From 6e2d037c2ca48e4de99c0c14a3d32097d32e181f Mon Sep 17 00:00:00 2001 From: hadestructhor <60148800+hadestructhor@users.noreply.github.com> Date: Mon, 6 Jan 2025 19:42:13 +0100 Subject: [PATCH] feat: Distroless Dockerfile --- .woodpecker/.workflow.yml | 10 +--- Dockerfile | 6 +- README.md | 76 +++++++++++++++++++++++++ assets/react-nginx-distroless-size.png | Bin 0 -> 29082 bytes 4 files changed, 81 insertions(+), 11 deletions(-) create mode 100644 assets/react-nginx-distroless-size.png diff --git a/.woodpecker/.workflow.yml b/.woodpecker/.workflow.yml index 978a940..2b055d9 100644 --- a/.woodpecker/.workflow.yml +++ b/.woodpecker/.workflow.yml @@ -1,16 +1,10 @@ when: - event: [ tag, manual, push, pull_request ] - branch: main steps: - - name: npm install - image: node:18 - commands: - - npm install - name: docker build and publish when: - event: [tag, manual, push, pull_request] - branch: main image: docker environment: DOCKER_USERNAME: @@ -21,5 +15,5 @@ steps: - /var/run/docker.sock:/var/run/docker.sock commands: - docker login forgejo.transprot.eu -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - - docker build -t 'forgejo.transprot.eu/public/react-bun-rspack:latest' . - - docker push forgejo.transprot.eu/public/react-bun-rspack:latest \ No newline at end of file + - docker build --no-cache -t 'forgejo.transprot.eu/public/react-nginx-distroless:latest' . + - docker push forgejo.transprot.eu/public/react-nginx-distroless:latest \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index fb3d1aa..e86a478 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ COPY . . RUN bun i && bun run build # Production stage to run the application -FROM nginx:stable-alpine AS production +FROM cgr.dev/chainguard/nginx AS production COPY --from=build /app/dist /usr/share/nginx/html -EXPOSE 80 -CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file +EXPOSE 8080 +ENTRYPOINT ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/README.md b/README.md index 9ad2a91..4dfb550 100644 --- a/README.md +++ b/README.md @@ -251,6 +251,44 @@ We even have a slight improvement in the final size, a whopping 1.2 MB less than But again, this optimization is mainly to speed up the package installation time and build time of the react application, which in turns speeds up the docker build. +### Sixth optimization: Probably the last one, using distroless images + +The very sixth (and probably the last optimization I can think of): distroless images. + +[Distroless](https://github.com/GoogleContainerTools/distroless) images are more secure by diminishing the attack surface for potential vulnerabilities and lighter, containing only the necessary dependencies to run your application. This means no shells, no package managers or any other program usually found in a Linux distro. + +There's many people trying to make distroless images of popular tools, and you can find some starters and even build some yourselves by looking at the necessary dependencies of the images you use. + +I have been using [Chainguard](https://www.chainguard.dev/) which has a great [image repository](https://images.chainguard.dev/) where you can find many popular images in distroless. + +This is what the Dockerfile now looks like: +```Dockerfile +# Build stage of the application +FROM oven/bun AS build +WORKDIR /app +COPY . . +RUN bun i && bun run build + +# Production stage to run the application +FROM cgr.dev/chainguard/nginx AS production +COPY --from=build /app/dist /usr/share/nginx/html +EXPOSE 8080 +ENTRYPOINT ["nginx", "-g", "daemon