen (>= 2.7, < 3) - kitchen-salt (0.6.3) + jmespath (1.6.1) + json (2.6.1) + jwt (2.3.0) + kitchen-inspec (2.5.2) + hashie (>= 3.4, <= 5.0) + inspec (>= 2.2.64, < 6.0) + test-kitchen (>= 2.7, < 4) + kitchen-salt (0.7.2) hashie (>= 3.5) test-kitchen (>= 1.4) - libyajl2 (1.2.0) - license-acceptance (1.0.19) + kitchen-vagrant (1.11.0) + test-kitchen (>= 1.4, < 4) + license-acceptance (2.1.13) pastel (~> 0.7) - tomlrb (~> 1.2) - tty-box (~> 0.3) - tty-prompt (~> 0.18) + tomlrb (>= 1.2, < 3.0) + tty-box (~> 0.6) + tty-prompt (~> 0.20) little-plugger (1.1.4) logging (2.3.0) little-plugger (~> 1.1) multi_json (~> 1.14) memoist (0.16.2) method_source (1.0.0) - mini_mime (1.0.2) - minitest (5.14.2) + mini_mime (1.1.2) + minitest (5.15.0) mixlib-config (3.0.9) tomlrb - mixlib-install (3.12.3) + mixlib-install (3.12.16) mixlib-shellout mixlib-versioning thor mixlib-log (3.0.9) - mixlib-shellout (3.1.6) + mixlib-shellout (3.2.7) chef-utils mixlib-versioning (1.2.12) + mongo (2.13.2) + bson (>= 4.8.2, < 5.0.0) ms_rest (0.7.6) concurrent-ruby (~> 1.0) faraday (>= 0.9, < 2.0.0) @@ -333,53 +432,76 @@ GEM net-ssh-gateway (2.0.0) net-ssh (>= 4.0.0) nori (2.6.0) - os (1.1.1) - parallel (1.19.2) + options (2.3.2) + os (1.1.4) + parallel (1.22.1) + parser (3.1.2.0) + ast (~> 2.4.1) parslet (1.8.2) pastel (0.8.0) tty-color (~> 0.5) - pry (0.13.1) + progress_bar (1.3.3) + highline (>= 1.6, < 3) + options (~> 2.3.0) + pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (4.0.6) - regexp_parser (1.8.2) - representable (3.0.4) + public_suffix (4.0.7) + rainbow (3.1.1) + rake (13.0.6) + regexp_parser (2.3.0) + representable (3.1.1) declarative (< 0.1.0) - declarative-option (< 0.2.0) + trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) retriable (3.1.2) - rspec (3.9.0) - rspec-core (~> 3.9.0) - rspec-expectations (~> 3.9.0) - rspec-mocks (~> 3.9.0) - rspec-core (3.9.3) - rspec-support (~> 3.9.3) - rspec-expectations (3.9.3) + rexml (3.2.5) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) + rspec-support (~> 3.11.0) rspec-its (1.3.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.9.1) + rspec-mocks (3.11.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.9.0) - rspec-support (3.9.4) - rubyntlm (0.6.2) - rubyzip (1.3.0) + rspec-support (~> 3.11.0) + rspec-support (3.11.0) + rubocop (1.25.1) + parallel (~> 1.10) + parser (>= 3.1.0.0) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml + rubocop-ast (>= 1.15.1, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 3.0) + rubocop-ast (1.17.0) + parser (>= 3.1.1.0) + ruby-progressbar (1.11.0) + ruby2_keywords (0.0.5) + rubyntlm (0.6.3) + rubyzip (2.3.2) semverse (3.0.0) - signet (0.14.0) - addressable (~> 2.3) - faraday (>= 0.17.3, < 2.0) + signet (0.16.1) + addressable (~> 2.8) + faraday (>= 0.17.5, < 3.0) jwt (>= 1.5, < 3.0) multi_json (~> 1.10) sslshake (1.3.1) - strings (0.2.0) + strings (0.2.1) strings-ansi (~> 0.2) - unicode-display_width (~> 1.5) + unicode-display_width (>= 1.5, < 3.0) unicode_utils (~> 1.4) strings-ansi (0.2.0) - test-kitchen (2.7.2) + test-kitchen (3.2.2) bcrypt_pbkdf (~> 1.0) + chef-utils (>= 16.4.35) ed25519 (~> 1.2) license-acceptance (>= 1.0.11, < 3.0) mixlib-install (~> 3.6) @@ -391,28 +513,32 @@ GEM winrm (~> 2.0) winrm-elevated (~> 1.0) winrm-fs (~> 1.1) - thor (1.0.1) - thread_safe (0.3.6) + thor (1.2.1) timeliness (0.3.10) - tomlrb (1.2.9) - train (3.3.27) - activesupport (>= 5.2.4.3, < 6.0.0) + tomlrb (1.3.0) + trailblazer-option (0.1.2) + train (3.9.2) + activesupport (>= 6.0.3.1) azure_graph_rbac (~> 0.16) azure_mgmt_key_vault (~> 0.17) azure_mgmt_resources (~> 0.15) azure_mgmt_security (~> 0.18) azure_mgmt_storage (~> 0.18) docker-api (>= 1.26, < 3.0) - google-api-client (>= 0.23.9, < 0.44.1) - googleauth (>= 0.6.6, < 0.13.1) + google-api-client (>= 0.23.9, <= 0.52.0) + googleauth (>= 0.6.6, <= 0.14.0) inifile (~> 3.0) - train-core (= 3.3.27) + train-core (= 3.9.2) train-winrm (~> 0.2) - train-aws (0.1.18) + train-aws (0.2.24) + aws-sdk-alexaforbusiness (~> 1.0) + aws-sdk-amplify (~> 1.32.0) aws-sdk-apigateway (~> 1.0) aws-sdk-apigatewayv2 (~> 1.0) + aws-sdk-applicationautoscaling (>= 1.46, < 1.52) aws-sdk-athena (~> 1.0) - aws-sdk-autoscaling (~> 1.22.0) + aws-sdk-autoscaling (>= 1.22, < 1.64) + aws-sdk-batch (>= 1.36, < 1.48) aws-sdk-budgets (~> 1.0) aws-sdk-cloudformation (~> 1.0) aws-sdk-cloudfront (~> 1.0) @@ -420,16 +546,21 @@ GEM aws-sdk-cloudhsmv2 (~> 1.0) aws-sdk-cloudtrail (~> 1.8) aws-sdk-cloudwatch (~> 1.13) + aws-sdk-cloudwatchevents (>= 1.36, < 1.47) aws-sdk-cloudwatchlogs (~> 1.13) aws-sdk-codecommit (~> 1.0) aws-sdk-codedeploy (~> 1.0) aws-sdk-codepipeline (~> 1.0) + aws-sdk-cognitoidentity (>= 1.26, < 1.32) + aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54) aws-sdk-configservice (~> 1.21) aws-sdk-core (~> 3.0) aws-sdk-costandusagereportservice (~> 1.6) + aws-sdk-databasemigrationservice (>= 1.42, < 1.54) aws-sdk-dynamodb (~> 1.31) aws-sdk-ec2 (~> 1.70) aws-sdk-ecr (~> 1.18) + aws-sdk-ecrpublic (~> 1.3) aws-sdk-ecs (~> 1.30) aws-sdk-efs (~> 1.0) aws-sdk-eks (~> 1.9) @@ -438,48 +569,65 @@ GEM aws-sdk-elasticloadbalancing (~> 1.8) aws-sdk-elasticloadbalancingv2 (~> 1.0) aws-sdk-elasticsearchservice (~> 1.0) + aws-sdk-emr (~> 1.53.0) + aws-sdk-eventbridge (~> 1.24.0) aws-sdk-firehose (~> 1.0) + aws-sdk-glue (>= 1.71, < 1.89) aws-sdk-guardduty (~> 1.31) aws-sdk-iam (~> 1.13) aws-sdk-kafka (~> 1.0) aws-sdk-kinesis (~> 1.0) aws-sdk-kms (~> 1.13) aws-sdk-lambda (~> 1.0) - aws-sdk-organizations (~> 1.17.0) + aws-sdk-mq (~> 1.40.0) + aws-sdk-networkfirewall (>= 1.6.0) + aws-sdk-networkmanager (>= 1.13.0) + aws-sdk-organizations (>= 1.17, < 1.60) + aws-sdk-ram (>= 1.21, < 1.27) aws-sdk-rds (~> 1.43) aws-sdk-redshift (~> 1.0) aws-sdk-route53 (~> 1.0) aws-sdk-route53domains (~> 1.0) aws-sdk-route53resolver (~> 1.0) aws-sdk-s3 (~> 1.30) + aws-sdk-s3control (~> 1.43.0) + aws-sdk-secretsmanager (>= 1.42, < 1.47) aws-sdk-securityhub (~> 1.0) - aws-sdk-ses (~> 1.0) + aws-sdk-servicecatalog (>= 1.48, < 1.61) + aws-sdk-ses (~> 1.41.0) + aws-sdk-shield (~> 1.30) + aws-sdk-signer (~> 1.32.0) + aws-sdk-simpledb (~> 1.29.0) aws-sdk-sms (~> 1.0) aws-sdk-sns (~> 1.9) aws-sdk-sqs (~> 1.10) aws-sdk-ssm (~> 1.0) - train-core (3.3.27) + aws-sdk-states (>= 1.35, < 1.40) + aws-sdk-synthetics (~> 1.19.0) + aws-sdk-transfer (>= 1.26, < 1.35) + aws-sdk-waf (~> 1.43.0) + train-core (3.9.2) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) mixlib-shellout (>= 2.0, < 4.0) net-scp (>= 1.2, < 4.0) net-ssh (>= 2.9, < 7.0) - train-habitat (0.2.13) - train-winrm (0.2.11) - winrm (~> 2.0) + train-habitat (0.2.22) + train-winrm (0.2.13) + winrm (>= 2.3.6, < 3.0) winrm-elevated (~> 1.2.2) winrm-fs (~> 1.0) - tty-box (0.6.0) + tty-box (0.7.0) pastel (~> 0.8) strings (~> 0.2.0) tty-cursor (~> 0.7) - tty-color (0.5.2) + tty-color (0.6.0) tty-cursor (0.7.1) - tty-prompt (0.22.0) + tty-prompt (0.23.1) pastel (~> 0.8) tty-reader (~> 0.8) - tty-reader (0.8.0) + tty-reader (0.9.0) tty-cursor (~> 0.7) tty-screen (~> 0.8) wisper (~> 2.0) @@ -488,16 +636,15 @@ GEM pastel (~> 0.8) strings (~> 0.2.0) tty-screen (~> 0.8) - tzinfo (1.2.7) - thread_safe (~> 0.1) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) uber (0.1.0) unf (0.1.4) unf_ext - unf_ext (0.0.7.7) - unicode-display_width (1.7.0) + unf_ext (0.0.8.1) + unicode-display_width (2.1.0) unicode_utils (1.4.0) - uri_template (0.7.0) - winrm (2.3.5) + winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) gssapi (~> 1.2) @@ -505,15 +652,15 @@ GEM httpclient (~> 2.2, >= 2.2.0.2) logging (>= 1.6.1, < 3.0) nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.2.2) + rubyntlm (~> 0.6.0, >= 0.6.3) + winrm-elevated (1.2.3) erubi (~> 1.8) winrm (~> 2.0) winrm-fs (~> 1.0) - winrm-fs (1.3.3) + winrm-fs (1.3.5) erubi (~> 1.8) logging (>= 1.6.1, < 3.0) - rubyzip (~> 1.1) + rubyzip (~> 2.0) winrm (~> 2.0) wisper (2.0.1) @@ -521,10 +668,11 @@ PLATFORMS ruby DEPENDENCIES - inspec (~> 4.22.22) + inspec! kitchen-docker! - kitchen-inspec (>= 2.2.1) - kitchen-salt (>= 0.6.3) + kitchen-inspec (>= 2.5.0) + kitchen-salt (>= 0.7.2) + kitchen-vagrant BUNDLED WITH 2.1.2 diff --git a/docs/AUTHORS.rst b/docs/AUTHORS.rst index 57a4015b..230b1f22 100644 --- a/docs/AUTHORS.rst +++ b/docs/AUTHORS.rst @@ -13,224 +13,233 @@ This list is sorted by the number of commits per contributor in *descending* ord * - Avatar - Contributor - Contributions - * - :raw-html-m2r:`@myii` + * - :raw-html-m2r:`@myii` - `@myii `_ - - 82 - * - :raw-html-m2r:`@aboe76` + - 155 + * - :raw-html-m2r:`@aboe76` - `@aboe76 `_ - 46 - * - :raw-html-m2r:`@gravyboat` + * - :raw-html-m2r:`@javierbertoli` + - `@javierbertoli `_ + - 29 + * - :raw-html-m2r:`@gravyboat` - `@gravyboat `_ - 27 - * - :raw-html-m2r:`@nmadhok` + * - :raw-html-m2r:`@nmadhok` - `@nmadhok `_ - 24 - * - :raw-html-m2r:`@noelmcloughlin` + * - :raw-html-m2r:`@noelmcloughlin` - `@noelmcloughlin `_ - - 18 - * - :raw-html-m2r:`@whiteinge` + - 19 + * - :raw-html-m2r:`@whiteinge` - `@whiteinge `_ - 17 - * - :raw-html-m2r:`@ross-p` + * - :raw-html-m2r:`@ross-p` - `@ross-p `_ - 13 - * - :raw-html-m2r:`@daks` + * - :raw-html-m2r:`@daks` - `@daks `_ - 11 - * - :raw-html-m2r:`@techhat` + * - :raw-html-m2r:`@techhat` - `@techhat `_ - 10 - * - :raw-html-m2r:`@javierbertoli` - - `@javierbertoli `_ - - 9 - * - :raw-html-m2r:`@arthurlogilab` + * - :raw-html-m2r:`@arthurlogilab` - `@arthurlogilab `_ - 8 - * - :raw-html-m2r:`@cheuschober` + * - :raw-html-m2r:`@cheuschober` - `@cheuschober `_ - 8 - * - :raw-html-m2r:`@dseira` + * - :raw-html-m2r:`@dseira` - `@dseira `_ - 8 - * - :raw-html-m2r:`@amontalban` + * - :raw-html-m2r:`@amontalban` - `@amontalban `_ - 7 - * - :raw-html-m2r:`@puneetk` + * - :raw-html-m2r:`@puneetk` - `@puneetk `_ - 7 - * - :raw-html-m2r:`@TaiSHiNet` + * - :raw-html-m2r:`@TaiSHiNet` - `@TaiSHiNet `_ - 6 - * - :raw-html-m2r:`@EvaSDK` + * - :raw-html-m2r:`@EvaSDK` - `@EvaSDK `_ - 6 - * - :raw-html-m2r:`@cackovic` + * - :raw-html-m2r:`@cackovic` - `@cackovic `_ - 5 - * - :raw-html-m2r:`@auser` + * - :raw-html-m2r:`@auser` - `@auser `_ - 5 - * - :raw-html-m2r:`@stp-ip` + * - :raw-html-m2r:`@stp-ip` - `@stp-ip `_ - 5 - * - :raw-html-m2r:`@ahmadsherif` + * - :raw-html-m2r:`@ahmadsherif` - `@ahmadsherif `_ - 4 - * - :raw-html-m2r:`@n-rodriguez` + * - :raw-html-m2r:`@n-rodriguez` - `@n-rodriguez `_ - 4 - * - :raw-html-m2r:`@teepark` + * - :raw-html-m2r:`@teepark` - `@teepark `_ - 4 - * - :raw-html-m2r:`@alinefr` + * - :raw-html-m2r:`@alinefr` - `@alinefr `_ - 3 - * - :raw-html-m2r:`@devaos` + * - :raw-html-m2r:`@devaos` - `@devaos `_ - 3 - * - :raw-html-m2r:`@bmwiedemann` + * - :raw-html-m2r:`@bmwiedemann` - `@bmwiedemann `_ - 3 - * - :raw-html-m2r:`@terminalmage` + * - :raw-html-m2r:`@dafyddj` + - `@dafyddj `_ + - 3 + * - :raw-html-m2r:`@terminalmage` - `@terminalmage `_ - 3 - * - :raw-html-m2r:`@imran1008` + * - :raw-html-m2r:`@imran1008` - `@imran1008 `_ - 3 - * - :raw-html-m2r:`@morsik` + * - :raw-html-m2r:`@morsik` - `@morsik `_ - 3 - * - :raw-html-m2r:`@msciciel` + * - :raw-html-m2r:`@msciciel` - `@msciciel `_ - 3 - * - :raw-html-m2r:`@rfairburn` + * - :raw-html-m2r:`@rfairburn` - `@rfairburn `_ - 3 - * - :raw-html-m2r:`@westurner` + * - :raw-html-m2r:`@westurner` - `@westurner `_ - 3 - * - :raw-html-m2r:`@chris-sanders` + * - :raw-html-m2r:`@toanju` + - `@toanju `_ + - 3 + * - :raw-html-m2r:`@chris-sanders` - `@chris-sanders `_ - 2 - * - :raw-html-m2r:`@dafyddj` - - `@dafyddj `_ - - 2 - * - :raw-html-m2r:`@UtahDave` + * - :raw-html-m2r:`@UtahDave` - `@UtahDave `_ - 2 - * - :raw-html-m2r:`@ghtyrant` + * - :raw-html-m2r:`@ghtyrant` - `@ghtyrant `_ - 2 - * - :raw-html-m2r:`@pprkut` + * - :raw-html-m2r:`@pprkut` - `@pprkut `_ - 2 - * - :raw-html-m2r:`@jstrunk` + * - :raw-html-m2r:`@jstrunk` - `@jstrunk `_ - 2 - * - :raw-html-m2r:`@johnkeates` + * - :raw-html-m2r:`@johnkeates` - `@johnkeates `_ - 2 - * - :raw-html-m2r:`@kmshultz` + * - :raw-html-m2r:`@kmshultz` - `@kmshultz `_ - 2 - * - :raw-html-m2r:`@malept` + * - :raw-html-m2r:`@malept` - `@malept `_ - 2 - * - :raw-html-m2r:`@meganlkm` + * - :raw-html-m2r:`@meganlkm` - `@meganlkm `_ - 2 - * - :raw-html-m2r:`@garrettw` - - `@garrettw `_ - - 2 - * - :raw-html-m2r:`@ErisDS` + * - :raw-html-m2r:`@ErisDS` - `@ErisDS `_ - 2 - * - :raw-html-m2r:`@myoung34` + * - :raw-html-m2r:`@myoung34` - `@myoung34 `_ - 2 - * - :raw-html-m2r:`@sticky-note` + * - :raw-html-m2r:`@sticky-note` - `@sticky-note `_ - 2 - * - :raw-html-m2r:`@bebosudo` + * - :raw-html-m2r:`@bebosudo` - `@bebosudo `_ - 1 - * - :raw-html-m2r:`@aanriot` + * - :raw-html-m2r:`@aanriot` - `@aanriot `_ - 1 - * - :raw-html-m2r:`@andrew-vant` + * - :raw-html-m2r:`@andrew-vant` - `@andrew-vant `_ - 1 - * - :raw-html-m2r:`@bemosior` + * - :raw-html-m2r:`@bemosior` - `@bemosior `_ - 1 - * - :raw-html-m2r:`@SuperTux88` + * - :raw-html-m2r:`@SuperTux88` - `@SuperTux88 `_ - 1 - * - :raw-html-m2r:`@bogdanr` + * - :raw-html-m2r:`@bogdanr` - `@bogdanr `_ - 1 - * - :raw-html-m2r:`@blbradley` + * - :raw-html-m2r:`@blbradley` - `@blbradley `_ - 1 - * - :raw-html-m2r:`@CorwinTanner` + * - :raw-html-m2r:`@CorwinTanner` - `@CorwinTanner `_ - 1 - * - :raw-html-m2r:`@fayetted` + * - :raw-html-m2r:`@fayetted` - `@fayetted `_ - 1 - * - :raw-html-m2r:`@czarneckid` + * - :raw-html-m2r:`@baby-gnu` + - `@baby-gnu `_ + - 1 + * - :raw-html-m2r:`@czarneckid` - `@czarneckid `_ - 1 - * - :raw-html-m2r:`@statik` + * - :raw-html-m2r:`@statik` - `@statik `_ - 1 - * - :raw-html-m2r:`@ekristen` + * - :raw-html-m2r:`@ekristen` - `@ekristen `_ - 1 - * - :raw-html-m2r:`@jeduardo` + * - :raw-html-m2r:`@garrettw` + - `@garrettw `_ + - 1 + * - :raw-html-m2r:`@jeduardo` - `@jeduardo `_ - 1 - * - :raw-html-m2r:`@stromnet` + * - :raw-html-m2r:`@stromnet` - `@stromnet `_ - 1 - * - :raw-html-m2r:`@bsdlp` + * - :raw-html-m2r:`@bsdlp` - `@bsdlp `_ - 1 - * - :raw-html-m2r:`@MEschenbacher` + * - :raw-html-m2r:`@anderbubble` + - `@anderbubble `_ + - 1 + * - :raw-html-m2r:`@MEschenbacher` - `@MEschenbacher `_ - 1 - * - :raw-html-m2r:`@renich` + * - :raw-html-m2r:`@renich` - `@renich `_ - 1 - * - :raw-html-m2r:`@outime` + * - :raw-html-m2r:`@outime` - `@outime `_ - 1 - * - :raw-html-m2r:`@scub` + * - :raw-html-m2r:`@scub` - `@scub `_ - 1 - * - :raw-html-m2r:`@thatch45` + * - :raw-html-m2r:`@thatch45` - `@thatch45 `_ - 1 - * - :raw-html-m2r:`@blarghmatey` + * - :raw-html-m2r:`@blarghmatey` - `@blarghmatey `_ - 1 - * - :raw-html-m2r:`@babilen5` - - `@babilen5 `_ + * - :raw-html-m2r:`@babilen` + - `@babilen `_ - 1 - * - :raw-html-m2r:`@abednarik` + * - :raw-html-m2r:`@abednarik` - `@abednarik `_ - 1 - * - :raw-html-m2r:`@francesco-a` + * - :raw-html-m2r:`@francesco-a` - `@francesco-a `_ - 1 - * - :raw-html-m2r:`@oboyle` + * - :raw-html-m2r:`@oboyle` - `@oboyle `_ - 1 - * - :raw-html-m2r:`@bersace` + * - :raw-html-m2r:`@bersace` - `@bersace `_ - 1 ---- -Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2021-01-04. +Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2022-03-02. diff --git a/docs/CHANGELOG.rst b/docs/CHANGELOG.rst index a0e38f17..be410c05 100644 --- a/docs/CHANGELOG.rst +++ b/docs/CHANGELOG.rst @@ -2,6 +2,248 @@ Changelog ========= +`2.8.1 `_ (2022-03-02) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **debian:** avoid adding repositories entries multiple times (\ `d1d3e55 `_\ ), closes `/github.com/saltstack/salt/issues/59785#issuecomment-826590482 `_ + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* update linters to latest versions [skip ci] (\ `512fe00 `_\ ) + +Tests +^^^^^ + + +* **repository:** use ``system.platform[:codename]`` [skip ci] (\ `0e51694 `_\ ) +* **system:** add ``build_platform_codename`` [skip ci] (\ `5f1a289 `_\ ) + +`2.8.0 `_ (2022-02-03) +------------------------------------------------------------------------------------------------------- + +Code Refactoring +^^^^^^^^^^^^^^^^ + + +* **pkgs:** readbility (\ `b76e8cc `_\ ) + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* **kitchen+gitlab:** update for new pre-salted images [skip ci] (\ `7fcb960 `_\ ) + +Features +^^^^^^^^ + + +* **debian:** use keyrings instead of key_ids (\ `037c13a `_\ ) + +Reverts +^^^^^^^ + + +* **pkg:** use grains.osfinger in a format suitable for all platforms (\ `8fee9f0 `_\ ) + +Styles +^^^^^^ + + +* **map.jinja:** remove empty line (\ `ae52641 `_\ ) + +Tests +^^^^^ + + +* **repository:** favor ``platform`` over ``os`` (\ `c16ecf8 `_\ ) + +`2.7.5 `_ (2022-02-02) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **snippets:** make sure they're deployed before being used (\ `9dfc1c1 `_\ ) + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* **3003.1:** update inc. AlmaLinux, Rocky & ``rst-lint`` [skip ci] (\ `6a42a9b `_\ ) +* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] (\ `860fabe `_\ ) +* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] (\ `1557473 `_\ ) +* **gemfile+lock:** use ``ssf`` customised ``inspec`` repo [skip ci] (\ `a11da83 `_\ ) +* **gitlab-ci:** enable instance after upstream issue resolved [skip ci] (\ `79499e8 `_\ ) +* **kitchen:** move ``provisioner`` block & update ``run_command`` [skip ci] (\ `6b65017 `_\ ) +* **kitchen+ci:** update with ``3004`` pre-salted images/boxes [skip ci] (\ `30f87cc `_\ ) +* **kitchen+ci:** update with latest ``3003.2`` pre-salted images [skip ci] (\ `70a1f31 `_\ ) +* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] (\ `e041418 `_\ ) +* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] (\ `7deb74f `_\ ) +* add Debian 11 Bullseye & update ``yamllint`` configuration [skip ci] (\ `fa8a5db `_\ ) +* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] (\ `d15f3de `_\ ) + +`2.7.4 `_ (2021-06-15) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **servers:** include main config file watch in extend (\ `00387e7 `_\ ) + +`2.7.3 `_ (2021-06-14) +------------------------------------------------------------------------------------------------------- + +Tests +^^^^^ + + +* **snippets:** add tests for snippets includes (\ `1c83b6d `_\ ), closes `#275 `_ `#274 `_ + +`2.7.2 `_ (2021-06-14) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **certificates:** ensure ``openssl`` installed before ``cmd.run`` (\ `0cd7c7b `_\ ), closes `/gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819#L2830 `_ +* **snippets:** ignore servers or snippets when undefined (\ `6cb486d `_\ ), closes `#274 `_ + +`2.7.1 `_ (2021-05-12) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **servers:** wrong conditional specification (\ `494b2fb `_\ ) + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* add ``arch-master`` to matrix and update ``.travis.yml`` [skip ci] (\ `4697152 `_\ ) + +`2.7.0 `_ (2021-04-28) +------------------------------------------------------------------------------------------------------- + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* **kitchen+gitlab:** adjust matrix to add ``3003`` [skip ci] (\ `46faf4e `_\ ) +* **vagrant:** add FreeBSD 13.0 [skip ci] (\ `b41062e `_\ ) +* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] (\ `b9e9cd3 `_\ ) + +Documentation +^^^^^^^^^^^^^ + + +* **readme:** add ``Testing with Vagrant`` section [skip ci] (\ `5727848 `_\ ) + +Features +^^^^^^^^ + + +* **servers_config:** add require statement to manage dependencies (\ `622d22f `_\ ) + +Tests +^^^^^ + + +* **requires:** verify dependencies in vhosts (\ `6478143 `_\ ) + +`2.6.3 `_ (2021-04-03) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **freebsd:** add ``openssl`` pkg and update all ``default`` tests (\ `4cd351a `_\ ) + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* enable Vagrant-based testing using GitHub Actions (\ `c79ce9a `_\ ) + +`2.6.2 `_ (2021-03-30) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **servers_config:** fixup 05994e1 (\ `c03729a `_\ ) + +`2.6.1 `_ (2021-03-29) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **servers_config:** remove service depedency (\ `05994e1 `_\ ) + +Code Refactoring +^^^^^^^^^^^^^^^^ + + +* **servers_config:** remove unused loop (\ `3825557 `_\ ) + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* **kitchen+ci:** include ``passenger`` suite [skip ci] (\ `0bbe686 `_\ ) + +Tests +^^^^^ + + +* standardise use of ``share`` suite & ``_mapdata`` state [skip ci] (\ `8ea3c82 `_\ ) + +`2.6.0 `_ (2021-03-11) +------------------------------------------------------------------------------------------------------- + +Bug Fixes +^^^^^^^^^ + + +* **passenger:** various fixes (\ `7271c9d `_\ ) +* **pkg:** add inline EPEL repo configuration for Amazon Linux 2 (\ `ae6375c `_\ ) + +Continuous Integration +^^^^^^^^^^^^^^^^^^^^^^ + + +* **gemfile+lock:** use ``ssf`` customised ``kitchen-docker`` repo [skip ci] (\ `123d13e `_\ ) +* **kitchen+ci:** make rubocop happy [skip ci] (\ `eedfc56 `_\ ) +* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] (\ `63d32a4 `_\ ) +* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] (\ `b4411c6 `_\ ) +* **pre-commit:** update hook for ``rubocop`` [skip ci] (\ `2a23743 `_\ ) + +Features +^^^^^^^^ + + +* **config:** validate config before applying (\ `b396b24 `_\ ) + +Tests +^^^^^ + + +* **config:** fix for Amazon Linux 2 & Oracle Linux 7/8 (\ `ab39c8f `_\ ) + `2.5.0 `_ (2021-01-04) ------------------------------------------------------------------------------------------------------- diff --git a/docs/README.apt.keyrings.rst b/docs/README.apt.keyrings.rst new file mode 100644 index 00000000..7319c96b --- /dev/null +++ b/docs/README.apt.keyrings.rst @@ -0,0 +1,34 @@ +.. _readme_apt_keyrings: + +apt repositories' keyrings +========================== + +Debian family of OSes deprecated the use of `apt-key` to manage repositories' keys +in favor of using `keyring files` which contain a binary OpenPGP format of the key +(also known as "GPG key public ring") + +As nginx and passenger don't provide such key files, we created them following the +official recomendations in their sites and install the resulting files. + +Nginx +----- + +See https://nginx.org/en/linux_packages.html#Debian for details + +.. code-block:: bash + + $ curl -s https://nginx.org/keys/nginx_signing.key | \ + gpg --dearmor --output nginx-archive-keyring.gpg + +Phusion-passenger +----------------- + +See https://www.phusionpassenger.com/docs/tutorials/deploy_to_production/installations/oss/ownserver/ruby/nginx/ +for more details. + +.. code-block:: bash + + $ gpg --keyserver keyserver.ubuntu.com \ + --output - \ + --recv-keys 561F9B9CAC40B2F7 | \ + gpg --export --output phusionpassenger-archive-keyring.gpg diff --git a/docs/README.rst b/docs/README.rst index 7451490e..78148a44 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -169,3 +169,65 @@ Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``veri ^^^^^^^^^^^^^^^^^^^^^ Gives you SSH access to the instance for manual testing. + +Testing with Vagrant +-------------------- + +Windows/FreeBSD/OpenBSD testing is done with ``kitchen-salt``. + +Requirements +^^^^^^^^^^^^ + +* Ruby +* Virtualbox +* Vagrant + +Setup +^^^^^ + +.. code-block:: bash + + $ gem install bundler + $ bundle install --with=vagrant + $ bin/kitchen test [platform] + +Where ``[platform]`` is the platform name defined in ``kitchen.vagrant.yml``, +e.g. ``windows-81-latest-py3``. + +Note +^^^^ + +When testing using Vagrant you must set the environment variable ``KITCHEN_LOCAL_YAML`` to ``kitchen.vagrant.yml``. For example: + +.. code-block:: bash + + $ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively, + $ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml + $ bin/kitchen test + +Then run the following commands as needed. + +``bin/kitchen converge`` +^^^^^^^^^^^^^^^^^^^^^^^^ + +Creates the Vagrant instance and runs the ``nginx`` main state, ready for testing. + +``bin/kitchen verify`` +^^^^^^^^^^^^^^^^^^^^^^ + +Runs the ``inspec`` tests on the actual instance. + +``bin/kitchen destroy`` +^^^^^^^^^^^^^^^^^^^^^^^ + +Removes the Vagrant instance. + +``bin/kitchen test`` +^^^^^^^^^^^^^^^^^^^^ + +Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``. + +``bin/kitchen login`` +^^^^^^^^^^^^^^^^^^^^^ + +Gives you RDP/SSH access to the instance for manual testing. diff --git a/kitchen.vagrant.yml b/kitchen.vagrant.yml new file mode 100644 index 00000000..f9661b3e --- /dev/null +++ b/kitchen.vagrant.yml @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +driver: + name: vagrant + cache_directory: false + customize: + usbxhci: 'off' + gui: false + ssh: + shell: /bin/sh + <% unless ENV['CI'] %> + linked_clone: true + synced_folders: + - - '.kitchen/kitchen-vagrant/%{instance_name}/vagrant' + - '/vagrant' + - 'create: true, disabled: false' + <% end %> + +platforms: + - name: freebsd-130-master-py3 + driver: + box: myii/freebsd-13.0-master-py3 + - name: freebsd-123-master-py3 + driver: + box: myii/freebsd-12.3-master-py3 + - name: freebsd-130-3004-0-py3 + driver: + box: myii/freebsd-13.0-3004.0-py3 + - name: freebsd-123-3004-0-py3 + driver: + box: myii/freebsd-12.3-3004.0-py3 diff --git a/kitchen.yml b/kitchen.yml index 6ea5972c..5ccf8a48 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -6,156 +6,301 @@ driver: name: docker use_sudo: false privileged: true - run_command: /lib/systemd/systemd + run_command: /usr/lib/systemd/systemd + +provisioner: + name: salt_solo + log_level: debug + salt_install: none + require_chef: false + formula: nginx + salt_copy_filter: + - .kitchen + - .git -# Make sure the platforms listed below match up with -# the `env.matrix` instances defined in `.travis.yml` platforms: + ## SALT `tiamat` + - name: debian-11-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:debian-11 + run_command: /lib/systemd/systemd + - name: debian-10-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:debian-10 + run_command: /lib/systemd/systemd + - name: debian-9-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:debian-9 + run_command: /lib/systemd/systemd + - name: ubuntu-2004-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:ubuntu-20.04 + run_command: /lib/systemd/systemd + - name: ubuntu-1804-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:ubuntu-18.04 + run_command: /lib/systemd/systemd + - name: centos-stream8-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:centos-stream8 + - name: centos-7-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:centos-7 + - name: amazonlinux-2-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:amazonlinux-2 + - name: oraclelinux-8-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:oraclelinux-8 + - name: oraclelinux-7-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:oraclelinux-7 + - name: almalinux-8-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:almalinux-8 + - name: rockylinux-8-tiamat-py3 + driver: + image: saltimages/salt-tiamat-py3:rockylinux-8 + ## SALT `master` + - name: debian-11-master-py3 + driver: + image: saltimages/salt-master-py3:debian-11 + run_command: /lib/systemd/systemd - name: debian-10-master-py3 driver: image: saltimages/salt-master-py3:debian-10 + run_command: /lib/systemd/systemd + - name: debian-9-master-py3 + driver: + image: saltimages/salt-master-py3:debian-9 + run_command: /lib/systemd/systemd + - name: ubuntu-2004-master-py3 + driver: + image: saltimages/salt-master-py3:ubuntu-20.04 + run_command: /lib/systemd/systemd - name: ubuntu-1804-master-py3 driver: image: saltimages/salt-master-py3:ubuntu-18.04 - - name: centos-8-master-py3 + run_command: /lib/systemd/systemd + - name: centos-stream8-master-py3 + driver: + image: saltimages/salt-master-py3:centos-stream8 + - name: centos-7-master-py3 + driver: + image: saltimages/salt-master-py3:centos-7 + - name: fedora-36-master-py3 + driver: + image: saltimages/salt-master-py3:fedora-36 + - name: fedora-35-master-py3 + driver: + image: saltimages/salt-master-py3:fedora-35 + - name: fedora-34-master-py3 driver: - image: saltimages/salt-master-py3:centos-8 - - name: fedora-31-master-py3 + image: saltimages/salt-master-py3:fedora-34 + - name: opensuse-leap-153-master-py3 driver: - image: saltimages/salt-master-py3:fedora-31 - - name: opensuse-leap-151-master-py3 + image: saltimages/salt-master-py3:opensuse-leap-15.3 + # Workaround to avoid intermittent failures on `opensuse-leap-15.3`: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 + - name: opensuse-tmbl-latest-master-py3 driver: - image: netmanagers/salt-master-py3:opensuse-leap-15.1 - run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + image: saltimages/salt-master-py3:opensuse-tumbleweed-latest + # Workaround to avoid intermittent failures on `opensuse-tumbleweed`: # => SCP did not finish successfully (255): (Net::SCP::Error) transport: max_ssh_sessions: 1 - name: amazonlinux-2-master-py3 driver: image: saltimages/salt-master-py3:amazonlinux-2 - - ## SALT `2019.2` - - name: debian-10-2019-2-py3 + - name: oraclelinux-8-master-py3 driver: - image: saltimages/salt-2019.2-py3:debian-10 - - name: debian-9-2019-2-py3 + image: saltimages/salt-master-py3:oraclelinux-8 + - name: oraclelinux-7-master-py3 driver: - image: saltimages/salt-2019.2-py3:debian-9 - - name: ubuntu-1804-2019-2-py3 + image: saltimages/salt-master-py3:oraclelinux-7 + - name: arch-base-latest-master-py3 driver: - image: saltimages/salt-2019.2-py3:ubuntu-18.04 - - name: centos-8-2019-2-py3 + image: saltimages/salt-master-py3:arch-base-latest + - name: gentoo-stage3-latest-master-py3 driver: - image: saltimages/salt-2019.2-py3:centos-8 - - name: fedora-31-2019-2-py3 + image: saltimages/salt-master-py3:gentoo-stage3-latest + run_command: /sbin/init + - name: gentoo-stage3-systemd-master-py3 driver: - image: saltimages/salt-2019.2-py3:fedora-31 - - name: opensuse-leap-151-2019-2-py3 + image: saltimages/salt-master-py3:gentoo-stage3-systemd + - name: almalinux-8-master-py3 driver: - image: netmanagers/salt-2019.2-py3:opensuse-leap-15.1 - run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: - # => SCP did not finish successfully (255): (Net::SCP::Error) - transport: - max_ssh_sessions: 1 - - name: centos-7-2019-2-py2 + image: saltimages/salt-master-py3:almalinux-8 + - name: rockylinux-8-master-py3 driver: - image: netmanagers/salt-2019.2-py2:centos-7 - - name: amazonlinux-2-2019-2-py3 + image: saltimages/salt-master-py3:rockylinux-8 + + ## SALT `3004.1` + - name: debian-11-3004-1-py3 driver: - image: saltimages/salt-2019.2-py3:amazonlinux-2 - - name: arch-base-latest-2019-2-py2 + image: saltimages/salt-3004.1-py3:debian-11 + run_command: /lib/systemd/systemd + - name: debian-10-3004-1-py3 driver: - image: saltimages/salt-2019.2-py2:arch-base-latest - run_command: /usr/lib/systemd/systemd - - ## SALT `2018.3` - - name: fedora-30-2018-3-py3 + image: saltimages/salt-3004.1-py3:debian-10 + run_command: /lib/systemd/systemd + - name: debian-9-3004-1-py3 driver: - image: netmanagers/salt-2018.3-py3:fedora-30 - - name: debian-9-2018-3-py2 + image: saltimages/salt-3004.1-py3:debian-9 + run_command: /lib/systemd/systemd + - name: ubuntu-2004-3004-1-py3 driver: - image: netmanagers/salt-2018.3-py2:debian-9 - - name: ubuntu-1604-2018-3-py2 + image: saltimages/salt-3004.1-py3:ubuntu-20.04 + run_command: /lib/systemd/systemd + - name: ubuntu-1804-3004-1-py3 driver: - image: netmanagers/salt-2018.3-py2:ubuntu-16.04 - - name: centos-7-2018-3-py2 + image: saltimages/salt-3004.1-py3:ubuntu-18.04 + run_command: /lib/systemd/systemd + - name: centos-stream8-3004-1-py3 driver: - image: netmanagers/salt-2018.3-py2:centos-7 - - name: opensuse-leap-151-2018-3-py2 + image: saltimages/salt-3004.1-py3:centos-stream8 + - name: centos-7-3004-1-py3 driver: - image: netmanagers/salt-2018.3-py2:opensuse-leap-15.1 - run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: - # => SCP did not finish successfully (255): (Net::SCP::Error) - transport: - max_ssh_sessions: 1 - - name: amazonlinux-1-2018-3-py2 + image: saltimages/salt-3004.1-py3:centos-7 + - name: fedora-36-3004-1-py3 driver: - image: netmanagers/salt-2018.3-py2:amazonlinux-1 - run_command: /sbin/init - - name: arch-base-latest-2018-3-py2 + image: saltimages/salt-3004.1-py3:fedora-36 + - name: fedora-35-3004-1-py3 driver: - image: netmanagers/salt-2018.3-py2:arch-base-latest - run_command: /usr/lib/systemd/systemd - - ## SALT `2017.7` - - name: debian-8-2017-7-py2 + image: saltimages/salt-3004.1-py3:fedora-35 + - name: fedora-34-3004-1-py3 + driver: + image: saltimages/salt-3004.1-py3:fedora-34 + - name: amazonlinux-2-3004-1-py3 + driver: + image: saltimages/salt-3004.1-py3:amazonlinux-2 + - name: oraclelinux-8-3004-1-py3 driver: - image: netmanagers/salt-2017.7-py2:debian-8 - - name: ubuntu-1604-2017-7-py2 + image: saltimages/salt-3004.1-py3:oraclelinux-8 + - name: oraclelinux-7-3004-1-py3 driver: - image: netmanagers/salt-2017.7-py2:ubuntu-16.04 - - name: centos-6-2017-7-py2 + image: saltimages/salt-3004.1-py3:oraclelinux-7 + - name: arch-base-latest-3004-1-py3 driver: - image: netmanagers/salt-2017.7-py2:centos-6 + image: saltimages/salt-3004.1-py3:arch-base-latest + - name: gentoo-stage3-latest-3004-1-py3 + driver: + image: saltimages/salt-3004.1-py3:gentoo-stage3-latest run_command: /sbin/init - - name: fedora-30-2017-7-py2 + - name: gentoo-stage3-systemd-3004-1-py3 + driver: + image: saltimages/salt-3004.1-py3:gentoo-stage3-systemd + - name: almalinux-8-3004-1-py3 + driver: + image: saltimages/salt-3004.1-py3:almalinux-8 + - name: rockylinux-8-3004-1-py3 driver: - image: netmanagers/salt-2017.7-py2:fedora-30 - - name: opensuse-leap-151-2017-7-py2 + image: saltimages/salt-3004.1-py3:rockylinux-8 + + ## SALT `3004.0` + - name: opensuse-leap-153-3004-0-py3 driver: - image: netmanagers/salt-2017.7-py2:opensuse-leap-15.1 - run_command: /usr/lib/systemd/systemd - # Workaround to avoid intermittent failures on `opensuse-leap-15.1`: + image: saltimages/salt-3004.0-py3:opensuse-leap-15.3 + # Workaround to avoid intermittent failures on `opensuse-leap-15.3`: # => SCP did not finish successfully (255): (Net::SCP::Error) transport: max_ssh_sessions: 1 - - name: amazonlinux-1-2017-7-py2 + - name: opensuse-tmbl-latest-3004-0-py3 driver: - image: netmanagers/salt-2017.7-py2:amazonlinux-1 - run_command: /sbin/init - - name: arch-base-latest-2017-7-py2 + image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest + # Workaround to avoid intermittent failures on `opensuse-tumbleweed`: + # => SCP did not finish successfully (255): (Net::SCP::Error) + transport: + max_ssh_sessions: 1 + + ## SALT `3003.4` + - name: debian-10-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:debian-10 + run_command: /lib/systemd/systemd + - name: debian-9-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:debian-9 + run_command: /lib/systemd/systemd + - name: ubuntu-2004-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:ubuntu-20.04 + run_command: /lib/systemd/systemd + - name: ubuntu-1804-3003-4-py3 driver: - image: netmanagers/salt-2017.7-py2:arch-base-latest - run_command: /usr/lib/systemd/systemd + image: saltimages/salt-3003.4-py3:ubuntu-18.04 + run_command: /lib/systemd/systemd + - name: centos-stream8-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:centos-stream8 + - name: centos-7-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:centos-7 + - name: amazonlinux-2-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:amazonlinux-2 + - name: oraclelinux-8-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:oraclelinux-8 + - name: oraclelinux-7-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:oraclelinux-7 + - name: almalinux-8-3003-4-py3 + driver: + image: saltimages/salt-3003.4-py3:almalinux-8 -provisioner: - name: salt_solo - log_level: debug - salt_install: none - require_chef: false - formula: nginx - salt_copy_filter: - - .kitchen - - .git + ## SALT `3002.8` + - name: debian-10-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:debian-10 + run_command: /lib/systemd/systemd + - name: debian-9-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:debian-9 + run_command: /lib/systemd/systemd + - name: ubuntu-2004-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:ubuntu-20.04 + run_command: /lib/systemd/systemd + - name: ubuntu-1804-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:ubuntu-18.04 + run_command: /lib/systemd/systemd + - name: centos-7-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:centos-7 + - name: amazonlinux-2-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:amazonlinux-2 + - name: oraclelinux-8-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:oraclelinux-8 + - name: oraclelinux-7-3002-8-py3 + driver: + image: saltimages/salt-3002.8-py3:oraclelinux-7 verifier: # https://www.inspec.io/ name: inspec sudo: true - # cli, documentation, html, progress, json, json-min, json-rspec, junit reporter: + # cli, documentation, html, progress, json, json-min, json-rspec, junit - cli suites: - name: default provisioner: + dependencies: + - name: test_dep + path: test/salt/default/states state_top: base: '*': + - test_dep.create_dependency_file + - nginx._mapdata - nginx pillars: top.sls: @@ -167,3 +312,65 @@ suites: verifier: inspec_tests: - path: test/integration/default + - name: passenger + includes: + - debian-11-tiamat-py3 + - debian-10-tiamat-py3 + - debian-9-tiamat-py3 + - ubuntu-2004-tiamat-py3 + - ubuntu-1804-tiamat-py3 + - centos-stream8-tiamat-py3 + - centos-7-tiamat-py3 + - oraclelinux-8-tiamat-py3 + - almalinux-8-tiamat-py3 + - rockylinux-8-tiamat-py3 + - debian-11-master-py3 + - debian-10-master-py3 + - debian-9-master-py3 + - ubuntu-2004-master-py3 + - ubuntu-1804-master-py3 + - centos-stream8-master-py3 + - centos-7-master-py3 + - oraclelinux-8-master-py3 + - almalinux-8-master-py3 + - rockylinux-8-master-py3 + - debian-11-3004-1-py3 + - debian-10-3004-1-py3 + - debian-9-3004-1-py3 + - ubuntu-2004-3004-1-py3 + - ubuntu-1804-3004-1-py3 + - centos-stream8-3004-1-py3 + - centos-7-3004-1-py3 + - oraclelinux-8-3004-1-py3 + - almalinux-8-3004-1-py3 + - rockylinux-8-3004-1-py3 + - debian-10-3003-4-py3 + - debian-9-3003-4-py3 + - ubuntu-2004-3003-4-py3 + - ubuntu-1804-3003-4-py3 + - centos-stream8-3003-4-py3 + - centos-7-3003-4-py3 + - oraclelinux-8-3003-4-py3 + - almalinux-8-3003-4-py3 + - debian-10-3002-8-py3 + - debian-9-3002-8-py3 + - ubuntu-2004-3002-8-py3 + - ubuntu-1804-3002-8-py3 + - centos-7-3002-8-py3 + - oraclelinux-8-3002-8-py3 + provisioner: + state_top: + base: + '*': + - nginx._mapdata + - nginx.passenger + pillars: + top.sls: + base: + '*': + - nginx + pillars_from_files: + nginx.sls: test/salt/passenger/pillar/nginx.sls + verifier: + inspec_tests: + - path: test/integration/passenger diff --git a/nginx/_mapdata/_mapdata.jinja b/nginx/_mapdata/_mapdata.jinja new file mode 100644 index 00000000..aa9649cf --- /dev/null +++ b/nginx/_mapdata/_mapdata.jinja @@ -0,0 +1,13 @@ +# yamllint disable rule:indentation rule:line-length +# {{ grains.get("osfinger", grains.os) }} +--- +{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #} +{{ salt["slsutil.serialize"]( + "yaml", + map, + default_flow_style=False, + allow_unicode=True, + ) + | regex_replace("^\s+'$", "'", multiline=True) + | trim +}} diff --git a/nginx/_mapdata/init.sls b/nginx/_mapdata/init.sls new file mode 100644 index 00000000..650b3e88 --- /dev/null +++ b/nginx/_mapdata/init.sls @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls +--- +{#- Get the `tplroot` from `tpldir` #} +{%- set tplroot = tpldir.split("/")[0] %} +{%- from tplroot ~ "/map.jinja" import nginx with context %} + +{%- set _mapdata = { + "values": nginx, + } %} +{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %} + +{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %} +{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %} + +{{ tplroot }}-mapdata-dump: + file.managed: + - name: {{ output_file }} + - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja + - template: jinja + - context: + map: {{ _mapdata | yaml }} diff --git a/nginx/certificates.sls b/nginx/certificates.sls index 2a8330b5..8781045f 100644 --- a/nginx/certificates.sls +++ b/nginx/certificates.sls @@ -30,6 +30,7 @@ generate_nginx_dhparam_{{ dh_param }}_key: - creates: {{ certificates_path }}/{{ dh_param }} - require: - file: prepare_certificates_path_dir + - pkg: generate_nginx_dhparam_{{ dh_param }}_key - watch_in: - service: nginx_service {%- endif %} diff --git a/nginx/files/default/nginx-archive-keyring.gpg b/nginx/files/default/nginx-archive-keyring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..82b5bff0f1e0456b8d71d9dff520b740b88ec4bf GIT binary patch literal 1067 zcmV+`1l0SP0SyFBPBLNv2mt;R_6i!fh8h0Ns{)@`FE?-%bk+u&fmM*1mdtQm-dpHQ zvJ6LCsG^uX5wZ4tphn*$BgW7qQfInptC~t`W-Qy`3GofGu;E7^3P!9Ag7Z9$0?r6S z8QElp#7+kiz*|GQeHV(O@I9C^xpijr@Ea|ZTYMbm^8|n0C9;C1K?Ju@la$1KG=36% zzcW--M~p(0K#nwDR0JKKj8{n1u=wNy+dpV*H~L}}9F*4H@+)X57bI=>wX+y`{V`sD zOuoRG6U^e5E8Lcxn$V}kcYz8sE+u$3&4#)S1YL zX|rZ7vj*|>BG>X?t8D-g0RRECDQ;(JZg?PbX=iR}Zf78CWqBYxb7^O8X>MmNYh`&r zZf9w3crIgaZ9a(sJ_Hj10stri8v_Ol2?z%R0tOWb0tpHW1Qr4V0RkQY0vCV<0#{K6x$vMSxGE}6pdGCM(`$z1=FlZt}F!64sP z9_w2t(S^WsRlEbC@6QiU0H6Rme--aqG_lL)MubL}p)uo-CiDJYjmEOKBwU)fI27Qn z49eRX)NtZ50~YcYSH{ffASBa?0UQJn0RjL91p-b^N2LG?2@s}F)vN#D8T?;} z#c2(fH-e|(sI-Qi^8SfP?{~e;Uc89j>R2ul z%|{+$XZCtAJd1BS^o(z8kFZZBABPDY6vZ_mAw6!OhG}0}uUWz+SLP@&a`uQu1P~Dd z00spDPEK3W0162Z?C|LeEEgbyQN946r)k35|K+-I`C_d?1jYtkP@1Ts0G>4Ua9$zA zAzGrg5DeCrSpEkZL79j~1P~Dd00spDPEKE80162ZsW)Lcr6k2Zb5;PKU{Z|oi7&m4 l{i`PWrX?qqxF{7z0GtUyVOxWof%>=#j>Mx$*dzb| literal 0 HcmV?d00001 diff --git a/nginx/files/default/phusionpassenger-archive-keyring.gpg b/nginx/files/default/phusionpassenger-archive-keyring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..ee1337f94e245b24b219173470014823eb10ea02 GIT binary patch literal 192863 zcmbrmbzD~K5;nYOX#okP9;CaG?(Ptf?v#=S>5vX7X&zc6g-1d`P(m6+5a|vDL6DOC z*5lbI+jI7L&-;FV?7d}ef5WVqYv!K0X6}`NP=G9Hur!K?421S;yk5RT{?!yhl3EBIV-uQ~INL1@C$nN2`g_;7ecI-R`0iYD^y^X!1l; zO8tH-=XwBBxS~wEtQ4#h_}2fJv{Ie`-%f#a7R)>LWjtsW~Z)^(L+Ilz*+#C0Fden0k>5F5|JenR}~wX&ql&H+DNDxoa^UyJ7I` zIei4y!GZAlM+;-B=5;&X7idgbYR=4A&t~s0*bHPHA66?AMH(VQ@U8)5D2Vq+$=?u? zBdA(=LGD}mK{M|^biiee0m^C04!_Tro1Cmt#5 zC%nfEKo0rGH^)^fLZ!aKOtLmjHKzA0PElbrie{d6R<01q_A*y@X9qiou>H>m;^waI z4r~_Aj%;SGqLF6E1fUL7h!hBj#6gHR5l|4d$iA?mV4`0`LqZ|MK);5GLWGEf09;kX zQvk?wS+jP?=P5zyN6y(pDZ%OV72?7IvN0KZ-xeil%Nd(Mgl$h>lN8deJ&Tk@zK(|o zprRm38c9mPzUoB`9sIl-~@817IY-&dbk(3 zvN|>#>s}j`@w5V0<(P56<#;#1h@2z&KUNI@c@}rk=YxkQHy5(^(w;;O$$Aml^8z_H z{A8^=UDxXk$?1t}kiTb2Cmo-{g#I)PgOrDrle-zj$_XOpXlCcYcxft0tDlw=w}C%} zo9wr}NRj?!vY+&<0mzLsAzaRec>o23rYq)n`HF_5(kZ0>` zhk+Sl_cc1z=@pIO(5Y$sY61XllJ1KpO6oKBv#52z(G<8PNg#vx3m^YC?D@-*H{d*!~HNP5yk(`C9L z;bSJY5)KppH>LgpiHn)58AQ(2&XQfr&e6lc&BE2r-0GLI;x^#_`InOBU}PZzw^0z4 zhOm$jNs&;0#uOqd;Wb2b3`}HrRQ(G=S3|2i3&^3AOuw6tXIqBGA>`iYBcOkZJ%I(} znRY(uI1zf*8OLXUF6rEh*B?B&@L!>#X=UN=>}qD|{98HK%SUV;P7Z8VmL5M-z&}ET z&l!y9&J_)sG`c)QMuLcyA#8qcg}Y1u^tssid8cVdnD$gp#VGRqo5;TQfsv*^Ul@Xd zD6_vS`TK>D2@$U${ln|x3jull)SOdIwVYdC9QPVLI-KxDlHvn_Tu#ZDh9HUE@%bEe zL_$Y(T01Fqt|mlm_^Ebq{Ti^_^MiFJY-I}JE1i}aFAWVwi>`Yu<2wva(oVAFw}pAy z(G9GHO_XevQpY*Cqc%>$;kP0`WyyGb$he?kood6}N8!>(pT0>3 zJhb=iph#uMD|mvXv^ZnGs1+NqNV>o4>+}AB7QGQa(s(r?&}7m0ai;i5o`hoLe8<85D3I)Yd1MwrpCju*E0=^ZeW z99N0wG`DCdeNo8mTM9YussTtSXy=^low(vv54SM8HmP+HZm;}EZ<5!IpttdH${4@j z;)Yt%WgZ>`qh-{S3Bu_5ko8+B zAkSBp!THqoZnECeIxjzl%2r>(#qneQ6BOSBr6A~D$91Kr4WtnZqpaMmQ2fEc9-`1j zE+l8hYlVx`(o-+L^YE*9WRdU*$Ani=*G-Y&GX|kGoSmCyo;pG|HymG0S?nK)#$j`i zb?qjg{uru>tkkY=#x|3U#VAENA8OW4)LMJ|?z3Ps@}0Ig%DefGCDVo%U8njDQ8s-Z z4szbYdu`i=jED2mi{*lPWZ!CH7d#P2{yJGeR9p=sS{nd5Xe>|o2o<%B{UA_X=i_vb9hxwNIH;b^~NFVE;;6FqXzL3+tUz4 zCr4ZYAnz{O(;Q-=@Df6QORwa)HOahu$%G8B>JmJnzW}SQ5-X|t`^*@ni4OhACLLCl zPC*vJCsUzV5p*c&lO%Gl4PF>{Gob4k&&7JF?jzcsv438@KP}1<;LT&Aj7jq97N_Y! zk~4K}glZ1e=hUN;RiE4L(*ew`}E=SSfe-KQG%ewW;j z)|P~YoJzK4X8~sOhxD@xd8WlYX1q_&i5FkYm9>9H22xxt71EoX9+qyyP)L#th!hU{ zHPNsoZ@j5)%~}~@6ELxbQASs*?AzdeExc8#zf`=*xHqBaoM&%e6a5H=ysnzpmBNYq zRf2PiM)W}DERoJMTI+U>$IToPBiojD%mO9v`|U=za8`5%np~!p={6FD@H3wwqI9+`2K!Z|hU^RP!bP?cS=askZCVoCWHI2i(9G@6>*MMLD z;~h$!TuTK-IBU}Yx8KF*G? z8T}{oSLA3ql*8rFq{p6Pb>ENJ(gAT`pl4`HY+gw_?A0HIN}Ybnb5sF9$A#@gnctjE zd}3Np!U_sEJLhjDydo#3(h)8P!lBw=Kkh)l91lQaKFKyrD}@RXeWl+eGfOXbqGcWj zpwQ5I%rFPGs&by?k1`u_(I+AP7N8vX$p;pE64lfda5;o5-U7|<4|LAI0MPh$OrjDvV8*Bhtl>?ZO) zH1F%IV1)X&7n@Mm+#h*YbeB&KdnC;GvO-+34|hLq<(}}xc(~_CjT&;jf>NE;eLetk$E313;T)9t8>I zJ*=0@?6^fj=ZK^rds_s^yDu@N45K(#WA9dZ72>lVD14z#@mmfE>2bK6OGqpAg3U|E z=h|Y%!+hX7!L4t^=)N2|BW7UvRqq8wRdduzn-Z54e$io-QpBWoMUJLJ6I{+Eq_q`+ zoSQ5Y`d+bI=Dp1p{buE9TJK4ntAQM1kpst1AqjG-%}G)(KE3)1T{gAAfW^~zdMXbCO;Hfpk za5ZSyuF@MlgZ<1w6@M)DD{x`lG$4Xdh)u(Iv$!1UI>>!!{MH=`TE9tn@YoqGgO% zJXdF8=k-*DtuZ?kZ&Q4``U0mXVlukj}S3frtgc5)yL^Ze! zHFCHytK5d7V3=-PvG4*t+ZeU;buj7E@1iye_C?+rSh8+U#mK{}8KSxBKFEvd#At?F zT(@JQfW+T05PAQSVrizzGbD}bg?fFy_np|VzR%widS7+FZOeQ_YxOr&6a7!97VQP{ z9$;j!VZ4e7k9XVFqb^pE^ZZ(a17xAt1gN1PU+W;)QAViWU`^haulw=a`yi@u;9k2# zwRthvd7^!NYi?&hyTL!03B4e$sETQ|2J$3z^OwFJUGUZ(KK1VLaENZ-lKt>o&Y!3r zpah`x2NvWqiTZJ?X^XL?Lf@IWJrH+*Je8T%wofI`_Dt>QF-DiBFDQh}q_4>N1J&V+ zK%U9zwf7{pFsJC5qzuKcLxxV~xs?Dk1u!h%y{}ZeY zqd>q=3B2E@NQ!I9t_gP1yrt{s*a(_CCn}7N0JWBJyk=;(X`5VOhj*;#xBEd@qhEzJ z{}JdmT;Ke>J!Nm=w_&^G<-jJzdQJR|F@h!VXbWo zKo_*wjuzFPxxDpUSbAj&Vem)Heg))7`A54u^xchL_j>iIH*-}5>Wh6fJpO<+FbP1X z-fSVNwz%81G@=ow&+oKDr#B%W@u4#OFffZKnj&Cc8X3y3GZeC0ctxK-VC~-rKs)5L z0?oPWqjD)9>W2kNXezQjsR5ubl44eNXx{si7I`00h%n>0y%aP2XIMW5k1gl8ie_{i zJVFNZ2iotyjl4d7K6oEw26hOI(Dkh8N3d~*37Jfk8p>aA!5IDt*4D0W)@&Z`PXFFQ z|Cz7Xp8>h-w4v?N)^w~oo^&wjdt^DW))zMcXaQe>QLy?1|Mh!Q&lN2GIz%}2^yZ_~uKI=nrWCuCpaCBDgyGH7-1b`HHJ@&aPQpfgAE#&^Ey4!^ZY z9;Xm7NDGJ37crcpwy2MB=EV&{1CD>J@eSYe`S59AY1L%hWN*j!P3X$4W4pK>c2uq( z%NZpwdU|Hs#N(38qU7p#;q=yI`853dIU4UTGL*gs{{}W#h3NiI!1fyka>$hLnDKgS zFNMeRE!}X9u70+JybeHv@~++VomOD_*kq{5IaC%()$cO#8vuXiYbi7UT3KcD(uyN+ zm2T>>53jKgx3C{k2#{yail3-D7!9-MkMT)^7IaR3XLbB7=TBho4g%2d;5&{qkv2)# zM@hDg$sbe=sAoXwy+e$E*5|p}@4BK-4h^R5j2+h(ugLiW*dV2rrzgomJDZ1)ie}zX z)uRC57#4A;19|GNQ@rRSwy39kPb~2D7-F`2IO?v*`2*NPDL|gQ*>v(8`%kDW0$7uOgkas=o@t4*2`>8uc;VVgLIE@j@F~Z{5zCi za2tFqQXhWRS&{jxQ!@h_HF${xsspe7;s5%n)*md}T@I6&-&*`8@6@iZ(snB4_8jhcvwMGlAESb|(6k;uDGV*wpm$S8$k<7LN7Cedp!LGL zD(~~S7e202QPu?_@dzl%_Q+eYrzWG}Y!#9(ZVOm7olTYRrPDx(6i5fgDL&tIVld(1%I@^F9F1(48?&PWolUzAIGSl&z!>d)qD5NO2KRNnt_d|Pz) zt`0V#&CQGXl3=wtqQGqh# z9roU3&q=%!7EN8`tcJ-l<}DIc|IINzg*%9d#r0g@VRkx*J|1>Dr}j$ih6t*=$9M8b z)l1q1Zk7Mkd<0Mf(8OiJ=b=xowV8?rs$0TL?{ATl^#IT(&xq@LMgqm-MqW@~Brds0 zhmaQkq)lE5A%e8YxUHPhSJKWdQqosH2i=Q4qb`Ew zJeOQHa!hkxbIGp8$Sc*4Puyk zBg%c(V!9(A`#ql$ek5OGka91R))>uORxU!q-yr_FC9&zptTxMnr{Yn?ULjBHU-23& z#)hL4m18O&B6z`slszoKP?WZVsDr~2J4Z7J!(A%}K?pAogqw#8!ow@T&B?_DCJhJp z-}}dYMlV4VUa{=njF9S*43(Tm02zwi=`Wp+utN7n@F@MRMWf;$799f6ma4CQo-&F& z?UrE9zi(E8B#<2WJCO=EZv1QuFAGS#Nw9!Mjk9QtDaYmydKg_NYxF2;Q+@`>v&41@ zN>zTiO`LC!RaKS6?b3+gapjz)$gsa!KpK=FT|CSXYw7OKgkbgX#5{UE({Md5NSfhI zG}XNBOz?|h^%s*N`5P}=HWD5;=N6da`H{|Ka2OH99rI$`ge`7V)UqCu&t*{t3uHfD zM&@O_8^mEGMBiaKS8^8EY&zx0x1-P(8V?xt+HayQ zV!Y>5Wd3a}DNToSxSY!-+Kvu@)}Wu9S>Jg|Rep5WDe$9*>>Fa+8$d3X<+_0ub!V9Y znn%jZnYq$k;;^etba0{~T#mn!@cj=TZ^_^zg3Ok}byaJB?R9T?%~kKf7rjPHs~%vJ zru>bOPg@$-6FpgTN!H3EB(g4D{`8Go8fX+9FuSyOJ8EtU;;UW0@dQ_y(@ex zNd7Ka_Qb_SRuDQMSHQHZlMnq{p}74m)b9dknsc&dQJ|d5P@-irhvUAaQ z0Q^gO@OS?i$pvJimj{la9c3umkcyyju@>d8rWFi=tjbp6;mdOU1eV=~y~armFE!un zG?@6m$DWoMd}1kU1!09qxZ1!Y(#Z@Se3o`D@E^qgvGdYP(1*Y3WdKTA0eSb_I-7|~ z4zk%d1uhhAqy6kxbiaU(l_;qB?DQOEf)njaz}Y)Z5(C1H-=+rx@C{tfWdKT`0(nX$ zhJ1Cd+^XH5owO0dt;ugNajyc<;_01qW$HcmTN9xx0x$1zcg#x_M(X}FJxFK?WvV~= z_firReA%iG-vf&(Mlrj?53!+ypAk16_jyWHkZXVwG5b9=RwCV;*)qrAy$$)%XCM4i z`2H5zPH+V;TSG<_q;uvqfnJ3rV8b?G>M?s|P}vM)t}c zXz;DP&-V?=-3!}9Bux`&dTV5Ms)1a7bGzCe)$J-)i28@#9dk3NMydT3IhqbX2OpP_ z-AW3^Ort*S#)|f1w%!i;9dGhkg;%JqV7!N(B@Hfar6fwYRWW~-qiMQjb(LldPLze~ za~auc*g&or1p(m0`Rqb>{i7TM3fJcZ0{l?0Fm1z1_a-A}exl=Hh_$lvzNV+n_liC_ zuD9TFE+f063mn4p?TKrC`6?AWMDHyx>9E^_`syi2*C~B3=tMPQelSF$u~~LK3+;1J z=@mIm!9Vl+Wn_Po2l6DEhlXvwSmAGtUlfN-STtJcmKE>R72IN_ zc~@O_&$tKdj4}``CjD=>P+$xCN4DQ(n?g~zslN(i`VWfyJZCNKSbqk*quHe&!_+aM=THnM;N8Vgcx)Os5{Ps9r=ZuE$5ia@Fp!4$9V!|fy|YFtJ+buQE`qCv&-=}?+joKo^VJ7Bxn&u!>)+Nl@Q8tdEo-Ab z7xC!rM`mRO8>21q_Chh1xEz|+6lB#Cb%^WND@kdHD0Oc%2ftJx9a4)z=@r)crbo5v z+uawZ)E$9?>4zD z8qY<_rT*z?sdX&S_zgBWcX5xpON*jt5Dw+Gls{P3VWP6{cG4KDJO z5vY1X`CMxIWAa@$J|6f?J=Ds-?&$EDbf{mdcqrPAWx(i&3o|}`BiAoM)xF7Nw%qNj zNtcJk9zN1JtwBawU60Z=bMkcF%%%-41I13_h&Anp0OmVtm-;IC$M0W0)o0$YqwJKy zc~`Hn!Y-ukvyN$o2=Sh~T}`*hFrg&XPZY2@`82_J-2xRVRM7}6di*6Ms9bHIsD5CT zIFQA_;)fvQJaji@fMXa!RqT)L+embeyij*qgG5x%8^-jnhE&qb!NJVc($2{aBK)sT z+5Fd&U(sm%Ga4ztVHoJv-wo;?!$dF;D+$V1luPEDCBQM?NRhfW#a;XyNs%TRh;6*Z z&gUR2Fke{Ki-o>hryuk}ee;32>7a`<6!CY;l(DQ^g9Gn!U5scO$YsW26vU=#I>f=M z)ZP-8P0OmDqXnQx#axIf8_$OnHI2# zxQ?5rw@o0g3vKz&O+Q-Dqd=?@X_6Nmy{1=71qQ>u7&&iz`@o$y^KsWPZZ(@Hbjn=C z?WV70IqeO%b&=HCJW5g9kwG02E*!tLTw~*QOg>zL;i>!WKd!|aFc^0B9u1+Bjpl_&5)8n=@!laYc zcLSng-XnUOS*|*#ADhjU70qI~{7%>@(!`y&PtJ+-CN!g6JT%k9ASqctcQojq-+zlr zFfwL(nk(@N)9>?)%tr>h0Yu-Em9L*rc^hcZEF$;PQGax2MraI+`0F?Qc=fJ}6p@1S z>6>_TPtC`^5fYrzg_cn+9gO*7c{Mm`l!E$#5ej20Pa@2mSPLXyk4`a?olNH!--~@V zipf@2A)`D^Qh$wu4_0+AqGOD5m}p;9{F|8n=j0DodFfx)iSVSVvcIw;t{csp->FtQ z`$VFw8aMOm<84C&q}JsM1xgzN)@{;h<-P_Z^6DB$zGLaSb9ex+l^QCoe)TKq0IU%F zr2!MvXEE9OUSAtR=ky|6Ep)l*RS1%iGY0i;A;4T-HlEhv_w|3Vo4oEphu9OT@G~)@ z|HOYCA}JOeT9;7Y^9J%1@Avs_tFQ_{1f#3Z*^pdu&Xpbmd5-fwvfW3VEC+X4iDUL# zV``Gln&7!n^xYgjm>Zv4cc2ce7mE}Ub}M(IMP6stlZz&_ zMvs^j4ih6`m`)}1T=sLoSrfcrrp0zU=$$xKL3H5 zrEZx**9CK}x1Z-t77U!X&U%Q&jFpL<8)@Iyn-w_vZcxcaBArvmkg21!G%LP%*5gmD zTy)g9tV#J%0R2flN#f!+@&2l4pF45ftGG*j1dqQysVNRA$+ zM0ldaqK>o%!)WBqcSIyL1@CCInChOP-RMgh!G7|%t&?UAhD7E3JiPX}!Q_^;>J%#G z5~pu1jl1{FhxX;ixG*slGY?lg3p;0sik*X#6@Hf? z&l5-X>vWY#jh_VtKG428%&RT&h3k1)^RAo%c}A{B!a3s{oDq*`5J}$^5a$q+GJvDP zVAKxlH?js32~*?rW(*-Bs1D08zCR7d%fkvXDy%&G0vx>Dyl^|g&F1(&+X>eMT%h$9 z9jQh-$LcAru3Vtj*Q6s<2bXp|nYX6zaTP$kzC}r)sEZg#bg(+B{+aS4{3o#Wuo1WIB(9g)r!pt&) z{XSMiyG7mLR=TV=Z;FCL+Yde;_`QqLOw9=_Y;0)pS8934K*r`piiwg5#Z*Un;eqXe zm!7x$%O{b));y&Cu(nPqke;lX*yBOhX@OL++Jd69#@p6_4DFK{x44ZzXNvwI8jiIKYFPbA^PR{*tZ}hnFRT<4Ot=}mwGu)jh1k& zX)+G2x5qY2j^x3!w7)q`@c-;I6Hy@NdV8Dw@>Kq*WD=EvTI~I|xEP2&V9&1o$R&zc zB5h77>JPyI)>-eNLDdH z44qZxnN=dVKRA6W_NdB!2?MXBlztW6OHn10=4x`n%=llD(-W{^V2z}SJx!xW@>QWd z^)^K)Hltdt0`Vac67d;@HYu~{rtjx%^j&HjF5!Q+{DlYr{os4X&~z~^iaxa88dSFP zu6IJ@9ssR_n%>1hTNZFffJAoP`4*{*n{EKp_|sy_+NuioAX?5K%WLQCWaS3(Pgjh1 zb&KwIg1`FoznHL!1jy5GXGu)5l4p||U}%X+*OpbPxN56H6T|c-`;E2B~3hgRHN98#1z4inPnTi{2*B)U%dV-C@5caHZ1jN(FL+F z-4$q5lKu^(Y}{Z|Uy&{rvAvCd_FPBYOtw>-b+vdF$U!XtTIkw7 zQAMQQ&lGj@XFkUNKO|#IQ*aX%U+loxjoS_tJ4WS!-gY(12=hFsxUIu@K>gDV?WA2L zL&E^*by@q@Fs=W8-nzjElpy%Cv||L4&GShruZ$u6qGMO9aIk*z0c* z@;yY;4*C$3gW92M`17U#B6t(!*QWg6TO_c6%)~bOi?p~rvc1^A(Y?8KpLc`O>6T9M zV|wc->=_xSb|9C}7ISNRKy-3bg-r;F=4{4tu}tc3u6Bh(=JLpH1y>?7F1Qcd!ur&% z-IG7-q1Rrzr`|gPMptQ)>@hRt40@5hm~u_{I8qe$9Gv_B4@*Lj{75mL4R!K9cDn88 zH^|S$|IM4V-(=tBfxQTBZ8fs_{N&e)bCT|!<3fvtfxR|0i}lPmmLZ_wOh8_lAAebYmpE)LTt~Q84bZx zC9ISST4{-Xh9P`-5~bc{pP9~=J9fA>(QY}5;&=+Nl)%a# zXDJU~Z?+-O{~Y#^`r2@dJtKaH<@?gXcf1?^jGX8(fn<9PWkHJK_{>()t-Ng{vKgI90UgTm9b@8F#EOK+y+a-$x6F8vqz0k;a= zu9yBPhyr=;QoG#vbFElxu)u%In5$f08|8h?DOyQ|xTvYuhleZyt6ud1I&WAfL&zYC{AkQ9FNZ~j?68EQ z(&HNok>rY&yu8VIkhK6Tv!^KvQWg=c*OGs5n0zwd5l2^z7*S*_mq?!L>yh!i_8^MZ zx1;@0_(Q6Sl2q@!z+{(K83nkMNVsy1rmnLiw#(GuZJ1Kq>Cg4t?4DAor^ap(Ew47_ z*xw*sc*JY?na>6A(k3n*SrSEkaoLW!9-uwD5%(lh&xBM=sWtM}NoX@$NLgxihR>JS zu+lmWdkzotLV`Ptw!7fwaqna^)z`Ljo98yA-+2~svU;i8Y;!S=a6M=rG~@@J_vEs* zbLixghOAMTK4ahh3`Ne7t^VMg^qSYxEKB%-4-ztvyC^U9_=Pg*+_U+Hb=q3yyPC@< ztdI84r0%@HY8JEzrT9U3!djd2fH%RRnM;D><1AF!NLB$4iDkR(7}+7T-;H zMcYrrtbQAM$A2fK>15BskF4_~OzU;Vu+8q2qiU%pS`rDt?J!{(-}!Jve7Be7F}OjQ zqxomj&;{572`4j$_DVB|va_p|ldqY(yEBAA)fwXAVP)wIv9z+VbA>$cu!1-_L#*7~ zoqgcfsw}|)zJ-UCEBF^IoWb#gjWZi~hsN2%!WL{3%v`;}vjV);qCAtOw4?7dNtoE3-~w6@~$5mh{UOlCb)AN&6J(4>iwK zDl&_+e#gJ;SkY&=oW{dt73x}qg*0s-?;*p4`BZcBV``c;dl9B5NAtR$I)FUs2+zR1 zwp7W{A1btC!7oX1I57+_Z@Tpg=!Ty^f2b)9 zO-w6>X(jT%3Jv20z`;yC=)R9?gRAzaR76XakHKpP^z z(nZNn^l7S3Qd%gq(|Q~B?0`p19Dknuom}xl%h!v6P;cp8^jj40Oa(?18kngDS(~cr z1%@6upd43_qO5hxzTX@5Dm#KEqqNQzRcFs=^l$FwE#EY9-jgCl5w_BE>q3a4KTdd1 zlX>*fcXaz6!Sg( zai3{llT&=5a!Db-o-r2^;U6)SkMNDz1%@AzIcq*#7O_r+1oUs?9esW#6=W;>>E24Y zK+ckA9T8GfdC}X=w&zwan8_9QE1qgiRc9yYD+C-C8f_jW6vi2; z_A^uA!tW@(K?B(c6m*0I?x3rVsyG0k>BU}r?emoydO6n^wpsCF5zJ$SL7;^_>|X1i zCJdB;wvNv5aY6BBgD&X}xF|$bn2`ystE_+*-zYmP#esCuja73I|z+ekY4e$dJRhSY8lZ}#gIE$ zm6myg`C7ND(R;(>^x9L$$BdYuEg9w}ySGnl7wRLa^DU20cnWK2Am7pzHqRodrHDfL z1oTbkZap$Np;3H$j*%Xk!O(%ff|kv%C7}Ba$F%T>#qns2{&0P(w^V4Nu;F{AoQ)+$ zI{=MTVPJg5;>pU1V2Z|46j!c^fJTgTVeKcbt%kv3^^vER*fQc>PE~;=(st^yxx4Q@ zqyD3M8atMB?fmH_3oU{=^Tu2Io9`qxKUL|AUwG_IOiu@7Y|K+l}-=`HcFO99o*5)8IT!@0f4_=$O+KO|B>9G8S2UWbHRflmBuv&>JgT0N?ATf<%hV?X#N}qq2BB>$Kdg~MeiIti4Qqh zb~>RDU0o%$+>j5km;mkYec_8+skPRtu;|aBmIAo^u#m?uqK$o#I`@1_H&}#`;s+9G zKOXRvnmv85G3_OilV7N>Jv&=LscVAJ593s}a&`hq-=BF49J*Thf_JX>!$fO!YvOu8{btj3hGHW**Nm4d=GM+7$T z+0xtA5;V0*d!tpQi&5o%=B46r#ub!22{NwnuY@t~KJ7(GV^pEIqdsftpILBkUe?d~ z%k#YxRJ?C80n=qFsWXN1V-)W)p1*pzu9O&N*TlpU>O3dqge8kY&v=IR)kibQNh1aE zhKF!uLZkE@np(G`0sIUc>zQs5QTMI4Cew6l9}r(Z5gakL_4T>4%qi`?Y7u;XO>cS@ zr8#tIL9l7)J{ilR(hV_!L)d~;^3X}ItNYmZ{Sz{*lIxKJCbT%q3MgOOZ6hOF7)@G} zyG0KcNJ1Xv=2qR^dj4+N^dyt}D|WiY?K8F((>4LF&Wp)~devHOo}mk+>~p-JTL<@1k-+JXtQi~-0G~^&avsAlsTr#V`MVS?n_dR`-sBM!GW)P&5<7LiEPo061wxyRT2?Y_3ioY1wOK6=>0y#uQo+4`H zyi1w>Mfc~@WAE-+u}=V*NOOsC6}aMkKPJEJb$>6#%M*Qw22V*sec1e9N~-it=8;#v zBPt{FuB7RET(LTNc+iJQvk3Gb($!~UC*F0!x9&QwjUba&fG8PUL z!1hc#uD!lY6Z?cv6S=GR##H>HJSyghF;`-`jwrv|dZxQ3^CKQ(^>>45XT-X>cV@$y zH2Ks6Q>JrfB?7BmPpkWF9SEp zgIA4V0F%yG?-=$M)-g4IK(t_9?taPjmPfCsTb2@l98WX;^Uy9JBg#2XT>F-c|FbR5 zT@8WP6wzci2G%eaVxMTn@mrzA+@Oaw?rI|2Ci*^q^q%ia-x8%f%^}~–X^DxG& zdu{~-XYU?GM$oV);kdaX(uE~LOP#ojgT-9jwUf$a(q7jBGk2V%w+oO5>fKKQ>Oy(m zAK&2Zm!wb1yw;@pCT!q?I*QENM*1h>EzVxfXq;pZN?L0d@n@ZF=uWufyfzNytJ^g} zItN^W1QDy~r7)-3q%;!A4aeH9q;{&J6PCzmWW@$QzPdDd z4v|KwcM?@?Y}vZ%e8363uwFBz{xoAXd4OHi{g|&uXwWy3@`@Z2;`eYl&DYT+=I8S@xB=hc!=Ah~^GQ4MEP)$%Njy-L5kW>5T|tHjL25 zt+{LCikz70Ew~&_o-m``CdmG%F}UF=P5WGUAVTPgS)Rca?b?fEZs?8v}QuHqkfwsaeV@GorxKqDr9ci(rn*S};JM3d(wIFuQ_Ys1e^XP#@+}XEl zD9q}m|H0LsVC8IQ?rH`1_TO(> zNSl!ST-myG6v%o)6YOM(jE_Pz-#XCSHla;g&#K0PJc69x6aEXY%_p^=rHM-DQ*KpE z$X!