From adc4eb70ec586e2d75ce26a2214fded52cac2cf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Wed, 22 Apr 2026 14:36:53 +0200 Subject: [PATCH 1/5] Better packages --- .github/workflows/release.yml | 68 ++++++++++++++---- Cargo.lock | 46 ++++++------ after-install.sh | 3 - docs/header.png | Bin 24820 -> 15314 bytes .../defguard-gateway | 0 .../defguard-gateway.service | 2 +- linux/postinst | 22 ++++++ linux/postrm | 6 ++ linux/preinst | 4 ++ linux/prerm | 8 +++ 10 files changed, 123 insertions(+), 36 deletions(-) delete mode 100755 after-install.sh rename defguard-gateway.service.freebsd => freebsd/defguard-gateway (100%) rename defguard-gateway.service => linux/defguard-gateway.service (91%) create mode 100755 linux/postinst create mode 100644 linux/postrm create mode 100755 linux/preinst create mode 100644 linux/prerm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 47334544..1fab390e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -122,57 +122,101 @@ jobs: with: fpm_args: "defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-gateway - defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service + linux/defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service example-config.toml=/etc/defguard/gateway.toml.sample" - fpm_opts: "--architecture amd64 --output-type deb --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb --after-install after-install.sh" + fpm_opts: + "--architecture amd64 + --output-type deb + --version ${{ env.VERSION }} + --package defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb + --before-install linux/preinst + --after-install linux/postinst + --before-remove linux/prerm + --after-remove linux/postrm" - name: Build aarch64 DEB package uses: defGuard/fpm-action@main with: fpm_args: "defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-gateway - defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service + linux/defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service example-config.toml=/etc/defguard/gateway.toml.sample" - fpm_opts: "--architecture arm64 --output-type deb --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb --after-install after-install.sh" + fpm_opts: + "--architecture arm64 + --output-type deb + --version ${{ env.VERSION }} + --package defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb + --before-install linux/preinst + --after-install linux/postinst + --before-remove linux/prerm + --after-remove linux/postrm" - name: Build x86_64 RPM package uses: defGuard/fpm-action@main with: fpm_args: "defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-gateway - defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service + linux/defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service example-config.toml=/etc/defguard/gateway.toml.sample" - fpm_opts: "--architecture amd64 --output-type rpm --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm --after-install after-install.sh" + fpm_opts: + "--architecture amd64 + --output-type rpm + --version ${{ env.VERSION }} + --package defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm + --before-install linux/preinst + --after-install linux/postinst + --before-remove linux/prerm + --after-remove linux/postrm" - name: Build aarch64 RPM package uses: defGuard/fpm-action@main with: fpm_args: "defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-gateway - defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service + linux/defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service example-config.toml=/etc/defguard/gateway.toml.sample" - fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm --after-install after-install.sh" + fpm_opts: + "--architecture arm64 + --output-type rpm + --version ${{ env.VERSION }} + --package defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm + --before-install linux/preinst + --after-install linux/postinst + --before-remove linux/prerm + --after-remove linux/postrm" - name: Build FreeBSD package uses: defGuard/fpm-action@main with: fpm_args: "defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard-gateway - defguard-gateway.service.freebsd=/usr/local/etc/rc.d/defguard-gateway + freebsd/defguard-gateway=/usr/local/etc/rc.d/defguard-gateway example-config.toml=/etc/defguard/gateway.toml.sample" - fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' --depends openssl" + fpm_opts: + "--architecture amd64 + --output-type freebsd + --version ${{ env.VERSION }} + --package defguard-gateway-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg + --freebsd-osversion '*' + --depends openssl" - name: Build OPNsense package uses: defGuard/fpm-action@main with: fpm_args: "defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard-gateway - defguard-gateway.service.freebsd=/usr/local/etc/rc.d/defguard-gateway + freebsd/defguard-gateway=/usr/local/etc/rc.d/defguard-gateway example-config.toml=/etc/defguard/gateway.toml.sample defguard-rc.conf=/etc/rc.conf.d/defguard_gateway opnsense/src/etc/=/usr/local/etc/ opnsense/src/opnsense/=/usr/local/opnsense/" - fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}_x86_64-unknown-opnsense.pkg --freebsd-osversion '*' --depends openssl" + fpm_opts: + "--architecture amd64 + --output-type freebsd + --version ${{ env.VERSION }} + --package defguard-gateway-${{ env.VERSION }}_x86_64-unknown-opnsense.pkg + --freebsd-osversion '*' + --depends openssl" - name: Upload Linux x86_64 archive uses: shogo82148/actions-upload-release-asset@v1 diff --git a/Cargo.lock b/Cargo.lock index 12718643..cf2bf454 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -421,9 +421,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.6.0" +version = "4.