From 47eee1f0ddcf8811559d51eea1c1bb48335e3e88 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Tue, 25 Apr 2023 15:44:14 +0100 Subject: [PATCH 01/46] Update release notes --- .../00-release/files/release_notes.txt | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/export-noobs/00-release/files/release_notes.txt b/export-noobs/00-release/files/release_notes.txt index c694828..7ec34fd 100644 --- a/export-noobs/00-release/files/release_notes.txt +++ b/export-noobs/00-release/files/release_notes.txt @@ -1,4 +1,37 @@ UNRELEASED: + * 64-bit Mathematica added to rp-prefapps + * Bug fix - occasional segfault in CPU temperature plugin + * Bug fix - X server crash when changing screen orientation + * Bug fix - X server DPMS not working + * Mathematica updated to 13.2.1 + * Matlab updated to 23.1.0 + * Chromium updated to 113.0.5672.59 + * Raspberry Pi Imager updated to 1.7.4 + * RealVNC server updated to 7.0.1.49073 + * RealVNC viewer updated to 7.0.1.48981 + * Updated VLC HW acceleration patch + * libcamera + - Add generalised statistics handling. + - Fix overflow that would cause incorrect calculations in the AGC algorithm. + - Improve IMX296 sensor tuning. + * libcamera-apps + - Improve handling of audio resampling and encoding using libav + - Improve performance of QT preview window rendering + - Add support for 16-bit Bayer in the DNG writer + - Fix for encoder lockup when framerate is set to 0 + - Improved thumbnail rendering + * picamera2 + - MJPEG server example that uses the hardware MJPEG encoder. + - Example showing preview from two cameras in a single Qt app. + - H264 encoder accepts frame time interval for SPS headers. + - H264 encoder should advertise correct profile/level. + - H264 encoder supports constant quality parameter. + - Exif DateTime and DateTimeOriginal tags are now added. + - Various bug fixes (check Picamera2 release notes for more details). + * Some translations added + * Raspberry Pi firmware 055e044d5359ded1aacc5a17a8e35365373d0b8b + * Linux kernel 6.1.21 +2023-02-21: * glamor now disabled on all platforms other than Raspberry Pi 4 with legacy video driver * msdri3 video driver support added * KiCad added to Recommended Software From 01d24ef22778337ed04cf9d6444b1be57b6a1e1a Mon Sep 17 00:00:00 2001 From: Stefan Becker Date: Tue, 9 May 2023 16:24:49 +0300 Subject: [PATCH 02/46] Skip binfmt_misc register when unnecessary (#693) This improves commit 6dc45a80e764eacd6e311c32164b623bbe7f8e08 Check if interpreter is already registered before running the register step. This avoids unnecessary "sudo" execution which may require user interaction for the password. Improves on #685 --- build-docker.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/build-docker.sh b/build-docker.sh index 7d0b5ad..4fdd89c 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -132,13 +132,15 @@ if [[ "${binfmt_misc_required}" == "1" ]]; then fi echo "binfmt_misc mounted" fi - # Register qemu-arm for binfmt_misc (binfmt_misc won't care duplicate entries unless they have common names) - reg="echo ':qemu-arm-rpi:M::"\ + if ! grep -q "^interpreter ${qemu_arm}" /proc/sys/fs/binfmt_misc/qemu-arm* ; then + # Register qemu-arm for binfmt_misc + reg="echo ':qemu-arm-rpi:M::"\ "\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:"\ "\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:"\ -"$qemu_arm:F' > /proc/sys/fs/binfmt_misc/register" - echo "Registering qemu-arm for binfmt_misc..." - sudo bash -c "$reg" 2>/dev/null || true +"${qemu_arm}:F' > /proc/sys/fs/binfmt_misc/register" + echo "Registering qemu-arm for binfmt_misc..." + sudo bash -c "${reg}" 2>/dev/null || true + fi fi trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${DOCKER_CMDLINE_NAME}' SIGINT SIGTERM From a67d7ee8b94775bf27fc183fcccddcf2a346c5ed Mon Sep 17 00:00:00 2001 From: Aaron Dewes Date: Fri, 9 Jun 2023 06:44:52 +0000 Subject: [PATCH 03/46] Update Citadel --- README.md | 2 +- config | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f0773b0..550a9fb 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ The `config` file has system defaults which are used when building the image and - `GITHUB_USERNAME` - To automatically login to your node without typing a password. -- `CITADEL_REPO` - A custom git repo used to download Citadek. `CITADEL_VERSION` is ignored if this is set, but it is required to also set `CITADEL_BRANCH`. +- `CITADEL_REPO` - A custom git repo used to download Citadel. `CITADEL_VERSION` is ignored if this is set, but it is required to also set `CITADEL_BRANCH`. - `CITADEL_BRANCH` - The git branch or commit SHA in the custom repo that should be checked out. diff --git a/config b/config index aa83363..99520b3 100644 --- a/config +++ b/config @@ -4,5 +4,5 @@ TIMEZONE_DEFAULT="Etc/UTC" FIRST_USER_NAME=citadel FIRST_USER_PASS=freedom ENABLE_SSH=1 -CITADEL_REPO=https://github.com/runcitadel/core -CITADEL_BRANCH=stable +CITADEL_VERSION=v0.2.3 + From 65c6fb788ea2e2e571567d286efbaf13a97dcfef Mon Sep 17 00:00:00 2001 From: Aaron Dewes Date: Fri, 9 Jun 2023 06:46:35 +0000 Subject: [PATCH 04/46] Remove unused modules --- stage1/00-boot-files/files/config.txt | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/stage1/00-boot-files/files/config.txt b/stage1/00-boot-files/files/config.txt index 83d0739..ec5b03c 100644 --- a/stage1/00-boot-files/files/config.txt +++ b/stage1/00-boot-files/files/config.txt @@ -49,25 +49,9 @@ # Additional overlays and parameters are documented /boot/overlays/README -# Enable audio (loads snd_bcm2835) -dtparam=audio=on - -# Automatically load overlays for detected cameras -camera_auto_detect=1 - -# Automatically load overlays for detected DSI displays -display_auto_detect=1 - -# Enable DRM VC4 V3D driver -dtoverlay=vc4-kms-v3d -max_framebuffers=2 - # Run in 64-bit mode arm_64bit=1 -# Disable compensation for displays with overscan -disable_overscan=1 - [cm4] # Enable host mode on the 2711 built-in XHCI USB controller. # This line should be removed if the legacy DWC2 controller is required @@ -84,3 +68,5 @@ dtparam=i2c_vc=on arm_boost=1 [all] +# Mostly disable GPU +gpu_mem=16 From 1a08695e5b8d3e168ea103959552324b4339fd38 Mon Sep 17 00:00:00 2001 From: Aaron Dewes Date: Fri, 9 Jun 2023 09:09:37 +0200 Subject: [PATCH 05/46] Update config --- config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config b/config index 99520b3..bb3cc73 100644 --- a/config +++ b/config @@ -4,5 +4,5 @@ TIMEZONE_DEFAULT="Etc/UTC" FIRST_USER_NAME=citadel FIRST_USER_PASS=freedom ENABLE_SSH=1 -CITADEL_VERSION=v0.2.3 +CITADEL_VERSION=0.2.3 From 446f3e34c8ceb33dfe7bd38578f1cd6b6afe19da Mon Sep 17 00:00:00 2001 From: bamartin125 Date: Thu, 17 Aug 2023 10:24:47 -0500 Subject: [PATCH 06/46] Adds call to mknod if loop dev does not exist after call to `losetup -f` (#483) --- export-image/prerun.sh | 2 +- export-noobs/prerun.sh | 2 +- scripts/common | 8 ++++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/export-image/prerun.sh b/export-image/prerun.sh index 2d8e1bb..267bbe0 100755 --- a/export-image/prerun.sh +++ b/export-image/prerun.sh @@ -35,7 +35,7 @@ if [ "${NO_PRERUN_QCOW2}" = "0" ]; then echo "Creating loop device..." cnt=0 - until LOOP_DEV="$(losetup --show --find --partscan "$IMG_FILE")"; do + until ensure_next_loopdev && LOOP_DEV="$(losetup --show --find --partscan "$IMG_FILE")"; do if [ $cnt -lt 5 ]; then cnt=$((cnt + 1)) echo "Error in losetup. Retrying..." diff --git a/export-noobs/prerun.sh b/export-noobs/prerun.sh index 3858c66..6282836 100755 --- a/export-noobs/prerun.sh +++ b/export-noobs/prerun.sh @@ -11,7 +11,7 @@ rm -rf "${NOOBS_DIR}" echo "Creating loop device..." cnt=0 -until LOOP_DEV="$(losetup --show --find --partscan "$IMG_FILE")"; do +until ensure_next_loopdev && LOOP_DEV="$(losetup --show --find --partscan "$IMG_FILE")"; do if [ $cnt -lt 5 ]; then cnt=$((cnt + 1)) echo "Error in losetup. Retrying..." diff --git a/scripts/common b/scripts/common index 5731b72..c94b0f0 100644 --- a/scripts/common +++ b/scripts/common @@ -102,3 +102,11 @@ update_issue() { echo -e "Raspberry Pi reference ${IMG_DATE}\nGenerated using ${PI_GEN}, ${PI_GEN_REPO}, ${GIT_HASH}, ${1}" > "${ROOTFS_DIR}/etc/rpi-issue" } export -f update_issue + +ensure_next_loopdev() { + local loopdev + loopdev="$(losetup -f)" + loopmaj="$(echo "$loopdev" | sed -E 's/.*[^0-9]*?([0-9]+)$/\1/')" + [[ -b "$loopdev" ]] || mknod "$loopdev" b 7 "$loopmaj" +} +export -f ensure_next_loopdev From 8b4f7cfa447e5123c3d15aa0329b8322721d09ae Mon Sep 17 00:00:00 2001 From: Aaron Dewes Date: Sat, 16 Sep 2023 10:05:48 +0200 Subject: [PATCH 07/46] Citadel LTS --- config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config b/config index bb3cc73..44fa158 100644 --- a/config +++ b/config @@ -4,5 +4,5 @@ TIMEZONE_DEFAULT="Etc/UTC" FIRST_USER_NAME=citadel FIRST_USER_PASS=freedom ENABLE_SSH=1 -CITADEL_VERSION=0.2.3 - +CITADEL_REPO=https://gitlab.com/nirvati/citadel/lts/core.git +CITADEL_BRANCH=stable From ed68013abbe46c0f665a157a9bdfd06603811101 Mon Sep 17 00:00:00 2001 From: Reuben Miller Date: Mon, 25 Sep 2023 15:59:25 +0200 Subject: [PATCH 08/46] fix: support bash v3 by removing array usage (#705) --- build-docker.sh | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/build-docker.sh b/build-docker.sh index 4fdd89c..3445a40 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -1,6 +1,8 @@ -#!/bin/bash -eu +#!/usr/bin/env bash +# Note: Avoid usage of arrays as MacOS users have an older version of bash (v3.x) which does not supports arrays +set -eu -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +DIR="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd)" BUILD_OPTS="$*" @@ -93,18 +95,12 @@ ${DOCKER} build --build-arg BASE_IMAGE=${BASE_IMAGE} -t pi-gen "${DIR}" if [ "${CONTAINER_EXISTS}" != "" ]; then DOCKER_CMDLINE_NAME="${CONTAINER_NAME}_cont" - DOCKER_CMDLINE_PRE=( \ - --rm \ - ) - DOCKER_CMDLINE_POST=( \ - --volumes-from="${CONTAINER_NAME}" \ - ) + DOCKER_CMDLINE_PRE="--rm" + DOCKER_CMDLINE_POST="--volumes-from=\"${CONTAINER_NAME}\"" else DOCKER_CMDLINE_NAME="${CONTAINER_NAME}" - DOCKER_CMDLINE_PRE=( \ - ) - DOCKER_CMDLINE_POST=( \ - ) + DOCKER_CMDLINE_PRE="" + DOCKER_CMDLINE_POST="" fi # Check if binfmt_misc is required @@ -145,7 +141,7 @@ fi trap 'echo "got CTRL+C... please wait 5s" && ${DOCKER} stop -t 5 ${DOCKER_CMDLINE_NAME}' SIGINT SIGTERM time ${DOCKER} run \ - "${DOCKER_CMDLINE_PRE[@]}" \ + $DOCKER_CMDLINE_PRE \ --name "${DOCKER_CMDLINE_NAME}" \ --privileged \ --cap-add=ALL \ @@ -154,7 +150,7 @@ time ${DOCKER} run \ ${PIGEN_DOCKER_OPTS} \ --volume "${CONFIG_FILE}":/config:ro \ -e "GIT_HASH=${GIT_HASH}" \ - "${DOCKER_CMDLINE_POST[@]}" \ + $DOCKER_CMDLINE_POST \ pi-gen \ bash -e -o pipefail -c " dpkg-reconfigure qemu-user-static && From 6aca615037355f3f0e51f984d196989167424e50 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 12:50:34 +0100 Subject: [PATCH 09/46] Switch to Bookworm --- build.sh | 2 +- stage0/prerun.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index 986f81c..ca0fb57 100755 --- a/build.sh +++ b/build.sh @@ -226,7 +226,7 @@ export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi} export FIRST_USER_NAME=${FIRST_USER_NAME:-pi} export FIRST_USER_PASS export DISABLE_FIRST_BOOT_USER_RENAME=${DISABLE_FIRST_BOOT_USER_RENAME:-0} -export RELEASE=${RELEASE:-bullseye} # Don't forget to update stage0/prerun.sh +export RELEASE=${RELEASE:-bookworm} # Don't forget to update stage0/prerun.sh export WPA_ESSID export WPA_PASSWORD export WPA_COUNTRY diff --git a/stage0/prerun.sh b/stage0/prerun.sh index 024d369..c8e51a4 100755 --- a/stage0/prerun.sh +++ b/stage0/prerun.sh @@ -1,6 +1,6 @@ #!/bin/bash -e -if [ "$RELEASE" != "bullseye" ]; then +if [ "$RELEASE" != "bookworm" ]; then echo "WARNING: RELEASE does not match the intended option for this branch." echo " Please check the relevant README.md section." fi From 9d9d0637909a506c82cb76cea90a94a958b1732c Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 12:59:39 +0100 Subject: [PATCH 10/46] Remove/replace obsolete packages --- stage2/01-sys-tweaks/00-packages | 6 +++--- stage3/00-install-packages/00-packages-nr | 2 +- stage4/00-install-packages/00-packages | 3 --- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/stage2/01-sys-tweaks/00-packages b/stage2/01-sys-tweaks/00-packages index 6138c6d..86bdd9d 100644 --- a/stage2/01-sys-tweaks/00-packages +++ b/stage2/01-sys-tweaks/00-packages @@ -1,4 +1,4 @@ -ssh less fbset sudo psmisc strace ed ncdu crda +ssh less fbset sudo psmisc strace ed ncdu console-setup keyboard-configuration debconf-utils parted build-essential manpages-dev bash-completion gdb pkg-config python-is-python3 @@ -7,7 +7,7 @@ python3-gpiozero avahi-daemon lua5.1 luajit -hardlink ca-certificates curl +ca-certificates curl fake-hwclock nfs-common usbutils libraspberrypi-dev libraspberrypi-doc libfreetype6-dev dosfstools @@ -29,7 +29,7 @@ ethtool ntfs-3g pciutils rpi-eeprom -raspinfo +raspi-utils udisks2 unzip zip p7zip-full file diff --git a/stage3/00-install-packages/00-packages-nr b/stage3/00-install-packages/00-packages-nr index 75fa2a1..9113198 100644 --- a/stage3/00-install-packages/00-packages-nr +++ b/stage3/00-install-packages/00-packages-nr @@ -3,5 +3,5 @@ mousepad lxde lxtask menu-xdg zenity xdg-utils gvfs-backends gvfs-fuse -lightdm gnome-themes-standard-data gnome-icon-theme +lightdm gnome-themes-extra-data gnome-icon-theme gnome-keyring diff --git a/stage4/00-install-packages/00-packages b/stage4/00-install-packages/00-packages index 7854596..bfb3f0d 100644 --- a/stage4/00-install-packages/00-packages +++ b/stage4/00-install-packages/00-packages @@ -2,12 +2,10 @@ python3-pygame python3-tk thonny python3-pgzero python3-serial -python3-picamera debian-reference-en dillo raspberrypi-net-mods raspberrypi-ui-mods python3-pip python3-numpy -pypy alacarte rc-gui sense-hat tree libgl1-mesa-dri libgles1 libgles2-mesa xcompmgr @@ -24,4 +22,3 @@ rp-prefapps ffmpeg vlc rpi-imager -rpi-wayland From a524fe44ce88b54869cb6f83dffb403f45543a9e Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 13:01:04 +0100 Subject: [PATCH 11/46] stage3: replace qpdfview with evince --- stage3/00-install-packages/00-packages | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stage3/00-install-packages/00-packages b/stage3/00-install-packages/00-packages index d8a272f..a9e44e8 100644 --- a/stage3/00-install-packages/00-packages +++ b/stage3/00-install-packages/00-packages @@ -1,5 +1,5 @@ gstreamer1.0-x gstreamer1.0-omx gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-alsa gstreamer1.0-libav -qpdfview gtk2-engines alsa-utils +evince gtk2-engines alsa-utils desktop-base git policykit-1 From 43c49d84d28bfafb05386ff53557d61dbbb48743 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 13:01:54 +0100 Subject: [PATCH 12/46] stage3: install eom --- stage3/00-install-packages/00-packages-nr | 1 + 1 file changed, 1 insertion(+) diff --git a/stage3/00-install-packages/00-packages-nr b/stage3/00-install-packages/00-packages-nr index 9113198..66f3004 100644 --- a/stage3/00-install-packages/00-packages-nr +++ b/stage3/00-install-packages/00-packages-nr @@ -1,5 +1,6 @@ xserver-xorg-video-fbdev xserver-xorg xinit xserver-xorg-video-fbturbo mousepad +eom lxde lxtask menu-xdg zenity xdg-utils gvfs-backends gvfs-fuse From 9fc1385eb7c666b0105e7eb9e6acc86a853a88df Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 13:02:50 +0100 Subject: [PATCH 13/46] stage3: install Firefox --- stage3/00-install-packages/00-packages | 1 + 1 file changed, 1 insertion(+) diff --git a/stage3/00-install-packages/00-packages b/stage3/00-install-packages/00-packages index a9e44e8..2d206cd 100644 --- a/stage3/00-install-packages/00-packages +++ b/stage3/00-install-packages/00-packages @@ -6,6 +6,7 @@ policykit-1 gvfs rfkill chromium-browser rpi-chromium-mods libwidevinecdm0 +firefox rpi-firefox-mods gldriver-test fonts-droid-fallback fonts-liberation2 From 8dd23cbc1d01b2a89f560c98f5e5b8ef2e71fbf3 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 13:34:21 +0100 Subject: [PATCH 14/46] Remove dhcpcd and associated options --- README.md | 4 ++-- build.sh | 2 -- stage2/02-net-tweaks/00-packages | 1 - stage2/02-net-tweaks/01-run.sh | 20 -------------------- stage3/01-tweaks/00-run.sh | 5 ----- 5 files changed, 2 insertions(+), 30 deletions(-) delete mode 100755 stage3/01-tweaks/00-run.sh diff --git a/README.md b/README.md index d7beb1f..ea276ab 100644 --- a/README.md +++ b/README.md @@ -195,9 +195,9 @@ The following environment variables are supported: stays activated. `FIRST_USER_PASS` must be set for this to work. Please be aware of the implied security risk of defining a default username and password for your devices. - * `WPA_ESSID`, `WPA_PASSWORD` and `WPA_COUNTRY` (Default: unset) + * `WPA_COUNTRY` (Default: unset) - If these are set, they are use to configure `wpa_supplicant.conf`, so that the Raspberry Pi can automatically connect to a wireless network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wireless network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters. `WPA_COUNTRY` is a 2-letter ISO/IEC 3166 country Code, i.e. `GB` + Sets the default WLAN regulatory domain and unblocks WLAN interfaces. This should be a 2-letter ISO/IEC 3166 country Code, i.e. `GB` * `ENABLE_SSH` (Default: `0`) diff --git a/build.sh b/build.sh index ca0fb57..22b605d 100755 --- a/build.sh +++ b/build.sh @@ -227,8 +227,6 @@ export FIRST_USER_NAME=${FIRST_USER_NAME:-pi} export FIRST_USER_PASS export