{;kp9C_ir@+d!RJ?wt@kahrnV1+(u?ZMaui-#fa?Om@#P;K^m`5Q*`9AdCe+2J zeSYV+fu&=r_pdrC53JQ!@^xxvOReZ8II$hD`{EoL-zb%XR{|$A<(}Svm|+_{g^|&b zSyQ8n9sZW{r=z;So8&UB1+k9DkOuzGC0xVDt}cmUgKR)HZfNSmdi~yn<1_(gmjh$( zyQ)VRzxh)U+z1xXQUAcRT)Jsi8NB*H$b*1KFe7eqvi3cy!c6HQgqHw*y@5w@k_lU~ zfM-^uX`qEv=6!GjOymzYG01v2S(?EKGl-5I*f_ym1-3kY#p(a>fqd(u-{|-#AV;|-TX6w`YUq&a9$`4NSb3s)8(vgvBZ;( zAeawzsk@U|ffQrPse1@Z3L`4*OhGI~t(nO7Cc+g`@=xcH%Y&PTev}^tb?Y&Y=M=2Y zor-%)?DZ_b81}D7iK-K&8_&SCMzcQO(w^Gk1NHff#Fr#^{S6MLOA`NlALN$02a=MV zE!ko^Rd9|%pC!xA_~U{DY!L+cmjl!z?dn3dS&zNSzeGyQTvsiHStfmsUJ|Z6_7T_)gk%nqG;UH$13l3K_A5BeVe*X z5OA^w9nHw+hm|0H#oY^ZeX{YwrwQ%m5{-7UDl)<&sYfn$P>JvA_tty&w9U8OWmGUl z9@ltL5E}Jo?*Od5aXv+!^{#nve&_@Z#Q^6#@iWbUdm6G6MQidav*k}Kyx}BU zJ-Y{ZruZFg^04683=G=lsgo4btk^-Li`WGt|Gp!s?_UVlt0GW09&Zw^W(=NlkLp~% z-4|zh1T~(yK@pE5$>+*a1i_jHgzS3F0(Ju~#K;zPc?FW;a_!FOR zf)4wOAA(y2?yyU{^6G+#j;hv~>vqF0bB!b_!R^-3zMV`_xMo38N zJq#wIvV)f+(w;c0U^()Bg`LCxeZ=zG0U{6V#bd${jZZUiOLuB*oH(%gD{Jbb`^Y#Z zvUINdQf@sQV^CO^y*EP2^WwW+W2vn?m0^DAMX9Ii={%#liTpBz*gdpznX=DGjIlN< z#y(OmKQ-mc^MR_sN`pw@(C{gLTuYdAK^O1%=UvSvShc*cP0XYk0L?9CoJ5J=-^@?( zmU|Gz#Gx~3mw|N7K$TqhY{k|g_8F`04FujEOg|+Dv z%#IS=BsVzXowd`)2hWOA-xyzL?X~*vc#qKTR+ElJvJvg1mjl)2iXX6AiQaAxc#l{N zd$J5o(Q#0O#i^Sk%s8jd$MyyqZX=U%9D&0-9Q0(R^z)o~WT5A$GI}p^Be8xq?1Uza zJ|)iKv1YOScQWorqQ%;{?8t>YFp4$pTPvP#Rl!}5a(=G8F8r3G?hGt1h`Ro9lWm;m zM)9MAGI=*&_w(%w_H}ku$duz+fTw7WG5Pxx1jz=6Ng8mlNG`OhV@OP-}t3xHZ?w_O#9C(+COoJ6pW}`4|1pnm7hvx#*%5~Z@g~h_f;F#=IhuqGfBMuu~ z6FDCpI_bNLY;PFzzbo=D&DbvWxv~ui|D@7?C9-9Mvp)VsWMAsTPzyklrI*YQMHdic z9`@(YcwHpnAc@1kp&*Y(O-c0EfmUHf;}8BIn{#ZZ8GpAqCLzl&+*# z!kGSDqf1q+!4KrPx?BDJ=F~53Kz|ARZ`#m-AD2SUEUhbZc5}15*k~o~il9izS!MyJ z#osHqU2jn~q%7EeIPfQx({@eagtx@fp14(DOFZI&ud;8jNnbLSdWd&s4W&`52EPt7 zGD7s_TDKgzwqZq1sPqGuM^7c(uMgZ0HhwI1Bn9aVe*hfq_6^^+^2x;MGbE$Oj^%c1^9+m15TA>L`LsDd+=8d8t8>Tr#~7<85u(!-g-f z?`E>3tEp?4S2;wvL^ztz61@NZF!Y%Ah3I=e_;w`P+06lwE~}eDb4iL{zQ5=8bSPol zZdg@4i8PB+Vy38y4Q&PVrs^dxzI+cz{t>EOy&LJ zZXCM?tI6H2ha5bi_+{L!GBkMl1O90>y+x!=YPrPzof+CcY;|fWkOFqn&P&dF@TXCm zxz2`}WheqSzVw}vS@LH;5Lz zI({~qM~P`O`g(^MNdNGiec55l4q9uZ)F50sSbK!q{4$VfNK~n$`PC3N=1IG^;WI-w zn}v9k3#7oh^Pc_ksa>*cyn*F9I$b}URsS?S{^xlWa-#ey8sTfhD2&8{Q+MYNRZPqJ zJ)A$^3Ah`#Kq}pwYAA9gwO?;G7$K{m&Oo}by~fLC7915t zq(bB9|B+rJBkbA@9j&J|BD4JivW{UX%x$~x8QTyQ0*zB<$v>(gch$PTAaUst4EE{g zAUItxRJest%Sy#JvQSTH>67Q!=~vUz2J;S@qsP73(dVnv!KQ?KWQ48n!s89h@1%z- z%O-HyC)rqUF#D<{l4G~`BVA}6r%+=q@{a82Bz#F*_3j&1S6-#j4fTIx`j$(dnJa7% z#mBpZsWCj>yN~O~nu>nFisXXw=Mk9{Dko&3T!{yvWIaWbsngUgYW}Fsg{p_cfFd8)nyMKNB z&I-I70bU(+22&9D2XSW)PcwICr+;_=d-^Pd_TXf zr-Iwnje<_>wT}Y-MVC!@t}y_etTISUp&Xg?j&-^p7ix~%^my|FxNJ{t<(SX9_{Kv% zvlr4fG2-$5P7jRf-(Jq)ueY;s@Gxh!b8@$G1wRSLW(|Jc&kvacJd1?EZ||{9%J7my ztl(d=gP2)bx>~up!ACR>&Q5RxnOV5od0JtpJ6M^ySwTF&f1KTI!RL0CKbLkcH6;Qk zBEH4iWSyJH--qyhmRLPcp1OHs#DiaUbH;vLm4g^+h$;7tezhIp=1r?;7~3D3GRUcF zL)2ZJ?ZNMmf&I^=Q*4|({wIfg2fy>D5#M4y8aR!pSYYyuai+G&{Gd|_fPRKzh6hyN zF=Wh~Tkfpw+7TqW(;8{@(;?*lR@kE;f^Hc3%MDj9=Ul#IXDpCs7q48R3{VWm9Ig}G zxL1epE%?<2kV{LTO2UDF>1HS+OoKGKBW5P=+yhho^CkcI*~}dxp{}W*3~oxmci_xi zT)}S%f_?fG1N?e+g{cw3-Bg2vR{KvW`u9(OZ;vbw=J}Ya=G5-)|k4%YrxR<3DLq z+^_jAmXmnKe=0o`aJG2;|Jjt>``{`k@(ahKHwYqBg-b8bcXp{@<}Q;!F3Y!lMmqhB1v>D~Q6d@zB{?{xv~zd2vV=JLKwO;N?A+n)`LEvqzt(yQh|Bw1 zMqhzkx(AJ4eYe6r$hJy1X=9p~e~eOsJI; z!~1Y(kP?t?q>+~HPH740?k)idLApUgx{**i43O?_P&x&qMe4Ufy)Uolxt_S6_rG_} z=j^lgKC@@fS~GiMt?#T+WN*D0gn&H-8#o9#5!I|ie1>?>DW`FwSo9EX<4hHkN2zw- zu0f8QYz9)Ok&C?&sn~+ArMR1-47E7!G)Mn_c6aHC@K)bwWx;buuEe@|}3c2)=!k1RgW2 z9)(;!R+O3TC#z0hiACVDX1C$KBSDPr9a2T)t-};`a@bATEcPv52QMD0~1648j#7hWm52`FZ7W9a0?(wU6PKMaiFb z-Cqn<9qqO|A~c`UF*-dzu&-*W4ZbYC3|l}VwRp$85u*CRG7HHMm~1eBs(U3d#$Oo7 ztvcH}h7viQXL*mnsWq4A^J9!BEE?OE3<$CeQwJ>EE6aR@VvFCO6{e=w$?rH+NHG4f zRjov60kiz$(TW>7$JL9{(MY&NV{P}zs3-wEJHyRO9m>Ec|Kf2|3FXbO{eA7TlFyIk zVD80GK6G*w{ZOioO?HBwCt4Ci`gEwkERG+Ez=4`;TQGiy?%ap`JkE(Ib{H?-1(vhj z@{k*cnIObulSb{nd5^#v!X4hhAf4?^((Iv?%n-HPSuoh$NaP#gz#(Dowl4p$Xwz{ijr0AAtU#UZ{;jLdIY2OJJbJB;P;A4^0K}X{rin_8$-d$=!DzQR<phAnCT+I%!syR<`j)ck=&XQ4PqgN`cimEiLOrH^bH!#+m6aXLyh!~-!#2@ z8{iDu_$B_4%i9vbl@$K%cI$` z%tM05i$X~Dmg7B1CFvCdIPsCsbsYOfIeRwmi5uQ`gzS9} zm$1xR&owj54KQGt`hsR@*}!#iALDX^h{~hYX|p%jPj%;h>$Lx?aSa@d6g&daP5Qr8 z%#^C&2_u5!R)6w9tQfow-v@{vWt7 zzhz3;#M0jU=bZ8HtWf>QO8FEB>gxzET!NrUMbLeCHf)z}Xx7fN0c7xhb*t0i2@)|m zTJe3mHK5;$lIiyEv$6>d80VE)Dp)gh48y4oUv0vk)6`pW%VPY9%P_4KYO z@Cq^6f`d9Ey0NEhP`tQLG)noKf$hJ~jpQ_l3k1^GXcW|QiTxY`=w_X5N$E38fUNQ$ zrD`g^7b&bTYFQ~PdVKeWTAixt{{uHaPk&an|Bk1>Rkm$*u!NRs9~DSR=#I$CQ6ap| zm}ZYhHw7Ifp785D3)pfvMSt_dN|Cm74~Bc?-{(mKY%SYN1r<$EYmeOhDAv3#BR_d# zu7!gBKY6r1`kGX$w3SUJBwidIvJDY0S2O%0Pt5-_Q-3R{(L>OAoLt5B_sq`SFL70K zT8gbiPO)c6;1Vsg`$Y2|+EkrydWZam1XUj_e^2`NnWBgUVZ)wq6$s~jcFP3DqPwXn zjAbdFPCy1N8&NF&atl|n$|lc4fz2r;_vXm|#FY8%8^rvp_8HoOVP?#K~rG<1tZUjmXV!bP@Ctj?slVWnGA?q+8<$#_Qg!!Z#9@`jn-#|rm>Oz`%LW% zf~LJJMz9$mjlK7M``*_H#m6G$Inh9-;j>As36zwCB z2@rW^dJ`cKLJs1Cvsq$NAPExx3mtrmQ4v_n0_w$d7LJ;-sPQk z^gb#Lh;{7>E=iA}jxBnIw?#i)<~EQg8^-y4~v!b z)F?cWsO4y0m1YU`EfMdUtPkUkkAbCxn3NB1Qed^F0%G&$t1Lq%P13JZmh|2(4isB0 zMhXw$ksHV`#HHvyS7Y?4Q--%e5Ibq&!|ci(Nlx6^){5B4tBVu>exQ+j+Q7QzncgvI z5bTS=^=5Lk@I5?pE9|rr@cNM3CWGWko%>iyOkV5j({4R`{ls@ETA5xYBtH}~MnmWDFl`>5-?~{{lKI4aW zn25+WuAu`b=O63es$safj>`LTKaz7Ao3j(@rn+#225kP;Pl1}L+wSyl7TX>MAggab z!AR39xpVgN(R-wKrwhS0zVE^1M6W#0dlM*{zK|BXnB|DLLN7+X+>G3~cBD7Kkz0Z! zRw16hlkSU`+sb~%Q!>z41HvGJL_N=(d(O*cyAv*303^&P`HGM9HwQu(fY<% zKE(?y8dK@~sNLv2+FseuN zq&5Oi-dt5J4mA#XEWK1}(5m~kO>u7!$m+dnw?b}6o=4a#6QYvN(G3`x@PS@Co@}Yj zbVS+{q?H{%bj5)_)$mP5y%bW6GAd||x^p-23x7hh-lN1d!9$LAsykcgac?EQ@y+Hx zXIykmCW&Z`!gdo|57~luX*tVg^eS;SPt*{B-x)jGvGPGh5oO&SHvMjHRXxO3{J46N z;Ho!=M1h_;%7?2jXn(`&n_oZD8uS9$ImesewIRmXBAvIEg1kx)%s^3xqp+pZaGL6~+xN(faZ+?^11!H$&EqRodgpZm8fB zd(bt6$eI0)Yx&l^$vgCLJ`0G!{^R!{KfMSLLQ#;Rf4G_jT?f>($AZ%gX1Zs8PBVUM zDMZFVL#cG*hj85&rS|xGIm+?t9&+~!!Nn`Iy7a{ar!}=1AXuJZk*GV`U&^eS;14;F z@w;0KgQ_40^PkF~e|1#6$En|M82K%h@gmU2g)l|@iZ~jaO~4LOH)(CQH~(l0XhGq~ z;ohe}(ZI2W0XOH!Bp<5O4E>+Pa+(H?OF8$I9MMrBvs{-G*eQ>L5@3))C-*V@Zw<5X zJZQa-RYnRrW_wH{QME#>Z6kIO(PjW6d&I7{AY`iBN>lKUQPp_bu$zsei*8u5E$i@)*q zw{rhOD`m+DWYB+aI`!r|L{0IaZY}6H9DMVgO9XU7+I5Bw1hCiAh}S<~Z>A%jS(sF- zCjL7^w=cmTQb-ncwdE1hY^-Z@5Tet)geJn(!yDbb zK(c8xQ@1(oo&0~~$N+3uqZC~X3ATB6;oRc)kf#~hYW%i9fVg8e68#=5+&p8aqsy%S z%gehC>8TA66jKi*?itrQ9EUE39%qlWHHDdWh`=nMQkq&uJUfkA;V}b^ldeE@vBbwq1c7ZL|Ta} zF)Mi*T1PpHuMIU*jSF9eF;zqpMF9KSwsMP`5I9 z8CHIG$Pjz~QLp03MbyVdXwTd1uJ4{32(8PC29{kIy$l_^JeN}wcXjsO>HVq56is($tG!x2~-;M7!tdoHYQl1yW!l4r}ARb}brFM*cQz@m5iGnX(B9adzu7A6` z`~%@WV}ehaD!PU%9KSIySBe#70M2HF;+T@0u>JEp3Ukb*^%NNXXN}gV%kKFV`X}l0 zy!5mf`pe1-J(V@2wcpajFl&5X4gzh;%9@&&tC64S*PjN(e&BIw!W57Oi_fcL##%cYyKt+dtTbE4*FTL8{ zU|(ZGP#-BM6)e+bMYn~G1s-*E*&`1e;;+zvf25r?0s?H8AD7T*U8~9jIUi{ z-bsnlZM;Jk8HX^6I_{&l=Rz<9?^DwfJ$dyzHmpZ0Til9uK_yJq@3WL;#N=aN=QQ>6 zHGc#!ApqpB`g1-kgw7xW8o-Hr;CzM-%-vt%tF4kSW zZ>cj;wePiUu~ z^YCE*DUMX4k0myB08rl<-G}Z(w*p5dvBW3PvR)Wk_r6_D_ssXYzUetC@nJ~V0MwhZ zU1Lb9!dLT7TEpyPna#-Tx73C@K@?qMJSFLc8>-#YepYUx{(`=b;qQF*JYpINaRF5p zvn8-~7~HD%2qR~2$aNBz4le_QpqC`;84dRGmwjdXa;qUtl+$ad7!gfKE8%=kCVjmE zBD*^o*3M49LEXPR$?GWj43qm6@mM?@Q`0I5HC2q$)luk8<#*kEFEz%V(IFmvgl|ZY zGraq9H2Vo-YB5Y-MHF+TMp%-+eGehgFFYzyNx3@z04|G}Ea~jDvovq%O&Ak~UNL{d zB9eo9Ui0w7Vk_3g9fOjnxfY%F1>g^ZJa3n5#QEbL;NdH7V(( z8ue2dWR5~bq$j>^+WZ!=Cy#=a#lv?(UjAGZ0z(J`hlD_=0e}WU*HU6YMT!g-AGDr< z8ySG-cW-KefrnxO1X*)u8r%Uyed)o;rxOe(lh9ApTmkOwaR-txpcmFWxHpUuCeHv8 z^dsqWE0+-$(szFuao+BL?hXfpNXQwt{n^$slEa7^cb>rxhl5ayKAiD!p?53?n@^J1 zm(bM~dbT!iYLApB?aeN3&j(}^KI?dJZw?bEItG^4y}z_t)Z0IN(11S9>ukVG8HV<0 z=5t-UGzv0O#bkX3%G8xcQP@_fB!9p~Z^9E2HUrsF;Rjnb<}#F>Ho*WjogWX|@|1GT zg$BVE`F#f|l{C6*gAQ)S@DWevxC3Q!O=%M-nPF%l!5%>^om8G1IFG%y4A^a7AtlB; zNFZh7`Mg9V!lwy317bA%G!~=fZZLRIsf5@Z@%cTKvEvpsas||gztIqDeJWgp-KChJ zL&rqEDaFX#wd63*2&SwG-htvm9mkIx=BWid`D;&=N|R*hkd0pvh!B< ze0j@ySp9e_VeM+^dmZ)hcI-Al3rB&6=_23hg7aPt8$-C;N9dK%=z(UxTr^Q%I?27g zaY94MHT_VHbxgZ6e{DMT$LbS2oRwKRC1QI_TZ_$Zx|QuI26bN3+U>j*)hXc#}+3B8EpgLH`ycI%4?%L(}9hP{N%eu_9yYR;ph z$JMCo=Jd$Ua=y6vckKZuZeUT})*<+8c^g3GuTuZ39^FK_sYm@n{dxi_p8_z>KtJ?3 z?k=P<2cMmX%A9yEs958lB=>=6+>Og03T!_Prk?QyB3WV8*CjQ6d)x!+HBYFe+IG4( zXr2zFToaVH4IAL{fqI)aXj|L?p9Hs04yC7^$|dlUtD0_Rf)5>;-h;KLA9Fmhr7=R( zOdvY}g(zsJTBPw<8}0I*lA}2us?)$77TzyR`|cgZkBgI2!xz~+Fjkhk51<9wi)SIB z&Ue@9hGr7V8Bkwat&Zy3DOr%-(OdA=L}wG2ZLawG9jeRpIK@#-mPj%X{|-Qt(^4Gp zrnuhKm2koEB`M|wu}2UK2(Y+5ckaX#pyuMcl(SobqA3_)h7Uro?rX->Jh(?^c#>Jj zJx_RF2L~@>xuL+%_GMVh#XH|2vWZGldfkb`Nht=_n1e6#GoI8B&9WLFb}G;*rsub` z@qf~z$9`atEAD4<90T~x@eYdVD4$iEN_4fsy-Pu>y&Hk+bKsjkpDviP?v=5pm<_wC zU?bmn)X{k)_}U{NWdj!IYF1}T68L~*?ZUU~Y9H-Yxrh9zv^PAHG%EZbHjea9OCCRyC=Jjj4yB9cYgy zyD@ee{OyOF0(>f103$3R7uQK6eYGPsNa)V_1L&GN)c>i|U!22QPBHY^V3Syw< zJlf?_ugB*J2785rLU<=D59T|FE|4h?-PFkC&6a%_K!IHuJF$?tN?`CC{r#`G&fn1A zAXef$ZTaRc{mn`oxXVM-@feLN6H2w?*w-gHahber9^S~{GC3wa^9jE9fq@@#P&jWk&wxFwA2 z_U=DL85sjQ1a-!8lj-+c6i5C>-lsJ%$ab0;4P>orDt@6_u4Cl2`<=_o*|qDu^I)*yd68@&< zuj10Aj0(YF#L*xzZyYZLzLc@r3SErU$u!F)2#5Wz-VyNSaBu}tKR@4A=i4%6zkOS& z82`iDDkC8wK_>PqKIq58*wWO+^Pk?|SA{^<_!?AUXV2>+=sP@k=DSWnJgdQ5aJ`DR zoUZ;bF%9CW3a|T&CHOza-V-2N zN{m6q$-Dz@e`<9JS1KPwC%I4+p)tejs9=UKEKvRMKXLV|JGy0#+0ezp-qw`)A9(!Z z1^g!Pzk2}>MnU9VLzW&6tSs9{1e~;&bURgNX`~kVPmI0tW|fs00Uh69odmKw;r9;jzeBMU)ZlQW!e2iTcN8BVq@<#kof*u42?O zjLROE^NmW?sd5oafdCW{6!JGYL2goj2mfOPXWB3@5LgHdJmfZUFnJg#COIq?m^NJO zT?#PiY)5QLG1cMg82}Z`B@8AM6A%JEK0<^A?|Z23mYwes>djdP5iow{l25$icf_Bz zPYx&IdoKRj>ea?qw?-?xdL%1!ADZ%q96pbP?R@gK`MR9xkMCHgUa@{!BvfkgBa0%i zYS7i&pm9!r7xzgN|VTC%L-$EG-45=M`nJ)WEeNBAuv3$;?sCpBjeaK zUYVMn7VO@zdxaZCbp}gfJ1J26`IsR;x2jQ2y>z#gI5eNMZ}DsN{R(n{9*_PL1b4}?1W%_8|!>_G$OSbuO4BnSv%KEHDc8)P^CRrWwMg^yMR$zrIplq&r ztDp)L!nwA!bu2D?j+axgUBjbOXBfWBu_DHK^kull^vGmQmhNC9eG)n^XiSPtk}~8| zpyfKwZOZpy+u7Ke3ALP1tl082ZS7%{0aoSFa0Ee|VCrwy!#eWGR*WdJPW zb$xpmUZ-AlxBA}skx_Qr^^}d_v3NfOmB3DdLCrbN^6b=2-KB|h7GX3URL{BLv-rNO zXfh0&p@*Ci2e3t%NEHb|lX%&70GkjI4|-VZw*tM=AsG$Q&n9QZ7evpHmBzd(&S`cv=C-Bw9thUcakE}9k*aPjU&(OK_Vqj5 zWsQ4SghwAgI(br8I9|DT*%f*fIcFADIZ0tb`Ozxt~;6Yp{Lz0O;0lir;xk#3RBi?0PIZZHX&pGRNX zt3DE+|HSp~hpDMeJoB8uecrQ>%qkb1b*674{Lto*!4vhlx>VIp%o8(4995QjW%K(!Q(OuXve~>x`bfR2?q<-B~Xw zZ)-T$N)3_k2fMnu#k{hNM}BV_{&WV}v;L5Cg{$0bAnPRZ!-v#OyMl_`1UUs|LetRY z&(^^rB9#H06*cTGN#XVL{=^rKUsbEmN1B{{929*ZB1_X$-XkAmNc1VYonI}-EqTNR zViQhuF9bMkN)q|J%+Q|(cMZMcs7Ghp+wkR~xkbIf;a262dxzEbQwxnAl7%6WPZP0) zq{<%ETj-C5!*af#q<&I_e))Rbv3J%YKaebL%QvF!_8|$k=RA=b)d}OETXL9O#jJ|y z^}SMudRvvYISz>K-SeflRNWh`~I0>17?J(O=l0aROL^`x#yaK@lm<09jod| zfc@_IkNphAiZXSP+tQI8)3&d<^T)8%lp;>;-FWOe)Yn`$Bc$ASMJq4_?@5|Im9KA2 zWsi+2IWqOxi+4$c^iMh09Sm~nOwRHC@ScsDm1#;>V=C}QBOj!6_9FQpOQ-dDG?VG6 zSvm4_GX|mn>5134WMj8h!4_3tHNuC&?l1G)-(R$RInQd0@jTxl_GQi(E?j;VROV{Z zKZxbj;j46(l|6(AOH6R5PNl0Q!ZreRZ}B5?)v920y8^X*0QX~k$|$Jhf!dz9c;6Nl z69cX}6Qgzd5(zVKtYw-sW$c_EBw>-w9(q3u$G+oKnrN{#hA^Px0qf!@x6w0I-d^AF zp0F=Cd9y}vatpU8aXv9f)o<({HBv&m z21K=e5e1@Oc#<6;*xbA8v?F=2Q(Bq6Q(&-xH-vs(8zT|}zWS&~IOS~~%L7I5Cn-t#T*I)O9Nw0%VQr8-hJ)R{Q4QoThpCTvk?=sd$uJ?A+5kXK$@ zewSPPSd5O8<3TBT^|#*7-0=|$ccVjPckjDI#NRC|e){~2M}xXT+|zE|ubFI`x{}!~ zmUDeI30Yu&j8pDRL^7hi_9}n}BXH(0O|wW?c3+fHJ81-Qx+J!zFN_^obc?Gsz^ z8NtoB%9ce`Ns`O&Ud8)QLVv`z$oEO*X}nBcYkQ+jmW64uqd=tSJU`wUbAZgyx1%#? zkND7{hS7v6+_K3@$if!Yzmol9Fa1%JmPs9f>aOF{xl>2S?kCJnw<8d^839??+rbC| zG`1b~wbHyk=MqwgHO)X@6v8ac=T4>zhpKnJ>YM!KO}2eu6sN15=IEAdZ$mBZ<6Xv^ zI8mQMGbTyV2KF-J@*J7A1%`{=>_qbuzIdckQaZ*E>?~@JvZ*kT%n?|>1_5o%ut}=} z8@#kp_-DJ$*TAfM zH|%-sxlY;p!b!PG9by;9v8tu{m(LpV;atEtJJUzOSs(f+>t;$!x&}SgY*>703}~n7 zI0_9hrPNQuFLkV@nh^{AcuJYCjND^aSOOLcM{Bz_6d2VWwcpLzeKj>jxVYIgMAas5 zC7tfHn$Ag0#)P_;y};UulH}0u?cpN%IP-q)n@^Lb<<97$IkYKNh7;0Jr}YaiYXufj zYw7CP4xiRU`_Kwg2fz&ws}AJ2LJMDwsm;^PGCH>zVMss3ZHkh**s5&_Gd`4KY@qN6 zaxZ-fYYa6X8K>f-u}dmfm|Cs8@Imi)VNpGO&-!#U9{}LB=O~1+tmC?^ocJbFO|D2*C@Y}zRx>D zK=q{}@yyRJDldsjO~SvQAy(P7Z0Y>UI{+n3>ICaY%uKr6qcv#2jJCP`g<|KB_n3`# z(ucn4$l`tFE0I-fNs zOqG?;t>+c_2*|UEahRh=NhUQEW+Mc|8o7}d^q*GaF;JOV+S;Cvb`#cqmlSZTyTT@^ z=u8pm8*_WiiJM+gt>!mh+7C2QvqlCvP$-m1QEx6W0m>IIJ3d*(}ukj z_HJ?ER583eJuw@EG56W_#1S9Sf;)!Mlt3-AM3(}w{8{`yK@l;kiQC8`x89?hOkkrG zG^nB-A~Y2nz&wtA^elT$&4P2fHXvN&u~{xVTS0k_yBx=k9hcu+OZ5Fq8I}7Muy=S_ zi1c{LS^_bm^2oYg!2)=QFc^5?dxc>UK2`vwt1#HE1H>R#^ zE${}oO)~frnLJ+G2nZbXS#hUKTyhlgseMr4mvgTj9UtCf_Ms$2Ero_oJCgmdJJy;k zDjmq5P21EeR{U{Dx@6=#QqA1n=RCSh3wNez4 zj!jOz_qjg`QiIFtk~UAZA}74t>f@%YzOoN0s4Hj@*>>+OKy6nQ1; zSMHVIjQW9VKwOl`=X3QI^~S6V&A1J)ppy{R70DU^7R@R+H*F7? zCSKAiJQW6*5Uj`}L|Awvkr*rLxZ8#ayaWRQ{8^Aur4cbPFlh0`E1MC2-$r^p{aYmt zdYzq62?3QS|53wpv(5M)Dsjg>5H{wl7@Fs7GVm00QZM^SP{Z1}e*vi7?O>@k2I$K= zASQRGe%Rl~dMCdzd<_6<1viK6|6Y9p`K3Nt#8r^+urvbz85w#25mZ2+0BE3Yg$$(P zz%M#T->42M!7m0#-^8c~zgQ3`sH(V8R{)?20`B&=8Ken+(On=-`zsC%NV9?WVuQa! z;P)=f&wFpKTfTt3z4zvj--d9bE&*1+Zx;9002uId%frn9AOunae)1s;W-R>| ztpd^%A%EqU<`;d#9}t58z=A(4Y-}vhn4kPo zeEaM$kcNxqh2?zv!DsA^oCBK^pm2{8TW$cN_w+07lLMX&~!Yepp#p zAX$Hv4@}li8IvIc0Q47~i~v6O7aah~8puVs%?}hLA;0Kb+2s992fPfx{6RzipyB_Z zZ{mTE0b;d8h^?P##OztN8!{8AOn1A;I2u7s_9M*5HqTU?90A{*`9E>;x z06yc1z!hNNBbmgK!^{VEQ?NvPgvbe^z{zl1K?uP*106@i18}M!m1hdHaGs5jr53UUW zbgzf}9B}mvZs^}3jO#b`|LIra|8O^7nC|Zpbf7zdkqF1vB+af$MXdd!=7Ifc4~G0mMxGq9K6r4Mp`e zYtZu7rQ4s;n+SwpMZB$wRN%>D@bDfy>u>v8#9ucFgXsu^G=xx{@HryrYaK8r^db}> z^nu(1CV&Xw4WbaC8-xNP512q0AR34qgqVoJ5H83=2s}iekc5yQ(t@Z3nT8xfND&(d z*&y18c#s3cHbh+r7Ptb}5K$9i0ilMBAwm!r08>B>kO!Z&4txTZ0ZPE?w&4T-Pf!ZV zx49q$|Ahh1M!_0@23~=H@!NnVAOxrd&wRjG?0^PH$AK?&DM(WSEI==?1iS!r!QUwG z?*BuW8ksWDOVwM`YexH|XQuZ?uVJcTig}82>h)CDRM35Jv>`+z%pzPO{04q@fn4Ed z!ZpGkJ_1t?J~YCl!dt@rgieG(gu!6^MM8eURK0VwVl)D@1hjNCIy5#kG&F8BN<9U% zEVNqiA5Sy_AUBLFOw1wH0o!4xma0~!Hri6x^1UT;2yKXdh!B}2*-aDq|BG6-3kov1PyI~I*G;{pyi@=8ZU*i%Iq`$@`R3QCN;}S;j`tNZG2T1?ZxP%|P4uSdE zPbz~n%rE-rSKIyXk2L_$S~Uwi2QW}j(NK{w(C(mNVPf3Hqb0z@#l>T#q$Z~2Wf$P* zVds7*EUl|3EUqc>ko%FXvZlU~xrMo)f}^K{iHEMKxiJJ23kwei?*Re917lHcQR9C* zT(?1TK<3~;BM}&W*OZ?|A_PPvWE2bl1~fv!z(PSQ6f79i=Vq`1iwSpQf`Y%RY=}VN zh|P9mgQ66D+k&Gq{Edp;$SD8`8TTF@J^}T88d^Gf4oQdYPP(nvc&;PB}9NLHb7XMFCs4*+nq;j>7QAm?-PunE+)N>k`eg1p((t0 zSJ5mnbCw_dQ@ptwR;qPM43SYH5<-+6r;L3irRn%(NgYR@rt_sXm@!#`~nKT?enJ? z1#Xn?!tgRh6cdd1JD6cer3fwO>PHh2hx@iC1?>tM#Kj%}EGqkLWTF7MfcpZN&)&iQo&pF=HMWJaD9udSnIPqr3q(-WL3`_Py$oVtg zdKLCApsW=yk*V@Z#2mXoqjAOxSI9Yp@;;SL8EFo;I-<-=l$dT71{|^ z+vUv46|9L~N<6nbY&hMj^nQ)FlG){g<53X-PDns|%sM5fto$dJ zA_05jY^A$cS)7fvyfK$nm%$}SgQrM-wTNb491b$aw85L%T z3Jxj_$J#Q6g?|(*k0xCDWrvOm+Kb$09ll z;k_!XQkd+P;c)s%s2_KdUlWHgRFCEeLx>CL+ ztyenDjMw@R@HPS$O14Zzt8QjxMsvHI6eyi%>cTHhI8%7JyN;? z6;bp>j!{vFl8Az8pjMJVG)$Gf?T*^Yoyt1lLekK@kvHRe*^o#q)*#Ert^$!9enX+g z3Jpe%n^%sHtlBgaFlH5>Vk&>ZmE*zZcI;YykK!nRXjE^AEZxlFfF?yWwo%M-Hb!)^ zqc~v}t4YlwMSw*q0e$5k_5%NfyX|yAZ>4w#FuZp#>`yEj<|ketp^{b1-Gbd6r@<>O z9J`|zn3Yo_h4BojfB*woa1*TBfRKx-NNF#5Q`5m!OrfP!LgW}0=LFpaggtA z-tbx~tRbw(g>@egLdIQ6I|W@m1}bnCchGKF7WiSfaEuBg`tGRIzY{bJAkp<%BW=9~ zCQBo+n#iC%&s4t%ShW}KLA*^?u5bqRG=d_TOdeZmP(azthlpa;%a`ID^yXi>u|`Z{ zKR}}6%<3yj5+6&NwKLo5$@OC$o0I|$VktWT*W)r)_F*#Z7%Q&VPS1A;ClhIE%-a0~ z6U%WmH3*P|5$FNKQOcsz!s_Qb0Tg~bc<1jKD%%-28?f<|1G{M)IjvgU_3W;;;uY*9 zq;ff5h{xq>sl z&7tzGApur%_Cnx~38%;hrGmH6+eO$FVnXAxZvZGaWEvY3W^;;@h1 z!iGMnvf|w~FX@lz+OHADTH5322FU{G3d4r6U{Woh^b=E(A1Crs+N_jhyVDVM)LCb{ z-FlN|WCJ(BVk)6?GjTn;2smEE$}*C-u_J_9|9g)mi{! zY1y=2zD6NasU^11*MqF9d!+KJ{J{cb9Lu5M+KGm~JsyXZx#uN9Wzve{GojU*0S}zDj=Evg7Nrzi8>V_{9f3Jfwadg`qb`39RDFF~ag6h#W-YN1CNgvf zPr9V@1+izL6|Uqyg+{zp?yh0+PP_4I;vR+1cZbld$b&*Lw( zT8;`R*jrj7OZi6qI}x&vu8jOhcoPMF5ZHvd!El>!EPZW>pY2~mC4I*`+W(YeeUR`~ zrG}YxQf%!5*wdrpSPeEcpCL#&@xiE4zaTih}vU^cZkf&|0!#`*0Bv zP@!;@&*OBLmJunxF9@aDm}X!O0&w3EbuBYS+dFB(~UB~lQ@Xu^XxAD zLoD7!nSx@O@DyC*_<;}>5+f2ZXsWJ(3$-<$)>O7;Wfw=C?>X3C~_2=2~2wxuzC!`z3#qNMzlJ}ujGp#SSq`kH3$Os5>(3$s$%Fu;Q%%NXBbAvUAq6*tM2 z)iMJ|+jv)1V7<%y;7CR*--m#_?6-nigY_I64KsW&3NXg$KbBIRdZQJsLP_|D94ueb zN84;u*=#*~?n+aGIlRGT9_|rgohFkOrP*g=o*|?(rnXH`J*SNs{D@5&O1y0;^RZf1 zPuQ5LA$2-1Lvf_l@q+Htw2;HvWPEP~F2m-Ju|pj*ToRLd-#Z`fQ4vL~7+eF|<+hUu zt_jA`i$v?tYoOvxMUizz>0313&tdt$jxe{>%@O8zfI?xRHvtAjs)6)PfVrK0fCF||*jqH- z&)dPfz)#GPN7P=pT!OODU?7&2IFT+9|GOc=6jkDh{#SeJ}~o z4e!sn*6*1XaD&D}K!ia8Zk`~F2_pVrU|~SOA}stZE)aYICIEXg+k(FV{D~MkB7&2x zw=LhWDcMAa7gdY`DsgbB*qw63KJCZ-9jEtx!-B5eqpUV-#BVNPmofuebqi@>Ih}Zj zz|tuf!|w%lz!W(TiWUN*kOUg!hczdEsJ)`P*&0>o=Nh%8${b=@7;hR`UBxfoP8~!@ zMei1-dE^P<7ZMCi#;N3FxUIuNkLCm$d4w5Zp62)`uW_W7;Uv6Uwib1>C$D2otbQ8x ztZFQaMWmXae7ZDW^HJ$Ufq{DvcAx z=VGdkkB@so=vmWr-E^7I?|8~qvPeNQ3lMqnUlJp^yR|(pwL<{RiQKP&jBu;i@i3H< zM`|P8k-Gss;fBbfXDUx$N3Hl05UQDFXsiIEp*>-Ki&AqDCl^8=Lajo~70s7L9Zf3q z(G%^xxWNrW{PI0o>Bz8uECikrBbGf+Wa3kib;5{op87%LbE;hww+DjN>|OI>2SFl#|AD*DGl5-Y)-bmpmq(@VM+LC_Gn2~1=5qBk47WR$5Pt%3`=DF zNpSLW3RqXW&m-NR5|DI21F>)Nx|re{9cUY*Yg^+{o}mQMxtEs@&+*uYSxKpiWj(XT zr^?6ka!>4ih-Jwbth32LCn*T8HnePsTWn)s1h0 zkDnMt3EPS@Kw~1};L&TJ-@kKnSfjmUIT zF#@isT~<^-C&VvZvA$KN(_an=xxj8J9Ml5z}9fd99Oh%fHD1 zOuv(BD;o`e^4s?=O6n${NO%=$BdgbI;3r}ztKKcM?JhH-(Y2gd`Vrj#8X1nMXjhvx z>Ltv(1!Q;7|D+@;k%T_DD&3N0~B$ z7KxQzSNJs@$pEsc5_Sh=D7^%xzxvEV1C(JbmSDP|66I~BMgs$#mDRMQIP4A0F z_w%mWHq1N*pFr#6YH~3c3!-VTyl}eu#x4Ku?!r&nCimAC;>2sp)3?7P=;oVT*_n(U zNwH>384K%cEijkKyH0^(LJ#I8>CybCig%MVcxpefED1wI59u+!aU;rpVCq*zQmdq; zaaSc}_+gsAN%DOd#89=vx3+ZsVzr7i0oo?MR=t{ubo$^Rp)t^@=SlL}wp%;3hb?Qh z`?QVrcgR;I_9^->JBS^w!I(Gd2*(*+Y3?D5yWjvtZxeP@f%A1sox1>>%k-%rDKtqx zw+$HJ?@GL1h{tg|%3%&+Qa0Q~7wNh2>AApBXnC4R{|7ytL+OVNFbhxilf*dy;yxJi`Cc~imbR=c&DsL#h z4BVbdL=?n6ot*RZXWZHHx5V==U(X8|t^~^}itWjk6Pw!T)h)x~_j;#BT=|DEPY$HA z;u*atzmzUxhuz;>4AwN>QISK0b9rOh#6!Jn!1+X>Zu4alyZ!0YTkS(1#+~p=YB)Jl zG~VsXN|Svi|3q_bUIKHbub8V4*f3MHJI`Vzyt&t_BWYRkQijtQLydWg-B;WI&KvCS zF$|@f5?5OujNwx^6DrN@QiTs=pLhA44hOr&&#E*39Dk3E=T`WNr=c$vg(LSA(D#QV z$V;f(pLatF)T5v1dXEY!DTfRp%Booz$zThig;n0xiUMkW-|wq)U1I|Sb(Ux7^JjKv zZk<0Ulxdc?5>j36pGTwONgJ96Q-1tPLx`PiGv>+6aajI*W))rCwB-#W(E!OBTD`dI z1X@bO?Ww(g)26nP*%5^1pamQrcPt3@oD?o62;%YV>Grj5#a`1VS{tot9Wvtkgcfq(;6#HFR z{8#x*bL5M-B=QBw_xMYF7rWT%tj3M2CiXYnB%)gS|bSanvZ^ zFSn*k%3LoFT+JU8%>f%H&;1ij&EXw=8F#+NLUpC|_Ld&bOom%vXv#Z`$K5AJ#QTA% zfmd4U($hX03Xe_J{8jn!7FSjr#5H@K)^!yDB}nmXbyv6VqTM(2N-Ys=E%7K0jK{42 z-l6XzQj3Ch7<}(C$LWqvDU#FmiBzDyb)j{Vu98x1;~#IKv5shlBC?S`mEQ6nCI(Ti z@aYA#L%0o8pXZKu zzHu*2CkfN~q}Guplpz~RIj@dUauS;3TB{-V{hfaWYuKN+h&Q><(4(B6gFLC!4mF=d zCIz4XeA<5!j|4(9*Xc%dkj!%Mlqr-x5!w)@|K;KNL>A`K4GKT*V*B0Yw?LVT%V^KO z-K}=_WjzwRZ*HyDB#} z`4EH^P%%FhbTLX*S|vkRbRub$wgtHi*64EVc=mJf*_YP7GN^qJTZfny-wPGy#rP>P zA6FPzv4 zGsQcx)$STitO+E!%*oE!n zGxlW`SA6Dsw^VwdQ7gQzhOsy66CS{Znkz}M96H(bo+cP3@v8h?$?Vp~%x%JY6FgQl z#I!kEWyXL)X{k6Zbj=Erf{RtjUoRz(`1j2D=qKH4i@mQR@<*wGCtKi`+r22PH><0@ z;U<<#Q<~Y8j-B9R7JVR{AcVygcWcFH34Pb4SStCYX4N|av}UM^4;NEkTuI3R9Vz1h zHiBBOi_STb@RyBe%I~nSl#Cg)4DZBu?a7C``zYwANim8lM0WI2-dsGVhw`nnm;oHh zm=f03GL-`e3KF=DIN^~9eXd1J52dTMo4(!4+8B$Jq~h&%dm?pp2l_T`=!*TZ)qWM0 ztFgsVb9}CG`E{iJ#@zgTuYC&oPE*>WT7>fBoTH?i3G~~$gX^8RXpJTdkwp_D8pTbd zyp@l{-o^RT%WOkB|4;B+q7M^YsHsZ9;i0lD1eMzhF>c1H)uF5wSvngr{tS8}*Rahb z#k55Wb%BEZFJNf&yyNGP_l95NBeI-d>x|}+nQzZxB9HoLYQe~XG7I{Ut#{4 zgRLc@_@Y)17+Z77K9{wL92d6ZviG@lf^bGQj644V$~MZDg7EJiWE=Jy7ZP-D(FoH< zL1Pl=1>UTUH-94&&@50g6iUPYl69bA9N!$jxHy_$( z?G}`zgV6Dg$_PRdi7Xg?Cq}ePv~x1aJ1ei|*A~)u{8ZI+arrPKQ1o)=D2`s3LH4o! zLtR`}XjQl6S62kK6DiGk33$y_*zXcXOQT*GQ+({A5RBSGX>)*Ofk zZzbL%GO6`XsXY?@`~u4bzfrX$=IGqS9C+`se{{51X=`xIaw4ixvasUO#F4t$8)N^Q z=c`}oju(P&ePE}S)m&AqxAQBYB#j#l!U5b*&o#KuS4NtuD(!mRs+EmbAQU+cQ9e=P z@j4rUw3CIg)=BH{p6r(lt7pd#iH{+;7GFPU8c~Ao&-nXjGA*kb>wq^d7P+aHGe1tI zKgKC8%m~y()UgQ}|A@}?YnjZ9*52cQsyosWFZ`SZ$IY%F{LU8%%SE|$-k2sizL@UU zjjn3u$!lTq<*w#YwvbbgFw=Ih=ll`^1XzpMFm{o(^}XONc{279z$ByD6x@&!5KP3b zjml)C14#)Ct+R1CRcTn4Jf6l$%T(6f&MfKv{i86U@DBIlW)}5wONc_~8X1%7x}0tI z_0KSQKPp&Ph)RlCGpT@l!@BRWXcVPJR1+oMK|Lq<4~%W55SQPz?CUct9??v{?LG7H zdTB{lmMQ84pb%JKrLyMjviPU|HcCOKB}X%p0iDz~4#usM%<)5dF)d$@$oiaTq^48K z87yE?+I4=&Jn$)tAE|z7A#aUzmrS zcgOLDQ#?gj?Ojj%f0irP{Mk;dVX06nH03NR2#XFKxm<&%u@50YN|>u9a7>~<@fI2B zI5uDC#zMqneSMF&PCYDV+ zRaz6od(Q1>y_%XZZ^nlpPeU;TiL9wDwE8%@hF0xqGHb$cUp{%-_S5uZ1@VB$$|Xz0 zYh$s9nq5m4c@Yr#_9pim|8*?+@OnWD^xi*f;KpFj%TV< zeP!AOD;(RZjLN_+x2tUs_^u}0%1=)xg@0+uXS?L`g!AkVzO8$Jlx_oaXkVO_Z(NRB z55w!)AbhA3g5>R~I{%*dhS<>$*;$FlLgNIBIh!DuOk{QAsAOND=;_e-D;+zItO}ZB zx-hF}`dA=)-$hep9LyjYb*aoLZXW1@FOc0s{deI2ney??Ub&MBg@n6DVvUZz0e3q# zAA@~6>Fe0lt}o>(QJQB=CiLP~Z+k6$NcLgP64l8 zvgpejl#>e)fikLrs6vrs4O7eJ(vv%aU8JU+eqfq);e~JQCI% zj*-^>$v9+qeDF2!Yst9^YUW1U-sV^7R9-D?J{5A3rE}h7VkQ2(9HO^Hrl;F;X0^-x z;ns8szKnrzq-sqCLh@{LnSI$Nkdn@dR`EjO4rnOiGD))cTqC&0ZrRK*R(s)=k62;OOo+rb^N@8fl5t& zIt+fzt1TkCMrLJJxPl!C;~mVcOuL^|t0qEgF4Fm~L_Kjq<>hb>i8+T)Fq zE0bW?GvmC?$Cr+t_-eD=Tx81U?_p(9ZyHyNUk9I`!7)GLJP~4rXu9|r#RPZ5(u!op z3jH%Q;OQndXFdXGW(#kLr)n3@FZ#i0ZHPhCks}eSo z_r$*uarAYZiv#F(gb{it1rD}+dJ-soez~|i2R*EGmAfowjZ8hK8Tqm|DOyB| z{kINTWA4UXnamjpes3@qcuU?R|Laf1R>@YJ#37jAK?>(lCK=@^MJS@AT>9$}&f{8P zX(TI(s~Qkm7g#|zi?(q_zsUcR?seuhK0$GVRJ*ne_vRL8%x`$x5GiXBg7*ugtJPmY zCpzov_k;pY3;I@anvbHw^pEr3#e_U5R~v>7=oGwmp{dgl55ANt-mmzOOG>wR=g@6J zp(an~e;r(Auuhn4GibB5r)FLRI{!6ZR$$EC22mY}!t|&6R^Rg)O98Z{i>-hk3yIYK zB$jXZw$?DEMuhF`u?j82F(S%2~!dQLLbLeRg;S}ez9~eF~qNPH_#kwi6RH-~Ht69Pd zR@D9IN|-@Ntx$4!pIW}=w8N0!3keby^BmF-d@1al zKhZaot8qsYleZMWG7qJ0WM?*^y$y>EFl=68-UG{{&>I#=Cr;mx$=M#G~rELynG znU+*=!XBFwvCY%)|^;$@?|2ct?v4a~Wg)BdB znJ9HWzxS2ph#-~-RSH4!2xVHei~*Un(t2q&S>{3dY(2FYrLhKqi1P4uqH0QjgJZ9W z#oTjqJzB+JoW&0+6?meddKz&4&(^Qvz33h{wt{Q)hWBcu898t=m8pWp@I z?w@N3L-v?N>E3pIz_!w*0IJ#lfg}4iEsv2<%tST9aN?$xA<-1oL_8LaT;_p#w(n1V z*r+Q_W=g$G##v&ythpFZ`)cPEkrY7%4;^`~yqF%U-HfMv@Yp9=K<$*Kr=v-Z3rxV- zlZxD})Qu;v%iB1mh|Qf2bv(*4G0IU~N5Xrk298A7&yP!~xDQTV%BJY1{Z^D5=&)7N zlThjn{gevX?U$92MXZQmZaYLsDqYz5yFP%Eiqb@g$ktXl>DsR*s3*2=P|h;SiPhz( zb|9IA0DZvW@gw0)C=Kty=&k~XLM^h@`7*~yyIujRd|ED@_)Y_^LtlO;UzGfKV&^E2 zeA+*5$l&NZY=k2t#E z%59ax(5MxwX&T=ucT*`>J=v%5&mQrw)XQp?)_e;?w9m1M)Ig_Q)s@e?y8#AfNy7No z=1Yhh*UGL#n4C^{+kh6{la96#CNQ+6S_M8S#QqjPa2Nwe`24m{*jED(6w}|k(C#YK zjFGlEf8rj5C- zuAJeziAPL#;g0pjn~x>bH~+R(HgF-efVaK8$RMHP5GAL~NqHhOf`o*ss;8<{&#SbA zrLbu;dy$@VrloJp(G{K$n4gc7Id{xy)#zJ7)IwB?p~(g+6xeibt$Gr+H1Skwd>eaS z)^!mi%_vNAgg?(ND~OUc-*G{k%Bh0Uul*veEK1u%l z$H{9T;$Hi}N~ME)JFjBFg9fguTGY8N3%%1yBqc7an~JZ!dsW@N1;WWmC)Z<72;JmccnRgIBXMXFE#UO}Y7DJy6n4VvY|bTO3~s4`dpAr8(BpV;y9xznpwX(>=bY zrt)%j#xIiJ%O$E}Q6FDjv%pKT5Gc<3_%$tkq9Ta*xO=Q}81*Zr5a~26&pILkPJe~BXV-?T(H2Pk(tkZw+JhJjn)MM=@NGm0yvlxun zgFRW0_ruuapnT5m1_ZqVdN6phmy#QkCEc|<*T7-&NZpE=;qO$s;IrehUj(%swR~ws zjj0v(-AI*~JJ7iQmGle!c+*U}IydMEBMFEN#+v2(X6DG|WK?;Yoz9|s5mQ@9z z8S3<5pYal;j0H6c!Ijm4030yd;EBU1Krk-?H zS|;q;Bb(M@*{}v(dL0G}9D&@Hmy3Ll$R0ebe%;)Pw}*2(>iOx@ zqLsTSaR1h)G5A^UZ1AbouCQ4MMj5887mkm?#9M+^|6VIWvX9PMDBlXJebmYxXdN#z z51DLNxD~unm~x5w(HLlc=Qz+_gQ@p|s8RREe5xbJn?+-$I@_7X70WhespYZRA?NBReRu7rv8S ze0fb=Lh~_4(DuNYFD0oMOtv+)L$3<5S2ZWd;9EkDGv3B(6>(F-&ZbhMZ^HM@t(hbu8N2dymXP^sEfaMlRi zOioADg4)&P=*fMn%0z*-XiDNr5~q)7m8VA)g8UV8rvA0q<;>jl)8yB>BK3Vyo)@Dj z!FxIoEcNo1mt+aD(1e$Y7H!`t)&i-gL|R@JJ(r6n7y$SKA0*rhTY&Kb_>2Df!R9%i_jQcxP*-+AzC3wZxs6w~f;hRJnn=FkNPKIn|- z1S>Q8JXARf)DcQMsNns+oa5>co=D$GrcIV~x1QNc(H28$R*9c!JMxj&k`7vl)$+~i z-~m&Y>H%or9~tDvu)Nch=90E z>q?M~g`Z#ETo<`RGI_%NfL(@kH5>;(o#c6Za$-=46q6%BmJGi zZ<; z`D2f#a)?7abc%&k(SinVqLaTw5<>q1DDGW-3f|#;a{2_XtkJF4DP0_!Jlun_v(7t@ zRwgzwH99%D!%V8!Gnf_xp(vdBa1t)eiWaSiD&x zsAyfaV|_*xq#X^@kq{}x*Td5Szd~a?m6Za&@HK_Da}NuQD1cWhyF>RWsPCfITH%we z#`e5RFHmn-8<}NP0va|T_`}dw8Ec<-&qF4qpVk7*=(WR)SC$c`j9_{=z6Z+Mo$pCW zi+&PQys`BjkJB`$IU=UsOo~z zr<8#g)Jy@#Nc{=9QQbhgsx`N~unBG@`z@QIj0Gp>s0K;&Kyi7Cf|D_){{qk&4Fjvc zpuO51QI5WvjuCTvH&K4{rE1)6&YH7#elv^0H0!+v(3?#>oEVs}N}eK#Hy+Yxw~5); zQafJ>yW+{F=bD}WPKA3yCX4N=IAfXr9Y#cZ9=vl!^(DOj+fJ(+qm5j{4fgZ`k!&g-ZF~i+-RTOk^ zdO!+$G*ffys`k`CqS*M-$A%CQr?6I*PXxitML;fUM(amvyA5Cgur`L_nrP*FX< z=YSlB<7x`Y>e0X>meC?bU(Iu|bG+KCnN4u2t2Y|GG}!Tk=1Tf^yiNKRdq*ldAi5$_ z491~p5|*~{#a^x2+R%)QkC^HVJ>aTmhW%s3ct`Ry2c?3#Q+l;XX7y`WA>ZZ)R9Ri! zQ@oZX2rMtF;kleW&2&C_NLUL09EpWc`f*G471WmS=_wf)WWRmQ3K~f`Q=2QF;7Q17?pTw&wz13=8`YsxmXi5m1 zPN_d^>9rP}^{BSH5`2>cLEmebHr?zYE`mnJfwvP_{$Z;eC(I?i;4i zYrR74g}nQQJ9F;v13Mo2jlGjt|^{0k5k!-?R%drEw6(<>5s-#rD7 zW@XkXBfpK-0XjFQ=qQP@%ajNfn!md`)>u7?GRzmJOagKkgkKcsY zDnqZ#&}EqkmX^1j!ss;aD3$;;TJ$Cyo`m$T-4V{@JrPp%ujE|ojKT9Z|383 zk1JE0Q8MKr&7qr}yr(}1Y6dG5vG}@mWhK0v9qgWi^09gbW8$zt7^7}EwjCL=A$T8P z-V#%V^!4{$I&A5H)cT*@kIRkJToFdjuBFqIUw`jw0UX?M|M=}nyPf-E(W6h@RWN9k zI())6_B5)(*4xmHh56RNScRZ^EvEEACGO}k9)s5Q&IHlY5$k$aP8>*OH!$XNX3wO6 zxWSsXc5`7aZe%njiJwmSW_ zYnUli2MxzvMs$dgw(R6PJV1KFg-Uo(g2lRzD#XhU&(qzD`i1(zU<=w^1qH%4mOzg< z`lBsflC>1*rBb8iIw3Dr7#Y60OwXpHpykkw^e3e^r!{^nGZkAsFg5fArjbuFP&x#voL=5Raed@NRpsmM4HYxx;~~w*2135} z8MmHJCAXLjA63jR9P)nwFrDP=IdNZnn^M(^*2};fFE!6|UOIHz5eq4!>L>8UGqmNy z&2UzTk-EpVJ=fCYN;GKeYl(8c;LLG`P)jR=zwEtUGbfYMUQpZlfbd^{z=q1|t@AVI zEn7m_j_D@l5n4uc?>tvvG%y4>{YNj3=3>Q)&TUG-k*1$ezc!-6ErY5&EkG~1De@V! zvA~Q*_ZCe|3R&VF=qvAft3g~e-v~)7`O|heAQOQe&S^o;8#-YfvEqsBw>knNd!~)bsFA1@DCzxP z)?1MDfu6`-?TP#V+6N{@|FN4{l~Q{Wlg#FQqlTdDeY+Ha+!%ymmH+f>O@CyS68@x`SAUZwtT;Qx{_`` zK3+O&Vo{2IUzE1Pb0)a+W2Y%&>w)qNvb83|k*krqkoQA_F4YU|iqR6jtV#tYWmxL` z3wz8BGy@5Aq869pXAt7wKdFU#uVS)kUxmrsC5CXL-i`Sqi5`aUn)S}#hcpL;)%-!H zZ=L&wbAqvT9a-fwL6ywTe(ks2CB84XYh!*VD2rJE&O9GWJA*Cf>zI@7pO*0G{1T2- zeV69pWLIb!<)kbZGw79iAn;B-W_hm~md)BPloei0m&T3H;YSqBHyh4m77LBoyw|?o z?>l-qi0CtUEF9HiVKISZc)0W>!IHYoDl+MlI83M2TCcOk`VmacAx5on87X1JghY_{ zO!mHEx79T1IDf|SOtQe9bJlzfsI$iaX|@FNVD@&ZKKRAa#+QU8FI+{db;j=xuOy+W zcPJMT3~W&b@1J5>_PM$rQR%wqQ}4k~4AK|Fl)c!@Es&b#O}-rRp$(dH@L;~Alp-{V zlY*E-YuHnHB9OXNN0ybUU%#{7F5!?$Kw?EYM1Skr;rH$f>uh(t^&PViMXTlV_bltoiji^MtOrn}OQ@vu`0!hX51*0Y&#nGjlmOy&{`Juc$QQjy}J;N|&X-Ry9=* zIl+Bh&!NW4*+2Mw+TntVD2#rJ5rZ^!_1L1R-mNeO%Yu}&*Bb9>~ESzyLq{l;;!l`BLGXKWYP zBQak>ofkbtwY69k8}_@%!v}ts2-9`et)ru>q+Zbp^~8I;M&NhOpHn0AU+);zRKm(# zb!v{X^yToYtKIDo+Z5d8^t6<{TGU#0TtY}o?-Mf-Za3Xx;yO8J?(QT(Yj|8Y<%0eS z>%ifPiWPFnz4Yd5Bt{e?h6Wxi6W?uy1Wlr6O17{Z3&Mu0^ISPpsM;$4{XQB#v+wnl za;s94BS^fhvUcwHLo*w2VzbrhyFA|byy;g>_%Kn&!(=KgChJyG$>j`vdHJHCRKXVC zuTq2PB7=0bDdvW9SM%8)5#Ke;bOljWUBV;gdno%1>NhVqlNO9{)wM-dpQt?PH*Qy_ zdnivLLkLX1J+9i%9$A#ryX-4K6sqX!E;14j@wVQ6Bz zC0Tph-SP+BTk#XX7dyAPJkOT267;nJ!2qC% z)1*eMVe@VS)3A(uOf@-j#Iw$q)o!yzqam8%*Q~-WW7*wV6zL+c5atCQU2+&z->k3+ z7*6ec{K~~XSd05L4&TCNnQ0bKYuVA=IRbynThd6w8)+@gPseA;CllSa2zjs~OWhN^ zg3ms?jOiM;AM%pUAQz7zZ;CK+eHzt3j^hg9;H0J7$dyr6=;d$y{7!T{G{{2wRs)x{ z743-k;-J8IGG+tzAyc!+zG03?y(fbqMkhl%WIi{6^Gs%fPO@bkx$`oYi#a__wKUCD zUSIv!2#!a+x!iA-pRg)+GM^`2aYi$m`vma5JOzAAhQOOn5XBj8kVC7-ZxQm;d$}zI zyw5DGAk`Ra`5|Szzy|aWoD2cxmt$_{vyRh_F3MdP?hCDSUNQ=d$r!SVMU9m?r13}x zsCEH+S7BR981;c@xO5L{`3&UJnVQzHaad5Fdd~xR`fy5Gc2nS$;cOJ<$r*@k-&l;9 zFRH>iXV!faNry>X(^=vs^FpZjPYV0A{GFr0C#<$jHI|0GQAwWPP#r|S!mKssUy_!u zm3rfAz)c3M{ll1Gq90WP1uXvNDPE)ZNmj{d2QrR%-_ zlB1D+tI|Ky_{ysC?RG`@;#cqlh-Q27#L)dh z$o~TT7jtPoIe&dP&3=qssMgSl*;|LkZYkQqN=rP{jDIk-6bEZaDySZeV@Xe&uL zBWM&0D{blqGWqp=nWSLFtg~}TEO`BsjpqWd^=FrPPh%5xL0m7}Ic$j+X?E2*bA~1* z40LwMTS-Yp6f}-h8?-#L-x<0c|GmV>-Qze{psH##K&>Kyq z#?k3Mdom3gm{}MHv5EH$O_SgzvwVa$NHsLs3bKChtQZ`lVBim~)Tm(Vx z&3jTy0b1x1oU7wY9Cvu3oJCy~N$y95SOu9I@fhvtrk7KBh9p1DH3v3FsdTh*_gr;_O{vea%)?9efhOTl`zXnsrHX3#Srd1;w zOSE>h^f6HKI-FhZ!d@0jF9Qa9W$s~$gaR-VvDVgE9>|iE*2=OK8>{t7b`f$5NDt5Y z>B5uFLW#~=}=QVxTBJm)b49sw> zP$}t1W^q-C^!GrVy}u@&Qb-d74OXr>a1ttNIdL5kZndH<9saSO-OO(cS;2c)Q*(Oy zbo;(ZLlH2AI!wYRz#AdvSi>8n_O5#MUNe#M$+Z?+uPIc#GLnZ6*l(2OMbuQZ7y{ui zB5BHTEeU=3N-W`r#F=ok8!`M`;!SB@YIMVO5mkb5trq1GcGB87XFlG{L9+SjZvMIzWxti1Q_jnk4 zUNmd^ddH@fZd}pextwt>7SYQms(|~|ouwL_MbG}hp>(5vw;?8CYvENT}uqxXb zbQ!+2=dYcb5#i)Zg&lMU79Y5;{I6q5d~UCblO0 ze}<7EjCo{mCFSxwi|-)`QYxPEV6|eWhD=^OGB+=hZ0k{a%Y}$6N>U7j&emJ9-X`Gx zgK+bofH1yS|AywW_!p^&`5#o0(o-5bfVzt(qo)g_#Uq^SA7qk^i#ww=H{9Ib>ECl% z2W0Fj3dY+6YQKteK4Hy|6Uz`&Ls0y{cQWs;CD_yOsr?_`E~ zeMD$_#nBALKHIZ!zP154-g^8ibuCS(Hfm=u#swVT+1*HbdS6J!*wsb2bn7q$HmEi` zY>b>xy?C3eL8D!Z#pp?JgIQ_0p}4!Vy^xJILZa}U>y>P&uCx5BQR|Sfb&U12KT!A& z%|vKuKjGJE=kTx(@%wV$-rG5N(iQSZ^sW&kn($LiPSbUmjGB;(w0z(&EuxK*#=v_1 z&ja}{s1hl9+$f*`WkZ!R^s@B%jNL#z_wBdgBm9)dtABA6Hdvc!b-%w{s1a^Z9Bo!B zUj2s#DZlaa*CP!wO#A(aFRrnB5Lo8+m?