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b193af5b67834b676abd72466a96c1024e6a6ad978a1f484bd90b85c94041351" +checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51" dependencies = [ "clap_builder", "clap_derive", @@ -443,9 +443,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.6.0" +version = "4.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1110bd8a634a1ab8cb04345d8d878267d57c3cf1b38d91b71af6686408bbca6a" +checksum = "f2ce8604710f6733aa641a2b3731eaa1e8b3d9973d5e3565da11800813f997a9" dependencies = [ "heck", "proc-macro2", @@ -2100,9 +2100,9 @@ checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49" [[package]] name = "portable-atomic-util" -version = "0.2.6" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "091397be61a01d4be58e7841595bd4bfedb15f1cd54977d79b8271e94ed799a3" +checksum = "c2a106d1259c23fac8e543272398ae0e3c0b8d33c88ed73d0cc71b0f1d902618" dependencies = [ "portable-atomic", ] @@ -2385,9 +2385,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.12" +version = "0.103.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06" +checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e" dependencies = [ "ring", "rustls-pki-types", @@ -2794,9 +2794,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.52.0" +version = "1.52.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a91135f59b1cbf38c91e73cf3386fca9bb77915c45ce2771460c9d92f0f3d776" +checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6" dependencies = [ "bytes", "libc", @@ -2878,7 +2878,7 @@ dependencies = [ "serde_spanned", "toml_datetime 1.1.1+spec-1.1.0", "toml_parser", - "winnow 1.0.1", + "winnow 1.0.2", ] [[package]] @@ -2905,7 +2905,7 @@ version = "1.1.2+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526" dependencies = [ - "winnow 1.0.1", + "winnow 1.0.2", ] [[package]] @@ -3086,9 +3086,9 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "typenum" -version = "1.19.0" +version = "1.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" [[package]] name = "unicase" @@ -3354,11 +3354,11 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasip2" -version = "1.0.2+wasi-0.2.9" +version = "1.0.3+wasi-0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" dependencies = [ - "wit-bindgen", + "wit-bindgen 0.57.1", ] [[package]] @@ -3367,7 +3367,7 @@ version = "0.4.0+wasi-0.3.0-rc-2026-01-06" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" dependencies = [ - "wit-bindgen", + "wit-bindgen 0.51.0", ] [[package]] @@ -3676,9 +3676,9 @@ dependencies = [ [[package]] name = "winnow" -version = "1.0.1" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09dac053f1cd375980747450bfc7250c264eaae0583872e845c0c7cd578872b5" +checksum = "2ee1708bef14716a11bae175f579062d4554d95be2c6829f518df847b7b3fdd0" [[package]] name = "wireguard-nt" @@ -3705,6 +3705,12 @@ dependencies = [ "wit-bindgen-rust-macro", ] +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + [[package]] name = "wit-bindgen-core" version = "0.51.0" diff --git a/after-install.sh b/after-install.sh deleted file mode 100755 index 6524c7d8..00000000 --- a/after-install.sh +++ /dev/null @@ -1,3 +0,0 @@ -if systemctl is-enabled defguard-gateway --quiet; then - systemctl restart defguard-gateway -fi diff --git a/docs/header.png b/docs/header.png index 3a02a4d5826bd813edede36f83bad4e80d2f6ed7..8876998d829d7147532c400162d4590ad998bf97 100644 GIT binary patch literal 15314 zcmaib1yozzmv3-)DPCNHySrNn5Q@7?TclWVE#Bhp1cJM}7k4jEytoy&N5B8Pk@eop ztgPhjefDqb+2`Ek=H777J9!LL5>x;HfT5@$qX7WG3jhEx0A$$LktK8W&esEqqk^sr z0Dy+~_YDI`%OH9kgmKZ3mjYCblkLAU@Ya&5k^n&UH?&7n1OPzTT2V$4?6G{bzzGB3 zK<=utO~pPkL840O?N&MZr9k`Vu=!PKgbd~NGym0*3HW~|qF%%M2lKxW{^~FQz+cRN zLvR59P4vGI0J+yB{$l=(cuYve$%O*|h!SO6ysS!;A_mt|De7@#Bn93u08q|w{oxe= zxY#IFC@BDcc>Hc!N;&{a7`zJXVTEC-y`8+By}eH6)01Pd#n{#E7tuEZMCMVP13FN$ zSdgvo$?53_43`W8W8(=c?v?JpB0?Y`aDWU4CxG5g_#dcLzf?aF8o|G`{t_(UR|7=m zxz2)ZZEX?}GQlAc)u6v4QPm(p5o`)$W8)9N+JJ2Z_IFZIQIQWSL7(8M zNlSbWzA{TMz1iCN^|e*5*Y@^4$e@0Q>E3lS`q{3vW3gbT1=^C*okSWejR8^&^MFC_J|MMoe(qEcce^xE=;iKy(+c}pDYRSqE(ON{(%!x>@qXA9#y}17B&+lDdfSe^wFH@&q${VWAOU+q zXRbuk6!(txrxKFM9MvXHE(Ha}?T#HuwbQ~ z_3kPV&Ukgmuq+Az9~Fi#pJdBV{U-b->@MP`rb)Kgz8C?2uf{QuSbpo*(BYv>^hb~C zw>lq^o#^C#sr-Ut1<*xKk3l zg5XP!H^yfXZG>PDF#)TX2~QL#y==G>hv-=` zbP%(EdbsJ~Xh?zD3~cp1;PJt`PbU!FLYN;PDLMd@%m3O@uP=?(cfC*VS;2qMMuOK? z8cbo^s}pVb(<1W&!?0r_6{M_*LU85YF=??aIZGcz!GKqDpY}3P%$SLl6yM|j}nwpf$ELcG$9Z+ZB|N_ zXuD42Q-d4D!Q=#Ry1FStD6dpWf9jBgHsGa3Ao~PF$DnE`xg+`hczwpT5EXYAhBtC~ z0SSVNWSGMRCu(rAKc}XqI#WgSg8Ku%9<-4oiJ(x5S*BX52i1XQgo8Gwn{<2__{q(+ zlseO2yfECqE~zQy=FP$OMb-)glf;`aVi`ZuiOv`cpHI z378DEqYw}YvVZdBLwtKb5_?bRENEJlrgZUTj}H@#7x_m#sR3g>2*zgxPDhNLJ@{Chu>K{nTINzW#8c6uZ z$_V(0RP`C`@5*1=8ArEcQ4$zRR>4Kh6tPv5AJP}8-PNRsvRI7;&{gLS)*;rGU@BAf zRqZ^|g@TTABJZcALR>(e{=_DHl{m+v6r~#cUTLyu1RL=M34Da#t>o>iUw1vh54k-| zd)CHXM7M)^GtTZQG3-4NS;a*>&rz$D&s;t-zc*5x5fC;gZs4V4Ro9^GAF!Wl!zP3B z*D8yI8407*EeU~u{ymk@5@J^`txu+jFy6DA4rBT^zoD*#fI2;c!l_ zksiNy6Ai|-wD2Rd&rZ;=%}(2pY6Y?6*jSy#agP5+C5XXyFOV&r2?1jLd2dAJA8X%6 zM}n<**nToBZ?Fi)wve$d-jCagEdIb~_nx_HSXWw&T5lp*eoElW`2bc%mLhesQY`0VqgN_HXigR1i2Zz;MV;dTVNBDw-JPzc~yw%0uT3-cLhoI&#{i>V{WumLA@J$5&Ogz#yJs0(>8usw< zA!tpz?IzBB>hEkdl=~sv>tDTH;X& z^itNtQs22N8me4#fiAZJda`4p7im?D^hF~~6@kC2s_qJ~ieK(V)|$x$ooUo(x$iiA zqmb+sgelQ}bq!+))({((l7b=kP#j`e=N~SedNhQnKYD1eD8e1_rSyDcs(>`iLBmYg zsX5fpN3)!`F}SCSd*`TW^9y*a)&&lI01bv0ce|;JAG|8Q1VWsWF*+$$4ze_8gDJJU zj@Td7HP&a;ijV-j>3DfuI>^`4#PYcIi6S1VhN#_CsCuPc;KDdxe(7&U&^=*v0rRG)RGO3;3JE{4p(QAxAXQAP`gpQj_V{Au-(#h zg+YCJqD4fZ)RZ{Z?s5X7mo4oYE{PEJeHie^xfMnQgah`a0~KFuiqd;16Bpzv2ASZ! z`E)X>Nmgdgbub|rVw~2oB?MBmbA%$w<$rNR2Kr11nsK87@32#q;5Wx?kWR_T;{7q! zJrN+^8~<#cv1@i;blw`G1AlGxIQY!_Es8aM{q45Oe!E1ty{#`%wA{_&tJrq;kuhr> z2E;VdHO%^_<>%et>?8ur_sV)AE3;HVC^`w+VpM zgM+p*YkQ2=vJm2~xT@`2@W;JS064~P=qTv#%)#cwVK8v;$4d$w6Sq+Pp5#yZ%;}3f zIQUCly!yom3#{V;+As*P25?JMA_1AECfH}AQ3eZh1s(iR{Y8xsW?n=;5^u@BW%qnA z_Dz-XShNC}Cevy24!