From 8a584aff897a3969f9c5ca18761385a01c484551 Mon Sep 17 00:00:00 2001 From: DQ Date: Wed, 21 Oct 2020 17:18:31 +0800 Subject: [PATCH] Clean up clair and clair-adapter in build scripts 1. Makefles 2. Dockerfiles 3. Installation script 4. harbor.yml template Signed-off-by: DQ --- Makefile | 28 ++----------- make/harbor.yml.tmpl | 13 ------ make/install.sh | 9 ----- make/photon/Makefile | 42 +------------------- make/photon/clair-adapter/Dockerfile | 18 --------- make/photon/clair-adapter/Dockerfile.base | 7 ---- make/photon/clair-adapter/Dockerfile.binary | 11 ----- make/photon/clair-adapter/builder.sh | 39 ------------------ make/photon/clair-adapter/entrypoint.sh | 7 ---- make/photon/clair/Dockerfile | 22 ---------- make/photon/clair/Dockerfile.base | 6 --- make/photon/clair/Dockerfile.binary | 7 ---- make/photon/clair/builder | 38 ------------------ make/photon/clair/docker-entrypoint.sh | 7 ---- make/photon/clair/dumb-init | Bin 46400 -> 0 bytes 15 files changed, 5 insertions(+), 249 deletions(-) delete mode 100644 make/photon/clair-adapter/Dockerfile delete mode 100644 make/photon/clair-adapter/Dockerfile.base delete mode 100644 make/photon/clair-adapter/Dockerfile.binary delete mode 100755 make/photon/clair-adapter/builder.sh delete mode 100644 make/photon/clair-adapter/entrypoint.sh delete mode 100644 make/photon/clair/Dockerfile delete mode 100644 make/photon/clair/Dockerfile.base delete mode 100644 make/photon/clair/Dockerfile.binary delete mode 100755 make/photon/clair/builder delete mode 100644 make/photon/clair/docker-entrypoint.sh delete mode 100755 make/photon/clair/dumb-init diff --git a/Makefile b/Makefile index dbbca2a89..0fb28ca02 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,6 @@ REGISTRYSERVER= REGISTRYPROJECTNAME=goharbor DEVFLAG=true NOTARYFLAG=false -CLAIRFLAG=false TRIVYFLAG=false HTTPPROXY= BUILDBIN=false @@ -101,9 +100,7 @@ PREPARE_VERSION_NAME=versions #versions REGISTRYVERSION=v2.7.1-patch-2819-2553-redis NOTARYVERSION=v0.6.1 -CLAIRVERSION=v2.1.6 NOTARYMIGRATEVERSION=v3.5.4 -CLAIRADAPTERVERSION=v1.1.1 TRIVYVERSION=v0.9.2 TRIVYADAPTERVERSION=v0.14.1 @@ -117,11 +114,9 @@ CHARTMUSEUM_SRC_TAG=v0.12.0 REGISTRY_SRC_TAG=v2.7.1 # dependency binaries -CLAIRURL=https://storage.googleapis.com/harbor-builds/bin/clair/release2.0-${CLAIRVERSION}/clair CHARTURL=https://storage.googleapis.com/harbor-builds/bin/chartmuseum/release-${CHARTMUSEUMVERSION}/chartm NORARYURL=https://storage.googleapis.com/harbor-builds/bin/notary/release-${NOTARYVERSION}/binary-bundle.tgz REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry -CLAIR_ADAPTER_DOWNLOAD_URL=https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz @@ -129,8 +124,6 @@ define VERSIONS_FOR_PREPARE VERSION_TAG: $(VERSIONTAG) REGISTRY_VERSION: $(REGISTRYVERSION) NOTARY_VERSION: $(NOTARYVERSION) -CLAIR_VERSION: $(CLAIRVERSION) -CLAIR_ADAPTER_VERSION: $(CLAIRADAPTERVERSION) TRIVY_VERSION: $(TRIVYVERSION) TRIVY_ADAPTER_VERSION: $(TRIVYADAPTERVERSION) CHARTMUSEUM_VERSION: $(CHARTMUSEUMVERSION) @@ -210,9 +203,6 @@ PREPARECMD_PARA=--conf $(INSIDE_CONFIGPATH)/$(CONFIGFILE) ifeq ($(NOTARYFLAG), true) PREPARECMD_PARA+= --with-notary endif -ifeq ($(CLAIRFLAG), true) - PREPARECMD_PARA+= --with-clair -endif ifeq ($(TRIVYFLAG), true) PREPARECMD_PARA+= --with-trivy endif @@ -239,14 +229,7 @@ DOCKERIMAGENAME_REGCTL=goharbor/harbor-registryctl # docker-compose files DOCKERCOMPOSEFILEPATH=$(MAKEPATH) -DOCKERCOMPOSETPLFILENAME=docker-compose.tpl DOCKERCOMPOSEFILENAME=docker-compose.yml -DOCKERCOMPOSENOTARYTPLFILENAME=docker-compose.notary.tpl -DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml -DOCKERCOMPOSECLAIRTPLFILENAME=docker-compose.clair.tpl -DOCKERCOMPOSECLAIRFILENAME=docker-compose.clair.yml -DOCKERCOMPOSECHARTMUSEUMTPLFILENAME=docker-compose.chartmuseum.tpl -DOCKERCOMPOSECHARTMUSEUMFILENAME=docker-compose.chartmuseum.yml SEDCMD=$(shell which sed) SEDCMDI=$(SEDCMD) -i @@ -297,9 +280,6 @@ DOCKERCOMPOSE_FILE_OPT=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) ifeq ($(NOTARYFLAG), true) DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(VERSIONTAG) goharbor/notary-signer-photon:$(VERSIONTAG) endif -ifeq ($(CLAIRFLAG), true) - DOCKERSAVE_PARA+= goharbor/clair-photon:$(VERSIONTAG) goharbor/clair-adapter-photon:$(VERSIONTAG) -endif ifeq ($(TRIVYFLAG), true) DOCKERSAVE_PARA+= goharbor/trivy-adapter-photon:$(VERSIONTAG) endif @@ -409,18 +389,18 @@ build: -e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \ -e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \ -e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \ - -e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e VERSIONTAG=$(VERSIONTAG) \ + -e VERSIONTAG=$(VERSIONTAG) \ -e BUILDBIN=$(BUILDBIN) \ -e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e