}FY(+qKQ9+FHJaG-dPXZ`&bn!e1RLZSK3 zhO#l1nNhoW?k>pFVS;If9GvxszDWcAeqG+wVWS_nl)pyNUB~fLeXB~|qshUw<_%SP zj~lNCv3`qt-nwOSF0#B}#`;7*)A~Bf_568IcaU*@I6`7!A5hTpcQPcN!9D|zTnX~Y zcIr#6X5IcHiPrO|MD7;Rg;*}5$DmG-I5gz+o74AzK@D$@J1 zKWcUrL2SmdG~L>6J!Y8QYiBk_MB5yzt1Nlaoj(~Ja?qcW7lxvzeVrTMi85ltvFlZk zMyV7o{Jzn3G6AO2`@)+4rer4wc6&^mpF&VKPlR~n#xedXKIib+UN2axObq*8g8wjB zB?wH>R=4F$T&P=k9YE~Bdfrg^%;L^7b(!cyq*aG|A3ym0`NL~<$*fzayjih7UAKHj zdR*&r;cWFf5bJ)E%SJDD@tGHI7Z3dF^WFs+R5_@ z$?!00I$4{0{L2p*ovnQyr>ixiy|ag>wYk;5P>g8)1ID7`76`y4ARii;F66?8lT@lg zedsZ?Q}*p=#%DmD;7>R9`;q5#B+xJ6TBxoG)sJe}O`K}xUhejm_AZQakJvVQTPOQR zDkc0suf6&Q<@T>@{{fr(-(WFCV@A|JPL!A_{oMhnF-*P+$oFy2(rZmB_8tg+R=8iX z_$_vveg}{rSoAVQqY^ zqGO;v^2Hw0r?K$R5nZ1iIrJj4h<`w1kGJ}-@jcH0WaBvT{%IU#E^+bw$z<`Dh?8sm zzUz@;HVi4&_{PUlY9H(%6mU^s^@e(-iTD3BKA!(QzJK>(n}4Ze`{(X69*-LTL(Kn& z(tnr6wGPNP+hC?5fQj$hiKXx0{;5g+OK86i$YWE@Dfo-I@tv^`6n~#%d#!v{6WApG z|00b8=HlY%WA4WYaehSnJ+kZ=RXwfDc^-Wk{@+^N|Km6Rfyw-LwW{Dk4HaR%J!p2C$)o( z?JZ+GMFQ7k8f^rYVi*Pl@<3-C`>#ju*Bhl#pG=*}CHi zdiX!waC8M5_vnAUB_IF&bue83;m5t9vkfu+C!BuIXr5N(FpClbLNg&J9_? zM)SGoln)F)kJ{Ax$FpUspKU*ScCr2JSyp@CFqx3zj)NB|zMVLbA61Rqw#tTuHavG} zxWms6AkDfNdohWaIOF|rEDR5v3RMeD-b{a$b#&6Babxk z4<96xi~RMW`70XxK{7AKUr$x}@8+b-vsi0^{iiX=GFrwiG;q!f><%sG%)fsXtO{gb+3oPV#n}dTp;HtSa=8@hw^iKc3mZpBCRowp=H+6oyFbJ# zfd0-a{1oM53KT}|uE-wVcHr7(Y4i!D{91P#GQVk^rh73@ee*I+I}zhSn0IArL+xFr zuFQog;Y7cML%(0(oB7Kq-qIUMgP}1#%5HkMoSF}Y($m`|{v>wuwtcd=!ds#m+)AN^ z)JbCvxJKvr;BPclJLDc$_YU#qm?1kpo1K9*CWgedwWC$GlBP)IKp}}#l?7Hx!LWI0 zbSKwP^||>w-r9kS=EPIRCN`K0+}xQ_$=b=n#od!p!rIBz-NnY*{hzD1McOQB0e|N2KShJ=W>#FXWUw2jY(>2R;TS(q}&{4(q?-?@r z)qcY73`}ioex?h3WJ>a9qX8MB3_IZD*5|bjcBZ# z7C5mIs`*MRpmY^^LSh&8gUYAxOnY!*FS1qd8|D|w7X7{i==9l?a*T)cvKmjEb@sgA)VvM$~lu{8_Q&~g*S!*u4T0HO$Lb0>TO zzW&012W+4WG%hg60g}%?)(X%~{Qk9TK?2FDUH23hu{&nHn^67waFH1CH_;41X?!qo z<@D}Cw(s@7s?fiMF+n;TpMLBb#AM?%fv(|tCq-UHfFP$tEE(y?F15+eG{xQyb?;hDc83C)2T4%8R5B zlsL@l;*0T8CJo2O+ycy_`pm>ZY(da2A+jb}yPqHi61*x^?HK)B6sILozm}=Ptj3C3 zfHF2TZhF-YJm_I_L}S1EI$#|Z>%WD%Lm7q5Dvu6WVu6K#8ppXZV$l7J8~0*`Pp5+H zt*D1~Jjq8fYD>#zT$;(N?1>R5mW27m*U$T1cT1RSy+WM_-@jp!T@{Ccx?#?{p_QsM zp!Mm*KbelN%aeZ;`;Fb=kSK4B*iYbt-$e>JX4v~)zcaOGy9`i2 zo?=qoJCR@pzY<&i=&nssSz>Cx;#z9`cHd;pz}fy&5lgyCi$@r#M)}*haxKpVin7iN z5NQxZyfp_5pV3UG3M@Qpy&XFD{TIB#R_3vUVU-VKCMdm1d|q5uv$0n8+#@5fG{I1x zpVs4^k78*r_2|0U(?MshFvmv4a6AjiZyLg%g0smXBu{ z!9UOb-b4IjEG?$2MewK_=FYCHgTcu$*p8rdixb!SqYW1N`p+B-ZC;{IO?P26pmZ01 z**OREtix}UahA*vV-$IABO(B3JtpY|Kub)o{-<}~&oQ|fAt;Shi2N8Fe|?#G@2ZL& z!d;R{t2qVANQhXL{e-poR)5N~uJi6pZ{>Cx=C}7)JH7fH{9cX&Fc-=oi)35!ZN!1p zsEk2;GU1ts7AT{(C2S$+lJ!-M0TR~J#<8l4S3Y-tf#0LX{yUhVNDRG4?zIRghz4cE z3?F^J{`g+z#mvh9t6)LrQrmS(AiK=<)5%CD1W`;bj@;)^F0J1DPG$9wPaeMoT{L)* zCxcZ}lVBsX^q!n-+w6$(kd14pJd#vf^0ERbpI;Tz<}R{`LEvHhL#yVCOy(~va%w^c zDy$s!p^3)353I~R1q1?K7Kqkd_0Q2#xnMMMYMgOcVODYCyheip^+b-qkbC^jyw2^} z^@^jA z!P&%A|<%S|}!P z9kmZ{TAG}-It_MoC8RZ@%dG!~} zK5E4uF#D%!HQIyHwMgLSO}yUbfwSyMJYwIipxG@l0=DqwvwXuj1YVol1w^?ry4IQ6 z-0Gh&n`%i9!0b3##_O^no^Jol;a;8bO*dYP?kd}q2gO17BTqgSxO^QuJcGSiarI|3 z8e<&B?tu<%`N8DMP8jt40{~f zmaZIoieKu{L@Qxs9I*}NUd&lq4Q((=MM`^rX%JXbqM!z4>_*o$Rztstf0$b;a3&#; z;7l&HgL<$HTo1@Zync~r7?Z7(T(kj=1I<07o8jqP8JJ&AiqQ#K{Q{w;u0ag4X(Zsb z(bbp87QLFZ{7q<~)8g=DWIyRLsl@k;02tl#JC#FdLQ{l)J-@&&D`-Z+Hd>X z9rrLzA=-?OghzIwF_WYC(^+CqZa(0WSBJuoop8N+i9v4#v0cvtCqUok7e1DgC^Qxx z2KA{3Lzl!zWG77srob?E8a=}CQwI+nym(`b(+_DX!oBGriq$8&4i2mkW5+~Rpj4t_+fZEDp?srmlrt;YA$;^ryXL>#%wm9k{RN8u?Dlvp zfs|RH)_lei^YRFQ??EGHVa47OItblsk$7-TG-3iDC?j;h?dkKx1Xb-M9~)$I+xUSX zM)aSsm}t+J^`mOB-Jzq~RTZ9Nk2qjqv3IvYgT9H|u=po%%n%H@_G#`Xrb;WE`XUkl`d>=R9|M`0xU(JL0$eQmot=-djAR zth*UhO2ouxtDl67hJ;U2wI?*A)FseVZ>1k_b`T;mP6Tb7qd?NJo z`XRU$iz{?S5(6%(z)?f2yH?E;DY9+*@OO;`CdN-Mv*d~1^}V?C>VU4KIfXX)e&0iD z<6rE1Tcsja`Wq|)TJZ-g{;67!JHR*-=Z95B7%fGuFT}TV%zeGJ9~vRRaNmT*siWpL zyQaz%GEzn;wWWKC1d9B5qNG> zvL8;z{FpX7-KNRWWbk^?d`P;ihv{b+F*E{D#-J2= zkKLXS_8kHJL(u7~C&MmA&!O&~9KeSmdR9b81>o+L7IB{&R#730)FIL4Qo^MT898>{ zcTDedjV@}u+v$zOeO4f%}HEqFR2#$GBn=F6Rh4-Xi!N1+LM=r znamIZ#Xlm*o{@F9kv4>Sxd{=?EBWn1Ty6Cjq>(ybSs}{VnvQq2a~bwVX((Z?XG;Y&Q*wr zHbL;dpQhhv=e!-K(2p^3D_;x=Ecoe6HU*r?rspvRL{JhAjs~P)O9N+PQfnI^zyrjQ z4D35HNv%3EfiawckqxPxlQF5OF)83yG&Fns-`J8AY-4Y4Y(r`Q+;3>$;Am!G%?P&t zdC|a;^k=k+)CdSnfo-fFk?IsLK&)HTM-&X0Ep&tWu$4vB$ZeOsOc^c1_KQ~-X`qZ$ z0(xtcKDVBfau&XgUQa4%W~|XF2Gw6L@5r^Kr!DdbXd;dUk{hv1Z zQy9oc6@)>8Lj;y<#s-#SesrP$Sqd@!Vgt@tN=XXHVr3ByN|%};t|#X0Ok8#GK&q~w zsa3XU<^YzqEDn20SL{Q8mB1HV*6Nu1pg`*PXtn~cmIKVz8ram@a(gJ6{F{~6PN`NL zlB8O)deQOuJM5CxLh#6}*XbSk?+~6FTxx^`U6W-giI}`q50HqQIHy7O)%tjtjg+>4 zSA#;Yr#sZ{Ofd3p^qL&pg|{Pi>Ns@r_3Hz9iGOXd;qk2SMK*{q45H+7iicPCX%|PO zJmpDdbL|l4QxFs!G$@xa8i%V#^3_UE`L-roys~+VuOF$r0&8#5c@Ordn}Wl+@fY=C zXY8-W35LupN$wSwm<*i0h{pGAcHR6C3MC}B*f1e}?KDQPG_2z^W<4rA@csf1qe9HL znYMGnRPIR+XBAja26kXpQ3UPIkd2{*U+tvP0p~7`nM?R{4LMSv!cVgmuqPgC zK##V*Nj0bs`QaoEH|?=!dSeRUwYBzLF$cx8?g67Duj7TeQuFcJd5=^FE`;}jS4eFki zGb!%9d3F7C>eny48a?}|lU**T#~YA1H?5_dCm}F(rb=E;YHkU^DaE(_B>h?S+P zsHBYTAN`v020#GlF|x#O^7DkS#bXe{@*iKL#-Cp!e*>$}|M@inpuhwjc>}WnX}E?3 z%J3C{aCg|Vhc0hBxZ3{l+F9?*5eF!7{2gUx^`|E4LvMdZWKb}1t8-Ho?Y}DD%Ge%k z<6!1!{0|m1|G@&FRsWU+6Le4t0^_Tfqt;Yj)eYIH@%@R?Ml)NIpp1x4oZ`r-WF+)> z7Iy^^mSLFYa2e7HlKZDX=JT$O=`nNpT8G_O+eY@`odtDV$q+3@@gVhwg#iYDI zY0O1MdFaE>*SABU;PxTbV-t*?H#~w7@Ug%FU{t34BU!1C7laK=Dy4Gox@TsZ2EqY# zJzj}TOD^P^hS=lCw|AH^5x1m5{s%dMndI{=wqrglofVB<1VPX3WscS2E(zksg!dSq z-dYxnFmsi3uh3B-@IDYEoBEn6e|wpZ6%8M|oQ<9Y=f>O7{PpyRvB3RKqf!W(w2%9J zW58pObi!ieGtPjn(L+5M zA(Fy(6JeN&4|fll%Upx_)#kg`cavO$ozC;cAXwSU1muMl8zP(UD(+a`a|Rzcww_Ms zrykR>8J(-VS3ooQTz}R3u~&3)KG+|^ey3IgZrUFhe?R)r05E#2mB&8kPxTrCoFvNU zGaVCnz47Qc1qyF!Sp3Z6ekcK6Ys`-r*}>XH&ubN)(5`s7mssy?Cx$=^5Ql_8K!fVP zqEYGmINDKg8d8>x)nR?>3bI&KUHB&2{_v{6H9*{m`y-64v#C$q)Rj zlXiNv(0SgA`T5U*GoQxffNof>qjjc&lZJg}E z#-#FQ)dsVIUvn0St+Mk-0aJ zfs&Z%N+^&?5$c{C*=h6{cZdm!jPi+v&hjL1xTOzAkE9S_+@Uxs=ujF`!Evud|Jdxr#~zJyCtsj!>J z1F6Y!5}0y@42 zhW^*lcs#POT@;NbHAsHeA|kSJSZ_V);V*HC1)HNCXpNvX`4vLK50o!HXtQ73_hxZ- zKaH^$ws-@I)R-cq`y*O;e&U&XH^9x{_yx5VEXd zQL{gj==xDofbVsD+tukpzW>O5ME6<%C}R}Oy*{QO!YRDG@T{Q25)-fZzyRt&e*1j` zJPesrP9lx0ndzu+m~l#vcb`9v;aIydG)`F<`^D>BL~RP9V?m}x!t|%>3d&HdO}qjj zoX=kRv(E{#d@W+0#ZIu1<5fIzSyK_rPcIietcSKK(C#k9l%>k*iyc zuwP zAED_VlXdz5$j^dE)Ee&9?9ju@o#v%{7QXvB6qGL3*_k4T+z*|mYwab}^MiiO{MDDg za&Zgz$GrX5s@*)QT!2$^El+6<$_P{Jj7{(_1kk&(Q$vY-scM9_oLRP-6>}QRYfak7~|09sSIh{?@_v^E0Rq zTA)-Q4Lbq6jxYJ}0Bo4B2%M)j2_o%Z9%12iIJm!@AOB}8^iLUUD}eV0wxtx85l)2r z>3!8&6mo=@3w#F3Xkx3}c-6z{97VyMnD~ZAS@be*yo&FCE8{Owe*x<6&G_W^W<&+7 z%?o>MzC{ub+khN-Gd%%ed+AspgLt~5svyG2R3c74<9ziGZ>+S8<2uwooAGb(7?{5T zz_ou=^W)q96p{WLCF@~UcUFc#?PX``@|BP zUiYDVRRaIDh(Fa7h)ElnnY??HkkQKJ-{|T~U`Af-+!kRih%>~0zH8-^QgU@kd_ET_ zU6<1&55wJvq};*8Rdgw7?0JbB(Vs#-iWBqVKkMq#YEZi5zEu46ZM{8X<^2}1^uEu% zM9dFR3Q}=khf@s11HqfpfM%*wUP3UV!T&3`mFM>}vgSvryIbvcQ-QP-c$mU{&2nFA*j+Vr6Tvdp zF@-+fZdd)5aFoshQGlpagj!JJl=iHVwWXg$Su)V=6LIf|v?bL5se?%yRKv-*n2EB6 znUh5>nq$$42@0#1CKH?jol}j~#E;UTrle8|`1jZit{=-SmcQ#out`X36m);#BCX0x zt?Y4E9a3FjRk#)#y48)1NWcE*r@Ln> zT;27#S4|_ijGYs|`t8Pb;~hR?2W)~P_ys8gl80dA*n~DKW=`Nu z6T}#$$I)(=-mAb^f#(m*U9&Z-cEXs9oJ0IU>BF+@!IZax5CX7N7kgb2F6UKcDklqs zP#l!HlEvEVj=8>m@(PJug}uXXK?XMfFiC1C0T(sLA7K zLpV`%0T^w>ERufYTx6If=pIeU-6Le;{o*vIaU`VBGw3(BZ*jX4{RG}iIo2X{;;ryi z-#%B%;YgLyyh@0S|I`^mzz>nII_RrT9J>#LA!(6U&)IKAy@a~t2Q6=cVQZdr6}x5$ zDQP<6<-|K%8xx9V_fOzN)m=i|mmwEkm&+ztE|B{J zUYh$2uK55FQj}S;Am#m37HE8bTQEjbvy{ zk%m^ER(f-KEB#)D=3c`V9{&N|ApU6DVEBT*sU`$9mOb`m@nnd+|XF zLPqT>ynia=xB2S-C`DQ{#`T{{>8S*zo9Y-_vRjzfR*TH;z^iSczS`iw0%e3ih10eTHQU;s#toE@-f@ll__0>8{ENc*&21cv8G-q6)&`Hv z2%FhD8k^WK8W{@)>i=w75@7PA{m>0A5vj!EuNxkH)s{Bafb)se*}&55*UaWWzYy{T zz`Ab+TNReW$s&JpLN668ha;E_ROT`m2bNl&}x$*dWm$0R)g%638X_*Y+^`umVDpm6VbE zc>zcn2?G7hoe2*MB!+~6hl7JdK!8U?#(IK`goKQTfr*Mmgik_DgilCFO2J4?O2$A= zNJzs)%fQUS&dyFk%_G3g%FoCK%tToLi9sMBARr?l<34$U%leG)8SDRg`;|L002BZP zLH1`h`c4oDkPH*%S6a?L1^Ja66Am5$5eZ0bS&asQgaDFyLjO$V3Eb@tTn9m;Kc==6 zfyGodfFrZRVg+(r!jp?uv}3D`9aFFY*@F-eah~Gh;Zssk)6miZKe*uH=HV3+mync_ zmXTFeQ`gXZsih4zGJa!XYG&@>=;Zv?<(;dKub+QFU{G*$Ol(|yLgL4ytn8fJy!?W~ zqRP)z)it$s^$lM-I=i}idi(mvCnl$+XJ+T-SJ&1zHn+BScK1$B&(1F{udZ)y0k%mX zK#v(gf0yi^Kf`$X~lL8q*-#%sqMTdp~GInB!D8m`pVUn?W!DER&X6-~E zXHz-GHnbl@#Gzncr962Q?Wbh_onYSoSCaihu)pM*2O$I5MIq6F+@eCDRR_s+W$Wy> zr6SH$OS1TxOLBFiI8;k=jY$Pph$)!THspkFFEbc)m%hofdYu;#yH{BAo8(#0=>)vx zPf;NXJDvkwW;+>BoE8}qd8hT{$`gIh_KQtz$?~iyZwQ-$wl4`r{KS41H68iVV^4mH zc#q5Og$BiQnWWHasy)a~zvi8S5M^OB>)a)!quiwzMvcuoYz)S7jzdy)>N@#-JqE&< zOS(GJT~Y7O4`0-NR7ZkV7tAZVVZcQnYalV-scMGTV>d|Hq^4fZlb6t~>*|Zks!e(T zQDU|5dD^L4vxnqp&|})o1YcP3NlTN$7eKCOV7r*HM6UPa3Kl1AJAD<)RMt}@`4l9+ zM&PNz^VE#Ok$qs_F{o3vUs1US+P`slHG5&&vN?1 z0x#*77s%XZ^~!e?6wkX{QT?Ao`Nxnj+6uG|)B8_!N^YWin9QQc-1DDf?YZ)hMgEPTX$dpWka zP-U61ohF67&3hG)<1Ljo_L8_!q+CA@_nGK;WdV^4H@43Qr#!dL5p+b!cSPpV(NhTh zOp-2>r*a#f-<5wb%iLAGtW`zpM0)^ftR!6=D$sL5imUUiKeHI&2;(tIva@chBM5d} zpRdj5Yh(wj(9KBDTS=ODiOCLCfn#K^keB3*bz0*$@T*%n^2u~?&$#M&A}8K%Wi3hW zIa6);6%^DuNI}Fa7<7&Y!{lQ+j z=$HY|dbdCQK;2X)twpP#TYb45$KCA;q)4Exjg*9)d;@3Al46oRdGCZW@WwPtu3(W~ zdT(#!DeiLTYPh>15j|0;GcuQ%jeq+H|2FsfF-N{fr$Qhc>S^Tr$yywPD6woKFfv4M zk3uZHK=-;8x)6mP_1sqrbvi4XVYA zez}6Vzh@D9QW}tmql7@GaPWR2pI%Odu6ti>L_yq>P(9KGYakFGDTd$z>rF!~5ANOg zo8%<6E=ZzuSK9h4Pr9|}*l~57&MtW?rWn?g6h{thYFB7iChrBVA$k)BDxTZm3mO$J zk+>%p<>aF_&`751c*cmccdc=*Wih-Xkd-MLnuN=>yqTHR7GPYxc6AT$3MLlfjPa5; zDmgH^>k-=HbuFg}{krkw+}II(gQr_sS$=R5!!iZUmz+A`lg8iG0tJW3NsZ9kN2(p+ zqed)Cqv}wkn(fCETcj+eHI&;IfF=HlIg@;DyufKZ5w=Z)N)s=LlM@&N5*jDQ>pozx zTT63)|FPfDLf*URveq=9YalQIn!TwTnfC3C8n8H_`$|vSA4i~ABX6`;#X;ND*Gp|j z_@+Qpmy>(1dXNjtFjZt>fkP5(nmdFAp*F5Eu8#jH=bN0g>!{3_8KxIVbtd#pGgF6a zC4+2<%Zld5+2M%10%0!Fd6#XDio91%e6mijvWeqHUZtkasLFEi#HEYPY=sjf;`M%C z#~V@&kgE+rc^b7pWVAa!AOk{1CA5O9vHG^2+`{s$%b_^WiPo9$%kpdR%ibPkIU8tO zxq2l=Gb%^FS~xtxw78geMXMxWt9e^RYty({2f>ohYfpqF&}QvkfeZC+W{?#Q=SHe6 zEL?pW5|~EUV|2rYI*8Wep^q)3MHc&2rAwbTRZ71U-yr_3$o{or_`_ys`c+?PuWkvv z?}lF&-{4ibgo*}#p=R8&KUzf{khqlTI#~bUyUzoNVZLTC?L4`!=#qtcVW1-7N3ui2 zh16MAjSrzyR(eH{(94g#gp+`xxRDIL3bm^w;#;q$Ak;^1H)BU}04fz9mK3Y*CFP@iuzw;C5U zwfM1Nbwq*Zr7~)2qQCWlGC9KD7QuQ2x~+r~ zr_AtKG9_ZG*2^rVT;x~?NFJ$TIiGUbLng(>^-o&;Sb6*Xj<_WtmoY9=-+b_FzS|fb z{S+2-*1LaRD!|qLc7ir~i&JD0k~f^b`8X|_p=?752pzAVc1h?;eGXd%X4tY`MXFkt^ps zx?+FkqdV3&>7*R^)L0 zNlOS@b`nO4Fc-;&F8RI>pqd< zPoCRAn%*ipzbT2 zf$M+&l96JyT_TZBxRAX&b1ppNx65j-JKqLhJattW1uxWADSRxfKlnc z0|&RSIit`L&!I`IPZ;mEeVnCE+vAKM8f6%ch8v3b8Ep9}GqMct7F9$sKp_~aes+Lb zIn6sSmRWu~-(dfhH8n- zx`70w!E;(DD^P{)7kM(~s4!xvc1h!=GjBhJqdrk!K{ibF-sW)1S&(H0BV8MLsA=5A zuLiCK=h8k;)WWJ-!k>|wSgolI0!!c`HiPc-C#TxsN&K)>teRg2>S49mDK1oj`Nt#_ zm57Ts%j|{(sR_I}WiGIk6*I~U&19g+qa-(lzO=?+sbP8c@}aoXBKEGQ!CLH&BU2G@{-Lap*@_~mB1QBT%@_o3Z?-I z0gE{NJ5xz@6O>8}+mFu6&LG>`Y(KGz!(>Xs3tp&#M)!|v3G@AJvizpn1 zk+J!r`GS9MDnWpxfj`j0D#{B97qd4Ykc))-3HJ!f7}BJ(5%3-SirFt*f9ZH=JDCb^JW2n z82}s?fjtE{LHh4EkgB4B76>G!B`Tq!Dy^tSs{Sa%&o}&eWMyXN;ALUqWo0I1;pAm! z<7Ht65rC4sfAL5Kl#%)e%?QwBfq(Hr{Rf=^yb%-$2Z9C;%&e@;P?5iQ=LGJD{)3hU zXo#p^_dMEWkWs(h|LXCcXvCi!y#Z*L=wIip0U9p)ud?9(pdX7u_=5(_LJ;B~_d5gk zyG6r2UjDUZ{J{?kGc!cSUv&?e@vHt`!-7Cif6%=E<1l~F9>9A**>FGkfdWW~Kj@!r zm-FjAj|D*fMnnBZ!~RA;-iHY6k-)=*f6#wd+kbcNk&VYPAGgPMFatXpu(SU0KO}G! z@@I{!@NfgvU(y0MfDiz?@)xgwnE%j86hNRqbrK7p|4t`Kf%AXrBn?3Su9JWz`jaPS z;5_6XG#1ihd7%G7&;DORne}|?&+-{EXKYC$N)2>hjL`0T$zk;F z4JZ47A9wA)qB3LGF0#ej^tK_17) zrizyF(mg+%uc<0!{HE&WOHb@^hB?G0{z>bj4nf>7+{|*bl+3sa4Hir{jIl;OW8iWs z-`+5a4XivpYvJJxb`pDXD%mQ&nx@2RKn2Gk`fgij8uxh#6Pk;o?m|;!Y8mS4%c9CX z%U$tPxvijl#8$d>o^z@Yz7NZ1ZG=Zq51=x7jng5kg@Y?)EGG)Mi`ywGZ-UpX3+)>a zdUP_`sojHGn`ax(Np-_v2PeRk3H9yYl(YtrHAAB@D*7V1hbL~Pqu#4UAjEvz*Q)34 zpQewK<)TXoesLyyTDU_;wpR6`FNejU)=FGo@Y2)eN@}i|v8nV#T{3w9 z?Q0TFZ5GZvHO?HTY-(ner>Ifb6WMUZFEl6}sbzbI-08^~4eL>NAA2aLktz~oB>mA} ztXya~F0PjT<0Z3GD^iDBt`Y844_RHR;+Im(l471V5*i?EQ&`rt#6PUDt=SP1<=1}e zP8XkPW3OeuPsdEkn&Pm)J~c5G)L5##@m5Koq>ZS(VPz^d*&Zq>MmlOlDewl0UN&w3mt*|}dWbU1$_hUpARA4F_6%YV^Myc!}z87>1i z5dkdssynJe%igQ(Nrx^8e_8rnj}rmckP>QFx7KZjcP%C?lr&8|Tr{kVC48Wl|NV(V zD}Ai4QC;`@aFO-Xd#Bvuwx}U|KZXLfYL~wAqJ*OaNVJ-6PUY0OBRYaT(J*o;g-bPqmpu+~nb%=cQm-f}qJV|; zE20Ioos}acSIN&~oZOrub^~pE0^dos8fLX{3&E0?a9pP3DnpYHGR4I(2S+0Y$9Y+l5<%An zqwk%|mdaX&VDIf+aLb>KabQ|Gvz?wzj5l-1w}zii;y`(QZMK!&O|^3mWIVc?1HDgN z*FA+B?9PboseUS3plOtN9FizweG5+Q%<^glHcPdQMP^CS0~oNe?@QK>~|h5 zS4oTP>3)!@t!LHgJp3WVN|8Xya-p(Fh;GwOvACEII?{2QsEEs`#%?|~i-$5+#wXOU z-o$oLy7Ya%MZjzZEZCE6X1VBt(a2YmZN1pSM%}e?W$HKmcvwc@{C&*_P$kt--_1m8 zrBM%Kda2dH=Ir+6r=vGp!4vpmQTG)z`3JePujYvcd1akxS(KdEDdmmXbe6jJAb5HN z@6=xAh6JhpSiRfLFT~Ic;Z+psukW*NE-o3Xmh^pr^oFQ?XV+rxzSjf$`PZ(i5+Tx@qBHO^P1QH+-IW?^SHt`=wBpWnx*_W`*i`LRM}4_qp6LT5)noa%ot!78E z(g0O9^*k;~9Ei^I_BMUIzS-i7=vTGad30n3g*I1|Ce5lmN_*k;ijsi=q0fsrj!y_u zd_p5~O#-^qQYE*a%U#+AS4zcntfZP7KS2+g^5pY5mNH)$zb9Ji^(%+A6S8!;naPr{ z!+=r7+pwF@OweMM+q@w?-yYS>9HL@WtKp%!C(!EFmf3iRn!ycOLw-CI7FQPzUsJH1 zH1}Qi3NeeO7K5jaUp=rS*RWEL5FCXo;88uIUG=(oOHI=t$tv;lC!|oLqX&>s+!ISi zRs!q$wgR4FdzKZ~^Q(fU<}zjlf~W(FuGo~EjUl}FTQz$=2?{#YTGzgoW6mf?nfPI5 z#S^-f^iIP@Hj<>^^&rgrW?EnF5hYjk?ws}GMvU?I+5I;6xLTDl77P_>?K-x15kjTd zyQlLT$jW-?J%;4@EGVHQVk8~+Sf587Cu_X~oo`YXzOh^gt_hoPJ}tWGSh-vNQIM5OA5=+O|GGQ!Zp>~|x1J`E}=tvi>H z1bnxXm4vn?sNWq-lNtIj_cQPY0|gC4c!2m0Gz<(3EFAJ<2o4Sv2?+ri9Tfuu9TgoN z6Nm6ACKf(6Iy&w%Tzn!T5)u;3r(_gl#1w?YB*Z@hZ@{B)uy82w@F>Js=vc)6>+M(I z?VrcLk5&uZ|BN33MgYJh6g&{V;`|wPdknh4!GHjp0I*noMctmkVz7w(in@74VX=w= z!KpDEa+TF%Y<6$pIefr$0pebd5B#wK|3brnV1a84z`zp{n6M8Gh4AM^2q2UM4FvLF zFh!KH$f97$Sw+QE?7YSv{zssxm#3-V=7$8wiGZ1?qPEgJ5!`Y-@y8$mJCO~epd3(S zV@y~P!zTK+pdfq3ay5KI=2lx+5H$#*KHrT03v9gU-LnWs2jrwJSd!^jWEfFo+On(Vg2>+)q9BH*sV;CAY&zo%?9@6OO6n8GX?S05jSCy2 zQb^_fptJ5iq94kNba+P;CM9JF9zWN;ukPy;>$lULJ6W!0CDbN#xE*s)_4uHzDAe81 zo7wJ)HQVxjw2UlrP^gqdsFYoce^+G3n+Wba&wig(=Q=8jo|c=30AI_QPMB{kalUN^ zQ#J=jJuLC&Am@H+5xRVoo6(x80onI_7|y)fw#=t+KgNMVo{%D?vEu8ht_!(L_~zJ+ zSWZ4t>)NRh;yDR|?VXZVHx6^glbWKWFv(#u-HF|+(?Qp(xwyrnT>{j`$ai)RAjbmA z)%|;-=3u!*71L2e2{_V1Y9ZbWetf!5$O~5C>2YfA8Md#RE8;CQHe!joIr-k+PMPkR zxSi{`nhI^4S=U{byHsRsgobXr2Yp=+I}wxm+||=0t-i=j;E`3L-I7d{lKy(qDhUs4 zh@-?Q=&Pny6JI0pE(fD>_oI&m7*Dg9yuD8NP3_ zNiM_hB)H5Z1fRzxN$=V2V zYj6~M?`VBF#A}jvtm7zN7tCr9E>T;RerABiQOBQUXeMwzq|5%ss}8vKn4#H9P2qZ&-UDVQXgTm7KRI zq(o(SOLf?H_V0RmsaTw2NXZG5_KJ;1UZGL5j-@ywDr+IcGWx)H0}DOwUCmv>RY_B^ zB7YP4li z&XbWRP2o)gWGGgR2d*9;=&<2u48Fykt6tA|9y-08=kZjYtEel<52}Neqlm&dxlu1CEcK$3F|f0RcS39;@b#@t9_+QrqFP3 z1l^Qw*^7_I*ObTs!!aYeJUjLKkvMOeMC%+z%d+4dBxK2g6FI^S>bD3hQy)MBH^mZ7 z@a!(t@RY}kpm4b5{T9LOUA0B^2>+vvc#hB8mYDu+hub%!@^&U-pFgaGXfe28bnDm_ zzvFeV=5PD92qdm!%Gs$^sE~6zq{xZhh;B>kNXWR^%Be%-Gpj;+nWJummeEe+jO{Rf zE=QYUzaR-0MWA8ae3+EDmcm(?Q4ylG`8uSJW|MwObs5e^w|v0$Rf8(aGnH;7EH1k` zQlIVG(WvEo?uKbx>s1NSU5xnS38;@vMMC=V1YI@K2gJ+bgzbGh9k@hqZ&Z@EdJ5*Z zC&Q-M3#`?Vv#>2e>e))Z5Sv~~yc!V>;I%fB_$_2KKmWe7Z`u!_xzZy`6(iuc*Q{`0 z^->db@x66YA0G)G9`#RHDhkbtwC^Ry^8mpa{iH~q&?BN{K@)+y8&)(7Ij@2HoN0r%pCf?hBs?c0J zqMaNdUx|DgNUrfb#Vc%AVVS=A^FlY4H7ZyF?n$m64dV@108TwgCjw>JxlaB2Y9@`{ z?VGsn(-KaM*7Xevh?eVojc+h9*S=X03mGL>^Ka3!2go|OXJ31|s!VaU)$_6eQ47Pg zwG9QebzDLHOL~DMiFZg4Ucf+5swwh|7xo6X`qq90PrZP35vV9Fe9gMU|dCS3TBH*Ach4h`KVw#(kKE%xU^Q17H4*ytV z*cF^zRCvI?`V%=%m%O%5(S1gn6c`bUZgv_~Y0q=bI@~$Fwa1i>Z8_AGqUE_ajJv&d zO)d7j$UO`qJ4IM&zq73)(N%LyiYsAdx1n0EQ@zsw0`syHY?S%YPU7SJ*@cGV6z%LqD&~KI*=o?A*60t_-HP;u|M19e|lMu z;XyVkGxhbpU>Jy%-^;p%#Sq#aGP_ zRhStU05zZVLxxsKAs`G5r7ix=fh7&=@_9Z()JVDFD?L6b)C4AdZg)=By2 zuFq=(K6&UC=9{4g;cec|BLipUY8?Z1w8qd(tJE#LlPKkRA#z*qo?(d4JJ8#2*vyWz z3sM&hr4BIMd=MFcrIE5!-X>r&UevSqIvlF%T_JXgA@vFUuv~4q8Ug0b8N=gH23FgH zC#<);{OVq8Rn=GO`MFEBRhm{;p2JDng1Q3V|hAt>zCT6WQJsvsAS=nEcad;h^u zTMcHrInBby6ViVZ%I0G+M=R9Mt#Nd_i8;B%SBKW=QgWrHMsb|!%{fm7Y{f>!=Z*sj zM(N70GYA9KE&y%D7Sk;5@fYH+za)Tf8S4pPU(MUuOWfR|JlSAoxk2P%h(7yBv2nud z*^6Q>yE-gPUM>v4Q<3$v<4s-60qUmzkF|FIuB6}Bg=5>cZQHgrv2EM7ZB6WnCUz!v zCbsR|%)8G%``zEU=YFSd-BqbdS9Bj#*bv$Q4htwVU^Hj(l6^2bpc| ze5kJ&a-Htvm#VSy9c%lhKw9HmjvA*f0vI$NPGI5JtLqtm+)*u(L{_6Z;?)cRTlQ%*b;q8Ao@s$b<3>8V4X zNsTxCo_DN6nlEZ%2LFf;&r;3%jQy7NfE%KPG^r@r3yg6r6rwPis7cywyN1eJTIHLiEp?cyKbSyukB=M|?rb6rx`x^>{%J}%oS#z}MoptD8 zd02nBP?uXO_8W?(kntw~Q9<0HPzdt8iDh=)JSz%^6Ez)ibm1EVWjuj|;K%lbmqLL+ z%7bu{4(!GIF-TYqTOt2?D^HIHJVSv{tUvB@D+3G{Vy1miazZpU&KoQgD#a<<7$=+; z&aVQYk}HQV-tIr5YyTw<{r~3SfC7o9)U<#?LTu(~|6RxKU<;5R@f))SZ5T(w`vx^A zuud;`VhlbFAeRxUe4AdRIES22TN7Ki0tC;V0_~6I=F1zg`Q^EpQkrmej=wr^tOr`% zX|Ej%Ww;Bd!xvd>kQOyPhrs#C1pGn5JZS$MG3X8by-Hm^RqT>$j@dXsw6{jMEETF) zX$j<%SToiN7ji^26C}v0EP?Jn^9HZXGtb3 zE;K)(7A-724E1@d@Oqwp`CaC5<;8ntU^mWK!8f|X_Dg9p1|j!Z{NHCu=+S#lzErBp zGlgmGuuh30^EWiAjZ$LYOm}I6_Jhe8MUBlXvO4_oc%0l7B^!VbG)rN&=Ao#gYDxF<&5tC4o;;tpD?J6jDVR?pd>kI~R;wwLCt0420!oC~{8;6G5Wgt!T&wN8732`S$ zzJ}QD+z{MDm0?0odix>YTN00ltcW+!;4do;-1nTP%#!lFv!cHyL8#@?Aw3p<=7B%| zLXPfxew7@s?^jS#shw2&o$^PL&&Is&_`HuE#v-8;cUDZEipq%~kquQmlJS^EuM7u~ zg)8u?v^Fa~RiGGM1vd{>6QWZEz9WPR1A$~+YbZ96uEKSv!!jviniiHzH}6 zD-);r!8wvHN0*yRH>fyWGad}1hp4bJP|$4-HzirgE7~JZ<*6h53qpAK>U643_@m1n z0Id)@3(^gGtXaPK=G@i1nnbUtBx04X#tn8uhLhs@+>bg(Sd1q2#q<@)+Rfq|ReFiW zuuGVCmo`+1T+YtAPAy@(EPa$z;DQM4K7z;rkU0HQ77#aFhao$-taJxv^c@RAkTgW< zI;9hxOWU|vkbpDkk05+Cq^1FgNffr7(oD z83pxBpY0}I_nJY128pE=S;zvJZ14Gmb8|g)GLIyI?Uj$h94Gc>TCe)2<2j@54f~ z2p%t}U)Ycdo{zF(%K&OIItZ5Ha&qS<$X^$ld~U- zKmWGyTiVOECL1)v0q!L;g!We{rYmT&YEf>#6Dcd*FGz2?Dsaig#(t>r${k5={BGFo zBJ>*o@k^QAMDibY5=R&3uUPOut{>C?*!-JeHv)+5uXF%{FFpMic!03!{|}kva%FvN z5iUxvJpBj&fgow31Hr;%DMt;-dO(BHQ*DL{b))?>&e0faffWkAzqUZ9`XA5|UF=Tg z>;`2%B!VVDlUw#=r9ui+oycvJBmuP53JZe!Y~wt+oHCK-n)QoK5f!Z=@_5RRK|BKJ zRvn7V6iN~8tIekG7M<3e9D7kI5Q>b1)Og~32Zt@fik3X{d-v~#gD$2F^v5aFV4BS? zxHgP1mEzTD`Wm%P*)-6^G=p`V7#gL5rQtY+16@#rKo2^nslWsHV7_f`1x?*()j9*F zqOdcfhYaC@ zseu^^zzJ=Zn$VzvbZ`BH32eSB(fXlx6{YQRsbc^HF!9^>)9lsg^hr-q=hmZiPC}C}aLMiQT2;_;ZY=~Hn_*RVjanN@Aq%Or|7bzJ{8*ps` z68JAKyTli(_GfGr+U!I@1~PaDKmp{>9vF`vXkeO86SX8>aNA*l>uu5kaHuKU@U_Wx}iMaTU=>-;l7x#BlKo^-J))}4}2YRrImfV;9ZyTLqG+1F5< zzw7a@_REe}+|o+{I!#{DoSOS<{80u)evQ9z0K5h4nGUPP547LmZtFN?kzDv5agb$<|x6`YK;-YP!y_9|iky38n-%t@HaoLpF7-8NI+tCm*`e zWc`$?rLKn&LB?zbs8%%j_)UNHGRpoSfJnj?4vd7Vz{Uj8n5R`j>AAT}1vZ$|<22Xr z;2?#mIm&jWzVivBF+97RwN{b687mjZJN>$mr?|e8Obz?H8v0{M`VgNO760{EJ<@nP zn;#nrESn4m|9X1(RtsOa*6m@KC8V^IY?qUw2Rn*coHx`|148k5IuPN92Dp!RkL^?N zxeQ_2)}1Qkh$GG~8j6|ig)X@2(XkE6$Mb3o&?xL~dCyU#{qJp|(J42ljCIAP6_u_2 zHqnrv3Nbyg;LPj-d;nqx9E>4~1JyNWiK7!OJ2Am4=cD~Tc!%4P@cTZE($K+LaY&7k zP9YXTz&eZrzqVI*2coG;$Ac>$^?tC@Z{=E9NvX76U7lFWkgAj8n`6oFZ8S($i8&wS zL?Q3Spi#Z^uCwLItqIl;4eB~w|6}~o$Qrm?*jRjZQ+)ZugzTJ*>|8C3%)dGj4F9?P zw=wuP6pES^{TVP1JXJ$mnePu5 z2OCYBdf7OS0OI*;ER+5B0~r)ZC7Co66cWA36Z+2!?Y8YSV+)u{R=B`_nhe|^^xGM03 zP7rVv1wwp8Cd<3Paq<~+Km3AoA1AIB_4@nHT5fWEV@bq{dTb03P|E`VRjPQ>$ z!6ad|c9^q{5%?2oaZ%34O&^TdY(SB92w@6zZ5&};S^}%dABIFkJf|tloksaqVZ`tk zTt+M1-g9Ha>}FOei4;k8LG@1B%weA9SSrk0vn+G2A$#NS9$i|$)9@BbTrAz%QcuD< zL(gPrJMU{2b->1KDC^OulkJv}cb!t2=Vy0!%q>)EN-4+e-(G9gyXtaYTC?I@7r>iM zN8|=Klq&eV59Z;=#NOSRXK6{~^4TT?e;t#G&Z{8DZuXA986QZ_783lyXEx{I4{~!GS7GwWE#aqUI z#TybU0zk7R-#H}Y!p3ZGGRzA>WUGwuQcgzni0ykM*>j?Z46jEFY^rLE{ZkS@H~he& zwxF2lRNhh;TA|AT{Zxp&H;zb2BK^xb9ra;ht)g|vXq6?^YBxAo-FMegDYzbp>+LIE zFd4nH)^Kj$t>D_y@ZUeYfEISz%HkfOaH!RdT+WVpIl?M&Xa;+@A=Oy)6f5DWk)G)( zSkPP#&_2;kA0B%M$F%pQe1TYZ;`Hu<)G%y0$6ghS5T)JJDhho`l9?miWY7wtpw=bV z*ldw7I{l-<<{@R(#FozNY{v{Da8_CnQ@F2fItqC&^Q^1jljnjen^M{~Zz**#Y%OS|csq!2V2`nBz zukv1mzRggKS#-kkbQ)Ea#La$_@woBXX-@q8K;?zZ9qa*#?!>a>L$aUS4lfR12tnbK zzSE)&(0e0C+zJq8UfLrJe4=GZTdYo;*e#flFif9z0oi*s4^@}fU;hVo%(2QT0dd9k zAl4l;FlI@tNP{6f4XAn|2sYH{a(t67KRRZVM4Bg@>D_dXtnnt2sCbNaQRuYHSWaOR z%YTQrf6ZWl|D3!3G*JIfL6`DhL8ro3VaYGaT< zZ0-Wq_W$XS7UI!o@d@c_e{lU*Z0}bJ{ zeZfm)8;W3Q%%Qh)%WD&J+EMRyeH#O2cbJ)AFg_1&JVOUzU8C7c z0?((@H7>sj>-hTMQ>u&$fkRGh?D(_E9{~Q*-5_qF3?)alyN}KHd$`XcrF7cCb!YA( zY_CgkCAbOuk;5<=QZXyFF!P;uVvAapA`oXrWuC1n-7 zpZvf5{uh1ze|zvhkNXFGE({>{U*w}8|4w!Pajb%X0s?~p{gGMHe7SQ${_x#EUyr{S z^sgqYKm0l(5(EG;3LzvBDx;tx8WR+;!Pm2KzAgztzO0r1dVEO-z`nG~K!4bH#=n?z zAW-11uRjX(zu0)hFX9{k6#2^pOQeY60M29(kbsItOv3U-$^Scj9_u$U^iFRQD$t6EO_13P;X_U1aTKE z6~g7QjvDJ0A!E&TRv2~}5KNGS{?)12$N)&r$C=%eVQ(w$9G?*F`H{(j)o~W;^g3}( zxL|eyPGk7$BDqAF#FFnIBsj(jp(Ky8k9aX@dfN@!#X;!E5(@&ytG`7fQAGlQk=6CB zU9lZdjYsB(rJeH(ZM20_lm#g2wNoo=Hcrk^t2^Tty~Jd+IXzrOB|#kxJqakZZN_B5STMu1{0 zETYFQ#&J!N2BV{~9lFSL3Td9)LiIRp#$vL$D8Ml#qdMs~#U)=eQKPXWh;s4&_Q%A# z4)PIMRhc_7(-vzSF;^Twe7`tsEKw3i@%T7tu2jX21(3AwBVwp=(xIz?G)$U6S)y9){<3K z``uODv6HHh{Agc9Ra8Y!r@Z|8zRNyUljXb~Dyph#<$~xoBG$g;&6INRtCiNCW!1(9 z<|#>t9rWEpk)Mj=RrzI0;Z-O7X&(`L+(Xnb)Z)v0`cYIL@k?PPrzg3IQBSj4RZ=U? z!#;YWqAKdQG4j%_@<*h6EbUpeBY2S9VViPW8V%wQ0TTZOu}=VLpqhX>tDVcc<)Hrc zJ>ryTb*kp<)<#A3?jfD)1S?ySC>uXmC9a_iX4|=YyanQ9^ z50QTT05{DA2}#oNHno~-rHXaAH>*d9J*xFm0F{sb(oTtakUIT>@RL30aWV0d5}=%h z#;(Zlf*BgEp|+&5qB|=ZM<|p9JU6Ba1aS+6g59c#LOBX02|`oYy9YlaJg|#!hg-T1 z8i{rkV^()bT0hQ-f``Uh81Op2Q5lpc3NcSeD4q!PJD|2g01SMnFVZ&zV{am8Zc2XB zHuQ8dwuydJw4s7Xv!1da9_l}AlhdZ+E`RuCjccLwh^XQ;FvBDdJwh5R9>%}do2;L0 zd23N$ck9^TFvFJ}k%*zGr#ehP#0eIN3Nc-L%p&$cA;HTZ6E}5pbzPLQP&#rX&GWO# zWluGgVWP#E*~>ag3FFunQ*UYXMkc+^aIV26XCwOftug488G-lzA#sSM2YP(T5Q*l;mraeqj7L&z@FJ%Mgbl>lgrA=I1V zylR6Xcc|;GZDwBWgq(2nw3<+3{KEuw#WM&|E2{B2(APwkAk#yP?$kK&bZ6sOIR_Fa z3q(Qa7AA>(smAg1C9EhK1VAYlCfE>hKf<2aGjt(~%fl3yYF<7lV5fy1P5AM3Vuz0RZx{?+@|BSbE$Bcx^xgUxs$C z3u{sh;^keIpPUMY4nyVn(X9GPt)Bd;YOI`On0AES=M24CbA!>qqt+36 zkMarXT!31X!~km-g2V&&h)*Y%bDHgq+p_2^PK#n@SWT%E&PgQ_0CNj?hhFT%e&L;Y z0DNrXlmW!yyVXu4jK{oR+Dp3p{7Pnk-jo6(`GkSP5iiA9wLB@W`C38P2otPI9W6ZJlf?`rr7q(23$bmmy-0LiU6E zil`Ws<=OAGs$aZfrPGJ@3VO;+=Y^dcRbkPOX1)ZR&GPUXvD`oo3QS-ytiIn!6Ow3egedY#Wrb?oviunJi`HZf8Aaq zaCu-AHAyn?BKy5!^&tnJ&Y)CjMP)WZ-pmK)z*V}K66wnOP)R76go;%qVQEQE(J6MT zF0&$!AGayKy00o_*>>;3>bc}@?2-|*WBC@2Xhf?+Hq^yjpRP&+LWajHjHyY`%WIRI zo-|gs>YdpkYOMm1ajTv9sOOMI3adFYUaXdpoiGnTYsoQ z*99LdsNN-25fjZ7IbmIU!5b$NG+LV~x;u)v%>Fy&`POs@z}zkfNli~26hXCN!Pfj# z&9@9sjXNed=#Fs`NAa1IpE0{GAjDphgc{a9^In(rtVgv9jvuN#@dpBVvKeIDlZlAN zd05tNC&DabGbsY5>MDfBYE(;>NyHfd{uH^|WW6|SJ;v7mCtSQ3X9VxlCuAJ`m$c2h$?8s=u9u{$&~wwwr% zp|QH_d^|Ty)C@+#2*Zk?Dis0+2_uPqR9<|jd3|%1tBS*HXtF0tRf98$ZL)QYtACXO z83&^X#^i!CN>bf{Far_2%^y7p9HEckv{oH?R|BekBh)%fdtzy_4`P@oIGr$+2Tsh` zE7V-b1K~6Tal~&Dhpe&KfXQxaSJW(?j5^gFm6$|3PDw>$xW33@QdLzLsBOuZC|$S= zHKvm^QW86AAEru~SU|Z?sL<<8Y0Iv2Q5`g*^U7Ay)dSZP%dn5RsOu)Bth9q%XgD9& zo)aiCSOgh=3)5##O#*?gT%sl&WvXgbL)Xi$#s$>*39uGS_Fk9-a%2T-qZzh{lJhH? zr2uW1CSwmhi>J`Gidh4b?JH%SR(&O^j8n zreIff8s==Frm6(aQ7Pa|jnS&a5EF6sCf0R|h68UgU@$OCpe@eaJ#mVvM&-O5zwvtt zr;5rpSCuMOjv}X=-%G?v8$sKYHJj$C%ia%g!45#0a6-)zg?!;`R7P@=9m!Y>;AojyQGaDgEk3HEG;0a4sXZrZ&VRzMS+4U>5!H z1MT-Q)8kV#f*?^iSLgt4wFmfN=xwqVrx&qKk!5?47l#8Xhb0w*JQnAM?)ZXABzrUB zNu1kBZpU?-To&n&ouQ~<`%#T3c6g4vVKao>$f28B6;AfmK2@b-mv?pGR|pKPgd1@v zd)t8HYY4(}jad6w%r;K=z98qMx|@^M6z(uyDhxMjM;@4LwN^$+nSUYV1_GSEklUTH zL9SFih%j<2F8YQgA|l97)X9ryhUf-=pAZ2`$XCw&vf;Q28~A1c6B z(=~nWUr>^?0!Y?&-kfo`t)?c$HTJE-^l&1sFz{tNwIGFnEoEd@Li=qe= zy~d14Iw?_tEnO*SNTbZ+ZoCwCwc*8}Rjh9#b7jF>^OOcV0@Rpduni>5fM&Z@bLkC{ zSbLkRk`O3VEdschhx+QNhik5^A#9CQF%d1Q!ong$ZCrE0>rQE_jQobv<&Po*U`!4Qz{I9HVwj85!T;R)p9& zL8+?i%9f2=>9z@ewnQn7?8lZLP5Y8s0yv> z$#*^!WBuYxY}hEsQD1~eMD^viZNx5bz6z8#Cvi4+z@@RJ&cOAhQR6(rsxyzcaMQbA z^D3QiYEd(>OTxq6bdTZ>Pz4Eo)R1%_1~Eig5rrp`=7h2k0e2-yBcd3od2)$N4dv^* zK{676dIQI58@7)y_2dYda&!l;BCR%vkFlSQotwyEqFFFdLM_jm2RqrIszf4~!rm@l>WB#-v0N z3mFr^4UBU_k_9h&x>{7xgqye_Ty&Goh(Gla&t?a1sp5H9THDxqvi+8;kxoD)#<{Jr z+i}sWn5e9Xgd5l*LMUmE*wDVCeP4ptImkS*1BRG=fS$Irq=I!an4*>}2**t_A2a@l zN-L{`l?O6NU93B8<9+H$ofDNLIha3?Yw5X0Sx0zzy-Vgp)?3|V=%UlDrfNkRULJnt z>kD0PZ{Z-rm@wk1p}wEET%ZOyMoDYQ8{)}h=QLb&m=V!p+Vryk0|SnV(?f0ghtWF3 zOcpAMvdS!yB~d+*<{t94*Y!jkaUt7iJ%ZG2hKUCRZn5&SEt7nmKdN(zDw`z9GO)x` zHx)O`jg^wXXad4!nfabbEUS_8ysAG)IqCT*lzl%Ue;VTU!M z?FCIRQej2Cp|-YC?1+5?8i$j}_WBrg0nDoH+FP^+V~rM1tf___EH)M@PC|Q4SQ1|A%mYb?V8t?HiD@7w%e8ua7Z~UP0jE}FV(J{W(onz7{I!7p^I|Z4(2un8*<~)6ew&yu%%wc zCx9R{UL6XSR`;Rh=Emx}cG4&+IajO4Az03`@}WaEzUFvjq*EdnVnZg@JLbXj)F)Ur|jTv`(L_ix33OU~L@6 zD^`Q1tji?%W=sz*1V+V%kvkG&u5jmhg22u~UtV~mtHA2#^YMBeDd8?a0%af&Pr(I1 z-3%askLK$hxiRm!=i*KqvYR;Nb5Cc+HRN4df7>;N$y}&17{G|Nf^x4YG*mgOf&|MF zbW5cIEaenki|nMJyuGT_3Nu8=l!ZBbcZU;MQ$q+7g!`cEVt#rW;Rqol)7X$3t)Ig* zE7Cs@c3uXH9F2VB2aPyEPZMVf9RDkJ`cT~FMu{o#F8`Sb&h zMfV37jeQehm4mWSAYfHG#SEeP?pY*YJu3DuSw`hB;*=Bdw#Y|L_1WWmQ>mZ?TMYXt zje6tB5poF#oFapg;W%0VM`Cw%9!fGH_>}E%!y-k*3sGLY)TH-;qCqk0K}&9RplbgC zEPi#cU885^=?lMHM4rvnu_!>0$_SHS56%1VVgy~C5{%=(YO74OuAa)Wlk$0$edSzK z4_>@DS!o6j08?PiWh8L0>jfF(6eX9@c7VJo_s^C8={^1b4RI+ZjQ|iYG2T_{_|CL@ z#HYu}sBir3w^so*PGWqO3(9wvKI7UT6G)}uDh@{>T%vB}g+m14$RPh6*4NZ&jmJy= zv!x**2iX1~;xeRj{D!sO{w*|$_;gyTGY_>w)EaT97`+Zs^9}bGkk9)8Hjct8EXXMfCw5WfZEQD#7?ITPj?xmKCa3+S}>B+Pw9J{ z$Yo~|M3oGx!p5XnKX!vo%0}(WECE^GkHZuP*$sa6)WR!<&|6Sd43b<0NKDd^U4WIL zu3VWJm(#})XZ`r8k5NUjr@IhUbI#osm^+c2Wym?mhz|G6GuTaND-IvKfCh6l&M=X+ zZu^aIO}J~D)Sy@Ls0+}L5gYl*M!)^8HI8ot2S_Uf>@Y=Ptz9c15Lbc_bJmdatc1Wy zp`UV;1oM208UX87&kS<*twKXo`+P}^ko%wyuf+mCVZDhh_A&Ga)2;ZrwPqp$8iiw$ z(&xJmH9uQhd;P2yaMTQtyxB>8n{$jL0g+NdvjdZLi8^ggV<9PX{2U8_F!a4CSdQo_ zs5eNH3c|$C#dY=v^M<+Wakg<-g-$Q)yFSgLtvKg!2JGgcKatdu;q5wKk<|XoL!f!S zOmxZmuKPgDE*4!CL1YXRLm=2x!5n1D-;F-$nRv0Wp)2`$eP22?eyISQiqVKJ3~fLV zUe4T&8kjQo#0X3`n=1-NCo zP?{>Yn#JSPcM-q)^%WZ=aFCi5Hrp*8m>a9H<- zr4dnZ2g!gP1>&t8yO6JdKef5Sg+PNXXBAg(J_ie}Y;%TW>8ynCEnG3!I3_;*0>*Qr z!vL{g7qQNEGF4?MY_*G|VJ{2&81U9LjId=wAYkU7GO0~2PC}J9hpOZylkP^vGy67! z`%a4HVsLdhwBrI2ry4Le^5CtuNDxp)?Y{1^n*ehysAwS=R9sJ|UN=dax>?!U*?%>@ z{pr0Rurl!=pb-A6HqPGQs|Lfs$jHRWj=8MR0)~#x z|0;*l|10bDOMUj|zy9BgdjAL<$|rDI_@lOx44?pVNg)vA9k{X%rBN4cJ|pLcI1N#e zzv4~BK-dI|Po6xW-wYzIYbN0!O&0giweIvm_jT^!yP7|M?xi1i=;ClKKh?!X!b1%m}Iz z_Z|MxX#LpK3%p-EX9QIxo<*aHB* z^j9<>)&B5Fe@BR<`Z+xzOHnmywH{bPnQq%^NBj=yYo85F08q!TAWCR~jfQokhs;OT z32!qvJtzejIq?Qv21X15gJOY*43a?t$%ni;m?z4tKNR$rAXu~pV^p`291`%?0&GCY z*qBfZ+@c)inC9)=bCBUNWZ^(R5X~IDe=xtnb=}K&(Ltm|imwR`{ULE;(NKJcBONct z!|nro5pHv%fShrnRth_K_RyV!HrJzNqyji0R-IO4$Y5qmkhc^mygf`2k$R6UaPJ#> zBbNS?yct^@3A9G?F`5wc**VwAX`WXs2=-oWNTUKgE#c?95Jeu{NsDEUnv;Vk4u6|W zP3sc&!+r_7u|4Ob43dc%tP@-a-tQdt8?x}~o!7>_l!vI$?sKbT9EYB?{MEua_~BH9 zsuYBhRu5p9>qX**I1dP5C1F&NYJv*U5doRtoBg669G71KQvXra{tx8-Rn`7ah_3Vk zlAe3g+@faSy(0v$}wMH~UXv1+3?XYvnbd^LE<7&@^5 zLI8}jw>@)GFHYnv7c=6!^3R)xkw4!>U^YbrnfAa))r7l;Ub+jq5DAfbFxR8tF)@(q z0}2-yx&{KY-AroBnhUdRG|I;vdah|?!3 zR|uV@pD;Zx)c|_>%C$mT-=M-O-e)fG33)QUNJ`u4V#I5gBAQ5*miPvkTWq+V*FH$S z@5mL$Po9T9J@e2b$Xa#{VNGR0`Nbzt$+T!|L5t_=?0D83BaS59|ry@V59#*ldS+iR%ivELw>V% z(0US5w}3LmrATf_=atdsJLu?Iot}>v5LS@sj1<~(+^#pNYvss%j&65x5CLPgrc7bJ zV{&NIpDi*cRxVo~@brX=M2prHMY9CC(z_ZUFyG-IG&>K~$19>H=*vqh`dv>zcUe93 z87yI(qQ=y&H_?UKd7lO*Dejfj?8+|!43_MSUwLfysYM04uphsk9 zb<{I2{}6Ynq;XEO`i38+Mn5@fQ5X8nQ>W88N8#w|kCsw#u`1?^TyM-vNf`nxNi!?8 zwY;k?rZJu%QFPHREO|K)bPb1?vBN}oY{d&gkZM7G<8(*^OqPpYxj(E(Q2A$jkf0YtbT!3o?k9W6|tl11Bewky@dfz~zjw4`w>pGF2Pp&%^oZzAf@HIfu{fpcjXXEr5$MnNS$ z@vnB%!Zrp^L$Wc__>lOd?Ac&+m4KD_i^6uux^3X2YLpL;{isUPMoIxazniXK74+a7 zV98Y0u$$v)d{xATQ1487xW^x7wyABlY_!iD0e}+rYA=sRNQOu3hXt6@sw6Jq%CL`H zw0nVA@W5}QLw-{NK-oHO5`b|YXOmW8PCe?R3n&3F=wuhwEzsu+vmdK|uqjXhzMuLW z?T=V6-)mg-e~s=5g5!RrBiqa zxg#-OtI#3|CgZK5m-y&PONe%@Lq*|}*-fY;FzsSkt{L->6Ov2(>%6nIAP}~&v$nP% zpkT5!R&+5ib~Lbc{yGcI{@O`r^w&;-zwM*5aOR5uQu$IcLILo7oqnLukPzU&pr}xg z5YV7#U)lx$AiO_~tZ0NFU?`}1X3Rfvl1I^NPMKRM#V?w(L4mXtt*JpFp|$V+D$Dxk z&-KpXKRs{@$8g(==a$JonKe|)GfNvsn1feD9`OY5wzI^Zp?+q`%|gHC&%4FqCfHK{ zgrm}7N}wW6z1Q&o>aRXxQ6eEy&RrosRvh@8!F?4XQheih#0>B$+2=V}jQtg|uG)zg!uPY}#DEie_IuvaNq7X2RRWBolw=K{HS{ID7S`Q{Zv zQQ+r(rT%?Y#I6Jj9&PiR`3ui#6&Epm0Z3*PELST@Kh#g+vUBi)3wY7#h`56XfR(Al zLw6$#Ie?4ceyA&U;`QFW87h2WT3&q&awW;~y`VO9vCNcYfw$dDq;dzTJdy7W z%~h7#vVFXigJtz@z8Z3E4HO5RlK)lI{mgR-MoU!zl9j*$jTOA%biLiWH3hswcX$50 zUW{xAG0F!A1*r~T)kzKb)g`?gX^%}4FcoQK>w#w4G`2UlJE8U~^rIU&fN6OIP={;c11WZNdg=Buo27PBOB+C#Ri;u%pD>Gf!?RK2 zy?