%E+YX0n#vfhGK@Uv3!5wczK(7m2Ps}!o4*>aw0Xuj8R6&VXB zcGsqL@pG zxeyZ3Btk;nIBtc1s$j(^i^-JGF;FBYONLl8r|xlY<8{f550oDK^yYM0oc;sifmeQXK}352$y~MDb z3z3|j@*o=98vfB(>&3YsZS)w)-m$R+eH&q&e*-S&6Cy|7OkLYp%i)>?fK7fwsKJ}s{;0;v z6S&~eP1$d6jT!TMd?e^FI9S_#dk+S|w*)~b%?YBTYT^E?lqp(#+5VmjdTE9dQJCa_l_j(>tT-QM zOOE@i^@hFy$%mtBO3f1NDpWGmWl^^|8h)u7bf9gIAQ(L#@u(gT44=qApaOF88VTM> z_eXUX0(i7Vdtd^+zyHCnY)}Sy&YIp2`VYsPpaY$*c5`~t)k>Bcj6T}Eoj+bh=$dG$5D|#Pch!%1Y(vaafCi`+3ERY#yWTD znGFRe0r!hU4F{px$GWym2He*utY>ZQt>9PuO3Sl0-vm`UHkKQUU(bDk2M|Pjh&#%h z7H4bQ^VxO*!3Z<3lv%$jX!_TSca%pNB?l@Ei@^{qdZiW{m_*gjcZrcAQPH0)$T9=h z**{VEAwwNSI0e3)m*n6!K7aef9Gb?sak{8PCJRT2XJYR0tElmY#Tuq`dwFT-<{*)q z93Py>EP=r1j{*!Fz6?}ybM1XsRWd0mpkviQ0SoNy{)7zVBw;Q#!~pJ>&Afa`F#^FX z_-WJ)?Sy*gnP39joEX1Zu;PzHM-$gh1JT|Nk?$GGd4~mFF@j8C(K#F9x$|ix?8^@& zEPZM7c{4`(IZ5|K#o@!!`8mZlddqN?h%vS1eqIsz0>#pzK#2|Ai#0C;z#&jqB2Xws_CYJY?a3K+4Ax~GG78JZ*qqTWvW&x^(iLeIJk z#!-_$R(K28C>hu;VZB=tBoDh!Or0%)C5S2Sdq5N%h1(dQQ5Uc^{p~%1qG@yFt*N%0q?6+{x zuF)BbG>aw`5v0V={6j>B$uM>&urIjOInsL%*r0QYL~8&+%ww;Z+4!$Q%i}=QpWdTi zHTQBfDn5v6DXAe8rmXC>9JWN}-@4rB`kj=;y{kz`r28n$^yx?hkf=T}f#lKj)neo< zM)>15bRe8}h|OxWOI6C?UJxYR=+R22g%TN>GLmIIgD%)0KsNHT+~jAk%oES-qg0{_ zHhgv5rLaHhCxE{F-+AQ@M9oeL;>JP;UV@?=xqVQ~P9=(57_}d{pjAP<+1@)JGksd0 z-4swqg^>u>B75qkK&k$yqcE5CP8=~=a!)YO?Ok(cJk2vfsN*-8W-cn za5XFf!2C`q4g0D4k6I>takQ`Emxd`CeB(`9(-=iqV606={Y6|qCg@o>``?Dp00nsc zUNO7^0B6xneg#|^{ATmy*n&s;x<7NJ$sqQXlPKL(76FmAY5*QQO)900X@w7_&zWwo z@MgJAT+q8)Vk-Hx41V&31zuHTxE-?J-`?7kd!YhX14i~Y=0Cw7TpwwoIKSv|z7MBtQ78DSOP9^mK8y|CHArp%^rdXPEENt{ z({yai@H0ET9qIr2wtxyf3-T8HJk#R!XX-x87P*QE?W3eB!j=-334vaCpqdK~)G-+D zZ(eqw4PmDx_NB9Gz4fsf1$5xKf`>E$J2p3z!w|fuTon{d20-@qjjZQN99jhP|?OF8stAf3joj*~FDJ z8-t!4x1xU(yr`;Jp3HB2dB6?)6|$$lP2>DDG$2@ouGTyFDG1fzeYxK{fPls7BDJMu zK9HR#JF8UaP5i@NmNO8swf4-xIng>b;ft~$uAomJ2sM(`SikUFSmxC=KGpmo&6NnU z49SAIBwZ)|>jqbZNH9+Z=JHBD5kAJ)4L}v=QtIA@pNKqzFj zGw;9O1p}4nG|on>+8{zS@;H1`>dOaDU_>p9BX&EiIwnpL%uo^PCcNgplQKvK=A*ta z9p)WsH_cumr*ufYHF{)is#=XUe;@uMwuJ&b4e5i}2ST13Dtf-1>eFl920@L%D$jvl zTA56i@6|Vmh{Q)!(~s9%o64n29E48t5zC}_YnARDL5c(L1d=<^5+T}`wTqc3ZDLy* zevLRW_i3Y%1!{W;o1U|k7#abV+4#Atl9{^$xSyg=)dLQNM@SO&Abu%k9&!k4S!79c zrO53p#6Ad#f>0UDiTd|Gx`4!dy7{kAnU>SJ3VwZj6K;Ow9YjuJ22D4XGGvQl+rWA_`x70LR^H` z^x7p}zZ!X_6+}DEre=wOVERP@~pL?90uf#zrXgmi(Z z`?)#mNzb^-xON8U;TY)5J%71m1iwYURpx`=gGDtpsW=-HjR#NQVVp zBJ9XWSb;VyOo5+afx3VI6atB2qKKjsftNW|IH*69P}P`Z$T6Pet$^fC;CZA3f%Y*;Vb*u17duuR9GU1$O0x8f0K# z1THv1LkXn*vLL=D{i52)J^>4DE2xo2`}Nh_r>wrr%P=q^Cl8(gl7I`IUEi&(eJRTB z+Wob2iUQP?30&`5GWJ1x-6PZkBQ%syfT%J>G`H8#8PlNpd9Og!O0jd^*!P0}A-AJZ zFz&pkQ5W9K$?kdFE52F2uRo;@{yjWY)$w`;_`kt;HPy@u!3@1#(POd#r);lE(5Vmg zIumR+`XBRypLV<2f_Lf*{}Vna(*%3_Mpn|2!Z%rK(hLC)Y~(fcy1i%x^Otkt3?hm| zIapx+&0q~I$desUAc+qk&_y_LE-wE(&nzj+1WC{cjEIm!(zbJ#q?7>(8Y09;DoG4J zQLTMuhQ3b3-vZsN1c3Hv7%%f(u|NR@w)Q{#zbXH%-M{!(m46&ELH^eKAEke0 z=wC7Z%gFx+{5iIRMce_{Sx0;QznADJuo zet>$TZ8S!$wZ*&gszDTWtN=>v|+RdasfI z2>_4`x%*u~A;)#+_~K5RbnDVSbuxQ@ZqdjECVTyZg<#hte=0_$#*o}%PxfQ@Ugd!( z9qeCw^J^948HjNVZ)-XC4f=CYXIybVirp`l+|*&h`scvTtQd>M95OChQbPp5xnP-a zMf7Sbx$KXwlofzivG)8;qKu59yEcA=Vu2!hD|2rO$(!usxn7<`D%hyazYsbZWa2BI z9r6-yeW7#Nc&S(wGgeo-CkK_Z;VP}eQY-*65cCnvd-f*L9l9AwuX%%A$V;fJ?eiL3 zfFf^phnkOZi0MEsYDlA|8SC*+;bFG0gu_C-ziQW4OvR_A9xRLL^>73aT^nCI0Xg6_yfO_1(v~KYeFC`Q4_tRut{&V!_>!p&Rkx*V6i{UkkU6%{;Z; z-h!|7Lzo&~-5savCjxKy=BUMr z_+$Ob_t*@fs_I*97v?@P==}BpznjyZ`-&S%TzAPbj=BOOOV1pTR zPYw&pYxLXo!?h&~=if6iEC?LzsD!|R+#k@94=y?nT( zA%+O76y3;A3`MxuRCXHlSw(lghWDkdtn9FZUJ%Ur7`p`#&|u3XU$5~M-sQvod5R(fy@UE*1!410|`qvr83Cn)OYM8N- zI@NAC3<6YhxV>L3NQ>2}VtTV9Do1KdC@Uyw!0eBEzo+H#^}&FfH_&QRCWzNEmw7ylG4hk&xX*K@7}{IRiPIx3p5;JAcX|@P z^)@{T$qP*-!=P0&H8)91)c)Q3i*X}wwvQ(RdJRB{6Ud&1b#zfe&DlA}#ZYsyu{Ont zk;mi7=(;hR=z|7lnhvtn#CEaT9oUa^{^9+b&$f>U3Dn|{0&zmi#q-{}#K^0_VQ}-8 zW2^Rlqtlu}+=henla*h6Bzf{*fv!rrOWs=KwYR(SkGoSZ0-o%N2kZmi#r42j>^YQo zOmyL4)613wl8}<;D)$QUF9fb+>+Wk!^_H#eY&-azd;HjlxY3XHx2C##Yv1yQ#yk3ySH|#qEPd*pTEDh~n zW{k4O7aogwjf-%1uH3k%5|at-j9Z^;?wz!|pVMix>eeSowB{W}vNe|wTLlIMwN&f*NY@QD8eEof?1~rFUoh1?0vy??c#)YV%RX^pP=E@VZRtdhXaClC_NtzZAM2y|z z*Dor1r{HgK1P74rRN}4+W>3*Vm}>m(K?X@-e9|~o(qz)B*MfiQ;rMG5k%J;Bs57Ox zLKs_YgT0GYBNn=oaJKhI{$TjsdpL8#G#tncE}8w*vKjo9h7odTm52(CzxLoC)f z+KC&b-NMxX;1sGYJPY`*=5u++Gd@|c9G1R?(oCPV;V`T_cc$~ z(n9BgU=^>bPuDfH=Ae$6H_yh5yj=~xo%4#Zc(bLF&3M6710tft$(ps;Q@CK2_~RU% zayn3qk?O3aDshvztsCqUCf#}`LqyRRNTMPb+6N&qg#pg}$VuP`?fGVh4$;st{Q-?u z!#NOD;ynMpHCM(pO-CvDNn_(-lIm<`*sN1UgS49{p~Qd59VMx*@-t=3&aB_h zkba`3-=)@yiF27Z(ZAZ<7%6ttm3}ji!t`B-e76??_7NAMP9c(xwqX{%_tP5AIge}@ zUw1OuC{(1alR&Jz4C*{0SyKR&&3Ol={~*0o;$`_3$i_<8`%ykIE-VJuO3=J60$6xv4Bhf(F5EWdtxAumv{AM*kYV5wR2M>+#ZMZ%?zn;H2*oS5_=`Giy=2(5yKa zH5D?PC})ahqAKR%1E(ddvIG!^o)dO@CrqbHMPlbsE-Tde(C7+0Yh+d0U1{6)^vhf3 z`W?-)Cs^*6KK8gt*4{GW&w3%P^>Mz~Vq8+_NT|rlv$kUjyo zu3WnLKv1CkjWc?J4**g>8dHK__L@u>5&8sQTgdUscnpmI$l(J44F%lT@Up4QHsPQ* zjFwgDT5?hnc|5X6{Wb5JT9* zxnV6fgHc#Hxu}`))S&x_d^t4KsM{#MhK@DWWEmFthwl2q%}+X{zxlmi2sQ${@e*R| zZE*Jae&P=4s@J3={?0^KJYy?+?kQ~J597fcj)F7k$(~V+3X!{n96(Lsr#*XV?7cP( zX)$)Z_;cR+f@h-)3PPUjgd)!e-)igb2b_(A?&CVA9dtNkpE=*eBj-2{)xGPY&(CiJ z__?epVLwa;_7+p8r6Ia!60F@;vmt+>M}nZc)eb9=eJ3I!`i{BwmkEB#HH=*6Tro*uYuk(5jd{=vPFJA4=w#3WBdLmlI9#)$IL?6cq zmNF3+yr&i z2=np9-~CLu;}eqkE}m6?&#u}t13Ba<<3&X?P0Ct0UzhImJH<0u?6re65E1kHwvZMJ z^*Th6#tti3gX3{AH6BH6Mw3$*O{~SVtjM-4>nE|#XOQ*l*Z;5aB<2C zgu>VRg*eaSe5P8-~pcIay8RNncsN) z7*9Mcp^b`WbUg_AWVLO6oKC#zJxzQ!jE`n6v`jlAjK8CigCBAy!9;FR}wABL* zKUigD#<`08et#y^C(>WuV+~ga)n4j};h{PT0_e?}IGmhJY{ZgSSZjt2$f-st^A6GC+&X7lWdj4PFG ziNqR30we|zzK&WbrX8#83l(B&mF4` zzSIuqB+{iUaZyG@-=_*w^zB%(tX{(V3Z5TfS2ShNKT(Jl*~GNiC{L^otW*l#-6$Y& zFlw7K$GKfXLYqpF-@3h(No9TN;;ows&=cW^bQ+$!vDDaUU$C2s| z!T2#>|NF7TqRvH6URtQJcU^)XhPI({5W#d zMsHZJbXS^xXte>VZQSa%!%iQ1L$i=D>CoXMK~)5gj`$D5!2K!eL--M?#le&h!jEJ> zKT}YIgJi}%FMh?79N3>pM0=RDih6V)LF6c?NYulO&wT`mR8opeN6_n*XJXLB*A*A~ zB7|#yhejH2!YyQ;UG&&@d?S$d#n84wuCj#jR470R%s%++;lKzRXqvd+Eo|t!m3vv~ zZMie&N6~&PsH?BSDm^9S8$zY|a8CEIJk-d0c^&R@>q1K-#t<3fLw*JbV(#8f830A_ zdc5E2J23pztX1uy(f?