off;"] +``` + +You can build the image running the following command: +```shell +docker build -t 'react-nginx-distroless' . +``` + +And here's the image size now: +![Distroless size](./assets/react-nginx-distroless-size.png) + +This is the biggest optimization in image size to date! A 1 998,2 MB less than the original image, which is a crazy small image, 63,83 times smaller than the original!!! It's a ridiculous 98,43% reduction in size! And our application is much more secure !!!!! + +I personally love distroless images. I've seen people say that you can debug them less, and not having basic tools like a shell is contraining, but I personally think it's not needed. +You can simply build both a distroless and alpine image of your same code, then when there's a need to debug, scitch the container image for the alpine version. Or even better, use distroless images in production environments and alpines in development environments. + # Français @@ -503,3 +541,41 @@ Voici une image de la taille de nos images docker jusqu'à présent: On a même une taille plus réduite de l'image avec une amélioration drastique de l'image final qui pèse maintenant 1.2 MB de moins que l'image précédente, avec une différence de 1 955,7 MB par rapport à la première image, ce qui est 27.32 fois plus petit et une réduction de 96,33% de la taille !!!!! Mais pour réitérer, le but de ces optimisations est d'installer les dépendances et de construire l'application React plus rapidement, ce qui réduit le temps de construction de l'image docker par conséquence. + +### Sixième optimisation: Probablement la dernière, utilisation des images distroless + +La sixième (et probablement la dernière optimization à laquelle que je peux penser): les images distroless. + +Les images [distroless](https://github.com/GoogleContainerTools/distroless) sont plus sécurisé en diminuant la surface d'attaque de vos applications car elles ne contiennent que le strict minimum de dépendances pour éxecuter votre application. Ce qui veut généralement dire pas d'invite de commande, de package managers et d'autres programmes généralement disponible dans les distros Linux. + +Beaucoup de gens s'essayent à construire des images distroless d'outils bien connus, et vous pouvez vous-même en construire en regardant le strict nécessaire pour faire tourner vos images applicatives. + +J'ai commencé à utiliser [Chainguard](https://www.chainguard.dev/) qui a une grande selection d'image dans leur [repository](https://images.chainguard.dev/) où vous pourrez trouver des images populaires en distroless. + +Voici le Dockerfile à présent: +```Dockerfile +# Build stage of the application +FROM oven/bun AS build +WORKDIR /app +COPY . . +RUN bun i && bun run build + +# Production stage to run the application +FROM cgr.dev/chainguard/nginx AS production +COPY --from=build /app/dist /usr/share/nginx/html +EXPOSE 8080 +ENTRYPOINT ["nginx", "-g", "daemon off;"] +``` + +Vous pouvez construire l'image avec la commande suivante : +```shell +docker build -t 'react-nginx-distroless' . +``` + +Et voici la taille des images juste ici : +![Distroless size](./assets/react-nginx-distroless-size.png) + +C'est la plus grosse optimisation de taille jusqu'à présent ! Une différence de 1 998,2 MB de moins que l'image original, c'est 63,83 fois plus petit!!! C'est une réduction folle de 98,43% ! Et le meilleur dans tout ça? L'application est beaucoup plus sécurisé !!!!! + +Personnellement j'adore les images distroless. J'ai vu certaines personnes dire qu'elles sont moins débuggable en