%E2**a|APo&(|UY`A>+zkxKX#NZ0niQ1q&b`>;#=sF>ugc>(o6F0`a!3A#@C9AI z#J@F*7;rM7-G2Uh6%Z7Bv~}ERb+^HdrSTQXj`jiH<)e9%NMU`$9aQB$__@clG)h*~ z*JgNGYgKqD6OX~V8s>|*FJ@Kf3D67F%WX|oj+bqQCq;Nyo>_2&a3SkXZupa*M4d!_ zHS{nj*)&4jp}Jt^TitrM$!({dBo?U|EbndSE}Bc787B2x9f_;ot0 z01MV&?VB{*Gb>6TXS7EVAeE}*pYE*Bmv$&s0^i)kj4nLsY;K^a7W(dv6%{ecjcqpV z#ju#SE)Kcie%D%krTE_HZaj~C7jjb56MdixRcsJ5l6sn_wLDgAir^hte@z!U>!@1WUCI?au z2z{6qpCOdacN2^zYak4x-wB}S8)8Jc%*w-NwWoo(1KkK^(EY`p$P17@0c*OUF*zyT znx}If->v1AQE=b4CK&djai4`PIiO1T^qJ|k#!x7(Z33W>i=VmC&>}>02%h1la5TYL z;6?m&mNscyi1vyZJ&v@AfkrujvzIUj=NUookksduRoMGcQ!D{MP<4+kV!soZG7KR1 zE4xFd5uaiTU3#`o_70b0TRL$~pQ-?p@e-`s*Awtuf9w)7rwdc$dbFR{e8QtzqcD1- z?bwG_(XfN@`+F(!uNFqxCk<>2P!*F1zXPBf<RqP4GT)`xZbaqqOmxX#dA3{C_eG zN&oAcal0%0r)TYKFESTHa&6S)X|=*BisGKtcfMq0LO9(L zdg^Am9@ugE>#Tt6ivKxz!nakR^v1)xyp)TK)LNPL<+Qkf6ewxY<@kn=rq6iN9!Y}g zdFpUua-Jh&QSsa0oWVi8_40}-3PUgnH%=?_uT+W-9oxJQE|MGa7GuZVVUR>PhDj?5 zI;W@sUO34mo5RLC+{m&}voitwC)+080jR8LtR1bAw+UE-vI~-c>eaz?HuUJLFQ>2ZFR1=kY87c+n{7BtAo<;7#c@wBFPiCg|B*3^Q^HUK zOD_i4A4lR@8vG6W)#Le?bA6OinGtLP8HFW?JOa+PgxEbjN#$KyF%o+cbG%qyy`rC< z)zLPR!$Giu&}K$Uh-Jfu7yTfKFbT?RrV=FTA{>Lg;pbF(S9m8MH;x`3GjFIrBwF}K zlcH5fsPw$-5vp=pH5K)2?;t)`ja8Dw(O;z3nto;eW}`jssu@J~RKL5LeGiW0y9G|m z-Od$tXmpmL#(Hq>ZrafmPbXpCmZ{-Z!5- zBJ$_n$bVcfjPx>Tz~(YeC3TqqQZGfl(`+vd1Sq7;H&Cd4`{g5u+O(b7N@z~%)d!J% z?!E!rIp+CV*w{uTz{*S0H1+F%#w*SEeppYkDcFuKAWI9laX&Zeo=QN!iXF8sn0)Ts z3hZUkAR>;0HB~?!c%4^j#r3I>dM4ZB*XT;0Dq}~E)5OU_ZqA_jZ-c0OHtQ}aftP5P zjvsq*`lLnfg77iKpL%Q!G)sr%S1+88hd)%9ZGuj$}zN;W!UUnSmt!GnqsW^pVb2wmeOut(8DCd-M4PqPz zEQDnm?iRG2v2yrYa=|Xi*RWnRaGi`e7F_HYX80e_w1m3J$V+TMFx}Ccl?(H;D@g0# zk${6`I(BYW>*bbF47bru(+Y`iPM*P&rqg#O{Kj3$^*>up9N&E^%4ceSpt)M5wX@f?R=(dRH_Uy)tNh^EC(383 zmd-nDNhy)m+f}7}D@@r37%)-@23WQVVa8&riBDlPGDFTAsnP$gDzrWd<*L4=4-&sb|CMKkd?OhyXD& zm8sW?Y+BFihj%JL(sJ0xb20f>Xcd<@iVe|#mc2J zR4mBq7Ka7KzG32*@KIa=4ooM3N1?%kKdpDA$-V(6+#|o4!CGoAF#UQhE9cIL#lpU|FXF+_7*5`_h>53ZfXN*MuLwUdN7 z=2|`s%owDRC9lU%PolJw-bxM`tmJU_R<=<;ch;&YZSw49IJO(f zO;^72TM^hDY#or>3Uy-DZgl9bwX;BLF@N_|C+Fn)(G<9sgua}h4^~p!=RZMkD*h|X zu7B}bj@6^Or%u&9%XRo6hH&UQHhm$Rs(<3Hl1zz1qs-n}-Fy1JZ+bb@%J~>?e)yC& z4IQ`s?sckUIv*Pzbs#f+kEH;Q!f@l-=Xp7QjxV0fz>jvPS_Yg~UlHASdvT0n$s~EY zjeQwaysTG#ls=79cCrStCdM>@MtNE{ACpi1GcP_jd)VQqnAb@b-1IWkNLZbwoy7!p z2%O~wtEsHZFD5p4LWjRAFYsPT`&PNzpE7OnSjL8@DqfqM0g_pp(yty*KcsJu@b;-V z3ifwTJ~}Kjc;_t%cPv&i_$dYso2NRygBfSZ;wh0c`N)6bJ83)KL56Q#|Y9%Z?ZypxaVKDsXf;2_wVO1^|vt6Nt$ZJB0-7e&KxA!1m zYbLuz7y_2I-7(OtJK;z>&!CIDOw7&8B1aBK59;Z8z7>z3?nP=dq|un zv}4Mn2F<#ky7Q(*bkbAs@D_Y6f;VV#Y$(}`JqLIfV>=p`X z6CkqUN?XqfHj=Vig}K6Qre9^w)GP~&ubhf@XrZ$?d>0WjG+@G%taRWpoBeTvJSRFn zLo|S~s&uF#k4qSBF%g<}#B;K9v0bdCKMivpLnaQVt9eAC8iStHcU>)Ik`(m;RSeYG z@Y+=CH<_%b9yIU9%6p>&Wv$&Ytzyz~YJzU!K$=i@Ca%^ZUV2ICK62z|#6Awb_Yyv9 z@y1#>X0bb0l@kG6Sj{qZcKJ)6U$K$-e31g$E@^FH1|3`u_hEEoa{)0igpN28<1aVl zpLz1-hJ^WV?-gj;&6R&;D0pgT{T)74r10-pfu%ppS74yzSz-{2)&f36dD~y&XQR`v zX5DEHZPi<(3-e+*K@`YPf(cp;9;qgnee^T@X%<;>@&ZdF=z0--y8B?9*8DFed8o;L zy|^@Q7}p;OryoIa92T}vuLk61^Po>vk-%EBO?o)ztoUR|)s>F=dm-L$(0Y9CPv!D} zd#!HZ+~o%`?Ia?Q+3YFdSy1^E`wy3qMBkqe9@pGm!O&se-6=J+l;!$-Cn?%mGE>r; z`_6{s2%$T0E!uxyM^!s0bA`SQ`PtpplyPwMzu0@{=gPXSYdCf~w(WG#v2EM7ZQHh; zbZp!1*tVT?{H3q!zMlL3UOdk~@cwYB_Sw7YoT^=8jXBqvW6Vk0p2&6trVQa?E0!ZE zNK7BWPeVokpG5Y?hxMFx=Ly@V&}-s`*8O2sYZS+C~{tboi4mw%~_Tb2y$xhzDtQ(8sTk(I0Y!Z zoPy;1N0_{1CnvHlr>)S7+c47Ir#so^*DiR(2Jh#8YSRBBe7=sF?ElJcjs6opC3$e4 zf;t297cYLQAkAD;dVH@ok5pAcSAy|iqEn%i(uk?dLfg@Z86wk(s^MUpr#(|o%%7v9 zO=;KMFpJdsTi#vSo@qIZ%iNv@bjt6cn&6NJ;istV6O%Ds0{~U*L8OL>X{mb*Fk0%;|@yD2_`m@I^G!W`ElP!3Fnq$n5t=r9srw* zWF5Z-^&~1v{HTUeuYtGa^~-=82a{M0&{sMNQ2Zz z9z1oj(X0*9xT*|+NdZv$pu0;kUzvcbgqCtgCZDTjfyOG4X?)dq$TgZHTZK;`YS3;l zRZUVjWiQVg#A&d2k~sffGyN_@m!mUfOXIk5h zd3q3#7WJK+`(AuTI^6A+!XFOi=9?O)>cUlGz!=UFrHg#LO)Z1!G+K!^vREWS? zi1Bo{#6-utgJ~h#O_pXj`UK2|rc%_P&g{xO;ee1z&Wou}N>>W6qIle9bOeM_S*=aS zq}@{`=*I$|p~2eQFD#1SdveTRDDB<$?CkZfH(~U4{trf@<;@wy!RH7^iZqZa5P7lY zUIZ9`t&QNoP=ap!$BT-=jtf&o^hFK3ygK!1?{ZgQ976QaN%*0lct^%nJ-J*9<)>5g z%a(w^j5rs`oFA|!jnxh{lmu>LvW8VDF`JgKf~blSD`m{Ay>#Ft#@n9!0aA`n<14~s ziCp>Ls70K4{RBHec6*3egL}T z0mstI9x|-QNoNxVO2M7z_Lu?}KlL5ajF%VwG*^6ZrlT1FW5PCA49AU4Du>u=Z&NNM z2=egv$p2Ot@Z5eyPOk6KZj6XQ(_+hT`Y^zYj0hn<|LtLGfPXDDlF-;5kKOWK94XU% z>o%W#L*-_CvQccU2xdj`_;n;Z2$dm4q31FIDcLF5V&IkwwPGyB_%_bas)np4AZs~6 z;gs4pNIn$XL*v8t4V;8Q=wA9ri}QvuMRFbHA~7 z@rYfUD$x`4r=jHFF#;+apUOA0GZTETZFSr48j?=BSKu0K9RR`*(#t*j+jIL(?i*?P z>r4+90Xl>JgF^>U-u)~HKeIB=Okb-@$YNLR60WuE=q858`mq})-f4jgq_2AEZtJnv6*DAx#)0%b@A2305gd3%A?KQY z+BT;OcIAe6eVZc-1i@R~tNXnLySScFC>)T1TLg3%3av7F*#_h#WR8G_V|+p<`jo8S zvb#FkNqh^dg_ZN7$T8IPGua5>~9pfjs?XvSoE$R29K{b{WpRJ5BSm z`@o-N;xNu24z4oANa~kwPf%F}>^$}}r*gJSwDDy#M=C-Yk}BxS;nl2cO}JsNHkIZ` z(+ZNs&L;ak3zV3ri#_5LZMUsBQ_U1#K8kFhI?V|Z)a=*Lc?T=t7q*rS4x|Uw7|-KK zQex3i{zEml(@5N)yd>rc6Ps(XTfd2SmW|SoK_KW47SK=$R$S4-O4Bl_%q86mv2wcj zMxYdMAcR{3hQYT&<7Nai@F^ar(P-3BiaCm=3pDNPpLt@y4ELrg8Xuw=!ocEd@ksQm zn?6Z;I;-z9KaBMZGd(Q{3tKhEP3r|4+z=NnN5ZpuzRPB=jpHS zKW)f2ad~jNojqSxJjDHX$a0>wLq_05sw*^S`cQg+4-%|~TZ=&Z@>%m)iAs!F-9Pn9 zph~^efh6)~xmAfxj(k2aIDvnN3OK$9lO$M#eB;r*C>F*3^>&M!Vt|6heHE52@gUst zX_RqPP+>v>>+@r&Y#WpKhotsE66ou8Ic?n-rZAJMRU$-+5Bc0o%6mSfF7ud3&Cl_f zG!#$r%@3jp02oar8w1a|9~2To!CM)e{H+ecbs1(9o#iBMC*>^9#STqe+bzc>3Cj|K6d#Og=P0=GE1+qtm^D1Y)@%lHuNTBh&qsy> zPz~P|jP$>>7Jq7`Uu7DzKNG(l{<*{ZHNo0S&-$ybYX4W2lvdB4JJkJ4g#iIT2nzIv z=YX(?{?!BMe?KYz6B|XCI++d&SR>800X}uag#@b`TS*VN+#bA>hNmUw)dmQkR@d(U zpt3BQdo}<*4R`Ya%DV@9ZG>;UW2*psxT&l|4Om9IhC6d4sG@GN|EQPl2x~|)`g24X8 z((v#A6(Jmf4e)r%y&8$$LB(;jmtmM%LO}IBt*~S+vo`!qyDM0jVz8Avuv!k!LHt@& zDzIk2ygMDqLcC`EL(m|Zzdaf?XAT{4?#;-u^~UDo)i1h12aF1*lSxp*==*4sHi{Zk z8BI?coSO9%wou{T*yikz3FhGT*K&<;oay==SfvTZy2cCOZ~?f(pNgbhP6Dbcv7&;9 zT#sFq;*s~iCZ>l;eqMF?73L{&N;xB@6MQ_Mi$lZtQpr|yL}3<0_4#vBAam^syIjWW zj%Njbd$?6Jq1r!|s|Q&MNpZ0?=d)eL_xCz?^8_fpjLcCGH^HMCNY0>m7B}q*Jd&YW zlX%R3`W43nd*|`v4Rj;Oc%rLDOA*GHq*&yKyWe=A@4GNA&0(u>G?SYMWa3qgb-I@D zPt|-}$|SWwwn!zA2-!f9PgsCaNWkv(q^Y@l3z)@cDJSs!;a8Pe{CWOTZkZ@oFk|sN z9iC95EP+{yF1{IVKWWv+89>}Q8Q+;_C98^OF4VevR@3wSHNL>kP!7NxJRqG`PFR&> zpr<liFj;EYgGjgMBE7pL+nF&yln#Yk0w>qd9As@mvZsEenPzG4}3kjg@W$ zv-(dEx3^#{shhVnXx8eU+}xa8A2gFIB~IY@yyH~q$jxo)*Ed)iLy66)3e^%`C}!xS z0)9p$bsPfi7z@4f0vQ&W^#>SI^>zlT^4^^Ag`T7CZBJ}v&G0K?b*T-VjR_65#Zt+k z=YVK+s==Jy&%c&)S*ay5`Q@S?p8>YX@e5d5*tMSxSk3bwE8rVa=ZN|XUCsL5Q~d=t z;6tg|ojDo{k3c}nP~R5EEQa@UUDA0QKelf>tjo=fR>3(Ryc^w|@Nm(HCsj|!?q`F~vTFepvTEcN)AXP28mM!RTkVP7+6(uv&%5qfdd<7Q3dc+TR$+`Ncu_q-mK0ed%)` z03iS2w7>K@|4^4N4In@)9N}mJppNH8#R(+fG^87;BVyohfClRiE=!{X|jxjWTgrU5+40eL*I6F-*C2Hx~lFbz;;V@>WDj;$5wl%0s6k<+7iuAqn0tIZ2 zYBCR1voui$phj8`ks;E&idJox+A*EO8pQ*#bBGs?C{s3n%LMQhZLIJWjBIVcM1h=+ zHdeF_e_ivsxVV`9OOeC+S2gxer1^Sr|88#de~vV(F`HLkl26S2X$XKEw1~7*o2}`! zt#C*$TuO3E&Z>LLQ90Jd<@3;{8yLo2eisPFk7@VUu2U{tKNUPMAu!gC;$P)Q4b2;- zssLVr?PzeuVkx(^JfzEJN!W=EpHrM4M9$YZa3u~}Lvs(`VCkwu_ZC5#^td2QzAvJu6fZ~G{z8W0odsc4{s@eId<_`wh zUd(fO$JUvde$;~VK#8Yq77ZpF3>3~vCJazH0HeI)Da=|WM%~&Uf`grYcKm=uV!sP{ zjH!UqUQ~4ooOaQ$-A$83)*@s!c@2}WnQ>zv=Qlh^*g$$qt23GeR6g$zv1vWeHwIh$1DcJ;yE@^T7{vC4v1*fx zRvaYK=obYN%s~h{2UrShM4cwT_q{S^_%8fFe{$8-dWVX`?$RZyf1NRNe{Jf4{#xLF zL5UWS0uufo#Pn$4gJ66;1^XLlf6|Jo>#tpJ{<;87A@~PZmdnYR`LZ08+c81GZ_0Q; zOqNOUFlUh&Js`3yKBqM%$k9p-(3VFL)0Dgw-O+lZPo2SagnfV>BQtdp$dDZhFz=#} zImxDnysn?LZwH5K7)+RA>204&2FMy~9mDfTg5ujb;f>SAAL^}h2${r%eNeGz>!87UVU>6u z54HZkbKgGboO1fVrle5so{p7qWTD?gZ{ZZpxmP2hHsR-ah12S1&31d^ku0H<;7bV+ zIn2`erHc%+`89qoI@P_Ok71IfTZu$%O z=RBaeZFR*9Mh49OdsKIW6OCrg#%JC5ISs4js96ZBm0~pBg&t*`H`b2>@%?72`x{}V z`3a`R5HwyHw2@Ww`YB2*p)C?>X9Bgb?gOye7tB^QVbu820}$gkU#}{0O&%wL)A*hY z0tHtQEV2^DfG%oMbm@9y+m^Po?PJ7+n$?w#RFb*eNZZ)w)w=;yq@I}Z=dSw`kl{fm zA@`>l9$mwAzRf7n|AXT;%)y??RPce|eu$qHP| zbFx+98*>oC`pA*cCXjS9Co7GJX;R?FOm-d*ELNc`Z0zToM;z>ijPmR+{#tH`Uj~rx z129#gSgM7l7kCG9;6Wx~XjEE`KM{clQ9{^Hrk#EYVKZJOqll>jj3}fvP%WqMn1wlQ z6^z8E_}$?1dH(VnSALBrY#Y1LwTV=ksKeKtw+UTAUx%cC>A=5f=CO8e)Rl(6Asz0_ zvrWSYtEN9`^-LR{Ik-FacgvCvR6w{ryWXs-aqD+Wzf73!cTDtDS)Rh!tZdBVn>QF*9*KnXPkeQ={VVIGs(;V4=#?QYO6d)c5{@2U+ikPZc zcql+Pz<*ZFdX>i+C#e2tXEX#rrGF|brbf?*iTxmdM9VdVEKJzY;n5ULY`|KUD?D=f zA#lBl+huT1yf%@%eWtDRsju@UQ0WLpN;J#Ov1XK_a0yIYu)h-X<(T<&2Pv+^%TPuSrAg2g2(L8^ehK> zlkC#0*9f^ z=k}3%R+7w#7!n%>Im`7m(Tj{g?UZNIBwWbO?(lYm8d&?ZeYFvof}SWR{f^)xThnexoh4lbzY$!RY8_s(r(z*oF_Gqa0MH3O>1x zZk(4JVK6_l0x1~Cie{QUitq*FcAYQ}Z@K1oxW%WFGti^dA~?V<}4yB#b$Cw>!> zuz+YECIMNofp7w~#@1VSA9DC{%~qWLvA%XTwL)cZH~OXhXV!gYS}OUzoZo4#6Pz2nIzavdj7 zH&v!%Mu{xip^A<+)zwpXdYe_wVZ45gYxbS8S8E#f{yhBz9(>|enQwBOu513W?Hnt9JZNzZV|1cgxlV*j0zGU!c;1)i3yb? z0SuqO^ZQQKo6R>k>8RApBRZN=$!my?)>#nN3cryWAQu}t?=AehD$YvF6Lal28Bq+b zc){cKYG-}#)H|eujGJ?*6_n^|{ZgOg&QKyeGvjKWWt@k1TB)8??ghRID3_5A3hUQ_ z8r+XVf4+8;<~>J`iz1Yh|5}#le=p0wk@Qz0`_Hn}+5B3T%wU_nSEvSHOsuL}vQX#_ z;IFk6FQs$hNMjAgYX*xyg3femr8#OH`|Fnd7Jece7!D296Zl1J-4;3qvAsq}b8vFy zPZ0l9?lTGxbuAcRJ-W~?{D#xs0*xn?k&&~19_QFZKI$mCckL;!BoB%iLUa_*`p~Q4 z4p}eP^MFG?w(1!GQZtR2ANhqp#5|0;do%cS_ zlP(E&m&M)zjo-;Ko2^fw%FwhMRrTX^ydu&_f5oVcx^2MT0yHd>grR(c(7Mb~oon%T zGDB~{;~syB@2E0Zs-P7lTsqx1nR*X*2nADiK}@zbVJ^#v_I_ZhF5^F?lNdoVV@ltR ze5W5a8(bmN+)k|23)V6Zq;CY4wyj5l6aeiu%*@w{kz{%RZySi zV|dnMF5ZlW8NlA{Q*mT{DC;?MOK-&{GbVQDx4ma8Zrf2QopBxn$Xwa|UPQ32+O`39 zH%i*`ltc4d2GJ*`(7>a{$zuahM*f;wn{X|Z(42DG^_hzb6;S=-&rmRqhj1xAGJA7N zY!_J3k>rdzDy5Vjbxn+PZM0Uz3ReZa6U!kaf6eefYRV~V>u~(IF3zx;4@uZk|68#q zE6D>SiTLGWA(n)Rnt3zD+!UeL<$4+KM_09IwSRk#9#R5dx*^s%xL+Mf>Fpggp zu(Wa$5p2UnD*LisE%BnHjDcnOxD{ms52BPdJ4u3OX!x_-*iC4C5Vj^M>6H7k7Zesk zMZG_ml$Kk439C{~%BDivcqb~@L>Uz7@{uvSzvEtm;VC-$uTdCpS=kb9WYr)|zB%J} zQq%AdNl!!zw&lcJ8%mgOn&<7M2+&~k~DL$Iv%t#Opx@VN-}Pea>g*C~4)PW^WG*@x>4EYtobt@{=Vf4lzB$wxTG zQ73fCb1dtVLoRo|QxT;4qB8wng1cm?d_-lO!bJkN+AKlF_!EQb;h?ae&SI1TxZEh( z)>v}8cEFHQS>i)|IOcQr6KEbCz>Pbx9@dJf=mtrmKw`IGsee~V3A>Ne1`oNqkOW1a zYA7g5?5U!8F*h*)a!*^EICVzwML>oI0qnQ_(9e8L>uEp2H}_zIb3g9{*g{r+L+M+2 ztT@7TFFmWe4cDLy%%nV2f|En?;qLB%*dSvZ7@CVeQm22B&FFNtB&tA(+xmT}>b;PI zsE|_{(dPr6Qmno^7yHW;CsOMBEAr&vM)(A-KL);ZT{ToYi>8AVk;=`v>-5>MW2(@o zet5B)rU}K(`*~)CwdtuX)@`&nbDhK=9`3(RD zblHX6n+$(GT8RJLC>nL@hl)qPc9ZUbHe+q2S`sWfLoU{1G)EjxGj|aiA3_^rhj;=K z*)8}G=6Jj}Q2_vZlWtb#*UV0=gXD@Xd~B5|khh5U?5MG0h2%#GnJiz|I1K}|JV&4V z^SaC;X8N-C;0*0P8@BcZu@ND?L0PqL^2WyVrrZ#~l0he5(#C1~OM2Rh zh-wyE-k-OPCQi%p2Ns9)vyU6+Sk43s($n)#+O zp$p&sn#b4yPW(aV?+vc8wj2}2ORZ;?YGuCapY^Y8DBeHY(7&nVukid2V=(f;y`yyV zjk=$2?KAFRBaJRk3MhD`$jI0YR5u~dN>&n!#gvv`ZGgyJ1Lue(&$%^(|23?h{gq#E|a5; zp)mUe(FR2{0%H^So@r`OFC}q_f@R|9GX3tZ-4!yywR)yxM0zshs$aOH8Q37sZcc&B zbn8dN-O9j>yoA2NuSo~-zK`FQuMYX3FjGXV$efJ|w4R%2L*#rGkR=-<7BQ;EfS7S& zmOA=dzMZV=ZiqH1NbKDO2%wPitX;(!=>lRZgQQLt?H~f0HfdKu#Im*AZu?425zwxf zVtQPiJljT=#;aelK?KCMp4b`K;YvSD7j-QArYGTMwF^GnyHo`oDc(S zzwC2IY?fX=MGtWVFaihMtnx8wv=J>hwGJGDepjqXn8pMYdSO?nnBnMM3^y6~ZG-S% z2@Rpcr?Ad2{_}h_6_!s|4qLNapW>YRz+fPg0WP$@q>bmsWiqO$Ua(F zwcJGJrK{G}aGkRELu}YvyK~kI=T zi!B0>5fp4b!QT;2DANJpE3+-w3BhB!{8Dcka;)K%=pcT+TfA9BW3f6NAtj)n+2^V3 zr=~j~W*OxDt`z+-t4$ls(q%jIh!Cby+7aQBK+83~^SnYWo`bhSQF!eL!VW|kH&i^k>;rh!uMfN45`~uL|X(=cqOk$7k|IJ4ACs%2c zfYMECC?Tq<`O-c0|Bk?EQRqd$kaAaSmV-dKTV>b}2ouBP+`pNROHh9OKCU~?6Zu%D z&+*z2=A^_PK1b7QtC4JN;RU8{if*n+`m_m}Y-thukLQM zD3UAlwnBPjS>KuT0n*Ck;71mJlLsgaI~+?5%`Vy~)zbG=UhfYQ0xFd8mYqB_c^#h&Bwkc57MM>UE#=bP>XKDPI{i9_{S+ zS>puN++}b$Yw2o$DFaN=-yeGJQ(bxxmR#Rf!3dxTU#ws3S0C>uZ4`rTp+MwY6IJj< zm*ugV}KRnPy1Q($QEfOa(QtZ{=j=W|@z$060e2JKZR>#y^m#>2b? z*u;L@K=_|XNp4}1Z{({msj;|NkS$Iw+c3=fe$;yz6wSwn{} z9`*Vi!jokVqzSk*J#}3$3TRky*c+170ZpaoQ`>Z->mZTBKnx45@m8;|p*!@EM5s$h z#oaZRDSWFOFK|qaBhR?Riy=+=T}L>`;i7Tih&kBnY;r7K;t+&r(_j$iZCw`I?Ck8K zVdSYpyJ%cuai`?NFMv$R?N&kCV4y&l$QLO;aN^bJ-ZR97~Q53I2`81jTI5B;e3ohV}C$3IZ0(=+nIJo|| z7@|o_SF>P3v@QNUzqzBul+Ze`vW*(;Qt+PC9q#jVoa6I zC^}Pm-J$wQ7Z&{Hz0sm950)|D*vGDgM6ZA$IMlEd%nau|B5g9)%!#@}Djq5pYA%-n zor)5gUvFpYjmjOt37^*rER_c!Co--{b;gHRTUWZqU-t+N;c@)E8R*&X&be2hDbKr1 zcwcE|t+D2or65zmXbtCb#+#6|yckwCqTw!`YVjM5pH2ebe@4(zB+$I4|Hu_Acv%dR zx#tP;qm!3`4hIj8x2iO!<4{2{jZXG?4lnBL7|rDA5M5mFw%y-88JeE~=*F8eL{Bd$ zue|LjnX0a1Phw4*yboQ8$ta-cSP!TSbEX3K>~-4>qF~;qX>neIBke7z+tZ26`tmee zQhBoA@T6^iI0sh?L97SANSpHAVL1e2j+slJS};;>qZ^JU#-Y2=q0WS!BzH%Jq4gjZ z3(&5kwt*4?8;EPBZ9_)NT(mfQCITsXv+Fo+7mQ8&;FQbREb>N`-e6NtOX{zH1e;~x ztL`|BSs@}q)c992F<5N>%(|yLo=ovKN%PF5=jdCQlFZLabpTeeI`I1`Xbs+7C9p`pa(ecScptwPd1a z2)g~*x6O3fvTWr51bufdIBv}2yJRI0{zBxX&}{tjX3v;|NQ|+f*u4MlqWn>2|HDGK zs1De>SNiSIF!$hUGrfaLY>V(W^JNkPDu(m=!qL+8vRR%51jq5q3HxRD7-_oE$U;y0 z*tgo8NyK)ldp#!ZfCHXYA%2>8eU%0#M*^WWE;{lXp$d9Njg4nXBhLoZLDz|$^OhQL z6S|hSG`t|NNnC@Og2DQZq632m!{yZjv3WtA&6nn1Np(G4HjW?cp6Ajab+W8`h#A1A z#W&tfcIFG<6tJOF=*=$*Nq+bc&?a9FCws^u1Ko9i!>`t^X&A|koR)=eWP&+7mX6iR z?w#}`eDm=D*D<&{6zZ?Q*V#ZqD?ri`$JagVz`Zng-m)h>6K4lL#3RA$qXxJ~-x;It za5TRMI8yX2^t-)Lb8ll!45wweW%y9Lu4QcVL2zCHz_*m`&{fEcHW3$fk{PJb?ygDO zUfsdVj7s7+N(#qtEPXZg^)uB5Bh(GMocGm)WJ-+&6)6*-8ugqNuNspF7&qir`YrEp z`>IDdu;E)vg+YV5;ARGq*(ZKW0>yE0U`5Z_MQb~@aV5V+hEq_-zHD;yU2`ckY9#SK ztcgGL?Zu|A;`MMcQk7B%#8hcvS6>YalGekU{dV{v;JMpd1)Egl?>!iZ;D6ao{>qbR z|IU+uz6yf>w3?pUeJdY>Te zFeM9_AWs)^)E!#BL(3R{4NcP?s9`ik_t(@NOfqax-_;A%H<|&L@t@( zoU~aZko-pMd^N+*@mE4NF5&DH6{uCU90TLz;<$sLnWVhovl)v@+rW@OQ#8^#4!jF> zV#v&n{{GlXjXtl@aj-`d*)yTARq~o2FZx;=^~{DK+~!;IQ_(Vc7Rl(}>LmDXwI3jU z1I<`C+cyCOVRVjs2R#3*^IL~*hw_7}T1e`UT7*tvY2&wBahTjcmgoV4_V~Oq$Q+U0 z*9;R+fe$r1Jq*B;VW0=+B*s3wGLq#FH7>-h$vYji@-@8`Y~gdQJJ_G98NsBgo-qD- zwA)CBcCC{%uV+^*_}xf0kIR8XxFME)VRtklWBX_6FX^HWODDO?b^J*#68Y@kSgrQD z?{QdK^T=g9)vzTFNap^B&Mne0guKo+{l8$dFMm--hC(J32!UyFl$osgMJ3jhmSlV75MthP?z2fx_4{$2zioMsH4~ZdT2iCws#l4xO zP{su=x+*1k!G-tCr2XlS3taAZAHeUy3G9>1$qrWLM$K@|AS@PI% zv`TCsd*#fHaSZRlLJ{}5KtyM<&geB@1&ogw9-6+Poat-5A%Ml2+|`5bJ=HzV2Rgg< zwFiJ>-g9L7ZxIW_>=i=dBHSv(@xlt3u1=Smo#$P0jL9h)EMVGSdMqpCuUT!* zwKkE^?=co?^10EA$VbAcP6E4o?{7}nTCm&E!$ahF(wFU9YkkQT#p(}#_bdX7qA=Ul zL1>a3E@XAGS=+QR7nzrBDD0^qAzr?cu+FC3kG7;W=S>Y2>4bw8WQYP;!C0p(( zOJa{{NY{G_%?qZs>Lu5wDk5)uSA`wDYT*>wZY6J6ekpiZ0ET4pu*LF4QmE)=J&{|~ zqIco<@sw)Ggi&SJM9n_6cQf}QC}DI&=PnBa(fG$EK>Ot~`Oe=12U9{&n1G2K^$&}H z0%_CMm4iaUyX-0hQT#tn`G1`9-*C#mgU=2)+&l6~=1h35K*Ux=0%CRCNqM6P)*$&V z`TQ#2%Wtw#rc(Kl@GxsJ&C3wH;==;1B+= z&zGlD<5l&H;zl%6xF_?zg7}piEYu~ODXFxnU6K80m=tO%z3w*HpJ?#2IWl?LvY-(r z^x+Q%ShC2OCW(s!;o983UN~_|XQ|4}P10_zbXjEu=5k?Uq*nm6>pX?($7^YGP>@G} z{roeV#0CWLLJ56_9{AX2V#L$bL#s(SX>13_#sCRJVm4O#80rmpCZ#Qb^?{TyYF#Y@ z2{aNCZlf927l8syE50w+m0fj@AsS8beszgY$J&rKXZmpu$n&N>K!h_YpuRX*8d_|U zoN`j_LWM$ch?Yh%9cGr9;e+lOTF^P>LeyfgPb4x}eOnO=GFk3BIBpalUWrSHam(cmsqQic6~5KIUz+X5UvJbAk}tO2@JVac-e^9^X(J6E%T51Ju693 z^u54#I%e49;@Mtcmbyw^oJgEH6Qn}sK&zxju2*z+(cMIZfTpJb(}F0>eH?vh5=& zwG~(fpyzSns5=I(J3C^_03dvZ>_7HJQJA0ZTVY?vn%@rXfK_iL--@emFn6&s<}@T! zQ}eh1>B-9rIlCNcGF}wff1)GJA4)6R3R&I=MnWEb6H&mTk8)oWs~3u4jL@=0{|JW? zm8rvPq$M0i*%3Qm`k+*Eyk!;)dx|DbZ_wtsECB@A^SX=Fv(3q#H?Z(^O#=Rx{*J5HA5anL?!Trkh9hPmpFOmQ(r{BERYRYR+a4%rIVI&_K{7Y8 zWyF}rA|CI-oaw@v2-Ha!b~^iHBhZ6OG>{M;)XW$?|MD|rhRBH-dY&-?F-emDyKzMA zv_{acZq#GXg0Q^0&HT$29fl0wezVKkZ&v4W9>LXWn6QUS*!lb9-}V&K?~};c)dKEu zJ)u*K_lY#M=R-C&;1D`xTGfp&w}fG&jSo+|f_#7qa_EG!-@E~D;}NIq1Z^I0*;EYn z+P9<+5X8e7V1)SrzKG%st4)_w)~s=)RNQcLy=|RQDa%3~?ZrmQ zG1^Bag`V!PKbm+~-aU#t_aJ~3l%eqbW>-zNE2>$*a;Rkj=5Hu>NyszP-QS?|sjg*& z^4AkPVT-PR&m@3&&b$k&?0dMpI9~W0uGKJC6Vi2Hi93~WsDgIB_Oc2&5X=9*O2&iT zv=9Y88_KH^354L)2d7ugl_~$toazvd;6U2-)AuwaRmBzVhsH0q`kK$N>HvBt^Frz6DyP%o+L#W#&+QASR{dG*E<-J?;Vs zuyQYIzWs4}Q_w^aSPpL9!@cUzIE3*#qPdsIy*#zC^3T@v&%b_ki7ZsydJ^A3_3NxZ)(B>3Z;@AWXoyUWdK?>n=ib%s@B z$ga6+zo`Hc_Fn(D3k+R#t`30#>fBwigxWC+y%vFvtd44&?ARPFiE^_0fK){O$IKr{ z!09gHn>7a8NXLrA2!_(7Q$rPuZBkYM#_i`IYU;*Z61K|M(Qn~dA7Y+A)w9!qDwr_^ zlMsPQ8-{v`L5w{W3YHmrivBe?K zDuuz?GqKm3i0St5ujWAa`iraV<3y+g_6e3N*Pn+dZc)u{t4ja?gMoi=^gh@@g_tko z2O|}rQEyUBi5)IV`M;n|TnON*^F5M>@zMu>m+{9x=fIW_hf|NTX2#QJ6>l>2(DOSu zBign$LrJ16>v6vPRfu7q@sxou!LsO0kL-}o#DT0{BW(3C(;f*SlT_T9=;edyO$kpL zpZef?h(npS{m976B-7vX{oJZm3Z+@Gg{bYKbP=s!nz5X&oS-`sD~}29KuXcHKhDe5 z_YufXr{flth}&bz`MD9ZWoWII4Z;Nz=%n?@iN&|~=dVCMh`yi23en%EU>=m^P&(s( zeMAYJzU_!Bv~65HYrauJl(5WNNoIW6tH_5!kv7TZD>LlG0if!c{;fj)8;gHc2mgVb zjR(M|bxID}WE%RgFA)x?lU&;9`~m_?fN3S%t`WMfaEog&z^6g%_RLG>jA=ZJFCKQZ zteFtwExcS)HkRX-WmmZ}nbM#7l9CYjz*l{#F|OB(#5l~4svr0h^qg#*gQ@Mz+xPdP z-mHjzLDT5aKwpLou2?X`c)6NaQ$@9g4DF7?N^`R!J3mn|knU8Dcn(eAM6!p-TMVNF z&>EQ2Py|TJ2F_ap#gGlXCLW~goH*xCGY~HlOMxS~1VcUQaiS!o}ifoIYM3zT%b5nNqhoTP$aK$66G^+aQ!t;o1wQ@$d$v!o_wk)dHnIOr2Q+R9oTPECe z5gRjhz-psNL}0;_9)l&`@)+o8vgq&n66-%IMJIa`8wY%HJ!?1oukJrqMt?QyGuQv? z_W#KS7WQvh%pXAgPt2+0Q;9oJyR`Jq5BEVb{9(y!>>=j>rcJksA!UjWG6@rK8}_!x zL_E6J7D2q|p2tPtCZCZmmpneyT!xYUF>3X2sO%GocDA=e;TJ3gV9?Ff%Qd$C>57KdIWHz{0e$B;3L2FLAj^9_|LP?-OPb z*&Dx)-4&*I6uiiSD)7@JU$A2DOASV5&}ByC#oFq1bE+DRMY6##gLd?TopSH_jn<-k zl`HQo1Ec%_Uu`7@Yx@vOwb>=dUoJj~Kc{O-LOL9OPS^f%@o5(Tn^!~~21>HdHevzaB`vnJF@Yz!9q6F>h&W|IhlJ+E{(=-Vg{P|FESAUJ!^T`LFmMu@gDl#Ya>CycuB(@#DKx@Yx6(K`( z7wGJ2isqIM3a7&c!6p(GN~xk6Hr0%AR+i*1f!ST8@GA1KU*oj=X${Eed!bTCkT=H6FJndKNgHdl`sXF^*?ZYvF291J#g7i+7t zRme~CDzN!()evv4;wAlPr-}H>L6B6%+_SaY^6f%P1YFSg*CiT{2Fgfgg>;&=mP0h_PGfhthBrY}1Z>nH2JEBv zvrWfU=F3?bv!*UOW4)`vOsfCgoo^KTPA@~yR4b&j25ajSC}qlj&M+x&Cs*)dfX-X| z6K3u8A_+tTUUaiw(nA4ZMT7;(8btaiB>Y8!-LApsd(}D?Oy9>|I1DV zW{@6DL}Yj6B_&#gI>9vN7Q`xx4WTH9BwRL1KVa?uDzEvQlKu*y|1gg-A>5~O51;&S zaU%DNZ{2w_Ie$g&(2d&>?gtr|+>kwQlq%i&F#Qz!@N0mvTnYbaCIB`?bNg{Iasex` z*)y(hHz*V#+PGV0a6*@H#A}hD*ok7bkB`5g^rKW`iZXK!a8aVgC=Un%Na{Bu*6n}? z8@>m0DRAg>9Fn050yFiYXUJ&@wuAc|xk82>c{>a4IO^J@L0gPrh>a)N+dG$WX$Czz zM0pJ8IJMp(M<8= zoyip9_>N;FVf$Yb*bczxe1Oc=NZzB=1r6}jD7nf@A*z1WOfQ&^pdx@eD%i%skksJ~ zF;Xs+;+g62!ipX?gE^) z7~eC?(IeV~lPFH8woUkX0v6Ni&-1P4%K68-FmDoXqtZlWiCvqVK`?` zhrXKrP#4kl5&Wa0Z$zpB+$j=y3lZzF#p^qxy5>2EnB<9!!l!50pY%r>3FiDO{TZE# zMf}7PD|p3vzR$6ftS!HEFAkIRZ=k^>Hl_Y4Q?)vx#mJyjEPR500`;-dV;?{W+OJg! zj{v!0Yn-l1UN~pjRzU)E)WYO1B9QDF-fh<4=O|s{!g1uG_7QwSWJ-VEz@?dK$zNaI zjkS%>g;qyc4jI!Wb=3iO^j)Up+QaVxI`ufoz>&LKGuTJa@cL!IYU*tQDyR*h+^KOQ zvl#|VVbS|%;i`DiljvLK4>$ls?BZ#Cifj;}^P0>!?O!6BOWII1(_fl8`+**3O^@L~ zt(Te_Q8-97@dtEgp;V>VBhOR}2`dv9%ThzYUzMj}h>`RYAtZccnF%2d^<~&C2g*@c zp#Fm_FG58-J6nv-B6|t49H;4wlD0KNSbCCyV{^S(ZQY|&^zbB|q}8myREwy#$&r>Y z*Bf7j!G#EL|3Av!IXbegdl!vu+qP}nwrzB5JLy;*r(<+%+h(U@qhlwx`t9%go%f7$ z$35fj`lG7$-lJ;mx#pZ}tvTmh2MEE-l9) zPA5uGywmE9qkfOQ-f5M5R{C<#IYq`}OCV5~uNLd0)=o6(RuOu`nK*Ulg_tdzOK-9! zc;HjHj#C7+g&{T`Yu}KLo9L{(@Rk0YKqi>g>7SVJzFgM9QG@s1(2w!5xf z#Wtf*zgJY3ht(!Ll1y4*(o#)~2>ZI_7pZwvK?LGZCMI_kTbCZ?!eCU`T)sVqd^PlnOj}n9u_MkRB5O zK{~mZ0~VKn1U9|7y|J|&y}5&_qZt5wT*%4N36Q?F2fW!^+nYoEQ!4=i3m|`e2dWEqt%NVG=jh4H5v^m*+l7mKX82{(9UB%RDxOv z7Od3I0c692#=U!GP!yV4qfabPvn*@vT1QKxUoa-kCHLmci;K0M2^heduA(wEW9@2! z-kIhO`j)Qp@IdZzigUjuHLOMAux%BkE6>8f5o>$TEzI+FbB~3sv5SF}!!AK`3#1-+ z8+Pcx?Yp+fii*a;P9t^nfbE_|Yh(!q#6aJrSlhE8KkjvY{}x_a53TkzAcX;X;ntGn zPS0HBpDx^px!KCrbP7LE@GO4Yiz=u8cb2M{>KlKQ;bQm>Mod|glo8heuRheqw z%^Shi*rIX%`(7ZK1G`9Fg+}d>Q2eaZm=vDhyys!h#i_oGibP#JyYq;5BlKj{Kw{ygS5c%hwQpYS}kdsJt zh2ES+=d9b2v5U*(wRG4A7+;Ewl?V@iBC%rHo99nTRg*L_(RK9WW*ZYt$Qj5#^B#Z~ zy99W#Ms1(m4XIqqecxXBTlvPu49T!(pl)Bg?Sb4mr9IjNfj&!QrV9ry?EGmO-q9qE zVv&3yhXnxvMux3h+O>wZfN-^6?BO{<1z%PWF-O49nZM00hWSH0V+Hjm)u6xkQ(DAd zjGvu#V{drurVno@GJmoFzYY|AFz84mTlFw+Wm}G<^iAe^F}@}R3#!#tN$Ygl@F&ht$-jsHT zqjnyu!>D*dho-3T;lLlbH|56nAO7Qd+zB-hBhHk+HIyb`BGF)^`L%Y zSVhIAEaqYpjL4_!&K>%uT1&#{`@Ew2iP5;cY|LDpeA7WDZLRvzrI@{TZ_`#;z*e;&Nn>$yX zB2HIbS8VCn_+4nZFIA51qZ-+R{M2jp95{9oR8e=fskp|su&A{vTn@mKM?V@=9oz&K z1!Zyw^^x9(05gMI>i_E`L6m41W=Ls>^4x7zNhyoO_-SyQF_e`hIR=wi4l&Mnt0|uB zhK?mHeJmVEis_`VXP}=gRxkO>(4(wh%@}37WEJ`w+u?l)>D>iK3GX-+`Fc67f+=^9 zG4+Yy4)S@WKPRhlnqs$Arc2@b_07*xtSjXoMdk(CQpbSNOw0+!3$2@&TOg`>6=H}#}{1(wj zXFr@uLouXjq24Na+7ZoCRaOH+E%+`W6@L!=D`d*jIESz+B1gpN^_Vz+MvX_QkbvUQ9a7&jz0H$S zXO$U5X6q#u4{a%vfLEEee9S-)=uQuZKG%uC7J?&x1Cxamaf-g!Brt-qlgr=uI$N9K z=v_w|Ay8M0tGm&Gbr$Vx5)(vRexAh&GHlGkw;8Kyig$h{ym^L$UjXF{zFCGZeEm54L-8JR*_8 z*Blaqor3iE0WRI;yY#(t5^1dZj^4R1g_3L&TM-(@Z%&5$8W%hL}4GtfN)#t`tw({+i(Lp`-r3>hYIzYg7~mG^sGfRXTEpsKCd&CGM*#?Z@VQ4J{mDq zY?9BjzH#^BQEMk&vEUOEpd0^df;BJROJ3ZM?}jJxT#K`(Tu7 zFHO!2F6u8AIw+OriR- zW^L{zT25&hJOYfmYxF>l3$4pYV_UhcpHU^3eD)xyoE<6u1O_9c8vtX<{Hv9Np1N^I zrP6klU?Q|}U*C3u?PVn+T|7%tiSvxS=xWg#uZDjrp|J1qd$5-gn|dhFBp+Smh_)@Z zoc4v6BQTkr9YR@-YA)4d$%LmOhrHXqrkD-2>iuc)bn!FmUb2jptu?y!RNn#uZotto zay2RHNx3D+@EzF^9o-B#4kg8ll1$x*fOKr6sCOEtyK`@!kwo8zo{@3}1^UAc-fsCy zmdCz%nz{99T;;(W9Ffhh_;@a8_7k$Pz%kaAffr2Yy6gC8lWFYYtAq+jW<9&c4wTIX zFv<|p65{^0PiWrSr3ZyX$%}w0Cnlhd<1uemB&o#7YzJDsWNdv~o(?>aMB#2YrK)e6 zd7<#`L^gplZ@CV|eU_TV(X-LB1W(Qi4C1?;X_os~%&O9LTiv(LUausuSEkOeZ|zO5 zOYm*Z+=7`FV{d$$l_Abmv=-42wop!y>QXA8uRi_O7T(Xk{Hy$C@^Q-GBxm@uFBZ6! z*#x9+#p(Uf0!l>ih3hWv(j756FbH_246_Fs2{mS-F{7cIJon% z*Iau$6b*(xJj>6J2rq;?%cfRw`c0Q=K5O^;Gu8%giur-a<8NS)T*(+fkMlo}P)^SO zU_%L6SUWSgJJ>Opo4Nl1gZg(A5THH(H;fLIB0qKe)f^~S1|*=$<(5}t1E--zmjx?S ziOEV5ILk&fHO~i*L@{B{Z#~GrLNE8|=(f0j-+#rC)4+trI}d-;xnTc>67U6RNwCgy z^lju-)cX1XI`d@x0nD7^CuL-R=gIw4%xz;AqQm2mn7_v^wbbF<>pu0ybrI)V2Tv;! zrj=5xeIsK(p)SM}&*Irdv?5=bXdnWfnZ%hq0q=rP)q-+AhPe$A>?l)K#?&O8G&`2_oWDL(E0Y+@Mpb#)iWPG1i#;I zL^pb33Sz4^vY_)X1*G`WxPLFoUulyrv?POUqNUKwUfcEA?)-i-3utMD5P7JEGqYx@ z?%u6QR%K>{NiU<@>4vU=Mfps3D()++fkAxYjC-`0=7GC}la3nZ*Is!N#IT~G!3uj5 zT8R{-pY`R~jiER14u$WmwWyFl@nh7CL7aaXM!4uZ&Qq4d{lb8@tTq+xvxJyyPJ<7@ z3zM&b(2C#Pd;~lvsDrPi7-Jm2c8Z3*n{O}EM6&+4UiS7TEpI=|MZXXwW&+0blgWk} zM_NoosfV|^jBy3F{ZLD3uWbgr`g`J1P9mYMF;NBmXvWm43=3?C+H4hQBWws%4=x)| zZwN=CFtb_3Pn3c|uVeimc!SF)!8h@0$&=O93wbkVYF`ciGaLRNtQYlvToS{d($4>S zp1;%Lf3RNuT>YbVp_I~;_z@1&TL4PYg6;Hgk3TWbYwyf=HRhzmPd(Nsb>xo}na;6r zPiG@~@PoK7KTiUjNexrl`)4=(pn2^tN#`jomzu3gvODySn1y!$bM z$_p7L>WDm=5}}z$w7#6g?J7N;=?;WADBW=WY+K8IL2XH~{eG*a2BBTxb?j*Ss}mID z1nOb#hh|L__v{HIp6DgCG@LI@Ti{dWugk9T4CozMh31uSk{xp#DrIDWKNlk~%=$?2we zv?@rl1J{Q|>Ct1IBG0h21`YW4;}sAl^Z>8R&~t~Br!OO=eaO6!Yj0^upp$HTnnXUn z!D3Cz4u)97r$AcYnXUq7Ch^8f8Xk`U6&!|&G|H=ZC--HFtK>0FlusBvOYFh59+e7~t0gvy`Chp4fxLHq%v$FuTtmnLRN4 z2&X@&`FwhrI|(0ZufmnBV9>?$Ljr2!=;<_zY=V_@ulMjrk*tvdwwP~nq90OZ`n{Zs z6(|_GrcZ1pc{CWJ#L`Iu{i-SdSm@8x6GLTyBN~VGEZXG8+sWMzW5bIkdMYqiH^r@-`@(f5LBQR^yPQ;R7CWGJ>VPU$gLZQx%+& z#B7Vtbq)vQG*$TIv@Ds#J2MHr$~7c2p>@JzRY!r)g&f)M!LOFV-3i4*IRU`kE@asNga}TRJ^f;<{Q1w(2k7aX`?l zUx;pV^W&$P;csAHWozKyXi?O^EbJTfY&dIJVic`--=X|T3Jaid@vw#qi?xS~h)#(s z`(b=pKQD3YeHeHk*Te#5ENkn6)m3FSRS^pszeE>N-yDD4Jjev*>j4C0s81Cjn>-m$K95b4 z&dX|1Wy8|z_vbX> z(qD`C^exNBjf{(=)#a9-DYNmVSTeO&ux%a)a_5GN{W1=c5(xzGEStqtn=AUZ1epz; z$zLZM%jWWpCRK|T&(MmKqopk}Ea%#J$2bm%&@AYK5fB2cbg#V5bXq>}e5ONJditkI zawe3XN9cvvB&8uGS0Zd<3%H?Lt+4yJxI1Y+OCG%_mXGBUqPTD#LejiA0S}%)J5c|E;UB|K~J=>EF}; ztEMIjnEM~#Hc~+SJ3x*gxQLMd34s2;Be%J*aUTmduEgmwLw@=UUxD{B=Hbv%H>hFc zyI}ckmA|fC7Gm2EmC93Pz+=XXwx0Bgi|98Ay-5PMgNgX-)wXqO4iQXQ4NrDLNJdV%ch#Es8!v3a z(qkaK^Fyui41H|WS?<(2(~*i>buUrE~eqLx!>`gK=eiX|!K``7t-Y7sv9 zw9XsDCv?kM_pRHQ+Koh5TB0S4&e9Y1ObqT`aa86Vdyl0*>o8UM7(&20Y^V{tMex!3 zZA3f!RoMtp35o1erx_es`2M>g@CN5ZJGMt zc?XuJN>Lz!Vv^8r>!BhMG}r3NT+Mfjf! zl+&9xca4n+n|ZO}$OHLVm$bN-#JkoI<_ygQB)$O3HXN+XIK--q*$3h>e3aO0C_dc$ zPEO8kHH?B@Q<$&2NjPNjD2Tlwi(cfc07XNgg1TH27EUpNTql&Xn`=~`-Oj}cO~1!O zxxXnEvghioL(K5lBY!jmv`9z+h?Q&bDhyn8y;7IBdBQmkbP;FJ(%Y0jGlrL`9aGVi z4zN5_RI0%OLIQRln@_bdOyz4tlMPNEZad+x!G5fij$ucwW*AJO%jB|ryP$lH%pM8b zmX3i~`{i`A?6_oU>hmM~(hyt82FcXG#GYsAR-UPUx1RbK5-Uqdr%Qu{bCq#&!(sM| zjsetAFH^#*8MT$TKgEG)?_5p3d!?!E7Sq5R5BvCg=WiNBT|K9HNdz%Gka#t z3H|zmE9M`tLMP^#P38|Q>=)&n6M8C7##?HbAkilC^ke&SZWNMAK=Bx8nX+rz7$~dg z7kttZgP+uQVA}W{3$O7K&gYb(H&xQCalg~3Ls?sNFZqawJ^r$zG-AjZyE~X#IT@P~ zDJcmPSva~7sTiBv{cGX%M_vAJM;td1DBOJY{{$LB3d6?bV zoY*Q|R=~7^vWkL!Hk|XhDv8Q@L766s2{>f%zcJTI1iG(}=KOklg_;BQ(t|Ji;l%62!w@^6fjrWFb->5U`8M}RY z)18oB@CN|Zr5ATroc%Uk8AoojhlYlLv(97yc*flQE9>EXm@a5gxqajT5c#!UxrX4f213`foa`ywi{9J_INmra^3ZMvZ|lq;E| zG7pd}lOHI`K-@CVWbAM^x}z}E)dOKtSkA!qe)!MR?(z^!bpejyU@TtOjfcdNBIF&6 zV9z#kE)!WXPXv5&WGiYE2V#(yq!sds9Yql9NhDifZ7E}sF@~0jJqu&{hu`gAbw6U< zMns%0ttAmD&l));=C8cOlU=hvb|C>hLlsfFs3!bItAD;Txc>eAufZAw;h#O-WPoa%{UBU`BLVQDSO5q9le2_}gN6Ca!1|Z_ z^3QS!OwjZ0hkI$k(*;7FWb$Yswfjn{_@3;lnsbbdCHc$F5v%&jiViU@XU!*{2vm9Q z%iVGWSGn4B3=r@s(TUPgUlWoDc%6pHJ5nifEgbG?Qd}34oueRMDV#B3eejJ$Jf?^)^ z=3!cDeAaaiv0y3J=;~_%eC&Y)Z4G4Xwhueg6MGz1PB!-_tO^6Mqf*H{lUL{=++_;V zav869q^JU*$(Mrf$ZCg^HO>Zx-Mc=XS9&9Dpq%16K77@`Zipg%orVlqjj_lq`K~CG zC)Vgvg2o2k*oTQ=JRDc=cUIN5{rMF&y>_%l2m!E*?CyjJEqvDbZYN-dy^J!fr5wUk z!c-ga*6H`%>Q4o2=)y1iOviKz7#+h5;~<o5gaQ@>P}qY z)Dj+eu=nRWA7YnL52PbGCLws_+*V(BH_wQGpD`O|Zja=wIe0j7^}gU75fbkH_7Exx zywD;h!1(FXKaMwH*u#PrPpgU9X8A<*aNGP!kdrhW+WGxj#&iLfvJP~n9jO>zDkHmbHTjFB0V4n3q;mbX)aQP9g+N$U?B z*fMUqWY;%+bSa*C4;D`YsxooL0|CR#mKh!oG`!6oT9PGrGe;36dGcv-CD!t66+;14 zwHLCHRtQdEnpF%?uCC)gKUJir>)Ene9!EN<3|7bJBg!*PrqbSk>jrlPR3#b~5##(~UxBA+t(VV9`2pPGUpU-?bHnS`8W#{=H$4|GT4$p* zgO+m1NrJ@64QKG1F>vbXVYdr#T34yVdBu)-aLey8IfALlP<3Kj6QZhiaa`-`h}bD;5t&pJqDEO zu+NQWjb{L6ufTr_82;z@T>abzLXwe?mH=D;29g52fIdHfP(@wLjor-6h&-$T@FtSd z@=Bi@K%ziU5D<_M;82i|kkHUjFmPx9Hv|iZje?4ZhL1x?fRBTRM?}UzNkl?NiibzV zNlnMZ%*Mt>NXgC5#lpwH%Et2NM}VQBq2XZRu;AgbScvh6S^j??pZ!39?KeI^W}v{x zKp@D#pvb_VgFv`IKmaD-e?J@uI4~#}1P~~kFm?hk!65-1Yj z#Od45$iyf`P>pYfD4r=p*=)ij@(Q9VsgC$^9O)BeF*iiz>N(TiHq#H5&L-b-y!l;^ z4~u_ykU$-zYch)8YRKy}u};2p28bo5iML6q56iP3951k&HBZ>*I`;3PHnM`7|2sEZbI|H8vnT7U84P@x4}%Up-)$~N83?JbYV z2jr?}iE1+xbR=gZ+x=@hdqIG_DFJE*_U8rir*h`c0gy5%7%~zH5ivL_2@^9Z3mL00 zK>SdE4gD1@Vflu#ykVYW71*<6%Mq)WE!lj76zjAv zydIxuc?K?1VRa>;pw{u=jO4v&G8HZ^LS?gegzS_UHm|=T8e+KH)yZbD{Xy{S(7EfK zJUjCw@HFW|7JCCJ+1Ic9r33dd9@8f(jH_Y?4Tm+1Qnl~J=_@m>)cQ@O^xPwbc|bgF zvIOq%O7p-CnhTtFu7n2|79{U4du}=W1}uE4R}Z+Vs!G3vrMXU1Z%6AKKZznzo#GoJ zWaHb$*s?wOFyPQ%-PndYYEHB;#1Wtc$D-E1wM^F^jv=~2&>JU|3mnL3 zs|g2TYz}Q9K}?7~5+=6KcvV7%B5n-j6}{kbTx2x1N~Z!RiPP#?d?rfdZaumS`zMeC z^&HCJ!~pU2jr2yhk~s`$VEEM4v@Feod<$rbh~b38E~UOXo_HVovj`YNOz+tLwwEr+uk5reR(x89~n zhp6v50Px4O0DS@hg#ZWpAF%)fA%hSRg983q*qDTgML7tS)x_B)ss2AY1tAEM7540D zwA=W>!1c?#UrJwr7i}i=YIFcnPkMLyg-+O;`H&^=IwcfpHeaGaXQ*@J0(f0dT%exO zg|K+ND%H3ZF=gO_#g|>7ENW;VUmZ?8+fH>H;^x39?g#8-)p_KFyE%yEWsVwMDlz8) zA2}xrZUkwW|B?ylxGmFbsz%8oO=lI)CR{ky1)PTNalMG1!DH(bd;SfEZ5abjP5)KU zBm-8bYxWW?;PFV20CEKRV=ey`Ea35onT3&vl#QK(k_zg7|JPImiQD`lF&ZVILk501 zncq>H_Kl3|D|s5d$;O4BAq}`}tPWTC(&86E=s~20-nn9FrxOrUvSs(v=chMT3Q}6n z_qrgFgc3#Q|8U$x!-vvd3?=pX_244{ZH1LmNb3i5;n|2Zd#-C_PI|F`!z(^du)Uk9 zT)$Z#kP!|vSB6=ojPwKDioH^i!qoLPQ5$nRC`@g|Dy0-`bJ%Qf4oYdTSxEIYIIr_Y8})}a|hQBk3KxSq8EALZzGc>2YSA;kSu&2E=Nr zeo(9w69=>Kh!GKdNg_42Kw$I6)O_(_WnM zr!AR6iMfu4yT)0*2K;vj0Q#d@NWl<&i4w&W(Q?4V_DUHfvdQ5H;sxNwvD8Y*zDOE4 zd%L~Dk-nK^puVt$PzHJx$02rzMc=~}42UMm=us)QZYMm+e=#Ae54x2wWd^GOdX@~tQl#qE@AkCuF1^58*HnlX19SvVbFcj4#{g( znptY!XHA;`w_=|mlm$WH&|Fs2bNApO0O?efS6A)oSnj6G+qRH^tBffL2ow zG^UGkd2FHvjzX5P&GE)vKLZ!kJS?fI{Ckambupq`ZL{{HKcZPz{`9tPxd7r1sW7`!Vk*zfj405OumL#ckW43Cr{v6=RT$0PtOI0Fw}H9e?nlYW%V&R>Q; zMyItK$|S*4OT$?ir=EgnPGRJUO!X`L_Nt9He?2WqivUJ}8>g73uYN%!ze^EO%m^3< z(?||$M1Dl1W8Y6~R@beBUI)%M)Ov*94|0szBY-B8|1~GjKd$Pp8~tle0Er_3tcj?8 zXRhym3<`-TCS+qokH+tacjd2 z-I0TlC7OU~t-vB{imHU*w`e2rcYwEjB%(2ZOL@A~xK-bxha#t=phV!RXcn)c)5{Mv z5DcK@H-};zCe4F<7fHdigugz9c_{p@^MimRD$uGa>TcSo=FO3^(R3n&`yR+sJu+Hs zjo^@t#nP!z1NR)tjwmF~3H}Mhc&ZK_$2mDl)2d0mDp)S+!u3Vg#@>olQt6)GXkd02 zMLs7c5AneQL4FfW*Jf!b+|X=N&cKAkREk-gfgm*ac=Q?Z20bbw1FA7@G60`O$)N;# z9)hZ5aw)llGCjBu4u4qK2Nf8aGwWx!IeUmJl4)z}e*J2yFcm>-2m~CKpHZXC7uhh+ z3ueyN%0Mo@p%NBl5FBoD;4@l0RER@RXg`bRE#^bpdug;*kFkNq_AEQwDkKf9lq5nn zNd7Uo*Wd5G7(~1D@#9pXOFX>3!+VaIQ?o4(Zbn0kO;iBpAm|NvqHSlW=w7$bws9Q3 z2?ukP&L#w2(RHOp|M`H=wWxnD)&nR1zn5MAUTr-wA>^m`vTo@V_eni@BS|xfw_kbI zeskWssTu!-vsBikrmL=M1TIyV>SOIIc&~{w>_nqHv%wavT#jWumxgdDm?<4Y#=m;W zwP;H-YlpLM*ZknOA6KiXa8E=McM3Ex$3*u)jmYz+-EcXy2u*a_D!-VBlFsE=CA!dV z4i8n<$!bc3i`g*RL6ca>;gvnU>glGbA!7BWMu3U2)`>mV9PM@ZY+dqJtT}KccuB>b zXD=!E&H)wzjNZ`?Iro*(lf^!#HRfwe7DFT>AhVBqONUDv6Trei*Z->TMC>l|9+PFC z76=y|Is{;u%K_DG$9uNraHEFGjk>~P38m?+;!a0W@3-MMbw()&v{u9+8hg|!|Fg=PGi3#u#GxwMJ9^i#;1)QTKFci?AaQeB%u;?eC7jUw) z*Ic$G(+{BZ{dl{FK3Y1IFL1hBI63t`!a=28C|1{0i;{_d0PxlKgR23#s&)yIopKF4P)oAyGaxrC7-|^Ign;ec}-Ok}lmYtwkYK@p^cn^X7{z>d1L8 zrY^zZ6lsYUApnn|n88E>tD${2PfzSPinFu`rwrByAL$~N7uQj<0xu-k$F_Qm6)*{5 z;Fn)zirObpy!