%|)h{{R{r$10%T)#c4U5M&KaD_RR=D*94B9ZS zv@NAu#g0c#Q5g%<+Aq9;nN&&}C>q0`xiT&t$n47Iey7D?tk++QTwN=`Wkx3fLpEV zW1ep&yBS7T>(5-CUKv!E-2kJEsONZxNwZ4BJ2yTlI#anRz7OZKZ0vg6zJ~~JUhuo% zh~71&a$bsIH;oL7h)z%@;NA;4IGNQ(;Bmnz9L0Xup;mG-f8ty7~?TtGKY+%Vq!V#)I5cw>?LUZ};xqB@{Zj!TOY9*`F^xE{U>$z*uuyQL0S9)Fe z@GK#upG?i*e0P(*a{~))l*7-@V{h0!>EvZ1L19y2Q&x|Qb|cEt7)dZP;;ak4p)v;A zEg{xov}!J>b6Ep-r0J;V6kDJ~lx>o}Zi!~tW4ab1IU%-ZcZ(azZ0InVcc#`i?&{5E zoe?}jFnX;KJR@OBNAb(8_vnUPyFtF`^A6wVua;tPkSeCL#Hr52nkNP-opm($P6CXp z9br+k(1e7{xGUnRH->b5X+dj-Zf3+N8^a6(ZzJ&KE+r7;+rl3ao(GdHiCk@Rl6iv_ zZ@WTkeUpAPdR+EkDGdQ+xoJ5qPKkiz)p31K5 z{FBW^>Sf*Dd3HH*$%^a5q=sB7_RCupC7Tyi1T(Joeb9}Xjz!r#SI1&E<9LvAmMN#- z6=X^%i&W`S90#M^ufs)kSK6EW5}{53@~0VR5&tBojpXwi^bMRP8T$CXsYh?TEQ-!C_eP&S)qy7_cSOz%-i6O)hoq-CJ{$!Ped}m&>7F6g z7OB6>c=Lz(G3_b#`K7&Mj zs?x7t=A)3C=zZctnN>?ywyN;f4aN_{9b9t2UI})GU|d`aKE`v33KIWtaWY(b_a?L< z^~HMJF=W-=vt8b&?0|Qo_4>Pc9T%&awirOU=|U_}V-q3a2Za=oU@c~a%M|d%;v02t z$Lp!C;svGMnr4y1a?oh+0}s}0tIddD#aJe9=nxg*c$Jg zXW&e?!eY1XObdlX>wEMw6a>we?y<9F8tN%+x-Feb99tG8ZI->en-hcR#oZQ23p799 z7C6NujijgiE+(qg1*Zarkrr7R1xD}sdYM(|ebLcp-Z{J{uA>*y;Y5IJ^UkZ`KoT5i zTYJ~2_CN5JnmNFYNK!WEUgV}`Su3CEV}|+@zI9CCc&g4f{(|`uEWd%--2(iB0e-!N zL>HJ#s)=3KBy4kG{=&y0u^{`XX79|*ZjvqK7xREoCo zpyJGJyG&iK@(-<+b{WZqV53v1tL(_MQ7IN$k?bU7L? z!=zx?8&gYqZWON9E9DC;ZVu~6_N9%I8&t9iyIdo`exwIqU(cL@z{9Sekepn^6rqU6!Hso!JXMl5eKoNIx zx%kWU;4gR*>P%F31=%U4?}|1gbYed+(RTXsfhQVi8XUlLN}dUMigMspM8a%@TCK!4 z*7fTVbZ-r^x-)lnWip{2uMZxStGJ3W;UE?$`+mh)+M|aW=C?U|xfmE^7cst?FU7sg z=QF)a^_XeDkHC!RQy5A^Hf4>GxD=7e?;J$EX5|tq>>WAXt%U+hzEu?_MV#;6xG z1;x6Xpd13Y6--t}K?Rw&b*oq!FKRoTm{uy4F4dJ3n9OfePce~Y3ku%HOVGrWQ*h?R z3+(Ubi2=8!2<4>kD_TKdjhdn(HL{_zZ3QF?RPB(}_I;9>(+RWn&a- zwe&=)By7+A2A3CtaFPq2b3vAaGsj`ae0{e&vW~*ISyb_Ywpr-zfox@77UNSe^L+X9 zSj(=k6t5jIdgg*alkDa@;}>1fTPotBqXai)TLO$$c3MmkzKbjJ&}`?g0~g#4#k<3E z?=kmAGaOGM!K}be^|KVeY!lL5m0%SpeO{Q^V^SyknlF+b+Y<}Bb@iWq8datP0>v`e znqCsM@NGVAg-$lGN9E-V8MI4q>JT2-q@CzIvo-IvST4{Nc2fMyL#vE06F`pvABkl(;g+oE8>owCSuhFyGY zyfYDo_2ctr3697@k7ab1{;uh;tIQ>~1zF^LF^cymceKIFM#c>K9{|*CjJ<*o<9K<+ zMB1LjGu-=zF*mAbm9&((grR&#Ikon!e&j=WGRY&*eQrCD&7gkoyX9IhX;-7ZUPw;4zY4Yb(88pHYVoi(Sn=BeyehZnqnQ^@ z+Cty&o2^YSL*OV5ZJY8jp~aC6acPh?~$Pf|)*;u1X_-uP8(c4LvDV^8Ix zfZ?t#vHA%loSL@9JDwqcSZXPn5+@9RygKy}p+UFv`gSC@Zn@5#`EuiP7Adw_2))mg zkYVHM0Z<<=kIO1Awa_ZWcp%v8PF0%seaGdfB8M0)?#iz#+aU{^5Zct_1>x#{+V2EA=<_At|V$z$s{&bRZwyd_PA8w@1t3zdf)c&A6qgzOkrs3vsGS{&gh=&YD6RvCF0l+1On-s{+O-91@P1&h(~I!KqN z_kX7`GDq}vb?(t34EdU>AK{(W#?F7^hu1C_nr=qlHeZn#PHYfjZ+Q%V61@O3XO;XR zbk(lHB*|P*l*7}4Xmy42uzT{LMRO-%)I`{Kx_E0=A;qU2#oFa<}XKj(`q7B$v>RFk(8#?6SED~_X`*c=fnM3i+KYLE$DLp z)M1?I7X?LB*dI2(%EkFs1cpSA)LBeFmcw?a2y$|e?wcOgcHRsrL%~@W?p?% z<`f1HqTGbou~bFqi7~$sSB5K^RhEm9&}7f@eP-2x%|oP07aWs#yUI7y2oxW;JpL6L z$J_H6H*?x!AjS0h_C`cSN&me(C{6XX3@RiiUoDxC^uDNFp%cZ&_+AGxo=t2D zmu=QO76sN=zsnoi7W3qqkoT3>tG$kz2v`xb86v_|yfhFZDiThD2YTUHMXf4dBfWuF zQiQ8OURcf;E16D#6}2w+%D(ECO>zj6xfIif7T2L`Pb+FkhWd{Ky+>xO^yxw6{PtC9G;7( zV7que8WF1APp9(H;fTB0qE4}p&gp8CRFWz;C*7h*nvWe_bLvjgv-&_c)@|iC)-E(& z&&#ntoPV^%yo!wx`j9v$lysA#ze6pAqCAR%v@=e1hIvyg@9ix4V<7sfDKI9R*{DT( zNgSk@oT$Pq3yxGtC#gsQrF(j0{5-YzcB~k0!*Vb;e^^gC_da0*WVo8~4PATok?|nu zqpU|y_ujrcqz%R5EtmFs=-t~y3w~CQFs~i9ly`UiNAB~;1!WF{E{(9ISFWUsw>kn| zxCFRbqw!;%9~;IdSL)(??v9MT+`q5Lpv%GBk~j>Zb_dd-RREaT0B<%wlZ7#$tEsD& z7t7A7+=LWhLAxSQ`n8+Q~l_Df;M)4c-_*q*)Sc%tUTan{4xK` z`3HOqdbAxphF1H}Pb+Rp`;`5^Quqd5@WaFEJ@d`XOW$t~p_b_uG>dAtQcJx-&Ef8N9&^0QxWufhW7ppadpsY- zcjB}XE>l+1-HmJHUtN6j$POZlBK+{e{?e+Hh1V+rotX9Jv=fzOol?zt7b|Qd#B8k@H zGmh=^sDuuMImn^C)~wL!;-n&8#b`}|E7|b4Il(Ku{r$TSCf^rM-w;TKD34~syQFfj zquv-i%~{Ei7TG12i7c9p=ze2LMuM0{Ga_Nd(HKlD(jxMl{i(Vm6x`kXtdEpiEn*cM zK-Mrg>b`%Np>Gl`N^tq<0yW)&aLn6fdpB<}g?`z7=g-N4f>MP8n>;e`(XuvEWHhhq zQb|Tv+t2bxZ9Bp&bq{Ny!Lo?E*M{YIP_eo?>1b%!`dwj~$-C-v#VvNjH?CadGo@P8Ki`tHTuFQi7KZr*`|pFM@C1O@dlO!t6#f5jlCKYb{v-Pf0{rFv9rRzh|1j|H wD*qt=o%??c{D;bajo^P!`Ja6L@_d4yQL(UX%j!(|dmoOX>^qqXDU-ne1I_}O@&Et; literal 24820 zcmeF1XH-*5^yq^KC{?9*uUP>Kh~u9e)3E0xNuktjh7>d z$WBskPW@R!@Sc9m@1F8_`6()lWx{NJ($W`MchF>Qlq_KPd&7|CMah0CfKqJkQLR_HB%DS&)6*B5SZpA-sFYWlrV5UrrOT-hWqlDh~)v(AghrpZg+d0 z&-=ETLQ20SI}l6$8;S>~tg`Jx8*bZ>Pm+432MO`KLkrRn@}~Q0cC-W4$1?rwfeUms zN#9}b)6xFj@{>D|lPM_k>4oon%YVx1*}2&>eru@h=>781`<&N5J-@t4dYd)<%H-y1 zdA?s#9JBsltE<@E@{}BBo6-MNes|zTW|oQ5uYJhHS;|Tx?Xuwc&YQmc<+DGJX{0hS zyZG*N{Lf#>Qf_0+02iaf%!sWo!ji$y25$iXTr|%DnjY9bu;Avl)sT^qxsEd{TK%Li zc@-Y9h<{3#ol4j|`6zh&(OO)wUs3{aqNC48=qf2oMmt3KGG?XSZtgyr_#D?I9Z{|M z)mVxvIS!Gez3#+>Vk0P=@q)sAnfw5m7eB$MYa&U0V?7gJGc6 zwoyT7l?C-#T%*rn@?vS?t7RtK+h3E4QDOZ0cQ`xgn#bw8+X&04tYW1wtr^p@Ls(fJ z5EU$G<10G;xi_?HAH0(ZkGxZedZv1iO}Gq=wX?M{AoJP94`ZeCh`D&%NK%!f`YMnu z>R`sW=HwW^8)T0c19zNmg?96L!=}U3P>`xHLZSnFjxmZPr|b^zLr=>g+~ld|h^en| zRdazG;hP7$>_Jrzj+AFS`a+6qhM;#(J=0;=`$9D8#yLZ%|F22}NZo|8!_7wXw zVeMtQu>SGs2lHa&emrlFk2&3EKR2tnaU8S}rJ?Euc^4dSng)E6M`%>^;G;LnW@1b^ zccf_}l^N9n_ZaI=wW;k4>)4_=THbeb1x4cmdpyRPEAYc!U)SpKCgiEVgXV8!4U+66 z)%Z)Cb;aM{A>wvxzx>JLPQc3|I7R1cHk)yLEj>vBjtbi+&%1EVkrWe8Me7Pw)j&1# zBco}2#aE3n%ZrzlgU+HLN@O)vlFH^OQ1}7Trd@}ldE|T-=XMu&*0e16Y?*fCpPsmZ z3aznf7!S>Ioi)r8`qtYVRXJev@q~m&Tj4TJ|LoyZbm)g|ox2w0$p73$H5J6|R19Rg9Q84|~qIxg=dDrGSDv=`q@Xm$?g9}=%aJKK1cVEr3VHQ0K< zn>lU%VZ`=ujK+!2&LGvr$@fo1wwcdYqpN!qbGcR%0CeG&cW(ISJ%)(Q zi7J(07FnWq63UqBdF=CE#w{Y&&YAycv&ud1cnFoqzjCmI7;nT|f1+g%!C1L`YU= zVJ{Yg(XWRk+c)d>AEaUFP&yb5L?OKE1h)|#FJP?Sl^ow5z94@EUAg!$RJ19i^xe%j zwY3bHx{nxL#pH|3^x+7ywB6KKNit~wBj5J z;gS(C!4q>s6Qb_PQ7yr^#&xwZck{J{NtHP~wgfr0FVbVV_7d+tMdgfs`%}iKS zSpYBJRydQ53Fj9(Npi`3n=d;s8XoxoaFiEU7N5fs>`}j9mI!IJ` zk(0yDSNFR?d4TF+^z38dbKp4k5BwN5oUpeZb*k8x)eu~QveO4i3w&SU(u!7W$E6_r zWWl#!l_eRDi&x}_GiiAv^NL)rPrd()OI+oZC3o=zDP$d3w-$f?|BAY@ zLAL&kf&R#AxWlXw?mr&AXfb(Mi6)hBcHZqc?A(42w}RyQrS@fLWJk9Ebx-yx6T%7M zQY}WdL{-7lS>!LnE`zzSnTYMC$bZ#Sfr1nHZP7yT@7aZ@i9&(`PUziveREHVt2H7k zDX9k}0)XDjatk!pIR3qHG3g%O$E5V*NJU*2vuTF$9`l|GTk`xfynVl9dHj^semML| zl;+5%iNk7T*c^>_sE^yIEbSS796$DaW6JW6ddqad*acpB<06tb=kWNqi0F{#Yf{j5 z#iX90)>kf-o9oF*p zAf8ag{>G5UL^aRdwUWU8ty17YIM_8e(6T_z{u71}=8A3;Kncp#YuIPHSgwUd@+TU- zt|Vy$RY#IvH~smf2?3IdC+4)HRq~+cX_cP{I2+vwiPnW1C{VMe7j@nbJ_&k_xfRDe zhmZ=?