n'ayant aucun outil basique comme un bash mais je pense que ce n'est pas nécessaire. +Vous pouvez tout simplement construire une image alpine et distroless de votre application, puis remplacer votre image distroless par l'alpine pour débugger en cas de bug. Ou encore mieux et ce que je fais personnelelement, utiliser une image alpine en environnement de développement et distroless en production. \ No newline at end of file diff --git a/assets/react-nginx-distroless-size.png b/assets/react-nginx-distroless-size.png new file mode 100644 index 0000000000000000000000000000000000000000..139865c7489fb0676a0dfc02e6e6a3d03d2e2573 GIT binary patch literal 29082 zcmbrl2UJsE+vY8zAW9KYK{}#2WTyx^&4!Q0+8l9s+rOoTo1oKwfPxE$S(7Bd$V-&fD|+4IC^hBF-AZU zt%Pbc9qkNlTQ)TW2()I^`z%&MJ{nDNPwa$d8y<$htgA!j4Xp#(d;C{YpPps42|R00 zSa?bekCE5rJg|jh1Et;9E94Oc9Ixq84@PW9`RM`criL_0vhWvjZX=rLZb-7X*LAwc z6zvX7aWaUYuyiwMAe4ghkRVk3d15Gp7ylP4i) z2DO>p1H2)tW0v55lWo@KAC5VSm&2sR#vMelJ(#sLsCs^)KL#wrx8kD*{P7D7{_p*@ z836nXxn_+x4m7^q>qw6Ns6u;Z)&Sycd{Ws&AlE^;Wra%oNpCgSmaaWQ!;B`1t9xh+ zG;CUmGtWEtFlH{xJ{!YKgZkU*I^z?3w(!CNEs!3B^kBfbQTP1wxo_RBK9Cs$8$P5r z^{v~GEy|Gg+q+Q<8d_6Fgns^Dh5_b|3X;vC=Ac>2pX%(75^amP9JNO$Ht)8S<3Z=l zwQy`!8}-0~6F#1Irs*{f`+25CX7R@t*Z+FWtkbuuW#wYom_>{*tZK7dUY4 zw<#;W9_|byNFlHLvn06>PelHqGct~D^FBw6CFSqJ^1G1KeEx^gvj6k1BUiV&|e=2rh}+~<-2P60e2IGcwt`)zthQc5v-x2OEP zncD-fI~<*b`CM_rG&0u=`;LbU5VB6|w+wR1{7zjx7EYn|=e{y%Fq!Eam~!VvRv$8` zxC6mDtcF|acQe?$8+C*Z$lopAboMs$uW^HCF13DGiPhklpJ~uH-75!=B7doej}frP zK!b9peT?HV(=HTZ0u+w_#KfZWXb71xom_M zpwm4!4tsX+nQu;yxzK;~oj1;dZa9EBG*3T*=8diGw~EYQ`(bGJQ#^WuyXNurgxqL} z1nv!grGizq#$uc>BG9z0BLS!c+q*HA?tGg*S@U>Mzsh3yZtZFy%~*vfrua?mSHo5x zPra@#?jmpJ$NPBNpDBGt(59&HvCR{?{9`A=D-T9_1*SNrg~(_Shx6~8uq1GeXYPi} z4Nu4So@<7| zK}LIayArRRL`R%P($|rgU zVV-l-VSB-=Rg1{tx$_gKlm`7ruUYdI+@@tcj9Te@{e2{#+vATbul*6kiLqL&7AgUo z=;Ev?>4Q4H-Iq2i_4UZ!a6=UZoeS_lfGn7&{2xzWo65^XGZcku7ZpcwBxC=SwMxqZ zS@8GuScUIDLcF&P)!|m<_D}beel9NEn0kCe4mMNt`Hj@F;TW=N2e(+}dR(++&*R zE5KA%uN4Eh!$~C|wK_yile->yc`eYN4U|LmM49ySAgh?eR81W9_8dNzS_T!m|LUYO zyw)Oh!zcx5n&3QB>=AenCNTM)renRQ%<;U2Qt~%^t&$q@8A%U-^Kt;uZ&K}N_~h+L z1#s73Yz!=7A~y7qOtO|A&S(_(x#d~T>-Wo+b{tKb#+qIAxyKjZRK1PxSqrwtn5&;i zdf_2SrLU?@7mW3f^-3I1dH30rX{j_x-593Ytf7ZVru&qUAqlJcl4I=5Jrk6%PB zS--${)Bp;wF2C=lrq&9rPTaf=%EsJ6(E%9Z((4T(oigSN3%%}Aj(iNI@mn)}B$w#e zaXXct93J~_z-|RMVyaoYUv(99R>)b0C`1UeD7hy@NhJ$jS6G!ENJ72=nBdR% zd%&w(9zGAkppFIe!Z(GUw70KMMGLUy6k4aQ;ijSy#}5|&?xu7RHChp@yUAjr(i!seAB8;XEgL&fRh}hr%|0LGO;e+A0v zhB#mqqGK$X^~j8m)>qW#Tu(oY`QYACoB*bDg~MZLK2DWd4A}V8(8|4qrRnumSiyje z;|L+lP>E94k$6S-(D%bS{AYedEr_^YkSbrcupi0w&VxFbKZuU4kzq~AjcS&1ZYxx8 zu0P28A*5w;a=LuvW&=Ap{9@s?c%3aIXMcuSqUFj6W<`0LDpI!~?OtNZqbrF7_h~le z=^icCZBq&rne513O-fbsxiLF>>WQdFf>af20|kD|8+1|jI`8@_s7Fi-rpX*>fEs3&8*%h+9G8)Un9yKY3NWG zwN)}_sU9vaAR!~+m!l1@P-zDi2uz=Z!Ks*%PLjKr?($v(pL#cct3Ukd&v<|SX1PE^ zzfr-Sr=&A|`oZ(Ff}e~guI5x$@yDe{GXw8|VaHFk3WP9UNCrkd&k7u2+bFr{ltJqI z`ndjDP{SZpmAp84#;?v_;{Dcnn!GDCN8ilfBKdgQtOu zzRK`XU&Zh}?wbv*Sk$>H*udzIm1I&OT(0v? z){AX8*A60ErpCB^z}tLxrxzSI=SfMv>TnVY#QCGuN`|U{4!yS%;w*cuThY^;ZgXW` z4fB|-Q2GtM%b7o3tz2bJH)4C8w*h%&WJ)+;gYM3|W|!S|IGw#LII}0KPbbTU?xN?V zD|nI;ei#ZlZ(*_D(f{1y4sMW~xItoc)_=Re%-j2Cf=<7*_4uDS()aAI5d%f7XQMi8 z=0~(C(>B}hwwpY7OFz5ELP4u<03GY(%F9v!#u9-d{l=9>G6Pz08Z#6 zaD!a=Q;Lm*$oMNp6MX0oO*@s0{t$xqsW>iYU>7W}%+{jdIx;8dJ^Uncr}R}b|2~Ak z0QectgYM};LPwfvMo+v&8y)mF=x^%Nu7FbZuKrl(G~e5i`Jfv8ZTdY!RP#bxLpeS& zrqPBapM%HGFsc~aJk8c$<((OLXv79>VSZ3_QFo-*{Rw^u6i$;`M)Jst#^)msALKR( zp(*((cl_?N>rM~+M*`{J{+uZmzh{>D@jTdzlPN2J{TlSc*Jp2^l$qA+QTFnZkq%=; z<~*~o`u_aa0{#S`p3e_=eYt%_vG;DaX9+EgRle2yPhizS*j2?