DISABLE_FIRST_BOOT_USER_RENAME=${DISABLE_FIRST_BOOT_USER_RENAME:-0} export RELEASE=${RELEASE:-bookworm} # Don't forget to update stage0/prerun.sh -export WPA_ESSID -export WPA_PASSWORD export WPA_COUNTRY export ENABLE_SSH="${ENABLE_SSH:-0}" export PUBKEY_ONLY_SSH="${PUBKEY_ONLY_SSH:-0}" diff --git a/stage2/02-net-tweaks/00-packages b/stage2/02-net-tweaks/00-packages index f0125f6..d446837 100644 --- a/stage2/02-net-tweaks/00-packages +++ b/stage2/02-net-tweaks/00-packages @@ -1,5 +1,4 @@ wpasupplicant wireless-tools firmware-atheros firmware-brcm80211 firmware-libertas firmware-misc-nonfree firmware-realtek raspberrypi-net-mods -dhcpcd5 network-manager net-tools diff --git a/stage2/02-net-tweaks/01-run.sh b/stage2/02-net-tweaks/01-run.sh index 3b06c05..d49bdeb 100755 --- a/stage2/02-net-tweaks/01-run.sh +++ b/stage2/02-net-tweaks/01-run.sh @@ -3,32 +3,12 @@ install -v -d "${ROOTFS_DIR}/etc/wpa_supplicant" install -v -m 600 files/wpa_supplicant.conf "${ROOTFS_DIR}/etc/wpa_supplicant/" -on_chroot << EOF - SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_boot_wait 0 - SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_netconf 1 -EOF - if [ -v WPA_COUNTRY ]; then on_chroot <<- EOF SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_wifi_country "${WPA_COUNTRY}" EOF fi -if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then -on_chroot <> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" << EOL - -network={ - ssid="${WPA_ESSID}" - key_mgmt=NONE -} -EOL -fi - # Disable wifi on 5GHz models if WPA_COUNTRY is not set mkdir -p "${ROOTFS_DIR}/var/lib/systemd/rfkill/" if [ -n "$WPA_COUNTRY" ]; then diff --git a/stage3/01-tweaks/00-run.sh b/stage3/01-tweaks/00-run.sh deleted file mode 100755 index 79b749e..0000000 --- a/stage3/01-tweaks/00-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF - SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_boot_wait 1 -EOF From 4a4a66ed3661a241558beda050b1bf4d6ce49128 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 13:40:09 +0100 Subject: [PATCH 15/46] export-image: auto-remove and purge packages on dist-upgrade --- export-image/02-set-sources/01-run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/export-image/02-set-sources/01-run.sh b/export-image/02-set-sources/01-run.sh index 5f51209..6d50496 100755 --- a/export-image/02-set-sources/01-run.sh +++ b/export-image/02-set-sources/01-run.sh @@ -4,6 +4,6 @@ rm -f "${ROOTFS_DIR}/etc/apt/apt.conf.d/51cache" find "${ROOTFS_DIR}/var/lib/apt/lists/" -type f -delete on_chroot << EOF apt-get update -apt-get -y dist-upgrade +apt-get -y dist-upgrade --auto-remove --purge apt-get clean EOF From 88ac5235d62135806157183c466fdea202ce38f8 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 13:42:31 +0100 Subject: [PATCH 16/46] Enable Wayland by default --- stage4/06-enable-wayland/00-run.sh | 5 +++++ 1 file changed, 5 insertions(+) create mode 100755 stage4/06-enable-wayland/00-run.sh diff --git a/stage4/06-enable-wayland/00-run.sh b/stage4/06-enable-wayland/00-run.sh new file mode 100755 index 0000000..bd8bbc3 --- /dev/null +++ b/stage4/06-enable-wayland/00-run.sh @@ -0,0 +1,5 @@ +#!/bin/bash -e + +on_chroot << EOF + SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_wayland W2 +EOF From c856800c72c8a58e17d7ee20295605d479b00dff Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 14:08:13 +0100 Subject: [PATCH 17/46] Switch to new kernel and firmware packages --- export-image/04-set-partuuid/00-run.sh | 3 +- export-image/05-finalise/01-run.sh | 5 +- export-image/prerun.sh | 12 ++-- stage0/00-configure-apt/00-run.sh | 1 + stage0/02-firmware/01-packages | 8 ++- stage0/02-firmware/02-run.sh | 3 + stage1/00-boot-files/00-run.sh | 17 ++++- stage1/00-boot-files/files/config.txt | 62 +++++-------------- stage1/01-sys-tweaks/files/fstab | 2 +- .../00-patches/07-resize-init.diff | 4 +- 10 files changed, 53 insertions(+), 64 deletions(-) create mode 100755 stage0/02-firmware/02-run.sh diff --git a/export-image/04-set-partuuid/00-run.sh b/export-image/04-set-partuuid/00-run.sh index 16e1b15..2694295 100755 --- a/export-image/04-set-partuuid/00-run.sh +++ b/export-image/04-set-partuuid/00-run.sh @@ -12,7 +12,6 @@ if [ "${NO_PRERUN_QCOW2}" = "0" ]; then sed -i "s/BOOTDEV/PARTUUID=${BOOT_PARTUUID}/" "${ROOTFS_DIR}/etc/fstab" sed -i "s/ROOTDEV/PARTUUID=${ROOT_PARTUUID}/" "${ROOTFS_DIR}/etc/fstab" - sed -i "s/ROOTDEV/PARTUUID=${ROOT_PARTUUID}/" "${ROOTFS_DIR}/boot/cmdline.txt" - + sed -i "s/ROOTDEV/PARTUUID=${ROOT_PARTUUID}/" "${ROOTFS_DIR}/boot/firmware/cmdline.txt" fi diff --git a/export-image/05-finalise/01-run.sh b/export-image/05-finalise/01-run.sh index c104366..eae7d6e 100755 --- a/export-image/05-finalise/01-run.sh +++ b/export-image/05-finalise/01-run.sh @@ -3,7 +3,10 @@ IMG_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" INFO_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.info" +sed -i 's/^update_initramfs=.*/update_initramfs=all/' "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf" + on_chroot << EOF +update-initramfs -u if [ -x /etc/init.d/fake-hwclock ]; then /etc/init.d/fake-hwclock stop fi @@ -53,7 +56,7 @@ rm -f "${ROOTFS_DIR}/root/.vnc/private.key" rm -f "${ROOTFS_DIR}/etc/vnc/updateid" update_issue "$(basename "${EXPORT_DIR}")" -install -m 644 "${ROOTFS_DIR}/etc/rpi-issue" "${ROOTFS_DIR}/boot/issue.txt" +install -m 644 "${ROOTFS_DIR}/etc/rpi-issue" "${ROOTFS_DIR}/boot/firmware/issue.txt" cp "$ROOTFS_DIR/etc/rpi-issue" "$INFO_FILE" diff --git a/export-image/prerun.sh b/export-image/prerun.sh index 267bbe0..a5f94e9 100755 --- a/export-image/prerun.sh +++ b/export-image/prerun.sh @@ -10,8 +10,8 @@ if [ "${NO_PRERUN_QCOW2}" = "0" ]; then rm -rf "${ROOTFS_DIR}" mkdir -p "${ROOTFS_DIR}" - BOOT_SIZE="$((256 * 1024 * 1024))" - ROOT_SIZE=$(du --apparent-size -s "${EXPORT_ROOTFS_DIR}" --exclude var/cache/apt/archives --exclude boot --block-size=1 | cut -f 1) + BOOT_SIZE="$((512 * 1024 * 1024))" + ROOT_SIZE=$(du --apparent-size -s "${EXPORT_ROOTFS_DIR}" --exclude var/cache/apt/archives --exclude boot/firmware --block-size=1 | cut -f 1) # All partition sizes and starts will be aligned to this size ALIGN="$((4 * 1024 * 1024))" @@ -59,9 +59,9 @@ if [ "${NO_PRERUN_QCOW2}" = "0" ]; then mkfs.ext4 -L rootfs -O "$ROOT_FEATURES" "$ROOT_DEV" > /dev/null mount -v "$ROOT_DEV" "${ROOTFS_DIR}" -t ext4 - mkdir -p "${ROOTFS_DIR}/boot" - mount -v "$BOOT_DEV" "${ROOTFS_DIR}/boot" -t vfat + mkdir -p "${ROOTFS_DIR}/boot/firmware" + mount -v "$BOOT_DEV" "${ROOTFS_DIR}/boot/firmware" -t vfat - rsync -aHAXx --exclude /var/cache/apt/archives --exclude /boot "${EXPORT_ROOTFS_DIR}/" "${ROOTFS_DIR}/" - rsync -rtx "${EXPORT_ROOTFS_DIR}/boot/" "${ROOTFS_DIR}/boot/" + rsync -aHAXx --exclude /var/cache/apt/archives --exclude /boot/firmware "${EXPORT_ROOTFS_DIR}/" "${ROOTFS_DIR}/" + rsync -rtx "${EXPORT_ROOTFS_DIR}/boot/firmware/" "${ROOTFS_DIR}/boot/firmware/" fi diff --git a/stage0/00-configure-apt/00-run.sh b/stage0/00-configure-apt/00-run.sh index 6494a03..fa4f59f 100755 --- a/stage0/00-configure-apt/00-run.sh +++ b/stage0/00-configure-apt/00-run.sh @@ -15,6 +15,7 @@ fi cat files/raspberrypi.gpg.key | gpg --dearmor > "${STAGE_WORK_DIR}/raspberrypi-archive-stable.gpg" install -m 644 "${STAGE_WORK_DIR}/raspberrypi-archive-stable.gpg" "${ROOTFS_DIR}/etc/apt/trusted.gpg.d/" on_chroot << EOF +dpkg --add-architecture arm64 apt-get update apt-get dist-upgrade -y EOF diff --git a/stage0/02-firmware/01-packages b/stage0/02-firmware/01-packages index b166aa8..150958a 100644 --- a/stage0/02-firmware/01-packages +++ b/stage0/02-firmware/01-packages @@ -1,2 +1,6 @@ -raspberrypi-bootloader -raspberrypi-kernel +initramfs-tools +raspi-firmware +linux-image-rpi-v6 +linux-image-rpi-v7 +linux-image-rpi-v7l +linux-image-rpi-v8 diff --git a/stage0/02-firmware/02-run.sh b/stage0/02-firmware/02-run.sh new file mode 100755 index 0000000..0b2bca9 --- /dev/null +++ b/stage0/02-firmware/02-run.sh @@ -0,0 +1,3 @@ +#!/bin/bash -e + +sed -i 's/^update_initramfs=.*/update_initramfs=no/' "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf" diff --git a/stage1/00-boot-files/00-run.sh b/stage1/00-boot-files/00-run.sh index bc61397..ddb0f5b 100755 --- a/stage1/00-boot-files/00-run.sh +++ b/stage1/00-boot-files/00-run.sh @@ -1,4 +1,17 @@ #!/bin/bash -e -install -m 644 files/cmdline.txt "${ROOTFS_DIR}/boot/" -install -m 644 files/config.txt "${ROOTFS_DIR}/boot/" +mkdir -p "${ROOTFS_DIR}/boot/firmware" + +if ! [ -L "${ROOTFS_DIR}/boot/overlays" ]; then + ln -s firmware/overlays "${ROOTFS_DIR}/boot/overlays" +fi + +install -m 644 files/cmdline.txt "${ROOTFS_DIR}/boot/firmware/" +if ! [ -L "${ROOTFS_DIR}/boot/cmdline.txt" ]; then + ln -s firmware/cmdline.txt "${ROOTFS_DIR}/boot/cmdline.txt" +fi + +install -m 644 files/config.txt "${ROOTFS_DIR}/boot/firmware/" +if ! [ -L "${ROOTFS_DIR}/boot/config.txt" ]; then + ln -s firmware/config.txt "${ROOTFS_DIR}/boot/config.txt" +fi diff --git a/stage1/00-boot-files/files/config.txt b/stage1/00-boot-files/files/config.txt index 6e072cb..621637a 100644 --- a/stage1/00-boot-files/files/config.txt +++ b/stage1/00-boot-files/files/config.txt @@ -1,70 +1,41 @@ # For more options and information see -# http://rpf.io/configtxt +# http://rptl.io/configtxt # Some settings may impact device functionality. See link above for details -# uncomment if you get no picture on HDMI for a default "safe" mode -#hdmi_safe=1 - -# uncomment the following to adjust overscan. Use positive numbers if console -# goes off screen, and negative if there is too much border -#overscan_left=16 -#overscan_right=16 -#overscan_top=16 -#overscan_bottom=16 - -# uncomment to force a console size. By default it will be display's size minus -# overscan. -#framebuffer_width=1280 -#framebuffer_height=720 - -# uncomment if hdmi display is not detected and composite is being output -#hdmi_force_hotplug=1 - -# uncomment to force a specific HDMI mode (this will force VGA) -#hdmi_group=1 -#hdmi_mode=1 - -# uncomment to force a HDMI mode rather than DVI. This can make audio work in -# DMT (computer monitor) modes -#hdmi_drive=2 - -# uncomment to increase signal to HDMI, if you have interference, blanking, or -# no display -#config_hdmi_boost=4 - -# uncomment for composite PAL -#sdtv_mode=2 - -#uncomment to overclock the arm. 700 MHz is the default. -#arm_freq=800 - # Uncomment some or all of these to enable the optional hardware interfaces #dtparam=i2c_arm=on #dtparam=i2s=on #dtparam=spi=on -# Uncomment this to enable infrared communication. -#dtoverlay=gpio-ir,gpio_pin=17 -#dtoverlay=gpio-ir-tx,gpio_pin=18 - -# Additional overlays and parameters are documented /boot/overlays/README - # Enable audio (loads snd_bcm2835) dtparam=audio=on +# Additional overlays and parameters are documented +# /boot/firmware/overlays/README + # Automatically load overlays for detected cameras camera_auto_detect=1 # Automatically load overlays for detected DSI displays display_auto_detect=1 +# Automatically load initramfs files, if found +auto_initramfs=1 + # Enable DRM VC4 V3D driver dtoverlay=vc4-kms-v3d max_framebuffers=2 +# Don't have the firmware create an initial video= setting in cmdline.txt. +# Use the kernel's default instead. +disable_fw_kms_setup=1 + # Disable compensation for displays with overscan disable_overscan=1 +# Run as fast as firmware / board allows +arm_boost=1 + [cm4] # Enable host mode on the 2711 built-in XHCI USB controller. # This line should be removed if the legacy DWC2 controller is required @@ -73,8 +44,3 @@ otg_mode=1 [all] -[pi4] -# Run as fast as firmware / board allows -arm_boost=1 - -[all] diff --git a/stage1/01-sys-tweaks/files/fstab b/stage1/01-sys-tweaks/files/fstab index f16e3fb..525c3bc 100644 --- a/stage1/01-sys-tweaks/files/fstab +++ b/stage1/01-sys-tweaks/files/fstab @@ -1,3 +1,3 @@ proc /proc proc defaults 0 0 -BOOTDEV /boot vfat defaults 0 2 +BOOTDEV /boot/firmware vfat defaults 0 2 ROOTDEV / ext4 defaults,noatime 0 1 diff --git a/stage2/01-sys-tweaks/00-patches/07-resize-init.diff b/stage2/01-sys-tweaks/00-patches/07-resize-init.diff index dfc01d4..e508a9f 100644 --- a/stage2/01-sys-tweaks/00-patches/07-resize-init.diff +++ b/stage2/01-sys-tweaks/00-patches/07-resize-init.diff @@ -1,5 +1,5 @@ ---- stage2.orig/rootfs/boot/cmdline.txt -+++ stage2/rootfs/boot/cmdline.txt +--- stage2.orig/rootfs/boot/firmware/cmdline.txt ++++ stage2/rootfs/boot/firmware/cmdline.txt @@ -1 +1 @@ -console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 fsck.repair=yes rootwait +console=serial0,115200 console=tty1 root=ROOTDEV rootfstype=ext4 fsck.repair=yes rootwait quiet init=/usr/lib/raspberrypi-sys-mods/firstboot From 64b498b2dd458937cfc930d557513ff36db4dd23 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Thu, 7 Sep 2023 14:59:28 +0100 Subject: [PATCH 18/46] Don't generate NOOBS files --- stage2/EXPORT_NOOBS | 2 -- stage4/EXPORT_NOOBS | 2 -- stage5/EXPORT_NOOBS | 2 -- 3 files changed, 6 deletions(-) delete mode 100644 stage2/EXPORT_NOOBS delete mode 100644 stage4/EXPORT_NOOBS delete mode 100644 stage5/EXPORT_NOOBS diff --git a/stage2/EXPORT_NOOBS b/stage2/EXPORT_NOOBS deleted file mode 100644 index 0d78ecf..0000000 --- a/stage2/EXPORT_NOOBS +++ /dev/null @@ -1,2 +0,0 @@ -NOOBS_NAME="Raspberry Pi OS Lite (32-bit)" -NOOBS_DESCRIPTION="A port of Debian with no desktop environment" diff --git a/stage4/EXPORT_NOOBS b/stage4/EXPORT_NOOBS deleted file mode 100644 index f197ee1..0000000 --- a/stage4/EXPORT_NOOBS +++ /dev/null @@ -1,2 +0,0 @@ -NOOBS_NAME="Raspberry Pi OS (32-bit)" -NOOBS_DESCRIPTION="A port of Debian with the Raspberry Pi Desktop" diff --git a/stage5/EXPORT_NOOBS b/stage5/EXPORT_NOOBS deleted file mode 100644 index ac7051f..0000000 --- a/stage5/EXPORT_NOOBS +++ /dev/null @@ -1,2 +0,0 @@ -NOOBS_NAME="Raspberry Pi OS Full (32-bit)" -NOOBS_DESCRIPTION="A port of Debian with desktop and recommended applications" From 188c155717b68dbd5704f337fd3b2cbd1b80d966 Mon Sep 17 00:00:00 2001 From: Serge Schneider Date: Fri, 8 Sep 2023 11:39:51 +0100 Subject: [PATCH 19/46] Migrate to raspberrypi.com --- stage0/00-configure-apt/files/raspi.list | 4 ++-- stage0/00-configure-apt/files/sources.list | 4 ++-- stage0/prerun.sh | 2 +- stage4/03-bookshelf/00-run.sh | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stage0/00-configure-apt/files/raspi.list b/stage0/00-configure-apt/files/raspi.list index 41c5a70..5f889b1 100644 --- a/stage0/00-configure-apt/files/raspi.list +++ b/stage0/00-configure-apt/files/raspi.list @@ -1,3 +1,3 @@ -deb http://archive.raspberrypi.org/debian/ RELEASE main +deb http://archive.raspberrypi.com/debian/ RELEASE main # Uncomment line below then 'apt-get update' to enable 'apt-get source' -#deb-src http://archive.raspberrypi.org/debian/ RELEASE main +#deb-src http://archive.raspberrypi.com/debian/ RELEASE main diff --git a/stage0/00-configure-apt/files/sources.list b/stage0/00-configure-apt/files/sources.list index 4a5dd8a..cd339c5 100644 --- a/stage0/00-configure-apt/files/sources.list +++ b/stage0/00-configure-apt/files/sources.list @@ -1,3 +1,3 @@ -deb http://raspbian.raspberrypi.org/raspbian/ RELEASE main contrib non-free rpi +deb http://raspbian.raspberrypi.com/raspbian/ RELEASE main contrib non-free rpi # Uncomment line below then 'apt-get update' to enable 'apt-get source' -#deb-src http://raspbian.raspberrypi.org/raspbian/ RELEASE main contrib non-free rpi +#deb-src http://raspbian.raspberrypi.com/raspbian/ RELEASE main contrib non-free rpi diff --git a/stage0/prerun.sh b/stage0/prerun.sh index c8e51a4..0252071 100755 --- a/stage0/prerun.sh +++ b/stage0/prerun.sh @@ -6,5 +6,5 @@ if [ "$RELEASE" != "bookworm" ]; then fi if [ ! -d "${ROOTFS_DIR}" ] || [ "${USE_QCOW2}" = "1" ]; then - bootstrap ${RELEASE} "${ROOTFS_DIR}" http://raspbian.raspberrypi.org/raspbian/ + bootstrap ${RELEASE} "${ROOTFS_DIR}" http://raspbian.raspberrypi.com/raspbian/ fi diff --git a/stage4/03-bookshelf/00-run.sh b/stage4/03-bookshelf/00-run.sh index 8244568..5bf017b 100755 --- a/stage4/03-bookshelf/00-run.sh +++ b/stage4/03-bookshelf/00-run.sh @@ -1,6 +1,6 @@ #!