*8z_3X#PVOHiyMPVZ6mI1|yX(LZ7iwFkL_9K5CY^s}<|=>bJyv9jOnL^?J%) zds{WNMAu#kXY@Y1>?*E#1{2&%$MS$FBbZT5;hE*&oK)P{Hmq3RUlx~hI{L){LZeLN z0{K6-d^?m;CWp7SF}#wzg%4FQ;Yw`YK~No`EE7sP_VwV?Ghw*1`a^%MG$8mV0xaCU zWHEKU3kRzLGB^3?>cHzgJa6RvR9(hh%anMuN3)WI%)d6+Eb>HS5*?a4#&dlP+Q9+^&IT|6*r$L{hHFV%w+hW_#Bc0Xx zrONWMn;nBwyXPF5w>udt_RJ9YCG1pf1-X$bE%mtrQbS$v0aC|vC#Q7Jyp%u)I{x4^W7{!8=4{sRVmZFjcBytA}3f%ki4!3 z&7Pe-p3%P;g(O(cOQ=V;WPBDR&f-dK4-)5cMNyeOeJfmQFZm6$C9C5^oq8!WGoyyS>{w zUP)w+oeawikrxMmnxbCV7NP08j-?#y(6h12ju$63!v>EX^}uVEX2iVVihXM9dWl#CozY?T^>S~~UV;5yzO$+JCOUQDzXfnCM0`%2t|dOz?bbxX}8p%dO< z@DG}05#NSJv_#bvKb)KMtYL?j=yRnr9zWA-Rih)L2Rf~9HBL~qnhdYXu&-(TTAmHl zzwsPtbeHq=ijiNv3rZ^bGwnR)vPScaG~4pI2KPcN|9vx6dzn_Y>2>`Gb)W!Hazkdf zf9e7MV|6{~iXXyYRJMBWlBO$hA^MSygX%W56_6SCqdYgPlP`wska_7v*wj|OL$>Am zA)zhAYo0jgyHgzdVaqCvThLSMYeNkqxq(guks8D@uHubNiG~j`TZQoyaSZK1j6!q+b&SY?P zun$3_X1{e(=CK?+|JUg-Xh04aGP6`?;Y$42J8p(}$UbPCY=gTrQ*@8oaPi;FIViI} z&-8ZljvFv%Tj-XZg1yuT$Ht#>ocXWnK%n>prXEwCpEa^H1@5fl4q9zp@HGQ!XV(ta zlvF(AJkg7*D7oe9)i`CDTN3|b@q1OD2@!M3C}(PCRaVpVE7J?&Bh*|y=?d3FKIl#l zH6Zd#C!Y3x0lI?RP*F05yel&V;%V+vrpUc$&5@mc5h_fTg>_0SX{Vr1{{)KY!RJ5>|%}S zdt^?8JywO1ZOdipecT>8E?!Qj?Oo0Y&ppNmhq&>rTYFn}ZdN@O*7CJ5y)Kh6&HS@db*JxGZPd>gdH*?aqUSI=PC5yq- z$hn#D_vr3wqkBr+m*|hCHZm#$J%agzp6rRP=aL;-Iwts&tcD`7PaQJM<=2%{w!KSd_jJe z4lo~Uow>S|a6P#8AF!CK>f>A>HHx?|<^2X|D*c$smp^9u=pnU1G`3K*f0QKmH&t5Q zH6w%NE8NrE?NVCG&g0{+N6*_j#^|tSD9*Ot3|eaI@oLLy>H^sxe0i4|=pa-A&$LuJ zMLZts#W7h9#v8<-wo?=gRJlr2E-TwU=6oszw)QoKEgP$wkW=OY%6KHHwUdFgX?3L?0 zaQkC`o}`9%)A3`SeIe!>Q=TMb&DQQA#9r#Kyj-IlHlH67ct%nU@j1hjkoPX&HtR5> zzma)&D7}#tVd3yLex!wmv(wS_)$!Mrr*=zF8u!Wl%B{=qSpt6Oe%uzt=#amQ?jQ|m z9<`I7MAV2Bw>;>*7qwCElWZrr*ApGqbRSy0d+$!J=s4zOj?8dqt+sflH#5lihndna0^a=c-F89E=W@bxHx6E@c>)gARs<@KW?YVkmw6q#9Fvn znfG?w0&0XW0tJasuVxEy&bR+ucQgkIm}^;GTdg&Q5;23+8qQeR(Uu{uD~u~2mj0Z2 zezvZs3G7tQrzzTt=R0AP*9Ns7EfxJ{4}c+BZ1llbUN~`WAhr*9cw59XwOZH_2foSb zQO6h)hIO32rn%y6;P+Mk_JP@u#PE^M%eV=9o0Bk&BbPt(PslN?ahc8z;kMthrf^ZG zaTenooqdII!0I5$P*v6?6#kwK7s5>e^Xs%@(E)j)J{>iFuygPd2tQjrK6F7xO6hY> z+&T^x9CjbeausKzQ3+ytX z(${Pl0|xra=i{*|{@@Z|$jNb#=Nm%U*6rVYemM<%dw0Kot}!J??}Cz^Z3N=WA3AGV z1EHo=P=q&MoO7{a->ADCQj-za@}*^I@yEcAMqraAbx+ofBVX@eDO0_f<%CFSn{L$# zaPGtjeJ5kex9$7I5$-m^ZTV%)=Zz%f4=Mh-l3%O3=xQ%{>)1z-%8{mWg$Nw;L$W(a zaaSh4mvuRDgQPfawZrO)qht047(n1Bf|fBA=sQD}t-USZ4IAaF+v>sIUP|E`7es_X z>1gWnFfC?#C5?#E!RYd(v^i^Vy5}{OMRix}dJET}`sBy@m2r}D*LBzvr#Y|`%=tc{)dFVIkIywmUS5-X>g8Qin(b$vZ$>wMiFX6=BQ%yS z>dZH)lSx+NpgyfX_QfJ{SLYly8ed+y?K)8-NZ!VDlLUfB@0vFbVd1Nhgl4qSg&kzP z?wRJvJ3uFAewgIyJTB<7`R_H%XjeKvgc~Oe5pA5rPw)s=SjJ}y1vyEXP;Ae? zs?*IKJK8I%aBISV+4MuPpw{#5$t($Tq85MWwzK2j$5snh3tZ}ZIay`hSRRRylFFkG z-5baG)ja>WM#{4<>?q|rxQW5eYRee&{0^&UMwYrx>gC=p8u)Caf%YU%aAnL77rF13 zjy@OGSf3hs?|Ds&I%YHcSo}?}o`3~f#3P&I5hZ9m}UTjwhdf115q}gYD1HVF$8Nh0YFzzc6O(^@njGw|ivn%X?U2hnK(0 z&ssWZk7I>Y*P~-GzBqU^9A}`HcggACB~MBa4=2EPcl>RY#6PjZiMQ zt(PWPIf4#i3z5&;3L4ct{VZ1no}*I!w=^ zEUNV?z?C_ZDJ4j1e_jbj7#Uu#f0|sfIwA6~G*C#wN!@_0ZWo&+>z%Ze7C&a$X1C|| zioEh*g2%P8W7VO_K%Nl6re5n?wFEEvg1WgL#DoFNyF)+QNNn8fn*0Jg%oJ$!!>b&* z!1kLq!^o1rPoa{hNIcsLZ0}{s;Jp~5^~0vK_Ralil_H3F`_FB`Aq{+s<9b3qs5S~* zdVZ`98K3-2 z9bxD`I8}IX+oLkIYQzB_yfHV9ug99r#JV|=y~mGh4rQ)v)SBR$mR<}?>?+t^)5h4g zR3#1a7U9)9_rco*0yi;!;wLFU{tKAaYgvS&=ZE5uukqs{KYZ=XT;!HF_Kd)EAots( zm*I{Gcbj5OFhtR=8f&}^EiBzEEWi1l$&YwCSMxZnGK18x3PrhC(_8aK6`n6l;Ac*E zvD!;tKq2S&{c#0fj3Ov40{XQE7#*GbEMlR=8w4rU=qqp4o>3_~^g|jTb&-bKsH{F* z&c@5*q5`m0*hI*#pOurV8)7x@OlMlGcluJ( zXt;=~U5h3$Uj;PPTc@^&4f5Z%?9Xk-y~o^Z58V%Y14mWd2W0B7XzcFPuW2|si3QW$)2XvJ z(Je|6W}zl_*-UB~+{J;WXd|1vwp9Pg;CsMFboamxE*L+P7M)T^jo|NHbaU+iD)fL9 zO$5!*uD9WXr}#fx&wNe=Q>LhM?q0=aVa@hNi$&4fxjij{t$DUYcGPynvZ@O* z=~fG|ar3O3a=f}q^2K^USN+m#LKX->60&n0SO=MosuVo@O3cBWiiM|vMyoosA~6bn z34a_;vVlhQFU!$SG5aBNBZlxtkf>?o@caZ~9m|$tqqS5$<{7YBQ*07BT#iQxxGkCPjj11Q|S$2N^kvt53YF{j%c>f=%{M+gR z9Gka##*J_VnAmB0>5!)hPryou(LJ-MVCE|IajWixt6s_ScPAO^Yl}NpN}K&bNyDUs z;GN)t;F{n3?wtdoI^w=`a18L=GRMyMO`#*!kYagXCcG^_rGl3N$G2>~5{P`D#Z7KzPR z%~GSd_Z@-l%UaBkXD5og|KUEQi2~v4#T(sl`*ub7LHKZ$U7Rid zUIVF7r}_l~$jGr$VQXmL9Y~tC5>$LU^L`;-bOT?RF1qe$K7F^_8ra~FT?jW?t?m61 zGm>Ry{|#jZa;9crpnvCgPiHtOX(s%{MSSB>L97%bb{Z2*pCs!;l%s!}+W?U$L3_%r z1kZ|R#LFD;5M#ob8v9fACecbsWoU3MCc3tlA&|Ea66>E^QZj^}K+Z<_jnH5&eW z45^uBTs3n#cC#WMy|T?4=Ifo;wfHT!dRSUh5p89+t=VgQ@Qnq$>T^;7zm|s>tEAh`357-ae8xKz0gl z`?p+DG}QFhTz+$+)(HCWVyZTxNRSdKUWN3UmRV}E^W3w`E3M4${fWu@)*pOSpG6-#KC;cyz#m1jP%K|jY zx{mquGYqhAQJEsr0+ zAL~NAzQSeym*n7L4y3l#8Wv!S+!1-6S3h&`7AJ328Ta#WeGBO@yDDl=y~yCIWBoo^ ziw$@AFZf}q6)-i%< z(eHZx;ps`rf5gai9VOeq2>h}|)|6z3%8SrH^%zW=p@utlYjD&MGmeXwOGkAB&(4=c zU&3xqDxjaRYL>$EEk`v@H+NcEJADx=Wg5a7xBp(NA{C%F?0K!`eg?hAk%YFw*i1I} zR7mCO!?-K#3{7|L)5}KvVuf7k9P<+wH>J`|Ca67&L9UNQO>5X~)dK)O1VT)?W$0hr z&F?{D#>_aFa*~1eT@9M;6+y^wvdj0xNhP#QI>^A}fHXX56&t*dY8huA1r zp0yN;lV!MK&6vm^A;D>OkP=c;`B*LnwpQFj+Zgk=eP)&JWRFqcB98E?2sqd03%!zBspenDYw{zGII|LKu&vxuDH zyxF`6vZ$i&*&J^^!l0rR|B9_Mw^yWyOfQY?v9S+)uDJ8Ju88n|7_xlczZDeFEcO30 zWdE;WborbBi-s46G|r^d;jbm+s=o6ttj_zt=D!Yc$1wV-HJrh}YKxuA^W~^s z=h$-OZ&VqbJxL81{j;2+#r(H*&t@?#oyk*E#%E6i6vaDL)B=8xWZM3T_~XyW;@-(m4Sd4Zo_1$_ebpI}@#FjTryj|w}O9+0RT3WKn$9sBI-^HHCuJ*4v z|4_`T0Nk-OesUe}<70m$^<~*g2$}VIxp4H?EMk40iVH;VQ_y~l6W9VfNUJ6A;HJiTBiMPHbQVVd$m0S^;a% z%a>kZLn0W|-^Puv0dyZ+HkKO8&3CIzINmVrSU>?>cYx65C*Hrl$B3PAPyaOekjDR- z(pK7z(j^rmaNfJECbj;EpkwGNz@PNZm5S@ma6>G_L&Wl=>tU3vZk z2F`v(m-@$Nmobv;Uqy=GSx~2# zN5itcVV;I=Qtdl3=2*RcWm!MQuWtescut*4qtqgG)Ea=rg(gaYqn(dV2I24f!-H!I zS~o%|pri*g74uE!%06CIAC`RV$2FyadvDzS#F~y*o+n}=r=FPvtWnN4q_-@$+tl2s zMa}zUFCG4Xh|g5T9yM&vJ++zYQhT^iSwGorF0PbeDz%={$iRVH+!g*yR_$OD2Bk0{;5CCv@U2lcNYay zr5EXOZ@)&h`lA+HvMEfXPHYZZMo{JfO50N6W&5#5H77C?< zS(SDAmj@QVQdg})T+yjsf#M6Os7rv@ataH|Ct++F`_woMM35lmXbH?2H4Y<$_RKc- zXJy&5Je(IiBi6{~Hat2(zMc`!<9`AG@)TG~+Lf{%gtMXI_~@{t@tejrd{Ccu*%>Lo zoX7b2^lsj4L*3jSTPfpRSLx?lE(IWw(RTNxfei>{^>k90V1xSm{vdCrpuP1y-qjxq zmGetnv5E~^=$Sn9x5P@Ie3h^yLyxjqfUzSh!w@y!JTwblXFvmpb))pR+@nf^Mk(CB z@TsEIxvhbrP%^czt5!FG0qB1nkNL#mszbH=li)e6{@%;BJd|0nxmJs z%%uuv@uCgj;~mleQOH0c?Te}q`?