|YLyPv2k+-MGF};h zX>^HRgE7%xxJKM#0Q)npVXymF|FIxQIxpUT;YQr&RL;BDdM)7QJ>h?C4(k1%Z&Hp_ z{g-PY^7h&FzdO1XOUwD|>Aw!!D=_JS`YAM!_J4bB|8M_pSc{iuldleSQ;k9G z?ufb^Xl{WoLuK{d?78cb(t;khm(zynBQ*ZNaU+!p_~LwkX5&4axvup5)f^$P@Td{^ z)nTyX#u(;#I@;sEH~}w1X+YV#I_cP)q|d;%jam`(ESuSWULOu9vTTZj47)WKX%P6% zUaG?x+zas@XKc3#)#VIX7eaZ?bw4oE0GgDcKAK1aEZboM7&?NT3%!g!Ic(~rV8v&f z%;PXt15W6L1@E8DbfH-I`gFA+QgQnT-E?)g7``CSt=D#_W;iOSh#|$hr(+KiVSY37 zK_I4KEuax@vHcFnII{%b%N;xkdiD!agobmxKD(9+7dW}`2yD7?pCD?-#=+u!8yERh z8g&@8v=rAj@6FR4*{b>L;|^lp@FN*P1ByAtnc9!Y%n(cU(3DUtit9eoEjBYPze{k; ze|hS zIlRz@qY)>A`o-Yx|Ry!n7c2ur@@b;NJ(J++zIUpF?c!IAg#h83iK1qpvW*s8{ z+4*|%$$^^X$yP>})F7<0E%FXtKxx|7hZeND*oY0`hHG+@9M z&UKqwEa7O_u2(1sJ9(xvZ{6%?=rs#-1EZ=kh%+cW$`{UGyu&+LZ3*`(aG#$X z@W$rp6Po)~B&4PfB#pN@N!bJ8W5%smxU-KJjNDuJKD4Hy>}++C&{w#>@Jdki8u{i+ zhOX6j^VwlO`)%Ht547RJb9Am>v-Hfy7h=dQCTmGNC5L~ za6fHsa;u8hi1JFf(YW`mY+Z9L#Ky#cyOMHX5@mm4pXE3S#T{MXiygq+VWU@}NNRy| z0!FD9kUCDV=vTS9Nb{9a4SjPq$q$$gVFB+R0mn1kX*bA(+5sNen|707n#U z$5aVKn6tG{*&CPmn`p=#KX4L~@OBAi9ZrUT^DnR+=V~DD(nT0kxyx1XG3CY0>*Vg4 zv2>CCj3P-des3Ntr9O=Q^+qULB(g!!xAMT?o)zcCSl6w!dO--~XH!%?Q`M4~R!K^# zq>P|9i`VN#LEJc9w-74!q#>C%$s+v)f_h4%vJWak2dVJlba*{8eF`~DHPZdFj;+?! z9g$xLYrrJvh_dJL&KkK9HcZgDq!j!f7(x7&8JuDzC&LjqLe+R<}-SXe}W(hP;;%8t5H_S1SIxkbq#5_KMO_KnG z*R~IWa+~r61*7tYcXRKU6$$N4Rk_5g_!=du72(xcx81pG|f^W=~%-{Kaf z-+1bwe8kP521$!r*&T{n0Slq>qBU)A{D0Bce{GL>H9)j@IU#`Lg5%qIX0CW zN=azOWrmK`3&7i(>8P>wxWo9zetk!Ri3EWYD$8!O0;i^J`R%V-1*m24IP=+k2fVeq zz$Owl8oi;-fXm*}mxy`(Q1eWsoD$nJr~y7LOFP=+bQelq>H5+_grG5ssINwdSuy=z zppV%X1j2ZJ7@KL(OJ7gGPi#yVcl#Ozt8j!k&%du84HT~F-`O0`Vk0ZbPh0lT zxfM#yf-z~Wc8}#QW!EQ!ev^8t1;*&rdLf*4wXZ6oME5r~(Sj$1a>CCuW?{c*sUEE& zWY4>2rKG9P07Y+?lqQc#Ad26Z`x=g_YoMJAN?(IXRmsdJbv0(mJlu=2}A8S*73gjA8o@>s2IEmMh ze+gukFJT4q%=<2STgCibU_WWZudd9DZW!)9n9VKJZ!S_b^0838BOl1;C#StxieH@} z6r_neL(6juoVm`TWtd6PhOPmbp;>!@8fJ+>QD9!&wRk{k9#G3prVGRFlv83^{AB z{(P2vUHMXI6hrBz#z&bXugEtR*KBh^WGm&rK*F^0`U{KNWoSX-MJhtJ2g2eSh|7_T&?yg5@myliSXj_k_`#SgrqwG|Xhd_YI;bL3 z$BkFo<+|=TU1tPNmp8;&Z*;(v3I$Y7briczm)=ow1)|ihMsel4Lc#;i#e{f76Yn3O zMp#DC&$r+ECdVW!Li)lpGG2aMA zis=f9hK#@4xrtcqVk3bO>rXX{vUgAk2+h7?TB-f)-J;zE&seWSU=h15!bj04?r3_e zmYXLS)#u{y*jI3T^Gh`EWlkq%W$ozZqN1F*Tq7YuZ8Dv!Pdd+4-G&AgozLo>Snk)) zSvv0p7HZC|u?O{jr5Y)^kY6m$^MK=V7&N3(?>G2Q*)_RnR zGa~jC^@b7U51ts$NOs}-o8Y8|ciw4ex0{XQaN>!T7vuVCK!aq8nD|FT@7sl&MQAPF zr7Ie*~LvkMknTSyT z2bmqF`d^DZW#&bc*p8{@elH)}eQ0h`!>sK}Eb9lCz>qLIvOqqpX5b_$@LX?Fx9+8+ zw3w4-zU}l4tt5iy>8Ehf$7Ki0*THqm$gAUuecl!o*Yu39C|4?ifuiu~<0ai(rxLy6p`uGgpper1O#HzSnmE&=2U3=EF{X1-A8tfQZAw zkSZ##luk^fk5OveUs(MQP^Z`6o?u?y{TVb3=i7%5f3@<}6BH}7BcZl4m-2tqk8~u; zi~R;<>^WxiFibXBGfk0U+rRs*<|A8W8bd#bs-ORc?5H#R0C6^Q#c1FLJkC>{v6y%Y zy?**Y{l25i>sFJ9lWo9c{7PmEV{Gtsxplebeh;n>LNBb@{Cry27ll#Gt7FGI6(oYKN;3EXd9h=oNxTx zJ=V`hdg=uV@Ea04VR~$iJSTaEG%vBgEs*c57a0i4#fC^Hx!TCfKbb5Tf_p!9&BOPS z>-)BlsH?wcjynce)&QRQ>5nLbA@X~arV5XW@Yfek`}}WzH#xuI&b#jMf(MmRjgbJ{W)heH!IFLSe zz*H#@_1^0;r^@{tD`)ntvg4$3RVC)4g3A)*8Je87dEp){jW%@U@k%1&kU*m%oy zm7ES>M$Lg`PB1K3sSb9LoWtBBjg|BkA{v9RG{bDe zw^Au2k<1dE?}yQn8-f{=R>gjc^*C9(B*8X46BCgs8Jeq6*W}`O99~zNdaO?< z+s~CY`hZa{#c?OqvUXy_`vju2Xz~&zpp9B&5+51Em1}o@zs~T*zZ!e=vhQ%IhmK}$ zS1l2PDHb$@3XJ-DG;$KVyqephpu#Qk_JE^R7 z2Aws)LoMSx%4kToZInT}q@(H)F@4k}GmT=w*{RL=e5%Y}#iN}9 zjh5;;PVsHHw;~_@3lo`agEcJm_6o);8+IsjcO`&|%6@M@DF`^?-xgKK5MPqb0G(PE zLiqg7k9S`BlT!{YuHbhLbVe=pcc?Pj^bX*rq1tagLqJ$X9mby1=cH<{D>{(8fU>>N zFkqdk3YeV-FM#`$h3yl=vG?LGT%gVI5(CrblW=h%OZPL2ytULqUNhMgp?yZf;+Lf< z`-ZTNH5xXH`e;R^5LC!m9)!<-8Dm@!5-kfD|4u!u-_8(7He9Y!