/bin/sh -e -BOOKSHELF_URL="https://magpi.raspberrypi.org/bookshelf.xml" +BOOKSHELF_URL="https://magpi.raspberrypi.com/bookshelf.xml" GUIDE_URL="$(curl -s "$BOOKSHELF_URL" | awk -F '[<>]' "/Raspberry Pi Beginner's Guide 4th Edition<\/TITLE>/ {f=1; next} f==1 && /PDF/ {print \$3; exit}")" OUTPUT="$(basename "$GUIDE_URL" | cut -f1 -d'?')" From e6dd7caa2b849cc22db42abb84b1a93c0818db39 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Tue, 12 Sep 2023 18:04:27 +0100 Subject: [PATCH 20/46] stage2: remove rng-tools See https://github.com/RPi-Distro/raspberrypi-sys-mods/pull/77 --- stage2/01-sys-tweaks/00-packages | 1 - 1 file changed, 1 deletion(-) diff --git a/stage2/01-sys-tweaks/00-packages b/stage2/01-sys-tweaks/00-packages index 86bdd9d..64529c7 100644 --- a/stage2/01-sys-tweaks/00-packages +++ b/stage2/01-sys-tweaks/00-packages @@ -24,7 +24,6 @@ htop man-db policykit-1 ssh-import-id -rng-tools ethtool ntfs-3g pciutils From 574d3e705535ac4fc47fd3f801d47fcc07184a63 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Wed, 13 Sep 2023 13:20:51 +0100 Subject: [PATCH 21/46] stage0: only fetch armhf packages from Raspbian --- stage0/00-configure-apt/files/sources.list | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stage0/00-configure-apt/files/sources.list b/stage0/00-configure-apt/files/sources.list index cd339c5..3ef0699 100644 --- a/stage0/00-configure-apt/files/sources.list +++ b/stage0/00-configure-apt/files/sources.list @@ -1,3 +1,3 @@ -deb http://raspbian.raspberrypi.com/raspbian/ RELEASE main contrib non-free rpi +deb [ arch=armhf ] http://raspbian.raspberrypi.com/raspbian/ RELEASE main contrib non-free rpi # Uncomment line below then 'apt-get update' to enable 'apt-get source' #deb-src http://raspbian.raspberrypi.com/raspbian/ RELEASE main contrib non-free rpi From d7dde0ca5e02a7db400878f17267fde5f60429d4 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Thu, 7 Sep 2023 15:42:20 +0100 Subject: [PATCH 22/46] stage5: disable greenfoot and bluej as they don't seem to work --- stage5/00-install-extras/00-packages | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stage5/00-install-extras/00-packages b/stage5/00-install-extras/00-packages index 909480b..331f958 100644 --- a/stage5/00-install-extras/00-packages +++ b/stage5/00-install-extras/00-packages @@ -7,7 +7,7 @@ python3-sense-emu sense-emu-tools python-sense-emu-doc wolfram-engine claws-mail -greenfoot-unbundled bluej-unbundled +#greenfoot-unbundled bluej-unbundled realvnc-vnc-viewer code-the-classics From 6051f1da7669875baf7e3c74daf67cb795c2a16e Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Wed, 13 Sep 2023 16:00:39 +0100 Subject: [PATCH 23/46] stage4: remove pimoroni packages for now --- stage4/00-install-packages/01-packages | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 stage4/00-install-packages/01-packages diff --git a/stage4/00-install-packages/01-packages b/stage4/00-install-packages/01-packages deleted file mode 100644 index 5441d9d..0000000 --- a/stage4/00-install-packages/01-packages +++ /dev/null @@ -1,22 +0,0 @@ -python3-automationhat -python3-blinkt -python3-cap1xxx -python3-drumhat -python3-envirophat -python3-explorerhat -python3-fourletterphat -python3-microdotphat -python3-mote -python3-motephat -python3-phatbeat -python3-pianohat -python3-piglow -python3-rainbowhat -python3-scrollphat -python3-scrollphathd -python3-sn3218 -python3-skywriter -python3-touchphat -python3-buttonshim -python3-unicornhathd -python3-pantilthat From 3a6342b63d21d2a3385d99fa1e8c0fa9ca55b94c Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Thu, 14 Sep 2023 14:49:03 +0100 Subject: [PATCH 24/46] stage0: install kernel headers --- stage0/02-firmware/01-packages | 3 +++ 1 file changed, 3 insertions(+) diff --git a/stage0/02-firmware/01-packages b/stage0/02-firmware/01-packages index 150958a..38f2f52 100644 --- a/stage0/02-firmware/01-packages +++ b/stage0/02-firmware/01-packages @@ -4,3 +4,6 @@ linux-image-rpi-v6 linux-image-rpi-v7 linux-image-rpi-v7l linux-image-rpi-v8 +linux-headers-rpi-v6 +linux-headers-rpi-v7 +linux-headers-rpi-v7l From 7ae1a26ae93991a25d39217c07f0b6656319a5e1 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Thu, 14 Sep 2023 14:50:07 +0100 Subject: [PATCH 25/46] stage4: ignore power key and let raspberrypi-ui-mods handle it --- stage4/07-disable-pwr-button/00-run.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 stage4/07-disable-pwr-button/00-run.sh diff --git a/stage4/07-disable-pwr-button/00-run.sh b/stage4/07-disable-pwr-button/00-run.sh new file mode 100755 index 0000000..44646bd --- /dev/null +++ b/stage4/07-disable-pwr-button/00-run.sh @@ -0,0 +1,3 @@ +#!/bin/bash -e + +sed -i 's/^.*HandlePowerKey=.*$/HandlePowerKey=ignore/' "${ROOTFS_DIR}/etc/systemd/logind.conf" From c4f98a873fd622c4ae01a65f38b1b11c8259acf5 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Wed, 23 Aug 2023 12:34:23 +0100 Subject: [PATCH 26/46] Move picamera2 to stage3 - PyAV takes up too much space for lite images --- stage2/01-sys-tweaks/00-packages-nr | 1 - stage3/00-install-packages/00-packages | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/stage2/01-sys-tweaks/00-packages-nr b/stage2/01-sys-tweaks/00-packages-nr index 453ada8..6bdb600 100644 --- a/stage2/01-sys-tweaks/00-packages-nr +++ b/stage2/01-sys-tweaks/00-packages-nr @@ -1,4 +1,3 @@ cifs-utils libcamera-apps-lite mkvtoolnix -python3-picamera2 diff --git a/stage3/00-install-packages/00-packages b/stage3/00-install-packages/00-packages index 2d206cd..cc18081 100644 --- a/stage3/00-install-packages/00-packages +++ b/stage3/00-install-packages/00-packages @@ -14,5 +14,6 @@ obconf arandr libcamera-tools libcamera-apps +python3-picamera2 python3-pyqt5 python3-opengl From 5b15e14ff930c97ce1365d36b7696877d124b878 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Mon, 25 Sep 2023 21:33:15 +0100 Subject: [PATCH 27/46] stage2: install GPIO libraries --- stage2/01-sys-tweaks/00-packages | 5 ++++- stage4/00-install-packages/00-packages | 2 -- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/stage2/01-sys-tweaks/00-packages b/stage2/01-sys-tweaks/00-packages index 64529c7..6142e2e 100644 --- a/stage2/01-sys-tweaks/00-packages +++ b/stage2/01-sys-tweaks/00-packages @@ -2,8 +2,11 @@ ssh less fbset sudo psmisc strace ed ncdu console-setup keyboard-configuration debconf-utils parted build-essential manpages-dev bash-completion gdb pkg-config python-is-python3 -python3-rpi.gpio v4l-utils +v4l-utils +python3-libgpiod python3-gpiozero +pigpio python3-pigpio raspi-gpio python3-rpi.gpio +python3-spidev avahi-daemon lua5.1 luajit diff --git a/stage4/00-install-packages/00-packages b/stage4/00-install-packages/00-packages index bfb3f0d..567f3ce 100644 --- a/stage4/00-install-packages/00-packages +++ b/stage4/00-install-packages/00-packages @@ -11,8 +11,6 @@ tree libgl1-mesa-dri libgles1 libgles2-mesa xcompmgr geany piclone -pigpio python3-pigpio raspi-gpio python3-rpi.gpio -python3-spidev python3-twython python3-smbus python3-flask From dc6a3c1dd869f07c5fa7a61d667f09b81c66fb4a Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Tue, 26 Sep 2023 14:19:01 +0100 Subject: [PATCH 28/46] stage2: install python3-smbus2 --- stage2/01-sys-tweaks/00-packages | 1 + stage4/00-install-packages/00-packages | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/stage2/01-sys-tweaks/00-packages b/stage2/01-sys-tweaks/00-packages index 6142e2e..0e6bfb9 100644 --- a/stage2/01-sys-tweaks/00-packages +++ b/stage2/01-sys-tweaks/00-packages @@ -7,6 +7,7 @@ python3-libgpiod python3-gpiozero pigpio python3-pigpio raspi-gpio python3-rpi.gpio python3-spidev +python3-smbus2 avahi-daemon lua5.1 luajit diff --git a/stage4/00-install-packages/00-packages b/stage4/00-install-packages/00-packages index 567f3ce..2307752 100644 --- a/stage4/00-install-packages/00-packages +++ b/stage4/00-install-packages/00-packages @@ -12,7 +12,6 @@ libgl1-mesa-dri libgles1 libgles2-mesa xcompmgr geany piclone python3-twython -python3-smbus python3-flask pprompt piwiz From a0b8868fbfd04da73d449b84773b7020bbf7c62b Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Wed, 27 Sep 2023 15:56:37 +0100 Subject: [PATCH 29/46] Update release notes --- .../00-release/files/release_notes.txt | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/export-noobs/00-release/files/release_notes.txt b/export-noobs/00-release/files/release_notes.txt index 7ec34fd..1eeffe9 100644 --- a/export-noobs/00-release/files/release_notes.txt +++ b/export-noobs/00-release/files/release_notes.txt @@ -1,4 +1,26 @@ UNRELEASED: + * Based on Debian bookworm release + * Support for Raspberry Pi 5 + * Desktop now runs on the Wayfire Wayland compositing window manager on Raspberry Pi 4 and 5 platforms; on X11 using the openbox window manager on older platforms + * lxpanel replaced with new wf-panel-pi application when running Wayland; existing lxpanel plugins migrated; gpu performance and power plugins added + * pcmanfm modified to use Wayland backend when running on Wayland + * PipeWire used instead of PulseAudio as audio control subsystem; various changes made to volume control plugin to support this + * NetworkManager used instead of dhcpcd as networking interface; various changes made to networking plugin to support this + * Firefox browser added as alternative to Chromium; selection of default browser added to Raspberry Pi Configuration tool + * WayVNC VNC server used instead of RealVNC when running on Wayland + * All customisation and configuration applications modified to customise Wayfire environment as appropriate + * grim used as screenshot tool instead of scrot when running on Wayland + * eom image viewer used instead of gpicview + * evince document viewer used instead of qpdfview + * Chromium web browser updated to version 116 + * VLC media player updated to version 3.0.18 + * Magnifier program not available when running Wayland; Wayfire includes screen zoom capabilities + * CustomPC and Wireframe removed from Bookshelf + * Numerous small changes and bug fixes + * Switched from raspberrypi-kernel to Debian-based kernel packaging (linux-image-rpi-*) + * Switched from raspberrypi-bootloader to Debian based firmware packaging (raspi-firmware) + * /boot mount point moved to /boot/firmware +2023-05-03: * 64-bit Mathematica added to rp-prefapps * Bug fix - occasional segfault in CPU temperature plugin * Bug fix - X server crash when changing screen orientation From fb56ad562991cf3ae5c96ab50983e1deeaefc7b6 Mon Sep 17 00:00:00 2001 From: Serge Schneider <serge@raspberrypi.com> Date: Wed, 4 Oct 2023 00:05:53 +0100 Subject: [PATCH 30/46] stage5: match rp-prefapps package list --- stage5/00-install-extras/00-packages | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/stage5/00-install-extras/00-packages b/stage5/00-install-extras/00-packages index 331f958..ad5dcad 100644 --- a/stage5/00-install-extras/00-packages +++ b/stage5/00-install-extras/00-packages @@ -1,13 +1,8 @@ mu-editor -sonic-pi scratch nuscratch scratch3 smartsim - -python3-sense-emu sense-emu-tools python-sense-emu-doc - wolfram-engine claws-mail -#greenfoot-unbundled bluej-unbundled realvnc-vnc-viewer - code-the-classics +kicad From 5c6011dd20fa47207d00e1b8326c1754988b96e8 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Wed, 11 Oct 2023 22:59:57 +0200 Subject: [PATCH 31/46] Drop stage 3 & 4, remove .github --- .github/workflows/on-push.yml | 54 -------------------- .github/workflows/on-tag-only.yml | 61 ----------------------- stage3/00-install-packages/00-debconf | 2 - stage3/00-install-packages/00-packages | 17 ------- stage3/00-install-packages/00-packages-nr | 7 --- stage3/00-install-packages/01-run.sh | 9 ---- stage3/01-tweaks/00-run.sh | 5 -- stage3/prerun.sh | 5 -- stage4/00-install-packages/00-debconf | 2 - stage4/00-install-packages/00-packages | 27 ---------- stage4/00-install-packages/00-packages-nr | 2 - stage4/00-install-packages/01-packages | 22 -------- stage4/00-install-packages/02-packages | 4 -- stage4/01-console-autologin/00-run.sh | 5 -- stage4/02-extras/00-run.sh | 7 --- stage4/03-bookshelf/00-run.sh | 15 ------ stage4/03-bookshelf/files/.gitignore | 1 - stage4/04-enable-xcompmgr/00-run.sh | 5 -- stage4/05-print-support/00-packages | 2 - stage4/05-print-support/01-run.sh | 5 -- stage4/EXPORT_IMAGE | 4 -- stage4/prerun.sh | 5 -- 22 files changed, 266 deletions(-) delete mode 100644 .github/workflows/on-push.yml delete mode 100644 .github/workflows/on-tag-only.yml delete mode 100644 stage3/00-install-packages/00-debconf delete mode 100644 stage3/00-install-packages/00-packages delete mode 100644 stage3/00-install-packages/00-packages-nr delete mode 100755 stage3/00-install-packages/01-run.sh delete mode 100755 stage3/01-tweaks/00-run.sh delete mode 100755 stage3/prerun.sh delete mode 100644 stage4/00-install-packages/00-debconf delete mode 100644 stage4/00-install-packages/00-packages delete mode 100644 stage4/00-install-packages/00-packages-nr delete mode 100644 stage4/00-install-packages/01-packages delete mode 100644 stage4/00-install-packages/02-packages delete mode 100755 stage4/01-console-autologin/00-run.sh delete mode 100755 stage4/02-extras/00-run.sh delete mode 100755 stage4/03-bookshelf/00-run.sh delete mode 100644 stage4/03-bookshelf/files/.gitignore delete mode 100755 stage4/04-enable-xcompmgr/00-run.sh delete mode 100644 stage4/05-print-support/00-packages delete mode 100755 stage4/05-print-support/01-run.sh delete mode 100644 stage4/EXPORT_IMAGE delete mode 100755 stage4/prerun.sh diff --git a/.github/workflows/on-push.yml b/.github/workflows/on-push.yml deleted file mode 100644 index 026c91c..0000000 --- a/.github/workflows/on-push.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Build image on push or PR -on: ["push", "pull_request"] - -jobs: - build: - - runs-on: ubuntu-22.04 - - steps: - - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Dependencies - run: | - sudo apt update - sudo apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz - - - name: Set image name - run: | - CITADEL_OS_VERSION="$(git describe --tags)" - IMAGE_NAME="citadel-os-${CITADEL_OS_VERSION}" - echo "CITADEL_OS_VERSION=$CITADEL_OS_VERSION" >> $GITHUB_ENV - echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV - - - name: Prepare Docker - run: | - # These first two commands are a workaround for a bug in GitHub actions - sudo rm /etc/docker/daemon.json - sudo systemctl restart docker - sudo docker system prune --all --force - sudo docker logout ghcr.io - - - name: Run build script - run: | - echo "Building $IMAGE_NAME" - sudo IMG_FILENAME=$IMAGE_NAME ARCHIVE_FILENAME=$IMAGE_NAME CITADEL_OS_VERSION=$CITADEL_OS_VERSION ./build.sh - - name: Copy ZIP to current working dir - run: cp deploy/*.zip ./ - - - name: Debug current working dir - run: ls -la - - - name: Upload artifact - uses: actions/upload-artifact@v2 - with: - path: ${{ env.IMAGE_NAME }}.zip - name: ${{ env.IMAGE_NAME }}.zip - - - name: Upload artifact - uses: actions/upload-artifact@v2 - with: - path: ${{ env.IMAGE_NAME }}-desktop.zip - name: ${{ env.IMAGE_NAME }}-desktop.zip diff --git a/.github/workflows/on-tag-only.yml b/.github/workflows/on-tag-only.yml deleted file mode 100644 index 86d9c4c..0000000 --- a/.github/workflows/on-tag-only.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Automatically Build image on tag ONLY -on: - push: - tags: - - v[0-9]+.[0-9]+.[0-9]+ - - v[0-9]+.[0-9]+.[0-9]+-* - -jobs: - build: - - runs-on: ubuntu-22.04 - - steps: - - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Dependencies - run: | - sudo apt update - sudo apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz - - name: Set image name - run: | - CITADEL_OS_VERSION="$(git describe --tags)" - IMAGE_NAME="citadel-os-${CITADEL_OS_VERSION}" - echo "CITADEL_OS_VERSION=$CITADEL_OS_VERSION" >> $GITHUB_ENV - echo "IMAGE_NAME=$IMAGE_NAME" >> $GITHUB_ENV - - name: Prepare Docker - run: | - # These first two commands are a workaround for a bug in GitHub actions - sudo rm /etc/docker/daemon.json - sudo systemctl restart docker - sudo docker system prune --all --force - sudo docker logout ghcr.io - - name: Run build script - run: | - echo "Building $IMAGE_NAME" - sudo IMG_FILENAME=$IMAGE_NAME ARCHIVE_FILENAME=$IMAGE_NAME CITADEL_OS_VERSION=$CITADEL_OS_VERSION ./build.sh - - name: Copy ZIP to current working dir - run: cp deploy/*.zip ./ - - - name: Debug current working dir - run: ls -la - - - name: Upload artifact - uses: actions/upload-artifact@v2 - with: - path: ${{ env.IMAGE_NAME }}.zip - name: ${{ env.IMAGE_NAME }}.zip - - - name: Create release draft - uses: softprops/action-gh-release@v1 - with: - files: | - ${{ env.IMAGE_NAME }}.zip - ${{ env.IMAGE_NAME }}-desktop.zip - name: ${{ github.ref }} - draft: true - body: "TODO: Release notes" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/stage3/00-install-packages/00-debconf b/stage3/00-install-packages/00-debconf deleted file mode 100644 index 7dbd12e..0000000 --- a/stage3/00-install-packages/00-debconf +++ /dev/null @@ -1,2 +0,0 @@ -# Adobe Flash Player. Copyright 1996-2015. Adobe Systems Incorporated. All Rights Reserved. -rpi-chromium-mods rpi-chromium-mods/adobe note diff --git a/stage3/00-install-packages/00-packages b/stage3/00-install-packages/00-packages deleted file mode 100644 index d8a272f..0000000 --- a/stage3/00-install-packages/00-packages +++ /dev/null @@ -1,17 +0,0 @@ -gstreamer1.0-x gstreamer1.0-omx gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad gstreamer1.0-alsa gstreamer1.0-libav -qpdfview gtk2-engines alsa-utils -desktop-base -git -policykit-1 -gvfs -rfkill -chromium-browser rpi-chromium-mods libwidevinecdm0 -gldriver-test -fonts-droid-fallback -fonts-liberation2 -obconf -arandr -libcamera-tools -libcamera-apps -python3-pyqt5 -python3-opengl diff --git a/stage3/00-install-packages/00-packages-nr b/stage3/00-install-packages/00-packages-nr deleted file mode 100644 index bfe86a9..0000000 --- a/stage3/00-install-packages/00-packages-nr +++ /dev/null @@ -1,7 +0,0 @@ -xserver-xorg-video-fbdev xserver-xorg xinit xserver-xorg-video-fbturbo -mousepad -lxde lxtask menu-xdg -zenity xdg-utils -gvfs-backends gvfs-fuse -lightdm gnome-themes-extra-data adwaita-icon-theme gnome-icon-theme -gnome-keyring diff --git a/stage3/00-install-packages/01-run.sh b/stage3/00-install-packages/01-run.sh deleted file mode 100755 index 0e8248d..0000000 --- a/stage3/00-install-packages/01-run.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF -update-alternatives --install /usr/bin/x-www-browser \ - x-www-browser /usr/bin/chromium-browser 86 -update-alternatives --install /usr/bin/gnome-www-browser \ - gnome-www-browser /usr/bin/chromium-browser 86 - apt-mark auto python3-pyqt5 python3-opengl -EOF diff --git a/stage3/01-tweaks/00-run.sh b/stage3/01-tweaks/00-run.sh deleted file mode 100755 index 79b749e..0000000 --- a/stage3/01-tweaks/00-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF - SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_boot_wait 1 -EOF diff --git a/stage3/prerun.sh b/stage3/prerun.sh deleted file mode 100755 index 9acd13c..0000000 --- a/stage3/prerun.