+<>s8es{VoTe(q?hac>*K+V%^EX0Zn;OqlD?bn@HoJW#z-iOwKzDN3Jf%VT8DXZC zu1Lai^LY0NJ0sbc=aZY%aF46adEwid{eBhA4`B{9>0{N1%04QH<2-|SKi(V%NL6Ahxt*Iu`WQxoYJgw zYUM6B&H0VrIFGXPW1}9gpjx398?s(TvF|!!){!tp*r-WO2j-?}$amb6vP>aY7jO5( z)w_8f<)2y3~-D(fN75&{dR6IP2ZGXR>watx|*~ z2Y=DnU4TEGFI4AtxH0Hny+6_&)mB_E6>X)=jH+HNY|JW-XdwltzS&$DhR za}~8MEGrtE(U72~P8?*(uCQ=iD!WOiKnV~NO5Q;Ol^pq%YlWW$Z59wq+{bEzdg#_ z`lyGq@003IX~z;-Zj&ZF3m{eqbk#3MFYUa_ zI?XV>cj#ec(DD0XLkc+OoOfqA?5ET>_#)ncl`c1@>F?vzc)lz6gTNrqRT|(N4||P1 zc5w#Mu0gBBQG0RUIt1VBJV=OP`}5g&t$^K~41@?3=7WGY2*zW?bI zhGZW4j$XAA05~Z#3g}zt#^t^ApSTQ~PjX7{m5FEO|MIWe>7-zxjGbhjj3&-eleK#Q z+~N(Qv%rtg8iHq;Y@BpV$4ybc>Q)8P`pEt=i+6h2dkM8sTcQNZY1)4 zJvMgW>_?( zXDWKMNUM~xrEi($vN*ZT;!DBQzHNS|O`=Oxzb$@_HGX|(`Dj%-X0_9K>sz|>&l9P{ z(ncp_L8t211FLB1l*VaQp~>IwE@4R+xfquPo2P4q47##+zB~@l{^N#Sorq~ubmJG1 zhHA=0WEqYK;1_)I8WiQVM`YPkM1%h&fkMNQxL<=UGN@YqK80V~yg8X>S?2C`I5}c^ zatM%S7+s7EM)xw6hV#um4lz`W2A17vzjtGW>mMEqSb6XDd8OC=q2#o_u9ycL>tnL9 z*evih?-wamAXO=F^P0$#wmH*C1);)Bq0O1&nU?bO@3AnI=i^c|KLn}-$I=*?$7R_= z%zG;u06!mOlf35;=}GZC_`S(Ic-&ccobC7C(JuPj7>QWE1PBJ_H-Gu-w#@_jnrZ|nt|c+Htn{FvR%A5RJ>jv+ ziT|?IQDAZd09nh~p&@zInn+n8ZKiq#+^h*p>UYxIniR}yb0uh0=Nf8j3>H@sO;-%{ zp$7$IbLXW=7SlABto0KUa%?osMbn)|FI0uBQn0eLSJsxQ+&PAPBQs?4bBV_AuBy~K zDpNx)Ye8MG<8-!}Nnh(fCtYUw3a8LH4VId-^a-Su5KPEB<2k~E%=tBtA?p=25`0~# zi4~o<|FywR^9BIW&$eJP5Kf`k>%;jt-Ly6pr&e$F$Rwu@18Gt72LsjV(kl6t)$#B3 z{Wf0iqe_|MXfti|N(|oLvb|B%TS};w_0wY3PX~{zi49e14)4M1?`jnxq%CB90 zZ9b-2NeZml{jrI2R~fu~a_OhM?KVn&u-osm@I^!!q+5m{w~l!kwtG1iat?_J&i%_? zHiXfm3zTcRva00Co%j{NSR9R#qWE#-ZHhUqkQ4MSJe4DcPhG}NRI8%J7^^HLOzTNC zrT4roV#JeUZFsQHbbAY4?#B$SDourpm%Z4E?#1`Tzwt-e=Y2Bcc;luk|A9}5UWlo0 zkIg0cYLh|P2sQ-X%VfIai@7*AIcpE0DiJ_BiL9AmS7u(5N2KSRm=MuCtNxtdq*`i#xBLC&6m7Ha!R*mhe<{Ku zq*9`h)XOwZ)(Y;o$gu67VBu?21o*lRBZxXtJo1BdN+;K2P1KpyDci}b%1`@~*e@Kp zZs49sEgg0Q5SIj*kXzA@l%26veS`CkoJJ7`H9xB*x^JM#1qYi_-v;ipv;~z_{sr_<#QH`rEo=#uL znvv2=XW22wea>55VE!2Q(cUObufw$i@cCX_@aCCJt_YfGZHizukXtH>3^Dnm+4`^Q zvLnZVz;4iN%g*_jqTywwAJ^Mk2lfNEbK#71X&NfxkvmmX=~F@lEuB&D-xu}lBqRA^AZj_Jz?gPxlUbyIB(AXbfP{JP0;+4Qb%^z;7j1ObyE#R&-6t*LI%&64!@oD zEloNI$eFmrxTO&60;3naqEOs$#?!`b!Fp2t99DwXof6AFA2uZED9ns!d;RP2r1YKA z;$)m3Nwv*+Dpb`OS+)8Sq@VU?w}XHE27B<>w1^dz1n8<25X*8A_4FrW%dPV~nXw=3 zeu;>mwS{fBqWdvNJ{*yhI3o?O@dlh#Rz1IWeuUUo`APkT>0f!)8+5-glpVA@Bm9)G z@X_^B~3T;CAC&&;u6F zz@@8&N!1~yTI1%e-OqJ-D}DZTJ+IdMbJ!5~6@4FGz2n}xK>}f9Gmj$0&3nZs0pqv} zwN~O0_wuCVGluTN*Vb2Ta;aU#sbTY%N(VxmOa(okYF(g}@Csu4&nP*(+tlQk!pTF$ zjZZU^>!5`fJ2`ll@$r2{vQe8@{%=fs{8T zHWdr#l~OSa_KZRF8*<+ws2G`!C{)Y%6huev9YbT{uOoX-cfmjGlfBIRPZm>#dsRnlgV%S$R6++Z2mZ#tmAZR!bf{ql(4V@Dub&h_YgEtCkuyvg? z2=||UPeOIVCmxKnah4q%I*=}i=U6wSA-YjEJk(G^Q|PD<7R4X7Y&p8=t~ ze~Am>#KBQrIm2XE`EH(5O`5+a=j^as;S;@YZ|Z7@Jx`i0pu_tL`d?)0untTvcwB;a#ULd2ho;~)dwS$@KX4=5FMMt<*_vpx{GTN=X)f7gMEm?g@!?e<}nHT;+=_V;qS!;sd`xF7M% zn&bz?g!B#Z22>Etp&kx1%-#}_t%R&OsFm75YdyzUXam5zTjWFN&uflprH^}4)Go^dU8!-kC>&-~4@&s#SL*bS3uW3j8H;`{~$eoJ%c>;rMFpT-c*c zJ8S2_@!fD-1^l%z=kg4?%rmUXw>qop3}1El`VA-9PZ`&RvOKpZIkudiLB8=@TAou* z6j=-Kncau5ib&f~L*yC;?I4(KCvkDg(qF{q1`+x8PP!1cW&M7BCG%40(uzsBxE0*67RvC06S9}Z>!J>+gMflhHaC|_lzp} zWl)vG0_HIvW6|_19F6Bi^z!d>TFux}9>272x-xoYhHUs|0FmSj2>+3aO{T()P&evn z=h0v5Q@viF8j>^mi-XZ(=LclxDUrHjZaxN|3MO1e?)ZZbeV1T{&*Ck{TVfsNMe6G1 z+OsTDY-0|oBbXQ!UZSJ!p$|$TG+DEvSJTR=eZA5jU`u8F-Mr~U7g4A|+AD}OzjxfU z>As(7@geYR`IX)Ee(ZpcG{d^ZRj=QsJs@s=SZLAeze57n86!nvE6;noFKnOa!@uTt zGO`6NfX2+DKAc7{D&pGi=2W1@PW;1t?S3^Z%{RCN%~vyfh1l=S|NJD?C0aeJ+*;M5 zXTyg&U)b(1npD2rTeTDsT#IWb~ zh^IcboJOvH&QNg2q`k5RmPrHG9IV|Gl+ZWpyz^csLS=^js0yWQ*UPl)vLMQOlpu?B z&yL2KfB}i|RER6$vBfcIW>dxqGzwR6*N6?iRZx4=pj+t0WNYE~uxzo{Q!L@Wyv;(i z*{h%Wip*(v3vl5ff)oiy$VpjzJ zwUQhfNuL0CO80Ag_lJ>;m_K#ZnoLO+laKnLR?B3Iwj+3IK7Es+B)7dH$fX2r6lx!C zRMsu}vS|Oo;dqBl2|MOn;#|ktevA-b`|;_hSGM+|X_`7(e`&Y-REw zZWI{YvUiC$I;;x1`}%|h7b6<@ZQHNBC0f=xa^7OcMVYqNu;EeUv|2;gi^%1umvD{% zBYfo}rDiMfw%yrxp|7_k!b5Wmc~rZ7MBgg$l9YY!>$(W^%MpQpI>gihA4)w)(1iSy zKHeT@aI#pV;{#%v-?Y1_;cO3y@c#5KegS=-g-2@B(E~*7V2iZDOE(PH6_WdS-VW}2 zxXd=cd|KgGo=^zh>St(-&GM7&WIW+8EK@m=f3^{PJneH?>6_U{(wSb&R@C#BAdB_H zP)m*{IScGwvUSD1c1n;=mKTvE>^4Kb<5B74@}xm?t?#tlVCi~0Emts|MQ2^cA|?H6 zq4U#z6Zv8gISkEKTUX}fU)Aa=|C{0;xW&;k_^c~z?886R2b>LQGGZ4=zv}$Qivy7Q z8k`}Tdydd__FUUh8## z&e|MlnVt_STx|kxv$$)7xprU|4rUf*K2%1GmXI6^no}eghS)PLcY;uUzk+c~Thu4O zkW;9o>kk!t7?%I(L3Pgd*tC7iQzkpO++N6pkL`1-Hj?^qUvW;z(LrHW`O8JO=bufV zHlDMe{>q!fhG=l9O5+07Q5eMfT%B6KHOHG00!#3hzE^G+LC@`IB56ddHW4=qWSWV^ z`46AB_P%dB2t>M0Qb{keDM_|}389-oubSx95JXzf=Qb4ToTq*kgw9>?I_yqgh@GFd zK*-R#+Y9_@U<%CXP}FDkE4cP9V1^JVX7>OVtr*Aw;g$^BNt}Imgp28rs^zw_%h-A* z6AA-2B0+J_z;s!;H@Xi91!otPgzM~p+I?F@@#b3s{EYO{@W;zeOd!%_0a*f89R33@ zEpfd|2}%1O>x2gj6p)FhE_Rhhi`mPasy>>*)6S~0v!CwbKZr=QZ1|+gd#`pCaR2Bi z(#7nt4)1)oo0#y1+9v=Av32JKG0cZgWHbwhp9UKSu~Y|2&PEkgFe9aBCMzEI+qII3 zEUgL6(J3@)z8G6@OF%~UvkEZgz&u?)lWhg!*tpW-dQY*w@p0bua=am7;jHrhN+bUQ zzoO;*V}fUEI$c-ih&Rhbp1mPS_-qx~8}{RhMitbl-uJ=J4X(^6O?#WVyX4kW^58aH zk{oq0r|=Qp;+TGt-kZ#C&f1dR%c7pevNO94S`^Xm-p;1A<*;|?`GRZs*FFJCxG+)1 z+Cg9W>MJI~FNoQzE@ES~5hXN0jtjgy56eBsK&nVDp?4B`kq`(?klqO)giw^;qyz{A zF6X=Bj&c8i`*!!!eppX?>^;WXYtH%0!2S273ujR*_k~2UqE`tip5i0WcV$9z%7QaGbh+uU!LgJpFORPzgW7!Lj}B+3=~& zkDj}o(^Dg#t57apGXaN7>x8-`5R!94V4J@FD4KEJd;bx+fze8?LHLzyH*!^5!TcTL zH!f;u0h|S1!96#+Ts0r`BSuO|Io{QR=!VFtYRR^Ci3LkJc`3&QU6<(wG{&P3+V)tW z2L+NT6;2enn>Z@oS>~sh=HX~p`n_3Eo_^M9yqq3bf4_qkrpwm-ajG{iO7=VYVlPfE zpaLUFXrKpQ2<_RZC81W=3k7d1xlO{T9=;f<;&h_EwKU9qJfFl^j^?n=q;U%f`c+bF z-4y2~CV6Vh>B*JrOw&IyjvKb|MLDR?G=n`ynZx=4gzOfEqCNTA#zoYFs^~g%vw@13 zAFTuNQP#ESuXLFTe#vng@oH+ENo z8R?q~w{KS8urrK6I(O;J=T7uNLy6m|WdlRFdg4F@pv*ixZ%e>jE4nkcc z^`fhx22rl*f~r*ue33Rx4Z|4)VocaFFAU68Doy#?MAfPiomCbph{Q2Cp*mo`Sng!U z_+7zPgA?bIs}5}a3|`y(tO_(8L?UQtbzgK3?