-u8w-Y!j}+2XJ0S z0>!t%N61+6o#VWnBa$WM`8ltNUzK~TXDqS@`KF;?h0plsGmccb!C^qV1rllO3JVKw z0ik1^J4y!ehZ}t}rp)t+2oz$mnRLQ82J9P7wsnJo75}ao*YyFR4>Pb{C`1rMGkoCf z895ih0sK{JjR6MuL?GM?ulmAgqC1E8TS)bODQ3X~b z_bzml?mN|ULw{P%s*vwX9&SP`v>vK&E-Y)pOnN z3Zy0wgjS|;JTW$&-YbE)3H*kaG;Sy3z&(#&k0TO)7;8SOoune`jN}O2HWTrdUgV~f zob!a>;gGDodmq1U)9Y^!Y{endOo9b9@z)JQOX-gnx#O`X&5oOF6YGg2a!dCD3ErN) z_aC3#7gS!EghU%$*jA-Jr9YcFuRZlJC#s#Jod?ynzxH;n=~-x0PuE7cOAmhZOq-YB zPY=0CMJ+>78L!OyvbEaa+?l#M>S09&v=P2iDv6fx*nMoeqPDzPPE;ua6aX2>gByV6 zuN5O?#&c6a6l{_AWVBi2{Zw(*_N#L*DFwXC9v$sbGzMZ2>%B~F$agIJ@lN>WBg7|* z-nxiBPxq>hp05&|i00qKmBq4k;oFO5ZGQA`u%?mL^tU2R6l!Pg7n{Lb8@TpyMP8im zK`a19)Eg*YD{9}sDsHiRy>;rxwq!B-v7TGATEO@rP@^|%Q3b^BNN1W2%j&u|g^~ZQ zf9ZGtJ4dys@?g>&Vnz*G#LIc%2je?^?_Y3xC9))}+=cB7c1OeGA!N&&zU;_ySNC|( zal9qJt!|k{fFP>2V0F{%*bBF7430klJbm(WzKpbW)9T79vE}cKbQZzg;00cA8atM* zyv=Nr3}01V(ds3Sdb;X#RP8-5F051%As;HVDx*r6ay}b0cGCT2{LSPMzr*qFLb9ul zy>Ybg&B9r*?GmfG!l2*cRKg;8WdB(4JoM-rF=D1FbNnpxxbya|wzbKDN&M#C)zxwh zfC(C0fUdvMj)cMEQK3_@-FJv9rBFFhx5SzShEPu!gQuA!A<wPXTyG%;+mYq{ZCG7wNd6 z0>|?UP2&-U_0z?;44O4_IraHGts~&~Y~$KMy3ZJ4R-E^rI$i50GSosoF^|P(j7g*j zVpF035790;chv7XkbWgpNmg)Zo>32j8BG|Q*nd+{ZW)XWi3QMcX%Dmc97~$7$^gcx zxTECAS;VA+$#$sZmmOM1u7OVHXz1F6>462Fpc>Bn?9GdL5-L~(D)37^uu!gY#9dP= zKzrS^*l;!mL@K`TRmQqfbT`n zdu&dWYIklE-H9IFj(#P~zbjW%k>d0vt?eo1@6g*FhG!il^5goiFe>QFKUxsG0?mpm zj5QG=818B}9At#yXGW}{j3^8`qV}uhrPB#<5#Hcfgz7zV<^0y%Yh=4bg);gpzI=pA zfQls-Xkj78o~x_R=Boe{t+D~^66@wi1PqWeVC$f(>XPUNeUj$pE_?gvLV}%D(B}io z_^8v>8R^L~A$sYeAkv3F>4eK;*N z;dx-C%`4@1Jf*lBseX=#4Owrz6fvQ*Y*YvSlA{ zXpKiuUI$AM!>2Vu591@E&VxsT`rzy)82SP~!-ok{&3-w+KK9HB>{7iCZ=~{%Zo@Xw zAuyvXRy0aXIUF9l24MKaa5HFuHSBF(Z=`|ni;y7)$vDkrEy!_-lZo(#@HK`+%7F^n zT=eaCup#wi*@+cSKSi|YYPSH}&02gt(axp5ABo@PEl&xvvJ2KCiVlq?G>@T1^5ea- zB`Z!s;1Oc4dv+>O8X{q%l{bX&8;@1Vr&Y5#r=s$;fbCQok62tlKVL>{rOku%ir%^7 zbWX@K^a2EQ^k%nlxgh2K(GQGY~^y&w%&G(SfM zKxLC4dF>Ao;=!zKMYrGLOj)u@MlAlpewV5YLLGkUcjJ+lJeB)X2i(>SxPoXO5lyyP zTiouf2-*i+V|;|ojfvORR5_(TE+A^O;farYuuDc* zY49^FF3Rh7^nFNlPR5h};BiKl$+Z-JJl#Uxlgr@{W0&-PHJg=_Ih`56 z;sA2qCvAkcb--yP=j1ei)&g4?Vu@zE;RV?Lk`^19_~v%|`m24V(2U%~FiUK7`OA!E z^r*;n%3NcEjlW1Qlv4le0_h*555IM(K8rR*g%D4r8>~$7iqksl@^>9h+g~H|a?P@K zI~GqMj|Ax??;gi-NkH2nzmBf*iuNMYpt&T6Y7CUj@iYcsEDjJcFf2KWjc8NEgn_It z=SFa0I~NFVsmLA(Y6w03B#fjXt}iTkgofas3~Ajgq*Mz;$*v}=gZnN=%BkPNU_Jmi zj#RK>ZjrT^eORIyHsd;eKOK3m@2zR^k2~_dSJFD1KQ*m1cCW%UG9T4}V%i?FRU8VA zU;rhchn$i4>f1|4pKaGMmo57iI9$8RbrnMYQoi9$E<)Hz-lnqw{F`68S787?+lHm~=T)xQcEZXdzTfqZd(Jx5_QTcDYB4~y@<#Ge%*JNE+>SIjumI-$G zIQLy!{AT$_FJApRP?Y^bcD3{gwi2da5@&0H{XZc)eH_>iSNo>XFD%JNGFL=(3?D~+1;9CmWIXai*(L}l+jFHDYK9yfhg0(aKrdRWQIZyHbSkO^oGr`| zAr#vFZ2DGz_h)GW`BNVZDHn_I&0f9(3*Qo1y#kXna>a|as_fuu>Uy%4G)n1Ig{4kV&>K1Y-d{*G9oeWH(?zcJlvRPvcIz6QkZ?|Zbt zE6E=8RI_2?t83)#H~NiS>Y; z?=*Ea>no;U0c$CiHPp_R{(bydM~ijv00z)Osx(56;(J?%raB2+z&{1 zA4aCUEcL;T5M`QDxnETdtjL}ayk22G)8fx(!2h3SOEGn%=JX{|4J(_dgRp-S_}|0{ zhpo9n8ZgOn#jPHafgkEm5kXyrTQfF|vtKeH zxLxJHjiRW~`n_442CjMy)cU;`S?0dTwFEyiYomKT+mP9G6mn?LJRCo^7zivvM@SUg z#RHG>hKkA-yq8AEwkW@Aa2Z}Ddl?^R;}d`Kl%xYOUjc}3;qN@X!>EVmHa?5rJb>_@ zj6i{tVSy~B(w;j7Ub}xR`xFIf8rtHKam{-Goo{g#J@L_$haBGWqr1_71#h(T>M_yB zr#LZnB?VPf_k$NOOsykoyx7I)v^GVnVbD!#Pv+N6R-fmcr(+)D{V3(P27(S)=CHBa zL@MScE~7`X_(PHtLX$ul{fV~sn{Dhnm7KCe0AhaCp`0<#5=zuV#Ew=NiML6{n~l_T z8`u<$;OGqdS3D~9-))Vnw&uTl9g|+BOjX-_^cpU_xokAoXM-O#m=q}kxsYaPi)LmN zcnu1N=w>V6Y2~RYWg~@2ExJBg6-HY9{OI&%Y3ibd0r9uB>vFObX#8xdF^S@`Uk)L8 z-Rv3b2|2PhZg4gQ1#|ymv+Vw=A4K9I{#QruT`Pbt^eZ*Jt?L`Cqyd#I_8vJ7ExK1JHTw$y>?Ic9#35_HAmL z%G&RnN9$wUb~+O~6r^|Zflis^&D@_Bj#a;+#wvg|lX`SMjKwb>k0lEIrTUkeGp^1{ zV-uSVivs7FRVPkWu>n?ivPOh>>n@R})f#%tzB}BC9=c05tC|Q33bo8?Q~%0`Pwk{> zpidyEh*}(Q^ME@Nz($zr6A@og$@lXwfVRePk>C&d-s!P{Yy8GW(}0xIha);l42{Kj z3ZG2h&6nkxqh5cBo15|Xs*H1^qPVk*YkrMb3bL1+a^=yUg+sA(bVjm zfwZw`Z|5KmuUc5@AnkNC_je3z2zdW{Q4cal8=lR95FOI|IpaE`&c~_+cDtHqUbSFF z%$*STfkL@qlU{VW2AF*W>m`Tq46gxdS$cPR$8%}PsWI2Zi6Ok!C&kM#vB|N$K*}aj z3x%h|u*GO{Xxl;Afs$JFn*CqCpZ+)B=N+hCPP}rxXEcK3D#;47L4v0a!&L{9VKENm zH#5FTPAN*Ybi!}n=%?v*+hYp_I#K8VwsEE(=eRZU z6Ef_SRz?ct3RW#XOH<=XR85srP!}V z#~)R?^qFFoeON8q#XhYIMd4LB8tS9`!7c@&z5slE3S~S^ zd5OcU%rf}wc_QO0{J{LcnH911fO^zvKqc2L>0${RVj~*X8{8vpDY279Xnoyt`aGb; zwGsL0vrT766)oIkX_&27j9`i={}1HfY&$OW3=j5#dU2nu;JO&cRYWpcx4OpWGq4I* zg?z_vG~LRY=$@7$Rk!qUWo8t1v4evQHs81>r`GK;;l$n;++%>N zbgM+ha(ZBFeX?O#kka$?W1HcozO35XzS}DNrlu}F!N+`NY zkB+ik^aLb(#eyQg-pdJM^AZ-h`x89Y9PhjSL{wb@T}gf=Co$A9O?(LI0WHKZcK_Y2dm^C+*ECLd@c9pVs z-wUkoXx7*|+-ub~wZAA~`kTr?lZ);NR$toS{{IvMPxq0k9s3P`nQ}%Ur}Bu#c9(Yn zmC+U2ox9`;iB<9GCF&#AO7rg5k@mZcjR!0t(8%X+ikNZV)Pn&j!>&hhk+GAJ?VPK?0#<&$)dl}PeS2gn zB*bfXjS1A>_qTJPo~QSV-u+u@j@Fn9*G^CmgCfIcy(o4goK+#svr>Wsb{klLxuZ-7 zoGx@AI@J$GAex7OtwZOZ85vcFotl)&Je*VR{Re-W04><08)L*Y1hl7IW>~eK+kgzD z)NA!LN5xz#H0pf*N~t@s6%b2o1-!Xv1q8;D@xb&|_*$d*u#MVqhnoq6r$SS`3t30D z1}m8|PT_`i8Xlx#Z%0$qN34S{qtz!ptn_-5@D;~Yf!m46nI}7WOt_6#>8F#Mi_K)m~KS9?*R3vO%Vog=BB^Gjjv1x1d# zGU!R4&$qwwU|;9;v)A;W3Ehrv&$^D`4Go{YlH^`Zw2P6B+}C_Rb0rwyfN3=6S>Q^4 zpA&EZyvD_Jwy6&0eN9QntB1{IUOVp!*EBCJD23QSBREu9x%^FcnErCSaooI~xjThY z|EF_LhJY1v>a7X5*mp9s`y4+*gccP!ccOBRSpnU6OBK9q=~)$*#JW)L3kvYmkcpUfaK&z&%fU3i=Yi7nX0qZs69P1 zgqiNXgdNQa_?TK{f4T#3pOku&`lOq1YCqO!tizxCeXpBAnM1^^@@rl0c?jq}nFL>^;yzT#rR+ME65kir# z#gj4o>1*#{R6Uf{w;;CiR@6kIfx7q`E-zMfCb7W=s|$&EP3~bAVb{A~bKO9$`9J{% z?|U9U9!>-G<+qi;4T;hLR`B#H0V@{66RT~XS9$o7_>aqY*-Jl;k1~C8V_;}p>bkWo z|GrMXF7i9OlnAwSw(_7V{iYdJ*`B4sEl=fF?;Os6@`n?V6{#H(pGZ2|2f<5-RtJks z@||kg@1Bq<<#fw)xEDe|XM^iPJZPS|*Xop=-nkAv;?~5|?W#>I6v5q>xPKlBsOo1T z+4N0CVT5 z1PtGNMt?#nFn8K(y<|`hTtdu?=DnK4bt;|szQ}LGZ)l8_6K-ZGqBq7S5_=2t>l(w7Zb#JN92#mx;bbV_Q8VB2}{iHsQ(BEZb4!?EB>!%AC{^uMPgnAocRUcqxDZZOna>zu)KfeoNir_beBE#OpzLX zII#-nMMuyaj7V|%6Ak>D`Bu(r!=rwDG}r1gx|!={S3w2@+#mSa6%7%So#xDwSi!d>uQ(I`wmcPLci%=*S>|$OJDz204cvwMM-(~L$bflRP)T%weN?$?5S|Y9k*W~ zNU>3C{DwujA!W(8ovyi6y^=ikD1T$%1;6oA%TOC_zioQuW7^n>4aLXqml`eQj#wYc7 zkf=TW!s>@r9T-+}JB$xxs8xVbX~81SPv~t2G^Q5{DrNt)sKpm#KA<*!o`#fh-|`8< z8$R?lrkkqL51Uu=CEludXs^Jio+fS-K|eT>+6Z1S^B7!@kW*XD47jIePNPQj@_VJQ za#Xh~T+~K_zPb67nn$lx6c(M)wr>%p5^0&GtHcI6uM(3?2;{%($zgk?vRi zNe~5{8)WgwaFX>F>iB97T;)&&v?qX*@!7>&h7OsvzDvYbh&vPrpOh*7Q;nd8Nqc-f zDO>uB`uj?xGQ=Bf=)0MVTTgIE;`Hxv85_Yk#s2HV9Hn~;K^<_}n*&Ib6k>9$E zIBx%KOxLRX6*;!s;0-!Tu>4c1Z|NO>h&B9?5+SHB1DMu(#OAQxdvncdB+=p;Y(Wh` zj4eI*IUX%^~P-hhV%e7IzdZTs*sR3s?rtsVMJ{Nt$V5-?Ij3T|1^&Gt_lk3m z&)eH#S;#KAR@7gIf7zMGq#{fXK}+sq|JT!RAe`F$kJipS8tVV=`}I|dY=vxTNFged zHS1V1D6&V{x1`8U*0F1`WXl#3S<7Cw>|53m*<;8$WE*3dVP@|4=(}Clb*}q&?sM*c zlf!v`K0cr4>-Bs-o-@bvh~q%mLRIRg>U04E~9%5NZ!bPqQn9kk8STHtbrK+V7n| zrei6+$u#O!(P<_<(mRL;UYnGn-B9xTASn%qRY2^v3YleRAt<|O%b#{~tz}cR`wA~v ze^aA!X(#|1v2$sb0DF3i467`^R5HtNO4JuUgL}{sKH;Vyp#@dvbsinGlE0+5@IICz zi=I;WMwinUbmT-hWa3CR5d5CM1%K|{cmD|fyPfSg#hEj3SdbGM6;}4CMq50=i91r~ zh;Hx_rJd6(WNm0L$b+ZllL_ptnLiYs?4Ny9CEfnwGq;)rmIi%}DWgITP72BoY-*Ml zPi6IryEN* z9%8_k_M@@33-(*=$4dS}mpG$R-zM~ZH57@}PlL>3lXl)SCUsX-d`m;GC3j-4!oC>%pW`c(&zHP9`O5)f74_gn-#o)g5$U=Wh zf!_8HIO-Mug2g6g5?7gaeOaLFz=K6*=!>c9$Mow0=V8*s)tulTFfmZ5}W>&llm(s*^zCB2eToqN`XX zPj!EjgjEj|muz5^%d}PDLh1*q5YkIAnU->RUrJ%LRajymWdzy<&IP^uYj5+)2_cE3 zs#z9YVC!x(K4y)Xfo1W3a1Md4Dg8c{ck#u>7Vy!YKyCXLZ^hxJl#Lj~PRgiy={Ci# zSLZhm2*oRzPXtu0Z6cpL-Hi~(!z6?7HH`0FJgSq6xmzasA1VXCs5j9WM`09N%*3<=qDw4fX>Xke^W~ps}}3qr7T4vCDDa}z1Ee15 zS%!(+@JBxbSxn>PeM%xU^OVCxT8dMKFPhU8wO41gKdg#l4E^^`zXkUNW2&$Bi4;n6 ztB3#Dz3<&j!Ca%yh{t%)y5%tkAEl@>{bCR3dDF1@u`G{6egy}mn1yv`soRn_?TSUO zcJdc4z^!Qm+a?