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -if [ ! -d "${ROOTFS_DIR}" ]; then - copy_previous -fi diff --git a/stage4/00-install-packages/00-debconf b/stage4/00-install-packages/00-debconf deleted file mode 100644 index 87932e2..0000000 --- a/stage4/00-install-packages/00-debconf +++ /dev/null @@ -1,2 +0,0 @@ -# Enable realtime process priority? -jackd2 jackd/tweak_rt_limits boolean true diff --git a/stage4/00-install-packages/00-packages b/stage4/00-install-packages/00-packages deleted file mode 100644 index 7854596..0000000 --- a/stage4/00-install-packages/00-packages +++ /dev/null @@ -1,27 +0,0 @@ -python3-pygame -python3-tk thonny -python3-pgzero -python3-serial -python3-picamera -debian-reference-en dillo -raspberrypi-net-mods raspberrypi-ui-mods -python3-pip -python3-numpy -pypy -alacarte rc-gui sense-hat -tree -libgl1-mesa-dri libgles1 libgles2-mesa xcompmgr -geany -piclone -pigpio python3-pigpio raspi-gpio python3-rpi.gpio -python3-spidev -python3-twython -python3-smbus -python3-flask -pprompt -piwiz -rp-prefapps -ffmpeg -vlc -rpi-imager -rpi-wayland diff --git a/stage4/00-install-packages/00-packages-nr b/stage4/00-install-packages/00-packages-nr deleted file mode 100644 index b904b80..0000000 --- a/stage4/00-install-packages/00-packages-nr +++ /dev/null @@ -1,2 +0,0 @@ -pi-package -realvnc-vnc-server diff --git a/stage4/00-install-packages/01-packages b/stage4/00-install-packages/01-packages deleted file mode 100644 index 5441d9d..0000000 --- a/stage4/00-install-packages/01-packages +++ /dev/null @@ -1,22 +0,0 @@ -python3-automationhat -python3-blinkt -python3-cap1xxx -python3-drumhat -python3-envirophat -python3-explorerhat -python3-fourletterphat -python3-microdotphat -python3-mote -python3-motephat -python3-phatbeat -python3-pianohat -python3-piglow -python3-rainbowhat -python3-scrollphat -python3-scrollphathd -python3-sn3218 -python3-skywriter -python3-touchphat -python3-buttonshim -python3-unicornhathd -python3-pantilthat diff --git a/stage4/00-install-packages/02-packages b/stage4/00-install-packages/02-packages deleted file mode 100644 index fc43d17..0000000 --- a/stage4/00-install-packages/02-packages +++ /dev/null @@ -1,4 +0,0 @@ -hunspell-en-gb -hyphen-en-gb -wamerican -wbritish diff --git a/stage4/01-console-autologin/00-run.sh b/stage4/01-console-autologin/00-run.sh deleted file mode 100755 index 665dcdb..0000000 --- a/stage4/01-console-autologin/00-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF - SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_boot_behaviour B4 -EOF diff --git a/stage4/02-extras/00-run.sh b/stage4/02-extras/00-run.sh deleted file mode 100755 index 6a24f82..0000000 --- a/stage4/02-extras/00-run.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -e - -#Alacarte fixes -install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.local" -install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.local/share" -install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.local/share/applications" -install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/.local/share/desktop-directories" diff --git a/stage4/03-bookshelf/00-run.sh b/stage4/03-bookshelf/00-run.sh deleted file mode 100755 index 8244568..0000000 --- a/stage4/03-bookshelf/00-run.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -e - -BOOKSHELF_URL="https://magpi.raspberrypi.org/bookshelf.xml" -GUIDE_URL="$(curl -s "$BOOKSHELF_URL" | awk -F '[<>]' "/<TITLE>Raspberry Pi Beginner's Guide 4th Edition<\/TITLE>/ {f=1; next} f==1 && /PDF/ {print \$3; exit}")" -OUTPUT="$(basename "$GUIDE_URL" | cut -f1 -d'?')" - -if [ ! -f "files/$OUTPUT" ]; then - rm files/*.pdf -f - curl -s "$GUIDE_URL" -o "files/$OUTPUT" -fi - -file "files/$OUTPUT" | grep -q "PDF document" - -install -v -o 1000 -g 1000 -d "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/Bookshelf" -install -v -o 1000 -g 1000 -m 644 "files/$OUTPUT" "${ROOTFS_DIR}/home/${FIRST_USER_NAME}/Bookshelf/" diff --git a/stage4/03-bookshelf/files/.gitignore b/stage4/03-bookshelf/files/.gitignore deleted file mode 100644 index a136337..0000000 --- a/stage4/03-bookshelf/files/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*.pdf diff --git a/stage4/04-enable-xcompmgr/00-run.sh b/stage4/04-enable-xcompmgr/00-run.sh deleted file mode 100755 index ad6298d..0000000 --- a/stage4/04-enable-xcompmgr/00-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF - raspi-config nonint do_xcompmgr 0 -EOF diff --git a/stage4/05-print-support/00-packages b/stage4/05-print-support/00-packages deleted file mode 100644 index e9c36bd..0000000 --- a/stage4/05-print-support/00-packages +++ /dev/null @@ -1,2 +0,0 @@ -cups -system-config-printer diff --git a/stage4/05-print-support/01-run.sh b/stage4/05-print-support/01-run.sh deleted file mode 100755 index dc9e2b2..0000000 --- a/stage4/05-print-support/01-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -on_chroot <<EOF -adduser "$FIRST_USER_NAME" lpadmin -EOF diff --git a/stage4/EXPORT_IMAGE b/stage4/EXPORT_IMAGE deleted file mode 100644 index 9f2f737..0000000 --- a/stage4/EXPORT_IMAGE +++ /dev/null @@ -1,4 +0,0 @@ -IMG_SUFFIX="-desktop" -if [ "${USE_QEMU}" = "1" ]; then - export IMG_SUFFIX="${IMG_SUFFIX}-qemu" -fi diff --git a/stage4/prerun.sh b/stage4/prerun.sh deleted file mode 100755 index 9acd13c..0000000 --- a/stage4/prerun.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -if [ ! -d "${ROOTFS_DIR}" ]; then - copy_previous -fi From 5e8adfbeefa2905fdc9bce32aea6b6e65563f76c Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Thu, 12 Oct 2023 15:46:50 +0000 Subject: [PATCH 32/46] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..401179d --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,11 @@ +build-job: + image: harbor.nirvati.org/library/docker:24-cli + services: + - name: harbor.nirvati.org/library/docker:24-dind@sha256:28e312e051b1c4b02c78ab27ee34eb29752c409db6dab0b5df11c129c42c4926 + alias: docker + script: + - apt update && apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz + - sudo IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh + artifacts: + paths: + - deploy From e4b2ecc9512bd59e13e7eb297e570fd3af970ad6 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Thu, 12 Oct 2023 15:54:25 +0000 Subject: [PATCH 33/46] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 401179d..301339e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,7 @@ build-job: - name: harbor.nirvati.org/library/docker:24-dind@sha256:28e312e051b1c4b02c78ab27ee34eb29752c409db6dab0b5df11c129c42c4926 alias: docker script: - - apt update && apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz + - apt update && DEBIAN_FRONTEND=noninteractive apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz - sudo IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh artifacts: paths: From 3dc1210022062d12869e66f7f4a2689af7688d53 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Thu, 12 Oct 2023 16:46:03 +0000 Subject: [PATCH 34/46] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 301339e..efb1b16 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,7 +5,7 @@ build-job: alias: docker script: - apt update && DEBIAN_FRONTEND=noninteractive apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz - - sudo IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh + - IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh artifacts: paths: - deploy From 9da205492c486f945343db5fa43925d9e2f5ae2f Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Thu, 12 Oct 2023 17:00:04 +0000 Subject: [PATCH 35/46] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index efb1b16..6ad1e95 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,8 @@ build-job: - name: harbor.nirvati.org/library/docker:24-dind@sha256:28e312e051b1c4b02c78ab27ee34eb29752c409db6dab0b5df11c129c42c4926 alias: docker script: - - apt update && DEBIAN_FRONTEND=noninteractive apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz + - apt update && DEBIAN_FRONTEND=noninteractive apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx + - modprobe binfmt_misc - IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh artifacts: paths: From 0d8c05181182f890e279906da694b6db50a31c03 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 08:50:50 +0000 Subject: [PATCH 36/46] Code cleanups & ARM builds --- .gitlab-ci.yml | 5 +++-- depends | 1 - stage4/06-enable-wayland/00-run.sh | 5 ----- stage4/07-disable-pwr-button/00-run.sh | 3 --- 4 files changed, 3 insertions(+), 11 deletions(-) delete mode 100755 stage4/06-enable-wayland/00-run.sh delete mode 100755 stage4/07-disable-pwr-button/00-run.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6ad1e95..d3bff11 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,11 +1,12 @@ build-job: + tags: + - arm64 image: harbor.nirvati.org/library/docker:24-cli services: - name: harbor.nirvati.org/library/docker:24-dind@sha256:28e312e051b1c4b02c78ab27ee34eb29752c409db6dab0b5df11c129c42c4926 alias: docker script: - - apt update && DEBIAN_FRONTEND=noninteractive apt install -y binfmt-support qemu-user-static quilt debootstrap apt-cacher-ng libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx - - modprobe binfmt_misc + - apt update && DEBIAN_FRONTEND=noninteractive apt install -y quilt debootstrap libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx - IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh artifacts: paths: diff --git a/depends b/depends index d2407af..76b668f 100644 --- a/depends +++ b/depends @@ -1,7 +1,6 @@ quilt parted realpath:coreutils -qemu-aarch64-static:qemu-user-static debootstrap zerofree zip diff --git a/stage4/06-enable-wayland/00-run.sh b/stage4/06-enable-wayland/00-run.sh deleted file mode 100755 index bd8bbc3..0000000 --- a/stage4/06-enable-wayland/00-run.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -e - -on_chroot << EOF - SUDO_USER="${FIRST_USER_NAME}" raspi-config nonint do_wayland W2 -EOF diff --git a/stage4/07-disable-pwr-button/00-run.sh b/stage4/07-disable-pwr-button/00-run.sh deleted file mode 100755 index 44646bd..0000000 --- a/stage4/07-disable-pwr-button/00-run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -e - -sed -i 's/^.*HandlePowerKey=.*$/HandlePowerKey=ignore/' "${ROOTFS_DIR}/etc/systemd/logind.conf" From 7c09e4788d282dacea6cde9469d6738d2ba8f2d4 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 08:54:02 +0000 Subject: [PATCH 37/46] Update Debian key --- stage0/files/debian.gpg | Bin 48747 -> 8700 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/stage0/files/debian.gpg b/stage0/files/debian.gpg index e897ec52fbeb9379db9157389acc356ccda416d4..dfd46c7fe7431a8431765fb96fb15936e0474bd9 100644 GIT binary patch literal 8700 zcma*sWl$XIvM%7keQ>wIT?Th|2=4AK!5Q3LLvYvN5Zv9JK+q7JAi*Ix+_lcRtIn=n zr|#W<yT0$=Q(fI}XF;RET1?I3LSX<74N{Hxb}ofNt%9FBsd<ryZuF>c{nPvJnP%5G zO+a(hgw&!9`Ln6=?loiE*5z?g)+jqaGyy=-o$&T!ZpNtnklT^OUomsy9dwOMr0G3Z zog2&_jRq_SglzRwyj#&o`i`-8RC&R77W+0i9jtJ-Ik(>(B2#f`GI-s6kfARm2)K6B z9#Ebm0uA{KgF`O|C2Y0wfC+O^D<1bsr23?vpOKy4IkF7Md-`x@fO#1|xP#+*c39w$ z5W;<Ki{qU3NWwD*75joJoW&f~<59b(@NyQ)9V1Qr-F;;UZ(_*&tjS>_L(2k*oXnj1 zE!@jqCK~_HE4;Iwg8{Wy@<>Tfi=FI0OyJn_OU72DMIq%C&utzEloxSM+DysK0t#E! z9!EIp{iIqE6Pri=7TX1hrf&U9=F>Y-H46T;{UnMi+4msD2Ryt8Rw%YBGRPN97E#L} z4n{?duve`29r)c<^HIF<DBB{<f_O(iCqm;ooo0!r^d(%%zFlZlCr_#`As1`O8=ITd zh~q5Du=5<J&8#hK95IFA>(36?tTJM!t%1mQTzR;OznLR#k$PIaa^Cf-wHcPF=!Dgs z_-)Wec*Jy*XSREly<&50j~Nx;bA!8E)dWfAfj>sK{&d3BrU#w3_>qV7%;zWej5B?5 zLQ3P*a2WifHGGX1*WeWbz=Q%o#Xu{=l0zW_`0yxT+uKnL%tfm0SG^6T+eTKFxshZa z;GqA~f{%|H3>AFrb)}#hD|b98dfd%RsXj^aXbFt~03ah_{PTDbi~(pXp=lF(9#vi- z2+77jEnI-Dh+4ZnOQ0VXBmO@0tvBK57t)nvxh~}~(`xBRidR@vpiY@DV68wisD^Ww z94glYMj!9!*#WD1xo$qs*Lm<9<h?VUmZ6B6pX^@EN?$DhVByDREXfB{8J}p7yT<3e zY931UO<TF4CjAl~yJ=0T%}(NiI6^qObD*D0IeGUmW@V>CQE744>m&xeg+rO$k>IoA z<f7MTNlQ+vsnTFICWk~7n7uM=!c$BddXP6=_j5M!Fx_t}ZiPGErTeq_y$@HF`4|JI z277<iWeGK@Qt9BO$_z*YmP<MbdE)zh)=e(SkV=(?sYzItxXyZ;+>JJ?r~rT-V|g?W zC5_i);p7skJ^V_u1y<Ka%w<dwqb}ebBM$(ulh-%seG8875e0hm;e1j@nre(o!ctC1 zXeqpm3L`ZXE1u<|2SN?=SvwB!y)*0OA9xR?F`SdUHdPHYD=~jx8a$BiIJ)eOuSEQ9 z;H8a|cm1^Gj|&DUT{GB*ouy7J)#?P}Ai+6;nE7JLmNd3~LrIN0AJ~wbysJBvaFXYo zlY22#TkwoARkkCTRq%=B@k!CHNbN;ldxgi`3Hoxewt^C@Gd4*SqnJ>00yuCR2~{*E zSF*clwcLAR2!q}EeiR)N@^kQG<o=nzG(XJ+cqPMW;{WHMo}YSJ#9Mx(8LV|WZ{W=t ze5Iio{x?wNYv^yRg~Ud(pEfORAr0&n5&aX-DlQQfFi}Ydtm9F?u7<M`l@?xblpk+& zK0q~|U3dLC7%$Iwi(Svr9hgJOt&+gUC!fSGV&V`VkYHi|U6u3X#ogr0gkImP*|!D) ziXnEQ4vSvtE_x84jf3lCtG2<ue5R#^o<QgMk1{!{Sv-*t2^<32#N)eRg`Cx}=0Ka3 z1WX1gyqjK&RAh0Soc`!o3Af)AhkyuWT7Oj=$`0ql=7Z}jzRzqfE!NpsAK!Jte;sHp z+#on5?`!SeGH;W)rH+#Og<^UYZ0DhOMXw<GHr+{1bK^B|n~}ibtQFTO?c1v*$EuWX zQJsS;#Eat(TEMNt&Ci36Cjq>4x!MS9jhHa2xmb>efi15qBz7c>f{BZ?{V<djf-0Xy z`hLEx;NF1ekW+Zh#H+Qvj?p^wH<-U4u!M>>TozSK>Cttk-yym`=}zQgm74L5?(gn3 z#0=cXqTw79atKoWfdxTTU=3DUy@cY|vvAUztigQ5%wZipe7LB1M@XQ_aVy{R7Vdfp zA}qLCC&cO?Mut*+gC6Ir>+S4uV$DhY$|qr*5N8E<*13l%v1|5c+M@@7v^c8c!>KMt zR<ov?X5O`G$-63oYYQ9hKnDTrE<*?_!7&Lw1S#~^Ik(Pp;e;3noR!*ZH}6DvCzErT z0EW{3N1zD)?ojce!e<y&!QvMASQz@V3C^fEr62zdRA&PE8(aAm!zqsOxZ9*1dv9J7 zc71FF%fY;XF%p&|4Ta};`mdR9i!oJ-<Ha8*apZkObjz0M4v3(=cTQ>IT-!2BgRpG& zS03_~+uI*7sD6T@rU(<se6gZwD~HkU>|3LR!g7V_Fiq2vHEeDs{OF&k?Ad12T1*47 zFiA;zh<DqV@nBznda&!il#ET|D%u^?wFh+DLPg=*%Qnje=JL+J$Q%GQmXd8~^3Pwf zX9~THmggOQIF9^qRcDJ;kt4b0+Ox~wF8(;xa$glD;~em2v|0;7@2u_l@C+5^i3HQM z$VOz3Q9{fgt=o~}(ogXXm4rGFrUX?mG*YriK$SNLb!HcjH0=q#{?nS!;UKj#N!!JQ zHw~=0Cy`Uk?L@rPm+`q7bxwck(WkQCUly?%O_l4o>J2TCaxl$8Ju{9^ZPC>e^JE)j z{j6ImvZ;G+W4w5r+}WM=<D{F4Fg`M+0IS>-1*XiIBzUpy>BME86t3&`a<qJy_SmYI zSl^JQ4+)HDZv;Hycd}Kg48~fXw9A{!=w?%3OLrVgZ<gHlKI>%zUpY|jno2&*#cUfi zu5x9fTKN-@^aZF>KAbH^z*6EXm+7dH;5-oGjv;5k*LuL&1XeDh6PZvnpxwmPp;M1@ zbwv{C&+XZd>gyHDoou{wYSjdwEh1%~sg%R!6XgHrpxCo8dn>Ky&Db?ybugO`-f<gV zL;np_88Q01!7pkZJ*P!ku}79vw$5zvBfIxkUP8#=HnkR}b(wt#N7`gm`pf4S1c9es zK5GS(4>;K#-)oN~5aqP91SnyF-8ZG*al78lAP6y#y(Xa@)%k`GRI^`8##*o(mf5j} zf=Xm)a%_q9L%8B&QkDG1^6dC*o};F%y2Xxu7$I@72Jxy{w9F%TgM>($;ZpX-bv<dH z$ez-nylpaIe@qvhedOZ4&foGirD{lzXfnsI%?RHEXwJsf@rzjJkLU_mDNs2-<Si<5 zc{Cs~kf)LF80}tgP^78HMwrC5_Sz;My)342w?;9M*Av4Bvime_iGnM4TOqcS$QAWp zzVZ-G>pyV^s}kQ+HAzxk1GRy7Q>>u@w#+*cHzzQB)M;no62CV#VH3qy`55DJUP}=X zq(&2=GdWv=ldhl(YbjFwxh`51e~(38o--;OE-$YWE@ZDenWZ%6r;l(NUasd^dYM^! z4^?~?Fw;BkJUu9dfwH<CXQzfKN4Ruk=e0J)=!h;wD0ZuN0r};;wnXWHqRX~l{b<&* z-%jbY7_EpJ)}{r%0_JK2Mt&ypih(AMhc?VVM|Mp)4MH9rD}PKhpz6iiR?aY`Xt-$6 z1sY*3vQ=X}x;AKmCp>ZCMk&S}^q0aigjyFIlFONlgpbbs&j?(XC6tqR4R~Am)RD8n z|2e2J75j-}&L;RE^&8Prz27#t4IfSZ4b+D)48UwZU8fp=K8fZ~oN^9=`8x1Y3fX4V zj%Qi<bT5Ad_k*I~)iKEjc(n5ZIu)Dl=;KzOU(aLrYD#Y;2-=u#H$yd9NvL8OR{)=0 zd%g>p#(HYxg=;oV#Q54v)jAZ{(fy|P-`UiBFMoZkhd&_0CM6TD9gTES^6KE=Ba_}d zQrWX|`q~-DIEexd)%qdOBqDfKqkp~1PFyD=T>p@UC*l8x^weH#)$PFFkSdtHV@wCA zQI1Kfqw`(eLrmfADJ(*FwI{T7z?#R7o5~AEU#Ic8e@kc`(Pl|2Un4Fgwt;N{ts~k} zeZIzo?fX}3dBAd82;}r}&lQFQbjYws6ViiKL?atcs^{HxDq}n0xAPVNPF2ZVTRmmT zv*o}9hg!Sw6q*fxE7h((n%<S#toQxQm7;oO9ABHg$)CI!hbOuHvFc>tK;?|gT8FLg z9X-IS+viLO$(O$C#kNjqbA)B4uppPV=(PGLA#;whLfDq+XdmS=Z!7^tt!`WJYK5=o z38z3m)r4rfYan}6$7jI_W#wDDS4;bfbzVDO<1|B~%#xDUs`C`xDVB0>=B@)V6@^_v z3Ri%+SI>v6`LcWNAd1|%Ef<T<bJXs-^C{*rMci-1nP-bA?M)oO*-StcF}D5SJO``Z z_c4>HJ(DUe%eTjJ`S5Iby{a`tI+JF3DJye3GiQ*vn}w~Nmla6d)5FEd%)`zCq+w^{ zZ0BqPQnZ4A=)oLp<}NM{-Y#xV3?LzEkB?4f?jBZdVwV5)o7Kh5MkEGW6Bhfg`CjDz zHQ(bx6T`qEp(Eu2;82hd5n$kOk&zHl;P9Yfpa9ThP|*0n|2pNL>Y~5v`@Z~`>xqL6 zknfyM#|CjkuDp!;1ovPKC8qBx0O56G5-UO?U?Q*sOlGcOr^h9vrEi84CHDUWWC_#% zQikCb3z?NbXs<6OpW6%hX*X>F)zftIEKgn5Dj4idmYXhnNOw?E?$K!cnBoYxa;?#< zk{<7~o_J$zb7uvetPrf{(sGYgdr+OoWA&S=Q4lkh{y=Ga>q`+V$cw^aYBWOSV6y6? zh<I9{$>`H8Z_*8*B>hndKXSD|yR}ev>M-(ZSZV#*R=tT(Ry?a0VFPUNWu?J2tgUJL zC^JI)U<{%p@!A3JRVXf?CIRQMVdy-RKq9+1J5}F^0IO;GW0x?qZMpMeM(7Y9-EhSC zpd7KE6J9>%DhpXhAC*K`4c41~o3lX0N`^?;L+hAx4|U&aTUz6gjM%N97R)@}xIdrL zKINYIK5NUMM&Bo%U^h$d?%v4G=C0+$BMc+2mfGsa4m8CG*48qMs!7aD<x&&G;2J;@ zb~e+M<LKGa(ZbqPC#RROqHP_xRV8t?4}A++eBow`<R1!Wxs;wS`Yf}BLX;itDe{DZ zc3K=zUoLl_I=F|1|KrTeFeAOy#prSdYt)pSE-FM=BWYY0NEH^rIW~ev*8$$9-X=y{ zK&@NHcnq_YzzwC$Ya97Wr@dy0>rh))=)D{UJvR{l_SLpO2AUHV<1bdEf3YHu$rJ&E zylxZROsBh-Ui&31L3sXN8^1IEt>&M~Eh+k&DC#dc3@1$EpDe6Z)}OmR#i1XR>4(UZ zC|%%i;#sN}n&mjAUzrFUN)@|zuJIq_dP_>z>T3`LDw6w{zt(yqXtrLzEl;U}xz}WA zbjA*v?RQFJvgZ@HTX)Deqq_vOUPE)I{PJ;^cpC?obqlrJN8lY!s-fFD&>-awsHm*k zo=48JD6Jgjsb1J%n;`wcOE_;qEtaxRGu1=Xx=5m@Y1nAZ(~40~pjkhgb>mFjnh|z| zap(-M-KraY()@R*N9=PE)S`+sO1f}U->J-@U<$^H#BExPoJ{1~khkz5U(k0bl4H7! zlF~_bCTpmVFZ*4!!UNU}Ckpy_(bzlC=nn&{BIcrpM2hm8a&-#@@8a6NF9#_A7&N5L zORIjEwsk2aoYp-y8pn-d*Smr9Zjp%~s%5K#Si{Z~eU+AZq;heAwSf(A94dnz4h|01 zEyJD26Tf<)cief(7@3DsCFB0?)@ueOJ`k%V9ZE*+Citik?z2SPT$5j|X?FL;UB13| z8T6bYfqiQyhr@iIhV8?}&#dyq`Avvpk@M`zVQ0jl9(};(F~8+}HzUtOID}?PwT0T^ z+|dEkKDOJ8Hw~l)GL63p(4`L;3!7TUZRN!@XMllfSk*@PHgg~qr>vobqkZL7@=7A7 zxTQ22EqW53fS%lx80rV~OI@%2S2b|e$y}(Y#*iSXig6mHo0hu%ip#&%EK&Te=AX(L z4Ep<ratKkH{c|gEOC71dZJZds@6#)1$`-xJT;rg0#1}y_ypHcaWAEw9?b7%deppxh zONO(F$nX^`x$DVxk5WO8aX3t%{B`QBJ<+vP%*fDOuOBb3uT2;&z*TxuH}tNIu6lJl zVN)87#90dG&@_LxZu}Mfx)kt)h5@RtRiUG&8*?(1vBFTBk%C*!Qj~rR(uk5+h8aSQ zr3jX|l<(@2km*T9rQzo0Z_o==;p>-h!^=VCTce><H_I&IfdX-o-ifPGWKnA)I;YQ# z?A!B}=p4RR_BF?i#FIQV@fV!;dpz{P`IPkTOhHYQ&8rOwO%S_o(-XiN8{QvqKvCrW zxwT@I%Mmdq0?85XC;qv;46Zpu6QEhJ5agmY$!V&y%|NZz3adVa9JdKl8~eFgEaW`F zW1*J_*FEW|yK~J#6@X#s>+x=P08f>s6;=${+7sr3BML1|>x>Y0sPDI)f79LCg&#J& z7Q#z#*m&%yXS$#H1^W!M_%=2>ey_YC-uzw_4?}YbNg*YFK$pG{>Xi1HU+T|fTe4PH z&v>l759<=P8fO05SkQQrfVY}Y<!I{BXU7t$5C`og*$sE9PJ}*35SLleyF7NO#5k8F zp~#nWO^#H->Vkv##)!CslXiMM-vKOUxD_0Z&OHj5JjgO`k+<DmtsMpx=pFs5ni>r> zb#yikySw8s?9y;~ScO_cqyJJ9^S7FRD$|ze?