CHARTMUSEUM_SRC_TAG=$(CHARTMUSEUM_SRC_TAG) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \ -e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \ - -e CLAIRURL=$(CLAIRURL) -e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) -e CLAIR_ADAPTER_DOWNLOAD_URL=$(CLAIR_ADAPTER_DOWNLOAD_URL) \ + -e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) \ -e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL) build_standalone_db_migrator: compile_standalone_db_migrator make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG) build_base_docker: - @for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ + @for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ echo $$name ; \ $(DOCKERBUILD) --pull --no-cache -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) --label base-build-date=$(date +"%Y%m%d") . && \ if [ -n "$(PUSHBASEIMAGE)" ] ; then \ @@ -429,7 +409,7 @@ build_base_docker: done pull_base_docker: - @for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ + @for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \ echo $$name ; \ $(DOCKERPULL) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \ done diff --git a/make/harbor.yml.tmpl b/make/harbor.yml.tmpl index d51f410f2..3ac666dd1 100644 --- a/make/harbor.yml.tmpl +++ b/make/harbor.yml.tmpl @@ -61,11 +61,6 @@ data_volume: /data # redirect: # disabled: false -# Clair configuration -clair: - # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. - updaters_interval: 12 - # Trivy configuration # # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. @@ -147,13 +142,6 @@ _version: 2.0.0 # ssl_mode: disable # max_idle_conns: 2 # max_open_conns: 0 -# clair: -# host: clair_db_host -# port: clair_db_port -# db_name: clair_db_name -# username: clair_db_username -# password: clair_db_password -# ssl_mode: disable # notary_signer: # host: notary_signer_db_host # port: notary_signer_db_port @@ -206,7 +194,6 @@ proxy: components: - core - jobservice - - clair - trivy # metric: diff --git a/make/install.sh b/make/install.sh index b4757154d..6ee85c9b3 100755 --- a/make/install.sh +++ b/make/install.sh @@ -9,15 +9,12 @@ set +o noglob usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients. Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https. -Please set --with-clair if needs enable Clair in Harbor Please set --with-trivy if needs enable Trivy in Harbor Please set --with-chartmuseum if needs enable Chartmuseum in Harbor' item=0 # notary is not enabled by default with_notary=$false -# clair is not enabled by default -with_clair=$false # trivy is not enabled by default with_trivy=$false # chartmuseum is not enabled by default @@ -30,8 +27,6 @@ while [ $# -gt 0 ]; do exit 0;; --with-notary) with_notary=true;; - --with-clair) - with_clair=true;; --with-trivy) with_trivy=true;; --with-chartmuseum) @@ -71,10 +66,6 @@ if [ $with_notary ] then prepare_para="${prepare_para} --with-notary" fi -if [ $with_clair ] -then - prepare_para="${prepare_para} --with-clair" -fi if [ $with_trivy ] then prepare_para="${prepare_para} --with-trivy" diff --git a/make/photon/Makefile b/make/photon/Makefile index 44bb4818e..73d46b5d3 100644 --- a/make/photon/Makefile +++ b/make/photon/Makefile @@ -59,14 +59,6 @@ DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH)/postgresql DOCKERFILENAME_POSTGRESQL=Dockerfile DOCKERIMAGENAME_POSTGRESQL=goharbor/postgresql-photon -DOCKERFILEPATH_CLAIR=$(DOCKERFILEPATH)/clair -DOCKERFILENAME_CLAIR=Dockerfile -DOCKERIMAGENAME_CLAIR=goharbor/clair-photon - -DOCKERFILEPATH_CLAIR_ADAPTER=$(DOCKERFILEPATH)/clair-adapter -DOCKERFILENAME_CLAIR_ADAPTER=Dockerfile -DOCKERIMAGENAME_CLAIR_ADAPTER=goharbor/clair-adapter-photon - DOCKERFILEPATH_TRIVY_ADAPTER=$(DOCKERFILEPATH)/trivy-adapter DOCKERFILENAME_TRIVY_ADAPTER=Dockerfile DOCKERIMAGENAME_TRIVY_ADAPTER=goharbor/trivy-adapter-photon @@ -137,38 +129,6 @@ _build_log: $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) . @echo "Done." -_build_clair: - @if [ "$(CLAIRFLAG)" = "true" ] ; then \ - if [ "$(BUILDBIN)" != "true" ] ; then \ - rm -rf $(DOCKERFILEPATH_CLAIR)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR)/binary && \ - $(call _get_binary, $(CLAIRURL), $(DOCKERFILEPATH_CLAIR)/binary/clair); \ - else \ - cd $(DOCKERFILEPATH_CLAIR) && $(DOCKERFILEPATH_CLAIR)/builder $(CLAIRVERSION) && cd - ; \ - fi ; \ - echo "building clair container for photon..." ; \ - $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CLAIR)/$(DOCKERFILENAME_CLAIR) -t $(DOCKERIMAGENAME_CLAIR):$(VERSIONTAG) . ; \ - rm -rf $(DOCKERFILEPATH_CLAIR)/binary; \ - echo "Done." ; \ - fi - -_build_clair_adapter: - @if [ "$(CLAIRFLAG)" = "true" ] ; then \ - if [ "$(BUILDBIN)" != "true" ] ; then \ - rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && \ - $(call _extract_archive, $(CLAIR_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \ - mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \ - else \ - cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder.sh $(CLAIRADAPTERVERSION) && cd - ; \ - fi ; \ - echo "Building Clair adapter container for photon..." ; \ - $(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \ - --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \ - -f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) \ - -t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(VERSIONTAG) . ; \ - rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary; \ - echo "Done." ; \ - fi - _build_trivy_adapter: @if [ "$(TRIVYFLAG)" = "true" ] ; then \ rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \ @@ -263,7 +223,7 @@ define _get_binary $(CURL) --connect-timeout 30 -f -k -L $1 -o $2 || exit 1 endef -build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_clair _build_clair_adapter _build_trivy_adapter _build_redis _build_chart_server +build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_trivy_adapter _build_redis _build_chart_server cleanimage: @echo "cleaning image for photon..." diff --git a/make/photon/clair-adapter/Dockerfile b/make/photon/clair-adapter/Dockerfile deleted file mode 100644 index 3e40537de..000000000 --- a/make/photon/clair-adapter/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -ARG harbor_base_image_version -ARG harbor_base_namespace -FROM ${harbor_base_namespace}/harbor-clair-adapter-base:${harbor_base_image_version} - -COPY ./make/photon/common/install_cert.sh /home/clair-adapter -COPY ./make/photon/clair-adapter/entrypoint.sh /home/clair-adapter -COPY ./make/photon/clair-adapter/binary/harbor-scanner-clair /clair-adapter/clair-adapter - -RUN chown -R clair-adapter:clair-adapter /etc/pki/tls/certs \ - && chown -R clair-adapter:clair-adapter /clair-adapter && chmod u+x /clair-adapter/clair-adapter \ - && chown clair-adapter:clair-adapter /home/clair-adapter/entrypoint.sh && chmod u+x /home/clair-adapter/entrypoint.sh \ - && chown clair-adapter:clair-adapter /home/clair-adapter/install_cert.sh && chmod u+x /home/clair-adapter/install_cert.sh - -HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:8080/probe/healthy || curl -k -sS https://127.0.0.1:8443/probe/healthy || exit 1 - -USER clair-adapter - -ENTRYPOINT ["/home/clair-adapter/entrypoint.sh"] \ No newline at end of file diff --git a/make/photon/clair-adapter/Dockerfile.base b/make/photon/clair-adapter/Dockerfile.base deleted file mode 100644 index 154fddfc8..000000000 --- a/make/photon/clair-adapter/Dockerfile.base +++ /dev/null @@ -1,7 +0,0 @@ -FROM photon:2.0 - -RUN tdnf install -y shadow >> /dev/null \ - && tdnf clean all \ - && mkdir /clair-adapter/ \ - && groupadd -r -g 10000 clair-adapter \ - && useradd --no-log-init -m -r -g 10000 -u 10000 clair-adapter \ No newline at end of file diff --git a/make/photon/clair-adapter/Dockerfile.binary b/make/photon/clair-adapter/Dockerfile.binary deleted file mode 100644 index 11372ad22..000000000 --- a/make/photon/clair-adapter/Dockerfile.binary +++ /dev/null @@ -1,11 +0,0 @@ -FROM golang:1.14.7 - -ARG VERSION -ARG COMMIT - -ADD . /go/src/github.com/goharbor/harbor-scanner-clair/ -WORKDIR /go/src/github.com/goharbor/harbor-scanner-clair/ - -RUN export GOFLAGS=-mod=vendor GOOS=linux GO111MODULE=on CGO_ENABLED=0 && \ - go build -ldflags "-X main.version=$VERSION -X main.commit=$COMMIT -X main.date=`date -u --iso-8601=seconds`" \ - -o harbor-scanner-clair cmd/harbor-scanner-clair/main.go diff --git a/make/photon/clair-adapter/builder.sh b/make/photon/clair-adapter/builder.sh deleted file mode 100755 index 59d1de308..000000000 --- a/make/photon/clair-adapter/builder.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -set +e - -if [ -z $1 ]; then - error "Please set the 'version' variable" - exit 1 -fi - -VERSION="$1" - -set -e - -# the temp folder to store binary file... -mkdir -p binary -rm -rf binary/harbor-scanner-clair || true - -cd $(dirname $0) -cur=$PWD - -# The temporary directory to clone Clair adapter source code -TEMP=$(mktemp -d ${TMPDIR-/tmp}/clair-adapter.XXXXXX) -git clone https://github.com/goharbor/harbor-scanner-clair.git $TEMP -cd $TEMP; git checkout $VERSION; export COMMIT=$(git rev-list -1 HEAD); cd - - -echo "Building Clair adapter binary based on golang:1.14.7..." -cp Dockerfile.binary $TEMP -docker build --build-arg VERSION=${VERSION} --build-arg COMMIT=${COMMIT} -f $TEMP/Dockerfile.binary -t clair-adapter-golang $TEMP - -echo "Copying Clair adapter binary from the container to the local directory..." -ID=$(docker create clair-adapter-golang) -docker cp $ID:/go/src/github.com/goharbor/harbor-scanner-clair/harbor-scanner-clair binary - -docker rm -f $ID -docker rmi -f clair-adapter-golang - -echo "Building Clair adapter binary finished successfully" -cd $cur -rm -rf $TEMP diff --git a/make/photon/clair-adapter/entrypoint.sh