#xrJ&2NDh~DfAAjj}a-@daf$b9b-{&S(_w`)=GeW_@F4ya{S}gF{ z_slzPG zGr_~6IsEAN?Cj)2S)8_^r+*-F$sQld9f$2cOWx~mBHf9$-2}H~7P+s;C}vJ+&%s*H zjnX-5A^MU+71(2>(JZpq@yqP9k67?<=iB6zP29I2EGjksvd5q*iSTt%ODEiVEX9*8 zZtu^HTe)VVpeZQL>`uMLRg*IL_1!mg)jg<^x4K-Y&0bjbS484DSe!+3;2Zi1(un(} zi!(qUws)Fyu5GPAq^C;=?>@GST}Z=ruBgs!2vU;aLtzIBoo9VtMjoIic^)8BW+v4# zK(=5-KrEmjC`*=5#zso%YAq}tX~-U|;LBNZKtWj@pf1oJKM1qh-JZ2o8CZ<`a==*;2&)D|^P#*O*v4w-8kj8n$6mW|dz9J50!J1zl|KWbAp2R?v z^1*s_x#jqHf`8GXNTeBW$a91iKC~CqOxfJ8ccH>{DJ(X!+Pbd{>sno7%S96Qc84f+ z=}&92zx}<$&lZdf_xk*|+^@mS6A3Tvuy>2Sb7N~M6G_)3-3QYuf4ohpyiu)V%KFgU zwtmCDYvV)$gu<>Ty^9r%Yfm6vduCRK?`B{^q-XlSy|Q)1{GnF8ztqeGUJA(Q>02bd z8RT7p(UNrmB73Z6NRUxV_ z;i3y5|MYO5>mK1gbUjZL`dj?h{Y(6Zu&Fg_iM%xrc+-N4g9mc_CJ07oc2wz^3ptP??rardDfYd@_bW4yqW;yq{DkJY20{Pi*Tu#<4gRH`cbjZ8IKL0p$n!C@ zypFy?vA9s8(7~tvCL7jj&+)Jk8*3+j#Ke4krlkKX{o%I%BoVKo#tpE6SSu(i1s~h* z%+Jj9L&T%pB#zs%b~gwduA4UAFOYY_ePitKy7jC0mwRK!+A`eU8)wKl<<*CQ@bFz> zMUbbb8OuXx?AyYZsq_82;?=h@=mNg6b;021L&u?IIicH)Lw?*P{e?ANcL?A^S7a++ zlDpZwiBXbxZ!-98g^<(9SUe^0cC6gAKQvHVdN_woOG+g6Fa>0|eoe06q`Hy|$N=Hr zy?e@Y6wAKQu;ZfG_mKNIZQik}T#2-3wm`BQu*_A#QF^|MXlN7DTTBS2f-Hi6HP1r; z`TyLuxbBg!W!L41eT#uaQDyk~0sgV7-zWX+2b<&cNeHs?k>3kG=Um7raxhMa%pO>u zZ!l(z_qV{Hm>YnOz19SQ`#w~Sj1gT9y6yJVVlqX)##xN>_(RC;oQKeiP+mx*23rhLD5}7za$Y>6)8w8G`Je=e&kkNVO9MHqw;}T zYA}(3k`Z0f_@>ppV78$Tc3_MUXWjkILc~9>;Ne6A>34^pv+>W9Key3q`UpUp-*lGB=w&g(HQOLF<$v|jZ49SG*QBD9N~h$vZPAE_J7Tb{nCr^Q?zmQ zwOxW;bYT@5Ne3druA?EFs8E!AwqL8kqcY}(8VGyOO_eD%*nJ6xC8l}HP0l4#W? z{qC}z^5EBg^M3iHgZUrl#6<;IpRyjALzKl_96+a-9o&sp#ATd_xI!ZiQ>V}b*&(`9 za0xOwAP)LILWG!EM;~NI#CSvqOq_H}fV|#hsmO{qyx~lHxrV(G`q$Tu) zCSl0h0`I(t1IPAcb>VPXPVqG##)@xt)*mE0c^_0X%M~zUy~$xBL#1*(11JwXQqodN z;F*24qZYAxKw<=!N*nakU}#Q?oF=NKqP&|z5rma# zs8rJZN?ItpFMF$AHU>2vJ26e4^^Bf?zLv(z3iIa~*7t{|KjqFVaDI=dsrsoom3(>C z)Q?gxr7KJ^4-ri{@D0Y{7Sq=#C?vZ+nNJg}nZHacmHC;tkr1lLEd;-4Os)(uVo@JB z0k`2+XkQ=GFA{kk9CM2zfhz$D&y9iHDLWt3hNbkT>Kx{L-yCswR7DTaTtCy=yaSb$ zYu+JQu-2ROm$=fB`cBqvNTgw}l0kzusxH{cTc{FZt+_xmZ&wN%OVOVGr7=~Q!GZ8) zGu&KbAYt6x@{t^M1ks$It=|m6F5KMeH=-I2X+9=uPPt4SaV8i%(q?We0|;g6o(-!; zaLIhf`OD=ku|fkH2(FK-_*0%V7PH8BahvpQryV_U@+Iu%PTe-+ex*h{^eKd-x$1=9 z=kXW8Lgm5Lvwf0s54~r7d*OMK#-H;B&p-2q^$o{27EBjrdvB1MEvN35XXGYMXOtZ= zUAs;y72HOHi^66e-eG26Bh#t!e((gvr@*W>N|IM1EHy zcs|D$`!;t&&=HCtdUobXRs+Ncex8X)KxEKlLO_9vqXMGI5arHW91Xu9(o(lc5 zD^W>-M=_d@8sc!J*eyPNM4$7=R`vbLX}@*Ij9Le2@YX(hY7ng2fRUbKPhcOaSF&|q z!&&L)8gg6AZ2kA3(J+|}u>4PKfL30fOb_B#%4b!!^BmOlB)+~@ij9#w;UA5rH1|+N zN_>-yehc|srwTO;AId*F_2fx(XeZOo+YQ3PLhW{)$EtJzCcKw!_snpEYiPmc1Lfj8rLbF#3l8nji3s|11REa-5g}1?2H^#^`Z~-?L zC6-(_5=Yc$ZR4Vd@>&Ni*}x;JB|pPnDAu5rer)d7*FL#}Pm?f;CNMOdufrFBsU=Yl z!KeNOJ_JJ3!#5HhNyNT48(FKfq#b1?9MpVTFE|VtO@jcEK`!xM_HxHf#bApLP zDcSOEK#k+(I~>RrSzvjd*$+45_{tLYg74pb2zo?J@F(^rij+DG2~NPm_yduYCpi9D zT5LuRH!ht6YhOQf4N!+&7n7yD9AGd}98$Q{!5@7u9?7K6-5BJt<>8#kgJ+D$*6huZ zS`^a7fAKy2DF%5q^gao$fR#>i8{l(%eBn4ZV_svA(BN?*+8fvbDb$0x>U>r=?;h77 zQRg%8=;WQl{3(Y;TMyVQ44&`?a=YeEMg%t8X`SsJ=HJc!J2Viqb*8 z5dhfJ;y_QYqym1W`8})%6Z*!)wWs`zD{|TsC4?07;&^WD$?mh#vYY6zeNpk+p`GB< zb!aD`TP6ZWOvR>Z&qPs{-SdyS3uPTeho_mwUZ1VDdw!Mh`pb6CRM=YD`)2Bmkih3A6I4bFJPs_n3`efAKsn1fE3kN+2HpbSt0 znTq(~B9nMkv(J9&e14(J&u=4I7_wp42oG*|lLP2Tmp<_v@$X1@UzEhZ=z%Tt8gdBq zHP#g#C~`yh1Iu>#66WHf541ntFI7jiJmSj&^Lv({(`Sb=m{q`=7ui;ePw*)(ri3Jr z6vx9N$2U(jgun6nTu+Z>3LseHL?cdlU-=dJNPHC`y&zHdPGX@??H8-OX6w}TwpNzi z-lI&)8Sd~(YMQK}-VuA)Y+;?9@!