@6=$UvnkpSuz!$-q?#p>oLyJP;c?pYI&7*#*4$b*;vl*s0-fj9=t&P7W1IqzU*Vvbss@l+z#mNwfmNPP zEL*}AQkIX33VzVM&)5n1l5R5UfA9TD^oAJF;o&IZ*C3DFPoZL|A-bfSnxKE zTq2N3rSCbeQw*6?dX>gwt3XStx!84}6!P8>qK-s^x~kO(`9bs88tF>vI(H3y%o_US zHAfh#ebxg%LEW9EL=mt2#(=(M*$0rRA|5Yw#?Eej2hdCE4YD5!y!2T+2jcIFGz^1v8xpSSe z$_fddB*W8dskH_vYp%kMJ@|QGed^7ZJj?|2u4#z+@m0rlTTuTC*FtETHC*~}=v&Gp znBzFK0}0{(qwCYsrgIf(7xXL{P7gQEFo#V1rTtR?I#iK?Py#6+QirpavPxCT-?$84B}aIjhf3*Uo==Z_Qq2w|(b4BRmzw#qa=B=@ zfm*3njgs_=*q6d8tx$#Yp72K77;`0lHkmADLPJi@!BN&)Hf54jgS~{-y@J1YqkA&u zMGP;^R~*Nov(5)&#W&v3oWZ@{ejS+EsrKPFfrMc8H#PvdMh$qYp6Uk;p}&&lK(I9DOh@saIi4>NT%4m{QVq!^%B9X#_pGssH^{&qsZdF=4yvbi zGM5GH*^LDEuG=qOlI^DS6I@I?3>y(JnT*3H@5VKQurJm8s&qN@0f4+1g)h3eX=W&R66u+ zxNr<7AhIaIt#5{>;8z9o$QWpbM+*Z5jy&$yWw-o7rYZBFHj*Ej)kzx$LhGbWr^qq* zvOSE;3%lo?+h(C3kRdTM>q&=*XdwCPNoq#!Xga86P|XpC;zoNO-#Eo*biTk_jZCtj zqvF`nnoU%H8w>1j)AHO!`jGD*{#rB~DQChM6b_P8>?ge)ZbKf3jC0V-H*MTDmpEK$ zU1NnqfV35Gp=R-l*2t+&Q8ef_j5FHAqv9*T^J{`HNM^HVczabv?|L6SakDYpc_BMK zSH-Ft>DGJe9c@;QGaHPtbw^^1K?UyD@(7D>3PUm-OMNqneA^v2)hlmIt+gQe;XL!@ z;#)zO;-2C;tczvQ@ib@;yMur zpuWaFHqXLE(ZNIoLibJQLS@(1(Il&$U30r?SBxmEcUlU7t$pFy8H0$wEdBzei(9vC z;bLY?*}AD_`lHXCw16jM`L8X6A^~inZV_p?p{vJe2;FmA#GluP3z_{s?{FSdjw#%m zDNFCR;L2-OX(N@^55mfX?bYE?KOsk5QH6ZxB$d~;yS6j1s zmt+5h=22&J>kZ`ts4uMNZz4EY+JC5-;H8q#aO zlc`i+i)A!$5z1YNKD~WgRtf(iI6Rcn8`+{^IkZ(`^dp@-J_O8lG4WMOumYVzeFfvo zg-57(U>dBC2oEf}e)JbVlI-pUuBXpVi1!6w=A$_*<_9R?#VJ9j`9)Olp( z8;iJBh=$4n7P0)ep1%qb55?dH?OVm9_R&I)FIT&laXjJ!BI5I+YHa_dE7~uv3*|{l zYea1yk)UoEY(h~~lh~x`7OX7JLN$$t-XAl83}*);@unREhKR>Ib;4lMLl}DZ%Z=JK zVNO90Q{SY>>Y~y-TMrsl0*$Gp>>wK4=N+r$#BU)wN2p55YfU($#jdm?q#j9RZ*YeQ zcwde`v@)=sHbCoa`1zH;6gVi~RNpUYb0yHaW@)|iSSsfTGP+#`pj!*kuOaxwIXiw^ zi<&Jv4y(&*<{rQS^;ewt15qe54=#KC;5Sm(S7GvV;aQ;AFFYynOx(??=*TyQNP=j} z@}dd*U{^2{06QIf+u8*y??l)bQ@T9TQxZ)TDiG`eP>Ut_COkxe5Q9+x!vJvt(liH! zSWNi9vgTeyPVO#Fj;`iJR)BgRduvxWV_S0vJ1-(@2U9zDGeE!|u+!1S%gN2!(c$0z zGUg{jeuq-*1;%jiC~EFJEdR)AvT^dYTfmkqaU$`FQ-pv5s~$oDHskW#6XUS7d0lW9 zN_ft>p7)Gh5(w)sAsP%l>hue}!Tvb#^3yc6aNaJ9Va_Mlj0!0&Qy8#XUkz zXspPS-3nQgxZEHgFPhQ492Nj2y6eiA_a|?-*LS?`UvV`$odfCyGJ*Q zSRVp+uP-2d&Xbnh#S@MDRn4&Ngg@9CGXh)Mw!?5-y7lf7zh9pa#mL<97wxs%auRfu zgqeS-$l%_yRy4U6!hHb?3SL1czhR4!Cpo{L} zeBv0=cVHn%wPZpc z#!Iqi4HH)2+-wu?U%QRlrJ*Gie6QWKIYzdw{F1?r>y)}GaXyFjJ12aeIwRQSooK6T z(Rgsm%nU^7Gv2Q|16BhwM;jTqM)cts1EvndQkBf6y z2%b8S@Lugc@4*7k=I{l5!!Lurw!P6D`9X!c3$0RDlamH>J59>&jHHa?s*$*ETlzJO zvJMZ}5&?%->T&P?m^%Q(0)k8QfBMTkUW7bVXCBTiXkWYGW2j~oi%}MTJIk8Sv2B_v zL5ZzQ5sjGv*WqKMD5EYnfwV!sjUNI`0EICFRr#$K0X^QU@)-e-ZEQ?xLmrPYTdSNb z0wEzY>)il(*Y&mD2ytv^D)T7Q%;UPQZguSzM#@m@`o zhoG~z?RTTpAC?q1qb*xmtw>{@@<|v6IUYrldx(SN}(t;>h7;~3K2v3~SDCKkE= zvtj!9BwKkbLN>?|QPGJqB#w<0EoA&!f=rUN;N?u+Gt%FhM#nV8okHMLgZ=xLCv)9N;Fcfs+qtn-z$rIPD{_g zyYzzV)l*7KW5Y=0p!n!WuAg?<3OJa3PquSt~j+7*J4=Q$<->WUi{jd_aNY zsjVzdhu^;Ci|qI<NSC}tnmZ`)Cj(PJW;O*%du6ug6N-cM)hd7k5 zw{V@vPwq_fY`OyFSF#RmcO9Dh%I*h1u&joA5Qx?)g1$n+*))K=Ev~Z1ZAXUwyxqwR zgl8yVO@?ox8z}oGi31(JV!ee4v%PSTw3Mt5&&r;Y80s@t_vsbBhLX}}gFQ}`75q^C z6xss^-Ho+aQsFuUe}~KXu%H4X5W$|h=XCi+cUTpg90?=M%8q<8Z71Frz|(?6IC9j=06!h$kK9+tTa!UL|JRNRTFcg!$=_nUsiyr zu!kF#BliTj;yGHYyGDPv;@fKbOfmYwS%4QGj4~5(g>#VyA=hpQ?dw8sf*iML9q6G2 z?@FDNR?^nK?IHk`GSc@$lJ$4qfD2_Qxpv`Bx~JW+QX`oLV5kC=zqkQ_;4Iwji1@y^ z{^#Sr_Vq^^0;udkfC#}s{&XlHn)V+mdoXkmC{R!g5a9n+^+Jqqe{7tEC<05YJj#z>p82y^K5rq0!PbE(bxXp#{YChmyTdplt6atu$}tcBR9W z`C;+-5a|)27;_pUbZ-N(vt`KuQ>qqi^Q;T(l;$w)14Y0yce5!T@av*A_Rok#>VLcO z<}EL2yxR=F!+JtJ?5@%rJJ7y~#OE|SIRe!@I-eW`fn)W;n~|be z6zQ*qAo-BW^BH88=1?z!JCgw%>PP{tYeoB8E}AuuukTr3d{PWeCMugktnd0Gr2#zS z|IiTs(F(wl^Uvhzzp6FS0hDKKwG?s-TlHf42*Vrx4O<=t$b|?f2LX-2hn~LUy$gz4 z5eU0+fW+{}$DcxB&9YeuK&i#XEl@PQO*!Jzf;QZ!wF=>gQ&4p}7yR9!kMHV&P84h$ z36a#wc!cPUsm&7b*kJ2r#X7uzipI{!1V*1-l#^Hj@A5j#-2RrD0?#FzvQk5--#WE#)HiW(_N2zv%p+y^p5iEK1bnG`SK zL+!+OI;dMis>^25^5&QjM7i!yZ=Y+T8KPikFmL%wyI6tp7#fFwO$PDb=xU66IKHzAC(oDJ6H0xOW@}N?d@U3CeqL1LG!-|9x`-w zUtQj__F=#_##!_@CU*Z3Ihn*k~28@zCDO zaoEZ4`q}shpWK8~bhVzQ6->of>@Dl}(E`#@B{f(h&92qEB-~x3ds(>7ww|V_{^Bt( zBL%-}e`ll?z!^Aa?z<8BrBFJrsV^d1G`kIN(r|eyG{T%XQw%B+R4MyowTJE(2B9Cc zCl5vvF(axzHh?p6Gp13pU}Y8w5=V08+)U8wk8vWk^cPa3T@TNnV-DKeb~9t}*N5nq zk1fZMTQ)L4Nu3VkU(Ek#Ng7E1c5?e?yzJj`vwZ)GoBd0$_0JcZ9N(HP2mq45mIwbK z!{s|qqvWFFUxF>8*@jwK1e{2ceguF-6bTlrX*||!$))1~&Wqp(s-wI#hPoS_!VUY0Q@+D^6v%b#$twx zG`k{cdtJ`**K>^lYe9v9A>OH*S3Hvvl3gQ5=HMcj6GsZG@!1rZUdCLu+%OW9 zY@#Q|9cFO0Yf&}QQ#P49{t{Bj!q~KZ|17S!;%x57r9b()N<|xpcyUSaGoz5qndgd< z+>NP=3lM_#p?(FPy&^~pF!$Hm>m%|2CmnI#3`AJ2Ab^bMN94!?5->=d_o(_cT*a8p>94OX+EYOfjzb&fO!&A3ktcKaWUoIFRfJn)}|S5^hu9Bui7-n(ZCMacstehX;waNg3wzIU(?>g!Fw2ai`y~~0Vqx2iEG+!` zLW6)Grk`~F{gbJKy1<1gnpO*}J+!XTo~#H12tmcB*1`rTT@APX6svfT0I zF<3!)t1$)F(XCwOK|%uhf4$jMDOnQx3toRax3#JQWMcSA#J!L?dZEmIa+iLVFCsh_ z{Q}6jp6U{co)V>zjET$edR(UL;Ep;D1;Y6@)cJ=wg-Xdy;$MIC=rD*uA*Fd(3l0Ct zeIGj~0q^Okl$NA&kU-+t1A1dVv){3&$^VQM2C(bS;A-G>+@4uVa9eM}!GI;N{}LOw zDAQGUl<;`{&ZackL%PB`sp-S`MVwxdEHBWSRYX4@p8q&S+r7fW+OvRyt`Yrs%aF{* zKv#SNB$Z(ZMe;cD1UCoAw$c-=D8SXT-7|)-Y?3*c5J!LNn8J7;4Ms2yMZH_fpx2;$ zP91>MwxQa+e0thIpoVK-Fv=K6D zosmEmhV|J2orSdL3ELCYq8NI z+rk0AvFwNlUx+jq`C1=k(zTUu!z}gy>fo^PNzq(-B%(0u$77cHxWxmt8Yun)%dCwY zt@Nz*OpNURN(cHE&;Bbs`x{yi{}-zLRb_v}4808g%aRi$6#sE03#Gl{!o=RDRYn9| zM{rSz^j#TA9WH|y5Oj+FJk|znC8+FRlkf_K-KJ(lbsJpW#3gUc>XgchK+$`zO^;am zq%QFFoY=K%Kjk+4Yp#@wMAT9#;(1`f859Q|R|ea>db>J;5>8wQ)# zKTkbW!Yz6@NcTF)uL&cz5Ln@oOQ|`%>)s$%0XA;gjjn4`D#WzNRC6LxO5L@4+VPXg zW(TxIowP49kbmzmK^LX-g8h#^%~XGovbDhpOWhWq^It%^waAaaRR(Aj?)R~1=RH}& zLpq;fI*%+TUSHLQ@t4X;GsSPuU?%H|4Utx8VL?;dFUmeydAxcc(P0^gX^egqnmisN zyc4B&NgB>#M)O+qT^Dy7#_19F__@uymW) z+n#O5K}&FUU?-|MP#B8nlK=%(vj7SQ=+0Ld>o^(7I*ay z%wH?W^No8b?~8aKc(bD+%~hdCI@L4s4E`Nvmwx{aGumZ<3|Mgwp#{-iS1)>R%RDVT^z87ScY3(WM!5dh-OO_Gid_NudUsHnO6r{puO zU1dU=S<1!}m(hXtOuQ0TL=3#pWUZkb3!Y(Le`*-B{FySz<}C-}oX!u&g#R^k{3l&%Vpa9y{M^uzivpeERRYy)vd8m~vDK75<`o>6+#@yX%R}9 z;~*pQFvd`;SnYRG=A}%6*lRY&esj%G3s9)IcYxs=6lmR5pcN8HVbtp|o*(`IE-l|q zSy8;44vUH2G`9if&YrQSm>o;w^GTo?FdcEsF@g5=qKzV)76y2?9z4(l{a*!#OMaLe z(K2j|&fz24*!z(=q|&BXdT4Mq#-wa^SOH&X)bn9Ocl9&k)jtp#4|QqJp4L;Wui9iK z-(5Rb6A^#8le~*zmTnhtq>;2FpS7lW0!kRVVhB7#xE7Q5!O9MOMAjX5JIx(d4F16i zK$`b^RY@^Ao9knPJ_mJr@9fVuTD%(2E)i;g`A#EJFl;jM9fVHLOMWp0i`CEh*;)XC zd~TEg2YLt2`x0ks-}dRjePb(H>jrol-NCoMX(_x!RaD36LgfCAp&!X_#hF>x(z(||F;0598UcDWuC z>Q;4-F^;C=sg$OgLGdt;P>Rv8WYP(vTR(m4S#&*LuIr3^jSsxqfsnT+bb14vOOBQ# zN|=+z8epJ?Lo14jdbwL*ch#502pkHV0r7n3qS;0h|9|06 zs1*W0{H(&Gw9GZ3Q|P@uw~3uUv3Ik6qYMm}1ivUfkfpZ6URY(I=9WZ6Bv zhm>FnyrWSITH&v7Uxv@Jp8}!anb=Y!C+E~e;sbMlpY`1AFuc5^6u0Ge8YsZ_$y{=R zvD@!__0sH4wgI{j4Sv20mWUZ71P);l-rUw!sdlK(WHnvjfv6&gGbjL0jCJvF?Wou) zHYkm#D<$ewf6&eflQGJy_Vb{3@g%|hg|}>lxf$=7IuaC++JOa9;B1j$9aWi?3nBUHC{;UmiXn9o-L0X z(TyrvNvrr5P=i2%CI)k&6j-pFoZ_`fo+p^s2li9Qa2@$N{g*-{8h5oWCatM&?YfxQ zNcC2c&pRB9O#w`C`2aSl$Z+xkzUnpx8T@jV6gG_5)8U2UIr2$x(xTeU9l|h9ZO)JR zc!?pBsCp&nI^;xLzihHySmnRC4(C{?KseXe`M-G6fYGCgF@^(af$s?kRI6CAGBwJX zOQZ#Db@+%hPE$$)B=NG^m@B$DlbYxR!C8Uq#sz@G(Vu@EJvwzdxj*AKHrA*?g`<`4 zvfMRI7K%iRA6Ixj7(8F2;>>6{*Hh|h)^T*}k&jCVfJp0ac?*_xnkl=yxvM_4Hjw|# zpZ-#NM;lACzbC_g4TgOG{+{Q*7^I4gfAT+M&|WG0mt-0w&=>?5=EFFV{l`HVlSiSJ zURq>YMzX7JLOLwWs%&%(wUAyzdo3#hkv8Ur2^WJIh1|RSM&06q=1wZ589l1udHb7F zSl2}mE!K}6Yhrbvn`d0k8@>7LQfYw1UHf_}L5mxeH3) z&*uy$IAGkVQz+sOdD{FOl#{F2>_`$TWhQ9!O&x71jebzi8kTJP3j7!<5rQ@i>;b$> ztWP^cHv&o^O*ju0%Y1Zz^shnSeGk}gBk)>9`&BWv9r- za?_^%z;F|R;*5?*=M%E-5}AV;#8?SOUH1zZn8J%bmL-ON9-kPIKFkYtKwr(_=4r9}FE zvjIujEN88^lyp|hJB%r^{~GV_4s16muxlXs4@JhOZ}0ez$727yd-%8dBB1&o*4GgJ zw^`KHG3RKYJ44Y0igiY2`dyoqPmc762XSE~cF*0ZW(5pJDsCsrGz#_xH=+Mda&^r^a^K{e zMWWEnii$Ub*y(dO2`U*}l$99neLbn(TrKx{92B}qYAH3H8NVJM*`5qJc!sus+RV;H zbW6!`eL*R|n^_PgRK1+^0vbU1JTlNooNOqz(~R}1>hY0r)NtBOu3oUqqCfa*cJbd7 zym}q+TVXFi%@m;7$T>BJ;lNCA_#L5eAR}>af^zBd=5!~PxgSaejWh8UolE(B^h9VZ zV)6K9GH_DvJ`P_VBb)!4bn^QH6H=PLW8+N`+4n8>m#JZCHL(Yi#_xSf6 z%_f{)4}?qb?=zw5xBpL)QAiuepvLf)AV+R}-!az+MUDjy=KZf59Gj2wD&tdOX(7CKz%j%Cp`X9)rQ)7WhuJLvI?b`3Udl$B5UP{I68pZFw%Vz7(J57=X#NK7ABe4ngiXY2jEDnPK6P1E5v z80{1RFWuM#;TpJ58d8xT!x{>?zwMa066cVo!ONaU6?|Fi96WW+X@}E^byI$PHc|^) zCi-w9>&5^j+fWSE57PSs8H1bPGC1Xgi8DUJvg_xM)7V+G5X;X$`RXgANjCM)-=?RC zIL5h)DNI@BYcar;#9qp9Dh&`u*~l9mywHi$EuMMB_Xp^>zw-_cM_IF&xHS%DLWt8h z(>fLbeqKf>UeGa=N+4u%e#MO_&-pd7i`(ONiDD_|ogvg4HGVbnT9!-AQZOPHllcmW zr*K}ASpKjn2n&c#o@6Xpq7c2ow9GG$*V8Y|NlPe#;q}erK88xV*rTbpVLj1`u%u0b zpH#bVyZ8H36U0}7m=A6L4%i{E;mAALF35goXaba|o=sZ`q$!d3!Jw7a9rr^NFz_Sn zBvevT>>S)U6iE6Xx1((Tv2fJ7V$T1E;0lk2|5B|(m$#95vfPkEp^UncSyAoc&9$}5 z=#DM+jXnB8y_&^jv~)SO0S7Vx*kbuy65;f9Yn5&zuNJuB}H+MT|R#l;QF6l6{W z#gFAiZgGprRI88mFuRazu*pr?|Me>tZblu!1E*PjqR9~3Q@*|^ldsAyOA!PV)>Idq z;IlO1*wOdOD1F%a`2fT+LGtyni80>)NWljS7(F(aU@Vxb))0gx=w0^4N%tVIufL#_ zOBi@8Fn-NdI!xo?XoVn zLH#w`Dr`lY&THi;^)mEX5X)D*OgT(#(uq^|rtjQCKxEpibLTD~Fo0+7xUaj?y>%ZQ z^@SF2oiD}zs@q$D?D+jQ8VD?UWDg!o{OvYTE%;vdb5p`!T$ zznNA|jFNFxioL**X>jyXYuHaktd zzZ~NZJx!3?DiKk!OCYVTK}DEDM=+KmEXhyuiTj6xcbOiB5si?VsHn+r`SDtAb^zHr zH>hwXunp_C63@AE6~ITzQ53P3TTIZs<4TP&lQ>)q|CFxpIJ8*6t^cpQ`OZBooe?ce zX40oeHA>3Rv}SvPuXBhR@9s!6k|n9d+gNutzM#q);P%b7CMUZ%QAaeo3wrah-)M-& znZgghy^4as4C=XU3{YHK01!z$Vk>;UWXYpjVHqJunQNALB)NGyz-&!L?w=!1w@$dN z%U?a6<=x;?X$uz>P|P)4seLdTWYJQeTvYYQJ%a}7Aq`DhpAj@tA0{r`2;{SGcpWHYj zRH88j8Xf1$r>xU2LaKWx`fz4ec@$mpabQ?Ua8;Oj5ejVHJY$1bK;&c}P7^ZqWgnuW zZPzCSncnI=eb=VC8=h-qxP*+8_249GDGNz&no%)B#8C%`sxqJ}KgtOjLUxIwm)06k z9Md<~$>ak2SAI9+&g zjk0C+h?0gyuXkI7GZ@G>W8x*-HC3hpGb#wV`|OJEsJg>G+2%(p)qr$3Sk3|1tomMw z>W&#f%{mwmx2Kdrq584Wf>Ga$Uq{V#&tIP&Q_F#24hAj?L z*R^Pb=waIMgew0ereRN#rd>n)CHk!OPQ7}KoiX>{a!zE!fX;8oS$Gz5%AMnglKPkuXM(u72FXgE+~C1ykIi- zKM`MP>a(>3epFpt%QxHI6!O@dI@3fqbh@#M(A&*m1Nz*EzaAXeVEwh&mFl$x{a)<$ zBr!BrWan>V*cZe~+b}0v>jwYig6`4e@F)u4P9m;s08>c+UB#`^K1Qb)~&)$Mm!@+$zo#Hdqa!TokQAd2hMS>VvpYJoub zMs#L;eG^s}ud3e*cfe9AyJGkK5{&nhSG2okRFQ3zllo5)`|!NBF*!rzJQ0ZALB4H5 zhMch+-ISnCF47fQjjFJI9gv&b0$ZejC4+&{nmTn z#1-^J@%N@kGoN(1LFu{amh(-%E?Ww&+ev>PR#vlH-oheX{)rf#31N`kxxL}aehX|b z>x9IJsX`2EnLFR=H%q5WhDI(%CPoBYF5kcTj2(<=Z0t?GTiw4_Y5y>^lzY2J|Er;emDs8(Ay6EpECwZRHJD_bc(mp&GUXu@mc$00#qmqk zABMok@EHqOFdY55$dYOl#bCf|#|0f&mQV9j^98*3q{MkW?J>ucx%-Q0wvjNe2QSa0f~VzL}{y zyR69We-%W30BrA-F$gYt&kp>Wb4|n;1u(B%98>T{4iu6gW}60i>`ZlZpH*5cmn_Tu za7cXijcg5R)lol@EGMIqBeX1`;Wcs- z#CHcX*y9ZGWn$iVS-(aaDKwC#nMiMno!8cq##}nqn;n@{&svKY>SCMHUfG|J-o{tP z=aApCSh=$;xrsv#x4#dw+t$F|_~eU`1i+jYxqUi9Wepv24+Z+Kkz1aNg5Z{mezv|{PA#&12;r3>s*b`Z-rC3~2D@n+^wQ58`Pm0^{7Exm`l&q2*zg zUT^80Y00M(R1ljPGqa}t$tFzPe7P1m9c=@Bx z2>}EeASj4`mJ}{*jkmkq6b$>$I`76QGR%;KQ+H(DczSBUlRXaEmD&KTd|nSuBvfevNFV z1~R#&PpVI^#bhE*ASZnit{s{WKc74xzw|o0lx(Z@AdPLF`~235tiqXh&Onp;E@hC* z#tq)<*3W|Hha#9a5TIp`3p&)8=B3V_w zFBx*4U>tp4$JMqs?eXL`9^8ya^gvYndStVUkJLjy#)_@kzp>k3gXiZs?dPRBb)7aC zSnTm>;c4dS@@UEK-Lo;iAh}Ts%kRW7*Ycamb%tg-eLx8ZXz)fZ<*<9gi9aFusabB= z`;s)UH)p&yksz%rKU+eIO75R>95^((Vi0ng&+UNUC$R)=t@oc=Gr0NEDl261iH}=pd<8h^8!bes}WNbE$61dM#hKhMgeL z8O%dzWvhP9g0S1M^NCNK9*NG?YYD({T%&R`Gvb+a-M!giZOK$VO}2lriY1LAqffJ~ z^lb>Z351E+Z`hi<-=U0u9A9dXC2#NXff6AinFPc2D}^eiha3>f^4s+Dqy06evSd&h zMrm-DdbAdGSgX2~BvX1BL-D_H$M)L;^goJ?{yMS#=1y+R_f@ic>x9&{lqij*=JFYM z$k7Akfqwr?XQRa4e)B3Oi!mD7m_SIKxto&hhQf%^&-~4OyX3<~`t+zBT9nruv9qo> zeM!7)(ZmlUUAVwcqZo|7YV3hPIZMYMRMoI zr`Yeb)ZKynpW*dUfQ0#7Kjf8fiAOpYAHdu_Gb^gHc`#Yx>{Khr56DyHUEha{WSn%c z_b`(bdW+@TyYXARq)i2)wUcqJg=0oQ-+WbnmeuBupLBnF!SdBUzCcXNum`P<;?^Pw z$@r(7Yb0Fo1Mcmbt}#n74o3QwjFLl~-@g53f)VKNg!*u6PUK!#ve3%qs+!FT0!S#> zZzEbTYdZ|0GiTFW-bmlLOFoN_zyvx5*ggdXSuOJ4bbU>sGkn z&2Emg!s?YAx%?W)6TM5|fH1R=*=C|CWoc@A4FGBv7gSK-c9_wpjxu)`#wEHUD}4UD z#VC9Y%T;fO!1360i(mjBXV3_khVdhP&YlERGuGy-MJx*SawVw6SkZ((yWTwI$US#4r-yYk${L1&hnVCvS+h{5fziTPjsZ$`?fl``6hTH)IE)gwf$ z?<^z6xW+RH^0`UqdF;Y57;8x@jVK6YniGk1)T@nJxyaI!=Y=A0@$|yO8az{r(8S&( zTH4N?`?wY0&nWXq`aSvEW9B!~0N0}BD0c9Lg#APKVJunU8Mj^n$effSmfclOZr>H@ z^j@v7OAb6&Uqm|M7ey^63p!=+!BA}t+^xI~U_GB<*FQrnW`cd!j~;zMs7gcI2O}n+*aY0?tEsen|6VT87f>Nj(ZM_ zkcRvC4!GkyUJf_lgutIck?kZm{$vJw)YoMYBtNPw(TTT_ub)`n0lx60)nGiT7qByu zE^R$;Q$+Omr9oqvhX^i(q#1fgfDFW@3=+Cm@d)CBCeK-A6Mn{zaV~7Gi`1J*GR4b_ zUq7v0lsMhk|G>pwc-lAzzwkN~uf!#BggQmlO4mMFD_Qp}35TjuAB&muT zi;2?_q2%;&9n4Xd=npKrT!?qu*to^}gZaKvoz2$KkCz!$I(-ADOt0rG0k&zp+%SqfW!wiid zhAE?~157uR7}L?-_rzEUU7{?1B|K#gh`J0ypjSlha2b-?q*t$qTQ#HrnJY}i;f zA?M&rQ9K}(moFt1zt{T!?4r3RRLFvWWSvDHN>OkN#|r>TiJ8aFin7z+Cm%IdbV|gV zyr?dXy;@(WL>ifA3}%CZL@X$Ql#N|EHK8FPXavdX^Mgmb9_0@NO2qyIEriEIW;R8z z5`@4dh4%K7y+7@M{cP8C+UAc_#|^G!OfP&TE5vxx%#ln?r5EqP$mtCqXRd;2TtIG# zz<9ZJB~iBLjVycRGYf1uh9PKKEhcJ-)L2@7HYohNdB5P2 z46jb8XWz>`*P_a1!`ldwaj zW@aHkGcg#g)E(LzG7uy$jUFNJr(#QLTzTD*^7c2uKfKR#Tn(_Y3VSfeo&AdYV#84l zAi2cxUN9`%aK#Z=;C0_fLdVtub&k&}IM8hdl|LyeUJ5KF`V~wGgHPz?kyS_CUSPyU zHN$rs;RHe+(Pq{wLcJKcm@yddQTDjdPN3rO586T#hA}l7HtkBR zcDRDPpuA27vH%Oy>+52xF#%CTX#7|w&l-7q)-Bk!6c4pamP~ou3u;{ZnXW_op z4LsPI?Mn1a-;yWlWDPO{;}7y$5fO zQB{MVWseMoJZq0*J_Zx^`%PVv6lt5LRkHy}k*Mv03J zVE3k|V=o^_CA4Lk+@+Wo^UX9Qxn?i^2VqI3um&Osi*Q)Bk0whx9fM&v6!3emytf&f zBZ|m&URmoZPn+kfo=?nf?ogD3Boto+{P-RUqeK<;x}j0$Iw%WB(;Gf79H1_4NP2&Y zE-iuHsa{SVY;Na}4q2lfEa(qiyg)c7#jfDl(te5VE$v-D%y#ID$HaB%P z_?Oh?ztpF4Z_iNw-hdQUBLH-J^xXx1<^pWEY5dqMr0I^z>upmv zv1m&Q>-IsF0N`~$hi{YZckI-+2ZP3)g9I>2R=lzOVW+RY5av#`}(1 z|1$#memB}(2dzv?nd)F^uh3m(#ZFV712`A{#!t}4RY&`F`Xl5Gwzkx$1m{Xv6Nex8 zrR563$aVg-dSt3)btDc0=fGPUx-1fC$MdlS3b(%$CG$rtf)J$ol_v!+vAHg?*ii<+ z=C~vhc5&Y!OqTnMMcuLPNDEi2Q*x*6Vs8ZU#ilwmM}fR>=6m_IKhmu^#7wA8BS^!q zudcC*WHz^LDs{VwEc$%0K??%>-cdfibYGryG7UB#z(7zAD3IB!F_OC>QCJ}BaFN!Z z+BEY6qi7w1f0-2jTkHB4RsJ8X>)*O%N@E0ooJ6F>v}QhH5#^eSd#>)ro0Vufc39%^ zq3iRQTDvrgz=ISXG94GB=ziazXW8+ylMcgziZqquyF{sML29=93Wat)(jEEAa&ro! z(Op~oc$7jcwL`y)i$y0j!0Orrq337% z3W`Z~?b2A7_?eo@G|Hp{_EYb|N4IT7v8F>k;5-urL-SUEa!LJE#JlzR8fF!SOGWndvut%a+hHou}y~G}GTEG{LPU^(J zWnNE_^QGczOLMlq_@>u*ww%<%VoQ0{Lj(lfjm>MSmzmJHVRz@KSWx21H;nTbLQW*a@meDLizJpCy-JH+WVe)-U*1J|Id zg`vxKB(i}HkgzxtC>>J9ap!a-!HxHyGW=Q0Zaf>=Lk>O z)cq#!Fqbjh?lLA5L&kTc_JvRd*4?l6Z4Or)4$E1_z~znML$N)S=jrUkxo6ECi09@O z_otM7`hkf7Hf2dWSBgQ4-FEQyo#3A>zK$( z>zf+&)qb6sCUz(M+%0N|S$x9Nej+x81kTE7Gi8gvcrY0Y4ro^eBL&FB8Gh3@4Vdu| z@Hg(geyx-|<@u1cc>lT%m8YRdUMYmRvmecPvC76<(ZD`fs33Ex%kGNv(GRnn3{!u4 zX26bTx~RLHx(x4Zy8((R=uEcJ#Sa&PBn>4=f*1WlifH)x-N1cB8;o{~?IXHBLV}__%k$%L<>!miq z_~$V(52Pp_;^Vz$4B1yT{qzwJcCb14c>Yyr?TeK%(4MX_9Z)db>C4_3&@~RaPGShu zbwblhKd+}Dof-WbUj^@e0$aB{L8JeOL{$6fW%pv^wLHrUW`^c7uZOZM{5$M0XGxR% zwIOqFJpHG@(6gG#5%C-ByQ*vUG)O`8w`*Ng%KL<9>Ppn7jKNl&vDTEZ%Ii(S z+_>DhBAzd?QoDzV2GnnYM=4jWB|TKl`i3R|n5>898w@~U>#7|QjswnHVLIeLQM_=` zUs=$R(vMlp9cZs&MUU=bXvQ%nz5yLLGu2#(j~DD1xVFoB9%;fR0yp$GTXs0a(i6an|Y zn5RzFy@eFhl=M6G(er!6e>~FFnU~>l`o!OW*SvwnqmHuqg$>bqM;?P%_!fcwzu!ZH$ z&~*K`6He~!3F&``AW{MNPXblaG_pjRw^TqdRIip_)1{0yarm7uz;vK4f8d|hIF(on z1UaAFmP@WCc&*oe@c!6-2pIgBJurR(4sM;{uSN}7T;PN-og?^o|55)FN#i;|XNpfC zrre~H*&|D_?vi+Fc|Nfiv=fZxiw4`cIPd(SN0!cY$sNl1_X^<;*O(uE(PzZqE^zhZ zPVLYYE-y2E?OipQ$e7jGhfpF4*`$x_c-}f2Y~%xiTzFfWaJb|@ZThAz{ps>!gpvVb zTjA4vUXBukK%GaK=jN{b6kR>5J8PuRPf1|v5qWl4& z6$dh9ytdb5thq!`6<1fX)InQ%`@~AbV&3$_$sOG7f3u0cfzi0p-0vW2a6nZFoUQu_ zlu*IQKW!dj+P=k2AYK0xdW(l=z1h;__bbV`d_aZ78;&$`s>Fa=v9w2$btt^A7Ld1! zZ0^wvK*QQY{>&(~$X(qgtiwD;uH%t zJ`F~s0!6n)(F@F*@w|lDcJajyjiW0~Qb~N17Lc8gC-|_#6#wEZ>4TnGaf!;+;g?(( zRCpCfW$hsAxD?eDFeoye#@q_(Ig?I9^Q74A8eI-&34cgqGtb<}*PomIjk*%P&5$Ap z72~vLu~WOe1YuJEI}z#DxZsR=bn};_Qe$ec1M=5KxAR+2#h=o?ugJx~m5JNvZQcaT zV(!=eBh6!C=8wrBVjEGfwIROKIWIi&lmD z@}$ZXP0hrzs5}Q4EE-*jWh~b4-ex~$@}Q2+6>aprIG!~w|ClrFw+Q#TpfeuwQ)rJR zI^?6aPjk>dRKFghXp|W|J$iCEDWoX^XcoLwcP}WMejF-NenbJdJ-!WGK*&bMSQUvt_}!1qBwh>A&?|3EzuclfX0}hDUXaA1OPN+J-|=$tfIxg#{(F!Em~Ue+ z-m*;P$Iv6@<3Ngr){w_jI3MRm^exj~s=jhk_@MSzwwgK9qJ^i9%W7n_h{J~=-cn|K z5sB+LUwi}Y|L-Jo{(Ha4_umWp{+BLmsMiaBeIYu9L`IwS`(;-uQ$GDc8V zfO-T*W19jb;`rS%pE)+-A9`d{vUign?%ee|VzU+-8YLAr>SoMncQr)=#WSFv>_*d# zJXx>Qj!Ud}dI-m*V@c3ZMGIRK>SM%tC40BT?q+g|ts`@_w4 zLn6UWqsyVnxI!w|)`HF!ua;F|Aa%+ruQ=8@Vz+SDP#p2+-rHfTv>sMoh^{;E;A_3C zJIxN3+T_H_$wu$zL1Hfwo9pI;qph~U{kzcbKNVE{ z@!tgn^c`FV2?Y%Vg7$4u{J%^g{;s|oB?N$4#LOa2SFxHe{v6pza}0khNBTduVCFdH z2j(2S;9m<2Y!}WoT;P}a(vvkWqJjzpU#K5Cw9mMnWB}AFZXT0qI1JO7zjuFVPukR! zI)=*YF!8Cw6j4S~`ltX2gu`gY?% zTfWM8SOM#=EadBcIVkMhuz^Hl&<*JeEu)m^Iz0aPD9H~hmn@}TvnUwJSj$u%^Jzg9 zm}UPOZE=185!^M5)TZAF#18m-UyhtmM37I5C|Tj&BTB-c~F8ay#@hrq4{( z!b5Cfp(KtEp|H0Dn#qZ8KBJOBh`gPHs&f&X<4nXKR^A3{c2|A)Qa{2Q)s9Rm2ZpX& ze}HUTGm|Oe4^^1vpuc|`3xrq{P~Jl?Ah&Gz?fe9URm!BH4h@h1e+c^t&Icd_%A0g9 zxf3@+C^^WH34kGEcVRBqt7~aLFE#Iz-#Cc2m#oO~WkT|Dt(&u}k`W8Bw=1P+p{_T< z1-zjMS8!u)J|z|J!fHRQox(Gq+>Ot}92poU_IMtE82kjDuMgzp5N;!`w*!cutZgz< z4sl^!JXZf`+&`@Z=B(1JxUC6;p_TH}EWbZX5xSJ?IWfac`Pf0Ngf2xb8z7ThOd>Mt z41l1hd@o*F9TmNFw%xVH)PH*4M2z&L)DpDi8M~?opP)(No?(YU=B6+otm|yeDDjkV zWL;{|8(3a#uxsKi+}_inVh8m9TwDC}7U>^eAAb{r@H=O;iX>}qVhu)oAU7J4VF~fL zPmp~aq2t|)8A<>`=hswq6~G+i)O>hhev?;jt>_o9-!Xf6ic_lBY|W+9o3wcFovm$& zRrOVG0rvin-#1%FN?8@psmRxR-iJzs4=qY8XIOXF}2@v=^;KQpa4>Vp_9&?u6 z_@UH&@uHOyQEYn1RPXg9+8rhHIg@h}J;Rz!@cgP)n5F~nT;oYd}{nq^#H6X+zZLGOL5M0w#Lmi*a&7* zC$p)64NGvsF#%qW^SK}#JS?yJ!Bx&rn(JwA^%Jh23P;}6dJ?+P)6>`ZNY6rrD_W6T zz(kX|eoES#HmB=rVH@~TKCNDJSu!k{uC-tdAyT1lXFu z3>3_Nl%txush_fhX@wL%q}vGW_JtqJJ0$gV`TukaLS%!AHLVPXpkrHfAQE`8i}lTl zOg)^0nnUkZe|9u}{S>zpH~_U107WMJLuljtA#_dApb0V$B3>=uhrISu@aRXv7{^l6 z8u(tJem86rGo#t_lda7c1mML)B@Q-dlPQ_~<=`R_$h$FaSn`oJP>z zNe}FkYMGq0dRoU27+Eo~S z|1tKB(V6c}wqeJ%ZQHhO+qToOZQHhOqmy)!j@_}H-1Ir`nR#c{+&lNNOB?YPT~m6=*pln z2wJ7)o~{7FsCuYiOIdXcu-Cy6~v>D-y*B9HDw)Y zqW_c(^n|tep0bhmJu25-1pS*SDX$_o)i2>%`fiw*B`{Tliuo~Z*_NqfiI-3sGkiN@ zd1%^=Cik)^-xdQzW#oosp|Z+yZKriI23*x6aRF(7)YHEa1H}3-Y49J@%KuDB{+yPt zk=8)`|CvqoJL7|3eCdgCzCLmb8&&*STO!vt%#hswg7m;q9o_^A^yi~L`PV;p`0L?5 zIBNSdA(b7O_hmjpK|B~VN8>V<-1{dhW+>KF9V!=b`v;BItm2tL!^E=_f8&mX8~SM! z+c6)h{#2FF7a-&Ti=ac}y!+1JIr;eN1nkuRfl#8H2wn$~DcYJ#A;Z~B1JJ!*^}U&# zwBs5bQ)@L>ZqFPa>dKTdA9~cbAH+X21h==iF_UAQ;hXK!v5X;yXXuS+0UAYW*jyV2 zo}z=?#fZHoTQ3rg_@sbeg_*P6y?Uz$fvqok3W$8(2MSbV2UjuD1kSDJp~#nEbk<{R zaGb(Fl{rWDx2`kd05^nY$d%*@JBUSkB#n7j3vF*W^?_#SkZ&M?2nof+coNx^u!!d! ztTd|kO4CH+TU2(m8pC$VE)pLUcKHmwFBs1-kIY#(H7P}$)T}5F z$L#VKe#+uY3sG>zg*{1hGWpueOlM`(%0^P?!ZoHk?Y)1P!c;4b#}@?y1QTCduVZ(F z<0;L&lo&Gfc)q3=xjN|tfagLO& z?EGpdX3;^j!uj%-s=Wl_9wuV5(J{3Fw6@zh!$pk)Q@+02KjMtsCk3;scA z>ZIHaNT2OX$@iCah2{qtrnW~d1L=AE^auL`=-@n>WA2$&;E(k!bBglebJTE6@akpK z$Y-nUG{>sG)MBpox|LoAse(BK zw+5lE774by*r$j1S$kc3I^~q%;lL2JZRdBriX5*53#h?fDrSMk9zSfE-K=qi6FKET zXr>=vNs*eWf~i6EYM`7E?%f;~F!&`I85e?K3*?sNhzGocY2(K?f@}*Q&l?GRn932g zf>*b6{ywiM5TG~9D+1TR$** zmX4!`nZ=Mi=@pWOoXo^X=!Fv=D@ zOwI%Xr{7!?6({+xVWn?rtX;i3X1I=y*X@D0XdF(cp1b6zH)z() zV)!y8GrS_sejIsJxl*2Dc-6?t(d{-?Cqx`&g&>n(wZQ*W!#gBAl)6z8*02$sHx31F zox!V&J`a9pgI_co@8bNK9I0o`O5xEU+0@>d`c(n$6MX+ z$L+=S9FIU1>&bzvNBHcN->*r7Xkn&b=epC9)sA?>eG{1s$K@^f*5>pt!pi!;h9A|h zcGX{=$$xn4Gc!CufnjH~=~mKn$7(ta-B5xgofG0+3XJ$7to_PCt?&%-^iT# zfv%XKzlBO%VpIeC!6g9Z%(o0%=o1YDYh|J*0lO;=nxQs?ZQd5;(C_r%BH5{({+iQv z0Y7g9HO*mE8+HOdn5fuO%8{V>%>{*1yGI-hTAI6Y@h@vBc?sqyiV9$uTa0+IBS0qH zR|eF8`GMVjEpSZ+#Ny8M;A9Y^%S`h`qEN^|Df`_`=-! z%XjCymZl~kH}ZT(=N|>RZ9JyNxV~hQ6UT6usV8N@I^AcCRO)}|$fxmfON^!c>1 zW>jZj0Z{TI(>M2kxNFdKm&EybiiUMU0;f~R7btv5tKvCn-j`7$inKOrqDlG#Z2=(v z?WU*AY!BNyz#?LPb6)MOntL?uR7+Y8H|h1*E-6K+1)iRhKYzq!MWTdswmSysj{5F{ zaG&P@)pG}U|5PTpl>WKseYZ>|AC}!pJ3U;;-MkI&JDB>pug8kK&;Wd-Jcab?)Z40f zqj%&hO)x@%lVrdYd1rp-wLoV4B+dXEfLmU}@Uf0kW%4|>(7yj%wGu$F@2wp@Z!(A) zBUiSfQ~K9Z8l_ws%`YJ7-Q12-kk@2+Y}~W+|Wr-JZ9)xe38^G_)NglKMLjX{x^V&(#EuwJu zQxvm?05-EQn5wmGPYGx9oU;wE$}Qeew{A{T0Pn20AD2DUFCsv>Iqyl`=Tp3fsbK17 zX@r#B4H=)uHq$O&P)r`jLjY`RI`UqKV1vZ=xyRwUebAjoY|+OKk_?udotHofH-&no z4qY=GrUePeemyGkfNFoU_zjUcj7M0%kp&Dekx|1tj;9w(48jo|OB^cYuJ4>ewW@KD zN;J5lhz)?S6E;ZOL6%5YguBaATgmw^eO#$JL`{I-NKMjAATP<=xT6=vYpprP7wopK zs;BfM9R&)=w7TJ)4e+IkkHAc1n!@6A*>4a56fE^5-Ho6MK_EY}p)rwkk*WpfKBe5F7-U`n5lTA38@9S39e(SN|+e zx3P0H`TE-VYlp29?H^w3CnF2<$1QV~0r!s0gn@Wv;Fk4UYf~;kEo|zoE%_wU88_<2 zlR+_d8wmO}_5einU%yon0<}jqU*Lx3*gL zb_OUwdu-c%6tVbAF6Kyj_HV>qObZ-WQqSmmV^u?$wg=$l&v%$p!N)rnH;@M0N!ejf zf=51A|GT(g=MGkDbbHatN&ox02g9t{Vwo1xl<~?@!BNX9iC8b}(9f|Uf(eUsCMyA* zq-V~2JO)$flPg{IvbGDK(Ia!J^Uh35co)!_yiN)evJllg1 zYunI>tR{xe^C5tbt*6qBGrfZe)Bay0Y-H`pT$79!^+M@sokt}o{B}^so9N*?+(cYAebD^CRXRMG7ybio-2+dweqEkux0fM~7wdoxj20`Md4!&tw!_v~k9#XbmU4X%q zr@M0*sd-~3M?h=N4-eF^cqUtrCR|wyBRlKCd?$RN!Ehx3MSSkB*1FxlnXTBr?BPHF zgkSBiZLTUHEV^%hjnMp49|rm=5dXLO@IOb3-wqxikZ!PIrcBlwbjuv&OYnSR+#Vz% zr%Z+4ZGShOOzjOTo`ZcM)KR9>|3K~svgv>=N+Pi3hgwTOW4uiV4%yu#G4^|(HQ+h1 z$wl|DQh;a(tt5!e7?dsq52FAMMTW3gwZB$Fp79|AZc06Ezqn~vUa3q3SKW6S4Xj5@ z|70Rnj!fZ0`lWYwH4BWiH&RKE+y*t;8&+>Z8IbN}3xRHvz@ibglwYw8|-_a$4FH6d7;!G-nvI~+PTQ3-;Ed8t6BWFDb{S_r!Dd4lDZVPGhIa(y}1{G5l z+F3s#-Zc+${C2wORluV6(0~YO;&527IG%oMYY=VN?~!C33=RZ7{bmXw!`_>8U>GX9 zG14v6fw90(b5np8RIvjC=WR5M5Lt&#WnY|J!r^(Ghs4cC9o}?!MqLyr`YtcC@$i1q zzP5@LaQ(x5ia~WTj_+oscx_iDT&U(=yz|yV-y2|P-Q=gn;hS}B7&?qlDsk15AZlQo z2`*;T%AF&da_nM5j4Pjc8u@3>SS5~8+8r25jJJh+KjpV5fe{kWs@CAkn;J~n!Q=~t zIoW7dwQdn;>zJhJ&-Ae_7rfUgYim`nOjEw5f((9M3+*^l%R?i=-ReQ#OJ}D=T4@!Z zJcxI%Gjyl>CYG9DmV80Vm~7B^e;cdmzMn&ESrdN03UVu>Fi_7sZ0vV!a~*!q7YD={ zEE&>_{p|Bk5G-C4WxhGMstk~V~J+lSBt=@(%J>h+og(83eiYAcLuWY00e(G zNLvVxdF&y-Zn>m4nvd+}jPTr17VnjEs@K)O;3rr?JFSpryQ? z)MhaAbw`C=uqY=>j63Kaz;kujV72iC+=y_U5(Iqsn{NN_Q1c%W9y#mL-G3LUrnta;`bds4 z!#KPBj<7a^$Zd?HTVWsaj7z0^V5&%e7aNkKY1epmf2y3|Hg~ zw(D-KSh4k44tq;+P$Ry`C~f*aP4&?ZGKOozNol^9^O6M~-sUUib~k+#!yKeVu{UU4W@T*uqS7b$ebT_eg(t19scyn*jXk-QC>V z+cVcy&PQ4r48`Hru`Olojlnprl`C|j|NDw0<<{&##VJ6l+v?mS(dh}{Lij*bQYfK`_{WBC#KT_kV~KKp(i?E+K= z!pH|ce_&u~?(K>mb3NfbibwKQk>h7XkEQiq>Dj$`u_vvak(`T3aOT4qSEe{C78;eV%5;#u6zEvUyLhwZ^S zGm!=Loh+UTqwRs_S$R`h4vc1x8#$*)X=t1Qn#}~-wdwbx z;^DH6MfOv-_@i2Az>$j@x`J%qoLb}@OM_7EK~ejiQb{f@$mBMBmHO-DQVs$<6qBskU{vsrGR2XA&Hxg3WYvdV zfm49A08N`PX_&HfQcJc6$I&n_9ONO>F|UJ9Nix}|Qg%vklS;}~PA{4W0@eyvbWfdu zrm3>fbA;N+F zgQ)xoI{zC{`NuJC3X=#8S% z5Q6n!hJQPz?PHGF%eL*tHgo!@5=Y_N@x&_A6HW6VW#3 zh*#1?KX|$xc^7UerHER*F5^6NB%x$KTPcQENNVb<sroxezYQ027KyX*2AO}gGx_qbv6SnVo6 zE!V#$4*WH|`@cgERw&%3%FD7$^d$ndfKm98 ze0`ngg-vI+n}(3pchSNCs46MPwdv};Y8_UsL}El~Qf*w3p1b~^F(+*Ltw38mH+Q%P zkmd`ud8_6mgYr!tt%s+=YN2qTVZ?(;-u2SNTy#DePviEzo1nQ)#57Wa)~5z1ZfxmX zHcag;G~15X9xSrINAa1>`-6&RnB=V+1&J7p%=T`ICOrXriMsP=QwYcHpEf8=F7sPN zU2YtKV+1OL*JNGmC7WZyO5=J$UsjDF(5Mx*@TLRQZnep5@C#Kg+Ih&GiSxhFBm^mB zH}UDI!*f>8x>ZokJ1XCICZm$SzQz2qJhe7^a5Zn_m4ODLdhV*KsusknnEcuj7G#AS zfa%C(n9Z>yT}xoq{qPoZFo4PY-7e((6NV==y>)gGm**_|k`9`m<$NG6z^npuby!D7 zt_)SC;=L0Y$6X3)l+o>E^}3Y#Sbx?3d{b-_MuSih0*-HcZ(d}LU_F_2=@f`q1oDQD zv6%~$4umT;3&9*%NhX`1R&U5R!eq9_NQ%|&_5>IX1CW{4y|gh7WJqUZ%M*+NAR!7Z zesHeTxhYn}k?GJ)+w%!kfY1wVJMZONG~>9q2{+eVv1A(&l>IU|Ps6S)08KfI>HLN| zBmDzCyRTnH zzEaomtblaJHBbf%-w~eGk&{wnK%ky=)d4U~^}1Gg-Ec9gtDa$r$T{am;#`c$`a|8* zM+sAewxs2uY3`oGiBZDgkeq;TkBvYoEyoh=9ZZL9lXkLRoyOjib?*-;7-^fAzqV1G zBs;JqY452?M@fr>F4-A)QJeV_!gJZ1*3iegC-Z7+3KlJ{Rd$LPEaztMv|c2f{Z>-j zwQM}VntWMSiQX{IK4NEv+j(sue)#WeyHVWQRGTDUZP|dDkBsv9{sM-e_3LKN+fliQ zppl%}eJOMh&>GcvKI8F@`{_mXlhfM;zU-dpL&J^65orVlD$=8`quJpa`QTOpe$3aR z*1=uV6c>PEbmHzenx1or)v{VC3S5)UVRQu{!CiarJkE>Q5y69SQAM6Z5Y`kza=`HRZ9l2+iRE& zpiQY5dT%>x=Zl7gcj|UlCVvN*2{GgVJmIr8bRNs_dT&mVmdPZO!OU-?v}r~}3==py zos=1v{Ji6}XY!qb`IU+o$9b3d@*SQ6&x3rPv0g;4cxI;t8d`&{r9pPvAEM}tp%FX1N%lsywe3r&Q7rQcs= zp?^o8KN+~uA2j;!=B@vZJ~rcDxs`Vw5Dp` za^Vi1nT!^#wkn$%^QsA3*r<*KNIspTz>^x`s0a*3@IC+ZQzQtohDx-S*Fnolnv|?$ zUtBo6M5dG+nADTE#a*T-GA_dgMJxn%KO?QeyVDo+mnWLmh75~(&B1W>$NCPrt9i>W z(fDdX)Pth+4IoPTuJ|JA4ceFu_hhq92QSAhk%7A&*l$ciE!I~_S2UUxH2^>cWA@-a z-kxnVv@6V95P!QT7P4h7dK6Ey$Qem=ovyq?tbAU2aqZ>OgE9k#6Mf>!@FX|0D^Hz_EEo~Tr(5cfy1MrW<%PZ!bRxSJ+QJB8g6r7{RPpZV< z>f7%-Q~Sv56+KFiS5a9!Zbz^Nk6ABD%1URzcFKis!vx;Dtk~&o^2t5TqF!c!0)_L1 zVBnWQWvZy+OLE3K9XDU5=n8i0j10Pc5tL~gS(bPYGmaAtg~*wRU-LGP;Dd%c4M7{k z*tf=1zF9wA3j#g-`tk1tc!}szNiHgqBYJ`g+GQQi@Ai)x`6+ttFx6I}DZPwJkp?2a zM`%~&1=|NMBi5YAHUAs>DAVgo|No-TM;6=%(aq}Pa$A=JhJ581(Dz=$^;|cQ(Y&w>k|XQu}?C*8)~y<-Cjg{tVO<{C2#N$$*9QYg&(mHl<7!E#fX>)HeRYy zGf_WItuhA=V{BKZmYq7M&y>xSO~kExPI->jyvLx5Fq4gc(mf(w_?{$^=`vU|&rkjw zyr@E3jooo_%RyZ;a^6L&c~;=esjm`Iw;woj@pNv}F{BNF_s7i?BhMqI=ivkg4!?=o z^VqvWNEw?L)YTgXY{mlZaTjmAlunKG)PT=0fSDp>O?p3dc&y(I#Q&xFa;pJ-i5};l zUE`Bs*(mb!a*vHe*ePlNIw{-@%X2AAVJ%Q@qEyNF!M!(w<3QwokD@SwPWi|6Ob$ZE zlWmyBvkNV@ad(~mII))nZj&{@^Jo~aUx4H`V`$G?@lw8{$XRa!4sRDqL|kK~IXZ65?j620vD>M#kXR1?{MAwGXW&i_S>{2%066N#Gd|M!fw7r+AqyyJLH zZV-z(DM9DXB6H8n3|Qlq+E*-AXPzXlOh(VU1-w?r3ZPH$Fv&`^lQ<|*K#qU+i~0R4 z099u~FTQ>t-)kyl{7trT_q9En?ujwU!F2dX#qqur++qBkJ5`Wgna;-n39pdnUb&af zuv%wbY&c)wE!EzjG#F@ZhJm)LA?=i|c{*~`C(X=MW+1ZM^5`PTX!PL$4~TU>%W!tp zuOYl^UZ zzvfpdFW)?@X+6Dwuds(hK~F}mZh*{0tNCL+m(L~)f8vKBDl&?JQ`_54{Tu)}JAflv z7O_^u)eu_@r9)hzWr^rycB!nf#wKONJ8uy2qG2!9LW0TLwsp!r9aH+26T$%T{Ob|K z;@UXyQ*Byr!|}Ipg76C9czq!E6Z-=)kcEAQ=4yA4efMr})~PJ3(Vr@y63ztHR~2xK z=qFB(&QFRP5|*(6pz}-EndM}6@Dw{y%bg3s1I1`xeIYq6gbvAN!(5QKCJ)RIiMo-| zFcy{sZ+)jIZ#s@*uu$8)i*K#G?n#I0Ow7qIqbs!0SJPwceJoncx1MM;CX!jhoJJc$ z;g2}0;j%h~DOAU&ToQpEsJwFOHPf;vfZB%YRb^NYqNIIo%ItNCI;VB#@;MtsINRLX5I z<$`Cy@#FUI@Mg(k@h)Y1IXxW$bGe!)th*_slDhOVuEK%WE85wS>7kF%c`1@N=On-WjjyQRf3>;zaH-5?}y zQh)Rvoe&Hiy(AlWMGm5RwGQu>6hHv%EXE=LiW+gQTS!EcKOW_$R)8-4ZB?fcbTn~x z##geja5l#$7y4%<1O+~~;hzWm|2_5M{j2{#{?&i@Iz@lv>3{7k|9^HNc;rSuee>WH_n^pk2;AiM4e*?GvwKXoFy4ecZc7`@|C z)mrI3DG}?XRn)Ypu{GB?(Isa&rw?@lYz(q+u$eyw?ae}nWcla;lRrM%<$PX0mzui@ zAuCP@LZNEkvGzC80xFk$j>oHDnZc-r8uu%9bwP#US40 zPFM*cMX;11{4IZS#3J<1!_Cw{=R#^$o~<*fdv4+u5rWmAyH65P0!2w;1|BP_YuL28 zfDc0e#ubHo%J*23UNrxE3r-J9>N^F>1BY^!R1(M!elPe;!Lrbm6F8j{q_EZp-bER? zK@;(AJW3i)Lhjj z`#)9Sl!W-0rVP~t*}@UE@!YJ$y~8TgEj=#ea?yynmOA8jx-R>TP~oYQ*ic(75_sjy zZ1d=BiQrgr`r{T-JT!5em`1z^@n4~2!3d&&K2u5$hk{Rz2hMPAn0T_5N)TNuMT4rM zdYP5+cqf>&Mkio?PsFJR8D6(PGu!YA>nodq7arLbin9$GOJlUN3`#WSr86v4u>7~O zp%Ts%&A*oorQ+Z|D7{ee5;G}&Mqm5=y7^#aIBcwTx zcad-z?1m4Q+HG`F+Lq(U^_az~g@T`VpSXsf%d78DSn@o=nD;S(Zp@@fh9;Lgx4> zZHi`)NVUjlw%up%m7q>T84F*Tmv_k1tT87v2AGU*n*j6Vwg#L4iN$gj3yjg}(*-*p zAIjZ#cKt-8LaSq@gRUa&IX70rmiACJE#B@m0&|4vX%zcT-)7V=4+c}-CZ9hZb%?u1 zq9m~=1O8~j{uQ34sW61$NQi7z3)m^slO1Uzk!Z^6U#FTj z>Yp%P)wf*}9E~{(%AtQ_hkn15euD)`_phjTYfME{AzLR6-MzN>MRyuHiE8kf&L5_d z)A%+Mh;c2a@`Qgb*wKZxebx3j-@-lrQKc%st%wR;Q%}>oB?WAl`Hf>J(dHXn8~Ru@ zj9PHNnE{vrj9Y(;x>OW^ftZcUR^cz1GmK!4@eJF6`uTLY<;7L{TO+dH{LFZ@%jD-` zPrnNmO2&$E{dug~j@L26dzmM)u5h%+B6|cacKTuuqJI~s%d-*wx|>?_RQJfIb?!7YVS(6WU(HDJcM@*BM*JR#_mOQggnPocDb4wlr6z-boWBV8Z960tP)TH$gh0|BJ_xU>JpVS$Ov4S9<6ZyP zU478ENWA=NY71p-7JonR7FQ3rRA0g>Kk}pjd5CGgi@do-o_gw!IR?^zw0jeX|q$LDKVhu%%9yH75R*?AQ_M$21 zX%V2ZLWX~x|LCu1xC=A*(T-p``=r==8^lH4U_*pb*^$robUmIb-eRloo>AgKHs7mV> zwcGGwaCN1EC61vEzv@z@Kd4@o4+CE)o!^GgOgJaf#HN*67(LF zRv900R`}={E)%AihK~(l^H3aOhi^$M0a<||pVM!W{JhaO!qn)$icnPISaY01n%z9U zw;+eeCfb3CN#Ai?`#$T_au;G0^)SLtC>x4b zYrQxE-RgiM4*{|r+1ga@u5kh5_5K+o>pkDH-Rippz+=$jjSPlK|E419$Ha6S7wM8; zUW|k&{R)(mkb$swW6#J*K0h7D+~1ATkl^#AxP)+WhnE-&gPe{+ZVb2|)1WX#M&_|1lr}gQ7q}fJ1@)@gD;GrvcIN z_Ym<-@|{%UJJ_f6LH^0BxOq5KVYO2aotcg(^%39YrwGMkD-LTmD|{;f)G*Le_yGO z+?;$9$|q7}Qgy&^p96252um`L&x*)1&e=#&$kt6SI4y|_t+)E+F-u;EtNC`QqbWtp zmz3D}n61fA@wj|FkE)j1|3h@+Jm1q%0Dw@D;`tX#qQ3feRGW}ts7T$x+6Q6@HWy$J zaE27YZK&Lse-gucxRLGP7MFQe{v1 zk1~$Y>sAXIJAv)4@No9FFN}>*(DWsyZ^!!$rCX;IdV7L}kHjv7` zHO?h)MIHw}Vi_MQ{O!uUjwU$;t0MGIOc;YCr0rG6IWA3VsuCxeej{NoAXHn2s(7K< zFG8ODiOv-@b%@!OfRy+~@mj>=BQiqpfoEr!zXH98aRf2B%PAh}7bii8_nnpMk~W!| z!unYaJm;-Ji-{D`G^hD`L@IjY(()7s;ArH82)aE*BD8+We$z-+%+hE*XQVl5|6|~% zzaJS?2e%Wt>_?~|^BCQ_fS;<&@T6{RoJcBd-@#t9K)wA6$vp?OsmZ-%TvvzmDS2ki z4`osIhvOfhztVXqXJ3ih7xA4k9YNaswcosk`%phKFy!Zs5$nPDSRTQcz4dhv*jO`! zl-`@=Lj#X~PEuem(!!V{ry?Zup;LlvUiqe^JC{aTaz!d}6}EUZd#hd*or*4S`?qiQ zZq=Rbl+=dBCe{|*$QHV=Fu_zfBgu56;nRqv{F)25N~5`%&PCh=D2!|Ix)~q}dFT7K z+^)MXO17aHHve#{&3QMF+$RnbOR|NB(f_zqH9UauH)`VvI9ixku0&d&a;^s2k0Wd2_XLzdVP=L)6gou$8C>59x$W|FTUu0RW9crFt-GVs6AUxQKBz93JUk| zTxxyz*tsnU6g+z_Duk`bk*7U5FJ~z)XB0AJmmd0BLm-<*>Flb}C?C)FgrO<{-Uw}d zKRSOpy>#KsD4~-uEogoGKw$6@6ps6hr%4uBV@=o z>Dm1%9ZBcMTDV?eJ$bqk5a{}rx2TQ}6MQBy2VRRWP)9bbp)kKQ;_DaYVfg02%X^tz znC~UKG&6I2G%SSzYo|z#e&u)na$fHRPEoE&T6JU-zGO11>`J4KpE5s)&EZ{{>a4fr zb>B7pJ=)ui89M2tq}ZsrB8TVTrRyY!#W;`bW0{>2Q@>SWKflT{S~X9-8f|3p(YW=8 zoPkvMgsrJVNCwAxlpwrO=z5d(VPGLkyM59%O2iVaHLiN=crD6=2+fWKU2O7e*F^&V z6@(WM#f=_P+HFYt!R^Sp7jtE5Hmf&{bW~XI)$5F`U{$$zD4hn|`0;P4jxu;y8Iwxo z58GE~p4kE)GjAjniN=Vql-?)cj&$YC&_Zd|cWe=}P6Ojuo$}(#v*VZ`G=lyNSEpEX zBnl6rYqaL^R~l2xrBwb}86~!~d^RsCI$5A*tLMA5-BQXwiPgWL=EvdLlhK-EwvgAR zj%jBqFJU~j_H`FDRSrVW>#m0F@d5tR0>n>FZBd8p^VouqUOurQntni&QF<^R2T>jO z$}ap;c%@aY`B}E8Y-`14NDoDyA>kCz>TMNtqJ?vtk@rVFDDn3yHLc(Z#yg*oe!cC` z$m&chz!fx1( z074q-Xc@RYj~cc)EA`VyY$8F#b7A^qI~D;-4=+eF#_4JZmaWxwjwuO0{q`B#Oe&5(q%BAuX19eF4aaE->lKi}V)<*x`CB)u*jb5miYF)mRj-}d zCmT2An_lyha3@I5tt3}g39+IHE;g>*(J8G00X1}JOo3aY)zpuN1s-HrTc%8?AI8d> zrLDA#&bN^7dm2Y@qGpP9!~!JvT<8*K#-x<_z&sa;Ird2Vm*c^i$3mJ61+(+U@q@~QiS$BT>e3-VHok+of^K~4Ws``to{V&zt+I~jU;~s=YJ4` z_5tqGs5q_ZhAUX}d1YuhIL>r!ta_TR3l>w;plAH`_Y^o03|mU6FIyA7pN0sx`D>;- zf)KMw8Gcqr*$p z*4YX;Ppj+#0PdP*9KAUBGTq;W>0c8`%b#85!av|wVyZkvYRMkpj9V0c9}E&mRYMuj z-TM`guAUURU&DGVdx^&VTzW=(TJN2$($u}|=>vt+Zg#EIe&@fCTHjWx$175VeVT@B zx`!?@&VXMqlHIg}JAq5%LFG>l(FffvAT)YJMV<%&_uc@3%&bDJ2$sKH&D?|WGA&K# z_9$giDLSIUD%?{UCmujNa7uw3Lr8Yj9BTj@uYf#n5R=cGAn}>Y2!_;|ZkO4C{+)e` zzU({MY2Rpb{OQl*iKi75O3CNX(QDF`K~+ob=`pL8$robi(4y`iETIC+ z+;<4yo;2DX2(QTv<+BoLA5!N5x!ZN!;#}wMgoqB`W&u1wVr5y!%oIK#&_q@PaQ=`J z4HkRgQN(KKFalzVrB_l&aGyg+I1Pi&omdj^F50-e{5Ux@x5^i)a^5EN3;^ks&csqo5|@9BbJY~AnqX| zj`n=8X1;^i(Rh<*DFe9XkB1K&MR+7!#+@ddVa3~BxW^LDrc^)pC9Vr85L#8$8p}0gBNx=;y zLf{3Yd4u4Jr-L~eh`tU>C4fy4%x&tMYnM3-ewkm0xeBM!i*;1f)svt~Q3SJM?LOKn zhcH5auE32r^p5GqW-8ykAZf}k7^uQ}EdfmoQ4q`HpJN5#+#-^s+4&zBkBltb} z;#rZOK39`4^VTs@7Rf5&_#w^pVVTPV^cPhJ^)S4zQgAo^a

$}XbY?oc7rCPv}FiedUuotvNnI?fqtacQ0amb!`B@@U2?pWmp;_MZn)Gp zwrL)hUwyZ8(YtgYp|W*XYSiW%FkbAX@dJ3Z=Di>>yiC_j--0~z9&71tO1>*t+}47v z4#tb)Xdk(nRj?0_2nBOG@t$0?+_wdGVzP1*ZAO(H1IE*Bk7x7IUyUwIv_M%_Yme#4 zj(XOx6%^eNki@%^mia{ITF>lk0w4I95;LYhnxS^(OsF5aA+Y1LINO+kQtl=`Wsoj1L~ zVP|3CllF(J{0n&+dLTJhF|cDBi`hKiAt~1!hToG(opzE6$+boYXgWek$s zI<$U>y~C0|Kn7wiOZ43HKF}AOo=qc#b0Ydon07uX16NpawUzU*)Fw!}RPCLgnQ|Y* znk~{D4jdVd2HfOgi2LRHF69s6jjd5jN-iUZZK zWANPo$$GurjcQF4iAsuy{iJX~8PFX4D;Ia!E8882A?TCTf-i{U z(TO2xbfWocV`8q?yNf9Y_gt!u9X^S*TM#xD%<^@1sXF1vmAkQ$nFtRGeQgtc+Ifu5 zWAa?C&0xP}s@}}!!R3hcASjPqaO@jG$U9Uc+pQ`Gc(y#mL@Y4Bc{9ZTFvCI{UsZ++ zVaMM27gzaH1P1?81pXUO{;df74{oH#!oB0wPEHwr_=9`v*g#5e&N-r-G2X41onIu0 zT!oYw++x#kXn>LWM&z3~(a<_RtHpGGQ1_l(NTYAcOHN-?jcUnn;zO?M!uHzT$4O`bEST`5 zD#A9-j*+AMF*F_v<~aU;7<iu-eZYN( zC~;qVe+S>(3Vu+V^v=aHtKE1jM+^`@<#z%5B47roKIj3gsj*8~>jXJL(KB8iP4xHF~b7O6FM^YPHSVPp~aFbVq3Oz4}aavqNcH>Amdg~NcnQ4?m ztyapq{;-CreK8fB8-aU&na5@}&B(9{@W4-EP5eNy*88|(?(VdX38GvH+@FmWT{f4F z+$Rmtf+cP7aUByMdDTS6NLU~&>fDcAwE2mz)13H+v1nLGhZw)O&cgR!C zkroGUYX+%h(Nu>Sg9pJ*o}3;V7M6EwIo|5`O08a^^pqJZs_s!i0w^wIcWZ`}LSRvDsY6_08a zL)=Qb2!y-_8W#t#cB#}LQmnFQDi2#x2OT5|U3v(7&6U<0;PAmX<64q&FF6-Bu`kkb z6fjGqmD`IbXpydPa!hMMQkDu07ZVKmaTR?zU;3hp%agh$65>>Di*&+V$qmIbNnLu> z&PfiJW$!P#jxDKf0kxy4Bed3ANdXx$aP}RXlo08w+hX{Man3GJ_4ox|mRA#5auL30 z<+NQub25v!`qfDZ4E^WWH=8;46-WYYwrbk~iE5+QFumM!*5#oBu8#|nh8Cm2pF~7Y zx-d@*DHCz59|&x?q|$KgcdD)$dRIh@Rx>V5Bq80?-S7et<&s6F1_z{vs6ktiuIa|- zP`q~>8Ff@}8Qz-lNJVgJYUtJj81(b_?{7lVkUxnvQ7|U&!;?lRf|HIp1~D}`rWt@o zFJ@EOsz^U9@097K^T?SE*h^ka`7h*}K;wif+@#O=cLdw#i%T8`IaXEJ<_nq~EZr^h z16vS3YlY5f{K1;KA`m*-&23ODB=@1Pi<^6E6)Bl`r2fHJzDRvG_kOnL@>v==5O7-k zb?{$_${$llXuzLgyP9VLS4iwyCd;rHnwnk{{Q07v?w!DY!s*{smOm2sfA`?~`;Q#} z2=5#y=)Yc0pBL64n!?!@sox5;=S94pRN_V|I*hj9NKRN!{S&4@#3+t`6tQ#|CY$Gs zBlo%nq$joV5()|U3rRF5sW=p;_Tb{GeJcP;_~H?ppjhOkuG)D-GW`R{Xv#%#Y&V2T z5uGLp^!)=dhW@%3)# zBr=k!!#B#*fy}YsHbNWRaHm@((71VDdd%BNc3kq=x>ulME`~k5k4ssA*RH|LGl?C- zo{o7EcDjuH%)!Jc#cWgZ(g@M`Bxq3JW&*+rH!xuw(;E zp_yrAWs3bV*6|x3(FE&qe?nGQH(IkRKPcWG7~amji$4}TS+^dHge$OBh(S{RwiGvS{5 zdHNXalK~7)M$01(p5fdGol4y7DM|%l z{VN6+Crf)m9h*=yvdtB`cZrZZi_w@|J!%)5`KyYvd51izl0fr2w5$s8q}j2wvr}F} zKG(rao8AHj_Q;?;vkmC6{Dp-a7@Yt!Qvu}nnndp+3`{4t{gXOIjN?qD;t%U&&4^$q zAI>i20cq5{Da_{MbCCD+8(!#EX2_Qx!}B>NpfiCT6rT;4zM{5Vr8!s`;3-b6SLGca z8XDRa8DKdDwO_)c;JWW6Efu-i@>;aHk-sqT)LDQ*6DC(y^b3zVyKUyDzveOb(15m6 zaWu6UP>(S$V#)Cby-3Aqun>K#tzj=cyC`-cO5yISDWU7+Vhe?WU-E1-WY_3ta%YB< z*UA;Aw_dTxbC!Gqu_|usUA&G#dotJ#(~j?Zg4og3gK;TNntC~;E``ri#)CF}bd);& zXp~y&1UT%sC+oOukp<_KOgTn|2Ef`AVMa{$$MV@hT$}p!Q7o@{W?K`W`PHV;oK?Z< zc%w(rCb*h`?_oQ|eNoOw5dp?@LH53a#faOt36tjP=()L1FPKE&`HGqg{q>*B<&UKa z^j~A({}aIcCBFO(B(iddfGV@B5KbK$6XzS~-44-bDUq?jHiCEcDR+ zJ#8T`!7im2QM}l4|6vmN2R^`Z6PJG7Ml1hq9yqK_cF75|MdJXF6AzueYWl9eHpLgf;uoOB=!Qvr*QpwvnR7b^(T8<0UPvDnJb`@& z^%C3Nu}JmSeO*{H)iH2qT7y3v9O!{=H3(y8G5tR7~k41s9Q# zJ-}vQC6tCF$PesKW|}JQ+@+f#3gmn~NhTLQgfc~e>d4E+XnJaQ!%y>wf4@W$L6C|# z9xAX;L!@cDTFw)F!5g*;y#WNT56V{~LAjacuti$cu)4IUdw|>E$!!>74s<`i*gf3CziIktCmch(=|aO%KCxnnsR^`rPn} zieRwEYZi*_Ho87AT<;u?2zEsEZWtOvO9FKxlF!|=I11;tyaX$9Xy#)Q#YhNQuP<#3 z=_QRypJHh%yT_k=wi3Ir+9&IcOHqWJ(Z#Vnq-)P=E@Cd+PhRF%ji-%n#?EO|=g#f8 zB->_6jE0;hLiX_`;7Fk54V2Z08wZcLiVzOIacbiS|3PY-GdP;CpnyaUwp~LycCkRu z%52zg?AQe$0tIr5Y=Zt^+hCEsCd_j_Axtj)Py(ix^XT8tL#LwUV%Q_D9ud2j9H|<}7!+)$w zOe)Z<64d5!3m_vLzEK4}H}a|C*Z1`dC7Gx350E$KlJ zcFpP-WLQ3$x)oZj)OctZ9b$BOzMGy6tBd%DO9|QKj2FFaj)#2Nf^CGZdJHC9(uY|RM~T% zQ@6ld%JFv|1;dCGSWe<{9kJM>YBe12Dtw$Rx#W@*`?nHUeFDHe)<;Q=9l5U zFvjUUOm3|3HHp3##%#aOq9^I_5-9`O*H0~%%wk#*bQs*0{euf8v62YYiMKQ3M1V38|pfrgd2W<;KC!b+i+Pq*W6-BbiD&5baWbk z16#<}e~OVu5s6{3Q5be`X5yu_{m}B$OVXNf$UP5poX$2L>b# zH~-p<<`BTOE4jyoia$Dz=JT98ReM?;&GKBB5?wXBNNgyk>l++M>R9RFfsjJ068EZ! zy(>()1?tjzBf4Pl58MX&SJ}}&0_xv(oPWoSAsNIAsNjn*$(;4cZ$a&$m-n1Q^?<~i zs=@EnT~>LdAtOOrW_>~B+3>pK$gI$$^ufNeIe}f!W%qU~a8Wp6ksSLe~Q*=pgNw;vnS58X;X=Ro_9lPZGZfLk)k(^3fwpbA6sJ?DHOMuU@hp}W42QZ%jeyui$(cP&H+2^RiQ#5Z0r*IH zW(#g4B?&`+qU${beYc};86dPI0-pm8A*UPO5F}{6g2%=o&9z+m0IO|Mu6<1h3F+1L zq8AF6(PN86dB%zF%)c2jc=XV8n(J%71i!!HrdkWAk8acj%SFQi(ujeV^1`<-q8z=` zs+%KxEe}ouh63MP)Yf``@F7Cm-w95TN`UBsK;irO6&T7;L z%5f~5RG#etkbZj8#J2-0Tq}aPRSAcW`^^NX>Xi1^W@Wfq>`m-t#FLds98f8}pw73Q z?}cnfVS}a_d}tEvCUsD}t8!KRMnuuH1@u!PLF28Bdfrfrx%PV5OuPLg4qRXf0ZuW$ z>x>saOS~v47XJa0G!90e1>0thZoEdWHV&UNS^gTwLcsYye#{*TH22s3hx>E?)9r~S zeLU=(x|bIZKr3A<%im4-4F>$@;r>?n8*N{;sNELD`DD`fP9g^=B(~!@OzpMNF;L zJMu-_dLh7qCU|g^O>|j*3mh#bB#|9mUExfI91>jf?9xIDJ9g&i1twqyxgJO)Q0CmMsS$c(r@-$WqBUQxCM))M08vmEf(PDi7Z%S z)I>1B`nWTnlinC;7)XgWqDoeUr(rgF-g0O2wO%gev9|wZTXk{}-xp%Ds!fGm*Mjcy zu%f*%u@4Ir>j;04kWDrqI@>EVH9V@%s8105l8r+uUUrs)kY6p=2uxU<3=BotsZi>s z#7@iCDM^OD_5~bx((bTY@s2ibHyx*ehvCF@MYm|0lH(j#jyYR;vCbadH1y;qtY|{VT83wWseUVMO^_)?qrmCB0Ltbi zE2>Lb3qygFuhFxNye=FZvC*R9_QoNv3GgkXYDMOURFPq{{iC0B_-k&A5yCbZb?Y^msKQD3uX{0e-m z|5g{7Ob~b}iimtL@GFL^ret8zaSP5l*gD7hq^IU25KeR5r1FVLXX_&qKxr->7HX$@ zkLKNYZDu4BpJ@IAPO4p}{;F@YtkLVlys!V-x_5(^XkW8m2D;%cY<;xQj;@#VBCw&;xZBu~fpZ@T8~Bcz zH!Sx!vFJ$+tLJ%pE{DzQSInFm%G}QSsfxOex!AuM&E17?yoIRlT5l|nH>i#_MPf?LTPcxayi%gJ92idWf@v<2*ARn0$-Dyn zt5A*a_lQ9sv`~)U$TQ1@9S$luEch}#@N-cJ+`Bi@KOg&}o}*ZPPz&u3qiIsREyfJ) zqeM_$?>t?Eru=*<&J4%i>TC^KJ(bBAO-W@pb1jA)dnn?h@wgfp4)n0%(dz#r*2<^X z9Da(mUBLYZHmUbBBRt{j;TIfp;{_PR?O$2H*Lj(qlONzdY&nDpdBzG-$jh`txtEiExxssxl0WK{JkZ$sAXI{GIs;!J(pq(MR$4?s}P@7z!<5-(gqsYJX2~<$@ zZd+6iEg);^sUc1x`rzBj|JgL5LHS2x+g@#ySyR_yZhu!4l9K^bP7*Dz?9P)_STAGqX! zU=u0yuE%vl%5&ZPZ|$JGGh^O3e($7f2%uxiN2oJ31>zKET_n)?Mi2-7lyQqw>A$C< z1tm_s=u#TxA$YLRXH#$qbXtz_Zt7*S_b*HJ1FhyGg6R0_tESt9hP)s~zCk*4}e$y8ZygG7Pmc>o_<~$dsAw?<* z7R)P>L4gHw2u7}E5+REaAmR0E*xphxN^Q#kBf(9lLe8$}M=prm-Rh8Z+=8)u+SxzC znqJn(@zYn4&&t8k$?-F_Z2RYsR_`B&yaxZ%jJbbx!Tt%P{}cNEvlku_@Z^dwC`}>+ zJR+bjgkSP~DFOiAL2npq;h^`NPCs$+dga1lfK^io(-du#MS_e``l5bK+ z=S)?@-FB1jL5$Kl6GFAk6dRHS6PG}OwWTY5a&zf@u`n`WCTyR>YdckPIh?T**$Fl4 zx=eR&D|q2PWRta1>is=~)ax|K)$gB zv@|WK?euFreX?3uxfoRS=U0|XDDOpZ_r^z-yUpasG+BB3vn;6Dd*zB&K?f#HlkxN5 z-uO~PhN4nLAmj=Cb_Y7ST%WBI?c*Y149aNoTs=@Nz&uR=3|pnANhPRo#)YGKac*+!=ehKIM#W%@~RtRES)hLxF?=;@<0K|+h{QmF%C zWlT%8rGt9xe_+IiV%uJC$x65zAe701S3^zEH^r-{M8@Rg{H_X{HB?N0OE0hw?6Svm z7pRJcsr7ueL{6XAtP;8PC5)w?OdN05c@b*E=Gx4Gy8SvdqGHV^<^OaE-(`C!2}5V% zF0%i`c5PZVW2z(KDX-z6)liW=2_``6@H&g?yp{5eN5naHmA5^3A^dv?uP`U>KXl)k9#h#Uc6p9{C!J2P?$>@!=l7c}PHO8; zI9JruAh=<{Qhdw>Jw{$YDgTsIV1*H$yA^d|@|18youG>Ug=c(62kctFnr}eyC`E*0 zq`Vtz?vvMB6IkV}JGA~q&b5X$fR#j1z{y8Xc;m*(HZBO6VU#kTcpT*Hnk9qF*hHmR zaDhjiC04o>WfC(HH)6n?sOP8#8}Dtd#{KTFU%-k1q(8~(Nq7&)F2~nSTmn-t@wMUm z1T4+gZd0?v4M%PF6Ml#`PXVf7a7#jlMBtskIBP7{V%l<$_N*i70y2*G-A$Y$UwdjT zLTW^=*;?Ak(x936jY3Q>z|0Z$u&?i}{|@8*(JTp$`f(~$O!WK8xct&MH7u3bv_Qli z(~8%K%|6)GxkF0>^c7tafBdnm37x?2H%boGCMK9MhI-j88BUH1<-?GQXIl`JAKgBc zwPz`<6eM4z7$>N(;!Wahku%I2ercz{R;p)nGTAWG@r}MZfo#LNE;Q>^KEfUKuc4r7 zm-&T8T?&)>bpWlrsaG#?Z7{g57xZyjxemdedem=od^rSxa#4WcMZs%Yh}Z_R<6?d! zLYg(LIJjCykU~#Cp|kxpT~sap#init))T1qF*&X~Y)Z=eHtJWFhZ~quhA>^qBL9eH z53CD)ew#RrXl94X68(HV)qjSgzx!nWX$kT#B>D^|#s60%B6UOfFaolBc>79wG`ip# z^Ypc8@iAu95o6oXX)==bL$iGOx>*?L^-Z)5LUkZVyp0uklQFY`sP9_$#Bg@F4kiRl z-s(esl{Y_lKu*FoV_Sp30ZP36jKOHl%hq7AJ3~)tDZM!edas1-`ea(w<%e|Ejw5P} z#y(3AO2j<_B!pNM=y?HlqU;SU5MC>0&TP|3xxVb;4f#Fajf{ddYnbGCDSp&L5>)dkO?Y<$MrhFM966T|#eol;)#$%~X$8 z@@0YM+>}<_lRYwiH5A(EHZz_lR+19vM^Y$ zfO|g{Enos;jpJcA*K_TO=(E1#LO6TAZ6LvK>s!u*GKK~&TIGa)X+Ww((`7@;$5=?{ zJ*;>!x||sxI9evP9umij&`z@AYYn=w%`GKo&R9;iu$F<-WmeX1A_0}=g{NqJ{{n96 zd`rbed7mqhFS3Xs8UMB_TP{w_|wix4mnW0 z5Y-`zBwpcSq%RAG_fwi0D3`(MZB?PwVj0Aw>6bl^BkH2?FS7eydC-Y;DGwN|7$1P@ zaR3JFtH*%n#`DX5@RbJy6US@M~|J+E+G~SQ{lk zPA6yyuR{`7uC#?GPh{XMf~5Ab)9teaS4vm&aK(BaG2c@q`@xVf%r?rVyG$C3EYOdD zUXD|wGU$2#jT}m~)7OxPp=UNZU+6fSbG&vIVZqiAdVGUXc*`a#=dcb!!<=eIBAs47 z7V;LP9=l)s6m;sv7+sX8GMt#a>BXC!tOPl1JL(@K5M22OC~Oc0-=a^cq6S|4)0Y}e zZ!!QRUw=kMrYmInIl;;n#rcbkpBTp?4OPb%dmNK&;Tg5tbPl~8;*^yvI&v#EQQ{9* z#Co>S#$-^Ofn=!7ozAPC@GVMIof5JpBAio#?c~=*(g}Q^%Rv(+)RX<+kjTvJzoXD+ zD1Ewu{Jj`k|3PY&p|uY+7^l0xMAx$dhg7u zH3>l`OaazL(~+Kwl%zZ@HNYMGovl_v z2gG1sXroo>KhyQ_HErGIV61C)1f1XC?qUi+#A$|Fe9LNs@gQTSi!j;0Co6fP~X*rZRn>iB)F1EDrTZ&_|Qkkg2)eJ z(UMiB;uhZef$``nBzf!UG;V?@1@JhU|FL7??9pcCldOOTHEtUyz0|!bp(o}S*`<#; z%(OD9ph96}S8GKZ_#rx2z^Z>DKs)7FbMI7wTr(7%+mu42XM?Od&)$&L9D@4gPDVMf zw2R=Y;0?pR76+tU;O(U>GM;rv)_S`*n&>eq(nErc8ro%u8I_kAjuu-8{tP8&h**lZ zquWe0)DPEZ#(A7)k_6uM+}}(d-1?C)aOGY850>y(GSMdU=?dpE8+~18TkYRM9(6t) z_IGvg8Qye8_Byxk>y>58BRiWEf9_o%e$C4^W}k?-3yuC=^Bw;O^&UFpEyyNl$*B?@ zr$Q%}_kAcE;h((qKR08mf=w?e4J;x)-Sm#@Do1%;h<r(LCS305Xsv&uNC=*#I#FK6?4f)P}lsxzoK5|AuJ>Db+E7Vl7K7n;rqK_WOZ(HR{ zmI}okn7G?!dsQ;oRafZ=h|^asiXtR;=z%ueMNqhXfT-5t zkq3l|shvRtnN`*Y5(5rmtMMeyFOjlM(vUGQPV#!{ai@Xl^`K{r@qv|^3ozEyZ(0YA zYu1&1xA#J%(aPqFwDN-Gp-G++S0@fb{1t>*jIUeRaH}ClQYPOJi}*j;u7B)b71#;8N+~Cs?+R5YW!EJ&wWC-;JR$a{cc^*X{41W zu14%hnih6W5MKI_XKJ#KGM)7B0|DH_w zJBzUSMwOCRdYO>o^Fz0p5zSD1KAW9ktnqao-pibO9vaPZrw9}*B{|j)%=})`Gd#pV z@<;a-mC*i1E=6eI1WR}&px^X#bF}y_#Y{SccHMAlht^Fm4LeqcXi?#1YNM1)6J%(( zih#nIF8Exi4}XptaA(~3Sy6LWL|Tj@*3?#Bam*Y43F|NVi`j4@2*6ui1+(URD=&fy zg^SX&_^Ika1z);Pui=CeZ*kxF`ngq#jKH>Ig5;-6Jy3oRlEi{rS zwYu2Nj!C0ZZDg|0^O*z-P{gwsp1 zDe0Nt3-V!BA+BP=2me+z_Z@s1Udr%D%ES7ll?Fk4LFyvsV9bf|VK=4ybBGF7+HecZ zI>XLT#|I}{j(emF?I8KjxueQ>{>;ST^@1O}#INW3=l+5C=tVwX&MbF@Ow)epq1|y) zUMSQ-MbzP|Z&bH_xxN0bt<5Dge>Sc<^r1g{7MIc~lWMV?V>1boc`}t$= z=ZMzY$dNll8x#cz7=RB3{O3XbAG!d71`Gm%4*YLpX0e3KIHlA01u!!K8EDShWO=8@ z6X4WAHau`JZIVzfV6656D2@*JK#jn?CY!B~&oKU!vZyPy`2LDd@y8 z_7%>>hU%j{^;^jm2_cE>`3x}ILZELLH`IL~h#T|>YQ;G?D@p5A_9(#s5qtQwV}_bGz~>ze_y>_1<;*gs(heT$_wJ?r|0fP{(TC_|@A){qEwPGXFq@8SjC zW^r$Wm$A19W2v(Da8pMZEt!n6o%vxCUf0QsjuDlOiUNaBzYcbk-2# z9%cIcQIF*wai>1j;~px8a|;O;sXdgbYGLGAl2(tes)ng$7pF~q-f3#VERnc2l`V8} zxvlH55X%ir8q?=5TOU*1r7N+ZqHn(~e(LEK%PKH6#3vv%0qGV@Th{w(JP{R?Y5rxrJawoFbEPrFzwJc-=a~;iuS~U=wp4Ew|H+{3(vJ^X;ZR@EH1#$ zxZg$yCLR5Udi)=;Mi>+k=`Xuzxkm}he-ApGY(N@#5<*I|>nnvu`O}5XA!aBSA@2kr zJGcy16WdRB?!?T9oK{I;+T<|h>fgGrS88_kCD|b1l(TvH zThwF=;p!YygFRsscUaHg_(5I9Og~&TwH%mRu2w!qNqjH0xcyCui7+`Aj);?IN}NgV z5GY-~P=2^dpX_Pz7PWpxLTI{<`1FEIxd3;qrjEh3Njk6gC1yEIQLn$^H8E*H#1zUJ zvL3e9cKhiK6Ef)ybl%5lR-xw_p}aae?MQT~cJE9kyD7d^mA*AdU9xT>DgGN@cHb`4 z=ospZ;~>=Vw3HF6AOlG*knGPjU_HNM4qDKuz;S6SMEhO z9e2sS{&41pRy&|A1X?Io8Okj_X@7JDzF_h|co;~M(5ulFAZKYfhw@F==$4}|UXc5_ z&dt9vAjXd}E(AP74yub9-d#|0toBoSlYz`-AVH=eS=h?RufrR@Vi~snXyW6vWUpC( zo$GVMVQ?QeEjaczjgG|uU^X%HNoqa;<0ndz;EF()V%c-dI(*;$H`g<{ms{39A=n#N zB}Ve#Se7UBISo~9YXgkossrGzL_*oBB$Sn0RfH*4n3i?u21_#B<%=c9o=+CEhhd1p zQgZh4!Tf{jWN&1l(2#Goq-Bghcqqk zB0+i|vPW>4a8d_<6ACLl?w5Q0Ny-uNNc>V$ZEnPYtSdh}dN*pVv8}fSP(|Jvd=Tf1 z(;&DA2lJK=Q#$mk+~wM%rzkcD6ZxGg=+2ITC=kVHSBUvN`9o7j>qLZX3qp|r)x1%y^!6Esbh8Lma zD(^)_4#YA>2|#IUulpY@C^{U2yM;+z$-x>IV2nI!U0lzpRAT*wAmB4wfVSY0{)FOe zG2ck&!w@^mXl?Bx{;5`gv$2~A4mOhybx!pRTJyQ;?HXuDCTx914(IW0*ii7mruI~Cf>H)X2g1!k>7=$-L^;uhR>WKtG)0QMEXYinl`Ewwu^%h&?Nb5$RD%eBrt4 zpKbp?rt~kKW}wF%^1q@NIU67i%)g--8TZp|l+2DXyIbHjN!88_kY(FrPq9(IB_~-s z)53MdTCR|sW%4id`oyh&82Eqz%RS;3{QoiRPk8=~USS^yALjeYCPM)gJyOe`JuqsN zA1zvRQNJwDl`e$gj1s~#Vsn;BTk$-IINK#Qm$bS_;qK%xe=p^~befA}XbrvnLT#PY zwK3+m*2Q3upIBzmfTJ64jMx9*lcrc*#$5E`QIsdc7RrpxSvq&FzkU2EVQ5YR88NEM>zN+fPI?^P zz&$G|zorTF#!M;;66^y8-upfn(nuT<9TOD?Y+v!&lBQz=%Qi$MnQS568*Tyos$4@< zWT#yDEw~m~MGu@8=7(_%NsvoIUBkl}v-638%4f?+rNI%J>n#5gjR_cubNp{E3QHwB zECVgtSol9=c#n}@Ca)K@6NUkNGjsAh@E`ev4zZXrU}rPw2f{m+*NWm<|?wti1J&l zS!~$!#cbir>=egI!4@4Q3F%#i)GYdRj{FR&qj-R<8$dc}E>p$BXWtzT5u?^xC*W1k{cnF411G8}rp%k{C<8 znsQ!7Ep?bo2S30DIT#*>0)Kx+@m71^Eil9Fb=*C>9e5$oGXp-x&Y63^ zsGc^rRgf5KuhA(M-KiRSx{A$_eTlG@BbUWYNRzr5EhY8fSFa6$gU_aPsW`Yml!O1KZRSwhMaV%EE#SRm>=cs%NpYoKr5?nZi zLxjsdYx}IIODw2>y$+=BCl|%oZF)f%-RAzlvkOKLbkl2OVGd~9uRJ1Z3qtL%VlmA! zvuxsacf_eEBDhHqA^{!dt>UVHW7m19uY)aKbsHsT1Z%q?LbLj8zIbPc&I3r^cECd-W0z*@ zQ)|&iS*L>0jxC^J<1I)-6Uu|A3p$ItQyx`DUBKdSqEGOGEj! z!M(dp>(vHfosK{?;+pME=i6*IFh26)IznSIKs))0%R;nlaEpj;-0K-Z;VIirL*)dBo>#Kz6A0V4`v zso!qrPeEM|n-iDih1XFOvtQcha^ZQ&18XoiXMRo_E0L$X(#95InI%=F9ItZu5J~xo zlTb1X{QQB#K(>RU+SYu`i=S|~i(%JTfsl}=#E>*-S&Z=lz8zRJjCz3X9z2QEt#RN3m%KS+DT8?FQ8~|huc49k z#XdojKrJy}zfDvzMMXJ=jaKfu>Y48n(TVYN{k zvMvjUfueV^_Yu4!FZASosDokXq6HF%pfOM?$IwYB-L*x77?V5OdNSRK8U`JoIv5f` z{J}yK7?p!Pv~aX?jw{xxd0f-}&9Zuw>#r2HZFI4`r5z?9G+7&G0M6E&{JK z-YZ#Domyt?b`6|Ikvr|au`U-Lq?R6f&l(yN#M`2?=k~4A2MKG?jB=rahDT;fHhvpj z7r_?D9jJs35e=XA01XrW!I)tUlQR^kV5JTWV+_af+{a=H$nj^&q{MBG_ykwO_xWt- zh9P1IvJzIz{$2M&utWl86mYzgmuTw}{jDTsXQ1V}`nC0{PJGJJ<}Mmmumjv5r`%}j zYt@pfHD#q&OTj5OH;+K9YJ`N4eYcaz@qv2L8T?CUGGOUxdNN?C>)1r2D>ME4f7OZpR{-lA1!TGD zg*&*V`X!I&{KAzPNU65d!-4^1#~S^DgKR6V3Z2-!TAlg;M+9Sr{;vSW`~L`Fr_l)S zJc}By+Ayq8IWh2IeKy2iZB)>)(DYI}?lnAyY$EwRM_$)d4rzP#b(Yh?+P}{WWw?H& zBD)kIjf%Otp*7kQH)nbg&emqZ4c-<8Z30T9nu~mAaY-azwQ3VUX5xDMPNF>|ou>jK zlOvQMK!_rI%OWyB?h%j%t*S&$c^M+N>@E3tT>SjQs!)mvlnVK4YXysy5UnT`lZ~MY zX5XvADjgDB(W)w1%6auZUZEbWM?CTDZe@gC&M&K0`K|5^vf}5L`cQ^xy0|MPBsj!l zuFR6;n;Xu|o|-FF2*0{AJ55zC z4UNdd3+)GqSC-Q!aCMoVvzeDNk~L1Iw=-PzM&Ohz+v3Vu40x8nAptw6tUh zGu33l!cWK!gZgfoDTJnx(NoQ6uBBmXQwxmCol5n?)ThRpQrR$`8&S$|CxAHDPom(>VE!@RfQ@ zW`1sn)a9Z#o}tyf?aj^EP)(}g6D|z{d5La$3l@d<_Fx%?|fVI0IMDe>s~$K^>FByA~9dZ z+~{6DAc+=@8>1;41j)iM?kt{$=2bEYE88!$k6G$ow+aaKu9-dZ2osoGpM`$XMUQJo zw9gJR1Q+FHPkSHxtq<)^uX-9K$fmAlEIUBEVP4zkfnU^S16f(3BVGDw*Ni0gH5TC5 z5yU2a-%({^`{PFX@X)2?VHStnws$&#$^v0l^_rj)OUZ`4X`D3qIho6?&#N&#=#{Z7 zMPy(%)pNs)J@jILY}uQTCgwf$s2ROGeaLuK#AAD@;cFG1P{u)5kos9=I|)NI?!vPY zzK^>Y37cfOnej9~RX4&-7a?FT65VJDz+#*k?A}(t0vdlVd&Lay11oN0$A00g1#KOf^>2v#6NPkK6#2cf6 z7VHd|cE7V;T|ZNl4SfCH*tBzvPWA(o@#;ayBi0&@)fhqRIfLW1p{Zb|BT6tDh4N}&DYyt77iIGr$}Xcvh0w?@Z?YOR_>7y z>r)FIY`=<|d<2<^cUcs%Ns@^)!HY0W+z!`d-(0RfhL1?Vp)E0|0&Nv7^Ykd(lJ*{- z*^fKi_djT|vP{Djq+>j9ZF=DQ`C^Fd+wO!hC_J{W^H?}7kjMHsA{~xVIUlrdP^t6L z!_77Z5zN%yo!h6bK;lekGkO&xad3;o)i zc5B#(ovl+z=9(W`_az9FaQ9+|*s0LWFoAE7wFgx}NLDHNYYu^zBkhpIWd2VQSoQ=b zxvd|n-)4>(MkpffI0HQTUHF8?4r0VL_{367Fu}CIwmH5nV}JWu=|#@`w3ys$wPYzt zGX(fx=;?m(2T43teUcOk2(4&}p;lx#equ0dX%@#UrR1_Jvmh}aVWsv#&n{0!(-laO zUr=+ErkOPlHt5U77^-a72EK{5nW#Q&oF7?5wu$%L_$sR6GnM0K7z@n6p|m3$4&W~# zWpt;ykx!Ra@gA8V1}Q3R%jfvuAHFIhJ0KS2YY2G#{Ywn0?d*ez^&l}kW|5v8M!(7) zil@q|}Tu(BfUn0G*Vob|&L$efj9T$?3s(+iOKXaVt|DuV0yK!~Mr#mk$n@bIer zYQ1eJesd$oTQ%yh+T%Fts^N44veJ(gos82m8E?2+a1Fe2hbmGENG?OIa-uV5{&UkS^U*}L1GZ&T+00u@i>ApA_cql?`WV*I;F z2mH?cM^v1H&G7U$_*mB<`ZYQMyzly*0};yh&pzJ}Z}bAcJ~bpCrb?pY!j6Tfvrt90 zyoG>?qNf-Uu|Q^S7)jW4EH?AD`k-!oh&@>@;n34?FEO9LYZgs+FPKk9?>k`H;PERx zEcQ$F4H$fIH#}ba!eWS+u2y9ObE()*maR214B#7bgnQjN1F4H<8V|sB?$TCv8SpSo(%`i2fmO7y`0Z zZUyBlJyTyQ^>0VdYfh1=7@H0R(g829o7S+3D76oF`(o^bnpbtc^K@5+ui{W(_Vv|3 zVZzT8o# zIqN>$bsxLCcK1uIziaKP|J&lx4ObT5>4bw}0YA>RC1w^L_)%_@tn+fBY0rCnf}|JY zS83b3@(yhxy5rzpb#et{Ps5E+5MC!!-Wo?*_W|2Ep-X#$hheE{14=A_n1F*$xy5@xtnfc#eS z8Gl4-Kq`(?_Ua?z9!#jKIZ2`(viXV#C-77uoKzA7wzIu7bWowYZ-Ep0@&ka!i>)qE zWRqJOD}O#Df^vs(yIPC)Ia?jED~g*xGJe~1jK~Y^+8cim_rBvoO{6sh1f2)0VviDG zV2F5S&gWr+)70H6UQP(gsH?vEQL)BQj(#>8B#i=Q))Ryd|KcoJ$}iDm_MD8zNwYQJ zO>GXB>MOh~=SgQk99Px!ABe$1bC(){8T`bd$iehuw6o|uDTP@ZP4>`o~jse#uZu;DaT3R z_nKq}1k`evTDC&8Cgby3*Pn7+S=WJw|0HelX$zh!96`A4rM_L|Hfm2xd@a_CBUWwf zcdUqMW|rm$I^FAt-!j_m-2zO9%^4Gl>V~Zy-Hni4$HS;VI}@4HMk9}Si|G&^IE3>= zMq>zBsqT(i0f4kOXOd&CvIl648&@vWKU-P=)F#GrmS!*GzvVyKptWb(KMWjJaj`62 zZJmP0H{{p)``2|-angG<0jT!3b(7*!niu)}x9eZSir>uIaY|-#Wq;US>z5Oq0 z%0El+ZgJp3F>QAu?$|B92Syh8$-~WUC3&SShWe&eRujssI~N6X1S;zVAgheeXe7nB za2{*uTlfa;wG%0Qbw$F<%_&WG>^n2aro{v;;YL~@_(*k+CL~o*pfvVrw3pBkxM5wC z^5i+(0cWo6uuXNbexXnBv{IT0&#w=-Ylp?U6_;8jh!Uept%N#DZIw5SCY$W`FRsbD z93NJ3y)8!`kBrn6hW^ZM?f34{FcpYPHxKK&Q>FJ-b^gWE{T4}iXLNT_jBqbn*YfN< z)xeEGFC}4+0}1V;ki|^&JB}_sj(6jHsZx;=qsWx~u6#fTDSYD?&aA*WF$V7zac_6B zwzqDcX$01F3R%XbQNjkNZtxWv2lOt89kK!cw$KOxYwgcWgi zh)zzvUm5uU;<~1{0-n&SBgtg|IDE5^$&=K(32(Fa@R;_qIkG=W(I-1q04Zq)@M6IUQ>6r%o<*%1 z)8;w6yRV%ixbl~SZ;(1T@0NWV^#qfZF=Ksv-Gu;*Wbnwr=h=+!o<~HU9%OY|R0Dq= z&>d&vtA>4H+_n_C(7MdacD-6`h))6W)8GSs=S;h)PX9K<+{M&he$BvZVap~<{WdBD z^i;t7Ek`{a4g`*x<-Lje-LX7qG)x$7^LH}$D7QPeNj|r+ZM)lb+EOCLjtN{URJL_K zqiIslo@2Q-&RjORI6Y^|oy{a4$>`jOCo3D&sq!P`l!7@cxZ5x=(7sg0PY1usYxb}* zBQs!TGs&JQKHFH_@p2slmHf7uI*rSM&G2Xeo4Is+x34MpfMq>SlPPa)#-y!}1R^rU2jT{lhH;Kt0hbBVNv`d-wfJLlnBh_I{6ZZ`fnibm{>*V=^ z>W?ynRSUl}_}X*;)8j{;{fDT&0UgIQte|Hy27Lv4(ccPvX!S3R8yY0gM{G@atyAfR zeD)_z3Ld@|h<0;0qD{Gu!z&|=hT`awRFXAiATE@=q1|YzvCf1D_j$q8(COm*)3J(K zGwP^y4X$I~V5qXTK$`g;w~|t&41LoM1B*Ur4?z?@(&5=LeS0sd_ec7=MjTr0V(os=y*X7#%1W|bQcpO9Wz=U1( z#Ew^Ed5b{T1r8{e`KuxUFDf_BqFe$1qr0#BgK4GZ`){A0)vOHw%oLr+`P1vqP1-3UJ(Hjd z6IFeg1!|VJqA91NUzu*0j9Z(GxXBG(2O=?g`}EGCM^8=xN+O_-48>M6S$2z*Wer|L zbK?xF*iRGwH6aLzVsqhp7#GgcX zl`(-NP|h=2TUr^BD_+w}4j$%L&k%Z#b3%}!J~t3*7=D|ioW~j zsiE$lL%+J8SQRt|>RCPCi1=E7kl>FJw-#BJ&QaA5##_~GvuRv?iw&dQA?|o?DjJ~X zi7)>>;;54c~ z7NbU09HRsNOvMZTg;mz@)%1uv^Nv8Q^#^AVVpX+qaK`}!{KqBI6!F;_RL6mWp}bqY zR*R$U;5Vms2CVbHXZ++HIsG<3D+j`%TRN^SM>~hGT(ZO0Dj7ozPxJ3-4C&{ zc{ef(ao3;b>3(v%ukSBy2|O=YZdZ7!Zq&zg7oVJk2A${c1Xw`%8F&}`R%$e+dJ%#q z@K#z3A-u5d%p}6}(I_Q!b?Gbp7h=hcv?RQczq!e5c4kg-QXyD_>S{ zl+p$Q^Gp+p=4;2XGJ~@Za0|ta4)DNjSu-Qad3gBD- z4!B_!V6@hf+{dEyicS#`)y~xa-o)d5b6yxxRtA;{W{rt;BgXBh{PPj-p}tPVSAs&V zxcb_(uII$`4&DnF0(>zqFF<>#xb;X%IKI<-%FVUYMpTlB{a3TqUdWWI~v}dlHU&@#X{L+LN|+1LfBqN zu?)U=?EqU?EkR@s7$F}y%frS2$jQmIQK~el;6^6;eH~$#RW&61;=%diy!6QOIG0~V z>|o7@oAS%v&d*%4f+&*6bV~Y_O_`hg*3R8XTh>9aRbi6O*YuIA&Nb@&q`oh+;PbGIZf9y`;re)x%2O=s zKMz=+!X95G=KSYtY>xJS^ZF6ssQ;_ys^cRk{l9yz+LRfY6=JoQ$(+~^hN1va+!tIo zLJaY?Ubw4Tb0+!CDm`^lKR>5X@px&3n{MQF)zx>>qJ$!IXidR$IGDiAIfc&!btmCM zrcJ1zHM~k9p9Se#ZcR1Z8+!gXF|@Nzr>?{FvHgpp?qR$dS!qX?7Gf>f%0m5Lo7BsU&yb8Z7V|boDaJzNB zuv5A`y(>vIa}2R8cu5<$#1m=f5k;MEW&W#%LUjsQ9<=^qfy$aZSG<|uX|NXi%H(hZ zDqYNujMArxwd{r_JcjICb>yKj$<+OGg|`~SkuhET0165Zj`<-Pi*-<-5Gu&XK#)b1 zuq`;9*$lf()Db>|!QdYV`v`6h4hLs8)ZZ*ul`^xX=_EBfF1NUM2)fpGGG7IqlS5dr z@a7++;MXou_oj;n8qUi(&@CuYIb=Q6Ul1hl4;x=E9njp5%AUnpl;B8w+~}5Wuy+*V z;G&c5MV!H88{E@zf8gOte50eYIUqA`hi#GuLV?rNItrDUG&Gf45fWKZYDxWQiIG}% zaOTYfL6uZwZ8~a3uwX+OM6c}{jsuMzo5-0w)+hTR00m*?aVGGBpow;84wXY~q70!%X;9gvyNqOE5T|8`Q z?7eWoMrejrp_TlBc~y+D^M@mrUe`3c6iAom?=<&z2H5W`rX6x>Tx78W?mo1G)@-)| z+QqGWC@+e}QsxMRgdIOyNs3~pn(T(G*mvO@0bz972$jAX3Q2SzNsk)4I;Vir@NF=e z&6gz)1fvM$D$a&_VQM7 zM#=msqZJkBJ-$M_F#gB-~Rgpk+5o%X>fu(rZb^`hR^D#tms z1>5di zTbR3bPVYC6@qxWIomLiH&fyRfo>)L*F~5zZ#nh25j_ew6+T@4aLVxGfUR)&*o+V@> zxNf_1BTbkx3?3uw>A6!UI*l!n!WA0b8gmqOSorW*#YXvfq zK7^Nnf7iYhM6RlSAZx$-I3gRAOu%lcacF?z^Ol6Y`uo)fSBiBVlZz`wh1@kxs5zFO z9qTvq&t7bdS0nB}m4EuvO$Ip|0`*7x8MfZHdmOHM@KvDSVY+cNM4`Bot@&-n?f)#wtj73_)XUE3Wx9ad%JlRsk2{fv+M51v!%N;+aK2y zM>L9h!-C`J+_W4vARAKZ!hnkPx6!#KKSW5JS5otG;L0}u1~Ugt zj(0Zc8#*5;YMvF9jCkqzi~RWDA^{**TbROH__BBC3vP^`XrlQ}$M5=bj`g1Fx(~1f zGqEkApG?d5v>zZIa(99zA>%J8x1RMYfqKj(_NudiQpi%fFQOp9xjUbd_N)Fl>z^!! zf15e}NXcJwxBn^z4-Q;~(}&^UeynS>L%V%%TQYVaM$-7Fb~nj#Fs2CBnVKQtws`}U z{wdSXcG%|^$Ok-oApOtYa(j{IuaUxSC}l;&>|ecq7@^jBnHX~hAvX3$=5+*g^s`Fv zaA465&y}_HYNLUNoHvQ)X1iiz!oBkHqevkdgH~^RxNIOfDf`21l@WezM=CWxxYz=j z@#7YzuK8Zu!9AyPNi!dLP6pb@E&+xMv#aG$9XT)F+)v~Gu|+qqIn@VyNkF?YJMU_m`p|7j!%p%v_a zf9uI!uI$Z&3dJH2K)>2+znP|@oSER~ + deb [signed-by={{ nginx.lookup.package_repo_keyring }}] + http://nginx.org/packages/{{ grains.os | lower }}/ {{ grains.oscodename }} nginx + - require_in: - pkg: nginx_install - watch_in: @@ -60,10 +78,10 @@ nginx_ppa_repo: {%- else %} - absent {%- endif %} - {% if salt['grains.get']('os') == 'Ubuntu' %} + {% if grains.os == 'Ubuntu' %} - ppa: nginx/{{ nginx.ppa_version }} {% else %} - - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains['oscodename'] }} main + - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains.oscodename }} main - keyid: C300EE8C - keyserver: keyserver.ubuntu.com {% endif %} @@ -73,25 +91,49 @@ nginx_ppa_repo: - pkg: nginx_install {%- endif %} + {%- if from_phusionpassenger %} +nginx_phusionpassenger_repo_keyring: + file.managed: + - name: /usr/share/keyrings/phusionpassenger-archive-keyring.gpg + - source: {{ files_switch(['phusionpassenger-archive-keyring.gpg'], + lookup='nginx_phusionpassenger_repo_keyring' + ) + }} + - require_in: + - {{ resource_repo_managed }}: nginx_phusionpassenger_repo + +# Remove the old repo file +nginx_phusionpassenger_repo_remove: + pkgrepo.absent: + - name: deb http://nginx.org/packages/{{ grains.os |lower }}/ {{ grains.oscodename }} nginx + - keyid: 561F9B9CAC40B2F7 + - require_in: + - {{ resource_repo_managed }}: nginx_phusionpassenger_repo + file.absent: + - name: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains.oscodename }}.list + - require_in: + - {{ resource_repo_managed }}: nginx_phusionpassenger_repo + {%- endif %} + nginx_phusionpassenger_repo: - pkgrepo: + file: {%- if from_phusionpassenger %} - managed {%- else %} - absent {%- endif %} - - humanname: nginx phusionpassenger repo - - name: deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains['oscodename'] }} main - - file: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains['oscodename'] }}.list - - keyid: 561F9B9CAC40B2F7 - - keyserver: keyserver.ubuntu.com + - name: /etc/apt/sources.list.d/phusionpassenger-official-{{ grains.oscodename }}.list + - contents: > + deb [signed-by={{ nginx.lookup.passenger_package_repo_keyring }}] + https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains.oscodename }} main + - require_in: - pkg: nginx_install - watch_in: - pkg: nginx_install {% endif %} -{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %} +{% if grains.os_family == 'Suse' or grains.os == 'SUSE' %} nginx_zypp_repo: pkgrepo: {%- if from_official %} @@ -112,7 +154,23 @@ nginx_zypp_repo: - pkg: nginx_install {% endif %} -{% if salt['grains.get']('os_family') == 'RedHat' %} +{% if grains.os_family == 'RedHat' %} + {% if grains.get('osfinger', '') == 'Amazon Linux-2' %} +nginx_epel_repo: + pkgrepo.managed: + - name: epel + - humanname: Extra Packages for Enterprise Linux 7 - $basearch + - mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch + - enabled: 1 + - gpgcheck: 1 + - gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + - failovermethod: priority + - require_in: + - pkg: nginx_install + - watch_in: + - pkg: nginx_install +{% endif %} + nginx_yum_repo: pkgrepo: {%- if from_official %} @@ -122,7 +180,7 @@ nginx_yum_repo: {%- endif %} - name: nginx - humanname: nginx repo - {%- if salt['grains.get']('os') == 'CentOS' %} + {%- if grains.os == 'CentOS' %} - baseurl: 'http://nginx.org/packages/centos/$releasever/$basearch/' {%- else %} - baseurl: 'http://nginx.org/packages/rhel/{{ nginx.lookup.rh_os_releasever }}/$basearch/' @@ -147,7 +205,7 @@ nginx_phusionpassenger_yum_repo: - baseurl: 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch' - repo_gpgcheck: 1 - gpgcheck: 0 - - gpgkey: 'https://packagecloud.io/gpg.key' + - gpgkey: 'https://oss-binaries.phusionpassenger.com/yum/definitions/RPM-GPG-KEY.asc' - enabled: True - sslverify: 1 - sslcacert: /etc/pki/tls/certs/ca-bundle.crt diff --git a/nginx/servers.sls b/nginx/servers.sls index f3033bb2..4f26fd4b 100644 --- a/nginx/servers.sls +++ b/nginx/servers.sls @@ -5,12 +5,11 @@ {%- set tplroot = tpldir.split('/')[0] %} {%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %} {%- from tplroot ~ '/servers_config.sls' import server_states with context %} -{%- from tplroot ~ '/service.sls' import service_function with context %} {% macro file_requisites(states) %} - {%- for state in states %} - - file: {{ state }} - {%- endfor -%} +{%- for state in states %} + - file: {{ state }} +{%- endfor -%} {% endmacro %} include: @@ -18,15 +17,14 @@ include: - nginx.servers_config {% if server_states|length() > 0 %} -nginx_service_reload: - service.{{ service_function }}: - - name: {{ nginx.lookup.service }} - - reload: True - - use: - - service: nginx_service - - listen: - {{ file_requisites(server_states) }} - - require: - {{ file_requisites(server_states) }} - - service: nginx_service +extend: + nginx_service: + service: + - reload: True + - require: + - file: nginx_config + {{ file_requisites(server_states) }} + - listen: + - file: nginx_config + {{ file_requisites(server_states) }} {% endif %} diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls index 3d86d1a1..0b1a4f1b 100644 --- a/nginx/servers_config.sls +++ b/nginx/servers_config.sls @@ -10,8 +10,9 @@ {% set server_states = [] %} {#- _nginx is a lightened copy of nginx map intended to passed in templates #} {%- set _nginx = nginx.copy() %} -{%- do _nginx.pop('snippets') %} -{%- do _nginx.pop('servers') %} +{%- do _nginx.pop('streams') if nginx.streams is defined %} +{%- do _nginx.pop('snippets') if nginx.snippets is defined %} +{%- do _nginx.pop('servers') if nginx.servers is defined %} # Simple path concatenation. # Needs work to make this function on windows. @@ -52,6 +53,7 @@ file.symlink: {{ sls_block(nginx.servers.symlink_opts) }} - name: {{ server_path(server, state) }} + - makedirs: True - target: {{ server_path(server, anti_state) }} {%- else %} {%- if deleted == True %} @@ -98,10 +100,6 @@ nginx_server_available_dir: - clean: {{ nginx.servers.purge_servers_config }} {%- endif %} -# Manage the actual server files -{% for server, settings in nginx.servers.managed.items() %} -{% endfor %} - # Managed enabled/disabled state for servers {% for server, settings in nginx.servers.managed.items() %} {% set conf_state_id = 'server_conf_' ~ loop.index0 %} @@ -109,6 +107,7 @@ nginx_server_available_dir: {{ conf_state_id }}: file.absent: - name: {{ server_curpath(server) }} +{% do server_states.append(conf_state_id) %} {% else %} {% if settings.enabled == True %} {{ conf_state_id }}: @@ -125,8 +124,12 @@ nginx_server_available_dir: }} - makedirs: True - template: jinja - - require_in: - - service: nginx_service + {%- if 'requires' in settings %} + - require: + {%- for k, v in settings.requires.items() %} + - {{ k }}: {{ v }} + {%- endfor %} + {%- endif %} {% if 'source_path' not in settings.config %} - context: config: {{ settings.config|json(sort_keys=False) }} @@ -156,9 +159,7 @@ nginx_server_available_dir: - file: {{ conf_state_id }} {% endif %} -{% if 'deleted' not in settings or ( 'deleted' in settings and settings.deleted == False ) %} {% do server_states.append(status_state_id) %} -{% endif %} {%- endif %} {# enabled != available_dir #} {% endif %} {% endfor %} diff --git a/nginx/service.sls b/nginx/service.sls index 9cbc5cc8..adb51f09 100644 --- a/nginx/service.sls +++ b/nginx/service.sls @@ -42,3 +42,6 @@ nginx_service: {% else %} - pkg: nginx_install {% endif %} +{% if nginx.check_config_before_apply %} + - onlyif: /usr/sbin/nginx -t +{% endif %} diff --git a/nginx/snippets.sls b/nginx/snippets.sls index 31a0a150..3bd78349 100644 --- a/nginx/snippets.sls +++ b/nginx/snippets.sls @@ -8,8 +8,8 @@ {#- _nginx is a lightened copy of nginx map intended to passed in templates #} {%- set _nginx = nginx.copy() %} -{%- do _nginx.pop('snippets') %} -{%- do _nginx.pop('servers') %} +{%- do _nginx.pop('snippets') if nginx.snippets is defined %} +{%- do _nginx.pop('servers') if nginx.servers is defined %} nginx_snippets_dir: file.directory: @@ -28,4 +28,11 @@ nginx_snippet_{{ snippet }}: - context: config: {{ config|json() }} nginx: {{ _nginx|json() }} + - require: + - file: nginx_snippets_dir + - require_in: + - file: nginx_config + - sls: nginx.servers + - sls: nginx.servers_config + - service: nginx_service {% endfor %} diff --git a/nginx/streams.sls b/nginx/streams.sls new file mode 100644 index 00000000..3bf4d990 --- /dev/null +++ b/nginx/streams.sls @@ -0,0 +1,33 @@ +# nginx.streams +# +# Manages creation of streams + +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %} +{%- from tplroot ~ '/libtofs.jinja' import files_switch with context %} + +{#- _nginx is a lightened copy of nginx map intended to passed in templates #} +{%- set _nginx = nginx.copy() %} + +{%- do _nginx.pop('streams') if nginx.snippets is defined %} +{%- do _nginx.pop('servers') if nginx.servers is defined %} + + +nginx_streams_dir: + file.directory: + {{ sls_block(nginx.servers.dir_opts) }} + - name: {{ nginx.lookup.streams_dir }} + +{% for stream, config in nginx.streams.items() %} +nginx_streams_{{ stream }}: + file.managed: + - name: {{ nginx.lookup.streams_dir ~ '/' ~ stream }} + - source: {{ files_switch([ stream, 'server.conf' ], + 'nginx_stream_file_managed' + ) + }} + - template: jinja + - context: + config: {{ config|json() }} + nginx: {{ _nginx|json() }} +{% endfor %} diff --git a/pillar.example b/pillar.example index 3654979e..24d91a6e 100644 --- a/pillar.example +++ b/pillar.example @@ -28,6 +28,17 @@ nginx: source_version: '1.10.0' source_hash: '' + # Check the configuration before applying: + # To prevent applying a configuration that might break nginx, set this + # parameter to true so the configuration is checked BEFORE applying. If + # the check fails, the state will fail and it won't be deployed. + # CAVEAT: As the configuration file is created in a temp dir, it can't + # have relative references or it will fail to check. You'll need to + # specify full paths where required (ie, `include`, `load_module`, + # `snippets`, etc.0 + # Defaults to false + check_config_before_apply: false + # These are usually set by grains in map.jinja # Typically you can comment these out. lookup: @@ -94,7 +105,16 @@ nginx: - upstream netdata: - server: 127.0.0.1:19999 - keepalive: 64 - + + streams: + example_stream: + - upstream some_upstream: + - server: '10.0.0.1:8000' + - server: '10.0.0.2:8000' + - server: + - listen: 7000 + - proxy_pass: some_upstream + server: # this partially exposes file.managed parameters as they relate to the main # nginx.conf file @@ -191,6 +211,18 @@ nginx: # and None indicates no action enabled: true + # This let's you add dependencies on other resources being applied for a + # particular vhost + # A common case is when you use this formula together with letsencrypt's, + # validating through nginx: you need nginx running (to validate the vhost) but + # can't have the ssl vhost up until the certificate is created (because it + # won't exist and will make nginx fail to load the configuration) + # + # An example, when using LE to create the cert for 'some.host.domain': + # requires: + # cmd: create-initial-cert-some.host.domain + requires: {} + # Remove the site config file shipped by nginx # (i.e. '/etc/nginx/sites-available/default' by default) # It also remove the symlink (if it is exists). diff --git a/pre-commit_semantic-release.sh b/pre-commit_semantic-release.sh index 458b7b64..80f46e20 100755 --- a/pre-commit_semantic-release.sh +++ b/pre-commit_semantic-release.sh @@ -7,16 +7,16 @@ sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA ############################################################################### -# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst` +# (B) Use `m2r2` to convert automatically produced `.md` docs to `.rst` ############################################################################### -# Install `m2r` -pip3 install m2r +# Install `m2r2` +pip3 install m2r2 # Copy and then convert the `.md` docs cp ./*.md docs/ cd docs/ || exit -m2r --overwrite ./*.md +m2r2 --overwrite ./*.md # Change excess `H1` headings to `H2` in converted `CHANGELOG.rst` sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb index fb7d69c7..c2845eb8 100644 --- a/test/integration/default/controls/config.rb +++ b/test/integration/default/controls/config.rb @@ -1,37 +1,52 @@ +# frozen_string_literal: true + # Set defaults, use debian as base -server_available = '/etc/nginx/sites-available' -server_enabled = '/etc/nginx/sites-enabled' - -# Override by OS -case os[:name] -when 'redhat', 'centos', 'fedora' - server_available = '/etc/nginx/conf.d' - server_enabled = '/etc/nginx/conf.d' -when 'opensuse' - server_available = '/etc/nginx/vhosts.d' - server_enabled = '/etc/nginx/vhosts.d' -end +# Override by platform family +server_available, server_enabled = + case platform[:family] + when 'redhat', 'fedora' + %w[/etc/nginx/conf.d /etc/nginx/conf.d] + when 'suse' + %w[/etc/nginx/vhosts.d /etc/nginx/vhosts.d] + when 'bsd' + %w[/usr/local/etc/nginx/sites-available /usr/local/etc/nginx/sites-enabled] + else + %w[/etc/nginx/sites-available /etc/nginx/sites-enabled] + end + +nginx_conf, snippets_letsencrypt_conf, file_owner, file_group = + case platform[:family] + when 'bsd' + %w[/usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/snippets/letsencrypt.conf + root wheel] + else + %w[/etc/nginx/nginx.conf /etc/nginx/snippets/letsencrypt.conf root root] + end control 'Nginx configuration' do title 'should match desired lines' # main configuration - describe file('/etc/nginx/nginx.conf') do + describe file(nginx_conf) do it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } + it { should be_owned_by file_owner } + it { should be_grouped_into file_group } its('mode') { should cmp '0644' } - its('content') { should include %Q[ log_format main '$remote_addr - $remote_user [$time_local] $status ' + its('content') do + # rubocop:disable Metrics/LineLength + should include %( log_format main '$remote_addr - $remote_user [$time_local] $status ' '"$request" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"';] } + '"$http_user_agent" "$http_x_forwarded_for"';) + # rubocop:enable Metrics/LineLength + end end # snippets configuration - describe file('/etc/nginx/snippets/letsencrypt.conf') do + describe file(snippets_letsencrypt_conf) do it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } + it { should be_owned_by file_owner } + it { should be_grouped_into file_group } its('mode') { should cmp '0644' } its('content') { should include 'location ^~ /.well-known/acme-challenge/ {' } its('content') { should include 'proxy_pass http://localhost:9999;' } @@ -40,15 +55,14 @@ # sites configuration [server_available, server_enabled].each do |dir| - - describe file ("#{dir}/default") do - it { should_not exist } + describe file "#{dir}/default" do + it { should_not exist } end - describe file ("#{dir}/mysite") do + describe file "#{dir}/mysite" do it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } + it { should be_owned_by file_owner } + it { should be_grouped_into file_group } its('mode') { should cmp '0644' } its('content') { should include 'server_name localhost;' } its('content') { should include 'listen 80 default_server;' } @@ -57,6 +71,16 @@ its('content') { should include 'try_files $uri $uri/ =404;' } its('content') { should include 'include snippets/letsencrypt.conf;' } end - + describe file "#{dir}/mysite_with_require" do + it { should be_file } + it { should be_owned_by file_owner } + it { should be_grouped_into file_group } + its('mode') { should cmp '0644' } + its('content') { should include 'server_name with-deps;' } + its('content') { should include 'listen 80;' } + its('content') { should include 'index index.html index.htm;' } + its('content') { should include 'location ~ .htm {' } + its('content') { should include 'try_files $uri $uri/ =404;' } + end end end diff --git a/test/integration/default/controls/file.rb b/test/integration/default/controls/file.rb new file mode 100644 index 00000000..57151af8 --- /dev/null +++ b/test/integration/default/controls/file.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +control 'Dependency test file' do + title 'should exist' + + describe file('/tmp/created_to_test_dependencies') do + it { should be_file } + end +end diff --git a/test/integration/default/controls/install.rb b/test/integration/default/controls/install.rb index 49aea2e3..5aa8d0e4 100644 --- a/test/integration/default/controls/install.rb +++ b/test/integration/default/controls/install.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + control 'Nginx package' do title 'should be installed' diff --git a/test/integration/default/controls/service.rb b/test/integration/default/controls/service.rb index 5dad48c7..605e9364 100644 --- a/test/integration/default/controls/service.rb +++ b/test/integration/default/controls/service.rb @@ -1,7 +1,10 @@ +# frozen_string_literal: true + control 'Nginx service' do title 'should be running and enabled' describe service('nginx') do + it { should be_installed } it { should be_enabled } it { should be_running } end diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml index bd6a0655..987eb15b 100644 --- a/test/integration/default/inspec.yml +++ b/test/integration/default/inspec.yml @@ -6,6 +6,9 @@ title: nginx formula maintainer: SaltStack Formulas license: Apache-2.0 summary: Verify that the nginx formula is setup and configured correctly +depends: + - name: share + path: test/integration/share supports: - platform-name: debian - platform-name: ubuntu @@ -14,5 +17,11 @@ supports: - platform-name: opensuse - platform-name: suse - platform-name: freebsd + - platform-name: openbsd - platform-name: amazon + - platform-name: oracle - platform-name: arch + - platform-name: gentoo + - platform-name: almalinux + - platform-name: rocky + - platform: windows diff --git a/test/integration/passenger/README.md b/test/integration/passenger/README.md new file mode 100644 index 00000000..66fa3cd4 --- /dev/null +++ b/test/integration/passenger/README.md @@ -0,0 +1,50 @@ +# InSpec Profile: `passenger` + +This shows the implementation of the `passenger` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +## Verify a profile + +InSpec ships with built-in features to verify a profile structure. + +```bash +$ inspec check passenger +Summary +------- +Location: passenger +Profile: profile +Controls: 4 +Timestamp: 2019-06-24T23:09:01+00:00 +Valid: true + +Errors +------ + +Warnings +-------- +``` + +## Execute a profile + +To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. + +```bash +$ inspec exec passenger +.. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +8 examples, 0 failures +``` + +## Execute a specific control from a profile + +To run one control from the profile use `inspec exec /path/to/profile --controls name`. + +```bash +$ inspec exec passenger --controls package +. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +1 examples, 0 failures +``` + +See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). diff --git a/test/integration/passenger/controls/config.rb b/test/integration/passenger/controls/config.rb new file mode 100644 index 00000000..177a8dc9 --- /dev/null +++ b/test/integration/passenger/controls/config.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +# Set defaults, use debian as base + +# Override by OS Family +case platform[:family] +when 'redhat', 'centos', 'fedora' + server_available = '/etc/nginx/conf.d' + server_enabled = '/etc/nginx/conf.d' + passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so' + passenger_root = '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_config_file = '/etc/nginx/conf.d/passenger.conf' + should_not_exist_file = '/etc/nginx/conf.d/mod-http-passenger.conf' +when 'debian', 'ubuntu' + server_available = '/etc/nginx/sites-available' + server_enabled = '/etc/nginx/sites-enabled' + passenger_mod = '/usr/lib/nginx/modules/ngx_http_passenger_module.so' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_config_file = '/etc/nginx/conf.d/mod-http-passenger.conf' + should_not_exist_file = '/etc/nginx/conf.d/passenger.conf' +end + +control 'Passenger configuration' do + title 'should match desired lines' + + # main configuration + describe file('/etc/nginx/nginx.conf') do + its('content') { should include "load_module #{passenger_mod}" } + end + + describe file(passenger_config_file) do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0644' } + its('content') { should include "passenger_root #{passenger_root};" } + its('content') { should include 'passenger_ruby /usr/bin/ruby;' } + end + + describe file(should_not_exist_file) do + it { should_not exist } + end + + # sites configuration + [server_available, server_enabled].each do |dir| + describe file "#{dir}/default" do + it { should_not exist } + end + + describe file "#{dir}/mysite" do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0644' } + its('content') { should include 'passenger_enabled on;' } + end + end +end diff --git a/test/integration/passenger/controls/install.rb b/test/integration/passenger/controls/install.rb new file mode 100644 index 00000000..bbba8cb7 --- /dev/null +++ b/test/integration/passenger/controls/install.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +control 'Nginx package' do + title 'should be installed' + + describe package('nginx') do + it { should be_installed } + end +end + +control 'Passenger packages' do + title 'should be installed' + + # Override by OS Family + passenger_mod_pkg = case platform[:family] + when 'redhat', 'centos', 'fedora' + 'nginx-mod-http-passenger' + when 'debian', 'ubuntu' + 'libnginx-mod-http-passenger' + end + + describe package('passenger') do + it { should be_installed } + end + describe package(passenger_mod_pkg) do + it { should be_installed } + end +end diff --git a/test/integration/passenger/controls/repository.rb b/test/integration/passenger/controls/repository.rb new file mode 100644 index 00000000..4b92764a --- /dev/null +++ b/test/integration/passenger/controls/repository.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +case platform.family +when 'redhat' + repo_file = '/etc/yum.repos.d/passenger.repo' + repo_url = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch' +when 'debian' + codename = system.platform[:codename] + repo_keyring = '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg' + repo_file = "/etc/apt/sources.list.d/phusionpassenger-official-#{codename}.list" + # rubocop:disable Layout/LineLength + repo_url = "deb [signed-by=#{repo_keyring}] https://oss-binaries.phusionpassenger.com/apt/passenger #{codename} main" + # rubocop:enable Layout/LineLength +end + +control 'Phusion-passenger repository keyring' do + title 'should be installed' + + only_if('Requirement for Debian family') do + os.debian? + end + + describe file(repo_keyring) do + it { should exist } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0644' } + end +end + +control 'Phusion-passenger repository' do + impact 1 + title 'should be configured' + describe file(repo_file) do + its('content') { should include repo_url } + end +end diff --git a/test/integration/passenger/controls/service.rb b/test/integration/passenger/controls/service.rb new file mode 100644 index 00000000..b4af8002 --- /dev/null +++ b/test/integration/passenger/controls/service.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +control 'Nginx service' do + title 'should be running and enabled' + + describe service('nginx') do + it { should be_enabled } + it { should be_running } + end +end + +control 'Passenger module' do + title 'should be running and enabled' + + describe 'Passenger engine' do + it 'passenger-config should say configuration "looks good"' do + expect(command( + '/usr/bin/passenger-config validate-install --auto' + ).stdout).to match(/looks good/) + end + + it 'passenger-memory-stats should return Passenger stats' do + expect(command('/usr/sbin/passenger-memory-stats').stdout).to match( + %r{nginx: master process /usr/sbin/nginx.*Passenger watchdog.*Passenger core.*}m + ) + end + end +end diff --git a/test/integration/passenger/inspec.yml b/test/integration/passenger/inspec.yml new file mode 100644 index 00000000..19741ce2 --- /dev/null +++ b/test/integration/passenger/inspec.yml @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: passenger +title: nginx formula +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: Verify that the nginx formula is setup and configured correctly +depends: + - name: share + path: test/integration/share +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: openbsd + - platform-name: amazon + - platform-name: oracle + - platform-name: arch + - platform-name: gentoo + - platform-name: almalinux + - platform-name: rocky + - platform: windows diff --git a/test/integration/share/README.md b/test/integration/share/README.md new file mode 100644 index 00000000..5c5785b9 --- /dev/null +++ b/test/integration/share/README.md @@ -0,0 +1,22 @@ +# InSpec Profile: `share` + +This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +Its goal is to share the libraries between all profiles. + +## Libraries + +### `system` + +The `system` library provides easy access to system dependent information: + +- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective + - `system.platform[:family]` provide a family name for Arch and Gentoo + - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows` + - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows: + - `Arch` is always `base-latest` + - `Amazon Linux` release `2018` is resolved as `1` + - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`) + - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format + - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version + - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example) diff --git a/test/integration/share/inspec.yml b/test/integration/share/inspec.yml new file mode 100644 index 00000000..ee200809 --- /dev/null +++ b/test/integration/share/inspec.yml @@ -0,0 +1,24 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: share +title: InSpec shared resources +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: shared resources +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: openbsd + - platform-name: amazon + - platform-name: oracle + - platform-name: arch + - platform-name: gentoo + - platform-name: almalinux + - platform-name: rocky + - platform: windows diff --git a/test/integration/share/libraries/system.rb b/test/integration/share/libraries/system.rb new file mode 100644 index 00000000..64fe7ea7 --- /dev/null +++ b/test/integration/share/libraries/system.rb @@ -0,0 +1,134 @@ +# frozen_string_literal: true + +# system.rb -- InSpec resources for system values +# Author: Daniel Dehennin +# Copyright (C) 2020 Daniel Dehennin + +# rubocop:disable Metrics/ClassLength +class SystemResource < Inspec.resource(1) + name 'system' + + attr_reader :platform + + def initialize + super + @platform = build_platform + end + + private + + def build_platform + { + family: build_platform_family, + name: build_platform_name, + release: build_platform_release, + finger: build_platform_finger, + codename: build_platform_codename + } + end + + def build_platform_family + case inspec.platform[:name] + when 'arch', 'gentoo' + inspec.platform[:name] + else + inspec.platform[:family] + end + end + + def build_platform_name + case inspec.platform[:name] + when 'amazon', 'oracle', 'rocky' + "#{inspec.platform[:name]}linux" + when /^windows_/ + inspec.platform[:family] + else + inspec.platform[:name] + end + end + + # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity + def build_platform_release + case inspec.platform[:name] + when 'amazon' + # `2018` relase is named `1` in `kitchen.yml` + inspec.platform[:release].gsub(/2018.*/, '1') + when 'arch' + 'base-latest' + when 'gentoo' + "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}" + when 'opensuse' + # rubocop:disable Style/NumericLiterals,Layout/LineLength + inspec.platform[:release].to_i > 20210101 ? 'tumbleweed' : inspec.platform[:release] + # rubocop:enable Style/NumericLiterals,Layout/LineLength + when 'windows_8.1_pro' + '8.1' + when 'windows_server_2022_datacenter' + '2022-server' + when 'windows_server_2019_datacenter' + '2019-server' + when 'windows_server_2016_datacenter' + '2016-server' + else + inspec.platform[:release] + end + end + # rubocop:enable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity + + def derive_gentoo_init_system + inspec.command('systemctl').exist? ? 'sysd' : 'sysv' + end + + def build_platform_finger + "#{build_platform_name}-#{build_finger_release}" + end + + def build_finger_release + case inspec.platform[:name] + when 'ubuntu' + build_platform_release.split('.').slice(0, 2).join('.') + else + build_platform_release.split('.')[0] + end + end + + # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity + def build_platform_codename + case build_platform_finger + when 'ubuntu-20.04' + 'focal' + when 'ubuntu-18.04' + 'bionic' + when 'debian-11' + 'bullseye' + when 'debian-10' + 'buster' + when 'debian-9' + 'stretch' + when 'almalinux-8' + "AlmaLinux #{build_platform_release} (Arctic Sphynx)" + when 'amazonlinux-2' + 'Amazon Linux 2' + when 'arch-base-latest' + 'Arch Linux' + when 'centos-7' + 'CentOS Linux 7 (Core)' + when 'centos-8' + 'CentOS Stream 8' + when 'opensuse-tumbleweed' + 'openSUSE Tumbleweed' + when 'opensuse-15' + "openSUSE Leap #{build_platform_release}" + when 'oraclelinux-8', 'oraclelinux-7' + "Oracle Linux Server #{build_platform_release}" + when 'gentoo-2-sysd', 'gentoo-2-sysv' + 'Gentoo/Linux' + when 'rockylinux-8' + "Rocky Linux #{build_platform_release} (Green Obsidian)" + else + '' + end + end + # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity +end +# rubocop:enable Metrics/ClassLength diff --git a/test/salt/default/pillar/nginx.sls b/test/salt/default/pillar/nginx.sls index ef6ccfa1..84afe981 100644 --- a/test/salt/default/pillar/nginx.sls +++ b/test/salt/default/pillar/nginx.sls @@ -37,6 +37,19 @@ nginx: - location ~ .htm: - try_files: '$uri $uri/ =404' - include: 'snippets/letsencrypt.conf' + mysite_with_require: + enabled: true + config: + - server: + - server_name: with-deps + - listen: + - '80' + - index: 'index.html index.htm' + - location ~ .htm: + - try_files: '$uri $uri/ =404' + requires: + file: created_to_test_dependencies + dh_param: 'mydhparam2.pem': keysize: 2048 diff --git a/test/salt/default/states/test_dep/create_dependency_file.sls b/test/salt/default/states/test_dep/create_dependency_file.sls new file mode 100644 index 00000000..e2429275 --- /dev/null +++ b/test/salt/default/states/test_dep/create_dependency_file.sls @@ -0,0 +1,6 @@ +## this state creates a file that is used to test vhosts dependencies +# (see https://github.com/saltstack-formulas/nginx-formula/pull/278) + +created_to_test_dependencies: + file.managed: + - name: /tmp/created_to_test_dependencies diff --git a/test/salt/passenger/pillar/nginx.sls b/test/salt/passenger/pillar/nginx.sls new file mode 100644 index 00000000..c8d90d48 --- /dev/null +++ b/test/salt/passenger/pillar/nginx.sls @@ -0,0 +1,60 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# Simple pillar setup +# - remove 'default' site +# - create 'mysite' site + +{%- if grains.os_family in ('RedHat',) %} + {%- set passenger_pkg = 'nginx-mod-http-passenger' %} + {%- set passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so' %} +{%- else %} + {%- set passenger_pkg = 'libnginx-mod-http-passenger' %} + {%- set passenger_mod = '/usr/lib/nginx/modules/ngx_http_passenger_module.so' %} +{%- endif %} + +nginx: + check_config_before_apply: true + + install_from_phusionpassenger: true + lookup: + passenger_package: {{ passenger_pkg }} + + server: + config: + # This is required to get the passenger module loaded + # In Debian it can be done with this + # include: 'modules-enabled/*.conf' + load_module: {{ passenger_mod }} + + worker_processes: 4 + http: + ### module ngx_http_log_module example + log_format: |- + main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"' + include: + - /etc/nginx/mime.types + - /etc/nginx/conf.d/*.conf + - /etc/nginx/sites-enabled/* + + servers: + managed: + default: + deleted: true + enabled: false + config: {} + + mysite: + enabled: true + config: + - server: + - passenger_enabled: 'on' + + - server_name: localhost + - listen: + - '80 default_server' + - index: 'index.html index.htm' + - location ~ .htm: + - try_files: '$uri $uri/ =404' From 43b1163bdd415d56204a29a71e280ed00fbed542 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Thu, 1 Sep 2022 11:16:55 +0200 Subject: [PATCH 7/7] temp workaround for saltstack / saltformula bugs --- nginx/pkg.sls | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/nginx/pkg.sls b/nginx/pkg.sls index b2742f6b..c3a79841 100644 --- a/nginx/pkg.sls +++ b/nginx/pkg.sls @@ -69,28 +69,6 @@ nginx_official_repo: - watch_in: - pkg: nginx_install - {%- if grains.os not in ('Debian',) %} - ## applies to Ubuntu and derivatives only #} -nginx_ppa_repo: - pkgrepo: - {%- if from_ppa %} - - managed - {%- else %} - - absent - {%- endif %} - {% if grains.os == 'Ubuntu' %} - - ppa: nginx/{{ nginx.ppa_version }} - {% else %} - - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains.oscodename }} main - - keyid: C300EE8C - - keyserver: keyserver.ubuntu.com - {% endif %} - - require_in: - - pkg: nginx_install - - watch_in: - - pkg: nginx_install - {%- endif %} - {%- if from_phusionpassenger %} nginx_phusionpassenger_repo_keyring: file.managed: