From dc78f389ef667055b96103b03799685f3bd0d85d Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 15:39:39 +0000 Subject: [PATCH 001/289] add or resize vms --- .../deployment/deploy_sre_apache_guacamole.md | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/docs/deployment/deploy_sre_apache_guacamole.md b/docs/deployment/deploy_sre_apache_guacamole.md index c273fa5e6b..bceb9584c6 100644 --- a/docs/deployment/deploy_sre_apache_guacamole.md +++ b/docs/deployment/deploy_sre_apache_guacamole.md @@ -32,7 +32,8 @@ PS> ./Deploy_SRE.ps1 -shmId -sreId -VMs - where `` is the {ref}`management environment ID ` for this SHM - where `` is the {ref}`secure research environment ID ` for this SRE -- where `` is a list of [Azure VM sizes](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) that you want to create. For example `'Standard_D2s_v3', 'default', 'Standard_NC6s_v3'`. If you are unsure of the appropriate VM sizes, run the script with a single `'default'` (resizing can be done after deployment via the Azure portal). +- where `` is a list of [Azure VM sizes](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) that you want to create. For example `'Standard_D2s_v3', 'default', 'Standard_NC6s_v3'`. If you are unsure of the appropriate VM sizes, run the script with a single `'default'`. +- Additional VMs can be added and existing ones can be resized after deployment. See {ref}`Adding and resizing VMs `. You will be prompted for credentials for: @@ -174,6 +175,26 @@ If you specify the same size more than once, you will create multiple SRDs of th +(add_resize_vm)= + +### (Optional) {{heavy_plus_sign}} Add a new SRD or resize an existing SRD's VM + +The `-VmSizes` parameter that you provided to the `Deploy_SRE.ps1` script determines how many SRDs are created and how large each one will be. + +- To add another SRD, follow the below instructions for Deploying SRDs +- The simplest way to resize a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) +- You can also use the below instructions for Deploying SRDs to resize the VM for an existing SRD, by taking care to set the `` to that of the existing VM (viewable in Azure), and by setting the `-Upgrade` and `-Force` flags + +
+Deploying SRDs + + +```{include} snippets/09_single_srd.partial.md +:relative-images: +``` + +
+ ## 4. {{microscope}} Test deployed SRE (deploy_sre_apache_guacamole_create_user_account)= From 8f56083321318b7a00d75b847556c049e3d7691e Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 15:43:06 +0000 Subject: [PATCH 002/289] better header --- docs/deployment/deploy_sre_apache_guacamole.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/deployment/deploy_sre_apache_guacamole.md b/docs/deployment/deploy_sre_apache_guacamole.md index bceb9584c6..dca288234a 100644 --- a/docs/deployment/deploy_sre_apache_guacamole.md +++ b/docs/deployment/deploy_sre_apache_guacamole.md @@ -33,7 +33,7 @@ PS> ./Deploy_SRE.ps1 -shmId -sreId -VMs - where `` is the {ref}`management environment ID ` for this SHM - where `` is the {ref}`secure research environment ID ` for this SRE - where `` is a list of [Azure VM sizes](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) that you want to create. For example `'Standard_D2s_v3', 'default', 'Standard_NC6s_v3'`. If you are unsure of the appropriate VM sizes, run the script with a single `'default'`. -- Additional VMs can be added and existing ones can be resized after deployment. See {ref}`Adding and resizing VMs `. +- VMs can be resized after deployment. See {ref}`Add a new Secure Research Desktop (SRD) or resize an existing SRD’s VM `. You will be prompted for credentials for: @@ -177,7 +177,7 @@ If you specify the same size more than once, you will create multiple SRDs of th (add_resize_vm)= -### (Optional) {{heavy_plus_sign}} Add a new SRD or resize an existing SRD's VM +### (Optional) {{heavy_plus_sign}} Add a new Secure Research Desktop (SRD) or resize an existing SRD’s VM The `-VmSizes` parameter that you provided to the `Deploy_SRE.ps1` script determines how many SRDs are created and how large each one will be. From 09df05b91f9434b1ac02ac4cc4f04936346230ad Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 15:54:04 +0000 Subject: [PATCH 003/289] remove space --- docs/deployment/deploy_sre_apache_guacamole.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/deployment/deploy_sre_apache_guacamole.md b/docs/deployment/deploy_sre_apache_guacamole.md index dca288234a..bd2df646da 100644 --- a/docs/deployment/deploy_sre_apache_guacamole.md +++ b/docs/deployment/deploy_sre_apache_guacamole.md @@ -188,7 +188,6 @@ The `-VmSizes` parameter that you provided to the `Deploy_SRE.ps1` script determ
Deploying SRDs - ```{include} snippets/09_single_srd.partial.md :relative-images: ``` From 88920f58d4fcc932c289c0e00b8fdd1e8c065a9b Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 16:28:02 +0000 Subject: [PATCH 004/289] rename title --- docs/roles/system_manager/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/roles/system_manager/index.md b/docs/roles/system_manager/index.md index 45056e34db..8bf48dcd4b 100644 --- a/docs/roles/system_manager/index.md +++ b/docs/roles/system_manager/index.md @@ -31,5 +31,5 @@ Typically these might be members of an institutional IT team. [Managing web applications](manage_webapps.md) : How to access virtual machines hosting web applications -[Removing deployed components](manage_deployments.md) -: Removing an SRE or a complete, deployment Data Safe Haven as an administrator. +[Managing Data Safe Haven deployments](manage_deployments.md) +: Managing, altering and removing an SRE or a complete deployment as a Data Safe Haven administrator. From a54244b5bf6ac8e7a42de84147667c1d5c220522 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 16:30:51 +0000 Subject: [PATCH 005/289] move doc --- .../deployment/deploy_sre_apache_guacamole.md | 19 ------------------- .../system_manager/manage_deployments.md | 19 +++++++++++++++++++ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/deployment/deploy_sre_apache_guacamole.md b/docs/deployment/deploy_sre_apache_guacamole.md index bd2df646da..456540493f 100644 --- a/docs/deployment/deploy_sre_apache_guacamole.md +++ b/docs/deployment/deploy_sre_apache_guacamole.md @@ -175,25 +175,6 @@ If you specify the same size more than once, you will create multiple SRDs of th
-(add_resize_vm)= - -### (Optional) {{heavy_plus_sign}} Add a new Secure Research Desktop (SRD) or resize an existing SRD’s VM - -The `-VmSizes` parameter that you provided to the `Deploy_SRE.ps1` script determines how many SRDs are created and how large each one will be. - -- To add another SRD, follow the below instructions for Deploying SRDs -- The simplest way to resize a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) -- You can also use the below instructions for Deploying SRDs to resize the VM for an existing SRD, by taking care to set the `` to that of the existing VM (viewable in Azure), and by setting the `-Upgrade` and `-Force` flags - -
-Deploying SRDs - -```{include} snippets/09_single_srd.partial.md -:relative-images: -``` - -
- ## 4. {{microscope}} Test deployed SRE (deploy_sre_apache_guacamole_create_user_account)= diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index a6ca4f866b..d262d2e8f7 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -6,6 +6,25 @@ This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it. ``` +(add_resize_vm)= + +## {{heavy_plus_sign}} Add a new Secure Research Desktop (SRD) or resize an existing SRD’s VM + +The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. + +- To add another SRD after deployment, follow the below instructions for Deploying SRDs +- The simplest way to resize a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) +- You can also use the below instructions for Deploying SRDs to resize the VM for an existing SRD, by taking care to set the `` to that of the existing VM (viewable in Azure), and by setting the `-Upgrade` and `-Force` flags + +
+Deploying SRDs + +```{include} snippets/09_single_srd.partial.md +:relative-images: +``` + +
+ ## {{fire}} Remove a single SRE In order to tear down an SRE, use the following procedure: From e82f7ee82f0361b29088160bbed1ed4cd5bab216 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 16:37:49 +0000 Subject: [PATCH 006/289] update for manager use --- .../system_manager/manage_deployments.md | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index d262d2e8f7..2c203593c7 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -12,18 +12,24 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. -- To add another SRD after deployment, follow the below instructions for Deploying SRDs -- The simplest way to resize a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) -- You can also use the below instructions for Deploying SRDs to resize the VM for an existing SRD, by taking care to set the `` to that of the existing VM (viewable in Azure), and by setting the `-Upgrade` and `-Force` flags +- To **add** another SRD after deployment, follow the below instructions for deploying an SRD with `Add_Single_SRD.ps1` +- The simplest way to **resize** a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) +- Alternatively, you can **resize** a VM by using the below instructions for deploying an SRD, taking care to set the `` to that of the existing VM (viewable in Azure), and by setting the `-Upgrade` and `-Force` flags -
-Deploying SRDs +![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` -```{include} snippets/09_single_srd.partial.md -:relative-images: +**Deploy an SRD:** + +```powershell +PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet [-vmSize ] ``` -
+- where `` is the {ref}`management environment ID ` for this SHM +- where `` is the {ref}`secure research environment ID ` for this SRE +- where `` is last octet of the IP address +- [optional] where `` is the [Azure VM size](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) for this SRD + +This will deploy a new SRD into the SRE environment. ## {{fire}} Remove a single SRE From 89845aa3ac4ef4fd68d42b9a23de175afea29837 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 16:44:51 +0000 Subject: [PATCH 007/289] make resizing explicit --- docs/roles/system_manager/manage_deployments.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 2c203593c7..363c08d767 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -26,8 +26,9 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the {ref}`management environment ID ` for this SHM - where `` is the {ref}`secure research environment ID ` for this SRE -- where `` is last octet of the IP address +- where `` is last octet of the IP address (if resizing an existing VM, check what this is in Azure) - [optional] where `` is the [Azure VM size](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) for this SRD +- [optional] where resizing a VM for an existing SRD, also add `-Upgrade` and `-Force` This will deploy a new SRD into the SRE environment. From 5cc7ae4af578118e198c4076c5d36f060d3b6f76 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 30 Jan 2023 16:46:52 +0000 Subject: [PATCH 008/289] trailing space --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 363c08d767..d9c4bc3eda 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -28,7 +28,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the {ref}`secure research environment ID ` for this SRE - where `` is last octet of the IP address (if resizing an existing VM, check what this is in Azure) - [optional] where `` is the [Azure VM size](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) for this SRD -- [optional] where resizing a VM for an existing SRD, also add `-Upgrade` and `-Force` +- [optional] where resizing a VM for an existing SRD, also add `-Upgrade` and `-Force` This will deploy a new SRD into the SRE environment. From faf5cbd3a7c4eaf11c92f4757dd496b46e3c99c8 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Tue, 31 Jan 2023 10:49:54 +0000 Subject: [PATCH 009/289] Update required PS modules, remove max PS version --- deployment/CheckRequirements.ps1 | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/deployment/CheckRequirements.ps1 b/deployment/CheckRequirements.ps1 index f3dce22c3a..49043ae78c 100644 --- a/deployment/CheckRequirements.ps1 +++ b/deployment/CheckRequirements.ps1 @@ -9,25 +9,24 @@ Import-Module $PSScriptRoot/common/Logging -Force -ErrorAction Stop # Requirements $PowershellMinVersion = "7.0.0" -$PowershellMaxVersion = "7.2.8" $ModuleVersionRequired = @{ - "Az.Accounts" = @("ge", "2.9.0") - "Az.Automation" = @("ge", "1.7.3") - "Az.Compute" = @("ge", "4.29.0") + "Az.Accounts" = @("ge", "2.11.1") + "Az.Automation" = @("ge", "1.9.0") + "Az.Compute" = @("ge", "5.3.0") "Az.DataProtection" = @("ge", "0.4.0") "Az.Dns" = @("ge", "1.1.2") - "Az.KeyVault" = @("ge", "4.6.0") + "Az.KeyVault" = @("ge", "4.9.1") "Az.Monitor" = @("ge", "3.0.1") "Az.MonitoringSolutions" = @("ge", "0.1.0") - "Az.Network" = @("ge", "4.18.0") + "Az.Network" = @("ge", "5.3.0") "Az.OperationalInsights" = @("ge", "3.1.0") "Az.PrivateDns" = @("ge", "1.0.3") "Az.RecoveryServices" = @("ge", "5.4.1") - "Az.Resources" = @("ge", "6.0.1") + "Az.Resources" = @("ge", "6.5.1") "Az.Storage" = @("ge", "4.7.0") - "Microsoft.Graph.Authentication" = @("ge", "1.10.0") - "Microsoft.Graph.Applications" = @("ge", "1.10.0") - "Microsoft.Graph.Identity.DirectoryManagement" = @("ge", "1.10.0") + "Microsoft.Graph.Authentication" = @("ge", "1.20.0") + "Microsoft.Graph.Applications" = @("ge", "1.20.0") + "Microsoft.Graph.Identity.DirectoryManagement" = @("ge", "1.20.0") "Poshstache" = @("ge", "0.1.10") "Powershell-Yaml" = @("ge", "0.4.2") } @@ -38,10 +37,8 @@ if ($IncludeDev.IsPresent) { # Powershell version $PowershellVersion = (Get-Host | Select-Object Version).Version -if ($PowershellVersion -gt $PowershellMaxVersion) { - Add-LogMessage -Level Fatal "Please downgrade Powershell to a minimum version of $PowershellMinVersion and a maximum of $PowershellMaxVersion (currently using $PowershellVersion)!" -} elseif ($PowershellVersion -lt $PowershellMinVersion) { - Add-LogMessage -Level Fatal "Please upgrade Powershell to a minimum version of $PowershellMinVersion and a maximum of $PowershellMaxVersion (currently using $PowershellVersion)!" +if ($PowershellVersion -lt $PowershellMinVersion) { + Add-LogMessage -Level Fatal "Please upgrade Powershell to a minimum version of $PowershellMinVersion (currently using $PowershellVersion)!" } else { Add-LogMessage -Level Success "Powershell version: $PowershellVersion" } From 285946446a2e6f78558667114ed4773b43de8a6d Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Tue, 31 Jan 2023 10:59:58 +0000 Subject: [PATCH 010/289] Update .devcontainer PS version to 7.2.8 --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 18bf05cb98..1a1a621260 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ # Set package versions ARG AZURE_CLI_VERSION="2.42.0" -ARG PWSH_VERSION="7.2.6" +ARG PWSH_VERSION="7.2.8" # Set up TARGETARCH variable to use to pull the right binaries for the current architecture. ARG TARGETARCH From 9e7deed2975e847f07f072d36caad77262b9e8fb Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 10:20:02 +0000 Subject: [PATCH 011/289] Azure portal Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index d9c4bc3eda..fd621ebcc1 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -14,7 +14,7 @@ The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.p - To **add** another SRD after deployment, follow the below instructions for deploying an SRD with `Add_Single_SRD.ps1` - The simplest way to **resize** a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) -- Alternatively, you can **resize** a VM by using the below instructions for deploying an SRD, taking care to set the `` to that of the existing VM (viewable in Azure), and by setting the `-Upgrade` and `-Force` flags +- Alternatively, you can **resize** a VM by using the below instructions for deploying an SRD, taking care to set the `` to that of the existing VM (viewable in the Azure portal), and by setting the `-Upgrade` and `-Force` flags ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` From b090d1d9c2ab91f2c886b987a02b972e2387f5df Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 10:20:30 +0000 Subject: [PATCH 012/289] make not a header Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index fd621ebcc1..7b9f5249e4 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -18,7 +18,7 @@ The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.p ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` -**Deploy an SRD:** +### Deploy an SRD: ```powershell PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet [-vmSize ] From d9f10a5485de5bab18a73d09ed599f7e0b9919b6 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 1 Feb 2023 10:27:20 +0000 Subject: [PATCH 013/289] Fix link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2b204ef8fd..f48c292548 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -208,7 +208,7 @@ Make sure to [keep your fork up to date](https://docs.github.com/en/pull-request #### 3. Make the changes you've discussed Try to keep the changes focused. If you submit a large amount of work in all in one go it will be much more work for whomever is reviewing your pull request. [Help them help you](https://media.giphy.com/media/uRb2p09vY8lEs/giphy.gif) :wink: -If you feel tempted to "branch out" then please make a [new branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository) and a [new issue][https://github.com/alan-turing-institute/data-safe-haven/issues] to go with it. +If you feel tempted to "branch out" then please make a [new branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository) and a [new issue](https://github.com/alan-turing-institute/data-safe-haven/issues) to go with it. #### 4. Submit a pull request From 9de2bf1ff144850823fe4ee9bcfd3932fb0058a3 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 1 Feb 2023 10:27:39 +0000 Subject: [PATCH 014/289] Add note for installing doc build dependencies --- CONTRIBUTING.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f48c292548..28112cca0f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -226,9 +226,16 @@ The docs, including for older releases, are available [here](https://alan-turing You should follow the same instructions as above to [make a change with a pull request](#making-a-change-with-a-pull-request) when editing the documentation. -To test your changes, build the docs locally by checking out your fork of the repo, navigating to the `docs` folder and `make`ing them: +To preview your changes, you can build the docs locally. +The documentation build dependencies are listed in [a requirements file](docs/build/requirements.txt) that can be installed using `pip`: -```{bash} +```{shell} +pip install -r docs/build/requirements.txt +``` + +Check out your branch, navigate to the `docs` folder and `make` them: + +```{shell} cd data-safe-haven/docs make html ``` From 32c5214265d683042490b9ba727df48cb97081f3 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 10:52:49 +0000 Subject: [PATCH 015/289] separate deploy and resize SRD --- .../deployment/deploy_sre_apache_guacamole.md | 2 +- .../system_manager/manage_deployments.md | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/docs/deployment/deploy_sre_apache_guacamole.md b/docs/deployment/deploy_sre_apache_guacamole.md index 456540493f..9f5f69533e 100644 --- a/docs/deployment/deploy_sre_apache_guacamole.md +++ b/docs/deployment/deploy_sre_apache_guacamole.md @@ -33,7 +33,7 @@ PS> ./Deploy_SRE.ps1 -shmId -sreId -VMs - where `` is the {ref}`management environment ID ` for this SHM - where `` is the {ref}`secure research environment ID ` for this SRE - where `` is a list of [Azure VM sizes](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) that you want to create. For example `'Standard_D2s_v3', 'default', 'Standard_NC6s_v3'`. If you are unsure of the appropriate VM sizes, run the script with a single `'default'`. -- VMs can be resized after deployment. See {ref}`Add a new Secure Research Desktop (SRD) or resize an existing SRD’s VM `. +- VMs can be resized after deployment. See how to do so in the {ref}`System Manager instructions `. You will be prompted for credentials for: diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 7b9f5249e4..6dd05cc0ce 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -6,20 +6,23 @@ This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it. ``` -(add_resize_vm)= +(resize_vm)= -## {{heavy_plus_sign}} Add a new Secure Research Desktop (SRD) or resize an existing SRD’s VM +## {{arrow_upper_right}} Resize the Virtual Machine (VM) of a Secure Research Desktop (SRD) + +Sometimes during a project that uses a a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. + +- The simplest way to resize a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) +- Alternatively, you can resize a VM by using the below instructions for deploying an SRD, taking care to set the `` to that of the existing VM (viewable in the Azure portal), and by setting the `-Upgrade` and `-Force` flags + +## {{heavy_plus_sign}} Add a new SRD The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. -- To **add** another SRD after deployment, follow the below instructions for deploying an SRD with `Add_Single_SRD.ps1` -- The simplest way to **resize** a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) -- Alternatively, you can **resize** a VM by using the below instructions for deploying an SRD, taking care to set the `` to that of the existing VM (viewable in the Azure portal), and by setting the `-Upgrade` and `-Force` flags +To deploy a new SRD into the SRE environment (after SRE deployment), follow the below instructions for deploying an SRD with `Add_Single_SRD.ps1`. ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` -### Deploy an SRD: - ```powershell PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet [-vmSize ] ``` @@ -30,7 +33,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the [Azure VM size](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) for this SRD - [optional] where resizing a VM for an existing SRD, also add `-Upgrade` and `-Force` -This will deploy a new SRD into the SRE environment. +This will deploy . ## {{fire}} Remove a single SRE From 3267a3526cf381b5d29866882f81dfa3d784b1af Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 10:56:32 +0000 Subject: [PATCH 016/289] tidy and clarify --- docs/roles/system_manager/manage_deployments.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 6dd05cc0ce..12d36bad26 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -10,10 +10,11 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem ## {{arrow_upper_right}} Resize the Virtual Machine (VM) of a Secure Research Desktop (SRD) -Sometimes during a project that uses a a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. +Sometimes during a project that uses a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. -- The simplest way to resize a VM for an existing SRD is to log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE`, then resize it by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) -- Alternatively, you can resize a VM by using the below instructions for deploying an SRD, taking care to set the `` to that of the existing VM (viewable in the Azure portal), and by setting the `-Upgrade` and `-Force` flags +- Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` +- The simplest way to resize this VM is by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal +- Alternatively, you can resize this VM by using the below instructions to "Add a new SRD", taking care to set the `` to that of the VM (viewable in the Azure portal), and by setting the `-Upgrade` and `-Force` flags ## {{heavy_plus_sign}} Add a new SRD From f73eec8e0088b0696813c7bfdd6a50eaf47e74c0 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 10:57:14 +0000 Subject: [PATCH 017/289] tidy --- docs/roles/system_manager/manage_deployments.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 12d36bad26..c309970c69 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -34,8 +34,6 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the [Azure VM size](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) for this SRD - [optional] where resizing a VM for an existing SRD, also add `-Upgrade` and `-Force` -This will deploy . - ## {{fire}} Remove a single SRE In order to tear down an SRE, use the following procedure: From eb26f9b5dfa705c09fd44ade22771289e81915c8 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 10:58:32 +0000 Subject: [PATCH 018/289] simplify --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index c309970c69..294b592942 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -20,7 +20,7 @@ Sometimes during a project that uses a deployed SRE, researchers may find the av The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. -To deploy a new SRD into the SRE environment (after SRE deployment), follow the below instructions for deploying an SRD with `Add_Single_SRD.ps1`. +To deploy a new SRD into the SRE environment, follow the below instructions: ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` From cba8797d3eb0e76f1c296d340363704005fbc6aa Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 1 Feb 2023 11:34:11 +0000 Subject: [PATCH 019/289] Switch Travis badges for GitHub --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8ff4c7e4fd..4993f9c83f 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,8 @@ It provides a set of scripts and templates that will allow you to deploy, admini It was developed as part of the Alan Turing Institute's [Data Safe Havens in the Cloud](https://www.turing.ac.uk/research/research-projects/data-safe-havens-cloud) project. [![Docs](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/build_docs.yaml/badge.svg)](https://alan-turing-institute.github.io/data-safe-haven) -[![Build status](https://app.travis-ci.com/alan-turing-institute/data-safe-haven.svg?token=fmccRP1RHVJaEoiWy6QF&branch=develop)](https://app.travis-ci.com/alan-turing-institute/data-safe-haven) +[![Lint code](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/lint_code.yaml/badge.svg)](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/lint_code.yaml) +[![Test code](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/test_code.yaml/badge.svg)](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/test_code.yaml) [![Latest version](https://img.shields.io/github/v/release/alan-turing-institute/data-safe-haven?style=flat&label=Latest&color=%234B78E6)](https://github.com/alan-turing-institute/data-safe-haven/releases) [![Slack](https://img.shields.io/badge/Join%20us!-yellow?style=flat&logo=slack&logoColor=white&labelColor=4A154B&label=Slack)](https://join.slack.com/t/turingdatasafehaven/signup) ![Licence](https://img.shields.io/github/license/alan-turing-institute/data-safe-haven) From 632a1c81d344a49442d6bab92fbbd9cacf692e65 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 1 Feb 2023 11:40:31 +0000 Subject: [PATCH 020/289] Add citation badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4993f9c83f..f495fe580a 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ It was developed as part of the Alan Turing Institute's [Data Safe Havens in the [![Latest version](https://img.shields.io/github/v/release/alan-turing-institute/data-safe-haven?style=flat&label=Latest&color=%234B78E6)](https://github.com/alan-turing-institute/data-safe-haven/releases) [![Slack](https://img.shields.io/badge/Join%20us!-yellow?style=flat&logo=slack&logoColor=white&labelColor=4A154B&label=Slack)](https://join.slack.com/t/turingdatasafehaven/signup) ![Licence](https://img.shields.io/github/license/alan-turing-institute/data-safe-haven) +[![Citation](https://img.shields.io/badge/citation-cite%20this%20project-informational)](https://github.com/alan-turing-institute/data-safe-haven/blob/badges/CITATION.cff) ## :family: Community & support From a75f2f0a649579360663ae6cf8361fbc3c71b51e Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 13:48:55 +0000 Subject: [PATCH 021/289] add script for resizing --- .../system_manager/manage_deployments.md | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 294b592942..f360798b8d 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -13,8 +13,21 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem Sometimes during a project that uses a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. - Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` -- The simplest way to resize this VM is by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal -- Alternatively, you can resize this VM by using the below instructions to "Add a new SRD", taking care to set the `` to that of the VM (viewable in the Azure portal), and by setting the `-Upgrade` and `-Force` flags +- The **simplest way to resize this VM** is by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal +- Alternatively, you can resize this VM by using the below instruction to run the `./Add_Single_SRD.ps1` script. Make a note of the last octet of the IP address, which can be seen in the Azure Portal. + +![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` + +```powershell +PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet [-vmSize ] -Upgrade -Force +``` + +- where `` is the {ref}`management environment ID ` for this SHM +- where `` is the {ref}`secure research environment ID ` for this SRE +- where `` is last octet of the IP address (check what this is in the Azure Portal) +- where `` is the new [Azure VM size](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) +- where `` is required to ensure the old VM is replaced +- where `` ensures that `` works even when the VM is built with the same image ## {{heavy_plus_sign}} Add a new SRD @@ -30,9 +43,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the {ref}`management environment ID ` for this SHM - where `` is the {ref}`secure research environment ID ` for this SRE -- where `` is last octet of the IP address (if resizing an existing VM, check what this is in Azure) -- [optional] where `` is the [Azure VM size](https://docs.microsoft.com/en-us/azure/virtual-machines/sizes) for this SRD -- [optional] where resizing a VM for an existing SRD, also add `-Upgrade` and `-Force` +- where `` is last octet of the IP address ## {{fire}} Remove a single SRE From 07e89bf9d02e2f1c1e37f04e3088eb49bacd4f5f Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 13:49:49 +0000 Subject: [PATCH 022/289] last octet disclaimer --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index f360798b8d..6a115b4f58 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -43,7 +43,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the {ref}`management environment ID ` for this SHM - where `` is the {ref}`secure research environment ID ` for this SRE -- where `` is last octet of the IP address +- where `` is last octet of the IP address (this must be different to any other SRD VMs) ## {{fire}} Remove a single SRE From 79338fd83de235f26242de69931858c650c3d377 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 13:54:45 +0000 Subject: [PATCH 023/289] remove trailing space --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 6a115b4f58..9b88929ed5 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -14,7 +14,7 @@ Sometimes during a project that uses a deployed SRE, researchers may find the av - Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` - The **simplest way to resize this VM** is by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal -- Alternatively, you can resize this VM by using the below instruction to run the `./Add_Single_SRD.ps1` script. Make a note of the last octet of the IP address, which can be seen in the Azure Portal. +- Alternatively, you can resize this VM by using the below instruction to run the `./Add_Single_SRD.ps1` script. Make a note of the last octet of the IP address, which can be seen in the Azure Portal. ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` From b4bec4a7b2d8bbd0c2fad3e29bc063b69d103012 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Feb 2023 14:20:01 +0000 Subject: [PATCH 024/289] Update docs/roles/system_manager/manage_deployments.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 9b88929ed5..4d18a1de2a 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -14,7 +14,7 @@ Sometimes during a project that uses a deployed SRE, researchers may find the av - Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` - The **simplest way to resize this VM** is by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal -- Alternatively, you can resize this VM by using the below instruction to run the `./Add_Single_SRD.ps1` script. Make a note of the last octet of the IP address, which can be seen in the Azure Portal. +- Alternatively, you can resize this VM by using the instructions below to run the `./Add_Single_SRD.ps1` script. Make a note of the last octet of the IP address, which can be seen in the Azure Portal. ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` From d6abed68fb60a8922d16e9c0dc5cf7bbd2088766 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Wed, 1 Feb 2023 15:46:37 +0000 Subject: [PATCH 025/289] Update docs to reflect support for latest PS --- docs/deployment/deploy_shm.md | 1 + docs/deployment/snippets/01_prerequisites.partial.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/deployment/deploy_shm.md b/docs/deployment/deploy_shm.md index 4825fbcb0c..429aac0b74 100644 --- a/docs/deployment/deploy_shm.md +++ b/docs/deployment/deploy_shm.md @@ -24,6 +24,7 @@ Alternatively, you may run multiple SHMs concurrently, for example you may have - `PowerShell` - Install [PowerShell v7.0 or above](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) + - Note that we support only the latest stable release of Powershell([currently v7.3.2](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3)) - `Powershell` cross-platform modules ````{tip} diff --git a/docs/deployment/snippets/01_prerequisites.partial.md b/docs/deployment/snippets/01_prerequisites.partial.md index 254b8ef79b..8e636755a0 100644 --- a/docs/deployment/snippets/01_prerequisites.partial.md +++ b/docs/deployment/snippets/01_prerequisites.partial.md @@ -15,6 +15,7 @@ - `PowerShell` with support for Azure - Install [PowerShell v7.0 or above](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) + - Note that we support only the latest stable release of Powershell ([currently v7.3.2](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3)) - Install the [Azure PowerShell Module](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps) using `Install-Module -Name Az -RequiredVersion 5.0.0 -Repository PSGallery` - `Microsoft Remote Desktop` - On macOS this can be installed from the [Apple store](https://www.apple.com/app-store/) From c1aa3b6bb274002f423782dca7e3d288cbc3d421 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Wed, 1 Feb 2023 15:47:20 +0000 Subject: [PATCH 026/289] add missing space to doc --- docs/deployment/deploy_shm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deployment/deploy_shm.md b/docs/deployment/deploy_shm.md index 429aac0b74..e3f32d798a 100644 --- a/docs/deployment/deploy_shm.md +++ b/docs/deployment/deploy_shm.md @@ -24,7 +24,7 @@ Alternatively, you may run multiple SHMs concurrently, for example you may have - `PowerShell` - Install [PowerShell v7.0 or above](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) - - Note that we support only the latest stable release of Powershell([currently v7.3.2](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3)) + - Note that we support only the latest stable release of Powershell ([currently v7.3.2](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3)) - `Powershell` cross-platform modules ````{tip} From 5c92a3e4e95cdc09387f3afe318026a837d81829 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Wed, 1 Feb 2023 15:51:09 +0000 Subject: [PATCH 027/289] Add check for supported PS version, update modules --- deployment/CheckRequirements.ps1 | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/deployment/CheckRequirements.ps1 b/deployment/CheckRequirements.ps1 index 49043ae78c..7652bb56ec 100644 --- a/deployment/CheckRequirements.ps1 +++ b/deployment/CheckRequirements.ps1 @@ -9,6 +9,7 @@ Import-Module $PSScriptRoot/common/Logging -Force -ErrorAction Stop # Requirements $PowershellMinVersion = "7.0.0" +$PowershellSupportedVersion = "7.3.2" $ModuleVersionRequired = @{ "Az.Accounts" = @("ge", "2.11.1") "Az.Automation" = @("ge", "1.9.0") @@ -24,9 +25,9 @@ $ModuleVersionRequired = @{ "Az.RecoveryServices" = @("ge", "5.4.1") "Az.Resources" = @("ge", "6.5.1") "Az.Storage" = @("ge", "4.7.0") - "Microsoft.Graph.Authentication" = @("ge", "1.20.0") - "Microsoft.Graph.Applications" = @("ge", "1.20.0") - "Microsoft.Graph.Identity.DirectoryManagement" = @("ge", "1.20.0") + "Microsoft.Graph.Authentication" = @("ge", "1.21.0") + "Microsoft.Graph.Applications" = @("ge", "1.21.0") + "Microsoft.Graph.Identity.DirectoryManagement" = @("ge", "1.21.0") "Poshstache" = @("ge", "0.1.10") "Powershell-Yaml" = @("ge", "0.4.2") } @@ -38,11 +39,18 @@ if ($IncludeDev.IsPresent) { # Powershell version $PowershellVersion = (Get-Host | Select-Object Version).Version if ($PowershellVersion -lt $PowershellMinVersion) { - Add-LogMessage -Level Fatal "Please upgrade Powershell to a minimum version of $PowershellMinVersion (currently using $PowershellVersion)!" + Add-LogMessage -Level Fatal "Please upgrade Powershell to a minimum version of $PowershellMinVersion (currently using $PowershellVersion; currently supported version is $PowershellSupportedVersion)!" } else { - Add-LogMessage -Level Success "Powershell version: $PowershellVersion" + if ($PowershellVersion -ne $PowershellSupportedVersion) { + Add-LogMessage -Level Warning "Powershell version: $PowershellVersion" + Add-LogMessage -Level Warning "The currently supported version of Powershell is $PowershellSupportedVersion." + Add-LogMessage -Level Warning "In case of errors originating from Powershell code, ensure that you are running the currently supported version." + } else { + Add-LogMessage -Level Success "Powershell version: $PowershellVersion" + } } + # Powershell modules $RepositoryName = "PSGallery" foreach ($ModuleName in $ModuleVersionRequired.Keys) { From 984a84312684547104e778c4be17396fdb5eb669 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Wed, 1 Feb 2023 15:51:44 +0000 Subject: [PATCH 028/289] Add missing module dependency (MS.Graph.Users) --- deployment/CheckRequirements.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/CheckRequirements.ps1 b/deployment/CheckRequirements.ps1 index 7652bb56ec..ca4ed4b321 100644 --- a/deployment/CheckRequirements.ps1 +++ b/deployment/CheckRequirements.ps1 @@ -28,6 +28,7 @@ $ModuleVersionRequired = @{ "Microsoft.Graph.Authentication" = @("ge", "1.21.0") "Microsoft.Graph.Applications" = @("ge", "1.21.0") "Microsoft.Graph.Identity.DirectoryManagement" = @("ge", "1.21.0") + "Microsoft.Graph.Users" = @("ge", "1.21.0") "Poshstache" = @("ge", "0.1.10") "Powershell-Yaml" = @("ge", "0.4.2") } From 62da68a792237fe28b0823258e17a06c1236818c Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Wed, 1 Feb 2023 15:52:38 +0000 Subject: [PATCH 029/289] Use robust method of getting Powershell version --- deployment/CheckRequirements.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/CheckRequirements.ps1 b/deployment/CheckRequirements.ps1 index ca4ed4b321..7813812054 100644 --- a/deployment/CheckRequirements.ps1 +++ b/deployment/CheckRequirements.ps1 @@ -38,7 +38,7 @@ if ($IncludeDev.IsPresent) { } # Powershell version -$PowershellVersion = (Get-Host | Select-Object Version).Version +$PowershellVersion = $PSVersionTable.PSVersion if ($PowershellVersion -lt $PowershellMinVersion) { Add-LogMessage -Level Fatal "Please upgrade Powershell to a minimum version of $PowershellMinVersion (currently using $PowershellVersion; currently supported version is $PowershellSupportedVersion)!" } else { From ccfd7872bc9233c70825c223b9ffd4ada054bc9d Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Wed, 1 Feb 2023 15:53:00 +0000 Subject: [PATCH 030/289] Update .devcontainer to 7.3.2 --- .devcontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 1a1a621260..bc5f1e4784 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ # Set package versions ARG AZURE_CLI_VERSION="2.42.0" -ARG PWSH_VERSION="7.2.8" +ARG PWSH_VERSION="7.3.2" # Set up TARGETARCH variable to use to pull the right binaries for the current architecture. ARG TARGETARCH From 7e4bd3161fb136e3b4373dac4c19e92b778c5393 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Thu, 2 Feb 2023 13:30:52 +0000 Subject: [PATCH 031/289] Update docs to suggest latest stable PS --- docs/deployment/deploy_shm.md | 3 +-- docs/deployment/snippets/01_prerequisites.partial.md | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/deployment/deploy_shm.md b/docs/deployment/deploy_shm.md index e3f32d798a..9d718df193 100644 --- a/docs/deployment/deploy_shm.md +++ b/docs/deployment/deploy_shm.md @@ -23,8 +23,7 @@ Alternatively, you may run multiple SHMs concurrently, for example you may have ``` - `PowerShell` - - Install [PowerShell v7.0 or above](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) - - Note that we support only the latest stable release of Powershell ([currently v7.3.2](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3)) + - We recommend [installing](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) the [latest stable release](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3) of Powershell. We have most recently tested deployment using version `7.3.2`. - `Powershell` cross-platform modules ````{tip} diff --git a/docs/deployment/snippets/01_prerequisites.partial.md b/docs/deployment/snippets/01_prerequisites.partial.md index 8e636755a0..3f3cf684c7 100644 --- a/docs/deployment/snippets/01_prerequisites.partial.md +++ b/docs/deployment/snippets/01_prerequisites.partial.md @@ -14,8 +14,7 @@ ### {{beginner}} Software - `PowerShell` with support for Azure - - Install [PowerShell v7.0 or above](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) - - Note that we support only the latest stable release of Powershell ([currently v7.3.2](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3)) + - We recommend [installing](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) the [latest stable release](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.3) of Powershell. We have most recently tested deployment using version `7.3.2`. - Install the [Azure PowerShell Module](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps) using `Install-Module -Name Az -RequiredVersion 5.0.0 -Repository PSGallery` - `Microsoft Remote Desktop` - On macOS this can be installed from the [Apple store](https://www.apple.com/app-store/) From be9aa6c4f1593d71a358441fc11e84eaae127325 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Thu, 2 Feb 2023 14:24:47 +0000 Subject: [PATCH 032/289] Remove minimum powershell version --- deployment/CheckRequirements.ps1 | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/deployment/CheckRequirements.ps1 b/deployment/CheckRequirements.ps1 index 7813812054..348aa34e30 100644 --- a/deployment/CheckRequirements.ps1 +++ b/deployment/CheckRequirements.ps1 @@ -8,7 +8,6 @@ param ( Import-Module $PSScriptRoot/common/Logging -Force -ErrorAction Stop # Requirements -$PowershellMinVersion = "7.0.0" $PowershellSupportedVersion = "7.3.2" $ModuleVersionRequired = @{ "Az.Accounts" = @("ge", "2.11.1") @@ -39,16 +38,12 @@ if ($IncludeDev.IsPresent) { # Powershell version $PowershellVersion = $PSVersionTable.PSVersion -if ($PowershellVersion -lt $PowershellMinVersion) { - Add-LogMessage -Level Fatal "Please upgrade Powershell to a minimum version of $PowershellMinVersion (currently using $PowershellVersion; currently supported version is $PowershellSupportedVersion)!" +if ($PowershellVersion -ne $PowershellSupportedVersion) { + Add-LogMessage -Level Warning "Powershell version: $PowershellVersion" + Add-LogMessage -Level Warning "The currently supported version of Powershell is $PowershellSupportedVersion." + Add-LogMessage -Level Warning "In case of errors originating from Powershell code, ensure that you are running the currently supported version." } else { - if ($PowershellVersion -ne $PowershellSupportedVersion) { - Add-LogMessage -Level Warning "Powershell version: $PowershellVersion" - Add-LogMessage -Level Warning "The currently supported version of Powershell is $PowershellSupportedVersion." - Add-LogMessage -Level Warning "In case of errors originating from Powershell code, ensure that you are running the currently supported version." - } else { - Add-LogMessage -Level Success "Powershell version: $PowershellVersion" - } + Add-LogMessage -Level Success "Powershell version: $PowershellVersion" } From 71d2ad52e2a8ab75538728d12b75ef4a7ac62513 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Thu, 2 Feb 2023 15:02:06 +0000 Subject: [PATCH 033/289] All -UseDeviceAuthentication switch --- .../setup/Deploy_SHM.ps1 | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 b/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 index 505e6dc0a8..89a653c20a 100755 --- a/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 +++ b/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 @@ -1,6 +1,8 @@ param( [Parameter(Mandatory = $true, HelpMessage = "Enter SHM ID (e.g. use 'testa' for Turing Development Safe Haven A)")] - [string]$shmId + [string]$shmId, + [Parameter(Mandatory = $false, HelpMessage = "Use device authentication for connecting to Azure and Microsoft Graph")] + [switch]$UseDeviceAuthentication ) Import-Module Az.Accounts -ErrorAction Stop @@ -13,7 +15,11 @@ Import-Module $PSScriptRoot/../../common/Logging -Force -ErrorAction Stop # ---------------- if (Get-AzContext) { Disconnect-AzAccount | Out-Null } # force a refresh of the Azure token before starting Add-LogMessage -Level Info "Attempting to authenticate with Azure. Please sign in with an account with admin rights over the subscriptions you plan to use." -Connect-AzAccount -ErrorAction Stop | Out-Null +if ($UseDeviceAuthentication) { + Connect-AzAccount -UseDeviceAuthentication -ErrorAction Stop | Out-Null +} else { + Connect-AzAccount -ErrorAction Stop | Out-Null +} if (Get-AzContext) { Add-LogMessage -Level Success "Authenticated with Azure as $((Get-AzContext).Account.Id)" } else { @@ -25,7 +31,11 @@ if (Get-AzContext) { # -------------------------- if (Get-MgContext) { Disconnect-MgGraph | Out-Null } # force a refresh of the Microsoft Graph token before starting Add-LogMessage -Level Info "Attempting to authenticate with Microsoft Graph. Please sign in with an account with admin rights over the Azure Active Directory you plan to use." -Connect-MgGraph -TenantId $config.azureAdTenantId -Scopes "User.ReadWrite.All", "UserAuthenticationMethod.ReadWrite.All", "Directory.AccessAsUser.All", "RoleManagement.ReadWrite.Directory" -ErrorAction Stop -ContextScope Process | Out-Null +if ($UseDeviceAuthentication) { + Connect-MgGraph -TenantId $config.azureAdTenantId -Scopes "User.ReadWrite.All", "UserAuthenticationMethod.ReadWrite.All", "Directory.AccessAsUser.All", "RoleManagement.ReadWrite.Directory" -ErrorAction Stop -ContextScope Process -UseDeviceAuthentication +} else { + Connect-MgGraph -TenantId $config.azureAdTenantId -Scopes "User.ReadWrite.All", "UserAuthenticationMethod.ReadWrite.All", "Directory.AccessAsUser.All", "RoleManagement.ReadWrite.Directory" -ErrorAction Stop -ContextScope Process | Out-Null +} if (Get-MgContext) { Add-LogMessage -Level Success "Authenticated with Microsoft Graph as $((Get-MgContext).Account)" } else { From c136c241c7cc078955b4ccfa1b22294cbe13f0a7 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Thu, 2 Feb 2023 16:18:26 +0000 Subject: [PATCH 034/289] remove trailing whitespace --- .../safe_haven_management_environment/setup/Deploy_SHM.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 b/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 index 89a653c20a..bd79417d1c 100755 --- a/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 +++ b/deployment/safe_haven_management_environment/setup/Deploy_SHM.ps1 @@ -35,7 +35,7 @@ if ($UseDeviceAuthentication) { Connect-MgGraph -TenantId $config.azureAdTenantId -Scopes "User.ReadWrite.All", "UserAuthenticationMethod.ReadWrite.All", "Directory.AccessAsUser.All", "RoleManagement.ReadWrite.Directory" -ErrorAction Stop -ContextScope Process -UseDeviceAuthentication } else { Connect-MgGraph -TenantId $config.azureAdTenantId -Scopes "User.ReadWrite.All", "UserAuthenticationMethod.ReadWrite.All", "Directory.AccessAsUser.All", "RoleManagement.ReadWrite.Directory" -ErrorAction Stop -ContextScope Process | Out-Null -} +} if (Get-MgContext) { Add-LogMessage -Level Success "Authenticated with Microsoft Graph as $((Get-MgContext).Account)" } else { From bc8775f6783859889d1bfeba7f729682d99bc7c5 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 3 Feb 2023 14:04:23 +0000 Subject: [PATCH 035/289] Prevent removal of backup data during dry run --- deployment/administration/SRE_Teardown.ps1 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/deployment/administration/SRE_Teardown.ps1 b/deployment/administration/SRE_Teardown.ps1 index 2d1a7d54c1..96e5b47edf 100644 --- a/deployment/administration/SRE_Teardown.ps1 +++ b/deployment/administration/SRE_Teardown.ps1 @@ -39,8 +39,13 @@ if ($dryRun.IsPresent) { # Remove backup instances and policies. Without this the backup vault cannot be deleted # ------------------------------------------------------------------------------------- -Remove-DataProtectionBackupInstances -ResourceGroupName $config.sre.backup.rg -VaultName $config.sre.backup.vault.name -Remove-DataProtectionBackupDiskSnapshots -ResourceGroupName $config.sre.backup.rg +if ($dryRun.IsPresent) { + Add-LogMessage -Level Info "Backup instances from $($config.sre.backup.vault.name) would be deleted" + Add-LogMessage -Level Info "Disk snapshots from from $($config.sre.backup.rg) would be deleted" +} else { + Remove-DataProtectionBackupInstances -ResourceGroupName $config.sre.backup.rg -VaultName $config.sre.backup.vault.name + Remove-DataProtectionBackupDiskSnapshots -ResourceGroupName $config.sre.backup.rg +} # Remove SRE resource groups and the resources they contain From 560980ec7de4b32ff339217eeca9c22d6e6bccde Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Feb 2023 17:49:29 +0000 Subject: [PATCH 036/289] :memo: Add new package request issue type --- .../software_package_request.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/software_package_request.md diff --git a/.github/ISSUE_TEMPLATE/software_package_request.md b/.github/ISSUE_TEMPLATE/software_package_request.md new file mode 100644 index 0000000000..52448f09d9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/software_package_request.md @@ -0,0 +1,37 @@ +--- +name: Software package request +about: Request that a new package is added to the Tier 3 allow list +title: "" +labels: "type: enhancement" +assignees: "" +--- + +## :white_check_mark: Checklist + + + +- [ ] I have searched open and closed issues for duplicates. +- [ ] This is a request for a new software package to be added to the Data Safe Haven +- [ ] The package is still missing in the [latest version](https://github.com/alan-turing-institute/data-safe-haven/releases). + +## :gift: Package details + + + +## :steam_locomotive: Why is this needed? + + From 3d024248ad0e57f3a78688432d3af1880879fb1c Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Feb 2023 17:49:45 +0000 Subject: [PATCH 037/289] :memo: Add package approval policy --- docs/processes/index.md | 4 ++ docs/processes/software_package_approval.md | 70 +++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 docs/processes/software_package_approval.md diff --git a/docs/processes/index.md b/docs/processes/index.md index ce375164fa..617361298d 100644 --- a/docs/processes/index.md +++ b/docs/processes/index.md @@ -10,6 +10,7 @@ data_ingress.md data_egress.md data_access_controls.md data_transfer_protocol.md +software_package_approval.md ``` [Data handling](data_handling.md) @@ -29,3 +30,6 @@ data_transfer_protocol.md [Data transfer protocol](data_transfer_protocol.md) : A description of the protocol used for data transfer at the Turing + +[Software approval policy](software_package_approval.md) +: The checks needed before a software package can be approved for use in Tier 3 environments diff --git a/docs/processes/software_package_approval.md b/docs/processes/software_package_approval.md new file mode 100644 index 0000000000..cfd6137ed7 --- /dev/null +++ b/docs/processes/software_package_approval.md @@ -0,0 +1,70 @@ +# Software approval policy + +To maximise the usability of the secure research environments, we pre-install certain software packages that are deemed broadly useful to a cross section of researchers, thus making them available to all users. + +Other software packages which are only of interest to a subset of users can be made available for download from remote package repositories. +Currently, we support PyPI (Python) and CRAN (R) as remote repositories. + +Only a subset of packages that have been vetted to mitigate the risk of introducing malicious or unsound software into the secure environment are made available in this way. +This page sets out the policy for adding software packages to the approved download list and/or software to the pre-installed software list. +It also describes the procedure that users of the secure environment should follow to request new additions to the allowlist. + +## Background + +Given the safeguards afforded by the safe haven environment, and the separation of responsibilities between its constituent resources, the level of risk associated with the introduction of third party software packages is considered low. +Moreover, access to the environment is carefully controlled and there is a presumption of trust in the individual researchers to whom access is granted. + +Nevertheless, the introduction of any software into the safe haven must be considered against the potential risks of: + +- approved users having access to data to which they shouldn't (e.g. from data mixing) +- unapproved users having access to data (e.g. from a data breach) +- poisoning of data and/or outputs +- resource misuse (allocation of computational resources for unintended or wasteful purposes). + +Such risks may originate unwittingly, from a user who wants to "just get the job done", or from a user, network team member or administrator acting maliciously. + +Specific risks which this policy aims to mitigate include: + +- package name squatting (allowlisting a similarly-named package instead of the intended one) +- privilege escalation attacks (enabling a user to gain elevated access permissions). + +(package_inclusion_policy)= + +## Policy + +- For each supported programming language, three package lists will be maintained: + - a core allowlist of broadly useful packages that should be pre-installed in each environment + - an extra allowlist of packages that may be useful for specific projects + - an expanded list to be made available from the package repositories consisting of the core and extra packages plus their dependencies +- Users may request to add packages to these allowlists via the {ref}`package request procedure `. + - In the interests of improving researcher productivity the aim will be to accommodate such requests, provided there are no outweighing security concerns associated with the package or its dependencies. +- Requests will be reviewed by the project team using the information provided by the user when making the request +- If approved, a requested package will be added to either the core or extra allowlist (as appropriate) + +(package_inclusion_criteria)= + +### Criteria for inclusion in core + +Only software that is considered broadly useful to a cross section of researchers should be included in core. + +To meet this condition, a package should: + +- implement at least one generic (i.e. not domain-specific) statistical algorithm or method, or +- provide support for a cross-cutting analysis technique (e.g. geospatial data analysis, NLP), or +- facilitate data science or software development best practices (e.g. for robustness, correctness, reproducibility), or +- enhance the presentational features of the programming language (e.g. for producing plots, notebooks, articles, websites), or +- enhance the usability of the programming language or development environment (e.g. RStudio, PyCharm). + +(package_request_procedure)= + +## Package request/review procedure + +- A user requests a package by opening a `Software package request` issue on the Data Safe Haven GitHub repository, including responses to the following questions: + - Is this package the mostly widely supported for the intended purpose? + - What will you be able to do with this package that you can't currently do? What alternatives are there? + - What risks to data integrity/security might arise from including this package or its dependencies? +- A member of the project team reviews the request according to the terms of the {ref}`package_inclusion_policy`. +- The reviewer adds their decision (accept/reject) to the issue and notifies the user who made the request. + - If the decision is to reject, the reviewer must include an explanation. Any subsequent request for the same package should address the specific concern raised. + - If the decision is to accept, a pull request should be made that will add the package to the appropriate list. +- Once the pull request is approved, system administrators of any running deployment can decide whether to update to the new allowlist definitions. From 4f7429f5998b7e2d371a9a0f97a7392f09c10874 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Feb 2023 17:50:33 +0000 Subject: [PATCH 038/289] :sparkles: Add list of 'extra' approved packages from PyPI and CRAN --- .../administration/SHM_Expand_Allowlist_Dependencies.ps1 | 4 ++-- .../package_lists/allowlist-extra-python-pypi-tier3.list | 0 .../package_lists/allowlist-extra-r-cran-tier3.list | 0 3 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 environment_configs/package_lists/allowlist-extra-python-pypi-tier3.list create mode 100644 environment_configs/package_lists/allowlist-extra-r-cran-tier3.list diff --git a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 index ca0ba16087..7dde2fd117 100644 --- a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 +++ b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 @@ -123,10 +123,10 @@ function Get-Dependencies { # -------------------------- $languageName = @{cran = "r"; pypi = "python" }[$Repository] $coreAllowlistPath = Join-Path $PSScriptRoot ".." ".." "environment_configs" "package_lists" "allowlist-core-${languageName}-${Repository}-tier3.list" +$extraAllowlistPath = Join-Path $PSScriptRoot ".." ".." "environment_configs" "package_lists" "allowlist-extra-${languageName}-${Repository}-tier3.list" $fullAllowlistPath = Join-Path $PSScriptRoot ".." ".." "environment_configs" "package_lists" "allowlist-full-${languageName}-${Repository}-tier3.list" $dependencyCachePath = Join-Path $PSScriptRoot ".." ".." "environment_configs" "package_lists" "dependency-cache.json" -$corePackageList = Get-Content $coreAllowlistPath | Sort-Object -Unique - +$corePackageList = (Get-Content $coreAllowlistPath) + (Get-Content $extraAllowlistPath) | Sort-Object -Unique # Initialise the package queue # ---------------------------- diff --git a/environment_configs/package_lists/allowlist-extra-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-extra-python-pypi-tier3.list new file mode 100644 index 0000000000..e69de29bb2 diff --git a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list new file mode 100644 index 0000000000..e69de29bb2 From 8a7fa32ed86acd5b46bae51dee0122e1d6a133e2 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 15 Feb 2023 09:47:25 +0000 Subject: [PATCH 039/289] :memo: Be more explicit about what we require from the user --- .github/ISSUE_TEMPLATE/software_package_request.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/software_package_request.md b/.github/ISSUE_TEMPLATE/software_package_request.md index 52448f09d9..2afdb8b800 100644 --- a/.github/ISSUE_TEMPLATE/software_package_request.md +++ b/.github/ISSUE_TEMPLATE/software_package_request.md @@ -22,8 +22,13 @@ Before reporting a problem please check the following. Replace the empty checkbo Provide details about the package you would like to see added: - Package name +- Target audience: "core" (broadly useful for any project) or "extra" (domain specific) - Package version (if different from latest) - Package repository (e.g. CRAN, PyPI) +- Number of authors/contributors to the package codebase +- Any existing versions that should not be used (linking to publicly-accessible CVE databases if relevant) +- Download statistics (recent and longer-term, for both current and previous versions) +- List of packages that this package depends on --> ## :steam_locomotive: Why is this needed? From 4c01261f99d2b6f39fa28ed9c300fd915aa56cc3 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 15 Feb 2023 10:38:58 +0000 Subject: [PATCH 040/289] :memo: Make it clear that allowlist only apply to tier 3 or higher --- docs/processes/software_package_approval.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/processes/software_package_approval.md b/docs/processes/software_package_approval.md index cfd6137ed7..88bca8f2f8 100644 --- a/docs/processes/software_package_approval.md +++ b/docs/processes/software_package_approval.md @@ -5,8 +5,15 @@ To maximise the usability of the secure research environments, we pre-install ce Other software packages which are only of interest to a subset of users can be made available for download from remote package repositories. Currently, we support PyPI (Python) and CRAN (R) as remote repositories. -Only a subset of packages that have been vetted to mitigate the risk of introducing malicious or unsound software into the secure environment are made available in this way. -This page sets out the policy for adding software packages to the approved download list and/or software to the pre-installed software list. +For higher {ref}`sensitivity tiers ` ({ref}`policy_tier_3` and above), only a subset of packages are made available in this way. +This subset of packages constitutes an "allowlist" of packages that have been vetted to mitigate the risk of introducing malicious or unsound software into the secure environment. + +```{warning} +The Data Safe Haven team manages a default allowlist, but individual deployments may be using their own versions. +Check with your {ref}`role_system_manager` what is being used in your case +``` + +This page sets out the policy for adding software packages to the default allowlist and/or software to the pre-installed software list. It also describes the procedure that users of the secure environment should follow to request new additions to the allowlist. ## Background From fd3970e61a320d2d2500c57a985d42398c2daa2b Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 15 Feb 2023 10:39:39 +0000 Subject: [PATCH 041/289] :memo: Fix typos Co-authored-by: Jim Madge --- docs/processes/software_package_approval.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/processes/software_package_approval.md b/docs/processes/software_package_approval.md index 88bca8f2f8..3d23c1945b 100644 --- a/docs/processes/software_package_approval.md +++ b/docs/processes/software_package_approval.md @@ -33,13 +33,13 @@ Such risks may originate unwittingly, from a user who wants to "just get the job Specific risks which this policy aims to mitigate include: - package name squatting (allowlisting a similarly-named package instead of the intended one) -- privilege escalation attacks (enabling a user to gain elevated access permissions). +- privilege escalation attacks (enabling a user to gain elevated access permissions) (package_inclusion_policy)= ## Policy -- For each supported programming language, three package lists will be maintained: +- For each supported repository, three package lists will be maintained: - a core allowlist of broadly useful packages that should be pre-installed in each environment - an extra allowlist of packages that may be useful for specific projects - an expanded list to be made available from the package repositories consisting of the core and extra packages plus their dependencies @@ -60,7 +60,7 @@ To meet this condition, a package should: - provide support for a cross-cutting analysis technique (e.g. geospatial data analysis, NLP), or - facilitate data science or software development best practices (e.g. for robustness, correctness, reproducibility), or - enhance the presentational features of the programming language (e.g. for producing plots, notebooks, articles, websites), or -- enhance the usability of the programming language or development environment (e.g. RStudio, PyCharm). +- enhance the usability of the programming language or development environment (e.g. RStudio, PyCharm) (package_request_procedure)= From 91681b5c6c083748dec577b106d7249414659bc0 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 15 Feb 2023 10:41:06 +0000 Subject: [PATCH 042/289] :memo: Add warning about data ingress via PyPI --- docs/processes/software_package_approval.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/processes/software_package_approval.md b/docs/processes/software_package_approval.md index 3d23c1945b..cf14f4ea6b 100644 --- a/docs/processes/software_package_approval.md +++ b/docs/processes/software_package_approval.md @@ -34,6 +34,7 @@ Specific risks which this policy aims to mitigate include: - package name squatting (allowlisting a similarly-named package instead of the intended one) - privilege escalation attacks (enabling a user to gain elevated access permissions) +- unauthorised data ingress (in particular, it is possible to upload arbitrary data to PyPI without review) (package_inclusion_policy)= From c42f0bd64c9c1b61b13c1ba2abefbe97f25606e2 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 16 Feb 2023 13:39:41 +0000 Subject: [PATCH 043/289] add phone number section --- docs/roles/system_manager/manage_users.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 5fb4e89d91..a68051df21 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -64,6 +64,22 @@ Once you're certain that you're adding a new user, make sure that the following - Be particularly careful never to use them to log in to any user-accessible VMs (such as the SRDs) ``` +### {{iphone}} Changing a users phone number + +Sometimes if a user has provided an incorrect phone number, or has a new phone number that needs to be added, the phone number associated with their account will need to be updated. + +- Login into the Azure Portal and connect to the correct AAD +- Open `Azure Active Directory` +- Click `Users` under `Manage` +- Search for the user and check the box next to their name, then click `Delete` +- Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` +- Open `Active Directory Users and Computers` +- Click on `Safe Haven Research Users` +- Find the person, right click on them and select `Properties` +- Select the `Telephones` tab and edit the `Mobile` number, then click `OK` +- Open a `Powershell` command window with elevated privileges +- Run `C:\Installation\Run_ADSync.ps1` + ## {{calling}} Assign MFA licences ### {{hand}} Manually add licence to each user From 81905ac1dc09ad1127f26f039514b6e1beeae70b Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 16 Feb 2023 13:43:43 +0000 Subject: [PATCH 044/289] disclaimer --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index a68051df21..a66b71bf99 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -71,7 +71,7 @@ Sometimes if a user has provided an incorrect phone number, or has a new phone n - Login into the Azure Portal and connect to the correct AAD - Open `Azure Active Directory` - Click `Users` under `Manage` -- Search for the user and check the box next to their name, then click `Delete` +- Search for the user and check the box next to their name, then click `Delete` (this could take a few minutes) - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - Open `Active Directory Users and Computers` - Click on `Safe Haven Research Users` From 1402c1993586f3361a4c25d1860d55d1564faf9c Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 16 Feb 2023 14:01:40 +0000 Subject: [PATCH 045/289] add instructions for adding user to security groups --- docs/roles/system_manager/manage_users.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index a66b71bf99..64bbaf0b3d 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -64,6 +64,24 @@ Once you're certain that you're adding a new user, make sure that the following - Be particularly careful never to use them to log in to any user-accessible VMs (such as the SRDs) ``` +### {{woman}} {{man}} Adding users to security group(s) + +Users that didn't have a `GroupName` specified in the `user_details_template.csv`, will need to be added manually, before they can access an SRE. + +- Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` +- Open `Active Directory Users and Computers` +- Click on `Safe Haven Security Groups` +- Find the group that the user needs to be added to. For each SRE there are the following groups: + - `SG Data Administrators` (enables database privileges, not write access to `/data`) + - `SG Research Users` + - `SG System Administrators` +- Right click on the group and click `Properties` +- Click the `Members` tab and click `Add...` +- Enter a part of the user's name and click `Check Names` +- Select the correct user and click `OK`, then click `OK` again until the window closes +- Open a `Powershell` command window with elevated privileges +- Run `C:\Installation\Run_ADSync.ps1` + ### {{iphone}} Changing a users phone number Sometimes if a user has provided an incorrect phone number, or has a new phone number that needs to be added, the phone number associated with their account will need to be updated. From 1dec0fceaab4c5c278847dfea33fd6abebeda2b0 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 16 Feb 2023 14:03:10 +0000 Subject: [PATCH 046/289] clarify --- docs/roles/system_manager/manage_users.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 64bbaf0b3d..423fe1dbe2 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -69,7 +69,7 @@ Once you're certain that you're adding a new user, make sure that the following Users that didn't have a `GroupName` specified in the `user_details_template.csv`, will need to be added manually, before they can access an SRE. - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` -- Open `Active Directory Users and Computers` +- In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Security Groups` - Find the group that the user needs to be added to. For each SRE there are the following groups: - `SG Data Administrators` (enables database privileges, not write access to `/data`) @@ -91,7 +91,7 @@ Sometimes if a user has provided an incorrect phone number, or has a new phone n - Click `Users` under `Manage` - Search for the user and check the box next to their name, then click `Delete` (this could take a few minutes) - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` -- Open `Active Directory Users and Computers` +- In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Research Users` - Find the person, right click on them and select `Properties` - Select the `Telephones` tab and edit the `Mobile` number, then click `OK` From 804a14fc8b88835976b6b60bf72b089e8a71ed1a Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Thu, 16 Feb 2023 22:50:15 +0000 Subject: [PATCH 047/289] Add additional EPSRC grants to acknowledgements --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f495fe580a..53402bff42 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ If you believe you have found a security vulnerability, please report it as outl We are grateful for the following support for this project: -- The Alan Turing Institute's core EPSRC funding ([EP/N510129/1](https://gow.epsrc.ukri.org/NGBOViewGrant.aspx?GrantRef=EP/N510129/1)). +- The Alan Turing Institute's core and additional EPSRC funding ([EP/N510129/1](https://gtr.ukri.org/projects?ref=EP%2FN510129%2F1), [EP/W037211/1](https://gtr.ukri.org/projects?ref=EP%2FW037211%2F1), [EP/X03870X/1](https://gtr.ukri.org/projects?ref=EP%2FX03870X%2F1)). - The UKRI Strategic Priorities Fund - AI for Science, Engineering, Health and Government programme ([EP/T001569/1](https://gow.epsrc.ukri.org/NGBOViewGrant.aspx?GrantRef=EP/T001569/1)), particularly the "Tools, Practices and Systems" theme within that grant. - Microsoft's generous [donation of Azure credits](https://www.microsoft.com/en-us/research/blog/microsoft-accelerates-data-science-at-the-alan-turing-institute-with-5m-in-cloud-computing-credits/) to the Alan Turing Institute. From 9dcef241104545a338a6f7df6f066abec06034e9 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Thu, 16 Feb 2023 23:09:48 +0000 Subject: [PATCH 048/289] Add additional EPSRC grant to acknowledgements --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 53402bff42..acad65c38e 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ If you believe you have found a security vulnerability, please report it as outl We are grateful for the following support for this project: -- The Alan Turing Institute's core and additional EPSRC funding ([EP/N510129/1](https://gtr.ukri.org/projects?ref=EP%2FN510129%2F1), [EP/W037211/1](https://gtr.ukri.org/projects?ref=EP%2FW037211%2F1), [EP/X03870X/1](https://gtr.ukri.org/projects?ref=EP%2FX03870X%2F1)). +- The Alan Turing Institute's core and additional EPSRC funding ([EP/N510129/1](https://gtr.ukri.org/projects?ref=EP%2FN510129%2F1), [EP/W001381/1](https://gtr.ukri.org/projects?ref=EP%2FW001381%2F1), [EP/W037211/1](https://gtr.ukri.org/projects?ref=EP%2FW037211%2F1), [EP/X03870X/1](https://gtr.ukri.org/projects?ref=EP%2FX03870X%2F1)). - The UKRI Strategic Priorities Fund - AI for Science, Engineering, Health and Government programme ([EP/T001569/1](https://gow.epsrc.ukri.org/NGBOViewGrant.aspx?GrantRef=EP/T001569/1)), particularly the "Tools, Practices and Systems" theme within that grant. - Microsoft's generous [donation of Azure credits](https://www.microsoft.com/en-us/research/blog/microsoft-accelerates-data-science-at-the-alan-turing-institute-with-5m-in-cloud-computing-credits/) to the Alan Turing Institute. From 037a4a1e6bac938e1563f92efd7fff9084d1e0e1 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 10:26:24 +0000 Subject: [PATCH 049/289] Update docs/roles/system_manager/manage_users.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 423fe1dbe2..22f3862350 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -84,7 +84,7 @@ Users that didn't have a `GroupName` specified in the `user_details_template.csv ### {{iphone}} Changing a users phone number -Sometimes if a user has provided an incorrect phone number, or has a new phone number that needs to be added, the phone number associated with their account will need to be updated. +If a user has provided an incorrect phone number, or has a new phone number, the phone number associated with their account will need to be updated. - Login into the Azure Portal and connect to the correct AAD - Open `Azure Active Directory` From 0ea6bdd074b90d65df1e1e056b992c15a6ef1f5d Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 10:26:36 +0000 Subject: [PATCH 050/289] Update docs/roles/system_manager/manage_users.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 22f3862350..7b3c59bd0a 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -86,7 +86,7 @@ Users that didn't have a `GroupName` specified in the `user_details_template.csv If a user has provided an incorrect phone number, or has a new phone number, the phone number associated with their account will need to be updated. -- Login into the Azure Portal and connect to the correct AAD +- Login into the Azure Portal and navigate to the correct AAD - Open `Azure Active Directory` - Click `Users` under `Manage` - Search for the user and check the box next to their name, then click `Delete` (this could take a few minutes) From 0a1fa57b1cc76b5d7588e0ae50d00e06d377dd86 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 15:37:32 +0000 Subject: [PATCH 051/289] add link to section --- docs/deployment/snippets/user_csv_format.partial.md | 2 +- docs/roles/system_manager/manage_users.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/deployment/snippets/user_csv_format.partial.md b/docs/deployment/snippets/user_csv_format.partial.md index 93a4e563f9..5df3c9be06 100644 --- a/docs/deployment/snippets/user_csv_format.partial.md +++ b/docs/deployment/snippets/user_csv_format.partial.md @@ -44,7 +44,7 @@ This is **not** uploaded to their Data Safe Haven user account but is needed when sending account activation messages. ``` - - `GroupName`: [Optional] The name of the Active Directory security group(s) that the users should be added to (eg. `SG SANDBOX Research Users` ). + - `GroupName`: [Optional] The name of the Active Directory security group(s) that the users should be added to (eg. `SG SANDBOX Research Users` ). You can also set this manually later on (see {ref}`adding_users_manually`). ```{tip} If the user needs to be added to multiple groups, separate them with a pipe-character ( `|` ). diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 7b3c59bd0a..8594505191 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -64,6 +64,8 @@ Once you're certain that you're adding a new user, make sure that the following - Be particularly careful never to use them to log in to any user-accessible VMs (such as the SRDs) ``` +(adding_users_manually)= + ### {{woman}} {{man}} Adding users to security group(s) Users that didn't have a `GroupName` specified in the `user_details_template.csv`, will need to be added manually, before they can access an SRE. From c8bb54a453882fce36e2f8f6ede6b641bc75e552 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 15:39:04 +0000 Subject: [PATCH 052/289] simplify --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 8594505191..195629d6f9 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -68,7 +68,7 @@ Once you're certain that you're adding a new user, make sure that the following ### {{woman}} {{man}} Adding users to security group(s) -Users that didn't have a `GroupName` specified in the `user_details_template.csv`, will need to be added manually, before they can access an SRE. +Users will need to be added to the relevant security group before they can access an SRE. - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` From 824d545367e1a3b7fd34fb70412855c930f77a3b Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 15:44:43 +0000 Subject: [PATCH 053/289] clarify --- docs/roles/system_manager/manage_users.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 195629d6f9..03d7d6dc9f 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -11,6 +11,8 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem Users should be created on the main domain controller (DC1) in the SHM and synchronised to Azure Active Directory. A helper script for doing this is already uploaded to the domain controller - you will need to prepare a `CSV` file in the appropriate format for it. +(generate_user_csv)= + ## {{scroll}} Generate user details CSV file ### {{car}} Using data classification app @@ -66,9 +68,9 @@ Once you're certain that you're adding a new user, make sure that the following (adding_users_manually)= -### {{woman}} {{man}} Adding users to security group(s) +### {{woman}} {{man}} Managing user access to SREs with security groups -Users will need to be added to the relevant security group before they can access an SRE. +Users will need to be added to the relevant security group before they can access an SRE. This may have already been done if the `GroupName` was specified in the `user_details_template.csv` (see {ref}`generate_user_csv`), but otherwise can be achieved by the following: - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` From fb711b45dc0fa86c2812a590f774d1f53190bae8 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 15:52:58 +0000 Subject: [PATCH 054/289] add user deletion section --- docs/roles/system_manager/manage_users.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 03d7d6dc9f..884231d17b 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -68,7 +68,7 @@ Once you're certain that you're adding a new user, make sure that the following (adding_users_manually)= -### {{woman}} {{man}} Managing user access to SREs with security groups +### {{woman}} {{man}} Adding users to security group(s) Users will need to be added to the relevant security group before they can access an SRE. This may have already been done if the `GroupName` was specified in the `user_details_template.csv` (see {ref}`generate_user_csv`), but otherwise can be achieved by the following: @@ -86,6 +86,17 @@ Users will need to be added to the relevant security group before they can acces - Open a `Powershell` command window with elevated privileges - Run `C:\Installation\Run_ADSync.ps1` +### {{x}} Deleting users + +- Login into the Azure Portal and navigate to the correct AAD +- Open `Azure Active Directory` +- Click `Users` under `Manage` +- Search for the user and check the box next to their name, then click `Delete` (this could take a few minutes) +- Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` +- In Server Manager click `Tools > Active Directory Users and Computers` +- Click on `Safe Haven Research Users` +- Find the person, right click on them and click `Delete` + ### {{iphone}} Changing a users phone number If a user has provided an incorrect phone number, or has a new phone number, the phone number associated with their account will need to be updated. From de37131ab672998299644fe73a9c0527c1122454 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 16:02:06 +0000 Subject: [PATCH 055/289] separate into add, edit and delete --- docs/roles/system_manager/manage_users.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 884231d17b..a686388f1c 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -86,7 +86,9 @@ Users will need to be added to the relevant security group before they can acces - Open a `Powershell` command window with elevated privileges - Run `C:\Installation\Run_ADSync.ps1` -### {{x}} Deleting users +### {{iphone}} Edit user details + +The `DC1` is the source of truth for user details. If these details need to be changed, the user should be deleted in the Azure Portal and re-created from the `DC1`. - Login into the Azure Portal and navigate to the correct AAD - Open `Azure Active Directory` @@ -95,11 +97,14 @@ Users will need to be added to the relevant security group before they can acces - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Research Users` -- Find the person, right click on them and click `Delete` - -### {{iphone}} Changing a users phone number +- Find the person, right click on them and select `Properties` +- From here, you can edit the person's name, email etc + - To edit a phone number, select the `Telephones` tab and edit the `Mobile` number +- Click `OK` after any changes are made +- Open a `Powershell` command window with elevated privileges +- Run `C:\Installation\Run_ADSync.ps1` -If a user has provided an incorrect phone number, or has a new phone number, the phone number associated with their account will need to be updated. +### {{x}} Deleting users - Login into the Azure Portal and navigate to the correct AAD - Open `Azure Active Directory` @@ -108,8 +113,7 @@ If a user has provided an incorrect phone number, or has a new phone number, the - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Research Users` -- Find the person, right click on them and select `Properties` -- Select the `Telephones` tab and edit the `Mobile` number, then click `OK` +- Find the person, right click on them and click `Delete` - Open a `Powershell` command window with elevated privileges - Run `C:\Installation\Run_ADSync.ps1` From 146aa54678c71c00f5116fb7610fdb1bfa46e1ac Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 16:19:26 +0000 Subject: [PATCH 056/289] remove portal step for editing user --- docs/roles/system_manager/manage_users.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index a686388f1c..2e7bfd6482 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -90,10 +90,6 @@ Users will need to be added to the relevant security group before they can acces The `DC1` is the source of truth for user details. If these details need to be changed, the user should be deleted in the Azure Portal and re-created from the `DC1`. -- Login into the Azure Portal and navigate to the correct AAD -- Open `Azure Active Directory` -- Click `Users` under `Manage` -- Search for the user and check the box next to their name, then click `Delete` (this could take a few minutes) - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Research Users` From f3c7956cf695f18693abc7ce4dbd82c7f206458b Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Fri, 17 Feb 2023 16:24:40 +0000 Subject: [PATCH 057/289] email warning --- docs/roles/system_manager/manage_users.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 2e7bfd6482..ac894cae29 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -6,6 +6,8 @@ This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it. ``` +(create_new_users)= + ## {{beginner}} Create new users Users should be created on the main domain controller (DC1) in the SHM and synchronised to Azure Active Directory. @@ -94,12 +96,15 @@ The `DC1` is the source of truth for user details. If these details need to be c - In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Research Users` - Find the person, right click on them and select `Properties` -- From here, you can edit the person's name, email etc +- From here, you can edit the person's name, phone etc - To edit a phone number, select the `Telephones` tab and edit the `Mobile` number + - Note: To change a user's email, you'll need to delete the user entirely and recreate them, meaning they'll have to set up their accounts (including MFA) again. See {ref}`deleting_users` and then {ref}`create_new_users`. - Click `OK` after any changes are made - Open a `Powershell` command window with elevated privileges - Run `C:\Installation\Run_ADSync.ps1` +(deleting_users)= + ### {{x}} Deleting users - Login into the Azure Portal and navigate to the correct AAD From 5cceb29996350e5fdb097f3859e25f4ddccec87b Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 10:08:17 +0000 Subject: [PATCH 058/289] make GroupName not optional --- docs/deployment/snippets/user_csv_format.partial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deployment/snippets/user_csv_format.partial.md b/docs/deployment/snippets/user_csv_format.partial.md index 5df3c9be06..8725b5aeec 100644 --- a/docs/deployment/snippets/user_csv_format.partial.md +++ b/docs/deployment/snippets/user_csv_format.partial.md @@ -44,7 +44,7 @@ This is **not** uploaded to their Data Safe Haven user account but is needed when sending account activation messages. ``` - - `GroupName`: [Optional] The name of the Active Directory security group(s) that the users should be added to (eg. `SG SANDBOX Research Users` ). You can also set this manually later on (see {ref}`adding_users_manually`). + - `GroupName`: The name of the Active Directory security group(s) that the users should be added to (eg. `SG SANDBOX Research Users` ). You can also change this manually later on (see {ref}`adding_users_manually`). ```{tip} If the user needs to be added to multiple groups, separate them with a pipe-character ( `|` ). From 96adc3cdcbce40653c9b6aa90828ac09fbbb1baf Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 10:14:05 +0000 Subject: [PATCH 059/289] change section to be adding and removing users from SRE --- docs/roles/system_manager/manage_users.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index ac894cae29..b876769cbf 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -70,9 +70,9 @@ Once you're certain that you're adding a new user, make sure that the following (adding_users_manually)= -### {{woman}} {{man}} Adding users to security group(s) +### {{woman}} {{man}} Modifying user SRE access -Users will need to be added to the relevant security group before they can access an SRE. This may have already been done if the `GroupName` was specified in the `user_details_template.csv` (see {ref}`generate_user_csv`), but otherwise can be achieved by the following: +Users will need to be added to the relevant security group before they can access an SRE. This will have been done by setting the `GroupName` in the `user_details_template.csv` (see {ref}`generate_user_csv`), but can me modified later by the following: - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` @@ -82,9 +82,12 @@ Users will need to be added to the relevant security group before they can acces - `SG Research Users` - `SG System Administrators` - Right click on the group and click `Properties` -- Click the `Members` tab and click `Add...` -- Enter a part of the user's name and click `Check Names` -- Select the correct user and click `OK`, then click `OK` again until the window closes +- Click the `Members` tab +- To add a user click `Add...` + - Enter a part of the user's name and click `Check Names` + - Select the correct user and click `OK`, then click `OK` again until the window closes +- To remove a user click on the username of the person and then `Remove` + - Click `Yes` if you're sure this user should no longer have access to this SRE, then click `OK` again until the window closes - Open a `Powershell` command window with elevated privileges - Run `C:\Installation\Run_ADSync.ps1` From 5c7998749a165d566f56f67eaa7cb96fd4349700 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 10:31:26 +0000 Subject: [PATCH 060/289] remove portal step --- docs/roles/system_manager/manage_users.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index b876769cbf..d18eb23a50 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -93,7 +93,7 @@ Users will need to be added to the relevant security group before they can acces ### {{iphone}} Edit user details -The `DC1` is the source of truth for user details. If these details need to be changed, the user should be deleted in the Azure Portal and re-created from the `DC1`. +The `DC1` is the source of truth for user details. If these details need to be changed, they should be changed in the `DC1` and then synchronised to Azure. - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` @@ -105,6 +105,10 @@ The `DC1` is the source of truth for user details. If these details need to be c - Click `OK` after any changes are made - Open a `Powershell` command window with elevated privileges - Run `C:\Installation\Run_ADSync.ps1` +- You can check the changes you made were successful by logging into the Azure Portal as the AAD admin + - Open `Azure Active Directory` + - Click on `Users` under `Manage` and search for the user + - Click on the user and then `Edit properties` and confirm your changes propagated to Azure (deleting_users)= From 3dea4d1303f93cc05d8fd71187a1d80a371180dc Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 10:33:08 +0000 Subject: [PATCH 061/289] remove portal step from user deletion --- docs/roles/system_manager/manage_users.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index d18eb23a50..de64feaa80 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -114,16 +114,16 @@ The `DC1` is the source of truth for user details. If these details need to be c ### {{x}} Deleting users -- Login into the Azure Portal and navigate to the correct AAD -- Open `Azure Active Directory` -- Click `Users` under `Manage` -- Search for the user and check the box next to their name, then click `Delete` (this could take a few minutes) - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Research Users` - Find the person, right click on them and click `Delete` - Open a `Powershell` command window with elevated privileges - Run `C:\Installation\Run_ADSync.ps1` +- You can check the user is deleted by logging into the Azure Portal as the AAD admin + - Open `Azure Active Directory` + - Click on `Users` under `Manage` and search for the user + - Confirm the user is no longer present ## {{calling}} Assign MFA licences From 8688f966cdc8806c0253f8cf0f9b2f5920f247cd Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 11:04:39 +0000 Subject: [PATCH 062/289] separate email and username changes from phone number changes --- docs/roles/system_manager/manage_users.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index de64feaa80..a3cdfb835d 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -99,12 +99,18 @@ The `DC1` is the source of truth for user details. If these details need to be c - In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Research Users` - Find the person, right click on them and select `Properties` -- From here, you can edit the person's name, phone etc - - To edit a phone number, select the `Telephones` tab and edit the `Mobile` number - - Note: To change a user's email, you'll need to delete the user entirely and recreate them, meaning they'll have to set up their accounts (including MFA) again. See {ref}`deleting_users` and then {ref}`create_new_users`. -- Click `OK` after any changes are made -- Open a `Powershell` command window with elevated privileges -- Run `C:\Installation\Run_ADSync.ps1` +- To edit a **phone number**, select the `Telephones` tab and edit the `Mobile` number + - Click `OK` to save the new number + - Open a `Powershell` command window with elevated privileges + - Run `C:\Installation\Run_ADSync.ps1` +- To edit a user's **email** or their **username** (or first name or last name) you'll need to delete the user entirely and recreate them, meaning they'll have to set up their accounts (including MFA) again + - Find the person, right click on them and click `Delete` + - Click `OK` + - Open a `Powershell` command window with elevated privileges + - Run `C:\Installation\Run_ADSync.ps1` + - Create a new csv (or edit an existing) one with the correct user details (see {ref}`create_new_users`) + - Run `C:\Installation\CreateUsers.ps1 ` + - Run `C:\Installation\Run_ADSync.ps1` - You can check the changes you made were successful by logging into the Azure Portal as the AAD admin - Open `Azure Active Directory` - Click on `Users` under `Manage` and search for the user From c4795996e8c79e4ab2a645b78f5a66504366d453 Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Tue, 21 Feb 2023 12:45:31 +0000 Subject: [PATCH 063/289] Add arrow package to tier 3 allowlist --- .../package_lists/allowlist-extra-r-cran-tier3.list | 1 + .../package_lists/allowlist-full-r-cran-tier3.list | 1 + 2 files changed, 2 insertions(+) diff --git a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list index e69de29bb2..330f94ea72 100644 --- a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list @@ -0,0 +1 @@ +arrow \ No newline at end of file diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list index c5286b35f4..83fb35c6e9 100644 --- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list @@ -3,6 +3,7 @@ acepack actuar anytime argon2 +arrow askpass assertive assertive.base From aff6f367fa4301d91ff387d264cca122cfec61ea Mon Sep 17 00:00:00 2001 From: Matt Craddock Date: Tue, 21 Feb 2023 12:53:27 +0000 Subject: [PATCH 064/289] Add newline to extra list --- .../package_lists/allowlist-extra-r-cran-tier3.list | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list index 330f94ea72..e2dc7471c2 100644 --- a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list @@ -1 +1 @@ -arrow \ No newline at end of file +arrow From fd49a25f2f67207af4bd2ce4e14c948b2f1d8802 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 14:03:09 +0000 Subject: [PATCH 065/289] Update docs/deployment/snippets/user_csv_format.partial.md Co-authored-by: Jim Madge --- docs/deployment/snippets/user_csv_format.partial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deployment/snippets/user_csv_format.partial.md b/docs/deployment/snippets/user_csv_format.partial.md index 8725b5aeec..23677ae9e7 100644 --- a/docs/deployment/snippets/user_csv_format.partial.md +++ b/docs/deployment/snippets/user_csv_format.partial.md @@ -44,7 +44,7 @@ This is **not** uploaded to their Data Safe Haven user account but is needed when sending account activation messages. ``` - - `GroupName`: The name of the Active Directory security group(s) that the users should be added to (eg. `SG SANDBOX Research Users` ). You can also change this manually later on (see {ref}`adding_users_manually`). + - `GroupName`: The name of the Active Directory security group(s) that the users should be added to (eg. `SG SANDBOX Research Users` ). Users will need to be added to the relevant security group before they can access an SRE. You can also change this manually later on (see {ref}`adding_users_manually`). ```{tip} If the user needs to be added to multiple groups, separate them with a pipe-character ( `|` ). From daa1361243d0f96d83f9b5f4e1e7fff59f2aa1af Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 14:03:38 +0000 Subject: [PATCH 066/289] Update docs/roles/system_manager/manage_users.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index a3cdfb835d..0b81b4abbb 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -72,7 +72,7 @@ Once you're certain that you're adding a new user, make sure that the following ### {{woman}} {{man}} Modifying user SRE access -Users will need to be added to the relevant security group before they can access an SRE. This will have been done by setting the `GroupName` in the `user_details_template.csv` (see {ref}`generate_user_csv`), but can me modified later by the following: +Users may have been added to one or more security groups through setting the `GroupName` field in the `user_details_template.csv` (see {ref}`generate_user_csv`). Security Group assignments can also be manually modified``` - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` From ba47dba92392317d8b924150ceebb51289c5eb48 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 14:13:30 +0000 Subject: [PATCH 067/289] Update docs/roles/system_manager/manage_users.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 0b81b4abbb..056a216c91 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -93,7 +93,7 @@ Users may have been added to one or more security groups through setting the `Gr ### {{iphone}} Edit user details -The `DC1` is the source of truth for user details. If these details need to be changed, they should be changed in the `DC1` and then synchronised to Azure. +The `DC1` is the source of truth for user details. If these details need to be changed, they should be changed in the `DC1` and then synchronised to Azure AD. - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` From 82d4633575c710d1954ea2a32ea99a9d9c2deeb3 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 14:13:42 +0000 Subject: [PATCH 068/289] Update docs/roles/system_manager/manage_users.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 056a216c91..7c7a8050ec 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -114,7 +114,7 @@ The `DC1` is the source of truth for user details. If these details need to be c - You can check the changes you made were successful by logging into the Azure Portal as the AAD admin - Open `Azure Active Directory` - Click on `Users` under `Manage` and search for the user - - Click on the user and then `Edit properties` and confirm your changes propagated to Azure + - Click on the user and then `Edit properties` and confirm your changes propagated to Azure AD (deleting_users)= From 43bf46c50525d58d18e45ad0eb7ae0006d65f4e0 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 14:20:03 +0000 Subject: [PATCH 069/289] remove backticks --- docs/roles/system_manager/manage_users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 7c7a8050ec..11a5094b8c 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -72,7 +72,7 @@ Once you're certain that you're adding a new user, make sure that the following ### {{woman}} {{man}} Modifying user SRE access -Users may have been added to one or more security groups through setting the `GroupName` field in the `user_details_template.csv` (see {ref}`generate_user_csv`). Security Group assignments can also be manually modified``` +Users may have been added to one or more security groups through setting the `GroupName` field in the `user_details_template.csv` (see {ref}`generate_user_csv`). Security Group assignments can also be manually modified - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` From 47aa9d324901dad116a67c87bf98d89b65116d97 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 16:21:29 +0000 Subject: [PATCH 070/289] add security groups info --- docs/roles/system_manager/manage_users.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 11a5094b8c..0830688f66 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -13,6 +13,14 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem Users should be created on the main domain controller (DC1) in the SHM and synchronised to Azure Active Directory. A helper script for doing this is already uploaded to the domain controller - you will need to prepare a `CSV` file in the appropriate format for it. +### {{lock}} SRE Security Groups + +Each user should be assigned to one or more "security groups", which give them access to a given SRE with appropriate privileges. The security groups are named like so: + +- `SG Research Users`: Default for most researchers. No special permissions. +- `SG Data Administrators`: Researchers who can create/modify/delete database tables schemas. Given to a smaller number of researchers. Restricting this access to most users prevents them creating/deleting arbitrary schemas, which is important because some SREs have their input data in database form. +- `SG System Administrators` - Researchers with elevated privileges through sudo. Rarely used but could be useful in `Tier 0/1` SREs to let groups manage their own packages. + (generate_user_csv)= ## {{scroll}} Generate user details CSV file From fd61326781fbf5e8231e1596f832c20bff184734 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Feb 2023 16:26:10 +0000 Subject: [PATCH 071/289] add links to security groups info --- docs/deployment/snippets/user_csv_format.partial.md | 2 +- docs/roles/system_manager/manage_users.md | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/deployment/snippets/user_csv_format.partial.md b/docs/deployment/snippets/user_csv_format.partial.md index 23677ae9e7..42940bf20d 100644 --- a/docs/deployment/snippets/user_csv_format.partial.md +++ b/docs/deployment/snippets/user_csv_format.partial.md @@ -44,7 +44,7 @@ This is **not** uploaded to their Data Safe Haven user account but is needed when sending account activation messages. ``` - - `GroupName`: The name of the Active Directory security group(s) that the users should be added to (eg. `SG SANDBOX Research Users` ). Users will need to be added to the relevant security group before they can access an SRE. You can also change this manually later on (see {ref}`adding_users_manually`). + - `GroupName`: The name of the {ref}`security_groups` that the users should be added to. Users will need to be added to the relevant security group before they can access an SRE. You can also change this manually later on (see {ref}`adding_users_manually`). ```{tip} If the user needs to be added to multiple groups, separate them with a pipe-character ( `|` ). diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 0830688f66..075c3fc32c 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -13,9 +13,11 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem Users should be created on the main domain controller (DC1) in the SHM and synchronised to Azure Active Directory. A helper script for doing this is already uploaded to the domain controller - you will need to prepare a `CSV` file in the appropriate format for it. +(security_groups)= + ### {{lock}} SRE Security Groups -Each user should be assigned to one or more "security groups", which give them access to a given SRE with appropriate privileges. The security groups are named like so: +Each user should be assigned to one or more Active Directory "security groups", which give them access to a given SRE with appropriate privileges. The security groups are named like so: - `SG Research Users`: Default for most researchers. No special permissions. - `SG Data Administrators`: Researchers who can create/modify/delete database tables schemas. Given to a smaller number of researchers. Restricting this access to most users prevents them creating/deleting arbitrary schemas, which is important because some SREs have their input data in database form. @@ -80,15 +82,12 @@ Once you're certain that you're adding a new user, make sure that the following ### {{woman}} {{man}} Modifying user SRE access -Users may have been added to one or more security groups through setting the `GroupName` field in the `user_details_template.csv` (see {ref}`generate_user_csv`). Security Group assignments can also be manually modified +Users may have been added to one or more {ref}`security_groups` through setting the `GroupName` field in the `user_details_template.csv` (see {ref}`generate_user_csv`). Security Group assignments can also be manually modified via the following: - Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` - In Server Manager click `Tools > Active Directory Users and Computers` - Click on `Safe Haven Security Groups` -- Find the group that the user needs to be added to. For each SRE there are the following groups: - - `SG Data Administrators` (enables database privileges, not write access to `/data`) - - `SG Research Users` - - `SG System Administrators` +- Find the group that the user needs to be added to (see {ref}`security_groups`) - Right click on the group and click `Properties` - Click the `Members` tab - To add a user click `Add...` From 5bd10887eaf1eee905c0c843ee549d32cccdc09a Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 22 Feb 2023 11:23:44 +0000 Subject: [PATCH 072/289] :arrow_up: Update caching in allowlists workflow --- .github/workflows/build_allow_lists.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_allow_lists.yaml b/.github/workflows/build_allow_lists.yaml index c7124bcf77..2c343dcf6b 100644 --- a/.github/workflows/build_allow_lists.yaml +++ b/.github/workflows/build_allow_lists.yaml @@ -22,10 +22,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache dependencies - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: environment_configs/package_lists/dependency-cache.json key: dependencies-${{ github.sha }} # request a cache that does not yet exist From 0736b1b1d5e5345f111e5fbc3aa10f75efb89bc6 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Feb 2023 15:06:25 +0000 Subject: [PATCH 073/289] hide script instructions by default --- docs/roles/system_manager/manage_deployments.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 4d18a1de2a..c7893e0bbf 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -16,6 +16,11 @@ Sometimes during a project that uses a deployed SRE, researchers may find the av - The **simplest way to resize this VM** is by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal - Alternatively, you can resize this VM by using the instructions below to run the `./Add_Single_SRD.ps1` script. Make a note of the last octet of the IP address, which can be seen in the Azure Portal. +
+ +Resize VM with Add_Single_SRD.ps1 script + + ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` ```powershell @@ -29,6 +34,8 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is required to ensure the old VM is replaced - where `` ensures that `` works even when the VM is built with the same image +
+ ## {{heavy_plus_sign}} Add a new SRD The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. From 545943e8ebce85a1b0f1e4b63b6cb6c41c9bfe0e Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Feb 2023 15:15:54 +0000 Subject: [PATCH 074/289] add GPU note --- docs/roles/system_manager/manage_deployments.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index c7893e0bbf..dee321a457 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -36,6 +36,14 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet +```{note} +If you provide the is for a GPU enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +- Navigate to the Azure Portal and on the subscription page, click "Usage + quotas" under "Settings" +- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE +- Click the pen icon and set the "New Limit" to at least the number of vCPUs required by the VM that you want, the click submit +- After the request is accepted, resize the VM as above +``` + ## {{heavy_plus_sign}} Add a new SRD The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. From a386ced1dc8114250f59ca5b120f9df77532c4a0 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Feb 2023 15:17:25 +0000 Subject: [PATCH 075/289] fix text --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index dee321a457..4373691474 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -37,7 +37,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ```{note} -If you provide the is for a GPU enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +If the new VM size is a GPU enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: - Navigate to the Azure Portal and on the subscription page, click "Usage + quotas" under "Settings" - Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE - Click the pen icon and set the "New Limit" to at least the number of vCPUs required by the VM that you want, the click submit From 1cca26f2ad7811f9c05f9a190895502c4351ee97 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Feb 2023 15:19:58 +0000 Subject: [PATCH 076/289] tidy note --- docs/roles/system_manager/manage_deployments.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 4373691474..31f62ac0b2 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -37,10 +37,10 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ```{note} -If the new VM size is a GPU enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: -- Navigate to the Azure Portal and on the subscription page, click "Usage + quotas" under "Settings" +If the new `VM size` is a **GPU** enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` - Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE -- Click the pen icon and set the "New Limit" to at least the number of vCPUs required by the VM that you want, the click submit +- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit - After the request is accepted, resize the VM as above ``` From 56f4ef2a3cc8279d8034817ceedf9dc9c9931d55 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Feb 2023 15:25:31 +0000 Subject: [PATCH 077/289] separate portal and script instructions --- .../system_manager/manage_deployments.md | 33 +++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 31f62ac0b2..adf5b574c6 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -10,16 +10,25 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem ## {{arrow_upper_right}} Resize the Virtual Machine (VM) of a Secure Research Desktop (SRD) -Sometimes during a project that uses a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. +Sometimes during a project that uses a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. The **simplest way to resize a VM** is via the Azure Portal, but it can also be done via script. + +### Resize via the Azure Portal - Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` -- The **simplest way to resize this VM** is by [following these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal -- Alternatively, you can resize this VM by using the instructions below to run the `./Add_Single_SRD.ps1` script. Make a note of the last octet of the IP address, which can be seen in the Azure Portal. +- [Follow these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal + +```{note} +If the new `VM size` is a **GPU** enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` +- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE +- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit +- After the request is accepted, resize the VM as above +``` + +### Resize via script -
- -Resize VM with Add_Single_SRD.ps1 script - +- Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` +- Make a note of the last octet of the IP address ![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` @@ -34,16 +43,6 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is required to ensure the old VM is replaced - where `` ensures that `` works even when the VM is built with the same image -
- -```{note} -If the new `VM size` is a **GPU** enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: -- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` -- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE -- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit -- After the request is accepted, resize the VM as above -``` - ## {{heavy_plus_sign}} Add a new SRD The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. From b3030f09a289330e01c4acdc80a02477de7558a7 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Feb 2023 15:27:58 +0000 Subject: [PATCH 078/289] hide script version again --- .../system_manager/manage_deployments.md | 27 +++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index adf5b574c6..ce0c5afe52 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -10,22 +10,17 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem ## {{arrow_upper_right}} Resize the Virtual Machine (VM) of a Secure Research Desktop (SRD) -Sometimes during a project that uses a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. The **simplest way to resize a VM** is via the Azure Portal, but it can also be done via script. +Sometimes during a project that uses a deployed SRE, researchers may find the available compute inadequate for their purposes and wish to increase the size of the SRD's VM. The **simplest way to resize a VM is via the Azure Portal**, but it can also be done via script. -### Resize via the Azure Portal +To resize via the Azure Portal: - Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` - [Follow these instructions](https://learn.microsoft.com/en-us/azure/virtual-machines/resize-vm?tabs=portal) in the Azure portal -```{note} -If the new `VM size` is a **GPU** enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: -- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` -- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE -- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit -- After the request is accepted, resize the VM as above -``` - -### Resize via script +
+ +To resize via script: + - Log into the Azure portal and locate the VM inside the Resource Group called `RG_SHM__SRE__COMPUTE` - Make a note of the last octet of the IP address @@ -43,6 +38,16 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is required to ensure the old VM is replaced - where `` ensures that `` works even when the VM is built with the same image +
+ +```{note} +If the new `VM size` is a **GPU** enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` +- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE +- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit +- After the request is accepted, resize the VM as above +``` + ## {{heavy_plus_sign}} Add a new SRD The `-VmSizes` parameter provided when deploying the SRE (with the `Deploy_SRE.ps1` script) determines how many SRDs are created and how large each one will be. From bd5e9fee50377b36764de25fa665d3c7d63e4bd1 Mon Sep 17 00:00:00 2001 From: Martin O'Reilly Date: Thu, 23 Feb 2023 18:45:57 +0000 Subject: [PATCH 079/289] Update vulnerability disclosure guidance Move from email reporting to use of vulnerability reporting form. Add information on how we credit reporters in published security advisories. --- SECURITY.md | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 3536430875..b7066bc11e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -23,14 +23,17 @@ disclosures. ### Reporting -If you believe you have found a security vulnerability, please submit your report to us -using the following email: safehavendevs@turing.ac.uk +If you believe you have found a security vulnerability, please check the list of +published [security advisories](https://github.com/alan-turing-institute/data-safe-haven/security/advisories) +and, if the vulnerability you have identified is not covered by an existing advisory, +use the "Report a vulnerability" button to submit a vulnerability report. -In your report please include details of: +In your report please include the details requested in the report form, including: - The area / component of the Data Safe Haven where the vulnerability can be observed. - A brief description of the type of vulnerability, for example; “unexpected outbound data access” or "privilege escalation to admin user". - Steps to reproduce. These should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately. It also reduces the likelihood of duplicate reports, or malicious exploitation of some vulnerabilities. +- An indication of the severity of the issue. ### What to expect @@ -50,6 +53,20 @@ Once your vulnerability has been resolved, we welcome requests to disclose your report. We’d like to unify guidance to affected users, so please do continue to coordinate any public release with us. +We will generally look to publish a public security advisory on this repository's +[security advisories](https://github.com/alan-turing-institute/data-safe-haven/security/advisories) +page once a vulnerabilty has been resolved and we have given those organisations +we know of with active deployments reasonable time to patch or update their deployments. +We will credit you with reporting the vulnerability and with any other assistance +you have provided characterising and resolving it in the published security advisory. +If you would prefer not to be credited in the public security advisory, please let us know. + +In some instances we may already be aware of the reported vulnerability but not yet +have published a public security advisory. We still welcome additional reports in these +cases as they often provide additional useful information. Where multiple people have reported +the same vulnerability we will credit each of them in the public advisory when it is +published. + ### Guidance You must NOT: From 51d8cb99386c49ae2ab7a9445a6130c89f881214 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 09:41:28 +0000 Subject: [PATCH 080/289] add NVIDIA note --- docs/roles/system_manager/manage_deployments.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index ce0c5afe52..b3ae5e85ad 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -40,6 +40,12 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet +```{note} +If the new `VM size` is a **GPU** optimised VM, you'll need to ensure it's one that uses NVIDIA GPUs (as oppose to AMD). See the [Azure docs](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-gpu) for more information. This is to make sure that CUDA works as expected in the SRE. + +To test that a GPU enabled VM is working as expected, log into the SRE and type `nvidia-smi` into the terminal. +``` + ```{note} If the new `VM size` is a **GPU** enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: - Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` From f74f8d0114d87353a7d9ec3e48ed641d2161051e Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 09:49:49 +0000 Subject: [PATCH 081/289] add separate section for GPUs --- .../system_manager/manage_deployments.md | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index b3ae5e85ad..7fdc32bf82 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -40,19 +40,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet -```{note} -If the new `VM size` is a **GPU** optimised VM, you'll need to ensure it's one that uses NVIDIA GPUs (as oppose to AMD). See the [Azure docs](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-gpu) for more information. This is to make sure that CUDA works as expected in the SRE. - -To test that a GPU enabled VM is working as expected, log into the SRE and type `nvidia-smi` into the terminal. -``` - -```{note} -If the new `VM size` is a **GPU** enabled VM, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: -- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` -- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE -- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit -- After the request is accepted, resize the VM as above -``` +(add_new_srd)= ## {{heavy_plus_sign}} Add a new SRD @@ -70,6 +58,20 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the {ref}`secure research environment ID ` for this SRE - where `` is last octet of the IP address (this must be different to any other SRD VMs) +## {{minidisc}} GPU optimised SRDs + +When you {ref}`resize_vm` or {ref}`add_new_srd` and want a **GPU** optimised VM (N-series in Azure), you'll need to ensure it's one that uses NVIDIA GPUs (as oppose to AMD). See the [Azure docs](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-gpu) for more information. This is to make sure that CUDA works as expected in the SRE. + +To test that a GPU enabled VM is working as expected, log into the SRE and type `nvidia-smi` into the terminal. + +```{note} +If the new `VM size` you want isn't shown as available in the Azure Portal, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` +- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE +- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit +- After the request is accepted, resize the VM as above +``` + ## {{fire}} Remove a single SRE In order to tear down an SRE, use the following procedure: From 95fe6afaaa6956b1a01ecd645c10d78ef90f548e Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 09:50:38 +0000 Subject: [PATCH 082/289] move missing VM size note --- docs/roles/system_manager/manage_deployments.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 7fdc32bf82..b0b3334445 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -40,6 +40,14 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet +```{note} +If the new `VM size` you want isn't shown as available in the Azure Portal, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` +- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE +- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit +- After the request is accepted, resize the VM as above +``` + (add_new_srd)= ## {{heavy_plus_sign}} Add a new SRD @@ -64,14 +72,6 @@ When you {ref}`resize_vm` or {ref}`add_new_srd` and want a **GPU** optimised VM To test that a GPU enabled VM is working as expected, log into the SRE and type `nvidia-smi` into the terminal. -```{note} -If the new `VM size` you want isn't shown as available in the Azure Portal, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: -- Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` -- Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE -- Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit -- After the request is accepted, resize the VM as above -``` - ## {{fire}} Remove a single SRE In order to tear down an SRE, use the following procedure: From a7ddf5467a1baf20c2cf4838dba74369c25a8d58 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 10:46:30 +0000 Subject: [PATCH 083/289] lint markdown --- SECURITY.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b7066bc11e..e5eac6d896 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -25,8 +25,7 @@ disclosures. If you believe you have found a security vulnerability, please check the list of published [security advisories](https://github.com/alan-turing-institute/data-safe-haven/security/advisories) -and, if the vulnerability you have identified is not covered by an existing advisory, -use the "Report a vulnerability" button to submit a vulnerability report. +and, if the vulnerability you have identified is not covered by an existing advisory, use the "Report a vulnerability" button to submit a vulnerability report. In your report please include the details requested in the report form, including: @@ -64,8 +63,7 @@ If you would prefer not to be credited in the public security advisory, please l In some instances we may already be aware of the reported vulnerability but not yet have published a public security advisory. We still welcome additional reports in these cases as they often provide additional useful information. Where multiple people have reported -the same vulnerability we will credit each of them in the public advisory when it is -published. +the same vulnerability we will credit each of them in the public advisory when it is published. ### Guidance From 895f8c5184b2f7465216be462e5681a025c424db Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 10:56:28 +0000 Subject: [PATCH 084/289] make lint pass --- SECURITY.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b7066bc11e..e5eac6d896 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -25,8 +25,7 @@ disclosures. If you believe you have found a security vulnerability, please check the list of published [security advisories](https://github.com/alan-turing-institute/data-safe-haven/security/advisories) -and, if the vulnerability you have identified is not covered by an existing advisory, -use the "Report a vulnerability" button to submit a vulnerability report. +and, if the vulnerability you have identified is not covered by an existing advisory, use the "Report a vulnerability" button to submit a vulnerability report. In your report please include the details requested in the report form, including: @@ -64,8 +63,7 @@ If you would prefer not to be credited in the public security advisory, please l In some instances we may already be aware of the reported vulnerability but not yet have published a public security advisory. We still welcome additional reports in these cases as they often provide additional useful information. Where multiple people have reported -the same vulnerability we will credit each of them in the public advisory when it is -published. +the same vulnerability we will credit each of them in the public advisory when it is published. ### Guidance From 8efc0b697b38bb1573460bd87a0e2c7874a6fd0a Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 10:57:36 +0000 Subject: [PATCH 085/289] remove reference to unused security grouo --- docs/roles/system_manager/manage_users.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index 075c3fc32c..b5579ae0f7 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -21,7 +21,6 @@ Each user should be assigned to one or more Active Directory "security groups", - `SG Research Users`: Default for most researchers. No special permissions. - `SG Data Administrators`: Researchers who can create/modify/delete database tables schemas. Given to a smaller number of researchers. Restricting this access to most users prevents them creating/deleting arbitrary schemas, which is important because some SREs have their input data in database form. -- `SG System Administrators` - Researchers with elevated privileges through sudo. Rarely used but could be useful in `Tier 0/1` SREs to let groups manage their own packages. (generate_user_csv)= From 380d9fb76e36ea090a532fc49e8b361b4aeedc1b Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 11:02:47 +0000 Subject: [PATCH 086/289] Update docs/roles/system_manager/manage_deployments.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index b0b3334445..82e4afebef 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -66,7 +66,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the {ref}`secure research environment ID ` for this SRE - where `` is last octet of the IP address (this must be different to any other SRD VMs) -## {{minidisc}} GPU optimised SRDs +## {{minidisc}} Using GPUs in SRDs When you {ref}`resize_vm` or {ref}`add_new_srd` and want a **GPU** optimised VM (N-series in Azure), you'll need to ensure it's one that uses NVIDIA GPUs (as oppose to AMD). See the [Azure docs](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-gpu) for more information. This is to make sure that CUDA works as expected in the SRE. From b227320937dabb740ae23725cb3664a04c87a526 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 11:03:32 +0000 Subject: [PATCH 087/289] Update docs/roles/system_manager/manage_deployments.md LGTM Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_deployments.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 82e4afebef..1394710726 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -68,7 +68,9 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet Date: Mon, 27 Feb 2023 11:06:09 +0000 Subject: [PATCH 088/289] has --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 1394710726..2986287d1e 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -68,7 +68,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet Date: Mon, 27 Feb 2023 11:29:21 +0000 Subject: [PATCH 089/289] use snippet for accessing the VM console info --- docs/roles/system_manager/manage_webapps.md | 18 +++--------------- .../snippets/01_console.partial.md | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 15 deletions(-) create mode 100644 docs/roles/system_manager/snippets/01_console.partial.md diff --git a/docs/roles/system_manager/manage_webapps.md b/docs/roles/system_manager/manage_webapps.md index 35483066d9..1869a82c24 100644 --- a/docs/roles/system_manager/manage_webapps.md +++ b/docs/roles/system_manager/manage_webapps.md @@ -39,18 +39,6 @@ If the reason for failure is less clear, accessing the command line interface di ## Accessing the VM console -Console access to the web app VMs can be achieved through the `Azure` portal. All VMs share the same ``, but each has its own ``, which will need to be retrieved from the `SRE` key vault before accessing the console. - -- From the `Azure` portal, navigate to the Resource Group `RG_SHM__SRE__SECRETS` -- Click on the `SRE` keyvault `kv-_SRE_` -- From the menu on the left, select `Secrets` from the `Objects` section. -- All web app VMs share the same ``, found in the `sre--vm-admin-username` secret. -- Each web app has its own ``, found in the `sre--vm-admin-password-` secret. - -Once you have the `` and ``, you will be able to log in to the VM console as follows: - -- From the `Azure` portal, navigate to the web app resource group `RG_SHM__SRE__WEBAPPS`. -- Click on the relevant VM (e.g. `COCALC-SRE-`) -- From the menu on the left, scroll down to the `Help` section and select `Serial console` -- After a short time, you will be shown the console for the VM. You may need to press a key to be shown the login prompt. -- Log in with the details you retrieved earlier to be given root access to the VM. +```{include} snippets/01_console.partial.md +:relative-images: +``` diff --git a/docs/roles/system_manager/snippets/01_console.partial.md b/docs/roles/system_manager/snippets/01_console.partial.md new file mode 100644 index 0000000000..24afbb4bd2 --- /dev/null +++ b/docs/roles/system_manager/snippets/01_console.partial.md @@ -0,0 +1,17 @@ +Console access to the SRE VMs, including those for each web app and the `compute` VM, can be achieved through the `Azure` portal. All VMs share the same ``, but each has its own ``, which will need to be retrieved from the `SRE` key vault before accessing the console. + +- From the `Azure` portal, navigate to the Resource Group `RG_SHM__SRE__SECRETS` +- Click on the `SRE` keyvault `kv-_SRE_` +- From the menu on the left, select `Secrets` from the `Objects` section. +- All VMs share the same ``, found in the `sre--vm-admin-username` secret. +- Each VM has its own ``, found in the `sre--vm-admin-password-` secret. + +Once you have the `` and ``, you will be able to log in to the VM console as follows: + +- From the `Azure` portal, navigate to the correct resource group: + - `RG_SHM__SRE__WEBAPPS` for the web applications + - `RG_SHM__SRE__COMPUTE` for the compute VM +- Click on the relevant VM (e.g. `COCALC-SRE-`) +- From the menu on the left, scroll down to the `Help` section and select `Serial console` +- After a short time, you will be shown the console for the VM. You may need to press a key to be shown the login prompt. +- Log in with the details you retrieved earlier to be given root access to the VM. \ No newline at end of file From 1274a799bef9fe71ed8550fea070c62b82597358 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 11:30:28 +0000 Subject: [PATCH 090/289] remove example --- docs/roles/system_manager/manage_webapps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_webapps.md b/docs/roles/system_manager/manage_webapps.md index 1869a82c24..50f2d57ff4 100644 --- a/docs/roles/system_manager/manage_webapps.md +++ b/docs/roles/system_manager/manage_webapps.md @@ -19,7 +19,7 @@ In the rest of this document, `` is the {ref}`Secure Management Environm An initial step could be to check the build logs of the virtual machine to ascertain whether any clear errors occurred during the process (e.g. the installation of the server software may have failed). - From the `Azure` portal, navigate to the web app resource group `RG_SHM__SRE__WEBAPPS`. -- Click on the relevant VM (e.g. `COCALC-SRE-`) +- Click on the relevant VM - From the menu on the left, scroll down to the `Help` section and select `Boot diagnostics` - Click `Serial log` to access a full text log of the booting up of the VM. From 4f8353527882ac801e69616ce399bbe6f58d7834 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 11:45:28 +0000 Subject: [PATCH 091/289] add root section to manage deployments doc --- docs/roles/system_manager/manage_deployments.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 2986287d1e..cf2efcc35d 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -74,6 +74,18 @@ This is because only Nvidia GPUs support the drivers and CUDA libraries installe To test that a GPU enabled VM is working as expected, log into the SRE and type `nvidia-smi` into the terminal. +## {{crown}} Performing operations that require System Administrator privileges + +If you need to perform any operations in the SRE that require root access, you will need to log into the `compute` VM via the Serial Console in the Azure Portal. + +```{include} snippets/01_console.partial.md +:relative-images: +``` + +```{warning} +Tier 0 and 1 SREs have internet access and as such, installing anything as root that involves downloading from the internet could introduce malicious software being introduced to the SRE. +``` + ## {{fire}} Remove a single SRE In order to tear down an SRE, use the following procedure: From a079d68cae8a87d69477048d827daeefee72c65a Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 11:46:53 +0000 Subject: [PATCH 092/289] restore example for webapps --- docs/roles/system_manager/manage_webapps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_webapps.md b/docs/roles/system_manager/manage_webapps.md index 50f2d57ff4..1869a82c24 100644 --- a/docs/roles/system_manager/manage_webapps.md +++ b/docs/roles/system_manager/manage_webapps.md @@ -19,7 +19,7 @@ In the rest of this document, `` is the {ref}`Secure Management Environm An initial step could be to check the build logs of the virtual machine to ascertain whether any clear errors occurred during the process (e.g. the installation of the server software may have failed). - From the `Azure` portal, navigate to the web app resource group `RG_SHM__SRE__WEBAPPS`. -- Click on the relevant VM +- Click on the relevant VM (e.g. `COCALC-SRE-`) - From the menu on the left, scroll down to the `Help` section and select `Boot diagnostics` - Click `Serial log` to access a full text log of the booting up of the VM. From c69289d8e2899c4e66f402c50acc2f42c5ffafed Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 11:47:10 +0000 Subject: [PATCH 093/289] remove example from correct place --- docs/roles/system_manager/snippets/01_console.partial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/snippets/01_console.partial.md b/docs/roles/system_manager/snippets/01_console.partial.md index 24afbb4bd2..1e8faa92f8 100644 --- a/docs/roles/system_manager/snippets/01_console.partial.md +++ b/docs/roles/system_manager/snippets/01_console.partial.md @@ -11,7 +11,7 @@ Once you have the `` and ``, you will be able to - From the `Azure` portal, navigate to the correct resource group: - `RG_SHM__SRE__WEBAPPS` for the web applications - `RG_SHM__SRE__COMPUTE` for the compute VM -- Click on the relevant VM (e.g. `COCALC-SRE-`) +- Click on the relevant VM - From the menu on the left, scroll down to the `Help` section and select `Serial console` - After a short time, you will be shown the console for the VM. You may need to press a key to be shown the login prompt. - Log in with the details you retrieved earlier to be given root access to the VM. \ No newline at end of file From bf5a00bf7331d17a23da513b3ed85137108c2e44 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Mon, 27 Feb 2023 11:51:54 +0000 Subject: [PATCH 094/289] add newline --- docs/roles/system_manager/snippets/01_console.partial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/snippets/01_console.partial.md b/docs/roles/system_manager/snippets/01_console.partial.md index 1e8faa92f8..50e5a1ac0d 100644 --- a/docs/roles/system_manager/snippets/01_console.partial.md +++ b/docs/roles/system_manager/snippets/01_console.partial.md @@ -14,4 +14,4 @@ Once you have the `` and ``, you will be able to - Click on the relevant VM - From the menu on the left, scroll down to the `Help` section and select `Serial console` - After a short time, you will be shown the console for the VM. You may need to press a key to be shown the login prompt. -- Log in with the details you retrieved earlier to be given root access to the VM. \ No newline at end of file +- Log in with the details you retrieved earlier to be given root access to the VM. From 990f2cba4c6293e29e8d485dc315361aeec9e13f Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 28 Feb 2023 10:43:06 +0000 Subject: [PATCH 095/289] update VM size note --- docs/roles/system_manager/manage_deployments.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 2986287d1e..078d3b3ffb 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -41,11 +41,16 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ```{note} -If the new `VM size` you want isn't shown as available in the Azure Portal, it's possible that you'll need to request an increase in the vCPU quota for the VM family before resizing is allowed: +If the new `VM size` you want isn't shown as available in the Azure Portal, there are several steps that can be taken. + +Firstly, try stopping the VM and checking again whether the size you want is available, as this can reveal additional options that aren't shown whilst the VM is running. + +Next, you can try to request an increase in the vCPU quota for the VM family of the desired VM: - Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` - Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE - Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit - After the request is accepted, resize the VM as above +- In some cases, the quota increase may require a request to be submitted to Microsoft ``` (add_new_srd)= From ad51af81babf9aa65d69f4a2908330b4d48c1af0 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 28 Feb 2023 13:19:55 +0000 Subject: [PATCH 096/289] update note --- docs/roles/system_manager/manage_deployments.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 078d3b3ffb..b6b6233dc0 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -43,7 +43,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet ` is the {ref}`secure research environment ID ` for this SRE - where `` is last octet of the IP address (this must be different to any other SRD VMs) +(using_gpus)= + ## {{minidisc}} Using GPUs in SRDs When you {ref}`resize_vm` or {ref}`add_new_srd` size featuring a GPU (N-series in Azure), you'll need to ensure it has an Nvidia GPU (as opposed to AMD or other). From b8e18085f3b05574b5e26561752263f3b9b1a6d5 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 28 Feb 2023 13:22:50 +0000 Subject: [PATCH 097/289] changenote to tip and make bold --- docs/roles/system_manager/manage_deployments.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index b6b6233dc0..67f7eaa5f2 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -40,12 +40,12 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet -```{note} +```{tip} If the new `VM size` you want isn't shown as available in the Azure Portal, there are several steps that can be taken. -Firstly, try stopping the VM and checking again whether the size you want is available, as this can reveal additional options that aren't shown whilst the VM is running. For example, when resizing to an N-series VM in Azure, (see {ref}`using_gpus`) we've found that NVIDIA options such as the NVv3-series are not always shown as available. +Firstly, try **stopping the VM** and checking again whether the size you want is available, as this can reveal additional options that aren't shown whilst the VM is running. For example, when resizing to an N-series VM in Azure, (see {ref}`using_gpus`) we've found that NVIDIA options such as the NVv3-series are not always shown as available. -Next, you can try to request an increase in the vCPU quota for the VM family of the desired VM: +Next, you can try to **request an increase** in the vCPU quota for the VM family of the desired VM: - Navigate to the Azure Portal and on the subscription page, click `Usage + quotas` under `Settings` - Choose the family appropriate to the VM that you want to resize to, and select a region appropriate for the SRE - Click the pen icon and set the `New Limit` to at least the number of vCPUs required by the VM that you want, the click submit From 76723b6565e33d3b0fc2d8045e65c122bf6e552d Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 28 Feb 2023 13:23:49 +0000 Subject: [PATCH 098/289] remove word --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 67f7eaa5f2..a73e109975 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -75,7 +75,7 @@ PS> ./Add_Single_SRD.ps1 -shmId -sreId -ipLastOctet Date: Tue, 28 Feb 2023 14:03:31 +0000 Subject: [PATCH 099/289] remove superfluous warning --- docs/roles/system_manager/manage_deployments.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index cf2efcc35d..8047cfc922 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -82,10 +82,6 @@ If you need to perform any operations in the SRE that require root access, you w :relative-images: ``` -```{warning} -Tier 0 and 1 SREs have internet access and as such, installing anything as root that involves downloading from the internet could introduce malicious software being introduced to the SRE. -``` - ## {{fire}} Remove a single SRE In order to tear down an SRE, use the following procedure: From aeb2223e20248bbb07e61c1bbfcee43d0b1f47f9 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 1 Mar 2023 11:31:15 +0000 Subject: [PATCH 100/289] Update docs/roles/system_manager/manage_deployments.md Co-authored-by: Jim Madge --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 8047cfc922..925dead38c 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -74,7 +74,7 @@ This is because only Nvidia GPUs support the drivers and CUDA libraries installe To test that a GPU enabled VM is working as expected, log into the SRE and type `nvidia-smi` into the terminal. -## {{crown}} Performing operations that require System Administrator privileges +## {{crown}} Performing operations that require superuser privileges If you need to perform any operations in the SRE that require root access, you will need to log into the `compute` VM via the Serial Console in the Azure Portal. From 5f870bf939d8ac68b4b01ddde55ff0e11f496f38 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 13 Mar 2023 10:47:42 +0000 Subject: [PATCH 101/289] :arrow_up: Update supported Python versions --- .../secure_research_desktop/packages/packages-python.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/secure_research_desktop/packages/packages-python.yaml b/deployment/secure_research_desktop/packages/packages-python.yaml index 184a7f6fad..3b81d6e10c 100644 --- a/deployment/secure_research_desktop/packages/packages-python.yaml +++ b/deployment/secure_research_desktop/packages/packages-python.yaml @@ -6,9 +6,9 @@ # [Optional] arguments to each package # : versions: - - "3.8" - "3.9" - "3.10" + - "3.11" packages: arviz: beautifulsoup4: From 856043c445dccffef31efad8b32c21b75a5fc284 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 13 Mar 2023 15:52:58 +0000 Subject: [PATCH 102/289] :bug: Ensure that the apt installation environment is not broken or future apt-update runs will fail --- .../cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml index d746ce58b1..fed08e3158 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml @@ -381,6 +381,7 @@ runcmd: # Remove netcat (potential security issue) [Note this will remove the 'ubuntu-minimal' metapackage but does not remove any other real packages] # Remove xscreensaver (unnecessary) - apt-get remove -y netcat-openbsd xscreensaver + - apt --fix-broken install -y - apt-get clean # Remove temporary files - tmpreaper 10m /tmp/ /var/tmp/ # remove temporary files that have not been accessed in 10 minutes From b3298267572dcac4dbc0e208260898fab24062e2 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 13 Mar 2023 10:48:16 +0000 Subject: [PATCH 103/289] :arrow_up: Update Python package requirements --- .../packages/packages-python.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/deployment/secure_research_desktop/packages/packages-python.yaml b/deployment/secure_research_desktop/packages/packages-python.yaml index 3b81d6e10c..e17cefaa00 100644 --- a/deployment/secure_research_desktop/packages/packages-python.yaml +++ b/deployment/secure_research_desktop/packages/packages-python.yaml @@ -27,19 +27,20 @@ packages: keras: lightgbm: llvmlite: - "all": [">0.35.0"] # specify llvmlite to increase chance of getting a pre-compiled version + "all": [">0.35.0"] # recent versions are more likely to be pre-compiled lxml: matplotlib: nltk: numpy: - "all": [">1.0.0"] # allow flexibility in numpy version + "all": [">1.0.0"] # increase solver flexibility pandas: pandasql: pathos: pg8000: Pillow: plotly: - poetry: # also used by installation scripts + poetry: + "all": [">1.0.0"] # also used by installation scripts prophet: psycopg2: pydot: @@ -55,8 +56,8 @@ packages: regex: requests: safety: # also used by installation scripts - "all": ["<2.1.1"] # 2.1.1 requires a version of 'packaging' that is incompatible with poetry scikit-image: + "all": [">0.10.0"] # increase solver flexibility scikit-learn: scipy: seaborn: @@ -65,16 +66,14 @@ packages: Sphinx: SQLAlchemy: statsmodels: - "all": ["<0.13.2"] # 0.13.2 requires a version of 'packaging' that is incompatible with poetry + "all": [">0.10.0"] # increase solver flexibility sympy: tables: - tensorboard: tensorflow: thinc: torch: torchvision: tsfresh: - "3.10": ["uninstallable"] wordcloud: xgboost: xlrd: From 9dc763ce21df06de32c1bcaf03de580c4f5110ae Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 13 Mar 2023 16:03:04 +0000 Subject: [PATCH 104/289] :arrow_down: Mark packages that do not yet support 3.11 as uninstallable for that version --- .../packages/packages-python.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/deployment/secure_research_desktop/packages/packages-python.yaml b/deployment/secure_research_desktop/packages/packages-python.yaml index e17cefaa00..7b57788416 100644 --- a/deployment/secure_research_desktop/packages/packages-python.yaml +++ b/deployment/secure_research_desktop/packages/packages-python.yaml @@ -26,11 +26,11 @@ packages: ipykernel: keras: lightgbm: - llvmlite: - "all": [">0.35.0"] # recent versions are more likely to be pre-compiled lxml: matplotlib: nltk: + numba: + "3.11": ["uninstallable"] # does not yet support 3.11 numpy: "all": [">1.0.0"] # increase solver flexibility pandas: @@ -39,8 +39,8 @@ packages: pg8000: Pillow: plotly: - poetry: - "all": [">1.0.0"] # also used by installation scripts + poetry: # also used by installation scripts + "all": [">1.0.0"] # increase solver flexibility prophet: psycopg2: pydot: @@ -70,10 +70,14 @@ packages: sympy: tables: tensorflow: + "3.11": ["uninstallable"] # does not yet support 3.11 thinc: torch: torchvision: + "3.11": ["uninstallable"] # does not yet support 3.11 tsfresh: + "3.11": ["uninstallable"] # requires numba wordcloud: + "3.11": ["uninstallable"] # does not yet support 3.11 xgboost: xlrd: From 6efe77795020d5a34a433e68336ae8167d6a6d05 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 13 Mar 2023 19:02:12 +0000 Subject: [PATCH 105/289] :arrow_down: Remove tmap which is not compiling due to a known sf bug: https://github.com/r-spatial/sf/issues/2118. --- deployment/secure_research_desktop/packages/packages-r-cran.list | 1 - 1 file changed, 1 deletion(-) diff --git a/deployment/secure_research_desktop/packages/packages-r-cran.list b/deployment/secure_research_desktop/packages/packages-r-cran.list index 8a7b1337c1..0c716553bb 100644 --- a/deployment/secure_research_desktop/packages/packages-r-cran.list +++ b/deployment/secure_research_desktop/packages/packages-r-cran.list @@ -35,7 +35,6 @@ text2vec tidytext tidyverse tidyxl -tmap tsbox validate vroom From f253317e4de3a8daa755c9784612bb834f92e7a6 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 13 Mar 2023 19:08:44 +0000 Subject: [PATCH 106/289] :bug: Fix name of NSG rule when looking for existing admin IP addresses --- .../secure_research_desktop/setup/Provision_Compute_VM.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/secure_research_desktop/setup/Provision_Compute_VM.ps1 b/deployment/secure_research_desktop/setup/Provision_Compute_VM.ps1 index 61d4ee1db0..4f4315011a 100644 --- a/deployment/secure_research_desktop/setup/Provision_Compute_VM.ps1 +++ b/deployment/secure_research_desktop/setup/Provision_Compute_VM.ps1 @@ -81,7 +81,7 @@ $subnet = Deploy-Subnet -Name $config.srdImage.build.subnet.name -VirtualNetwork Add-LogMessage -Level Info "Ensure that build NSG '$($config.srdImage.build.nsg.name)' exists..." $buildNsg = Deploy-NetworkSecurityGroup -Name $config.srdImage.build.nsg.name -ResourceGroupName $config.srdImage.network.rg -Location $config.srdImage.location # Get list of IP addresses which are allowed to connect to the VM candidates -$existingRule = Get-AzNetworkSecurityRuleConfig -NetworkSecurityGroup $buildNsg | Where-Object { $_.Name -eq "AllowBuildAdminSshInbound" } +$existingRule = Get-AzNetworkSecurityRuleConfig -NetworkSecurityGroup $buildNsg | Where-Object { $_.Name -eq "AllowAdminApprovedSshInbound" } $allowedIpAddresses = @($config.srdImage.build.nsg.allowedIpAddresses) $allowedIpAddresses += $existingRule ? @($existingRule.SourceAddressPrefix) : @() $config["buildAdminIpAddresses"] = $allowedIpAddresses | Where-Object { $_ } | Sort-Object | Get-Unique From b80aaf670c378b3d7b2f9cb658cbae1e4172720b Mon Sep 17 00:00:00 2001 From: James Robinson Date: Mon, 13 Mar 2023 21:32:07 +0000 Subject: [PATCH 107/289] :alien: Updated analysis script for new SafetyCheck format --- .../cloud_init/resources/analyse_build.