*S*%Cs&_giW^TA%2{}?t9Iay2+PdT z3)Q#|HRFxol+iS8E1PhRWYX!y#hro>zP%^>B<Bl`osu>s0^(bXJY*hTyPIY+>iz5@ zWV%VQR>bc61?Jyf`ti^{l@zS>zP?ji6o__BB-y*(yR}R-!}q$r=|Tja+H|N0eCNb6 z?oUy?sE*AGLfm^l@eyY}&&jo0ygA^C95bOPEF;HU;c!=qIko8%byUpBR@PFWRZjQE zg>&8vL@OihlVa@AXhEDkwRL*gK*WGe<?TX{<E$d~Km}mxy@E{^G+e~L3o^xlh8Ar` z6_OrSm8pnZ6g`4s*%q?8QT56f<l!H!lflC?1m~x*CYufVR?>W5CMmyY#f~(+5zI-6 zNuc>PP%u7<a)VO88Lb?pg51wvJttd&&#uF-V}fX3WZER=d+K*-t}-8?JkvsS4?LPC z(KHP%Ns90Uvxibnitp#5d$P=iYcGI$gm^ES!covw-U#)rvYctsI80xfFU?7KO&!oe zk;A+)FV0zUV^W6JM~DSqWhiKqgdd_63h5`Pyi@>RDh3RXlZuV?qWn^Qw$Gl~*tg%b z)RGm;_Sy@ybVhFK!Q|W(J7yW4pT??xd!$HOM7Aw$J{e>N13oo3mM5t=pZMBMJqK2e zWVTWDrICd#Ohi|&+xK`{#<nB@oBmbJ{}x^Tt!B04Z#DmfnSx7yg-z>(au2HcY4Req zLY#vM3V5F(P&mkBg!JLdfa4BsPc*td-mN#g3`Wx|3C+QSvq7<XO@qpZ?kvh2gK6lY z;SOe>NWQe{wq)6#D#b1h;e84ZRI1qfCKVoWZrk&=<gxE<+^-_e1Hp>TyGIG4C&<Py zAG|qLSk=}Isk!QwP9>1m@z6ij^8r{jl=~#j?|(Oi78^hx=bO}_t-}=_%J<8=CwB?c zitS=6$J*EL(yERHaMAC`E*-hS;VFA-FJD!w7Ke&b%UML}$a_R4hSAT#xyoOs6RagE zHA!aw%yuwbZZ@O^VGcjmMoQtGc-;mBQtK|d#^$?2FHMZXle^PZ;@j8JevI}+UXbhK z$V^IO2}|kwgCbI_J1H-R;(~c9p$!{f>VW-O7dc@HinkUg`#vYj`Np1mHXBOwU|>-_ zq}*|x_YY-PAS}YG4TBuxo8vT-LS5W80FQz+wZ2BmkwcXc(R;Iqvk{Jm-%zCDQ!-n` zuB#p8x8oqmpPcFI#8T)2u{CBFrwjqXx=4lbres!>sw4hx%cnM!If0qR4Ngz_Y2&05 zgr_T<ag}Es=b1Xf3&DE}8x$vXkOvGd>btK(H~o4D9mtf2-hD-5xngv)fh&U2ilUxF z5&Dv=vxPE`AU0M9%4?H__|wF?Ol=A6s>yNJu|#5uo5&bwt^b;9ME{y={<nPcZ#8EO z6hyWj9v=nR*la%9u-ce8J6l;>vszlQeROfOvw*OA_;~#7>Yq%rdk6j9m%Neh8lw^% zls7FyoAKo^Ih13DR6EH?bOGrCp9ex6v!E;Qy<$?DoeEYcODwn%-rkiaG%L%TmiGe9 zOQN<pY}l-FE3RNUMF>LcgL?DR(stW^Vw@|4t~<J76ZbJFWVf1|g{lV%!q9ZhY~bn0 zD}9p-3D0%b=l4fAu{Pm~!K>{2kveb>{^il_%w5yICO_4{wfmd26ZTua6Y{`8W(EJn zcx2XC38sHv4yjxyo9UOJ9!!3#`g04m){he<@y#$t5${1iV$kMlDvz}HF1Kmn1l?-O zU{gi5l37(bgpMYgh+jhnzkO-_{(@7}b*m0wM|qNeJ(Y-0biFNs(6!+hOQNe|$zF2= z3W(|z98MJ|00bH^#@M|*7+g^?Df}d{)tCIZlc8Gj4n{LKH>s?n;J2%WlnLpRyJ+4d zsk54AFIg*SzPmi31*2Oa5a75g%nwX|o6MR@thQqL{K^YpfS8RE9Kj3f)pVeU(%-Ln z1-9dozNM0lffESt-7z18y=Hxm-w1_D=P#?=X`q@)-QN~lxez&KkWAhyC9glx%c&i{ zg2}3WWmy(d5(<z~K!01PhiAx^$ugj7Y56vL{(>ZH(J@7;*4hx@!Dqp`pJwErvw)FE zQ?1#rYclaGm4Xd=Y<iC&;GHV%DoOQaf$SOHq7l0VngQxrtK)ypZU>YMSmzi^zppxX z7a-mHn`$8ExWFipsOGkA@}e$FROZP>7aASrXH-P`hZw3;uwT)TVB63s@93?&%?DYa z4BCj&$f6XAav$7j*R|Cbx3BM}lgn@&>ZV`}S1CJ7KR2+7#C|R`jc_2$<gChbDJg%B zWzND2pEM^Sgc=U2GNzT2%k~)*s{C<<a_`#%!QB27{}7%h)D^-QdZ&2OW4C=uWR~1T z{~a*IK$?bZrQ@Ck1VKVN;mbI&D_cocMrXCLDbtM&=Ysb@YJbx0Yg~`$0}@&TcVs`I zY`tNXxeBVXn<H#ke-NwK^DVB>;@?|M@eV=l9{w!y$6M4a`Q8W%2C-VHcZLvw1TQoa z!NOH&hCu3_*{y0D|Lp?mLowF&+2!GyXRC2op93Nf_o>T(2Glg!?ncEgV)+op)zt7j zCkgr}3s8Xz?NBID_bUR|%sMW7AD(gMs~$Xaa7DcqwqH<>*KI$U+~s`hSZBQ{M6M24 z3VFgadIZTR(V1suEHbk&8`W+qU-|P;e?{<5e!tyFhc?^xXgdP}L1R2>Hd$&o2i;z5 z3zui0GHCY-tNB=ONKq}s2dE>kv>}%N(ap)i5hr2-cGplT;!Zfq5EeKfL_k)T2{2Pb z@om@ZRHT5iE3YiX&v_?_4A0k<HOa+g=v~VTb^)~g_t_2B4VK`q{fYMfvz9~u_gW4u z_CH6q0S^!?;s0H|lv<#YL4LBjCHDdl=lNglw30jEzgyHi?%xgQpURFi24F1yB!a25 z90q{BpF5OXCQ>Ys^jkt_Zba7{I!}j~qe6BMJZ<)C%^8JmCIy9NYP@{T)2WfpLHzlT zBHsmZ|A}u%a}z)H#`nvR*>8y4KOa3Rd((F6)%EWMHlt*j)_}f@E+sI6o>H|P7jqve zTB7;rEfB`}#=A3X64409QAp)!hB=B>vt)uF%BFT?mKb0jnGTGYkUx*RjaLT|&0HY{ z!E^L^o!*Al!a0^qQq12fH2H?Qye0P`>rgkBlQPjd45aQ-s2Z@Mzeh?(Yq(>LPK^aj zR6D%529aJi$t3JEiQu*+C(HTp<SPvzr-=Ur#ClRig2B+eRzRibwJ@5<Vv3TO&Vie_ ziMf~fYCIH7-6Mnk+_roQ^K-ym9xd}U<oeH|xfwAN#MWFH=PS9n#W&nqMFy{O+f@X5 zHtFWCiHi4wJHo0dY(BbO_P?W<A%|_qP9)L%_qM?DLMm6aX_<{ciBw69?R?9aqAw?7 z6Q@44^LgHvG|5<8XSaTna0Qna3>&q%3j4E^7AKksFDNaQll1jb+n((q$Z44**}BJP z0i{|<Hv53!afKir19OJpQcJa%CkyBm!7R~m@=lZOcQ|Ue9rKzaRwcQnmy)TFK(7!b z9`v}BleMtGBx0CvawX3ylQl2B*i>C*&|022ccAa>Q|8*d2;+3w=&uAiS>wOYTitMa z<TbE-LMhPVLhHc9&C;W~Q!w3ADon4b3OVB9mN@bY$GWn~+4End*;Uu47M`I(42Q?B z(_sMfPNib5GDq?cgh@u$!5L{_>S%H>GDg3G_TzAbux3%{Wb}9T_8{LM-46O<c<rx~ zfQA5T397ixG)B}Pl4ivcvJ79IH%tTX_TjDS6^-lE28QGhlQ7D*I18$YkNt$Z%{!9N zz9v|Yvh|?j717@ObX6K|6aDQEXwAB<w&@~!@<Aio`DI-&uI-@jEH^&u7jh+fh{zn0 z0Fs#a5ZdwBFKY4)M`?c_V#=x2M>4%S#Pkf<I?z*;ox^Qf-d_BDiA_889P&1+(?$Pg zo>}cyAj(Fy>;B7{3`&i>zJu=Q0|AJ#;IMX?%`upTiIymr?d#FS*Q3E*42f*TqdWA! zvRbZL4DNAUgL7}RZDTuk#cCtMT8_A*Ga{x~<GC}6h90h^8f^G>BC=QrR9uzaNPOt_ zgT%90HGj~ibD-H`5+`cY=<zN`Eg#RE7>SxN5LNx#jP=0QQ7u2$OUPQOrqH`IGjXSN z^|QIun=p&X=yr7&YR<9a;O`S7gGGc0Rh8#t6>RLaEKRHH1gFE7fiMEekgp=`q@R9! p9b1@cb+l-1*r|V_pZvtyE@6X{U%-dKqw1wnK1nzVU(q}De*jftM>qfg literal 48747 zcmb@NW00WjlBUbHZQFKLmu=g&jV^ZCc9(72wr$(k{?3_i_MDxF*@@Ww`^Nk8ihS<8 zGBXVb7DN$VUmXwupsCLXjG}YxG@e~^jpzrmx`zToIMv6%r_)cl6w8+u-7#>!v8%3_ zPPm&r!am@8h69IoF9AD*j{5hJtt$K9n88NTFSGVktH5;zl-Rz0Ub_1)Q!hkN=Wvr6 z>oF2NChO}%uxD2h0_ec4%kZcNoO#KOw(dKq0gJ>)*Hr`p`2;yv10U+>XNEy$M7A|= zyO1!|7Tfr3V0{j6@{004m?#DXS*d&|BdRZ9xN%6G<sBV)cb>Qkk6OM|q{c%oQ5oYv zmZK%VtOMHnm)a)l$h{Ae5qlD*zRKE!8p>H>J^G%Vuz@f7GK3DGm_0-741@(<C*V%f zD00{DKgOR%--r08R5Xq6JQx^xZz7uI7ephb4<|0>s<w^y6|4YFla=sZN|&9lc4WN1 zLbJgu9DkWy-7<`hpiSroT(9?FzokArk5n!SYGhi-n;?T&>8e~@<t$Tn#*q3;n`lJP z?cw)xZ#E7gA!76LdF$gGrbv<!xat9MJJ|2*=uKvjFfJAd+I?Dc{0ysv{)+KgrJ+hv zS(|#eIaR}^>6L(Bg^;0`$Q&E8$3J@xdQB%iH#SbwhKj(x>8L(ImL(kV)zygU23ArS z5lQmk5?_dSQ$Sy#JKoivu{LDjN{=NN)0e2PPT*h|w=ItwLnWeA*E5$0jllAZ;d{B` zUgniudIdlP1ORN{mNap4vM?b~ayBruHX%?nu{JSqG9i#M@gU$aHZim?u%&hU=Qjas z3nynMx_^G8vvV}#3kTu_K?Z~XAO{8dizy&%U{FYS$V>oGXh;ZfU{F*DC`f2fG$3F= z03bX-Aas8KC`g3ym!(gIX!PCtpYY%AG*oD{Dk^Wl+x!DQC}cT7nV!eAGx2-xnyQt8 z4X0+L8q`U9mVrc?w2w(y+c-9JKO(5?$gmm*#r>v_9$FPh>I2L`(B`dRu9(jJ+5k2k z?-V`l1G*T6h^=O=HY1xNujP733*_kcyb!^p>C(liek!jIVi3OjU-X1qCryKO?Sf6z z=c~N|OD2WZ#hXXy=r!1E=53^EU~iFBj&DoiY|2creHrQWAd9A8=3!ejY2v#+Ib?N5 z*Os2Dvbp1xv5SXUoyE?1FpH)AsMTx{n-UR4XXq}rx_$E`B9{4xr#YAuB?}O_heW)* z#S$)xxCQW|Hd7X^XrP;6Yc5-`|6zE4{l$8=YpL^0rTh}{h>cwIV)m0t^!J!H%R}^@ zhS=SBluMj|cUO^7PkroFDzPECv~l=hTiKEKEEEQ(sqqLSUYhw1n#77{M#3}Ww8oyL z<(-F8GezN`4*3@=B31WG7OaRkjyippdA!cR2EO$Ltzb>p@pE5{u#f+7+gF?I1_IIZ z%+FJbPRbigz?yt9_Wjg4V?0iOWr{wB_4GI*e%>dv6~_3-NSA%<`F3nfesfDq2Td@A zP#f*)(3z`|Sa@FtPc54&cUAb@p*k@KsuANExG;luG+V=P$}eY37rGu7JsaHiC^o$9 z*VT=uD_>}LCE74($y;l|a1b02gg^X%fdVN5e)ax^hkU=03>PKNYl<ZP7YE61lvLK6 z=nwy*AG3$uQbdY(Q|?n}=#Qw->A6z(Xh$sc#Ygay@?5y*OBE9xcwtV1r}vxs(S48U z<wG>3p+xT5wqqvcE=Q^%o3Ok4HiyiwfN*qE#cXp2mj`aTQ~RXQ(Q*F8w7=qgH0Aca zER&)bwfbPRr>XfL??|94w+}&i(VVjUg(b*fyZfr@QTpHjWh2ds$Y|=S)DQCPCRpr+ z5H-gDVw^Zyks2P&V1bPC0WLIk?u)RRb~}oatiKJe+Bs)ZMmqSui%v5lKQA&pcgOnP z%C<nO+~7wivd|*bmV=*3y?&=k`Uc;PTynztM=gvYG_Z|KZ*-H{@CrWAiODjPD%n<d z5FO4*iq&LoS_beezO+j_ZwhMu9u_<}7AIB3?oe5Ez3J^LIJ<P3|LK{6rMVdgF~TI) zWKSJ<iBX<THkfTQFwlwzSQ4l`i_w55h5pIfVC?TnM~>H!>N9%3Vl}5)K>CPTW*z_m z6)-@sBhfQYvqrRw8N^zmJJKkLO~p7}n0iE%k09M+BCwapNR;eDv+P(u;H+=_7KbOD zyo#&tAr5r4AS|RHS`0txfx@=zImioaonOF;Jms}fXSiOa!F>ao*bpTTiBR<_+DTfV zY);xxZ%F|HschqlglpvvsfNSDz=|S4#XcRzZ^2luh<VtOrQDP{$6QIz(*ZDOq)^bE z-=Lf@u`P=zbDubL8r`1fNQ2OPjiO0kkenKWkN%u#dc^h|tVrIo;*7CuH`^L2Ri-to zetc^UOfFU|8H&Z>ggSc{ftEL1nzKv#*363I{G(13yX;IKrujqycvA7HmA>*aoj*u9 z_DtW=<ne7xQIrj7$Gw#z;!MHP4)=n3X_@2*PE{|bS>=6Sul$`m#;b3k?5*Xxow0-W zlI+D|LQPLK6SwoRL@TTFn6qXGYPHqtY(pD)3`0(zK*t@P3KIqac&X@+E==~MUDTPR zNGD{jwIou}O7Q;PkpmMUcU|vWfin+tFjpGAvwuEm9a>)ccLqGY0`=0frW7=%jLCk^ z#_5J+3OG|Lf&1ofU2ivNFNCm^R|vgTD+45B&1A@+9t5?t3Mc0t!SpS*Tg~Q^Tu`i2 zYZN%(H>{Xnj%D0%^HJ7iwKynYUerWGw&^G2v|Z|Wz)Oo$Bs5W|NPPxX3?(;NjbAqq zV-O;wvu13>G3&kQ^l$L3!Wu+&3CU+YraZL|&3RG$BOx6^i>T8C^N!d_zs1TgZTzie z#rko)^Qx_uu$QlK)3sj(mbZavimy;ObWTZ*!h~}J5;WbOja96_3;j=vX|Y2@4WzIV z26g$0bseuk*lmad8q>G-lmpDzWSP8Ey%Oll+!Vrr{&#r*BJuvKJPc0h^bHD4YM8De z0OXh+gZfQs^V95|$SIh6*-Y^17GlohK*nE>;sj%PMjQ{mKA7*zWrri+Ko^XPAO5Ba z#+qc$_A3J?UySe&yG!-s-8Og+Rc@{wyj-WW_7xVIbO96R(e|UKJE%m@A&`w&T+Wd! zzEi5Kh#K7WklzYT!<B~E(J{629NBrzObJL^llkr#4$z*{_%T*&O(SuOtQn&e7@2|! zew_NzD)s2<bAzE(Z6RV?4%9=yIb!loge+?{Jo3xr=@!hHtl7w_Ufb<@D7X>yJFW}d z`)$ieUXa;SBchy{n=#-xtB^nNM3Az*zhBvRLZp|Vk9RL_H=KL-Ai!q<LIC-wd2Ppk z@vJ{Fe-}kmuBen6Fr-`rnt(2F>6J(js;pdRa~t*}HT1Kw`zKudPcRE2WnM@ylYXX~ za?ppC9am-JaDy&;R|YvU0mogznfkY(R3I8BXlVaDO>K62_*qVO21LHWw~2#O)er-t zsHc6E&Q9|b!LpuS7Bx0{ii(;I^7RKJt-D-_VZTY(SoZ8~UI;yFHEj9fQ{oumJJQ+& zU1|fj#Vxh@K;ac^EdEUqm^AFwXK;I;cc9eBI(N|N*d;BH9$+|x*GXCK-uE5E@v+0< ztCl%xqpIvyLC#S4n;;c2yYG(Gs@BjPArD(-z@H1>Qtnp}N^tadwuOr}<CJNCqO7uA z3Fe<D+v8O^nj&d`h|@{KL%uC9A&yr0Zjwss{6bVt&}7m6xONRVs7%H!YU1OfGiUUf zk2-ji6NtvB$_MRsQ5%NaiUH1u)g`+DPJh8%1PXbEn!Vqdgj)_0SUd)ti|tYA7n11V z$AXWF#ickq0`v|YU(uj?3SB$@Znnb3a8c2FfVa|_n-7KP%G@MJhGB6CSVDZBi3}3{ zF^9(mou)|~oN}-psQqfdc%{mw5;ljv>t_G5b-4U}A~wp8@uNyb78h->*r^Bzfl?@c z30ya57{}0pP@tDd=0YjsS-xe=-v0n+ce(7^C0R}uaa}k3F#gQbx}Bz}a6eZRbZm&$ z6mV*vmuc%4?@wtel$7G%{M8fI!$K_+42x`8Dn&{;aQA~Yv|k6j*HDj!8|2`nkuEPl zHX@hWW1y}SL*)2{U&Swu7UjV=YB?$A3L5|$Zf(P<Bp5*s<K;MbI2gL|S6!+2r~1*1 zDBKp$5&43Xi{oaQx#cv;i=QzJafVzgm+0|jIp}2dvo8i&Wgylg2eqaY_j%bsOOACN zEX-hf0L!0Wx+0j5m;@lOVSO}M%%-E$rBXEOpio$3iEwU=h}V2|{j4C;4V0@a;)<{V z9h}hoOrvzCFO)NR)dORA5zR;|Npna5?)v@9o$JT=Fm0kwur$?^lhu3?XJS<8z5j@^ z;Xv#l_<zy_;h!|&RP2uq;}6J?hS*hVI%B|~1fqu6aQKZ{^BD*P4)9kcapjm1p^lwF z5ZZ+QR$uaI*Ao-q))2_!xLtx+@~yIicg9lR(U_GA)2cumbx|~90Kz0UrFl;xe*SP` zXd<hqhO?DY20_oQXt<AW=m1x$=ui~7VyVxKQZQXYWgLfH0T_!Bb6TtxV9d|C$2KED zxrHyzxl_wH7BmwZNmLV+Q|5ERc65K_4NAu(M2Emq3SBfZT60}3J&*n6?31bpJn&>6 zp)@Y7a;Vp!lB0~I5N~yZCcLIa&$begfF`t5xQ0Z((>K8EtX{AVdh>O4i$&qq1FQ!F zp{p}r1=^NGer4Nex7EqEl07R;p~!QRXFEj%EH-CpU#Vm-Fw_9^Y<15(^TW@S2!hjC z`b~nOm7-XbTKIs=+hg{{UkO4}__0KCNVm=itL2Pjm`xf?`g9i}Uj3rkaT%lqR52QM z)lLI3o<wmJ&2FO03qj;XE5pOhSG46LWWMIr{v7z=2m5&skaxsrqwp+@`&5w*$oeW) zca<)lDGo+b>odS_bK(#MZO}Y)Xg)Cv0YY}&kP-}~uxElo16nC$o*;_0%L*ioqed_p z(4G}|1s`wwid6FG>Vh=vOt07`kH}$>dFq%M8XWzmE%%qBOeqNWIFd_3jdAi=b+lY* z58~3y94&|$c?)98%m*T$@7)Mk(S5_8X$GS6FT3KRdC7G10|#h@Hca2Qz#SxfDF055 z!C&OOzjZbWHf|(ot+v^&qfKkol9CSmALN9{A^;?b`9~wSfA^$CEXya7D8H4_q!SmR ztECVq+DNy7jPg+j8Ufg4RSZ|{-=wH`s@>;N0Bf}?A6ZD|f}^Q~WH!l*v~1EysO}u? z&0Nm=+n1w`u#?X@#9*qOv66d+b4_bc7nw&O>Y^B)1hgU>s1vDf^0SzT#=X!eh{tSi zeQ@tkf&%Dcgd}x7DYE+a;1qDGP#<}d8hi`f3X9-$=Lj7<sBG(Pi8j=-lM0CD?T9tc zo6U)6Ck$%}t!q_)RIWtC5$#Dpc)SW2=ayONoh=@qk3NF2`DT>UGn&7F89)>LD#npx zy899s7D4)?TBL+43ylEYv<-cXMuyN~0)U<a6QkB*w*QD!t~3cRVTPZVc+-4>9}J8> z1xw~QGmJwGre!W|Rq-1!pu)Dh4Xn2zfD~mc%?la#0FbYKel?4zNQqFwLf8fBH_j4& z?Xe`V8?X#uSa+2RED)qVVKfbaH!czVt~a)4YBmUe1V$3_GfeG9X7Qb}WVr*sk|vw7 zP~Re5;(n9UG$ruKE7{T=viz2O#-JmMQd_#J&utJ4=ahDB3ILB4z@oOxGxzXPMJM@0 z(3{=A$C%;XPKrgXLGEz7k~;NW&(p;A_)1`Sg+=F{shVT{$Xo8z5cQjc3hOSwf0FG} zU&eo-Nm{xwL*`Fol)SRSsa-66zJC07a+v=j$N$vzR#HAf{B(@}w1b^UaSZ3x`2Qe> zbr}AO(Sxsc_eY`@4@QcEe?ZZ2q5@^1+v?3sUmm>@Wf=)5x_Eu@x~Jzlz~VX6TFBv> zJX0@tABxFHdzKKcXLunXdABfZ86qQX;?jco3CL`~74fL+%pvA0uSaQe$&wd(u%oP` zMM<sF)qJ^z&1vTSXCKIo>vdUwXy75QFah(Vq08#$G7>Qx($iMxjkf|v#?V~aGL;Eh zP96~;^_#nZ76rWtn|-5{B2|x2zuND)D6TSKejY}2>7}=#^ekB`g)&dzYhsQnK!KQ5 zPw5WB?em(*9X`8#c#C_cZ8pbd?042x`l6TOB1w%ZpQVkl=Oh^34;%GMS{n4+1vu=y zh?n)rB*22Y2hH09LRE&i2Iaj5-)6P4ey3(Sr(MvphLN_-_Yz)wfl&uLlaN`Jox2CB z;$uS8pL>RGp-(r!Se?+=&7dsh<%nU#wJ|w2OvZdcV)0w&^qc{D6ZpYB7sOBqfy1zf zAhZ1>7+C_~N~FA%gO<o+wmmIO`%9;*pojC_>fG%-owEm5z6#dWZVdoe;!YSws_Vh` zAI?4bEtRjiEM(#rJql<JGjwX=7Gy_|hbUyQ`BYQeh`6CMO-PrJoqYkw$ua%fG9XQ+ zDP2bVE?H!0v#;$4Q6wea18OKDHb<xZx<1To$uY~v%rJ$wMQ7vGa`GeM3Y6`#4Wc6d zuqy<Djz;Ddt|kP6F3xr~2F?~n1WFcWwidQ#|8OuA9Q2m|5HyqoJf_a}HU>`4CXNFC z=3w~#;b18Kyn27a(0@7@uzxrhATU%2AV?@^kiRU<|CTU+KYn!S@ZV0(DN*H?boe_1 zSHsmudiJLabnf6J(Oos&F7Df!#xX!P8SjIyu-MXKG*PoWJ1pGiNRdUEtIt2;9-;AA zMXCyZ%=l3g_HUccY1idjM|JiibnC0P-!t*$sB|k_F{*x-#qNT>NHn+%Y&sG;wAgj^ zr2~sLsAtwW<wOvu&hJc2^%62k+E}h2kO~J=06i@aGeqqY>h;h-XEfw8pR#v6F4RPU zn)kN(w*TBn@qmeSyj%<q3-LCK5f*P+V1q!mvO;I<WAAQ}MD+RA#^@8Cyu+r!*F$l` z`%R#EVv}wNKq3bU>6RUvtbQtroN+ud)NFls@!BcG<63~q87v|)>#!WKzM~o~N?#`q ztjXx*1y!nTJw?*j2|_(DvH9**UO7eI2|R=q1ws!S;e|Lu&>nGPm;Dr31hl@b-H&|A zG)AmnF;vCYKvR8ZTN87Vq$U$dL9MO1b)~MXd_~03pT%pfZfu=)R$*x2O4+Wn&;G*9 zz0^^;G}5yfG^st2s=eamvW*;F{r&DDc>r&{ZbNr<xkWgXb=j;g=JDwoOQ~+4+Byqb ze#XQtky0*7mQSg-X(fEYCe0RsqN1p|cLAjgt@plAt@3W(ZIvr9Q06n`;7a(mo`#Fj zTLiGN4^!*v44QMb5s?WFgll)1xyJ)xT>^*YlPTL3yixtHU6x%r?_b#{QoPboG+srC z*c|?gbHO;)%I)e4iicO=(%7#qqaYU;wB0j)WggO9f>z31fzUX$=c+h-of+poRwQc0 zDJKkffI^e~3E#=*2-LA4gav{06>LTm)9RC_oDuoc%5^+^PA?4lcGxq^n)|VOrRGAR zbS4BQYTfsz1;(-CCr-$)Go|#_H2O~&jw&3j-*Vy{vjU}$EuU1gUZIteAar?SEW5pn zIr2)7&1VK2i7Y4|pzjK2t1(E+h#j?Zozv~-y5q`?4x6Z|Nqs3(z+4n_oxOK{E#P{A zlFGl^LV+K)rR;_%1vs!=1MUUtJBAXu;f<VCEcAR3zKs0(iE#2%DS>CdBCZ2=m-Mw? z8<F-lDNH`3kqozjN+4bzM|cwUf_z6=wlpUO$^ux)e7QW|;pi>(f8fD{t`fMGRR&lB zC|8RM0Ew4D`k2ACMVzP)>BVmd48se01oKPPwnW4Fk!Tcsr6a8kTNC3>=e9tOH5Pih z2h;eu;HFcN1E;s?SX{YMAEw8B!<Z%om%!_=Aw#~)7%mQZLEi*4_HJ|t%h1Rf>2lUO z!~%(qaZxs=-4r~#L6s6cqnYn8FN{f<6D*d^ea(C1x&|1C-;%kBsGxLum1e5V9h1R) z){!c+T$0?1wXzl7dHLy+r#UGW4EaG0Kl@MAkP>X1QaKCA!_A6cY0S(2;{M(T`6nJw z|8R76)wX}(@%O8?w2lDapDaD!13|EhN`3t+XPkXO8x{}&T^Pr@K4YHKVbS)|TOg2y zyVo*>!R0G&@D@N+#QF!CR8eMG?v&7cO<)x={Xyjy=VGy3*h`%~kd2D$;oOB<?|^7` zd15I|UwJlOWlED0(X(*b9;RkVc$)5{E%0+q|L~r<gPxQzn(O<`u(@0+9%!%wXN1|| zzD{w-b!jQ<Trib}yga1=7d}U{h14rgi-^>$*LmU{Wo!?m+-F*=B7}(mLc|opx{*0O zZK53DNwNlKD#+T<y0~`TFGLrnU=GWx;<pxGETkZZPCR_GMgQQ&a^^^1F7P@a0$RqJ zmW0xVibw&>3@^lSeJRs&yn*&HWNGNqmTzTdxicgC{_XpoQbb_2*AzEp-j?3U#_1d} ziyU1?b9fEruaniV&Z3Tpf^uUbOMKyPCRq6uRrVFOa2z)dXG6LPK-t6_?6r0+N{M=> zNREKm_?slZvS1cMp+J5QTyfjoFL6r9OpJwgi`Qn8`nL0U!)SX<@cD;GR=ez5;R+6R z-|;`ryZG2Nowbe_?0AYr^F-dsz_I?w8s$W^X=M!N`)$=#&e*G)e1l>|iISqqJ_N7R zAYDE1!jm%x`SE;W?au!N^x`Txl3ImifiZiq<##lh^V9tuzBl#qcI$k^mY`{CQh<z7 z*a8z3S|R1uzg7>2-ORu6_`A^}4TJx-H=H^Ba6B_=NUA@bp|$4;USBv5j8rBfcY-$? zSa~NA5?-Jw4|a3$D8b^Tl)n)tjq6}J9zX@`Bs7>phktQ~MKfy*NMOJ;-(ZuTzea-$ zlJpNucrGDd84x`_q|e(}VVwZOY%DGt5;wo$lcsvTTJLO#J~R6T@>^pLI)=ayU-vC? zWq5~?YH+~<xBu(j=yad@)SJ95cn!KjcfYG83)|+hIy)@t<^GI5)!i4n>fv&%ty(`K z?J`Z7F#Egk8j+$1F|U)BO$n_{DH6}Se|;26sfYr0yt%p`_z90sVI63&tz^g(ah_t) z|ByicB3O&eX%>PBhLU2SLP1LLz-mkNx5Ajs3&1#+z>l;z8mjO|egc}z>YN6IYrWPs zQlPY86#O?`K|ot%$^07PA`LsD1bJsQm&8ZmK0vw!u(z(KRNs9)l2h{AY(8HxN+LP| zkU_1<jCUCC#2|t2q8J@`*zr|osB+w6Q5MRae>!d@jVhCg5gdxvgL32ED<^!QmbH zCn5Whi3)iu+Q&@JNXuj6l-rF$uJneHm6y6tQ;6<{7kaa3gZP&Ho2KQis*T58ktx&# z32#H0V*+><m$-BD(J%+5a8CA=BpooQ0Sk9+_ZHfF?2Xy9wJgUDWuR9zGVEZqhI0T8 zh&6p9X5z|FIglxW8O}a`^0CxE3_t6ibmDx+36ACD?D!|zkYSlSJKJ;7)0^3w(U}?8 z+M1Y}{uwOM+uK=N7<te+yF2T-GSV^sMbqES*Dp~7fS6ws)(((tUcbCU=<7B*epaV) zyS<^3?QQ4*zcPlf-w?2_#w~;a%K2b<O4fl4@n{u9Z>DvaexVm|EG|3QT?T*4`+D;q z;bF?N(-7c@XIm@f16B33))LFxBh+C_BNJ8siTkr}kK3`~w)6?~M#cK)3SH=OenWxh z;0S9JCU#ZnH5o8@(8#OmC?J@dgURFIE_|)@@>(lS8D?e49mUs{#NmvN2en$=h|}T0 zl?6ywL@#}<?@-nl2J|VdG;$-Tb6-nq_1o2eItABcanaEt@iaFTrd5YISLsrd9Mx2Y z3t}HuFmF?bkuBaZQOO!wBr|ch#EN_<K(~cx{W3^RmUIdS3vvY&0!BZFp^#?Z*Rt>+ zLVwKCp}|s}X!tT&1*6-PtW2NJ$onkeV;W{=L9*~^t6I^EU_kUnRUTE~77tp;YDjRm zWnMT0uq1ycD9FGSb=YHwrLS(Mnxk}^&@_)2QFo8x?<(<!CjlE+QG<U{y^_d#<Oi?& z^Tx7A?};pW-kT=}OZ8Gx=-T_Bx2Rk5_Ht~5AE_->YfD{+z;}>A8E0xMXHmD!BI;il zb-?Gk&z^!NH`31KE)-=OM^6{!4J^-lY+Vyd>`KQK_LV5^CYTf>MkO}UoRQj`h^v<o zjv0>L`_9#EHJCPNjtXZH5sr@P4eU?g>;BXDl>`1Ueltk4B?u0!&8@jL2{L)rf;(ip zl^*FFnX*5J)#X|VV$ZGx8f_bYk=TQ+tCqz$4McSd-DQz+1FN(%(!#-@Pt_^sy|-g9 zO36A8I;yR)m#MBFezCK=XszzZ;6z$yT$OLPIMU4sF1kwcN9nVWM^KQk7*p^ZL-;YJ zN+EaXYhc7?)hFHpr<{zMJGBOoxms*klE!M`Z4W~}Xa$?j#>O(hGJOCwOLYb%DpZ*A z<MtYbFd`d7bE}QV%!r!07mBYZAW;oOq9uogj-PU&RuXUQrqJtMs@Z{MA4gjFAR%_A z2(3L^duNCSx80b(F{cTvS)nrQ`P%OFvVLb{G*nEGFwxcpN$~X!0XTDNzJ#^<zc2N8 zgf7r;o|Ns@so6xs+~zT*MNkgQt18@K>l%o0CQai6RI31Oi!`=pgR_@0q40IzXkd4p zH*jEr5ueOC$6U#-kl74}V*@5Q0k$}ti+^eoiH0S3yuNj4eNWWV-VA|ru*ORW80a-X z)Z+43mn~J%0^fIDlovCMT)|SYrSqj|K`w~A;BSl%J6dTd>>4;wXcvNbGauziT?F;h z7q#YrQa8z06oHV#(-1to`f^)aeTf!b_th@c(ZoRH%`S`yk2n#p`@Vd*VoURG<KGMQ z=h}Mzct;fF!oc=>-c}>sli2@3V|ywMNc>-o-*317i?_+LiLn|{8wGpaf&Z2->BON4 z>C%!F(0IJ~*smlsu$HW+n!8&^Tflm{o<>9K^zSNC@ul-JAm3CEJIJ>Y+JI-EIhE1_ z-5F^Fx4n9Q4&HmP8c`UyJ_)w%?09k<9m0ogk|-K_@Meq#r8{0$kI~B)wcExsi01z^ zL#wh(aE8dZR+1$p%@r+{H&Mi#R?!4d>koaYlrWcRwDX4I{pG6|?04ia|C<5}oH||W z$#_7)%-7_Stg%s_F%{_?V=^<(DN_Y{$C@sI4QEM{+#Q*dEVmDx41>ClO#j3z-%`_` zXiiyA8~D$3vS;C{8ezWgr@rE89sw-sn++7tzNN8?upUak`dwM0`Mwv~=i4VLkdcA^ zc-N77D3R|QAkOR!2YDz}FQDh9%61Yh!5nfQJg{^Ls`<<5?JkgMQQ9pbSfNHUM|VfS zmzKB}BUz2?NoTc3(ukpNsE{=4>Cww;TQCs8%A=bDbpwh*B+Z_?WRqI^Lz=OzwN}o| z{l~^+XncEpOS$MKt1iTJG;v&ko1t|chTsG2tVMKlds2!DKh^I((=X*y#;jPd_Um!Z z3KUqyT{v8A*^RfsU20-Notxt-`o<QApQgH2rB!3tH;4d;<K}^OK!&@g0cfjOS9YBd z5WC=jRbiI2C4fQskw-Xc7%J?z;{r-KIp4k3yS`n>x6C2KB&1>g=52nP{6)@x<BI<# z$5;aapolGM%=RJs@O)R{pcGZI=bPS)A1Eouau$t?6R!%N^sWhFEzKmEdw)r=EK47O zz8?jl0lY({NJdgX-s|I@Un*0tn9#*d`KvKQf-t54hM}bJaK9jS+7wx#xe{y;wiWR- zzQkU-d9r~Qtvez(8Ch`v85QL`79sTxB&cn2U0@5Rp|Z4kh`+xde&W`}A?!_4)^}g@ z+KmX!bca=9>VP&>D5z=i!xvUO>)5lcO5-FK^}x{<uSd<V`_}555Z$*S=Ad1jZ71AA z?mXUrM)){Uo8e4EK{KHE^Uc%^UunhtwtJoK&?mC~J%v*XyNrNq+QQ#2g)KAKM<BYb z4d~wTt03$G6zt*{X3r+vp|Xv#X9}8N+W^N7j|OV>3VeVk^u|3+Qc`aCOL-qb?7Om_ zVT8l+7u%Lks}Y@)XZgk*9u{HRG%gLI^CV7613vq*ZgsZ%0_ZEYjwn#X5e&>o>o3DE z5p2VskGm?|<nVsh-f^XtsZayRS7?E0Iznm+u&sW@6E50$kgDkXAfn5X1=XHq7)ooO zGoHPBcg<0NJNRg_VCw>PB@IyCVr~W^t3W^(czW0|{iFvzzO%wh(c>E{si8SM0z~t| zglluvxeo`qYpOe<3W_c~(UjJpgQEZ_E4+T2Wer`EZ<DiAkrN=y$4B!0Ao)pHp#M&e z)L-QMH^%Qj$uU6y==*xx#9FgZ60ii2xy}DQh-=@R2!OJa_7$@l<UjeloCEe%q2CwH zi3EzsVKVXYjMBSEow*us6kxlqbz_T-Qu~^*E)&()d4;XgTgBkv*c{3t9UYmbvrq~& zeO`<W0#*6zbD@<d{UL{optMm5FZvw$S(NGNm!aa6Q&Kix9+z+<u^I4wd*lzT{&u}d z^f15?KgdNg<VR*$0Fv9lTe0}>1G91`Gy7f=x>RQMr_XH1DJ!M=)_8#rKFv%0!a@0M z<QVuqSP`gLibA?W6RV6Hs}&K)eb>5QFE=c?VgfMYW9vBVv?0qsM8ZGA(e!)^O-m(g zvE9@8#Y|MY^LAMGshT1brh{azT$@O>&>z{#;b2BC`~?e`@_b*tM8X6e66zuP&k-z@ zAjI^@;*>>LvkZF0D5(^U;PlAIe3r;{tFe_BB?q|bMFB5bNM{Lg(dMIHGEkEq3Keu2 zP^k2GrBv@ohK@EKA%NCBvx*u50i{33iD#|+E-T_t8sl_?L9*UtfR}xmv2SLwWvPvE z7BtUk=aLY-yHHL6jDJ)`<5LzD4P;8Iw$*MFj*D*mn&l_lnRe1T&0unqFR>|uhlzL4 zgsV=HpE^@@M@SnEgVM`UusEs>M<qlSX|Y1>OEiaXUYG>^Qd{T3(c~8`q1C@k#I_@d zC$wgJ)@_jc596m~V&vjz;q3AMRsEF%{?F9k-$YUtA^;@UJh{o3sk#I;20BDm0vqRG z;5a)d<3>Ylfh+0?(7S{pH9uFhH2QPFER;wvaPpra?ILLA+;^Z}A9CV%v{&?2X|Vu( z_s%inAx~oyjK7SM9Ia<lTP!bxd<I?+Dh}{n(E3A-!W!qP@0BB5%7s|bVk`diO0X2Y z&lV;`O@X%4pEn~JsXbCPMBFIbyduv-k99LP$Y<3azbM1ENOy1G|7?~$BAaZ8>$<uL z^iJa$_jgXBS<IKRz6hcdsqx;DT}F*0<>4<ISBzyPV%3cQ)CrfD6}C#5ifmp~Vn);q zq*!5ustI=?eiM=be=)wqc<bZB9t$o}DJjwoc-lj6axierO=0f)wHZ?Z4SSp6q@Qr` z`<&Vi`G7bOD71rSELgt*U=CIGftW|e#89RvP)~O%#<tM^h*f^(Ym>^V6U~=|NofA- zD-3A9S<zu@!-N*b>JeX4fH(z{)%Kym1Ug+`4Wm(DN!9{==Qo{3B<O}9WY`fSd>R9d zxWGyzmc*Z$P9a;|#q&#ET^6V7!&KL!(4I<eo|*P`e$6h{Y!MOVfD+dP!fA+3>=JhA z+jzSdhvL_T8E)~o<mgih^$!W^xE+I^`t@JGf;@C(f5kK&j_76;b~ja6<D5n?9wIL; z2Z9gJ%ctGB*x2i-YV2ME6PXGAP?yC@;EjCx*XG@>+~r@@pZA~PR&+?4lhkKg|ASX# zIO|U{)P|nC9L%>4`QL0iaz>@Nm2OgiYBr<Ua+nH~t@eWEfDT-F&}_@IU?1I`yi(3T z{YiH@88p{G6_|v9N-ypu^$wPG&#dQI-vws-2)owJ78tAg==&)wau}b%M5;bXZjuzy z1T|kx`v}b63%?_Jobp=1+?5wqx@!?8bUy7cQTq5{nb3spby-vTKlfBK-;bN(d$|Vq zo7p!Owz_+vVm{PSoI#YCV_weK;MPfP_61f>Mx@lee|*&N+7Bixx-1&`VmWZojJMi4 zAU7D6yb@f0PJ90zsqGF@>r#gfs=!1h3v=3e`=s9X(>n2@kBhebd}3FXGu38;jVjnl zg-v2|Qlc3K*-C`I@%;g=u9*M)ut3_!rhet$T&B-}>J?z9l-C+JCYnu>BlPi`gU)I6 z%CS?Yq&po;MMzOX!LKhkKR2Jy$a2yj!xN@n%N+;LTo705Ten|^S=okDv)s=oiZ<-i zmN;YrOi;e@a!6*5%K)w5HbaZpr)Q^G#g2~?&sXx%Ro_wN<Jq`)CPRZ%gO6b|okZN$ zSiAj-d-bI8iQ85%>&vK|y*XRS9j^ETR8Y#dkUbQAZ0({?40K6^e>B1aSUoN3eAMn& z_^(YFu}uNZK|5yttg$q(wsO1=jn@$w8}kn_a6F0$o%?@RfAasT{%m#OzqO!t=Kw>L zuYEGza`Xv9qk9gayp>>?u;Jf$-aie*Od|tjykjaA;cjw#$19||WC~YINvF8-0G>*+ z9T9MT;z;bICaA7f*jq3n{oMK5QYs;!Z2yWd#rzC!u?h2u+AY8_C7#fug3S6o`Jo9y zW<cwmG&%Y`)4I{2U+SO3{|Uwu<|ljk<AQ8)7=q|kM;=ydo|iRJ)g_u%J+e^A0qBt= zUy}T=B*JUp@%mS*GZ1c<j<XX>V#md_6WUZQ@C>D~0>+~f*}L~DlVV(FxECQo`GQmg zpS7b0g%`4lQXb82*%B!G;`GhrZ@gm6G>Jt8)=|ujgDeUfKoHkEh!XG$wd<CE%P{_L zl}P>>AeYoT@EbaH_qw)TdVrjxN=`5VDG&^8PZ136w)ys+L<ZR-IkY;@=EFQXO{B$y zm*CEPp^Vc$6^I&fq9^?IwvDc%*J`Vw4J$)!&WSO%DB5*X9xuvX0nnzJN|)8w+AR*} z`@k3DKE-@5*iN4t*#U{ESTxI@?9%rVW;=okETm&*lXz4TJ5X0Vrj?MRT?@$qjt*t$ z<N2r#Xxzy&E`{#LzRnVU{5U1-%QY7O4KC1aG_bD{S+i(O4By{vsH2$8?qCEkI5hcI zI(@VxFN+9CJ<pcAY7AGK8TcWuM!QHnqWAf#h~vexv-8+W8&dyTJsft8|5g1l{f7Ud z@4?4gx6x%AmR!<%>xOA<H=ixSmmSzy*z~rH)9AO@Ee1B2I{ZfJb*-9nh0?tl<6Ddn zsX{#WtUc3MJ>}vHq!(tbR<RhAq^_BCz{`|dk;Sm@vkgPG%Pz8nW9}t>FCp<(D|Wtj z<(|Cz;vnRnDf4zOZ?BZjeAFUy)t5^Mm_Ff2^vAj&Kk!I<5O*QbFj(Z8qRifh7z*W$ zmEOqg@y70sB@G$z+*7(zXaAAjI$HGrB_QCLK!i&G?4lBJ8$4-uIMp-O$>onUaSPbg zhEl)l-v?|ye};nA$$pb$g2brM3_(z8mxgWZ-A|%)CNx7po1>77!AYcdE6e>$qxEK- zC_=3B-4L9@Lc}P#gO@_IflVoW@zw|gp^8yk@{K|OL8=2UrQRcP0+3oFK$oI|6;5$- zOsyl5v8q62u_OjjQOHUZ#Nox942zRemPS|#zPpN8KNG(L0pzA#sRunZX(c4EX%k!4 z`hz&IS~fKMlk;Z;*51mBRHq2mJY2n809`9G-aQA&Co2VfCHsIib&X3`wQ_e?eZr5Y zhH7+lPY-*|^ZZ}-Aj(0u5Z_;mlzz`*Y|b1|@?p;}uz@nfP^9~gw^e63LK8Anp(e0m zGQEB?hAK~5J!z@dL8nQzPwP<<{WTZsL4*)u2_gGINjx7TCaS#H3W!I2|E~Vj{~y$! zj34~BLglCquvtv_F0P6VY{7NMOm<$;-Dx~C+;9pwVB<R2o!^qfJWZ`E3{iiX-_)xn zR?(^Yz2ZZ=_h~YpSUrevN{7=DTd~GH$kT*Ve`3m>Pal3>Q<XG#{99vB<+~=Lzq0z< zpy;jdB^Tu2M0v(bP^#Zt>@Q)wR41u7Dt@RcZB}!Aa7h%BA?W-vp&wINBFSy|TE*X= z$gB0IzH;Rl!I1I{&m(8v{NrN^o#`VI?!z#7$qX8e+)WMjR&+$VInC|-fcdrWREIaI zcpSV4iCTAgP{$#|9S1}XR-rba4pLap8|Gc?M1-_*pVOC#UWQ-3s$G5uU;Q<olx74} zQ5N6d>|!=DbA2pj+2i*@l@UitTY}rrHqS&zkv$BI-;nqyqGw~J9$f6@G@G`%efGZ^ zg|pwh@y5Fqb@1kSqOLdk!0%vhnJ19`tYG){$<0nKqj2BRa(?j8d>prU$ok*=#r?1s zee*xgO2F40f(wVanWJAq_BW#by`LGl>q$TOGTDyDsTskIJc^H#Oichd7rDJ4qusZ! zuw0N@?uTOv2ar;pd{4-9oDc#!Iy|-gDJykp#76|)fl{!3lOO``ufi)CQ;=4)T*P_E z)Z}tF70N^`AwYsfVeJ1>5l|=Gk(M+)+nE02=#XleFz1seI?zsSYbE~8DqD{C?JxDG zK@h(ANBvC`Fz5}2v0BX`8pXK5Tfnao77^@t<CB{2jS;n2g}OC36x2I_0DiR7yC6?N z8cN;<+v3Kl9o^DEU8?<b>;EiIYT|J3&g9M0W4TPK{oumYCZZGp%=t3hu}|MD!b^Dl zg}Y`X&FZVTsEJ;PcYt2_XYpjDT3^2vB~q`tK-!H8b69MPgq!TS+TZbp{uqtKVrUw4 z6c0LkuC=x$an@g<1t9A>^<8LcwGhmi-MjyO9w|XQM_koxZolwNvVS1Bw@ipbt=pUP zT9O-WguzN7e!|2Cs)g#)iRe`|r<o@n;5z|Cw`$O>`+GF&5}h3zV)#KoY-F}|<~Z9Z zBi}(m5N*t}m{6OmPpM#(3ci{%FIp&g48H@g%~zC0>l4sPy{;gf`?1l@grrWMX^kdM zTi2$bAge!+WDy;ZA1a;6zC(#ky6LB)Q5E@nf=LbG1aR*-z^EzH#19>htjul+#<PJ< zb_iPws-aGWY8teKFSGmbaV7I~=s4*E1cul2`Z%w}+AdYd9+z|T*0o}tAxmJRaBJ5x zC%dbj4ZbmD?6H+@v_Kzw^#jilVkc)FBB{w>5pCLAyF9{0zn|Vw-U*w5q3(hrXPZ{a zZM}LlMGnp4%mOp9j``8kN|Y_*RTG+bmKQsg;;t9PO3se_V1BC0IHA`h%i%QV%Bl(f zyjv0byP5j0cPkW}^nb<-CeB9Yf0icxxhnBLx?%Z?um5bK{=Q*>f`s@lH!Roi98_3d zCIB(K@LxoAsk!eC-FslZF-QxO;_`b4VKYUh&a#G{l}eD3YsHMU4<oHZ3$EEtr{QLW z50U$7+_^ijf;aS2IDm0wQI}$dwZ^)5mRv?1E@%h|LH-w8v@BHcEtS!<?HK->V-rvv z5Xy?f1SZUtsHUF)aFGl!P!#%UQov_wH`e52pW$A1Dpuo_JU~&#Y3CgYL9ThuPS)b< zues`}Ei@?cYI<Vog?qSP-Kk)Tw8Bi6)J<A<!pT7w^m&Cd<sbS#v`f=7rYT|o3Fy&Q z@hp##fxAb8Cm6^+uhr%%C0D}(Am5fuVB$Nk!hAigI*5LI04qycX7VKy3r}@N{g@a@ zPYkyadlaSYd%_QV1>Kwz7A%NhXrKMD^)A9K=pn}upo!hSbayxIS$#2wEHj4=z7aH_ zujPXCkyQmrh4d?+)F%@Z6=TJ%p#?Dh#pF023i^7cMIyBc`>Xh2z+bG%!ZjDCd_ooK zy8%J!P*4qRS444zaH)pVGL+8hP-Vr>{}CZMn##J7;*H0%6{>s)1P#zNSM3xND<zlY z?j6I$ecUIwAhDv7PZ*pfN01cH<yb6_*Rz5UQz;ibMX?}@QN|GW{fVrlAVVB~K43mM zh?&9X!~A%E^?3=hRc45E#W_Ksug>V=%a78ODWf;Z9Eze?&<0=|RFA|_;B2j-iOBn3 zQjiAe8~<M^h!M~q6cY3RCXNFEV1FyFU;4!2H3e<2ed&5(<%q6JzrFDJcO>U4bG7uq z+?Ta><z6b2Kj=xO;sp2C(M<g9>rG<PjbQ}rZ?3>GlF?D^cMZdLd&~ovT{5wAqG4nf z)n3f;_|~3Fi6gMmRoAC>YJHi^cd%x(1XC-s9Q|ZA0kFG_q^$<lWWcQ)oAtCng<j|h zeGt!VN6TfXWR5^!8vKmnVD4FQM?XYMPI?+lofhIdCo1Wf(VxOMPf!9N1#TV05HW+Q z>TCfX2&$@QfG{2VrHJKQ*`E`vX>u4?iE?1Ak{KOq$DU7X!1qmQO6QI5ny{#e5_DD{ zz-YFK595n?ve@^5RsvDAu(#i06v91sm~*C6cL;j*IC^3YlY4(2DlRTg<ggw<jkT@D z)EKf^X7t0OCHO8AIb?VVXM+MNQyIKg2)*rZj%XZBZ!KBP^jEg>^f2xrj%8VWM!C?; z1%Zn0R|+D+vc8NX#Y3y^Zb;Z_%5iJli0=eHz$5OGP90Nqw=o;7!XKrByE~oHy(%Zr zZCLNs*n`+KYP9Y`Lzc1y#kw_}sDZa&f=M5xs&_`vpQXO~!8RmZF8~o5Xe2+QDK+zC zFL*6&vP<<x7>5v@@8mq-iPV3C*tsNYs;{}0&G>2DOiy^CW!^-%lOGW$$KID@O;F{I zCxs`=9x{R#1(|@0r~NA)<Y@1I;W79hHw-bo@ZZ|4m;mAa&h-2iyP`PRdUhGr6y~lu z^@Bp<0vxa}HDX=*(hPBv7+mT3m8*tDy8uxW8R}t2xa>b8>7dYkWmeu1K}=2V@`NBO z1t>wH^s7j_)2ub(jXUb@u*M)g-=TB`c&POPS2}%xmXHxPW~KzOLM&Bv5}mK-x{6v( zsYsr)GQ%d9g{Itooso}|teVxCk&r&o-$%(q%#_Xys>)-es^NPABCeUNR4@d=4>XGH zE99z1p(f_HH`wJ`W*bI&oWc;tt7VCghe8`qoJ8!@j4L{RPFY%etq9vh-DIKwI_N9} zZb2BILm^vGbM&&*DAT?4@C=a%lXhp=@<dYHB^7B`!QxSeos<Wp4L2m5tpwF%IVsae z`ux5C(#3lUhTSb>3jmLSK<pzul7p7t!dTO_;Jus$zJgb&Fav^IFGdW!BCnxQzcEP7 z^+Iah|5}7Rg;Du4*NJY(f~nsg!NL62eNG8|D;9mNkps;Ako8Iq88UUYY$}}(XcLl{ z3z=^&YLW5+JY$Uq^RC?{k9+duwa;<uEW>k+10Lam`*X)x0jag)lEiJ@XmWJbdupcI z5%d-+K{Qw|t4L3njKhsw${~!Hsn7wcNiq3SnvJQUraqSlR5sX0AsBK+%?bEqaZ|6b z!%|uYl3mSg{Ql;ecmBSOvve`zXS4T@SVPPp`zO|<HxAt+&tef2kcHDurH!5BB`Xt0 zh&H5vmJkbae4cfqf|M^D>^iO72q40k*^gUJIO){&g>s@yO!m45Zel63cua=G)LUM9 zm(Row4<gPR38NZQ0fPmJ>!K+s1Slh;1#ajO10Z1OopE)iOK3?zIlxK7uY@N|_J2?U zw><^rfg23tS!GaH*SZ{5MGrG<@_OjyW|T-cVaj_-5al(<pK-IiGV&Ok<6PEZJT$@@ z)@`1E4cR{4@L&;|Wxtt?R*ogi#)<9uS`^4jsPcEnj0Nw88?%4B{FWa1v}a@?aqTg2 zJ?)9TQw<IRY~HFrec2rPPz!fNLq@xMpWxQfFYe`4ODDrE6gfS!QIR<k6;%GwE3mXo zwb%B^yeGKFcU#)?Xm&`fXEG&yxIXv(v!6G=_2Bw~wtfET=j9fnIB^uFp&~~`|2T^U zbMGNE3=~UApEu^*F;&bZcUFisuS^Z~geP#DClqWv#OuC|AF)E`YCq+}7#)(vaPnhy zq*etkX4wR0dl#K;e$JTWvsZhnT>lO<iGudyNJl=)wJNC788*p@W6_uncO_1VffN`o zG$F(CLENOv9nNc9o3k=42PRH^`siGnr*tpprTXtB<KXs_oZmZKNJ@3#^y>{kQt%M8 z4e%IxmZS#qK0giQf`M9JW6ae73lp-u{$rvk`{#xM3V;KR5M+0nVDtN+CEK4&{dT7o zBk{@dA{7)!gP39T|1xy=`{zI>_%C*xyX?g%=BID>AUroVNi(W;rs!&aZKdN5faD-r zx=S>vH4qub@Aq$CZ>OWUC?P$Cd6qIABg2enGNCU3jE)>4Ov^1dAkumhCaut|AQmaM z$4FBXK<gG3jlvP(IgQ@Rxc;{`GfCaK<@Nmt^yGBwS$%%a*kqj$*|iqgsj%2K&8$>+ z2A95`^%=9`T=hkKewv;O@4I8Ns~)rx7)U6ysDL>9Vh42NNd<C~U!o&ir#6Ut^g|ow zH9EF)oek-5To(C3#hn0bBz|0M1%{!aCX=6j)ESa3;-k=odo_D?b>?oB6XY8{ZLv5H zK4;UN^3j=;Do*`_XImOVQ_F3?wlMZhHk%>P6}o%(MG7fUOHgt!tt>Zf-ao=2gq`$$ zr`!Wr&pirBnqJyad5vEJQit9}F$KEPM1(5u0Xehs#oQ7QmhY0aX@*&@vM1~Dp(bIj z3GRgTRzW2ces3zzSZ|nJiq}0J^H|_F>h~ssFm@++aZxKR(azaOsACoMlL&@JI6(5( z0mh@ecuR`hT~N+NRqqIV!$PMF!dhxJSen6gTh_ubGr6D|7-<L$@X^FgXE{5zjXg8( z=IvP}X=#&<F-!fN#fXYGv;Edm(R#vBQR6ho*NG;~=4Blc+}@t%6snT_Vc~)@x{x%M zXs-o$S}6o^Tg%EM{}U)2=zj{-e{=EhH&B(K@ZWlsL2s1knKbjvG;!G{J$?&pXGF&? zU(%ajjI#x9E%5v}$&;PzGQ)L31A8pnppO0_5^=;?=?oMlMt2QcO;Q&4T^~jet`1(@ zffW~@4IA0~P{*b^(D$2Yck32HB2;dg6RvQ1`bCo}hZIN7JWfcH+dcWt;6rfC6d9wU zk$zycKVA}QE#lDiT(uaYK5%VPW5<aqsJ?NWhRn;RIs`Q<M~M+1`MHK{ta^~e@j>Et z`aeT)uHXUeq+)hZahw*vHw<)^20u!VDFrLtR;_DRbv4yEY4=$oaZ8mRsLk*;UI<j* zb=iJ_V;&E_3Ej?9U_zuu-)#v4$)EEnbVz1uA%ddYGPI8rIjZQMqHaRZ=3HBa1y2)> z@1ck9p%=Nb!bh{UPjFOLoT};h541b^Gq+Q_izfz8V2HIJDyceQLSRI6W+>1nE#D{q zfZ>Ea*SELYbvsku<3Nq}7>FGcsN?ueo+Cb1Nde3y!&4$VIi(ZNyJ|66$!{xDbw*FI zWqIU$$;Or2*^yCvG6kPwFkB^k542FRtiYWQjv0u2o2j22YYgitc>BN<mHv(PN~X8l zDG9Ftg+Ts`HVXk4m{`dk1GM~$sajk++#WUl;{Xj>9yF(d^33lA6_TUwnJ7y*B&>RI z_MN8&jsn0m--90qFjTMfXDfw<*ahAH9H{?hp#C>d>h^yYj7=pHAwE~n4Okvbmjvcy zE+C7efs%@|qaic&N`-j@$w}3qzqT^$zco60cRl5)JkU6-pLJ*Pck1PSHa6yzj-%{t zG^G#qd1yo+STvbuA-xY$khOYYzo;KNT5cK9t;>*?ac~Pr;F&;Te*maZY-`d+1gNYc zd4Kn<^H8X4%ohp;l#c*%7C|Rc!A~t5UW}10vEat^+#P(HBe_wiImIN98(*BSB55Nn zCd$i*;bVnM)lUg3p{Q5CX96fw@tg|5gXc8L<lA~|G=GfAMbqgpULVbUk830^`ArE? zO-hvV$;eB5Y3(GGk7Q=gCV9?sYZ13x>Cz^t{nEGh*0~TSK@aL-njQSAm(F=d+^JjU zb0)dgKI0_EDC`jy7Bq~5TWA$|J|Ys(^J-5sg`W8$+?X-pGnNWkY)*LLq(qP+H{k`X z&fgS5?5w7hxBf=bs^=iZk*EV<SjA$ec8{NL=FMjYW>;}TBOx^TUzELLbmmdE^&8u^ zZM$OIwr$%^Dix<<R&3k0ZQI7J>eF>^pK;IIr{Ayt@jTytWADAzTyri@R`HM3`v9_s z-E1b}5$F8}j;)qYLb@0a=nL)p4_;kK$;tG^C2~qa5wQo5G>hv7uUKInO5kZw-?8Fc z(ocAeC4J0}6%W%g$ILkT7n2Q7KxcvM{(Z>#_r}ayBz#n>lsLv5L7%cq4DJlaYEXB- z15m2_=2}M^F>YCXr0BU%%GNB_wh-?elPD3PK)0K``oER@|6+vr*P{Oa;Dk{A?Sy~= z;Qe=Zr|f@J;Q!^5LKFT2&oGujA+c33iF+sEr%Qp{I%ypM?uPmm?zaeHx6E&itLyHj zGS{k3UyJDxY(h0!jTcM@uv0}Ga1l}kU~P+7O)O`~*nBNKU6?3XM2SJJ;ir0&d7v~P z(bMm*dS~`(u8zn`D{1dzKv!^@wj@njPsK?#>RT_)u6wfiv>jq>H!2UVbS@Ld=WniG z;tZV>Ti#I%t=maNI8V^@MUO_Y_;BNWuqwhs&~oK3EGlwYP2Vpy&9$8cLF_i938bI_ z1;xRBfypFsV^h|&CO5T1DV>Ngde0Up69%!T7>_F!NR_&>2ou)_O#q<>^oR|W5NxvV zplwIR^}G74eow(r0xyy2P@`w9egSJQ0YeCUSS6;^S{9ONp8Ps{efr7Xpvf1ede2HG zx1Pp9>>dObha)eFRfPrD>dr>3)+-S3CU&_q=3yrM@mjaOdRl`WDTA})Y&Q~`TGn!c zA=wO7tW5=CU|Og>W@<WW#=unI(p_JJWIBTgrUyc3aKxnoeL^PewghGB2zY%>2Uy9# zDs`C}s1<iwK+8cjIj+ceHh*a_+(S&vjtj^tz%Xm-ymx)EL0<}>9K~^O^wchjnR;tM zHl}?{tT2C`GT@$XMt#dh8A9<(GHLFxA9bu=ln_+8@5KoYdIf-bA?8CnK}5;xjp%sB z#DkH}FYHtoJOW7NA0w=Mzp?tC?#SOyGLkG8!vA%m^-t;dcbIjK5B|%W^av}j`-%p) zkM^6hIY-YA5DPW-n`CRLQf{=ET@~Z}Gb&7uUmiB(2}L(g97-q*DbbRWE|t+Y?A&Tk z2szSaYK<3Y5mt7J->G!9Rk#@`YiCI=KU9HzAXBWm#uXQ|AWlfTF3ze=&5ZOZCrc+d z9=93O4wcs(`9|4d^C5&_?9oNv@2vYL4!&b)=CVqD9l5%G7TcfBxO;~95J~OV4b_HY zFrE9~O~u~e*Sw^tqEV|q32YY*yB|SF9BZZEDBsHmlj&1~OF0NGv^=GCVfmUhsO}EC zTLrI(8t}EkD_Hk=Hl(aTO!86Z+ue!``jKMM_NBg94=!8IgXLrX1nc5Ax35*Sh(iXS zM#~Y(*tSwLxu(-9BlKD66h=^^)7_({yssh!+*I3@Ij7jqu$no}34^*FU*8){jAUH3 zW3E$*^(k$#J|umZt$^N-azV>G$!%s!@rKrrUFrsYrEY1Z9h<efh$~LZy)q7<-K^mu z0dRvs30S&|jk=Ldk#D=W++X-?*`#wi_<mCZwix{N?x!tOiX&V&`$(8-M>mEpU0|ey z3i2Jw2X212A?pjw4^OE_&Pqh+3Ool_<LCN$t7wD+M^OC{0#+@)zZ9=cJ9nyLI2;oX zN0EgIrs)emld3H-_FW!cw5(%CN1A_PH_Vu5auxFK<EJE81Q7FYuAl&Le{=OeO%VOz zDj?zyHGlmUKq2sNVBoz4+pwz^WfELijIn|WT8w?UNmf+^FmYVKnghBO>&3B>M7$=f z*)f82nvbY-?=8;hi4zx%@^|Nq6&K2wF~S)k*z-Ns^sUbuYs*~Z*J|Puj&z?rZ}XQU z5*qJ_iC3kM8H_dC3K>?6bdX!WiX=ZY>!Jq$^%!uOai}Z?BM7+(a2!ej$E;fz3oZM8 z`tT@r=<g9s$=;p(<Yu6%Ve3G2hzka(9Ea?)C~T!~s$kB;N&kAYAAir)nB&Q#E{Ot{ zqY{t3RMX8}J&6&DNfU7ZZ!=fj9>&i03YTdZ04GO1A#vVGOEMyXrM(SXxt&{-=ohL? zm6m=QoKRJiet^n8NRQ*azW3dV0mp*yO{EHS*qp@}Zwr!~?|LCRMUT}b%aV?Q<^~KD zG_z`L&wh_%6&O)k-0`q{^~hU69=wQXWgW@K&Q(TPpxM5g^3iy6m>qL;lBp#14kM0` z+cVP+j;D*MM_;_e8F9Ud46tiMPn~>7?j*5gmW&calRx}yNg)^?8R2Em5ffL!G@Ur$ zOv{8N9SC6y?5eoe74ibvVoaby?m#}+(~}}Udn5>M8nrmKA{JE8PYSi#5?#-!<spok zJy5E`fmSU)YB~^y*5M-pm(+n^N41&eFe${6z{|zA{b34xxijzZ@FHfoN-yGL1%s~~ zGm*KT{;&Nc(({f#c>MKSn6D!M#2^|<Bn;jVJ_^99sp}vLOMQ(Pb?kd!x-c$(5lndF zyX!XyN)`rrUru|*1+S1&?i~d<7a}RjmJ^UbAA+#M=bwnz!CMmf2!;@yCvg?>IV3lU z5WWL_u{jnE^$GQ)(@Sgc9`v_1A)feCLnz$T14K%pqkxs2*qK5<+yx63I+blOX`x`$ z_|+tyssXxe67pcjg4`n)*Re}w7%m&MBeP_~j$55QKu2;u2{8kxWmD$x{D7?~znUNf zwTF)kXN2&D8n(O;Rb%d*v2tfLAKOms&GI4?)4qF9+lH!vlT3Ya($Cd>RxP^wp~0a? zG<|wtFcxtV7q6}Q&EWMJLvx>IjY;D^v&#ljl}>rTA>w-kKovZ_lbn+p=1E^X)DE*l zC|o-)7Uzcp((b8%postE2?IwV>UV~prs5xztu*I-E%4FbU{eR-(<y30zs&3IGO@~n zP2MO%bW8Y;4#BGG!}m{31(;HVu;@jF^3$7L$YIK}rz;5z;8<7{g1i*-oYQ{fG~;Tf zy0XkYH11A2R%VWq3+|uZwn+!ls2ugXAjbL6$(2Mx&3cwgk#L`Jy?Mui8>n@ig3foH zDRF<gq|;M^c*(8eas*!r-452R6Jj#f*OqEQ@#I27d#&Mg9NbcVn`c$TS#O*3(@B^y zh!r=$g_UPS@${1iaQTDBpEuC&L?sQfV1++;{PlVgYaswc2QlQwg|tUxrc=awGfjCh zj-hmZL#-Vo5VAU!VYCM-j(dKo^9VE((}L7_9IXQci7>%g9a&hp+B%R21`^?4OrT8O z{I2UH->J}!qmh*FA-tmZ`3QX9VmkAX*FA8OE>^Pa|0uVyy98KkxFM3I%z1OyC`8^A zrdYC@gAmP(m|(u={#rdG8y83KD`ulc-G%7ILDr!90dl{<=7KfFBJ5b<m!@`RIZd8~ z?_Y`6bSJ>IZej1VHc`e&rw?nG#DzP4oszKD4{Q#+rTE}a-K76PQgW$@gR5{xtBrQg zJRRZ37vac&+2p~RHn-(DFG-mq0nKnDVk%I*a`w!DYi}h8;Cc)w8&~R7;_yz!^K<L` z)BttxeRx-W!ax6ZxG}&)D0LQEI0&)?x#B2#pr~0}h)auGbMN`UfKD_hfFq5eAxNgM zn2_DDtHgkSZh`xFwRM}ZAX?3PKuy?Tn9K;PQgC$%q4;xIR`hzVrXeM4+H=AFXbG1Y zc4&dZ1o?hOxz=IK7#`Z01*@+ZzId8r-?hYfA#fh$B-Y?6(X8!;H6CA3plpru2#6}& z5t%NZmyeKNid<mSvIqanNIiM)%%RyekYrB3Oz6i?e|LG$#CAtnGPib?{(~wL-r9=K zObIa5mJiwhTtg$6?#ah9cdI@$KX{HdQ+u|(|At41#veTX&I9HEBLH+FG*pd?()%cB ztd*B9)P*(og=r>p4DvZX6e-0UEeVA#Uzvke?u6PAd^EpXc`on>$n~s`@XvtF_vU44 zAjX1BN$|<ztR?bU!8d48eZ-3Ot9TbxN9tr5M953|?^}r1`27&~*qO-<SHE?TL`L%= zU=oc1YTE}eDJf;t_kdA-iSdAOe|Az}a3F%J7!_hBwM>fpIBDFc>D-rrV}=-!h-|7u z0M<uz!I%;j+FnA#a7}nNP$9kLWvYZ<sxfK&u`<G~YK>VidFwt_rqzW)n_4O)7X5zf zMH@|$0>{dcaVT|;k)21++@MQG&*VHa-5PmgDow%!RoIJjM=$4QbdOW^(uW3OoXxD~ z{TV{|c9g0$WHARZQ6G6kTKbE|zpfpFlk13a0#$P-0iF-vcbARWwa?lRzBu9sXEJL8 z5j+rRcdaV3qCCQxNaIImrtPn5M`%w*_yMLZKxC)tHh^Al{C%;nJYT#T_DCCWaGR6} zJmmUfxaN9BOr=f>2SR5v2h@c$d3M`G`fLv~9*Y5E(HC)jod7><R>YyKcTD)Js{)O9 zpZqzKc?Zg_GfKE<i}6lW;TbojNr=px^d28CjJBljvTF&lKZ9a1@l39nZ{kILA>;s2 z#q)|m$mvNeW`ws{vQ=ANKbOSE<{n@P$i7)k%70T{Mmm3P`6IIbS2ubDco%&rYIH?^ z65>X$iYy!7!_MvbxYVK0Nr(c2YO2en^~0y^7;jCcf5+P$8KPI1Ku})X;8+_6awiKr zkgtsObY*;1!Sl$9!>M{<TN5`wbNY3(j(6G5+4q&@C=r+?e?5N-ei1vl+LzqaW&7@t zv+0U^gijJe6GCX^7QA$y%}5%W)j-z4P_<e)t|}LDZG|aVr-7Q`)L-wtoEwrIu9o6z z*ahz<J{UX9PmX|V?H$dggmMKQpX-Z1hR<@wT-5ht!}d8l7-!X*8de0sb@JFu5xv1J z98X2%Cetk|mI}B=fu)n>^IDH;Zvfy?v`KgWDK=`k_Jtn1dE-EYu%R&;3b#RLq92TI zKMsR1=x0wt{ja$+(naqY4o-?=0YCD|-5-ulH=0~Hb{nLYA!z)~&YQ>kk+ecMYM;v$ z9R^U!DGe!f(xQ5nIs3H%IUfK+En(z9({HQ>ApT;P^oFUrNA?)uGXkV2j8@O+@Bwm} z`0F>b_$Ov{Z_|2+SQH$g7QM01JHmKVMzRluPp1ZB43XR9a{<XYTE#RSck5qb+bdOb z7Cd`9u{@MDu=eP@Lxv3bAR0jP;m>UZ_@lNIgVUG63Yls)%dG{P>pi*bIJ=!zyLMTa z*?gtlF4<LDQhTr(>9#dFx)y+gXrH)`wLmk#bv^M*`vR>0)r|&m1i|=yn~?o46*bU* z#XbV@Ln8dGoO_%JKrsLLx<xyI=G!v4*ems8;sLpIWN(^RI{!x_TlUWZ^!JP775ta< zkJ=acm>8-v8Po)Xcgo?U<m<LKoH7O^tQ1A)=t#N5p-K%)IpiI^toDvY8&P{mHJJze z^JR_r!t6SloDzZG63eagE8}f7hk{EJxsPyq;I@;Xy}bOFwPxKXsfs@3szw-v-e)^B zSh6t1#aY|a=5LSD=Ea9C%bpK-tzjnsU6@qa!rW|@p{!nL-47IG(Tc=3Fx!I~gB&Zq zwt|@g4B3L`igT%=V=S-+1jFu=&{Yo6aH#^w#<XT-30*WP;`JY+3(T+|0Kde|9Opi; zO9lL-+3}0*v=^^S9wipzh~j?IA9b15u70Kg_5uOMp2w2yI_m4pl~wu3Xa(nZW%_qT zbsjtiMCv8_Y2Kf?bVVE%5OOejO|QP<Tn1Oig6#OZ&l^km8)51f?Y0T8wZ;gX-^W&p z>0nAT>N50bPXs0n!$*ybEmEB%?fbV)`GFtu7Ili(q9vsUJ-;#(VlXz`y}(xyha~U= z)o~o?HH9!T$|?8|q_hT!JP0o`)$yUf9ReM@M;Gc-NW1B-wLtNRj*$Ntn+PP|ppQay zXqWB85*FT*oF7NL>urY?C?&7ZCPb#c4U=X{DR+Wl+2@ZfkSj=;8*xA+Pw!9qF=Az5 zhM+7B#wBnu6lcv_WRWBQK-epzd$yFm0{Wv+afQTAh?11JYC-_aiMszs&o2akfDl}r zO|I$siq)f^?ylMdn+ThRJk$%=9Zk_;Y$rK0JC)p%T^@7wJ+#u&Jc(SXc)LG)aMayq z_QtzKtB4sX-Yn5~2rCTxC1{*B*`blnqOZ}sA&-MTqV-dL7y3OhvbZIkZnfh=?|SR& z)xJ|Ny@>gZihz%lCxp}GNmMYX(_82c49<!M8ThlVuvva4&e|*Psp|g6Bwjp?h&8>v z7~10MwE*^5SCWyswDgQNyCb$n67;^+Lv5!RK7)W^NnT|+2>KY_tsLFKMan-FD+0<} z2|N(b(%SiBzY(%43D~8+MxKO>;o4poZHKGz!W7Vx6t|8rRMp!CzhKQGRl`d8PWP;V z=@a@y43N;7uX&mJL$#-vq}gV5HLLn=%PIf7hM2*gX1;a<Mgim?kgX!jGRGky9Rq-} zLj_<hdb>-e?jmV@EZoZg6V&sSEzK7_2e=mwmLJB<oOr5G8sEgr5$m^mpL_%2iM|^h z1gTE0YKJunYf|#1#UCC=*<*UV^Gxx86U**L3mG9X%N>`ifu_ld7-Yli^=L};6Dw!i ze1<Lg%mPKBgIh0Jt*>k)3(UF=MtAPWf-ecR=<-O;#BP_37FOUbt&skz3%K+UlK16P zI80V76f1&8C$Xj2YcM`A*amN8q@yq+8~-g7_;TzDeW6|FSti68{8JLW`7MbyMA?2~ z!Z;}3NqNSi|GIO+o-L})90jRYLe4$E2NVd_IE^x6K2UP}$YOtKG8NoHE6W2xQm`W9 z7s*1V;rgtquGww43HDxWWA(1F!<o5l_Ris=eZB_qyp|Qdlb%3Rk=&?!PO}|8Zu>!Z zV400K*MuDlao|gtsUi=#dAp2<!@A-kyE8F2Y&oqn<Bl-}_KgWKzw3@Bt1RQI42nYY zn76hmw>xY+YslMgmg<E~pwxhe*y!j&ugYVMDC9Ot=3^{JZHE5d0a}i<t_3+cfeHmP zpj@0GuSGV?t`E{Cw3gMxDW;%)8cjY(&ms>Y)e08fIeE3w3*MG=?|t~zb_84kQ>O^& z>z*#Hg(cpo1~A0Rd$uj$UV~hQ`uiexQuR+~7j6(c1zB-uj5Rg~WErolEECMdK!7AZ zdnNNtb%GAKQpe#lcz!3AWtG}7Q^R%1`^;YM<U-Ee<Hy$-kd&#^O9<u((+QArGTR}p z^i6)ZFuE%gn5&fLcvHjeo9`P)n6BS!OyHb|f!PR0Gz>MgtA%fICK5AEK;8$oCseWL z3EOV&{hC%kexzQMIQy3$UK`x2=#l56#V#Cu0egUYG&HO)><@uCK7*bWRH^$0Ybu8z zs)cTuJ5qo0HU$ktJ%fxROtCzD4&J73M3q_2DT7z5cQX*0MV~+X^Ah?O1<Q8vVN9>+ zjb0S$IQAlEmLqbPy5!GI!dUpfNTPp#EIE$=P)-c6B4(ysg3a7YE5+d|^PCF|En#m| z7RXEra@Q|>i1LLa2F^)m^SI+y(JsG`2T*-0o$aKJa)~U+^E(^VRKL`%pL%h!UdW#l zB@zryz4Rr1YvA1SBhXHDP|}#WU}&l0Q(?nKDS$(XQJk7@>j)nci{25cnrkWc&9hKD z5x00qU29V`F+6>V4b0WJ1cMvF0AG@y>YmIIdVdO?v~t@qC(5+xDHL1?n^Coo6<PkY zJlIzkpTp+(=Hofi@bdPSwTZ8rQZlW>_*ly-l!GYFZ~Pg2Owv6S-phW7p4Ma{r1*+k zBx5(2ZWm&Xn-HMkdz)Ff*w?GokM}s$OFALfYQkto<!~dWs8b?xL9(&rmUzhD{XQFC zYH1(&mjme2B=*vr+VpuROqu7fIA7c{(W&pX;K$NS#WkV`_Rezzy>JSnzU;^cv(Tv> zQHQ=u$g#^JzM-ZDG_sPk?1UE?;oRFyIDMIyS4E!7FPitK2cVQiS>n)&{Y9vqfNT|P z%9(Z>@A24m>p71|xWcFCkmanHe&&9!Cr#X%90SxzITdcljkl855|VkIdP&6{0PMbw zJM57BMOalu-tDEy^!eOquNMspIpsq<iR=sQD!`YrnUS!O;}xkC)H^+@7U{^(290nB zW+H?U0-N<boGfWK5u?Lxy2g=L(EqAn{d=JPr*`i@qrCnCwN(oLr5X;=761fqS3Vds zt6vJ)%rq;CYA%oBdK^#+J}H9+j%F2EIdA=bN^KXn7{u<(7#}L51fFLZ|IkrS4sU`< z<aH~fA*DCoJTG<dJg!W_JQH?3z!qgO<*0R`G?7Z=DwE8|egnk<M$n9`+><G=cHm>m z+GokE-oX~D@uj&{_vp>gK`UnFnu$&RQ_c7Fd-u@ZE$Qnpr9!5|R`wZEKiI>;DvYRf zbjnNQS#2(fh5jNYH63XN{sL~dEu&-L&jV!KTmj@1ww&p6L$j}21lne{dhfgW6GW`7 z{b(oi)zzyoB7f7u!n+zIiz-t*wep;pEQ%`PQKk~YeyQ>^{&X}Kd|o{w0I>0HYy%YE z<weA^N&daew>%;RB{kV8Q@8!4GU;tMZtF$_gIRge{S2(e?R#31<Pvl6+wGj#3vMAm zm9)9EUM5fceQk}KHJN0y=2}m=vG7j3?YYV@zJg`V0TN+dAniSER=!5Jwhp7*1x@ar zu%5SSr-LOa!Wk;_tv)R|)WUg3I8NiRVpUhVMfFdSftglV(oquUO?ZnBAz<eAkS#&1 z5s|ZF9g`nBZR3S}1~`T81>SN-9V-RRd0AaD+zj7)zmLU{PjY~D%F^Hl?j$^^52DQX z2bFP@MN`A1m0aTi8AvJbY0DY(CJI;t`W%jwBd}Z$RR8Bd{ToU2FHl;)oi##6iNa{W zE^Wyf-MMBU0n~;NEymMA_ub=i%t_`8mPZOFQ8KT?yR|e+bs2S~lzJ=u`tN!~A)<q& zF{N+$>u&k`Y1@fUwAPuvjdN<g+n%FkSYH6JJlieBppLJXFh&|i!vzUYOWzW}d8ti| zs_xH(8BRZAYAVfpw=>|^Bju{h%oD8u6<|Mc_3`Kc42pd=cL$;OnWh8EK3B$`9?n0a zE!|NDowK=($Bqq!tcRq?nB~}*zfHVd{dl7p8QNNW-Da+5ycZ_zYSL&m+C&Io^J8`) z<e96#IdDsH0UI85S@l-ogv9M8t*)G$LX4S1FFY{m_~p#8Ut!BA#P*}ey>Q$58^E5M z4y5=iMh>ZZ!y9?4%<^u5pjowvIb!MzIssU5g|Hi@eIX|@vxo3<ULv#=<M0ocumzRa zoybxzxY6|%Aat{6;Bn$Pv%TRlt+!s@!SLs9ff-JMX$-TEnJ4goS9pz7`dH|bI<uUD z3m?7laT%=@tpRfu_B@L{q{P~OWejQDXd-YYN`a8AEU~dzq@vL0!n-{ECILT4o;i^v zZ!&Isu3n%MZgq!*b7Siu6zrS#DpJlq*QTEyDhcGMkoD%Iu5P9Gv-U5z=R!QlRO@ZG zn=dVs){y-Z+$*G9kFu5s_K}EaOn%fcl?WVa$VCs5zhJwEQ=oL~<^K*h|A$V||0`|u z|8(Xt-26w{=wDDZ1mNFcKGtS>A&dt>lk;=LCYF^fIZfRQXJbw(Dfu9mmnpbWcS~#B zFt80^o};p?jG&eSNr5e1Xd_>h!^br4A>)P3Ju)cx=hy9;`VZ|zK1~QqBI(m3;;lKz z=$|+dHMk@5-t<{PULMhgLkA<{;VBiaB)(}a^@NqF2ImUP;lY@d4*V?IEi_g#zy#;Y z9Btti-B4T>J7l+Sn>y7KkFuSuXWX6n0o1ID!>%a=C8~ui3&ooPOJ|4is$fS^lQYN| z1Kuw`RjCX;vCz>mE@h%Rfi0lY8+4nxPF^YB`D}zOHDuG(Yf@7n5!(Ca(};c?i~>MU zSd8u^nnHI!?t9n%8X;ikXhT{=?CP62N#0d#(c?ABkWE%SBIB@-z0rhG7vu%ww+WZ- zjfrUTu~xhMEl^MY(9{^3oY{!uNMPPnz##eS`Zn0m9h<De;Bi^$g0sa!L-r?H>oZE> zskB<uGjIo1C&SJQVjfnWcSTkubg_dB_qe(+*RM-)Ko03TgPTX2=lr}B9S_%HFO18K z&~JUaB^<}3L2(N-9@&<<C%fIgw2pXa2-8YpmU4^8&T-qvoJrp_c-uZ0l$xm#3=r$T zgQqpPSiA!XGS(zn>jF6NEp62DN#eFZ^KnfYvov^Ns>b3Gp=jQXE6vHur}z{&FI-X7 zc4r+NaPV5e{U_RJw$}fhHp-=g0MMiHwky4^RXzjnAwg!yrtG>^>Gt!MUO3soY0HYE zIOl3$sQOT-Gg0HRrHFMVJwGX9=%zl1hM`z-)cdoWLdxrRRJ0ID9J3Ta+nqkm5v1OU z?O`p0!h`M8H>XFsYrDg>*Q+>TB0GEvMYQ_+UruwxFN=f)8#%3V0%TE>*ST8$w5zQX zmbefq73lP{9(m+$f=gB&p<|0YTRT84bl{_<p41bcwt;L}q;tHjYao^%*N<!r;`Vs{ zS+x36(g!46snk9<Khgzu{e%06OKTMG59_<lXsxJ_oRvT9!?H|l+*V{RCA}T^03xzn zIZ0#o@1e&|U4ClZ_h}@b?5HZ@irjFMyA60^(Dn}i<b|++XTn2ij~q_%N}NH}x`Nd# zW(Q7N%A`z>^5DDnFb%@Qc!}~??6U&0AfL&e3r7nHye0Thf;?UiuSBdohf3XO?@zKX zhazm+twn4Q%@!4w8_P5vy1Yo;nhgVc*AR4MhQ2{D>a{hh7ZDXI#h{#eu7r=3-2G_a zj_~U@9ns*2AuU@7rYq16K2u}A5QWtE0StVA#O)sQBz~-tMDz{0z+I5F6;w<iv91k2 zU>yGd7Sm2$5aPn-`^0R0*Fd%wNB*XX*7K)m02qk9soZZrmxiC`wc4CeaABF~SqBj$ zSGbGK?5|=YzHoDpTh+M#NE@yH(>?mDjUu+ge+gpqhX8|cJ(Kw7*`so9nLs#-syU~1 z|Mm)khprC3*`P8uq55%{h0DUSe7f&So;tvt^f*a8kUxo8#_v!x2I15fujvORqWp@q z*jwb2P|&bt8SoZk#KZI~q8WR$|JcJz&XFB9cOms}Vbt`I2O75;v@qF>-)~rkFZuoz zEduOa5lA$3@#5C1NUE*`SNL277vyksw?%aNqDL9=+pMLDyWTB{J0?^iUZq7^O7Fo; z9hP(;JnGmh2+ridjyzT-106GELH#QU&Rs|m_~{44)laQ1Lxr<TcbcpA0uu8v`P2)G zQV<GbqObIF)AYk>O7-e%UtS9YO}uXk{8N18W`461P3i)7ls5uA;DZ@gMu=Gsxx>D@ z<lMRwlcu8u3UJMppSZqL0oT)gE#pe0R%*}MzjBIiQ!zgMgn-i$Lr|A1el;<K!XBO$ zbQ{*D(!kOSLmDYhwq`5bkMRVfm2M7jfu|kicX*GD%KU7@gwn->bvNxcrK>a@{YmDH zw?C%n0?}56Nsh%S(GB_&bB!f3G1}d@{!JgBY!`P`_+^~a>`2CLvt3y9616N`SqK5A zQSPkGQ`(<-2@=*SH?=7T?^bA9ojC;H2LTcKkbHTn@iw_JxO^@na=2J8grtN>nNH%o z^{<lVo)p3I>_+uz6;C2e!Deog`qAhAu8l7I!Q-zs+U@}VC7{kiK+{rzX?~F~l(8ca zH^hg&CWD53?i!9{si=XdPHNY(Yl3ceJz&b+*Zx74fNiMMr}5yRY$w$)9aoro)VGw5 zx~zq?-xcFP68?jpkr!?o^*r0hu0!S%M3G29M+U@YtTYU3>yjq3P$FBuXq`_|+c#Xs zr4GTi>#=e%uT|bL7EOd%*nmiQ;6ggz6EP)Ge^Pv0$q#$@xjalTAiTvehH4+pldPqX zCu=Lyjwb-ti0Le#h$R|?j`w)P5UVFu#uP-@f>S|E4I|0}Zh>iAO_7lb8{rU!Cqr%L zF-#JO9QmHh!hgbu6CIje^JC(hMa8is;^I#d^p$ab?}vl=uw94KCEYe~($Ck&IBzqr zARD&|(pna~M{wGsSLsp*meM3{j4ZiiRMc{TIBfE+0l{<x6ZZqGvseWrO!8JJP<ADq ztK@MpoGceFP^ds_p6VUJ4-4D%lq^)bvz@G(ZsQ`&BK>H#{G;w4tCt19;}UnJurzD| zOj4&~Y9+*GxA0ir*3%2@sG?XVC7}(%>54pM-P=kNto027OgLhtq}8x35usm~bH>{u zHUfKB3Z&Vfw(Q1rIsV<=P+T<%Bn4b-1RkUFugN^vBmQ<=v0f-r{<bu<RM4}!6NNNR zMQ&ctAQDrjb*l(v&j}+nCpyQx<763i$1it#e*aDU3da3|$6sw!q!0c}$uwYa)%u5V z@}BSaZEbS^8>kba?~z0X#@asI_^cZbXX<$##Sd<eD4%Jzs3D<vMGpk^Fsw@gZxhGh zo$Pxdk&hV=?hxF-&BUd>N+l;)mOL>|iXjx7YX0WZ(m^d#Ci?)Eg%b_1=E3HSAZogx z!Tj6)HOm6EV~2>3`hX_MJHGh-?wm$~+MKqf4i-kn@gy{(-R=_p8xCrLW)9M>1R>i4 zoDMsKaazgz!BPQ%593P(3;IhUW3?ocnkNA))rX#edy?dbDr)a_sL1YQECV)HzYL3E zil||kQ|kwYx|D~y#*C@5Nj5Vsiwv;uOMFtR_*a7-I-#-rf8KX4H3e;uIZ1ey!E~<( zirJN(|1@OPE`{IiceWAX8YWi<<7Gd12#=Lj$VvAbiqPIBOjw6qV53ZU2=`D9z9;t< zm^<y6t3cK1Z^#*dP7d%9tle7<Aa5qD5y>(>T~kGT1oz^`_TS!|EiD+e^)&;dxp zSxk#RD0T{h6sI)#=IfPR<MCDxf`&aU*2uL~O`wyQ2gPcbtmw0lq6w^07|ob1+9tYR z!2Q(?M~@4h+gO`5<2IWqgLVNz<W0CBqHEk-U#0wQIAfs3MAsG&w&_8>j;S_kSaNo_ zJe_I#xK4~lvf7SoI$XIGxI?+M?W}lYDyRmyXrP>Y3rZ8|AKOO$U+FyLAK8O{wb4{Z z_%AoFaj0w!T_BPsg*X{i1R{jfLfoFRU{SnrOeu$c6$-mID$t}RB84H!8Q1|dYkR)j zbBqxKWycPATeh@3kC8XL-XQW;lMq_mC{M~tXf&Yl&A`3MQa+#-^HteNZ1xP+pT%6Q z<l0~(pub=Y@)EhWC9Wol=H@^MKt!a;)7qkTVisK+rDrJg>w1N9dIq=>iF6bq4oeAJ zAV=pfvtu>Og+U?O4vTy!T^A?YIIl$#JL-V~kwFZvD6m#Kd1Hbd`nN)Up6HhV!c9Au zS}EyApQz_x&dshE2OAf0kgi(xz}k@NIKZ52R^)3&b0;(G$fU8)ESoXtif`T6OuG&O zodH1NrEWPa41P{$Pv*%fntZJ)S_#hWfUL}|Xz1?eyp%R--rU!5dx_L@{7eLmi@g}N zsiWkLC8&w;vyt_QJB;6Bg`3rp!JKLmWRrhUIsaw*D9d42Yzoi_>tG50VR$>Eu2~Dd zTVqy69L;kq^W!|^yBDTW*X-|;&mx!femlDx+$<=cewR_S**?6!;Avl;WzB`GP(OvA zr~SPt$*Rw!oZHaw2bOhChmx6tWio+;4M*1SaNBgl*2S`pKZsf`l=XYPZW7udZbnGG zYUwv-(}W4_a?t|MjRn+tUXhVbf1(Ukm%jP|?m*fl$ai3;=zc9->2=H-fY_LSYNLPJ z(x;RvwT1S)CH|H*h;96eBc4(nkUP;kBYkGrJ*g43G1Rp8e6B6Y8tkcLPmfbcHq#TU zJ-Kx5RgVWNnV+X7H}J5;>SdQd-TBn?KPk~p{gJO;fK(wbn<x0sbfuVWBR3loP{KLN zf(7}K`eebC7qH7rAwyU9^<22Gf+InCrGp$Q<ys93)|NoG7#?N69Ima9khs#gKw;k> z?*b!l*|>q!$s4|VW0(wsfe+A?EW*2j4OTX#^E8a1%u&AgsR{SGI0~^8Z-QR1w~9CJ z_k3G>&PQD)jeN+)(PgV=g%Jrsa|K7^>j>E3m@q=dthXXx=R8SWz_m+ZBB~h-dVm>~ z;Hm`Tl=v*x*eYmZcJN0y=QW1On^EX+dNYtbs4LEp@T$9$*Fo%_N+en;r^5p^GlRL_ z{&vW}?pENNxj9LtYM<WiPK`H)p+3kOt*W(SL|FRR`$NYmL3pN>-&*WyCIpTRl?gcs zz2PFXOo#o|4<JHmX$yeHavwkVd(L27YIdwy0(}k3RyTS*GOCmXrXNlLH#$|#<PnT_ zL077_qO4>zekjvP{OCa~`G^>jC}jOMn%fkio6rMd^g1j-Suu&S?w+=+o0KXI)3?|< zl7serCu5bWdMbp<1bS>FqxW`wmDBJARrd9|kGGV}B3T9`jTzF@zC}$f^M7U!{);yH z?<(ql(MJDP&i|^7vL^;DHv;O{sMI-bl*R_sGvoWo|3e$S`Ex)0{h|U7|AFnKbI#bc zY7dGcAn-yIGA2XJKece)wJkn_^(aYGHH~~8E9eDz)u-Dxhv-;ocv2ZfM{>{oNlINQ z434>J18|l-E$-fMh3R%x#CIP(>VNXm2SjW>3e}!^7OKiH-4DmdV;w_SefmkfL3E-l z=VU4lnNkv+^{JOK$;2;BDyARz43=JBl(M{r|1mn5k0d-xvv~|G<>ac~wsRFoY?CCH zdOdom=WIoR+%yaA?bIuOFo}xSBfCqVa()N{ZqD|w2)YU@7-tw%VqfX_0-{qNoTsE6 z<7woYcz3GLihmXS&MkcGW2lP2YX(<C>}WTVcA~k(*_$KAvWN{FoOFp^06j9TI5OId z$%p@Wy*M>8+uJtJ`Q4sYEt+0r%oxKz%H0DE*p$&RY~t&?ICH?~kQ-Qv7DUrY;PQ8o zFA@;}aa6~)C$lcdNsWOPLPl<{-@9QRvCreE8e2_<>^_o2i+@TM1<ZJbt4o`PMq<ii z&-B1GkMP-PR@o2onSp8K)Syf1kxF^}q=>CHmXe$-lABV{zL9tRsbwh<%U{dr>wc^G z?(uV{%108b&&0<y__d)^rL5gSD5d7a?x97y?RXNI-U@n*BD(eXjrKn2?XBKF|GmHY zV-7o*J`3lds;5o1Pq1>|gbE_Jy}*Ub%0dVLrPMz(sek=x8Ce4)7y%$frekx%s)M)I zSR@ev+`~7hK%J;QL!5j>xUk-<a!$8s!k(6;PC*(gWF>D_%<eh0|22UqdVeDN5ZA{B z8{5xZwt0?a=Uc5yR4GKFg>d2LX*Yb&o$G_iiOu8cDhcpgq(JYSE%leQ!@yTV%)ar9 zEs<t&g^r1QPn!g0j>yG{M`E}OO>yVO{xZw#V4zEL%J(wBsT8?HDtRIAY+K>@wYLPe zqCTl^^xQP=Qcdj*C#y7lCDEqO%7=V)*2K<r7+WuVRT2-L*0A}96lJ&!Y)B{P@7xW& z%sq%$t{9OYn^ss9D5=h0!XcV#U&Hthcn?LW*$==esPHb~I~&%72bK`_GJ%dh*$S&x z<|9}BIi&Rd6_NxK0kUfs`o^XQk;hr8g}=ahK2ByeU8MqyhVE=}`hZ5x3{ewucLmsD z#%nYNBSCIz?48&T{R_}4a~3oYQhyb62*W`Ym&xE28Cf3E4I_q}?3tb(QOwuH+%~dL zr!nva)xb=DDjkP$?gWa`x}_tu5FIs_jVdSjEoOtGsxn3u&CH3$s9H+zCM}ebh0+IH zpL}*>2C2afFm#!T#K@y@3g@*a;fhULWw+f`cjt_x%d%zH^{mMaEdMm=*073FWkO-v zm<Y0~l~U?ksX`wsdgtm?1|TU}%TX4TZVHJPVpp_><KOtl$}4S+d->m&&=dlzJ)oG& z96N3%kjSNkW`BjL10#ytxgHBpKrHsu*}?|kr~CPRyDquUcsJC09O8Hz=J&*eF%@~i zx<M}CQl1>%04mjM%3v+<u@B`feg!M?73_s=>V}R1G?`P^+1)Td+WjQLbfI16U&tXR z#ZeykDz8wRq`!P!pH8r2usg-B-0{Cso1jBVUuG(+O%{i~c_6R)L$NhQy*_TO{lY2R zLQqK&kPRPRB$*oJ3%1+OL`Z>UkhEi}*am!~1vIA{@-5y1W)&gs55XK}xgq_<DdW6I zMG>nz?xbi&V2s>}%7@L4>*HHx;vQLJkC>?=qa<gX&@)WZHcw0N%k&Pao~T8OjuETY zqQqU=QyqxjBIQQOT!f%lozyF9x&CtHfS_MqP6-4fhf)xf|B?*gTlS$lj$vU$b7IKH z5c+QTVEI{ZF!^g^#>s(1J~TYf7MaB!L-KOBtJo}#NnAYOcOJ6P?$ozhtj6Lv^|Tsn z=+xIaQwb?8>Yuk-g0;EW#~VBhz;HOwW$FDw)KvEIUTbIFRLtO<tQm8*bv-aoo^O-C z^3Kb%3umRn<|)QQt%|Dr`P_EmQLLR5@B)MZ^8(1A1m+g)YP241=wt^Q;<Jq%3#1vW z<@D!iK;AmTgoYV<`VC@LIR+!M=+=;1^ajYaGZ<TC+W5z!*M<J~6bwcNdPA2#>q7pc z6pa7RJ7dEfYP<3MRiGP%>tcQ6s>^K$6&)1l4|e}ifB5fTzMy_@2Pn;q&*?<7GLSp= z*O9ctHUAcpGtcvmR8Ol@W9dMiNP-QvvMYio?DsjEMPZ<BFUN?pWv(~eAwNK$))`XY zhfKW=`Lu=vd^ez;_=?(Sj`-rR*4pHqa%XSgAGk)UjYwsn#su~msQ}66wikHixq$-s zd1P;^t~gDNJb+knpi~c?FUh3tOF-!&TBrXB7E2>SR?p53nJbJgOUvPBto#*fy;J(t z5J}18&yFuHXoV)_TOZQksdecyTuVK*YmIAuJu6Z+X1ZtY^x)(bESk1KT~9wW!Y`(x z1i4htwxa*$PDofb&|`~RxrC;w<&rN7=8za>2X^`X3=0+YjXW>3`!fT+#GjVQlsy=~ z9q2ICz&!fMVP}NOIsIXupf3<N)!+Q6IgS0HviY&J2mIk@STa`>yu4;zg7}y|u#lAp zLuw37UieWMEYu+2DkKogDj@qgh8Wu!${iRwqVdPd+9im1ZE5T5Rz}a0jZr`8a12eI zR&q#=7bofj^lt|)$@rq9TR92Sej{t4bozx^hJLW<s(Tb+7q+fOp*DQ}h%z7A7AU>X zM&-i>QJuN<`is!qiUL7BoldNw=-ea~qx9H&zVP=1-Wx0EQ~P7p;U&Fu89oWIXSq%z z$jrNvBH5Nc0g)5Bv;i`&%Sx-M<XM7dvX$bdjNIMO-{}W`JPr{5@HjXE8^O`UIyx$t z%bop=K=^~zliQz{&fhO(6bJx`5NMDbTs2#W_#4(>^0y)zh_szl*q#lX5NVPJ=n;8a zrb5P(Xvs~M=iV%?hNU4#TzTXUziVy(_J*p=3MP$0qyDUqA$dK*YmampX3g1WsTK2Y zkbLp$A=)|Bh{2!Q3SJ<68(bUig)gV=x};3X?BBv1&mS3e$<d<q87~A-LU<g5-g)Hu zuW!o5j}ww$Vn>Zj)mU8YULdc2Xg#jJuDQhpKCd!?ARf3Wd)QU}z)6}(HhuC)?h?2k zfZgSxZNu3$mb$|%-TDdSX4hqc#oJo_;p5~@vxqngZjeZD$d_h+#}wCMbA8T2`aZ-y zkr>Tq@o3PWsa(V4kcF_BTaUH@txIs6vOeWCv?l}94%|4i*a6h`EKY>IaP7V$1?5pQ zyjuCe7rSBcjId2PgySdv-mwrGzD|1>Y58~$tqHz>jj;g2I+)xp5#&tIT$i4+!8UzR ze!q7#9!yC43cuyH&QK}hNUJutq8Vp1+L=BAj(j`zglG^J8QjtC(>c6#{`_P6oZ64q z?zx|L_h^s&>+tHE2_OfGeVl9A#x?c_N`<##H7tIN6jk0eT<;zwfx20ai*f1gXa&ST zB)d$z-lGh^H4=<qlzNnr$V3cpRLw#e(y5OBBlN*#Zmi`tD}+tmxBVJXN4i_)ch#xN z!A%6rDL3=c%L%mmf9?K4sWc5B5pxQLo;&v`C5mOvDM~B+rlw(m_zyLIzpReKzkx`y zOn$;|G|-SMB1Pa+zMQfIh;apVN?WuiHWkUn5UO-ZP?^Y>>h*2z?{iydc~&6dN>SY_ zVFNv0a+qvq7lEFN)<-EQD2(<uNYM(BpZ-z_@rit_>6rsrd`DSV%;bytm=<ibZN-8Z z(w1*Lh6J^koji>Y81Q19m;ebH8az8wb*RkVUouG5w2Q=L$9V8~tDdSOL%E?@kgQ=z z&Jv$mhbNTn#^OWU&rU4&VUCsLn;^{G!yH!yI!CZ^PyndSbAI}+j1y{cH2#*@bxAy| zSj{YzyCl~-73tC185!keSY=6Xn1kCg_Q`R`x2xtZXl8pqyx<MEMD8Q|qofZHLFq_N zZ^mRg1#*5$J$)u(M1;8)ebhXF*pEpnraHzwhU~pSQq~SV&h&$+W5udl-vsN5dM>U; zE7g0ZM-cf?{EdQZHH@#s-doDo7{gjtS(M3rfrNCDNQ=8tkZs8hXQdy>Lr6fY&(FpA zB3K3qs9-Z8br1{4BQJKX{Kk}|S!gR|#Eaws@D);T_GgF6#+h?2-1F@En)e&<?i7QF zqIKb9Ape+**Q#ati$%m^-T4{~TqwBtS?c#lq`cyqvem>gM{CISwxI$Fgrw!)m9mek zA%Dp#+>8D)sLY8BU{b{L*)?H|$J5-%9;6NBE*3Qym$;$c{Fogdo!_6iG40xequ+0% z8g0YGQ92zo=HGF(%<IumNosvVBuPQXCLseL+?8JPZeQnUExld3_!tMa8M^f_MdB+b zjS$|sd8&>P)DPmD7Hp#x0VSf1Z5kV@FJGOHGhU!t3(uedmRdsl)0bsOahKw6t6|Yr zwf<GH_bWe1=pYhm=ykqrcjvCVeKOOjEjT1*o%YGD0fpdBV#<N`Lag@%GTxIl0THZq zotB*7ad{5buhTdlGpPOo1msaL`@J;haO6xt>|PnJ{!t?9?5oT%r8Hu*g%~OvDciH2 zkk)?iOKpBMd;)!X-Qp@N)gCiV3zd2ZTnGY*fHXG1C{o!4d?sMIUBZAR<mX5^E7CZK zmP@pifP2IDV3?VHf*2)?b8Wo^Cu`%6r=H!GFGI3}N+>YQtE55TH|4ybY8u(M6y(7| zZYg>xt54+-F0tzYwNymJ2fD^z5)c}I_Cxth-$xaSS8s2;;m}xqtwPrkl$k^pu;v@i zxW`>~A<+~^Rzbt%7eK9D+yxEfI)E|B3@?#;xw-BTO49^x{)&Hj*+Wk!2h}~uYi5`{ zg;?ZIzubKaPm6ILdICk$vpsqcKq?6fi#dIum*^VqqR9@!gBU-lqz$W%eNe!G{1rP$ z%93>IPj)_Q9KkCaiH<k)X2;p6p_43Ax{k<!PyjllwH@Bn8jn9T7Pp~qEb;$~((s>A zCvN&cHF$Yy-&ki@>g8!GyZn8M)E-*@FLPsme|-7*JMWa|ab`t+)NH?UZCf35;<lVC z;sv2$YoG110XV&d!JH3KJtWI&#dQ(U(@Sr&<Qz_CC6J8}r`IF6L3AlMebsZn5CreE zT5T<VJRbg<FFngfVoGobgj=vgRZ*ZQq4~2Vf~AZyv|k-c9NTzbnx14Pl5665)_%RY zEFs%5UZl27XqsL0_9bVWi-SXOi{3ZE!D9!oo`SnqR;?LoC6xy!wy5rh$NjGEGcC^2 zsAD6JYJu=}vIz)d%H(!|O83N&t)=Q_X8AI)$D(7xcthS5S4c_CB{8!ZhdjNW-rg7o zaqgVbB-7Q~YeW|1TRctHTNX%LEPtl0AJblyE&`&#;Y`qKYD|zLf%xyim|du*p;*pf z$b&^_$Ved}ol<UlKUrr(V$e{Shny`K4S5MvsYBzE6hJS}@M2+(sz-fntDX@vLkdO= zj0mpw;7PvufC&S(`zfAHfBJ|gu#Nuf;q8OD0%@=7kslc_18s)0C68zsTyhZ<6Ds0c zV28~uZ9gcq<<Nt7UrG65aW;)IilbAAg5unXhQ@r6(ju7Ch<;lLAKMDu!?>romTpk% zJyir_v2Fx0g~xm!t$=b}c}dawey8qu0H5;i)iq@#MSno4183S%?t6Fdp_(g0uMiSz z^<f+KyjUbPBA;$ZcWI%l(&WdstQ+ZLsA>G`n9sil>fg+b{RN6b;CFPK#Zb$yaH#$M z8CH&TiWOReSJ|rA9*4d`m#5&Ny)zZ3A)p(Tyx5E$2F)3@`0U}O_$Y#2l^I0gb8Y3t zGLZp}9R2y-yWHEjG4xx5`0-uvMrFWCVjJ)_$Zlm9l&>p5V#cR=BGb;HT=j5%+MF8T zdM#oZO<_qxn4d%-s}?v^)!HZylQOp#6sGx+Hsr_0VsMQ2hicIX4P%jQGmY6?N85?H ziA$Q%a0RQ`vnMvn@9tY~{cWLw13=Gf9>)0drb1q|=tJS(u@UyS#FjOCzSyH~sDVDF zf;BRTr$5BO8|ELuWTJmJ5V^QUt|Yu8*lFx6T|=ywj=M!D+JZze=cRR?UbQ^4E=a(h zI^*#SZE)~Z4j^S8K^>G5du6~`2|7PX5)DYU*bTq;W}I>j9I||J8W?jgpi}<t0B<gL zaSH{MDn(!Pwzg6Rb#v|YVpY%O=iE8TB?FP^WwkjhX~tWDwT3F)7o-^V$>{~7RR%W6 z4M#q1bPzE^`3j9hTNd)PY$EymYNy(xcgPnxn2zy^jMzfe^8hF?jsjI7%`EF38Z@R* zNd|vON4S95qfC6ME5kl8Ypdx=P0z1?Q?8Q}e<lh~VfHi5dp|6T!9z@=<+35YED7RH zUtDH~k@y`wzqq_deE;Dd=$}X4s9Qrp56V{}V5pbv7HB#Dp92*g`0WCr)L+0T3kgAU zGR77LrNI85gNT2DIu3;Yz+rL-+5Hk7N?um&pwj_-C@c~NY_`=fwH6G5g-hEX;H?E< zl1VUY$?+r}^js(FV(&Zv|B+6|>_VnDQh+uvP)s0KtWX#Xh;$%sh@8P{cJk~W$WCRs z|0D(5ubG($s7Oz8%6zn#MtoB43MqbP7SDb5r5ox8CNo+E)eR+ITKzPf>1OWS6kyFG z|4bx`#npZ}JbTQ{L;FMFB<9RM<wKw*UP)E-rFp_G;?(7$!#y&$JYn4zk8(*Ln56-K zx<@svH|U2_?ZapU{!NyF&pscfw>`saUBWfe=(==h17SJ0LvW1<nmlP(px@Tls>JgE za2+~Gu`=UWEF7&YI4wOpS;XO~F|@g{VK=}2=?c}+w<$Yn?|0>4=JEvAf)(gW1bUft z$1!+L+p1Ze-z(r>7U3{C=Q`}p$d3qmFS<AYp4FIs+Z2SW8yW-*d`?SM>749f4J=Ov zv!QS$c=)FDwFB_=oC*DJ4zGwIyqi#HV4Osk1bAGmL2pyKyvE{PipdCB`X9hx=OPzA zP^66tBknFrrgTyS()^dY<&v2nl>=7nF*u=Y$|WHtfL~8~6)J!ccqf;OdR^Qevz<Wz zQ58mc0A0o(x-~~CO8S>xl*EnBkiph!ED489(}@a4CyGvm#^BDa(8c9ILYveljSvbq zD@M;5^gD+Z%>Q$s{>>obU!cOS;6FJUw~yc{F)R)jHy~D^pq0y?tQVpEL?aGp;9$d- zGQq|IdWapjo&(O6#$0p1;nmgnWR&rXYWuMOTg(N`!LRWvb8*XOn9t;MexOAuanXs@ zVKEV)!yo?Mht7`gI6^6%LRg|MZ~%JPcXj{~R1re~9b5lB4RZ%C@5fE^_~bjqD@Sh+ zr>Zixk<tP=u=-5s&7EvE5)B<VZp_0lMB=e(ck;5}j8v}^{Q9)Eu*IO^Sd@@{5?+Xo z?&^{~?ibq#T9Ikhb*5|{!jw3rkaoXgPNB3tCsF(A=?R}Y32ev44U`9>2BGYB>@^)j zUH%nHINq9Cr!K%)z`iSZRs1(OCelUm!a&{PEnO^5$Mif8BLKr~lu$%D+6b?$AW^|L zw)O85-%>gdm}WB|J9|-`afnhbLA*-&Phh7b4SE-m$;Ubo00y+c=6LhYYLUJ7Q4sb5 zWzeq`<8}8;9Y%U2qlqC6`K%p4pTa;m;>|69VlNy7@$iLlkL^qVK5Tw3Dz|AVPmC*Q z@E@@CGG$*apW=)?>?ZmdT+iC;2LOJ&5b7qTJ`8KkJ~F3o1MUen`ViD28b9L-h2_RP z4ag%ueVc8vx4VNxqKvto@VKoaO2D%qpN5e;<DN$L|5SF4QG#ttwobFM(zb2ewr$(C zZQHghZCjPLZR^$T?lZ=Duiw3W`|le2=Nz$C#5ZGZ$&Ui6sKa>>vuZV*D-|`5sjMp* zDFhp0TM?eu+A70z2C*dGe_v1|vKC{fjE!Kv3irH4>KCTSb#}V{PlbA$f&CUc%4V9( zVWGFCvjRlh1uP5$m2dcz98gv&5KUaeshaQAH}FkhJXM5%UgOC*o6Qf7a!gPnfJy}q zQ2i7em;-J@jVyj*aVr#7hueQsNE3^Bk%{Eo8W07=JUvD}Kq<IpsWXudy>_U0Lh{>2 zEm#Ij`5qJFV4-J2+&qZTqPSD@*>XH%{9UdQD|-6&R%JTSs%BgZ3OwDw&e`PN!Zy3K z?D-hD0_xN*-pWc9OCseHidVGccfnlK%N3jty_m&_f>&x|fW9}a?P!(t0(7c8HSH`= z3CW@K0j<vm-6Kpq%sPu5J-@<5pJt|7xs_teYG@g%!hgs6i#}Q{?98bGXjT%%zoK?b zIA&jo(Vmfz4<<ABitShV4*8SIXc%!JWdsFTc?f0?;E<NnG1H~H;iV%wvc$lo*9oDS zXs!hqGy(Jn=%tUvqh4@3v`%AKm0d9Rqo>+(q+Q(y<B#``q#@qJ6D#PwOqn?GE1Pd1 zt@}7osluf<zj_yMY{V(eQvI&l*t=pxe-LrB9DnJh6_fFyi`yxBA+Qt5oRlH6d}Rm& z%GL>v@X2XY9Qu<Cia{E$wV#42tyNbPu6_rNp>*12A;CtfV#;Yty_tibF9osNNO|;B zs1_oKz630}isyERRC$`8M{#}Qst7L9Jss;su)#eW`VYFrJ}$5SZrIP?XP5tD*v~(E zj2#~Tdjre=Y6x<nV88Gn!y8Y+CUY<u?{T${6rV#cAe=?5XS?7amT~f2F_ZcAD{)?M zL8Yj)(h{$E)jTF@X{YYp^E3=U(2is30h`|C&0Q~X26U^^L-HiJVpu~ddxm~phP>RB zE-8Y1DkE4pTQmCCM8NhrUqoNj9a=u6DE@G1-6p4-{)wY-W3><V2ePWu2Z&{W@G)cU zcu;Z9Hb$9}#D-SYT+vq8aVE=s%HP8~?--X*fHT&uPGdZU%ET5s4kpM#taG5luoHUg z=A*e3&jpf(U=VEh|H+L#&6#XeX4fHy;d_)7o7NigZN1FrFPusXkXeJ**t5myr$H-h zLK;}>Vdj8jnxw7`(LwT|HX|LezJmk><N*b8rnlRO^L3|E6z*}+4PB{&_ljEl67wGg zD^1V8l)89Py<@6#B=Bo`D8p>|MHWJ4a!9jJ#Iq9;hSCiDhVk*JZMn>0ZrEdrMO4~o z)x!b>5BzoDpKVpni^($8;ehb?cnWz#GN8`Tv7mwG_8qqNvyrpkl|(VfOm!<_0OW9F z$W2EbB>YqgYE!oGTcy!K)45MVNdT#;(Z96%(c|_?&bA~CT?EkE=<Xy)sd~A)?YVDu z<NjP$5^nZEuT(Gumg5USQ94Hsx1tG?>)`jPTqj@OUIW9apU{#`87)gUo{K?el97%N z$(V4C$w$fG2bTZ;{6(#X^NoLup8i^N%_oHYfKtloi8-s<jw3W0GG#!%-Vo~`B=?*0 zaLqsqHuZjG4urH8ti9ciW|a@_#@3f|I{xBivLWNfH*dR4UqI(|X>JuEAQ2MYt502P z_xAv=;=%jV<<BR1+Dw$fYG`(Fhc%UJGPflc$Z2nZ#R>*(87{!kO6Mbks5w_3<p*7` zODHYJ8X%&pg=-H|qkxkhkd|BLS~yJNWl_EgOIv75S%e)deAAgIFI2IR7^EgYKXhB) z=yQzDMw>$&y(CI~9L6>R5_p|R@16vV_XGD<iO}TR*23&9k0#$U7m}XCahffA6boCT zE^IitO4`74E}6&7(={e*qp)dBO9ZI_E`4eW39(Uz-~(<g*;VnuGnrlC3D~MhaO^w8 z$3@q@6m+0r!<UBVfZFela%OqIQ+-Rivy?dGu=xI<Pq93@NPKkxi5~BKX<<%YhIB{A zuA760#7JP53mD*nrslEyUQjgtO6|$ea>}d)H3q!(82uUPTUGO6G&x4iRWofa`9lTe zn8rSE2VgGnRVS6khkO3?J^TVIhQ0VyAv02Ru*@Avb<4E{%sLw|&vccQtb2`l7Wu<c zY-pOZt_K`pD6bPS>ugG2yOXm=H?uPqUos{$6cJ6scxT!UoA1Ww)m`g||BA1df&Z!A z;H2H&#nQ62<*YxwXHqSr9Zr><`|qmx|9b(n8ZQ1rHGf$E8Y$oag17nwKl@T=YZE7Z zFt()O*!S=MtnpRUD`LQV2>F#38HI+tYwc)?_eA1A?(smTnz%0o&E|VSDrC4P?9pZg zrCdEm`#(=_4HK$5p`ai-^D}(h-PVX(^Lt^ORoKoRPJ#t))lbV4Mr=42yrStogA0>u z4amFGY+JtgSV@T!O;;q(#hNAO>_tKpIo}}~7}e;^M8Eh0oau3nw8`+sa-!DRkaCsY zc9E?nmN~?CQEGf>rqMAAD@~Ar8`GX1EiIT46**qtmtcQi9cti5I0c3%uQ%&YEZ%oy zlu<Nn`OKFS66nK}41zo<_)QRd4ad&Z)0TG>dN6%BL_bV4+24UV|LmjY?taO<Emjlr zZN<oIoSQ-~(a(_HSy+A1hJd%aU`Rf3LEK<DE<@jM26W+qR}y0|wnoYQ0o_6hw8TX{ zOZ$>WF8;<0IGfNAYmiIB2aG_~Bv3mhLWkeJ7g0q&q>A%7YtTZ$C)>HXpirOE4O+4y zOZC;9)P*o_#9E^i&}1vrc&%L3i(p{Uj=wtCQHOAll;NS^&B8>cAI^Yv!P*P)+~3@g zw_h!J<Y)g5KwLPF%sRr3y+9ZuLjStZDFdQt?zb&j_a^VT;@+KBg>*Kizem1?gq3$Q zj`M=;iLcS&k<At<c1fd2mW*;Kxvg_aj=Os|ws>m%$B+0w1wd&vTwVR6*8F91E(7}$ z;o^~tb&;$9zm?z679^XE?>fZVqQw}ZMfhuh`CdJG@l#v%U?V2u{)OY&Hks9DhlikT zFUEVx=T9-FdyVbUp3X&9x)MyLy6t1+^6{ig%2epN*MI=DLg-YzFl*aWqk~q-Y?Gk; z43&;BD_khkJ9rSh%`^m<DP(mFJCB@cFjII19@v_E%sHtE&E?ba(^6RwJP>=&a)sJ7 ztn;1J?<Q{xJZ{J@oR^LHJynGgP0%9&Ag8=%rO4;h)f32PT9Um5H>SYeWRNm*elw4U z8h%LBP(G^1Zp}=LS93Y~G6j9wPy9e@7JEXg<3lS6WfKaeK%CT3T`5+Bx$<_94_1x% z8>C^WBhs<V=;uem>pVr4h$HunKTsH}V0tVpfBI49!KZ^a*TW8O5J>w^Plk`QQT19p zPPwJ@Tp%qKyL>5#Ir3j-k{hff#unKx8dW>tyb67=0!hiCs8rP7bU!Y&2^sh;%!PLX zL<uawTgIZ047g{21$!}=qwXW@-d&L!i3MRL6fk{pn|IDq<^-!kRA|kMS3(lyF%NLZ zu8j!$NRlbwnl)c%m@|hCHspK56E)RZX|x&^igRpID^YtsG$e_B$Dg2;h_)su-0K8N z-zV3M9-!p4pBV_~VYPM&PBSIP6t0kk!f~n!#XjAG7^QS7q@-2RHx#&??f&P=1r)$P zkE7FSjI{jUtz4A%z<!&9?>473Uaqj%x}!<*yLAl+L8cgnZiw=dhe%MjA6!QzpP@lY zrp`S4{vn(D@eD9PUUsBQ{h*MR`uv+Y>o@^j=QdGbFM-&$M@25x1-~wgA<QkHISg4B zMK(wUf6$Aa_iEKen<+qOFPY9pxh0ve{!22~l@49wBlw-$aTS&D0O*%%Dc+$6J}V$Z z(v5K0T-t8V+P3AAT#L+SC$)Z|?04y56Wm9BSeth)lkKoyVb?(vDlBa70p+p0BlHsw zoY{&+H2BKhhNoXv0cif32UDTe7BYF~a8!r_u-5bxK3y9nKRf065nSwo_)$Q1a3XUX z)&=R!fObBdblUzJ0fXX56XJb7dqpdU)1>lAIwFmF59ytOI-_k8iNo<V8<~5Rrc!Kf zyOg=>1c-x72g~AUzbXVCn0JJtK;9Qr{z^Ek#jEm5YZh)^cz-%yO5dY{`*Eg`c<%we z{VYIqyJ0sUa%4D<R(z>)N{*sJ0Or`ypAi%JRuc^k2-~YnBRD(dTnU%jpqD$^=|(Ae z=Va(akwnxys_DC_6!hz~YgBJ&aqglqp9KqhKKVET7a_<|LhMsB<x5Xh+a$N&Y*!{| zybMo-4a4uk)@y+T4X|fSy?JtSnWZq)UtpT+652mJa{|&Y*c$uVWKGHCto_=}ctyI6 zMfXviZwr<F;cxsed{P5dK@Zpz24D$43wFxISbBl3+Wx%~Y(Yw9ib>h@PVv(|A|rA+ zhj(alo5W}-)*VTjJFrQ7jU{UwP2iA|GH^GU^ixM-;>!61J@<gLOvDqXt&U_E3aQMr zxtw{4^Ezab>8?L&r`T*Lse}Q*;yy4*b4!etDC+68)Bn=PJdE;M^iT(()bos4sWenW zgSN#0tk@*{@+LHP%lv16zGr1pf<6Q(BPCNv)P)jLt$#LX6vdD5l!eYoVRNoo==Zj- z-1jW49-F&$;!YEW;G;`)a&yyH71bTlMJF=IZ-Fh<_fLP7e)saJG6ViInZTmTc0&3_ za<`5udxJ%@ngU|IiN)Fxn>~>Pjd6k7EPc}(nu$^l?n>zwKLZq65YlLFVW*FbwRq(v z`6=WiRuU(8Qb4XzGrRAU(-f5?xrExW#gtA&JdP0%Z16uJC2V*@s8#mK1Sl|{RcHxp zHr9vY?I;&RMZguQeEGl22)UcM<#Z7bhpb;GAh75InS3)(gXW2w(Fpw|{Ot}2XTit> zQ155JIO3uc!e>-272d9|pd?xL21jAw>+FOvDlNLWC3ZY-Ph&PCeSBGL#{xE5JiBe_ z@sl#;d@wD9qom4BIAt6JLj_lqStDsX`$bSZvicG*{Q7*(JM1(pzX4TVp&~D|8ft$R z-IpkdYvBL4?3aJlVExVC_}Ap<@BT(Wkqv7JXmX^kOQv<Bh?(C6_j7FjATNi<|G3!x zI*I&)R}{fz$8Ej5h?b0ULwg;tUnwaHD;EOccuyFHMQ+7tNPo@WuyNR17IId>sQHc@ z+P-CJHgB*F=oI<H?Rk}Djaaam;-jT{lRInrr{n(&(j47PgE{&7{NQ}1fP3Z#9%mb@ z*Sf5Q!s&BwEBEHEbUDRC;`{7D*<Tdp#2Y!<)xbnb(Li>QsHf9fSb$U1Gg-{MoD8&b z{c-x$rx>ASQg(Hq>vtqIb+A}M!XV{2Tq7Z0rNE9NN|3ifNb^#(M<;VW!n%!RaMDjE zcQ89L0v5T<Ek1;$rTub(0N*K+-Hp_K&Kx?Uj4xx~O$5$m+9bOca<&B6sTmOWv7w2K zw*%~vi{f}Up^k&<WPhFjb3}@U&Y}ApWFOw}#g9oOQRsV0V;C%q$Bq!<K2TMPKOWXY zV~*QpgUcqVSfb~ZBYIe%kgHti;v~TmN}jPr5OB=ll{;$83Src0w}(lBswgCQ5r?T8 zwq#6f)|0pk#9oOYN#CIPjYrW-+PMvl(=x-}dP)ChmswFA8p0kXR_HNUL$)6a)R5_& zW)(`R&KSkMFNrNC<67WC#r?{w^U|?vfzfBIXGK6qZLUknAfBsRVr9rgS<cx5y>nha z$e&m9dXL4=77Fg8s3^s=NZeqJ9U3mKX)BBZfIwjlwY?V)8P8KXM}SCM8aW%8zhul2 z_7mguj%npf7*$HUepI=AKp-N*P@XR+7-Vh;-bYyInwvyl82zvlf_hZ0;RCrIsH|GO zavWRNzXXVbHgr$&C`4`Q!NdO{=Gq@64Iulh9}Gfaq}V|PW|z=3%xkR~5uPJMiD5?N zm{N$z%s%f1K0HHSsi%_bDcFU=b#tntSXCNO_E4lcy_6kWobzi{S0r6^pt-;H;U~?{ z0`IGJJtL9=uiqmQSd;KZ0@{>_*IzDLIOD14e&b%SO#NGo*AK*Wk)v`#J*0)*08toa zv~={?&J`oUTLHmK6GU}<?#}$^Sb6HbeViG~H-?k8Qf=S(Jn|ZriP-z%T_p{=rt;QF zb|<<u>)j9!t>sl$XSlQRTm-Fjpb|cwKj%t%3+^jqS_2n%9O(2GJ=G;^0;kp?cVogP zvdviWZ#VcPr%i=@5&YZ$tSmCeQd@V!Xk8(wca0g6M$yhsIIak-h?@2M0Q!ayMRP_Y zwjf*`Cns!PwL@QhMTjOHUDKxZ5LkO?-A=I!G1E|Atpe@KZ8a&lSP##Q@;;a$e+%B2 z*~?lU(r6H=l65VUWNI=Sm>L(R&?F9p8ZlOhe}1U4Ft1IX2rfriA;{o1;@2Pa_yq@i zM>)Ik<D)mu+DMI?C>Z#Bw;haERJN92;)zuF@)R7(DRj5Jqe6&tyCT1EEwKJ4!$0o* z!|)dx`vaRnv@%mP36Wa^Q)mgZu4@eA-6?ayn^P}oNhscwIgfur_2DOXO+l`C#@=Y% zTw^)hdnI0^ekEau6{vrhHwNbh2XH;|qAyTK06_~XkmIA@@VlG8woQ`SPH|{58ucu8 z)*0~gE9C1Tk4Mod+=lj5a0J8!l&l=akr>i7^&BwCYB+u|F{E$MIZIG?cCaM4LxS_# zTqCWaFOT=p(&CdJkIu|iwW~@#CP;uf>ho~me6?Ph!cJYML@Tk;AP?GtDu_&oh8^AF zJw;C+uiHc#18Qwi5Sy}GRRlOh>_3nji=a%;g%u3TvP92QDXs@!vSiH#jBcRK_XXGI zDd8T%z2Q=`IiuzrzX-&7x(&%LvNXvX?y9l4{d(#98JCW~q_NfDkuVq*N6z;YxtbKa zt-m<>@zWR~d9{au-i`uGY;^GsYw;)&O;^A$1=3IMd*lL-iP}mPKgH$;&`iKbWONlL zbTF?m;xgP9G8pr{dCTWkjjEw@5@-Wf{C6?Qv$oOtN3Xp=8nBa4Yp^lyYyso-@S9$Z zQgWl3PAglLc3-|Ai8Ur0uKAjOQXCY8*@0pwn+!`HO;C&>yHFqPC%3+21b5TfhDF?X zyatxOnzp1dO1y1h9Cbu0zZgfpS>jacEfOH!2+oFR1-a#q`ui%~6-N?f+`#{y{i37a zfJ&lW?&m=`^ez3?U^iZF{q~QW<ap?RVEBK1OzaN_&{*Izuafu!+>;i3#J2;xSG6RL zB@w*5h(iPP%NNK`k9`_OqbPNY-|46~HCPTrGRy&Xf+gtB-oxVWqA~2lTTPY;23r-- zK;0<FUuwn^D2hGOc&%!3uejd1&Ys=Q&)<1Rme2bxRwGS-FGI#_?^XxwL^5B(IHOXN z5E>np*N;J;am!W%ap~)jJa-`Nr_fJ96v$t^Ikct&rh*v61HU+8Iq+me_OT(ob+g7q zaZV+Rwx}WA7Ep5Rwh0|i8I*wlJLv`@zXRR)13C!N6^S%nALgz7)RA-Nn!*$BoWSx} zWc1vT5r0(fL4c4~0{e)J?3WMtSk_^3Tny#$xn?uf>+Ff8;bwxr?~=N&x>5*m)x!*f z;)`wkNrj_kIXKh*8PZ;gf8%GbbMwqMGYOgj&&9u$pWO>&i%p3*EFJB~+qlfFlifx& zB|RhPEQ_~L8cI`?&*dRT1y>1Zx=#PeyDMn)5v^fj7@+HrZ7_2cc88nOi3QGaXnQfK z9_4rLCf->cr=7HyWns&RF_rQs>UZv3Nli9Y?HgTxX=hVWrP;U4`7Ef81FbeZi^L<E z6H02IJ3fXBSysvk2tO>2D6Npw&ok?ErXmj?R3)Pv$PZvCErV`S)7t7jqBwow)BmY# zC6sKWsSb{JhX6_z&T3;aZ3^GwXP<2P63pL$#=jQSzhL-(35xgSPXYpz#-9v?AGfrb zQoWqB<$mv5AlwZYlLnO6rs=IZ4Lgcpk<ulEhkK<U;BNs?ZHFg4&4(Y+R!B3?n;{l+ zOMk4f05L)chG85=N#EbUnYgQqZ9skU&KEv^k%3%3V=WWJ713C?)UtiW|GGK5H^Pn5 zqF;>TeD4rh^1#>hS#3q2Dn=b8wJYFV#Qs7dO<QN@&xE^;k4=9+)p2<!HZm0pMLkxM z@<Sr3HGr+NDCiUU<7A#7?d}H7`;iB1FXvZQE>c!B7HfS(yQ|HnHPf`c)!_Y9-ddK| zfmLxJPo)`cS9fb~xrwkPJX8OR&c#H`Bi~4m&Lb}xk|&rOU5Qmr6#3N#qbhhyq3OPh z`*DT6O0Pu=-2(Ascsz|cEf5&|y2V8CI><gRE=6S!Tz-5L8y=Nc4zmg^0@a5=?N#&% zM6a3cGQk}Nv{!PdZV7pKHcK%3O+CA-tslt93m+pRsG?NdTdZNHEb3`eXzbKXdqX=1 z5oUgIv21;gT)b&~x4E{<BxdhAo}$iwlEJ6SS+V({1}jg$YoqlPn==X#DU0i+J_(P> zrNo~+pKun%B*ItsmkEjIl<{T#*RBlC?Y&(DKNB`kB|c3>+?4aD(GJWn2>vY8=i^uZ zE)RFv;M(y?j%%j1+2a9oT{S6kL+<ljfk=MphJ-#uoRI&Eko{{x{R@Wwm!LvSV83;f zE!cGfI=E&BP<!|&1LE`EQ)nZg!g#J;XfDvv?7Ph0QNl;G#e+=!S=NwNDjX}OjF>O8 zB(8o&o?Q?i6i9`3P9d`pB^pkwm446g+kU(zH)yu#@NrfsI>1jq0jN6hbr@){9I2Sq zY)r$1-|~RPstW7<z}?xuUB}kg@PwBJ2#E+fub#+<>B#4}0e>@Lwh$pwx6iJ>WUDGy zeQ-1rYsl;OH!jnx2NG^Fq&YKXlnI5)q)#x5339g1XCgnYd>$W~J+#4D#O&Pn(Xhcc z5T|)o-9gIM3V4E3k}Xbf1Ucs$xe_gqt22oPqO&6zez<p@Jg<7cB?V6IDgP$s_B{`^ zG%qpjg%_EcK%1Uo6)NS}d6n3`)X@cGQ?#2;s17Q$js{}283ZjUP-aeR65)8)-ik;< zKBp?gzyqL!Ui&;TMy1y)Mm>TPQJ=0^l=M!_WxpjAS9%Sj%FE!{WNZcR-UU4Om44)I z18dHHUM%wCf;4@i3rJg2T{evaU9HyVNsfiE-Ue?0k!8;_Mj?fNO4w$nmXKd0&sx+T zV4lQUOtVO;0MNwxtjppZS)gWaYu&z~@sxarTs#<q+UBisdh1`9p_+fTdjj=|f9wq9 zZVtCG+xp11DDf#WHREwjOJsfms3#uq^A~`QJ0lm-MVDAR>!&bi;lcm+E7ZSW_<sp1 zy$%i_t<luKk2|sdqA4k2vM=)Puz?z*8)gTb{^w6)UJT224aS8D?tQ}&Nz*}S+dQrw zlK>5I<$Nh%U^?D=u6CLwMYfG>ZIF?+w5?WUoH%sNav#pPJ)9!y%@$<g>zqzm4~K;; zL0pL`bkZ8n!M1@;uJj3Q`uunA(fC^|B`sL%yDW>i@=C2Db!#5dGI5??lnf?-96aeQ z?WF4~J4}{7SkLO(p@*0#ZF_u>kx(weO@}G5a-N0wnc8rg#OUp^e&5`(&VXsc#?p=^ z$LslXhS@1MT<`?58C6Ty!aViYD7-b~kHIUNk5QqrtPRz*)tbpyTWI9{zd>-CrF#Ya zwZ^sCUC5W4Zv6qSA(Jur!56teh1}^Q+PZm3LdMU_#zniSemff!WmmmRSJU;Z8jpsL zDSMv<PfckmPjn#~g8DAzu9%%h{&E|>C7|riD7CFycMZlzVEz$fj?r^I3T229!_Cqn zliwfKC#epaQ=l9N*!&H`3xPv_)N;&ECkj%c=u<b3vbGWXjQP3>QYo_Ug<~I1eg)5O zb-+t#2hV*u=wNEO9I_@9k!%Vqd7^`y9EhRIZAb>XoUlrnQ62PV4A)sZC#nh;I46~G zkBEfzE;&ZwC}b-<Z1gLeY;-tDU@|?8e^bGHNr_TB@GU7}3o9iGI%_dEkcE*K>E9RB zzhL-(3CbM{4j>2%6e6cx!8-7M@XZn4w54gFjUB8-9;x@3-#aqtmNexY6GCETZ|S}L zCq9<j;6dLF3rq||(T1$|kSTQ-h62__kr+R?U1~9{UGyC)2~i0#Z7Mc{%BswCH?cNh zOir8#l)sgulGYM85vJ(M>mJ#(o9%L*UCBiX<Evp~Y%NH2hb*3}yI$7q)H!{Um)l1F zrdf2eX^75akB6QfLfMFPqow6c*KNdZ)4oxYvWMu9|6wrb?yzPH5X|0wft?WSR;Wa; zWOs1_6vysIW$V(RZx+Yq=Zhu(X-VV;RS@E^DskcCkNLX<s$DWYHdHOk+E%AHSf`ro zSl2-;-FDL@^lpG>B(Tz1>-JOym8;IUI^I409KN;>@p$Y}-qC`we18R0y+De-GI+8^ zO@x4zQ~3*Q`G({^!AtHdgFbxaQ3@-{M$YYJIeM_59(39QgeRMOeO;q3Fr!+fa2+Es z$mxq2wPeSEOx;p~6STfv*3;=j<)f!<A#?)GUQUx1DZcK|a2*KIT4#OcCy}Jlx_rD* zBB#BxmcY%N2>Oa;<8Fe`eUTe2R4(q~Tv%Smkp0iI1a=76p(CE4_)bBHq!yQ*t;L#s zq$SGLQYHS86FacOA_fuHyY}g5sr__glaR}K;X1tPsNhCY(P1*7(3z(X)tk!HnoGU7 z^z{FAI@SLQ=Ks@6wD;eF`F{!ZG!zaX{E<I=;&P^VMrC`p2a>SqgPB++)K0MMV9B`0 zlEOJS_&M9aq$L|Wh*iiC8wZn>QEl@C1wsG#-t1D5SA!Dq=ZQX-Q$AbH)f3EgQg+82 zj<C-@ReZk3pDYje!AsrZmZ5O9AAKb43+jEEQ3LOn#!D2R{llbkeSVL#XDZ8Ev4(9A zV*TxZUiL{#*t*Cz-M`>za;OYg*jlGXUO!krDQfIEvwqSpM16y3Vm;0O;MLw#43xmz zR3G%`S1o76`Q~}erv2hL+s^pS?@zb?iib;4D0Eyh1YOGZPPA={JK>4ckROF@i)w!B zP0$XLwrZ`|VevNpVlt6dGYqQYmzwOhYfEd9w2)Pzze17Y#~cy|TL04RlgbqNm_a<V zKPCcj>;+PuY&qc&2F53FHuih3Wwk7gt*2T_OYk^JP@Ui^dXf$){KzASMKd&Txng62 zb{diMU9g3sgT~8)tw|mmUU}&~JxU}uOVxUTMbw88=#}mWC((9-mq~uv{afi-#QN%n z7}%LcWxBGYG>mJohpL*-O;ceYrH5jeHA26SHU$rgR#IrEQQKx_!r;f{W{PCi*!f&v zquZ{`@_2;x^~1C7gab*1esLwPKqc->urmm!Y1zA-^U=rZ><*>_-|f9YvgpAkx7&<7 zhKwCk;knL(Em70Qh1-pn>))~LKZW@te~0-a8GnAEk*ssZzw|g%hKlK+d?yl?_<-TG zs(C^)CJH6?Fvu5%T+`#&UI8{T;F?_K`?VKJBC4?s5g+PUb!e(D<Oww?UM0*3zvnN5 z982qsU9ao_Dz7p}f)gq9DU^8uGs=g3(cgI#$b!;po^!rZ$>Sd^Oc$d^o?hKy`fhb} z&^?V0UT5cXu*Qk5snK8{7A~4K|AtGXN=KvR(<HX5WN(V_Air4+c^Q;E`C|bDPT?~p ziPFt!DlxJG&b;W!bHs^ZyFP|jVm=_tT$$<w4oarRFZF%;ckf}(hm9z6gZ;qDDT<|z zs)yO9_vq~+HiJSnH~y~To$S>Ff`ajHko@F1JD_^G3`4PoJ~+yJ>v$F;@|qQCj7Mw* zfbDZ-r|i9OE$ce2jq!m#*z9zM6&NC*1!WxbDO+j$d6R|AT}2`ULDbCGr#|hLiF9$X zq^EV<5?A43gUz|5{dgnA9YU4{1gVX=7^@9iVH|yLMNxQ_i#KZNz$vcyXI>G5E5qA^ z2$I$EJW0nNfo<Qv_tvGzwtv|`N>CrnoT}hj;p>gcSbl31^p;J=F+Z!xEjc1yRaZK* zp_~%q_JZ;5L9@bFBr?s##K<-a68DwV9P{c!rG6c|FxbFN?+StoqKI7({?>66_^!O+ zRoX7s)Y2NQ{B(oFzP5)$_qDOc<Ym=s_`7QUDa=3phid+U`PKxmpKzb*eV5cz4iR7< zNkx%~^-<}f+&A;>*Wdaylfztw&LE$c_=b%0Ee|u*9`T=+bxR<cc$ZGm?!U-wONu)K z!5hZsfozRb>c(Bn7qZ?CmT6mFXG*cqL}sl7pArPv-trKBUurk!8oy2|3JIs8&R!Ds zB_Za%Fogh9x|*xu+hiVxT=yH6ngCmN$Itb?N<!Sq{-m=iwnI2PVlFm?yII>7B4--= zkTk~jYf%Zz6VGo13sGSyeH{S|0yt)b4&Yr0f_Mo?=(=PiR>5f2d$mA$u0^Z?9Knz4 zzM2%lmZd}e7UCH+etF212f9-TRX#t&Ek~FTaGNHA=Ze&vHlZ`OxJN;${WY#a8aP<j zLObyyM6wPTL;BH(aH6>|1KJSL`wkBv173bvvwvnAUT^@^K|e+TmLMvCMt+%iq4O*> zzF_Jo7!!$Y#u~t}NniQ>(pG;~Ip0@1e4)?x1P4X@xEnPXF+U^=XJ{lOi|V6>e%aN% z>i6CcLZhL{$Bo5HUp?7P7RJhL%=w1}D67taX51l|+Ex8N(H!h)+q@m+O5(>iW3-Kg z5Ui28z_;Uu=^70!B=}HOB_SoGd!tLde=uk*z5oUtrS4FOmX*6<r(;=Xrx@E1k4f1C zacM1`i2N~b*&Yc=-2jvXhGzW&z9Xkb^80(!E@CqFT<qV0`PblohxyPLZ~(bgdf{X! zvezsdh`UgP*2?pyd6h1k&t(+k@@WU>v~2Xf0U!MykGrV`{RqTkkPy#Acz3ywpUN5# zIT}!xF4|Wln2RV*kk_z9@2LiCo!!({*n_J^>g~9dp?RS`_ggx(!>wq*wdy62&)Flu zskhF$oajLd*?aMW3FdU`J>hevOR4tWQe^DueJFdGqqA6!Ln$KN%aCzrx8AUz)$3sG zUR&4~Or;6|p`)8|-a)e;c2;&IRzhSV*vhC+Eb(aHRCS;(siZ-~YDv;ga=@*tAxqC@ zrA`-JRKXBd6OWshLMlf`9m=vxy;Fo&5t}P%UF2gk(DtSyZ=y8W*vAS_mt}<_AV`f1 zSupYMO?NtoY7es^C+(kRc>dv(IjqwfBqP~l<s;vhXcM<)da{i$ep8KvY>R8?!MLPe zTE$};EKA#c%f#4_Bk$+Fr6U;%K6EyQNjL7)eoq}s2FGCq&&BxDnekRTTGC<nzc!xw zUd50soPqoD%P;&Z5A_a8d*8>}EK8qFhzbu1oxG*IXpH!kqO$I@zgQl@1{-*17w4%t zRm4DuU4c>tZ>o|ugmN>Ca2gYUTi;W@j!7|ehYlZUVa8$hjRHZKQY@wusGg-R27mX5 z>Q`MACos|cD9pjw9){u>umk<zu-W#q;t_rFCM~Cl_z~WXpBDOW!TiJj9nAN*gae2; z7AeBIIV1BOIgZj|@iXGW8Eu=DELnoze8<hG?Vqk&))x!r^3#S6DV8Jvm@9!ha_u*t zc2k;3&~v1oI*3ZX3~HmZP~2AzD*jomZp*<rL{VJ7s=kr45G*jQC$rvl<unj;k)`wa zGSHWFNo-m|?!?ATM~(kupvrmWC-`yUbt`9+OI=1<QYGo<YnTDIEQJZcmg1AxWJS|f z_?tca5NOvz3|m)8k)Pg)?jJl&OE>gUrRQRNfM<$_&dDeRHGji#8O=XujjZHbCn{}> z`q_HLkw@k^dGr+a4DCQn=KR6|!C%=r+isIC=-!aa4&AC8hith_@{?#ckG^uF)4e57 z)QYhawj$lXaf4BIgNf_S?L2{)R!$6LS%_x1oArxk+1=3k!ZOdw`h;L)){N-WBB6ju zi>;~71^}-2OQtzek6Hd>EmPv?Rk(j6N<nLq*87XsU$xq<eP(EateKsGJ8UPvZ{m!) z-SlGGZrC$95V0vzVlRFFK1;*0?<ZaZd}~AyOoAV|=BDG#M$IV0XkwcwEzxx%kkgT; z+A0$GUG@B*Qi8aM;SfcbSt0><Qj3|=Z{mT$GeDt#Gpke5!q`GRQ)!HN{;B)|F~J?) z-crjxs>rMzAi7Af^K(Yh#GTU(*l@ruOv0d(2+_18eo5NbW5QOX*c|#lVg7$`lqp6Y z4`qoClBb6uyw}mwrC!oz_acObp+oeP3?xr5S2=`$-+?<?F?KmUn3+bc+tx=_2FJg! zO&u`%leF*>u5f%sFT*cC-6diU))j$P!(Xa0B+}=mr65JpDmY>D+<TzsQRU$V<)67x zmxMTeJXPB7@APb)b<iQtYr#<kSpsH*toqMh-h~<+{GeV(tc2c0Tk<`|l*wfIfYP^^ z`k{&SwYV=-?nb<wlv6uK-Cx%e7fVBwfTHlbx_4eAVq;ibVjOkYKCjGsuxXa>>b*VU zGW+v*^32#YQ8erKp5X>YD&CEFJElhJog7ikmvYL=7=PJlG=8PqIJcQw3?SM$={xl% z38%q9BgyXOpv$3)EUs$LadA;-uHTfeG#SSzxu>jZh$Y34ni}B%eIVm2Gbuc?JTk>l z0j;wiOC&D>(_yZMm^gbSCR7WOnxd=ihmWjQX%#vU?&4^w>IUhi`U*VKw9_*y!|BPp ziwco}!_NWJ&|WE^$iVRgIYaDxRme8jZ4Uw$6sg)76R$!3iSY720r!k4*ROmmWoTmb z&~`Cv>s_|9(Fba9c?&ga?ICB5XsbFFth9*a)6?@08I(=qtH20MD`dh$r&2|Er%r(S z%eO+UPW~sCLr94QHmo_O0;z#`xjF(nCVUd%&Bo$x*srr|o^T9UTbut4=Kre(>u)gs zuSV+cFkgXn`sxnhehJH|atEFyIq%S*k>WoPOz%G~w!cnfN@2fvo#`MtaEm(p8imN2 z1$2|{O=h8q$e2+U8ku(qq9`kDK12@qq>Z4u@X2@QqBphC_lYmi2}07kZ;{%KDZOYd zHUz=)9|8sWv8tnOD9^Tt!Fwn+B1T#2MB#oi1tn@Go@ufF<cwz|c)_%e1U_keCbywL zfMb?f9NYAPsclIwEPx7H^r|x+L@7>z0)j@WKixrU8cgGh7e?wNZvZkR7SI;nx&z2{ zfCy}CHz4aPaXjBVH$yaAGJ_sHK>mS3^W<p4ka?l6@SVVgBC?GMErU^_rf00;+ktth z59f8|iB+W(V;^QkIjjGRW^JE&TIe{EI=8KP_8PQuC<#{FO>MO&5N9=#5lw-IhD0XT zpI}Kdwkxs`xf2IVE4pGuB*ISpn+2vtGp9b=6KDA#p=n;vj7{ubyHDz!C~T5#yPB@s zGS9R?kUH`@2xcA&#qyUIVuxhsmS_2~HFvvoBW%6ol!-A*41xnnmVd3`c&JL4jUu@u z6@bCm-p@rKuHi-4a8@Od{9gSQ2rwvj^}9d|+P(NoyWPdtY<&gl^AIoeRn4$W@*Gaz z_k@}#xmvJ}dT<3Bstza3){8?!i3_gc<E_HMw?jd)$K;s~Ny6Hbjf}acTyPehbrq1h zm)tV-+niyUg|7hq^GMGF@q_T>xK<YI9=4zr?X12bhd0<SI)v=dqDqX9Idctk1ka0- zH1l6&*y-28@SYXvBIN^|c1$&oujGWfuj0&xHo4Lx{4fi5JeM?DART!~+<>h1ViN8b zmv@hDN-z+D*9Fbc`<X`)&U?MeR4F$-MNw$BFp_zz3d2=^7`U1YKnw-~6QjcWU6oEW zQCP#x@ThKS2uQy=ybox3YvVL+99f)=>&p|~cQ|FKTGgWYK%pXLF|r2G$=JaneoqUZ zV8Y|dcg?e-_3Pv)mVyxnkUg&XEquo$*<Ohv_oZpsuqgDzZQ2k|(X_7}>43w5xQjZ| zObQb6VP!As6OD=sh6jvC@tGEw`YIKnK_82VE6ykBBB-fLoqzgMi*hZc^sMji(ANPI z8qeZHn0OhQfCD#vF-E-?ReAw2j9xsq4;IF(P@pH|+b)lK(Ooxa@5tW~$niTa$;UO2 zXg9mV2$sAl4&n0c$fZ}8Nh4w+8o}E2luJU=Y%5u;2hd#LYwKYyx>WC$#yOSFP48^N zY3KOOTOS?b-yzNKAaeN7q%jQ!!0boZRyah9ySU*ehYB)mjDTMly-XhAhPn>Dv}hJ@ zo49P^6GPu|jh{ezc%OjtPt$A?#m1UHQY_}O4telPsX6lD1Bh{mXTtK0XY)l{!kxz5 h>I$Z7dOxj-lRPXV3$I>OhtqrG-o^dCsFYt|_&;O{ocjO( From 74f1a5a1e14c7d352569055bd7b81066ae8c112f Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 08:59:11 +0000 Subject: [PATCH 38/46] Select correct firmware --- stage0/02-firmware/01-packages | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/stage0/02-firmware/01-packages b/stage0/02-firmware/01-packages index 38f2f52..a1c3135 100644 --- a/stage0/02-firmware/01-packages +++ b/stage0/02-firmware/01-packages @@ -1,9 +1,6 @@ initramfs-tools raspi-firmware -linux-image-rpi-v6 -linux-image-rpi-v7 -linux-image-rpi-v7l linux-image-rpi-v8 -linux-headers-rpi-v6 -linux-headers-rpi-v7 -linux-headers-rpi-v7l +linux-image-rpi-2712 +linux-headers-rpi-v8 +linux-headers-rpi-2712 From dc604507094659f8b7782323bded35517524070f Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 09:04:38 +0000 Subject: [PATCH 39/46] Fix build --- stage2/00-sys-tweaks/01-run.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/stage2/00-sys-tweaks/01-run.sh b/stage2/00-sys-tweaks/01-run.sh index 3ced5f7..d1131c7 100755 --- a/stage2/00-sys-tweaks/01-run.sh +++ b/stage2/00-sys-tweaks/01-run.sh @@ -28,7 +28,6 @@ fi on_chroot << EOF systemctl disable hwclock.sh -systemctl disable nfs-common systemctl disable rpcbind if [ "${ENABLE_SSH}" == "1" ]; then systemctl enable ssh From 787c5869673aa0e7445a0d417ceb1ea7df225bc0 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 09:08:57 +0000 Subject: [PATCH 40/46] Another small cleanup --- stage2/00-sys-tweaks/01-run.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/stage2/00-sys-tweaks/01-run.sh b/stage2/00-sys-tweaks/01-run.sh index d1131c7..0c6e085 100755 --- a/stage2/00-sys-tweaks/01-run.sh +++ b/stage2/00-sys-tweaks/01-run.sh @@ -28,7 +28,6 @@ fi on_chroot << EOF systemctl disable hwclock.sh -systemctl disable rpcbind if [ "${ENABLE_SSH}" == "1" ]; then systemctl enable ssh else From 0b080f5043a01fec2a8d5bbd9340373ce82c3ccb Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 09:14:47 +0000 Subject: [PATCH 41/46] No longer bundle docker images --- stage2/03-install-citadel/01-run.sh | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/stage2/03-install-citadel/01-run.sh b/stage2/03-install-citadel/01-run.sh index 5ddd3a2..4ac985a 100755 --- a/stage2/03-install-citadel/01-run.sh +++ b/stage2/03-install-citadel/01-run.sh @@ -56,19 +56,3 @@ rsync --quiet --archive --partial --hard-links --sparse --xattrs /citadel "${ROO on_chroot << EOF chown -R ${FIRST_USER_NAME}:${FIRST_USER_NAME} /home/${FIRST_USER_NAME}/citadel/ EOF - -echo "Pulling docker images..." -echo -cd /citadel -IMAGES=$(grep '^\s*image' docker-compose.yml | sed 's/image://' | sed 's/\"//g' | sed '/^$/d;s/[[:blank:]]//g' | sort | uniq) -echo -echo "Images to bundle: $IMAGES" -echo - -while IFS= read -r image; do - docker pull --platform=linux/arm64 $image -done <<< "$IMAGES" - -# Copy the entire /var/lib/docker directory to image -mkdir -p ${ROOTFS_DIR}/var/lib/docker -rsync --quiet --archive --partial --hard-links --sparse --xattrs /var/lib/docker ${ROOTFS_DIR}/var/lib/ From 70f7d58a7adc00dd4c06cba2dd0874405ce40160 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 14:01:19 +0000 Subject: [PATCH 42/46] Set up loop device --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d3bff11..b1f5523 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,6 +7,7 @@ build-job: alias: docker script: - apt update && DEBIAN_FRONTEND=noninteractive apt install -y quilt debootstrap libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx + - mknod /dev/loop0 b 7 0 - IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh artifacts: paths: From 3b5e332b13783245e838a087d6dccbceaa17ec95 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 14:01:42 +0000 Subject: [PATCH 43/46] Change base image --- .gitlab-ci.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b1f5523..691f4db 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,10 +1,7 @@ build-job: tags: - arm64 - image: harbor.nirvati.org/library/docker:24-cli - services: - - name: harbor.nirvati.org/library/docker:24-dind@sha256:28e312e051b1c4b02c78ab27ee34eb29752c409db6dab0b5df11c129c42c4926 - alias: docker + image: debian:bookworm script: - apt update && DEBIAN_FRONTEND=noninteractive apt install -y quilt debootstrap libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx - mknod /dev/loop0 b 7 0 From 6690bccabd885ce3afb598d6f192d87e44f52eed Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Sat, 14 Oct 2023 14:04:21 +0000 Subject: [PATCH 44/46] Test --- .gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 691f4db..cfa09da 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -4,7 +4,6 @@ build-job: image: debian:bookworm script: - apt update && DEBIAN_FRONTEND=noninteractive apt install -y quilt debootstrap libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx - - mknod /dev/loop0 b 7 0 - IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh artifacts: paths: From 1f995a38afab65671af002abb93f0e6b0f98afe4 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Fri, 20 Oct 2023 14:04:27 +0000 Subject: [PATCH 45/46] Update .gitlab-ci.yml file --- .gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cfa09da..f519547 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,8 +2,10 @@ build-job: tags: - arm64 image: debian:bookworm + before_script: + - apt update + - DEBIAN_FRONTEND=noninteractive apt install -y quilt debootstrap libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx script: - - apt update && DEBIAN_FRONTEND=noninteractive apt install -y quilt debootstrap libarchive-tools qemu-utils gpg pigz parted zerofree zip dosfstools libcap2-bin rsync xz-utils curl xxd file git kmod bc kpartx - IMG_FILENAME=citadel-os-latest ARCHIVE_FILENAME=citadel-os-latest CITADEL_OS_VERSION=0.3.0 ./build.sh artifacts: paths: From 0b7417591770edcfae52933eb989998b91fea3a1 Mon Sep 17 00:00:00 2001 From: Aaron Dewes <aaron.dewes@protonmail.com> Date: Fri, 20 Oct 2023 14:10:31 +0000 Subject: [PATCH 46/46] Cleanup for CI builds --- export-image/00-allow-rerun/00-run.sh | 9 --------- 1 file changed, 9 deletions(-) delete mode 100755 export-image/00-allow-rerun/00-run.sh diff --git a/export-image/00-allow-rerun/00-run.sh b/export-image/00-allow-rerun/00-run.sh deleted file mode 100755 index 4c6aa55..0000000 --- a/export-image/00-allow-rerun/00-run.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -e - -if [ ! -x "${ROOTFS_DIR}/usr/bin/qemu-aarch64-static" ]; then - cp /usr/bin/qemu-aarch64-static "${ROOTFS_DIR}/usr/bin/" -fi - -if [ -e "${ROOTFS_DIR}/etc/ld.so.preload" ]; then - mv "${ROOTFS_DIR}/etc/ld.so.preload" "${ROOTFS_DIR}/etc/ld.so.preload.disabled" -fi