{V&4lJ$kN*1&iM=JtO2@f4I<9b!bpY1URKY) zN0XxzE(@oSyx0aZT;M72!28#s=fJ8=wm3FMkVL}%A22Ir)-jP}IF#+07YN}CB@-7< zb%{l~7GT|Hs9_jAe2d8UhIpIw<2$yzB*b462*VsKo0{}Zhg5@=pvlLEi_SZtCH6fg zkXb_F_R4m10920DlM}h*$P+_ocN-ZTjWes)iAg}B}G32;xCUh-a&5VhS&Fi7mF|dcGs=mZeB99ehC4&o~+;bevEdT(%VL0+y zgJ@p+5!K^Ta)&O1?Zm6X|K>x)3!reN?4oW}PkJQBGsZ73wCiZH8^ewwX~^RSBNhB< z8T$S*hjo6AYlpFK@;L5WRD4*@?ep>e@$^O{AR$5=dB$gWul(ZVJZrEQj16~Ds+RMc z*7BoGtKIp&zs2#_oPiVO`6QN4qy-&HAXULipj>0)f0-}0ldev3)c{WdNqQl5bt`04 zn&-LxyJ>!HM>JC)d5sSMkZgM-%VTF;F1{~f?l+KJ`*L?Y(9W2SC%3~?PcNnu41gL~ zrW>qRZ=wU5J7nwZ{CZA`lGKJ~HA6kDR?bdlbuK(PYSG+LjnfoPTDFilzV+)8E%MiARH8CX^j{HM5r;#^6XO}rAq06;VB32?rEhEo ztZ1~!@f8(TP~eu2Slzq6`WP-2YEGcaLQ!H*D#cT9mRay|gLWa3G1yhR5Z?8A3#3{# ziF9wfPnh!g3>=itwm96^rm=q0d5n(44@p*8$c_!3)a9bcqFI~>Z8G0^)5@cUYXR?#g$6{6c|vd#quXsc0Jh)`0({}@d89MkB+ zkt6RV&UQ@_fE}BkS~T%`$KwYd`)?Y_Qmft%X=C6ztnHA42osH6dowqJQ#Lm zRp(7=NvGr3t)m)W5-qb%PNK?j8dY%*GF_MT{K2IA`h86h+x184@6ik_W2&gPI5?Tc+4OUk*#>q=!>T&_F61V)k@n^fNi z_T3<+;H!iOL^ z6_>X@c$VjuWil+A8PREXAv6MAG`#UtS+G~?4Yb;Wm3et(#Kl-(MlHL6IOrUeQj8`TZ>`p2HAy3btZ`{-f$1FFT5BH-3Y0l7?-ls&Zt z@KF_Pwa)pG0%d3Q znr>sC^``L+&Dy26EOO_m{++cPOJO zgmixOAarkCiB|obQ(W_Nz>Ld;*94J;2Yn%5q?xO*9pEGbv7YaREJS90Hq5Ej@4=m& zJFVAcm_#pNpT6554$$j``#XGp)$Lt4Jeg9cU!0K7vYxuAmK764%1ziAtjom}H~gH; zS0BTR75IhsE&tf+D7aI4D<~AHDdX0_r@y>XT(3vK(|=>rD>n5rp(4(%6c2UH->&c- zY~Oyq=(CM37I(a&3*xN>bP%cR`G8E7c?+WMK!tMG#;DefJ(x4^`G5uwsekbYOMpKx zHFRiJq);$+a`m~Q9&#$Ec{eq6eRy~Luc%RF2CCAta#`B^8N2tesvqJ{A0jNOLD0{0 z?MLQb7^m~vRC(oH25(FFS{E!c2pAdUE&vi2Kgk4lsQv+qP$ljtpxdI74k?^Ifxdh> z;!+EMZFR_S!U{cu9NjGa=E}E1#{<}9Y+}WwC&1fq{YCNt!JWU|3iI}dp4a!1<;2mm z1t3cGc-Iu~bAM_5(o2w zSI~3oe>ou$69YG=lrNhBg!vl;b8a@{zs~~)GQa16>;w`WA=D~L5>8s2ZqgiDDL2Ec zwL7EfkD)6C{W^E2t`j6?#!LMkXCG98BBy^aV9q8!dNKxVmM5hp>TS31{%DSQ$iqKf zi~K%ZcWeNVYEeJF+P+NDBE9fG5qAeaXCr0AARJ2F1FALWGm1cfC@&xSzROJ*ZmrL? zUHppr`i0O(M_lF+F=b;i1pmIbd0Upb@^>jwI}PlZ8k*2ba8wRe}Cv} z@RXGQ>1*ggxl-drbr02doFr?`PT0ZF_0>@7cgvceF|d(&n9*9UZo>g+V!}o-i-QPi z++I}r?X{rAG3wriIAy~w7h-O+|l(jN>pkZF(niY zsvzS=V!qb1xQ$2;Wj~guZra!}6{l5A0y(5fuAX$UmRg>38mh$FylNe(qio1X&*ddoGVLv}c)f`Z3veRKut$~zLH%9xN*d)Wpcp0H7P_D6j9>!6z z(6px*LUO8oc7~Q;rzq+A5pqyT2HAH%hv#S!K5&t|%{~Zs{e1aT>2{pS+P|uhY_Xb1 zy%p5>yJ4X&RC*MpaL=z3FWT;0!p`v^^Z-0CxNCnKc2BcuP3;KVYGUs4n`%?w-8Um@X2L8<&DHnvY~P4GK>$&Rh`5@bV6Zcs`oSiFxQJ1 zXd`{8gH;#$Hy*J;c^Eb1(c6!{82Ac;MeLV-lVbr(0IWAX)K+bN6k#F{tn74Vd82nO z;$@ivBAE7}bqkt&9ZL#WKBm2=B z&G+4&T!@47OvreP$)F{4Q7(;!JdeYMC&jTzDPX|fLFx4^Snx8$+`H>Z0CahDe{>oH zp=b|b3l1#l@pI3q7uU)#Z$wGY+ikZ93UaKoGPNJM6()GFC%G35te;= z^YIX#N%LoWf{DYP4b371iT?{$0n|5E$Oa9-N~iV-v`MJ&<{ zgKB(+(T|HoK&SK(N6KHgy}RMm9hMeSg|t78i$ijTg45h#^(aX3Lik>t1J*!68?tyH zD^|Y^FvfPu*I!wXv4Si&>+{KRx9B`H18E|FJ-|ZeI%>~vR48bpd(!n=_ZG)nJ#`D` z_ZeE{R9O&^ZPk?PLgbk1Sxol_SoPplfBkWQo-XR<3#8Tcfif;>|P2N`xc&Knm& z<$j`2(0~x5F<$9M@1fF zIoLPGl?PK^w^_Ld<)w{GVJX!79Abn`rT_ZouQDOKw`K3nwEWilO5Z;kA*Ej;UR>y^ z;ncnHt0nAKN{}*rniJII)oN(Dy4vW?dt0aD$v5-||6?-(FdRQAxp9d$>n3H6<*KL? zxR0Z6!%RRQlHOjb{l$wPi0P8P@#*68B=HDKkG1iZ+7}%{%PFOLGcYn%+?FJ|p>q_j zFGmHgV8~DuWR3N3VIA)^Tsx*a1`yrs!FpyEiH*LWTIcO0t$ljU^%;3d-!|Q(B#Q7y z-{m-JYjdt&*`53G%=(ziL{0S2k|0v+ui7AT{f5K6Pc8c@L&3jE0yfFNNdhH>r?U~a zXxSXwaV%%IKBo|5>W+}&k8ij{1IYMt&GhP{vqGu1`KlX(=4*rfT1R@_~8lh3#Oi0_a|T4U_BfJ4x`EMYA8IY>T2LNA#^dpS=)`zX|nu8rsPLo<>?^5 zeiZQN0>r~3(r(M|RQRDgdz$fBiRtziHZOq<1ihkS;`H2qxHZ~`@<8zca66*8`46%= zPY8K(wfMou4J(s{jM0lh-vk+9&Bz)FB}0P6Ee@qDg%-GXMJKox7kMH`Un*S5L8*F1 zN1acfPl@oUjX$dVAep-CV1idclbr1{Eq!whrL z%r~p5%DT++JT?1iZy9ZVql$a~t_C9ZAh9SUCi|P}|MT*nTnw~(g|xXn@@O7&>3+T4 zEWUNC4v#fRm3W;G8u9eQ={W~n-u7#GC6VGq9b$xK{CEC@hRF+jSZ(bA~lQ9bs)m+NV7vO&)SnIy~D&K)iz@iG|9~)ltkX|S0hup z54ZjAV($=Z$S*phaod196xiUhM_}VZ7_0P*7B9L^cUCB6eKL}f9Js_GZzuW^BP&+G z{6R;-V*!7X2#JGf!iaBQGqYEBk;uY*alI)xqhQ3gVQw-~2|qgTIXUhrn1JHnRw~0@ zLiqp^;N(Qqsu9n813;$ZMmQgrDd_K;F!EBPA~L6 z&1o#;c!xSf0=%S+4tMBSb9_A7I^t`=5pqL5XDuL7KtulTntH{f zFu767p!weVudaOtYmNU;P5uAjSN`V|ZswC9`@3bf+nhRI!RIL+QB%Hivq;fA=>GsF CH4^*) literal 0 HcmV?d00001