From 83e05d2342fdd66a03cd05115bdc2244e59027d3 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Tue, 17 Feb 2015 12:35:16 -0500
Subject: [PATCH] Add tracking of the kind of temporary access tokens, so we
 can display if a pull/push by token is for a build worker

---
 data/database.py                              |   8 +++-
 ...e2d38b52a75_add_access_token_kinds_type.py |  44 ++++++++++++++++++
 data/model/legacy.py                          |  19 +++++---
 endpoints/common.py                           |   3 +-
 endpoints/index.py                            |   2 +-
 endpoints/trackhelper.py                      |   4 ++
 initdb.py                                     |   5 +-
 static/directives/logs-view.html              |   3 +-
 static/js/app.js                              |  14 +++++-
 test/data/test.db                             | Bin 712704 -> 724992 bytes
 10 files changed, 88 insertions(+), 14 deletions(-)
 create mode 100644 data/migrations/versions/3e2d38b52a75_add_access_token_kinds_type.py

diff --git a/data/database.py b/data/database.py
index 359072268..eebea7670 100644
--- a/data/database.py
+++ b/data/database.py
@@ -333,6 +333,10 @@ class PermissionPrototype(BaseModel):
     )
 
 
+class AccessTokenKind(BaseModel):
+  name = CharField(unique=True, index=True)
+
+
 class AccessToken(BaseModel):
   friendly_name = CharField(null=True)
   code = CharField(default=random_string_generator(length=64), unique=True,
@@ -341,6 +345,7 @@ class AccessToken(BaseModel):
   created = DateTimeField(default=datetime.now)
   role = ForeignKeyField(Role)
   temporary = BooleanField(default=True)
+  kind = ForeignKeyField(AccessTokenKind, null=True)
 
 
 class BuildTriggerService(BaseModel):
@@ -600,4 +605,5 @@ all_models = [User, Repository, Image, AccessToken, Role, RepositoryPermission,
               Notification, ImageStorageLocation, ImageStoragePlacement,
               ExternalNotificationEvent, ExternalNotificationMethod, RepositoryNotification,
               RepositoryAuthorizedEmail, ImageStorageTransformation, DerivedImageStorage,
-              TeamMemberInvite, ImageStorageSignature, ImageStorageSignatureKind]
+              TeamMemberInvite, ImageStorageSignature, ImageStorageSignatureKind,
+              AccessTokenKind]
diff --git a/data/migrations/versions/3e2d38b52a75_add_access_token_kinds_type.py b/data/migrations/versions/3e2d38b52a75_add_access_token_kinds_type.py
new file mode 100644
index 000000000..53d0ae9df
--- /dev/null
+++ b/data/migrations/versions/3e2d38b52a75_add_access_token_kinds_type.py
@@ -0,0 +1,44 @@
+"""Add access token kinds type
+
+Revision ID: 3e2d38b52a75
+Revises: 1d2d86d09fcd
+Create Date: 2015-02-17 12:03:26.422485
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '3e2d38b52a75'
+down_revision = '1d2d86d09fcd'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('accesstokenkind',
+    sa.Column('id', sa.Integer(), nullable=False),
+    sa.Column('name', sa.String(length=255), nullable=False),
+    sa.PrimaryKeyConstraint('id', name=op.f('pk_accesstokenkind'))
+    )
+    op.create_index('accesstokenkind_name', 'accesstokenkind', ['name'], unique=True)
+    op.add_column(u'accesstoken', sa.Column('kind_id', sa.Integer(), nullable=True))
+    op.create_index('accesstoken_kind_id', 'accesstoken', ['kind_id'], unique=False)
+    op.create_foreign_key(op.f('fk_accesstoken_kind_id_accesstokenkind'), 'accesstoken', 'accesstokenkind', ['kind_id'], ['id'])
+    ### end Alembic commands ###
+
+    op.bulk_insert(tables.accesstokenkind,
+    [
+        {'id': 1, 'name':'build-worker'},
+        {'id': 2, 'name':'pushpull-token'},
+    ])
+
+
+def downgrade(tables):
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint(op.f('fk_accesstoken_kind_id_accesstokenkind'), 'accesstoken', type_='foreignkey')
+    op.drop_index('accesstoken_kind_id', table_name='accesstoken')
+    op.drop_column(u'accesstoken', 'kind_id')
+    op.drop_index('accesstokenkind_name', table_name='accesstokenkind')
+    op.drop_table('accesstokenkind')
+    ### end Alembic commands ###
diff --git a/data/model/legacy.py b/data/model/legacy.py
index deac1f02b..13b4b9471 100644
--- a/data/model/legacy.py
+++ b/data/model/legacy.py
@@ -15,7 +15,8 @@ from data.database import (User, Repository, Image, AccessToken, Role, Repositor
                            RepositoryNotification, RepositoryAuthorizedEmail, TeamMemberInvite,
                            DerivedImageStorage, ImageStorageTransformation, random_string_generator,
                            db, BUILD_PHASE, QuayUserField, ImageStorageSignature, QueueItem,
-                           ImageStorageSignatureKind, validate_database_url, db_for_update)
+                           ImageStorageSignatureKind, validate_database_url, db_for_update,
+                           AccessTokenKind)
 from peewee import JOIN_LEFT_OUTER, fn
 from util.validation import (validate_username, validate_email, validate_password,
                              INVALID_PASSWORD_MESSAGE)
@@ -1902,10 +1903,14 @@ def get_private_repo_count(username):
           .count())
 
 
-def create_access_token(repository, role):
+def create_access_token(repository, role, kind=None, friendly_name=None):
   role = Role.get(Role.name == role)
+  kind_ref = None
+  if kind is not None:
+    kind_ref = AccessTokenKind.get(AccessTokenKind.name == kind)
+
   new_token = AccessToken.create(repository=repository, temporary=True,
-                                 role=role)
+                                 role=role, kind=kind_ref, friendly_name=friendly_name)
   return new_token
 
 
@@ -2024,10 +2029,10 @@ def create_repository_build(repo, access_token, job_config_obj, dockerfile_id,
     pull_robot = lookup_robot(pull_robot_name)
 
   return RepositoryBuild.create(repository=repo, access_token=access_token,
-                                job_config=json.dumps(job_config_obj),
-                                display_name=display_name, trigger=trigger,
-                                resource_key=dockerfile_id,
-                                pull_robot=pull_robot)
+                                 job_config=json.dumps(job_config_obj),
+                                 display_name=display_name, trigger=trigger,
+                                 resource_key=dockerfile_id,
+                                 pull_robot=pull_robot)
 
 
 def get_pull_robot_name(trigger):
diff --git a/endpoints/common.py b/endpoints/common.py
index 2f5ffc67c..9d4be7771 100644
--- a/endpoints/common.py
+++ b/endpoints/common.py
@@ -215,7 +215,8 @@ def start_build(repository, dockerfile_id, tags, build_name, subdir, manual,
   host = urlparse.urlparse(request.url).netloc
   repo_path = '%s/%s/%s' % (host, repository.namespace_user.username, repository.name)
 
-  token = model.create_access_token(repository, 'write')
+  token = model.create_access_token(repository, 'write', kind='build-worker',
+                                    friendly_name='Repository Build Token')
   logger.debug('Creating build %s with repo %s tags %s and dockerfile_id %s',
                build_name, repo_path, tags, dockerfile_id)
 
diff --git a/endpoints/index.py b/endpoints/index.py
index 660ab94aa..d1a902915 100644
--- a/endpoints/index.py
+++ b/endpoints/index.py
@@ -50,7 +50,7 @@ def generate_headers(role='read'):
       if has_token_request:
         repo = model.get_repository(namespace, repository)
         if repo:
-          token = model.create_access_token(repo, role)
+          token = model.create_access_token(repo, role, 'pushpull-token')
           token_str = 'signature=%s' % token.code
           response.headers['WWW-Authenticate'] = token_str
           response.headers['X-Docker-Token'] = token_str
diff --git a/endpoints/trackhelper.py b/endpoints/trackhelper.py
index fb99a2c2d..070927eac 100644
--- a/endpoints/trackhelper.py
+++ b/endpoints/trackhelper.py
@@ -34,6 +34,10 @@ def track_and_log(event_name, repo, **kwargs):
   elif authenticated_token:
     metadata['token'] = authenticated_token.friendly_name
     metadata['token_code'] = authenticated_token.code
+
+    if authenticated_token.kind:
+      metadata['token_type'] = authenticated_token.kind.name
+
     analytics_id = 'token:' + authenticated_token.code
   else:
     metadata['public'] = True
diff --git a/initdb.py b/initdb.py
index 15c62bb0b..14fcc1441 100644
--- a/initdb.py
+++ b/initdb.py
@@ -192,6 +192,9 @@ def initialize_database():
 
   BuildTriggerService.create(name='github')
 
+  AccessTokenKind.create(name='build-worker')
+  AccessTokenKind.create(name='pushpull-token')
+
   LogEntryKind.create(name='account_change_plan')
   LogEntryKind.create(name='account_change_cc')
   LogEntryKind.create(name='account_change_password')
@@ -393,7 +396,7 @@ def populate_database():
                                    'Empty repository which is building.',
                                    False, [], (0, [], None))
 
-  token = model.create_access_token(building, 'write')
+  token = model.create_access_token(building, 'write', 'build-worker')
 
   trigger = model.create_build_trigger(building, 'github', '123authtoken',
                                        new_user_1, pull_robot=dtrobot[0])
diff --git a/static/directives/logs-view.html b/static/directives/logs-view.html
index 5038895ea..cc3c51d2f 100644
--- a/static/directives/logs-view.html
+++ b/static/directives/logs-view.html
@@ -56,7 +56,8 @@
           <td>
             <span class="log-performer" ng-if="log.metadata.oauth_token_application">
               <div>
-                <span class="application-reference" data-title="log.metadata.oauth_token_application"
+                <span class="application-reference"
+                      data-title="log.metadata.oauth_token_application"
                       client-id="log.metadata.oauth_token_application_id"></span>
               </div>
               <div style="text-align: center; font-size: 12px; color: #aaa; padding: 4px;">on behalf of</div>
diff --git a/static/js/app.js b/static/js/app.js
index 63f697755..6b936a302 100644
--- a/static/js/app.js
+++ b/static/js/app.js
@@ -3314,7 +3314,11 @@ quayApp.directive('logsView', function () {
             }
 
             if (metadata.token) {
-              prefix += ' via token {token}';
+              if (metadata.token_type == 'build-worker') {
+                prefix += ' by <b>build worker</b>';
+              } else {
+                prefix += ' via token';
+              }
             } else if (metadata.username) {
               prefix += ' by {username}';
             } else {
@@ -3325,7 +3329,13 @@ quayApp.directive('logsView', function () {
           },
           'pull_repo': function(metadata) {
             if (metadata.token) {
-              return 'Pull repository {repo} via token {token}';
+              var prefix = 'Pull of repository'
+              if (metadata.token_type == 'build-worker') {
+                prefix += ' by <b>build worker</b>';
+              } else {
+                prefix += ' via token';
+              }
+              return prefix;
             } else if (metadata.username) {
               return 'Pull repository {repo} by {username}';
             } else {
diff --git a/test/data/test.db b/test/data/test.db
index 63d2768c14cff78e694a40d7549b9ecf17abbb68..89d4b3d8cd3476fb923d54f677f65d9e0bcb1826 100644
GIT binary patch
delta 13898
zcmeHu33wD$_HW;=s;;U|cRC@21V~7eg(M`MR8@CXbweOz-xCtZDhRzoARE~T0TLR6
zvI^LvM`sjpbWjI(k*MQe(HRg|bR5SSH*o$l<2a*(Iw~$G|I-Oe0P#8Fd*A!M_r3no
zmC9Xy=iF0gyQgl}9ZXxdCw<4{@K%jR^8kL&es0{EZdF?~mOmvi*u<LN3U=IR`r7ol
z>0{FeruR&LGQGv$!Rxuztg5?-`GQHO*HLe4yU8(<69_l&qx_R2!PrltuVeT?tJX{=
zK=@WZBCuP>29DCfrjWqnS_>HuFAtE}B=UmZ>$Duq7$hmwdS66fkWvEMuwm(D-T;-o
zgnj5`DvEI9*r<|h;x7n%tepf02M8T7GE+zdIJ-$?;3K^OsTc!Ij6lKzTbS8o95^@g
z5hL>hFH?MQMo8cb><EMM)ue)ipPP6cHy)0zCPmsQCfL_ca&g2N&corwei8z)tBFNB
zIW)Ms9AY}#IT_aWlQe35juD>iBMN-jPsZ>J+xv+zu!s8#F~E#I;vmLz^a2(=2e<T*
zRLVao1a4VLY&hmTv)CJG(dQF=-~oLqQa`i4Ou`4uA&KzHN-{aHDCCbwti6X65I#5{
z^*W<2u*kr``#oej<xgh=#|?7`7no{nCAz?NV;*6H!xm~&8CcPU;@1UMgtnjv-w9P=
zaW|O|NHfhM6ujL*Btk>j3gVIav}}}|M*OkOZ60r*)9v<lb#=Ed_qHv^hDB}8R_{e^
z)CjAC7qyOzj5k+Rn&U6(i8rUj2Vvq<{UL;nN<&%|-A-4_#kdzu)8^F_<jgNH&(Fy%
zFSrym@Ch>|@RmtGtq=8g(Gt9r%*Ts78!wYm@e)1Wh*vEtxaoxHt%t(RFPnsLEu~5A
z=;>P8(bLjm8Cj)?P?{uHPjidMva-E%xwlh4GV5)P=_AwIIO`Qt!Z<3GTsTQ<qLTQr
zlO7BUS*$*A)`|>kLtYON^bhJI`GfqG+#_5#8_<2K+pU|$0R0i&Nxe!9P%+wGa+FkS
z9)!hV`uKp^Jk=u9B5nNe9!d836wz*R*;SXtrr13er`ut*SXGDBBiL0@wkd)8JAj+{
z+wib?Pd>0FP_?3$i=El_QOXA|T@`q7#cqzP`t13T+Y;Xoba(FJtPj3<Q}N;#`M{*E
zCN4DAaWdlRp~k?Pt_m*fb;FHOfj%zqN*AIndh(HZaeGOiqq~<=AKlPaNj>&r;Gf;Q
zxvakyJztyaSs%E*XBVfQNZ4Ij`FvksW^WUxb+)`o)rzMBxAazUO5A_nS$25#BY{tP
zfzu~@mxijzI|Dmc_HyPuS1^`)%4Y;jeaPEy_kV0?5{3c?`gU>J%|~}q+v6dyU{w=0
zYt?H5bzvv(4?MA|B69rJ-~27+P{ckopAb#0#yZs>OHl!H|7M+V<l6kQuL2MD_i|}(
zh+od~+`S+mtVZCTC$A6rgFy|vzIqpz5VwD=nC^}YtX<Q@8SkC*O+<3?k-)Jv6`XcS
z97iooTM@9Wh4It9P&D%j-KjOSeuT&(n&tw|?TG<uppa9Qt&tVw3x@;M1Bkv!*c0-v
z{D{C81G_lO{<M?Xr)F&p>>8|&y?Z4-wO=;k<+ho4`FX4suf+5!UN!eVWLWo{iMc0*
zswII%1Bnlv-p(A9#*<?ja!lK*eUI|f2Ko`^3Y}i}0Q($g=U(GI`a44kL*6qyWLy-g
zH7yVQxoM7OEjr)QV)}oR2?ai6ivCl}S1vNtA7uGaW1Wt<=>Lgj_%3v;Sr>TS<y!L?
zk9;LL<Enx5kk-rk^z;jz|LfY8i=u<&`(jBR<u_b53Z-FW`kwgp=gR~>3kJf=1<Q=f
z#@OQT56-iA^AC*j8JEozCJ^no@69px&Lv?D!4MFsy-B0JiBhSP^j@Yy_bD6Trg5+E
zx9d~&5E2uz*)Z8~lkr!fNuk%7LQOvj{fkL5{Zg}4lT|6`qNYZYo{_lN)8*}4<ZX2}
zw*>F3BOws7MT&t{5;aL%lnJLqY9f(fok*EY-p*jq>uh(mcgLqTWPm}WVu^TeQWA#l
zsGV=mF-;s3<9<+Hm9CvNA+VK{kf;%`Gx-pIomTh5^0Ld$FV&84L?)ikP+*&%%p=k8
zt{>Bn$>-<=n?s>)JrQy6#`Ty;#0>vxJ?SE35@ZgMIq-`OBmt_1P~UbBkqn&q(h$ia
zQ=nsr#KS*_Fq2U>km)1_oEu0!i5qP{vVr80STI~oDv5biP#ss3Hk@|sYLZB%0(}j+
z5^6W1%5`2tCLvNVUxJ@sLo#vvZ?C~I32+j};Ly5_B$XtN4!C|J4v2?C8%a7zg7g7;
z5>yS+!3;4=yCwl@H{mj-jSjte6H(2HY*btv88VI}C@XrrJ>KSSZ|k|6<l%p9BKS#y
z&o+}3_-YGcXKx{Kh_Pr3NrnEcD3n{b;PR5;g)O-H=`dvrvJ|rw>8C)+RwS1eY>Eba
zj58*rvQd$d#IKH!>uhiF2EXa>-&;xTfyIOl8>Yj^sqDRG5_aG?S^34FVE1}`s@G$Y
z6`N|YNiJ6~MX*~G!Q++$w@dM=imPW;TZ^-Ei8rmyiz&^L5jD&yt+3VR)|QnQH!3xG
z^>x)&wN@^wx8>!QtA$ciVS%l*SZJJ|ug<NjF0U!9Qmd@F1?6Q8s#s$$v^G^qf+$;r
z63HT}W>KAC6=%pwh9uf0(dv&23DwkEHGU(f;dqYAv5TrxRo${hkz7`b%_AxnOj)cJ
zRS>*ZL2`LiNr37T+K9nQQOr@Q>P1N|uP&{!D!Ik;8}gNkGI6e2QEwG&`Hr&EipJWq
znrdrdQ$=IF?5KB$_NqdmxVW~Wp)7BdtBaTtRGZzgQg77M#%VG+5jo;=6xHXmDNc{Y
zWtH6)o70Y|mCqCEwfIDr-K9F*KE-2)V}I1jgJaewIvfsB^qYBH-&8-7%4-md%aP=f
z^vrGX*xi_&iGsu8a=2BC%OyBGPPfNyvpU*)y1SY^UKD?#<V+N$#JMX<yYg1Lm)naQ
zO3Er4?5^(8B^epb{oU5ed3Bv-jqOsavOKr2*SMs#EYp*p>-O}|t1p8+Z)l^=vt-K<
z6`NI-{4pG|H1Rx3F1y2}xP7WccKPh67btC)!+}|&sQBDAQTEw<wob3p<Lx}dPF1c_
z;j38M+}_?Qdz(D1J^3Bgb9?%hmn~7ctNS`CUGwX#1!Yy$`AS(AU)^7kTUpTVD}(Ge
z$FgJ1uq!r2RQzW4jD%1Ff)YX{l_bgGLy^c1i_PanHFXOfi`OCAoF2PVK$-Ql^?Ey-
zea&9a8J61S^;zrNZ6%$JrSs<r?&j9zjykcbySL3#RJLlaqpPnhHzT9CciCXIZ-ta=
zb1F-GxtV!w?ed)NrOvkHT^a87)=L$_njy<p*{1r<x(lD8Td*oV2Qnqt1yl)}AX*$g
zt7>t$?6MCPTa`p-r?bt|-Wv4yXLxKXs}~06_RGEVT@A(g6)T&3^D}$Oy>ok4E?rsN
z)KcGAl;`MQTD;0@U9vKNX>mc*T)EAPJlg&jJW4ivW;TC3gFHIUTaw@sTwc{CS?pd1
z%F!ju7N^&w;6_03cwAnG<g&XxaNh~-guz0)y;donZ<B2ftJqjuR4M0`t2Vj8UR;-3
zTTxM^ROUDeYZ|KO%kv~TU#uvtD3fyX><yw=*H~U(TlZa(ldN{xq57xO$W@%5$v&h1
zg5Bm2Tn^P@w|Y_8ToS5&t-~c)>^{3HDPG*7*koU)w`=Jb$$4u^TbIpOE2|oowYFJ{
zGYU(rO&uBbWli!jSC8D9E7vH6P1Xj_@=mFGX;Ws&s!XBH3opE_jX$scQielPt%}1x
zjY5u4{b!xwNO23QOGOj(IZ;G5MMjU~vid9%8oAqN72R&x)zRZ>X?CA^jt%pa-W<tU
zTG+TWcUeVw<q~(bSM2dLOO>wWRsHr3SC>*Z*S9oJYR>oatEyM7Xll+7ilFx$?bNaC
zD3Tz{sy{}H>{!k}Hm9Q41)E~CNGft-b4ZfK;Xp6pusbBLLy%OT+wSr9jyU}^Pxpv}
z7HY)$(s@czePdO1Ws}rcpvpOwW!2^N^XhBV`8o6R%j)YL#SM9lgJ^PgTXkJSQ)6yH
znJCO}DynR#$<Mv?0ZJK)DBA_auMp%f*3ZbiIAWeYpGUE|6d$@}j}!T`p`&m(WsBG6
zlbjy6-D(xi@pndG_3HfQ`57In6g91>zPr`cTkgqo6jjx9s<yI~1s$#uHNSm%Uz;M?
zd(_5EPe;DucJ(;n;4y7x_&JX%Wk?P*E9-&dTHeh3Jk)BM`fw;UJ#_HLMkhl7?KhJD
zIGV6$!U;SPN-Zt;v6jTdQrRS^xf5Z?L?smb;3s>T2dj;uWUOl)(~jR8Mup87Noh5H
z4gS1D3dzk>33VIw0i8wvjQ&Vhp?irfWKVH>_^<S9L$rp&#tP$KH7hk;<fr6@ojI`u
zJ=tuOY9aoJk*v1e*@M3GY{>_6W!fK>hxIocpq5S7Ma4yu6(a+KY01bwFL+}a&6k#L
zBU7fNu~D(H#GgH)%iUgQYjD8X-x+ZGHqu1W;q*3QCYfNqmdFz<BPq|-qbX0&K?J|T
z@bYWP^+bDVt~?FrjY+LRk*LtgKR7d=j9K^f5;c|BU|6EEFhAcSU@ES_T>_;NE4(XE
zDMocn7G41BWNJL<Ca{SRwuYVzuNQD}@UfNJj}Uupl$F@w4I5QXWJs1NfjEMH#X^rv
zO-Ix{GL=JSjEd)PHfkb-DO3Sbp-!P@l9^-L4=R)ck-k!>3@|z<Zdg#M1j0GkC`Tso
zC&4>*DhfL7R3w=doHYS<*(p0Bziy`#sGCWdAjW}OHWL;&sC1G&yvae`Ku8vtXHp8L
z;J0Su8kWyQqO;(RnYiwpb4?*YWnsf?n3IJwbB9~AsK1i~W-6F#&Y@oY@wT{nZ5hRC
z2=N=kL#Th>BnL0d@DNRV292S9tYsn?IRmDpE@PIdmwMdG*yZrIRaA(XeKho4(+X2+
zuv8d2Sj6DE3H4+B8GQ!l-xc5B#R)QX2I$91PFomU7=JmTot4?t^I_^TLOZaI`nocu
zq0U-3-%*e+2)Xl=no4WFL#i#SQ0J=i3-ao7v8$@678CtCc=9Nf1jR?Gs+5MJT&b~G
zs?9CRttcvQ%(dp$$o1tyZe3GBUSm^1MTxDpa&C#-G>lU|%B+?hcF84TW@5K{L`?WG
z4Yj*v%=!hd%j>iWm=j<^+|fS6>1l0l>-Khak5q%l1W`$tA=+nHgS#AAvJ3m^w@isY
z1a)s1J@<yWgwC3v`BbC%lq@G-Yj2^f)L}-)?APV91MFWpnOn`B(q9)cF625xjB%pT
zZ+t(r+q6S7TQei*guM;0?kOgfEQA$LGn2GE+0Zzf5@Am^WrknQreZH?nT9t1%52I3
zQ&!MZVX;7kfRc?KDF>X{RQ3&Bv>6U&Q*$VPL@o%O^h{D1^ap0hUO_uZ9;{kH&mcuW
zy6Ae64~9;}=<lMVjKvo?#+^NMGzdL34Ucuv?~nqxshch$rSNVy?d1yDs5}Spr@@|X
zItG^Y(3416uqO$A*+ZvKC>nA4L)GWPL@-2@4}Z`@ClFE$VJqoGQUUTxIybgN7nKxA
z+DF1paMYra*wgF@-dDm;R?^a>(visIK0hS*dLh_f1;<y?=}6hwN2ijxqYk&ckIp6K
zu)Pm^s^R6;boB7=`sgZx1QYvd8!T9j;_2(B(?})UjtyiUEL=^;!595Fp$d{#(<+%C
zY^p}Y`*1L+4Whh(U^6@D6u5gW&4Fh%9S$F?p{J1=h*(Rfkow?^Xm}ymxnM0Fhp21T
z(gJB1WvX;7Jq~`imX;8j9iS88)Kd&MY#pE%5~3d_VdQk&fgSYY?<88SqRVMh9TriP
zaI@*dT+QXR<2FT7Rl8S~@Ku2b$J-cju*aK@TXS=v*JTc>@!4&<&1@0y6Q6F5?`~h@
zadvy-XPD#XUoskX9XIu7N3R`Y38FOGm0`0>R#o-WgxAy(-p}N4E~_VKXEuvXo#+at
zx=!3hNgm96C7;LP5mkq1#bDdc6b7@v^EiU6SPyhCFJ}rDGza0eu~ZKK-PA{B?O`4=
zRs0aCXp^a0ehh<`<?q1#OrL4cBieBzC^{`($$?3++m7k6*C$v!xG8kHTn=<39!i_3
z<us(0$M~klotaONWTyr5C#=PI1qrigNwIiTx1u<`f=y6-S}K!_OduMfcRIX2^lDy<
zTNZGFsGzJwryHNAqN=lOs@tx}B1Hugya@84hJ2`9sC|{nqkhS}r`yiXV*kRmbEo*H
z^>g%l4N-=j#%SXsruNVmObaz__;LVC!=X#y-Io}fw!02qdWwmI(5INmuy2r#fUKvO
z7<gllo_3}$1KxfbTcV$4(oj>wo?_C;f}pecPv+#JPM>#Ili|y!nRwC&R~}>}xcLxj
zb=|KStrqS*%uI*%hnPw5$zdiPjvQj_<O(2%nF84H43hxOc!x~fcbLh8$w#o^=wT)d
zK0m_5!Uu;K9?G6!Lb!!&RF0MSlVR~8W+GgBgwes;XP5|h><E(zk3PdBW0COPXP6np
z13RB#;$ij?CX+0Jwj)eA@dlex;3r3L{OZF98}Td?m$8_QnmU#E^F};VZ*y0(tGT7Q
zd)4_n-vv%^#q$il|H0y+#|aNS%OsH{qxSs4vnWXyL_f!v$x>MKA`=Y@D>!zz;W=c0
zxMAb-Oa^I&2e$LkaP)b`%6ZtR0;HP>J6~X?LfQ+Ao-7;fu6%)+iOg<(fl<lwQS{?s
ztRAp^9Q^AAMj<|!{vu<8dyk@UeJ?Wo1i8Qmp9QHAn6~a1&$1XZndAd6GdFKdRIx~<
zdL)m<5iH@^JT_D~+2OX>oeJu#=#{*x8xAheWhKfst6RYm7FLb0-zIu++lnO;iwmnr
zHm^^{T7(nK3w0L6R9#NDBwCz48&>#aG!ustt0->O>GX*{S&=<fSg}wiC(5!<m1Hbl
z2$F=<y}=OdR27TY>U8+f+y$@C3ePRn%}BH<4lE2JoE?n~{fXCVaXKZR#phM5STB;D
zf<uOsD|PXSqKf{|p<ofzD|&;5hdXNpt<UALS?wyCuul-6?MmIOD@3;}+C0HRq=-p?
z!>M5W_hHe`YLl!EpAV<o6`IxXQ;DW_36@NqZQVW2Hm!niE{Dr$aoIdbz!tPot2MY#
zhgWjCtagW62HhgvoJ6m~<x(8jFZgh{&5fSVr7B)ro~U|MACi@Quxt@B?Q_^<r#rak
z_Nj>E^tg~|yi-tC$hSjOR2$sCNSB@{TU8f29k0de^x|W12VJVui`7@fYL`52t4oxv
zdl&0=NI^#tu5H!eTf}dvTWN_t$vn>9#W}b?^H=HP43i9389p(3jK2<@W*Tn_kUwfR
zpqrS-u3gPWWhZE%BA-jsYSzQ5e6Eab?q{Pc*mz4E8?V*)N7e4NI5us{@>Oh<H9_kS
z840)NHjCc2MZp6C@TYukIz4h1R=`CYM-B}%kL)Bvmj#t_D(s73C&Tt|mV-yO^WktT
zg0-WoS~}VpIEpUna8PZ3dz8u0`_0X4RJBa}MX)o1odgvTtPxg+v*StosBzpE&V~eA
zv(Q>DgFX|jW?dLtN>-dR9uH}O<KwZZYqV)jB<mrqpdZKDN%yF=UNMf{bi)8)hp(Q%
zh7e=hnS5qs(NH~(odElza2=+J>@@f+icL4Rvr)B}@l=f&u`QYn4RWi81<|Yl?g@^)
zHkzGHI^e}<HkYg%T?3Lbz=>!aHhUs#K{i_^vN@!0Oy{)|Ssvb;$flD{;3ly#WYuue
zB=#+W{A**_WT0c&Xvm3SQ<3}S!C$N4l~^_k?v6pc9(W^$oenPt$Hc_4nWPuWW7!0<
zc67`&!TXi4FP2Rr1Hq;&vA&OuN=P7A_l!8fF^_o6?cfD&aAyS`rr{^BX6T&4J`9@&
zF#GvsAr}TmujMn~)C4vRe)SUi-<z%?VS#(-3DIMaf+`YxJ=W}rPfgwXk<N^-Hw65K
z9azlvhn&w7)C>_*95nhZ%h^DJ>a+?1zDW?U{2eTCqwn$Hu?V*!+ud%P-7b3s$Z26G
ze#iW(b~X~$wXouM^lfZo)8NAvHsw3|&dy_CPAi-99RqN33Ov^OokU0a45&uqMC;ki
z=iG`eK&D|{8=Ejrlr9;D7}ej^{*N}cW}GNqG9F=bzpMSWcGmtK?ZY3ov-ea6>zSj8
z*;)1sQ?QD0X$E$-JLLPj_21vkU)()-A#v{F{tLU=3%W0ntnPyDOC-vCNB1CRy=Rw3
zU(kPvfT{2AzA$sWWOmS96Vr_v{2BXsXo}fyTIwTs?g&c<IfUm+>gr32=GGJoIb}5s
zg^gwTxk_G5eMxz3y;xmWAvRQ3R+KdsH<ac}HFa`nZAoc~S};$puBoppo{z8U1n$yj
zr=TqfHk+tDV5W6p!@8H*$4qm6ES&?#*`H<pAj5pZ#O0<3*B`>L8ir-MnPa*ub<gvw
z^~w6*hg@YyHXJuRXq;g@6543`h2~?;CJa=`G3$%{A#7Asly<0f#4$CuI+u7yE}B5_
zHT5LQ>kozOJT8gc5In6n9@gb@MmQSI>R@XgHwoWBpV)%2{rX_1!?eM&7Rzf6?WV2~
zG<d3*n*enMTof4^4FNGFT-fjp1zd#|9b<M0mjG-rmk61q+_d1`2yz&h%h1gY6m#KZ
z5Ox%E#qh^cF8tq%l3}A!68+z0!|r!Q>2k6L4r9<JR|RACWH1(R(~SSe)-(;iE#~HE
z{hFXCipa*%@U**xE7ST3{G)`+C!5Z-86mWk)5D@tE<@|r!nLJb8QDCh_jD;jP*7Bc
z+;16`_AQ%uKJXdl`PYtP=YV4tWf-Q)xy9POVH`#S+I*mc3kf~%bWwvH_+G~jF$3IN
z7dBflZ3KSsqGr3pYPSu4KFCFOkbT33kGKy_x?eP)4&FX|`ZQ+{$o<0xfp?q8UC@!u
zmoRq*-yy&&-*P!tI;g6V+A0k{mp`Ph(|;H;V9*(UVoVBMf!nR=rt7$S*iPM-x(?<g
zdOh_vm8h-4@?Wf$_E-C(;iIegdF0k}xrZL!9OA=Z!VsQPMb!+0)mP))T|@k2Jj8Km
zh_4`fMg^6&fv>?z@4yB=pX|PP`X?KB!5E2&Tefy6c2s{~8R92G@zwk!vTIbL2>dTH
z9@?+rXOLUQ06cpQUqCT_-1ThdWpZ<nS{2pn9|vSRFOZ)F|Bivm?R+Y|UiF8=Gu!xN
z^3&lH+jtY9{c-*<$js$ra?=PRo;YD(Fqf;+clznz!BMT>1mY$>64qB@N>I9ykAsIR
zxoL!f@Qn!jMI{#te+ahX-FXXQU`H88LsJzuj_9DZikk_pO*m*%6=#CqS7A!&H~QHi
zgabYfc33v@MtHP@iyWP}eIq}P<8U*G^pi*FKd})dv13$}_f>K_zy>{#O?(QTI4PgQ
zrG>V4HFvjnt{OSFso6PZ<kC5u0k&=8rxX1s*I}D^V|cJUICjQ$V`kt0`^3vSr(twX
z62a5HOg?8OKN<B+GxCwhYg_n<7r3RFc$Vg}9xR$#j?#T4mrEuv3S!LTG7Z7Qg<8{6
zylU<nHq7A{naCZ`QpJ~%y~B@G@x{V{9sIB3CgxNW<jt$dX`F9wEVdU|bJB=TLu3oD
z9eI}&X027q9JPgc`L?-r`L(%o58ThcX-c|yk~V^}@Rtld$m`5m4{A)iLca*DHoj`K
z8IJvXXI|02cfkF}`Tu`{_5c0}R@ildZ!*o?G4s`V?yElyy1prz1;8%W+nH6GuQdyH
z=3p)3BYad7AC7-5;TxC^r#|9)$MaLT-y44Yi!b~Mjx(ooEfie+F&|(D?ikcOF!wJo
z^%H&<7k=lSS<#OiuZ3qm;qkQaOZW6s|C|;MssG|DxQTyFdMz>6b`l2uh49H&{v%tR
zvStg!e#-Z9@mG?sgjo3`{OnVHH)o#hd%=>JIt00&A!fp>Ggv8k_%`_4XNVakHPYr)
z_x%=1KS#{z|MlL7Gk?D?8g_q<n3>;bugJ@!%3=0N#GIP3+Mdx}I2j&4iI^!>_pY_K
zZ~GItzX)Qo4|qlWp=98{L`?3T*Fy};Ehbq0C1PrCz4tVAUy29^zeLOlAJ0xVPuV;R
z7JY@7bcg9ZowDXGc>62FRBqnTQ{Mg9>oD{+V$O7XkIqYc>Q^xR6k_V_E!NP=Z;r#(
zQ+!2aT-^I>(gG3p_+t{z9&X0U`ae(co4J{$&u_1}?~}j4z&A*M|I4-;jc<I}2B*G3
z0^?3knmXym`e)#_Z;?RS>7S<0x+z2tC8v=<R`#q{<~MA50`{E_GX41HUsA6%KD}T6
z$zm?0#e1C{p7O$1i}eWkQCpYs@3tAx=hW}!=%lHiGA~|#0^(fyU0i&NwOA0x-w20X
z`X(-UNxW4}J#`NxyY=|I(u&#=vcL*!+<M^RUJki2ebZgPgUKGmOik~5&vE-*d2o{l
zF?GIf3-{S;e}Fk&#7y|j$tEe{-~;eiFJkKN{K<!*A5afMu@5n0H}3bQHk{f9xA+h<
z_UojY)Guw>khKIclb$~z+5TR63?5s8m?3p9d~7=Qk6~~wMNHvKVMYFquwB45Bj#-D
zk>>iyvcu5ajF|CvZ+=$TlJXEd(TtcGw<=%c6i<8#7A`}~jD1s1<kWsK8Qxr`-#uZ{
zSH)7&Z=PS}Psl&>6w-pnzo%|Ug#F9)EnL`<Z|SJP=NL$72~v5k#8dw_O#^IhK`PU~
zZ9SDGY8Jz>7No-8Ty)ad?Kubotw@EdnsQgjttTIaQ?1DPjQ&1<^*eX&huhka^T<P$
zN2m1Px)Dm+5p#0=qAk;k;ugTZcEpTX^xC-OM;8tr=+NuJW-ri~_L)jTZ!?}U4xoqK
zY)A=NuYXH_CI2M943D+B*k7@;bh~sV%zI1@{Zl%IT1%y9599yjoU_|2)*)*l;cv&A
z2A4hyU#&yd6yg0}l)V%29`yNxLN)x?PfdMUw?o`|WNqAo-|8k=p5x%qdSp!~U;5j;
zUFnUGd=;`bIqtTuq%WgcSaTI(nin1YgQe!g5tuxLnB=u@p4aX?^*-D*gqTT(ZjZ9P
zJ2(&KY(UJJSIpTxZ(>s){B;9jX8k6xvo^x^EhaAdN_OD-f|3E+0=Ha^kkR8xPfdMD
zeg?9xLCARjy<ZDeDe3UoH3%8|ZQH%6-@G&poEs5x#_5oyH8<v^0lNtyCn}kf6UyG)
z3eB64&GdUV4$j`X<<IcMCd7<!|K{=JCyvj6g`4%g6Q&KFcwPRm>aah-ea>a!>zTAW
z^@(8IqHkqa9^o~2Jg^tmZ$T>dCsVJj>ePJ&DO-_B^1@r4YRtXAg3VizN^Je-+f&Cs
zc|9E4id2Y>f1k9yaW@QXL(cUUu_`pXfP+)pkn_j~-+Fk;;+JlK+pa}S>&@DT;yFk6
zL&<i;%+A|!Rm0Bbs$t)D#Iz^vAFBLW<_8CM=$my(s@vtp_Xv_j#=0TC_i=l%UTAe&
z6f8t~CAZCE_sOe<uf0M42+tW(4Aq8y!);KxM?YN~a(cLbkA71K+;O))6{x%Qw+Fg5
zqz-?1xBllMmlk%%<5{Ict#I2r$PQ)8$)(p^u>eYrAv=k4{O!`ghh^Az4B44r{Z@>_
Hf8Y8auCqq}

delta 12951
zcmeHtcX$(5*0-)^Ml&N>mW^#}gN=o4im_#nW=7Hs)pGB>CxNJfDK_9nwGl0aP!%|V
zfFX?}o4SPHO@)0^-t>^oZjvVrLJF{fB)i#ncT<*pN45zN$d)(H_dMSppPomf(Y@#X
z?z!ilbMCq4-c|cDRvk&-GCFdOMx%KUzvn;Ow`NF=IU37}aSRr*ruRb?J5Ar2{%ZP@
z>5S>5>4fQhehoK+y^YoAWafJMQ)-3wq_&vcpm{eKY0jep88Pr}kYtmQ!A0yS_+ST#
zfu}an=3oSqsGSxKN!v(q(5&U4Xb}mA-fd(w91M~??dT{7Y$eX%16nRPQJV-)ZzFmL
z3z7`&h!N1%N2Zgg;8<-vi468=?ZMyDsROfmiIHf{5y9hBE{O!^BJ2tAV&LdXBI*Na
zCN_4)3=(h!d$ps2M=2WKTS4MU#2{Oym84o*93ISK%7Y*1E-(`o?9=hVDke7gG&7YL
zgWoYZ!G&yyqo_~~JhYss+R<SlR^!03oP=l%!54HfNIMq03DHC>Cw6MJ(-54@+JjDh
zG!`0zx3HfQeXy5PiQz|1!-7}y986hC(x|{FK4|1+BtfBJaT(#@l^&8t_zTn!yM&CT
zR*z(Zar#uk4N`8T*x*e4?}#pFHRKZ(tR>XQ;6_6UVPIw#PJ#~hc9Hp7GYwC4l3Xku
zCWwNCo%ruKK7!}M(g_8oP82a6B2Nz06>B+d@GYYQvKQe@ri4!;B<Knki53noB4+3-
z;<(_G;c>zDP5Mzis3O<+@ljNZ4|xVY;?waF7j-}|T&q5KUVFk;8s0Vt`UCnX{%QVd
z?ht2Ux9a|^+oPMpY^T4V7gBFfE2vT0PVy?L)I6+Nh59tZBGe-iet22&dnC8lW3hRB
zev2%*-4>U}gKsXM+wWIAZrSGu9@qk0;&Z7B(jM693s!IK=Ei(H>2&&Z?pW~kt$VpC
zObl1EZ@>`j-qz1W&p9}dux-cAU_!8kGuECvHsYR_m0)kMoJ)Ou(VwO3fA?7M%^*Za
zJ(+ZH^uBMhR*ckZ>NV2XSv1WB`|eK--hOid7x@g6ANRrUEy1sD-piTBiN+Xt#IYc3
z@8?L#>8Hr+g;RplcC>K9rjl23znwD>+`FTki<tAw*CW3fQ5XEn4&ainig-wfkG(1w
zgl<m$c;<U0hB3Zi<SlzS{;$t|X#6^APw+Rl^mDp=isAm7o*bOHvxQ54`N8L>Rb3Sm
zJhHQVB%iFNg}t~&4I~&0gZu>&kwN(Nd-~L1;VvH+{Zv+VBKO|m;DKG;9M^WYY<MlP
zC@9>zm$RgNzF~$~{9nPhZ|&#CDDnrBDjuE_T)Df2OG`;=Q(>Dwcx-n$$IkCwtM}e@
zCMfTLXzLfxzL9_Oc;gECB4M~5N)1x|1sv<1vqayp%^9rj-^)!nvTmH?Zu6_bzxVfZ
zu{G<<&HJBZg8h4|6YmYF%iYcR*f#|qdlR+zB&Ij<sk!fwuzfF?m|sn#>Pc``f9fMY
zJj5IspjVOaO^5aoIwCVlTddI*Yd@yi=uz}j%zRxGo5Akl9NhDIz5X6Uaac^)Z;jsY
zS55Blt)}XW9a7@ZpV%v@@l+~sskTqmrVUv{7@b>_@2tx=*9HE=mKWJl3BLa`^P8m2
zxY%45{M4F@u4wc}wezp+BT~>SUF=IrsX*Azx}J3MQ$O{|zv17ME4#+Y<ez)gDg3{3
z$~EYpui(z*OWl4rAs4L)wN&8e7LW9)M%1b}O}j?ZPO`{{+I4gW{W3FC$Lro_UF_>z
z9rs^+E&qo8Yr{2$m%<9dUNI`hb;f^$*P5zLx1q*JRN!aVtbAN*es-lx9SQf|O!7(W
zMgBWtJDGt6RojV3Mh&dlPC5t|$HrDlB#;ZjEhHXVfEXbaNEEJ$ZMUE&#)2taJR4hx
zG|~`F*-l&(4u@zGhG+&0&H<T3MnT#wBo7=wQeew1B$pe_#?F(-YSWJ`M}ui6wj49W
zm9mqxA<Er5Nh(Q#8Kc;daAGGZB8iZ`3)dd=5Y^mWD7rDQYZp?Dg~PkZOqjHbM1bX1
zG74E7Tz9Xz6=}?{@m7+7eed2xkAlOSX#*U)l}y7%iMxrFqz;izI>Cg&!rdet+wR^?
z#*lFXPwXc6Nr9*KkcnhGRQKcJdM@;y3KRN~kqM!q9OF1#(340YrM1oLTLN$Nqrl$Z
zL(<`se(ZHTMD8V4s0x){wU<mDIf0Fhi6H?;r^`Lxx43=iI|=UFOX^3LPSnLF#gIjV
zNTIq}ZLS4_MCn6J{yLi)L(<@AHkCj!;A}S4LMB0xlQI(vv^pu<$n-(<^+V`g9lph(
zZ|1;3C$*jI7fAO0Y!Y!$+w=E6pQ5TRx7BZPxn#FRw%R=wx83Kmc>SW)ued#mUv|5@
zmbT4zEuQU5Z}auEFP^=)-QC_<VlA=C6=k9<ifT<ugCyh^mbKKj6ckC0igK~0x<Dw-
zYigA0D@z?UP5ElMTwPz^oKu-wSXkO9s8Wq6SZx-eShQG0vuK?xIwo6{Osgb_su)Nz
zglp<0O~A-$IG*F2Hbt@vqRnCPdK9lk_KAwc?RGmXHizPHt1eZx+El1EQBi#@Ekcu{
z+$ooo=ax1$=Qh_Vj+RoTuA#9~cI4z%Ry8|Y8YQP(@5rrdC@svb%Bij?ZEmV>ah4Ux
zwYhoX5LZ88O0X%atw(Rv)F)}OI4g3*Iqle|%_k`qyHB-QWWQ{+xV*k_8J{+n%VD>w
zUb_m%zR}wHE*hVp*hQ-pF!MORu>mHH*B}<>6ePb_vO7eJ*NYF?YZojotIcQex)r-%
zwR)_I*VW$D+0p9tq4-lpSE^M^U0B-P>dvYaT0QNxnN@D5GTXhZF|(pZaW%=6752t5
zTTgfALciPCu`svR?<j0qBsJz|!oF{{u@_jfWm**pI|(Fk$Wr_TmTXqH;BqO7MX|e7
zi|mk5FZ>G5nBD7lyFFG>^~sBUION5{?36dnQ#yOHI;Hldol=d{UNNU6&+1!Hu%M;K
zUB0BtspQP9w-z@no?AC(3Geb{7MCq(&U3+x?=EIX&QwH)B8UMqJ1im8fRKdTlGSB*
z*d%1fiy9!Q4vXUT`Ym?5-!BNVOR`(-U2WaI#jXBUpLdugY5t<7CYw?_r>ZH}*V!?<
zrF%)M)a9<I_DZ!49yzbLbwRtDS=7{5n^iQwcFDZid17~YWm~%~yK|1KZC*#Fr+vZY
z3L$68Hd(T(0kiJXS@g-OBuF;F;zM<?$ac|&TIvuiHowOzyX<Z^>cnDKo40*I$QXxt
zRBVfK`U-K_-JK<s)r%|hXO}nk6m%`fU*>ADRW1<Zn)&rrO3kwNg)Ixk*-Ms{Hx(5&
zENE+&{{@eNsw$!wNM?{n^&(61c|=(j-4>hAjXVlgl&D~GSuHlJ>X58{yXaE{c*sPJ
z>=P^G+I)x7)Kb+X<*Uw;qTI@Y@*I0vjjh2cNe)#iS1OvDOT<R8sIj!VuD+_dMim_O
zRYG%FRcS$s<4TefR6(`d1CwavDk;Fs7}kHU*XNQ1huz|Ehi2DrN6FPYT&_^?Y;#!M
zs@-k3`WO2;=3FGXg4t~y_40hNbdg70D&=_#=j6^+D>LVp3MEo|O<RpPFH<R)U0k{>
zzr|K+UAi<kvubuGyz&oi@&)ymG98j=Q-#2I3OPdcpEk^q+bxPVS+QIE-jJNUvViJu
z^IHVB-KGdQ%`Q<`*yWzz>KUHLuEyMk+4I_amiE-;=CwC3t?Xz}y<JLYW_!ncVP39K
z(VSzSSJaa$&8`&qTBR$uWO0+%2i@niV=rb$a@g!vTOdJ;>{u>Ln;^PGx9E3U6xppH
zJ2+vgUqyf6_c^SnUW!#jQ|umGOVYiagATf}OsXr*DXy**8mk>S`LeyXzNp1!&#9{|
zY{;=T7ph7{MRSALoZshEs^q4;mX>@WKR2hbv{)%^D5`bJmrtOSiCzj7C15AWUt)l<
z@zx>pv@0&FAlNKEpWBM6?-ebo*X^-*1zGeu9J1=R`_J<?EHFo_wWdv3R9lppUf9(%
zTQ0E9EuNFv)tX=DDN~lY3+!`hZ5{S*Z*y12k~!r|yq&(5veryE@`E-j@<)#<WeS2Q
zNa8_?H#1|yCDZK#;bv-5c;7Ewox<|zfRX&KR}*%4If17$sX6(-)RLG)Y6b~uZal2b
zqEhnz?V0_ViPgqZHa;ZD==}l}aj1%-Bc?}_eHyZle5=jX2DN{t3h6tUam*fFt?qAJ
zHTQeI*^p?sGi+LTWB6;PnWnj#SG94Py3m#gKLO)(XbaG4M9%PLq_`q4zsX!Hz@9uR
zkx1}F9_7H;=j%LbB4umJfYMwn&KinjdUL7q7_@BKg1HX?4(C#4?Z2YPB$+TB>ESP1
zFb+-5qedgx^gL=T5#icAYAWJf-Z8NaB;->fL7K_}N+Nb3g;XN!E1<HF!=nY1Krk*X
zqzZ`)#f6lUC`0`1E2L%;8~jj6P1#XM4QFDiil`byxTA>5G)_Lh19Rq-<-@flR4hEc
ziB5sIV(Jrw{6{f%HYJqTs6fb7C6rw^b+83YE1^b1e+k9Hhb1Tj6_`>g!#M2{xWnbt
z$U(S)o>Hoskje038D)n<C6o#J*3deLE~lm-d{sFPdj>38Lq~(VoEimBlv5Tm6;78^
z86<mPWCis{qV1Xn>sQfM;tbIxL1BO%PljfW<O~&U2+(2hW`LfASmy%t3>a8No8g+(
zboQZZskeW*RV`mxO0gP30>(%K^`9G8-=(n{qG^ZG80weW7=n>uFfH{n29|cY@BA4H
z8#vca8O-dW@Q+N7nbIDKG`|tvSIFSF3H3`o6FrRcpNg;Vr=c!24D?GSr!5E#jQ=^I
zotN3z3k%NA2<^~5>br`Ga&4tjTvJ$@TT$0gqR8bf_4dj-xxs2HDU$MPOUf(NoZ6hq
z0xKN;k{Sm^Us9D5Z54TyRk^a%B$XEy*@~O0i^U3COOcxERGN!gikqxrc|&DORlxu@
z`6{bg^@xJ%cKa;2q}nkC5?vOz%@>N?MT|ZLyUXJi7W)>qPj-11w6=BnIyyVs=lR-x
zTn;6(AWXJOlWn+P5ha_|e#lI}Z%X}lVD}4jRcPzAV<BPeT8l<&(LO^p&^wqs=J#wk
z+s!`58MvGD$@<$3$%gyG?lndlmxj}(E#Z%t(o8$i*ZM1A^hSCjyt09ghpRWzytcCr
zW}RR%Ni(#6%#4P6PcSAb5S0!4R?}19?f^X&o?cBGfnP&spyk`w(34@>YP9MtYiI@S
z{>3%)*#D4TF&13nq{w<Y4)(31X_&N@{*dGXzm6^>g;2eY_HlV^Y_3WI=@7AwPJnmU
z(W6LlsAe3DT2E(;%pcsRuB{%7TsnQO1)*=rz}4&N6haDM)pc|#DTTYPqjM4qb+O}O
zNc-TPI7BsTaAVwxfq`p58PM0$VocHCw%K!mB(!aYeb*s>p6ls&?0Mz&bQ-A`a_vuE
zPv?*l_~Ck#OeJLBM8^%}-9T3o?C|CrX_-{Ps~gZyp1P4vCuI=50gI}Kiso#<Cgrew
z1MPqpZbV_8*+7d3n{*RxCbc1`cM<WDi5ib^YjEaBeF!2Brf$MC=qnrPB*Z+kkrqh9
z5L1tDq(?yBCWNbjo=rIV#sN%Mc!{>H7H<29i3jck6GfVaCfjj>8GmRW{p1&^R+r6h
zlN^4F7sGqhX&-LfygrN<?H*Z`MUUI>k>U6z#@aWhE5nRi?gF3N9Mb6XdvBZBBH$-E
z!<^jNKFjOs^d(O=C)Zs@Ee`I~&r`4b(I`Z-)jm{}X_Kw8LkiG@*VGd}z&JUKoE5Y=
z+-3OUG1VYTq7OO4-JEO{eOATov&n81?%m83U}$#%M^db^a%c;4G)uU+co1HjNICf{
z_CD0=2=j=k{NIs^b^=w;U&P?g@^|Pcv&7UV`n`V1<5Ml7fLRh*^|&l9#p*%fdF(#H
z>vDNS52el0avD<4<5H(rJhI#6a@p}Tz=5GL?&~dzBKj?o!!Fol+3FR&iWY;A!3IP_
z^lrhU;&#z)QSEq|AiLali(8N-Oa{0e{uwT-1J4pX6cx%GMv+%E<P~j>_5c;nG%)9M
z_p^2Ehul2g%0Hx!F{}^Mgk5Kx5dNX5J^U3@yQW%GzSS8O6Ub?0V_h~9SROJIgrV0?
zZiELuW<>qf!-jpiQ%Og~Mg7Zw(I=P$_~Hb^Lh8qi8Pzs>6`ckfv6S!XYV{_YEB{xG
z;l_`dWHQ7Cxq9IE#|*DUHP1fDq(RhY%qTeaF~foFGv;cpnT>76d}Aa0=~J|aZ$D#3
zfN~m*Vish6#w3Rd@<~gmWiD7gLyjLh$tc`aY^)O-O&DsFbehpY_$ej|-u{e9fx*8e
zr<e)c)#$E}EPaUV^;0;^oguO{Cy@;QW|3>)hf_=$j6H>njl*ss>?D&2cb;aFF!A{8
zX%vYUK0VD`jqK$7kr_vPLw3FLk4!qb7ViBc68Pb(vrOE;i9a%SLR=7k2Hp2;_$Z2v
zgKN()5^=-LXBd&p87ew<hM7V<F#0UxAg#lmYca0}EFS@D&mx8wo;b_MWbOdM1_<_e
zJdzy?>y9IHiP0=a=7oS#;CEj#nN%R$4+}@IQ{l_AD9=+-Yyun|!Db%%irIZrs?Dv4
zUJ<p~C#q<scxq))QRytI$1aK<k0`kW5ss|TO-*&%FfVBHp=x4Q1Jgse7j?TZ;enpV
z?ZVWDgi9-!SL!UOZV9)ms#UN!WH0JJIwXr?vnm!r^}B4iW%Q|%4Hm7`*-|A;Nw~d!
zJVA4yeaUWzjJ^9Y!=|_$s>3DuWKo5eR_Z3FI=mj)g<D~Z-{<$C5!!5+zVwL}(WSaQ
zg5NE81s_c8)g`AQV{XYNp{GITW|2KE+{Y_uf?f$%Zm+}T^(t;?>(x!WN)T{EjR`Kr
zFJT_k?!^?Gr1&f$?}V8Ymm39Rr&$d@mT2l{V=~m$*4gE1)A~ix<+m!>x8TRrog`yw
z66Iv^dwdSbCm`R7A9Q`X>{Qj}_DMc;dLnud93Fxz9v`NMM2E-f61|eoV~4qY$h6z)
z!u*QIZBb=Ramfw=ow-MJSUjSN$yk?P^ocHbxKEdn>b3i2)u*~GUPlPi<?`c%s4@x{
zy^EqM4zJ&}f0b^_elu&vn1jxY)PADTenR1jNPocG&Ti(CxR>}=J%gU2HS8T@iSgd>
zFw+iW75RqzkLLGy!hokUIj!(*G%D1uqS+V_V%TWXevumPjb>ZO+z>?x9FJm$cSui$
zG!&~0kUfHBp*w~xLNz=b!zyIap!P$=NcILQV4jU91#AvH_$8AHv!mFlsP(A5Q{ny*
zY-*^jg--jw!@vMCa4RA6;r>{58tE9awd3)u5lnGx23Y`8<Jbbyc~SYSIIKJ#!Rp}4
z(C9voVZ-2!I5vi~!O1ur!|7OdJXFTBcCMX`EybW`3VacV_H{NMrSfJho?fhuLkj#W
zk6FmZCMJ^WatGs{`R%iPZJmpkp8xF`z_X6`2}&v<ft^5>z(WaaEL@eqrjf<4F7&fB
zRFsEY|0RK)1i1<5Irv26?r=16SDeTuAmjc-wD|`^Rkz_A>4N7H*>PmW5SVrhJC4VA
zGd3lKtg8oM3_F^v4DK_<!_&DO3-iaYe}K)K>2N%7=QCkT5-W0Pb9&fVO9}x)B%4fn
zLn>f~%1G8s^aDg7R5l)jvfYLYE4Z5JP;8Q@z=jQMFvadyZ3;%&xPD@QVpDw<w~7bl
zs@E#oRkT7?^@H;!HvS6jD>tL!t-6V|UZL*#O>8=xy@{Q8g}U?Y7|7npI<G*0jVHq6
z8?V^uU|rZIHg<%doR3L<9ML7nG}LZlQ$`4m%g7L;`by=WZ(?gk2=>e95jN*a<#%jm
zl`E7FoZZYmP=V>g;gIP(dtqZRe{p$ibiUf~&#U$Syqf=Mb>C3jcOISlY5k?u?8ViW
zOICMD^<@%eu29{FCr9Tyr!T3$Ou*DXuf8OvynK2>5f{N-*x*JC--kbsj4`h^&Guom
zi<vOuBz$3s!_j0dDG+K!wbt3#BoxV3r&#W+FLmY=iltIxWo2=>wIQ!UsL89Xs%loN
z8f_)T1?8AfudBA@D%|B$r(_C}L$NB_gWM5Q_Al+=Py}~t*1u(tPtV|T_E&Mj4uPXH
z!{`DHT|hs}SlN%bjr>&plzxLDH{28cj;YnuPG3W7sXM8u+Sjz{ny)lHTb(26fIgrD
z{R%#v>JFIT`)*z!Fyv74d+<FRx_kHuWXI5gaHxm>7LS*Iy@a=s?L!O9_e=OXYF;1=
zw)gQ9;O1UF2JY_TO>n%AH&ecV0W5v|I1+?E_43g$yAS)hDxingdvTH87AjP!rT`C}
zy}X%h9U{87mk(oCEWwjnbYwS0u<4`^_C(@EFiQa^!oo;49+nhvQLsCb9S!>nxCvw#
zyjFnMq5=?6&Lu)b8D|&}3b}GESq{C$Tp?LKG@#98oDtgdxasI&AI#&5$eN4F%S*U$
z*k8hlWM!yP3jCvlOC@VBqQC+pG%UvfhI)X`QZAC~#j|%+i)ZiF5-tILRmzQp;yiAA
z=uHpbm2#QLdwLmH3V+SxA~79;@f>ndM>OzB8JAA3A3%=3(&`rn2pell*WwJgmSG3&
zOZjMW!;gJ4aNAOx1TFk&8J_^3F69%+jTcp#m+>lIziL^=PXSXoHyAQThWcTkYZ)IA
z8dVIugSh*%Y4f3doFV*zpGB>8*j3dI2@i7bUs^0UWC!pM{iN8AfuTC^*N3>6h2)-r
zFf)JFq`SQd?d-OJAF}u`fjlq}b}jEQk^Qi+oiAqY3T5fxjZEHYq(j$qw5HH~LCyUG
zVXOFACUPgt-^`biI|hEUnJ*GDLiRg?I-}u?Tt7daKd8?)Y&Dz-D+xPbG#j4@KWFM;
z=joD|W%O^UGnleFLKy<pffzP+_6+T67P30{Bv`tbw~+oHqn~*s8YXt|<z&y0#5Q&C
zH6#i?>frOp?jNZ}L47A``v_Ry$<H9S4r%*`o&48aBpX{kK^v%r<=wm)zUktlU{4R;
zxf{HDI2b}@bo2R?F+hiAM};*@kq6^)eo$4?IR^JMIIk0i=Cyx0KMJ(VkOJTIP*;i*
z^Vj8k6kf7J6I5V(sLHj1x5HP<_(b?>1;UJ4&S!<*lz5Jfjg8f=T`(Asv@USX_6<HX
zTLzpfc}$yMW=7-i{^JEpn}YWSe`1Ulaz(qP14%e%KecjtwIgtuJNVm`+=hh?Fo6i@
z>_#_n%aGVnNT~nOYy^DV&5t~EgnuR}zOcBeuBkRp%*n6KsjVq3PbWGJu~~TS;JHVH
zSSl74l$X}mOSu)Ls-yDIasEBixSuxCMo||2GSaVjoq6iR8dHDx-@~hoZyM#WWB=LJ
zK@6+g;6Q}_|KA1tfA=mR^e5?C$^>IWbZ-8Kr$Vk{jOH4R={{3&_#MXYjlE$Xh20c3
z$*@-cfqoW$grCRroQHjqovz!fD`8GCIrOb`BGpT!Y5!Y0mMqhJueoNc6En7Eob(Zg
z+zUpDH@pnrnf2Y#Hcop@$@JDo1F7op4M__P>&EJXoayX_<dJ2YcR*6IzMs?1e04Wf
zy*?YBOV+n=V{YTWnDkL+IZQ~=mviItSf8AsZ-Eslh|kP?V>i3@un|V5>btoN+mXZ5
zK6&>}*qN%|%VpkKb+@x@;c3VohnQm?{bbvubNl`9**L`1e>6#FnlkwhP&6JfwVjWB
zN-cDBz@G7l8Jjb$!Myp)B`|dYVvc_y?ySAEAr2m&fS99CPRp7Qas7MXnuwSg4KvH9
zk66n9n}(R?;@~!m^x95nO+!rn)s7<LW0TLp(`kq~<u7A)*M2$E2-i$P%-DGrr}@Ph
zSHXLe5K~+5HAe|!4X`>LG1Kq)ZPv7;&i7y<4wBRSPw#`I@z*VIV}`ywX2v(?-fP}!
z-5D5_a{h)XMZuX2{f)ZGf61!30WWb|5I%Ec^up|Ql}F)w3&I;ZPA`by9uVP<OoW$C
z|1hQKfpce|I1Aw?e|yjBnr%r5a9<X(Jm%dO`qIVHPY((DKVQoU8C?yzix!Q5Z?_<(
zG5MKKM|h4IVaZm+oLW5l!#e-7d+-W5VhYly_vJ2sFBzWOhM0yUpS~5*+4*;v5Jb$(
zHA`P}j_Ij|6+sk3d``{RDObOH9gMyiG3DL^PZalB=EKgL5!3PFl)Eb8A3F)z+Yxho
z*Sit6cdW(m*>=PfUrt+Jn6RK8igqBT?#NmV-*H9*dv+iuKmMI3!e0Mgg{gp;h6kTa
zi@1uN503+4rhn6Y)wC^(`@nSzVrD*a;2o#yTNki95i|C8k7~!Z2)m(mCt^y*q`8Gl
zp1T>I-iesWC+5u)-rC`YYjz=Kn*FvH)B`7a;k{k@y(4WNxVhx%+q8j{yx~bm58Xo^
zdsiwPyj4G+o8Vsdr6Xm@DVVq$dkJ@~EsIW0+5<Q44oM>`xFY*r@&Fv$jlCo#Jz`DY
z_TTqG@1Bq}l!@DmN6)9=`#s3H*>zx!r9L<l?&wF()9gEn)C0fsLh)Y2v=^J-F8$%#
z=kWp^VorJM^S{+TzjEWDeR^F4=(gw^Vdlg7?OcShrgP*{BM09-jOdd_o$Z+X=e~Wg
z^w)?^|Mt24x_dra4dw%guDN&pZ!~8cWO)7nqQ{Ki_*UZXYtv!kBZw}4*Ey>s<E=5U
z@)6|Nx|%oUSMJY;goB7Vx_8-{@hd+ZfL#X>Q_n9w8g9%>0q3KLnaa%iMqF^_894bU
zVorb1lG%9VuKiGaNMFGoA6r_Y+pdNFLkJoD)$<LB)iL+Mv;l<FkBoaFe9V{g;fVo+
z%$NuNm@Z7o1ov+c(wcheOx~*nvA{iskYk0SFEhJe3BcUPkWH%d4{PYRo?Q!vA45#F
zzDBLen{gUuKCbT`$=q{w3j6s%A&~0%(d*!WMEX1WR0w}UzkrkGF=FBOlb6EkC$Jka
zasQcuv^6C#@k#6^VeU)kCcN<IOK{_p*p2kqedmhiHVSa;N$e)_yKA?`XFTqO-lvdt
z;rSCA@`~@+4BtP6tUJE`hoPc=dl%gCG-6H?{`TsW$d=Ec_%LE7z4=B~#-=~r1NR+9
z%n_FSTjCereA}TT`c~aI!R@uW1WZO+Z5~VvS}`|{_vpM9Nwwq69J|A1wX4eqHa)NZ
z4bK^V2%8vI9kvWAj_N0A!|oVZc2s|Z0W#j#-wD+F`m|ujU1<Z~ysy9A$|YJ03nqTJ
w<2$$`+|bX(pZr5uYTlM#L9xlu!cp_Di=|&qSr7M_3>f!Ey_hla(XzMy4}ZxB3jhEB