b/make/photon/clair-adapter/entrypoint.sh deleted file mode 100644 index 367e70e20..000000000 --- a/make/photon/clair-adapter/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e - -/home/clair-adapter/install_cert.sh - -/clair-adapter/clair-adapter \ No newline at end of file diff --git a/make/photon/clair/Dockerfile b/make/photon/clair/Dockerfile deleted file mode 100644 index 374b2dfbe..000000000 --- a/make/photon/clair/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -ARG harbor_base_image_version -ARG harbor_base_namespace -FROM ${harbor_base_namespace}/harbor-clair-base:${harbor_base_image_version} - -COPY ./make/photon/clair/binary/clair /home/clair/ -COPY ./make/photon/clair/docker-entrypoint.sh /home/clair/ -COPY ./make/photon/clair/dumb-init /home/clair/ -COPY ./make/photon/common/install_cert.sh /home/clair/ - -VOLUME /config - -RUN chown -R clair:clair /etc/pki/tls/certs && chown -R clair:clair /home/clair \ - && chmod u+x /home/clair/clair \ - && chmod u+x /home/clair/docker-entrypoint.sh \ - && chmod u+x /home/clair/install_cert.sh \ - && chmod +x /home/clair/dumb-init - -HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1 - -WORKDIR /home/clair -USER clair -ENTRYPOINT ["./docker-entrypoint.sh"] diff --git a/make/photon/clair/Dockerfile.base b/make/photon/clair/Dockerfile.base deleted file mode 100644 index 80d5df287..000000000 --- a/make/photon/clair/Dockerfile.base +++ /dev/null @@ -1,6 +0,0 @@ -FROM photon:2.0 - -RUN tdnf install -y git shadow rpm xz python-xml >>/dev/null\ - && tdnf clean all \ - && groupadd -r -g 10000 clair \ - && useradd --no-log-init -m -g 10000 -u 10000 clair \ No newline at end of file diff --git a/make/photon/clair/Dockerfile.binary b/make/photon/clair/Dockerfile.binary deleted file mode 100644 index 11fc1416e..000000000 --- a/make/photon/clair/Dockerfile.binary +++ /dev/null @@ -1,7 +0,0 @@ -FROM golang:1.14.7 - -ADD . /go/src/github.com/quay/clair/ -WORKDIR /go/src/github.com/quay/clair/ - -RUN export CLAIR_VERSION=$(git describe --tag --always --dirty) GO111MODULE=on && \ - go build -ldflags "-X github.com/quay/clair/pkg/version.Version=$CLAIR_VERSION" ./cmd/clair diff --git a/make/photon/clair/builder b/make/photon/clair/builder deleted file mode 100755 index 3fc72c636..000000000 --- a/make/photon/clair/builder +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -set +e - -if [ -z $1 ]; then - error "Please set the 'version' variable" - exit 1 -fi - -VERSION="$1" - -set -e - -# the temp folder to store binary file... -mkdir -p binary -rm -rf binary/clair || true - -cd `dirname $0` -cur=$PWD - -# the temp folder to store distribution source code... -TEMP=`mktemp -d /$TMPDIR/clair.XXXXXX` -git clone -b $VERSION --single-branch https://github.com/quay/clair.git $TEMP - -echo 'build the clair binary bases on the golang:1.14.7' -cp Dockerfile.binary $TEMP -docker build -f $TEMP/Dockerfile.binary -t clair-golang $TEMP - -echo 'copy the clair binary to local...' -ID=$(docker create clair-golang) -docker cp $ID:/go/src/github.com/quay/clair/clair binary - -docker rm -f $ID -docker rmi -f clair-golang - -echo "Build clair binary success, then to build photon image..." -cd $cur -rm -rf $TEMP diff --git a/make/photon/clair/docker-entrypoint.sh b/make/photon/clair/docker-entrypoint.sh deleted file mode 100644 index d1630b7d5..000000000 --- a/make/photon/clair/docker-entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -e - -/home/clair/install_cert.sh -/home/clair/dumb-init -- /home/clair/clair -config /etc/clair/config.yaml $* - -set +e diff --git a/make/photon/clair/dumb-init b/make/photon/clair/dumb-init deleted file mode 100755 index 2fb1fa1374a8dcf7e523b7863b16c5d771003a5d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 46400 zcmd3PePC17`TtFu&=d+cC`eV1pg~&!Z5=8BD!Guz38qp9D2gas8M^5dF=U3C&mb9gBC|E$Cr9vwT-pl2sh_(f!`F);qlfF2&egFJbN$x!_ z&w0*sp7WgNdCqfA)_Qz5r;)-Ra1nJ{4` z$2Q8&^-^O=+uKVs;5~jY(aHSNWVha4eX&@9%a& z2+UCL8Yu|jm}2<|?_!w_cw%TBK7)BhZ&8V#iDMJM0W?Fc00fRxbE+WdM{?u2vC7Nm z1BtW?06Jz0{5_bLM-~0As>490$P{%BzL-*@#s}j&l6T*)kqT5>DyRI9i@N#cC_&Kt z@pv4WbC9W2SK5EUbG9Q#e=^aVE!1Vzj`o9jmvH0@S>y>oKA|cjkn=LYqqR?YD+{Ql z^S`2ot13?!(AEN4c?y8AlC4CyMT=`#WN0%ARgA}LCBfek1Wu~$5|pG@{S)=mDZF3) znM6-?b{KW`lHo>TVKA@YO*@h75sv@Rbp&lpFSOlgS*^Yp{kskM>iKkzqLWYrK~CTm zXx@%G20>mk2(lM_Gf6<`=IROl3Wsw_M^bV^hw^1tJw$3GNQZY-m*iFFrY3o3KD?j=6 z5@7+Gq~eRo-NTr2xaiVy4k#S+4_~~6GUDyak{r6YMjY$v$FY@^zkrpT-~g(6QUQP| z9jr>7!Ax~*XODkmFSH>^XyCiWH2~?R0oUFD2?E0xprZN^y0y5@vKL9F)4ZiEwzmke z8A8CKKZkm~z)n$xc++C-an$LXK}M~<_vq~SJms9+eOd7(tgt>}4le;bxjXJ363kmp zEh{yFAxiTiG!~>@D`zomzu$m|s>*hd4orMGrjbzs_!2xoD=L=basPG7xk%naf3pk9 zL8ZH^IheN?&w}XbR(D=NT@!iNCN8S!!zY+`_H~r;>x+0x*Q2FMSA^QpD!}UNmHlXc zET!6zx(LayAi1wTbz-#9iF0u=v;FJ}FD9#| zydKmp&I;xoC7MNF3gXrOwsN#mMZbN@mmvIKFT^zcoxvxY)aPA7#ZnZiWSDtd=F{|R zhh&cU92o$sZ#2q*dY}E0dJjmiak{EM2AJOd2lF1M_5x0I?_|J2mY~$Dmjln@zxTday{UI z$!r$~mG@&fSQJCSqVpYARRb~P?v%jg ztkCVSMhoKd*~^MYM&@Iv&Ww;ElyB!T<(o~JNUO9zhlWdzHBr^*-Ly`&oo26ka${J9DpnI#$_Y2HZ~4oBGJ#uydE>!qzna>#iVBW<9!~edV7sNx{ zf18}QmOo6F^H$J9;1BhdWq7y{K=c;?^3*Q?@`_%N?dX1;<$1JkQZEN&?Iw`0-g0BI zN_oBIisbVvpyFUG#5FbGsI$4TO+J7DI~CBFDkGnzPC)yzpZ*&dN}gVgHek6i_=-8z{-^QpW2xmv+19+NXYRrK@4}IxQQ1JIqV#`Xxu_6%-=U(Sx|Fj_$PpwcPPb!aAWy%HDc6619^k8zzT$Q3ZjOgy z{@C`*49T>vo_Z`i668!g56V{4Bc%~V$(-+0`tc1EJoc>$A+hGG{ z0=_e8{L9nu;Zy3FvQ4y9Qp%Rj=dplvx|;{t{X?+Gix#lVW2UcJyawG*4SZ2=k)SdW z5DY!ha8b>?&7^6o$G--TmYlQV`O(3-vG|2duCeOJ7u84$r1`9{ZoxcXbZIqcSId;$ zUgf+YhOQ$C_+!Xi^`D@Fa?+<9V#+}&z6T=v6+nbAV9NP<>U$H=qMXz_A@s)8Yi}7B7FnL99Ylt7yR^Wo^l<8S&0~=<&pu1d?qSMywVqH?+CWit8`{Kh_>?a7 z8DJ5Pt@O}%T}@<$@a1fv)KSu}ham|x9FKH{#f`Fj%1KqGbZ2c~D8OtPj70TfELH$d z6qOcB_h=cSvBKNn&_E-s3S$ zvd^IKaHCAITmt}F6*AV{ZUUgtE-~~DRXaN=aA9ywiVzqYhrMN`QY850yw^!t3Jk8d zyo?8=phe3|c%*rlSz)FGQ=NJk52PkNHk2mc`M4l_kSP1XAMAp!@cLz_0@ExL$YMTL z`;-oos^rZ_s$!W#;5K+oox$mYgun&y>Uzr$kVJpV$S3|_7o>F_n$)8yMOG)s?dPYP zyz(Bwllz6Y@N2?kG{?keI-xG&m_+V&j9z1rOk4FdDZZ7Mf7;!S%)n0i^j}T%nYwuf zpoyV>63n~{{$Qt<*YLs$xBHZ@Dt`^$)bGeI{9;yc^>|^b7=9Xgw?y6JO~ENsG2Zo- z(!Ze&{`6_2!A%>w`(?YZ_F4n>RHXYC%Xt+@6L?Ghxe37U0I)YQLtO}|txqLj82+0H zmVY8>8%2$1fk_z|!UHQDISD!5)DiXdma&QUAl7Yogzk|Ar9Q!D(!DjrWyE5fzcS^# znbbD%){p)`58$l@^nky5%kKY8K3$AbCZt6sU5F>SAr4JA`cDW;R(QY{op{hIW5$W0 zSCFzU1;l^tynhl?nptFY9hMC-REmt?v`K+M!Br+9kip_HXZ_mGwB<-vEV17M&u}AC zPP-%H-=UX!OF^P(F?0^?dJDI*=;T_$3gV}RDSn4FI0ejm5SboGnnA&pfI9-8NNhx6 zaAgYcA#K35?mGFz1Xu9Ld6)Qn9c)EUZl_D!*y&m~`8rpb-;wH5cDNOv!_2CVSRgBN zF-!a&Pwp-PCW+5i-x{57Gr8B@};fuWRt zu^T*PmMFhU|Fb0bn8fg5V69ttMtAD$9g3y)ci`K|&6$ej;lJW3I5jW8 zBzcWh2wWdr?MR*KcgT6aK^eh+sW)4B>qAr1&h&QB3NLqfp?yq_r-7RzV8m`FSEqQOIf(94=$N|fEJUy6b(GW`TnHaj4%TU65t8#@V8hGNW}#m@d(+w5Gpz=?1WP1SOQ(gkptOcwV?o0pg~Zw zot`qwDGe$D*6R9f(l9ZTK)qP3X&X|@eZfulH4YFo)r^8h34%|}J zK1ivG&J3nEtV~A>n3aO=My(XNIw+r=QG7KDq&M-rRLaXjUTPw57|%m3h*UuzrnX|u ztrzCwB|+&L@?a#zju%GFmPx;L5nUKl0&g*8!E5TJq}sz5^m|^HnwNsp9bnBRpkU>- zc&Fuc!#MO3>^Bltz-ufLc#9I(g67(EB6PU5+y=mvL^kAr#?5N@3S{KP0l=%&7TMIB zcmrTYL9-C(xUmjr%zTkh{8(nPDAMhzq zu1T%%DV`0g70vr1o(^rUm@?FF zQ}5$XDgF!=`ALI*jl``W-WWCIhra%k25mNGlLx$qXa5j&GOE-ILxDdHQ}idziwspn zx|e*4BUk?#^KTYZ(wcel$24Jr>Q{U=eyPG_7RsIYFqnSVm9(g1^a4Ks^N!%mTV7#g z*FV{T2l`WHPGR*=s>TbJ7W1F%{287-)sLs#c(@hvxn6ymT9Jjn?E;eh(x-eUy~ik@yK4*a zTyJ@DE%M1yZTvZi>Hvl zqZ}eNOdrTIQYZYmky6rrpl+dAU}ROtp@yVvrP=UvkjxYQLaFr^)9WJS=s$;%@%0AC z^W!wDhe7W@f;aVb6vZyUzEm_~Se-K>aso2I!Xj%^>#s5(M`lf7&RJQ||B;xEis`jz z#gDb1P3=M%7Fo1he_wqWuoRWsFVK6UZ?2~faQ7fDxfCP^2KLBv)C?B1qb$0a9{GYm z?)fk5!1t4dx;%=S5!h}rWU%f;;9ID#lH zX8(yBt77)+j+goSyNEA=ff$t4Hh899_q3y%6JyzyWZLZb$h z_bOk*sz0y3G=}8fXPAjF1u;vw`JtwPvzfETSYj4+HIsj$zePmsMzhsLV=zKlPu=d2 zGaMjYkXq2c#5CLz#FOB^iA72&Eiqg#Hqo=Po_|G*HxLi_Kgn_H6$eP*T-}=xnKQ*; z7H3u9DgX@pQT+jIoRfJ?(U}uN;_OpEOVgdLH z*HLq#>aJra`i#}&|w|+n1^A2O^@kkW%A>8!G8tjo1IOVmF07`KYArz7z}Nna^g;c!u9cZ zJ5%UU?A(_fS#0&1j(f9@={xQ+n&YZ}Il(tf%x^Fil-)k@&7)og zvgaG1PJRNf@)0eakrE;&bY)}8eXP#Mswt73OP%m3aZViQZT<^ru?1sV)i7y!q;7hh zwSFrERo6GfjgZZ-1^OvmM5HZQ|5zfZR`6_j4xa9+;R)LHNB~ch?=$igVE|zVZT%$1 zeW+OZ9FfPlCt%ZIVt1)kS8&pOse`=pve>kF_D6@Z=p3xww`94?F4u2%D@PL4)~*3= zy#W01g?wLyp+*JOgu>*aX;c4!CK8h4|AU#IGYSMr%zXGaHVq~Mfq6vGI=+K-osz3_ z$}ZB6VbQGVOasSsFl8?sV{ob{_1bOZ0hD_#5=%+o$tTj~o*`oCLOjPE-xOeJj0~2~ zTw6R;X^^X|EOn+$8LUI2m}zBEhDkjKi=v=?jwb(Gxrm^>|9>dPP!7J{{|b(YTLk@~ z|JJDZo}hdGTOlS^3i=iQt(3SCY?oFOnPV+lnCJ;%E ziA-+q0I{I7%(1p+Aww!@7woW1A9C(|;%DG%msr_3PuX2TI%@WZklJ7>dM-IfpOW$^ z6K~#4I?)8k_>yy^xE5vd(pc>w*3~Pal9lLGSZ|lajh`fvMI?hUD4nlzNp+j1_<2aB zl4A=ov07hutj8Cu=h0ZLGToT8Q?RtGL@Po|taZAh6+U3~SriG!?v)m{KIpJP1icTS zkf5-4-U5%bwCmT?6c;PnhpZTl)xBaPQp?}Qha`VtVxk9HEz0U*zl!f57n9!B*T_ML zu6VzEHm9$b_jUF_|7T(ozqNTA_dpyN&j{6+%vG@grZD2FW~v{-(Da@o!C2HLze zH#h3v@cQs}1Z*waTH2cr9jtC?Y-w+4)Xkq(A3Ta7bG0<0iTmL=yPq80t9(jbRrlE3 z`s{jWvB=NCKb!gy90fjSj0lc@Ir!%aU}bST9n_qfaIeQ;EXZ@RV{jUhIR$4;nuZg zEGSmgNU3v~u4&a)S$s;9{(9idfoA#-I}mmxu)^KG>;_tdolR>+j({(_+a2|%rsx+K zugWf8_BNh4Ic0Wq;+4IFog8V>*RnA3KHzLq=abFf$1iZwJ65R`hcYPAVzn5C`dgHTRn&71*;G!Omh6A40y?k;cFY2^;H{y7%1k&-g|TQBnTA#h)PD+JQL z@(FXkv!}Qtd&gTQ{dMdzm?6LJkIovi2{Tf7sq0Mcu6WE>*aRH!zco6VtW$_DQF#{M z@RLy?shmVuSBu;YTl=i&+fhmA?e39ww*!_-iZ|qT`kY@qdRb&DoKa>;IWO%#?lzrJ zR(z}UxX0CrZ=#fbKtgziH+qNJC%VsqP17Xh27@{ne@ypfKBdzudiJsGy*|@^R@IZ@ zbMEztbH6e*{KKUE6slxs7mx>fOq1N5?oWH5b1=0Tal(@9?&=Kh zl9b)>Vn-#j*I6fq$WAbFUNiZvt&`GLVHq0KV)^`Wkh)`Mx8$r@A!45i)>ed6zEtVQQk$HAOuSl~Rq6}iKss$6ItxY@7{P>`NS#jzGrXD4?#2Ih=)wCiz zlQna_WJddf*ZFZ#hEzZMTmAx8iJSE1{|hCVT!n7z@QJfe{VR8Is)p+T6O)R#g;p77 z&6*1&x%=DI84~tGA>OmHYxFeCudI~#hmhk|s~CO`Wx=1Ex5N zu@}N7fL*+W%?xZp!VjFnOwBC2VH1%8rK=zhnRsgx)cSC1be2i_rztSh9eL1Um8y=X zO7dZoN8ET^GSw0q1_Csl1H)!T-4={Y%q`AU^}F1do+Qbzh$!{$#5$rr{S8DUq8=dN zcCzd$cvsiL5#CTI0{Esu0{Ng6 ztillEF<<$XCl$|;A~W)%o^-5>Y8`wj`OYu>Lw!!Q=;8$ar?D;uGT`;I)`c80K;?L& z3(}cVhsL~ey_scKt8bv9{${u}kj4kze>YzvxF4l*_itS!thu9xCblcwx@I~W^@57& z>O9nh4Oo<<)@k`%I>o@DN}YHsv^}GZ!dv)Lhm0_0Y+}h!-v&9j)6yHA zO%jo}pRb(vi8puTJHHWSnw?6stRe=IlvW9mh51;UdAC14%@_Z`P%lz?dztS%505+1 z;PTHjK!c!Gf*1zNLA>P$QFjn3W~B3ipmryc+d%8@PO^e zwUY_e*M>%Db8!THgXe6*${g+rq$%k(Erl3&Ze25mlnT4r0v(j}0eii0i&4#n4#uUR z6CUl6Shw?)kEL~KSjy6;kM~==@p`?(r<@B;8}HA`&;A$z7!JXseCxlOMW#EjJLN6h zX8_KI3zh@cMeL)E59~r!Y}cpgTjAIBTfIt)wge4{m9tE;ngfYmJR-O%#Ss{WLaBs3 z2{wHY;uzpv@#G$_P_j%$fQnc-MEO|O?DCnhMWQPhzuKeph~f9C_;B%+ZI2#Px=?HP zms0w99RjKH7TDO^WGzQNlU_WPw=tPP0m$s%P<`k{7qHq}#YndWTIB_2I+`aA)2Q!xToTa;w!H zxen;T8Sz+_RI**LgZsM<>Z8TV3+1CZ^4av_3=ftz6p>7Obq(cKJ}qyL2d7;lhW~*+ zf|yr};V7P{YbkwQ%MGqdbp$3*dzl9Ma*eq@^vi+$LYE@18$G&@_ecz1jo$E%xRvw% zT#j#KSpSaPZc~Qo7tvfnN6<|cxh>I~xz@f&4;CmTXfrIJ7iJ#thOTIE z=ZG ziyjs0?H0NFMzPccqYa^JDkQ8VpGy-^Z#j3@*1`jW z*yUITH#vA1$d{4+VxRNXysm!Uj@r}O203&tQTE$Q+Jyms^rT1Y53i$}a zD5>6qo@gK9l`GXr_}uwgRt>1wW=fS0rNNOSl?~UwGywgA%10CNPKA5O_;EI^UK_pN zq(9E#p#Ebv*43P_xiMe``UFX=I6P#apNvlc$_+5YGO{6iTSE_1?58}DUeDIb3Wk6@X!#V4=M6xA^w$wqFGTzeWVp) zev0}Az6c*g_WB$Jm2E&hKir6}?eGcz{9vE~>)a=wPO07G4 z`+%0U|4j}L1d|WX0)z!f%E+{2G#d&ye@M=gqD&Dpk?Uw~z0JG1+TkV}f+mh#-JZd1 zk+Mr+zA1=ULz+ALjI&C7GK9jCsb1e4_d6ESKjkRV+Xjo&t#qo>Phh=Jwl2I&y9$<} zF*?c4>%)>ykPhfL5fclAM^U*Wffd#=ME=-C--8Z&r5)H)-*adHr`#Mxl#0jM<5tdi zL|+#yQ}wRIkWL{O@RoR#uYJm1wNj^*oI^!n$uM_Op0CmBcvK=9@)A6bm$Vdh7>9+% zcuy%4tC#xdzkmW#1d4D|_aB4YpNUvoLtcb6BpO0A^b1gphAPXj-@N34!?K>~EsV{K zOqOASO{Ipc7-4lh8u7+sRK_cJ4-V|5H3c*lv<>*+)v%i&ua>_R5Tt|VusW_$^_IRq z_F}|<5rfiP;BkIgj76wF5$ydix1$_r=@IjLFcY*j-JnT809GH7Km->+%lQbaAL5Gu zY4t{eM0&Lw(OBv|N3s6>4oq)@WB!h2gQUtc*%!%4uN5C<$@2PrqE^uHIYf) z9=O)A)3}NJ0Pq{0ew9THiIofQLXSEM``s{x%MKztxrvtW=(nj)f;-{SkEBXUEsO(u zaPvA86V_Vf_BJJz_VMIZON2l+vAxR|DO`v>za<5{p;-%=f~_}YR#uW1@oYEnNgx2c zxO1aT{RQ;&e7^TLjkX#SI}|du8cBr$o(5!U8!gxq-%}Fb*eN7yOpT;gQ0dp~qUWeY z+kBmFWrDHOHxwNK8Hp~2ubyJ+5bLCE!u~c0)(r?=V~Z9`?WU=C#pWz1XeGBM3ttb1 z6lV1jY|fIu#6ZdjX;pVo>|V)M0@3ey!+KX|eHuj(1;*+VDc)S%m_`;d$$lo+o0xpm zL`D1}mW03|Y+ohflPNL;!5}e|OH?5R#8azZi@F9e|jd)jrd@k{lGdWIz62iJL3yi!6289l6xBepbQ+~ z2>cA46gOghuXpb7PiN7&CT2RTk3i6L2>1|kQ(!NfoIUQ*GP~g|xJ>&14@TU! zxG|M-UZFxu(E$Y)E;_laxb0IC&x@O6EjIm{{(|oP68nL^IM@*FHAxW0ro_ zht17>*wEs*VGrs8Ua!W)-~DFv00B(=h>c57hY-dlyczxB{e2wqu>QwEI^7bSBKYq^ zqo&u=0;i#D^&!J5lRZJ>DZB^USoo{JrHOM37{-WgK$ia~pkc$;e_{Xg3e~3IR3QMV zLFB-eaJRmJv!OA*oDcnrF#zJmVX#Ez630q#D1{pF8S{jy{5MT$@Q>4{82E=8VLem+ zlm^7a@%+ocNdAk7+X02D`=U4F@m5nP7HGf!J}n72e8SylT~S{IQ;-M$#3~nd|TjL z4HGxk_01qJ9AyBorg$YVT<$8n5pjN_pb4iG6)sa|o8aXfbzVL@sAz#QI~C7o$y zyiA#mspcMa3THTqrr}M*zfqKeEp_)OO+I^55iG;mWAX1Q{JR$aZls(l`atxedlaIV z-J=ls+g;ODPtJVE97@5*PHe()r2pnqVu+f~J}Vyrd^9-Q%CdJd(>}c|VmTeO!*v-j z)qq;jhoM8z0VXSVN0p{R_Z-FJ5fa8Z?ewZXw4xuRxP(X=3j6?TaT?#fkIXjX{R*6m zLkYuDFToR9N7Rnoy*~g}2i5l?JO=U7H$cnQU^K_egD4bkl;(?`1_Ty#%q#y15|rKX z27e|Z{{n*}qn!H#1*g~R$EAo3)IF(NC?e3@A;l4*v-<;T&R5tdy-yF3G-plV5`gW`{%Wu}$g(cW)XUfR!0m8ljn7QCm8M={P>n+cr05G5e?^23l`6n+o z^w0cj&yh{uc3scu^5XzfykkDuN@%g4IG)XHq;7UG=uMOlFTapJ_uqipZdFUgBpazem zJBQ6nbt~|eC#<~l9(^L0u7d7ZR&pl3R(x-#|B?gE%f<`AlA}E{un-UJnW2oLEg@^` zLPIo203q!pB^T$aiLp>KJr^4pR-oVi<<+9KOwfSx-+d>T-4 zW6nMPANZnwp%=`(+*pSszCFYL>Ywt3l6MXRPt@E(mHUOX zMS@i8|GF;Hlt)i(Ooo7_lL8{e*BW6%D{T7J>W5$l0MkJx9jdI`A&Qmn@Cc<2l#H%` zkMz;3vK0LiW5vceVaeywS@DLzHeSJ)RS+>m(#YDC>M6`l%#U(nMq}((zzRm-Y2n(H z@b7U-^K|Vlq#Hi$eY8GFA7I%N7R-|>N8sB)9pZiV6kp^%Fen&{ToRcG#r9@zWeP1f zOA)AL`h*p(TIq#PiDHFL7){3EbMQL11};X_+CtLNQs*t{wfB^HcKwIo#K*3ZhaiIC ze9FJG+5FkQ2~SulHfw>E+H^J{Ofws%O|4CeZ)YZtz_LA7Z8ds~_-jxi%cperH-q`{ ztWNNUFZxHCdI)Ky6YE$kv2C%3w1`8b13dz-I3dYnsaf`Z;N}xOhrG^XUh!sxLLF6K z=UZ3i2|m;3US%;hynkze@nDkks8F&OYu3F;=5KUnJiV!`lpZ5#uUT<2ropbHVTcjr zGaDB0Y#Va0Sk5M%2c0R%c6Js^oec`jwnG|fkGYW!fBa~(Nw{DR*C6Y=!aW+Gv97Uaq#j zZNi4Neuz$<&~CCCYV_mu0m`F}DxbZ!7@`Qp7~HtsNLJx50!YLq@iUvW7$I!5?-URb z^E5>D{h+WBPstethVc~YA^gMX>OxFqG=*gk@{3aO&FQd?TWO`Bg}AXvKAJ9{H5a8% zw+B}0sc=P$8)uo6YFSN}yUj%>gJ7(eKB#}N6mNLB%4!V_| zxJ=uaT2?I|x;A(=)jtS`SoI4q!6=uS!zfW2{D0O$|7G;`kbgXVEfPadBH!R1+f{&g zJ+{2Kz;}zccI)?Zk0V_FkkHU^o&djUV@#%f|1TR=+)q}-aeCi>*Yt{ImQa=(y_aq(*{r6MKA~F0bQuIai^00r- z+A;KSpZLrTNX_k}m!FEE0~iPGiA2pu{nxBbqm1RcjlKf#VoJNvVBsnZwxz2sB+8+w7Nx#Grorr_Dd{w##$ zI3TLxK3wc@FH|a%HyaU4ev`>ry~bLWf&Eg%#9&2*p9hVV`OHi7x2dCrMxO#^PxL+$ z5;Abu?=;%O;|QGPne6ai3`g9nNDGx~Gq zzly{=9mK~7rP~!;J>p)${|H?~F`v}Gxik<3T+1kPJLal$p^U@G@A3Z~sEeWZFdy?_ zGY-Mn70go1mDn~$3`AhOCv@Cz&o_O6Gf3X});ZD12Cl*l9M^zVt42*I2EdwcEK@Vs zEI+O~U}1r=!$UCc+9DL%#C^6&(wK(6v8H76y zvc&L>Mhf=8FXa5gB4$SbA&)saPNin?vSMf#7=(t;I;-AH^8_!)#Srby&#D8F1nq4+ z@^B;FQc0^alN+JJX?eG2a*C5 z>Xhol)`5N}r5Ld8f=BB+UGlFq08HY@`!Axe6#ppt5(1;CGcB34nwcF3GD!Rr1B$QU1kEJhjbH%GGwo#{0A>R;o3T+KddSSeKdO&pkj+NN>kF`C)9HMM zZzRLBI)ggjg)k8;6MV_jv7JHk?_VHo`M$&oOcdIeA(g0~Lduk$Eh!*y`R|C1mVVyN zW$Q@==Oz-J%_0X8{CbgRNn>Ho22p+$kc{Q#4$^U=1$*Q}=L2&f>Ev!~F?k^JpNEEw zlF#*)Kfk;oo?wHLV=L_- zTTc%3?4SbCmg^<$(+dAb5*z*kJwfCjrzC{{$`} z-u5bJis4S|#vi8b?J#a8I)&0ooxH;?_xwZ*rK4A*S|5Tm$Fy6H=TI7u@i`A8jD{nA zK3#m)PWY{MERo}vtsSP+DQ9+{0NP>V^;VFUH0!pBj)OSJ4d@tm^iB-jfwtwR9ZT$j zVCs+XlXH=QBTULIZW>M(vTNh&M8Ik} zp?7T}6$cZay#{0GmA@S>KI<@^(#6n=U{fk6J`+V9x_+PwJO4|fBf@|nWH&`KGKpE_ zGncK+z$y2m*i+^DW|9}AsMN_eaE@p-hlN*N0$5`kA7Vou_GbtA9?Jm!r7;Xsd_87f za(un=vHmRd=vDpr9p(LPoF|eTqS1K*zF$XU`SK;4FZ`SJ{Ye%O!)M^qOYnQxhG*>p zV29P#MK%6TF0@MOD*l3uc0db(kJq$SYX)Su(oo@i=JP3CNAZNP+nr~X-Ptu!bE{kV zFuO(!{SLLFv(mBWjtFAzGRlU4JkB;mrgK{0K0QDyryzJwbU{3~@g;;@=5}_)y>c}! z3Lv>j{E)k=s|zvbyWOT3+-^vKCGFfHDNWJaO*pGv3x77ixa_Lv`KqdYEbSKq8M(bn zGF5q<+X9;rQS8rvkfE`M1cY?SZc$E4auuRmJG~Y2?)vr1*Ot36U0oRLGncH%#OI}A z_yEvng*Ec((DLD8>Bo5U-~gl~pBR%Hb1QWvN2poaeT5uy9`rvXpD-C|tgt8Idw)5r z`fLm{Rl)2nIYWIcLd@1SR&^8+y-nV(LwFj3P0^q3qP*;#Zlzj5C8IOWy@59X@?u=M z@K=D9ls#@Zgc2>jOmbj938-5!Wo6w&Jt_H|u#ubxu*?+hR@~1o*K&{>odY-CS=5I| z9{Caf)60kW-(RlaTi@rV*zEV?;C3G5MEzIx8wf~nd)~qdt0SP6+&#Q#hTMHYz>SFP z@kTSX2#ef6nR(W_moF)@=cVH-a0T2Cy#+GZh7yo2et6E+#k5CssTiWoI6OIUF5@TL z$CTrrApX8eQjQ|vyBW7Zc*MD%L^HMnAw;X}a65G|^Z+`cwDqnptZ-iheUp@W_qZl7 zMUAxkq-5%X5$;x2KffGi4S1ssL0@zN3mvwjkf#}3f$d>1Mah?xNc}e0Lvo%EyiV(m z8O=zzZh>R(tnu6O3y;rK{I8>>TJ1|r31r53ri|6eqZgG^1=#3SxmnbURflw+G#B9{K~6V;eltH7+WNn5PL? zww*Y~om^U~NVXho6rUj}1-V^DyHd(F!$!p=8R9b*Bw*_$1`khiFcOgq#)!q2ZXY9- z(n?D_^fRD`LtH5>jRR%;SH6Ud|J3X#cVR@bo8Sjrb01Eb!N_ZAgc7k7YK0wYrX49u zT2yQRVQIy`oWApQ4HGynjZk;&@C(|p;w+`Z71+t4lVA8(@VHG3?FBM8g0W4#Z1pxq4J9nCI*1l8IxWF*vH8i|aT;aXP9--*YGn)SlvDBL<}EV}$@BP4VdpyUyY zLf&!A29l=jmOj#Ou^IAe#5!TQTTo`JOqcMYXcWDd2^t1w#Tq;7$T5_@W zd%3QLIEhu@s$~C_2FMY3p4bM13`srXjP_&HZD}Op-2ilZiFYkp1&kYMTdq?(g|9vX zVxaxN5A2o!KT@AUJ0U3Ko)j^(9uH95MzoxO?nl}EbU#*KOA?zrN?Do6B4@OYai;{^ z3rLW#Pxk@k7$p@BS&dME5CmQP&>ar3Q@!rR1JTV#r2v&hifip!{s` z09c!WWFM>?rGuX{`l%Q$MXdoPy#q>Ov(YYhKO}}neYc$Rd&=R+&uJtNfS3I}<17I4xehkhmj1^s!HV)Yp z5LoCMHxA)5#0e2@Dj?TPBZ_;T#L!vHMC8Gm!UK^3$z~kgf#EWjBF`xshq91rF;W_h z6vSTP8Y2qU5It31L?3ByA!FHk642f7@EBt+mI`P|+lQ=#9ob^3zBxJG+EvI*+Qs#? zHCqfe%W?s2;=5Ui1X~_bINwo@MpCEOUIM@Fzy>DgS2*-|y;~Crw(CGNUXOD4wFM*v z2*m|JQK_RTt!)4jeG@2IU@{8u>^C^>TzpW)(aH1=2Bw>n>DvdUA4Aw@q9G@8)+gbA z(wAO?^xpooSbpar`d|*mH61fOL7!y3-}Ke{C+hKw2m*bR1CqLX9I*o}C$vvMQ3z5>xfBRsRnj78 zoeom-rW3Ohyifb9d^R}^pTtuy4B%*kPk$6B9Z)9et4jJU5;OQ-(7+qH!1FX2%K|qB{4!vjtcxX_K;ih9D1ShF0zVe9E&N#6 zGCR~JAH@-vi;J2PJ_nqdzt>+QcW3+GNs>qmDKxK*DHO=inuu@K^LHj6N2Kogc;J*) z0-WKm3EVh9r2Lk**yos`4q{v6H6$m&CuV0tB1=k(M`>T=R!+I;HkLTQ=Y?XCwN{Fa z$2dHP4KYnZYdok)8wpmSiRP1q5xGZ~2K8I+VglQ(Xu8-BSZ$abmc27`iB0D9VTIz-_ZG{MJnouXjm`X#d0qW?py%hEZb}`2#I5k;Tvr%pFM(4ZnbmmPufJw0n6^75;#6t z?ae*~T73&MHU;4TxZ?Cox-V*`HC`zC5vR{02o2LR@!^q2T!0sP75tC4YM-fYnfPe4 z70(TLXtFO8zutz2U3ggDh~%%U@esqqkCFdy6|!2O9e$06HPzyq+i*(O?*{3q4gWOb zVUYhizQiJ^;V)u%a{8zV0_ znHh7Ucdu_}xQi7Rgp5Nrn>N}ZKK(U16K-7jgBHsp(@AS?)mB{EqDFn`n8~`SSqnEF zta|L|ffk%wB>w;+}uTOW%krS27%*ZsXpi=Bk6$2esaSyFp^;B|sqiNNFP# z_SG@mJh}xcp&``!y4-^SqZxn;GjnKGV(Gra8n`v#|Fc5iL%HV$kR)EcmDI`loB9-A zts9Cq=O6$7VrId?x|ha9e5RV1>sR13qyNzYC;@6JicoAQiBA1*{pOu0e+@MH%{|O* z?*F1)r+(!g#r8htC!)NQ!oE)~B<{^T2C)sEry1r_UkB6DRB}-ja*(~F?;<}3O^Wr% z(}F0?doG4EF^4n@K8R&!p^w_F=mX743hAL~yM%xis4pIY#!vyo=r2g%Nuyta$Re7Z zVwk#~fcZx}9%wdbNk5-}#jqX$&Iwc{167*+F4Y8dXqvk;I{5*wI$E}Exfe~K{&nH*rLu|P1(FuK9Uq?GVUO>Tm=qkTr* zuaMDMh5h4~2=5kRGkDXq|G^tfhNC1Zn$?m&#o=vnI1+{)cGD((gE_$M-J_>@k$e8N zNOiJEJ&F)^Q&FbRR-{Xz;MeLG5QJ;MaT0Yc1hsYGp4j2Q%yk1j1oa zJ}b(vP$|B-G|Sjr;xRkzWIMECn~OH^u+uf3zGS!mdPh9> zxI27S3{iLrhqIyNeBC3XacUw+g>g1VET#KWC1<_()SL7mzIoDwE9ho{Jl&7lXx1cp zr}OP?@X|{c7iUH1zac~)q-`?}N|Y(cq93@#a@*vs ze98E`SkLU!hySIZSo#Gz?ZZU@r62Jj^Swd-Gm2a`HL|X~%y~*I{Ribxd(nx*f&Pk3 zMBdM6kP_&=lk|s64}3g|Z4fuECn{8F7WuO@+}DotpOtUDj1(QGRe}K4AK~8OC1ANY zC|E6){s~3kSrX-6(}Qwq_u=#;?N%U4u}xjtuklLoDWw(krD=5#bl8Y5Pq2rZgl{i< zAOx`JGB^~8AAIyHLh2%4w%V(c(Rjcu9vCcjZiStF8uUetM|Y^1e@M;{98}Q$4s=<4 z9dO3%JH>XN&@W!Lz8`&i`-L9yzN|t?=KQ9(fJn)!9A@czh@MzE+DQ4Zs!tQ522uIx zaD7u^UZH<eb;90rKkY)F0uJ4XllF2!Hzk*5>3((>1>cj7MxBZh!(hyyQtJ>fa|vn{KU$ zYn5nK;@9+R5#lajco5JMsOd^#LOwdDA1b{(5IidujUx{HAr-?u8w$n!u<=w}D=-TY z{o1_%zX==+B*|B*)e_oh=>INMnvu%tF zCFQ*s0m7jW94kWe%Cil4$2mmj4)Hft%(OQIMZkktQ*P&B3WSi&V{1!e_+}9Ju*cHb zv{I_KrkGHp3rDem`2dSN$IBp~{6^d;iw18&gI^)QoGI^+OvNRxxby`|DKkAs)y0js z#SuxFS|;JBL;_D#Q}*$i6E;&B0)R@+eQV#P$EY8HIB%@SQ5*tDf8}5)RPWzm7XqE3 zW8u0=>?i*Z$}l+&F?(KoO2rEu$rkh>Mtkx(vDnH?t;~6#_^T}&5dTjqq5AALP(3p8 zu-gsg7gbD+yA>^3z^`MQ>6>6-bDqB5DPkb3}R%n`XJ0mmE18UxMN!hJPm5Q_VAjN{)RFG!TQy6Im0zd6MKnUQ-9Tf>5mQyQYn6^Aka3DL?I1149Y0Rz-85rqcvk) zDDSXfw@}50R5^oczfYgqQz(!aH)14yPV5d)u?eABuwlV21(>C`W6I4W4rTJ^um&11 zRc^LQ5ggjgxXc8WoAO-}`>*^@H3;JV9Gdtslw>>&rg~x>@J7aR&gA~2?{emQM7${HOw!CVl4BVe z`O<9S&9{=gc>)Co5yr}>P5pEDaaEaeSFq1962>tqA;&ml?(}@yE z0%{ZS!q?pdf4&Z&-{H?m9cUAi4aQ2w01m~aDX446nXmwL9gmp_Mn z4}Z1-KW`*WJINW(Ww0b?PPl?H`f+9%F92ctd5<@{4VEN+F~Z^A9LvH<%x+g_9fUy_=NTln<2J4bEfAHMxZY_2!EgH7N7D~9fmEm2 zijs!?fYW2%D?HZMP@Q;~j@|GH>A~qx4}TpXY`5~U?`Bc63mff@(YT-|m71~9f%VA9 zDw6rp4N1PHbG+c|wJ2_gS9zrk4xnd|9I?EBvf$7#zo(=Rjqph{5wTpzbN#b%g4mLV zXX6yHMKF?cjDy5m8Y-3ykhw8~sRM|^jB#O`l>?oqs)!4E-Vj zBcl(73#2@$c0R%l#WEvn){Ug}^nO-vFddDkV00>$kpLD=y zHU{npUEayE>+$18xDgS*5GHTU>RT7I4e-Jz_1DDw{uIRi{`uVvgh%ti>p#R=rZJD) zN_(m0;hB5{LpSlXAaPdT`cnB3#)c1&dP6mtDyVQ1uMpVZuNR@=s0=OS(&={c7>{P+ zD;+B?P)>0%j?OUny=ti6X+$x8ONnw&NzZcBwzDiIAd6HR1@|M zsEpO9fmw`Y-(%xlj+kqkNgYr;Sf>8UA0za5zm0~Ixb_QlmNQk}cbIC@e`G2#*?e*w z28;WnYOu;^$;W2M{81wcj5#v5gCjg_)L2WRY;C=QOGx4 zX|2ZmAI)Xr7QR~hc%dMA0{)>BdC^}QR471K3v3!4vtrQ?#=VnwAp z42<6;{@xX}SKBkfITI>LWQ?m9@i6`7Nv~c@GSg1NGb>^#gXAZ+dLE*Yl<+KdDkdxR zZ!Dw;vNq#++L(P)>=-DNXUYNk=|k1dq7T?{-jPSuDtwgVTsec8@R z;zBSLxWVTsK9xg&l=Il!!J&#br&_`HvaqI)T4T<^KH`j2hE;)^V`~gij z&Cr@Z(|(N#TyIM76Ey~Dp}n3+$Mk|1^D6Nfx?BuHI2uRnaY4^BbYg}3E;&W^vI+cP zEd7pipM~?(NkX3s>`gRp#iuAl46$IDVwn7o<#U;s$l#{ZL13eHb5Yy30*Mc>Z;PYfOa1CVjU7ueoWjTUsUX+WgtI(~5& zS^UuvxVHpDk6RCRz*uWEvFPJK<~n|NzmfsP;Zdu4IihuNxXPy83lSps%s>Dfb(eQ% z9+?he$T0iJazFxE4&>}be~4zhKg3uW7n-z5m|jddgX8s}o`xpR*u|&ly0^p|I` zc=pE%u(P-xi_mQhM&kMe@}{+OrAZ56tp^KtgN3y*fXbJnQp@7&jTP@sE;-!;*1Oj+ z+4zi8Z{FNnVIr>(Xx6SGSxR{KALx=EVs^1~FuJa#qZ#1Y2vZQ-U27VEVzi7bL5-G3 z^};ATF0J(fHc|!c2gFv;A2SE)k9#NEdnw1mi*s8wD~d)ee?ksN4paLm&G_e#keKmL z;}OZb|NV?FPtJIa-;!foHUW)fbT7T;BaW`W{HMd}Y8O-;av@CVbak8j*I|^?Se2ei z_XS}4CZidOc5;3(c`E$?Nmk>Fzr;w=!gBlfEiC*RpG;a? zN?#-x(R(0JK5yrP7<~d~#%jIt;U4I@{P(kckwAw8rFm}DeLb$Fop>3vB`+Mo@VJP4 zzIjV(>BVcvn0%)yhROgIY>$hFaP3KU7Z(XW+E&NnrM|{RPB$)y!c-$-E8z)uHa8$1Pg}LWD-5y$i^q(0a;I| zubBv3pxov0gh>|w@TZMye83|}c%an5MxIAlOam4u3oLS5C*3!Wa6o}PO8d0&iA#aO zS}I>b2|N|;Cxdue)Mb|V45AE?qXTWL2OH@g7~Ji>Q(eZyhai{cSJCY+nS@wNcUybs zR&${1KnuSw0^2uq*rMjYv z)Eu5i0*(w9a7`Q+Np)7)l-(6zm=T7M1COn@rj;#mRPZF+~ty zRJaE*)`)*kUeQC~l=?-BwRfRD;HsLwhUH_+Av1{gmlO?G|6WSi85rOejY1e1omDBy zhyK}#+ba0-4BwG@1zKj&kRu3eX_hRZ6W>^wr~r2^0b&lnsSv7cmK~*Nbf@@$)5Um! zDupXat^_vd>heW3L_ngA-qpv(aa{K~k)p^WMbef(6f3eP zZkSM&c%&3LwOKpjkrc_Z^}&dgESpiJz1ul*&AZ+6e(=L_YC5zP(Mp1#FbeO5J&;UW|$OW2GP+c%Uir8&x_V;FH@AghQnL*O#9}RAIc4pq2 zdGF1eH*a?Lc3yY~0Duf;@rrNLL2Ue}Fo)&lkKxXbja`5O2}|@g7CzH}ks55r7jlbo zHl$bGe?m{mwp{%hz>?3eewQL_06G8p)XEP=^yZJL_1Ap^JCt5)K<4mE?fCBi_I*rZ z+edu-{qk_^QW6_KCR;8hY3Ijb0Cv1KvYx~yjzGk}gpw_wZRL&cg96#sp;1^83$qoc*~(`1fY|{>XpfLojVx2+{2?cl0cQ^W}G+Q#Ww&MK@W?)z^Ug{QLBR z_x#S4pDkZGaPhsSq^iOJO(lPXwTEVQmwfYYHB(+AN!Lq!0 z2o=B^KSdS~?+BFrokQ5~oErP`!~4DkK&-#veJrh~o_{ySmaz66yflV=Ct6bYE7lhS zX^IZPbif`p11c#|@NXl6O?3=9o7MDtWhKKdR%St5bdgefz~ zr+X~h@=x(e*RZ{u;am1J_pE8#$nh?d`wq?t+^diw3P0kw^M-2*vl==xW93X&*b*lS zf5h>5R^eRNM2N(@(XitRbC+r|ihoRGgf$m!u1pq-!X>$^jn7;D3?EMo6BlB^@_{L{ z=$d=J;RjxswGYCdH$3hOH*eVn)stSV@O&MgLnMHz7AuYMQO7aUiz1{v+U`W)6@+a{ z*@#@0n}HzdPfk9e8v|0gyZBs}cic0kML+NI_>@!dEyq5^GfqBl*e0KvGTiA?JdsG8 zipMKRmd6cLmM`Q4FSt%dcpmqHf^g?7&vCgwW0boH1yTpVx1$6q`!wZqRALG$gdkAn z1~!LuAn3i^vN=R#<)Jzm$My}&7A_a|oaH)pUf8~uh{umgQUL)91DV+$=bZOs_VAt_ z58UTOkLp0qkD+eVS(Tf2Oo$H{Hw-BoT!2D?+EZr1a0Pel+#)f(U@5x&8BwbT3( z0^>sV$igB7P@lU=hpX|yyNM#=W^tG7QW~y%ct`;h96i%_lZr@2N@;k;ut5Qb@@1?n z2`3-qe2Y}XxAFpAMhwmogLA@7JDwosD2%(7?L!yR!Spm~t!0CaJPe3~PH-^9OyRl; zeTL9yM6RGPBj~cXWC_|Lg@&Bf=uwy_bi*Fis)K469mq3*3$^q)D3bsc-1tb4%W+vT zY5kmG<%~3Vf*L?8ITU@y_X}QsZ|^khM37Ek==44T3VX}L1x8N~u^u-RmT$}ok3UT6 zALKvPA71R?^D_cn7^Z2Eq=i2(gw6L#j>w2k{wh*G4nb>~L99GW>;xnrvK==V`cQ^x z*T{1k`QEAcq`OF#p>7S=+j9&yTXm!AQ#ppTp^Dlmvf~)^A*?5S&w|p(VX3EyDtmm~ zmV$>yn8G(QGd$}$d1)V9Cx_0M=DxqkyP+$#^GKHosxXgOjhh>R7UAjcHb))^JEz#vrp7+Co=5u)W}3?^hom1!QpN-Gwfnr zW`CDiZQa@KnYj}gx1S9kKRkFkbtE-;didbr@lm!nk~48|aw0X%`WPuXi`q%1Z2{AR zmSP$rRU*{_g6dhPphOT*9e8?AogMPycYBDjg)p@L-Q=z%#NF z290etPM(t|4YVn2Ofl>zd=52H$a##)eK=OYfj>ef!Xi`cay1bDA+iLDI4CN8x+Xd^AoUblRJT54V(=; zNOH{al&j{<+vP-Hy8;$ic2ClTmk$3A9SH(3WC^R;h zb2779l%VkG06bLsPm5ToK&2B?CUv9~`oRT}p}vC)p_>n-8M=xrseMLB z6YTj8dfc(6*~DT#?c}VC6f&}$g47S&$de1LfhKVQ=NL{L+-%vbWM20HIF*#ZwavIz z!FSw<*T4o1v$mM@O8KdwN)k{g9;u$PY0^kmZkx2gBUBP!w1u)}nNSfa+j%FzI>O1o z$6*s#t_VHGG7e0+?80#un(Sa1gFc3%ZB~yg_;nePL#K=cwo)V-Yts2Aw_EjA=yYKq zkW-I7RD&jkf$Ebx=%RD;XwhWDa@Z(W7|tCuDNl^ZfmRs+8j5t2G*b^U1@4h5%TeaB zLl6X?!NMU;K9VQE6WSPe9pA|~Io&$0`NR2yBM5AiB14F-fn&XH_=VP_PCh(g{g|s)P_KB{UW)sWN)j z$de7Jh7HH&jS8h9&|+dCU^Q(=;CaGDk}EYD{$V;g{BLAmY=sv!Cq`QFg^o@K*(}sS z+0u$2G{osw&W5ECvIe6U%8Sn_htg$Bswdzf{}xInTyoP1@ddr zX_3-sE=C6Iha9?U5`&G+I~Xh#BlhXQ!CW8~GD6^P1?ep8rWNGT%YkjO$7Q$ctZ>GV zb6a#pb7L=J@+0?uXlra!!)=d!xUI9Xb?5E(etgDu3Qwo`=BAEqcieeT^IcoIKYI7} zmU#P)`?`K-`3s-_*zfLs_>oT?7#e-_@X05hocheE&z?SGWK5Brww{{Jxt_oH%;%nE zNzW6mH2zsET!blC`Q6GP!?n39&iXO$U}@=0+txEQ4ajA6KS#b^*J+~+BZCFHwwuv% zS{CKg)^q?163sUqtZ=BOXsuI&+#7gqFRYW1>rGpBzdBJKQfxdqIi|&gds}jU2gEY4 zSI@|jM!Z`?;jiyi@jvT0%&(32X!v6~p4ago>-c**{tq4Z^qt(@cary=?CD$B-M7H| z78q8gEOlgr9Z4Qxwqdgb>)DNUWZy}Yb(52`3-s*Tr|3DX;rwr$&}6z^M6 zXrWUpohWQ$x5ZK35Z}ULceb>)qr3@)t*nV~G^T{qCqSrxnzvHnUT4k$zp{P`|ZvMHINYqNRSF!CwmdBedhOXO6MhLT7A8+m`09qCY4fHi(U%T3?6F zDF@2ik7Eq^k5TS$d*|{dGv3}j*7{_7Gy5pACUGpF{BO(UPow;?)<{%S0pIu-7CH4Pcd*_!nCEK^3ZAiBB<;IcrzCyg6BO}?~IoRGj*t+ShXnF)jjsns7 zJsg)#udl;ymILMg7{?pP{}|BpW|3XzVuy(+xfGgC>g1bHYD19W__Jt!>}J0 z^dBOQ{1YUQ3caXdxpA_6E!OZ#Op!PuNtRXa0VuuWcIo8$`fkDlJ7Xea9+mwzLlX$w zo7k7=gQHKh(jmjEXJk~*vF;ljkmVaaWi|Y`jtBno%uP|FKBfkgV!A2PuTz-tX7G#x z4=!1P-iBidAJ3*(B8vn|xDGw!UIf;52So|Js4v zQ0f!vCkm@$cVjM!!Yi9RE1uoaL=P6 zrweCP`2`i#!q=vMA7Hp&QpRuA_{|%{9|bOv7|N+r<9BWl|4kVK$5nRu9HqUSiHi{b@n|NlYsg{$3jl|wlK=n!