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/secure_research_desktop/cloud_init/resources/analyse_build.py b/deployment/secure_research_desktop/cloud_init/resources/analyse_build.py index 2b0b846c55..1bd867932a 100644 --- a/deployment/secure_research_desktop/cloud_init/resources/analyse_build.py +++ b/deployment/secure_research_desktop/cloud_init/resources/analyse_build.py @@ -146,12 +146,12 @@ def main(): with suppress(FileNotFoundError): for fname in glob.glob("/opt/monitoring/python-*-safety-check.json"): with open(fname, "r") as f_safety_check: - packages = json.load(f_safety_check) - if packages: + output = json.load(f_safety_check) + if output["affected_packages"]: python_version = fname.split("-")[1] log(timestamp, "WARNING", f"Safety check found problems with Python {python_version}") - for package in packages: - log(timestamp, "WARNING", f"... {package[0]} [{package[2]}] is affected by issue {package[4]} (for versions {package[1]})") + for package in output["vulnerabilities"]: + log(timestamp, "WARNING", f"... {package['package_name']} [{package['analyzed_version']}] is affected by issue {package['vulnerability_id']} (for versions {package['all_vulnerable_specs']})") if __name__ == "__main__": From a5b28a30e9491fcf6ec58d92c7e0548d19f0ec3f Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 10:03:54 +0000 Subject: [PATCH 108/289] :wrench: Update sample config files --- environment_configs/sre_bluet1guac_core_config.json | 2 +- environment_configs/sre_bluet2guac_core_config.json | 2 +- environment_configs/sre_bluet2msrds_core_config.json | 2 +- environment_configs/sre_bluet3guac_core_config.json | 2 +- environment_configs/sre_bluet3msrds_core_config.json | 2 +- environment_configs/sre_greent1guac_core_config.json | 2 +- environment_configs/sre_greent2guac_core_config.json | 2 +- environment_configs/sre_greent2msrds_core_config.json | 2 +- environment_configs/sre_greent3guac_core_config.json | 2 +- environment_configs/sre_greent3msrds_core_config.json | 2 +- tests/resources/sre_bluet1guac_full_config.json | 2 +- tests/resources/sre_bluet3msrds_full_config.json | 2 +- tests/resources/sre_greent2guac_full_config.json | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/environment_configs/sre_bluet1guac_core_config.json b/environment_configs/sre_bluet1guac_core_config.json index ca4440d3e3..fdc4ae9048 100644 --- a/environment_configs/sre_bluet1guac_core_config.json +++ b/environment_configs/sre_bluet1guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet2guac_core_config.json b/environment_configs/sre_bluet2guac_core_config.json index 5608c6f732..41f696ace9 100644 --- a/environment_configs/sre_bluet2guac_core_config.json +++ b/environment_configs/sre_bluet2guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet2msrds_core_config.json b/environment_configs/sre_bluet2msrds_core_config.json index 96f7ee82f9..b892958085 100644 --- a/environment_configs/sre_bluet2msrds_core_config.json +++ b/environment_configs/sre_bluet2msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet3guac_core_config.json b/environment_configs/sre_bluet3guac_core_config.json index 7a772e6545..cd8306b24f 100644 --- a/environment_configs/sre_bluet3guac_core_config.json +++ b/environment_configs/sre_bluet3guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_bluet3msrds_core_config.json b/environment_configs/sre_bluet3msrds_core_config.json index 12f75d668b..8f6e46b9ff 100644 --- a/environment_configs/sre_bluet3msrds_core_config.json +++ b/environment_configs/sre_bluet3msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_greent1guac_core_config.json b/environment_configs/sre_greent1guac_core_config.json index 21939b6dc8..7115f3ced4 100644 --- a/environment_configs/sre_greent1guac_core_config.json +++ b/environment_configs/sre_greent1guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent2guac_core_config.json b/environment_configs/sre_greent2guac_core_config.json index 9a42779859..d22ce988a7 100644 --- a/environment_configs/sre_greent2guac_core_config.json +++ b/environment_configs/sre_greent2guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent2msrds_core_config.json b/environment_configs/sre_greent2msrds_core_config.json index be21cf6422..cb2787c843 100644 --- a/environment_configs/sre_greent2msrds_core_config.json +++ b/environment_configs/sre_greent2msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent3guac_core_config.json b/environment_configs/sre_greent3guac_core_config.json index 8cb8371adf..b71b9a676f 100644 --- a/environment_configs/sre_greent3guac_core_config.json +++ b/environment_configs/sre_greent3guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_greent3msrds_core_config.json b/environment_configs/sre_greent3msrds_core_config.json index 688b02b044..cc8484dd70 100644 --- a/environment_configs/sre_greent3msrds_core_config.json +++ b/environment_configs/sre_greent3msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/tests/resources/sre_bluet1guac_full_config.json b/tests/resources/sre_bluet1guac_full_config.json index 43782149fc..2a963e3b4d 100644 --- a/tests/resources/sre_bluet1guac_full_config.json +++ b/tests/resources/sre_bluet1guac_full_config.json @@ -1302,7 +1302,7 @@ "rg": "RG_SHM_BLUE_SRE_T1GUAC_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "vmSizeDefault": "Standard_D2s_v3" }, diff --git a/tests/resources/sre_bluet3msrds_full_config.json b/tests/resources/sre_bluet3msrds_full_config.json index b357d2e3ef..404e773c99 100644 --- a/tests/resources/sre_bluet3msrds_full_config.json +++ b/tests/resources/sre_bluet3msrds_full_config.json @@ -1324,7 +1324,7 @@ "rg": "RG_SHM_BLUE_SRE_T3MSRDS_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "vmSizeDefault": "Standard_D2s_v3" }, diff --git a/tests/resources/sre_greent2guac_full_config.json b/tests/resources/sre_greent2guac_full_config.json index 33a2796de9..fa389e77bc 100644 --- a/tests/resources/sre_greent2guac_full_config.json +++ b/tests/resources/sre_greent2guac_full_config.json @@ -1355,7 +1355,7 @@ "rg": "RG_SHM_GREEN_SRE_T2GUAC_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2022081900" + "version": "20.04.2023031400" }, "vmSizeDefault": "Standard_D2s_v3" }, From e9f1869da0199201bccf94866e19ca6511ecd7f2 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 10:08:13 +0000 Subject: [PATCH 109/289] :wrench: Ensure apt-get fixes are applied to all cloud-init files --- .../cloud-init-buildimage-ubuntu-1804.mustache.yaml | 3 ++- .../cloud-init-buildimage-ubuntu-2004.mustache.yaml | 5 ++++- .../cloud-init-buildimage-ubuntu-2204.mustache.yaml | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml index 3fe9203050..8f8c911ca2 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml @@ -380,7 +380,8 @@ runcmd: # Remove netcat (potential security issue) [Note this will remove the 'ubuntu-minimal' metapackage but does not remove any other real packages] # Remove xscreensaver (unnecessary) - apt-get remove -y netcat-openbsd xscreensaver - # Remove any unused auto-installed packages + # Fix any broken packages then clean and remove any unused packages + - apt-get --fix-broken install -y - apt-get autoclean -y - apt-get autoremove -y --purge - apt-get clean diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml index fed08e3158..1cf6facce8 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml @@ -381,7 +381,10 @@ runcmd: # Remove netcat (potential security issue) [Note this will remove the 'ubuntu-minimal' metapackage but does not remove any other real packages] # Remove xscreensaver (unnecessary) - apt-get remove -y netcat-openbsd xscreensaver - - apt --fix-broken install -y + # Fix any broken packages then clean and remove any unused packages + - apt-get --fix-broken install -y + - apt-get autoclean -y + - apt-get autoremove -y --purge - apt-get clean # Remove temporary files - tmpreaper 10m /tmp/ /var/tmp/ # remove temporary files that have not been accessed in 10 minutes diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml index dcc987b3ca..17527746cb 100644 --- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml +++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml @@ -387,7 +387,8 @@ runcmd: # Remove netcat (potential security issue) [Note this will remove the 'ubuntu-minimal' metapackage but does not remove any other real packages] # Remove xscreensaver (unnecessary) - apt-get remove -y netcat-openbsd xscreensaver - # Remove any unused auto-installed packages + # Fix any broken packages then clean and remove any unused packages + - apt-get --fix-broken install -y - apt-get autoclean -y - apt-get autoremove -y --purge - apt-get clean From 3d23b39d5f9f296d0e5d2b9aadd2cf701155c3c7 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 10:14:30 +0000 Subject: [PATCH 110/289] :memo: Update Microsoft documentation link --- docs/roles/system_manager/manage_data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 0bf6a56b63..e66ff3069a 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -103,7 +103,7 @@ For more info on shared SRE storage volumes, consult the {ref}`Safe Haven User G ### {{card_file_box}} Restoring blobs -Blob containers in backed up storage accounts are protected by [operational backup](https://learn.microsoft.com/en-us/azure/backup/blob-backup-overview#how-operational-backup-works). +Blob containers in backed up storage accounts are protected by [operational backup](https://learn.microsoft.com/en-us/azure/backup/blob-backup-overview#how-the-operational-backup-works). It is possible to restore the state of the blobs to an earlier point in time, up to twelve weeks in the past. The blob containers covered by the protection for each SRE are the From 6a4f7db45a4620d5da812e98ec68a73dd90dd349 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 11:46:26 +0000 Subject: [PATCH 111/289] :bug: Remove keras from Python 3.11 installation --- deployment/secure_research_desktop/packages/packages-python.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/secure_research_desktop/packages/packages-python.yaml b/deployment/secure_research_desktop/packages/packages-python.yaml index 7b57788416..879788d373 100644 --- a/deployment/secure_research_desktop/packages/packages-python.yaml +++ b/deployment/secure_research_desktop/packages/packages-python.yaml @@ -25,6 +25,7 @@ packages: html5lib: ipykernel: keras: + "3.11": ["uninstallable"] # requires tensorflow lightgbm: lxml: matplotlib: From ea7e754666c890e2dae028b12b0b1a0fe338acf7 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 12:01:10 +0000 Subject: [PATCH 112/289] :alien: Replace argon2 with askpass in test script as argon2 has been removed from CRAN --- tests/srd_smoke_tests/test_repository_R.mustache.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/srd_smoke_tests/test_repository_R.mustache.sh b/tests/srd_smoke_tests/test_repository_R.mustache.sh index 2d9d749d7b..49636d6276 100644 --- a/tests/srd_smoke_tests/test_repository_R.mustache.sh +++ b/tests/srd_smoke_tests/test_repository_R.mustache.sh @@ -3,7 +3,7 @@ # - *not* pre-installed # - on the tier-3 list (so we can test all tiers) # - alphabetically early and late (so we can test the progress of the mirror synchronisation) -packages=("argon2" "zeallot") +packages=("askpass" "zeallot") uninstallable_packages=("aws.s3") # Create a temporary library directory From 56cdbc69a1a6ee5ce14d951445207b748da2ef34 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 12:45:55 +0000 Subject: [PATCH 113/289] :bug: Fix creation of database secrets --- .../setup/Setup_SRE_Key_Vault_And_Users.ps1 | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 index a1be60f18a..d35671c265 100644 --- a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 +++ b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 @@ -68,11 +68,13 @@ try { # :: Databases try { foreach ($keyName in $config.sre.databases.Keys) { - if ($config.sre.databases[$keyName] -isnot [System.Collections.IDictionary]) { continue } - $dbAdminUsername = ($keyName -eq "dbpostgresql") ? "postgres" : "sre$($config.sre.id)dbadmin".ToLower() # The postgres admin username is hardcoded as 'postgres' but we save it to the keyvault to ensure a consistent record structure - $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.databases[$keyName].adminPasswordSecretName -DefaultLength 20 -AsPlaintext - $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.databases[$keyName].dbAdminUsernameSecretName $dbAdminUsername -AsPlaintext - $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.databases[$keyName].dbAdminPasswordSecretName -DefaultLength 20 -AsPlaintext + foreach ($dbInstance in $config.sre.databases[$keyName]) { + if ($dbInstance -isnot [System.Collections.IDictionary]) { continue } + $dbAdminUsername = ($keyName -eq "dbpostgresql") ? "postgres" : "sre$($config.sre.id)dbadmin".ToLower() # The postgres admin username is hardcoded as 'postgres' but we save it to the keyvault to ensure a consistent record structure + $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $dbInstance.adminPasswordSecretName -DefaultLength 20 -AsPlaintext + $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $dbInstance.dbAdminUsernameSecretName $dbAdminUsername -AsPlaintext + $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $dbInstance.dbAdminPasswordSecretName -DefaultLength 20 -AsPlaintext + } } Add-LogMessage -Level Success "Ensured that SRE database secrets exist" } catch { From d7ec924c322ccb61b40b5541a7449b422871b5c7 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 14:37:07 +0000 Subject: [PATCH 114/289] :wrench: Update sample config files --- environment_configs/sre_bluet1guac_core_config.json | 2 +- environment_configs/sre_bluet2guac_core_config.json | 2 +- environment_configs/sre_bluet2msrds_core_config.json | 2 +- environment_configs/sre_bluet3guac_core_config.json | 2 +- environment_configs/sre_bluet3msrds_core_config.json | 2 +- environment_configs/sre_greent1guac_core_config.json | 2 +- environment_configs/sre_greent2guac_core_config.json | 2 +- environment_configs/sre_greent2msrds_core_config.json | 2 +- environment_configs/sre_greent3guac_core_config.json | 2 +- environment_configs/sre_greent3msrds_core_config.json | 2 +- tests/resources/sre_bluet1guac_full_config.json | 2 +- tests/resources/sre_bluet3msrds_full_config.json | 2 +- tests/resources/sre_greent2guac_full_config.json | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/environment_configs/sre_bluet1guac_core_config.json b/environment_configs/sre_bluet1guac_core_config.json index fdc4ae9048..2454eb73e8 100644 --- a/environment_configs/sre_bluet1guac_core_config.json +++ b/environment_configs/sre_bluet1guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet2guac_core_config.json b/environment_configs/sre_bluet2guac_core_config.json index 41f696ace9..2ada45f6ec 100644 --- a/environment_configs/sre_bluet2guac_core_config.json +++ b/environment_configs/sre_bluet2guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet2msrds_core_config.json b/environment_configs/sre_bluet2msrds_core_config.json index b892958085..13e8a4e218 100644 --- a/environment_configs/sre_bluet2msrds_core_config.json +++ b/environment_configs/sre_bluet2msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_bluet3guac_core_config.json b/environment_configs/sre_bluet3guac_core_config.json index cd8306b24f..c14e6af1f0 100644 --- a/environment_configs/sre_bluet3guac_core_config.json +++ b/environment_configs/sre_bluet3guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_bluet3msrds_core_config.json b/environment_configs/sre_bluet3msrds_core_config.json index 8f6e46b9ff..c83c0833ab 100644 --- a/environment_configs/sre_bluet3msrds_core_config.json +++ b/environment_configs/sre_bluet3msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_greent1guac_core_config.json b/environment_configs/sre_greent1guac_core_config.json index 7115f3ced4..e78af97072 100644 --- a/environment_configs/sre_greent1guac_core_config.json +++ b/environment_configs/sre_greent1guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent2guac_core_config.json b/environment_configs/sre_greent2guac_core_config.json index d22ce988a7..f0e726431c 100644 --- a/environment_configs/sre_greent2guac_core_config.json +++ b/environment_configs/sre_greent2guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent2msrds_core_config.json b/environment_configs/sre_greent2msrds_core_config.json index cb2787c843..20c6912ec9 100644 --- a/environment_configs/sre_greent2msrds_core_config.json +++ b/environment_configs/sre_greent2msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.253"], diff --git a/environment_configs/sre_greent3guac_core_config.json b/environment_configs/sre_greent3guac_core_config.json index b71b9a676f..95f59302f5 100644 --- a/environment_configs/sre_greent3guac_core_config.json +++ b/environment_configs/sre_greent3guac_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "ApacheGuacamole", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/environment_configs/sre_greent3msrds_core_config.json b/environment_configs/sre_greent3msrds_core_config.json index cc8484dd70..1cd114f919 100644 --- a/environment_configs/sre_greent3msrds_core_config.json +++ b/environment_configs/sre_greent3msrds_core_config.json @@ -8,7 +8,7 @@ "outboundInternetAccess": "default", "computeVmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "remoteDesktopProvider": "MicrosoftRDS", "dataAdminIpAddresses": ["193.60.220.240"], diff --git a/tests/resources/sre_bluet1guac_full_config.json b/tests/resources/sre_bluet1guac_full_config.json index 2a963e3b4d..24f1f18747 100644 --- a/tests/resources/sre_bluet1guac_full_config.json +++ b/tests/resources/sre_bluet1guac_full_config.json @@ -1302,7 +1302,7 @@ "rg": "RG_SHM_BLUE_SRE_T1GUAC_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "vmSizeDefault": "Standard_D2s_v3" }, diff --git a/tests/resources/sre_bluet3msrds_full_config.json b/tests/resources/sre_bluet3msrds_full_config.json index 404e773c99..1a59d3b537 100644 --- a/tests/resources/sre_bluet3msrds_full_config.json +++ b/tests/resources/sre_bluet3msrds_full_config.json @@ -1324,7 +1324,7 @@ "rg": "RG_SHM_BLUE_SRE_T3MSRDS_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "vmSizeDefault": "Standard_D2s_v3" }, diff --git a/tests/resources/sre_greent2guac_full_config.json b/tests/resources/sre_greent2guac_full_config.json index fa389e77bc..ca318c0553 100644 --- a/tests/resources/sre_greent2guac_full_config.json +++ b/tests/resources/sre_greent2guac_full_config.json @@ -1355,7 +1355,7 @@ "rg": "RG_SHM_GREEN_SRE_T2GUAC_COMPUTE", "vmImage": { "type": "Ubuntu", - "version": "20.04.2023031400" + "version": "20.04.2023031401" }, "vmSizeDefault": "Standard_D2s_v3" }, From ea9e8eda93ba569e57a37c157fdffaca614fbb6e Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 14:18:41 +0000 Subject: [PATCH 115/289] :bug: Catch additional extraneous characters that might be included in Python package names --- .../administration/SHM_Expand_Allowlist_Dependencies.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 index 7dde2fd117..7c2a28d7a1 100644 --- a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 +++ b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 @@ -93,7 +93,8 @@ function Get-Dependencies { if ($Repository -eq "pypi") { # The best PyPI results come from the package JSON files $response = Invoke-RestMethod -Uri "https://pypi.org/${Repository}/${Package}/${Version}/json" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop - $Cache[$Repository][$Package][$Version] = @($response.info.requires_dist | Where-Object { $_ -and ($_ -notmatch "extra ==") } | ForEach-Object { ($_ -split '[;[( ><=]')[0].Trim() } | Sort-Object -Unique) + # Add canonical names to dependencies + $Cache[$Repository][$Package][$Version] = @($response.info.requires_dist | Where-Object { $_ -and ($_ -notmatch "extra ==") } | ForEach-Object { ($_ -split '[;[( ><=!~]')[0].Trim().ToLower() } | Sort-Object -Unique) } else { # For other repositories we use libraries.io try { From d561876add70bd7ab1479b911b9d4dd030515e62 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 14:13:59 +0000 Subject: [PATCH 116/289] :bug: Catch case where package name is not found --- .../administration/SHM_Expand_Allowlist_Dependencies.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 index 7c2a28d7a1..3149509493 100644 --- a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 +++ b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 @@ -172,6 +172,10 @@ while ($queue.Count) { # Check that the package exists and add it to the allowlist if so Add-LogMessage -Level Info "Looking for '${unverifiedName}' in ${Repository}..." $packageData = Test-PackageExistence -Repository $Repository -Package $unverifiedName -ApiKey $ApiKey -RepositoryId $RepositoryId + if (-not $($packageData.name)) { + Add-LogMessage -Level Error "Package '${unverifiedName}' could not be found!" + continue + } if ($packageData.name -cne $unverifiedName) { Add-LogMessage -Level Warning "Package '${unverifiedName}' should be '$($packageData.name)'" } From ac57fab4d9f9c75d2bff384cb94490b117e8c7de Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 17:15:04 +0000 Subject: [PATCH 117/289] :bug: Catch case where dependency cache exists but is unreadable --- deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 index 3149509493..3603fb33ed 100644 --- a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 +++ b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 @@ -143,6 +143,7 @@ if (-not $NoCache) { if (Test-Path $dependencyCachePath -PathType Leaf) { $dependencyCache = Get-Content $dependencyCachePath | ConvertFrom-Json -AsHashtable } + if (-not $dependencyCache) { $dependencyCache = [ordered]@{} } } if ($Repository -notin $dependencyCache.Keys) { $dependencyCache[$Repository] = [ordered]@{} } if ("unavailable_packages" -notin $dependencyCache.Keys) { $dependencyCache["unavailable_packages"] = [ordered]@{} } From 5ec22bf60fb4d5f2474954e34f507a2253ca6631 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Tue, 14 Mar 2023 23:07:41 +0000 Subject: [PATCH 118/289] :wrench: Replace deprecated set-output option --- .github/workflows/build_allow_lists.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_allow_lists.yaml b/.github/workflows/build_allow_lists.yaml index 2c343dcf6b..a0cfa3810e 100644 --- a/.github/workflows/build_allow_lists.yaml +++ b/.github/workflows/build_allow_lists.yaml @@ -49,7 +49,7 @@ jobs: - name: Get current date id: date - run: echo "::set-output name=date::$(date +'%Y-%m-%d')" + run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT - name: Create pull request if: ${{ (! env.TIMEOUT_REACHED) && (! env.ACT) }} From 672c78daff927aaeb374bd2c8acd866fc7e73396 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 15 Mar 2023 11:52:28 +0000 Subject: [PATCH 119/289] stop firewall blocking servicebuss used by DC to speak to azuread --- .../network_rules/shm-firewall-rules.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json index d3d0b897b3..9e521961e1 100644 --- a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json +++ b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json @@ -190,6 +190,12 @@ ], "fqdnTags": [], "targetFqdns": [ + "g0-prod-sn3-011-sb.servicebus.windows.net", + "g3-prod-ch3-006-sb.servicebus.windows.net", + "g5-prod-ch3-006-sb.servicebus.windows.net", + "g7-prod-ch3-006-sb.servicebus.windows.net", + "g7-prod-sn3-011-sb.servicebus.windows.net", + "g8-prod-sn3-011-sb.servicebus.windows.net", "g10-prod-ch3-003-sb.servicebus.windows.net", "g10-prod-ch3-004-sb.servicebus.windows.net", "g10-prod-ch3-005-sb.servicebus.windows.net", From c5856ddb499133f38d73454faf44f4047bda16a0 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 15 Mar 2023 12:15:58 +0000 Subject: [PATCH 120/289] :arrow_up: Update to v4.2.4 of create-pull-request --- .github/workflows/build_allow_lists.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_allow_lists.yaml b/.github/workflows/build_allow_lists.yaml index a0cfa3810e..1d8160cbfb 100644 --- a/.github/workflows/build_allow_lists.yaml +++ b/.github/workflows/build_allow_lists.yaml @@ -52,9 +52,9 @@ jobs: run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT - name: Create pull request - if: ${{ (! env.TIMEOUT_REACHED) && (! env.ACT) }} + if: ${{ (env.TIMEOUT_REACHED == 0) && (! env.ACT) }} id: pull-request - uses: peter-evans/create-pull-request@dcd5fd746d53dd8de555c0f10bca6c35628be47a # This commit corresponds to tag 3.12.0 + uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # This commit corresponds to tag 4.2.4 with: commit-message: Update PyPI and CRAN allow lists committer: GitHub Actions From eb363bfc40ba85376f46835340de7b19de029c4a Mon Sep 17 00:00:00 2001 From: jemrobinson Date: Wed, 15 Mar 2023 15:33:36 +0000 Subject: [PATCH 121/289] Update PyPI and CRAN allow lists --- .../allowlist-full-python-pypi-tier3.list | 123 +++++++++++++++++- .../allowlist-full-r-cran-tier3.list | 40 +++++- 2 files changed, 157 insertions(+), 6 deletions(-) diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list index dde7e094eb..56597346f1 100644 --- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list +++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list @@ -5,9 +5,11 @@ aesara affine aiobotocore aiocontextvars +aiofiles aiohttp aioitertools aiosignal +aiosqlite alabaster altair annoy @@ -16,6 +18,7 @@ anyio apispec appdirs appnope +arabic-reshaper argcomplete argon2-cffi argon2-cffi-bindings @@ -28,7 +31,9 @@ astropy asttokens astunparse async_generator +async-lru async-timeout +asyncio asynctest atomicwrites attrs @@ -36,10 +41,12 @@ autograd autograd-gamma Automat awkward +awkward-cpp awkward0 Babel backcall backpack +backports.cached-property backports.entry-points-selectable backports.functools-lru-cache backports.lzma @@ -52,11 +59,14 @@ backports.zoneinfo bcdoc beautifulsoup4 better-exceptions-fork +biscuits black bleach blis blosc +blosc2 bokeh +boltons boto3 botocore Bottleneck @@ -64,6 +74,7 @@ bpemb branca Brotli bson +build bulwark CacheControl cached-property @@ -85,8 +96,11 @@ click-plugins cligj clikit cloudpickle +cmdstanpy colorama +comm commonmark +confection configparser confuse conllu @@ -95,9 +109,14 @@ constantly contextily contextlib2 contextvars +contoml +contourpy +convertdate +cookies crashtest crcmod cryptography +cssselect2 cycler cymem Cython @@ -107,25 +126,34 @@ dash-html-components dash-table dask dataclasses +datasets ddt debugpy decorator defusedxml +deprecat Deprecated deprecation descartes dill distlib distributed +dnspython +docopt docutils dparse dragonmapper dtw +dulwich +ecos eli5 entrypoints enum34 +ephem etuples +exceptiongroup executing +fastjsonschema fastprogress filelock Fiona @@ -137,15 +165,19 @@ Flask-Bootstrap Flask-Compress flatbuffers folium +fonttools formulaic frozenlist fsspec +fst-pso ftfy funcsigs functools32 +funcy future future-fstrings futures +FuzzyTM gast GDAL gdown @@ -171,11 +203,16 @@ google-resumable-media googleapis-common-protos GPy GPyOpt +graphlib-backport graphviz grpcio gym +h5netcdf h5py HeapDict +hijri-converter +holidays +hotelling html5lib htmlmin httplib2 @@ -187,6 +224,7 @@ idna idna_ssl imagecodecs imagecodecs-lite +ImageHash imageio imagesize importlib @@ -194,6 +232,7 @@ importlib-metadata importlib-resources incremental iniconfig +installer interface-meta ipaddress ipykernel @@ -203,6 +242,9 @@ ipywidgets isort itsdangerous Janome +jaraco.classes +jarowinkler +jax jedi jeepney Jinja2 @@ -214,8 +256,15 @@ jsonschema jupyter jupyter-client jupyter-core +jupyter-events +jupyter-lsp jupyter-packaging jupyter-server +jupyter-server-fileid +jupyter-server-terminals +jupyter-server-ydoc +jupyter-telemetry +jupyter-ydoc jupyterlab jupyterlab-launcher jupyterlab-pygments @@ -228,8 +277,11 @@ Keras-Preprocessing keyring kiwisolver konoha +korean-lunar-calendar langcodes langdetect +lapsolver +lazy_loader lazy-object-proxy libclang lifelines @@ -239,10 +291,12 @@ locket lockfile logical-unification loguru +LunarCalendar lxml lz4 mapclassify Markdown +markdown-it-py markdown2 MarkupSafe marshmallow @@ -250,12 +304,15 @@ matplotlib matplotlib-inline matrixprofile mccabe +mdit-py-plugins +mdurl memory-profiler mercantile miniKanren missingno mistune mock +modutil monotonic more-itertools mpctools @@ -277,24 +334,35 @@ nbclassic nbclient nbconvert nbformat +ndindex nest-asyncio netCDF4 networkx nltk nose notebook +notebook-shim notifiers numba numexpr numpy numpydoc +nvidia-cublas-cu11 +nvidia-cuda-nvrtc-cu11 +nvidia-cuda-runtime-cu11 +nvidia-cudnn-cu11 oauth2client oauthlib odo olefile +opencv-python opt-einsum ordereddict +orderedmultidict +oscrypto +osqp overrides +packagebuilder packaging pandas pandas-datareader @@ -325,21 +393,26 @@ pickleshare Pillow Pint pip +pip-shims pip-tools pipenv pkgconfig pkginfo +pkgutil_resolve_name plac platformdirs +plette plotly pluggy plumbum poetry poetry-core +poetry-plugin-export pooch pox ppft pprintpp +pptree preshed prettytable prometheus-client @@ -351,9 +424,12 @@ psycopg2 ptyprocess pure-eval py +py-cpuinfo py4j +pyarrow pyasn1 pyasn1-modules +pybind11 pycodestyle pycosat pycparser @@ -362,20 +438,28 @@ pydantic pydot pyerfa pyflakes +pyFUME Pygments pygrib PyHamcrest +pyHanko +pyhanko-certvalidator pyLDAvis pylev pylint pymc3 +PyMeeus pymongo pyodbc PyOpenGL pyparsing +pypdf PyPDF2 +PyPDF3 pypiwin32 +pypng pyproj +pyproject_hooks pyrsistent pysha3 pyshp @@ -383,11 +467,16 @@ pysimdjson pystan pytest pytest-pylint +python-barcode +python-bidi python-dateutil python-geohash python-gitlab +python-json-logger python-louvain +python-pkcs11 pytoml +pytorch_revgrad pytorch-pretrained-bert pytorch-transformers pytz @@ -398,18 +487,27 @@ pywin32-ctypes pywinpty PyYAML pyzmq +qdldl +qrcode +rapidfuzz rasterio regex reportlab repoze.lru repro-catalogue +requestes requests requests-file requests-ftp requests-oauthlib requests-toolbelt requests-unixsocket +requirements-parser +requirementslib +responses retrying +rfc3339-validator +rfc3986-validator rfc3987 rich rpy2 @@ -437,8 +535,10 @@ semver Send2Trash sentencepiece setuptools -Shapely +setuptools-git +shapely shellingham +simpful simplegeneric simplejson singledispatch @@ -458,6 +558,7 @@ spacy spacy-langdetect spacy-legacy spacy-loggers +sparsesvd Sphinx sphinxcontrib-applehelp sphinxcontrib-devhelp @@ -475,6 +576,7 @@ statsmodels stumpy subprocess32 suod +svglib sympy syntok tables @@ -493,6 +595,7 @@ tensorflow-gpu-estimator tensorflow-io-gcs-filesystem tensorflow-tensorboard termcolor +termcolor-whl terminado testpath tf-estimator-nightly @@ -503,6 +606,7 @@ threadpoolctl tifffile tika tiny-tokenizer +tinycss2 tokenize-rt tokenizers toml @@ -514,12 +618,19 @@ torchvision tornado tqdm traitlets +transformer-smaller-training-vocab transformers +trove-classifiers tsfresh Twisted twisted-iocpsupport typed-ast +typeguard typer +types-docutils +types-PyYAML +types-setuptools +types-toml typing typing-extensions typing-utils @@ -527,15 +638,18 @@ tzdata tzlocal ujson unicodecsv +unification unittest2 uproot uproot-methods +uritools urllib3 uvloop vincent virtualenv virtualenv-clone visions +vistir wasabi wcwidth webargs @@ -551,12 +665,19 @@ woops wordcloud wrapt xarray +xarray-einstats +xattr xgboost xhtml2pdf xlrd XlsxWriter +xxhash xyzservices +y-py yarl +yaspin +ydata-profiling +ypy-websocket zict zipfile36 zipp diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list index 83fb35c6e9..744c43aa16 100644 --- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list @@ -2,7 +2,6 @@ abind acepack actuar anytime -argon2 arrow askpass assertive @@ -64,6 +63,7 @@ classInt cli clipr clisymbols +clock cluster coda codetools @@ -71,6 +71,7 @@ colorspace colourpicker colourvalues commonmark +conflicted conquer covr cpp11 @@ -102,13 +103,16 @@ dichromat diffobj digest dimRed +distributional doMC doParallel dotCall64 +downlit downloader dplyr DRR DT +dtplyr dygraphs e1071 ellipsis @@ -130,20 +134,22 @@ fields filehash float fontawesome +fontBitstreamVera +fontLiberation +fontquiver forcats foreach foreign formatR Formula fs -fts furrr futile.logger futile.options future future.apply +gargle gbRd -gdalUtils gdata gdtools generics @@ -151,10 +157,12 @@ geojson geojsonio geojsonlint geojsonsf +geometries geometry geosphere gert getPass +gfonts ggforce ggmap ggplot2 @@ -171,7 +179,9 @@ glue gmodels gmp gnm +googledrive googlePolylines +googlesheets4 googleVis gower gpclib @@ -201,7 +211,9 @@ htmlwidgets httpcode httpuv httr +httr2 hunspell +ids igraph infer influenceR @@ -271,6 +283,7 @@ markdown MASS mathjaxr Matrix +MatrixExtra MatrixModels matrixStats mcmc @@ -282,6 +295,7 @@ mgcv mime miniUI minqa +mlapi mlbench MLmetrics mlr3 @@ -291,6 +305,7 @@ mnormt modeldata ModelMetrics modelr +MSSQL multcomp munsell MVA @@ -310,9 +325,9 @@ odbc openssl OpenStreetMap openxlsx -osmar packcircles packrat +palmerpenguins paradox parallelly parsnip @@ -326,6 +341,7 @@ pillar pixiedust pkgbuild pkgconfig +pkgdown pkgload pkgmaker PKI @@ -337,6 +353,7 @@ png pointblank polyclip polycor +posterior praise prettyunits pROC @@ -346,6 +363,7 @@ prodlim profileModel profvis progress +progressr promises prophet proto @@ -367,6 +385,7 @@ R.methodsS3 R.oo R.utils R6 +ragg randomForest ranger RApiDatetime @@ -381,8 +400,11 @@ Rcpp RcppEigen RcppParallel RcppRoll +RcppTOML RCurl Rdpack +reactable +reactR readODS readr readxl @@ -391,7 +413,6 @@ registry relimp rematch rematch2 -remoter remotes repr reprex @@ -404,6 +425,7 @@ rgeos rgexf rgl RgoogleMaps +RhpcBLASctl rio rJava rjson @@ -426,6 +448,7 @@ RPostgreSQL rprojroot rsample rsconnect +rsparse RSpectra RSQLite rstan @@ -451,6 +474,7 @@ sfheaders sfsmisc shape shiny +shinybusy shinyjs shinystan shinythemes @@ -485,9 +509,11 @@ svgPanZoom swagger sys systemfonts +tensorA terra testthat text2vec +textshaping TH.data threejs tibble @@ -500,12 +526,14 @@ tidytext tidyverse tidyxl tikzDevice +timechange timeDate timeSeries tinytex tis tmap tmaptools +tmvnsim tokenizers triebeard tsbox @@ -518,6 +546,7 @@ tzdb udunits2 units univariateML +urlchecker urltools usethis utf8 @@ -544,6 +573,7 @@ wk wordcloud workflows workflowsets +writexl xfun xgboost XLConnect From c9f573f480cb6cd644558c9ac8269f32d135c573 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 15 Mar 2023 15:50:38 +0000 Subject: [PATCH 122/289] :alien: Added a new set of SSPR service bus endpoints --- .../network_rules/shm-firewall-rules.json | 230 ++++++++++++++++++ 1 file changed, 230 insertions(+) diff --git a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json index 9e521961e1..7817322905 100644 --- a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json +++ b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json @@ -190,17 +190,203 @@ ], "fqdnTags": [], "targetFqdns": [ + "g0-prod-ch3-003-sb.servicebus.windows.net", + "g0-prod-ch3-004-sb.servicebus.windows.net", + "g0-prod-ch3-005-sb.servicebus.windows.net", + "g0-prod-ch3-006-sb.servicebus.windows.net", + "g0-prod-ch3-007-sb.servicebus.windows.net", + "g0-prod-ch3-008-sb.servicebus.windows.net", + "g0-prod-ch3-009-sb.servicebus.windows.net", + "g0-prod-sn3-003-sb.servicebus.windows.net", + "g0-prod-sn3-004-sb.servicebus.windows.net", + "g0-prod-sn3-005-sb.servicebus.windows.net", + "g0-prod-sn3-006-sb.servicebus.windows.net", + "g0-prod-sn3-007-sb.servicebus.windows.net", + "g0-prod-sn3-009-sb.servicebus.windows.net", + "g0-prod-sn3-010-sb.servicebus.windows.net", "g0-prod-sn3-011-sb.servicebus.windows.net", + "g0-prod-sn3-012-sb.servicebus.windows.net", + "g0-prod-sn3-013-sb.servicebus.windows.net", + "g0-prod-sn3-014-sb.servicebus.windows.net", + "g0-prod-sn3-203-sb.servicebus.windows.net", + "g1-prod-ch3-003-sb.servicebus.windows.net", + "g1-prod-ch3-004-sb.servicebus.windows.net", + "g1-prod-ch3-005-sb.servicebus.windows.net", + "g1-prod-ch3-006-sb.servicebus.windows.net", + "g1-prod-ch3-007-sb.servicebus.windows.net", + "g1-prod-ch3-008-sb.servicebus.windows.net", + "g1-prod-ch3-009-sb.servicebus.windows.net", + "g1-prod-sn3-003-sb.servicebus.windows.net", + "g1-prod-sn3-004-sb.servicebus.windows.net", + "g1-prod-sn3-005-sb.servicebus.windows.net", + "g1-prod-sn3-006-sb.servicebus.windows.net", + "g1-prod-sn3-007-sb.servicebus.windows.net", + "g1-prod-sn3-009-sb.servicebus.windows.net", + "g1-prod-sn3-010-sb.servicebus.windows.net", + "g1-prod-sn3-011-sb.servicebus.windows.net", + "g1-prod-sn3-012-sb.servicebus.windows.net", + "g1-prod-sn3-013-sb.servicebus.windows.net", + "g1-prod-sn3-014-sb.servicebus.windows.net", + "g1-prod-sn3-203-sb.servicebus.windows.net", + "g2-prod-ch3-003-sb.servicebus.windows.net", + "g2-prod-ch3-004-sb.servicebus.windows.net", + "g2-prod-ch3-005-sb.servicebus.windows.net", + "g2-prod-ch3-006-sb.servicebus.windows.net", + "g2-prod-ch3-007-sb.servicebus.windows.net", + "g2-prod-ch3-008-sb.servicebus.windows.net", + "g2-prod-ch3-009-sb.servicebus.windows.net", + "g2-prod-sn3-003-sb.servicebus.windows.net", + "g2-prod-sn3-004-sb.servicebus.windows.net", + "g2-prod-sn3-005-sb.servicebus.windows.net", + "g2-prod-sn3-006-sb.servicebus.windows.net", + "g2-prod-sn3-007-sb.servicebus.windows.net", + "g2-prod-sn3-009-sb.servicebus.windows.net", + "g2-prod-sn3-010-sb.servicebus.windows.net", + "g2-prod-sn3-011-sb.servicebus.windows.net", + "g2-prod-sn3-012-sb.servicebus.windows.net", + "g2-prod-sn3-013-sb.servicebus.windows.net", + "g2-prod-sn3-014-sb.servicebus.windows.net", + "g2-prod-sn3-203-sb.servicebus.windows.net", + "g3-prod-ch3-003-sb.servicebus.windows.net", + "g3-prod-ch3-004-sb.servicebus.windows.net", + "g3-prod-ch3-005-sb.servicebus.windows.net", "g3-prod-ch3-006-sb.servicebus.windows.net", + "g3-prod-ch3-007-sb.servicebus.windows.net", + "g3-prod-ch3-008-sb.servicebus.windows.net", + "g3-prod-ch3-009-sb.servicebus.windows.net", + "g3-prod-sn3-003-sb.servicebus.windows.net", + "g3-prod-sn3-004-sb.servicebus.windows.net", + "g3-prod-sn3-005-sb.servicebus.windows.net", + "g3-prod-sn3-006-sb.servicebus.windows.net", + "g3-prod-sn3-007-sb.servicebus.windows.net", + "g3-prod-sn3-009-sb.servicebus.windows.net", + "g3-prod-sn3-010-sb.servicebus.windows.net", + "g3-prod-sn3-011-sb.servicebus.windows.net", + "g3-prod-sn3-012-sb.servicebus.windows.net", + "g3-prod-sn3-013-sb.servicebus.windows.net", + "g3-prod-sn3-014-sb.servicebus.windows.net", + "g3-prod-sn3-203-sb.servicebus.windows.net", + "g4-prod-ch3-003-sb.servicebus.windows.net", + "g4-prod-ch3-004-sb.servicebus.windows.net", + "g4-prod-ch3-005-sb.servicebus.windows.net", + "g4-prod-ch3-006-sb.servicebus.windows.net", + "g4-prod-ch3-007-sb.servicebus.windows.net", + "g4-prod-ch3-008-sb.servicebus.windows.net", + "g4-prod-ch3-009-sb.servicebus.windows.net", + "g4-prod-sn3-003-sb.servicebus.windows.net", + "g4-prod-sn3-004-sb.servicebus.windows.net", + "g4-prod-sn3-005-sb.servicebus.windows.net", + "g4-prod-sn3-006-sb.servicebus.windows.net", + "g4-prod-sn3-007-sb.servicebus.windows.net", + "g4-prod-sn3-009-sb.servicebus.windows.net", + "g4-prod-sn3-010-sb.servicebus.windows.net", + "g4-prod-sn3-011-sb.servicebus.windows.net", + "g4-prod-sn3-012-sb.servicebus.windows.net", + "g4-prod-sn3-013-sb.servicebus.windows.net", + "g4-prod-sn3-014-sb.servicebus.windows.net", + "g4-prod-sn3-203-sb.servicebus.windows.net", + "g5-prod-ch3-003-sb.servicebus.windows.net", + "g5-prod-ch3-004-sb.servicebus.windows.net", + "g5-prod-ch3-005-sb.servicebus.windows.net", "g5-prod-ch3-006-sb.servicebus.windows.net", + "g5-prod-ch3-007-sb.servicebus.windows.net", + "g5-prod-ch3-008-sb.servicebus.windows.net", + "g5-prod-ch3-009-sb.servicebus.windows.net", + "g5-prod-sn3-003-sb.servicebus.windows.net", + "g5-prod-sn3-004-sb.servicebus.windows.net", + "g5-prod-sn3-005-sb.servicebus.windows.net", + "g5-prod-sn3-006-sb.servicebus.windows.net", + "g5-prod-sn3-007-sb.servicebus.windows.net", + "g5-prod-sn3-009-sb.servicebus.windows.net", + "g5-prod-sn3-010-sb.servicebus.windows.net", + "g5-prod-sn3-011-sb.servicebus.windows.net", + "g5-prod-sn3-012-sb.servicebus.windows.net", + "g5-prod-sn3-013-sb.servicebus.windows.net", + "g5-prod-sn3-014-sb.servicebus.windows.net", + "g5-prod-sn3-203-sb.servicebus.windows.net", + "g6-prod-ch3-003-sb.servicebus.windows.net", + "g6-prod-ch3-004-sb.servicebus.windows.net", + "g6-prod-ch3-005-sb.servicebus.windows.net", + "g6-prod-ch3-006-sb.servicebus.windows.net", + "g6-prod-ch3-007-sb.servicebus.windows.net", + "g6-prod-ch3-008-sb.servicebus.windows.net", + "g6-prod-ch3-009-sb.servicebus.windows.net", + "g6-prod-sn3-003-sb.servicebus.windows.net", + "g6-prod-sn3-004-sb.servicebus.windows.net", + "g6-prod-sn3-005-sb.servicebus.windows.net", + "g6-prod-sn3-006-sb.servicebus.windows.net", + "g6-prod-sn3-007-sb.servicebus.windows.net", + "g6-prod-sn3-009-sb.servicebus.windows.net", + "g6-prod-sn3-010-sb.servicebus.windows.net", + "g6-prod-sn3-011-sb.servicebus.windows.net", + "g6-prod-sn3-012-sb.servicebus.windows.net", + "g6-prod-sn3-013-sb.servicebus.windows.net", + "g6-prod-sn3-014-sb.servicebus.windows.net", + "g6-prod-sn3-203-sb.servicebus.windows.net", + "g7-prod-ch3-003-sb.servicebus.windows.net", + "g7-prod-ch3-004-sb.servicebus.windows.net", + "g7-prod-ch3-005-sb.servicebus.windows.net", "g7-prod-ch3-006-sb.servicebus.windows.net", + "g7-prod-ch3-007-sb.servicebus.windows.net", + "g7-prod-ch3-008-sb.servicebus.windows.net", + "g7-prod-ch3-009-sb.servicebus.windows.net", + "g7-prod-sn3-003-sb.servicebus.windows.net", + "g7-prod-sn3-004-sb.servicebus.windows.net", + "g7-prod-sn3-005-sb.servicebus.windows.net", + "g7-prod-sn3-006-sb.servicebus.windows.net", + "g7-prod-sn3-007-sb.servicebus.windows.net", + "g7-prod-sn3-009-sb.servicebus.windows.net", + "g7-prod-sn3-010-sb.servicebus.windows.net", "g7-prod-sn3-011-sb.servicebus.windows.net", + "g7-prod-sn3-012-sb.servicebus.windows.net", + "g7-prod-sn3-013-sb.servicebus.windows.net", + "g7-prod-sn3-014-sb.servicebus.windows.net", + "g7-prod-sn3-203-sb.servicebus.windows.net", + "g8-prod-ch3-003-sb.servicebus.windows.net", + "g8-prod-ch3-004-sb.servicebus.windows.net", + "g8-prod-ch3-005-sb.servicebus.windows.net", + "g8-prod-ch3-006-sb.servicebus.windows.net", + "g8-prod-ch3-007-sb.servicebus.windows.net", + "g8-prod-ch3-008-sb.servicebus.windows.net", + "g8-prod-ch3-009-sb.servicebus.windows.net", + "g8-prod-sn3-003-sb.servicebus.windows.net", + "g8-prod-sn3-004-sb.servicebus.windows.net", + "g8-prod-sn3-005-sb.servicebus.windows.net", + "g8-prod-sn3-006-sb.servicebus.windows.net", + "g8-prod-sn3-007-sb.servicebus.windows.net", + "g8-prod-sn3-009-sb.servicebus.windows.net", + "g8-prod-sn3-010-sb.servicebus.windows.net", "g8-prod-sn3-011-sb.servicebus.windows.net", + "g8-prod-sn3-012-sb.servicebus.windows.net", + "g8-prod-sn3-013-sb.servicebus.windows.net", + "g8-prod-sn3-014-sb.servicebus.windows.net", + "g8-prod-sn3-203-sb.servicebus.windows.net", + "g9-prod-ch3-003-sb.servicebus.windows.net", + "g9-prod-ch3-004-sb.servicebus.windows.net", + "g9-prod-ch3-005-sb.servicebus.windows.net", + "g9-prod-ch3-006-sb.servicebus.windows.net", + "g9-prod-ch3-007-sb.servicebus.windows.net", + "g9-prod-ch3-008-sb.servicebus.windows.net", + "g9-prod-ch3-009-sb.servicebus.windows.net", + "g9-prod-sn3-003-sb.servicebus.windows.net", + "g9-prod-sn3-004-sb.servicebus.windows.net", + "g9-prod-sn3-005-sb.servicebus.windows.net", + "g9-prod-sn3-006-sb.servicebus.windows.net", + "g9-prod-sn3-007-sb.servicebus.windows.net", + "g9-prod-sn3-009-sb.servicebus.windows.net", + "g9-prod-sn3-010-sb.servicebus.windows.net", + "g9-prod-sn3-011-sb.servicebus.windows.net", + "g9-prod-sn3-012-sb.servicebus.windows.net", + "g9-prod-sn3-013-sb.servicebus.windows.net", + "g9-prod-sn3-014-sb.servicebus.windows.net", + "g9-prod-sn3-203-sb.servicebus.windows.net", "g10-prod-ch3-003-sb.servicebus.windows.net", "g10-prod-ch3-004-sb.servicebus.windows.net", "g10-prod-ch3-005-sb.servicebus.windows.net", "g10-prod-ch3-006-sb.servicebus.windows.net", "g10-prod-ch3-007-sb.servicebus.windows.net", + "g10-prod-ch3-008-sb.servicebus.windows.net", + "g10-prod-ch3-009-sb.servicebus.windows.net", "g10-prod-sn3-003-sb.servicebus.windows.net", "g10-prod-sn3-004-sb.servicebus.windows.net", "g10-prod-sn3-005-sb.servicebus.windows.net", @@ -210,11 +396,16 @@ "g10-prod-sn3-010-sb.servicebus.windows.net", "g10-prod-sn3-011-sb.servicebus.windows.net", "g10-prod-sn3-012-sb.servicebus.windows.net", + "g10-prod-sn3-013-sb.servicebus.windows.net", + "g10-prod-sn3-014-sb.servicebus.windows.net", + "g10-prod-sn3-203-sb.servicebus.windows.net", "g11-prod-ch3-003-sb.servicebus.windows.net", "g11-prod-ch3-004-sb.servicebus.windows.net", "g11-prod-ch3-005-sb.servicebus.windows.net", "g11-prod-ch3-006-sb.servicebus.windows.net", "g11-prod-ch3-007-sb.servicebus.windows.net", + "g11-prod-ch3-008-sb.servicebus.windows.net", + "g11-prod-ch3-009-sb.servicebus.windows.net", "g11-prod-sn3-003-sb.servicebus.windows.net", "g11-prod-sn3-004-sb.servicebus.windows.net", "g11-prod-sn3-005-sb.servicebus.windows.net", @@ -224,11 +415,16 @@ "g11-prod-sn3-010-sb.servicebus.windows.net", "g11-prod-sn3-011-sb.servicebus.windows.net", "g11-prod-sn3-012-sb.servicebus.windows.net", + "g11-prod-sn3-013-sb.servicebus.windows.net", + "g11-prod-sn3-014-sb.servicebus.windows.net", + "g11-prod-sn3-203-sb.servicebus.windows.net", "g12-prod-ch3-003-sb.servicebus.windows.net", "g12-prod-ch3-004-sb.servicebus.windows.net", "g12-prod-ch3-005-sb.servicebus.windows.net", "g12-prod-ch3-006-sb.servicebus.windows.net", "g12-prod-ch3-007-sb.servicebus.windows.net", + "g12-prod-ch3-008-sb.servicebus.windows.net", + "g12-prod-ch3-009-sb.servicebus.windows.net", "g12-prod-sn3-003-sb.servicebus.windows.net", "g12-prod-sn3-004-sb.servicebus.windows.net", "g12-prod-sn3-005-sb.servicebus.windows.net", @@ -238,11 +434,16 @@ "g12-prod-sn3-010-sb.servicebus.windows.net", "g12-prod-sn3-011-sb.servicebus.windows.net", "g12-prod-sn3-012-sb.servicebus.windows.net", + "g12-prod-sn3-013-sb.servicebus.windows.net", + "g12-prod-sn3-014-sb.servicebus.windows.net", + "g12-prod-sn3-203-sb.servicebus.windows.net", "g13-prod-ch3-003-sb.servicebus.windows.net", "g13-prod-ch3-004-sb.servicebus.windows.net", "g13-prod-ch3-005-sb.servicebus.windows.net", "g13-prod-ch3-006-sb.servicebus.windows.net", "g13-prod-ch3-007-sb.servicebus.windows.net", + "g13-prod-ch3-008-sb.servicebus.windows.net", + "g13-prod-ch3-009-sb.servicebus.windows.net", "g13-prod-sn3-003-sb.servicebus.windows.net", "g13-prod-sn3-004-sb.servicebus.windows.net", "g13-prod-sn3-005-sb.servicebus.windows.net", @@ -252,11 +453,16 @@ "g13-prod-sn3-010-sb.servicebus.windows.net", "g13-prod-sn3-011-sb.servicebus.windows.net", "g13-prod-sn3-012-sb.servicebus.windows.net", + "g13-prod-sn3-013-sb.servicebus.windows.net", + "g13-prod-sn3-014-sb.servicebus.windows.net", + "g13-prod-sn3-203-sb.servicebus.windows.net", "g14-prod-ch3-003-sb.servicebus.windows.net", "g14-prod-ch3-004-sb.servicebus.windows.net", "g14-prod-ch3-005-sb.servicebus.windows.net", "g14-prod-ch3-006-sb.servicebus.windows.net", "g14-prod-ch3-007-sb.servicebus.windows.net", + "g14-prod-ch3-008-sb.servicebus.windows.net", + "g14-prod-ch3-009-sb.servicebus.windows.net", "g14-prod-sn3-003-sb.servicebus.windows.net", "g14-prod-sn3-004-sb.servicebus.windows.net", "g14-prod-sn3-005-sb.servicebus.windows.net", @@ -266,11 +472,16 @@ "g14-prod-sn3-010-sb.servicebus.windows.net", "g14-prod-sn3-011-sb.servicebus.windows.net", "g14-prod-sn3-012-sb.servicebus.windows.net", + "g14-prod-sn3-013-sb.servicebus.windows.net", + "g14-prod-sn3-014-sb.servicebus.windows.net", + "g14-prod-sn3-203-sb.servicebus.windows.net", "g15-prod-ch3-003-sb.servicebus.windows.net", "g15-prod-ch3-004-sb.servicebus.windows.net", "g15-prod-ch3-005-sb.servicebus.windows.net", "g15-prod-ch3-006-sb.servicebus.windows.net", "g15-prod-ch3-007-sb.servicebus.windows.net", + "g15-prod-ch3-008-sb.servicebus.windows.net", + "g15-prod-ch3-009-sb.servicebus.windows.net", "g15-prod-sn3-003-sb.servicebus.windows.net", "g15-prod-sn3-004-sb.servicebus.windows.net", "g15-prod-sn3-005-sb.servicebus.windows.net", @@ -280,6 +491,9 @@ "g15-prod-sn3-010-sb.servicebus.windows.net", "g15-prod-sn3-011-sb.servicebus.windows.net", "g15-prod-sn3-012-sb.servicebus.windows.net", + "g15-prod-sn3-013-sb.servicebus.windows.net", + "g15-prod-sn3-014-sb.servicebus.windows.net", + "g15-prod-sn3-203-sb.servicebus.windows.net", "g16-prod-ch3-003-sb.servicebus.windows.net", "g16-prod-ch3-004-sb.servicebus.windows.net", "g16-prod-ch3-006-sb.servicebus.windows.net", @@ -291,6 +505,7 @@ "g16-prod-sn3-007-sb.servicebus.windows.net", "g16-prod-sn3-010-sb.servicebus.windows.net", "g16-prod-sn3-011-sb.servicebus.windows.net", + "g16-prod-sn3-012-sb.servicebus.windows.net", "g17-prod-ch3-003-sb.servicebus.windows.net", "g17-prod-ch3-004-sb.servicebus.windows.net", "g17-prod-ch3-006-sb.servicebus.windows.net", @@ -302,6 +517,7 @@ "g17-prod-sn3-007-sb.servicebus.windows.net", "g17-prod-sn3-010-sb.servicebus.windows.net", "g17-prod-sn3-011-sb.servicebus.windows.net", + "g17-prod-sn3-012-sb.servicebus.windows.net", "g18-prod-ch3-003-sb.servicebus.windows.net", "g18-prod-ch3-004-sb.servicebus.windows.net", "g18-prod-ch3-006-sb.servicebus.windows.net", @@ -313,6 +529,7 @@ "g18-prod-sn3-007-sb.servicebus.windows.net", "g18-prod-sn3-010-sb.servicebus.windows.net", "g18-prod-sn3-011-sb.servicebus.windows.net", + "g18-prod-sn3-012-sb.servicebus.windows.net", "g19-prod-ch3-003-sb.servicebus.windows.net", "g19-prod-ch3-004-sb.servicebus.windows.net", "g19-prod-ch3-006-sb.servicebus.windows.net", @@ -324,6 +541,7 @@ "g19-prod-sn3-007-sb.servicebus.windows.net", "g19-prod-sn3-010-sb.servicebus.windows.net", "g19-prod-sn3-011-sb.servicebus.windows.net", + "g19-prod-sn3-012-sb.servicebus.windows.net", "g20-prod-ch3-003-sb.servicebus.windows.net", "g20-prod-ch3-004-sb.servicebus.windows.net", "g20-prod-ch3-006-sb.servicebus.windows.net", @@ -335,6 +553,7 @@ "g20-prod-sn3-007-sb.servicebus.windows.net", "g20-prod-sn3-010-sb.servicebus.windows.net", "g20-prod-sn3-011-sb.servicebus.windows.net", + "g20-prod-sn3-012-sb.servicebus.windows.net", "g21-prod-ch3-003-sb.servicebus.windows.net", "g21-prod-ch3-004-sb.servicebus.windows.net", "g21-prod-ch3-006-sb.servicebus.windows.net", @@ -346,6 +565,7 @@ "g21-prod-sn3-007-sb.servicebus.windows.net", "g21-prod-sn3-010-sb.servicebus.windows.net", "g21-prod-sn3-011-sb.servicebus.windows.net", + "g21-prod-sn3-012-sb.servicebus.windows.net", "g22-prod-ch3-003-sb.servicebus.windows.net", "g22-prod-ch3-004-sb.servicebus.windows.net", "g22-prod-ch3-006-sb.servicebus.windows.net", @@ -357,6 +577,7 @@ "g22-prod-sn3-007-sb.servicebus.windows.net", "g22-prod-sn3-010-sb.servicebus.windows.net", "g22-prod-sn3-011-sb.servicebus.windows.net", + "g22-prod-sn3-012-sb.servicebus.windows.net", "g23-prod-ch3-003-sb.servicebus.windows.net", "g23-prod-ch3-004-sb.servicebus.windows.net", "g23-prod-ch3-006-sb.servicebus.windows.net", @@ -368,6 +589,7 @@ "g23-prod-sn3-007-sb.servicebus.windows.net", "g23-prod-sn3-010-sb.servicebus.windows.net", "g23-prod-sn3-011-sb.servicebus.windows.net", + "g23-prod-sn3-012-sb.servicebus.windows.net", "g24-prod-ch3-003-sb.servicebus.windows.net", "g24-prod-ch3-004-sb.servicebus.windows.net", "g24-prod-ch3-006-sb.servicebus.windows.net", @@ -379,6 +601,7 @@ "g24-prod-sn3-007-sb.servicebus.windows.net", "g24-prod-sn3-010-sb.servicebus.windows.net", "g24-prod-sn3-011-sb.servicebus.windows.net", + "g24-prod-sn3-012-sb.servicebus.windows.net", "g25-prod-ch3-003-sb.servicebus.windows.net", "g25-prod-ch3-004-sb.servicebus.windows.net", "g25-prod-ch3-006-sb.servicebus.windows.net", @@ -390,6 +613,7 @@ "g25-prod-sn3-007-sb.servicebus.windows.net", "g25-prod-sn3-010-sb.servicebus.windows.net", "g25-prod-sn3-011-sb.servicebus.windows.net", + "g25-prod-sn3-012-sb.servicebus.windows.net", "g26-prod-ch3-003-sb.servicebus.windows.net", "g26-prod-ch3-004-sb.servicebus.windows.net", "g26-prod-ch3-006-sb.servicebus.windows.net", @@ -401,6 +625,7 @@ "g26-prod-sn3-007-sb.servicebus.windows.net", "g26-prod-sn3-010-sb.servicebus.windows.net", "g26-prod-sn3-011-sb.servicebus.windows.net", + "g26-prod-sn3-012-sb.servicebus.windows.net", "g27-prod-ch3-003-sb.servicebus.windows.net", "g27-prod-ch3-004-sb.servicebus.windows.net", "g27-prod-ch3-006-sb.servicebus.windows.net", @@ -412,6 +637,7 @@ "g27-prod-sn3-007-sb.servicebus.windows.net", "g27-prod-sn3-010-sb.servicebus.windows.net", "g27-prod-sn3-011-sb.servicebus.windows.net", + "g27-prod-sn3-012-sb.servicebus.windows.net", "g28-prod-ch3-003-sb.servicebus.windows.net", "g28-prod-ch3-004-sb.servicebus.windows.net", "g28-prod-ch3-006-sb.servicebus.windows.net", @@ -423,6 +649,7 @@ "g28-prod-sn3-007-sb.servicebus.windows.net", "g28-prod-sn3-010-sb.servicebus.windows.net", "g28-prod-sn3-011-sb.servicebus.windows.net", + "g28-prod-sn3-012-sb.servicebus.windows.net", "g29-prod-ch3-003-sb.servicebus.windows.net", "g29-prod-ch3-004-sb.servicebus.windows.net", "g29-prod-ch3-006-sb.servicebus.windows.net", @@ -434,6 +661,7 @@ "g29-prod-sn3-007-sb.servicebus.windows.net", "g29-prod-sn3-010-sb.servicebus.windows.net", "g29-prod-sn3-011-sb.servicebus.windows.net", + "g29-prod-sn3-012-sb.servicebus.windows.net", "g30-prod-ch3-003-sb.servicebus.windows.net", "g30-prod-ch3-004-sb.servicebus.windows.net", "g30-prod-ch3-006-sb.servicebus.windows.net", @@ -445,6 +673,7 @@ "g30-prod-sn3-007-sb.servicebus.windows.net", "g30-prod-sn3-010-sb.servicebus.windows.net", "g30-prod-sn3-011-sb.servicebus.windows.net", + "g30-prod-sn3-012-sb.servicebus.windows.net", "g31-prod-ch3-003-sb.servicebus.windows.net", "g31-prod-ch3-004-sb.servicebus.windows.net", "g31-prod-ch3-006-sb.servicebus.windows.net", @@ -456,6 +685,7 @@ "g31-prod-sn3-007-sb.servicebus.windows.net", "g31-prod-sn3-010-sb.servicebus.windows.net", "g31-prod-sn3-011-sb.servicebus.windows.net", + "g31-prod-sn3-012-sb.servicebus.windows.net", "g32-prod-ch3-003-sb.servicebus.windows.net", "g32-prod-ch3-004-sb.servicebus.windows.net", "g32-prod-ch3-006-sb.servicebus.windows.net", From c303703903f810c269adc87e7b31f21d0dcf7570 Mon Sep 17 00:00:00 2001 From: James Robinson Date: Wed, 15 Mar 2023 15:57:58 +0000 Subject: [PATCH 123/289] :bug: Add missing Import --- deployment/common/RemoteCommands.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/common/RemoteCommands.psm1 b/deployment/common/RemoteCommands.psm1 index deebad6ea1..d5b9c2472f 100644 --- a/deployment/common/RemoteCommands.psm1 +++ b/deployment/common/RemoteCommands.psm1 @@ -1,4 +1,5 @@ Import-Module $PSScriptRoot/AzureCompute -ErrorAction Stop +Import-Module $PSScriptRoot/DataStructures -ErrorAction Stop Import-Module $PSScriptRoot/Logging -ErrorAction Stop From dbd9bbb5cbc45db02c8c686a39beec1b900ff76e Mon Sep 17 00:00:00 2001 From: jemrobinson Date: Wed, 15 Mar 2023 16:38:34 +0000 Subject: [PATCH 124/289] Update PyPI and CRAN allow lists --- .../allowlist-full-python-pypi-tier3.list | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list index 56597346f1..2adbddfae8 100644 --- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list +++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list @@ -96,6 +96,7 @@ click-plugins cligj clikit cloudpickle +cmake cmdstanpy colorama comm @@ -286,6 +287,7 @@ lazy-object-proxy libclang lifelines lightgbm +lit llvmlite locket lockfile @@ -348,9 +350,16 @@ numexpr numpy numpydoc nvidia-cublas-cu11 +nvidia-cuda-cupti-cu11 nvidia-cuda-nvrtc-cu11 nvidia-cuda-runtime-cu11 nvidia-cudnn-cu11 +nvidia-cufft-cu11 +nvidia-curand-cu11 +nvidia-cusolver-cu11 +nvidia-cusparse-cu11 +nvidia-nccl-cu11 +nvidia-nvtx-cu11 oauth2client oauthlib odo @@ -620,6 +629,7 @@ tqdm traitlets transformer-smaller-training-vocab transformers +triton trove-classifiers tsfresh Twisted From 928c7c5e0e4cb663f3f47644a6f32e9b1a52ce79 Mon Sep 17 00:00:00 2001 From: JimMadge Date: Sun, 19 Mar 2023 00:23:23 +0000 Subject: [PATCH 125/289] Update PyPI and CRAN allow lists --- .../package_lists/allowlist-full-python-pypi-tier3.list | 3 +++ 1 file changed, 3 insertions(+) diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list index 2adbddfae8..784aaa8184 100644 --- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list +++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list @@ -254,6 +254,7 @@ joblib js-regex json5 jsonschema +jsonschema-specifications jupyter jupyter-client jupyter-core @@ -500,6 +501,7 @@ qdldl qrcode rapidfuzz rasterio +referencing regex reportlab repoze.lru @@ -519,6 +521,7 @@ rfc3339-validator rfc3986-validator rfc3987 rich +rpds-py rpy2 rsa Rtree From 49e8df1d48c6860d0ab59e5a96b7aee6e8559f58 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Mar 2023 16:43:21 +0000 Subject: [PATCH 126/289] add reminder to update SSL certificate --- docs/roles/system_manager/manage_deployments.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index 925dead38c..c8b4888176 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -6,6 +6,16 @@ This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it. ``` +## {{alarm_clock}} SREs running for more than **90** days + +SREs will need to periodically have their SSL certificates renewed so that the SRE URL can be accessed with HTTPS. After each 90 day period that the SRE is live, re-run the script to update the certificate. + +![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` + +```powershell +PS> ./Update_SRE_SSL_Certificate.ps1 -shmId -sreId +``` + (resize_vm)= ## {{arrow_upper_right}} Resize the Virtual Machine (VM) of a Secure Research Desktop (SRD) From 0898a223dcd1d01fb21ba022c19921138beee1c8 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Tue, 21 Mar 2023 16:47:13 +0000 Subject: [PATCH 127/289] reduce suggested time --- docs/roles/system_manager/manage_deployments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md index c8b4888176..e731a3d4a5 100644 --- a/docs/roles/system_manager/manage_deployments.md +++ b/docs/roles/system_manager/manage_deployments.md @@ -10,7 +10,7 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem SREs will need to periodically have their SSL certificates renewed so that the SRE URL can be accessed with HTTPS. After each 90 day period that the SRE is live, re-run the script to update the certificate. -![Powershell: ten minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` +![Powershell: five minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup` ```powershell PS> ./Update_SRE_SSL_Certificate.ps1 -shmId -sreId From 055d46f0f378c249de7eb38d3559fd09d4279914 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Mar 2023 13:52:45 +0000 Subject: [PATCH 128/289] remove steps not carried out by System Manager --- docs/roles/system_manager/manage_data.md | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index e66ff3069a..8043b3ab85 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -70,28 +70,7 @@ Software ingress must go through the same approval process as is the case for da ``` - Leave this portal window open and move to the next step -- Open `Azure Storage Explorer` ([download](https://azure.microsoft.com/en-us/products/storage/storage-explorer/) it if you don't have it) -- Click the socket image on the left hand side - - ```{image} ../data_provider_representative/azure_storage_explorer_connect.png - :alt: Azure Storage Explorer connection - :align: center - ``` - -- On `Select Resource`, choose `Blob container` -- On `Select Connection Method`, choose `Shared access signature URL (SAS)` and hit `Next` - - ```{image} administrator_guide/connect_azure_storage.png - :alt: Connect with SAS token - :align: center - ``` - -- On `Enter Connection Info`: - - Set the `Display name` to "egress" (or choose an informative name) - - Copy the `Blob SAS URL` from your Azure portal session into the `Blob container SAS URL` box and hit `Next` -- On the `Summary` page, hit `Connect` -- On the left hand side, the connection should show up under `Local & Attached > Storage Accounts > (Attached Containers) > Blob Containers > ingress (SAS)` -- You should now be able to securely download the data from the Safe Haven's output volume by highlighting the relevant file(s) and hitting the `Download` button +- The data provider should now be able to download data by following {ref}`these instructions ` ### The output volume From 2111562f6aecddabd9e88ff97e3b81aea2092fa2 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Mar 2023 15:56:29 +0000 Subject: [PATCH 129/289] Unable to see SRD or SSH connection options --- docs/roles/system_manager/manage_users.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index b5579ae0f7..c4d4459c37 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -235,6 +235,21 @@ Users are stuck at the `Opening remote port` message and never receive the MFA p - Check that the user has set up MFA (at [https://aka.ms/mfasetup](https://aka.ms/mfasetup) ) and is using the phone-call or app authentication method ``` +### {{see_no_evil}} Unable to see SRD or SSH connection options + +After logging in with Microsoft, users can't see the option to log into the SRE via the SRD or SSH options. + +```{image} administrator_guide/no_recent_connections.png +:alt: Unable to see SRD or SSH connection options +:align: center +``` + +```{tip} +**Solution**: Ensure the user is added to the correct Security Group for the SRE + +- See {ref}`adding_users_manually` +``` + ### {{interrobang}} xrdp login failure on the SRD If users can get to the login screen: From c58d27ffc374da5900ead5c3418342b30d4e4307 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Mar 2023 15:57:35 +0000 Subject: [PATCH 130/289] add image for prev commit --- .../no_recent_connections.png | Bin 0 -> 59917 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/roles/system_manager/administrator_guide/no_recent_connections.png diff --git a/docs/roles/system_manager/administrator_guide/no_recent_connections.png b/docs/roles/system_manager/administrator_guide/no_recent_connections.png new file mode 100644 index 0000000000000000000000000000000000000000..5b333e69c930bacdc6e59485242efd2213544a39 GIT binary patch literal 59917 zcmdqIcT|(h)-aABq99-clqjf(N*AT~CRKXxAe|6EI-#jF6#)xHdT*f<5^5+SMKJUP zNGPI*UP22cA<2j5zW3hqeXr-@t0-ue=A9iqcauAcRbd6Cs!kns$>C=1WO6r)6$9_>TtTx_w5COU7E}zZtevxL zju-VO;%NaXfiIN353&wsgMEiGk2W32X-Bvtitk-2y_L{15gHSkn}#0*;?8c__jKQT zupLQt>bwH&mE3MNM-54P`&(4W=ZJy9feZ=-`^|XQst5|H{Y|r868Fh~l_fPkardbl zNkHgd7^N^$)v@6LOU_zqN4NX^u3>KWGpkBEWwI1xiu7FlX7~@4B@=+1;8GH)|4eFzGveFOC%4FEiCzdXClU=&??XhhkKnN!{ClG`lvBx+)o2 zixpj#?WCh!gMz2`B-E}y0=|Tfaz);AXw+Fx`C@V@Ko+|3hm`AsP4u0wwE_NWJ^lYpD*r-wF47jySq7F2jAoD1lDd_bRe z0L9yppYL8hq?W(%QtruxGwUz7YG|r%UhsxKj#C}F|6TB%V9IMl18Cayy_DCVWL|eT zvyaW9XHPvJk(Lg>Gdq2)CGJAxgB7iQ+KyY-{ZpP09?nt?tI{cSd5-of;RKtmKY#R< zx{2RqS{$53#rp0!Z!Qfem-+1r$r@Fn@0raGz=p)xsF(LIFfX1urB0isaK@+8poad+ z^V>D&JZPNk#3yN(UUq%I?@E175zt6g_1x3@@-!X7j!K4(ev9d?!iA{V(hH2EG3Rd@ z_R-hHPQJVM2VJznMLn6MvqcJ*)R_dL(F%|CgpJM^E1`ykhR>BUHlM~T1m?-Po&__8 zy}bB|ddyyS@_aTE)Sl`3d9_a8`71%UGU=AO0N)K7>E%v~e+F%_9NwK~kdKYM`25|) zGf!Wcad||=McqE9{_wVP3RkrHIfLl&TLS8IJ~vh#+uY<7mN?JY^~KC#TKL5$*SA#A z3()IO4#OD9S8iW2yR3Tm?5}*PHsdv614jFI?bJM*yy77Ur?PxGlL+d_?w$R@WH&eO zEpa9x+P9PT$B$=jjogj+#;iuL6<-zIL?WQ)=QbvYua!>j%22P%Plhe&t=KJ>t%)s~ zL*~;DJD=O>Zr!_c;Z77P>XH)UyvRJe{ksQBMqKHaW?to~+ z&Xj_rf?LsaQEQ$-nX{3XJGE#=^9u`YS*9v9;b*R;D zlCuzv{U_m|x959Qd-Qt*dP;b}h7yJ!ewV%IqI2M03_-OGlq*%oe?gm*27-JecaOQ`a zL1E6?&bsCn{2Y9V#sgqG9nph_wyri#;a$`&opAMrNw*QuIZG+?Vv7_@8`#Ur%*rn& z(v{$1`;sP|k59_e1F-2&k+p-hRj^H{{bbZ+1>CJJSaQY@{CN*KCS4o>^RGkJ%m72? zbh-rlJYm*xCuOaW7hz2#Mmk7jdl!AIbF68CNy6=3>x95eSDi;$XepR<*t39VDUuVC z%uSyf?=%}VPCJiH*{|c*OSU+*-0&w3%wS|^5Iv-o^XT&5a$txHpVuIhhyH*zSX3J`d$ z0mZh>xFxW+u`{+6x6ij5@`u+SIX`UIs?U1Un_U`af5mv7Y5IClMoI7GElBX2o2j`@ zic2qfI^TCXbtWqFD?8p2cr>4;_^9Dq=z{^j6h{-o`)3!TJ{xbS1LEYky@*1^bO@rzM!Ya%{gAYmgugQJ0eQ?pg4 zRiaJuRL+HuHS+dB@VRvmlx|T1$@9q4a=A2x6MY| z#=Tb{MPUOH1H7rq10Pcwsvp?AZ+~j%)X^VVu3kQBN`hko{I^#dfKMmt|5#h7{)VI6 z`W}m+PNp{R+<0nUmK~?h%xFs$if?$5Uo7MlkzlRqJ`5@aUD;bi# z9zTVxO+-|K+Xu<{BwHqRrag|g5Xp<36bErHCefkwaIa@P2Lc&*EM_c2~yec)g!LR396<8+!SM`VPI$y}Ti?DZto{ zIR<|(od3FGm|h~5eK%`Rp0x2~Hf`R-Z7mL-1SjtwZ5#~sWFejj9$QTuecxphI<%F* zcCJYHj{N-bRm(F~$I98(v-wA8QSDe6bY8qE!P5VX9k+YeIgcU)+0a1x-)BWtjIwKGd~Up zHcPXHVQpbqiCmm>IJP}`3fEfV5Y3TpsjlW3#xvzP76r0s%EBAh^KpwW~6f4KYSv4cleO< zT$q~jx_4<)_}LjdPIuMb_Oo78yn0Ts{6}XY_V?9-X(l@r%P#NYCM)E4-D9ar$6;~M z-KGO)j>D3-L)&wBk}iWPRO)2}CgN0PBdr>1w0p?O2G+#MOv71Qn~L|Oe3t4|tQ*zo zlhUb^hyCQCqN4c_Lq&J;d+Fp+$))~hEuBR!%|FYh6i(`>6b+R%G){gE9ekXeJbhig z{G#ev-A_~98vJUo4+f@E+1 z*+S~1{Oh&Q?VEo#@dL`m7PhYNoAo(XA6(?T@ zA2)A5H!shdzwp{W_44?Ca#C z>;*dM(@*Z-qWK@-zgGSapp4Kj(*MGWfAIOww!M#;8j- z6>i?j3q1QmUcm3c8INfI9E{zGm@|*B|G;hUAk9`dH$CJY=rWioxg^b%xz@Xsscvj+ zY~peD=5s3Q-+uYAz3?!p4YEp3PHx_82Esbe03c;$BVe|b*4O}@)?5YO#cv}kB{{Rf zk_mqz*^_t?wm+pt#}SnK;cH>t{!+9T`JSfCrIjDdDY;kWFDOu*I{n+P!=1BH1#$T! zrTzWjvYHybTC*qCq_9Rxckm0^%GWAN3kzYer`;u;k}H0Mfw5;6Z+?xqMu+xzh>7Cc zF(>ONz{~4?&VrLt1=OyW(hp1%=OGwV&)4NPpoZ$j*9KVl=i5UO|F7f9Z|8KzC1K@ekhP?bam((Kt< z+_lifqR+dP&y=N>laG{t>B9{Oc!;*n7mm zP(I%pBETbfX(_<(_|ekLrdfD~1=E5&bCV15P30nbx=IWmurR7YvYshPAul#S3ll$7ap@W0eiT@tMI+bUuw)sZ~@_WCI(YH z{f*E{KU}|Lrl%))a*APVKjB3^eoIkL=Sk$4_5JJ-yMlVDZt!Fmgtk_yLx3<;oWy zXJl~}4FR!5?yg{-?^vs8*LJ7hR11&Dz{MxWJFW-2X=XU2CR*-(4Zi_QJyLzB?Oy-! zxH+I$Hg5k(J?**dWc9n1NfUGXFV6FmGC$4qrYK0ZYGPVjk>NQ=;frg1Sb7(PX9)Z} z|I@HUbMxvU(#wcayCG2XQIIbx{7X0+{kj}HLe4^K>%WPGKI$CW1)YvmO;#6!_{<`t zid(J12zx8v{d091xAhUQ3X>GZDd!h9QpG=hB!idoY=L$qOAD*KINxS6ELTa>g1n~q zF}isrhCXa-SwL#(RXo-P_ioIu`yw(_qC&%GCZY}T% z;R>t=+l{Ly*v#Ioyl_;Xw>N(h-7T8FJL->_z}VP?zat-FE1yyRNatl;Zpw(L!s!lHJA4R`o2Ms%7B7j4i146%(qj`0 z3_;P0WTJ_6(3fyfSn>6WG0$KFFQIa1h@E0dNh`wNczW9**(Q% z`pcf#6A}!Up&Gv6U0n0i9680Q`M|-^mzc&kZ{kF8)$L;=vkf~S{~4^7F(-7ZS^K`* zd~S3N?TEM^GS@1izdbyI)r=^smk=J>0)IqI$l;p9wPDwyLge+HJ!FjPm$XuYrbS_e5s)#-%OBll10C8}_D~W*4hgnG>h{1IPu7M%Z1_PQ28u#;Ppr(o=-B zarG-w!3(Q~Z&j4|Y}mfc^>tLhSkfERrU z18&5Im5`&0E-Q&c5xL!>WWPUVy3m-TsJ~q+|6H^aXwj}Jzz0sAg$fJkS2mU&6)y(Z zlWQK7-|@_I#2X+ygyk?2~CZ3oFnrJX+UyoQu`NW^6n8ZuXKkbrTaQUZTUZ#;4ibSZIOmh4&m1r z(O*`&jNF&Thr%9L&xXb%)Tio@%V$X&HteXRS~1bG)vk!OX541kBipk&2HRhF(ydbJ zFDCk1kaK$dk(}+I zKTgFedm#`b)ZBCnt2rj`e7Cog-@jB!-iMOHX3=Gjsz#%xCPj)!=2vK*<~tU(#GjO*;HvUPRPxlbchDiHx2 z>4`SO0@AorL)IxlELeNm=p#YJxW%JtHvA9vtmSIlOs;8r)B7`TW%@K*%dFuW<@A8C zX+7(_H_0gXdMZhD$U8zZX4ge==Q+V;Z@9;)^VMtxtSnW&5V|4SSmPv8uG@Ki`$Bm4 zlbJyBGpW^d=dBTd8<=tlXl>#TwH=WU_pd+{ZkNnLT85+)0C#1~0vS0)vy$XJm6s^m z?d{+S)kF!?xtyz}h`9mp$%<6ilAMh@EeP9@jc<$|j|lwV~dl2iiIrVqD2 zjsu^wSnXxognjoRP1;g?6KAEI0zu>Qm{3k%{MP0Fvc@q~=nt=^9=t=Uy)$XsgR6$_ z`rQZ|Cu1r~6&YC=@Pm;J%j=Xd%b!56QD#bDa}1M|Dlq{nfugy?sqMDpWD}wLGh$aQ zEHFcZoxRMofE!4T&sd)D z?d84XfOZZ7cEI9UM-RIJS|$rrtizWg1U>dHgv-xck-#l-byF6V`_siJ6D%=p{0_lj*G*zbS`MyjU6=opBL;J%8S@`9Qm%RKE(3Kb{O|KjDayFW4 zZjjf0jG8Su6hb*B=~(-aLExeOjRWZ1n)Fz&yTW*JBS=bliIJmxHu@qkF7{Is{Iq=K z>?>{248jDb-!r~qxI_p#=vSz6)hi}m@Nv|x{V7p%QC?;ub)nR`$DPM{Y7@WgKk8vjr`P(pt1H#%lw}?&Ca)LRz zE0GZ;VY=+q;?=TG04Z#fB0WvO(~mdQ;CZTi$6Dm@kh|&Y1Yf!Al3UW5g_k2jYVJ;{ z>oG$jDbRh%=?@Ux%68fA)ull;^}XjGwv{-%@z)#Ab`- z#0=q`=DqWVoqZbYqf17zhe45VKq~Hv`l`^JW?OOc-fdZTR*mtxdApei=@QNBH#^`UiM7!le$WHp2ThF-}38fTnbP zR7m1-8QEE?rsWk>GZWQcb62ehbG|fm$Jli+ha&O_b`EW z1*_~x=})i3nJe%lxNnf(uooX`TuJ&y_l29!)Ll>1I(<=hzn5VQD5M9iXuaMKmJk!W@Y zmGq`mWf$K-L0Cr+dOaAS%Dai}>VettxHD{zBVm#(X?Yt57_E@?JxbCfkU9P!slRL5 zJ1(`<@mK`Z)O}MlxbfQNL7qezWm4Hk4O*46=%yQ@S9D8pEYun#2R|a zM7h177m&r<0#!k(^72b}Wmk`~`u#e*sz>p}c%WP_b)!H7dXpHY9U^B@#ABON+z8{d zMyTi>e^El`iH-05j0$M{K~I{W%o3F_^qMciqgA6=H|iq;W=N;9#5aJ=p3BmNu^~_N zxP6!3XPe7~^b8j>umzgt9|n9Mi6)F*qr61Srb0fW_@+%ES(wQ@~DWQvD|- zpdvvkh+(F^J^rph%>}r&EjIgN_y8(L-=6XwvWl~MR6Q_` z12Y058rpIv}rzmO8Tl~ zBA+Qq4z>0rU&Ks$21%K5PGV|MruDtywy3*m8^xD7%imWK|zMfdiOwHj8G z%iY?-3yI-1$^HCifu&yO2enGrjmGq<1ej*j4Cw`GJeYheEpYbkL;}eod}h(EqR4~4 zczLwDe^Nnl2CtPB)a?&;EsHnMws^Jr)fKop;q#^>=~~81^qN*tB~r{p+|;W|y{FoN z7`ZkT(hT~{ex)DNW~Qj(i)%L(3Sa(d2a;abw5~fi`>6JP4cexT$#6s96BOw3t)xz{cxPLBc|3N|FiYUA zl=o52-jb>9_*im4)+bowk@J^JEMQz$Cq`mNH>+uh6W>R%v^%)zme&~Hb>7QtxN$Ii z&*bZLpeQhs5uZ~~vXV;iYJ-4IyZULX8l4$>AF?3J+zGW;Wd#V@ZdX;E_}sM-#5`6` zzp8}UkU$3W^7>KLC4%cuKWi8yF2)rTAngjhrC~gQRkz3D@U%l|@d?OD(a*w=m@DfC z4l7A>UDLZw{fPbNGAVjb7sHz8U#IT1U3B!z^^{ovVs6@xUBsT9+~N?&U@GIC4Dpe1 z)uUC5tOJANA(Ttim1LsyYJC`#jDhK@#m61%=&A|>`X+@ zX>Dw&Sv;c{V}0ckpt0pWk|t|^Yh-lX&e0V>nP&V(+7pY_X$lmY1Aj|g5@S|#c$N`x zI49&j7{cHyt$S3pzp-Sf&`{mwUh`&EZT+sLiNvS7A@kn?@q4@Q+=@z}49jxVnVZa$ zX4va~6>YMk|Gu48W8ylyZjMJFnqC^`D!bMDb0sqne*CBPqtUOl~$Rz|=0~mP~2panH;YV6< zYa@IdL!w@D@gmd3aDnZufl*H8=btY|`}3s&SAIBI)CJYD5`iPs0%aA@6?X=s3+8sc ztQd9lw3z=7Gbe%PySWh1D@VoDXf4ozXpUon+?uH%5;YSV|2Qty)y*mF!DwCZaXzhs z4cQo2B^&3grup!$AQPs4@h_WyPG?>uY1AS3zn@DO@@liU$uFRP>IboEw zK=b7T6ipjEBRXBt7IX&$E}IQ{_{n9``TdR3k)NvACw*csp){}j?m}$7UIO{q`GOLM z^pTo?r*56jTJ=|R@|2n6P2^?5dvoa8K5ps3KNy;^IgRv#8?)}g}DnB|uWy$_MtB_^h zYDF}Tbyhs=YRrM{$g4IQ(QhSp;Zj)i>I8lD(u5VZQu2I5P~hT|5DwGDRe-oZO*hDW z5shxJxd+tSR)2qYaFV~l7wscp`CzEoYhj}p^R^QnKLM8xSH4Hyk#2gJXaixWZr7xk z*{zZ83cLd`b@rvm(p`m3F~B}Af)i9g zegPMLEDbK+`_C#txO`}(2)ytPFQnJqQoWK!q(Itb4+CeykEWzRMAF`F)9mDm)Xzy- zQKznONVzWUd@&BR$2r!smhFYhyT(Q5I=rRNF8MS{_3ibd`G)Y^XvSz0xRRDhMSZe_ zFZO%>%f;O;v#KKnHm}#|%zKA{VyJiaTp~V&D6fgDl203BW)6$#K^zlyn%`S@=ODae z!}^vhbcr^_2#<&~avp;qLeW&-E6=fT_~ny~QL*Y{i-`JR0bqe}0RtP*9yPkSdd95A zEftu-5#Y^}Gu{xqW}5$=W*|dNDY@!M%S`ywzT21I+NzA;cdz9m*eSnBcmukF6IESkH7kK+HmuSE$(9h5zhZi4Jeyg-=NfYoLS>Vy+gfwZRr0U$+lcB zmT-hT2o0^1Tr&lRQ_&}Jj&XAZAUJu0JZ5DXSI};I@@9sJ^?*}ET7V<;{lm?**)rRn`Tw{c8AL#(FGv8d8X?*j8yY% zI&ODsWRO?T$ew@PZS`RX5D`-;ZZUUU$x~^OA=d=*ve2p`lo>@o1BiOiJ+#lqw(Dv0 zm9t=j(wSrqOpsFqb!*4YbxtOP_Lyx}sd7bFwA^!OT&0L*NfEc9-`2B|wTbGDqDR?R zA@)n_`L>=%d4iK)Kbz>jlb%`yj`FgL7+c~*6iFWO<~bZq&mO}xOLS2;Bc!1EEUD*V z%yR8@2Y&bvVDv<%GgmrDVB&jP1IA>MP|A@I&>XC2d0DK1h0l4+ZjjK z9AIU$T`n&W-Ao3SQ$R68mEJ?9HY+}`&Nw{{*?d3vl2}aGah#TFG5%T?n_&# z7!G~31!qAATZ;#9sTu-ThftS*(o8 z@y>0AfWME^)gR#IK2#B-J!eEJZ}i>~<-dQu2Q;6Svpd7SzV@t`?)=CrInv9?DxGTV zUVYhgdSGS6{ALJv>sa@IW^bR~_Jf0xZY*B;B>GO>?I-7Ao<*0so?=2b8w)<^e- z@8UeBu(LRAAEvsI-3$pj=B*T_$#CTxF9@yYS=axxK3HCC!I}CwxRHYs-M;ELh`M{o6SLgvpcB_re6@m=Fat}oJ&c(M^_DaWoaxv%p_!^b3&FEgQUk$p=%^5BER9SmADA!}y1-Rur zp+0rN)K=Or8A;vdpW*XbqRtbjupvgi^71y154We9V5S6>Ek?|S+bulR(Kd~3qkjxRPLpTfz z+nKersKeRt4xr7{H&P^X>MOl0uDcodFL=oMsrdpLIPz@7@RbI>AlaeCT$GOYKxur_ zv54H0kAcJl&(@%9_)(5!5nvF-Y5KN~=XtLgEp)@iA02}AqI7W?U~_MUa8?>p>eV^J zb_2l$I2yvN5O@uMaIQFt$9CuQM!c33@Thly|QbUSiFxx>PyUFkmzA=HH}u?ka$@qwXUaJiCmTPu49tJ zRZGnfcZWko5&rEQH~z4#5R9;-v%K^4g;{ZX@p@~rs@cAqM!MfT2<)R@`7|1RZ>{72 zcGLcpWxY+Dym?`Iqc$JV9{YSFqM{&D?AvGo^Gqdnwp_2Gu@7yC%(@J{1$itc@XTYO zH~pv&*4*5Ln45Hmz^}V>nF2hFs_BvhGVuM8{YJ^WA@LK7v6+R~aJ!9>>$3aPEnrH~ zyj21Gvj3>hCVW70Bi!n)x;FjM}7jHr`l-`$ed&;Rk> za``%dsky`DLK|rgJl~xL(N2OC-gG9t!i<0E=6zjcgz%_Mv6M=yk9L~qZWr72Hd;}| zV}6ulfTJC`G~5T7g>km#c0&a-sf$a(jk+2P2he1T!#_Cj9~VzmVmtzG2qTNj;R+I? zJy=Lxv%|_66w96oWuv_uC`g2Cgj#x;7_A*)XKS9-!)e>^6x+PhE37hzlQS<(PK)aA z*Ic(z8`twXcxD&Dn6)J;1hV|BI!iF>T1>-s>i#~)z>MY;MY^*`6>wpEICsYCW#fPoW3MjO=K&aFB%EXRr(AU7>wMkS21hs(T5Tv`{0*d~d09WN z^iZ(?`HuoN{~_jtaUsqKWlmFgrTo=-GuzAKxQSBwD*Gj4V+f>p_Q&Y)JK<{kePLGZ zazW!cOP2`!;fCjH){H$~ zy@eoFx2OAg`115AUAnu4`>uNKThG2W)ZO@0525U0HA zjq=hsNMMdIW&y*wl;UO`UJ{N^UGqn3aROILSOUEGU_RXs1%lT!NDH5#{^YP~x7V_2 z9CsQ*)|=gxVteZX5^wJ(Qn?d`h9@HYUIsu7L|L6}BGzfa-%$tnkq^3&OCvd7Ss3I- zi9)mGKba9mG%qo2c?@ms)$mv1@V5^@z89D3=5o|O3N%_`EPpbSqdjF>pD@f46u63+ zzXe;;9h=8bvNy(Mw=3WC^h@^)S{DuTIB*Phsw5RWXCdrm9f$zYtyZXeUJylYC(X(F zackM1AWSFQ?^Vu~>s@WT?JkneEGh?kO98UN{&jcPWwjT?z+-A3&lK#%B#!)8;v6Bd;L39o8Hx-q1U%B*pHskce!o?9 z!*vsJP~iX66mToeO%G%r!8o-|Y$oqWra$|vZBg44zmn-PQL|M^VpVy|n$9B5`6@(V zqHUOW&iY|N`b$RG#DNf+8%A9F!?I$SQO$h~z=RqSn$w94joQe(=hshraK>fMdoKn& zKX=c~5K!CPDLy!o6&JGd(w3re;*M!PN!Ss`;4-20L*E~YqC+9fl<;D~u;!zDY)+nh zPQWX8+OQUj@ijdB!oy2$o1uB}^hjVuq9&-~t!rO#%SybLJ38IW9{GgE?*JxHU{Va|{ zj&%NplwetUlh<;sZ}kXCaiIv~escF9im(!eodmn7wjz*hLIXH&t;qGrh8eFP-T)*P ztE4yQw6V=oM2CA;IM^yzS?4e`Vk_TlqUIS^8IuzV*8#|Pyc~XO(z-=QIz}^R0Ex|m zEjY(8U`8kF=@O7i9m>%^gsLT<-+ql%oNbq|VP+VnQbe;pCBMWZK=9_wB2#`~#uE_E zYXBF-$iOU`k2$-P$X-NbYE^c*5tKhT6Yn)w79Bfo_^p$rToWVxI{F&5^*umldk|K^J?c173M6OcD5dU*lL@7* zwLjWep)E>$>Pa!&HCc6Bi}m72Cx|qUs9NsUd*t5b^l9GA@o(QJbv=~cYUTxmLSD5N zev>1D%NdP#@tHY5Yy}t~%Dz4nhTAKN_Nq;?cIgi%?CWxl=YC~go5fa*TYDWpUdq`@ zMUSa&7Dpz|TGDL>zbob*bAK`w%zfE!OLqwV{!7NnlxYsSAeCYqA-`1O&e6`EDgF6# zCn6AIOt)Se2~QJK+J3_>$}OPbQRfy1TwGj@@T+wn5^hZqoEnF2*Ymo^iGnjC{YJH+ z{sY2nEAlqYQcj()1Mz%6yaD1U24|HY&1#4Jqmj(rkY-!aW`J3@yAeV5!Y{VTkI64p zy|byTd)9)?&^A0~o|^ugbGXK3y@kVeae-z7TUQ^4g+X6v?y(o&hzNjj+&Fe2;k$eN zkT-@_-p^%Ls99+0j+nN?;sRukuQDVN`DX069?MeguTS(Bx|?EV20%ilViwY^Y~c-E z0oV|dCi0wTKFnwKA)qWvdUGfc7NsH^8288D z&rMpkfSM5dvkrBd9^-C3B_#a&vUt9A@y~G698{}CNQ_Jes7$^9)6)o^y1(jW9U5sf zx!*#_NVT@OXPaUg76TkrY*;<`8eu*h9=X|e@G$G+z$_vOPC9m0wD)=HU@Z;SYt@rfqu^ z#8bm^UE;X#)7l8UkD(B^i4jBwp{@lwUVg`TFph7}C^ee94XAXL{K&0XY5uOdH*Hii z!zbX0`KU7)rVr)G&}{Up3y^mIa94ZAh!{$85GeD~LFPXL_S(f~N-0Zw3~R;vi!Ibd zJ4d#G5mmDy$pGZiE$5bc9^meZnm~PeW=)xKL3g_M;Nxb;;P>G8NreJ_t8dX>$S-2l z4-MyX9p^gJpH0jAO&mtJrNp@RypnrU7^XdCMGUJ%88xdbp9D?;1ZOqzBNb=fZWi1w z7ck4-hi-nd?wy!>t39b4o0yf)W4T^R<051TW9;_Nc~z-xDQ4Gt*ArG&ycZ8C9<1L` zxI0tW{KXqYL2|n7-hhvyvDfpPL|NC5(i;L~*!fH-jAE!oOOL`lcn{FuDJwes*<%pz z^pip}(%l=yeBtfM5JJMlA^GHJtdilSj^1=p65|yWQvqxoYs(&`z6P&-T;NSNs2Y9w zR+f$@8PuAggYe8uL0@s*>ri4jBtU`#$5}^>;l(}e7h@H_hz7*XlO8^gQ>njcaG>nL{Ta0#q&1}n~3U9zs0U=1^=%RNV z(Y(OKXE}=Ltw*ewan(Vvx=jvJJ8_+L#ZM(nY*MqtIy}u}(iQvVE{)ORP$lPif``0^ z=0aazB|aWdHD1MINfD8}n@WHg`JF zh>s_2z=ywFV$dl^N_!rll}#)o8tjI}n)g2p7@1mBy}vwAsSR&~&~O6D3IZpsZLiH( z3R~JuKAH|l4BHj`{Slw)h3G{)bff4n>WV8aJ?1`324%$dNPlipRlruHH>{8ZEm*n z^CXVRUU`ct{gSUD_;DYvvIg+wy42MVWnJZd!|!q4rAJ%TBCQzS2{LPh9z3xqQ-AU1 z%?A_R78A4ONh8~8u!GxWju5JqJpX*X#~KX!SX7oaHh;sPk#&9{c98W8cq^5^o;ZK+ zlbS;$yGIgGYm;r<0aUZ*?4ZHIdU8qFHnaw9E8(|#OO!o_E18LvYHFApmnf% z3THn}$apJ`gSov1u%{={=U7&MW-v!|+h1GLcF2nEYHN4ey*P7*Bk*ICcG|Sh&4W%= z4WeZBx!9pXPVZFL7c&K0^B$XqmR>@x_AnCH%kQ&6hNLzkE)umAmP*;2!kG})ocZl4 zp-SesK%&@53d}#F$^Wm&rsWsZC-M0wxdY93w52F`&s9`(N-3cHxX6m{EpxN_ol9T} z>A)Z3R#Il$9&XX(Q^W{9OIC%#Zsz=n4*XW(VOsr@GR0qM0!(s;b^~to8FVWPXVG>l z<;*|ob9szQAZHkIUMiH#sH*@T^8z-^Oi}L`W@HNLqP}%?p4{iM^Ygi%Wq@{y@a(vhEy1>(9Lf>FBq<@hoT;M(&Yyoty z?8^91d$SfYJCTOxF|V|05#hU3yAlfAz|6|eRSelU$3GNW3!J{)7lUyJ#HW=P<4aI1 z67bD)a>170?q$?y=V2V^u%(4W5LHgL-;l{U!VI6yvhuROID+*$wz#)Ct~tfCoGM9xP|@C8|+G7Dq#j26tXt9K&uVV^W9 zoJgu!%5yg^?C2w6!*`2|Rt2n>F+f-hsZVG*y5fnk_bprsso-Tmfd^?mo~2b2#Y1UX%d_Fdt`rZ{AO2g#b*Os^kHk zj}V&Ce-rnAGLz4Cp@kiKmVYM7Gm(|Da{aYW^TeGjb$k3TMCmPP*qK|Jr3MW0TnFO}m{x6OLY`i<7tHjSlZr@?Ds2d>O=zno!z_nvDt%?XdCC^;>SlfN3x9cI zn;d`-xtx9dnCv(DrYa$NX*c2bOD~Z7yFCyD0zFXRZm6HMFz)^O=ZZXImRr780|?Bh zy7jl|2E(<_hp5&2Ftv;!e|jh_PSPkW1rGmnQ0p&j6)7ia6z;b&i0UxrJw5TaQ~6IEg$j2+>Khv;AJ0&H5Vf_nYEr{)zq)*3@}ju77%dc> zbJk+_!Qrdl^ZLZj`_k4;c|7>w|KrQaGF#a&-V*5Lzn{7$Yx+8y>x4D3YBxC&feZb~ zCqXprp*@lN07YQP#kOBnf88kk>+hb#DGGxhXE&z7%l1b2;e4k$I)Q9}=B!N~cec>c!#er}CZ&OzG^j;*8A0lE6 zhCzSA2%gTjzW(#V-*xhDE-28Qq|MyOtzr1DDzvP5b8{C7{SRuKb@~|BMq-IqT`)Y= z`?NMU#9EtSeW68)Y%X`Sv=p(wyVJfDL9TGPVLdiR3qOR0?V#M)zlxw|q#q09pd5kr*g977Sf)gYJNodcrF+zxhO zP8yRFk)8T=ZfD@6i-*=(skUmSIoOF2GW&d!ebaHEe9Bz=)+Zcp)z@VydMOHLjT$3= ziZ~FUOiyQ5MSzdI8Hl583CFnkrLCDEM)_Ereb~mF{8|ukhm0UeZnQ7uT;^by+f9tl zA(@d`_a!52O_!EZ*VcW5!Vfu87^*iWJRdvj!LRbHHggC5XQkdnQ2)KYTsVBl5LCmS*lT=}0oK!_ibA2n7Hx|o(ui8vKb4G3q<(J>b%w>4 zQ;4ANZ+@%5f8MB87@pz`OVTNUIexvw!ouR#@%&W3WmV9Dc-R1>CnX}I~5@FiqOoTrsH=OYgv(6 z&cCL5Xf=Zp9YhY$m6PszyZTYQFjRq&ZHdJ)HBRIBf|XEgT2GRxNnb{q)=FA$NPK$ge!S!+iQLB-`yM z%7>*mOrMZuOY=v=z|{e^g`-0+SY*h-+=oS}e;9S`+yZ%JY0OCgt#-seO~8xII~|np zHJ!lS_A$2XG)lrFQ^jBA5~5IF5|A1Gx2DI>>l7!d|4#uu?;u>d>1u6TH~wqU`;V98 zGbSe%0Xu6U^$)=R(0onnd9HuhR|BE{g7K`MVIolA#~Cb&#i^{&tp6h zHRxAH;6`PU!+&d8({}o-#Y8GU{@>F2J^cy|CrjA|ydfpw?=8_k%=-T)%v4Cc@Ji+O z8`XlHK(Rk9aW>ZloTPP8$=@@e!txZeX~s$VmrjYXo?fmQf3b%c_O2fu_m4E$8Qtd> zD`#-oqg=o6{mx9k!1I4URo-q=WmU#k)u^N#bAE&?Q6`^2Al&poIzH4aGUxi){?jb%1)T_!gL0PYUyI@Y%lMkR)EqU0`>3=>E~|fh)I|p` zWtFUqm8`wuN*GQywJFn;CmB(Wh9dlWZv-yShTx2?t*tL4RDBhd;su%-p9HNZ8>1k= zI(_H{{o^{fqP22ked`j!IHVWLvc&gG*E%fdRo0nl7WvJzRCLsSOXIKU`SjeOZ5Yw7 z?IbriT|S~sHJ+X2tswrLA4t5KNG9SYgnO?S1j$r|lL&6xKf2k4pGGYXW|dn9OmUyJ zlqW2685__Db{bM|+HNhk zVSb`}`XK{Xa=(|)U2rs_dG+&HSMvnwnF{h$74QG;?4x4UWh@PJ5mAEYZN zzTxR>$(*ImcSqPXX6N15GvcIt+ zU@1VHe^ihCt5^M6>M~hRqHmt%#GGTcPxHhrx=KD93L4GGxF(=i@-R3!SaP$OW(Uyp zvs{mndQt+ncY25CjEW2l1>ieOs5$ulW zsG<1i_2E2afycXjdD^PdT16{SDMK+K;r$~{mCkJuvhwtDN9o$4iq2eyNImqAzDjK8i^7mx-MTxx-&{QjLH_cd5Nu=tb$G;hEDf+0L( z2X@___Qx|(k>Us*)$7-Cy>NGoYIaT%I@-frF+qss82Z$HImg3-r|Kwm10&-5$$}4g zx2-Xw))^}zYp<8TfL&V#lM~YG}4#l-^_ZPAwQacUy@2>{f-fn(h-v*RI82-iLMA4ye-nmedr_S zgFww(q1x?d#cn@}+*dMnz*VNyR^Z%edJ`YbBKV<~#$gnMm|6~=BIyn&+p`pOYqCt3 zE2|FrfL<@B?yN_0zbYvkP?|0|jozOk-a@n7BK1QED~qEG6BU zhFp{By}2mr#sOx>8cjCnE(R&2o9H^<{;8p=z$V#M`!->x>n`E~P{V%X0fdeV*))Yk zMbz1(10Slgcwv3p9NEmc!lU3rbWcSA_*FxWj&=I$@kdjlvQP~aXNJe%qf%{cObg|= z<+!M4aLy-0v;89(qbpca~7ZI^ByD&(i<=ts(hP6&P3n--|OiX#sLX`3-$ zH8j+|E<=PG>w5)?GTH_dm$`x3aQZ{XVY;4P!9Q(>(uvvj%-?~hdV0AFdzm7D z%#{-ASD#wX`yA_F{lY-_G53LsPK1ibjfeS#^#IzOPy$qeIIip!_;;YQIP$EIrJbNl z__>pLI({oZa?W9jy!@F;x1IVj6dPXHbbrm7oi$%8=@e|hHw2N9Va-?%*X`hiVFFe= z9wP~xmkZdS1ay9_eeH`;Xl;Wy@_oU=EBZXpQ-d*qgA0XgZ5i6vGX^Q7bYBJJa-W^# zPedUXIWMl1I>OFM1*um$eK*ti%4bnazM_H`(y7dWa2tPvv((Bq`6nVO_B|`@0c`j|@u--9%AZ+G&x9teUtyB`z)&? zKX*lYX&;$|jpBQ8WUQS-)w)yf)(wllmH>Tr&}KJVeAth1e3=kZy?6=Q{ivCa_U7|= z{^!@lM%=q|bM67^wQ-i7!}cI>isS3w?h&%la%JOFKEQ;p4CU$ER@nKhEZBFNS~`uL zG);E@0pQNceD>ckH;ghh7M8L-wD+1yKilBa0D2c98j}C%d-ut4xcqYKqpRD@-&En= zfi5#gD}Ct6UeeW}+=3tdp%O()qke~KVk;Ncq|CmYQ(_*n-)_HV7oi*Do7*JB9C%NCXAI91mGZID`nMrW%fqlANt)frbg?VddO zu!u-ySCOe1R;AohXZF;W($d%XaRVl5H}-h2tps(i_9{ZTNDU@pnK<}-#N+@bqZXBd z*IIL1qLXxlN4p*l>dQDEmU-Rtsu1*DO}rzXNyx$~-^F}+l`xAe?A6UW zJG_Ty>Th`1*s$G1SCyT&xN@}og4L=`7$&;*JvnN)z>lXdxEj$r9~3pjJNGl@aGue~ zs||xXq8Gy;2Oj0Ru&O53497k{RS$>Y zJ~ubl)Dlx-)ftFo_aixNupMq(F0`u^%`56)`oIU9!MpBSy#xv8bI`vhJk~NW5HZK3 ziMCL@DA^y9-1&JDRpDo-TITxnB154-onNr===_P=jlP`Rr%F)dg4oL5n%i(VUe8?u}` zwO&L{ZWpb}Zumm{KG6rK#B|3k)Hqp0hmWa1wW+Q^j=j3lZQO?|CJQr28@O@Ikh#zV zygz80ICSp#`=nMLe|ZB=P#b%!Of3O^zWiM?^UKq$z_JI(Z*j&^QN~7)#^HP5Lr?Hl z2lp+0{tJ)t-`SO{!;cP`2 z?&*DdmM9}Wq>-afeb?Y!nYF-~2wsOaWphU6KK&vuWn~%vor4b<<~Qd0#(8wd;&O{# z7+L5u8Ym6r9H|<-#~eI;^!2%pqZT>wyLJ@ymEc=XQK&+<+N$g?5wFT9QHSvbNBX*# zG;_1Hsf>G8R18#uTNIx*TTob2zz&wP&*c?0D9kR}6_LwY0qjhGPz6Bm(v!~hN&kCn z0^A}(ud8$4&cljYwdqGt6Znt~@@?R>A+;;bhld-rnYV{JU7&LC!XbivrV<$Xa`05Y zt#Uh4%1g7nh#J*$IfsCpsP?jng2c0_nt5qu6nxP=y7NpB-^JhzwlwQN3XsuAP5@ zJWvV=vhejuwx=t0JESKLM@B}Dm1TBgI^8DU872((LMy+WEn!VwL3R}ACYsEx7;?j< zkGZn|p>lcjk<8&6eAw{caw*6AGx=Cr>x|j3Vpk0RWC(or&r}_1&2%E!^~3)zV*Tal z^WBe`4YjVb{}v4X0;JQb$uB|O%B7zE#sB;bfRs0_r37{nayJ+J>qGu7%uJ{rgRBWn zLeT#;PK*)2>D1CV|J`T)g=Uu=0D5;~EwZ2e?^Ng?kI=;ecVd#`DgSPC|CnHTcN&0z zad7`~_9CytACBXfXTNtZzu5P`M+;;#53gO` z52O0Wc>j3RQsnXLZ5H-(|MhwS4notJO)b& zomzI$52F)!rl=VF^y$-kru8ST($g223DEvdJk(VHk2V?ie$e@gDl9!WHF|4?$%s^A zZVwQOIe}=5TX8!`6@eYdtuN(r{&@cMczd$hmN0;7pbdXz1Qa4EC@2DTbkJ`u{5J5t zlH=q|Z=H7S7Xp++-E@CzLBH5EK)MSkX)?+BRCwXnlXWsMQEc&hk4v+Zh4&dpd zFR5X_*!sr)8R-i+4StrEm4F{)RaAhGpVV@K;@s&YU=>*gib*^ZACBD}=!hRt;W_lXV6NW0;tbWm{W7igRf=eHM!Tp2iFYIS; zfV^+}WwnlFt{&-;jgJ2R2lYS&C~qSS$Ku;;7Tsh{H{d#ZgBsAQ{(* z`FK}NBx^02y^`4cD zlDvVsU39q|xAZ!81_A_*-MzYvqz#}1vKHlCxog$vTENuI*imaVjZH1-9a}a zb$0xRnmqjWAsZeeu_SkDtAom|64~6Lqp`t0kuAg~!f2>c67Bw6>CiKIDAgnzoQU!> zp?8HAMPq-{xdp(V9BfV8{nb6ohn!-&viJUBs=~kH+VHu zSaGsAKbx=^Oe=5`L?elcU#vndX(Fn4paA$b&~LmCo5~G z5ON4T^n;6k;Drp!uLY8Tbx!$Sl*~F;?Jt3Z+S=!)4wz(PY*S^ygK)p2vWp(z`EdaFmD!J$aExsFhBJxeT3w&$&r&XXJ=17< zJ-g_%gmqW^G{KC$=_40(V~b6e2+i@$heDxQ1psd~^U|meja+~k$Azd(Iy#z+U^h_v zF~LL>at7al_hcV;07^#p*>Q;Oqt#3`fHTdkpKR*8A9U`lpxMX*zNMQ~x98-TSl)>N z9kJZIckhhVL`!E#re3Ygx}4u3$rO$sLa+*3KE6$rkM~rC6=Nsa9LI7}eVGO^h)-k0 zuf>y({IIWZZu=6(A>}^+@VYSC2~RzwzEFiC`S`&aFV|!$MO|FQVY@@G@&!(DrmhTQ z!=$RMhytsL)gi6~i9>0Er*V!H5r=jq+?@lq;wnMz>w$MM!N?7S0~(oISa|VKte5|? z>mCj*1Q*)}b~+#l9O>%DP5G5?c+X_29~gU#HFc+I`pJ%u5vS{BO6M~T==pUospzb? zRiPT~LJ;|5(5Xh@x+yHAyl)JR+^l;C+D4E1*+`-qC4HE7sO3nvZ4;}*8SW?qkx^d^ zC$VQ%WWsAqe5F^b@kgbij@9KI*u3(AqJ^9LM^u)qD8#dQ@n5o;38gg5kr0%)9i8$^ z{Oq+jBYl2Dqb+C8F!{EPtEqJThKAK-jpzN5+4K-HN?!r$Tcic#_8go3+XlqSAZsl7 zgDcd7q=l1TP1+t%$}I-;=IfOPzHTa-X_J24!G4E+c;;kWhzZ-^ z*T-U#kqd&xtwF4Qo`7V%zt3aWXWE*42{L+6Tg_roYhUq&89fgfM`wl$`=04#SZC%b zG-wwuGTK<@U9s$YID!2EZ?w62!Bj?i`y-#d(xGcjc==GofpN7F(FV~ZNPSkW6M@YN z3Eqd(8^h(weX0D^YJB}XnQOZzef^9Zy;G({k5=)57f|Ev7+g1o1Qa0xC7aMfKGr0O z4aoz1Gh)piN2pn~_japU^JQ<;v0XCzhM&T09lAq<@r{1$B=>gA7I8Y#ERiG)*Vc_Q zX-lPXcc&I}uHFD1P>c2TC8FyxMfYTjN=v&jJN3iF6+}sScM%5t7MOfLpqdcy1CNYy zhk8oDsm&6bgpJ`xg?mm#awOJm@9FfsYL8l0nGoZUR5X52m4xrW+U*&7Fdr~(quVh% zaafDry?_AV1!}QEwg0@j#Cgh0ckX_`(L!Aa2ixbjCwo!1J>q9)!jb6vks*}Ejtmuh z)g}lNHix&FRGpojQdIm^ucDCX9U|Wa>zef&%CToSKO!+iunEI^Pw=741v_b#O@RxS zo9emjOUnm3fjMidQG**3yPJxsW%oE36qnL14tE+$jDd&99*&--E8>I8tfM(q87>B| zkz+RSy?|F7W}~iZj6t>%!$`1e(@O`;x!;BXJhNs^7S!H5(oG}(rko;!7u zlo-ym3$yFrmkPpf9KOSI!;KxQ<2L8^6aDbO#5T%Rmxqk8o%izdfg_Q1YJR&l5oRNC zCOLj?^yN6eOVeQL2TdD>9KI#>>=fDxCnmQ}JYc8rm|jC}YgA`?&sfzS_zKm8 zAI-hnz~A=C#$k57YU?8No8Fj7HI>X9lH9R&3@Y9yR^WEVHnzic`D73_eiT z^Jsh$vq`8`Kb*RBw7$5%6B2nSy@&mIWP_DHF?Xv_gyi@l&KoN#+Ct@Ce{TR_FwYBo zxx_K}cI$j?@aGdZ)32X7e?#8mqx7pQp%0$ak4y)ul8u>$dq*dtcEM$dmDJRNb|OfYXocR?D@8tPfmSg6h>;63nHNmYVFgXKs;Set11oAAlB2N z?gn6=a_+QW{rF|_QGr00tA5udV6oV}pj7Rf3De51(%sRP>J z+rv&_Cn$=hFT&kt=BLF7TV$zrJ zlnIszwPEQb|H2aDwtP1=+G$Zd-~C23oMzIHWZ4A^k0A+H;wCeDW7Z~}4~%N&8zl)! z%z_SL+}jb@Oxd*5J=`uS%Y?N1z=9ll-8{>-jd!ku94>W>RgP zLso1rqrv0itBIpiWmc?;%Zg!io<*Zw-oeOr#D1G|WT!$3Z5*T2m?ht8n{0Rh^_v;u z^|4ZRbOIeaOM2;8FGO2kKTXv8x z1Z`5NHry(Q$xXKC9~BoQQp4OWoF^sNY2$Q9B3+XxLtSX)_S25K7A;BJQ7SJH9~xKN z6smh*I+|^A_6WD|1O-k{iJ9=7@MLrnW#n43Fq?!r?YiMiExLqK4{Ppv3Sy^&tZjpI zjPB2)Y}h;_>NE!3?3cJJoz^|6ON%2<-9q2P)ghoU`$=odIh_g%BCVaCJvCVIi)(Mz zg(=50EN=*jv0+u+v6Zk@Ww{AVB!7|ycJlPnU34JYQe{eaFX_-}vLgW8k%%Y9OxUH{ zAX1FI>)33^c5+N;Sv}<-e%5BplgbXf=1A_+2yeB-E}un1C&M=x>OP1!jIH*{+VhPP zPPj)Vp4iVcb9qI@)L2iLD+Cg`yJTa{sSa}$Wu%lSjdX7Dh0ge%sIS{jEHWTG5Vh}o zX0mF0`he@7_Iqr|#YQwAd#jApQ>w@#5}Q%#n%q|=KPPPTqHL)uC;AxSml zrFZevSgtGoyu;(6dBRB{xKz<8^3=IF+&7Ndw{)Qlqp>3{2TWe`BeX6I>}M}<8&`0x zX`D~rP-u9kKov|)_`)j)VXf3CzQzr+Nk{ms3vYWwKwk3?_t9Bcud40MjzATOmYt1G zM(I2c6V<{qsJQE_2td6lK1oj6MlMvQOhRgG{c#`nm`|@`j}-djt}X*t8;6pZEI6a0 zH4~SN6lQnGZ)Hht$E-`xdoLQkmL{mD01?S>=AhF%%6a+WFsd=u4mdUBJu_T~x1DNP zK;hc=47*k_Bo~nQO~yBDJSCqvqqf8Fr4}ow>dd*H;&&|;TzAc+eN=m6`I5K@v-VpO z7U@%h&Y$hY5#b`G;(bw0Qi(N=;)r$G1(G#IhXZD?j>?YkFwk6-uN66iEH;v;#V)RCjc2}BkYl*3cqx<HTIbOvls5g_8NLv4~MQJvc2LePN`U?yAZ z5_~1-wm-}=v#(brrrOI^h(ebaE8V0}-y*s^3&3iZKNaav_yeB=(u{ITPMz->SAJWIvS4{bx!T6-izhHN@9UpA@1=~NUBYVA&q zT!~f`3hNR@&MD%BiKVTf28@Cpht{F+1mstoghiTdOT|8iT*(~n9bITpQmV=k=E{_9 zbWO>GcUeoxyKwAcki~$b`+DTg=xh8lBM{4J_f#u8B{!BZ3+Kbp5XcbQR5Ffjp>}Tl zDx1+bOGu*t=r$XnZ8yQNbpK;PPej}rYH|3EcAXkSYFG>|MfH-aeMc~20`nI5DU+33 z!KGUCzhiD1FgCE57XnWJma%@I_#pG6tUC-ls}L&UGToaM5635)oqVf+hRNFRt5&5B1Pa zbPuws)v3s7(k7DA!UcjHDyqZG>rD}94`wl+JM~J7W!mP6l%+*_d#DBP4>&~LpxkeI z#c@g?#sBRvom>lr#;;*K9#nCpIeQB^1w`6r1_C>Ozb_y`KOuu` ztWwtXPC+M~;)iz>AlK0zZLGOf5`S5XvT@Fd7A2z_1}X^(^hA;CZpcU_?$}SRH)-Ca zF*GR|wUoI7W+U=#a?`2p-S%j|X!xf(n;tR5zU^Ztym7XvqQTTqDw5I0I$g-X3oFu! z?}A{wjmOlHv4B;R3R$CS;;LMhXTSPl;v=ZnARkjphgdd!Iup)4?`03o@+s(*Bj~3( z3d+)l(e&vdyjxpP{^_NnPP?VX(5LvhtL0~^?a%~B3bx2FHUTS^fG@Jk%lyspy_fIg z>Mc&CEw8D#`sug7Ky{D9+_iIYP4o1Jw6;m-8|=F3&E4{7Op;G%F`p-D4%*tM%ZM3U z5FH%6DH_WZwNV*IQ#-E#?WJ)tG;uFTS8DrQC+=GqDcXKiO>%0a0u`_A>MoT7c0%H= z?p{U^9qgvO6KPD0zzoht5V7q#Gbz;TU{SGrn628i=OWa2lv{unxX3-Y8)SLdG zyJRjwc7VOkdjIs*bwroF(f@WS@{9!nev!X<_j>A&{xsSZNjL7!S6CMFbsf%1C}h3Z-zEQqWO%;?lb3vXh`>TqNKkl4H6wJI}!1Bgd8?g35i7_b5zdRavknwlvXm zok|-a*CVt$Vs#)1d#9}OwnYp! zkM>z5t@vF%yRckZ13d(u{eQiuswt5m)DtU1AFB3?D$Aew8hoOqHX|d0DLwQQS&I$@ ztt)wfeN&@op@vG@V*`_PBUpNUQyo+b$*?o}a#bYq{w9~!^GtX`pvnVKzl|VKui7zt zLnlt4ErKza_G5dXtMr?ML6j(_q*P|urgeQW)v02SnW?%odeqmT4*&H{A%he)QAIPR zC=;b%{Ge?f6G+`w0&(u^brLO4#zh?ViM9Sj>Ma8M8LzFh2Z9W}jnN0KxPlkrbW>b= z7Lg7URh|kS)^vB~(nknJ*f@hulZZb-Sh4H*4V;;s-%U_*`@PUV6jL4yBwE8tO2~gg zZ~%^{oxL<2C)<_(^CsIC6Z>c=jZJcWgDCAYAXd;<@H=H!$dA!#eJ$;ki)`52OQMcc zHetRNX^o38kE2nu4TDHHNg5DQuG`!~LWsOay;4h8^G{J^NhL)>Ty!7Ct`M4mvW-UVDvB`MW5l z2Y*avnkV^&b2#>Zh^3!fS@nc{RjTcXbhRP^Y@LY*FB*^@ko}QjIBxsF6>};Zl z-LMbe&CqY#V_?lz*f>(uV3qU?)Dn7?hnF{94Lb%1R0l&h-iVtEeVON4VTQr{L9&iL1Nm z*t^zU^@BgOAf^q0l2{w0lF}bYFaQ*HVv4wLjA+DrA4cE-5^Hukh`M!qd7#$I7-5fo z0rU6s8A^3JT!jzWpS*nQ%<+HOvIHz1y!4#&(X{&)IBCr>edas`6YWhN{w-y{VWbX^ zrN&0arA5@U+nH%C;SWNY)n1!2Q;J-hHWzD;5p{9rP?4Cok}bl%FM+IoXi7EGcpaV9O(vUmoo|Qewh>3I&ft>3cZ1*b2w)8eC6#z`bTVYi*LkjA5S*@FLze8f?KjgH zoPzbCdSke2#*8Ptxg*y0>DqFVgtPSFM72AfVL*&-64Mzgfb&_9z$`~s_ef4+O#BYY z@RJ?L6JWGmAjA@8VeqGy3;-pbm@1z@bI9@SryTVw3(aJN2{r_2NL#hsVx$fTnuw{!Z<#J~$dbq^YW#DwKxD!thukxSN;|{@5TGmSnr*cQ>3CeO~p%la!>J! z;zga2)Y*%Q?6N#18#PANZYk#*gg%P1on@1SY0uEBZU+ROJIJEm4z80(|Il~|yeOf_ z8!D}KI~(|d5s*O1r6xSMA1u1W ze!wXNb2jPilN;`%j(jrne$6%&?XaFit?J|=x=hnHr^}z8V`AAZbT;8fr&SJd2ZQ9e z6LzpHWnm`A9p5L4@mv>n>+qNENOGQ8R}S?9?iRA2qZs=blc>a3YcaH9vBbm2gtBd8TfJoT3%%cuV5lE)~Km8KaXV4WLSgz+QUz zy)6mQ){ffYe5ZGy^U_}5O^{S8OI*>}6dV~Ptu=9X&48=tP53)nLWk3G7~Trf&2Hg} z=Rl`AZ8hk6m~6BouM#C86`U3z2j;p*^g_m~n;gn-IPSj5FtJ=%4EL?fw`_}aU7hol zuXmPZV79Otzx5{o93wl4mk{^dvLx*k`L$G{Q^F8(M=bQl9_jS;KxJeFd@-Cw;!5;Q z)h*u(J1D!NnV)<`52M&*MECh8Kfm8+oKxn$%q#GqOIEA@r4;qM8pKx?V(U~cleR7Q zWksvO!$~UiHEzqiI~$JFMY4e1K3Rtv5vQAN!3mZ^FVVcvK+0?`X_B zqQJUJ%rAZ$pk%~Uc!;x7VM0sGXT2Qs|ELN5N#94C;G+rmsTMt(En8KsC%42!4WuLp^K^_QhaZH&5P6CsyO1atLU{aQn>&q`@dXMqn@H7qLo)b~uT z8T8in&HV^E_CWV;oFp$$eWC^X4I-KHT}~U3Z)pB-McVPPnG`pJ#=Uf^&~rU%qRh1C zd9G`O&jp!Wgw$f@2)M^i;R?#2Pd5`Ms#caVORY!#5wtP!9~MbnwDG!1 z_usB9*%|3M(K_&c5svQt0PbOHn+tMFs_)F?1BhlpTK>DBUUhssbZ#+QF#YzJPv1q5 zCEq&Rj0m9vRz?ZVHeEQ=*R?kiLQOY30DlK4ve9lj2pxuN*k4`bNR(H)4}dEoZqiv) z7(DNc%3$rW0OQ%ltYwpgM$Ko-x?t;`Yp}u;B|5^hR3l^xXq=%8Bq=qobWYH_zYN_M zF}L`BQ){nCU_-)Soh?V8?p?BgnCRN(jndB;W$iL4c~oV*LgjuflI z8ol4jok;ii>FFkCZz_ijvFH^Xle|+~Nc;pA#$FZkg+cVt<};tDBV+X1UD3(zyOUZx zRn|S6V-i#2Q35EO5iVtX0FrN(9ove*15@1L3sbM+_MD(B?Najjul44A~ZSrin< zL!P-jI%+h0%g-lzm4YjtroN>A%y62FKH8vG$0jx4Fu54rpfnph&2WL)*q`+J%7^Ed z(r@22o_kCr-E;u_4D)aDaYlS-6zy)ai#OBYONoiatG{y+cQ2)VZxmYQ{k%!ZoMPh(F+qN`f56#b^?oyqeb>gw zDB~^6Ep zN*CB#sPL(faJCp^OC2AVX|%JC14ZhobAA9ZvV$#r=9?uWD=W<}fuv@Voty>R{e!z~ ziPh_jt@oK}i(uQ6TsDzyNGgkO)UKNrwKP4WJ>4;ApH?}+i?FPs^-q14(K!jCo&mB$ z3#W^4Wk1Q#!6c9C4hr1YuQzfo5Ck;8e$)1`|&QVuG50k3k}0-n(_QCU#YIX*L!DI|8Q*l8u6rc{h7g65rdA` z?CmF*zO<-($&&LWhVQIU8m<%9LO5?XjI7^6eWLw|zIx23Z3N&4c4~ zD(wUL-YPX|rM&VcjNkcRc%nal6?k_7F8kU<7})EQ_Whq3XxPnqgy3OCsGQ(@%51II z&X#X;sYI#`w1vI9W^Xo3{9t=P#sLdIs>44htHn=_Nuga2FTLEDZb(@o3~H&*0BCfl zu=}e>=NKXhDOP@a;O+|;-GJa~FnNpnbc~d5WNi}+>;5^LA4{Hf z?T5CuWdB5vyn_eCA>^(TPKJJVP{v(8>a+Uh&rBVQ#v+pk$aN6JW%H|JbxX_!AKZw_ zr6Jj*2FUx|9w6~YZ_~Yv!ZnM)Z)wnS!E#AN=9=kXaa#H#%oD>ZZ?XBr_*Z@pIV!E$ zZXO_PN%Q;sqCx~_x}#lr%Tu(9~6RQ zGS72^V^;>o*X~-pYR9z_qPwj@%=S1VmZap?UC?9VJ1Ag4BO|*B;L;sO+f`Mwwul!} z=X9oMEi6&COX3OOaa`+m!9=X+O6W`H)oNMkDo9fmcJCk{Rqic3f+_eg1P>cx+tM^N%~Sqn@&4xNcFIQ(m)5D*J-+aI zGMxiPzbQWsxAwgH40pDMPc(vx(zEpF;_{U(R>aNt`TSnd@^TSaGo z)PbHWJ=*2)b<3mn+iR0x7_Fu1kI~%2Q9uXgar(9THafLT|*&E?cb(|gFCmSiCkqqm!i#pa-&1z~nSo}TgTOasHU7hgdZ#Xk!E zKo)!evgi)gX+1Wczm7D|^Y@10wiE4aoQWb|9%+p^-twL*Pi~Ez8ee0UOf59BIB+@; zjxsRMgn*g*>o|dhfPSc#s~!m!HnLM!q^Q=$dfgIytz@S@A4V*X#lw2w-OEjNiDQU} z|Dh@Chq>jQqLrKB00c{EmwYq-xGPCwU@Xq{khJfyGo&MvvzOG_iAa`0N}<^b3?F$k zzrVZ(Wc4-tNN0o$eKfcFE)4W~jQ8HHYt~JuH@j;WD_G!C1Ukbvhjn|M`}OKrFcWtK zYtYGLiry*^=an#(c+!N>#^Mgbyj8Ky)Y9zi&;ES|QK+1Ci0@l7$FA0;hJ)LMI*y%h z)&fp6E)AEn;T``Y3->B_gI_TwfQ!->}=+KmebE9rEUiot;$Gm&GN8pmX~gn)=D*Q z8?Hhvr1)!aX3}!zek|n%)L-~@{Uu`8Bv)4t?i{w)LZTxiJoa>1zJ_wKl?l-H!&HO% z^_X2dzeCQym&eh3_r}F6vKw&ynp^yv^LkNL|4wT6rQQY_9o~|XeB)XajS6w(FrUAs z2Mm{TU71h58y#c5Qss)N!9~d(GH@rmd`4P3m*~lG!IWP$3Trp5wN7_cuQ!&$;p9jo z-;={89;Ys{Op>7w=A84(?kIQC&!rxnQgghjWWJyjzkkTR=d;W2Q)7FXZZRGX^h2*|c3x4tp;7tjs;h& zFyg_I>$Tg&uke{s9h*7KjbWH2>#f-*%;is!1;W{We^6~>oN3|1AREE?55Kvye-&K4 z=tKWb(xYpaw=qa+u?ZKNn`%k#fvobRjtN*q_K4&h&MwDBEwlZx-2V2&;cS?YG#2|nKuv1x-u%LXC$ZHlLUfKjT12%zg6qW~eMl0XPld-MLI}?qap$Op zJTBE+u66abfba0oTjkP&sW>*J<#``19@VUSpnI1QieokR)JO-HT-rCeUh4hu6;d2T z7gW{9(3504naU)+U$sQ;j;r4ps@5KI&?Xw@TFvdyIq8G z#&U|y!-y6o(xeKXt7lW36QkTHJGCY_w zYd13Z;Bs4|Eaw%fd~;d=%VB$ixi(rVaC1}+zX;ONA|_`<_^fFH)aYn^c)h(Xg$YPL$w_1 zs6vulSRzZUVvn2-H5nv`#xpisyTI@gvI8o zBu&Of!SwS#69$>ie=TNuB;H}=A8j2PYDE#lBQI{M_dWeKDZPTbCOe<4U9tUnx4bx6 zoo!M{9(RqXKH4(mA@5}EI>Wfg$`c>YwmVDfcW1;H6h_#UtX|$QztGJt-%cCmaVuQ( z!Nq1skdhf<-DLJd7`(ZSJI)NDDe*mAH~;3!AGOYUn1Z|l1}03i^(QC(4;lP3_WXIp zH1T?UeotWFsTu&pR;=Xaz4DoVQ_oMUUG0vIRAL9y;wQZwyIo}g(#QKXuv$J-HBr>q zdi5qfv(qf~-X#;f$ju2~W?7~qzN9i`W`j_1vh>eZd#l~mn+$@@O;YYkV}Uyi`@QP^ zciEdt4~UsN#Xe_F!{QyGEPV8Wk6!xPY_AN^7}-CWc`oT6xmUiH$n;?JYs`E5^Lj@< zZ}Zu7{Y7Agjtij+Jj&<#Zk3O8`gh+sIXspXLnxG?ygJh0GxjZ>f$7yiZMN)MDcD3R z@|K^hcym3KkEijQgDJn073}TM5^H?fF zyk4O>YB<_n3AViU{-P0KR(z~=rzC`}0o5C)TY}lISegglw%uSLU63n>sn2D5YHhYa zbmrc1RX4Kh1&D1hU4-)MuaB)Lf0^mT^Ji~%c}(c~bWr#lE}NSo-s>=KpwpC7+3Ht? zyTHU3KF^Imlt}nB9o1=_Wbxuk**}mF=WrB|t#S5CI{XLJALt8B zi~A5ZZs+P8ht1N^*VSG6keBL9;C)BU9_fl1o{2SZXaKNEh-T&^v(|9N3Sb?-Q~wk0 z^l#tJ+_$j}{KsAZQ$Dzea+lk98=%uXsB+Me!&dpooK=>H@Y~$%AL8K+$)py?uA*0Q@>6_E@)%p~qqRsGx0QFp%jZR}Kd=Rrtj4j! zqmI;4!=9Q5QoM_7so*?aY~gWsGEtayK$dV0GAp`t+e4kja+fAmrSaR38%yBEGZ#Q( z6b1BZO?RVw=4_3bg=5T8O`3^c;~2+ zF=zMX=~VKvj{XH*@gsrpinbSf^DvvuO`(u9mlo+7T)bl{6mKY|~9FldEt z#qtQ=YFF%~7tFIsBozEAzM7i-+ z5J0R3Y(WhiKy_r!sw$FAh6ywVE6}?c4;n3e@^F|*RMfZs?ci5u?^)cKIP8m~wNY8> zPI=xHD}e@R?(?zq?+INjO)ICZQ%^bkWFp!lbY7*?n$fHpf@`fkLaT;$Qf#YSBvZVW z)RNqhcH+}HHkl?I?|ynZPH&c@X8YUL>z{;#msLHb@#VFavRQ3DV-{r+VJ7p3GXsSI z&J1KHJ0I~MotZq%C0oJtGMF7ph(%5U}60pScEdn<^&Rzprk3N$>wgq*R=8gO((M^**HMJuzXzuJ9 zUhFUiaYoxP7QUo0z&SS=Tjz6s|04Pv~`kMuXzyj@uKEL$ z(_^V)Te`;|yTX;0Iy(5Twe#Qg;kQ@jpak+gy|nL7|F1#+;~6VJdAdwivg+pVJ(Rz+ zME{Gk)I0y!w)>RgF@5k~9UAPwh<5t=M1HTq{*mMV+K>I$c{_k0?C5xMul)Tjf8Be0 z5AI8N;V)hc~s^SbV9q_BGZxJ#2}i!Pk1 zDLnVLFOE@fnsU6a^M8V6{sOIvJ*Xxc^6f{b@6#!kcRa0iC45Xw45R3I+TrtO&<$D7 zoD_*P;GPqw#y2Yu!kbU+t|mhg&!?~airr8dy!`Z`?Vv-{Ke^5Q6J+_@1)m6@RE%H4 z)wCaFW@c7VY>Z;QhwkNeSD5mK-uNb+y0NetW9s1d6T*v!Hg3 z?e1I!vVXJY$elc>e!Em5^n*pEJ&LxbBI`*uWg?WXooa?O?BQq_3-2-g(}?}we|N86 z?qoFF+}O}qLGtqXO4II~54cB(nKubsp_td-n$&yFP*UDd5|?>DEpv9r;@L@4Q7`#S zPWa}&niv|7W?y7~P+RQBaNT84Oem3JCAfBfOC$Sp%6gJ`$j>}pItIvT_yuC6v!U%r zsm3q-$gkT82DLqzzJoaeK*>jT3g(RK1_xE!NQVxVv)AV;J;$)0n;R~753Bl5j$cRZ ze`w`rFc^GvQ-`g7>&37A7EX7n8B^~C0i<-R|A)=!&9#$!<&Km&`Q|Hlzs%otBpg1H zs!j_TDLz@d)*vrZHGN97EZVEWk{Nz6s1;M%(&K42lp7rq<=@NfDPiY@(&2sHS1I)L zTqfJST(=0{F@2?PmyIjWWnN*B9_^v(OKLG=#4TKl3kQPoGA?t#(!rCSQHbY{fbg6t zM!nEN{=vZe1!2!ruHTtcD^0&(ixjvlDHcU|H>1E3XD06rbb4Icnt%-_j^Tln&X79V08>Zoe;a?4lRSDR15g>razGdrKZSG8GH_ z0uj@3p3C4;&>*;0tXtx@BjOKW{WTza(^*1{Kx+x+Fdw84;x(^e<%-vA2;Xh}a6Mz?Ja09h&MOtN;~Ih%An|WO4ORW^*QFIgYPFTAYT>01JcTtSKSr8w z=d%!N-}kiuq^0saT**IS4#U9>XA6xZVJZ8ZB2~Le-m`@}iZpae&et!o4PQJHF8d;| zQWPJ=kQ)D1Emk>{+p%?Bf@!#WKbx-UQY@3%?80$#d`MT7$9l-F`p8afgmF*?sHV^G zLVFr%3TEY7D$#u-M=s{>j>Zz;SAR!vXQ?XZ^c2R8?l?aB50osIcKu*2>*!L_XpXF` zEXJ{gqhr*~ps2?^v(uAu4uPdu;o2$wYESj`&ssL@EcUlDn2o}7)a3|eD>`4d!uWTw zi>(ghOK#I4v81M^NbCG$<@4I94&ogJ-Y1HTT@^Z9d+(0+#I9FLXuPhUybbNOaW)%oS+l&fnp-{J}NE!X29;;V@DlD|3uGZURudJiH5*Rq`Q=%J?)AtB#VT z9aj62FH3ny7cG2R4CK1i*=cDJbu>HKZx;m!fN$Nd32$YB9JAC;)r$Hy%m^qPjc158 zZ7r(=r3AOz(awZ7X!fe@{1T6^vS+ChTfc+6C&KAq{Lk`&-QtCG=>cZreurMst%Dt5)|cD~S#_ywH;pS_?a z4IFdpNTxHLyJCL(E5u9H#Df`vkz;e;moRd9q+GtK_fQ&SM_x~krnn1 z!tQbu92^;@Xoi!+R*#N;&ojN(sH#>Vz6~MKkUIY`k(#rUH7=Xpx%v59krdnQh#bYm zBb=gM4`yp4)@NEvDAq|YFLh~U+I4<1Vl)mANBx@N1VJ#d@-qj=-6 zTG+D}bqs}9&nE4;&}!wMO}mX2*C4VnN5wfzWHa3(UeqtKKZAR9jyg)W1?JcTEIpw; zqoPokCwzt@_-pz=jItJ_DdF8oRs~b(@VYhYIv|w8v$CSzSn-_8q0X14#D@a96>5~K zUg4?=kyVQHF+AYayk9fjuYA2!!~e0~37!dnEYjv-rVhw)u>km*w}FIV-dxP}rLRaNGs#>l7s z%;Z_1#mLFY&)4VrL#L=-0@GzacHfne{%}g8H5;knO`!iE`t*U>;LA^TQ~C!}9cJpX zi5InXD*QTIwG-(Lq;CvR;Lo2B+SH-#Pw2Lj75op%5HLtZh65hnFL2#ur1+IP#f1kt z@+!z9oxjY;IBnffS2vJi%bN*gw_o3RGw;~a^V+WFdBKx}^mzEZJO7ccqUmSL%Rl9j z4AAk-pD~-6yWRL0NP@<}tH*gN_~N1Vr#}h=UAg?u`^u3x>yBW`SUOQ}s;Ljk(?iHh zDx}E0;VG)2rz3J;l?R=r+CIE-8^@NS^F>z^kyMp}vr1L)El7(N*txNyjQ1sWEbcCL zr=aDs&De{IV_o)_f16X4ul!S!mG2$q(|=3u-k$ZAK6x%wh*3LM#CTcwyhgL+r$?rg zoSW?w!}^@DC_g_j(!NMHloF&c8mLaAmhr4ev`jiN>xU@NMmp+!(ga7F=EzpeWX0wU z2A6|WDh;xCwZ+8#?R+0rTW%%Bxf8Y-wqo5Z-XJ>wZUM>QedXhgkBNjuw~;aX|{e?rhNjlimKF6XyG)1-St1sY{$eSAcQQc|@3%05bpIjuxFsrr$pC#vm` zDVUw&DL{Sk>Rd9VKEc&zl1|6NywFjgJvwHzz=%5Elh!R|o#V)?^fm2R;@-<9SWz>B z^wir7wbXZ&ydo`UtX4uA%u&sfUOekZoOCnMb0t;eh_c(c5Vf#8`hbFaZ_vjlgyKoE z4QGWq`0`?2HUDhHwpTZGPSt%-POW0!@VeNp6srUa(c_4q<#ug{p_DKC2p)$`DQ#T5 zbUc(1=Q-CGbB0~z2G;{biE_I+OK+<+Lm+lgLZqp)iT=>e+Rv!MialyVnt}aRp|&?d?@{u58k$7_^w3gMv&KZ30}L& zJ|-tYO3NY|zdoZ5Gd(WDv|=TWKhU18xgomJx-Sc$IM&mNHQot)agD{Ub~U))D^itI zOz2I}^7Ja@6=sm~>vBHy8siW$1V+AoWwla@ZkD;VEwY+w^zMiT5PIdo!=QIiXW6XA zLuMRM&c3cnG%%bkVutg6@OV~{CcMS5O!LEqUtWbx4=ENd>Czwnfv_^)`^x`8H=UyU zPCsudm-ajIo}eWCcAp7gaiD0V9;a4}-6jJlUU2$SxDN0z?p~*{23gkQ)`h+13j(5D z(eLBsmehGJOZ!*c=+jZY=Rql*>k5AFe2x}r7NMFR92nMbO%OVqsxT*FXKB{gHapA_ zhj&;2aQI_yVq1mGu5#=8GCA8ETxq1*`&C&Q;8FdGDlh!H9g;>(K;VjcqOum7WV0kw zkJ?@P&KN;>pp>P8*{q!$UBM>UU^?`is>Y-3i4sN2&2t-du3PfV5!ccc4fCcKL4Ryh zZ(}ZD3bWMveoxH6nx~9T#hD2P=!#rXfX=F}lpwfvhl+dyS})08m~p7Gte(d0AgwlR zYDyXL0;LhJ&GPnaj!CM0`g_zb2=u_o;Wj3ryElG2KSY>*ilH^-DSs);(S*zUR=US zrcFPEM<=STRN{vSK1);rQu(Adv+nkksd#v4K(^c;jGUVGR)!0E5@Yqv-|oT17E}oW z8IptNMXo1NRP=MmJ_`5db#!#R?J%t}hr@ZAfi1`FNY%nQE9Wz0p8CH8`T4T}gqv#g zIcSku7nz(@V6Wie5cDZvmQ3I+3Ej#`mAUv|utuS8H_Lt3bgt3-HP87w`AJClb#}7V zFU+F>jW$=!c(yk3^GG^d(X!*Y{>4D2PpJ$OulJ@@zYW9yv<%a&w@X`lmx9562(YV` ziaHHsf#DYE_jUm|*U8E#2M>>G>07AE%9eVQ(@Nv9Louf@muKvY*wu%`8^%Ez?A(7_ z2_v4r4h9s5uRi`a1nqAPrv%Hb?}0(jyuecdUKt6~H9j=g*M2o)+KcCFYNmJ5u4L73 z(fxm6t7+$vDN@4F?xJVmV^CSu+k)}cN>KCb17Yp4vCRB>y=ChK_3V!tnR#|&mgD}y z2Iny=aRmubTg#BfVKGpdtc{%%u_6m5td4S7D(gT%Spn>cD9hSDz@3+fg?LFXe;dAm zoYyXXB7T7HgVN(?PUO6n1hC(nj>+mQPn>ZgWWR($uDXxyf7a<$&~ zP6SCoEPo~OFhDD++yzg!4Te7`VDx*_}$Jx|?9buO7iJFDACNCRt8)(^( z!sN)mut5FGv4pbfDIjlog3A1Ps!w_!b;{~g89Uj)CVwFBiJrq!8h_$DbvA?VOus=F*G5doB;qstTmPJo<3HXCYrv z+>4tDmVP7V``C1y;p?pc@ZjdVAC;<4MKO;!#A;2V=J$C6rDY#~Exi%=S_bgo<{3MS1LW6-<9j3BF64ZQEE;<;${o`Dju_;>T5Ek zAMSPyOnUQupG$M34)L@;wsur|tp4gld*4g%62D3$_CI;ip_39^+m#v7v90l2dHtKz z{yJ~l4A2eDPrE(KgIp)hJ>C^EI174kA~|R+^i%E5LthV$oaG+vL6Ixnn&$HhYp;g$ ztMy?r@5nptDepZqoa`@@yl|n;AJw3~cgv7?#Uyp_OiUEt$Ft6@4Kxudu`L|>Hm_T= zyQnp3H0RFin$6HaW-Pa9{S^CpOMGx1`W0?hO` z=PzjNf!UtS@}B3l)5k9$tph~l=~~y1lAlF=S2eh^WHFwl<2yHJ-=sHam!!>{{;l^K zN6ngwvyhY$7&~CeFJS0>Mtur_T=NSUvbgefN`^!1+i6G5*G3z|PI2&W93`e+;YkiB z_V>-WS|jdCAP3s8-J-XbmJIZ{`tCkkNG?WUVv{K6iC1fp5zmEe~-Wz0&J%n@3+*iEvmY#`JT&oLq^AKPtl2aEy;Zyf3u=or(DBy za9N^x0;C^4oe;1KUIzCVynLl&Hw(9zq;4VnaN2zozWgk>ingAy_vP<#`+u%BT^RwV zN!q=8A#=HTnP+W!7>nu%>zge=neIoPzTLy}psiHFhxcig@WBsyP>Jj6iwWm_i?}Yh zbYlpe>z!sn(Pd+4pFVm9P4`V;>u2rtL)z?FCDCnSth*QSva@jC8T#RG{y71ZV|_y9SUHQiC2$& zr_^`dznI+Ra9Fh%aie&5I#LSe2k?NHGUN_8PmhkfQ(XQy)Oo~omTCsTZ zkdtlblzWHy<~mwJs}*G6h0)Qkn=&nj3-xxU>p66zaxebe`c8g*)822Xh;_0tnzqK{ z4U<90866Pf%a^R_$q>5PXw8HJv7MFU<_~08Gh4E9OBp&PVhY_-^?0-Aiz1+XMsz#K zZ^_T$@G)8sBzqnev*zy`la23+Il6uBd7jwj9-4?bD8kMIQ=0PPrB*yDGkhacS1Lt! zrktc#r1ELr;gO#%817i#_P>ba!!9}%t$VIGY=-S3P;@PQ?bhI619)ESqM?s+v~ULk zcFby}WTEM|aVLxL6Hp)eC76-%#zy;{I`UzL`|c{u`hWoH#kO)QbY+OoY|0ohJ93&P zZRCT4NI^d3^#5NF|6f13X_||(WJEH~Ip+Cq3qIYSk>D-eX-n~PzURGsK_gL;E)197 z{Jq)Z(E~6)+UC}PxcDC52#u(-i(yN4QWx|Dn+ z>(j$GMoK#7o5Kw-1fR)=!L<|<&S_|sKR?14F!8LQr&%#+AH7lRO*@-l`Qnmy@o=V7_9YW{1ktO<9zl;c6jdW}IHZi43aUatA=I^dN7 ze7rxKihW)Rt2O#FZl7DZ;iP~|A zNT~Gex^H{uMSUDZJaot>Fk!@6D`?E@*!aM7ER@Po&iQ^rL`%-MpI09VH8lc`Bv$L( z&9--&Qer2Au{BIU<|S$&&w0-Ya?9ze2$)Y{%Q41-_Y!-5ulu-TqviF>HW7gM0#Q%&SnB z)?UlK46mh8(KD>-9AOb=IB7H980Eums9~gjfS#SCDa@fa@Y;IV_`axlFgCI*)BF5K z^I3ZVPpV4?{VxtTqqj#0>BPlXNa91}@JvP!s(Fc&P!;Acv!l0wT^YRe&<}VdEy_`@ zsDhQ5L8#5Bp%eo)3&|2vhf511c{)JvZlP}7>X+(ESwhGGPn2e43+tCu(MHD$)QT=# z9WH(Er}ojWv4-BnCt{il4?W2q8XTNo{G_T>d9BnS#fkS4DC7m~=RF?xadWhe4qh zphI>ynNQnI>d>`4zS+)a#zF@&XF<-VA{Ccj*X_5}>NlXSEGnlfZ=~P9{YE}txYP0?t&9y0DMOmW6Wf86v)>Xoh_La# z=9zkpT}#)Tc7_TJpo7M|s*B{ONT6etn&(Zb_R{{KF1$G;d>!oeRN$Gta6z2YV?2B5 zMT6J|Y1(7Y{3ov!*HiSM^J(|{^EzRwd;T&TQ69Ufo^4j|IV~JaI6CQbkKvi8$G_JU z|7Owu*kpOO!02dLb!b;EUw>D`mt1Wi>u@J>)QxY&X#YCKlfYSb+v>_C{d)Etkw+O5 zs?`Ms-n>$?gR#*52#EXW7pD5i7D+v>uuqg+>k*@p3}&a{+SUh=#{ISqR34LK8P`gw z)feg_fsn7AHuL3JXwPW2>2bqeO4AeQ4=J?=-@WvbJ}%t18NHC?IYrZS(QP)M#y6^{k5m-%becgZnBDJvn?;(Wb99yo$+r0WJkT5VPQ|>*h?=AaLhr&UbM!Ut1Ge0<63kd z?mYSaRnoB1{=M$?a|Mhp48eNX@Al7qzRua!&WR+39%xH`8oIE%f1!MuEQ|cDP~v*J{!me$a$0X zjP?^xE|O{`pwpM^K4DD7^PPUkzJka5T*z;pcpzBPscww9LIY5smnT^VC3QQt0V#DD zRwsYh2T^To3Y*qumj=#)mv8-l*xc6Nb2lXmvFm;J9}Ub4ak0>soR{UheB%6p%b8WB(~X|q=Z0AVG}mlzsRKTT$e6)DKyF^Wd((_g{$a*5 zRV+V40#?7;{fgz(euS*~{P!|3-$fPYEj_dQ4=!}QrVr5%uv5n0PqQGv&#|!}J2mxP zZ6^Y21Ms&&PDu1Z_pNhr9kNs{boNRPzHq0*PO9|$|}YtC|jNjc^d$2FJK6y?r1 z>3!4SklO5P&Ru0YPMEfhuYKu}i@&{8{dm{xWm`<8h)Q8duSGQf+&s{-AZHM`$=v7g zRQva~gul^V_^VS9%!Y%!x2W$w%jZ8hR|F~>K2P|5GP&RBsoRIz6YOCrBS$<(zy+=-*Y76cI+!-uvjj0?-^>s zB#Yg6<*D$XROAIc1io@Rn1NBh{(_Ep*|BV(>o?OCqnRAzi4opfbCUySn~Rp(p77iU z_@hN>XPFxAS%NtpRScNkjdA9@wH(x{l_Mo%OFQgc-=g&n?pWO3wOsnCYGsANp>Onb z-c>SAW`dGx!<(T?nwmHBDrCVb8WyEDo~DM^U2Nq#{ce}Ugr26rU@L)6DL~IsR8@!% z;KA5o7w(yrXQM#=Plr#xI4NbR{&Q1%{-K zPs*?6W2@YTrQ<4P0v&?mgYs>U%&LRnuL)*C?hT&#haAqOI3a4w&e z{`5%KY!5xevhP-G5isuM*leRwpKSp4P{qp=TUW;o0b zMq{b=)U@Sx`|!S}+wFk$F!V7U9fs_sQAc*25F=hX#O<>~QDI-i_@aZ}_JZ0siiF-* z=5C3IpOgvO+_K9{DXz(J(sW>MellJ*Bsdu=R<6wgnff_a=aGCBGP0&tyZW+M%i(L%RZB!cUOXDf*A^1FB<3OrYMo0E6Dj=(%lW0E`!vAElf5?kIJR$;R=pL z6oUa*w*Jrr&!S?@*)OXNC-n{wZyGraLL4@W{KC|fZdKG9o#rh@=S2*D|4(-OKaSey z!d0+4ZzPQcO_7~3!c%YQj@DuXUU+S(Eu@fVV7fOZ(wJ%h4p-OFh_@j+#G&i8X?1QO zsv9xS42$lJME$f20a^7?i348^3r5Z5rq<-S<`-_q$LSigcb?~#4x;BO8WMTQT<2#S zUZBQLVyfs>$uZO`c)@rQ~bxz>X-SD&Gp_iXtqkXK^=Z@b0!lWm4?B{rN`SNUS z>OxWl$#BZhi$I!^?fSBoUyp9PpP^Vn@JAq)0DBG-n}_Ijwb_l`S_u@4+z8dGdyQGy z(w_|)hQ%YE(C&n6vCdc1w4KM)-*Hu5RD>RaQYssK7UB-a_J|EdnXO?(u++u_09HFy zPLz7Edqhk7zRA?HyKhgNJVkZ(@->w|-!x(MO~nhAJ3&%^Tq(|^dg2Q;#LjOgNOnR^|m^c z5H)%`L#tKZH{&DN%ID`+bE7si)RpyMk+IG;iFdn`2E>Q9$9GHTiAWl*(3HsmRy-gc zIOez^Nn)i$&Y(XQjx(<@)n3YaneJf$wjtOKUAhUA6q~5j;qcuDw4e8L*EDiHdU++) z{UwL*$Y)k1@J*c1h{yv>h3`kpPk?55u2%AR2PNOSG;#Ec(iPGDBl|0<-ad8YAI4bY zq7kWjwL1`tBX&~b!G4N+caBv@4j+KI_8X~R>l@-EtS}{*z^p8}gI7QP$eO_UzLvn| zm1$p@S#-FHJ`@=kc7Sy?N({)`Aw6{SLx8c0mlf4<-{Q-scn8(u9rN&&0VSrZha(Qj{6A9q+z59vSjQi9D;Xz-JK%MA?aK zKBfQ1+5DgRU01!*sXd5a1Cgd?2r2m_)#^)|6LM6JEq>}#LEEBNz)K~Smt6GjPWN9~ zywRT^ZtmmLUu*UtzivZhqm^x3v-M$EbL9kKQV>f7MP$YRB{-bNeGt zU#O=#zDO(C&&%3OK~dNJRv@)&_(bjp^|IG?CS7osDH;V#5*)P1Tu zXf~Ur5U^bQKLxk5yMmWKfIa%trd&MA$v4|Gk%KnRc-JVg={PVRG zAH48|y7f8zIy0B>x$1HpCiVFzTk|@IYfpTc6UP@hvJ<5^vSwqr@^QPv79oYJA!%{h z&e1I0#dvQr2MER+T&Cf2eX8mSvzgdXG4dNM5c61R78~{K*z8zXB0OIEL2*J?t_G7w zVTPFHz9%}s(WbBMB+nx zbM@p-8LG1i8m9Xp!{xIjq7RDP-*_19HAGoV;HTrN2>VqVo6=cDK@sd;qK{ot4=jz2 zm(6FFXaMx%up*2Mf1J3dY)GtM+}s>SwXbL%d+~mBl&)5AVHlFYZo-}5=kTp40{%0T zkEbogb54-Euko7Mb_KLGGqz($RPpvDRuGf9?6V}fa^JEHw}%%lZFlT0>R$j$NXH~a znTQ<3i$0jx(}wO1Fkq|Il=)-Y-j`UKb<`l}vcKUUp`Lm=hr^z6ba z=cb!FZFQB~Bwa~)Y-Q3GVM$Y2C0j%R^>cE|XZ7{*o*M_jj*0z%_K{B0l`pgQ z{IR3ULpb2Rzl;;Q6-rU_l%*@Rwq`f#WA8MsxtgU* zQwLf;T-$vUp2dV@=aG_5%BxMj6EG*vdcf)Sq;1?D=3k{`e~5y#9g|yIXBXM%+SgS* z^Bq#aDYn{%P`Mg8A6^y&o1WTAQtpDHdFlvhdh60;*IY6PZU`T?O0`T@LiL}~4*7Dt zn=eCZ5X6Q%HL|BRtRskD8ho(Rj9xxS`Q&R;&P#jkWtQ9RyXy)1Wdc5COVp{dURq$k z6*1^fmQ;q+V~q5m`S*jtC!^(d%T5CS27RjNI|U6EC>0fDM-7Yiy^J&mUc){8z1QYn zFH*`&0zvXC#rMM_GS7f}71UVhJ$fc6L7b!sCvA!|wgRpm%g#Xqt0@$YB0pfN>C#PvBIDgCZX0BRLcUbucgL&iOGb8V2nE6f^h!Ld)OHV%diEdYJJ43WO0JDJh#$5EPL)6--xm2r!2!a<9f6B6oj$egJLCk2>3zE#idy zVqBo5>>mDBQ9A?^hTBmCf&tz$Na#U>T89{oXt;r`Ui+gXZ?2gb26%l? zokGL9mmf>EQLR(B_soR*T3IR+&0!a`1Ucsr4(BqTU@xQQHSg6f3Z-k@*EToH4)%&k zW)$_?e+F%FWe}4~DI&};bYU{M&Be?cGq58%7(kICX^7a*B;U?ePX~T9tDWU#<#?^& zp2>c%%(1Oo+ZU7l7I$2slbNHt%)^apzQOuv-C8(id%V)zuy-s`_rBX_-(8NM|A*=P zeQ(6G+@j4-nn;L0@{vo1+49};L(_y)#y1T&Z5p>uo9-=F;RhP+>(LUPshp@skBb%v z^==o6xU6~B9p9B(;hwID!Np^e6PSau0*c&xmlCQL7F%z)jw)FhO5d#AZ*+R*T|pYI zvV3D__$vN$Dw#jW^|)u`xSV13d-GxBAgHi09MGnxd|X}iDshYDm8Tl+^%KwS$m}~K zpBLKBUm8=g{1%%&yf?ljf4yIVw7#2%YPg}ao9-7$rr2Wo{3Z>=oX6E?KbT*NF!oY2 z-^H+F*+GZShvSV#99~ng9iH1u&>l?KY+D$HZB2eg6MFDDads2peSgArG6y<46J|bD zU1s)rue1ug3~9@5+)dtn?Ag7-SqWgW@*|YX%y!AQtJWOFjq~DTi>{GBYB(+#m)wW0 zryhD74jH?(;iuf5O-Op(autfL>Y@|kVfL~_Xz|qxHu&ru5%ViWLwPnKk(rbd-E?b8 z++20|7=6!4$r4K+dWGZSRZZFs$B*$f`F#~ zXG3YLXX<4;AFd=l@!gGCZDN$=vJE^itHk<>_U)n@LlU+9Y>gZjC1!Jw_K!)Xo<`0P z!_0#p168|WslgI`4c8*;mb+z^NvQw?p-cxnPErvflThv14Nf4AxWL94a&|jL!tx== z@Ff1#c{-Br{XdEN->LgFQRw3_sC*kRWBoEu6_4HfvfmpAd|ZxuZL4(@OQKdD$U~7_ zP1+L}Du1ODuyw&x(krl>K7HD^divAsvbO0te``KNzCnS;qlSL>H*>31vq@2t>Urm} zqcm+TKBO>A{|qZcktAKPtImcZR$xndwa%LrVUKUkwxAw*lgfz6smh`$Otq?>&mkr+ z*r1&{<~wf6Y=B1b?C$5Y!qny%tyUsgkQt$TxY|$5Z`jhG^51eFiDRI#+XNAd{QT^m z=w>BZ?1%b~is4gi&6jF@Sy9RkcXN^CJmKC~;(=z(#I<0cC`V|$Huh%T^cUd?Uw;L5j9UFiiYcMtW{!sj+DHV6IV zp%Su5$-m zDz@rLjn_R1Q(oyd^zq^T2i5dXi5L8+cM11eR|Hs8lBY*d@XfZf1m>tT&^di}dHwok zU|^tONPp5zpKm~u>I4MRe1TMk^HMBw?Cmnjs{-T{9#P4ipHpreba!@may#?GShyrz z+gM&-gfbE<940gS_B3|AUBdjPq82<`I{WTm%ojUzTXQg`WyFHGIV(vF+0{S1d34mm zj*YV7yjn}Th=4g68CrYzh~No0ZwIG|RNoV-PcjRtR)=-*bg`I80lXXQ?2 zByJP>wdzd+N`^EaUZssG4E?d=o<+am)6r!QjU*3D;_N)i!&3+&m8m{%IC7ZX&IWPU6spHD5!1qnKlWWdTYn@nq1)Xc zNQ7Q_?&kK;eT^)@NAkEx_(H?BI?;+IC5g)=N!Lgz4kP$+(&?Rt^Mh~F2_19|si3+9 z__3iL_|V5%!NJlq2I?8J?w)Ym!^g>aOs-?cE<${Gln!x?!A?cB;vxo9imsl|>WBan zmZDw4eX}W#_hL$)ak{)w0E)gjT7&P+Hmns%OB9ycH+`tr(T>IpC$ubk4JiH`Lr!h% z(U`3^sI}u8JoOHnD?lOVF=V3qczY~_Rl;iPc)E8j9G&EArr;Em=FFbOXop|wmo-Sx zRf83TCT=`skVbS@C-xN)Q3 zyP(yY$ucF?4L}*c*t{;TW_Q)Pf~eEF1B@!=}UaZ^cte1f!{{b z?leX{!+bB`<1^fpr#$WG6r19o#`?sZxkG#{$sH8U0jzwyuRv|t8y*2_PF~HtkTM%M zXr%=2Czr1(*&1ZU!{%RRve)UPyE@f8dka5Ua?db z(y#?oI4xm_PC|`Kr07X3AoTQDQi{B8`-m)g@)`=hLk``d{VR&8^0o;_JNK=pJ6h13 zlA6ARQfgBeo?aoFn8dvvc1Dv4LB+-SYZC@$YYXZPe$fMlR3!bdQM5@Ltb1OXE6uY$ zJm3BtY#XppQ=?_<=wMP2|HZ#?dHlK@C2+C(oNKW9d$@Qvp23+tedBPDHKJ}J5SMc2 zIOXEz)YIfyot6@U$6!Sk;B$_;ZDLQJao)sa(Zfex6`C%b9v186`wO<+k6RSp)Vw7Q z3rxFU?YGWOPGCkHQxB^(?}*l==nPqv8n5i{cs9tYV|F$lVUKLI_(PIb-^20u<&*q! z4}|<4*6;NryQ()AJ}2swN*?Rp-AD2mlRLTwU!W5^tR*!!Yw~W_{*#^Y@9W0Y@YJ49 zq-=kU_uht@WWQWN*V!8?reS9_u>H+L9?v&!D}Qw{1Zq7h^b=SO+)WC%9kzRu?>4qo zkXSp0qMfl$cFuU_G%HfiToESBb7jyYYbY~WQ*N;QAp7Txs(h#Q0lYf@l9LTXb()Rg zX7Xy1)WV_1iuJ_D0>lNk8X7}dlC_Twd*S${zcP+cn!Koctw_9Lpd2Vkq~e-7#mS|0 zu$xjodgU*SY=7=l(`f!{{rmWzZj|EL|JSj7AYT3(HCfU!g{~`8>#u*-McR5 z9+e--Z6_!GpQr!fi+3ZgEG{jD99nRznBp%l8dTT}%?(5O3*Y^_2maQ2Sj1bV0$4;@ z*&0~;CDajU+_pJ-9>Q!w(+@t zGvNQ*G*!Ggc17rS<98PPfHHu<{-CAj|1cQ;Iy3HIs+)!Yb}OsjcED7S{^Og;P$iAn zd;i+IKR;ZOC-*y1_NyQIRWQ5n<@~C0_trT#b_CKOju_)IX92_j0asKk< z%QL`2piyk)a}XewJYceq-p&+`-PSd8GOh=ib+hi(=~OK2idWWwNJzx?Fh@2Ua139% z3c`KHFFVD=<#Y)8bdT&+VMNU}vcYaC6Gc5mDL~Hg2~ntv&*ouuL8Rb;Y+-qH>8M)` zVtWs%?_%tfM6a`~4py@7EBYB7SEE=NUGgLzKW5jvvtP9m>!?FkH{y5l#)tx)A~PG> zVn;aicAPYp^p=;grJxR*7>kwX$B$r}GCI8(gS)-^;(b{-5UQ5qDK9a!n^_QLk)&lI zAp$^;JEKw$?jUjz)^Lb`YmHALHfk@{BNppfS5tsNiOp9Aqn zkSn___GmJO&>>{*e6`lt$5?MIw&cku7>V%6E6Qn$Db-2UB0up~bft9Aa#D9KcBE$I zCnl$1R2r~gn=GJI8C_5nRpV$hM(Lc;b~Sid5~dC|p0aMFJQ^wJq7%*2U~I52Y5W9i zUqn*(uC38*cU{)$0LREGL3*p_Ys7U!x?DVLeIHgAMp{R{?C63L;I4$s!f;?m4;kre z90N@x@??z`MT&~K#E;`ky(=D6WklA3| zxSxRZaGY@7Q8yAn%4SQLEa@R|HKjufDY+t*(Id}eb_ZgRIFGS*sRPM_sGWhzsNQ|Y ziNYSAjbZDR0V_Fkw3tOBMJ8){>?raeQqn7q`027&1Im2pM0p95-OnO&^OCC&^KSlbBg3;^c+tW}UApv_10;(p%CE<)ORu7w++!J>#v@D6g@L(r+`fMABNawSlNy$@SUN8KKMwt+_x3n#K9|tXKF!m}F0mK%_7Ci@{NB}%4+04mnw3`D76_MXwdjTR99K`Ng8kjkbt{zr5 zOvWI(fRoviBRbo{cH6Agh2c75<3rJ#BvBwde<DSF`%5$@oN;^yUpP8gOHGQ4 zdjm*|`OCZh#BM42&LS%UfP#=qwVeuGytB!g$+cT~3&lA~y(6yXb2T{~{61sRy}rL>YJb?p zqY;zfQ~<+Q;d~V>%L>M^;@RG-u2?C20%G2~cYmJ(lSJ6Jd_*2eKEePIMSkwO`~{DX zs{=vW1<^yPz)8MJNtn}Q7JMMv0FI9}-_S*+85`vYn#W*kCMMtt50}OX-piZH17z_a zPo?cR7q357Vr*%ot)5;b#HMjn8L&`r#4$cJA7?pbgtoWsaB-Rlx0CkGvF(7%_m#|} zG<+f~!YLwBl0bISz;y3gG`@^)kQ`5>psq;bLf&}R*cy(5(2;`z!YXn`TnW83o-6ia zPr#Fn7*PW3VRdHT7s_ms>D^PHoAD_ITGit%V#s z9*QTsiY1RZfq&r&bh*Z}v0VA;JT8fk#1ABjxXf3TLvl)cC|C+j-0sC%9^yC_#E`m$ zWs@Gi?%hh(s;(w?Q=|rE=Yd2&U0bNh*`MFh8prJjVl}hd&m)_QN{?# z@hrL3pG7}o#bM9Zv?VE6wm&BhnLiR1%dF>sgp?-bg%2rMISsPDkw_q4t7nqdLBYwZQ_CX{b@0VX5DBn#XS0*wk*ECL+lZ7$ast*C=xF4KS}Xwp=!4AqD4mMvID4eHWm%F< z5&6l1_F_jf%iuc7%Xy!eyw{m6W)Y8z|X@>@E6?OOjb*PqY)Rr^(9DZJA79WCEq zUHso(zE#ch`VTm1OkwV>w7g0G`^;ayp)XkdEtjPF?*RRGfPO0>|CONsF0p?HY5&Eb y|AO>iZaaTt;s4#m{=3cpJALf`=R9cr_~gWSq%R15E!zWaY6M2bZK literal 0 HcmV?d00001 From f669e5f33fe15367ba49b5ec7105005b21233b50 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Mar 2023 16:08:45 +0000 Subject: [PATCH 131/289] update login failure screenshots --- .../administrator_guide/srd_login_failure.png | Bin 29593 -> 33120 bytes .../administrator_guide/srd_login_prompt.png | Bin 430524 -> 15699 bytes docs/roles/system_manager/manage_users.md | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/administrator_guide/srd_login_failure.png b/docs/roles/system_manager/administrator_guide/srd_login_failure.png index 1c00b6152d00dc659e0e842f92e85a44b25f9ee5..b8b65973d9980522d4da468b42d030cb835f5b74 100644 GIT binary patch literal 33120 zcmeFZXY-$6Ceo4@ZNOlJWv1U)BEB5_WJt~aI^2d*IIk+z1O;~b@$-h zS?C729da@m?&| z;z4q%tmB1CN_Xbb;PgLa)+;7$Mk)QJbm-K?il?w++PhaAS#P|_ai)nT_g;6`u8YpM z46jtoVsy+f zkBy(5d|9wb;i;31W>UHP$z3wntQ|YsXxe{bnlg0VVtGdtTP7?6PTJXxXFqIQbNp?> zHpY6%dmf2*Quwkn?76*>sYBxh^z$uu-|VwZYw=)WHOP{b4~~B;WuofB<` zI%hDaDo78HG38gjxzv>TA#-&1I|T1{_I|6Ye?RZ!ET-n2@z}Jlef<$cVw?RQ9p4vg zw!^Z%7@Smi)Nm>(tl-Ua{pSz#&#X_Ke6m{Yxn$gF=fIQN2ru+_$0&GHp?Adfqs@VIc`M>|-&!v&?R4lR z1LUowHdxY>))((<(JejK|5ORQ?w2(4+mmw4;V-{gMX9Vi1lqGs*11MQeXHiSJEuRg z9$3m*eQwa-U0eUx={>4>`&T^CqCM}t;(F=grB(YJiZ8g(BAc!m9(h=NpyKw2`xil7 z7JU}k@!%D&_A1CE#~iRATFaaZT5-ddaZ>xzg^CA(D=!{e>3B#s=aACGO0CQH$F9eS zP0O;jFGn5PwD!-BS8G&sMT_@!7 z?wTB0bI#atc21Mn|wH*5Kg|I3;>X!M33iUzE=R7OnS>Y9-xzJB2BUU<``07}}t}vym>vkR4nDsOu zHXtS7<-QZ!wDdM{9wgQu+Lc*$_u^5jL%utyyEbkjpNQLS`}n}#hfhzt+Usd`KQelv z@r2si+&tN2-n6E5J)@^Nxmi8AQjemu^!)u%lbz@!&*t;2>wyRPR{Rxw>*yoKugV;* z>OOzk{&Yvnv6c%hI^i#>%B`RoV3Kq7k!lBVsZdq#QI5UW1(gfM?_PhUe|7sxkvqC( z)f$C0`L#Qu<)WX+S<7j~{eH}@;ZVcx4M!Sm<0xC;x+BTIJ*|4mJ5_#aIoU{$^JUWu zqxO4^*?zCoUwQn!;S=(bvM>I?Q=#{KI zIN%`f?DlslbhfB}x^J=XY;kxo+Z*&!bWYvb)Iq@k{;nEM^oTrad!Y_$`@Zl3{m(|9 zGxz^~dA;cRgRx8PI}Kl?#HXCgJvyD%WB2#|C+(-bQjEdIF(ut4ktMJDmp@p3Am9Ei zxHdTO_Ed1j#N*qSD%MwMSL9XHpai=h*QN!*TYJC5$~{r$%N zuq$t`HW{~>ygwM>d(=4apzAHio3|<3yxaDlHKzIv-dy>z_r>n#j?V`7N1vHJ9sPIZ znaZ)t<7RD&?eEgQcpf+LeChSP`vvFufwom`L2WPFhT6JcsvZcP9xN>%GW0b(Z@BTI zRgq)SVsTrcZ()SD*VTsNoPr9UGlkqzn9ny~QBUL72GA>5G7 zl@^sd(bmgm%N|^70}K6Fr>2UjJHY{=7pDXIM~bu4J^!W~lOgGCY3I{6niHRSo7wN1 zuc^X#t9$3OZN_0Lf7_+Cb{Y}$`}5r?rzqb375)(fJ;LEqW6S4}&qR&iYCUMwVVkLu ziNbz*l@4u^{(Qb~jUm4q`E9vx zIgeX8YR^^RfS0gaFK^adf8)7A=h91(pP0TzAb(W;#md8)IstCOPc-XZy*~WrF7o5y zkIElAZ4GRlqd!D{K9c%}hMZ{In1=HfuI`|&`wr@k!wInoZy#(+SbS)ZIFs-~wZvlT z_y^Yy`zp-Wf|L|5C?6>LT%008%CW2p)_-5B`qdgqe{KXCBhW59(!WgKzHkJd(3pU=v1A!eReR#?CIzW#}|vP z6FUu5s?TuGP+wZT*!=8#`u>a^&s{T*pNO}!+sX`LK7WJl=QqEMW7iYy)KmT8 z76!~zN3TQM#^1WmuK&LKV026V7Z){ z{4BXDIWPBvOCG$N@PddM+HvEI@I_Bag-;M=<9qg{&;aY3ku8Fk=3C7h%t0nc{ckjP zH+iHENbYqil!UXwA6I20oK;;C$MPL`p5#5#XDm%4JIBZ2-~wG;L!N7sewFwM!`=&$ zfH>Pb=y1*DgSWhY{0+M$XG)%IymEYT{4$|^sOMs>K{J?N5ZTQ2d2R9<9hww!B6Klj z&C`SPUkA#)#wo17SZL)rWlrVSP{00z6)#E4Tn&PCF!~^O>x_t1yfD7J9Kk*4yu&eN zjy&7hFA*N9k1B;8se~%>zvi@`}b9S}7ZN?24SM1bk z5569}Jhh#(2Kv!qvMZI;DC&=FlU$re_Ao1y1UexHKkZZqXJuA4jVS?PzaJ2UWdgL;U10$~PmFx299>FxGu z3-kbo8*P~pnm@=GBq9+XiTQI2bIaC+*2E?L65Q%UmZw4}F>m2G^<$wIoC$BO-j4O*&q+kguzp_IGyRdXr7PE24F9oOhU&EH(1W#ide+O_9C5U_ z-uvlmXwB{@N&SV$rN4St6p&=^6eP>69$bCd+r0ntpW=6gGOHaNh)Q?z^1M7NB-H7R zFh5`aAd4{TUEf<+0H39o!MilSH@WR&z3bwcbDFk@Krc-bqkTsEcG<{jYHC^qUb}8_ z{^;=^w*%j-cip&sJHP@A4h;=83O!(i2=oRUo12@1_w5Jo-){)CFboR!zkMal&_77) zpH6=EbJQ!yGw^1>?VAXHO=-VZt|EeOTkqN>9q8Y`f8_KEyZN7y{DXd|1tAr|M=rZE3j1a|FXnCX8wK^u(OSv75LvdvynU8jCKL0 zQSIhYdq?0Ma5CxNil@LofTKv?rLS|`phU+U8JR;eCyyR>3|ldi?vcNn9Q>-a=#}y1 zw`;5~xXQT6UuK^{@4K$L`orcGgZHxx*WLdusa@8#re+Ul&Al@hF`ErMWpKYW)ddY? zS}yOiKX&apBd^S~I-;y=I}$^RZHv2*>?Bf2ZDo*PL{u<;R3+0LBW7p9F~V#Ryn2Z^ z?;#dR#LEnOtl$fwPGfV@oz=TFSFAsAXr=TcSBWPg3B{}dEN_-k+-XxO6i`Uj!nshA z&yMAIgm(3Xw}142#Ip*i5Yc$1(U7Ed9HU51X4l8o4N} zcpO_T6b(s4jCt|gyn&-LuUGqD;iWAHqwYkvsK1&%|I58)XKRiyEI?50|7f~fGs<#P z!MXBPw>?h%A{Ax*#kcO`^tbNI7fnz=!>G-P-tAN2Q4^dwKDp)$8 zZ?H|`uR4Tk0)xp;R6PAfuzV#z-wv|FuR3f52Ah-dNc~l?U_f6A-%Rfp9sYmgN=^6w znQ?2{<&z;2erGC3%uxVCcpnw!k`n)qYm6Tnp2m}^BgB2Tuo7ux^giAje{qp%_o2_|MrgmeaH9B=4Y@oul~FTRp? z3Rne>RXb9DaX~JyDMj)1ehp>>!2;@Jf;fM;vmn)-ETd9%6ToVhZ-@z(`o z4frtk+y&?_Vwxob9lQ%WX!MI*GdnM56~(-;_|@It0Uexe$VL7l*JTA@#aVy-`sf!G z&T0c|OAnS{_sgz<1{U&6*58T0s1TqBbZ~)r%l#L*dTnctcqtqV{&!=Ob{};C*mlz5 zTz^GN>?4(cj7}k^4colGlec<(7QFrf5SIc-3 z{t>e@trbkF5>6qooTQc^;XJ9lDuT~4|I2IR=CV^Y!B}P7y?-SAA$Vv6 zojAV@(!IeAfuVOkRixglAyTZTmv9m;dFeBjnXQtVVQ-=z`OqoE6*ck2Ib<8YKP8hG z!VCp3L+N|OU2eSNY1Y$)$qHN+3W{$C#$)W}eI>mFU~jFq16--{^xspH-(rzk3TA|` z!zhC$BH!BCN)Yb4dX6}Ei3AsYahZ==UhoFNP&R$<7mc0!Zcb*|yY*eEy5)x9_BRX> zXFv%rc~HcNDw6x2>}=E9I;~FJN+AjiiNzw%A?KBwc}Bo=&F_DnGY+^kI8)5}5|aku zH|V6gfJi83K4eLl(S7ZCTj;vc4O^lwSfRpaQOAr-BJglvJ+e8b^L^K?sJCM`j6p%z zMXKtizIk*@ywc1E+NHNuOZNGl3xtSOqi;RZ()=Jn6;6Zo5S08-EW01&%UD6UMf_9p z(H>G(1uWmqYg+qJeYy4;;p(*1QYT%fkS4@@@LjCi`nD5*=QLh|kG3TotVpc-WN>;T zr*k}G=v={uv9Z;?!wb4?E^rKI!K0989PdNXSDpBTOZX-W;SUpg3zQ&9imKJRjw$o8 z-lX}x;Ijo^;=Hq1R7kl^9h@gwV8kfUp|iA6-{t3D@@PM1gwo@wkLy7lle{z?vf4r| zq^3-B-r9tZ2FJqtd$PTg)BAeXRQYNL$giy1s>fe*=bD>o+$sEP9IUB9K2(jlt7Gj* z7JUGcEXfx1lFxEm!x)*&Q;_MMOAX`jswM4k6S?FF-X*k7y!ZwoK%Q?F`=(_%&#^rd z={mz1OXcL4?N?buxzSpC!ntnz;(`j7;I1%X?Tq0K?9dr>^(*bff9uL*w{i8V zFXb<#C7f%54{R$!%9k_l8+FhxTjk@*V1()~cH*jg>86PY;#aJjpk5`=XZ{r>WhgPt zkHi|Xge2RD>an*YOJ*FWm58z9{hZFVR--A=*S$1@g=1=VC5)J_%C7BiYlK1u}Y#s=_aK{MA# z4_%lCV3Xd~qrGqc5Ese38@2W4AGxb8$o^JqI7+WMo4n-quC)#-wv#N5Z$%UNSvZ(7 zbnGq+;ns)f%UfKibRm7NgZB;vTE9x=J7Ho;pFOKSLlHh{y?!Nq7~cu{E6DisStq1- zIh9S_psf0)pt35TS!Wh4?6E)Egq?59eQh7{(Nx1@z;#`^A1JYWHa+uwYUcyVgy2@+ zyB-~sBBf+HGhD8mVUas?f3V-7ues>E&fjK87BMdMh0d{?hNv8OehGZ#flb@;&yCz2 zTk{mE6sA+md3ft}%(t@VjR~fZC+!J(qgSnjdDa6Sd`OOc1e%VR951`)vt`Q&SgcMi zQQ5%)CdaaTah}l=_mX*o9;*`dS`yQd45|ENas}0^hX@ya)`9U)-hFs5x^0^5d`ly;Q+^#YJKWD0N%2GUR z>X^!$*~fWRM4`g0X*1pP$#q74co<$S#BDZj=8E^c;Hqerh!}>?E^05OY)*m z#p~1SmB-ON*w^+DKI_^F%*|Z;xKD_NZv7aD+xip3f!p)XHLIS6O_U=G6yp*O4<2G$ zrum*O)&MzN;Ej40l}G&{`IMmQ=Ns2|r|_bl1j=y>C(xuO&>~;{D1T{G#cCuC(KM~Nc-zArcSr5ttf>Rj`+k0A97lnW6 z9HH4hojQ&2N#j>XiEmq**-0wT*jnxO~&L(sK_~ zZGGReH$ zV8a^Axbu2*2JwSb&XZY2&c4314?{%Iede#?WfQT>v*Bp)D2#Y2 zf2uS7ugAFp!W6r0ls$Qj`xn*t`eTb8UYPK|$t}Y8sGbZ`qFiyBr zn<&&^_%{m$qG~j8S|c$p0!5!Iq3EZIoX4TFAH%10_SOe|l{j0XMVu*4i(+Ul zF_{RnOm^?iq~k|(#4wQofs?k}Ay7amhE_b6^@2 z+5g>yWE($i7fv>GKtIOH4^PcwEM&Tw#D&|!tUn)eM^n~_mjoL`K8S6bhG6CLuZ#6m1I*5FiCMue_EPfxi7}9|j?Shy5Bj#{G_CnAozB^QV4A<% zA{>y{t#t%K@a3U~_U_InPOp@pMfb%e8;qH=$=P?}cs&{qw8YssD{kY1|2API1vWN_ zYJ`xHj*x-r_H38A!dY)@+I)fvU;^o^;v)YYgr7a@@IyAsmXnd|t#qV^yl_IP2@y1aQ2TyR!7{< zem(SA9<4QYW{|m3kyQ2=BzjPWR}WbKJVU4_hSCo~Xcs%&(#Q@CC$Y*Dx7kq11ymY% z7Q|8IqRM8IwMeHjdAWSVWXv}+6oYz-wCpz71#h?0p9|F}70Hvbg8g6xr_>6&`q}AQ zW_*7rW7NlUieC3W>QFxR1Orn}qjvd*{7RGzDe}YdRs@6(XOSE2+0p#pkh6w>^A0@`Mv(JLaGzq781_gWW;1Tt91*)*UhznW{O7!EbvfDgEI*_elYv(3@31XxsOERz#AwQ z2d43>;$C7*9wWaQ;6Z>2u-JPW+}q%4y$M*bh%v2fZIW}zrXv;FJ! zFl5VPJ)7T5>A?C^)ad3L7ni6L`ju|so1m}BVY%OS*q0Jqu(=wn5v=);lNFS)kU9>c zUcvI4Whgo*s3=AZM1Odb-F<7BN(c=^Ivo};GM{LiJM+d7f2 zNK4u5mN{pQdWT74>McU!liAtsp`4fq9=sz|xzoX1$l%9>_Tubaib0Ekl6%86d;H)L z#z@lY(6J|YgEmBaZG*0PR!7BHgJOE?3G(>|I z=@EuDjq_faW^Un{P;@S*#1y-@E8}2({R8*0%7a5G){Slwe z`7Uhxp*t$inu7VYCm^_e_4g68ijTK%drmi7-FxEr(R?y;j8T4+CO{b-xC!8{H4Z>- z4_%*wRazNw4b+%|+wrNhm}^5vD-G^2KT(q~diYKbTzgnh5l21@>|VQo)=Fo%P4CVp z)$8cC!Xrl>fiaFdCGMOi^X&s{?cw7re#h*(=jGMMpRMr(pxomC2Drc0U|XF;_`)G# z?*Yu@eRu<{3m>LtU~{vX)U(H8{ouVjs?F$gndCRqJ{jdE7l7#Y2cj8yZDmAJU@rVo z_~=5g>3V>=_^UF)5&3xW4Ex&3eEgFYJ}|%`_XDU&Mw?^1qHgA^!6}z(W3R5K;Lh9$ z-hoMlh!=X16Z7Gl10t2M8dw6^^=#W$Ks52oJF0rAcYk6f-iiRG6aPL$d*6x` zAcyCdAD?mf2QUfH0hA71iFaFXCA$(cxn$n5*%J+9GRQ>%;o&HUurpV)KFPU+ETb&te>h;tWT zEz+Rie6g%wGUjzmL@!RlGfXr^P~BaT*_6lVePz50lRE>a%?bwwoS9C@D}?WP9C);J zfjkGq3_6`UbSL3MC1_74swtAmS4oA7X7L(d>Dc4nlXOW3s~1ty+b-_Pohg-5p1H3s z@jQA%>WAM&{bYN&_eiw&0!i=&Pi>{wWk!ZQNa$-#1rJS+|Ml530uRVU0+NdcMb#$f z!HJSljo*yKj;Po{i?cJ_Ql|(f_ujn4ZTQ75`Eo;HAsPr1n%T`^$`E?}BTlhKpu^jv zht3cj95|Mc(eSlEiUwh zrxL+LBeL*{V1kZwCKCi+*;~bRa{x4z-zfTMZxhx;2XF`X(S%muCi6HyW5lW z)8Tx6N@wAaR8XiBX2J`n-_uYvGby#&%*ZlCr6AlMc+tCZ)tH=_~4iI|}hP6qt}+fX*# zNw_c+2Z?AzMe>VN6{4SJ{^k38jn_{RE@~}|$|Z-zm{1)Owd5X$jYBq?xEpJzR!nu} z_Xadrc4ZL^R)11(YZaT}Jn=(>{#jm;dm5PjR+tTSV;sgdym{Rj)?GT|!d#jv8S_KH z3?-xSK!fpUaSJ4TJ^>_Js4S%hSs|+#WlqA817-E8b96ym8AYROaP!NepKGe^jPyhc z4d|N~g=V{wY_^~r-Yzt`WWY2Unxk7BNF(0mQSF$%O&ZCbbXSqZh2)_;;dqtVd%5uiqs8k8>UZ zM~%oSo6xK*YC|nf=w<}N2V@Gb&=ga8b@SAFJ8_sU5(UAlDDB!^ogKKvQE|Ngu!cFw zjSpvUk0f%7G2e$?5|k&4slk+Kl4+&^#bTZVZ|<@eM?hQW|N78m`4e+K6c5a`+zJ=f z!0JCTOpk=uIV$V*;^i`kn7X;=(Q<1}IGuQ;61Y`wQ}{rU4b9iw-bu3DAH4IvjVdQ^ zdZS3qg`3&AG&NgtfuEfzG<4j5rSs<$_S#9;`G!zT{W}3i*W`3o=xi7GkP|LxmZKVy zs(M-YX)}@3WB@g{oKF>vt- zcFQdr!5R+$=J;nfNtD7oS?6N^N`Y(aIcahnSv}a>)p>s}_PK_r1=Eew;OdjgrTt|B z2ca}K;km*4H}bVj7jL>@l3EQ>%2=8_kx|8+N>5f1Yvo(Jf5NjiRwC8fA-?aC@nRn& znOBmn3_&ijmRc7nH!S!30J>|oNe>R zef!paIv}si@@Y^BM2j=GZ9R&xY5KAm?i*GIiCzOYLLl*r1$HA(K$Fu61YjjJ$Cp0V zs?MIy{~ka&Y%&0?&&BM%YZYiGOvW}6SWp~i$Mj|XgL8>>Kt}ZA#7J8Io6Flxn)6MK z$GyWB{p-0?h;Cb(t5v0nmC0%$dPa)SEpkW$`eE=AWSxDF$E+DT|r0lYx!0U^1Ac`O8j*sZ`HO%WDZkGdlN7~FxKai)LA@_&#X&ua>z<>s4M zXAed#+4L8Ek3|)SSm}PW*TnCGj(~02V?DPkpvonO1DJ1I{G~{B7oJ8}N?CeZZT)UB zDR)ernB+DVuklaLUgNc9=emz&x`f{t1wfT;$Ba&$Cf83IHXJXv@@BH>(F52G*00=Gn?x5xJp7E4UEpSZx+;Ds6Iv0p)RbPReRGhV1H6o*0 z*JVEYW9>mTAS7E2^saM=c%4-)k`3!L%=8H|t=(3|$8FD*#3KK=m~a^I-x|f0gY&hG z{a9UeeQ5>o{RhXy^Zjm$~-2^R&VB=Wfea=|D^Zu<*$@f^>?RV(?mWwlQ!0uSUo29o4qnbnTE^~G&(cJt4zdZrD1CeG6P*SIsj>_O(&6T>nXOVqSnm5d;7 zBy8F{FFX9f3;u=O0rSh$3)f7Jv~`PGDUTGdk54v8Z4|^E^sfTU3WaU_HaFMKr-~~N zOSw!d)s@uHjCMzx-LwcBJU`;SuYsdR{33Qa++SrXsCE2Nsx6@s9aK$__@9#lJgoEn zouzc|1IY>x%rZNDY(V-i0b0PuVpI|@b7H!+E*WMAA|}Pd`ySBSUz(=6ElZ|a@kS)U z0Nevs6^5MTcjL)%(>q5Hk`KIH(18l(ChS-&rWI~SD!K=I2*w`VyF}(?gl{C4Xbs@P z6SbD0a2$NGnkS5p306We8B+>y%r=RzBVs2hb?IJL189aLfGQK+8lpVF0MVg8|Us`T~FcqO4FOmH%XYEL@ zRk#$EG^r%`HN>R13=!e*oU+);76gzEx(S-PHbc|km2h8mvVVz9u31+d`~xzxPhhbb zrLh^nTSqP(7n9cgox=%w|HA|cm(?834faD+7Nk+BzGIPO8xBxsXgf0co0)6G&?(~b z0BYw>ahsyNA=XgTvJqumE$sel5JX3Z-KX|HngyjpXBsxx_%9+2;IaE5qf4v~^DB4? zL@@D9Z{y5oXYK(707bHHT$&nk#hGd4GX&aafz9ujLSf_5y=PE?YT(^D{ZV5|2G_#`p@?L0h>S8$$RxioF3tb%mm&vw`O+kwno zX|ZgdrT9F0Z(fhLvJQ$DZ!&kl4GulhX)8Uqd`IcE7sXh`)7`QV(eTLlCHl%s{=J{F zuj0;p>knIOh!%E{K}6Gz4aPI|VO2^1_)!3Y3hQTBO3FfVud9SeiwnzFcN&C_XS+xW z!(pC^p2`XWLWk#jdWLGm`)P)yvl|7QtO7P8g7*>G&K@yNYKxwd!g&R#$Uh;KvpF0* zFI$hqFRQW7mDH;vxr0#t^H~HnqIeqPhSaW};#~Df>z;0hNr>!ifyhxxJWMoY;lqIY z9UAE$py|Nu=&_XU*uB`#gK-CLBf`~d<|l+sg6@jCdFr&O*?aYX#6oSIYlK9Su&*_S z@hozBSf`j{~Rtfm-ByEkM|LxY$jh{Si8xnBPYhj~t z8{D_(*+m+?FHovLX4}+ZdvRK%g<(izis=r)ys}Gu(5z;4(xt}8+cqc;=;ipqt;WvG zSJ-K*MpyT(nj>00hSM)_RNL$PBL%^tm~SOoq=NfxFR&&W-_7A;Y_MD)>0OG+#t<4? zQ4av!IJN zg``p<)5u*c)%}D|mMw(WAY@~dyAW+SHvzZ&lsg7W&kM{VJj|vgM7jzAkONI`6L>F^ z#Z*dewqU`sztn6A$YDSw@k0PjXg?akyuj}iO}KCiRp@B$-ri0_v91A2=MJx(c|T&y zv53GUhcyD3jV@}0(F+aC;U>st-E~&wN22BRSr6pXLnF#$u38zr7v4}oIWA@qB1U{B z>lDh(hW;Fy#^!!2rq^P+Gur7B5!4sn4N+pE6^avNa|rVr<8@qM-cJMXe6Aq7mtJ%ESrT#j|EOAZ&Et>1jEk>^(8W3RbQ}vvo3w?9jyu zn;oXi@vTN(psMiExRrYZbmJp7NIomGx=PA7WTS&ITvju3;o9kL$)-El-RHhDvbDpt zwC&ev`07#enoXujKJzk{NvK7A;UMe&slgBR&qcnoWR2NN0FvAESt>kKRQ1ktiDCo8=hLvbcaU4er1Qgm3ozMRk}x&>xq zzEM6|bG|TDnj<}MR9OeF7*&rFPPj}rMvL4R996cmK1eAEAi^V*fY2YjCp}5GI$3Ug z?MTN!w`KI~_3{Wz%211u*p2Q6*p^r#f}wexvz|ks1yc7vV&i@lJ3BBhVHZ;~bo$7e z%I@PFU&(^yGAGfBTUx(eAdTrQNmNieWX7Kes_~q!8X?>&1kpcQCVK7sZ1LumS&I%i z>RXOv=Q+uVSDO2LvudLsLp~!!Ek`FBiZi>j;Q>v!Bo6G5RAzv5@%MpnZ*+bp1FjF) z_9gx8XeoE8zdevIG#~+W1cXLH%T9Z=&oYs_kU2oEh74nKhlnU;fDwWGP#dqt`ancM z8NHf~5${D7TFf-g1cfO2?lNX`eh&^TcIrBE$FR4>!-X7-433DTf0r04mz*6Ds0M%@ z5Br8}r8}`aXqf0VK?;61xtYS zzZ1(1L<%?rH|2t4h|S;{JY2OG%T7 z$Yv#p`B_13SyN>ZoRb|RnhC|jyl`SY1)(3YGfCDE6KM0$1>n{k%2ULBYW@t#gq5?P zO+k$o!AJGS0YqHOM!Hjcrry~Ze-FH2W&J&o+0bJM%E|qqcO_4|+6+zwPb!E?z+bY5 zig51!K~akIRw$8Xg=yEHfkuJIfmIyFvTQU$vI*W0V`YmmlnjE#ePl6Lea*2=8tUZ4 z*RP!*@DSTR32 z2QJPh$S*s^i?+cVp%NI0@EK2Q5h1Is7C@1$RVn*@B>9UuVqYom(B&NgM$9+@RSCi! z3ZoryS~IZazSF{Svq?N{*Zeg z7Yg7dzJuYrjYm`988|khQ*oRr)Qx-yrURR56NzSPPqs8fF@mVn8M5a^V&mR&7>X9lS_aztBK14=zF%PY{k7|t~=7ypjggvuSq6V zz1J(xMtVW`!nZ?ZH}k(0;2J#|oH$Ek$qZJw7io%=i~-~0LKC$zm9Xxqt-`j!yP1;)nstW3()l3P(T=*7Ee(T}{GkvSvW0E)+x{l zB1VThRTW++;o(#Y3O-ikSO3-Tia^sfJAtLG#;H6A3nNDunC_@AOhtH^cB1ivFd}R@ zSxwE=-PUN1TnI~5)2}4*)i^kekA|&Lq7W4&?!$*JOfaIY3{hM3j1^j!Wy2kpRxQ?1 z1I3>PUP1(DialPOx3o9FuSD5&(Unf*M-Qe<%aiiHtE|Fm<#grZ(*AMynq$X6rjHqq zOpmt~GDw6eEs#l%&DHu4yF{j%so;aT!s6A4NzxQ~qaScZ&&dBY9|*Et3`0C4wwtmZ zx?m2-F5YkxI1Nrjr+c{r%6>o0@)o7X+IQB*b(G6$JnOGt*)4QpNfBg3NwNr5iROUp z6d)h3lw(F}c|GCB@kK9Z38UY)YJfyJAlq}ezJ&W$6NvB|O$GED&BoQ;61VC38Slu( z++|hzhdi?|D5RClFA*|9%)H3d6=YiFv`sUHQD*mWkTXAN&A>7{!np5 z8n}Gl+1BIxX2@?W3J(+a;4}=QPfd{TCquKgzp>sSHOjzGqm%>H46LEg?MiSS zoEk6*ggR*EXFPz5++G&|ijRd>kpL5Gn|EPzow(W!|v*u0%7c2+)595!@Bo!qOl zV!b0k-{|e{e4nXOA2#v;x4=L6yN2O#tE9WrVo08RAz>L-wFvOQR_ZG|MdIsOtlK?* zK00+-T0)%N(Uw4`r5jgoX~t)DfpF^emMA`j;IGzrJ*a-^D~+1=7C=~PZm-T*7PTMo zs?heU-CSl4U_URl)CV-@hdJV@M%_NE?lS0zw;Iq8sO_5;B~;xNvbsu<-nC6Ym2MXR z3OzK@(jnJbh7m~>$Uw7iW0|)Gzpd8;5QEcp!{yYWCjC7je9skM&VG0RlnB3+f@@)( zZke`a=Po-!#>?`FL=|jSI8NnRwzvyx02^4pbTf%e9LoZ?v@+h+_r1gg{)EQ|Gl9S; z4y23+%atuOZIz6i7b`sODIqM;z`xHkABh|!6OgU=**}(lZ=%E4pH#e-A=Igo?6iNu ztvkT|EpOq~l@!ZHUORjb$tmlu=;EeU`?GV_Ky><~^HNn=fJSbfS(0}KfgGp5{EpTZ znDK96a}*3PYWiPuoDLI=r)P!m(ukY2AX-#YARHZ~s&*2^&Ep2J^j608tID#hHg?DX zvg!sWr2p^P|0(3=fq*U~_hC)?zwiNe<0$v09r?>k3|I=ILsX?DrVPH}XbsCG;z(9R6PubXO zcUY0?)z`GLHmsBT$SaKd378e-jQ^aGw9`N(^0gXhd+{SVOI-Ptid1;mEQjQxK*}z$ z*Uo&i**gPHORNQW1I|dR0_bS9fR)>d7js=wRlqPS;D0Hgvw!Hd??9A}%iD#s<5ce! zH-W)@p|1t7M{zs!MP1e5?6Jr6R_>9x{wNaIMnbz%x232x!Lc+Zf*X%Bu!o?K)ot+` z+!yi6Cno$jDqPx)NyInZtMi57$BbI}`DQVL{f7sY$#JVtSAxtDyvtStd9>WoLa5v1 z5Q@0Tp6Ahu3%jw@!k!LrNHV~lz6-6b^%uq-vs&4sB+Kmm36=(=)jZL6>^(FS`FGW8 zh0p&8Selgu=?~K}A*aqp50!k^FA44XyiTzFf699C!dR)J0D9zx;1x;6q{b~iHx)B8Y+ddvg!_?%z;gaUCv zb-t~!aqK0Y6pje7;Z4fEq(1keclU=ut3Te|;Ka4tl#Hb*lxIYY4AR1Stdi{g39Noq zNL3C$--KmOg(U(=z&xtnzeK}zTC>MrtuT?`4i8xWjbU-CL5YPNExURKx?-DvV$;>c zW$S1m@~}$?WkkwMax3cJ1thiLUPspPrwIX=ztdLkkxOP+z9I^wJvSyLoSry#y3k?6 zHw6sqBf6N~{t{tAJkYxK;fCOC@exg_&;Ztbqh;+_0E&wl47_)VvlM9MqtT>8a0_>k z@%MlRyc>HN{$K;UBsV`P6I{pK=CcB^yg|COq6;UEuGezM9`Rx3w5NJ1VA~f zL|ZFQcT+dm+u`gt*LIeKKGwHHFXI9Sa}_#s@>qv6m_)IgfOoUR(6UWG^R3ggx$u1+ zdC=afH-XJSnd@h?fS8|XkPZN-0BT@wNy}gLAl#puT0y3C%w64#<9pt~{0wr$*#hY7 zbqT+UVxw9s)VJ@Ycco{m!f5NUtIqYA*S{QN|?PvRBs`S0CL`r1@6(86-}bZ}QG`6M01nN6U)bZ4i?s zjfF1Kl#5gPy@U`n7eUaHlpW!CNm^hXZ=_krP^C?fjl&ISlp3@%b(Wbq;9S+T)Up!+ zoR#01o|;+U?Ao2u-FVFhyC3bE^%$r)@;s&1WbK@Fcc{uZ-)xut_qxabt0ga2?w)Yk zwUCL+_EM+>a@)>|TsfVYU8xiudLL#HD=mJ!pSs3`m1i=LD<0EHGM5b+oJc zG^mx{ZwVy#`6cgNQF%y{_XNRt6LC(sCP>)GXDJq@*r1%MdhxC^WL|&7K3KyL3y1L{ z#py43j`tupVR>$WWC(^H(HtXoBj5WrgA0o#92_biUN6#;D0-HXL*cwX9+dHR$3i=F zXJVy~jr=pUY$+V3ZL+O!h3f411JAe=Rg#rg-Uhdn@v7I99p1KERX_4rNX&=7KO;CU z>_daR1U7FpdV@xYe&k|KSRuTm7so8&Uyi_I7xkB&+{;0hgv3>t5k#}P1Zb)a5+KwS zLW&`@oz$L)@!Fk>bftRt%a;k=*U{yhcIGEp(%vY?{QL0G*VP%PvuYcoHk{d_-wMTr zeRwBOm_%`aw4yidz2E57_irGhDNvuf(x)Ec%GXes@7o;7Fqpc%`dHRoQh|!>Q21M+ zvuaI`l{35GS}}JX1`zz+7PtD~@i+4n67$UTHae;G`sKw~fqT(2l7&amt{l$uK1J_E zFuu-!f=(n3mxMsppCv4OQT6v$Ey=wn>c@;tLYO`f-`$>Cin8=A`|_Z5dZGd) z@`b&QO)sI2tklW9yN?)^F%nc%OPa#VcjgM1cGajWiu@^ptGwhX3 z^@!r!;IBovOy>brXhT-qs>(c0()b$m7QMo=cMs2VqA{aHcPNqh$6&vpO-&yHJR+io zb{NiMyo5x}l;r*!E0Lvf+CpN$U!~j$IeJxgreghC-!lpTv#gq1b@(ut?8Kon>i#~{OJ2C#~FZZ`;>Zx4q0Q;5yPkYz?4`u$vk-jcnW~xQD z*3dR)L#PxsjI?E=GFu}>j6%p|kmNo@bf52jHDcX%(q^fD*^UL#kUXSyf&-t9sIq!2m=gjBvjlr6_*^UP>FQ0O(qhni+ix$qG z*(#OknYt5S?0%AnoxiLuimk9j^3QMRbN#h8LwUc6@_szF^~6qt1w^Cin+6eIe7{-f zs)3JX!v(@mjZQJY-SANAR=a*om8FKjd$aRbu@8*Ru1c9WVJSb%T65et;qc3OM z^Xe}~mfJit_I156x*$@dqi3&O!}6u4lNHsjOOL(z^i^!zzO(^-Q1-C5(EKka6+z0s zqn1={_lgx1prx{J0Z3OKTv^bn7m^9k_d(o~|2hjq1~A?&O#r}H|96b_pcjK)40`d` zy&;HTAc6sjF1YIfcRheHfXMK7Kn71I;;cmau}q01?s=q+g2JX@Sp{RN|9P<6SY{)W znt2nEw8tmXM>*ox62hVM+4eaoXO}Y1L4RDs8@7HAw)UFQk)X2$dk}?*{>a{Cm)3pFnq0)RyBxnYm$ozJHrj+Mh{Aqg+XYN@c6A-2*Oc@J4^;OUV=9Gw z#|JmK_EYcYpYs@^Bn3q!WmTxIZG!a1Inf>$_g2hngVEb(B6@RnU+A5lo^Ey4@?h*G zwR(rCERrhUSF-!V!1w0j>xmf&s4E?=2W5=DaJR3 z=_8W5D&c;%ha{^{&%P<^U=OSYc2(fH8rV1Gq5gRsalvn6n6+ARq&{2}Ua* z5P%uLVGJkOU0N^ILw*pdcaO1g%o8Ycoo^XOC3m}4k^&B9A zsDdR605`#s1(14!C5!*hlEuJg)^+>pSP!aO9Fzt zyz)8klO3+KLFF^3^m57T4^+=p&Pp6J+RC$~Wh^VIRS@lN97 z8fw7~#DXtoyCv$Of2{Sxy`n_?#SW8})2v`y%jxSfmL z1<(HFXD&5|z(=Yi^Tkt>lh+x{lcXXKk{aQ>#H3>$D6el^m!V-$N4TY9!hSnRtf@F#qewAMj5w2eidhQ6+NvJW|4RaKUY~-gv3G5}DtgC(n1@XVey< zGP$eRkKn;Z?w;juIw7%Ux}xjNZ}QYtHp_wTXVsz@(n`J0-jb#(RvT{by6GO8QB5;t zP~thwKYfl*J6A}zgTn(%00VMRZB-}uGoa-9CW_4!rjQR2Xqh$rl(+v%_gvJ0pk932F#l-Eg`8L8`k5!P?79CR`$;CPXxI!H@Y~_W4`ToO# zHk{;4>^VVK1ikXnPGJY{({LzXn00aVT?p%Ch=&MjPgYhV=vH9I$AETj z>|LhA&q#`x{;JrcDthoc*rc@uH-Lb^Y0DI0)y{IG>L-oWC#g^@vR#n%9U*HC_Jser zC?4WrFmZb_Ed=h5`A41tB8Ai?4&#bXYre)U=bHa)FL$bXGg216%FYHb*`ksJ z)cpL_t0>EPGTWOsIX#^l+xR`^8H>-reD0mV9z6GHv@K%(%?KNY|Jru@wTkZ|PeB!x z5G!PsBpDMA2hEf36_X-AbT?6RP?kLnE`U@ol<`{2?4Oxj7V426#gHW>Z6S zdkd8mJ}q{DQ*wDcj1@7guWqY+ghaSnksE0x^DXB7PAcRX#Kb*|Tk`|W!=ZFMG@TPJ znlP;!`iNnr;3cQoCV)lx?gR87X2#yT)Hoc~rhe0(_;@^2AD>lYZB-nfoln^xHLL!L zVCeGFadm`MFq){D~_Gf$+BiOAVI z7+?n{o<#r--7I(L=4I>KXPU%m>zoQDmCSsXjrucYt#f3`4Z)#lr~X{c<7vpFgTCk^ z)P!e%wth)G4P>_n!-oaA=WUQ2NV@mp*YOn`zePu|Bbv#d$ z`nq3Aot2d}G-gY>t}O&Qx?eGu#nZ?_M^YV#fZYYoD_hQ7sM^gwmx41U&|0qLM< zyw-4g9O~~StTC?>6d6TF+xh&mZB8EUrF{ThV_o!M{c3rLlG=6c9i@LZQNe1$2J_&j zE6B!A>+0&boE{oi$eO=1_FfFQn)Jp(pB2d|kCTke(EAyTpbOJ|{#8{~jbh>54O$*J zw*2=F#Td#!JfB^#i%%y#i)7z<7W;Yjt~LgU3NnTEDT(Y}$&xmaU`}fVp{=cr+eAkC z!(v&_%fq8dJOE5&#Pn|>d8|`a7iK&r@_gg2lSzSrflmXvi%aGtpG2V_ID_mxa@dnD zT4LFjkdTnq`}2SKLcQ0gD@SMv7@71YeTyzSy>ROIlBu=Ab=yeW@ZD0$P<3l0J$j6|@3Cx_nr>0R zM@@zuT;S;exT_pFBV%txt!B1O7<+lpIkbC+fFGDf{!Brk3&N;1JOY9ShlfJPspk6d6_=ZUHiLc|X?@w>m& zD#p+HEe}e}}t*t>pL9PFS4i1K-;tT2N>4%IWBBb%l z0@A|3P`MDkq~&~zZI;4JNJyBUr~d>pd|r>KUAEb6MH9A9&`-tuT<2^Ab=)zwwXi5k zXH-s5T!@v2`9?@b{W}Qy!7dp;!T5tCogM)}+WNUMeNwexHZ>~?NEfbvL?+MjwN2@T z?E=Gs;b_j7ZgtN`7(=R(RI`NzvB{O=ft8g3^>^w`oVQcpq&hELL9VXGYAxp~CzfhH z6O-hcZaA>=IjHq;Oe)iaWKTT$jhE0hOeUnvhWSfuvwEOa5f{1PL-(f(I>nldF*E~l z&~8`Y?BLMx?)gB3BhcruI6!k_;s;5%LApIpN@1nTj9F8HTPxP!9oRhM8mgO+ie3PMEB`AfFiurZC&S<;JZcG@J%K$X&KN-7hxf>nM~nC5Ua`yrM% zYr(MQol!+NN2@u64HdqV)=zzyeTt+!Vbo`@SEtrNa4bR<6a3N#vbnpSu{ zVN}rIx8IkO=9I}&P)k8QLj{IKB73fibY$Xp$a=T@xai@2u1=YZuZO>vwQ^QC}^yNb}uF6MQ8HrcsB~p1hwTx$3Z16v}g6hdb?8K0~QN)v{WYF+^QgHmv5F;@Re7 zJ8$#I8{VMi*teE!T}G4yHLv?xer~%bz~>tblJ$Miaxb#?`xJgrL;kaA4%b^4(5Cea zmUpadBqmC^`?WL41%hq^G0<-KaV%`_djhFuKyzZPq!x7Th3ehvk?P@*__Ze5o=gA= zZUKo*AW22=&dsykvPdQsvyic)VDF!M zrrpNdYmY^asN=>jjT6SU#o>0QAK$g@F6QHdoB!=E^8*6%$53Ur=Mmw2x7U0>{uvj? zPY2TK5|M|3=}A+`nwl9I)_P0Rhk=_S$%^iwjL{$QS!|v=D`PjfEvAV3!Fyr`c)i{* zf*3)ptUKR;DK%^==>d*=l~lf8h?$8GHRWDn1WMx6<@27tK%OM-_>lS@X@wH{T(Fh2 zH6L>I@(v_oPXTzRdHaq5uptZ$4Hb;CeVM}&oLrjh4LoS!=Ph`dY9BW2*3E@K>W1!X z|D_bE{h45sn`o%Xipx3-TV1+YeY{B&VwAj01+&*mPN+Q!cFnIOnW zSK^N6y%?{9QCt4!2XQ{1yWT&=ehV=^FZ2N4+fnN7+Y@9WW$JGHaPQNZWy-TWxs99b z@$+`oHzcoPdO+)gALD0FCE)ob1Zj6>Xx+ALmzS9Tem^0{BgTx|{UnOG?F?0`PmRyH zzN?-647*3IR)c$QZ%=QPpC?>{^`y_s(xs}kqd~h`vPbjH8Dc2POme;{Kk#{S2)NhA6=CB&Jq9(i8;OIM&8z`d1un&>^X6?yQg z^?W-??UH$NP52>(*gUN?0$JPr06)_GFfArk8_HPr*Q1X8yJgJg>+6=aHz-ed*rwy7 z%p0`s>@vaI*3+lP|zIsicROG(ymD{vm-P!WpBIe=y4)fx>aWiXp_4d%- z)&BZ|ykWoCXMOd0AYOd-$_Qi}sCC(1lG}8@)@t_NR@(&0ID+suU&US5-HYQo0?X#^ z-#ItkcC4?SpOGhoKc#Kk?ija#ZzIGVcaU;F7C^)+{N1GBOI1e`nMs1{mHRN$?6Mqn zer7PL#NeQ0X5Y9`p#&19fM1tSj5-?X*?e6*9J;dgQaEDRS)g6BgIDvr)uFMQo1V93 z#;f&uPtVZ2jW<+qGP_HZFZ>uv4R|)GxA|R-Qu{>h<042_E+8#u*skmSv+Fc?nGdo% z>P>vWam#LT(AE15gQ&jvycD1B`2wG!^0_j^#&e7NN)S0<>$2Rot?M}s(0UQ;1UZkq z^;nDF{jy1~;Ntxm^l;Kn?CXKodr$tje|cuxmgjQS?h9bl=JI-lvFSdq&DeBa)oDKH zf96dhE7aw8SPnrZOd6xAe#zQe0nNbpJnw~A|NR*0Z(4Cim{Geop*Y`cHT)Mx@Vdj2 z>db`{lUYQYygzjgYptA$E8{(kM^zMXpj8|*DaUcj-Bir)vC02OIfvi(>JkCe=`)?p z%jJE(QfnGRq@$_Xbw4K!aN7x5U0t1wO*TdYC#&Irz_(vV0Bzih>91vN#R03Hu$!}Z zcs!;(H{GV!8Xqz{?}PCl`5mtcPD=+JyFtPDKi{7&EBf+gIx^+^?Wk zqJh-+lunn^#uWbB{VSL7vgMc}dO!*uhX zXwx*G-H}<|l#3iTOC&jSzPka|%k+1cpXJ1@2bLRGD$9&LVu`#L9R&sCl5-#PpRdI` z<~eUm=gZy9cb&ciH7G3>69tkom6FQ|U& z@p3V>+@|IHv9Z<0R{u^s=i_o-&KLClwds%Ux4kXz`!?W@Be90p@n#*@GySXBj7j$} zJ%Y}w=FOLF zYb}??#1MJ&NzB~=8lMVMWZupX+CLt;JyhaFw%&Vh6XX~^_vR7gKIhR6H&WfbZi|dh zC()@V%D32F$+4lkKhCb8W>sOLes4FXq@-Lv4*_&;47=~8ZQE}hbNCaDaS1`Cv!+O7 zc18b%&?+65J(%j@ijkmx;%=Qj#Mi2p=b}KC=+|uIEs)c=43XRPq}oM@EzdnMzt7VG z`K<*^Rky`-GvDJSXv?#rU?J%0rJlRG?V~3ohG+8#My}NL>?CIWapr;eeLKok+U?~y zuHdlfU1?Z*zwqpIX|^AALg6eMH5Ju;>%-=VZqOyP~Q$Xgs$L7y;&>GGgOf@ej z|K}&c$Gk8#U)>7cd*kxQI{wy^QqJewgebPo{ri<~cQYRm`q$A&gSFacQ1bp%d79a2 z-*jF)uo2qpJv+D-yEZ|!KbRYMhhOD>c)d3XdDXdN5N8U) zZ7-)soby=`Hy5jY9GICO)Fv5T)BVtCva}wjHq?rtWfj2ZKnY@-+efPV03zk z*9~o6#;bh}X2^+o-S)FX-s%NY%n(9s-KSrXWxGJpuiY;z#aA8A0y+USXV`lE7F`nv zrw_lAU9Fpd(_bjD^$|mk%=9WY<`4d$D$H>X)e&fmqWczVw`>{U# zasGUi6BGJKnW9|>!mOTYj?101TW{_(BI9#(%``m4!AzX5Zer>T=u`0pw| zqx05L4-Ia`p+b9F1@y=nsi%XyDjX9~p2BjT!UAE8@n{IxBsg1Gcd5Asq({=wshM=~ zxsOBp*;)^de6J3>eO^AWZ8k73p3~I2cjT(uyz}vTN)5lG8wqb4Cr}vG{^w0Xe$k#N zEd7~$%*_50uqJZ78hdJ$s;IN7*pXl(o1LD_E^=x0E?d7ieV{rCgHF4?-V6)}( zVWh2CcbR!3_iJ!^F2*!?TPHl&V$j;T{$Gw%#U}RaKLJg?dIb&<@gIesR@*7MBTQe6Q#AIEgI0ypj%kiTRGk0*1QFBGuZt;As-{riYA7%S~(1_(F zV(^v8LQT;^%vR~NPnCjIys@FWy`KR-CvAP^0bZN#N7fCw&(H3Oe%O(At4}))8wN~p zy3&1la&pA4OU>EY0Ch0x5Ke$O8?l*lH)r7Om;G#?sn(3ZQHlIxi0*FyzmH{ua|Y4<=LP+kFXsiLmcKaX7l9}JkHDjN zsmenAXLiD`(tsQcyRPv6euez^5`?b-s*BH`N#O9z>>}QUew~$(88mVK%twl<}<+ zXXl5u>U3LJPb`_h5O3jk>Bg^-IJ#fUhcsK4;(mz`4hJIy#d7>uB>O5^xS_(@v>qhy zEJmk)<(vXg!6^PDEuS+eWui%6^GG22Bfx|y`+-dhkzX2;ihlXG1b(u`*HEU8FRhSm zfr_mE&BFLnm(*IlO!Vt?U6Tn6^LAKEPyV;C;(rS_=$B&sUs;5p>m~+v@~?#@P>&tf z4e6;yCe*b@cTG&h>cN0u0PtynaKeTU>D7}XIDBYdEWWC;4 zs$%SH6&#laPWr+EeI?syoe^8~E=jqOJ|30unzaJMmpbqf0vM?zGMZ`NorrUaPnKJ% zI^%7B8rR0jA51sjPQwnrDLnP7Ho4{z*#b%{7ItTspqnId#La`Wz9xtE9Foe1Y3>1C z<@lZes_|;+W*i(q>hv22V+w@bJ{Pew%#LyUX_!jQ%;=`+oHb^HiSps7ReuMu??n99 zTAwbRNvy@!=QN>9gnr;c5b0&=7RO=abT2eH)l{ zDA~M&ZVG^vY-8g1evl%Dm4ITV4OX3Htds_~-2L5fbeiEm<@N4R%+!tsWnoIePo}op zC(JU%OrB1fXtDrH>;rb`B&mE)^+1>C?9}Xy_at(S7OSg(#K+ zN-y!)xs^d#bZN|CrNYxP*Eh55i_}9O=J0t957;Qwq3&jfeeMNA6M}i|}XWVpv)#gU1&0rne;2md_a95*1Rhp6I1XR0?FHIyw59pnxhbq-)v8u9uWjZIv8u(R z_#fd!ZWuZjQf=MwjeSc{f33DfMJ)p26wuXnYw%1ad#t4UwpSLOH3B47q#)FYY~}h} z!ZIbF&Y#Nb%8~PBwDH;Y{pqE}(KP-VJY@1TPytQrN$Xac1}_@XF1c#sdSk4_|a`AB4jDh*TA zKSmRU4do_L!MTnX>@pC4+uo+97~kE&c0>$Y^|R>pjOvn1Ipa5l#lIIcJvA3_360Ig zcY^Uni-t)q<%H*hf3rd%lNU^8 zYs?+MiAsimW-CqF1638q(_yY>Td1nztXlj}Yc&akINV^n78B;T# zYzBofj8W1a*A`B<4~W%{&xcKjuJF!0rm#kf!Rrs+T0BnDzu!1AMN4rxsoF#A8NSJ& zOZU2$x>H#Y0=gcifj_ZeXdbh_Fc05T5wB%Vjry4QOde>pDY`4+= ze2(x;G3Kb=w3IQ0s4H5B*~D3L*>Qia^0(gnRSV24c~$FX$F(TFr{@EyZ!suQwLvTY z0EN!9TFc)50UK96?7gG4Ea{#Lmua%EDH~- z&6T5^f_|y|@@2s=>9y-`i>=p1hRl;UH*cZurt&k-4CFQ{rU;y1FoN{R#;bhZ4qnp##7 zi9LVDV#yh#o3a^-xRzxKO%DHi=40iW3V0W*4sN7*c$Y$!d3b9lL|y#Z3)LF*-y{0L z#UY(kp~Cn?8reM&;;euKAx$@FIP*QVzixyPv!cjE>ClLRh|G2^1m~cWyB!WFBW26d z@c;T195DV$td}GMPkVnN+sBKoqeYIo7JgFJ+iMsWqWuu6f?mS&pRW92$R8NNW^Y0T z78OPf7LV&mI&r=*2c?ie6G2zGhQL+UIEUzOaXwJVp}Qq|ovEmq8tD(LiX#Gm#z(m~ z+Z-mfb}cs}tr8IQ`dOfvN6Sv05F{Iup@3!j`0rq7#*{S;Xn*Sl^I9$y?2i|>p^SnX z$bS8X3lxW3m5gJB*Gw`r*L&y7bZ~A#fa4uxdza=6J;c{IKP5z~}~!;nJfk6^Z;ey(1! zU68`sNItYnkKN?0y9V8#nyA_>b5;ql`X(p>6q}LVZ>zo6y}$OY(;oj2geQFeONA^| z&2t|_VXms+JR?;=vk^=a{LtEB;3FQ}GdV>?wKO7uBIkcGbn>UgWE4Gkr;cmJq-I{E zbaZIuQ{o@aj}m0mQMc4anHF;E2*lmDy^C8syw+Ip;1``b#r{%Mg56~%MinM^`)xvc-7??Z95yl-b-YL;l4BV<52chmMgO(MckWGcMHY9dNn65JixjcMv6qvS zVZwD}rpTD~4&*wuUY|B+<`~?A6oDOdT`$;xG_U655fWKiUyC0-<9(J}u_g+h+8*f^ z>115In(u-pgiebM^YSdyoqJ;*ndxS7kJ0q@I7Ze99q`;o!=I6;o}O5JxrzzuVTkg> z+kMCRLr&p1(lm?;tgH~u^|Nr1bhy=PgBGz*(VQVCF$*Y!0XPmjHcAPXP$%S3%fYio z4jWn*jdP3k(q9Q)5edrbYq_n~A&%?vgk-F=NcbTVQR+G~GynXG_ft1QmTWJlxLVb_ z=#BQHS~uvGCSJgQ;?k60|iT4*}0?Yjto5zkOlUP7;8R+%F!A zFMs^vt_9RxA0f?NOg&u8GKKW3T>f8)W#rGG@q`E%Uk9fn<+A~4L%_QUORYijDG*ES zhzb=WtiMJxj5^+~Dofia;3~C7cQl^MCa4h(y$Z^FqX9&9*s9sM*4Hk;b&=GDn^Do2 ztfjze2D6A#(5)t!Bhi1*LxID*K}0y3ubN8X_RAbAz--Ehn@N{|e0+W>x`x9rUP>O$ z;sW)D5(?*V;8LXH|Ci4CVkK^Mz2Bfs4Qk>3YY9*;zIXsXz;BX4#>H z(`YG66Eyr%A$6?+Z*_K7gqfS)Ushl z_QJYqoZ;Li^02;rdabQU>kGwMhZFH3=H&y z`=(lyk%45V#ar3TzbZUvxeHLN%jAf(a>5-PiOoT&QRsy@CukybJ}><>qB;B%lW~G? z!{dILD9G`7OHgw7ADSI?6Kipihhh_5Q4+tXR)*c?(+7_`EEN1|!x~}uW5S9i@&9^= zlkEMkW#EGPR6y>lq&c*~TUO`-!E7@??8pB`ap;y|h4w>vlh!~&6!K%zqnRRG>JWvx zSFan#hY`R3sprQAE&7r;Q&b0LhFENaJ&~>(TlNsk(H>5Le~K66-2AB!9;YSFHh6VZ zp3jBb0>SWK+4;=KofP8-MwxUCF-{U2;+yc2jXpfRS(ZL5s?@~i1f1%qQRclp*a6d7 zj%S%e31O%bvcEc&!;=dX39_pOm*mh9h5nIyNcrZt@knaXzN>Cn4fP85uoojg47y4x z)&p84^v*QsqwQ5Z#qUCj0!YL7VXr>Vme_5Ts(GQ?qQK*E%KQGKDj9xY$+3O!i`~YN z?ehwU2J5VjQJsL_>*4v~gbyJ!VUeHp!pBVD!&OuMsGjA;hK<-cFn8#^L(I|gtkvn! z*@9wWP<9*Yv?dR?7f-S9UOy<}cF3TOx`XT)`(C(j?;k)vyHUJ9$LThnz0>A&T8U5V z#$R`ZaP31cX=BTo)I}wlam%U4C+PyXZ+ZN|<0xO(HzYG##Q&=Re17;Qat>|uw-^hJ zsZ&`wi5vdzm2xwo?oi?3z%SY^0@hm@87Kt5>t_;+r45ize^Z|?wP#*&>tv@QMMu&9 z+lJnv%!-*KFoHvB*}{X)ke?}daCa+w`yXeJMY>T{eKW|Bw#DyRWm;krT}7ZIK{1dBL)kbegi($Up{@Y1AY zCAM?ckMm>lt*YSo0?+GTy%{?!R2tU3OQPY8ctPLs-aj3o@Zga3?{xbpE?W}&-P=H(9K zG9?FBChE#;j@G<>#|J@*!`AciM}r-lb&hiEGLrITZ9CIJ489bGw;yW@&@ zs1@lht_q=r9g^Dy4@blLd%o5y6JJr)dgy2B$%_14If(lPesekQF7jWTBA@b#a!hQxA!ZO~7&8KsquLA@AREw?<(xq5g^_^dvJimMLT6 z_O%qE9R9REuotH+I9h@ovPoZXsI+6e^Cj2{3&Lm}NrUBbl7%_>zbKj}<`)Sh9m4^o zaWEwRXGarKfuW07%Dv4W=!UKTVXryVNDE=U(YoncgF4ZFM>Plxw^_J}CXzcEn0i2D zU{3qmNch=L`cWef_os4LovqsjCaE>sp~-!W&7733pTwCXF*}9S7XMkOK{pfz zMcH+G#-bVe-%+(_S{XLo?Q@=0SLSy(?b`{X^(nCMzLr`WDdkd%+6O$r=BuS|kQw&h zq%m#wo5j-bX-&ottl2Z<8DOtPN$q=!-yXJ6RPxy*D?wL%1YwvJ*=9H5qt^zK;VOQr z#9}}tDm+`m9SvZwPuqF^`z+m;jxz13lVM1CqhEz_Acn>dBrBlgOFQN>c#V%ZIaI3p4ZjJK= zIytTy?FYr~w$Z3FjNeW7n~CuKR>A{mAY_enwnZ4V*?AdLCx5n7vVP(!ScD>cF|#Nw zjG>EB^32(Fdku9d-}-r0kGq~ctHjXnboIwB$TW#*5Sb6h@xy|5kotcq@6mH5MqR;J zhohzC%mXgkFO);q8Ml7E8~itKbL zCh7CKLnW{&xx%g5rNTfRxGmbjhYE_b<7b{W(@-4Vh{OJl39R?G`IWa8mQtiZ8_H1= zgg8T}f+!{K--WEi?XQ>r4U4f~(S}jhkk~9&M~{_;ItC83EJiZia?_XqSEW+7q)A!B zT5;WW_Qo4d%aww_4!yJQ(ta56zVo5n?FYnnf1~wMhv8(ha+3c&mb2!3o41*gASdo` zSE*U_0&5g_a>ZlYyh$M;BDx1$r(Riv5v1d)BgzR-k{Ff^)k5VweZ1%+Sk%g+xzN1z zDDB!5EU&XeDbWNyRH-t?;47kIqLj>#2d>{W;R|4{fa>y4WEaLOyU?VAqTQiGq!%pr z93;-{mDB>1zH%l>6yLvncU>z8(78tLcg}C}=}VyQ`*AK2oNub@ki#wR9H9&H8t? zJY&W|KXDf-0p~{5sDC4$&2-V}f$#m`IBI`h|K8)y^GvPz7+*z)lnx?BsXJKd!{+|g z16z=3eWj&Q9`82S$a!++pE%zO zI@B(fziH;8lw4)||0oq7%e~M30Fs?}Na4g^C=@CzQ2Z$+VReHVn`mhdo+KTzW|(8W ztnqag@V-|ihT`-m^wt{=vQuwywm;Gn?^TIdnAlwHRa}fglu{dB21LuHND-zadc0Z3 zHk;o#Wj#sC{U$*9XmD9)KtXH%J$L%hHeD)L=W+Znmq8pZaNw1;64Ky?(yOBDN|7J# zrSmKeMm{6#f6W>m?1B5N8x)nWje>jYk3?~ZusjC^bN0>4CrOqUVruM_DJ)GQbGTje zKC9$g)FMDncjS!^USYL?<~tHiFdzQd)xCZvhAwe;L&PcQNwd%677>k+G4QejFoR=pz6Be1&VYg>tI29CB%_ridQpINUx&keqc-<(X(tgm38k-mPBm!os$l^l?4) zrtFDEqg$%;B+{whPMPS7<-;EokGVyF1eEaDIU>?HD+YtOT%K1HTA5{kU~x94oCR@@ zx9Ez!vm}KM{4nKM%#Yq*zp%b9=i8~E2$S=4j(N&dry#YeDBOu4`pobfONW4mSn_)E zRgmVd_3+y0eUijX)MCm_X<{-}{rPJ8ClQ{J4yd-RDN)U-C^1lU2kFjeCe|SzbN!q8 z#(leDLw@o;1%WJf?NWj;SQd=}M+@8ZZ$JNAN^K>9TKbItjt}z<71A2Lu~e%Ar0NPhMKYfmC7Zbma1^Dky)s5_eQ(;td#Dy18L^r*O_m1|J0P> z$UyxU3v{CK0kysF8&fU;ZpfN3S~)O_G7r(11?Noi=jHWa6(3VuC2{7VOMoB;9-X;c zdw3O3#UDm9zf0Na`renW3YSK<090dY)MrWh#9%!1F0_TwI z6d;jBnDnJs5xE^YjDR;hV=*0xo6bR6Mt+S@Z)z$Xoh{+O!_gSyB@8AHf#OO;+}y6A z-X4|3h~CdW%=}+$(SJqUe#-hcw*2XPQRQ;L_?A*;U7O7_H?wqR&KZo*NPQVMNuDcE zSysS7fM;*5bR(J?;* z6YoW6L!nn5g5-g)wK|SF5QWAuvOVLUnBIC3T2&)avj;KC_f$eeqDRg~j>}G8jR`+L$(AQJOEeap1*?qPv=%#J8?$zS3t|MM7kzx+5PGyvF&uodfk7 zM4ie^uo~r(_e$y=-aq}x17pKeF$}iM9^?;IECJ-GMzWq2Q6AQba16>0Be{6)msghe z`erv|O^i?-9;6ul@bV%B-vv-VBsw#=2ww>bD6lKZQ-H;|etzDCx#PWE`TidEE!jMp z7^guKfkxx~|DNM^ofoj7yGEC0cmYTh%hXI5sdCNMYbVlHMc{{*92Fc_Lx8=MnTw2}- zYQ;#25cPdM5=dgA9mf(18i74IDs5TFRJnFD9bV730_k^xEm$sBa8G!cy?fh-H$q5b zrCloH=d%bQGtEc5@rSc>(cNw`fc~}dpiGP30{uv03t+fc?Ys{}6k&4W3fJ)?SJf&y zf86!?0j=#-Qzj%qZU1bPtL^Vh!pLE%<;|q;S4aEThsXb^mD?MxA745=Oh#6p` z{>xJ(wY2&!z0G2*+;JAm%dFf98%JNXSYzaT0M$V*&s?M|`xyerwbpE^Uq}&2DkIl+ z@1ED;AiuUVD==>~D*2N|g0AT3Kf;9+@QUpIqtA*GVc2xD!`I?gW%9(ZJbLeE+sUyb z?{CO;<=?qNmuU`>Ip1tW|6&(VG-BV#!cD6mn@lDc+;8a)=bxz@i~U0A`y9=AfA)Rq z-$J_lR5W3VZr9$*Jcm!xQ--6FU(mHw9@Q|5k*$QVK>#&*SS$ba)a6=xS-M$K?wu0a zxz(Mu2&c|_+tMg`sZfbqzNt_d3!j36AW+%WBaXqRZ@g((<1Q;)@u~n8T_c_mH`K-? z;5pMmo&*=+$=`wl22E0(LZV*+1R>52++u%I|8b;O9#f#K!c4Xx$63S9Hd+^cN^<>+ z{gum+YBs+N0my5#dI>mHp#Q3R2CQXhZv3Jp5Hup3cKl;u`p@*cKg)1SyAb7GrC2KN zcuUA5{Z&i(!G*>p45)Gz4NB(TwdjYObON|OC6r}&#R$Ar3 zc}lXa?8dSx-)nr$P<y94kMwAhpetRa*&dAA(-Rb1PBHKvf~C zzJrL*3*4jgADtNXqoY=mu?i)o+Z{vg64rMTIUlsiT&FDWK+RkSAFP^IA`p{d2x;aPUD>2b$II0fAucnMV6j#}RMxO@`Cr?(}uTE$i z(Tyq(YeKyc??OZ3dL1U4wO7I?M*e)rS3Vt6+r62tNpwI_aSbGObPywx7PKYTHX6aH zA4lfgsQKx7<7S6odG-A!I`{QcddWKsg$Sun=r^QJfLN24hpx|tTJ;7X+CzVTmUeAr z_5&=NFk6#+<9ggD4nBuCzCbaFv|7{`-d6LgwSeLO)ig7JmK;hZ)d$>uxgN}ke*{DxbnVrkKAi1Ob)ymH+IC#Q`H{t_!` z%Z4dp@wWNoI^E>{Qb`(+=t<(QL;yyqf@M{SR!WF+vL2k~Kx5uW{LSw_srW-gvFC(Q zpXK3@cAB;;w?`6>$V9muOzmlyT@dXJZW4yxqd zBHNjE+TcSAPj&v?s$l@FI*Ey2S5 z{ktp%{~HOm$kOm3ar^Aw^5t+ctq4hsKpL(qh?9CAdWjBP_(CHFpKp3ENM(C_V>`fD zWtwf#tkHCxFSxt|N9(CHJGPeP>&ua&8g;3kRYBzDB;=#a)a^vy=ov)NP(n0hGz&Bq z!YAChUG%h&&q3l8LIkICPF#PPCSB@}?gB^1J0U+rMJ_x; znyMPxRY)%ilqcV1W?>1KDu7EvhkUmGMNy&OjTZ%tI(Jq|k)Q0sUP75xbT*gORo+vq z{BkghgV5H=10&Ay-&G}fs4;@QOR_xm70U9VNZp7)Qiz_>jTz6g%=# zk(_5J9_F}Nv;(3Pn0-$Zgf;PQ^*Y2%qvWYe=XrLxeI2Q26JX>aD?w0Q-LAd?@-}{V zr@Mgif3?8R3P9-C{xMh1+||3Dm>O2$M3;&f50mzwZ@ldjPLNCdifmkXJ zDBxs-u@zf6!X=>{%2Q&`CgLQ*XH$wyDepc|By2V5ml?QU`y>%_5=8r~BlQp_fDBRKj+oR*^6jA?TDYkpkQzv+Y ziaiu$FI!~|wcCn9C@q8ARwaz7HtGqQa)88Q6s z7z(zTZ&`?7LM68KoFyD5rNu6u)KWC;vA$UK&@w%D>SyRbb3H55rLR8E*tS-Evj}Yk zqfyo}Edjkr8tBm}_-oqgh2&RUG%3}SA9dGV{IsKqrK!0oy8nl*L-ypFh8ht#i%kgh z(jN34-)lJ}+3z1WA#rp~4EP-yp4=l|#vg@*^xhnuk85-J*cwxX1f*UUaE*CSq0OQR7EYj;z$PcE$dZ(oRi>s_2l{9gL0*( zBwp}X_AZV$vsmD=BVQv0yr&QZ%|wik(;DrjzR~A_85610Ri!1kJY~Kr^)FU-Bs8$1 zp*{%{s2Td=XjPuTa*`9`#^Q$ER?QtQJ5jv6;duKKr_xr%?%3=5wJ=RpL4_Gr1>w-A znpRMgN8s$mC4dLHRYjE<>!W*Vq1DsV-|k|B(4CesOHt&jSL$4WSAKg{<>o|O-y)*H zO;bUT2qlc<6~|;L0^V9Oe6Pj=q{l5MNr2k+jm5|ugoH3v6ojBDcIgNV${UZD5OPm^ zzRGq+ONm}>$$sJTI$Z<}NQxNXRyW05Zn!mjmdhfQYM?uyS8e&Bf~?Bf8+Vx3ZwlpS zQb|5uVgQlyA6+nOdu#9Gk|ucby8}?qF(Wa?I5f{oIK(d?-==kOV5NoOT7^Z_Gt1q> zA-D)B*FRv#&u5nf#2F;8!wg7b;9s2d-3wfZ{m)xtEbs1#$o8*HD>p5Hx_Ha!kml4% z(tDX2@^)7}HjPY?xN|{O`V}UG+kRUG3gMSXDin#C5_$(?dOX$D5 zY-8ye|2Hqn{7irKj)%BN+84Nf^&On!%AC6)cp>UWG z209^XVN#hzcntjZJg-RkVK0KAU$wJnN#5Nb2-`UCwiTJ)f(LjA3!Uk#>*Kf^s^w%bFInz*D$6K>a}<%3U(E^FuExJ`75j%WVy8 z05na3J2QViLKbyS>S?H_XW_}*r_4m_M!7-I(TR1$)PH{Y*S~>I(e?vLwezIB69@*W z;=MCovn~sxbzFxXm|ILHo!;U5B}(wniX54A9ua?_-mlq}nL^ zC;qHWsB#x>ab=o?p1^24&qh;VPmXF6a3ne6pl=0yB0Exb{&Zh|+o#HE+ABUS*?WZ8 zM$=MDK@41jSiO}ltymL#X~`XV3YK?Pw$ct-iB}VJd@1+1j-yVxw7(zewjipGYY589 zD*WXPqxCvMnMW-E?%sA=z2p)&CaB<(+i6g)a?BdV2(T^%_#ivSWIc(KB{rRMV_F)P z5A<@c@%eBl?5Qm0EuhJwEehWUZW!v$ zWc?3AM{^%q=GXTzP}DmM8v2L3oZY9+7n)*2`EALr5u_av#z^ipaWa1+sAHy9T$0c6 zS};hMY07f7;2p3WHW{&m5Pb`9HTUsxuBI)VKy zU(D!Etl|TkHkZi*AZgAq6*^HOiZD@5PUa%S##PRYWyIIT1Tg;>YX@w)NIilx@0_4= zA=17h(Xqca5H`*MAgE>5Ua>!9g~R(*9`**ox(0YXvn*O30fj(~r0J7Xi9v`oxTkw` z4Y~0mviI<0v(+sTBAJ6Ze~SC^b_3CBVua*HvuiBd4ttfpjgVA{{;|dEqB%cqd|8MQ zR*$IrqoQ#jh}m@!OAMuCEJlPWIUb@&BR(j01QYruq8b`90UyA)H4Z7mQ?pVVgKcvl zL2#(m3kcBa;Y3H%=cnPZHRSc!L1Cy;@13w~g{Z3Z({!TrF!Gzw)YGNdk|RNNraf6g zq#1T``&n2tcuKntaGxK;R=H}6SG;Bs2*+(9TqDiSz7hp0 zcGnW*5Q&S+cm0ObOhhJ{*0^Rvc(TO(bT24fc8CCCKee9U^mF|GcL9PkVmvohn(1=)EERN-P2Vo{|8je49oN^}B2*%n zHZsh3=kI_a&FyR_F84!9t#HCGvOb3HqkB$O(J4+hrVlrZA}{DFhpLsU%wny%R#EdO z6U5p~4@EDTDJ|kb2hu59?h`A2^ui2oTe1D0_P#o-s;^rYkOq;KE)g~i699-S3|Boj>mLT>e^nk2U8UYrO9mbIm>H7;t1Fb}Qq) z?r9B6iTgRY<-vAoQ_8(Xs@I$`Bc3V$T8wMyw$k7=$he-Ps>-|>DfD022@%lZw-VWr`L0UnYJ>NjY_6Z*Ukt_xFD7z z;qhb9-tgU@YC#4ilxDR$-Ns6~R;cdC`T6|P7HTl!&M1dbsu}p(&ek835HWmppT?G{ z>{HX&eq0+HMVc7HPP`~o%23~{!=TlpjS`Z0vBl4I3i%T%WUR_hcC`cCVuXL`SYcY# z76+tzQ60pd8WZC1WQsmjd|Ni{A9qp~;QhL*`nb0~mpK2POq-TEa>xbYa;BIgn-6Y< zY;cQkcaxz-Uu(I_!}H*fgm0**E?tx;^+>XQLW|t?B)Im9Kc{fo<502#@6Ck_T~$*} z9xNMtSuTwHWxOUv-Kh?|A3oE%3*@3RtD!2)^lRlojP<73RdVM9ZR&HH?C*Fs|(9uiOQp z2nw<;z0E6#s7PC>rjITC)8phz;K$EGG8^%H^n!sYzXaMvnSjIjew4v`_bujitQh8W zcDMxunxr0uydSV8N~-e1wN`(9=(2V;Q^{A$`JIc?Up4IhBjKlyRy+6c-yptY%?W0I znd4$Dv?Y>r7Csl65j2})6cv0~zeYB!K`Fuz;7t1d82l}UYC2amA7|6|CFvq09}p#pe*rc39-$wi2wJyrbRJU z6-b^{yw!_aW#QG3#sbT&!B8?4-kjayN2hDC@Uc*1mrwJP1ZHbi*9OyRbI=QW83H1y z(F(hzQx^QnV4Hyo59?8*T(W)jGB!0j1ikE2L=OQR7c_b0S93Xvu2-L%)307*=LgjI zLR8&)`>i#<8h>bzH&@<^9-%rH&MW+gg#mF)2&4CYRiKcMd8z(FUBU%10^M-d<4L&J z`9OthP&JjE9u}e+=}z~Ev*GStOAf!e#2*7(?15>Me6y9c^~iZy(c(Tg@&P3@sXr8; zkZ@a>k2KIX`1>JY`!~WF5W~#KN|aCghY%nQjWy5JGqk(sBepo~=Xabsk4q~PgD(=7 z?_Let3l#V8-u=8HqiQN*k1YbAQ1L+n!yYR+%E3ArX9VRj;%C%w)m#ba)1=fXnfdsD z6-CwiroV!85qTXr2a4*y&`7Do=GUI-p)*9;XHUxQ+XXRGC73Vv@)$2()2e-^CrJ@4 zUw2?cFFNz%bIU8FmpeP@+y7u)r$<&vq zyX%gwM0hVc7NV5BFDJH$h|+qo^NFohnxp0u`R0Yv-(2hxL#j$2_y>Z6P=7mBJfB_!EzIM6KP8W96gSp17zN;nN57P0=GB zj3sRY6+}hclg1FkG_x{Pi#`CM&~7~IQnDisBb($RxY6*r}gYmu=w)} z|45ZAg%e$YyOU(t=(cUv7!~dI&+=_;ge3??_yT`5jlL1*W)F#SJa> znKY)M)b-0+gOJ5&^S&T;EEHkq@~ntdbwt$p5KkcIC3UD@g*C&~Vovs>F{yc}H#WH9P-P&PmF%r7|RViq=!tTPbTApHG#QZDJS zPMN0tjADHW7#=(g-G*! zp!bopQ&)h@xD=t-4C>@cW+Q!*yo6XUmb)z&{G@!8*X3UpGQhG-P>X4`yEZdi+mwM{ zlLpKP-;S(SnCF@nO~u-(j+x6QQgO|cZ95-Vyu4{MXzQ&9HdDx~M7E*bc^5w>T^?69 z(Pu|eHqH2EJC?%V&4~yr9<6v9k>$8pkR_`eJk&bUxj;2vJhy8j_6?WBBg|1GCUtys zR_>l!?55amv@JilNOFj~I|J9Ulle(z&OG38$F{#x#vPt+BFy+!lxSJ`wAl`mdy9tCI*R~J+A z`4b^SiN7c}M6rEeTxXdqkc^MGdZB5#i)E};ONNv#di9~$y+B@C076>(lX=xKz<|8= zn^R|JpR1BK6L9oEJkC3{jY4ZjDpq(XO=i9|&Exg%1s>$6FqXZ)68BCwFckO3Cz8HcZ%M4&9=iyGy&pWOAu0d9*Zx zQuo()U4~X%UHu!fZS=0{?RtuQuhjAuT?5N6ydTzB7qY*Ud7({yaAMQ5|Dn}}5jucf zJ{^MKvOG|F_#oQJK%tYEsOYK4YqbYoZO#WUst!W3^>w1ga@Vp-{DyRl#x(F$``C!q zd@q(K+Qf$|exxPIK9{21oV_xPzOyCHawB^!d2_hGi6yn0(F_xMT|;HAuPTQyS_Y>n zbZy_zQW6-cehnTpdpXnHa5Rdra*C|iNShXPIO^5pX`7@=O2o8f#j`-iK2mOuEf(r5 ze=x2S)5g3OFOaAm_LQ%9_|;Y+lf%_p|K|Ib5a~9G=-AX{>RliIlH&|Dj8?&SZ$zbn zCY)E#dK6kKPu%F(xxV4=teoVI`_2n2rCn%?5T4y5-R-!y3d?l)vNP|kuZ^Thix<)~ zEtQ}U!hSp)x_}~{ZPRX1Bdfbs6^rgZD^Z_4hU;FqKjajGj*SQ&4=AYC2z793Aiu$< z4&}-!u8w&ks;|_^W{T;DlhCWpPuT7s$j~+AciPoyToQ-E6Cf{BIDJUK!cmNDK!WXY z_UUnH_l7s$=liAeP#*)yLDImd_jZOHUz-v!rjk!&uWhSQs^`h_ZU>n=eLc7zy({Q@ zFYH4cLzj)h)rX6-4CX96_AhOoNjQ+tBuztp%;U{g6k?BvCcQObCesre0c;RVO$kMB ztdJ4W=p;0hV3`G61i>J+knxtZs;$?wjY`OMNZ=-^j`6q$Jb>)kFG4ut0=n^p8bw!X zM|5GXgdo+}uhJ*{LtX-oLnNON>yc)1mtLkNxJkIW7d5%0AE6#@inJyARr&2pCzFSE z3$Fz8E!OF_)I|w&BJ3WyzIpmoQ^i~GaJ3cKM7aCf868pBLdi${Zak^LQms0NOR3TF zeqP%>DS@rUw?}4q^IJiZUI_XHo>n8s0x%*jaicQGBi*qcT#6jbRWz&f$(YTxw<@;8 zb}`)!Mp}Q7R3uAeqNg|1SzjiVk zX!okVnvucY8I}@TR{u_a)gb76j4L{q#S-^3nOE*JVdYE8S2^}%`AfDj{6Zp+94M>s zvoD0$`iFDdUSyE$$mXe`h?GbZgsTdhhJ;?q}EQ)RJm4KoSl<%P^kJ`#(OF=5!P z8w&Pr#jLs?{|diE5rS&@R@FuJ(WbdZv_qyt6B5l+JQ5+P>=Q})Vmh*nNw%;`uqN7$wPph5CP3~4q8U+>mN$-Yz9=InkonMTmskxBLlvdQo z!b6!sd8L2Js2B8{$3Ci>isgHs@&`)dFRElX3C`O(baM*pN06O43N!exO-^%kaHrTu zo74V)3oq?Xo5S)5f{#W)F_uu7+Ps!j$8}6p!XcjxOI92N?TQdeDsPq{UkW=UYZA@fPs0?fp6_exoz zV3vts?9MWlW>l#(If@N}w5O0>EpxEsf>3zvy3367+8jcGp-*1n2tP}@q2>GSVu6&W z$e3Z`DW-68;KcV--+uO%_ooyS!+T4~pQ^1YNi@^@3Q@hcLJYgt9<$PjDT!Tf$P6WY ziu@wL$wW~{OLcb<7D#dttE~AIuWr1NGL3Ps!14cfdbW02_=P!8D z;bQZx>JydA&Dpoo>*e&og;?)ecHh}jZ@Vv{sEyX>bVy56aldA~K3BB8hi*q#RIhL% zyM-M>&1Jij!&sVKuKmj)nwU$l^5{F4m<4J~SbJT!z9Sp`gh{O+u4^H~ohLg=)b=&x zoA)lQLN?T6_;AvrkIE--g`WTk)8L-1W}z7{yXUGb`F&&f#{bRm(}Wd23H|si3VrJC zdqJpiQi_+_v&>^&Wk39@sCVdI1bV5|Ul=lmC!g`l?X29J?mX%eFriM`6cYd1$rNbo z?4SQaO&Y@s^~C$aM45n1U!*a|U_qwUKrj%eZNB|M5dD7kPh>LY$&S{hC#`z^1BqNE zBW?07?_JTubdRR?hD{NVd%425#%W2otRi%Y0w?FzkPr8`d(;iqz4&#}P;yQ?()27b zgKW`qvzEqJ5;YSqrL#8C;|2P@5-|_vpu&~RM<0EIxCP%22#5Jjkd%0E>IceOy!-Nc z!O?f1bX9Y+M*mE`C`ZPq_3NyghrNpfzsE_yQ)tlkT%IdcwLuP7VXB5(#kKxaC##DV zy72u;&ao#lt+QkN-;@_;XbS`t9!VKIQls}G#!~!l;^fLtxxT)c>vv55HBLJw%S(?w z2}ZRyh7~bKiz*keyfq5N;M&$zE)rBwPIu+tKYo}c!_vsA6Nz=8Do~aC7Gl=X)+QA@Su58;R3SiNF` zQFz*5q%6z)PS^SU6IraG4>-FaEWtH_9NznzRXqDIxE(xst_r+0ehiuI$Ra+UUOV4eG!R5z$3gr6V2_)OyD6cwxy@t zQqd$!r3b5&k8XP{0L(XGZxBr3=^DDg_TxU%a>Xv65;VoWDp!;}(?8^*g|~2Kim)BO zifWl~XcFI3`ZMTV|9TFLd})*3VZVJ^j^;P%f#s=}Cs%{@h4&O(N7w$`p{ z^>JI;Dbl8EyG~f^bR42*WCWdTo)}OPAs}sQ>usvU{$O@aeD5?nhwta7QJ}nO8fh?n zuPrP-N%rV?dpl?Y2M+>4ihwo;>yCNAQS3~^fVvqSF|@$x3fu7$U{PUar{n@03IJ{b zHhbIQDRC%vPT)P_6X2;`Hg_`H1j5!`Ca}Z@3V8O07cQfT#%krM`Vu%o5{v-skj}gT zP7xW6s=?6Xk-?ASX7Gnq?#0jk6;iEep^*svX!6YG4kc6t3`p{@CE@xz z4b0%)b)Cq-cy$mUkEGnVf$EI7RyhnP7$Qy$CYIor|GkRaPzM#Pd@bOqj={tdnkA1v zx=0TOzR>+7%>2tXlfab*PlbSf z&`|22p@tpTS2cK5hCnSIfm+~k?HNpc;{I*w<+#*uc`4QRcN#=A&+xd*1KifQJt2lYv$9akAlC>Q8vKG5!1C`@ z6xl1Y$%zNCGyt)r(~JJSi{>dVfLSGTkTnnsG!P5)nU(cc3E+`bZduiP(hzR)AwCYE z5tqH?9g6VOXN@rHsBSv2+(=6d>IL<#B?5Ynnt1VoPT3Xg9R(=z`^5oe3yAXppc}G$ zOk@3B90N`IrIB?loy8B@yN>S9#{WVofMhSHj+`9wP!tFy0)XAAF6@E;whYp4E^Hfm zzu$_92@fI!VD}LT!0vyk?N(3*e1?`L#^S?bK`gNWnj~E*W?e{UiGzCg0llMq&fO_b!=_iD+C+%`4FQ;%XcQQ9Q;$s_SjhpzQS*Ecm(C(Y zhpgaCCJugZs_56ZHL^a$Bz0pN$&kZ`nLNmf5L)qotJu2r86+S?#PPkI)k#WPKV^bkB5%*#dU zhEbZ%jQ_8eHct%znbT27fN#U5RiDr)JKjF!G8R7&9KQ9*AB2i)-$wp)sL0-jSz(}L zcMu3EFD(!(TG&(phLM3SR9^w1XjYi$;jOrNDiCPC-zSgq=C9_XCk?|Uho9om38_Ic z1yl6vdzrpRmCj-XF;83{8T^n8cHVo-7g|!cgUA#zT-b-(i3Q*bD}$0qsQ3XG*6aYj z{N5JeOZcFw5}mRas0cZL*J5%JA|3<_Bym1K;@`(LgZJ`T*oY$!`6H0J734QkxoN-5 z@W2O)-}mjlivdE(LShjx4crAA7Xf1HmldZ#_c} zi=Lt{l0-ltU&L^S{GlfV1###89i zCypz~kk0xE8tXCrpKaryNxiE@jCc@HQ0KdY4dD(WpMZK@D4?My0Vn@Uhud+v_Lj-H zd1;W$0g^ROO#&#fJ_aqj1X@;M0GJ>ghSh+^xAVy-K+N-4>B&DO-s8EY1Sd#|za9!; z%MG#w3G``5WCpLj4Zp%AaVY326UMAUR*lL;B~qzY}P$h6ixg@KMl5+(Eh# zIEn0a&2td}B>-<@4KE;$9932Mr^G^kW621}lD|<5B++l~IRO35#{e{d(DGmN&wq^M zuFgLS3vN2^fO)=m9rO!f&@V6mWR~nwFu@rVbahbNw_XJKr^M;EEa9^NSONwPKrxU+ zzq#Zp|8IT;pkb+)_+RtMe~hFn+dm2gLTtBD_6Ur!;4$8r+aO#A24QP3hARN#=cY$$ zz|{DE7VjzEvV@!)UHNer2X$8*_`-~0(^SnIuK>6z$l9u z4I*I&1wme(89fjz^jm=z=}Ts;Do1}-#xtl;t#134ZV zV$Cu<$)D^e53PKNEQBQ)crFO6nzhB#)Nz4o8#1`ced)oqAGqzy`@Lm$LW96Bi9ycL z07F$9*_HYOub$lCoQWm_-hv$l-corEm{=&Hk?L%noZJ>zdVL!KeajK>25wVj)*ztG zsB9K^44I$CLh=2CI~f}}xA7z=0h`9WDY{pZiP7r%JSos{0~tmmEFj0OFv)>gO?Zd1 zDflBw=U_MM@W;@!n9&*CGL2>aPTJMLnv$Uv()wqq>eb1~Zz0d)vSL%pJDo}lbdP)3 z`vKQDUeCLdHnKym+nsB34K8yf78!ycd{NJ*TXC(7fmYa11OGjuJFw#_w2?=li(`n} zcHFUIg(leZy*NqFCTDb?rb@~5-0n}YUmG_yGWoz7o`P$Sw=}TeO~*J5t~xUr_W{|O z)WcLtYxI#V0t!`($Ogk$xu=YwE4&8_yXf+*U{|QBIt4g1%VhfEM+*NJBVd8Ioc6r`(c>pyN*9FHBe(&1=~3T8V{b4t;u^fsTC-X@3r=mjG>!WUJ{C5?B8E<$KCUpN2u8 z2gSYI)3x*7lPvkZU1hozgXl(%dw3)`$lr=`IZD+^4AL{krLXOlNEgRu@-N@S4d_lm zC{knduNBW9tn7*RoHQs|vyK3@I)f41Yi=Z5sq181x*Bdqb8F;e8 zHlB#eC($pe?#Sox7R2!PMZ)IwqJ`eb&qqWeR4Yd4>PCTuR)eu&DW?6|cyLy|V-Gbc z#UAzIS~57)=VdJw>ZpbW-XYaAGs$2QYUdu)U}EhHf*@WYVd?sU(&w0IDc#|Nb=&+J z?UJN!F?CsYW>y{(1*F8uSSX?b>n?50xN;m;RUo5nwh4V8b+F@O&WJ*)o|N8d;7s3T zchHw}uR0*P#2LW8pN1#HfLBDRX!erCN|PZ8Bqu`KC&75zMfB z9Tol5Fh4?wWz7SwZ%?`nmEBxJ0**WI;lIa)8B2*T%9Iym2hGKjusDY7j(0o)J|uaoVa%);wBvCDvz;JP*5Cyf?)=GS z&VkixPoYGl^0w>4m|?v3&ysb!v#wV?*f_W+GQl#*%k@-!kt1a5GSQNKt*+tDXp)sw zZWcMo5uSGA?up>ihCC7~Wy!DclJn|8#f=t?0~JddG9iUfHKT>wE*!7GIzOSScjYCC zJ%67+h2C^CU@ z_cS!+OM0`bkub&~pL`fz$hI*&0$Q<{$N$Rdmlh`@9tktD;)A}sGuRn8(V1u_KR)U+ z8oZN{p8thA^Km3}g}b?+juz$n{y+pYQ+sM@WRN?Y@%aPb7nqL7#=0LQ>Q*~eExL~iO6z4*#cd`Z-iZ0=f=owG=Mia5~WbYJR$%IBi}_^k2}a&+VHBkI+BT_*?5 z^LVrTk^n;6dSjvO>)D5&J$Dd;LyJhhHWms6tsS&x_*6f#?e=9 zJ^gX7Uyg5zF>Xv)_sl zdwoy`XmZKwKtW&HsIlnGaYywK|g%F<|+#~mf_j|h& z!QzOocY>ZANKIE67OK!tw<@0K`8wZZr`Idw z`@~uc1#{&u)_nbX(>PX;$wASYA4hz4N@+YgC`GMs`oNJ4DU*E2@JM}X`TFK-(G0Ci zst{w6i;c;fMeJ!$Z||0ra6dF8^br*!zEZaW)ASV}k%60SuS|xLH~59Ont6GwT0u;= zLWzB4^o_60-VeczXauBcV*U-{vxRzsM*XA;;+jDJwz>g{FW%WjCOF;!oZDwBYl6 zFD<5)MRS!zlEOMhP^_R1i{d(P?i>177wBnkI|S+*&i2wqMw??2z1yzOlMD?5#b(Z% z*`GwNP}LqP>y&kK*P+w+b*N&gX@+~XmM5LnjaE)p6b)b5tDi{K7x#tVFWK@?iA>G^ zqrMxE8Ee+{XTTlrwKkl3u~TyeHf zS3C1=?S!C;?%OUh2)sD-?7Z4prD=UWKT71?`X7 zLmLSyo|?J^kJU_5n{D16^-?!^9&Wv_s7ZX{QuOO3o;U&`8tjVM%6}GZz9C}!{q76> z&(Ca$U2wFw3n=w>U%qe8p~^Tl2-nr5Dkce7XPGE=%pbGz2yF4uiWLD2ZuOJI-QiWbbbg(I7o6mEu=D4 z?YqOV$$Z1}d24L1ZW#DD3zC}IJ{HJNGM3v`^p-VEZ~q)5XKcpfK|wg zb0^zWILR_vszs;8l<%BklDw|9crfk0296O+jd^jGMDE`8xXIeco$ zPxErfhbTDt!WfiSM%14Whtb(`W@8iEZkbWuchs;>_-4yU}`2hxu>UR``T-aNi^=LhMn_~na}7?N=6zZZ%j-?DCR6A;-B1rc3W zzH&3Wjq#O+jI}ivD3RjS)7z6$`O87gzGHFV<$2?q8oiHvz=Tz0G*b9F)sCeLt_2$; zQGv=B_gR+gH6I^ycYE9(=j^6Ym$6H~^(9@rovGJY%Yc;8P6$MPQ_(Vs7}Q3(FXm2q z*OC1VxEn*4V;u6}gj!xqjFJ4AI)T_-T>Z_CV*ql<)BE{Fl9770Qsr`x>dYWSeYejn9~JyGgzX7{6`P zPO;*emNKrEv^DG`6^J?a?v}^Zn5^jD+WvUF z`}~WIfb?TlF_#eZ5KpLpZPn98E%ux>OJ0htPd^AH6TbGNo~O5VKf0jxzYr(-F6kbC z-@oQ}w{N@aOaI32oZt3y;`R`P!%oOaJ>`ML#~ayu4hw4c#_Ye4xw%18c38e|hc@#w z9T6+hhA3*$UR?|3DJ3c9qkM6yjlP1?=@q zYP2;q>-EP??z1<&xYEg%T3BYDS6x#im1>4=-8$l*pj3*Cyb<*F##NgrV;)FYOc*!C zlLy?YNj%|CD4vJ^<`Q~B=Ek=2$byqYRQftqORKT%glKSzV=M?wi)KZ$>qp2$Ikl#@ zn04$~-%KenzGukj5{_uuDRsr(ga~6mrXiCF(4UzdQ?1li)3dLouf~VFH(i;Vb9JiX ztJ<&1sPZurEG8REU}>M<9`_QgBU8LN(BUvoxh1z1x#h4mwncJ8L;9d8$VzuhfR~mx zY$S~CA=Rw-EVK1nk%tC6sdST3Ici+4qOLryU{ttQqO>wASN;cMUYh4O@5YtCF?d?Q zlOdqMS-XskJyZDZ^I|`o z`B|SuAKbP5yN{mX0Do4GcojnfCd@del zuQfkJS}svuU%p#TBpcuVd3V`qkNd>hhtWJIKW8QH_Lu4>XtUjq_Fxk06j86(>+S08 z&)S9BbMN}-OY5uYk808BeQ7E9Y3X^0<#^ zMz|r6E9qn2qKS$l{smUfv%kOSZ>}`gB-Pxg(eyZ6My^s5RtQ&?HTIFq86&yMPvAhbGLEO03f_D21u)%kL&hrWO?;Md?MYhH^zd->q}2bv|en zrXumFHhrjmRB^=y+8P^%{ef{R^Ol)><^H!Sx(umVxmS32q9JFU|q+zG2Nj{#s! z-(dghb1Jfe(8iW)k@k^B@rLo-9p>?#>5e*L8Kbfla{jJJ*Cd%S8Jg;pD&87{stNmH zob}rNT1>IA5y#lAVgYld8kt(VS~kRK&*ZqmWPSVj%JtFfzhdjfP84G0kJuC0>oc_m z)CRH?eCw~*A6dMxNT`pi51%@%CzD}F7w_ll*W@te_@o;;;9Jb%dAo9iahqyOXm5RI zcq`^WaM$+_{7=@LC831;^)+L(mphUTL`<^jihqZ#a{)?NpXR?l!$^vTI6E zy|4O;OGs??lZsenub)VdN75@p{X66f;V=q+ruJ*5Ob0H~!t(d)9d!x&aYFIyacS(8_cxx_>C{O#$Pi`GekfJ4 z_QFiBLD6K3(tUSR++BoSHa=G;FRt|Vqs@4?v3SbbJG1mN@irbi&2GH{BWI0ON>L*-{(wY=6pY-uzmMZd z@E-g&>h}Jpu-?{QdO9kNnm-f7=T~AF_MQ}dy)rZv4x_9TGUyDkJ4I*zsD9ap^YD;f z{g~Dh`1WwYYw_cfUuRsG0_KVTyI0SaYdA!ev7D?w-_HlwR!UB9#&^_Moae5yf%+ES}J2=zB;_ z1MnH3y3BSse!wo@PO8Vh zn;_^RIQpV)`tF1`H2JW&X40oN1{rwr@@zMwJE*(;9=hPYLY0DyZ{}JY4v$KxFY#&Y zzxaG^N&SR+k3Ck}t9bldO^te`y{(X$U$hC^>j-gVib|MAA9ndXC~^b6KzQs zSd9=ray%71K-J8D?+|2mqzaGIo1asEr0=W`clUE2h|Z>87upb_Y8*fFnfW@~wWFV! zE1Aik(XVvAt~K>(*3gL%gZYTLI5=KE9B9v|cNIP}8#|uaWdt8tO5>YWq}_kb&vj|S zl6B1NEnzite&0~T`RG}x+-c^T^jhYU8Z+nyaviqv>6iOS>R1Ja&@cv`n3=3{b06)? zH2qb%F_GzBdlTFNbOfn+VTIntR%lYK?8;AC>{@Wf(iO5eZ1KO=#M zV|tTuPwA3}kT5`UtedC%^eWZW!mM#61(`oezt15D=-{QHB_8m#3xiAa+_&SN`9SZ> zk^CtA>viwzPY!&}S=Ob?%Hskr!CsdF)MsZBogn-`&LiP`u|H3CjCj5rf{XKD1{)%8eb^ zp58y#rBp}Dh6IiW5~WvNdCU;*>#*0*)DvxB)i!aZyQR9*t4Mx6|dJ&d)r zWNqP4Ve40L8#`ey==^Khc3-3fzt!94IJU2z|H-a z(LX=`F;6=$r~l>zbN|oR0$vdOw+AdLECT)~Z2(pNZ>y}Hlb0RjrJ55I5D&mZQT&0V z{6EJ3Z$1Cb@n0~F{~J?GTlyG^_74B)rCBzDsP*t=y?! zgtTJq?x9o`?tEiyZ4Hv^(m%@yA|h9|`b;{iE$;as5=6=g3XTQY^aTHH&L$>~f?j!h zmzbC~2xt@iciX>Z0J3rE_}M&1{5V9Q^z|I43!IQZ!m~-TqDRj42cn}2mz5YtAkKb<4`MVQqDmgK*Qwli6$x_Vk({> ztmF?B5i(+0M**T%Ovd`tB0w7>ZYV=oMmbYRh{(%7fNb#n$Zv+U|ARI_&!P6YAfU0< zq_p@53Gzi{5b-*15Eg?r&%Xt*5dqk=Fq66i^pJGQ5InB<_ceeG6TrrrDntgLCr81F zS%(-oUm+qF2MhpTdbNoapqByA`+t4fRv7Dp@~QL~MsN)!qj1&k(m*X5oZ${WTafWQ zIUe4i3D~5W=+BTdwG6z6eMk(q@YqP)?az>zpHe*kk>-8iw8U_+`SejO-m|7>vmReG z?OJPEc}~4l+&EQ@qY|7QE(^vQVu$FkVE+|O*oLqB#t=*LM00aUts~hgnB(a4#6lX}9nEo(N0_i? zi!sF%zZpAVYsEA(H0<^BdG`CDJF;XO3JhA2x2TcNIk)C0`}_P`5SM47Qm5UT_S<;> zADGhcN^^%KHSa4`q1Aw*=8W)fo!CUxfJ%vo1F zvD9{Kgc|M<`qb57RsD#|{@Mov{RAb`3;%`OjUCjbjVg`gqVIHW2L3m!=@I0MZHPIb zP-H|bvdaPcfyN~s(mCrEhcKzr1jUskq~A}3u$hNu;NBw^!>R|xE;K_7jWE?4V>rEL zc);fo)oW4Eg!yZ5@;&a-(yAF@T#L5C%-a1L2r`=8W5aJ+r_x$gGpo$>d`kA>YudTe z0875PSyySX83N)jMZP%&o;KL2YanI%Gr-wIoq_RB3Qga4}woO}++UR+r;3-n^v_G?8rL}k^e|Z8Ng)WEO)UepB5jH~F|&HrQR@Eh@2x`P#_KicftS!RYL5H$ z4hg1>msxTS;QP{XE18N5vLz-o2Yr;1VWl%kFzlQ?3|)#x*7VCEt!s{vp57>eeWte? zRee88X)ykbTl`VH?Qi%Y;m$y0K;vus>>{>dEYW zelcbkM?g-MqKtig*LKp9CnT~^>|04iFnhe=($wXR-GsK$9ZaN?rlfE~aX38r7rNr0 z4RFW`ql)Ld-`Oh z1WU&{tkN>AeuiOff9faVVmhRL`E|eF2DKj^6^+GwVavZl%CGvfwZv9`;(>$0xR&GQ z<=PJPB7C<8eO(gvTFgP>_m-3bbh&OjHLjz-dcSh~ZK#4Y;m*1bf$OnNq3dkr;y`W1 z?kykt3@wmNnwGxx9a3k0D}79jDFhiD=vC3hZi7=5B}}C*U#u(7%a$}QPpoXFU{gQ# zUskwp{^3P=_psGJ8-3W}gAsxl6p#j^=(fxs2=VTo>1y4vEM?E%NAi_7*5Rt-_%Tv2 zi5nG}&K#BH=jRye=JS64-|Rt?$lQI1JGbde9OVrem3&|C*!(fuxbxJ^4@;7<)@*%s zbsg{Ej+F-6F@R1l!OT5v&Vd86yc3?qR=nf$uPT}EcYE9<<3D_!PZ z^C7#t=E?rW7mc&YlG1&_>&$3ZR88vXYLR9#1lP;nF}a#zba>+0*;8nFR#<&7-Q8n! z*KM}}7D_nD{Lxl@)|*xR%?SEt3=ueH?tad{q<9LyKYMiv;+5^&<7>XOmOs(FKh&~T zGVPC`-uS!^t6;VLQ$r|0j2UlM#}!xDoGznmUB+F$P!uJJvD#^<)(d@A%2><6+rX*U zt6g+g#v~BLPprV>&2vi-m2Lf8oof1Nh1qg!RW0{D!37P-I;oxla(z7U9M<3+gTI-6 zQ_z(Xk~dMEtNUsp@)zG?Ekwn=p6$h`)4D}H^w#b;%zI<1-q#94H@enr`;ecZ+vQ@! z+w%h6?*M<@H!$G9_)Q|#ufN?Ht^Ix)W!v!-566|Yjh0}huuK^iNUynQfr)*o6cE)c z5{oz7{=6;A(0{fZD+kptwh@56u{@}-!g<@kg!@OK57=b`#$KZ=T#N_|UJfp|f1EZ& zL*Ty{u4IjTo~<-K5~{5IG+i@oenFqMV@KH=CTz+wYkP^c=QMNL9P6*G92n=GKbV2U ziJ{ELZNwNxNxyFXGC`dmUTzGgj^dC6$-~pe(^H=4B8!2uImX5meeq&@u>2p`r{X%7Tjg>)3p_5XJMh56U6MA#lJKr zH?nojC%pIRCRK=87Qa=U3`ZARY)vJsAx;lBJ!`d}V6Ja>e_@bF4r)U%FHrx)-)(x4 zAl_d~F1T-!pm5?iYJ2})LBqt6XLuqTV@>J0w@-raR!-yupmLEmx0YBo3M&=L#Wt$@ z&vu2Yw%H!S#)&d<4xemHeR0;_2(5`)(*Q&q)_I}04X(6c4=atdr_(Q5-Vc_WlsHIA z8OGZ%^OahsukD-5IZX5%6l|PP!nR#35d`5n%;-~=UGvLenj$R$Qx-00*617P(>`vl zcUJLp9-lcBe8g)j0vs=Lv^+WxuD9EY-wmgd$KESPQPE8au=_TfdyNRgkiot`h4os@ z(&x@h8Uu$7Okvu%h^3c7mLBsbZ%yc$#7&0#%=sZdywfeE&i(1Dh7(5ShU2YE6n^-MXep+T4!V9 z7Bob5CMGHu4O>^Z2-QW^LcN+FOS9O6qCd2kE=a;AQmDQhMcOleS?gNu#x5}U23od= zv`{zl#zLiswa@GiCI~f3qB*_Zpd^Zo50{fdlWv9eD3_Kyt0T@yAwE4NY2^5`aYQYo z?%>=s1CNXpQrjIXc9&hn^;IoKw}PUJ#BMY|>SxC+UQ$zDSe~3-a?GBraEp;@fHVllw$U$;|70zA=-H=zGWYDQ+Ll<5KJ=d_P1jtM&Vio4dbw zENo%hMMllq$-eCMZap#Ip~7K+{V=aRFw4j0+tTK+W1T4tU!@66^%{wog4##z7DX-A zSB;gZ1552s6KK47W?)laz`X7QS99ABMT?0PuDtDRr@a06z>};=iAw*U76GMqeM?Fh z@Eh84Wqiz&NcuenxmFBOTp@mj>=G9WyUaas&`l-F*jin<7w3b-uNx`IP-xt*T0Lf0 z3h+CY^zGHpSZ(DG9tzKk((^W4Jzovs_q?CVkhcws25fK>kp?r57lWMtzRDcGj0k3x zY*cTryj5FV0S{lPHqveC6Pxg<7n_#Z5DvWjw2%{SmEZn%n@=Y!3)TvGMnOrKjVnu6 zf3@!lk$vJv;m(^TakQbCA}*N@MBpYaa+t8aRp*bFSXXKRAiC8=w8r1yE!)EN}s z{)SLci8-#a7Sj;<9wFA@fs(#1knK+$qrLg-ABMstQ;b|}%QYJh6s30YjkXV6RIdy9 z-(lF9K}^0?*T&QJJu^HRJ1YJzx)3K*;8`e><|Aq~omu<;7|D#kl?!2qvvyuM z6QAr2{s@r5w;I;PJU>kO7zLyoNm zr!9zTQ=_07E(C<8g2=GfpK2+i0o;pC!{MLe{c`I%5ARW*$nB4>9v*>l@_JMqq zHzdQfCoexlIVelP+&H3kIk+-vZ2La;v9SIx+J~^s7w|${xhyLwzX}MIK{}GU^IK@g zo=~w+y~~f8_bO2YZ~i_j6UC+b$^vnSMyrYy9dP>A&?~yDyYGmIVU+`3czv7rVOa=2 z98nDE9hIKt6rmuFTIbChP01Zy>vK0*eQO+t*>_)WS4l!RMVtT{Unz_-0{e|$jqr;%$TLYaM2|ai+ThC! zNA6vE3zt-;G14dj_hb(MN?osu_>7bmQ=}vdk1NSxLVXWBa&T30^_w}>5(-TQ(M7Fy zbfZ$Io;+IDFEPw|9&IkE*~GuSq!64iA8|UDCbbSEF(iL!vys#;h zD%@$!yNCTC{Fnn4YlPmhbAE~~RWQ{KAF^4fa;8{T$yKb)ToU(BxJ~c30WR8;tLCpJ_U;-BM{ z&Rw-#6Nme}<=S;}VOCXO%Gw{`PEl?M@tnZ$cnW`ORV9#?_vP!H+*6$riB7UyJFI5d z|Loz~ZF)<~lVlH8!Y*W@&$TI}5C=`rCq-=cn0A`2|9BK$w!K$qk4gjukG?5t}HPoTBfvZ?th#dk%dV9pEO^UmaiSM}qi z@#BW@eT!2JZhaKZ_Q%8J$3D!~LbjUY65WAzW2&u)jANc2?ciUR@?eJjdZdx1%@H{) z*v72hdHVa^hWK8v?uK-`N==PCuwt^tN)VegPr>hG8jlm$`>3&AIqLz-5;~IkcGn`= zLWi-tUlQ2dAIGzH`BZFg1+St`rI59!iVbk95<^!$&XeU=Q(k|7J$`~GLH@nJ-gB{= z*W_3_debk3(o3svptqs5Q47)85oWDU!2J!0LtS1yVr|8EZNUTeJ40iQckP5bvU@0_ zLj>&-q0m29h6C$zIyCDZ_ogPf6|(&}-KYi2Wg~(jgnd(9RR+jnJ*O&q)(1WFf7@1< zaevI}$;<7PP2sbzd6DjWqIR(IQKaNqC1S{b(r4U6^My^W>5Dk3hgSWJbV$FUlU+2%tuCaRrf1?wa}QpJg8j~CKzBRH6?Gp>L`iN&C**xi43fqJQtShygFOIhDS@)}JD+ao>jMS5q7Ogc0C8<~|r zl$st{iJB@|rA~pXtpD5XgtgXpZwZnCUvyFg1-*`S-HOQ@aBp#wOUV6=X)J--Z$o)h ze_g^-Y#<=x$Ejj9xW`ge2sKPm;$62oqCqa+PS{QG)_@?~dPY-x)8Wpi1*iQq%%QoJ zMW39L_hq4HW*yNHL=V*Y18|TlleclGKj0MEcxqPZx6$xS?3)-L%)rY?l@2Gr38%|t zqj-B&8@j-Xta!$XuBX1n?6_^;1>!rkFdzcCyq1bfhv; z&MbiGl6jZRjR+Hh*y9tlk~QuU7(D@NsTmlSSxx*p9?%U$wv3rM&b zSw5+eZR~0_TLl@V?9azCj)>Y4KSWO>&W9uQ%W4PMR|3rt^2^9vqT%}oeOsq5*lbbr zxWn~}nGG#RbTXrs$9a)ISnlevZ_}g=;(ZbGbEbs@edL=Lor0SxX2s^nuy!$C^`flq zXY5}V3v|qJ1>b11w-7}Y^jP}>Mj%U9Xb5ATD9q@&w=Pp|CmZ3zV3)$Y%8OFU^ zxn-PjA4fv%>!e)i7iuPXU{6!MxAkN=Y>(8mGAO`InkB8mLI=DQt~uY6TEG{a$hoST zK-c9ehbwe7Qdk~>qS~$P=Jo1gKP;ZW8gPnSu(eiA#te)3j}6qR<6mXIZIeiT^PllN zV4PdueG`Z#dpTNoJ%c?ypjWuN)^n4(o(vZAOM@k1D5bW&TudD)dMkI(uH$|5k8zy= z^4|e-Wg{41H}BRQ-YlDMZ#7hv$<4C7n0TiqB@7nC3md+yHp(Q*bDw!+TEF{4XfLQ= zmd4^pH4Vqk5u8tNnxI2g6j&2@&|PFU<&y8S`;_c!7~}(#puFER?KJs}trDlm=#kk?8O!T;ZNG>KVu#5ex#j*LUdw3jN$=u5z za;PJLO%6D_qY5bxy#@6}ZRB-8W>Q;?!9u6)`Q798oKB?TJfgsXLS^{5dZvr^t1p zc1UE-BQtU!vB5_%h!&!VfAtqR0zjr#jj8$zKLs)ynjt*5|K{+lfz(UOAh+;e_&pG` zyq|e;^>3n&2?%vW%A1v8^pAE86XAxcp8WVpz6dKgykRUzHY=jV#Y)n3?v9yemWj}4@2(6 zgh{0ljjC{(6UXAd6G?C=8BIJ_@@$zhByxTv1sh4t<{T@;L>&B) zJl%gABDARU4U3dz8(T-Z5GnRQ#Op=6?r@eM>7@^cs=o>v7h<38*%*Zf89Y-r10Mhi z`-=in>y3Z%>52RIVh2LFBtrvcPxi4a_mk^HZNd5X8}rQFHS_{drK^hQy!;bT4W>d8$2H9I(4xO44CeSK3v#5_ha8_QOTwt z#Y~s^XWvFB(8f>|BAB=&+p~V>G@i{hTFj!D!dB)=MG~BF)W;F{hKta%oo0WN04_b? z4E9j=PTkWq7ka$>w%{CNJ4L0f<9YK*8ymlQI?XBI7WPSfD4fBUt3qbNC`r@{utqb( zMc3ET!>{Yo7Od>w!ORTJ2Tp#9C@SlT@9;wEf`p6mxX_>Fv{B&_Q*h$Q@m9mc!)Drx zMU@ps3w|x9hm4Ew7#Z3}kgNjKCAQO)MPO6O_7IkhNW7x<6r2e>(H|4TLAuI2b7k~$ z)Jf94XEk=T-V_2f37A1|8&W5)+xucMRBx`N#oJO$1GSpXb2x1~M_6 z!O!sf7V#HaWys?kDL$tg*t<^4Y6UM3Lmt?Pa$)Sc-cbWSHeJ~(`Gxl^4?`3-p1id9 zkI$+JGQYY8^4*L)_Gxw(n(FFEk!@vEp+E-pQx$2z!4r{R*ABvwtMc#={dM=VKqk9I zjOWTBD>p@CMd0p6!? z2^WTNiPZ$gWyWj78T5@vqgM*rUOXh&lh1^E6x7U4uPjknaS;^$J2F3 zioKVMZC$&&+xsjLE^-*LSh-bXx~DN_C%%O&k+D5t_swohOH271mdHrENLPRP&80xq zK-Ym3A@K1Ydlu8hD;9x|20Oil=*mg=p@xg*^S56T zvXYa}{Jc`8;HO&_r`FYqm-3AP$9FcZhwgyk2}8%_-p5BGaF#~eybxvEHb9dF5-{`h zyw~-Q@`U>>kGtRoQZTtw9DUNab?k-8tm~BPnTY&#%JYgz@cnp}O-7A0MuELyq}gE= z>j9UZL~wf))X&XPNj}&{#MP^gqk{vfgmJ*`DF#4{>Ne-&<~_|Mjhr;^$DWVZWtpF^ zZuF1`o-RCM0&ZrqB~kli4J8Ke&P9qbE%aI|k6lB%!5=Csozjs9=$7O$u+A;(0yspo zlM}-go0cpYpH;~Lm|8qwO#FIj*n+ujiU*EL5w|)HXT2{Toy|$l22?3H%P5{#1={AU zR%QtVgw8FA-gzEbSLRn!rM0QF22anTrfiEIN!itZxjMFRfyQ!`C>La{M`r@aJ=a@*dW*jS5;PB47;H zU<^>i5u^3_;#}>sWl8}{WXCDHMrPpJ7`)Lk1vRd=$hL@u771w5a_R zxp?Hyrcg3LsjH|A&YggmtXPw^9MwqmzK}iIl&8e0Uo0Y3A%twj?+-q4EAYR4CH8`J z)#rAUC_Z1dHxF`yxQ1t&5_>aRmzDe`5IQpCr~y?jAYvXmU_bERukSW;SdE**DJ_!=eDpmp4H?Bf-9PB)sR+4%-a9viA$WW(|% z2vZNrv#~aQ_vRpGv&HXrfKsm%!w->oUB-5rmioZujBA3X@)kSb^TSY} zOr?M$Hl<(_U(9*Ie49utPvco|dufE`Ah^%sR^-7Th!|q_Ly}aDIl%@_{Th8Xo{L_yrwNj-M9-Mk3`gV7{=@&JA zTI2`zGo?+La+aXdXbdLBY*{7B}Zbk^enm$O9*ge-Hn+Wd5xL|Ch`I zLA&fBi@2%zNgZ@BuW;SIBaN*(`e$`=KatIK()fUd<-zKo0gkV#DY{Ds`p5@v5${2a z^h$~T-UPS-cG`vFbNK821p)ZhO$Y$drmzBc4{ngI+knCUyavEmuCV+yasJ0Z&W6?0 z4G45OOCN$z<|<8B|C)OjP@XB!k(AD*M-jYU2`Tx?dhK=`$VQG?>AC7(FQFDB)p^bO zsnqicg3Re0?nUA=uN#doqQ84M(DvMIdssmUock$5o{E~>=IYb@U^CePb!ShOZ*)!8 z3|I#?C`_)9(a6_i+B`Gxs1tmav`+3OdGp{C7#w*XKy0z!qN=`s_f~N zA!(C}i7%Jhvdf4~4fWU?u_eZF}4} zL9>g{xv<$;WV$3Z!HD0wk4t#~BLjVw#wY82W8&BLDf{xWOi`cpd+!n~2<`*Td+ zDJpLT4hEFSZ^NmHd@y}ZF(}jb0(3isCBIaa?URLH?IHtwKTJFCP$wL=czEL#8yH8V z;or8c$EjN?5?mAkXL<}3e;*#I(_ObE-}o-pQDaWUY;Nnd(!_zZO{3Rz$8KYNv+wb# z$C+d(5S;WmlKlWy&O`?&kM$>W3K`nZ?6a40(Orc3XuUMF_j;1ycKvW_>zGObjtlPN}mi+klx>N z8T~2lytSW6tt>y@++O7zTuCkbV$~f6sEUX-DHA&5`{?&#fCv=eK0c@~@{eX(ypuC@ v6}aR14U_{HQ7K#j)MXerGyMNK_(Ca32sX2%E!F(@{~j8TbkvF;T7~>CX7l0m literal 430524 zcmeFZbyQUGx<8B{B7+FZ03r>7LnEnljfBz+Aq~XIL1#uQ*Ia__5H++IOpR zL!X1i=k8WfYqb9ozrje0$Nig5==l?@gefyS#-_02k#T*;h)908p$z~-NNTEtA@?0(=JXjNNX-gurQ!hH}{`+6JSSQqt zDkP<31{i)S?ioMthvL)n5t&FsAO5}?3Cgh!HQX6?Go%vKdquJ;Tk!SanKa(nNNj`n z_c(~rHyb$<=FZSkzAApf&x42nl`t(-4FM!cbWvNcO|_pCEXL7K_|e2=wC zGq^9;pU5N!b~D>>Mo?@R=%v()^+rE!k8}4wvtQM;ew>{9vjFDRSC>9#Pu;mFTiQ;!<5?P(MaejsE*`X7V_vq26qJXpyLh6I=d!KqImjQ;}xy&LbLfpMG$zl;rT^4&$On*N;Ep zHJW~5+`EAGs8NqSk__$mYHtJ?CgE?tvZoe$EP`d=*e(2_LR@cg2UqcaS)gDA zllO*kE6>;7a^9gH%{xSb!Mp~^mGllmJp5EFYuyI5n%G&azopOK2n~w8bsx`*=8e{k*1v}q zqiUm3Y}M3M{W|)r^MN=OH{tGt7o+x9$`=_M+rL+^{k--xY}xF{!i6afbCVi;b~*?fS`?QD+bnW3X(c@7cK=CA%*n26oYxL?O@=uh9!f~Yg_RnT zK)c%e?mf3k)MXfjgaXZaocapi0pW(k0!^0kgM7qH(Id;CXer@gF&@k)>E{SCbM|+k zB)Jj8YkuxVtgKJpbd0>f<-=p?VynJh$Cy%#r7w+;I zQqTr)CMro3(OA<{Jj)2SD*X5-Q|1|0=!6tO!%2Kt>er30(67f|g}*L;RX4(^N|vJA z__!_GnrHqvBte>)wv2X%j*?!N!8u+8S%gd}dRY>P%qt323s+-Sb3szT8j%NT`7x#9 zb`Q`L)UKjCekPM@V5+bYj0)oK|MiA+T%Z)(DF zHYvu(k)E)jViC0~sd2=Nvep=`8kzG8XTjr_$9%_ZQLk$d*gsUv-D|sQEoWqBux6xr zn`Z9w);(3Use70I?$ZnmmAv`h`OUG|vFv8hCh_LQI7f-ARV;5QkLFW~D6OZ7PeXWY zEsrcmct7#v@;dU6TI`MqRh++#$TP_&Ms$rbPs|{kRZ0S)hX*!T1(HQ#S`&TJ7K-J^ z>LyIB%q){F_9kqHcZY{ZK8(wbG5shWdxaPsY=5HufR8@CDzGZ%L%_b)qzu1Oaz(RJ zz4|F~7pKM0ldZr9< z?pBT%UIfp-kiy@2V2oc#Zu{c%`zfpU)?m|TeD92%Mv7)r3@HpUEIxOh6@5s?o&P!{ zWnSI6lJd>5;30Qx>VVFGP}lYgULJh@#8g{8n-@FWHGFS4S-576T^2Kpb}ce(TRT5b zf9~o0Y82V^AmV9+VAA_Hif`bn%>6Y<)TO0m@uh3p0YOsC81TZ}?x8mDo$nRnP{b5C|pBrc9m%D&)!X$g)9*1&Ju5Ocoo)azRG z!R@903pxj>;ZXD=4(WH1Z^;_1SEl0@Dds6^DC-3loJSmtZnlREy28#W$B9q<3K@8e8Q6a~NIT-W=6_l6FVASQ+vCfag)XR-S% zJ+2D&=}KI`x}~o?H|oDIWuJ)`u+F}kNNJrM3Q~kA7@jyweIf(TEkkiHRzg; z)u$^(D|u@ak1fKgr3wq4C^DstFxQbLht4{-IBKk&$k08T%?oux)Y2-FQ&n?(vwq+9 zjcV;;Rb$OJBkiTLFWeMf^mBx#*#fUnnC$`ErLlm>C&3o?;El*eZmPit8IA5FTr4)~ zht`MFT{VL1fdkVolDYV;cJ-mr&{gQ(8pD7UD<5;F>fFBelpQaFB}06C`l0ulosJ&| zA-lQO?`r#jPP_ciBX}m!Cd4NCBp*n1&*nEy$J-G;Be-&t_f8m>iX~AIDw6@4>$Z&Aug5>FeXTxU&LZsNjZgZ_T|AMx=v>l;+ze9Kkum!BcY zR9(VNvmHBb`Ofd}zJ3 zuEtNSmg__9PSK9&i!KUW=?~y`1If|RJ8m_U81J|+j#&O&a_YJBtKLU^R%9kTQ`B_# zRSgxyK>cA54X%mCswCwr!T9a@5aWQ}%?m?JS0{MJPi9m%BeAvUPq)O`)Z)#=eGC

Please wait while you're redirected to our documentation.

- - \ No newline at end of file diff --git a/docs/build/run_act_build.sh b/docs/build/run_act_build.sh deleted file mode 100755 index 3546d96d63..0000000000 --- a/docs/build/run_act_build.sh +++ /dev/null @@ -1,68 +0,0 @@ -#! /bin/sh - -# Document usage for this script -usage() { - echo "usage: $(basename "$0") -d directory [-h] [-p port]" - echo " -d directory [required] specify directory where output should be stored" - echo " -h display help" - echo " -p port specify port to run webserver on [default: 8080]" - exit 1 -} - -# Read command line arguments, overriding defaults where necessary -target_directory="" -port="8080" -while getopts "d:hp:" option; do - case $option in - d) - target_directory=$OPTARG - ;; - h) - usage - ;; - p) - port=$OPTARG - ;; - \?) - echo "Invalid option: -$OPTARG" >&2 - ;; - esac -done - -# Check that target and output directories exist -target_directory="$(realpath "$target_directory")" -if [ -z "$target_directory" ]; then usage; fi -output_directory="${target_directory:?}/data-safe-haven" -mkdir -p "${output_directory}" - -# Check that output directory is empty -if [ "$(ls -A "$output_directory")" ]; then - while true; do - echo "$output_directory is not empty. Delete its contents? [y/n] " - read -r response - case $response in - [Yy]*) - rm -rf "${output_directory}" - break - ;; - [Nn]*) exit 0 ;; - *) echo "Please answer yes or no." ;; - esac - done -fi - -# Build docs with act -echo "Building docs" -act -j build_docs -C "$(git rev-parse --show-toplevel)" 2>/dev/null - -# Move the docs to a local directory -echo "Moving docs to target directory" -CONTAINER_ID=$(docker container ls -a | grep build-docs | cut -d ' ' -f 1) -echo "Starting container $(docker container start "$CONTAINER_ID")..." -DOCS_DIR=$(dirname "$(docker exec -it "$CONTAINER_ID" /bin/bash -c "find /tmp -type d -name develop")") -docker cp "${CONTAINER_ID}:${DOCS_DIR}/." "${output_directory}" -echo "Stopping container $(docker container stop "$CONTAINER_ID")" - -# Start a Python webserver in local directory -echo "Starting webserver at http://localhost:${port}" -python -m http.server --directory "${target_directory}" "$port" From 111389a1f536aa69d4762b12b2be7a3cca2a4b56 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 14:07:30 +0100 Subject: [PATCH 155/289] Remove pdf builds from Makefile --- docs/Makefile | 36 +++++++----------------------------- 1 file changed, 7 insertions(+), 29 deletions(-) diff --git a/docs/Makefile b/docs/Makefile index d3b53ad27d..e96b72c7ae 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -6,37 +6,15 @@ SPHINXOPTS ?= SPHINXBUILD ?= sphinx-build SOURCEDIR = . -CONFIGDIR = build -TARGETDIR = _output +BUILDDIR = build -# Determine which PDFs to build -# If you want to add a PDF make the following changes -# - Add SOURCE and TARGET variables -# - Add TARGET to PDFTARGETS rule -# - Add a 'TARGET: SOURCE' rule -# - Edit conf.py if you want them to be downloadable -PDFTARGETDIR = $(TARGETDIR)/pdf - -# Put help first so that "make" without argument is like "make help". +# Put it first so that "make" without argument is like "make help". help: - @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(TARGETDIR)" $(SPHINXOPTS) $(O) + @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) .PHONY: help Makefile -# 'all' will make HTML and PDFs -all: html pdf - -# Use rinoh (via Sphinx) to build PDFs from Markdown -pdf: - make rinoh - rm $(PDFTARGETDIR)/*.rtc - rm $(PDFTARGETDIR)/*.stylelog - -# Ensure that clean also removes the contents of $(PDFTARGETDIR) -clean: - rm -rf $(PDFTARGETDIR)/* - @$(SPHINXBUILD) -M clean "$(SOURCEDIR)" "$(TARGETDIR)" - -# Use Sphinx for other options. $(O) is meant as a shortcut for $(SPHINXOPTS). -.DEFAULT: Makefile - @$(SPHINXBUILD) -b $@ -c "$(CONFIGDIR)" "$(SOURCEDIR)" "$(TARGETDIR)" $(SPHINXOPTS) $(O) +# Catch-all target: route all unknown targets to Sphinx using the new +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +%: Makefile + @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) From cc86c418415fea85f1007e1f5030565f6764b43e Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 14:10:40 +0100 Subject: [PATCH 156/289] Disable readthedocs pdf builds At least temporarily to safe time/cpu cycles. --- .readthedocs.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index f215e317ea..d29cf953e9 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -12,8 +12,8 @@ build: sphinx: configuration: docs/conf.py -formats: - - pdf +# formats: +# - pdf python: install: From 12e6cf596f7969af24fbc2caae5e6d4b428a6392 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 14:16:22 +0100 Subject: [PATCH 157/289] Move scriberia figure --- README.md | 2 +- docs/{static => _static}/scriberia_diagram.jpg | Bin docs/index.md | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename docs/{static => _static}/scriberia_diagram.jpg (100%) diff --git a/README.md b/README.md index acad65c38e..9090598d55 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Data Safe Haven cartoon by Scriberia for The Alan Turing Institute](docs/static/scriberia_diagram.jpg) +![Data Safe Haven cartoon by Scriberia for The Alan Turing Institute](docs/_static/scriberia_diagram.jpg) # :eyes: What is the Turing Data Safe Haven? diff --git a/docs/static/scriberia_diagram.jpg b/docs/_static/scriberia_diagram.jpg similarity index 100% rename from docs/static/scriberia_diagram.jpg rename to docs/_static/scriberia_diagram.jpg diff --git a/docs/index.md b/docs/index.md index 19caa8d65c..b048a58177 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ processes/index.md roles/index.md ``` -```{image} static/scriberia_diagram.jpg +```{image} _static/scriberia_diagram.jpg :alt: Data Safe Haven cartoon by Scriberia for The Alan Turing Institute :align: center ``` From c8369d993601fe1bdf5ca12b889231903c61ec7e Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 14:19:38 +0100 Subject: [PATCH 158/289] Move docs source to source dir --- .readthedocs.yaml | 2 +- docs/Makefile | 2 +- docs/{ => source}/_static/favicon.ico | Bin docs/{ => source}/_static/logo_turing_dark.png | Bin docs/{ => source}/_static/logo_turing_light.png | Bin docs/{ => source}/_static/overrides.css | 0 docs/{ => source}/_static/scriberia_diagram.jpg | Bin docs/{ => source}/_static/toggle.js | 0 .../_templates/sidebar-section-navigation.html | 0 docs/{ => source}/_templates/sidebar-versions.html | 0 docs/{ => source}/_templates/sphinx-version.html | 0 docs/{ => source}/conf.py | 0 docs/{ => source}/contributing/devops_gap.png | Bin .../contributing/example-conversation-in-issue.png | Bin docs/{ => source}/contributing/gitflow.svg | 0 docs/{ => source}/deployment/build_srd_image.md | 0 docs/{ => source}/deployment/deploy_shm.md | 0 docs/{ => source}/deployment/deploy_shm/AAD.png | Bin .../deploy_shm/aad_authentication_methods.png | Bin .../deployment/deploy_shm/aad_create_admin.png | Bin .../deployment/deploy_shm/aad_creation.png | Bin .../deployment/deploy_shm/aad_global_admin.png | Bin .../deployment/deploy_shm/aad_mfa_settings.png | Bin .../{ => source}/deployment/deploy_shm/aad_sspr.png | Bin .../deployment/deploy_shm/aad_tenant_id.png | Bin .../deploy_shm/catalina_authentication.png | Bin .../deployment/deploy_shm/certificate_details.png | Bin .../deployment/deploy_shm/dc_resource_groups.png | Bin .../deploy_shm/enable_password_writeback.png | Bin .../deployment/deploy_shm/nps_accounting.png | Bin .../deployment/deploy_shm/shm_subdomain_ns.png | Bin .../deployment/deploy_shm/vnet_resource_groups.png | Bin docs/{ => source}/deployment/deploy_sre.md | 0 .../guacamole_aad_app_registration_idtoken.png | Bin .../deploy_sre/guacamole_aad_idtoken_failure.png | Bin .../deployment/deploy_sre/guacamole_desktop.png | Bin .../deployment/deploy_sre/msrds_desktop.png | Bin .../deployment/deploy_sre/sre_subdomain_ns.png | Bin .../deployment/deploy_sre_apache_guacamole.md | 0 .../deployment/deploy_sre_microsoft_rds.md | 0 docs/{ => source}/deployment/index.md | 0 docs/{ => source}/deployment/security_checklist.md | 0 .../aad_additional_security_verification.png | Bin .../aad_mfa_approve_signin_request.png | Bin .../security_checklist/guacamole_srd_desktop.png | Bin .../security_checklist/login_no_mfa_guacamole.png | Bin .../security_checklist/login_no_mfa_msrds.png | Bin .../msrds_dashboard_with_apps.png | Bin .../security_checklist/msrds_failed_to_connect.png | Bin .../security_checklist/msrds_srd_desktop.png | Bin .../security_checklist/nsg_inbound_access.png | Bin .../security_checklist/nsg_outbound_access.png | Bin .../security_checklist/shmdc_website_deny.png | Bin .../security_checklist/shmdc_windows_update.png | Bin .../security_checklist/srd_installed_software.png | Bin .../deployment/security_checklist/srd_no_curl.png | Bin .../security_checklist/srd_no_internet.png | Bin .../security_checklist/srd_no_nslookup.png | Bin .../security_checklist/srd_no_ssh_by_fqdn.png | Bin .../security_checklist/srd_no_ssh_by_ip.png | Bin .../security_checklist/srd_pypi_tier2_allowed.png | Bin .../security_checklist/srd_pypi_tier2_denied.png | Bin .../security_checklist/srd_pypi_tier3_allowed.png | Bin .../security_checklist/srd_pypi_tier3_denied.png | Bin .../security_checklist/ssh_connection_fail.png | Bin .../deployment/snippets/00_symbols.partial.md | 0 .../deployment/snippets/01_prerequisites.partial.md | 0 .../deployment/snippets/02_configuration.partial.md | 0 .../snippets/03_01_remove_data.partial.md | 0 .../snippets/03_02_register_sre.partial.md | 0 .../deployment/snippets/04_01_sre_dns.partial.md | 0 .../deployment/snippets/04_02_manual_dns.partial.md | 0 .../snippets/04_03_deploy_vnet.partial.md | 0 .../snippets/05_storage_accounts.partial.md | 0 .../snippets/06_01_create_user_account.partial.md | 0 .../snippets/07_deploy_webapps.partial.md | 0 .../deployment/snippets/08_databases.partial.md | 0 .../deployment/snippets/09_single_srd.partial.md | 0 .../snippets/10_network_lockdown.partial.md | 0 .../snippets/11_configure_firewall.partial.md | 0 .../snippets/12_configure_monitoring.partial.md | 0 .../deployment/snippets/13_enable_backup.partial.md | 0 .../snippets/14_run_smoke_tests.partial.md | 0 .../deployment/snippets/user_csv_format.partial.md | 0 .../design/architecture/architecture_mirrors.png | Bin docs/{ => source}/design/architecture/index.md | 0 .../design/architecture/safe_haven_architecture.png | Bin .../design/architecture/shm_architecture.png | Bin .../{ => source}/design/architecture/shm_details.md | 0 .../design/architecture/sre_architecture.png | Bin .../{ => source}/design/architecture/sre_details.md | 0 docs/{ => source}/design/index.md | 0 docs/{ => source}/design/security/index.md | 0 docs/{ => source}/design/security/objectives.md | 0 .../design/security/reference_configuration.md | 0 .../design/security/sample_security_controls.png | Bin .../design/security/technical_controls.md | 0 docs/{ => source}/index.md | 0 docs/{ => source}/overview/index.md | 0 docs/{ => source}/overview/sensitivity_tiers.md | 0 docs/{ => source}/overview/what_is_dsh.md | 0 docs/{ => source}/overview/why_use_dsh.md | 0 docs/{ => source}/processes/data_access_controls.md | 0 docs/{ => source}/processes/data_classification.md | 0 docs/{ => source}/processes/data_egress.md | 0 docs/{ => source}/processes/data_handling.md | 0 docs/{ => source}/processes/data_ingress.md | 0 .../processes/data_transfer_protocol.md | 0 docs/{ => source}/processes/index.md | 0 .../processes/software_package_approval.md | 0 .../data_provider_representative/azcopy_warning.png | Bin .../azure_storage_explorer_connect.png | Bin .../azure_storage_explorer_container.png | Bin .../azure_storage_explorer_error.png | Bin .../roles/data_provider_representative/index.md | 0 docs/{ => source}/roles/index.md | 0 docs/{ => source}/roles/investigator/data_egress.md | 0 .../{ => source}/roles/investigator/data_ingress.md | 0 docs/{ => source}/roles/investigator/index.md | 0 docs/{ => source}/roles/programme_manager/index.md | 0 .../roles/project_manager/data_egress.md | 0 .../roles/project_manager/data_ingress.md | 0 docs/{ => source}/roles/project_manager/index.md | 0 .../roles/project_manager/project_lifecycle.md | 0 docs/{ => source}/roles/referee/index.md | 0 .../roles/researcher/available_software.md | 0 docs/{ => source}/roles/researcher/index.md | 0 .../researcher/snippets/01_introduction.partial.md | 0 .../researcher/snippets/02_account_setup.partial.md | 0 .../snippets/03_01_prerequisites.partial.md | 0 .../researcher/snippets/03_02_srd_login.partial.md | 0 .../researcher/snippets/04_using_srd.partial.md | 0 .../researcher/snippets/05_share_files.partial.md | 0 .../roles/researcher/snippets/06_cocalc.partial.md | 0 .../roles/researcher/snippets/07_gitlab.partial.md | 0 .../roles/researcher/snippets/08_codimd.partial.md | 0 .../researcher/snippets/10_databases.partial.md | 0 .../researcher/snippets/11_report_bugs.partial.md | 0 .../researcher/snippets/12_end_matter.partial.md | 0 .../roles/researcher/snippets/13_MFA.partial.md | 0 .../snippets/software_database.partial.md | 0 .../researcher/snippets/software_editors.partial.md | 0 .../snippets/software_languages.partial.md | 0 .../researcher/snippets/software_other.partial.md | 0 .../snippets/software_presentation.partial.md | 0 docs/{ => source}/roles/researcher/user_guide.md | 0 .../user_guide/access_desktop_applications.png | Bin .../researcher/user_guide/account_setup_captcha.png | Bin .../user_guide/account_setup_forgotten_password.png | Bin .../account_setup_mfa_add_authenticator_app.png | Bin ...t_setup_mfa_additional_security_verification.png | Bin .../account_setup_mfa_allow_notifications.png | Bin .../user_guide/account_setup_mfa_app_qrcode.png | Bin ...account_setup_mfa_authenticator_app_approved.png | Bin .../account_setup_mfa_authenticator_app_test.png | Bin .../account_setup_mfa_dashboard_phone_only.png | Bin .../account_setup_mfa_dashboard_two_methods.png | Bin ...account_setup_mfa_download_authenticator_app.png | Bin .../account_setup_mfa_registered_phone.png | Bin .../user_guide/account_setup_mfa_verified_phone.png | Bin .../account_setup_mfa_verifying_phone.png | Bin .../account_setup_more_information_required.png | Bin .../user_guide/account_setup_new_password.png | Bin .../account_setup_new_password_sign_in.png | Bin .../user_guide/account_setup_verify_phone.png | Bin .../user_guide/cocalc_account_creation.png | Bin .../roles/researcher/user_guide/cocalc_homepage.png | Bin .../user_guide/cocalc_security_warning.png | Bin .../researcher/user_guide/codimd_access_options.png | Bin .../roles/researcher/user_guide/codimd_logon.png | Bin .../researcher/user_guide/codimd_publishing.png | Bin .../researcher/user_guide/db_azure_data_studio.png | Bin .../researcher/user_guide/db_dbeaver_mssql.png | Bin .../user_guide/db_dbeaver_postgres_connection.png | Bin .../user_guide/db_dbeaver_postgres_ignore.png | Bin .../researcher/user_guide/gitlab_clone_url.png | Bin .../user_guide/gitlab_merge_request_details.png | Bin .../user_guide/gitlab_new_merge_request.png | Bin .../user_guide/gitlab_screenshot_login.png | Bin .../researcher/user_guide/guacamole_dashboard.png | Bin .../roles/researcher/user_guide/guacamole_mfa.png | Bin .../user_guide/logon_environment_guacamole.png | Bin .../user_guide/logon_environment_msrds.png | Bin .../roles/researcher/user_guide/msrds_dashboard.png | Bin .../user_guide/msrds_no_work_resources.png | Bin .../researcher/user_guide/msrds_srd_connection.png | Bin .../user_guide/msrds_srd_connection_failure.png | Bin .../researcher/user_guide/msrds_srd_rdc_screen.png | Bin .../user_guide/msrds_srd_security_fingerprint.png | Bin .../msrds_unexpected_certificate_error.png | Bin .../researcher/user_guide/srd_login_failure.png | Bin .../researcher/user_guide/srd_login_screen.png | Bin .../researcher/user_guide/srd_xfce_initial.png | Bin .../roles/researcher/user_guide_guacamole.md | 0 .../roles/researcher/user_guide_msrds.md | 0 .../administrator_guide/backup_instances_blobs.png | Bin .../administrator_guide/backup_instances_disks.png | Bin .../administrator_guide/backup_progress_disk_1.png | Bin .../administrator_guide/backup_progress_disk_2.png | Bin .../administrator_guide/backup_progress_disk_3.png | Bin .../administrator_guide/backup_restore_disk.png | Bin .../backup_select_containers_validate_blobs.png | Bin .../backup_select_restore_time_blobs.png | Bin .../backup_select_snapshot_validate_disks.png | Bin .../administrator_guide/backup_swap_disk_after.png | Bin .../administrator_guide/backup_swap_disk_before.png | Bin .../administrator_guide/connect_azure_storage.png | Bin .../internal_mirror_packages.png | Bin .../login_certificate_expiry.png | Bin .../administrator_guide/login_password_login.png | Bin .../administrator_guide/no_recent_connections.png | Bin .../administrator_guide/password_reset_failure.png | Bin .../administrator_guide/read_only_sas_token.png | Bin .../administrator_guide/srd_login_failure.png | Bin .../administrator_guide/srd_login_opening_port.png | Bin .../administrator_guide/srd_login_prompt.png | Bin docs/{ => source}/roles/system_manager/index.md | 0 .../roles/system_manager/manage_costs.md | 0 .../roles/system_manager/manage_data.md | 0 .../roles/system_manager/manage_deployments.md | 0 .../roles/system_manager/manage_users.md | 0 .../roles/system_manager/manage_webapps.md | 0 .../roles/system_manager/migrate_an_shm.md | 0 .../migrate_shm/aad_connection_failure.png | Bin .../system_manager/snippets/01_console.partial.md | 0 225 files changed, 2 insertions(+), 2 deletions(-) rename docs/{ => source}/_static/favicon.ico (100%) rename docs/{ => source}/_static/logo_turing_dark.png (100%) rename docs/{ => source}/_static/logo_turing_light.png (100%) rename docs/{ => source}/_static/overrides.css (100%) rename docs/{ => source}/_static/scriberia_diagram.jpg (100%) rename docs/{ => source}/_static/toggle.js (100%) rename docs/{ => source}/_templates/sidebar-section-navigation.html (100%) rename docs/{ => source}/_templates/sidebar-versions.html (100%) rename docs/{ => source}/_templates/sphinx-version.html (100%) rename docs/{ => source}/conf.py (100%) rename docs/{ => source}/contributing/devops_gap.png (100%) rename docs/{ => source}/contributing/example-conversation-in-issue.png (100%) rename docs/{ => source}/contributing/gitflow.svg (100%) rename docs/{ => source}/deployment/build_srd_image.md (100%) rename docs/{ => source}/deployment/deploy_shm.md (100%) rename docs/{ => source}/deployment/deploy_shm/AAD.png (100%) rename docs/{ => source}/deployment/deploy_shm/aad_authentication_methods.png (100%) rename docs/{ => source}/deployment/deploy_shm/aad_create_admin.png (100%) rename docs/{ => source}/deployment/deploy_shm/aad_creation.png (100%) rename docs/{ => source}/deployment/deploy_shm/aad_global_admin.png (100%) rename docs/{ => source}/deployment/deploy_shm/aad_mfa_settings.png (100%) rename docs/{ => source}/deployment/deploy_shm/aad_sspr.png (100%) rename docs/{ => source}/deployment/deploy_shm/aad_tenant_id.png (100%) rename docs/{ => source}/deployment/deploy_shm/catalina_authentication.png (100%) rename docs/{ => source}/deployment/deploy_shm/certificate_details.png (100%) rename docs/{ => source}/deployment/deploy_shm/dc_resource_groups.png (100%) rename docs/{ => source}/deployment/deploy_shm/enable_password_writeback.png (100%) rename docs/{ => source}/deployment/deploy_shm/nps_accounting.png (100%) rename docs/{ => source}/deployment/deploy_shm/shm_subdomain_ns.png (100%) rename docs/{ => source}/deployment/deploy_shm/vnet_resource_groups.png (100%) rename docs/{ => source}/deployment/deploy_sre.md (100%) rename docs/{ => source}/deployment/deploy_sre/guacamole_aad_app_registration_idtoken.png (100%) rename docs/{ => source}/deployment/deploy_sre/guacamole_aad_idtoken_failure.png (100%) rename docs/{ => source}/deployment/deploy_sre/guacamole_desktop.png (100%) rename docs/{ => source}/deployment/deploy_sre/msrds_desktop.png (100%) rename docs/{ => source}/deployment/deploy_sre/sre_subdomain_ns.png (100%) rename docs/{ => source}/deployment/deploy_sre_apache_guacamole.md (100%) rename docs/{ => source}/deployment/deploy_sre_microsoft_rds.md (100%) rename docs/{ => source}/deployment/index.md (100%) rename docs/{ => source}/deployment/security_checklist.md (100%) rename docs/{ => source}/deployment/security_checklist/aad_additional_security_verification.png (100%) rename docs/{ => source}/deployment/security_checklist/aad_mfa_approve_signin_request.png (100%) rename docs/{ => source}/deployment/security_checklist/guacamole_srd_desktop.png (100%) rename docs/{ => source}/deployment/security_checklist/login_no_mfa_guacamole.png (100%) rename docs/{ => source}/deployment/security_checklist/login_no_mfa_msrds.png (100%) rename docs/{ => source}/deployment/security_checklist/msrds_dashboard_with_apps.png (100%) rename docs/{ => source}/deployment/security_checklist/msrds_failed_to_connect.png (100%) rename docs/{ => source}/deployment/security_checklist/msrds_srd_desktop.png (100%) rename docs/{ => source}/deployment/security_checklist/nsg_inbound_access.png (100%) rename docs/{ => source}/deployment/security_checklist/nsg_outbound_access.png (100%) rename docs/{ => source}/deployment/security_checklist/shmdc_website_deny.png (100%) rename docs/{ => source}/deployment/security_checklist/shmdc_windows_update.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_installed_software.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_no_curl.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_no_internet.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_no_nslookup.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_no_ssh_by_fqdn.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_no_ssh_by_ip.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_pypi_tier2_allowed.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_pypi_tier2_denied.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_pypi_tier3_allowed.png (100%) rename docs/{ => source}/deployment/security_checklist/srd_pypi_tier3_denied.png (100%) rename docs/{ => source}/deployment/security_checklist/ssh_connection_fail.png (100%) rename docs/{ => source}/deployment/snippets/00_symbols.partial.md (100%) rename docs/{ => source}/deployment/snippets/01_prerequisites.partial.md (100%) rename docs/{ => source}/deployment/snippets/02_configuration.partial.md (100%) rename docs/{ => source}/deployment/snippets/03_01_remove_data.partial.md (100%) rename docs/{ => source}/deployment/snippets/03_02_register_sre.partial.md (100%) rename docs/{ => source}/deployment/snippets/04_01_sre_dns.partial.md (100%) rename docs/{ => source}/deployment/snippets/04_02_manual_dns.partial.md (100%) rename docs/{ => source}/deployment/snippets/04_03_deploy_vnet.partial.md (100%) rename docs/{ => source}/deployment/snippets/05_storage_accounts.partial.md (100%) rename docs/{ => source}/deployment/snippets/06_01_create_user_account.partial.md (100%) rename docs/{ => source}/deployment/snippets/07_deploy_webapps.partial.md (100%) rename docs/{ => source}/deployment/snippets/08_databases.partial.md (100%) rename docs/{ => source}/deployment/snippets/09_single_srd.partial.md (100%) rename docs/{ => source}/deployment/snippets/10_network_lockdown.partial.md (100%) rename docs/{ => source}/deployment/snippets/11_configure_firewall.partial.md (100%) rename docs/{ => source}/deployment/snippets/12_configure_monitoring.partial.md (100%) rename docs/{ => source}/deployment/snippets/13_enable_backup.partial.md (100%) rename docs/{ => source}/deployment/snippets/14_run_smoke_tests.partial.md (100%) rename docs/{ => source}/deployment/snippets/user_csv_format.partial.md (100%) rename docs/{ => source}/design/architecture/architecture_mirrors.png (100%) rename docs/{ => source}/design/architecture/index.md (100%) rename docs/{ => source}/design/architecture/safe_haven_architecture.png (100%) rename docs/{ => source}/design/architecture/shm_architecture.png (100%) rename docs/{ => source}/design/architecture/shm_details.md (100%) rename docs/{ => source}/design/architecture/sre_architecture.png (100%) rename docs/{ => source}/design/architecture/sre_details.md (100%) rename docs/{ => source}/design/index.md (100%) rename docs/{ => source}/design/security/index.md (100%) rename docs/{ => source}/design/security/objectives.md (100%) rename docs/{ => source}/design/security/reference_configuration.md (100%) rename docs/{ => source}/design/security/sample_security_controls.png (100%) rename docs/{ => source}/design/security/technical_controls.md (100%) rename docs/{ => source}/index.md (100%) rename docs/{ => source}/overview/index.md (100%) rename docs/{ => source}/overview/sensitivity_tiers.md (100%) rename docs/{ => source}/overview/what_is_dsh.md (100%) rename docs/{ => source}/overview/why_use_dsh.md (100%) rename docs/{ => source}/processes/data_access_controls.md (100%) rename docs/{ => source}/processes/data_classification.md (100%) rename docs/{ => source}/processes/data_egress.md (100%) rename docs/{ => source}/processes/data_handling.md (100%) rename docs/{ => source}/processes/data_ingress.md (100%) rename docs/{ => source}/processes/data_transfer_protocol.md (100%) rename docs/{ => source}/processes/index.md (100%) rename docs/{ => source}/processes/software_package_approval.md (100%) rename docs/{ => source}/roles/data_provider_representative/azcopy_warning.png (100%) rename docs/{ => source}/roles/data_provider_representative/azure_storage_explorer_connect.png (100%) rename docs/{ => source}/roles/data_provider_representative/azure_storage_explorer_container.png (100%) rename docs/{ => source}/roles/data_provider_representative/azure_storage_explorer_error.png (100%) rename docs/{ => source}/roles/data_provider_representative/index.md (100%) rename docs/{ => source}/roles/index.md (100%) rename docs/{ => source}/roles/investigator/data_egress.md (100%) rename docs/{ => source}/roles/investigator/data_ingress.md (100%) rename docs/{ => source}/roles/investigator/index.md (100%) rename docs/{ => source}/roles/programme_manager/index.md (100%) rename docs/{ => source}/roles/project_manager/data_egress.md (100%) rename docs/{ => source}/roles/project_manager/data_ingress.md (100%) rename docs/{ => source}/roles/project_manager/index.md (100%) rename docs/{ => source}/roles/project_manager/project_lifecycle.md (100%) rename docs/{ => source}/roles/referee/index.md (100%) rename docs/{ => source}/roles/researcher/available_software.md (100%) rename docs/{ => source}/roles/researcher/index.md (100%) rename docs/{ => source}/roles/researcher/snippets/01_introduction.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/02_account_setup.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/03_01_prerequisites.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/03_02_srd_login.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/04_using_srd.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/05_share_files.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/06_cocalc.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/07_gitlab.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/08_codimd.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/10_databases.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/11_report_bugs.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/12_end_matter.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/13_MFA.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/software_database.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/software_editors.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/software_languages.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/software_other.partial.md (100%) rename docs/{ => source}/roles/researcher/snippets/software_presentation.partial.md (100%) rename docs/{ => source}/roles/researcher/user_guide.md (100%) rename docs/{ => source}/roles/researcher/user_guide/access_desktop_applications.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_captcha.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_forgotten_password.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_add_authenticator_app.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_additional_security_verification.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_allow_notifications.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_app_qrcode.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_authenticator_app_approved.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_authenticator_app_test.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_dashboard_phone_only.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_dashboard_two_methods.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_download_authenticator_app.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_registered_phone.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_verified_phone.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_mfa_verifying_phone.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_more_information_required.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_new_password.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_new_password_sign_in.png (100%) rename docs/{ => source}/roles/researcher/user_guide/account_setup_verify_phone.png (100%) rename docs/{ => source}/roles/researcher/user_guide/cocalc_account_creation.png (100%) rename docs/{ => source}/roles/researcher/user_guide/cocalc_homepage.png (100%) rename docs/{ => source}/roles/researcher/user_guide/cocalc_security_warning.png (100%) rename docs/{ => source}/roles/researcher/user_guide/codimd_access_options.png (100%) rename docs/{ => source}/roles/researcher/user_guide/codimd_logon.png (100%) rename docs/{ => source}/roles/researcher/user_guide/codimd_publishing.png (100%) rename docs/{ => source}/roles/researcher/user_guide/db_azure_data_studio.png (100%) rename docs/{ => source}/roles/researcher/user_guide/db_dbeaver_mssql.png (100%) rename docs/{ => source}/roles/researcher/user_guide/db_dbeaver_postgres_connection.png (100%) rename docs/{ => source}/roles/researcher/user_guide/db_dbeaver_postgres_ignore.png (100%) rename docs/{ => source}/roles/researcher/user_guide/gitlab_clone_url.png (100%) rename docs/{ => source}/roles/researcher/user_guide/gitlab_merge_request_details.png (100%) rename docs/{ => source}/roles/researcher/user_guide/gitlab_new_merge_request.png (100%) rename docs/{ => source}/roles/researcher/user_guide/gitlab_screenshot_login.png (100%) rename docs/{ => source}/roles/researcher/user_guide/guacamole_dashboard.png (100%) rename docs/{ => source}/roles/researcher/user_guide/guacamole_mfa.png (100%) rename docs/{ => source}/roles/researcher/user_guide/logon_environment_guacamole.png (100%) rename docs/{ => source}/roles/researcher/user_guide/logon_environment_msrds.png (100%) rename docs/{ => source}/roles/researcher/user_guide/msrds_dashboard.png (100%) rename docs/{ => source}/roles/researcher/user_guide/msrds_no_work_resources.png (100%) rename docs/{ => source}/roles/researcher/user_guide/msrds_srd_connection.png (100%) rename docs/{ => source}/roles/researcher/user_guide/msrds_srd_connection_failure.png (100%) rename docs/{ => source}/roles/researcher/user_guide/msrds_srd_rdc_screen.png (100%) rename docs/{ => source}/roles/researcher/user_guide/msrds_srd_security_fingerprint.png (100%) rename docs/{ => source}/roles/researcher/user_guide/msrds_unexpected_certificate_error.png (100%) rename docs/{ => source}/roles/researcher/user_guide/srd_login_failure.png (100%) rename docs/{ => source}/roles/researcher/user_guide/srd_login_screen.png (100%) rename docs/{ => source}/roles/researcher/user_guide/srd_xfce_initial.png (100%) rename docs/{ => source}/roles/researcher/user_guide_guacamole.md (100%) rename docs/{ => source}/roles/researcher/user_guide_msrds.md (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_instances_blobs.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_instances_disks.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_progress_disk_1.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_progress_disk_2.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_progress_disk_3.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_restore_disk.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_select_containers_validate_blobs.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_select_restore_time_blobs.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_select_snapshot_validate_disks.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_swap_disk_after.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/backup_swap_disk_before.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/connect_azure_storage.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/internal_mirror_packages.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/login_certificate_expiry.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/login_password_login.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/no_recent_connections.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/password_reset_failure.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/read_only_sas_token.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/srd_login_failure.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/srd_login_opening_port.png (100%) rename docs/{ => source}/roles/system_manager/administrator_guide/srd_login_prompt.png (100%) rename docs/{ => source}/roles/system_manager/index.md (100%) rename docs/{ => source}/roles/system_manager/manage_costs.md (100%) rename docs/{ => source}/roles/system_manager/manage_data.md (100%) rename docs/{ => source}/roles/system_manager/manage_deployments.md (100%) rename docs/{ => source}/roles/system_manager/manage_users.md (100%) rename docs/{ => source}/roles/system_manager/manage_webapps.md (100%) rename docs/{ => source}/roles/system_manager/migrate_an_shm.md (100%) rename docs/{ => source}/roles/system_manager/migrate_shm/aad_connection_failure.png (100%) rename docs/{ => source}/roles/system_manager/snippets/01_console.partial.md (100%) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index d29cf953e9..f496f7b191 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -10,7 +10,7 @@ build: python: "3" sphinx: - configuration: docs/conf.py + configuration: docs/source/conf.py # formats: # - pdf diff --git a/docs/Makefile b/docs/Makefile index e96b72c7ae..a2cf542beb 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -5,7 +5,7 @@ # from the environment for the first two. SPHINXOPTS ?= SPHINXBUILD ?= sphinx-build -SOURCEDIR = . +SOURCEDIR = source BUILDDIR = build # Put it first so that "make" without argument is like "make help". diff --git a/docs/_static/favicon.ico b/docs/source/_static/favicon.ico similarity index 100% rename from docs/_static/favicon.ico rename to docs/source/_static/favicon.ico diff --git a/docs/_static/logo_turing_dark.png b/docs/source/_static/logo_turing_dark.png similarity index 100% rename from docs/_static/logo_turing_dark.png rename to docs/source/_static/logo_turing_dark.png diff --git a/docs/_static/logo_turing_light.png b/docs/source/_static/logo_turing_light.png similarity index 100% rename from docs/_static/logo_turing_light.png rename to docs/source/_static/logo_turing_light.png diff --git a/docs/_static/overrides.css b/docs/source/_static/overrides.css similarity index 100% rename from docs/_static/overrides.css rename to docs/source/_static/overrides.css diff --git a/docs/_static/scriberia_diagram.jpg b/docs/source/_static/scriberia_diagram.jpg similarity index 100% rename from docs/_static/scriberia_diagram.jpg rename to docs/source/_static/scriberia_diagram.jpg diff --git a/docs/_static/toggle.js b/docs/source/_static/toggle.js similarity index 100% rename from docs/_static/toggle.js rename to docs/source/_static/toggle.js diff --git a/docs/_templates/sidebar-section-navigation.html b/docs/source/_templates/sidebar-section-navigation.html similarity index 100% rename from docs/_templates/sidebar-section-navigation.html rename to docs/source/_templates/sidebar-section-navigation.html diff --git a/docs/_templates/sidebar-versions.html b/docs/source/_templates/sidebar-versions.html similarity index 100% rename from docs/_templates/sidebar-versions.html rename to docs/source/_templates/sidebar-versions.html diff --git a/docs/_templates/sphinx-version.html b/docs/source/_templates/sphinx-version.html similarity index 100% rename from docs/_templates/sphinx-version.html rename to docs/source/_templates/sphinx-version.html diff --git a/docs/conf.py b/docs/source/conf.py similarity index 100% rename from docs/conf.py rename to docs/source/conf.py diff --git a/docs/contributing/devops_gap.png b/docs/source/contributing/devops_gap.png similarity index 100% rename from docs/contributing/devops_gap.png rename to docs/source/contributing/devops_gap.png diff --git a/docs/contributing/example-conversation-in-issue.png b/docs/source/contributing/example-conversation-in-issue.png similarity index 100% rename from docs/contributing/example-conversation-in-issue.png rename to docs/source/contributing/example-conversation-in-issue.png diff --git a/docs/contributing/gitflow.svg b/docs/source/contributing/gitflow.svg similarity index 100% rename from docs/contributing/gitflow.svg rename to docs/source/contributing/gitflow.svg diff --git a/docs/deployment/build_srd_image.md b/docs/source/deployment/build_srd_image.md similarity index 100% rename from docs/deployment/build_srd_image.md rename to docs/source/deployment/build_srd_image.md diff --git a/docs/deployment/deploy_shm.md b/docs/source/deployment/deploy_shm.md similarity index 100% rename from docs/deployment/deploy_shm.md rename to docs/source/deployment/deploy_shm.md diff --git a/docs/deployment/deploy_shm/AAD.png b/docs/source/deployment/deploy_shm/AAD.png similarity index 100% rename from docs/deployment/deploy_shm/AAD.png rename to docs/source/deployment/deploy_shm/AAD.png diff --git a/docs/deployment/deploy_shm/aad_authentication_methods.png b/docs/source/deployment/deploy_shm/aad_authentication_methods.png similarity index 100% rename from docs/deployment/deploy_shm/aad_authentication_methods.png rename to docs/source/deployment/deploy_shm/aad_authentication_methods.png diff --git a/docs/deployment/deploy_shm/aad_create_admin.png b/docs/source/deployment/deploy_shm/aad_create_admin.png similarity index 100% rename from docs/deployment/deploy_shm/aad_create_admin.png rename to docs/source/deployment/deploy_shm/aad_create_admin.png diff --git a/docs/deployment/deploy_shm/aad_creation.png b/docs/source/deployment/deploy_shm/aad_creation.png similarity index 100% rename from docs/deployment/deploy_shm/aad_creation.png rename to docs/source/deployment/deploy_shm/aad_creation.png diff --git a/docs/deployment/deploy_shm/aad_global_admin.png b/docs/source/deployment/deploy_shm/aad_global_admin.png similarity index 100% rename from docs/deployment/deploy_shm/aad_global_admin.png rename to docs/source/deployment/deploy_shm/aad_global_admin.png diff --git a/docs/deployment/deploy_shm/aad_mfa_settings.png b/docs/source/deployment/deploy_shm/aad_mfa_settings.png similarity index 100% rename from docs/deployment/deploy_shm/aad_mfa_settings.png rename to docs/source/deployment/deploy_shm/aad_mfa_settings.png diff --git a/docs/deployment/deploy_shm/aad_sspr.png b/docs/source/deployment/deploy_shm/aad_sspr.png similarity index 100% rename from docs/deployment/deploy_shm/aad_sspr.png rename to docs/source/deployment/deploy_shm/aad_sspr.png diff --git a/docs/deployment/deploy_shm/aad_tenant_id.png b/docs/source/deployment/deploy_shm/aad_tenant_id.png similarity index 100% rename from docs/deployment/deploy_shm/aad_tenant_id.png rename to docs/source/deployment/deploy_shm/aad_tenant_id.png diff --git a/docs/deployment/deploy_shm/catalina_authentication.png b/docs/source/deployment/deploy_shm/catalina_authentication.png similarity index 100% rename from docs/deployment/deploy_shm/catalina_authentication.png rename to docs/source/deployment/deploy_shm/catalina_authentication.png diff --git a/docs/deployment/deploy_shm/certificate_details.png b/docs/source/deployment/deploy_shm/certificate_details.png similarity index 100% rename from docs/deployment/deploy_shm/certificate_details.png rename to docs/source/deployment/deploy_shm/certificate_details.png diff --git a/docs/deployment/deploy_shm/dc_resource_groups.png b/docs/source/deployment/deploy_shm/dc_resource_groups.png similarity index 100% rename from docs/deployment/deploy_shm/dc_resource_groups.png rename to docs/source/deployment/deploy_shm/dc_resource_groups.png diff --git a/docs/deployment/deploy_shm/enable_password_writeback.png b/docs/source/deployment/deploy_shm/enable_password_writeback.png similarity index 100% rename from docs/deployment/deploy_shm/enable_password_writeback.png rename to docs/source/deployment/deploy_shm/enable_password_writeback.png diff --git a/docs/deployment/deploy_shm/nps_accounting.png b/docs/source/deployment/deploy_shm/nps_accounting.png similarity index 100% rename from docs/deployment/deploy_shm/nps_accounting.png rename to docs/source/deployment/deploy_shm/nps_accounting.png diff --git a/docs/deployment/deploy_shm/shm_subdomain_ns.png b/docs/source/deployment/deploy_shm/shm_subdomain_ns.png similarity index 100% rename from docs/deployment/deploy_shm/shm_subdomain_ns.png rename to docs/source/deployment/deploy_shm/shm_subdomain_ns.png diff --git a/docs/deployment/deploy_shm/vnet_resource_groups.png b/docs/source/deployment/deploy_shm/vnet_resource_groups.png similarity index 100% rename from docs/deployment/deploy_shm/vnet_resource_groups.png rename to docs/source/deployment/deploy_shm/vnet_resource_groups.png diff --git a/docs/deployment/deploy_sre.md b/docs/source/deployment/deploy_sre.md similarity index 100% rename from docs/deployment/deploy_sre.md rename to docs/source/deployment/deploy_sre.md diff --git a/docs/deployment/deploy_sre/guacamole_aad_app_registration_idtoken.png b/docs/source/deployment/deploy_sre/guacamole_aad_app_registration_idtoken.png similarity index 100% rename from docs/deployment/deploy_sre/guacamole_aad_app_registration_idtoken.png rename to docs/source/deployment/deploy_sre/guacamole_aad_app_registration_idtoken.png diff --git a/docs/deployment/deploy_sre/guacamole_aad_idtoken_failure.png b/docs/source/deployment/deploy_sre/guacamole_aad_idtoken_failure.png similarity index 100% rename from docs/deployment/deploy_sre/guacamole_aad_idtoken_failure.png rename to docs/source/deployment/deploy_sre/guacamole_aad_idtoken_failure.png diff --git a/docs/deployment/deploy_sre/guacamole_desktop.png b/docs/source/deployment/deploy_sre/guacamole_desktop.png similarity index 100% rename from docs/deployment/deploy_sre/guacamole_desktop.png rename to docs/source/deployment/deploy_sre/guacamole_desktop.png diff --git a/docs/deployment/deploy_sre/msrds_desktop.png b/docs/source/deployment/deploy_sre/msrds_desktop.png similarity index 100% rename from docs/deployment/deploy_sre/msrds_desktop.png rename to docs/source/deployment/deploy_sre/msrds_desktop.png diff --git a/docs/deployment/deploy_sre/sre_subdomain_ns.png b/docs/source/deployment/deploy_sre/sre_subdomain_ns.png similarity index 100% rename from docs/deployment/deploy_sre/sre_subdomain_ns.png rename to docs/source/deployment/deploy_sre/sre_subdomain_ns.png diff --git a/docs/deployment/deploy_sre_apache_guacamole.md b/docs/source/deployment/deploy_sre_apache_guacamole.md similarity index 100% rename from docs/deployment/deploy_sre_apache_guacamole.md rename to docs/source/deployment/deploy_sre_apache_guacamole.md diff --git a/docs/deployment/deploy_sre_microsoft_rds.md b/docs/source/deployment/deploy_sre_microsoft_rds.md similarity index 100% rename from docs/deployment/deploy_sre_microsoft_rds.md rename to docs/source/deployment/deploy_sre_microsoft_rds.md diff --git a/docs/deployment/index.md b/docs/source/deployment/index.md similarity index 100% rename from docs/deployment/index.md rename to docs/source/deployment/index.md diff --git a/docs/deployment/security_checklist.md b/docs/source/deployment/security_checklist.md similarity index 100% rename from docs/deployment/security_checklist.md rename to docs/source/deployment/security_checklist.md diff --git a/docs/deployment/security_checklist/aad_additional_security_verification.png b/docs/source/deployment/security_checklist/aad_additional_security_verification.png similarity index 100% rename from docs/deployment/security_checklist/aad_additional_security_verification.png rename to docs/source/deployment/security_checklist/aad_additional_security_verification.png diff --git a/docs/deployment/security_checklist/aad_mfa_approve_signin_request.png b/docs/source/deployment/security_checklist/aad_mfa_approve_signin_request.png similarity index 100% rename from docs/deployment/security_checklist/aad_mfa_approve_signin_request.png rename to docs/source/deployment/security_checklist/aad_mfa_approve_signin_request.png diff --git a/docs/deployment/security_checklist/guacamole_srd_desktop.png b/docs/source/deployment/security_checklist/guacamole_srd_desktop.png similarity index 100% rename from docs/deployment/security_checklist/guacamole_srd_desktop.png rename to docs/source/deployment/security_checklist/guacamole_srd_desktop.png diff --git a/docs/deployment/security_checklist/login_no_mfa_guacamole.png b/docs/source/deployment/security_checklist/login_no_mfa_guacamole.png similarity index 100% rename from docs/deployment/security_checklist/login_no_mfa_guacamole.png rename to docs/source/deployment/security_checklist/login_no_mfa_guacamole.png diff --git a/docs/deployment/security_checklist/login_no_mfa_msrds.png b/docs/source/deployment/security_checklist/login_no_mfa_msrds.png similarity index 100% rename from docs/deployment/security_checklist/login_no_mfa_msrds.png rename to docs/source/deployment/security_checklist/login_no_mfa_msrds.png diff --git a/docs/deployment/security_checklist/msrds_dashboard_with_apps.png b/docs/source/deployment/security_checklist/msrds_dashboard_with_apps.png similarity index 100% rename from docs/deployment/security_checklist/msrds_dashboard_with_apps.png rename to docs/source/deployment/security_checklist/msrds_dashboard_with_apps.png diff --git a/docs/deployment/security_checklist/msrds_failed_to_connect.png b/docs/source/deployment/security_checklist/msrds_failed_to_connect.png similarity index 100% rename from docs/deployment/security_checklist/msrds_failed_to_connect.png rename to docs/source/deployment/security_checklist/msrds_failed_to_connect.png diff --git a/docs/deployment/security_checklist/msrds_srd_desktop.png b/docs/source/deployment/security_checklist/msrds_srd_desktop.png similarity index 100% rename from docs/deployment/security_checklist/msrds_srd_desktop.png rename to docs/source/deployment/security_checklist/msrds_srd_desktop.png diff --git a/docs/deployment/security_checklist/nsg_inbound_access.png b/docs/source/deployment/security_checklist/nsg_inbound_access.png similarity index 100% rename from docs/deployment/security_checklist/nsg_inbound_access.png rename to docs/source/deployment/security_checklist/nsg_inbound_access.png diff --git a/docs/deployment/security_checklist/nsg_outbound_access.png b/docs/source/deployment/security_checklist/nsg_outbound_access.png similarity index 100% rename from docs/deployment/security_checklist/nsg_outbound_access.png rename to docs/source/deployment/security_checklist/nsg_outbound_access.png diff --git a/docs/deployment/security_checklist/shmdc_website_deny.png b/docs/source/deployment/security_checklist/shmdc_website_deny.png similarity index 100% rename from docs/deployment/security_checklist/shmdc_website_deny.png rename to docs/source/deployment/security_checklist/shmdc_website_deny.png diff --git a/docs/deployment/security_checklist/shmdc_windows_update.png b/docs/source/deployment/security_checklist/shmdc_windows_update.png similarity index 100% rename from docs/deployment/security_checklist/shmdc_windows_update.png rename to docs/source/deployment/security_checklist/shmdc_windows_update.png diff --git a/docs/deployment/security_checklist/srd_installed_software.png b/docs/source/deployment/security_checklist/srd_installed_software.png similarity index 100% rename from docs/deployment/security_checklist/srd_installed_software.png rename to docs/source/deployment/security_checklist/srd_installed_software.png diff --git a/docs/deployment/security_checklist/srd_no_curl.png b/docs/source/deployment/security_checklist/srd_no_curl.png similarity index 100% rename from docs/deployment/security_checklist/srd_no_curl.png rename to docs/source/deployment/security_checklist/srd_no_curl.png diff --git a/docs/deployment/security_checklist/srd_no_internet.png b/docs/source/deployment/security_checklist/srd_no_internet.png similarity index 100% rename from docs/deployment/security_checklist/srd_no_internet.png rename to docs/source/deployment/security_checklist/srd_no_internet.png diff --git a/docs/deployment/security_checklist/srd_no_nslookup.png b/docs/source/deployment/security_checklist/srd_no_nslookup.png similarity index 100% rename from docs/deployment/security_checklist/srd_no_nslookup.png rename to docs/source/deployment/security_checklist/srd_no_nslookup.png diff --git a/docs/deployment/security_checklist/srd_no_ssh_by_fqdn.png b/docs/source/deployment/security_checklist/srd_no_ssh_by_fqdn.png similarity index 100% rename from docs/deployment/security_checklist/srd_no_ssh_by_fqdn.png rename to docs/source/deployment/security_checklist/srd_no_ssh_by_fqdn.png diff --git a/docs/deployment/security_checklist/srd_no_ssh_by_ip.png b/docs/source/deployment/security_checklist/srd_no_ssh_by_ip.png similarity index 100% rename from docs/deployment/security_checklist/srd_no_ssh_by_ip.png rename to docs/source/deployment/security_checklist/srd_no_ssh_by_ip.png diff --git a/docs/deployment/security_checklist/srd_pypi_tier2_allowed.png b/docs/source/deployment/security_checklist/srd_pypi_tier2_allowed.png similarity index 100% rename from docs/deployment/security_checklist/srd_pypi_tier2_allowed.png rename to docs/source/deployment/security_checklist/srd_pypi_tier2_allowed.png diff --git a/docs/deployment/security_checklist/srd_pypi_tier2_denied.png b/docs/source/deployment/security_checklist/srd_pypi_tier2_denied.png similarity index 100% rename from docs/deployment/security_checklist/srd_pypi_tier2_denied.png rename to docs/source/deployment/security_checklist/srd_pypi_tier2_denied.png diff --git a/docs/deployment/security_checklist/srd_pypi_tier3_allowed.png b/docs/source/deployment/security_checklist/srd_pypi_tier3_allowed.png similarity index 100% rename from docs/deployment/security_checklist/srd_pypi_tier3_allowed.png rename to docs/source/deployment/security_checklist/srd_pypi_tier3_allowed.png diff --git a/docs/deployment/security_checklist/srd_pypi_tier3_denied.png b/docs/source/deployment/security_checklist/srd_pypi_tier3_denied.png similarity index 100% rename from docs/deployment/security_checklist/srd_pypi_tier3_denied.png rename to docs/source/deployment/security_checklist/srd_pypi_tier3_denied.png diff --git a/docs/deployment/security_checklist/ssh_connection_fail.png b/docs/source/deployment/security_checklist/ssh_connection_fail.png similarity index 100% rename from docs/deployment/security_checklist/ssh_connection_fail.png rename to docs/source/deployment/security_checklist/ssh_connection_fail.png diff --git a/docs/deployment/snippets/00_symbols.partial.md b/docs/source/deployment/snippets/00_symbols.partial.md similarity index 100% rename from docs/deployment/snippets/00_symbols.partial.md rename to docs/source/deployment/snippets/00_symbols.partial.md diff --git a/docs/deployment/snippets/01_prerequisites.partial.md b/docs/source/deployment/snippets/01_prerequisites.partial.md similarity index 100% rename from docs/deployment/snippets/01_prerequisites.partial.md rename to docs/source/deployment/snippets/01_prerequisites.partial.md diff --git a/docs/deployment/snippets/02_configuration.partial.md b/docs/source/deployment/snippets/02_configuration.partial.md similarity index 100% rename from docs/deployment/snippets/02_configuration.partial.md rename to docs/source/deployment/snippets/02_configuration.partial.md diff --git a/docs/deployment/snippets/03_01_remove_data.partial.md b/docs/source/deployment/snippets/03_01_remove_data.partial.md similarity index 100% rename from docs/deployment/snippets/03_01_remove_data.partial.md rename to docs/source/deployment/snippets/03_01_remove_data.partial.md diff --git a/docs/deployment/snippets/03_02_register_sre.partial.md b/docs/source/deployment/snippets/03_02_register_sre.partial.md similarity index 100% rename from docs/deployment/snippets/03_02_register_sre.partial.md rename to docs/source/deployment/snippets/03_02_register_sre.partial.md diff --git a/docs/deployment/snippets/04_01_sre_dns.partial.md b/docs/source/deployment/snippets/04_01_sre_dns.partial.md similarity index 100% rename from docs/deployment/snippets/04_01_sre_dns.partial.md rename to docs/source/deployment/snippets/04_01_sre_dns.partial.md diff --git a/docs/deployment/snippets/04_02_manual_dns.partial.md b/docs/source/deployment/snippets/04_02_manual_dns.partial.md similarity index 100% rename from docs/deployment/snippets/04_02_manual_dns.partial.md rename to docs/source/deployment/snippets/04_02_manual_dns.partial.md diff --git a/docs/deployment/snippets/04_03_deploy_vnet.partial.md b/docs/source/deployment/snippets/04_03_deploy_vnet.partial.md similarity index 100% rename from docs/deployment/snippets/04_03_deploy_vnet.partial.md rename to docs/source/deployment/snippets/04_03_deploy_vnet.partial.md diff --git a/docs/deployment/snippets/05_storage_accounts.partial.md b/docs/source/deployment/snippets/05_storage_accounts.partial.md similarity index 100% rename from docs/deployment/snippets/05_storage_accounts.partial.md rename to docs/source/deployment/snippets/05_storage_accounts.partial.md diff --git a/docs/deployment/snippets/06_01_create_user_account.partial.md b/docs/source/deployment/snippets/06_01_create_user_account.partial.md similarity index 100% rename from docs/deployment/snippets/06_01_create_user_account.partial.md rename to docs/source/deployment/snippets/06_01_create_user_account.partial.md diff --git a/docs/deployment/snippets/07_deploy_webapps.partial.md b/docs/source/deployment/snippets/07_deploy_webapps.partial.md similarity index 100% rename from docs/deployment/snippets/07_deploy_webapps.partial.md rename to docs/source/deployment/snippets/07_deploy_webapps.partial.md diff --git a/docs/deployment/snippets/08_databases.partial.md b/docs/source/deployment/snippets/08_databases.partial.md similarity index 100% rename from docs/deployment/snippets/08_databases.partial.md rename to docs/source/deployment/snippets/08_databases.partial.md diff --git a/docs/deployment/snippets/09_single_srd.partial.md b/docs/source/deployment/snippets/09_single_srd.partial.md similarity index 100% rename from docs/deployment/snippets/09_single_srd.partial.md rename to docs/source/deployment/snippets/09_single_srd.partial.md diff --git a/docs/deployment/snippets/10_network_lockdown.partial.md b/docs/source/deployment/snippets/10_network_lockdown.partial.md similarity index 100% rename from docs/deployment/snippets/10_network_lockdown.partial.md rename to docs/source/deployment/snippets/10_network_lockdown.partial.md diff --git a/docs/deployment/snippets/11_configure_firewall.partial.md b/docs/source/deployment/snippets/11_configure_firewall.partial.md similarity index 100% rename from docs/deployment/snippets/11_configure_firewall.partial.md rename to docs/source/deployment/snippets/11_configure_firewall.partial.md diff --git a/docs/deployment/snippets/12_configure_monitoring.partial.md b/docs/source/deployment/snippets/12_configure_monitoring.partial.md similarity index 100% rename from docs/deployment/snippets/12_configure_monitoring.partial.md rename to docs/source/deployment/snippets/12_configure_monitoring.partial.md diff --git a/docs/deployment/snippets/13_enable_backup.partial.md b/docs/source/deployment/snippets/13_enable_backup.partial.md similarity index 100% rename from docs/deployment/snippets/13_enable_backup.partial.md rename to docs/source/deployment/snippets/13_enable_backup.partial.md diff --git a/docs/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md similarity index 100% rename from docs/deployment/snippets/14_run_smoke_tests.partial.md rename to docs/source/deployment/snippets/14_run_smoke_tests.partial.md diff --git a/docs/deployment/snippets/user_csv_format.partial.md b/docs/source/deployment/snippets/user_csv_format.partial.md similarity index 100% rename from docs/deployment/snippets/user_csv_format.partial.md rename to docs/source/deployment/snippets/user_csv_format.partial.md diff --git a/docs/design/architecture/architecture_mirrors.png b/docs/source/design/architecture/architecture_mirrors.png similarity index 100% rename from docs/design/architecture/architecture_mirrors.png rename to docs/source/design/architecture/architecture_mirrors.png diff --git a/docs/design/architecture/index.md b/docs/source/design/architecture/index.md similarity index 100% rename from docs/design/architecture/index.md rename to docs/source/design/architecture/index.md diff --git a/docs/design/architecture/safe_haven_architecture.png b/docs/source/design/architecture/safe_haven_architecture.png similarity index 100% rename from docs/design/architecture/safe_haven_architecture.png rename to docs/source/design/architecture/safe_haven_architecture.png diff --git a/docs/design/architecture/shm_architecture.png b/docs/source/design/architecture/shm_architecture.png similarity index 100% rename from docs/design/architecture/shm_architecture.png rename to docs/source/design/architecture/shm_architecture.png diff --git a/docs/design/architecture/shm_details.md b/docs/source/design/architecture/shm_details.md similarity index 100% rename from docs/design/architecture/shm_details.md rename to docs/source/design/architecture/shm_details.md diff --git a/docs/design/architecture/sre_architecture.png b/docs/source/design/architecture/sre_architecture.png similarity index 100% rename from docs/design/architecture/sre_architecture.png rename to docs/source/design/architecture/sre_architecture.png diff --git a/docs/design/architecture/sre_details.md b/docs/source/design/architecture/sre_details.md similarity index 100% rename from docs/design/architecture/sre_details.md rename to docs/source/design/architecture/sre_details.md diff --git a/docs/design/index.md b/docs/source/design/index.md similarity index 100% rename from docs/design/index.md rename to docs/source/design/index.md diff --git a/docs/design/security/index.md b/docs/source/design/security/index.md similarity index 100% rename from docs/design/security/index.md rename to docs/source/design/security/index.md diff --git a/docs/design/security/objectives.md b/docs/source/design/security/objectives.md similarity index 100% rename from docs/design/security/objectives.md rename to docs/source/design/security/objectives.md diff --git a/docs/design/security/reference_configuration.md b/docs/source/design/security/reference_configuration.md similarity index 100% rename from docs/design/security/reference_configuration.md rename to docs/source/design/security/reference_configuration.md diff --git a/docs/design/security/sample_security_controls.png b/docs/source/design/security/sample_security_controls.png similarity index 100% rename from docs/design/security/sample_security_controls.png rename to docs/source/design/security/sample_security_controls.png diff --git a/docs/design/security/technical_controls.md b/docs/source/design/security/technical_controls.md similarity index 100% rename from docs/design/security/technical_controls.md rename to docs/source/design/security/technical_controls.md diff --git a/docs/index.md b/docs/source/index.md similarity index 100% rename from docs/index.md rename to docs/source/index.md diff --git a/docs/overview/index.md b/docs/source/overview/index.md similarity index 100% rename from docs/overview/index.md rename to docs/source/overview/index.md diff --git a/docs/overview/sensitivity_tiers.md b/docs/source/overview/sensitivity_tiers.md similarity index 100% rename from docs/overview/sensitivity_tiers.md rename to docs/source/overview/sensitivity_tiers.md diff --git a/docs/overview/what_is_dsh.md b/docs/source/overview/what_is_dsh.md similarity index 100% rename from docs/overview/what_is_dsh.md rename to docs/source/overview/what_is_dsh.md diff --git a/docs/overview/why_use_dsh.md b/docs/source/overview/why_use_dsh.md similarity index 100% rename from docs/overview/why_use_dsh.md rename to docs/source/overview/why_use_dsh.md diff --git a/docs/processes/data_access_controls.md b/docs/source/processes/data_access_controls.md similarity index 100% rename from docs/processes/data_access_controls.md rename to docs/source/processes/data_access_controls.md diff --git a/docs/processes/data_classification.md b/docs/source/processes/data_classification.md similarity index 100% rename from docs/processes/data_classification.md rename to docs/source/processes/data_classification.md diff --git a/docs/processes/data_egress.md b/docs/source/processes/data_egress.md similarity index 100% rename from docs/processes/data_egress.md rename to docs/source/processes/data_egress.md diff --git a/docs/processes/data_handling.md b/docs/source/processes/data_handling.md similarity index 100% rename from docs/processes/data_handling.md rename to docs/source/processes/data_handling.md diff --git a/docs/processes/data_ingress.md b/docs/source/processes/data_ingress.md similarity index 100% rename from docs/processes/data_ingress.md rename to docs/source/processes/data_ingress.md diff --git a/docs/processes/data_transfer_protocol.md b/docs/source/processes/data_transfer_protocol.md similarity index 100% rename from docs/processes/data_transfer_protocol.md rename to docs/source/processes/data_transfer_protocol.md diff --git a/docs/processes/index.md b/docs/source/processes/index.md similarity index 100% rename from docs/processes/index.md rename to docs/source/processes/index.md diff --git a/docs/processes/software_package_approval.md b/docs/source/processes/software_package_approval.md similarity index 100% rename from docs/processes/software_package_approval.md rename to docs/source/processes/software_package_approval.md diff --git a/docs/roles/data_provider_representative/azcopy_warning.png b/docs/source/roles/data_provider_representative/azcopy_warning.png similarity index 100% rename from docs/roles/data_provider_representative/azcopy_warning.png rename to docs/source/roles/data_provider_representative/azcopy_warning.png diff --git a/docs/roles/data_provider_representative/azure_storage_explorer_connect.png b/docs/source/roles/data_provider_representative/azure_storage_explorer_connect.png similarity index 100% rename from docs/roles/data_provider_representative/azure_storage_explorer_connect.png rename to docs/source/roles/data_provider_representative/azure_storage_explorer_connect.png diff --git a/docs/roles/data_provider_representative/azure_storage_explorer_container.png b/docs/source/roles/data_provider_representative/azure_storage_explorer_container.png similarity index 100% rename from docs/roles/data_provider_representative/azure_storage_explorer_container.png rename to docs/source/roles/data_provider_representative/azure_storage_explorer_container.png diff --git a/docs/roles/data_provider_representative/azure_storage_explorer_error.png b/docs/source/roles/data_provider_representative/azure_storage_explorer_error.png similarity index 100% rename from docs/roles/data_provider_representative/azure_storage_explorer_error.png rename to docs/source/roles/data_provider_representative/azure_storage_explorer_error.png diff --git a/docs/roles/data_provider_representative/index.md b/docs/source/roles/data_provider_representative/index.md similarity index 100% rename from docs/roles/data_provider_representative/index.md rename to docs/source/roles/data_provider_representative/index.md diff --git a/docs/roles/index.md b/docs/source/roles/index.md similarity index 100% rename from docs/roles/index.md rename to docs/source/roles/index.md diff --git a/docs/roles/investigator/data_egress.md b/docs/source/roles/investigator/data_egress.md similarity index 100% rename from docs/roles/investigator/data_egress.md rename to docs/source/roles/investigator/data_egress.md diff --git a/docs/roles/investigator/data_ingress.md b/docs/source/roles/investigator/data_ingress.md similarity index 100% rename from docs/roles/investigator/data_ingress.md rename to docs/source/roles/investigator/data_ingress.md diff --git a/docs/roles/investigator/index.md b/docs/source/roles/investigator/index.md similarity index 100% rename from docs/roles/investigator/index.md rename to docs/source/roles/investigator/index.md diff --git a/docs/roles/programme_manager/index.md b/docs/source/roles/programme_manager/index.md similarity index 100% rename from docs/roles/programme_manager/index.md rename to docs/source/roles/programme_manager/index.md diff --git a/docs/roles/project_manager/data_egress.md b/docs/source/roles/project_manager/data_egress.md similarity index 100% rename from docs/roles/project_manager/data_egress.md rename to docs/source/roles/project_manager/data_egress.md diff --git a/docs/roles/project_manager/data_ingress.md b/docs/source/roles/project_manager/data_ingress.md similarity index 100% rename from docs/roles/project_manager/data_ingress.md rename to docs/source/roles/project_manager/data_ingress.md diff --git a/docs/roles/project_manager/index.md b/docs/source/roles/project_manager/index.md similarity index 100% rename from docs/roles/project_manager/index.md rename to docs/source/roles/project_manager/index.md diff --git a/docs/roles/project_manager/project_lifecycle.md b/docs/source/roles/project_manager/project_lifecycle.md similarity index 100% rename from docs/roles/project_manager/project_lifecycle.md rename to docs/source/roles/project_manager/project_lifecycle.md diff --git a/docs/roles/referee/index.md b/docs/source/roles/referee/index.md similarity index 100% rename from docs/roles/referee/index.md rename to docs/source/roles/referee/index.md diff --git a/docs/roles/researcher/available_software.md b/docs/source/roles/researcher/available_software.md similarity index 100% rename from docs/roles/researcher/available_software.md rename to docs/source/roles/researcher/available_software.md diff --git a/docs/roles/researcher/index.md b/docs/source/roles/researcher/index.md similarity index 100% rename from docs/roles/researcher/index.md rename to docs/source/roles/researcher/index.md diff --git a/docs/roles/researcher/snippets/01_introduction.partial.md b/docs/source/roles/researcher/snippets/01_introduction.partial.md similarity index 100% rename from docs/roles/researcher/snippets/01_introduction.partial.md rename to docs/source/roles/researcher/snippets/01_introduction.partial.md diff --git a/docs/roles/researcher/snippets/02_account_setup.partial.md b/docs/source/roles/researcher/snippets/02_account_setup.partial.md similarity index 100% rename from docs/roles/researcher/snippets/02_account_setup.partial.md rename to docs/source/roles/researcher/snippets/02_account_setup.partial.md diff --git a/docs/roles/researcher/snippets/03_01_prerequisites.partial.md b/docs/source/roles/researcher/snippets/03_01_prerequisites.partial.md similarity index 100% rename from docs/roles/researcher/snippets/03_01_prerequisites.partial.md rename to docs/source/roles/researcher/snippets/03_01_prerequisites.partial.md diff --git a/docs/roles/researcher/snippets/03_02_srd_login.partial.md b/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md similarity index 100% rename from docs/roles/researcher/snippets/03_02_srd_login.partial.md rename to docs/source/roles/researcher/snippets/03_02_srd_login.partial.md diff --git a/docs/roles/researcher/snippets/04_using_srd.partial.md b/docs/source/roles/researcher/snippets/04_using_srd.partial.md similarity index 100% rename from docs/roles/researcher/snippets/04_using_srd.partial.md rename to docs/source/roles/researcher/snippets/04_using_srd.partial.md diff --git a/docs/roles/researcher/snippets/05_share_files.partial.md b/docs/source/roles/researcher/snippets/05_share_files.partial.md similarity index 100% rename from docs/roles/researcher/snippets/05_share_files.partial.md rename to docs/source/roles/researcher/snippets/05_share_files.partial.md diff --git a/docs/roles/researcher/snippets/06_cocalc.partial.md b/docs/source/roles/researcher/snippets/06_cocalc.partial.md similarity index 100% rename from docs/roles/researcher/snippets/06_cocalc.partial.md rename to docs/source/roles/researcher/snippets/06_cocalc.partial.md diff --git a/docs/roles/researcher/snippets/07_gitlab.partial.md b/docs/source/roles/researcher/snippets/07_gitlab.partial.md similarity index 100% rename from docs/roles/researcher/snippets/07_gitlab.partial.md rename to docs/source/roles/researcher/snippets/07_gitlab.partial.md diff --git a/docs/roles/researcher/snippets/08_codimd.partial.md b/docs/source/roles/researcher/snippets/08_codimd.partial.md similarity index 100% rename from docs/roles/researcher/snippets/08_codimd.partial.md rename to docs/source/roles/researcher/snippets/08_codimd.partial.md diff --git a/docs/roles/researcher/snippets/10_databases.partial.md b/docs/source/roles/researcher/snippets/10_databases.partial.md similarity index 100% rename from docs/roles/researcher/snippets/10_databases.partial.md rename to docs/source/roles/researcher/snippets/10_databases.partial.md diff --git a/docs/roles/researcher/snippets/11_report_bugs.partial.md b/docs/source/roles/researcher/snippets/11_report_bugs.partial.md similarity index 100% rename from docs/roles/researcher/snippets/11_report_bugs.partial.md rename to docs/source/roles/researcher/snippets/11_report_bugs.partial.md diff --git a/docs/roles/researcher/snippets/12_end_matter.partial.md b/docs/source/roles/researcher/snippets/12_end_matter.partial.md similarity index 100% rename from docs/roles/researcher/snippets/12_end_matter.partial.md rename to docs/source/roles/researcher/snippets/12_end_matter.partial.md diff --git a/docs/roles/researcher/snippets/13_MFA.partial.md b/docs/source/roles/researcher/snippets/13_MFA.partial.md similarity index 100% rename from docs/roles/researcher/snippets/13_MFA.partial.md rename to docs/source/roles/researcher/snippets/13_MFA.partial.md diff --git a/docs/roles/researcher/snippets/software_database.partial.md b/docs/source/roles/researcher/snippets/software_database.partial.md similarity index 100% rename from docs/roles/researcher/snippets/software_database.partial.md rename to docs/source/roles/researcher/snippets/software_database.partial.md diff --git a/docs/roles/researcher/snippets/software_editors.partial.md b/docs/source/roles/researcher/snippets/software_editors.partial.md similarity index 100% rename from docs/roles/researcher/snippets/software_editors.partial.md rename to docs/source/roles/researcher/snippets/software_editors.partial.md diff --git a/docs/roles/researcher/snippets/software_languages.partial.md b/docs/source/roles/researcher/snippets/software_languages.partial.md similarity index 100% rename from docs/roles/researcher/snippets/software_languages.partial.md rename to docs/source/roles/researcher/snippets/software_languages.partial.md diff --git a/docs/roles/researcher/snippets/software_other.partial.md b/docs/source/roles/researcher/snippets/software_other.partial.md similarity index 100% rename from docs/roles/researcher/snippets/software_other.partial.md rename to docs/source/roles/researcher/snippets/software_other.partial.md diff --git a/docs/roles/researcher/snippets/software_presentation.partial.md b/docs/source/roles/researcher/snippets/software_presentation.partial.md similarity index 100% rename from docs/roles/researcher/snippets/software_presentation.partial.md rename to docs/source/roles/researcher/snippets/software_presentation.partial.md diff --git a/docs/roles/researcher/user_guide.md b/docs/source/roles/researcher/user_guide.md similarity index 100% rename from docs/roles/researcher/user_guide.md rename to docs/source/roles/researcher/user_guide.md diff --git a/docs/roles/researcher/user_guide/access_desktop_applications.png b/docs/source/roles/researcher/user_guide/access_desktop_applications.png similarity index 100% rename from docs/roles/researcher/user_guide/access_desktop_applications.png rename to docs/source/roles/researcher/user_guide/access_desktop_applications.png diff --git a/docs/roles/researcher/user_guide/account_setup_captcha.png b/docs/source/roles/researcher/user_guide/account_setup_captcha.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_captcha.png rename to docs/source/roles/researcher/user_guide/account_setup_captcha.png diff --git a/docs/roles/researcher/user_guide/account_setup_forgotten_password.png b/docs/source/roles/researcher/user_guide/account_setup_forgotten_password.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_forgotten_password.png rename to docs/source/roles/researcher/user_guide/account_setup_forgotten_password.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_add_authenticator_app.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_add_authenticator_app.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_add_authenticator_app.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_add_authenticator_app.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_additional_security_verification.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_additional_security_verification.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_additional_security_verification.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_additional_security_verification.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_allow_notifications.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_allow_notifications.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_allow_notifications.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_allow_notifications.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_app_qrcode.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_app_qrcode.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_app_qrcode.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_app_qrcode.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_authenticator_app_approved.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_authenticator_app_approved.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_authenticator_app_approved.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_authenticator_app_approved.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_authenticator_app_test.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_authenticator_app_test.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_authenticator_app_test.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_authenticator_app_test.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_dashboard_phone_only.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_dashboard_phone_only.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_dashboard_phone_only.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_dashboard_phone_only.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_dashboard_two_methods.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_dashboard_two_methods.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_dashboard_two_methods.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_dashboard_two_methods.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_download_authenticator_app.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_download_authenticator_app.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_download_authenticator_app.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_download_authenticator_app.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_registered_phone.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_registered_phone.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_registered_phone.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_registered_phone.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_verified_phone.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_verified_phone.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_verified_phone.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_verified_phone.png diff --git a/docs/roles/researcher/user_guide/account_setup_mfa_verifying_phone.png b/docs/source/roles/researcher/user_guide/account_setup_mfa_verifying_phone.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_mfa_verifying_phone.png rename to docs/source/roles/researcher/user_guide/account_setup_mfa_verifying_phone.png diff --git a/docs/roles/researcher/user_guide/account_setup_more_information_required.png b/docs/source/roles/researcher/user_guide/account_setup_more_information_required.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_more_information_required.png rename to docs/source/roles/researcher/user_guide/account_setup_more_information_required.png diff --git a/docs/roles/researcher/user_guide/account_setup_new_password.png b/docs/source/roles/researcher/user_guide/account_setup_new_password.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_new_password.png rename to docs/source/roles/researcher/user_guide/account_setup_new_password.png diff --git a/docs/roles/researcher/user_guide/account_setup_new_password_sign_in.png b/docs/source/roles/researcher/user_guide/account_setup_new_password_sign_in.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_new_password_sign_in.png rename to docs/source/roles/researcher/user_guide/account_setup_new_password_sign_in.png diff --git a/docs/roles/researcher/user_guide/account_setup_verify_phone.png b/docs/source/roles/researcher/user_guide/account_setup_verify_phone.png similarity index 100% rename from docs/roles/researcher/user_guide/account_setup_verify_phone.png rename to docs/source/roles/researcher/user_guide/account_setup_verify_phone.png diff --git a/docs/roles/researcher/user_guide/cocalc_account_creation.png b/docs/source/roles/researcher/user_guide/cocalc_account_creation.png similarity index 100% rename from docs/roles/researcher/user_guide/cocalc_account_creation.png rename to docs/source/roles/researcher/user_guide/cocalc_account_creation.png diff --git a/docs/roles/researcher/user_guide/cocalc_homepage.png b/docs/source/roles/researcher/user_guide/cocalc_homepage.png similarity index 100% rename from docs/roles/researcher/user_guide/cocalc_homepage.png rename to docs/source/roles/researcher/user_guide/cocalc_homepage.png diff --git a/docs/roles/researcher/user_guide/cocalc_security_warning.png b/docs/source/roles/researcher/user_guide/cocalc_security_warning.png similarity index 100% rename from docs/roles/researcher/user_guide/cocalc_security_warning.png rename to docs/source/roles/researcher/user_guide/cocalc_security_warning.png diff --git a/docs/roles/researcher/user_guide/codimd_access_options.png b/docs/source/roles/researcher/user_guide/codimd_access_options.png similarity index 100% rename from docs/roles/researcher/user_guide/codimd_access_options.png rename to docs/source/roles/researcher/user_guide/codimd_access_options.png diff --git a/docs/roles/researcher/user_guide/codimd_logon.png b/docs/source/roles/researcher/user_guide/codimd_logon.png similarity index 100% rename from docs/roles/researcher/user_guide/codimd_logon.png rename to docs/source/roles/researcher/user_guide/codimd_logon.png diff --git a/docs/roles/researcher/user_guide/codimd_publishing.png b/docs/source/roles/researcher/user_guide/codimd_publishing.png similarity index 100% rename from docs/roles/researcher/user_guide/codimd_publishing.png rename to docs/source/roles/researcher/user_guide/codimd_publishing.png diff --git a/docs/roles/researcher/user_guide/db_azure_data_studio.png b/docs/source/roles/researcher/user_guide/db_azure_data_studio.png similarity index 100% rename from docs/roles/researcher/user_guide/db_azure_data_studio.png rename to docs/source/roles/researcher/user_guide/db_azure_data_studio.png diff --git a/docs/roles/researcher/user_guide/db_dbeaver_mssql.png b/docs/source/roles/researcher/user_guide/db_dbeaver_mssql.png similarity index 100% rename from docs/roles/researcher/user_guide/db_dbeaver_mssql.png rename to docs/source/roles/researcher/user_guide/db_dbeaver_mssql.png diff --git a/docs/roles/researcher/user_guide/db_dbeaver_postgres_connection.png b/docs/source/roles/researcher/user_guide/db_dbeaver_postgres_connection.png similarity index 100% rename from docs/roles/researcher/user_guide/db_dbeaver_postgres_connection.png rename to docs/source/roles/researcher/user_guide/db_dbeaver_postgres_connection.png diff --git a/docs/roles/researcher/user_guide/db_dbeaver_postgres_ignore.png b/docs/source/roles/researcher/user_guide/db_dbeaver_postgres_ignore.png similarity index 100% rename from docs/roles/researcher/user_guide/db_dbeaver_postgres_ignore.png rename to docs/source/roles/researcher/user_guide/db_dbeaver_postgres_ignore.png diff --git a/docs/roles/researcher/user_guide/gitlab_clone_url.png b/docs/source/roles/researcher/user_guide/gitlab_clone_url.png similarity index 100% rename from docs/roles/researcher/user_guide/gitlab_clone_url.png rename to docs/source/roles/researcher/user_guide/gitlab_clone_url.png diff --git a/docs/roles/researcher/user_guide/gitlab_merge_request_details.png b/docs/source/roles/researcher/user_guide/gitlab_merge_request_details.png similarity index 100% rename from docs/roles/researcher/user_guide/gitlab_merge_request_details.png rename to docs/source/roles/researcher/user_guide/gitlab_merge_request_details.png diff --git a/docs/roles/researcher/user_guide/gitlab_new_merge_request.png b/docs/source/roles/researcher/user_guide/gitlab_new_merge_request.png similarity index 100% rename from docs/roles/researcher/user_guide/gitlab_new_merge_request.png rename to docs/source/roles/researcher/user_guide/gitlab_new_merge_request.png diff --git a/docs/roles/researcher/user_guide/gitlab_screenshot_login.png b/docs/source/roles/researcher/user_guide/gitlab_screenshot_login.png similarity index 100% rename from docs/roles/researcher/user_guide/gitlab_screenshot_login.png rename to docs/source/roles/researcher/user_guide/gitlab_screenshot_login.png diff --git a/docs/roles/researcher/user_guide/guacamole_dashboard.png b/docs/source/roles/researcher/user_guide/guacamole_dashboard.png similarity index 100% rename from docs/roles/researcher/user_guide/guacamole_dashboard.png rename to docs/source/roles/researcher/user_guide/guacamole_dashboard.png diff --git a/docs/roles/researcher/user_guide/guacamole_mfa.png b/docs/source/roles/researcher/user_guide/guacamole_mfa.png similarity index 100% rename from docs/roles/researcher/user_guide/guacamole_mfa.png rename to docs/source/roles/researcher/user_guide/guacamole_mfa.png diff --git a/docs/roles/researcher/user_guide/logon_environment_guacamole.png b/docs/source/roles/researcher/user_guide/logon_environment_guacamole.png similarity index 100% rename from docs/roles/researcher/user_guide/logon_environment_guacamole.png rename to docs/source/roles/researcher/user_guide/logon_environment_guacamole.png diff --git a/docs/roles/researcher/user_guide/logon_environment_msrds.png b/docs/source/roles/researcher/user_guide/logon_environment_msrds.png similarity index 100% rename from docs/roles/researcher/user_guide/logon_environment_msrds.png rename to docs/source/roles/researcher/user_guide/logon_environment_msrds.png diff --git a/docs/roles/researcher/user_guide/msrds_dashboard.png b/docs/source/roles/researcher/user_guide/msrds_dashboard.png similarity index 100% rename from docs/roles/researcher/user_guide/msrds_dashboard.png rename to docs/source/roles/researcher/user_guide/msrds_dashboard.png diff --git a/docs/roles/researcher/user_guide/msrds_no_work_resources.png b/docs/source/roles/researcher/user_guide/msrds_no_work_resources.png similarity index 100% rename from docs/roles/researcher/user_guide/msrds_no_work_resources.png rename to docs/source/roles/researcher/user_guide/msrds_no_work_resources.png diff --git a/docs/roles/researcher/user_guide/msrds_srd_connection.png b/docs/source/roles/researcher/user_guide/msrds_srd_connection.png similarity index 100% rename from docs/roles/researcher/user_guide/msrds_srd_connection.png rename to docs/source/roles/researcher/user_guide/msrds_srd_connection.png diff --git a/docs/roles/researcher/user_guide/msrds_srd_connection_failure.png b/docs/source/roles/researcher/user_guide/msrds_srd_connection_failure.png similarity index 100% rename from docs/roles/researcher/user_guide/msrds_srd_connection_failure.png rename to docs/source/roles/researcher/user_guide/msrds_srd_connection_failure.png diff --git a/docs/roles/researcher/user_guide/msrds_srd_rdc_screen.png b/docs/source/roles/researcher/user_guide/msrds_srd_rdc_screen.png similarity index 100% rename from docs/roles/researcher/user_guide/msrds_srd_rdc_screen.png rename to docs/source/roles/researcher/user_guide/msrds_srd_rdc_screen.png diff --git a/docs/roles/researcher/user_guide/msrds_srd_security_fingerprint.png b/docs/source/roles/researcher/user_guide/msrds_srd_security_fingerprint.png similarity index 100% rename from docs/roles/researcher/user_guide/msrds_srd_security_fingerprint.png rename to docs/source/roles/researcher/user_guide/msrds_srd_security_fingerprint.png diff --git a/docs/roles/researcher/user_guide/msrds_unexpected_certificate_error.png b/docs/source/roles/researcher/user_guide/msrds_unexpected_certificate_error.png similarity index 100% rename from docs/roles/researcher/user_guide/msrds_unexpected_certificate_error.png rename to docs/source/roles/researcher/user_guide/msrds_unexpected_certificate_error.png diff --git a/docs/roles/researcher/user_guide/srd_login_failure.png b/docs/source/roles/researcher/user_guide/srd_login_failure.png similarity index 100% rename from docs/roles/researcher/user_guide/srd_login_failure.png rename to docs/source/roles/researcher/user_guide/srd_login_failure.png diff --git a/docs/roles/researcher/user_guide/srd_login_screen.png b/docs/source/roles/researcher/user_guide/srd_login_screen.png similarity index 100% rename from docs/roles/researcher/user_guide/srd_login_screen.png rename to docs/source/roles/researcher/user_guide/srd_login_screen.png diff --git a/docs/roles/researcher/user_guide/srd_xfce_initial.png b/docs/source/roles/researcher/user_guide/srd_xfce_initial.png similarity index 100% rename from docs/roles/researcher/user_guide/srd_xfce_initial.png rename to docs/source/roles/researcher/user_guide/srd_xfce_initial.png diff --git a/docs/roles/researcher/user_guide_guacamole.md b/docs/source/roles/researcher/user_guide_guacamole.md similarity index 100% rename from docs/roles/researcher/user_guide_guacamole.md rename to docs/source/roles/researcher/user_guide_guacamole.md diff --git a/docs/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md similarity index 100% rename from docs/roles/researcher/user_guide_msrds.md rename to docs/source/roles/researcher/user_guide_msrds.md diff --git a/docs/roles/system_manager/administrator_guide/backup_instances_blobs.png b/docs/source/roles/system_manager/administrator_guide/backup_instances_blobs.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_instances_blobs.png rename to docs/source/roles/system_manager/administrator_guide/backup_instances_blobs.png diff --git a/docs/roles/system_manager/administrator_guide/backup_instances_disks.png b/docs/source/roles/system_manager/administrator_guide/backup_instances_disks.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_instances_disks.png rename to docs/source/roles/system_manager/administrator_guide/backup_instances_disks.png diff --git a/docs/roles/system_manager/administrator_guide/backup_progress_disk_1.png b/docs/source/roles/system_manager/administrator_guide/backup_progress_disk_1.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_progress_disk_1.png rename to docs/source/roles/system_manager/administrator_guide/backup_progress_disk_1.png diff --git a/docs/roles/system_manager/administrator_guide/backup_progress_disk_2.png b/docs/source/roles/system_manager/administrator_guide/backup_progress_disk_2.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_progress_disk_2.png rename to docs/source/roles/system_manager/administrator_guide/backup_progress_disk_2.png diff --git a/docs/roles/system_manager/administrator_guide/backup_progress_disk_3.png b/docs/source/roles/system_manager/administrator_guide/backup_progress_disk_3.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_progress_disk_3.png rename to docs/source/roles/system_manager/administrator_guide/backup_progress_disk_3.png diff --git a/docs/roles/system_manager/administrator_guide/backup_restore_disk.png b/docs/source/roles/system_manager/administrator_guide/backup_restore_disk.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_restore_disk.png rename to docs/source/roles/system_manager/administrator_guide/backup_restore_disk.png diff --git a/docs/roles/system_manager/administrator_guide/backup_select_containers_validate_blobs.png b/docs/source/roles/system_manager/administrator_guide/backup_select_containers_validate_blobs.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_select_containers_validate_blobs.png rename to docs/source/roles/system_manager/administrator_guide/backup_select_containers_validate_blobs.png diff --git a/docs/roles/system_manager/administrator_guide/backup_select_restore_time_blobs.png b/docs/source/roles/system_manager/administrator_guide/backup_select_restore_time_blobs.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_select_restore_time_blobs.png rename to docs/source/roles/system_manager/administrator_guide/backup_select_restore_time_blobs.png diff --git a/docs/roles/system_manager/administrator_guide/backup_select_snapshot_validate_disks.png b/docs/source/roles/system_manager/administrator_guide/backup_select_snapshot_validate_disks.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_select_snapshot_validate_disks.png rename to docs/source/roles/system_manager/administrator_guide/backup_select_snapshot_validate_disks.png diff --git a/docs/roles/system_manager/administrator_guide/backup_swap_disk_after.png b/docs/source/roles/system_manager/administrator_guide/backup_swap_disk_after.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_swap_disk_after.png rename to docs/source/roles/system_manager/administrator_guide/backup_swap_disk_after.png diff --git a/docs/roles/system_manager/administrator_guide/backup_swap_disk_before.png b/docs/source/roles/system_manager/administrator_guide/backup_swap_disk_before.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/backup_swap_disk_before.png rename to docs/source/roles/system_manager/administrator_guide/backup_swap_disk_before.png diff --git a/docs/roles/system_manager/administrator_guide/connect_azure_storage.png b/docs/source/roles/system_manager/administrator_guide/connect_azure_storage.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/connect_azure_storage.png rename to docs/source/roles/system_manager/administrator_guide/connect_azure_storage.png diff --git a/docs/roles/system_manager/administrator_guide/internal_mirror_packages.png b/docs/source/roles/system_manager/administrator_guide/internal_mirror_packages.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/internal_mirror_packages.png rename to docs/source/roles/system_manager/administrator_guide/internal_mirror_packages.png diff --git a/docs/roles/system_manager/administrator_guide/login_certificate_expiry.png b/docs/source/roles/system_manager/administrator_guide/login_certificate_expiry.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/login_certificate_expiry.png rename to docs/source/roles/system_manager/administrator_guide/login_certificate_expiry.png diff --git a/docs/roles/system_manager/administrator_guide/login_password_login.png b/docs/source/roles/system_manager/administrator_guide/login_password_login.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/login_password_login.png rename to docs/source/roles/system_manager/administrator_guide/login_password_login.png diff --git a/docs/roles/system_manager/administrator_guide/no_recent_connections.png b/docs/source/roles/system_manager/administrator_guide/no_recent_connections.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/no_recent_connections.png rename to docs/source/roles/system_manager/administrator_guide/no_recent_connections.png diff --git a/docs/roles/system_manager/administrator_guide/password_reset_failure.png b/docs/source/roles/system_manager/administrator_guide/password_reset_failure.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/password_reset_failure.png rename to docs/source/roles/system_manager/administrator_guide/password_reset_failure.png diff --git a/docs/roles/system_manager/administrator_guide/read_only_sas_token.png b/docs/source/roles/system_manager/administrator_guide/read_only_sas_token.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/read_only_sas_token.png rename to docs/source/roles/system_manager/administrator_guide/read_only_sas_token.png diff --git a/docs/roles/system_manager/administrator_guide/srd_login_failure.png b/docs/source/roles/system_manager/administrator_guide/srd_login_failure.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/srd_login_failure.png rename to docs/source/roles/system_manager/administrator_guide/srd_login_failure.png diff --git a/docs/roles/system_manager/administrator_guide/srd_login_opening_port.png b/docs/source/roles/system_manager/administrator_guide/srd_login_opening_port.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/srd_login_opening_port.png rename to docs/source/roles/system_manager/administrator_guide/srd_login_opening_port.png diff --git a/docs/roles/system_manager/administrator_guide/srd_login_prompt.png b/docs/source/roles/system_manager/administrator_guide/srd_login_prompt.png similarity index 100% rename from docs/roles/system_manager/administrator_guide/srd_login_prompt.png rename to docs/source/roles/system_manager/administrator_guide/srd_login_prompt.png diff --git a/docs/roles/system_manager/index.md b/docs/source/roles/system_manager/index.md similarity index 100% rename from docs/roles/system_manager/index.md rename to docs/source/roles/system_manager/index.md diff --git a/docs/roles/system_manager/manage_costs.md b/docs/source/roles/system_manager/manage_costs.md similarity index 100% rename from docs/roles/system_manager/manage_costs.md rename to docs/source/roles/system_manager/manage_costs.md diff --git a/docs/roles/system_manager/manage_data.md b/docs/source/roles/system_manager/manage_data.md similarity index 100% rename from docs/roles/system_manager/manage_data.md rename to docs/source/roles/system_manager/manage_data.md diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/source/roles/system_manager/manage_deployments.md similarity index 100% rename from docs/roles/system_manager/manage_deployments.md rename to docs/source/roles/system_manager/manage_deployments.md diff --git a/docs/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md similarity index 100% rename from docs/roles/system_manager/manage_users.md rename to docs/source/roles/system_manager/manage_users.md diff --git a/docs/roles/system_manager/manage_webapps.md b/docs/source/roles/system_manager/manage_webapps.md similarity index 100% rename from docs/roles/system_manager/manage_webapps.md rename to docs/source/roles/system_manager/manage_webapps.md diff --git a/docs/roles/system_manager/migrate_an_shm.md b/docs/source/roles/system_manager/migrate_an_shm.md similarity index 100% rename from docs/roles/system_manager/migrate_an_shm.md rename to docs/source/roles/system_manager/migrate_an_shm.md diff --git a/docs/roles/system_manager/migrate_shm/aad_connection_failure.png b/docs/source/roles/system_manager/migrate_shm/aad_connection_failure.png similarity index 100% rename from docs/roles/system_manager/migrate_shm/aad_connection_failure.png rename to docs/source/roles/system_manager/migrate_shm/aad_connection_failure.png diff --git a/docs/roles/system_manager/snippets/01_console.partial.md b/docs/source/roles/system_manager/snippets/01_console.partial.md similarity index 100% rename from docs/roles/system_manager/snippets/01_console.partial.md rename to docs/source/roles/system_manager/snippets/01_console.partial.md From b08992d583043fde65207a05b06db0d9c770fe3b Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 14:28:12 +0100 Subject: [PATCH 159/289] Clean Sphinx configuration --- docs/source/conf.py | 57 +++------------------------------------------ 1 file changed, 3 insertions(+), 54 deletions(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index d1d891775a..3c3e11d22c 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -5,7 +5,6 @@ # https://www.sphinx-doc.org/en/master/usage/configuration.html import datetime import emoji -import git import os @@ -15,35 +14,10 @@ copyright = f"CC-BY-4.0 {datetime.date.today().year}, The Alan Turing Institute." author = "The Alan Turing Institute" development_branch = "develop" -earliest_supported_release = "v4.0.0" - - -# -- Git repository details -repo = git.Repo(search_parent_directories=True) -repo_name = repo.remotes.origin.url.split(".git")[0].split("/")[-1] -releases = sorted((t.name for t in repo.tags), reverse=True) -supported_versions = ( - releases[: releases.index(earliest_supported_release) + 1] - + [development_branch] -) -default_version = supported_versions[0] # Latest stable release -current_version = ( - [tag.name for tag in repo.tags if tag.commit == repo.head.commit] - + [branch.name for branch in repo.branches if branch.commit == repo.head.commit] - + [str(repo.head.commit)] -)[0] # Tag or branch name or commit ID if no name is available -current_commit_hash = repo.head.commit.hexsha -current_commit_date = repo.head.commit.authored_datetime.strftime(r"%d %b %Y") -del repo # all unpickleable objects must be deleted # -- Customisation ----------------------------------------------------------- -# Extracted repository variables -print(f"Supported versions: {supported_versions}") -print(f"Default version: {default_version}") -print(f"Current version: {current_version}") - # Construct list of emoji substitutions emoji_codes = set( [ @@ -59,25 +33,7 @@ # Set sidebar variables if "html_context" not in globals(): html_context = dict() -html_context["display_lower_left"] = True -html_context["default_version"] = default_version -html_context["current_version"] = current_version -html_context["versions"] = [ - (v, f"/{repo_name}/{v}/index.html") for v in supported_versions -] -# Downloadable PDFs -pdf_version_string = f"Version: {current_version} ({current_commit_hash})" -print(f"PDF version string: {pdf_version_string}") -html_context["downloads"] = [ - ( - "User guide (Apache Guacamole)", - f"/{repo_name}/{current_version}/pdf/data_safe_haven_user_guide_guacamole.pdf", - ), - ( - "User guide (Microsoft RDS)", - f"/{repo_name}/{current_version}/pdf/data_safe_haven_user_guide_msrds.pdf", - ), -] + # Add 'Edit on GitHub' link html_context["github_user"] = "alan-turing-institute" html_context["github_repo"] = "data-safe-haven" @@ -97,18 +53,11 @@ # Add any paths that contain templates here, relative to this directory. templates_path = ["_templates"] + # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. # This pattern also affects html_static_path and html_extra_path. -exclude_patterns = [ - "build", - "_output", - "Thumbs.db", - ".DS_Store", - "**/*.partial.md", -] - - +exclude_patterns = ["**/*.partial.md"] # -- Options for HTML output ------------------------------------------------- # The theme to use for HTML and HTML Help pages. See the documentation for From 4ccb3f02aefcb603a102f3ba87bc90ea0d1afc41 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 14:33:49 +0100 Subject: [PATCH 160/289] Update requirements --- docs/requirements.txt | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 6611eb4227..0aafa6408c 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,7 +1,4 @@ -emoji==2.2.0 -GitPython==3.1.30 -Jinja2==3.1.2 -myst-parser==0.18.1 -Pygments==2.14.0 -pydata-sphinx-theme==0.12.0 -Sphinx==5.3.0 +emoji~=2.2 +myst-parser~=1.0 +pydata-sphinx-theme~=0.13 +Sphinx~=6.2 From b0b8334ca75518540870a2204c95e2dc5ea751eb Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 14:43:24 +0100 Subject: [PATCH 161/289] Restore sidebar This seem to have broken after a theme update. --- docs/source/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index 3c3e11d22c..8643655e65 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -78,7 +78,7 @@ "image_light": "logo_turing_light.png", "image_dark": "logo_turing_dark.png", }, - "page_sidebar_items": ["edit-this-page", "sourcelink"], + "secondary_sidebar_items": ["page-toc", "edit-this-page", "sourcelink"], "use_edit_page_button": True, } From 5a6aad19df15bb3babb2265b97b7fc2f0c00f47f Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 15:00:39 +0100 Subject: [PATCH 162/289] Use default primary sidebar This results in a very similar appearance with better readthedocs integration. --- .../sidebar-section-navigation.html | 5 -- docs/source/_templates/sidebar-versions.html | 58 ------------------- docs/source/_templates/sphinx-version.html | 5 -- docs/source/conf.py | 10 ---- 4 files changed, 78 deletions(-) delete mode 100644 docs/source/_templates/sidebar-section-navigation.html delete mode 100644 docs/source/_templates/sidebar-versions.html delete mode 100644 docs/source/_templates/sphinx-version.html diff --git a/docs/source/_templates/sidebar-section-navigation.html b/docs/source/_templates/sidebar-section-navigation.html deleted file mode 100644 index 4b9cee0c3b..0000000000 --- a/docs/source/_templates/sidebar-section-navigation.html +++ /dev/null @@ -1,5 +0,0 @@ - \ No newline at end of file diff --git a/docs/source/_templates/sidebar-versions.html b/docs/source/_templates/sidebar-versions.html deleted file mode 100644 index db2a496460..0000000000 --- a/docs/source/_templates/sidebar-versions.html +++ /dev/null @@ -1,58 +0,0 @@ -{% if READTHEDOCS or display_lower_left %} -
- - - Currently reading: {{ current_version }} - - -
- {% if languages|length >= 1 %} -
-
{{ _('Languages') }}
- {% for slug, url in languages %} - {% if slug == current_language %} {% endif %} -
{{ slug }}
- {% if slug == current_language %} {% endif %} - {% endfor %} -
- {% endif %} - {% if versions|length >= 1 %} -
-
{{ _('Versions') }}
- {% for slug, url in versions %} - {% if slug == current_version %} {% endif %} -
{{ slug }}
- {% if slug == current_version %} {% endif %} - {% endfor %} -
- {% endif %} - {% if READTHEDOCS %} -
-
{{ _('On Read the Docs') }}
-
- {{ _('Project Home') }} -
-
- {{ _('Builds') }} -
-
- {% endif %} -
-
- {% if downloads|length >= 1 %} -
- - - Download PDF resources - - -
-
- {% for type, url in downloads %} -
{{ type }}
- {% endfor %} -
-
-
- {% endif %} -{% endif %} \ No newline at end of file diff --git a/docs/source/_templates/sphinx-version.html b/docs/source/_templates/sphinx-version.html deleted file mode 100644 index c03f4af166..0000000000 --- a/docs/source/_templates/sphinx-version.html +++ /dev/null @@ -1,5 +0,0 @@ -

- {% trans sphinx_version=sphinx_version|e %}Created using Sphinx {{ sphinx_version }}.{% endtrans %} - {% trans %}Hosted by GitHub Pages.{% endtrans %} -
-

diff --git a/docs/source/conf.py b/docs/source/conf.py index 8643655e65..682faacaf7 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -82,16 +82,6 @@ "use_edit_page_button": True, } -# Set the left-hand sidebars -html_sidebars = { - "**": [ - "search-field.html", - "sidebar-section-navigation.html", - ] -} -if not os.getenv("DISABLE_VERSION_LINKS"): - html_sidebars["**"] += ["sidebar-versions.html"] - # Location of favicon html_favicon = "_static/favicon.ico" From 772d89dc1d3cfcd82e18c2c649a7c6e3ea9f3c58 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 15:22:42 +0100 Subject: [PATCH 163/289] Remove unused import --- docs/source/conf.py | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index 682faacaf7..ae41b78063 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -5,7 +5,6 @@ # https://www.sphinx-doc.org/en/master/usage/configuration.html import datetime import emoji -import os # -- Project information ----------------------------------------------------- From ca53abe97908b418bfe1dfe7174877d57ca18987 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 16:18:55 +0100 Subject: [PATCH 164/289] Improve docs reproducibility with pip-compile --- .readthedocs.yaml | 2 +- docs/requirements.in | 4 ++ docs/requirements.txt | 91 +++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 92 insertions(+), 5 deletions(-) create mode 100644 docs/requirements.in diff --git a/.readthedocs.yaml b/.readthedocs.yaml index f496f7b191..d169f2a365 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -7,7 +7,7 @@ version: 2 build: os: ubuntu-22.04 tools: - python: "3" + python: "3.11" sphinx: configuration: docs/source/conf.py diff --git a/docs/requirements.in b/docs/requirements.in new file mode 100644 index 0000000000..4a4c2761c8 --- /dev/null +++ b/docs/requirements.in @@ -0,0 +1,4 @@ +emoji==2.2.0 +myst-parser==1.0.0 +pydata-sphinx-theme==0.13.3 +Sphinx==6.2.1 diff --git a/docs/requirements.txt b/docs/requirements.txt index 0aafa6408c..6b5086a770 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,4 +1,87 @@ -emoji~=2.2 -myst-parser~=1.0 -pydata-sphinx-theme~=0.13 -Sphinx~=6.2 +# +# This file is autogenerated by pip-compile with Python 3.11 +# by the following command: +# +# pip-compile requirements.in +# +accessible-pygments==0.0.4 + # via pydata-sphinx-theme +alabaster==0.7.13 + # via sphinx +babel==2.12.1 + # via + # pydata-sphinx-theme + # sphinx +beautifulsoup4==4.12.2 + # via pydata-sphinx-theme +certifi==2022.12.7 + # via requests +charset-normalizer==3.1.0 + # via requests +docutils==0.19 + # via + # myst-parser + # pydata-sphinx-theme + # sphinx +emoji==2.2.0 + # via -r requirements.in +idna==3.4 + # via requests +imagesize==1.4.1 + # via sphinx +jinja2==3.1.2 + # via + # myst-parser + # sphinx +markdown-it-py==2.2.0 + # via + # mdit-py-plugins + # myst-parser +markupsafe==2.1.2 + # via jinja2 +mdit-py-plugins==0.3.5 + # via myst-parser +mdurl==0.1.2 + # via markdown-it-py +myst-parser==1.0.0 + # via -r requirements.in +packaging==23.1 + # via + # pydata-sphinx-theme + # sphinx +pydata-sphinx-theme==0.13.3 + # via -r requirements.in +pygments==2.15.1 + # via + # accessible-pygments + # pydata-sphinx-theme + # sphinx +pyyaml==6.0 + # via myst-parser +requests==2.29.0 + # via sphinx +snowballstemmer==2.2.0 + # via sphinx +soupsieve==2.4.1 + # via beautifulsoup4 +sphinx==6.2.1 + # via + # -r requirements.in + # myst-parser + # pydata-sphinx-theme +sphinxcontrib-applehelp==1.0.4 + # via sphinx +sphinxcontrib-devhelp==1.0.2 + # via sphinx +sphinxcontrib-htmlhelp==2.0.1 + # via sphinx +sphinxcontrib-jsmath==1.0.1 + # via sphinx +sphinxcontrib-qthelp==1.0.3 + # via sphinx +sphinxcontrib-serializinghtml==1.1.5 + # via sphinx +typing-extensions==4.5.0 + # via pydata-sphinx-theme +urllib3==1.26.15 + # via requests From 1394d7d7c5325bffc9e8d3920431bd488610f0d7 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 16:25:56 +0100 Subject: [PATCH 165/289] Fix indentation --- .readthedocs.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.readthedocs.yaml b/.readthedocs.yaml index d169f2a365..c45cfa7ae0 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -10,11 +10,11 @@ build: python: "3.11" sphinx: - configuration: docs/source/conf.py + configuration: docs/source/conf.py # formats: # - pdf python: - install: - - requirements: docs/requirements.txt + install: + - requirements: docs/requirements.txt From e78560a2d00b80e22a90825f1fccc548aa430b43 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 16:29:19 +0100 Subject: [PATCH 166/289] Remove docs deployment workflow --- .github/workflows/build_docs.yaml | 77 ------------------------------- 1 file changed, 77 deletions(-) delete mode 100644 .github/workflows/build_docs.yaml diff --git a/.github/workflows/build_docs.yaml b/.github/workflows/build_docs.yaml deleted file mode 100644 index 7f6416933c..0000000000 --- a/.github/workflows/build_docs.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -name: Build documentation - -# Run workflow on pushes to matching branches -on: # yamllint disable-line rule:truthy - push: - branches: [develop, latest] - -# checkout needs 'contents:read' -# deploy needs 'contents:write' -permissions: - contents: write - -jobs: - build_docs: - runs-on: ubuntu-latest - steps: - - name: Setup Python - uses: actions/setup-python@v4 - with: - python-version: '3.10' - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 3.1.3 - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Install required packages - run: | - sudo apt-get update - sudo apt-get install -y git - pip install -r docs/build/requirements.txt - - name: Create common directories - shell: bash - run: | - echo "OUTPUTDIR=$(mktemp -d)" >> $GITHUB_ENV - - name: Build all configured releases - shell: bash - run: | - python3 ./docs/build/build_all_supported_versions.py -o ${{env.OUTPUTDIR}} - - name: Install html-proofer - shell: bash - run: gem install html-proofer - - name: Run HTML proofer - shell: bash - run: | - # - allow links to "#" - # - rewrite the base URL - # - ignore links to: - # - the data-safe-haven repo (as it is private) - # - the data-classification-app repo (as it is private) - # - turing.ac.uk (as it requires a CAPTCHA) - htmlproofer ${{env.OUTPUTDIR}}/develop \ - --allow-hash-href \ - --enforce-https \ - --ignore-files "/_static/" \ - --ignore-status-codes "403,429,503" \ - --ignore-urls "/github.com\/alan-turing-institute\/data-classification-app/,/turing.ac.uk\//" \ - --swap-urls "^\/data-safe-haven:/.." - - - name: Deploy documentation to GitHub Pages - if: ${{ !env.ACT }} - uses: JamesIves/github-pages-deploy-action@ba1486788b0490a235422264426c45848eac35c6 # This commit corresponds to tag 4.4.1 - with: - branch: autodocs # The branch the action should deploy to. - folder: ${{env.OUTPUTDIR}} # The folder the action should deploy. - git-config-name: Deployment Bot # Name of the committer - git-config-email: deploy@github.com # Email of the committer - single-commit: true # Only keep one commit on the branch - - name: Finalise build if running locally - if: ${{ env.ACT }} - shell: bash - run: | - echo "Deliberately causing job to fail so that container is kept alive..." - exit 1 From af939752c5844383650518c3a8758543daf8a020 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 28 Apr 2023 15:36:43 +0100 Subject: [PATCH 167/289] Add documentation workflow This workflow has two jobs - Build documentation - Check links in built documentation The lint html job has been removed from the lint code workflow. html-proofer now only offer limited html linting and is mainly a link checker. --- .github/workflows/documentation.yaml | 56 ++++++++++++++++++++++++++++ .github/workflows/lint_code.yaml | 26 ------------- 2 files changed, 56 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/documentation.yaml diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml new file mode 100644 index 0000000000..8b6ce74f77 --- /dev/null +++ b/.github/workflows/documentation.yaml @@ -0,0 +1,56 @@ +--- +name: Documentation + +# Run workflow on pushes to matching branches +on: # yamllint disable-line rule:truthy + push: + branches: [develop] + pull_request: + branches: [develop] + +jobs: + build: + name: Build + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./docs/ + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: 3.11 + - name: Install dependencies + run: | + pip install -r requirements.txt + - name: Sphinx build + run: | + make html + + check_links: + name: Check links + runs-on: ubuntu-latest + needs: build + defaults: + run: + working-directory: ./docs/ + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: 3.11 + - name: Install dependencies + run: | + pip install -r requirements.txt + - name: Sphinx build + run: | + make html + - name: Link Checker + uses: lycheeverse/lychee-action@v1.7.0 + with: + args: --verbose --no-progress './docs/build/html/**/*.html' + fail: true # fail on broken links diff --git a/.github/workflows/lint_code.yaml b/.github/workflows/lint_code.yaml index e553a543bb..6b5815f172 100644 --- a/.github/workflows/lint_code.yaml +++ b/.github/workflows/lint_code.yaml @@ -9,32 +9,6 @@ on: # yamllint disable-line rule:truthy branches: [develop] jobs: - lint_html: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Get tags - run: git fetch --tags origin - - name: Install requirements - shell: bash - run: | - sudo gem install html-proofer -v 4.4.1 - pip install -r docs/build/requirements.txt - - name: Generate HTML documention - shell: bash - run: | - DISABLE_VERSION_LINKS=1 make -C docs html - - name: Lint HTML - shell: bash - run: | - htmlproofer docs/_output \ - --allow-missing-href=true \ - --enforce-https=true \ - --ignore-files "/_static/" \ - --ignore-status-codes "502,503" \ - --ignore-urls "/github.com\/alan-turing-institute\/data-classification-app/,/www.turing.ac.uk/,/data-safe-haven\/edit/" - lint_json: runs-on: ubuntu-latest steps: From ee66f2f34779908d9bbf1ecbbe2cbd8530557016 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Fri, 28 Apr 2023 16:03:18 +0100 Subject: [PATCH 168/289] Add lychee configuration file --- .github/workflows/documentation.yaml | 2 +- .lychee.toml | 118 +++++++++++++++++++++++++++ 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 .lychee.toml diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml index 8b6ce74f77..3413fc8c2f 100644 --- a/.github/workflows/documentation.yaml +++ b/.github/workflows/documentation.yaml @@ -52,5 +52,5 @@ jobs: - name: Link Checker uses: lycheeverse/lychee-action@v1.7.0 with: - args: --verbose --no-progress './docs/build/html/**/*.html' + args: --config='./.lychee.toml' --verbose --no-progress './docs/build/html/**/*.html' fail: true # fail on broken links diff --git a/.lychee.toml b/.lychee.toml new file mode 100644 index 0000000000..9f7d9348a8 --- /dev/null +++ b/.lychee.toml @@ -0,0 +1,118 @@ +############################# Display ############################# + +# Verbose program output +# Accepts log level: "error", "warn", "info", "debug", "trace" +verbose = "info" + +# Don't show interactive progress bar while checking links. +no_progress = false + +# Path to summary output file. +# output = ".config.dummy.report.md" + +############################# Cache ############################### + +# Enable link caching. This can be helpful to avoid checking the same links on +# multiple runs. +cache = true + +# Discard all cached requests older than this duration. +max_cache_age = "2d" + +############################# Runtime ############################# + +# Number of threads to utilize. +# Defaults to number of cores available to the system if omitted. +threads = 2 + +# Maximum number of allowed redirects. +max_redirects = 10 + +# Maximum number of allowed retries before a link is declared dead. +max_retries = 2 + +# Maximum number of concurrent link checks. +max_concurrency = 14 + +############################# Requests ############################ + +# User agent to send with each request. +user_agent = "curl/7.83. 1" + +# Website timeout from connect to response finished. +timeout = 20 + +# Minimum wait time in seconds between retries of failed requests. +retry_wait_time = 2 + +# Comma-separated list of accepted status codes for valid links. +accept = [200, 429] + +# Proceed for server connections considered insecure (invalid TLS). +insecure = false + +# Only test links with the given schemes (e.g. https). +# Omit to check links with any scheme. +# scheme = [ "https" ] + +# When links are available using HTTPS, treat HTTP links as errors. +require_https = true + +# Request method +method = "get" + +# Custom request headers +headers = [] + +# Remap URI matching pattern to different URI. +# remap = [ "https://example.com http://example.invalid" ] + +# Base URL or website root directory to check relative URLs. +# base = "https://example.com" + +# HTTP basic auth support. This will be the username and password passed to the +# authorization HTTP header. See +# +# basic_auth = "user:pwd" + +############################# Exclusions ########################## + +# Skip missing input files (default is to error if they don't exist). +skip_missing = false + +# Check links inside `` and `
` blocks as well as Markdown code
+# blocks.
+include_verbatim = false
+
+# Ignore case of paths when matching glob patterns.
+glob_ignore_case = false
+
+# Exclude URLs and mail addresses from checking (supports regex).
+# exclude = [ '.*\.github.com\.*' ]
+exclude = [
+  'github\.com',  # Requires authentication
+  'turing.ac.uk'  # DDOS protection
+]
+
+# Exclude these filesystem paths from getting checked.
+# exclude_path = ["file/path/to/Ignore", "./other/file/path/to/Ignore"]
+
+# URLs to check (supports regex). Has preference over all excludes.
+# include = [ 'gist\.github\.com.*' ]
+
+# Exclude all private IPs from checking.
+# Equivalent to setting `exclude_private`, `exclude_link_local`, and
+# `exclude_loopback` to true.
+exclude_all_private = false
+
+# Exclude private IP address ranges from checking.
+exclude_private = false
+
+# Exclude link-local IP address range from checking.
+exclude_link_local = false
+
+# Exclude loopback IP address range and localhost from checking.
+exclude_loopback = false
+
+# Exclude all mail addresses from checking.
+exclude_mail = false

From be643937ab690f51fd03f9f07fa1c55790cc8d9c Mon Sep 17 00:00:00 2001
From: JimMadge 
Date: Mon, 1 May 2023 00:23:23 +0000
Subject: [PATCH 169/289] Update PyPI and CRAN allow lists

---
 .../package_lists/allowlist-full-python-pypi-tier3.list          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
index 8f609baa4c..c86157c4d3 100644
--- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
+++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
@@ -63,6 +63,7 @@ better-exceptions-fork
 biscuits
 black
 bleach
+blinker
 blis
 blosc
 blosc2

From 32f89435869d9fab5bc13d5d5d7503adf1ac95f4 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Tue, 2 May 2023 11:06:44 +0100
Subject: [PATCH 170/289] Add ipaddressguide.com to lychee exclude list

---
 .lychee.toml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.lychee.toml b/.lychee.toml
index 9f7d9348a8..a9dd150318 100644
--- a/.lychee.toml
+++ b/.lychee.toml
@@ -90,8 +90,9 @@ glob_ignore_case = false
 # Exclude URLs and mail addresses from checking (supports regex).
 # exclude = [ '.*\.github.com\.*' ]
 exclude = [
-  'github\.com',  # Requires authentication
-  'turing.ac.uk'  # DDOS protection
+  'github\.com',  # Requires authentication (403)
+  'turing.ac.uk',  # DDOS protection
+  'ipaddressguide\.com' # 403
 ]
 
 # Exclude these filesystem paths from getting checked.

From f5e61fe29912656e6c07bf42a7c04bcb3d4fa118 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Tue, 2 May 2023 11:19:37 +0100
Subject: [PATCH 171/289] Exclude template file from link checking

---
 .lychee.toml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.lychee.toml b/.lychee.toml
index a9dd150318..28e129ae95 100644
--- a/.lychee.toml
+++ b/.lychee.toml
@@ -17,7 +17,7 @@ no_progress = false
 cache = true
 
 # Discard all cached requests older than this duration.
-max_cache_age = "2d"
+max_cache_age = "1d"
 
 #############################  Runtime  #############################
 
@@ -97,6 +97,9 @@ exclude = [
 
 # Exclude these filesystem paths from getting checked.
 # exclude_path = ["file/path/to/Ignore", "./other/file/path/to/Ignore"]
+exclude_path = [
+  'docs/build/html/_static/webpack-macros.html'
+]
 
 # URLs to check (supports regex). Has preference over all excludes.
 # include = [ 'gist\.github\.com.*' ]

From 9964d3b558000bc216ee035badc75f11c12b213f Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Tue, 2 May 2023 11:20:22 +0100
Subject: [PATCH 172/289] Add lychee cache files to gitignore

---
 .gitignore | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index b42c59f1ca..d1e95b7d49 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,4 +33,7 @@ docs/_output
 
 # Files produced during testing
 .mustache_config.json
-expanded.yaml
\ No newline at end of file
+expanded.yaml
+
+# Lychee cache
+.lycheecache

From 6db5cfbf1ea266f202983326dc5e838b539333eb Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Tue, 2 May 2023 11:26:30 +0100
Subject: [PATCH 173/289] Add opensource.org to lychee exclude list

Returns 403 in CI.
---
 .lychee.toml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.lychee.toml b/.lychee.toml
index 28e129ae95..73893f32fe 100644
--- a/.lychee.toml
+++ b/.lychee.toml
@@ -91,8 +91,9 @@ glob_ignore_case = false
 # exclude = [ '.*\.github.com\.*' ]
 exclude = [
   'github\.com',  # Requires authentication (403)
-  'turing.ac.uk',  # DDOS protection
-  'ipaddressguide\.com' # 403
+  'turing\.ac\.uk',  # DDOS protection
+  'ipaddressguide\.com', # 403
+  'opensource\.org' # 403
 ]
 
 # Exclude these filesystem paths from getting checked.

From 6558096b4ee142b4a910edf7abc7024347674884 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 3 May 2023 13:30:32 +0100
Subject: [PATCH 174/289] Remove unnecessary period

---
 docs/source/conf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/conf.py b/docs/source/conf.py
index ae41b78063..c5c104760e 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -10,7 +10,7 @@
 # -- Project information -----------------------------------------------------
 
 project = "Data Safe Haven"
-copyright = f"CC-BY-4.0 {datetime.date.today().year}, The Alan Turing Institute."
+copyright = f"CC-BY-4.0 {datetime.date.today().year}, The Alan Turing Institute"
 author = "The Alan Turing Institute"
 development_branch = "develop"
 

From c2c1d5e7363978f4d6683283c46d59b1280fff3d Mon Sep 17 00:00:00 2001
From: JimMadge 
Date: Sun, 7 May 2023 00:16:49 +0000
Subject: [PATCH 175/289] Update PyPI and CRAN allow lists

---
 .../package_lists/allowlist-full-python-pypi-tier3.list        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
index c86157c4d3..fb72abae2a 100644
--- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
+++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
@@ -170,6 +170,7 @@ flatbuffers
 folium
 fonttools
 formulaic
+freetype-py
 frozenlist
 fsspec
 fst-pso
@@ -442,6 +443,7 @@ pyarrow
 pyasn1
 pyasn1-modules
 pybind11
+pycairo
 pycodestyle
 pycosat
 pycparser
@@ -524,6 +526,7 @@ rfc3339-validator
 rfc3986-validator
 rfc3987
 rich
+rlPyCairo
 rpds-py
 rpy2
 rsa

From c36f984cd4ec85f00bfba40b96193932dd71ab3d Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Thu, 11 May 2023 13:52:03 +0100
Subject: [PATCH 176/289] Update CITATION.cff

---
 CITATION.cff | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CITATION.cff b/CITATION.cff
index e3ee508a7f..e8ec7a6760 100644
--- a/CITATION.cff
+++ b/CITATION.cff
@@ -1,7 +1,7 @@
 cff-version: 1.2.0
 message: "To acknowledge the data safe haven please use the citation and references below."
 title: "Turing Data Safe Haven"
-url: "https://alan-turing-institute.github.io/data-safe-haven/develop/index.html"
+url: "https://data-safe-haven.readthedocs.io"
 repository-code: "https://github.com/alan-turing-institute/data-safe-haven"
 authors:
   - given-names: James

From 8b81d1a6e3232a9f0e71d4862fb321b6a6c14ea3 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Thu, 11 May 2023 13:59:53 +0100
Subject: [PATCH 177/289] Update documentation links in README

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 9090598d55..e97d4b4562 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ The **Turing Data Safe Haven** is an open-source framework for creating secure e
 It provides a set of scripts and templates that will allow you to deploy, administer and use your own secure environment.
 It was developed as part of the Alan Turing Institute's [Data Safe Havens in the Cloud](https://www.turing.ac.uk/research/research-projects/data-safe-havens-cloud) project.
 
-[![Docs](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/build_docs.yaml/badge.svg)](https://alan-turing-institute.github.io/data-safe-haven)
+[![Documentation](https://readthedocs.org/projects/data-safe-haven/badge/?version=latest)](https://data-safe-haven.readthedocs.io/en/latest/?badge=latest)
 [![Lint code](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/lint_code.yaml/badge.svg)](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/lint_code.yaml)
 [![Test code](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/test_code.yaml/badge.svg)](https://github.com/alan-turing-institute/data-safe-haven/actions/workflows/test_code.yaml)
 [![Latest version](https://img.shields.io/github/v/release/alan-turing-institute/data-safe-haven?style=flat&label=Latest&color=%234B78E6)](https://github.com/alan-turing-institute/data-safe-haven/releases)
@@ -16,7 +16,7 @@ It was developed as part of the Alan Turing Institute's [Data Safe Havens in the
 
 ## :family: Community & support
 
-- Visit the [Data Safe Haven website](https://alan-turing-institute.github.io/data-safe-haven) for full documentation and useful links.
+- Visit the [Data Safe Haven website](https://data-safe-haven.readthedocs.io) for full documentation and useful links.
 - Join our [Slack server](https://join.slack.com/t/turingdatasafehaven/shared_invite/zt-104oyd8wn-DyOufeaAQFiJDlG5dDGk~w) to ask questions, discuss features, and for general API chat.
 - Open a [discussion on GitHub](https://github.com/alan-turing-institute/data-safe-haven/discussions) for general questions, feature suggestions, and help with our deployment scripts.
 - Look through our [issues on GitHub](https://github.com/alan-turing-institute/data-safe-haven/issues) to see what we're working on and progress towards specific fixes.

From 75149a4bd1ac483c4aa7b380731b1064269a46f3 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Thu, 11 May 2023 14:05:44 +0100
Subject: [PATCH 178/289] Update documentation link in contribution guide

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 28112cca0f..ac21b0ba8c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -222,7 +222,7 @@ GitHub has a [nice introduction](https://docs.github.com/en/get-started/quicksta
 
 ### Making a change to the documentation
 
-The docs, including for older releases, are available [here](https://alan-turing-institute.github.io/data-safe-haven).
+The docs, including for older releases, are available [here](https://data-safe-haven.readthedocs.io).
 
 You should follow the same instructions as above to [make a change with a pull request](#making-a-change-with-a-pull-request) when editing the documentation.
 

From 029b6aba5df40a51229d6ecf6dafd17dc0165794 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Fri, 12 May 2023 10:08:17 +0100
Subject: [PATCH 179/289] Correct reference label

---
 docs/roles/investigator/data_ingress.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/roles/investigator/data_ingress.md b/docs/roles/investigator/data_ingress.md
index d6786c3aa6..bff92040a4 100644
--- a/docs/roles/investigator/data_ingress.md
+++ b/docs/roles/investigator/data_ingress.md
@@ -1,4 +1,4 @@
-(role_investigator_egress)=
+(role_investigator_ingress)=
 
 # Data ingress process
 

From 3ee1b8488ca97fddf868932dd055bf0c7aef15ac Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Fri, 12 May 2023 12:02:49 +0100
Subject: [PATCH 180/289] Add data preparation advice

---
 docs/processes/data_ingress.md | 71 ++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/docs/processes/data_ingress.md b/docs/processes/data_ingress.md
index 6136fff9e7..5576148af4 100644
--- a/docs/processes/data_ingress.md
+++ b/docs/processes/data_ingress.md
@@ -7,6 +7,77 @@
 The Data Safe Haven has various technical controls to ensure data security.
 However, the processes and contractual agreements that the **Dataset Provider** agrees to are equally important.
 
+## Preparing data
+
+This section has some recommendations for preparing input data for the Data Safe Haven.
+
+### Avoid archives
+
+The input data is presented to researchers on a read-only filesystem.
+This means that researchers will be unable to extract inputs in-place.
+Instead, they would have to extract to a read-write space within the environment.
+This could unnecessarily duplicate the data and leads to a greater risk of loss of integrity as the inputs can be modified (intentionally or accidentally).
+
+### Avoiding name clashes
+
+In the recommended upload process there is no protection for overwriting files.
+It is therefore important to avoid uploading files with the same pathname as the later files will replace existing files.
+
+To help avoid name clashes, if you are uploading multiple data sets you should use unique names for each data set.
+For example, if the data sets are single files, use unique file names.
+If data sets consist of multiple files, collect them in uniquely named directories.
+
+If there are multiple data providers uploading data for a single work package, each provider should use a uniquely named directory, or prepend their files with a unique name.
+
+### Describe the data
+
+Explaining the structure and format of the data will help researchers be most effective.
+It is a good idea to upload a plain text file explaining the directory structure, file format, data columns, meaning of special terms, _etc._.
+This file will be easy for researchers to read using tools inside the environment and they will be able to find it alongside the data.
+
+### Data integrity
+
+You will want to ensure that researchers have the correct data and that they can verify this.
+We recommend using [checksums](https://www.redhat.com/sysadmin/hashing-checksums) to do this.
+
+A checksum is a short string computed in a one-way process from some data.
+A small change in the data (even a single bit) will result in a different checksum.
+We can therefore use checksums to verify that data has not been changed.
+In the safe haven this is useful for verifying that the data inside the environment is complete and correct.
+It proves the data has not been modified or corrupted during transfer.
+
+We recommended considering the hashing algorithms `md5sum` and `sha256`.
+They are common algorithms built into many operating systems, and included in the Data Safe Haven.
+`md5sum` is fast and sufficient for integrity checks.
+`sha256` is slower but more secure, it better protects against malicious modification.
+
+You can generate a checksum file, which can be used to verify the integrity of files.
+If you upload this file then researchers will be able to independently verify data integrity within the environment.
+
+Here are instructions to generate a checksum file using the `md5sum` algorithm for a data set stored in a directory called `data`.
+
+```console
+$ find ./data/ -type fl -exec md5sum {} + > hashes.txt
+```
+`find` searches the `data` directory for files and symbolic links (`-type fl`).
+`find` also runs the checksum command `md5sum` on all matching files (`-exec md5sum {} +`).
+Finally, the checksums are written to a file called `hashes.txt` (`> hashes.txt`).
+
+The data can be checked, by comparing to the checksums.
+```console
+$ md5sum -c hashes.txt
+```
+
+If a file has changed the command will return a non-zero exit code (an error).
+The failing files will be listed as `: FAILED` in the output.
+Those files can be easily identified using `grep`
+
+```console
+$ md5sum -c hashes.txt | grep FAILED
+```
+
+To use the `sha256` algorithm, replace `md5sum` with `sha256` in the above commands.
+
 ## Bringing data into the environment
 
 ```{attention}

From 06f7d8dca6a2d2537479d937500f8f9c77d333a7 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Fri, 12 May 2023 13:17:24 +0100
Subject: [PATCH 181/289] Fix linting errors

---
 docs/processes/data_ingress.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/processes/data_ingress.md b/docs/processes/data_ingress.md
index 5576148af4..171453b05b 100644
--- a/docs/processes/data_ingress.md
+++ b/docs/processes/data_ingress.md
@@ -57,15 +57,17 @@ If you upload this file then researchers will be able to independently verify da
 Here are instructions to generate a checksum file using the `md5sum` algorithm for a data set stored in a directory called `data`.
 
 ```console
-$ find ./data/ -type fl -exec md5sum {} + > hashes.txt
+find ./data/ -type fl -exec md5sum {} + > hashes.txt
 ```
+
 `find` searches the `data` directory for files and symbolic links (`-type fl`).
 `find` also runs the checksum command `md5sum` on all matching files (`-exec md5sum {} +`).
 Finally, the checksums are written to a file called `hashes.txt` (`> hashes.txt`).
 
 The data can be checked, by comparing to the checksums.
+
 ```console
-$ md5sum -c hashes.txt
+md5sum -c hashes.txt
 ```
 
 If a file has changed the command will return a non-zero exit code (an error).
@@ -73,7 +75,7 @@ The failing files will be listed as `: FAILED` in the output.
 Those files can be easily identified using `grep`
 
 ```console
-$ md5sum -c hashes.txt | grep FAILED
+md5sum -c hashes.txt | grep FAILED
 ```
 
 To use the `sha256` algorithm, replace `md5sum` with `sha256` in the above commands.

From dbc4a48c1c39f5a01ad9a6bbf81c52965c0b1e24 Mon Sep 17 00:00:00 2001
From: JimMadge 
Date: Mon, 15 May 2023 00:17:56 +0000
Subject: [PATCH 182/289] Update SRD package versions

---
 .../packages/deb-rstudio-bionic.version                       | 4 ++--
 .../packages/deb-rstudio-jammy.version                        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version b/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version
index 5ec0f6ad20..e31440658d 100644
--- a/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version
+++ b/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version
@@ -1,4 +1,4 @@
-hash: d71b670e3d0f5829d3cf107bba5d4da547ddcc010f62bccf758229891f1a16a4
-version: 2023.03.0-386
+hash: 2e8030828b93751ebc02fbbd6334d62600e7ab12c46d3f087a5222583e436238
+version: 2023.03.1-446
 debfile: rstudio-|VERSION|-amd64.deb
 remote: https://download1.rstudio.org/electron/bionic/amd64/|DEBFILE|
diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version
index c6c7b44f24..ba8c54bc3b 100644
--- a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version
+++ b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version
@@ -1,4 +1,4 @@
-hash: 0a347709cd07eebd4ce0c635d87c87151e81254bbc390265a45a6c1ff438cb23
-version: 2023.03.0-386
+hash: 464038393a380321afb96793f8775852ce75f29340bd5d49a0c7ccbe77e411c0
+version: 2023.03.1-446
 debfile: rstudio-|VERSION|-amd64.deb
 remote: https://download1.rstudio.org/electron/jammy/amd64/|DEBFILE|

From 62a59c8b79aab8dd7217898d06ce252f9dad6dcd Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Mon, 15 May 2023 09:17:48 +0100
Subject: [PATCH 183/289] Remove unused javascript file

---
 docs/source/_static/toggle.js | 7 -------
 1 file changed, 7 deletions(-)
 delete mode 100644 docs/source/_static/toggle.js

diff --git a/docs/source/_static/toggle.js b/docs/source/_static/toggle.js
deleted file mode 100644
index c5b6e4fcba..0000000000
--- a/docs/source/_static/toggle.js
+++ /dev/null
@@ -1,7 +0,0 @@
-// Toggle the 'shift-up' class when rst-versions objects are clicked
-$(document).on("click", "[data-toggle='rst-versions']", function () {
-  $("[data-toggle='rst-versions']").toggleClass("shift-up");
-});
-$(document).on("click", "[data-toggle='rst-downloads']", function () {
-  $("[data-toggle='rst-downloads']").toggleClass("shift-up");
-});

From 45d4cddc09370de2424f7a7f9f12e08b9defaba5 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Mon, 15 May 2023 13:43:40 +0100
Subject: [PATCH 184/289] :memo: Fix section name

Co-authored-by: Jim Madge 
---
 docs/roles/system_manager/manage_deployments.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/roles/system_manager/manage_deployments.md b/docs/roles/system_manager/manage_deployments.md
index e731a3d4a5..e7e3c13749 100644
--- a/docs/roles/system_manager/manage_deployments.md
+++ b/docs/roles/system_manager/manage_deployments.md
@@ -6,7 +6,7 @@
 This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it.
 ```
 
-## {{alarm_clock}} SREs running for more than **90** days
+## {{alarm_clock}} Renewing SRE Domain Certificates
 
 SREs will need to periodically have their SSL certificates renewed so that the SRE URL can be accessed with HTTPS. After each 90 day period that the SRE is live, re-run the script to update the certificate.
 

From ffba25716e2be43a7d06aa872c7773edb0f45680 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Mon, 15 May 2023 13:27:56 +0000
Subject: [PATCH 185/289] Create users with no password expiry on AD

---
 .../desired_state_configuration/dc1Artifacts/CreateUsers.ps1    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/CreateUsers.ps1 b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/CreateUsers.ps1
index fff905ab1e..a99dc67335 100644
--- a/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/CreateUsers.ps1
+++ b/deployment/safe_haven_management_environment/desired_state_configuration/dc1Artifacts/CreateUsers.ps1
@@ -26,7 +26,7 @@ Import-Csv $userFilePath | ForEach-Object {
         Path                 = "$userOuPath"
         Enabled              = $True
         AccountPassword      = (ConvertTo-SecureString $Password -AsPlainText -Force)
-        PasswordNeverExpires = $False
+        PasswordNeverExpires = $True
         Mobile               = $_.Mobile
         Email                = $_.SecondaryEmail
         Country              = "GB"

From fe131118f12aa2e0c427844a150e6a05c5a07ee8 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Mon, 15 May 2023 15:09:28 +0100
Subject: [PATCH 186/289] Enable pdf and htmlzip builds

---
 .readthedocs.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index c45cfa7ae0..cc347e9fa2 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -12,8 +12,9 @@ build:
 sphinx:
   configuration: docs/source/conf.py
 
-# formats:
-#    - pdf
+formats:
+  - htmlzip
+  - pdf
 
 python:
   install:

From 567c2e9a37d5a0b29814f8e6a6a79cf42bf10416 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Mon, 15 May 2023 15:12:54 +0100
Subject: [PATCH 187/289] Update requirements

---
 docs/requirements.in  | 8 ++++----
 docs/requirements.txt | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/requirements.in b/docs/requirements.in
index 4a4c2761c8..a6230b9742 100644
--- a/docs/requirements.in
+++ b/docs/requirements.in
@@ -1,4 +1,4 @@
-emoji==2.2.0
-myst-parser==1.0.0
-pydata-sphinx-theme==0.13.3
-Sphinx==6.2.1
+emoji
+myst-parser
+pydata-sphinx-theme
+Sphinx
diff --git a/docs/requirements.txt b/docs/requirements.txt
index 6b5086a770..9fb9bed862 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -14,7 +14,7 @@ babel==2.12.1
     #   sphinx
 beautifulsoup4==4.12.2
     # via pydata-sphinx-theme
-certifi==2022.12.7
+certifi==2023.5.7
     # via requests
 charset-normalizer==3.1.0
     # via requests
@@ -58,7 +58,7 @@ pygments==2.15.1
     #   sphinx
 pyyaml==6.0
     # via myst-parser
-requests==2.29.0
+requests==2.30.0
     # via sphinx
 snowballstemmer==2.2.0
     # via sphinx
@@ -83,5 +83,5 @@ sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
 typing-extensions==4.5.0
     # via pydata-sphinx-theme
-urllib3==1.26.15
+urllib3==2.0.2
     # via requests

From 60e17b4a8d89d65e9b83e8fce15c516113dc872a Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Fri, 19 May 2023 12:46:21 +0000
Subject: [PATCH 188/289] modify location of requirements.txt

---
 .devcontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index bc5f1e4784..85ab92fd66 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -46,7 +46,7 @@ RUN groupadd --gid $USER_GID $USERNAME \
 USER $USERNAME
 
 # Install Sphinx dependencies
-COPY ./docs/build/requirements.txt /build/requirements.txt
+COPY ./docs/requirements.txt /build/requirements.txt
 RUN pip3 install -r /build/requirements.txt
 
 # Install/check needed powershell modules

From 73db45a233bf6a0978024e476dcc8832d637f36f Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Sat, 20 May 2023 09:10:13 +0100
Subject: [PATCH 189/289] :alien: Add additional Microsoft ssprdedicatedsbprod
 endpoints

---
 .../network_rules/shm-firewall-rules.json                | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
index 7817322905..5c1a6fd437 100644
--- a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
+++ b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
@@ -983,8 +983,15 @@
                             "g94-prod-sn3-010-sb.servicebus.windows.net",
                             "g95-prod-sn3-010-sb.servicebus.windows.net",
                             "passwordreset.microsoftonline.com",
+                            "ssprdedicatedsbprodeus2-1.servicebus.windows.net",
+                            "ssprdedicatedsbprodfra-1.servicebus.windows.net",
+                            "ssprdedicatedsbprodncu-2.servicebus.windows.net",
                             "ssprdedicatedsbprodncu.servicebus.windows.net",
-                            "ssprdedicatedsbprodscu.servicebus.windows.net"
+                            "ssprdedicatedsbprodneu.servicebus.windows.net",
+                            "ssprdedicatedsbprodscu-2.servicebus.windows.net",
+                            "ssprdedicatedsbprodscu.servicebus.windows.net",
+                            "ssprdedicatedsbprodsea-1.servicebus.windows.net",
+                            "ssprdedicatedsbprodweu.servicebus.windows.net"
                         ],
                         "sourceAddresses": [
                             "{{network.vnet.subnets.identity.cidr}}"

From 0cc5cbd57c44547048b389badd8ad26bbda6c642 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Sun, 21 May 2023 12:09:24 +0100
Subject: [PATCH 190/289] :alien: Add additional Microsoft sb.servicebus
 endpoints

---
 .../network_rules/shm-firewall-rules.json            | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
index 5c1a6fd437..8d4585f169 100644
--- a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
+++ b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
@@ -387,6 +387,7 @@
                             "g10-prod-ch3-007-sb.servicebus.windows.net",
                             "g10-prod-ch3-008-sb.servicebus.windows.net",
                             "g10-prod-ch3-009-sb.servicebus.windows.net",
+                            "g10-prod-ch3-010-sb.servicebus.windows.net",
                             "g10-prod-sn3-003-sb.servicebus.windows.net",
                             "g10-prod-sn3-004-sb.servicebus.windows.net",
                             "g10-prod-sn3-005-sb.servicebus.windows.net",
@@ -398,6 +399,7 @@
                             "g10-prod-sn3-012-sb.servicebus.windows.net",
                             "g10-prod-sn3-013-sb.servicebus.windows.net",
                             "g10-prod-sn3-014-sb.servicebus.windows.net",
+                            "g10-prod-sn3-015-sb.servicebus.windows.net",
                             "g10-prod-sn3-203-sb.servicebus.windows.net",
                             "g11-prod-ch3-003-sb.servicebus.windows.net",
                             "g11-prod-ch3-004-sb.servicebus.windows.net",
@@ -406,6 +408,7 @@
                             "g11-prod-ch3-007-sb.servicebus.windows.net",
                             "g11-prod-ch3-008-sb.servicebus.windows.net",
                             "g11-prod-ch3-009-sb.servicebus.windows.net",
+                            "g11-prod-ch3-010-sb.servicebus.windows.net",
                             "g11-prod-sn3-003-sb.servicebus.windows.net",
                             "g11-prod-sn3-004-sb.servicebus.windows.net",
                             "g11-prod-sn3-005-sb.servicebus.windows.net",
@@ -417,6 +420,7 @@
                             "g11-prod-sn3-012-sb.servicebus.windows.net",
                             "g11-prod-sn3-013-sb.servicebus.windows.net",
                             "g11-prod-sn3-014-sb.servicebus.windows.net",
+                            "g11-prod-sn3-015-sb.servicebus.windows.net",
                             "g11-prod-sn3-203-sb.servicebus.windows.net",
                             "g12-prod-ch3-003-sb.servicebus.windows.net",
                             "g12-prod-ch3-004-sb.servicebus.windows.net",
@@ -425,6 +429,7 @@
                             "g12-prod-ch3-007-sb.servicebus.windows.net",
                             "g12-prod-ch3-008-sb.servicebus.windows.net",
                             "g12-prod-ch3-009-sb.servicebus.windows.net",
+                            "g12-prod-ch3-010-sb.servicebus.windows.net",
                             "g12-prod-sn3-003-sb.servicebus.windows.net",
                             "g12-prod-sn3-004-sb.servicebus.windows.net",
                             "g12-prod-sn3-005-sb.servicebus.windows.net",
@@ -436,6 +441,7 @@
                             "g12-prod-sn3-012-sb.servicebus.windows.net",
                             "g12-prod-sn3-013-sb.servicebus.windows.net",
                             "g12-prod-sn3-014-sb.servicebus.windows.net",
+                            "g12-prod-sn3-015-sb.servicebus.windows.net",
                             "g12-prod-sn3-203-sb.servicebus.windows.net",
                             "g13-prod-ch3-003-sb.servicebus.windows.net",
                             "g13-prod-ch3-004-sb.servicebus.windows.net",
@@ -444,6 +450,7 @@
                             "g13-prod-ch3-007-sb.servicebus.windows.net",
                             "g13-prod-ch3-008-sb.servicebus.windows.net",
                             "g13-prod-ch3-009-sb.servicebus.windows.net",
+                            "g13-prod-ch3-010-sb.servicebus.windows.net",
                             "g13-prod-sn3-003-sb.servicebus.windows.net",
                             "g13-prod-sn3-004-sb.servicebus.windows.net",
                             "g13-prod-sn3-005-sb.servicebus.windows.net",
@@ -455,6 +462,7 @@
                             "g13-prod-sn3-012-sb.servicebus.windows.net",
                             "g13-prod-sn3-013-sb.servicebus.windows.net",
                             "g13-prod-sn3-014-sb.servicebus.windows.net",
+                            "g13-prod-sn3-015-sb.servicebus.windows.net",
                             "g13-prod-sn3-203-sb.servicebus.windows.net",
                             "g14-prod-ch3-003-sb.servicebus.windows.net",
                             "g14-prod-ch3-004-sb.servicebus.windows.net",
@@ -463,6 +471,7 @@
                             "g14-prod-ch3-007-sb.servicebus.windows.net",
                             "g14-prod-ch3-008-sb.servicebus.windows.net",
                             "g14-prod-ch3-009-sb.servicebus.windows.net",
+                            "g14-prod-ch3-010-sb.servicebus.windows.net",
                             "g14-prod-sn3-003-sb.servicebus.windows.net",
                             "g14-prod-sn3-004-sb.servicebus.windows.net",
                             "g14-prod-sn3-005-sb.servicebus.windows.net",
@@ -474,6 +483,7 @@
                             "g14-prod-sn3-012-sb.servicebus.windows.net",
                             "g14-prod-sn3-013-sb.servicebus.windows.net",
                             "g14-prod-sn3-014-sb.servicebus.windows.net",
+                            "g14-prod-sn3-015-sb.servicebus.windows.net",
                             "g14-prod-sn3-203-sb.servicebus.windows.net",
                             "g15-prod-ch3-003-sb.servicebus.windows.net",
                             "g15-prod-ch3-004-sb.servicebus.windows.net",
@@ -482,6 +492,7 @@
                             "g15-prod-ch3-007-sb.servicebus.windows.net",
                             "g15-prod-ch3-008-sb.servicebus.windows.net",
                             "g15-prod-ch3-009-sb.servicebus.windows.net",
+                            "g15-prod-ch3-010-sb.servicebus.windows.net",
                             "g15-prod-sn3-003-sb.servicebus.windows.net",
                             "g15-prod-sn3-004-sb.servicebus.windows.net",
                             "g15-prod-sn3-005-sb.servicebus.windows.net",
@@ -493,6 +504,7 @@
                             "g15-prod-sn3-012-sb.servicebus.windows.net",
                             "g15-prod-sn3-013-sb.servicebus.windows.net",
                             "g15-prod-sn3-014-sb.servicebus.windows.net",
+                            "g15-prod-sn3-015-sb.servicebus.windows.net",
                             "g15-prod-sn3-203-sb.servicebus.windows.net",
                             "g16-prod-ch3-003-sb.servicebus.windows.net",
                             "g16-prod-ch3-004-sb.servicebus.windows.net",

From 215b1044b53b29a7ad33220427b1ee988ebf5051 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Fri, 19 May 2023 12:46:21 +0000
Subject: [PATCH 191/289] modify location of requirements.txt

---
 .devcontainer/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index bc5f1e4784..85ab92fd66 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -46,7 +46,7 @@ RUN groupadd --gid $USER_GID $USERNAME \
 USER $USERNAME
 
 # Install Sphinx dependencies
-COPY ./docs/build/requirements.txt /build/requirements.txt
+COPY ./docs/requirements.txt /build/requirements.txt
 RUN pip3 install -r /build/requirements.txt
 
 # Install/check needed powershell modules

From 5aedba164eef22e0136b8f0d59d1257617ee3e13 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Mon, 22 May 2023 16:00:07 +0100
Subject: [PATCH 192/289] :wrench: Added bn3 and sg3 domains to servicebus
 allowlist

---
 .../network_rules/shm-firewall-rules.json     | 489 ++++++++++++++++++
 1 file changed, 489 insertions(+)

diff --git a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
index 8d4585f169..517da93085 100644
--- a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
+++ b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
@@ -190,6 +190,15 @@
                         ],
                         "fqdnTags": [],
                         "targetFqdns": [
+                            "g0-prod-bn3-002-sb.servicebus.windows.net",
+                            "g0-prod-bn3-004-sb.servicebus.windows.net",
+                            "g0-prod-bn3-005-sb.servicebus.windows.net",
+                            "g0-prod-bn3-007-sb.servicebus.windows.net",
+                            "g0-prod-bn3-008-sb.servicebus.windows.net",
+                            "g0-prod-bn3-009-sb.servicebus.windows.net",
+                            "g0-prod-bn3-010-sb.servicebus.windows.net",
+                            "g0-prod-bn3-011-sb.servicebus.windows.net",
+                            "g0-prod-bn3-012-sb.servicebus.windows.net",
                             "g0-prod-ch3-003-sb.servicebus.windows.net",
                             "g0-prod-ch3-004-sb.servicebus.windows.net",
                             "g0-prod-ch3-005-sb.servicebus.windows.net",
@@ -197,6 +206,17 @@
                             "g0-prod-ch3-007-sb.servicebus.windows.net",
                             "g0-prod-ch3-008-sb.servicebus.windows.net",
                             "g0-prod-ch3-009-sb.servicebus.windows.net",
+                            "g0-prod-ch3-010-sb.servicebus.windows.net",
+                            "g0-prod-sg3-001-sb.servicebus.windows.net",
+                            "g0-prod-sg3-002-sb.servicebus.windows.net",
+                            "g0-prod-sg3-003-sb.servicebus.windows.net",
+                            "g0-prod-sg3-004-sb.servicebus.windows.net",
+                            "g0-prod-sg3-005-sb.servicebus.windows.net",
+                            "g0-prod-sg3-006-sb.servicebus.windows.net",
+                            "g0-prod-sg3-007-sb.servicebus.windows.net",
+                            "g0-prod-sg3-008-sb.servicebus.windows.net",
+                            "g0-prod-sg3-009-sb.servicebus.windows.net",
+                            "g0-prod-sg3-102-sb.servicebus.windows.net",
                             "g0-prod-sn3-003-sb.servicebus.windows.net",
                             "g0-prod-sn3-004-sb.servicebus.windows.net",
                             "g0-prod-sn3-005-sb.servicebus.windows.net",
@@ -208,7 +228,17 @@
                             "g0-prod-sn3-012-sb.servicebus.windows.net",
                             "g0-prod-sn3-013-sb.servicebus.windows.net",
                             "g0-prod-sn3-014-sb.servicebus.windows.net",
+                            "g0-prod-sn3-015-sb.servicebus.windows.net",
                             "g0-prod-sn3-203-sb.servicebus.windows.net",
+                            "g1-prod-bn3-002-sb.servicebus.windows.net",
+                            "g1-prod-bn3-004-sb.servicebus.windows.net",
+                            "g1-prod-bn3-005-sb.servicebus.windows.net",
+                            "g1-prod-bn3-007-sb.servicebus.windows.net",
+                            "g1-prod-bn3-008-sb.servicebus.windows.net",
+                            "g1-prod-bn3-009-sb.servicebus.windows.net",
+                            "g1-prod-bn3-010-sb.servicebus.windows.net",
+                            "g1-prod-bn3-011-sb.servicebus.windows.net",
+                            "g1-prod-bn3-012-sb.servicebus.windows.net",
                             "g1-prod-ch3-003-sb.servicebus.windows.net",
                             "g1-prod-ch3-004-sb.servicebus.windows.net",
                             "g1-prod-ch3-005-sb.servicebus.windows.net",
@@ -216,6 +246,17 @@
                             "g1-prod-ch3-007-sb.servicebus.windows.net",
                             "g1-prod-ch3-008-sb.servicebus.windows.net",
                             "g1-prod-ch3-009-sb.servicebus.windows.net",
+                            "g1-prod-ch3-010-sb.servicebus.windows.net",
+                            "g1-prod-sg3-001-sb.servicebus.windows.net",
+                            "g1-prod-sg3-002-sb.servicebus.windows.net",
+                            "g1-prod-sg3-003-sb.servicebus.windows.net",
+                            "g1-prod-sg3-004-sb.servicebus.windows.net",
+                            "g1-prod-sg3-005-sb.servicebus.windows.net",
+                            "g1-prod-sg3-006-sb.servicebus.windows.net",
+                            "g1-prod-sg3-007-sb.servicebus.windows.net",
+                            "g1-prod-sg3-008-sb.servicebus.windows.net",
+                            "g1-prod-sg3-009-sb.servicebus.windows.net",
+                            "g1-prod-sg3-102-sb.servicebus.windows.net",
                             "g1-prod-sn3-003-sb.servicebus.windows.net",
                             "g1-prod-sn3-004-sb.servicebus.windows.net",
                             "g1-prod-sn3-005-sb.servicebus.windows.net",
@@ -227,7 +268,17 @@
                             "g1-prod-sn3-012-sb.servicebus.windows.net",
                             "g1-prod-sn3-013-sb.servicebus.windows.net",
                             "g1-prod-sn3-014-sb.servicebus.windows.net",
+                            "g1-prod-sn3-015-sb.servicebus.windows.net",
                             "g1-prod-sn3-203-sb.servicebus.windows.net",
+                            "g2-prod-bn3-002-sb.servicebus.windows.net",
+                            "g2-prod-bn3-004-sb.servicebus.windows.net",
+                            "g2-prod-bn3-005-sb.servicebus.windows.net",
+                            "g2-prod-bn3-007-sb.servicebus.windows.net",
+                            "g2-prod-bn3-008-sb.servicebus.windows.net",
+                            "g2-prod-bn3-009-sb.servicebus.windows.net",
+                            "g2-prod-bn3-010-sb.servicebus.windows.net",
+                            "g2-prod-bn3-011-sb.servicebus.windows.net",
+                            "g2-prod-bn3-012-sb.servicebus.windows.net",
                             "g2-prod-ch3-003-sb.servicebus.windows.net",
                             "g2-prod-ch3-004-sb.servicebus.windows.net",
                             "g2-prod-ch3-005-sb.servicebus.windows.net",
@@ -235,6 +286,17 @@
                             "g2-prod-ch3-007-sb.servicebus.windows.net",
                             "g2-prod-ch3-008-sb.servicebus.windows.net",
                             "g2-prod-ch3-009-sb.servicebus.windows.net",
+                            "g2-prod-ch3-010-sb.servicebus.windows.net",
+                            "g2-prod-sg3-001-sb.servicebus.windows.net",
+                            "g2-prod-sg3-002-sb.servicebus.windows.net",
+                            "g2-prod-sg3-003-sb.servicebus.windows.net",
+                            "g2-prod-sg3-004-sb.servicebus.windows.net",
+                            "g2-prod-sg3-005-sb.servicebus.windows.net",
+                            "g2-prod-sg3-006-sb.servicebus.windows.net",
+                            "g2-prod-sg3-007-sb.servicebus.windows.net",
+                            "g2-prod-sg3-008-sb.servicebus.windows.net",
+                            "g2-prod-sg3-009-sb.servicebus.windows.net",
+                            "g2-prod-sg3-102-sb.servicebus.windows.net",
                             "g2-prod-sn3-003-sb.servicebus.windows.net",
                             "g2-prod-sn3-004-sb.servicebus.windows.net",
                             "g2-prod-sn3-005-sb.servicebus.windows.net",
@@ -246,7 +308,17 @@
                             "g2-prod-sn3-012-sb.servicebus.windows.net",
                             "g2-prod-sn3-013-sb.servicebus.windows.net",
                             "g2-prod-sn3-014-sb.servicebus.windows.net",
+                            "g2-prod-sn3-015-sb.servicebus.windows.net",
                             "g2-prod-sn3-203-sb.servicebus.windows.net",
+                            "g3-prod-bn3-002-sb.servicebus.windows.net",
+                            "g3-prod-bn3-004-sb.servicebus.windows.net",
+                            "g3-prod-bn3-005-sb.servicebus.windows.net",
+                            "g3-prod-bn3-007-sb.servicebus.windows.net",
+                            "g3-prod-bn3-008-sb.servicebus.windows.net",
+                            "g3-prod-bn3-009-sb.servicebus.windows.net",
+                            "g3-prod-bn3-010-sb.servicebus.windows.net",
+                            "g3-prod-bn3-011-sb.servicebus.windows.net",
+                            "g3-prod-bn3-012-sb.servicebus.windows.net",
                             "g3-prod-ch3-003-sb.servicebus.windows.net",
                             "g3-prod-ch3-004-sb.servicebus.windows.net",
                             "g3-prod-ch3-005-sb.servicebus.windows.net",
@@ -254,6 +326,17 @@
                             "g3-prod-ch3-007-sb.servicebus.windows.net",
                             "g3-prod-ch3-008-sb.servicebus.windows.net",
                             "g3-prod-ch3-009-sb.servicebus.windows.net",
+                            "g3-prod-ch3-010-sb.servicebus.windows.net",
+                            "g3-prod-sg3-001-sb.servicebus.windows.net",
+                            "g3-prod-sg3-002-sb.servicebus.windows.net",
+                            "g3-prod-sg3-003-sb.servicebus.windows.net",
+                            "g3-prod-sg3-004-sb.servicebus.windows.net",
+                            "g3-prod-sg3-005-sb.servicebus.windows.net",
+                            "g3-prod-sg3-006-sb.servicebus.windows.net",
+                            "g3-prod-sg3-007-sb.servicebus.windows.net",
+                            "g3-prod-sg3-008-sb.servicebus.windows.net",
+                            "g3-prod-sg3-009-sb.servicebus.windows.net",
+                            "g3-prod-sg3-102-sb.servicebus.windows.net",
                             "g3-prod-sn3-003-sb.servicebus.windows.net",
                             "g3-prod-sn3-004-sb.servicebus.windows.net",
                             "g3-prod-sn3-005-sb.servicebus.windows.net",
@@ -265,7 +348,17 @@
                             "g3-prod-sn3-012-sb.servicebus.windows.net",
                             "g3-prod-sn3-013-sb.servicebus.windows.net",
                             "g3-prod-sn3-014-sb.servicebus.windows.net",
+                            "g3-prod-sn3-015-sb.servicebus.windows.net",
                             "g3-prod-sn3-203-sb.servicebus.windows.net",
+                            "g4-prod-bn3-002-sb.servicebus.windows.net",
+                            "g4-prod-bn3-004-sb.servicebus.windows.net",
+                            "g4-prod-bn3-005-sb.servicebus.windows.net",
+                            "g4-prod-bn3-007-sb.servicebus.windows.net",
+                            "g4-prod-bn3-008-sb.servicebus.windows.net",
+                            "g4-prod-bn3-009-sb.servicebus.windows.net",
+                            "g4-prod-bn3-010-sb.servicebus.windows.net",
+                            "g4-prod-bn3-011-sb.servicebus.windows.net",
+                            "g4-prod-bn3-012-sb.servicebus.windows.net",
                             "g4-prod-ch3-003-sb.servicebus.windows.net",
                             "g4-prod-ch3-004-sb.servicebus.windows.net",
                             "g4-prod-ch3-005-sb.servicebus.windows.net",
@@ -273,6 +366,17 @@
                             "g4-prod-ch3-007-sb.servicebus.windows.net",
                             "g4-prod-ch3-008-sb.servicebus.windows.net",
                             "g4-prod-ch3-009-sb.servicebus.windows.net",
+                            "g4-prod-ch3-010-sb.servicebus.windows.net",
+                            "g4-prod-sg3-001-sb.servicebus.windows.net",
+                            "g4-prod-sg3-002-sb.servicebus.windows.net",
+                            "g4-prod-sg3-003-sb.servicebus.windows.net",
+                            "g4-prod-sg3-004-sb.servicebus.windows.net",
+                            "g4-prod-sg3-005-sb.servicebus.windows.net",
+                            "g4-prod-sg3-006-sb.servicebus.windows.net",
+                            "g4-prod-sg3-007-sb.servicebus.windows.net",
+                            "g4-prod-sg3-008-sb.servicebus.windows.net",
+                            "g4-prod-sg3-009-sb.servicebus.windows.net",
+                            "g4-prod-sg3-102-sb.servicebus.windows.net",
                             "g4-prod-sn3-003-sb.servicebus.windows.net",
                             "g4-prod-sn3-004-sb.servicebus.windows.net",
                             "g4-prod-sn3-005-sb.servicebus.windows.net",
@@ -284,7 +388,17 @@
                             "g4-prod-sn3-012-sb.servicebus.windows.net",
                             "g4-prod-sn3-013-sb.servicebus.windows.net",
                             "g4-prod-sn3-014-sb.servicebus.windows.net",
+                            "g4-prod-sn3-015-sb.servicebus.windows.net",
                             "g4-prod-sn3-203-sb.servicebus.windows.net",
+                            "g5-prod-bn3-002-sb.servicebus.windows.net",
+                            "g5-prod-bn3-004-sb.servicebus.windows.net",
+                            "g5-prod-bn3-005-sb.servicebus.windows.net",
+                            "g5-prod-bn3-007-sb.servicebus.windows.net",
+                            "g5-prod-bn3-008-sb.servicebus.windows.net",
+                            "g5-prod-bn3-009-sb.servicebus.windows.net",
+                            "g5-prod-bn3-010-sb.servicebus.windows.net",
+                            "g5-prod-bn3-011-sb.servicebus.windows.net",
+                            "g5-prod-bn3-012-sb.servicebus.windows.net",
                             "g5-prod-ch3-003-sb.servicebus.windows.net",
                             "g5-prod-ch3-004-sb.servicebus.windows.net",
                             "g5-prod-ch3-005-sb.servicebus.windows.net",
@@ -292,6 +406,17 @@
                             "g5-prod-ch3-007-sb.servicebus.windows.net",
                             "g5-prod-ch3-008-sb.servicebus.windows.net",
                             "g5-prod-ch3-009-sb.servicebus.windows.net",
+                            "g5-prod-ch3-010-sb.servicebus.windows.net",
+                            "g5-prod-sg3-001-sb.servicebus.windows.net",
+                            "g5-prod-sg3-002-sb.servicebus.windows.net",
+                            "g5-prod-sg3-003-sb.servicebus.windows.net",
+                            "g5-prod-sg3-004-sb.servicebus.windows.net",
+                            "g5-prod-sg3-005-sb.servicebus.windows.net",
+                            "g5-prod-sg3-006-sb.servicebus.windows.net",
+                            "g5-prod-sg3-007-sb.servicebus.windows.net",
+                            "g5-prod-sg3-008-sb.servicebus.windows.net",
+                            "g5-prod-sg3-009-sb.servicebus.windows.net",
+                            "g5-prod-sg3-102-sb.servicebus.windows.net",
                             "g5-prod-sn3-003-sb.servicebus.windows.net",
                             "g5-prod-sn3-004-sb.servicebus.windows.net",
                             "g5-prod-sn3-005-sb.servicebus.windows.net",
@@ -303,7 +428,17 @@
                             "g5-prod-sn3-012-sb.servicebus.windows.net",
                             "g5-prod-sn3-013-sb.servicebus.windows.net",
                             "g5-prod-sn3-014-sb.servicebus.windows.net",
+                            "g5-prod-sn3-015-sb.servicebus.windows.net",
                             "g5-prod-sn3-203-sb.servicebus.windows.net",
+                            "g6-prod-bn3-002-sb.servicebus.windows.net",
+                            "g6-prod-bn3-004-sb.servicebus.windows.net",
+                            "g6-prod-bn3-005-sb.servicebus.windows.net",
+                            "g6-prod-bn3-007-sb.servicebus.windows.net",
+                            "g6-prod-bn3-008-sb.servicebus.windows.net",
+                            "g6-prod-bn3-009-sb.servicebus.windows.net",
+                            "g6-prod-bn3-010-sb.servicebus.windows.net",
+                            "g6-prod-bn3-011-sb.servicebus.windows.net",
+                            "g6-prod-bn3-012-sb.servicebus.windows.net",
                             "g6-prod-ch3-003-sb.servicebus.windows.net",
                             "g6-prod-ch3-004-sb.servicebus.windows.net",
                             "g6-prod-ch3-005-sb.servicebus.windows.net",
@@ -311,6 +446,17 @@
                             "g6-prod-ch3-007-sb.servicebus.windows.net",
                             "g6-prod-ch3-008-sb.servicebus.windows.net",
                             "g6-prod-ch3-009-sb.servicebus.windows.net",
+                            "g6-prod-ch3-010-sb.servicebus.windows.net",
+                            "g6-prod-sg3-001-sb.servicebus.windows.net",
+                            "g6-prod-sg3-002-sb.servicebus.windows.net",
+                            "g6-prod-sg3-003-sb.servicebus.windows.net",
+                            "g6-prod-sg3-004-sb.servicebus.windows.net",
+                            "g6-prod-sg3-005-sb.servicebus.windows.net",
+                            "g6-prod-sg3-006-sb.servicebus.windows.net",
+                            "g6-prod-sg3-007-sb.servicebus.windows.net",
+                            "g6-prod-sg3-008-sb.servicebus.windows.net",
+                            "g6-prod-sg3-009-sb.servicebus.windows.net",
+                            "g6-prod-sg3-102-sb.servicebus.windows.net",
                             "g6-prod-sn3-003-sb.servicebus.windows.net",
                             "g6-prod-sn3-004-sb.servicebus.windows.net",
                             "g6-prod-sn3-005-sb.servicebus.windows.net",
@@ -322,7 +468,17 @@
                             "g6-prod-sn3-012-sb.servicebus.windows.net",
                             "g6-prod-sn3-013-sb.servicebus.windows.net",
                             "g6-prod-sn3-014-sb.servicebus.windows.net",
+                            "g6-prod-sn3-015-sb.servicebus.windows.net",
                             "g6-prod-sn3-203-sb.servicebus.windows.net",
+                            "g7-prod-bn3-002-sb.servicebus.windows.net",
+                            "g7-prod-bn3-004-sb.servicebus.windows.net",
+                            "g7-prod-bn3-005-sb.servicebus.windows.net",
+                            "g7-prod-bn3-007-sb.servicebus.windows.net",
+                            "g7-prod-bn3-008-sb.servicebus.windows.net",
+                            "g7-prod-bn3-009-sb.servicebus.windows.net",
+                            "g7-prod-bn3-010-sb.servicebus.windows.net",
+                            "g7-prod-bn3-011-sb.servicebus.windows.net",
+                            "g7-prod-bn3-012-sb.servicebus.windows.net",
                             "g7-prod-ch3-003-sb.servicebus.windows.net",
                             "g7-prod-ch3-004-sb.servicebus.windows.net",
                             "g7-prod-ch3-005-sb.servicebus.windows.net",
@@ -330,6 +486,17 @@
                             "g7-prod-ch3-007-sb.servicebus.windows.net",
                             "g7-prod-ch3-008-sb.servicebus.windows.net",
                             "g7-prod-ch3-009-sb.servicebus.windows.net",
+                            "g7-prod-ch3-010-sb.servicebus.windows.net",
+                            "g7-prod-sg3-001-sb.servicebus.windows.net",
+                            "g7-prod-sg3-002-sb.servicebus.windows.net",
+                            "g7-prod-sg3-003-sb.servicebus.windows.net",
+                            "g7-prod-sg3-004-sb.servicebus.windows.net",
+                            "g7-prod-sg3-005-sb.servicebus.windows.net",
+                            "g7-prod-sg3-006-sb.servicebus.windows.net",
+                            "g7-prod-sg3-007-sb.servicebus.windows.net",
+                            "g7-prod-sg3-008-sb.servicebus.windows.net",
+                            "g7-prod-sg3-009-sb.servicebus.windows.net",
+                            "g7-prod-sg3-102-sb.servicebus.windows.net",
                             "g7-prod-sn3-003-sb.servicebus.windows.net",
                             "g7-prod-sn3-004-sb.servicebus.windows.net",
                             "g7-prod-sn3-005-sb.servicebus.windows.net",
@@ -341,7 +508,17 @@
                             "g7-prod-sn3-012-sb.servicebus.windows.net",
                             "g7-prod-sn3-013-sb.servicebus.windows.net",
                             "g7-prod-sn3-014-sb.servicebus.windows.net",
+                            "g7-prod-sn3-015-sb.servicebus.windows.net",
                             "g7-prod-sn3-203-sb.servicebus.windows.net",
+                            "g8-prod-bn3-002-sb.servicebus.windows.net",
+                            "g8-prod-bn3-004-sb.servicebus.windows.net",
+                            "g8-prod-bn3-005-sb.servicebus.windows.net",
+                            "g8-prod-bn3-007-sb.servicebus.windows.net",
+                            "g8-prod-bn3-008-sb.servicebus.windows.net",
+                            "g8-prod-bn3-009-sb.servicebus.windows.net",
+                            "g8-prod-bn3-010-sb.servicebus.windows.net",
+                            "g8-prod-bn3-011-sb.servicebus.windows.net",
+                            "g8-prod-bn3-012-sb.servicebus.windows.net",
                             "g8-prod-ch3-003-sb.servicebus.windows.net",
                             "g8-prod-ch3-004-sb.servicebus.windows.net",
                             "g8-prod-ch3-005-sb.servicebus.windows.net",
@@ -349,6 +526,17 @@
                             "g8-prod-ch3-007-sb.servicebus.windows.net",
                             "g8-prod-ch3-008-sb.servicebus.windows.net",
                             "g8-prod-ch3-009-sb.servicebus.windows.net",
+                            "g8-prod-ch3-010-sb.servicebus.windows.net",
+                            "g8-prod-sg3-001-sb.servicebus.windows.net",
+                            "g8-prod-sg3-002-sb.servicebus.windows.net",
+                            "g8-prod-sg3-003-sb.servicebus.windows.net",
+                            "g8-prod-sg3-004-sb.servicebus.windows.net",
+                            "g8-prod-sg3-005-sb.servicebus.windows.net",
+                            "g8-prod-sg3-006-sb.servicebus.windows.net",
+                            "g8-prod-sg3-007-sb.servicebus.windows.net",
+                            "g8-prod-sg3-008-sb.servicebus.windows.net",
+                            "g8-prod-sg3-009-sb.servicebus.windows.net",
+                            "g8-prod-sg3-102-sb.servicebus.windows.net",
                             "g8-prod-sn3-003-sb.servicebus.windows.net",
                             "g8-prod-sn3-004-sb.servicebus.windows.net",
                             "g8-prod-sn3-005-sb.servicebus.windows.net",
@@ -360,7 +548,17 @@
                             "g8-prod-sn3-012-sb.servicebus.windows.net",
                             "g8-prod-sn3-013-sb.servicebus.windows.net",
                             "g8-prod-sn3-014-sb.servicebus.windows.net",
+                            "g8-prod-sn3-015-sb.servicebus.windows.net",
                             "g8-prod-sn3-203-sb.servicebus.windows.net",
+                            "g9-prod-bn3-002-sb.servicebus.windows.net",
+                            "g9-prod-bn3-004-sb.servicebus.windows.net",
+                            "g9-prod-bn3-005-sb.servicebus.windows.net",
+                            "g9-prod-bn3-007-sb.servicebus.windows.net",
+                            "g9-prod-bn3-008-sb.servicebus.windows.net",
+                            "g9-prod-bn3-009-sb.servicebus.windows.net",
+                            "g9-prod-bn3-010-sb.servicebus.windows.net",
+                            "g9-prod-bn3-011-sb.servicebus.windows.net",
+                            "g9-prod-bn3-012-sb.servicebus.windows.net",
                             "g9-prod-ch3-003-sb.servicebus.windows.net",
                             "g9-prod-ch3-004-sb.servicebus.windows.net",
                             "g9-prod-ch3-005-sb.servicebus.windows.net",
@@ -368,6 +566,17 @@
                             "g9-prod-ch3-007-sb.servicebus.windows.net",
                             "g9-prod-ch3-008-sb.servicebus.windows.net",
                             "g9-prod-ch3-009-sb.servicebus.windows.net",
+                            "g9-prod-ch3-010-sb.servicebus.windows.net",
+                            "g9-prod-sg3-001-sb.servicebus.windows.net",
+                            "g9-prod-sg3-002-sb.servicebus.windows.net",
+                            "g9-prod-sg3-003-sb.servicebus.windows.net",
+                            "g9-prod-sg3-004-sb.servicebus.windows.net",
+                            "g9-prod-sg3-005-sb.servicebus.windows.net",
+                            "g9-prod-sg3-006-sb.servicebus.windows.net",
+                            "g9-prod-sg3-007-sb.servicebus.windows.net",
+                            "g9-prod-sg3-008-sb.servicebus.windows.net",
+                            "g9-prod-sg3-009-sb.servicebus.windows.net",
+                            "g9-prod-sg3-102-sb.servicebus.windows.net",
                             "g9-prod-sn3-003-sb.servicebus.windows.net",
                             "g9-prod-sn3-004-sb.servicebus.windows.net",
                             "g9-prod-sn3-005-sb.servicebus.windows.net",
@@ -379,7 +588,16 @@
                             "g9-prod-sn3-012-sb.servicebus.windows.net",
                             "g9-prod-sn3-013-sb.servicebus.windows.net",
                             "g9-prod-sn3-014-sb.servicebus.windows.net",
+                            "g9-prod-sn3-015-sb.servicebus.windows.net",
                             "g9-prod-sn3-203-sb.servicebus.windows.net",
+                            "g10-prod-bn3-002-sb.servicebus.windows.net",
+                            "g10-prod-bn3-004-sb.servicebus.windows.net",
+                            "g10-prod-bn3-005-sb.servicebus.windows.net",
+                            "g10-prod-bn3-007-sb.servicebus.windows.net",
+                            "g10-prod-bn3-008-sb.servicebus.windows.net",
+                            "g10-prod-bn3-009-sb.servicebus.windows.net",
+                            "g10-prod-bn3-010-sb.servicebus.windows.net",
+                            "g10-prod-bn3-012-sb.servicebus.windows.net",
                             "g10-prod-ch3-003-sb.servicebus.windows.net",
                             "g10-prod-ch3-004-sb.servicebus.windows.net",
                             "g10-prod-ch3-005-sb.servicebus.windows.net",
@@ -388,6 +606,15 @@
                             "g10-prod-ch3-008-sb.servicebus.windows.net",
                             "g10-prod-ch3-009-sb.servicebus.windows.net",
                             "g10-prod-ch3-010-sb.servicebus.windows.net",
+                            "g10-prod-sg3-001-sb.servicebus.windows.net",
+                            "g10-prod-sg3-002-sb.servicebus.windows.net",
+                            "g10-prod-sg3-003-sb.servicebus.windows.net",
+                            "g10-prod-sg3-004-sb.servicebus.windows.net",
+                            "g10-prod-sg3-005-sb.servicebus.windows.net",
+                            "g10-prod-sg3-007-sb.servicebus.windows.net",
+                            "g10-prod-sg3-008-sb.servicebus.windows.net",
+                            "g10-prod-sg3-009-sb.servicebus.windows.net",
+                            "g10-prod-sg3-102-sb.servicebus.windows.net",
                             "g10-prod-sn3-003-sb.servicebus.windows.net",
                             "g10-prod-sn3-004-sb.servicebus.windows.net",
                             "g10-prod-sn3-005-sb.servicebus.windows.net",
@@ -401,6 +628,14 @@
                             "g10-prod-sn3-014-sb.servicebus.windows.net",
                             "g10-prod-sn3-015-sb.servicebus.windows.net",
                             "g10-prod-sn3-203-sb.servicebus.windows.net",
+                            "g11-prod-bn3-002-sb.servicebus.windows.net",
+                            "g11-prod-bn3-004-sb.servicebus.windows.net",
+                            "g11-prod-bn3-005-sb.servicebus.windows.net",
+                            "g11-prod-bn3-007-sb.servicebus.windows.net",
+                            "g11-prod-bn3-008-sb.servicebus.windows.net",
+                            "g11-prod-bn3-009-sb.servicebus.windows.net",
+                            "g11-prod-bn3-010-sb.servicebus.windows.net",
+                            "g11-prod-bn3-012-sb.servicebus.windows.net",
                             "g11-prod-ch3-003-sb.servicebus.windows.net",
                             "g11-prod-ch3-004-sb.servicebus.windows.net",
                             "g11-prod-ch3-005-sb.servicebus.windows.net",
@@ -409,6 +644,15 @@
                             "g11-prod-ch3-008-sb.servicebus.windows.net",
                             "g11-prod-ch3-009-sb.servicebus.windows.net",
                             "g11-prod-ch3-010-sb.servicebus.windows.net",
+                            "g11-prod-sg3-001-sb.servicebus.windows.net",
+                            "g11-prod-sg3-002-sb.servicebus.windows.net",
+                            "g11-prod-sg3-003-sb.servicebus.windows.net",
+                            "g11-prod-sg3-004-sb.servicebus.windows.net",
+                            "g11-prod-sg3-005-sb.servicebus.windows.net",
+                            "g11-prod-sg3-007-sb.servicebus.windows.net",
+                            "g11-prod-sg3-008-sb.servicebus.windows.net",
+                            "g11-prod-sg3-009-sb.servicebus.windows.net",
+                            "g11-prod-sg3-102-sb.servicebus.windows.net",
                             "g11-prod-sn3-003-sb.servicebus.windows.net",
                             "g11-prod-sn3-004-sb.servicebus.windows.net",
                             "g11-prod-sn3-005-sb.servicebus.windows.net",
@@ -422,6 +666,12 @@
                             "g11-prod-sn3-014-sb.servicebus.windows.net",
                             "g11-prod-sn3-015-sb.servicebus.windows.net",
                             "g11-prod-sn3-203-sb.servicebus.windows.net",
+                            "g12-prod-bn3-005-sb.servicebus.windows.net",
+                            "g12-prod-bn3-007-sb.servicebus.windows.net",
+                            "g12-prod-bn3-008-sb.servicebus.windows.net",
+                            "g12-prod-bn3-009-sb.servicebus.windows.net",
+                            "g12-prod-bn3-010-sb.servicebus.windows.net",
+                            "g12-prod-bn3-012-sb.servicebus.windows.net",
                             "g12-prod-ch3-003-sb.servicebus.windows.net",
                             "g12-prod-ch3-004-sb.servicebus.windows.net",
                             "g12-prod-ch3-005-sb.servicebus.windows.net",
@@ -430,6 +680,15 @@
                             "g12-prod-ch3-008-sb.servicebus.windows.net",
                             "g12-prod-ch3-009-sb.servicebus.windows.net",
                             "g12-prod-ch3-010-sb.servicebus.windows.net",
+                            "g12-prod-sg3-001-sb.servicebus.windows.net",
+                            "g12-prod-sg3-002-sb.servicebus.windows.net",
+                            "g12-prod-sg3-003-sb.servicebus.windows.net",
+                            "g12-prod-sg3-004-sb.servicebus.windows.net",
+                            "g12-prod-sg3-005-sb.servicebus.windows.net",
+                            "g12-prod-sg3-007-sb.servicebus.windows.net",
+                            "g12-prod-sg3-008-sb.servicebus.windows.net",
+                            "g12-prod-sg3-009-sb.servicebus.windows.net",
+                            "g12-prod-sg3-102-sb.servicebus.windows.net",
                             "g12-prod-sn3-003-sb.servicebus.windows.net",
                             "g12-prod-sn3-004-sb.servicebus.windows.net",
                             "g12-prod-sn3-005-sb.servicebus.windows.net",
@@ -443,6 +702,12 @@
                             "g12-prod-sn3-014-sb.servicebus.windows.net",
                             "g12-prod-sn3-015-sb.servicebus.windows.net",
                             "g12-prod-sn3-203-sb.servicebus.windows.net",
+                            "g13-prod-bn3-005-sb.servicebus.windows.net",
+                            "g13-prod-bn3-007-sb.servicebus.windows.net",
+                            "g13-prod-bn3-008-sb.servicebus.windows.net",
+                            "g13-prod-bn3-009-sb.servicebus.windows.net",
+                            "g13-prod-bn3-010-sb.servicebus.windows.net",
+                            "g13-prod-bn3-012-sb.servicebus.windows.net",
                             "g13-prod-ch3-003-sb.servicebus.windows.net",
                             "g13-prod-ch3-004-sb.servicebus.windows.net",
                             "g13-prod-ch3-005-sb.servicebus.windows.net",
@@ -451,6 +716,15 @@
                             "g13-prod-ch3-008-sb.servicebus.windows.net",
                             "g13-prod-ch3-009-sb.servicebus.windows.net",
                             "g13-prod-ch3-010-sb.servicebus.windows.net",
+                            "g13-prod-sg3-001-sb.servicebus.windows.net",
+                            "g13-prod-sg3-002-sb.servicebus.windows.net",
+                            "g13-prod-sg3-003-sb.servicebus.windows.net",
+                            "g13-prod-sg3-004-sb.servicebus.windows.net",
+                            "g13-prod-sg3-005-sb.servicebus.windows.net",
+                            "g13-prod-sg3-007-sb.servicebus.windows.net",
+                            "g13-prod-sg3-008-sb.servicebus.windows.net",
+                            "g13-prod-sg3-009-sb.servicebus.windows.net",
+                            "g13-prod-sg3-102-sb.servicebus.windows.net",
                             "g13-prod-sn3-003-sb.servicebus.windows.net",
                             "g13-prod-sn3-004-sb.servicebus.windows.net",
                             "g13-prod-sn3-005-sb.servicebus.windows.net",
@@ -464,6 +738,12 @@
                             "g13-prod-sn3-014-sb.servicebus.windows.net",
                             "g13-prod-sn3-015-sb.servicebus.windows.net",
                             "g13-prod-sn3-203-sb.servicebus.windows.net",
+                            "g14-prod-bn3-005-sb.servicebus.windows.net",
+                            "g14-prod-bn3-007-sb.servicebus.windows.net",
+                            "g14-prod-bn3-008-sb.servicebus.windows.net",
+                            "g14-prod-bn3-009-sb.servicebus.windows.net",
+                            "g14-prod-bn3-010-sb.servicebus.windows.net",
+                            "g14-prod-bn3-012-sb.servicebus.windows.net",
                             "g14-prod-ch3-003-sb.servicebus.windows.net",
                             "g14-prod-ch3-004-sb.servicebus.windows.net",
                             "g14-prod-ch3-005-sb.servicebus.windows.net",
@@ -472,6 +752,15 @@
                             "g14-prod-ch3-008-sb.servicebus.windows.net",
                             "g14-prod-ch3-009-sb.servicebus.windows.net",
                             "g14-prod-ch3-010-sb.servicebus.windows.net",
+                            "g14-prod-sg3-001-sb.servicebus.windows.net",
+                            "g14-prod-sg3-002-sb.servicebus.windows.net",
+                            "g14-prod-sg3-003-sb.servicebus.windows.net",
+                            "g14-prod-sg3-004-sb.servicebus.windows.net",
+                            "g14-prod-sg3-005-sb.servicebus.windows.net",
+                            "g14-prod-sg3-007-sb.servicebus.windows.net",
+                            "g14-prod-sg3-008-sb.servicebus.windows.net",
+                            "g14-prod-sg3-009-sb.servicebus.windows.net",
+                            "g14-prod-sg3-102-sb.servicebus.windows.net",
                             "g14-prod-sn3-003-sb.servicebus.windows.net",
                             "g14-prod-sn3-004-sb.servicebus.windows.net",
                             "g14-prod-sn3-005-sb.servicebus.windows.net",
@@ -485,6 +774,12 @@
                             "g14-prod-sn3-014-sb.servicebus.windows.net",
                             "g14-prod-sn3-015-sb.servicebus.windows.net",
                             "g14-prod-sn3-203-sb.servicebus.windows.net",
+                            "g15-prod-bn3-005-sb.servicebus.windows.net",
+                            "g15-prod-bn3-007-sb.servicebus.windows.net",
+                            "g15-prod-bn3-008-sb.servicebus.windows.net",
+                            "g15-prod-bn3-009-sb.servicebus.windows.net",
+                            "g15-prod-bn3-010-sb.servicebus.windows.net",
+                            "g15-prod-bn3-012-sb.servicebus.windows.net",
                             "g15-prod-ch3-003-sb.servicebus.windows.net",
                             "g15-prod-ch3-004-sb.servicebus.windows.net",
                             "g15-prod-ch3-005-sb.servicebus.windows.net",
@@ -493,6 +788,15 @@
                             "g15-prod-ch3-008-sb.servicebus.windows.net",
                             "g15-prod-ch3-009-sb.servicebus.windows.net",
                             "g15-prod-ch3-010-sb.servicebus.windows.net",
+                            "g15-prod-sg3-001-sb.servicebus.windows.net",
+                            "g15-prod-sg3-002-sb.servicebus.windows.net",
+                            "g15-prod-sg3-003-sb.servicebus.windows.net",
+                            "g15-prod-sg3-004-sb.servicebus.windows.net",
+                            "g15-prod-sg3-005-sb.servicebus.windows.net",
+                            "g15-prod-sg3-007-sb.servicebus.windows.net",
+                            "g15-prod-sg3-008-sb.servicebus.windows.net",
+                            "g15-prod-sg3-009-sb.servicebus.windows.net",
+                            "g15-prod-sg3-102-sb.servicebus.windows.net",
                             "g15-prod-sn3-003-sb.servicebus.windows.net",
                             "g15-prod-sn3-004-sb.servicebus.windows.net",
                             "g15-prod-sn3-005-sb.servicebus.windows.net",
@@ -506,10 +810,16 @@
                             "g15-prod-sn3-014-sb.servicebus.windows.net",
                             "g15-prod-sn3-015-sb.servicebus.windows.net",
                             "g15-prod-sn3-203-sb.servicebus.windows.net",
+                            "g16-prod-bn3-005-sb.servicebus.windows.net",
+                            "g16-prod-bn3-007-sb.servicebus.windows.net",
+                            "g16-prod-bn3-008-sb.servicebus.windows.net",
                             "g16-prod-ch3-003-sb.servicebus.windows.net",
                             "g16-prod-ch3-004-sb.servicebus.windows.net",
                             "g16-prod-ch3-006-sb.servicebus.windows.net",
                             "g16-prod-ch3-007-sb.servicebus.windows.net",
+                            "g16-prod-sg3-001-sb.servicebus.windows.net",
+                            "g16-prod-sg3-002-sb.servicebus.windows.net",
+                            "g16-prod-sg3-003-sb.servicebus.windows.net",
                             "g16-prod-sn3-003-sb.servicebus.windows.net",
                             "g16-prod-sn3-004-sb.servicebus.windows.net",
                             "g16-prod-sn3-005-sb.servicebus.windows.net",
@@ -518,10 +828,16 @@
                             "g16-prod-sn3-010-sb.servicebus.windows.net",
                             "g16-prod-sn3-011-sb.servicebus.windows.net",
                             "g16-prod-sn3-012-sb.servicebus.windows.net",
+                            "g17-prod-bn3-005-sb.servicebus.windows.net",
+                            "g17-prod-bn3-007-sb.servicebus.windows.net",
+                            "g17-prod-bn3-008-sb.servicebus.windows.net",
                             "g17-prod-ch3-003-sb.servicebus.windows.net",
                             "g17-prod-ch3-004-sb.servicebus.windows.net",
                             "g17-prod-ch3-006-sb.servicebus.windows.net",
                             "g17-prod-ch3-007-sb.servicebus.windows.net",
+                            "g17-prod-sg3-001-sb.servicebus.windows.net",
+                            "g17-prod-sg3-002-sb.servicebus.windows.net",
+                            "g17-prod-sg3-003-sb.servicebus.windows.net",
                             "g17-prod-sn3-003-sb.servicebus.windows.net",
                             "g17-prod-sn3-004-sb.servicebus.windows.net",
                             "g17-prod-sn3-005-sb.servicebus.windows.net",
@@ -530,10 +846,16 @@
                             "g17-prod-sn3-010-sb.servicebus.windows.net",
                             "g17-prod-sn3-011-sb.servicebus.windows.net",
                             "g17-prod-sn3-012-sb.servicebus.windows.net",
+                            "g18-prod-bn3-005-sb.servicebus.windows.net",
+                            "g18-prod-bn3-007-sb.servicebus.windows.net",
+                            "g18-prod-bn3-008-sb.servicebus.windows.net",
                             "g18-prod-ch3-003-sb.servicebus.windows.net",
                             "g18-prod-ch3-004-sb.servicebus.windows.net",
                             "g18-prod-ch3-006-sb.servicebus.windows.net",
                             "g18-prod-ch3-007-sb.servicebus.windows.net",
+                            "g18-prod-sg3-001-sb.servicebus.windows.net",
+                            "g18-prod-sg3-002-sb.servicebus.windows.net",
+                            "g18-prod-sg3-003-sb.servicebus.windows.net",
                             "g18-prod-sn3-003-sb.servicebus.windows.net",
                             "g18-prod-sn3-004-sb.servicebus.windows.net",
                             "g18-prod-sn3-005-sb.servicebus.windows.net",
@@ -542,10 +864,16 @@
                             "g18-prod-sn3-010-sb.servicebus.windows.net",
                             "g18-prod-sn3-011-sb.servicebus.windows.net",
                             "g18-prod-sn3-012-sb.servicebus.windows.net",
+                            "g19-prod-bn3-005-sb.servicebus.windows.net",
+                            "g19-prod-bn3-007-sb.servicebus.windows.net",
+                            "g19-prod-bn3-008-sb.servicebus.windows.net",
                             "g19-prod-ch3-003-sb.servicebus.windows.net",
                             "g19-prod-ch3-004-sb.servicebus.windows.net",
                             "g19-prod-ch3-006-sb.servicebus.windows.net",
                             "g19-prod-ch3-007-sb.servicebus.windows.net",
+                            "g19-prod-sg3-001-sb.servicebus.windows.net",
+                            "g19-prod-sg3-002-sb.servicebus.windows.net",
+                            "g19-prod-sg3-003-sb.servicebus.windows.net",
                             "g19-prod-sn3-003-sb.servicebus.windows.net",
                             "g19-prod-sn3-004-sb.servicebus.windows.net",
                             "g19-prod-sn3-005-sb.servicebus.windows.net",
@@ -554,10 +882,16 @@
                             "g19-prod-sn3-010-sb.servicebus.windows.net",
                             "g19-prod-sn3-011-sb.servicebus.windows.net",
                             "g19-prod-sn3-012-sb.servicebus.windows.net",
+                            "g20-prod-bn3-005-sb.servicebus.windows.net",
+                            "g20-prod-bn3-007-sb.servicebus.windows.net",
+                            "g20-prod-bn3-008-sb.servicebus.windows.net",
                             "g20-prod-ch3-003-sb.servicebus.windows.net",
                             "g20-prod-ch3-004-sb.servicebus.windows.net",
                             "g20-prod-ch3-006-sb.servicebus.windows.net",
                             "g20-prod-ch3-007-sb.servicebus.windows.net",
+                            "g20-prod-sg3-001-sb.servicebus.windows.net",
+                            "g20-prod-sg3-002-sb.servicebus.windows.net",
+                            "g20-prod-sg3-003-sb.servicebus.windows.net",
                             "g20-prod-sn3-003-sb.servicebus.windows.net",
                             "g20-prod-sn3-004-sb.servicebus.windows.net",
                             "g20-prod-sn3-005-sb.servicebus.windows.net",
@@ -566,10 +900,16 @@
                             "g20-prod-sn3-010-sb.servicebus.windows.net",
                             "g20-prod-sn3-011-sb.servicebus.windows.net",
                             "g20-prod-sn3-012-sb.servicebus.windows.net",
+                            "g21-prod-bn3-005-sb.servicebus.windows.net",
+                            "g21-prod-bn3-007-sb.servicebus.windows.net",
+                            "g21-prod-bn3-008-sb.servicebus.windows.net",
                             "g21-prod-ch3-003-sb.servicebus.windows.net",
                             "g21-prod-ch3-004-sb.servicebus.windows.net",
                             "g21-prod-ch3-006-sb.servicebus.windows.net",
                             "g21-prod-ch3-007-sb.servicebus.windows.net",
+                            "g21-prod-sg3-001-sb.servicebus.windows.net",
+                            "g21-prod-sg3-002-sb.servicebus.windows.net",
+                            "g21-prod-sg3-003-sb.servicebus.windows.net",
                             "g21-prod-sn3-003-sb.servicebus.windows.net",
                             "g21-prod-sn3-004-sb.servicebus.windows.net",
                             "g21-prod-sn3-005-sb.servicebus.windows.net",
@@ -578,10 +918,16 @@
                             "g21-prod-sn3-010-sb.servicebus.windows.net",
                             "g21-prod-sn3-011-sb.servicebus.windows.net",
                             "g21-prod-sn3-012-sb.servicebus.windows.net",
+                            "g22-prod-bn3-005-sb.servicebus.windows.net",
+                            "g22-prod-bn3-007-sb.servicebus.windows.net",
+                            "g22-prod-bn3-008-sb.servicebus.windows.net",
                             "g22-prod-ch3-003-sb.servicebus.windows.net",
                             "g22-prod-ch3-004-sb.servicebus.windows.net",
                             "g22-prod-ch3-006-sb.servicebus.windows.net",
                             "g22-prod-ch3-007-sb.servicebus.windows.net",
+                            "g22-prod-sg3-001-sb.servicebus.windows.net",
+                            "g22-prod-sg3-002-sb.servicebus.windows.net",
+                            "g22-prod-sg3-003-sb.servicebus.windows.net",
                             "g22-prod-sn3-003-sb.servicebus.windows.net",
                             "g22-prod-sn3-004-sb.servicebus.windows.net",
                             "g22-prod-sn3-005-sb.servicebus.windows.net",
@@ -590,10 +936,16 @@
                             "g22-prod-sn3-010-sb.servicebus.windows.net",
                             "g22-prod-sn3-011-sb.servicebus.windows.net",
                             "g22-prod-sn3-012-sb.servicebus.windows.net",
+                            "g23-prod-bn3-005-sb.servicebus.windows.net",
+                            "g23-prod-bn3-007-sb.servicebus.windows.net",
+                            "g23-prod-bn3-008-sb.servicebus.windows.net",
                             "g23-prod-ch3-003-sb.servicebus.windows.net",
                             "g23-prod-ch3-004-sb.servicebus.windows.net",
                             "g23-prod-ch3-006-sb.servicebus.windows.net",
                             "g23-prod-ch3-007-sb.servicebus.windows.net",
+                            "g23-prod-sg3-001-sb.servicebus.windows.net",
+                            "g23-prod-sg3-002-sb.servicebus.windows.net",
+                            "g23-prod-sg3-003-sb.servicebus.windows.net",
                             "g23-prod-sn3-003-sb.servicebus.windows.net",
                             "g23-prod-sn3-004-sb.servicebus.windows.net",
                             "g23-prod-sn3-005-sb.servicebus.windows.net",
@@ -602,10 +954,16 @@
                             "g23-prod-sn3-010-sb.servicebus.windows.net",
                             "g23-prod-sn3-011-sb.servicebus.windows.net",
                             "g23-prod-sn3-012-sb.servicebus.windows.net",
+                            "g24-prod-bn3-005-sb.servicebus.windows.net",
+                            "g24-prod-bn3-007-sb.servicebus.windows.net",
+                            "g24-prod-bn3-008-sb.servicebus.windows.net",
                             "g24-prod-ch3-003-sb.servicebus.windows.net",
                             "g24-prod-ch3-004-sb.servicebus.windows.net",
                             "g24-prod-ch3-006-sb.servicebus.windows.net",
                             "g24-prod-ch3-007-sb.servicebus.windows.net",
+                            "g24-prod-sg3-001-sb.servicebus.windows.net",
+                            "g24-prod-sg3-002-sb.servicebus.windows.net",
+                            "g24-prod-sg3-003-sb.servicebus.windows.net",
                             "g24-prod-sn3-003-sb.servicebus.windows.net",
                             "g24-prod-sn3-004-sb.servicebus.windows.net",
                             "g24-prod-sn3-005-sb.servicebus.windows.net",
@@ -614,10 +972,16 @@
                             "g24-prod-sn3-010-sb.servicebus.windows.net",
                             "g24-prod-sn3-011-sb.servicebus.windows.net",
                             "g24-prod-sn3-012-sb.servicebus.windows.net",
+                            "g25-prod-bn3-005-sb.servicebus.windows.net",
+                            "g25-prod-bn3-007-sb.servicebus.windows.net",
+                            "g25-prod-bn3-008-sb.servicebus.windows.net",
                             "g25-prod-ch3-003-sb.servicebus.windows.net",
                             "g25-prod-ch3-004-sb.servicebus.windows.net",
                             "g25-prod-ch3-006-sb.servicebus.windows.net",
                             "g25-prod-ch3-007-sb.servicebus.windows.net",
+                            "g25-prod-sg3-001-sb.servicebus.windows.net",
+                            "g25-prod-sg3-002-sb.servicebus.windows.net",
+                            "g25-prod-sg3-003-sb.servicebus.windows.net",
                             "g25-prod-sn3-003-sb.servicebus.windows.net",
                             "g25-prod-sn3-004-sb.servicebus.windows.net",
                             "g25-prod-sn3-005-sb.servicebus.windows.net",
@@ -626,10 +990,16 @@
                             "g25-prod-sn3-010-sb.servicebus.windows.net",
                             "g25-prod-sn3-011-sb.servicebus.windows.net",
                             "g25-prod-sn3-012-sb.servicebus.windows.net",
+                            "g26-prod-bn3-005-sb.servicebus.windows.net",
+                            "g26-prod-bn3-007-sb.servicebus.windows.net",
+                            "g26-prod-bn3-008-sb.servicebus.windows.net",
                             "g26-prod-ch3-003-sb.servicebus.windows.net",
                             "g26-prod-ch3-004-sb.servicebus.windows.net",
                             "g26-prod-ch3-006-sb.servicebus.windows.net",
                             "g26-prod-ch3-007-sb.servicebus.windows.net",
+                            "g26-prod-sg3-001-sb.servicebus.windows.net",
+                            "g26-prod-sg3-002-sb.servicebus.windows.net",
+                            "g26-prod-sg3-003-sb.servicebus.windows.net",
                             "g26-prod-sn3-003-sb.servicebus.windows.net",
                             "g26-prod-sn3-004-sb.servicebus.windows.net",
                             "g26-prod-sn3-005-sb.servicebus.windows.net",
@@ -638,10 +1008,16 @@
                             "g26-prod-sn3-010-sb.servicebus.windows.net",
                             "g26-prod-sn3-011-sb.servicebus.windows.net",
                             "g26-prod-sn3-012-sb.servicebus.windows.net",
+                            "g27-prod-bn3-005-sb.servicebus.windows.net",
+                            "g27-prod-bn3-007-sb.servicebus.windows.net",
+                            "g27-prod-bn3-008-sb.servicebus.windows.net",
                             "g27-prod-ch3-003-sb.servicebus.windows.net",
                             "g27-prod-ch3-004-sb.servicebus.windows.net",
                             "g27-prod-ch3-006-sb.servicebus.windows.net",
                             "g27-prod-ch3-007-sb.servicebus.windows.net",
+                            "g27-prod-sg3-001-sb.servicebus.windows.net",
+                            "g27-prod-sg3-002-sb.servicebus.windows.net",
+                            "g27-prod-sg3-003-sb.servicebus.windows.net",
                             "g27-prod-sn3-003-sb.servicebus.windows.net",
                             "g27-prod-sn3-004-sb.servicebus.windows.net",
                             "g27-prod-sn3-005-sb.servicebus.windows.net",
@@ -650,10 +1026,16 @@
                             "g27-prod-sn3-010-sb.servicebus.windows.net",
                             "g27-prod-sn3-011-sb.servicebus.windows.net",
                             "g27-prod-sn3-012-sb.servicebus.windows.net",
+                            "g28-prod-bn3-005-sb.servicebus.windows.net",
+                            "g28-prod-bn3-007-sb.servicebus.windows.net",
+                            "g28-prod-bn3-008-sb.servicebus.windows.net",
                             "g28-prod-ch3-003-sb.servicebus.windows.net",
                             "g28-prod-ch3-004-sb.servicebus.windows.net",
                             "g28-prod-ch3-006-sb.servicebus.windows.net",
                             "g28-prod-ch3-007-sb.servicebus.windows.net",
+                            "g28-prod-sg3-001-sb.servicebus.windows.net",
+                            "g28-prod-sg3-002-sb.servicebus.windows.net",
+                            "g28-prod-sg3-003-sb.servicebus.windows.net",
                             "g28-prod-sn3-003-sb.servicebus.windows.net",
                             "g28-prod-sn3-004-sb.servicebus.windows.net",
                             "g28-prod-sn3-005-sb.servicebus.windows.net",
@@ -662,10 +1044,16 @@
                             "g28-prod-sn3-010-sb.servicebus.windows.net",
                             "g28-prod-sn3-011-sb.servicebus.windows.net",
                             "g28-prod-sn3-012-sb.servicebus.windows.net",
+                            "g29-prod-bn3-005-sb.servicebus.windows.net",
+                            "g29-prod-bn3-007-sb.servicebus.windows.net",
+                            "g29-prod-bn3-008-sb.servicebus.windows.net",
                             "g29-prod-ch3-003-sb.servicebus.windows.net",
                             "g29-prod-ch3-004-sb.servicebus.windows.net",
                             "g29-prod-ch3-006-sb.servicebus.windows.net",
                             "g29-prod-ch3-007-sb.servicebus.windows.net",
+                            "g29-prod-sg3-001-sb.servicebus.windows.net",
+                            "g29-prod-sg3-002-sb.servicebus.windows.net",
+                            "g29-prod-sg3-003-sb.servicebus.windows.net",
                             "g29-prod-sn3-003-sb.servicebus.windows.net",
                             "g29-prod-sn3-004-sb.servicebus.windows.net",
                             "g29-prod-sn3-005-sb.servicebus.windows.net",
@@ -674,10 +1062,16 @@
                             "g29-prod-sn3-010-sb.servicebus.windows.net",
                             "g29-prod-sn3-011-sb.servicebus.windows.net",
                             "g29-prod-sn3-012-sb.servicebus.windows.net",
+                            "g30-prod-bn3-005-sb.servicebus.windows.net",
+                            "g30-prod-bn3-007-sb.servicebus.windows.net",
+                            "g30-prod-bn3-008-sb.servicebus.windows.net",
                             "g30-prod-ch3-003-sb.servicebus.windows.net",
                             "g30-prod-ch3-004-sb.servicebus.windows.net",
                             "g30-prod-ch3-006-sb.servicebus.windows.net",
                             "g30-prod-ch3-007-sb.servicebus.windows.net",
+                            "g30-prod-sg3-001-sb.servicebus.windows.net",
+                            "g30-prod-sg3-002-sb.servicebus.windows.net",
+                            "g30-prod-sg3-003-sb.servicebus.windows.net",
                             "g30-prod-sn3-003-sb.servicebus.windows.net",
                             "g30-prod-sn3-004-sb.servicebus.windows.net",
                             "g30-prod-sn3-005-sb.servicebus.windows.net",
@@ -686,10 +1080,16 @@
                             "g30-prod-sn3-010-sb.servicebus.windows.net",
                             "g30-prod-sn3-011-sb.servicebus.windows.net",
                             "g30-prod-sn3-012-sb.servicebus.windows.net",
+                            "g31-prod-bn3-005-sb.servicebus.windows.net",
+                            "g31-prod-bn3-007-sb.servicebus.windows.net",
+                            "g31-prod-bn3-008-sb.servicebus.windows.net",
                             "g31-prod-ch3-003-sb.servicebus.windows.net",
                             "g31-prod-ch3-004-sb.servicebus.windows.net",
                             "g31-prod-ch3-006-sb.servicebus.windows.net",
                             "g31-prod-ch3-007-sb.servicebus.windows.net",
+                            "g31-prod-sg3-001-sb.servicebus.windows.net",
+                            "g31-prod-sg3-002-sb.servicebus.windows.net",
+                            "g31-prod-sg3-003-sb.servicebus.windows.net",
                             "g31-prod-sn3-003-sb.servicebus.windows.net",
                             "g31-prod-sn3-004-sb.servicebus.windows.net",
                             "g31-prod-sn3-005-sb.servicebus.windows.net",
@@ -698,10 +1098,15 @@
                             "g31-prod-sn3-010-sb.servicebus.windows.net",
                             "g31-prod-sn3-011-sb.servicebus.windows.net",
                             "g31-prod-sn3-012-sb.servicebus.windows.net",
+                            "g32-prod-bn3-005-sb.servicebus.windows.net",
+                            "g32-prod-bn3-007-sb.servicebus.windows.net",
+                            "g32-prod-bn3-008-sb.servicebus.windows.net",
                             "g32-prod-ch3-003-sb.servicebus.windows.net",
                             "g32-prod-ch3-004-sb.servicebus.windows.net",
                             "g32-prod-ch3-006-sb.servicebus.windows.net",
                             "g32-prod-ch3-007-sb.servicebus.windows.net",
+                            "g32-prod-sg3-001-sb.servicebus.windows.net",
+                            "g32-prod-sg3-003-sb.servicebus.windows.net",
                             "g32-prod-sn3-003-sb.servicebus.windows.net",
                             "g32-prod-sn3-004-sb.servicebus.windows.net",
                             "g32-prod-sn3-005-sb.servicebus.windows.net",
@@ -709,10 +1114,15 @@
                             "g32-prod-sn3-007-sb.servicebus.windows.net",
                             "g32-prod-sn3-010-sb.servicebus.windows.net",
                             "g32-prod-sn3-011-sb.servicebus.windows.net",
+                            "g33-prod-bn3-005-sb.servicebus.windows.net",
+                            "g33-prod-bn3-007-sb.servicebus.windows.net",
+                            "g33-prod-bn3-008-sb.servicebus.windows.net",
                             "g33-prod-ch3-003-sb.servicebus.windows.net",
                             "g33-prod-ch3-004-sb.servicebus.windows.net",
                             "g33-prod-ch3-006-sb.servicebus.windows.net",
                             "g33-prod-ch3-007-sb.servicebus.windows.net",
+                            "g33-prod-sg3-001-sb.servicebus.windows.net",
+                            "g33-prod-sg3-003-sb.servicebus.windows.net",
                             "g33-prod-sn3-003-sb.servicebus.windows.net",
                             "g33-prod-sn3-004-sb.servicebus.windows.net",
                             "g33-prod-sn3-005-sb.servicebus.windows.net",
@@ -720,10 +1130,15 @@
                             "g33-prod-sn3-007-sb.servicebus.windows.net",
                             "g33-prod-sn3-010-sb.servicebus.windows.net",
                             "g33-prod-sn3-011-sb.servicebus.windows.net",
+                            "g34-prod-bn3-005-sb.servicebus.windows.net",
+                            "g34-prod-bn3-007-sb.servicebus.windows.net",
+                            "g34-prod-bn3-008-sb.servicebus.windows.net",
                             "g34-prod-ch3-003-sb.servicebus.windows.net",
                             "g34-prod-ch3-004-sb.servicebus.windows.net",
                             "g34-prod-ch3-006-sb.servicebus.windows.net",
                             "g34-prod-ch3-007-sb.servicebus.windows.net",
+                            "g34-prod-sg3-001-sb.servicebus.windows.net",
+                            "g34-prod-sg3-003-sb.servicebus.windows.net",
                             "g34-prod-sn3-003-sb.servicebus.windows.net",
                             "g34-prod-sn3-004-sb.servicebus.windows.net",
                             "g34-prod-sn3-005-sb.servicebus.windows.net",
@@ -731,10 +1146,15 @@
                             "g34-prod-sn3-007-sb.servicebus.windows.net",
                             "g34-prod-sn3-010-sb.servicebus.windows.net",
                             "g34-prod-sn3-011-sb.servicebus.windows.net",
+                            "g35-prod-bn3-005-sb.servicebus.windows.net",
+                            "g35-prod-bn3-007-sb.servicebus.windows.net",
+                            "g35-prod-bn3-008-sb.servicebus.windows.net",
                             "g35-prod-ch3-003-sb.servicebus.windows.net",
                             "g35-prod-ch3-004-sb.servicebus.windows.net",
                             "g35-prod-ch3-006-sb.servicebus.windows.net",
                             "g35-prod-ch3-007-sb.servicebus.windows.net",
+                            "g35-prod-sg3-001-sb.servicebus.windows.net",
+                            "g35-prod-sg3-003-sb.servicebus.windows.net",
                             "g35-prod-sn3-003-sb.servicebus.windows.net",
                             "g35-prod-sn3-004-sb.servicebus.windows.net",
                             "g35-prod-sn3-005-sb.servicebus.windows.net",
@@ -742,10 +1162,15 @@
                             "g35-prod-sn3-007-sb.servicebus.windows.net",
                             "g35-prod-sn3-010-sb.servicebus.windows.net",
                             "g35-prod-sn3-011-sb.servicebus.windows.net",
+                            "g36-prod-bn3-005-sb.servicebus.windows.net",
+                            "g36-prod-bn3-007-sb.servicebus.windows.net",
+                            "g36-prod-bn3-008-sb.servicebus.windows.net",
                             "g36-prod-ch3-003-sb.servicebus.windows.net",
                             "g36-prod-ch3-004-sb.servicebus.windows.net",
                             "g36-prod-ch3-006-sb.servicebus.windows.net",
                             "g36-prod-ch3-007-sb.servicebus.windows.net",
+                            "g36-prod-sg3-001-sb.servicebus.windows.net",
+                            "g36-prod-sg3-003-sb.servicebus.windows.net",
                             "g36-prod-sn3-003-sb.servicebus.windows.net",
                             "g36-prod-sn3-004-sb.servicebus.windows.net",
                             "g36-prod-sn3-005-sb.servicebus.windows.net",
@@ -753,10 +1178,15 @@
                             "g36-prod-sn3-007-sb.servicebus.windows.net",
                             "g36-prod-sn3-010-sb.servicebus.windows.net",
                             "g36-prod-sn3-011-sb.servicebus.windows.net",
+                            "g37-prod-bn3-005-sb.servicebus.windows.net",
+                            "g37-prod-bn3-007-sb.servicebus.windows.net",
+                            "g37-prod-bn3-008-sb.servicebus.windows.net",
                             "g37-prod-ch3-003-sb.servicebus.windows.net",
                             "g37-prod-ch3-004-sb.servicebus.windows.net",
                             "g37-prod-ch3-006-sb.servicebus.windows.net",
                             "g37-prod-ch3-007-sb.servicebus.windows.net",
+                            "g37-prod-sg3-001-sb.servicebus.windows.net",
+                            "g37-prod-sg3-003-sb.servicebus.windows.net",
                             "g37-prod-sn3-003-sb.servicebus.windows.net",
                             "g37-prod-sn3-004-sb.servicebus.windows.net",
                             "g37-prod-sn3-005-sb.servicebus.windows.net",
@@ -764,10 +1194,15 @@
                             "g37-prod-sn3-007-sb.servicebus.windows.net",
                             "g37-prod-sn3-010-sb.servicebus.windows.net",
                             "g37-prod-sn3-011-sb.servicebus.windows.net",
+                            "g38-prod-bn3-005-sb.servicebus.windows.net",
+                            "g38-prod-bn3-007-sb.servicebus.windows.net",
+                            "g38-prod-bn3-008-sb.servicebus.windows.net",
                             "g38-prod-ch3-003-sb.servicebus.windows.net",
                             "g38-prod-ch3-004-sb.servicebus.windows.net",
                             "g38-prod-ch3-006-sb.servicebus.windows.net",
                             "g38-prod-ch3-007-sb.servicebus.windows.net",
+                            "g38-prod-sg3-001-sb.servicebus.windows.net",
+                            "g38-prod-sg3-003-sb.servicebus.windows.net",
                             "g38-prod-sn3-003-sb.servicebus.windows.net",
                             "g38-prod-sn3-004-sb.servicebus.windows.net",
                             "g38-prod-sn3-005-sb.servicebus.windows.net",
@@ -775,10 +1210,15 @@
                             "g38-prod-sn3-007-sb.servicebus.windows.net",
                             "g38-prod-sn3-010-sb.servicebus.windows.net",
                             "g38-prod-sn3-011-sb.servicebus.windows.net",
+                            "g39-prod-bn3-005-sb.servicebus.windows.net",
+                            "g39-prod-bn3-007-sb.servicebus.windows.net",
+                            "g39-prod-bn3-008-sb.servicebus.windows.net",
                             "g39-prod-ch3-003-sb.servicebus.windows.net",
                             "g39-prod-ch3-004-sb.servicebus.windows.net",
                             "g39-prod-ch3-006-sb.servicebus.windows.net",
                             "g39-prod-ch3-007-sb.servicebus.windows.net",
+                            "g39-prod-sg3-001-sb.servicebus.windows.net",
+                            "g39-prod-sg3-003-sb.servicebus.windows.net",
                             "g39-prod-sn3-003-sb.servicebus.windows.net",
                             "g39-prod-sn3-004-sb.servicebus.windows.net",
                             "g39-prod-sn3-005-sb.servicebus.windows.net",
@@ -786,177 +1226,226 @@
                             "g39-prod-sn3-007-sb.servicebus.windows.net",
                             "g39-prod-sn3-010-sb.servicebus.windows.net",
                             "g39-prod-sn3-011-sb.servicebus.windows.net",
+                            "g40-prod-bn3-005-sb.servicebus.windows.net",
                             "g40-prod-ch3-003-sb.servicebus.windows.net",
                             "g40-prod-ch3-007-sb.servicebus.windows.net",
+                            "g40-prod-sg3-001-sb.servicebus.windows.net",
+                            "g40-prod-sg3-003-sb.servicebus.windows.net",
                             "g40-prod-sn3-003-sb.servicebus.windows.net",
                             "g40-prod-sn3-004-sb.servicebus.windows.net",
                             "g40-prod-sn3-005-sb.servicebus.windows.net",
                             "g40-prod-sn3-006-sb.servicebus.windows.net",
                             "g40-prod-sn3-007-sb.servicebus.windows.net",
                             "g40-prod-sn3-010-sb.servicebus.windows.net",
+                            "g41-prod-bn3-005-sb.servicebus.windows.net",
                             "g41-prod-ch3-003-sb.servicebus.windows.net",
                             "g41-prod-ch3-007-sb.servicebus.windows.net",
+                            "g41-prod-sg3-001-sb.servicebus.windows.net",
                             "g41-prod-sn3-003-sb.servicebus.windows.net",
                             "g41-prod-sn3-004-sb.servicebus.windows.net",
                             "g41-prod-sn3-005-sb.servicebus.windows.net",
                             "g41-prod-sn3-006-sb.servicebus.windows.net",
                             "g41-prod-sn3-007-sb.servicebus.windows.net",
                             "g41-prod-sn3-010-sb.servicebus.windows.net",
+                            "g42-prod-bn3-005-sb.servicebus.windows.net",
                             "g42-prod-ch3-003-sb.servicebus.windows.net",
                             "g42-prod-ch3-007-sb.servicebus.windows.net",
+                            "g42-prod-sg3-001-sb.servicebus.windows.net",
                             "g42-prod-sn3-003-sb.servicebus.windows.net",
                             "g42-prod-sn3-004-sb.servicebus.windows.net",
                             "g42-prod-sn3-005-sb.servicebus.windows.net",
                             "g42-prod-sn3-006-sb.servicebus.windows.net",
                             "g42-prod-sn3-007-sb.servicebus.windows.net",
                             "g42-prod-sn3-010-sb.servicebus.windows.net",
+                            "g43-prod-bn3-005-sb.servicebus.windows.net",
                             "g43-prod-ch3-003-sb.servicebus.windows.net",
                             "g43-prod-ch3-007-sb.servicebus.windows.net",
+                            "g43-prod-sg3-001-sb.servicebus.windows.net",
                             "g43-prod-sn3-003-sb.servicebus.windows.net",
                             "g43-prod-sn3-004-sb.servicebus.windows.net",
                             "g43-prod-sn3-005-sb.servicebus.windows.net",
                             "g43-prod-sn3-006-sb.servicebus.windows.net",
                             "g43-prod-sn3-007-sb.servicebus.windows.net",
                             "g43-prod-sn3-010-sb.servicebus.windows.net",
+                            "g44-prod-bn3-005-sb.servicebus.windows.net",
                             "g44-prod-ch3-003-sb.servicebus.windows.net",
                             "g44-prod-ch3-007-sb.servicebus.windows.net",
+                            "g44-prod-sg3-001-sb.servicebus.windows.net",
                             "g44-prod-sn3-003-sb.servicebus.windows.net",
                             "g44-prod-sn3-004-sb.servicebus.windows.net",
                             "g44-prod-sn3-005-sb.servicebus.windows.net",
                             "g44-prod-sn3-006-sb.servicebus.windows.net",
                             "g44-prod-sn3-007-sb.servicebus.windows.net",
                             "g44-prod-sn3-010-sb.servicebus.windows.net",
+                            "g45-prod-bn3-005-sb.servicebus.windows.net",
                             "g45-prod-ch3-003-sb.servicebus.windows.net",
                             "g45-prod-ch3-007-sb.servicebus.windows.net",
+                            "g45-prod-sg3-001-sb.servicebus.windows.net",
                             "g45-prod-sn3-003-sb.servicebus.windows.net",
                             "g45-prod-sn3-004-sb.servicebus.windows.net",
                             "g45-prod-sn3-005-sb.servicebus.windows.net",
                             "g45-prod-sn3-006-sb.servicebus.windows.net",
                             "g45-prod-sn3-007-sb.servicebus.windows.net",
                             "g45-prod-sn3-010-sb.servicebus.windows.net",
+                            "g46-prod-bn3-005-sb.servicebus.windows.net",
                             "g46-prod-ch3-003-sb.servicebus.windows.net",
                             "g46-prod-ch3-007-sb.servicebus.windows.net",
+                            "g46-prod-sg3-001-sb.servicebus.windows.net",
                             "g46-prod-sn3-003-sb.servicebus.windows.net",
                             "g46-prod-sn3-004-sb.servicebus.windows.net",
                             "g46-prod-sn3-005-sb.servicebus.windows.net",
                             "g46-prod-sn3-006-sb.servicebus.windows.net",
                             "g46-prod-sn3-007-sb.servicebus.windows.net",
                             "g46-prod-sn3-010-sb.servicebus.windows.net",
+                            "g47-prod-bn3-005-sb.servicebus.windows.net",
                             "g47-prod-ch3-003-sb.servicebus.windows.net",
                             "g47-prod-ch3-007-sb.servicebus.windows.net",
+                            "g47-prod-sg3-001-sb.servicebus.windows.net",
                             "g47-prod-sn3-003-sb.servicebus.windows.net",
                             "g47-prod-sn3-004-sb.servicebus.windows.net",
                             "g47-prod-sn3-005-sb.servicebus.windows.net",
                             "g47-prod-sn3-006-sb.servicebus.windows.net",
                             "g47-prod-sn3-007-sb.servicebus.windows.net",
                             "g47-prod-sn3-010-sb.servicebus.windows.net",
+                            "g48-prod-bn3-005-sb.servicebus.windows.net",
                             "g48-prod-ch3-003-sb.servicebus.windows.net",
                             "g48-prod-ch3-007-sb.servicebus.windows.net",
+                            "g48-prod-sg3-001-sb.servicebus.windows.net",
                             "g48-prod-sn3-003-sb.servicebus.windows.net",
                             "g48-prod-sn3-004-sb.servicebus.windows.net",
                             "g48-prod-sn3-005-sb.servicebus.windows.net",
                             "g48-prod-sn3-006-sb.servicebus.windows.net",
                             "g48-prod-sn3-010-sb.servicebus.windows.net",
+                            "g49-prod-bn3-005-sb.servicebus.windows.net",
                             "g49-prod-ch3-003-sb.servicebus.windows.net",
                             "g49-prod-ch3-007-sb.servicebus.windows.net",
+                            "g49-prod-sg3-001-sb.servicebus.windows.net",
                             "g49-prod-sn3-003-sb.servicebus.windows.net",
                             "g49-prod-sn3-004-sb.servicebus.windows.net",
                             "g49-prod-sn3-005-sb.servicebus.windows.net",
                             "g49-prod-sn3-006-sb.servicebus.windows.net",
                             "g49-prod-sn3-010-sb.servicebus.windows.net",
+                            "g50-prod-bn3-005-sb.servicebus.windows.net",
                             "g50-prod-ch3-003-sb.servicebus.windows.net",
                             "g50-prod-ch3-007-sb.servicebus.windows.net",
+                            "g50-prod-sg3-001-sb.servicebus.windows.net",
                             "g50-prod-sn3-003-sb.servicebus.windows.net",
                             "g50-prod-sn3-004-sb.servicebus.windows.net",
                             "g50-prod-sn3-005-sb.servicebus.windows.net",
                             "g50-prod-sn3-006-sb.servicebus.windows.net",
                             "g50-prod-sn3-010-sb.servicebus.windows.net",
+                            "g51-prod-bn3-005-sb.servicebus.windows.net",
                             "g51-prod-ch3-003-sb.servicebus.windows.net",
                             "g51-prod-ch3-007-sb.servicebus.windows.net",
+                            "g51-prod-sg3-001-sb.servicebus.windows.net",
                             "g51-prod-sn3-003-sb.servicebus.windows.net",
                             "g51-prod-sn3-004-sb.servicebus.windows.net",
                             "g51-prod-sn3-005-sb.servicebus.windows.net",
                             "g51-prod-sn3-006-sb.servicebus.windows.net",
                             "g51-prod-sn3-010-sb.servicebus.windows.net",
+                            "g52-prod-bn3-005-sb.servicebus.windows.net",
                             "g52-prod-ch3-003-sb.servicebus.windows.net",
                             "g52-prod-ch3-007-sb.servicebus.windows.net",
+                            "g52-prod-sg3-001-sb.servicebus.windows.net",
                             "g52-prod-sn3-003-sb.servicebus.windows.net",
                             "g52-prod-sn3-004-sb.servicebus.windows.net",
                             "g52-prod-sn3-005-sb.servicebus.windows.net",
                             "g52-prod-sn3-006-sb.servicebus.windows.net",
                             "g52-prod-sn3-010-sb.servicebus.windows.net",
+                            "g53-prod-bn3-005-sb.servicebus.windows.net",
                             "g53-prod-ch3-003-sb.servicebus.windows.net",
                             "g53-prod-ch3-007-sb.servicebus.windows.net",
+                            "g53-prod-sg3-001-sb.servicebus.windows.net",
                             "g53-prod-sn3-003-sb.servicebus.windows.net",
                             "g53-prod-sn3-004-sb.servicebus.windows.net",
                             "g53-prod-sn3-005-sb.servicebus.windows.net",
                             "g53-prod-sn3-006-sb.servicebus.windows.net",
                             "g53-prod-sn3-010-sb.servicebus.windows.net",
+                            "g54-prod-bn3-005-sb.servicebus.windows.net",
                             "g54-prod-ch3-003-sb.servicebus.windows.net",
                             "g54-prod-ch3-007-sb.servicebus.windows.net",
+                            "g54-prod-sg3-001-sb.servicebus.windows.net",
                             "g54-prod-sn3-003-sb.servicebus.windows.net",
                             "g54-prod-sn3-004-sb.servicebus.windows.net",
                             "g54-prod-sn3-005-sb.servicebus.windows.net",
                             "g54-prod-sn3-006-sb.servicebus.windows.net",
                             "g54-prod-sn3-010-sb.servicebus.windows.net",
+                            "g55-prod-bn3-005-sb.servicebus.windows.net",
                             "g55-prod-ch3-003-sb.servicebus.windows.net",
                             "g55-prod-ch3-007-sb.servicebus.windows.net",
+                            "g55-prod-sg3-001-sb.servicebus.windows.net",
                             "g55-prod-sn3-003-sb.servicebus.windows.net",
                             "g55-prod-sn3-004-sb.servicebus.windows.net",
                             "g55-prod-sn3-005-sb.servicebus.windows.net",
                             "g55-prod-sn3-006-sb.servicebus.windows.net",
                             "g55-prod-sn3-010-sb.servicebus.windows.net",
+                            "g56-prod-bn3-005-sb.servicebus.windows.net",
                             "g56-prod-ch3-003-sb.servicebus.windows.net",
                             "g56-prod-ch3-007-sb.servicebus.windows.net",
+                            "g56-prod-sg3-001-sb.servicebus.windows.net",
                             "g56-prod-sn3-003-sb.servicebus.windows.net",
                             "g56-prod-sn3-004-sb.servicebus.windows.net",
                             "g56-prod-sn3-005-sb.servicebus.windows.net",
                             "g56-prod-sn3-006-sb.servicebus.windows.net",
                             "g56-prod-sn3-010-sb.servicebus.windows.net",
+                            "g57-prod-bn3-005-sb.servicebus.windows.net",
                             "g57-prod-ch3-003-sb.servicebus.windows.net",
                             "g57-prod-ch3-007-sb.servicebus.windows.net",
+                            "g57-prod-sg3-001-sb.servicebus.windows.net",
                             "g57-prod-sn3-003-sb.servicebus.windows.net",
                             "g57-prod-sn3-004-sb.servicebus.windows.net",
                             "g57-prod-sn3-005-sb.servicebus.windows.net",
                             "g57-prod-sn3-006-sb.servicebus.windows.net",
                             "g57-prod-sn3-010-sb.servicebus.windows.net",
+                            "g58-prod-bn3-005-sb.servicebus.windows.net",
                             "g58-prod-ch3-003-sb.servicebus.windows.net",
                             "g58-prod-ch3-007-sb.servicebus.windows.net",
+                            "g58-prod-sg3-001-sb.servicebus.windows.net",
                             "g58-prod-sn3-003-sb.servicebus.windows.net",
                             "g58-prod-sn3-004-sb.servicebus.windows.net",
                             "g58-prod-sn3-005-sb.servicebus.windows.net",
                             "g58-prod-sn3-006-sb.servicebus.windows.net",
                             "g58-prod-sn3-010-sb.servicebus.windows.net",
+                            "g59-prod-bn3-005-sb.servicebus.windows.net",
                             "g59-prod-ch3-003-sb.servicebus.windows.net",
                             "g59-prod-ch3-007-sb.servicebus.windows.net",
+                            "g59-prod-sg3-001-sb.servicebus.windows.net",
                             "g59-prod-sn3-003-sb.servicebus.windows.net",
                             "g59-prod-sn3-004-sb.servicebus.windows.net",
                             "g59-prod-sn3-005-sb.servicebus.windows.net",
                             "g59-prod-sn3-006-sb.servicebus.windows.net",
                             "g59-prod-sn3-010-sb.servicebus.windows.net",
+                            "g60-prod-bn3-005-sb.servicebus.windows.net",
                             "g60-prod-ch3-003-sb.servicebus.windows.net",
                             "g60-prod-ch3-007-sb.servicebus.windows.net",
+                            "g60-prod-sg3-001-sb.servicebus.windows.net",
                             "g60-prod-sn3-003-sb.servicebus.windows.net",
                             "g60-prod-sn3-004-sb.servicebus.windows.net",
                             "g60-prod-sn3-005-sb.servicebus.windows.net",
                             "g60-prod-sn3-006-sb.servicebus.windows.net",
                             "g60-prod-sn3-010-sb.servicebus.windows.net",
+                            "g61-prod-bn3-005-sb.servicebus.windows.net",
                             "g61-prod-ch3-003-sb.servicebus.windows.net",
                             "g61-prod-ch3-007-sb.servicebus.windows.net",
+                            "g61-prod-sg3-001-sb.servicebus.windows.net",
                             "g61-prod-sn3-003-sb.servicebus.windows.net",
                             "g61-prod-sn3-004-sb.servicebus.windows.net",
                             "g61-prod-sn3-005-sb.servicebus.windows.net",
                             "g61-prod-sn3-006-sb.servicebus.windows.net",
                             "g61-prod-sn3-010-sb.servicebus.windows.net",
+                            "g62-prod-bn3-005-sb.servicebus.windows.net",
                             "g62-prod-ch3-003-sb.servicebus.windows.net",
                             "g62-prod-ch3-007-sb.servicebus.windows.net",
+                            "g62-prod-sg3-001-sb.servicebus.windows.net",
                             "g62-prod-sn3-003-sb.servicebus.windows.net",
                             "g62-prod-sn3-004-sb.servicebus.windows.net",
                             "g62-prod-sn3-005-sb.servicebus.windows.net",
                             "g62-prod-sn3-006-sb.servicebus.windows.net",
                             "g62-prod-sn3-010-sb.servicebus.windows.net",
+                            "g63-prod-bn3-005-sb.servicebus.windows.net",
                             "g63-prod-ch3-003-sb.servicebus.windows.net",
                             "g63-prod-ch3-007-sb.servicebus.windows.net",
+                            "g63-prod-sg3-001-sb.servicebus.windows.net",
                             "g63-prod-sn3-003-sb.servicebus.windows.net",
                             "g63-prod-sn3-004-sb.servicebus.windows.net",
                             "g63-prod-sn3-005-sb.servicebus.windows.net",

From 8ac73a90f55e8f768bd3c74542e0dade0218f3bd Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Mon, 22 May 2023 16:21:15 +0100
Subject: [PATCH 193/289] :alien: Replace deprecated Set-AzDiagnosticSetting

---
 deployment/CheckRequirements.ps1    | 2 +-
 deployment/common/AzureMonitor.psm1 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment/CheckRequirements.ps1 b/deployment/CheckRequirements.ps1
index 348aa34e30..740f081581 100644
--- a/deployment/CheckRequirements.ps1
+++ b/deployment/CheckRequirements.ps1
@@ -16,7 +16,7 @@ $ModuleVersionRequired = @{
     "Az.DataProtection"                            = @("ge", "0.4.0")
     "Az.Dns"                                       = @("ge", "1.1.2")
     "Az.KeyVault"                                  = @("ge", "4.9.1")
-    "Az.Monitor"                                   = @("ge", "3.0.1")
+    "Az.Monitor"                                   = @("ge", "4.2.0")
     "Az.MonitoringSolutions"                       = @("ge", "0.1.0")
     "Az.Network"                                   = @("ge", "5.3.0")
     "Az.OperationalInsights"                       = @("ge", "3.1.0")
diff --git a/deployment/common/AzureMonitor.psm1 b/deployment/common/AzureMonitor.psm1
index a0e12b62b0..ec7fc67e41 100644
--- a/deployment/common/AzureMonitor.psm1
+++ b/deployment/common/AzureMonitor.psm1
@@ -70,7 +70,7 @@ function Set-LogAnalyticsDiagnostics {
         [string]$WorkspaceId
     )
     Add-LogMessage -Level Info "Enable logging for $ResourceName to log analytics workspace"
-    $null = Set-AzDiagnosticSetting -ResourceId $ResourceId -WorkspaceId $WorkspaceId -Enabled $true
+    $null = New-AzDiagnosticSetting -Name "LogToWorkspace" -ResourceId $ResourceId -WorkspaceId $WorkspaceId
     if ($?) {
         Add-LogMessage -Level Success "Enabled logging for $ResourceName to log analytics workspace"
     } else {

From 80730f46c5dd63cd5875ee0e157a9e2490669fe8 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Tue, 23 May 2023 15:36:12 +0100
Subject: [PATCH 194/289] Correct link on citation badge

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e97d4b4562..9e7d15f8e6 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ It was developed as part of the Alan Turing Institute's [Data Safe Havens in the
 [![Latest version](https://img.shields.io/github/v/release/alan-turing-institute/data-safe-haven?style=flat&label=Latest&color=%234B78E6)](https://github.com/alan-turing-institute/data-safe-haven/releases)
 [![Slack](https://img.shields.io/badge/Join%20us!-yellow?style=flat&logo=slack&logoColor=white&labelColor=4A154B&label=Slack)](https://join.slack.com/t/turingdatasafehaven/signup)
 ![Licence](https://img.shields.io/github/license/alan-turing-institute/data-safe-haven)
-[![Citation](https://img.shields.io/badge/citation-cite%20this%20project-informational)](https://github.com/alan-turing-institute/data-safe-haven/blob/badges/CITATION.cff)
+[![Citation](https://img.shields.io/badge/citation-cite%20this%20project-informational)](https://github.com/alan-turing-institute/data-safe-haven/blob/develop/CITATION.cff)
 
 ## :family: Community & support
 

From 32d67a081197b38e30dbc4bae2f3e3e150992a1a Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Tue, 23 May 2023 15:40:49 +0100
Subject: [PATCH 195/289] Correct path to Scriberia cartoon in README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e97d4b4562..127da4f332 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![Data Safe Haven cartoon by Scriberia for The Alan Turing Institute](docs/_static/scriberia_diagram.jpg)
+![Data Safe Haven cartoon by Scriberia for The Alan Turing Institute](docs/source/_static/scriberia_diagram.jpg)
 
 # :eyes: What is the Turing Data Safe Haven?
 

From 20b2920b6edd685487c6c7e0c9719828f3ef7091 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 24 May 2023 09:20:18 +0100
Subject: [PATCH 196/289] Remove pins from requirements.in

---
 docs/requirements.in | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/requirements.in b/docs/requirements.in
index 4a4c2761c8..a6230b9742 100644
--- a/docs/requirements.in
+++ b/docs/requirements.in
@@ -1,4 +1,4 @@
-emoji==2.2.0
-myst-parser==1.0.0
-pydata-sphinx-theme==0.13.3
-Sphinx==6.2.1
+emoji
+myst-parser
+pydata-sphinx-theme
+Sphinx

From 2d52ae8b8bcc6b6c493b16f1d54c79e0c7ae70c7 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 24 May 2023 09:21:00 +0100
Subject: [PATCH 197/289] Update requirements

---
 docs/requirements.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index 6b5086a770..d9cf686af7 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -14,7 +14,7 @@ babel==2.12.1
     #   sphinx
 beautifulsoup4==4.12.2
     # via pydata-sphinx-theme
-certifi==2022.12.7
+certifi==2023.5.7
     # via requests
 charset-normalizer==3.1.0
     # via requests
@@ -58,7 +58,7 @@ pygments==2.15.1
     #   sphinx
 pyyaml==6.0
     # via myst-parser
-requests==2.29.0
+requests==2.31.0
     # via sphinx
 snowballstemmer==2.2.0
     # via sphinx
@@ -81,7 +81,7 @@ sphinxcontrib-qthelp==1.0.3
     # via sphinx
 sphinxcontrib-serializinghtml==1.1.5
     # via sphinx
-typing-extensions==4.5.0
+typing-extensions==4.6.1
     # via pydata-sphinx-theme
-urllib3==1.26.15
+urllib3==2.0.2
     # via requests

From a0ee1e58f8d93a1c9db514598cf9580fe58cdf71 Mon Sep 17 00:00:00 2001
From: JimMadge 
Date: Wed, 24 May 2023 08:34:55 +0000
Subject: [PATCH 198/289] Update PyPI and CRAN allow lists

---
 .../package_lists/allowlist-full-python-pypi-tier3.list          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
index fb72abae2a..9fd13a2393 100644
--- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
+++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
@@ -123,6 +123,7 @@ cssselect2
 cycler
 cymem
 Cython
+dacite
 dash
 dash-core-components
 dash-html-components

From b3fafbe0a6c56ddcd1e8618d5586a914836fc7db Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Wed, 24 May 2023 09:37:50 +0100
Subject: [PATCH 199/289] Add CODEOWNERS for docs

Add /docs/ to CODEOWNERS with a superset of users approved for /deployment/
---
 CODEOWNERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CODEOWNERS b/CODEOWNERS
index 185dcc737d..411890bbaa 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -11,3 +11,4 @@
 # main and other branches that may be deployed from.
 # Note: /dir/ applies to directory and all subdirectories
 /deployment/      @martintoreilly @jemrobinson @JimMadge
+/docs/            @martintoreilly @jemrobinson @JimMadge @craddm @edwardchalstrey1

From 278c547a80f2d1103f6931c3b8b31848330c3cc4 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 24 May 2023 09:58:02 +0100
Subject: [PATCH 200/289] Add README for documentation

---
 docs/README.md | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 docs/README.md

diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 0000000000..488a2ab2b8
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,57 @@
+# Documentation
+
+The documentation is built from Markdown files using [Sphinx](https://www.sphinx-doc.org/) and [MyST parser](https://myst-parser.readthedocs.io/).
+
+## Building the Documentation
+
+Create a virtual environment
+
+```console
+python3 -m venv ./venv
+source ./venv/bin/activate
+```
+
+Install the python dependencies (specified in [`requirements.txt`](./requirements.txt))
+
+```console
+pip install -r requirements.txt
+```
+
+Use the [`Makefile`](./Makefile) to build the document site
+
+```console
+make html
+```
+
+The generated documents will be placed under `build/html/`.
+To view the documents open `build/html/index.html` in your browser.
+For example
+
+```console
+firefox build/html/index.html
+```
+
+## Reproducible Builds
+
+To improve the reproducibly of build at each commit, [`requirements.txt`](./requirements.txt) contains a complete list of dependencies and specific versions.
+
+The projects _direct_ dependencies are listed in [`requirements.in`](./requirements.in).
+The full list is then generated using [`pip-compile`](https://pip-tools.readthedocs.io/en/latest/#requirements-from-requirements-in)
+
+```console
+pip-compile requirements.in
+```
+
+### Updating Requirements
+
+All requirements can be updated with
+
+```console
+pip-compile --upgrade requirements.in
+```
+
+Your virtual environment can be updated with
+
+```console
+pip-sync
+```

From 25fcf6b0bea2c0bf71ce415e7c130e1f497709a0 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Wed, 24 May 2023 10:07:47 +0000
Subject: [PATCH 201/289] correct role tag

---
 docs/source/roles/investigator/data_egress.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/roles/investigator/data_egress.md b/docs/source/roles/investigator/data_egress.md
index 59f3a7f27b..60f7cf3f4d 100644
--- a/docs/source/roles/investigator/data_egress.md
+++ b/docs/source/roles/investigator/data_egress.md
@@ -6,7 +6,7 @@ Once you have finished working with the data for your project, you'll have to eg
 ## Classification
 
 The first stage of egressing outputs is to classify them.
-This follows the {ref}`same workflow ` as for {ref}`data ingress `.
+This follows the {ref}`same workflow ` as for {ref}`data ingress `.
 
 ```{hint}
 Get the same people who ran the ingress classification process to do this - {ref}`Data Provider Representive `, {ref}`role_investigator` and {ref}`role_referee` (optional).

From fb9620063f523bcfef983bc9e5fd75b7149ffac0 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Wed, 24 May 2023 10:09:50 +0000
Subject: [PATCH 202/289] Enable MyST auto-generated header anchors

---
 docs/source/conf.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/source/conf.py b/docs/source/conf.py
index c5c104760e..d5da42d6da 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -107,3 +107,6 @@
     emoji_code: emoji.emojize(f":{emoji_code}:", language="alias")
     for emoji_code in emoji_codes
 }
+
+# Allow MyST to generate anchors for section titles
+myst_heading_anchors = 4
\ No newline at end of file

From 787ecad45dc9035c7d6e1c22a452ddb15e73114c Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Wed, 24 May 2023 11:32:09 +0000
Subject: [PATCH 203/289] Correct link to password reset

---
 .../source/roles/researcher/snippets/03_02_srd_login.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md b/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
index de6812a39f..696d0a3344 100644
--- a/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
+++ b/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
@@ -20,7 +20,7 @@
 
   ```{caution}
   We recommend _not_ including special characters in your password as the keyboard layout expected by the login screen may be different from the one you're using.
-  - if you want to reset your password, follow the steps defined in the [**Set your password**](#set-a-password) section above.
+  - if you want to reset your password, follow the steps defined in the [**Password and MFA**](#password-and-mfa) section above.
   - if you want to continue with special characters in your password, please test that they are being entered correctly by typing them in the username field.
   ```
 

From 3cae8b3c62b9746dafce21f003682a43ecaafd7d Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 24 May 2023 14:20:59 +0100
Subject: [PATCH 204/289] updated gitignore for docs build and venv

---
 .gitignore | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index d1e95b7d49..39e3f1e981 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,8 +28,9 @@ docs/*.pdf
 # ... except the tiers flowchart
 !docs/tiersflowchart.pdf
 
-# Sphinx output
-docs/_output
+# Sphinx output and venv
+docs/build
+docs/venv
 
 # Files produced during testing
 .mustache_config.json

From 0b647e65cc9bff3a297b10e6fa552ae99dde284e Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 24 May 2023 14:21:40 +0100
Subject: [PATCH 205/289] update gitignore for logs

---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index 39e3f1e981..d56d6c520d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,6 +32,9 @@ docs/*.pdf
 docs/build
 docs/venv
 
+# Any logs saved
+logs
+
 # Files produced during testing
 .mustache_config.json
 expanded.yaml

From 80c8b4e1460c384d852d857e6adde884c2a730ed Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 24 May 2023 14:23:06 +0100
Subject: [PATCH 206/289] add symbols snippet to system manager pages

---
 docs/source/roles/system_manager/manage_deployments.md | 4 ++++
 docs/source/roles/system_manager/manage_users.md       | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/docs/source/roles/system_manager/manage_deployments.md b/docs/source/roles/system_manager/manage_deployments.md
index 86536e9c40..6d5634158a 100644
--- a/docs/source/roles/system_manager/manage_deployments.md
+++ b/docs/source/roles/system_manager/manage_deployments.md
@@ -6,6 +6,10 @@
 This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it.
 ```
 
+```{include} ../../deployment/snippets/00_symbols.partial.md
+:relative-images:
+```
+
 ## {{alarm_clock}} Renewing SRE Domain Certificates
 
 SREs will need to periodically have their SSL certificates renewed so that the SRE URL can be accessed with HTTPS. After each 90 day period that the SRE is live, re-run the script to update the certificate.
diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md
index 740085431f..6e57b95902 100644
--- a/docs/source/roles/system_manager/manage_users.md
+++ b/docs/source/roles/system_manager/manage_users.md
@@ -6,6 +6,10 @@
 This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it.
 ```
 
+```{include} ../../deployment/snippets/00_symbols.partial.md
+:relative-images:
+```
+
 (create_new_users)=
 
 ## {{beginner}} Create new users

From a506cd06804d56d0c8fd7e583e55b26d293c180c Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 24 May 2023 14:25:40 +0100
Subject: [PATCH 207/289] link the ssl error to the solution page

---
 docs/source/roles/system_manager/manage_deployments.md | 2 ++
 docs/source/roles/system_manager/manage_users.md       | 5 +----
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/docs/source/roles/system_manager/manage_deployments.md b/docs/source/roles/system_manager/manage_deployments.md
index 6d5634158a..c3a6c9a756 100644
--- a/docs/source/roles/system_manager/manage_deployments.md
+++ b/docs/source/roles/system_manager/manage_deployments.md
@@ -10,6 +10,8 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem
 :relative-images:
 ```
 
+(renew_ssl)=
+
 ## {{alarm_clock}} Renewing SRE Domain Certificates
 
 SREs will need to periodically have their SSL certificates renewed so that the SRE URL can be accessed with HTTPS. After each 90 day period that the SRE is live, re-run the script to update the certificate.
diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md
index 6e57b95902..6d47f39828 100644
--- a/docs/source/roles/system_manager/manage_users.md
+++ b/docs/source/roles/system_manager/manage_users.md
@@ -204,10 +204,7 @@ If the certificate for the SRE domain has expired, users will not be able to log
 ```{tip}
 **Solution**: Replace the SSL certificate with a new one
 
-- Ensure you have the same version of the Data Safe Haven repository as was used by your deployment team
-- Open a `Powershell` terminal and navigate to the `deployment/secure_research_environment/setup` directory within the Data Safe Haven repository
-- Ensure you are logged into the `Azure` within `Powershell` using the command: `Connect-AzAccount`
-- Run `./Update_SRE_RDS_Ssl_Certificate.ps1 -sreId `, where the SRE ID is the one specified in the config
+- {ref}`renew_ssl`
 ```
 
 ### {{red_circle}} Unable to log into remote desktop gateway

From 77fc33e6669fe3cd1ff77a31505c7e2c4267fd81 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 24 May 2023 14:31:05 +0100
Subject: [PATCH 208/289] remove symbols unused in this particular doc

---
 docs/source/roles/system_manager/manage_users.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/docs/source/roles/system_manager/manage_users.md b/docs/source/roles/system_manager/manage_users.md
index 6d47f39828..f0fe89cdf9 100644
--- a/docs/source/roles/system_manager/manage_users.md
+++ b/docs/source/roles/system_manager/manage_users.md
@@ -6,10 +6,6 @@
 This document assumes that you already have access to a {ref}`Safe Haven Management (SHM) environment ` and one or more {ref}`Secure Research Environments (SREs) ` that are linked to it.
 ```
 
-```{include} ../../deployment/snippets/00_symbols.partial.md
-:relative-images:
-```
-
 (create_new_users)=
 
 ## {{beginner}} Create new users

From b3609925c9b147bcccd796c7edbae9a0e25f9129 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 24 May 2023 14:42:04 +0100
Subject: [PATCH 209/289] undo duplication of local docs building

---
 CONTRIBUTING.md | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index ac21b0ba8c..63993ab497 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -226,21 +226,7 @@ The docs, including for older releases, are available [here](https://data-safe-h
 
 You should follow the same instructions as above to [make a change with a pull request](#making-a-change-with-a-pull-request) when editing the documentation.
 
-To preview your changes, you can build the docs locally.
-The documentation build dependencies are listed in [a requirements file](docs/build/requirements.txt) that can be installed using `pip`:
-
-```{shell}
-pip install -r docs/build/requirements.txt
-```
-
-Check out your branch, navigate to the `docs` folder and `make` them:
-
-```{shell}
-cd data-safe-haven/docs
-make html
-```
-
-This will add the contents to a folder called `_output` inside `docs`. Open the index html from a browser and you should be able to navigate the docs and view your changes.
+To preview your changes, you can build the docs locally. See (docs/README.md).
 
 ### Who's involved in the project
 

From ae8a355049bdc6e013cdc58c8b0c67125456bbd3 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 24 May 2023 14:45:59 +0100
Subject: [PATCH 210/289] docs readme link

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 63993ab497..fd33223515 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -226,7 +226,7 @@ The docs, including for older releases, are available [here](https://data-safe-h
 
 You should follow the same instructions as above to [make a change with a pull request](#making-a-change-with-a-pull-request) when editing the documentation.
 
-To preview your changes, you can build the docs locally. See (docs/README.md).
+To preview your changes, you can build the docs locally. See [docs/README.md](docs/README.md).
 
 ### Who's involved in the project
 

From c5c4cbfcbfff4516d1303ae671d05b195470cfeb Mon Sep 17 00:00:00 2001
From: JimMadge 
Date: Mon, 29 May 2023 00:18:01 +0000
Subject: [PATCH 211/289] Update SRD package versions

---
 .../packages/deb-azuredatastudio.version                    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version
index 98abb1119a..3f59a83115 100644
--- a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version
+++ b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version
@@ -1,4 +1,4 @@
-hash: e1447ed4a2acc244ca678e29a416a614c38ea99df281578a0bc85ec52f98795a
-version: 1.43.0
+hash: a201c6f593a7a71c22070d2c5ca3b0b2c9db2b05538bb079d66e8f40246371e5
+version: 1.44.0
 debfile: azuredatastudio-linux-|VERSION|.deb
-remote: https://sqlopsbuilds.azureedge.net/stable/b790d700898b1095d83e62f0de14678a58222520/|DEBFILE|
+remote: https://sqlopsbuilds.azureedge.net/stable/31bee67f005648cdc9186f28ef39b4f1d6585e0f/|DEBFILE|

From 6a7547d2b829c1f4e6fc794fa891753e4c7ac053 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Tue, 30 May 2023 10:01:47 +0000
Subject: [PATCH 212/289] change .gitignore to ignore sphinx build folder

---
 .gitignore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index d1e95b7d49..8f2fdcee33 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,7 +29,7 @@ docs/*.pdf
 !docs/tiersflowchart.pdf
 
 # Sphinx output
-docs/_output
+docs/build
 
 # Files produced during testing
 .mustache_config.json

From 01dbeb652d454201f0dc5be84a9c8619832536e1 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Tue, 30 May 2023 11:49:27 +0100
Subject: [PATCH 213/289] specify desktop needs SSL renewal

Co-authored-by: Jim Madge 
---
 docs/source/roles/system_manager/manage_deployments.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/source/roles/system_manager/manage_deployments.md b/docs/source/roles/system_manager/manage_deployments.md
index c3a6c9a756..cca0c80057 100644
--- a/docs/source/roles/system_manager/manage_deployments.md
+++ b/docs/source/roles/system_manager/manage_deployments.md
@@ -14,7 +14,8 @@ This document assumes that you already have access to a {ref}`Safe Haven Managem
 
 ## {{alarm_clock}} Renewing SRE Domain Certificates
 
-SREs will need to periodically have their SSL certificates renewed so that the SRE URL can be accessed with HTTPS. After each 90 day period that the SRE is live, re-run the script to update the certificate.
+The remote desktop frontend of an SRE will need to periodically have its SSL certificate renewed so that it can be accessed via HTTPS.
+After each 90 day period that the SRE is live, re-run the script to update the certificate.
 
 ![Powershell: five minutes](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=ten%20minutes) at {{file_folder}} `./deployment/secure_research_environment/setup`
 

From f151b24b102799ff0af05b8ef14ad43168439ae6 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Tue, 30 May 2023 11:54:54 +0100
Subject: [PATCH 214/289] remove custom gitignore

---
 .gitignore | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index d56d6c520d..39e3f1e981 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,9 +32,6 @@ docs/*.pdf
 docs/build
 docs/venv
 
-# Any logs saved
-logs
-
 # Files produced during testing
 .mustache_config.json
 expanded.yaml

From 3a009210270e24e992d29f55e6486abc7c211749 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Tue, 30 May 2023 11:57:50 +0100
Subject: [PATCH 215/289] explain shm id and sre id

---
 docs/source/roles/system_manager/manage_deployments.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/source/roles/system_manager/manage_deployments.md b/docs/source/roles/system_manager/manage_deployments.md
index cca0c80057..7b01adb3dc 100644
--- a/docs/source/roles/system_manager/manage_deployments.md
+++ b/docs/source/roles/system_manager/manage_deployments.md
@@ -23,6 +23,9 @@ After each 90 day period that the SRE is live, re-run the script to update the c
 PS> ./Update_SRE_SSL_Certificate.ps1 -shmId  -sreId 
 ```
 
+- where `` is the {ref}`management environment ID ` for this SHM
+- where `` is the {ref}`secure research environment ID ` for this SRE
+
 (resize_vm)=
 
 ## {{arrow_upper_right}} Resize the Virtual Machine (VM) of a Secure Research Desktop (SRD)

From 85159dd303c5d3029dac4f238c6b3faab8e643d1 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Tue, 30 May 2023 13:19:48 +0000
Subject: [PATCH 216/289] use relative file locations to stop build errors

---
 docs/source/conf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/source/conf.py b/docs/source/conf.py
index d5da42d6da..a9ca0920de 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -74,8 +74,8 @@
         }
     ],
     "logo": {
-        "image_light": "logo_turing_light.png",
-        "image_dark": "logo_turing_dark.png",
+        "image_light": "_static/logo_turing_light.png",
+        "image_dark": "_static/logo_turing_dark.png",
     },
     "secondary_sidebar_items": ["page-toc", "edit-this-page", "sourcelink"],
     "use_edit_page_button": True,

From 6fe41d8472106666c0a99e9e0f842764f9a5a9e3 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Tue, 30 May 2023 13:58:40 +0000
Subject: [PATCH 217/289] Add newline at end of conf.py

---
 docs/source/conf.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/source/conf.py b/docs/source/conf.py
index a9ca0920de..687a0684a7 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -47,6 +47,7 @@
 # ones.
 extensions = [
     "myst_parser",
+    "autosectionlabel"
 ]
 
 # Add any paths that contain templates here, relative to this directory.
@@ -109,4 +110,4 @@
 }
 
 # Allow MyST to generate anchors for section titles
-myst_heading_anchors = 4
\ No newline at end of file
+myst_heading_anchors = 4

From 7cbc6d42d3d8c702f46e772c598ca4685fb3b88a Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Tue, 30 May 2023 16:20:21 +0000
Subject: [PATCH 218/289] Remove autosectionlabel extension

---
 docs/source/conf.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/conf.py b/docs/source/conf.py
index 687a0684a7..a65d29520e 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -47,7 +47,7 @@
 # ones.
 extensions = [
     "myst_parser",
-    "autosectionlabel"
+
 ]
 
 # Add any paths that contain templates here, relative to this directory.

From a43c474c54af99718fb4a0eec20d469188173c33 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Tue, 30 May 2023 16:20:48 +0000
Subject: [PATCH 219/289] Remove autosectionlabel extension

---
 docs/source/conf.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/source/conf.py b/docs/source/conf.py
index a65d29520e..97d0811fe4 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -47,7 +47,6 @@
 # ones.
 extensions = [
     "myst_parser",
-
 ]
 
 # Add any paths that contain templates here, relative to this directory.

From 7a1b29e24fd22b74ca0526b805b6c10d02a9e60c Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Wed, 31 May 2023 09:58:08 +0000
Subject: [PATCH 220/289] Change firewall rule for servicebus

---
 .../network_rules/shm-firewall-rules.json     | 793 +-----------------
 1 file changed, 1 insertion(+), 792 deletions(-)

diff --git a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
index 7817322905..4b23c76c5f 100644
--- a/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
+++ b/deployment/safe_haven_management_environment/network_rules/shm-firewall-rules.json
@@ -190,798 +190,7 @@
                         ],
                         "fqdnTags": [],
                         "targetFqdns": [
-                            "g0-prod-ch3-003-sb.servicebus.windows.net",
-                            "g0-prod-ch3-004-sb.servicebus.windows.net",
-                            "g0-prod-ch3-005-sb.servicebus.windows.net",
-                            "g0-prod-ch3-006-sb.servicebus.windows.net",
-                            "g0-prod-ch3-007-sb.servicebus.windows.net",
-                            "g0-prod-ch3-008-sb.servicebus.windows.net",
-                            "g0-prod-ch3-009-sb.servicebus.windows.net",
-                            "g0-prod-sn3-003-sb.servicebus.windows.net",
-                            "g0-prod-sn3-004-sb.servicebus.windows.net",
-                            "g0-prod-sn3-005-sb.servicebus.windows.net",
-                            "g0-prod-sn3-006-sb.servicebus.windows.net",
-                            "g0-prod-sn3-007-sb.servicebus.windows.net",
-                            "g0-prod-sn3-009-sb.servicebus.windows.net",
-                            "g0-prod-sn3-010-sb.servicebus.windows.net",
-                            "g0-prod-sn3-011-sb.servicebus.windows.net",
-                            "g0-prod-sn3-012-sb.servicebus.windows.net",
-                            "g0-prod-sn3-013-sb.servicebus.windows.net",
-                            "g0-prod-sn3-014-sb.servicebus.windows.net",
-                            "g0-prod-sn3-203-sb.servicebus.windows.net",
-                            "g1-prod-ch3-003-sb.servicebus.windows.net",
-                            "g1-prod-ch3-004-sb.servicebus.windows.net",
-                            "g1-prod-ch3-005-sb.servicebus.windows.net",
-                            "g1-prod-ch3-006-sb.servicebus.windows.net",
-                            "g1-prod-ch3-007-sb.servicebus.windows.net",
-                            "g1-prod-ch3-008-sb.servicebus.windows.net",
-                            "g1-prod-ch3-009-sb.servicebus.windows.net",
-                            "g1-prod-sn3-003-sb.servicebus.windows.net",
-                            "g1-prod-sn3-004-sb.servicebus.windows.net",
-                            "g1-prod-sn3-005-sb.servicebus.windows.net",
-                            "g1-prod-sn3-006-sb.servicebus.windows.net",
-                            "g1-prod-sn3-007-sb.servicebus.windows.net",
-                            "g1-prod-sn3-009-sb.servicebus.windows.net",
-                            "g1-prod-sn3-010-sb.servicebus.windows.net",
-                            "g1-prod-sn3-011-sb.servicebus.windows.net",
-                            "g1-prod-sn3-012-sb.servicebus.windows.net",
-                            "g1-prod-sn3-013-sb.servicebus.windows.net",
-                            "g1-prod-sn3-014-sb.servicebus.windows.net",
-                            "g1-prod-sn3-203-sb.servicebus.windows.net",
-                            "g2-prod-ch3-003-sb.servicebus.windows.net",
-                            "g2-prod-ch3-004-sb.servicebus.windows.net",
-                            "g2-prod-ch3-005-sb.servicebus.windows.net",
-                            "g2-prod-ch3-006-sb.servicebus.windows.net",
-                            "g2-prod-ch3-007-sb.servicebus.windows.net",
-                            "g2-prod-ch3-008-sb.servicebus.windows.net",
-                            "g2-prod-ch3-009-sb.servicebus.windows.net",
-                            "g2-prod-sn3-003-sb.servicebus.windows.net",
-                            "g2-prod-sn3-004-sb.servicebus.windows.net",
-                            "g2-prod-sn3-005-sb.servicebus.windows.net",
-                            "g2-prod-sn3-006-sb.servicebus.windows.net",
-                            "g2-prod-sn3-007-sb.servicebus.windows.net",
-                            "g2-prod-sn3-009-sb.servicebus.windows.net",
-                            "g2-prod-sn3-010-sb.servicebus.windows.net",
-                            "g2-prod-sn3-011-sb.servicebus.windows.net",
-                            "g2-prod-sn3-012-sb.servicebus.windows.net",
-                            "g2-prod-sn3-013-sb.servicebus.windows.net",
-                            "g2-prod-sn3-014-sb.servicebus.windows.net",
-                            "g2-prod-sn3-203-sb.servicebus.windows.net",
-                            "g3-prod-ch3-003-sb.servicebus.windows.net",
-                            "g3-prod-ch3-004-sb.servicebus.windows.net",
-                            "g3-prod-ch3-005-sb.servicebus.windows.net",
-                            "g3-prod-ch3-006-sb.servicebus.windows.net",
-                            "g3-prod-ch3-007-sb.servicebus.windows.net",
-                            "g3-prod-ch3-008-sb.servicebus.windows.net",
-                            "g3-prod-ch3-009-sb.servicebus.windows.net",
-                            "g3-prod-sn3-003-sb.servicebus.windows.net",
-                            "g3-prod-sn3-004-sb.servicebus.windows.net",
-                            "g3-prod-sn3-005-sb.servicebus.windows.net",
-                            "g3-prod-sn3-006-sb.servicebus.windows.net",
-                            "g3-prod-sn3-007-sb.servicebus.windows.net",
-                            "g3-prod-sn3-009-sb.servicebus.windows.net",
-                            "g3-prod-sn3-010-sb.servicebus.windows.net",
-                            "g3-prod-sn3-011-sb.servicebus.windows.net",
-                            "g3-prod-sn3-012-sb.servicebus.windows.net",
-                            "g3-prod-sn3-013-sb.servicebus.windows.net",
-                            "g3-prod-sn3-014-sb.servicebus.windows.net",
-                            "g3-prod-sn3-203-sb.servicebus.windows.net",
-                            "g4-prod-ch3-003-sb.servicebus.windows.net",
-                            "g4-prod-ch3-004-sb.servicebus.windows.net",
-                            "g4-prod-ch3-005-sb.servicebus.windows.net",
-                            "g4-prod-ch3-006-sb.servicebus.windows.net",
-                            "g4-prod-ch3-007-sb.servicebus.windows.net",
-                            "g4-prod-ch3-008-sb.servicebus.windows.net",
-                            "g4-prod-ch3-009-sb.servicebus.windows.net",
-                            "g4-prod-sn3-003-sb.servicebus.windows.net",
-                            "g4-prod-sn3-004-sb.servicebus.windows.net",
-                            "g4-prod-sn3-005-sb.servicebus.windows.net",
-                            "g4-prod-sn3-006-sb.servicebus.windows.net",
-                            "g4-prod-sn3-007-sb.servicebus.windows.net",
-                            "g4-prod-sn3-009-sb.servicebus.windows.net",
-                            "g4-prod-sn3-010-sb.servicebus.windows.net",
-                            "g4-prod-sn3-011-sb.servicebus.windows.net",
-                            "g4-prod-sn3-012-sb.servicebus.windows.net",
-                            "g4-prod-sn3-013-sb.servicebus.windows.net",
-                            "g4-prod-sn3-014-sb.servicebus.windows.net",
-                            "g4-prod-sn3-203-sb.servicebus.windows.net",
-                            "g5-prod-ch3-003-sb.servicebus.windows.net",
-                            "g5-prod-ch3-004-sb.servicebus.windows.net",
-                            "g5-prod-ch3-005-sb.servicebus.windows.net",
-                            "g5-prod-ch3-006-sb.servicebus.windows.net",
-                            "g5-prod-ch3-007-sb.servicebus.windows.net",
-                            "g5-prod-ch3-008-sb.servicebus.windows.net",
-                            "g5-prod-ch3-009-sb.servicebus.windows.net",
-                            "g5-prod-sn3-003-sb.servicebus.windows.net",
-                            "g5-prod-sn3-004-sb.servicebus.windows.net",
-                            "g5-prod-sn3-005-sb.servicebus.windows.net",
-                            "g5-prod-sn3-006-sb.servicebus.windows.net",
-                            "g5-prod-sn3-007-sb.servicebus.windows.net",
-                            "g5-prod-sn3-009-sb.servicebus.windows.net",
-                            "g5-prod-sn3-010-sb.servicebus.windows.net",
-                            "g5-prod-sn3-011-sb.servicebus.windows.net",
-                            "g5-prod-sn3-012-sb.servicebus.windows.net",
-                            "g5-prod-sn3-013-sb.servicebus.windows.net",
-                            "g5-prod-sn3-014-sb.servicebus.windows.net",
-                            "g5-prod-sn3-203-sb.servicebus.windows.net",
-                            "g6-prod-ch3-003-sb.servicebus.windows.net",
-                            "g6-prod-ch3-004-sb.servicebus.windows.net",
-                            "g6-prod-ch3-005-sb.servicebus.windows.net",
-                            "g6-prod-ch3-006-sb.servicebus.windows.net",
-                            "g6-prod-ch3-007-sb.servicebus.windows.net",
-                            "g6-prod-ch3-008-sb.servicebus.windows.net",
-                            "g6-prod-ch3-009-sb.servicebus.windows.net",
-                            "g6-prod-sn3-003-sb.servicebus.windows.net",
-                            "g6-prod-sn3-004-sb.servicebus.windows.net",
-                            "g6-prod-sn3-005-sb.servicebus.windows.net",
-                            "g6-prod-sn3-006-sb.servicebus.windows.net",
-                            "g6-prod-sn3-007-sb.servicebus.windows.net",
-                            "g6-prod-sn3-009-sb.servicebus.windows.net",
-                            "g6-prod-sn3-010-sb.servicebus.windows.net",
-                            "g6-prod-sn3-011-sb.servicebus.windows.net",
-                            "g6-prod-sn3-012-sb.servicebus.windows.net",
-                            "g6-prod-sn3-013-sb.servicebus.windows.net",
-                            "g6-prod-sn3-014-sb.servicebus.windows.net",
-                            "g6-prod-sn3-203-sb.servicebus.windows.net",
-                            "g7-prod-ch3-003-sb.servicebus.windows.net",
-                            "g7-prod-ch3-004-sb.servicebus.windows.net",
-                            "g7-prod-ch3-005-sb.servicebus.windows.net",
-                            "g7-prod-ch3-006-sb.servicebus.windows.net",
-                            "g7-prod-ch3-007-sb.servicebus.windows.net",
-                            "g7-prod-ch3-008-sb.servicebus.windows.net",
-                            "g7-prod-ch3-009-sb.servicebus.windows.net",
-                            "g7-prod-sn3-003-sb.servicebus.windows.net",
-                            "g7-prod-sn3-004-sb.servicebus.windows.net",
-                            "g7-prod-sn3-005-sb.servicebus.windows.net",
-                            "g7-prod-sn3-006-sb.servicebus.windows.net",
-                            "g7-prod-sn3-007-sb.servicebus.windows.net",
-                            "g7-prod-sn3-009-sb.servicebus.windows.net",
-                            "g7-prod-sn3-010-sb.servicebus.windows.net",
-                            "g7-prod-sn3-011-sb.servicebus.windows.net",
-                            "g7-prod-sn3-012-sb.servicebus.windows.net",
-                            "g7-prod-sn3-013-sb.servicebus.windows.net",
-                            "g7-prod-sn3-014-sb.servicebus.windows.net",
-                            "g7-prod-sn3-203-sb.servicebus.windows.net",
-                            "g8-prod-ch3-003-sb.servicebus.windows.net",
-                            "g8-prod-ch3-004-sb.servicebus.windows.net",
-                            "g8-prod-ch3-005-sb.servicebus.windows.net",
-                            "g8-prod-ch3-006-sb.servicebus.windows.net",
-                            "g8-prod-ch3-007-sb.servicebus.windows.net",
-                            "g8-prod-ch3-008-sb.servicebus.windows.net",
-                            "g8-prod-ch3-009-sb.servicebus.windows.net",
-                            "g8-prod-sn3-003-sb.servicebus.windows.net",
-                            "g8-prod-sn3-004-sb.servicebus.windows.net",
-                            "g8-prod-sn3-005-sb.servicebus.windows.net",
-                            "g8-prod-sn3-006-sb.servicebus.windows.net",
-                            "g8-prod-sn3-007-sb.servicebus.windows.net",
-                            "g8-prod-sn3-009-sb.servicebus.windows.net",
-                            "g8-prod-sn3-010-sb.servicebus.windows.net",
-                            "g8-prod-sn3-011-sb.servicebus.windows.net",
-                            "g8-prod-sn3-012-sb.servicebus.windows.net",
-                            "g8-prod-sn3-013-sb.servicebus.windows.net",
-                            "g8-prod-sn3-014-sb.servicebus.windows.net",
-                            "g8-prod-sn3-203-sb.servicebus.windows.net",
-                            "g9-prod-ch3-003-sb.servicebus.windows.net",
-                            "g9-prod-ch3-004-sb.servicebus.windows.net",
-                            "g9-prod-ch3-005-sb.servicebus.windows.net",
-                            "g9-prod-ch3-006-sb.servicebus.windows.net",
-                            "g9-prod-ch3-007-sb.servicebus.windows.net",
-                            "g9-prod-ch3-008-sb.servicebus.windows.net",
-                            "g9-prod-ch3-009-sb.servicebus.windows.net",
-                            "g9-prod-sn3-003-sb.servicebus.windows.net",
-                            "g9-prod-sn3-004-sb.servicebus.windows.net",
-                            "g9-prod-sn3-005-sb.servicebus.windows.net",
-                            "g9-prod-sn3-006-sb.servicebus.windows.net",
-                            "g9-prod-sn3-007-sb.servicebus.windows.net",
-                            "g9-prod-sn3-009-sb.servicebus.windows.net",
-                            "g9-prod-sn3-010-sb.servicebus.windows.net",
-                            "g9-prod-sn3-011-sb.servicebus.windows.net",
-                            "g9-prod-sn3-012-sb.servicebus.windows.net",
-                            "g9-prod-sn3-013-sb.servicebus.windows.net",
-                            "g9-prod-sn3-014-sb.servicebus.windows.net",
-                            "g9-prod-sn3-203-sb.servicebus.windows.net",
-                            "g10-prod-ch3-003-sb.servicebus.windows.net",
-                            "g10-prod-ch3-004-sb.servicebus.windows.net",
-                            "g10-prod-ch3-005-sb.servicebus.windows.net",
-                            "g10-prod-ch3-006-sb.servicebus.windows.net",
-                            "g10-prod-ch3-007-sb.servicebus.windows.net",
-                            "g10-prod-ch3-008-sb.servicebus.windows.net",
-                            "g10-prod-ch3-009-sb.servicebus.windows.net",
-                            "g10-prod-sn3-003-sb.servicebus.windows.net",
-                            "g10-prod-sn3-004-sb.servicebus.windows.net",
-                            "g10-prod-sn3-005-sb.servicebus.windows.net",
-                            "g10-prod-sn3-006-sb.servicebus.windows.net",
-                            "g10-prod-sn3-007-sb.servicebus.windows.net",
-                            "g10-prod-sn3-009-sb.servicebus.windows.net",
-                            "g10-prod-sn3-010-sb.servicebus.windows.net",
-                            "g10-prod-sn3-011-sb.servicebus.windows.net",
-                            "g10-prod-sn3-012-sb.servicebus.windows.net",
-                            "g10-prod-sn3-013-sb.servicebus.windows.net",
-                            "g10-prod-sn3-014-sb.servicebus.windows.net",
-                            "g10-prod-sn3-203-sb.servicebus.windows.net",
-                            "g11-prod-ch3-003-sb.servicebus.windows.net",
-                            "g11-prod-ch3-004-sb.servicebus.windows.net",
-                            "g11-prod-ch3-005-sb.servicebus.windows.net",
-                            "g11-prod-ch3-006-sb.servicebus.windows.net",
-                            "g11-prod-ch3-007-sb.servicebus.windows.net",
-                            "g11-prod-ch3-008-sb.servicebus.windows.net",
-                            "g11-prod-ch3-009-sb.servicebus.windows.net",
-                            "g11-prod-sn3-003-sb.servicebus.windows.net",
-                            "g11-prod-sn3-004-sb.servicebus.windows.net",
-                            "g11-prod-sn3-005-sb.servicebus.windows.net",
-                            "g11-prod-sn3-006-sb.servicebus.windows.net",
-                            "g11-prod-sn3-007-sb.servicebus.windows.net",
-                            "g11-prod-sn3-009-sb.servicebus.windows.net",
-                            "g11-prod-sn3-010-sb.servicebus.windows.net",
-                            "g11-prod-sn3-011-sb.servicebus.windows.net",
-                            "g11-prod-sn3-012-sb.servicebus.windows.net",
-                            "g11-prod-sn3-013-sb.servicebus.windows.net",
-                            "g11-prod-sn3-014-sb.servicebus.windows.net",
-                            "g11-prod-sn3-203-sb.servicebus.windows.net",
-                            "g12-prod-ch3-003-sb.servicebus.windows.net",
-                            "g12-prod-ch3-004-sb.servicebus.windows.net",
-                            "g12-prod-ch3-005-sb.servicebus.windows.net",
-                            "g12-prod-ch3-006-sb.servicebus.windows.net",
-                            "g12-prod-ch3-007-sb.servicebus.windows.net",
-                            "g12-prod-ch3-008-sb.servicebus.windows.net",
-                            "g12-prod-ch3-009-sb.servicebus.windows.net",
-                            "g12-prod-sn3-003-sb.servicebus.windows.net",
-                            "g12-prod-sn3-004-sb.servicebus.windows.net",
-                            "g12-prod-sn3-005-sb.servicebus.windows.net",
-                            "g12-prod-sn3-006-sb.servicebus.windows.net",
-                            "g12-prod-sn3-007-sb.servicebus.windows.net",
-                            "g12-prod-sn3-009-sb.servicebus.windows.net",
-                            "g12-prod-sn3-010-sb.servicebus.windows.net",
-                            "g12-prod-sn3-011-sb.servicebus.windows.net",
-                            "g12-prod-sn3-012-sb.servicebus.windows.net",
-                            "g12-prod-sn3-013-sb.servicebus.windows.net",
-                            "g12-prod-sn3-014-sb.servicebus.windows.net",
-                            "g12-prod-sn3-203-sb.servicebus.windows.net",
-                            "g13-prod-ch3-003-sb.servicebus.windows.net",
-                            "g13-prod-ch3-004-sb.servicebus.windows.net",
-                            "g13-prod-ch3-005-sb.servicebus.windows.net",
-                            "g13-prod-ch3-006-sb.servicebus.windows.net",
-                            "g13-prod-ch3-007-sb.servicebus.windows.net",
-                            "g13-prod-ch3-008-sb.servicebus.windows.net",
-                            "g13-prod-ch3-009-sb.servicebus.windows.net",
-                            "g13-prod-sn3-003-sb.servicebus.windows.net",
-                            "g13-prod-sn3-004-sb.servicebus.windows.net",
-                            "g13-prod-sn3-005-sb.servicebus.windows.net",
-                            "g13-prod-sn3-006-sb.servicebus.windows.net",
-                            "g13-prod-sn3-007-sb.servicebus.windows.net",
-                            "g13-prod-sn3-009-sb.servicebus.windows.net",
-                            "g13-prod-sn3-010-sb.servicebus.windows.net",
-                            "g13-prod-sn3-011-sb.servicebus.windows.net",
-                            "g13-prod-sn3-012-sb.servicebus.windows.net",
-                            "g13-prod-sn3-013-sb.servicebus.windows.net",
-                            "g13-prod-sn3-014-sb.servicebus.windows.net",
-                            "g13-prod-sn3-203-sb.servicebus.windows.net",
-                            "g14-prod-ch3-003-sb.servicebus.windows.net",
-                            "g14-prod-ch3-004-sb.servicebus.windows.net",
-                            "g14-prod-ch3-005-sb.servicebus.windows.net",
-                            "g14-prod-ch3-006-sb.servicebus.windows.net",
-                            "g14-prod-ch3-007-sb.servicebus.windows.net",
-                            "g14-prod-ch3-008-sb.servicebus.windows.net",
-                            "g14-prod-ch3-009-sb.servicebus.windows.net",
-                            "g14-prod-sn3-003-sb.servicebus.windows.net",
-                            "g14-prod-sn3-004-sb.servicebus.windows.net",
-                            "g14-prod-sn3-005-sb.servicebus.windows.net",
-                            "g14-prod-sn3-006-sb.servicebus.windows.net",
-                            "g14-prod-sn3-007-sb.servicebus.windows.net",
-                            "g14-prod-sn3-009-sb.servicebus.windows.net",
-                            "g14-prod-sn3-010-sb.servicebus.windows.net",
-                            "g14-prod-sn3-011-sb.servicebus.windows.net",
-                            "g14-prod-sn3-012-sb.servicebus.windows.net",
-                            "g14-prod-sn3-013-sb.servicebus.windows.net",
-                            "g14-prod-sn3-014-sb.servicebus.windows.net",
-                            "g14-prod-sn3-203-sb.servicebus.windows.net",
-                            "g15-prod-ch3-003-sb.servicebus.windows.net",
-                            "g15-prod-ch3-004-sb.servicebus.windows.net",
-                            "g15-prod-ch3-005-sb.servicebus.windows.net",
-                            "g15-prod-ch3-006-sb.servicebus.windows.net",
-                            "g15-prod-ch3-007-sb.servicebus.windows.net",
-                            "g15-prod-ch3-008-sb.servicebus.windows.net",
-                            "g15-prod-ch3-009-sb.servicebus.windows.net",
-                            "g15-prod-sn3-003-sb.servicebus.windows.net",
-                            "g15-prod-sn3-004-sb.servicebus.windows.net",
-                            "g15-prod-sn3-005-sb.servicebus.windows.net",
-                            "g15-prod-sn3-006-sb.servicebus.windows.net",
-                            "g15-prod-sn3-007-sb.servicebus.windows.net",
-                            "g15-prod-sn3-009-sb.servicebus.windows.net",
-                            "g15-prod-sn3-010-sb.servicebus.windows.net",
-                            "g15-prod-sn3-011-sb.servicebus.windows.net",
-                            "g15-prod-sn3-012-sb.servicebus.windows.net",
-                            "g15-prod-sn3-013-sb.servicebus.windows.net",
-                            "g15-prod-sn3-014-sb.servicebus.windows.net",
-                            "g15-prod-sn3-203-sb.servicebus.windows.net",
-                            "g16-prod-ch3-003-sb.servicebus.windows.net",
-                            "g16-prod-ch3-004-sb.servicebus.windows.net",
-                            "g16-prod-ch3-006-sb.servicebus.windows.net",
-                            "g16-prod-ch3-007-sb.servicebus.windows.net",
-                            "g16-prod-sn3-003-sb.servicebus.windows.net",
-                            "g16-prod-sn3-004-sb.servicebus.windows.net",
-                            "g16-prod-sn3-005-sb.servicebus.windows.net",
-                            "g16-prod-sn3-006-sb.servicebus.windows.net",
-                            "g16-prod-sn3-007-sb.servicebus.windows.net",
-                            "g16-prod-sn3-010-sb.servicebus.windows.net",
-                            "g16-prod-sn3-011-sb.servicebus.windows.net",
-                            "g16-prod-sn3-012-sb.servicebus.windows.net",
-                            "g17-prod-ch3-003-sb.servicebus.windows.net",
-                            "g17-prod-ch3-004-sb.servicebus.windows.net",
-                            "g17-prod-ch3-006-sb.servicebus.windows.net",
-                            "g17-prod-ch3-007-sb.servicebus.windows.net",
-                            "g17-prod-sn3-003-sb.servicebus.windows.net",
-                            "g17-prod-sn3-004-sb.servicebus.windows.net",
-                            "g17-prod-sn3-005-sb.servicebus.windows.net",
-                            "g17-prod-sn3-006-sb.servicebus.windows.net",
-                            "g17-prod-sn3-007-sb.servicebus.windows.net",
-                            "g17-prod-sn3-010-sb.servicebus.windows.net",
-                            "g17-prod-sn3-011-sb.servicebus.windows.net",
-                            "g17-prod-sn3-012-sb.servicebus.windows.net",
-                            "g18-prod-ch3-003-sb.servicebus.windows.net",
-                            "g18-prod-ch3-004-sb.servicebus.windows.net",
-                            "g18-prod-ch3-006-sb.servicebus.windows.net",
-                            "g18-prod-ch3-007-sb.servicebus.windows.net",
-                            "g18-prod-sn3-003-sb.servicebus.windows.net",
-                            "g18-prod-sn3-004-sb.servicebus.windows.net",
-                            "g18-prod-sn3-005-sb.servicebus.windows.net",
-                            "g18-prod-sn3-006-sb.servicebus.windows.net",
-                            "g18-prod-sn3-007-sb.servicebus.windows.net",
-                            "g18-prod-sn3-010-sb.servicebus.windows.net",
-                            "g18-prod-sn3-011-sb.servicebus.windows.net",
-                            "g18-prod-sn3-012-sb.servicebus.windows.net",
-                            "g19-prod-ch3-003-sb.servicebus.windows.net",
-                            "g19-prod-ch3-004-sb.servicebus.windows.net",
-                            "g19-prod-ch3-006-sb.servicebus.windows.net",
-                            "g19-prod-ch3-007-sb.servicebus.windows.net",
-                            "g19-prod-sn3-003-sb.servicebus.windows.net",
-                            "g19-prod-sn3-004-sb.servicebus.windows.net",
-                            "g19-prod-sn3-005-sb.servicebus.windows.net",
-                            "g19-prod-sn3-006-sb.servicebus.windows.net",
-                            "g19-prod-sn3-007-sb.servicebus.windows.net",
-                            "g19-prod-sn3-010-sb.servicebus.windows.net",
-                            "g19-prod-sn3-011-sb.servicebus.windows.net",
-                            "g19-prod-sn3-012-sb.servicebus.windows.net",
-                            "g20-prod-ch3-003-sb.servicebus.windows.net",
-                            "g20-prod-ch3-004-sb.servicebus.windows.net",
-                            "g20-prod-ch3-006-sb.servicebus.windows.net",
-                            "g20-prod-ch3-007-sb.servicebus.windows.net",
-                            "g20-prod-sn3-003-sb.servicebus.windows.net",
-                            "g20-prod-sn3-004-sb.servicebus.windows.net",
-                            "g20-prod-sn3-005-sb.servicebus.windows.net",
-                            "g20-prod-sn3-006-sb.servicebus.windows.net",
-                            "g20-prod-sn3-007-sb.servicebus.windows.net",
-                            "g20-prod-sn3-010-sb.servicebus.windows.net",
-                            "g20-prod-sn3-011-sb.servicebus.windows.net",
-                            "g20-prod-sn3-012-sb.servicebus.windows.net",
-                            "g21-prod-ch3-003-sb.servicebus.windows.net",
-                            "g21-prod-ch3-004-sb.servicebus.windows.net",
-                            "g21-prod-ch3-006-sb.servicebus.windows.net",
-                            "g21-prod-ch3-007-sb.servicebus.windows.net",
-                            "g21-prod-sn3-003-sb.servicebus.windows.net",
-                            "g21-prod-sn3-004-sb.servicebus.windows.net",
-                            "g21-prod-sn3-005-sb.servicebus.windows.net",
-                            "g21-prod-sn3-006-sb.servicebus.windows.net",
-                            "g21-prod-sn3-007-sb.servicebus.windows.net",
-                            "g21-prod-sn3-010-sb.servicebus.windows.net",
-                            "g21-prod-sn3-011-sb.servicebus.windows.net",
-                            "g21-prod-sn3-012-sb.servicebus.windows.net",
-                            "g22-prod-ch3-003-sb.servicebus.windows.net",
-                            "g22-prod-ch3-004-sb.servicebus.windows.net",
-                            "g22-prod-ch3-006-sb.servicebus.windows.net",
-                            "g22-prod-ch3-007-sb.servicebus.windows.net",
-                            "g22-prod-sn3-003-sb.servicebus.windows.net",
-                            "g22-prod-sn3-004-sb.servicebus.windows.net",
-                            "g22-prod-sn3-005-sb.servicebus.windows.net",
-                            "g22-prod-sn3-006-sb.servicebus.windows.net",
-                            "g22-prod-sn3-007-sb.servicebus.windows.net",
-                            "g22-prod-sn3-010-sb.servicebus.windows.net",
-                            "g22-prod-sn3-011-sb.servicebus.windows.net",
-                            "g22-prod-sn3-012-sb.servicebus.windows.net",
-                            "g23-prod-ch3-003-sb.servicebus.windows.net",
-                            "g23-prod-ch3-004-sb.servicebus.windows.net",
-                            "g23-prod-ch3-006-sb.servicebus.windows.net",
-                            "g23-prod-ch3-007-sb.servicebus.windows.net",
-                            "g23-prod-sn3-003-sb.servicebus.windows.net",
-                            "g23-prod-sn3-004-sb.servicebus.windows.net",
-                            "g23-prod-sn3-005-sb.servicebus.windows.net",
-                            "g23-prod-sn3-006-sb.servicebus.windows.net",
-                            "g23-prod-sn3-007-sb.servicebus.windows.net",
-                            "g23-prod-sn3-010-sb.servicebus.windows.net",
-                            "g23-prod-sn3-011-sb.servicebus.windows.net",
-                            "g23-prod-sn3-012-sb.servicebus.windows.net",
-                            "g24-prod-ch3-003-sb.servicebus.windows.net",
-                            "g24-prod-ch3-004-sb.servicebus.windows.net",
-                            "g24-prod-ch3-006-sb.servicebus.windows.net",
-                            "g24-prod-ch3-007-sb.servicebus.windows.net",
-                            "g24-prod-sn3-003-sb.servicebus.windows.net",
-                            "g24-prod-sn3-004-sb.servicebus.windows.net",
-                            "g24-prod-sn3-005-sb.servicebus.windows.net",
-                            "g24-prod-sn3-006-sb.servicebus.windows.net",
-                            "g24-prod-sn3-007-sb.servicebus.windows.net",
-                            "g24-prod-sn3-010-sb.servicebus.windows.net",
-                            "g24-prod-sn3-011-sb.servicebus.windows.net",
-                            "g24-prod-sn3-012-sb.servicebus.windows.net",
-                            "g25-prod-ch3-003-sb.servicebus.windows.net",
-                            "g25-prod-ch3-004-sb.servicebus.windows.net",
-                            "g25-prod-ch3-006-sb.servicebus.windows.net",
-                            "g25-prod-ch3-007-sb.servicebus.windows.net",
-                            "g25-prod-sn3-003-sb.servicebus.windows.net",
-                            "g25-prod-sn3-004-sb.servicebus.windows.net",
-                            "g25-prod-sn3-005-sb.servicebus.windows.net",
-                            "g25-prod-sn3-006-sb.servicebus.windows.net",
-                            "g25-prod-sn3-007-sb.servicebus.windows.net",
-                            "g25-prod-sn3-010-sb.servicebus.windows.net",
-                            "g25-prod-sn3-011-sb.servicebus.windows.net",
-                            "g25-prod-sn3-012-sb.servicebus.windows.net",
-                            "g26-prod-ch3-003-sb.servicebus.windows.net",
-                            "g26-prod-ch3-004-sb.servicebus.windows.net",
-                            "g26-prod-ch3-006-sb.servicebus.windows.net",
-                            "g26-prod-ch3-007-sb.servicebus.windows.net",
-                            "g26-prod-sn3-003-sb.servicebus.windows.net",
-                            "g26-prod-sn3-004-sb.servicebus.windows.net",
-                            "g26-prod-sn3-005-sb.servicebus.windows.net",
-                            "g26-prod-sn3-006-sb.servicebus.windows.net",
-                            "g26-prod-sn3-007-sb.servicebus.windows.net",
-                            "g26-prod-sn3-010-sb.servicebus.windows.net",
-                            "g26-prod-sn3-011-sb.servicebus.windows.net",
-                            "g26-prod-sn3-012-sb.servicebus.windows.net",
-                            "g27-prod-ch3-003-sb.servicebus.windows.net",
-                            "g27-prod-ch3-004-sb.servicebus.windows.net",
-                            "g27-prod-ch3-006-sb.servicebus.windows.net",
-                            "g27-prod-ch3-007-sb.servicebus.windows.net",
-                            "g27-prod-sn3-003-sb.servicebus.windows.net",
-                            "g27-prod-sn3-004-sb.servicebus.windows.net",
-                            "g27-prod-sn3-005-sb.servicebus.windows.net",
-                            "g27-prod-sn3-006-sb.servicebus.windows.net",
-                            "g27-prod-sn3-007-sb.servicebus.windows.net",
-                            "g27-prod-sn3-010-sb.servicebus.windows.net",
-                            "g27-prod-sn3-011-sb.servicebus.windows.net",
-                            "g27-prod-sn3-012-sb.servicebus.windows.net",
-                            "g28-prod-ch3-003-sb.servicebus.windows.net",
-                            "g28-prod-ch3-004-sb.servicebus.windows.net",
-                            "g28-prod-ch3-006-sb.servicebus.windows.net",
-                            "g28-prod-ch3-007-sb.servicebus.windows.net",
-                            "g28-prod-sn3-003-sb.servicebus.windows.net",
-                            "g28-prod-sn3-004-sb.servicebus.windows.net",
-                            "g28-prod-sn3-005-sb.servicebus.windows.net",
-                            "g28-prod-sn3-006-sb.servicebus.windows.net",
-                            "g28-prod-sn3-007-sb.servicebus.windows.net",
-                            "g28-prod-sn3-010-sb.servicebus.windows.net",
-                            "g28-prod-sn3-011-sb.servicebus.windows.net",
-                            "g28-prod-sn3-012-sb.servicebus.windows.net",
-                            "g29-prod-ch3-003-sb.servicebus.windows.net",
-                            "g29-prod-ch3-004-sb.servicebus.windows.net",
-                            "g29-prod-ch3-006-sb.servicebus.windows.net",
-                            "g29-prod-ch3-007-sb.servicebus.windows.net",
-                            "g29-prod-sn3-003-sb.servicebus.windows.net",
-                            "g29-prod-sn3-004-sb.servicebus.windows.net",
-                            "g29-prod-sn3-005-sb.servicebus.windows.net",
-                            "g29-prod-sn3-006-sb.servicebus.windows.net",
-                            "g29-prod-sn3-007-sb.servicebus.windows.net",
-                            "g29-prod-sn3-010-sb.servicebus.windows.net",
-                            "g29-prod-sn3-011-sb.servicebus.windows.net",
-                            "g29-prod-sn3-012-sb.servicebus.windows.net",
-                            "g30-prod-ch3-003-sb.servicebus.windows.net",
-                            "g30-prod-ch3-004-sb.servicebus.windows.net",
-                            "g30-prod-ch3-006-sb.servicebus.windows.net",
-                            "g30-prod-ch3-007-sb.servicebus.windows.net",
-                            "g30-prod-sn3-003-sb.servicebus.windows.net",
-                            "g30-prod-sn3-004-sb.servicebus.windows.net",
-                            "g30-prod-sn3-005-sb.servicebus.windows.net",
-                            "g30-prod-sn3-006-sb.servicebus.windows.net",
-                            "g30-prod-sn3-007-sb.servicebus.windows.net",
-                            "g30-prod-sn3-010-sb.servicebus.windows.net",
-                            "g30-prod-sn3-011-sb.servicebus.windows.net",
-                            "g30-prod-sn3-012-sb.servicebus.windows.net",
-                            "g31-prod-ch3-003-sb.servicebus.windows.net",
-                            "g31-prod-ch3-004-sb.servicebus.windows.net",
-                            "g31-prod-ch3-006-sb.servicebus.windows.net",
-                            "g31-prod-ch3-007-sb.servicebus.windows.net",
-                            "g31-prod-sn3-003-sb.servicebus.windows.net",
-                            "g31-prod-sn3-004-sb.servicebus.windows.net",
-                            "g31-prod-sn3-005-sb.servicebus.windows.net",
-                            "g31-prod-sn3-006-sb.servicebus.windows.net",
-                            "g31-prod-sn3-007-sb.servicebus.windows.net",
-                            "g31-prod-sn3-010-sb.servicebus.windows.net",
-                            "g31-prod-sn3-011-sb.servicebus.windows.net",
-                            "g31-prod-sn3-012-sb.servicebus.windows.net",
-                            "g32-prod-ch3-003-sb.servicebus.windows.net",
-                            "g32-prod-ch3-004-sb.servicebus.windows.net",
-                            "g32-prod-ch3-006-sb.servicebus.windows.net",
-                            "g32-prod-ch3-007-sb.servicebus.windows.net",
-                            "g32-prod-sn3-003-sb.servicebus.windows.net",
-                            "g32-prod-sn3-004-sb.servicebus.windows.net",
-                            "g32-prod-sn3-005-sb.servicebus.windows.net",
-                            "g32-prod-sn3-006-sb.servicebus.windows.net",
-                            "g32-prod-sn3-007-sb.servicebus.windows.net",
-                            "g32-prod-sn3-010-sb.servicebus.windows.net",
-                            "g32-prod-sn3-011-sb.servicebus.windows.net",
-                            "g33-prod-ch3-003-sb.servicebus.windows.net",
-                            "g33-prod-ch3-004-sb.servicebus.windows.net",
-                            "g33-prod-ch3-006-sb.servicebus.windows.net",
-                            "g33-prod-ch3-007-sb.servicebus.windows.net",
-                            "g33-prod-sn3-003-sb.servicebus.windows.net",
-                            "g33-prod-sn3-004-sb.servicebus.windows.net",
-                            "g33-prod-sn3-005-sb.servicebus.windows.net",
-                            "g33-prod-sn3-006-sb.servicebus.windows.net",
-                            "g33-prod-sn3-007-sb.servicebus.windows.net",
-                            "g33-prod-sn3-010-sb.servicebus.windows.net",
-                            "g33-prod-sn3-011-sb.servicebus.windows.net",
-                            "g34-prod-ch3-003-sb.servicebus.windows.net",
-                            "g34-prod-ch3-004-sb.servicebus.windows.net",
-                            "g34-prod-ch3-006-sb.servicebus.windows.net",
-                            "g34-prod-ch3-007-sb.servicebus.windows.net",
-                            "g34-prod-sn3-003-sb.servicebus.windows.net",
-                            "g34-prod-sn3-004-sb.servicebus.windows.net",
-                            "g34-prod-sn3-005-sb.servicebus.windows.net",
-                            "g34-prod-sn3-006-sb.servicebus.windows.net",
-                            "g34-prod-sn3-007-sb.servicebus.windows.net",
-                            "g34-prod-sn3-010-sb.servicebus.windows.net",
-                            "g34-prod-sn3-011-sb.servicebus.windows.net",
-                            "g35-prod-ch3-003-sb.servicebus.windows.net",
-                            "g35-prod-ch3-004-sb.servicebus.windows.net",
-                            "g35-prod-ch3-006-sb.servicebus.windows.net",
-                            "g35-prod-ch3-007-sb.servicebus.windows.net",
-                            "g35-prod-sn3-003-sb.servicebus.windows.net",
-                            "g35-prod-sn3-004-sb.servicebus.windows.net",
-                            "g35-prod-sn3-005-sb.servicebus.windows.net",
-                            "g35-prod-sn3-006-sb.servicebus.windows.net",
-                            "g35-prod-sn3-007-sb.servicebus.windows.net",
-                            "g35-prod-sn3-010-sb.servicebus.windows.net",
-                            "g35-prod-sn3-011-sb.servicebus.windows.net",
-                            "g36-prod-ch3-003-sb.servicebus.windows.net",
-                            "g36-prod-ch3-004-sb.servicebus.windows.net",
-                            "g36-prod-ch3-006-sb.servicebus.windows.net",
-                            "g36-prod-ch3-007-sb.servicebus.windows.net",
-                            "g36-prod-sn3-003-sb.servicebus.windows.net",
-                            "g36-prod-sn3-004-sb.servicebus.windows.net",
-                            "g36-prod-sn3-005-sb.servicebus.windows.net",
-                            "g36-prod-sn3-006-sb.servicebus.windows.net",
-                            "g36-prod-sn3-007-sb.servicebus.windows.net",
-                            "g36-prod-sn3-010-sb.servicebus.windows.net",
-                            "g36-prod-sn3-011-sb.servicebus.windows.net",
-                            "g37-prod-ch3-003-sb.servicebus.windows.net",
-                            "g37-prod-ch3-004-sb.servicebus.windows.net",
-                            "g37-prod-ch3-006-sb.servicebus.windows.net",
-                            "g37-prod-ch3-007-sb.servicebus.windows.net",
-                            "g37-prod-sn3-003-sb.servicebus.windows.net",
-                            "g37-prod-sn3-004-sb.servicebus.windows.net",
-                            "g37-prod-sn3-005-sb.servicebus.windows.net",
-                            "g37-prod-sn3-006-sb.servicebus.windows.net",
-                            "g37-prod-sn3-007-sb.servicebus.windows.net",
-                            "g37-prod-sn3-010-sb.servicebus.windows.net",
-                            "g37-prod-sn3-011-sb.servicebus.windows.net",
-                            "g38-prod-ch3-003-sb.servicebus.windows.net",
-                            "g38-prod-ch3-004-sb.servicebus.windows.net",
-                            "g38-prod-ch3-006-sb.servicebus.windows.net",
-                            "g38-prod-ch3-007-sb.servicebus.windows.net",
-                            "g38-prod-sn3-003-sb.servicebus.windows.net",
-                            "g38-prod-sn3-004-sb.servicebus.windows.net",
-                            "g38-prod-sn3-005-sb.servicebus.windows.net",
-                            "g38-prod-sn3-006-sb.servicebus.windows.net",
-                            "g38-prod-sn3-007-sb.servicebus.windows.net",
-                            "g38-prod-sn3-010-sb.servicebus.windows.net",
-                            "g38-prod-sn3-011-sb.servicebus.windows.net",
-                            "g39-prod-ch3-003-sb.servicebus.windows.net",
-                            "g39-prod-ch3-004-sb.servicebus.windows.net",
-                            "g39-prod-ch3-006-sb.servicebus.windows.net",
-                            "g39-prod-ch3-007-sb.servicebus.windows.net",
-                            "g39-prod-sn3-003-sb.servicebus.windows.net",
-                            "g39-prod-sn3-004-sb.servicebus.windows.net",
-                            "g39-prod-sn3-005-sb.servicebus.windows.net",
-                            "g39-prod-sn3-006-sb.servicebus.windows.net",
-                            "g39-prod-sn3-007-sb.servicebus.windows.net",
-                            "g39-prod-sn3-010-sb.servicebus.windows.net",
-                            "g39-prod-sn3-011-sb.servicebus.windows.net",
-                            "g40-prod-ch3-003-sb.servicebus.windows.net",
-                            "g40-prod-ch3-007-sb.servicebus.windows.net",
-                            "g40-prod-sn3-003-sb.servicebus.windows.net",
-                            "g40-prod-sn3-004-sb.servicebus.windows.net",
-                            "g40-prod-sn3-005-sb.servicebus.windows.net",
-                            "g40-prod-sn3-006-sb.servicebus.windows.net",
-                            "g40-prod-sn3-007-sb.servicebus.windows.net",
-                            "g40-prod-sn3-010-sb.servicebus.windows.net",
-                            "g41-prod-ch3-003-sb.servicebus.windows.net",
-                            "g41-prod-ch3-007-sb.servicebus.windows.net",
-                            "g41-prod-sn3-003-sb.servicebus.windows.net",
-                            "g41-prod-sn3-004-sb.servicebus.windows.net",
-                            "g41-prod-sn3-005-sb.servicebus.windows.net",
-                            "g41-prod-sn3-006-sb.servicebus.windows.net",
-                            "g41-prod-sn3-007-sb.servicebus.windows.net",
-                            "g41-prod-sn3-010-sb.servicebus.windows.net",
-                            "g42-prod-ch3-003-sb.servicebus.windows.net",
-                            "g42-prod-ch3-007-sb.servicebus.windows.net",
-                            "g42-prod-sn3-003-sb.servicebus.windows.net",
-                            "g42-prod-sn3-004-sb.servicebus.windows.net",
-                            "g42-prod-sn3-005-sb.servicebus.windows.net",
-                            "g42-prod-sn3-006-sb.servicebus.windows.net",
-                            "g42-prod-sn3-007-sb.servicebus.windows.net",
-                            "g42-prod-sn3-010-sb.servicebus.windows.net",
-                            "g43-prod-ch3-003-sb.servicebus.windows.net",
-                            "g43-prod-ch3-007-sb.servicebus.windows.net",
-                            "g43-prod-sn3-003-sb.servicebus.windows.net",
-                            "g43-prod-sn3-004-sb.servicebus.windows.net",
-                            "g43-prod-sn3-005-sb.servicebus.windows.net",
-                            "g43-prod-sn3-006-sb.servicebus.windows.net",
-                            "g43-prod-sn3-007-sb.servicebus.windows.net",
-                            "g43-prod-sn3-010-sb.servicebus.windows.net",
-                            "g44-prod-ch3-003-sb.servicebus.windows.net",
-                            "g44-prod-ch3-007-sb.servicebus.windows.net",
-                            "g44-prod-sn3-003-sb.servicebus.windows.net",
-                            "g44-prod-sn3-004-sb.servicebus.windows.net",
-                            "g44-prod-sn3-005-sb.servicebus.windows.net",
-                            "g44-prod-sn3-006-sb.servicebus.windows.net",
-                            "g44-prod-sn3-007-sb.servicebus.windows.net",
-                            "g44-prod-sn3-010-sb.servicebus.windows.net",
-                            "g45-prod-ch3-003-sb.servicebus.windows.net",
-                            "g45-prod-ch3-007-sb.servicebus.windows.net",
-                            "g45-prod-sn3-003-sb.servicebus.windows.net",
-                            "g45-prod-sn3-004-sb.servicebus.windows.net",
-                            "g45-prod-sn3-005-sb.servicebus.windows.net",
-                            "g45-prod-sn3-006-sb.servicebus.windows.net",
-                            "g45-prod-sn3-007-sb.servicebus.windows.net",
-                            "g45-prod-sn3-010-sb.servicebus.windows.net",
-                            "g46-prod-ch3-003-sb.servicebus.windows.net",
-                            "g46-prod-ch3-007-sb.servicebus.windows.net",
-                            "g46-prod-sn3-003-sb.servicebus.windows.net",
-                            "g46-prod-sn3-004-sb.servicebus.windows.net",
-                            "g46-prod-sn3-005-sb.servicebus.windows.net",
-                            "g46-prod-sn3-006-sb.servicebus.windows.net",
-                            "g46-prod-sn3-007-sb.servicebus.windows.net",
-                            "g46-prod-sn3-010-sb.servicebus.windows.net",
-                            "g47-prod-ch3-003-sb.servicebus.windows.net",
-                            "g47-prod-ch3-007-sb.servicebus.windows.net",
-                            "g47-prod-sn3-003-sb.servicebus.windows.net",
-                            "g47-prod-sn3-004-sb.servicebus.windows.net",
-                            "g47-prod-sn3-005-sb.servicebus.windows.net",
-                            "g47-prod-sn3-006-sb.servicebus.windows.net",
-                            "g47-prod-sn3-007-sb.servicebus.windows.net",
-                            "g47-prod-sn3-010-sb.servicebus.windows.net",
-                            "g48-prod-ch3-003-sb.servicebus.windows.net",
-                            "g48-prod-ch3-007-sb.servicebus.windows.net",
-                            "g48-prod-sn3-003-sb.servicebus.windows.net",
-                            "g48-prod-sn3-004-sb.servicebus.windows.net",
-                            "g48-prod-sn3-005-sb.servicebus.windows.net",
-                            "g48-prod-sn3-006-sb.servicebus.windows.net",
-                            "g48-prod-sn3-010-sb.servicebus.windows.net",
-                            "g49-prod-ch3-003-sb.servicebus.windows.net",
-                            "g49-prod-ch3-007-sb.servicebus.windows.net",
-                            "g49-prod-sn3-003-sb.servicebus.windows.net",
-                            "g49-prod-sn3-004-sb.servicebus.windows.net",
-                            "g49-prod-sn3-005-sb.servicebus.windows.net",
-                            "g49-prod-sn3-006-sb.servicebus.windows.net",
-                            "g49-prod-sn3-010-sb.servicebus.windows.net",
-                            "g50-prod-ch3-003-sb.servicebus.windows.net",
-                            "g50-prod-ch3-007-sb.servicebus.windows.net",
-                            "g50-prod-sn3-003-sb.servicebus.windows.net",
-                            "g50-prod-sn3-004-sb.servicebus.windows.net",
-                            "g50-prod-sn3-005-sb.servicebus.windows.net",
-                            "g50-prod-sn3-006-sb.servicebus.windows.net",
-                            "g50-prod-sn3-010-sb.servicebus.windows.net",
-                            "g51-prod-ch3-003-sb.servicebus.windows.net",
-                            "g51-prod-ch3-007-sb.servicebus.windows.net",
-                            "g51-prod-sn3-003-sb.servicebus.windows.net",
-                            "g51-prod-sn3-004-sb.servicebus.windows.net",
-                            "g51-prod-sn3-005-sb.servicebus.windows.net",
-                            "g51-prod-sn3-006-sb.servicebus.windows.net",
-                            "g51-prod-sn3-010-sb.servicebus.windows.net",
-                            "g52-prod-ch3-003-sb.servicebus.windows.net",
-                            "g52-prod-ch3-007-sb.servicebus.windows.net",
-                            "g52-prod-sn3-003-sb.servicebus.windows.net",
-                            "g52-prod-sn3-004-sb.servicebus.windows.net",
-                            "g52-prod-sn3-005-sb.servicebus.windows.net",
-                            "g52-prod-sn3-006-sb.servicebus.windows.net",
-                            "g52-prod-sn3-010-sb.servicebus.windows.net",
-                            "g53-prod-ch3-003-sb.servicebus.windows.net",
-                            "g53-prod-ch3-007-sb.servicebus.windows.net",
-                            "g53-prod-sn3-003-sb.servicebus.windows.net",
-                            "g53-prod-sn3-004-sb.servicebus.windows.net",
-                            "g53-prod-sn3-005-sb.servicebus.windows.net",
-                            "g53-prod-sn3-006-sb.servicebus.windows.net",
-                            "g53-prod-sn3-010-sb.servicebus.windows.net",
-                            "g54-prod-ch3-003-sb.servicebus.windows.net",
-                            "g54-prod-ch3-007-sb.servicebus.windows.net",
-                            "g54-prod-sn3-003-sb.servicebus.windows.net",
-                            "g54-prod-sn3-004-sb.servicebus.windows.net",
-                            "g54-prod-sn3-005-sb.servicebus.windows.net",
-                            "g54-prod-sn3-006-sb.servicebus.windows.net",
-                            "g54-prod-sn3-010-sb.servicebus.windows.net",
-                            "g55-prod-ch3-003-sb.servicebus.windows.net",
-                            "g55-prod-ch3-007-sb.servicebus.windows.net",
-                            "g55-prod-sn3-003-sb.servicebus.windows.net",
-                            "g55-prod-sn3-004-sb.servicebus.windows.net",
-                            "g55-prod-sn3-005-sb.servicebus.windows.net",
-                            "g55-prod-sn3-006-sb.servicebus.windows.net",
-                            "g55-prod-sn3-010-sb.servicebus.windows.net",
-                            "g56-prod-ch3-003-sb.servicebus.windows.net",
-                            "g56-prod-ch3-007-sb.servicebus.windows.net",
-                            "g56-prod-sn3-003-sb.servicebus.windows.net",
-                            "g56-prod-sn3-004-sb.servicebus.windows.net",
-                            "g56-prod-sn3-005-sb.servicebus.windows.net",
-                            "g56-prod-sn3-006-sb.servicebus.windows.net",
-                            "g56-prod-sn3-010-sb.servicebus.windows.net",
-                            "g57-prod-ch3-003-sb.servicebus.windows.net",
-                            "g57-prod-ch3-007-sb.servicebus.windows.net",
-                            "g57-prod-sn3-003-sb.servicebus.windows.net",
-                            "g57-prod-sn3-004-sb.servicebus.windows.net",
-                            "g57-prod-sn3-005-sb.servicebus.windows.net",
-                            "g57-prod-sn3-006-sb.servicebus.windows.net",
-                            "g57-prod-sn3-010-sb.servicebus.windows.net",
-                            "g58-prod-ch3-003-sb.servicebus.windows.net",
-                            "g58-prod-ch3-007-sb.servicebus.windows.net",
-                            "g58-prod-sn3-003-sb.servicebus.windows.net",
-                            "g58-prod-sn3-004-sb.servicebus.windows.net",
-                            "g58-prod-sn3-005-sb.servicebus.windows.net",
-                            "g58-prod-sn3-006-sb.servicebus.windows.net",
-                            "g58-prod-sn3-010-sb.servicebus.windows.net",
-                            "g59-prod-ch3-003-sb.servicebus.windows.net",
-                            "g59-prod-ch3-007-sb.servicebus.windows.net",
-                            "g59-prod-sn3-003-sb.servicebus.windows.net",
-                            "g59-prod-sn3-004-sb.servicebus.windows.net",
-                            "g59-prod-sn3-005-sb.servicebus.windows.net",
-                            "g59-prod-sn3-006-sb.servicebus.windows.net",
-                            "g59-prod-sn3-010-sb.servicebus.windows.net",
-                            "g60-prod-ch3-003-sb.servicebus.windows.net",
-                            "g60-prod-ch3-007-sb.servicebus.windows.net",
-                            "g60-prod-sn3-003-sb.servicebus.windows.net",
-                            "g60-prod-sn3-004-sb.servicebus.windows.net",
-                            "g60-prod-sn3-005-sb.servicebus.windows.net",
-                            "g60-prod-sn3-006-sb.servicebus.windows.net",
-                            "g60-prod-sn3-010-sb.servicebus.windows.net",
-                            "g61-prod-ch3-003-sb.servicebus.windows.net",
-                            "g61-prod-ch3-007-sb.servicebus.windows.net",
-                            "g61-prod-sn3-003-sb.servicebus.windows.net",
-                            "g61-prod-sn3-004-sb.servicebus.windows.net",
-                            "g61-prod-sn3-005-sb.servicebus.windows.net",
-                            "g61-prod-sn3-006-sb.servicebus.windows.net",
-                            "g61-prod-sn3-010-sb.servicebus.windows.net",
-                            "g62-prod-ch3-003-sb.servicebus.windows.net",
-                            "g62-prod-ch3-007-sb.servicebus.windows.net",
-                            "g62-prod-sn3-003-sb.servicebus.windows.net",
-                            "g62-prod-sn3-004-sb.servicebus.windows.net",
-                            "g62-prod-sn3-005-sb.servicebus.windows.net",
-                            "g62-prod-sn3-006-sb.servicebus.windows.net",
-                            "g62-prod-sn3-010-sb.servicebus.windows.net",
-                            "g63-prod-ch3-003-sb.servicebus.windows.net",
-                            "g63-prod-ch3-007-sb.servicebus.windows.net",
-                            "g63-prod-sn3-003-sb.servicebus.windows.net",
-                            "g63-prod-sn3-004-sb.servicebus.windows.net",
-                            "g63-prod-sn3-005-sb.servicebus.windows.net",
-                            "g63-prod-sn3-006-sb.servicebus.windows.net",
-                            "g63-prod-sn3-010-sb.servicebus.windows.net",
-                            "g64-prod-sn3-010-sb.servicebus.windows.net",
-                            "g65-prod-sn3-010-sb.servicebus.windows.net",
-                            "g66-prod-sn3-010-sb.servicebus.windows.net",
-                            "g67-prod-sn3-010-sb.servicebus.windows.net",
-                            "g68-prod-sn3-010-sb.servicebus.windows.net",
-                            "g69-prod-sn3-010-sb.servicebus.windows.net",
-                            "g70-prod-sn3-010-sb.servicebus.windows.net",
-                            "g71-prod-sn3-010-sb.servicebus.windows.net",
-                            "g72-prod-sn3-010-sb.servicebus.windows.net",
-                            "g73-prod-sn3-010-sb.servicebus.windows.net",
-                            "g74-prod-sn3-010-sb.servicebus.windows.net",
-                            "g75-prod-sn3-010-sb.servicebus.windows.net",
-                            "g76-prod-sn3-010-sb.servicebus.windows.net",
-                            "g77-prod-sn3-010-sb.servicebus.windows.net",
-                            "g78-prod-sn3-010-sb.servicebus.windows.net",
-                            "g79-prod-sn3-010-sb.servicebus.windows.net",
-                            "g80-prod-sn3-010-sb.servicebus.windows.net",
-                            "g81-prod-sn3-010-sb.servicebus.windows.net",
-                            "g82-prod-sn3-010-sb.servicebus.windows.net",
-                            "g83-prod-sn3-010-sb.servicebus.windows.net",
-                            "g84-prod-sn3-010-sb.servicebus.windows.net",
-                            "g85-prod-sn3-010-sb.servicebus.windows.net",
-                            "g86-prod-sn3-010-sb.servicebus.windows.net",
-                            "g87-prod-sn3-010-sb.servicebus.windows.net",
-                            "g88-prod-sn3-010-sb.servicebus.windows.net",
-                            "g89-prod-sn3-010-sb.servicebus.windows.net",
-                            "g90-prod-sn3-010-sb.servicebus.windows.net",
-                            "g91-prod-sn3-010-sb.servicebus.windows.net",
-                            "g92-prod-sn3-010-sb.servicebus.windows.net",
-                            "g93-prod-sn3-010-sb.servicebus.windows.net",
-                            "g94-prod-sn3-010-sb.servicebus.windows.net",
-                            "g95-prod-sn3-010-sb.servicebus.windows.net",
+                            "*-sb.servicebus.windows.net",
                             "passwordreset.microsoftonline.com",
                             "ssprdedicatedsbprodncu.servicebus.windows.net",
                             "ssprdedicatedsbprodscu.servicebus.windows.net"

From 63d58b98a1028318f18a0483aa964f1018ac33f6 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 31 May 2023 14:02:52 +0100
Subject: [PATCH 221/289] Reduce lychee verbosity

---
 .github/workflows/documentation.yaml | 2 +-
 .lychee.toml                         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index 3413fc8c2f..dba1394ac3 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -52,5 +52,5 @@ jobs:
       - name: Link Checker
         uses: lycheeverse/lychee-action@v1.7.0
         with:
-          args: --config='./.lychee.toml' --verbose --no-progress './docs/build/html/**/*.html'
+          args: --config='./.lychee.toml' --no-progress './docs/build/html/**/*.html'
           fail: true  # fail on broken links
diff --git a/.lychee.toml b/.lychee.toml
index 73893f32fe..0537bd1382 100644
--- a/.lychee.toml
+++ b/.lychee.toml
@@ -2,7 +2,7 @@
 
 # Verbose program output
 # Accepts log level: "error", "warn", "info", "debug", "trace"
-verbose = "info"
+verbose = "error"
 
 # Don't show interactive progress bar while checking links.
 no_progress = false

From 19aea8bf4a252409eebf268f25f06cba35f83f00 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 31 May 2023 14:03:51 +0100
Subject: [PATCH 222/289] Replace markdown link check

As of this commit, offline only, not checking docs (as the documentation
link checker does this).
---
 .github/workflows/test_code.yaml |  9 +++++----
 .markdownlinkcheck.json          | 22 ----------------------
 2 files changed, 5 insertions(+), 26 deletions(-)
 delete mode 100644 .markdownlinkcheck.json

diff --git a/.github/workflows/test_code.yaml b/.github/workflows/test_code.yaml
index 6ecedf9c05..a1fa737f67 100644
--- a/.github/workflows/test_code.yaml
+++ b/.github/workflows/test_code.yaml
@@ -31,7 +31,8 @@ jobs:
       - name: Install requirements
         shell: bash
         run: npm install -g markdown-link-check
-      - name: Test Markdown for dead links
-        shell: bash
-        run: find . -name "*.md" | xargs -n 1 markdown-link-check -p -c .markdownlinkcheck.json
-        continue-on-error: true
+      - name: Link Checker
+        uses: lycheeverse/lychee-action@v1.7.0
+        with:
+          args: --config='./.lychee.toml' --no-progress --offline '**/*.md' --exclude-path './docs'
+          fail: true  # fail on broken links
diff --git a/.markdownlinkcheck.json b/.markdownlinkcheck.json
deleted file mode 100644
index 0857236a82..0000000000
--- a/.markdownlinkcheck.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-    "ignorePatterns": [
-        {
-            "_comment": "As the repository is private, without authentication these paths will return 404",
-            "pattern": "^https://github.com/alan-turing-institute/data-safe-haven"
-        },
-        {
-            "_comment": "As the repository is private, without authentication these paths will return 404",
-            "pattern": "^https://github.com/alan-turing-institute/data-classification-app"
-        },
-        {
-            "_comment": "Returns permanent direct code",
-            "pattern": "^https://www.egress.com"
-        },
-        {
-            "_comment": "Seems to return redirect codes in curl, 200 in browser. markdown-link-check does not return the http code",
-            "pattern": "^https://www.turing.ac.uk/"
-        }
-    ],
-    "retryOn429": true,
-    "aliveStatusCodes":[200, 302, 304]
-}

From 2940454ea49583358678f7ab04ecf053de02c82b Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 31 May 2023 14:55:07 +0100
Subject: [PATCH 223/289] Fix links in CONTRIBUTING.md

---
 CONTRIBUTING.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index fd33223515..7e406ecc7c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -34,7 +34,7 @@ For the Data Safe Haven project, we follow a DevOps development philosophy.
 This means different things to different people, but the definition that we're using is [best summed up here](https://www.guru99.com/agile-vs-devops.html).
 
 

-   
+   
 

 
 This is a software development method which focuses on:
@@ -87,7 +87,7 @@ In order to contribute via GitHub you'll need to set up a free account and sign
 We use the [Gitflow Workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow).
 
 

-   
+   
 

 
 This means that:
@@ -172,7 +172,7 @@ For example, `@KirstieJane` will send a notification to `Kirstie Whitaker` so sh
 Alternatively (and this is encouraged) you can use the issue to keep track of where you're up to with the task and add information about next steps and barriers.
 
 

-   
+   
 

 
 ### Working in a private repository

From d045d8ad193b819e881c1ca812ad3f99fa07dc94 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Thu, 1 Jun 2023 11:14:39 +0100
Subject: [PATCH 224/289] folder typo

---
 docs/source/deployment/deploy_shm.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/deploy_shm.md b/docs/source/deployment/deploy_shm.md
index 9d718df193..94f652b1f1 100644
--- a/docs/source/deployment/deploy_shm.md
+++ b/docs/source/deployment/deploy_shm.md
@@ -384,7 +384,7 @@ Make sure you have activated your account and **successfully logged in** with th
 
 ## 6. {{computer}} Deploy SHM
 
-![Powershell: a few hours](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=a%20few%20hours) at {{file_folder}} `./deployment/secure_research_environment/setup`
+![Powershell: a few hours](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=a%20few%20hours) at {{file_folder}} `./deployment/safe_haven_management_environment/setup`
 
 ```powershell
 PS> ./Deploy_SHM.ps1 -shmId 

From a3ff6c0e71e5c4d18d3817ee405b1312ae7f8037 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Thu, 1 Jun 2023 11:14:39 +0100
Subject: [PATCH 225/289] folder typo

Cherry pick d045d8ad193b819e881c1ca812ad3f99fa07dc94
---
 docs/source/deployment/deploy_shm.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/deploy_shm.md b/docs/source/deployment/deploy_shm.md
index 9d718df193..94f652b1f1 100644
--- a/docs/source/deployment/deploy_shm.md
+++ b/docs/source/deployment/deploy_shm.md
@@ -384,7 +384,7 @@ Make sure you have activated your account and **successfully logged in** with th
 
 ## 6. {{computer}} Deploy SHM
 
-![Powershell: a few hours](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=a%20few%20hours) at {{file_folder}} `./deployment/secure_research_environment/setup`
+![Powershell: a few hours](https://img.shields.io/static/v1?style=for-the-badge&logo=powershell&label=local&color=blue&message=a%20few%20hours) at {{file_folder}} `./deployment/safe_haven_management_environment/setup`
 
 ```powershell
 PS> ./Deploy_SHM.ps1 -shmId 

From c0610a3e736737ecfa91623edc00be96b6cde2f0 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Mon, 5 Jun 2023 09:50:50 +0000
Subject: [PATCH 226/289] resolve gitignore conflict

---
 .gitignore | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 8f2fdcee33..39e3f1e981 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,8 +28,9 @@ docs/*.pdf
 # ... except the tiers flowchart
 !docs/tiersflowchart.pdf
 
-# Sphinx output
+# Sphinx output and venv
 docs/build
+docs/venv
 
 # Files produced during testing
 .mustache_config.json

From d4fc0c40630ef4a9f7be42b3258a9fa59b479fca Mon Sep 17 00:00:00 2001
From: JimMadge 
Date: Thu, 8 Jun 2023 00:19:26 +0000
Subject: [PATCH 227/289] Update SRD package versions

---
 .../packages/deb-azuredatastudio.version                    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version
index 3f59a83115..19844aca82 100644
--- a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version
+++ b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version
@@ -1,4 +1,4 @@
-hash: a201c6f593a7a71c22070d2c5ca3b0b2c9db2b05538bb079d66e8f40246371e5
-version: 1.44.0
+hash: f413c7e1315516dc37c2a7d0c31cece0663556266dcb3a81aa9c402620a5c236
+version: 1.44.1
 debfile: azuredatastudio-linux-|VERSION|.deb
-remote: https://sqlopsbuilds.azureedge.net/stable/31bee67f005648cdc9186f28ef39b4f1d6585e0f/|DEBFILE|
+remote: https://sqlopsbuilds.azureedge.net/stable/8f53a316fa00a98264f1ab119641cd540b5af25c/|DEBFILE|

From 7580268c9e895024abc53896420f0a1517adab97 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Tue, 20 Jun 2023 15:28:21 +0100
Subject: [PATCH 228/289] :memo: Clarify PR template

---
 .github/pull_request_template.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index dd828294ba..1b2533d089 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -8,10 +8,10 @@ Replace the empty checkboxes [ ] below with checked ones [x] accordingly.
 -->
 
 - [ ] You have given your pull request a meaningful title (_e.g._ `Enable foobar integration` rather than `515 foobar`).
-- [ ] You are targeting the **develop branch**.
-- [ ] Your branch is up-to-date with the **develop branch** (you probably started your branch from `develop` but it may have changed since then).
-- [ ] If-and-only-if your changes are not yet ready to merge, you have marked this pull request as a **draft** pull request and added '[WIP]' to the title.
-- [ ] If-and-only-if you have changed any Powershell code, you have run the code formatter. You can do this with `./tests/AutoFormat_Powershell.ps1 -TargetPath `.
+- [ ] You are targeting the appropriate branch. If you're not certain which one this is, it should be **`develop`**.
+- [ ] Your branch is up-to-date with the **target branch** (it probably was when you started, but it may have changed since then).
+- [ ] You have marked this pull request as a **draft** and added `'[WIP]'` to the title if needed (if you're not yet ready to merge).
+- [ ] You have formatted your code using appropriate automated tools (for example `./tests/AutoFormat_Powershell.ps1 -TargetPath ` for Powershell).
 
 ### :arrow_heading_up: Summary
 

From 97b89ee50f843131641b04e7ab9c1acad2e50590 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:42:34 +0000
Subject: [PATCH 229/289] add deflist directly to user_guide_*

---
 .../roles/researcher/user_guide_msrds.md      | 46 +++++++++++++++++--
 1 file changed, 43 insertions(+), 3 deletions(-)

diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md
index 7a4752d63f..a2b92dfacc 100644
--- a/docs/source/roles/researcher/user_guide_msrds.md
+++ b/docs/source/roles/researcher/user_guide_msrds.md
@@ -2,10 +2,50 @@
 
 # User Guide: Microsoft Remote Desktop
 
-```{include} snippets/01_introduction.partial.md
-:relative-images:
+## {{beginner}} Introduction
+
+{{tada}} Welcome to the Turing Data Safe Haven! {{tada}}
+
+Secure research environments (SREs) for analysis of sensitive datasets are essential to give data providers confidence that their datasets will be kept secure over the course of a project.
+The Data Safe Haven is a prescription for how to set up one or more SREs and give users access to them.
+The Data Safe Haven SRE design is aimed at allowing groups of researchers to work together on projects that involve sensitive or confidential datasets at scale.
+Our goal is to ensure that you are able to implement the most cutting edge data science techniques while maintaining all ethical and legal responsibilities of information governance and access.
+
+The data you are working on will have been classified into one of five sensitivity tiers, ranging from open data at Tier 0, to highly sensitive and high risk data at Tier 4.
+The tiers are defined by the most sensitive data in your project, and may be increased if the combination of data is deemed to be require additional levels of security.
+You can read more about this process in our policy paper: _Arenas et al, 2019_, [`arXiv:1908.08737`](https://arxiv.org/abs/1908.08737).
+
+The level of sensitivity of your data determines whether you have access to the internet within the SRE and whether you are allowed to copy and paste between the secure research environment and other windows on your computer.
+This means you may be limited in which data science tools you are allowed to install.
+You will find that many software packages are already available, and the administrator of the SRE will ingress - bring into the environment - as many additional resources as possible.
+
+```{important}
+Please read this user guide carefully and remember to refer back to it when you have questions.
+In many cases the answer is already here, but if you think this resource could be clearer, please let us know so we can improve the documentation for future users.
 ```
 
+### Definitions
+
+The following definitions might be useful during the rest of this guide
+
+Secure Research Environment (SRE)
+: the environment that you will be using to access the sensitive data.
+
+Data Safe Haven
+: the overall project that details how to create and manage one or more SREs.
+
+(user_guide_username_domain_2)=
+Username domain
+: the domain (for example `projects.turingsafehaven.ac.uk`) which your user account will belong to. Multiple SREs can share the same domain for managing users in common.
+
+(user_guide_sre_id_2)=
+SRE ID
+: each SRE has a unique short ID, for example `sandbox` which your {ref}`System Manager ` will use to distinguish different SREs in the same Data Safe Haven.
+
+(user_guide_sre_url_2)=
+SRE URL
+: each SRE has a unique URL (for example `sandbox.projects.turingsafehaven.ac.uk`) which is used to access the data.
+
 ```{include} snippets/02_account_setup.partial.md
 :relative-images:
 ```
@@ -28,7 +68,7 @@
 
 - Open a **private/incognito** browser session, so that you don't pick up any existing Microsoft logins
 
-- Go to the {ref}`SRE URL ` given by your {ref}`System Manager `.
+- Go to the {ref}`SRE URL ` given by your {ref}`System Manager `.
 
   ```{note}
   Our example user, Ada Lovelace, participating in the `sandbox` project at a Turing Data Study Group, would navigate to `https://sandbox.projects.turingsafehaven.ac.uk`.

From f90449ddfdc10b4b19b560463b545aad3d1f288a Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:42:57 +0000
Subject: [PATCH 230/289] remove explicit link to prevent duplicate id

---
 docs/source/roles/researcher/snippets/04_using_srd.partial.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/source/roles/researcher/snippets/04_using_srd.partial.md b/docs/source/roles/researcher/snippets/04_using_srd.partial.md
index 7b8fefcfc0..92c0ed1cfc 100644
--- a/docs/source/roles/researcher/snippets/04_using_srd.partial.md
+++ b/docs/source/roles/researcher/snippets/04_using_srd.partial.md
@@ -78,8 +78,6 @@ For example:
 :align: center
 ```
 
-(available_python_and_r_versions)=
-
 ### {{snake}} Available Python and R versions
 
 Typing `R` at the command line will give you the system version of `R` with many custom packages pre-installed.

From d0895c16bb90fae03c55a8865b24c6cd82f091a6 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:43:20 +0000
Subject: [PATCH 231/289] add more direct link to avoid missing xref

---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index a44f332d24..3d75fd0f09 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See {ref}`Available Python Versions `.
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
\ No newline at end of file

From 0afcf508faec779ecd2afd0f216ae2506b7a5680 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:45:07 +0000
Subject: [PATCH 232/289] Add newline character

---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index 3d75fd0f09..927e4f8437 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,5 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
\ No newline at end of file
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    
\ No newline at end of file

From 04fdc3c6811390ccb4ff4ca1336e30834690e22d Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:47:12 +0000
Subject: [PATCH 233/289] Remove trailing spaces

---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index 927e4f8437..ede84557e4 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -11,4 +11,3 @@ They are automatically uploaded to the SRD during the deployment step.
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
     - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
-    
\ No newline at end of file

From b5390d03bb067c4c361c0e83b0c43c8106b7e426 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:56:42 +0000
Subject: [PATCH 234/289] sphinx doc builds should fail on warnings

---
 .github/workflows/documentation.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index 3413fc8c2f..8e218cdbac 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -46,9 +46,10 @@ jobs:
       - name: Install dependencies
         run: |
           pip install -r requirements.txt
-      - name: Sphinx build
+      - name: Sphinx build 
+        # Set warnings to be treated as errors
         run: |
-          make html
+          make html SPHINXOPTS="-W" 
       - name: Link Checker
         uses: lycheeverse/lychee-action@v1.7.0
         with:

From c2c1ecefe00008035cd2ce66cfb21c81d706530c Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:57:41 +0000
Subject: [PATCH 235/289] doc build should treat warnings as errors

---
 .github/workflows/documentation.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index 8e218cdbac..be86e6a8c6 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -27,7 +27,7 @@ jobs:
           pip install -r requirements.txt
       - name: Sphinx build
         run: |
-          make html
+          make html SPHINXOPTS="-W"
 
   check_links:
     name: Check links

From 4d64096b08669ab0323b106d1c8fa4df28baf5d7 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:58:42 +0000
Subject: [PATCH 236/289] Remove trailing spaces

---
 .github/workflows/documentation.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index be86e6a8c6..9ae8e54d74 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -46,10 +46,10 @@ jobs:
       - name: Install dependencies
         run: |
           pip install -r requirements.txt
-      - name: Sphinx build 
+      - name: Sphinx build
         # Set warnings to be treated as errors
         run: |
-          make html SPHINXOPTS="-W" 
+          make html SPHINXOPTS="-W"
       - name: Link Checker
         uses: lycheeverse/lychee-action@v1.7.0
         with:

From b1a96f94e288cfff5a7ee15b958ac8736d045d6b Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 14:01:12 +0000
Subject: [PATCH 237/289] introduce error to test build failing

---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index ede84557e4..41a628a935 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()

From dc87d8d6e2c96288f7cd20e34f853e58c883112b Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 14:03:32 +0000
Subject: [PATCH 238/289] Fix error after testing build failure

---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index 41a628a935..ede84557e4 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()

From fda5d93f463e36808a9d73e7aa371d0ebc3dd539 Mon Sep 17 00:00:00 2001
From: Matt Craddock 
Date: Thu, 22 Jun 2023 16:01:57 +0100
Subject: [PATCH 239/289] Remove bold from explicit link text

Co-authored-by: Jim Madge 
---
 .../source/roles/researcher/snippets/03_02_srd_login.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md b/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
index 696d0a3344..d44628f777 100644
--- a/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
+++ b/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
@@ -20,7 +20,7 @@
 
   ```{caution}
   We recommend _not_ including special characters in your password as the keyboard layout expected by the login screen may be different from the one you're using.
-  - if you want to reset your password, follow the steps defined in the [**Password and MFA**](#password-and-mfa) section above.
+  - if you want to reset your password, follow the steps defined in the [Password and MFA](#password-and-mfa) section above.
   - if you want to continue with special characters in your password, please test that they are being entered correctly by typing them in the username field.
   ```
 

From b43c9d508fa428805221637fdbd70e79d503b7ee Mon Sep 17 00:00:00 2001
From: Matt Craddock 
Date: Thu, 22 Jun 2023 16:09:15 +0100
Subject: [PATCH 240/289] Change link style from autolink to markdown-style

Co-authored-by: Jim Madge 
---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index ede84557e4..cd864a4c97 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions](/roles/researcher/user_guide_guacamole.md#available-python-and-r-versions)

From 1927f35f06a9198582ff641867608743b5631d52 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:11:15 +0000
Subject: [PATCH 241/289] Add deprecation warning to MSRDS user guide

---
 docs/source/roles/researcher/user_guide_msrds.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md
index a2b92dfacc..ae86f98a15 100644
--- a/docs/source/roles/researcher/user_guide_msrds.md
+++ b/docs/source/roles/researcher/user_guide_msrds.md
@@ -2,6 +2,10 @@
 
 # User Guide: Microsoft Remote Desktop
 
+```{warning}
+Use of Microsoft Remote Desktop is deprecated. It will be removed in an upcoming release of the Data Safe Haven.
+```
+
 ## {{beginner}} Introduction
 
 {{tada}} Welcome to the Turing Data Safe Haven! {{tada}}

From 6c199537cd655bd11a2fab5cec747b923a61a282 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:14:39 +0000
Subject: [PATCH 242/289] Add MSRDS deprecation warnings

---
 docs/source/deployment/deploy_sre_microsoft_rds.md | 4 ++++
 docs/source/roles/researcher/user_guide_msrds.md   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/source/deployment/deploy_sre_microsoft_rds.md b/docs/source/deployment/deploy_sre_microsoft_rds.md
index 6087246d74..3950e88d89 100644
--- a/docs/source/deployment/deploy_sre_microsoft_rds.md
+++ b/docs/source/deployment/deploy_sre_microsoft_rds.md
@@ -2,6 +2,10 @@
 
 # Deploy an SRE with Microsoft RDS
 
+```{warning}
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
+```
+
 These instructions will walk you through deploying a Secure Research Environment (SRE) that uses an existing Safe Haven Management (SHM) environment.
 
 ```{important}
diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md
index ae86f98a15..0993e28ef3 100644
--- a/docs/source/roles/researcher/user_guide_msrds.md
+++ b/docs/source/roles/researcher/user_guide_msrds.md
@@ -3,7 +3,7 @@
 # User Guide: Microsoft Remote Desktop
 
 ```{warning}
-Use of Microsoft Remote Desktop is deprecated. It will be removed in an upcoming release of the Data Safe Haven.
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
 ```
 
 ## {{beginner}} Introduction

From 48d3604d54ad6f9f3d7a1a2a8840f9bf4b9cb82b Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:54:48 +0000
Subject: [PATCH 243/289] state which version of the DSH will remove MSRDS

---
 docs/source/deployment/deploy_sre_microsoft_rds.md | 2 +-
 docs/source/roles/researcher/user_guide_msrds.md   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/source/deployment/deploy_sre_microsoft_rds.md b/docs/source/deployment/deploy_sre_microsoft_rds.md
index 3950e88d89..40a2035c3a 100644
--- a/docs/source/deployment/deploy_sre_microsoft_rds.md
+++ b/docs/source/deployment/deploy_sre_microsoft_rds.md
@@ -3,7 +3,7 @@
 # Deploy an SRE with Microsoft RDS
 
 ```{warning}
-Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.1.0` of the Data Safe Haven.
 ```
 
 These instructions will walk you through deploying a Secure Research Environment (SRE) that uses an existing Safe Haven Management (SHM) environment.
diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md
index 0993e28ef3..67d76c6270 100644
--- a/docs/source/roles/researcher/user_guide_msrds.md
+++ b/docs/source/roles/researcher/user_guide_msrds.md
@@ -3,7 +3,7 @@
 # User Guide: Microsoft Remote Desktop
 
 ```{warning}
-Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.1.0` of the Data Safe Haven.
 ```
 
 ## {{beginner}} Introduction

From 7575b4eeb460ac4b052a287c5e35a941a2ab7d22 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:55:20 +0000
Subject: [PATCH 244/289] Add intro snippet directly to user_guide_guac

---
 .../roles/researcher/user_guide_guacamole.md  | 44 ++++++++++++++++++-
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/docs/source/roles/researcher/user_guide_guacamole.md b/docs/source/roles/researcher/user_guide_guacamole.md
index ec6ff16af9..1dd58f5608 100644
--- a/docs/source/roles/researcher/user_guide_guacamole.md
+++ b/docs/source/roles/researcher/user_guide_guacamole.md
@@ -2,10 +2,50 @@
 
 # User Guide: Apache Guacamole
 
-```{include} snippets/01_introduction.partial.md
-:relative-images:
+## {{beginner}} Introduction
+
+{{tada}} Welcome to the Turing Data Safe Haven! {{tada}}
+
+Secure research environments (SREs) for analysis of sensitive datasets are essential to give data providers confidence that their datasets will be kept secure over the course of a project.
+The Data Safe Haven is a prescription for how to set up one or more SREs and give users access to them.
+The Data Safe Haven SRE design is aimed at allowing groups of researchers to work together on projects that involve sensitive or confidential datasets at scale.
+Our goal is to ensure that you are able to implement the most cutting edge data science techniques while maintaining all ethical and legal responsibilities of information governance and access.
+
+The data you are working on will have been classified into one of five sensitivity tiers, ranging from open data at Tier 0, to highly sensitive and high risk data at Tier 4.
+The tiers are defined by the most sensitive data in your project, and may be increased if the combination of data is deemed to be require additional levels of security.
+You can read more about this process in our policy paper: _Arenas et al, 2019_, [`arXiv:1908.08737`](https://arxiv.org/abs/1908.08737).
+
+The level of sensitivity of your data determines whether you have access to the internet within the SRE and whether you are allowed to copy and paste between the secure research environment and other windows on your computer.
+This means you may be limited in which data science tools you are allowed to install.
+You will find that many software packages are already available, and the administrator of the SRE will ingress - bring into the environment - as many additional resources as possible.
+
+```{important}
+Please read this user guide carefully and remember to refer back to it when you have questions.
+In many cases the answer is already here, but if you think this resource could be clearer, please let us know so we can improve the documentation for future users.
 ```
 
+### Definitions
+
+The following definitions might be useful during the rest of this guide
+
+Secure Research Environment (SRE)
+: the environment that you will be using to access the sensitive data.
+
+Data Safe Haven
+: the overall project that details how to create and manage one or more SREs.
+
+(user_guide_username_domain)=
+Username domain
+: the domain (for example `projects.turingsafehaven.ac.uk`) which your user account will belong to. Multiple SREs can share the same domain for managing users in common.
+
+(user_guide_sre_id)=
+SRE ID
+: each SRE has a unique short ID, for example `sandbox` which your {ref}`System Manager ` will use to distinguish different SREs in the same Data Safe Haven.
+
+(user_guide_sre_url)=
+SRE URL
+: each SRE has a unique URL (for example `sandbox.projects.turingsafehaven.ac.uk`) which is used to access the data.
+
 (roles_researcher_user_guide_setup_mfa)=
 
 ```{include} snippets/02_account_setup.partial.md

From 2e828a9a26076f803884ff30e5d6452d08323a11 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:21:43 +0000
Subject: [PATCH 245/289] remove unused snippet

---
 .../snippets/01_introduction.partial.md       | 43 -------------------
 1 file changed, 43 deletions(-)
 delete mode 100644 docs/source/roles/researcher/snippets/01_introduction.partial.md

diff --git a/docs/source/roles/researcher/snippets/01_introduction.partial.md b/docs/source/roles/researcher/snippets/01_introduction.partial.md
deleted file mode 100644
index 14b2c4162b..0000000000
--- a/docs/source/roles/researcher/snippets/01_introduction.partial.md
+++ /dev/null
@@ -1,43 +0,0 @@
-## {{beginner}} Introduction
-
-{{tada}} Welcome to the Turing Data Safe Haven! {{tada}}
-
-Secure research environments (SREs) for analysis of sensitive datasets are essential to give data providers confidence that their datasets will be kept secure over the course of a project.
-The Data Safe Haven is a prescription for how to set up one or more SREs and give users access to them.
-The Data Safe Haven SRE design is aimed at allowing groups of researchers to work together on projects that involve sensitive or confidential datasets at scale.
-Our goal is to ensure that you are able to implement the most cutting edge data science techniques while maintaining all ethical and legal responsibilities of information governance and access.
-
-The data you are working on will have been classified into one of five sensitivity tiers, ranging from open data at Tier 0, to highly sensitive and high risk data at Tier 4.
-The tiers are defined by the most sensitive data in your project, and may be increased if the combination of data is deemed to be require additional levels of security.
-You can read more about this process in our policy paper: _Arenas et al, 2019_, [`arXiv:1908.08737`](https://arxiv.org/abs/1908.08737).
-
-The level of sensitivity of your data determines whether you have access to the internet within the SRE and whether you are allowed to copy and paste between the secure research environment and other windows on your computer.
-This means you may be limited in which data science tools you are allowed to install.
-You will find that many software packages are already available, and the administrator of the SRE will ingress - bring into the environment - as many additional resources as possible.
-
-```{important}
-Please read this user guide carefully and remember to refer back to it when you have questions.
-In many cases the answer is already here, but if you think this resource could be clearer, please let us know so we can improve the documentation for future users.
-```
-
-### Definitions
-
-The following definitions might be useful during the rest of this guide
-
-Secure Research Environment (SRE)
-: the environment that you will be using to access the sensitive data.
-
-Data Safe Haven
-: the overall project that details how to create and manage one or more SREs.
-
-(user_guide_username_domain)=
-Username domain
-: the domain (for example `projects.turingsafehaven.ac.uk`) which your user account will belong to. Multiple SREs can share the same domain for managing users in common.
-
-(user_guide_sre_id)=
-SRE ID
-: each SRE has a unique short ID, for example `sandbox` which your {ref}`System Manager ` will use to distinguish different SREs in the same Data Safe Haven.
-
-(user_guide_sre_url)=
-SRE URL
-: each SRE has a unique URL (for example `sandbox.projects.turingsafehaven.ac.uk`) which is used to access the data.

From c9b995f580cc614d7e2bd69149d0f5406f079e72 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:42:57 +0000
Subject: [PATCH 246/289] remove explicit link to prevent duplicate id

(cherry picked from commit f90449ddfdc10b4b19b560463b545aad3d1f288a)
---
 docs/source/roles/researcher/snippets/04_using_srd.partial.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/source/roles/researcher/snippets/04_using_srd.partial.md b/docs/source/roles/researcher/snippets/04_using_srd.partial.md
index 7b8fefcfc0..92c0ed1cfc 100644
--- a/docs/source/roles/researcher/snippets/04_using_srd.partial.md
+++ b/docs/source/roles/researcher/snippets/04_using_srd.partial.md
@@ -78,8 +78,6 @@ For example:
 :align: center
 ```
 
-(available_python_and_r_versions)=
-
 ### {{snake}} Available Python and R versions
 
 Typing `R` at the command line will give you the system version of `R` with many custom packages pre-installed.

From 7fe1ea0d63a4b4cf6473f9fc6f6195ede667a879 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:43:20 +0000
Subject: [PATCH 247/289] add more direct link to avoid missing xref

(cherry picked from commit d0895c16bb90fae03c55a8865b24c6cd82f091a6)
---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index a44f332d24..3d75fd0f09 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See {ref}`Available Python Versions `.
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
\ No newline at end of file

From 65c1e60599677eab6d0513d13f27f3c0e1192841 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:45:07 +0000
Subject: [PATCH 248/289] Add newline character

(cherry picked from commit 0afcf508faec779ecd2afd0f216ae2506b7a5680)
---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index 3d75fd0f09..927e4f8437 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,5 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
\ No newline at end of file
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    
\ No newline at end of file

From c07621c42c13d0f243f47c1d11dce6447d24fe86 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:47:12 +0000
Subject: [PATCH 249/289] Remove trailing spaces

(cherry picked from commit 04fdc3c6811390ccb4ff4ca1336e30834690e22d)
---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index 927e4f8437..ede84557e4 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -11,4 +11,3 @@ They are automatically uploaded to the SRD during the deployment step.
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
     - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
-    
\ No newline at end of file

From 1892f035e2e741c66aa7c41618760fd27371ef56 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:56:42 +0000
Subject: [PATCH 250/289] sphinx doc builds should fail on warnings

(cherry picked from commit b5390d03bb067c4c361c0e83b0c43c8106b7e426)
---
 .github/workflows/documentation.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index 3413fc8c2f..8e218cdbac 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -46,9 +46,10 @@ jobs:
       - name: Install dependencies
         run: |
           pip install -r requirements.txt
-      - name: Sphinx build
+      - name: Sphinx build 
+        # Set warnings to be treated as errors
         run: |
-          make html
+          make html SPHINXOPTS="-W" 
       - name: Link Checker
         uses: lycheeverse/lychee-action@v1.7.0
         with:

From e64c2030d547e1c1f480d2fbb543b956fff67b59 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:57:41 +0000
Subject: [PATCH 251/289] doc build should treat warnings as errors

(cherry picked from commit c2c1ecefe00008035cd2ce66cfb21c81d706530c)
---
 .github/workflows/documentation.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index 8e218cdbac..be86e6a8c6 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -27,7 +27,7 @@ jobs:
           pip install -r requirements.txt
       - name: Sphinx build
         run: |
-          make html
+          make html SPHINXOPTS="-W"
 
   check_links:
     name: Check links

From 9471898cd6b5f41fa835c798b5b1c3a3bedf4caa Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:58:42 +0000
Subject: [PATCH 252/289] Remove trailing spaces

(cherry picked from commit 4d64096b08669ab0323b106d1c8fa4df28baf5d7)
---
 .github/workflows/documentation.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
index be86e6a8c6..9ae8e54d74 100644
--- a/.github/workflows/documentation.yaml
+++ b/.github/workflows/documentation.yaml
@@ -46,10 +46,10 @@ jobs:
       - name: Install dependencies
         run: |
           pip install -r requirements.txt
-      - name: Sphinx build 
+      - name: Sphinx build
         # Set warnings to be treated as errors
         run: |
-          make html SPHINXOPTS="-W" 
+          make html SPHINXOPTS="-W"
       - name: Link Checker
         uses: lycheeverse/lychee-action@v1.7.0
         with:

From 702fd120f1be99e8d328aebbbf69e205e21d5438 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 14:01:12 +0000
Subject: [PATCH 253/289] introduce error to test build failing

(cherry picked from commit b1a96f94e288cfff5a7ee15b958ac8736d045d6b)
---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index ede84557e4..41a628a935 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()

From 768df58786fb6172d0d6fcd64d7ed29951aa9d11 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 14:03:32 +0000
Subject: [PATCH 254/289] Fix error after testing build failure

(cherry picked from commit dc87d8d6e2c96288f7cd20e34f853e58c883112b)
---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index 41a628a935..ede84557e4 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()

From c5012e41bbf971b39a73595eba3b1dbcd7a1d2c4 Mon Sep 17 00:00:00 2001
From: Matt Craddock 
Date: Thu, 22 Jun 2023 16:01:57 +0100
Subject: [PATCH 255/289] Remove bold from explicit link text

Co-authored-by: Jim Madge 
(cherry picked from commit fda5d93f463e36808a9d73e7aa371d0ebc3dd539)
---
 .../source/roles/researcher/snippets/03_02_srd_login.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md b/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
index de6812a39f..d44628f777 100644
--- a/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
+++ b/docs/source/roles/researcher/snippets/03_02_srd_login.partial.md
@@ -20,7 +20,7 @@
 
   ```{caution}
   We recommend _not_ including special characters in your password as the keyboard layout expected by the login screen may be different from the one you're using.
-  - if you want to reset your password, follow the steps defined in the [**Set your password**](#set-a-password) section above.
+  - if you want to reset your password, follow the steps defined in the [Password and MFA](#password-and-mfa) section above.
   - if you want to continue with special characters in your password, please test that they are being entered correctly by typing them in the username field.
   ```
 

From 39c203104190502eb5891bfced603734e5479b63 Mon Sep 17 00:00:00 2001
From: Matt Craddock 
Date: Thu, 22 Jun 2023 16:09:15 +0100
Subject: [PATCH 256/289] Change link style from autolink to markdown-style

Co-authored-by: Jim Madge 
(cherry picked from commit b43c9d508fa428805221637fdbd70e79d503b7ee)
---
 docs/source/deployment/snippets/14_run_smoke_tests.partial.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
index ede84557e4..cd864a4c97 100644
--- a/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
+++ b/docs/source/deployment/snippets/14_run_smoke_tests.partial.md
@@ -10,4 +10,4 @@ They are automatically uploaded to the SRD during the deployment step.
     - if any of the tests fail, check the `README.md` in this folder for help in diagnosing the issues
 - Copy `tests/test_jupyter.ipynb` to your home directory
     - activate each of the available Python versions in turn
-    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions]()
+    - run `jupyter notebook` in each case and check that you can run the notebook and that all versions and paths match throughout. See [Available Python and R versions](/roles/researcher/user_guide_guacamole.md#available-python-and-r-versions)

From 212a380c6324a46a5c51c553deefcdcfac9ed280 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:11:15 +0000
Subject: [PATCH 257/289] Add deprecation warning to MSRDS user guide

(cherry picked from commit 1927f35f06a9198582ff641867608743b5631d52)
---
 .../roles/researcher/user_guide_msrds.md      | 26 +++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md
index 7a4752d63f..3141ba7fbd 100644
--- a/docs/source/roles/researcher/user_guide_msrds.md
+++ b/docs/source/roles/researcher/user_guide_msrds.md
@@ -2,8 +2,30 @@
 
 # User Guide: Microsoft Remote Desktop
 
-```{include} snippets/01_introduction.partial.md
-:relative-images:
+```{warning}
+Use of Microsoft Remote Desktop is deprecated. It will be removed in an upcoming release of the Data Safe Haven.
+```
+
+## {{beginner}} Introduction
+
+{{tada}} Welcome to the Turing Data Safe Haven! {{tada}}
+
+Secure research environments (SREs) for analysis of sensitive datasets are essential to give data providers confidence that their datasets will be kept secure over the course of a project.
+The Data Safe Haven is a prescription for how to set up one or more SREs and give users access to them.
+The Data Safe Haven SRE design is aimed at allowing groups of researchers to work together on projects that involve sensitive or confidential datasets at scale.
+Our goal is to ensure that you are able to implement the most cutting edge data science techniques while maintaining all ethical and legal responsibilities of information governance and access.
+
+The data you are working on will have been classified into one of five sensitivity tiers, ranging from open data at Tier 0, to highly sensitive and high risk data at Tier 4.
+The tiers are defined by the most sensitive data in your project, and may be increased if the combination of data is deemed to be require additional levels of security.
+You can read more about this process in our policy paper: _Arenas et al, 2019_, [`arXiv:1908.08737`](https://arxiv.org/abs/1908.08737).
+
+The level of sensitivity of your data determines whether you have access to the internet within the SRE and whether you are allowed to copy and paste between the secure research environment and other windows on your computer.
+This means you may be limited in which data science tools you are allowed to install.
+You will find that many software packages are already available, and the administrator of the SRE will ingress - bring into the environment - as many additional resources as possible.
+
+```{important}
+Please read this user guide carefully and remember to refer back to it when you have questions.
+In many cases the answer is already here, but if you think this resource could be clearer, please let us know so we can improve the documentation for future users.
 ```
 
 ```{include} snippets/02_account_setup.partial.md

From 4af07541ddd13566158bf3b3b7cb7fdad1dd1b48 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:14:39 +0000
Subject: [PATCH 258/289] Add MSRDS deprecation warnings

(cherry picked from commit 6c199537cd655bd11a2fab5cec747b923a61a282)
---
 docs/source/deployment/deploy_sre_microsoft_rds.md | 4 ++++
 docs/source/roles/researcher/user_guide_msrds.md   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/source/deployment/deploy_sre_microsoft_rds.md b/docs/source/deployment/deploy_sre_microsoft_rds.md
index 6087246d74..3950e88d89 100644
--- a/docs/source/deployment/deploy_sre_microsoft_rds.md
+++ b/docs/source/deployment/deploy_sre_microsoft_rds.md
@@ -2,6 +2,10 @@
 
 # Deploy an SRE with Microsoft RDS
 
+```{warning}
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
+```
+
 These instructions will walk you through deploying a Secure Research Environment (SRE) that uses an existing Safe Haven Management (SHM) environment.
 
 ```{important}
diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md
index 3141ba7fbd..7cedbd5050 100644
--- a/docs/source/roles/researcher/user_guide_msrds.md
+++ b/docs/source/roles/researcher/user_guide_msrds.md
@@ -3,7 +3,7 @@
 # User Guide: Microsoft Remote Desktop
 
 ```{warning}
-Use of Microsoft Remote Desktop is deprecated. It will be removed in an upcoming release of the Data Safe Haven.
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
 ```
 
 ## {{beginner}} Introduction

From 6c71f779a34dcd096e9896f41caf988072183358 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:54:48 +0000
Subject: [PATCH 259/289] state which version of the DSH will remove MSRDS

(cherry picked from commit 48d3604d54ad6f9f3d7a1a2a8840f9bf4b9cb82b)
---
 docs/source/deployment/deploy_sre_microsoft_rds.md | 2 +-
 docs/source/roles/researcher/user_guide_msrds.md   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/source/deployment/deploy_sre_microsoft_rds.md b/docs/source/deployment/deploy_sre_microsoft_rds.md
index 3950e88d89..40a2035c3a 100644
--- a/docs/source/deployment/deploy_sre_microsoft_rds.md
+++ b/docs/source/deployment/deploy_sre_microsoft_rds.md
@@ -3,7 +3,7 @@
 # Deploy an SRE with Microsoft RDS
 
 ```{warning}
-Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.1.0` of the Data Safe Haven.
 ```
 
 These instructions will walk you through deploying a Secure Research Environment (SRE) that uses an existing Safe Haven Management (SHM) environment.
diff --git a/docs/source/roles/researcher/user_guide_msrds.md b/docs/source/roles/researcher/user_guide_msrds.md
index 7cedbd5050..4f722cc10f 100644
--- a/docs/source/roles/researcher/user_guide_msrds.md
+++ b/docs/source/roles/researcher/user_guide_msrds.md
@@ -3,7 +3,7 @@
 # User Guide: Microsoft Remote Desktop
 
 ```{warning}
-Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in an upcoming release of the Data Safe Haven.
+Support for Microsoft Remote Desktop is deprecated. Deployment scripts and related documentation will be removed in version `4.1.0` of the Data Safe Haven.
 ```
 
 ## {{beginner}} Introduction

From c924b8859c3d7fa9381f5f37854ddf51a6bbee5b Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Thu, 22 Jun 2023 15:55:20 +0000
Subject: [PATCH 260/289] Add intro snippet directly to user_guide_guac

(cherry picked from commit 7575b4eeb460ac4b052a287c5e35a941a2ab7d22)
---
 .../roles/researcher/user_guide_guacamole.md  | 44 ++++++++++++++++++-
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/docs/source/roles/researcher/user_guide_guacamole.md b/docs/source/roles/researcher/user_guide_guacamole.md
index ec6ff16af9..1dd58f5608 100644
--- a/docs/source/roles/researcher/user_guide_guacamole.md
+++ b/docs/source/roles/researcher/user_guide_guacamole.md
@@ -2,10 +2,50 @@
 
 # User Guide: Apache Guacamole
 
-```{include} snippets/01_introduction.partial.md
-:relative-images:
+## {{beginner}} Introduction
+
+{{tada}} Welcome to the Turing Data Safe Haven! {{tada}}
+
+Secure research environments (SREs) for analysis of sensitive datasets are essential to give data providers confidence that their datasets will be kept secure over the course of a project.
+The Data Safe Haven is a prescription for how to set up one or more SREs and give users access to them.
+The Data Safe Haven SRE design is aimed at allowing groups of researchers to work together on projects that involve sensitive or confidential datasets at scale.
+Our goal is to ensure that you are able to implement the most cutting edge data science techniques while maintaining all ethical and legal responsibilities of information governance and access.
+
+The data you are working on will have been classified into one of five sensitivity tiers, ranging from open data at Tier 0, to highly sensitive and high risk data at Tier 4.
+The tiers are defined by the most sensitive data in your project, and may be increased if the combination of data is deemed to be require additional levels of security.
+You can read more about this process in our policy paper: _Arenas et al, 2019_, [`arXiv:1908.08737`](https://arxiv.org/abs/1908.08737).
+
+The level of sensitivity of your data determines whether you have access to the internet within the SRE and whether you are allowed to copy and paste between the secure research environment and other windows on your computer.
+This means you may be limited in which data science tools you are allowed to install.
+You will find that many software packages are already available, and the administrator of the SRE will ingress - bring into the environment - as many additional resources as possible.
+
+```{important}
+Please read this user guide carefully and remember to refer back to it when you have questions.
+In many cases the answer is already here, but if you think this resource could be clearer, please let us know so we can improve the documentation for future users.
 ```
 
+### Definitions
+
+The following definitions might be useful during the rest of this guide
+
+Secure Research Environment (SRE)
+: the environment that you will be using to access the sensitive data.
+
+Data Safe Haven
+: the overall project that details how to create and manage one or more SREs.
+
+(user_guide_username_domain)=
+Username domain
+: the domain (for example `projects.turingsafehaven.ac.uk`) which your user account will belong to. Multiple SREs can share the same domain for managing users in common.
+
+(user_guide_sre_id)=
+SRE ID
+: each SRE has a unique short ID, for example `sandbox` which your {ref}`System Manager ` will use to distinguish different SREs in the same Data Safe Haven.
+
+(user_guide_sre_url)=
+SRE URL
+: each SRE has a unique URL (for example `sandbox.projects.turingsafehaven.ac.uk`) which is used to access the data.
+
 (roles_researcher_user_guide_setup_mfa)=
 
 ```{include} snippets/02_account_setup.partial.md

From 41d0c437d8946d143f2abe29071e8f3402622178 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Mon, 26 Jun 2023 13:21:43 +0000
Subject: [PATCH 261/289] remove unused snippet

(cherry picked from commit 2e828a9a26076f803884ff30e5d6452d08323a11)
---
 .../snippets/01_introduction.partial.md       | 43 -------------------
 1 file changed, 43 deletions(-)
 delete mode 100644 docs/source/roles/researcher/snippets/01_introduction.partial.md

diff --git a/docs/source/roles/researcher/snippets/01_introduction.partial.md b/docs/source/roles/researcher/snippets/01_introduction.partial.md
deleted file mode 100644
index 14b2c4162b..0000000000
--- a/docs/source/roles/researcher/snippets/01_introduction.partial.md
+++ /dev/null
@@ -1,43 +0,0 @@
-## {{beginner}} Introduction
-
-{{tada}} Welcome to the Turing Data Safe Haven! {{tada}}
-
-Secure research environments (SREs) for analysis of sensitive datasets are essential to give data providers confidence that their datasets will be kept secure over the course of a project.
-The Data Safe Haven is a prescription for how to set up one or more SREs and give users access to them.
-The Data Safe Haven SRE design is aimed at allowing groups of researchers to work together on projects that involve sensitive or confidential datasets at scale.
-Our goal is to ensure that you are able to implement the most cutting edge data science techniques while maintaining all ethical and legal responsibilities of information governance and access.
-
-The data you are working on will have been classified into one of five sensitivity tiers, ranging from open data at Tier 0, to highly sensitive and high risk data at Tier 4.
-The tiers are defined by the most sensitive data in your project, and may be increased if the combination of data is deemed to be require additional levels of security.
-You can read more about this process in our policy paper: _Arenas et al, 2019_, [`arXiv:1908.08737`](https://arxiv.org/abs/1908.08737).
-
-The level of sensitivity of your data determines whether you have access to the internet within the SRE and whether you are allowed to copy and paste between the secure research environment and other windows on your computer.
-This means you may be limited in which data science tools you are allowed to install.
-You will find that many software packages are already available, and the administrator of the SRE will ingress - bring into the environment - as many additional resources as possible.
-
-```{important}
-Please read this user guide carefully and remember to refer back to it when you have questions.
-In many cases the answer is already here, but if you think this resource could be clearer, please let us know so we can improve the documentation for future users.
-```
-
-### Definitions
-
-The following definitions might be useful during the rest of this guide
-
-Secure Research Environment (SRE)
-: the environment that you will be using to access the sensitive data.
-
-Data Safe Haven
-: the overall project that details how to create and manage one or more SREs.
-
-(user_guide_username_domain)=
-Username domain
-: the domain (for example `projects.turingsafehaven.ac.uk`) which your user account will belong to. Multiple SREs can share the same domain for managing users in common.
-
-(user_guide_sre_id)=
-SRE ID
-: each SRE has a unique short ID, for example `sandbox` which your {ref}`System Manager ` will use to distinguish different SREs in the same Data Safe Haven.
-
-(user_guide_sre_url)=
-SRE URL
-: each SRE has a unique URL (for example `sandbox.projects.turingsafehaven.ac.uk`) which is used to access the data.

From e7f7d9aaa4637ded9b6d9f65b777c58a8c40e029 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Tue, 27 Jun 2023 15:45:33 +0000
Subject: [PATCH 262/289] Add MSRDS deprecation notice to deployment scripts

---
 deployment/secure_research_environment/setup/Deploy_SRE.ps1    | 3 +++
 .../setup/Setup_SRE_Key_Vault_And_Users.ps1                    | 1 +
 .../secure_research_environment/setup/Setup_SRE_Networking.ps1 | 1 +
 3 files changed, 5 insertions(+)

diff --git a/deployment/secure_research_environment/setup/Deploy_SRE.ps1 b/deployment/secure_research_environment/setup/Deploy_SRE.ps1
index f84ee6e80d..d870002c24 100644
--- a/deployment/secure_research_environment/setup/Deploy_SRE.ps1
+++ b/deployment/secure_research_environment/setup/Deploy_SRE.ps1
@@ -59,6 +59,9 @@ if (Get-MgContext) {
 # Check that we are using the correct provider
 # --------------------------------------------
 if ($config.sre.remoteDesktop.provider -ne "ApacheGuacamole") {
+    if ($config.sre.remoteDesktop.provider -wq "MicrosoftRDS") {
+        Add-LogMessage -Level Warning "Support for Microsoft RDS is deprecated and will be removed in release v4.1.0"
+    }
     Add-LogMessage -Level Fatal "You should not be running this script when using remote desktop provider '$($config.sre.remoteDesktop.provider)'"
 }
 
diff --git a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1
index d35671c265..0547550b50 100644
--- a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1
+++ b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1
@@ -51,6 +51,7 @@ try {
     if ($config.sre.remoteDesktop.provider -eq "ApacheGuacamole") {
         $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.remoteDesktop.guacamole.adminPasswordSecretName -DefaultLength 20 -AsPlaintext
     } elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
+        Add-LogMessage -Level Warning "Support for Microsoft RDS is deprecated and will be removed in release v4.1.0"
         $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.remoteDesktop.gateway.adminPasswordSecretName -DefaultLength 20 -AsPlaintext
         $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.remoteDesktop.appSessionHost.adminPasswordSecretName -DefaultLength 20 -AsPlaintext
     } else {
diff --git a/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1
index 85860f2b98..bbda729ebd 100644
--- a/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1
+++ b/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1
@@ -88,6 +88,7 @@ if ($config.sre.remoteDesktop.provider -eq "ApacheGuacamole") {
     $null = Set-NetworkSecurityGroupRules -NetworkSecurityGroup $guacamoleNsg -Rules $rules
     $remoteDesktopSubnet = Set-SubnetNetworkSecurityGroup -Subnet $remoteDesktopSubnet -NetworkSecurityGroup $guacamoleNsg
 } elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
+    Add-LogMessage -Level Warning "Support for Microsoft RDS is deprecated and will be removed in release v4.1.0"
     # Ensure that gateway NSG exists with correct rules
     $gatewayNsg = Deploy-NetworkSecurityGroup -Name $config.sre.remoteDesktop.gateway.nsg.name -ResourceGroupName $config.sre.network.vnet.rg -Location $config.sre.location
     $rules = Get-JsonFromMustacheTemplate -TemplatePath (Join-Path $PSScriptRoot ".." "network_rules" $config.sre.remoteDesktop.gateway.nsg.rules) -Parameters $config -AsHashtable

From d5ba19609eac1a617843c661dce37e7237e283d4 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Tue, 27 Jun 2023 15:57:57 +0000
Subject: [PATCH 263/289] Revert "Add MSRDS deprecation notice to deployment
 scripts"

This reverts commit e7f7d9aaa4637ded9b6d9f65b777c58a8c40e029.
---
 deployment/secure_research_environment/setup/Deploy_SRE.ps1    | 3 ---
 .../setup/Setup_SRE_Key_Vault_And_Users.ps1                    | 1 -
 .../secure_research_environment/setup/Setup_SRE_Networking.ps1 | 1 -
 3 files changed, 5 deletions(-)

diff --git a/deployment/secure_research_environment/setup/Deploy_SRE.ps1 b/deployment/secure_research_environment/setup/Deploy_SRE.ps1
index d870002c24..f84ee6e80d 100644
--- a/deployment/secure_research_environment/setup/Deploy_SRE.ps1
+++ b/deployment/secure_research_environment/setup/Deploy_SRE.ps1
@@ -59,9 +59,6 @@ if (Get-MgContext) {
 # Check that we are using the correct provider
 # --------------------------------------------
 if ($config.sre.remoteDesktop.provider -ne "ApacheGuacamole") {
-    if ($config.sre.remoteDesktop.provider -wq "MicrosoftRDS") {
-        Add-LogMessage -Level Warning "Support for Microsoft RDS is deprecated and will be removed in release v4.1.0"
-    }
     Add-LogMessage -Level Fatal "You should not be running this script when using remote desktop provider '$($config.sre.remoteDesktop.provider)'"
 }
 
diff --git a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1
index 0547550b50..d35671c265 100644
--- a/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1
+++ b/deployment/secure_research_environment/setup/Setup_SRE_Key_Vault_And_Users.ps1
@@ -51,7 +51,6 @@ try {
     if ($config.sre.remoteDesktop.provider -eq "ApacheGuacamole") {
         $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.remoteDesktop.guacamole.adminPasswordSecretName -DefaultLength 20 -AsPlaintext
     } elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
-        Add-LogMessage -Level Warning "Support for Microsoft RDS is deprecated and will be removed in release v4.1.0"
         $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.remoteDesktop.gateway.adminPasswordSecretName -DefaultLength 20 -AsPlaintext
         $null = Resolve-KeyVaultSecret -VaultName $config.sre.keyVault.name -SecretName $config.sre.remoteDesktop.appSessionHost.adminPasswordSecretName -DefaultLength 20 -AsPlaintext
     } else {
diff --git a/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1 b/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1
index bbda729ebd..85860f2b98 100644
--- a/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1
+++ b/deployment/secure_research_environment/setup/Setup_SRE_Networking.ps1
@@ -88,7 +88,6 @@ if ($config.sre.remoteDesktop.provider -eq "ApacheGuacamole") {
     $null = Set-NetworkSecurityGroupRules -NetworkSecurityGroup $guacamoleNsg -Rules $rules
     $remoteDesktopSubnet = Set-SubnetNetworkSecurityGroup -Subnet $remoteDesktopSubnet -NetworkSecurityGroup $guacamoleNsg
 } elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
-    Add-LogMessage -Level Warning "Support for Microsoft RDS is deprecated and will be removed in release v4.1.0"
     # Ensure that gateway NSG exists with correct rules
     $gatewayNsg = Deploy-NetworkSecurityGroup -Name $config.sre.remoteDesktop.gateway.nsg.name -ResourceGroupName $config.sre.network.vnet.rg -Location $config.sre.location
     $rules = Get-JsonFromMustacheTemplate -TemplatePath (Join-Path $PSScriptRoot ".." "network_rules" $config.sre.remoteDesktop.gateway.nsg.rules) -Parameters $config -AsHashtable

From d04a55f0e2de7e1755a29a8319ab0926e889c467 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Fri, 14 Jul 2023 13:19:24 +0000
Subject: [PATCH 264/289] remove FQDN for AADconnect endpoints

---
 .../setup/Configure_External_DNS_Queries.ps1                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
index ba04a8a0ac..13736b805f 100644
--- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
+++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
@@ -29,7 +29,7 @@ $allowedFqdns = @($firewallRules.applicationRuleCollections | ForEach-Object { $
                 @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name })
 # List all unique FQDNs
 $allowedFqdns = $allowedFqdns |
-                Where-Object { $_ -notlike "g*.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints
+                Where-Object { $_ -notlike "*-sb.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints
                 Where-Object { $_ -notlike "pksproddatastore*.blob.core.windows.net" } | # Remove AzureAD operations endpoints
                 Sort-Object -Unique
 Add-LogMessage -Level Info "Restricted networks will be allowed to run DNS lookup on the following $($allowedFqdns.Count) FQDNs:"

From e412f001599080d82031614e11dbd85e2b270510 Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Fri, 21 Jul 2023 13:17:35 +0000
Subject: [PATCH 265/289] Ensure script uses correct VM name

---
 .../setup/Configure_External_DNS_Queries.ps1                   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
index 13736b805f..1aa5688e16 100644
--- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
+++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
@@ -81,7 +81,8 @@ Add-LogMessage -Level Info "Looking for SRD with IP address '$vmIpAddress'..."
 if (-not $vmIpAddress) {
     Add-LogMessage -Level Fatal "No SRD found with IP address '$vmIpAddress'. Cannot run test to confirm external DNS resolution."
 } else {
-    $vmName = @(Get-AzNetworkInterface | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0]
+    # Match on both IP address and resource group
+    $vmName = @(Get-AzNetworkInterface | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress -and $_.ResourceGroupName -eq $config.sre.srd.rg } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0]
     Add-LogMessage -Level Info "Testing external DNS resolution on VM '$vmName'..."
     $params = @{
         SHM_DOMAIN_FQDN   = $config.shm.domain.fqdn

From 15bab0f3467d28b410fd38fd38943bb2d20a1bbf Mon Sep 17 00:00:00 2001
From: Matt Craddock <5796417+craddm@users.noreply.github.com>
Date: Fri, 21 Jul 2023 13:44:44 +0000
Subject: [PATCH 266/289] Pass RG name directly rather than use logical

---
 .../setup/Configure_External_DNS_Queries.ps1                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
index 1aa5688e16..a86077d1d1 100644
--- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
+++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
@@ -81,8 +81,8 @@ Add-LogMessage -Level Info "Looking for SRD with IP address '$vmIpAddress'..."
 if (-not $vmIpAddress) {
     Add-LogMessage -Level Fatal "No SRD found with IP address '$vmIpAddress'. Cannot run test to confirm external DNS resolution."
 } else {
-    # Match on both IP address and resource group
-    $vmName = @(Get-AzNetworkInterface | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress -and $_.ResourceGroupName -eq $config.sre.srd.rg } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0]
+    # Match on IP address within approriate SRE resource group
+    $vmName = @(Get-AzNetworkInterface -ResourceGroupName $config.sre.srd.rg | Where-Object { $_.IpConfigurations.PrivateIpAddress -eq $vmIpAddress } | ForEach-Object { $_.VirtualMachine.Id.Split("/")[-1] })[0]
     Add-LogMessage -Level Info "Testing external DNS resolution on VM '$vmName'..."
     $params = @{
         SHM_DOMAIN_FQDN   = $config.shm.domain.fqdn

From d82f7c4b4776c877d42ed9195a876fd18794e487 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Jul 2023 23:17:44 +0000
Subject: [PATCH 267/289] Bump certifi from 2023.5.7 to 2023.7.22 in /docs

Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] 
---
 docs/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index d9cf686af7..0c62fb5ada 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -14,7 +14,7 @@ babel==2.12.1
     #   sphinx
 beautifulsoup4==4.12.2
     # via pydata-sphinx-theme
-certifi==2023.5.7
+certifi==2023.7.22
     # via requests
 charset-normalizer==3.1.0
     # via requests

From f66165a1fb51b8cc47d520a226a7d86611da1092 Mon Sep 17 00:00:00 2001
From: Jim Madge 
Date: Wed, 26 Jul 2023 10:23:03 +0100
Subject: [PATCH 268/289] Add portal.azure.com to lychee ignore list

---
 .lychee.toml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.lychee.toml b/.lychee.toml
index 0537bd1382..14fd5a9426 100644
--- a/.lychee.toml
+++ b/.lychee.toml
@@ -92,8 +92,9 @@ glob_ignore_case = false
 exclude = [
   'github\.com',  # Requires authentication (403)
   'turing\.ac\.uk',  # DDOS protection
-  'ipaddressguide\.com', # 403
-  'opensource\.org' # 403
+  'ipaddressguide\.com',  # 403
+  'opensource\.org',  # 403
+  'portal\.azure\.com',  # 403
 ]
 
 # Exclude these filesystem paths from getting checked.

From 3541f3c11ef39067137ca7f396d03f6cc4377857 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Wed, 26 Jul 2023 10:34:46 +0100
Subject: [PATCH 269/289] :construction_worker: Allow package update workflows
 to be run manually

---
 .github/workflows/build_allow_lists.yaml       | 1 +
 .github/workflows/update_package_versions.yaml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/build_allow_lists.yaml b/.github/workflows/build_allow_lists.yaml
index 1d8160cbfb..45bd2b714c 100644
--- a/.github/workflows/build_allow_lists.yaml
+++ b/.github/workflows/build_allow_lists.yaml
@@ -7,6 +7,7 @@ on:  # yamllint disable-line rule:truthy
     branches: [develop]
   schedule:
     - cron: "0 0 */6 * *"  # run every six days in order to keep the cache fresh
+  workflow_dispatch:  # allow this workflow to be manually triggered
 
 # checkout needs 'contents:read'
 # pull request needs 'pull-requests:write' and 'contents:write'
diff --git a/.github/workflows/update_package_versions.yaml b/.github/workflows/update_package_versions.yaml
index 3ef8166ff6..1f901f9855 100644
--- a/.github/workflows/update_package_versions.yaml
+++ b/.github/workflows/update_package_versions.yaml
@@ -7,6 +7,7 @@ on:  # yamllint disable-line rule:truthy
     branches: [develop]
   schedule:
     - cron: "0 0 */7 * *"  # run once per week
+  workflow_dispatch:  # allow this workflow to be manually triggered
 
 # checkout needs 'contents:read'
 # pull request needs 'pull-requests:write' and 'contents:write'

From 78ddc22cb08a2bc4ea4b82b9d44c75c2f6c1cfa3 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Wed, 26 Jul 2023 10:30:38 +0100
Subject: [PATCH 270/289] :alien: Workaround for non-interpretable JSON being
 returned by https://pypi.org/pypi/pyproj/json

---
 .../administration/SHM_Expand_Allowlist_Dependencies.ps1    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1
index 3603fb33ed..638b415862 100644
--- a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1
+++ b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1
@@ -31,19 +31,19 @@ function Test-PackageExistence {
     try {
         if ($Repository -eq "pypi") {
             # The best PyPI results come from the package JSON files
-            $response = Invoke-RestMethod -Uri "https://pypi.org/${Repository}/${Package}/json" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop
+            $response = Invoke-RestMethod -Uri "https://pypi.org/${Repository}/${Package}/json" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop | ConvertFrom-Json -AsHashtable
             $versions = $response.releases | Get-Member -MemberType NoteProperty | ForEach-Object { $_.Name }
             $name = $response.info.name
         } elseif ($Repository -eq "cran") {
             # Use the RStudio package manager for CRAN packages
-            $response = Invoke-RestMethod -Uri "https://packagemanager.rstudio.com/__api__/repos/${RepositoryId}/packages?name=${Package}&case_insensitive=true" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop
+            $response = Invoke-RestMethod -Uri "https://packagemanager.rstudio.com/__api__/repos/${RepositoryId}/packages?name=${Package}&case_insensitive=true" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop | ConvertFrom-Json -AsHashtable
             $name = $response.name
             $response = Invoke-RestMethod -Uri "https://packagemanager.rstudio.com/__api__/repos/${RepositoryId}/packages/${name}" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop
             $versions = @($response.version) + ($response.archived | ForEach-Object { $_.version })
         } else {
             # For other repositories we use libraries.io
             # As we are rate-limited to 60 requests per minute this request can fail. If it does, we retry every few seconds for 1 minute
-            $response = Invoke-RestMethod -Uri "https://libraries.io/api/${Repository}/${Package}?api_key=${ApiKey}" -MaximumRetryCount 16 -RetryIntervalSec 4 -ErrorAction Stop
+            $response = Invoke-RestMethod -Uri "https://libraries.io/api/${Repository}/${Package}?api_key=${ApiKey}" -MaximumRetryCount 16 -RetryIntervalSec 4 -ErrorAction Stop | ConvertFrom-Json -AsHashtable
             $versions = $response.versions | ForEach-Object { $_.number }
             $name = $response.Name
         }

From ca96d7502e2ae025a7d96f855be5e1db227f0806 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Wed, 26 Jul 2023 10:47:25 +0100
Subject: [PATCH 271/289] :bug: Only apply ConvertFrom-Json -AsHashtable to
 responses if they are not already JSON

---
 .../administration/SHM_Expand_Allowlist_Dependencies.ps1 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1 b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1
index 638b415862..577f71bba6 100644
--- a/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1
+++ b/deployment/administration/SHM_Expand_Allowlist_Dependencies.ps1
@@ -31,19 +31,22 @@ function Test-PackageExistence {
     try {
         if ($Repository -eq "pypi") {
             # The best PyPI results come from the package JSON files
-            $response = Invoke-RestMethod -Uri "https://pypi.org/${Repository}/${Package}/json" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop | ConvertFrom-Json -AsHashtable
+            $response = Invoke-RestMethod -Uri "https://pypi.org/${Repository}/${Package}/json" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop
+            if ($response -is [String]) { $response = $response | ConvertFrom-Json -AsHashtable }
             $versions = $response.releases | Get-Member -MemberType NoteProperty | ForEach-Object { $_.Name }
             $name = $response.info.name
         } elseif ($Repository -eq "cran") {
             # Use the RStudio package manager for CRAN packages
-            $response = Invoke-RestMethod -Uri "https://packagemanager.rstudio.com/__api__/repos/${RepositoryId}/packages?name=${Package}&case_insensitive=true" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop | ConvertFrom-Json -AsHashtable
+            $response = Invoke-RestMethod -Uri "https://packagemanager.rstudio.com/__api__/repos/${RepositoryId}/packages?name=${Package}&case_insensitive=true" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop
+            if ($response -is [String]) { $response = $response | ConvertFrom-Json -AsHashtable }
             $name = $response.name
             $response = Invoke-RestMethod -Uri "https://packagemanager.rstudio.com/__api__/repos/${RepositoryId}/packages/${name}" -MaximumRetryCount 4 -RetryIntervalSec 1 -ErrorAction Stop
             $versions = @($response.version) + ($response.archived | ForEach-Object { $_.version })
         } else {
             # For other repositories we use libraries.io
             # As we are rate-limited to 60 requests per minute this request can fail. If it does, we retry every few seconds for 1 minute
-            $response = Invoke-RestMethod -Uri "https://libraries.io/api/${Repository}/${Package}?api_key=${ApiKey}" -MaximumRetryCount 16 -RetryIntervalSec 4 -ErrorAction Stop | ConvertFrom-Json -AsHashtable
+            $response = Invoke-RestMethod -Uri "https://libraries.io/api/${Repository}/${Package}?api_key=${ApiKey}" -MaximumRetryCount 16 -RetryIntervalSec 4 -ErrorAction Stop
+            if ($response -is [String]) { $response = $response | ConvertFrom-Json -AsHashtable }
             $versions = $response.versions | ForEach-Object { $_.number }
             $name = $response.Name
         }

From 79a6ba4ca7fb189cab101035cac9ee15a6817010 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Wed, 26 Jul 2023 11:01:30 +0100
Subject: [PATCH 272/289] :arrow_up: Update GitHub Actions versions

---
 .github/workflows/update_package_versions.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/update_package_versions.yaml b/.github/workflows/update_package_versions.yaml
index 1f901f9855..2a70bf9e64 100644
--- a/.github/workflows/update_package_versions.yaml
+++ b/.github/workflows/update_package_versions.yaml
@@ -20,10 +20,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: '3.10'
 
@@ -55,7 +55,7 @@ jobs:
       - name: Create pull request
         if: ${{ ! env.ACT }}
         id: pull-request
-        uses: peter-evans/create-pull-request@dcd5fd746d53dd8de555c0f10bca6c35628be47a  # This commit corresponds to tag 3.12.0
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38  # This commit corresponds to tag 5.0.2
         with:
           commit-message: Update SRD package versions
           committer: GitHub Actions 

From 32eb52179b29c2dbbec0318e22a5b903c9279459 Mon Sep 17 00:00:00 2001
From: jemrobinson 
Date: Wed, 26 Jul 2023 10:10:33 +0000
Subject: [PATCH 273/289] Update PyPI and CRAN allow lists

---
 .../package_lists/allowlist-full-python-pypi-tier3.list   | 8 +++++++-
 .../package_lists/allowlist-full-r-cran-tier3.list        | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
index 9fd13a2393..0afbdc7b3e 100644
--- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
+++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list
@@ -1,5 +1,4 @@
 absl-py
-aenum
 aero-calc
 aesara
 affine
@@ -14,6 +13,7 @@ alabaster
 altair
 annotated-types
 annoy
+ansi2html
 ansimarkup
 anyio
 apispec
@@ -212,17 +212,22 @@ graphlib-backport
 graphviz
 grpcio
 gym
+h11
+h2
 h5netcdf
 h5py
 HeapDict
 hijri-converter
 holidays
 hotelling
+hpack
 html5lib
 htmlmin
+httpcore
 httplib2
 httpstan
 huggingface-hub
+hyperframe
 hyperlink
 hyperopt
 idna
@@ -538,6 +543,7 @@ ruamel.yaml
 s3fs
 s3transfer
 sacremoses
+safetensors
 safety
 scandir
 scikit-image
diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list
index 52f65a2258..9e12103115 100644
--- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list
+++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list
@@ -213,6 +213,7 @@ httpuv
 httr
 httr2
 hunspell
+ICS
 ids
 igraph
 infer
@@ -295,6 +296,7 @@ mgcv
 mime
 miniUI
 minqa
+mitools
 mlapi
 mlbench
 MLmetrics
@@ -335,6 +337,7 @@ patchwork
 pbdMPI
 pbdZMQ
 pbkrtest
+pcaPP
 permute
 phosphoricons
 pillar
@@ -440,12 +443,14 @@ RMySQL
 RNetCDF
 rngtools
 robustbase
+robustX
 ROCR
 roxygen2
 rpart
 RPostgres
 RPostgreSQL
 rprojroot
+rrcov
 rsample
 rsconnect
 rsparse
@@ -503,6 +508,7 @@ stopwords
 stringi
 stringr
 styler
+survey
 survival
 svglite
 svgPanZoom

From a02a2b160d5793a432ffd216aaccb73c210c229c Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Wed, 26 Jul 2023 11:11:58 +0100
Subject: [PATCH 274/289] :alien: Update RStudio checker to look for focal and
 jammy as bionic is no longer downloadable

---
 .github/scripts/update_rstudio.py                               | 2 +-
 .../cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml  | 2 +-
 .../cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml  | 2 +-
 .../{deb-rstudio-bionic.version => deb-rstudio-focal.version}   | 0
 4 files changed, 3 insertions(+), 3 deletions(-)
 rename deployment/secure_research_desktop/packages/{deb-rstudio-bionic.version => deb-rstudio-focal.version} (100%)

diff --git a/.github/scripts/update_rstudio.py b/.github/scripts/update_rstudio.py
index b5b16da1c0..ee36a35e66 100644
--- a/.github/scripts/update_rstudio.py
+++ b/.github/scripts/update_rstudio.py
@@ -7,7 +7,7 @@
 root = html.fromstring(remote_page.content)
 short_links = [link for link in root.xpath("//a[contains(text(), '.deb')]/@href") if "debian" not in link]
 
-for ubuntu_version in ["bionic", "jammy"]:
+for ubuntu_version in ["focal", "jammy"]:
     short_link = [link for link in short_links if ubuntu_version in link][0]
     remote_content = requests.get(short_link, allow_redirects=True)
     sha256 = hashlib.sha256(remote_content.content).hexdigest()
diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml
index 8f8c911ca2..44e1bb4397 100644
--- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml
+++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml
@@ -122,7 +122,7 @@ write_files:
   - path: "/opt/build/rstudio.debinfo"
     permissions: "0400"
     content: |
-      {{deb-rstudio-bionic.version}}
+      {{deb-rstudio-focal.version}}
 
   - path: "/opt/monitoring/analyse_build.py"
     permissions: "0755"
diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml
index 1cf6facce8..5605e07707 100644
--- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml
+++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml
@@ -122,7 +122,7 @@ write_files:
   - path: "/opt/build/rstudio.debinfo"
     permissions: "0400"
     content: |
-      {{deb-rstudio-bionic.version}}
+      {{deb-rstudio-focal.version}}
 
   - path: "/opt/monitoring/analyse_build.py"
     permissions: "0755"
diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version b/deployment/secure_research_desktop/packages/deb-rstudio-focal.version
similarity index 100%
rename from deployment/secure_research_desktop/packages/deb-rstudio-bionic.version
rename to deployment/secure_research_desktop/packages/deb-rstudio-focal.version

From c41a6453b733a15209600f1801381b3e776d4411 Mon Sep 17 00:00:00 2001
From: jemrobinson 
Date: Wed, 26 Jul 2023 10:18:58 +0000
Subject: [PATCH 275/289] Update SRD package versions

---
 .../packages/deb-rstudio-focal.version                      | 6 +++---
 .../packages/deb-rstudio-jammy.version                      | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-focal.version b/deployment/secure_research_desktop/packages/deb-rstudio-focal.version
index e31440658d..fec4214082 100644
--- a/deployment/secure_research_desktop/packages/deb-rstudio-focal.version
+++ b/deployment/secure_research_desktop/packages/deb-rstudio-focal.version
@@ -1,4 +1,4 @@
-hash: 2e8030828b93751ebc02fbbd6334d62600e7ab12c46d3f087a5222583e436238
-version: 2023.03.1-446
+hash: 49e24a6956f9f12ffeded493f571cd39f3e6c89411fc60d3bb228661793320da
+version: 2023.06.1-524
 debfile: rstudio-|VERSION|-amd64.deb
-remote: https://download1.rstudio.org/electron/bionic/amd64/|DEBFILE|
+remote: https://download1.rstudio.org/electron/focal/amd64/|DEBFILE|
diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version
index ba8c54bc3b..6c96a9ac17 100644
--- a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version
+++ b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version
@@ -1,4 +1,4 @@
-hash: 464038393a380321afb96793f8775852ce75f29340bd5d49a0c7ccbe77e411c0
-version: 2023.03.1-446
+hash: c030ec8338f1c76b3ae27997ec4411a0af43b2367dedb3d48e95c319b5425698
+version: 2023.06.1-524
 debfile: rstudio-|VERSION|-amd64.deb
 remote: https://download1.rstudio.org/electron/jammy/amd64/|DEBFILE|

From ddc018fd77a35620fa1df7994dd5a5f0017bf9b5 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Tue, 25 Jul 2023 13:15:35 +0100
Subject: [PATCH 276/289] :recycle: Replace poetry with pip-compile for better
 dependency solving

---
 .../cloud_init/resources/pyenv_install.sh     | 23 ++++++++-----------
 .../packages/packages-python.yaml             |  3 +--
 2 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh
index 555c46c14f..2770f82466 100644
--- a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh
+++ b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh
@@ -27,24 +27,19 @@ echo "Installed $(${EXE_PATH}/python --version)"
 # Install and upgrade installation prerequisites
 # ----------------------------------------------
 echo "Installing and upgrading installation prerequisites for Python ${PYTHON_VERSION}..."
-${EXE_PATH}/pip install --upgrade pip poetry
+${EXE_PATH}/pip install --upgrade pip pip-tools setuptools
 
 
-# Solve dependencies and install using poetry
-# -------------------------------------------
-echo "Installing packages with poetry..."
-${EXE_PATH}/poetry config virtualenvs.create false
-${EXE_PATH}/poetry config virtualenvs.in-project true
-rm poetry.lock pyproject.toml 2> /dev/null
-sed -e "s/PYTHON_VERSION/$PYTHON_VERSION/" /opt/build/pyenv/pyproject_template.toml > $PYPROJECT_TOML
-ln -s $PYPROJECT_TOML pyproject.toml
-${EXE_PATH}/poetry add $(tr '\n' ' ' < $REQUIREMENTS_TXT) || exit 3
+# Solve dependencies and write package versions to monitoring log
+# ---------------------------------------------------------------
+echo "Determining package versions with pip-compile..."
+${EXE_PATH}/pip-compile -o "$MONITORING_LOG" "$REQUIREMENTS_TXT"
 
 
-# Write package versions to monitoring log
-# ----------------------------------------
-${EXE_PATH}/poetry show > $MONITORING_LOG
-${EXE_PATH}/poetry show --tree >> $MONITORING_LOG
+# Install pinned packages using pip
+# ---------------------------------
+echo "Installing packages with pip..."
+${EXE_PATH}/pip install -r "$MONITORING_LOG"
 
 
 # Run any post-install commands
diff --git a/deployment/secure_research_desktop/packages/packages-python.yaml b/deployment/secure_research_desktop/packages/packages-python.yaml
index 879788d373..d520b3d60e 100644
--- a/deployment/secure_research_desktop/packages/packages-python.yaml
+++ b/deployment/secure_research_desktop/packages/packages-python.yaml
@@ -39,9 +39,8 @@ packages:
     pathos:
     pg8000:
     Pillow:
+    pip-tools:
     plotly:
-    poetry:  # also used by installation scripts
-        "all": [">1.0.0"]  # increase solver flexibility
     prophet:
     psycopg2:
     pydot:

From b176e94cdbdceb0e6c49407191bd8271c637f397 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Tue, 25 Jul 2023 13:15:00 +0100
Subject: [PATCH 277/289] :coffin: Remove pyproject.toml

---
 .../cloud-init-buildimage-ubuntu-1804.mustache.yaml  |  5 -----
 .../cloud-init-buildimage-ubuntu-2004.mustache.yaml  |  5 -----
 .../cloud-init-buildimage-ubuntu-2204.mustache.yaml  |  5 -----
 .../cloud_init/resources/pyenv_install.sh            |  1 -
 .../resources/pyenv_pyproject_template.toml          | 12 ------------
 5 files changed, 28 deletions(-)
 delete mode 100644 deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml

diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml
index 44e1bb4397..8f450ead3d 100644
--- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml
+++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-1804.mustache.yaml
@@ -114,11 +114,6 @@ write_files:
     content: |
       {{packages-python.yaml}}
 
-  - path: "/opt/build/pyenv/pyproject_template.toml"
-    permissions: "0400"
-    content: |
-      {{pyenv_pyproject_template.toml}}
-
   - path: "/opt/build/rstudio.debinfo"
     permissions: "0400"
     content: |
diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml
index 5605e07707..575de168d0 100644
--- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml
+++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2004.mustache.yaml
@@ -114,11 +114,6 @@ write_files:
     content: |
       {{packages-python.yaml}}
 
-  - path: "/opt/build/pyenv/pyproject_template.toml"
-    permissions: "0400"
-    content: |
-      {{pyenv_pyproject_template.toml}}
-
   - path: "/opt/build/rstudio.debinfo"
     permissions: "0400"
     content: |
diff --git a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml
index 17527746cb..059dece327 100644
--- a/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml
+++ b/deployment/secure_research_desktop/cloud_init/cloud-init-buildimage-ubuntu-2204.mustache.yaml
@@ -118,11 +118,6 @@ write_files:
     content: |
       {{packages-python.yaml}}
 
-  - path: "/opt/build/pyenv/pyproject_template.toml"
-    permissions: "0400"
-    content: |
-      {{pyenv_pyproject_template.toml}}
-
   - path: "/opt/build/rbase.debinfo"
     permissions: "0400"
     content: |
diff --git a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh
index 2770f82466..56898d3915 100644
--- a/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh
+++ b/deployment/secure_research_desktop/cloud_init/resources/pyenv_install.sh
@@ -9,7 +9,6 @@ if [ $# -ne 1 ]; then
 fi
 PYTHON_VERSION=$1
 PYENV_ROOT="$(pyenv root)"
-PYPROJECT_TOML="/opt/build/python-${PYTHON_VERSION}-pyproject.toml"
 MONITORING_LOG="/opt/monitoring/python-${PYTHON_VERSION}-package-versions.log"
 REQUIREMENTS_TXT="/opt/build/python-${PYTHON_VERSION}-requirements.txt"
 REQUESTED_PACKAGE_LIST="/opt/build/packages/packages-python-${PYTHON_VERSION}.list"
diff --git a/deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml b/deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml
deleted file mode 100644
index 3f0998952a..0000000000
--- a/deployment/secure_research_desktop/cloud_init/resources/pyenv_pyproject_template.toml
+++ /dev/null
@@ -1,12 +0,0 @@
-[tool.poetry]
-name = "Python PYTHON_VERSION"
-version = "1.0.0"
-description = "Python PYTHON_VERSION"
-authors = ["ROOT "]
-
-[tool.poetry.dependencies]
-python = "PYTHON_VERSION"
-
-[build-system]
-requires = ["poetry-core>=1.0.0"]
-build-backend = "poetry.core.masonry.api"

From 60738a9a1b8734d145e9b2acb3b1cf7ed1494097 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Fri, 4 Aug 2023 10:53:09 +0100
Subject: [PATCH 278/289] add pip-tools to NON_IMPORTABLE_PACKAGES

---
 tests/srd_smoke_tests/test_packages_installed_python.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/srd_smoke_tests/test_packages_installed_python.py b/tests/srd_smoke_tests/test_packages_installed_python.py
index a01a2c44c1..28cb1538b7 100644
--- a/tests/srd_smoke_tests/test_packages_installed_python.py
+++ b/tests/srd_smoke_tests/test_packages_installed_python.py
@@ -22,7 +22,7 @@
 ]
 
 # For these packages we check for an executable as they are not importable
-NON_IMPORTABLE_PACKAGES = {"repro-catalogue": "catalogue"}
+NON_IMPORTABLE_PACKAGES = {"repro-catalogue": "catalogue", "pip-tools": "pip-compile"}
 
 # Some packages are imported using a different name than they `pip install` with
 IMPORTABLE_NAMES = {

From a9b51439a7f5abc1cc25711ca46081cc6e83cc61 Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Fri, 4 Aug 2023 11:16:31 +0100
Subject: [PATCH 279/289] :art: Alphabetise NON_IMPORTABLE_PACKAGES

---
 tests/srd_smoke_tests/test_packages_installed_python.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/srd_smoke_tests/test_packages_installed_python.py b/tests/srd_smoke_tests/test_packages_installed_python.py
index 28cb1538b7..d91d3238f7 100644
--- a/tests/srd_smoke_tests/test_packages_installed_python.py
+++ b/tests/srd_smoke_tests/test_packages_installed_python.py
@@ -4,6 +4,7 @@
 import subprocess
 import sys
 import warnings
+
 import pkg_resources
 
 versions = {
@@ -22,7 +23,10 @@
 ]
 
 # For these packages we check for an executable as they are not importable
-NON_IMPORTABLE_PACKAGES = {"repro-catalogue": "catalogue", "pip-tools": "pip-compile"}
+NON_IMPORTABLE_PACKAGES = {
+    "pip-tools": "pip-compile",
+    "repro-catalogue": "catalogue",
+}
 
 # Some packages are imported using a different name than they `pip install` with
 IMPORTABLE_NAMES = {

From fc256acce8c53140bd3f4d1c73a4af11c66760dc Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Mon, 7 Aug 2023 15:45:32 +0100
Subject: [PATCH 280/289] Update VERSIONING.md

Add May 2023 DSG to versioning
---
 VERSIONING.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/VERSIONING.md b/VERSIONING.md
index 203a10a1ff..e072045b15 100644
--- a/VERSIONING.md
+++ b/VERSIONING.md
@@ -64,6 +64,7 @@ We usually deploy the latest available version of the Data Safe Haven for each o
 | December 2021    | DSG 2021-12                   | [v3.3.1](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v3.3.1)           |
 | December 2022    | DSG 2022-12                   | [v4.0.2](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v4.0.2)           |
 | February 2023    | DSG 2023-02                   | [v4.0.3](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v4.0.3)           |
+| May 2023         | DSG 2023-05                   | [v4.0.3](https://github.com/alan-turing-institute/data-safe-haven/releases/tag/v4.0.3)           |
 
 ## Versions that have undergone formal security evaluation
 

From 099dc79935461cc1aa75b8b8c227c0cfe6d67523 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:04:58 +0100
Subject: [PATCH 281/289] update signing key gitlab

---
 .../cloud_init/cloud-init-gitlab.mustache.yaml                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
index 8eefcfcbf6..00a48d64ad 100644
--- a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
+++ b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
@@ -93,7 +93,7 @@ apt:
   sources:
     gitlab.list:
       source: "deb https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal main"
-      keyid: F6403F6544A38863DAA0B6E03F01618A51312F3F  # GitLab B.V. (package repository signing key) 
+      keyid: DBEF89774DDB9EB37D9FC3A03CFCF9BAF27EAB47  # GitLab B.V. (package repository signing key) 
 
 # Install necessary apt packages
 packages:

From eb8d5336845038511cde7dea7bf88f6e7756f1ce Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:23:49 +0100
Subject: [PATCH 282/289] revert prev commit

---
 .../cloud_init/cloud-init-gitlab.mustache.yaml                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
index 00a48d64ad..8eefcfcbf6 100644
--- a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
+++ b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
@@ -93,7 +93,7 @@ apt:
   sources:
     gitlab.list:
       source: "deb https://packages.gitlab.com/gitlab/gitlab-ce/ubuntu focal main"
-      keyid: DBEF89774DDB9EB37D9FC3A03CFCF9BAF27EAB47  # GitLab B.V. (package repository signing key) 
+      keyid: F6403F6544A38863DAA0B6E03F01618A51312F3F  # GitLab B.V. (package repository signing key) 
 
 # Install necessary apt packages
 packages:

From 8a0bccb4e7330cd43492152e0b3b939614577328 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:24:15 +0100
Subject: [PATCH 283/289] change fs_setup partition to auto

---
 .../cloud_init/cloud-init-gitlab.mustache.yaml                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
index 8eefcfcbf6..b887420e2b 100644
--- a/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
+++ b/deployment/secure_research_environment/cloud_init/cloud-init-gitlab.mustache.yaml
@@ -122,7 +122,7 @@ disk_setup:
     overwrite: true
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 mounts:
   - [/dev/disk/azure/scsi1/lun1-part1, /data, ext4, "defaults,nofail"]

From 08c9a6f488b70eb6a6da1dcfe4dcbba631b821e1 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:25:37 +0100
Subject: [PATCH 284/289] same change for cocalc and codimd

---
 .../cloud_init/cloud-init-cocalc.mustache.yaml                  | 2 +-
 .../cloud_init/cloud-init-codimd.mustache.yaml                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml
index 43da1b27da..3b43fd408c 100644
--- a/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml
+++ b/deployment/secure_research_environment/cloud_init/cloud-init-cocalc.mustache.yaml
@@ -161,7 +161,7 @@ disk_setup:
     overwrite: true
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 mounts:
   - [/dev/disk/azure/scsi1/lun1-part1, /data, ext4, "defaults,nofail"]
diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml
index f2afe406c1..890c39d5e3 100644
--- a/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml
+++ b/deployment/secure_research_environment/cloud_init/cloud-init-codimd.mustache.yaml
@@ -132,7 +132,7 @@ disk_setup:
     overwrite: true
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 mounts:
   - [/dev/disk/azure/scsi1/lun1-part1, /data, ext4, "defaults,nofail"]

From a1735a0eeaa1900c3782f6cee4e21dbedf103413 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:43:22 +0100
Subject: [PATCH 285/289] add *.docker.io to allowedFqdns

---
 .../setup/Configure_External_DNS_Queries.ps1                   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
index a86077d1d1..fbe41fc760 100644
--- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
+++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
@@ -26,7 +26,8 @@ $null = Set-AzContext -SubscriptionId $config.sre.subscriptionName -ErrorAction
 # --------------------------------------
 $firewallRules = Get-JsonFromMustacheTemplate -TemplatePath (Join-Path $PSScriptRoot ".." ".." "safe_haven_management_environment" "network_rules" "shm-firewall-rules.json") -Parameters $config.shm -AsHashtable
 $allowedFqdns = @($firewallRules.applicationRuleCollections | ForEach-Object { $_.properties.rules.targetFqdns }) +
-                @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name })
+                @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name }) +
+                @("*.docker.io")
 # List all unique FQDNs
 $allowedFqdns = $allowedFqdns |
                 Where-Object { $_ -notlike "*-sb.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints

From a414373406920f80dfb13e83b55fec641e708ba1 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:53:33 +0100
Subject: [PATCH 286/289] change partition to auto for remaining cloud-inits

---
 .../cloud_init/cloud-init-postgres.mustache.yaml                | 2 +-
 .../cloud_init/cloud-init-srd.mustache.yaml                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml
index 16bcb94fa9..2a6c8f707b 100644
--- a/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml
+++ b/deployment/secure_research_environment/cloud_init/cloud-init-postgres.mustache.yaml
@@ -25,7 +25,7 @@ disk_setup:
 
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 
 mounts:
diff --git a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml
index 12065238e6..3635a7a342 100644
--- a/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml
+++ b/deployment/secure_research_environment/cloud_init/cloud-init-srd.mustache.yaml
@@ -12,7 +12,7 @@ disk_setup:
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
     filesystem: ext4
-    partition: 1
+    partition: auto
 
 # Note that we do not include the blobfuse mounts here as these are controlled by systemd
 mounts:

From 0be00893f2351dcffb955b871bd1a72ef0332003 Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:55:24 +0100
Subject: [PATCH 287/289] change fs_setup partition to auto cloud init shm

---
 .../cloud-init-repository-mirror-external-cran.mustache.yaml    | 2 +-
 .../cloud-init-repository-mirror-external-pypi.mustache.yaml    | 2 +-
 .../cloud-init-repository-mirror-internal-cran.mustache.yaml    | 2 +-
 .../cloud-init-repository-mirror-internal-pypi.mustache.yaml    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml
index 38b7e3cb87..9bcd26b283 100644
--- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml
+++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-cran.mustache.yaml
@@ -9,7 +9,7 @@ disk_setup:
 
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 
 mounts:
diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml
index 8c09932601..14f71356f5 100644
--- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml
+++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-external-pypi.mustache.yaml
@@ -9,7 +9,7 @@ disk_setup:
 
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 
 mounts:
diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml
index 9f0a108f60..6c67f7d4dd 100644
--- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml
+++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-cran.mustache.yaml
@@ -9,7 +9,7 @@ disk_setup:
 
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 
 mounts:
diff --git a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml
index 2fad1ab1ee..3507b51dbd 100644
--- a/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml
+++ b/deployment/safe_haven_management_environment/cloud_init/cloud-init-repository-mirror-internal-pypi.mustache.yaml
@@ -9,7 +9,7 @@ disk_setup:
 
 fs_setup:
   - device: /dev/disk/azure/scsi1/lun1
-    partition: 1
+    partition: auto
     filesystem: ext4
 
 mounts:

From 17a0900de9663c6dd570b855646bf42f33c01aba Mon Sep 17 00:00:00 2001
From: Ed Chalstrey 
Date: Wed, 9 Aug 2023 10:58:23 +0100
Subject: [PATCH 288/289] change *.docker.io to docker.io

---
 .../setup/Configure_External_DNS_Queries.ps1                    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1 b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
index fbe41fc760..51558b00b5 100644
--- a/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
+++ b/deployment/secure_research_environment/setup/Configure_External_DNS_Queries.ps1
@@ -27,7 +27,7 @@ $null = Set-AzContext -SubscriptionId $config.sre.subscriptionName -ErrorAction
 $firewallRules = Get-JsonFromMustacheTemplate -TemplatePath (Join-Path $PSScriptRoot ".." ".." "safe_haven_management_environment" "network_rules" "shm-firewall-rules.json") -Parameters $config.shm -AsHashtable
 $allowedFqdns = @($firewallRules.applicationRuleCollections | ForEach-Object { $_.properties.rules.targetFqdns }) +
                 @(Get-PrivateDnsZones -ResourceGroupName $config.shm.network.vnet.rg -SubscriptionName $config.shm.subscriptionName | ForEach-Object { $_.Name }) +
-                @("*.docker.io")
+                @("docker.io")
 # List all unique FQDNs
 $allowedFqdns = $allowedFqdns |
                 Where-Object { $_ -notlike "*-sb.servicebus.windows.net" } | # Remove AzureADConnect password reset endpoints

From 154a55a9a671c762efe32e3121a1fbddc1f83f5d Mon Sep 17 00:00:00 2001
From: James Robinson 
Date: Wed, 9 Aug 2023 15:05:11 +0100
Subject: [PATCH 289/289] :wrench: Add additional *.ubuntu.com IP addresses

---
 deployment/common/Configuration.psm1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/common/Configuration.psm1 b/deployment/common/Configuration.psm1
index c1090d9bb8..a77c9416d3 100644
--- a/deployment/common/Configuration.psm1
+++ b/deployment/common/Configuration.psm1
@@ -332,7 +332,7 @@ function Get-ShmConfig {
                 ) # *-jobruntimedata-prod-su1.azure-automation.net
                 linux           = (
                     @("72.32.157.246", "87.238.57.227", "147.75.85.69", "217.196.149.55") + # apt.postgresql.org
-                    @("91.189.91.38", "91.189.91.39", "185.125.190.36", "185.125.190.39") + # archive.ubuntu.com, changelogs.ubuntu.com, security.ubuntu.com
+                    @("91.189.91.38", "91.189.91.39", "91.189.91.48", "91.189.91.49", "91.189.91.81", "91.189.91.82", "91.189.91.83", "185.125.190.17", "185.125.190.18", "185.125.190.36", "185.125.190.39") + # archive.ubuntu.com, changelogs.ubuntu.com, security.ubuntu.com
                     $cloudFlareIpAddresses + # database.clamav.net, packages.gitlab.com and qgis.org use Cloudflare
                     $cloudFrontIpAddresses + # packages.gitlab.com uses Cloudfront to host its Release file
                     @("104.131.190.124") + # dbeaver.io

HEAOp~i#FS!_jXwJLK^PR6Cy4jHZh4s&m6fqwksakIZim(89e?r3y=p~dl@Z9 z3=9&6+uu8~D$o94VBE>FP}6kMlz%H=Y-hu6_}k39r{&$pX7=xF}2i<6Zwou<4JjijA}2@Nkh4?8EF2#AJ;M#$m4sep>q z>;F0&_)D11+{wvafP=%;)s@|qo88XAjN`?tSFboYxj4AE*nmCQ9Nlf54Bgml9qIph zlK(!Bl!>FUgN415g`F+U?RgE2?3|s1>F91R^sk?P-lvJ1#s6H%*73iZ1vHT3_8X2D z?3^6`IyZ2r(Ct-+|9}xi1Ah7z{Bm#4u!~#MRvHY|rClJTv)pv#)>p_H<=hRk>+R%ZO<2tbP^p&E2Ev;>Ig0 z)6!F7Xt0`F5dXqGyAH|XeB9hrVx?EHKHK)=v-@HEYe|edcNYRNJ@;Bp)BhALHicZq z_+BoTT`ako+^6xw!2H{nc5N9NsqEiuPJHf6_qRtK|D1v!^|y;nD3msVVUP zx~aG4i3H9FI*xg)&j!BR2Rm}YpY|FW8eEYEb!RrRI{GEsi~Qj zWDDgcwA=lHzhYK#U1;tJB@G<$!r!F+KMIWP5Fma%HBoX2!N6=*Fkr=ko}ZtqYbqHK zF(zo+*pwwEC278-sC&<4*wWJCeFu@!XEM76ENz)f$siUV%w*PnaQ_gCQ*(q4N@t z0_#7yS(-|3AlJDi7J%A=Z^1T=EYQq8F zICujkK-bS$!6OE?GViAFzrCL$2n)o+EB05O3kvnhF6xQ#F6zaJR_Q>{sEy5%(x}{L zB7P@_9S+u$gK?@j)9;AFx@4BejP+-F$6un&V7b>@H#N*7nx7Ofp~ejTK99tJWKZ~) zFYsYv8YP~l%x(NTcVCOskYYlKiHWRFzNhk8jJ#)IDXBzvR|=mRMc7z{YRi6rQ-??7 zs%xg04V#aEKoaUJ!Ao@f?4XMrn$0Ar1iK%&`m_B=NHmypb4MP=H{zrOmoXOI>3)&? zP7d}$4#pwZgrVGt6RLI&f$czG(-7D|k;ZuR++|*gZJvD`0p0nA!A-G}ilSo7q7PVM zIJOzMw`X|V|5?j2ZnLdpVIYC6oMm+M#`OcL`ab;YR zvy;<1GqVs>z3bVr|5emUirBDuM78K&58CZ88(0I2B`S)=6N&-^LD74*X{Ocr9I<-U7vkS|*K+NGL8|2zDZfG)S_=R&P#&yKk~usK&lm$AtbW zcN{GtEn*FJ>>0O0DvZsK?*vG+fM|-jl({xArHheLHa0sGKYkcQMMX`FjalpJ>I!}^ z4PHzT8~!803jGhJ>Ycj|PymjVXW&L--MKq*yW)@^HnN0CztGIlq`NK#V!U8Z}wB}EZbv#(#WZ-=L4)tuk2ov=y(vAVVPY6d^jG-^C`5) zt4Jm>VrjpD`)yEygsm=&#nRTc?s#i*wmT}_x<84nTu!-pHU#r+?jkT!txTR$|52m6 zCH%yOHH)ehfiS~#JCWrxG>s!jb}bkfc`Z$@g26i*(W%GXA4PtD zv=^u0|FzciM=8sQj_d#yvh*P+P%Q{zN=wS^}9fsA-mdkL@7RW}BX)g~3QNLWc}Rn@SK zVz$gK&wtiZS0Mh@HfOr)@ngPXjm3i_WKpQPJrPeWNX3Yr2dZDsy=+#`UD#AR?SM72 zLQEN6BC&#e)JO~Nb2WxRjMaG06 z)+P0bMi8|8EY^gwYkTKf98aC){aa@S@hl{X>GPrAyUJ+2w? zPe~*`(R?$iuHEF6+S2M3RHoO`mzI`xAH4d8QC>pt)*A zy`{N=zoOZGb;`D=CoHapEL}bXvU5aBopocGX4S|V)Tt0J!1$=y@KBb>!f%0u&hHmjOmKF;S zJw6WtrmpY3(CRdxXJVwc+=9!BhR%uwp-m(51T!|KfS<&V!O{L+1Z%33`}UYO(${aTd-)9)uF5= z-#I$gR9LRK3iRFl3kClB_$*cxb5q}KOj&w5)hyFuQqQw&E34kCce(j!Kn1fbWw4iF?7!Z(SM#E{?fO1{oRf`3fUa$u`dd*07mkqww|nh?W&* zu+2hJ?OL=@L}RQ{Cw@*P9^vY7)Vwh@#NqJLi*3~4=^Ph7rOTJksn{+{f}our-iSJb z7@?AkpP109ysnV@VEhL}LBtTyy?PD#<}c2Yy-l9+>`Do>3k!NIPQ>97`|4X8rS&%2 z{4+?Hm5wt4C89JoGQ!pCS!)XP1Dov0U-9_ZH<&OO%muwsI7?=hVW?WDa2#^-oqK3X z%j^^HZ|PP7!EMgw;|c96fz8o+w|%4LtCQIsJKqa!_LgVS*#BHI^h#gTfz{)nU?B8g z5L^>z%txEyPT{he=I>O#$mt~Zy()A;C2xI5S&QKNDyi0>1CUO(Oh=BI0VEFu1wCTY zS?NY9trQY7JM_of3e}XiM|)|*DXZbR~}Y2HscFDd5`{k zD*xLvB~nIAJXuxYm5J2WJ(hVubZWKJ`jhg(7moGtW&2p+zV4n!GBmf`F53!(yV29n z>-7syztVHJ@p((!g!@l8jy13tC+6pEu(8Xt4E41e9r6iC=3N)Pjc1ZM+(f$nc^}q_ zKt4PP)Qkp*jLvN@Hl=c~vF*bV=Z@>|v^9#ay0F9b^yjT8bst&T;%Rw1&Ix#QlJvRy zQZ#^|;-S47j35ap2yD@0r<4LojeMso|Mj7cngLET2pY0OjVk_l;N^@6d_#0D7FSD5 z0qRcsLog?EcohpAG7}Q6lU-B;gcBCSZ&Kfpa=>5p!)fIFGZO>kHuGrwI>RroXB$2& zr(8dh$d-8?75o=8C^DwK1BcqWe%@vFp>QMfw$Rnls9^2DZuP;d^$g==9S2$Ts_j%| zhtGb5{uIzFHd$w1pKov14Am7BFbe((B)ZK+6|TR6NM{N~j+wT8|E_dxyO^)*q4GQv z8+p+~VeIbi?(-=ri9~QER&tIYv}g3f6!X8mvuXQxC-X^O!| z-5|ttjcGH6avTA;Y&y2m-X{)K8)AJN%&t+~+j2K3OeYBOBO3%QmV*}i#g)8YVJ2Zx zN|2E%YofEnGn3xl@obcX;t)@LFWx1%OZq_WAsNJ>gSMXa{*(MpsQ~H{3FQzxu#J_2 zug)`%(z?=q7{szR*k;Qn0@ym&FpZyXJz5|?F)_hcdNs)UOsSUJ!#d(G`gA)3NI9Pl z$s3O2q^T_U7u<5QysyvKXP3GnMrpH0MpQ1Y_I&M7C{#hXWY)#py7kHSbgO{!v&U5> z6|FP2jjKsV>|2|g+kGq*JUfox;u&0KEDH0JU%>xy5AALMN_ooRo=JM=ZZ#;(bB5?b}HZMX+B%|cUoGhD3@UCX{1Yu>#t7@$cM#`mGu)5YJNo( zMsaH)hq_N7u;N~v@FnGRrKcZg5k-`hmF>}jwLeZ$;_S}R!*_zhAA7^X=bV^jcmOPl z6E)X_R7n7VyI8G-)%kNqfsU&z(^i2aHS({AA<}$9emYc90bRoP7YL@8!OTd0zV?fMWu%;s4DJ%q%P@rrl%= z#zrw^dHFJ%l9(xDcBR^~7c2g+i6^Eht2H!gXV%au&OMzIR^^z=trAk+0VS^!$~DJG zArARbI@oliA`Zmia^ZA*jf|ET?DlYkD|qHo>k&(2FzXPEES%szIKPCbu|0N1i8x#Z z?>nVN=hHOfB?wMeZGIez?X~=e(t^|9aex``&H3#8Pt!`-?dj z=`UuQ0wIY=MgA@VLMYWK9EYm%{BV7CHCf-be$nS5JJI(jmwI|wn)*{_1>x{UVV14r zaiQnIx932yLmzv?PfX9>IUysnod23-kyhD&elWzSm?`udWj9mHr2CjtQ&UUJqO06N z#`JcjcXxMx*Q%qx*siA~AQYo9yW7pJ#A7JYIFRvTK9Tm5HBn!Q_2@*U@JT%h=>+cd z7*iriM2O8fl246l%uwgdKj##+11x(bc<*xKG6Q#T$7Mq`=3%?$lS_iyNX|Jo%| zlZN|ko=6iCc{pC-Gj8WQp=CBbswgVF_Y<4OZywFUjgby_x_3dnl%k{u%N01Z>yxKy`6r% zQCD&O5{!Sfrtdhw>(a+mc$Dr67%DUCqBrM0hc554uJ~5&0RBZ}yW72RX5DYY!lpyO zl#*4~Q86UvPpwcI`;7@5Er2zNDQ1?T2%vMRMckZwg}#n>qN zSWd?cvVjGaXJc35L3Jj(&(HkW!GwOQGnFhXQAw~TqbH>qA#^YaR?8`}%K(9ogQC=O zdJot*GVC6m_Vi?IKwZXW-`G?%2B~X*w1Wn@7mLN=5$F3$75|7`f_h|t9$RcvS%Dv> zUMymV$Cq2iYblmaHhDIc)n@mbDmcMHJ;<$()0}r>Vs2;lLY>X5DH|Ib0APeopQnlq zrwmvB4f{0+!43uy6%TCyC;*^7l7}lF73-`jS|$Vp1#N)TbJB^&G37WUypHu+|GZDb z3!AR2l{+!0ykQ9>xE#rS8RPG}M3nVM^zn6FeanEqVRs~1oy*QU!RxbS@3!{HFUF7m z8GT;>vKWtPZGdYjlFkx@5t(<@-*y?{z2~`jSVHCTI|tBgVi&AC195Mm?O6}0u2Y=w z+0TFt6Z%j0qs@Mz>4jV2v-?lr!;hZ~i4A{Ev(#=_$1M2(M@Vs5T1_0!=x5sUVuu$f z6jye37NP1+X9~)6>%45zdF#HiZD2{Av#;ce#gQMq6mIZ~!z0`HFmm8E1=;SD=H3k7 zro2c7Qb3%1S;RXF+1BF|q=YiFZ~{_drQqtu+c+r9iSolu$h;<;4#u+?%}~ZqRWJ3q zpAih;Serry&n=tdO=n;vCTn$Gq83H&${Mq-vQAWF=G}$Mr#gp#bADN#(g+WjJX_i)lx4 zhxkVdk43zEmdHGEj^Mf;2s)~&9|5}Ad1^sP&Y+j8j^ncv@*gYQ28k2h84cn=>Jf+{=i_Jcu<)b`iyCx6O4mnscD0pG3DCoHG3Cr<2T6TEkdE@omJz3C>#t`* zK~GLv`mKlOjM90_e)RRDF`)p(=w#SrwRB@gsB3$Bw^S&Mm5hx%;RV#|yZyF*q4B~g37-H0?K~j_ z{d{e~bI;~yi`-i^^(5*kI8l;BV% z_)y&BgiuvSaI`ioRyXgp&YsNLiHa&-?Z8l5Wk2ZRLcO<*scQff^hrcUO-;9U zak)fnqf#8+omJ_O2Vm?DI#Cz#+&nxQc_e$S_geBy=PL$2SM@k~NX!uo^0;hPgIPS` z;iG(N7W0(=XfZQ%->p|bHye_=jq<-#C}F<=uAg6`RO_&6$zOVOD`GsBqlx+tGRKpg z_LEMj8GJzFFwz5Z!7X~8R#g->G0XCH@qjazuxeJet7)0mP28gOvZ|^VEzLhOiej?-!CR9RiX6t6aQ=_&2xx>C1_w9K=-k})MFq1O zDNjpJ%&WDOpE=aGk+AXxU2#*LtnV|eAbdRbV&`yXFRbSe92xHoET*HZi|>WX`2`0D z4tOD7Hl`^lDP6jVHS#2*H?WO)UYHG1s5ZQTGtTU?aF)Xn*^$#?*8}PN+CsY?+h(=l z;h@R5wwK1ysUkdRPLn#yX|pvK<5y*zgT9wNzGuecTT_*W0hB;Em~H9ZL5dCMC+k@P zdhp@hCP;DZoXExY^2Z!_qiu@M!N;sf2BM4CG;Ft|>)S_5o13eX4{fYUHst(`%u*%I zHs405thVlJ*~o_x0|YfJuhCC=j?a4ch&X&kaCw4=nh>JmOsAj!J1a390RLX3*SOm9 zP&iwPuI1q=r0TpTqRi4C58T+VN4J3~*@~%5Nb&Ru`{R$yBtbe*MC@!gc6bwS;iMd% z;GB=3&1)cvdXTf;2eaw7&OLql^paPawxi1OZg{s`($(Lp54&E8+OD?B zn+F$8>gvy(oovvn9KNZ}SD&=94U+w1fLZMF`k<_e4KUF~V)opJJh!zM(MdNdw@hFM zfbxxs1T4_fcL)<0NFn%{rt>wl#%p8X*knSuB?e`^Mt%w?TQ8i{*MatwYk6r$B zgXI+Ej+WAl7=J98wQ+zI%9n1}YP#l@>D4T#m+Kg_sF(iMccVKXF_Q7ypP9s=!)oDB`}fIBg4an`Zwswo!eAs zGh5f_6LMY$U?cQHbO@zO%Hm{l+oehKay!Gn zc|EsZ*ca_MBC!F|4O*r<4>jKHJ{um(to@^-k&fr8YoDaIbQ&m-+ zpa(qBIF)GE1@}VH?zp*(w*VMh8%PHzQ3XE?s@&=E%;sR_TLG6V0|P?=c{M&cU*vmk zYGjIlGm^jpRa-k%ZPMSp()lVr05{|dpXZ6SzK_D4hx3q!;|V;lum%9HopFRXZ%yE% z-nF@-{bNf;3M<;Kn=I1f5~@aB1fD;2V%PIIUv-*p_fd>BCg`SD$~!D1cfbxmnfJ6K zeaKwTaARIIsqQk}B#*nb`4C|9UlDPY43A~kEhct?`AC7e6Q(7tF#=-;6-q$ei!qcT za~e4S%SKB;y>GP+1YdDeuc?AF@vSIXzy%xREOsWQ1^G*Q8zN}L5;FHBp@v&g>3Cp< zvOG@HnnI^0G3AiNWEV|Wvw$+K=HaWHnu(xr^@pBiWM!j@+2*y+rV0MS_u%BZ(<-IpuxPW0OXpcHt#v%~$kD_MUVtV0!P^eh24ls1#jo zwuK`SzpfNiMQ-V5 zlz4&*wZxOVB1kU`{2qVtMUQ5^?MMaGgE6q)S)WF$k?7TiVhxoz``vIZ4ms+}pEx_; zo@Y@weFl{k&5QtU!mobbdn~`#HgCnEevY=enc3NZ>8oxzy}s9^Kff1bCn8^NbXye_ za7HsfXDZE)cxO6F+R5L#kDrAxltKNL1^>GBv}GvMW0T3(k?=e9%ZU$J?rW(hfN*(s z%$-ai#NRZml=>>jXUs{`{pxtq%+?4L>wQv_bkU@)1VaB_yItgCWwMMJ^dWWE)ttT z$Dmi^IiL?+lR-A|Nb*_0L1jfWMlfP%tK6`^a36qaD)AmOiH(smJCKHt8B`cL=N2o3W@e~a2@HTN4IcU;%|Uex<=oK9%lp(=n_ zceS?B0XUXTK<+9eMjSux>JSuLgcRvB3l0)hE{YC5I zS=;qi+ss6nc8K1K{<)jeo9nFNwx+@U=EbXB+DVnR{eJf5@3l80BO^xwpwMEwV_*$9 zE-tnJ3ghX{HK5mI=}8k|Wf`|!ogCh21%`4m1P>K0VF|+2_1r-L#F@t`B+XwegxaT} zShIV-hq~e4ig2u3Q4Nuau~?D7@O>#JWGbt zW^th4YU1ZteFIz{Pk7f^PSU zaG&y$j4}%siBp~vd*Qau1t6hslG#xo6$F^JR0$rG@$m5EO^(Zd1*q9FwZ79Z^yFs% zK|ylV`=#uFhX?$ScN+Y3w}8u`h66B{L=q6j8Z?ZDPii~zWIt}tE?(Ca$H%4F=Ba&> zCjM}QU7F6w;O_ikvEf6m{_`{Gp%M<;vfRV6%~zmz8%BlgvC*>Y-Ug#Wl*vf4Vv9EP zl9J{drcs*GT(S5C{icpS>s(4meE$IdqV?hWkSp!SKwtb+IGy*0jhA2rl~DoYlU#$C zj3W5z>;rDfx_-!+URJ7jA2@Nn)D0c)jH_n|@|F^fCEFtLz9o zUtL|jZUmU8yvY%`sc)Q*3XYI@wiq(HId@?`gng(xo@L~D`R%pm0Csqq4yt`&p_2IZ z;oLbsz}n|vOmYJ4RIXV+CRTwGxRhoKds=#pe8_z;phK?sLuvUdINs(}Dvgw>5=Ko0 zR!fwWu+=qk13nK@qHQns;z0wKw5>NO_% ztF9?cfz-niRY!sy&ex>RtGVYpEymwwJP(w)pg1q2|DrlT1v51#1h6d5sc8#|&d5Do zi}sK{YWf8xCMG`5kv_RT>8bLf4{w&KZ>IR{7ObTyK1i)0XbZ;|VOQ_tGi>aTCXs8kC}vTE)Q{zsrTwT{BW?oh+vV-vQF~r=Hz5! zNNH=Qw*aQMx{l8F#fOqgKM_aJaO5+kJc&mjMDgQ9bX5tPP6Mazw#2VbiU7I80-lnM z36PU#{{CUVi`35b3eM6ie-2#ZoB)jhL?%er@-QL5BjP0JkrUjNl-@_ffP)z9Q{(&r z7xQt4Kj5IcD$!U-pO9^vv355#DnaRBA!I46>dq8F@5YYOs+~Kj_r&7Z#hPT8vp=$- zO3vj(Y-j5R3b~!{JV=vJTSQOPUt*tYw4oCfm2vvPp(?0c8hDwd*!=u_hmo%`fxo~; zs;vYqIfFDYQiwc;{A3%Rn`bpezh<%J<+L_zPNq+10@k^c604(+nOUJIN2<3q z>{wt67?!Oscp0LA)Qa_~D2Q*;qP#c!|R+!tYHHBZ@<@>-YCLQH>hhZ4|c zB{xp?*J^ONb^WV7Ud1haK(X2o8SiksHJ3NBn1F!5CG%!;S?juZ&V6jG z8z6z;q}#ccN`P+w*1djOHd$^ct!+9XwkNxzXk&&21?d#;HDYRtW7D^sECSenLvn1L zj#GZ<{Sq6SShjhjLPaMJQYw${j|2j*3)q4G#&8T`t5n{w1PM?wX2|N8zaYo@Rc1sWT{EmRznN9h{bMZn?8)XUm1Ky~@ z4W6RU z!ORXhnQnB%%;CqDbEFWJ6dB?$f7%QWiUSy+;^bTkX*?>X*<>ano-Vb>SBEM8emv+6 zN3{NovsFXHH6(&vw8g)|s6Z%yg@!OJQznIOHF$VAGkbp^C0=XvhL(QjSp>~H(JgG* zeifKAv(g4+bUfnl%Wuon|CZtNPoey$JS#9+w-pvx0f9C|Fx>Mx=H`r`8IUQ1=W@fb ziVUEpo&aC>f`@*0PgAGXJvJP)M!wBAx+jVHZ}U8dM*j%m zBE7I61}i($9qUq;SKMUd&qoTM&W-w9ZRuY?v#yT{M@J>g(rq$9_H%%Y>+@mF(*u}; z9fwT)gn@Y?hp9tTSEq~AtVW;7L4cu~`;qGIJ2jYTkx~z8QqSsnmREJfQ-qulP@)HVe%j)oYf5=A4$gBwnKmn{tsMj0mvE=B z4jS`38=flwY(GG`x4Eb4-vuyXxiH{*T_u@`qyTifqCHnm9IFHz<&rJ4p$@}+iUi6$ zYzjugZ`mkzWi@s-SN*4#9}vDa=*KFXhr7*tgE|?R>Y7Xq8_I5*z+E2pCzQjU+?IGO z{(j)RJ0kdPI1HF_#g?jNHCbxfRv(|s*Bz%zo@|BG&5W$dQLH!TRd$N7E3I5Bo&<$? z74^zD(}}Zdf~)oT8{SFSUPW@oNl2w8hU;iTHjqzN8{LP^zakmIGe=D-C8ZGin8UdN z=}q^8PFamdOt#QrTNXA;*JXu>wPqz{z4}?t7{N#?M^u;-=QXRPV9O$X`9T~r6Vunp z@o^jZfdLVvLa}VyP9F1V&AgCerG#8+$V0q;-*H@cj2Rf#y~cyA*t)H=I$&dAIaEZ5 zlmN!z-f1B6-O()^IQ@33>!I1mH{oapq~bcD&6@*t3Y*z5u*;8_!4hG>_i7dEm_b?L zl=VbjV*+mOJ~3=;kGp20=fe5ctV?<|n>BejC|I#5B;0VmmcEl_RldRRd+U5%EZ!^t z`0HXo1CDh(zIu6NOm+efcZ591^^^Z`l&a$EfbAY^DL!RZBsOg4b4aeAU<5dHt&lFI zS*rzrG1vh?G+F<1i`XzzVTRE(x)qqBq9{oM;W1x6QS@+(sb`b;VIui`K6t0-*;b4cP~{|(;9^hdomzC6+UJk&Ogpmc1RoB1&8CgE2g;t% zOR5&H=d&M-AI&7Z9g`me1l5%04#o@=$!{Bp$Wk+ImMG=P zNw&%DHSub(n6fy}wm)~5QvAz%B&!+1YAV8qz2QWg3ahvkyU4eAK zW7O9dXDAa?gJv8(Onssv=3Tt%14!2?ot&0vWiR4pr7i?qG&+k-Det;&GZ%SPEHDl* z!9&_CMQ-QTabNA(2jelKZV!+1Z|m%?_8*|QTg8%F4euDzOOk3_}YF3Vdo3M}+^h zV_ggYFlBv&I?13TdYgO7w6-TT|0qF|ia832Hv{lrmMnt-b#@yd?5ZJm0H@@jBRL3< zbS8*Y&-`M$CWe6GcRx%&4Qm!KM|S{q}&}Bb1*6CMMSk+n>XO0yxo%{Z2$tm zl;}iqfP^OU_aVSC-G7h;Q8Izz`1DsRL$_3~W@emp~cZ^)X2Ue!Wim&eis(Hl*> z@36}c7IgDJAaC<-bYCGN36`F|$rX~Af z1okXk%Uw1ZmQXhn_?VQHnU`NmH^1VsDCBLyP-3TL(=X+SE~D%2x|ZB8Gcz-#^Y}J4 zAfiT#Q?hX((M9{2q|(ve=6Slq%$6(J_>y z-F@_tgAU&qlFz8GscRig^RUNaRDy8ELR7CvLj>(+%z@fZA5D~HqQ#SPVq)THz};hg z9Cqeia>K9_g;&(J4HVg$fTn(bF802dT|DVPd~dmDm<1;eciQ#G$Ul zWDEls0oj>Z!tFff>8oHcbGa??L30$vQN_0QMhosXi1QOSGb=d(7G|mhzqqQ5__))p z0e`cK29!6uAEbrRr$E~9sr(k&Es0%Nn>FNfQUl1w+eac!!>Y)`;Z_x!4*&M!`nIdG z8wuPsGjf)MT>HW9C~|q(mF!zwz;GUnq;mow6*{3I^Ykl`;t}rn&nLm;Ta14)90$p4 z6UF=Q`TW|5(BMZrReQl=E`TG~$ikN1ZvzN$#Df+S-^tXMnZd-QiJE4vU-_)xY8uxx z{)yG{l%A76)s$3?v9bDHSFmPlWfj$EpiohvkZ|%KXfDrR%2vs*7e)s_Po9b8*kHA6 z$O=`-l9ID~4lGI9TEaaOmUIl%Ao1}7B~1qn;}hW7+TxGaOJ6PZLG|Y$}}H%DrCd;4$)uO6YWL! z?|zy=)!d2%3g>{dN0#WlHz=t5Tl!8=D!19p=6H!Wb|T;p*(OVg6CE3m1Gzsd6P+h= z^h2_hx)^<2ycE|d^$&w08B^x=c|w=d5*t|8DpA&1puWaM17PaaH&e3E{4sr;BI4at zF~#eC@P2U*<~;=i)024OKJY%I)k@-JGn1i==`K?~;ZBF}AB+*Tk=`{+# zEJKBM0VdPk$ZW34gMrK3^`IkBl4h=j{~vpA8C7Mw?+XipARsvbrCS;V1*E$a z>5@jeI|L>rH9<-#>F(~Fq$u6p-JNq1=VtA-_c`xyjXlBxoT%}z9zn3=O-p60>FfNy=tK7AS#yppAsHTG04DeKp=qt>9X7ZsCXDZ7} z1!flZL)T^6_#mj0*wcG@cyEzAdef8?@Wuf21BpKLs*CMLIiG6kLAiZ4YJv_Y0beb< z^s>}modYTc6%PPL8lA;RQV=@3hePi<&(q0Dg@=Kw+Zw)Kn|jY&cohh9Ka_3+R)}0o zuZqmB-u=1WXrjpz$XKmjTYmaSlNg$SjE7?MTuYA28=&28`P)Np&0Km>kRX!RRVaiN zB_*tU+gaZ{bMKZ@M7hx!YjYWS(Z*?TL(X|acxwEd3j|3?K2~Ece5#ETR`@j$Qr=OPY4e+D^0Fd zvX!zLo)>Jp3!X$pTzzTwlbE&S)y?KO&(5@v5P^@xwXEU6W|>rTX$lcP*uGZyZtk?5 z9rvS!L~=ys#{u8sb-14DVF=*1i!iF(FF8GMh0dyjN8(yr3*=_!-3UwB0nk*5a6&P% zq@bc*HuPOlUfmEHBr}%$YuzLHPGnbYnNf`t^3R3_ghUR$l!PQZdtq9Z9;MZF77}R0 zZ@4cTC^yI&?X~7UY8z)>um*f3$q-y%)&7o2P>&{tQ+ppBohO&_yaJii!&*|OR8{?~ zp+J0{%l5!3k+*uldjUi@!iG)nlbe`K;g)MDsgRsk%WZPb@~p<9S9aG0MMGKJa#&%k zL3^sGEk<3Z(xvzwA1P+R%EqPwQ1b4_Ud=@*1B{$hl?EU!|972MF6zEfNDx%KueXh2 zUiRePH}*`-%vGfOp@nyzJ9*xKZ6&dw7)g$j!g=f-prlsdsZUO&IPT^T!KP?Tw_8#| z6}FzM#MIMYoUz?TpXS{c`mqCwsf!1UU-0_3e2$*j5Y|1=vvZ$&VE$nAW6^Dz61pk9 zhp~;C(rOhJ7FGht{vfyHtD?}N!T^}Y|02iUKZY$!jA@75t%E$f-J?C0)oZH z{hHa4M3W1-$>V&tUkZTg<+8T%prMzIO5yc)>{AY8AQQx5Z_No1;sXk;cGtVf09nGK z{Wr)jTlRWh6nOnZVL^B23pZ^7peEKlv?xUR0_Lo=P()M_Vt@uf@s*KG<*~R#4ALYK>MwBV}9978wJT$1N`x)h> zE)%m7U{Ya8nm4Y@4Jfv8Ca8fVwcvewxW5We?o&284T<)*wj*xQ@4IkL~%i~_pPYz?gc z!Rj;h-A4vi-+qH@x2n31G0fl&Xvcd70JYN@ULkN1J2EnZkY0?SqrA^c%`3nkZzR8a z5G)23JH0mU0YMK=2Za_(5nGfr+}O;AFBn{zT1#SMax+BDtfT00u_t@$frL= zU>4wrH$oFJ_BKmeGa&Cg0ToykIY20jaTq=MQ3IfGsj#%gyGXuI8(O*#@^6@(X^z9= zeW31mhUQKmprNfzQnb=dTCyW)(kj8}3aGwaxX`f94DJD8!~W&#u^`*LTtKCNNtp%6 ziu8=7pKhjobxo7*E=cTg`awhL%RZ-RSkThepM?Gpe z`$d%l96-o{M zhzGbTcgFY@jxnM4`iv3BFqG4FQm4JcKqlz!#SA_wy}Xd`DHWH~!0I$Jb!1VqfNPRvD@<;2#F zb9d_;y_w zeQz?pk;lJ%Qesb$A^}|jvKQxi+FjMoV4X?-k9l8XZQV?;(>)+4Js&I<%!Y};A5;k{ z%VNGL)l8*LBTfS@HTi63$*v3A9f&iN5PYURKpK470myjG0H(i6;N%yz%Yysn{+@EV z0OBfD8b$8|>3aX^dK#0W(%aKS$iDcY5jTFIW%dLP-6Iw+WnLz)b$I+potAy~&PxOm zg7*?Oy^2pi@~v$Z)p<;qYmf#KARGk4ruw^VVGrW(ups-vY$VuSaG+LGDb z&2^2#x-7YhlHN*Rj^H3;Pr9s}g_tps(|aKGLPu3hS@rdQ$QY@R#mE4LNdyKHohvgC zgI+(7u*m@F2oTWd+W1x+vp|3D*f<>Da{QBcACSaWnM|7N8GN-ei1QuH4vi6I`*?rU zfpt0VQ}tm3`E*DO>l|Og&sz0`G``>16W#az&Vj__PD3Kw1p=~aY?>7`yE_GFSyee7 zO^hjYobG|5<2u^$b3fx?-k7P$XqO!Acm``)I=a%(fWW2pXa%70YrG5OjxQAs8d*3| zFcS@zwL)R33`-Q1XsFu>WHjTYi*X$#44hFQ6hRjGPB0l4;K#F>>J5gnf9D6$S=idv z?(FO&1MC4R6`oEV{>|0GWs9lMRT~y8ARmBh$@ShaRA$7qh&zquz&#zGo`5Tliw$p_iqNY7{O*nfHJx-}-uVF_IKJ_W$StBMo&M#Gj^L@2P zN&)y}KrN!x;#q$PFIZJgodQ~#al!L^`RlS2#*3!=+r!J-1OG`*Ku8CWiGuW*EiKQU zJ!`pdVhlx=^Qs;X`iRU7q`=;|0iY)@YqQ$3oy;OplAXii!ApReT7%)%enwFhRSs6X zogRrt|%W1iBPy&K2k;(k~{9q7EJ{{9B6kY4Qma`wFROF5uedU18eq8XP zJYpK?!M$3gyI<_d?+!1(fM71kZIazk-DP^OrSoNsg4r;mOMrO(G7sorz^VbRDlKv> z>WC7u;)RBhqVHunf%gB+)fUGG3Na!#~b8O6+<~fJe~OJ;u-S$D=9c2R@=@! zj~E$kI944+mQJV8sRN{Fn}y|OEq)?^<1>*C{zhl&!TJTT9f$#gX91axX}Gp%{##c7 z&eu?72_>yVNr?IERPA4;D^l^{BSV>ASkta!1Fo zcJkWL%HyZ>SONch_ibFVsEh?H8=?7wYSD1ZSwL>iqX~eY#uF;`cIp6_!In{!c$E;z z4#2@+0Hab>HZH|#9NV$O&%S}IUJbe-K|nLZX@h0tyY^E8m;s}w+F9N5oAsCReo_Sr zDogE>60GTkr;0^sQRt8G>mDT|O1c9~gTrj&577;mjl0SEK39V@Pat?;5cz9+Nwi`q z-%D#7-MCr3xty`_I^khKF6SK(RK7XY*)c80zCA{4#6!(r)S}>hmDBvY8mnF*E9X(6 zqEX~8J?NKZ4C{_o;C_-qmf~_ma>I3X+yXBQV3`Ia|esr4ME2%tXu1b?uQ3Gv`R8^W4~ zM&$^WnC1uz6p4zwRVH5@HvOsB*5xQ#} zr;{TC2bRz(%6;oCr}+qtGWJec2j(fhuHQA$u3@gv7^&-=0pN?;mMEyp3LR<>Kp#Ez zdy1^1vM)oKV`U8(z5anD#yO+6fT~Jxqh@q_fnK2`*{=PmU`&3e<&c8@xmj1C~C z%*3T1X>mTDfQyYsoMp#PpGjm|h>FopI%npsD)2C!qKnN!FJ>$Sud+s*(c+Nyf#3T= zMlm_AFUJ|QH$s@%Qs!6>;1y;XSaF*&0q(ehBp{@S6P>AdRwKpIU;1%NzB8uN^B|~n3lWGX_qc@ zs#H5$2X=@1Wbf*TgYA9^l)5BOnfxR8re`GH>fPU zs7i>zD{e|-Clypu&8(^6nq4UXF?6ayix+rxS|4&oFyJRr4UzvZs&QXms&?^JxQ&94 zuyd#SVo%>)JTIfFg5q;wk$}u_-koRUd9a8bl(orvawMUD81$rKB*vgBLj3Y#OZ|*# zgS`*VR1^|BVcxTE*B{T`DxGIM^k|o#`n7YmqrP~J)xrRl{z8J@Zy$i2y*ZN57n*7*WMRq5CEs@7wcR zMlR%C43fgbM%V$9CH8B41_dGAX2F2EJJ=)?CIO&u1!renY~W$SZB$s^uErQt*K5|i zF#_<^%x`K(Tr;U&iNx4_k5-G6CNx5J3VbIkpTNEHpT?eO8hZpIW zaSOIYpFcM|P+N=4MS8UhaqqQZJ0nZR`(r@7)Q98pSN}eYc&>ifzXM%MAkna`baeD>tBGlvG`ZXqh3g~uDg)WN0Rip<}Ee~)K)<;_a z$KNKOSxk_X@^|UOKypwJ78(tG)7|<*=5*dl>OHJjI;?kc9yHYB| z-DpE^xL(gxOa_&1tYaA=J($T6a0~zaoYYnuHf$t_VR?LhY66i##+;`Xy>u4&7XY#7 z-3N#`a;M1uwAXK6@1$PZ-e1_Zh{}F8S$sJE%^$K#04i__;Adaky^6pQ)(0VB3Y;mx z0c2$7GONIlaZOn4k?$VjDiOU>`-k6izH(1HDQKTFD+hV1e*A4EJItUOKMmNM6J}q1 zeS}y~ePn_GVtAh=gao4NafEWDRh7zuVjC%ssi^i+1kh`Y4mtXQEDGrrf(Z)j2{G+T~&0 zUsG*!t>oc6dOEQ%Z=u?yZ1u5=jLUn4s*u4YCVUPYec0S4C$P^V{EPgitBNEK3z zY>|+9h)`TUC|sthr`dmBB*O zLPp)d%y5{DE87YyaamN%7&(TO9#kXOzq_CPRel=wbA009LQ_-2(nDTwC`T^dCVMz< zz5bJmf^v7ks&d*Eu#u}+5^JXl#tU!C_xFSVkBnO6{=aX<)OW>x{+xbh!4eF}eIK$& z78Wd+$&C>La6umw_yCcC^@Fu9G7|O#aC-T30mKSmo`ml?roxjR5E+$WY1Q14`VFFo zMq*S-MP1z#aC~KB@i1#vbbjF5uR7zP1Cs9Gh8`V)DPGYgQa7@5D3K6NBZ|B@TFw|7Ked9OJp6_Ss54O zbCCkDp`enPdh)EiX^$EVjSWVqyfGtAP@8*aCsJM95* z*Qv4Uf1C^@&tpcV12Pm1j9&ixeB%)TA~ z&`>1ivA!1O>!rd_Ew0)LTl6pI9OYrxRpAAo{vU68&vEuHZZZ4=(1ho}@cldO8UT8$ zd_nEgii*U+6!@&RfiX}Aa8(KJanF5b7Spdn2GId3n?z5&{RdCX0`o&~UgqrweQ#8X zvQb3aK;ftY?0ljqKXFFQ0yK#qxk69Qr2H5WkmW|(u=~*4MPbf<0EAmFD`~=+(`X^e zX*$)Hz**eX#7{~OsTUHQ(az2&W?{XlJjYkh-x{pRH;!2}m0MOxRJV_mV@dslpN$`j zL0jC?JRA`8xtK@ENFqvK;Jfx(7g)C&}HMSa6_UsMNA;9v@UnZGN!OPz*mv zM*GI&B_9D^@1cloa)1T9NV#n4e(+uEB}m`8sFJ=nXjUy$n|@G`JY=W1>X#NlTDMS< z45$Dt^Ft;I_q)7c;o+?&lqq!Jn9dMpMS*}Yl=P($s8nf2$e%FAX(%ai7zIo3?$FUa zM-ib`Wf(~#PIyx|sR87Vs;a6_gKD8~OFGSsjkB>p3~pH#lB7Dx6JrZjOf^l0@}<|` zifun0h)O>#WcXp>p+;)L$+$7y39(=bBhc*IpVW@|c~i!xMyMitArN=RzP-02t11Dg zI?i_|62a^G+lB9>*7tyX7<@?=zyCqH3`Jxn;tu-%BaDqj?*Ml4Y?!tAOv%#HvJwdG z8GR^{I*Iy#;L~J$1)N9c&}>Tfl!p|Lw(=%TQ6OR6kMk$6a~&ip;sBug69pi&z#ax1 zcb?8v*)pf6r=u|;RpEYOB9YR)uSxj{s@lcTuBu+wPQlK1i|1(-sfUBdCnkPeXzhdh zDWcwgoGZ>09_9j)UFzC(7hzah6Gvgy&fHp>M$vMK?1LBid_y@Z?`t#KsY2JJzSBA& zM<^Lk38;_kzg+f{xx3c(k@ilqnr;~1sU6qK^;l4kZOIsSX~3bMF&B0DufUf-7Fz4Q z>0!SglS~O`Kc2n%o)%TqF9FNmqGpY(U$N4%5*67|CQ~exT*|#4cMcNbUX51von@g2 zY|EH<=1e!qy`!GVD>hw~Hu)|so7IWKKw!x>5epAQ!i76r24CN=;ymJDszfzHAQav> zRIRfYAkY)MtOIkb+#FC*ApUnByGN*V^6$SB-ckfZXy|*i-f7`r`+AA#3!y{k(K0gJ z9UMj;T#$qW>xfh~-1o=YkdPB-BeDbt%|0M4Vf%%awsw_dr9p>A!q!~9BNuopGBo-} zaSlrf>umKj)5SschFI95`na;E(Br&al>sa8rR2U?mtkv?$|n;xpBabU;f7+u(+7 z)86?DUHP9!AG#_=AxZ4YWdpCFK!gXhf(by1?49_Ka54c40Lsol4|Tx7LFT`9g# z;0z9`GpyJLVya3_7!N*HU`s%TY*)|Si!Y^Tl! z)p{F-R%;f50{6Fu7(6z%-nn?LWu2>|6n!ixD)s5)*H!>ICTILor#IBC{@5QNzB#CO zqzai(Q*Xu~WYwLD%83JbRdz<4zxv|96O~;88)iHZrn)OaHyuJ%{#1<7K)j&~2mU)G zGGj!zrh<4nW`JlA<<(n{iy~4!m%b-Yo)jtN*TrwyDB=W&r_#_DOafM#3Jb?mN3J){ zy`wxXdwHb1uWiKqAJ5-;!N_YzGv#NdGfnr0mfWyk8L#&s z%i(m1PnqUxM$@p;{qQ$4x3K78)oZchy@7SDhgvjs8A` zJo8sj;gdI%Tg!_hBhjT~Duv@-Z!*)x@@Q{x)J1oy__&0GY}HG&okf8E{E?X0(ejp%NO7zRPsA@H zIW6zCxG>V+d@hK6i-Aq)K#uf}FKYRpU({6uM?{fkY;w|6Dx9PoKnO>=B*GlCGqlGX zFS+ytf+siqGF%$1ZwkjPYU=8?+B4SI@w46I2VThKM z`m66Ht`EhYDv76Oy95*B%P4%W{a*91M*~|$utDpE2+uGurj|Q`tbqec9YjP-?3j+z zC0O73a`EH`zukJ8_WRD_QkpMb+WA|6>k#|-xDNZ+qL6;(r%bhy@5RG5D<{7`N4m&o zTa2fWG2w@%7=__S8KOe!5TipwB26-<%d#bMxUFk#7r9E_i&GBw^g!;5OG;on((Va@ z`)Ym}^6wNTLw!(#|KhX9jpz-_^|pYX@A~6&rbq(GI|FD__yPFw=uWJ zRde7X;7l?4`cu&N>_(TWIBgA45`q-90h^)G?d`2vv6>F3)A3{+ zLVsnjgeFlR9PCF0@o@{IO3lw_(9+O28xN>c8lIX84*d?n#yXBLx2Me_LxV(evHon3 zpk(hisob7)IH%0v6cE@i#9?7$D@G4-3)?)tNk+p3?So{pssG!%KO z8u{C6MjnZt5%zWQ>KQx{dYy>EIAMD`VLSa0x8p@kXGlv!|2ZvZOafTUjWSCVPazJN zpj*4hr2-M{bTcC(BqsE)#ieSUx9bk>UICOT@~^NY1VEtUh>SF~LVR%%CZ?7G>@Fex zAki$c;9za(FD%IKwX=iaFWdxxE0m^KR9GBmcxLBEcgNk2+}>5bW)8&xVZV%|FAuxt zuRdkar_u^l&{?T$JYT8kRuK@WJlz4f8^o?564$b#VUBOoJ!7a!tU86uu_eTBGKYe^ z>)C@1sUYD6F%)DDBDf>;OEdK0H?T&b5u`$V#jG!9@dHHa%Sc=hrDwsVb{mGT&UEEiOiq zXp~UfhWy3Oe>gQ-2XKMk(A1sr4N!2AQrHb4OYr$D3DZ%E4EtJf;eY(QvvUcDhC*bR zdTOhn0(H+75!k(#1P!j&H1rMJg!}k^QA0h{U%t1Jz>2z^pkj;w4nP?NCw4wxBngzt zc@>MlEK{T+e2^p}bQ24IQk5M(thU3%trX<%X}*qzF$T7dqeagn?~< z3nJ|k1g5CXiaX|S=X#hL7$|dcqo5ph&*NdP;dBkA2(>M+Qovk$P0}z% z0(1Q^%UIIDgwM)l6a3xCZfB^{3TIo@^%l&C@DyNVcuUBErtnk9L5Kw3UvIxf9AI%T zz6n920Zx5Y#6iIRrY1k`u0uf~qDV-=g#LHy1h@nd9_IOxI4vbGJ~t9jZxA0`_Nw}2 zz@vu2e?7R~!+?7G=_9~Kwekn%X4YpsK$#Yx*^G>VfAH_lQ9fbdfs*><(Evr?MIbP^ zN5?I=URJ?Lh+~HBZwH5mK0L`n0Tm)(n_6Q74}rL>!L9&FLdU0w`ERPsho99)0hUbF zW9*nO!11;4Ft}~qBAYs}WTYhFf4yY9AC`=Fb&xDjWRyJv9pu=#Qee*vV+yO_0_)C03>dt584T41P8aeQ`-FdY1^_3y1Tf(3IN)vq z9w`^<&F1}jwRKXlvTI`NJxs{kq_$E4_Lu7&`0@X{yoE{ zeG|I==H!hpll_;a{{OkTr&u0N0Rqiz0BHET8{)ry93ClrW_v%oXc3U%HO0;t{l`Jo zdht};-bzvX4E>wS?1YWn^bX(Qlysq)JpWwqSxfr|B$IZZ#N%JA{Ne@Z2;>YjL;Vi5gN{kxS@lzUeRg44X_-GU(aCqpZ~lpYQTB6GHFNuE zl|G8fJi(DEJw1DB>X(;7a%^A=BVLy zNM3OhGiA6QKej6Q^Ggph?I}@y*7LQN~Pb7BA+>8`-%cBQl0*KqDZNi7eYvwu~upu_@I0!q!cirpWjl5gYFp>$gv zg)fA^zSh6hYIYm`JTc>9s6T@FjI{c0I8$w#)F%zKGBNjX3g4?|%~>fk6GWhL$VIU^%pOVgDGRQffSK+2_ppW_@OI5)};-o+`JHav_mf zXNW}M(v(KJxxiEn`WAPd;)`|$S9)Jg#M!qq#TWDYcbR9?USr@L=mM6@&86mL+(Bv3 z#iels@|!9q&$9q?DSI~26{-l)*>LfJo}MlZgFReEr?>gd%+oQ0B2{${e96 z%L!7_wrnXv3JPQra$!Xz{_k{aDe?mQo(F`^(XCceOz^$G`9$!AJgl;>3kmOrqH2}V ziu=Psw5Ahws2xWN7v0Trr0#nP-IFt}tKo|kM`Aj1Q>=IgUq$YfyPFWMv`PI;ZL;|` zm%FSpGFk+jw^k)=a8fu%hZ>SNzis6by{O(AjdIclMp??>cT7|MPjiOYR0 z-%s!D;WxfHO)oyfFWOAVE#`IM!2`YOnrm5eMgC(MAmH#!0YxzH)PC;BpD>pd6}Aa# zH@Z&CXxF=?50wVRF{+mRb2U5bmR!0dWxrnvnm+#2UHm+bd1L35=lx#FBfG$J^tT=G zToB0pPP6UgviHE)hu=ZyXWzd5DzX!JDI8s+jyb)UZ1BV4w`bG%RxB*j+KommSMOCv z2rlfh$q9nBD`9h)AL~(ng|>|E*vP)T@7X0^av0=dOVvv~4{hR)#Ly(osKmX9FmM^s zEz$?U&`2~m+QvS^H}p7yHqHap=jZoz9K; z#)3E592lL8q7Vn1T1z~*dzkasB4zgVd`OT|zxeJB!2ZTQr z*w3%k-_P*?eQ-+JxiT5oDo|hXh|?4OQcpS&5jU&%^|2=#U%L_Z)eR<8(_k}YhCH2r z{{BpFujo#Ec{vJ_Sy6T0OpNp>9jjc+igrM?#0{BN0=vY%i+XDw_dUV)oM&1oP($uP zs0C-SL?LN%*~;>(!mu!nbi`v~HC-$s#lwJkThDd+e{oASKC~t}J_R&?7V{T@!r1;_ zUNEw(^yPZuBx&r!oGn{m%Ea$_Tvh@~XMT0Ax&dz(PeZNDB3MonUJRm1eRVb3;(L$m zJV@H@-DZvjc4J~2xE>G~bF^fesr?Lg!-vKi24sAgo}ouWmXOffMyUi-^*(EG-Hae= zL4Lu%0(O76T@UTyM))raW)+7Gj*fC^wi^?*Y3P~d5tBD^K+2xP2@V+-} zrfScu|JmRy4O3wMobO*X$-Dgd3+iFN7B!3Rfjrx6=vYXtfz2$-Z6WVSn+pYE@=}^S zRPKvL1}IR5@sED-3}W3cDE#wI_qD7{K`7?f247l7mbP(`ghBV9k({`E zJbWFMs#p3ptPB%8J?imo1rs2gYqWA{#tVD=PnJ0~Cx?05J=0fjU_eCZlr}#%pB1C=|&G!<5gWqYlyh($@(inHr?g!*kYng1l7jw#a z-H$m_D;GX>v#`b-$zz^5ro;)rN2yzfkYIm83p`g3d-lpYkLXWax(LrFo<6^hPy{qt zZoTr%e%6A!L~C_?(u$^dW({4hayg{CC>lgT-#+tpokEz=;B9i*FAP)pu0nUh?-T~8 z@A<75QW{x`2)Dx7oGRzMyeFG5>OV;xEY-p7Q)37)Y2Vzi2)m8`?7cathNqrqwHP>Ah<90-ey6HiD($JS}WO~xHRx5L!R+EVP3iY>l2#T%s(EqMg5C&-s1l=_)GOiaa-#)az}?z8#11B7hnamDwn zTj1f_40ty2<-6xE-Ju3!n?JkdY#MQbW*H^*kv#W`6h0Sjx8<`t8fED$Nj!ZLKKrzh ze6dWJ#4nDb%ENVq7!&HD?5+0Pdg*+@%VV-q1Wbv<$KH-{N$K>B&rt>J+jv!YzYQKb zY|Fg%sJjD<6>3&f)V|#ZKaYzrzWsLll@gb&$-hy_6Q(HhG4QK+W7&Ext@hI=zV?E6 z7G1^>alCTD!ACa%Ot_Q^-$9>>zLrH${{BKvHhs3dK^W*GpUGt4faM@?`jeUxdd{10 zy==d?BRN-Z(xDgad_PCxPP5`k5GPP7=OxN;kvK$Ni@OQM;ZsCz1~Gv|gjIy~LSGH5 zK%g!o74_TbF4z0e+U+{?>^LD)ukH_`3STz+zs#8nD|EJmc>Ava@+gOn&qD^Dtjh0Yhz!W*jP3H{7Dn~2 zMT_hDd&avi^hW0tBe(cqlr#8%2c_Rpte6h=$_bM?WbZ=~Yi>Q~qW=_@ z?gw(H;(=$)@qXvLF6w2+#h1P{5NxnP?8v{P%o0s z)k?LbSfDlG${yqHh92R`Da5%P+=GSG*=TwB4VDN?JgD9Oswa5298FsOa_F|kIHE3| z+Cz8aTRFQg#a1xIQJQshPJ+)bWJ$Lf8$Wl+A3{ucTioP59QO$^u^cX}~6MzCX zouJ=EI0-u|9VdKFmof1WhKts)PAsEFmO81+9e+a)~IrLVkt z8z)^h;;$63-Dtk%york|=HxRK;Lf!!V%J}NsavrSl^F~2^B4Q_f_~c*+h9CnDJ-%% z!PWMONqvkPc;GfP9?m^?ALj3g#QDWga+)YfnxISxMBr6{rrSrjZT91>6B0N27>@l& z4=F{kJ7@Dv(?ch6{TnMRGC&{Bi7*h}i?mI$RKlJoZ}jHco2dP`|{X?Mbi4L~mv*?M;`(5ew3d@28gaN321Z0ie-d+9-Za}W37 zi*PS2p^Jt)j|A@naC6XAO!Yr|HK*i9$fQ+bM^>h{Z6C@sPZbl&kJesJg)CpAq4)4a z4B0fnli;`T%~dY>mY0L2iS~n*Y#elgMgv8Snv2X@HW$C4@=qzLmsVT|m~Z$x<5DmE zz)B=Y&9_tcbt^PEcz$_#HFonRtj#8z$;MjAUxK%W@?xF@7Adsth-2&y-o?9aL0k05 z|Es0^-+!@d1ps!ZR$_&&KT)K*&_|}ZPUD!QATC|(Q#lW7i=L0AP?Mk;V?O(fP%d^b z8q+G$(i)OMBqOU>&rs_+g5%&rlN7!I+iCQ`>IR)w`)l!PViK zW}D9nh0;sLvk(w4)nL9u!OmgHoUZ~1;RkkmQx$}_2O8~$LK-*9eC($CQE*x$sW^oc zu2{u_)zV-NOoGG-e@(a5B8FSfF*f7tQ?7kpFXR8LVStwkucpp&U~z$M$!x`*nRUOi zqHUhTiP`j^EbB*Ewdtx=){S+{9R&KlOD(WbgDd6D?5D#M^?`rRM%haw4o8Y2lKx!N zDqAy;HgE?G$MtD~M+{55xbQ2rvWvnpCAT`(B8&qj-0Q5@ZQsaG-M>@uRKHR+XxaZI9B8=n$0eUq)38n2nH`*Q+V!bz=-W8pOaSk2{ zZiZ;vM2_uj&+g%jbfb}c5}cNpD6w^S^@%pw(iXPrv1Z^zP&kH@v>BW$z|*MEzNIsq zhnjAIX_K=m@P!t4S9#B~4zCDP*;o`lOmz(J7vUHet(g>l8uU+28)B>w3WY^%J_*Ro zBlGMdzV$Q7-NvL&&TGHCP?P>aZ()&~mlTu0^zIeXL2PwL?26gR6~fHd`T&=3&L9G( zwvioRZC3K!H4RiRmE_&vrzUue5#7?Vg}w9A1tksD*ag5Yt=T&sDG z3H?X=zhnRt$byq~yN0Eb4C1U*ZO@i;8Yqa{pvl*YE;K%uC4>mADdt3(oElKHJMA3eeJN$l@rtEm2T1G zv66Q=PjDO@d3S$I$LAY51PvQh?loiI6&eHG%B6m^eT|XMQ$b2eh}Sb1F*>wR{|R9g zLkrTeP3OwLJ@m@QkBSGiQiTB~`2$2r4^d1FKi97rLF;_i72Z2sr2Gq6!pSEpP1=w0 zX`tJpHIG|p5YUP9&s{$5ZnqArt)r}YBY2;2I`88DiQJkbb(w6|IcV$%UfF0rB~+h= znqd)`BsCMmV?C+hJ)?_ZuXbP3rSqkqZYp!pgO{DtD7>?39iI^EJZO*Hr-A&;Ll_a} zg>kz?*+4$GXTOS~x*P3dcIrq^Zr;Wj2Xf~Y;}_M-j7Md}m=b$&Vb%DSY*|w-UFUL_ z?-i0nd{!5-G#Gd9sdlPE1|iY`mSMJ)r<4~1mxC|5%le>w1B2UB=V@(fw*0s_0!7qD z*Ce?V^dDSbv^4W8z;_DdC_Y~|Jw<*&lS44tjZl-8g74Gsos}%#OjsElH_SJk#}=!+ z5*blu`*=RY19S9G#=h@s?L@Ge$wF3E_RA>xX8EUP<0ul~Znh}RrB%iLxSxHH=w*H* zLWk-p9ofT{f``m&it4MZif1b)JXQlqSLLY2KD4 z(QLR4wpQQStwy^D*^C=s++QfV(;>BOzQgp8-%D=l5_@{a@Xv-g0@c^^5ypMzT%~N| zEizvumtdE86~uv$hV$KlG8ZUm(*B#Clp+pW5ArM5vHkGi&2NYG#1iT&ef)!4f^WtS z=4p@2_YRJVu$0{Rdkgj76#X2jlGAgaw{eXv;(BWnAofYEokk@9O+x&-N3-4zeCqh# z*>B$3IGgp4j(q3=Qg#llI{6c(o^nQ141001dX&K}ca#xV8EZoJq^%rb01dlp%tp8J z!cwSG%se95?QXKz^sH)}NY1kQSm`-ooihC#<@1`|E0UAx^MZpx3?F9Sqa5GyK(!TJ zLXax^C$R5_F4hYBG|fb#XW!iQk%I7e9(P1_k}5i&;JPv|uWNeT`0?;-ASQkdTy#jn zL^kK@Xvt2(iPOo$lMQx5@s9pMj85sw3V^!O!nc%X zj~`GGCn0`MC`!8e;kYR_-oEC+?nd`Q71RFwjjMC%^F5sw!HSKJ!k^PclqYwQ{)+rQ zI1#NPw<5Q`NB|}brtn3%7g&Obyi(5-$4z3-!NV`_Q5c4+Au!dkJ5h}3*G=|>B)y|+ zd()J{^aaj|Kbf6r3#;VcYwLV{eU2kenlu;SdmUgZm42hhMfvPyfWekp(qKKm(X}hz z!anSv^hW>QMCcRN7)BkcqpW5=_Ox)hzGY?H{s{1%h;7l1p4986^Y>(qzDc$0`+G(C zx4C#!G=we7oT(TLPDoz=LK)K9MhjHLZPt7-+JEf0C00cHbZh(kWsh%aUD23Hc+pl8 zlvY%{jt>ryV%zdza4aP7l(ao-n&y_o6@|qZc3AUxZFtl&+7 z@bJI^)D0z_oFC~@jP<8P02h3w96S%novtH~cY))%P>b(VIzjassj00PV7v`a+x?u- zJxyM6^vdbI*w?M2UgaOLe$>PEy6y@Ea|de&iw4;Bmye(B9UQj7@Y44A>y8bLZ%=){ zKQB@<>Z&qdcS^|D<0#eTHuEaNHs(i`b{=D5dYhcn32d2OgqlyN`9t3;v}cj*Io0JAs$M$Lb}mUz&9t-@L-SRJRE%6}s#1JCTQ+UK*sZn6Cla8q?`C|LA|$?f=Ow zB|hy$?$c;srDrtt%jhe|3&+JF)up7j=o`?u?Z7I|#h*>j+${253Xb`PrpCtj@v*WB z-BXi~0cKy?Oy768Fdb9Suk;!ZsJ>XxcSI%*Jm?a$No{AN`Oe)Gx0sWLib%=P*?T@t zb=9HS)Wk}kA&g$Sa{E<~pPb?+WiA{Yf(ZTk!n~H?@+?w0jLS%RrPZ71SX-fUf&&er z(MLsMfW5+n1iWugLV_s`D*zwDg%0^)wr$i5m1aN2=K1B(>$>=At}MpY$U7)#?1H=w$uxnlE81ym9Iq(N}=vEjFBylwq z@mq&~jp~rK6P-cLL58q6SE;Hk>M7F&rY3cX+bh2`)I#-c0U)LfqqFR-uFrFR8UIHN z;X7)!MKgOV(c?QwVNV9XQGBq#PtY~W&hmv4iN6<77z5_(TfLLAaOa8bK*R>y%K?Mn z5de^2VBb+niXGfIVPBMD3O_I45W(p($4K7envzXon#-l-7yCdFR#-ZHa>CNc@4cYr zfj)76HL6DXLQ2SpI;hH@r9CY2sTwPmA62K0+4s~;00;R)bw;B7P~gqgDF6Pmz&oH? z3Y|WhXT4}trd_-hrTD(z7RbjN`*ASS5?0w(rq&D@?wrC4s* zk>uw_zqDWI%e22_HxEde72{Skxjf44gVg#&L*sUt>`2m|7h)Kw;j9EJcr=CQ%65yj zymS@mUm3u9xyH6$i{rX8eXZ!?)nYh2u|hBQ{p~@nowk&pIY9*W;ZkYHc-&Dx%qxHj zl4Y0_`}Egb`i!x0kikaGKX+Kb+N^K(nQVP1ZU9jXw7)^9A^Y|TWLnI z)&7G5UQsH&$G})W&;5FZf!F>p^iu`wG14)jyU8;_T>Bbt-F=0_eg1nULaN>TpA)(X z71QrZXZMY|Cc?=pSFYk?U?{~3fm1BpN7tUi(<^VwOW%XO*a$``-0g9IBvSv}(^Pi) z4^6p#;s@kEoARsY2;K=v=qel{*a4JxHVNcOEU){XTc}mcjD3H&B`|A4T~7Amia4C+ zHi%gYYx&&N-*0O02pDmO8Scn76$NV040bHOkI#-qarYq>dgZY_*Uxie_~L@f z+XUU_Yo1|Y00PLD3G}8c1Iy&DkEE*uBXuqI*uee}HPw?DwK-mPk8?R3OSK4#bA_Xb ziQ_0oBC7juu9)u7rLVz;Pr3;+(@;M!v5bX$VD^fCQJYkC zBp^?(Tv4u@qS7KHuYTOB#eV{R`M{Svpe+9=veOo^(h0CmwrfPVGQnS7oS#M|nAiK$ z4rKY$I9B)|kGUDtO1+$?2f><>QDoZd05IP{ z{nDHRg1Ws0ZO834k6Qp#%Km$MX zbeH78euZ_=9kRf!Nkek7%P&ucWsKf!AK5K{to^M&k34-929!L$F{T=9J}dtyjVW&q zwk}1WL9X{?ft1w5P@WC9U$9<+m1T(B=IU;82lhbSCzMr@N1dBA3@OF56IHq4STnZX z$M$@#hOe1ACb$zFYOzX~r)uxFqrKdmaaQ%QF`O%oBZ+4)NMsaI$zPsY)~3uRn?51_ zvP~%w)=N@)y$11hQG9;-qC0gKrR<4=N8A3>8G&VY#Wg1TQ+LWe9%#ybJClDic8M6Q zD0o&Poi6>uRJHD45x-U#rn{7?;4H zBQg8Zd5a1IzI9%%;rVs%|6=Pa1KMh|EsF;!?h?E}aSv|ATdc+1ic{R(3GVKt&|*P~ zyA~<#?(S}Z$v5-vo0)g-ubf{=&PmQXd#}CL+HN-|XY(%AR-t1r;2WSwZgKc+|9csH zg5qttr@2ta`&f%y`)@Rq>~FZ$|6jGnzotA0O0ba^!fL?#_J70HPGmTL`7_K=j|oK- zMR33*SG|wTa3PD?ES2XaV#{M~y3k7?8 z8WhPX5p#3LzYllBWbi1;t`T?B+$qE*qjhgfsdPCUHd_vwIPKGRZ{NRF%P);~)+E~e zL;Fe1rq5iL8IyWAh+s-E+kV3~@gjc;m4*>}Dcroc$CXd?dZ2MWP`0;>DY z3>1&-!~9$Uoj)%+<(I8qO>OC%(nWn%MwR7K}5bf?k#y?Jx^ z0V;=w`D;7)QU+PHkuMY)iIoiJX3rNTMgvmXPzieNK4V_-Lq{d2!vpPYTDEXR+o6&( zb;@JxvcMmv8xgvNd>3!wbB;A9IS@a%#eUcd!4#mOZ1|}ii-t+mMPg1jXM%1Qj*B0Z zqxnX6aawx*BYsYU>7v>?eEUa8Kp5K_w561T25lo-+B(`=DI69VgT4r#P9c(RaDw@E zhw--(PK{`mE(3-*4YBud6A1{i4+)~Wfjj0;^ztOGGX9K(6bWtuc7Z@G$?+YMk^)gq z(#V}+TJEe^Pww7a_8j+NgL?eeQ#qCUn@6e)Vqp_gk_7HYq_`3nIcY|h`Bc2@4wLnP&i#-U}&ZIs+csSsJs^GtXN>bE4tz$nM>A>8Dg zWbUrqNI6kMxs@jytC5UEJ5iGZ-(u#`tDgT=n=t4^LOn)W1msAroFFY`rD|~Q-re6D z%8};Uqujo+i-14DuKSdAK-(sX;(yO%N}^@5h=$?V@6GJ!KbwMDVfD(1xB-f~XY3t} zeYH2L?NJI}nTholG5Bb+FX6$awQjAso_O8u#}Zg8I}v44mi%jWjo<9=Lz&ywNk_GI zo%uzrVMzWyu~H%NPh-afDETdUF3JzcSVb^Mmv8q_x^cjgmigbSwTMnBNf_XSf2US| z`|qNQ_PsvEdzekk;IuhEg8fzkh5elAB{CYbU_LYr8WYN^+vKtG%f?Pxs<2?zGine z=L4YdTaFIpy~GCjZ3r0{1OoGG8|hKZL2O7DA634zfbP)^&3Mb$aZ;r2;ktJ~MzO?C) z!Q@S9G|G$Wf5dK6VpTA+`)UvJb>*l|Pi=AWC8#K+wxxh}g4>eU`f}+?*qw+H2@S}J zy{R%ub6AENX{~AR3Q9lgMUhP5Gtk@b4BQx+FmRBMa>r`G5X$ zE?Rv|ttY&6p)p&inQYFtgt=TO=;St$=-;S&Ut;cv7WV(-0A#mAq> z&rb)$!P{BZ*|urHwTuVeXCjTjeth&fNan*b?CFh-XPRB|Y0gbTI2ZXhC;{h#OepZE zBGuN3<2I#k3BPq+7%icZ)EwPy&bq=Fy_UCZOMvc#3b+Oih?rSm0ilgeGm;nek%pM* zEhKJCM4$*I-CBYwfKKbA#>I zM+)78z8B{)T~}LjJNXtMGz$--+Lw{hME7^?Ua-e538HjYyD16&f44IK_h3CA=4IN? zZ^$3|cY6RtiK?)ts0HdsltX>K%b&GCW{6$n4EK7!DNz4Cl0;5(ww%{_>6d2ZqUD$0 z2~%Ub%R*lj72nzz)q6cMbqjGjfA4h7MNta~Hg|9vAtx06cga|6KZ%kk*o%iDtBL$6NttfF>GA*V0T-CIVKU2wtFT{p^k z#C5N4Bqq?C^7k)me2*x<&5uzt7UD6o57rv%ate%^4Ewq?0V18)-5rpkA8O*L zVnzy*M(dd35q=pg8HwqvEQzBzX$S4y?Q%YbL#a$;ErX=nwl~Roq~{&p)u32CUEm=DC-FS8!yGf{5J% zaUB#)y$0#lhT*lP>)mRSQSejPwUF{2n zAfSllbbJVWZ{RaodBHe&rBkzAih?MyOe3q;-^_vXe8DpvtoBYh%&uF1U7U=?BoI5D zt;s8zVKZ*;LZ^zmAf#wM=|s$J}1C%P`sLF;k%=G80>LLzRGo0$UuRGHcw)=|I2f&bQ)>e6EOYf?r*;iDCSAW?2x+R^Wq1&oTRMV21O zVHCoe=SD=1C|AT*0fiG;xZ76WPx_}Wo4Mn|X>giRFy~ZLtzQRY z`@|_G3jMq&ie89=N)=Z3mR@GRg&T%(5cNm7?OV`^5?a>+Aw^j#Iv-cS%%05^pZAVk z)={~Rozn<7e4w05*g6#L9c{o$=A_>!L-}S1+=n{j04}0urvLQd@A=2O5njToj`!~m zet*-mkwJun2~Rlu2gC(ga#K; z$8(kK>1W)utGgIJ9q&M2glJL#a6>@3PmT@AIKd@?;C{+*`>@de2%gpL6|l#K$dsb= zeS*->85xdL{-~E}!F_rlGTyx+t}Pna@zXP`#u)*xZbiMCwO&3Jb$n(?uGfKlUgV2f zIJRM}F#@vqbb(7Xi#yDGx8WqdAf=cr98f8S59w5xHxOmk&x#9v*e5^@Dh%O%rsW0Z zQyej087YI}P~r`WjSwJdk6z%};5x+&Ko%qJ_YMt3TQ^kQ%2O-715{Uc6eWY$nyyt+ z(sHkd_lz|yev`-+B&r=c6;{q#ye@B_nLsp>i#{V+@XYp(w=$W+z2|V^&(;Y}Y9m$&Qg6evm*e&>tCfG~oc6FL*dZl8{0+2aF8w^x3S|MLkBc5FM=9Dh zpyQQ8KB(z+aj|VZi%z3J0qEFTNHmopJH@`>SJE;&-E8fvTWb^Za!jsa3UC|gpRFx8 zD}SGo+yA;5I-#fzjLSceXQtNt#9JkKYyV^Jqe5 zSDY7#aB5DyK@4lJ03QQq$R7~DLZ+K_;hf)1vFYvcfvS-3^488}c}<)mHZF8MhKWe@ z@5mO6kw6>^o1@)YweISdd4GF-fb%pIHK3$#KXsk8=J*zl|ntcu<*%uy@jchr5|8L{Ja|p~Lyl-r$J)`(P zr$#_|c$ZaM5w@3g}ToCajYj@RN%NBsUee17Fa&mPbci|KN_(O6A z&C!duQA0=N@!>cbDZG5Ryc~Z|dfsDdFdp6wLUphwJbX2_4A;QTMho%3NmW zcTWZeJ`H>tJZNPvE`?~sX%n_xfeoMK*5gTD?%#C;xOt!U#zR-Da_Webu)KA?>1Q^; z@IUQ%MNv@>hdW|2)skIU@qG~`X=Wa+n*>o8ooMnUpm>G5+VsV6fH_C_t16>h_sa>c5>hauQ_^!G(oG)RBzY-j)$3T?g` z6k=f+`{5^PaVf{!R7cTC%iIK6GE<2=ye%HJ#$wN<=4pFYN#&c-yve`pi`zw+5;O9ZXviGXUON_yxI!Xa00aS zL=jqe?dLcUUVcIMPt04mK8K6{LeM4LOt+i%9J34}|i> zlHBI`S}iLn-!2$O*guk!9-)q&gz2|wH@u$x4b#u<|CKj^wixb)zlc63%V!jh6*phY zP9A1z*AYW2Z&@O_egi44)Hj6WwR-iit?2yr`f0|>*4&$tgiV76hWF@&CtJ*y|y{Q(sj1dZk{4Im5jXaGlq{S^p z4oXZ9tFY@lk09@rxVA*ToKNxZR^xWnR8X(NUnza553Dv8dYM*jpv@CE?^kfqp?9PM zzi>L+Ev!CVe5#uR|NSztNdH688^?`?>rb8R2oriEQ0O7=UxFIjj5pz%w$}l4^Xx?` zX~s5=u|g0;(CDUiDtgFyO4l7V0oV@&ey|SCb@Mn4WH9p(MX)KGtgrO|UU_#o%_1wR z3oAESrP;G>_{>ug^GgZD2cd^%V9xCuH;-Vsy~!=f2@|=SNdpFVf_}d~-cc@$Q8zj| zR;TquZJ9Qrr#2PRB4|bj^6re;r7QA#V78cJVjOlI+i0F#_eQkAw`?wO7xA42(P@IK7#yvv zfphvH`IfWxtle&*R4sBB+{ba41g8K!-XvpYM=p#A6udY zUy$RC#WIaz@$o;3K)o%Gg8TAaya@w@yH*~fayPC&z@%#N*%B}o;}Vw3USHBHssJoDMoybf@smhtn@^h0 zkLw?$_;m%TAfW$~Lyz#GC%*m`QQzjL8!`2+u^}I@RfP^d#KxBh2u?Bnblvw)eVL%CVT9w^<+^td~3G42xZu+D%-JDpgGw2mc|$>U&mrB z7I2rW1BA@j-~Mnz%w&|)+Ru#gspi5uE~Ex=tv2g7P`0;OpRMWDH$5iuE|x*kNHu_@ zb-A#du!SVk+qJydlMja0Q_Na8B^gUVIzTh_J6Bj~`G5ofTQA!nMSL4-YvXe?>CFw> zI*P0|5UN{*yw{Ml?i#K}bewSTw{`}-&dd=VL(7KweyjDoS9%KoGbW-?g0LB|2k+6M z<$k9J@WQ@qZ~2$^T3r_NN&7_FRg3c|A(gl<)It%H21R5;eeJm6Xc$mVZW&>1pQ71R;zJ zn)kuRhoi0OL3uUmQ6I+&d-B@AUJR~hT|j(;NA|GNGV1fGt!Ml8}o2i+nnvyfGmo{pAE8O>~ce z!%;s&_=fnd1|T;OQDQ=%eE*8F!($Z9!|kf#4EEP&AEkMPDF*4WJlji#YeJu4Blb0F zMlWRM$LCYc+&*5Ur?NBO2vieBMl@P~4GMNyZ2S#R;7Q;=$t;+K3tLsLK;6ie{6CK( zZH25|PFo6*=7!q)1oP@+1$ub2b^NEe$Pyek!E^TWOKIO0{_bdRR`)=QZkK$;x2t_x z9E%)i1|{hJ19Bq?7wJ5f1Wq0`p#bWekPocomSBIpFV#+F1Y@UOV68zXyMFuC$4)}d zLGg!WfwJgNG+n^6Do%!XmxB?2G`o;?Fa|v%8dUK=jC!#cVA2lYsGEAl|7Cjqk4t`UI+d8o9v`~J#=?}mw10#oAICPD*Is|)HHrejtDUZ|FtF3xU=;E$nwP5r zgzF0WiK|Q-0Lqvqe!eLQBXPe71&S;?YPN&d7BFG`Uu)0hliL3oECsA#*?%!d_dYTw9w?gATesl=>vFDmo8N)i z!uy-%wyS>DmRPTfK54Qpu=rSq#~;kQAo>qNMC`2dcVd|hiq5>-%BUEhOQ2|~IGS#~ z{+#q0tGP&IdBimq1|WM2OwAK5c-6m?nQfk?e}AM=O*;~53E*xP{q{0JSJa9`S>g+U zwhO}FlZQ#2II~kW3^+i|OlLHRW~uIVYIPN{S*rb2>aeP15>Z>SK=FU8nt&6?NrioLgo; zv5-OlpzdImWGU12Q-OtA{_muLc`mqEZHx!vE2}N)-|@i7>pe!fsXhW9gW3clEP8AU zVdt+SerGApAi|}F_9s}-+{FijFke06$*HR-XE;{2epJr>ISWYP*qPr=dERTqnXl2A z(KE)FQ@Wu+Rjb}YN0y3V10|GW_y9?YZ{a~VvggOvcg_*eCRzrgVTk%qZ)z$*#FilD zx4tLb49C@j=dFzFa3|FyfRNR&w)>Siwx`poc9+RqA%rZO?|Y{3-=napeByfm+{T}Qgq$I80T#qLhnklaeJG!jI|3gEf%txEeKkbFSZShZV;J?IW z|9yax_K#J(;pB_czp++@Q9OozHe0Tc>8EqpmABqeV$lC%ddRtrw{= zt_p6K%j~)Zck!QAavNqybI{MbDXmm6r1p^8Tle1c<;q5cwo)-(B*Q|Mu{KFM-;+-t zaZ9L{@nEba(R>XW_;}}_^S5W0aOf`dL|=BcX~!Y~wEJ8Fiu?->^Csl(f3X074Tcb< zDOdEW&ss&ziGFBYMxD-cp)}{IsNipP48&b8eCrHM*A1IvXKT#gKT%Yqj%(F-WT|t9 zi><`R|6M+9(0g3%`t2RNfUtLy>#L^EuuTuJJKtlS3K$st&m8o>hEG_1XK=Qu%69el zfKNadjvXi*7bc3k0&1DIx_5Q=csjI)vl&*!xJ9X&L{R>G~z?sl8mC8dR7V6Rl3=aM-|gJfwTZKL4zT zP^PPv7_9D^Sd#-1FzI-)ix*EP-g5>=}SlCj^LZx!h;OXxM zfekCmqG4OT(b-CGVg_iG<@0>rPw!){?i9d!1p1!bVpVu-^x{GqqS0r z+nl_QOWyp}8d3r>ahOY2c_LQIlqa>dsw;#)2#>4$`OMD>4VX_-dGU4wn$2QU5pz4^ znM{!Kb5|vVLQ~?}&o3K4efeBwO8BCvxp%^VefZHBi4nhNctFjGVC0V`KwP(Lo0*V# zHtJ|BTLS8j%KYZW&Gx3~$nD}X8+z}xVlUZ`oni~d9( zREua^BoAB6TI`(Gdsh!5D4VDVJ7E96+UD~vYL^fcs5Stb-}fuBzWrQv(Zf{Cr>Be} zv9DWKoY6KVRE-ad!vj9$FE3?tCzGE(o_815I+{psV6?*|i|L5c!!ML4VdotpPxI-} z@G6l|XaaO+&DZFgluELQ*2Trd)m0ITg~4aPEu83|Kqo1aBgeEYhmSJrhq63Ekak*= za!r)(9XJ43Y2gYR?URw~aC@%N=X<34e3ktcv6kJ5DhYAlyP*%vzu#%R)2VJy$vf*n z_C{bDr!P{HsBtRHcvBhkhy z2BwS4X@*;}H~%r#BJ&@tYJT|Q@$XnAgt{KehQ#oam=^oy9xYr=5LpY3J^3MVp^w$) zLeWB{6_L#()ukO#Nul1$w2RPC>>KS#p~%hjmB!&o!%>5Ut!G8x+#mI9*>KsB+}I;r zkT{*g<#$>-DU1Yp3{KVQf+V=uzHDuZCpqq1s?X%t3B*C9Y*0?Knx2 z{oO95#4i1L5Ha({$7`0iqVt6J=k90i;m?hEt&MNlFMZ$Xw2!-2VG1HUq&~cx)ammC z;du(955&G+Fk2iKbN94=LmKV-eC0ZF-%M?EiLek()OB@-tL6XO5-;5|RX2>Ejb%RX zb%h?}WAyv|owxjWWfx~3g~3L0W{r}If}QE7V8ULt6P1#>Ua#KyI94}Tj?e5;1$d9) z|3@wMzl{{zXPrGDpix~tya*l6B6bZ2egj^3K!_W@6nr3->;bW91y*U@95QkR$a5Mf zCi3;Qr^!!9P5ER~neip&c!VgN_0VoU1&eLzY0u*1hWS&LPA{6c)muKq{$tBtr5r(9 z!xwdsSFF)ax()yFZlCUL(cRaRXT4z!H1%?P9<+%G$B}q3la3dc!J&#w=>ANWgJn*w zjpA@U#>7zAN|0AGD~{A2;$ClHVG4vIQD~q?$gq(ZaS#>>?s+A>4-c#A6um z18gTePhN`pPrmlylE_Qt0^l zY$WCbtwFc3pEH3m@pqfZAQSWNjYKiAt<=j-45kfFmRH8o)bop0KZ%;~%Oh;SB5fMk z0oc#gQnza&FxqmThO$lYC^L_tgCi_sj~cm0LH#TzubR@pZZXCDmH|+sSMg;4tQ5@W zM+#qV8hqP#ky>1)cnfv6UkIPmq*jn>%KXW@;jtK*iCrkcgV}EdzARRsZWvGs-l}SM z>Q(~Ekd5fo45wL~$clY4E-ss1w2Xi65l10ryJwWZKGrc}#4MYSjc|Nfg_VbVXijMmFFv$|1}*aP6JH*7FpD;$z>vM_z|c zJbRMD+IwX)Th-I&^CNiLDBO|V4!CIgF?vjbF|03rM>hQ%scyi04 z3G5|~x?nB%tA;UFf(D@gv(BTwl)kIs1Ag8q!xas8go;5Q1-7*z9rsID60k5Dt`jP; zNb`$5>1?Aga}xn=3vgxd8^)mQEb4MlFYY($)5!7D51sR4Wh@mQP~x+)e1l-Enez+I zr#VBANgT!5-RCQ;$}c=IDPZE$-&_-+WZ1yhYg%t~$-Rt+UJWAzdI%gb4WNz5?P8|I zcP!Wk@-~Qv=^B1Euc9Z@13`4!QPiLH_j6ayZv}|r#R!22bD2o)N*7^0aX*!|3$ks# z#dK^eMJUw0r?Tzpb@AjfQ~iGj|F{VY%Y?C}cJF?Tn5T5mMx(|(sb%!e&3e2t5S0y6 zVQN|EM$_}l5dEJGC#>yU7yn0NAkLqM_U{@42L`zI3#gey!h}RhN!J5aP}&E*{H-_7 z_#8<-P`7A?#I<*tgf6 zZ|nB-^5^+az5d~Q>eXVW-Hb!02K0|flWZtnm?VYIL=8rYJW$~+1t z@a7S)Vu+RWa4t83M%j5^<;|9Bu`ca(h#E_UFS>0(hi~B!rNvsNAz4wM8e6(m@l3KC zLH5d`e)H`wDX2m^RtwY0V@tA>9~X`qG>*Mke~wuCK(K+JOJ>)@ACYP!)zhHzD9m>wvuIBt56Id*FHhZGXY}0u z9-Lp~zPj~)T?uz!$*G?yHJ*u76?%Dg)|&V_-o7mKO%e2x_R596@t5lu9b8By9>^L> zUM|_i6;Wq2J0ZaTKK0~ytLS#gP{1@PrC$GG!5e#Wxqfcfv=mSZ{Z|%1i+WKl>xcP1 zAoDHocWoR+z5f-nDW7)vQi}h>`0A78qCr-Vf&{2ax*cXBN#fAZd@sZ2Wjm7V_aHAM zq*`sU)L=)5S^c_4rg*#RLQ&67;lsp;hM7e%FO6^Pz7F~*yJ=EpD~lPoG{r7rwHJFm zFVJGwQ1avC)dTvYjbFVd#bqSKx9>L4F6D#6C`>y?T-2_&k~mO=e@lxbU5bDtO^*il z@~(ghQU*<>Zi}bX%PL)tZz$QtEx*(lzWgoX6J4$^b{{RG9GSg~9`2ZEPBqPG7-lIE_;(V+i#tPy` zw0rfM#Jrn3xzs%ix+`zvREOveJM2oo#znPhoKjw0z5GqXT%glvX}(N~JBDI?TNvBb zIQi-;rGhV|(hGDB&yRSJR|%Yd$B5*Jp#PXJ3z}w58h|iQ;`nwT_@D%g~0z%ts9c#xB83(F1vr3a5&FW8Q+;1el772l6_ z(EJlU08BdkDJ#by7=mnShdS^)A#Xh<5*umax263Z798=4i6{-RpqhDWLN?FH);x$L z4cgo>Yl88(EZ!b3Nb*9ofDX{8U75hIQwc9L`7-~a@Eqw2Mc_O?5TmXCAM z0tyilWhxg}aYf&H$=dq{(*bS1EuRl@`5aM&8<8xc(iqM4^+(@RU9Blpe; z_l1iY?0?X(4d2T#$;mM&5{A zMXO`Qe8a`Bwv(7e`ntccnn%w#B$&bX-@WU9A7Bam!?j%^Yux-#=v$wliSOXCs95QF za~9Nu<)5uS*+zHiTtjpwy7hjHU8f{)VJFRIHZ!9-*Cx#tzc&0IuS~5zta`~J(5*nS zkpJwFzfldB1DnH0D1O=SG$|{~=QY5A^3wMd z>(29(AC<0Pks2|}1nk(C3NdqyS&SYk{Wy1RFeY&4JGbb~!v(KM)tGRtJ-M(~-lq9b z?q1P0XL0-3dPEzdr`J#ONYGhg_b+dNU)vMJu<5F zr3$`_u1Zyva!4UvOp-JsctCoNwfefoJMqJH~} z9v7f_56A@-;;~;N^%)9D+ItTgNb`lxrUKbWR2qrQA^A-RXb?z}@n;lV#FDl9V>!mB zQ4E21CiH$C#Rl@-2-q{AoWwX4J|{=miv9&j-$sJ2wX9sP1X zKRq^%zInTT;0p!G#0fB^GQ`Nr&Jb=@Lf?BBnBBX0sSmMrdy%gD9iJ-TzbmP}o52Hh z-{uvheK$UQH+l@p4Ag3cdB~DCy6$H4*|Ne~!*wYNEM>=71P2y?UWWJy5#+$xe!e5y zUncvfBmylRa%sOO&$_&$fhda~dVW_QsB$b%sO^W*^>@O{$BT=M$0>@01N z&WEjl{t@j3E5^Y>O;==G~L{*Z*O3hr4VA;Q>;ZBh>3T1$Jx@e8$(9h;jl4c%Cu8j z3Ja3RR?0>@5{+4W&eN&JqCcYc2Bu!J$h!-n4>6<|p$QEVNC`2Ei{TfWS$pH}f?~D; z&jlIAWe%DA9nX-9yBqu`6ljzvBl)Lyve`&R(kcyR4v#c5CdJeweABisZ}eS-=cz0u zzP&wV@1saX)Icm$NJ!93*@P|~L4v#nzM)$PhF^5IUs?VznC0e>fls;f+lC~fkPn{h z`fm(l?~im;j4&I1wqILSY+ROfy#2&Od|&Y5MuK@Le&{TaK~l=XBIDzRL7OAX5hDL_ zE}7QAAo@DUrMf#~N|t_1bMmgZ{o>Kxp@K3oHRGLPwEzKhM_MZ|!U>cr;w zA20Sih|wx8MK|e#HUMJyumEbK|L^6T3}?Ohx$wq?ltHf^!Yr9kBZ#NyH^tGFqm?Yz zpUk6`eSFyY9LTSlIP&4-@s2u0Kk`bXjhKScqP-Im@Ss0xB(gxF)QHFRIvp2^{#90@8Fu0P7)`EZO5GIeQRW3ga&4g_()&az(NLRGLbn=+L|UN zm;Oy-$v%^{xhvc0nnBDAucxMxUyKD-Hc5X+n+H&KDU9h?KWeDnvfZUhazBN+G-D=7 zAvH6q^v6w6a?MJ8Ym4+f(xZm$f1O=tOr$u+PeX={HcxX`2Gf%PBr`LEdOg z(ncjYESF}g8vlkei?!Ea+xNOx&5`~FzcQ-E}p34rCGQyV2RtENNwJ?i? zum5Aa*YxfW4&P&PuZ#{?t}qFwFtdE7Ei>O_|LoQ8{qOcT`s+u3F408=ectp8vf#lL zHdf4ye|8-dpHpL@hi$7(-PrIxs;;AoRK3mW?_w8XK#;^)BBGvPNK|ebI?we!goIdc zja0i`yI^kgn!zJn`{Cb~%1PI9+fGH?<#Wj2DgG?iJ2fy=GST4_ZRVwHN;360*<%Iy ze8tW=K68}cZ_e9hoUH|4F1vqwo4WJY`02}00T!PlSM-MN7^N)t4Zf$9%jdGZcTA~i7MulJiRFn_ z)W%fnO9R?;QJ)1NPm$DRbbhc{7SMSSw1CZW4{9Q_v6Vte@QH?3vI zS&uI5X#agkDe%gNF^NSA)+1aNX zw6wL2h?-p1pRUlfk#%ELo61*>8kFx}(Q$(GG%pRRrMcv6#Nn2ZQ{#M{7=^UIbW(Nc zrwPxAv6)7jMMs@FCfZLn+LXCL_mpmNNQ|*Hp^DAcR-zk5#*an=i-0E^Pj$>wJc&}l zwaDk$;M8M^S>a#hts|gc;9AQ+5?iZB*tdDWt~mqClE7i?0o11q-v;6zfEc;>%A9Mf zk3s^`f3hb%e%94iN`~ZCx_m?e*);eeMWNgi1Nnf*evrLD5y}wT1Y1!uXIdf46S zTtIU-;Hy&ICeK?PLm~dCSk=)xRj;4hV)3@8E`t2AZ3V{3L!TCft1d6~NYRU4u!{n1 z<;_twY<1&Yc^?`@>@a#(uEpz0h-90?tc(OhpD%G)79coBX=z)PLv-&acR6`P!{xn3 zlGzf{b0tkIu}g#oF4TsjX-Vmu%DlYnftSBDCO(^@iZ)XR)lC=(-#t^43v&l_SrYz` z$GGf$cW9izqKy6cMg)0>K3;e-Xo_yRby_J-z!WvHeFqu=43Nu?oGik-JeaU_6#)9U z^IGpCl^$7A_RA5&w=tUU78gV`yZm@lB)ubk22kQN?3BlK9*s}u9&P5{$5DXQ4=V(v zL(zp<4;JzfLsf&)gjWOUV)?_WM?{c;#XVp9DQOQPse<}D}OASM!fna3Jyxxn?D;~c^$Wacq8}?|qYZHNC`#%qq z6;%7ax&fOatcFr_lVV1Ea0?KO?`Y2^t9UP}K0k}K51`fQ6{cHXg)@g7S*Evew^;^kwd^aN2PO6+2WM#xBNrt| z|Dj%j6;bQRGMxZveuuq`{eM*y|6kdZMtgo6Lc{uCjbn)3u1EegEP{*EvgBsE6(GIL z+2;R-+pZ*@7f;&iL8te?&ceqj69|5HPtrHSLiEtY+)VhALyeGDL5oWI#$iK{z8jY) zL;s=D>|6ZBK&11IZWxKZNLGhFfT-aW;8@uzwE9Jd(0z=3!^DTQV7*(I=#JX<_kHD! zAF_qm=J}OVq)Ocg4%k|b@$oG%ysoB$5r6l4QEV6-QWM>SUO1%075nvw!J?7&^bLIr zZUN)liEozSF`ThL-aQEbw;~R2D3Qh25=L#Lw2}KupV(JQveePse=GO!xIdL;B zv~<;k5}hMdl6t^l3d>jLGA!)W8?8Htqou7HUc#iCKFX2_-aqIpjovR<_A302^UO%i ztMfca{^Gug+AHreIy~GrxkE7Dobw?!n;4C)ZtHj<>VD&ZIvbcjFg(rUgnp&k?!$X% zqW~%3kr~B&>#iMkcStOYsXh!o_S7R!?=1V<1M;y45Fw**rX>u!*%`GcoL}5HN4$00 z@D>vd@nt~aBp>cCr^T=;>A@juRbcAk6nq}dhvEtG+ zSu8apT+51nwxX=J$X{Vh8Ods2R3y5qn&~5s(?auZO@e?n$sabx&gX6XFr}QH!6^}s zV6)>`t3-DN>v3`N*W;Cx>v23;tSjYMoF`jYt5=62Bb@ZGaO-(ED^H282NboeR8`ciL!&_4?0jOntkFGV1y zLIn0~(qjW_#0&Gyho6bLBYG=iCUi=-CY+*5C%>0~pS$EGXuKU9nyIXXF9y!XJ90My3hHhk7 zlAWh0EtDYv-oW#=R0BIJg$Mm>_JlCCMGx8LH<2tjiMn!qDi?xV0BJ{D_j;Z$8|YYe zd+sqUw=KZi-`DGgehv}2-eD@5DRIxjIGJCoYw7`aEA@o5rnUEnSeWZnQ}UEw$Ub)k z#61TBq}!o1_mGuo&d+cKj5NMusGWBqnPu{NgTuoTcIG(sYGV&}A%)P270?>*soW+_ z+rEfa^jQzNanyHu!ap@TaPm3<*YJn@)AaZzURZq&u8t3`$v!NTIC`+wNwGmrSUxe0 zHUuZI6d=8LACAa-pw4t?Z$%>ThiUw&n8) z4h}e7j0#dbFP5u9mt!~=T6WD(i{AwI73Dv{RbUn_94-Dz@``l~*Z*k!{(-XD51k8; zAwK0U*6YW-ms0ea$tzUYs@Bh}ZQjEotd~>2lKa8SZN6@V&UniNen!|N`YVk2cLmQw z$kC(U9p|pxFfgK7w@sxbGFaxcQ;`V+Bt%{Wlb$EGeqF^;L?FEtH_d30V=tvCV5Er5 zP`!+NE^JQ<%h`UEhj4kGuV&s zgxekKP+sru8hc)=feab7=UQLB^5ja;Zou2C3573g0O@|r^Lchn&ZDw=zU)Jf2d-ZI zw?+={r09spXJ5N0Og%iPj$a^8Qh??6cRj9_B`xMI`PBJSKZX4gRJ!nR^ycD+9~$64 z#qi#bSZEr#Uhp9M|0Y5?IN2Sra|ZFV6paIF6ctrl!Cu{uG(LV)!jp2uuaExO{gtLY z#P68RW1ZcHJQ+=L=qk$>RiaRUE3t3Yt^Rxy2%DuPIzK@uvOFO0q~{pNua5k5)`w6(?qPeU#JnsE0bM12e+*Fx3QO{|A zuJ|-UY2-HH{%vb&nr{&gTGG&6sk>QYD=S1iizUZ%OQH6sckY^bgEAL~F_t=-VPkf= zvaKCNYaWk`s~|q{F-2J2A?ce|lek_3!=dwuzw;{cg;SBHmZ~k7Z;NgUTiL2b54mc@ zVpInPe^Fh0HKoXHtiseyjfY6VPsx+^w?nqbbrxkgq)D9jZ+=!;~jARyc zk1BsAvhRB%S#{v!t#X}uoSUc8Q944dhjK@C~1)e!RCX-TciB=0w4= z+FcVeMPn06dAZy@_P_+xq*Lzw>*4m#$1AL@%klcq|KTM4mjrY+r!)yGBI+j zWheeQwwE2&!>;evalmK5Wa%4>-SsLF<9NM$RW-63{D$bN0ZI$%<;amgvnMHk^u>i( z#^C;^0~hYv$#hpZX!-{&G+>{%7IS0FDMoy`xufeBv;d2Gd3*8thu2ftN*LTy7lu1_ z#4F?%%!}?5FF2fD;rj#BrH9`t4x{TzeVfW1rithF7em^;P3Z6m?hQsQmJKd{DM{_> zu9^0&V3w4@3#_zaQela8){7}$6fo6p)yIXyih1DPi{c9dA$JrvFzoaC-_21l(X~&1 z!zs#np!VY+H^ckR^XEet%LzA&w1lo?+S`Z9p#vok@0TB3I{NILElhfFS4N&omAMOEFI0sUk6ZBNyRM+KVQyt#>;5`kz}G zT;lQ^M{h+OMtaqSj!gV$a)tMV2z^?_!aR?$785N*V;NojT^oGY0c-Eq@$GJg%s;0M zC4V=#Jp|=B3=|Gqc}c5!E}~0tEf_p%ArSS02~bR|1kelqOA0GW2w!81%^`rm?+p z@6Cf@nGco74_M`CCK`O)gz~&ynSN$WnQVC^guWhLy=L&`5ERtTJk7f<)u!8+b@hTx zgj%)ASrf2j#uK?&b;wK)*{D;zI(LiMc8qTht7^9u^RkdH0C2YqO zPw!o!ZCutfZNKDXW(E`bYIMf(`kz2y7FOXRU)lA2Rq@=e%m?->pOlj17UPqYW=fUr zn3}eS4N|)mOM~Xle#@X9|mcs_(<>%($f(& zd+)ijg*J;Rpe`{y;A{eMVga)IPtnpRK;#U!^wto|lQ>o9e>&m+Wsf@o{x-x@-AlLz z|Cd?*cgOSz69G4H9hyBel;xX9(_c)uGaZ)ZlJjh<>+xByezKsL;=rjcwv4fnuQG{+ z<<_662$)$Xwmu8|I5l?7lUY@?Db>{s+mAS%G!?|)sNpgA(#yBQ-YYvx#zneHO@&=* zY33PH@|ExWtPjK+CCKX7rWL&JxtBShXwohw`r=soiz{v7CD~T8n2KgNgyaOvcBQ-U zfFCQS^D4a@eMgi7QR-KfNXv>W4a9Ng-pL9-J0(y=Z%tL@92Z9C*Wrd|KTwnDoJK*> z#YKr_ypZ`k5*4z&?ZPT3h{g@H7es*SB6VDO7US2XBC~)GBWfG$B6P>OPCI}lfa2e$ zBZgm_GqlD}XZxhMhOgXFX_02J;qSXxIe_b%rJ-=Q!_mn|$b^dAv*=T!^m? z{ajwQbOqPh6Ba@jMb;AT(rA+}O2AK1QKG(qat+Z1W^&Zr-NlGR$9%S@jfy4cXuEsJ z-*{cqO0wU?+!YngX)wt>4Ee(eOa7=X%T~U~jg-Lbb10)r2^wmsN8?QeW^S8Pwbw9} z=RE&OQC*C97vzpne_ixBHXS{!1$Rq`t9h<|w5LJ~x|>C+8T%qW!QgjIgDAz)j0TZ6 zCgin>jcG}NvVWV6FuiY{S;Wid$d5z zLL*spWxAI5l4^@aSbaIgCk7c%w)BjhQ+;of_rVb3vy!g?^s&$I7_;$t)JJ3A3fyXr z(b+!}JoSE?e1gmDgPwD#R)q129BxU;hVdR>A&z`v-EdV1ET9W*j$;AVXb6C#RPF*5lA=@qid70fEva&SU{uFk#J572e+V}GPqa=twg^KTpwGr}n<%iy55rpP3 zC@`nx6jM`}MM)^>g@ScIT49ADZ-(s$=QRASJ2 z&Qy)4m*E7NRWr$Kxd|1vxG`gdz0i>!@(zECI1VJIu6J_}fW^KVN?R$9^sG&iMmy(G z22+a9gi@dd+=TvS6J$>edN@(`y*QS3@Zd(eS;$g;0>bbd5s<4@Hd(`(?@pd7HxkQW zm@Z=0;oPHhk{&vp_$k}>^qEG@suzd&<=?hm>-L(@chS$sq+|)EoROq@IrPTLS1>K2 zulCt#Ywlp(JN2*YpUTD2yTZ~fU4Q*Pwt_wFg>DLeH(wqkEwp2SzMrYA;4^qH!}g~L zc3Euw@W4ZEC;C(y$JqO_B!u~{I`dR3Di)(GaJft3&Jd-+JptZ~zQ|unilEirI5DJ| z%|P&t9d3t%3VS{Htcn`iXkBqd5`+x*6-K!)yqwgU8MD}E=H|G&w~X_NaeAWS|I-~? z#)ES5rz=MIhF@;#Yl4ybjW&sgE%8?o&X@A!fvnijBNF^UP&~SISx<7fXP?bnqkMFlLNs|k$!*}`OMi?%7tV{Kok4CYVjSW@I~MAtCo1Oal18i zh`XhD@>67{6iClFw(k|(`T<>vl2fo_RzO|?n_y{Hw7=YaQ~^F~(;EuOjlI5v0{z2_ z)`}d(oOT}nmJoKdA{7Irby9UT``c6rrUMk>$EGi?z?hM4v8b3`nFv8TYf#lD{{V(( z>wo;CdWx*v_KU!u`FLXqqg!Ijg$gSLXp51#{>7NYY9mWe+3#!s3zwb%8i39nV3~*? z>DewtVNZ<~bY-t<2oFnR@ps`8T2M4S(!4A@@+-HN16P_%@hB9MU1Lk ziKRNd*Uh7m9$X`y0$0A;p$qypJvzR`wbJXrl%c&(!NL`{k>Ppvf{7?q{xp}B*N=S{ zwkHVLJv7xT3UbXuv!<&bBrjq{Y)vySiq}ZmE;Im5K_u2$l z=~joq>?ugECQnvePGtN(VhSkrbxC%ej#8B*Rwuir(fxd3MwqMd!Z)c*KyVfRx&d@fTKRHYPWHp9_3R2xv`Rz^U!9;t=5To_=7>6}xWzJHQ=Pb~wIPgZTFBg0Nt zF3tqT{7C|V6(=af)f{C(0JTquCm%z3AI>JcLx+kppNo!CrrZo*b9n)`K46U<jTm z0d5vK86O3X=_FNfK4tnCGjl)I?}cN`PZ;kvs6L%11FTkZp!pTN4#wQwV53TI=HXG1 zK2+3wy2;C5=YrxwZYjI2qMg)4Y1oBhrz3PbbmDU%VjbE>T+JH*_W>x3oXqYRqC(lv z_+pYEXYUVxb|WIUO?S5w-9*N|HX_j0#OEg&P>M%wAYbX$-BL};4kPxQg*_?b;}tH# zm*NzHyf>4J94R19Deb^Zf+`jChn{s_Koz&q+%v7R8C5Fp`ateAI<(ABPnRDw(f&fn zx7D!<@W|loBzz!-9#}M5H9sol!S%NmX3WNfy6r<`P#{*yhhKzVn zM8ZJ(s;bX=iB$OE^v!6Vpsvk!&6xjC{ny+-^@sf!?Jk(C;&bu8y=XfANdotKNRx5a z&Ym=Q+N(@D-#=}ePTt>9mKWnaa$-+{jDrV$fD%ZYWP;x7Cu!CIt}y~t{Ol-9?G{u3 zW(F2^bi|+8p$yuJ{S?d-&Y{EW^a5VyUci{DV~D}#hE)tczy`!D0yq1wK=?0CZ>}Ql zTQbs67m_w)h3kK8EyzO>+2<;}kcF^c^C4xvr6Gd$Go|&@)jD3nuFY?~BG5YcsZ%-4)cr;gIGZwbOGv{A>&>!!r(5W>4&5AwyTBR%V1 z^#))m4{wpDOsEiKx5K=f=Nqf+Ofg0rA0KSJaSQr=ipldR5dg8>3D73)u&>4OC31Q& zFu2?Y*fm%xVG`O13aoKNAQnEhf41deRDSCR5vpc>>(My-W0b6G&CaQk5tn&{^WheBvUAwM^T@%`A z^+`k=xd7U%akIJ71Tydn9(Pe;+WD^rEO@yz-#^$r@Teby3W+J)r6PP)Id~r^>KP0StKD^y* zTUN-$o4s=gLq$>EHHxb=<#GQzYA4=rIx*=+6}Nt@=Z)x7cVLUIOfX_loOllrl=S+@^Sm68UQ5 zoOBguNA}y>A@~tHq%NGD@xo=UK<#f~^6%-U;RXD3es*%2r8JaVywhc=UomN`yGoK9aCVQ^6D$vQ8#z$ub-K^*+Cli%7N6lpWIx z`+akB_}fWe=3fxjlwXg6{I`YD=)}cm(Za&WF5}r1N&VFw@eBkO^P(o+?-Tn*qi^@? zdQWcrvNY3gUWHAQUuwVDMYD|PhuLB_SL`+rJ2*CZTH*i$Oelr0n5a!Fww494xE2=X zy#ihPm!2x0+mf6$Jai?bM})R*;O{ER^8})>zJWD{uxp2Jx=WrygpoEWd(xf%cwSG? zckff2h-_e?BoGfhlZ$7TQI~$O(b0@8I`dJyPnAvM4qg2vKQtbboRJx+L-XT!UTO*J zq8H^-Djn=;S_qE^h-mxs9r5`e84MGIwE_hE!XvnIUaa5$RKd2MC^3Gqw@djE=**W< z4Cn6B@(U#K*2C|wskO9T8{%h84Ak`DT?a6?O$rVfWP{L;{J!CB@0Y9tRYc&i(%gZj;$H@wa2<6yIP9v=97@CcWj)I$y*_x1 zUG=r^ajrW*OG-s@(d#GI(ze9?x9{UAAVB%=S^qua-nKRp2r|(=*fYleRKaXYxr+OU zN~ZQB_h+&##SOM-hXrR&vT;~gQXN%t1g}sl+=N@X^M$oQz0X{iK$hbRW#$aNP+7LB$RG!Tvn zb)tWxg}VaNWvJsA0>(^leT9FT zn-@~@fu8)5LJ$)F6m2@07#l?dqRNnBm~Hl<6Mk=}#YTm|ZBT%T-py=hN!D$W8LA(Z z6&brGbinr&`Q=(HkyW`FIS23Xi)gA$Za~sfQ`G~~zK*^x4RAGM<>c45iwe>A zGcz;0-@mxeC&iU{R+>`CBjUZe542s*N3$}Y-TAo~5Pa_w_zwO36c>*_^NL*%1tLj3 zMP5wv5-*O6`0{3~r#3KW?6=Y`%mjmuAB#DR&}Y5(ZuKuypl3u2%gI#cO>0XIr~}O? zZk`%@cr21*G*Sd98&K}&WA^!>(N*|#A71UQMH9kLV@@eoL+!{V1&a&31hPq`Ku^ys z-Cq~90LE`840#yM1?Y5z!k=dJkyOc1+SKbFo@qA*jVIq*@OaHfZPSnbgz!6l^Z~gMkiBQ~Cg92wwy4dhPqAK~ap&#N zEHAD5TPx)WapcmHWxM&`&YSrWFT{D~W^QLGTgyS7O_WQ`11G4CY}2^N#Y z8^-G)GH9Pkqfm5>-FBM#M#2&oC`X>28fw2_k*+}_}Pu3B@bk&vJcu6c{q-@Z4loQW!iRg#okD! zz^dT$S6=6m*yHrb4d|j@*V^kDBfZl_kwt>O2HC@lqO^!oSiNYTt@A%>MhQ^5h}mB> z5cb>JA#FVbWQNccho6Peoq7)o5ePov94ag2BWcfvy1&INXRVYTD$4gTa2{#wq(${- zC+^mSzNc{3E72g!Empb!WAYv*aCG#!qu-V{ORTfqybt!Ur_rX_Xc5_MePkypDaFcw z`Hw@c8d4+94_#mjNs6(&21W2x6(>MSt?3 z_4V4SPY$UXhlVG&&~=)bQZa%U_(+2d`OFW7X|XR)C^;Pbi~8Yql-pc$fSAT;Bf1zY z2;TJseEPC^XG{^x>w51EXb`?xrKzD)A#1o)B6bpvB?ab-67|4I$u7>R%3=CVVm>1prBWk`IuJ&YeC)bHTi_HR2`ktnl&sLX1VX$>Bub zbZ4xB|LGT>1!6!49UVd;(q(TJ-};YmQ0*RT;Bk5#>(*^G<4dOAY)qc2O?S+}9)586 z`2E2@A@2fQLTsRN6d>J6D}2>Wn*)0b*C(lkTS-oFA32#7#$ zC2g!D7+!kHE^jf7j66E5h^0FbCs`GIDKZK?P?<~}QplCpJWWNqk&<=RYR_)JqDW#E z3clNfC{eyOAMbg;@~DGll#DOoE!Ff_N3Yc`_ZftX+IVl$Gm--LxiWr-6P^~VdV7- zLTy(o$n^6l6GkQtzFObutI^8kP;)lyl|ZY5D7i=Nv^h%=i*W2wt3a}*=IC`%FOB?5 z*Z2Je-X*3z>B3&ay>S8_r$FN?o`T9$VE^%d`ejP>i3rnrnh|t^8Bpm;)hi+UJQv)grHwg zOjKF+e+$p^a%NiWfbg)QQ1U|1iltTrH2auy7=?8~vG92RxFya*lOJKdsZF|O>>QqV~1rEPrfXy?+eQh85a7t zS}?gEobnPGD^U41?|-WA#pUV4T&gf5x32V_<5VXJDq?G=^^ZLwIV}I|=7QQfD>0X9 zj9qAx9aglyA|pQ6R8BJ|EuMVviXAVmp3Gk3pcj)EScb?DtBxOJE~1C#v4ux_c>KdA zgX0zDW?WvaqZRWjPui~eS6R{H%i;Sx;gI#w$l3h7VDJlX)%a0x@?KeCo?KiaEvu51 z!g{vv+U=M?gNq#03G+PV-1Y6lVXg!3&m{%+nJ_yeGn&l3ub)*VqlpWn+C<~dC&%Sv z#H7&5$N3=PB9l*MxNdag#8YN(jA@HYCLd5K+G-dEBoyS7`8R{h<@^J0ugKukeRMi2 zfuwKWJsH2rnp)f&`9APP;_0otK>^$=VD>XIiporJxE(;lpnI zTGV8Yudh|rFlFLm0lypedEJHh?Ev!&1S)1fJ$1e;-`u{*%(r?opA0hj+&*a{4aA#A zO3G50Q3hi?Cd-_tW$^_!v2eW4F`u0%3{uH$;#l&@mM7oHs)&q4l(Vvt3^2MVl)Ch* zvc!(xrXonq-7r8x66A#y4zqN(iZYbednVM;d-ro3`<(GWU9W+E}q==2raQE(mc?eetE?c5);qEg8>1;pT$m)J<Q%=+vbi-yL$$m1sjn~c{fq?{t zQNXvii-xWWJsi3V$j67T@aXY_IHs=lg=V~6 zwl)>Py=zG=Ju~skW@d6f! z!3;ebxH-;G!gs%+h&Jhc10m|$Eo*G;lKzV8YGWR3JfXmLHDE-$(Eu+dqL~~9-yR(i z46IQ7u&()iXUsY?A(0~B#^u6;;Q!S2XY(88a)j!DccD>kUh=f?WEomkWO|F#Sd>yh zdEWRJA&p@a-{rDgu6d418dU;dHiT}Fi(HFhbTBa?^-&|^6W2{g-q%PXdo1>ci5brE$$ zqgde94a`~))9Ou|o0xOq!{Fw96h{8n_v>d0`y6+RokKWusaoFo)Sh1#;QM9-`V32oQ=|SOv!MBN zpo3R8VG7K9yO(;JW1Stm93&+^rwi$>p(zkO_%P*UXLWlW={DZ2y-aSapczRoMGxn0 zy-%#I>+i7-{e8VFjnreiNPopJO}N$vHj)^AJAY`)WZ81&i53ZO(V5OYA#Jb5r~bi4 z?01f!Z1AN&ONZd(=g-{*^l!s4lYH)dt?183(TB8$GRHrxM@~O*f<2xP;tfkFZ~FT~ z-H}pqt4@&`UN7V?B1K{|a?593Oc9Dx_)>i})Nr(%Dh3BHjl-Fi)Y4G$B#`&tmhpZy z^f`nK6>~BgYA4x7?mNs~X{|-^!a+Abne-97&6jC7 z)gk3yi37(VG1{(0eIu&Ay3%?A5S|UYZ3={~M=}>V(1&zC`Pz47J}z?v4PekHbG+Z9 zalA_%ln+>U-0(cU=tq6{p(yfnA>6&npAfscRAHnR4u4ryVm<4UUUHPY2vBcXq@%ITwpTe!wOe$g~u1I_m^!NVY!l5QpDMAC2)qJ;-l5`>#da z_iujgF85 zQh+hIm@#NxI}Dq@B44SnnJlciwIiBZT`;9>n~!7e?qsdBON**z4AY2T&Zmz>L$!Sk zKK=%{L2RkvFbW*}j8i1*wUB?!TAc03uAVVtDny*CJetY{y19Ugqd94oSDE76B>5P zROm66PGc>av9AfWmeq98U5f{_@j9io+?DR?S#FCQw96oZS_LmRR7c zpjJDUAk__z=>{>soS^vrj$|GBGiA9?QJfT3)JfrQBEdXfWX>D3gS{d6Gd!P|WN%VMNNjiV`Y` z_tID(`%}6Dj|)pHhFSl-Y-M_fKAe}x3*;)8O?A?6I#dh`5jCl?%6*?xVB&RaB|Wqx zHh}QTWp_G8SIl{jq zk%uVcS}6y@kUg$@lz}ny<7$1jsQXm| z&&xPuLH@)t#*V|4Zap^TGV-)|zgubqiR=J9?cSX*?|0vIiS3Cjx>CUSn!zIiZ6*vt z78|-V4P2ZdxphYUKitgm$xSQ#brCP#7Az~s2JCmP*f>dTM-vkgw-_xmx7&!|rg#5} zuPa?RK|$5K%XM{m1A7Gr8b~0FyYh*XXdGhyhaUbnLsh%{O4eu{c8RvpPznsXAM$fq zZr$%aI(7FC*d%xv?CTC&ry7r0DQ;uB=(zZT;d?*SzG2vYkGK8$`m8YxSQi|=C%j1; z+>ycukRJsJ1}4S^J=)drimT20WLQ1RjinpV0dl!`jD70{LA2WlmL88%vJ^(fZ}hiK zLi4c(2)zc|7m_OpSKogRam_LCqC5mJx!{nDVQvfdd2%62L9S-$z|)>I1|P9$s%(|$ ztrm1z+5QZpZ60K^XU%dyQdt0joc3wOrqEMA4IqYIH}DELc}K9&Fl}`btMU#O6$JsV z6}KIJ`IMfT;%2`86sVXfV!KomuIM0rPfmdUVvO6F0SHNEaIz=}NGA=u_kyXHGMt!MwgbEExA@t-kc98WGa;- zp|KHqfQS%pA$KK5o_e?|co;1tNBCFN!!CkRt0lK}w{?as^8#w_(Rj+Kh>cv z#@ePBy3}qnx@n*u1t`~|#{z>8jS8p6#3eBlg6Y*?o9v1qth}1shhnr7uR9;S zRMBY-OjW-0R<#436WieTyX6OUa}}t=W=e1N#n`hb3K4Kt6k(P}<)~~yN+wq=kQ$p? z99e{USO}83X=7kukF8nb#MZ(#wHyR=?zr4SD=17bXL&jttLKBhRHTo1$lG*xgAE_;?O zBgp@LWq`DR%}0P=z~76YU%)!=hIt;DFi+M(D!@OV)Yc4#F4FmdNISF0!~)uOp$V)x z)XjE@!zM07Iq!q(aL9iRxFtT$5uGssq^ffoDNT}53Sd22TI$TTV_$l+{MOVDySbLL zm~pZ8T(0%OE{)%{_ruEz*oXa-b7cL7ZDlSs_DxS2k|e*o`nZ_1cw2pFG(-f(udk+6 zRuQH8xQ|_I<%62N(Exp#iE9=x!Wa|15Y|b@L9+Vc1O5r|P&6L;&g^!RcauJB4c~ZP zg0~f1W3$5h%_sYAbC{pYIOZhROfj^qbY$$u)Qw~b+tcLD-QGx}Xr9|-KQu_FyrfQL zL7fhC!ZPA&O0L+E`937ifAR-vd*$3yR7-Bu7tz(_2w1GIFX$lk8ki_F7Z%Z|8`s;L z3XG8i$rmtPsZvoMV!I|OceuqCRp@I)JACCagW1V|>oQzYeMM3dI*&e&4 zbxwkDp+?@Wv~$@FXNajHmQ9GRrPnft}7hA3-8vEpahKh`lXaS%{5pI*(V1A%Mh`m!A5R+;+uo!s z^pjZWzTJU{L|0Pptn~>&Y1VpQx;Qnp))GZw(E5zPVR#nnuA!7 z3fyi^n?~E$)Gs1=2e&~Nj^o)nSI&D?ivvBsx4jB@4ApaPc-a#h;lqmTVmMU7p2Dy) z>JJVMipm-RA3Ai?VmD~`;AOzQk@0fF2W!xJ{hr0dhJgDfJfKr|sBK(dDnK$n))Dz&*FDv;WFf{LhcImA{9)BNrm68~-@u z?WE`*Hu=_N7qH@_{R6^vi{-%;!35wt2nC=0@L^=Cm5CWDS|C|JI?gXp6N6pg*r=DF zc(oEwX1TQLzA&K-gCyz&3qde>s*<}u`b`)BJ3l`7;5DmPe76jv*alIe5gLR=uujiP zxG+6%uy~~yH`HJR1**UhW@dI$B;*16?*m;T1a95@0to#fE~Hm7Fk+EGcott24w}7R zu3nG;RTbEF8juu0gQ#q!0!j&%A&fU|lm*cjj8X$);Go6Tep`o8kYjGJ@bp2& z>e-#Qy#3kjAL)Wbp$ESS04=_h|Fm^ywRQUQ70Q<9=t)yE zrDN-Uk*);|jB9GPUj~;}FvyyMXKi!%mtskB&5wYkkwqmaJY1V9>fGlhKq*}Z>Yq+d z-y<~BS5yh5q+0Rl`M83IOi0n(Mjzh&i($$;rFjo$DD#pdy{7>+I%@GU7qz0gpP)yL z>_*s9jHgTX3;k_B0KG?DYm7gJaaIBV>s&ef;m_yhrbCeaH&)d>Ijjg_$8x{@8Rm4h zy$XekkxT?PWRD~9?oZ+El}p*>h@ByaJsu+04MI}EbTSyOM(!dCvh89%LS!|{qncsv z3!a!I{{lw+;vW71d}mf4)}~(*3GMIEJ07+ZaU9wH$?QH~;VnOsLG=PE zNof)eq7;JvR%!L7n7MgJiJBqyY3?y2*86qTfp?DmbL?#s{>-#kcO#(!5&dvk?eenL%N{{J%s#HAm%x;e*<`=WAi}>NW!ysy&q0MGcexjw zkCL{mReU^6Q*+3xr;RP!_>JwaE`Vqrx`lbn#L z*uB$R+w+?!Bm|pcDAR3hZkVm6$M!B-Jpfzis)%(z#s~YGEHI$_N=+Xo&lA zuvEsFwl?LKv&A_>*UsBlM-M!SRRnrN--K0H$5lU-%$oa_52+cG>FSb0_YP9fW2UGY zY(1CCik^HFth|@)WHyW0SrjlNzvxN2#O$>R)En{}ruY#tNP#mWX{uiuK~p&CeT|ykb3I{zKl@g!~xoZjttF zWJ`lEp~c;#z_`o2)4Xe+GfWz2ytLWeeDiXi>;12E z2}>I#AfcgzI({ZR zne|bYw8Sd$-hqYMrYtSB1&|V~!@6)SqYnT3D$ad4$iYd$c$ zTeIZXu$8mX@UVXl<%A(gc5G;xE{u&vG4toWR6#k6z` zCxFukd_*qo=jc@gtEFkrhk=4#Ajy|6^lsRX=7@-^)^F!&e|?PvDsDQmGmgefYrA zkIU*9j%%*cAiKxd19NROeP$JIW`f^kq{u`&72m{2k2veXHrUGqrlx@IPyQi2-VvzF=eQ%mDv2$jM@yWBo;aTSYqe@Ux{GB0fSXQ+9M;}WB z0h&EW2LTx_HxoCzr6ON`+O)BWj%sG(g1-QX3>?y1-qd<2|)Ze8WAJfI(a4(bnrf~hh|4|Dz zLVIoe@1nQHj}UfCW-ZPWBrk^;)Q4Yk^%Ml)Y`PGs4-mK8cFyYgy*1^7ZCtVtM1z30>y=bF^ zrn^A#f`ryJ49QB{`Kh3&OJtz!|*63GpYFm9fDD7#@6>B^njcbXwtM@)7 z5KgW?8qOxX)~J_Osx;g6DU21%N+tK-CNzTDugQcQ#Aa^Usn@69#qwbvs`5mk^Nm*c zBrM0p#gj7g`=}kS_D{7e0co@(8}bDhd53Mv*AsVbPw}tcu%?@W13QJ2a>!lc+bbBy z&*MTg^CybLAB;5-{Rqfze-ruNhE(f0?C}L}{RQ5yMnjL%J9g1$mG%f%pwbpqRaV7R zd3JpqR!1^r_YynY@EzDeEB{b{f<7pL5XO`6_fmmbehOM0YiP1s_L_y`j{y z>#YAFz1M9znC=G?9r5)Z_7~oLzwFa^_s(?V+5Y{`%IYheYvtg0fX__YS{wp`||H#b;{!eky1R=dEp=Ogz(l zy6S{|t<{4>C?KI|_Xzn&;j7e$!=Lfm89&&SYSxbcz@*M#-7s8WO9fyHu&K|+~)JlDxGjNyAy z2nTlQDjce}rD*Do;}d&e^oTAns0_dv>@rfjfw7V~A#5r#z9J!0Y7NCKgzP*lZGm62 zv(9VcTdGz7<;tl9j6o{+qlnrJ36aNnxbXxSmJ?6caAT;H|C_jIgM$tf{<(G%&5dw9j9YKFMqFo#vh3xycFeM60sZ3(qOW$!&JZ`^AgBkaRQ4iSdH*a# zy?Z*%^hv`t;`p$Kd)(FH>SP>oKY@<)HwQ}=NI%XuJC!!|I7&Zfi0B6ui87d?l}#M* zk+W9MJK`~?R+1nrh<^B~1dD&rz$n#VcKVvYs21Ch4Us1@v#O|jh=E7#U@ zK+cl%T{WwgNK@dzXasXbEZg`LxK?>v<&{n9l{F=)cQisZu>90*jg`D<#PAnLCsAJU zpuU$^NVOsNj3xdMVbn%(qsTq?ToLeG!l1I7(AeI}mu8qPn{wwiS@B|#X0EwA_}bIo za9~kB8*Eg4eJWl-3Xgi-mijbr{Kw@@tF2;_m@SqI_EE@m3bNdRRD~M|_HTx45{*0! z61h5_kO>^}sj04H78e$}mRy${V#p49SW9#k){>P=oFfKI;$_cB0TP^zv}9c!x6Udn zM?RF20!d}8wb6wRe(W|Kh)t8`1ah7~cSvu(T;))X(4QP!SI64{J2~IwHlro)-onVG z0*2|()F2D2Tb5Qq1@K}#BGn&zM6Oeru@n$CtnE*r2eREt^Moo(EVP80rkm7cmP>9y za>F6feEA&tt}K&5^WnAp%=R!ox$p{>-A~?<{L=I`eH-t#pRBt`O8i;&4()RBj?QQe zy)G+O>YR>6>S8|vOXtM?4}0Gk*3`DGEk&?lEJziwYz38~f*>`x5wK82=}nL#Ep!Ma zfsKNqfJ&2&AVn!rdQEU6L~5v^6N(`~fB+#0Atd?YF6SQh*|(hg^SeBY2l7mkl{M!a z;~npK=U8*qagT}QR^QSplrg}(R+~HTk+)wdHSzJur|&=Y;ClyKLqiYWI1zOBsR0J| z@yt8t4yEsJ415{G2j>esk}H=pzLkE!)*STYThXJunQS|ynrsi9w)PeWt3A2;@{+rN zudb3P0URnP`5z9m6DSmp|0q#P3F;rU`&ZpJ?DT5znWhsDh3K^p9+l|%WDE=5bZ#?y z(Yl>9-K4|R)DZ<~uH582;oy2%`z*4G4A~&ZJaqHrlP$k0WZK{<_1Po*`om*)9*?kY zER#CJ+tv3?UhY-G(U@b3_IJ++3Fs(A7zpNSvG$k@$VoQYLl9KoTuZfBH92SAP;fMA zOGA`xGb7=lR17Dp2*>2je$c>yWAT8th2PtPRJ^WL^Owg0RTg){AY@doEyz>_oB zf-4320dpiye)Q2J(T~1f`1xpI9P7SXL*u07mqr;*dmP`t`*4=GO+BG*rs2>{2MytQ zncGL7va0JZdPn}+cl`a(E#SMTjFu-k*Y|4({s)zX*FDk7jG>@3>X^=7QDPTI4yPcH31M6b*OMK zfY*{!lw|YM%zh1471-Rlcg{DgN4K;VPTa4vxai(qsnAx_PI=@j$Z=33u`TP&>gDnc zU8m$?avj`ue|JsF`gQih$C1N&uSYX7FVf$%4xF?(dMujv&4r`Uc1s7QzmN?<5AN{< zJkDh8mGtJ=6+6%MZRpa(622#aj^-A zI@znw5LpQ5X(QTn)7rvv{I{R2-5KEb_7YqbrkbKj9%J`6UP3-+VX43&<+@_Pz~gd; zq0g)EA;nX8K<^;YW-f0zi#GH^?@c#$ZtLcdn2r&Qc~aJDx!!_=8X0K9o6Z)SXr>%O zqMj|q`o&>2AvyU*_`@SINZ7fn9qNgul)=bXr0Ubz65=m{bh&s3m(LB=C)#&ktj_J< z`vmLeZJpJ%GFn-(K8jbENnI+!;z0;&d3iM{Lg+@WH*-s?mKuYR9`a~>fOpUpuWlZ% zIx{7?;6sb4n_Udobbrs0)m++ukv+dOzRb4I6pG8lLk z1xt(*bxROqOax=QGvaKvKUzgAI`&7K9h9ge`OBSeyoZ^Ix9*ZAj5~33IGUBSHYY0N zi7S7I?b(wTXM#js366M?E}!4llp&dA=5CwLqhcQ@m5bivFjy#O-uRWbNSN6ho!eC; zEgtoKlbXSEz&v+Cr#erQspQqIJbC7mU!|KBDl8|1)e|d!(a9H&&4;QI1*9xQDxOE( zfdAI9ri#6hKG+XFW=@~v{qlnmDlkU{xzrfngIh5^{%DRF_v>p%&we*ro#j0VlISdj zpBCqmqU3ybC4b}zj;hoAsa*6(zZ3nm@ZPzK5r^Q(V!)#~OW)voAp<8O!)Ap9`mzed zh&GSt=Z12-W#+QJ^k__+OCB2n4#~#*q1Vm|7dmEK#e}5v4{hC!eFZ9BXqMG459z<> ze{D*Y>rpetas&={H~c)l7~g?{&>Ss(UI%Z_pNHU;zRn#s3Fq#TF*Je*!AX*-<8nTl`DM2Zts_+ zCHmW?4ygP$NUq#N*H3LCl2jAj8a=!tFq(gxRk) z%O|h~H|*i`Wq{NX$^0Ua%eMv`xu+_*ldOW4A@-rg;Zf_)*6fzxj9SN$7S77;Ggcgk zNQRcoD2%OHZ>Jz`WmgSm@&FplJFipEb8s_8CYQ-OP_WlN2&BxEf+&b z_qR*M8>Ry>k%OqyQx!uRi?xM^zj;NiMcG4v`nXkdKwCWevRml*Jf&jNuWtL<%7^A$ z+~UbhqHuS-;*CswBD2BzO|T)_WQHjecoMjt{ubA}WQNP&u(*m?%pN_9OR-WmL@P*O zE5MA7cqbr+lJYfB(a+y6e=YR>*3`CzsP|S?!`c33=g3w zXZL`ukowHe%wqYFL_1%a;Ut+p#h>N&fIVsS_4#0^ z;pFJVMZ|g<)Ld<()(}o>L`YSGFwdtIA$n;%duNN(O4NjZLVt&(g)3PL+as<#d>%0uN4Gq{lGVJL!>Nk$jQU79%iNfBw&M!MMAt8GMUXaPMA;YOynH-GK}!@GR~C3Cs`zY|pKD#KDXkA4t3IlvLUczmn8xa_o( zX$9A3LC#}FnoO`1GEhUm)PLYYWK}w;0uzMQvER0IWVrY}<6C{xRxC63mFmmb?xxN? zQ#GhXvz;{)?*@OrK7ze}#oA`-$gPR?OXzEOalcS+@ESjlfdvOTT`kH9G82#imyzX9 zo4DwF{`eJZU#U|Up*M5UCqao{9?Fl%4oM(UejU#~ZmzItHqZNkYiooqB=nO>^I);b zZ$_9s_lT)}lXXpRZHjfJlIN5AotUXllj8UUlBh2x1;q2qq_fD| zSvqq;Unxe_6oF6cqZGG;V(lfyKjoUBhkOL7-?!4CpfI6uJ-?C9qJCHWBA)lUFfGI3 zlSNnC9Oj~{ma{#8ipC;RxWS=%z2rG6KgSsJg4lu%x|57jsv(0yebULUn=YaY0|f-p zK9xoCqhM!R96eX5nEeP?1)+V?E^?N%^;#*GT-5Aq_3Z+1@k5@q%{QX9q$Ge|M4Y(X zUw2F~n=;ROir1U&@_Wjlt}=N1$VXNwfc~6!F7lIF^I|b{=z$>G$(^)#`wCtee0Zrj zs#h;H1`g3^EEpW}Hd7=lMG{wx`aZ8T3qLcbpVNZz|KeR&$o(En2bz@92aQ5v(L=H* zgx_E}+>nN&0yC~=9LM!+meMS?tp{yJ6@%aEi-?P#RPjz79jrydUT;icD7Xh;%f1Z* z&<8U>`WD}Z&QPswlWpHy@n+OMWgAHhBLb8-q(Dd>gOak^Ct|c6@Bj#6JP_A$MP<>a za;aZUylWvx$7KqV6pRk=856La#eJ@Oxc$yD_S);$JL2bm>aMjccg6EDk1Lcad#SEmGO*vnCGDD*w?L_6-3hklS)2%qX@r^&`h zU-zh#_yCQ+jFjN@{I=$+KL(PfQ@YK*uP!}sN+r$0p(u+}^dp}#@MDWkSFAFu zboh@~Znwb9ZQ2E~K{ri0YGL-vuV=Lt+_a0HlGj|Rl}e7WNuWK2F^^5~HYQc*8+dPg z+KCwx_~VbUm?343Lc4)c+iUpfqXxWUm1pFq6(m(W7DHF*!Efj7!1kQMLzdU#jFB#+8{u91&=n9KxcKNeAZQ1Q9q8MJA?E+whWCm~S8L`=s^? zaWa>t78;lt5k<5C!m_T11~TV~9Zm5rLJRLjx>2DFYUG!o6`SuHW>Eat(3#2T_*@k6 zozj)}hsFBLvhW>6phBI9FBD#EG9xNP#v%wBJnuL4&RPJgX0en&ow?y>={8>IS7FZl z==W>MIyxC~4^GmC8d#6j*{CrvO!&4p!)s)-5fdGj6JVc;UkkW)=R6*4hKOE&3yj4F z8|qD04cGJeyPH}y9Th7PQcCEZ${gE*AkI2Iy!;0Z{(}z(F6`yxZQRg&w0B2Lo*L&Y zW5Zcb4#WvFyg*=JwuHxZCw0Sy#=?o!ZZ47X_4!E6Mt2h9A+^nw_0iA5Xf+hUJ*pMQW%U%BL6JeJ(sUvhR#A-_5vDfoz3+;G7$G zEMRo5i!$~~9)%RvJ12wAZdVzzX-cgYP|@V1X%kSR(;4Vjk*$W?Ksgmb_GgE=c~xaI zAc_dBF?jI0>9TXqjW6L`qH9SX>0vpI`(Cle1TTElpyD{2Cgn`FvvO53`kAf&scZ>i z&X*9rrjOxQ;_6h_ziBDg){g=EzL0H$-?lS)*rR7o+Q<$FYgI+-We%5v+*TVWz4;bK z+hvlBOtNL12GxlneKa1IvGr~R5kcTx%-IeZ4wqknc&`E_xYHL0szb)29QMSu1))8> zejSGd+D9J5ZT41Ib2Qtp7Q@3YXj$wPAQAgM)^Lo=4M*LV8b{KlbncTBRZRjU$r`Q%KLFatI@U|5>9A+3HBgf(e%QNKUpoI&i zP={(Ub>HjR^MVUO-O$V}lqLSR6?SOw+%PdD+1i)0KO&C;If-7h;8cYt$5%SC+6(M^;%A%YJ z;nr(1$rJnJj~U#rwi4T!gxRtfpWLm@^Z${S{jkU0lc$+5tE&Evg4WW^lgi`sD7LkV z&VA2D#$vPI>8o8}5jb1 zNp|bVrxkgFhNC&<4z@2RO@4}qk=Ct~pP!I0@qpj+fcstYK!cKy6g8<}<*~s_>Swd0 zfT~8C3Q1Jp)KY6tHIIJ2gnYDBn0K6C)c-VdxMnRDT`=ScO?gD0U z72+9c1tR%CtB6&cyMf0RnGn@4{|$$Pi3lzsx~9wA0q!NC)(K559x_E?i=wX{VBQMy zHm4oRO6gW&t`f3d%mk+-SulAL{IVxoDyv3v_U@6Ioz?-DTDD%oVuFaI^)$?O5SX6m zK>eO8mQ1r4b66wucg&Tb61z-52{A<`vq9FeSzplL7@0XiHp23V?+H)7rLNw4_r8Gf(?3)2->^s8IGgJTPthyN^C;ob5iJ;3 z>LdH7n=k6ymLt94UQX32flP4+3Jr6~=2^8s=&}OyeMke*g$l#aqShJQVlBFhZUPCi zFAzdH3B-AX>li|bsHPWEBE&f-H^RfiDRV>VmwZRBTp&lZM+4Qk;nm}EH)s$rlTmxz z`gL5i{CB5KwFKC^)1=4iR!-MCVG9{cKBfg~gP+=8TT16#_%`P_(g2ZSZ>#Ev01y%~ zxG6rjwly`P7@S-5z|Rj=Bf)nR9*B1RfR9^jET!i3-h6MBd8&Yr)?plxc&qx3*;u;t zjE}^xFHHTd9E+R4LAa|!$pKB!rt8aV%e>Dj*Auz?TDA@yhG~<#A>x*>L2~fdjRiw~ z@UK*$d+4GII;BO0w#`KlZxs`|C-xZg|KS<>_@#q2#^Ixu{)c7A%>myg;ZwP;3!k>U<^Loth4wV9}PBr!csdX#BKRq7@i zRAU;fQ-L{Z@l>-DPPC(hAcEh!lLdPP8fo1n>qzM47`E~fpq)wol9dQh2xw2lF!gHJ z$n{s!CLqgKFoy=`%s8T5noR2D(|laQt^M|%@$;>=8C=F+`%aj@9dqL!g3Ir-9TOIo zbJys;al#HG=r+%8d|k-BM`~uyhx2*o+*;(jn&1Y@ug9g6(~cfb(68;ZKB`kOe(4;0 zwCE&6hCP~*6XFH3hL9BCEPRJ0GuP=^2^7fI?Z(sA5z*e`4V05N6iPZ2_%*#Jh1jK& zkNO$~S4;~w^+i^vjVGU0O>@^e(n~7yn;rC~6G2HamrQ2%>MA>Y<_E)4+TxO6K|a8H z)Px>%f#RWX#pc!HstfgeR$0s*d0W%*D}5bq=RSQqIxE9O>1Ok3Cy+c;dVTH9z)b}mTU=Sf}0hP${BU!~T;E1@9psfh!>XnWXvZrS)IE2`oKAV)nu z3CMw0C}jai>5vteJ~v8=F4?~}_s#$M^I2EvODM!L&9YC!DpzWK8|Z34G~04a%Dl$h z&|iHba5;$Wq=J<=s^A;0OwSY|*dV5#37Y7yLZpL*)rv?}mL0|AEsq*S72c2aFO@T` zZHVbMY4B3JEC{`eBZV~5&;>fm;AdonO4au@ zrF!}-37kJh{Ylz>gV+WxkdbG4G14fr!Hu!U$0&;V#PoY{A4wKud5D#BDXpm?xGyQR&sc#Vb*ikPvt=(a!WI#7B5B?NIAuLDbZvWJ)*8F zgA##T&7kC=QZ;D;DJ&=EkVFvft|7xKMtbtRO?%g7y}6CVr06b!0;HI~{vtKdiSRjUM~<>6e{>X)2HZh`~l5|LYS!{c~&zCmt(|x$6?qP;(*V zCW{B9O00-zU+%PnslaIu!P~P4DHw2E+9r6m!y%Y5xLz&BTA{9w>uA(pNk+zrB6)CV zgY1cUR9ZLqY_On01M$57xTMYZc)46?jBVSVe0j#jsrh5?WwV{Dz$I>0^=73FWb={X zXx4_ilhODY|-FZ;&l<)K2iHjF28KnCD!O!K6Lv!_a0Qft0agZJ_dicJ5^{&8kIAeQZB3W|gkIV2&pc(eop z98k_AWvBboVOa=ZJe#KB3-duJYfL5s;Rht5U0n^oq_&WHgPuIcmzq>3VM%G_>tqX9 z5|lg`(2h=AUN2W>7KC`)=UUQRtJ?=HKsTu>FCUlL`O7Z8x`Mi{zhA;7xKRIhIr&eR z^Gsj?T<()Y;ycU+^|Gl)pwRI;!F;Io-db+eR7WHm)t=>KH1qVh}-D(%&r0#iG^A#y4^ye z?hduoA$ge8R^ySHASt1{tzFETwJe2I6Oidg1&XY_hMFvDq%myca*=#9ZgUC$#%3)! zMytHD{Nb-5KGv9;3fjD3L+Incy2meND}C#9iuJJgjXK-1ldk58oYi= zyajmh?8PyQ4u)pQueCu==Y!R6NU@@d7(b^W|5$PcsdK5UG;`vWT6Z1xrzj+_fsRg5 zqrQ&kc~SggvFNDm(pd`0EU%o+>u|?@ViCYb3I?#r%aRY(seXCD*$VeCaHIbyOZ;PL zek!ER(9J+d|RDsc18h*frD+3YooxB`T2H zbL)Z96#43o+yKOV`N_HmRo0=Zq70vF=bv%2VO8)Esaq;VAav0>>}li>zTEG$-_&cd zqQ!@pBawSn&Wg*i?@Xj>ZnCpSOB+5kd$7YUu3Ll$#n)hZtkDXC-&L1t7Ay%^*hFt^ z+BZQ7Bajw~_#uTl&~a}C5m2wfATS$49#Za5M?uUqZxA7fN+i%7YC~zw0@o(d$7Q1_ zV_yS0Wi#O^`r26}@sHKwZ-(}^ghUa_y9j2TjcTV=b6g$EOETlWfu;`0IJ<-^yhga~ zNwI?FY`wVabnwZhvN1=bB_vkNN(6|;t1E563Ubq(3@80I8bgE)<&B>$XOr8-Tb~ky-@3Qixle`2^UFKWs%GNNkT2qxhifINpAbs81Z$|ho`)|k4IaqMC8ovPDmOK! z6X(|~!mAt$^v588!x)*>y0?{aRctD?4VGC;v<;r`g=>HneSQKW=^>DnZLX#q3tSHj zUETIXH&akRePC8PX|=o?V@N~{$4GS&XHe?UkBN^-;q;V>Wn9fdZiqE`I;I#420DwQ zgK9EOWJ4U!c-r9;%WiEE(T>HbVxvxfa>h&{}gbt^sW> zF03}1vxQ?czxOud=2E@(8R6mneQ-y!sUx z>y9Mv>c;2J@?#5>^|Q7=aX84^1&(`_%1A`pzKtm%C#ANmXi+z^AjVY)8jzKR7KMGM<{q3zXPT+igjP%PDa=IrH%vRSHbrS%TDFcExmn&yZ8o)jA|O?YG?BLdHoR(I zQ%_$nAm(p}$a0kAq}U5QQo!s(q+*gLhY!I#O_v<^=p91&`lfUXQ;A@rwe;v_xsGSI!%7!3zC0|sfjpBBTL#QY**Xid+4}8u`V99w{%zxo{BxwAVuynY zPo?}lcOK*ZY`^4!?PAaY30RfLFk~4(=0-*wKM5d)m~K()EI-tvirt0?*xL8GY|}@w zLyqDw*{P&&3l30+X==W#q{AwKRN$iv%aBDw$UN^LBH*Bsv){iKyuES%lv76%v(UL3 z%X)^Tp?YZGn5b+MFv`i9>D7P^^`SvVH_Vt_9;QrVG0P-tF)8=JySOd#ntiB`ewvg; z=;rlVToCFERB^(a4{ubhNJ0%@DEb*ok?XI13ts78)=r^-xFC4fJxgVbcGBVZcteo; zrdh#kPtdy#n4u_rQ;jpb7++5>3q+mIqa@fpv6Clg?$$$HkTt*bsqDIsMc~8z8-f+*Hg_-!Huhv| zR(_Nx^RwVTo7$dm{&SwiVL4#XDFKD*^0mcQW4YmH#vCs)O4g^G5E209mNvGMR*%h) zf#faSH0Z=YJqxxsx+A;^v-d|s}J@f&QKBQoT(_@YM3k%m1Ji8bB;w7UlcA~k9qo3-cVNewG0q_0Xbxp;Sp)?b0E`> ztCmg*OMiABmGbC)5KXj?o5gA_Xhh&=gLq~EW0Y6j3$jhl&PS9@RW4;qR3}@q_)M|Q z9DJ{UgUH5Xwp-jt)Js)Cg8_~N@61YJojmaSu;q8|++=QA^TA0m7dnm|h4_5iW}XT> zEX7~9ZH`++RvT$El92}sHH12IG zn{@8B81agzmp}Y1ZYx&^Ya~gGQ4wr<)0q4MJQ7-CRRyJbjnJtX-gGhzJJ`ZXa}Hu8 z#8eyZK~|e79TW9pNV$Ii9;Z1jHlr5b+JMM`y(!gbmma%J0eK{9?ajA%Lwz}KrW>w@&9WrkFVm7}6%U!0^i z1r!Pvuqi-%;I&zL06AXosbf4wWT;$p@w{ zVCXCt>27f={;d>MW+|Bm|tU9dzBX^4|3c9MO#+-o~6>UVE>mpQeU; zjn9Hcw0zlCsb{T&7(+$!q2x_P<22?cM9ZNZVH*ZkDf1AxjZhHWj{36vf;(>9Vo8SI ztKoVZwV(vUSfjPPmkDA*d#Q>e+kLA!6lNVUWBu$9or-2Yvc{95_{-_4nDwC!8HqC^ z=!*|#O!CYUeyn=JsdyWyECk%dUv1l~wz}3zG=%iRf%pQHa0!Ny6gIi~R$_8fV76Kz z0T(CvX7d?7*3UY{5+8|wsi;?LHr z1b#xub_I7SD8}#hCI-UC#MTU0eS z?uiQ~Q!lAhd_^*0Ue8RFTg6-6p7iwKsG5F-nwLnG&2e|owi|#1rcGF2l`#xQusfc$ zQ<)9jjCy(U7dR;jYU$BH8w|8H%(Ymm^ezRx?5w-z@XYod<5cd3JK#yQO|2d&Xr(Tg zAxensc%qoK#K{|DA^7u-Sxq)!Av{(}*;Q{xvy5f-glTu$SCa0}m4@n*Z@UYO=f?c_ z9N?d=KzcG1`HnM;_MB^B>0JT%60F1cH;4d8e3Ze+O15CFRi`ma$H%}WAr$DgE_I5G zn&ARNHF{Op-`r8rEVnEo%5)&t8ZAKHLvDjjxhDsN)h&~Ji`N;))rgL?9s@X{w_p@~ z(ilcQIw`mEyAfL&TAjs40WQeap>d_$s zt?A0IGm)ESkSlF74?8y98ddC@mRv+8+f7oVmfx)$Aq6@?KLLlu^2>peGa<_9INE;S z6Q{h%3vM2!jwTnK%(PUc>V0&Egpg%2P;@f1bip#hSWF7L)L29a$2wS5Vxh)mYH1`` z6;$k!75+i<+SGR}|Md3fuNqVvEfH1PkV3>9N=KWL;EUeK9EN0F2^B`5U}(G#Tsv=w z5@!nAcME1Ur@ENYk=hM~R&2{8Tez>fgwi%hUHMmZ;R|vXQRRXCP9^x(&0Yoa6E*rr zmG{TJ+j8CYtKt@Ig9T!TVp(PxVhYTp5DAN$ki!c>KMQq><32SUsH$pESxa|<0AzqN zXEIzvFA?jFF)o+{>(kNS~{e6N@Hg3{qJwxZr7AzqY5NNJ8WP!Bo#5bgYd*R>c zdj+LXgRJ7C2IDfS+r^l@3LSV8h#6x6#%$vQq+ zri4X@hGLuL#1Sn^)Wjj;Tbv!`&dV&)P*nrzb|$&r3f9R3_mj#l9NZTL`Mvn(AK=mC zz|u2(NAC7)?PRhCdB1V(2OBAZt|Mcx;w+Bf#i7J;dtLXYpaHK!4L|9y|JS6Omkka- zUl5z9H4>%IgW4|vlCjGQ2t$8=k0fXylOLNbhKVyxsL2(H;pPWx2PMTYOOZDfvALTs z(#EN>TUGVbYs9|2ybihFGNU@R-G53oYmXEcd{quTu7+$kylAO=bG>J3l4fd?SjyJA zsd36E$;lsi3t7QhDhi!8(7DDUCLQ}ETy8j|#96kDtDVU%9LGn7D6QZ2Nz0h2C27rbyr`@6~7J?y9QCEP`EN1zic0w zy4QVrVo{pEdYey<&aN7_4zUX?zQJiwO=2mtlJv6kLqauKh1)J{OE|=XbLH?PD|y~7 zk72beoobS3q|@x=QfmQ>)b-Xzn9xQYY-529a(roUA|0CV6Y8T^nTH=mhzBwFS<^wM zoyjj`PJa97BqxAs!y`=WwgQK5bi3|TzsP^ACkbDUZc=*Fr{XR9NtH|=VHhezUGM;` z3B0+kR!!7YRnyi($y#yTky+(Y1v6Ao+jEf>@P-;C{!r;sMj~#O&w%%wS9@3veXH$C zsmZw}bMVmCO$_4>8ct1D;Kd=Y{ZvNjR7*IPFh=X|-|es4mDecsz%p^OfW6HCqrrnFB+i6s^h=*8nN z3v8@|i6$LrlET)wx0)BRL2pc0QpFtzwLLncgNmP{p%+hM48Ls?rhn7~i}%XWb0{X3dHt(z~kh zXY;7IJfD%~b$vXgfsr5g^Rrl}&nHzm?y+VkyWqgNHAT+upv}ciL|s_#Fsg{*ho&mK zFp9R2noA%r_rffgJ}okvPNZDuAV_50y{1xHF&M@B-J>5b|D}vJ~qn|`(rOACV`Ed#ga{>6A5IzmMM5JcM#jK(G80mx|3A}T2 zP3W7~usS6_Q(;8oJLgA_8vl~)o;$&Uh}#FdU3Nl*=DzP;^V9q11TV)cSa9IfQ)!^z0B<)E5*0*OlBywC3v424BAU!z@~+t}g_wfmExAFGoYYIOO0(+r zsrjth$$YfHS7S8vsjC_#gWg=~8!0iVWSp}zKlUlsZPQqSRmEE~E_Agm#Xvw^kr$mw=Y^1VrLVTz4bL#RB z%0AwDWCvwGwaOdLmtA(?mEfBzbKXZ4n)sF1&Uyr+6xt&I5K%TwsF}xjEvur`yTr}< z`D=O6f$UW33Q1r&Xe7m^M4?TgeRf~T$P0w%o_^6}GY%8)bB@S6PH*)l15s)7f~yHd zeeBuYGK~+Cm0u{32e8SktY;dFqHRfSZCOS8ez!N|XfI1hB^iFtsradS90k2l^($d}~j5V$&J(BR4goYqC^33fw(dD~!RE4m+CH%hz9i zUQ>ACRc6uJFEFAfD5)PlJ!1p_Qu%ZC6-D< zi&yoe zF>e(f!&z83;1h)%Am^;TQAnov@wvgd2} zckO88+;@l_e6~ULp^yC7izvrAn}*L4buHH8`)t1V%Zs(x#0H#&dyg+~c6gNM`4}7) z^C%rUl{fFVlYtJZd?YB_Kr2*#>`7eILeBHeRvEa{m{2 zvw9{r$}7gljN^$T{f17*zLV{)`ChM5+`nS`z?{65_@WVL?OWu-O_%a4tlvNbTIkZ% z;=3Nne;Hf#sevD3uIu#k&bjb3J>?NHBs|j#t+L>Vo=aPf+_Y2Rh+e;t3h=Sr7Gu-A zws}k4P<=^(y+{3ncd?Krs}_Oj86qHbTajfGzaJH|VJv(3^Y{)E=RHk|Ncqu^+PDrt_CIf!pV$f^Hfjf&7_kIg)gIMyKyuz&VR`M)%}B|Kcu1$+aJ@B1 zCuqqR@lI{rL~I3h*97?>c&{i+d1Lhcp}b86P6f^fzGd(J&#ZKMF9AT>TDV&JLJR9- zHWT!Cq!{5-(DAUN#oBCT&ac-j1=RA1>X9NvKsKk&1i926rTe5lJS>O&sOyl#$Lc2g3MCi!wiJb)v6wZb zxb)`F{k3YJEqTd4x=V&_HUXV>n0h?Snl#I ze@czC5OHE&v-7vK_o@I9-D$xT+QI|1Mj^eXT81nI4ox?%b1?VUhj{gS1* z@XtC+@0_&kz4Y%E(Pc$EhF1$EFqa1~R}(0$c>0=vfc~J{SssPXVAy<`6+kw6q+(iJ zx4QPPy6*31Yw9@j%0$_M6H{g_JAsfNElr&B>xY+?2i`JLd-MU`D-jF;$p)FN+o}G= zP_aJ}H)@B$;T`Q$dB^72)CEm>Z)hy@Xt3%i6`Jm3*lvN7 zRU+bMinxwoYl@U{BeHd~@5e$$H`R7d(jOSQy1sAV?t79F&a*@oLELh-7G4HjGH*?b zo>`xlEX|O1^0K;yVb8MSZz9+L&CIYAWW^bW7?7U=4^Bni|=JFZHA%v2Z zs&i}*Xu*C5^;T0u-^Q&YX{oTLDs)e7V}6z%j_I!ZwhtGkMp0yJ1j5DJ}!vYO1AU&Y2- zi-|+=I}Ga23G-ZIFW<-eaY)Cc=*>a{M9EU7>x)-oMJzwSI<=*;H>gWa`vV~~uIN3u z>ssHxf&dHOR2AL{{_`DGVSB>Qd#*+XHh4LoIF!&FRX?r~cI4WQ%m2qXT~A@TU_4kb z?VrOs=f0N*StPOg%9EX~>9?}?^76!gHM$m+MOFRj>+zDJP2E5H@z2a4eD>g>A+tE( z(<^_m`|zV|Y?@~;2ki`6J4gH<*Y>Y3-sZ5b_CnG}l^t-t^CEYS#LiO-9A#BMvga!7 zZ2i~o`TLge3#`bNYWJc2`2X_ryPe;i`M-0Q|IVCt&3@PC{~nV5JImPxyj`^4Nv{8A z__G`8cH{hihb@1PNV^Pgm)`z!D)2wHqFs`+OLG1mQvN#=+9f%=Bxjf8{LhHpKYVGI z;q5ZKe;C8R^%kchPwE4fm@WPp>$qcm-@I-(e zkm9dE_Bb+i{@9-VcdqW2?wuLVRQO-{OeP81` z#Qs5o{^doJ7Vi;>(Pz0I_5U|>#X249ISCTx+^vrPb_V!6bO;-&XFH#b{iyc8to$?8 zW_?~nAnh;pi2u^h|D=}C?Iv4zPR#X>TQ~nrnf;G1uoYo_-p|(UFZ(Y3Psj4p(Y>6} z@-u~t|J%w#KTghQbol3#|D=2WQZw1#Qa14CUI06*R(B2I|CAx@PX0gn=>Iho*q!{{ z$^Ro>@525r?C+Al{~P3Q7xs5ye;4+DWNy2JZ#U=vKa=zC!u~Go@525r?C+*}|G%bs z;mT((3r%=u^t#9w9}*TPQq|g+$x#IN(}dP$C(<<}xmkOpfS{mi2DM3B>7mv6Lv>*R z{j}Sl<`|UrVAUkj1yjS5r4L|oV(Kt5*8bP~V>*It*i|CIw(uIUaX=<_W>jX>xhX=# zL(!05Xb-QZh{(~bDpU%xsfA2PwGutUui;JHI?0GFqONh3!)NUKnDe-NvsWV2%$B$P zd*9}INp*MPW>0&{rAUvTjJcGMFtPHL=F*|d_6{;u_UHG1HclfWs=CQO7)iHDY&~h_-LJSGXw=v}uK4Q5|FA!Kua7 z7bZ+AH;(}=AJW0$LS18H8X>S~sQP|cVGN&i_1btodTs?TSlYJ8Jp%FCCsLAE7pX{{ zhABXRj8%Wa&dB?RM(-K?qwjIK<$v4v{d>30baF<_;c%lfNxJSGmV6ImrJde6?A=p! zUM3;+=6>Em*SrVW&PEQ;*4uySI&h|BZ?p^Z^lc*e0Plmu_lA5K=r=vL^9ttHiE;*V z3*k8ncD)PLiz6`NBJ;}jY>AP5mW<==W)0sK6ZjrH3XaHtn z`R9{Y|?%lZ!QX`bR`0z=jmV7>WOe=9%P|33Z1K??|bmCd$ zSt7W0NaUT`5`SzH$M?V?FNnk}3nj^frimzpthnt$xC6-*DPN!2OGU|onV5QJ_|<5lgB50=z8Ah?ol!(=c$ z2-XebqL3}&)MP^LJ`Oxc;eA1{?c(PVU^u_IGB|w0vA3#wc9k zLGTKub^u-u0?{Vw{T;y$j7tQww~9jufML$Vwz;68#>Yo-LG>Y#W7>nci|S0-?&HToyNK!$dNN8F5TH)D>7CQlh#h zj;ajK+PS29Dh*#xfMXc= zIL2ps6m!*NxrLvZMV|b1j{H4KB~888#OQ)f_I!0{(me2A7xuzY=IYt=<)UmuJDwEs z`x{p+qz%GzdNYYWv;gjo3WS=*)!^(dQeZdy%9z!ZR`P?>>Js zE}Uw$Vd}l&)jmJ{>s7O{SKqLeOZ~~9B2~RNmYfkqt_0TLR;nK3=hDFgr8c#r#wNzc zq=g)^Y^t)?lSBQ5g}}mkYt#D-x6<41E(Ae!gX|WGn5eO)Dc(QmZ8(oi547d3?fiW2 z*<~OThj9(p;S43JlSrd(nkr z8a4rk%b&MJXzzauXjb`w%;NyWAS&Vjd(2#<)6AoDm?+HhR;VGOKyNXi-cXq`S-(6C z-2TMcQI~-bl~DTZt{uFt%*3V1qMN3RDtp6Ol(aM)kQgE(KmQu{xf;5<%PS0hml1| zOIrN)2U6mLi9)_=6x!Tz%@L~0p*v?mCw}Qqn00!y-S^tLZHwDDAmfdOerg*H{XqA@u*CX`dB!6k{N}# zn?0ZC?;X6C^%(D%1DdXguZMMMEwFMMZ|K@_i@zVBv>yYM|4Z!O_?P;W!ZCr$(*_$) zIiumk)fjcdy`H7kwX99G>3~rLa{)E>TGnaI8Dhle(d`uO$j9Xr>R?l2#-vl==rVXG zpOtZRfpx$f-C4yFRHkG}n4_FH_EFvNnzxDqrdcDGGdd{H*+Cj}$@%_410r*)JTXj08_X1WtBx6W?);16HDrt*QvjeSvua zU$!3H&+EQI>2YD#lnT!g73d}uo{&f_mi$hs>vH#9vkcz+D!klR#H?)GZtvL7D@9iC z4b>0LV@@VVM7qLgq**l^in`d}g>3aHd)6YpTGF?}fB4}JXAenb&t=$j*mzI~EGh;sTDlRu#- z9HoH;kC z7%&%7S}}UQW40>D{hf_p!-C6Ig`u&)Qa(@guU!vm&go%#)&Vo2D7KQrL$0&aTg&;B z+%>d(>e!VEC+yGcKPQ)s4Kg64t)!~DH&5ReCDUl50mEzUtDzMR!;@vuz0q3bs3NH60}xQ(%LIR-KAz~rhx`<+|N1B@sD$ygU>tH^}gP(^|{^=Z)i=Bvo)t{t4-&b>tClD8MF7v zqX14bdT)Dx{JXJ?e-3{%9m#YlSzh>hBjRd8spICEfAP}tyQQQm>#0{!*1y#a1f-OMY`d#*rQnSiTl^9ie7WkGgV8aG zeIFY24xXA|%d7rVi7|oE@9d4<`?-K6v#2M~Xru8P$6EO3%Hd6eO@rN3xCp-&+}gkB z@~RdAwS8&qaFRb^&zBpIj6^aOpfmgvl;1Mh_xQ(3ov{N(4zTpvc%)Z=nfq@~Ni_av zb##WS{@d!nv>3|}s&HU_AxlK2G1f_?nrPDzRhg8UGSiX&vo}Wn*&9DYudH2hTf>OK z8}b+0`{47ZB1-SZxm-Ho6Ez23Oen{lv_`pMvNZ)v3|rx zyo9vvJ4-|`Cku?!;eaXQUb2QbVKwb6H?R-N%Eh-oh;GDl*_*$@nTeD4?u}`n8>zB=ARk~rIbcCjAae!MS_hsXvlSH zC}~so-=0{==%4BAgZCq)e_JnyL}v~hAzK#v0|m|7q*U?myoM^h`CBi<==v1*S8CIA zn;+8DVJ!=i-B|VxDEkCS+`8o;ef8chdlIw)w?%&-* zVX-c6{4A9heZg_TCuLL0Wk)~bDha@&>60dPNyVJK7Doc{IuHz7oAlF-;O~0^`wk%u zFF}Ab6&Xa8z=KAo--Xi^9XLlf!mGFHC3NdauUJaSkR7_+ewScplMnGfr{AiRK64jV z>oL06uV3Rm*L|vsFi%_DZl1trnd#454@sVzsN}A(Ru=pVDG_9^is8$vxT>p~zk#x+ z8Lxl$KK_!wki2&AzHV?F*b88%uMHyq?5Ga*t_+XgTMO%Hz{hbsSl11q*H$YiDt2t; z>S0gn-L-NMgfJhUr!{~J&kv+%`%L8Y`QEGUv8NnFg`i_X7j{pz$quS#dR=7PnZ2gpIOA_&wEJVN zXX{!zsD{`}Sz6=OZXwxUY5;?IB?=P@p{Hc=_Y$+3(uki9U#o$x?c(Zuk9Bu7EJfjU z;4x@)Pq;t!$=(jDdyL!@x?+X_H3fT2LnCLW7!s*ajE~U@Hpwe4H~~yU-h6b`XsqSQ z7#9tX;Bmhi3~{a$DA3|p8Jx{}m|@7v#&MDEXnqyO8^>c1Y+ApC+xA{1RYNPsDR>YJ z2(q(l%OKq}R0u&s$nL0(r(2_&GoPeC8N!hTv?iN|DmyRu#9@vNCjcj7K!X zW3QrEx;VS|0XxEfzv%b>?x#6AAA8Lj+4%iy%e^Mq3`i&d5a43wjP=K!aY?0<`~i#) zDyrxdf&rdjs3VjTsj1l*VzhS$GpZh<5LAJMhb*+*6<%7kcKyrGf$eXg;R_;*_aYM= zH1SxTMMJI;#nbeF`%XvxT(_iPl>`YN?Ilhi)diPm9SN!aDoDeRW72NAg+J1~rC@3x zQ&_1kkx)=rn|M9~)}jYoJyPxb^PVn6+BpwoX?)iLGzhtHw{%Uk@y*e|l6d^pmO{=N ziL4v%L`MxM9r%1{&)r*o_*y=SnmXN26GDt~M`n@;us&;q;)E$<)u*+#bw=7U*Z}aj zjbfd#QX;bYg1p$2-ZbXtxN<&t_4qqyyTD9a-HCeW!cGV`u%G}lW2UL@c8wJ0O}ck0 zJT=md5MqlNg^3+}^UG->({;PzTo^jASL3_(_3Dob1LTb&ef*dNB`BTHP?x{`1=a0` zZOS3)5$uX|;S0%I)x{J37b1$oidqTQUj^G_o0>w5YEg2{K`S{h>gJR$OF56S=#WHxi%0_yp9fS7KX??Y zST5-JWn&)sCT=6MLZJh|+1;dp(!2TH3srQ>IK=V(H9M~wEY2%7LKn(<^SEt{S0TOW zi7n}=FaQ?mW}f$ASSb@shdyWq@FpXpSiB)ELKZ!Q`JJxN&)Mtu>n;1|@%_t~&jJpj0(|?a^G5S>*ZhK+(qc9=s#LPA5&UN~N4#p0S zdB@ZiI--Jn(DE))of+)&(~XmP%T$sy`2|JQ*0vvD(0_^2X8)c5QkoS@}fL zg+*3DSlS7Ux><-tmA~sklNJtyHzIE(V-9j#ATXs5Ev*W_>Kz&24RUBt!$!B&(tX1Z zVLWnw3=FcHFr)H(Z9bfIN#YljevjVw{480)E#tGtJ5rbT6^O)aLFo6wy}#TrfFLeh zUmp!$WkqO}9Yju~xA%;N${nPrWKOYLd9~1*wx9sN8tNQAnjx|MAQ)2E@m_8X)?cTD z9g(*~_yLu_eH@JI3_Xp_i6&zz46~Wx)E7*W0f4)j8s#{@5x?a3H9hYn(rw^8RTE2` zZOdj6RqB}85=J|$09XzndaXM03^n4N$h!YyBP@B|q%B|D8v{ZFFV13c2Dz{^j9;mn zV~=E^%R5bsp>?Ss92~|SgMf1Kycg*7Wt@HiSHh?6OS6-F#KhDUDEe?4I*#~Hhry$+ zfyXctFNOX@hCSpsn|$XoLScPJrB!1oMUhN6_Y1mSRy9^xCWTv206VN}1t8hVx$B2; zeh|m=)^=jRb_ARb#)re$h-Y+!Z+_oH8IEa5H~(+TK|l zui~Cz`v zS|?h&OM^^4h)KRdvTjKndC&!RVH{Jjf1iPkHVVG=TwU>s72Gu^=&p}&oYZdRv(D{F z{`?twOU?L)nMMFKP5qU-KtP;LGehi1+3JtgehvGl zn%R8l=+(!pd&=`jyvoNEcwaxlu%P*hrErP|tGQ6}rX5b|QKhz9-sH5{q;s;0)%W!_ zeRA~P2>oYG5&5>7L=m#zk%st#VQoPJkIUBGhK8tBoob6N<3p9#I09f|*r!tL^kVc` z`^)eY^=YSXB;#Q=*@E7P)^BY3pt}_BGI-n$e{k(n#H$77x`oPc{RdHFujbf`S)nx# zQE%m0xa;1wu-SdYy`vEkxVo_(14ae~T}|HMZCv z^4JC?RHw2p4Mp||jB_mWrz7&3-gC+BYeaqW<|_$DlSN;_hcX*g#kYIT0SqMs0V+0d}zD zXtlqT<|nIFs8>K&{fvSGBxb>Gar8csQLZMq9jmhE5?t8uAq~o%fH&M%I9K`B*x`Ko zQcaT~L*qdQ_$y}TpSAN;V#oIase_n9`nwJouZsii zWe^`hXmlLs$!dI!zEHn1GRHAb^?rTxxV#My)4&i91|rH_^oMEIx2`n+_GNMR`gUo? z4jpz<2R>~f?*QQxAY`kDh8%Tm4W-iH(1sfLGtZ6g*b989QR4R9BT!`f)ZSzVn?>{E zPHdGK=mefhrsJqu3H4$x9_+fgz3d!n77UlUWV0J`0X+RB<}@`njy-E2u4X@;4pa>C z=jF}Ie?RDzP|CC|sO33M7Z{J>D6_B@*@6Us8%lSQ$>uP-rSo_kh#rxGZOt({rP?1q z{N)25gtPc-dGoIaTIgnxJRm1}F1+}k*+o*YtnHhS?xpbbwih?)uvAp+}y4jpY9 zVd~SkblUICA}gLqll~P#Q!KRBp$%*?i-+m6Adz2I?fy{2ZaD}K*D=i!O2tWzCI0+Q z*HSdoF%H`sj+#aT!Akme`*rIoTn*J(0c$p#Jnq5kam|A;CHQj&`aJvteOz@1;m zbynn;7>#cM0DZv2NNM1=omoBOXC*guryh6wgKb~i@V{<6W#`2V5xRem$i zjD*U*fU3xtb0^Sk)7hGyY>Z87tgcLoRQ&F1p%lVeLg@tEI8hdwFFe;UxXr|IbrVt$ zl8%1gaUFJ5gbAb|fQBumS|L8~NYi=u;=xxncGt7sOma^LAA;AceM%~h@Zt~Q8)&hc z9W*(XIg9yHz){V|*(%TDHUatP#FqdwInYXpe74ntH)4M-ws$l1qBK9D8YdxR;_0${ zz^^MRPD>Bu>DkJG*uQNl!D^8^I7!%Xr6bPMWAE18*yAf}1|RqY-_LF^o0<$E5MKGA zPK`$)c!}I6sgPCHD0-C@0Ln5z)Vz6F+;5+7j?GwFvPmk51O;%aqLZ-^gAYNqYa-VWagv$u3yik zMCHD#<|kvjBFai~$B)QI`9XmGLcO=0KP2x~b&TuY^W0a+%@1Nco}TQ01;K&ZD_Lh{ z9#yHCEjU}d2NErna^*x1aa8XXNFQ~&Tb5|UtoK4diNmBi`w^la+>M}@pJF1KOk>*L ze;0}rn3M+H>bzHj&SetWSuI}xS+_f~#Jou;RQ=IID)vu*J=#NnCvr~YzVWuvK8FL{ z+Vr;(G>+KP+nDAw^A!^a%y=Y^P`c`I_#ntb;tcq#OdB=}MtI{^8ccp$ zNJ^KwjCeNGWd;cD1(usSxcFHShP&jJ`KU`c%E8K!ygxb6XyDSsMuYYUgV5iO5DUn2o8X0zfoy4kxYG$eALMe#eH z#L1Q#A)Z)qz3i0UQgcvciMEKEkF^fG$c1@h*zZ0HLE&1yD=?B%1>u0V;>onm8`$rav4O(7DvAS9G6wH~9L z6_L%dN>jP)xDS3-G`rBI^AXcSO}=`N*4a~+P62+)B3BtXcYV+yFMgmX|IFY{M1MSv z-nL5(Rr_Pz`dcwzhI+^7q*5oU#I)oftptUm!Pqo$}**^@|9xdoLFWhLmlq+++x8Q zW7P(;m0UKifu8*l5&vXJmy#CcjS(rAve$jL2FJAL#~97*7Z+bJf+Ft?x;ZUY#C32Y z0Ud(Z+JfR4fZS&Ta2h7zA$*^qE9tL(*i#gdbRa#v~Vbj63#qZb$rY z^k5sJ*qPxM0X=cTQ%*3EKQs9Q*6+CFuP!( zE=f~Q#cGo|V+iA%P^0MO)Dl4_BY9X|M4Gc>e|QrtCH`JeQ34@&N>K+rl zI>a?vX7B+eU>(cJUGRxr;|z9-8C5T}cxE++!IkD1ZH(EXnAXBjHPV}KK?k$W&plO3 z0jbm^XDK8pW+-zNh(-X+6k>USMs_^;^PBRA$idjh=oMNSM4mNG+9XF4Et=q!9lx&_ zLNUv7(a<(Fbqz+bV=yMyIIU##ESt!m-ZV zbDs`=vUgO_oS|$#4$m30=w7dEa9SE?7Q_VCDg3)46>xwrTAx4+|G(Gh{G-ZrqBOLH zQXH+$h;QTFt&Pmy} zF>YONHR36+(aFzl{L%wsJZ^)KddPdW!g`3>q5DjN)}{3k04fQdjPjHGT(5;Y>V8x5v3j`>|! zGMH%FbK4=g#wsqIj8k}&t{gqm=B6-#ocyM&x;dtkgI5nJ^jA@vyA-8KZhp7$5}}xx z6+BfjSdox`(0G^mM(P$KG;S%X<7ZE1P}TZ&I@waV%T@i(l^mXg%v-f5qx)S&#hkyr zYh6OS@9=2O)d*o8s=cW5N1l31PquSspFwn~8tN9F0fn@4&XM$^G!s5(>{9lj>f88G zz9YW?Lr|wb^8ERBaL9|Vf*hE8L#p5mwIfrm0|s@|3XLX)3-ybrpX#?v<8_)`Q7##0 zNYnLRL$(E^iY|D2p9o3IOCizSu=sLdR50+iW=S&DO@-_s=!vW<)v@}kRM48bU>h9u z^&IF`FK=fNOdbzZ`vdKf)%eo-N))l-C-({E^5@K83mw8yRN->M+Y^)|ThHmy(elP? zR7Oyg(t)?@Kh!Pk4ki>$sL%6jK$Xe2M3-jmTsxgH^1J`C{f;vQOGUXn_%If5f8+I= zUSB1ZD)X7}P&9)el=4!{#AS-q@Sa4Lp999TBj3DK?A_3+7k9JB%TcJ$ z6!m&TQh$=!=^*GNbDee9RN3NQ4EI;n?s)T~zAaCw=BXKaIUGcc0QP8@q+QcNg~!hy zN+`D&<(}l@))x~7`OeQSoKBO^tj}k#U1_U0%>Tp;`FTjs4nJ?Kg zUFQ5kmKbhP<#Sw-a;#KF?{$o7Vg{a>%Rgv@CuS$68o;nguO+~tm>BO3%;~4c8 zuBR^76s{0QDe?jIVs`0Y=pJ7+NEdvDXgZ8hQc{vbqBhm+j@o^ftSBE{51HC9z!LZP z*DU^YuqJwh{D{{olF~!gI)rg(g0MI4Z}ITqh>C-&Ep!Bf{km z2HanYNB6fO!f0Y)9BQbbdDXG^olfY738h=6sS$_JFp^bI^ksk$yyFXr>$7jI*ALiu zmdTzUTu~>lmU%&S8K9x$q_yC&>=&XU`^{KYxM-yJ zU*Sv4hS)}*RqX3;nr--wGH=75*9@R(ey~Zfp7YCsPp&l7&gnn8k@&nd;Qqsg%h@l1 zQujWQn>3A|2F;bG2R10;mQg2u#Lkv5ni@%V7##0zGi5xQxC*Z5WlygCA3)r((GW{m ziWB}6^ykASkV4k!J;T;qF>{JSNDgmB0dIq9FBCJksj}ahjih9b8IQE~Tt5Dv?*e!# z1lS2C8^mN+bM{IMji}dXx7nY{XY;9Yv4bsyr>$G^iVqp*B;=Lu82#7LGFCqO8Rq}x z2IoLOi6VmL-SxD8m4UIAchJTTobE}nBOG$CaEjxiZ!K#pp%kG}AKpuMUZ0xf^2Jf9 z+9`aR@||!alVsMlQ?IL{zg)`-Oe@2GXAli$eQb~Ynkma1Q~Wk5uV{7g4gGJ!*JP-b za8biT+=Hwa8e#Flo(RQTKG1@G1+7!882x-oz#Y`59WPnB+eF$?h)0%*UDL$kBVtj% zp{V6VC^2r$zb$vJ6DL(XRi}BkU`k!K*Rg0hnc_FU*OEC!az;J5>^=+oMsgp0=f)a~CFTgGpAc=@Lj+jL}7>GdLh zMrdfY$mLZ7$~gmSP6%vyAFR#|+n6;WW_oMCx#$5~S0vA@xLEK|gH)r~TZ0UNp}KTP zfTsP^dKRF{cqHC(JLL9g?~VNJGRQG*sttH;U+sR-Dj8}7A0xc%;-@WmA$u{cz=iu7>~v6H(yyh zH(%XHo1lLayA589!iNn+sw|_5xX2fPL%b<`gH^DT+8HJL_e`{`s)ya&`J<;&7xFW# zh4ol8r;(*-{+hzX*^d)zZ=v^H-i0g7AG^Iv2}8`(GT0TqxmDB9ybZMwkr`f zQ&z9z>AK*)uU05MwsU=i*w^TQr`D}UDKl=;0Mv6Fg^lDWd_mQ*G31@ac(dE(OE@pJ zN8UjDl}CwJWnLnX69zVlN)YT4i-y?xv?h^|T@Oeo&kvEg6t@X$!$&P#v)f%v!ubF@ zH95CBAB1e6{p3$BO?L@BNn2!&O~V9+?L*5EXS{*Mnp_e20W6h_^#QjvK@Fk|$)NuD z{^s8-t>3!~$N5Ujy^w{~u-UPyy)5Iw{dpLyK`Wq8eT7$Ydd@|rRLU`54!UWd_>hlF z{(2Z)b`Xun(zpgO^sU}exI>K-WMUYx>%vyf&0)7B0^=edhX5Bnj!GG@fEL6MPibe? z#{HJZEGm?~)fdWHLeAN6s>JSyicRulrPgmnKOBE)JhB>Sn%jc0;J1V*cy!naRYWA= zlxqGTFDLm8@nJSjQWbIMHrQt&%h*oPd_hQzO{&ruhbN23uTbFFy*SeN%2l^?M!TyN z0ioM0YahQezjJnhQ3r33kgCLI8!u)zwhU>Jo}Ji8T8w-^yQk(qVbB5-v#k2*g00w# zsa%?JVu!cRKv5XoL5#I?1ET%vOo%47LL`b<5IP*+e+o&$>Z<@h&Q8E<5ibu?zkr_5 zXOORP$iydk2O{tg=mfj{<;DKqrY$h$*G@dgs9K!gCE+)ru~g_m1r8>B0lc=yBFpnq zBqwx=VFEM;6jnYq&6lkdeEAZB1Ug5|yv}%}F`#(43bo^RgBTU*#aX-ww}TNRucJ#D}*CSCB`G#r#k*k)7{Jy9mg2v*K3`trWPUW-wSgJnp`)F z8`P`h`R5pyQ_zc#t3V3&O5SL8DDiKdGkQIkEIi%aVzd)d85H3s8?!OYgxg6jGo-KQ zCM9&_P&=m76{;IKRk_<_4qHkM51Simpht-wYY+Qf?fkKFZMf{Ky_#s*b{}Q7Er`5( zl&JTv)658X?;%tT7Ozi+wyP;D(yl2KuFJenBN;T@fmXI}FRtr7hH}SBOb1uDt*7hs z6S9S_ANtLb*^SZMm!bfEf&f1`Kk-nkgj*8JdIA(Q0u6MKP@o{d_1KSY=c-n9Cbrz4 zm47{9sQosHB`&H;{;5Zl2PVA>Arr^2G;~w>zSL+hyUw}2MZ|KZfXT3f5ix!@VRzj_ zTpE3S79(3u0b)9``mNZF!6Cg)7t7*(^jMMc!{srHu%w32)r4Zf-5)`t`?ax3%}#82 zgPk!UO*PdoKYBGqU+xu#J8xG;MaMqDyL7!K1)4w`CB#|bUZxf@mNE2BZZyR*?m`o0 zz#v9f#@p_J0Rj+_kND+W@hNDs+$zz@#qjsbwN=SGd4FWb3Mh5`mFFk?Zq)-Fb0wv! z@zP~f;>n5M^=&-+qj^^h6`Z4$?_bTg**!C@g1lyGhmN)C2?hy+V7E4vgX4_&Q`xxl zVv%9hkL^doYW-Di8CE~ak}VOMGVd*m&yb_F7d&L(t6#NFL69OZUKZc{dh3HwWo%q6 zRKj1AA@HLvT}dEQ;*hJhI(MRRT{{@W$u+jX(`KY)Dvzr@J4o(t9{%bBE_9WWoX(rG zql;S!1Jr&vniLs|t{Sj^=F~y)E(uvqDrWBmtdd+}X^0bXg3Wfd_(x=*=#FWj#N#lH$h4RL14!KdWhvAO5 z+r~{UL18W&LJjjhP8%|n4NrcCmn=j?%2T>3SRe7%+Td$oPL&%NrRxR2871W>?RMFw zX%MLCn@K1uJ7V77 z65cZLhB{y8=QOo`TYm~J9+BO;(cFY_Gwq)~s%CjRp^?zs+Viyirg)x86cFXKuOVNe zMIl+lwB{{apM;1DTy}%xr@8Q8sb*0X#N?jsU6qRvXS&ax$Z=) zhX6n*O6pi^{ONt~oyd#V2tdVoQ(16LW1IAy-G_elNJU#tyn*a3uw$3! zl5of~Hxt#}6?u1rQ>1crpWxCW*Byroxb54M)1o~erGRQ*#!J}_vW>VctbBAOBcjsl zU5aAEXG8I=po4K&&de^OP7AzEcjA6>AHfniNzK-P!3O8A!Nx{_3REtHfq3 z+{3?pHtb1hbeh048XQzzx8ZGUBp}3$Xm{)x$7}TKn;@{O=g5?O`JWKg0)64Y_>1s^ zCg}?*>VG*OL>W6F2FIhzVh6Mz>UKc0pIN1??JI~ka4xLcx^3Hu=BenEmB-*OiCWSg|zuo$^<&qcd6U%)KMxfXos;Ge!;L8#}+j&I8o4^O;j zIi61TQMx~>eqHmSSJSZD0YsWyWJ}>Q9CP4kIN`)=p_|+8*pt3Fh#OAePob4pZIyBO zuY2*H_>K?cfp}&t;;f7DdR9}qvSRj@&q)$T_d-G`t|BY0+{F(ebz^vZy1qit9L+DJ zkDR<ImhJj>*MNVFYBZtF`-GcTPLD{P96h zp=@*{-gA)Sl9kFzTfwQq_)64hMoeS5yzI>}^C&-DD{g--Phjfhjq*9nR5pdVr{wHRvGwPNG#ZjaVEVY@@roCO! zQzi&O*WxeFT{eK$f{dzhl`yQXiG(&?lh&9vU=^3MYNPun8yLmh=@_~&hMLtf^jfn+ z^LAqC$Rc+hWu1>mImpz}iY8n&x#cXy?;7rtXUp;*DZ1 z_JQ);mv{CyYGVe40-ZWQ!_mk`dG!E|p#42knkLy;_7~2S z6J9l=BNSCzY$&5ecNLg>rEv!fAwn05=$WUW8-beknCu00|Ia_NBQ=!#pD-lrE0efY z_F?OPXE{$=PQZndxjV1gYO^`kaq|@+^-)q@RgbzQRbxMD@=3URvP%kjTM&Kd*3&ka zz~IN=zLq9GOqtL=wTy63YfP|*u9En)^pi@2_Cf~%GVY3Ud!}MDA7}plRBP*bnX76C zXqNQqxvvFPyIT-QO@{s9#Thi>#{>c6cj%NQZ)qCT!Feb<*Gn1=3$X~oC3Ay`dED7d zu3?5^-?rqY?v_dX1zg`~(;Lr&Gl9Y{)U-3Ko%nLBWVzruJ|+Exj!4lSOSvkudmLn| zaBrqJ#1HS)mGlVdQoo=n8a*=$i`kiHJw4#FBQR!N0L-`(y4L7?2S2N>O`hr~6G0Cv z6+11AfMm|~#aH6yh5q)j5?I_}O5kVWzus!0`_{G@eqIyT<(=j1UGcHdsd3Ro=)3wT zy7=9siaING?j*-41g2|}*S*OqLkOk_?W`_)A+p*P3i58Bl-F1^TA z+jL4O303PEkB?p&5ek#Kt{=Tjo)NhMN9c_-M7u^H10M={Y-#XLcfNxx9TDNJkjP}` zjpJIrCE*C|)SiM`ARX%kxx;W2Q~~)QC3hGUc(4|a`YQ6*%(tr;-L5w8>1ilGIz%Tb zN7reUyfgE=@X#RrH|vUmljsV}xzozHW@GIrB%5C0jZ}Y-@dr)Y0gtPxPu5Z34kf5e zhb`a@PE2d@L2$ZVQ5u1D>(G?Hhd!C`Kb$9V4{ts$(P~A!o~$UbbqZpF2l=q;^Ek z@^e+<_E}I}Dw1z|O}?;X8BlyGomv+|k)|?4BPEaFpk)VZ&Rx3QC36V6?JE!{UXJJ_GIi z0$0!PI#1>~%Y4it2lQ^xD}dnB_rr`j0R7j;ch?7*lmY5o$zbYCa^5wH^PP(1AKSsQ zGkxJ@C)!U?ysLJpPhrU-QqKl@@aK67Wokdm=-n?A(qRDN1ut8BEou`Teyj2Kf&pn& zOnsul;A9wJXF=-o8ZoDWBJGc4UV|0<5gxl)tp*}vAu^jb_8ZUZVrmxiXW!1ytLi_&6m05yyAx_YhNCDDRN)jV#Vuy3d~t=c`6!PgcQtPElki+Q z7IuQ#_4p?=8f4gRO9?WS3D}@=5e!=E7$w9F+UgcD=e9EfUEm!b;>AiiUk{63^iE26 z+{$~YeV6Ogk-;bU(3xW9JU-K>)s#7%jsGX5QHA>bV};{E;#>U32@s)4-jd z5ICp0DKcj4uxJ%qthz59!?(ai>^HAavwtsOBkSh+|;PlAR+pZdts%-r&;=qKBppC40z5wRy!Pc#IHI{vMa<-Q7XM?YD9LIEY+N645x$j~T({}KO^endS!I5!2F6hq3U6lr58n1ckPjya!Y}nWb6pvz1LaA4sn?`?j3;zL; zV**a5Vlu}N4;S0pq@#D2xFXZ{MW5XY9NqcW!ff{mfV$*Q)dh!3$h7CC=p+NtV;6j& zO>Xh--qpqbkTtU)%d*@LGV7LCVEnuoJ%YF>q|T4!Zp1VjHs%^TTyW|_BHrw<@^r{p z3C>4!5%-p|S#f3ZolCF}@~YOwDke=WFO+4QYU;tFN5FfNNR}V(lSqo%k1V$) zEi6BrURJ@mCTN}qHMAc`s`69l>NtGOw_ro#(fv9r#4Rcg{~8d7LBHiQhzX@}N3S)Y z&OP0^E$A9YWtQmV#43_*3-U3sxA47}Ot>)?r~@D4PKePaevynGAE!jNhy-$n?gN$k zx95#VR8MEN*n*!-Z%?dJE^Ff?6q?#(k4}%V`FS+u3I8yTe5IA-dbGr{%VLR;BcGBe z<`*4z&CloCeSRuW%)7b~tjo>o7Q^8}U zZ|6N~C2UynFxh^8Cm5h&mFmWF9`nth+dnSbkC*d*)%p&Xab@932oe|^EngP))7n&B zWQ`@`Z!H_ofJ->52DK=Ft?-*&jiV50Rlg|K>TK0Zw z*gK0X@d-r8`?v=Oj(C%03SD!YM*JZbY9|bT?7tg)1^YeACisF$iH+!OSW9fgfnnPa z?1?ppAnfs1?aq^LkB40A_=^ z1Kq^z=ks~-tZD@wE3TTy@xD~{mgEf4T0_0*l~lFfWPhEK5J_nS?l%W=?-l!B2NvDE z&X82?pN3T94ZsJWhX~?FCa&A|E|^h^8*#f61ElBs)4Tq${8|6={sYy0SpGXM{;$7p zKh_M}Ew#z$(w6wg@Ar?>#*h7vmj-6~@2uW&QQzY+H3k8UiqaeW4q`g8r125;=z9Y{ ze@}ESUgmF#GK8IrqSb@6lQJm?K}-HLnfQxK@lq3TLKVnfXPD=RI{$9=s5I*95RsVp zy6s$AB__>jj_;%0v}!iURqP6{`s_%NkhgoHBK{)?emY~zlE|4u0)WrX;>dj9y9M^f z*lFji%@kQ1$oN|>zIHyN2QxNtu|yb;)QQLsLtFyucPwWrqzDY695oEmYaIgT(J~=wX1!uxxJ4q5OtUefYRYP(oRUG0$FhnGxwWcdp2K zvA|>8N8B~;^UBDMKFVERt#hV7!|B<-RMRXmsK!mn7eO$=xL3MRz7V zxMBGz(DYdM*S$#?Gy>0yc8e}?dyiOBKIK%BFK+lQ zi5E1}k9rg`ebvncxr2dM^k5*lArdN*Th(YrO;QS%`}-CB`G=4ur>g5t3)^!WLY;iC z5gk7CTEgXz?-6TwDpfp~y%ZcgFjL-oYZ{8Xhw_aul6iZmgC6UpZtpZ-6n~p~x_3uz zEP3L^$4JJV9&qqQKEDac=)WOaS%?X1sCG7ge^+uW@dT>tJngQO0Fvvv`RK&=m4%b2 z!E_^dT${9I71N$tpY9Yh%mQ)cd}9fNbhP4F`jwtxeRN$Qc}X@n99`tzWdZz?hK+ z$+Mu%iOE-n2eyEl8cRAnbk)}@RFuH{mw}^k4~n~>A$x9@V6;N3XcfljtmseheWF>g z1)lLClTt1?nHRaSz35|7xlw`ea>f>z%J)>)=vRMt*}MV@+?Z5fxCqL^NzLH%snxSl zQxKq6to8-!FA)oZ?IL^zxPs?rc%+T3H!mcV8+3&uUOXEmn#Djc?*(S0)$ruHs0^bvUpLwTP72JQdMf zCMO=+j^vD(<*A@cJzPFnL!Clv)DjGH#2h$!w3+HHq}sg})7j)JTB{WzQeLq&B70#( zUyRSndH8t3s}354!vsx3f&rTo@FUnnCy*QrS*JTL0WZ2AyU}1X2x(rVLLPblAnn(O|F2tB0;z;_S2TW? zvY&5ua{V7hHRTLwbdfL##GjLZ2tJFbt{`^g!MtP+p87)JfeE{t z5=QLSovC}f__N|fC*nE4$NXC^{xN$ckZO|Cyx)P1alm!dGc&IEc0`JU8tdcNA0EY( zi2#+C!sLj(@N__-Q~B57AQ?-9qEiF9W(-)MPh?-1UXT3c+Xz(u>0DfCsvW?P^o_YruIwB;Sv8&+`FGrH4Umy; zRD7)BeCJtCtB7=NbOpy(RS|A7xkXg3Md6@OK|C6904-gkZf8Z8T7FPqd zyP<08_~OL5(=X1w7(1vqI#l^IaNH>YDL)2jduDO)IVY#Aui*YJA+|C(2v?olYWZ6@ zwCn1|WBfDE6G@$yrBV)@Z>_^tQ3}E-(x=@O&zq*4{flT?F%^V*SVIiFClLqngYe!; zt4$sl*Rb65(BVO}JT~`k7hlrcH+WIhup@LCR{Ocu!wwU3LC7|%R5mZ@R$kor53`># ziH#524?C0{K2min!&L}z#QF9CC6kf0R7LZ44M@sge>`^k`s!Hn_D0>aUQ;Qm#N8LT zbdm*KFD%0-GcRcT0bJ;Gx&om5J239$qMGOhAIwKf?GUt5LSHj|%*>WY0G?O1F3C*N z^B&4se^>l{R9sq9c0$$E{`jZw5K)VcZJ8|Ub>aaNThQT#Gp1QdC+_B)^|s15b2`&K zmhv}j^4L2}&xaX583%QG-Q>_=(T5$V?`DYN7`qbt_0XI@NFdHJ;BcCIw^y1>srK@e%j=WtRoTjJ>Vw+hbtqyP_2?NN{*PPQO_Vqy}@6O`C z-^6~w*|!G_-8fgD?4hseb*sedX<5KD>M!H;^HO7O5C0~vS@%)5d&*uf?s!sObdvIt zzX2JibbAxe0Z9(k0~Jc&^Rj;|si-lQ%7hP|PtqbBRnhpIDLGKh0Z9F7FQ-KW+;w>S z+%?N@nCr*2d$?F>{Kp5RM``K9Kf7aGSNxzVCbtXyio(**BpE_}8C9PYP5Jv$rm%VV z;$VU7k)bME-Jb(Ltw~mIhQ0}@Vxz=YHFmbz|FXHUJh}@82t7>GUbMU|`&aCq9uU-2 zJV2@+fpL>a{ zi_rJ86R6Lq8Pp#_yKxz7|NQ6+f=;x+)_u@we%MUC}RWbc0&F7~muurr_24cjb!AqcY96^;5` z31D+gS5S6Y3n@>xI2gbgPG_yqMO5;$;<1Kf7WX8~TVJVatZr8dnPV$E8jR*8d0p&Q z%x$~x`?zuGg&OGL_h*ixa}I4jH#fh4mrGR8f5&|-bRbR9IYMJIgPArs|D|s~H}`DV z_kDzmmoGV{zc>;3{aWSDHt^)0_glL&R=f8SzQvl1Fw+S*ur3W*WRmAvWHoioHO-oj zR5N?u6U7sr2?LabwA7{!*bSZ&Iw^IP+1AV0NKzh6t9vi#e2iC-%Y>(B!Vd;_I5GR8D2^a%(pQZ7OS=OAi)SHam;F=4-!cJmhb!OR zzcGICK{fA8g5%YY`FBgzb)^TiWKGFgPaddECKOxd)H&8@4CS;8D7=3z)xJ0P7KPkM zll&{G*z&nuN%~o#^V`^y{9TAVI(1m?c73gC+=XNg5W3=!b@DGF?>$EW$@H#`%GvQ~ zOYALcYI z4o$O;x_4U0oX8%Yc@ zM*SS8cC;{cv(hzTX7-&g3{lUhT2173;%tz$ob~!&BkM^$a96DljULGU5GkrOu<@&p zr05enG~9&!JXxz!9h$yM@xvn|zXP5;!XT@ri$>!mW&?#Y^7v4Cuc9^AQ4Z*!ZlD z87-R1gzFheL%K~um8&WF9x-#Wiu7!6VN%Ji!7a+mF$?yXUAT~6j3!ro@g9YPvPnho z{Pr*)q_+2g`q-6UJ(h_jzzonkahPw0@7rDh&PY~bg-F$Yq;JHik*4z$q$qT)zlVN# zm}u0Bgn4P2yB(l9c61-O-o^~>q_v%MC#%IzCdpzlrk?3&zN<)1!+ z$)&V-?#kDGQY({)y|kAl*Gl1#kUB*YM;(4qsrZX1CrOYiI5QCCeoj5PIJ{R>wqfd8 zPC6nLnEa~oU^WCVaOB(AzdGD$p9g=i^*y@&^J7x+9&J*w+p~_t@I0DoCX=Kjq>*YE z&-G^{RP&)=bDNdn#-vEp*q08t80WZTht!VWrVF%_4a+Z>o9)BHQy0xOTKeAT^`3uS z0O_u#V%@7xQKe7-XIh--&E-nUhbf$jHF4sb+m@V>R#SFAd&O-CX)(Ct*VCLCZkHF2(3@auon}nssSJAyUst$}Nm3btBYhq$&h5(*YbeDSM&vXS zKCPu04XX4v%t2u?Qn`prGD0$)_Nm`h^;soJk6}p~$M9j>| z&uhWM1l-+<10_{vO>u$p3cR?BZ5136NiaUY$48fEfeRb(1f0pr5+h&O1x54v2S@X) zWq*4U>Rzf;ioZI#bCKQk%Y;|3*~hi{uxPoGfHWl*PN$43`e*aKw@yvfa?a><57#kA zA7`o=M&*Hylr459k*kU?A>_WBo9yRBG#mcZ?JL(sQ1{&;Jl5XSBMT2RHghYz*%V4o zF7EmsOrECkRJ~a5aG);$^Y;XaXv~24>_c>HcO)EUvC_JFwS0SDz7z@$59}jwv;*Dm z2nC5&F4tcDf|n3l^<7qht+F@bc?uK?_>&-u%w}2<7pe}l(!`dg2DWO?A|AR3#JfA( zRm+y`%Ac9m5)Zo_b~ENMBI68YYVB(Lokl+~}v`h#%JAEP4C2U-@vdidj&w>lldGZS?Ci-e1K3>#lM!h6O4Y zZ1^lImR}HCxfwgoU%)wS&E>A12J6zn?fM?ItXWq=7(eDz4vOR=@4}O@b3Nz5Pf%yK z3qn+oQ@!UO+BON+A{!Cz{AKL0Ao~l-ixAO zKgeYY`p>^8W+dd^l-cPQSw_-tFs#~2ibvW$dqV{bGRRIhRJNljY^_?@jxfS*&(C`| zJXvMKKp_B6OnvVnolB6j1Pzy@{vSu>0geA`g3sQgB%#-EA4o`WU1?ouOG)|~fn!VI zKMyU@=2PUy=Epwp$tEbP8D)&82mf!l@PDF3M@=%G=0r9DWah^UKx*o4Ml_45sp;?H zzUEFgdSGNZr51AZCEO`9?!A+GTKHmNAQ>GM?+;%)^h$NuCBP(93CsDK;)c%TzI2+Y zfuP^8xYlu}NhIO-px@4F82y(gi0!{?mYn^;xS5rJ=z2rG(sLT}C3rFrWPRSPAdU|hz)caZ z=-i$bc17e@!sYTX+8LGq8~hIl(Narj({vjp7;JD?KRr zp*oVhjyj2oCIe6rnChZw>xi*F!JJVXfOx7|9qp{p9TDJa`5`C4K;vPO!!4?1N8ENa ztClI<$Tq_^8?Aj$G|p$&OW?B> zmzQ@iX0a)3T-N1+emY?c|L3s|A%HPfvcAvi1m=3Vh(hYdz5Jg3c12dooI^24 z_j*H9;*xZS5fjrce`nLA;(#XzJsTk`a&0)z`;9%nS-gB(vD@3uX>j$)fJ#q*9twk7 zGQ1UX_p0LVZ&6$a-K)oBhWA=I#h$`Icw+sXi%;u&*+3O^^5V&A=D4IpCR=}B14r0; zs@yq0*KGGsJX@G}U4&H6D~Cm5W~qeyM#k-jx} zTyY0V*&sd5{qD58voy|}p>9c18Ec8l+}Tf@>Prz9ce9sHiE^}qDu)GS4krt5WJWtc z0*DF#CdM~{WPvc!*!$5h`4UQXrY^T%yeF<8&I~ADcXw;? zNf^N_yl5C;mbR)y=-_9}y91ymZ*9f?&Os{YrL`7@>`{B!<1n;9x@}5TcQpy>?b1|q zlxgouawj^|-kt9PyrSQ352r8DJyMW}_HLeb>T%=CZ8I|dQOVwAnEV_m)u0?spCJPeE@6`7GY+_|M z&wt=t*^r^4dKJV-K8*_|0H-;HW_U`ohs&r=RxiUTSDeb7K5vdfJca#YL8#SiW)<6l zTtfQ+)*uC`edK-q4s?XnMz8JTps;15BrMjRMr8N_9w(alOnTskDf&({ehepLp2tX(_q+aT+53_Ww7K7{n2| zOG+$;waANY{uL>{|Hi~XsiTJ};rx8#@(#mUd9m9gwlOh5Z1n)2Dt5f<^mv&0?vJ#W zVB*L<8osRNOmuqH*{u`mQ4h%^v;ly{`Gb=akFD8Tb9%X z6RMWH4Npt`T{S?tYfh;2;{h1Z3yI!uc6<=c){M+MfNOkup*4t!XPY6>_2PP>r+l$$ zT~NNgG2WHLTm++4nb5k8s2Qpk!s;^!@3CtRQ7lx-usAjX=QMBBCvvSd3!`$|_!3b; zxzH36oVpS`PCOts<+pGN42Uz`?hH>i8;ryoa5I`fm`=$gsEVVq$!;e26+2ip(|xtT zeWd%P6nUs}lE(Ek8U0;nGi-cwjtG3q{X;e0FwrjgoQbUE}|C~IymKe8ux9Foa&H=i#bGKd~S_73!%u0y4Tj>3qn1&AXCg>i>g%2kK!>3=8h$s0P!O3^=Fabrr{6a|AHVsRBm3KKcqqGj z#DKz;F8!xpi{YUK236h{aN28dDF%*E6~NWbTTH@YHFSxJssdb3`7~J$b%^*Cy8#V; zMTJjy8jdO?;`h|g;X-Y{irkKh0aQ zrg>;1P>{>~G_Hy3DSHkGCwtU|gbL>>q!j(`xlpTF9l~4hp>&z99%P0?ifH|;uexW= zOTL@{iJVT1e$6DTSLIS-_9qz1)Lz9+Wv{6&^Wsk_00`Us9?Zyo6i1d$+|A~k!Pi_N zknqoR`cV@+Y0nthL~xAe2%C#tFgE7653+Q8kGK&Q3clYU%DA)j?6S4t-!o@pg8TcpBv%k(Q@?yMV3N)O@BsrV-EM8 z#i78bXW1N-zo!iY>~}*75nDyA$du#N5`WF>Mg_x_@K8hC{BBoB%?;+eyUo!bl8w*~ z8@*D~KM$oq>30jp8Pwdx!yC#kh4!@Z56uuNQ=s)tHreAXbw%F-w)HeNE83!>^L79B z<=?)P(twZ7?=iiO@xHsK;qut;U4GjgkgVdpu3B=fCNWrF+N)2URdvppP_QU$v=tAn-#y>_t>|Q6JG510nDY z0~ELP`FtU48|=)R-0}pQvqzPbTwkmO)@nU3@xu(|y_jJ?J(r6^m;;B(yQ-^n9`3IX zht5r(J>-oIqJHx$vvUIi#=OP^Q@s$k-_N#oN}tN%wNA{oQ>++!0(^#Ir(&=+PUE$a zdv5qDqGR(6c%X_?)EV&MbbJzDkF@E(WmQM|v9Bo`*WU8Iv&OF|46|IW>dYTy#HYOh*$R___ z)yEme;%c1~q8+3O2R?hnJ%r!{gD6F_`8thz7&J2;H3Ug9B=G)b^XJRgCfgP-Xl}Em zm6DVYGH6cSX-iT0{7{|#1z%h>-+H4b{_EhQl9MC)+A`q$Sz!Fj!e7z&iZdC8j?f>&>IOqv@v!gvrxm^7`zCvR7}|YIo{K zq!|hi)71_nsahWWoKw4=x#b@A8PKqzD#8GT;7`IsETi(>f7tRbes0{O-UvM%A^7=( z3WvBau`@^5J7X5elWeZngv3W2guXybMlpWrJ2-c*NZ#9yvmADT@I=LDUc~RW1@%^p zs4_A3;ZAgFis)Ogwdr41z6j63T$wl`j%JSiUR}^EoRUeSm=O;LHHli+(_~c$jiP9k z#b9qSpZdeUOnFvOD0K#*Y;&Z%N{ zyw+zE#SsXaU$}(Zb=yWp?0@t#IG31QpkJ<16rar;>m+_Cy|j9tu?aBRgtPyUL-J0) zQv`rQ2#nQ-y;D@x*itZ~s=~%9phHQJ;Gi6CbiKij`{LwMfG-+TJKzfGCJo?B*Af?+ zyZKfqCL`y1tEu)spTd+(%O8N7`&d?99QW)xhHQ)rynTw9_P*-6dVC400u3fxQ6;HG;1NWM};F6|>|CUgtx<90^ zA)wEDI)g_=i01{RWS>Fc5bZ_MlxxwQ143Z^oD>XlZ%5ock>Se=M(HJf^_lN+tLW5s zAw}{gX{Lq4=?t;r8AR-&&316}`KCyr#G2WwR$Z7>{U5~dK5SU2ztC>=i%OWQclebr zCL3xmfwcOk#$SncsRB%p*~;>2;7=S6dj9l{qV4d{CGE}gUTw3Q*OAN+wYQs?4%n>5 zOU`$p9R3--asnF@^C4AIuZvwf8+aJmaeGI8m^Oz@DOZ9GMwcFFpn?gwQ=*$t6(M7E zRBLiYig1iDe{k==x3vG&oA}SYUJ}>Hv^uf{>ec@j+v5NAf)3sFbTTb;F^MYgGBDzI zRmV?$(Q6MqU{vQLXLX>VI6D+A5Cb9oFrP~6tc=dm4(`R@MI)CbDA2syB7R&Dd+bNH zks<&}V*5rW=g5cEjl>2rt)TlyQ1fNQdR-adJj!UExT0eE@Zk&l9y!a%OGTY_UG>>W zs!;Ixw`*-bGo7z&VWyMgh3wnDRQdT+y@3t38Q;pK3h8ZbMo>vxhzZv4M9pnF^jd=d z0ONQmFc)`Ux)#R?w|fW*nlRqcS!?=dY&5F04=A^BQqh;j?(MCs=BJ(JtddOmJh`)^ zyd#3aM9yT^a;uorpxL-Pf;B^yv1uRU4@@j2;FRU(#$L*dJr)$!(&>6?v_+}UaKttf z9)b8?wylqQ4I5H9pNp!L0;&c6{yEH2LQXH-fJr|Sy3VytnQ(a|4##F-0tCbebmG5yTooluq4C5J=;FN|$8|bh5_(qEF@EvPz zl`AtazKN)}De|mGM1XxUCL!ukJUXEV^@+pbvhYgkwvy=(+EGtS zQL(?Yx}G4yvKgvwOd2;!6Rux)Ycn#f8dJQdOa*LJ9a1)k=gXqlZaf4WCg_a8^-?#P zgPPxN+|CTM$J?hC54qGDh^ZbhRxgMo73=y(X5t&dpNBp=0E?&mX>h$Z-;O6^%|K(*ooP``YRz zCoA!1>TBkFW*I?MeOiDV0Diy2L}3lPxxb14=0kBEFADDb0@N}XzPJy~elPehY20}& zcql!VT!Wd>O)IEIjilYJwScZbI<&*Np?dTo;$k^PlK|F%o z{7E>>P#$n^S1CwwmNf3^EONj53nD^_iLnhg80M#3k9OixpUvkf#VF~j8*AQ9FLom) zqHCk8idx}>Vic)T;o_V_p>6$;fA;ee%jMyq2=EsyNBgoCjOIEIEu;D*EPQyjIf?x7 zO2ic*j9cCKD&~?*Jx#0KnW2Ug;;23=F}`0yO1}5|vjuI<3fQq}!&g@;Q>(Vo$#VZ6 z&ff}@oEDPZ%jD5dOft;aFGzQJn)WpR=j2Zs5_s*jwY3xX2bwh1=-vZDO0k>90FyMI zhU_deFMDIPPpa}l9+BbAJ(*LgKn@D(1%rr8{7yNRTR98n z3E4bS2Z|=MXYSJ!K zJ!RiE$NG2R$CXFnhRI*K#(9&^7nim|a-f7ip-ol8sE3X3^aGWPnx^i$RJWB?w}TOv z;Hp4rNTZnro4P=Lu9ii=uV%xSwR9JgaA@WI4xT$-$|`?F<<{i2NT%Z3)w`bHDj81% zFj_%4nJr6wrA_>{OY;eKRCS0GH%LF&`is%d)dX)7u(^feUF-%+pbwg7{v>=5l+gYy z8y^ZgSJ)5aeR05K)q{T>oY=3xEmAIEgoZZPS`g?zHyxq9P;|$_COcYIi3{cJ5JtePCb3uh zx3x4HB}cq#u*DpK_yt1^NZkV@2?Uo^T!mjzRBCTPeO;S_c4;yFt?K^y@SH)-s8#R1 zS?vFd}Q+5I@9Eiy8*9yBvX6WPJbq?!**n7n(LoH z6yxiL8Uwb>6+LASWWu}-SqL!jt%1JB-=8o}Gz!&t|2mM)pch`!rg=k7mwdmB5wGRo zB_XUCX|}lCXf54N00UR}5h(DFY@j`HW%@FbL0hmB3Fn*&y=n)_Zu_zaQ5ort_Q>12=6l#G2_+UB~fL%1iT zm{JfHh}xJLP^UzPYm;7!LvK;0{QXx0g->x%{2=&`&f!H#)0mGRaTI!;wbH_8ZVK+R z)>`!m!Np>pq+~c&d{;~c%5b)YX`2GOsj@zO2@HGtPK$^*yz7b_rE{z{iv!r6cL#MA z{JtGw+4s6i9^YMwShA6yaFamPA>l{T=rC1nUIbEy_xZ|m3d?f@7ID;xRoD^z_q6k^ zZae*2E33@{MKakV+Yb8+8Gfk#gzLP&T_4Pka11b>;`Q9|e^+>*@XW>=u6>Z8Bb^p> zdskx0!v^-J+Z6ibn(G|V!U4Wda*grz9LP5O+6Y)Nf@mGqj{To9A@uy7E82WGb}B`e zV2iV{uq%|%fvY+&5%IDlbCRTKsiu;yP9j{1D#7O!Wr9$@+QSNLUi}q8(k=0kKxQ79 zZs1={5P!16LpwdeSL(BOhEuWtNqf*t;XYrl_6)Pf9VG0s9=bMQPA=?D z7g~+fj1z?86T5+4B}BGmUK6>}m1}b}yUDOLW0{+6G30$enf1S`L0rFoI0zP(joeFS zY<&{q$;iIODq6!F|K)H5zGjL(>Z()t&Yd5&Y^ie4W=eSLfGYW$IMsq8;oPanDGZ)(Bx#?^*~AUZ9L>ZTAD46sOV0 znwipD+A5KGIYIY#-r?HF9*!Xc28N&P8@kl8qt4o3re^uigzm>T$)H?NVr73=;;u$8Taie+IVxma&81Sk;YKkXBugg~-t=bQMjEvj+}0?3rdQD9Ey@SG!-{7Jb-^ zZ$Q5Ko_y$iNjpF~+z^%>6fls}PhU-b2boQeU0JlpL=nz19B7SC@HA%%c;huU7R;&O zopJL&I?jxh92YOKC{y&XXi zzLpQvVz=B!2Qp#jzHH2)*aW>Jh)$-Mt2E_N(?nK|8%3G7r6P>op&Rv7Zl~droKQ>E zzy=*^$q4o|lEvZsisu9rZZNX`{oC#*UePYq8}8_raD?vN)xw>cIZ4$OP-yPV7;f~u z58wpoxza||*6a?W$!P&QSXeXSwem1F;KC-NZ(*~q9r9mQYv(a-;o$I}oBxvay=#Yi z8X)TRQcI+&r6q=pyH+W6Tm|zJWH8L9!z`2~)A+PXuhmp9-o8r?Ab;56Pb|*z`8IXTZQEpb z=hVOBrOpo4y?*{riS|!3+J|K1?$9)2+cgcQu%7lP zF2y~Y=y{6^&_++uW#jvSi=-bL40axg2EYFx(V`FHedVm<*im-B?&dcGx`-m6z&{=A z4T2P55&t?VVV$@QTfMJko_Z**i@>9VQ%Z`WQV~=@6R!DxxvZ+Lj2bryZw(Q}9!$Be z!KEK!?rZl>hz@a2&3aSPUo8}VZ-=~59TOT){?6fASC$;jCjXlHk%?njEO4v z(BYvzrSSdved$BPZKpoBUN5NsUH_#&D{2w4+4wK9Rzo3<*AijS$f-9y3{MdHMj6Jj zt?*L7WbEPeU8kT1$dD=~wC*`(179Qfq)W`HMr^2=>k+J_Q-nH-T+;I5!7NRp4LNVwp0QA2{F;G!f815kc!rsUC8Z*T|6MY>yqb>cQT7X~`ML zkQ3E})O=CF&pCo@zcV>Q^^1d#b}ft;Z3{qK5o|cayP|@(KIDXis#Ygy7t5!r ziIO_ZFOHpWoI6)BF?L0^rxcIuX3sI5SPA@z^XkB2tv`(aKUEgy2_TtgF;J#68jC#C zXs9+ZBC$m+L?Pu#@xe%LwnQcl?jOxV4J6rS(sPtRwh~>}7rjpBkw0wECseYdpZKoU9^rSU|MZ>N@HUPlc232~bh{3RD>klBLFkJ$ z2k7G!G%`v$Wc>66*v`!@uBV=y#6OaH{33bsP}rfz)my%K+}LPnY+|5uKy#Dfj-9w_ z2qHY>s4T%H@=aG=gSBlb&w&_k>}6@&I7Wv5mh=>9IBl%s{h$l`f^PL(6W5cV0j@lm zA5)$6VP3VgM~i*j&U|SIwV``%NI)~V0(@P=Bnr;TAcX8ZL{UeYc+4B5az(*G##<1UFDuTxr0A0waheCoyyRwIm!#|@<6pH+Z%$t-rmkz zyl6?o%6v!7C##le4D?1DJwrzu>1``8$yL>%O(zmC5><%S=nu|Wv%JNDw;OINgv#%%FjKQku3&U|uOKblNlJV}yMMt}Q# zdUttEVQ~dQxX9iaLwQ4N#3$r)Ki4<@!|!=K!u>0vop3B<U4LsfJejV zmend?IGM-+iFFOL(K)J6-z~pWi}Pphd)pDi_Fc4V;Nm`LdAX}=G`sW1B*?ev(SS^k zVw)HD^RvwD2=-B>vIvLes6*9g+9}|OV*3+#Ssf&& zncicAu_0q#(DTsyOdjAp-l5IV*$NEI>m)->uqBXv(~o_HDRVJt#S<}=gBdxt5?I!j zrbEoYKcip@=W?q7y&(hc4_1Jo+#__^`2?%5rYzVAOYdiB`7qrNT9>amPmVNCD?OX+ zzBtp!$FevCtoZ~XJ=+9pWXfon*BhicLlk37h2Hvs(K^!Q5wAWy;no8hvPk6-)>7>W zyCLT;>9COdr55 z7!i4NUQtd(^=r)QDDK?*W!B+Yr)`80&UQ9%qG)MHS~^h4fdeoX_f!ER{I;>rlTRo! z9-WI=jI<17^|<~Z;m$%lqK0^A6qAduwC!kM?AtSK$NcoXw6T>&=-wW9cfS9|FYNnh zoAWPN+wYsUP$;2rZAU(}eXB5D(HF8m!tcESbD5a4%|m^y-(h;2GyEIOi;Y!bRd+t7 zKp7XBW-RQ^7`ejGFR!`Q^>`fxS74Wo@NN$g@cDNur-Zi@u=m?Aqm2Lfl$@i##qDW* z-)?dKVH~a;?8l(KluGsZhcvK70NQOa_2gQW<1ukYXMKKj>a(Ga;eVA6v^D=xpN;!A zC-%3Jn4wEuDu=+thDpMOYWV)IQwZBHOOiwRWU;Ba(<%~6u*J+4No1fH7z4XS{DeEw z>&aC7z!v}VVmLr!4y%P%L3xJvj=z^|2^O%lceW0IWcaBURG-W?k%)qtCQPheT9al~btA!!%Z0Al{h}T;=r6Y>_b46)(HzQ8k_XNqV zzcB>{&IkRghCKF2{ZX7#WJN9WE+T|hQ_ty6g51r%w=FFG1NU8GA8KBFOc;;~q-kUs z5B*3NjcFg^m~|Dcn^mRq{I|MhVgbsbWBH@(pGvT3hVJasIss}EzTCaU<;Y2$I>V0I z@UK=7uNHDPe`k9!T57A+ASv$LhY7!Gz5{zKZ`j9TcLQNQ7vZlonLw9lW@S zhn+#I;2}7Cf3fwdmGH3-r2I|fz_2vSzQ1QBz4`zW|4qt>_?kgkQ+dS+m+sn_a=zQX zS`MF(;PvsWij4co=t~OTuN=C0!KopUB9Ad=*MUhw4&i+^O6h6eG7y*(mRZba=b5Fe zugj$FiTq8a*>^u8rz@v9eSK;V1fbE)fk$Ic)KihMbVHky2a=iM53~)0_D-%``Gj>W zPJbZ+<_O@aj6{Ql`QWd6ycqY7u`h()qMjGX`l{~gXPVm|CAnZoSrU2U(&rmji8Og9 z(jL#zZhY>BS5A{5SJ&yT>+e=Z_`=tIZJdAGtrP_bgKW;3J*2;szk7J0Qx|rw=oame z*%hD+5Elu{2Z1tAuLkLhHtGV)LAv(vZfEe*8}&8`9R7-)b&+QtCGM%yXx?V4vqmjw zlZtZjs!o@E#~&;UIFWd89yA>Ckl3`M-9*^*4)5!)%%0juBlZ1*FfR;TKNrakG3|^s zQ6n=k&`8s%{19<+Ekk8fn!>BxDZ!!^!pGA$)t;!iF(2B$wFSKYHbluK2)i%q{#Qw) zBjFpVOBVG+-FU$+ORAH7+0@AFCOB)ZFPg)ETbwG^Pu@>>{0ChESxs_`0vH+U5mg#c zk^Q8bOv@J@#ghIzxuC41EvS!gN)4!k9kfg$MbNSOl-Jq>^qJmGG zOnFC|xwy$_gan20+D44mdHqi>*AjO||J~wJP5i;=+0%VmrV59uCU9vybo!O_#QRU9 zm;r~kltiJ8PO&>V6$7JI3pbx{4^x?&ij8_&jEdKTp)y12AEF1hxMQrr7Dn^XPBIB{ ztsQR~YlnW!Nw|&Ct1ul?xfV^%Z>)l>{72haoXNf`JXwI$ z*FK%U29P4qjknpZwk?O?4@|2+tGV?RR~^_I+ri(UpQII!lx8Zh@7RIwGHP8&(sHCD z1iKo@73tsTFYg==uH@2fPb@hb!E__2^ZBZPD*a6=q<0nH9d))5cz3c|j{pb?o~o6J zNxd11wX;|Cn!}OM);8>lF~Q^$+HmAws3pC?W9B0eE2Lo9U%4u0_b2|rRz)GqUV?7s z$UrvaLd*@=mODwi;!SSznl)lK{8RmGc#D0h_hUGTGVgI54R)2wuu9r!3ZA;O?%wpn z$Ml0wKb2NHR-eyNJ~gp=eJA&vUZcej!W8uy5W*>q>$uBU?Ey8|AxN(T;w(w)CDw!s zRtU(wrp1sxyC_i8$@*qz+|@%3b)^80lAP3`d?st5dW6ca?s9`a-@WYEvc_B7_NFe+ zZ$E?0HD_)nU2E7Jzw8JCgX|nuA_(UlEfVT!!3D(Qiq5s&ly8@HXCZ5pz~rY!t&R3Z zXRmk#fe@jam^Y&o|5E+EMhdv!7w=8^d^P`@_^@t4Iih#*GZxK&cb*%;5Q` zvgt`EQ}(!_>SgEEo&++JG|MvLl=ufnE8rWvj+pR|3E;47qRW?tqOH8ixPCuGM%CW{ z$kp1Urqf*RtASpF{8F=Kw9+g~fzf)&ZfVAewgwW*KkX}*2EQcT=oz=)7I2r0N>7^f zp4A2m^ut20+(bt<>@7Qu+#PiFVw&>G3eAHyN1*^=V!IF&d`9$?f$*^&d<2#q(f+m6_IiSK(`NhaDQ} zwLGc1@8~zpo@diC$xrv|S}*&6$I-QiDJL@IKREidAY&ev^&l@R*&6Scj*jt7+ib5` zXFq@&Yz&WJZxoDesV1|JDV#G?054R~-Q)5Sa5s^1~#6czumz(olU&xquwrv861+IqsdEp&%@(h6{e4I2{%>v^}R~=kVpDc7TzV=Dkc$YwF)03$#5owyHlD z{NCK|?yejU$T8na7TgVAshuv_3}>|N3Ch%MaFoatCjMt>kT z5;oPdnoU+`ej%%}R)lzbzS7-4Jyh5kr0jsWyM6xny*xtUeC4F4;Rsl z(pWAAjt^xs(FM%=-zhHFEa!y2sNG!%JP-Z+JbAU;gnME(+oG89_Tc-U*TU9Mw7>V# z5E{S@c()$*isz5s2Sp56c{W4Sp|NG7@9?`=lSckEvlUOWigrlgk*mLa;okUR)Q7x) z8|_V!j&5OD-YCE^Hcd8idnO}34HPvqnCGTIe{lB+C!EAyA< z$4)om)@R)y1T-ak?;ApR>@}vAePaP2(%Vco{?>NlO=tV!;i%M@Y@UWnk2SgVA7ese zCuC0n7#f4?j_68aOpaL>q*$K_JV*V+O%XBL2IkT^uxG!Zq~mq>YM*r)Le2kf5$2DYJlFe zFvamSW-USN2KaO`ta5yQo<=_YVtnjprr*mqZM}VFW403Pa7CB40AZIUOaF&L+1Qh2 zmgGNvutVrq#Tk4vqgTNVEsOoYZWot{shomGzve30)WT@Kk=hBAwK``4*;&ZCK3F&M zo(#Invi}%H)CBN9*vqgt+mlVRu6eMLhHIyMRh&J@VBS`0m=L;UCMBuDzmx z0)Y@=)AOf^5E_bzq~~w(%`^O=X3_j9(-F(GGWOlhVR#2V#mx(WM4b^Oudk7Jnuef~ z=v3x``lo-omCsA&S&?6-8}G`@I@Kf8PtW7n^t6?v^^L(RnnBg<+}dyIidMrA4T^1J zpOkNW`F-NSWMSgAz{;7Cc@p^|H*U}+38dptOSR{K|86D3E8DxcwvJoPMzT;wk+km%8joOz_lU6Cg1BkddR)2J8O z_E0vF`VPs-6mYOO!uk_Ukf4p!+yZvSwK6NU0rI41r#`o4m)}H|{$n>oLqM;AMrXPF zyd%z6yDMnRrcAXhi0Il6-U4yE=DBRnZ{3HN^qI{j1Fbi(!3B5>31e1;Z${ zn0PSFE901&VfTeo>d7+y|#pCJo z!HAFN`fZ{Ktqw|tE+$0>aF3<_i><*>gD@c0WcSNG<bug#ISGnETa8=77NxJrs;mHZM99;Y_qd;Sg)1fHzkKpEt1Kj z+GRiQN*?~Kl&v4@aY$L4JM8GR=rX8NU2cdlr!L-|OVb>R`kIiNj*#mop22S-Z1Q&l z@6=1x<7_v2rl%)rTHw?vZF{yBG z>kdX~XBm0;+GObz$hV!lBH{2h!6fLQMeBeg^2=4;Y1Q3@1(dk+YJKWT$Rq3_s z8DrcMbHw8_`g%vrC<^NEEu&wV{@{Y&q-nwNE^-~FE;Dn5I2*NBLhoNG%@(fE?uN=Y zRf-U6RK!dgKURZD4hJ||E{LM-K0o<0aI+)VQ8OT1MDRdY+KkV{NA)A2RV8?!>SzR> znIlZD#r$%}#R5dnn55TgG(KwAaOn=vps8o->f}u7|B<9^RG#RwnsPGo&&u7=WZXv! zql`^2az2l!f1zVr?Zb;yz|vYegAk*gWlG=~a}c#>qtRS)Cr|M~z zlce^%x@pq9EtAHxq5Kzgzd8E6%HQ-nP2IfzWbOSSuFy3ecvi?1%E+X*g>8K}5|u>9 zSpDstx5<(DhRe$rkVEVJjQC6{s!ycvrL?F`w|EOUBzjR^6ZEn-^TTr4!iZA(b-7Jb^`zb_LmUN0f4 zFR&Mvy_{#&EWf^~CnCxmQc=WX>zoQ?Hw0nPfaXDo3F&ELNT>=qgkIv3B(F4i5) z549^`RJgH74IG+Z$|2VQBfpBB*f{LwrBAmrGImK&b@4Umd8Xn53oVm&TImHbb^2-c zW+_h_T4Wcs{V&8`+NsD98Fh877C1&b>>son^)mau4 z;}SufBDNw5Z+6a80!2qqU+zZKIjk9omOGNIAu&B<(lxh5s3WqT< zu?WMtk40@p&E#;8!glzYZa1!%HKTnF^bK*%JaIs0DrQ;-1tM{*i;Mn_&n z0e1T*hh>_8K$yc`AvteQ*EEjlg`COrUl;6(=_?eLg0ii*^x6O$ z0_JEYjNL99^6M(FFLg7{p`wW3i{tinVc@onvhz12XYr2>a^*jthcRz^2H&E5bgG-oKaO2vTfuqc zpGGG4MNFS`KZ~SRet)ZBd3Jtm9E_EmG#FtF?ZRq!nkj(5%jpq&9GR9;zf>c;T#CbNQ{bv?8_+q2cww zlXlqG?kPj%6=MUYeI?#<&Y@?xKd}?}dfwv9Ro{eV@!18;wx{WVOIXu-AiS+iVC{Kc znOo#-)=iJFBNO39FtPO;qF;j>bfaUfef!7pOHV?8e@-)U@4+d|>&MOQ)rq!Y_t_NF zLt1k}-pTMTzE*x)jP7x)A|Fq;5+}*c0==mN50D*Qt zbxsAQhp}2W)vTs8OV;O6< zN_JZ8YojD1NrfVeK^QdleOIz%-*>VbOZIj6ozwl?-FhCr$LF8l;W#>sX|B1>_wstb z-phGjFfI@anirNXk#8pikR7y8DU(dH6AZSY>?;S(OsLRO`cKs7 ze?I?lVj@t#Bv_Q7a&${Gpl@nt-eD_RBrhV*_579{#$Saozjdkb(#YImt+1%`KGAR zT^Hgr$CjriYJCl_jg4v!YCgl@zK)D=1!zkW9F(M+6T%}$zZXOa&G^2b9!G$Nd)Csu}cO`Kh$bWR&7VehCO14 zv2a@TaE19`PBubinolc0!nL1afg zLrS8|@pfv#{>v%)K_RcMV!aF-BBOcvxn-KE`6GGFRl)qjts5Kt7iH9=DPaaerVa-> z;_WcdGsfRJM}MF&phRJy1PFVDahxa&3Rus+$9WO0Kwbq1BhmcH&H-9Tt3UD#ee)== z<={utL;BDDHHtc^()EGnWQ|)KyG$ORUVUDE`?Fx`_8)`$a{@>YHrr?kf*AIjx;Rb* z@${8Z?bKS`%*@6jii4rpW!2_}XB92#Q(a9$I3>)>%QoUgxbSXhW24()yR&ijCC~$n z<1fmiz?hjaL(~Up@iG-j>e&lE81<$EwSS!%X}}4LO50zZ?I1bkv49H~u$Yra{9%p% z0%Tesw2H*q2!2u*VbTb#)+GRVbU+eQ13J z7tmDo%Jql0amh3%P6QvQrhcMp&v8FlIH06w@&&+npbN?5o^=m}g3e9>=WT`q2YKc+ zfc?z1_?PqiE5UyS0d{fNoFoBrSSB>HANbVRBsEl7Zv$s3%F=KvE;x$yIz4%EP}B{9 zQXC!hX>4l_@uD*lj#S>`EKkZJFTQS!oo!8sR#>@?oj@d5H8m^WAb5R<6gM_fe+Gaf ziZ`M0x=gdfjSVgOnCeEHExr2E_~7D(USrwp)8%@d_zMRaz#-&0KviWKJdg(>fi!yM zsT^E@YIFI>zsq`%3`Erry;6ICC_$V#PvpQODJJv>e0L5l@&p4S@}f-h@T2K6;58v* zV;LHq@j7FTxz2cvf~N%zbyg>^b$MR2CCbk*wpm7}puaD5N)V~kd{q=i^GS(tReO_) zNz2(Cbt}%i-7Ur8o%#y?(cHF;s~#=N$Ysjr#^W9^%U@eFFGP#ll!Gv@h_y)mzR;ge zpCbxxy4REZveyB+d`X;2p;bH7zh~Wjbl^j|&jKnAh!{`G43z+Y7>ZnZPyVk2_ipb& z&dRWp!I)=a#9PN|Mt(&WT5y8Awh~S!OuC()l<>n{0jG4uf7{^a2a$pnwF>;F$BKKu zEw7bq(KX9+b9pI|O<|>ITI-mI+ogm-{>;pYI&R=7Ke|CUC&m^&u4pR`hK-GETMny% zZ378O{OLT;*CiX+ch3$o0QSolo}evW`0(%j!o6ZEgHUF9y{1ITOGium_F=HmFa(Io zfK%S}08vT}*?|jB+I?iS*=y~4Zlg?yyK3rM37cc_Zy0A11oUM%qA2-^MMbt4Tp zz)C|OsGm9zP?d>*s?2pb^B_Pq1b}+;sd$!oftc&|%^Qvncx9RwTa>0&rmrS$nxTz7 z<|h%CE(Uv3OK2+SY%03+JMjI{i*pVqvJbUrFShoP#3-Feth56E*z%UyFZKZ(Ma(_t zqr?a$tQGJ*m1i81r8z2c^%3566XxQixil@p#vyP15X5ge6aV@gpusWqpX3KE?-V&8 zO?1-DkjYlAe_gLE6>OMsNd5vjK$L)}2NGc>Fw;lnfbZ^-Cj&>eIfB6GSC>R;{WphH zG7K{cksKUIRh~LN-NKtJoya$`30vo*MddWRnI`_elt~*I6jnFGApRb@Ql~q`tqbp; zy>vA=3V}~=QI~JW)#Wc`j+wzAZo_~Lf42ngbBU|8R}L~wA7jzBbaVIjh5p=0+cgJn z+IEexY<-V6>{aXKJ0N1ni~Z%WXWb8!i7Tb!quK*3dq@iS)%g+;P^Z3_9K>C7r~#l_ zrunVj3gZeodnw`gXD}#gq<^W{$nY?t^yqTHJZmxZ>xD)8a`Wj)CCMYWhz8ERC5$0e z`s#`1)v4CTShq9nOIS_8$;tSSUZvj~qWE#(gs1@X#?V&tGvJAkA3d=C|1#8#?G*E& zRq4&~WDUB54B$!GYk&sls7n4^(;f-NvNvr?b3mBMJvaA2Q67Rw&O%O&9U#g>$iiT7 z;lhX7X@6Mzo(luoO^L#)(#K3bxZ!95yry>XkzNwMC3$h8x6tuYzqDb2nIL7m+3ixw zK~9-wA$|U%jK7!hGF&R&;zJ~cLNng$G`A-?HMUS3cCjVXN?co{HgVJOhO<{rQ3@rD zzsMoy91MYOY*S}{U+B+u_eO%7o-H9cbxLW-VaL||Keh_=S(0ps^+14?p_*W1dg&W z)BR}k<#`4baJHHtEoytaM~GI?euo#F)N!;=;^v?SLP_RNXW0`-P60F!kSjlV(DFx(KF)Xb~JQD?0C56^2LiLD(9vgjwyJFKRH||2kDW=`^NlU22!0qk%2c;bJ+yj z#(y^+XCm#Gn@}z1rk(mtN#Qi2ly9P;F*J-ZX3{sTA@o`TE2y=6+_s~SNmP4=QExm? zIKbac3PBjj>eo3ma!??8LFD!eWKH7#uDgtv7OYe`4|4QR!}xcteepz?iKl<6w?~3| zf9>J}fEriM)^p7;O3W+nqevc8jD@RZ{IZ+lX)VIlCjJuVWh}$n>QeIPq*!jkg(5qV zu)X;hQdEUKTA?>V?T;*XlWE;j@~1f~Fy%)NHBK^vZRTidO;g}T29{Zdh(ZMO3bZK}Ki;VNHe{hYi= z{PEw4U%y3vNoblW#0K<^nEbkAnn|Jms4>-6W#{Yrr?87;#gP3@lAlnhw7lbbaVCL0S7UL%=E(w;*86Cg6JQd zS_Sw*)+Gu59)KKys&+INpO)p-hr`ZR{|G zy_yn?wZOU2!S%-%0@zOSBG~F5Z?-v0WErBJ!r+_0-jrlY81bdf^6`Vz=W!LRCi?qx z(SNS+d!hgNM41Y0R|>j1Qfurr8B9&$K^{N{+^yMddm|LJ)+eLe1O`)=eKw zKOF-r6l|;sL0e3SNUQTotFI!_lS>)*Pf`5iToGVu&End!knx%}IgB4{WH{r4sehV4 z{(DV(za0o_D2Etr3?8svMZA-!kNNk1u3@A3OQ{RQC``KLs+D9FrA9%OdZQ`Ry7VkK zJ#=$AdF*SZEr8d*&F%Il+dEm6`C|jgx1TUyYaGr!8btNawf;-Jc>%;qN5Dl=%>!in zv-?7tp4v@O4lwqos)HNn#`Xg2wHt{J`F?^P^chla zopkygF#j~aAvX|^41=g#54fu*WxOZyj`?uF&I2o-Tl})%4$u(=&w8BT^|J_C_X@7n zY1SU&|E?h0=vTqucIPi57dT(^JJ^Hl8ZZP4^8$^m@5Gv83;N}y@J~O?o&GU9C3PWl zb5Kz#1(pVa^hAT04&O|84J9n-{xi%ce}RVvl#^YjdBjRQ5_X27fwV!kL6&}KUK%`OfOKnEXpVvm zmjBV^fS3+W2)KnN7^e#NJ=vjoq78S@^}%?8o=H5~!ZInPt+*w?SV{q&b)-V;pEP&q zu^hVxSNKG1V{@9sHQ9VyA58DhQ{q=G^u2ffdLn)8xzmkDk=ICqM$6nx#NQtRXV;pL zeB676_qmCfBR|*J_Z(|mB-$WL2D?FX@FNabEBorq-Rv3p}m5i zdn&Df!(N96_c57SmZocOR7Rig{dp*n^0(F{G=ahcoeGHcio>f*i5l%<(bM_uMy*f1 zBsmxe%Lo`m1f-&`{?0_z!k&U1Ltc6Xj#13B7D63`U*%-^^8y8>4+2K1{fc=1@*iOH z(Vj%;yeQA%{l(qfDU9pYS!p2Bm%l}7;(h`kNRO*LX#dmtV46S6?5W}ZVWnl`#Db!j zto|MnyZ6^JA+9u6>0kma&8#IEi~@|)AoPs%q1=wRKN~-r zw|l&E^q+hIIV=CmWQ+ba*^rWpaf4G|9TOy(%27~Q_s7UcUjAJfkhzN(L|v*_&SIA2dV8YagQm+U_MYee`GEKG#71BUuE!S+j2JfW z%f`je&Axo^gW0N00s`X?7>ggvfSP|d;@SeycUTegd;3=O`CrKOffDt_xN({i^}ywH zb|p1oLhl9Xo&V#*H#`nofh+YmzjUO z^AEct-n7pl9}Xsx0|Enkn&PjZ9&x&hQ`-k4o{F}x|Il-T@i+hPbdc%38cWbU=6x@h&2P}?OJ+^5*Z6KB{{x2yC!k4YQ9bACq>_E?pb z^Keh+LvagSpE%HzaN*7*k4_ zxYNC;%o7jJN~wRxW$M$BWPcedLft-ASe5W2T{c8>rGT+4WK@Bnpy2RMOTgY8w; zf9U%9Zg=4l*NwU5hIzI7+AIC-{f7!33eVGvlhvF)4nY+-UC`_J94CH3pE+{ zySpCT2hSKChc7*cwOM64qMi0y?ZA>&)RSH0X781^V>kr~!eW9!@}+`&kus}ebdd(& z>{Aj%Z;bE5dy4w)HjK+h45*F>GOkplG^0y$d9iU?(w|m<`JSRg?BI%csHOw8&J0 z_gdQu@Sy8Bc$`!--u_JXc|BiDIIGK8n#wKKHnlh}6&-gL!#7o_?xh*_Ka_gBm;w%g z3qAR-f69tEq|lQ_-EVCu_IdXZN&JzN9IiMw6X?yfOrd-HDsu&lki}BB0bMOL^&^)el*Z0L8M^pm|%u7Fq zaY$VXV(S*A5E;)Xpic)uA)Y{}Db0`^#~_f=m}rPCWNySWiIHsaCVU!+X%mCLJ3M{Q zmWshLAwgd?@k+8X2~31J1OAqu|2QM0#YOQ)9YUO=ez5Xc%%?R*B{6v76Ah!X#3Dj2 z5Z{WJ&<9}>P-K*W2)V8|(j zPE2+>$-Te$?lb5{yxOKeFT1)p%0`Z=O7TV;mp>~DXM-*AczHSaq z<4Z>vRBL7AHmj5Ul4R7eC>ihs)l`h1kAmJ(zS~DglWzDY-51XV--K5+4vbHDm1spf zuZEPgGrPdf@5kzy122-^ku_kr=%^^-aaY0tb$g`1b<}R>~f)3nCG!Rx8;(rWT;2Joc=?p zuIy>;|LYFGI~?+XdiVyBDH8jxZj3td8UY)=_TreWxox#kcwamfEH)R)AXp@$e#W5g z?QyH%MN)O`&MkVR+gDx!;!+<7`JS3J$uLLnt>#*V1&fcX}6UVbRo4@Peh%N zGO0T<>Ix@;na#Kapp; zG*JrWb17?%{zdj~IOD8jWR-Y22`uVdfhPK9p|DD_D?0Iw&Z%i@E~;~vAPie+6_U9m zFxURWk{pXt!4xk9=CdMsxwOAo?>0O|#)xS8`IE?QN~8+3ofcJ3m=S9l9sXp1C3i|LF5K98CMA0a$$Q~7)Zzp7QG}5NC*=vqBL~7N9RxZ&c{h09 zn@@=Zc9ETVPj%mSZPbz3Q#B%2uHNHUn^X72q#H1z!i{1QS-DMK?~*(7YrRuoEQ0zA zL*I@b9}`zlzb9Udpw4`)=!!3YqjT}~^vgvo)j*N{Yl?u3;}tuYMAcQe1=rcyMq!-Q z=!hKK;o46%=C9rIxFX71q=FmI(NMZhSVzaxOgyfhh@g1yA-}O)qB^jB!?@IA^D;v4 zMZ9H=!OlwrWT}j)7jR3K33h&G z`!zkgh{s<)P9jsC+2CHP&Gj5?1-1HWRKg=Nu;`Hzy|8J=tJ^cTm_F;e%#teOqB7QN zCqlpXrwLe22IP>Z7nu5qhc37CoH?BvjwN%fStc$Kh;M89StAnEx#Dq8 zn%M#lD`;g~=rRUuhOoyiB0ji>nVo-9HqOWn*P1Ii2Or(hf+96xA0?1-nZG++rDZ(GFuzHQx3+Mety&2n!P2(;vKTClI$D z1w4v6LR67!DAobqqhT_Mh0=Q7ndLsKhhL-!y%n8nvh%$A2PQs1CGf|{RNsn%QIqt9 zU83f7jR%R}QoOrbh9j9&#O{f&N!qp>2I&gq7%&Dr7i#>JaS_~o*+qbHT5}E6^9qEh zwur$XEP3Qst5&If_q^eq2}I0fs;V!h6ToMs(@;pI&=r_32UqO5ebphA4-B|=#e9FE z^pTRl%xl|isgRiVjSxXWBqn3D&ggT)mVh?gLfaHm$7C#NwlKlPTe6J&8YY?U;8c~8 zG~a6!d~<~9v{dPBi|Z?m+uoaEhy=V`IVLN&(Z|+3r2sq%-cwEAtWj1k5i*^8$sul@ z1NRKR>XhjL{LADqKtiaqB!EM2C_{)lLx#g%a{b$HwE3mb7Aw!c|Micr|9*#P(Y$;^ zN099T^Dj^JH1xbK7RXm-M9JGDAXYBEnCm&AVHY(5w7M^7yf~MkEp)~J@!=W7y;1W9 zQ4|mPJ(DaA6w$B%`;R#tAL#YoL-L(^-hAK=6=Gtz*m47VS-qztA5Vj88!|93S4q?+&2cN8u?LC8B}^@Fje5gr$R0SEwtF*Z`9 zS9yhMO>r9(`zdKK3tk#%WvWr*HAJ#+{6ovA=exg-KfkXEpHQEG{J6e%`TvRpiJ%%a zjSgv)6Tf_fA@w6}^b)YjB2po@1wF-cxLXdbZ+sgOfs=9B65!-_xo9l3`Is`^k^CtG zz0xxLH6&16EYA8Fm!BB*XuE$n^J?R}vx`9n14j&=BG)QAqA}1DYIAv6BJO_%QR~r~IFe&+&E3T-s7{5c=QnhR2m~KO5R0rD45Sw{*%U7cT2??>ld;>qWTMD|bs}6@98Byt+s4TbI^p?UO^(0tA_1%TV@-})H zv*6EKm{G>fbCq!#=_Vey6|o)Vj-{WO9b081SS^8=c`UP{Rzj1Gb3IThNXAos3mf37BRY+5d*n&+*TAtys! zefcH|WA)W-%RLqIlVaA0si`Jx`j(BV!PVr;%^`0)B-}Y@=GDZB%_+OcSE46mk`X7_L4{!P~R@8o?%F(av=| zNuybo=@?c+JxB+t!Fk>Xb`^c@NtrgoPbu}s=~4Y$Q*(*3P5I+?)eq9YXDoXf2tRW7 z6fL!Kbw18O&IS>|Ni{EwtUeWf#SDPv6=UeW3C|%CV~`L{Cf{2>^RJ!n{Vnto+#%!k zz&+_x`X>-J7?3m0_9jU+zgSrrJkB6El9OG0%K!e^ORrB{YCEBS&EV!8@y#w-@~jLp zXb6Ow0R}Ljhnyv|uT4|pSb)99z0_;ocNgN{hTbyHbg=7a(LPUe;;T9nSw?6DjEcb( zGO7Kdnx6)iS4}PK@-uO2Wb|A)kNN0`MR;0#6S`sLi|7}M;2oW8hda3LHfn9pW%RKD zAg*GKVAsUzWX5J9Sfz5k&NArGzYPb+BAgK&R%&;uV;8!A{X0})ljN;xPBpipU0<60 zn7kcMLASI>jPN2UUc2Tfo!S?yuRnBVD*5uOOsVDwu0^Tl;1n74`cFpUHX{^?@OP#Q z&;Bdd{?E&JDgdz|(Z2iRiPVY1OwWR6&zuIy@?ifJtdzPjppnh+;J01+M&UPkH70J+ zFu*>Q`RJ!y{tJnDiOJ$3fyFo5Px`d37R9fCn6TrYEkW?+EqPSi0(1PRZHCc`k)$Ef z`+?+04Hd~ZACA!y|4wMDhn|>Habn(j3#Ciigtx%S&llfkZCXihtdPB_hprw>#yc@7 zSzQP{x?{U)W684F@wlUK!Zg4w*8qOH3r@lG9IVKO3HVEd7(8x9Ju$8G1_A;F zB>i_Kf)>)lGeL((?k9;dZ6<&?A!`!7ul9ZW;t5JIv)31MdP!kx^SKjMxtHK=5frHD zz-|6{ZultUEisqZfrA^=3!8G9&O1Ci7rR1J^Qg#BIaNk#;KpA-eMfaabX@>bMCvfD$DCkuS43 zf+z6>YKz$GUyEP!#p(6F7`}5l5@xp^V2=m(V?U(B+X%pE``dSe>G<_!f3IpW_;Lqu zx=j{^*)1GvI{s;;E4rGS!Sc-6RF;U{@8;hOcRsNQBOMO_Rl{TT&EQRN4PIe%Cx+CX-TK%o2FE?Rt?0KNB63C1$eOc30bvs(dZ4{Z8X@e988a5-O4J$hK>x! ziwX{g#~Zw}ZI6^6y#@dmolGVMZ`1w$w9_obWkaWx-+0i_bZW)xyx;s8h|Z|T3>8YDH(v)kIeV*t+k z{=%}WwTf}hXq6zf{XmvOjHTjv^>Ijgj*qMnnC*4O4WK#XYw4yGD@~1q5Z`hQ=4I8o z%dUC%y3M;Q)iI}|6@cV~2AOdK!z%a)dxX#zda&N6dXfl0vqR1ob4EHeR~_dnz)Y0t z?lkmP(ct|QdE4g$ST30ExYJ(@NzqkD4=T|x6ubV&BS?XY&sK>J1Utrv`lJ<8?L9B@ zy!&Orq(2qRFe_6Rv2PeGkq30WbLc1IzH+8aDU})$r(1bnO#&;NX?mqjj@n$3QZJ^5 zOfSPZ;aNLdck`8j>)%eV7cW_}ZYVTQW`138Ga>V&)`!VFD1GtWg=`w0$ih!3*Z@+0 z!ZyCsXZrmk*cR`pF4JLMoD8g&;X-)Z-2^taWp!|_Vk<}x(t?P8Y(^7z7#9@9X1+_GE}_NsrrudUU>IS=al*8 ziB$7>S*G?Xfr`j*`(sFqXwA>lpd6G72-F-EL-A*+W?B+hzh_JO>VC#W+4mF>*tzn^ z+Kc;g{U#NXug2FKNnmTgJe(29;Y+>T+0V!Y&yx0bHBysaK%w!i4-tCUp%Z6>JE$7|XLw|Gf|1q*jBM?>k3+Hto|Ib@QxSKlyXxNW0)vt>^2JJ{- zhB-P%7#zEgZ&kIgMAcIr%|6Lvdn@^Bb79BkhIiWf<_EF<*b~vU$Mu?U)3SF9d3$!! z5LGn#0x3`!!q*=YWv}bgSUM@r3J|UJ2X_L)#mzE(^TG7hiL-iJE#v{_6TIrMSOM*{ z8d4Y=PpydgmX*b(5kjITr`7GOSCv)ct}Wi%q_(0QJab8ycb7#w2uBPEe6;NF<*$Qp zJ#zbZJiEJwLnu%MqYny~tnLc~6rOuo2_71?PfFq7M>M!DwG_^Moog*cYT)FRv=o`< zI0}?}m=?rJSGgVjiyEL-Zr%+@2|4yn8zE56jc%$X=Bc6EZoE1n$du3MMowRUts9dq ziUIs3_EX#0DRR0^vD31i?mTDQt1-ozOo1x;U7}c&9O-5WCM}pm!ML}`P1b8CJh~Js z6)MEQ7G9h(Ef=ka|K6CgGJM6_)2pKgt936h2S#P?fkY&M%ecHOd_gir;@gs@toOfv|P)oVdrE9Lq|F&0o9{GAG1`#83mB-Ldj964Bx zbJ?`Pe_$)!meO5Ws9tF6@1$QnyQM~Qn`Vg~i8q}qTPRx?BKb)3k%q5qgaOqxG{(YXuW2aaF3!h{LZnJh1oj7^4MNnbj4P(2#E!yvD zsUEkN+v%!G^6PAiBTtr)#2@@$owA?(_{!#`z0N$4`1K<`DbhrgQ=MLy~Qj5w+SA^N@yNWm*!N$f0<*S$`8hH((~9Lb_DyfwK$H*QDWe zX`RU3IitCAq>+Ui6b|kdcY0dZ_*95@@|3KWWUKC$y|GRZOnI%YoBhDV!03ZT=VL6{ z@@pugs~M)m?DL!G(#WW9-TA#6kFETnj9)=wfYoUBrAhUgP7vB1Ht5if$C!Nn43(cv z5ecU7=TM0vN8LGgbXm{r4sJz!hn2;3cr9fYNy?<rbQyeU-#$sl_)R=B?&o z8@f|sGYYT^>#E0LpHz`C&G-hoJ`E~vtRQ)eRhZ2N?v}>7K2j+pv7(hz0GkN*sF-tG zz1*B?B-Niiox;1Xt5Q0ELg7QmeooH*L@J5I6%EPmMPh7$9rd5DGq{e#jJevbrngoJ zGD0?Wkr-#jnGOH=$2u7e71D$6q4eT+npe4a!`DN7pB83a!jffGAxpBZ;Kq#8H}ltQ zcSdPa9&VaL^dteqnjlEhNjd|+e#-8(tv4TeDiC>n5}OlK$mO(D5h}@pJAu`=*0Pm2*QOFGvXI*8F?YKpp7Y@mb(I#;X*K5rNNTNNuehYfr)0F5bNR z^^|^h0l+OCRT{y6aBGuC_ya*p8Uu{PO`|-@`aYJKVHuKjEn^VVUwWsx>n-+HmTZXs z;Vcq-Q>2)sIb(27>&XQ@>`UUODWeRKMP>1y3QP%%O=lJ^LMuvSlxg)djBi@rfXu-(5(3~kbkSLjTF6>E?>ZYv6G*pDig1*8uyo_&)KS__iF+lZ}Qs&lgNpt zW=x=cd)aay40)OPYi)3eT6V4#DUXCMsswZttOxUYJov&SDPp>!CegZCuXh5EI+4&_ zS5rxMDs>CL}}2J6g}a^eae`X51^}qqf|I)|*opR<%q3Y*~jn0r@J!cJkH0n#$B zd&RH)v)buakmSlnnsMyIs@T(VfCM@^-sbPi&YzTBCC`ww`z$#sq0W*Mc5w|54k5fI zWtr$DA^b6GVk<}>Sf2qOT*ajKtFQa&y%u}TWhFNbxE9@ZIBy5HK^yM}N%Ms<;2E3n zc7IiTW?4lr1#jQZGelK12vEhFiI_&mjL()!kGGt@UNN3)2^Gq=dn}x?)7>lNJ;R^6 zF;&Pkm}mM>7I8zs@|1RJt~tCDSvEZj3&@$z4Nll;IvnjX;KtTt)|?X)pE)899N|GD z<-4kw{gUOrEyG2R-YglTNSYJLp&S zdS0cLTsJRoN<1dMEY5QMr_V95t#>Ok-AP7+(_@iq9wl4tcWw~_+*^>xL!Bx5RnQPP zq$ClZB>)%ryOoAc>=UnU*}ocG1`5j$&+H=)AS2Mc8R#_j9`XFUEoJLh6-I{Aib+gG zOJSsfe>Hs>?j3pB`xhDRmJGMr6Df7qRqKq=I6KP}lw|8!{jKl#(C@b zfa~%^hoXGby}xwIsDS8FPuM-aC6BgvJmVMg8P-!`IrZZ-0%TV`(Ys$-s*0d=vpElD zt|Y(o{#H?59G>lbieDrU=b)JUK^0k1fQ6_SXH_LR+b%@z+N@-r)$^Qtp3TJY!s-I3 zPlofReiC`OMx!@>p2Bt}*C;23tHidw{2X;M{`3p|`kX67O7@>|1B2uwN{0Nn!7pL1 z-f7zIZ#VY6<1|Nb!?yjNjiLJ%X2AqjhSv*I6H#l~)s|5<(X6|Qz8LvR{f9QZ2*@JS zSGTxy*r%Z<`Zfpx%mr~aCgdV;7=cYey$1y@M$(aYv4@s}Ik6=7LZqpkCGG~3z|?oW z5L{Tx8)i;StB;Mjy!vvo+Ox(tf>IV%2fHc~?0dJrQg`HCxm$xNvCiU!3tkJkmU&?| zy>|4j(01`)?(oyW?D9zWR1txqi$>qcfR4L(NX95o+qp4$6s;@5)^(@(uv-onXERO` zdJ;?Sm-HtgwkN*5NsF|Fz1I>z8>{Wx>$+}X`9^1GCPSrBTey+dG8Tk_k-58(`+7$n zu@k^VZvPJ%{F5M}kAhspED_g#74*I$$Eq4?L?0!Deg|#X00o}>jU?>00Pm?j+vWk| zY>QEKYK-X$Jzrsl8W;TCuv|xpTSxfW59S+ruvwmK6CP}aHyjo9F`AM5^OGGZg zR%`x?1w9BNg8!rHA8a$Ljv^Dqy~A_;r#A=|>5*QN(`R;iv7ytst@gJ^zBDAuG#h}4 z9-J8?>iKLLx1a4D6cy|SQ{(=A4gUn{4_8<8g!YXCl=nQ^Qr}9ah-u1lJie?4go`=;HNY98zl`Z2K&ZSoE-3>LH)fGvdc+6VL74f?ZcUom= z*s%Q0DaZRP?Qz}fdB<*vo70zW(AcaGCuluP(uui5qxh>kGk5Z5nPcogmQ!;75d-)B ze6gXoeuf?1@10(%em0o5?yK6aqa=EgUoNLbW}kDnd=$jm zlO89d9&4Hky3;-+0~p;Pft+e^nywAPF)A=)O)TU*Snip%c0NJddWf7u#~pIi4{k24 zW#x(XSN3|>7xR2zH2O`~a(ZAXjm!FtS^Zh#AJ%La{B{SJ1|&@%pXAfGc9JL*A~V7y zhUkkPO&#dGTO1^AC+fX+wyPQ`tG!UB<@ms}BOsqhU08UU?6`7t?e$Vj)Y0ze?JZvq z(%XJ{z;^!9T>0V{o-Z}_fp8`4RKhjIu;Rq~QP2^`zEq4=_~xZ!2o5#gTMS0+jo@=# zkFjuv6wR2)o7ypn_cd{BISZs(kZBO$r}yPY57abcY!7z~(>@^nlP z+{nK9nDlUZN7 z7TPbi@mUaOln!Uj6^AnWjuPzy%m9Ld5hk(9?1{gBkaB-n9r*GcC_& z)P4zIIxdcWo1zeesgC_*hm1>%Cr@?>)Wmtjd*>tJ>W+hogq&VT>WF5 zcDJDE(^5cBB-SzQY_2_SxwD(78;hWZ%HCv1;^p0zD4g1F?V zW2uQkS$)HESB(pD@*k%6dr4xMCck|%V4jXq`|tT(ohU^6*&(ss+a#GKUqY!TkfqgCW5k;(oCbO>u! zQ~alh0}F=_m~BFa05jE3I@5XpjSr_Ji(;oF644C6;=5v4mBFMCa|i0Kb&^bQE~Mjp zAg=~{g#mEviN3xNtqjIuzi3JZ$Ib?o6uVi6o*&(6yzAR}rwe|}R_TNPK}kE)zVh;D1RxWuH4h#kpe7TBd!)*MtCX7g#wHDr)HBvzti(5<=#hGj+-;twy2281;(_{qSS3?m3@HTb3sEsbBfpu;Jm$hRC z*Oy`h?Y|FFF=UIwwT`8TcikmuQrND|@2&|gep%8^(&jzd>0BtZB3)JsrW3@^0c7p# zzlp9UgkWmzM(g@d@(?ST`-E$4K2T~JbGqffA3hx-u|7BCNxLFEz$O2DW~`>)$-)B= zG`Gs0&AKgrC`0_F>}m`f(u&T^dsW=PDKTc-eiZi=dpT%~*xxJB`=A+Ti{R4V{_>Izq<@F~6+_xB9nyT=JT@7}d0;B79evX?jK586aZC~nGA5sw7&Fr)t zPrwAthSVF;f2fEsm#UoDC0)?+;S`XvGWEc%O}78nq`?c#}2CfV&^z2n7t#E zp*R!)Va_4Noyj>uZm5Z9U1}~!AG^W9Y7f-+a4o%If93zbM{`AxjH@rSo}8m$IK~an z(nMm^@%VY2-7jU~dg#Q+uPh#OwTxz9V>PbAT{*L?^3i$9?l`g3V1Sf@K7Hu!3-#Pg zjV0za6|U6b*O->UQ+Y5Gyl1*frLEI)0u;yXbn%PkR1B=yQ@hI(IWE&FoYQ5Io0U&t z1@|vlnzV0SOkFJwOIcm!?`?`w#Ghud+gC>H zXOqWtsOc+U|hi$W3@DVRu(ky2M?HS2|{j4CHW*iUe#-;qnT z8TUu<9^)uZpx^Dc#1V8sS~TDwKGF5r+b)oWi^ukMx|Obad{jTvt6O?ag^$Hg7TPVT z_VNbcmxR^^Xl6H!cc=}vhdhEw%Ee-c<~%A1jsIN9Tw%LQ3_emY+Bd8eI<{dy~3 zWqO%u(W?E`(Nt-;$$1mXWO4G@!;j$ccw)g6|20uspLSM{Vqe$GDFA9t^&(3n>?^et zeG^AknPNKi6Y@Ea?^W+u461I;y}E)2-Of+1GN>4muH9Ega@Yrpn9Ez*sB^&?xZ!bX z@3=VN@BRw;DThuZTV~{KX^iRWp*BzTn&nkCxYi+>_6vO89qwORNr#dGPCj64-%l2|ZGR@VR*LlQtr<6ZZhro^JxXq}g(YqyCxRfK4q z_k=(uNSx}bBQqFjF1-Sei}r&LcL08*MTS}gQ|_WaYfU5GbHKBz3ZHfF3ye?7s6Z({ z^-!SVe!v7$jwC6zRlUucjDh6L(lEO2Sw_^{pm}4UeIX;n$_;%p^2%G#XBP;cK>6@U z3`MRNy9%E0^`~SoV>T0`1vM*A&bnpnkz)Z95}6(GvC!D2jM`Om9%i>PpW64T@jD^k z9W-x^=%A}U(AbWzl%{=+Ccx*tKf{}gI16rlQN&KOCdp`ec4WHaj)A?At;?Po1}P>73O z?G@(`(?{G^5_#;sB5Y?$CY@dDX6GfW%~BW|NN@?B;06x$i)Zi8Uod;Zy91u5)p;cOwGAFc}B+F)mhGJO(k z`Wj1oI;^Ai`Q7Br1S(kuR^7}X*B&V#E|wR?C|LY#M5s`Me!EDQtud!VFfb0`};Y&P7c|^M8E|lU`K?48%GnYK3b! z3EsBQwSE$4-@fDx=cg5FrpAwHS*{3je}*o6zu9opTPmhN+&!lV`|u0eaI7Wu{MpPY z?_J669~ATNjU{{PbK+;)mK~X(sMXo@a^qdkvmubYe;+JZR14?|nD z&P|Bo0MQpMw24w9Y->U67eKFRK)|}u;QDpT@+WM??!1X@LXFtZ<>5RY+w_GCox3ee z1LF4st%Z3%*jq%j<3v^C(eNK%obX$#xSpSx{5@T5&Z*uL1A@BHOd@*}B5o#lK@I84#Y}cMT*mTcAsM^jolM*dAM^>~*CK#GX79*%- z8h1K3bvE9=jf0Z}^H1Gi_Z=1NgZvFO;!Jz#RyDXv{>u_=Q^RDwg;>pCqt?=S? z0=Laan~&8`HlA&GquKmlmVy6E!;@$LV?%nboc{`vPrPu^Ko5)uLB^?#0TR!kGhAL| zfECY*0VzmL_g*^^z}H!)hD-`rxmKw;tG42%xbX@9PzI@aX1Jn5gU-?qWK);2r3$rS zqga`pVN-Rti-)qB6mUfXwTH!41`*rqjR{OlP=y&P-TsWVH?nqdVAI)!_&M4sa7yE%`IBz?zak_=77#)LFX;*YR^)lP3Z-sJ*2EWxGhl-D0IMKj z2X-bUOabBgGhSSu$~3RB>D@QVGW@X(=Sg_Ufy$pMN6s%>@wOw^_3iA1le;rTGh;wz@m@sdQI-Gzbp?Jp=eUv&h=E&wx5CPc!wP5II!RZg23AT zXP{k?5>Np5W&cG#QfYV$Ekqyw9!n~#`G;!UGhWVjFZ^Sam!gH0>nEIHo*H`|)|aSM zDa}?Y#X2U2jSlk48Q(ziSoQD{azji4nnD}pZpLIpA3Jb%IQ`4*hlbm$7%Vkqe?WC3 zx8EsJyR>}UzI1t4S?}CgQVEER2lcuW4}+dYXw))lWjW?h?h@e%>?XaJ&%@7n55FpU z9uxzr8T{u)Xzy+ox+r5M+fgNB7ug!Ly%~Sl(=J)M0hiBXVQ%MpnpY@< zn|RE}@2N`UF|(0sm(!gMS}^ez`D)7=f8$i7l#7DzYNtT=1oGHKEK+Mb{W`!U_xC*8 zm0D%Fv{GkE$PB1FWKf`!wE*%+qBKaSirsG?38V&Kl-ND#D}vg6?fL(VV3YL|j|PjY zZsxzn?-%(hI%hx{aoQ%*%J;9^x&r?`2xpG-HrATTj`U3Q=< zABb7>NA?y!ZXm1PA`#dGA!Stvm%|>~hs{lWOihLcP^!*4uF@R6pvk)q@H!YQY5M zx%FSamjbM; z{IUx2xtUeT z6G|0}>&!<=>RtToU+3&UXPLS=>wDs`+u6CdnS=nn4up6J)DC^)mu25)9e)(4|A+7M zVg!iZYdEsdU(?Mu#TH&;j=raSHv3-i7~pI`U$`YOG0YZ}WwuhE`KR1cCC$+g z{e^KouXiGSn#(EZ3-3$+o&`Kq=S29_R5`f8C4^v_9j#iuclcU0*!q@(h$sKC+xEu3 zakC!fW8>$d%F+0Vchk52d=y-Lbq7t2^oMdn;G0??Tae z4-Zk9Zl@JAo;4V|XF1*#)Ucjfjb|DcO=jUUPFAcVkAq!i;9fi93;60q4p3H9deoDx zMve*qDhP}&9F^~?U`xb6xQ^1tl(QZ9tg~ES1$P7;9>*)qraoEA>6RlrL?u@ z0nwq_K0j*hvygIWv+}-FUgs#%hl^sn7$_?5{rZVNBDoACrwGuZCLqCk>>2()eW>;@ z-0yZtj2?oeG<6#^O=sgGUohu+xIK>Yuo7qE!&NELr=5&f6vPyC3Rr%g7zk3E6^ zM6O*lFE~)>2J;VncIfg8tpf@m=xjR2r>5I&TXat+x_SK8tE{=}{6Csp)}|}p+L;eb z$#d~SJ{k)g%v;T+8s@NFo5{!p!1$^wTWHRElcRpx>E!~O}I ziiBkt+`W+Virp1E zzL+Z3s^irPAFl`>K?P}+I-TcBhx4MD%g_Kkue#$w)vu}Yap0*ZUJg3kE!>4w9u5r_ z#8Kcmp1Z364HDHxLdcj?1ANywc_fz(wydg8LrGQVJ&v+fvj?Z5h+=kU`|8f8W_Oeh zu0}f?DlBX`FmV*QI_DXs;|7^hzIcqCq*oTm;h|f$MfFPE>>604H%H#BkJ6oY6=vBJ zyH->Rce>8~9L;mN8Y;5fNBn;5A_{(!Yo<qglB4?>!CyYetT|`jsvo9c6aNnH&=0( zd#8Q2b)dUH`3`d(j>?uM9GItAUmxYrxMYZ-~YyT>}ypu=Is*W=NCD9udcP-! zVi6JNEfSuPO_`6`c=(tKLQGpJ6c#U!>+t=02w$0uRlVWX{0>`vk)G>0=JcT$EBEu;SenoTvc+{e7%}PncIWql zk&hx}uy*aRdpCzov!Q9cJ!JXl|ms2UQJk;~VDg>FSJ7e{S&)hSm&xkE-f5 z(irMIw0peU7ulq zaCPCTdpEtPsP2WVJTblj_1LoDQZbfYQC;wxRc+*_O>gKMUqRJZk9=>|1>&t zN8cVeP&P!L9Sy9H(!Bk-%>`i8(L?*%YKrTtcf+sSn?Av0zh;Zdk}19`-D4x%E!%6> z&+V~Kp?$q~cq!ZXx!0x9-Q%742N4mVvH1lMc8{Y}rF`Lx7LxcFs}mc`F5@`?uj$2Y zw&&aa&5NR0J)>&)*TB2~$esYrjfUQTT^ExkUU23$vuKG_6IK^P>AGqDa8e$}AY+gK z+&RQXh$)E9r6IM`u%W5YblYX2v0_OaFS5(LV3pLx2L3|EAngtM>eJMZf8>3oDajYq3n`9O$j9Vk8?gqmBw@?hR#0qp zI@9U8tc4Oj&%1|WnJgKVg?;D@&}Vv&><@w*r}In6@3rJ`)*Vm5rBXh)I?Yt=k=~Ess!^k4XjqpU%8!h?&;s1 z8@FH9gv%W0pP5;C3#5chRwF<$X(=vJxACQ>zY0Pda!o*nV?npsT2}33+6d@R5tYb( zAO&sPn^)aVysy*Stl(H-*Hf7&9MFqY?wkJXf09#s62~8Yz)teS=eq9XiBZ8{H}NK5 z8e4|_Pi^-PSOeB9P?EATZ^GYVd7ggbF-8 zq~pluhfG;2=B;bWz{V~nCgxSGQ+_9DBbe2l?N`b3v+d`+q}Ek*-K(v=&eA*h^o>{g zQa@E#KEpWSJZj-&9p#Cf_7~L!y)l+Y4JlLK5uhV{*XHWgPO<_iZ6C8%#++O#WmF!j zJjl^NmY(~nM3Z&g%)M3DR_9+y!`T_6)w!NupEl;+smmHxM9*3DP1a@2mo#~tFz%M^ z@ReJse+A)#ChV zXa8$H@RSy0zo2Ct^4BF+eF3O8bFMd$43EZ|{{a*oZzQe;G362kU( z;`y6NFeEpp)gF9sDC1UGl|VWNP3_{l`<&Y4E&L^3RET_iF33IKP1E>nduACpHZ!!N zXQNO)2>Ln zp=NH<$PAdAbvWh{E;%>(c`c;dY1a|ojpW;DWGT(8=q7O^Cn~Q|;^%PRY0O)4@BnZ{ z#>(?$1~$!pj>;CtL-8S@7iu7ywiR76&&|{q^^Oe(jRUP=5x?_j+FeYN8h(Zw2gmpS zE_BzblIN>4nizbi_JytV*-c8>!+Fy!b>&K$uov7jEl4ZI4(vqHJ<)BfD!gY!y43jE zx-p7(e>lBK1^r<@tZI4bZGI5A0TmA&5>&-7X^GdBaPR=i!H|e=`cKB^AcU z%z)C>@q`k#Dt#}sHsSU-=I1YlHoH6^->{ndk`D~|{LA+VBEXqUjq$jsmXCvI7OHwN zLKX^Pqo=6QM^_lvbRJ)Wa~jzJSxV<8H|Hdb2RkDT^!waQO@OZIb^Ri1{sqc?Q{H$9 zD~dVWPBBaaldASRUf`3X0j(K>E%a_HV}2qm_3|m-cN#>A>#xK7?d!RI@I|h5Wgf+g zRPCH^wgPY0!g#1Ev{7$z!rW9RJ9bux_`b$7rAc{H?10Be1U z$0ut~fs=Yel@$qx;?H;7!MB&kmF7N-EGg!#!yUkIxrVHZaNpKJwLfJyX!@2>UIw-U z%R4c<>w%<`?R*dNfO1%tA0)gjkW`s_eu}ATI7qJKx(=PWt7|f@5GBQtDsgOb`sf6q z9#1y^buyJsz&LGj^HbB@Gq=;Z4o`c8*LsHE@Qwfu} zC7MMMFlTRJ&f48OT+tPGs2kvmJi_Zq9_^#*qO7-nt zg0{GKGHaj$zxIerHJhJRGRF?roaYaexyO&2+g&9-j?+v=u&paVh5i$tsQ6l~Q|gGA z^0`X~^n%QUdP%foQqGbc0gYROPO+dHzq*_(QoAn-f#-kRbAdFppn?ltz5Bl{o)>Qp z`+>r>aVmi6e_-Vws97`zs?kVo?qPN}@zhPCuWWl0fcTF~v@RMhs#}=*Y(LB8RwHag zT<7Gv?-?hw7Xfqow}xHRxpZIJx3^&3%>qQWY^=(y8I+Jkta#guFp<-FAudCdGTl>7)*a`c|yyix+q@M7y|s!^XZQ8*z)v%=ShZC18ZX3W?4Ne z>xHUBLJWf@M?nrKoiMR9l}q+}afa4NWs71kJ20eZ<6%2x=2n!{xKmZ>sMGONkwNE$ z>fRQ<#R6%)K}BcE=uxKUr$Z;p6beh)uPoMk<+>ril9b6x=_-HB7Q1{Ac$>E4z|*M1 zzD&nPv`{RZ)7hBpL4@Ww^NYt4Ee4zWXh8jZDGqaY_7yq#T|lN zmC02;&0UpmU1kVOe;wm)0~UDVir4tF)L03&JIs{xjXPXQ~ZOES-YD~Dvs6{ zTu)9$6EH83ag(fP>>GKET)l*GXm=+*Fp^NKwKPP1>!er>y-sAYAes(e*bHg`&iq^pR z4gKDE@{^_0TiG81QEt!4X3|P|T@g#9$S-y(lv5l-e|~VXVi*b2!PIm5nqFYMCIngy zIOXjMU3b9S@5&>*8fwTs;E`NAs6eUuCJcUmj4Jueg=CmrtEP+ZBsH8pjE-_kQ4t_} zQkl}3p3`r-!W3;fjj334^kdQhC9tJJ&4p!40; z&t2SjTC|4oq#Y!1?VpO>p4GCpjIhOMRG6c_(v&Hj3^`2fuQCSho2oHe?OcP@iA@GG zEzuM$v$Ki@J7`^ZWp4^IlxffBT|0MIw=Q-g@-`kk&w;_Eq0D?IZl$IBbvDlsn-f6L z?dW)hnH7hb5$1Czw~)Q)I%82BqPi1IOAE=}`}e?Z=Qa=9OG*kkt8TTD*s}^Wn-kr6 z(@sS3WSKq{)n2=1kR6Ben;FTkC)iJ}>UZFB}+T@9c+cZ&kSdc(hUUQVUG#wKTK zJCPNZqrzp<4z{Ql&m_O?5K-epSEBb`-E(cCKVY&m`%@)wF9-`Xu=!> zyMUX{b}zz-!j?ZD929r>kktvw`(+E16vUZy;B^8ME1o2?_DCnC*jfSr1E(sZ`<0({dHqI|Dw(Wh6FaB-)QzL?;8FtjvDaD1>^Zxvc)mr4^g zT|{utwk7*?-MwSUdXj(&)KC)+JN=mgi)`N_Z46kF{{)$Ktte#1dy4hyueTR+*jFDo za*?z>lP=lHHVfwJY3qG=|4NN|A;9CZ1<*GoGJhez++%I}8dme!>&0OW6K&N1ie`>`z&7K89Q?UaIoRlV+!1jaKhd1?3SkVW0b-kCa9VD-e zZjK7xfPmb;g>CRcGgP6p1R@{s1>D{Tsd!1SeG{W^t3{nYXGja+6wDVY8WZxDC>uHP zg&%)Lt6&8;O^fhGH;>@REY^581!YO!Qk8n6(7PO@f6D1g+t$aH^(Ro#)F#?~D=AMS zaFp7rr1W_lwr;FgS;~fQon8^AW$>`;IsT5JyQ`L{tnl`^!ME_JH#EUyAaw)3hmOS7 z*BLOD#g9@sCZtuB=M8T;FBkrJzXx+N8cU2Lv zgU&6+w%VZlh{Aupb*f&ypo+2Hvk-jUoq5#a#gs_U7zG=20B7Jh**g~37rdoDNuX2gTti~*@EyYh< z!#;ENunXxTbE=U|-YS0@gyr{DV`Y1*x*5Kw*K*iBamAN|boqi0&~K}# z&Q9d5zZ=DUFr?nP?7oV>dKH~8A#2eOA5G5EP@w3xFHd6I@p8c!;kDQ*EjWiSCE{HPZpCAm!sX9HWbnIYb0`5 zY04_!H}($>1RAYi(0;x@tfDuM^`LlZjYKz3oB>D5q-Ho$r_{2Jx(?T5EIJtPezTfF zbWvV1Fr8dbrbL{jrSSU=PLQ;Y_U6QoFQH#}MoQfFx5Nk=!Peq<3RnE~| zUqpChHIN=~Mq3bPrm)#n9aJTB-_2^jSG#adcw#wLd?eJ4oo?~OuxFMYCun|B46rlG zKzbHOF}2#dOesNggV)0)e_tQ}ESknx07Mwq;T3-ekbi*15t_=Ec3jw4UczLY{$XC9 z1po&#kg*?X05#5i+qF`9AO>}xgSTmXF-jf=waK)$ZfLg8ZGw_d4^(Pfo!`ob2&l^a3BS@+R?vc3rANj1>nh>Cve~wDn?pSo21D@isCmcq9_ghmY-7H&yEGs~+H^$-+&ir}LHaFtBhsNk&lu{|~x^_r)iOW@g0 z51B2#FJsTNx65Km&d0-K>l~6lU?9CkFvm3d1MW#>ja=VBoW6Q*7EU{^#x85ccqIx6eK~>YB?X+Hwlwi=)dmbgyQs2Fv+9ccM} zolBB-I(WTwp6sn~#Jgol$cGw;fgl$CAV%9VEO+PV^`0LJRKu+KOIH8M)`y2qw3Wq0 zCbxstl*OY!Yo;{w*MTO(5Bn2*u{xuA32LpmjG%sbVKqVYV95@(#S>b-f>J}(_=t)R zH~8i4i%}Kn{8Xi7A&0d%7WU5uC^8d0TQ)i;_eCc69juimCzyxv$cpPwE(NjLcQD#_ zl4vm__)ncX9LYeORG@x2h|2~^{qeM_807jRv;qIG;pCqWCrtrVaj1Q6=k_l_=P8zx z&WlOAlR8G}t~HA5;uP5FT{jlcquPd3lDTl3)ctOR{eUYg!<<}55GFqYkd@xs=#>7YE$I8TpR@;{2 z3*{$>y#4qsa1`rhZA4eONHI*KWoP6eKq8n_x8h@%NRjU=N-_!Bpo~jmbRRM`j>GB! zjLko}J4{L0ts59PL0pkR(~*H{AH&2TL0*#(X$&6k1L7-9ViGsdkj=|?og>_I zHaaU;`^v26+Une7Xnm=>Qt8W@>A)#O=ZYIjB$dtgO{sf`djWblx<0q#hz38}f1S|# z3Cf(D*$O8$b90keQX-JqOdv{DTggGTuTh|mcV`Tq%?4ydI0dufg0h|o45UsmyT4b@ zUx`Z7fe#Ap#N#}S9gXMpU3EEbA)|ZOfr2F&ig|2xJtyag4_VB} zOo3g_4;5ZCj+}+e&I942tl{g*UTI?Yjj$TUw60?r!u$~lNqy&rJv~1`*}0#pZ14I- z%`GWn%ZPuqz#u&%MjT>kn=csR^lxplAFc+-Yl@8jz&B;nUg>p1?NNnUOD#@&+&12V zd*o_@-%9ez7U~u)*8yAp6)}#WBwtCp7N1y#CZd*DNOD|- zR@Tv0sm!Cu;-10WJ?wbP9^r<icOu8vGttVCpukQ>SRr9O%vkBB~J`D_cZA6)B2 ziA`)ijn!GH#`EfzZ&xtL@kxbwKYm9Lk}vU~+ywF%;rv1oyP;G9kfmXCLgKMnT9jX56chbfZ|68brkDfgmP!gMH@9Il#j}Bsd{IHH=eu#4^Ux5k@pcYRY;H(an>bLEIxMlnE8{sAjjb9|B@M z{oYZ+-yu;Hbt)O_zjVI*fR!S3tUHU-63xHr_sTF{tt}(7eKo6EG%&zTeo4SUu(eA+ zHV4)Us(OCu>^IZim4G%eI%D5AVXaqdhk=j3@LOYzY~0z3BvZB8Hi#1x*n;&5szLlo z(nJ2B7=s2>0l~J9gCPb%!?k=$hhLlou%s>$IY)gC3r@`2Y|!qK{R5)hZ?NZJrWG`8_{AnB~cnM4;1=hHdv zx!w|rRx?=ZokvdLeH}(be%8@Gc_53I`Rv;FLjS>^?tl&`QH}<(I; zWsC(*kc6a}U@Gnc*0JYB_8||9X8>kcmw%*}g%=ki-S8D!qd=d&axs2i1tGM3-)9n; zb+wKdgD_zkCSBtH+jA-Bv)<<{#3Cl4w}>X47tDdwqUdeUhT`$RsFQ^=v4umVpl!nB z_trwMYR)Wn9KMv8>!jjR##S;mmqS|0VR^2^4PGla{(M(v~aG#Gvo?v2d*B)O0y zrF{BDcHZB@B9l7ebCDO}@8Eqq|o9>xbQm zSWUW^f9$8#_en1}g&{aKjk)&08vZomXIdl@6$Ba#_XuS>8^xpbeJ83=##t|%wGskS z!$7e{{?3!bNoubAE~SVYQ_g^L!LFm%=_R5z?{5&Lzw-vCjkXnd&w4B4X5ui&LDY^t zyc7=zBZ6{0K82sb)>+)C@Cn2tW+Wl;r#L~$OEqeO;XZIz7{heNi%Ucb(4K`*HBMTW z@R%wJlv`bvtM*^Zj)33FK$&tH<#d|%AHQj!`t#7bo=ydll3G-6MM8zzdVcfFn-Z>* zP}EtGnX8j5w2h-!mID_LXJF`#Oz#cWC8!kRwBx_K#xKF4E^h6d&4rZ@oTM1vB^gI~ z{5g$%BNW(TfLix1LW2#@bq5W4oBkj^&4}}Tf>TIn9l|bVn}E!q+gW(AAB3gfBkhd> z&7eFckDLY0z-Cc9?-oHWp&)l%Sj9U-A7HXF6Nlc7!u!QVb~Wp2C+#b0MqLf5u={li zTq6*Munpk}5cZAYo=7-r);B6j^71%;sD5^*7!@Bb{8PC91h_}|mVzwClz-`6JINrl zFXWB17eriuYDSz4w}%XyRG92T4@zLMoQiu5$u5r`(!r`7Vd-gYYtuWMkhzia1+S22)WIgh{HV^+5w zbgN7ERl{f}mLNBir7%kyGEbe(fsbk$%+$09!#P1TSOtzj*;V7P6T)o&T1lqmHtTpZ z44kimrZ^rPPwNHKx~SZ!>3stxB-0p{gnxu=Om#f3Sq+DReM2*_*04g+-w=Y=cWkX< zGGHsmDY7-eEi29zD^UZecwG3-17+D2%GsOwa9p}H94i~S+Og=?qtKi4pC2!tw$&p% zcTs&Q+QAgf;b&)X_zt5sN=k~4T>Ajq>QqZ#ZYWFPdo&G}JtR#vI-;n=@&$A^L7|u` zNtE3OP7P2$NDYm22--sYfgiq(Li-rN13_z zAHS)L`g$eI<~)xdgb@ofK!E~jgfGTJt*fhD7cI}k@u5h8KPBP2Mp&B}Yj~G6>G^bS+>A(d;cp*!D@bVI@a!onl#2Cm#lJq5 zP{Dsf%U_u}EkF(SnKV&so%!8evVKG72ap?5AYI&C>nNQ6UFqQW3?|k-B%$JOX<4NEJoi3? zkacYwT^P95mFY$OZuiL+u}aC&XFuJ0^>&U2smGU zIDu{1g-Qm@Ry-n8D@J1_%U2u13=i<#8r!0kPG$m_iYxWnJ4_|)2m!XJ%?Dn8LNU|t zbeIMP-b7{6Z>v{9-x63lm563k*r>7Hhg?0=kyqbd^3>Wc5u@BG8|A1SaeSD*%bGX= zNC7vX`g5rSm_-!qAZezwuF9{m+ui^9~*l^hBI`bJ0b!pgh*f{U)u$~^4cUtTZeYx;J zk>)-l*K*S#_nfX%Tt1Yb>OJPX=tdnoM)R*`uaMrNvTNZqSOo_PnS=fqm579Ak7_il znS0UjeUYS46Ka^_&+9}akN0;7b00!~ynBS`;Dn9SKz>uG@)9#nkXu^U z>jYS&PLE8qXqbD%ob`-j{5Wo$t4^vH4k{%ewF?^!1)V3JiBlx}(0_+bouWs&P}y91gW+HC7xRUe z&bwt1!J$YL=#>--RI0pAvz#G5pxy9SQ12*K%ug@e^&p#1+|<`I+D;b}vk%CggoXUNr3she?rNRWANhPO<57(wkU#BiMqT<`+ zSA(t685>v25xw^W4nhIGtu}FDs|@2y^enH`%-($RW~iAI$;1;J7uVaol%ITHeBgeW z=oC#R^Sw@QIHD=$z5*$bXOAqEm! zuvbvlOHg(;C1uhq9@h5#C%Uev;1Gu5urjejo}et>+YR|o!bNhBcwG(Y5L2j~z@psi z&m5{#2*KCwKJc_g7zh(k6?(TG*gNkXFc+A~9qOU)Sl@|Iv=j6TAx7MaK=QTdE3(DU zsoX2Bw5z1#OV9GbJ#75RqY)a`_n|qg(TL?^wVN)MEUxxoZ}+B&HZyCivbkPJrLnAa ze(I<`S$Lg~n*WT#%%%f}eu7+F1TVPLMulYqbUpC+CryyK0F z5o{$5>(AZ)^G$^w!31Stm@c6IAm`p9+&z>zQN%Q($=}!*P5QuJKco{P`5BQ|-rGCg z5FI9qsy6#PEqh)~1<|mkMS18Qk?!w2-H<+K)boG6zp4uy#ilwP5=a|knv+;?Y7>P5 zr6i=+RD!r;ppxXz-y>l=_?&<85*!MT_1>r^{w3K`6)6fnURHczmi$WcSnL&XL|`JZ zc4s5j>unC{=Kp&ZfWDRehzvFSU=2;ge%vomWc(RJM%QG5q(KqRF7mmBeF;-mY|(z< zXsuy>`9|?{vN7sV>4Qtjmk<=FM7HDj&?cLcFELK6*lMhO$H`It!_-4{HRvlDk*RRE z4fd7|hN|PMn!_h4Xf_)?CQau|E~FZMj;2pl4CSyKao~2KppG9Nr{cRe5uU*<5yp#D za+2MpbkiE&^q-sW(pown25%WC+`*1{+bs@^LBa1zN%Cdim*EL|^*$hHeni(xIr;cJ zk^0q_%t^L<^xVf-hW5CNw+Fv&XJH;?#cMb2-Zd;1%ip~82%F|<4!Q#ymZ*@?QJqg) z%TsNr3JxV4yieQQRjuEp1{vCH4{Eg?ZguYAolmW9F9y5r3>m;Zh$hvI3(Ii-{l#wL z{D6&8ry2j(E`6)>1fUnD<0obAtp)tyKL)R{q z58*kVP8;0PvT-Dn?qAjzj>gs+T!;7~#Tgg`FEp?x-xOV)mkk@;%K}GVg$JN;%u$Wg zU@@>2>eX<1M-3p1L$C`RgF%627C0n!5NuV~65G~uYjNSX;P=Ae5aQ2R_T-X;LF72y zWcUOEydVAQxkchkUYN3@ZCoP|@^J^RtCObM-qX5d#4{G0Y2fdvARggly}$N0la3g?2NY|2>BsmrY znw=8`hh9v)r;%7oBZuwSP5LKfS8+F9PNb;}Ee>z_UM3%dZwgi%CPh9POvW&Wzn7Dw z`ab=n2`$+3e(oJ@5}uMeE8msH$MDSJOXsD-`{a5b_)YK4iD(4O;6l$qM_u7R2(WW{ zAey^YZrd&YYh84x^QxGFOd^e-+vxBv2PKi{=;lVa?4m_s7rvYCg{A*7?9ZoYxa>o+jfZx{B`zE|*4cm)LUBGY3rI z>^`r2zmaiAIG-<#-8Cci)0>z(_k{x#5Zxsrt~HkZxJ>Y^#&Cb}_=zMXp@Rnw=LQJc zL>%Z@=9BO5wdw5^GLffP-&h_n^%+SzulK0lA9uc&h$Qso-b;=7Q}QF)k@abgo<>KO zgpQ>^S@Qy+0KkJGG4VLfuGCE7gV9kDn>e@gAVL3pveTk=(VH8$~jB2 zoBBfqXF9yO>luA->(b`>Tbl1^46YdtUV=90^Sg9=GAV&E&hK!7w77#~ZvX!*sz*yx zk-NjmY{!>6>$+v0$zNpi$# z4gp{9Qr4scP@s*la%&+-&=n3y9UUjA*5u?19U%E+|7=_?o_PzJ+7C{2at)Ll;>-lO z*G~)Ov_}!W`_2eDDiHE)MZb6z?7$?Lw%IL=7$z+AT9@2q^9!uj{7`Lzvmp+JcL?QM z4-RPr|94DVsSwn_&C%H-|qLcedYdY&ED7VYjwZuk|Fk#ksIn;ijuC z&m_sG2RBftR6^c|oA}5{yum@zi%NPr2sC$$F5DpJH{8)i&%2QB`C|V}JldDF$!0o3 z^$&e>qrPzA3vU^vz`n|VXux~eF)El@ajqCL_#|G{xwBldV)gpUBz6$9R>h!VI#bvV zi3$Wjd~MZX91NrzvJr0hVMz8R$AaN@pKXwaZ4>(Sle0q@)@41cT)}*~#|5dP*4v7% zmFeTR=BJoAr)QyM2Z@twfg)ZZJs zr^C~Na`zRHfKNBnSp=IW+0OPSc9+NT;1zC(MCxvvDGajBT686Pt|t$&KHep0ZgREd z8egy|Nj3?l#8Y*TQyE>Pt_;0;*_Z#c9h(Z}sDg$k#EPJO9Q`q6XinMQI$ zgSgPkT`k9}&YaGjcc$<8b}lqxeXwjb+sGx!QH^1#!Yr@A?JxsUZJA>9@8noL7k_ixi(ltDgXf~cqSr7bj`7yOQ%`21IA)I1J^>TcMB(pr0LaimN zuwO^lo`i?0YV`|&+s)!@Flm=gA_~+y^7t_#`BhQN?wxFuja}f=2;DhZJ>3YFkc6qX zigEdpf_VaspZizV?l8D}0+4h^@aFC`tv^uM!8XOSDFbcZP#XhCSd#wy-w6wtQvSwr zdglrSYTelC11~c^Dg_9E<{Um(tkx{js)SkN2nlb-{Q}X5z-vn#!0S2iADmsP48Ndk zicj)?utE+#{EN#Rua^+@0ZLg8Nu6uc0R>70|3lt_t43oz!PEEQJahc`54=-{)>|CP zSF6byw-AiAY3VVsM1PW+V5sFf=^p(RAC`sdus&MO~)h9+YHHB}s zMO9pPaQp5qMYFY<2+9e-MZJEw39mbUS9y|jXC?c)F4L5wrc3s2>xF-A3lTv_(+H{{ zRNH%J4}WosWp4@dJ>e;(OHO+d`HJS6s4A4 ztXUE`*9`J+#`Ln}yH|2FF|oKp^38tue8yE+5S7j4z!W#QnfM1y@3GN~%GhG>Up>gDW2zdr|Jd3xKHHSwfCE zLkWs=8(#YC&HQH}U4ca^&7?w_)AztN(PlnVcGL<6P#MuaKSH0%J0o{SU`YFue3z#! zwLoLb@XuG#&c>2N0k0AB;X^)uC84}P=Ty<2d0&-pja1t|vESP`roB63*~lE8I;?3( zHpDWnHc>JkpT^G;tmlXkrG;`PO(#a7_f3c|yo-FiO_B`0i8 zY~zMIf#{gJn>n3B+;_xy;44K9nXr`++)Qj)GBenBGk_qJkzCU~Ms$(=|MB(KVNpi! z*05lZl0!;4gagvuNQ`t0pmeu%H%PC z;o^Gs-gm5ft+g?`b!2em1{l`tSZgV-)X%H>mhUVt=g{{0YInWYRB}&Ukp`O7VC@8B zjqE!mj|cqvc>@xzKYfvNN@E`}C?%PSpS=2+$(hb3B-}FPeOVP%D^ImOcOerJw{^^L zfBuVrv4r_#VWHCp9m+x`5@r?>jAQEiux;ZZT|7>W=h!&=OJ$3}?f~vQiE^ z_B=A6dx~F7GiNiLLa>wGg7PFl_9;@G)mg^8kz!t$;v>=#$_Wg0H!%pg1gB#uUTKCP zy=2reHRN5)j>9wnLYyoI{z<@>*=&qiN0L{}FRX_vyEkWRN!W$dGFmY5cgL_Hov{B4 zs4n&kJ;<2brzz(Sm4;QQ$nbjKrFs{;@2R>6xeg%Kvub$OHIe% z3E|O_Q{DO8Z#~SGx;4I2rEdEzwts`ITcXRXN?K4R+Z>$uCTX$4$mhPUc4%p#F;2)x1gB7I>)-M*8|VdhM5+ z!3Q$4U>-E69Aw+6;kM|&&rM$x%Izm~S#|Ku5&aQ&&}3(z0N;erRCm^!Mz+2yid~<{ z1BdTH2=J;kGh6nSVE{%D!nv8dk(;DZdL(qvFTSN9_%Qn6D?R?6*_+OjKAb2ObZPtV zWuvk#LO;I?i^__Bw&?1lEURjr%uu4_&W89-dN!N|`Pd$7U6hRLUBLBy~#ZJSM zXB#`o6=R6T(NCheRc|#~za(Ha(4qc%wB+T}ata}zifxxem$5VSVUBw%%pc)Lj30)$ zVOygx29H4SvKe#zLHP13APjIqkM_Q)(JMU<8yBY9(jH5mk)jgA^|P$ynTPupgu^me z43mpJwQm)zL>}ZeBaRC5Ubr3ju=&wfil}-ugnPxtX$Ge>of7L-}0&meX&D8S6oy6-d4X! z85$iIFWW}nZ_hx2wQT+}d{MX@`_+k@%&NQhy!l$zEw}LQv+Uj$(UUZQOF_nPcWiP{ zdvxsTrPg*Z;)7DTn8O(L+mg{rt(k3rn?rynoM*uY1>jWN#wRPSd5ZxQ209`5-xBXf z)LlUURuIrb;eY(s-0N0{W_Mf=h-jL9@=Xg;_;WsGbN2wl8Jp7X*(JK(ER9aE#OJ}F zlOfTEKxEV^H)3hdj7QChM~CJSVNkgmX(1;EA|nSS>_7zIWY0n0F+ZHTx5$~jr7&aY zi(EtN>7>r`JP&U?50peu2%lD@hzKv8vaExY)|#l{lyO&v0>9W6*6>tG!6=W2l(L*qXh-kcQR2ub$JBPaTdHUDlIvpla@73}mCe@Pt}5qu->P1MG$_Kl(A`T& zfkwHl=HXBz+iSn^!Gd}hkrBGmed(j^bE>8!;D(pohAW{$-|1dT&*SgJ>F36ao{T2* zeE+Muo>`?bQAYu5l(LwcjU6aH>@@SyT-WTAPJevP2|x0m-3;3c?-Cjv)z5{+2DJQC6aQ6rT7_TPtIeccD%FWx%NT zQ!iJi6oe99QpLB{wJgN}t|$`uJQU}0?IHsY=RrkA0Y2`PaLH(PH1m}9=)^=9l;lEr zuhzR}4$lrn*6Y<($wSUA;oxBVFR1Vu(*>5o9g`O|ud@_}abkt)ITsz7PB}J7c8$wLoEJtLAK=^zwe} z$&ekwUJ!TlRsyBOG`r<%vKupxtF*F#5PjVr934qX!R*lxQV=w^#$YPBHj2KfqM zTfo>z_p6dqPS+Z$Zf1$uc)&^fNM#*(NbfmY1vq|p#ke$bGz=#SCPRY$6o1GSv)5aM zbuGrg|IKUy{vOCYoQNLV#5oRMMOln}ceJNwe?MZ(V2VMIED$B+>A{s=7yp*V6laZ4&KK!V997vn%-FyQI`8)oI{({a__ z-7#ET&T+H8zg8Z}^4kI%msihb#ddSTJ_-$Lxeo1w_xkb~Q#AYK)1t9{=h^VS zM^d&(?%DP-FKs3mcnZagc5Fm%Gj!rBI_>mKMIc_sjPi$>plH;I?=& z#qJ|w6?`V7Ju>_x=8{A<740v9p!U&teBN%yALU`#F#n9tTM4=P#!UA`ns?pw);ps% zQjlZbB&~Y{BGyP>6DpiTb<1u&9ZhJ{ho& z;C3ooe4$^%R)e_evi}76u<2Ev-&~) zhEC$%vq4>QmJu}Vd;!53G#I>jRJ8C)yVN0^e?=kTj3)wj6E-nPolt^R<%8~OcZLVw zfAs5dMITDhyW90d6K#No|Dp6{dgSt~WZo@Jc22@!v9ml!=GLJ1M_*z=* zVGj?#Vw+&?7%hXCthI$Wvz7XH@$kBKK}1VETL8uYRCQt}rPq`mMBb&+5paLGNCf|o zz?C$k)7V3k<6GyEX&)!)e=(d0khzIsN8yqw&kozic!w};Wgs6oN3unKt!CA1-g*bt@ixmiSc)~6#gil| zRVR{8{c^3{10xgW2_bDmWmo~U#Bbb28fvY8xA}1EUc79FoobGP0s#pn zN3MkSQCi_8DIeK^NYx;*8i^kvM6g!BDrolB>(&|%c~yGMk{Y7&skCmd9lQ+zqKXNP zH<=btdAg74g~TVJZWJ$?oO8Z6RHLknpdN>jJu}K74kK$V_e>ER!KD%JKn-%=&!%!N zmiNx@>*@}sp^O*&3fkeiCfGcOQfhD<4F?VXAY2gL<`r_q~bE6;)u6wuD)HZq^hO9MgKBeRspVg)1ZH$}9?HT=DuE1~tJlr9drjlo%Z zEq-smhj~AC7v$y))uW{7&Q|S5IlJE`y+7XO%)9z=$RW3Wayd$ka!6BK^L`+^on>I| z;7aB(<>BSQ(2$>~(dAH^y&xOsM>YzU)nISf5r0sgS`u8{BIm)Xp;r7eOZ+-|IvTPSa}AJd4^Z*_Mp$xVJqGU7pn<9gJ+;PF@3Mw}j?phFt2 z1W~$Mnk(<*ZMe9>)1`5{3ZZ9su#6q1n^*mJn#!>j0^GLqN#B_!oRWlnP>3G3eLKD; zGhd3qrX#5|iu8-$cZHdfhbUyU`%&IvLj=!Hc?5drKaDX@FHBj^qCC#gS86@(R-Qvu@A(< zG)En)a_R`;niuduL}tlTG-!7g`ITe)-p~X*iuv#R#;z9FH}gzv)+~R2ro80It$S#O zgWvCMFGn?fcK-C~sKU$(-|dAxWg2~O=z#S8`v%lsatTV+CGQ;61iq_@#TKwV zS0JmEUZ6~vuulyhF?=2L;kEzyTg}*1+Srs3?aH1tbUM&_J1?ng?DFkI$gAvpvDmG= zkrhKcSX#WNb>+=DdT1Gh>a?93pY> zm7RBYN?}Sg1OFVuhBP470F(ABE13}k%ncpD>ME2zAz<((UKs*fId4eHr$HNqir#A; zXTont1Nz%mz0f2LV-i|>3P}6r_jl@b0_YqRHrm%uZ11+p>|@cOugU2!N|Gyl?MZX? z_>U`|1XFqvs)*dW61%NTwcVjC@58z zqedZzYx-@A&4YU~Ofr_B7`#~2r=LiD*uQUKK%wY9SH_qvj^>n~Ob|aGJ^h@IZ~7rN zgohq*$lk1sKyvFq z?I3dUTKQ?V2yL2xfZv#(av3?hXb{As-NFpxN0XC;_5l~4S$$o}hQ1!6pq#^O8g#T9 zoI7uBKKus(H2k00=UuK7&>)1lW=B#iRRo>>0Rg`g9ms<|4-Pq{Oz{A71|A+fxb87N zyps2>gNV&b29So7x>WxYcmV`NTME(^0)K6Dar`{R01|{yo5!MyM;V~$ew1F^JZ7~l zi2r&B25C^2MT~t`8vEkW9*mzY62EbKG@_1uVNQBUc{tPQaua@~Geh?cJ0yNw zhuJ`3Khp8o@s~5MqqrPTHv|2BCwv1z%DA+dw%Wag^3wSuB`{2g zQPX#sSo5^_JCSzf9lZ58_pv6zE@xah)S*;o#EM)^E^@be&-dNefHq` z_9<=SaaBuCq@u8dTXyK}iu|r#Q00WDrd-?=4|SqLc(Vc+cSp?8inY6s@<&>nT{oMPx`qbda*vS?XLqIr!5L^GSl z$**$wdzW*gklN{}Hy)>dG`8`fWJsP};b9k=2qmHH<<9F#`_$n*UF=nNc(>%mG6}jk zZokA}Q~*KVL{q(TXLMd!cKZ{AcfEn20`AqMWEIHYMooIBi5b2}H&m8*!~o5mX200s zg-e0i_d?KtCC)CoFXf#COLvQ_GcEzTJD63y^KR@C#G ztb^c&B&F)A8mjEx%afsjn`Zbw%KC*r^0R}9%pvW+W<(0i|CDSak`5M)tXxqX9qD** zQh6tSo%?auVX;u06+GjVCl(Mo>J&qOv7Bj%exVGhEMjo=NU^N;&faQrKn-_B*^3Hs z`_Z=c1~nc8r=$0ynI#|Fu~wbYVZcsMGEc8YSW$w4#jM0(`>zH~QV`*}ikP%HQeEPq z66eVZ%qEYUh2C&W_K`a5`RR+6pU_~Ol*NX+c;rkQyPxMcCH;C z7ICL`Qv1m!E}ZG!lA`CBQjYV((NvOp!aB1YH7n0<(M9*ck#>;|cCwA!>TbFj%AhW8)am4&*?iYdUrqs z2m=X5wP#=M;O2cKZ~J(H88?K)9&PW=dntIyv@}$D_+FrXJe=pEY1-qlEe!oyzdkU0 zz|y?R_IYj&FIPgx1zop2;|;LO4%pqdM06VcQ)|%Mmx-}3*N$GH^c>MZDdN#4HFdOg zZCB>k!9Kz~;xF?#{o~3SN`97?xRb2?9`9y2lmK(N6YGgz%em!69u!*RiFillD?FQJj1HfB& z_SNSQ{8r(0c5h6#{`AspI=l z-%>N9gA9-5xcX^R)Ir?jCXU_Rx&`>MkZla8xS)kBq_S_{^`)ELFUQFp*7}eFiA?7) zO<=k)WSHj@$v$E-x2t;=5BJD$T0DbXP77L~L$R(j7-E?W93t!4`Xxv(gCyBVMMAy% zBw6wJ0{uCn0>c!V?e$ek<*_RrE*jQ8TH$sdM& z*w%J2M(vov%l8TG-2xY*r!As=6YE_Q>UwsDV@!=ZGX17KJLPk_ksGIrG1_h879_uC zJz>hVzb|qea(c4I#mCNKOxlOd1;d=C0zXkOmrNf18l?5AR&F;ec$U1{5u45V2`Kk4 z*R$?GuG~Zze5Z5DS)Bp=EL`%O{|_*C_!#NM7qhKh;&dG;fHsO<2&l> zH{dMUng$juETU(JsL?l;9qzt&db%lZBgMwz@pIhLq@|)wdDD*6p?RActCUMqF`pwq z5w_`N+Y2p8N=^qPzT>zwAQJK$+=Ior7W716{J--Ir@H>M3oHF21z~@~nOi&Fv}T3$ z_BH2BbN-p$_H_f%F->0K_yEy#^z}f;1C=@G+2rsmHl~;DSB)9HvM&*3m~*zK_niG9 zZtUw#gz#(p!Ob)Z;XU+zKZx6-^aAQU zHjPaz_!&97)oG#nPN`vm{nM&-*NUHY!351L*>KG-UCk4sq3w}9)zPJB(775mu2=|3 zI2F+Vd*l}C(=sDs`{>U&6koLypn?fvW3q=<`Pb@Z_SZ5onX~gJ-&WJ2jKkO8q^PSd zPfzX8VB>7ES(Vi~$n3s2FG$3(Q6h7zs*70JTu?`n9Gxig zD@r8w;cxNBPF7>B{RYR3_rISW=}7tP#i>(T`EYS~`G(9MU3iorS{8qD@^vq?<8tsw z6fTE0Mo%(+$5z&1Ulz_El%qH?aWt9=MVCrYm|nytaBwS)X(xS}*HSMC;E8>Uyqs_| z_xl?NW64QvpO$RV{hLch-zqtWmbS}{tPO9^KiV_eagF+TU@psj@%*QdaE!^RMqE0< zz(Ca^c~i{%s$1>vqfb39d*vmA{|5{7ImUw*Fe>~94OAA3#g@hXE4EFAEFklTA-gi! z_E%u%&7Whi$8A>@gb*f|rEeILhKDM?+R5~5~7RXNp8^Xf)8)7g&qg(P>TBqOPu_TugQ{M`&)jov!_%#U?x zVWPSe1xL@f*lKgSsJ*K+SEjZ7)qq}h7DIh|u2bv|Y*XqhF(jKH#c$pK3PsEjnfZtG z&hUE3`8tr(;n^cQ^JjFvL3|vU^4Sf~?3TLZMc?F@yu$CjNi@(~KqxugKtFDx z7CStUPk3aQnW@<@5Gam-=$g6L%R{(_n`8{kgT+Q9P5Q-oY?r3SPlzus$vGF@$@jXz zX>)n9qW!WGF+OWFbUqiuN^ZyQ5+QGw=mG*k`^QKu?=^OfsHndcRk~uyE`+EaZc7;u zYnZ{sM%ZXF?&fS#oZ=^rZw;CDt9-syC@5kR`dJRL>(bA+_Q;_&2+J-f(Q%Y)+}nV&xO%w?u3|tB zn0f5Ndi3(&v&DrjV`E1wbJi}->1%;#UN@pN)>H;Rcvw8!k!zS0;fHrzVPd^Ps27hN zVXG0Pmai>gN69ON_S?;!*cmm!)lyoGSASg4y#*>#EYb(>{YQ9kZY~758$eO{Ts0!n zseFgUDL}6L*W&V9=Ep#UwPYdrKhWtp0;KftUW?X0dZ`rBp44SPnvBJYa{#Ip|LQ2<{DD< zD2_yP-e@JdD4fwSGKJgw?QgA$smg)e1PP`nBjf0FoA2$}@wy9)Zde8N(O!7wyU~Gk zR?$uxAfBxif#CGwhjETsp?EV7Ax19SC9%8bbLO9V9B$|)W}%##1bL&?sfV4`b?M9( z)(=+E+!YJkg81?VoE6ykK=d$X7|~C`gPF&KNodFjNe5>3mT+vTh5E{z(@8ni#huFdiGBMNDOzmsU-SH2PFK8LU{Eb5B4R?wUisXdo9R<-UTDsK;V_Oc9GA?|h`iCEI zBZEwwBGB;R9u>sOJ(O*owhyl{1)ZN&jCiBo^u3-Nd8`*<{=(Xpf~#L*r%s|^>zR9S zi~|-2;P;S=pbq7uo@173Zz%DgbQ8wDc&b~RaDXf{5FH&f9u0@dE@5G7z(U-OrG*y_zJ$n$>V zm$ND)f`Wvib2Wg^t0<<8cl{GxtxvSH;loAH>pF$(f`NpFqc-IGv#=ZhkG%XoO>48f zthf7O?cUEfMQhm`(GP3wP^DWB7wM6^ogUMloY9fv2-?!wzZm~bvLGUMS<``HN0Vhz zDTkf>e&F)=xQ3q6^>W{1Uapu9(x8c=xdRm0*HU(kmkXV&L16TdTD@OplP)ZJ!0b7n zCI0d_f4ucs2#cpLi~HPxH%bfl^>a9TVdf*1%G(uKMKxuqm1LD1#KVX>d&@*58xo)* z;)YB8HBkxF`U~&__-k39@JDSHf9h=Y*RI^{GwSK9cMI!Kw%;^3aCQ*bs zVJY}s7ZOJkQ@EwizHXE0qX0@r&2^Sx8y?|3-EhPAPitJz65r!G4$9U|dAz`|R#>r3 z9@&P`%v=`Yvc~3bUT~to`jPwW$m-1rJ1XpVWj}pZazZv@eswAkFgGKSm$_^@X`16t zOITu$$K#l9lS^=P8x8_7mrkZ6A?M|PVQo!7-~=IN1j_V}zWRn-&ozoPQ%Q(25kgmb z*&@6TE&w~S7kzyJp~jJxO1tXseNyepeON@;tKilB=5AKl3z7-&jk>&{w86?KMK$s=e*4QJ1G08lB*(@dBQxj1bzaXz7co)q)%Y#ArN!s@>jbZ0Wj;9*6*o?z9;zGT z9!L9n?JkXek}6ADPAzgwQ})X}@f%p^tD|L20ya8I?~s<4R$jg)_D^}-uymr_JC2Ay zk&(3r-hC?<in|pMn7Og|0mR=YQ{=IW$^H=-flY( zh_rl*aE#=hc=ihwJ2!?*nko(R#(FJWp?!Pngo!goR8W;jMm<|eHQ)76hfYh7FR5e7 z4v$13Y7rlRiaaL$Ut^MgURPeS{NAvHe$~!05nzSq9fl^s^C6i{MIgHVT2g)ghyFah z3aLf*tO+5mH`OarDN)^U@}cH6_K{a)ZA!*CHwYEp1m570Ez!JKIo52WP=B-?Bp8L6 znK2?#_H>80cM@$akYQ5Q?cN0a$?G#ho6?EY^3^2`SwRaW&N>H*u3Eje8p?;3e4Q-O z47$WHmJ!cNE)?LVLOXj%VGroR|AwiUX#3D!}JuAW(7gdzsK zoTI`N3GfEM`@51u?h(#HeYiYB&J&Bawnm;ih0fm=1K-r>bQpT0ZOYO%HjS;h;fXTy zeN?6K&sQ-+=;K@NS~@{u41Y~ZF@#Z1bLK(to~xkCu+3XJE}QOVzVL=WKQb-(v6iI) z7bjq>(dM->&C$Rn*%uizIB?cJMKCc=?$kBBF$e>1-Di{0K?t9-b6GQfYW3+Ccaif^p@{nxEl5QJ z@U!Xh_?7)Ptp@P(<}{#;DBH+U{6`JjoYXpD8mfsG+o2jWqD|_{&j+`CP7re#1XiNT zR_g3au||i!*B+X6YGQs>t#yyOX`u``rU6|sx@<4|(1OM-$wA5KmusdZB25+kmR3B= z0n}1arZ~ePxKX|wskv`OEv|0CjftcRRpi1v8SU}Wm_}BRdKIaI{W?03bJ?)~cfb{u zne!qu=xj=lF)@Eg6>+xDK$ym3SK@(H1%ea4P=oEU)r7>K%hRy?N6~V?AeD2hA$V#D z_?P$j{QkEd^!(DI^O@u=M{R5` z;cM6 zovIwH=-Y>sB0DcL!=GI;L_i|s=;IC|k2(Uu*++PTF_^bOks_HaIdi+<)Cfby#CGaw z70hiS1SW7W^tV0SvwF9+^^ZPD ziwb~BF%D1P{WYcIAW{F!(!PIgp^gln?5Lv!k!O7Q$p&a)#@Ms-N7wbdv46e$@!H{b zb(+)ob;j*5mw?7?juu(FxaNMck}Bhb-PJGjg>?GmU74r3a>xN+U&Vgvy=I3&e$cPI zf1Y00uDOv{Tbs6>mpJHvk^ADEYFP=`!vslj9dX%oK+zT^PN%Tzw?aS<(pe5W{@|V6 zJ2a~na2s#yvID7sr`YPYC3fGWSn7&ZxZ@|fkTAjD>YNM7#@MB>FFT-V%sgqK$kR@= zLl8$rEvs*n$aN}E0j67fgfUpTxM*z9A6Xu@Ju}{2Z&63FzVZb(*1YfjFex5IPcJUV zGTp-&Czc!0`NMf^;gV$IzC}dx?%El{5R4KhYVdJr=%Ig@UYvo8LzFDwsG<0qEs%4 z2Le)}LVqItv+C>MX?1EUdCqiduEw6iZtxdW?_VhNV!yIJs|SJ4!zZMw(1WT;OAP01 z%JMu-Ipr1NpQL|&)ky!@DrvCrbU&}&Vb@+b5@=@WR%9mx#rPsOj(~4s=5X!t-s*aORP-? zf6S0gAO6aZk1CrGhkm;-JT76+vFyMa5>uI#xsfxrYCjEWPVHsOEoJCIJo%l23UaAm zUf;x$h2SlxNSmB7uqWb`IfG(JT*p)+KfFKG>@fcBo>^7pt-H|fwZGiFSM;@7tut4( zK9K!pApG$zh!H9iCxO5z!?(d@y{I62lAX^KKc^@*B8-?x6zB1c{$^HwOR?_tjmtM{ z#{BmTuZVoNGc6ukhLPCFjoI+Zo-4qG3+&^0z&TPGwqxe@UEG&>>{|b8Ls9P&{ot$b zUYsSmXb>dY&rcFQ;wd4^y!pRA_|1bqi;dXCj(a5jufPA#H(T+=KR2ZuzZCfKw0FsW zKo{_!ioja#szZljOFQVf%mQQfFbhzYZ)~e%6}?wnLG}cJ*h6>+>hrfI@^!^$-w12^ z!H4Gna9n4j+qH22Myh6_l~k^+mxb+atDl`)xY1t)7v=s$#O;|Goh=4U<<&lcMFOLD zG8p58hiA&;WWm)m?fWoitvzPN0gU;NXi`n7*es^B#IP#`if|xzTpy5nr&cG`96>tF zXZfyaN@7k|0x;4WdO8K02Oc&*lg)Ako^1 zJW+)-P|AF-jYNmGCoN(yfc6$>M$`WF;wf;H00S_potOXn>iyU1tjfO$49z6a$fF?2 zHm}2Gv6g`pN{QjdBNgJwcdmSYF5(0+8mf=OvxwM0{V-1I4r3u(@1a(7Vm|z< zApQwv8rF;O=p)r1Q4bp;o=?j%NoI1URafo%ON`vFdfy63v7PLWDLZ0ov8b5d3Yw8l zu_n>u=yW#PqlKUC^o~s`WlO1Ak13fY1k!}DZUnGXatM$zzeei(Z9}#D{4)!0zXW1+ ztCmu-HsDuM6~3-k%q>}GLrWOhMR?wi(%e)T&UBVlFZQlZ(9)F~CO{4SlF;u?!}DJ0 za!IG|VfcZ3=t_gQacC^niB>GOs20V~tR=G7aZ#)%m1y~3r)5!`vT|>24NzQ$7QEYV zPe@TxWt*grzQSpHa{DdEOSl&nO;+h+;h5OEs<=dj3eEd6QvsYym}h#AiLsR`%O2B9 z(utq-|HliUuI<3aClj%}N%6eJ|F6UQKaT*%+7E@gd^9lz zL|R7-3q(wYcpf^aVG6fIA56a#i-nny0-Fw-o5r*5Oc$_RG37a|J(%xgDa*B|9poF8 z2fR28BqR;X`SR-z>F{D1f8;uv3e|GR^=NJ~gnQ&3I%;gq5=L$HC_xITc`WtU2i)aa zZqVrX_bv|}2K3roQ+(Dw2UXte7`rln*gU^hDDdRV;C4ofHNg`qqSlW&O=UMLRMW*s zE# zL=8m3g^GoJDFzT4!TqPHJ4%_^<;jbG9KDZtZW6%Sct}vykp4BqBGDeM;Y}4N(X6G3 zjl2MZoWqsYY6HRIc<>L-_s=hb-KcQNdQF8aUw~bjKlJ0?bS?5<|M%G}NPT{Lwm9F3 zqBdb~l7pqi7;#VZ7KeQARWdd<;076;*xk(1AlM;QjW%rMuwB)gfnbcEE|1|pB}KAZ3Pxla0VvClCE zxP6RJf5ZQ#InDkjcN%@d;l3u|tIkFKwV1cx7{MD<@Q9Y}rEbYPB?gn&>vfj$`<8nQ z)x5kE#x`u;1@2dX5PS77%j**wvR#C`E_alXziX z#Af_3p2c|l0wD_uk!Lg1w07!ff70cZNxv;~eR*ZCYgxkgCL5n?x4A!QlYhwaiy(*f z;Nn;A_(j?{;W2ZnSg9p4z!XZvlhC$>8V&kVu6bGpaQno&l6N2uKNFDgsp8Bc>t;4j z|3^grh)0D)0Cyt&M@mJaEf+_QHl+Q63KeZ+n*;8l$C5NEb6ph3h6J@-cgbfo)dkBA zn2ZJZoC=9&n}5OhluyZ=6;2NwT;S34iK4;L5Q{~9n~{gvbX~|vbjYow$zpitf!FsM ztysGusLw~_e#iG14<8=9bOM7oSkL?}YPvX=zQLR=CQaRalSy7ORs|uJl_CvS=iG>e zEOv_h<~KobV!|b!mu@G$0n5^?AoQel98}VdettWiz74JS7&#E}6CG9|b`TBykL`KAdkf3gadFD( zP9NJ80_}kfdz+U}YX`&hD7U(vl(8_i6l>JVA?wOYK+>+%9x$(DlZ!DaUIe}VP6Kjw zZtDp|Pz52jihzQjv%Q+m^0$+xheiU{W9n3KW$xOVHbF#TeH6kyoCLZ_KSuy?e&|!5 zE7QdRXTJ90_&m{nyjbD@SP)*;Cs_Uflf0tep;iJh7zW+5#=>kR=kDybHS>IJP~K)~ z5&$8^VoO=SC&V;c{t#dy6$(K#8oy3 z;E(LaanoS<(BqFYJS)5cSB8_&l$FBhX5KJmwPPqkj~4HjF)k-kk$yt!smIMlwg#pF zGSUamLOEInu$nyeJ6%zP1O90D(_+=Hu_YxrhN=b}bs@z^XB^gFX+eA>lWUG{I7bpc z2||rp1)_3FiGEsB2J{djtX8iIJ@+`$-jOv_>K5r2#&yUw2TC;fL%OOC&YTP)!rsp& zo<#$kxPb?xt8gL%YHootE-b*WYd6q#MdQg(WAI^ZGs;6R?sm9*fo!+m>$?OM_Dm7H2pq|(3sV~wzc{mvcEGHW;~(3T^YeH!QH6#%78 zLMoySl={pWCEj;K*B_oAdibW6AlxObe<{m;t=$-biaei*dVbcrND}mF&8#q{h#tvaj%K|u^=+s5>r{aVmbgwt157*>jXNlj z=J@rC#$0-Qf@LdWH;YP)hjFdp<-}3%L9R*^{YZWw4`@Jf7StoQ*q~hWn`77wKy>-Uu$H$167hKjukR|8p!iYa|~T(?(yieyfVm zi^(`So5GhHM+UtIJv5upj1$A}mG?)UDR+|(n9~@Wd~9;EkT|}*{UvAfT^i)!Civln z59UK`&inV#N*@%%&R1Q|D8??_-mQ;UeT3J4Y;^aNe*a=O8UM$PA^(Up9sgOCug?N! z>elC|>~FGY)&EJKO!3vDA%K&jv_NgMP3@h%o7FvqwXgWeMez9I#(_$@#ilFUXb9Co$v;=nn-2;3m+X&CVfPQ3bfT> z-|Pd@flA%>+yc;$u4d<=4|inHIGGg|%iK#DsL=eOGiMMudD1#eoEwFUbfNP;rmF#r z$2AJ4$;^j4@Q2JDGswIkA--bQ{>INA;L-?;QLue2k%uV`z=MO=y*BOES>p0glatr+ zaZ2;W?Vnjy3yI2Y7!51j2rzOjQ&<#V>d5AZF-bU>eJR7+Fv;CL3>#>hdl~Wq2}LDr z?lJL^g5l2-(6#m|DnGv_d0fss;pv(@v+XzGoVYGY4fdw1nzIqVdZT-gR?od-%nm50 zG!NslsGc^VKIZ0X!6qX#_~(vGWy>svN`c}+&m84lbZ@3ew8tQ#*WDyU01v8v3P4X! zeGk(QBgkv7ch?Htv7;dk^6A6(9p+KdTuA#f#3V*Tw8jQ0vLN_INg$ZSQ{)+a((@BC z;`NB=`I={UZ_unHmwZeYU2cR6r}II_w-^#}?Hx*Nl%s3bAVewF<*l%# zw_&d8+ZtW*cZ_I+C;_HqAVx9}>X*>`dm=h02BH!Ka zp3u*weFcO+-XWBq>_GeakCEk!AAebT!JjH4Z^yuuMD{ z?s`P8#Ip~<ZREkYU!;E&e1Kwb(*B7-u>lUD}LJL>4XR9@9tm>htBem~J|&5#mp9PX zW?3~;ajfhlY2gqKG;2WYvYfc=J4BfZdr}TO%sv3zw?u|bXj2;|r41!IHM?L`>q%Mr z&FZ3`k(a+Da=aI*s?CSPfidc`J4KfU$NM=QhB!867@Z98pMxa@`@YFyH>AjMj>yoV zA2yvgP6^gIVA4;FmtLtJBtAmx{V^pd;Nl&;dxeC3&Pw?tyVvSY_Kg?krMLapHj_M;>(MFgbM&EvHg>hEvh)OA!L9n zYKt_aGF!RO&d>Kbmk%>E2;mvs>EqR)CI+kc)%x~Z@QEY+?O>ONcG|)lhry2qyi2FB zm?QV)Q~o8p?+}ptvYkC!S%`%YGfF&M&|C>rK!5>)_X9WG6!gt8fPS*pt<)}y`6@nI z6d`XLz<-%RoEwU7LO#YMfta2LJKlT~8zY2o$H}RdeO8w>Y~qj1J(mBGlvl2t3hh=m zLRKW8OQ#F3x2_H~7Al*QpgHyw4CSTXDu1ruDip@{P&=|tn#}-4@0&PwLxujszO5=+~bnqZSm^;Jj{IudUAbp)=)e9e$g`y^*@`!4Q*z=aua24et);x1t^zf z?96V8lxS{MAv4pAzncD0Q@7sZ1L)L4&l|13p^JY)0~Q~UyH_%usVUG_pX0(CjN~B4 z%2DNQpHE@A5UPRYb;t_Abg|j7*<$Y0)rZMsRvv8UWY3)~#X~)_MT~5zpOcqrw~>Wm zsWo8Xy4cQFJSuhUnQ!^kjPPPnuw*zDSWLjR_*l}fD)Hbc`P8vO5eIBL8IoL&odd!o z2m-`#ZJ`WcP~==fltP5vy|?9~VKS4M*hMrJ6`$KA#!8}-B5y3NXxcKF8Zdhz4I#ky zt~zB)ilDa|n}8J((FczKG={EHQQ+z*$HS3z{aq?Y{dEqwHJxWLpi%|gPV+uDaoi!8%Xb26A=Bb+uvi)HD3(%fZZi2t-L=9vK) zuffcyYIE3N{oy(*_HIQ*)j{sCK$UM2g7NhB@Hx5YW!EImgQxGKhfZnPn>d;;g3hoiMbET1hlZi@)dc zz2?5hueHf^vGmk-7`yIulN(JU1<*HVDvT;nR{lDk`u@GihlX5)Dv=Xtn_qporAW+r zF$iRS=@GSGe^2}hBY}v=?4M^a|B=!Ufnbomg+}hS_w651!OiK(OgO!(a?W#m=3BLF z^H-P`W{XXD@R=sr4NPsVAIss>n8Il@tz`HX3|t#ers(n9=LZA9{cl{PAr9>ElEy6P zyw7DJACw@5$Ji=iA58k8iC{tIJfki_UT+#WrO<3hvm4Gpu(T)&@v#!2z4Dj=fu7>I zMXmWxP6l@R(@ZAx=$e(fnrN@F>nToXy5;9z`V6p~P*vxrue&T56IhH&JHP zkkQ7=nyLld&tiqQ1_Pb+IQ1A zP*F}({GFlo3++3dwVa5`FZe;1VPsu{6;8(^q?E!7z7~4owLcPX%9cvCWMt(XGi64= z@nNP@8+fzChFUj38fbH$cc1jW*bXRZTDa!+VM|+-BSBW zzre@W>@$VVKl&&^Qe*~@5NVWV_`jCXAFVoBOGFS^BOC&>*m5BE`tQJf1V8SU(h2B5 zBxj@_{-DwNQ^5fap&k7w26dRpCn|StmybpKg_xc${pqnM#b90e;B+HAdG=^ULiD<7 z)y`ebr}Y5wx{SyrS_28n^X{5Vb5YGJfd-i*-v(MgM=NoW6pSYiA-D~}7!AK+6KbfIo zCN18GTnu+InqdC-o7|JW@3!g$K2xuJb!4*VdLr<_I=~~YSkL{-QI5?;)iHD zHAM%%9m|Sosc%FGB^SozJ3P+CFIV1ZOj5W&&pkw=C=OauIU1 zHbM5Ofta!>?uu!&h%g_xm7&F_f@4mVKj@O(vR;t#9vX4^^t+(l@28{Gny-hO{HWdv z2eVtFw^zuq^`EPF5|e)Li4D!Ubc`LB=oW0XZT&fKba+@-Yu7qgb%}Wvf|JxH^%Mac zC{aE5SA=8pu$0;FXExabL%Ri@xcwUQq1Y+{G`D`6ft@P(lbi`I14I84fURQlV4+~@F+}M440rmHb@FxykSl@{7 zBgzi4790?+5&aOJP)JQMy`x{h|4~}pE!=s=VMiXXJ(IA=l*Gx6WFjdK?ksBCYtj|; z+?)Cvg&NZnfy*g16HGc7=UKNLb0)RRSZqF)P~4R~g@>YzM38 z6ukXivFe)DNU}gv^~$Q^WgAMO)W@d;*Tv zEUosKz2p({G9voF9d$)U*o;Y|LovWDQBkOE&-JjEk}ZSHd$(JGjIpXIPguBL4lc{)I*k*Bd5 z`j={6{s}z<%!*C9GyUbEqeNnh7dT4_mwO?>{;tM3323q*kP%%6G!W15@3cIwaS#5v z?$tNFS0iY&wrF|Bom9>8(W%HIt)NFC z>X`XqM$zaAK>f1`x$XNGKbHllAD^yz&(ilcrfva53{UIJbt_goK0H#amL8~DnLVRn%cs&9-gP8p^kUE~dE#Vid+$zH(-%H|>ym%oqeXB5j(lh#IU`Q595F&y z&mjN=Jilv~%!8kW%T(*7>H0ERAPA@m7*x#oOC}kUgrr&s9CsgNEWN)Q&3n@BMK5Fd z44w8TvSTxd3>6g45C;y+iuf=kfd;1B=(`Q+6lirkTF=j)i}Vq&i&*T>NWF9Z*&F`P zH$U6zGrRpdg(MX7a_VQ)#M6H+`m(1kyG0At|Io@;-8QjjS=c`LM~&P64M1*3g-|@{ibeu`MbNhJPLOf@kI#U7AIYM5WJlIvRrD=?cHy)nPL8N`7Bo)O z>=WXVOR^AD>k(znMlATU%b|i6 zb1qeV%LlngDQ=c`ufixgK0L*pv;X=ts6UZ*wK{YK*1UXwBhNlN{{2GH>X>ID2KFdU z_6hpCQOr%zES}GV2?UyWQM%m~C8Gn|D}1b8c5Fbce(B4E zwCdr9XI#wXMVKbogKrS29E~0=n!zHIXclh&@CZ#g-MYmO5VCOn*VFpH&XGp@pQD@2 znh5&a(fLC%n{O|d=bm>+gNeKT13}+)fvCt3BX&NjGox24wEwsv$eVzZSLpvN)a0q^ zc5iwAX^L-v)s=VM8&^gHD%73auk#2id!#D^`zsBS*iI(JzcM%tKon~v9B71egP`RR zo+v95%GY%OjiyH3HW-3Rw%z|jT&T>6au1R_W=@VbKy}Q1D9G;Ptb<>_Y>fI^4fb8T zdD=`tmdXo;_j7GuqhFysNvpa?%eD2S$xPLS`>Cy|`Ee16`dvsTp;-S?m)fMJ~P?@)c^f`Ktwl7IYiwO>0pR`W0cI7@^3&u3vzaRdT zpsICyvyExSClVqiNQJ-rNe5da%A}vw6a3Kst zX_BLW2<*ix){xY1TtJ(})&(5}ju@Tz)tVlmbwGC^##mz$m^fd>DfOyeOh%j0?Jadd zO5Jq42Go*yWc7hsOe9ZILGXk~TfDqk%$et>Ueiy%3u+`HF$FV}9hql6&n*J0#3L8H znY=_FL!#NRnFs$c0c+~qn9?L4#7(;n+uU`0DJqM#O!jm>O8Fc+tMaMC_RW?k85zmd zmnSlZUiM^%O$}P*4mo`$EC~!SAzYZ!G?knkMW}tkd|*jg1qBM(S`rnpErk z}BWbuZbCf`QnS4DVh# z@Y?*^3LiLx)ad_F|AOM^u!&u;Fd7T7OQ6Hkl9v2#UepBaz*xB6tmH0lWM6)&kJEa$2 zSs)x`>yHYyPbF1Y8dl~lme%t1EE4yj2yij6!W%c1X_;E1t{=MQf$6ea=jLlGa&LqBBz_=S+G{#&=m-xiOt zL8?Kz1o~F==af!g9)mq~(A2c6OO%l^y47cFoksr#oKV>PZ&X14F4;G-Xne-&bs5gv zzZ`lL?n5ntrU@fCFijWr^JdqE8y7S^6R2)A`TELyfBi+hB0T!d-PsMx!wzJ3_>E?9 zwq$!48(}h>NiBq zbBZtTBtw}J15?N=Eo3Q(D34TpGzVo|{ra0_80IXgU{Uj~SB+t&`k)${`{@o_Yla_nlm5IX;qXaKXKXQuexkv;S80XtbA+;>e+` zmW>&zy&GPm4MN(B*Z8i@13x54LXK8gDVp4$L>KpItsOeFQ$Bg_xnYXebp9R=ayLww zZMloj0me<25}T`pj>=f@Uuk!tc&@RpwTW}3`P`AYz5-Z9S|jKM)G6!Hx5yA#ktp=d z-iKxca%7&+z%U#mLjvmH?8_^%fCeb3N?pQc1v!bKX;9-XIkm?0ikw-gYgqXJ7MReeh1E^K3Sr!9%lk_$iV~Ah2|}% zw6@PTOxVpNA;OK@V}4CmmHqdk53% zyL7R2Oy)8AX~fMTOV-laNg(w?LdSdzOgk=GQI&3u`u<|b`Zv*jN)?O1OjNiP;7ef2 z$J6%N+WCU#dPOKsqi02D-$wvd67;)qHnm1pKVR&}8JBNQl?=FlxHV7yD17Ce6so*C zzv0N@@8pE*xzwfD`C1rF|IZ)34h|breQP-d`bcW=#fIV~XM9n;g2UE;HgVw(xB9oG zS-U&r!u?oFX-S*|)``pJ+8S~+zUKPv-|boh)AN;{ub8O{ejdHDn+3G$o-GEekYUhe##*BWurp>p*FXFQQ=FV zYr3p10}a01(Y`BQwy#U=ywJ~cCYvnC*j;2TTH}^seigq&awEp>?);aLArq4hiM~Y$ zp|HAlf2lf916(wac*JEV*``Ruwi5kJpZ=h8P_K>z!5#ybZqH&LljbBS9rzRiZv&IF zedO*JIy6>jsX69e&(h#9U zGSWPC1RG;f6dNL#dSJgQJ?(4ALN3GPXO?0#$p=DiqCwvtbV{bvIc0J36CkzQWD(HB zV#c1UrDjXNi37kL7-1l}P?YbBShtXAexOVC(qUfan(P9XGPiv}t2xu`@UUy3ObOpt z=L}I@eVB{v48eQ;LUUZf!uRfK1uws>{3<4=)-<+&&l+^Za)rq@W0G?{Z{W_^8(J-l zFON}Vkat_|&F(#dn3I2-7Ltrw;vA-$00Q%HUk;J6Yl6sll(Q_@-nfApG2eRw#D%zj zB@s%N7m|>S@A584;gQo4A9NnYw8#_3 zhpQ$(;`;D39~UwoqcrQarVyIUNaOSv+0?adT_zCPGc^4S5aId?YDo+j;fH)}W_vR^7!@ zI^T0K*>hDvuVYS=NIGqHyIh$fmuTtQ`YpD;mroA{p`p+|Ydx#O|Aa*J`DTZW6|hkY zzw=^u6aUpZv5#Kw7Vyi!xovMtwSS2mGX(zlFOoio%0au&otpoKLkwwzY^wfJN~fXd zLRunyR`Zu<;24DR2AdoV8X)&qYd99Co!r106|=7_8@On>9yk_3##Pvd*-TlAXA6Cv zm&j0yO(QVpR}GOxakG$$*vFXlWsU}+lbwag-zk2ODrr|wcYmm5{LrdfQC{8FAWty( zB}+eWUxwpdkF0Mm3&-a5l0r(~y7RLwJXEJhhy+49`|inEy)04XdAqR{0=MkbT z1B#Io9N*Y9PSwCFULVHdHqy_RcH&ZN>m9TNTD`=RX%;3sUUe1@(2ojHC|CWQJolDu z7GB#=9^GdaU5L~w3cWLU&^o*1?{KiXf->~y$PfY%6szM|-B1D)`LVcj&03XJG({=T zcpCZ@3EET(!wVq<0nd!PdOjO9nfCnX}`$}sf<7+1X5&u9k-z10ms z1sdVkSs)e+zK(&hg3hgpe$4ZU0))Qvdpz=bKmWP^ZuBy!e2PB+atj1E_m2ILL{zls zH%(HT8X*V`BV+SxLi9_$9b*~CyWTpW{xsx}GB+?czbul6s33K4u0RM?oxGWEl7&YT z!;oleu6}83JLLEfUWQG11~W%%Uq6yP*e2jyreu}oOspMUIHl-w?QEAEa}lQv#N0gR zyC)qq6HU6Vr|4Zdq5N!NjXqxbOIn*U2zeh~{;wzc84scDGx@(X=?3Kgs5fxoHGhMEj!cLwO1>o?7NiJ_A}0#Mp%KIhHXDQP6{!Yvcj>IC*(70Lfcm&Oa2`HqTfTPA2BZ5hAS|r#@iQH(B!W}Hfv*%6LTDra+J@S+bX66aWe4g9kUR7K)a3LbxgByr3Qc|+IBa2-$L;QhSF;TMt z5qZwcnUByE+D8W(6i7FYh2XbQ?)Zh-Y$3XjobAX(r0p5kWa@4%T&v4Ie`+M|-(1O6 zFhYjNu#G%-m=M-@Mx`0hCBs8}j9Rdjupu3@F|lLYH$F-3)85&@pr25swt8%TFTq0c zQFGKLK5ueIoPT_XSOgfX@9Z|Fi=UvrZ@8@s&#oe7!j+%v@BV z^`nF-E2JrvX1=<5sr|Nnk+v8Kf&$dF@;Qob)S}wApMZL#Yj5jZgDq^W!f?pA)Sd`; z9X+ZpLh_7=(Ks(bIo`6Noj@N( z7zS^JZXT?wI-L>$R)lTxg7B`{29a#Qk~KhxJ;VKF5Y92M?ox~fbb2b2hhL%sn$3g@ z^m^qBf$HoHJ%pJ399Xc#fBukRD2TiyL)Z4r{?7Km!;cg|Bt(KRefMxxkTxC;{Mgt~ z5~|VJ=3MdFjm}9V#k?c>QLmU7uk5j9-!7zUM%`u{CYNjq8Dm98E@m`@!WeMNmi)69 z(ysi+c)=vO3pIu6k2yHl;GBkh3Ep?s-jqKPka)hd!-4QE`d^>>6ZRS|tzpKEQ;UA37Wkg8#CWZ_4 zg;@t!nq9tY3B63KkzY#rEholoy(?DvCrxKwtMl%k>h5#>4@>Vh{1*KqE9$TO-QJgf z^i-Gyjei079x{K|kGwr%k}eLB^KH!sY$-{&aWv=h@$n;9qXTEjZwzc;-4e2ZChJ{vF%xPkLoElSfAYP|+f%RT zu}D&#=|-lB?zs$ri>IoumoKKrh`t(eYIlY?YppB-*Rw2(f0Puc~s7JUfl(wsTd^-p}v*R~0!_Vm{`V zYNpTa2AC>Q! zGIB%gc*u?fnDy^ZYPgA;$MXWR^Xr_9MNW@LbzlD)-#lV|x4fpLfKIl^aK$dndNRrA zZyzj1MBs6x{t2^He7;lqt69gy{_};UDi>9iXqy3tv$Yx+E@2WhLZVhh-|mM}veP$= z&LOz0wwWl=oE^U_*4gQla*}*ZsI=lYwO3XK&vr(cb;x% zyDuc9T5hCpBM3W&yQ`7(Q@jQBXNF?Al69_&`F^BtamSR#0(tvT? zRE4hs?dp`u|AvxYKc1~l&=6>i{}=hGe==pv_HPXB|7o)Re?4~pYW78&V%Hr=5VOx! zij(A3*}ugVEkg#{O7PU2E0vJYkBRu)nwwPGjT3|~Xg_OahP1;8NS5(1O0kN6yfAL| z#x49!46TV_X3!dc7(s>;>mogV+@K4z^9%7GuC|hzz7z1&0W~?QHNcIP2gl9#3$91;` z#Sd(36fmY~J|k4x`7;Ri)1oFDAZGUHke!jN_o%I-fC z@exzc_SV3@k2umOeDB!i2}?9))^?1Pui+ze^G$f^#@Nz&2OB_UX_u-!(Wfzh4*E#9 zIxWBY=vbS|$J>i+w}A%oklZhhhLNLctNw!7UEnbR)AhNuB+wfow!8QPiSB9=}tSacnt1|)o-%TG^u#stTj5owt_aiy@ zBTx+^rh6}0s8lRo4*TJ1; zQr|WkCUin4XE=cxpzop2)QaO~g!;2rTt)rn7sGgVv zk^%KV4ZyS=JU1jUD?@9Y{+aRYs-bM}aG4_XS^bEUkkw={ZxihLh};RckFSOk76NSd*wz_fSD997DLIof3x9XDH2#D@s>oA=cl{!$FmkxbzI zrnfUTbW?+4E4ofjbRYRe*uL-lOsg9BFp@rB2(M;MJam6bionDlRY6M=MCHyN{RO15 zr$G0G&J?l=a|M6XsS7;Rnr-|q$T-6j8QragUw#&7?z>WH-i(Vm-t@cbp63sJ)V!y8 z*SE4{aEAI1&fP>`KvBkbdRCfwN)U(@J=N{cm{_~R?ut+RJL6tL{U zgwH>nXieun7Ek6!+nLnYx0-RuCtQ5DDMy6i-uT0q5pJT1-}!?iehOpj_CBp5ME8i{ zgO|*?YX>s!X6GZEZD^;?heu$^M2wDrZMgA_^f3 z=wQ;=&}?g`&)YJVP}z?(hK!mSqhTR)#{GDX&P1QgKnHylL0-1dr!G?q;5l&WA;&sE z!gO|&y!cXd!tX2a={M%(zTK*r1o!$;wde=G*+}Zy`1&Yyc-Z4HzptO$8@5gmTXN^} zU(L*eGM-qX5dP*cw?39oi(WC{oMUR|iMI1zY))D)u5 zitTp0KY)GXRHWI>T10(iU`BRr^iV2~`y)`u-splDyVU2&WiGCLrLDqP-yUD$Wc_FRk=yO}=5e>ETu!+Hyoh zs3!LxcQT5QH86Km1EdMe;3C#466Po!#oJ${b3jTNHk(A9_d=2jgExG!8+>M@xX9Vk z;>|DY?@CNKkG-tJ&mT7|q>2%pIeRIn^b*2Ei0d^aJYBzMIO$Pc2H;~woG+i-uRf4YU#g;KZLyfAjJ~~@h z{y6xwWx(m1W_ER_b_Z;Q>g0x(@;p0OK|5tv&s2=t^d#{GFq&;}i|_T&;3>ne-cb9` zOXm1_9;W3Zry*~0a#S}@H+a7ZU&{Jz^koX=1DK)< zPq4ArprV30{{5D8upUvKJ}12#iBClp(tEx2clsN)6y6WhbVZ%-!P>c&^5 zmP4z=AZh9N^cwJ1m~b3P?T@TyX%uw`U{ob!?tP{BKqt4rIkZo%pwgF=~c-SSx7j%E$$dms!P8rD_^>QxsDt&)!+DmpCDyLrfqPYVnB zLUr!ogOpY|9a?nm74$xZf57a7y}iN0k>I~^z_C{H9+ zDF_<*>|6Q@kk*1#uPdZdttUlr3S{Pk#VkX-lZvXbtdR~(%N^ZVJyMN?dg&5f3v%BN zMI!5+@Mtd>xS>9;qyiyCLod@G*<|&NRxz|yEsx~xZ>nkCZkM>hc(V$OkVG4hKksDa zcwvV5s@%_dYSVJMCYnvNy!wgpk~j6jk9j02=mg^^0k00rN>{QMTfj-g$64!D#$vmQ0#k-ENY3cv73+vh54lxj}L*&1> zCq6EEpXvMu`vdaTnxop0Te+ZcNRe@Dz2GtN-mxKo42Td#xjK28^g>h`Bd{~pT${jz z1M?gl402aju0PcS5i}D_cGM-*f%pL;Q?yO87mkC^?1J+(6;yx*(kxm$fcV5(eTz1O z$;bp$So zTk4>azLGAJQi73uewxPY)C}GcA|h#NRMHD5F*#O@?h|GJ6E=zMPAx!GIwU)j%-+3x zz!=Cj*Y`;^`eVsE#rOv%MYFuGq_*Du7UdafU`3@dk2rv3kl*ADK~mRDRzR+XCwbJo zBSoQ!Oh?ldN-EKGq;oq4>`J6zNE8D2HWg{Hc6)29T%|9B{_{eLV$z=k%$yok(oo$v zMp)p_3_h54okTDbNhn0@D^FDFiQF6m z7{@MkAkhUe3Fa!yE4?TDTt&w}2 zSz8mz$BQ^A0jN3<@Qp<08??->m|{uodtT<1?XQ?Ss-6Kre}kH=$rZ& zZL|VuHak{@g3x&(fU?6{xQYF;&zmNOw}-z(-{8pLizTEfF2|U+49AUVUqrO6as$Ui zexW?z0Gb}Dv-#F%+ES~Ki;XBO~DrW(@eCTvcP%|rt3kA zozm$Al+tDXd{LLoXZ4ZKtv4aA9wC+t-XkkwfuVME@Evs6`3{(z9aivA+Tw9#x){kD z?%b2BOa4K0hG2obZ)Z2wm3Ue+g}Gzjsi9CL^!HN|J#Y!rmkS3561zv)mj0UNboZ|sPhxfb-Pe6B@!^7_xB#pjRVK>*f`gS zs@;UYaXEw=EZ0up5>4~33s zyX227?s`QUJe|Olu5r=L6p|%6>W+z2Lh)NV~h3PhYwG5{j?db?P2A`;m%;>%at?8O9 z<;BVrbH4p$o}nBOI7WZk!GS?M$53ea4%B+<_TX`nMF`>DgNrWIQZL{gI4BEdXAArjEC-%S)hJZUGAVe?J zOUh;!ELKXVX222C+gzIyrF7~Xe`Vl*MWYQrThY&d0RG|%LT6$;#h4Q9s)cu#LV%u+tNVd$2BKsiUVg4TA zKL1=@isrVi`N4$5!2`h>8koC9PjC+U}Ko1v2CRu=>XlaJVmP{ZxDIn6+_r*$~9Y^6-W*IMLIqz$><~jhT!xJVc1 z_V#KEl)ii^hwKQct7-eA=6%;Il&6(pz1pot(@Kwj#;|d|?4A{_k#~i(d_|G^{^dxS zGV(pio*j^lnoleEbf?Gji3Su#o7RRId*w|d=@)7+^bMn!@9P$L^v7t7rLL~N z@0@9GROH#J%mwR#i(0uAIvFK{BXv}5@7`nY9#Z*vR+Plm&)f5`P`Kxtj8YC}|KTuA zZjrLu?$!1!UM0*Paos6Qx!V!-+k?#ltK`%^z5i84X(^8-$T(L(rU_^oBzMG##YWU* z%O|sSpQf{J?#4ovB;3K&P7jEha%BQN@cO3Gld$ICWkcj$M$+n#y2(4Y(9e5>FlfJ! zkLJ(|O5N;p%Y%26M1WK0%_{lBnF7;VSA%IALz(A9oxUm9@?aF;og)L$Jbu2g6^u&4PhLQ8++s{$& zK<%GT^dWGDiJ~OVJHd*8bw{!m1KMmugmnc&_)YT4FO2~mpN3Zq4&wa+EG)o^`&N%V z%-;OQBzX1pip9B$-2u7>p&t1pHXsC$NxgL$nF)LY8Jk0Q9QgSyWq(0HkZlq~Xj5QD z+pghXYlH={MahjV3lRTO4X>UHs8P?Ob9d6Bpz!+6uQ5$%hjRY-g4k3=uzHW)mlZ8K zxMnRBFN6~FHxy|W>%JaOg?z2}T%2Uo5#FBEKhvjiDv01xrJB#u|Cnj!tQI4JkUC_F z#ELZJ1BdI|A#wL)gxsgE=YR+pcc~p*=%HHV9*iBO>eOqJnAdiU3!q_q#hDiiOoQQ# zSqQ&z*nGFb8;;4eu+=_j4t#lcNG-%W+?B!JUHFVdIh}S3?d8Hz3hdl6#Q5$aLktD1 zT~W@R(w8oE5R;hEz}zU;A@`EPqSm2!jMCP*l|3fJ3Y0Oc-b%}iibNg7b7RzD%k*g! zHKo)9`mow7X&{(NUiIJ#sUYve&mRUPQN*x)5vj&`ef*e2UXU2na!UW@{_0UqsdCm( z4p~Fj8pgxoaJt^}ir9KycjELG20S=Kbm2$nAs_E%Uwl{U{%?25!(;dqX-Tt9(kWW^pYbFIH5x`5;(f6Z6hHjJoh$L_74_~{?C62s7GHR_15*oYUKTCV)6%x% zg1reR95G6|N*U)GW!bjDb4Ou;m?U0!cq;B93X$f&8Mn-!nxTAS0IW1>>t5!IP4>+e z-A3$eu#nrLPl{80#-^2ikH694d$k;$yv)^2HwPq*427tYFSMhjG`9c!2$w;`Qnz^4 z~IcDZQysK22>1q5%1PS(28^aOH*y$P&4}FYd4Cb$E`Byy&1>gMFV<2 z0+#HVLUqUad=ZJw4KtOE22pv1O@W&~w0C4*Z0{YPhZ$x2R(zqymsm7Nv8`MJ%f!BmOFi3(&O3aV3%J}QvzFR(ZJ@T(Gc8xy2s5F#4^G8ptBZoI(D@Lf_8zC&BTGeZc}3jTgCA`cKbF~)_yauj`QL)_ zEHlU$6A7X|!rFyG@$^zm`SV6>=QP$|B~fq;rc6k*(%(SXOw5b8S01!RVB!vHw8LRn z6Fk(O0n93xEwESdAh7D8$@M#xS1&cH5eM9E*4;TFmvNxRCv)+Cb- z*0)LKE4>Xh;c?F#oxI|36Ovk_u76Rod~TYWi&%bUnu7y+c~K>;u%gC2c|TE9_azg= z5Ed%NHg{|99Abop^_Y9nj`gc`iMGiXW&k1jI$1?KIC85@F)@f}HX-**)Z0BK&Q=~K z4lcC(*TjqOv-;Y*q61+7QvgAXv4Ax17QHgODf4@Uo)-U3y=rDx+l6-v&!g-Q28oa# z{6LNt(nD!aQ-bY`d(7>qCG_H9T4ux}$1Y&3(nc?!k&f{VflF*E47I#i(>i#y~5=_s-ASaDvibZxH^}RiC{3nxE>vl zkpwSlDOE1wLtQMV(9)?0wV`Df-uy=`Q!Wa8O(Rar{8N|PMi{aYUWkvCgba!Vc=fbX z*GZfSycxqr5&hC4wyW9o&YV=8YSE9C;AAl-xdAGM;%rTd?TXUrydp39j^hqMLE1E% zAn!jhx|M5-^pS=kF_Yy>ffiQaQn>W*?G<)gxIMe7(N6Z+=>`Q!3dq*xT|65wZFECr z<)gtD<7fSLYQXSPUN`Fxrv1bi%KXcFA_&p^YzBe8<3aUEu+$Tt0P7OOr-Zlm{wU34 zM+4-?+r<9Yqx@L~VT}2$A0M{#yEIod1>sulYHmyidwJhZp?!zZo1Wp=U&?A0sBXOC z3Y{`yH#bk8xUvb|T^t+Jj4DZkXx+3W;nKf;^DC&Yo|kIB$j&hO;UhY-?@Bu}ih_)J zk0%`3@cPaQe!qZ3D`bKG5&IG#|0+KK`Fi~015bB7d;J%N1)bxS^0`Jop@REORss17 zC&TiDutA&KwgPnnxI_W3h77{r>VOu=NCOnknQSOtoM(h<(r+!K6S*=5Fe9GW ziS^|kz{m#?+}gW7SkWNt<6db0y&4#i7t!Tt?$y8W}v3s!DuS5$zG zo7Hk~06Dq&*4Ld5?wQHA5)@y_nLLd}Dtb3(^h+(5d<~DY@h?IWc#9@<#zoLnuG8#9 zP^A(OGKUZ}Nld{6XAfM}y0I4*3zms*S}O(d%ZhvxWaaFG{z&#rrnKz=Pkc^EOe7@2 zeiT~unQIAUe}CJz-qXLy`{@i=>6N`jMbmy6EO*3+<)_cG8vt?x&vqPlQ3aOam02+_ zdcs(#ax{TvM$z)Rf(Rubyssw1n1*q2|B2-6Tk)^6WKh^I!||a67+DPPnZg72Bn9PB zH85p%6N&M7IFgZM`_AWL@m8$#RN~b0pafqd5TaqYB<0sAuYwZPt|d8CV%=v>u^v=F z-g#^c-SYhDOq~$-+Bi$v?mDPl6&9~Z6OK0-jNw#4Nr#5j`#lKtD#5C;`{QZ%kdaA^ zm`#=Qv-@Jb;IFCX!yC7RuOWvxqkOrsfWX+tK4y%{0lnCQ0m<9eSgaeM&v0NvOu8&+ zZKdit3ljcyc^;}-Fr%%+X?}dKm)OZ!wk?Vk{;~V$kJqX`N*Tcy+Hb6)ze&uT;A6Bh zhS?nrSkI@sxK~?!?&?RZ*jLgvUiPYCSD<%UQa=ObiqhaBbA`p7 zyh1p}cp263Yi&Wz@Fg4FqkGF3-(Q?MMXt=Zh!@+ju9I(s+BmO>AtUbYt@wqN(QY*( zr5Cvw`4@*-aAeM;(P`n#R|SOJ3stbYm0MDw;-Ieiz+>#r$5?)k)qxg)d7^6Q^MyEPNl|fjFG{WWGOBdgFsM-KVg@{7^=Etfad%rv83)#h)-shrsKS2g z>z^RGKObD4kZUD4vqT6>-n0r%0SkY3JbaO55%I?aY+O8Xea`94=ajZBjjRQ{JgezF zo?PTr1_3IDsoP(}`1#YTghw4>Oc5INfklUOv%zv6-)1s|B2)TGR*Vdt!ib|Ml9_NwubiqxW7jF^L^-{j^uS6?e7e>A6|cn55Ii$(2gDzfTEp? zyKIE3my$;pl^V7P_$mg*CUU*+`C#+#Iyu)2E}!YSf|R48=8+&)1_!@W0dKcu zrW2kVo2F;Qi_gawmjDK=Jm2DYwfeTpTicd^P<4VCqad5o=TwMt+O#Xd?t)8PyeaR- zv=QX-#0*U--&jt$L{zEf=O?@#V8hI?uqee)(9NKa5oAnJv&C@??bFzs*agNZ(cXZk zF4VAhDLan7KW=HTBBwJ;RzkK3%6u7i@tW_&R&y%AJ>I8$>l*h5KE2gRA+$rt_lG@5 zfI4PF<-)?*eOika{52vf&ud=k-fP}{ar*|Xpt~YxnMuutBlCDBq>>Jzu>maPgovH3!xPoduzPz6x%JMwC=yOPW6D~3yGrDU_it_b#qxSE%Y_m@ zoUMjF(KQ#d-Xq{W-$ZW;j8fs5nI&}5Z%i{{pN`^A?*^)c(bUm4ih3Mvdblhz==(V3 z%$+ZxCQnxf)e_f?BhKjz0aKS3hbNfyDJd>hjuLV0lFGxXpS4zg$E+(;g#^wKWeKm% zy0Xa8)m|JWiN1JXCog> z+YG11>uk5u5Nbo3+eOAhPTY`eEGkf}VH2W3dC-Yq3WsV--!HttP{pDm5by*T1^WQ~ z^#WXxH_>>IH{Vw0X_1um^bA`~Tgf5&E^r2GGVz(x8Soa5GNsQ!9+p?rF89UG% z>~yqJADC7~^VX|a2l8Os@sV!&=%)AJbz{*#*O85-y}C%xgBvv|l5AF-aIgT=T#1sx z65s|9l_bT1?gP4}+ZjpO)$g5KdpkYtcix^hCKNYGy2fmvy1dr;f>9jtqUVEmDeI!~ z=WqEF`lY!^@@d##4<%%M|8;pXT}ktS1I*qlXO*IIu)H$U{*9tSXJ3+THpVd-qfa?e z{$uEBxx7P8@JbK*gXtjwcKETZ+IT8gUncUL)`CIGx{MEUmFiFA*9E$Jyj~)>4RP-Pe*i9GpSFi8T8(BHct3vqDL0|_# z!AB2b{le=_*Vd>dQceE&xNif<5{F3e0+PPOb-mxC>++|0rz06!9L2s@^fQU+%>R_U zqU+Q}6N>KY?o3>t22Xp7EtcB(jVkEh%aOD2C>w%+02NPEW}Vg5<;aboOcMPYUE`Z~ zaQ678c2U0uVVI(A($B;)m~XVSlaKL^6sWsVpja+k5@Qvz(j-bnwi8yU+ik?X801{DQZ^gy13QAVGr< z65KV&1RETJySuvuhrxoo3;ga)q_v!9O z!kpKKP`V@l)mCIA?uKeg_%{m}lsmL?QQ*Pw4z}GQx@Du@K zRaUaW3U&Gd^E3I16`mGtIuOfr+CF$e!K&NC41&I^pur>m<9u@L0pd6@TJO^H_*^CS(cvuHjB>-m$kD#T?t@A2Ou*S zk0-11g6s%-jQP3v+ozWZ7VVUk{70;RLcoPI{`l_lZ;y{a9|c2~zUq*CpV;S0-BW)& zNPBw3OPIb7hon?%RAGSHTb$oA6{7zDAXlm+@we3m&Ddfl%i_yG za1G#^S48N(PheiFn+^>b=%5s3e#67L+7_-psNFtAz$geWfO8@RLdYIKlNJ@x! z@D+gk*|V7f1(>g?)#d#%YLYuNzc(~$NJ&l87)6(eXrKkw8MGG|?qunRigk6f9>2P$)Bf%cE%J;I*R#)C&myujYa)890e3tl5{ zFlaVBce?q=cjp(hKQZ9RZ)M78ceU}vaa8fIX67}gbUVp@$n1?8rne#8rGp#BZ{V8( zm#!v>L93i;LXlExH4ejV6X#qQ5as;-(&>o7=Wv5kF7MpSCIY@G zt+V~9+X9(m00;-T5$s!P~ul@=CK$95cw~a&W?8OC(&o_U^e;Uuf(?i*d$r-dz6x5|Te# z)5Ns)9$L~+(cD+=Qn9p}E8;OP(xLayce)4?ywLlh3uws${`DFNJObyn5Kftii({;j z9l@OJG1kC9##C9LOP^aZ1KTIxXqQvv>r=0EvXtX$N^9F)doSkH zBBw&%FsiAy%qa{R({O1q>k=nsZQ}SQ)*LJmm{cHb#KZ^Ik4xl|?M|py%Rqu3dSE1U zW5#V`w~mj{o&*VmQzyK(IG^u+V8-(c-Kj6Zm9a&du4&Fw_H_7H=N3~p_rhJG5MnqC zLN1M!^N3!<$SK863(k-XBKsb=~cqvAT zK?VcGH$t`YzS^0;E6hTJ&N0@wyO*QMWbW0Tg32XS>GEpT|8PnAF|Anh>=WaF_Z(1N zi6!sd)u1!6hKdcCUW;0e@Kv_3CtNhdAP+nRQ%em^m`NQL1`t8O_$_HnoARBzSLqc1ZU7qCXe5B*@n9WQIPE@bi2^dBn#hlw+lr8)Eq8aKF|x zk34pP=;!A&{fKOqN+7W8rD$u+8f3JhVq-q6v{4jyiLcXxAySbTx7t zkel|hGYUP220sa}@JVW!VeM9oUKzJ4ZFuRC+Qk{O=upADz?I+f^>tv<7J|?B-TFeZ zFZbOcwC|tDkjf6g+8ljOpA%*b;;=R&732o*_Y!s=wF|$x88bxX>SfT!33S#Mrv_6_?0zz=2IF9`4+;O|Eq%8~s=q5tv{xT}TmdcOm1O--ZRURL1C< zR2BMVp&1D!MNp1~6xtva6}&Gz>!m?rmlZ>~PxOospQ+#qe(`JUS1UvaWe#|VZ4*ozl;j^jY(n`lxhVdgdU8wQX>Uu!ORw*wC>dCPk2Y34 zxwSAC!o84XZ197xh&0gJz3%uwTg4!lXqP-IhM2C@re_f7GcONWx!Fln!o=T_R+M7EC_F#Lt!Ero!UnjCkua>`i< z6*`YjRH3mJm12Aot{I2u1HX(F^_YKyGh^alTv64gfEm;}P)4c-QwUxViI7N{QnF0; z)l%!U9=+{zTv%U+8AIb3xD5)GT$?$=h~Bc(j4{g_hq1)^nFtLewzoI;p4CgDSp){DU@Kz8a1IwG{&;~`qdDgmn=ScWiXoH=8`M|# zR#qO2D*#IGRvC*uAujMt?O){){n?*!)RLnIW4dthObl8@+|I#9DxwcZVOJ1&(+T@1 zof0GKNKRpLKFLVik_%?pJpauoTL=il#qkaJBccdg6u{+`vWj)_D%IRtu5huxWnjF= z*==Dl<+z>dPx2UN+;yi&%z4f@@(*%b)3(11FKkqnT;9V9lQ0U~x2R$@J6-O_eLT!{ zIHGvRJ0dD%o*`q*%EBfSEtE@Yn8|<+XLMAmc=`s~+WJpa;-|X~x>-laNHj*=asUu) zz@J`I@5gQ6)SkMm2#sD=^TG#W8T!|=YnyFp#2+c`u(oqqoSUu{x8}|=w~<)I?9Ah- z(pe#!)IQbWHW8B=>jL_qj8cig3+OeEtl`^7!`~b#q_2E7UU{-jMM@I1SZuaIDtA_5v3=*Z}Q2G!nEV#Q!xBH+=luQwNor z3@jKK#x4ytWijaPnqc8rutZ{FkcFfB7R8NRYoC1>BBPZwBQ6>uL4E7kMZl!TzJ6|9 zXtNp%_ZL%yMU9&nB}D1G+zmBBvo}nok#cF?$Ggq0&!iLI2-$S1@=2Yi#4sPyJzX6q z#YmrLJ-&OKvU%A(o9qrw>@R8iKuE;^k;M9)Up(wkk|IduXwKE%Js%dJEsj`N<34ev zsU_`f3K)>wu*|X!*GaKzpg*r~FZxd3`o&M*hE@vr3#n0rmLorJDCO|!Y?9<1no zj0+3qD)_VSyOSLn8t?z_ZqDcjowi z1e`)uWFu>}u`r#oL`JwOabh{WjZP+t8R*`2G$#yN(Jg}CGjp&rhg6Y~-rzRfGep(b z{j6wWWtZPg<#ge**^IlOR$w?iUG5oJ{}Vpd;AD zS@-&5x#ll4wG^xm2~w`ZZOXcdc3S5a@LUx&+R$K~^vS_ZxoQ{&6~yyks03*l`{f#F znhSqopRBL6*FUMkJnq{Ba(&k8^#0~dFTL4vgolK^(}yaXGrgi zmTcH)3u$Y*|0VCk^)Ix_S2|HwFt=-%P~lhni5^T2ue5y?qw7(c(5^(=&8Rto4n*h) z**wUINg=%|tn^A~;#&oK$9NCneQPr&i0>nrv%~Bu0<5pg^J3wiJsffAY`mjj4-Li9 z+bvQ>GyCYcU$Z_tQcCPA18QgO4{%m1M;AnzEhL~R01$UY*Mhv{yUNF^`qiIZILbxN zMst(^Xx+G(`7k)OMqc!*C5U5E5Lb>Z5Ew)$E3GQ@OaW}IsO@q;^9~2931|Jvkbw@( zj@2c#`}1%|$sOLfjmWO(Iy^6Xssd}dX)L3}U;kZ|*xVn%)&H<(=$-d>eplal8Lmlb z-Fh7-Ba52c^8d&ivp@sUE5L>P3sXnFm&In+{K(H@!?!h)x(oqe7Zv4Yjd zWwrmFt9(fO96}X?_#ac16x{jcI3{RG;mTBA+D$(4Dy62k>>Z3I znX}aG@%JJ#9gt@0f*%6*KP;NADdy~%P9vfMqiYol84i;?cwyo}zI{#G;*jat1cZKF zlb@uNuYqP~o?|I(-405#VrnfgbH^o#ZWr8Q+~uvQEEtq;J2koV zssVivi@fK%YCv#*e0Wp6z00e+iXp_=DWugjY031V9Nxr8aZ$K4)XU}T4E8cqvC^{WZFAC5maaX^ziKP@-ftc=`yPL0Q%PYkWW~JSa=X*AmHs0f9$yGKG#GcN19=)e2B^_A&O60 z^~}UHF}jZ%A(MKz3rjHPYtBclSFrnZuq2v!^lr6jM#Z)@Pu$wr`%R323@=${nb=|n zRafs2mmvGKHkprj;N`okM_dp&In2GEZ=$nTGS|MyNKc`Pa)^iY;AjAd*J#_WpjvV_ z{s>7;;%sUSGNp+Y74D{?jI~OP44Nf^%U=Tg!G~JX7wv%Gojd}2-v^oR>AN@^TR&&whgO(7W|*#|t?vfxsjqAv;XC_lj!t=DixzkctYk>hJxXWw@Vk zHmOC_xYr{>C>6!-Pl_YrOPX#oZ6yZs%=bG}!~Xsu2~$Pbv$ouhp}slU21W0N+*KF% z^FG{ipM#yByCmWnKjg$+)27c7>}b04{fY7ny!dk|i_FOc_%d`cd4r`Y9p%%$Z|Sv- z{&2C-LYu=IN;@L%bp3PA0}C4E7m#DpJ9!~8Jrl~_Df$u3D#K=~YC-X03xLMq6k{dz zAV8(h_$m3|$t$+bKrh#fOtr+t7t=Z0H{Xi z@Z$eRb|91cAU+j)B%rSQ&k4^l7Q(8Cr2R*GbkGyusvkA9WXv?gIVQ89g<%;IN0RK9 z#OkZ|;oEexS*KGb$yo>Q@8e3G`F(NaNE3z?pka+rk6Mfdy9OKyF^F*$=j*cU zHe=Ujn~f$cG8gWsgV@nSN$M;bth|O}52nb=!`*d%Hb)Nc+4lE$6cvzdADv=I*K_!_ zA^V0Qc9Ak=REsb9^0V@i1H3fdii)Flf&@I z1#FXD$VW9 z{rz7_d4C9kfoLW|3&U#pX{lj9MkSMp3SZ*Uej8Ik^-3gpnsk!*qfXb#msRHj6cGBL z^=q9^RckSWD%s;Se7Shq5g2iO8OXL2Lc zQnenW*cKO3MT_)rs%AgNfrSYQdd8U0RxjLdjRSp7#vZ zzBX%Ym>zCilQuC%S`37aUViu%45%F)&Bqn&SdNF8L>e@~3h1(MjKcKfoir92{zPtl zLvE=!J%dF>3M9gL1=U3loez9N6@@!jiB6d3{a!L~aMG2AP&kXEtwrQA(JkvD<37bB zXEYr_UuVQPJ%}7@y`o2lQ>H|_F@+D+>COJe!vQB9-X z$qyXSz{IfM(WG*xx5AVt5|kspBu~5Co}2dZkutkLtL$~}^9fyax|74>SoRi1*%pQn z5%doaCSsL!BIpU2mGQf;!DQa_>b=IX2l!sk1C@NSw2MM4UG zF340RUuTmC7Hz45gOI)J=4{c*&)xrh_Oqh;F?VZ#6yjBxN^PEtuI4dZaJ)D&rk;K9 zB@~~Z)Z~8~{v6N(+$wZ1$j9idc#e zy{tePcgnl_pL6x$06Hr{oi`c0!}s0ye~x$FmC^weXPzY&1s9UBseJPv@R0XZzn)+! zXrTA`0lTRyrQ*uLf3#J1cOJpQq5Ff};8cap`+Kx+pNf<(*~KCeR_`~5T+u| z+q5j)GZ63?!-((p1*Sl*SZ-S;!pl%pMZ8co=F0XnfSdD!}$b=x5PXimZM8&u)-i#gHvumL5@^qd$dQb)uVUIXSHGI z*ms5al2=$BZYo1)4yZWwCWc--pMt=j&y3((W&EPtEWLcxFP!Uz(U|tt6i0?Xuo4w8 z*^UZ*sMAaCL<|Fad)~@^PzArx8c$AV!|U$JQ9uVLaRWo^Gmji!52$^Rn{81L`}H0j zVXiqoR~Bc0vWSD-$dV#7#19bA3Z&#x^~osv0A1~7EKFjuf&e(nHAfbZ15jQ8K9C>F z81f#(8xoHQJX}!~2Jxn9oG$j$%+?*Ca<(wwVo-^*Q}ud(Y~Bmu38C_^LhAfkjN`vc zLxo3=EyI2lI?O^xfhgF99k9h0_UAl(32t_A#lF*6x~y&Eo63_Tb!Yh_Jdzk^mFH*V z?WIWy)mkc@q8y|4MuFZ`CGKuT)X||~ljdNOo|9lwi*bw$2p`PpWSz~R!#z<~As*i) z_L6RSlU7X_;4w94?oyy-8?xY1&?X(YO-A>9Z0B5ax1}s=lnyXMHc{&Rf(+n`=^j?Y zL@dd>oxk@WnZNUvzcRhm&74xgh*mKc{3|l-6vYo*ZPoPLqI?d}PZ{CX-E8OYs_sWD zM9&wZdyA&xzs~pd1t$@NYR7@jd%VWKc(yhT8j>`sF&~R9BAE1*3x-G*HYN=n(GT z1%v<)JEor+d~e;S^redbxG5!69KU!Dy*UML0p&Ffys^WFAUxW}a#GqwoCJKXHNrY* zXc#k(^7P}0;g{uSnWLuwQHd6o`JeMGlK)zCyogUNh_3$-mI%n0cyC@k!M`MSSDtwh zz_tkf`nzC$y7TP%?oCeO9r2vyHN#PHl~VmOo}Yt{bC!Qpav1F5@jM~5aki(SED_fd zKKA$D{LoX@XS}RwYsSTJBCr&YV&#zX0^c;-Zl=`f+k`T(wK+>H-tA3Y?u{EgkRxWj zCuF>OmJkh8ar6oev^6>T7Vb}IyLg*-{v1GTJaw?M42YvciGd&Lzj1DeSWnIc3)~6* zduCr%gll8Pd=|mV*!*xI_V*n0xNBk20=Va>SE4@uvmvUF=-vrnwu2K{HasU|Lh^BW zaWwAcR!AN>Pp;#bFr1;*Ms3%&KRfYLtL)`XEy=4M+T;z3(LvnymQ_ikY2~_u3-_1?SJsHhh2TEQnm#e=G3Z`Di{q~h)bmHzZ0Wt)znVNKJK_E9N|Oz^iqrN`D;3^ zs%cR8c=5ZXx7&jc?yGREWn6y1r*fixCCfu<>MdE6WtiA7C)F$ZCw+pJH6l6i*>*p&)}Jo9Tm zwpsQoT`+;?1g|Q;B2Yk-H%efwuBwUfA?=(4JWM%!pAlquWwsW zprJI$u^XQ3%AkNK(1sI`#Gt15^d47=e6=J}m`Ih0_rOKf`@Ee!zCxydcE&D$}atYvW6 z@X5eVts{BaOw?1B43*&*l=h*2jf`j^m*}b{r!i2eg z#3)UE5h@-O4A__ywe%(6Px%R^sJ&0RJLVx@lfR=MacXFozhye3;*agZ*o~n@y3>Na zi)#|l4uVUi3^_in>Z>JBM)y8?~%PR2bH>D86{6k5dZKWWQeCp&jerCglA`=7e zs&HClYE_04Aey`4~!9uZ8hToL>PO53`ET zb{Ac)knn#7d&FndWfz1-!YTOTnl3!sz3XQP)o-h1X8p~Ne=vT8z6GbQ4G!FoP9o6} z{9jrCnw67|oL=#nqYPCG?%qq(qfgy*g160H9esAN>OU_A5wMIjeh~@yNi@#ntPBL( z7XU0je{+UCfE&Z)z}7A8+AwwPccrAfHL8ppSlwg%FgfXs9d~D_axU<>@5O?ir zlq9bF=qE1qyz%yHz_sWXkvonboO8;C2&yp~5fad$TrTLIOtk-v=({^|=$^UnnmXRC zoE&X_+SagSW4E$Mp6Be?8*hi+*8!fefw1Ue_OoGJsS|Dyf?G~i@`Uy)7dDty%u$kB zzjbNEhf&ld;q*vxVo(_e5;I;^D*`w)pU*mBRRHvr79Cv0*>k7?78q3(AUQhhk$}rT zlHyGb<^vF$#Nw5v7ZsY-p_bk$a7!`zvmbEZH-Fc8;!f45ko@dLm$IgR-qrHEchEiL z*TQ)JzI4l%FBO6LEmHujB~^4+*dX<#GcI3$da zAb+}FlIha*BoDp@{dqo!%DjEI_8KgH+}(WNFfHaI*=+V0U^p5uRB=T3tjg~ox5%$=>hK*zeTS3fit zNL(TE3_T!iFZb2o8n0Z0>F~mo>BE1!%P<-zt4ZdWA%03%@StsrT~Nu1)c2wZ5)&dg z5EGsA9tG%Zc*HTKW31|H^^`6kO|TP6p@cbpYkMu#Ty)8fZzq`a=`|=t!Br3qL}IYr z_^P!{C43yrC8!m=;DIqIzS1zp;h&QTZL#j9a3Hh4I2(}}bO9#7loKpRm;a4NUw?`<76mx<>;O11`ziuAV5&BK@8`8^76AHEXX^>1zQQ=CH`dwx?6J&ewMYa1!4>Nk`IpXHl7`o9V~3|;dDA1yVS#;Y>DeY_pvqD!3{ zstSRcqI7x~W}$(ymye$wyi^KDPvB)MQ+(k&pc2|Cr6y^kn(kdK`YP13%3 zN~W1G`IQ=Qp3s_&K+rHKDV%f^r8etbA{N-U{%nTS#MfD4WRUHA!py?_O?CguKGWj> zajwo0*aULH(>=h`6Ab1^2$Ml&%+*GibM}I-Awwc{kq?q&9tvfiM$2y+n(=3ECpbZ8yr4o)2W1l=3D z$rYP4`uma-)B86RNU|GM8u)_``#&O_A#hyOb`=aH?mx>RK?4;UryGM}0$z3<(+;Lx zthZ;vjAq>LejnR^cVLJn^E}I@0;nID6(LlZRKlZ?u}Xbl zPp+o{|Jh>n}VE{xV3R?V(d`6Acwd=>LpZ2-FJCzQgtmO=zGvdHuW*<=_|Cx4JmdPv9 zF&a944bkgCq*Bdrel!Z(^iGevXkR!9^PGd}5WB+#=5&xjeV`_-XTmScxBt5WIEmj zCvgyLwjQK9_*1Ot1|B^CUw2h`4^Uyg_l^i!96Q9&Uy%lSPsjlw@b5uJ=D!;3rO%&3 z^6kE(l?DAXx_vXyY>!9b-r<~5J&o89o|}sd?z7GxpK0;btM&Ezoc9GPlNC3euej-& z$DoHv%1z^4q#@Uz!ZQQ>z_(~fzS6gwL};Xg5r2rnvcqva?$_SYMn9Z771Yjrxmhkabe3qF)R5>lkhG|WNUU@}OJY-#DPMwu zB2dWCl|7361-F^+yvatBiS-S%`ntfnQjBe}M5>X%EN$PO2G3_@za}2%8yXXQ`SG|XDH;0o?TaIW|ZlzCd7$oASM#g0^6N= zH)gD%{`}cw`5x;)6Z4>bU9Z?9R1`&e*wl+~l?0PjYs=O|2&!)e>O6)&eRA)guW+rU zIQ5Ch328v?{!u~FLRf=rXudMRZn~jbS<)1q-KM~gNLEZtV~^-~$E6ZD?8VMP8p!ed z_+jCZYHjiO`^tf8>KF|RLglhgY}j!e9Sni2mu@CP_nlz!V1;2ipW`>o zPn!Xt>v4^E1AU1OrJzaDI_!tGE{YnMNH|o~hxklFiq|kh+SE!C%whfY&ax^UeLLjN za#+%xOfIsvXTH@~wYR>QbZ*pa)+ydj&oWJ93%+LX$BZLq>GWWCD0hpQNe2BQK=b^W z1Jj?}KK=cJYN8lE2A3`vLu!t>;QckO$C#DX`I3(C3e@ZQg~4JI5P8r1lBK!>(Eh*I zUi+G+#y>_y53Q@Ra+uSc2V2S>N1TDVFWh4BADGuY=B?mh|9N<*&dLFQcgLTI2Iur) zL3@(KStbQ*xrC{BwBh6ZL(%^rTJfMs0~cwaQvb0eNWuQ1G>v=cag@KL0j#ynM|N&d zXV##1${v=~kgYN*<$=|w;94&)j6H3DAFRwVnn@#Gju4<32!0GUA-bR#sD9w5!;4wv z{?z205BI+)W_mLQACX(OgfTI_(bcjsq@DXvYHlSb6g3KQL2)jyACZ3J-xO;(5AvW2 zsZkIm|Lt1S)+d%9(;Kn&@>Nt?yDO8%S_^DU1<^Z^V=9x0ABNiEm6j+681eoJ&2lHcPHfOQre&X+NQD2W5- zpoGbQK&zJIo~4pHX8A{bH6vPZ`ox@2xof<*a^-rE#4C)3UR0QG!lZn>WyN#7pJyrE z4R4@4)UrZ%aLb!O!^H}`Ggqw*EKu75m)v1*neL$?eV-#AsElBj%5>^Hy2@BUUXCd2T4-U?gOx_T7*F!=Gu;-Zbbg zChpDdW^s^z>O1HC*1Wvc^~U3lhv}xY*`Y^gau7}?73wu5zHu^fuRlV{pw7O?3*?S1J&4BDGCI1jZ9>wFIh`GyV;4cza>2*B<--1TDis=K z5$ocYEn|MbJt9eG<1F9MOqR$RtgE*4C{mAt5OG0JJCtvysr?@CHepEyxEO|dQX)Hk zQoxh{ZT?1?z~A5seOvw{iU~H0fd~1&%jf$447?-YW9n*G)_>pRcUkytYs(nS{YO*m zd4rWH2V6`KHqt=_>3mQ3oHZO#jNg!IWe>NR;q)wi#7(i8Q>xrmHYvlpiSnUR4(7@1 zBbmYO_hZLE!7}1<#4zcEeQ`u-%DPJQu_pQQ-eL%{57b}DSW4*7C`T#+RH(DXR~j)c zbsJ+!Z$i6 zZ1*?5c$Bjh|JiRy{%ZVN3&{xK40yP!tpg1pS&lZTrKii0qtIX|s(sBrO8x z*Whht6vFDu)`xyHTV80%L`1H2Vc<5L^Du4D3s@a&KOshsK_JE-kpvf=21WAlbR+9h zm?g5|MGjW4{lUj*m15AK!Ex-( zdnI57JYl+LJ4;83?oOWjGV2&m4eC1bafk9$I+h`n^onIg54l_MeS zP$XZ~m)nHl%{ivSQ-m%^LnusisqM8Q+u675eJW_Co##$%g4Yp<`A_PfSLvJ%)T1}} z&7DaMdPsOjd&Dc@6H??-lXIQX*Bx{Kc5+BGS$JbgD%i9|#N5&@AfNQ(DxX}q za`WdoEm;14FKM#CbHjawe_vEyA-sER0CchZN3whewX}!}w4((mCjmdbPO|;PuE!tq z`pUqhrvq|j7_Z~sa@Mr?dDH|9%qQr5N1R$KgXkA%6nz_Oy!?b9kga!9FCiieTuf5e zbYqPNs^@`|%1q2VVr}jOc06@9F1YkkjYD-Zy$pj@qDQlrMDAIPityaRpXTvB9P1~0 zG?zhC{q88b^-}{Ei318OMZ}9oG0EJIzkbjZ-D+Bhs|Rod7Gp*Gz(pK5j>n0IdCe6b z3FQ9l2T1HJzuhY1-r`q~-NKc1&-1wvbA>x`-;WStlTmEG1z&PR0w;7x90aR0Ri-(u%PQQOc(_!nsffyCw-f5_2|KGCyDUVYj)5z?jVsY* za_EZwtlVYh2-3|R#LDPjPaO=cO5sFJD2Qj@Sk zO-UpD!sC4}Wn2UHZ6XfIcb6&%ZQ0WE>p2srqLa6oD{8Vi;mBotEjirw7)Sp!P1E=7 z?B}=Q@O)*cgKG)z!j$akp_V%0?ZL9#U2%)MLHKhIA%+;n7iPgsrG8G^yCeU97ZNC( z`)9XZ=o}{7F%*&m*eNG;g5C>`&9J`HGx#{*iuVy$i!t6N&b@#I$7$*N(Y49^&AaQn z&hA~GTh-C`_m0WEl}#;v^KhS%f)oGT#b?ud@gY@aZ3d1C;9B>L?kkNnZCA6Jumy1v4;CeuVMKQIYpw~|s?05=Lr+We zDH>-5a(J4Way^BVoIl_c&m%IJiEq2r*$0&mf@cVoKH^ha#}9Dd9MfV(m~;teo<*C|#I=X`eSjZ({R_L>(95 zg1}F>@CUB!edEVPYinL6c&#S=uUcLG6F%oyv=T15hy1I&bo+hmmIE4R$-*NQ=0pdv zrTbetio&Lqw&?MSzI?=O&fSMvt8d&q=pAVg&eBy^QoF?JCC%5_9sTVUaho z>eYp`$=e3xfWG<{iPpAR>C9WZi9GbuftD{eJ15!FBYs41Mpq}E`u|Y|@Zvcg^1Z&X z3iYqU@$PQvad%N*{#nKj-K$7vEF$==sfCP=-`Ezzn?V_S;Ly0X9ld_g*!Th$hfv}O z6O+!yv%YCd_=bAyI!(6LMKm2vuQcRuLk}nkoT^k1>hNJDmvLWdXLpm; z0E_DQTp^7;7ylt!@R;zHk)o~SMxql8ZEc$h_~qm(dd^QH`X?MU?zr{N%Y9Grec{m8 zeEf-ckm(1}H%AK5E|eku6Cp&qQ89KhAi?@z^&>^3|3{fP&g^sonzoX>4SwTKU6LrZ z(m={rnd{~+@rw{Se9fphUCGs$8oH;&3N3jh)%gd*8Fr-hjMH^RZiwJYP-NsCI~K_~^5AMx->58fNM_lecMhr}9UANiv^Uc~~vM$|^5 zf!=mrNL^`J-HZ3cK}INTaPxYPIenq5y>=@>;s*5J+X%DzUN1TS-2Lgl4}CrUl_?fa z5%~K6^ar}RCvvStlk+IlOI^S#JgM+RDa;J<`~bPIXpBGG%7^Q3qKXr35bbY#F#0@$ z`E%6W+M#5X>hui$iQjuJAJ4YY0N%=+$PKKBmtFkpDFy#~{of%F!G}58|Cm15W1ogl zb;3j8|J=>0)I>9?N-~=bs%Yu1k`_&Q23)TQhK_11kCpu3_!|zjGwNe0EXs5OG3kq$ zngc@T3U9e%-+D_XMe>zoLOWQzrmTRo}a!k!s zly$1ZJgY;*;5~?U-+U^DAy#6PKyZcqLdE)s+Cdu2r_=i%=>Ed|k(b^nXcm-*aHO%p zA@RVJ|KS1 zfPGWP&D>c9F2owVQ#viDS*qJ-y3ReOHfcEA0?Cq74%taR+AfsalA#h|b%MeAlY#fy z!hC!Fk#XTT&Kp8>^>u<@b3g?GFrI0kf}2Uja%?#R1{!HULa|bo{KZ zN|$ZrsyRvk>(_?$oROl$ZwGr!v)LbKy28ECJTP$k!M8vloL zxi3nt0hb-xl>clFZ}8w#yBk%9viJYYTi-blNCdS+XRq}5>|b<{v7>{8`BurKbWBx& zjL@++b?O&k&Fd?QZ+kVWl&SN{dQ^6KZo*6!hj<#u+O=2LJmA*`0jFt|GaFStVit|C z8nv(oy8RItc_#jC-gO$l^7G}RuXrvhnLUw2Ckoq^P_)?1JAo{*SnAli>`K{b4ofw2 zz9HZu60*`q6lZ)C20Fa=_`jQzD%Yn~-g52>IP(*3Cq!wFXDVfRj1{1%tz)VGy13xS zv!;3}+FIZrP5;C8(l8 zFwH;g(fxRi;@~3VjUOVbt;@_0egq90j1U{7Z|&ziJI~L#%FP^dchT^g2th{q{&Y(S zC*?>{fOOWn+bX(pb2L*vCO2`lxyD|Y1x}{&v^K@92o5b_TcExA_CNi~+n0C{^g_7Y zDS9Ev#kKxx@g|p!aRGbIXo@xgx~2=f8J{k{B{q$w<3-5G35A>g!>_7k?QwX|?^OV& zbpH>^?SCyyXaQc;uJr%BSE}zSf1l(K146=otxN(R0=tWJPo0*;p+jdrXrQ&TkbK16 zOmSssh-?K!_GiH7xJ*tzaM76^Du`PV8M@!iMV&m0-8=_}xsiAtEO%#C!rKr}98P?6 z$_CzeCk^E{r@YY`R<`~7X-WW7HRU7{KOY9{n1^TVr%n_clVjN-EBfje4kzqp+ON(O zDz)WQff+k*!9Zh3Y*p|i*)-pKxh&SX*>b)X&B4M30fHZxv$JGd=$MS^MSN#}bkQ|C z^Xxv`=Y2Xq%O10}z9^ty?|a21d(Ba1&bE;kZUu_`5{!DpJXg6r({gpeGT;ubg%Zwk z@CkFqZTk}2=LONsed!n$8BsR++^fc+c@vUv-_(6ym6sw1ZElWLM+aSqJ|m%Pq@SCL z8xq#?;-=F1G07yG8H&c7nAk4$&12coLj-f0RN8aq;Ml=>G%*7Xc7BiHq!iWl<_P1zxzM{6COJMDU;_ zM)_w%zC-Yk{)HJzWpBuv4rN`9J&A@_JqP;UbyPA+lx=aGMx&GfpIj+N6S|X(NoI{c zNczX+BNpgT!4#y;=RIHsn3zn0#Qdr1m&!Wr*z5$=5lh}-c{h7}gujxDq!)FtisXw| zF*q24SjO{z5OI%*0&q8mpkDR-{@O2(?e*&5(*54q76n_I6y}Lwpf#hYThNedv)21r z_T2JK0TWA>Djr9tmN5Lz%IRjZ#b7fJp;y~Xsc<|t9WGMP2fpbK93vqan1m04ex4;u z14<#a@_2POIiJ?lHLpmIN@rA%E*22Z8_*wLj07-ri9V@$dmI6SQ&jH9KC(RnTq; z4aUYYW^o zP|L(oOs{r$AlAf#ig-p%^EsQ<{L!MCV}sVd#v?x_8QqG~5y6=i41-SblBAn_u{gWR zu6Nf|8?MLLwN0PKk-fNv`tTsWPs?*8n-_1U>_-`9N8iYT-ssBDIJ&n$N?plDqYH;Q zDoWIh^OckPZ+T$rzBF9pbk|4{BHYSY5IX~1g)ERzqU)1TPfM;T~8RO2k;7pyaf#t~n z$khP=GOv#Z!A5^4)Jmcka0-(q_rb04d%*d9*y=HE)st*H!S)^fa-3~|+bb+CYMI=D z8t&X#X1!{Xwb=*D#lw$!`UG!&^VI*&Y9PKBtxZ$_ZXjTs4Js|JZ1W(i@y|5)66f~s z+g&6r#-IA%>C{mUvH9Xr0dnJx(gA>U3eLuD3d@908`(b=?^{kM;*3 z#a&vqQQ_dXx2y>t1ISi3{{|fc;OyjF7mfQy)r#x9g!@xF-5pTw|KRN{qpE(Rs6j=fBm^#{ zgk0ou>F$!aASoe@ba$hqNMA~%rMwp@k?!s;38lNcyXMFH&a8K4&G4W3Gz&km_~i3@ z&a=-xd+)<S)3!fYQVJ7nihbEzJ%)`E*~Urw*(L8Y^h(hE-(0miN_5Q=c?l2Q~Z9S zwKnKnM-~C~?ci?j9W#_jR8sq(CADw}IN3qWw^OWNlane-e=N8!ls(0ts7J5YzlH!G z1G3hQ=IdLJwHp1sx(4$lcwOeX(KnSLt=Vvcl*-2gx!&aJ-YMp`uT3`-D^Fz^4&SaT zq5^7*0HkKE!CB(q^Be zbUb|&uQWO&4;5$$0QVHF{@rUEzTWJY;!WRfgX9eS$2EHW3h}n}Vd;nDJTB(+hT_{8 zDlcHUFEE;1{OJBgTsh#1kT($dA`rRC4aAKZYIvjAH)@D0mn%!?6vjaYU1x7_PsvAC_|^8{%v2QDwrv%bh62et2i#jr zuP->|>^PEga$8~(%%TO|2{s5D+k5QOBz)|m$*YT}CST%$YurUW8V_w>Q{7?%ecZl# zqPp`P3617zzY2Wz^`xmv*|%3>fRe-l)kT2YfwX8mTtzlISlk`_2jw1NJo4_P{a?v# z70*XiAFO!K{dV2}jv%-7r+>vBq+8v%{A#H|)xc*35aYq(%Hsqu-B@Nsi0@4OfWr1E z$#g#>l0{q_g0ETJzdgND&=|QpWYIoTPXIqG2dOi}B<9x#(x)`NAXake$(i`!kSrdJ zgR|P()L9%O$$MJ+&S;!JD4_J2ZQA=`Eb;Vx?w4AlTb#2nUH7lfh$Ui{w||3h6@yTQ zR0{k6$s}QTW_8iOCZY7gHG0c~GaR``G;#@E^(`{%!_=4@#n9o7 zNnhs?#be4r|GiW*BkRXcp=KLgFX%;Br!eNfJzpM__q1HHmQ&z}UJp`HPf3?r&7Y%& zA)qHcVbDHSKam%zNnZOf@sM4?khH=(egXh~V7E|lQg7U{N{#$P(w0=U-8Kw#5`E)x zYJJV$fhY>wavXk1a8{78=X+>{z?c>Rprvd(!7stri1kyQs`|O1Ympw>Ci_0=~=fglI-fw{ENW_G>^{vu>-o1(W#BDGZkS8K~5H;f6 zQ@2l=);s^>!d1%7E4qtM4!B^!FtK16^3ZQeE_w5n?T+bXN+!9SCsI#yC$S3>=2~2C znENhRz-!CZpAteP$wkukTIfzE-b3sIIFcF49K?+%$iG!nG8Q89JHZwHau+eHAqg+}QyOSjl zZJFsyYs~o0MU`XiA6uFo+7R#C(w}~S5G$`3I>n}|RhNJFa`~`>v1NQEI-*DZj*=s( zi^ElRI`%`6gr;ar2ve>lXI$6Sf#)t3r>dss&C{RySIi}J?|xKO0p*BN906@2%{qM& zJaiSY2fp1W#Be=p8XPTqC&7;D*1K;PKM1+_7*{*Pyw%O|9gTkww@BjZ!h*9$k_K?l z`Te^eg1^{J)~MGJA6mU|Th8#ttj$Y56#Vvuf%(BlN$@*>Gbv`gf7LxmOWB~KRNMg1 z78#a2Z)oL`V1_r}ETF5jn{}^}DK^1`mA_z!7jIoOb_ps}UV@y$&uYvt87eYorv9wo zymdcIY@!3;;tN>prX|xqmPOeWQ(0V+gT`^sBRc+p>%P72K7rc2Uwd|3k!WxC(a?mX zI7yvcdTZlbhqbl4e|E*;p9+vK=%3mbw<7kX_-s0R7=!c2advtb3xE5QTL%4j>+p!O zbwT*mW0xhX;~7^Cv&)MHt*2aKxD)QKuA;0E#?q3*>pJ@eHFhu2n?Ces7U#?wS1dG{ zAMWCx{gLip_<9y12l;-OZuYGQf0Nr1aAE1}a-@FX`%u>uooG)|pvnZ>YaVvS8b%V4l^K%qbkAn$)yGMg_N(L}PU6b(V_bczY%_hS zLjzVftr}yVE0d569UB)wgeSPyMazH4~j*#AMb8q4vD=j80J0<{J zDG{u&)>~ped-P=oU2IUdFe86U&6^env6jYLJ~z9|s^9~FDdS|y-x3^$kEx8(D_gIAV*chaBsN~oXdR_0o*_%HxnDntQo(E<4=S%;e6ziY<9Q{}m zyYah}I0=?|GlwoCc>fDSRv|nB_&2v4jsJL`6$r=EqQ5RZfz`2bhn5;sATV;q80Dof zFQ|yU6hTrS8E|!$r;;OZ467 zA6*YBD8AYZ!M1GJGS}+~ID18T>Kk#S+U4;imcpqvG~?NtQGk+{{~9+Ur>z>3`zD1c z)qE+?&mf1}=(m&h@8GH$@(HA#(5AJgI#v7F2 zWm0L3Z4vr1q(k#uFKHq1g?`Rf;b=nu(gi_O40Vu^P*C^1Qi4l6qP z&JJ*8UWF|l5|IVpiTaic=5G~gV;n`1MJ-fjsmU#IYhK=?)fsS%kfsWJHbjnIUdCVG zrcSvnc`m={-c#OU&fj(7VH@ zXPQFDxb{q2#^=et+#8^&c?h}wFb9+gn-jlA0w1Ijn)ImukjYmEZY^lGg{nLrd`A(l zRQ5D{X52M90Eq#xT$g=2|2ofqUYu1?-ht$r$zS+{wYu?}jm_As#Q_BVH^)6TSnvqn zf@tS*EP7R-4EIYO&FN^*wagZ|)TIy;S)Q~Rd#Y@3HdA&#$TN*TQmFt_hkchVbA72D zBO&R%iz$Cce%y1pxaV;KiInkTr0C>qGa^x;FnK1dM5$P_SOuzfs?GxvHS_A#TIfUmew~BA0oqo$r}me3@?JCy#~Y%(j9%` zc3P~Ov?nmKrJ+O$#fL%smFn4G6mZeKPJD-D?`jZ&=xTVeBX^zG*uJ-x`CkfEPaq@% zS+B)f!|>p}TBk%yTKvt(GfQ9lM>t`MJ%W-w1LQqIMhMbV!9=*VTBtin#}hj31?pZ`z>heDsR|HSBx z_-YAbCthcn(fzg5vqMBj(m(nP%3ET=!}oi##_w~k^09}Iwzx<;*prD<>}mTkxzuHn zCKnexx7kNXXnqNUFkDtEYij&-`fnC1ac^g_r_MsTQlir*{@CC;p#+6^WbrbDFqB7S zklBiz`?uFVvE5y*C~Rdo3ctTULq_74EWkx!{?&MqrF1MD-gvH`;j(I(cGRoU8ABP; za?LnxvI0m8O$SIWWo3plb`Cg3E;APCyV^y z=|11)Qh!&u&Dh=%?Y7`g+$FzX1}>e8t_y6B5O)!AYJhtG;<2G@;(c=iYU=${c!Iu( z_m}F$V{fY0JOATt6vo@c8>RXs%7x;&a`i@Bd6@Eq;X%j-F0w??p~AHE$0tNs5SUMi zN8dE&oM=-h;C9$tbo0Lk+17k>v*}F5ha1JxM^EF5cF12F>ozBY$kh34#wH(U#+}ZL z3#NN0r(HmeXB~xlOpr2rpu<_d;8Sg%@Muj}o#^B)csVRg~$UE~~Jkr2Cf&6QbFEt-$HwaSbF^wP}gXM8$Ek+mM6E zIc6)wNkX+RyOXO9vVFsQbQ0zZ-#_Q!V@p?-^MQoj`mtjR-3W)*JKzS6ytCb8x-z93 z86}kuw7ebbf5+F@{@v8td2pU@ty60(%K6a+>ROgtHzOF82!EUw=r-Ljj|cf90>EDk z=U5SMpZwr@#IW)DoUaN@xoC(wO8NikkWT)`A&LCI98#96P5C(~E75+-fdrpm{AZ@B4BL)(-8_R z2zU*zv55vv$gcV(-;|i_m4M`=5~WHNDhQjgQNHm zDz&Y8j_f(za(J1r<8|j>>Zb@ZM)5$iAusL@7uqIs7jKcIFbC&AB&KS(JkugguM5p? z_l#{*d8k;tZmiMeJ4o+j_XR1-N4}Py$R%1lJixHQD#@a1Y^0o8qeNi|hgDR{D4Y$4 zFvWFABJ*TrkZ|c~~39{LbLq4vH!+sYHG{P`ZaNF9E0;9XfU@m>Y9jnm`EW z`RM8CbF_Sx;|*kv#^^)km0f7fI=gN;BEdj6x&Q_O@6tONSr9oPs=f}m#@T~aRGgkX$l8oo9w!i&nFpIqhbG_=6qv_(Q~9t0QiranJ^HKNF=HUoFH(ss#7ln`M=4gR z>|}CcgT|&(354{Ms{1mrPI&$Mg2Aqh%7{Hty4BkCxVS>y#C?^$5F(wlpiF+0p7s71 z1fRt(;N565DfL$p5FcV-PBWclgE7nnfaMM+;2)1pwym(AYyW)DRZ6h1RQ-G`o@Sb* zGcm7C^T*hzh0`l;>8ehzhKxUG+MMm5rG8LJVhpnrh6!O4qsYgi&=DyRe<$75X;-R% zN4rp5V_1qx7w1HATYgFGmYh<~-Y!g(|kS!?N(ONGeUmJO0fZj%>?+W)VlR((K`9cckdC>GO%e8dl!CVv6VC zH46CS>L}DOq(`|J;1iz_Xl$2nD=QJ)<7Hr@9jg%48)F11=%+UaQt7u{6cWJCPeyWc z^?m{q3=(UFF{TIWoIXIgt%nI6|A(y3pcS=305pu&h!(2E#oY`fF8shOs1Q0AXMLPd>V3xjwlcIABF(pQ4?fU`PZ*95rj&iy;_P84O?H# zi?=)%Lh6Zc%fv%13SKOrt);WJ%QM00NnkmL6Sn(@n}3@^VUJlm->G6BZLt(X=i%}^ zfnJSK&9?%$C#(yah%dP+ArjtN*jd3!`$t`e7mC%Bykb^MD$3cxPRw6!q{+F9_E)1E zPJC~ulyAGyF_1s=%T(BhpTMvcgnI&zYi#>bch1Z2L`rVt0yQPbM|P8N<7Q+ z+AH4M$#`!<52Fj&SN=D$F7|2LqX^fv`zq>9S6h_;;Xft>v>T_?v&?50o?lwxyqC%~ z>9aZ(^L2CrQe80XTaGHy*q;Qa-OhV`sIa@ptJb!scU4RfC?k#^h}6&*j7s<*u8f(j zClq`z^6u~oD)Y!i@MK)>a3q;GmFal=@0Qblbaw&(QgVH3@gI`NA{ms_h0EmWnKnFJ z*>ot;{`DxL7C7R+M;>wF%A`noghi=?yI125FUZdh2Afpz`u-cqYG`oi^m8c=E$mEjP?bFdBT;*q#z0~`M16Dv@%!eL z%`3ZDcHf2Is>{Y3d2Z6ipI$}&(-4=v8KCjYsdX))M073Lk1L7~ zX(QH;<<{8TWW|-;t(DCGV~W8BypN-}4>k*cR`%@=PF-K?U@|J`d|+-X2p;rxulEQq z&C>$dp3_)Ibuc*T%p};ycnAf*2GlYG=Gu=H9^JUQ_z%UE%!m&edEsbejL{Q*Fp?cI zeXq1NT2d=ofx4QJ$UtZ?&ZuPY5j*O^Ak1CSYVb)!8emc#GT$Yr zI|iu0R^3@$WRzf+hyM0)3Tdn#S`0A*HlB{DRWvQ=!v`xzxPvX3Jlmm?-F^}-jop+> zE_O(6TH>qN(|OfZ%*5@lGO(^8e}+}B@KbY#s^yADI=`?1GR zx5w|+lJ0oeTnf0`B0W|-Bz!qBO(s9X4E`Ws&)2z} z8uiHu!f#56l;dhysc@*wOK5vx1n-xv4}ICIAYZ7$U{u$CqL%(m`NcDAI&IsEKQ{PqaK z&6&49taL z$q{6zCJI_Hs^i;FpV^^I)Wa43rfb4~{~uWZ-57R(dTyyrz~S_1y%E-HwmD~K;q?u8 zc_6KcMf_)9f{wW;j?Xeci|2jRFx23=>Z~LA5mmP4F*X1&?3&wN(hY431ns8(0X%gF z0$?l{9>G6oLT$4@o~5oimNL#?v!|vI^WSAc(*-7p>Z4KCjE~I{bBepVl4ZFgq&VM% zfup-6)rGPIft+4rke3(ho1Q}Imwg!qPRfn}D#}5jFdT9t>;VUTT>lLaS|U?h)R)VJ84w}7ovTBD|n7RvEtG78uwB&EfngEh0VVZfXR|6>z0)+oW3|K z&Xlf5KLJwYTq|S>O3(Cj5hZs(_TF_vL>Jg-IE_ej@r<<Ft#h7&RIk?yluSMeHjI#zknVRl4tu5? zwh)q@Qc9)scD$>l{$rCe5xI>&Yj|J0yEu#|TV^6tiky`^Z~3hz6?lqjn!68etUzH_ zy1lQ#CdJcT3ztr!W<3xPw__f;air6bIBk<`tAxLC5e;Qf>&U_odD-KCj%_cZHpvTw zqCmzWhu*EE>%9hbN}Yh(uUI@X6lO`@<3T#VrWKhnsKT|DjNe@60V$-U@$ ziOTSF@AgI9%gX1@>0h59B~B%hXoA_V!y1k4#V$dr(;O#hquc~6pX-jgKQV<(hq;?dD11A4+Y9#i2J4`wg; z)xQOXetN%&KEymYrZ@)qOPW8(WXJ-he^*euBb zosjf*q7kw=92b_LS0M*w=sZe{5N&pG!AzI7H{jQk-2RsP?es5Mft9#29NEVfhzzdV zTPX5HgZ;wRvS+h=hOTCaVNMV7ev1Y~hbajnx&pwSQf?)QRz?@x5PWvGuGL~oNH<6o z0f(6xn^nKXMAD4L>s?^pxe)Cb`Jl4lc zbZeD9OMRu3UDo^Y3i44W8VWhXN78Op6NCbnVs%b><%}h#Tdbnxz`&2|+hom#bDF;N zJJ0v_vzFPi=XHubZ>6)@u6rA05bOM)cOsG7MYO`Xno-u}UJ*n`#B;i)qIGT3BUTgI ziL{brx%3=fUwUIw_N2C!=+z|Wn+Py2u5t$2Dv4v}$X_W?2QC&>3ebnl$%YS7UlQcC(MBhUQf>WwhnI9i6dT4@@A=n3zDw?G=Y6G6O5w=u&!JXV z^_uyb8zC6owdI9DGgfsmN-m8`CWl`$K@_X(Y0J}XVD-RWY#mQ>W`MD^p#q+usZJ+O z>2FFVqvJ!RjrZm9p@f6=4*>!sAS+bqGIYncuohIbm-BY5K5eYj4aN;G#DuUY(jv<|@K*rI~7vx#r zb0kv{zaSt}%{f@%o9Ok|l&3y8#_H?Sho6m4W0;lt%N zJpUV1k8}Xt%oa+__&r!cU6S5-f;O@WztFJJf^5I*Rk}~tD4Bd$3b;5|)y2Id9$QK` zz%3nB`%a#di~+OWWAAMqmY97Gsqb_czT*!67KlAU;U4yt zc&zu!WontN?+FOcZT^%AZ&lccE2r8g7wl?B)(?(-7LTSSz;V!C`$V7978|AxCHlZB zT?Ip|E0%8#!wV9et5na5fn+DUP*^{gIF?kr%CZN=%T&7=^cAA?VM7KA>X=Yv1M;C) zOHNV(KrRWqBTiHlu&0mve%j{Mc*u&Wa2HR(Y{D_>w z#sC+O)U#&6-F~Cj`H}gF#G@5Yrms9%Q`P_A!?U!WV8q@n)ZP-?|NWv^N`=>&ECC(r`9!_@xkuPPguMOXJ_uPJp4Z% zu)$o^Gn~(31|7^tbK8$A7(neHH6vLDcO>3{<*`OpBwi6ItFuDyF^G=-cYQ@lLJJ#E zm{MDw+!iXacqCFK9}mfxYSx}S){cySURiJ$l((-Uk8!B5$)4MVnw}4WOK7f|5CEYg zkbs$(Fq>D7@h2MdHB4K-VpNTD-&WKOv;^07xBk<$Qf_;XeEtmk&3C;MwpP-VEk@=9 z%`z3dqRAiUBX0>JjX1+Jh30|>H+gfr&S)ZS&D_XXsbl02O=ZXh5h~+&-L_o&Q!J$W zEp9V#dvtQGzZXrwpvdcOIU3(pdUBtQMqp0M^u;BpQxIe4*GTZ)wb%j#R}1nt z4%#s_Jq>VW&`k`OI-WWyR^W)q1?gJw|2mj}ZN{y?X!lsL?v8&p^-MqEt%&gJo%G&9#<}PsnuzJ4OdL`i zn8v7*3w-x42X1u`o0!&ujxA!Hx}e+ziG#s3?J*bkG4M%(Ip2?JaRfxd;yr&IyW(6d zzOjG0;D!XnCo@|xJ~siD9!qqWSn1>|`@xFx?tn~5sO;t|GNb-D_pSbTUKJZ`x4>Mn z(!ZpY8Z^_oI7zxDd*0Kz?ESwc#jEWIz6Gnd9koA3&!2L2l$MopoCfdJ%GvA zjgjx0j#PsamAF0v7HB(6m|;j3jIbE>m=Xo@6Sc3fxP_cRC$Bj?Qp#NqxLVY9!;k5g z%&vKSUfeyk`=s$_UcicaH%Okaq`MAPRexCT1uY#YwOQtFjD0)R#&@&tDGSvff`kp* z>D4k>1mra2ndwx(Beo$-_tK0jwN21>nVt_FB^olcv>=;M5n85>O#v$}WxRPHI9{={!2nc(%f z#u4lX=Gi*|$p6VI>I(!Hs{)Q@^!_)M4^tV!?*LFasDZG1`01-rXhI9O&vZb|0!(j@ zwl^Deh~SG=k!;!>5$goAt-ei61XkJtU4WeP&qYm-`+AQ*t5>H4CkXT?_dgL`LxvY7y#m=3b#i0}Iws5r&bt47Tbplws$)de?!XI+t^c`lHCAJBxC>Y31y-FE4s3v~ z^^-is%jPF@cOsBTs@6wm^bT_kW$0)WJE{~NlTEzOU~<2M^SGXhAb+3W14|za9s3?1 zf#4~xn|gSnU-fQ~W=nVNvMVm_ww8mRh`#^7U&MFj`h~y|KXd|r?g!o{b~7724|dQ7 zQP0=cAL-Pl9QdK=B?|NfAQ82gFdRAPqW)|YA2fAo+)xZAg9gX>QfY+rN8=O#eejt0 zr8El9%jt9mL{P73BhWv4eueeBM;?&lj?5eo6U5Hp>tc6`QH4+vzoy-hon68A%9%DZlG* zh>cykuj|G!#uQImBD#qt{z%WqIC;+;XKh2PA>F^7{j%X3PR}YCqX{GB1+;Uoa(Im; z4SUO9iW+c44{q&Xdqgrd=XSfbUsVP$QI6aHjkabnHhC3BgGbqZ-t{PG;y1*JG7=<= zZ7!71V9admOO%&i&V8y@-r)kZJB&^?g2V7hN#jT*Ur#jmz!G#^W1R`%Y4cpWxRs~p zS7B+pQm8dDua@^RfbmN7@bchQdg;ukJJ(Rjj@8@2+HULG!JBq@5z*YoSxePM8@8vd z+~I71>yCF4Xg8_?kYL67kGMVTvh+ydDsNwX5uobpuYURMSLm72 zVcKXx#goMGodE_Le*0Z~h>3M<`eH2fu_xjvCA>VZ~%is&>~hlC-iXE!oC94*AuVB*;>de0nFR zSnPuSl)R365Hi-3Qv|EKGo#RgOJp_+$$DFYLXDXA7A!(<2-j#M@dllPL1*0#b4=OT zOQlu44YuC@7_3sVCiWVnKc_p346e2{K{c@FW(pGQf0qMN0Vu!l06ji@I?Ln!Vwv5K z$pqTBh})5NaaVx|dyl#Nt?AIC0%_=>JoGzYxjO*+0P+F=S%!Z9!~Wof0*H8VfDln% zx72^I*?aECjk;?|Wv%YBgrp7rD2BC^iIOHN0BHOlRbLAua++hK;{y@<`;XDf(Ah^M zQ$UZgP{;}@8d2^dvL~u>8rYCNYl@{BQFUqvXqFO41zdx#k1X2ft@77VBn_iy(JcRt zYNX#eOExr{L8&xFeH!4 zF=HY4siE^J$kMy*lo$S*eo)0$ZetNXP z^hU#4aqMBu?p46&HRtD|OX3hTxFYm&cl}i$QumwE`@)Rw=EVL}=;&vEP6a5|9~XBj z4p^Ya8}JjC(BPM>_B0!K7C>1=eXkXKR7F-FkuK#chp_nG>a3$n!mr#sO7=3%I)Isz zu2VBf1ML<-m^b<#18#ROY>6`M{6ny8P_IwD>?tX-BqD7Z5ef4So~)utql25X&as- z11@C~6uh;J>)%~IObRBJyT%(ZyIDQ+P${=%J%-ah_I=DsnRSljc2lR?0oS(Pvh1tf zpGRqDmf}M)v)hErXV0_o8~z8QOa_2Wx1cSLsLKd({42%u4doH*0OV_cAy#EgYdyEb zgl(DT@BGIo%q{YMT40<<^Pq6n#vv*jc+nW%Uzb-COS1oo0 z{B?b=wCmeeIO=XQ%5-GCw8K;0ZNNh@A@dVHX_%5v6~pHoHzX^3c2q}$2FvS}wtMoU zibj!;82Dz&3&VhRkMQIbj8bmAX9{>nI0k9>g3q{rskvftq-f({Nlgz@8q@J{IEF;h zpu7-=5Rnl}e`Srg0HLy%#D-(>Q_(^|M3zG!dZH8OM(`M(GRKSM8Zi-qcnitBkeyNz z=xl8V(d?1yY*n{pI>9zYgFDAiy+T8o$#uS(u((_H`M$`TAFaY}bNV&(`Op1?<$nNz zCxlk=o3gYsPtvs@R^|)gp2)$t$RAd7?M#py?d&dA5<>WF)kplo1~*F4k1M8qXC#F8 z0rpi9w*SItFE)A=MYPu2b^dVw$H{#K)>d&p`H$ktLO4G!hg${29zP|7cSr+Mh-xVw zr^|c@Nb4K!U%b9fss(2VXeLs$iGetmOiQY#ewfVurP9t1J1L^95cWOCaF2KFPgl4u z>tyU~RQh~)Ny7thG{-zi{8miUR@J|!QHXC#?2Q zBS%UBUw047h`LMGGL1-ZY-ramXzu`uo`ko3yi+!qmxMts3EaLKovkfEqvqq+2PjbO zU>n>21w8K80F5mU1^>t22m)g9;C?#b9Tf=Qi^Nfe_5hOg69M$gU<;?F`nb;-v;KU` zZ0A{?R8AocFX4NyA5~h7=}&*W06amL6SclA!1#cI%#6PwJZU{xUi=eDZ&hoNjb^l0qtiV`OX^q9X9zUQ%bHwI?2K zGc$P~Q>xofOVwjDWy&T}2*a!W9GQq^H6w>LwXKXY2@pNIv_B0@Z0X(T2{E%IAsh&3 zlGmx+=+|*N?nG@#{*Z2~T$`Ruk`+t56V3(b;Ht&2a$35M%Fru{G-dePC-NLUD?3LR zH$Kn!PpQe$1~+ZZ!$Li>(6y@1>fWE*r43Ht9M<$~K$`n`0r~Xoa(Oj~K(CROPfJ!+ zn!(6jJ~aQv>(B@Nqwktgj;h3i_~kZ5&H4JYF;{30*{y1}8I^h${z4d{n4^s~keQAGw%##?+2fed}qg zYdst;Lsl=+#Jzx`5~2WdBA^&aG0GU8f4@fYUEXBRR@1qS*6t;%l0&r=%HzA#WoJo5 z*US0$^KNIT1P%O3nI0#qOm&wUIUjBVFcqnPO%TN6rZz2(8!}->81jpT6JZG zMli;uOv+3zR-HnXVK-&AmmI}}aHff10RoQci8lTq8oywdBQ6q~)N(7z(_N?RxT)(c zcp&41v&j);>fMNoFi#=dKymxeH})8eDQ5gLY`Gy*%&M<{9XyE)T=Ry|xqskhZQ3oT z0ZoX}*qM(d7&46T?d=Fo@8c^%l#&{<{x4HK*9`HYJP=$D5Q^*7P5zgFE8(6+rTrri z@gRc}(xgFHB(}+;GKUH4Q~+Gk$VjEOQKCo-Uac?2GlqKjr5sfz5=;5#UY$=Ip4a8? zNXf9w)w?Yne-K^!7YMEmOjKz_IdWrJQa?7<4ZZWDhxP8x{?^MKsxl>{BMAL+h_*Fz zOQh6dxaXLKNI~cx^Tp^vs)%R|Q#=;jwuVSJ`M=j4sr68mrm#Byawu_Ou|AP{)j#H= zDB&V<=*94sP8(s&r7)D)JQ$2=gQ~~YQyr?Fl|kNDQFFPVlX&BMOB#1JC#8u{BK-Lr zH~a@bUyz3-`9g8$SAml-3v8-(abXvgA@ULUsx>8GO|iSQ_%mZ<@B%z`(*_FUD^@+^ zyWq0&(w2;$H$F^Ou2@n0uH5vi7(_!DNV@z4jf`6EFyQ1|Z9-b}%ecFMg^ zVc_|Cg_4Q8t44`@LssL#&A`|70p*yvjGdQjXN5W?nqWqjnaDDfaqb6S4>9fA0)7LZ z+wOS=J`q42HfC*LO*aiFp?)H;GLifM%NsU`q%wFsBLB`(ASs-mt?q3M7lE>WhQ^+r zOXMdQ%`D&FBy{$+Sft1vDQyrq8|5i>jIDg__|7mHh1Z@yqu0}l2pl0EF{sQd4qKM2 z?S*O~GC4>IF!^P6c$qvUU~JIYe>jV!`@%q=k8LgfjifgX0}XBxJ7Iy-t5Qs6+K(GF z*EwB-ct+Ibk^l63&RnN28*ecf_v$0e`c+axUia4J`8d5Kl~_H{Z)y^~^hTwl%oYL} zMbpEa|2{9p_N!4-SWuj41;aA1c2dyjYwgkL;7-jSZbo!ZvH?G5C;V z(3T{3TKv>b+#Q2nTk`n3K}mEyFA04=Ltkn4ss-M`Ar$mUo^vr}Rq6ZGA2IPXY1b0m zgjA(A3We!~shMoKe~w9&)gJt^@QX$7%5`kB~eR=p|Pzid5k2Nm4HO+wT6 zBRZeCo>}JYln#9QcuQVr`-SA-dA7ad&1WgP zyVU^QekS%`#uSZvW6Iy}Bd!mgc9RJ8*Kn8(9Y`TbiK_~N$cco|h4M*hHd_6BROp#v9*hi!(>_w$JfM5#WLnesN72eR@I$0TXg6rZ_s%l`vnA2YsIFyt-IW`S{dH1Q< zRILS&@?GSOTEh&|qAH0F0LPG@sTS)~H*CT3b>yo>cn%2-|3;}4;GHIx0PR?zJ}`*3 zUOPC%)9di^r3Xq#>T3``go4LpQfDu}v@+;V!){vbt=>}p)=vJK#7X8Q`0+_pxBrj5 z-~j(g;0OQS!q$wDBl>pIFAe?P>^4f3Bl_Og0`=JYYneZb=)Jei>QCN-wI$?D0!EeJ zu@@kITzpCgx<{DR2cZ!)fIKT#MrsNeNU2bG&)k1nvIAnF{`4@$gU-aTx#p8|0`6oO z?nF8HBf>WXh%Tph0`2jM$>QZq?YU7XL(hql9eZG%P;Q|%ZbCcn`C|Gkw9o=VvFI{H`~pW!o%;Y)e3Q#3a4|=6%wtBZl>6PWrath znKlCf)Uz*3t@ws!=j&hdb8{&)C~YUog}f}qX8gXu5fgry{yBl{szn`rMPb_NRY8H# zM!tsQ(z`oab&=};Z!B~lRpP@7t*>%4d@dO6fL<%w_i#`NsZ>^xXrpT0{@!ARsr7#mI&S~b5krCwmmByt%wJ&rHMNbYu54_kBJG`8xGM~^oBK(@0X+(> z_;XR$S%pLWaNTeCbDkiV6v?*DicjEk2fO}|_USZ$F5DTM$cGj{@%n!8;U z5&8D-QkT5NUM+Uo84KdJLk7`0fv^;BAwsx3fh@~Ng$q)ZdTrr(@=}b@g+CV>8a;K= z?P`U>DBYPND}W=X?pue`!|C;*3I(Y4NVeVai<$=ED{n%xnKKO5jt2kV>)tJ5LInR| zRaLq{;Qu)j8^*nN@&I4a?VFp0*>zyq7wyT9|FS}|;ICh&w}&dZpqh8eLwgQIf3eg4 z)Pu$N&dl7RdG(3<+l#@n;$N2pePA1#dh33hkZl*y>0(SL$U8(EG$XWgiUm_I?RyPR zC?fa$l6he&0$jY`Pds5fWG=V9TCx*JKTi}%+YG)#m^vU~_JDf4W+mot5EKxzI zrMR0nMCu~NNHGmlj7wTR$SGG6;!;&_^R5;>xsVxBxIcdKGDKZuo}(L-{v{z*w|2-+ zE0Q4(W6jRsBA;sERR0=NomJm3wW!xYkz^#`^6Kk%k4KsIzEr`tLwm@NhX<@h#dkTj z;*oO9NX*fBr&P7N$?)R$c*OuOn~6sF6-va+>&>LXrftDt|7$~;!zlj6(r4}1=xx3< zvNyk3fhEel`%GFPs!a^8R1-j1%-i0pX>@D`ouE=EF*CbV`L~>#PWEM(0+jsa*I2Yw?wbtSItfAV| zXiDOKyf27(-_v+byamE0X0P=4)B#!U4E15{KW5kPcXAn}b6M9Y#s5$4O9j6;!HF}8 zLgIvmwFba=g8LuFlUG0+Jc{-oBvXy-E3#nHO5jt6z5s$t{=S$P@2=E=I%QbXPrhGD z)(r9O+3;3OXKOSMwbn^7qD!1myL3;m;VS5UcDkuriurY+F-7C&H%>Ug2%G?sBT3Qu zlLFWvb^NT>IKj+*Oj|(P|q>fRtuU#X}uD|AzIj5 z;afi0K_#fiDX%i$>AuFaoyuJ*kJ;Y$vTwgY!QXP@Fr;v(oL#!@G?H}NF2vW367n-Up4Ni?gQ@%QmJt9c55L#LYWr_)f5=R`h ziko}(13jnP{g{M8`nsHM{hIhK&o`yx@}gtJ!*51Y+C69;RF7bhe{hbCi}qL!Tq3r& zlnG8t7YHxS0CumO&woCVsvq#XV&&+y9#%@hkJC(rObs_@V|PFvBS2b((?EihQJp~!$JBe=jNma%M_^pYT%G*m)3BB8y}~?dK>?_cYdLcZ1KD%n82o;Z1CL5 z#B9tUb0{=P037|{MC#ebC=gNnVLq}h&5v$jE%LC6zoBwzcg?6qX;@TKU2$ubd~>gE zj{v^P0vH+xW+j)umf#xwYinbx+e>Y3;+$(mbox*P7NhU_8@tYKeE6nr_EJ)p=#bVV z8G|09{Np6V6d~~LLw>tF6h*b7X&DKL?$hkiVrvfpt7Q1elKyycLSs^28`N#> zec?TVZ&FxC=lzBU@vSBH{zGKwBW(k`wECTP3N#`Tlex z@AZ%ssc$L+!ABgt-;~^7B+rY!g&0DfjK3BG<9J# zY>mz5Qs%ThV7OQJ9A=2zn%pC)^{wZ{`t4hR$+#Hp@I31O3%Gf5k9LlQazxkFeW3{G zhVSuz*h~M=qMZ6hddQEz4FE$x{0Qh48kENhkW*S5Is@6mHScBgohJczsQ?{Uu?5-5 zxq$j&Zxx~MXSF`T4?l@C_+#Be2?;+}5#1dLW=ld!>TSE%8b7PZy!qQKNh!xw5>BaO zjH3J|w^K4h1PcbaeQov4)>w{5p077!l6`wz=JsoU%zG5i^q+*8Gi&j}%ZH{_!KuRS z)HQC z+gm_I^>=N4BeoBG)On&h=hZblpr~Pbax{v-Q9zPAl)$J zd+@%$=Xu}f#{YWPx4v(kwOGm-U32!?``UY7JAPk_YgCTutu@-6(ahE}18xs@D2aM< zrwXU6Q2N=zsTRPoaxZybTEYCBhzYyJqlA|0dM;GEn$ptEesJFA$aNZ@S@OW15N5`& zR;zrQ#_T_kALvQB$8YC@~cxhi(@?<8uwrT_J6d-bgfIPikZ#WZxm(WgK~u8HN_oZAKS z)Yw;mPCfr!>)Vn@hCHGlXAP89=Z)Vc@KYrR8+Gl{W*#wjR3UXmTRA(T;NX{4nlGOz z{Vr~w22zoz+H2ITHKqRN0^Mg8tqy-%c84=&f0Ubh9o6Za z!P z#q6j{26k1Ps5-PRm`A-&NHCq$R$Bx4CcR2;GiGZ6x924{i z&vU-H-A=3iZx*IJ0;ou(_SL5`H@y2Ck6`S*BtGrWZcVAD5g=Rj4=y*}VVFXY%Wgv#ip$-JwHmy6nqDx zub@M9M*$SXLDcpzEtKc`4+9Q|`P-j3FVR zZ>ZoU3ylLQ3&4_uQ!#K4c`r?e>_T6Fx*t+p@;= zuXU=bFd$kvd9(aa2ODnOT~4?C5Q}v8UEu*55F<3SW&2>t7tO#3sDm4m)s-P+d90#Y{4!J#w^Y!~; z(iB!@gcO7IYBA`VH$UKK5+?ig!Aj@ZsD3L32(0Be_Q^NVY_&{>qYU`ZcMRO!o`iWl zt_4qk1&4PSSs5xi!vkQQ&u#mI9OyL!=9!mbbYWq-+Ljv7H2)!+#XI~~TUMYI6v^&6 z5BZs|@;y8HCX)*bnA|N%$MQ$cDWCZD;AvneL-!eVecCK_-nJDrsF8L+$%m$88&%fvJ3h<(UO_E;fa zawARN_fyWMLUM&9&cm6oF^372y9dKusX%Eiw=l8w&m7aAD)ny`%eJzh!eQC}4BTK5VSq{T29nlUE zva^fa!CHVs3?= zmckJTUi2iXTTGcTbwUq$OKkY4elS?t9~2f}?InE&(kTSTbF0J34EVAO z8Ngc$0R*`*(&qV&AU^95?A~DlMsNAEO8?4PzQMcP%WL&ddwHjsjNwxW zj8m<+1nw`a?wYrb;6Z>Ae!2Ad@Zkb?l^*ntlZbmg^E>TFwC`|duX*ZChBTM%qNc0` zmC^f7u6p3dE^qH?=3VrO;*&=P=7~YGQ$#ovpKCrDyHsyco{3Y@GVpS zh3&vyTwzO@7;V#h?zlCj#I)BA+~mwp9=uY3`B42FXsv6edHZ#~c&q;L>7hb3-mi$ow~G`7vTvVg+QY5S^owuVlPW z)=vT=9C$~~x8y`pm&szG>gv)kY5Br`@L67$hXaT~@oTXE3Zzf^u&0cHsiOLcn*d+A z&sLe(xWTLfgXq`3eZ74*HqMy$hz1frufK8qfz|XI8@x*DmhNiH#{v$w4m(7tc#~iL z9?1Q4mJ1K-h_>{V_W$sCVnhl~m(AD;^*$E*a50a5`ZHC{PNM#@t|3`?xyo-k9vJC4 zU4QDmQ$IO9(Kr6rdMB_Z?ULep)ov;A*RM~4uzfJw^58Mnzk8q^T%Dgw!|Fp{wVlSf zewS-{9r`Al_d2O%-n*{8AdE6FQ>04vSvcq&>iLUF|3nTZM4V`OFA3*GcrSi()Lnnn znjg*S=bz>=Rb}+ZY4ZX4H)m1|iq}KNE!D-V-egpsU*EMqy|E%_SF#!OMCUH??w6a2 zZK4O*$H^G+faDXEez&#MvuiSkK$Z9P8@x-R#Tf;>>ihlPoR^k8pc-e&%VTUdYl# z*vkizf4#leSKP;5^zlvS} zNft1oM@WIbW6gv~-=ZqzREyu6LdMm%8;@?CuHlC|b2&sgxlZ;DC*JTahpIQ8-;3dH zc)RFk*t(+vNB&x)J)#*~S7X}|!V(t~f7<|XUq9?G7?9=-fotFUH}o5N{-j=?f#nt! zk+T(+g7}b|s?z-e{4BI`e$>q4r8 zh`BY=p?uf5FYd<%dinj(LF&}?AS%TF0hxj#9mjcNZJ_5PEx^9g}2p;J%?e;FIu z(5jhfn9_?=EnngrnLP|*kMJAejd+@qGO(wYZJsAUxyz+86gZg#e!lUfN!7K!tVOmdUfjl^8wEvb2UmVnw2~X(911!Gj6B5gu z8;BG3E!vD`pQ2!H<)2TQ{4P5VUz(hBsOfatvoLu3-v?FNF%~q0RXGH!!h(Ox%4`va zi4^0tIU0#eoa9gjGoy6Lx);rE@;c;jJ^-fdbu*Nl&2O>~(%%Q)ez~`1pL%h`dV~=t z(ERNKkrD*9T^C*aVM_lPa5=nV{WEg=XnM7_OJq=6O=)nUvKZ}nxb&3uaCq%6b88l8 zzMIp3KNV+>2XL5T`W`jTe?_-3;>)HGS55`+itCw=9~8u;`tX>>!IsJaBXE|A_4aG# z>|*FnvzI;?X;MbTKhznFN6k)CXMmv4`sw8|^Z7l5rmwqy@@)qa=s zV+Bh0H4ewL)=vdZ>0fSe;JDV}teyfE_?Z!~U8kuEYi@jqoGO5o!%5CGfBkaHeKhr;$lY#R=SiGjTfI;6o zc|+;;d0VN{qEOE|cwlUIF!)CjhDXlh{N{$f2Sqd{?5AMC*RWp^J8WG1&GYp-zOunD zVaw5aQXl zQ^8*51**f-1VCH+=t@rjUnMTzXC6>sLe8yC49(Be&vs3vg2x5`hG8s|dg;`>54?Zh z8ap5f;2erm7|P*dWa~{8aJ$zzik3FPkaozH;<*>H-d?sNUT4M+lfHAfTN*UT*tXR` z_zf*>xApMtz{7#FZ*2=FchU#FlHPJbFM)alnCL5uY1!ab1V8?Dz}WEg$HKJzW8t*F zKG>Q(!1f=QmM^3JYUi`FB(LX5e27VbR_#ATu=QQ!iVNR2lIK8MA^x%)Ht6BM?4024 zA3I-cy0mjU%Ejw+NYoS^zplBi%gx&R=b``{L&qT*oi zbbUt72$aq?{P@=|JLCO>R=mOs%IuCzuqk= zKn7;g{nQqaV7y=x5HghEvo9q=qGZ%=wqaHN9V!b_Tr~52VCwl)yf1O|XZr{I7vuyp zGy#D(_M)-AaN%sJf&wS5KTje>x<4UB+8BURONPErDUmJelEb!d?L?w~w8@~QEWHWh z^vR`iDDHmVkV&ruumSh-@S+XP+II}|D#0t)6!)iX5yG{9)d?G7K-nk1{c#(Ao7x`Z zxK171wimvAIXnYQTom&IJC}uZLHG>kIwzl0-}JUKg^eZqxG~Ao785@gS(f{`NWc6w z3J_WUO2bCN!NVyp@wNAl(wGan@9WnDWr+trX>01FmCHHeJc@f?C^ANe;gGA>|2mK_ z#9?^G`b*;Mdfo8hqp8XdFCWMiP~MNuR04MAJYd5w%h9h=_Qw4?NF)f!3*FC zw7F{kt+|%RbzOLGQ%jZDgj<~S*j+h2S_@4|S+r|hs7Gf!h!tbG?3vGHHGV`R?J*k*6W->a z^I6fO6dEFYJN$~(3W(zoK&ErKuE|MEIs%}yZ~3Eu=Bc#N9vR@5t4e==a^NJ2$AC&1 zy+ZN-Rer#7J?0{hv{v8<@@J2Lg?US1p+DE~{80_E;2bruRfVp_qxiO-a1=3#>;rz( zm)d4L%N(q)0fnw2ZsAbi;1H3?!BARuebh5&BG|rpP>jTa-%yzG!szUw*mpJ64$Dpt z5!Z80x}%n-^mFSH7fw-yb%<{_DtW~3zA&yM9{(!Z?0wsiEd)g0@{sW@EyU(-M0Y$M z3^JAeN!#waiynPidpe2$t-|f;?&f+IW70dPbpdoy+z1n|_`yEBarsz9B7eF@g!=*2 zQUX5uW5G2U&7=7;9T+Jrq)0~da`?*jN7G|oEMGN&A*6jdjPo~hTV?~~XYivi@~=63 zlkfea@;j&)*#*pX=9>gZ++oVIwP`YKBB?Av@XI56xNl!o)Z#rO{yk)formpj&(4Nrnf=2DHC;5*Iqb3Zd1LikRS@7sQi{xh$>_Q#m? z1kqs7c5d5}TQ@L-EG!KJ#z~s9DSBU=mR<53{}jD47z4pqHtpXU@_^slL^O@OV+cK7 zYP-OTi~)`g05|Xocx!>JfSqAqKi#>=tG9h+7_n4>e4;Q&*2(B_PfD*YuzPc(N11gc zg&YV5RChs^bHe_pPCWa@fGQ1tBX1htiyK=zky`^%$OB``s7`Qi&)iCe;P!^msa_d5 z*L;K;6HO9Z3g6yEsaq!6cIwc#Rf5;gf0j-4VYxPnT(88YU6E$8Br)T8{I9)(gc+8~ zaubO@zZ3MngV)5&AiIzyN2_AGd$3t&jHx2Z)qzaPc*GZegTc`|PW$1r+xP2PS`>_5 zZBcbOqA;^+Y8h*+q46Cb#~ft~SetFBr!<>Kt8+EbH)XvXG7Gw1$YETtmh&B$C$ zZfn}Q$*iV?A)Q6{3-4H~as$SAL3>=| zv!3R4Ybv-i#6#}db!^~&{Xc)qo?u}k8@QWI{`1!5C$-Zg1I?v%KeZ*kt{%jK*sq~; zW0~@ETZ4TPU%|ok7QUT&&l(7xvdRi_RdJv#@;gcZrRy`4ea&kPo*ypW8f=3x1kZ zaQZv1An{Bo+FeRTTr6jMJ?X7`{|pU#Hugx7dPxNe>5aA}Uc0Nus5Vw~E83P_f&7u< zb4bQ@rjTcyZm&RGTzVv|Bl&v84aXg7X*F6RM!tq8MjrBkhF%(zha2msrH^g`@7S0W z2YDM*?TRYr1L^$QO{Eeg{C(`$?QSQiSt9U!a`C8Qv-qn@{)66~ouqP`8p(by^WNpd z5vcQu?I@IQ$_gy}iU`6=1QDXtx>{t=Prxf^UXJ6rLfY4`h=V0F&4YBazG4Y+LHCY_ zZqw4!Yveb+>cu!BP(1I+NWm);+=K{JfdOA`k2d*?dd-pLjC$0tc}7Q-LZn2bL>1a_ zb3hcWxR)m!L*%`Kiv{7;YV7wvgy-hcpUGD?p2`h7%d60=jgGx$C=}Z4nTWZ0yr99x zHZJf@_`S`qHG$Hs7c>*&(<2I|6ck{#(F#_4wPAZS%;beU>>CbJIy-f-0|1`RP-wo7D8I+6|w8TNqyhfn#DZneeHz29j;1VM@m36os8<*C?;vt7@ zIB|p6#N4&-9Z{2lm?2AW$w92@=XaA_`6uY`ph)7gG?pk>$&$l31DOl zqlT|~quEw+$6dcyki1AsvgcRu;m@cLv+U~5e$<$^==FTMYJ8~Lo*J1ODSR}i=sA}u zF&x==oY6u|H}(>nIS{azyyq#)k`bRL0qx3PA9T6M)dL`l_LB%*`PbpQ)elO2vT^iE z`MRl*;!gn3O0W|I5tUORLv>{$yq;pz1?{_KAbt9Iqp}SgYNn+C$u;{dsqeTNjAw)OmK^ z)-_D8(m3GSTmM0JkDte71?RuRYR)m{HT%Oj{=B2Zv7A{Fc>JdR3gzcH3XGF^TC6Yu z_)`K#4=D{_XpGSTS(IXqwqC?!%XiB>=jsRD=)pB5gIGKC;6COV;r_=Q6EByoOzzd~ zTV{M2cXaBc;wdpUfF}fl#Q?F(0G5WFw+&tpT z%b-#0K6FU;dG(dP^%}y3u84EXNaslASOo27pEx<)r5dkxDwW`$ ze+sCm@Lk{`?-;e(&lE|*yy(Za0VTyEB&}|;tJt}xU(rS+Y9}KwXbodp&NW4h= z$@L1{{LSmDH!iQq8x?^z#EI8V{6-Gn>?1C(_3M-0Hpb}gf~`1l3-0{SkmL_K8c$VT|<^hFUtm-(sW{l!h+%xXoW+yoAwz?FWC>X7;pZ!5w^HYqOag30FpPE*G2cVd`y8?BQkC_hQ-+xnC#atXy)4H$ohbXU?JA^ua zYc;344C@+MFV(nvOqU9I{tNeazeHK+)5+GR4fmm&_KQb+r9N4SWYHOxGtj-S_pHIf zKDwDZ0jLMGXWc+R?=`X>dg18k!u`04r{AdO?dlKWCef>7n>To%ZKf-Qdkt|LXM#n| z^>MsXzGS}%5COg5n61Y~5=f%o$iM3TtUw{IR`S~L_o-ma11im;-6e9c=fFl-TWL(P z9c9TA)e`;D?p>qhsf#m;>GDZc?cQ&)+x0p)IyND%G@?5j{DWRbbMUEGkX9*#EYnsolzXj7IC_^7{P40&*wz(mj-a{FDEP@vdQoRY_(d7*;7u z=pB=3=!RC+$iYna+HDHW#7@`l$By2B+NrWwh4fULsm_~km9=RObJS$>SQxr6 z@qT0gy5QnjHD=b?TzVG5Ey7d&AadQPi?Q4|m-@6UDwfQ{;iDj^-fe^mIU|-I=^@i! z6x!e+9od>x>dGMV+l+z`R1J+dp|pFAVG!J^T72`g6R~*%jmy$>+;lvPJx2FmSZ6~# zMpq){jI~Cri@q^}dwEsh+7Q>8cs)zWDyOOXD+D_GGN&);$@Fi9;~-t(EYOAQ>M3;~ z${IW0xC!_%!)Kol_C|Q@nPLp# zYJLK3UA5D$pNUbO!}C!I;oLZGiP5>rSkO$pB?5(m`B`!bu8@SiLZCk8xVCu0LD{BK zs4Pvj>G=1r$jLzgsfio3U_An|o}uBgL%t3~N9|MogSi*$9vFUFZ%m`bS}_a!wILAX z;oa{e0#XB{0Rc9$3*B>cANn1?IN{pZ1i1s2`v1L%0yn1VNWfP4$@*8S?VF|=9ARQm zwY*B`tyLlla6Bd8uo_OWfAnENBF<{OtS+3?9I6>kXq{_gYbwWPC(~ZuAjS+$UN8*B zXFpwumxL8^+35wAJZo-M3zMKW8EmbCn!U?YBFsx-`@KTYi61)msHXs){QC4XaOa z5uFgf>Drnm;LhHf8Mhv_#u3+b02v${Jf8i)4@wlzR|9l0JoNn6JLXU^>%w-U5tHQ8 z^R=2wR72KW@E!g~s`|$-qy%E)f%f~FUus_IH>*@+n@O{Jr7t>_~P0q4y)plXbUHE&&CVO*WWXabf`yaxtbVX0&$Je8%bDk=d#odh*qIa%5s>wvuC+v zMCSqd$s^%-VFW7l$es5}1T%ObnUcj$euEcrWfsd#=MDj4I)Z380DeKlI?24{y}govMg z2q2coNWBrLagVxkE2_SUDwOgP*bGVjH(>Lv8q)~=QCgt{Hw*iulfcg(HWaq&v8N`& z>}UqD9IyhHNcM|tCXKY$rCMk|MT@4koAm1VMU+$SXDI^n_u|g0%37S%uWnwIMO??G z(|;q`@29t|aCI7?t&y_J`@q26!qF63sG^f%;k{Rg1%Z9MWE66|1x4j$V1gX}`@J&c zTwsHm9MfM3A3wv@sk&K950Z>0Npn6leo28h`rEL%HWwwUe9vEpU?WS4Qol>f{I2&f zBP6uyni`%9q1LV05214FWshsjP_55)WKI2a?r8sCX7dvp>U$oS9az-pc0__fPP%t+f>?-!h$5xeygBHHc*3w4@Q8H zfeE@ttGsa;KmVt1l#~KMj^M3%$$#DgJ}xSXm57VvC{AhrDOF!=pUDrJCI(jan^4N8h~BaeOl)^-eUiYp(s~3k?=JwI6R~5&YyHizT)S zNL%66ZTmZ=Vb`#5@IbU+M|uxVA_xwN?aIT;bW{v=nT|S@%L> zh;W@#U)^~aAS;a6t!GMGl57c>lQnn_(*1)Emck4Y>^lSbG{~8(l#{j2<}dP(TKq-T zmq!CMs3ut&(ap*SN-ObQ&3)nuSs&?jhj^l6qt_BPaz1vXh!TQu&c3mQh31OB$d~o| zM$S+|+Ccx4XEuggkvZrZ7Bw4?T*?TIiay4Igm#4zj)fIqYQIrm39ZY_Kvp?j#`lTh zN^|g3P1%)4bz7*L0P)F zY(<*X0fuC4Q6q({)n1zIiQG{$7`eE7xAQF%f|jtXvQ;KRvh`x(rIGRwVzTne`?(=P z)^ZBJV#~aL=8=n^Zdw@%WpaF2h|SIUu&(Z58ptLyzk}PFjF7Pgy|2uE&V5ZOcipnE5EWe>f{Wv=B z`QS0Hk9A+^R~6ev6EjHCx?-WOOg}C=5rhRT4)CcjXuVbe7bTv_Vaxyem;Fj{?g-bA zIN!+tot|SC*A*sp4GYc*&=ZAX?(eQvB5U&H(_1hsh_&2iykH-6h(8#WcCWozCqt2f z6S`MDmunu)*{u+L9VZP}ec~j3ny!Q-wEP%*IP^>D#OF!9a6paPPxDZnvFaB)Vw}FG z62o<_<5W?=!K7U3RFqK5*PlE5NXZ!{(soR6HR6O*IuJerjidss6l^(p0`f^RfFtrW zymUmt;gS)%K*In3KB^YE-G}d2_-}LwRhhB}6Bx+A62=M}Dt*6BlaYBGh-_hc8 z*ZZv=y;J^WX1m#)d5(7>EP_Cl`xw<63|q?Rh-L!ViL!_1Iv3j}m-Lh5DVz=(cP)TwkXu zZ*S&9vm$(8C-6e1I~cC{q%oz8PN%OOE5PB)!}h3_gT9Sew-46K(eOgVl5b7}iy_p~ zX7uoB`z4z{n+l}u>T7ckp$n&$V73FjwxKJ(=`!F2VM_rYu3zOO5l{91m_3n1B%`0F zk5z1F7}_3eRTF@E2wTVjMo&3*Nlf2k5sFtm0FtIV;%%E0E)W@5idBA2%EE*(rKeU? zzDf4L4|ZfB+!%q9U^l2@@IT}bUFf8q${z^TTCkV+(u4&R4cyfvtRC~`Z{-pXi(Vk8 zjLu>G>z@@++B#7kmDgZaFHn7NAxXBRY}th?4XpbYndq#8H5K)V20dR}3$>-Nh|BOA zLU{R>*JZ5%jhZ~3-Dx-3Ve63n#H8mH;AFXLvgO81YXw`HE z%9m$ipV;>uMul|bD7X?EB~zdPIQsAKI$Vj3bT<(_y(CP)VrTRXDx{~|c)q~W_zo>o zsgZWdvJ;b=c=?-tB38S$+*^8|mb2bE00FuvC;WA6U5b^tqPiJW=-2s8<@qIz-+Q=-tE&<-hn1qs0S>=_`sWu5`qc zv(H<9x=G_j z@C=mPyAcTs=aNC);?(5@(VaFm;wjxU^w4dcb$p7Ta+$YzRw6p!+y)ZqI6>)Z|3a4o^hAXlZ2G;P)h?7$#C=_+pNG7{10ooa8RISls?x z@Hl8;x6JYc z-CARl?d?2&aDn=Qidgnntqb{b79&-Um(5tpEGvy8~hz@w}7Of^K4sCEcQlZK*(QA&8&$?b4cO>CVK=zX({fHiCq#ApR57?; zYL5ed=>QLsvIJzxWVLO0AR#yv5_v}c*yW1H1K3>(K#Qv%m|V#e&fcL|7KNH_UweL= zcqPO~#Kn8gR|d9Bg`E5DyFZPEBXCbkeW4n8_po#m1F#cyj24UABj^RS%7BcgF885( zJX{`nt@^Vpmf$$C!lOww1v_}Ejis{ASeM@01wHr7m$s6AksqyDsl-wSDp+y+MAk5O zI!X7>3_fw>vDdq`ws^s|7sEh?C(=Jd?4x^nz*&=gC_bakK|VFB!^rPkcIB0=No0~y z%q{9(8|Eus$NU;}aH)*-THE*r+lO@1F58=Lcb{UDxG!S^Wly0#pe`k5LkN%)E1~k! zv!PFIU%PnPwb{TIZtL5&UX2li!PZyGjRdR;IL?S;CF(2HCQvTLM|#myJRIj*Ubks$ z5DxN->+;c2*732mV?N|XTK1DrGchJi5U19|UgbXLMuN?NF6CM0J89B^-a9zGGKgzH zV)h+fBwsm-hM$NjZyKn1&*y#AO9ofZOGDhEYfQt=mPVdNTX)>d&$n=|R7eYBFVZWl z$RE~R&{(5cZK4X!+XhP%PmGK|DJkmvII!rELCA}=H&AuP@cs}iWYf_OUrBw-)7_dF z?Hx<6N@K>3V4x0Lngn;|D2t_jO+HOK4z0^GK7C}(K{dfcBzGCj?!A?KiCBFtRA!r= z!LdtJ(!H-sDsJuWW3AFZqv8#3ES_ntzh8eWD*h~`%?W|BBm^Z2rJ)s?A94OtpT8>I7K97G-h{r5p;YzXE1N=sBIu259NUN3}Oc1GE+(|UPe1q^2 zw$95(D4yhJIY=?uJlnT*o-%;h+JeomGdiu>vZpLjkvGuybvBz>-;FP4PF2a1U%mh* zooN;mg2vykA^guo_2~0uo*8CaNulID&L-0l;vU0Nn2h3)T{6Nu86!{BD~HE)LkIjj zT}29QgkW`Lc`b8q2Qq3pIwQQjdaTEe40vJf%KDYpA_gRj#q7QaBu=&+=T9%I<~fji((v(z5n+Rj-h4 zNNQabv0IBVTWel#fXqyXXPb65xoS1|*V=3iewgvTOcGy6|QVH!x)w`X?OxsVKtXW#qTTRGs z>)32d*6!ygKI>M}d6_SZ@mLYy5_u$2zAmd?qFk~*ISk)wUGdtfVpE~lvUF5w#rklm zRm%_{MEk*2PJatDzR^`#Gzvs`R=7xABFH!4<6rpC=@@}%`0ihVqWiM|SZ<45rJevM zC5o;*@_pI_t_z3@KB%qgAGfs$Q>)$7bSu<_@d%)H z&KXy{HY9RtE`%^?B8#Ip*Ksa`mZmh8aBXd-vUN+EaaVUH_k7KezAvJ#dLGo<1kS6l zr7$hIQ9r@_`Th#O%>(b27a|;jrWKn`Cy>d*YRUc+^Pc5IpmMsdc3C+cA^=qfFnB$0 zII*eE%`C7LwD&V8-`E?f<1M{1Ji7lHAUgYf2sa*F8DvU6z;fNmNPPVpXeg?Z>|X#H zX8bt<_n$`r_0TELRRh;%r!rHi6g|LwemR=EP;)#%i8W;AS^m6lP2b@sx$)hC0?#q_ z;NHMS#aY614Ku@N&d+Aq{A&^N3!A0Xhi-?C6q1fFP<7dD8(s+iK)GSJt?-;cBk2C` z*_oG)-oG$<0FZgBfG4DVi*k2#%BqgWG+6P)4;-5oCeDCI;?)Vzp zGD*c~6DvgZs$2$CqKLQ8^_~#(yaf6c-V6-+nJx2m1P`7IW@Wx1RehxH=$GKe7)Ok-*M1DTEy#Fx0+Z z^XGcKAgF(#t+PU{!Q-NRgS#PTCDmM=3eDXJADUU42%BKZJmh=K3-D!lc{)x0ylI|g z0}IP5Q~Hr6tDnI8!tg0J5i5F=@|ICMRA=tO4y)^q+vM!w)~t?C(k9!!O_7)`UBGjn z$>Qd%{)L3oW1Ow#y}SN64j1XVa&#m>2pZN!pjs4C+UygZ6;dp$W7>7UNT*nE z>ee6WR&JE599M`3v=}h$E=5fpm(H;#gX?+ooh@NN_Y@a+!Ek-VvUXmF5<2oMz0W^l z4gZ82D9DVC$qzA|lv=YYtP9u+I3BJq0$Gur-&mv(b&Q0E>>`k9Ul6uxj5|phx?~M2 z4+ST5T@v?2mvpKCo?~K~j&;g1E#UqhLd%qGXD-u}E41V@6F|?En%?8S@-Ciexa0{% z&#q*@I0e{|2(m5-8#`X~IU#eWP=8&`5X?6wrbxZuXCGz(*7*uv2#|z5Skn`QRrXYW z9Vt)G=FlyJ_LEt&9e3#>#fv+aI>>)t{fXw(w%bR63TzqE~ z%67(*da03X)nohu*oadF$kzg&9J-T?99($bPQlquU~Ar|EYs4L>#~3Fg^?p%`{a3* zO{;uFu9x1pa;25Oz=DJIhjo*@%{5%d-4M^ITEZfr4CMM6r~*~#G647z=J-Hwk{HM) ziF*?IMKULeATs#@s5GETY&b{tlCx=oR?kPNn?@7(Ld9pNbZS}DLe7qY*SmnW|$`et64CN6z|8Ifb)b>6r%P7Ewd zCvcHWe6tw}YbuxsG>0ENn%m8VAJ|`CB{^k<>m_yjV{A17-5l&ZX`OKJFE18qGV7Y8eh-w%PM zxO<~_&_1^N7w5^GjkTs2iRp?tc%F8#s$edKCLdJ{S+&l_lHGLg=#En%#i4n%r} zh85O=c4LbfOttR6)lPoJ`MIvGd3=^Q$U)y6JRJn5tPgL042@%*z8Qa|K{s(x06EI~ z4&$5d%Vv}R2oa6Du!^}+KzVV!>n#=}P!|iruG#67%PPMhGrWthLCmV2Pu}7*IZyi} z_ouyK%Vj&2=!S`rwP7jhK!T(30-bmM`J#2_;@l{Io47MZ!rda|sV{28YUaln90b`7v{kA-r0Gp`kP+#v%CdbLfuBHzLUg2{wr{T4-C{Yw=PLaRU zRT`sl=$;e4>$7%}bQ6GjSv)=~qTI6va=+0yt}g_Jt=6V#VcVY|3Zr9HqVN^AN*Buc zLE10vq7U@&1s_dMyb>i@t*k)?)|Syz@jlRt@>o_xpp4FePBg8UwLubad$;6P}T3X@S5wdYnqKDHck#S@Tx- zAeV*lZF=&si+*;pGp$1C-i7XYSmOb@aeMnj^K|z{r`3f`#oX64vdy3ZW7v-irf(N8 zcD1T!2!^u*_;gzxTZBd(??F<1Ot+YMG{r@%cHFX8t4;6E*m|~p-gAta$jnC~S>UC6 z-T`vZ;E@BBT3ZBaXx!xF^OIAikf*F=F_1a(bV3%OCF2 zKtSeE39--4ywg0pS?DvZiXm^5yR4_APeoRic>iE06WiSSA0{V7t>qH zt+O8|l)E;)x!Zjd7Wk(M3bX}cJHo|veafu%B%G^wd|2k1AEVznt1I)xxr!D}Vqnn=z54^|tLu@#l4%%JT<- z-NQ28p5e(OAt_fkJ+CC|HU!FHGm36RB_#_tFZ+|a z0ZI+m(&d&);E%&_P5@4*Eu)m>|QkI1lFcBmAbVYlzaZ*b;#UhjTdQJgJFE_BhPV{I{ z_m0hOzQ)pS0NH-4rl{|%gkhY;{-I&@asxlzh2O>b$gUj!g?=hSvh%A(vtH5Fuc>F6 z9vvb~n_?E@gWR4F6wvF}ntNBH-0reF`x>Gfo2oou*w?7EhE3>IP0=w~ZBVc5^oQ1$ za=-7f^=wk09bM8WRZ=q?qty=BcfAamrusmQ@!LMLZeNjF!8@q~pNhNe-QqSsFD{y$ zEEd*D_eV3G@Tr62%T3ICCr`Jv>VqPvm3aLmlG)YMyZfNx1-zlStv8l#jQTw;?A(8( zfBOmD6S`(Z6Q&7s|9TR|yu;<6fNTHF>Vr`k{MQmet=E^nnI;eepyE4Ab_HMq_T2I? z&C* zvY!@649n@BrG4MoIK-&CxkCT7Inyi?D3R!x>?e!rr@w*S1MlF2sB-9z3d~eI;7k%5ZeNg=2b<$$wgHiY15OX;1@)K{cA9}CbpVaIpCk!_iRZ2f3 z19uD~bk$C92|$*z!@Ms8-EewO8Q~(QBj|IuW;!&Yms;3()JMQbhF@9V;%0Ke93q{^ zJrF}Fsc=$Ry)=(q-*D{N93C?|=}vrhIIr9BgIz!4MIUBfwFNV=F>I|DzZ=+Cfn}*v z7aECr*VTdXq}DR#^4J++Q(m)*Pk7V!XT4gK}KNHtUmIa{Bhe^1|0(4PE z2o}Uw@AI!Sz{!e)K8(4tp{L0mV6Q?(lgqCxP86-;s5Tk<9;DRQZ=tlno+AhATK=dm zc2K@HXK((O0a##Tz@LcFFH+Lg8?Z>dznY1f)97C1gL7LM$c8G z9^&ZnrJKCn{wg+PRzJn9sdd^KxJ)Z8VHonDVJZ53$78~5C+AydM|SGZ+R#JQbT=;& z&uz{#+&YB5Ir8~^(VR`wSJi#3{miMSqOwz^_ADcM4_*hZd)#wPo`BQ2wtP~;pw_6+ z%jE2IB1z#Mk9E|jzstP1l!wR`fexL??tEd^_Y|EGa9C$jOMOmI{H#ogDNUHA5S=qu zSrW08+p2q^xyjUSohy3^(kGfEYk1n4*)WoA8Rpy#=t@V`dOy)H}w6w~TCS-<1 zu(lFg4pWh=)Z^5J+kmGyhi4ghPR%ZBE<+hf>_Sm85-2P))TfaaL41IpsGte0fW#hn$BHw^&sS&=lLPMAC#at@8kCjM$M*uLo$>(9B>Qq} zSCn5Pac}6LRN?aTSjo<#uvG|R!)s}Dmq+MR`dW6c(28yY2AcU%^V`)6lU6quhK?V^ zw?P$D!UCg-61j<89{ogF)yVJ1N! z&$<(?V9ZtUw0fjL=b+H#CrLGdvg6L)=R{vMDoZ*~@OZ6W8$KAn_rkqIkxw?{f`v@T z?wC$jEpmJ9O(uSd#i+W}POlk)IH4Gj=&udK+^MAAmsCRsIDqJ9vG8O6ss|`Bwy&FJ ztbV6q8idi-INg^o0ahwwt+D^k?mdvM?W;W4}Sf z2OI`2(&Mr}HXh_rV~b_VnW1&BwGzwh{aM$-@p|iRt!3@COpRA4QPQ+ZwZCdug@*?OD)8nFn2gk^pTLjo^u;di$G`0q`RS zqgJoVo5A4gPo>#mn8wyGCSaZ-4&L!4Sgz+aHP@(d0|yznd^_Bq+NTF-NQcu!68|s1 z(M*_K!E`T_`7NOK4!OI=>C|JEiwWlTCdLY}Cr_s8!-<89x0f2_PdCBu^iFD3?r4p! z_mCo5>x<-+uf+9SVSHq$?YATB#(tHV^liS=H_|`~ z*35kYxuJ0~WLA`=QIWXwF4rt3R-_VFMYG~5p0VKhE2!r{&K)-3FJSfe|M<&4b@jb~ zMEvmCODxo${6V^1N+lJ-wMK<)q9Ezb!yX~}G~i9~H+}AEo*1$W8tU_zz`}pqP{Yb_( z>%aYI=pR3tl8iKaPcJR~zx_y){akCq0*t7ly1viy4|^=!DgHciyE%HRi;j?n9q-Qrcgmgi-0+FWGmq~>_Jx{(bCqPGcxhzC_z zq1)b&r_|Fo5Jb{|9(AudNOv75u|;Jp@qf8HM&LGY4|pc(9q}4!IPUg;+{S&&frGPy zylO4ZeEtc575VVDZg+>|Nc5k27@o#4-vCzzg6Z#?J2&i&Xdb>%*R7fVv8IN4364*P zIfp;NCCO9LmpWNb^`rtDegtip0MD zuaM3Dz32^jVAzQ77RTEOuY#uyb39u@Pk)p;eKF6PR1_;EZWV|yYSe2b%QAO4_cK%jZBAVC0L=h81GX0;Qk%M z(Z1j*ZzMHHQ+*hG`93rw5ue~4n@;ye-y6~bW+fH1U(BGWL~;I?_YIZiIY*kevFPJE z(yta`Tc2s5_#WGaSUy9x{wNSQ|2MGN8gy7VXW}rkrR_ScTMfFlD6Ir`}NKhFk|H&!*Svpat_=^Suk+q&?UbeFQHO zuT+PmQLZ|q`9Lc=Z=PEntHMK~PaL4VNr$;`^I0NEm6$x%i1HkavX6W zE9f(x+cF;^hy^z02I`k~6#$bS{hwyXzt&>b_o5Sx#)Xpn#FpT1MYfQ)o$U{ zsQiis66XFYA}~iLdZxlsb#r(LcQK^&Yvtge`j{n&{Ow_{PIQF zkW^w|oU)GVdb2HQ0}5Xbb^y0RBh5Xt%d4+EQ*64EM*^3Ks~U$ zQR8#XT>N~{003(4b$Ev}4@~kA;K#Q_q}%MS(P8FOJzj<9vM$WmWH<)&B3~T1lgHgz zmtAQW^K4UfV9VOng-gB5&WKi@o#r8jN{rKwwZm`q+x7S`=E~ zgbH^BYV?gNI&uDu9!%285$FBwo=-0=LcI~*fnmVdY?OCbiNEU+oxGW7b9ReULpVF# z991c))V+U?8-p^Hb7mGClSuoKiA^JRwa%5 z-sp9S+iK679}{|evU%@g&TmgfC}~yi3Ud9QLa8mb^lW1~vgkuFLkT_ANNCN$hZN62 z1-nr#LPf98_`6!^oKMWwES{NW?c3j6b>7Tl^=sS=g1_r;I?D$2eEbt^rx4e!a<=T2 z!s|7|HI~qc?K>k8Uqvqi%b0xsxM~t)yksAE%~_sTbiRqSjdioZL0{u=52Pym&LfLP zY?|Tk?pG0?PvE6Wc z4^d}=3`nexz?<@Tx(S1c4){Cw2D|OvG25$Cm`a|P3!Wk^qUi%~gI+O0!+0jQQ%DKC zECPMq*3xRnX2v+s)+dnZDvFiY=j>+fD=XHNY-e3eR&L6k=9Oe}8{L7HdTHn7aA1^* zTW=eyS5Bv`De-x7|$YcmY_U(n327XyDA}RRs zvh|Qp5%q?cYv9@0Liech1{6rk+;^!s=k`%mNG8h%9c`_9(;X%G1V z0wmw2SvPc>^t`UwgcLEnbTh^B$9BcGqN3J3rB|0JOxU2a^tY5Z^I>oet@0SS#&}z4 zvq{2BxJK7o9M#YUH!A?oT&;(Uy+$<>s3ySYp+kOM-Bn&D=tL0QOpCQ)h8h8h(xuUN zj_n{@NNJR+NHlJcr>eO$iQ%nNl?PuoaEtCY!IPPS_0PcT<&cr--}ktFD^B;Oa&o+y zwDkQ7p`GkF$QI0S_=&9D=#J?2nx5TV_dLk4;zO89kKegGSM$OR1oGAbT0E|)wKeL^ ze@*U;1Y6yr^!l~2vk|y*^LP~4rWB!_V0B#=Cb`6c;nIc;bTb?|MbW|kg~9%RD$+;? zv^?sgWw?a_U_7gqKgCM!aS!gV`}*ZQfIxGmU9*nC0J{Nho{n%j`uZbqhcp-XjB+{2rmx(Nr0|vbUL1cLj&kL&kR=l6J5ckfsW%fpHrY1AvBJ`kZ@}@14bB~525PzC?Z`bfT#uR*K4V>nW z4Hp>udNx%WTGmgv;_^@0eo;@-WNQd(Q1yT|RW?npt`>l3ZjvzD^xntokL=p7pD^o@ zjf7gNgbT!oU7H*+3&5nNR!s@OQD?vX;&xob%~hM^@Avs#uGx@?W4!N|MB7N)=ubz{ z3eVMS@bNHERJBiR_u0PiJeB!a6S?$9H*EZiZn!QSN)~b-Wm>L&nS)Mz3?g-ZQ&OYu z8eAji=suGmI+6S~Na7+oalF6a_m30p#nw`^w+1G9rdWJ^V!ag&!QFR(VJa(<$v_Fb zL)>(lv}4@1j3{GiI&N(yEjf0Co1#OUqeu^Y2Xh%#ZcwOs@W-oWBXl8w?hEg?$!BY5 z%AbXUy>&mnfMo(0BKj|s{H&1~%1fcOjk`#UNn{}7Y=(k{c~*#@W3ksTj<$L}R{g40 z!Wlxztndc=T~2L$14<-yf8u_1a~^=de#sB9i?;`yq}9Zlt`}UU3lsBKU(>5rg(H*OSK!HgItbf6F%ZWBfjFVYME*->ay6YM=mxgD{8;ePA&kixq&VZG z{&e>rU-*gG!^MF8g{!b>BmNuUJ(i751mu&+O@yN>oGeRLeM#6bUIY*@y^_&ZB z-l3`z4g1JLo7)7z(O}u0q_0_sV&Aj4fljCUIw_p&eF8M)*LSYLn0?U@MUhE=6S-!c zRVGT1D|iO_y3mPs5vJ9YX#Uv)tdwftTIx#wRcDeeZdsdz)NKPyB2dnSpvDFT>frAN zQf`}-Exdl+S&otu;!<8%m4rlXi`zSASl%cD3ikhL^9Q#6FXiXP$zDYogp=Gd)mD@P zG(JqsBgd|0c?2Z(`}4rOKA%T^1U|rFv;o%`mg@ym7KB*wZzm5!S&l>?)GI-}el>~^ zXFo_+LMf@elxPr3<1(_0&<_4^)@LgNaE5dM>uOf`4pQ{|!%t)=LK_g~fHX&&8+4!T zd=2S;eDnhf>>Yu&shd#eRZP8@t4vSWS*Z`l4M_x1RD?Wp%B0iPRhi z0cwdIthq0eD)Cs$dDE6OCu#CZZ@mZdcI0lVmAFDcqOAn@y3Y5;%p4fjfzR%sY@57T zXV2%F+V8FQf%vNSmbAb65;?(wYJ7D8{Tu10&Zo*#ug+O%GQ=!`ZkO!AKwFeN4Z=uL zZGvuKe~xqZg8sYIsBiWOYK-e=frqxV`um3epj7cSzX1tov-H7%7U5119xPsvu(M8r zznhuticKo}J-723h{%gVhE(sk#u6|j*FTK=Q1uY@SxvL$+|b?U&R`(NcZweLM`Y{4 z26zRbIlv~mD;-?JF03X*6V=}tb=#Orm&$lWI4ZMoO?s`2tTe8GiU3(~l%>Tw+!ACj41OkO(0+jmCj+rV24KZZVJO`+*hHx7) zzWxL056obLucU zRUJg)b-b7%WqIJgP4C5FJLQNT3?;#dDaV&;DMxc)bafKahZZ`fK&y|^kK;O2pm^Xj9W z6KhrjO#hhQ=jAqFexM-vAM^VskEJPq^SS=ze60Z07Oiax7*U-xu6aoh@PWMUU91&* z)kwU~@^Dbs z8*A10YyXOet#9NX-WOrn z+Tvvi5LDV}cdGn!;oc7+8Yx5gaCUQZgr4E+m?jUG8vj2{U!-_8e>tCeS9fBjsD>@} z`)lQ;dH%vco&Pq($^Sn?R0>FZR?kG`s=@WY(E+xgzhiKd>c>*@X3IP&fbQM70fJQv zDx`!>5A-vjkI;y%oIVRb&Rw$R!MQh=Rl2|nxCs+F%gUn$4Oh0i>Vu z+OB`u9VLLo)wsD>=k)C@9+Yxk_mpx?Hb}72;lRvOlqvIoJSA=?v3;IxpiLcA=ysU> zd1K_E0;PU~#<#aq7>cyt9O&3fH67I-wk{6_f_8$=ShtTkAZ?2`ZQPqE{}02{_&ZB} zbW6ydD)clfrRZw*s84vR3ZL2FAHzGY`k#gu|9=c`kiVv*k{ff0mLgZFxDWVFfDyBx835L`* ziK~2XI0S7-qUHJ17sNRN7=|uAJEPM7WEgDq>-WC?3IgJ(3|1o}Xa(eCXxGobQP&Xt zN@{lvAc{Vv-6JfXdXCON1_HYVAeo~>Xn|H&xn)H(1CN364SVFP8TNw(v!YFt=F4e$ zBe{N*(0K&*K4_Fa16f3_F=M8h)&)S=5Vw$eGfkBt6ZNDS>_{no@L%Z`|LdJ)0EIlr zq$oN89MxQ|zgqTCV|BgN42(Jz31X8TA&2p7Br9a4f@0c=xZ0=pdUUA<&yqZ&w|MN8 z&C36no>7Nkg4M@`*l(`&GaW@I1Xq5f6)Pn1++X`k%saQFH$Xk8IZ$HW;O31%>WVLt zPBW;<_jvB*9UfRTz=*YLn|U(GBElSr9554=BWv>6tIEOiBy#2cJBtx{tx-r`!t%}o ztjfcRQd_@))uIzhGM7oiQs*|DAjvW#j;Bfn0`E1C+Kl)P{%Z5ih|N$-I?3B&DA~B4 zd~G1d(#NCG`QxOV}+U{R6a+lrTeM*V`BzOP}7Iyl%96NY$$$kl=%lvGF7t$Mg=IBhO? zN^%y- zk~~h;<~=3d;jyt2NxAZ3<;hZgaSr!{g%GER@$yUdIYBf7&(Xf%Nq*t8n5Bl^oF&t` zYZ)F~Ds9PJt9A|Z7}d zGa>mT%1F0rG*!}3H|Mx+=pYXv$Y7&2a!zWz!jy0?N;9@g5oW7;>X(jOUu?Bs!xta^ zkQ3^OvLOdtl}0KRS9_X!kF>ueCA>y{_{#SEs+sunmHauwihD1PWQ*{X+L=Ov)?c;R zf!l(Q(iji>5lwc*fA;N=uPq8Au~w<+LEXO!Wy1BY?ypo$?8jJpfU%W;0J*{u7Ifl5 ziOUoQ(3iod{kmsZ)SXDzx(UOE2HV}EMRw47H=E@bqn+*6j{n7{CLTu>3&|OZ`QzhR<=ZKHr43@f% zJXUnX;y>Nq;#mLo)=iyi?LlgNTH)t<8u{~F0 z9V_+7z0@1@oyzP>;!R`~51?a(^Sepz%8ouW#NK>~Sa?T%fPpOaFM6W@kOAzY0R#1q z?F89r5EKgYkw1IHskC z(MZAXD-Nda==ksw*_FpLto=qJrpnLs*t?#-zH`4^56V=>*f5zuu+_sl&@C_xb{F_e z{#-#k0=2(cDa6Hff4JjDEWxyHWc^M@epDilu2$QozR8ch#x2agW9qvo2M&sLRh8QH zI@~W!5z+&0@EEkpE&9~`?XjaMkKO3XdFnrxS)Pv$ES%a9&VmC3UcFQD7%&-hn35Tl z2b5w6-b=|%P=Tu7A$*iMA!@)HI0hYNH}#J69R>wA2GASG1gkz`;1t!;8f;|% zzp}ja!C%&k0cP&I!uC_3_YOqS(;%vjHo^mN!D8+Ch@k1B5GL1Lor{A7ITmt5CK8_h zbEQ_#CYfJf%r+P-md{dJ3BU9(AoHG4q~X?Yai{oMX99%V?M>>+$~G=P@43lU#HsBg_Xi0p1>GOn zh8sS=6_<#bv3^=K$yQblB<9W^H{4)7s}iRQvad=fJz0D!qMfvsc9L#DrDpK>Cm+et z6AL*>#&tq4tCQAp)+Yi;$#UY`k7MxsrqB1|^_ZEuQZt%%dZxLiJuJiS*d=l7D*8om z{8SQ+E4h&yNgUN`3~3QhN+&l@nl!XwAR#VIr+V$@n!*5Ie^L-?-z#f&le(XXegT>PD~kaQ)d$ST%!h@)xCqv+Y*=${(>#c0 z;(T)5mBcdsK`mTs4s0h78T%?llg3*A`PfsG*soV*6O9oHSL#l7?gkaE=Y(grbY9z&JG%D3P30f}BpJOhK*4;vs?OC4c ztX5fLcCKWG1_TB_@Of`H%;VY^GMPgtQLo?jx+c9m=G|c+x~(I2*s(PePYIb=}6|ez3Na-=a_8FSwFf zNG~QeyIMs?M{RUY`Nc^>9fuC&p!66pMeZ+_W?t1A?@Dd4j^Id*enmK91+H+EyjlAB zY^nN*Pu_Rv-?%7bBx($}pBij*pIqH=mt^d!=4|n>O47YH(A}_+qITcNQ+%8c?JXu9R&Vmo%;L8n zAKbQ=&5ewWiv#5dDT69jCDY8keZ@@nMuVLs93FqEY*G_P(`1tD-V4;le21#G(9WM6NOslWtp3~>!n?z-?K|=^9Kz>%45kT|k8Bk8jI*w6_ewUn(|rF(8SLQc>;e4CmQG#=zwzTIW#PJD<>Ke8m;9hEt%E={+@fuEk9wp*D^Bz@&2CsgeY z+$QESV03wM^iA@DF3ftu*D}i>B@VtmTj5!xhvjq&t;$%diV&{wAZpp`08P?yV0Si7 zJ%9Olf$l+mvZgM~Yvdlc1F$(`gU{X4rRCN0!$FyTo<4s%fGJuxq18aAt?QTa^-5ff ziGtoB^ykUCK-;!-MS`W`5Y8rr&7Rv&t5E7E&&PdsM8icg* zQ-yzqo&JqzXZhG^FM_>G?5=w%BxkJ@bnr3OIYrkU{CQ-uWxC&rKLgw1X6#^s4pZKx z7Z`f;-l_tp1m7KFmQwuasDA>`SR#f&OcT>+FYuXo-T zXLAT+NH92+Cpx?@L3ZgQ9EEX}h&EH@VGp1+fU9s(h&Aeki5k5E_Pbncyp+}B<0eJ_ zkcvEcyAnM!y4$^#LN5|UeA^U4`m~)=CLZ!+tgspFW;>#%`m*X3wKXetH}VV%s%Z ze3l>I)w)UAm}-e}8=quKXqjn^D?HYyzTQv%mEbXX2xuPqBQIy}7HfX~>E}{#No2G* zOAl1SztM?zBkY#iKas{5P&sX+8cMYSW`JSs-%sggb*tjK>~9onwdr!dSF$cZ z`v$odNvE~6wDi~3KKI$G7%i?MZtYIqwFF#n@x>RW-FaQ@2cO71MfO? zx3SdUE}tsRQDIu}db!|uxnkjDsfEJ3di;pTDWE0jWOm=kk#O5tDlpawNW6-4aalJm5gM-(UmWPchm9oD(?^mekW@-g>>ZaPi8$jO>L zhMM;Rl4Q7tS#qLWQ)`81Lesr~dWSM{^@%i%-zu>#*Jhp7PED`uJYZJ-AmFX_qOEI> zzv!s$(TD_->P*zJX@Nnk4|}+22iKm+K1V~dg{{GE2X^dNtdx80Xr4#Pb4BMM1?9)_ z{4QQSkD^UQb~y$n8=nuvgf+9BH9u^qXBmd{Nz3;#Ve7K>#*-w9E{**6E`X;e6Il44 zBoFA?V5hqkYVYbBI*L48YCnBl-hMQjWD{QkD^IikGqVmPp7)gCa0GVe>K=pD+8cRH zam1`WYcVt(2)~D8;;HtW+>lWHnwUi18e071H|Tek?s2BrXPUQy>*+`3nVGNoiy6kz zT-Vvs4e1?9>qt}_`#!1{WXgg`eQ_W}cB?d#95pSZU|H`kwd;*<+!s_-SQ);N6Q1~k zgRIeLCY<+9B6}RyT)&+*r9HJOB%5g>mF**z=|02K=k9QEn@Y2&% z3I&v^!Uy)PJq>fkO4=`U<4kVe}BpLPiGu%Ot8+4cl0cVE01ikLPl9*v_G4eBA5FJO#0ty1Edz`BLdw}LFCDT86 zqWiZ@Pp|3Mu~X*nW=UzYrf~FAE16(?gu&oJKEiY_x9_#`y`}(OaWHwM?_;5A}SC46um!nHu?omw*9YuZ(Wr`f+5%-GUIBo<%a zwR37MmZJ$swdd}cdTl5-J5N|~v+7CxhBv^esbBZ;kva^O5%?xWiDdVn>Aedjom{Y0 z;?o>mG5WVX40ffS3mbORaySy+5%0La>4;xzjvw^f#_juqq!HwP3#-zWWUzBUW4lGa zP4$Wge#^pdvHdZ`TV%B2ac{0^X|rB9;3jB66W;XMxAj!{|7SG^fI}Rrd8kV@Ik0oy z=d+M<1MPFGofgEoAh~PwueGC8x`SF{WgcHtk7G1HeYi1HojKU5Jmj)BRNZkxv+K~AK3*w<}FL%`bvRpdRHUOq3H7t zA-B5X`s|z*2FrA?u+t2tM5nPv|G+Q2C+Y}qd)gP)PYL_~vt7T$6f1*FCQi*`7)oq6 zp6oNXvD8 zp{g(dU!}CT6fFu2P}lTXIgos{ANY>bBH9Ks>Hx))B_vcbuVeo&dcc4^&v!E6-LI)@ z-l7N*0c3K`Yr$hxI}I@por_S7c-MY*!qte6pU-9j(LH zP%3-ju7c=Xp6sp=adlcP{%l5a{%!M%m5Ch{na_UXTIz0&@7FfYa~ZwZk=@-sTXAx_ zH_hpW)5I;S_-UpJMcx;&X>CmLWTA@X9|8H~;_lsx(F9{QS>QQVYGrv2BYT~)t4*p9 zhybVSkes8qX7P)k)w?35{f+V7_e&HP+ULDfEc|~3J6Cf@iyR8}c9ur2ck7u3)P(hH zER{Kd?OrQQXOkVkE!0C zU?TRn`C9Jgj2HKs6!PwkF^q313C+9iz77A1`jZ|8MZj7E&~;oCIB=&0^!nsIiCn4( zds^QD30-;H(pZ`1zhLTu@_)l)p*zz*{=Kqs;-7SSMxn}Mk9N#zhl z)C6gW_8a;BtXQ6~&7@qY1)Tp2F_s6M`0vD0pDw!H6lnbE*bg*_QKCuV^H9m&>s$gz zZI)Q)Q!K9f8@wCE8>YKP9M2tw%eVy(z|x(GoAyTf`uR86P7A=2+jPp5bwXQXZ`uMp z<;8r?^U03|c25Lf{OF7Z`)&SJnuF0XVXO@)xQC(# zialI9N*ihK`>;&n+oc!b9gpLEEKO0*)X<5%06ZqpZY!xqFEz@Mof!FqFJBIvlcW#5 zZg`0BCp6mO;8nuNWRwddw0q&o_bjO@hgq(s1McpVw(i6mj)S(|)y<1>G~h)O12YkF zrIy%PQaJqGNp#}%N(ZHl)9Dv0*Ree<(yD(c_Zf>QT~oB?RA0b$kWNX6UGmee;KP7K zFycxP2*Vn)QiJmY{8}m`Rp(!i>L@p6@4Vd!m=Ge57j34ga$p?1_>|3g101zKE6bk< zc=bTJ+QJf&BUavsDXyQ zD0f{bF)k~3+}{ZCw@=}sHF&D!aVOz?u~4gD!BD4( zAO0u2gGAg?3{{cm*AbNbeQ%f!BOd?!R$A5Sw~2`dk$HL=seg*aK3TL^PIa!rySTHu zdb+|}@OMkybzHUYeRdKkeOxZ1Z0N)YlcFv1qKp)&$9iyUot(dG%?zCb>ywo6Qe>%Qr%I+Q2ZH{YJM0mH71pa?F6}g=o_{268oxvLQ~AZeb0o(m5mW zGPzArbXGA>{C6GE+H+oiAwFXwlt!6%fA7O`84aS*r^?BPXYVjN@e&;ds?;eR@0W{* z(aI-aLLGx>5D-}%LEEos&>Nk^j9Lw=5QcX}L!9k~`MvwwuBe%xQBTQNk-v>ncCN*8 z9h>nxTl9G=BK9Qg4l9802%t;A)_aT`1MVPRziz=IAw1UQrh5}7_~Atw7K!4qzK-Is z{9olm;%d?Ale_o*1uvvb6}3gAs>cVNyzXHg@92NqgCfNB9if3h1@e>3N69|?k(H|+ z^{dis=tVV&t6jsAGW2#=byQhoRuUBM?y8`pE8GbK#kRdY3>fmd464~bjd&PZ_Wl!* zb1&*P@#5b6LpMw6-Hr$8&Vd~^lT=v*$_^X$-7L#6Fx$BHPp8*>6DG$isMqVbSGHj{ zv0C@_P^K=EeXD(ldrEd7>t`p-XNNncLVnB3==yoN2>e-{k(K-q!G)hKt@d9kkMXce zqBgUuye5(ZFjDg`Gx>tSd537_w+M2K9PZj>GhqRGcCA7X9q;HMHr@f@yzL~2EU)o4 ztTK=9?Q`k*jjU&CjL@A4-&q0}s$U34DVvq)dhbiGyJcpENLKR*M`X3h>WMbe!VO;v zvRYL|sppY0@8w1lHe;p8W&J`TxYMQ0a@wwZ^g+Mowu5;0M2nK%Ni631NEKBwuq_2O z-O3DiS)YBth_p7;LGJGMB?f(T9km+2D} zDyqQC^)B~!)Yr2Jv8Oz1wL~Z6&?uWX67NRe!%1+Npzy`WeifWika+xv7V`H0>%RGs z>%^sFWdd+QFAE~3I}%9=SuDJ7(Nw!vd%_o3vgWrdDX4wA7%Im zreC#A=#Hetcw6?r1Os|;6KXCDbc-{TmZEPC*dx?xMaD%Fbf1Ci)*+0-31ej>f}7q) zyCdypdQz_YosCyK(#!C6yb=Ft=N_R=7~^_XJ)u9LOfezP5rtLZc&TmreP$DmydSvb zSS;eR1Bf4bx2pvDy{QN?xskV@mW`)s17NZ-{!f*Qux$9d=eP4b6=K>On?p+%&RYat4hDHlZ@hl|S<(zq+x;swfFOM9XZpNH5!pbbpPs-6+S}HRs%twqbpf zOH)*3ZMG_>=Y!x0YZq1)8!O{U5u%krd{TM~0{5J!@_y)nZ zuC;Nk?SEz){^+HoQ|k*O{oS}}W7360|b2 zb)+F-@4fp4kiW`h?G=j+->&ViUmR&jJju8UW*Ki=C4EhCQLT@)X>K;TGCt7#WGLN# z%aQ}r`CfBb`72ng(grdwBd0)L5>5*VYl(QS0@;NvCs{+8JJ-27XXeD{eGKK)(Pz}s zJg=GBVs9^W5u;7RUY8h#geRfl8fIf)D$)&IlZrkAnkSY8rRGMkW@{Ja_RmQ(WPg4% z7rf;6BBAotwjyF%Xjr?)61G?EcUAk&FUMh*rOTtmwo;OWZ>{=n9VS$rMfJmE4MLK zkP@8u*`NYXoCg)9_}SMV6F{bm(qlIiq(x+kC(kSJBR@WA<|qobA-hZSC1XQq5aw0Y zBGs$#&WrKhM+MJcGcrq94ONhfCRn9wi=U7>X6rx@&D!)?T=SX2U3=k4LfCr_3!M5LI(ly0?8p9Dda(8fi@MMXiJijB-7OR4{6<=kSjE;(0nG0WR1L-cv-H=tP zMEc!xvXY2DJ*M-hR*f?5njOc_+g)k!&{Rhj<`lRFghoL0m*GvTtR2O(dlp%9C5GyT ztQ2Mp9eW|)8k=q+RCnu2QO?*ZsIN{h)s+&44$IG&Tv{JWfUli`NXKvRIi2({xq!Td zO^={`W&IaQEg2LaN=+?I)PpG2n9q`55VSAPfYmJk*Mg03pk*j)A#23vKf4DR^fKd2 zR`PFoJmxYTFyis&&l%^n*U7w;%-0$aBJ!dp^!bhb>9-O&^T)C#+Hl0>i*EbwxWdB6 zBZs*?#n@(F~)6eseZ`U-RYd zZog^E$M{czte(o_Mc!&Dkh_`pl1I6q2Q*2K}X^mIih_p0pn3t=y82yeDLTx%W~_-lo+_+pjS_b9dNu+U$Qswi^U2WhAxn$+0wu+9(Eg+0|637CY|eQVr8fPtJJ!4VmR#hYQ}yCZewJ0JHX)jk zFFctyO#XC?fxQ}4r}b2+HUb`?siTZ9-!}~prmo=`F~Zo#e|$7P1@ju?_TVVjXn(wt z&LBL^8h~p)(fCT9o!%QdZw=nizC1!SN%&5S7~4w|EK**Z$Ab6h-+G#h`%lk0=b`LBFgD?dK|HKBR4i%loN$_ERh z4=AddkIaU5Jb$h}(poD;5X^VkS~4a?Ry^Vj`l)LCUri#|hx7>83rA~mYCd92_w-W=YZXbea>-UcUh6` z&sK1{P>1U$nmMkkf(;b*~>HGQ>d-QfsF;Xe*bnLcz}d+ zErjiF^Mp=d@|J6h$BaZh<8Y$;1d6v>R$zC4x>`ev5b?lLdQEY1-dR4(&~6!7Xau*U zRp8~AD@bkq^VzxmM@qJeLr|>rk1l(p#DbzB&_?m~Yi0kSfv_1c@ZPQifo6Qjdw$)~ zD|D7fAis*0_Po07y)zZD*`drEs52d`;k4<-(c-^QqIt0eqGTsiQn6sNr--5 zvZ7|1_FNSL&yeBYhKAd2Rx`vuVh<{a$O}ogRzDQm=`!`(c;Ars*PK_0eYB`S#8Av7 z9jzS488D%1T;X=j!+3X5Gu^T~<9Rz^2=EJexDt`-?ONZJ*QPIU#Rc{C2-HGO=^~)? znEZGpe{+-=20GA6$EcO|6NR%F{T#Mj@Xe1Y8%`s2(K$4T7#YQS>`K6s`1V3&R7xT; zO6995u1%0VmZr(jr2OI>!JGlpr2Os5VjMd^WTAU4z4q34)DOR)8J)b&+1pkX6^rP^ zQ;HDij^N%>b*mAJ&Bo)?Y{5ZKqIdV>+5INbL3Cj5mfAe<|1}%gSKM3YMK`w2NIu{n2%NUY@w5VXFY#w98L)U3% z-4^)lz214rxv#MSNzsm%FKs1ESD++XXZW#3)zx1LwuN+0dJPL5jx9=xZX3)pLyCdr z6FgOO-0y`<gp$EC$xm&dZV23r)7 zvm)e>eHpt21^|(15xWs^3C)1BEQW1hS$5v1^$()ey5q1n8@m(b1L}t}d;3exz3_z9 z(0(&($YOn|(O^G-Qu2xMq{YYMH?*EvIXPXqq|JYp{tfip?pHQn_UDM4x18d$VzYZW z_8p_cm-BpN8z^YWnxjt;2`$a4)W{y*C}ig=_qjL{BDcFeiTsh@4L^8>-nVW|#naCb zc56~m*Pvph&)83i(**1yJpOi*aA#Z{8;~h&5&l>#oOr!g=T29U&DlcCC23BcrBcw& zH<5C8^Q|B>mQ+m{vW@5d{c*7_dl)zS^=xi#8Dm3|>6v<3w!=@P|8qWDF*oSwnD1Y= zHM>Ys*0~+bqZ)Sj+VkMMc`c+?0{RT$n>zxE`!>36~>)rU#~*-2wkANXqx6;sZ)P3CvhSyw0iYGukwk@FA%mQo5y~2+q8(- zfgHSA<83*xu)paR{%gV}Rs;Aubgbhk^oFF*Zjtb1FZSH*M<2uU=AinW#GJ7AoqGcf zJzImNH`RIxUIP)0H$cUhuSF+$2%~*RS&^}1o8UU>6=(I4<7k!UJB22m)ov^w;gku# zsBFl#Gn(dBb$YGhbuQ>oH5BRAe%G$mqZZTH)_Xa6|g0k2(KmW)Qt5Pjml2mgfHF^5B2XG*9iov9PCqpR!Kg z-yNBuQLv7vjnl%;&c1fDAsY-((t%>#7ykZ*ic8Wg%Kd41;H71_JQIo$4M z8Tm?EI1O)RWzxLtF83jK4dweRIp|P>yyYZ}Oy>Fr^3+8&y&u~6j0fGBdb=xAdjnbj zA8GFa)KuH8fl{R@AOt~rl>h=3kX{0YD!q5RbfkukfPe<+AW92Wnh=oQ5tS;v_g+In zuc6$H-~XTU-*e>5ow<`4$BBE)-ur#mTF-jcv)0=Jeq8+Ea9aqGcdfIN320VFz02oq z@&@4c(R~YZx+d?EeRwylby+nnt4ClO2aT(DquNy!-LQccphY(%pmz2@vaG~^(b?m) z7%^T<50j2SZweFVG45uM`3>ZQf>f028!5rtT{Q{jG%*9^8BZkY*rSnx!B+H7?vjF} zyblYI=lZMzZdPKa*CZq~OZ6Uu2?K;C72@F9J&FiHpavkTWy6&LBmvphilm%nS3-bA z7b)1N*vJ<$Yd~39FwX-<)Tn-ag$}6BMfoE4&V#UP1tt}8FTRtp@Vzq`8HLr}1Bm9Q zix4T=pC;Y_V>cbABK*511|RCl9M+vl)w`2({xR^JJP3X=D^GKCW6I_l$gFf)YMur@ zbyUv;%(&1pZ1=fpeEs6s@4pZdz<>;ZYR1L=e2F^c%6czdA9EEE(5*5aDu`~E)e;TX zc9?LH6|;#Qv>6@MP1fmO272d$uKH-=v?Z4f-#bLG8sD@9R%xEzJGyNDC`7}%P`T;pu6B8bslz7? zyZz7f<}?ss%JSG*5+ko(`=~0fzgomH?U` zBvz8&0EGg9ttoEVl{2elLr|-wwRf%yUMvqe<%)zRs9b6a=8C-w|4L>oSjv!^{ffU_YO>^mc9SdoKGr@9@w zvc@|OVk>7giw}Q%P6hfmQ`DMH-3sJ@37xa+*FIh%Y&azasdt#XLv2YdcrPz3H`!Ao`2)>D?}limOu~+kjB5WOeJR{2ZESy^`TMG~+KpucFJV9DBYIW- z!SV<6<{j;?bP3bp=j#0}(+S4%W0)nUYD^^~ZO=Y^e1$KQUCakZ-Eb?vJt|-|01lAc zdO8zyVuhqEt*oRAczA63Jsrd-?gG|tRr$`PmYo_EAbl+1lkzct&y^G>Ytgn0Sib)z zgk)P}we+XR^o$kdQI&oJo39Gpr#ox4d*y32(NeX?{ z;ILz!mP3r;dOCtDReR_;&itM({(bPnc2S@m@nS~Hoa-N#dNCNH>SA2W{|lb|_t0|9 z6ktv}JJDsKwE_sO8>a%Y=Y!>Iz!8c-%Up#{2!%)L%4!df@D(^9*7@bS{##b-Xu9B6 zYUkDS>orFf-{eOWSb~1SLtIWA_Qvc!KjjzAh$y`pQ5oBB(`Q%=4pM0nO86Zg@7wgK z{-K^|pHqgL?eAmqrZX$&fYKZ%G5TwKf)x-H`202l!-MbHefNH7+ADfnppCq|PFc?U zrA-nw`h#9%5|-JkUeyeG-;dX^Xw6)g1t*bK9DU2o%l1>htnQ0zMV%B|hShnln4@1y zu$^8Sm=LZFWg&zc^O2P~OzHPm_)STlzwFT1u{u^qX>_ReqYf10Ntx|vBF8Mvr~b%^ zv>x{Wy1$(eK(n2PJDU;Z`Y!X z4;UzN3+M!MPqjS1Kc!XnG(S&MxBE14`dKQc?^eywFxWtU%a1|nT(5R|F9Ig5*QW(g z`Z99aX4AF58y3y|mg~`^^_h1x*9J_sx`ltX%Ss1o)byGY==(d~6+#}fxyCli56)_(HncR-?iuqyOh z_f?b3%jToG{U8dt4DUKU{^4PUk2Pn`{M?1A{cSvBIr7df+B$k{xm8m_8iqMv_^y@O zJ?&YhkA7xp>Yj~=AE|eWI=%fkXUB5fBmyze1>`k6?lHW_IZu1$o|ZUidSz53)SvF` zABmXwCTR4-jQxzw6U>2vjrNQZ3Z=Vcnc?9a7jQM1sKO$Ugtf3*F=AjecZzwwx+ZSpju|IF<|{Q{F)2? z$&|5M_PJ>sg*KTzkLt`Rure+)oweiEqiG_9Pk@R-A|qEPT%Kol&dl6L%ow5l;F{~1 zUKz71&OY0fV9P7Z6-Mv0+edVV4igJGW@jV*KK1zJ3 z(M`H-^2++#*T$IbOe`ZJkc4r@(i%_L3OImbu;;eIA-i_V66L$?qnL5e_?M|lCBGnk zKkc+t6E@;m4z@d9k)KzTubaPQJ}Vs)Y~#67FehF?3cA+t;)fBCWm>HQWmX(r&-0RQ z>5_{)Mj_Qw^z1g!=5R|x)<3T8XO0fNV-@_D7yEe|~Txv#Qh z1=$>VPWz2D-RayrIbW~yagH_c#CX9f?#z6T{&aVnFZvd@UJ2io-wW$+85x?r-!aL$ zgO|PEU46Mk5r5t~^4pu#;OXo7A2**9wUrUYQsb$2cBwBB?A*Jb`}t>p?$fu&ixb0j zDTCH;jjgM*>^V??323x)gu5 z*-Hi+f3Vq03arYzE8SE-n@COR^Qq<@!;DJ8`v z-i?1l041wW(T?VbTzVTsL@`NNyoOBxJ-ro;fT@uksI{>1ghzlfn0^Q^Dr}XZT(#_M(GwN5wRRP_+;1 zE>PB|4x!5#c7zQ4hodXU!$GSHWe|esNJ*7D7o75b9rRTuWvj5|O|8;>rN0IdPuxA|IqitL9 z>#g;-!P{?!gU-J}Dc;%%wVxS$+x@X&jWl;@?N+?AWPLh6rhkjFxIzrCVp3Mbc(bH; zuY$pVXgTPm1PPpzGul!KFTGnDdwV~K2NC~CNsgTaUMeFlK86eZcJX^7wFG&XhXZSx znNcf-)K7j1&UCBPfQ=}p3$-N<+E1C=USe5;s zE?k4z_NBNOjs+KgL0(%6^ArV{IfkTBZ{O*BXE0%zC5f=44EI0WSna7p0I zl^juhg_9EUGtTIZ!chm`Qybcyfm02GY8p`PdONByI`lnn99+uOun1Xy-0r*8;QOQ> z;bV>E0-9}->h^{l$A1T;f2(<6t(G@CtSYb1AAizK!T2IezuakZbjW5_(`Aqe{!$uI zrrO`%mbNl*lR;vI9Qu9IC!F-{FQj{tLS$!R6N?5%u#bn#YB z;Xc4if38Rhi86h4gZcKz)3T3vLUoP=P`+t@wD%22?;6bFd)s&~(9Ftf8Uz?okq@zM zep{LnUWdgw%3(de;pA0~FS_~^<={JS{K=dEn&3Z<#8nk2%8lhZwl^%$FR`e4vpP0y zQ8ImgIt>d+hnXudsf+NNh}Ylnuf*CAGC8<3ZYc~m+<2>3$N@GcB#*!N30r(TVGBj&R3G%1aLwT` ztzFlo6Q*-|M|cRI#YZq8NtggyFRdD&@9<-}4Ou7kKH&^|el(3cL@K{bcCBPMt5d+ z<^&6A8}F(?8&?x=An{Bmqm?d4oz=;-x@BYe+8>Ey&D{8w|f&c(0x&_&3jGP74PQrHljV_3XGFz{L6reh#Y`qv6w@}Z#~GLxx4lV)l~&W z-S9TwwY*ur`(%Wh>8SigZiForkN8Hw~9vv%6mnFs`B;v{8@W>)A1^u%O#SVC)ZA{Z2CRdN{FnU3d^DE<{Vx%u^OFQQCAjAbrltC{BCRB#3?3 zz^{D<9}(9Ov~8d*$(Fd0q0KWMp4@GiF=Z(ZD(h-tdtujQV%IFvcmz{}M1@w;3y4O` z_fF{1f_$df!3pBeo)MWJpsL>|o+y-82`2?#=5ihYN4`K4=cRj9FWFdrC1X=tnc!<&@7aH6^6^3q?c6wdu-E-R)kRHDWX)qZz}8;W zKR!2^QN>25<}ilK4;l~F`);y!NgYf$m-h!&$7}m$@7iO1k729Z-|D6saGkCdp!1^C zBjR0i5FuO1vGnV%pjZt?i8|C~Ks>Q6YMF~dT8cCgbD!~@=^fo2*Qusqz|$J;37b)U z4=x&9-v73AFt~JxOA0S#RWlK;7_$EgH!iQ_WXPU)uZbmJ?Uce8JWu=}(i@BO&?`V6Wm)YB5ue98Ue z_ye=jQ!SHawXa>`U&{sk%>$35GzWsn1+Q)tQ_l-l%lBILr&&VCp`=29w-Cu6I6-Qa z!1=FW640-C{0XjSqE%R%K3oSCcw(uUDLUQmMt!YcFy?&qE{#dP*lvIf5{2jhONB1y zhuj~rj^jSd>vk4y=dsCsO^I3}bgp zyoN#;*UDD8e9t_Mi=O#4FIiaTMB7R7K*apdN1X>HdSihi-6plWoyaffb`GtPOhkeN zmnnZW5`dTLO`4rLD&iGu1VW8Rv=FTc_Dd5We>HU=cHC<4cLBibU!N$DJ5nCvg=!mV zWtI>-`z8TG+lhmuV&%2UmKsh9Q*~%%4-u;DwP{VbznC6PFl1E(^VH>%{G5z}@X2 zdU?quw$yk$#HGXEfmMy0*}u*5q!K+SkPKP<xenUfe60<_qg;t<{Bi?imC&P0eUH)K z@_Lc=RQogvO;`5&75ba)fCmAT0s7JNQhW9VK>L8kSm`ARtUtf<;{wa>vMXrZ3{2AY zKZ#Ac1SsqQ6a2=4rf&Y|)02T3qpT&rumnBZySxRXy zpAW_ENCY6IT*fWNZ*##? zCV-vdO1x^2_RpYvuhqzTIeeT5cgYKQI0rH8K7d#V6AtZ0+I`bNgiF$-r_Xr_Rju-0 zTeuFZ%j#G40w`e@D2oUoQy1DbRVN#}ERelSlC?eC8V5K8X- z@@^)0G^cIH#CJV=(4Q>i-|6muhGYNiI3V}U-s|cSyv$bV@ko=`rGOxuJnQzAt?Bi3 zP+8sH=ZNx-=>eBcLD7a02NP8+nO1hdmuK9=(I#ssS!+M@15t5I{hsb}2H7A_&_y}%L$Fv6{cO+Nf*uD&;yR3K?OhLZYB%C#{0VGEkHv$1iFV}Ig1!9dvtN`v z5o{6pEG?=}zxtNv&Gt>rV8l;6&Qd-e2-XoM?&#>iZh!_S+Z5;04i)TDx~FIJKRCSk zcd{-x?`hSVhso1b(@&^3cZKMF$bAW$NVCMOC3OP$AZvAXK~u=Jxp^WjhfOu3Wob#T zxr6JH#Q|O~3P{s?#qqPmFS*242C&2O@hCng5MYP9{e0|3;*&rVvYS3V8i6aTFqX~ zac5j&7$i!Ac9_|UP9paI6*J|!olTqDUqN8LN#(!Tt(p!X3)sfg3$FuA*#$Ps8_ZMI zjU|LyJ@f_PcV(DANg{^pziIkE60&4!z$c6GIm!Lq%i!SgQMEql;xk`AT=;8P#W>+Q z-1^5h-+t>L)+Z4{SGwM_*T>@-s%&|c`Uguo+&N*4WHRyd;jBMGJNVf&9R3nquV}!U zX*fhqaH$9o{}!OGyT&!$a+3UQznGDK*M~B3ihd)l^x%8Vm&93OM;W zh4#Apx=$O0LQ_eu^hNWOgv(*1)cJ|DSLJ4pwE(Zm^r}^6LP_65v|?S;<`vQNk0%8K z2<;!G7a&@1{LYZ>v?-_SFcZA+cjxE_3D7?&eRkJ~Gz_c)bBWvXAg8(nZUUYoj1xel z9IM(Qmt0bQ&3}sBnC4Cb0aS1_YPrFxCS{Tdl1agG`zLZ}82(1>W>~DGY>6&09Mo6^ zGM6wMnT_0b&vEF@{mo4jR=Ba%JWwr$H}Y(qs!Vj%K6gJ|LD}v&+wF=EhrTBvRq8-l zx*yf_M3r+(q3Kc8>5ibE)y~e&{>=AbzBuz8Q!0>N?V04EaOhW?VE2tHbee?>h^bRo zrW$*I%G1}ANT+5r~J4~&`$>YnF6~?J*w%Wb;P|SabF-l>*xrFz#>0{9+)Qfb>5!q2=0#uqt^ijvLG#(Y{T%Ld*5I zxUKogOYHL`SPi#JT#W2YF2IqmpTk;onhRgxB5KHYJ9i9Uk=(3k)Lr zWK1_Lz8*aO{Y$P`YpYU?1kPJd*JxcnpL-nyePnZ;dJObwch*oX(_(YFxx429`Aa=I zM*`i7s?#mvm(pT~BN1HSYNthb=kKnO?k|2XEqwOk)YR3-R#q$%6GX55!!)cUH?o|3 zXBl~a?$|`$a8@lL`<+d;(l&wdfT3SQuo?pR;Efr`n*Y4MC2KR3h?}4TXRdT5F zXqsgmAvDn0YTIO?O{TBwO7s`&%U;1_j*Dzose0gFKl;BDfUnA_nTU@L186Q1_^pF+ z7Buz?8Qd*cX=yf)Fkk-oj zyJ8t8JB5+0RF*(US`UhPqoSoE+3U%A5M>d@*9~T=eWQMVFGT`mcMB3VguK@?K=sIrZ8Oa0eu07T$6x?Z9L15j zCjy&de^4YCU8eKO79jzG&e{(b-_7O#_wln{lC$IBOoH4mg$ znFQWk9|TZ5IVs}T!OC~O6%Y!K`<$RS!3m!}6&*}@b%(RaU>+h;gk)qKL>#6*kgKWB zrS9%d-1NMl>Qg1~sL1)fPgzMfChBZd$>3`OpD1tz1JW_fH&iaYKZc7eEtuoW-&rW& z+sDFqqmqk+z`a?N%S=@a6GCeMK-Cn$KV)5QXn3Y;{W4CW6WFGDL$)F3?A|ZR)W{=|OZ&>aa}Ru@B_X7qAY-ZQ)#y)?QzvUI*9t&e2Hr z#D&$;c8IK%ae|M>#S%X!m#wZ^VGpE$EbSlEaGk8>X*fBR#-_h~FLfh3-zBktwI>{a zes0f2FXilZgJj=9OgHb`2mt!kTX!-9z+=e-Pzr$Q#}fhop-M%jUS#H-0rc&h>rrUQ zv#=YWYh!FH{Tec52h)Bs%qRAYu~#O~S43I<_~0H+){u0fAo(bQ1*#caS4i(*Q`!nu zK>Ct%Bl%^wxamSE3v`c85P4owit@KpW&NBD3P>j*fiGwR$bzE4xZud45sR#qNCQav zv3%OvcHjCA3pWdqxoi0$s!^kjjPRe2d+3J3mSYTb$GYYZhQFT{?-oCWx1k>@)N0gV_3NgFQM{^*B*^k|LR7hz4@#%L@0A#qKB z{lbnFP33Thu+xG%g8>+~py{&q0qq=;Uh0l=!VQs++Tpl#Pu5)|o_vt@OHwHuJgMu3 zR3LP547H%01f;hP=uQ|aFuATHUhg-dps4WCy_^^lyP?{htusGQ{XkrD4wA17We-U) z?FMF!eQd`96U`FoSSqd~D{{rGFrPZT&c@9*wwFjYzUM{jlJ({@lBB+g$xbw_fjYY*mhcnL)MdIM!psSAgEc zkp)3{uH{hK%Q#)@?4TBfocY`xAByGt>h!bMJwCp}!`Y)O7Do;NUiIC$@)ova{94zvB~SNbBk4{dAZ%$PCqaF5h~}m$H_9%y%>L_$C^u>$kUl zEP8qqiTzZgtf8xNVBU7*!V8X;T>}IST0qslPeIY_^`XHLcoP-@eu3M z=I`(M`7rrR0%W%#i>*S)MM;zVC_xuLCqDS=noYR%x4zxIJY?J&rf?O7*I8jOnP$1P zV^s5Rs?l&(6O>;m`PpVGd!V=Y9?eaO_Ki_Q&YAkQS5W!LpXV(qdPYQ=L8b zzxk|UBnqsWCO=Gxd)_8cLWXaMh>*bSWH?NK4{p^ zOFrqRcH8aD*hf!erN*(Hb!=emDi*{!Ym#qQWvbHNS?7m}4UFV5izFL(d&hb?uoc!l zwf{_vxbydK_j*B-npFWs>bti{+?o%(WDpGH#u?0u8&g&D0qKI?-sS=k-PeOe+sCP> z_f9)SridYZ3+`0)NL#gK%tHqztog2d0DIVc z30-%5ue#f-giW`fb2I+<<9fM>#bp8Nf*2hm-v&rp}GOEYI|f7VG1j9XurS&+$E#_LfT9(|UEf z7iC?U(uxpmFDUV$&y1->NhUj1ZH`4$Gw*)2w!Yroc|#Vu zCXHdh?C!jmAe{u}eog&etUV2mr~?>oWI3;V93{&1EU^Q6)C6f2%R|iN`zqyRZYfg= zVSMzB_GAw>$|Icjce>>*GfSw*c&2@6pA4Ff=<+7L<0L&!?3O0O9gJnnx+jP{57?=_ zof7m(N%DtdJ4y#T_ZbS!^J-6q>rVY}lv1SNkvGkUe>}$zO||4VGzByl7s)Yeksbk5 zAY)4}ha1sUmYr*ek_D*l{$73B;&cfq%q| z!qA`A4hD?P<&wGlf2R=_bwa+dNgmJO*I=4h-@glIl3G%S3S^4CZpG%9dv2e7arCD1 zuX3`EE>Zyqb*v37D7T(+rm_dzy!?Wbpl?Tq$H4Te5JMB!pnDhg=*vL~CV*oP=;J?C z7G+cxaveZ*%CT<69jc&zS2FY-y_6=&8R)J+zah(_X9GLUYQF&E1)R?XHV{MlM@wEk zo5m$Py8H;vuDDOd+#Ky?%kC2@# z#d37J;70Z~55El3x!`oTSi8ove=y7QV?_SAQ`MB);&A?S6;t_zYdBT|(tx76;MAPy z2qyHUn7|HLQ)~R-{y*O2KZ(AzVbL$+ z!5d~cX}Y;b78x&TOg_v5H9ln(u6?3?wy5CqUtbQRj<_Acq(n@#=_|Atu1vAx=0q(7 zPAnf#PX|(RpTqtI&0P+X5Yu<;kT8P#RG{2deMnTP_%-Bw3fbNI+XQU$G1P34n&;ns zL?(qzxn(nv1em*uq|DAnQGx*5>$aa%#wf7V>~y_DP(Y#x?(i=zZ*-2Y#_04S-nS_; zIDS`X!*bo#$<==E#@QG}DTl{IVtMO82db9+c zUgwyp`uVxM=rD~(Z|_I)z3D>>FeWiRq}Q08+2s&CZ%%YDEGy>(NB`)xqCI5v;i%#W zt9}+kr$~|HFhN8Mn%r@;k))Ci^BX4=O3|=aQoq05UHLGcP0x2uWt2 zvUafC&CinNvUV)0BbCsmud~_36zWWfqfOO8uGtW&(QMBl$8BlFZATa{xY`Y!;IrGS zsP$E^r{tve9vIjq%7-P|XWmlx%DiuPBLo4(V7uD!P8=cR$aAWkub~!U6j^#wyJm$x zH{M%9RRJ1aotm=+Np$-n3f;c!)XrV6GPx^3y8TC62v9BXKe9>r`dfo|h353%@{l@t zZ7Ti4`7ije##yr{x_@9va}Y4}C_CnYeShHA!vq&P$69pkGQu)To^`IC89YL36-~3$ zr$o-wl$;6hyS5_iV>3btDBR!Sbjy2^yR%$;4y9+XksI>YA4@BB<8I(ze5Q%KS+;$^ zc)y8O#b$g)Mh*Zm!(0dVWjWIwR=negSuTpkM*ztV1_Wze#G2lRvH|G{{JgUL)B))& zgwSD!iJ}NWZ(FM0O3yhf(oX!Qpmy%=Bl`{2(}a*8OL<8%Yj=^D)|j_tIe;N{QcDpk>WHq1dyHV6xZj4~NEU*6|Wp{5Iz)F-n^taz(bD zEqmS=5uWei1W>k5+tE&R(J`8xDE$b|%HBi!nnq>3TMaX>>T=~?0}`Fcqz?iod%q}? zN=c)?$w%Rt%Qwykuy2tNagjt11QVT_3oycW{a$swSZ1Yt$dl_wpM4g^y7FU30B7g) zHdy;y&T=<~0^lnGF`1l@_>>L0hqmQ)8cdJ_6p8sW2VRCxlHzwz^tx_YzNV*DmlKvq0H2r}xZxU3to z=1`Y1-m7m_<*bptsJE|tj66|U>o9SsqnWot8`vA*A%+~YwQb^2af%Wcn=%BlSnY>r36f@FkGxv+)(*(BkDC0KLzaQqMO*!Lr?bGs?MDza4>eRESjX``|pvAhChq2GP`H>cTZv&%4KkoY3a}6AAo`jfxc_Q-~62<5Ppn{bO zUKKn>k_c1q!cpw@p|!7uUSTw$#5EZ4_HkE@eB?2$9Fs$~sT(8$5t*tOkQRzr=kSkN zGidJ)KWk}|qNSg#_8I3~5JPpzIEj+tMh;^EmD1IBE;$_^DtWscBXuv$VFL4mTe}PgU z*GGUFw+CZ0uNo@WFyi>Ze!r(4Sx`07;SWYJf{7;mmsXbus1Yp?K3(kpHTh0#(m*`9 z5VzX$X#qQ1SNPqpaWSaNqE=(S3K0GJJzuTRUgAZ{Nq|ES4ZjsfEtl7&g2~KXP#ix? z^#EVMM9a+MzLP`%rD}Fh&BIgXvW$vc43MB{E6x!{v#?N9An*lBZyua#(URwqzmJf9 zoz`s}ke<`QAm+XqS$DcW&URZnqaYx?#LssqoJkcgl~`a;TKP9e3kM0@m{7-|b}M+$ zG&O_sdn~4*nKFQpb{G7@zb}$37E^Vk2ux&*Zh@Wbc@qiM_SQ9HgUpsCBiwYb3;kFG83Dc zDf=XO*vI`*Y8EbUR)~}vMRlW%^_t6OY-9eO@pJd+i1cIO(9+#!01Mm^BwHnDL>WtX zr(@^E6ZIP-O5oCj&Ft~*weFaKn%Z*!c*r0+79CeB_1=~CN;+Yyn3yWUB`jW%T~Lae z1m&Tr;J1VIQP=8qO}@6m0`loPkZq?BJ>8s_dkDgbz72_LvbgX|9h*b5=032hal-FtlqzSgYzqmuc-P+c5WKzkxP#ZNncDhwQ|7m7> zHDw0oYY zEQv$COL3Ux|1iXDlesbQx5OTeU^=W5A<;o1?g!<#D1loI#u zSp!IAb|8JrOn^YydL@a>J-odthw}HrRz7UBS1~O3N0h{!T)(Xd-UG7PPrFC9^az9m zDqJxSxlXPi0?d7oc1s(mjX>qpkgHXK^Va8S5ZXo@TLtk^k!yld)2*9D6&&2@B5K|P z-3#7;E-^d^r*&NIJkMQJCFohd#zN*m5sWLc&z%#jePz#Jj$a0j-P0jKsLX0+das?Y z|NeS#`PEc@XQieVqiRy@42@(xR%Lrvci!@ZX~52}@_s3KQqTe`cjKOSe{D;?i4 z-{;5|Z#u28)rwwrbD0pwcqjk2#ixHm_5}k4nmySIg_T8&ZcN-4q=C=N16TPv^Ux!= zLQ0TXLW(*$G#l{2o#$J_7bb6piVsDAf`PlqP~U=Vs;Dz`P({6JyPVyPuuF$0-u?N~!6hoe7HXySk_ES8Xe4 z?r!}edoULe3Pj=5yd)3IL_Kw_Tq-*eyI?+!j`Cw&%#Wrc#XW9_8dbAWs!IbUh-uHw zfLBK5JZ|!MTNPOn3#4SXwWD>qiP##WG?nmD76zzkO{6(jNEBH%bg4j0*Ki}}EVy{J zwI_{cGVd>&_E6(-`3cCa%*!!dTlq>BpAf*;aLY0Lt!_n~pVK42z$4BTF?Tpa(kVf0 zY&^}=yx?tx+IoH5k?2&*+*1Wd7N^p};~RKc0k3vjs`MlgZxsLv1j_{=Pr;NQ-PcSq zpqjB*l-{qsC^Z3apQt|dR~KGet9az3N7;D7*rHe8PJyd+gW1u#Ea#IRAo{-mVnGBb z?vBcGsht{n&89Qs)a__2d871X+ne!%(OnVox8neBS2fHAaEO8aNabkNMF^olQDwam zRau1XxW2HU~^;u1*!lbV2w%&lT_9O$uUhE_=x+>hcY}U_LJ;F>Yg3%H5}~g`L#{? zV(lc{dy-)jPnNg8lDXDSs}$@tzyBC95pEv?1eoI-2XTQA{K#oFmX;SJem}qC>-f22 zk|H)fMKq+mRiy%Xz}>tjs90AmvKTOrT)wxkc-#9}g-lrS99E_(Vr26U0x4MdkvrDe zG5d*8)hQO_^0T15??hS$MzC0InGOMaQb=qCM|LJxN;dk9gdBht+4$ZcaMKDNo40Mm zODKqS)2RsJR#k0VK8d4XfpI$6)G@+!r`zeo8t;FE{HRhM9~#JK z%^BV<@VRJTdDF;BY)b>tYJ25&L}yJkobuAJ09$(PnHs`b_`Jm%1@!6&fD=;c-^xdQ zin>&nlpPG1ZT6CW&-F`a2U{IHX78$GLa0S0&f*+5Em~&6YI)?K{?$A+HFFp*uHG@W zZxY7&vC4728URVy>yW7J=ihs!VD!<3mQS7f0Qx8*=BJ^BuSfsOx|4Sj2al?p!wGJy zP|ca1ECe_-yxVV{RLeFy>VEaA?j$E30nh~w6+EEr>J%kS&a?=k5tSaDoAmJdfjs3y zPVThmP-kBkjAC#6?N8CEyb%uPl{@bA_!$+bDkBnDVw@ux zqaL7YlU$0dRWW+Q$(;!#5VUN0Dgo&kY>$rTLIveUGO=mFi|U*ybMyz=afe6aQ!S&T z-FBsmzK49NS9V9uRLo3kZ13JE11bSJUgxI=fkuJ>IqSMW(@nzefo2z!3S=cCL9@q8 zyjJFI!!mlo1>FG-7J>g)Su=>9rwxuc(f^rLST+|!YZgIOAG^80V)aTYFO&R|*Dm`Q z2ha~(!x2}zw9ctYz)s!^<@}fOcRXqt=vujP!?swz*ujvquX$jJm?=wLIR3bNXrlIrz`B)BT~|jVj8OH+6GZKvm(WhMuZ- z9!J%&;2{LLejBBoWRg9dI-W9d>q&Mq_gJK1U}i4=HVkkW5tCv{KBC;q92?y#tKWui zk}FSTId9xJEv)(xJFHds(*bKT8Sz7THG4S&!%~MLeed{-8!sI;gFL;;z7UV68E zqF0kz?SxR@Eg8&t$Yi}&3)ZW3$T5F=591sX?(~9V2)l3^z9r15DaQ--yug zy#G{PQFAwQr1jF;spJL1&X5$nsB`>+$5igRZSoK{L?f_gtNpXOoNwueEub<5qxBT*qWYu|9kqD_Y!`C9`)TRMULJbl zuy?wD<>0-KnWc>{?F(b(08}h@Ig|ccKKw%( zsxiTX>X<_Ty927lB z;JP90yyt2#^1e!LCqLb-Z=B1i<3TokhdX&fE_rruX*; zHmXD28#E-w-`7*ps56dsQHC%Jzy=ir1883KXVr0@16I#v}-;F$QcdGG79Pf2R zRqnX{p?9x9ALkRpRiu$2A4Hej3lx0{BYZ6G|Mc%ZsSkd4Q-v9&0;+#a)~C z0mYMXn5)=%OA^M;rTU8DGDFHo{;7k~lCClxrc3OXwMP)xRL9T+x4+x>g^rg5e8Vx3 z4Bm9wjDL?NCbzMN669fNO?7282{F*{o%g-TTmo&RCNv;b@uyr~$GL|P&vJWi*;l8B ze(-IoHX#5RDT9{>A8ah2Ax*thedsNEEhhKUn$mLC_B>y(wQ8Bs(C&d>gs>7Wl<%8i zWaZc&d&CxVOaBtHtDDzyco(26yR3^G&PK@xr7EWj58g~?m9g0J<;lj#zl-;_IJ!?H z#v3#O7T;Pq)jZ9O+s(yC=hpCM*wLF+!+ckULm!E++{*1!*Y34&T!{x*00++3QI9R1 zoVKsys@JC=nPhxVqEJS383oYK*yE|18mkVb*v91jo=6(6voxU?Uc`49qeh zo1IoU)vNRP&1cp_9G~?s?a>Mg}}YEYqD$nWCtx36d_I=hwSGzMTK6 zp1D=AaPZAKee@AucaG$s4%Kw4VX3YtGgrO2qLv2AJ)`U6v7Dyfz-MG`gqEGEiFgzu zWWkj)Bpckzs3XoxDmA;LC13*@s*LkyJiTc02a}jCJd6#xmw~~_ibZOu-%5)j5E|E+plZn^$r!7V-A4U199i>7*ie3w-%^ zQxayQX-S|exkUyH(Q;eqjp<)2>c=RzAC;N$@WYtfJ%)JWcM9~(kBqUOQD(lz9)M{&J5${R} z`?BJt(8iMsn3!M?5c{X>`Zv1TlVip)mKaXeWKW<>DnE${NI*-Uy)(xw@S7?^w75H? z{`JO-l5j3+7;>7WC&e>#m%U^_eL(=l$I~de)M2n|Mzeo0{YDG4bHCq;2c&HLTpY+1^Z29;gOL}*cxWo#3&jeW~r*&}3UEFpx*QVC<<4cYg7N%pnuLe{Yj#u&`= znZCc@v;6)%%Q?@Pb2@5L`J(?S;sB|CH!FZ99SCSL zRFq&SUW2J?Q4s#R+RX_!>T))g9FjAB-hi8crS!Y{?w?^xMLm?VEL{GnZdBEmZUD58 z+cxn{l?Jm@6JV)Zczu_lwxj!<&;8**T{h$BnVlV>qzYE%bOA!CUN^et* zoWHHpKm!;*3gxry%aS;Q=>w$9m(k`!>Kdj~HAA{8|*`~V;TDd;)_`+7;C ziE20hDO~4E{}bl1aSv3C;Z~{|#c$`vt?RCB#BQiNpFyGzs}NvvcmxuGoXMl_=L0TO z9eujkS-uEHx2!o*bWt~Fz4#M7NPG$4M?M2q+t#>j(u{o$<^<;kdC8a66n3JYN&}$l zR!qqc$?g|Z%O`gzL#tW5F+Ggj=DQpH_bsW!Y12EX$_o?+uF)EKNYGCPk+WMU41CX(# z^_&M9AACn^kvD|ob5f8@bdNNveRuY{#6`y<5BMtW`yd0XWl*IeOoQ!Df0Vq0Nd#zkc7A9;nq7Vp22njN;Q8a z!m?PuEEhjqqkqMbRV~BF2|Hlsn?FH=e{c}GiDY!B9_Wsjy~aE>IAj2?h6F4dSEElv zI^|60NCd}iBN~+1K}!bvu1c=iMq?%Vk>}Qpk5_eE_6Vagh-JK<6bzsSv-ir5^M*%6 zj03e;+X00Qklvk3J%@|M+u3=9}J=M7-R6H#QA!-Fmp$ajt{i)u$f=_jP?$uzf+< z(LNf{IiK_fDMoRq<7x;K0?0y+;A_TzU_yz*4|bjGV}vfvNR>Hw*q z>OR${i%+?G4DVXB<-|hHSDt`t3^GU4_0N?vfT}1YSVFz(69HkM%rOmE>Ag$6XI4Gv z+_(UAmPEny`3(1T&aZ=V7o4$e0z;o0jDG@b-~EUj2gvX*0bL+igYKqZ)}HzygU3qf z5oWdS!mZh185M5`=yIfMUb4mcEB)hrrsZ}vzVpV4u%YrkgN5et`LUXh(*w~pJgv+N zDo|kBsI00g@8SLX<`kjjoh^-b2u{tGm>95AV8mP8`{mO8`l+w}Tm^DNUo@|OxQwv( z{xb5=c}t(UDjL&^+!&9|L@Y;p?}eLsqW+0^#X)VqJ48O53G<~c0j(ME&RMR~k6(r( zgrS-(!Y6#1M8MctYT*0#<9#{c<5j;D$@T~8xKN2ePUP?Y8^Wp8`5|IjR2}4$?{5(1 z8gi!&epeq4L5@G700|8|uJ5FqhW(_FTm~mvcT`5R7_BoXHZ%E}iE>7V9i+f2-Zd7- zG@fl9E|A4dq_wM%bwNsNHG$pJ*h$qfXVh-Pn{8cvx;Ea)+3_p-&v=}ER|Y%e;}5Xh zwEdJK_o0T7-J-+-qlnKgO(O{#SCQdNq%%eb=k;9WwbGvcRBl+Tw1 zTlFjy3y8Z|M^cQPc``(Vrj_J@&>2lDzXB-^at&9=wZORu1(?uD^zmyTpZ@Oyd#+Nl zJ@~(onINW7U+`8Efg2r5SvW`bV67iFop)vS;QCun1}Wvu0MBY0U7I6%(8v*M^t(*; zLfLZ_PXM8Rg6>B#7VFN;%v_>_X|QgjhKtWD7-I6=Baa_l({YThq^iV=oZp@BB%9ZHf&p z6oiar&Hp3zLo*DB{k&mn{7a0r{?#SX{-iDr@aLiy_e)A1ii_Lf>pNHpL-+s?&u}+= z6XAW0rswn+4*cmv4B)2hJm#-HJi|?mMoJ=6zOrd=5@phZ0E$yngjmCv3#4YEFZO!l zu4%y+Kyxnd6Dgb#^=k(r&($ zxarjaFgh(3r5$1d8qf*H^30be3(jpg12~jULV7i7zLI`miz>9Q&#Fnq`X(tfa*Mua z#LbZvU`(JI><{ri3!A0GJ3D;`tLTsJDj{npiCOB`pc(4rtfI+kLHvT?YJC7QNW(yp zME^`4oKk;l9Fie)z?}q_DbM)1AKvm~nH*Qd0Bp^4QYh{Q*yABE`>+V~Q2rS&@Z4Jo zo+*p>X`1dk@S*A2%s6KI@$~tCIYUDA0pOJ9x;eXk4wKew9O=*NaJWvf(#J^OSuhZh z)XdW|aH}+lO$q(0(BYI-BP)w={hs^+{v{sLKk$L+Rg(RN+ufNlaf+t*_x{-YxL`M2 zEc{D}eglMBTH<2o5luDw+Cv3Mm6Ft`WY!VcGr>PczcHaM@*`pN47X53 zM!8_JY7}%+YJebv03cPPJ2biZlcMD$W`ZE$LU;P|!2ju%|V{!Jg5?$B`m2I?n>0*X}1}`UZLRWnE6Je?hbMby(hr-RrrO zk!QLfbSzvsej$4)@QX*k3&Ta{V?Z5h%5LsVa989GCa|sqg1V^pit_&3xx+ z-8&JR_;dEs7V~|ZmTxUAY$%u*+#6kx>rVx4@@if7YyU8YDl~nZmF}HEEk63m-{1a$ z3f`csZV_A8d3`aS9jTQZigBtXXaES;WgKID=DZEi-eCy?6LOA&KQTGeY*(!)i-5YtOe@I5AwcoCEd#NVaY z1~Ak%uG(9ECpy2|{&64={8DDl)^?GEy&=r%X&@ro4*{OCC4CYiV@&#D8dN*SPb_A? zBC?FZeb8r}Tsk+#E>0P$QiWKaUF%gYam!h0jfuZ6kuT4}L$mdNL-zj<5|%Sgf&={Y z=zuT@bc!1}M_PTezXl<%92qWV0m$~0U&nouQEOq7I1n_**WP2^I$;k`yqU&DTeCYE zC=>9Vs4d_w8qTQ&4Uj)E&K(PG=6KvdV@Km~M8Y(jPf~A`d*$e0K0`@n%T;K)n#4iqv8s8zL!Ulq+Nsd^-O2gJg{ugp#69?st)1a_}&&9!}$Y z%xRzE+;FX)Z6qmEiokEiY1gnwr-`ypQChfdOeUwqlH%6DtxOxbkDe)%R zNC(;m#IDasMaAhmn~-&yLts)U5>Rp>n@4of2qDJE#Vw_NAu4T_tvwO*7!0IC`Z}05 z>FrVCPg0GqOOO0~Rev|48_^uZ28-VEt|gnvB!+O{+i}O4QfFisk|tBYc%?ot7I(%+ z^+P@3Aa8LIeMQ^poR(5dP>-4S@L7#q7O(rjMeSEw9ZUrrpLX z8Gp21{b#0S1PI-wz!=}6$JDhwLaYL~=b!s5P=mY9f9uihG}SU{-NqYEno1CNk(SpU zxwBD^w#2r?-kk&ZpaB$H-XD@k2vaN57kO)r1TbJ>!cpcE_A#u=|V|U23$a0%Mj-j*LIl zu*pP{9XCuC(gw2O?q>fcVZk?&JqR!}DiuB0#(gv<_0^XVJ^W!WgO;|j7oI)baT&FS z1JNd8EH`p(fXmfJVoUkKBK zY4WzScknj6?#TJ`k~|dGUk?PBA#Z)&hNDM?wkG&A@m1BIxUJg83CgY7?b?t=k2?E6 z#7!wX^onsheF$I1iW*w6E1@qdO+cb9H8od&3ZpG+mO26`ILa^!fUEySbsNmz1Ld1~ zT$lP+V*X!UsmXm{Xt?zACY$#eCBsGyDFg9=9gr^1FehWVBNT@M@ej&fj$JE?)E`ji-CZ!K3Mza2Ze{QZ+Xat-3c9E7 zaMmdPzRh3kw;GPz3J%5axv1By5_#g0gjktyjP1W)>oItwmUE!rqfwV6`*5#1(qQSw z;wR%BuLT|*q%C%Y2&g@rOd)~cUS(jo7pbLaRktdWJ?!;N;AZX^Al@mYL-9Y!>%GTN zcGP|)`r9NqJq~#gRBFlHKxZ~LWla6b zLlyxi$ZT3^*Cud$)n_%JBE#n$beqYV1rp!-i23rJ$?pgElURxhPHu~NSz>^NjDdl{ z19nl?b%iFIUm83g>%59EB}?KaYhm(Fr8~%x!-{f7y3a>2bDocWr;xK@u4aImFi3)g z22$_>bhuh=?^|%(ex(5MmO@`sd&58e(tBnnFOjXbJeiwmT(e8zsGy1)j~cK0QIGAh z|5a#MlV6B!Z+jBC8nPogRBp|_F-zKG18Dx{Q!}xA|3^T@N5V!~YJi}1x>apFc185c z5-&w1=~*>QNdyysRXtMV^v<%cMoQ-^YSp}X-v|m2!1yg7&;r!pQba-ge<$|ottv4J ztzUBMMvZqdlHK{Abj!l2YaccGj#9H|Eosp@99;?$UB(&LlF-k{=YJ%Xbu^RjTS1UP zBkR+qA+#GOQ~$_~;J*PXmKCp)_k1#9T!i9+{8NsfH%|!6R_Vb+!Wz5;;(smAFQW4Q zCk#+h0$>0h6){0EL9U{a>0oCaox@=kbzbf{i*A0221_5Wxi%(L4ICi#qnJyeOcggT zDy+L~PS;LVzu_}W z=Ha<%_x$<7txKSclUp|oq*K2xd~#S^f>aov?8NVn9My`uZE+Zedg|2<)$56BijIA* zs3QB@<0U8vF6VZi`NNI7gclj*w&Z^mi9+9fY z3}IOBSnLbL8ZAMa_Vw8{tb`CCC+=~sSUziXKItj3$W95a_m+vX?ej<=DgF*5#ehWY zxgml%&1X&b@DgM|^UcBrbbDM5%2VGBZ7>^0Mw48$G>qK9Jo~3=hrk&7Ck9Pb{+%4Y z3rkA+@-2XzhEZ44S#NpgX1@5zFr?0W(b4f;_Lz+eZlAS=AarqzngP~g!z~(4#%9vl z#P%OUT+H-T$&WVp*QkU4HbDCAiB%t}vOIEV%v4GI2El%W6c;lY6(!cVJS2k-I3;VW zg?qdUS+I?fh1#_XHSWm)or|)YvD|8e#sw3K(6~VA)Xg|z(QEWuy{8HL{ek@%c<35` z_E6OSS=X;fn`31>O%7K2FfHqG$2k&@F~(tAp{g4{KY#vQjE0DBhR3c0^0(sy!ZWs% z{?nBva}PS${eEqv&R*qXV488yt&-pDO$3A@2=WK2SyLIydNr5qvl}a^kx{))d(h}s<#-@?|ylU=)`5s*K7b5va0owZq;H4QW6z)$rI3!=W6tYet7gljDHkY^m9>AQc!*rvc^Ge0&boZqg1c&?zE{cOd5>j~qFJ}( z6WqK$F`?utAPe`;ltE&#Hy|bavE-)ZneCEuenf-{D94u28O-?SMl^0#udT^$bvN#XT|o!mC+pSz$NJ#xlJW5jKjmuU1{_<4BEjZ@WtI z3mA?>wKF6aBiq#{s${L&)_A`O(TpUcv#K>M*7p7^{;nOnhJxn2IOco&JK>o{S3<-{ za;j|_o41{##(rhYVLtALX>Tw@g#ATtoo6o@R8FSyV|(TBpvPv$s|6p3k!Kzv`dZ1kWr2-AAQ;&4^&OifPy1PJ2O~N;m@~l{6B14dn zfz@i#oF1?IP?7`?L@7*YsR4b=^-eUPQggu(oI7HB*JpK#RonVxEL*RQk;InZbfW!L z$U~}weYM+u#3>%Wzy*yg-blNo<)xHlE#ZMd1ZO7r$z6{KqIYTKh9P?6WVx%N5u9IxhRT-Krbw8wjQ zOUq82#m1MSD|@-U&f--(3){=PF920tV1C@E>N!LV1K{pI2?Olms^7!$d%qH(S39>UW^nvl&mt*x^Tlkm4V2Sp7@x@0npec^fr|YGFpOZ=Q&34 z6Ov)fvXX$X3eZO`(Sj{34SmhQPFV;aV_7oYEA0mN%9(`srT=MpLOSlz3S_1oOG6KM_K;`$bjj-KQvHky=!*;hbHE7s;IO2&W+lfK#w$UQlb3} zTE3s(rDgFL4ZpMreb@~^8W?h;_7>^A`uNuS^y%^r3wm6S9*~Xml0N7Z4zSu&#IEG` zhFN8B`6+!57(Qgbj zYMugfNG@Crky<*=5<50ZKKU-%)rF6FV>#`-SZ@8)#og6Lg5wp(Y2yWqQ9>A_j*q?Q}18kU~S`at*|%-+{^= zl9#GqXge4VkMnZfm@LL)(Re@$K^1}c5qOuXkmKQLINp0md*xtzp5nxx zl-FefLZeP}wNgL!Q3nrS@=r5VipY=1uv;FBDQkyafRg2H|5R!@C6cqw z`~N~uwumj|>kDRPKp>FEsPsB64q#(+0c(nt)-ph_F8~<>#ofUi?|a}Qn?%F-nwF>_ zG~O=MT!%_q$!#)_Ov-!9ow6_MYZq5jL6#nvtm|CwBR{IUEA?JfV zcezzTg(3FFqo@4jn?IEk!+his3;1k-2XrbD^?4_wb@o*=)`Iv&7Xzp;R^O&UJr?Ld zWaFy~V_3gB=ld*IpQwehVMRi+y0~4vc5JB3;tV2tR~{Ymsc?dJYP*o+HhDrz|Gmbs?e}0rHmhK- zjL8;(w|v6Z9}s?>K<=qu?eF4|eBdRXD}I&63Xqf3ha5a!E(C}QpZ`l3h#A%Vp~I-g zeHPp!j8#hmO9PDW3{jj>E-Sz12U7YqK~aH3EKeVMy5L6nYXGG;`V#P!GRbjJ#W3^! z7IzjQ8@v6udb^Ff#$h`Z zXiR@1g~~;;p{rwWZTDfEGbHvMRWQX`;9WPvH9qhcriujNw9g6+w7(}5QYX7&W{Klt zr>_GL6~gp&>Kfr`P1pdf%=VUU@ad@^M-dsJVofX@#d!u)Hz^{GE=rG=kbisc;kOQz z_YKeGl8ha}`X6M}{!`+n@TI8N+Q$8qt>p}I@whi-@)e+Hx$6QVIkCUZR$W_u6g)ebm9lqT zwX?@a?($zS*Pp0!*fy_uEpx216M8&jxj7uey5)Enc(OK)RF%Nqa8$}+mq-$tzTu|U zpi^JSH4Q-;&ky;|NEDo~T$CCNXC6cOC#xQ%9?D4w87)E<<|(!#t>d#M=wg{9J%VT|()so{c&iqu3pP@Q`z^e6YvLjydh>`y|m z*&gs9{yj!MFetiNYYr@4HYy%jb{EBE79 zMHt-bq5p)sO@O||w0&^Pao+D$7GC(u@XDcZSpoW7FZVS?W?&N2v>O1=&K-ya%^R;U z8&kBLVWh$($$dZhT}8XN;<=j{7qzsduZl2)SGGjn>t&)*pa&Ib8ll)kU2ex-2u=sS zO^!=sU!FqfzSA$98{ZejZ=a(pDrTm==Ck8PO^_S#2c%LE?24*%qtkvL+yv0~Nju?F zm`&TRs3{by_Br8M@6IbHCqhnz7$ARu{C5i~4KgT{Q*b&@tFY0G* zaz_Lkb#SV%w->#-m95oRtNgB#q+8ZgfcFty`g+^B|H{9|yD#!AjcMQdnsPIq578=;5tlF3)EG;kbWG1b?UeD?^&cWPTer%FU2R#e3-60=+(^t}6hhvS4BQ1}szT z57we->g`~MPl6a&ol?4D3TqHg=Hosr&tG6qAeHEd@DY3~_J*k&*oHM_=)|(*zJaUp zluXc+^o^l}#mLf$=+|_mFI-M2+cm=}-X@Om@5*|2ON3k?Syx>hC*w8|7jw*cCmLF0 zOJCR(R~n(t7X{|9D27(?a@`pk!c`|{F<p!M@pb2`^nk8OlFSC&_~8r^)*!E&tSgoV{2$E-IC`Fn^hgM z?$CqcHWs&dC}y(zeQIU`i*}+~&kt(s@uUK|%dbWdOR>EQ)#$LJ_DhLK?#S`ipa3nJ z`q&5S+}^R{YmuEUTx;8RZ%f6D6mEU?mt`~Y7^;A1@`e&|(>l6~iU}>CcIf&a1QtxL z`4bzmJvrR@5!^IJBLCu3C-6(#O{6Y}Po}L4iUd|O_D*o>E&zR*da#R}m$@%;1J%(q zAoKe6!Ce2tsnOB6Et9dnxY_Jt7TseKG=s7=5VCU#HE`hKo z=YZXPlK=6Gi3h1!aM$#BUPO#Sk3b(Etkn6}E2C;li)0aCWWFZSwOcglB{W!hG4!?? zc~3e8$ep~m|LXnSw)|X~mvGaldoWM{fA0Bo$*zQo8BN48x8h*yUv^-RJ^XUBq;byU z2y(OOdURZ-r??LrF|>i2299Y@pc;Nwp{;hc!%j@*H_=tv>00!(Xi8R|&cXI<80|?t zxs6wK#f*n2sr|QZ5`*Gz5jp~gk_^6Hw4QBA_h6c@Dg;|9cy9Oc3_1>KN`dXh>}T+X z%SxUGQta$vv-1qzVw3ZzEsjX?fE!oJ=j-4;eHE1yEbe62k>^T{{l1T_#QN+!!BCoepVep#b&>`HPu~Di9G@ zKGSogi<6b&az*dEk=?LgTFn)GHWv2>T4W9R3Bp8@hZ@BPXs4%e_l4E~9mso{bhgm4!;fB5NF7*6h@^_=$3NH0Q2@P1og~w^Yyyqi323%jw>v30e^9rLv93EBP?wttIsz z_uJmN$V?dQv(^>RdK&CW9vvFKx!S#r2q$;($>->r5fIFi?hWkEZ#Y`)+uy`5&7d$; zxBOyJ3a{dHuOq&8|1c7@TGl|#kPrjYg!|oGqog_z;#J z{LzQK)#L511MYp2g1Fky)0eyXUzX*V(+nK>75VpYK5=bSP$YCnacmuO9dA?tTSdCBUYkHy8Koa`{7oAsA7F^C8q`kfF7HI7a`zN#hzd#24i zdSAgY+|nVh4OIdVICLZ${;Yt&JEN0T=t$Elh2<;j=nl!KNPAl^`mwY{Xa#%T{MN}* zNdDA9A+a$h9YZD`F?0t#Cv-lvIcO~-Umj2F;?sv+) zhtI~r9om8`7rFzbn-*9d`L3e>4l_qUFY^H9>QV+$g&?}rP zSz1@e>i?7-e`3x*ujpOhFwOjBda361vByR5%Fqq1#;knXbcM~MbrlL;LiuPvoR_-p zWIVFvo)2;>M(569jquFHSicBrkX3}JtLA__Dx_fK5(B)GM;TQj>?dO zCfe=*SvI$=7jBK6cr5K_jE~v&KLF@jvlV{F`Y~# z>$H^QNY5GItL!isV(8j_e8cCGO=RIOe_l`^d2wA9S-8vnw@aZ1UXwkx0bd@f8MN$o zK+c!x#s!=fInEJZXXJnhnK@_&pZ<0*87N6DSdkV~0Blm;_S9epcYW#cjmd2e4-VAN z9R%^>j?kW~E&wlqJQQTRy$X#4QS3OpBM%ij`t66f<7P2hZYl^%N2q3(&iipGYdk5g zRgWU~^b$$2&x2?7<|^ji+dZ^F2AV|SQBv&inToVb6uL{U0g&Hc2lRu(Z7#4XDaS^{ zNp~()6GH{-56rSP7l!O7C*CmxmmXCBceIHQ=Ozj-l#Hcq@K{RRng|e)cq@XO5h;zZg&PPrPXsSo+Ei2`( z1c|hs)RK90Fzhjcc}b*BCdg?SypOg!Qp|vl*s`xjmF%fIm!;kT^XW^5!Jd=eFxqomOal9TAOAgBBtKPi8NV=4Ib278#(I9zsgH%H(A5v zFPrlF1F-^IYRILy8>C-qo1=6dQ*APc?#{Ic%1~Ipde!?1S(w{AplDjItR*X=G7=5U7a+(lzq=fSLIHK*<3hLeQAQLk*&R7YKvdc;^HD5%Z_i9PSSQ0 z-(`0w7wxs!xpyrSjb6qqH!0^UXB{WqogekfA+qPKS`)G~2{xIN)cms9DZqc``}+q& zvXJV{wf1K})D;;Hdkyq1f{v{;`Y3@FCu69-l3bXxXAdK=U0sk}*W*|G+|`!N?Yizs zyx818J2NwW8SZzR=oBmu_-5Wq9578vQ9kH@!2ExH>!;44>857U+C~TV=mk(dLK4_? zdgqt-Gt$u7fXpBT8jw53a?gbQPa9T97+gsvv&;LZFjGF$TXFuyta9 z2NqaQN1`|CYN%@0b!N9=YRf&>T5or6N~P3LwF40yNeUuX&{LE`AW?ikP)=RX<)w3< z1(Sw?V!lhixIsG%`hnpXvOxxWYiNt@AXN0KvUM|j7CDs`q*(Ac3;fpoz(lWlO@%RVD`>Hf_;4sN`Ad!6E9$ki8RLa^+=o?Z}tQzY|J;^*sNV8Vxzr@ zb$r#Zomsy2pk}{WD*;XQ)cSox!|_%gUF%_DoG?UqMhDRuzqAI2P8=PD6{~9~+u_!P zjf4AR?IU&Ec8;~RKYU4-jMCxSIR^w?LSPL#{>`8v23u%)_bvMA0Rk0>H4FUwFnWte zppwOv?GpI0SNk0a1>&JAV2`34$tYf-!pq<<=`x?oPs2+bcPv;@-z?@&pz zb-V8Y#mP5qe20@orP?KZc+ArN$)*nzF_gC9uo=ZWAA&k}%vC`gfFX|)_F-qy=J9IPYgy3h5B`yvHQ_1Sr)7Be%T{WUy)&U?- zF3Jto9w7e;HL=#jk^E;9v|N>f+B>IwV08;H$Fs%@so&J^E!OQo@L7gqF8qRm6Hqc2ulX*?D0}>1Sw_*3 zu=Wgv1RIzNb+~n0bUgja6-@;-#qCv9tku!E4en2c5b+@&F33E}+@0tUMJ2}?daG^jKXa`B_9oWoJW;Xm;^6Lk>y!RCj6F%n-L z|HJuP@Pz9WmF z9++haeQCEi9-BiA*koJq+88nzNEV!}*}#WKPG~Aowotw5+}Zd3ycIh3Ohid>{vyc} z!R$U)cn{s~bjT0QT+*~l^Ldv;OY z5N;*73?i1I+I0)$RGpmM4pp?)$$y_NQ0;-dxN}e~9eABAy4LV6n1Mvb==Jvisrv9& zmxi)@hVFIlJ*Aq1M2nU5J6Q(pP&$TDU)t83Q*54 z4EYssuCr_KQs{h=6z|ky?NcM}Ibt3{MepPkqunkubpDq zaVh{Aa9mG+O_j~3b`Pkti0d%@Xi%+@C6Zv2so0s;45AS``+rVDw8=NrVu(8~j9 zb$14sE9`?!y2~)j{>uzY8h%95Fz1h>( z!xZabL~R-`M@4F9=iY|sWB7(`tv}kCGy3R#{9@z=?eBvbi3VEJ8qnzWEFon%7X=q= zSh6_6M3-;BAq#&6=Gglkrh}5URK3>l&iJx-Do20Ki$D%!e!AVRugWKbrW-SHu3B@Q zthf~#A$x2@6BzzRTI0_Hi^V&MGUk6;lI*Pr=dPZy~RFO6yxNqJsHM!x~<$yK! zf%_-$(Lq)KyEGsW?$p{$&J5<|W5RX;8Bh;j;n(LT^}SCkX9rirxM0KB%Gs&!bf01* z)pD~!K5tEa(B=DFoGCroqx)2&FOSN_GqzcqkryNm3rwx?(AGzenFpp$*p%yPf!eG} zO9>YoBpf6v&y5ARu@JrjUgEPJoqPRcmF%tazGy$-H8*TTO95&diq|>S&(megH{v)w zELx8x2cU$E`6Q%9lnrdHe_cuF7Z5_V58V+?6=5$qTdsGLA>{XN z@s8@S~Cd^0}^kGuP_Ht2BZ7{gtfT?uE56&pi8lG9FqwY(E=#2Ns)gKgD|! zzkx6AgW&Kq2klYdjiJMn5R^7I4=sHlS)5c}(Scum<(rjJ_oe`9&>JK2O)fy?3a~$F z^^Y&Y69BKMn_{`${$u=s4-=;A{cAynNGTo`%;#N=Zszzqzjf@2Ah=y%VPT|T_soxz z4rC3QOtAL1d;4C{TKNC*ftY^jBPWJ#A1pDP0iEc<_+qZ}p+-ds7XU9?cyj4_MSE|> zsO3v4-}J){A2Q=%t8ee$w)TwRrmt$?GXVN!%yEA#LukFvZrPMJH!E$g+fp~(^IMGT zO(10Ld~8VVpy~lrQh%^!!B}aIPpw&`4wFavVhnz3uB5N8C$LL;1HJV_u%&ja&^<5> zOSk(PPJ4q@7(Y_pCEIorb-aVESI^);I&0F@cVn>^Tu}P?mJ6Odwi?BzCqF9gYd#ok zUEGgh_L+6!AI@WqjScR46Vo7C&~VfZ$9biEi>|S1+L(nz)(eax=d+&qh?O5XJ&+8D z4EDa{r5PeW5<-Iu>i>{ScW}E*Um3R~eK9B}ddR4zWiSX$Uq0Lv$ueogzyG8{c}c6_ zWUB-6i5<@FeH2BA(}F(R7jP@8aF2!P1HcVFxh{#Y6za{-xaOxo3Bul&rf^$hT!#lP zg>6+Ns7O^XX41i1431D!hHhLsS9N;W+<51G#8H;-ayBT(rrP*k7!ksF5-0uNfD= zJ(~C7XvHO!zY*IrO23A2Jvyd)6>|R|FUU+^d1*?e1yQjdr?x9iz4mzJXwh+>iK(13 zg3-om;wHSoyC!M*z{Aor>7Z7(?{$MTUs$HgSCxs&=UsmWSSEk_T6N?A7aLEP8e|Aa zZ?K z%>45mCnX(NJ&=nSD)YEn_x9=4HfKIbM7F`*Ou5tJj~|sAcdD%McKsvQ=~w*X_QHZd z{Il(pSl?LJy>6qQMj<_XPs{K7{XD(vwlXg*Vm@XE!sM=!U0rSuH!*z?$YnfY;JWb> zD8*X4k5V;OtW6IUJgWsdNYn zlEUDCDmHp>Xhbd7sSr;RN_@iZdHGG_d!S|srt(YO45A6Gi4=#$=(UJiT7No{95Bd* zm9m4MT7-rQv%v-$BHR(3!L9g=+cy>Ve~ZqMush|-us)o(*kB=1ScH_eg&Yr=1!Z*` z3oK>NEW#^iW`Z26BszS+miCX2=QLVTD@X3S@fA}OZx$RTgQtHz=+zZSW1(gL$^nb{ zsZ{*u<+kYgh#fjfYlDi>l9}I?(_1SV75L5|@x6ee`nvOPzD%M@8R|LhhSXBBKQe4` z-eCh$n09kW5km`*aHdm1Nkf~Pv?StKd?d`pk~|M&$s>T*|F^?hgs&TZO)iP$rUe<6 zmh`zHI&CrAg%1)w*OM5{>=dGa%E<=Y{lyh_^*SWwo}k>xh84>`FDU1#{gnF;BRFdB z%F~b@D$@^i6l(KF2D2@Qc8^Ed+F^caKi#gnabIT|aF$TbyrZ2Rm$vOVD!YiVet_(p zACi@W_dzxvHN;&WGsqWxB?a6DT_ufIs#nH#euRok6eIa;Rf|!kL|^(UuD^<0CBg2q z9f~Q@-;_Ayw*7S}VQC^MlkFU@*kgf)ufHlff{$M(H)tnNZn`lyGydQ^e3+j>MVjHd za%Xpw*MU2O>S6v z7Faycx}P6NNtQ@n#Iz7nlAeZ)r63f_uI4}7tb-xoXIp-~#%!6-wzLG!%twBH*~uQb z)Y2csiG0^~{nY!}*iQU^ z91)K*ct8C1W1ywPe&Fr=EkjY5p3?({fo8%|F2Ny6yuHYw3JzX+a(gMJKt z^OoOBqD}mRv9qK-A4o}CYdO^>^twtv&OTUsiBUiq%k#fz~&hMr3#XKrJ?mUrC; z5F|EYV(M%%!84fG#y-F5jpC9Ik2otwe(|g)mrvKS^?upzQa?;~y+M;1aW|dwwg@px zagdvBOb1ltl3%L2{|v?ZWZ+!4CwOcJW=S)-VG9^IoN+=OvD~EQ#|4*ow9n@A-c#2n z(2C3MnqR8S=(NoYVCJ&h^He5o$iG>EulsS(YdhQ{6z63hERGf z@OW`h?x;|+PF=#tz2k+?Bl(ve-4jjw`nDN7owE}|Ebg(}$>y_n$M$$|Fxv1_^4QE> zUwVCpYue=k_3SrkykQs;QMTG!PW%$FeRHgOE$pV{kB|-RG>8*--9aPc(Yoz@Y|D+; z(~sU{ja4FGE7_mMvO>L|hq-&RWBaCYua7+^=Fx8sCgYu==Q{a^$zNpW#4iTV-*-N+ zLl2&htp`9IB08bByL&w_zPTFoX$McXX_lOn&OfDed7L#R@)LhGyYE;GX=udkZ#&X< zNuW)1Wu5e)sU`78dhk;%ey1mW=_fG*PhaNebiMrtisv3>TNG*YU0?`(7$!O3QOCvy zDqsX|Xh~C)>Ya|wfUW*Nn1gv9=Fu$AKDQ2ufQvS$+f1h;f%Dve`-er}2G;tXR{r#$ zr#Pk?p+xUY+Fk-zXG;$JqHF#+b&D9Pu+A?M;+LA#|H;ah)Qme@`;k%K*Uyv<;!49i zccRFvg@A5(!co~tJ2{O}I^c1yA}eOhLtDYWMLJ|dexJCK zEF!x@Cgj&?pMwri`uyKFQ)r3y(v)tOwPE!P^s3E-nZ}8sxv*i|mxsVnP_F}>6!B-E zfNPmpO+0r@M9%Vsah&C&5*2^R<@4(uMbWQwe3}QYHp@a^a6Gu@;|~AiIIA4726^?X z&E+7djhb>oGBDL|lZx?OV$r~EBzL?DS1PUx6Vb|&(d0*+k4`72sX47}so zz#1hWRB8b$ERD0IqZ00(TEp^f{7FGLC&Q+oQ{TUnLA>gvfUtauIVKgFxc}JdS~aL+ zG@IwOVr z;A7_$NDlz5%5UA*a$yTH{6nfqdOg=n#Y*mn+78D|z=FHBXap(VYd1#Dw35gi;*H+P zlh0>Ibo5hWfA-drhCcC>EqX|L$ix8~Zs1hBVoU(R8M$#HX%_16bC%rqM~6#n@5c=e zqpht&axX6)dMN^zpWSvmh!<2aMkpPj9vEmMz?kSKC+7x!0O*eC!Jjj#3o^j5(D>a6 zJ*{kXjyMfy_6zCTk3Q4`{@P6&_~13tXS2rmJ!2HmO@DKMnkRIQ);IAdn=SV27Lv0< zK=IPqv%VIP5T%1yXlbmO@d3fI& zU8AFSmk^fAjP;>18e0AX#Mv-sD%YcQTSqk_u#j9?s9Cec^YH61p?lWaZyP&F>rW1C zZ~zeoNM0P~n#q917fpj)`K5dcKTb-erwH)CWy{qkCs%SCj#h>*&|vN1M$~QTwL5fFQQbHspd)W$K5NHY@#ykC9TJi(#UnQ(r1wk zOEN5iGvS-mcrDLb-4LYvunoHpuG+9AoAl{kzyxM@{yJNWgick)V)RYZTH6*WhIYCu ziIVOTiC*FSWNogl*W%Jc0D7Bi%jYU|0eNQvr`U$#PT$co&F9b8nOHX)I#it&y1n6& zh)&9~_)v?mdMUlruLy-E7jVJoU9``*LK%|F!PyaM@k=iWp~?lVZV;H7$ZGTa^Mn8B z7Y&y+FgB1$)V5q8)}knN&1SPB#}}2Gi=yNFc-r=zld%2jZEu0f+=OP^Te%r8^FDFR z*Sf7{Ac-B1Hmr3}8w&h#A+GEjoy5~r$lMxO}KuRVWKD2+Hi zas9TpR3J7PY<<6s4iHV3Mr02R8!zstsBa_3f%=g3=ldQv_i(C&0?|hCKT)aLe$^;p z4b2ZkWP)=CptlhrORX5QRbvQs6tn_u7$1(H07v?&?GxMS;pQ>m4p)7f4Nj#+NXwMF` zzc^Jv_O^FlI{D)av=~AuKv;>f-p4NNZ{W}Fke_Y{@3n!@ZCR%W=whDc%~=??>fhzw z{`LrB!>6dT{zn?P6&<3hCSO((W{wS(wcxT4g=M>H&yD2No{;+$l;JQ)7 z@zy(cl|z>*Y6{piA+mtmDP+*P!WJw`f(w zQi~lIZu23x8*7t8+crRO7ATvyG(|x<%aL6Qzj*Q`+`R zj|_?R;(iqpFPzkf!xjpDUMO(3r3YHY_fS*OkFQa0_SAW!hb=zL*^wxoN*O%ocLJ2` z_Wm1tUmj28+WlP{5t*_@nM#vL6e8me8x`3ylOZyXm3iJ3vLltq5Voz%k~uR8WlUy5 zQOG>c!+YIZ=Q*8oZqM`l-uLr<-hbXt|D5yLwfB8r*SgmFuJ8J;b=iH`5AQhfwAfFy zDi{5s02|5E=l91ffZu~{YekL<=^o1nZQiCd)1WuiKo-PfqO@^pNrukTy7p9bn^<$* z;e7~7lELO1NOlvKI6TKp23?%XWwXBNOnsv-oSKOf8Y4N;DWXp_{YCh5qOYul;&haM zzPY~V0?la))X_;W`$h3-mQfeiBloG|-cpH5>op$=|Kf1_o77Pk{VxuuuD1jSC$dQ; zuFc)3q+R)XV}{}Ir!5J7wS(7=$7(TVh$jr*rX>%gxx2E^=}l8AmXg`3bDm+6Jb>Gx zQA@Qc3wVweOKrTfooR4j~u?NY1~Keh`dPIpR{Et=R9SVGmAgj@;pD@`dPJq&+?TUaW6$C zX9q;=SZI4*&vX`^V^!Z1xJQaz?6vT{VBd*T9cRl=#1hbKu4`y8mHW zu$1IGL7SSo??K8-GtSdmhSu{4FVo3> z*09(wVv$bc=8_}SZ2douU+PNsC}XhwqEj6&({<35nY~S&d^*oJEc9b+XXm{PQDL2e zSiZi+&I?82`bHQ9v&WBONuu*ASCC?sQ+#QHU%bt>__oI1HZ3KNZ}Rm|#xLpalMTJX zoBwU(=ioC>53h35@QE`$f_-HhZ};AK{nSe3#YIg$gG#zSH=XbgiGfSWxAR2iM)VodrNlkK&9@nN`pxrm z!)?>nDctBDQ1|z~(=wSNtx{47Wky7KPL;cv;D}qDOr@9}Q<45PWr1-C;rCK*I(r0Q zvr!+^0$AOYesb&GuwI7&L=n=7JRx>d3M^rc5~&9O|J`T_=c~K@-#f|RlMW8Zlsf#t z38u?GFv2H|)ON*%xaPCmDopGjYjrJ*x^+3fw6L-Gc;~G(DL+3QQTc(DgJSkIySlyb zAH)QnN9W6Mm9>GhrN{MYcN;1{>}IgWYV5V2jONlR#&Xid3$`RC8N zM`B;gb>u_|HUaL=FRiF~sA{SobQ`c&D(7U?F0NGvCT%F^6nWfR)O21~UfHB=n36Xb zZdAb%nAJRL7eratz7ej+P#@i5Gm`DDk4K=xa;@t~(B6kM@E@YCcd;FI)AXcfUC}r5 zg^g;8VIbT1*d3d*2QH#xainfj^~@>pt)^;mBS6`BtHRbx8A~uT!kf!u33AyMN}g>+ z88_rE5OjD{*OTbGyRrmu2imwT=UmbkPxac?SQ(!*w{nx3C4Xq&x*6P)*l}B?^8Q)z z9F9*Srna#e;loM1k2pAT1LKDdwXU(BInBc#+Hp5c%f)}DxNPF|!Jd3cCl5Psv-{ru zdOa4Ya{1Kk+$q+~{)=mSuQBeP=y;VrFz8*o{epBA2R;<7t z+&MDbZ3H^RS)rMrdX#RJ{<*|Eo-RvT29vYb9@o@f30rnQB>IS{<^8Euuk_N5zQ$2b z#vFsqQ1-2H??+psja#LB_(YH0$@1L`if-0;g(J(DIP>f@FsTyNd}_&fZikl;2YGN% zjh7)0tfv*JLTr%XiUr>M)a}b~@g@9Vn((J;nk2(HNnl#*=NqO*`BOiNYd*U_f}&@} zq!V6b$VpYz&_sE4lcmr;TVANipxqR+R$>l*9bH|wG=SVF)#&%KvvtHGy7{~j=#3b; zjfSQfju_mk%*{!C(sfrs$&gjO53%wKx=iRTw%gNQ)+v{p+r4djHcC*!yM4}3t)y!rwSdb7xiqmnc?(I8) z5sYzvoGuMpiP#PD;rF*-*~MK5Ps;g&T%Ws3RA&i5LHfEgxSJa}0oM9-w%l@xbM_y) zwDV?8a%{;~p0-liM}1Hkh&FP{Vjb-RB#f?yqMjfb>ml2i@BS(?r{3>nLx(+t5b}Ri zrxJ8~{YoUNIf*7eQ&-tCeOhsp2@gsF4T8kox+7^HypS$|$*yRxi@?$Uch0{6^SO5;89d3|={!VWO>Bx!Bq zsIQ%IQwWSxqpe{0vYEB2l$J|p*E>R|6!$9m{ z+n!_kcOzE0s}tMPG){5&Qz~kKZL|a!F}Ji;bPWkMMlGhmFE7a4)7L{Ji z2)I^FUqVn2bt*B{3>DIyrbK^RKRE7b;lgYB5#9j#10ag;R>tQOu#rHHoBzS#GE-UzeY=UxZCS0KHR@*nrS}2OlbDrhbXd;- z&efMY3U`7r`16l%?_I=E(+_A^X<30~t(32PMO>#HxCQ+e__N?McBDgw>8lrAFi9gh z^yfACb=m^HVt44C9ew@Hd`Je#9^8(e3X`D>t%UPW>=t=TEHL-Q-`%jw*!K$46vXGC0CGz+O zG-3{&0cIX$Y#QNGqPN9wi5L7=r+D9*n*yFo-^^tPJ#Y-!o|aJOTV9PC;+PzJKz22z zFrbZ!D3L;uf2pl9GAf*ITZ_A5*QDDN2;5i^ca`i2%S zfUOdaMWG97dX^fvHchv#6pT0XQ%+wU`?{QQ8q;Rstk~k7!t?UvCzpkfm2*jFY6`iQ z#WssaJBBp+C?VcOy1BaAZ@a&-Hj?)`I2`ty`xZ+DmDYUnU<+(Ms4Z|BR)ufEduzpl z^23F@aa*HL08EjNc7%OIeig(9Ij)%R6*$6%QcNrMy7;PYtMmZ@@vFEgd`Fk{SCFFRkzc~8J{Zf@hAc(b-+k{P4#lT4D2 zQ!?c0XhW?)q`3C61t7J`O~N2kto;NmKD(Ij(ERmcKZt{gH{~-UU{8EtM)_d`kSUwD z+wz{mIQ$&IqEwF7rCr3EdpJw!o^OMWGzF5L>l))@T;sdZU~i$~cc{G+&!w;gTx02| z=2|OCCG}N{08|hJHIeEP>K-a&uYPvb7~j|(sfX_()I9HXB4C{yUHE12XsQK07J{%5 z{2r27R&%oTz%Znvy+f2!bgTOkH4 ztCU0lZ=;c9?(W_LnX(=kZgjzs8yUT+r%VN#Z~TW6i#o-#=%qDnVJyLGKAZ`gLYhL0 zynp5kDUMroS4#hur3f~K&M;|!&T#8WG)jfhzfUVI1l6oHzUMrw1K&-$iUdWElZOGK zhO=YT7M38(cAII~3={wui(D0H^ifZGz;w#m}XL-&+=0NJ|WCZWMqSYrCH!=QcG>wvF-h0%3$aO)x* zqx9koWTRHznYpkZ2gU)!e)h{L>-~tM(EdU|MCB^p{FvEV2v0HqBIoHL$n8D*ApEs6 z1yZSFGXegK6jQ(#UFyvSgZg1C68mKDJO|ggD>k=m+cjQGm!mNe%2pwK2*%Ehu+(|Zz$ zg_0*PZ1RY07WHW|oR`@jgBsj8LE98x$U5dQ?JRvmN$UJB;@Zx(`|recY|1igvcUV1i!rEM=(x(-UIi}^a0BuI}pOje;yob?)6m}yg8lbH+`Cv(WSB} zuZb=F^Ip5=K6xG4&vmH$Nox%!xA^8-=V(B9D5_a@T<#DS&fv;hp&q7HnO)#IOqf>0 zRmPDr9%lm0$A@!JwHDV~oMQkq)jUX(2%+C~6X!*<1x6M0$MSdA2k$~ifMhml+R{XO z-?Q%)*63eG*<$QY+oa*SmWyWGLup>NzPFWCl2=ZwamGL!Z<{0Lw%#6=qLUyMvPuJ0 zZ50_d%w?IXb;5KAqp}5({nva64dhXIaX{`5NyvUR=n&Jz`Ra@yYkK&_Q!Is8rv927 zaL3R;Ul4l)y#1kb{14>~ts(k=j*Al`>r2?2dRL-nlp?j2+e-=xI15h8ixNy&Lh0U} z%6frNQhK&?FSw=x?g%968q(=SsOr9m$_=$@>T2-aphOpe-V%sWZM$(jH2@T9$9N!5 z_$Vjt%G}QrH^=BjUO~Ql-R)}!`IeqO)w&%A6ymE+t$G3~#&S0nSBqdA_m*nd<9^lA z^Xlz&O{aC|l8h79e#gYI)oV)ZG4hTV+JAnXy8kYc$Y|sNpxgf?rzi!ZMwEd5s_jdv z&s-3^vF1Ajcd-8>RqP^-A1~f|Pp(&d5uZeL`UKk08aPO`KjN4o0iFtS@D@{hxweZ_P@n%9i&hW0_aQ%dtuQ2A@X!f#dI6GZRIj=7 z{Bk<4dak1Pi3PS#Kur^IVzv3fnZRFe)3fvyB|3`syp0Uwc32--jN}Cr^5pTL#gv~x z1}t5iFqQ|bG28gaI!R%l;%YuXXXg_0M1-w)I%2Y;sMY`=B61Vk zQJSG_xwk`8?Qo_Vn}y8tp%$eN?MLk|gR_EMUML4tTT$@=(AeN`h_C;l>in9H=UN*A z!5B)$-MQrzNxk@DboIse<&5#=DK`V9&V83$5J5{(;^M)hx6@iG`uF+@ZFH)I5^U7D z3d;&CoYmui<^|MmK&Eh!5jWtOGH}QI-6B=P4r+`^z#}>iSGB^OIDnB=@Z;tEGnI+O z$^RU!ktkUkFd^BOX_{@J-K?ikzgJyH!+0?)Xw)&SXUhA}S zGf2LwSoy&Uz`lyIzYF*B@4;L#2K`Dlr!e!0M}S_lc3?GCX1-b@->E$i&NGAC`+##A z?SFiHhoeb1lCEm}wEfx1$i1NERq_^Stcs&0@;SJ=8zS51zdSx*pn8L#6LU%~ho!wU zYieZT&?X?3auJ1G$MiE5nI06sJ#b9Bbwp&6iDA#SZLBgV%!S2ViqcUq(mrRb9XaAE zBuUkw6YwfRlgqN(N%z+XgJ1QvBg@^!obtQZM4pwcSt&2wVd~Ly49%JpesSTSjuvvh zcqJc{3dzNv3wrW{9|R#X{@SlG5!h@l1r2Y#Bd;;u1ixYt$|^e>01i#H_nk)FbPwu@%T@uuVaKMmH|6EsgYioA?0sWeBi+)AiYQ@CAkQE08%QjqvG(VrTGx7gh>-dVQ&3bc&t^Z@7 zO=#t1X@Liof3a70ZV<2jy4NDt!L5bFlUaKnjp3n`*u}0((9c6H#5XGg*Ls zj>+fX1%ppUtbr~(+c@ZSHXsRBFu$6$n487}OZS!@*c>9;O`4#B!oGi*q!pG(|Fv_* zDAM93p@I12Bn%4bye+YpN{*=j9>NsN-Z%>GZu!MDx8&vJO>D-VpO}QwTF14yG!O~( zv(f5YwIwf`^_O$&l;WjTo*OFe&~X+GxtVLT)FIC2L@uJYBL}UPhtdBYIX&|x;VrA;HQ<|>A$3gUBVYe zSYk0rZw@ref}VGDQ9BSV(ztlm6?HQMx4p&9{ZuPuX``q2AP_-{lC8VZk@&Bvvp-@P zb~_tgvo{^0b@%W*z7M#7GKdS9lq;-)xPZviyO_ROYbzkbKyr0cfUx$b2BUv;rW7Eg zib+hEADq`Je+H%h>hfUfES>sKzwF!ai_Zmg5TX0mcc7;)lNuSk2Zivb1bb5J6+d8VLuKse8FqYrqGXKv3p;pg#B!K8DnAd z2P$2O1gNz8nqz|o(YAi?Y=B_tLrQeqXH($1RW zC1(!-5^26fYQSjvH0yLA-3x;k2LBxcR<-aLrBci~y@Py=aj*EnZLRGmsawu9Bxoh8 z`vDY4^_+)VynnW9K>MbchBCks)X8wR#iv=enB3b$xkaau!A0BMUQV0I(mE_JMiTQU zH0vJHP}Ordv$Hp22eE?{WDq@l-Dm6{RP~p?aChJAU;C5d2t2D#|y5*{8k)83BsUb4*lOM}t!ySZLSC#YogzV%7lxojPxg!W)Ww8}HQlc8%MWZ-*$8Mxz-nQxHy z6gmEfH$V26n0L7)}4m_U)zA{78zrJnBYJaQn6SnBiJmdk>nXMKPmz?i5uzvLv> z6`zc;|6=x8`K+CC(1`O1n>YSAw;r$D(htk$yuZ-9{Lea3Dv517um4@!jyJJwhronG zH9O0YSM}DgbJeDOBRbm@^OKo6q}7m^u5F`za2irGS{T7S4T_(M?LR$z?i#6%_#DRuEh zSBv|&&$9-1^9c%3S(;zBVwQ;Kx^ zX3qA5Hv@s8WtdpNr5J9c?cc$Ye+i{wl6}bCNs=1jxiYI(<^ZE>e^Y}rLABid+Vhg+ zx~p9^LC;$h6Auu>1|4%?Ihco*&WV}-3U#yJ7`$h{#PS3Cin~R&+X%23Q|E_Zf5Gqz zRQ>N^zu^uG62s47r+*A3cMW`TEy|rQ1}(!@W=*cX1X+-kq&+cdpU!aW_#GP%NOPx! z`2eg9LZoPfAsOp#>nV7MI2DJVxcbMYN&M4+AB@up8`WsdI&Igz*q&!|0J}|h>F|Q` zM6H{|9zCAd7&WgWs3vSuOl!nm_=ViV3yQv<2&ZY`KQ7!)!M6V|{SVAs-5|vPb?Mib z2xe?DXxtJMDvI=j;IQ#A`=@}2ZOciwA;Yo%m4{7z_t+mejG$&)6IJ*%gT$?>`E?fj zuvTh(0`K)K;8otA>QTG`BQ6rS+4Y#zmRH)qLTQ;887~PM^jXQ*pEWiFEES$i=Nn?-Mq?`mQ3CemSSzogK;nb1q5!0U;w34 zqhN|d@DSlApgn5ntKbhjx0F^)r zMf@%-XMgf0U6ZFHg4QnbKFrtfqXGO(FgI&agM|*&Du?G~6d8)dg{|@d0*!hODImtR zWcnw8Z{y^!jPRPRw``{v1Rhik|1b2}R{NA-q#YyYV_fslBH;<{JTV;XQ#`y)4%Ax` zt6(Nj6)Z+mwKr0y-BQQ~rrn@;Gb_c;jXALf_2~IzYi(r)Hh1(p748C%BAjG0z6}4w zs=%$eOfuzB!r9wz=EP45%s~ca@`M;&l!2LjN0H)UZii2wg|`nrV8`Rm^eoWQ{v#lj z-=}ghkOicwSGxvKiZuAYUJzJ z*`8H<@1KdopJ;QG>?biyr#z>zOs*Z;iJxj4^bDXxmyDnP-)qV^dH^GJ8G$}}-pr9g zF%UJ9tCy27{)|n`1x$zuk5-g{d|oC4Sfir%90PUkQ=Jo>=PBS;7z~CvjKYtQDk$zy zfU0Bw4Nooa&oqI`>#JcPJOL{uCf5EbzX-It{$<$HywddFywjLA_Cabn2caJ~ zG(;q)n5+sUKR;&qdk0I3u4xSg#f4n`kJmuHY~4&KvroBjr+$bVuM&OZ%lQgSfsxt(yiTIg)Lac&&0H^ZpHWIp$bk z0jB8e58Od8jSm5Dah1DxhbFM2;81P%7Lh_3VR`iB5aL+_@Z)U)K%<7kQd46axngRHL z5(Kp6U|Rj375)$)A9(f)V}5#w`m>g^HnQ!Jq~7MKncRW85MYWqzcOHbCl+|(!>9ZR zaKQd3<{fJO`ee0N*Yz4>U!w6N#R&9spt>wiCp*-!dY6kg{GIqC!2 z2k-0mpv7vhcKygr0@{~8Qo-mGM2D?*0)h{(QO)gPh+q0!gT6UAC6zDAGRe&<8Bq&6 zoOV1o?bMf_{`iO6hYkdP8=}P7R8btG7Nz1#fJiyAq7?};Tny;mWFx}?!H&>^`c$dk z!5F32cip~3!cCe3a z9|>M6I-#TrUai0%hS+d4od-FTPIlc~_F|cSv9(m8Lvy1q>Pc5)J|*&JPcI84V4zgX zl%|Tc!7R`S1lmnL`ryw7W*?V}hNIxym3q%4Rsh>AXQp@|h{?$XJ#bMbzJ%R-aMk5L zO0c+h7q$h&*^&7v86B9M4-{I6ve)^A@l~fKKqOM4>-eC-p1o9{go#gz(B@I`!Zq^Ixa=-jrIv ze*KPmn>aIX!wXOEKiuP6zJ-CN9b6+nGqC7;w{D(-J+F$Hs4mwsd4z93T3gmI zl1oRs)KcpDF-&XxvFs!Kz6h_4QyCZkNQ58bPW%E*;EsM9wFX@ zit_GuLC!M<^Qh*}jB6^OBZ@5p^X#7qLRl)G%gJMODB{i`6%=telLF1tEfB|}^y29+ zU7g#0g>*(Ry0@kKkLnKlB`ZJ`zngVUwb0e=aoSRja&m_9uEGshjej+m=zliPDAZSu zs!)Vo7qF=YkT7Pzn8+mk)0=f>(0oos6U2cG44of#rl;Ww)5I5n;dy;9WejlmnfDS7 zDC3hfjfZ3muYvfhG#c|t53)KDs=pG5jYZFFV7XmGZs?!=uuW`+eZYO!@LQDV&53cM zH1was)ZCANg4xI*a0a;M(t8$(G2-?V$Y>uxBr1TY{6i=yP0i_x%Y}whmYh*ULW*qjGK@%2IW5RT>r4FBLXX6eM=9 z8{)x6?5X|u4lba8bcYkzH)BP%4s5_VArFe2{q7IP-{8+lu`D5KV(&p6hzt zNHS`Dx^TJO>O5C=vbaAP>*j3B{jr*%y6IqC3a@&HwUCXKRS!GRvi7>O7rW$63`-N@hxe;V*WHw~x#YMQUSj8f zWS$=aP3`!39%zfEs_O&FZ$bgRe&cc~6wqf5jDVr_DX8Y4=WQtOQgxsmRnZBqykRIV z`nBSJBpiiCxLhn7CczR$KI}la%%A?`jsKuoBI4Z#wmmaG%g#) z7TfAkAxA(P7I!~zGYH$N>STHkT(0V|uO0Vh52?++mvkzAVTyZT&JDrX@^Z3YEdX59 z&g>E?e*J*|9y6Gk(=gTT>2U%H?fLWP)3(c!?ba1MNZ(=2$txuN7f!I&?~hP9-t)X1MKed^}sKnAm|3DXu^sxO#+H6hk7nJ3qtBX_8*q$Dh&ZB}sscc?-n zTVPc$Ub^`i+buyRtmnTo*b=XVm|rE9-=&@)zm3ex&9(W9{26p?76Yk;xlonPA62X2%&IOEHpwQy=tjo{9KiLdl;~k;5ZXcY2C8ZQ zjr=RS;!D6+P$62l@RlY-oQX3z^oWfwAwYF@yF!9e{ymR&(@+|iONp_t(oWG;smm(1 z=+W)T`(2Fr9ZQ&QX*t2q0C@%&HsljDAY(@rP|F$q2T&z0GFSHs=<6$V0VRVE=d6IQ zT)Y>!c+~zr_{T>LU5JC#3?Cp)?nQ#ZZ#~e!kBS7FFFkKSyAc>g0l1+bfa^Lk$$0=4 z{QSoen1iINw8#j+_YoBxs=fqJa054%K#JlO3C+YSO0Qzymr?5XQ*w}JoF_Df>km8t z!;BL!#7tYpl}*I9_{E9FieDbMgkpJHV2L?2DH}sOD~9<{F;x+b8Z=&I}vgz@n;#T1GeJ_g>kR+xhaM8R{Ix>cDI zo2mZ2#P~3#1pLJ4(r#V2UGphF#l$5xwbU0V%jkFDZ_3KgfS&nX$fgn2b#UV~APSt_ zhGf4!qxw}eDKU!pX9hzQ`9`$=(cJV53gEWro$_jZZ|yc=iSL&`Nj>42Le zxp8xcnt3*OON+j>95$>aIKb*-P2J$2VIewIFnTRo1GYHDZvhV737g>0@Vg^-28yU) z`b~khZo%S<-s_zin4B@-(jjZ<$bV~%QS_&}W5LN&9YfAZjM6%sWVw!`acB~w# zUfiPj)#?F=i{_FVZ;uZP;)jT}{#0j50s|y{KS3G{XzwQ%mPSuzZQDTQvE=hcKUK`@G`FjZ|bV13dAi+%u=Ft zm-4JzK>u^c7$6!!y$`IWlkQT+m&!+uyTW%Uha><^h&gxQY0`h@Ilx9;Au(H%e5|KD z{yMbGtJzLqnGGd@88-~yGRuGs7$UY{DIfLFn|Qq_3~w$)$t)zcf* z;BtFSiEgO(UMZO<8<;0m4_R+J@ z$Y_WNsdX)Kn{*Ug$yU{vdHiY4Osw7dJa3(twcG0t+CM8Dd3QLKhRVqxm{d2hYrvv*R>W=&4g(2Hfp3qQ)IiE?T0nR z_F{gO^k~<>5!bYrCK<~;n>QjhPQ@QRUUEuaY*aC*Jco3h04Cdq(WSrH@ldWr3f1y=sNRJRbqzRY7SmALPfW} z6>rRb(WXU4D+1T;l=iI*loc&NS+UPfHCouJ{lQHARTrtoNarEz=V7OClg}Iy0tYKd z5dIKFINhLql$e=%k)VU~N~D`Lz%=}BEN9sk?RFuD_9y2lD%St3oyPyhb5JLfVK2HFC; zS52G|=1U{ht=_BTCVlSD2yplJ?qPVE{|_X~XJEX!TH7aZD#fN?hdOukAvH$J4fBml^n3;h#ZaGVQ|9|3d zMfvi|i|I(N!epScj0FWen$uS<8q$ywsGLh<(TUb2iE;fdGy0Kt|1bzpkvb-{b@i2W zvq*!#E9`HIoP%OaeVidw3H)d13I`)6I0jrZFb;QqD6ReYJO*aVM-WTJK#~g3g<$Ks zEh}iMe4v@rJMX=v39;B z3P<5b+s-*Er?7m|FsX=a!)>iR=x1)vN>P_M-ES*2(Hw76wC2y-)A=RGt;BX~I7gF9 zM=#qX1Ji0dcIMpVG5P-e+{hr?YF5~TczF6LIJ3_cTuA=;QqYUisNxCykG6Q_@gq!5 z3q)JJ45n+i;uY8gJwbUsT;9*|2tO5A9Mf-HnL*$;%5O0+AICV@fe|15*4?65!eINp zP7c`9V5$$yu%1KO31&qB80b2nP~{1zG|-=_22I0|$Tt<3>-SkQa9!$Elv;nS2_kmt z>KeNOs5e>*Bl6g>nPd(U3fM~9Q2&dA#u|5--Pgj2?f+jzDAfjN1U>t62EAI#f*h`l zilwf#1^$fLjb7_!QbE(tt)0Kg=No;RSR(Kw=;d&r1ZYV9=Dr)nsQNP}s_ahDcWnh<#JJ z8|k&Dl;P9^TAG<7g(?YZtw&ymsvq$|?FTJ5p~XhpMUj1nL}HXleksZrDAY=H5+*M> zl60q>*2>nIk>Z$PsnpTPwX6fgY~VpOBvRg?EU~FG^-PVueQtz%8e)(Z& zoaba}!0g^7p%P`u&$CMcC488r@>l6n&c+*ijYeyj`swhV&85f6S3?|wIJbIIvR?(CWDz9(2Gq!2-g|FJFOmhF z-0`>@mEb&KjZgEd;77pajIWEwL`QFZ&3!aW!-bag^d5}-xP@!vG0|Gvqq%P9-81GM z>HNlU)#1&w0!)VbG6eO(?xDqhZrx-mx>y%mYoi5i#@k0 zcR)<#>5){lp%xeYKhD?3_a0L^d)KX{jy&z(T zON$->_K^^8kL-jGDnnX_O>T9!QzJJ(qcm$ixf2_d%#(vs5 zPDtZ059ZM2b0Qp*0nfTlIa1HpxGBQoAIQ{FpTX=-l-%>6N2=7jF=*W+XisHifrgIuT09Tf9>-WPy+K#@J_7$(^$UR$%b$ zTedf26oDu4F|BC3QG)6s9;jt!+N-Z`dnpA&&^)aHD9U_Iyh7aaEt#K`r$Zx7JOz_v zc0y(UDI7j1eW0HGLm;CoC{!2#zNU%qr@-h#Fp!5h`g2}&O7eG@5lGAWh?5(^UO3Kz& zT^C|iGy$t}MFLEehQ>T^)=m9n>TIDcC ziNEF8XSxj$4bNdOf59e9MLB&5UL~U5Ockw`DJ5NflRIDzi!<0lKl1IqbEWFWFYv*Q z-vk_0)jcM+cKDb8-iE#+9JC1)B1Q`(xKJ-oxl5hIwB`;n60?K1z@CpKM!A$~*4W6v zPhu`tfi6ozK0@@s)1s_YvQqCYs~Tf3Ktxkc>aZIT*;WFg>F>}s9wF33MF|4bGDU|omm zl>Np{F-Q3ez-oS^)+V;+mM1|=Cx zWx#Scn74v~*v3GdGQ!NR<^)lpBD27n93Ft_+TU5YchJy6tiH^Sf;Jj0lqY?HMt6lzrq3WK z_Ax-VC5uiRZ>Y;Bh>0gqQ1R=169DaL_@Ug3OUz_7dHl*YT0u=~R52_42Q=1ll8 zlB`zP5r3`p&J}^giR#)Yr-kd_G=g53<%}X>0Nwm_hP)?$l$%Jo04aAF!a#PFE~q2wry>-X?fgK?ep$krrfW7E~Tn( zSz2lXwZ1$UyfW4oW&=Pt5ikDA&owR`^}StvFbO00=+I6YL1<(~(T*CyN(j`w?MtJ^ z4nm9V!lt|kP00+W2LDR*D!U)2niLClSUN0DGo%H7$-R6UJ`7T@KHb@Q*=#X7XU|to zrJ%PX;b{E`$F;bT$B&p&FMd_nO9XEO5DEbvI-1L1O&m&J9=P{!Dfn94e`#WYxyYGZYA=+`u)R!vHI^UyTv{A?2c!3>(MBZb)6v2lOerbF};*pb|5UEuQ`S~cqr);xLL*)jMQ++Ey< zK1VSrg^iEKy5mR8fMyEZ z$Olb3-AZ;&zfo~VR%q&lcCOsGN8MGIoFolyS%<`z0w&2dKA}z7sJaa52GUQB8Dyc> z<;%DBvAfhPltiKmQ42SfYH4Nl)Sm0vOpP(k z&_2-7Uw`0q>T0hAFIgXxj+b3jfl{hPj|8zlM*R=^Ndw5tGrr!Vm4C5n61!Ep;qJAY zy3a#$2f1rJ2oEFXtmJvH^Kh^S4}_-)#B9) z=m#bTG@JNIjFlN^&nLs3qeUi*nMKHqW+>a$o(tYR7Gs75{oSdGU8UfT-;}Of^ej#r z2Nzdv-QseTDxOeUbmS_z`zk3fKb%cxFU`459D^x^H3;W1Y8%APMZ|gSI+VB-_W$2 z+GjZtRs!@eb_Q?CuCKbD#LQpE5=@8Kgi0#&loPJ290wGVfzOh&$LYd-&z&en-dsN< z!6R2r=3q08d2)s>+6t?0#r2vRI8S#AoVGVB@deYSww`ou?kAxJ(?K)J-rwU-^Q2uX zey=1YnR=#ZBlN9TZ?K$f8%w1A&nP)E|9RF6E;dpAIQEUHK4`A#OjBd0!55wE<3Ki9 znn-xX9(%qb23GapQ?3X>^yJE_YFJXt9tmzwTs5|h^50!Ac75|530k@Z8;~|+DrXCB_}2#>VAawZeG5= z1@8LhEvxDEijxMz*$Tv!J1t;Si$`w&s5|Om-zff!eI!MixY% zaYK`91`_)k{$S9|&xw62BQ@X&4WOxeHJd$Kz%)H7+YWg9?v-5p023v(XH9&J?CLtR zI8D*!zO{8`x@Ton$M+mE8U{C81;`s}t+6k<21I#zXy`eu@!Z-_x9YmvA2NC-?-#@1 zr94iZ5vHC#dSk_j=L(h}W!+UhlmIoNOC^FtVY|ATclnTG%1^df(;c^99BPV+Hm(YT z-vU{(6Vyoc;&Qp;2(++9V^14&gkqy-mr?+EFqak~YQEYBt}-Vm`7}u51wnvNa zk^VpeN38mD$c((Jrcm)i(ZYfypM`@cX?{Z0+`QcNH4A7om>b?)05F>%`S?|xm`XQK zu1QpS1CK!t^Q!`sXF6)1nF)_k&{#tD=CK~I*cL?vvs7TN3;#Jj#2qj{6|_1W7hZ)< z=`c8@vYR)saW`V0zx`Qb)@G7lw!cFeKe8-ny!fBW=5S29AvYp~9LF6B);4q2Pfr58 zO(H;UU|yJ8j8OW)-?aiiBBG}a?q(>N@Kx(ku!Yrx8cUKU9Kny8Gyn!Z+JK7NEAG=L zXYtWXFPnlZ28rt%y!+xx5yl9A#Hn?LW)bmsNJqRbM_ORyZ++pmG8k~BxT;6R?Lel`g1dz6bRzRNd1dX{$%+| ze~hav^h~6{U^4Z<6IOHD9P+&ov!?(W;r~Wz@9O^t>lfn1LC1A@;=!-7)ZYmxW?jQs z)Dw-8;^oNR>mWlq!w8(u;(FJXS&(UqH%aNxmYI2#TGEFiz17xq535wkJZG~34+4oN zp>h^Gn`KYxN0GD9{WXrT-0^fk2Xj3H$}Xw3#{)gY$5#c$=MHu?#Fs?$E#eMn*7}8& zY+iE`O?UXa+bZM;igfP#G=I5ccbR(7Fu0AXr+s!R5xUV1sDaK43#V@<39q}JawE~f z!T*P+#lqp0Eue$)DUfVcGWF+=*xv*}!qMw#Zqr##Of$Jjw_PakOnRr>H(C~1Z@5-= zFTH7!*J2ErJdPoHSyJ4hC9)Wd8iPBI*`USEJnYed9@sGn@rMDbDf5ONcPARVs5IF%%9r`U?9r?q zgMhINx7>ONbWGGkg+H&1Za|NugAmaT7F+||#x@C(*dV*}HYNJoY1u4e1_r5qULx{Y z|7H0KPVeV44!E!X7p(9z>d6+zX5a2REA>_YSZANasAWdSI*k{Q;|TW>>^Q(3h_w3! zIPDdoy>i3MUwB8#y^2>{kH=oJadqGN9sCC2A2bu_J?`D43?a$5(+ z`4;{?;?s|JO&t06<(BVmT)RtYuZfAIKzeWokDZTvLQANd>r7y;8s7Y;BdF7U-fGS@ zY67$3&3}(D8l}1F-cp78f=d=c8WsG1Tq29$z+NI1uWw!)lUcV?yT!}(`qD=A!=)42 z!_5)S#BG!}Q#N(EQar)P`}$c4h>@?x9dv#Y-)z6|#&TNW_@d^(YRT)z=ms%6bGKJx zC^7xSHT8w3<||7ri;H=^3!p0~Dhgb<3;eQhhxN}aO)eZeY4f#UrRG}a^87>RknyiaCh8PlSJQ5i))-_b@V~fCR&|#9fL0*w z-BSr{f%R9Q*4*7raG+PW2P^x>L7)?SCCpM5Xu#hbM3D=l-@wqfLrUiyn^;SwqrhuN!a z%@60C$2Y&|*rbh{OWFI1mJfy;YS!X0&(~?Mzvix&26_xIwF}si#BEI7G8`J2xYX^<{#GSi!MiOb-_>sEP^+ZwYVj+%_ATz7 zt=`J)Ux&YK>2hk;*QJzDhqBQVx%ErvwNJGmc7wXYwnjx4_yCc*8j0Psb_Uuz=#g0s z0FbL$>dZ2O^MWALFaNG5+V;f3bp}vxU^Z1jhXDmrs5sm49%yuByP|QgJZ&!$bka{c zjXtmqMSkF_=AmRx&MtIbKA*Zsio;nw7tIbX=r4U>bjtV)w#)ST;oRt%LytiPikt>y zWSH-~%`(X34GqS$>8gZX*S(LW7bT5<_QnnLBJnL+)*0RD8S*y5cdrcEcnNxSd*2X` zZ3@ZpCiCUwA9kQWaSg8!)aP%D|IqW3-sYwZ3EImmU&0;~Fd_BfT$IunDKrRfWwvOu zVA1&t1AmeWEWiXP-~@EvAU%fwY;Ns?n&*lMkF%^Zy9yet%D`~%UI0J=^AG$(-Bhwb z&TX`QSw%+}`5q(H^96n{{?$$eo^a9PTe8g*W0Hc6ZcCNl zc;>2yYt_=T17T&MF|$u3hS*mZ?`PBMNiwkNVa=V;q~?JQ^-(rC8w5|wvwaCTD+f{X zYOTd1^@O$N2brs0BcWHxJR3$Xfcq(4pAvjKfhB+elIE2p+v01QZ=G)_VY48*&N7fC zZRnmo4u8Vt8N=o5z`zbq3s(j(^NvE6X%dU&DHAOKeDUnrfNH2`JMaSKPXhRM}@9EqUzFd1iPJl=7wso>mR<@dcgHz>UJ#H% z%<+O|0qwpS@uxEEA3pGe=cXo)UOE177{|MugMRbDDr&`1{suwg3KsV1GsV9hT_?^&1~ z9xM$B8@nUVGLhGN>$x*#PQ65D2+9lHU;WApOPfnca_h^yi$zs>q`bc~;_@bKx)OlK z=MRZm>H2H$*Cjy`l1U9W3t$g8;OJ4n1CY2b@6e0nMLu_0eb||V!5T$Fjx~j zvANMY$>&-mb;oo@As^(DGKa`H;14Je!-L#5pz^&Od~W-U>;#~ELbhfjTEK)gK2UGT zm;RMPLZ!P=P`U#mU$XtaB$qc$mI6du*nd>k<{bfD9EI#iMnBOffgW`RtQl(8stBBl zIn%X!Q#Bl^XG|0a&z)z`xBia(UyOZsJk{SHe_f;$w{eYRMdfxWeC(}pBeGY>O2Y^# zd);m&b!C(!WRvYCGwYJ1viHipM)tV&bzRr}o%O(5c|94w6QYP9NKHAE|84T|PL za_8dQ4+bB=*bX2zESyTflQ-~4aobH&5cpj_yLZkS^q98u-uzC|hviCYg)m^I6jeUk z1-U@S!x`PX%v&h!`XlL2ero={0Q>JT+e5>1j94TH%{-k!%l?+qa@;jx8AyZxuJu z2I%h1xuD9eephVpES2Bced?@-NIj9&4D(HqE-Y{71+|oXk>oR zh1S-7W-paKMZKR1)3dj+7u5mhs|7uYU$EGw#=%X`J8%v{YOixO2ROgOVbw?mhT|(KHp} zxT|R^n$U@D%K$i(O^l-;-$6JzdMKki*>gQi(c(Fnhyxt!UhU8QTw@N6M)6+>E3?6S zg7`4Qb>Msm>Aia8&0}qo-HUR43&bl`IhuSn=n<`u8=k%4rQ211e{U7WHPw6Gt5{-` zply|IKPUnl8XEY(ilvJl{kxkaZmq$$z550oHu=l_1%CGca5z(r?)+NKV@Ouv_Kp3= z^`v6>0jC)YX?GfYbl&%@!cETJ6AUb`1u^=$$G8JEOv$V(^ zt}(*W@N)dWo=qG6ALN>R>k7P=RxlPPC%biLad`IAr-xO(Gu?8~1nO$j zhg*`yOEYg31571{n~SzaE4jsw^YdOnkIcKG6qR#;IRuJy(NZb6O(dW*b8kXI>ic(z zT+Y9}z&c1K8Vk^ntlx#E(_p{H{s9l!ak36bKnB6orS&020~1Hjz;*_t$mIOY$KLs$ ztvX2I$;npF+-cr~!l{JmNV4PKJO%^PmY0gxzszXipDYc>>_^)P9JDO!49pZReWIiW zQ?3}xa}O|>O5Uq-MOyEbbz;YNE$=H8rk^k?#;<+Iof2nUTMZ91JW}Ws(1YusQ(W2M z1AXtoJ;-U0G*zVxK^DvwELWANp%WQl=#(R%J(Q)UKd68fbf%UWulvhyT4ymQ%WX5A zYZq9Tw7Oy;YWI0^-)(+3XLZ+QfrKO~XCMOul3~C!mcSpv6r~1}5De}U(Ys;R*y;p@ zQAc)xe?U07;O|Xo;hZ$zxBWY%zEgCspO442c8ceqaz4m~HMC1NUr}m551OrRw*3sq z5YJ^J(D|en#j3lBAy^-v|E#z|K%@Aa?(~and$OXy4B28g4sK*r&?I(ne#>0%+sjM0 zl>+cCKD|UGcd2GI{TU<5mxU1@4edeuJ^~y8dU`AJ^@ZzQ!5SL)4i^cp4>anSVFn9K9U0*|-eGvP> zo=S;z!W>~2ZhkYUT7Sk?f9HrSPRFn<&A$O9&`x{!oq*mF+Zz`4cx(S=muqsaI3=$h z2Ba`Z-~iCT`*zbMd}`?gRfZj&Z6?(7wtpY-67Vf&2}UCY#DOhl(pOnr-p^#{A@Su& z&M#GC-_u<^B7?hV2V&L|`XUrMVuDK}Fs`D>su9L#pU48Zo2{+$;DMn>iN-YSGtZ4et zspRhM36D3G)QlCcEkL<=&_cf7*O2@dlxbpSzD9DX0J zK*!Jix(LG?U<9ZT*zihu$NSpm9V24q*)(o>8%RaCS{H#KCuka4X#++9exzRnUZkX# zrcy!YmiU;mt4n#;zt9PIxXK35iQ>8-OP|uca7c7YHQ!02orE%H$6OCR!pPm>skvpy!Fr5OrseujxUb)GN#^Y# z?9Bd*d1Lx;)VX4CA1rT>pEmcLTK{j>z#bk>m7|;2HMvI1fulL2j|s@Mf89$p?w~cQ z-5Z&{Be&o|%~uE?+cH};3yj{bB)0;y$2(sS>}|?XTODZes-Ajfxtbs7b}c?XB&-*x z7j{~mms>+5wm{UaG+9o-8a#gX3%|8pRtu7;Asr{M0Y`J*2px)u&RYAe@Sp0YsIHg* zUrWP|Ixfl9ZPCb5n)^22q?&#s!^+?w7+&Fu3z>g?$KX@^KiWu5kJZ{asX(bp#C1R{ z+6u^oe*=f@b_2KBEs*x4CI6EYC>0*TN0oA5eL!sTfi0?CKZ(8ClYi<#^%&l*YMlLq zk;*3kT7Kr((V&xL*TEF3jAA*_bT27$^cdk7ygUw6zO-x?SHN|$Y1E_Sz+?|GWX#c$ zfA~=;y2Yf5Se&KF*q~n_+kB)C6b7nkI)MRF3Q#$@CiIA4`wwyECeYX4i8b@8Iu|8OYV#It`eC%lYP1SsW>)6W{f?1xPlxETt9*`RVFx>+% zq>7H*+Hn@U3;l>Ltr<}+`lraiukZK?%SH9u#MgZ26rfO$bzUEcHn=q3n!xQQ;+7Y* zH2>z_tYCz)v?y(B;=94-P~U9{#mH&5XI0V4vgKe=JOI`dUvhACT2LjPDXj8UKd8;A z9A`{wF|L3#vL-g`iDp4ESX|7YvS)19WKsMxozAP{S|{u9hzT*a;rG+w{gW%;)OrsB zsx2KrTUd&$IwJ2)`{Yn;k#!!h4P}5Fi7!wbc4~eN09@)HmQ_*Q9#6%jEE&|}-4r@G zNkjn22ou)YaS4({LC$ycTcOpjF^s+(z;pS+D7|guGtCNe!~G!jJEx|c6@u?VW+&0g z6f8M;vHM_E8rQA`cUIIXWbW_CIIy5;1aIH^R^ntWY8W{^{9e7}@L>+;12f{EV9FA9gi{{2MFj(TyN@s(`vCncX3JpR7;9ldw&AZr|ba&6`ysh z;=2E)v5887Q*2r$QR0ksU|XPmI!izom>4aEiY>!gOnx*2>J!Siv@}z%%ULW8=By4?p1+)j z&Gt0O@rmoay(t&--ME^&!;Yj;U#4sI>={NuvO=YIOTvprwmV~PTCnIpkh;7|g%Soi zt^N7p3d?;5^RHDO#*Q1`7h_crvk0sXm%M`CzS&!12H+Ea29@qI^C%{#awo~Cj#Y{= zPUcIo6cBVLRRUW)**Kua1d2Ssl6nhfIht|x$GN(O-6O0vu1StdhDp;F#zQ6ZBfru# zEpV=ddwLRitnB%>ImW&Pt)HX(|IWGHcmXBqY_QUfy|4#rmmxF3nJrKMWE$;-Re=O7 zvR!qF90mbe@1HL+Vl)*l=5nBgfC!O>!;?`$wYsuic@bhOwM{p>s59*DImJ)s92~^9 z7cJUw|7ZdDnX~Ll!^_5EW#53_zT0I|*xHcVi(qO0V~XgM%7*i~sfD!;X7%<1`APyZ zcWE8#8z<5a1X+`;E!7DJfG%9~jUQ{;%;xi_AG&VyxXC1Dnj1c7rY)BY=Se(Nsj8;- zyc!6=={~__NQ!;ZI$4afwJ0n2Xq&h_mLbs}Z%rte?agm+3fjfV!7=Jl*ngnWwsD3; z{yDEoZoc^sqbt{~{&@*vtP4+Ni7U;j9gF=+`+f&ijaCR=FRe;l;O~U0Y;O#w=6ngn zau#t8?4J)>37TahiA*chtVPg`B=dvm=8^wN>MHLAHj>l+!#mmt?`G6I4BuW7WWwM- z*b;YR|`@DhTRPn)~q^zbWcs0Pt6;FgT1={nyL;pxUta-ps=_6-uv8(sL zNTC0q66mjiFW;KAMH{-$#Y>UjGFTsMw-PX3HGnAxFdXO<)6_?!E4Nu-H+%G$wfRBA z);$7PbEpH$f)~C6+8v2XoA)Q7x|NV7DupC;u&ChUQDclkRX6o|-nXKBcC3OsbwIje z?%Z)>1ej(>W#0c7GeP~?sXLknUGTRdT2}C3L*~1DjdowI71GWjyAsUT)Y_x=V(iO3 z6`AU@HQ#d3G~bwXtXy?T5~{{sAB4QWU9nDksn(7+$ucvkGo5bd0tm_PBF_5lD8}Wc-<17GEyaO$PN6+f>KnPuUoqwg5NuZ+dc%xG+rr+ z8O_Nqn-EXXIjQuLVII9Mu$yk(yYH^D#{7d7H2rIKH$5639;W;U;r6CAbRR5z_TX<< zQEe&wWMjzfxd{v))((D4Jgs*F0Hp5IITEbiv?wn^H9)QVMwy9Fsn;sQYwaF!>{cSf( z%=0`I!c@KQ5~}fi@9QP`7|kt1ZC=cNIp6)U@)+E45ZqYL)bx?H0{k#khp!54bid!S zRGvEf^P+qg@yiVe%OMe~H6a;+2|QJtf=)T{avccdRfCP+jmsSjk_Wrs_WRO|uCuBk zo<2hi7equv90m4i%kJN7O=OoE(5qN|FhD7F&G4M=95-BWQIg=3_;^*H5YAlPpEVyu%If|0cni7~{n3p>@w?KYuOR_kH_yKN9c~+dsHWh&tR=vB>DQhJS{|lB zJt$IAxxo!ccS_rHe?TJlWzKrG$Kj@44WX_DU{h(ut-ut}v}*obXvX?tGGY&P*ft5f zk`w_s8ZFe9n&k&{1W+_fVehmD4eW^v*R8Uq($(4t_<~tJ9fS1aOiz791dxk%Yt+mu zum%ZL_vy>wr>Ba%g8d*!$1Zsb;)i;ejyn9DQJ<9hGVU8&q~14kK6l}92|G8BUE4Y` z=|rB}^OI>Srsv8Dljq9CaGUo~=gO};GYp_4zMWHs?uVVe`%cp-TnSJhv1%{oI?#Lp zl6GVyg*#x~p$VA#a$`hy)OA4L1O11nzjVQVeQa<1&{GjJK_ahPD{le9-zp1IwKOsV z06<59N(tRv<7pz@WA-m7&E3Yi$6jID@z*E$4)0=|Fi`8hzudAoZ?rpuR^~P5;)9fo z3SR^lVQGQJPYS=m&6Etj;j%z#)!sW7)ux(aUSal@D7_h__VQEQS&ZN{$p|=$)Q{@o zSmsBddr+tH?a=`s$YkXJH;%o`9wGSDeO!~TMs9E@$-8^-vI=jZ<&mGMrz3``Gg?Pa zL5;ju=J#EMUv-m(n&i^!feBC;4vbIw)aQca5m`~`KK-&()>RBIicnY}*Y;-RCAHL1 zpebjrRi-^?F~c4k>m=WHMs4V@m#NU4l}JwFL~p%ms!ok|$U6H5!HX}6vgL&fp}e&A z85d&3QMc|>7J`XeD+@34z5PsvFE>6b9qaQH*0Uk*C-5ti*jRq%EwE^^J8O~7y9EZW z_a_YIJ%~aCIZy{~G#jq8MYPm~tB~c^$H2s^PZ|nyfEZJ=jXSFhdzKLqc?&Y@F1_!2 z>t(*wa>=+6T5l`r8U01ht#tvzkLmnoBh5~tX;n&G@H6uTpnwRt-}Zk&0ms=fg3qO= zxO+LzR%Jb!7YWbU9m(6JuCVPk*BSE2oVD>cXPJQmbOmZ^{^ErFnpo@sJkX28$3ELl z)1aAK&WzCkIA$F_IL4|D=rw9BpN6ae#v5p2G=wnxl-PyaE8@Mll)DCg=$4T)H4o;y(yoYd}NhqoPOMTsx!k%ey;t3Dlm$Z zgu;eM2xQd?JA1g%kjA-F#*h#)d)hJuK@M0gV8(2r`0?#N0cT3oqh4nh!)or_FG%5M&jn=k&Sw{V?VZ; zr*${Y6oUOJio%^~S~miBh_&D#!!H18;?bGh-}I*eLpWqgn(;pfsY!riD;>8zOXhP#OVCga``ExS|@`r2DOc*8m zqN&}_T2ax6BUO{h!Cp%5Um%)AHzi`yF8I@Xk<# z^Cacr`~4zKAoI`QgKyS~?6+L52}eLIS3GkOR?gUkRAjef@!sas@7=$M_#x}hGEHnr z8c!HRXi!#$M;`5E%F9kM^Bf+>kd<=}Z4N^4*^T;xawkdB~8GKoovN~QM;m$a|KQGZdCtVg9Y)Tt+wT0B^4+zTY_H6 z2s*_#00b*TWfoDor_>Iq`zdu$mhXJQ*ZeHy$^I0#Y)#CTH4sl}QXKw6gQU z$i>HM`i>HTWRH?Z`(arRF^CL!QnGjuSa;$%RwfMW)6>)p9a8;qtvKmVLTJH}`Fc|x zYqS0S|9R&ry&tp>vkBOU)DhB4tI=b;uhf>Bym!tB;SgQ=BX8qAFOxtj{({K`dJ#9Q6 zUmgWPR=Y4gs%`_sst)qub3)b&y()wZvVZm!_vYSX=T3q!=O<0LorvOKe+5Hy_^f&H zzhki*AYzq&tS)6Fe!jO4R&Sdy!+;ia^Gyxi-(=)q#!GWIG;xD0=fas4oaZfRr_bKEgexuF&seR13H%Ct*!BTk z88IFLp*AR=Z(qjTLhz4(7HyZw`8u&rEG|43g9Mr6P0sovIiYG-O8?Lw2t>Y20qxmm zvDZH^`1X*ZAwun0flVGpN*nrjszFxu?^5PQBK+W39X&6UIYAVUt{9xw)uryK%1ceP z8LU%>+Wnjli5490`92tyfx4dUs6AQxF5o9xkoU#j;jQlCO!2~zs6Z8<_)o{)1Qu@w zG6tQ^y#@>lLJG{CH4kZQPK|{NJzkxq&AJNhGFqd=X=AUX+O&0MpfD`w>Ebv`4_g8J zMQ&X;VRK#CJLwCIJ;EqUV=#&3LM-uHWCNd?dFWcccTig4ZR_w|orZ}-)xa%@hZnMq z+}G#KD2tDvb(j6X;~jeNswZa!*&Ui)tfUuJ{MH6q(^pZ&Uqpy3M)6jZWDU_&TuIh} zYvbF9`|NS!E8(SU^^h;9d|$eviX#KPYqnY7^3EVO5NE!I6?DD1O%?*D$HP@*p!Odf zq2+Ne>iuFpYN*6#x5yE$6&+g+URvM!>U9>a8;5p&+J4A+0B8F5#R-u!KdDc-Tc@}R~FTod;Hser-$FXgwK zF|6sXMVzL4VKbd)zL^&QbW{Lt+M}X3@yV!p8|qr`L8?R2dHs8PC5Q(C_1G~+M<>>2 z<}>%Edc3u~Rzz~exkigwU$$kltWA~lb(`z(oTup%Sf?qrw3REan$DXy2C>fiKZIC; zHEx`#V;0JcV4cn}k5Zv6WQ=Z{0-f(aN1E25(hFNZ3E0qy1+%cO4Zs9++hV@s(f+}` zcd?H2XB*cx`z`x|{Iz=qCsQ*#X|(}46E$iBT zQ=3t9BRzel;~sCqLyB7Uyx;jqI~%!>S0lZJm`>(5%wG55Zl{FYZt-S{5}W(hDQu-Y z?#qY~6c~xZbRDf41E>2xIW?Cd?ZE%IuCc(ChY@bJzh!-xfvPsBnaw)%&4ME=zjSAREAOex!JjM|H|)I&TR^0PaR zmUf{T=z1f&GDUxb!(10T7~oK4xA?zO1UF)&|5u4Xy~Dh60?2Uzp^MotqrZeMrW63ogWwS2Qz?7n4@0Ax!Om%#%A?mUy+MyyPv`CX(XfZ!)n(`smGZxDq(j%C!htP zde_z;)GPLu2yJv@-NlWsY)U>3G}h z2jWq`Q@N{*g0S4OIA)O^T=t*^=h>ePLQKWJw`Qy7VsMmOzENB&HLqRgL`^}aZf)sB z(B<`~X2f?FmJV`lRSQx<;|_W_V7;QX3etXr;sjmE&CPv-I553pWSi-%ok&!4O|;%x z2+2${HsZ=Q$>uvh@IG9rFV#3;qtr|3uGg8CDEo{7E}8%WHmw8*aIfP^dNWo=(!V2F zU}XR4jn8w{Pm6|@@>N!#fHE4{5Z*~1oz$OPx%y#ZevhNORr+vyf6G=Pd~vc-b8>CX zTXmwn<#S~LJGtYMUx$oN&vqwS5g?hei$@cT=JNsS`d#VAf5|s=NJ|y&tlj|T#9x&5 zC_Hgv<)1Ipc5>vU*mTt*tTLYJ zI93%7syAL*7eO`1(0%dN8NIY!1CxA<`Uf)ytxV?T`s;Q497+u`&)4oT7WBPKYp_q{ z6muvq)#navX)JubnE4?3?b3QCF6iWV$`O-5pA+f+(HWvN&d?_l1G zluvDA4XEd8FA&Epm&qJs{!42VM|NS~tv(WEgu(fR?{O=~=L*Op-3=#j0sduo*Fcn^P>A@MXgpxQBSAZV{ z(@=mk>!;&KyB&TgZf{y6mF=mfBb~$S>R%SV`j%CE8vq@60Y-P_w!|ku_nYQsc_D>X zta~{qW!J0{Tw`^3q;Bulojd;X=TeYR6?ca7#?Sy@0Lhu}eUlUWb9u;XeXvzEB&orV zue@w7>WR@&QM1P?`n{AxJ1yNpCziQ~YPAgPDHq zY^QGC=wvMcwc&MWFUIqz?YknEc%j&Z)Ntc(nK!dOy?|WivtRx$#gAHcGtxBwSax_t z}Bzx$n29dfnAA1 z7h8ckQh|QGXz>V;cyDI|E`R?Lc)yWhBKKvuv3Fq9;d#GsJhDNxM78RTyIa$5n4%{E zstK_#0gUc;Li4DdO=8Pp#MrZe3Ce4=8NK*hXB2MEDzl1(<#d8ERIHl*;TgD3@ZGh2 z;Wj~ty*~9YV}$vVqp(CMD)T}3o}iO~TT6kDd5!jsQwL9bzd|H@J|V`4G0GZ`Wj^j3 zocRob~Y34&WXJGN=Gv9sM!F3kjVi_Q54+CEUA(}l{a3#y%6_$agNT%)35H;#Eq zMC+xbDWqzURW^R1%PMeXkl=liuefox{p`uJvP_ukiw?%pPWSC3AF7wS46WLMQ7Ue#^HO(lZ?DeQA63+%(->RL`p zhxsA+@@y|{YrCS)m1#q2%HJscRM5-O$K7%DTXAtEQ!5z{@QMZ6EE=c3rg5wrBz*<6 zx1R4xMR}Zd2mZt>9fotSY#wUReqzT{dAccOjGs_AT@QQxRdDCnn{Za2|sLhmeOtm4}{orR@6Q1GO0L-5JCm&_~!ryq2nekfX& zRz7_EU3~-ik(I_wZN@^7*#c=SX9zwIgg!y}irSLCUpy_Bx^+A`JpXcOQd8f z>e>1M*brIZ{K2Ytka!|l#GQSo&ef)6K27_Ma0oior6E**%onemrgonA!AsXIVl0vw z@uNq!`YQvy%L&S+ZQ~()ECAGeE9H)Qzd)c#AhzH|sk`(f+}9AE-yX>jeTFBNt*@2r z7vU62GR*0jo9_HG8&0GtLO+qW_=cx>@ztv()Mmn#cJ8DsjvQLGJ}{jro+gt&RyblC zue%Mj^R1*a4U^#rp)4v{VwE+|xa#l=*Fn{bC(~S#G!m)Px+n}ndh=RsCcm;#nqI^} z75C=%?L?du&X?)YOPK|K;?NjkF$Lo7((PXGkv<7)uMQ<`d3 z5~Jy`NzFFB7Bb@)^S2{Gib2mmWh7wIY7#C_`#CUfN@Z~;VwDmuCHO2Kb>CW>Z`)U@ zU9ItY$MXy(LV#(6*d1^DoAYi8qzVtiXC5vBN2W_4*L!t-w@}1O@6I!9N#x1+T$0;62AAfpp^td;CnpH8FHb)rf)Bao6O)2zGbM4-qQ-DaQrf zv9;GWMDO}UlB-X>sB3hdJu-`G|Dl9mw7B#QAu)Bv7%xEZA@NdNaht9M8cc!ae2ivQ z9*z0l;+I48gOXcmL@}VZ(B0!gL!2R$3LCFGG{`5l7FpuRbEN=dx7L$wsb4`_&uKMC zPgx~<5vZ+KaVFUH{P_Uu$xcOI20GEAQ850j3Ip)LE(Y{Uj`Sn}R9RKHI| z%njY@HhxXdrw#w|cF1RdY$^$Z_YrV z1ryh))AN?$rz6@bnkeuYPRD^Q&-Sm<}%?1x05hi8dRq+W^`^@o?W8@sc2n2&eImJp@<9>EP#&?T6IjH-c zt{z(BVD(nvZ6Wux#juH9`P9~;0M+dc{w1>};$Uj4!Bqa?c}w;hJ_x)59lm6ui)le6W? z=Z)$$&YJ5G6*|iB#{$|)*eNobKVpS=OTiUP{f)CS8=c=a5?6R>$2cCA zRr5xfyGqg-;BY3;DF8gE;3TXYkI~6)1;&5RHzHmyd`y|DGy?%`rY1(gj?d7*b3dKS zI`v)enjc1|pW4tpT|VVqrKtBxI`%?OA*mtj0yVHS#jkz_7nO>__h(hfy0z*S&7T&( z@!F@si+oXd>3xSr_F~HIAby3eZNV?nD5HY|Yd)(Ix(z~zckUc>aRxk$&Qb3=A3>{E z{iiI$ON0Zg{L3lwC3OVR39)x7&)xDwN?dDX*arEWeG2kGd5kZ&;m4EP@D+holFbX_ z-wNNLO0}=d4sygzLif{|h25rhp^B|J-L@g-&g{ez1sHD=aJuE@? z;p8u$f0C~#=www*?p9#JteO?*1theZD$QHvpTB^7po2aUknhv+A>gA*LQCpu%6}Gr#?y7!>v75xU*F6gqqD(%k%dBlK+<$+WsTm<}nRVxornN z9NBhSltwAL-0qQ=lbRERG?=Rydn}9VS@c5q5oW$E4I=E?V;2TRG&21kLy<`u)Fh#+ zBT;Q%jusV-&KO=}g8EfXX(bTNXTB~B7AGzZ4Pr%{PbL;TJ!-VlGCH72MXLLtjOSbl zt@{}hRUrE%QZM;`z5To!&hr9)2ETx#s^}L~2X;2x77KXqSIaEPXZv!&rK(bOJ8Un- z8HdkVWmKTo*>s3A5Z7e|o$x>WCR$1FS70Zqm*pOBi#wqO=QZwBs8U?mj$-!tV~fY? z?OU$}JyHqb_;EWnn$70+Im?Et{!JF5HL4;e{qlT6t-dnJw^3X7wNs8NipRGybqG9{ONzK~QCHMC^a< zBP~6Ib<8YQT8;7%aguhf5dOC&D_|UUcp2~{zi~|qzG`ev&{)y-xGw!L>uf~OZ{Y36 z0nbO_#$A&gEum|cjsU4QJNGa7J#$;54iqeB%b-|ml}iSIL@8{_ZkcW!Lo#adw-R%jr&1#O2D0;KXg)DgYh*@E>FAo z@%(Gnfk$=G>HS>2r#NfFhA1Y_!F^rYYK2aj1tOP(By#FJiPA>cZ$JwaeJEAP1s|~M z_4YG|sLSiQHxE(|RpWC0Y-Z1Fb_0FlLg0A*%(SsGHY)q-O>I9qceexsra%W^+BvN6 zdFY`E4VVkDwm9}cb%N=sDX@0)_K1V_+rV*5WD-#;hF63joS%Ny+34I#K%O%7)QlK zCGsF7$M}|>X{n@!xo+(}D4_OW*KP>oU*DiZIS#@HriNU{_Wkz@^uKufM6EjA2W?7q zr=HvN&(~W`kM5MsN4Wr+--aA$=`@7KF1;dMz0$&Nye33VHPWZfeD?eC@#81iw#3*iaKyUc{S#8<6^6wvu3_i(~@{GI8MH%_|vn8}w|LfxxyO6lO(b|`No`HRlORt8hQ+PqL7cp z)tuV@^H>KH#$+Fk}LQKcO=BI%FI#Ukq_g;_s&D*YQf zW_eZHBVVGirOFuYs}NQlTJw12K6g9NE0{?;H*~7G7kjQa$~PXdog#Ghz)+yDhoGn` z&uR*!)5@0=OzNx}8UpO{$ZhgHBe?HcvAYoPBg9<}y!?*W>B*5D7XPj%1cJPM+o@%T zrzUezfY4F-H7DEkYYX7+5w;@TDP&d6Ru$5n)!8&2xWW`E_L!92AqX-=F79;=5_S-7 zK3)}z;suP}V5WrCL*U0$^22;UNdKYe`C6^rk0hkG+T$|70goLVe7wVd-1{~ZY?J=7 zSdm{I)h;ya;j2=5ud=dB&g(N`@+X0|h)2?t09co`v7?LfQV|9#!=x?e2w{w=@b>5} zXLgJut1F|7t_>GE-{@vU&X2C*mJezlPa&@sRI3yX=|eIO$OAiZA>vZZi+1=i^2r)I zXz0+YZ|V35{b((*sQG*{UTDer!DDA9>$bco?0+w5D!v3vK#zeZH4dH>clj5hgOgrl zw%)1~Hx&bb125i?CI31uMe1W$ar*J#33SF+q_(G1I z6ae~*6@HpF$@?DVZJ9i`taa2(^0+<>4`!R;Ixk6)WQElWmRnd%ceeVMTiwdv)u%WY zI&_vn2AQO?cXF`rYpqlR=`H%r=79K>H8JJ$8?Izz#I$G)+}q(3UAu~|XF!sl%<;fC*PB~223sdVE3gM_dDd2D zs@2T6dR0TtU^vcJ)uYpPXh=8u9-%DNqb1I4_M#Pm^DnI1 zErXTAJfMSr$YmHOe~rpW<|8Fwf7EAg87Sd-*;NL1&t6T2yLuHWr|VpvZaJ4cVO&x= z??0EiF3(Zs`<^6FMOjyzwqg`1K>?2}tJrJFa9!2Y5m6{^t>M!gN6;xQo2!M1`Mu|o zrV1>R?RKLtH*BQ!_e^T=yzzsQI{b)LoDEbL-+;-r%`zI4KuPQ@tzOHM;`-TUuRM`v zcIM_);q03eG7c*J%-tqM#yRh*xCQ7ZcFz(;Y6@wCC=mnGZ9gYjXX2a``2PWChU`UP z;|l7DWj3$0&z6a_#q zbX65Sc8#xPb}cV!iKP<*fV}kkQHM!aNuP>Z-J>Jla-A)c;Sl7ttwmFA5YWhc?RRRLIYHOR)F#Kqi>84qM? z>|Z-K{28)VV91YaJ|Tbgg-G$-rS#YH@$;)4jgjCW42MYCd^)$W(f-k6+5oJR=^2F| zs#mCWRx^_b#JKe_-O7neC+;dh$l27zXz;*jV{60=K(8ra>!8l6(t0$ltyjb}$;LXehU7~8vz5(6F>CG8h053Y;IMg6inl!D!?Hg9n#6$L z*l>V=V^;KB>pv2oe_~FJAtN8omV8?1ZBnneH1NA(#ONg5gn_0)%_uqrRlkMv;4q!)x*H3>ty#l+SO^dq(wqRXU zx1UfmP2I10kvh|VmGc0$?XiSJ=KcJxF?9}nr{AH7v_3#DG39a>^l zuc|3TTqKAwJn-+6>i5Imem}44b}Igws^mZ#d5hb~B8$_x+saT=av&$Z>zi%WIWcAL z_tAJds|x=;s=+fB^boAIWUGPp|BQ2py}_gQJ(O9AYnE`pjHUzm}AnsL75bUa`UJ(wL7`QTPoe{3GRd-Ec&3R$|q@K;Y}{XpA<;JCR)e9c-_7=lL9`CrhgFjZ zDAhl^vb^Q}J{OYU!~?Pqq=M6qJ>+I?crFGmg-U6t$>jK zY@yVkT+KRA+$?*&fwzAg_og%;;Gn?!(-3{@n_RuYo7P&I>>>BGvqxtluux~O6H4DB z0Qj6rLPZ8{rPAI8t~FYpJ>dCr*JZ1(1>ITESry5Ii@43bp#<#Kk=M`>p1YLAI_Ruk z`|Kb#gEQ5jkyO1>Rc@e_y87AgisZ*ndIxxaN~9dN5lxd{NYs|ES&HPRO|CXtZzFDT zU1-F~s7Uz5GqxBceN@SCzk4?#kVb)a5-z=2SS$IX*9*5Yw3?^d3id7cD<_Ise)HT) z3l2VRdXua8%Q8``I&8f4Uy&zexvv7WJ-xhS=jZOo0u?3@d2ql%V}|uw^L(7;XV^|@ zUv4T$`xF+WXRrJkdTi1em-8Y+sc$xVJM2~nHjTJVA$FZB_ub%T#_VwhiWY8w#^Npdl^M(bfM%8e+{fY58Hg$4r13k?=a|Yr~i;iZZwws!A<xT68qx0UX zlv$h(ZCZ?G==TG4cdpEfu~!4%VwNN?6W5uf$*;Ourm{er)1^rT2m=w*^ZFSWr*+I8 z7X|$@lBJjL^SSCdBQ1&@2XYF`Kni61=-dp{&w*HLRZiH0De?L-0gr6 zpE?Q$R5L0oI4RslDD#vLpa61R0xh)xf()hxDgd0HFI;O(EyoM!>s*dPd$|~=>!v6Hpd$#Ukp$R)F8ZpY$ z>M|Bz6<599jji`kd?@e41Lr>AJ6&tVh{0DRdJ+b-Q`OpYu<6IJ{>l*a8n)92A+*!S zQX9^tC)1ie{yPMoJI`wzeuVzGESqno<5j%@lt~m=V7wQDQtGT!6SnwDW4>I!mk%d! z@U}j5^%(oMMlP9Ruj+TVW7~a9)5ZZp9ypks;*ZW0I_!g7CT(FXx@Vp0-jj3dE;dI% zRW>X)gHap7tF_GhQgs}aPhOprxlhs=c4t)an>R1_S-Dltk*FI`k2XEerOS(7zr#k% zR>9AXZR36dCBkNAmrD6S;pwBECJ-{$9ms{|f;ZSPGI1tKWO~2##`%CBUJ64K+yN#c z1vUQn{fZnSCsy7YCaTNxziQ1;VCEnEjeXT;ly(I`NYzp(vw?igQo!ntl46ibQ zM1;@d#WRu9@VU850>>)CIz7b>b123-4Kv z@Y0$@j_bLrRD3enq1ZXtcMW7y%|oP;x4)(QxzC^9_XeiRIJptw@38u*9LQrxe2hj>6+=HdTx%3i>nMvZ)#WYCeoF zlt~$VOfjpz*j0DmxNyQapSzj;PRs1oE9)En?ko0T*n1bXSHGe$N}F$SwmwJYA4p8E zZ7hd>Y3>{+;1wLDCYOcJ^om1-IqeZgqU`=){;@~jCtpP+M~CXO>=RFT6Tjj7&AG!j zASbVD)@X@SgkRXQlzE3Gyunh$I`3UNr69`^liXJqNE&Nxkf5wQ+mkxfh<7gff2 zl%Ck3gasT`ut0(%k-sj_F0?#Tn2TP*{XJ{VDL{y8CMFCtfv&K@x@FV61odFp5dn4C zShe;ne097SIzyqZvc&4x@q-Q87K--y&CS91G&TK}edG6&DwoUZ&gDD63`-iEjhSV> zbE)imo2ur=C8O2Ed?Rpttau;Sc)ku#qT9hqtO)5a-29{E^`M;|=9>#Z=$cI`^4DE< zP~h&hq#umFm4sY^;xs+IY~i%lD8=#{!xg@=V|=Mnnaj=TZgvh^#%q>s+GAM_<5v9)a!elKA<(R7Of-fQK9`bli>PAWOta7WwpL?_$A))z#Ie@@{vFQ;d>lKlRJXrcg81X5Vv6tPH-{cN`8&Y!%hUimvYvb^9*X zvaj{~elhmYM5kL_lg8DYW%ShA8o*?iUutGc3I{@M(?*o?G!pRjZmGgd+h%eQIyA*m>FV5vQ`{UI1xdIC$i~ zJx~!$r?vie?o41IQ;d=LjYs}ROtQE2S&T!>d(q!pj6tY$tAmim(Qwr-aeDThUY_SPRCX_nwN(Y$wz`WC1yHq z=N!L$6wie^R5P;qsQcFql82$)#Zs2HT?VsXnPKl1@p1+=dXAlTv3jg*rkK-%qJwYx zSw8o()OFLSmxsHj^SE-r1+JDX=VL81Uuk+LCm@ET%08)*!mi|Q8LruOd|HA(W%H(Ywi6FqG^X!V z#|-VH;j;Qd*(WEf9TW4;r9?R1c1xo#b9U~ynE}&ghI@|e5rc7={1g?c9JCWURWWDF z!g~KM3&myA)I6?bv}jYa{@PhEzw@+;r<3&|A@l!B?^8I-Iulz?7Y&nS2_JjMEr&u3DRyf znbK9yhZfGa4T;WE`X0q|WMwt+E8AL6CGnv-PX>1Ib#)_sO?ni>nen8;%?-ZG?o(HH z^*B*`Vz3190^ds+A%Q7jMKcMc=rYVTF&ONEqcFu&}bwNq9gnb#R52fpA)bMzW?%TN`l$FbVj*8)4kTE z@od=4=0Dv7YWTyC628(q?+2O9uW3wT>dGX9Lj z@*gEbP!Wqi6qfQTX6p)n38K+n5U&t-iU#Nvze4}^CufRR6osO8WU`{rP=n;47qoNQPc7sWt(J#l+rl8+ zFIu*_)=}-)B~|8+{jpS#d=-b>e-b1WBsVg&z(x1rg$-@7^iIX&<?VsJ-R0s4f1n?ZLGM}V25&l%gjmG#rr&7mIhfjPj~)_n-<)LZTCV1a|_+y z{Yl$rx9gdb?C^Hcw&?C=#fMutzyQYD^;Nn^+2_qWap^J2^uNr9zhGXZ+!AhEgH_9W z*Jb6xwP$!nSWY{hy}ar~tcHWboOXP*e^y^4G(o}_&h?gOHcD3+B|q0rSx`c}r*nlD ztkS|w>oV01y%I&sb7YIS(EQ(d;P;BQ=51(;66I8Gqq>BV1!Xij2LJhN1PP$Ix!%Y& zrMyX>;g&2*K`LMHFvCwt>G~d2f$W+}%(sT)ZbV1hN*$xL-go_9!@UkJcEaUi$_x^x zvC-^!0k~4n#7G?OctpN#Z1p#fi&EPkDifU8=-73=sQE)5P(X_BuAzE@74nhIRF~kE z#F;BgVa%YEm|UKo)aJw!6`Nud=hf_N29{Q5OsU z(>6kli8E@O#YdUl)_bOBP6^~e2Hzz&*Te+^(&T5_4mMuV)C`@IWP;x6B^v=4H=9-IrG5nV>#U2+7W?B-OCInnpb_(_r3gV&!p z8q@F={55|6RXyD~UhV1a(mM$Izg^l0odC1J7I}@JP2loO3-Pi)(B#800mS3t zrSW}eY_?)oM-d$29wCNuPc$rD2MqGLY|)e?aUXudj@`^0w@&u*M^H|OTk_rEg!*FD ziN1+h6V1(^1j46VeF}I?w{;r56-iOFeZTk1RfC~^qP1*)K^Z)0Y~lv~tI(OJdBOU% zsq`LIMgnp!E?cU_fx}yeEE-!Ozlx9>(h1pkEkhM0r|+51@w?31KRu9~c~*qByjwUq zaPMWlfagX)G2x+AQi#_a*KV@a?H9LCF_dp=Xo z9Liu+xwR(U(_K*(7jg(VwD-)dK@{bZdJW>U{ljbg2){i!3uxjzv==o9hz8rin{)LA z(@G>_&u;~yzkDf@tb5kMBL9hnJ`(IM_HaxA+CwzBa=!jG za#&z$f@t8a>M&3jk}hfEA{6|zO0PV{w85vKM{xVIygcvTFkos+2iQgXwoz8&Q&O(E zS9G&GUs_!3@fq!E_xne!OynY5FI?S5kXe!kgMDzEIC=!7G++((I(5Jt)WST9vJ4`S zHw`H^;4wr)C55^QV25$a*NzA`L6lNYVC*8}`qE*WPi`sHw@odGpq<6nBnB5}I?Nrg z^TyYl_s&oTMa=b&gBo{ZWXJpG%Md@}Q>cI zPx!42K@?<9H#D%+CqEMx(N|asiyJ*`A2{c^ z?^O2`y33XC@HNFZSZ3zZNO>Z??x@`K_9t`BMBhZz4EtO{ODiHGBMCuGnme4aL$@s%)KywIe zqvPJGGJSHTjNZZ>p(t^K{%oZmGYR$qdkO5UA)_D)D%WBX5jF4Y@?MMxH-W_(IIv>M zs&Axf|5mF#8;($$j zhqfmY6*K{x1{V=UcVmFK$BG0L1hc-gh`vpHR73WB^!&l;u3DdD$9=Aw%G~mZY!#Xz zUCqXqRN2gSugf@HV=Qr}{a60kP3ui8hc7#G!M=G@%lRhp?2}c2w*3~`QQVpOr3d>C zC@s{bM?BrEv-1;IM9mX4py{@60PD`}x|<-H#0P^Nm`+JKZ1nXWZO&y@#=QWwmgc(y z1(o2~Ar&w0^R9#u;U-|`#sg_q?gTMVM*n5q`D&J}`_Uf9m+?O##$KmURpCo}7=3wX z%85pKPj04~;mPPDD(PzAG}22XoRE@m%zE5?aKlJs%9yiRzKhvCB+S4rofb&NLCg7CgPG9 z+yw{pG($dtKqL>To3J<8;S~9iaXvye(m);5+NJk*QBZjc#{*^{>8svLMIzh;7C0&w zNz0&y6beBGVhmPKI|*B!1rg3_W7CrsQZYkISzV^S*mI*Y)5#lUS!~}lsQyGV?iFQ1 z+@sHDs|4=VbC}1RV4&%9a8U{3ZcM-@)%dX0Mn*?NzW6FO)gJbeIOlR?@&Fdn2dyHIZf)^C4==x{G3Z3 z76=b^8?SqOXZ!<~FhOd`^xkQZ;Jq952?Qc}(7Yp^z2!or@s8O?XP0%CKq9EM7gtcj zEdxd*ylzyd7$l&O3Zp!BlG3+m*M)YH#cE5XUtB{SlJ!_u}L%|vyK;~rP2 zE!ZrkcZ26Anhic<)Kp6c2p+vJ6z1i5*I?6_j2oZEOawJOt=e^O($rn8P;p*1;w{JEpoGFO z)GiZoNvZFJ^>6j!ClH9_;UJIlkjX)j zGvRT$Y)((~AY5m@6=A*6Dhb{m(An}-V&{hFNn2kI6<5~u&25SnO{Y`bH+g`?#*ZxI znoK3Rn7D{TWD3U&Gi*BoQ|d2A7dMp^rzmy0r2VOs|JYpf>!_w#WosSjW5Az+g5fDL5+lZCV2g}d~gS0~%Q4{f(}+%J85+4%rQc5$*)U(UlGKQmrt za~|&g@{p47z09sJ_9Br^!X`B^2Y=2)G)wiNYFLl{#8-a))D0}1YYTJ4r!3T^9nwxY zin4{WCvQOtL1x6-r*OmAHqZC&TkaHE?3~Ozay22x+vFqbvqFnx1=Sd(2`ZJ)xQCL8 z+K{S=of?kG9LB3b0VM3(Btl_NhH+)r16K(@<1?B1!4;Evuo?|Z547gr#>~+66 zy~Dx3&gpEal={o`wZ}RJGu}*Qr4_JRUc$}P{ZgJWEn$3r9a63_)9&2v+~fR&a-L17 z_^opoQlFwXrbxyUKX?F#!EEjHiSI~h9-jV&_kWnVUg@)W=RoWiV#e$EcKJX*1` z4jZi~=4ktXZS$7ur%9e!Uv54LKXzAIg&!kZcvM-H^?5?I|C*}E4MG`#eiwAJxz*1) zq-i*z*Q$BXBvW}FRSpO#*lGpm&~!4mseJE1t=lQ6XvoW}fxYMv$H*S_WM!d4$^k4j z*`xE<*3EukITF6hJ-o%Ku=IOf|N0Fgj-U0*y%s-=optE=I&I~8Z7r;NH%%6-7K^Oj z)k?xj!d9XT<4!0P)T!x*&T%&OE+~dU+CUMTb3_F?zzX|QuZwYa-c99eksq3GjkoE| zHi|eOmcW9IF0ARFxWJ!42lZJZ;otOXMX>DnLfJseI~5{Ak6if2#J&yBs14cFK=}|d zzj5+9ggJiv8*3$T*ROZf;7U3iH+U*)7i|*EyM?uAB+q-xC;wI#uDpyn!`X$ODm{dk zL1G6t50~NXyN!2lEYyvcmzt_OjkD#kv9PVHNXwlM5K7d_DUt89n56eFdOO%P3V?v{AUIASns}D zE~+h?N=>sED-Ye54>{}zIa$0YmG4l?xfG~l?&MUq%>!4a`@u|zfbv*UkahS>)%_1^ zW3JNN;IZk_D|O9Sn{Yk(kLxH(o+I@Mn5!%9&rx$s6wwyScz4^Y*GrG&RNZuSFzSDr zK2c`*X(I7)_2LMZ{`t1~fpfi|yTk9X?C&^T21>hak(+JJV$*DR$>l{Y*VA#_JWRDI zS(k0LcLY+sb7-79^z?xW{!@$Sh}Cfv_R}12)@02M?=o@0D<`u{{iCaEvbMG?EvFmP&=}(y#`RkPLdb1Y$a?9+mhVz~EsZFl;b8N0x ze2TMJUppM5(X_yN@8+SFmm^U2)^ByFRQ$AoQ~8P18oZ@P=WRK0a z+Y0}iH4Nt^=(tU3S%yh$0YSSS)YI+j+k8Q_9{_Pwp~z72158RCYex`%ap~I&gd+*b$voK zTU9EE6ZHl)eD@yZ@%VA?qy)$@r)9P&4!@Z(Y;=c0{Z8qs7HBF7yDt87Gi_6Q!x=1# z*U4s^hvbe??^jkGqWIS(shRcf0{&jcCjIyN7bOnV#p&*EDPQ>A^goM&e<|Wiw3cAt zHl6fzK=ENHx)_WXu3F}MTII8_Br5XTnrgo?FwFR zpVJO+`HUD32BLW=l;D^#Q3xF)*g(Pq_B=D38&LK3{CdBHIawDembp3GH5PF$!hI+x zOX}r@r82#XU8xIZC(n)U8y8az$o)?LrK70C)XpLq?vj2>$dMe%!KGSw9eq0qmExJQ zROYxmZD^|}-k1sYtk7XNwxy+Ie3qpN>|GsF-jkWH?tTA`N>!ZGJ*cOSQhIF@F<@b2 zUBQl#?cQWzjlzNz(vVf%q+I^@$|d5SZ%~~WYZ$v&(!|FQMEMhN&XZ|yVpXf=b5J|uSA2(1NZqM3+Mh;{TPu}$G!Nm zP6#$zJT#y&|KF$W;H9i0@?^hS;KNoCaRr^sZgly^-%SWNljKus>* z6KGa=0Ew+bg8o>!+BH}%3MfKn1snW$kFxEQKE8B3!%U;P*q<%N(-SYI0A>jaK|EAq z;_^q2n9DlYtTT$W*`8?tw}QMBw!F6_}Qn3&Ma-NjInan$CVSnQ}x$k8dkHTXDv+aj~tld|AMxR0VZ5e6;5a&>N7 zv^@akK1d@@z$3T9qy>%RtP^@)DvaysORE(H1Zf)`PK;;>RMuswCzt^eE0wOn|u z%@-IwD&LnsX}deeB{ios99uBgRB(Q{U@@de@NU6$!3kRW&VnvAi|n!~b+(pUmu4Tm zbR`goPLv({chU!0;r?kCi;lW`wLJLmj|=3b7CtC_I#a2ylsPo--#ZJ%M3a^lxksa- zV>6BVcf1!J4eCxinF0&AF}^V=L=7#Q)BX*(i!1X8YEXEUB0)@nK}7bEf>L(xC`F4J zS9m^~2m8X}qW&yCL`n`{u$VjkW!NKPa%!r{g{$Mkz)VHiq?$!uS=g~FwnEQX-x6zG zuwx94^6P}XeSYsw>ZtuR7}E9)bT}Ag4bI zWvsJlJH!h_+U{TZe$1Bv|NXf7`2OEU`cIHN_i2HrXx_+37Ov;cKUL)q{I^6jGDbxu z2+Dc0<0ak3`#lt>*xdu}>_4D7(a}42*gGMlt*DHr&FYv%!;`b)MDN8)3!@|?YZJ%4 z*~LyEF5&f+1KHm{a=7&gMx2ev9-Xo6{odKkHG5_{&b;GjOSV$brSM{tr1stlqnZWF z{LrDYa@4JR8`$g@6EUSh$ymX0m(wB)_buE*t;KC3<4oygW)?nBQ*EZ2d0zV3V@Sj9 z%1~!l30HSSF{{YH2Wvaxvf&tuaWO4bo~B&7fw+03@q?z^Y>k@67a_^#Bjb8!(j8zo zG`{Byn&#_;^jcVW%rUe?iYAtGfZpNsBON8D;Mub|aPt05iIIY8ei#45@shhmTa{QO zEyVDI6fJcb_k*T{m^`iED1SS+g{t~#pUf?8f5|?{V2*mOopZqg#sfm#LI&f~YZ-kj z&Ng2`k@o*Oc6VED*;Uy;YrG=rBL+(uPzbuDhy?AJBvB;t_pfg8x)2j{R`6N<)f51>fMDO1jm zPYt`A{o(t*mg}JxwV0tKb9qXu=a}=@D8sEWeB$TkM1%#mKQgJXy{_cZ^^^({hGCM) z$B255pm9ad09ZEfUUQ?E5oR^;2cm~AH4#$mBOBmt4xfE+=z)uNvjhq)Up#~rhz;`f zqZFVUP*R>&;${!z3bx)~da=bQw5*3;>xxqYQKC;e;0fAwC~Kx*Vv6hQlbLz`kG*;)XX!)R$JR`G zG=cL6p_n{17Mi#DjN?i z!-G|#re>f#yAPUDNm?8Cpe)%S46spWVtGkpdCao11=R6!3pk&gi923(m-kY5pJd0i z(?krUGGM)UX#g<+c*7_n_KB1{&dH%XzTKM^<+~IsHlEF(h>;;z$tyZT@=g*VnMb4^ z777+_ZYQue$wO+Yw3-H2i3sECG#-&l;m>mKrj2MlSxZ<2)`re_<0fGm9`nza8Vlls z-li(p&?dSD`)!v{j-0s}oOYBXc}rYJ1z3lkT`&23i7+gG5^C`2xO3uM>g)+La6Ks< z$t}0%?0)5OpHru{pe(r`wjR?JT}pFML`U-kwu-*wOs9{b&WG=+Q#-f>#g^wm+ zsB=lq>;I?jz|}}srQ<$66uG9z;!(#aMBMnpRx`vkr6?V}Vx)@`*vuUE{)ON1n9(zX z9&oes*_sclD71@z2(h5hJ_Olsh<9nVU$(hNVdsh4{*83i z9X9;YkQE%(jsdf(8wve~NhVlU90$)uCM42#hHPvS-u^lQN<3LIZ#p$!Dq z-T*Rp_v^*Ox|WtRh5lT?!6WMQM-SK^?uZPgZ=rj;YC zMuA?379?MLp`f=yHPT7I$z5#b30HuBuY^|og|N8sCr90PRB{pd{5sIb%UP&Vja#dz z%7|F1K>VH}RGs(KaF_qN0%33<3ACblmwRUI&)2c{Kt_Fa`IXaO78h(LYOQ5Wnk9g! zN<)oCIuv@9(l2XnR{7efX5HC)+Ih!^4tDs5_%9H_sesZU?f{!653N&+$L;T2Cq?bD zxe-VKR(*5xIchEIFEtzO(Xf~Co{fn+r^h>caOH@sX#`{s_NJ34ARF;~JpSakRG4cS zeM#{+Tas$LqN=k3OTpc4;+_H&1W@>%l-M~4qMfbCq;7p@mC=hDXXDGwdO7bWSj zIXoIIEB%F8p&=gR2O<^)w9T1EZFOM1{1x z#6x$1y}UjL9z`kggIFmcM@$90JYDY#cHD?cR_8}k$#mQsJDVpX>OM;Ohh5%5s8`e>Wc9!rUV2md9-6&uF}HHWp?m=OeOvMC2Pje;v{7gaXQdJs z``GR8hx5+xswL0|vQ-!HcgzsW-BLFJjgL5*;Dk}r4dZT8ZAd;9FBXt{ zuE09+adFu7dF!z%Vxa}j3DImfE#{QWdLoJ|Qa7Q9FGUwpiKkIvyAl8j>R)&Kb&w6w zhC)yVc!5l}l_Qw-0pzd4SGDDq)zGrml>#GQGn3!Cw~+=yGsB%i4PRib$B)7_N>re0~DH4%6xFtRKz^G#MOR*$9G z3rgp*eavQJ1VWf8^*A;mSuwzp=SF>$Dr-qgOj}lMX-CD8g{+w#Vo5{$aYVBn%f!bD zk5^tb(p*oFT9St`P*>%=Mo_)I66jy|)(_wN@!&RkBiL=Ikp*;NFA7kuyElz=Yy3i(bTbz5O=R`|WDDvgGqA;~06n=ucN0 zr>`H6AY$tgVm$h)j5VT+cbtj1j`o@V>P&M0e72yu7IlKprVjNmok<=?b`%`gGf2M% zjNx_fCdHM!K?B~N?Fok$;Gf)UJ=9Ac|EX*o7YtPr$_yI{)uVJp?%XFLaV(Uvmd& zw7}1d>S%V?d84YGTJ(mPKjmwqtwS`xgnjwNgpse4_~9<3O3|-ehWHl(q5tEMDH-iw zfZt!`Jiui}^hpRrFo>Z{s8Q$Usr3S{_Vv`ez)D1sz6;ucVkZcLemp3E(-O>iZKY-b zoL&T>f4*%8_7^-8^vm+Y3&dF|8Q92+W=SO|6LNT}ZeNgzF|Eof=dJZA8TrL1Eq{iL z(O^y+q{8pL;T|;cSn6dpf`SV2<<)^QHkO!tn1P~(Q$JzUOnDgs`%Z$N+T`-Jq#IF< zU&}V3y!#7Xp95s)>5rhCn_h#B2O+rVbN81KL~<{$QXSk6v(0_bLK9DuW%0aV z7dI$j-8q((c2~;Ua6QVqztHtRv=&Ykq%L0O^e-b;N((PI6zNBD|M5jxzNQj56!Jn* z3@Y(jLKb6SIF7jfVmN+5)-sN8IzTgjMxcCV`=&0ukjH* z0RoIK(xn5TzB(pHIbN)0GCb=$64ghD3a&$WmoRAQ0c!$~Ro~u(rcw=%<1ngw&>J(5 zhygYbTm-Ek-OI8l%YP9IF2ep`W#2eezMYv)F=8q^B+ciKge##59ocw;LqN0a1_hLW z@|HBr$g_>aDI#AL0q@R8=BC*F)uWY^rcl?4l!toZ3%YTttfnqXIx|R|t`r)CMR}JD zuv<7GfXw71O5jSzAprSmW1hdZl8;!a;BX}fXl2Q%dr+pUy9kMzZRfdVRTG%*HNAnH z$EFDKoX7GCfBmq)W1yMN4NepXLOK#=WZXdF=Agr9AOR9ycU9`rITRA{@+rr_A%pls zstL3id0fe^NaW2`Q6`P@F8RU?f&nt2-6)|bHQf{NdxQf2r6wOi!eT#{Yj7PvQ#aJm z+=?qqvBMVdDOfcTj@0<5x0%r$dF^@yTANJ0PHMuCC~GCZap0nm8Ucwe9;QzjVV`VwU5<+lbV$aWk}fxJXvEO}mHB^7@Br3^YP z3NeTHpfM3Q%qaU0F+=yus(#`)n!|C*~lHFRhNwfAFD1KnZK~?6~Qjw|FtgLeEsB* zajuGv4~Bbw@k|@bjRd12R#mwo%|Gx0ezZK-OiKALeN)(K3|SG=D`Rw|R$|#-K~j9% zl7F*ug41JwY#AJ`_`rh_N!juVD4BUj_Z(u-^{#7r|DHcXc;fwsP5(Pk4T6j-=QY&e z9@*X9e}PB>0wClMIS~K!b#Wg=OCmkNj6LO5iDFc-darzzNjBs z_P;&g2apN5ezFJ+d^yM-UD!kUzepI#0t>Ua|If)~%99MZdq6-cXB(r|R@wUKq(NDS z=D5Vf(YvB*^e$EwC!HH8$brVw!rR(-5hAB%d`$NI&c zUv=KW17CIC$yLKz%xYA)8Wpal8<609HQlhZyF*kEtLcW-bi-=80omPJO*j0a8dlQ{ ztC@GqYPw-5#9B=^5M72PWx2Ygv$~~2v6^mJO*f#_2(G3ZR?`iu>4w#G1G&qvw3oS> zZdgq>tfm`Q(+w!9VKv>bnr>K4H~grxUrjfVD~Qz!($xx5%xby;iM3a&8^~3|{{z(x zxF*b^3*PKyrjZb_10WI(xx$riJ?BOw3C%yri{7c}vL4~aVoEb6uZbYh2p8gY!Ca(*O3H z^fuvzkM_W6)wq~AdVG;0vdrUzAmn{!ph2nn! zr1#Ubkuep#Je_K#g^GO`BeYl*CUS`gJ-{9TaR{b;Kv*y z^mIHqpRrAcVDNo7P9auQbr3$D6$>AisBB3l9Xa9$v-5LXpq-8Qf%S@QbUb3`8oOa7 z?Z|oC$H(MZpzi|i1LhwYF3&kp(nXH*j<`yx8Ot*0`n`Tl*Wz>Kc%r`;S`W>ih{1YL z-1c2~IkMDjl0>tNJO)tp_gRo)ue|~$caU^Lz3pO&adQCDzCO`|cYr_=&^B(uRjlqb zY^<_T-u7`m&S*w@avWDr*<~`Q%+TT$-T%=!Hwzc@`gy)+&)?D@4{qR;PKhcIRc@L-E#vpXV6Kn^!**gj+}rM z>H!3w*k>q5f_^~C@$um;D;1^K%Y5)PQD~vmV|$Yw`nO>DX{c%4X4bfp^-fLZ8gZ>x z{mGQCIYwOd0qX&IlrH$r!--Otl_b&b2KX`6$YyMm-a~3ew+`N~ zf&i=)auLeq0HpZ?j+s)7hCXkBwSoD%s}LDvp&S4Q=9T|SUjF$Pi~Rx$sd8~W>TTyj z_Di>GfkvqpQ_9^f-F_bvcH8InpF`7~X+}gsQc%zD6;LWQONvp0Fv)&1ds0})cuBhc?VhMT`pWRaCN7{?^Iw+);EU>5es3QN zA6I%Zw&0)$ANB?n@+wn1rQn+3#OT}quyZUMZRdDo<9hD2oz~`*Hb5?l{Y$B`aRXge z3XZu@CdH$}uI*H+4H;zA@X`Y-v@YI11S51WhpO%UG$q7v1j5piU2`T+-@*w~<}+|^ z+n3W-{~>uu$hvW$j*XVKO{RO92buL%jmYaJww02<%e~Jv=)5 zRBbEyqjc#x1Ok8$m5Z;x1iP=*{!Kt7^F;JRRttPsniDBL1{fUkxA3IzDQVTqTi6y{ zJFN5g2jxC>pKA5yovO`xG>(IkMIWgez)pdF}xOsD->>iPM+I+I4O!TxmoGzS@09KmCo*+YgLQc_UxP>4}Cgt8s% zGpJthqOWz17E?3PjpJjw~vhqRK-q? z#5++f3rknM?5Z?aHR3aerNo+}quFc3XW>Pnk3q?#%lA(x1oJbjv zfVr#;oXXpvr(K_|x1W?1e-Hp@13L%(I7MZ&;c*X!o%WOKJ_Xx%!TwJ=_UNx|B8)`v z8;7Z!((qE3`K%pVudkIhs}l9%x9(F`CT?p~y5E*l8>42i@#1pe1l9d&N-bg zo4_cvY;YA-9h-HyWI4RpGLb(w-^3z79{cPPm%f0vhI zU;tVUyQT6IsKP&S-i5-tUOtj<>it~z-XLrIcxq!=^>_K+?gGa&hJpvlnSLQ!|0@dG z#5tlU+7o8vAn-mhf;DDvKYQz`xqpsBlQygwc(S^4u7mg2U|T6AccuCiycfIuB`hO< zY=GZyu`QzD$lUdhd}O4WhJGPc8VzpTKw{MOee}VN>3&%2XR^6IT{83P2f_-aVTEhA zl>fc7!neCaGy)I(BSSTy;@C5B4NuyU9J>G_6}u!-3MmEe3@7kgHBlRlA`=h(Z1uM#z)D+e-T5^YnrGf%FrAE}tjdC7vKc?$`-$lDrA4r(lwPa0xgVStjo2i=xMjBcgsRrLpLKTSJKElmV$bm<0D;GysrH`UTx53F+N4t$Q)nk zyvO!F4fFK^d_21(O<(|<=p>Go^bJ}Z@TAD?#y{o$#svbGp$2CyC?lbr*&gOAr> zv6MScie%)n?pD|*r|Oc>N9qxLEWnLPsKQD5NyFX==EfKK9@}_-AEOU2O*?|yWIT0= z8(zX8mm>_>Hcral!cBoXq~{B9!OtZoY_3m!`AY9WT%Qoba(hsOLI&JGuBiK^S4ih4 zvrvkZr#CW%O)h$ii*BmztryD<(!cGi$m@Wz`IIl7b+aiu@JPq#OvIStHP*nRH_gDNwl`zhDIP{@ z67{VBhS|n#dAUAeW{Iyy;dc_Os)Bw}d+0<2jr?c2tYGPL?J;_oC@p|d3(%j;;MGibV0Gztzf@dcDSV@&&HwSD+sB=y>{k#^ zVhR!^IhB{14y?sQfC(Po=Am8tCQ!nx`QljGtv&&j@~;lbQJ>$EJD^rsplH85_#3Ic%tjs|`%py`+wsKfK$9bO; z5OxaH&&)G&6E~IIwy$wCyI`odvOLpnq3jzwIX?JDTpiNh?3``rkD8Tr`h7HIbw}F# z-|Locoo0`9-$u7Y=+1m85G{}@>BJ|N>dEK ziz%;u!Lzr~5)s*s14+CMYKQU!stfMWYStGRjv?*nnzcY#))iZhL1ek-BZKef#SfOn zMw2i2<7X@$^q6Du4dgvbA}_Vi-0bVlP=2$+SHJsf_l>T`*&C7_zX!vTrslT(tH!)x z9rsDsUS*Z8@j=0<8F+s?a=}An;VZbZTZ}>O57FUd(S=6|PT>;$=S*og)9;U%Xzp&x zwdnfJK_&v}AOaapPAJVme&8t!i)-ajP|p<9wEYaT*?6Y>%?Hxlj%dcG`^rz|G zy{RCzPqpn~O%2z7)PrbQ3y2(TbN6Om#!%31m0NdY z*sY{#GSSCi$enAO8oBpbz^1 diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index c4d4459c37..e19f5da414 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -250,7 +250,7 @@ After logging in with Microsoft, users can't see the option to log into the SRE - See {ref}`adding_users_manually` ``` -### {{interrobang}} xrdp login failure on the SRD +### {{broken_heart}} Xorg login failure on the SRD If users can get to the login screen: From b007f98ef3bd670449cf08dc31fa9d2a3df11d36 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 22 Mar 2023 16:21:44 +0000 Subject: [PATCH 132/289] password reset failure --- .../password_reset_failure.png | Bin 0 -> 23099 bytes docs/roles/system_manager/manage_users.md | 23 ++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 docs/roles/system_manager/administrator_guide/password_reset_failure.png diff --git a/docs/roles/system_manager/administrator_guide/password_reset_failure.png b/docs/roles/system_manager/administrator_guide/password_reset_failure.png new file mode 100644 index 0000000000000000000000000000000000000000..4598d138cd20bf5af041e7e8b855f0d99f509d44 GIT binary patch literal 23099 zcmeFZhgVZe+cwUzVTEHsq^k%5ktQG=tRNu0w}AAH5JL$BL`9BNY0`^y2uWz6Lr?^y zO9`O{seyzLdPxZR;^TSV-}fhc>$l!nD~nm#%-%Ei-0iyV+4-oaqkic;=XoY3rb`;n zpBgYRopxek`s>ZvGmLM<=9?}sG2LX+c>2gFAaiZT$Ab%>MyA?$pI{>bNv<#3wR&7Q zQ8PVf|86K34YXf6BdZx%f8XTw$f#&~`A~tpU?MJKxhA9F;ngUet2cH01~nq9AFO6H zT6P}}qvs(&kNolojcL_5b8PePsp zmHJoYB#Zp^0JU{{K#_GeaQVpvMmxcn3N{NKKd@wTN!J_iwl6#{b^<{}-aDgt>=0 z0HxHkvBc^G6~FxBdBBXD_p9P+Bxwj{>WQJr`b$?N%WI>L{3(Zl8rCshu=MiIgoxJ` z?kE`?vSadJJ$VC&_!>F!0K8&N3JpQ;se<$pK{4yTYTie-=so%hKHbwnYI}qe>c+T+ zwwYk%yu@Y-0*(xlvB&sgaLDETf3@&e&&#BqT;<_n6^-GNBAo%*+Ae?HmEH0J!-aGe zY@45sHsRBqQeEYlD31Tp*5&)Xl1+`4P^@{Vk~FyS3(o+rmb+SlG@^Tzk}^Bs&?zmh zkwF135I#hn`ghYr9S^pUI=ddL33vL@4;-0Ii1C<3m({6!!;vy?8mU~TIX?Lgco*#M zIJ5Mxsk|AJy4a_g6>nM2ZsW-6dX%NG@8@N(a905CVwiC!<^^GgdDp|)Vxjm>>65yr z3dDOC|9#fIOABq~DyT;^z#U;2R%*AU)?G{r;iKVc)1)=X`@DLBiWcxN{h0&Db6EGTE;xxks0h20q~ zxl>At4FTJ*)!+Q@=mN&*gfXviH`?4vfzBzYH+H(9Gxqtg)2{d0&&C*NLcto>-D@s1 z5_7SPydBMl_yP6Tg@0Geq(vs&r>SwVDSR0aj4}+F*wPp z7!k)juJiYv${_twf=an@4iGkwjM|r>FW=F1+WXY*_Ga#ghgN$G(GOd+VImY8Tk-As0K zpFh8HxbGC{XiDXT6A2QyLrZUm8z2xUXv7NhHv#dbjipo7q7rcYL@B!&4_ZNiyLFFy$q;15TikK z;G=C7K38g=(+r(NFKBvDE-msT%|;1!X}|TRC**~C$ln-E4a!Z}kTWl4J*C*Vwc+ccgQ02?GO!vCP=MnUIclje1Pq1lv{zCyhBQU&@V2?#*}|4 zHUG?1W(MX!Hyg9S+zFn`!!noWk3=RDrdkbILke}X)Mn=14zo@dk@=F>At9QqA!E3i zZuXrO{vhcPL~{q#k9P?4uJA$j@z*mmptfByIfk&B)db!saMw84qoqS~M|~$!$V0yj zM~11KT+aIz{YQAF?`;{vvlKoX8|{9K67E;}2^UL5 zvW>9rl+p*!hgFJs)}yo)B#=X;uB2v^F3R43U0T^|sX+8h0JPtIZ%G|IXlQTpYA1hY zQt2l$`;s-`paKP-*vxT%?O-%QjwVbTq;|F*@(YmHeUtMoS#`8mA0;j%6-13pg1oJ$ zvuUPN1Qk!J8=BInQeK_r8pBHEo(uO;riQ8(u;bEFMvIbVJ&j)*){9HG}+hp@`0RCLTT@;L1?)P$L@#ZVV5FAg~1#4NX}fJ2NDmXov6Mi(=X zZfop}nQxVMdZD#ua^S7q7u0hwCugCLq}UyKrkts};Te$85zI?0=+Lh#ad!A1%xh*l zCufKTKGjpr&q^G~vQIZ`YGkf;1=-|`9lcabWUTukI`YtFZD@vd4cpi80N(7HaXe37 zGsH#=y4{yT)WB91yk?4yi;HCZ2&Y?o+%go97p#mlw$qi4nyV5NYSqv6{BfFAk4~I% zDol=70lQm`OklzDGeM(Z_}3Jj*wtUpG_d=nUGY`9)FMwe#f`Vi>Vja(m)1$~t#rjN z-T4Wlg{|vukD3Ct?~+Z94mtXfD+W8_{)Dfh)^7fuXy*kdPwE(ddf*Z@QdOpC72ROT z3J*3PyfntO*_=D1zA#B2;Cz-7tP?l0JU-CbKe@-J+?v3HX`kZ5jFSuYV)luvUxIoF zKg3EYXUN0t_|Dz6cdV=7{=<-iFh7#&Ms8z9t*@Vsz3$|r3HQ3y24z;*pml5vG}0?n zk1`WI9J*aUU^0Vib_(74v>xnawe4nzW#=0j@K(btp}viwW@eBt+(VC8TBrw65J+3I z=(6tmP@P}wDr-)Q4VB)jOb}CBhf_wFja!4gj98T`Y@}fMka@IHQ9qwJtvGwCb~R+* zUv(0>!ZSSHYtEyfkRODQqI}Goo*qm-?rtvdngLt#%rgH+-P;5JKYP)4H2BCv%fvgb zYOD56NK$$l=SXt_qF-6$LbWwEAD-~q=Y=74XdotFt2BG=z;M=NIY|3I+5O|w=tUcHFmsE0HNr7$W zd;Gj+VRL)|ryY4r_E*2+6B~&Z8syeo^~A*1RgM#iy9wFK_r>Ak<;6MsXL}T&HCjXD zmJ%v*pZ?sh{_iA`(N1^D?)-l6+bZ5E=wT4lZ6vePFGMRyhm&`XTCK2?vrk;pj$2(y zk`f~R;yR%F$B;v<7GUJzv(2a4|XLY!CGpX5Fek1I6Go zah3o_s-Fs;rvQ<+5H%>&&|)}TzDI^UlERoYPA<;|Xbc{g=_;bRjMaa#|I^=Gz}MQW zwtsPk&*il5)Q6IF(x=y(pKw1;ktEGqD6^e+G%~zNu=vj>{|z4*3MZ-!u$}O+9&CQ1 zf~4s}J2{%DXQBeLn!w5Os9l|D|mvQET^_kdVT_!4hKc-tZi2(P3(&c0;ri9Lq($Ig`uK#ZZ-wTle>v5wEZU* zpnck;m1iL`uA3h6yx6-*H`E8(b_Zz+F7>W>GTh9>T;N!d+@J45& z3EXeSFQrjn^+!qP$y3|TvApwzHvdMa3d)IUQ@HWqo87J_hQ+X830U_KhX&7N*_wM&~E$c zR?Cx&T4?Lt04DPU6%0H?qbK{P2Pyc9Ot}$$cg!a)M`1<}H+jLk)eZF(?7!-SW@>aT zJuaVRnT&I-8j}RpnJa_wt}|t=&$EW~)g|Z{*-Kn@AqJ}_%{Pa||1;?~08=O*V7!mPz4b|sM~LAulidsub97|{wRBo(COV6tsS zxze++tA-|u;OSLYoBX<4BZ3^XCRx z;PBU||4Y&eC#wypogto|3)YAVn}~g9u_Ls-31Uc*g0U8eaC2U~4sa&@D9{ONS#b@q zFjW6f4j;mrnS+@y9Ls^I7>7QufF@_z@6Pk>L_C~bGm3aA9iT!*u=U}777jF?d<(1D zvd~D!23Nd=Q2VSQeIavW7g(p^WY$5KfnSA|O9RB_8FsHVH@SNN*O;;KFye&Au0)`2 zS31QX*X1{})<;FbFP)Hjagbsu!T;Nnx5-io8Y8@Zc`Zt?F=$T?^{d-`-#GM%4 ztf3VnlPLrky;xe&gVMH?MZjC(y5{okHuZ8vr8deX>x1>j)KU$egaRUEl#~$%)-hL< z$Os|mXd})BD4k{}$;25}D~NX=V2m>q9632N6+_1;?WM{P7wT8rC6LgmNAO%n{x8qE zA#-CO2*rPPxV>FUQ#GU*Nb}ZLKG=}0*`=_cI9f8-nw^TvJ!xc8|MSerBEKe{yVcId zq#KIJQu+ZE;d!$Jpy8?9cnI)RI7sAZ*_e#3ov{>9{u+b?K#dH#S|Yt}HvEC@ZOLWF zZRI9q_#&^>m71d2%+YYgyrq}b4H_{#@ilfZFGMnWyUc5McBqJ*#bFoXWU?Pz6pUJW z;q+oVp|N)7hB88Bf4y%Da_e(W6uUI2Z0=NLKgc+O;@?`pUq`~`&raocGeSEBSCef$ zQyhe*=C)2_Oa1bhJmbcWG(b@gW}nYbJ;N4di|&^#+zl#EshpW96w85#H1EI{qM)rg zf51oE5;ClW|hXelu0z zd4x013g8F)MqV$zRY4&hi}KH)rek9KQ~U0Ou=PT*XW_|Q+qsk#TDA*q>bCyJI?ZR~odh(n zh!IhSEiq8hfI!T4dhiJ3Y3P);^8G;DCKBb6$-w0AN#hS#@kKHrnqwEft2i2zY*X5w zA9P<1WauAl7+b$t9F(cZTsk4OdJE=G0>Mp-WV>Q z%R71c5w2lXBSvfZVceJrbf?Lh2dgn0U4@oXeOvgmwP(OJT^ZRx;IoF9qF~!aK{fk7 zxFDNNG&gLs6EM)oUnyzt?0~}LuV5)ZmEvtQ>Ui{LZ;M62LQx6jPCxw)JjYaeEwl3j zYh+5upRIf7CMN*^d#;#f6dYoUGy|=5V~9VWY1Hk)y5vq^5ZT($gv>{{KyBR^&HLto zO`5PZ8&9_gQo$!R2n2WP1D!^<^tpgjQt^VXl@p!U9alxT18tH5UQs=|E^n=H8 z1Vd$}-e)=Ou4@o=W16R7jwbuW3wv=F^3|=u+c=oQL3+R{`=1zaN9L9Uj0mYQPN+f> zzc-Dk_P;O}Clb)5cYpS@CC@+!3H(2(UtP61k35w#YP zpX=}ag@W!qQodYgq7m03zgmWW0B;#Mj~I;Bh0S5pTl^oZ4l*z=n5(eT%#B2#&p$wE zFr15t-;os3T%1P0wWj@7Jh|t>CTe+iXKraoapttz(&(>D400&9|Kb}LTPznn6*#L1 z?~Y1%uW-0A-1=0P+@#N4k zq>6?@`WTTcQ=79^sjsc|mnl#jUi+hevhnd!7yWB=r%kse0b6US__^ZsAF-H;akBQ6 zY0q#y&`Rix%lbL3xS)`fTvKWzi(qMli|s-ypM>8ehp+ndKPR-7s;jY9g*sKQHv$tn zciK%qgW9UCWmzl$fNJJr9s6GSf4D~p;x1D>o(V;}Yf%fk=;^ijdf>s=nt}(OT+N%q z-QAO8`73)Y8Y7x~jI4dz&{a7n`L((cjn8^`_>bb)rnx+}HE|=aSDI+>rkOwpU`Mu_ zsf1y+O5d?qz93`d@t}`}^$2vE9tvQ+rRY)^cWK z%4;8^I6>k?+YkxlVTZU|_yy-Ra237F0&H@GeX#2p`Wya&;0oMk7qDhG)_r5^mR1WUaD9611KduS^qR>FRPSnC9^I|QSMXIp%l+S^>t0_!^{}TgG?ZB6AC3Z zx%Rj2m9GbS#+iiF+St^Wsw-RbjOCLd=&I7WnF_uf7V@fG#k(2b~Ihy3CzZf_fnNr znhc=+(@5`NnX>hw(+d6IX-X=PbE2I6m=myu!lZYB(D!?=0odBw_}TUJGDm?>gnbr zXal7Z1z#Vj^`1d`PfudL+gsk|Bbn~7xUM-ekbuqde=~QX?JwbsRw(uq(1(`Izgn#0 z;=9*O6Nl||KQC5L94o8NxAyE6_**XYQFXD7JB0Fn09bRp8mBl`N=#>gZb@ZXG~}^S z=_se;Km)W2d7NIXh(f^fDs<=bEmF+0b^j5qSTU$(tE^Cz?N2oM zjAj+R$7tYNZ?uMvrZbOii=_`<1vO2c{qcvPYWw^DDi<*X_GcK=|JIiNA1Sk?WJV`c zre28vMO7aj{d1-Az1mh(b>KbKhW2wEAJl4|E1zc~RQ$jyF!cgI9cnn)L^m*s8})ZE z7yF#{I<9SB8eNjUf6dUtrsz<>QqVWzYRc~BUu_9JaYC1)geS^g)?%ojA3Qoj*R>)6 z=iSU%ppNoMbDGAcGvagO3{`(aVcbZ~?>n2m&ebmEkaq(G$ph-wW-psZSBYAtK~wxC zI8**IQCWy|hS%SDUU}rB-NEKQgv3O@W9U)u3a<&_7+q#n|uefvJt zJ!R8Zb9F|@2BAD&YXwyH{INqOrWAp9Y}E!!W#&1Us8reV4c->`jrPVu=1sXYzy)tZG!jV!*_ub^saj{7}@?5-4}drlbb zj>`I;H2Z)zsNh7RzD)2>Y)4X;mu%mkD z^p}z=O=pZYOBuWL#5H_gxWl?>+l}0_=YxIeNV^tQC0?{>?kunA+2C`(XmQi6i!@$a zogEwt^OJYS+8f5nsOEkD`5xjgaE-S%4rQ0I)Rn>;DNNEA^Il)rT%Ga@Vvp-V+8FV$ zy45|YsLZPpy^T0t@rp_Z8#ulwTZ<6H=Nty;xe-%qu#;Y-2h#FL_e^nKPcCwnUR55C z2!pW%E=cx+j!Mc0x9m$>>3u3)hw;(E%SYta1>*_|3{2XXpC|?lB)Va*IqM${AeWT2`)e(#jCf3p^56!5cpdH|CiwU)anBIIJmb zl19LB$;Z27*<%c6*NH)avgnay$Ft+~n69g;{q>z^c%s~_?O}X5hgP@CtdiZq<};>g z_Q_f7h{40ycgkHStfrb{Ct$I`h=!{zn$vd+KMeOYP(Er*$!j`2P~Ef*9=O)Ks>F*$ z{iu#{A5>+iS()U;zDbxwaK5fd4qYmp_gNhXl{{Lgw$>aWga zetRcr`con=Ktw;}3AfgbGfU92UwV(bYKxL4^%vfy)d)haYBrou`Ust?+S?%vra?8j zSllrSc0BGnt6x%YZ+@$^plYzhjFY&>+7L-+xMg*nsA+m4*9~fZ?w_BE5m0{jJU&44 z$HRQ?PxNYNyHTU-K;F>BlecuapfV`MKEi z4X$>9IA4Vbs^;zZ2w(9((|2hQ{YG%FXf()1v(&%A))sN4+ z?k07!3R&&hds}cM52}l>{!~z3aJxdk>n1Z@` z%67?iO0gW-{=0kp`Nw>=N}Ho=?&X_iMnq1ce=v?jR82Yi3XZtnrQm0Eo>ff=DT(QP zl<#iIb~VWUygbEY{ng`hNXds+HAy7na)~n~MyAW#{OzEDC%GUeZ`bmkwJ71V7ebeN z%)2<^oAJUZJRd{lP&W$iSD3+^q#_bDc^MAvhN$+3Eq+bYa_LHwj83dp+7te*0I(U4 zFXsd?y+q5vrOn6iy8bkHjCxZ~xIHNzbXlBKHn50~Cn`86=tsue7(Zn2v=#0uwEK(OqBFu#Yh zGV!r%&xJU9gq5vAJMd#q``^;z>xpLNA@J%310LrDUO@4A@o$OI1fR=sGD@khxM9}& zhvytQ0|TD}3E(~DaG46gy5>tecoLQpaCl4x?N%TCV}QtjYMl4}m_isS;EC?dHpEQ~ zu94XHt(zzAsn*%Od%5&s#Q5#sCTY_--8?yZI+s0bWSv5ePbVir?9YVl4qv_K2>&mVd*(OymrG8IHWwa&Iw}d}O;^XHik85F-pupdv!Gc0WvcAu=HqlQ>4)RC zL5b<*L7&cu?nAauK;`#>Cl@JfF5FUbWX@G} z8ER<7X2GzXm3@C#-XzwneGe|5BEe=-AbXET)dV+?X5Ukion+^PeGn>Nif!@)biQdG zC8|Wct<4&e$KP6!Ul1zB6oY!;KDCv~x<0i};D?Ot^i3F3n0XM!LnS{NQ0K9J@ZJ}Z z(fjtf?$x(yrw^kAr)Aed?rU_|NfJY!xGp7)aA1$%c8Xsr9w%%~EWeLGxn0u!Grb~7 zm7h+iHhB>+rXiFE#B0C$MCpwYdU-7g_3VL2UZ!Ad3PDUNEq+X03-(k{N=5dkiY(7x z@3E(%o;&PyMAG;rGXb!LK8Ma~(a4JgpUqed_~cEEIrnROE3;t%yxz~T@43Gsg4M1b zR^+|I403H}G!aO)z`csc3@uu08SdrG$%}04xw?K<1E@MKr&`@wcl+0;v>);zspnrE zV{VPUe6>D7G8huSGq`QAC1sVIw6a$~QPMSRJ5!@ocIQ(2mGG zLjay$;hZh7`zZ(#DqY0YNUvcS()l5%>Q|HowkA}k-T@1-@KzQLDryTkFM{L+A?g?)X)o9Gi}zDk-6Du^T+cg?PMhwk{& zMXG9#X*DnVzFEqP^=RKc`)r`I;TMH1XOKZjom)=%49g?4IAM#p2c6}iKIJERbNVOZ zDop?=)_wkh^_##?+u{`!2+7s42C1-jR&4mF&2d}dMX`%be3w+YDsE<%s|U9;+&*RT zxfkJ>Sb{G4_&s^jQQ5#+(Yc{x@#uVy|55o3W>Tf7jgWW8=XA3&&AHu{^Q^`2B+Yn& z>Us7FybI!!{YbxzPDI`JYgrYBGNV*q!}iLmwnYl&r`&Q~i{O5K-kSxD4YK&A%vcHZ z((;wC`em~YOfLBNu_1AC>>iuydJTe<4jl-9sn8jcmAEV+K@_bKyvKq2+Y)Vr6%LO1 zW{e#?QMd`PR-@ z8W97DmdUE2Fp}J}=Y5Yw#{z7FfwCV57aIDVmeh?T#a$(_?$!IV1PbWFC82muJz;OV zUG7m7vMx%#Xnblfpwdk1{h4dlIVQf0$o_cjJQ_$oN-rdv;Y+YliOq{F#YrY+bHNs+ z?eP!4PUPA<{v8uzA2Q|s?ZfpahRDjOwhCy5wVHFb;{@!HJvirs48n7F%gm9C^OhnO zPDYM7(&Te5_@tD8<2Qz8v*E+Ek&PdKA`%-$%f0na|6X-p^1mp+)WT?9bopRmF!> z4M4$G4koV%srUV|dnONMV43+|;e0W*f=U0VCvoW*7mc{gn{hmCUl_mbjeL>6(9LkZ z8Qlyqg&@WQKi`dY?h8pOX=ri7*1DC|z`vfKYx8vW9SAfVRavjo#U3#bLEBTq6V+o; zs=k`6$@o)!JUV88j2_?>JMHn2AfB(SFRIpJri}dx0+jNm8NuE88~x~?gb0wx@fDlT z?*%Sn0JKPiu-x+`lkj(Up<$ zJV@mVJMN01v_s3++VTSGTHUsSiLH6V#}Q5W?NXAvL_|u9Z%^R6Y{g82Ntw_+apyTQ zis%!_?f$9l4KefHPEOU4M>zY3JKVGh%K8tLE`Mm(yMkSRMxMqC5TPJxMTBpf>EE>8 zP0RlZrnY44o^@T;vp9^*jD9qL?%-rSqUI;xom@O^hw~&(i21d4R0R*m>|yV72=o$$ z!R_A7p(AgsqzFir4p3ej%PCXsm-@t`;oC97wT}_K1=RFU8jYQ&L18D%{3L{-Lf$um z0nM5B&2g>1SdG<>839iVAvj{|o{UfV#k@J6zLu6rT1m)XomX?nvfG?f!A>O0Ah9oR zux>%IGMUmx`j5+0SWKE~jq%4r-^%ta4zoqSP7N$(ZvR{Zb!x#6BWSHrkS;YQrdN(G znj$B=A#2h;a$laB4~Qaz15GN#B^Q5CYg7$u5roEu;9kf|fXf{9o;sS0Zy_gw6ZBot58m&17u!X`7_{d~>C=BB64t zIdtGC>X{5-5H!`~P=|fm-xYBIoOte;GVe#wV(jbd($|b{FIkjc{%9HZ_EJg@$H(Gp zru>2TESdVYi-@y~Gnra~0pqkn%ZI+c^2v~~nZF(>Qn?#_WqkoW zb2Gf|P7>j{$Z`+%2IE$nZ1i;*-uHQ$9+f>#V=T+|&qBs0Sk@PIT`xSlrhB*(#17C_ zw`kbq6<0g=>R5C#;MWA-yQRhp-Wo!;h?0HZUIx@^G2rh32cYHQ2nE*bW6EOaY$J^e zozu4tvcwonOMf{gB>FFvN^1@2(f+fc9WCr2kbXx{}8h< z()xQP3Flq!3?Ke8-^8t&K7ohY*^Cd-(-lq9-GjM7u!%TMTczxS>xhro@n^PUt!F?V z-(U%kvzIbABYzPVY%%VZ$(|Ogh|DgaqN<;H+S{6}IeF*ioHGL);+Q{KFVy8Fqm^C= z>-~s2|G4>xDJAhY*uARV&k5IW?qQNXGuxR#nu82EY319RhXqG z_Apf}u@ontJ9y4rG41$aq(4xyN1#i|`{qwh6P3OX+wOMfB(m?xny#ZRF)`U5-js+E ztnyA}ey4PW`5x%-a$y{xElOWZI}Q3VaykLtjXj$RI683tY;#pBd~@;2t8l9+My&bV zRJ4@ZkzBrWh1u7At}32S-|h!Q5<8FQw1#|4mqwZ)bAsBpKXTk|kmO zX8ns{H?-M{?zZ;FYTb>kb(yE-iWoYZGP8N|VM|E2@|vd)&uxJ^Vs@FXcUUsxh9mrPOqBPFV}jY45O-2`nn{rjIqikzPPPw* zuf``0Nyf!y_F5RGO`FFFYcq1l^Duv!0DENEm+84vu$yz@IYUodB|hY)FG0i{1*I5h zD*n?~XUj&-Gbz!%o2Jkkjn_=7%>i;bN`a+bd~lQ*X@U|`WrgPn5yQ)O7LHwS+d?I6 z$99bG7fQrEuC}t?zWSe}Ao#)EXPJ-2GVfpA6IeWubi5WXb(E0S_dHU_;8o6CA>=h4^6vWQUrkJ}1R4tPp3{SKS8PAoKPYg2 zY~Xd<@K_7@Qf8X+PeHSGB! zKON%XDm42KpD}KSED=5BS@$`@QR+A8Ax=}ig3PLx_-*A+kyrLLO25?jo(D7nzJz^R zK(nSi?)>dAEvHwnu34oF{Mw|{8z^!s4&Gq{Sl$J;@)7IRl5V8ykr50!tx`G2a>=pu zC}gQpj`-EMQ_tvJTxOclS6YemKbb?`#+&SVXhh3;C9U(&f zSl#Ccl@}98>`6gIsG~u3Fzb|CT@8BW=&zai*)&RRRM%c4&CArx6~B4NosrQLcYuX{ ztPb(*PPG$JorUc!*Z~dkDr=2Nu;cq0<}>+K-cx)+dpR+Qu@3+>?}*LF8;JxjKJ}0p z9^QrAnb~%k0Rd-@NYs+#1EZSw!Go85FsqQMd$9HbJIQYM=297zNiLXDD0Hg!NHN*| zDQdG)`a?=+k?+M4KU|u1sM4s%$Qi09TQa`7DOQ`%=3phpM<0G7S;#ZhgHayi%C=k& zMJnuAn=Eo^ndg<}pHjJBY2UW8{KbrlaSm%!d1{bK?SbEY(@RQ!I zBj>29v;$H145C6!1?{SeqcA;WsM{5~(uGDISm9lENh$LF7B-VKBxM@w{c|6&UzW(4 zf_XxMC?L_ZG_4s9#PsZM8!VdcN(yp-KSodpgX4~SfMU=To||4X*`SPV)k!)&{*F}? zsr^i!DEQ`G2k@`k>7SvOuBEtSg#74H_#fG7z~mqZ9ZU}8#yF&y3l zb!;&0T)e{%Yc32ipK#9FwS@6OK6fvei4cd1(dm7PFV-{MBvYH7mqF>6QF*n7PO{`B z1P_MrwM5j4x>dgyXv38r1mA3~+s?>2#6_iBhbmJwpQ#GZqGy%l$Y5w~oGyYQ#G9WV z;y##0SXDo>KiNt}uJL_c=V~D*_V-?SjWa2nh3u#%27)oQdl~)*{W(elg8}6C365Q> z#@-@aSGAXw9xd1wZI^73(mR7**q?X8`@lhMLIcY|FP8V^QL)t=mG#e1wzvHQUb=L} zhPQa99Iui_W5an$>$E~~fdRKHkK%&Z{nl<+$YlbKp7_me=pYA^yhpV5LNAK0jmy_a zEFK}MFDmYdU6Xy80$K@`Q$5`KhT}m%#hY6yWOr-b6$iE^so<1BT*!noY2n7Cyiqyp zV3mCB>OHNOvriPWs8zk0B1rE11<}t#4a#wp{d@T|`8a4$deL(Q4b!T|pK4kxybIU=N<+_S{Kx=>} za-8gz4FKYR_>3Y|AZG!poWmb&*vRudmgjoQk3SlyvL8tS8y{kfj5;8i|?_d!-Fp zGqwKh`XHF)MvZGbZ46nYgaCUNbMJChu=Gu#s)Bdpb{`FhCN@NL?fFKq?~QSDWhwd% z1_s9t)r3H6@v=pYG7qpD4JM|ei5e~DQ)PiORXnt*{0o%5@86=(;Nz)};rZd{7dd7> z>*B)f6(`5Plj9lhoiweIe9uh6n)`t@4#y}+hmAlS^DUPSUtp_P6NpR(>+>GH?vd-lnu zvR)(q)r@e>-qv_WMTQIZNh(SE#koqH;j|{hYQjwem1BFUD$Na8PI8bUUq{2|ecC@k zI!4>T?)=Pw1}#ir1y=I<`XyzG%QMRc!c^U0`d@C7pubjV!`9DJ$xW<>P`;D-Y2U6 zW^!18-qV&Zk8x%iJuBlr!p)uMK@nr`3y;#~Ewur_8;Kf#ELH#{ho8Xx5zq?k;lBUe zFFOT720bg^=GWw_GZDFda^=fk9cS8mE)_?iT^#lVl1u*yP`@UAH2H~7pAz6Ws?sbl zXW6=8TfQ^#+-T@iQg4LjRMIsD!@PDlT(bqKP)RZL(w^SbdiZqcYeiO*?D*#Ap43+! z;^krR%fhN(Uf>#9D)O2#(Pi&tDqv#-=_iMu@*L4CW?hS7?!QUPNEdr}79uW%Ha};K zPMfRoMGOjGF}3@-Ru{YR`RO52^2=Y(uuVX(6vk5Ggx1$}oAQ#;B~Ps!g=>ftnUCIv zVpY~cOca>k`J%vcLZplx=8~uyLB^^fN_$ODyESFR7fBEP3m&}2rWBsmJu2w6L zmW3k`?jWEe-i`tPE-y*@OfT+U==b6i|6MsuO0j-WLx%{ao=GBkI%Cteab7+gKqdoNH#Tj!Cr?D(-2aKA~epkFESF7&3|4iS#NHM zY}1U_i%l}F%T&)gC1^sdh~)|hB+H9QnF=Sb5tsFNEXTgq`6nkMxe%XGwH(IMNrsU6 zHGPuW_ImTL3Urb&J}Asf1w(e67cqSHH{C zX!6(xSa1?_??XS|2#M0t84ax1IR_m?-5;SG^GREd4>pWYmRG2IJp;q|$2nw#RiW94 z2-LG}K~Cp5gBOFL3@cFObezEWh8|3UtOwn&rJe$vk*8$jDvD8D1Hc__*1A~#CKI91 z$Ft+Xs3a;qa{sRm-_Mx2yE`rFDn(PuvJe!oxoO87hM2|bw)4c^pPy&r_R zR?{-5VbeHO(~LV0T1|3i;hS9oWo;!esCpS)zYugRRoo`VN|w;tRW5VpOf!zF0yo{7#+xNpP7T~t1B7?Ou^`Df#H}YoI=6Y)qx&y%f^S}@4iu7I(!}dA7X7v<^}8;7OwV$GpKR3+E?n& z3p4B1ql^XI6>;7?aXa-2b*PAWANFHjAiwbIn2D!9T9A5Xx02sZhxEl_kAE?qDl;7I&J@F8NXJ-Co04k!5EA01# zuASRgL;1wmC%lY%g1uoCGef(}AYqX{9cI;2U0N#nAA`+?z7n9Sj4yd~MPB~hY$Z~J z_x5>fLdi{Dn6{l?V9VX-T_pt{;>#4|;jB=+C^58&Zmf!-rqkfN zIa_y^cMPFVX@Xy0T;=WB{C&$tOySOjwArQ;5vO6JbouSv!j!3YzH>W=bu7)sMS5L98TG&I7fbMOe(eXaxt-|DQJhy~%Ozd*}XJIO=wZw9{xW1L~%?b#!tjJ>h zUDR82;X?H?E0El?S&y?U+*noDuE#!LsCS^ve5e<5lP6U|s$-ap>CNe#;|kY( zCBMo3NNU(O6(!@i%LlGXEX!TejBuoSe>&o*hj)=%BBt7SDkn(wLs!Gf_5y`tF%|U` za(mbZFjzjF%>BDoJ@)j$-S8QnnUKq7t)JL`^ygkt5<7KRE${v*wotiMuU>8`DP>>7 zv^GoY&CuqV8JwNPRm8pI8QtMT4&f`MDuHKva^dd6i&E!U1(T}o%9*UUeY?BXx(4>( zjSSQo>q^#q#!WZzzif$24Z6!HgF9O9TxdumOk}#M#(Ee%)!^xU9{>F16-KR%|F!@; zDzK!-Hq`t_mcCAdotIACaAfy;10Icz1jZ>Bl(f7Lr(+H}Jor1?m^8?l_v_Jg+Vbg9 zn54(ZvvD6%CCnK7^L`O1uHuYe;WZq);czmuEaH|OgAU>#{Qg~le>Nz<@Q9JU)Fnxd zmNi11{H~Kcaw4-}gYR(gY^WkKN0VaE(s8M0;E=-5EOk2N3_!w(Zu!+?9qI~hQpl(s z(JcwJHi>J60uKj~2G7w$y$CLu5F2)o;HmIu3||PuHSqP1ThVUhd_p*O!N5 zJlbEI_AVX6a6x?*_P=ghle6|0<{sw;x7a6-+X3A#l0)B0G@3>-YC1A`-#_`s&RJ~# zdak>QyOkhc^rFOcNbl*~uEC#L#p7FDW%lj^*M2=bqUbZ;6l5Ly2Aa|eM2o@&#VvO| zUWJa=1Z7WiEL}4}&au09oelOM4d5>St3Q^{7a#NEs{f1Gid|g}D*}Z~}tPEDv28`uND&lf~mq1QbejYDQ zvA6BVOU^bfsV8v`oQ4PwZY7TV03y{V3C_4UxJ}|nB8Nt}MpD5~wP#5tVmXEgk1MF@ z@de*>FX_Xki3s`X^}|`5Hs6~j3%r60pL+Fn8W4Ua>G`FSjr*kz_w+*sO+0zITh(5g zt7i6uoDjb!Jbg8uWhto_Z*?I&T_VCXAKKi#Z!0QS2NUUx_vJM6Mhc>ludTx7x#6vN zS0S|uIUfl_#x5p%H}9RN6vb{E@70xbO+5Zkda+=bzpzULL@3!=*{qD5<_mYk_xBIk zDv#+ACE2Nxi6U_`MpHWd>Z+DM)&eprl!IL9c^?_p%E8m?kisMKgxED~pi$=M%) ztmS_vZ?a9qIgHxjxtqV62Zj;tadD(Zm5h-e4xN{Oon1}WW1Je3QWz=6j762sUuO5u zDZ72mL}-KGIXt)vyvzi=kLn^=1P?+J)yZWTFe4k}jT;+9p&KV_lXIER8>8cjvz@=*DK}?omUH-kBD>k}#nY~&?)iNdClsc2S z2PrMyiN4uKvdWWdGveuwb*$8Zb43!~@7hQ+6(U%>povgop_Rk|$6T1&pXJ#m?MuKC+$ z1X5p4^-JHT6x)UHBRuQ+(WbFx9aEGPt zTc*Rf7Y5ysAlErZt|#4FvDtk3RjK~pb*e&?O3loH>Cp+{X!ZF>0j-~$%DIB8b@E996>SBY@VQ?c4=p^#(&n=JcOyAE4l3PBRAaeJOiH>A`u+yHB5LAflGjcsQ8L zWI$mnoolpAR`>_2*q1?nLI(zoEh4{2IsFBvpm#uJq}9mKr>Z+F2a;h|BCLc z3O>yci_Q*lZMoA^`ECEh5A^~Nz06yIK!l&1=sc0{w{D8xTnv2xQ?w52{fRdvo}&RX z{BrzGeF)9J8|ty~4JKej@V*YXLGGL4tWYL3*E$BiQ=V!IYI-!OC`1laPo@^#a^KCK zFcd{>e&xmYY~4H4Om}mA)$W3@aK9*x#xb|#i1fvcWb4L?=D2Hn$r+E;ra{jU1)hgD zH+|UGY-sP^k}n7RuyN;I3nKshJ8>BK{zkk@o3^#8PTtzk)KUAx}i zsrQ;1%PBPvY3Wqfn1`%9pfXLO^)+c`X^3f_!19!-n4;ihr3S)hnwf}9@|lf-D0s*N znki}u8Y(KD$WT$ibD)CAhtA*c=e)n(Z~s}>^*sAp&%V~a_S*Ne*1guEHRO&w1fIuo zclvaj6%!U}x^i>(>B;Mzai#yF0kFc;RVv!u6IBF#vc}+7x8rcGd+47g)vn+ktm^sB zHV2i*eEJgeQYcMraW4ceTt2m(Xw?6s!^*<+OtavJ3dWOjSr0fa2$;Z^5v%9> z_X;m6;w}^L=j^NZ3H96V)HLSd)OL3~^|9{HGlbX!()|=(KR@njd2vk-!B!{IV9&F($3J&alpWTUaDroCO{F2V?C^ne-RGUa3w? zs2O`i}Y*1fxuKiF#0b`@qhW3O86vTQM3YTAWp@6iYtD=g~C#aOz2hRhUx(f`Tj zMJVsZape(L2O=a3Hlxg+bdTZn%31?oq*o+%j_iA#^Hc^aiTu_S zA&{?!y;Rrfu<=q(ToUL2^9~1?3s)`Wy=&ZVCuo0b#X?hsoFI_fQ}0p7i|QkE2$V-} zfJ)=4c{{Xo#AdSHibxoztXvGi)UejPB#%+MV4F(h*s6Oo$3_VU=;y^{P^-t4xx-6e zwDx~(bkH7M{j@MlUU=!_%9()MehmtzvOFoY~mE>}iQ-x#Ux4bd+YD>sL$G& z3Vv~Gdj6@sRvAS5((9{N>|_#yF1za4=}yXEeB6rAJCY!yUkiBiWnTg@28cT3`Za#a z!^c=6x4Ugf73|*7J83nbO)uLwYL?IBbR-8FTw3Thk9$ygse6w>N!+4~apOA{3?7R3`C>nw_{~J<#7e zx)!*yzZ9WuGAyEg=_Rh4)Vkqtnn$>c*!5S9icFEuN5}+FU_ey* zZm{>D5|)?N{mQ;eeH8V$)98+-DMh~Sp?9r57Wn$u#$KTJ|D0sKXcbZYMVXsrE6gbk zmsq*t<+KYc(o3dS{BpSbtd0BW(s1IAM|DRMYgDVyV-8#4^YJ8L!xtfk$di>2H#VR8 z?yQH@5`nY6@9s_hjsrJ8_Lz6H)5aroqPh+|n>-t^-3#n!IlpfHuOg26kSE(6#*$k8 zQzX*7)5*-Y0i#eTrX}&74E^_R_ba`~6bh4pSS>}I+REjR9MyWpdu8U^I^c^sg2&?{ zSLa6$g*?_3EH0YEV`GgBTegh`g^wF2tMm*G4ju>^-xs?umaZCue17A6;g*^Q$=-*d z2u8l~Ug3L{Zi_7f;SLs)*|;Tl{CM!ME^dFjys8C7AUOA8{Hd?R>bH2r2h+|u8s=tIRBLj+kq6_E%RlTe(2bp6g zI@VC6ngzP4%MKpv?&4QeYZ2xM?K*S8*5p?`sC+0V*y`i4ta>qA}mxHg>|d&@B}gPUEZv!y91_QOXQ z3tA#+hsXL0K^p5I%Nu(-iYUfv&rluR`Kw?}j!qrzrY0VTFZa<^$nS4damv3Z!4|VY z-%jqzv+}F}I@}d|dBD2b2_vRBr+|(-YS54Qzl~ACoJdHiKn=#i9>EuAP&hHa5i9_M z3!J_82wrmh(!cQh^sZg`)}_7k)C-Zn32B2CfVh!zp`$t_xhe67Mru*MrTThHd2U#% zct+6;eZ6y=Dq`uCkaaQ4UPpIyS`06!1RSU3zw?LHX~dC^%%v!R3t_PZgJZgAq{8|& zb4nn+Vou)Lj?w3y&7ZRejBtjvdv1}5|D>Pxkr*1*x=H(88>%+mVs6_j{av|eLaGyB zs5w0z!Qq(}(9ixjv72LlA(x{+2LEx_$%4@@(s~XS>Ok9H$DIjtp4dOkL0Y$Acz*5P zVUF^p2ZGIkYOG6JA1xSE$-%(uP$8-fW5U&W)2oz`wD810gFUMQak*^ZK+KzfeiSmg ziqvQjXEZc-&k|ZPh|uQ*SG!6{@tialP8!2~eBCbD7=f60B$YZLGq$#B2O9Dy>tf5@ zaG`+RUVtg!K3BDdDIyJrpL6yP&=eU=s58Q|n&}4-i1MfhGLtSb(o&~HeR74-#LJ57 z^E4_BU!M|p&~$^&;Oae?B?~U$nE8v2n}U^Oe|V#f{>2bcd5w-6!=Yx?I99$hTFm-X zug*^Y^x2C!w(`*5moIKU`@_IF{ZlK!c4HWF^+7-;KQ&Dv)Kx4%Vx#L4{0)q7>~xc_ z@8YA#LT^5~&BQ}j(2d()ByKweCIj_x3p@q8J>Xl7IT|@)fN1FJCyj@0dxGrXB}-_^ zGp)BedB?yNwy*?82efR~@k?#YNt&^IiLB{%B$`yrH3ACuwQaP;wKU=BesUC2qdDq& zXGBN)tco9LN?Lo1Xbd$Fb}hhehB@kolh+whXKc}uwz>BFs)EC0X2M@K3|sfR zVED}Fd-(GuFx4_~^1n1AqnF^#Z8h%bP4F8|I?V&e_Hyi-&1iGE$v9mct^u|O0>v+x zci+z0z%HwGjpTiz05S?M(^ts%JQxgPc!|3fyEf~p9$j|4`^FifrkiQ>@3cq-xX~g9 zF`U*fqMQD6n>+G~o~2Fi4a#6^^Joy>8jGhsX%z&l%^!hj#xa2M=mq@4pFTh%i#$N9 ze_%Y_oxb-bD=juSi8b!JEfN|?;waJO8GN*lJ z*|+B41&3=gXF(PYjqu{A$D)Z`hY^hUkJSENPFSaLm0W8yS56*i0+*6-_VU{9+x*9E zCI!zKMF@dqfG2H}JpO68^)XT#6#3c&;$#6g+2baYYUB~NeAfp+$SKmk;!&516H_?T zWw*5rKS1u!glP<0mrde?=czH8(ca9d+evIyL&mvz$4c8v*Gp86e5qKOAsNk(w6$Y+ zo9UeJLjl9g`$j|QsU8;kMRYkk*y*G#=x49yVU?>IF^1-FZS}r$a}?cOJlyNx(J0pjM?^i)tz7nR0Dk>etkJeys+R*9k^P4;=RTHfnhA4Zl9|i v*=_%B#PRP!GXJl4yBPg%M~MHac9o;(h3?()etD9u6MhBc;#m6Y-N*k62t^Zn literal 0 HcmV?d00001 diff --git a/docs/roles/system_manager/manage_users.md b/docs/roles/system_manager/manage_users.md index e19f5da414..740085431f 100644 --- a/docs/roles/system_manager/manage_users.md +++ b/docs/roles/system_manager/manage_users.md @@ -292,6 +292,29 @@ there are a couple of possible causes. - File mounting configuration ``` +### {{nut_and_bolt}} Password reset failure + +When creating an account or resetting a password, the users get the following screen: + +```{image} administrator_guide/password_reset_failure.png +:alt: Password reset failure +:align: center +``` + +```{error} +**Problem**: the password could not be reset + +**Solution**: remove and re-add the password reset configuration on the DC1 + +- Log into the **SHM primary domain controller** (`DC1-SHM-`) VM using the login credentials {ref}`stored in Azure Key Vault ` +- Open a `Powershell` command window with elevated privileges +- Run `$aadConnector = Get-ADSyncConnector | ? {$_.Name -match "onmicrosoft.com - AAD"}` +- Run `Remove-ADSyncAADPasswordResetConfiguration -Connector $aadConnector.Name` +- Run `Set-ADSyncAADPasswordResetConfiguration -Connector $aadConnector.Name -Enable $true` +- Check the configuration is reset by running `Get-ADSyncAADPasswordResetConfiguration -Connector $aadConnector.Name` +- Ask the user to reset their password again +``` + ### {{cloud}} Unable to install from package mirrors If it is not possible to install packages from the package mirrors then this may be for one of the following reasons: From 459363e29831bf6b6b64670f5bf7be7d841ad746 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 29 Mar 2023 10:12:50 +0100 Subject: [PATCH 133/289] Change egress instructions link to be more direct --- docs/processes/data_egress.md | 1 + docs/roles/system_manager/manage_data.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/processes/data_egress.md b/docs/processes/data_egress.md index 7e007672d2..23668d5b8b 100644 --- a/docs/processes/data_egress.md +++ b/docs/processes/data_egress.md @@ -20,6 +20,7 @@ Each time you want to bring code or data out of the environment, you'll have to Once the outputs are classified, the classification team should let the {ref}`role_system_manager` know who will be performing the egress and how they want this to be done. +(process_data_egress_removal)= ## Bringing data out of the environment Talk to your {ref}`role_system_manager` to discuss possible methods of bringing data out of the environments. diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 8043b3ab85..bd696168aa 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -70,7 +70,7 @@ Software ingress must go through the same approval process as is the case for da ``` - Leave this portal window open and move to the next step -- The data provider should now be able to download data by following {ref}`these instructions ` +- The data provider should now be able to download data by following {ref}`these instructions ` ### The output volume From 4be9b56b510ba1ebe3a11a28e40cf1fbb1923407 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 29 Mar 2023 10:25:09 +0100 Subject: [PATCH 134/289] Clarify egress classification for system manager --- docs/processes/data_egress.md | 1 + docs/roles/system_manager/manage_data.md | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/processes/data_egress.md b/docs/processes/data_egress.md index 23668d5b8b..051cb7c08e 100644 --- a/docs/processes/data_egress.md +++ b/docs/processes/data_egress.md @@ -5,6 +5,7 @@ The outputs of the work being done in a Data Safe Haven are also stored in the SRE. There are technical and policy controls that must be satisfied before any data can be brought out of the Data Safe Haven. +(process_data_egress_classification)= ## Classification The first stage of egressing outputs is to classify them. diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index bd696168aa..5766957578 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -52,6 +52,18 @@ Software ingress must go through the same approval process as is the case for da ## Data egress +```{important} +Any data egress must be signed off by the {ref}`role_data_provider_representative`, {ref}`role_investigator` and {ref}`role_referee` (if applicable). +``` + +```{important} +Classification of output must be completed **before** and egress link is created. + +The classification process is explained {ref}`here ` +``` + +The {ref}`role_system_manager` creates a time-limited and IP restricted link to remove data from the environment, after the outputs have been classified and approved for release. + - In the Azure portal select `Subscriptions` then navigate to the subscription containing the relevant SHM - Search for the resource group: `RG_SHM__PERSISTENT_DATA`, then click through to the storage account called: `data` (where `` is a random string) - Click `Networking` under `Settings` to check the list of pre-approved IP addresses allowed under the `Firewall` header and check your own IP address to ensure you are connecting from one of these From 988aa951394985f5909e3448f23bf76e44689860 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 29 Mar 2023 10:27:49 +0100 Subject: [PATCH 135/289] Clarify whose IP address for egress --- docs/roles/system_manager/manage_data.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 5766957578..b818263855 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -66,7 +66,8 @@ The {ref}`role_system_manager` creates a time-limited and IP restricted link to - In the Azure portal select `Subscriptions` then navigate to the subscription containing the relevant SHM - Search for the resource group: `RG_SHM__PERSISTENT_DATA`, then click through to the storage account called: `data` (where `` is a random string) -- Click `Networking` under `Settings` to check the list of pre-approved IP addresses allowed under the `Firewall` header and check your own IP address to ensure you are connecting from one of these +- Click `Networking` under `Settings` to check the list of pre-approved IP addresses allowed under the `Firewall` header + - Ensure that the IP address of the person to receive the outputs is listed and enter it if not - Click `Containers` under `Data storage` - Click `egress` - Click `Shared access signature` under `Settings` and do the following: From ff37624c18286bab2f6c79cbfa129639e23aa260 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 29 Mar 2023 11:45:41 +0100 Subject: [PATCH 136/289] Add full stop --- docs/roles/system_manager/manage_data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index b818263855..07af07754b 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -59,7 +59,7 @@ Any data egress must be signed off by the {ref}`role_data_provider_representativ ```{important} Classification of output must be completed **before** and egress link is created. -The classification process is explained {ref}`here ` +The classification process is explained {ref}`here `. ``` The {ref}`role_system_manager` creates a time-limited and IP restricted link to remove data from the environment, after the outputs have been classified and approved for release. From 36c0949fa7d94224b5281d4f0d54dfcc1701658a Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 29 Mar 2023 11:47:21 +0100 Subject: [PATCH 137/289] Remove incorrect reference to data provider --- docs/roles/system_manager/manage_data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 07af07754b..5f6610323b 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -83,7 +83,7 @@ The {ref}`role_system_manager` creates a time-limited and IP restricted link to ``` - Leave this portal window open and move to the next step -- The data provider should now be able to download data by following {ref}`these instructions ` +- The appropriate person should now be able to download data by following {ref}`these instructions ` ### The output volume From 43d69158a0f37c308a7e943d1a8bd347cc6e49f3 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 29 Mar 2023 14:08:48 +0100 Subject: [PATCH 138/289] Fix Markdown linting errors --- docs/processes/data_egress.md | 2 ++ docs/roles/system_manager/manage_data.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/processes/data_egress.md b/docs/processes/data_egress.md index 051cb7c08e..c4a8f4b102 100644 --- a/docs/processes/data_egress.md +++ b/docs/processes/data_egress.md @@ -6,6 +6,7 @@ The outputs of the work being done in a Data Safe Haven are also stored in the S There are technical and policy controls that must be satisfied before any data can be brought out of the Data Safe Haven. (process_data_egress_classification)= + ## Classification The first stage of egressing outputs is to classify them. @@ -22,6 +23,7 @@ Each time you want to bring code or data out of the environment, you'll have to Once the outputs are classified, the classification team should let the {ref}`role_system_manager` know who will be performing the egress and how they want this to be done. (process_data_egress_removal)= + ## Bringing data out of the environment Talk to your {ref}`role_system_manager` to discuss possible methods of bringing data out of the environments. diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 5f6610323b..7c22f0e9b8 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -67,7 +67,7 @@ The {ref}`role_system_manager` creates a time-limited and IP restricted link to - In the Azure portal select `Subscriptions` then navigate to the subscription containing the relevant SHM - Search for the resource group: `RG_SHM__PERSISTENT_DATA`, then click through to the storage account called: `data` (where `` is a random string) - Click `Networking` under `Settings` to check the list of pre-approved IP addresses allowed under the `Firewall` header - - Ensure that the IP address of the person to receive the outputs is listed and enter it if not + - Ensure that the IP address of the person to receive the outputs is listed and enter it if not - Click `Containers` under `Data storage` - Click `egress` - Click `Shared access signature` under `Settings` and do the following: From 4607839bc9b70427cc95bfba8183dc4f95dfd93f Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 29 Mar 2023 14:10:22 +0100 Subject: [PATCH 139/289] md edits --- docs/processes/data_egress.md | 2 ++ docs/roles/system_manager/manage_data.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/processes/data_egress.md b/docs/processes/data_egress.md index 051cb7c08e..c4a8f4b102 100644 --- a/docs/processes/data_egress.md +++ b/docs/processes/data_egress.md @@ -6,6 +6,7 @@ The outputs of the work being done in a Data Safe Haven are also stored in the S There are technical and policy controls that must be satisfied before any data can be brought out of the Data Safe Haven. (process_data_egress_classification)= + ## Classification The first stage of egressing outputs is to classify them. @@ -22,6 +23,7 @@ Each time you want to bring code or data out of the environment, you'll have to Once the outputs are classified, the classification team should let the {ref}`role_system_manager` know who will be performing the egress and how they want this to be done. (process_data_egress_removal)= + ## Bringing data out of the environment Talk to your {ref}`role_system_manager` to discuss possible methods of bringing data out of the environments. diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 5f6610323b..7c22f0e9b8 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -67,7 +67,7 @@ The {ref}`role_system_manager` creates a time-limited and IP restricted link to - In the Azure portal select `Subscriptions` then navigate to the subscription containing the relevant SHM - Search for the resource group: `RG_SHM__PERSISTENT_DATA`, then click through to the storage account called: `data` (where `` is a random string) - Click `Networking` under `Settings` to check the list of pre-approved IP addresses allowed under the `Firewall` header - - Ensure that the IP address of the person to receive the outputs is listed and enter it if not + - Ensure that the IP address of the person to receive the outputs is listed and enter it if not - Click `Containers` under `Data storage` - Click `egress` - Click `Shared access signature` under `Settings` and do the following: From 55a4e8f3c5a8f0f25289f1f99c3aa77ca1a1f6db Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 29 Mar 2023 14:21:01 +0100 Subject: [PATCH 140/289] Ignore GitHub edit links in html-proofer These will 403 as a user needs to be logged into GitHub to edit files. --- .github/workflows/lint_code.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint_code.yaml b/.github/workflows/lint_code.yaml index e5646dc49e..e553a543bb 100644 --- a/.github/workflows/lint_code.yaml +++ b/.github/workflows/lint_code.yaml @@ -33,7 +33,7 @@ jobs: --enforce-https=true \ --ignore-files "/_static/" \ --ignore-status-codes "502,503" \ - --ignore-urls "/github.com\/alan-turing-institute\/data-classification-app/,/www.turing.ac.uk/" + --ignore-urls "/github.com\/alan-turing-institute\/data-classification-app/,/www.turing.ac.uk/,/data-safe-haven\/edit/" lint_json: runs-on: ubuntu-latest From a00a08a3b7102c5591cb434dc66c6790b32e94ef Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Wed, 29 Mar 2023 14:48:24 +0100 Subject: [PATCH 141/289] clarify who performs download --- docs/roles/system_manager/manage_data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 7c22f0e9b8..1e658d7489 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -74,7 +74,7 @@ The {ref}`role_system_manager` creates a time-limited and IP restricted link to - Under `Permissions`, check these boxes: - `Read` - `List` - - Set a time window in the `Start and expiry date/time` that gives you enough time to extract the data + - Set a time window in the `Start and expiry date/time` that gives enough time for the person who will perform the secure egress download to do so - Leave everything else as default click `Generate SAS token and URL` ```{image} administrator_guide/read_only_sas_token.png From b354b551cc8843858e2a5d1f4158a5b733c215ac Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 30 Mar 2023 11:18:35 +0100 Subject: [PATCH 142/289] typo --- docs/roles/system_manager/manage_data.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/roles/system_manager/manage_data.md b/docs/roles/system_manager/manage_data.md index 1e658d7489..e517821476 100644 --- a/docs/roles/system_manager/manage_data.md +++ b/docs/roles/system_manager/manage_data.md @@ -57,7 +57,7 @@ Any data egress must be signed off by the {ref}`role_data_provider_representativ ``` ```{important} -Classification of output must be completed **before** and egress link is created. +Classification of output must be completed **before** an egress link is created. The classification process is explained {ref}`here `. ``` From 6a457f6395ff580a658e4e7a8efc7935a7a58e16 Mon Sep 17 00:00:00 2001 From: JimMadge Date: Sat, 8 Apr 2023 00:15:55 +0000 Subject: [PATCH 143/289] Update SRD package versions --- .../packages/deb-azuredatastudio.version | 6 +++--- .../packages/deb-rstudio-bionic.version | 4 ++-- .../packages/deb-rstudio-jammy.version | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version index 6d6c00f6ed..7423718d38 100644 --- a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version +++ b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version @@ -1,4 +1,4 @@ -hash: 53321d293b9afd130eba59546e95a65ed3167019708455168f892df4cb07fa2a -version: 1.40.2 +hash: b714f23f3b8371351a2ae3bc709bba3aeb8628e4677d120a9a4ede82171a55c5 +version: 1.42.0 debfile: azuredatastudio-linux-|VERSION|.deb -remote: https://sqlopsbuilds.azureedge.net/stable/661384637db384fe5d4e6224069adbe708580b16/|DEBFILE| +remote: https://sqlopsbuilds.azureedge.net/stable/22f384e569bc90d8b3231cc8c8cff99ea16c5052/|DEBFILE| diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version b/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version index a70cb17fe1..5ec0f6ad20 100644 --- a/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version +++ b/deployment/secure_research_desktop/packages/deb-rstudio-bionic.version @@ -1,4 +1,4 @@ -hash: 23cae58f8ed1a7d7b96b266287a2fde67871b112339bbb95a203c6e672920083 -version: 2022.12.0-353 +hash: d71b670e3d0f5829d3cf107bba5d4da547ddcc010f62bccf758229891f1a16a4 +version: 2023.03.0-386 debfile: rstudio-|VERSION|-amd64.deb remote: https://download1.rstudio.org/electron/bionic/amd64/|DEBFILE| diff --git a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version index 70e6f4ffe8..c6c7b44f24 100644 --- a/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version +++ b/deployment/secure_research_desktop/packages/deb-rstudio-jammy.version @@ -1,4 +1,4 @@ -hash: 8bc3f84dd3ad701e43bc4fac0a5c24066c8e08a9345821cceb012514be242221 -version: 2022.12.0-353 +hash: 0a347709cd07eebd4ce0c635d87c87151e81254bbc390265a45a6c1ff438cb23 +version: 2023.03.0-386 debfile: rstudio-|VERSION|-amd64.deb remote: https://download1.rstudio.org/electron/jammy/amd64/|DEBFILE| From 58ea0afab77500295ee740d198b6af7bf5b37ab3 Mon Sep 17 00:00:00 2001 From: JimMadge Date: Wed, 12 Apr 2023 14:45:06 +0000 Subject: [PATCH 144/289] Update PyPI and CRAN allow lists --- .../package_lists/allowlist-full-python-pypi-tier3.list | 2 ++ .../package_lists/allowlist-full-r-cran-tier3.list | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list index 784aaa8184..8f609baa4c 100644 --- a/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list +++ b/environment_configs/package_lists/allowlist-full-python-pypi-tier3.list @@ -12,6 +12,7 @@ aiosignal aiosqlite alabaster altair +annotated-types annoy ansimarkup anyio @@ -445,6 +446,7 @@ pycosat pycparser pycurl pydantic +pydantic-core pydot pyerfa pyflakes diff --git a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list index 744c43aa16..52f65a2258 100644 --- a/environment_configs/package_lists/allowlist-full-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-full-r-cran-tier3.list @@ -95,6 +95,7 @@ deldir DEoptimR desc devtools +diagram DiagrammeR DiagrammeRsvg dials @@ -184,7 +185,6 @@ googlePolylines googlesheets4 googleVis gower -gpclib GPfit gplots gridBase From eee9a8cc98ad9d61f004b7d6dcb276765bcea8db Mon Sep 17 00:00:00 2001 From: JimMadge Date: Thu, 13 Apr 2023 07:59:23 +0000 Subject: [PATCH 145/289] Update SRD package versions --- .../packages/deb-azuredatastudio.version | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version index 7423718d38..98abb1119a 100644 --- a/deployment/secure_research_desktop/packages/deb-azuredatastudio.version +++ b/deployment/secure_research_desktop/packages/deb-azuredatastudio.version @@ -1,4 +1,4 @@ -hash: b714f23f3b8371351a2ae3bc709bba3aeb8628e4677d120a9a4ede82171a55c5 -version: 1.42.0 +hash: e1447ed4a2acc244ca678e29a416a614c38ea99df281578a0bc85ec52f98795a +version: 1.43.0 debfile: azuredatastudio-linux-|VERSION|.deb -remote: https://sqlopsbuilds.azureedge.net/stable/22f384e569bc90d8b3231cc8c8cff99ea16c5052/|DEBFILE| +remote: https://sqlopsbuilds.azureedge.net/stable/b790d700898b1095d83e62f0de14678a58222520/|DEBFILE| From 4d6c23fa9cfa763b2929885ba7b604872537b786 Mon Sep 17 00:00:00 2001 From: Ed Chalstrey Date: Thu, 13 Apr 2023 15:59:21 +0100 Subject: [PATCH 146/289] Add RPostgreSQL to t3 extra cran allowlist --- .../package_lists/allowlist-extra-r-cran-tier3.list | 1 + 1 file changed, 1 insertion(+) diff --git a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list index e2dc7471c2..6331ac796c 100644 --- a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list @@ -1 +1,2 @@ arrow +RPostgreSQL \ No newline at end of file From 8e03cbd0278a367d97ca12333f1090101a4695e8 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 13 Apr 2023 16:31:48 +0100 Subject: [PATCH 147/289] Revert "Add RPostgreSQL to t3 extra cran allowlist" --- .../package_lists/allowlist-extra-r-cran-tier3.list | 1 - 1 file changed, 1 deletion(-) diff --git a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list index 6331ac796c..e2dc7471c2 100644 --- a/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list +++ b/environment_configs/package_lists/allowlist-extra-r-cran-tier3.list @@ -1,2 +1 @@ arrow -RPostgreSQL \ No newline at end of file From 410f43afa69a8e45d10c7b1c7a4a4778216b1ae3 Mon Sep 17 00:00:00 2001 From: Matt Craddock <5796417+craddm@users.noreply.github.com> Date: Tue, 18 Apr 2023 16:46:35 +0000 Subject: [PATCH 148/289] allow upper case for cran pax, append _ to name --- .../cloud_init/resources/configure_nexus.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py index bb9bed8d3a..9a0344b358 100755 --- a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py +++ b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py @@ -588,15 +588,15 @@ def get_allowlists(pypi_package_file, cran_package_file): cran_allowlist = [] if pypi_package_file: - pypi_allowlist = get_allowlist(pypi_package_file) + pypi_allowlist = get_allowlist(pypi_package_file, False) if cran_package_file: - cran_allowlist = get_allowlist(cran_package_file) + cran_allowlist = get_allowlist(cran_package_file, True) return (pypi_allowlist, cran_allowlist) -def get_allowlist(allowlist_path): +def get_allowlist(allowlist_path, is_cran): """ Read list of allowed packages from a file @@ -609,12 +609,15 @@ def get_allowlist(allowlist_path): allowlist = [] with open(allowlist_path, "r") as allowlist_file: # Sanitise package names - # - convert to lower case + # - convert to lower case if the package is on PyPi. Leave alone on CRAN to prevent issues with case-sensitivity # - convert special characters to '-' # - remove any blank entries, which act as a wildcard that would allow any package special_characters = re.compile(r"[^0-9a-zA-Z]+") for package_name in allowlist_file.readlines(): - package_name = special_characters.sub("-", package_name.lower().strip()) + if is_cran: + package_name = special_characters.sub("-", package_name.strip()) + else: + package_name = special_characters.sub("-", package_name.lower().strip()) if package_name: allowlist.append(package_name) return allowlist @@ -725,7 +728,7 @@ def recreate_privileges(tier, nexus_api, pypi_allowlist=[], nexus_api, name=f"cran-{package}", description=f"allow access to {package} on CRAN", - expression=f'format == "r" and path=^"/src/contrib/{package}"', + expression=f'format == "r" and path=^"/src/contrib/{package}_"', repo_type=_NEXUS_REPOSITORIES["cran_proxy"]["repo_type"], repo=_NEXUS_REPOSITORIES["cran_proxy"]["name"] ) From 9c2139e4cab21808035342bd0a4b04c2f3c38ed0 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Wed, 19 Apr 2023 10:11:23 +0100 Subject: [PATCH 149/289] Add is_cran argument to docstring --- .../cloud_init/resources/configure_nexus.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py index 9a0344b358..f460162799 100755 --- a/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py +++ b/deployment/safe_haven_management_environment/cloud_init/resources/configure_nexus.py @@ -602,6 +602,7 @@ def get_allowlist(allowlist_path, is_cran): Args: allowlist_path: Path to the allowlist file + is_cran: True if the allowlist if for CRAN, False if it is for PyPI Returns: List of the package names specified in the file @@ -609,7 +610,7 @@ def get_allowlist(allowlist_path, is_cran): allowlist = [] with open(allowlist_path, "r") as allowlist_file: # Sanitise package names - # - convert to lower case if the package is on PyPi. Leave alone on CRAN to prevent issues with case-sensitivity + # - convert to lower case if the package is on PyPI. Leave alone on CRAN to prevent issues with case-sensitivity # - convert special characters to '-' # - remove any blank entries, which act as a wildcard that would allow any package special_characters = re.compile(r"[^0-9a-zA-Z]+") From 82d1f0dc81ff552d7bb5ae6e0e923f08fc5dae40 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 11:43:57 +0100 Subject: [PATCH 150/289] Add readthedocs configuration --- .readthedocs.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .readthedocs.yaml diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 0000000000..f215e317ea --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,20 @@ +# .readthedocs.yaml +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +version: 2 + +build: + os: ubuntu-22.04 + tools: + python: "3" + +sphinx: + configuration: docs/conf.py + +formats: + - pdf + +python: + install: + - requirements: docs/requirements.txt From 57e6f1020c01828f09a93287bd27c4166d324312 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 11:47:57 +0100 Subject: [PATCH 151/289] Move sphinx configuration and doc requirements --- docs/{build => }/conf.py | 0 docs/{build => }/requirements.txt | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename docs/{build => }/conf.py (100%) rename docs/{build => }/requirements.txt (100%) diff --git a/docs/build/conf.py b/docs/conf.py similarity index 100% rename from docs/build/conf.py rename to docs/conf.py diff --git a/docs/build/requirements.txt b/docs/requirements.txt similarity index 100% rename from docs/build/requirements.txt rename to docs/requirements.txt From 077db5d5afa7343d07232305c75574475e589151 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 11:53:56 +0100 Subject: [PATCH 152/289] Move static and template directories --- docs/{build => }/_static/favicon.ico | Bin docs/{build => }/_static/logo_turing_dark.png | Bin docs/{build => }/_static/logo_turing_light.png | Bin docs/{build => }/_static/overrides.css | 0 docs/{build => }/_static/toggle.js | 0 .../_templates/sidebar-section-navigation.html | 0 docs/{build => }/_templates/sidebar-versions.html | 0 docs/{build => }/_templates/sphinx-version.html | 0 8 files changed, 0 insertions(+), 0 deletions(-) rename docs/{build => }/_static/favicon.ico (100%) rename docs/{build => }/_static/logo_turing_dark.png (100%) rename docs/{build => }/_static/logo_turing_light.png (100%) rename docs/{build => }/_static/overrides.css (100%) rename docs/{build => }/_static/toggle.js (100%) rename docs/{build => }/_templates/sidebar-section-navigation.html (100%) rename docs/{build => }/_templates/sidebar-versions.html (100%) rename docs/{build => }/_templates/sphinx-version.html (100%) diff --git a/docs/build/_static/favicon.ico b/docs/_static/favicon.ico similarity index 100% rename from docs/build/_static/favicon.ico rename to docs/_static/favicon.ico diff --git a/docs/build/_static/logo_turing_dark.png b/docs/_static/logo_turing_dark.png similarity index 100% rename from docs/build/_static/logo_turing_dark.png rename to docs/_static/logo_turing_dark.png diff --git a/docs/build/_static/logo_turing_light.png b/docs/_static/logo_turing_light.png similarity index 100% rename from docs/build/_static/logo_turing_light.png rename to docs/_static/logo_turing_light.png diff --git a/docs/build/_static/overrides.css b/docs/_static/overrides.css similarity index 100% rename from docs/build/_static/overrides.css rename to docs/_static/overrides.css diff --git a/docs/build/_static/toggle.js b/docs/_static/toggle.js similarity index 100% rename from docs/build/_static/toggle.js rename to docs/_static/toggle.js diff --git a/docs/build/_templates/sidebar-section-navigation.html b/docs/_templates/sidebar-section-navigation.html similarity index 100% rename from docs/build/_templates/sidebar-section-navigation.html rename to docs/_templates/sidebar-section-navigation.html diff --git a/docs/build/_templates/sidebar-versions.html b/docs/_templates/sidebar-versions.html similarity index 100% rename from docs/build/_templates/sidebar-versions.html rename to docs/_templates/sidebar-versions.html diff --git a/docs/build/_templates/sphinx-version.html b/docs/_templates/sphinx-version.html similarity index 100% rename from docs/build/_templates/sphinx-version.html rename to docs/_templates/sphinx-version.html From 1e4855e809801b14d39e0fa200aca8303d866b33 Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 12:03:24 +0100 Subject: [PATCH 153/289] Remove rinoh --- docs/build/emoji_support.rts | 7 ------- docs/build/emoji_support.rtt | 5 ----- docs/conf.py | 25 ------------------------- docs/requirements.txt | 2 -- 4 files changed, 39 deletions(-) delete mode 100644 docs/build/emoji_support.rts delete mode 100644 docs/build/emoji_support.rtt diff --git a/docs/build/emoji_support.rts b/docs/build/emoji_support.rts deleted file mode 100644 index 739d5d729f..0000000000 --- a/docs/build/emoji_support.rts +++ /dev/null @@ -1,7 +0,0 @@ -[STYLESHEET] -name=Emoji Support -description=Small tweaks made to the Sphinx style sheet -base=sphinx - -[VARIABLES] -fallback_typeface=Symbola diff --git a/docs/build/emoji_support.rtt b/docs/build/emoji_support.rtt deleted file mode 100644 index 3c3e005513..0000000000 --- a/docs/build/emoji_support.rtt +++ /dev/null @@ -1,5 +0,0 @@ -[TEMPLATE_CONFIGURATION] -name = Emoji Support -template = article - -stylesheet = emoji_support.rts diff --git a/docs/conf.py b/docs/conf.py index 879ed237cf..d1d891775a 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -92,7 +92,6 @@ # ones. extensions = [ "myst_parser", - "rinoh.frontend.sphinx", ] # Add any paths that contain templates here, relative to this directory. @@ -170,27 +169,3 @@ emoji_code: emoji.emojize(f":{emoji_code}:", language="alias") for emoji_code in emoji_codes } - -# -- Options for Rinoh ------------------------------------------------------- - -# List of documents to convert to PDF -rinoh_documents = [ - dict( - doc="roles/researcher/user_guide_guacamole", - target="pdf/data_safe_haven_user_guide_guacamole", - title="Data Safe Haven User Guide\nApache Guacamole", - subtitle=pdf_version_string, - date=current_commit_date, - author=author, - template="emoji_support.rtt", - ), - dict( - doc="roles/researcher/user_guide_msrds", - target="pdf/data_safe_haven_user_guide_msrds", - title="Data Safe Haven User Guide\nMicrosoft Remote Desktop", - subtitle=pdf_version_string, - date=current_commit_date, - author=author, - template="emoji_support.rtt", - ), -] diff --git a/docs/requirements.txt b/docs/requirements.txt index a6f3275d8b..6611eb4227 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,6 +4,4 @@ Jinja2==3.1.2 myst-parser==0.18.1 Pygments==2.14.0 pydata-sphinx-theme==0.12.0 -rinohtype==0.5.4 -rinoh-typeface-symbola==0.1.1 Sphinx==5.3.0 From b3f1aa2a71d55500621fac1fdbef1b17630576dc Mon Sep 17 00:00:00 2001 From: Jim Madge Date: Thu, 27 Apr 2023 13:53:50 +0100 Subject: [PATCH 154/289] Remove build directory --- docs/build/build_all_supported_versions.py | 173 --------------------- docs/build/meta/index.empty.md | 3 - docs/build/meta/index.html | 10 -- docs/build/run_act_build.sh | 68 -------- 4 files changed, 254 deletions(-) delete mode 100755 docs/build/build_all_supported_versions.py delete mode 100644 docs/build/meta/index.empty.md delete mode 100644 docs/build/meta/index.html delete mode 100755 docs/build/run_act_build.sh diff --git a/docs/build/build_all_supported_versions.py b/docs/build/build_all_supported_versions.py deleted file mode 100755 index dd2e565db2..0000000000 --- a/docs/build/build_all_supported_versions.py +++ /dev/null @@ -1,173 +0,0 @@ -#! /usr/bin/env python3 -import argparse -import emoji -import git -import os -import pathlib -import shutil -import subprocess -import sys -import tempfile - -# Set git repository details -development_branch = "develop" -earliest_supported_release = "v4.0.0" - -# --- Parse arguments --- -parser = argparse.ArgumentParser( - prog="python build_docs_all.py", - description="Build documentation for all supported versions", -) -parser.add_argument( - "-o", "--output-dir", help="Directory to store built documentation", required=True -) -parser.add_argument( - "-s", - "--skip-pdfs", - action="store_true", - help="Skip building PDFs (use only for faster testing)", -) -args = parser.parse_args() -skip_pdfs = args.skip_pdfs - -# Create output directory -combined_output_dir = pathlib.Path(args.output_dir).resolve() -if combined_output_dir.exists(): - shutil.rmtree(combined_output_dir) -combined_output_dir.mkdir(parents=True, exist_ok=True) - -# Necessary directories -temp_dir = tempfile.TemporaryDirectory() -build_dir = pathlib.Path(__file__).parent.resolve() -docs_dir = build_dir.parent -build_output_dir = docs_dir / "_output" -config_backup_dir = pathlib.Path(temp_dir.name) / "build_config" - -# Get git repository details -repo = git.Repo(search_parent_directories=True) -repo_name = repo.remotes.origin.url.split(".git")[0].split("/")[-1] - -# Load all release since earliest_supported_release -releases = sorted((t.name for t in repo.tags), reverse=True) -supported_versions = ( - releases[: releases.index(earliest_supported_release) + 1] - + [development_branch] -) -default_version = supported_versions[0] # Latest stable release -current_version = ( - [tag.name for tag in repo.tags if tag.commit == repo.head.commit] - + [branch.name for branch in repo.branches if branch.commit == repo.head.commit] - + [repo.head.commit] -)[0] # Tag or branch name or commit ID if no name is available - -# --- Ensure local repo is clean -- -if repo.is_dirty(untracked_files=True): - print( - "Repo is not clean. Run 'git status' and ensure repo is clean before rerunning this script." - ) - exit(1) - -# --- Backup documentastion build configuration --- -# Backup Sphinx docs build configuration from current branch to ensure -# consistent style and navigation elements for docs across all versions -# NOTE: copytree() requires the destination directory does not exist -# This is why we target a subfolder of the TemporaryDirectory we create -# earlier as the config backup directory -print(f"Backing up build config to: '{config_backup_dir}'") -shutil.copytree(build_dir, config_backup_dir) - -# --- Build docs for all supported versions --- -print(f"Building docs for all supported versions: {supported_versions}") -print(f"Default version: {default_version}") - - -# Flag to bypass Jekyll processing since this is a static html site -open(combined_output_dir / ".nojekyll", "w+").close() - -# Build docs for each branch -for version in supported_versions: - print(f"{emoji.emojize(':hourglass:', language='alias')} Generating docs for version '{version}'...") - - try: - # Checkout repo at this version - repo.git.checkout(version) - - # Restore Sphinx docs build configuration from backup for consistent style, - # clearing any existing build configuration directory content first. - if os.path.exists(build_dir): - shutil.rmtree(build_dir) - shutil.copytree(config_backup_dir, build_dir) - - # Use the first of these files that exists as the index: - # - index.md - # - README.md - # - DSG-user-documentation.md - # - An empty index.md - target = docs_dir / "index.md" - if target.is_file(): - # Use existing index file. Nothing to do. - pass - elif (source := docs_dir / "README.md").is_file(): - # Use docs README - shutil.move(source, target) - elif (source := docs_dir / "DSG-user-documentation.md").is_file(): - # Use docs DSG user documentation - shutil.move(source, target) - else: - # Use empty index file - shutil.copy(build_dir / "meta" / "index.empty.md", target) - - # Clean the output directory - subprocess.run( - ["make", "clean"], - cwd=docs_dir, - check=True, - ) - # Build docs for this version - build_commands = ["make", "html"] - if not skip_pdfs: - build_commands.append("pdf") - subprocess.run( - build_commands, - cwd=docs_dir, - check=True, - ) - # Store docs in the output directory - shutil.copytree(build_output_dir, combined_output_dir / version) - shutil.rmtree(build_output_dir) - - except subprocess.CalledProcessError: - print(f"Error encountered during build for version '{version}'") - raise - else: - print(f"{emoji.emojize(':sparkles:', language='alias')} Successfully built docs for version '{version}'") - finally: - # Revert any changes made to current branch - print(f"Reverting changes made to '{version}'") - repo.git.reset("--hard", "HEAD") - repo.git.clean("-fd") - -# Write top-level index file to redirect to default version of docs -with open(os.path.join(docs_dir, "build", "meta", "index.html"), "r") as file: - filedata = file.read() -filedata = filedata.replace("{{latest_stable}}", default_version) -with open(os.path.join(combined_output_dir, "index.html"), "w+") as file: - file.write(filedata) - -# -- Restore original branch and copy docs to specified output directory -- -print(f"Documentation builds complete for all versions: {supported_versions}") -# Checkout original branch -print(f"Restoring original '{current_version}' branch.") -repo.git.checkout(current_version) -temp_dir.cleanup() - -# Check that all versions have built -n_failures = 0 -for version in supported_versions: - if (combined_output_dir / version / "index.html").is_file(): - print(f"{emoji.emojize(':white_check_mark:', language='alias')} {version} documentation built successfully") - else: - print(f"{emoji.emojize(':x:', language='alias')} {version} documentation failed to build!") - n_failures += 1 - if n_failures: - sys.exit(1) diff --git a/docs/build/meta/index.empty.md b/docs/build/meta/index.empty.md deleted file mode 100644 index 989cf73460..0000000000 --- a/docs/build/meta/index.empty.md +++ /dev/null @@ -1,3 +0,0 @@ -# Safe Haven Documentation - -This release does not have any documentation diff --git a/docs/build/meta/index.html b/docs/build/meta/index.html deleted file mode 100644 index e8db9ab780..0000000000 --- a/docs/build/meta/index.html +++ /dev/null @@ -1,10 +0,0 @@ - - - - Data Safe Haven Documentation - - - -