&^Nx?f;o(277aKP<>nx6aSg+qu^e` zb;Ev;skbpo)~GN45xu7gdU;UWjZW-jJan$6D3r%Yb3nih**s775_)FX@mEgShAH9o zq`=z8))gq~jxbi@L7cJlq6?cFj78_8yA{0Id!Kx;jMmq!ROaAQb%f4%_jJg`9kSk( zKjUZb_9!Or*sbo2WZOZ{Tk8SFitTwX^bBVpw09wONJ`>tnPgWIO$qjvdI<;{wL4js z_clrY0ebsB;l1LF0#i0gfARLQRiZi)oaD-jLkOAjye~ZIYoN6)4%ZRRp>km_6K#je zFZ*^9R}oP#08CM)?mm*jr)xUcFeE6qoY<0TztxS zkIxirR}}I*vF<3B|&ofeL~?9fG9{AgnL3t_?w zkN6)tDpmrfz1~w)Ih#O9MfVhPR+T0F7?`vjJbAp+8EI3=d%MH~B-1p$Mk4E=-PzeX zCnC;*C#RQIX-j^~ui{*b7ksxV6E%w}YO>1Ae3jaC@FICQ+)^V^@}=YO4PfMuf^ywf z$m2if(Vg#)5s|!KV2`rtn=Z~FHaor-0SL9WwbS}fx+96HFIo>iUq0Ll95Y`IFiB~( zMn4}Uump$T#xQ<=h z+Ux28{0UM#o~(mS4`Q<%#1kN4;S-JGaq-FZGX`*_UcR&(5O+tjKqdIuGpFIH(L zZQi+aA13j}MWQ5A>sgCx%u{71bE|Jaq<29k1AEI3Yv}};5Zde)qHmdcR@`&lBYYYr zc{PeA4$#ZYOO8_lV9Q9=jd}162@}4m?Bj0(tg-Qkp&XUz4ehw83yCRwLK6 zOzqIi$GLeU1|9s=FxEm0*}CQYq_e3dZk8`wo)mJzalj-(U!oES4vdj&H1Y8=xm-fn z?0QrzjjU*g8`8O(M9gcr!^4=};8@x!TK&>G58?ge3+M1$rgG(Qu0XP7m0D~Y zS7P&@-Ao!VRW_2`zi#kQGeUfWLOFe?RO{+xLZ^*dEJ&QCXdR&62&A3N#e%n znT|Ua3Fcp`7LK|+f?h6qD>`H86^4;U6Kmwqv~TC{vZOINc#yux1gFvMX%I22wWL;y znH+QJiyCu0ZWVGSZ_7C!Gm_iT5BQp098p0Ab6V@@0U{z(9QRw_3DJ%t7I6d2!#z7n z+SrFLj*Y>F=la_uB%F8D3lHg}rK>U}*z}v%F424WCJrt70>-8Hs~%YLgOx5FKC8uA z4L1vwUspQxn-MO)*d1n~mhch%b(C-gJECmfy}K^wHUiu^nrC-|aT{HBrFJbv?8Hh} z9&(!QbvQ=OH2eHA$bsuv|D;U_L_eC3uB%FGNWf~u7YT}WPWb)k;5ThKdD`YIfJcrYS+bL|Fpja`kO{BkX1ug`7*qs zFtkUSfZaVc!0Rwyq9{KVb(pT|)wvl0=V_Q3#v**rE2HhYCBVV(qEyFohasT#zaOqQFFPhLqZ4;a)V>^^dEEKsI;V0pA1&(z z17M|do!n#g9T~r56CCR~T31)0XQ!t1V22Z8bla`A%TUK>oXW!q^ibjRIjAKMcb6FI zqIk}Ea-^FN2Gi7(+0M4A&A)$lo%D(^=-7Vj?UddtU$M7puhAE{=^)=k0hd_ppFY0r z4;0dJO}+Z7R_`OvQpA{WBT%37Gn8V`-5{}xIcAp6VJ&IOiM%Dq)vwgP2;M`@Tazhk zbNB#~dIa@mees^UEQqlr=u#t;Hz!|c#pmHrK<}dZkzRV@!*<; z5V?XHhcWb^$!aDTHCgPG>qexACO95$7Dq!ugTKnbwK0pO@MqirT$O&8gU_EZ4tn!l0a?^G&Qhrc+@ z1%Oz?9x8x3q%xmN0E}+%s))R8JmrPkU2!Nb#m_0+PO3CR_qjnVW$hYrjxykGAnJY6 zTd#cn4n}<=Z>jCD)a~yE#thead|&XqJY7gL5vU41Y!$U6HslsxZj+qE3*36p>?1eY z3ejS1Ii-Z-5C)b9a#B{-fW2uRcq2GAQ#myn1=z)>?!v}e1`LC^XHJOJQki$m3*hB*L5#VO{**U zeP{sLmpOKg4OHCpvTku?YsQ_HzURgSLVWMRNuw&zg7KBR$#JMUt#0ITFp?$AE9D~f z41gUhU{&8+9`XJYKJd@QhrvUr2co>C102O>zTv_1Mh7+-Q5-da^)mP?e9fn{z^I90 zW)S0f@?()74O$Hq+5(o? zvA4J<`>@3yWGywD$|YNz#-N&sdi|Ma9M$u^WA458opV7#_o6=!iG8#}wfVU6_^;{P?65SAdNX$1%8<&K3qX0~EsC zgXk3@ERW1fi?fB#;>%i9#>c4v)^%c51zoo$1q(3n4qukC@o9}(Vg9nZ&Dhk``?suj zCkG2cx7PhXD9+cYPO9(K3QDSz6_pzq2RC+54xi0i`m}1F7LPyY&5{~*$q*IX@=Y~O zpq3?h?3`^Hv#^_iOT6AtJ{t3=wVM``xzU)L1sF6HsG>dtURX)=C0!RJ{eU*g+?;H% z*OVl$+N*CvxIrv_DN}k<&4$H-r3refAJ25p{pWVf?V1YE?mh*S)b#gE7GDn7zfz@D z1o|yMzU0)Uc>)AJHeQr0O1>R*=WOD{A8Pnussboe;!Hbhx%29EYl|9s%tQMqlOt3h6ZY6v=FFB^(r2#iERntw4ZAdvTcU*$ zeC`nd)f*uFj3#^;jm;%#qt&A|uaGg)a6Vb{a)sJvYI&fG(0W>24IQ)3AI~y*yce4Ir-P|nffY%E5c&F+l_4h<}Y&>EG4ol)f=>%+z**?)I_> zf!~F?2kh9D+EpF6j!N$M#~zf>u%Fds&So{BIihjpCts=P=)nTZPDhnsaTj#^k2Uw}?=$ z3_lg$a`%FnS_SfH>y?P0J7^2xGB3_Iz5G|nlDf~gM5CxAikW!ZEq~WcQckCXuWDKD4~%2u62Yi;5u_G(mK7YH%(B ziPX&5nRG9Ii!^0RCNo$4nV8$wU1?mD`NA&wp6tp+eFPDn=t?=7S#@bR-;(CE=IAwu_^Bn>R;xxdO!8|MQMd!#E62aI+# z-~tV;btCC^+LRAEn8}<*_LSd}RoPaARqS54KUYP2PgHWYv>6l~>|Yq74Nv5~g?dtG zl%k>{!Oz01E%jg5#J7mqU)u>Xwx}v!cMu}Y9j5i`Rr_S-gC}a~H?Es2{@E^J?2)=T z5e(lj!+KA*;^K^v=Hn{`ZG4y3l1p@LtS&8Pscz3$(`qQ;L&L+?7g2lPMtHfeanfnI znI2d$JfAgND&7?rbgYB3S!_3@jj=r)fhh6|OPaM6ZGvn!xE>7*W-#1qQzGKekCK}{ zm6YZpXt<3c?)l6p9A|_uDX$XYvBvJtG@qv6NePbyiF|hWA{F3z>^1x~s|;-=A+P$f zA!>g^>7Qd|#gR2nI+^u3*~M>+b@|!Z>1wO+r}+obe@b##(PHyOmq_W)_M~SR=x(;Z zL{s@YP{!vE-g4O6{y7_LqKoLPeQq!@AyZQTgbLStj>TYUHyH{Cz#HC5Eq{4y*-HYV zekC(Xxu6$a%VRUWQ}n|qi>8kXJcx>lbJn9B(+ta|*t7BWLZ|9AMWw6XwCeXV$u<5L zjXbZYxAtr0#ue`RtQFTDbY3R;oCAj&ho*&f#6VaxSy^-LuUO>rVe5#OTEe<2zLt|( zCuwYaNDt;MKOJ-EXpB&(id++{aS&2p^|LgxkQ3AFz}zlxk#^B;G@og21*ek=6HUX!!$&mABN@Ve{7y3`*Wh3If{*lvT6_7dMyLLgN^Wg9U z-PP%C1NDn9WiEFnka|I*%aUKD-$ccWC$G#8O?Tn1D+EHmsnN=g!i|+kzBRg!K@c6> zhZ)SzKk2Mok*m}a=bp}IXLlatyU2guWk0G->P(?|HR03U?`;-$pY7wcXOgP~{%bsi z2Bmpten^C9)Qp^cSd6Q4!b`3-!P&N6I<<9M6@`b_lgCwX$VChkQ) zFnWHcGGtCuR9a>FcUy%~n_WWVx{GH(CDt}wL4Ex!rFCpmR2-Sk@Zpp(>U85kd_kh7 ztOoHoBE8ba=Vqp0HVE?^Yj+AR#jR@9$@EM30;A_wYsrp1!CBkwV}SQx-Lq2D-?`hi z7H{zw^S`t%ha>{=ri~FK+MqAd)}3~%l{B6j7Yp3VjKP7qT{OvlihqIi18;Y|f*4ab zM>LEyt8$NkF4F=0Mu4uA)TAj^wYn{<_X9Oc_x!_Pu1U)X05XQ^H)!&t>t_>|%L-iS@%z-Q8eirypY_93-|ji) z(XSZbS-3fXvyf++BS_0)+YUzRM+Sk-9x~ zi;j!93|k^{hr2=J9&gwhNRzF=F)AlE%DBH5qEX-$A`;FQ;Tp)LB$$lc*atB1PcfM^ zY<^oGExYffPK zdbd$h)5m?8&&{gWdOOEPEP0Gn{q;ba!r$|I^}(M7d^c$L4&{0sAfeKxgm&G%8R9nG zcx0`-RJuLR!TjcGf`hElu*KMNRr+^fQA(mBZv7PGC@2zEhsNnRpDkaiihpzYjVytR z0LS7wJ)Pc7-dx~dR`~`OY-J3T78Iza%w;r)cs4M#A*^46IGudITjUQhOMRx8S2)m- zF&lEd-F+X+r%9}&k7ml2U^%8>fy~H?>xlKOOdnu$scwPQGT49bSG=gaH~wKiA4Qv zg8kxlkvM%*f2G}r%p<;KXK=??{DI65)!Pj3{mZ^uC8}t)63C{bMW9}o!eo=maT#H& zyj?N);$KLB_kmvV3p06ZX|DPgS%>lzUGN==+ne@8t}C~Qs785?q825Gs|xN}NR0Ov zO|it6{vZcar}fN{J6Pl%PTc8lI*GN_E%_#WVl^Bfb zmbhRdwM!uHEk&T2ZM~olRhykc`?yPP7kERjJ-{Fed#xb+DzNs>3AIn#)RU`jdL?5S zSR)t3mI;^Zg|d=iH1B>L-VN645$I)A%C;a%C@NO1L3Dxj77_(kUs5J!MEx3*?pMh~ zI!p*&yC?RzAXuj1GOSx~ z8pA_*512$_)t^0Z279AH8u4XMB1B^Q=)F&#Uiel9JUpIzeYUndo^+ik|2l)vL>XGa4n7c Date: Thu, 23 Apr 2026 09:15:18 +0200 Subject: [PATCH 2/5] Try new pkg --- .github/workflows/release.yml | 7 ++++++- Cargo.lock | 4 ++-- freebsd/defguard-gateway | 5 ++--- linux/defguard-gateway.service | 6 +++++- linux/postrm | 6 ++++++ linux/preinst | 8 ++++++++ 6 files changed, 29 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1fab390e..e2049e2c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,6 +1,8 @@ name: Publish on: push: + branches: + - pkg tags: - v*.*.* @@ -55,6 +57,8 @@ jobs: with: draft: true generate_release_notes: true + release_name: pkg + tag_name: pkg create-sbom: needs: @@ -75,7 +79,8 @@ jobs: # Store the version, stripping any v-prefix - name: Write release version run: | - VERSION=${GITHUB_REF_NAME#v} + # VERSION=${GITHUB_REF_NAME#v} + VERSION=2.0.0 echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV diff --git a/Cargo.lock b/Cargo.lock index cf2bf454..b200ac53 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2349,9 +2349,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.38" +version = "0.23.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21" +checksum = "7c2c118cb077cca2822033836dfb1b975355dfb784b5e8da48f7b6c5db74e60e" dependencies = [ "log", "once_cell", diff --git a/freebsd/defguard-gateway b/freebsd/defguard-gateway index cb05f5b0..6349f103 100755 --- a/freebsd/defguard-gateway +++ b/freebsd/defguard-gateway @@ -12,9 +12,8 @@ command="/usr/local/sbin/defguard-gateway" config="/etc/defguard/gateway.toml" start_cmd="${name}_start" -defguard_gateway_start() -{ - ${command} --config ${config} & +defguard_gateway_start() { + ${command} --config ${config} & } load_rc_config $name diff --git a/linux/defguard-gateway.service b/linux/defguard-gateway.service index c71f6838..dac125e0 100644 --- a/linux/defguard-gateway.service +++ b/linux/defguard-gateway.service @@ -1,10 +1,14 @@ [Unit] Description=Defguard Gateway service -Documentation=https://defguard.gitbook.io/defguard/ +Documentation=https://docs.defguard.net/ Wants=network-online.target After=network-online.target [Service] +User=defguard +Group=defguard +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW ExecReload=/bin/kill -HUP $MAINPID ExecStart=/usr/sbin/defguard-gateway --config /etc/defguard/gateway.toml KillMode=process diff --git a/linux/postrm b/linux/postrm index 4bda8895..2b473f8a 100644 --- a/linux/postrm +++ b/linux/postrm @@ -1,6 +1,12 @@ #!/bin/sh set -e +USERNAME=defguard + if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl --quiet daemon-reload || true fi + +if id -u ${USERNAME} >/dev/null 2>&1; then + echo "If no longer needed, remove ${USERNAME} manually: userdel ${USERNAME}" +fi diff --git a/linux/preinst b/linux/preinst index 345c1dfd..6cc33233 100755 --- a/linux/preinst +++ b/linux/preinst @@ -1,4 +1,12 @@ #!/bin/sh set -e +USERNAME=defguard + +if ! id -u ${USERNAME} >/dev/null 2>&1; then + useradd --system --user-group --no-create-home ${USERNAME} +fi + +mkdir -p /etc/defguard +chown -R ${USERNAME}:${USERNAME} /etc/defguard chmod 750 /etc/defguard From 40b7eeb416db830ded98e74a815d2d8b3662019d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Thu, 23 Apr 2026 10:08:44 +0200 Subject: [PATCH 3/5] exec path --- example-config.toml | 5 ++--- freebsd/defguard-gateway | 2 +- linux/defguard-gateway.service | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/example-config.toml b/example-config.toml index f5f0005b..d635c010 100644 --- a/example-config.toml +++ b/example-config.toml @@ -3,7 +3,7 @@ # Required: use userspace WireGuard implementation (e.g. wireguard-go) userspace = false -# Required: how often should interface stat updates be sent to defguard server (in seconds) +# Required: how often should interface stat updates be sent to Defguard Core (in seconds) stats_period = 60 # Required: name of WireGuard interface ifname = "wg0" @@ -26,14 +26,13 @@ syslog_socket = "/var/run/log" # Example: Add a default route after WireGuard interface is up: #post_up = "/path/to/ip route add default via 192.168.1.1 dev wg0" - # Optional: Command which will be run before bringing interface down # Example: Remove WireGuard-related firewall rules before interface is taken down: #pre_down = "/path/to/iptables -D INPUT -i wg0 -j ACCEPT" # Optional: Command which will be run after bringing interface down # Example: Remove the default route after WireGuard interface is down: -#post_down = "/pat/to/ip route del default via 192.168.1.1 dev wg0" +#post_down = "/path/to/ip route del default via 192.168.1.1 dev wg0" # A HTTP port that will expose the REST HTTP gateway health status # STATUS CODES: diff --git a/freebsd/defguard-gateway b/freebsd/defguard-gateway index 6349f103..0c097631 100755 --- a/freebsd/defguard-gateway +++ b/freebsd/defguard-gateway @@ -8,7 +8,7 @@ name="defguard_gateway" rcvar=defguard_gateway_enable -command="/usr/local/sbin/defguard-gateway" +command="/usr/local/bin/defguard-gateway" config="/etc/defguard/gateway.toml" start_cmd="${name}_start" diff --git a/linux/defguard-gateway.service b/linux/defguard-gateway.service index dac125e0..27561aeb 100644 --- a/linux/defguard-gateway.service +++ b/linux/defguard-gateway.service @@ -10,7 +10,7 @@ Group=defguard AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW ExecReload=/bin/kill -HUP $MAINPID -ExecStart=/usr/sbin/defguard-gateway --config /etc/defguard/gateway.toml +ExecStart=/usr/bin/defguard-gateway --config /etc/defguard/gateway.toml KillMode=process KillSignal=SIGINT LimitNOFILE=65536 From d1c45ed7b09433ef93b002905429c47047b58b94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Thu, 23 Apr 2026 10:27:29 +0200 Subject: [PATCH 4/5] .fpm --- .fpm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.fpm b/.fpm index f47aeb87..def9b546 100644 --- a/.fpm +++ b/.fpm @@ -1,6 +1,6 @@ -s dir --name defguard-gateway ---description "Defguard VPN gateway service" +--description "Defguard Gateway service" --url "https://defguard.net/" --maintainer "Defguard" ---config-files /etc/defguard/gateway.toml.sample +--config-files /etc/defguard/gateway.toml From 52efa9299024db5c74389060ef9c07570a2da7be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Thu, 23 Apr 2026 10:51:50 +0200 Subject: [PATCH 5/5] final touch --- .github/workflows/release.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 822ce624..bd7a8705 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,6 @@ name: Publish on: push: - branches: - - pkg tags: - v*.*.* @@ -57,8 +55,6 @@ jobs: with: draft: true generate_release_notes: true - release_name: pkg - tag_name: pkg create-sbom: needs: @@ -79,8 +75,7 @@ jobs: # Store the version, stripping any v-prefix - name: Write release version run: | - # VERSION=${GITHUB_REF_NAME#v} - VERSION=2.0.0 + VERSION=${GITHUB_REF_NAME#v} echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV